4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2005-2007 CodeSourcery
6 * Copyright (c) 2007 OpenedHand, Ltd.
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu/osdep.h"
24 #include "internals.h"
25 #include "disas/disas.h"
26 #include "exec/exec-all.h"
28 #include "tcg-op-gvec.h"
30 #include "qemu/bitops.h"
32 #include "hw/semihosting/semihost.h"
34 #include "exec/helper-proto.h"
35 #include "exec/helper-gen.h"
37 #include "trace-tcg.h"
41 #define ENABLE_ARCH_4T arm_dc_feature(s, ARM_FEATURE_V4T)
42 #define ENABLE_ARCH_5 arm_dc_feature(s, ARM_FEATURE_V5)
43 /* currently all emulated v5 cores are also v5TE, so don't bother */
44 #define ENABLE_ARCH_5TE arm_dc_feature(s, ARM_FEATURE_V5)
45 #define ENABLE_ARCH_5J dc_isar_feature(jazelle, s)
46 #define ENABLE_ARCH_6 arm_dc_feature(s, ARM_FEATURE_V6)
47 #define ENABLE_ARCH_6K arm_dc_feature(s, ARM_FEATURE_V6K)
48 #define ENABLE_ARCH_6T2 arm_dc_feature(s, ARM_FEATURE_THUMB2)
49 #define ENABLE_ARCH_7 arm_dc_feature(s, ARM_FEATURE_V7)
50 #define ENABLE_ARCH_8 arm_dc_feature(s, ARM_FEATURE_V8)
52 #define ARCH(x) do { if (!ENABLE_ARCH_##x) goto illegal_op; } while(0)
54 #include "translate.h"
56 #if defined(CONFIG_USER_ONLY)
59 #define IS_USER(s) (s->user)
62 /* We reuse the same 64-bit temporaries for efficiency. */
63 static TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
64 static TCGv_i32 cpu_R[16];
65 TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF;
66 TCGv_i64 cpu_exclusive_addr;
67 TCGv_i64 cpu_exclusive_val;
69 #include "exec/gen-icount.h"
71 static const char * const regnames[] =
72 { "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
73 "r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" };
75 /* Function prototypes for gen_ functions calling Neon helpers. */
76 typedef void NeonGenThreeOpEnvFn(TCGv_i32, TCGv_env, TCGv_i32,
78 /* Function prototypes for gen_ functions for fix point conversions */
79 typedef void VFPGenFixPointFn(TCGv_i32, TCGv_i32, TCGv_i32, TCGv_ptr);
81 /* initialize TCG globals. */
82 void arm_translate_init(void)
86 for (i = 0; i < 16; i++) {
87 cpu_R[i] = tcg_global_mem_new_i32(cpu_env,
88 offsetof(CPUARMState, regs[i]),
91 cpu_CF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, CF), "CF");
92 cpu_NF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, NF), "NF");
93 cpu_VF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, VF), "VF");
94 cpu_ZF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, ZF), "ZF");
96 cpu_exclusive_addr = tcg_global_mem_new_i64(cpu_env,
97 offsetof(CPUARMState, exclusive_addr), "exclusive_addr");
98 cpu_exclusive_val = tcg_global_mem_new_i64(cpu_env,
99 offsetof(CPUARMState, exclusive_val), "exclusive_val");
101 a64_translate_init();
104 /* Flags for the disas_set_da_iss info argument:
105 * lower bits hold the Rt register number, higher bits are flags.
107 typedef enum ISSInfo {
110 ISSInvalid = (1 << 5),
111 ISSIsAcqRel = (1 << 6),
112 ISSIsWrite = (1 << 7),
113 ISSIs16Bit = (1 << 8),
116 /* Save the syndrome information for a Data Abort */
117 static void disas_set_da_iss(DisasContext *s, MemOp memop, ISSInfo issinfo)
120 int sas = memop & MO_SIZE;
121 bool sse = memop & MO_SIGN;
122 bool is_acqrel = issinfo & ISSIsAcqRel;
123 bool is_write = issinfo & ISSIsWrite;
124 bool is_16bit = issinfo & ISSIs16Bit;
125 int srt = issinfo & ISSRegMask;
127 if (issinfo & ISSInvalid) {
128 /* Some callsites want to conditionally provide ISS info,
129 * eg "only if this was not a writeback"
135 /* For AArch32, insns where the src/dest is R15 never generate
136 * ISS information. Catching that here saves checking at all
142 syn = syn_data_abort_with_iss(0, sas, sse, srt, 0, is_acqrel,
143 0, 0, 0, is_write, 0, is_16bit);
144 disas_set_insn_syndrome(s, syn);
147 static inline int get_a32_user_mem_index(DisasContext *s)
149 /* Return the core mmu_idx to use for A32/T32 "unprivileged load/store"
151 * if PL2, UNPREDICTABLE (we choose to implement as if PL0)
152 * otherwise, access as if at PL0.
154 switch (s->mmu_idx) {
155 case ARMMMUIdx_S1E2: /* this one is UNPREDICTABLE */
156 case ARMMMUIdx_S12NSE0:
157 case ARMMMUIdx_S12NSE1:
158 return arm_to_core_mmu_idx(ARMMMUIdx_S12NSE0);
160 case ARMMMUIdx_S1SE0:
161 case ARMMMUIdx_S1SE1:
162 return arm_to_core_mmu_idx(ARMMMUIdx_S1SE0);
163 case ARMMMUIdx_MUser:
164 case ARMMMUIdx_MPriv:
165 return arm_to_core_mmu_idx(ARMMMUIdx_MUser);
166 case ARMMMUIdx_MUserNegPri:
167 case ARMMMUIdx_MPrivNegPri:
168 return arm_to_core_mmu_idx(ARMMMUIdx_MUserNegPri);
169 case ARMMMUIdx_MSUser:
170 case ARMMMUIdx_MSPriv:
171 return arm_to_core_mmu_idx(ARMMMUIdx_MSUser);
172 case ARMMMUIdx_MSUserNegPri:
173 case ARMMMUIdx_MSPrivNegPri:
174 return arm_to_core_mmu_idx(ARMMMUIdx_MSUserNegPri);
177 g_assert_not_reached();
181 static inline TCGv_i32 load_cpu_offset(int offset)
183 TCGv_i32 tmp = tcg_temp_new_i32();
184 tcg_gen_ld_i32(tmp, cpu_env, offset);
188 #define load_cpu_field(name) load_cpu_offset(offsetof(CPUARMState, name))
190 static inline void store_cpu_offset(TCGv_i32 var, int offset)
192 tcg_gen_st_i32(var, cpu_env, offset);
193 tcg_temp_free_i32(var);
196 #define store_cpu_field(var, name) \
197 store_cpu_offset(var, offsetof(CPUARMState, name))
199 /* The architectural value of PC. */
200 static uint32_t read_pc(DisasContext *s)
202 return s->pc_curr + (s->thumb ? 4 : 8);
205 /* Set a variable to the value of a CPU register. */
206 static void load_reg_var(DisasContext *s, TCGv_i32 var, int reg)
209 tcg_gen_movi_i32(var, read_pc(s));
211 tcg_gen_mov_i32(var, cpu_R[reg]);
215 /* Create a new temporary and set it to the value of a CPU register. */
216 static inline TCGv_i32 load_reg(DisasContext *s, int reg)
218 TCGv_i32 tmp = tcg_temp_new_i32();
219 load_reg_var(s, tmp, reg);
224 * Create a new temp, REG + OFS, except PC is ALIGN(PC, 4).
225 * This is used for load/store for which use of PC implies (literal),
226 * or ADD that implies ADR.
228 static TCGv_i32 add_reg_for_lit(DisasContext *s, int reg, int ofs)
230 TCGv_i32 tmp = tcg_temp_new_i32();
233 tcg_gen_movi_i32(tmp, (read_pc(s) & ~3) + ofs);
235 tcg_gen_addi_i32(tmp, cpu_R[reg], ofs);
240 /* Set a CPU register. The source must be a temporary and will be
242 static void store_reg(DisasContext *s, int reg, TCGv_i32 var)
245 /* In Thumb mode, we must ignore bit 0.
246 * In ARM mode, for ARMv4 and ARMv5, it is UNPREDICTABLE if bits [1:0]
247 * are not 0b00, but for ARMv6 and above, we must ignore bits [1:0].
248 * We choose to ignore [1:0] in ARM mode for all architecture versions.
250 tcg_gen_andi_i32(var, var, s->thumb ? ~1 : ~3);
251 s->base.is_jmp = DISAS_JUMP;
253 tcg_gen_mov_i32(cpu_R[reg], var);
254 tcg_temp_free_i32(var);
258 * Variant of store_reg which applies v8M stack-limit checks before updating
259 * SP. If the check fails this will result in an exception being taken.
260 * We disable the stack checks for CONFIG_USER_ONLY because we have
261 * no idea what the stack limits should be in that case.
262 * If stack checking is not being done this just acts like store_reg().
264 static void store_sp_checked(DisasContext *s, TCGv_i32 var)
266 #ifndef CONFIG_USER_ONLY
267 if (s->v8m_stackcheck) {
268 gen_helper_v8m_stackcheck(cpu_env, var);
271 store_reg(s, 13, var);
274 /* Value extensions. */
275 #define gen_uxtb(var) tcg_gen_ext8u_i32(var, var)
276 #define gen_uxth(var) tcg_gen_ext16u_i32(var, var)
277 #define gen_sxtb(var) tcg_gen_ext8s_i32(var, var)
278 #define gen_sxth(var) tcg_gen_ext16s_i32(var, var)
280 #define gen_sxtb16(var) gen_helper_sxtb16(var, var)
281 #define gen_uxtb16(var) gen_helper_uxtb16(var, var)
284 static inline void gen_set_cpsr(TCGv_i32 var, uint32_t mask)
286 TCGv_i32 tmp_mask = tcg_const_i32(mask);
287 gen_helper_cpsr_write(cpu_env, var, tmp_mask);
288 tcg_temp_free_i32(tmp_mask);
290 /* Set NZCV flags from the high 4 bits of var. */
291 #define gen_set_nzcv(var) gen_set_cpsr(var, CPSR_NZCV)
293 static void gen_exception_internal(int excp)
295 TCGv_i32 tcg_excp = tcg_const_i32(excp);
297 assert(excp_is_internal(excp));
298 gen_helper_exception_internal(cpu_env, tcg_excp);
299 tcg_temp_free_i32(tcg_excp);
302 static void gen_step_complete_exception(DisasContext *s)
304 /* We just completed step of an insn. Move from Active-not-pending
305 * to Active-pending, and then also take the swstep exception.
306 * This corresponds to making the (IMPDEF) choice to prioritize
307 * swstep exceptions over asynchronous exceptions taken to an exception
308 * level where debug is disabled. This choice has the advantage that
309 * we do not need to maintain internal state corresponding to the
310 * ISV/EX syndrome bits between completion of the step and generation
311 * of the exception, and our syndrome information is always correct.
314 gen_swstep_exception(s, 1, s->is_ldex);
315 s->base.is_jmp = DISAS_NORETURN;
318 static void gen_singlestep_exception(DisasContext *s)
320 /* Generate the right kind of exception for singlestep, which is
321 * either the architectural singlestep or EXCP_DEBUG for QEMU's
322 * gdb singlestepping.
325 gen_step_complete_exception(s);
327 gen_exception_internal(EXCP_DEBUG);
331 static inline bool is_singlestepping(DisasContext *s)
333 /* Return true if we are singlestepping either because of
334 * architectural singlestep or QEMU gdbstub singlestep. This does
335 * not include the command line '-singlestep' mode which is rather
336 * misnamed as it only means "one instruction per TB" and doesn't
337 * affect the code we generate.
339 return s->base.singlestep_enabled || s->ss_active;
342 static void gen_smul_dual(TCGv_i32 a, TCGv_i32 b)
344 TCGv_i32 tmp1 = tcg_temp_new_i32();
345 TCGv_i32 tmp2 = tcg_temp_new_i32();
346 tcg_gen_ext16s_i32(tmp1, a);
347 tcg_gen_ext16s_i32(tmp2, b);
348 tcg_gen_mul_i32(tmp1, tmp1, tmp2);
349 tcg_temp_free_i32(tmp2);
350 tcg_gen_sari_i32(a, a, 16);
351 tcg_gen_sari_i32(b, b, 16);
352 tcg_gen_mul_i32(b, b, a);
353 tcg_gen_mov_i32(a, tmp1);
354 tcg_temp_free_i32(tmp1);
357 /* Byteswap each halfword. */
358 static void gen_rev16(TCGv_i32 var)
360 TCGv_i32 tmp = tcg_temp_new_i32();
361 TCGv_i32 mask = tcg_const_i32(0x00ff00ff);
362 tcg_gen_shri_i32(tmp, var, 8);
363 tcg_gen_and_i32(tmp, tmp, mask);
364 tcg_gen_and_i32(var, var, mask);
365 tcg_gen_shli_i32(var, var, 8);
366 tcg_gen_or_i32(var, var, tmp);
367 tcg_temp_free_i32(mask);
368 tcg_temp_free_i32(tmp);
371 /* Byteswap low halfword and sign extend. */
372 static void gen_revsh(TCGv_i32 var)
374 tcg_gen_ext16u_i32(var, var);
375 tcg_gen_bswap16_i32(var, var);
376 tcg_gen_ext16s_i32(var, var);
379 /* 32x32->64 multiply. Marks inputs as dead. */
380 static TCGv_i64 gen_mulu_i64_i32(TCGv_i32 a, TCGv_i32 b)
382 TCGv_i32 lo = tcg_temp_new_i32();
383 TCGv_i32 hi = tcg_temp_new_i32();
386 tcg_gen_mulu2_i32(lo, hi, a, b);
387 tcg_temp_free_i32(a);
388 tcg_temp_free_i32(b);
390 ret = tcg_temp_new_i64();
391 tcg_gen_concat_i32_i64(ret, lo, hi);
392 tcg_temp_free_i32(lo);
393 tcg_temp_free_i32(hi);
398 static TCGv_i64 gen_muls_i64_i32(TCGv_i32 a, TCGv_i32 b)
400 TCGv_i32 lo = tcg_temp_new_i32();
401 TCGv_i32 hi = tcg_temp_new_i32();
404 tcg_gen_muls2_i32(lo, hi, a, b);
405 tcg_temp_free_i32(a);
406 tcg_temp_free_i32(b);
408 ret = tcg_temp_new_i64();
409 tcg_gen_concat_i32_i64(ret, lo, hi);
410 tcg_temp_free_i32(lo);
411 tcg_temp_free_i32(hi);
416 /* Swap low and high halfwords. */
417 static void gen_swap_half(TCGv_i32 var)
419 tcg_gen_rotri_i32(var, var, 16);
422 /* Dual 16-bit add. Result placed in t0 and t1 is marked as dead.
423 tmp = (t0 ^ t1) & 0x8000;
426 t0 = (t0 + t1) ^ tmp;
429 static void gen_add16(TCGv_i32 t0, TCGv_i32 t1)
431 TCGv_i32 tmp = tcg_temp_new_i32();
432 tcg_gen_xor_i32(tmp, t0, t1);
433 tcg_gen_andi_i32(tmp, tmp, 0x8000);
434 tcg_gen_andi_i32(t0, t0, ~0x8000);
435 tcg_gen_andi_i32(t1, t1, ~0x8000);
436 tcg_gen_add_i32(t0, t0, t1);
437 tcg_gen_xor_i32(t0, t0, tmp);
438 tcg_temp_free_i32(tmp);
439 tcg_temp_free_i32(t1);
442 /* Set N and Z flags from var. */
443 static inline void gen_logic_CC(TCGv_i32 var)
445 tcg_gen_mov_i32(cpu_NF, var);
446 tcg_gen_mov_i32(cpu_ZF, var);
450 static void gen_adc(TCGv_i32 t0, TCGv_i32 t1)
452 tcg_gen_add_i32(t0, t0, t1);
453 tcg_gen_add_i32(t0, t0, cpu_CF);
456 /* dest = T0 + T1 + CF. */
457 static void gen_add_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
459 tcg_gen_add_i32(dest, t0, t1);
460 tcg_gen_add_i32(dest, dest, cpu_CF);
463 /* dest = T0 - T1 + CF - 1. */
464 static void gen_sub_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
466 tcg_gen_sub_i32(dest, t0, t1);
467 tcg_gen_add_i32(dest, dest, cpu_CF);
468 tcg_gen_subi_i32(dest, dest, 1);
471 /* dest = T0 + T1. Compute C, N, V and Z flags */
472 static void gen_add_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
474 TCGv_i32 tmp = tcg_temp_new_i32();
475 tcg_gen_movi_i32(tmp, 0);
476 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, t1, tmp);
477 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
478 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
479 tcg_gen_xor_i32(tmp, t0, t1);
480 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
481 tcg_temp_free_i32(tmp);
482 tcg_gen_mov_i32(dest, cpu_NF);
485 /* dest = T0 + T1 + CF. Compute C, N, V and Z flags */
486 static void gen_adc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
488 TCGv_i32 tmp = tcg_temp_new_i32();
489 if (TCG_TARGET_HAS_add2_i32) {
490 tcg_gen_movi_i32(tmp, 0);
491 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, cpu_CF, tmp);
492 tcg_gen_add2_i32(cpu_NF, cpu_CF, cpu_NF, cpu_CF, t1, tmp);
494 TCGv_i64 q0 = tcg_temp_new_i64();
495 TCGv_i64 q1 = tcg_temp_new_i64();
496 tcg_gen_extu_i32_i64(q0, t0);
497 tcg_gen_extu_i32_i64(q1, t1);
498 tcg_gen_add_i64(q0, q0, q1);
499 tcg_gen_extu_i32_i64(q1, cpu_CF);
500 tcg_gen_add_i64(q0, q0, q1);
501 tcg_gen_extr_i64_i32(cpu_NF, cpu_CF, q0);
502 tcg_temp_free_i64(q0);
503 tcg_temp_free_i64(q1);
505 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
506 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
507 tcg_gen_xor_i32(tmp, t0, t1);
508 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
509 tcg_temp_free_i32(tmp);
510 tcg_gen_mov_i32(dest, cpu_NF);
513 /* dest = T0 - T1. Compute C, N, V and Z flags */
514 static void gen_sub_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
517 tcg_gen_sub_i32(cpu_NF, t0, t1);
518 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
519 tcg_gen_setcond_i32(TCG_COND_GEU, cpu_CF, t0, t1);
520 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
521 tmp = tcg_temp_new_i32();
522 tcg_gen_xor_i32(tmp, t0, t1);
523 tcg_gen_and_i32(cpu_VF, cpu_VF, tmp);
524 tcg_temp_free_i32(tmp);
525 tcg_gen_mov_i32(dest, cpu_NF);
528 /* dest = T0 + ~T1 + CF. Compute C, N, V and Z flags */
529 static void gen_sbc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
531 TCGv_i32 tmp = tcg_temp_new_i32();
532 tcg_gen_not_i32(tmp, t1);
533 gen_adc_CC(dest, t0, tmp);
534 tcg_temp_free_i32(tmp);
537 #define GEN_SHIFT(name) \
538 static void gen_##name(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) \
540 TCGv_i32 tmp1, tmp2, tmp3; \
541 tmp1 = tcg_temp_new_i32(); \
542 tcg_gen_andi_i32(tmp1, t1, 0xff); \
543 tmp2 = tcg_const_i32(0); \
544 tmp3 = tcg_const_i32(0x1f); \
545 tcg_gen_movcond_i32(TCG_COND_GTU, tmp2, tmp1, tmp3, tmp2, t0); \
546 tcg_temp_free_i32(tmp3); \
547 tcg_gen_andi_i32(tmp1, tmp1, 0x1f); \
548 tcg_gen_##name##_i32(dest, tmp2, tmp1); \
549 tcg_temp_free_i32(tmp2); \
550 tcg_temp_free_i32(tmp1); \
556 static void gen_sar(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
559 tmp1 = tcg_temp_new_i32();
560 tcg_gen_andi_i32(tmp1, t1, 0xff);
561 tmp2 = tcg_const_i32(0x1f);
562 tcg_gen_movcond_i32(TCG_COND_GTU, tmp1, tmp1, tmp2, tmp2, tmp1);
563 tcg_temp_free_i32(tmp2);
564 tcg_gen_sar_i32(dest, t0, tmp1);
565 tcg_temp_free_i32(tmp1);
568 static void shifter_out_im(TCGv_i32 var, int shift)
570 tcg_gen_extract_i32(cpu_CF, var, shift, 1);
573 /* Shift by immediate. Includes special handling for shift == 0. */
574 static inline void gen_arm_shift_im(TCGv_i32 var, int shiftop,
575 int shift, int flags)
581 shifter_out_im(var, 32 - shift);
582 tcg_gen_shli_i32(var, var, shift);
588 tcg_gen_shri_i32(cpu_CF, var, 31);
590 tcg_gen_movi_i32(var, 0);
593 shifter_out_im(var, shift - 1);
594 tcg_gen_shri_i32(var, var, shift);
601 shifter_out_im(var, shift - 1);
604 tcg_gen_sari_i32(var, var, shift);
606 case 3: /* ROR/RRX */
609 shifter_out_im(var, shift - 1);
610 tcg_gen_rotri_i32(var, var, shift); break;
612 TCGv_i32 tmp = tcg_temp_new_i32();
613 tcg_gen_shli_i32(tmp, cpu_CF, 31);
615 shifter_out_im(var, 0);
616 tcg_gen_shri_i32(var, var, 1);
617 tcg_gen_or_i32(var, var, tmp);
618 tcg_temp_free_i32(tmp);
623 static inline void gen_arm_shift_reg(TCGv_i32 var, int shiftop,
624 TCGv_i32 shift, int flags)
628 case 0: gen_helper_shl_cc(var, cpu_env, var, shift); break;
629 case 1: gen_helper_shr_cc(var, cpu_env, var, shift); break;
630 case 2: gen_helper_sar_cc(var, cpu_env, var, shift); break;
631 case 3: gen_helper_ror_cc(var, cpu_env, var, shift); break;
636 gen_shl(var, var, shift);
639 gen_shr(var, var, shift);
642 gen_sar(var, var, shift);
644 case 3: tcg_gen_andi_i32(shift, shift, 0x1f);
645 tcg_gen_rotr_i32(var, var, shift); break;
648 tcg_temp_free_i32(shift);
651 #define PAS_OP(pfx) \
653 case 0: gen_pas_helper(glue(pfx,add16)); break; \
654 case 1: gen_pas_helper(glue(pfx,addsubx)); break; \
655 case 2: gen_pas_helper(glue(pfx,subaddx)); break; \
656 case 3: gen_pas_helper(glue(pfx,sub16)); break; \
657 case 4: gen_pas_helper(glue(pfx,add8)); break; \
658 case 7: gen_pas_helper(glue(pfx,sub8)); break; \
660 static void gen_arm_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
665 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
667 tmp = tcg_temp_new_ptr();
668 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
670 tcg_temp_free_ptr(tmp);
673 tmp = tcg_temp_new_ptr();
674 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
676 tcg_temp_free_ptr(tmp);
678 #undef gen_pas_helper
679 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
692 #undef gen_pas_helper
697 /* For unknown reasons Arm and Thumb-2 use arbitrarily different encodings. */
698 #define PAS_OP(pfx) \
700 case 0: gen_pas_helper(glue(pfx,add8)); break; \
701 case 1: gen_pas_helper(glue(pfx,add16)); break; \
702 case 2: gen_pas_helper(glue(pfx,addsubx)); break; \
703 case 4: gen_pas_helper(glue(pfx,sub8)); break; \
704 case 5: gen_pas_helper(glue(pfx,sub16)); break; \
705 case 6: gen_pas_helper(glue(pfx,subaddx)); break; \
707 static void gen_thumb2_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
712 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
714 tmp = tcg_temp_new_ptr();
715 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
717 tcg_temp_free_ptr(tmp);
720 tmp = tcg_temp_new_ptr();
721 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
723 tcg_temp_free_ptr(tmp);
725 #undef gen_pas_helper
726 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
739 #undef gen_pas_helper
745 * Generate a conditional based on ARM condition code cc.
746 * This is common between ARM and Aarch64 targets.
748 void arm_test_cc(DisasCompare *cmp, int cc)
779 case 8: /* hi: C && !Z */
780 case 9: /* ls: !C || Z -> !(C && !Z) */
782 value = tcg_temp_new_i32();
784 /* CF is 1 for C, so -CF is an all-bits-set mask for C;
785 ZF is non-zero for !Z; so AND the two subexpressions. */
786 tcg_gen_neg_i32(value, cpu_CF);
787 tcg_gen_and_i32(value, value, cpu_ZF);
790 case 10: /* ge: N == V -> N ^ V == 0 */
791 case 11: /* lt: N != V -> N ^ V != 0 */
792 /* Since we're only interested in the sign bit, == 0 is >= 0. */
794 value = tcg_temp_new_i32();
796 tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
799 case 12: /* gt: !Z && N == V */
800 case 13: /* le: Z || N != V */
802 value = tcg_temp_new_i32();
804 /* (N == V) is equal to the sign bit of ~(NF ^ VF). Propagate
805 * the sign bit then AND with ZF to yield the result. */
806 tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
807 tcg_gen_sari_i32(value, value, 31);
808 tcg_gen_andc_i32(value, cpu_ZF, value);
811 case 14: /* always */
812 case 15: /* always */
813 /* Use the ALWAYS condition, which will fold early.
814 * It doesn't matter what we use for the value. */
815 cond = TCG_COND_ALWAYS;
820 fprintf(stderr, "Bad condition code 0x%x\n", cc);
825 cond = tcg_invert_cond(cond);
831 cmp->value_global = global;
834 void arm_free_cc(DisasCompare *cmp)
836 if (!cmp->value_global) {
837 tcg_temp_free_i32(cmp->value);
841 void arm_jump_cc(DisasCompare *cmp, TCGLabel *label)
843 tcg_gen_brcondi_i32(cmp->cond, cmp->value, 0, label);
846 void arm_gen_test_cc(int cc, TCGLabel *label)
849 arm_test_cc(&cmp, cc);
850 arm_jump_cc(&cmp, label);
854 static inline void gen_set_condexec(DisasContext *s)
856 if (s->condexec_mask) {
857 uint32_t val = (s->condexec_cond << 4) | (s->condexec_mask >> 1);
858 TCGv_i32 tmp = tcg_temp_new_i32();
859 tcg_gen_movi_i32(tmp, val);
860 store_cpu_field(tmp, condexec_bits);
864 static inline void gen_set_pc_im(DisasContext *s, target_ulong val)
866 tcg_gen_movi_i32(cpu_R[15], val);
869 /* Set PC and Thumb state from an immediate address. */
870 static inline void gen_bx_im(DisasContext *s, uint32_t addr)
874 s->base.is_jmp = DISAS_JUMP;
875 if (s->thumb != (addr & 1)) {
876 tmp = tcg_temp_new_i32();
877 tcg_gen_movi_i32(tmp, addr & 1);
878 tcg_gen_st_i32(tmp, cpu_env, offsetof(CPUARMState, thumb));
879 tcg_temp_free_i32(tmp);
881 tcg_gen_movi_i32(cpu_R[15], addr & ~1);
884 /* Set PC and Thumb state from var. var is marked as dead. */
885 static inline void gen_bx(DisasContext *s, TCGv_i32 var)
887 s->base.is_jmp = DISAS_JUMP;
888 tcg_gen_andi_i32(cpu_R[15], var, ~1);
889 tcg_gen_andi_i32(var, var, 1);
890 store_cpu_field(var, thumb);
894 * Set PC and Thumb state from var. var is marked as dead.
895 * For M-profile CPUs, include logic to detect exception-return
896 * branches and handle them. This is needed for Thumb POP/LDM to PC, LDR to PC,
897 * and BX reg, and no others, and happens only for code in Handler mode.
898 * The Security Extension also requires us to check for the FNC_RETURN
899 * which signals a function return from non-secure state; this can happen
900 * in both Handler and Thread mode.
901 * To avoid having to do multiple comparisons in inline generated code,
902 * we make the check we do here loose, so it will match for EXC_RETURN
903 * in Thread mode. For system emulation do_v7m_exception_exit() checks
904 * for these spurious cases and returns without doing anything (giving
905 * the same behaviour as for a branch to a non-magic address).
907 * In linux-user mode it is unclear what the right behaviour for an
908 * attempted FNC_RETURN should be, because in real hardware this will go
909 * directly to Secure code (ie not the Linux kernel) which will then treat
910 * the error in any way it chooses. For QEMU we opt to make the FNC_RETURN
911 * attempt behave the way it would on a CPU without the security extension,
912 * which is to say "like a normal branch". That means we can simply treat
913 * all branches as normal with no magic address behaviour.
915 static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
917 /* Generate the same code here as for a simple bx, but flag via
918 * s->base.is_jmp that we need to do the rest of the work later.
921 #ifndef CONFIG_USER_ONLY
922 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY) ||
923 (s->v7m_handler_mode && arm_dc_feature(s, ARM_FEATURE_M))) {
924 s->base.is_jmp = DISAS_BX_EXCRET;
929 static inline void gen_bx_excret_final_code(DisasContext *s)
931 /* Generate the code to finish possible exception return and end the TB */
932 TCGLabel *excret_label = gen_new_label();
935 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY)) {
936 /* Covers FNC_RETURN and EXC_RETURN magic */
937 min_magic = FNC_RETURN_MIN_MAGIC;
939 /* EXC_RETURN magic only */
940 min_magic = EXC_RETURN_MIN_MAGIC;
943 /* Is the new PC value in the magic range indicating exception return? */
944 tcg_gen_brcondi_i32(TCG_COND_GEU, cpu_R[15], min_magic, excret_label);
945 /* No: end the TB as we would for a DISAS_JMP */
946 if (is_singlestepping(s)) {
947 gen_singlestep_exception(s);
949 tcg_gen_exit_tb(NULL, 0);
951 gen_set_label(excret_label);
952 /* Yes: this is an exception return.
953 * At this point in runtime env->regs[15] and env->thumb will hold
954 * the exception-return magic number, which do_v7m_exception_exit()
955 * will read. Nothing else will be able to see those values because
956 * the cpu-exec main loop guarantees that we will always go straight
957 * from raising the exception to the exception-handling code.
959 * gen_ss_advance(s) does nothing on M profile currently but
960 * calling it is conceptually the right thing as we have executed
961 * this instruction (compare SWI, HVC, SMC handling).
964 gen_exception_internal(EXCP_EXCEPTION_EXIT);
967 static inline void gen_bxns(DisasContext *s, int rm)
969 TCGv_i32 var = load_reg(s, rm);
971 /* The bxns helper may raise an EXCEPTION_EXIT exception, so in theory
972 * we need to sync state before calling it, but:
973 * - we don't need to do gen_set_pc_im() because the bxns helper will
974 * always set the PC itself
975 * - we don't need to do gen_set_condexec() because BXNS is UNPREDICTABLE
976 * unless it's outside an IT block or the last insn in an IT block,
977 * so we know that condexec == 0 (already set at the top of the TB)
978 * is correct in the non-UNPREDICTABLE cases, and we can choose
979 * "zeroes the IT bits" as our UNPREDICTABLE behaviour otherwise.
981 gen_helper_v7m_bxns(cpu_env, var);
982 tcg_temp_free_i32(var);
983 s->base.is_jmp = DISAS_EXIT;
986 static inline void gen_blxns(DisasContext *s, int rm)
988 TCGv_i32 var = load_reg(s, rm);
990 /* We don't need to sync condexec state, for the same reason as bxns.
991 * We do however need to set the PC, because the blxns helper reads it.
992 * The blxns helper may throw an exception.
994 gen_set_pc_im(s, s->base.pc_next);
995 gen_helper_v7m_blxns(cpu_env, var);
996 tcg_temp_free_i32(var);
997 s->base.is_jmp = DISAS_EXIT;
1000 /* Variant of store_reg which uses branch&exchange logic when storing
1001 to r15 in ARM architecture v7 and above. The source must be a temporary
1002 and will be marked as dead. */
1003 static inline void store_reg_bx(DisasContext *s, int reg, TCGv_i32 var)
1005 if (reg == 15 && ENABLE_ARCH_7) {
1008 store_reg(s, reg, var);
1012 /* Variant of store_reg which uses branch&exchange logic when storing
1013 * to r15 in ARM architecture v5T and above. This is used for storing
1014 * the results of a LDR/LDM/POP into r15, and corresponds to the cases
1015 * in the ARM ARM which use the LoadWritePC() pseudocode function. */
1016 static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
1018 if (reg == 15 && ENABLE_ARCH_5) {
1019 gen_bx_excret(s, var);
1021 store_reg(s, reg, var);
1025 #ifdef CONFIG_USER_ONLY
1026 #define IS_USER_ONLY 1
1028 #define IS_USER_ONLY 0
1031 /* Abstractions of "generate code to do a guest load/store for
1032 * AArch32", where a vaddr is always 32 bits (and is zero
1033 * extended if we're a 64 bit core) and data is also
1034 * 32 bits unless specifically doing a 64 bit access.
1035 * These functions work like tcg_gen_qemu_{ld,st}* except
1036 * that the address argument is TCGv_i32 rather than TCGv.
1039 static inline TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, MemOp op)
1041 TCGv addr = tcg_temp_new();
1042 tcg_gen_extu_i32_tl(addr, a32);
1044 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1045 if (!IS_USER_ONLY && s->sctlr_b && (op & MO_SIZE) < MO_32) {
1046 tcg_gen_xori_tl(addr, addr, 4 - (1 << (op & MO_SIZE)));
1051 static void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
1052 int index, MemOp opc)
1056 if (arm_dc_feature(s, ARM_FEATURE_M) &&
1057 !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
1061 addr = gen_aa32_addr(s, a32, opc);
1062 tcg_gen_qemu_ld_i32(val, addr, index, opc);
1063 tcg_temp_free(addr);
1066 static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
1067 int index, MemOp opc)
1071 if (arm_dc_feature(s, ARM_FEATURE_M) &&
1072 !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
1076 addr = gen_aa32_addr(s, a32, opc);
1077 tcg_gen_qemu_st_i32(val, addr, index, opc);
1078 tcg_temp_free(addr);
1081 #define DO_GEN_LD(SUFF, OPC) \
1082 static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val, \
1083 TCGv_i32 a32, int index) \
1085 gen_aa32_ld_i32(s, val, a32, index, OPC | s->be_data); \
1087 static inline void gen_aa32_ld##SUFF##_iss(DisasContext *s, \
1089 TCGv_i32 a32, int index, \
1092 gen_aa32_ld##SUFF(s, val, a32, index); \
1093 disas_set_da_iss(s, OPC, issinfo); \
1096 #define DO_GEN_ST(SUFF, OPC) \
1097 static inline void gen_aa32_st##SUFF(DisasContext *s, TCGv_i32 val, \
1098 TCGv_i32 a32, int index) \
1100 gen_aa32_st_i32(s, val, a32, index, OPC | s->be_data); \
1102 static inline void gen_aa32_st##SUFF##_iss(DisasContext *s, \
1104 TCGv_i32 a32, int index, \
1107 gen_aa32_st##SUFF(s, val, a32, index); \
1108 disas_set_da_iss(s, OPC, issinfo | ISSIsWrite); \
1111 static inline void gen_aa32_frob64(DisasContext *s, TCGv_i64 val)
1113 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1114 if (!IS_USER_ONLY && s->sctlr_b) {
1115 tcg_gen_rotri_i64(val, val, 32);
1119 static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
1120 int index, MemOp opc)
1122 TCGv addr = gen_aa32_addr(s, a32, opc);
1123 tcg_gen_qemu_ld_i64(val, addr, index, opc);
1124 gen_aa32_frob64(s, val);
1125 tcg_temp_free(addr);
1128 static inline void gen_aa32_ld64(DisasContext *s, TCGv_i64 val,
1129 TCGv_i32 a32, int index)
1131 gen_aa32_ld_i64(s, val, a32, index, MO_Q | s->be_data);
1134 static void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
1135 int index, MemOp opc)
1137 TCGv addr = gen_aa32_addr(s, a32, opc);
1139 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1140 if (!IS_USER_ONLY && s->sctlr_b) {
1141 TCGv_i64 tmp = tcg_temp_new_i64();
1142 tcg_gen_rotri_i64(tmp, val, 32);
1143 tcg_gen_qemu_st_i64(tmp, addr, index, opc);
1144 tcg_temp_free_i64(tmp);
1146 tcg_gen_qemu_st_i64(val, addr, index, opc);
1148 tcg_temp_free(addr);
1151 static inline void gen_aa32_st64(DisasContext *s, TCGv_i64 val,
1152 TCGv_i32 a32, int index)
1154 gen_aa32_st_i64(s, val, a32, index, MO_Q | s->be_data);
1157 DO_GEN_LD(8s, MO_SB)
1158 DO_GEN_LD(8u, MO_UB)
1159 DO_GEN_LD(16s, MO_SW)
1160 DO_GEN_LD(16u, MO_UW)
1161 DO_GEN_LD(32u, MO_UL)
1163 DO_GEN_ST(16, MO_UW)
1164 DO_GEN_ST(32, MO_UL)
1166 static inline void gen_hvc(DisasContext *s, int imm16)
1168 /* The pre HVC helper handles cases when HVC gets trapped
1169 * as an undefined insn by runtime configuration (ie before
1170 * the insn really executes).
1172 gen_set_pc_im(s, s->pc_curr);
1173 gen_helper_pre_hvc(cpu_env);
1174 /* Otherwise we will treat this as a real exception which
1175 * happens after execution of the insn. (The distinction matters
1176 * for the PC value reported to the exception handler and also
1177 * for single stepping.)
1180 gen_set_pc_im(s, s->base.pc_next);
1181 s->base.is_jmp = DISAS_HVC;
1184 static inline void gen_smc(DisasContext *s)
1186 /* As with HVC, we may take an exception either before or after
1187 * the insn executes.
1191 gen_set_pc_im(s, s->pc_curr);
1192 tmp = tcg_const_i32(syn_aa32_smc());
1193 gen_helper_pre_smc(cpu_env, tmp);
1194 tcg_temp_free_i32(tmp);
1195 gen_set_pc_im(s, s->base.pc_next);
1196 s->base.is_jmp = DISAS_SMC;
1199 static void gen_exception_internal_insn(DisasContext *s, uint32_t pc, int excp)
1201 gen_set_condexec(s);
1202 gen_set_pc_im(s, pc);
1203 gen_exception_internal(excp);
1204 s->base.is_jmp = DISAS_NORETURN;
1207 static void gen_exception_insn(DisasContext *s, uint32_t pc, int excp,
1208 int syn, uint32_t target_el)
1210 gen_set_condexec(s);
1211 gen_set_pc_im(s, pc);
1212 gen_exception(excp, syn, target_el);
1213 s->base.is_jmp = DISAS_NORETURN;
1216 static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
1220 gen_set_condexec(s);
1221 gen_set_pc_im(s, s->pc_curr);
1222 tcg_syn = tcg_const_i32(syn);
1223 gen_helper_exception_bkpt_insn(cpu_env, tcg_syn);
1224 tcg_temp_free_i32(tcg_syn);
1225 s->base.is_jmp = DISAS_NORETURN;
1228 static void unallocated_encoding(DisasContext *s)
1230 /* Unallocated and reserved encodings are uncategorized */
1231 gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
1232 default_exception_el(s));
1235 /* Force a TB lookup after an instruction that changes the CPU state. */
1236 static inline void gen_lookup_tb(DisasContext *s)
1238 tcg_gen_movi_i32(cpu_R[15], s->base.pc_next);
1239 s->base.is_jmp = DISAS_EXIT;
1242 static inline void gen_hlt(DisasContext *s, int imm)
1244 /* HLT. This has two purposes.
1245 * Architecturally, it is an external halting debug instruction.
1246 * Since QEMU doesn't implement external debug, we treat this as
1247 * it is required for halting debug disabled: it will UNDEF.
1248 * Secondly, "HLT 0x3C" is a T32 semihosting trap instruction,
1249 * and "HLT 0xF000" is an A32 semihosting syscall. These traps
1250 * must trigger semihosting even for ARMv7 and earlier, where
1251 * HLT was an undefined encoding.
1252 * In system mode, we don't allow userspace access to
1253 * semihosting, to provide some semblance of security
1254 * (and for consistency with our 32-bit semihosting).
1256 if (semihosting_enabled() &&
1257 #ifndef CONFIG_USER_ONLY
1258 s->current_el != 0 &&
1260 (imm == (s->thumb ? 0x3c : 0xf000))) {
1261 gen_exception_internal_insn(s, s->base.pc_next, EXCP_SEMIHOST);
1265 unallocated_encoding(s);
1268 static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
1271 int val, rm, shift, shiftop;
1274 if (!(insn & (1 << 25))) {
1277 if (!(insn & (1 << 23)))
1280 tcg_gen_addi_i32(var, var, val);
1282 /* shift/register */
1284 shift = (insn >> 7) & 0x1f;
1285 shiftop = (insn >> 5) & 3;
1286 offset = load_reg(s, rm);
1287 gen_arm_shift_im(offset, shiftop, shift, 0);
1288 if (!(insn & (1 << 23)))
1289 tcg_gen_sub_i32(var, var, offset);
1291 tcg_gen_add_i32(var, var, offset);
1292 tcg_temp_free_i32(offset);
1296 static inline void gen_add_datah_offset(DisasContext *s, unsigned int insn,
1297 int extra, TCGv_i32 var)
1302 if (insn & (1 << 22)) {
1304 val = (insn & 0xf) | ((insn >> 4) & 0xf0);
1305 if (!(insn & (1 << 23)))
1309 tcg_gen_addi_i32(var, var, val);
1313 tcg_gen_addi_i32(var, var, extra);
1315 offset = load_reg(s, rm);
1316 if (!(insn & (1 << 23)))
1317 tcg_gen_sub_i32(var, var, offset);
1319 tcg_gen_add_i32(var, var, offset);
1320 tcg_temp_free_i32(offset);
1324 static TCGv_ptr get_fpstatus_ptr(int neon)
1326 TCGv_ptr statusptr = tcg_temp_new_ptr();
1329 offset = offsetof(CPUARMState, vfp.standard_fp_status);
1331 offset = offsetof(CPUARMState, vfp.fp_status);
1333 tcg_gen_addi_ptr(statusptr, cpu_env, offset);
1337 static inline long vfp_reg_offset(bool dp, unsigned reg)
1340 return offsetof(CPUARMState, vfp.zregs[reg >> 1].d[reg & 1]);
1342 long ofs = offsetof(CPUARMState, vfp.zregs[reg >> 2].d[(reg >> 1) & 1]);
1344 ofs += offsetof(CPU_DoubleU, l.upper);
1346 ofs += offsetof(CPU_DoubleU, l.lower);
1352 /* Return the offset of a 32-bit piece of a NEON register.
1353 zero is the least significant end of the register. */
1355 neon_reg_offset (int reg, int n)
1359 return vfp_reg_offset(0, sreg);
1362 /* Return the offset of a 2**SIZE piece of a NEON register, at index ELE,
1363 * where 0 is the least significant end of the register.
1366 neon_element_offset(int reg, int element, MemOp size)
1368 int element_size = 1 << size;
1369 int ofs = element * element_size;
1370 #ifdef HOST_WORDS_BIGENDIAN
1371 /* Calculate the offset assuming fully little-endian,
1372 * then XOR to account for the order of the 8-byte units.
1374 if (element_size < 8) {
1375 ofs ^= 8 - element_size;
1378 return neon_reg_offset(reg, 0) + ofs;
1381 static TCGv_i32 neon_load_reg(int reg, int pass)
1383 TCGv_i32 tmp = tcg_temp_new_i32();
1384 tcg_gen_ld_i32(tmp, cpu_env, neon_reg_offset(reg, pass));
1388 static void neon_load_element(TCGv_i32 var, int reg, int ele, MemOp mop)
1390 long offset = neon_element_offset(reg, ele, mop & MO_SIZE);
1394 tcg_gen_ld8u_i32(var, cpu_env, offset);
1397 tcg_gen_ld16u_i32(var, cpu_env, offset);
1400 tcg_gen_ld_i32(var, cpu_env, offset);
1403 g_assert_not_reached();
1407 static void neon_load_element64(TCGv_i64 var, int reg, int ele, MemOp mop)
1409 long offset = neon_element_offset(reg, ele, mop & MO_SIZE);
1413 tcg_gen_ld8u_i64(var, cpu_env, offset);
1416 tcg_gen_ld16u_i64(var, cpu_env, offset);
1419 tcg_gen_ld32u_i64(var, cpu_env, offset);
1422 tcg_gen_ld_i64(var, cpu_env, offset);
1425 g_assert_not_reached();
1429 static void neon_store_reg(int reg, int pass, TCGv_i32 var)
1431 tcg_gen_st_i32(var, cpu_env, neon_reg_offset(reg, pass));
1432 tcg_temp_free_i32(var);
1435 static void neon_store_element(int reg, int ele, MemOp size, TCGv_i32 var)
1437 long offset = neon_element_offset(reg, ele, size);
1441 tcg_gen_st8_i32(var, cpu_env, offset);
1444 tcg_gen_st16_i32(var, cpu_env, offset);
1447 tcg_gen_st_i32(var, cpu_env, offset);
1450 g_assert_not_reached();
1454 static void neon_store_element64(int reg, int ele, MemOp size, TCGv_i64 var)
1456 long offset = neon_element_offset(reg, ele, size);
1460 tcg_gen_st8_i64(var, cpu_env, offset);
1463 tcg_gen_st16_i64(var, cpu_env, offset);
1466 tcg_gen_st32_i64(var, cpu_env, offset);
1469 tcg_gen_st_i64(var, cpu_env, offset);
1472 g_assert_not_reached();
1476 static inline void neon_load_reg64(TCGv_i64 var, int reg)
1478 tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(1, reg));
1481 static inline void neon_store_reg64(TCGv_i64 var, int reg)
1483 tcg_gen_st_i64(var, cpu_env, vfp_reg_offset(1, reg));
1486 static inline void neon_load_reg32(TCGv_i32 var, int reg)
1488 tcg_gen_ld_i32(var, cpu_env, vfp_reg_offset(false, reg));
1491 static inline void neon_store_reg32(TCGv_i32 var, int reg)
1493 tcg_gen_st_i32(var, cpu_env, vfp_reg_offset(false, reg));
1496 static TCGv_ptr vfp_reg_ptr(bool dp, int reg)
1498 TCGv_ptr ret = tcg_temp_new_ptr();
1499 tcg_gen_addi_ptr(ret, cpu_env, vfp_reg_offset(dp, reg));
1503 #define ARM_CP_RW_BIT (1 << 20)
1505 /* Include the VFP decoder */
1506 #include "translate-vfp.inc.c"
1508 static inline void iwmmxt_load_reg(TCGv_i64 var, int reg)
1510 tcg_gen_ld_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1513 static inline void iwmmxt_store_reg(TCGv_i64 var, int reg)
1515 tcg_gen_st_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1518 static inline TCGv_i32 iwmmxt_load_creg(int reg)
1520 TCGv_i32 var = tcg_temp_new_i32();
1521 tcg_gen_ld_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1525 static inline void iwmmxt_store_creg(int reg, TCGv_i32 var)
1527 tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1528 tcg_temp_free_i32(var);
1531 static inline void gen_op_iwmmxt_movq_wRn_M0(int rn)
1533 iwmmxt_store_reg(cpu_M0, rn);
1536 static inline void gen_op_iwmmxt_movq_M0_wRn(int rn)
1538 iwmmxt_load_reg(cpu_M0, rn);
1541 static inline void gen_op_iwmmxt_orq_M0_wRn(int rn)
1543 iwmmxt_load_reg(cpu_V1, rn);
1544 tcg_gen_or_i64(cpu_M0, cpu_M0, cpu_V1);
1547 static inline void gen_op_iwmmxt_andq_M0_wRn(int rn)
1549 iwmmxt_load_reg(cpu_V1, rn);
1550 tcg_gen_and_i64(cpu_M0, cpu_M0, cpu_V1);
1553 static inline void gen_op_iwmmxt_xorq_M0_wRn(int rn)
1555 iwmmxt_load_reg(cpu_V1, rn);
1556 tcg_gen_xor_i64(cpu_M0, cpu_M0, cpu_V1);
1559 #define IWMMXT_OP(name) \
1560 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1562 iwmmxt_load_reg(cpu_V1, rn); \
1563 gen_helper_iwmmxt_##name(cpu_M0, cpu_M0, cpu_V1); \
1566 #define IWMMXT_OP_ENV(name) \
1567 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1569 iwmmxt_load_reg(cpu_V1, rn); \
1570 gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0, cpu_V1); \
1573 #define IWMMXT_OP_ENV_SIZE(name) \
1574 IWMMXT_OP_ENV(name##b) \
1575 IWMMXT_OP_ENV(name##w) \
1576 IWMMXT_OP_ENV(name##l)
1578 #define IWMMXT_OP_ENV1(name) \
1579 static inline void gen_op_iwmmxt_##name##_M0(void) \
1581 gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0); \
1595 IWMMXT_OP_ENV_SIZE(unpackl)
1596 IWMMXT_OP_ENV_SIZE(unpackh)
1598 IWMMXT_OP_ENV1(unpacklub)
1599 IWMMXT_OP_ENV1(unpackluw)
1600 IWMMXT_OP_ENV1(unpacklul)
1601 IWMMXT_OP_ENV1(unpackhub)
1602 IWMMXT_OP_ENV1(unpackhuw)
1603 IWMMXT_OP_ENV1(unpackhul)
1604 IWMMXT_OP_ENV1(unpacklsb)
1605 IWMMXT_OP_ENV1(unpacklsw)
1606 IWMMXT_OP_ENV1(unpacklsl)
1607 IWMMXT_OP_ENV1(unpackhsb)
1608 IWMMXT_OP_ENV1(unpackhsw)
1609 IWMMXT_OP_ENV1(unpackhsl)
1611 IWMMXT_OP_ENV_SIZE(cmpeq)
1612 IWMMXT_OP_ENV_SIZE(cmpgtu)
1613 IWMMXT_OP_ENV_SIZE(cmpgts)
1615 IWMMXT_OP_ENV_SIZE(mins)
1616 IWMMXT_OP_ENV_SIZE(minu)
1617 IWMMXT_OP_ENV_SIZE(maxs)
1618 IWMMXT_OP_ENV_SIZE(maxu)
1620 IWMMXT_OP_ENV_SIZE(subn)
1621 IWMMXT_OP_ENV_SIZE(addn)
1622 IWMMXT_OP_ENV_SIZE(subu)
1623 IWMMXT_OP_ENV_SIZE(addu)
1624 IWMMXT_OP_ENV_SIZE(subs)
1625 IWMMXT_OP_ENV_SIZE(adds)
1627 IWMMXT_OP_ENV(avgb0)
1628 IWMMXT_OP_ENV(avgb1)
1629 IWMMXT_OP_ENV(avgw0)
1630 IWMMXT_OP_ENV(avgw1)
1632 IWMMXT_OP_ENV(packuw)
1633 IWMMXT_OP_ENV(packul)
1634 IWMMXT_OP_ENV(packuq)
1635 IWMMXT_OP_ENV(packsw)
1636 IWMMXT_OP_ENV(packsl)
1637 IWMMXT_OP_ENV(packsq)
1639 static void gen_op_iwmmxt_set_mup(void)
1642 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1643 tcg_gen_ori_i32(tmp, tmp, 2);
1644 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1647 static void gen_op_iwmmxt_set_cup(void)
1650 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1651 tcg_gen_ori_i32(tmp, tmp, 1);
1652 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1655 static void gen_op_iwmmxt_setpsr_nz(void)
1657 TCGv_i32 tmp = tcg_temp_new_i32();
1658 gen_helper_iwmmxt_setpsr_nz(tmp, cpu_M0);
1659 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCASF]);
1662 static inline void gen_op_iwmmxt_addl_M0_wRn(int rn)
1664 iwmmxt_load_reg(cpu_V1, rn);
1665 tcg_gen_ext32u_i64(cpu_V1, cpu_V1);
1666 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
1669 static inline int gen_iwmmxt_address(DisasContext *s, uint32_t insn,
1676 rd = (insn >> 16) & 0xf;
1677 tmp = load_reg(s, rd);
1679 offset = (insn & 0xff) << ((insn >> 7) & 2);
1680 if (insn & (1 << 24)) {
1682 if (insn & (1 << 23))
1683 tcg_gen_addi_i32(tmp, tmp, offset);
1685 tcg_gen_addi_i32(tmp, tmp, -offset);
1686 tcg_gen_mov_i32(dest, tmp);
1687 if (insn & (1 << 21))
1688 store_reg(s, rd, tmp);
1690 tcg_temp_free_i32(tmp);
1691 } else if (insn & (1 << 21)) {
1693 tcg_gen_mov_i32(dest, tmp);
1694 if (insn & (1 << 23))
1695 tcg_gen_addi_i32(tmp, tmp, offset);
1697 tcg_gen_addi_i32(tmp, tmp, -offset);
1698 store_reg(s, rd, tmp);
1699 } else if (!(insn & (1 << 23)))
1704 static inline int gen_iwmmxt_shift(uint32_t insn, uint32_t mask, TCGv_i32 dest)
1706 int rd = (insn >> 0) & 0xf;
1709 if (insn & (1 << 8)) {
1710 if (rd < ARM_IWMMXT_wCGR0 || rd > ARM_IWMMXT_wCGR3) {
1713 tmp = iwmmxt_load_creg(rd);
1716 tmp = tcg_temp_new_i32();
1717 iwmmxt_load_reg(cpu_V0, rd);
1718 tcg_gen_extrl_i64_i32(tmp, cpu_V0);
1720 tcg_gen_andi_i32(tmp, tmp, mask);
1721 tcg_gen_mov_i32(dest, tmp);
1722 tcg_temp_free_i32(tmp);
1726 /* Disassemble an iwMMXt instruction. Returns nonzero if an error occurred
1727 (ie. an undefined instruction). */
1728 static int disas_iwmmxt_insn(DisasContext *s, uint32_t insn)
1731 int rdhi, rdlo, rd0, rd1, i;
1733 TCGv_i32 tmp, tmp2, tmp3;
1735 if ((insn & 0x0e000e00) == 0x0c000000) {
1736 if ((insn & 0x0fe00ff0) == 0x0c400000) {
1738 rdlo = (insn >> 12) & 0xf;
1739 rdhi = (insn >> 16) & 0xf;
1740 if (insn & ARM_CP_RW_BIT) { /* TMRRC */
1741 iwmmxt_load_reg(cpu_V0, wrd);
1742 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
1743 tcg_gen_extrh_i64_i32(cpu_R[rdhi], cpu_V0);
1744 } else { /* TMCRR */
1745 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
1746 iwmmxt_store_reg(cpu_V0, wrd);
1747 gen_op_iwmmxt_set_mup();
1752 wrd = (insn >> 12) & 0xf;
1753 addr = tcg_temp_new_i32();
1754 if (gen_iwmmxt_address(s, insn, addr)) {
1755 tcg_temp_free_i32(addr);
1758 if (insn & ARM_CP_RW_BIT) {
1759 if ((insn >> 28) == 0xf) { /* WLDRW wCx */
1760 tmp = tcg_temp_new_i32();
1761 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1762 iwmmxt_store_creg(wrd, tmp);
1765 if (insn & (1 << 8)) {
1766 if (insn & (1 << 22)) { /* WLDRD */
1767 gen_aa32_ld64(s, cpu_M0, addr, get_mem_index(s));
1769 } else { /* WLDRW wRd */
1770 tmp = tcg_temp_new_i32();
1771 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1774 tmp = tcg_temp_new_i32();
1775 if (insn & (1 << 22)) { /* WLDRH */
1776 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
1777 } else { /* WLDRB */
1778 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
1782 tcg_gen_extu_i32_i64(cpu_M0, tmp);
1783 tcg_temp_free_i32(tmp);
1785 gen_op_iwmmxt_movq_wRn_M0(wrd);
1788 if ((insn >> 28) == 0xf) { /* WSTRW wCx */
1789 tmp = iwmmxt_load_creg(wrd);
1790 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1792 gen_op_iwmmxt_movq_M0_wRn(wrd);
1793 tmp = tcg_temp_new_i32();
1794 if (insn & (1 << 8)) {
1795 if (insn & (1 << 22)) { /* WSTRD */
1796 gen_aa32_st64(s, cpu_M0, addr, get_mem_index(s));
1797 } else { /* WSTRW wRd */
1798 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1799 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1802 if (insn & (1 << 22)) { /* WSTRH */
1803 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1804 gen_aa32_st16(s, tmp, addr, get_mem_index(s));
1805 } else { /* WSTRB */
1806 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1807 gen_aa32_st8(s, tmp, addr, get_mem_index(s));
1811 tcg_temp_free_i32(tmp);
1813 tcg_temp_free_i32(addr);
1817 if ((insn & 0x0f000000) != 0x0e000000)
1820 switch (((insn >> 12) & 0xf00) | ((insn >> 4) & 0xff)) {
1821 case 0x000: /* WOR */
1822 wrd = (insn >> 12) & 0xf;
1823 rd0 = (insn >> 0) & 0xf;
1824 rd1 = (insn >> 16) & 0xf;
1825 gen_op_iwmmxt_movq_M0_wRn(rd0);
1826 gen_op_iwmmxt_orq_M0_wRn(rd1);
1827 gen_op_iwmmxt_setpsr_nz();
1828 gen_op_iwmmxt_movq_wRn_M0(wrd);
1829 gen_op_iwmmxt_set_mup();
1830 gen_op_iwmmxt_set_cup();
1832 case 0x011: /* TMCR */
1835 rd = (insn >> 12) & 0xf;
1836 wrd = (insn >> 16) & 0xf;
1838 case ARM_IWMMXT_wCID:
1839 case ARM_IWMMXT_wCASF:
1841 case ARM_IWMMXT_wCon:
1842 gen_op_iwmmxt_set_cup();
1844 case ARM_IWMMXT_wCSSF:
1845 tmp = iwmmxt_load_creg(wrd);
1846 tmp2 = load_reg(s, rd);
1847 tcg_gen_andc_i32(tmp, tmp, tmp2);
1848 tcg_temp_free_i32(tmp2);
1849 iwmmxt_store_creg(wrd, tmp);
1851 case ARM_IWMMXT_wCGR0:
1852 case ARM_IWMMXT_wCGR1:
1853 case ARM_IWMMXT_wCGR2:
1854 case ARM_IWMMXT_wCGR3:
1855 gen_op_iwmmxt_set_cup();
1856 tmp = load_reg(s, rd);
1857 iwmmxt_store_creg(wrd, tmp);
1863 case 0x100: /* WXOR */
1864 wrd = (insn >> 12) & 0xf;
1865 rd0 = (insn >> 0) & 0xf;
1866 rd1 = (insn >> 16) & 0xf;
1867 gen_op_iwmmxt_movq_M0_wRn(rd0);
1868 gen_op_iwmmxt_xorq_M0_wRn(rd1);
1869 gen_op_iwmmxt_setpsr_nz();
1870 gen_op_iwmmxt_movq_wRn_M0(wrd);
1871 gen_op_iwmmxt_set_mup();
1872 gen_op_iwmmxt_set_cup();
1874 case 0x111: /* TMRC */
1877 rd = (insn >> 12) & 0xf;
1878 wrd = (insn >> 16) & 0xf;
1879 tmp = iwmmxt_load_creg(wrd);
1880 store_reg(s, rd, tmp);
1882 case 0x300: /* WANDN */
1883 wrd = (insn >> 12) & 0xf;
1884 rd0 = (insn >> 0) & 0xf;
1885 rd1 = (insn >> 16) & 0xf;
1886 gen_op_iwmmxt_movq_M0_wRn(rd0);
1887 tcg_gen_neg_i64(cpu_M0, cpu_M0);
1888 gen_op_iwmmxt_andq_M0_wRn(rd1);
1889 gen_op_iwmmxt_setpsr_nz();
1890 gen_op_iwmmxt_movq_wRn_M0(wrd);
1891 gen_op_iwmmxt_set_mup();
1892 gen_op_iwmmxt_set_cup();
1894 case 0x200: /* WAND */
1895 wrd = (insn >> 12) & 0xf;
1896 rd0 = (insn >> 0) & 0xf;
1897 rd1 = (insn >> 16) & 0xf;
1898 gen_op_iwmmxt_movq_M0_wRn(rd0);
1899 gen_op_iwmmxt_andq_M0_wRn(rd1);
1900 gen_op_iwmmxt_setpsr_nz();
1901 gen_op_iwmmxt_movq_wRn_M0(wrd);
1902 gen_op_iwmmxt_set_mup();
1903 gen_op_iwmmxt_set_cup();
1905 case 0x810: case 0xa10: /* WMADD */
1906 wrd = (insn >> 12) & 0xf;
1907 rd0 = (insn >> 0) & 0xf;
1908 rd1 = (insn >> 16) & 0xf;
1909 gen_op_iwmmxt_movq_M0_wRn(rd0);
1910 if (insn & (1 << 21))
1911 gen_op_iwmmxt_maddsq_M0_wRn(rd1);
1913 gen_op_iwmmxt_madduq_M0_wRn(rd1);
1914 gen_op_iwmmxt_movq_wRn_M0(wrd);
1915 gen_op_iwmmxt_set_mup();
1917 case 0x10e: case 0x50e: case 0x90e: case 0xd0e: /* WUNPCKIL */
1918 wrd = (insn >> 12) & 0xf;
1919 rd0 = (insn >> 16) & 0xf;
1920 rd1 = (insn >> 0) & 0xf;
1921 gen_op_iwmmxt_movq_M0_wRn(rd0);
1922 switch ((insn >> 22) & 3) {
1924 gen_op_iwmmxt_unpacklb_M0_wRn(rd1);
1927 gen_op_iwmmxt_unpacklw_M0_wRn(rd1);
1930 gen_op_iwmmxt_unpackll_M0_wRn(rd1);
1935 gen_op_iwmmxt_movq_wRn_M0(wrd);
1936 gen_op_iwmmxt_set_mup();
1937 gen_op_iwmmxt_set_cup();
1939 case 0x10c: case 0x50c: case 0x90c: case 0xd0c: /* WUNPCKIH */
1940 wrd = (insn >> 12) & 0xf;
1941 rd0 = (insn >> 16) & 0xf;
1942 rd1 = (insn >> 0) & 0xf;
1943 gen_op_iwmmxt_movq_M0_wRn(rd0);
1944 switch ((insn >> 22) & 3) {
1946 gen_op_iwmmxt_unpackhb_M0_wRn(rd1);
1949 gen_op_iwmmxt_unpackhw_M0_wRn(rd1);
1952 gen_op_iwmmxt_unpackhl_M0_wRn(rd1);
1957 gen_op_iwmmxt_movq_wRn_M0(wrd);
1958 gen_op_iwmmxt_set_mup();
1959 gen_op_iwmmxt_set_cup();
1961 case 0x012: case 0x112: case 0x412: case 0x512: /* WSAD */
1962 wrd = (insn >> 12) & 0xf;
1963 rd0 = (insn >> 16) & 0xf;
1964 rd1 = (insn >> 0) & 0xf;
1965 gen_op_iwmmxt_movq_M0_wRn(rd0);
1966 if (insn & (1 << 22))
1967 gen_op_iwmmxt_sadw_M0_wRn(rd1);
1969 gen_op_iwmmxt_sadb_M0_wRn(rd1);
1970 if (!(insn & (1 << 20)))
1971 gen_op_iwmmxt_addl_M0_wRn(wrd);
1972 gen_op_iwmmxt_movq_wRn_M0(wrd);
1973 gen_op_iwmmxt_set_mup();
1975 case 0x010: case 0x110: case 0x210: case 0x310: /* WMUL */
1976 wrd = (insn >> 12) & 0xf;
1977 rd0 = (insn >> 16) & 0xf;
1978 rd1 = (insn >> 0) & 0xf;
1979 gen_op_iwmmxt_movq_M0_wRn(rd0);
1980 if (insn & (1 << 21)) {
1981 if (insn & (1 << 20))
1982 gen_op_iwmmxt_mulshw_M0_wRn(rd1);
1984 gen_op_iwmmxt_mulslw_M0_wRn(rd1);
1986 if (insn & (1 << 20))
1987 gen_op_iwmmxt_muluhw_M0_wRn(rd1);
1989 gen_op_iwmmxt_mululw_M0_wRn(rd1);
1991 gen_op_iwmmxt_movq_wRn_M0(wrd);
1992 gen_op_iwmmxt_set_mup();
1994 case 0x410: case 0x510: case 0x610: case 0x710: /* WMAC */
1995 wrd = (insn >> 12) & 0xf;
1996 rd0 = (insn >> 16) & 0xf;
1997 rd1 = (insn >> 0) & 0xf;
1998 gen_op_iwmmxt_movq_M0_wRn(rd0);
1999 if (insn & (1 << 21))
2000 gen_op_iwmmxt_macsw_M0_wRn(rd1);
2002 gen_op_iwmmxt_macuw_M0_wRn(rd1);
2003 if (!(insn & (1 << 20))) {
2004 iwmmxt_load_reg(cpu_V1, wrd);
2005 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
2007 gen_op_iwmmxt_movq_wRn_M0(wrd);
2008 gen_op_iwmmxt_set_mup();
2010 case 0x006: case 0x406: case 0x806: case 0xc06: /* WCMPEQ */
2011 wrd = (insn >> 12) & 0xf;
2012 rd0 = (insn >> 16) & 0xf;
2013 rd1 = (insn >> 0) & 0xf;
2014 gen_op_iwmmxt_movq_M0_wRn(rd0);
2015 switch ((insn >> 22) & 3) {
2017 gen_op_iwmmxt_cmpeqb_M0_wRn(rd1);
2020 gen_op_iwmmxt_cmpeqw_M0_wRn(rd1);
2023 gen_op_iwmmxt_cmpeql_M0_wRn(rd1);
2028 gen_op_iwmmxt_movq_wRn_M0(wrd);
2029 gen_op_iwmmxt_set_mup();
2030 gen_op_iwmmxt_set_cup();
2032 case 0x800: case 0x900: case 0xc00: case 0xd00: /* WAVG2 */
2033 wrd = (insn >> 12) & 0xf;
2034 rd0 = (insn >> 16) & 0xf;
2035 rd1 = (insn >> 0) & 0xf;
2036 gen_op_iwmmxt_movq_M0_wRn(rd0);
2037 if (insn & (1 << 22)) {
2038 if (insn & (1 << 20))
2039 gen_op_iwmmxt_avgw1_M0_wRn(rd1);
2041 gen_op_iwmmxt_avgw0_M0_wRn(rd1);
2043 if (insn & (1 << 20))
2044 gen_op_iwmmxt_avgb1_M0_wRn(rd1);
2046 gen_op_iwmmxt_avgb0_M0_wRn(rd1);
2048 gen_op_iwmmxt_movq_wRn_M0(wrd);
2049 gen_op_iwmmxt_set_mup();
2050 gen_op_iwmmxt_set_cup();
2052 case 0x802: case 0x902: case 0xa02: case 0xb02: /* WALIGNR */
2053 wrd = (insn >> 12) & 0xf;
2054 rd0 = (insn >> 16) & 0xf;
2055 rd1 = (insn >> 0) & 0xf;
2056 gen_op_iwmmxt_movq_M0_wRn(rd0);
2057 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCGR0 + ((insn >> 20) & 3));
2058 tcg_gen_andi_i32(tmp, tmp, 7);
2059 iwmmxt_load_reg(cpu_V1, rd1);
2060 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2061 tcg_temp_free_i32(tmp);
2062 gen_op_iwmmxt_movq_wRn_M0(wrd);
2063 gen_op_iwmmxt_set_mup();
2065 case 0x601: case 0x605: case 0x609: case 0x60d: /* TINSR */
2066 if (((insn >> 6) & 3) == 3)
2068 rd = (insn >> 12) & 0xf;
2069 wrd = (insn >> 16) & 0xf;
2070 tmp = load_reg(s, rd);
2071 gen_op_iwmmxt_movq_M0_wRn(wrd);
2072 switch ((insn >> 6) & 3) {
2074 tmp2 = tcg_const_i32(0xff);
2075 tmp3 = tcg_const_i32((insn & 7) << 3);
2078 tmp2 = tcg_const_i32(0xffff);
2079 tmp3 = tcg_const_i32((insn & 3) << 4);
2082 tmp2 = tcg_const_i32(0xffffffff);
2083 tmp3 = tcg_const_i32((insn & 1) << 5);
2089 gen_helper_iwmmxt_insr(cpu_M0, cpu_M0, tmp, tmp2, tmp3);
2090 tcg_temp_free_i32(tmp3);
2091 tcg_temp_free_i32(tmp2);
2092 tcg_temp_free_i32(tmp);
2093 gen_op_iwmmxt_movq_wRn_M0(wrd);
2094 gen_op_iwmmxt_set_mup();
2096 case 0x107: case 0x507: case 0x907: case 0xd07: /* TEXTRM */
2097 rd = (insn >> 12) & 0xf;
2098 wrd = (insn >> 16) & 0xf;
2099 if (rd == 15 || ((insn >> 22) & 3) == 3)
2101 gen_op_iwmmxt_movq_M0_wRn(wrd);
2102 tmp = tcg_temp_new_i32();
2103 switch ((insn >> 22) & 3) {
2105 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 7) << 3);
2106 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2108 tcg_gen_ext8s_i32(tmp, tmp);
2110 tcg_gen_andi_i32(tmp, tmp, 0xff);
2114 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 3) << 4);
2115 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2117 tcg_gen_ext16s_i32(tmp, tmp);
2119 tcg_gen_andi_i32(tmp, tmp, 0xffff);
2123 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 1) << 5);
2124 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2127 store_reg(s, rd, tmp);
2129 case 0x117: case 0x517: case 0x917: case 0xd17: /* TEXTRC */
2130 if ((insn & 0x000ff008) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2132 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2133 switch ((insn >> 22) & 3) {
2135 tcg_gen_shri_i32(tmp, tmp, ((insn & 7) << 2) + 0);
2138 tcg_gen_shri_i32(tmp, tmp, ((insn & 3) << 3) + 4);
2141 tcg_gen_shri_i32(tmp, tmp, ((insn & 1) << 4) + 12);
2144 tcg_gen_shli_i32(tmp, tmp, 28);
2146 tcg_temp_free_i32(tmp);
2148 case 0x401: case 0x405: case 0x409: case 0x40d: /* TBCST */
2149 if (((insn >> 6) & 3) == 3)
2151 rd = (insn >> 12) & 0xf;
2152 wrd = (insn >> 16) & 0xf;
2153 tmp = load_reg(s, rd);
2154 switch ((insn >> 6) & 3) {
2156 gen_helper_iwmmxt_bcstb(cpu_M0, tmp);
2159 gen_helper_iwmmxt_bcstw(cpu_M0, tmp);
2162 gen_helper_iwmmxt_bcstl(cpu_M0, tmp);
2165 tcg_temp_free_i32(tmp);
2166 gen_op_iwmmxt_movq_wRn_M0(wrd);
2167 gen_op_iwmmxt_set_mup();
2169 case 0x113: case 0x513: case 0x913: case 0xd13: /* TANDC */
2170 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2172 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2173 tmp2 = tcg_temp_new_i32();
2174 tcg_gen_mov_i32(tmp2, tmp);
2175 switch ((insn >> 22) & 3) {
2177 for (i = 0; i < 7; i ++) {
2178 tcg_gen_shli_i32(tmp2, tmp2, 4);
2179 tcg_gen_and_i32(tmp, tmp, tmp2);
2183 for (i = 0; i < 3; i ++) {
2184 tcg_gen_shli_i32(tmp2, tmp2, 8);
2185 tcg_gen_and_i32(tmp, tmp, tmp2);
2189 tcg_gen_shli_i32(tmp2, tmp2, 16);
2190 tcg_gen_and_i32(tmp, tmp, tmp2);
2194 tcg_temp_free_i32(tmp2);
2195 tcg_temp_free_i32(tmp);
2197 case 0x01c: case 0x41c: case 0x81c: case 0xc1c: /* WACC */
2198 wrd = (insn >> 12) & 0xf;
2199 rd0 = (insn >> 16) & 0xf;
2200 gen_op_iwmmxt_movq_M0_wRn(rd0);
2201 switch ((insn >> 22) & 3) {
2203 gen_helper_iwmmxt_addcb(cpu_M0, cpu_M0);
2206 gen_helper_iwmmxt_addcw(cpu_M0, cpu_M0);
2209 gen_helper_iwmmxt_addcl(cpu_M0, cpu_M0);
2214 gen_op_iwmmxt_movq_wRn_M0(wrd);
2215 gen_op_iwmmxt_set_mup();
2217 case 0x115: case 0x515: case 0x915: case 0xd15: /* TORC */
2218 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2220 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2221 tmp2 = tcg_temp_new_i32();
2222 tcg_gen_mov_i32(tmp2, tmp);
2223 switch ((insn >> 22) & 3) {
2225 for (i = 0; i < 7; i ++) {
2226 tcg_gen_shli_i32(tmp2, tmp2, 4);
2227 tcg_gen_or_i32(tmp, tmp, tmp2);
2231 for (i = 0; i < 3; i ++) {
2232 tcg_gen_shli_i32(tmp2, tmp2, 8);
2233 tcg_gen_or_i32(tmp, tmp, tmp2);
2237 tcg_gen_shli_i32(tmp2, tmp2, 16);
2238 tcg_gen_or_i32(tmp, tmp, tmp2);
2242 tcg_temp_free_i32(tmp2);
2243 tcg_temp_free_i32(tmp);
2245 case 0x103: case 0x503: case 0x903: case 0xd03: /* TMOVMSK */
2246 rd = (insn >> 12) & 0xf;
2247 rd0 = (insn >> 16) & 0xf;
2248 if ((insn & 0xf) != 0 || ((insn >> 22) & 3) == 3)
2250 gen_op_iwmmxt_movq_M0_wRn(rd0);
2251 tmp = tcg_temp_new_i32();
2252 switch ((insn >> 22) & 3) {
2254 gen_helper_iwmmxt_msbb(tmp, cpu_M0);
2257 gen_helper_iwmmxt_msbw(tmp, cpu_M0);
2260 gen_helper_iwmmxt_msbl(tmp, cpu_M0);
2263 store_reg(s, rd, tmp);
2265 case 0x106: case 0x306: case 0x506: case 0x706: /* WCMPGT */
2266 case 0x906: case 0xb06: case 0xd06: case 0xf06:
2267 wrd = (insn >> 12) & 0xf;
2268 rd0 = (insn >> 16) & 0xf;
2269 rd1 = (insn >> 0) & 0xf;
2270 gen_op_iwmmxt_movq_M0_wRn(rd0);
2271 switch ((insn >> 22) & 3) {
2273 if (insn & (1 << 21))
2274 gen_op_iwmmxt_cmpgtsb_M0_wRn(rd1);
2276 gen_op_iwmmxt_cmpgtub_M0_wRn(rd1);
2279 if (insn & (1 << 21))
2280 gen_op_iwmmxt_cmpgtsw_M0_wRn(rd1);
2282 gen_op_iwmmxt_cmpgtuw_M0_wRn(rd1);
2285 if (insn & (1 << 21))
2286 gen_op_iwmmxt_cmpgtsl_M0_wRn(rd1);
2288 gen_op_iwmmxt_cmpgtul_M0_wRn(rd1);
2293 gen_op_iwmmxt_movq_wRn_M0(wrd);
2294 gen_op_iwmmxt_set_mup();
2295 gen_op_iwmmxt_set_cup();
2297 case 0x00e: case 0x20e: case 0x40e: case 0x60e: /* WUNPCKEL */
2298 case 0x80e: case 0xa0e: case 0xc0e: case 0xe0e:
2299 wrd = (insn >> 12) & 0xf;
2300 rd0 = (insn >> 16) & 0xf;
2301 gen_op_iwmmxt_movq_M0_wRn(rd0);
2302 switch ((insn >> 22) & 3) {
2304 if (insn & (1 << 21))
2305 gen_op_iwmmxt_unpacklsb_M0();
2307 gen_op_iwmmxt_unpacklub_M0();
2310 if (insn & (1 << 21))
2311 gen_op_iwmmxt_unpacklsw_M0();
2313 gen_op_iwmmxt_unpackluw_M0();
2316 if (insn & (1 << 21))
2317 gen_op_iwmmxt_unpacklsl_M0();
2319 gen_op_iwmmxt_unpacklul_M0();
2324 gen_op_iwmmxt_movq_wRn_M0(wrd);
2325 gen_op_iwmmxt_set_mup();
2326 gen_op_iwmmxt_set_cup();
2328 case 0x00c: case 0x20c: case 0x40c: case 0x60c: /* WUNPCKEH */
2329 case 0x80c: case 0xa0c: case 0xc0c: case 0xe0c:
2330 wrd = (insn >> 12) & 0xf;
2331 rd0 = (insn >> 16) & 0xf;
2332 gen_op_iwmmxt_movq_M0_wRn(rd0);
2333 switch ((insn >> 22) & 3) {
2335 if (insn & (1 << 21))
2336 gen_op_iwmmxt_unpackhsb_M0();
2338 gen_op_iwmmxt_unpackhub_M0();
2341 if (insn & (1 << 21))
2342 gen_op_iwmmxt_unpackhsw_M0();
2344 gen_op_iwmmxt_unpackhuw_M0();
2347 if (insn & (1 << 21))
2348 gen_op_iwmmxt_unpackhsl_M0();
2350 gen_op_iwmmxt_unpackhul_M0();
2355 gen_op_iwmmxt_movq_wRn_M0(wrd);
2356 gen_op_iwmmxt_set_mup();
2357 gen_op_iwmmxt_set_cup();
2359 case 0x204: case 0x604: case 0xa04: case 0xe04: /* WSRL */
2360 case 0x214: case 0x614: case 0xa14: case 0xe14:
2361 if (((insn >> 22) & 3) == 0)
2363 wrd = (insn >> 12) & 0xf;
2364 rd0 = (insn >> 16) & 0xf;
2365 gen_op_iwmmxt_movq_M0_wRn(rd0);
2366 tmp = tcg_temp_new_i32();
2367 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2368 tcg_temp_free_i32(tmp);
2371 switch ((insn >> 22) & 3) {
2373 gen_helper_iwmmxt_srlw(cpu_M0, cpu_env, cpu_M0, tmp);
2376 gen_helper_iwmmxt_srll(cpu_M0, cpu_env, cpu_M0, tmp);
2379 gen_helper_iwmmxt_srlq(cpu_M0, cpu_env, cpu_M0, tmp);
2382 tcg_temp_free_i32(tmp);
2383 gen_op_iwmmxt_movq_wRn_M0(wrd);
2384 gen_op_iwmmxt_set_mup();
2385 gen_op_iwmmxt_set_cup();
2387 case 0x004: case 0x404: case 0x804: case 0xc04: /* WSRA */
2388 case 0x014: case 0x414: case 0x814: case 0xc14:
2389 if (((insn >> 22) & 3) == 0)
2391 wrd = (insn >> 12) & 0xf;
2392 rd0 = (insn >> 16) & 0xf;
2393 gen_op_iwmmxt_movq_M0_wRn(rd0);
2394 tmp = tcg_temp_new_i32();
2395 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2396 tcg_temp_free_i32(tmp);
2399 switch ((insn >> 22) & 3) {
2401 gen_helper_iwmmxt_sraw(cpu_M0, cpu_env, cpu_M0, tmp);
2404 gen_helper_iwmmxt_sral(cpu_M0, cpu_env, cpu_M0, tmp);
2407 gen_helper_iwmmxt_sraq(cpu_M0, cpu_env, cpu_M0, tmp);
2410 tcg_temp_free_i32(tmp);
2411 gen_op_iwmmxt_movq_wRn_M0(wrd);
2412 gen_op_iwmmxt_set_mup();
2413 gen_op_iwmmxt_set_cup();
2415 case 0x104: case 0x504: case 0x904: case 0xd04: /* WSLL */
2416 case 0x114: case 0x514: case 0x914: case 0xd14:
2417 if (((insn >> 22) & 3) == 0)
2419 wrd = (insn >> 12) & 0xf;
2420 rd0 = (insn >> 16) & 0xf;
2421 gen_op_iwmmxt_movq_M0_wRn(rd0);
2422 tmp = tcg_temp_new_i32();
2423 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2424 tcg_temp_free_i32(tmp);
2427 switch ((insn >> 22) & 3) {
2429 gen_helper_iwmmxt_sllw(cpu_M0, cpu_env, cpu_M0, tmp);
2432 gen_helper_iwmmxt_slll(cpu_M0, cpu_env, cpu_M0, tmp);
2435 gen_helper_iwmmxt_sllq(cpu_M0, cpu_env, cpu_M0, tmp);
2438 tcg_temp_free_i32(tmp);
2439 gen_op_iwmmxt_movq_wRn_M0(wrd);
2440 gen_op_iwmmxt_set_mup();
2441 gen_op_iwmmxt_set_cup();
2443 case 0x304: case 0x704: case 0xb04: case 0xf04: /* WROR */
2444 case 0x314: case 0x714: case 0xb14: case 0xf14:
2445 if (((insn >> 22) & 3) == 0)
2447 wrd = (insn >> 12) & 0xf;
2448 rd0 = (insn >> 16) & 0xf;
2449 gen_op_iwmmxt_movq_M0_wRn(rd0);
2450 tmp = tcg_temp_new_i32();
2451 switch ((insn >> 22) & 3) {
2453 if (gen_iwmmxt_shift(insn, 0xf, tmp)) {
2454 tcg_temp_free_i32(tmp);
2457 gen_helper_iwmmxt_rorw(cpu_M0, cpu_env, cpu_M0, tmp);
2460 if (gen_iwmmxt_shift(insn, 0x1f, tmp)) {
2461 tcg_temp_free_i32(tmp);
2464 gen_helper_iwmmxt_rorl(cpu_M0, cpu_env, cpu_M0, tmp);
2467 if (gen_iwmmxt_shift(insn, 0x3f, tmp)) {
2468 tcg_temp_free_i32(tmp);
2471 gen_helper_iwmmxt_rorq(cpu_M0, cpu_env, cpu_M0, tmp);
2474 tcg_temp_free_i32(tmp);
2475 gen_op_iwmmxt_movq_wRn_M0(wrd);
2476 gen_op_iwmmxt_set_mup();
2477 gen_op_iwmmxt_set_cup();
2479 case 0x116: case 0x316: case 0x516: case 0x716: /* WMIN */
2480 case 0x916: case 0xb16: case 0xd16: case 0xf16:
2481 wrd = (insn >> 12) & 0xf;
2482 rd0 = (insn >> 16) & 0xf;
2483 rd1 = (insn >> 0) & 0xf;
2484 gen_op_iwmmxt_movq_M0_wRn(rd0);
2485 switch ((insn >> 22) & 3) {
2487 if (insn & (1 << 21))
2488 gen_op_iwmmxt_minsb_M0_wRn(rd1);
2490 gen_op_iwmmxt_minub_M0_wRn(rd1);
2493 if (insn & (1 << 21))
2494 gen_op_iwmmxt_minsw_M0_wRn(rd1);
2496 gen_op_iwmmxt_minuw_M0_wRn(rd1);
2499 if (insn & (1 << 21))
2500 gen_op_iwmmxt_minsl_M0_wRn(rd1);
2502 gen_op_iwmmxt_minul_M0_wRn(rd1);
2507 gen_op_iwmmxt_movq_wRn_M0(wrd);
2508 gen_op_iwmmxt_set_mup();
2510 case 0x016: case 0x216: case 0x416: case 0x616: /* WMAX */
2511 case 0x816: case 0xa16: case 0xc16: case 0xe16:
2512 wrd = (insn >> 12) & 0xf;
2513 rd0 = (insn >> 16) & 0xf;
2514 rd1 = (insn >> 0) & 0xf;
2515 gen_op_iwmmxt_movq_M0_wRn(rd0);
2516 switch ((insn >> 22) & 3) {
2518 if (insn & (1 << 21))
2519 gen_op_iwmmxt_maxsb_M0_wRn(rd1);
2521 gen_op_iwmmxt_maxub_M0_wRn(rd1);
2524 if (insn & (1 << 21))
2525 gen_op_iwmmxt_maxsw_M0_wRn(rd1);
2527 gen_op_iwmmxt_maxuw_M0_wRn(rd1);
2530 if (insn & (1 << 21))
2531 gen_op_iwmmxt_maxsl_M0_wRn(rd1);
2533 gen_op_iwmmxt_maxul_M0_wRn(rd1);
2538 gen_op_iwmmxt_movq_wRn_M0(wrd);
2539 gen_op_iwmmxt_set_mup();
2541 case 0x002: case 0x102: case 0x202: case 0x302: /* WALIGNI */
2542 case 0x402: case 0x502: case 0x602: case 0x702:
2543 wrd = (insn >> 12) & 0xf;
2544 rd0 = (insn >> 16) & 0xf;
2545 rd1 = (insn >> 0) & 0xf;
2546 gen_op_iwmmxt_movq_M0_wRn(rd0);
2547 tmp = tcg_const_i32((insn >> 20) & 3);
2548 iwmmxt_load_reg(cpu_V1, rd1);
2549 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2550 tcg_temp_free_i32(tmp);
2551 gen_op_iwmmxt_movq_wRn_M0(wrd);
2552 gen_op_iwmmxt_set_mup();
2554 case 0x01a: case 0x11a: case 0x21a: case 0x31a: /* WSUB */
2555 case 0x41a: case 0x51a: case 0x61a: case 0x71a:
2556 case 0x81a: case 0x91a: case 0xa1a: case 0xb1a:
2557 case 0xc1a: case 0xd1a: case 0xe1a: case 0xf1a:
2558 wrd = (insn >> 12) & 0xf;
2559 rd0 = (insn >> 16) & 0xf;
2560 rd1 = (insn >> 0) & 0xf;
2561 gen_op_iwmmxt_movq_M0_wRn(rd0);
2562 switch ((insn >> 20) & 0xf) {
2564 gen_op_iwmmxt_subnb_M0_wRn(rd1);
2567 gen_op_iwmmxt_subub_M0_wRn(rd1);
2570 gen_op_iwmmxt_subsb_M0_wRn(rd1);
2573 gen_op_iwmmxt_subnw_M0_wRn(rd1);
2576 gen_op_iwmmxt_subuw_M0_wRn(rd1);
2579 gen_op_iwmmxt_subsw_M0_wRn(rd1);
2582 gen_op_iwmmxt_subnl_M0_wRn(rd1);
2585 gen_op_iwmmxt_subul_M0_wRn(rd1);
2588 gen_op_iwmmxt_subsl_M0_wRn(rd1);
2593 gen_op_iwmmxt_movq_wRn_M0(wrd);
2594 gen_op_iwmmxt_set_mup();
2595 gen_op_iwmmxt_set_cup();
2597 case 0x01e: case 0x11e: case 0x21e: case 0x31e: /* WSHUFH */
2598 case 0x41e: case 0x51e: case 0x61e: case 0x71e:
2599 case 0x81e: case 0x91e: case 0xa1e: case 0xb1e:
2600 case 0xc1e: case 0xd1e: case 0xe1e: case 0xf1e:
2601 wrd = (insn >> 12) & 0xf;
2602 rd0 = (insn >> 16) & 0xf;
2603 gen_op_iwmmxt_movq_M0_wRn(rd0);
2604 tmp = tcg_const_i32(((insn >> 16) & 0xf0) | (insn & 0x0f));
2605 gen_helper_iwmmxt_shufh(cpu_M0, cpu_env, cpu_M0, tmp);
2606 tcg_temp_free_i32(tmp);
2607 gen_op_iwmmxt_movq_wRn_M0(wrd);
2608 gen_op_iwmmxt_set_mup();
2609 gen_op_iwmmxt_set_cup();
2611 case 0x018: case 0x118: case 0x218: case 0x318: /* WADD */
2612 case 0x418: case 0x518: case 0x618: case 0x718:
2613 case 0x818: case 0x918: case 0xa18: case 0xb18:
2614 case 0xc18: case 0xd18: case 0xe18: case 0xf18:
2615 wrd = (insn >> 12) & 0xf;
2616 rd0 = (insn >> 16) & 0xf;
2617 rd1 = (insn >> 0) & 0xf;
2618 gen_op_iwmmxt_movq_M0_wRn(rd0);
2619 switch ((insn >> 20) & 0xf) {
2621 gen_op_iwmmxt_addnb_M0_wRn(rd1);
2624 gen_op_iwmmxt_addub_M0_wRn(rd1);
2627 gen_op_iwmmxt_addsb_M0_wRn(rd1);
2630 gen_op_iwmmxt_addnw_M0_wRn(rd1);
2633 gen_op_iwmmxt_adduw_M0_wRn(rd1);
2636 gen_op_iwmmxt_addsw_M0_wRn(rd1);
2639 gen_op_iwmmxt_addnl_M0_wRn(rd1);
2642 gen_op_iwmmxt_addul_M0_wRn(rd1);
2645 gen_op_iwmmxt_addsl_M0_wRn(rd1);
2650 gen_op_iwmmxt_movq_wRn_M0(wrd);
2651 gen_op_iwmmxt_set_mup();
2652 gen_op_iwmmxt_set_cup();
2654 case 0x008: case 0x108: case 0x208: case 0x308: /* WPACK */
2655 case 0x408: case 0x508: case 0x608: case 0x708:
2656 case 0x808: case 0x908: case 0xa08: case 0xb08:
2657 case 0xc08: case 0xd08: case 0xe08: case 0xf08:
2658 if (!(insn & (1 << 20)) || ((insn >> 22) & 3) == 0)
2660 wrd = (insn >> 12) & 0xf;
2661 rd0 = (insn >> 16) & 0xf;
2662 rd1 = (insn >> 0) & 0xf;
2663 gen_op_iwmmxt_movq_M0_wRn(rd0);
2664 switch ((insn >> 22) & 3) {
2666 if (insn & (1 << 21))
2667 gen_op_iwmmxt_packsw_M0_wRn(rd1);
2669 gen_op_iwmmxt_packuw_M0_wRn(rd1);
2672 if (insn & (1 << 21))
2673 gen_op_iwmmxt_packsl_M0_wRn(rd1);
2675 gen_op_iwmmxt_packul_M0_wRn(rd1);
2678 if (insn & (1 << 21))
2679 gen_op_iwmmxt_packsq_M0_wRn(rd1);
2681 gen_op_iwmmxt_packuq_M0_wRn(rd1);
2684 gen_op_iwmmxt_movq_wRn_M0(wrd);
2685 gen_op_iwmmxt_set_mup();
2686 gen_op_iwmmxt_set_cup();
2688 case 0x201: case 0x203: case 0x205: case 0x207:
2689 case 0x209: case 0x20b: case 0x20d: case 0x20f:
2690 case 0x211: case 0x213: case 0x215: case 0x217:
2691 case 0x219: case 0x21b: case 0x21d: case 0x21f:
2692 wrd = (insn >> 5) & 0xf;
2693 rd0 = (insn >> 12) & 0xf;
2694 rd1 = (insn >> 0) & 0xf;
2695 if (rd0 == 0xf || rd1 == 0xf)
2697 gen_op_iwmmxt_movq_M0_wRn(wrd);
2698 tmp = load_reg(s, rd0);
2699 tmp2 = load_reg(s, rd1);
2700 switch ((insn >> 16) & 0xf) {
2701 case 0x0: /* TMIA */
2702 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2704 case 0x8: /* TMIAPH */
2705 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2707 case 0xc: case 0xd: case 0xe: case 0xf: /* TMIAxy */
2708 if (insn & (1 << 16))
2709 tcg_gen_shri_i32(tmp, tmp, 16);
2710 if (insn & (1 << 17))
2711 tcg_gen_shri_i32(tmp2, tmp2, 16);
2712 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2715 tcg_temp_free_i32(tmp2);
2716 tcg_temp_free_i32(tmp);
2719 tcg_temp_free_i32(tmp2);
2720 tcg_temp_free_i32(tmp);
2721 gen_op_iwmmxt_movq_wRn_M0(wrd);
2722 gen_op_iwmmxt_set_mup();
2731 /* Disassemble an XScale DSP instruction. Returns nonzero if an error occurred
2732 (ie. an undefined instruction). */
2733 static int disas_dsp_insn(DisasContext *s, uint32_t insn)
2735 int acc, rd0, rd1, rdhi, rdlo;
2738 if ((insn & 0x0ff00f10) == 0x0e200010) {
2739 /* Multiply with Internal Accumulate Format */
2740 rd0 = (insn >> 12) & 0xf;
2742 acc = (insn >> 5) & 7;
2747 tmp = load_reg(s, rd0);
2748 tmp2 = load_reg(s, rd1);
2749 switch ((insn >> 16) & 0xf) {
2751 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2753 case 0x8: /* MIAPH */
2754 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2756 case 0xc: /* MIABB */
2757 case 0xd: /* MIABT */
2758 case 0xe: /* MIATB */
2759 case 0xf: /* MIATT */
2760 if (insn & (1 << 16))
2761 tcg_gen_shri_i32(tmp, tmp, 16);
2762 if (insn & (1 << 17))
2763 tcg_gen_shri_i32(tmp2, tmp2, 16);
2764 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2769 tcg_temp_free_i32(tmp2);
2770 tcg_temp_free_i32(tmp);
2772 gen_op_iwmmxt_movq_wRn_M0(acc);
2776 if ((insn & 0x0fe00ff8) == 0x0c400000) {
2777 /* Internal Accumulator Access Format */
2778 rdhi = (insn >> 16) & 0xf;
2779 rdlo = (insn >> 12) & 0xf;
2785 if (insn & ARM_CP_RW_BIT) { /* MRA */
2786 iwmmxt_load_reg(cpu_V0, acc);
2787 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
2788 tcg_gen_extrh_i64_i32(cpu_R[rdhi], cpu_V0);
2789 tcg_gen_andi_i32(cpu_R[rdhi], cpu_R[rdhi], (1 << (40 - 32)) - 1);
2791 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
2792 iwmmxt_store_reg(cpu_V0, acc);
2800 #define VFP_REG_SHR(x, n) (((n) > 0) ? (x) >> (n) : (x) << -(n))
2801 #define VFP_SREG(insn, bigbit, smallbit) \
2802 ((VFP_REG_SHR(insn, bigbit - 1) & 0x1e) | (((insn) >> (smallbit)) & 1))
2803 #define VFP_DREG(reg, insn, bigbit, smallbit) do { \
2804 if (arm_dc_feature(s, ARM_FEATURE_VFP3)) { \
2805 reg = (((insn) >> (bigbit)) & 0x0f) \
2806 | (((insn) >> ((smallbit) - 4)) & 0x10); \
2808 if (insn & (1 << (smallbit))) \
2810 reg = ((insn) >> (bigbit)) & 0x0f; \
2813 #define VFP_SREG_D(insn) VFP_SREG(insn, 12, 22)
2814 #define VFP_DREG_D(reg, insn) VFP_DREG(reg, insn, 12, 22)
2815 #define VFP_SREG_N(insn) VFP_SREG(insn, 16, 7)
2816 #define VFP_DREG_N(reg, insn) VFP_DREG(reg, insn, 16, 7)
2817 #define VFP_SREG_M(insn) VFP_SREG(insn, 0, 5)
2818 #define VFP_DREG_M(reg, insn) VFP_DREG(reg, insn, 0, 5)
2820 static void gen_neon_dup_low16(TCGv_i32 var)
2822 TCGv_i32 tmp = tcg_temp_new_i32();
2823 tcg_gen_ext16u_i32(var, var);
2824 tcg_gen_shli_i32(tmp, var, 16);
2825 tcg_gen_or_i32(var, var, tmp);
2826 tcg_temp_free_i32(tmp);
2829 static void gen_neon_dup_high16(TCGv_i32 var)
2831 TCGv_i32 tmp = tcg_temp_new_i32();
2832 tcg_gen_andi_i32(var, var, 0xffff0000);
2833 tcg_gen_shri_i32(tmp, var, 16);
2834 tcg_gen_or_i32(var, var, tmp);
2835 tcg_temp_free_i32(tmp);
2839 * Disassemble a VFP instruction. Returns nonzero if an error occurred
2840 * (ie. an undefined instruction).
2842 static int disas_vfp_insn(DisasContext *s, uint32_t insn)
2844 if (!arm_dc_feature(s, ARM_FEATURE_VFP)) {
2849 * If the decodetree decoder handles this insn it will always
2850 * emit code to either execute the insn or generate an appropriate
2851 * exception; so we don't need to ever return non-zero to tell
2852 * the calling code to emit an UNDEF exception.
2854 if (extract32(insn, 28, 4) == 0xf) {
2855 if (disas_vfp_uncond(s, insn)) {
2859 if (disas_vfp(s, insn)) {
2863 /* If the decodetree decoder didn't handle this insn, it must be UNDEF */
2867 static inline bool use_goto_tb(DisasContext *s, target_ulong dest)
2869 #ifndef CONFIG_USER_ONLY
2870 return (s->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
2871 ((s->base.pc_next - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
2877 static void gen_goto_ptr(void)
2879 tcg_gen_lookup_and_goto_ptr();
2882 /* This will end the TB but doesn't guarantee we'll return to
2883 * cpu_loop_exec. Any live exit_requests will be processed as we
2884 * enter the next TB.
2886 static void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
2888 if (use_goto_tb(s, dest)) {
2890 gen_set_pc_im(s, dest);
2891 tcg_gen_exit_tb(s->base.tb, n);
2893 gen_set_pc_im(s, dest);
2896 s->base.is_jmp = DISAS_NORETURN;
2899 static inline void gen_jmp (DisasContext *s, uint32_t dest)
2901 if (unlikely(is_singlestepping(s))) {
2902 /* An indirect jump so that we still trigger the debug exception. */
2907 gen_goto_tb(s, 0, dest);
2911 static inline void gen_mulxy(TCGv_i32 t0, TCGv_i32 t1, int x, int y)
2914 tcg_gen_sari_i32(t0, t0, 16);
2918 tcg_gen_sari_i32(t1, t1, 16);
2921 tcg_gen_mul_i32(t0, t0, t1);
2924 /* Return the mask of PSR bits set by a MSR instruction. */
2925 static uint32_t msr_mask(DisasContext *s, int flags, int spsr)
2930 if (flags & (1 << 0))
2932 if (flags & (1 << 1))
2934 if (flags & (1 << 2))
2936 if (flags & (1 << 3))
2939 /* Mask out undefined bits. */
2940 mask &= ~CPSR_RESERVED;
2941 if (!arm_dc_feature(s, ARM_FEATURE_V4T)) {
2944 if (!arm_dc_feature(s, ARM_FEATURE_V5)) {
2945 mask &= ~CPSR_Q; /* V5TE in reality*/
2947 if (!arm_dc_feature(s, ARM_FEATURE_V6)) {
2948 mask &= ~(CPSR_E | CPSR_GE);
2950 if (!arm_dc_feature(s, ARM_FEATURE_THUMB2)) {
2953 /* Mask out execution state and reserved bits. */
2955 mask &= ~(CPSR_EXEC | CPSR_RESERVED);
2957 /* Mask out privileged bits. */
2963 /* Returns nonzero if access to the PSR is not permitted. Marks t0 as dead. */
2964 static int gen_set_psr(DisasContext *s, uint32_t mask, int spsr, TCGv_i32 t0)
2968 /* ??? This is also undefined in system mode. */
2972 tmp = load_cpu_field(spsr);
2973 tcg_gen_andi_i32(tmp, tmp, ~mask);
2974 tcg_gen_andi_i32(t0, t0, mask);
2975 tcg_gen_or_i32(tmp, tmp, t0);
2976 store_cpu_field(tmp, spsr);
2978 gen_set_cpsr(t0, mask);
2980 tcg_temp_free_i32(t0);
2985 /* Returns nonzero if access to the PSR is not permitted. */
2986 static int gen_set_psr_im(DisasContext *s, uint32_t mask, int spsr, uint32_t val)
2989 tmp = tcg_temp_new_i32();
2990 tcg_gen_movi_i32(tmp, val);
2991 return gen_set_psr(s, mask, spsr, tmp);
2994 static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
2995 int *tgtmode, int *regno)
2997 /* Decode the r and sysm fields of MSR/MRS banked accesses into
2998 * the target mode and register number, and identify the various
2999 * unpredictable cases.
3000 * MSR (banked) and MRS (banked) are CONSTRAINED UNPREDICTABLE if:
3001 * + executed in user mode
3002 * + using R15 as the src/dest register
3003 * + accessing an unimplemented register
3004 * + accessing a register that's inaccessible at current PL/security state*
3005 * + accessing a register that you could access with a different insn
3006 * We choose to UNDEF in all these cases.
3007 * Since we don't know which of the various AArch32 modes we are in
3008 * we have to defer some checks to runtime.
3009 * Accesses to Monitor mode registers from Secure EL1 (which implies
3010 * that EL3 is AArch64) must trap to EL3.
3012 * If the access checks fail this function will emit code to take
3013 * an exception and return false. Otherwise it will return true,
3014 * and set *tgtmode and *regno appropriately.
3016 int exc_target = default_exception_el(s);
3018 /* These instructions are present only in ARMv8, or in ARMv7 with the
3019 * Virtualization Extensions.
3021 if (!arm_dc_feature(s, ARM_FEATURE_V8) &&
3022 !arm_dc_feature(s, ARM_FEATURE_EL2)) {
3026 if (IS_USER(s) || rn == 15) {
3030 /* The table in the v8 ARM ARM section F5.2.3 describes the encoding
3031 * of registers into (r, sysm).
3034 /* SPSRs for other modes */
3036 case 0xe: /* SPSR_fiq */
3037 *tgtmode = ARM_CPU_MODE_FIQ;
3039 case 0x10: /* SPSR_irq */
3040 *tgtmode = ARM_CPU_MODE_IRQ;
3042 case 0x12: /* SPSR_svc */
3043 *tgtmode = ARM_CPU_MODE_SVC;
3045 case 0x14: /* SPSR_abt */
3046 *tgtmode = ARM_CPU_MODE_ABT;
3048 case 0x16: /* SPSR_und */
3049 *tgtmode = ARM_CPU_MODE_UND;
3051 case 0x1c: /* SPSR_mon */
3052 *tgtmode = ARM_CPU_MODE_MON;
3054 case 0x1e: /* SPSR_hyp */
3055 *tgtmode = ARM_CPU_MODE_HYP;
3057 default: /* unallocated */
3060 /* We arbitrarily assign SPSR a register number of 16. */
3063 /* general purpose registers for other modes */
3065 case 0x0 ... 0x6: /* 0b00xxx : r8_usr ... r14_usr */
3066 *tgtmode = ARM_CPU_MODE_USR;
3069 case 0x8 ... 0xe: /* 0b01xxx : r8_fiq ... r14_fiq */
3070 *tgtmode = ARM_CPU_MODE_FIQ;
3073 case 0x10 ... 0x11: /* 0b1000x : r14_irq, r13_irq */
3074 *tgtmode = ARM_CPU_MODE_IRQ;
3075 *regno = sysm & 1 ? 13 : 14;
3077 case 0x12 ... 0x13: /* 0b1001x : r14_svc, r13_svc */
3078 *tgtmode = ARM_CPU_MODE_SVC;
3079 *regno = sysm & 1 ? 13 : 14;
3081 case 0x14 ... 0x15: /* 0b1010x : r14_abt, r13_abt */
3082 *tgtmode = ARM_CPU_MODE_ABT;
3083 *regno = sysm & 1 ? 13 : 14;
3085 case 0x16 ... 0x17: /* 0b1011x : r14_und, r13_und */
3086 *tgtmode = ARM_CPU_MODE_UND;
3087 *regno = sysm & 1 ? 13 : 14;
3089 case 0x1c ... 0x1d: /* 0b1110x : r14_mon, r13_mon */
3090 *tgtmode = ARM_CPU_MODE_MON;
3091 *regno = sysm & 1 ? 13 : 14;
3093 case 0x1e ... 0x1f: /* 0b1111x : elr_hyp, r13_hyp */
3094 *tgtmode = ARM_CPU_MODE_HYP;
3095 /* Arbitrarily pick 17 for ELR_Hyp (which is not a banked LR!) */
3096 *regno = sysm & 1 ? 13 : 17;
3098 default: /* unallocated */
3103 /* Catch the 'accessing inaccessible register' cases we can detect
3104 * at translate time.
3107 case ARM_CPU_MODE_MON:
3108 if (!arm_dc_feature(s, ARM_FEATURE_EL3) || s->ns) {
3111 if (s->current_el == 1) {
3112 /* If we're in Secure EL1 (which implies that EL3 is AArch64)
3113 * then accesses to Mon registers trap to EL3
3119 case ARM_CPU_MODE_HYP:
3121 * SPSR_hyp and r13_hyp can only be accessed from Monitor mode
3122 * (and so we can forbid accesses from EL2 or below). elr_hyp
3123 * can be accessed also from Hyp mode, so forbid accesses from
3126 if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 2 ||
3127 (s->current_el < 3 && *regno != 17)) {
3138 /* If we get here then some access check did not pass */
3139 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
3140 syn_uncategorized(), exc_target);
3144 static void gen_msr_banked(DisasContext *s, int r, int sysm, int rn)
3146 TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
3147 int tgtmode = 0, regno = 0;
3149 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, ®no)) {
3153 /* Sync state because msr_banked() can raise exceptions */
3154 gen_set_condexec(s);
3155 gen_set_pc_im(s, s->pc_curr);
3156 tcg_reg = load_reg(s, rn);
3157 tcg_tgtmode = tcg_const_i32(tgtmode);
3158 tcg_regno = tcg_const_i32(regno);
3159 gen_helper_msr_banked(cpu_env, tcg_reg, tcg_tgtmode, tcg_regno);
3160 tcg_temp_free_i32(tcg_tgtmode);
3161 tcg_temp_free_i32(tcg_regno);
3162 tcg_temp_free_i32(tcg_reg);
3163 s->base.is_jmp = DISAS_UPDATE;
3166 static void gen_mrs_banked(DisasContext *s, int r, int sysm, int rn)
3168 TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
3169 int tgtmode = 0, regno = 0;
3171 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, ®no)) {
3175 /* Sync state because mrs_banked() can raise exceptions */
3176 gen_set_condexec(s);
3177 gen_set_pc_im(s, s->pc_curr);
3178 tcg_reg = tcg_temp_new_i32();
3179 tcg_tgtmode = tcg_const_i32(tgtmode);
3180 tcg_regno = tcg_const_i32(regno);
3181 gen_helper_mrs_banked(tcg_reg, cpu_env, tcg_tgtmode, tcg_regno);
3182 tcg_temp_free_i32(tcg_tgtmode);
3183 tcg_temp_free_i32(tcg_regno);
3184 store_reg(s, rn, tcg_reg);
3185 s->base.is_jmp = DISAS_UPDATE;
3188 /* Store value to PC as for an exception return (ie don't
3189 * mask bits). The subsequent call to gen_helper_cpsr_write_eret()
3190 * will do the masking based on the new value of the Thumb bit.
3192 static void store_pc_exc_ret(DisasContext *s, TCGv_i32 pc)
3194 tcg_gen_mov_i32(cpu_R[15], pc);
3195 tcg_temp_free_i32(pc);
3198 /* Generate a v6 exception return. Marks both values as dead. */
3199 static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr)
3201 store_pc_exc_ret(s, pc);
3202 /* The cpsr_write_eret helper will mask the low bits of PC
3203 * appropriately depending on the new Thumb bit, so it must
3204 * be called after storing the new PC.
3206 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
3209 gen_helper_cpsr_write_eret(cpu_env, cpsr);
3210 tcg_temp_free_i32(cpsr);
3211 /* Must exit loop to check un-masked IRQs */
3212 s->base.is_jmp = DISAS_EXIT;
3215 /* Generate an old-style exception return. Marks pc as dead. */
3216 static void gen_exception_return(DisasContext *s, TCGv_i32 pc)
3218 gen_rfe(s, pc, load_cpu_field(spsr));
3222 * For WFI we will halt the vCPU until an IRQ. For WFE and YIELD we
3223 * only call the helper when running single threaded TCG code to ensure
3224 * the next round-robin scheduled vCPU gets a crack. In MTTCG mode we
3225 * just skip this instruction. Currently the SEV/SEVL instructions
3226 * which are *one* of many ways to wake the CPU from WFE are not
3227 * implemented so we can't sleep like WFI does.
3229 static void gen_nop_hint(DisasContext *s, int val)
3232 /* When running in MTTCG we don't generate jumps to the yield and
3233 * WFE helpers as it won't affect the scheduling of other vCPUs.
3234 * If we wanted to more completely model WFE/SEV so we don't busy
3235 * spin unnecessarily we would need to do something more involved.
3238 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
3239 gen_set_pc_im(s, s->base.pc_next);
3240 s->base.is_jmp = DISAS_YIELD;
3244 gen_set_pc_im(s, s->base.pc_next);
3245 s->base.is_jmp = DISAS_WFI;
3248 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
3249 gen_set_pc_im(s, s->base.pc_next);
3250 s->base.is_jmp = DISAS_WFE;
3255 /* TODO: Implement SEV, SEVL and WFE. May help SMP performance. */
3261 #define CPU_V001 cpu_V0, cpu_V0, cpu_V1
3263 static inline void gen_neon_add(int size, TCGv_i32 t0, TCGv_i32 t1)
3266 case 0: gen_helper_neon_add_u8(t0, t0, t1); break;
3267 case 1: gen_helper_neon_add_u16(t0, t0, t1); break;
3268 case 2: tcg_gen_add_i32(t0, t0, t1); break;
3273 static inline void gen_neon_rsb(int size, TCGv_i32 t0, TCGv_i32 t1)
3276 case 0: gen_helper_neon_sub_u8(t0, t1, t0); break;
3277 case 1: gen_helper_neon_sub_u16(t0, t1, t0); break;
3278 case 2: tcg_gen_sub_i32(t0, t1, t0); break;
3283 /* 32-bit pairwise ops end up the same as the elementwise versions. */
3284 #define gen_helper_neon_pmax_s32 tcg_gen_smax_i32
3285 #define gen_helper_neon_pmax_u32 tcg_gen_umax_i32
3286 #define gen_helper_neon_pmin_s32 tcg_gen_smin_i32
3287 #define gen_helper_neon_pmin_u32 tcg_gen_umin_i32
3289 #define GEN_NEON_INTEGER_OP_ENV(name) do { \
3290 switch ((size << 1) | u) { \
3292 gen_helper_neon_##name##_s8(tmp, cpu_env, tmp, tmp2); \
3295 gen_helper_neon_##name##_u8(tmp, cpu_env, tmp, tmp2); \
3298 gen_helper_neon_##name##_s16(tmp, cpu_env, tmp, tmp2); \
3301 gen_helper_neon_##name##_u16(tmp, cpu_env, tmp, tmp2); \
3304 gen_helper_neon_##name##_s32(tmp, cpu_env, tmp, tmp2); \
3307 gen_helper_neon_##name##_u32(tmp, cpu_env, tmp, tmp2); \
3309 default: return 1; \
3312 #define GEN_NEON_INTEGER_OP(name) do { \
3313 switch ((size << 1) | u) { \
3315 gen_helper_neon_##name##_s8(tmp, tmp, tmp2); \
3318 gen_helper_neon_##name##_u8(tmp, tmp, tmp2); \
3321 gen_helper_neon_##name##_s16(tmp, tmp, tmp2); \
3324 gen_helper_neon_##name##_u16(tmp, tmp, tmp2); \
3327 gen_helper_neon_##name##_s32(tmp, tmp, tmp2); \
3330 gen_helper_neon_##name##_u32(tmp, tmp, tmp2); \
3332 default: return 1; \
3335 static TCGv_i32 neon_load_scratch(int scratch)
3337 TCGv_i32 tmp = tcg_temp_new_i32();
3338 tcg_gen_ld_i32(tmp, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
3342 static void neon_store_scratch(int scratch, TCGv_i32 var)
3344 tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
3345 tcg_temp_free_i32(var);
3348 static inline TCGv_i32 neon_get_scalar(int size, int reg)
3352 tmp = neon_load_reg(reg & 7, reg >> 4);
3354 gen_neon_dup_high16(tmp);
3356 gen_neon_dup_low16(tmp);
3359 tmp = neon_load_reg(reg & 15, reg >> 4);
3364 static int gen_neon_unzip(int rd, int rm, int size, int q)
3368 if (!q && size == 2) {
3371 pd = vfp_reg_ptr(true, rd);
3372 pm = vfp_reg_ptr(true, rm);
3376 gen_helper_neon_qunzip8(pd, pm);
3379 gen_helper_neon_qunzip16(pd, pm);
3382 gen_helper_neon_qunzip32(pd, pm);
3390 gen_helper_neon_unzip8(pd, pm);
3393 gen_helper_neon_unzip16(pd, pm);
3399 tcg_temp_free_ptr(pd);
3400 tcg_temp_free_ptr(pm);
3404 static int gen_neon_zip(int rd, int rm, int size, int q)
3408 if (!q && size == 2) {
3411 pd = vfp_reg_ptr(true, rd);
3412 pm = vfp_reg_ptr(true, rm);
3416 gen_helper_neon_qzip8(pd, pm);
3419 gen_helper_neon_qzip16(pd, pm);
3422 gen_helper_neon_qzip32(pd, pm);
3430 gen_helper_neon_zip8(pd, pm);
3433 gen_helper_neon_zip16(pd, pm);
3439 tcg_temp_free_ptr(pd);
3440 tcg_temp_free_ptr(pm);
3444 static void gen_neon_trn_u8(TCGv_i32 t0, TCGv_i32 t1)
3448 rd = tcg_temp_new_i32();
3449 tmp = tcg_temp_new_i32();
3451 tcg_gen_shli_i32(rd, t0, 8);
3452 tcg_gen_andi_i32(rd, rd, 0xff00ff00);
3453 tcg_gen_andi_i32(tmp, t1, 0x00ff00ff);
3454 tcg_gen_or_i32(rd, rd, tmp);
3456 tcg_gen_shri_i32(t1, t1, 8);
3457 tcg_gen_andi_i32(t1, t1, 0x00ff00ff);
3458 tcg_gen_andi_i32(tmp, t0, 0xff00ff00);
3459 tcg_gen_or_i32(t1, t1, tmp);
3460 tcg_gen_mov_i32(t0, rd);
3462 tcg_temp_free_i32(tmp);
3463 tcg_temp_free_i32(rd);
3466 static void gen_neon_trn_u16(TCGv_i32 t0, TCGv_i32 t1)
3470 rd = tcg_temp_new_i32();
3471 tmp = tcg_temp_new_i32();
3473 tcg_gen_shli_i32(rd, t0, 16);
3474 tcg_gen_andi_i32(tmp, t1, 0xffff);
3475 tcg_gen_or_i32(rd, rd, tmp);
3476 tcg_gen_shri_i32(t1, t1, 16);
3477 tcg_gen_andi_i32(tmp, t0, 0xffff0000);
3478 tcg_gen_or_i32(t1, t1, tmp);
3479 tcg_gen_mov_i32(t0, rd);
3481 tcg_temp_free_i32(tmp);
3482 tcg_temp_free_i32(rd);
3490 } const neon_ls_element_type[11] = {
3504 /* Translate a NEON load/store element instruction. Return nonzero if the
3505 instruction is invalid. */
3506 static int disas_neon_ls_insn(DisasContext *s, uint32_t insn)
3526 /* FIXME: this access check should not take precedence over UNDEF
3527 * for invalid encodings; we will generate incorrect syndrome information
3528 * for attempts to execute invalid vfp/neon encodings with FP disabled.
3530 if (s->fp_excp_el) {
3531 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
3532 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
3536 if (!s->vfp_enabled)
3538 VFP_DREG_D(rd, insn);
3539 rn = (insn >> 16) & 0xf;
3541 load = (insn & (1 << 21)) != 0;
3542 endian = s->be_data;
3543 mmu_idx = get_mem_index(s);
3544 if ((insn & (1 << 23)) == 0) {
3545 /* Load store all elements. */
3546 op = (insn >> 8) & 0xf;
3547 size = (insn >> 6) & 3;
3550 /* Catch UNDEF cases for bad values of align field */
3553 if (((insn >> 5) & 1) == 1) {
3558 if (((insn >> 4) & 3) == 3) {
3565 nregs = neon_ls_element_type[op].nregs;
3566 interleave = neon_ls_element_type[op].interleave;
3567 spacing = neon_ls_element_type[op].spacing;
3568 if (size == 3 && (interleave | spacing) != 1) {
3571 /* For our purposes, bytes are always little-endian. */
3575 /* Consecutive little-endian elements from a single register
3576 * can be promoted to a larger little-endian operation.
3578 if (interleave == 1 && endian == MO_LE) {
3581 tmp64 = tcg_temp_new_i64();
3582 addr = tcg_temp_new_i32();
3583 tmp2 = tcg_const_i32(1 << size);
3584 load_reg_var(s, addr, rn);
3585 for (reg = 0; reg < nregs; reg++) {
3586 for (n = 0; n < 8 >> size; n++) {
3588 for (xs = 0; xs < interleave; xs++) {
3589 int tt = rd + reg + spacing * xs;
3592 gen_aa32_ld_i64(s, tmp64, addr, mmu_idx, endian | size);
3593 neon_store_element64(tt, n, size, tmp64);
3595 neon_load_element64(tmp64, tt, n, size);
3596 gen_aa32_st_i64(s, tmp64, addr, mmu_idx, endian | size);
3598 tcg_gen_add_i32(addr, addr, tmp2);
3602 tcg_temp_free_i32(addr);
3603 tcg_temp_free_i32(tmp2);
3604 tcg_temp_free_i64(tmp64);
3605 stride = nregs * interleave * 8;
3607 size = (insn >> 10) & 3;
3609 /* Load single element to all lanes. */
3610 int a = (insn >> 4) & 1;
3614 size = (insn >> 6) & 3;
3615 nregs = ((insn >> 8) & 3) + 1;
3618 if (nregs != 4 || a == 0) {
3621 /* For VLD4 size==3 a == 1 means 32 bits at 16 byte alignment */
3624 if (nregs == 1 && a == 1 && size == 0) {
3627 if (nregs == 3 && a == 1) {
3630 addr = tcg_temp_new_i32();
3631 load_reg_var(s, addr, rn);
3633 /* VLD1 to all lanes: bit 5 indicates how many Dregs to write.
3634 * VLD2/3/4 to all lanes: bit 5 indicates register stride.
3636 stride = (insn & (1 << 5)) ? 2 : 1;
3637 vec_size = nregs == 1 ? stride * 8 : 8;
3639 tmp = tcg_temp_new_i32();
3640 for (reg = 0; reg < nregs; reg++) {
3641 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
3643 if ((rd & 1) && vec_size == 16) {
3644 /* We cannot write 16 bytes at once because the
3645 * destination is unaligned.
3647 tcg_gen_gvec_dup_i32(size, neon_reg_offset(rd, 0),
3649 tcg_gen_gvec_mov(0, neon_reg_offset(rd + 1, 0),
3650 neon_reg_offset(rd, 0), 8, 8);
3652 tcg_gen_gvec_dup_i32(size, neon_reg_offset(rd, 0),
3653 vec_size, vec_size, tmp);
3655 tcg_gen_addi_i32(addr, addr, 1 << size);
3658 tcg_temp_free_i32(tmp);
3659 tcg_temp_free_i32(addr);
3660 stride = (1 << size) * nregs;
3662 /* Single element. */
3663 int idx = (insn >> 4) & 0xf;
3667 reg_idx = (insn >> 5) & 7;
3671 reg_idx = (insn >> 6) & 3;
3672 stride = (insn & (1 << 5)) ? 2 : 1;
3675 reg_idx = (insn >> 7) & 1;
3676 stride = (insn & (1 << 6)) ? 2 : 1;
3681 nregs = ((insn >> 8) & 3) + 1;
3682 /* Catch the UNDEF cases. This is unavoidably a bit messy. */
3685 if (((idx & (1 << size)) != 0) ||
3686 (size == 2 && ((idx & 3) == 1 || (idx & 3) == 2))) {
3691 if ((idx & 1) != 0) {
3696 if (size == 2 && (idx & 2) != 0) {
3701 if ((size == 2) && ((idx & 3) == 3)) {
3708 if ((rd + stride * (nregs - 1)) > 31) {
3709 /* Attempts to write off the end of the register file
3710 * are UNPREDICTABLE; we choose to UNDEF because otherwise
3711 * the neon_load_reg() would write off the end of the array.
3715 tmp = tcg_temp_new_i32();
3716 addr = tcg_temp_new_i32();
3717 load_reg_var(s, addr, rn);
3718 for (reg = 0; reg < nregs; reg++) {
3720 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
3722 neon_store_element(rd, reg_idx, size, tmp);
3723 } else { /* Store */
3724 neon_load_element(tmp, rd, reg_idx, size);
3725 gen_aa32_st_i32(s, tmp, addr, get_mem_index(s),
3729 tcg_gen_addi_i32(addr, addr, 1 << size);
3731 tcg_temp_free_i32(addr);
3732 tcg_temp_free_i32(tmp);
3733 stride = nregs * (1 << size);
3739 base = load_reg(s, rn);
3741 tcg_gen_addi_i32(base, base, stride);
3744 index = load_reg(s, rm);
3745 tcg_gen_add_i32(base, base, index);
3746 tcg_temp_free_i32(index);
3748 store_reg(s, rn, base);
3753 static inline void gen_neon_narrow(int size, TCGv_i32 dest, TCGv_i64 src)
3756 case 0: gen_helper_neon_narrow_u8(dest, src); break;
3757 case 1: gen_helper_neon_narrow_u16(dest, src); break;
3758 case 2: tcg_gen_extrl_i64_i32(dest, src); break;
3763 static inline void gen_neon_narrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
3766 case 0: gen_helper_neon_narrow_sat_s8(dest, cpu_env, src); break;
3767 case 1: gen_helper_neon_narrow_sat_s16(dest, cpu_env, src); break;
3768 case 2: gen_helper_neon_narrow_sat_s32(dest, cpu_env, src); break;
3773 static inline void gen_neon_narrow_satu(int size, TCGv_i32 dest, TCGv_i64 src)
3776 case 0: gen_helper_neon_narrow_sat_u8(dest, cpu_env, src); break;
3777 case 1: gen_helper_neon_narrow_sat_u16(dest, cpu_env, src); break;
3778 case 2: gen_helper_neon_narrow_sat_u32(dest, cpu_env, src); break;
3783 static inline void gen_neon_unarrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
3786 case 0: gen_helper_neon_unarrow_sat8(dest, cpu_env, src); break;
3787 case 1: gen_helper_neon_unarrow_sat16(dest, cpu_env, src); break;
3788 case 2: gen_helper_neon_unarrow_sat32(dest, cpu_env, src); break;
3793 static inline void gen_neon_shift_narrow(int size, TCGv_i32 var, TCGv_i32 shift,
3799 case 1: gen_helper_neon_rshl_u16(var, var, shift); break;
3800 case 2: gen_helper_neon_rshl_u32(var, var, shift); break;
3805 case 1: gen_helper_neon_rshl_s16(var, var, shift); break;
3806 case 2: gen_helper_neon_rshl_s32(var, var, shift); break;
3813 case 1: gen_helper_neon_shl_u16(var, var, shift); break;
3814 case 2: gen_helper_neon_shl_u32(var, var, shift); break;
3819 case 1: gen_helper_neon_shl_s16(var, var, shift); break;
3820 case 2: gen_helper_neon_shl_s32(var, var, shift); break;
3827 static inline void gen_neon_widen(TCGv_i64 dest, TCGv_i32 src, int size, int u)
3831 case 0: gen_helper_neon_widen_u8(dest, src); break;
3832 case 1: gen_helper_neon_widen_u16(dest, src); break;
3833 case 2: tcg_gen_extu_i32_i64(dest, src); break;
3838 case 0: gen_helper_neon_widen_s8(dest, src); break;
3839 case 1: gen_helper_neon_widen_s16(dest, src); break;
3840 case 2: tcg_gen_ext_i32_i64(dest, src); break;
3844 tcg_temp_free_i32(src);
3847 static inline void gen_neon_addl(int size)
3850 case 0: gen_helper_neon_addl_u16(CPU_V001); break;
3851 case 1: gen_helper_neon_addl_u32(CPU_V001); break;
3852 case 2: tcg_gen_add_i64(CPU_V001); break;
3857 static inline void gen_neon_subl(int size)
3860 case 0: gen_helper_neon_subl_u16(CPU_V001); break;
3861 case 1: gen_helper_neon_subl_u32(CPU_V001); break;
3862 case 2: tcg_gen_sub_i64(CPU_V001); break;
3867 static inline void gen_neon_negl(TCGv_i64 var, int size)
3870 case 0: gen_helper_neon_negl_u16(var, var); break;
3871 case 1: gen_helper_neon_negl_u32(var, var); break;
3873 tcg_gen_neg_i64(var, var);
3879 static inline void gen_neon_addl_saturate(TCGv_i64 op0, TCGv_i64 op1, int size)
3882 case 1: gen_helper_neon_addl_saturate_s32(op0, cpu_env, op0, op1); break;
3883 case 2: gen_helper_neon_addl_saturate_s64(op0, cpu_env, op0, op1); break;
3888 static inline void gen_neon_mull(TCGv_i64 dest, TCGv_i32 a, TCGv_i32 b,
3893 switch ((size << 1) | u) {
3894 case 0: gen_helper_neon_mull_s8(dest, a, b); break;
3895 case 1: gen_helper_neon_mull_u8(dest, a, b); break;
3896 case 2: gen_helper_neon_mull_s16(dest, a, b); break;
3897 case 3: gen_helper_neon_mull_u16(dest, a, b); break;
3899 tmp = gen_muls_i64_i32(a, b);
3900 tcg_gen_mov_i64(dest, tmp);
3901 tcg_temp_free_i64(tmp);
3904 tmp = gen_mulu_i64_i32(a, b);
3905 tcg_gen_mov_i64(dest, tmp);
3906 tcg_temp_free_i64(tmp);
3911 /* gen_helper_neon_mull_[su]{8|16} do not free their parameters.
3912 Don't forget to clean them now. */
3914 tcg_temp_free_i32(a);
3915 tcg_temp_free_i32(b);
3919 static void gen_neon_narrow_op(int op, int u, int size,
3920 TCGv_i32 dest, TCGv_i64 src)
3924 gen_neon_unarrow_sats(size, dest, src);
3926 gen_neon_narrow(size, dest, src);
3930 gen_neon_narrow_satu(size, dest, src);
3932 gen_neon_narrow_sats(size, dest, src);
3937 /* Symbolic constants for op fields for Neon 3-register same-length.
3938 * The values correspond to bits [11:8,4]; see the ARM ARM DDI0406B
3941 #define NEON_3R_VHADD 0
3942 #define NEON_3R_VQADD 1
3943 #define NEON_3R_VRHADD 2
3944 #define NEON_3R_LOGIC 3 /* VAND,VBIC,VORR,VMOV,VORN,VEOR,VBIF,VBIT,VBSL */
3945 #define NEON_3R_VHSUB 4
3946 #define NEON_3R_VQSUB 5
3947 #define NEON_3R_VCGT 6
3948 #define NEON_3R_VCGE 7
3949 #define NEON_3R_VSHL 8
3950 #define NEON_3R_VQSHL 9
3951 #define NEON_3R_VRSHL 10
3952 #define NEON_3R_VQRSHL 11
3953 #define NEON_3R_VMAX 12
3954 #define NEON_3R_VMIN 13
3955 #define NEON_3R_VABD 14
3956 #define NEON_3R_VABA 15
3957 #define NEON_3R_VADD_VSUB 16
3958 #define NEON_3R_VTST_VCEQ 17
3959 #define NEON_3R_VML 18 /* VMLA, VMLS */
3960 #define NEON_3R_VMUL 19
3961 #define NEON_3R_VPMAX 20
3962 #define NEON_3R_VPMIN 21
3963 #define NEON_3R_VQDMULH_VQRDMULH 22
3964 #define NEON_3R_VPADD_VQRDMLAH 23
3965 #define NEON_3R_SHA 24 /* SHA1C,SHA1P,SHA1M,SHA1SU0,SHA256H{2},SHA256SU1 */
3966 #define NEON_3R_VFM_VQRDMLSH 25 /* VFMA, VFMS, VQRDMLSH */
3967 #define NEON_3R_FLOAT_ARITH 26 /* float VADD, VSUB, VPADD, VABD */
3968 #define NEON_3R_FLOAT_MULTIPLY 27 /* float VMLA, VMLS, VMUL */
3969 #define NEON_3R_FLOAT_CMP 28 /* float VCEQ, VCGE, VCGT */
3970 #define NEON_3R_FLOAT_ACMP 29 /* float VACGE, VACGT, VACLE, VACLT */
3971 #define NEON_3R_FLOAT_MINMAX 30 /* float VMIN, VMAX */
3972 #define NEON_3R_FLOAT_MISC 31 /* float VRECPS, VRSQRTS, VMAXNM/MINNM */
3974 static const uint8_t neon_3r_sizes[] = {
3975 [NEON_3R_VHADD] = 0x7,
3976 [NEON_3R_VQADD] = 0xf,
3977 [NEON_3R_VRHADD] = 0x7,
3978 [NEON_3R_LOGIC] = 0xf, /* size field encodes op type */
3979 [NEON_3R_VHSUB] = 0x7,
3980 [NEON_3R_VQSUB] = 0xf,
3981 [NEON_3R_VCGT] = 0x7,
3982 [NEON_3R_VCGE] = 0x7,
3983 [NEON_3R_VSHL] = 0xf,
3984 [NEON_3R_VQSHL] = 0xf,
3985 [NEON_3R_VRSHL] = 0xf,
3986 [NEON_3R_VQRSHL] = 0xf,
3987 [NEON_3R_VMAX] = 0x7,
3988 [NEON_3R_VMIN] = 0x7,
3989 [NEON_3R_VABD] = 0x7,
3990 [NEON_3R_VABA] = 0x7,
3991 [NEON_3R_VADD_VSUB] = 0xf,
3992 [NEON_3R_VTST_VCEQ] = 0x7,
3993 [NEON_3R_VML] = 0x7,
3994 [NEON_3R_VMUL] = 0x7,
3995 [NEON_3R_VPMAX] = 0x7,
3996 [NEON_3R_VPMIN] = 0x7,
3997 [NEON_3R_VQDMULH_VQRDMULH] = 0x6,
3998 [NEON_3R_VPADD_VQRDMLAH] = 0x7,
3999 [NEON_3R_SHA] = 0xf, /* size field encodes op type */
4000 [NEON_3R_VFM_VQRDMLSH] = 0x7, /* For VFM, size bit 1 encodes op */
4001 [NEON_3R_FLOAT_ARITH] = 0x5, /* size bit 1 encodes op */
4002 [NEON_3R_FLOAT_MULTIPLY] = 0x5, /* size bit 1 encodes op */
4003 [NEON_3R_FLOAT_CMP] = 0x5, /* size bit 1 encodes op */
4004 [NEON_3R_FLOAT_ACMP] = 0x5, /* size bit 1 encodes op */
4005 [NEON_3R_FLOAT_MINMAX] = 0x5, /* size bit 1 encodes op */
4006 [NEON_3R_FLOAT_MISC] = 0x5, /* size bit 1 encodes op */
4009 /* Symbolic constants for op fields for Neon 2-register miscellaneous.
4010 * The values correspond to bits [17:16,10:7]; see the ARM ARM DDI0406B
4013 #define NEON_2RM_VREV64 0
4014 #define NEON_2RM_VREV32 1
4015 #define NEON_2RM_VREV16 2
4016 #define NEON_2RM_VPADDL 4
4017 #define NEON_2RM_VPADDL_U 5
4018 #define NEON_2RM_AESE 6 /* Includes AESD */
4019 #define NEON_2RM_AESMC 7 /* Includes AESIMC */
4020 #define NEON_2RM_VCLS 8
4021 #define NEON_2RM_VCLZ 9
4022 #define NEON_2RM_VCNT 10
4023 #define NEON_2RM_VMVN 11
4024 #define NEON_2RM_VPADAL 12
4025 #define NEON_2RM_VPADAL_U 13
4026 #define NEON_2RM_VQABS 14
4027 #define NEON_2RM_VQNEG 15
4028 #define NEON_2RM_VCGT0 16
4029 #define NEON_2RM_VCGE0 17
4030 #define NEON_2RM_VCEQ0 18
4031 #define NEON_2RM_VCLE0 19
4032 #define NEON_2RM_VCLT0 20
4033 #define NEON_2RM_SHA1H 21
4034 #define NEON_2RM_VABS 22
4035 #define NEON_2RM_VNEG 23
4036 #define NEON_2RM_VCGT0_F 24
4037 #define NEON_2RM_VCGE0_F 25
4038 #define NEON_2RM_VCEQ0_F 26
4039 #define NEON_2RM_VCLE0_F 27
4040 #define NEON_2RM_VCLT0_F 28
4041 #define NEON_2RM_VABS_F 30
4042 #define NEON_2RM_VNEG_F 31
4043 #define NEON_2RM_VSWP 32
4044 #define NEON_2RM_VTRN 33
4045 #define NEON_2RM_VUZP 34
4046 #define NEON_2RM_VZIP 35
4047 #define NEON_2RM_VMOVN 36 /* Includes VQMOVN, VQMOVUN */
4048 #define NEON_2RM_VQMOVN 37 /* Includes VQMOVUN */
4049 #define NEON_2RM_VSHLL 38
4050 #define NEON_2RM_SHA1SU1 39 /* Includes SHA256SU0 */
4051 #define NEON_2RM_VRINTN 40
4052 #define NEON_2RM_VRINTX 41
4053 #define NEON_2RM_VRINTA 42
4054 #define NEON_2RM_VRINTZ 43
4055 #define NEON_2RM_VCVT_F16_F32 44
4056 #define NEON_2RM_VRINTM 45
4057 #define NEON_2RM_VCVT_F32_F16 46
4058 #define NEON_2RM_VRINTP 47
4059 #define NEON_2RM_VCVTAU 48
4060 #define NEON_2RM_VCVTAS 49
4061 #define NEON_2RM_VCVTNU 50
4062 #define NEON_2RM_VCVTNS 51
4063 #define NEON_2RM_VCVTPU 52
4064 #define NEON_2RM_VCVTPS 53
4065 #define NEON_2RM_VCVTMU 54
4066 #define NEON_2RM_VCVTMS 55
4067 #define NEON_2RM_VRECPE 56
4068 #define NEON_2RM_VRSQRTE 57
4069 #define NEON_2RM_VRECPE_F 58
4070 #define NEON_2RM_VRSQRTE_F 59
4071 #define NEON_2RM_VCVT_FS 60
4072 #define NEON_2RM_VCVT_FU 61
4073 #define NEON_2RM_VCVT_SF 62
4074 #define NEON_2RM_VCVT_UF 63
4076 static bool neon_2rm_is_v8_op(int op)
4078 /* Return true if this neon 2reg-misc op is ARMv8 and up */
4080 case NEON_2RM_VRINTN:
4081 case NEON_2RM_VRINTA:
4082 case NEON_2RM_VRINTM:
4083 case NEON_2RM_VRINTP:
4084 case NEON_2RM_VRINTZ:
4085 case NEON_2RM_VRINTX:
4086 case NEON_2RM_VCVTAU:
4087 case NEON_2RM_VCVTAS:
4088 case NEON_2RM_VCVTNU:
4089 case NEON_2RM_VCVTNS:
4090 case NEON_2RM_VCVTPU:
4091 case NEON_2RM_VCVTPS:
4092 case NEON_2RM_VCVTMU:
4093 case NEON_2RM_VCVTMS:
4100 /* Each entry in this array has bit n set if the insn allows
4101 * size value n (otherwise it will UNDEF). Since unallocated
4102 * op values will have no bits set they always UNDEF.
4104 static const uint8_t neon_2rm_sizes[] = {
4105 [NEON_2RM_VREV64] = 0x7,
4106 [NEON_2RM_VREV32] = 0x3,
4107 [NEON_2RM_VREV16] = 0x1,
4108 [NEON_2RM_VPADDL] = 0x7,
4109 [NEON_2RM_VPADDL_U] = 0x7,
4110 [NEON_2RM_AESE] = 0x1,
4111 [NEON_2RM_AESMC] = 0x1,
4112 [NEON_2RM_VCLS] = 0x7,
4113 [NEON_2RM_VCLZ] = 0x7,
4114 [NEON_2RM_VCNT] = 0x1,
4115 [NEON_2RM_VMVN] = 0x1,
4116 [NEON_2RM_VPADAL] = 0x7,
4117 [NEON_2RM_VPADAL_U] = 0x7,
4118 [NEON_2RM_VQABS] = 0x7,
4119 [NEON_2RM_VQNEG] = 0x7,
4120 [NEON_2RM_VCGT0] = 0x7,
4121 [NEON_2RM_VCGE0] = 0x7,
4122 [NEON_2RM_VCEQ0] = 0x7,
4123 [NEON_2RM_VCLE0] = 0x7,
4124 [NEON_2RM_VCLT0] = 0x7,
4125 [NEON_2RM_SHA1H] = 0x4,
4126 [NEON_2RM_VABS] = 0x7,
4127 [NEON_2RM_VNEG] = 0x7,
4128 [NEON_2RM_VCGT0_F] = 0x4,
4129 [NEON_2RM_VCGE0_F] = 0x4,
4130 [NEON_2RM_VCEQ0_F] = 0x4,
4131 [NEON_2RM_VCLE0_F] = 0x4,
4132 [NEON_2RM_VCLT0_F] = 0x4,
4133 [NEON_2RM_VABS_F] = 0x4,
4134 [NEON_2RM_VNEG_F] = 0x4,
4135 [NEON_2RM_VSWP] = 0x1,
4136 [NEON_2RM_VTRN] = 0x7,
4137 [NEON_2RM_VUZP] = 0x7,
4138 [NEON_2RM_VZIP] = 0x7,
4139 [NEON_2RM_VMOVN] = 0x7,
4140 [NEON_2RM_VQMOVN] = 0x7,
4141 [NEON_2RM_VSHLL] = 0x7,
4142 [NEON_2RM_SHA1SU1] = 0x4,
4143 [NEON_2RM_VRINTN] = 0x4,
4144 [NEON_2RM_VRINTX] = 0x4,
4145 [NEON_2RM_VRINTA] = 0x4,
4146 [NEON_2RM_VRINTZ] = 0x4,
4147 [NEON_2RM_VCVT_F16_F32] = 0x2,
4148 [NEON_2RM_VRINTM] = 0x4,
4149 [NEON_2RM_VCVT_F32_F16] = 0x2,
4150 [NEON_2RM_VRINTP] = 0x4,
4151 [NEON_2RM_VCVTAU] = 0x4,
4152 [NEON_2RM_VCVTAS] = 0x4,
4153 [NEON_2RM_VCVTNU] = 0x4,
4154 [NEON_2RM_VCVTNS] = 0x4,
4155 [NEON_2RM_VCVTPU] = 0x4,
4156 [NEON_2RM_VCVTPS] = 0x4,
4157 [NEON_2RM_VCVTMU] = 0x4,
4158 [NEON_2RM_VCVTMS] = 0x4,
4159 [NEON_2RM_VRECPE] = 0x4,
4160 [NEON_2RM_VRSQRTE] = 0x4,
4161 [NEON_2RM_VRECPE_F] = 0x4,
4162 [NEON_2RM_VRSQRTE_F] = 0x4,
4163 [NEON_2RM_VCVT_FS] = 0x4,
4164 [NEON_2RM_VCVT_FU] = 0x4,
4165 [NEON_2RM_VCVT_SF] = 0x4,
4166 [NEON_2RM_VCVT_UF] = 0x4,
4170 /* Expand v8.1 simd helper. */
4171 static int do_v81_helper(DisasContext *s, gen_helper_gvec_3_ptr *fn,
4172 int q, int rd, int rn, int rm)
4174 if (dc_isar_feature(aa32_rdm, s)) {
4175 int opr_sz = (1 + q) * 8;
4176 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd),
4177 vfp_reg_offset(1, rn),
4178 vfp_reg_offset(1, rm), cpu_env,
4179 opr_sz, opr_sz, 0, fn);
4185 static void gen_ssra8_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4187 tcg_gen_vec_sar8i_i64(a, a, shift);
4188 tcg_gen_vec_add8_i64(d, d, a);
4191 static void gen_ssra16_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4193 tcg_gen_vec_sar16i_i64(a, a, shift);
4194 tcg_gen_vec_add16_i64(d, d, a);
4197 static void gen_ssra32_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4199 tcg_gen_sari_i32(a, a, shift);
4200 tcg_gen_add_i32(d, d, a);
4203 static void gen_ssra64_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4205 tcg_gen_sari_i64(a, a, shift);
4206 tcg_gen_add_i64(d, d, a);
4209 static void gen_ssra_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4211 tcg_gen_sari_vec(vece, a, a, sh);
4212 tcg_gen_add_vec(vece, d, d, a);
4215 static const TCGOpcode vecop_list_ssra[] = {
4216 INDEX_op_sari_vec, INDEX_op_add_vec, 0
4219 const GVecGen2i ssra_op[4] = {
4220 { .fni8 = gen_ssra8_i64,
4221 .fniv = gen_ssra_vec,
4223 .opt_opc = vecop_list_ssra,
4225 { .fni8 = gen_ssra16_i64,
4226 .fniv = gen_ssra_vec,
4228 .opt_opc = vecop_list_ssra,
4230 { .fni4 = gen_ssra32_i32,
4231 .fniv = gen_ssra_vec,
4233 .opt_opc = vecop_list_ssra,
4235 { .fni8 = gen_ssra64_i64,
4236 .fniv = gen_ssra_vec,
4237 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4238 .opt_opc = vecop_list_ssra,
4243 static void gen_usra8_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4245 tcg_gen_vec_shr8i_i64(a, a, shift);
4246 tcg_gen_vec_add8_i64(d, d, a);
4249 static void gen_usra16_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4251 tcg_gen_vec_shr16i_i64(a, a, shift);
4252 tcg_gen_vec_add16_i64(d, d, a);
4255 static void gen_usra32_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4257 tcg_gen_shri_i32(a, a, shift);
4258 tcg_gen_add_i32(d, d, a);
4261 static void gen_usra64_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4263 tcg_gen_shri_i64(a, a, shift);
4264 tcg_gen_add_i64(d, d, a);
4267 static void gen_usra_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4269 tcg_gen_shri_vec(vece, a, a, sh);
4270 tcg_gen_add_vec(vece, d, d, a);
4273 static const TCGOpcode vecop_list_usra[] = {
4274 INDEX_op_shri_vec, INDEX_op_add_vec, 0
4277 const GVecGen2i usra_op[4] = {
4278 { .fni8 = gen_usra8_i64,
4279 .fniv = gen_usra_vec,
4281 .opt_opc = vecop_list_usra,
4283 { .fni8 = gen_usra16_i64,
4284 .fniv = gen_usra_vec,
4286 .opt_opc = vecop_list_usra,
4288 { .fni4 = gen_usra32_i32,
4289 .fniv = gen_usra_vec,
4291 .opt_opc = vecop_list_usra,
4293 { .fni8 = gen_usra64_i64,
4294 .fniv = gen_usra_vec,
4295 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4297 .opt_opc = vecop_list_usra,
4301 static void gen_shr8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4303 uint64_t mask = dup_const(MO_8, 0xff >> shift);
4304 TCGv_i64 t = tcg_temp_new_i64();
4306 tcg_gen_shri_i64(t, a, shift);
4307 tcg_gen_andi_i64(t, t, mask);
4308 tcg_gen_andi_i64(d, d, ~mask);
4309 tcg_gen_or_i64(d, d, t);
4310 tcg_temp_free_i64(t);
4313 static void gen_shr16_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4315 uint64_t mask = dup_const(MO_16, 0xffff >> shift);
4316 TCGv_i64 t = tcg_temp_new_i64();
4318 tcg_gen_shri_i64(t, a, shift);
4319 tcg_gen_andi_i64(t, t, mask);
4320 tcg_gen_andi_i64(d, d, ~mask);
4321 tcg_gen_or_i64(d, d, t);
4322 tcg_temp_free_i64(t);
4325 static void gen_shr32_ins_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4327 tcg_gen_shri_i32(a, a, shift);
4328 tcg_gen_deposit_i32(d, d, a, 0, 32 - shift);
4331 static void gen_shr64_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4333 tcg_gen_shri_i64(a, a, shift);
4334 tcg_gen_deposit_i64(d, d, a, 0, 64 - shift);
4337 static void gen_shr_ins_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4340 tcg_gen_mov_vec(d, a);
4342 TCGv_vec t = tcg_temp_new_vec_matching(d);
4343 TCGv_vec m = tcg_temp_new_vec_matching(d);
4345 tcg_gen_dupi_vec(vece, m, MAKE_64BIT_MASK((8 << vece) - sh, sh));
4346 tcg_gen_shri_vec(vece, t, a, sh);
4347 tcg_gen_and_vec(vece, d, d, m);
4348 tcg_gen_or_vec(vece, d, d, t);
4350 tcg_temp_free_vec(t);
4351 tcg_temp_free_vec(m);
4355 static const TCGOpcode vecop_list_sri[] = { INDEX_op_shri_vec, 0 };
4357 const GVecGen2i sri_op[4] = {
4358 { .fni8 = gen_shr8_ins_i64,
4359 .fniv = gen_shr_ins_vec,
4361 .opt_opc = vecop_list_sri,
4363 { .fni8 = gen_shr16_ins_i64,
4364 .fniv = gen_shr_ins_vec,
4366 .opt_opc = vecop_list_sri,
4368 { .fni4 = gen_shr32_ins_i32,
4369 .fniv = gen_shr_ins_vec,
4371 .opt_opc = vecop_list_sri,
4373 { .fni8 = gen_shr64_ins_i64,
4374 .fniv = gen_shr_ins_vec,
4375 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4377 .opt_opc = vecop_list_sri,
4381 static void gen_shl8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4383 uint64_t mask = dup_const(MO_8, 0xff << shift);
4384 TCGv_i64 t = tcg_temp_new_i64();
4386 tcg_gen_shli_i64(t, a, shift);
4387 tcg_gen_andi_i64(t, t, mask);
4388 tcg_gen_andi_i64(d, d, ~mask);
4389 tcg_gen_or_i64(d, d, t);
4390 tcg_temp_free_i64(t);
4393 static void gen_shl16_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4395 uint64_t mask = dup_const(MO_16, 0xffff << shift);
4396 TCGv_i64 t = tcg_temp_new_i64();
4398 tcg_gen_shli_i64(t, a, shift);
4399 tcg_gen_andi_i64(t, t, mask);
4400 tcg_gen_andi_i64(d, d, ~mask);
4401 tcg_gen_or_i64(d, d, t);
4402 tcg_temp_free_i64(t);
4405 static void gen_shl32_ins_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4407 tcg_gen_deposit_i32(d, d, a, shift, 32 - shift);
4410 static void gen_shl64_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4412 tcg_gen_deposit_i64(d, d, a, shift, 64 - shift);
4415 static void gen_shl_ins_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4418 tcg_gen_mov_vec(d, a);
4420 TCGv_vec t = tcg_temp_new_vec_matching(d);
4421 TCGv_vec m = tcg_temp_new_vec_matching(d);
4423 tcg_gen_dupi_vec(vece, m, MAKE_64BIT_MASK(0, sh));
4424 tcg_gen_shli_vec(vece, t, a, sh);
4425 tcg_gen_and_vec(vece, d, d, m);
4426 tcg_gen_or_vec(vece, d, d, t);
4428 tcg_temp_free_vec(t);
4429 tcg_temp_free_vec(m);
4433 static const TCGOpcode vecop_list_sli[] = { INDEX_op_shli_vec, 0 };
4435 const GVecGen2i sli_op[4] = {
4436 { .fni8 = gen_shl8_ins_i64,
4437 .fniv = gen_shl_ins_vec,
4439 .opt_opc = vecop_list_sli,
4441 { .fni8 = gen_shl16_ins_i64,
4442 .fniv = gen_shl_ins_vec,
4444 .opt_opc = vecop_list_sli,
4446 { .fni4 = gen_shl32_ins_i32,
4447 .fniv = gen_shl_ins_vec,
4449 .opt_opc = vecop_list_sli,
4451 { .fni8 = gen_shl64_ins_i64,
4452 .fniv = gen_shl_ins_vec,
4453 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4455 .opt_opc = vecop_list_sli,
4459 static void gen_mla8_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4461 gen_helper_neon_mul_u8(a, a, b);
4462 gen_helper_neon_add_u8(d, d, a);
4465 static void gen_mls8_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4467 gen_helper_neon_mul_u8(a, a, b);
4468 gen_helper_neon_sub_u8(d, d, a);
4471 static void gen_mla16_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4473 gen_helper_neon_mul_u16(a, a, b);
4474 gen_helper_neon_add_u16(d, d, a);
4477 static void gen_mls16_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4479 gen_helper_neon_mul_u16(a, a, b);
4480 gen_helper_neon_sub_u16(d, d, a);
4483 static void gen_mla32_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4485 tcg_gen_mul_i32(a, a, b);
4486 tcg_gen_add_i32(d, d, a);
4489 static void gen_mls32_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4491 tcg_gen_mul_i32(a, a, b);
4492 tcg_gen_sub_i32(d, d, a);
4495 static void gen_mla64_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4497 tcg_gen_mul_i64(a, a, b);
4498 tcg_gen_add_i64(d, d, a);
4501 static void gen_mls64_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4503 tcg_gen_mul_i64(a, a, b);
4504 tcg_gen_sub_i64(d, d, a);
4507 static void gen_mla_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4509 tcg_gen_mul_vec(vece, a, a, b);
4510 tcg_gen_add_vec(vece, d, d, a);
4513 static void gen_mls_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4515 tcg_gen_mul_vec(vece, a, a, b);
4516 tcg_gen_sub_vec(vece, d, d, a);
4519 /* Note that while NEON does not support VMLA and VMLS as 64-bit ops,
4520 * these tables are shared with AArch64 which does support them.
4523 static const TCGOpcode vecop_list_mla[] = {
4524 INDEX_op_mul_vec, INDEX_op_add_vec, 0
4527 static const TCGOpcode vecop_list_mls[] = {
4528 INDEX_op_mul_vec, INDEX_op_sub_vec, 0
4531 const GVecGen3 mla_op[4] = {
4532 { .fni4 = gen_mla8_i32,
4533 .fniv = gen_mla_vec,
4535 .opt_opc = vecop_list_mla,
4537 { .fni4 = gen_mla16_i32,
4538 .fniv = gen_mla_vec,
4540 .opt_opc = vecop_list_mla,
4542 { .fni4 = gen_mla32_i32,
4543 .fniv = gen_mla_vec,
4545 .opt_opc = vecop_list_mla,
4547 { .fni8 = gen_mla64_i64,
4548 .fniv = gen_mla_vec,
4549 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4551 .opt_opc = vecop_list_mla,
4555 const GVecGen3 mls_op[4] = {
4556 { .fni4 = gen_mls8_i32,
4557 .fniv = gen_mls_vec,
4559 .opt_opc = vecop_list_mls,
4561 { .fni4 = gen_mls16_i32,
4562 .fniv = gen_mls_vec,
4564 .opt_opc = vecop_list_mls,
4566 { .fni4 = gen_mls32_i32,
4567 .fniv = gen_mls_vec,
4569 .opt_opc = vecop_list_mls,
4571 { .fni8 = gen_mls64_i64,
4572 .fniv = gen_mls_vec,
4573 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4575 .opt_opc = vecop_list_mls,
4579 /* CMTST : test is "if (X & Y != 0)". */
4580 static void gen_cmtst_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4582 tcg_gen_and_i32(d, a, b);
4583 tcg_gen_setcondi_i32(TCG_COND_NE, d, d, 0);
4584 tcg_gen_neg_i32(d, d);
4587 void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4589 tcg_gen_and_i64(d, a, b);
4590 tcg_gen_setcondi_i64(TCG_COND_NE, d, d, 0);
4591 tcg_gen_neg_i64(d, d);
4594 static void gen_cmtst_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4596 tcg_gen_and_vec(vece, d, a, b);
4597 tcg_gen_dupi_vec(vece, a, 0);
4598 tcg_gen_cmp_vec(TCG_COND_NE, vece, d, d, a);
4601 static const TCGOpcode vecop_list_cmtst[] = { INDEX_op_cmp_vec, 0 };
4603 const GVecGen3 cmtst_op[4] = {
4604 { .fni4 = gen_helper_neon_tst_u8,
4605 .fniv = gen_cmtst_vec,
4606 .opt_opc = vecop_list_cmtst,
4608 { .fni4 = gen_helper_neon_tst_u16,
4609 .fniv = gen_cmtst_vec,
4610 .opt_opc = vecop_list_cmtst,
4612 { .fni4 = gen_cmtst_i32,
4613 .fniv = gen_cmtst_vec,
4614 .opt_opc = vecop_list_cmtst,
4616 { .fni8 = gen_cmtst_i64,
4617 .fniv = gen_cmtst_vec,
4618 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4619 .opt_opc = vecop_list_cmtst,
4623 static void gen_uqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4624 TCGv_vec a, TCGv_vec b)
4626 TCGv_vec x = tcg_temp_new_vec_matching(t);
4627 tcg_gen_add_vec(vece, x, a, b);
4628 tcg_gen_usadd_vec(vece, t, a, b);
4629 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4630 tcg_gen_or_vec(vece, sat, sat, x);
4631 tcg_temp_free_vec(x);
4634 static const TCGOpcode vecop_list_uqadd[] = {
4635 INDEX_op_usadd_vec, INDEX_op_cmp_vec, INDEX_op_add_vec, 0
4638 const GVecGen4 uqadd_op[4] = {
4639 { .fniv = gen_uqadd_vec,
4640 .fno = gen_helper_gvec_uqadd_b,
4642 .opt_opc = vecop_list_uqadd,
4644 { .fniv = gen_uqadd_vec,
4645 .fno = gen_helper_gvec_uqadd_h,
4647 .opt_opc = vecop_list_uqadd,
4649 { .fniv = gen_uqadd_vec,
4650 .fno = gen_helper_gvec_uqadd_s,
4652 .opt_opc = vecop_list_uqadd,
4654 { .fniv = gen_uqadd_vec,
4655 .fno = gen_helper_gvec_uqadd_d,
4657 .opt_opc = vecop_list_uqadd,
4661 static void gen_sqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4662 TCGv_vec a, TCGv_vec b)
4664 TCGv_vec x = tcg_temp_new_vec_matching(t);
4665 tcg_gen_add_vec(vece, x, a, b);
4666 tcg_gen_ssadd_vec(vece, t, a, b);
4667 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4668 tcg_gen_or_vec(vece, sat, sat, x);
4669 tcg_temp_free_vec(x);
4672 static const TCGOpcode vecop_list_sqadd[] = {
4673 INDEX_op_ssadd_vec, INDEX_op_cmp_vec, INDEX_op_add_vec, 0
4676 const GVecGen4 sqadd_op[4] = {
4677 { .fniv = gen_sqadd_vec,
4678 .fno = gen_helper_gvec_sqadd_b,
4679 .opt_opc = vecop_list_sqadd,
4682 { .fniv = gen_sqadd_vec,
4683 .fno = gen_helper_gvec_sqadd_h,
4684 .opt_opc = vecop_list_sqadd,
4687 { .fniv = gen_sqadd_vec,
4688 .fno = gen_helper_gvec_sqadd_s,
4689 .opt_opc = vecop_list_sqadd,
4692 { .fniv = gen_sqadd_vec,
4693 .fno = gen_helper_gvec_sqadd_d,
4694 .opt_opc = vecop_list_sqadd,
4699 static void gen_uqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4700 TCGv_vec a, TCGv_vec b)
4702 TCGv_vec x = tcg_temp_new_vec_matching(t);
4703 tcg_gen_sub_vec(vece, x, a, b);
4704 tcg_gen_ussub_vec(vece, t, a, b);
4705 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4706 tcg_gen_or_vec(vece, sat, sat, x);
4707 tcg_temp_free_vec(x);
4710 static const TCGOpcode vecop_list_uqsub[] = {
4711 INDEX_op_ussub_vec, INDEX_op_cmp_vec, INDEX_op_sub_vec, 0
4714 const GVecGen4 uqsub_op[4] = {
4715 { .fniv = gen_uqsub_vec,
4716 .fno = gen_helper_gvec_uqsub_b,
4717 .opt_opc = vecop_list_uqsub,
4720 { .fniv = gen_uqsub_vec,
4721 .fno = gen_helper_gvec_uqsub_h,
4722 .opt_opc = vecop_list_uqsub,
4725 { .fniv = gen_uqsub_vec,
4726 .fno = gen_helper_gvec_uqsub_s,
4727 .opt_opc = vecop_list_uqsub,
4730 { .fniv = gen_uqsub_vec,
4731 .fno = gen_helper_gvec_uqsub_d,
4732 .opt_opc = vecop_list_uqsub,
4737 static void gen_sqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4738 TCGv_vec a, TCGv_vec b)
4740 TCGv_vec x = tcg_temp_new_vec_matching(t);
4741 tcg_gen_sub_vec(vece, x, a, b);
4742 tcg_gen_sssub_vec(vece, t, a, b);
4743 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4744 tcg_gen_or_vec(vece, sat, sat, x);
4745 tcg_temp_free_vec(x);
4748 static const TCGOpcode vecop_list_sqsub[] = {
4749 INDEX_op_sssub_vec, INDEX_op_cmp_vec, INDEX_op_sub_vec, 0
4752 const GVecGen4 sqsub_op[4] = {
4753 { .fniv = gen_sqsub_vec,
4754 .fno = gen_helper_gvec_sqsub_b,
4755 .opt_opc = vecop_list_sqsub,
4758 { .fniv = gen_sqsub_vec,
4759 .fno = gen_helper_gvec_sqsub_h,
4760 .opt_opc = vecop_list_sqsub,
4763 { .fniv = gen_sqsub_vec,
4764 .fno = gen_helper_gvec_sqsub_s,
4765 .opt_opc = vecop_list_sqsub,
4768 { .fniv = gen_sqsub_vec,
4769 .fno = gen_helper_gvec_sqsub_d,
4770 .opt_opc = vecop_list_sqsub,
4775 /* Translate a NEON data processing instruction. Return nonzero if the
4776 instruction is invalid.
4777 We process data in a mixture of 32-bit and 64-bit chunks.
4778 Mostly we use 32-bit chunks so we can use normal scalar instructions. */
4780 static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
4784 int rd, rn, rm, rd_ofs, rn_ofs, rm_ofs;
4793 TCGv_i32 tmp, tmp2, tmp3, tmp4, tmp5;
4794 TCGv_ptr ptr1, ptr2, ptr3;
4797 /* FIXME: this access check should not take precedence over UNDEF
4798 * for invalid encodings; we will generate incorrect syndrome information
4799 * for attempts to execute invalid vfp/neon encodings with FP disabled.
4801 if (s->fp_excp_el) {
4802 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
4803 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
4807 if (!s->vfp_enabled)
4809 q = (insn & (1 << 6)) != 0;
4810 u = (insn >> 24) & 1;
4811 VFP_DREG_D(rd, insn);
4812 VFP_DREG_N(rn, insn);
4813 VFP_DREG_M(rm, insn);
4814 size = (insn >> 20) & 3;
4815 vec_size = q ? 16 : 8;
4816 rd_ofs = neon_reg_offset(rd, 0);
4817 rn_ofs = neon_reg_offset(rn, 0);
4818 rm_ofs = neon_reg_offset(rm, 0);
4820 if ((insn & (1 << 23)) == 0) {
4821 /* Three register same length. */
4822 op = ((insn >> 7) & 0x1e) | ((insn >> 4) & 1);
4823 /* Catch invalid op and bad size combinations: UNDEF */
4824 if ((neon_3r_sizes[op] & (1 << size)) == 0) {
4827 /* All insns of this form UNDEF for either this condition or the
4828 * superset of cases "Q==1"; we catch the latter later.
4830 if (q && ((rd | rn | rm) & 1)) {
4835 /* The SHA-1/SHA-256 3-register instructions require special
4836 * treatment here, as their size field is overloaded as an
4837 * op type selector, and they all consume their input in a
4843 if (!u) { /* SHA-1 */
4844 if (!dc_isar_feature(aa32_sha1, s)) {
4847 ptr1 = vfp_reg_ptr(true, rd);
4848 ptr2 = vfp_reg_ptr(true, rn);
4849 ptr3 = vfp_reg_ptr(true, rm);
4850 tmp4 = tcg_const_i32(size);
4851 gen_helper_crypto_sha1_3reg(ptr1, ptr2, ptr3, tmp4);
4852 tcg_temp_free_i32(tmp4);
4853 } else { /* SHA-256 */
4854 if (!dc_isar_feature(aa32_sha2, s) || size == 3) {
4857 ptr1 = vfp_reg_ptr(true, rd);
4858 ptr2 = vfp_reg_ptr(true, rn);
4859 ptr3 = vfp_reg_ptr(true, rm);
4862 gen_helper_crypto_sha256h(ptr1, ptr2, ptr3);
4865 gen_helper_crypto_sha256h2(ptr1, ptr2, ptr3);
4868 gen_helper_crypto_sha256su1(ptr1, ptr2, ptr3);
4872 tcg_temp_free_ptr(ptr1);
4873 tcg_temp_free_ptr(ptr2);
4874 tcg_temp_free_ptr(ptr3);
4877 case NEON_3R_VPADD_VQRDMLAH:
4884 return do_v81_helper(s, gen_helper_gvec_qrdmlah_s16,
4887 return do_v81_helper(s, gen_helper_gvec_qrdmlah_s32,
4892 case NEON_3R_VFM_VQRDMLSH:
4903 return do_v81_helper(s, gen_helper_gvec_qrdmlsh_s16,
4906 return do_v81_helper(s, gen_helper_gvec_qrdmlsh_s32,
4911 case NEON_3R_LOGIC: /* Logic ops. */
4912 switch ((u << 2) | size) {
4914 tcg_gen_gvec_and(0, rd_ofs, rn_ofs, rm_ofs,
4915 vec_size, vec_size);
4918 tcg_gen_gvec_andc(0, rd_ofs, rn_ofs, rm_ofs,
4919 vec_size, vec_size);
4922 tcg_gen_gvec_or(0, rd_ofs, rn_ofs, rm_ofs,
4923 vec_size, vec_size);
4926 tcg_gen_gvec_orc(0, rd_ofs, rn_ofs, rm_ofs,
4927 vec_size, vec_size);
4930 tcg_gen_gvec_xor(0, rd_ofs, rn_ofs, rm_ofs,
4931 vec_size, vec_size);
4934 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rd_ofs, rn_ofs, rm_ofs,
4935 vec_size, vec_size);
4938 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rm_ofs, rn_ofs, rd_ofs,
4939 vec_size, vec_size);
4942 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rm_ofs, rd_ofs, rn_ofs,
4943 vec_size, vec_size);
4948 case NEON_3R_VADD_VSUB:
4950 tcg_gen_gvec_sub(size, rd_ofs, rn_ofs, rm_ofs,
4951 vec_size, vec_size);
4953 tcg_gen_gvec_add(size, rd_ofs, rn_ofs, rm_ofs,
4954 vec_size, vec_size);
4959 tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
4960 rn_ofs, rm_ofs, vec_size, vec_size,
4961 (u ? uqadd_op : sqadd_op) + size);
4965 tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
4966 rn_ofs, rm_ofs, vec_size, vec_size,
4967 (u ? uqsub_op : sqsub_op) + size);
4970 case NEON_3R_VMUL: /* VMUL */
4972 /* Polynomial case allows only P8 and is handled below. */
4977 tcg_gen_gvec_mul(size, rd_ofs, rn_ofs, rm_ofs,
4978 vec_size, vec_size);
4983 case NEON_3R_VML: /* VMLA, VMLS */
4984 tcg_gen_gvec_3(rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size,
4985 u ? &mls_op[size] : &mla_op[size]);
4988 case NEON_3R_VTST_VCEQ:
4990 tcg_gen_gvec_cmp(TCG_COND_EQ, size, rd_ofs, rn_ofs, rm_ofs,
4991 vec_size, vec_size);
4993 tcg_gen_gvec_3(rd_ofs, rn_ofs, rm_ofs,
4994 vec_size, vec_size, &cmtst_op[size]);
4999 tcg_gen_gvec_cmp(u ? TCG_COND_GTU : TCG_COND_GT, size,
5000 rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size);
5004 tcg_gen_gvec_cmp(u ? TCG_COND_GEU : TCG_COND_GE, size,
5005 rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size);
5010 tcg_gen_gvec_umax(size, rd_ofs, rn_ofs, rm_ofs,
5011 vec_size, vec_size);
5013 tcg_gen_gvec_smax(size, rd_ofs, rn_ofs, rm_ofs,
5014 vec_size, vec_size);
5019 tcg_gen_gvec_umin(size, rd_ofs, rn_ofs, rm_ofs,
5020 vec_size, vec_size);
5022 tcg_gen_gvec_smin(size, rd_ofs, rn_ofs, rm_ofs,
5023 vec_size, vec_size);
5029 /* 64-bit element instructions. */
5030 for (pass = 0; pass < (q ? 2 : 1); pass++) {
5031 neon_load_reg64(cpu_V0, rn + pass);
5032 neon_load_reg64(cpu_V1, rm + pass);
5036 gen_helper_neon_shl_u64(cpu_V0, cpu_V1, cpu_V0);
5038 gen_helper_neon_shl_s64(cpu_V0, cpu_V1, cpu_V0);
5043 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5046 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5052 gen_helper_neon_rshl_u64(cpu_V0, cpu_V1, cpu_V0);
5054 gen_helper_neon_rshl_s64(cpu_V0, cpu_V1, cpu_V0);
5057 case NEON_3R_VQRSHL:
5059 gen_helper_neon_qrshl_u64(cpu_V0, cpu_env,
5062 gen_helper_neon_qrshl_s64(cpu_V0, cpu_env,
5069 neon_store_reg64(cpu_V0, rd + pass);
5078 case NEON_3R_VQRSHL:
5081 /* Shift instruction operands are reversed. */
5087 case NEON_3R_VPADD_VQRDMLAH:
5092 case NEON_3R_FLOAT_ARITH:
5093 pairwise = (u && size < 2); /* if VPADD (float) */
5095 case NEON_3R_FLOAT_MINMAX:
5096 pairwise = u; /* if VPMIN/VPMAX (float) */
5098 case NEON_3R_FLOAT_CMP:
5100 /* no encoding for U=0 C=1x */
5104 case NEON_3R_FLOAT_ACMP:
5109 case NEON_3R_FLOAT_MISC:
5110 /* VMAXNM/VMINNM in ARMv8 */
5111 if (u && !arm_dc_feature(s, ARM_FEATURE_V8)) {
5115 case NEON_3R_VFM_VQRDMLSH:
5116 if (!arm_dc_feature(s, ARM_FEATURE_VFP4)) {
5124 if (pairwise && q) {
5125 /* All the pairwise insns UNDEF if Q is set */
5129 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5134 tmp = neon_load_reg(rn, 0);
5135 tmp2 = neon_load_reg(rn, 1);
5137 tmp = neon_load_reg(rm, 0);
5138 tmp2 = neon_load_reg(rm, 1);
5142 tmp = neon_load_reg(rn, pass);
5143 tmp2 = neon_load_reg(rm, pass);
5147 GEN_NEON_INTEGER_OP(hadd);
5149 case NEON_3R_VRHADD:
5150 GEN_NEON_INTEGER_OP(rhadd);
5153 GEN_NEON_INTEGER_OP(hsub);
5156 GEN_NEON_INTEGER_OP(shl);
5159 GEN_NEON_INTEGER_OP_ENV(qshl);
5162 GEN_NEON_INTEGER_OP(rshl);
5164 case NEON_3R_VQRSHL:
5165 GEN_NEON_INTEGER_OP_ENV(qrshl);
5168 GEN_NEON_INTEGER_OP(abd);
5171 GEN_NEON_INTEGER_OP(abd);
5172 tcg_temp_free_i32(tmp2);
5173 tmp2 = neon_load_reg(rd, pass);
5174 gen_neon_add(size, tmp, tmp2);
5177 /* VMUL.P8; other cases already eliminated. */
5178 gen_helper_neon_mul_p8(tmp, tmp, tmp2);
5181 GEN_NEON_INTEGER_OP(pmax);
5184 GEN_NEON_INTEGER_OP(pmin);
5186 case NEON_3R_VQDMULH_VQRDMULH: /* Multiply high. */
5187 if (!u) { /* VQDMULH */
5190 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
5193 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
5197 } else { /* VQRDMULH */
5200 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
5203 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
5209 case NEON_3R_VPADD_VQRDMLAH:
5211 case 0: gen_helper_neon_padd_u8(tmp, tmp, tmp2); break;
5212 case 1: gen_helper_neon_padd_u16(tmp, tmp, tmp2); break;
5213 case 2: tcg_gen_add_i32(tmp, tmp, tmp2); break;
5217 case NEON_3R_FLOAT_ARITH: /* Floating point arithmetic. */
5219 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5220 switch ((u << 2) | size) {
5223 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
5226 gen_helper_vfp_subs(tmp, tmp, tmp2, fpstatus);
5229 gen_helper_neon_abd_f32(tmp, tmp, tmp2, fpstatus);
5234 tcg_temp_free_ptr(fpstatus);
5237 case NEON_3R_FLOAT_MULTIPLY:
5239 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5240 gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
5242 tcg_temp_free_i32(tmp2);
5243 tmp2 = neon_load_reg(rd, pass);
5245 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
5247 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
5250 tcg_temp_free_ptr(fpstatus);
5253 case NEON_3R_FLOAT_CMP:
5255 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5257 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
5260 gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
5262 gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
5265 tcg_temp_free_ptr(fpstatus);
5268 case NEON_3R_FLOAT_ACMP:
5270 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5272 gen_helper_neon_acge_f32(tmp, tmp, tmp2, fpstatus);
5274 gen_helper_neon_acgt_f32(tmp, tmp, tmp2, fpstatus);
5276 tcg_temp_free_ptr(fpstatus);
5279 case NEON_3R_FLOAT_MINMAX:
5281 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5283 gen_helper_vfp_maxs(tmp, tmp, tmp2, fpstatus);
5285 gen_helper_vfp_mins(tmp, tmp, tmp2, fpstatus);
5287 tcg_temp_free_ptr(fpstatus);
5290 case NEON_3R_FLOAT_MISC:
5293 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5295 gen_helper_vfp_maxnums(tmp, tmp, tmp2, fpstatus);
5297 gen_helper_vfp_minnums(tmp, tmp, tmp2, fpstatus);
5299 tcg_temp_free_ptr(fpstatus);
5302 gen_helper_recps_f32(tmp, tmp, tmp2, cpu_env);
5304 gen_helper_rsqrts_f32(tmp, tmp, tmp2, cpu_env);
5308 case NEON_3R_VFM_VQRDMLSH:
5310 /* VFMA, VFMS: fused multiply-add */
5311 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5312 TCGv_i32 tmp3 = neon_load_reg(rd, pass);
5315 gen_helper_vfp_negs(tmp, tmp);
5317 gen_helper_vfp_muladds(tmp, tmp, tmp2, tmp3, fpstatus);
5318 tcg_temp_free_i32(tmp3);
5319 tcg_temp_free_ptr(fpstatus);
5325 tcg_temp_free_i32(tmp2);
5327 /* Save the result. For elementwise operations we can put it
5328 straight into the destination register. For pairwise operations
5329 we have to be careful to avoid clobbering the source operands. */
5330 if (pairwise && rd == rm) {
5331 neon_store_scratch(pass, tmp);
5333 neon_store_reg(rd, pass, tmp);
5337 if (pairwise && rd == rm) {
5338 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5339 tmp = neon_load_scratch(pass);
5340 neon_store_reg(rd, pass, tmp);
5343 /* End of 3 register same size operations. */
5344 } else if (insn & (1 << 4)) {
5345 if ((insn & 0x00380080) != 0) {
5346 /* Two registers and shift. */
5347 op = (insn >> 8) & 0xf;
5348 if (insn & (1 << 7)) {
5356 while ((insn & (1 << (size + 19))) == 0)
5359 shift = (insn >> 16) & ((1 << (3 + size)) - 1);
5361 /* Shift by immediate:
5362 VSHR, VSRA, VRSHR, VRSRA, VSRI, VSHL, VQSHL, VQSHLU. */
5363 if (q && ((rd | rm) & 1)) {
5366 if (!u && (op == 4 || op == 6)) {
5369 /* Right shifts are encoded as N - shift, where N is the
5370 element size in bits. */
5372 shift = shift - (1 << (size + 3));
5377 /* Right shift comes here negative. */
5379 /* Shifts larger than the element size are architecturally
5380 * valid. Unsigned results in all zeros; signed results
5384 tcg_gen_gvec_sari(size, rd_ofs, rm_ofs,
5385 MIN(shift, (8 << size) - 1),
5386 vec_size, vec_size);
5387 } else if (shift >= 8 << size) {
5388 tcg_gen_gvec_dup8i(rd_ofs, vec_size, vec_size, 0);
5390 tcg_gen_gvec_shri(size, rd_ofs, rm_ofs, shift,
5391 vec_size, vec_size);
5396 /* Right shift comes here negative. */
5398 /* Shifts larger than the element size are architecturally
5399 * valid. Unsigned results in all zeros; signed results
5403 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5404 MIN(shift, (8 << size) - 1),
5406 } else if (shift >= 8 << size) {
5409 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5410 shift, &usra_op[size]);
5418 /* Right shift comes here negative. */
5420 /* Shift out of range leaves destination unchanged. */
5421 if (shift < 8 << size) {
5422 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5423 shift, &sri_op[size]);
5427 case 5: /* VSHL, VSLI */
5429 /* Shift out of range leaves destination unchanged. */
5430 if (shift < 8 << size) {
5431 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size,
5432 vec_size, shift, &sli_op[size]);
5435 /* Shifts larger than the element size are
5436 * architecturally valid and results in zero.
5438 if (shift >= 8 << size) {
5439 tcg_gen_gvec_dup8i(rd_ofs, vec_size, vec_size, 0);
5441 tcg_gen_gvec_shli(size, rd_ofs, rm_ofs, shift,
5442 vec_size, vec_size);
5454 /* To avoid excessive duplication of ops we implement shift
5455 * by immediate using the variable shift operations.
5457 imm = dup_const(size, shift);
5459 for (pass = 0; pass < count; pass++) {
5461 neon_load_reg64(cpu_V0, rm + pass);
5462 tcg_gen_movi_i64(cpu_V1, imm);
5467 gen_helper_neon_rshl_u64(cpu_V0, cpu_V0, cpu_V1);
5469 gen_helper_neon_rshl_s64(cpu_V0, cpu_V0, cpu_V1);
5471 case 6: /* VQSHLU */
5472 gen_helper_neon_qshlu_s64(cpu_V0, cpu_env,
5477 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5480 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5485 g_assert_not_reached();
5489 neon_load_reg64(cpu_V1, rd + pass);
5490 tcg_gen_add_i64(cpu_V0, cpu_V0, cpu_V1);
5492 neon_store_reg64(cpu_V0, rd + pass);
5493 } else { /* size < 3 */
5494 /* Operands in T0 and T1. */
5495 tmp = neon_load_reg(rm, pass);
5496 tmp2 = tcg_temp_new_i32();
5497 tcg_gen_movi_i32(tmp2, imm);
5501 GEN_NEON_INTEGER_OP(rshl);
5503 case 6: /* VQSHLU */
5506 gen_helper_neon_qshlu_s8(tmp, cpu_env,
5510 gen_helper_neon_qshlu_s16(tmp, cpu_env,
5514 gen_helper_neon_qshlu_s32(tmp, cpu_env,
5522 GEN_NEON_INTEGER_OP_ENV(qshl);
5525 g_assert_not_reached();
5527 tcg_temp_free_i32(tmp2);
5531 tmp2 = neon_load_reg(rd, pass);
5532 gen_neon_add(size, tmp, tmp2);
5533 tcg_temp_free_i32(tmp2);
5535 neon_store_reg(rd, pass, tmp);
5538 } else if (op < 10) {
5539 /* Shift by immediate and narrow:
5540 VSHRN, VRSHRN, VQSHRN, VQRSHRN. */
5541 int input_unsigned = (op == 8) ? !u : u;
5545 shift = shift - (1 << (size + 3));
5548 tmp64 = tcg_const_i64(shift);
5549 neon_load_reg64(cpu_V0, rm);
5550 neon_load_reg64(cpu_V1, rm + 1);
5551 for (pass = 0; pass < 2; pass++) {
5559 if (input_unsigned) {
5560 gen_helper_neon_rshl_u64(cpu_V0, in, tmp64);
5562 gen_helper_neon_rshl_s64(cpu_V0, in, tmp64);
5565 if (input_unsigned) {
5566 gen_helper_neon_shl_u64(cpu_V0, in, tmp64);
5568 gen_helper_neon_shl_s64(cpu_V0, in, tmp64);
5571 tmp = tcg_temp_new_i32();
5572 gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
5573 neon_store_reg(rd, pass, tmp);
5575 tcg_temp_free_i64(tmp64);
5578 imm = (uint16_t)shift;
5582 imm = (uint32_t)shift;
5584 tmp2 = tcg_const_i32(imm);
5585 tmp4 = neon_load_reg(rm + 1, 0);
5586 tmp5 = neon_load_reg(rm + 1, 1);
5587 for (pass = 0; pass < 2; pass++) {
5589 tmp = neon_load_reg(rm, 0);
5593 gen_neon_shift_narrow(size, tmp, tmp2, q,
5596 tmp3 = neon_load_reg(rm, 1);
5600 gen_neon_shift_narrow(size, tmp3, tmp2, q,
5602 tcg_gen_concat_i32_i64(cpu_V0, tmp, tmp3);
5603 tcg_temp_free_i32(tmp);
5604 tcg_temp_free_i32(tmp3);
5605 tmp = tcg_temp_new_i32();
5606 gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
5607 neon_store_reg(rd, pass, tmp);
5609 tcg_temp_free_i32(tmp2);
5611 } else if (op == 10) {
5613 if (q || (rd & 1)) {
5616 tmp = neon_load_reg(rm, 0);
5617 tmp2 = neon_load_reg(rm, 1);
5618 for (pass = 0; pass < 2; pass++) {
5622 gen_neon_widen(cpu_V0, tmp, size, u);
5625 /* The shift is less than the width of the source
5626 type, so we can just shift the whole register. */
5627 tcg_gen_shli_i64(cpu_V0, cpu_V0, shift);
5628 /* Widen the result of shift: we need to clear
5629 * the potential overflow bits resulting from
5630 * left bits of the narrow input appearing as
5631 * right bits of left the neighbour narrow
5633 if (size < 2 || !u) {
5636 imm = (0xffu >> (8 - shift));
5638 } else if (size == 1) {
5639 imm = 0xffff >> (16 - shift);
5642 imm = 0xffffffff >> (32 - shift);
5645 imm64 = imm | (((uint64_t)imm) << 32);
5649 tcg_gen_andi_i64(cpu_V0, cpu_V0, ~imm64);
5652 neon_store_reg64(cpu_V0, rd + pass);
5654 } else if (op >= 14) {
5655 /* VCVT fixed-point. */
5658 VFPGenFixPointFn *fn;
5660 if (!(insn & (1 << 21)) || (q && ((rd | rm) & 1))) {
5666 fn = gen_helper_vfp_ultos;
5668 fn = gen_helper_vfp_sltos;
5672 fn = gen_helper_vfp_touls_round_to_zero;
5674 fn = gen_helper_vfp_tosls_round_to_zero;
5678 /* We have already masked out the must-be-1 top bit of imm6,
5679 * hence this 32-shift where the ARM ARM has 64-imm6.
5682 fpst = get_fpstatus_ptr(1);
5683 shiftv = tcg_const_i32(shift);
5684 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5685 TCGv_i32 tmpf = neon_load_reg(rm, pass);
5686 fn(tmpf, tmpf, shiftv, fpst);
5687 neon_store_reg(rd, pass, tmpf);
5689 tcg_temp_free_ptr(fpst);
5690 tcg_temp_free_i32(shiftv);
5694 } else { /* (insn & 0x00380080) == 0 */
5695 int invert, reg_ofs, vec_size;
5697 if (q && (rd & 1)) {
5701 op = (insn >> 8) & 0xf;
5702 /* One register and immediate. */
5703 imm = (u << 7) | ((insn >> 12) & 0x70) | (insn & 0xf);
5704 invert = (insn & (1 << 5)) != 0;
5705 /* Note that op = 2,3,4,5,6,7,10,11,12,13 imm=0 is UNPREDICTABLE.
5706 * We choose to not special-case this and will behave as if a
5707 * valid constant encoding of 0 had been given.
5726 imm = (imm << 8) | (imm << 24);
5729 imm = (imm << 8) | 0xff;
5732 imm = (imm << 16) | 0xffff;
5735 imm |= (imm << 8) | (imm << 16) | (imm << 24);
5744 imm = ((imm & 0x80) << 24) | ((imm & 0x3f) << 19)
5745 | ((imm & 0x40) ? (0x1f << 25) : (1 << 30));
5752 reg_ofs = neon_reg_offset(rd, 0);
5753 vec_size = q ? 16 : 8;
5755 if (op & 1 && op < 12) {
5757 /* The immediate value has already been inverted,
5758 * so BIC becomes AND.
5760 tcg_gen_gvec_andi(MO_32, reg_ofs, reg_ofs, imm,
5761 vec_size, vec_size);
5763 tcg_gen_gvec_ori(MO_32, reg_ofs, reg_ofs, imm,
5764 vec_size, vec_size);
5768 if (op == 14 && invert) {
5769 TCGv_i64 t64 = tcg_temp_new_i64();
5771 for (pass = 0; pass <= q; ++pass) {
5775 for (n = 0; n < 8; n++) {
5776 if (imm & (1 << (n + pass * 8))) {
5777 val |= 0xffull << (n * 8);
5780 tcg_gen_movi_i64(t64, val);
5781 neon_store_reg64(t64, rd + pass);
5783 tcg_temp_free_i64(t64);
5785 tcg_gen_gvec_dup32i(reg_ofs, vec_size, vec_size, imm);
5789 } else { /* (insn & 0x00800010 == 0x00800000) */
5791 op = (insn >> 8) & 0xf;
5792 if ((insn & (1 << 6)) == 0) {
5793 /* Three registers of different lengths. */
5797 /* undefreq: bit 0 : UNDEF if size == 0
5798 * bit 1 : UNDEF if size == 1
5799 * bit 2 : UNDEF if size == 2
5800 * bit 3 : UNDEF if U == 1
5801 * Note that [2:0] set implies 'always UNDEF'
5804 /* prewiden, src1_wide, src2_wide, undefreq */
5805 static const int neon_3reg_wide[16][4] = {
5806 {1, 0, 0, 0}, /* VADDL */
5807 {1, 1, 0, 0}, /* VADDW */
5808 {1, 0, 0, 0}, /* VSUBL */
5809 {1, 1, 0, 0}, /* VSUBW */
5810 {0, 1, 1, 0}, /* VADDHN */
5811 {0, 0, 0, 0}, /* VABAL */
5812 {0, 1, 1, 0}, /* VSUBHN */
5813 {0, 0, 0, 0}, /* VABDL */
5814 {0, 0, 0, 0}, /* VMLAL */
5815 {0, 0, 0, 9}, /* VQDMLAL */
5816 {0, 0, 0, 0}, /* VMLSL */
5817 {0, 0, 0, 9}, /* VQDMLSL */
5818 {0, 0, 0, 0}, /* Integer VMULL */
5819 {0, 0, 0, 1}, /* VQDMULL */
5820 {0, 0, 0, 0xa}, /* Polynomial VMULL */
5821 {0, 0, 0, 7}, /* Reserved: always UNDEF */
5824 prewiden = neon_3reg_wide[op][0];
5825 src1_wide = neon_3reg_wide[op][1];
5826 src2_wide = neon_3reg_wide[op][2];
5827 undefreq = neon_3reg_wide[op][3];
5829 if ((undefreq & (1 << size)) ||
5830 ((undefreq & 8) && u)) {
5833 if ((src1_wide && (rn & 1)) ||
5834 (src2_wide && (rm & 1)) ||
5835 (!src2_wide && (rd & 1))) {
5839 /* Handle VMULL.P64 (Polynomial 64x64 to 128 bit multiply)
5840 * outside the loop below as it only performs a single pass.
5842 if (op == 14 && size == 2) {
5843 TCGv_i64 tcg_rn, tcg_rm, tcg_rd;
5845 if (!dc_isar_feature(aa32_pmull, s)) {
5848 tcg_rn = tcg_temp_new_i64();
5849 tcg_rm = tcg_temp_new_i64();
5850 tcg_rd = tcg_temp_new_i64();
5851 neon_load_reg64(tcg_rn, rn);
5852 neon_load_reg64(tcg_rm, rm);
5853 gen_helper_neon_pmull_64_lo(tcg_rd, tcg_rn, tcg_rm);
5854 neon_store_reg64(tcg_rd, rd);
5855 gen_helper_neon_pmull_64_hi(tcg_rd, tcg_rn, tcg_rm);
5856 neon_store_reg64(tcg_rd, rd + 1);
5857 tcg_temp_free_i64(tcg_rn);
5858 tcg_temp_free_i64(tcg_rm);
5859 tcg_temp_free_i64(tcg_rd);
5863 /* Avoid overlapping operands. Wide source operands are
5864 always aligned so will never overlap with wide
5865 destinations in problematic ways. */
5866 if (rd == rm && !src2_wide) {
5867 tmp = neon_load_reg(rm, 1);
5868 neon_store_scratch(2, tmp);
5869 } else if (rd == rn && !src1_wide) {
5870 tmp = neon_load_reg(rn, 1);
5871 neon_store_scratch(2, tmp);
5874 for (pass = 0; pass < 2; pass++) {
5876 neon_load_reg64(cpu_V0, rn + pass);
5879 if (pass == 1 && rd == rn) {
5880 tmp = neon_load_scratch(2);
5882 tmp = neon_load_reg(rn, pass);
5885 gen_neon_widen(cpu_V0, tmp, size, u);
5889 neon_load_reg64(cpu_V1, rm + pass);
5892 if (pass == 1 && rd == rm) {
5893 tmp2 = neon_load_scratch(2);
5895 tmp2 = neon_load_reg(rm, pass);
5898 gen_neon_widen(cpu_V1, tmp2, size, u);
5902 case 0: case 1: case 4: /* VADDL, VADDW, VADDHN, VRADDHN */
5903 gen_neon_addl(size);
5905 case 2: case 3: case 6: /* VSUBL, VSUBW, VSUBHN, VRSUBHN */
5906 gen_neon_subl(size);
5908 case 5: case 7: /* VABAL, VABDL */
5909 switch ((size << 1) | u) {
5911 gen_helper_neon_abdl_s16(cpu_V0, tmp, tmp2);
5914 gen_helper_neon_abdl_u16(cpu_V0, tmp, tmp2);
5917 gen_helper_neon_abdl_s32(cpu_V0, tmp, tmp2);
5920 gen_helper_neon_abdl_u32(cpu_V0, tmp, tmp2);
5923 gen_helper_neon_abdl_s64(cpu_V0, tmp, tmp2);
5926 gen_helper_neon_abdl_u64(cpu_V0, tmp, tmp2);
5930 tcg_temp_free_i32(tmp2);
5931 tcg_temp_free_i32(tmp);
5933 case 8: case 9: case 10: case 11: case 12: case 13:
5934 /* VMLAL, VQDMLAL, VMLSL, VQDMLSL, VMULL, VQDMULL */
5935 gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
5937 case 14: /* Polynomial VMULL */
5938 gen_helper_neon_mull_p8(cpu_V0, tmp, tmp2);
5939 tcg_temp_free_i32(tmp2);
5940 tcg_temp_free_i32(tmp);
5942 default: /* 15 is RESERVED: caught earlier */
5947 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
5948 neon_store_reg64(cpu_V0, rd + pass);
5949 } else if (op == 5 || (op >= 8 && op <= 11)) {
5951 neon_load_reg64(cpu_V1, rd + pass);
5953 case 10: /* VMLSL */
5954 gen_neon_negl(cpu_V0, size);
5956 case 5: case 8: /* VABAL, VMLAL */
5957 gen_neon_addl(size);
5959 case 9: case 11: /* VQDMLAL, VQDMLSL */
5960 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
5962 gen_neon_negl(cpu_V0, size);
5964 gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
5969 neon_store_reg64(cpu_V0, rd + pass);
5970 } else if (op == 4 || op == 6) {
5971 /* Narrowing operation. */
5972 tmp = tcg_temp_new_i32();
5976 gen_helper_neon_narrow_high_u8(tmp, cpu_V0);
5979 gen_helper_neon_narrow_high_u16(tmp, cpu_V0);
5982 tcg_gen_extrh_i64_i32(tmp, cpu_V0);
5989 gen_helper_neon_narrow_round_high_u8(tmp, cpu_V0);
5992 gen_helper_neon_narrow_round_high_u16(tmp, cpu_V0);
5995 tcg_gen_addi_i64(cpu_V0, cpu_V0, 1u << 31);
5996 tcg_gen_extrh_i64_i32(tmp, cpu_V0);
6004 neon_store_reg(rd, 0, tmp3);
6005 neon_store_reg(rd, 1, tmp);
6008 /* Write back the result. */
6009 neon_store_reg64(cpu_V0, rd + pass);
6013 /* Two registers and a scalar. NB that for ops of this form
6014 * the ARM ARM labels bit 24 as Q, but it is in our variable
6021 case 1: /* Float VMLA scalar */
6022 case 5: /* Floating point VMLS scalar */
6023 case 9: /* Floating point VMUL scalar */
6028 case 0: /* Integer VMLA scalar */
6029 case 4: /* Integer VMLS scalar */
6030 case 8: /* Integer VMUL scalar */
6031 case 12: /* VQDMULH scalar */
6032 case 13: /* VQRDMULH scalar */
6033 if (u && ((rd | rn) & 1)) {
6036 tmp = neon_get_scalar(size, rm);
6037 neon_store_scratch(0, tmp);
6038 for (pass = 0; pass < (u ? 4 : 2); pass++) {
6039 tmp = neon_load_scratch(0);
6040 tmp2 = neon_load_reg(rn, pass);
6043 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
6045 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
6047 } else if (op == 13) {
6049 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
6051 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
6053 } else if (op & 1) {
6054 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6055 gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
6056 tcg_temp_free_ptr(fpstatus);
6059 case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
6060 case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
6061 case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
6065 tcg_temp_free_i32(tmp2);
6068 tmp2 = neon_load_reg(rd, pass);
6071 gen_neon_add(size, tmp, tmp2);
6075 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6076 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
6077 tcg_temp_free_ptr(fpstatus);
6081 gen_neon_rsb(size, tmp, tmp2);
6085 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6086 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
6087 tcg_temp_free_ptr(fpstatus);
6093 tcg_temp_free_i32(tmp2);
6095 neon_store_reg(rd, pass, tmp);
6098 case 3: /* VQDMLAL scalar */
6099 case 7: /* VQDMLSL scalar */
6100 case 11: /* VQDMULL scalar */
6105 case 2: /* VMLAL sclar */
6106 case 6: /* VMLSL scalar */
6107 case 10: /* VMULL scalar */
6111 tmp2 = neon_get_scalar(size, rm);
6112 /* We need a copy of tmp2 because gen_neon_mull
6113 * deletes it during pass 0. */
6114 tmp4 = tcg_temp_new_i32();
6115 tcg_gen_mov_i32(tmp4, tmp2);
6116 tmp3 = neon_load_reg(rn, 1);
6118 for (pass = 0; pass < 2; pass++) {
6120 tmp = neon_load_reg(rn, 0);
6125 gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
6127 neon_load_reg64(cpu_V1, rd + pass);
6131 gen_neon_negl(cpu_V0, size);
6134 gen_neon_addl(size);
6137 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6139 gen_neon_negl(cpu_V0, size);
6141 gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
6147 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6152 neon_store_reg64(cpu_V0, rd + pass);
6155 case 14: /* VQRDMLAH scalar */
6156 case 15: /* VQRDMLSH scalar */
6158 NeonGenThreeOpEnvFn *fn;
6160 if (!dc_isar_feature(aa32_rdm, s)) {
6163 if (u && ((rd | rn) & 1)) {
6168 fn = gen_helper_neon_qrdmlah_s16;
6170 fn = gen_helper_neon_qrdmlah_s32;
6174 fn = gen_helper_neon_qrdmlsh_s16;
6176 fn = gen_helper_neon_qrdmlsh_s32;
6180 tmp2 = neon_get_scalar(size, rm);
6181 for (pass = 0; pass < (u ? 4 : 2); pass++) {
6182 tmp = neon_load_reg(rn, pass);
6183 tmp3 = neon_load_reg(rd, pass);
6184 fn(tmp, cpu_env, tmp, tmp2, tmp3);
6185 tcg_temp_free_i32(tmp3);
6186 neon_store_reg(rd, pass, tmp);
6188 tcg_temp_free_i32(tmp2);
6192 g_assert_not_reached();
6195 } else { /* size == 3 */
6198 imm = (insn >> 8) & 0xf;
6203 if (q && ((rd | rn | rm) & 1)) {
6208 neon_load_reg64(cpu_V0, rn);
6210 neon_load_reg64(cpu_V1, rn + 1);
6212 } else if (imm == 8) {
6213 neon_load_reg64(cpu_V0, rn + 1);
6215 neon_load_reg64(cpu_V1, rm);
6218 tmp64 = tcg_temp_new_i64();
6220 neon_load_reg64(cpu_V0, rn);
6221 neon_load_reg64(tmp64, rn + 1);
6223 neon_load_reg64(cpu_V0, rn + 1);
6224 neon_load_reg64(tmp64, rm);
6226 tcg_gen_shri_i64(cpu_V0, cpu_V0, (imm & 7) * 8);
6227 tcg_gen_shli_i64(cpu_V1, tmp64, 64 - ((imm & 7) * 8));
6228 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6230 neon_load_reg64(cpu_V1, rm);
6232 neon_load_reg64(cpu_V1, rm + 1);
6235 tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6236 tcg_gen_shri_i64(tmp64, tmp64, imm * 8);
6237 tcg_gen_or_i64(cpu_V1, cpu_V1, tmp64);
6238 tcg_temp_free_i64(tmp64);
6241 neon_load_reg64(cpu_V0, rn);
6242 tcg_gen_shri_i64(cpu_V0, cpu_V0, imm * 8);
6243 neon_load_reg64(cpu_V1, rm);
6244 tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6245 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6247 neon_store_reg64(cpu_V0, rd);
6249 neon_store_reg64(cpu_V1, rd + 1);
6251 } else if ((insn & (1 << 11)) == 0) {
6252 /* Two register misc. */
6253 op = ((insn >> 12) & 0x30) | ((insn >> 7) & 0xf);
6254 size = (insn >> 18) & 3;
6255 /* UNDEF for unknown op values and bad op-size combinations */
6256 if ((neon_2rm_sizes[op] & (1 << size)) == 0) {
6259 if (neon_2rm_is_v8_op(op) &&
6260 !arm_dc_feature(s, ARM_FEATURE_V8)) {
6263 if ((op != NEON_2RM_VMOVN && op != NEON_2RM_VQMOVN) &&
6264 q && ((rm | rd) & 1)) {
6268 case NEON_2RM_VREV64:
6269 for (pass = 0; pass < (q ? 2 : 1); pass++) {
6270 tmp = neon_load_reg(rm, pass * 2);
6271 tmp2 = neon_load_reg(rm, pass * 2 + 1);
6273 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
6274 case 1: gen_swap_half(tmp); break;
6275 case 2: /* no-op */ break;
6278 neon_store_reg(rd, pass * 2 + 1, tmp);
6280 neon_store_reg(rd, pass * 2, tmp2);
6283 case 0: tcg_gen_bswap32_i32(tmp2, tmp2); break;
6284 case 1: gen_swap_half(tmp2); break;
6287 neon_store_reg(rd, pass * 2, tmp2);
6291 case NEON_2RM_VPADDL: case NEON_2RM_VPADDL_U:
6292 case NEON_2RM_VPADAL: case NEON_2RM_VPADAL_U:
6293 for (pass = 0; pass < q + 1; pass++) {
6294 tmp = neon_load_reg(rm, pass * 2);
6295 gen_neon_widen(cpu_V0, tmp, size, op & 1);
6296 tmp = neon_load_reg(rm, pass * 2 + 1);
6297 gen_neon_widen(cpu_V1, tmp, size, op & 1);
6299 case 0: gen_helper_neon_paddl_u16(CPU_V001); break;
6300 case 1: gen_helper_neon_paddl_u32(CPU_V001); break;
6301 case 2: tcg_gen_add_i64(CPU_V001); break;
6304 if (op >= NEON_2RM_VPADAL) {
6306 neon_load_reg64(cpu_V1, rd + pass);
6307 gen_neon_addl(size);
6309 neon_store_reg64(cpu_V0, rd + pass);
6315 for (n = 0; n < (q ? 4 : 2); n += 2) {
6316 tmp = neon_load_reg(rm, n);
6317 tmp2 = neon_load_reg(rd, n + 1);
6318 neon_store_reg(rm, n, tmp2);
6319 neon_store_reg(rd, n + 1, tmp);
6326 if (gen_neon_unzip(rd, rm, size, q)) {
6331 if (gen_neon_zip(rd, rm, size, q)) {
6335 case NEON_2RM_VMOVN: case NEON_2RM_VQMOVN:
6336 /* also VQMOVUN; op field and mnemonics don't line up */
6341 for (pass = 0; pass < 2; pass++) {
6342 neon_load_reg64(cpu_V0, rm + pass);
6343 tmp = tcg_temp_new_i32();
6344 gen_neon_narrow_op(op == NEON_2RM_VMOVN, q, size,
6349 neon_store_reg(rd, 0, tmp2);
6350 neon_store_reg(rd, 1, tmp);
6354 case NEON_2RM_VSHLL:
6355 if (q || (rd & 1)) {
6358 tmp = neon_load_reg(rm, 0);
6359 tmp2 = neon_load_reg(rm, 1);
6360 for (pass = 0; pass < 2; pass++) {
6363 gen_neon_widen(cpu_V0, tmp, size, 1);
6364 tcg_gen_shli_i64(cpu_V0, cpu_V0, 8 << size);
6365 neon_store_reg64(cpu_V0, rd + pass);
6368 case NEON_2RM_VCVT_F16_F32:
6373 if (!dc_isar_feature(aa32_fp16_spconv, s) ||
6377 fpst = get_fpstatus_ptr(true);
6378 ahp = get_ahp_flag();
6379 tmp = neon_load_reg(rm, 0);
6380 gen_helper_vfp_fcvt_f32_to_f16(tmp, tmp, fpst, ahp);
6381 tmp2 = neon_load_reg(rm, 1);
6382 gen_helper_vfp_fcvt_f32_to_f16(tmp2, tmp2, fpst, ahp);
6383 tcg_gen_shli_i32(tmp2, tmp2, 16);
6384 tcg_gen_or_i32(tmp2, tmp2, tmp);
6385 tcg_temp_free_i32(tmp);
6386 tmp = neon_load_reg(rm, 2);
6387 gen_helper_vfp_fcvt_f32_to_f16(tmp, tmp, fpst, ahp);
6388 tmp3 = neon_load_reg(rm, 3);
6389 neon_store_reg(rd, 0, tmp2);
6390 gen_helper_vfp_fcvt_f32_to_f16(tmp3, tmp3, fpst, ahp);
6391 tcg_gen_shli_i32(tmp3, tmp3, 16);
6392 tcg_gen_or_i32(tmp3, tmp3, tmp);
6393 neon_store_reg(rd, 1, tmp3);
6394 tcg_temp_free_i32(tmp);
6395 tcg_temp_free_i32(ahp);
6396 tcg_temp_free_ptr(fpst);
6399 case NEON_2RM_VCVT_F32_F16:
6403 if (!dc_isar_feature(aa32_fp16_spconv, s) ||
6407 fpst = get_fpstatus_ptr(true);
6408 ahp = get_ahp_flag();
6409 tmp3 = tcg_temp_new_i32();
6410 tmp = neon_load_reg(rm, 0);
6411 tmp2 = neon_load_reg(rm, 1);
6412 tcg_gen_ext16u_i32(tmp3, tmp);
6413 gen_helper_vfp_fcvt_f16_to_f32(tmp3, tmp3, fpst, ahp);
6414 neon_store_reg(rd, 0, tmp3);
6415 tcg_gen_shri_i32(tmp, tmp, 16);
6416 gen_helper_vfp_fcvt_f16_to_f32(tmp, tmp, fpst, ahp);
6417 neon_store_reg(rd, 1, tmp);
6418 tmp3 = tcg_temp_new_i32();
6419 tcg_gen_ext16u_i32(tmp3, tmp2);
6420 gen_helper_vfp_fcvt_f16_to_f32(tmp3, tmp3, fpst, ahp);
6421 neon_store_reg(rd, 2, tmp3);
6422 tcg_gen_shri_i32(tmp2, tmp2, 16);
6423 gen_helper_vfp_fcvt_f16_to_f32(tmp2, tmp2, fpst, ahp);
6424 neon_store_reg(rd, 3, tmp2);
6425 tcg_temp_free_i32(ahp);
6426 tcg_temp_free_ptr(fpst);
6429 case NEON_2RM_AESE: case NEON_2RM_AESMC:
6430 if (!dc_isar_feature(aa32_aes, s) || ((rm | rd) & 1)) {
6433 ptr1 = vfp_reg_ptr(true, rd);
6434 ptr2 = vfp_reg_ptr(true, rm);
6436 /* Bit 6 is the lowest opcode bit; it distinguishes between
6437 * encryption (AESE/AESMC) and decryption (AESD/AESIMC)
6439 tmp3 = tcg_const_i32(extract32(insn, 6, 1));
6441 if (op == NEON_2RM_AESE) {
6442 gen_helper_crypto_aese(ptr1, ptr2, tmp3);
6444 gen_helper_crypto_aesmc(ptr1, ptr2, tmp3);
6446 tcg_temp_free_ptr(ptr1);
6447 tcg_temp_free_ptr(ptr2);
6448 tcg_temp_free_i32(tmp3);
6450 case NEON_2RM_SHA1H:
6451 if (!dc_isar_feature(aa32_sha1, s) || ((rm | rd) & 1)) {
6454 ptr1 = vfp_reg_ptr(true, rd);
6455 ptr2 = vfp_reg_ptr(true, rm);
6457 gen_helper_crypto_sha1h(ptr1, ptr2);
6459 tcg_temp_free_ptr(ptr1);
6460 tcg_temp_free_ptr(ptr2);
6462 case NEON_2RM_SHA1SU1:
6463 if ((rm | rd) & 1) {
6466 /* bit 6 (q): set -> SHA256SU0, cleared -> SHA1SU1 */
6468 if (!dc_isar_feature(aa32_sha2, s)) {
6471 } else if (!dc_isar_feature(aa32_sha1, s)) {
6474 ptr1 = vfp_reg_ptr(true, rd);
6475 ptr2 = vfp_reg_ptr(true, rm);
6477 gen_helper_crypto_sha256su0(ptr1, ptr2);
6479 gen_helper_crypto_sha1su1(ptr1, ptr2);
6481 tcg_temp_free_ptr(ptr1);
6482 tcg_temp_free_ptr(ptr2);
6486 tcg_gen_gvec_not(0, rd_ofs, rm_ofs, vec_size, vec_size);
6489 tcg_gen_gvec_neg(size, rd_ofs, rm_ofs, vec_size, vec_size);
6492 tcg_gen_gvec_abs(size, rd_ofs, rm_ofs, vec_size, vec_size);
6497 for (pass = 0; pass < (q ? 4 : 2); pass++) {
6498 tmp = neon_load_reg(rm, pass);
6500 case NEON_2RM_VREV32:
6502 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
6503 case 1: gen_swap_half(tmp); break;
6507 case NEON_2RM_VREV16:
6512 case 0: gen_helper_neon_cls_s8(tmp, tmp); break;
6513 case 1: gen_helper_neon_cls_s16(tmp, tmp); break;
6514 case 2: gen_helper_neon_cls_s32(tmp, tmp); break;
6520 case 0: gen_helper_neon_clz_u8(tmp, tmp); break;
6521 case 1: gen_helper_neon_clz_u16(tmp, tmp); break;
6522 case 2: tcg_gen_clzi_i32(tmp, tmp, 32); break;
6527 gen_helper_neon_cnt_u8(tmp, tmp);
6529 case NEON_2RM_VQABS:
6532 gen_helper_neon_qabs_s8(tmp, cpu_env, tmp);
6535 gen_helper_neon_qabs_s16(tmp, cpu_env, tmp);
6538 gen_helper_neon_qabs_s32(tmp, cpu_env, tmp);
6543 case NEON_2RM_VQNEG:
6546 gen_helper_neon_qneg_s8(tmp, cpu_env, tmp);
6549 gen_helper_neon_qneg_s16(tmp, cpu_env, tmp);
6552 gen_helper_neon_qneg_s32(tmp, cpu_env, tmp);
6557 case NEON_2RM_VCGT0: case NEON_2RM_VCLE0:
6558 tmp2 = tcg_const_i32(0);
6560 case 0: gen_helper_neon_cgt_s8(tmp, tmp, tmp2); break;
6561 case 1: gen_helper_neon_cgt_s16(tmp, tmp, tmp2); break;
6562 case 2: gen_helper_neon_cgt_s32(tmp, tmp, tmp2); break;
6565 tcg_temp_free_i32(tmp2);
6566 if (op == NEON_2RM_VCLE0) {
6567 tcg_gen_not_i32(tmp, tmp);
6570 case NEON_2RM_VCGE0: case NEON_2RM_VCLT0:
6571 tmp2 = tcg_const_i32(0);
6573 case 0: gen_helper_neon_cge_s8(tmp, tmp, tmp2); break;
6574 case 1: gen_helper_neon_cge_s16(tmp, tmp, tmp2); break;
6575 case 2: gen_helper_neon_cge_s32(tmp, tmp, tmp2); break;
6578 tcg_temp_free_i32(tmp2);
6579 if (op == NEON_2RM_VCLT0) {
6580 tcg_gen_not_i32(tmp, tmp);
6583 case NEON_2RM_VCEQ0:
6584 tmp2 = tcg_const_i32(0);
6586 case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
6587 case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
6588 case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
6591 tcg_temp_free_i32(tmp2);
6593 case NEON_2RM_VCGT0_F:
6595 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6596 tmp2 = tcg_const_i32(0);
6597 gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
6598 tcg_temp_free_i32(tmp2);
6599 tcg_temp_free_ptr(fpstatus);
6602 case NEON_2RM_VCGE0_F:
6604 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6605 tmp2 = tcg_const_i32(0);
6606 gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
6607 tcg_temp_free_i32(tmp2);
6608 tcg_temp_free_ptr(fpstatus);
6611 case NEON_2RM_VCEQ0_F:
6613 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6614 tmp2 = tcg_const_i32(0);
6615 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
6616 tcg_temp_free_i32(tmp2);
6617 tcg_temp_free_ptr(fpstatus);
6620 case NEON_2RM_VCLE0_F:
6622 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6623 tmp2 = tcg_const_i32(0);
6624 gen_helper_neon_cge_f32(tmp, tmp2, tmp, fpstatus);
6625 tcg_temp_free_i32(tmp2);
6626 tcg_temp_free_ptr(fpstatus);
6629 case NEON_2RM_VCLT0_F:
6631 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6632 tmp2 = tcg_const_i32(0);
6633 gen_helper_neon_cgt_f32(tmp, tmp2, tmp, fpstatus);
6634 tcg_temp_free_i32(tmp2);
6635 tcg_temp_free_ptr(fpstatus);
6638 case NEON_2RM_VABS_F:
6639 gen_helper_vfp_abss(tmp, tmp);
6641 case NEON_2RM_VNEG_F:
6642 gen_helper_vfp_negs(tmp, tmp);
6645 tmp2 = neon_load_reg(rd, pass);
6646 neon_store_reg(rm, pass, tmp2);
6649 tmp2 = neon_load_reg(rd, pass);
6651 case 0: gen_neon_trn_u8(tmp, tmp2); break;
6652 case 1: gen_neon_trn_u16(tmp, tmp2); break;
6655 neon_store_reg(rm, pass, tmp2);
6657 case NEON_2RM_VRINTN:
6658 case NEON_2RM_VRINTA:
6659 case NEON_2RM_VRINTM:
6660 case NEON_2RM_VRINTP:
6661 case NEON_2RM_VRINTZ:
6664 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6667 if (op == NEON_2RM_VRINTZ) {
6668 rmode = FPROUNDING_ZERO;
6670 rmode = fp_decode_rm[((op & 0x6) >> 1) ^ 1];
6673 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
6674 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6676 gen_helper_rints(tmp, tmp, fpstatus);
6677 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6679 tcg_temp_free_ptr(fpstatus);
6680 tcg_temp_free_i32(tcg_rmode);
6683 case NEON_2RM_VRINTX:
6685 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6686 gen_helper_rints_exact(tmp, tmp, fpstatus);
6687 tcg_temp_free_ptr(fpstatus);
6690 case NEON_2RM_VCVTAU:
6691 case NEON_2RM_VCVTAS:
6692 case NEON_2RM_VCVTNU:
6693 case NEON_2RM_VCVTNS:
6694 case NEON_2RM_VCVTPU:
6695 case NEON_2RM_VCVTPS:
6696 case NEON_2RM_VCVTMU:
6697 case NEON_2RM_VCVTMS:
6699 bool is_signed = !extract32(insn, 7, 1);
6700 TCGv_ptr fpst = get_fpstatus_ptr(1);
6701 TCGv_i32 tcg_rmode, tcg_shift;
6702 int rmode = fp_decode_rm[extract32(insn, 8, 2)];
6704 tcg_shift = tcg_const_i32(0);
6705 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
6706 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6710 gen_helper_vfp_tosls(tmp, tmp,
6713 gen_helper_vfp_touls(tmp, tmp,
6717 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6719 tcg_temp_free_i32(tcg_rmode);
6720 tcg_temp_free_i32(tcg_shift);
6721 tcg_temp_free_ptr(fpst);
6724 case NEON_2RM_VRECPE:
6726 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6727 gen_helper_recpe_u32(tmp, tmp, fpstatus);
6728 tcg_temp_free_ptr(fpstatus);
6731 case NEON_2RM_VRSQRTE:
6733 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6734 gen_helper_rsqrte_u32(tmp, tmp, fpstatus);
6735 tcg_temp_free_ptr(fpstatus);
6738 case NEON_2RM_VRECPE_F:
6740 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6741 gen_helper_recpe_f32(tmp, tmp, fpstatus);
6742 tcg_temp_free_ptr(fpstatus);
6745 case NEON_2RM_VRSQRTE_F:
6747 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6748 gen_helper_rsqrte_f32(tmp, tmp, fpstatus);
6749 tcg_temp_free_ptr(fpstatus);
6752 case NEON_2RM_VCVT_FS: /* VCVT.F32.S32 */
6754 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6755 gen_helper_vfp_sitos(tmp, tmp, fpstatus);
6756 tcg_temp_free_ptr(fpstatus);
6759 case NEON_2RM_VCVT_FU: /* VCVT.F32.U32 */
6761 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6762 gen_helper_vfp_uitos(tmp, tmp, fpstatus);
6763 tcg_temp_free_ptr(fpstatus);
6766 case NEON_2RM_VCVT_SF: /* VCVT.S32.F32 */
6768 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6769 gen_helper_vfp_tosizs(tmp, tmp, fpstatus);
6770 tcg_temp_free_ptr(fpstatus);
6773 case NEON_2RM_VCVT_UF: /* VCVT.U32.F32 */
6775 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6776 gen_helper_vfp_touizs(tmp, tmp, fpstatus);
6777 tcg_temp_free_ptr(fpstatus);
6781 /* Reserved op values were caught by the
6782 * neon_2rm_sizes[] check earlier.
6786 neon_store_reg(rd, pass, tmp);
6790 } else if ((insn & (1 << 10)) == 0) {
6792 int n = ((insn >> 8) & 3) + 1;
6793 if ((rn + n) > 32) {
6794 /* This is UNPREDICTABLE; we choose to UNDEF to avoid the
6795 * helper function running off the end of the register file.
6800 if (insn & (1 << 6)) {
6801 tmp = neon_load_reg(rd, 0);
6803 tmp = tcg_temp_new_i32();
6804 tcg_gen_movi_i32(tmp, 0);
6806 tmp2 = neon_load_reg(rm, 0);
6807 ptr1 = vfp_reg_ptr(true, rn);
6808 tmp5 = tcg_const_i32(n);
6809 gen_helper_neon_tbl(tmp2, tmp2, tmp, ptr1, tmp5);
6810 tcg_temp_free_i32(tmp);
6811 if (insn & (1 << 6)) {
6812 tmp = neon_load_reg(rd, 1);
6814 tmp = tcg_temp_new_i32();
6815 tcg_gen_movi_i32(tmp, 0);
6817 tmp3 = neon_load_reg(rm, 1);
6818 gen_helper_neon_tbl(tmp3, tmp3, tmp, ptr1, tmp5);
6819 tcg_temp_free_i32(tmp5);
6820 tcg_temp_free_ptr(ptr1);
6821 neon_store_reg(rd, 0, tmp2);
6822 neon_store_reg(rd, 1, tmp3);
6823 tcg_temp_free_i32(tmp);
6824 } else if ((insn & 0x380) == 0) {
6829 if ((insn & (7 << 16)) == 0 || (q && (rd & 1))) {
6832 if (insn & (1 << 16)) {
6834 element = (insn >> 17) & 7;
6835 } else if (insn & (1 << 17)) {
6837 element = (insn >> 18) & 3;
6840 element = (insn >> 19) & 1;
6842 tcg_gen_gvec_dup_mem(size, neon_reg_offset(rd, 0),
6843 neon_element_offset(rm, element, size),
6844 q ? 16 : 8, q ? 16 : 8);
6853 /* Advanced SIMD three registers of the same length extension.
6854 * 31 25 23 22 20 16 12 11 10 9 8 3 0
6855 * +---------------+-----+---+-----+----+----+---+----+---+----+---------+----+
6856 * | 1 1 1 1 1 1 0 | op1 | D | op2 | Vn | Vd | 1 | o3 | 0 | o4 | N Q M U | Vm |
6857 * +---------------+-----+---+-----+----+----+---+----+---+----+---------+----+
6859 static int disas_neon_insn_3same_ext(DisasContext *s, uint32_t insn)
6861 gen_helper_gvec_3 *fn_gvec = NULL;
6862 gen_helper_gvec_3_ptr *fn_gvec_ptr = NULL;
6863 int rd, rn, rm, opr_sz;
6866 bool is_long = false, q = extract32(insn, 6, 1);
6867 bool ptr_is_env = false;
6869 if ((insn & 0xfe200f10) == 0xfc200800) {
6870 /* VCMLA -- 1111 110R R.1S .... .... 1000 ...0 .... */
6871 int size = extract32(insn, 20, 1);
6872 data = extract32(insn, 23, 2); /* rot */
6873 if (!dc_isar_feature(aa32_vcma, s)
6874 || (!size && !dc_isar_feature(aa32_fp16_arith, s))) {
6877 fn_gvec_ptr = size ? gen_helper_gvec_fcmlas : gen_helper_gvec_fcmlah;
6878 } else if ((insn & 0xfea00f10) == 0xfc800800) {
6879 /* VCADD -- 1111 110R 1.0S .... .... 1000 ...0 .... */
6880 int size = extract32(insn, 20, 1);
6881 data = extract32(insn, 24, 1); /* rot */
6882 if (!dc_isar_feature(aa32_vcma, s)
6883 || (!size && !dc_isar_feature(aa32_fp16_arith, s))) {
6886 fn_gvec_ptr = size ? gen_helper_gvec_fcadds : gen_helper_gvec_fcaddh;
6887 } else if ((insn & 0xfeb00f00) == 0xfc200d00) {
6888 /* V[US]DOT -- 1111 1100 0.10 .... .... 1101 .Q.U .... */
6889 bool u = extract32(insn, 4, 1);
6890 if (!dc_isar_feature(aa32_dp, s)) {
6893 fn_gvec = u ? gen_helper_gvec_udot_b : gen_helper_gvec_sdot_b;
6894 } else if ((insn & 0xff300f10) == 0xfc200810) {
6895 /* VFM[AS]L -- 1111 1100 S.10 .... .... 1000 .Q.1 .... */
6896 int is_s = extract32(insn, 23, 1);
6897 if (!dc_isar_feature(aa32_fhm, s)) {
6901 data = is_s; /* is_2 == 0 */
6902 fn_gvec_ptr = gen_helper_gvec_fmlal_a32;
6908 VFP_DREG_D(rd, insn);
6912 if (q || !is_long) {
6913 VFP_DREG_N(rn, insn);
6914 VFP_DREG_M(rm, insn);
6915 if ((rn | rm) & q & !is_long) {
6918 off_rn = vfp_reg_offset(1, rn);
6919 off_rm = vfp_reg_offset(1, rm);
6921 rn = VFP_SREG_N(insn);
6922 rm = VFP_SREG_M(insn);
6923 off_rn = vfp_reg_offset(0, rn);
6924 off_rm = vfp_reg_offset(0, rm);
6927 if (s->fp_excp_el) {
6928 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
6929 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
6932 if (!s->vfp_enabled) {
6936 opr_sz = (1 + q) * 8;
6942 ptr = get_fpstatus_ptr(1);
6944 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd), off_rn, off_rm, ptr,
6945 opr_sz, opr_sz, data, fn_gvec_ptr);
6947 tcg_temp_free_ptr(ptr);
6950 tcg_gen_gvec_3_ool(vfp_reg_offset(1, rd), off_rn, off_rm,
6951 opr_sz, opr_sz, data, fn_gvec);
6956 /* Advanced SIMD two registers and a scalar extension.
6957 * 31 24 23 22 20 16 12 11 10 9 8 3 0
6958 * +-----------------+----+---+----+----+----+---+----+---+----+---------+----+
6959 * | 1 1 1 1 1 1 1 0 | o1 | D | o2 | Vn | Vd | 1 | o3 | 0 | o4 | N Q M U | Vm |
6960 * +-----------------+----+---+----+----+----+---+----+---+----+---------+----+
6964 static int disas_neon_insn_2reg_scalar_ext(DisasContext *s, uint32_t insn)
6966 gen_helper_gvec_3 *fn_gvec = NULL;
6967 gen_helper_gvec_3_ptr *fn_gvec_ptr = NULL;
6968 int rd, rn, rm, opr_sz, data;
6970 bool is_long = false, q = extract32(insn, 6, 1);
6971 bool ptr_is_env = false;
6973 if ((insn & 0xff000f10) == 0xfe000800) {
6974 /* VCMLA (indexed) -- 1111 1110 S.RR .... .... 1000 ...0 .... */
6975 int rot = extract32(insn, 20, 2);
6976 int size = extract32(insn, 23, 1);
6979 if (!dc_isar_feature(aa32_vcma, s)) {
6983 if (!dc_isar_feature(aa32_fp16_arith, s)) {
6986 /* For fp16, rm is just Vm, and index is M. */
6987 rm = extract32(insn, 0, 4);
6988 index = extract32(insn, 5, 1);
6990 /* For fp32, rm is the usual M:Vm, and index is 0. */
6991 VFP_DREG_M(rm, insn);
6994 data = (index << 2) | rot;
6995 fn_gvec_ptr = (size ? gen_helper_gvec_fcmlas_idx
6996 : gen_helper_gvec_fcmlah_idx);
6997 } else if ((insn & 0xffb00f00) == 0xfe200d00) {
6998 /* V[US]DOT -- 1111 1110 0.10 .... .... 1101 .Q.U .... */
6999 int u = extract32(insn, 4, 1);
7001 if (!dc_isar_feature(aa32_dp, s)) {
7004 fn_gvec = u ? gen_helper_gvec_udot_idx_b : gen_helper_gvec_sdot_idx_b;
7005 /* rm is just Vm, and index is M. */
7006 data = extract32(insn, 5, 1); /* index */
7007 rm = extract32(insn, 0, 4);
7008 } else if ((insn & 0xffa00f10) == 0xfe000810) {
7009 /* VFM[AS]L -- 1111 1110 0.0S .... .... 1000 .Q.1 .... */
7010 int is_s = extract32(insn, 20, 1);
7011 int vm20 = extract32(insn, 0, 3);
7012 int vm3 = extract32(insn, 3, 1);
7013 int m = extract32(insn, 5, 1);
7016 if (!dc_isar_feature(aa32_fhm, s)) {
7021 index = m * 2 + vm3;
7027 data = (index << 2) | is_s; /* is_2 == 0 */
7028 fn_gvec_ptr = gen_helper_gvec_fmlal_idx_a32;
7034 VFP_DREG_D(rd, insn);
7038 if (q || !is_long) {
7039 VFP_DREG_N(rn, insn);
7040 if (rn & q & !is_long) {
7043 off_rn = vfp_reg_offset(1, rn);
7044 off_rm = vfp_reg_offset(1, rm);
7046 rn = VFP_SREG_N(insn);
7047 off_rn = vfp_reg_offset(0, rn);
7048 off_rm = vfp_reg_offset(0, rm);
7050 if (s->fp_excp_el) {
7051 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
7052 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
7055 if (!s->vfp_enabled) {
7059 opr_sz = (1 + q) * 8;
7065 ptr = get_fpstatus_ptr(1);
7067 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd), off_rn, off_rm, ptr,
7068 opr_sz, opr_sz, data, fn_gvec_ptr);
7070 tcg_temp_free_ptr(ptr);
7073 tcg_gen_gvec_3_ool(vfp_reg_offset(1, rd), off_rn, off_rm,
7074 opr_sz, opr_sz, data, fn_gvec);
7079 static int disas_coproc_insn(DisasContext *s, uint32_t insn)
7081 int cpnum, is64, crn, crm, opc1, opc2, isread, rt, rt2;
7082 const ARMCPRegInfo *ri;
7084 cpnum = (insn >> 8) & 0xf;
7086 /* First check for coprocessor space used for XScale/iwMMXt insns */
7087 if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cpnum < 2)) {
7088 if (extract32(s->c15_cpar, cpnum, 1) == 0) {
7091 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
7092 return disas_iwmmxt_insn(s, insn);
7093 } else if (arm_dc_feature(s, ARM_FEATURE_XSCALE)) {
7094 return disas_dsp_insn(s, insn);
7099 /* Otherwise treat as a generic register access */
7100 is64 = (insn & (1 << 25)) == 0;
7101 if (!is64 && ((insn & (1 << 4)) == 0)) {
7109 opc1 = (insn >> 4) & 0xf;
7111 rt2 = (insn >> 16) & 0xf;
7113 crn = (insn >> 16) & 0xf;
7114 opc1 = (insn >> 21) & 7;
7115 opc2 = (insn >> 5) & 7;
7118 isread = (insn >> 20) & 1;
7119 rt = (insn >> 12) & 0xf;
7121 ri = get_arm_cp_reginfo(s->cp_regs,
7122 ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));
7124 /* Check access permissions */
7125 if (!cp_access_ok(s->current_el, ri, isread)) {
7130 (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
7131 /* Emit code to perform further access permissions checks at
7132 * runtime; this may result in an exception.
7133 * Note that on XScale all cp0..c13 registers do an access check
7134 * call in order to handle c15_cpar.
7137 TCGv_i32 tcg_syn, tcg_isread;
7140 /* Note that since we are an implementation which takes an
7141 * exception on a trapped conditional instruction only if the
7142 * instruction passes its condition code check, we can take
7143 * advantage of the clause in the ARM ARM that allows us to set
7144 * the COND field in the instruction to 0xE in all cases.
7145 * We could fish the actual condition out of the insn (ARM)
7146 * or the condexec bits (Thumb) but it isn't necessary.
7151 syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7154 syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7160 syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7163 syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7168 /* ARMv8 defines that only coprocessors 14 and 15 exist,
7169 * so this can only happen if this is an ARMv7 or earlier CPU,
7170 * in which case the syndrome information won't actually be
7173 assert(!arm_dc_feature(s, ARM_FEATURE_V8));
7174 syndrome = syn_uncategorized();
7178 gen_set_condexec(s);
7179 gen_set_pc_im(s, s->pc_curr);
7180 tmpptr = tcg_const_ptr(ri);
7181 tcg_syn = tcg_const_i32(syndrome);
7182 tcg_isread = tcg_const_i32(isread);
7183 gen_helper_access_check_cp_reg(cpu_env, tmpptr, tcg_syn,
7185 tcg_temp_free_ptr(tmpptr);
7186 tcg_temp_free_i32(tcg_syn);
7187 tcg_temp_free_i32(tcg_isread);
7188 } else if (ri->type & ARM_CP_RAISES_EXC) {
7190 * The readfn or writefn might raise an exception;
7191 * synchronize the CPU state in case it does.
7193 gen_set_condexec(s);
7194 gen_set_pc_im(s, s->pc_curr);
7197 /* Handle special cases first */
7198 switch (ri->type & ~(ARM_CP_FLAG_MASK & ~ARM_CP_SPECIAL)) {
7205 gen_set_pc_im(s, s->base.pc_next);
7206 s->base.is_jmp = DISAS_WFI;
7212 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7221 if (ri->type & ARM_CP_CONST) {
7222 tmp64 = tcg_const_i64(ri->resetvalue);
7223 } else if (ri->readfn) {
7225 tmp64 = tcg_temp_new_i64();
7226 tmpptr = tcg_const_ptr(ri);
7227 gen_helper_get_cp_reg64(tmp64, cpu_env, tmpptr);
7228 tcg_temp_free_ptr(tmpptr);
7230 tmp64 = tcg_temp_new_i64();
7231 tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
7233 tmp = tcg_temp_new_i32();
7234 tcg_gen_extrl_i64_i32(tmp, tmp64);
7235 store_reg(s, rt, tmp);
7236 tmp = tcg_temp_new_i32();
7237 tcg_gen_extrh_i64_i32(tmp, tmp64);
7238 tcg_temp_free_i64(tmp64);
7239 store_reg(s, rt2, tmp);
7242 if (ri->type & ARM_CP_CONST) {
7243 tmp = tcg_const_i32(ri->resetvalue);
7244 } else if (ri->readfn) {
7246 tmp = tcg_temp_new_i32();
7247 tmpptr = tcg_const_ptr(ri);
7248 gen_helper_get_cp_reg(tmp, cpu_env, tmpptr);
7249 tcg_temp_free_ptr(tmpptr);
7251 tmp = load_cpu_offset(ri->fieldoffset);
7254 /* Destination register of r15 for 32 bit loads sets
7255 * the condition codes from the high 4 bits of the value
7258 tcg_temp_free_i32(tmp);
7260 store_reg(s, rt, tmp);
7265 if (ri->type & ARM_CP_CONST) {
7266 /* If not forbidden by access permissions, treat as WI */
7271 TCGv_i32 tmplo, tmphi;
7272 TCGv_i64 tmp64 = tcg_temp_new_i64();
7273 tmplo = load_reg(s, rt);
7274 tmphi = load_reg(s, rt2);
7275 tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);
7276 tcg_temp_free_i32(tmplo);
7277 tcg_temp_free_i32(tmphi);
7279 TCGv_ptr tmpptr = tcg_const_ptr(ri);
7280 gen_helper_set_cp_reg64(cpu_env, tmpptr, tmp64);
7281 tcg_temp_free_ptr(tmpptr);
7283 tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
7285 tcg_temp_free_i64(tmp64);
7290 tmp = load_reg(s, rt);
7291 tmpptr = tcg_const_ptr(ri);
7292 gen_helper_set_cp_reg(cpu_env, tmpptr, tmp);
7293 tcg_temp_free_ptr(tmpptr);
7294 tcg_temp_free_i32(tmp);
7296 TCGv_i32 tmp = load_reg(s, rt);
7297 store_cpu_offset(tmp, ri->fieldoffset);
7302 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7303 /* I/O operations must end the TB here (whether read or write) */
7305 } else if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
7306 /* We default to ending the TB on a coprocessor register write,
7307 * but allow this to be suppressed by the register definition
7308 * (usually only necessary to work around guest bugs).
7316 /* Unknown register; this might be a guest error or a QEMU
7317 * unimplemented feature.
7320 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7321 "64 bit system register cp:%d opc1: %d crm:%d "
7323 isread ? "read" : "write", cpnum, opc1, crm,
7324 s->ns ? "non-secure" : "secure");
7326 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7327 "system register cp:%d opc1:%d crn:%d crm:%d opc2:%d "
7329 isread ? "read" : "write", cpnum, opc1, crn, crm, opc2,
7330 s->ns ? "non-secure" : "secure");
7337 /* Store a 64-bit value to a register pair. Clobbers val. */
7338 static void gen_storeq_reg(DisasContext *s, int rlow, int rhigh, TCGv_i64 val)
7341 tmp = tcg_temp_new_i32();
7342 tcg_gen_extrl_i64_i32(tmp, val);
7343 store_reg(s, rlow, tmp);
7344 tmp = tcg_temp_new_i32();
7345 tcg_gen_extrh_i64_i32(tmp, val);
7346 store_reg(s, rhigh, tmp);
7349 /* load and add a 64-bit value from a register pair. */
7350 static void gen_addq(DisasContext *s, TCGv_i64 val, int rlow, int rhigh)
7356 /* Load 64-bit value rd:rn. */
7357 tmpl = load_reg(s, rlow);
7358 tmph = load_reg(s, rhigh);
7359 tmp = tcg_temp_new_i64();
7360 tcg_gen_concat_i32_i64(tmp, tmpl, tmph);
7361 tcg_temp_free_i32(tmpl);
7362 tcg_temp_free_i32(tmph);
7363 tcg_gen_add_i64(val, val, tmp);
7364 tcg_temp_free_i64(tmp);
7367 /* Set N and Z flags from hi|lo. */
7368 static void gen_logicq_cc(TCGv_i32 lo, TCGv_i32 hi)
7370 tcg_gen_mov_i32(cpu_NF, hi);
7371 tcg_gen_or_i32(cpu_ZF, lo, hi);
7374 /* Load/Store exclusive instructions are implemented by remembering
7375 the value/address loaded, and seeing if these are the same
7376 when the store is performed. This should be sufficient to implement
7377 the architecturally mandated semantics, and avoids having to monitor
7378 regular stores. The compare vs the remembered value is done during
7379 the cmpxchg operation, but we must compare the addresses manually. */
7380 static void gen_load_exclusive(DisasContext *s, int rt, int rt2,
7381 TCGv_i32 addr, int size)
7383 TCGv_i32 tmp = tcg_temp_new_i32();
7384 MemOp opc = size | MO_ALIGN | s->be_data;
7389 TCGv_i32 tmp2 = tcg_temp_new_i32();
7390 TCGv_i64 t64 = tcg_temp_new_i64();
7392 /* For AArch32, architecturally the 32-bit word at the lowest
7393 * address is always Rt and the one at addr+4 is Rt2, even if
7394 * the CPU is big-endian. That means we don't want to do a
7395 * gen_aa32_ld_i64(), which invokes gen_aa32_frob64() as if
7396 * for an architecturally 64-bit access, but instead do a
7397 * 64-bit access using MO_BE if appropriate and then split
7399 * This only makes a difference for BE32 user-mode, where
7400 * frob64() must not flip the two halves of the 64-bit data
7401 * but this code must treat BE32 user-mode like BE32 system.
7403 TCGv taddr = gen_aa32_addr(s, addr, opc);
7405 tcg_gen_qemu_ld_i64(t64, taddr, get_mem_index(s), opc);
7406 tcg_temp_free(taddr);
7407 tcg_gen_mov_i64(cpu_exclusive_val, t64);
7408 if (s->be_data == MO_BE) {
7409 tcg_gen_extr_i64_i32(tmp2, tmp, t64);
7411 tcg_gen_extr_i64_i32(tmp, tmp2, t64);
7413 tcg_temp_free_i64(t64);
7415 store_reg(s, rt2, tmp2);
7417 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), opc);
7418 tcg_gen_extu_i32_i64(cpu_exclusive_val, tmp);
7421 store_reg(s, rt, tmp);
7422 tcg_gen_extu_i32_i64(cpu_exclusive_addr, addr);
7425 static void gen_clrex(DisasContext *s)
7427 tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7430 static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
7431 TCGv_i32 addr, int size)
7433 TCGv_i32 t0, t1, t2;
7436 TCGLabel *done_label;
7437 TCGLabel *fail_label;
7438 MemOp opc = size | MO_ALIGN | s->be_data;
7440 /* if (env->exclusive_addr == addr && env->exclusive_val == [addr]) {
7446 fail_label = gen_new_label();
7447 done_label = gen_new_label();
7448 extaddr = tcg_temp_new_i64();
7449 tcg_gen_extu_i32_i64(extaddr, addr);
7450 tcg_gen_brcond_i64(TCG_COND_NE, extaddr, cpu_exclusive_addr, fail_label);
7451 tcg_temp_free_i64(extaddr);
7453 taddr = gen_aa32_addr(s, addr, opc);
7454 t0 = tcg_temp_new_i32();
7455 t1 = load_reg(s, rt);
7457 TCGv_i64 o64 = tcg_temp_new_i64();
7458 TCGv_i64 n64 = tcg_temp_new_i64();
7460 t2 = load_reg(s, rt2);
7461 /* For AArch32, architecturally the 32-bit word at the lowest
7462 * address is always Rt and the one at addr+4 is Rt2, even if
7463 * the CPU is big-endian. Since we're going to treat this as a
7464 * single 64-bit BE store, we need to put the two halves in the
7465 * opposite order for BE to LE, so that they end up in the right
7467 * We don't want gen_aa32_frob64() because that does the wrong
7468 * thing for BE32 usermode.
7470 if (s->be_data == MO_BE) {
7471 tcg_gen_concat_i32_i64(n64, t2, t1);
7473 tcg_gen_concat_i32_i64(n64, t1, t2);
7475 tcg_temp_free_i32(t2);
7477 tcg_gen_atomic_cmpxchg_i64(o64, taddr, cpu_exclusive_val, n64,
7478 get_mem_index(s), opc);
7479 tcg_temp_free_i64(n64);
7481 tcg_gen_setcond_i64(TCG_COND_NE, o64, o64, cpu_exclusive_val);
7482 tcg_gen_extrl_i64_i32(t0, o64);
7484 tcg_temp_free_i64(o64);
7486 t2 = tcg_temp_new_i32();
7487 tcg_gen_extrl_i64_i32(t2, cpu_exclusive_val);
7488 tcg_gen_atomic_cmpxchg_i32(t0, taddr, t2, t1, get_mem_index(s), opc);
7489 tcg_gen_setcond_i32(TCG_COND_NE, t0, t0, t2);
7490 tcg_temp_free_i32(t2);
7492 tcg_temp_free_i32(t1);
7493 tcg_temp_free(taddr);
7494 tcg_gen_mov_i32(cpu_R[rd], t0);
7495 tcg_temp_free_i32(t0);
7496 tcg_gen_br(done_label);
7498 gen_set_label(fail_label);
7499 tcg_gen_movi_i32(cpu_R[rd], 1);
7500 gen_set_label(done_label);
7501 tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7507 * @mode: mode field from insn (which stack to store to)
7508 * @amode: addressing mode (DA/IA/DB/IB), encoded as per P,U bits in ARM insn
7509 * @writeback: true if writeback bit set
7511 * Generate code for the SRS (Store Return State) insn.
7513 static void gen_srs(DisasContext *s,
7514 uint32_t mode, uint32_t amode, bool writeback)
7521 * - trapped to EL3 if EL3 is AArch64 and we are at Secure EL1
7522 * and specified mode is monitor mode
7523 * - UNDEFINED in Hyp mode
7524 * - UNPREDICTABLE in User or System mode
7525 * - UNPREDICTABLE if the specified mode is:
7526 * -- not implemented
7527 * -- not a valid mode number
7528 * -- a mode that's at a higher exception level
7529 * -- Monitor, if we are Non-secure
7530 * For the UNPREDICTABLE cases we choose to UNDEF.
7532 if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) {
7533 gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(), 3);
7537 if (s->current_el == 0 || s->current_el == 2) {
7542 case ARM_CPU_MODE_USR:
7543 case ARM_CPU_MODE_FIQ:
7544 case ARM_CPU_MODE_IRQ:
7545 case ARM_CPU_MODE_SVC:
7546 case ARM_CPU_MODE_ABT:
7547 case ARM_CPU_MODE_UND:
7548 case ARM_CPU_MODE_SYS:
7550 case ARM_CPU_MODE_HYP:
7551 if (s->current_el == 1 || !arm_dc_feature(s, ARM_FEATURE_EL2)) {
7555 case ARM_CPU_MODE_MON:
7556 /* No need to check specifically for "are we non-secure" because
7557 * we've already made EL0 UNDEF and handled the trap for S-EL1;
7558 * so if this isn't EL3 then we must be non-secure.
7560 if (s->current_el != 3) {
7569 unallocated_encoding(s);
7573 addr = tcg_temp_new_i32();
7574 tmp = tcg_const_i32(mode);
7575 /* get_r13_banked() will raise an exception if called from System mode */
7576 gen_set_condexec(s);
7577 gen_set_pc_im(s, s->pc_curr);
7578 gen_helper_get_r13_banked(addr, cpu_env, tmp);
7579 tcg_temp_free_i32(tmp);
7596 tcg_gen_addi_i32(addr, addr, offset);
7597 tmp = load_reg(s, 14);
7598 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
7599 tcg_temp_free_i32(tmp);
7600 tmp = load_cpu_field(spsr);
7601 tcg_gen_addi_i32(addr, addr, 4);
7602 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
7603 tcg_temp_free_i32(tmp);
7621 tcg_gen_addi_i32(addr, addr, offset);
7622 tmp = tcg_const_i32(mode);
7623 gen_helper_set_r13_banked(cpu_env, tmp, addr);
7624 tcg_temp_free_i32(tmp);
7626 tcg_temp_free_i32(addr);
7627 s->base.is_jmp = DISAS_UPDATE;
7630 /* Generate a label used for skipping this instruction */
7631 static void arm_gen_condlabel(DisasContext *s)
7634 s->condlabel = gen_new_label();
7639 /* Skip this instruction if the ARM condition is false */
7640 static void arm_skip_unless(DisasContext *s, uint32_t cond)
7642 arm_gen_condlabel(s);
7643 arm_gen_test_cc(cond ^ 1, s->condlabel);
7648 * Constant expanders for the decoders.
7651 static int times_2(DisasContext *s, int x)
7656 /* Return only the rotation part of T32ExpandImm. */
7657 static int t32_expandimm_rot(DisasContext *s, int x)
7659 return x & 0xc00 ? extract32(x, 7, 5) : 0;
7662 /* Return the unrotated immediate from T32ExpandImm. */
7663 static int t32_expandimm_imm(DisasContext *s, int x)
7665 int imm = extract32(x, 0, 8);
7667 switch (extract32(x, 8, 4)) {
7669 /* Nothing to do. */
7671 case 1: /* 00XY00XY */
7674 case 2: /* XY00XY00 */
7677 case 3: /* XYXYXYXY */
7681 /* Rotated constant. */
7689 * Include the generated decoders.
7692 #include "decode-a32.inc.c"
7693 #include "decode-a32-uncond.inc.c"
7694 #include "decode-t32.inc.c"
7696 /* Helpers to swap operands for reverse-subtract. */
7697 static void gen_rsb(TCGv_i32 dst, TCGv_i32 a, TCGv_i32 b)
7699 tcg_gen_sub_i32(dst, b, a);
7702 static void gen_rsb_CC(TCGv_i32 dst, TCGv_i32 a, TCGv_i32 b)
7704 gen_sub_CC(dst, b, a);
7707 static void gen_rsc(TCGv_i32 dest, TCGv_i32 a, TCGv_i32 b)
7709 gen_sub_carry(dest, b, a);
7712 static void gen_rsc_CC(TCGv_i32 dest, TCGv_i32 a, TCGv_i32 b)
7714 gen_sbc_CC(dest, b, a);
7718 * Helpers for the data processing routines.
7720 * After the computation store the results back.
7721 * This may be suppressed altogether (STREG_NONE), require a runtime
7722 * check against the stack limits (STREG_SP_CHECK), or generate an
7723 * exception return. Oh, or store into a register.
7725 * Always return true, indicating success for a trans_* function.
7734 static bool store_reg_kind(DisasContext *s, int rd,
7735 TCGv_i32 val, StoreRegKind kind)
7739 tcg_temp_free_i32(val);
7742 /* See ALUWritePC: Interworking only from a32 mode. */
7744 store_reg(s, rd, val);
7746 store_reg_bx(s, rd, val);
7749 case STREG_SP_CHECK:
7750 store_sp_checked(s, val);
7753 gen_exception_return(s, val);
7756 g_assert_not_reached();
7760 * Data Processing (register)
7762 * Operate, with set flags, one register source,
7763 * one immediate shifted register source, and a destination.
7765 static bool op_s_rrr_shi(DisasContext *s, arg_s_rrr_shi *a,
7766 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32),
7767 int logic_cc, StoreRegKind kind)
7769 TCGv_i32 tmp1, tmp2;
7771 tmp2 = load_reg(s, a->rm);
7772 gen_arm_shift_im(tmp2, a->shty, a->shim, logic_cc);
7773 tmp1 = load_reg(s, a->rn);
7775 gen(tmp1, tmp1, tmp2);
7776 tcg_temp_free_i32(tmp2);
7781 return store_reg_kind(s, a->rd, tmp1, kind);
7784 static bool op_s_rxr_shi(DisasContext *s, arg_s_rrr_shi *a,
7785 void (*gen)(TCGv_i32, TCGv_i32),
7786 int logic_cc, StoreRegKind kind)
7790 tmp = load_reg(s, a->rm);
7791 gen_arm_shift_im(tmp, a->shty, a->shim, logic_cc);
7797 return store_reg_kind(s, a->rd, tmp, kind);
7801 * Data-processing (register-shifted register)
7803 * Operate, with set flags, one register source,
7804 * one register shifted register source, and a destination.
7806 static bool op_s_rrr_shr(DisasContext *s, arg_s_rrr_shr *a,
7807 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32),
7808 int logic_cc, StoreRegKind kind)
7810 TCGv_i32 tmp1, tmp2;
7812 tmp1 = load_reg(s, a->rs);
7813 tmp2 = load_reg(s, a->rm);
7814 gen_arm_shift_reg(tmp2, a->shty, tmp1, logic_cc);
7815 tmp1 = load_reg(s, a->rn);
7817 gen(tmp1, tmp1, tmp2);
7818 tcg_temp_free_i32(tmp2);
7823 return store_reg_kind(s, a->rd, tmp1, kind);
7826 static bool op_s_rxr_shr(DisasContext *s, arg_s_rrr_shr *a,
7827 void (*gen)(TCGv_i32, TCGv_i32),
7828 int logic_cc, StoreRegKind kind)
7830 TCGv_i32 tmp1, tmp2;
7832 tmp1 = load_reg(s, a->rs);
7833 tmp2 = load_reg(s, a->rm);
7834 gen_arm_shift_reg(tmp2, a->shty, tmp1, logic_cc);
7840 return store_reg_kind(s, a->rd, tmp2, kind);
7844 * Data-processing (immediate)
7846 * Operate, with set flags, one register source,
7847 * one rotated immediate, and a destination.
7849 * Note that logic_cc && a->rot setting CF based on the msb of the
7850 * immediate is the reason why we must pass in the unrotated form
7853 static bool op_s_rri_rot(DisasContext *s, arg_s_rri_rot *a,
7854 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32),
7855 int logic_cc, StoreRegKind kind)
7857 TCGv_i32 tmp1, tmp2;
7860 imm = ror32(a->imm, a->rot);
7861 if (logic_cc && a->rot) {
7862 tcg_gen_movi_i32(cpu_CF, imm >> 31);
7864 tmp2 = tcg_const_i32(imm);
7865 tmp1 = load_reg(s, a->rn);
7867 gen(tmp1, tmp1, tmp2);
7868 tcg_temp_free_i32(tmp2);
7873 return store_reg_kind(s, a->rd, tmp1, kind);
7876 static bool op_s_rxi_rot(DisasContext *s, arg_s_rri_rot *a,
7877 void (*gen)(TCGv_i32, TCGv_i32),
7878 int logic_cc, StoreRegKind kind)
7883 imm = ror32(a->imm, a->rot);
7884 if (logic_cc && a->rot) {
7885 tcg_gen_movi_i32(cpu_CF, imm >> 31);
7887 tmp = tcg_const_i32(imm);
7893 return store_reg_kind(s, a->rd, tmp, kind);
7896 #define DO_ANY3(NAME, OP, L, K) \
7897 static bool trans_##NAME##_rrri(DisasContext *s, arg_s_rrr_shi *a) \
7898 { StoreRegKind k = (K); return op_s_rrr_shi(s, a, OP, L, k); } \
7899 static bool trans_##NAME##_rrrr(DisasContext *s, arg_s_rrr_shr *a) \
7900 { StoreRegKind k = (K); return op_s_rrr_shr(s, a, OP, L, k); } \
7901 static bool trans_##NAME##_rri(DisasContext *s, arg_s_rri_rot *a) \
7902 { StoreRegKind k = (K); return op_s_rri_rot(s, a, OP, L, k); }
7904 #define DO_ANY2(NAME, OP, L, K) \
7905 static bool trans_##NAME##_rxri(DisasContext *s, arg_s_rrr_shi *a) \
7906 { StoreRegKind k = (K); return op_s_rxr_shi(s, a, OP, L, k); } \
7907 static bool trans_##NAME##_rxrr(DisasContext *s, arg_s_rrr_shr *a) \
7908 { StoreRegKind k = (K); return op_s_rxr_shr(s, a, OP, L, k); } \
7909 static bool trans_##NAME##_rxi(DisasContext *s, arg_s_rri_rot *a) \
7910 { StoreRegKind k = (K); return op_s_rxi_rot(s, a, OP, L, k); }
7912 #define DO_CMP2(NAME, OP, L) \
7913 static bool trans_##NAME##_xrri(DisasContext *s, arg_s_rrr_shi *a) \
7914 { return op_s_rrr_shi(s, a, OP, L, STREG_NONE); } \
7915 static bool trans_##NAME##_xrrr(DisasContext *s, arg_s_rrr_shr *a) \
7916 { return op_s_rrr_shr(s, a, OP, L, STREG_NONE); } \
7917 static bool trans_##NAME##_xri(DisasContext *s, arg_s_rri_rot *a) \
7918 { return op_s_rri_rot(s, a, OP, L, STREG_NONE); }
7920 DO_ANY3(AND, tcg_gen_and_i32, a->s, STREG_NORMAL)
7921 DO_ANY3(EOR, tcg_gen_xor_i32, a->s, STREG_NORMAL)
7922 DO_ANY3(ORR, tcg_gen_or_i32, a->s, STREG_NORMAL)
7923 DO_ANY3(BIC, tcg_gen_andc_i32, a->s, STREG_NORMAL)
7925 DO_ANY3(RSB, a->s ? gen_rsb_CC : gen_rsb, false, STREG_NORMAL)
7926 DO_ANY3(ADC, a->s ? gen_adc_CC : gen_add_carry, false, STREG_NORMAL)
7927 DO_ANY3(SBC, a->s ? gen_sbc_CC : gen_sub_carry, false, STREG_NORMAL)
7928 DO_ANY3(RSC, a->s ? gen_rsc_CC : gen_rsc, false, STREG_NORMAL)
7930 DO_CMP2(TST, tcg_gen_and_i32, true)
7931 DO_CMP2(TEQ, tcg_gen_xor_i32, true)
7932 DO_CMP2(CMN, gen_add_CC, false)
7933 DO_CMP2(CMP, gen_sub_CC, false)
7935 DO_ANY3(ADD, a->s ? gen_add_CC : tcg_gen_add_i32, false,
7936 a->rd == 13 && a->rn == 13 ? STREG_SP_CHECK : STREG_NORMAL)
7939 * Note for the computation of StoreRegKind we return out of the
7940 * middle of the functions that are expanded by DO_ANY3, and that
7941 * we modify a->s via that parameter before it is used by OP.
7943 DO_ANY3(SUB, a->s ? gen_sub_CC : tcg_gen_sub_i32, false,
7945 StoreRegKind ret = STREG_NORMAL;
7946 if (a->rd == 15 && a->s) {
7948 * See ALUExceptionReturn:
7949 * In User mode, UNPREDICTABLE; we choose UNDEF.
7950 * In Hyp mode, UNDEFINED.
7952 if (IS_USER(s) || s->current_el == 2) {
7953 unallocated_encoding(s);
7956 /* There is no writeback of nzcv to PSTATE. */
7958 ret = STREG_EXC_RET;
7959 } else if (a->rd == 13 && a->rn == 13) {
7960 ret = STREG_SP_CHECK;
7965 DO_ANY2(MOV, tcg_gen_mov_i32, a->s,
7967 StoreRegKind ret = STREG_NORMAL;
7968 if (a->rd == 15 && a->s) {
7970 * See ALUExceptionReturn:
7971 * In User mode, UNPREDICTABLE; we choose UNDEF.
7972 * In Hyp mode, UNDEFINED.
7974 if (IS_USER(s) || s->current_el == 2) {
7975 unallocated_encoding(s);
7978 /* There is no writeback of nzcv to PSTATE. */
7980 ret = STREG_EXC_RET;
7981 } else if (a->rd == 13) {
7982 ret = STREG_SP_CHECK;
7987 DO_ANY2(MVN, tcg_gen_not_i32, a->s, STREG_NORMAL)
7990 * ORN is only available with T32, so there is no register-shifted-register
7991 * form of the insn. Using the DO_ANY3 macro would create an unused function.
7993 static bool trans_ORN_rrri(DisasContext *s, arg_s_rrr_shi *a)
7995 return op_s_rrr_shi(s, a, tcg_gen_orc_i32, a->s, STREG_NORMAL);
7998 static bool trans_ORN_rri(DisasContext *s, arg_s_rri_rot *a)
8000 return op_s_rri_rot(s, a, tcg_gen_orc_i32, a->s, STREG_NORMAL);
8008 * Multiply and multiply accumulate
8011 static bool op_mla(DisasContext *s, arg_s_rrrr *a, bool add)
8015 t1 = load_reg(s, a->rn);
8016 t2 = load_reg(s, a->rm);
8017 tcg_gen_mul_i32(t1, t1, t2);
8018 tcg_temp_free_i32(t2);
8020 t2 = load_reg(s, a->ra);
8021 tcg_gen_add_i32(t1, t1, t2);
8022 tcg_temp_free_i32(t2);
8027 store_reg(s, a->rd, t1);
8031 static bool trans_MUL(DisasContext *s, arg_MUL *a)
8033 return op_mla(s, a, false);
8036 static bool trans_MLA(DisasContext *s, arg_MLA *a)
8038 return op_mla(s, a, true);
8041 static bool trans_MLS(DisasContext *s, arg_MLS *a)
8045 if (!ENABLE_ARCH_6T2) {
8048 t1 = load_reg(s, a->rn);
8049 t2 = load_reg(s, a->rm);
8050 tcg_gen_mul_i32(t1, t1, t2);
8051 tcg_temp_free_i32(t2);
8052 t2 = load_reg(s, a->ra);
8053 tcg_gen_sub_i32(t1, t2, t1);
8054 tcg_temp_free_i32(t2);
8055 store_reg(s, a->rd, t1);
8059 static bool op_mlal(DisasContext *s, arg_s_rrrr *a, bool uns, bool add)
8061 TCGv_i32 t0, t1, t2, t3;
8063 t0 = load_reg(s, a->rm);
8064 t1 = load_reg(s, a->rn);
8066 tcg_gen_mulu2_i32(t0, t1, t0, t1);
8068 tcg_gen_muls2_i32(t0, t1, t0, t1);
8071 t2 = load_reg(s, a->ra);
8072 t3 = load_reg(s, a->rd);
8073 tcg_gen_add2_i32(t0, t1, t0, t1, t2, t3);
8074 tcg_temp_free_i32(t2);
8075 tcg_temp_free_i32(t3);
8078 gen_logicq_cc(t0, t1);
8080 store_reg(s, a->ra, t0);
8081 store_reg(s, a->rd, t1);
8085 static bool trans_UMULL(DisasContext *s, arg_UMULL *a)
8087 return op_mlal(s, a, true, false);
8090 static bool trans_SMULL(DisasContext *s, arg_SMULL *a)
8092 return op_mlal(s, a, false, false);
8095 static bool trans_UMLAL(DisasContext *s, arg_UMLAL *a)
8097 return op_mlal(s, a, true, true);
8100 static bool trans_SMLAL(DisasContext *s, arg_SMLAL *a)
8102 return op_mlal(s, a, false, true);
8105 static bool trans_UMAAL(DisasContext *s, arg_UMAAL *a)
8107 TCGv_i32 t0, t1, t2, zero;
8110 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)
8115 t0 = load_reg(s, a->rm);
8116 t1 = load_reg(s, a->rn);
8117 tcg_gen_mulu2_i32(t0, t1, t0, t1);
8118 zero = tcg_const_i32(0);
8119 t2 = load_reg(s, a->ra);
8120 tcg_gen_add2_i32(t0, t1, t0, t1, t2, zero);
8121 tcg_temp_free_i32(t2);
8122 t2 = load_reg(s, a->rd);
8123 tcg_gen_add2_i32(t0, t1, t0, t1, t2, zero);
8124 tcg_temp_free_i32(t2);
8125 tcg_temp_free_i32(zero);
8126 store_reg(s, a->ra, t0);
8127 store_reg(s, a->rd, t1);
8135 static void disas_arm_insn(DisasContext *s, unsigned int insn)
8137 unsigned int cond, val, op1, i, shift, rm, rs, rn, rd, sh;
8144 /* M variants do not implement ARM mode; this must raise the INVSTATE
8145 * UsageFault exception.
8147 if (arm_dc_feature(s, ARM_FEATURE_M)) {
8148 gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
8149 default_exception_el(s));
8155 /* In ARMv3 and v4 the NV condition is UNPREDICTABLE; we
8156 * choose to UNDEF. In ARMv5 and above the space is used
8157 * for miscellaneous unconditional instructions.
8161 /* Unconditional instructions. */
8162 if (disas_a32_uncond(s, insn)) {
8165 /* fall back to legacy decoder */
8167 if (((insn >> 25) & 7) == 1) {
8168 /* NEON Data processing. */
8169 if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
8173 if (disas_neon_data_insn(s, insn)) {
8178 if ((insn & 0x0f100000) == 0x04000000) {
8179 /* NEON load/store. */
8180 if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
8184 if (disas_neon_ls_insn(s, insn)) {
8189 if ((insn & 0x0f000e10) == 0x0e000a00) {
8191 if (disas_vfp_insn(s, insn)) {
8196 if (((insn & 0x0f30f000) == 0x0510f000) ||
8197 ((insn & 0x0f30f010) == 0x0710f000)) {
8198 if ((insn & (1 << 22)) == 0) {
8200 if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
8204 /* Otherwise PLD; v5TE+ */
8208 if (((insn & 0x0f70f000) == 0x0450f000) ||
8209 ((insn & 0x0f70f010) == 0x0650f000)) {
8211 return; /* PLI; V7 */
8213 if (((insn & 0x0f700000) == 0x04100000) ||
8214 ((insn & 0x0f700010) == 0x06100000)) {
8215 if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
8218 return; /* v7MP: Unallocated memory hint: must NOP */
8221 if ((insn & 0x0ffffdff) == 0x01010000) {
8224 if (((insn >> 9) & 1) != !!(s->be_data == MO_BE)) {
8225 gen_helper_setend(cpu_env);
8226 s->base.is_jmp = DISAS_UPDATE;
8229 } else if ((insn & 0x0fffff00) == 0x057ff000) {
8230 switch ((insn >> 4) & 0xf) {
8238 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
8241 /* We need to break the TB after this insn to execute
8242 * self-modifying code correctly and also to take
8243 * any pending interrupts immediately.
8245 gen_goto_tb(s, 0, s->base.pc_next);
8248 if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
8252 * TODO: There is no speculation barrier opcode
8253 * for TCG; MB and end the TB instead.
8255 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
8256 gen_goto_tb(s, 0, s->base.pc_next);
8261 } else if ((insn & 0x0e5fffe0) == 0x084d0500) {
8264 gen_srs(s, (insn & 0x1f), (insn >> 23) & 3, insn & (1 << 21));
8266 } else if ((insn & 0x0e50ffe0) == 0x08100a00) {
8272 rn = (insn >> 16) & 0xf;
8273 addr = load_reg(s, rn);
8274 i = (insn >> 23) & 3;
8276 case 0: offset = -4; break; /* DA */
8277 case 1: offset = 0; break; /* IA */
8278 case 2: offset = -8; break; /* DB */
8279 case 3: offset = 4; break; /* IB */
8283 tcg_gen_addi_i32(addr, addr, offset);
8284 /* Load PC into tmp and CPSR into tmp2. */
8285 tmp = tcg_temp_new_i32();
8286 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8287 tcg_gen_addi_i32(addr, addr, 4);
8288 tmp2 = tcg_temp_new_i32();
8289 gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
8290 if (insn & (1 << 21)) {
8291 /* Base writeback. */
8293 case 0: offset = -8; break;
8294 case 1: offset = 4; break;
8295 case 2: offset = -4; break;
8296 case 3: offset = 0; break;
8300 tcg_gen_addi_i32(addr, addr, offset);
8301 store_reg(s, rn, addr);
8303 tcg_temp_free_i32(addr);
8305 gen_rfe(s, tmp, tmp2);
8307 } else if ((insn & 0x0e000000) == 0x0a000000) {
8308 /* branch link and change to thumb (blx <offset>) */
8311 tmp = tcg_temp_new_i32();
8312 tcg_gen_movi_i32(tmp, s->base.pc_next);
8313 store_reg(s, 14, tmp);
8314 /* Sign-extend the 24-bit offset */
8315 offset = (((int32_t)insn) << 8) >> 8;
8317 /* offset * 4 + bit24 * 2 + (thumb bit) */
8318 val += (offset << 2) | ((insn >> 23) & 2) | 1;
8319 /* protected by ARCH(5); above, near the start of uncond block */
8322 } else if ((insn & 0x0e000f00) == 0x0c000100) {
8323 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
8324 /* iWMMXt register transfer. */
8325 if (extract32(s->c15_cpar, 1, 1)) {
8326 if (!disas_iwmmxt_insn(s, insn)) {
8331 } else if ((insn & 0x0e000a00) == 0x0c000800
8332 && arm_dc_feature(s, ARM_FEATURE_V8)) {
8333 if (disas_neon_insn_3same_ext(s, insn)) {
8337 } else if ((insn & 0x0f000a00) == 0x0e000800
8338 && arm_dc_feature(s, ARM_FEATURE_V8)) {
8339 if (disas_neon_insn_2reg_scalar_ext(s, insn)) {
8343 } else if ((insn & 0x0fe00000) == 0x0c400000) {
8344 /* Coprocessor double register transfer. */
8346 } else if ((insn & 0x0f000010) == 0x0e000010) {
8347 /* Additional coprocessor register transfer. */
8348 } else if ((insn & 0x0ff10020) == 0x01000000) {
8351 /* cps (privileged) */
8355 if (insn & (1 << 19)) {
8356 if (insn & (1 << 8))
8358 if (insn & (1 << 7))
8360 if (insn & (1 << 6))
8362 if (insn & (1 << 18))
8365 if (insn & (1 << 17)) {
8367 val |= (insn & 0x1f);
8370 gen_set_psr_im(s, mask, 0, val);
8377 /* if not always execute, we generate a conditional jump to
8379 arm_skip_unless(s, cond);
8382 if (disas_a32(s, insn)) {
8385 /* fall back to legacy decoder */
8387 if ((insn & 0x0f900000) == 0x03000000) {
8388 if ((insn & (1 << 21)) == 0) {
8390 rd = (insn >> 12) & 0xf;
8391 val = ((insn >> 4) & 0xf000) | (insn & 0xfff);
8392 if ((insn & (1 << 22)) == 0) {
8394 tmp = tcg_temp_new_i32();
8395 tcg_gen_movi_i32(tmp, val);
8398 tmp = load_reg(s, rd);
8399 tcg_gen_ext16u_i32(tmp, tmp);
8400 tcg_gen_ori_i32(tmp, tmp, val << 16);
8402 store_reg(s, rd, tmp);
8404 if (((insn >> 12) & 0xf) != 0xf)
8406 if (((insn >> 16) & 0xf) == 0) {
8407 gen_nop_hint(s, insn & 0xff);
8409 /* CPSR = immediate */
8411 shift = ((insn >> 8) & 0xf) * 2;
8412 val = ror32(val, shift);
8413 i = ((insn & (1 << 22)) != 0);
8414 if (gen_set_psr_im(s, msr_mask(s, (insn >> 16) & 0xf, i),
8420 } else if ((insn & 0x0f900000) == 0x01000000
8421 && (insn & 0x00000090) != 0x00000090) {
8422 /* miscellaneous instructions */
8423 op1 = (insn >> 21) & 3;
8424 sh = (insn >> 4) & 0xf;
8427 case 0x0: /* MSR, MRS */
8428 if (insn & (1 << 9)) {
8429 /* MSR (banked) and MRS (banked) */
8430 int sysm = extract32(insn, 16, 4) |
8431 (extract32(insn, 8, 1) << 4);
8432 int r = extract32(insn, 22, 1);
8436 gen_msr_banked(s, r, sysm, rm);
8439 int rd = extract32(insn, 12, 4);
8441 gen_mrs_banked(s, r, sysm, rd);
8446 /* MSR, MRS (for PSRs) */
8449 tmp = load_reg(s, rm);
8450 i = ((op1 & 2) != 0);
8451 if (gen_set_psr(s, msr_mask(s, (insn >> 16) & 0xf, i), i, tmp))
8455 rd = (insn >> 12) & 0xf;
8459 tmp = load_cpu_field(spsr);
8461 tmp = tcg_temp_new_i32();
8462 gen_helper_cpsr_read(tmp, cpu_env);
8464 store_reg(s, rd, tmp);
8469 /* branch/exchange thumb (bx). */
8471 tmp = load_reg(s, rm);
8473 } else if (op1 == 3) {
8476 rd = (insn >> 12) & 0xf;
8477 tmp = load_reg(s, rm);
8478 tcg_gen_clzi_i32(tmp, tmp, 32);
8479 store_reg(s, rd, tmp);
8487 /* Trivial implementation equivalent to bx. */
8488 tmp = load_reg(s, rm);
8499 /* branch link/exchange thumb (blx) */
8500 tmp = load_reg(s, rm);
8501 tmp2 = tcg_temp_new_i32();
8502 tcg_gen_movi_i32(tmp2, s->base.pc_next);
8503 store_reg(s, 14, tmp2);
8509 uint32_t c = extract32(insn, 8, 4);
8511 /* Check this CPU supports ARMv8 CRC instructions.
8512 * op1 == 3 is UNPREDICTABLE but handle as UNDEFINED.
8513 * Bits 8, 10 and 11 should be zero.
8515 if (!dc_isar_feature(aa32_crc32, s) || op1 == 0x3 || (c & 0xd) != 0) {
8519 rn = extract32(insn, 16, 4);
8520 rd = extract32(insn, 12, 4);
8522 tmp = load_reg(s, rn);
8523 tmp2 = load_reg(s, rm);
8525 tcg_gen_andi_i32(tmp2, tmp2, 0xff);
8526 } else if (op1 == 1) {
8527 tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
8529 tmp3 = tcg_const_i32(1 << op1);
8531 gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
8533 gen_helper_crc32(tmp, tmp, tmp2, tmp3);
8535 tcg_temp_free_i32(tmp2);
8536 tcg_temp_free_i32(tmp3);
8537 store_reg(s, rd, tmp);
8540 case 0x5: /* saturating add/subtract */
8542 rd = (insn >> 12) & 0xf;
8543 rn = (insn >> 16) & 0xf;
8544 tmp = load_reg(s, rm);
8545 tmp2 = load_reg(s, rn);
8547 gen_helper_add_saturate(tmp2, cpu_env, tmp2, tmp2);
8549 gen_helper_sub_saturate(tmp, cpu_env, tmp, tmp2);
8551 gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
8552 tcg_temp_free_i32(tmp2);
8553 store_reg(s, rd, tmp);
8555 case 0x6: /* ERET */
8559 if (!arm_dc_feature(s, ARM_FEATURE_V7VE)) {
8562 if ((insn & 0x000fff0f) != 0x0000000e) {
8563 /* UNPREDICTABLE; we choose to UNDEF */
8567 if (s->current_el == 2) {
8568 tmp = load_cpu_field(elr_el[2]);
8570 tmp = load_reg(s, 14);
8572 gen_exception_return(s, tmp);
8576 int imm16 = extract32(insn, 0, 4) | (extract32(insn, 8, 12) << 4);
8585 gen_exception_bkpt_insn(s, syn_aa32_bkpt(imm16, false));
8588 /* Hypervisor call (v7) */
8596 /* Secure monitor call (v6+) */
8604 g_assert_not_reached();
8608 case 0x8: /* signed multiply */
8613 rs = (insn >> 8) & 0xf;
8614 rn = (insn >> 12) & 0xf;
8615 rd = (insn >> 16) & 0xf;
8617 /* (32 * 16) >> 16 */
8618 tmp = load_reg(s, rm);
8619 tmp2 = load_reg(s, rs);
8621 tcg_gen_sari_i32(tmp2, tmp2, 16);
8624 tmp64 = gen_muls_i64_i32(tmp, tmp2);
8625 tcg_gen_shri_i64(tmp64, tmp64, 16);
8626 tmp = tcg_temp_new_i32();
8627 tcg_gen_extrl_i64_i32(tmp, tmp64);
8628 tcg_temp_free_i64(tmp64);
8629 if ((sh & 2) == 0) {
8630 tmp2 = load_reg(s, rn);
8631 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8632 tcg_temp_free_i32(tmp2);
8634 store_reg(s, rd, tmp);
8637 tmp = load_reg(s, rm);
8638 tmp2 = load_reg(s, rs);
8639 gen_mulxy(tmp, tmp2, sh & 2, sh & 4);
8640 tcg_temp_free_i32(tmp2);
8642 tmp64 = tcg_temp_new_i64();
8643 tcg_gen_ext_i32_i64(tmp64, tmp);
8644 tcg_temp_free_i32(tmp);
8645 gen_addq(s, tmp64, rn, rd);
8646 gen_storeq_reg(s, rn, rd, tmp64);
8647 tcg_temp_free_i64(tmp64);
8650 tmp2 = load_reg(s, rn);
8651 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8652 tcg_temp_free_i32(tmp2);
8654 store_reg(s, rd, tmp);
8661 } else if (((insn & 0x0e000000) == 0 &&
8662 (insn & 0x00000090) != 0x90) ||
8663 ((insn & 0x0e000000) == (1 << 25))) {
8664 /* Data-processing (reg, reg-shift-reg, imm). */
8665 /* All done in decodetree. Reach here for illegal ops. */
8668 /* other instructions */
8669 op1 = (insn >> 24) & 0xf;
8673 /* multiplies, extra load/stores */
8674 sh = (insn >> 5) & 3;
8677 /* Multiply and multiply accumulate. */
8678 /* All done in decodetree. Reach here for illegal ops. */
8681 rn = (insn >> 16) & 0xf;
8682 rd = (insn >> 12) & 0xf;
8683 if (insn & (1 << 23)) {
8684 /* load/store exclusive */
8685 bool is_ld = extract32(insn, 20, 1);
8686 bool is_lasr = !extract32(insn, 8, 1);
8687 int op2 = (insn >> 8) & 3;
8688 op1 = (insn >> 21) & 0x3;
8691 case 0: /* lda/stl */
8697 case 1: /* reserved */
8699 case 2: /* ldaex/stlex */
8702 case 3: /* ldrex/strex */
8711 addr = tcg_temp_local_new_i32();
8712 load_reg_var(s, addr, rn);
8714 if (is_lasr && !is_ld) {
8715 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
8720 tmp = tcg_temp_new_i32();
8723 gen_aa32_ld32u_iss(s, tmp, addr,
8728 gen_aa32_ld8u_iss(s, tmp, addr,
8733 gen_aa32_ld16u_iss(s, tmp, addr,
8740 store_reg(s, rd, tmp);
8743 tmp = load_reg(s, rm);
8746 gen_aa32_st32_iss(s, tmp, addr,
8751 gen_aa32_st8_iss(s, tmp, addr,
8756 gen_aa32_st16_iss(s, tmp, addr,
8763 tcg_temp_free_i32(tmp);
8768 gen_load_exclusive(s, rd, 15, addr, 2);
8770 case 1: /* ldrexd */
8771 gen_load_exclusive(s, rd, rd + 1, addr, 3);
8773 case 2: /* ldrexb */
8774 gen_load_exclusive(s, rd, 15, addr, 0);
8776 case 3: /* ldrexh */
8777 gen_load_exclusive(s, rd, 15, addr, 1);
8786 gen_store_exclusive(s, rd, rm, 15, addr, 2);
8788 case 1: /* strexd */
8789 gen_store_exclusive(s, rd, rm, rm + 1, addr, 3);
8791 case 2: /* strexb */
8792 gen_store_exclusive(s, rd, rm, 15, addr, 0);
8794 case 3: /* strexh */
8795 gen_store_exclusive(s, rd, rm, 15, addr, 1);
8801 tcg_temp_free_i32(addr);
8803 if (is_lasr && is_ld) {
8804 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
8806 } else if ((insn & 0x00300f00) == 0) {
8807 /* 0bcccc_0001_0x00_xxxx_xxxx_0000_1001_xxxx
8812 MemOp opc = s->be_data;
8816 if (insn & (1 << 22)) {
8819 opc |= MO_UL | MO_ALIGN;
8822 addr = load_reg(s, rn);
8823 taddr = gen_aa32_addr(s, addr, opc);
8824 tcg_temp_free_i32(addr);
8826 tmp = load_reg(s, rm);
8827 tcg_gen_atomic_xchg_i32(tmp, taddr, tmp,
8828 get_mem_index(s), opc);
8829 tcg_temp_free(taddr);
8830 store_reg(s, rd, tmp);
8837 bool load = insn & (1 << 20);
8838 bool wbit = insn & (1 << 21);
8839 bool pbit = insn & (1 << 24);
8840 bool doubleword = false;
8843 /* Misc load/store */
8844 rn = (insn >> 16) & 0xf;
8845 rd = (insn >> 12) & 0xf;
8847 /* ISS not valid if writeback */
8848 issinfo = (pbit & !wbit) ? rd : ISSInvalid;
8850 if (!load && (sh & 2)) {
8854 /* UNPREDICTABLE; we choose to UNDEF */
8857 load = (sh & 1) == 0;
8861 addr = load_reg(s, rn);
8863 gen_add_datah_offset(s, insn, 0, addr);
8870 tmp = load_reg(s, rd);
8871 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
8872 tcg_temp_free_i32(tmp);
8873 tcg_gen_addi_i32(addr, addr, 4);
8874 tmp = load_reg(s, rd + 1);
8875 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
8876 tcg_temp_free_i32(tmp);
8879 tmp = tcg_temp_new_i32();
8880 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8881 store_reg(s, rd, tmp);
8882 tcg_gen_addi_i32(addr, addr, 4);
8883 tmp = tcg_temp_new_i32();
8884 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8887 address_offset = -4;
8890 tmp = tcg_temp_new_i32();
8893 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s),
8897 gen_aa32_ld8s_iss(s, tmp, addr, get_mem_index(s),
8902 gen_aa32_ld16s_iss(s, tmp, addr, get_mem_index(s),
8908 tmp = load_reg(s, rd);
8909 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), issinfo);
8910 tcg_temp_free_i32(tmp);
8912 /* Perform base writeback before the loaded value to
8913 ensure correct behavior with overlapping index registers.
8914 ldrd with base writeback is undefined if the
8915 destination and index registers overlap. */
8917 gen_add_datah_offset(s, insn, address_offset, addr);
8918 store_reg(s, rn, addr);
8921 tcg_gen_addi_i32(addr, addr, address_offset);
8922 store_reg(s, rn, addr);
8924 tcg_temp_free_i32(addr);
8927 /* Complete the load. */
8928 store_reg(s, rd, tmp);
8937 if (insn & (1 << 4)) {
8939 /* Armv6 Media instructions. */
8941 rn = (insn >> 16) & 0xf;
8942 rd = (insn >> 12) & 0xf;
8943 rs = (insn >> 8) & 0xf;
8944 switch ((insn >> 23) & 3) {
8945 case 0: /* Parallel add/subtract. */
8946 op1 = (insn >> 20) & 7;
8947 tmp = load_reg(s, rn);
8948 tmp2 = load_reg(s, rm);
8949 sh = (insn >> 5) & 7;
8950 if ((op1 & 3) == 0 || sh == 5 || sh == 6)
8952 gen_arm_parallel_addsub(op1, sh, tmp, tmp2);
8953 tcg_temp_free_i32(tmp2);
8954 store_reg(s, rd, tmp);
8957 if ((insn & 0x00700020) == 0) {
8958 /* Halfword pack. */
8959 tmp = load_reg(s, rn);
8960 tmp2 = load_reg(s, rm);
8961 shift = (insn >> 7) & 0x1f;
8962 if (insn & (1 << 6)) {
8967 tcg_gen_sari_i32(tmp2, tmp2, shift);
8968 tcg_gen_deposit_i32(tmp, tmp, tmp2, 0, 16);
8971 tcg_gen_shli_i32(tmp2, tmp2, shift);
8972 tcg_gen_deposit_i32(tmp, tmp2, tmp, 0, 16);
8974 tcg_temp_free_i32(tmp2);
8975 store_reg(s, rd, tmp);
8976 } else if ((insn & 0x00200020) == 0x00200000) {
8978 tmp = load_reg(s, rm);
8979 shift = (insn >> 7) & 0x1f;
8980 if (insn & (1 << 6)) {
8983 tcg_gen_sari_i32(tmp, tmp, shift);
8985 tcg_gen_shli_i32(tmp, tmp, shift);
8987 sh = (insn >> 16) & 0x1f;
8988 tmp2 = tcg_const_i32(sh);
8989 if (insn & (1 << 22))
8990 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
8992 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
8993 tcg_temp_free_i32(tmp2);
8994 store_reg(s, rd, tmp);
8995 } else if ((insn & 0x00300fe0) == 0x00200f20) {
8997 tmp = load_reg(s, rm);
8998 sh = (insn >> 16) & 0x1f;
8999 tmp2 = tcg_const_i32(sh);
9000 if (insn & (1 << 22))
9001 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
9003 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
9004 tcg_temp_free_i32(tmp2);
9005 store_reg(s, rd, tmp);
9006 } else if ((insn & 0x00700fe0) == 0x00000fa0) {
9008 tmp = load_reg(s, rn);
9009 tmp2 = load_reg(s, rm);
9010 tmp3 = tcg_temp_new_i32();
9011 tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
9012 gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
9013 tcg_temp_free_i32(tmp3);
9014 tcg_temp_free_i32(tmp2);
9015 store_reg(s, rd, tmp);
9016 } else if ((insn & 0x000003e0) == 0x00000060) {
9017 tmp = load_reg(s, rm);
9018 shift = (insn >> 10) & 3;
9019 /* ??? In many cases it's not necessary to do a
9020 rotate, a shift is sufficient. */
9021 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
9022 op1 = (insn >> 20) & 7;
9024 case 0: gen_sxtb16(tmp); break;
9025 case 2: gen_sxtb(tmp); break;
9026 case 3: gen_sxth(tmp); break;
9027 case 4: gen_uxtb16(tmp); break;
9028 case 6: gen_uxtb(tmp); break;
9029 case 7: gen_uxth(tmp); break;
9030 default: goto illegal_op;
9033 tmp2 = load_reg(s, rn);
9034 if ((op1 & 3) == 0) {
9035 gen_add16(tmp, tmp2);
9037 tcg_gen_add_i32(tmp, tmp, tmp2);
9038 tcg_temp_free_i32(tmp2);
9041 store_reg(s, rd, tmp);
9042 } else if ((insn & 0x003f0f60) == 0x003f0f20) {
9044 tmp = load_reg(s, rm);
9045 if (insn & (1 << 22)) {
9046 if (insn & (1 << 7)) {
9050 gen_helper_rbit(tmp, tmp);
9053 if (insn & (1 << 7))
9056 tcg_gen_bswap32_i32(tmp, tmp);
9058 store_reg(s, rd, tmp);
9063 case 2: /* Multiplies (Type 3). */
9064 switch ((insn >> 20) & 0x7) {
9066 if (((insn >> 6) ^ (insn >> 7)) & 1) {
9067 /* op2 not 00x or 11x : UNDEF */
9070 /* Signed multiply most significant [accumulate].
9071 (SMMUL, SMMLA, SMMLS) */
9072 tmp = load_reg(s, rm);
9073 tmp2 = load_reg(s, rs);
9074 tcg_gen_muls2_i32(tmp2, tmp, tmp, tmp2);
9077 tmp3 = load_reg(s, rd);
9078 if (insn & (1 << 6)) {
9080 * For SMMLS, we need a 64-bit subtract.
9081 * Borrow caused by a non-zero multiplicand
9082 * lowpart, and the correct result lowpart
9085 TCGv_i32 zero = tcg_const_i32(0);
9086 tcg_gen_sub2_i32(tmp2, tmp, zero, tmp3,
9088 tcg_temp_free_i32(zero);
9090 tcg_gen_add_i32(tmp, tmp, tmp3);
9092 tcg_temp_free_i32(tmp3);
9094 if (insn & (1 << 5)) {
9096 * Adding 0x80000000 to the 64-bit quantity
9097 * means that we have carry in to the high
9098 * word when the low word has the high bit set.
9100 tcg_gen_shri_i32(tmp2, tmp2, 31);
9101 tcg_gen_add_i32(tmp, tmp, tmp2);
9103 tcg_temp_free_i32(tmp2);
9104 store_reg(s, rn, tmp);
9108 /* SMLAD, SMUAD, SMLSD, SMUSD, SMLALD, SMLSLD */
9109 if (insn & (1 << 7)) {
9112 tmp = load_reg(s, rm);
9113 tmp2 = load_reg(s, rs);
9114 if (insn & (1 << 5))
9115 gen_swap_half(tmp2);
9116 gen_smul_dual(tmp, tmp2);
9117 if (insn & (1 << 22)) {
9118 /* smlald, smlsld */
9121 tmp64 = tcg_temp_new_i64();
9122 tmp64_2 = tcg_temp_new_i64();
9123 tcg_gen_ext_i32_i64(tmp64, tmp);
9124 tcg_gen_ext_i32_i64(tmp64_2, tmp2);
9125 tcg_temp_free_i32(tmp);
9126 tcg_temp_free_i32(tmp2);
9127 if (insn & (1 << 6)) {
9128 tcg_gen_sub_i64(tmp64, tmp64, tmp64_2);
9130 tcg_gen_add_i64(tmp64, tmp64, tmp64_2);
9132 tcg_temp_free_i64(tmp64_2);
9133 gen_addq(s, tmp64, rd, rn);
9134 gen_storeq_reg(s, rd, rn, tmp64);
9135 tcg_temp_free_i64(tmp64);
9137 /* smuad, smusd, smlad, smlsd */
9138 if (insn & (1 << 6)) {
9139 /* This subtraction cannot overflow. */
9140 tcg_gen_sub_i32(tmp, tmp, tmp2);
9142 /* This addition cannot overflow 32 bits;
9143 * however it may overflow considered as a
9144 * signed operation, in which case we must set
9147 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9149 tcg_temp_free_i32(tmp2);
9152 tmp2 = load_reg(s, rd);
9153 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9154 tcg_temp_free_i32(tmp2);
9156 store_reg(s, rn, tmp);
9162 if (!dc_isar_feature(arm_div, s)) {
9165 if (((insn >> 5) & 7) || (rd != 15)) {
9168 tmp = load_reg(s, rm);
9169 tmp2 = load_reg(s, rs);
9170 if (insn & (1 << 21)) {
9171 gen_helper_udiv(tmp, tmp, tmp2);
9173 gen_helper_sdiv(tmp, tmp, tmp2);
9175 tcg_temp_free_i32(tmp2);
9176 store_reg(s, rn, tmp);
9183 op1 = ((insn >> 17) & 0x38) | ((insn >> 5) & 7);
9185 case 0: /* Unsigned sum of absolute differences. */
9187 tmp = load_reg(s, rm);
9188 tmp2 = load_reg(s, rs);
9189 gen_helper_usad8(tmp, tmp, tmp2);
9190 tcg_temp_free_i32(tmp2);
9192 tmp2 = load_reg(s, rd);
9193 tcg_gen_add_i32(tmp, tmp, tmp2);
9194 tcg_temp_free_i32(tmp2);
9196 store_reg(s, rn, tmp);
9198 case 0x20: case 0x24: case 0x28: case 0x2c:
9199 /* Bitfield insert/clear. */
9201 shift = (insn >> 7) & 0x1f;
9202 i = (insn >> 16) & 0x1f;
9204 /* UNPREDICTABLE; we choose to UNDEF */
9209 tmp = tcg_temp_new_i32();
9210 tcg_gen_movi_i32(tmp, 0);
9212 tmp = load_reg(s, rm);
9215 tmp2 = load_reg(s, rd);
9216 tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, i);
9217 tcg_temp_free_i32(tmp2);
9219 store_reg(s, rd, tmp);
9221 case 0x12: case 0x16: case 0x1a: case 0x1e: /* sbfx */
9222 case 0x32: case 0x36: case 0x3a: case 0x3e: /* ubfx */
9224 tmp = load_reg(s, rm);
9225 shift = (insn >> 7) & 0x1f;
9226 i = ((insn >> 16) & 0x1f) + 1;
9231 tcg_gen_extract_i32(tmp, tmp, shift, i);
9233 tcg_gen_sextract_i32(tmp, tmp, shift, i);
9236 store_reg(s, rd, tmp);
9246 /* Check for undefined extension instructions
9247 * per the ARM Bible IE:
9248 * xxxx 0111 1111 xxxx xxxx xxxx 1111 xxxx
9250 sh = (0xf << 20) | (0xf << 4);
9251 if (op1 == 0x7 && ((insn & sh) == sh))
9255 /* load/store byte/word */
9256 rn = (insn >> 16) & 0xf;
9257 rd = (insn >> 12) & 0xf;
9258 tmp2 = load_reg(s, rn);
9259 if ((insn & 0x01200000) == 0x00200000) {
9261 i = get_a32_user_mem_index(s);
9263 i = get_mem_index(s);
9265 if (insn & (1 << 24))
9266 gen_add_data_offset(s, insn, tmp2);
9267 if (insn & (1 << 20)) {
9269 tmp = tcg_temp_new_i32();
9270 if (insn & (1 << 22)) {
9271 gen_aa32_ld8u_iss(s, tmp, tmp2, i, rd);
9273 gen_aa32_ld32u_iss(s, tmp, tmp2, i, rd);
9277 tmp = load_reg(s, rd);
9278 if (insn & (1 << 22)) {
9279 gen_aa32_st8_iss(s, tmp, tmp2, i, rd);
9281 gen_aa32_st32_iss(s, tmp, tmp2, i, rd);
9283 tcg_temp_free_i32(tmp);
9285 if (!(insn & (1 << 24))) {
9286 gen_add_data_offset(s, insn, tmp2);
9287 store_reg(s, rn, tmp2);
9288 } else if (insn & (1 << 21)) {
9289 store_reg(s, rn, tmp2);
9291 tcg_temp_free_i32(tmp2);
9293 if (insn & (1 << 20)) {
9294 /* Complete the load. */
9295 store_reg_from_load(s, rd, tmp);
9301 int j, n, loaded_base;
9302 bool exc_return = false;
9303 bool is_load = extract32(insn, 20, 1);
9305 TCGv_i32 loaded_var;
9306 /* load/store multiple words */
9307 /* XXX: store correct base if write back */
9308 if (insn & (1 << 22)) {
9309 /* LDM (user), LDM (exception return) and STM (user) */
9311 goto illegal_op; /* only usable in supervisor mode */
9313 if (is_load && extract32(insn, 15, 1)) {
9319 rn = (insn >> 16) & 0xf;
9320 addr = load_reg(s, rn);
9322 /* compute total size */
9326 for (i = 0; i < 16; i++) {
9327 if (insn & (1 << i))
9330 /* XXX: test invalid n == 0 case ? */
9331 if (insn & (1 << 23)) {
9332 if (insn & (1 << 24)) {
9334 tcg_gen_addi_i32(addr, addr, 4);
9336 /* post increment */
9339 if (insn & (1 << 24)) {
9341 tcg_gen_addi_i32(addr, addr, -(n * 4));
9343 /* post decrement */
9345 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9349 for (i = 0; i < 16; i++) {
9350 if (insn & (1 << i)) {
9353 tmp = tcg_temp_new_i32();
9354 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9356 tmp2 = tcg_const_i32(i);
9357 gen_helper_set_user_reg(cpu_env, tmp2, tmp);
9358 tcg_temp_free_i32(tmp2);
9359 tcg_temp_free_i32(tmp);
9360 } else if (i == rn) {
9363 } else if (i == 15 && exc_return) {
9364 store_pc_exc_ret(s, tmp);
9366 store_reg_from_load(s, i, tmp);
9371 tmp = tcg_temp_new_i32();
9372 tcg_gen_movi_i32(tmp, read_pc(s));
9374 tmp = tcg_temp_new_i32();
9375 tmp2 = tcg_const_i32(i);
9376 gen_helper_get_user_reg(tmp, cpu_env, tmp2);
9377 tcg_temp_free_i32(tmp2);
9379 tmp = load_reg(s, i);
9381 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9382 tcg_temp_free_i32(tmp);
9385 /* no need to add after the last transfer */
9387 tcg_gen_addi_i32(addr, addr, 4);
9390 if (insn & (1 << 21)) {
9392 if (insn & (1 << 23)) {
9393 if (insn & (1 << 24)) {
9396 /* post increment */
9397 tcg_gen_addi_i32(addr, addr, 4);
9400 if (insn & (1 << 24)) {
9403 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9405 /* post decrement */
9406 tcg_gen_addi_i32(addr, addr, -(n * 4));
9409 store_reg(s, rn, addr);
9411 tcg_temp_free_i32(addr);
9414 store_reg(s, rn, loaded_var);
9417 /* Restore CPSR from SPSR. */
9418 tmp = load_cpu_field(spsr);
9419 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
9422 gen_helper_cpsr_write_eret(cpu_env, tmp);
9423 tcg_temp_free_i32(tmp);
9424 /* Must exit loop to check un-masked IRQs */
9425 s->base.is_jmp = DISAS_EXIT;
9434 /* branch (and link) */
9435 if (insn & (1 << 24)) {
9436 tmp = tcg_temp_new_i32();
9437 tcg_gen_movi_i32(tmp, s->base.pc_next);
9438 store_reg(s, 14, tmp);
9440 offset = sextract32(insn << 2, 0, 26);
9441 gen_jmp(s, read_pc(s) + offset);
9447 if (((insn >> 8) & 0xe) == 10) {
9449 if (disas_vfp_insn(s, insn)) {
9452 } else if (disas_coproc_insn(s, insn)) {
9459 gen_set_pc_im(s, s->base.pc_next);
9460 s->svc_imm = extract32(insn, 0, 24);
9461 s->base.is_jmp = DISAS_SWI;
9465 unallocated_encoding(s);
9471 static bool thumb_insn_is_16bit(DisasContext *s, uint32_t pc, uint32_t insn)
9474 * Return true if this is a 16 bit instruction. We must be precise
9475 * about this (matching the decode).
9477 if ((insn >> 11) < 0x1d) {
9478 /* Definitely a 16-bit instruction */
9482 /* Top five bits 0b11101 / 0b11110 / 0b11111 : this is the
9483 * first half of a 32-bit Thumb insn. Thumb-1 cores might
9484 * end up actually treating this as two 16-bit insns, though,
9485 * if it's half of a bl/blx pair that might span a page boundary.
9487 if (arm_dc_feature(s, ARM_FEATURE_THUMB2) ||
9488 arm_dc_feature(s, ARM_FEATURE_M)) {
9489 /* Thumb2 cores (including all M profile ones) always treat
9490 * 32-bit insns as 32-bit.
9495 if ((insn >> 11) == 0x1e && pc - s->page_start < TARGET_PAGE_SIZE - 3) {
9496 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix, and the suffix
9497 * is not on the next page; we merge this into a 32-bit
9502 /* 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF);
9503 * 0b1111_1xxx_xxxx_xxxx : BL suffix;
9504 * 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix on the end of a page
9505 * -- handle as single 16 bit insn
9510 /* Translate a 32-bit thumb instruction. */
9511 static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
9513 uint32_t imm, shift, offset;
9514 uint32_t rd, rn, rm, rs;
9523 * ARMv6-M supports a limited subset of Thumb2 instructions.
9524 * Other Thumb1 architectures allow only 32-bit
9525 * combined BL/BLX prefix and suffix.
9527 if (arm_dc_feature(s, ARM_FEATURE_M) &&
9528 !arm_dc_feature(s, ARM_FEATURE_V7)) {
9531 static const uint32_t armv6m_insn[] = {0xf3808000 /* msr */,
9532 0xf3b08040 /* dsb */,
9533 0xf3b08050 /* dmb */,
9534 0xf3b08060 /* isb */,
9535 0xf3e08000 /* mrs */,
9536 0xf000d000 /* bl */};
9537 static const uint32_t armv6m_mask[] = {0xffe0d000,
9544 for (i = 0; i < ARRAY_SIZE(armv6m_insn); i++) {
9545 if ((insn & armv6m_mask[i]) == armv6m_insn[i]) {
9553 } else if ((insn & 0xf800e800) != 0xf000e800) {
9557 if (disas_t32(s, insn)) {
9560 /* fall back to legacy decoder */
9562 rn = (insn >> 16) & 0xf;
9563 rs = (insn >> 12) & 0xf;
9564 rd = (insn >> 8) & 0xf;
9566 switch ((insn >> 25) & 0xf) {
9567 case 0: case 1: case 2: case 3:
9568 /* 16-bit instructions. Should never happen. */
9571 if (insn & (1 << 22)) {
9572 /* 0b1110_100x_x1xx_xxxx_xxxx_xxxx_xxxx_xxxx
9573 * - load/store doubleword, load/store exclusive, ldacq/strel,
9576 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_M) &&
9577 arm_dc_feature(s, ARM_FEATURE_V8)) {
9578 /* 0b1110_1001_0111_1111_1110_1001_0111_111
9580 * The bulk of the behaviour for this instruction is implemented
9581 * in v7m_handle_execute_nsc(), which deals with the insn when
9582 * it is executed by a CPU in non-secure state from memory
9583 * which is Secure & NonSecure-Callable.
9584 * Here we only need to handle the remaining cases:
9585 * * in NS memory (including the "security extension not
9586 * implemented" case) : NOP
9587 * * in S memory but CPU already secure (clear IT bits)
9588 * We know that the attribute for the memory this insn is
9589 * in must match the current CPU state, because otherwise
9590 * get_phys_addr_pmsav8 would have generated an exception.
9592 if (s->v8m_secure) {
9593 /* Like the IT insn, we don't need to generate any code */
9594 s->condexec_cond = 0;
9595 s->condexec_mask = 0;
9597 } else if (insn & 0x01200000) {
9598 /* 0b1110_1000_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
9599 * - load/store dual (post-indexed)
9600 * 0b1111_1001_x10x_xxxx_xxxx_xxxx_xxxx_xxxx
9601 * - load/store dual (literal and immediate)
9602 * 0b1111_1001_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
9603 * - load/store dual (pre-indexed)
9605 bool wback = extract32(insn, 21, 1);
9607 if (rn == 15 && (insn & (1 << 21))) {
9612 addr = add_reg_for_lit(s, rn, 0);
9613 offset = (insn & 0xff) * 4;
9614 if ((insn & (1 << 23)) == 0) {
9618 if (s->v8m_stackcheck && rn == 13 && wback) {
9620 * Here 'addr' is the current SP; if offset is +ve we're
9621 * moving SP up, else down. It is UNKNOWN whether the limit
9622 * check triggers when SP starts below the limit and ends
9623 * up above it; check whichever of the current and final
9624 * SP is lower, so QEMU will trigger in that situation.
9626 if ((int32_t)offset < 0) {
9627 TCGv_i32 newsp = tcg_temp_new_i32();
9629 tcg_gen_addi_i32(newsp, addr, offset);
9630 gen_helper_v8m_stackcheck(cpu_env, newsp);
9631 tcg_temp_free_i32(newsp);
9633 gen_helper_v8m_stackcheck(cpu_env, addr);
9637 if (insn & (1 << 24)) {
9638 tcg_gen_addi_i32(addr, addr, offset);
9641 if (insn & (1 << 20)) {
9643 tmp = tcg_temp_new_i32();
9644 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9645 store_reg(s, rs, tmp);
9646 tcg_gen_addi_i32(addr, addr, 4);
9647 tmp = tcg_temp_new_i32();
9648 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9649 store_reg(s, rd, tmp);
9652 tmp = load_reg(s, rs);
9653 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9654 tcg_temp_free_i32(tmp);
9655 tcg_gen_addi_i32(addr, addr, 4);
9656 tmp = load_reg(s, rd);
9657 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9658 tcg_temp_free_i32(tmp);
9661 /* Base writeback. */
9662 tcg_gen_addi_i32(addr, addr, offset - 4);
9663 store_reg(s, rn, addr);
9665 tcg_temp_free_i32(addr);
9667 } else if ((insn & (1 << 23)) == 0) {
9668 /* 0b1110_1000_010x_xxxx_xxxx_xxxx_xxxx_xxxx
9669 * - load/store exclusive word
9673 if (!(insn & (1 << 20)) &&
9674 arm_dc_feature(s, ARM_FEATURE_M) &&
9675 arm_dc_feature(s, ARM_FEATURE_V8)) {
9676 /* 0b1110_1000_0100_xxxx_1111_xxxx_xxxx_xxxx
9679 bool alt = insn & (1 << 7);
9680 TCGv_i32 addr, op, ttresp;
9682 if ((insn & 0x3f) || rd == 13 || rd == 15 || rn == 15) {
9683 /* we UNDEF for these UNPREDICTABLE cases */
9687 if (alt && !s->v8m_secure) {
9691 addr = load_reg(s, rn);
9692 op = tcg_const_i32(extract32(insn, 6, 2));
9693 ttresp = tcg_temp_new_i32();
9694 gen_helper_v7m_tt(ttresp, cpu_env, addr, op);
9695 tcg_temp_free_i32(addr);
9696 tcg_temp_free_i32(op);
9697 store_reg(s, rd, ttresp);
9702 addr = tcg_temp_local_new_i32();
9703 load_reg_var(s, addr, rn);
9704 tcg_gen_addi_i32(addr, addr, (insn & 0xff) << 2);
9705 if (insn & (1 << 20)) {
9706 gen_load_exclusive(s, rs, 15, addr, 2);
9708 gen_store_exclusive(s, rd, rs, 15, addr, 2);
9710 tcg_temp_free_i32(addr);
9711 } else if ((insn & (7 << 5)) == 0) {
9713 addr = load_reg(s, rn);
9714 tmp = load_reg(s, rm);
9715 tcg_gen_add_i32(addr, addr, tmp);
9716 if (insn & (1 << 4)) {
9718 tcg_gen_add_i32(addr, addr, tmp);
9719 tcg_temp_free_i32(tmp);
9720 tmp = tcg_temp_new_i32();
9721 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
9723 tcg_temp_free_i32(tmp);
9724 tmp = tcg_temp_new_i32();
9725 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
9727 tcg_temp_free_i32(addr);
9728 tcg_gen_shli_i32(tmp, tmp, 1);
9729 tcg_gen_addi_i32(tmp, tmp, read_pc(s));
9730 store_reg(s, 15, tmp);
9732 bool is_lasr = false;
9733 bool is_ld = extract32(insn, 20, 1);
9734 int op2 = (insn >> 6) & 0x3;
9735 op = (insn >> 4) & 0x3;
9740 /* Load/store exclusive byte/halfword/doubleword */
9747 /* Load-acquire/store-release */
9753 /* Load-acquire/store-release exclusive */
9759 if (is_lasr && !is_ld) {
9760 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
9763 addr = tcg_temp_local_new_i32();
9764 load_reg_var(s, addr, rn);
9767 tmp = tcg_temp_new_i32();
9770 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s),
9774 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s),
9778 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
9784 store_reg(s, rs, tmp);
9786 tmp = load_reg(s, rs);
9789 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s),
9793 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s),
9797 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s),
9803 tcg_temp_free_i32(tmp);
9806 gen_load_exclusive(s, rs, rd, addr, op);
9808 gen_store_exclusive(s, rm, rs, rd, addr, op);
9810 tcg_temp_free_i32(addr);
9812 if (is_lasr && is_ld) {
9813 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
9817 /* Load/store multiple, RFE, SRS. */
9818 if (((insn >> 23) & 1) == ((insn >> 24) & 1)) {
9819 /* RFE, SRS: not available in user mode or on M profile */
9820 if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
9823 if (insn & (1 << 20)) {
9825 addr = load_reg(s, rn);
9826 if ((insn & (1 << 24)) == 0)
9827 tcg_gen_addi_i32(addr, addr, -8);
9828 /* Load PC into tmp and CPSR into tmp2. */
9829 tmp = tcg_temp_new_i32();
9830 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9831 tcg_gen_addi_i32(addr, addr, 4);
9832 tmp2 = tcg_temp_new_i32();
9833 gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
9834 if (insn & (1 << 21)) {
9835 /* Base writeback. */
9836 if (insn & (1 << 24)) {
9837 tcg_gen_addi_i32(addr, addr, 4);
9839 tcg_gen_addi_i32(addr, addr, -4);
9841 store_reg(s, rn, addr);
9843 tcg_temp_free_i32(addr);
9845 gen_rfe(s, tmp, tmp2);
9848 gen_srs(s, (insn & 0x1f), (insn & (1 << 24)) ? 1 : 2,
9852 int i, loaded_base = 0;
9853 TCGv_i32 loaded_var;
9854 bool wback = extract32(insn, 21, 1);
9855 /* Load/store multiple. */
9856 addr = load_reg(s, rn);
9858 for (i = 0; i < 16; i++) {
9859 if (insn & (1 << i))
9863 if (insn & (1 << 24)) {
9864 tcg_gen_addi_i32(addr, addr, -offset);
9867 if (s->v8m_stackcheck && rn == 13 && wback) {
9869 * If the writeback is incrementing SP rather than
9870 * decrementing it, and the initial SP is below the
9871 * stack limit but the final written-back SP would
9872 * be above, then then we must not perform any memory
9873 * accesses, but it is IMPDEF whether we generate
9874 * an exception. We choose to do so in this case.
9875 * At this point 'addr' is the lowest address, so
9876 * either the original SP (if incrementing) or our
9877 * final SP (if decrementing), so that's what we check.
9879 gen_helper_v8m_stackcheck(cpu_env, addr);
9883 for (i = 0; i < 16; i++) {
9884 if ((insn & (1 << i)) == 0)
9886 if (insn & (1 << 20)) {
9888 tmp = tcg_temp_new_i32();
9889 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9894 store_reg_from_load(s, i, tmp);
9898 tmp = load_reg(s, i);
9899 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9900 tcg_temp_free_i32(tmp);
9902 tcg_gen_addi_i32(addr, addr, 4);
9905 store_reg(s, rn, loaded_var);
9908 /* Base register writeback. */
9909 if (insn & (1 << 24)) {
9910 tcg_gen_addi_i32(addr, addr, -offset);
9912 /* Fault if writeback register is in register list. */
9913 if (insn & (1 << rn))
9915 store_reg(s, rn, addr);
9917 tcg_temp_free_i32(addr);
9924 op = (insn >> 21) & 0xf;
9926 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9929 /* Halfword pack. */
9930 tmp = load_reg(s, rn);
9931 tmp2 = load_reg(s, rm);
9932 shift = ((insn >> 10) & 0x1c) | ((insn >> 6) & 0x3);
9933 if (insn & (1 << 5)) {
9938 tcg_gen_sari_i32(tmp2, tmp2, shift);
9939 tcg_gen_deposit_i32(tmp, tmp, tmp2, 0, 16);
9942 tcg_gen_shli_i32(tmp2, tmp2, shift);
9943 tcg_gen_deposit_i32(tmp, tmp2, tmp, 0, 16);
9945 tcg_temp_free_i32(tmp2);
9946 store_reg(s, rd, tmp);
9948 /* Data processing register constant shift. */
9949 /* All done in decodetree. Reach here for illegal ops. */
9953 case 13: /* Misc data processing. */
9954 op = ((insn >> 22) & 6) | ((insn >> 7) & 1);
9955 if (op < 4 && (insn & 0xf000) != 0xf000)
9958 case 0: /* Register controlled shift, in decodetree */
9960 case 1: /* Sign/zero extend. */
9961 op = (insn >> 20) & 7;
9963 case 0: /* SXTAH, SXTH */
9964 case 1: /* UXTAH, UXTH */
9965 case 4: /* SXTAB, SXTB */
9966 case 5: /* UXTAB, UXTB */
9968 case 2: /* SXTAB16, SXTB16 */
9969 case 3: /* UXTAB16, UXTB16 */
9970 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9978 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9982 tmp = load_reg(s, rm);
9983 shift = (insn >> 4) & 3;
9984 /* ??? In many cases it's not necessary to do a
9985 rotate, a shift is sufficient. */
9986 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
9987 op = (insn >> 20) & 7;
9989 case 0: gen_sxth(tmp); break;
9990 case 1: gen_uxth(tmp); break;
9991 case 2: gen_sxtb16(tmp); break;
9992 case 3: gen_uxtb16(tmp); break;
9993 case 4: gen_sxtb(tmp); break;
9994 case 5: gen_uxtb(tmp); break;
9996 g_assert_not_reached();
9999 tmp2 = load_reg(s, rn);
10000 if ((op >> 1) == 1) {
10001 gen_add16(tmp, tmp2);
10003 tcg_gen_add_i32(tmp, tmp, tmp2);
10004 tcg_temp_free_i32(tmp2);
10007 store_reg(s, rd, tmp);
10009 case 2: /* SIMD add/subtract. */
10010 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10013 op = (insn >> 20) & 7;
10014 shift = (insn >> 4) & 7;
10015 if ((op & 3) == 3 || (shift & 3) == 3)
10017 tmp = load_reg(s, rn);
10018 tmp2 = load_reg(s, rm);
10019 gen_thumb2_parallel_addsub(op, shift, tmp, tmp2);
10020 tcg_temp_free_i32(tmp2);
10021 store_reg(s, rd, tmp);
10023 case 3: /* Other data processing. */
10024 op = ((insn >> 17) & 0x38) | ((insn >> 4) & 7);
10026 /* Saturating add/subtract. */
10027 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10030 tmp = load_reg(s, rn);
10031 tmp2 = load_reg(s, rm);
10033 gen_helper_add_saturate(tmp, cpu_env, tmp, tmp);
10035 gen_helper_sub_saturate(tmp, cpu_env, tmp2, tmp);
10037 gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
10038 tcg_temp_free_i32(tmp2);
10041 case 0x0a: /* rbit */
10042 case 0x08: /* rev */
10043 case 0x09: /* rev16 */
10044 case 0x0b: /* revsh */
10045 case 0x18: /* clz */
10047 case 0x10: /* sel */
10048 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10052 case 0x20: /* crc32/crc32c */
10058 if (!dc_isar_feature(aa32_crc32, s)) {
10065 tmp = load_reg(s, rn);
10067 case 0x0a: /* rbit */
10068 gen_helper_rbit(tmp, tmp);
10070 case 0x08: /* rev */
10071 tcg_gen_bswap32_i32(tmp, tmp);
10073 case 0x09: /* rev16 */
10076 case 0x0b: /* revsh */
10079 case 0x10: /* sel */
10080 tmp2 = load_reg(s, rm);
10081 tmp3 = tcg_temp_new_i32();
10082 tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
10083 gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
10084 tcg_temp_free_i32(tmp3);
10085 tcg_temp_free_i32(tmp2);
10087 case 0x18: /* clz */
10088 tcg_gen_clzi_i32(tmp, tmp, 32);
10098 uint32_t sz = op & 0x3;
10099 uint32_t c = op & 0x8;
10101 tmp2 = load_reg(s, rm);
10103 tcg_gen_andi_i32(tmp2, tmp2, 0xff);
10104 } else if (sz == 1) {
10105 tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
10107 tmp3 = tcg_const_i32(1 << sz);
10109 gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
10111 gen_helper_crc32(tmp, tmp, tmp2, tmp3);
10113 tcg_temp_free_i32(tmp2);
10114 tcg_temp_free_i32(tmp3);
10118 g_assert_not_reached();
10121 store_reg(s, rd, tmp);
10123 case 4: case 5: /* 32-bit multiply. Sum of absolute differences. */
10124 switch ((insn >> 20) & 7) {
10125 case 0: /* 32 x 32 -> 32, in decodetree */
10127 case 7: /* Unsigned sum of absolute differences. */
10129 case 1: /* 16 x 16 -> 32 */
10130 case 2: /* Dual multiply add. */
10131 case 3: /* 32 * 16 -> 32msb */
10132 case 4: /* Dual multiply subtract. */
10133 case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10134 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10139 op = (insn >> 4) & 0xf;
10140 tmp = load_reg(s, rn);
10141 tmp2 = load_reg(s, rm);
10142 switch ((insn >> 20) & 7) {
10143 case 1: /* 16 x 16 -> 32 */
10144 gen_mulxy(tmp, tmp2, op & 2, op & 1);
10145 tcg_temp_free_i32(tmp2);
10147 tmp2 = load_reg(s, rs);
10148 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10149 tcg_temp_free_i32(tmp2);
10152 case 2: /* Dual multiply add. */
10153 case 4: /* Dual multiply subtract. */
10155 gen_swap_half(tmp2);
10156 gen_smul_dual(tmp, tmp2);
10157 if (insn & (1 << 22)) {
10158 /* This subtraction cannot overflow. */
10159 tcg_gen_sub_i32(tmp, tmp, tmp2);
10161 /* This addition cannot overflow 32 bits;
10162 * however it may overflow considered as a signed
10163 * operation, in which case we must set the Q flag.
10165 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10167 tcg_temp_free_i32(tmp2);
10170 tmp2 = load_reg(s, rs);
10171 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10172 tcg_temp_free_i32(tmp2);
10175 case 3: /* 32 * 16 -> 32msb */
10177 tcg_gen_sari_i32(tmp2, tmp2, 16);
10180 tmp64 = gen_muls_i64_i32(tmp, tmp2);
10181 tcg_gen_shri_i64(tmp64, tmp64, 16);
10182 tmp = tcg_temp_new_i32();
10183 tcg_gen_extrl_i64_i32(tmp, tmp64);
10184 tcg_temp_free_i64(tmp64);
10187 tmp2 = load_reg(s, rs);
10188 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10189 tcg_temp_free_i32(tmp2);
10192 case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10193 tcg_gen_muls2_i32(tmp2, tmp, tmp, tmp2);
10195 tmp3 = load_reg(s, rs);
10196 if (insn & (1 << 20)) {
10197 tcg_gen_add_i32(tmp, tmp, tmp3);
10200 * For SMMLS, we need a 64-bit subtract.
10201 * Borrow caused by a non-zero multiplicand lowpart,
10202 * and the correct result lowpart for rounding.
10204 TCGv_i32 zero = tcg_const_i32(0);
10205 tcg_gen_sub2_i32(tmp2, tmp, zero, tmp3, tmp2, tmp);
10206 tcg_temp_free_i32(zero);
10208 tcg_temp_free_i32(tmp3);
10210 if (insn & (1 << 4)) {
10212 * Adding 0x80000000 to the 64-bit quantity
10213 * means that we have carry in to the high
10214 * word when the low word has the high bit set.
10216 tcg_gen_shri_i32(tmp2, tmp2, 31);
10217 tcg_gen_add_i32(tmp, tmp, tmp2);
10219 tcg_temp_free_i32(tmp2);
10221 case 7: /* Unsigned sum of absolute differences. */
10222 gen_helper_usad8(tmp, tmp, tmp2);
10223 tcg_temp_free_i32(tmp2);
10225 tmp2 = load_reg(s, rs);
10226 tcg_gen_add_i32(tmp, tmp, tmp2);
10227 tcg_temp_free_i32(tmp2);
10231 store_reg(s, rd, tmp);
10233 case 6: case 7: /* 64-bit multiply, Divide. */
10234 op = ((insn >> 4) & 0xf) | ((insn >> 16) & 0x70);
10235 tmp = load_reg(s, rn);
10236 tmp2 = load_reg(s, rm);
10237 if ((op & 0x50) == 0x10) {
10239 if (!dc_isar_feature(thumb_div, s)) {
10243 gen_helper_udiv(tmp, tmp, tmp2);
10245 gen_helper_sdiv(tmp, tmp, tmp2);
10246 tcg_temp_free_i32(tmp2);
10247 store_reg(s, rd, tmp);
10248 } else if ((op & 0xe) == 0xc) {
10249 /* Dual multiply accumulate long. */
10250 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10251 tcg_temp_free_i32(tmp);
10252 tcg_temp_free_i32(tmp2);
10256 gen_swap_half(tmp2);
10257 gen_smul_dual(tmp, tmp2);
10259 tcg_gen_sub_i32(tmp, tmp, tmp2);
10261 tcg_gen_add_i32(tmp, tmp, tmp2);
10263 tcg_temp_free_i32(tmp2);
10265 tmp64 = tcg_temp_new_i64();
10266 tcg_gen_ext_i32_i64(tmp64, tmp);
10267 tcg_temp_free_i32(tmp);
10268 gen_addq(s, tmp64, rs, rd);
10269 gen_storeq_reg(s, rs, rd, tmp64);
10270 tcg_temp_free_i64(tmp64);
10272 if ((op & 0x20) || !(op & 8)) {
10273 /* Signed/unsigned 64-bit multiply, in decodetree */
10274 tcg_temp_free_i32(tmp2);
10275 tcg_temp_free_i32(tmp);
10279 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10280 tcg_temp_free_i32(tmp2);
10281 tcg_temp_free_i32(tmp);
10284 gen_mulxy(tmp, tmp2, op & 2, op & 1);
10285 tcg_temp_free_i32(tmp2);
10286 tmp64 = tcg_temp_new_i64();
10287 tcg_gen_ext_i32_i64(tmp64, tmp);
10288 tcg_temp_free_i32(tmp);
10290 /* 64-bit accumulate. */
10291 gen_addq(s, tmp64, rs, rd);
10293 gen_storeq_reg(s, rs, rd, tmp64);
10294 tcg_temp_free_i64(tmp64);
10299 case 6: case 7: case 14: case 15:
10301 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10302 /* 0b111x_11xx_xxxx_xxxx_xxxx_xxxx_xxxx_xxxx */
10303 if (extract32(insn, 24, 2) == 3) {
10304 goto illegal_op; /* op0 = 0b11 : unallocated */
10308 * Decode VLLDM and VLSTM first: these are nonstandard because:
10309 * * if there is no FPU then these insns must NOP in
10310 * Secure state and UNDEF in Nonsecure state
10311 * * if there is an FPU then these insns do not have
10312 * the usual behaviour that disas_vfp_insn() provides of
10313 * being controlled by CPACR/NSACR enable bits or the
10314 * lazy-stacking logic.
10316 if (arm_dc_feature(s, ARM_FEATURE_V8) &&
10317 (insn & 0xffa00f00) == 0xec200a00) {
10318 /* 0b1110_1100_0x1x_xxxx_xxxx_1010_xxxx_xxxx
10320 * We choose to UNDEF if the RAZ bits are non-zero.
10322 if (!s->v8m_secure || (insn & 0x0040f0ff)) {
10326 if (arm_dc_feature(s, ARM_FEATURE_VFP)) {
10327 TCGv_i32 fptr = load_reg(s, rn);
10329 if (extract32(insn, 20, 1)) {
10330 gen_helper_v7m_vlldm(cpu_env, fptr);
10332 gen_helper_v7m_vlstm(cpu_env, fptr);
10334 tcg_temp_free_i32(fptr);
10336 /* End the TB, because we have updated FP control bits */
10337 s->base.is_jmp = DISAS_UPDATE;
10341 if (arm_dc_feature(s, ARM_FEATURE_VFP) &&
10342 ((insn >> 8) & 0xe) == 10) {
10343 /* FP, and the CPU supports it */
10344 if (disas_vfp_insn(s, insn)) {
10350 /* All other insns: NOCP */
10351 gen_exception_insn(s, s->pc_curr, EXCP_NOCP, syn_uncategorized(),
10352 default_exception_el(s));
10355 if ((insn & 0xfe000a00) == 0xfc000800
10356 && arm_dc_feature(s, ARM_FEATURE_V8)) {
10357 /* The Thumb2 and ARM encodings are identical. */
10358 if (disas_neon_insn_3same_ext(s, insn)) {
10361 } else if ((insn & 0xff000a00) == 0xfe000800
10362 && arm_dc_feature(s, ARM_FEATURE_V8)) {
10363 /* The Thumb2 and ARM encodings are identical. */
10364 if (disas_neon_insn_2reg_scalar_ext(s, insn)) {
10367 } else if (((insn >> 24) & 3) == 3) {
10368 /* Translate into the equivalent ARM encoding. */
10369 insn = (insn & 0xe2ffffff) | ((insn & (1 << 28)) >> 4) | (1 << 28);
10370 if (disas_neon_data_insn(s, insn)) {
10373 } else if (((insn >> 8) & 0xe) == 10) {
10374 if (disas_vfp_insn(s, insn)) {
10378 if (insn & (1 << 28))
10380 if (disas_coproc_insn(s, insn)) {
10385 case 8: case 9: case 10: case 11:
10386 if (insn & (1 << 15)) {
10387 /* Branches, misc control. */
10388 if (insn & 0x5000) {
10389 /* Unconditional branch. */
10390 /* signextend(hw1[10:0]) -> offset[:12]. */
10391 offset = ((int32_t)insn << 5) >> 9 & ~(int32_t)0xfff;
10392 /* hw1[10:0] -> offset[11:1]. */
10393 offset |= (insn & 0x7ff) << 1;
10394 /* (~hw2[13, 11] ^ offset[24]) -> offset[23,22]
10395 offset[24:22] already have the same value because of the
10396 sign extension above. */
10397 offset ^= ((~insn) & (1 << 13)) << 10;
10398 offset ^= ((~insn) & (1 << 11)) << 11;
10400 if (insn & (1 << 14)) {
10401 /* Branch and link. */
10402 tcg_gen_movi_i32(cpu_R[14], s->base.pc_next | 1);
10405 offset += read_pc(s);
10406 if (insn & (1 << 12)) {
10408 gen_jmp(s, offset);
10411 offset &= ~(uint32_t)2;
10412 /* thumb2 bx, no need to check */
10413 gen_bx_im(s, offset);
10415 } else if (((insn >> 23) & 7) == 7) {
10417 if (insn & (1 << 13))
10420 if (insn & (1 << 26)) {
10421 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10424 if (!(insn & (1 << 20))) {
10425 /* Hypervisor call (v7) */
10426 int imm16 = extract32(insn, 16, 4) << 12
10427 | extract32(insn, 0, 12);
10434 /* Secure monitor call (v6+) */
10442 op = (insn >> 20) & 7;
10444 case 0: /* msr cpsr. */
10445 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10446 tmp = load_reg(s, rn);
10447 /* the constant is the mask and SYSm fields */
10448 addr = tcg_const_i32(insn & 0xfff);
10449 gen_helper_v7m_msr(cpu_env, addr, tmp);
10450 tcg_temp_free_i32(addr);
10451 tcg_temp_free_i32(tmp);
10456 case 1: /* msr spsr. */
10457 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10461 if (extract32(insn, 5, 1)) {
10463 int sysm = extract32(insn, 8, 4) |
10464 (extract32(insn, 4, 1) << 4);
10467 gen_msr_banked(s, r, sysm, rm);
10471 /* MSR (for PSRs) */
10472 tmp = load_reg(s, rn);
10474 msr_mask(s, (insn >> 8) & 0xf, op == 1),
10478 case 2: /* cps, nop-hint. */
10479 if (((insn >> 8) & 7) == 0) {
10480 gen_nop_hint(s, insn & 0xff);
10482 /* Implemented as NOP in user mode. */
10487 if (insn & (1 << 10)) {
10488 if (insn & (1 << 7))
10490 if (insn & (1 << 6))
10492 if (insn & (1 << 5))
10494 if (insn & (1 << 9))
10495 imm = CPSR_A | CPSR_I | CPSR_F;
10497 if (insn & (1 << 8)) {
10499 imm |= (insn & 0x1f);
10502 gen_set_psr_im(s, offset, 0, imm);
10505 case 3: /* Special control operations. */
10506 if (!arm_dc_feature(s, ARM_FEATURE_V7) &&
10507 !arm_dc_feature(s, ARM_FEATURE_M)) {
10510 op = (insn >> 4) & 0xf;
10512 case 2: /* clrex */
10517 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
10520 /* We need to break the TB after this insn
10521 * to execute self-modifying code correctly
10522 * and also to take any pending interrupts
10525 gen_goto_tb(s, 0, s->base.pc_next);
10528 if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
10532 * TODO: There is no speculation barrier opcode
10533 * for TCG; MB and end the TB instead.
10535 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
10536 gen_goto_tb(s, 0, s->base.pc_next);
10543 /* Trivial implementation equivalent to bx.
10544 * This instruction doesn't exist at all for M-profile.
10546 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10549 tmp = load_reg(s, rn);
10552 case 5: /* Exception return. */
10556 if (rn != 14 || rd != 15) {
10559 if (s->current_el == 2) {
10560 /* ERET from Hyp uses ELR_Hyp, not LR */
10564 tmp = load_cpu_field(elr_el[2]);
10566 tmp = load_reg(s, rn);
10567 tcg_gen_subi_i32(tmp, tmp, insn & 0xff);
10569 gen_exception_return(s, tmp);
10572 if (extract32(insn, 5, 1) &&
10573 !arm_dc_feature(s, ARM_FEATURE_M)) {
10575 int sysm = extract32(insn, 16, 4) |
10576 (extract32(insn, 4, 1) << 4);
10578 gen_mrs_banked(s, 0, sysm, rd);
10582 if (extract32(insn, 16, 4) != 0xf) {
10585 if (!arm_dc_feature(s, ARM_FEATURE_M) &&
10586 extract32(insn, 0, 8) != 0) {
10591 tmp = tcg_temp_new_i32();
10592 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10593 addr = tcg_const_i32(insn & 0xff);
10594 gen_helper_v7m_mrs(tmp, cpu_env, addr);
10595 tcg_temp_free_i32(addr);
10597 gen_helper_cpsr_read(tmp, cpu_env);
10599 store_reg(s, rd, tmp);
10602 if (extract32(insn, 5, 1) &&
10603 !arm_dc_feature(s, ARM_FEATURE_M)) {
10605 int sysm = extract32(insn, 16, 4) |
10606 (extract32(insn, 4, 1) << 4);
10608 gen_mrs_banked(s, 1, sysm, rd);
10613 /* Not accessible in user mode. */
10614 if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
10618 if (extract32(insn, 16, 4) != 0xf ||
10619 extract32(insn, 0, 8) != 0) {
10623 tmp = load_cpu_field(spsr);
10624 store_reg(s, rd, tmp);
10629 /* Conditional branch. */
10630 op = (insn >> 22) & 0xf;
10631 /* Generate a conditional jump to next instruction. */
10632 arm_skip_unless(s, op);
10634 /* offset[11:1] = insn[10:0] */
10635 offset = (insn & 0x7ff) << 1;
10636 /* offset[17:12] = insn[21:16]. */
10637 offset |= (insn & 0x003f0000) >> 4;
10638 /* offset[31:20] = insn[26]. */
10639 offset |= ((int32_t)((insn << 5) & 0x80000000)) >> 11;
10640 /* offset[18] = insn[13]. */
10641 offset |= (insn & (1 << 13)) << 5;
10642 /* offset[19] = insn[11]. */
10643 offset |= (insn & (1 << 11)) << 8;
10645 /* jump to the offset */
10646 gen_jmp(s, read_pc(s) + offset);
10650 * 0b1111_0xxx_xxxx_0xxx_xxxx_xxxx
10651 * - Data-processing (modified immediate, plain binary immediate)
10653 if (insn & (1 << 25)) {
10655 * 0b1111_0x1x_xxxx_0xxx_xxxx_xxxx
10656 * - Data-processing (plain binary immediate)
10658 if (insn & (1 << 24)) {
10659 if (insn & (1 << 20))
10661 /* Bitfield/Saturate. */
10662 op = (insn >> 21) & 7;
10664 shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
10666 tmp = tcg_temp_new_i32();
10667 tcg_gen_movi_i32(tmp, 0);
10669 tmp = load_reg(s, rn);
10672 case 2: /* Signed bitfield extract. */
10674 if (shift + imm > 32)
10677 tcg_gen_sextract_i32(tmp, tmp, shift, imm);
10680 case 6: /* Unsigned bitfield extract. */
10682 if (shift + imm > 32)
10685 tcg_gen_extract_i32(tmp, tmp, shift, imm);
10688 case 3: /* Bitfield insert/clear. */
10691 imm = imm + 1 - shift;
10693 tmp2 = load_reg(s, rd);
10694 tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, imm);
10695 tcg_temp_free_i32(tmp2);
10700 default: /* Saturate. */
10702 tcg_gen_sari_i32(tmp, tmp, shift);
10704 tcg_gen_shli_i32(tmp, tmp, shift);
10706 tmp2 = tcg_const_i32(imm);
10709 if ((op & 1) && shift == 0) {
10710 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10711 tcg_temp_free_i32(tmp);
10712 tcg_temp_free_i32(tmp2);
10715 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
10717 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
10721 if ((op & 1) && shift == 0) {
10722 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10723 tcg_temp_free_i32(tmp);
10724 tcg_temp_free_i32(tmp2);
10727 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
10729 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
10732 tcg_temp_free_i32(tmp2);
10735 store_reg(s, rd, tmp);
10737 imm = ((insn & 0x04000000) >> 15)
10738 | ((insn & 0x7000) >> 4) | (insn & 0xff);
10739 if (insn & (1 << 22)) {
10740 /* 16-bit immediate. */
10741 imm |= (insn >> 4) & 0xf000;
10742 if (insn & (1 << 23)) {
10744 tmp = load_reg(s, rd);
10745 tcg_gen_ext16u_i32(tmp, tmp);
10746 tcg_gen_ori_i32(tmp, tmp, imm << 16);
10749 tmp = tcg_temp_new_i32();
10750 tcg_gen_movi_i32(tmp, imm);
10752 store_reg(s, rd, tmp);
10754 /* Add/sub 12-bit immediate. */
10755 if (insn & (1 << 23)) {
10758 tmp = add_reg_for_lit(s, rn, imm);
10759 if (rn == 13 && rd == 13) {
10760 /* ADD SP, SP, imm or SUB SP, SP, imm */
10761 store_sp_checked(s, tmp);
10763 store_reg(s, rd, tmp);
10768 /* Data-processing (modified immediate) */
10769 /* All done in decodetree. Reach here for illegal ops. */
10774 case 12: /* Load/store single data item. */
10781 if ((insn & 0x01100000) == 0x01000000) {
10782 if (disas_neon_ls_insn(s, insn)) {
10787 op = ((insn >> 21) & 3) | ((insn >> 22) & 4);
10789 if (!(insn & (1 << 20))) {
10793 /* Byte or halfword load space with dest == r15 : memory hints.
10794 * Catch them early so we don't emit pointless addressing code.
10795 * This space is a mix of:
10796 * PLD/PLDW/PLI, which we implement as NOPs (note that unlike
10797 * the ARM encodings, PLDW space doesn't UNDEF for non-v7MP
10799 * unallocated hints, which must be treated as NOPs
10800 * UNPREDICTABLE space, which we NOP or UNDEF depending on
10801 * which is easiest for the decoding logic
10802 * Some space which must UNDEF
10804 int op1 = (insn >> 23) & 3;
10805 int op2 = (insn >> 6) & 0x3f;
10810 /* UNPREDICTABLE, unallocated hint or
10811 * PLD/PLDW/PLI (literal)
10816 return; /* PLD/PLDW/PLI or unallocated hint */
10818 if ((op2 == 0) || ((op2 & 0x3c) == 0x30)) {
10819 return; /* PLD/PLDW/PLI or unallocated hint */
10821 /* UNDEF space, or an UNPREDICTABLE */
10825 memidx = get_mem_index(s);
10826 imm = insn & 0xfff;
10827 if (insn & (1 << 23)) {
10828 /* PC relative or Positive offset. */
10829 addr = add_reg_for_lit(s, rn, imm);
10830 } else if (rn == 15) {
10831 /* PC relative with negative offset. */
10832 addr = add_reg_for_lit(s, rn, -imm);
10834 addr = load_reg(s, rn);
10836 switch ((insn >> 8) & 0xf) {
10837 case 0x0: /* Shifted Register. */
10838 shift = (insn >> 4) & 0xf;
10840 tcg_temp_free_i32(addr);
10843 tmp = load_reg(s, rm);
10844 tcg_gen_shli_i32(tmp, tmp, shift);
10845 tcg_gen_add_i32(addr, addr, tmp);
10846 tcg_temp_free_i32(tmp);
10848 case 0xc: /* Negative offset. */
10849 tcg_gen_addi_i32(addr, addr, -imm);
10851 case 0xe: /* User privilege. */
10852 tcg_gen_addi_i32(addr, addr, imm);
10853 memidx = get_a32_user_mem_index(s);
10855 case 0x9: /* Post-decrement. */
10857 /* Fall through. */
10858 case 0xb: /* Post-increment. */
10862 case 0xd: /* Pre-decrement. */
10864 /* Fall through. */
10865 case 0xf: /* Pre-increment. */
10869 tcg_temp_free_i32(addr);
10874 issinfo = writeback ? ISSInvalid : rs;
10876 if (s->v8m_stackcheck && rn == 13 && writeback) {
10878 * Stackcheck. Here we know 'addr' is the current SP;
10879 * if imm is +ve we're moving SP up, else down. It is
10880 * UNKNOWN whether the limit check triggers when SP starts
10881 * below the limit and ends up above it; we chose to do so.
10883 if ((int32_t)imm < 0) {
10884 TCGv_i32 newsp = tcg_temp_new_i32();
10886 tcg_gen_addi_i32(newsp, addr, imm);
10887 gen_helper_v8m_stackcheck(cpu_env, newsp);
10888 tcg_temp_free_i32(newsp);
10890 gen_helper_v8m_stackcheck(cpu_env, addr);
10894 if (writeback && !postinc) {
10895 tcg_gen_addi_i32(addr, addr, imm);
10898 if (insn & (1 << 20)) {
10900 tmp = tcg_temp_new_i32();
10903 gen_aa32_ld8u_iss(s, tmp, addr, memidx, issinfo);
10906 gen_aa32_ld8s_iss(s, tmp, addr, memidx, issinfo);
10909 gen_aa32_ld16u_iss(s, tmp, addr, memidx, issinfo);
10912 gen_aa32_ld16s_iss(s, tmp, addr, memidx, issinfo);
10915 gen_aa32_ld32u_iss(s, tmp, addr, memidx, issinfo);
10918 tcg_temp_free_i32(tmp);
10919 tcg_temp_free_i32(addr);
10922 store_reg_from_load(s, rs, tmp);
10925 tmp = load_reg(s, rs);
10928 gen_aa32_st8_iss(s, tmp, addr, memidx, issinfo);
10931 gen_aa32_st16_iss(s, tmp, addr, memidx, issinfo);
10934 gen_aa32_st32_iss(s, tmp, addr, memidx, issinfo);
10937 tcg_temp_free_i32(tmp);
10938 tcg_temp_free_i32(addr);
10941 tcg_temp_free_i32(tmp);
10944 tcg_gen_addi_i32(addr, addr, imm);
10946 store_reg(s, rn, addr);
10948 tcg_temp_free_i32(addr);
10957 unallocated_encoding(s);
10960 static void disas_thumb_insn(DisasContext *s, uint32_t insn)
10962 uint32_t val, op, rm, rn, rd, shift, cond;
10969 switch (insn >> 12) {
10973 op = (insn >> 11) & 3;
10976 * 0b0001_1xxx_xxxx_xxxx
10977 * - Add, subtract (three low registers)
10978 * - Add, subtract (two low registers and immediate)
10980 rn = (insn >> 3) & 7;
10981 tmp = load_reg(s, rn);
10982 if (insn & (1 << 10)) {
10984 tmp2 = tcg_temp_new_i32();
10985 tcg_gen_movi_i32(tmp2, (insn >> 6) & 7);
10988 rm = (insn >> 6) & 7;
10989 tmp2 = load_reg(s, rm);
10991 if (insn & (1 << 9)) {
10992 if (s->condexec_mask)
10993 tcg_gen_sub_i32(tmp, tmp, tmp2);
10995 gen_sub_CC(tmp, tmp, tmp2);
10997 if (s->condexec_mask)
10998 tcg_gen_add_i32(tmp, tmp, tmp2);
11000 gen_add_CC(tmp, tmp, tmp2);
11002 tcg_temp_free_i32(tmp2);
11003 store_reg(s, rd, tmp);
11005 /* shift immediate */
11006 rm = (insn >> 3) & 7;
11007 shift = (insn >> 6) & 0x1f;
11008 tmp = load_reg(s, rm);
11009 gen_arm_shift_im(tmp, op, shift, s->condexec_mask == 0);
11010 if (!s->condexec_mask)
11012 store_reg(s, rd, tmp);
11017 * 0b001x_xxxx_xxxx_xxxx
11018 * - Add, subtract, compare, move (one low register and immediate)
11020 op = (insn >> 11) & 3;
11021 rd = (insn >> 8) & 0x7;
11022 if (op == 0) { /* mov */
11023 tmp = tcg_temp_new_i32();
11024 tcg_gen_movi_i32(tmp, insn & 0xff);
11025 if (!s->condexec_mask)
11027 store_reg(s, rd, tmp);
11029 tmp = load_reg(s, rd);
11030 tmp2 = tcg_temp_new_i32();
11031 tcg_gen_movi_i32(tmp2, insn & 0xff);
11034 gen_sub_CC(tmp, tmp, tmp2);
11035 tcg_temp_free_i32(tmp);
11036 tcg_temp_free_i32(tmp2);
11039 if (s->condexec_mask)
11040 tcg_gen_add_i32(tmp, tmp, tmp2);
11042 gen_add_CC(tmp, tmp, tmp2);
11043 tcg_temp_free_i32(tmp2);
11044 store_reg(s, rd, tmp);
11047 if (s->condexec_mask)
11048 tcg_gen_sub_i32(tmp, tmp, tmp2);
11050 gen_sub_CC(tmp, tmp, tmp2);
11051 tcg_temp_free_i32(tmp2);
11052 store_reg(s, rd, tmp);
11058 if (insn & (1 << 11)) {
11059 rd = (insn >> 8) & 7;
11060 /* load pc-relative. Bit 1 of PC is ignored. */
11061 addr = add_reg_for_lit(s, 15, (insn & 0xff) * 4);
11062 tmp = tcg_temp_new_i32();
11063 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
11065 tcg_temp_free_i32(addr);
11066 store_reg(s, rd, tmp);
11069 if (insn & (1 << 10)) {
11070 /* 0b0100_01xx_xxxx_xxxx
11071 * - data processing extended, branch and exchange
11073 rd = (insn & 7) | ((insn >> 4) & 8);
11074 rm = (insn >> 3) & 0xf;
11075 op = (insn >> 8) & 3;
11078 tmp = load_reg(s, rd);
11079 tmp2 = load_reg(s, rm);
11080 tcg_gen_add_i32(tmp, tmp, tmp2);
11081 tcg_temp_free_i32(tmp2);
11083 /* ADD SP, SP, reg */
11084 store_sp_checked(s, tmp);
11086 store_reg(s, rd, tmp);
11090 tmp = load_reg(s, rd);
11091 tmp2 = load_reg(s, rm);
11092 gen_sub_CC(tmp, tmp, tmp2);
11093 tcg_temp_free_i32(tmp2);
11094 tcg_temp_free_i32(tmp);
11096 case 2: /* mov/cpy */
11097 tmp = load_reg(s, rm);
11100 store_sp_checked(s, tmp);
11102 store_reg(s, rd, tmp);
11107 /* 0b0100_0111_xxxx_xxxx
11108 * - branch [and link] exchange thumb register
11110 bool link = insn & (1 << 7);
11119 /* BXNS/BLXNS: only exists for v8M with the
11120 * security extensions, and always UNDEF if NonSecure.
11121 * We don't implement these in the user-only mode
11122 * either (in theory you can use them from Secure User
11123 * mode but they are too tied in to system emulation.)
11125 if (!s->v8m_secure || IS_USER_ONLY) {
11136 tmp = load_reg(s, rm);
11138 val = (uint32_t)s->base.pc_next | 1;
11139 tmp2 = tcg_temp_new_i32();
11140 tcg_gen_movi_i32(tmp2, val);
11141 store_reg(s, 14, tmp2);
11144 /* Only BX works as exception-return, not BLX */
11145 gen_bx_excret(s, tmp);
11154 * 0b0100_00xx_xxxx_xxxx
11155 * - Data-processing (two low registers)
11158 rm = (insn >> 3) & 7;
11159 op = (insn >> 6) & 0xf;
11160 if (op == 2 || op == 3 || op == 4 || op == 7) {
11161 /* the shift/rotate ops want the operands backwards */
11170 if (op == 9) { /* neg */
11171 tmp = tcg_temp_new_i32();
11172 tcg_gen_movi_i32(tmp, 0);
11173 } else if (op != 0xf) { /* mvn doesn't read its first operand */
11174 tmp = load_reg(s, rd);
11179 tmp2 = load_reg(s, rm);
11181 case 0x0: /* and */
11182 tcg_gen_and_i32(tmp, tmp, tmp2);
11183 if (!s->condexec_mask)
11186 case 0x1: /* eor */
11187 tcg_gen_xor_i32(tmp, tmp, tmp2);
11188 if (!s->condexec_mask)
11191 case 0x2: /* lsl */
11192 if (s->condexec_mask) {
11193 gen_shl(tmp2, tmp2, tmp);
11195 gen_helper_shl_cc(tmp2, cpu_env, tmp2, tmp);
11196 gen_logic_CC(tmp2);
11199 case 0x3: /* lsr */
11200 if (s->condexec_mask) {
11201 gen_shr(tmp2, tmp2, tmp);
11203 gen_helper_shr_cc(tmp2, cpu_env, tmp2, tmp);
11204 gen_logic_CC(tmp2);
11207 case 0x4: /* asr */
11208 if (s->condexec_mask) {
11209 gen_sar(tmp2, tmp2, tmp);
11211 gen_helper_sar_cc(tmp2, cpu_env, tmp2, tmp);
11212 gen_logic_CC(tmp2);
11215 case 0x5: /* adc */
11216 if (s->condexec_mask) {
11217 gen_adc(tmp, tmp2);
11219 gen_adc_CC(tmp, tmp, tmp2);
11222 case 0x6: /* sbc */
11223 if (s->condexec_mask) {
11224 gen_sub_carry(tmp, tmp, tmp2);
11226 gen_sbc_CC(tmp, tmp, tmp2);
11229 case 0x7: /* ror */
11230 if (s->condexec_mask) {
11231 tcg_gen_andi_i32(tmp, tmp, 0x1f);
11232 tcg_gen_rotr_i32(tmp2, tmp2, tmp);
11234 gen_helper_ror_cc(tmp2, cpu_env, tmp2, tmp);
11235 gen_logic_CC(tmp2);
11238 case 0x8: /* tst */
11239 tcg_gen_and_i32(tmp, tmp, tmp2);
11243 case 0x9: /* neg */
11244 if (s->condexec_mask)
11245 tcg_gen_neg_i32(tmp, tmp2);
11247 gen_sub_CC(tmp, tmp, tmp2);
11249 case 0xa: /* cmp */
11250 gen_sub_CC(tmp, tmp, tmp2);
11253 case 0xb: /* cmn */
11254 gen_add_CC(tmp, tmp, tmp2);
11257 case 0xc: /* orr */
11258 tcg_gen_or_i32(tmp, tmp, tmp2);
11259 if (!s->condexec_mask)
11262 case 0xd: /* mul */
11263 tcg_gen_mul_i32(tmp, tmp, tmp2);
11264 if (!s->condexec_mask)
11267 case 0xe: /* bic */
11268 tcg_gen_andc_i32(tmp, tmp, tmp2);
11269 if (!s->condexec_mask)
11272 case 0xf: /* mvn */
11273 tcg_gen_not_i32(tmp2, tmp2);
11274 if (!s->condexec_mask)
11275 gen_logic_CC(tmp2);
11282 store_reg(s, rm, tmp2);
11284 tcg_temp_free_i32(tmp);
11286 store_reg(s, rd, tmp);
11287 tcg_temp_free_i32(tmp2);
11290 tcg_temp_free_i32(tmp);
11291 tcg_temp_free_i32(tmp2);
11296 /* load/store register offset. */
11298 rn = (insn >> 3) & 7;
11299 rm = (insn >> 6) & 7;
11300 op = (insn >> 9) & 7;
11301 addr = load_reg(s, rn);
11302 tmp = load_reg(s, rm);
11303 tcg_gen_add_i32(addr, addr, tmp);
11304 tcg_temp_free_i32(tmp);
11306 if (op < 3) { /* store */
11307 tmp = load_reg(s, rd);
11309 tmp = tcg_temp_new_i32();
11314 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11317 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11320 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11322 case 3: /* ldrsb */
11323 gen_aa32_ld8s_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11326 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11329 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11332 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11334 case 7: /* ldrsh */
11335 gen_aa32_ld16s_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11338 if (op >= 3) { /* load */
11339 store_reg(s, rd, tmp);
11341 tcg_temp_free_i32(tmp);
11343 tcg_temp_free_i32(addr);
11347 /* load/store word immediate offset */
11349 rn = (insn >> 3) & 7;
11350 addr = load_reg(s, rn);
11351 val = (insn >> 4) & 0x7c;
11352 tcg_gen_addi_i32(addr, addr, val);
11354 if (insn & (1 << 11)) {
11356 tmp = tcg_temp_new_i32();
11357 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11358 store_reg(s, rd, tmp);
11361 tmp = load_reg(s, rd);
11362 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11363 tcg_temp_free_i32(tmp);
11365 tcg_temp_free_i32(addr);
11369 /* load/store byte immediate offset */
11371 rn = (insn >> 3) & 7;
11372 addr = load_reg(s, rn);
11373 val = (insn >> 6) & 0x1f;
11374 tcg_gen_addi_i32(addr, addr, val);
11376 if (insn & (1 << 11)) {
11378 tmp = tcg_temp_new_i32();
11379 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11380 store_reg(s, rd, tmp);
11383 tmp = load_reg(s, rd);
11384 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11385 tcg_temp_free_i32(tmp);
11387 tcg_temp_free_i32(addr);
11391 /* load/store halfword immediate offset */
11393 rn = (insn >> 3) & 7;
11394 addr = load_reg(s, rn);
11395 val = (insn >> 5) & 0x3e;
11396 tcg_gen_addi_i32(addr, addr, val);
11398 if (insn & (1 << 11)) {
11400 tmp = tcg_temp_new_i32();
11401 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11402 store_reg(s, rd, tmp);
11405 tmp = load_reg(s, rd);
11406 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11407 tcg_temp_free_i32(tmp);
11409 tcg_temp_free_i32(addr);
11413 /* load/store from stack */
11414 rd = (insn >> 8) & 7;
11415 addr = load_reg(s, 13);
11416 val = (insn & 0xff) * 4;
11417 tcg_gen_addi_i32(addr, addr, val);
11419 if (insn & (1 << 11)) {
11421 tmp = tcg_temp_new_i32();
11422 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11423 store_reg(s, rd, tmp);
11426 tmp = load_reg(s, rd);
11427 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11428 tcg_temp_free_i32(tmp);
11430 tcg_temp_free_i32(addr);
11435 * 0b1010_xxxx_xxxx_xxxx
11436 * - Add PC/SP (immediate)
11438 rd = (insn >> 8) & 7;
11439 val = (insn & 0xff) * 4;
11440 tmp = add_reg_for_lit(s, insn & (1 << 11) ? 13 : 15, val);
11441 store_reg(s, rd, tmp);
11446 op = (insn >> 8) & 0xf;
11450 * 0b1011_0000_xxxx_xxxx
11451 * - ADD (SP plus immediate)
11452 * - SUB (SP minus immediate)
11454 tmp = load_reg(s, 13);
11455 val = (insn & 0x7f) * 4;
11456 if (insn & (1 << 7))
11457 val = -(int32_t)val;
11458 tcg_gen_addi_i32(tmp, tmp, val);
11459 store_sp_checked(s, tmp);
11462 case 2: /* sign/zero extend. */
11465 rm = (insn >> 3) & 7;
11466 tmp = load_reg(s, rm);
11467 switch ((insn >> 6) & 3) {
11468 case 0: gen_sxth(tmp); break;
11469 case 1: gen_sxtb(tmp); break;
11470 case 2: gen_uxth(tmp); break;
11471 case 3: gen_uxtb(tmp); break;
11473 store_reg(s, rd, tmp);
11475 case 4: case 5: case 0xc: case 0xd:
11477 * 0b1011_x10x_xxxx_xxxx
11480 addr = load_reg(s, 13);
11481 if (insn & (1 << 8))
11485 for (i = 0; i < 8; i++) {
11486 if (insn & (1 << i))
11489 if ((insn & (1 << 11)) == 0) {
11490 tcg_gen_addi_i32(addr, addr, -offset);
11493 if (s->v8m_stackcheck) {
11495 * Here 'addr' is the lower of "old SP" and "new SP";
11496 * if this is a pop that starts below the limit and ends
11497 * above it, it is UNKNOWN whether the limit check triggers;
11498 * we choose to trigger.
11500 gen_helper_v8m_stackcheck(cpu_env, addr);
11503 for (i = 0; i < 8; i++) {
11504 if (insn & (1 << i)) {
11505 if (insn & (1 << 11)) {
11507 tmp = tcg_temp_new_i32();
11508 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11509 store_reg(s, i, tmp);
11512 tmp = load_reg(s, i);
11513 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11514 tcg_temp_free_i32(tmp);
11516 /* advance to the next address. */
11517 tcg_gen_addi_i32(addr, addr, 4);
11521 if (insn & (1 << 8)) {
11522 if (insn & (1 << 11)) {
11524 tmp = tcg_temp_new_i32();
11525 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11526 /* don't set the pc until the rest of the instruction
11530 tmp = load_reg(s, 14);
11531 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11532 tcg_temp_free_i32(tmp);
11534 tcg_gen_addi_i32(addr, addr, 4);
11536 if ((insn & (1 << 11)) == 0) {
11537 tcg_gen_addi_i32(addr, addr, -offset);
11539 /* write back the new stack pointer */
11540 store_reg(s, 13, addr);
11541 /* set the new PC value */
11542 if ((insn & 0x0900) == 0x0900) {
11543 store_reg_from_load(s, 15, tmp);
11547 case 1: case 3: case 9: case 11: /* czb */
11549 tmp = load_reg(s, rm);
11550 arm_gen_condlabel(s);
11551 if (insn & (1 << 11))
11552 tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, s->condlabel);
11554 tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, s->condlabel);
11555 tcg_temp_free_i32(tmp);
11556 offset = ((insn & 0xf8) >> 2) | (insn & 0x200) >> 3;
11557 gen_jmp(s, read_pc(s) + offset);
11560 case 15: /* IT, nop-hint. */
11561 if ((insn & 0xf) == 0) {
11562 gen_nop_hint(s, (insn >> 4) & 0xf);
11568 * Combinations of firstcond and mask which set up an 0b1111
11569 * condition are UNPREDICTABLE; we take the CONSTRAINED
11570 * UNPREDICTABLE choice to treat 0b1111 the same as 0b1110,
11571 * i.e. both meaning "execute always".
11573 s->condexec_cond = (insn >> 4) & 0xe;
11574 s->condexec_mask = insn & 0x1f;
11575 /* No actual code generated for this insn, just setup state. */
11578 case 0xe: /* bkpt */
11580 int imm8 = extract32(insn, 0, 8);
11582 gen_exception_bkpt_insn(s, syn_aa32_bkpt(imm8, true));
11586 case 0xa: /* rev, and hlt */
11588 int op1 = extract32(insn, 6, 2);
11592 int imm6 = extract32(insn, 0, 6);
11598 /* Otherwise this is rev */
11600 rn = (insn >> 3) & 0x7;
11602 tmp = load_reg(s, rn);
11604 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
11605 case 1: gen_rev16(tmp); break;
11606 case 3: gen_revsh(tmp); break;
11608 g_assert_not_reached();
11610 store_reg(s, rd, tmp);
11615 switch ((insn >> 5) & 7) {
11619 if (((insn >> 3) & 1) != !!(s->be_data == MO_BE)) {
11620 gen_helper_setend(cpu_env);
11621 s->base.is_jmp = DISAS_UPDATE;
11630 if (arm_dc_feature(s, ARM_FEATURE_M)) {
11631 tmp = tcg_const_i32((insn & (1 << 4)) != 0);
11634 addr = tcg_const_i32(19);
11635 gen_helper_v7m_msr(cpu_env, addr, tmp);
11636 tcg_temp_free_i32(addr);
11640 addr = tcg_const_i32(16);
11641 gen_helper_v7m_msr(cpu_env, addr, tmp);
11642 tcg_temp_free_i32(addr);
11644 tcg_temp_free_i32(tmp);
11647 if (insn & (1 << 4)) {
11648 shift = CPSR_A | CPSR_I | CPSR_F;
11652 gen_set_psr_im(s, ((insn & 7) << 6), 0, shift);
11667 /* load/store multiple */
11668 TCGv_i32 loaded_var = NULL;
11669 rn = (insn >> 8) & 0x7;
11670 addr = load_reg(s, rn);
11671 for (i = 0; i < 8; i++) {
11672 if (insn & (1 << i)) {
11673 if (insn & (1 << 11)) {
11675 tmp = tcg_temp_new_i32();
11676 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11680 store_reg(s, i, tmp);
11684 tmp = load_reg(s, i);
11685 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11686 tcg_temp_free_i32(tmp);
11688 /* advance to the next address */
11689 tcg_gen_addi_i32(addr, addr, 4);
11692 if ((insn & (1 << rn)) == 0) {
11693 /* base reg not in list: base register writeback */
11694 store_reg(s, rn, addr);
11696 /* base reg in list: if load, complete it now */
11697 if (insn & (1 << 11)) {
11698 store_reg(s, rn, loaded_var);
11700 tcg_temp_free_i32(addr);
11705 /* conditional branch or swi */
11706 cond = (insn >> 8) & 0xf;
11712 gen_set_pc_im(s, s->base.pc_next);
11713 s->svc_imm = extract32(insn, 0, 8);
11714 s->base.is_jmp = DISAS_SWI;
11717 /* generate a conditional jump to next instruction */
11718 arm_skip_unless(s, cond);
11720 /* jump to the offset */
11722 offset = ((int32_t)insn << 24) >> 24;
11723 val += offset << 1;
11728 if (insn & (1 << 11)) {
11729 /* thumb_insn_is_16bit() ensures we can't get here for
11730 * a Thumb2 CPU, so this must be a thumb1 split BL/BLX:
11731 * 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF)
11733 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2));
11735 offset = ((insn & 0x7ff) << 1);
11736 tmp = load_reg(s, 14);
11737 tcg_gen_addi_i32(tmp, tmp, offset);
11738 tcg_gen_andi_i32(tmp, tmp, 0xfffffffc);
11740 tmp2 = tcg_temp_new_i32();
11741 tcg_gen_movi_i32(tmp2, s->base.pc_next | 1);
11742 store_reg(s, 14, tmp2);
11746 /* unconditional branch */
11748 offset = ((int32_t)insn << 21) >> 21;
11749 val += offset << 1;
11754 /* thumb_insn_is_16bit() ensures we can't get here for
11755 * a Thumb2 CPU, so this must be a thumb1 split BL/BLX.
11757 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2));
11759 if (insn & (1 << 11)) {
11760 /* 0b1111_1xxx_xxxx_xxxx : BL suffix */
11761 offset = ((insn & 0x7ff) << 1) | 1;
11762 tmp = load_reg(s, 14);
11763 tcg_gen_addi_i32(tmp, tmp, offset);
11765 tmp2 = tcg_temp_new_i32();
11766 tcg_gen_movi_i32(tmp2, s->base.pc_next | 1);
11767 store_reg(s, 14, tmp2);
11770 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix */
11771 uint32_t uoffset = ((int32_t)insn << 21) >> 9;
11773 tcg_gen_movi_i32(cpu_R[14], read_pc(s) + uoffset);
11780 unallocated_encoding(s);
11783 static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
11785 /* Return true if the insn at dc->base.pc_next might cross a page boundary.
11786 * (False positives are OK, false negatives are not.)
11787 * We know this is a Thumb insn, and our caller ensures we are
11788 * only called if dc->base.pc_next is less than 4 bytes from the page
11789 * boundary, so we cross the page if the first 16 bits indicate
11790 * that this is a 32 bit insn.
11792 uint16_t insn = arm_lduw_code(env, s->base.pc_next, s->sctlr_b);
11794 return !thumb_insn_is_16bit(s, s->base.pc_next, insn);
11797 static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
11799 DisasContext *dc = container_of(dcbase, DisasContext, base);
11800 CPUARMState *env = cs->env_ptr;
11801 ARMCPU *cpu = env_archcpu(env);
11802 uint32_t tb_flags = dc->base.tb->flags;
11803 uint32_t condexec, core_mmu_idx;
11805 dc->isar = &cpu->isar;
11809 /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
11810 * there is no secure EL1, so we route exceptions to EL3.
11812 dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
11813 !arm_el_is_aa64(env, 3);
11814 dc->thumb = FIELD_EX32(tb_flags, TBFLAG_A32, THUMB);
11815 dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR_B);
11816 dc->be_data = FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
11817 condexec = FIELD_EX32(tb_flags, TBFLAG_A32, CONDEXEC);
11818 dc->condexec_mask = (condexec & 0xf) << 1;
11819 dc->condexec_cond = condexec >> 4;
11820 core_mmu_idx = FIELD_EX32(tb_flags, TBFLAG_ANY, MMUIDX);
11821 dc->mmu_idx = core_to_arm_mmu_idx(env, core_mmu_idx);
11822 dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
11823 #if !defined(CONFIG_USER_ONLY)
11824 dc->user = (dc->current_el == 0);
11826 dc->ns = FIELD_EX32(tb_flags, TBFLAG_A32, NS);
11827 dc->fp_excp_el = FIELD_EX32(tb_flags, TBFLAG_ANY, FPEXC_EL);
11828 dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN);
11829 dc->vec_len = FIELD_EX32(tb_flags, TBFLAG_A32, VECLEN);
11830 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
11831 dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR);
11832 dc->vec_stride = 0;
11834 dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE);
11837 dc->v7m_handler_mode = FIELD_EX32(tb_flags, TBFLAG_A32, HANDLER);
11838 dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
11839 regime_is_secure(env, dc->mmu_idx);
11840 dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_A32, STACKCHECK);
11841 dc->v8m_fpccr_s_wrong = FIELD_EX32(tb_flags, TBFLAG_A32, FPCCR_S_WRONG);
11842 dc->v7m_new_fp_ctxt_needed =
11843 FIELD_EX32(tb_flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED);
11844 dc->v7m_lspact = FIELD_EX32(tb_flags, TBFLAG_A32, LSPACT);
11845 dc->cp_regs = cpu->cp_regs;
11846 dc->features = env->features;
11848 /* Single step state. The code-generation logic here is:
11850 * generate code with no special handling for single-stepping (except
11851 * that anything that can make us go to SS_ACTIVE == 1 must end the TB;
11852 * this happens anyway because those changes are all system register or
11854 * SS_ACTIVE == 1, PSTATE.SS == 1: (active-not-pending)
11855 * emit code for one insn
11856 * emit code to clear PSTATE.SS
11857 * emit code to generate software step exception for completed step
11858 * end TB (as usual for having generated an exception)
11859 * SS_ACTIVE == 1, PSTATE.SS == 0: (active-pending)
11860 * emit code to generate a software step exception
11863 dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
11864 dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
11865 dc->is_ldex = false;
11866 if (!arm_feature(env, ARM_FEATURE_M)) {
11867 dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
11870 dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
11872 /* If architectural single step active, limit to 1. */
11873 if (is_singlestepping(dc)) {
11874 dc->base.max_insns = 1;
11877 /* ARM is a fixed-length ISA. Bound the number of insns to execute
11878 to those left on the page. */
11880 int bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
11881 dc->base.max_insns = MIN(dc->base.max_insns, bound);
11884 cpu_V0 = tcg_temp_new_i64();
11885 cpu_V1 = tcg_temp_new_i64();
11886 /* FIXME: cpu_M0 can probably be the same as cpu_V0. */
11887 cpu_M0 = tcg_temp_new_i64();
11890 static void arm_tr_tb_start(DisasContextBase *dcbase, CPUState *cpu)
11892 DisasContext *dc = container_of(dcbase, DisasContext, base);
11894 /* A note on handling of the condexec (IT) bits:
11896 * We want to avoid the overhead of having to write the updated condexec
11897 * bits back to the CPUARMState for every instruction in an IT block. So:
11898 * (1) if the condexec bits are not already zero then we write
11899 * zero back into the CPUARMState now. This avoids complications trying
11900 * to do it at the end of the block. (For example if we don't do this
11901 * it's hard to identify whether we can safely skip writing condexec
11902 * at the end of the TB, which we definitely want to do for the case
11903 * where a TB doesn't do anything with the IT state at all.)
11904 * (2) if we are going to leave the TB then we call gen_set_condexec()
11905 * which will write the correct value into CPUARMState if zero is wrong.
11906 * This is done both for leaving the TB at the end, and for leaving
11907 * it because of an exception we know will happen, which is done in
11908 * gen_exception_insn(). The latter is necessary because we need to
11909 * leave the TB with the PC/IT state just prior to execution of the
11910 * instruction which caused the exception.
11911 * (3) if we leave the TB unexpectedly (eg a data abort on a load)
11912 * then the CPUARMState will be wrong and we need to reset it.
11913 * This is handled in the same way as restoration of the
11914 * PC in these situations; we save the value of the condexec bits
11915 * for each PC via tcg_gen_insn_start(), and restore_state_to_opc()
11916 * then uses this to restore them after an exception.
11918 * Note that there are no instructions which can read the condexec
11919 * bits, and none which can write non-static values to them, so
11920 * we don't need to care about whether CPUARMState is correct in the
11924 /* Reset the conditional execution bits immediately. This avoids
11925 complications trying to do it at the end of the block. */
11926 if (dc->condexec_mask || dc->condexec_cond) {
11927 TCGv_i32 tmp = tcg_temp_new_i32();
11928 tcg_gen_movi_i32(tmp, 0);
11929 store_cpu_field(tmp, condexec_bits);
11933 static void arm_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
11935 DisasContext *dc = container_of(dcbase, DisasContext, base);
11937 tcg_gen_insn_start(dc->base.pc_next,
11938 (dc->condexec_cond << 4) | (dc->condexec_mask >> 1),
11940 dc->insn_start = tcg_last_op();
11943 static bool arm_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
11944 const CPUBreakpoint *bp)
11946 DisasContext *dc = container_of(dcbase, DisasContext, base);
11948 if (bp->flags & BP_CPU) {
11949 gen_set_condexec(dc);
11950 gen_set_pc_im(dc, dc->base.pc_next);
11951 gen_helper_check_breakpoints(cpu_env);
11952 /* End the TB early; it's likely not going to be executed */
11953 dc->base.is_jmp = DISAS_TOO_MANY;
11955 gen_exception_internal_insn(dc, dc->base.pc_next, EXCP_DEBUG);
11956 /* The address covered by the breakpoint must be
11957 included in [tb->pc, tb->pc + tb->size) in order
11958 to for it to be properly cleared -- thus we
11959 increment the PC here so that the logic setting
11960 tb->size below does the right thing. */
11961 /* TODO: Advance PC by correct instruction length to
11962 * avoid disassembler error messages */
11963 dc->base.pc_next += 2;
11964 dc->base.is_jmp = DISAS_NORETURN;
11970 static bool arm_pre_translate_insn(DisasContext *dc)
11972 #ifdef CONFIG_USER_ONLY
11973 /* Intercept jump to the magic kernel page. */
11974 if (dc->base.pc_next >= 0xffff0000) {
11975 /* We always get here via a jump, so know we are not in a
11976 conditional execution block. */
11977 gen_exception_internal(EXCP_KERNEL_TRAP);
11978 dc->base.is_jmp = DISAS_NORETURN;
11983 if (dc->ss_active && !dc->pstate_ss) {
11984 /* Singlestep state is Active-pending.
11985 * If we're in this state at the start of a TB then either
11986 * a) we just took an exception to an EL which is being debugged
11987 * and this is the first insn in the exception handler
11988 * b) debug exceptions were masked and we just unmasked them
11989 * without changing EL (eg by clearing PSTATE.D)
11990 * In either case we're going to take a swstep exception in the
11991 * "did not step an insn" case, and so the syndrome ISV and EX
11992 * bits should be zero.
11994 assert(dc->base.num_insns == 1);
11995 gen_swstep_exception(dc, 0, 0);
11996 dc->base.is_jmp = DISAS_NORETURN;
12003 static void arm_post_translate_insn(DisasContext *dc)
12005 if (dc->condjmp && !dc->base.is_jmp) {
12006 gen_set_label(dc->condlabel);
12009 translator_loop_temp_check(&dc->base);
12012 static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
12014 DisasContext *dc = container_of(dcbase, DisasContext, base);
12015 CPUARMState *env = cpu->env_ptr;
12018 if (arm_pre_translate_insn(dc)) {
12022 dc->pc_curr = dc->base.pc_next;
12023 insn = arm_ldl_code(env, dc->base.pc_next, dc->sctlr_b);
12025 dc->base.pc_next += 4;
12026 disas_arm_insn(dc, insn);
12028 arm_post_translate_insn(dc);
12030 /* ARM is a fixed-length ISA. We performed the cross-page check
12031 in init_disas_context by adjusting max_insns. */
12034 static bool thumb_insn_is_unconditional(DisasContext *s, uint32_t insn)
12036 /* Return true if this Thumb insn is always unconditional,
12037 * even inside an IT block. This is true of only a very few
12038 * instructions: BKPT, HLT, and SG.
12040 * A larger class of instructions are UNPREDICTABLE if used
12041 * inside an IT block; we do not need to detect those here, because
12042 * what we do by default (perform the cc check and update the IT
12043 * bits state machine) is a permitted CONSTRAINED UNPREDICTABLE
12044 * choice for those situations.
12046 * insn is either a 16-bit or a 32-bit instruction; the two are
12047 * distinguishable because for the 16-bit case the top 16 bits
12048 * are zeroes, and that isn't a valid 32-bit encoding.
12050 if ((insn & 0xffffff00) == 0xbe00) {
12055 if ((insn & 0xffffffc0) == 0xba80 && arm_dc_feature(s, ARM_FEATURE_V8) &&
12056 !arm_dc_feature(s, ARM_FEATURE_M)) {
12057 /* HLT: v8A only. This is unconditional even when it is going to
12058 * UNDEF; see the v8A ARM ARM DDI0487B.a H3.3.
12059 * For v7 cores this was a plain old undefined encoding and so
12060 * honours its cc check. (We might be using the encoding as
12061 * a semihosting trap, but we don't change the cc check behaviour
12062 * on that account, because a debugger connected to a real v7A
12063 * core and emulating semihosting traps by catching the UNDEF
12064 * exception would also only see cases where the cc check passed.
12065 * No guest code should be trying to do a HLT semihosting trap
12066 * in an IT block anyway.
12071 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_V8) &&
12072 arm_dc_feature(s, ARM_FEATURE_M)) {
12080 static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
12082 DisasContext *dc = container_of(dcbase, DisasContext, base);
12083 CPUARMState *env = cpu->env_ptr;
12087 if (arm_pre_translate_insn(dc)) {
12091 dc->pc_curr = dc->base.pc_next;
12092 insn = arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b);
12093 is_16bit = thumb_insn_is_16bit(dc, dc->base.pc_next, insn);
12094 dc->base.pc_next += 2;
12096 uint32_t insn2 = arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b);
12098 insn = insn << 16 | insn2;
12099 dc->base.pc_next += 2;
12103 if (dc->condexec_mask && !thumb_insn_is_unconditional(dc, insn)) {
12104 uint32_t cond = dc->condexec_cond;
12107 * Conditionally skip the insn. Note that both 0xe and 0xf mean
12108 * "always"; 0xf is not "never".
12111 arm_skip_unless(dc, cond);
12116 disas_thumb_insn(dc, insn);
12118 disas_thumb2_insn(dc, insn);
12121 /* Advance the Thumb condexec condition. */
12122 if (dc->condexec_mask) {
12123 dc->condexec_cond = ((dc->condexec_cond & 0xe) |
12124 ((dc->condexec_mask >> 4) & 1));
12125 dc->condexec_mask = (dc->condexec_mask << 1) & 0x1f;
12126 if (dc->condexec_mask == 0) {
12127 dc->condexec_cond = 0;
12131 arm_post_translate_insn(dc);
12133 /* Thumb is a variable-length ISA. Stop translation when the next insn
12134 * will touch a new page. This ensures that prefetch aborts occur at
12137 * We want to stop the TB if the next insn starts in a new page,
12138 * or if it spans between this page and the next. This means that
12139 * if we're looking at the last halfword in the page we need to
12140 * see if it's a 16-bit Thumb insn (which will fit in this TB)
12141 * or a 32-bit Thumb insn (which won't).
12142 * This is to avoid generating a silly TB with a single 16-bit insn
12143 * in it at the end of this page (which would execute correctly
12144 * but isn't very efficient).
12146 if (dc->base.is_jmp == DISAS_NEXT
12147 && (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE
12148 || (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE - 3
12149 && insn_crosses_page(env, dc)))) {
12150 dc->base.is_jmp = DISAS_TOO_MANY;
12154 static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
12156 DisasContext *dc = container_of(dcbase, DisasContext, base);
12158 if (tb_cflags(dc->base.tb) & CF_LAST_IO && dc->condjmp) {
12159 /* FIXME: This can theoretically happen with self-modifying code. */
12160 cpu_abort(cpu, "IO on conditional branch instruction");
12163 /* At this stage dc->condjmp will only be set when the skipped
12164 instruction was a conditional branch or trap, and the PC has
12165 already been written. */
12166 gen_set_condexec(dc);
12167 if (dc->base.is_jmp == DISAS_BX_EXCRET) {
12168 /* Exception return branches need some special case code at the
12169 * end of the TB, which is complex enough that it has to
12170 * handle the single-step vs not and the condition-failed
12171 * insn codepath itself.
12173 gen_bx_excret_final_code(dc);
12174 } else if (unlikely(is_singlestepping(dc))) {
12175 /* Unconditional and "condition passed" instruction codepath. */
12176 switch (dc->base.is_jmp) {
12178 gen_ss_advance(dc);
12179 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
12180 default_exception_el(dc));
12183 gen_ss_advance(dc);
12184 gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
12187 gen_ss_advance(dc);
12188 gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
12191 case DISAS_TOO_MANY:
12193 gen_set_pc_im(dc, dc->base.pc_next);
12196 /* FIXME: Single stepping a WFI insn will not halt the CPU. */
12197 gen_singlestep_exception(dc);
12199 case DISAS_NORETURN:
12203 /* While branches must always occur at the end of an IT block,
12204 there are a few other things that can cause us to terminate
12205 the TB in the middle of an IT block:
12206 - Exception generating instructions (bkpt, swi, undefined).
12208 - Hardware watchpoints.
12209 Hardware breakpoints have already been handled and skip this code.
12211 switch(dc->base.is_jmp) {
12213 case DISAS_TOO_MANY:
12214 gen_goto_tb(dc, 1, dc->base.pc_next);
12220 gen_set_pc_im(dc, dc->base.pc_next);
12223 /* indicate that the hash table must be used to find the next TB */
12224 tcg_gen_exit_tb(NULL, 0);
12226 case DISAS_NORETURN:
12227 /* nothing more to generate */
12231 TCGv_i32 tmp = tcg_const_i32((dc->thumb &&
12232 !(dc->insn & (1U << 31))) ? 2 : 4);
12234 gen_helper_wfi(cpu_env, tmp);
12235 tcg_temp_free_i32(tmp);
12236 /* The helper doesn't necessarily throw an exception, but we
12237 * must go back to the main loop to check for interrupts anyway.
12239 tcg_gen_exit_tb(NULL, 0);
12243 gen_helper_wfe(cpu_env);
12246 gen_helper_yield(cpu_env);
12249 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
12250 default_exception_el(dc));
12253 gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
12256 gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
12262 /* "Condition failed" instruction codepath for the branch/trap insn */
12263 gen_set_label(dc->condlabel);
12264 gen_set_condexec(dc);
12265 if (unlikely(is_singlestepping(dc))) {
12266 gen_set_pc_im(dc, dc->base.pc_next);
12267 gen_singlestep_exception(dc);
12269 gen_goto_tb(dc, 1, dc->base.pc_next);
12274 static void arm_tr_disas_log(const DisasContextBase *dcbase, CPUState *cpu)
12276 DisasContext *dc = container_of(dcbase, DisasContext, base);
12278 qemu_log("IN: %s\n", lookup_symbol(dc->base.pc_first));
12279 log_target_disas(cpu, dc->base.pc_first, dc->base.tb->size);
12282 static const TranslatorOps arm_translator_ops = {
12283 .init_disas_context = arm_tr_init_disas_context,
12284 .tb_start = arm_tr_tb_start,
12285 .insn_start = arm_tr_insn_start,
12286 .breakpoint_check = arm_tr_breakpoint_check,
12287 .translate_insn = arm_tr_translate_insn,
12288 .tb_stop = arm_tr_tb_stop,
12289 .disas_log = arm_tr_disas_log,
12292 static const TranslatorOps thumb_translator_ops = {
12293 .init_disas_context = arm_tr_init_disas_context,
12294 .tb_start = arm_tr_tb_start,
12295 .insn_start = arm_tr_insn_start,
12296 .breakpoint_check = arm_tr_breakpoint_check,
12297 .translate_insn = thumb_tr_translate_insn,
12298 .tb_stop = arm_tr_tb_stop,
12299 .disas_log = arm_tr_disas_log,
12302 /* generate intermediate code for basic block 'tb'. */
12303 void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
12306 const TranslatorOps *ops = &arm_translator_ops;
12308 if (FIELD_EX32(tb->flags, TBFLAG_A32, THUMB)) {
12309 ops = &thumb_translator_ops;
12311 #ifdef TARGET_AARCH64
12312 if (FIELD_EX32(tb->flags, TBFLAG_ANY, AARCH64_STATE)) {
12313 ops = &aarch64_translator_ops;
12317 translator_loop(ops, &dc.base, cpu, tb, max_insns);
12320 void restore_state_to_opc(CPUARMState *env, TranslationBlock *tb,
12321 target_ulong *data)
12325 env->condexec_bits = 0;
12326 env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
12328 env->regs[15] = data[0];
12329 env->condexec_bits = data[1];
12330 env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
projects / qemu.git / blob