4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2005-2007 CodeSourcery
6 * Copyright (c) 2007 OpenedHand, Ltd.
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu/osdep.h"
24 #include "internals.h"
25 #include "disas/disas.h"
26 #include "exec/exec-all.h"
28 #include "tcg-op-gvec.h"
30 #include "qemu/bitops.h"
32 #include "hw/semihosting/semihost.h"
34 #include "exec/helper-proto.h"
35 #include "exec/helper-gen.h"
37 #include "trace-tcg.h"
41 #define ENABLE_ARCH_4T arm_dc_feature(s, ARM_FEATURE_V4T)
42 #define ENABLE_ARCH_5 arm_dc_feature(s, ARM_FEATURE_V5)
43 /* currently all emulated v5 cores are also v5TE, so don't bother */
44 #define ENABLE_ARCH_5TE arm_dc_feature(s, ARM_FEATURE_V5)
45 #define ENABLE_ARCH_5J dc_isar_feature(jazelle, s)
46 #define ENABLE_ARCH_6 arm_dc_feature(s, ARM_FEATURE_V6)
47 #define ENABLE_ARCH_6K arm_dc_feature(s, ARM_FEATURE_V6K)
48 #define ENABLE_ARCH_6T2 arm_dc_feature(s, ARM_FEATURE_THUMB2)
49 #define ENABLE_ARCH_7 arm_dc_feature(s, ARM_FEATURE_V7)
50 #define ENABLE_ARCH_8 arm_dc_feature(s, ARM_FEATURE_V8)
52 #define ARCH(x) do { if (!ENABLE_ARCH_##x) goto illegal_op; } while(0)
54 #include "translate.h"
56 #if defined(CONFIG_USER_ONLY)
59 #define IS_USER(s) (s->user)
62 /* We reuse the same 64-bit temporaries for efficiency. */
63 static TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
64 static TCGv_i32 cpu_R[16];
65 TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF;
66 TCGv_i64 cpu_exclusive_addr;
67 TCGv_i64 cpu_exclusive_val;
69 #include "exec/gen-icount.h"
71 static const char * const regnames[] =
72 { "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
73 "r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" };
75 /* Function prototypes for gen_ functions calling Neon helpers. */
76 typedef void NeonGenThreeOpEnvFn(TCGv_i32, TCGv_env, TCGv_i32,
78 /* Function prototypes for gen_ functions for fix point conversions */
79 typedef void VFPGenFixPointFn(TCGv_i32, TCGv_i32, TCGv_i32, TCGv_ptr);
81 /* initialize TCG globals. */
82 void arm_translate_init(void)
86 for (i = 0; i < 16; i++) {
87 cpu_R[i] = tcg_global_mem_new_i32(cpu_env,
88 offsetof(CPUARMState, regs[i]),
91 cpu_CF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, CF), "CF");
92 cpu_NF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, NF), "NF");
93 cpu_VF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, VF), "VF");
94 cpu_ZF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, ZF), "ZF");
96 cpu_exclusive_addr = tcg_global_mem_new_i64(cpu_env,
97 offsetof(CPUARMState, exclusive_addr), "exclusive_addr");
98 cpu_exclusive_val = tcg_global_mem_new_i64(cpu_env,
99 offsetof(CPUARMState, exclusive_val), "exclusive_val");
101 a64_translate_init();
104 /* Flags for the disas_set_da_iss info argument:
105 * lower bits hold the Rt register number, higher bits are flags.
107 typedef enum ISSInfo {
110 ISSInvalid = (1 << 5),
111 ISSIsAcqRel = (1 << 6),
112 ISSIsWrite = (1 << 7),
113 ISSIs16Bit = (1 << 8),
116 /* Save the syndrome information for a Data Abort */
117 static void disas_set_da_iss(DisasContext *s, MemOp memop, ISSInfo issinfo)
120 int sas = memop & MO_SIZE;
121 bool sse = memop & MO_SIGN;
122 bool is_acqrel = issinfo & ISSIsAcqRel;
123 bool is_write = issinfo & ISSIsWrite;
124 bool is_16bit = issinfo & ISSIs16Bit;
125 int srt = issinfo & ISSRegMask;
127 if (issinfo & ISSInvalid) {
128 /* Some callsites want to conditionally provide ISS info,
129 * eg "only if this was not a writeback"
135 /* For AArch32, insns where the src/dest is R15 never generate
136 * ISS information. Catching that here saves checking at all
142 syn = syn_data_abort_with_iss(0, sas, sse, srt, 0, is_acqrel,
143 0, 0, 0, is_write, 0, is_16bit);
144 disas_set_insn_syndrome(s, syn);
147 static inline int get_a32_user_mem_index(DisasContext *s)
149 /* Return the core mmu_idx to use for A32/T32 "unprivileged load/store"
151 * if PL2, UNPREDICTABLE (we choose to implement as if PL0)
152 * otherwise, access as if at PL0.
154 switch (s->mmu_idx) {
155 case ARMMMUIdx_S1E2: /* this one is UNPREDICTABLE */
156 case ARMMMUIdx_S12NSE0:
157 case ARMMMUIdx_S12NSE1:
158 return arm_to_core_mmu_idx(ARMMMUIdx_S12NSE0);
160 case ARMMMUIdx_S1SE0:
161 case ARMMMUIdx_S1SE1:
162 return arm_to_core_mmu_idx(ARMMMUIdx_S1SE0);
163 case ARMMMUIdx_MUser:
164 case ARMMMUIdx_MPriv:
165 return arm_to_core_mmu_idx(ARMMMUIdx_MUser);
166 case ARMMMUIdx_MUserNegPri:
167 case ARMMMUIdx_MPrivNegPri:
168 return arm_to_core_mmu_idx(ARMMMUIdx_MUserNegPri);
169 case ARMMMUIdx_MSUser:
170 case ARMMMUIdx_MSPriv:
171 return arm_to_core_mmu_idx(ARMMMUIdx_MSUser);
172 case ARMMMUIdx_MSUserNegPri:
173 case ARMMMUIdx_MSPrivNegPri:
174 return arm_to_core_mmu_idx(ARMMMUIdx_MSUserNegPri);
177 g_assert_not_reached();
181 static inline TCGv_i32 load_cpu_offset(int offset)
183 TCGv_i32 tmp = tcg_temp_new_i32();
184 tcg_gen_ld_i32(tmp, cpu_env, offset);
188 #define load_cpu_field(name) load_cpu_offset(offsetof(CPUARMState, name))
190 static inline void store_cpu_offset(TCGv_i32 var, int offset)
192 tcg_gen_st_i32(var, cpu_env, offset);
193 tcg_temp_free_i32(var);
196 #define store_cpu_field(var, name) \
197 store_cpu_offset(var, offsetof(CPUARMState, name))
199 /* The architectural value of PC. */
200 static uint32_t read_pc(DisasContext *s)
202 return s->pc_curr + (s->thumb ? 4 : 8);
205 /* Set a variable to the value of a CPU register. */
206 static void load_reg_var(DisasContext *s, TCGv_i32 var, int reg)
209 tcg_gen_movi_i32(var, read_pc(s));
211 tcg_gen_mov_i32(var, cpu_R[reg]);
215 /* Create a new temporary and set it to the value of a CPU register. */
216 static inline TCGv_i32 load_reg(DisasContext *s, int reg)
218 TCGv_i32 tmp = tcg_temp_new_i32();
219 load_reg_var(s, tmp, reg);
224 * Create a new temp, REG + OFS, except PC is ALIGN(PC, 4).
225 * This is used for load/store for which use of PC implies (literal),
226 * or ADD that implies ADR.
228 static TCGv_i32 add_reg_for_lit(DisasContext *s, int reg, int ofs)
230 TCGv_i32 tmp = tcg_temp_new_i32();
233 tcg_gen_movi_i32(tmp, (read_pc(s) & ~3) + ofs);
235 tcg_gen_addi_i32(tmp, cpu_R[reg], ofs);
240 /* Set a CPU register. The source must be a temporary and will be
242 static void store_reg(DisasContext *s, int reg, TCGv_i32 var)
245 /* In Thumb mode, we must ignore bit 0.
246 * In ARM mode, for ARMv4 and ARMv5, it is UNPREDICTABLE if bits [1:0]
247 * are not 0b00, but for ARMv6 and above, we must ignore bits [1:0].
248 * We choose to ignore [1:0] in ARM mode for all architecture versions.
250 tcg_gen_andi_i32(var, var, s->thumb ? ~1 : ~3);
251 s->base.is_jmp = DISAS_JUMP;
253 tcg_gen_mov_i32(cpu_R[reg], var);
254 tcg_temp_free_i32(var);
258 * Variant of store_reg which applies v8M stack-limit checks before updating
259 * SP. If the check fails this will result in an exception being taken.
260 * We disable the stack checks for CONFIG_USER_ONLY because we have
261 * no idea what the stack limits should be in that case.
262 * If stack checking is not being done this just acts like store_reg().
264 static void store_sp_checked(DisasContext *s, TCGv_i32 var)
266 #ifndef CONFIG_USER_ONLY
267 if (s->v8m_stackcheck) {
268 gen_helper_v8m_stackcheck(cpu_env, var);
271 store_reg(s, 13, var);
274 /* Value extensions. */
275 #define gen_uxtb(var) tcg_gen_ext8u_i32(var, var)
276 #define gen_uxth(var) tcg_gen_ext16u_i32(var, var)
277 #define gen_sxtb(var) tcg_gen_ext8s_i32(var, var)
278 #define gen_sxth(var) tcg_gen_ext16s_i32(var, var)
280 #define gen_sxtb16(var) gen_helper_sxtb16(var, var)
281 #define gen_uxtb16(var) gen_helper_uxtb16(var, var)
284 static inline void gen_set_cpsr(TCGv_i32 var, uint32_t mask)
286 TCGv_i32 tmp_mask = tcg_const_i32(mask);
287 gen_helper_cpsr_write(cpu_env, var, tmp_mask);
288 tcg_temp_free_i32(tmp_mask);
290 /* Set NZCV flags from the high 4 bits of var. */
291 #define gen_set_nzcv(var) gen_set_cpsr(var, CPSR_NZCV)
293 static void gen_exception_internal(int excp)
295 TCGv_i32 tcg_excp = tcg_const_i32(excp);
297 assert(excp_is_internal(excp));
298 gen_helper_exception_internal(cpu_env, tcg_excp);
299 tcg_temp_free_i32(tcg_excp);
302 static void gen_step_complete_exception(DisasContext *s)
304 /* We just completed step of an insn. Move from Active-not-pending
305 * to Active-pending, and then also take the swstep exception.
306 * This corresponds to making the (IMPDEF) choice to prioritize
307 * swstep exceptions over asynchronous exceptions taken to an exception
308 * level where debug is disabled. This choice has the advantage that
309 * we do not need to maintain internal state corresponding to the
310 * ISV/EX syndrome bits between completion of the step and generation
311 * of the exception, and our syndrome information is always correct.
314 gen_swstep_exception(s, 1, s->is_ldex);
315 s->base.is_jmp = DISAS_NORETURN;
318 static void gen_singlestep_exception(DisasContext *s)
320 /* Generate the right kind of exception for singlestep, which is
321 * either the architectural singlestep or EXCP_DEBUG for QEMU's
322 * gdb singlestepping.
325 gen_step_complete_exception(s);
327 gen_exception_internal(EXCP_DEBUG);
331 static inline bool is_singlestepping(DisasContext *s)
333 /* Return true if we are singlestepping either because of
334 * architectural singlestep or QEMU gdbstub singlestep. This does
335 * not include the command line '-singlestep' mode which is rather
336 * misnamed as it only means "one instruction per TB" and doesn't
337 * affect the code we generate.
339 return s->base.singlestep_enabled || s->ss_active;
342 static void gen_smul_dual(TCGv_i32 a, TCGv_i32 b)
344 TCGv_i32 tmp1 = tcg_temp_new_i32();
345 TCGv_i32 tmp2 = tcg_temp_new_i32();
346 tcg_gen_ext16s_i32(tmp1, a);
347 tcg_gen_ext16s_i32(tmp2, b);
348 tcg_gen_mul_i32(tmp1, tmp1, tmp2);
349 tcg_temp_free_i32(tmp2);
350 tcg_gen_sari_i32(a, a, 16);
351 tcg_gen_sari_i32(b, b, 16);
352 tcg_gen_mul_i32(b, b, a);
353 tcg_gen_mov_i32(a, tmp1);
354 tcg_temp_free_i32(tmp1);
357 /* Byteswap each halfword. */
358 static void gen_rev16(TCGv_i32 var)
360 TCGv_i32 tmp = tcg_temp_new_i32();
361 TCGv_i32 mask = tcg_const_i32(0x00ff00ff);
362 tcg_gen_shri_i32(tmp, var, 8);
363 tcg_gen_and_i32(tmp, tmp, mask);
364 tcg_gen_and_i32(var, var, mask);
365 tcg_gen_shli_i32(var, var, 8);
366 tcg_gen_or_i32(var, var, tmp);
367 tcg_temp_free_i32(mask);
368 tcg_temp_free_i32(tmp);
371 /* Byteswap low halfword and sign extend. */
372 static void gen_revsh(TCGv_i32 var)
374 tcg_gen_ext16u_i32(var, var);
375 tcg_gen_bswap16_i32(var, var);
376 tcg_gen_ext16s_i32(var, var);
379 /* 32x32->64 multiply. Marks inputs as dead. */
380 static TCGv_i64 gen_mulu_i64_i32(TCGv_i32 a, TCGv_i32 b)
382 TCGv_i32 lo = tcg_temp_new_i32();
383 TCGv_i32 hi = tcg_temp_new_i32();
386 tcg_gen_mulu2_i32(lo, hi, a, b);
387 tcg_temp_free_i32(a);
388 tcg_temp_free_i32(b);
390 ret = tcg_temp_new_i64();
391 tcg_gen_concat_i32_i64(ret, lo, hi);
392 tcg_temp_free_i32(lo);
393 tcg_temp_free_i32(hi);
398 static TCGv_i64 gen_muls_i64_i32(TCGv_i32 a, TCGv_i32 b)
400 TCGv_i32 lo = tcg_temp_new_i32();
401 TCGv_i32 hi = tcg_temp_new_i32();
404 tcg_gen_muls2_i32(lo, hi, a, b);
405 tcg_temp_free_i32(a);
406 tcg_temp_free_i32(b);
408 ret = tcg_temp_new_i64();
409 tcg_gen_concat_i32_i64(ret, lo, hi);
410 tcg_temp_free_i32(lo);
411 tcg_temp_free_i32(hi);
416 /* Swap low and high halfwords. */
417 static void gen_swap_half(TCGv_i32 var)
419 tcg_gen_rotri_i32(var, var, 16);
422 /* Dual 16-bit add. Result placed in t0 and t1 is marked as dead.
423 tmp = (t0 ^ t1) & 0x8000;
426 t0 = (t0 + t1) ^ tmp;
429 static void gen_add16(TCGv_i32 t0, TCGv_i32 t1)
431 TCGv_i32 tmp = tcg_temp_new_i32();
432 tcg_gen_xor_i32(tmp, t0, t1);
433 tcg_gen_andi_i32(tmp, tmp, 0x8000);
434 tcg_gen_andi_i32(t0, t0, ~0x8000);
435 tcg_gen_andi_i32(t1, t1, ~0x8000);
436 tcg_gen_add_i32(t0, t0, t1);
437 tcg_gen_xor_i32(t0, t0, tmp);
438 tcg_temp_free_i32(tmp);
439 tcg_temp_free_i32(t1);
442 /* Set N and Z flags from var. */
443 static inline void gen_logic_CC(TCGv_i32 var)
445 tcg_gen_mov_i32(cpu_NF, var);
446 tcg_gen_mov_i32(cpu_ZF, var);
450 static void gen_adc(TCGv_i32 t0, TCGv_i32 t1)
452 tcg_gen_add_i32(t0, t0, t1);
453 tcg_gen_add_i32(t0, t0, cpu_CF);
456 /* dest = T0 + T1 + CF. */
457 static void gen_add_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
459 tcg_gen_add_i32(dest, t0, t1);
460 tcg_gen_add_i32(dest, dest, cpu_CF);
463 /* dest = T0 - T1 + CF - 1. */
464 static void gen_sub_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
466 tcg_gen_sub_i32(dest, t0, t1);
467 tcg_gen_add_i32(dest, dest, cpu_CF);
468 tcg_gen_subi_i32(dest, dest, 1);
471 /* dest = T0 + T1. Compute C, N, V and Z flags */
472 static void gen_add_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
474 TCGv_i32 tmp = tcg_temp_new_i32();
475 tcg_gen_movi_i32(tmp, 0);
476 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, t1, tmp);
477 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
478 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
479 tcg_gen_xor_i32(tmp, t0, t1);
480 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
481 tcg_temp_free_i32(tmp);
482 tcg_gen_mov_i32(dest, cpu_NF);
485 /* dest = T0 + T1 + CF. Compute C, N, V and Z flags */
486 static void gen_adc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
488 TCGv_i32 tmp = tcg_temp_new_i32();
489 if (TCG_TARGET_HAS_add2_i32) {
490 tcg_gen_movi_i32(tmp, 0);
491 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, cpu_CF, tmp);
492 tcg_gen_add2_i32(cpu_NF, cpu_CF, cpu_NF, cpu_CF, t1, tmp);
494 TCGv_i64 q0 = tcg_temp_new_i64();
495 TCGv_i64 q1 = tcg_temp_new_i64();
496 tcg_gen_extu_i32_i64(q0, t0);
497 tcg_gen_extu_i32_i64(q1, t1);
498 tcg_gen_add_i64(q0, q0, q1);
499 tcg_gen_extu_i32_i64(q1, cpu_CF);
500 tcg_gen_add_i64(q0, q0, q1);
501 tcg_gen_extr_i64_i32(cpu_NF, cpu_CF, q0);
502 tcg_temp_free_i64(q0);
503 tcg_temp_free_i64(q1);
505 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
506 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
507 tcg_gen_xor_i32(tmp, t0, t1);
508 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
509 tcg_temp_free_i32(tmp);
510 tcg_gen_mov_i32(dest, cpu_NF);
513 /* dest = T0 - T1. Compute C, N, V and Z flags */
514 static void gen_sub_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
517 tcg_gen_sub_i32(cpu_NF, t0, t1);
518 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
519 tcg_gen_setcond_i32(TCG_COND_GEU, cpu_CF, t0, t1);
520 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
521 tmp = tcg_temp_new_i32();
522 tcg_gen_xor_i32(tmp, t0, t1);
523 tcg_gen_and_i32(cpu_VF, cpu_VF, tmp);
524 tcg_temp_free_i32(tmp);
525 tcg_gen_mov_i32(dest, cpu_NF);
528 /* dest = T0 + ~T1 + CF. Compute C, N, V and Z flags */
529 static void gen_sbc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
531 TCGv_i32 tmp = tcg_temp_new_i32();
532 tcg_gen_not_i32(tmp, t1);
533 gen_adc_CC(dest, t0, tmp);
534 tcg_temp_free_i32(tmp);
537 #define GEN_SHIFT(name) \
538 static void gen_##name(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) \
540 TCGv_i32 tmp1, tmp2, tmp3; \
541 tmp1 = tcg_temp_new_i32(); \
542 tcg_gen_andi_i32(tmp1, t1, 0xff); \
543 tmp2 = tcg_const_i32(0); \
544 tmp3 = tcg_const_i32(0x1f); \
545 tcg_gen_movcond_i32(TCG_COND_GTU, tmp2, tmp1, tmp3, tmp2, t0); \
546 tcg_temp_free_i32(tmp3); \
547 tcg_gen_andi_i32(tmp1, tmp1, 0x1f); \
548 tcg_gen_##name##_i32(dest, tmp2, tmp1); \
549 tcg_temp_free_i32(tmp2); \
550 tcg_temp_free_i32(tmp1); \
556 static void gen_sar(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
559 tmp1 = tcg_temp_new_i32();
560 tcg_gen_andi_i32(tmp1, t1, 0xff);
561 tmp2 = tcg_const_i32(0x1f);
562 tcg_gen_movcond_i32(TCG_COND_GTU, tmp1, tmp1, tmp2, tmp2, tmp1);
563 tcg_temp_free_i32(tmp2);
564 tcg_gen_sar_i32(dest, t0, tmp1);
565 tcg_temp_free_i32(tmp1);
568 static void shifter_out_im(TCGv_i32 var, int shift)
570 tcg_gen_extract_i32(cpu_CF, var, shift, 1);
573 /* Shift by immediate. Includes special handling for shift == 0. */
574 static inline void gen_arm_shift_im(TCGv_i32 var, int shiftop,
575 int shift, int flags)
581 shifter_out_im(var, 32 - shift);
582 tcg_gen_shli_i32(var, var, shift);
588 tcg_gen_shri_i32(cpu_CF, var, 31);
590 tcg_gen_movi_i32(var, 0);
593 shifter_out_im(var, shift - 1);
594 tcg_gen_shri_i32(var, var, shift);
601 shifter_out_im(var, shift - 1);
604 tcg_gen_sari_i32(var, var, shift);
606 case 3: /* ROR/RRX */
609 shifter_out_im(var, shift - 1);
610 tcg_gen_rotri_i32(var, var, shift); break;
612 TCGv_i32 tmp = tcg_temp_new_i32();
613 tcg_gen_shli_i32(tmp, cpu_CF, 31);
615 shifter_out_im(var, 0);
616 tcg_gen_shri_i32(var, var, 1);
617 tcg_gen_or_i32(var, var, tmp);
618 tcg_temp_free_i32(tmp);
623 static inline void gen_arm_shift_reg(TCGv_i32 var, int shiftop,
624 TCGv_i32 shift, int flags)
628 case 0: gen_helper_shl_cc(var, cpu_env, var, shift); break;
629 case 1: gen_helper_shr_cc(var, cpu_env, var, shift); break;
630 case 2: gen_helper_sar_cc(var, cpu_env, var, shift); break;
631 case 3: gen_helper_ror_cc(var, cpu_env, var, shift); break;
636 gen_shl(var, var, shift);
639 gen_shr(var, var, shift);
642 gen_sar(var, var, shift);
644 case 3: tcg_gen_andi_i32(shift, shift, 0x1f);
645 tcg_gen_rotr_i32(var, var, shift); break;
648 tcg_temp_free_i32(shift);
651 #define PAS_OP(pfx) \
653 case 0: gen_pas_helper(glue(pfx,add16)); break; \
654 case 1: gen_pas_helper(glue(pfx,addsubx)); break; \
655 case 2: gen_pas_helper(glue(pfx,subaddx)); break; \
656 case 3: gen_pas_helper(glue(pfx,sub16)); break; \
657 case 4: gen_pas_helper(glue(pfx,add8)); break; \
658 case 7: gen_pas_helper(glue(pfx,sub8)); break; \
660 static void gen_arm_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
665 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
667 tmp = tcg_temp_new_ptr();
668 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
670 tcg_temp_free_ptr(tmp);
673 tmp = tcg_temp_new_ptr();
674 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
676 tcg_temp_free_ptr(tmp);
678 #undef gen_pas_helper
679 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
692 #undef gen_pas_helper
697 /* For unknown reasons Arm and Thumb-2 use arbitrarily different encodings. */
698 #define PAS_OP(pfx) \
700 case 0: gen_pas_helper(glue(pfx,add8)); break; \
701 case 1: gen_pas_helper(glue(pfx,add16)); break; \
702 case 2: gen_pas_helper(glue(pfx,addsubx)); break; \
703 case 4: gen_pas_helper(glue(pfx,sub8)); break; \
704 case 5: gen_pas_helper(glue(pfx,sub16)); break; \
705 case 6: gen_pas_helper(glue(pfx,subaddx)); break; \
707 static void gen_thumb2_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
712 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
714 tmp = tcg_temp_new_ptr();
715 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
717 tcg_temp_free_ptr(tmp);
720 tmp = tcg_temp_new_ptr();
721 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
723 tcg_temp_free_ptr(tmp);
725 #undef gen_pas_helper
726 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
739 #undef gen_pas_helper
745 * Generate a conditional based on ARM condition code cc.
746 * This is common between ARM and Aarch64 targets.
748 void arm_test_cc(DisasCompare *cmp, int cc)
779 case 8: /* hi: C && !Z */
780 case 9: /* ls: !C || Z -> !(C && !Z) */
782 value = tcg_temp_new_i32();
784 /* CF is 1 for C, so -CF is an all-bits-set mask for C;
785 ZF is non-zero for !Z; so AND the two subexpressions. */
786 tcg_gen_neg_i32(value, cpu_CF);
787 tcg_gen_and_i32(value, value, cpu_ZF);
790 case 10: /* ge: N == V -> N ^ V == 0 */
791 case 11: /* lt: N != V -> N ^ V != 0 */
792 /* Since we're only interested in the sign bit, == 0 is >= 0. */
794 value = tcg_temp_new_i32();
796 tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
799 case 12: /* gt: !Z && N == V */
800 case 13: /* le: Z || N != V */
802 value = tcg_temp_new_i32();
804 /* (N == V) is equal to the sign bit of ~(NF ^ VF). Propagate
805 * the sign bit then AND with ZF to yield the result. */
806 tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
807 tcg_gen_sari_i32(value, value, 31);
808 tcg_gen_andc_i32(value, cpu_ZF, value);
811 case 14: /* always */
812 case 15: /* always */
813 /* Use the ALWAYS condition, which will fold early.
814 * It doesn't matter what we use for the value. */
815 cond = TCG_COND_ALWAYS;
820 fprintf(stderr, "Bad condition code 0x%x\n", cc);
825 cond = tcg_invert_cond(cond);
831 cmp->value_global = global;
834 void arm_free_cc(DisasCompare *cmp)
836 if (!cmp->value_global) {
837 tcg_temp_free_i32(cmp->value);
841 void arm_jump_cc(DisasCompare *cmp, TCGLabel *label)
843 tcg_gen_brcondi_i32(cmp->cond, cmp->value, 0, label);
846 void arm_gen_test_cc(int cc, TCGLabel *label)
849 arm_test_cc(&cmp, cc);
850 arm_jump_cc(&cmp, label);
854 static inline void gen_set_condexec(DisasContext *s)
856 if (s->condexec_mask) {
857 uint32_t val = (s->condexec_cond << 4) | (s->condexec_mask >> 1);
858 TCGv_i32 tmp = tcg_temp_new_i32();
859 tcg_gen_movi_i32(tmp, val);
860 store_cpu_field(tmp, condexec_bits);
864 static inline void gen_set_pc_im(DisasContext *s, target_ulong val)
866 tcg_gen_movi_i32(cpu_R[15], val);
869 /* Set PC and Thumb state from an immediate address. */
870 static inline void gen_bx_im(DisasContext *s, uint32_t addr)
874 s->base.is_jmp = DISAS_JUMP;
875 if (s->thumb != (addr & 1)) {
876 tmp = tcg_temp_new_i32();
877 tcg_gen_movi_i32(tmp, addr & 1);
878 tcg_gen_st_i32(tmp, cpu_env, offsetof(CPUARMState, thumb));
879 tcg_temp_free_i32(tmp);
881 tcg_gen_movi_i32(cpu_R[15], addr & ~1);
884 /* Set PC and Thumb state from var. var is marked as dead. */
885 static inline void gen_bx(DisasContext *s, TCGv_i32 var)
887 s->base.is_jmp = DISAS_JUMP;
888 tcg_gen_andi_i32(cpu_R[15], var, ~1);
889 tcg_gen_andi_i32(var, var, 1);
890 store_cpu_field(var, thumb);
894 * Set PC and Thumb state from var. var is marked as dead.
895 * For M-profile CPUs, include logic to detect exception-return
896 * branches and handle them. This is needed for Thumb POP/LDM to PC, LDR to PC,
897 * and BX reg, and no others, and happens only for code in Handler mode.
898 * The Security Extension also requires us to check for the FNC_RETURN
899 * which signals a function return from non-secure state; this can happen
900 * in both Handler and Thread mode.
901 * To avoid having to do multiple comparisons in inline generated code,
902 * we make the check we do here loose, so it will match for EXC_RETURN
903 * in Thread mode. For system emulation do_v7m_exception_exit() checks
904 * for these spurious cases and returns without doing anything (giving
905 * the same behaviour as for a branch to a non-magic address).
907 * In linux-user mode it is unclear what the right behaviour for an
908 * attempted FNC_RETURN should be, because in real hardware this will go
909 * directly to Secure code (ie not the Linux kernel) which will then treat
910 * the error in any way it chooses. For QEMU we opt to make the FNC_RETURN
911 * attempt behave the way it would on a CPU without the security extension,
912 * which is to say "like a normal branch". That means we can simply treat
913 * all branches as normal with no magic address behaviour.
915 static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
917 /* Generate the same code here as for a simple bx, but flag via
918 * s->base.is_jmp that we need to do the rest of the work later.
921 #ifndef CONFIG_USER_ONLY
922 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY) ||
923 (s->v7m_handler_mode && arm_dc_feature(s, ARM_FEATURE_M))) {
924 s->base.is_jmp = DISAS_BX_EXCRET;
929 static inline void gen_bx_excret_final_code(DisasContext *s)
931 /* Generate the code to finish possible exception return and end the TB */
932 TCGLabel *excret_label = gen_new_label();
935 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY)) {
936 /* Covers FNC_RETURN and EXC_RETURN magic */
937 min_magic = FNC_RETURN_MIN_MAGIC;
939 /* EXC_RETURN magic only */
940 min_magic = EXC_RETURN_MIN_MAGIC;
943 /* Is the new PC value in the magic range indicating exception return? */
944 tcg_gen_brcondi_i32(TCG_COND_GEU, cpu_R[15], min_magic, excret_label);
945 /* No: end the TB as we would for a DISAS_JMP */
946 if (is_singlestepping(s)) {
947 gen_singlestep_exception(s);
949 tcg_gen_exit_tb(NULL, 0);
951 gen_set_label(excret_label);
952 /* Yes: this is an exception return.
953 * At this point in runtime env->regs[15] and env->thumb will hold
954 * the exception-return magic number, which do_v7m_exception_exit()
955 * will read. Nothing else will be able to see those values because
956 * the cpu-exec main loop guarantees that we will always go straight
957 * from raising the exception to the exception-handling code.
959 * gen_ss_advance(s) does nothing on M profile currently but
960 * calling it is conceptually the right thing as we have executed
961 * this instruction (compare SWI, HVC, SMC handling).
964 gen_exception_internal(EXCP_EXCEPTION_EXIT);
967 static inline void gen_bxns(DisasContext *s, int rm)
969 TCGv_i32 var = load_reg(s, rm);
971 /* The bxns helper may raise an EXCEPTION_EXIT exception, so in theory
972 * we need to sync state before calling it, but:
973 * - we don't need to do gen_set_pc_im() because the bxns helper will
974 * always set the PC itself
975 * - we don't need to do gen_set_condexec() because BXNS is UNPREDICTABLE
976 * unless it's outside an IT block or the last insn in an IT block,
977 * so we know that condexec == 0 (already set at the top of the TB)
978 * is correct in the non-UNPREDICTABLE cases, and we can choose
979 * "zeroes the IT bits" as our UNPREDICTABLE behaviour otherwise.
981 gen_helper_v7m_bxns(cpu_env, var);
982 tcg_temp_free_i32(var);
983 s->base.is_jmp = DISAS_EXIT;
986 static inline void gen_blxns(DisasContext *s, int rm)
988 TCGv_i32 var = load_reg(s, rm);
990 /* We don't need to sync condexec state, for the same reason as bxns.
991 * We do however need to set the PC, because the blxns helper reads it.
992 * The blxns helper may throw an exception.
994 gen_set_pc_im(s, s->base.pc_next);
995 gen_helper_v7m_blxns(cpu_env, var);
996 tcg_temp_free_i32(var);
997 s->base.is_jmp = DISAS_EXIT;
1000 /* Variant of store_reg which uses branch&exchange logic when storing
1001 to r15 in ARM architecture v7 and above. The source must be a temporary
1002 and will be marked as dead. */
1003 static inline void store_reg_bx(DisasContext *s, int reg, TCGv_i32 var)
1005 if (reg == 15 && ENABLE_ARCH_7) {
1008 store_reg(s, reg, var);
1012 /* Variant of store_reg which uses branch&exchange logic when storing
1013 * to r15 in ARM architecture v5T and above. This is used for storing
1014 * the results of a LDR/LDM/POP into r15, and corresponds to the cases
1015 * in the ARM ARM which use the LoadWritePC() pseudocode function. */
1016 static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
1018 if (reg == 15 && ENABLE_ARCH_5) {
1019 gen_bx_excret(s, var);
1021 store_reg(s, reg, var);
1025 #ifdef CONFIG_USER_ONLY
1026 #define IS_USER_ONLY 1
1028 #define IS_USER_ONLY 0
1031 /* Abstractions of "generate code to do a guest load/store for
1032 * AArch32", where a vaddr is always 32 bits (and is zero
1033 * extended if we're a 64 bit core) and data is also
1034 * 32 bits unless specifically doing a 64 bit access.
1035 * These functions work like tcg_gen_qemu_{ld,st}* except
1036 * that the address argument is TCGv_i32 rather than TCGv.
1039 static inline TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, MemOp op)
1041 TCGv addr = tcg_temp_new();
1042 tcg_gen_extu_i32_tl(addr, a32);
1044 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1045 if (!IS_USER_ONLY && s->sctlr_b && (op & MO_SIZE) < MO_32) {
1046 tcg_gen_xori_tl(addr, addr, 4 - (1 << (op & MO_SIZE)));
1051 static void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
1052 int index, MemOp opc)
1056 if (arm_dc_feature(s, ARM_FEATURE_M) &&
1057 !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
1061 addr = gen_aa32_addr(s, a32, opc);
1062 tcg_gen_qemu_ld_i32(val, addr, index, opc);
1063 tcg_temp_free(addr);
1066 static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
1067 int index, MemOp opc)
1071 if (arm_dc_feature(s, ARM_FEATURE_M) &&
1072 !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
1076 addr = gen_aa32_addr(s, a32, opc);
1077 tcg_gen_qemu_st_i32(val, addr, index, opc);
1078 tcg_temp_free(addr);
1081 #define DO_GEN_LD(SUFF, OPC) \
1082 static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val, \
1083 TCGv_i32 a32, int index) \
1085 gen_aa32_ld_i32(s, val, a32, index, OPC | s->be_data); \
1087 static inline void gen_aa32_ld##SUFF##_iss(DisasContext *s, \
1089 TCGv_i32 a32, int index, \
1092 gen_aa32_ld##SUFF(s, val, a32, index); \
1093 disas_set_da_iss(s, OPC, issinfo); \
1096 #define DO_GEN_ST(SUFF, OPC) \
1097 static inline void gen_aa32_st##SUFF(DisasContext *s, TCGv_i32 val, \
1098 TCGv_i32 a32, int index) \
1100 gen_aa32_st_i32(s, val, a32, index, OPC | s->be_data); \
1102 static inline void gen_aa32_st##SUFF##_iss(DisasContext *s, \
1104 TCGv_i32 a32, int index, \
1107 gen_aa32_st##SUFF(s, val, a32, index); \
1108 disas_set_da_iss(s, OPC, issinfo | ISSIsWrite); \
1111 static inline void gen_aa32_frob64(DisasContext *s, TCGv_i64 val)
1113 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1114 if (!IS_USER_ONLY && s->sctlr_b) {
1115 tcg_gen_rotri_i64(val, val, 32);
1119 static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
1120 int index, MemOp opc)
1122 TCGv addr = gen_aa32_addr(s, a32, opc);
1123 tcg_gen_qemu_ld_i64(val, addr, index, opc);
1124 gen_aa32_frob64(s, val);
1125 tcg_temp_free(addr);
1128 static inline void gen_aa32_ld64(DisasContext *s, TCGv_i64 val,
1129 TCGv_i32 a32, int index)
1131 gen_aa32_ld_i64(s, val, a32, index, MO_Q | s->be_data);
1134 static void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
1135 int index, MemOp opc)
1137 TCGv addr = gen_aa32_addr(s, a32, opc);
1139 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1140 if (!IS_USER_ONLY && s->sctlr_b) {
1141 TCGv_i64 tmp = tcg_temp_new_i64();
1142 tcg_gen_rotri_i64(tmp, val, 32);
1143 tcg_gen_qemu_st_i64(tmp, addr, index, opc);
1144 tcg_temp_free_i64(tmp);
1146 tcg_gen_qemu_st_i64(val, addr, index, opc);
1148 tcg_temp_free(addr);
1151 static inline void gen_aa32_st64(DisasContext *s, TCGv_i64 val,
1152 TCGv_i32 a32, int index)
1154 gen_aa32_st_i64(s, val, a32, index, MO_Q | s->be_data);
1157 DO_GEN_LD(8s, MO_SB)
1158 DO_GEN_LD(8u, MO_UB)
1159 DO_GEN_LD(16s, MO_SW)
1160 DO_GEN_LD(16u, MO_UW)
1161 DO_GEN_LD(32u, MO_UL)
1163 DO_GEN_ST(16, MO_UW)
1164 DO_GEN_ST(32, MO_UL)
1166 static inline void gen_hvc(DisasContext *s, int imm16)
1168 /* The pre HVC helper handles cases when HVC gets trapped
1169 * as an undefined insn by runtime configuration (ie before
1170 * the insn really executes).
1172 gen_set_pc_im(s, s->pc_curr);
1173 gen_helper_pre_hvc(cpu_env);
1174 /* Otherwise we will treat this as a real exception which
1175 * happens after execution of the insn. (The distinction matters
1176 * for the PC value reported to the exception handler and also
1177 * for single stepping.)
1180 gen_set_pc_im(s, s->base.pc_next);
1181 s->base.is_jmp = DISAS_HVC;
1184 static inline void gen_smc(DisasContext *s)
1186 /* As with HVC, we may take an exception either before or after
1187 * the insn executes.
1191 gen_set_pc_im(s, s->pc_curr);
1192 tmp = tcg_const_i32(syn_aa32_smc());
1193 gen_helper_pre_smc(cpu_env, tmp);
1194 tcg_temp_free_i32(tmp);
1195 gen_set_pc_im(s, s->base.pc_next);
1196 s->base.is_jmp = DISAS_SMC;
1199 static void gen_exception_internal_insn(DisasContext *s, uint32_t pc, int excp)
1201 gen_set_condexec(s);
1202 gen_set_pc_im(s, pc);
1203 gen_exception_internal(excp);
1204 s->base.is_jmp = DISAS_NORETURN;
1207 static void gen_exception_insn(DisasContext *s, uint32_t pc, int excp,
1208 int syn, uint32_t target_el)
1210 gen_set_condexec(s);
1211 gen_set_pc_im(s, pc);
1212 gen_exception(excp, syn, target_el);
1213 s->base.is_jmp = DISAS_NORETURN;
1216 static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
1220 gen_set_condexec(s);
1221 gen_set_pc_im(s, s->pc_curr);
1222 tcg_syn = tcg_const_i32(syn);
1223 gen_helper_exception_bkpt_insn(cpu_env, tcg_syn);
1224 tcg_temp_free_i32(tcg_syn);
1225 s->base.is_jmp = DISAS_NORETURN;
1228 static void unallocated_encoding(DisasContext *s)
1230 /* Unallocated and reserved encodings are uncategorized */
1231 gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
1232 default_exception_el(s));
1235 /* Force a TB lookup after an instruction that changes the CPU state. */
1236 static inline void gen_lookup_tb(DisasContext *s)
1238 tcg_gen_movi_i32(cpu_R[15], s->base.pc_next);
1239 s->base.is_jmp = DISAS_EXIT;
1242 static inline void gen_hlt(DisasContext *s, int imm)
1244 /* HLT. This has two purposes.
1245 * Architecturally, it is an external halting debug instruction.
1246 * Since QEMU doesn't implement external debug, we treat this as
1247 * it is required for halting debug disabled: it will UNDEF.
1248 * Secondly, "HLT 0x3C" is a T32 semihosting trap instruction,
1249 * and "HLT 0xF000" is an A32 semihosting syscall. These traps
1250 * must trigger semihosting even for ARMv7 and earlier, where
1251 * HLT was an undefined encoding.
1252 * In system mode, we don't allow userspace access to
1253 * semihosting, to provide some semblance of security
1254 * (and for consistency with our 32-bit semihosting).
1256 if (semihosting_enabled() &&
1257 #ifndef CONFIG_USER_ONLY
1258 s->current_el != 0 &&
1260 (imm == (s->thumb ? 0x3c : 0xf000))) {
1261 gen_exception_internal_insn(s, s->base.pc_next, EXCP_SEMIHOST);
1265 unallocated_encoding(s);
1268 static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
1271 int val, rm, shift, shiftop;
1274 if (!(insn & (1 << 25))) {
1277 if (!(insn & (1 << 23)))
1280 tcg_gen_addi_i32(var, var, val);
1282 /* shift/register */
1284 shift = (insn >> 7) & 0x1f;
1285 shiftop = (insn >> 5) & 3;
1286 offset = load_reg(s, rm);
1287 gen_arm_shift_im(offset, shiftop, shift, 0);
1288 if (!(insn & (1 << 23)))
1289 tcg_gen_sub_i32(var, var, offset);
1291 tcg_gen_add_i32(var, var, offset);
1292 tcg_temp_free_i32(offset);
1296 static inline void gen_add_datah_offset(DisasContext *s, unsigned int insn,
1297 int extra, TCGv_i32 var)
1302 if (insn & (1 << 22)) {
1304 val = (insn & 0xf) | ((insn >> 4) & 0xf0);
1305 if (!(insn & (1 << 23)))
1309 tcg_gen_addi_i32(var, var, val);
1313 tcg_gen_addi_i32(var, var, extra);
1315 offset = load_reg(s, rm);
1316 if (!(insn & (1 << 23)))
1317 tcg_gen_sub_i32(var, var, offset);
1319 tcg_gen_add_i32(var, var, offset);
1320 tcg_temp_free_i32(offset);
1324 static TCGv_ptr get_fpstatus_ptr(int neon)
1326 TCGv_ptr statusptr = tcg_temp_new_ptr();
1329 offset = offsetof(CPUARMState, vfp.standard_fp_status);
1331 offset = offsetof(CPUARMState, vfp.fp_status);
1333 tcg_gen_addi_ptr(statusptr, cpu_env, offset);
1337 static inline long vfp_reg_offset(bool dp, unsigned reg)
1340 return offsetof(CPUARMState, vfp.zregs[reg >> 1].d[reg & 1]);
1342 long ofs = offsetof(CPUARMState, vfp.zregs[reg >> 2].d[(reg >> 1) & 1]);
1344 ofs += offsetof(CPU_DoubleU, l.upper);
1346 ofs += offsetof(CPU_DoubleU, l.lower);
1352 /* Return the offset of a 32-bit piece of a NEON register.
1353 zero is the least significant end of the register. */
1355 neon_reg_offset (int reg, int n)
1359 return vfp_reg_offset(0, sreg);
1362 /* Return the offset of a 2**SIZE piece of a NEON register, at index ELE,
1363 * where 0 is the least significant end of the register.
1366 neon_element_offset(int reg, int element, MemOp size)
1368 int element_size = 1 << size;
1369 int ofs = element * element_size;
1370 #ifdef HOST_WORDS_BIGENDIAN
1371 /* Calculate the offset assuming fully little-endian,
1372 * then XOR to account for the order of the 8-byte units.
1374 if (element_size < 8) {
1375 ofs ^= 8 - element_size;
1378 return neon_reg_offset(reg, 0) + ofs;
1381 static TCGv_i32 neon_load_reg(int reg, int pass)
1383 TCGv_i32 tmp = tcg_temp_new_i32();
1384 tcg_gen_ld_i32(tmp, cpu_env, neon_reg_offset(reg, pass));
1388 static void neon_load_element(TCGv_i32 var, int reg, int ele, MemOp mop)
1390 long offset = neon_element_offset(reg, ele, mop & MO_SIZE);
1394 tcg_gen_ld8u_i32(var, cpu_env, offset);
1397 tcg_gen_ld16u_i32(var, cpu_env, offset);
1400 tcg_gen_ld_i32(var, cpu_env, offset);
1403 g_assert_not_reached();
1407 static void neon_load_element64(TCGv_i64 var, int reg, int ele, MemOp mop)
1409 long offset = neon_element_offset(reg, ele, mop & MO_SIZE);
1413 tcg_gen_ld8u_i64(var, cpu_env, offset);
1416 tcg_gen_ld16u_i64(var, cpu_env, offset);
1419 tcg_gen_ld32u_i64(var, cpu_env, offset);
1422 tcg_gen_ld_i64(var, cpu_env, offset);
1425 g_assert_not_reached();
1429 static void neon_store_reg(int reg, int pass, TCGv_i32 var)
1431 tcg_gen_st_i32(var, cpu_env, neon_reg_offset(reg, pass));
1432 tcg_temp_free_i32(var);
1435 static void neon_store_element(int reg, int ele, MemOp size, TCGv_i32 var)
1437 long offset = neon_element_offset(reg, ele, size);
1441 tcg_gen_st8_i32(var, cpu_env, offset);
1444 tcg_gen_st16_i32(var, cpu_env, offset);
1447 tcg_gen_st_i32(var, cpu_env, offset);
1450 g_assert_not_reached();
1454 static void neon_store_element64(int reg, int ele, MemOp size, TCGv_i64 var)
1456 long offset = neon_element_offset(reg, ele, size);
1460 tcg_gen_st8_i64(var, cpu_env, offset);
1463 tcg_gen_st16_i64(var, cpu_env, offset);
1466 tcg_gen_st32_i64(var, cpu_env, offset);
1469 tcg_gen_st_i64(var, cpu_env, offset);
1472 g_assert_not_reached();
1476 static inline void neon_load_reg64(TCGv_i64 var, int reg)
1478 tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(1, reg));
1481 static inline void neon_store_reg64(TCGv_i64 var, int reg)
1483 tcg_gen_st_i64(var, cpu_env, vfp_reg_offset(1, reg));
1486 static inline void neon_load_reg32(TCGv_i32 var, int reg)
1488 tcg_gen_ld_i32(var, cpu_env, vfp_reg_offset(false, reg));
1491 static inline void neon_store_reg32(TCGv_i32 var, int reg)
1493 tcg_gen_st_i32(var, cpu_env, vfp_reg_offset(false, reg));
1496 static TCGv_ptr vfp_reg_ptr(bool dp, int reg)
1498 TCGv_ptr ret = tcg_temp_new_ptr();
1499 tcg_gen_addi_ptr(ret, cpu_env, vfp_reg_offset(dp, reg));
1503 #define ARM_CP_RW_BIT (1 << 20)
1505 /* Include the VFP decoder */
1506 #include "translate-vfp.inc.c"
1508 static inline void iwmmxt_load_reg(TCGv_i64 var, int reg)
1510 tcg_gen_ld_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1513 static inline void iwmmxt_store_reg(TCGv_i64 var, int reg)
1515 tcg_gen_st_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1518 static inline TCGv_i32 iwmmxt_load_creg(int reg)
1520 TCGv_i32 var = tcg_temp_new_i32();
1521 tcg_gen_ld_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1525 static inline void iwmmxt_store_creg(int reg, TCGv_i32 var)
1527 tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1528 tcg_temp_free_i32(var);
1531 static inline void gen_op_iwmmxt_movq_wRn_M0(int rn)
1533 iwmmxt_store_reg(cpu_M0, rn);
1536 static inline void gen_op_iwmmxt_movq_M0_wRn(int rn)
1538 iwmmxt_load_reg(cpu_M0, rn);
1541 static inline void gen_op_iwmmxt_orq_M0_wRn(int rn)
1543 iwmmxt_load_reg(cpu_V1, rn);
1544 tcg_gen_or_i64(cpu_M0, cpu_M0, cpu_V1);
1547 static inline void gen_op_iwmmxt_andq_M0_wRn(int rn)
1549 iwmmxt_load_reg(cpu_V1, rn);
1550 tcg_gen_and_i64(cpu_M0, cpu_M0, cpu_V1);
1553 static inline void gen_op_iwmmxt_xorq_M0_wRn(int rn)
1555 iwmmxt_load_reg(cpu_V1, rn);
1556 tcg_gen_xor_i64(cpu_M0, cpu_M0, cpu_V1);
1559 #define IWMMXT_OP(name) \
1560 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1562 iwmmxt_load_reg(cpu_V1, rn); \
1563 gen_helper_iwmmxt_##name(cpu_M0, cpu_M0, cpu_V1); \
1566 #define IWMMXT_OP_ENV(name) \
1567 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1569 iwmmxt_load_reg(cpu_V1, rn); \
1570 gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0, cpu_V1); \
1573 #define IWMMXT_OP_ENV_SIZE(name) \
1574 IWMMXT_OP_ENV(name##b) \
1575 IWMMXT_OP_ENV(name##w) \
1576 IWMMXT_OP_ENV(name##l)
1578 #define IWMMXT_OP_ENV1(name) \
1579 static inline void gen_op_iwmmxt_##name##_M0(void) \
1581 gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0); \
1595 IWMMXT_OP_ENV_SIZE(unpackl)
1596 IWMMXT_OP_ENV_SIZE(unpackh)
1598 IWMMXT_OP_ENV1(unpacklub)
1599 IWMMXT_OP_ENV1(unpackluw)
1600 IWMMXT_OP_ENV1(unpacklul)
1601 IWMMXT_OP_ENV1(unpackhub)
1602 IWMMXT_OP_ENV1(unpackhuw)
1603 IWMMXT_OP_ENV1(unpackhul)
1604 IWMMXT_OP_ENV1(unpacklsb)
1605 IWMMXT_OP_ENV1(unpacklsw)
1606 IWMMXT_OP_ENV1(unpacklsl)
1607 IWMMXT_OP_ENV1(unpackhsb)
1608 IWMMXT_OP_ENV1(unpackhsw)
1609 IWMMXT_OP_ENV1(unpackhsl)
1611 IWMMXT_OP_ENV_SIZE(cmpeq)
1612 IWMMXT_OP_ENV_SIZE(cmpgtu)
1613 IWMMXT_OP_ENV_SIZE(cmpgts)
1615 IWMMXT_OP_ENV_SIZE(mins)
1616 IWMMXT_OP_ENV_SIZE(minu)
1617 IWMMXT_OP_ENV_SIZE(maxs)
1618 IWMMXT_OP_ENV_SIZE(maxu)
1620 IWMMXT_OP_ENV_SIZE(subn)
1621 IWMMXT_OP_ENV_SIZE(addn)
1622 IWMMXT_OP_ENV_SIZE(subu)
1623 IWMMXT_OP_ENV_SIZE(addu)
1624 IWMMXT_OP_ENV_SIZE(subs)
1625 IWMMXT_OP_ENV_SIZE(adds)
1627 IWMMXT_OP_ENV(avgb0)
1628 IWMMXT_OP_ENV(avgb1)
1629 IWMMXT_OP_ENV(avgw0)
1630 IWMMXT_OP_ENV(avgw1)
1632 IWMMXT_OP_ENV(packuw)
1633 IWMMXT_OP_ENV(packul)
1634 IWMMXT_OP_ENV(packuq)
1635 IWMMXT_OP_ENV(packsw)
1636 IWMMXT_OP_ENV(packsl)
1637 IWMMXT_OP_ENV(packsq)
1639 static void gen_op_iwmmxt_set_mup(void)
1642 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1643 tcg_gen_ori_i32(tmp, tmp, 2);
1644 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1647 static void gen_op_iwmmxt_set_cup(void)
1650 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1651 tcg_gen_ori_i32(tmp, tmp, 1);
1652 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1655 static void gen_op_iwmmxt_setpsr_nz(void)
1657 TCGv_i32 tmp = tcg_temp_new_i32();
1658 gen_helper_iwmmxt_setpsr_nz(tmp, cpu_M0);
1659 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCASF]);
1662 static inline void gen_op_iwmmxt_addl_M0_wRn(int rn)
1664 iwmmxt_load_reg(cpu_V1, rn);
1665 tcg_gen_ext32u_i64(cpu_V1, cpu_V1);
1666 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
1669 static inline int gen_iwmmxt_address(DisasContext *s, uint32_t insn,
1676 rd = (insn >> 16) & 0xf;
1677 tmp = load_reg(s, rd);
1679 offset = (insn & 0xff) << ((insn >> 7) & 2);
1680 if (insn & (1 << 24)) {
1682 if (insn & (1 << 23))
1683 tcg_gen_addi_i32(tmp, tmp, offset);
1685 tcg_gen_addi_i32(tmp, tmp, -offset);
1686 tcg_gen_mov_i32(dest, tmp);
1687 if (insn & (1 << 21))
1688 store_reg(s, rd, tmp);
1690 tcg_temp_free_i32(tmp);
1691 } else if (insn & (1 << 21)) {
1693 tcg_gen_mov_i32(dest, tmp);
1694 if (insn & (1 << 23))
1695 tcg_gen_addi_i32(tmp, tmp, offset);
1697 tcg_gen_addi_i32(tmp, tmp, -offset);
1698 store_reg(s, rd, tmp);
1699 } else if (!(insn & (1 << 23)))
1704 static inline int gen_iwmmxt_shift(uint32_t insn, uint32_t mask, TCGv_i32 dest)
1706 int rd = (insn >> 0) & 0xf;
1709 if (insn & (1 << 8)) {
1710 if (rd < ARM_IWMMXT_wCGR0 || rd > ARM_IWMMXT_wCGR3) {
1713 tmp = iwmmxt_load_creg(rd);
1716 tmp = tcg_temp_new_i32();
1717 iwmmxt_load_reg(cpu_V0, rd);
1718 tcg_gen_extrl_i64_i32(tmp, cpu_V0);
1720 tcg_gen_andi_i32(tmp, tmp, mask);
1721 tcg_gen_mov_i32(dest, tmp);
1722 tcg_temp_free_i32(tmp);
1726 /* Disassemble an iwMMXt instruction. Returns nonzero if an error occurred
1727 (ie. an undefined instruction). */
1728 static int disas_iwmmxt_insn(DisasContext *s, uint32_t insn)
1731 int rdhi, rdlo, rd0, rd1, i;
1733 TCGv_i32 tmp, tmp2, tmp3;
1735 if ((insn & 0x0e000e00) == 0x0c000000) {
1736 if ((insn & 0x0fe00ff0) == 0x0c400000) {
1738 rdlo = (insn >> 12) & 0xf;
1739 rdhi = (insn >> 16) & 0xf;
1740 if (insn & ARM_CP_RW_BIT) { /* TMRRC */
1741 iwmmxt_load_reg(cpu_V0, wrd);
1742 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
1743 tcg_gen_extrh_i64_i32(cpu_R[rdhi], cpu_V0);
1744 } else { /* TMCRR */
1745 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
1746 iwmmxt_store_reg(cpu_V0, wrd);
1747 gen_op_iwmmxt_set_mup();
1752 wrd = (insn >> 12) & 0xf;
1753 addr = tcg_temp_new_i32();
1754 if (gen_iwmmxt_address(s, insn, addr)) {
1755 tcg_temp_free_i32(addr);
1758 if (insn & ARM_CP_RW_BIT) {
1759 if ((insn >> 28) == 0xf) { /* WLDRW wCx */
1760 tmp = tcg_temp_new_i32();
1761 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1762 iwmmxt_store_creg(wrd, tmp);
1765 if (insn & (1 << 8)) {
1766 if (insn & (1 << 22)) { /* WLDRD */
1767 gen_aa32_ld64(s, cpu_M0, addr, get_mem_index(s));
1769 } else { /* WLDRW wRd */
1770 tmp = tcg_temp_new_i32();
1771 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1774 tmp = tcg_temp_new_i32();
1775 if (insn & (1 << 22)) { /* WLDRH */
1776 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
1777 } else { /* WLDRB */
1778 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
1782 tcg_gen_extu_i32_i64(cpu_M0, tmp);
1783 tcg_temp_free_i32(tmp);
1785 gen_op_iwmmxt_movq_wRn_M0(wrd);
1788 if ((insn >> 28) == 0xf) { /* WSTRW wCx */
1789 tmp = iwmmxt_load_creg(wrd);
1790 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1792 gen_op_iwmmxt_movq_M0_wRn(wrd);
1793 tmp = tcg_temp_new_i32();
1794 if (insn & (1 << 8)) {
1795 if (insn & (1 << 22)) { /* WSTRD */
1796 gen_aa32_st64(s, cpu_M0, addr, get_mem_index(s));
1797 } else { /* WSTRW wRd */
1798 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1799 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1802 if (insn & (1 << 22)) { /* WSTRH */
1803 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1804 gen_aa32_st16(s, tmp, addr, get_mem_index(s));
1805 } else { /* WSTRB */
1806 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1807 gen_aa32_st8(s, tmp, addr, get_mem_index(s));
1811 tcg_temp_free_i32(tmp);
1813 tcg_temp_free_i32(addr);
1817 if ((insn & 0x0f000000) != 0x0e000000)
1820 switch (((insn >> 12) & 0xf00) | ((insn >> 4) & 0xff)) {
1821 case 0x000: /* WOR */
1822 wrd = (insn >> 12) & 0xf;
1823 rd0 = (insn >> 0) & 0xf;
1824 rd1 = (insn >> 16) & 0xf;
1825 gen_op_iwmmxt_movq_M0_wRn(rd0);
1826 gen_op_iwmmxt_orq_M0_wRn(rd1);
1827 gen_op_iwmmxt_setpsr_nz();
1828 gen_op_iwmmxt_movq_wRn_M0(wrd);
1829 gen_op_iwmmxt_set_mup();
1830 gen_op_iwmmxt_set_cup();
1832 case 0x011: /* TMCR */
1835 rd = (insn >> 12) & 0xf;
1836 wrd = (insn >> 16) & 0xf;
1838 case ARM_IWMMXT_wCID:
1839 case ARM_IWMMXT_wCASF:
1841 case ARM_IWMMXT_wCon:
1842 gen_op_iwmmxt_set_cup();
1844 case ARM_IWMMXT_wCSSF:
1845 tmp = iwmmxt_load_creg(wrd);
1846 tmp2 = load_reg(s, rd);
1847 tcg_gen_andc_i32(tmp, tmp, tmp2);
1848 tcg_temp_free_i32(tmp2);
1849 iwmmxt_store_creg(wrd, tmp);
1851 case ARM_IWMMXT_wCGR0:
1852 case ARM_IWMMXT_wCGR1:
1853 case ARM_IWMMXT_wCGR2:
1854 case ARM_IWMMXT_wCGR3:
1855 gen_op_iwmmxt_set_cup();
1856 tmp = load_reg(s, rd);
1857 iwmmxt_store_creg(wrd, tmp);
1863 case 0x100: /* WXOR */
1864 wrd = (insn >> 12) & 0xf;
1865 rd0 = (insn >> 0) & 0xf;
1866 rd1 = (insn >> 16) & 0xf;
1867 gen_op_iwmmxt_movq_M0_wRn(rd0);
1868 gen_op_iwmmxt_xorq_M0_wRn(rd1);
1869 gen_op_iwmmxt_setpsr_nz();
1870 gen_op_iwmmxt_movq_wRn_M0(wrd);
1871 gen_op_iwmmxt_set_mup();
1872 gen_op_iwmmxt_set_cup();
1874 case 0x111: /* TMRC */
1877 rd = (insn >> 12) & 0xf;
1878 wrd = (insn >> 16) & 0xf;
1879 tmp = iwmmxt_load_creg(wrd);
1880 store_reg(s, rd, tmp);
1882 case 0x300: /* WANDN */
1883 wrd = (insn >> 12) & 0xf;
1884 rd0 = (insn >> 0) & 0xf;
1885 rd1 = (insn >> 16) & 0xf;
1886 gen_op_iwmmxt_movq_M0_wRn(rd0);
1887 tcg_gen_neg_i64(cpu_M0, cpu_M0);
1888 gen_op_iwmmxt_andq_M0_wRn(rd1);
1889 gen_op_iwmmxt_setpsr_nz();
1890 gen_op_iwmmxt_movq_wRn_M0(wrd);
1891 gen_op_iwmmxt_set_mup();
1892 gen_op_iwmmxt_set_cup();
1894 case 0x200: /* WAND */
1895 wrd = (insn >> 12) & 0xf;
1896 rd0 = (insn >> 0) & 0xf;
1897 rd1 = (insn >> 16) & 0xf;
1898 gen_op_iwmmxt_movq_M0_wRn(rd0);
1899 gen_op_iwmmxt_andq_M0_wRn(rd1);
1900 gen_op_iwmmxt_setpsr_nz();
1901 gen_op_iwmmxt_movq_wRn_M0(wrd);
1902 gen_op_iwmmxt_set_mup();
1903 gen_op_iwmmxt_set_cup();
1905 case 0x810: case 0xa10: /* WMADD */
1906 wrd = (insn >> 12) & 0xf;
1907 rd0 = (insn >> 0) & 0xf;
1908 rd1 = (insn >> 16) & 0xf;
1909 gen_op_iwmmxt_movq_M0_wRn(rd0);
1910 if (insn & (1 << 21))
1911 gen_op_iwmmxt_maddsq_M0_wRn(rd1);
1913 gen_op_iwmmxt_madduq_M0_wRn(rd1);
1914 gen_op_iwmmxt_movq_wRn_M0(wrd);
1915 gen_op_iwmmxt_set_mup();
1917 case 0x10e: case 0x50e: case 0x90e: case 0xd0e: /* WUNPCKIL */
1918 wrd = (insn >> 12) & 0xf;
1919 rd0 = (insn >> 16) & 0xf;
1920 rd1 = (insn >> 0) & 0xf;
1921 gen_op_iwmmxt_movq_M0_wRn(rd0);
1922 switch ((insn >> 22) & 3) {
1924 gen_op_iwmmxt_unpacklb_M0_wRn(rd1);
1927 gen_op_iwmmxt_unpacklw_M0_wRn(rd1);
1930 gen_op_iwmmxt_unpackll_M0_wRn(rd1);
1935 gen_op_iwmmxt_movq_wRn_M0(wrd);
1936 gen_op_iwmmxt_set_mup();
1937 gen_op_iwmmxt_set_cup();
1939 case 0x10c: case 0x50c: case 0x90c: case 0xd0c: /* WUNPCKIH */
1940 wrd = (insn >> 12) & 0xf;
1941 rd0 = (insn >> 16) & 0xf;
1942 rd1 = (insn >> 0) & 0xf;
1943 gen_op_iwmmxt_movq_M0_wRn(rd0);
1944 switch ((insn >> 22) & 3) {
1946 gen_op_iwmmxt_unpackhb_M0_wRn(rd1);
1949 gen_op_iwmmxt_unpackhw_M0_wRn(rd1);
1952 gen_op_iwmmxt_unpackhl_M0_wRn(rd1);
1957 gen_op_iwmmxt_movq_wRn_M0(wrd);
1958 gen_op_iwmmxt_set_mup();
1959 gen_op_iwmmxt_set_cup();
1961 case 0x012: case 0x112: case 0x412: case 0x512: /* WSAD */
1962 wrd = (insn >> 12) & 0xf;
1963 rd0 = (insn >> 16) & 0xf;
1964 rd1 = (insn >> 0) & 0xf;
1965 gen_op_iwmmxt_movq_M0_wRn(rd0);
1966 if (insn & (1 << 22))
1967 gen_op_iwmmxt_sadw_M0_wRn(rd1);
1969 gen_op_iwmmxt_sadb_M0_wRn(rd1);
1970 if (!(insn & (1 << 20)))
1971 gen_op_iwmmxt_addl_M0_wRn(wrd);
1972 gen_op_iwmmxt_movq_wRn_M0(wrd);
1973 gen_op_iwmmxt_set_mup();
1975 case 0x010: case 0x110: case 0x210: case 0x310: /* WMUL */
1976 wrd = (insn >> 12) & 0xf;
1977 rd0 = (insn >> 16) & 0xf;
1978 rd1 = (insn >> 0) & 0xf;
1979 gen_op_iwmmxt_movq_M0_wRn(rd0);
1980 if (insn & (1 << 21)) {
1981 if (insn & (1 << 20))
1982 gen_op_iwmmxt_mulshw_M0_wRn(rd1);
1984 gen_op_iwmmxt_mulslw_M0_wRn(rd1);
1986 if (insn & (1 << 20))
1987 gen_op_iwmmxt_muluhw_M0_wRn(rd1);
1989 gen_op_iwmmxt_mululw_M0_wRn(rd1);
1991 gen_op_iwmmxt_movq_wRn_M0(wrd);
1992 gen_op_iwmmxt_set_mup();
1994 case 0x410: case 0x510: case 0x610: case 0x710: /* WMAC */
1995 wrd = (insn >> 12) & 0xf;
1996 rd0 = (insn >> 16) & 0xf;
1997 rd1 = (insn >> 0) & 0xf;
1998 gen_op_iwmmxt_movq_M0_wRn(rd0);
1999 if (insn & (1 << 21))
2000 gen_op_iwmmxt_macsw_M0_wRn(rd1);
2002 gen_op_iwmmxt_macuw_M0_wRn(rd1);
2003 if (!(insn & (1 << 20))) {
2004 iwmmxt_load_reg(cpu_V1, wrd);
2005 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
2007 gen_op_iwmmxt_movq_wRn_M0(wrd);
2008 gen_op_iwmmxt_set_mup();
2010 case 0x006: case 0x406: case 0x806: case 0xc06: /* WCMPEQ */
2011 wrd = (insn >> 12) & 0xf;
2012 rd0 = (insn >> 16) & 0xf;
2013 rd1 = (insn >> 0) & 0xf;
2014 gen_op_iwmmxt_movq_M0_wRn(rd0);
2015 switch ((insn >> 22) & 3) {
2017 gen_op_iwmmxt_cmpeqb_M0_wRn(rd1);
2020 gen_op_iwmmxt_cmpeqw_M0_wRn(rd1);
2023 gen_op_iwmmxt_cmpeql_M0_wRn(rd1);
2028 gen_op_iwmmxt_movq_wRn_M0(wrd);
2029 gen_op_iwmmxt_set_mup();
2030 gen_op_iwmmxt_set_cup();
2032 case 0x800: case 0x900: case 0xc00: case 0xd00: /* WAVG2 */
2033 wrd = (insn >> 12) & 0xf;
2034 rd0 = (insn >> 16) & 0xf;
2035 rd1 = (insn >> 0) & 0xf;
2036 gen_op_iwmmxt_movq_M0_wRn(rd0);
2037 if (insn & (1 << 22)) {
2038 if (insn & (1 << 20))
2039 gen_op_iwmmxt_avgw1_M0_wRn(rd1);
2041 gen_op_iwmmxt_avgw0_M0_wRn(rd1);
2043 if (insn & (1 << 20))
2044 gen_op_iwmmxt_avgb1_M0_wRn(rd1);
2046 gen_op_iwmmxt_avgb0_M0_wRn(rd1);
2048 gen_op_iwmmxt_movq_wRn_M0(wrd);
2049 gen_op_iwmmxt_set_mup();
2050 gen_op_iwmmxt_set_cup();
2052 case 0x802: case 0x902: case 0xa02: case 0xb02: /* WALIGNR */
2053 wrd = (insn >> 12) & 0xf;
2054 rd0 = (insn >> 16) & 0xf;
2055 rd1 = (insn >> 0) & 0xf;
2056 gen_op_iwmmxt_movq_M0_wRn(rd0);
2057 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCGR0 + ((insn >> 20) & 3));
2058 tcg_gen_andi_i32(tmp, tmp, 7);
2059 iwmmxt_load_reg(cpu_V1, rd1);
2060 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2061 tcg_temp_free_i32(tmp);
2062 gen_op_iwmmxt_movq_wRn_M0(wrd);
2063 gen_op_iwmmxt_set_mup();
2065 case 0x601: case 0x605: case 0x609: case 0x60d: /* TINSR */
2066 if (((insn >> 6) & 3) == 3)
2068 rd = (insn >> 12) & 0xf;
2069 wrd = (insn >> 16) & 0xf;
2070 tmp = load_reg(s, rd);
2071 gen_op_iwmmxt_movq_M0_wRn(wrd);
2072 switch ((insn >> 6) & 3) {
2074 tmp2 = tcg_const_i32(0xff);
2075 tmp3 = tcg_const_i32((insn & 7) << 3);
2078 tmp2 = tcg_const_i32(0xffff);
2079 tmp3 = tcg_const_i32((insn & 3) << 4);
2082 tmp2 = tcg_const_i32(0xffffffff);
2083 tmp3 = tcg_const_i32((insn & 1) << 5);
2089 gen_helper_iwmmxt_insr(cpu_M0, cpu_M0, tmp, tmp2, tmp3);
2090 tcg_temp_free_i32(tmp3);
2091 tcg_temp_free_i32(tmp2);
2092 tcg_temp_free_i32(tmp);
2093 gen_op_iwmmxt_movq_wRn_M0(wrd);
2094 gen_op_iwmmxt_set_mup();
2096 case 0x107: case 0x507: case 0x907: case 0xd07: /* TEXTRM */
2097 rd = (insn >> 12) & 0xf;
2098 wrd = (insn >> 16) & 0xf;
2099 if (rd == 15 || ((insn >> 22) & 3) == 3)
2101 gen_op_iwmmxt_movq_M0_wRn(wrd);
2102 tmp = tcg_temp_new_i32();
2103 switch ((insn >> 22) & 3) {
2105 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 7) << 3);
2106 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2108 tcg_gen_ext8s_i32(tmp, tmp);
2110 tcg_gen_andi_i32(tmp, tmp, 0xff);
2114 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 3) << 4);
2115 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2117 tcg_gen_ext16s_i32(tmp, tmp);
2119 tcg_gen_andi_i32(tmp, tmp, 0xffff);
2123 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 1) << 5);
2124 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2127 store_reg(s, rd, tmp);
2129 case 0x117: case 0x517: case 0x917: case 0xd17: /* TEXTRC */
2130 if ((insn & 0x000ff008) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2132 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2133 switch ((insn >> 22) & 3) {
2135 tcg_gen_shri_i32(tmp, tmp, ((insn & 7) << 2) + 0);
2138 tcg_gen_shri_i32(tmp, tmp, ((insn & 3) << 3) + 4);
2141 tcg_gen_shri_i32(tmp, tmp, ((insn & 1) << 4) + 12);
2144 tcg_gen_shli_i32(tmp, tmp, 28);
2146 tcg_temp_free_i32(tmp);
2148 case 0x401: case 0x405: case 0x409: case 0x40d: /* TBCST */
2149 if (((insn >> 6) & 3) == 3)
2151 rd = (insn >> 12) & 0xf;
2152 wrd = (insn >> 16) & 0xf;
2153 tmp = load_reg(s, rd);
2154 switch ((insn >> 6) & 3) {
2156 gen_helper_iwmmxt_bcstb(cpu_M0, tmp);
2159 gen_helper_iwmmxt_bcstw(cpu_M0, tmp);
2162 gen_helper_iwmmxt_bcstl(cpu_M0, tmp);
2165 tcg_temp_free_i32(tmp);
2166 gen_op_iwmmxt_movq_wRn_M0(wrd);
2167 gen_op_iwmmxt_set_mup();
2169 case 0x113: case 0x513: case 0x913: case 0xd13: /* TANDC */
2170 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2172 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2173 tmp2 = tcg_temp_new_i32();
2174 tcg_gen_mov_i32(tmp2, tmp);
2175 switch ((insn >> 22) & 3) {
2177 for (i = 0; i < 7; i ++) {
2178 tcg_gen_shli_i32(tmp2, tmp2, 4);
2179 tcg_gen_and_i32(tmp, tmp, tmp2);
2183 for (i = 0; i < 3; i ++) {
2184 tcg_gen_shli_i32(tmp2, tmp2, 8);
2185 tcg_gen_and_i32(tmp, tmp, tmp2);
2189 tcg_gen_shli_i32(tmp2, tmp2, 16);
2190 tcg_gen_and_i32(tmp, tmp, tmp2);
2194 tcg_temp_free_i32(tmp2);
2195 tcg_temp_free_i32(tmp);
2197 case 0x01c: case 0x41c: case 0x81c: case 0xc1c: /* WACC */
2198 wrd = (insn >> 12) & 0xf;
2199 rd0 = (insn >> 16) & 0xf;
2200 gen_op_iwmmxt_movq_M0_wRn(rd0);
2201 switch ((insn >> 22) & 3) {
2203 gen_helper_iwmmxt_addcb(cpu_M0, cpu_M0);
2206 gen_helper_iwmmxt_addcw(cpu_M0, cpu_M0);
2209 gen_helper_iwmmxt_addcl(cpu_M0, cpu_M0);
2214 gen_op_iwmmxt_movq_wRn_M0(wrd);
2215 gen_op_iwmmxt_set_mup();
2217 case 0x115: case 0x515: case 0x915: case 0xd15: /* TORC */
2218 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2220 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2221 tmp2 = tcg_temp_new_i32();
2222 tcg_gen_mov_i32(tmp2, tmp);
2223 switch ((insn >> 22) & 3) {
2225 for (i = 0; i < 7; i ++) {
2226 tcg_gen_shli_i32(tmp2, tmp2, 4);
2227 tcg_gen_or_i32(tmp, tmp, tmp2);
2231 for (i = 0; i < 3; i ++) {
2232 tcg_gen_shli_i32(tmp2, tmp2, 8);
2233 tcg_gen_or_i32(tmp, tmp, tmp2);
2237 tcg_gen_shli_i32(tmp2, tmp2, 16);
2238 tcg_gen_or_i32(tmp, tmp, tmp2);
2242 tcg_temp_free_i32(tmp2);
2243 tcg_temp_free_i32(tmp);
2245 case 0x103: case 0x503: case 0x903: case 0xd03: /* TMOVMSK */
2246 rd = (insn >> 12) & 0xf;
2247 rd0 = (insn >> 16) & 0xf;
2248 if ((insn & 0xf) != 0 || ((insn >> 22) & 3) == 3)
2250 gen_op_iwmmxt_movq_M0_wRn(rd0);
2251 tmp = tcg_temp_new_i32();
2252 switch ((insn >> 22) & 3) {
2254 gen_helper_iwmmxt_msbb(tmp, cpu_M0);
2257 gen_helper_iwmmxt_msbw(tmp, cpu_M0);
2260 gen_helper_iwmmxt_msbl(tmp, cpu_M0);
2263 store_reg(s, rd, tmp);
2265 case 0x106: case 0x306: case 0x506: case 0x706: /* WCMPGT */
2266 case 0x906: case 0xb06: case 0xd06: case 0xf06:
2267 wrd = (insn >> 12) & 0xf;
2268 rd0 = (insn >> 16) & 0xf;
2269 rd1 = (insn >> 0) & 0xf;
2270 gen_op_iwmmxt_movq_M0_wRn(rd0);
2271 switch ((insn >> 22) & 3) {
2273 if (insn & (1 << 21))
2274 gen_op_iwmmxt_cmpgtsb_M0_wRn(rd1);
2276 gen_op_iwmmxt_cmpgtub_M0_wRn(rd1);
2279 if (insn & (1 << 21))
2280 gen_op_iwmmxt_cmpgtsw_M0_wRn(rd1);
2282 gen_op_iwmmxt_cmpgtuw_M0_wRn(rd1);
2285 if (insn & (1 << 21))
2286 gen_op_iwmmxt_cmpgtsl_M0_wRn(rd1);
2288 gen_op_iwmmxt_cmpgtul_M0_wRn(rd1);
2293 gen_op_iwmmxt_movq_wRn_M0(wrd);
2294 gen_op_iwmmxt_set_mup();
2295 gen_op_iwmmxt_set_cup();
2297 case 0x00e: case 0x20e: case 0x40e: case 0x60e: /* WUNPCKEL */
2298 case 0x80e: case 0xa0e: case 0xc0e: case 0xe0e:
2299 wrd = (insn >> 12) & 0xf;
2300 rd0 = (insn >> 16) & 0xf;
2301 gen_op_iwmmxt_movq_M0_wRn(rd0);
2302 switch ((insn >> 22) & 3) {
2304 if (insn & (1 << 21))
2305 gen_op_iwmmxt_unpacklsb_M0();
2307 gen_op_iwmmxt_unpacklub_M0();
2310 if (insn & (1 << 21))
2311 gen_op_iwmmxt_unpacklsw_M0();
2313 gen_op_iwmmxt_unpackluw_M0();
2316 if (insn & (1 << 21))
2317 gen_op_iwmmxt_unpacklsl_M0();
2319 gen_op_iwmmxt_unpacklul_M0();
2324 gen_op_iwmmxt_movq_wRn_M0(wrd);
2325 gen_op_iwmmxt_set_mup();
2326 gen_op_iwmmxt_set_cup();
2328 case 0x00c: case 0x20c: case 0x40c: case 0x60c: /* WUNPCKEH */
2329 case 0x80c: case 0xa0c: case 0xc0c: case 0xe0c:
2330 wrd = (insn >> 12) & 0xf;
2331 rd0 = (insn >> 16) & 0xf;
2332 gen_op_iwmmxt_movq_M0_wRn(rd0);
2333 switch ((insn >> 22) & 3) {
2335 if (insn & (1 << 21))
2336 gen_op_iwmmxt_unpackhsb_M0();
2338 gen_op_iwmmxt_unpackhub_M0();
2341 if (insn & (1 << 21))
2342 gen_op_iwmmxt_unpackhsw_M0();
2344 gen_op_iwmmxt_unpackhuw_M0();
2347 if (insn & (1 << 21))
2348 gen_op_iwmmxt_unpackhsl_M0();
2350 gen_op_iwmmxt_unpackhul_M0();
2355 gen_op_iwmmxt_movq_wRn_M0(wrd);
2356 gen_op_iwmmxt_set_mup();
2357 gen_op_iwmmxt_set_cup();
2359 case 0x204: case 0x604: case 0xa04: case 0xe04: /* WSRL */
2360 case 0x214: case 0x614: case 0xa14: case 0xe14:
2361 if (((insn >> 22) & 3) == 0)
2363 wrd = (insn >> 12) & 0xf;
2364 rd0 = (insn >> 16) & 0xf;
2365 gen_op_iwmmxt_movq_M0_wRn(rd0);
2366 tmp = tcg_temp_new_i32();
2367 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2368 tcg_temp_free_i32(tmp);
2371 switch ((insn >> 22) & 3) {
2373 gen_helper_iwmmxt_srlw(cpu_M0, cpu_env, cpu_M0, tmp);
2376 gen_helper_iwmmxt_srll(cpu_M0, cpu_env, cpu_M0, tmp);
2379 gen_helper_iwmmxt_srlq(cpu_M0, cpu_env, cpu_M0, tmp);
2382 tcg_temp_free_i32(tmp);
2383 gen_op_iwmmxt_movq_wRn_M0(wrd);
2384 gen_op_iwmmxt_set_mup();
2385 gen_op_iwmmxt_set_cup();
2387 case 0x004: case 0x404: case 0x804: case 0xc04: /* WSRA */
2388 case 0x014: case 0x414: case 0x814: case 0xc14:
2389 if (((insn >> 22) & 3) == 0)
2391 wrd = (insn >> 12) & 0xf;
2392 rd0 = (insn >> 16) & 0xf;
2393 gen_op_iwmmxt_movq_M0_wRn(rd0);
2394 tmp = tcg_temp_new_i32();
2395 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2396 tcg_temp_free_i32(tmp);
2399 switch ((insn >> 22) & 3) {
2401 gen_helper_iwmmxt_sraw(cpu_M0, cpu_env, cpu_M0, tmp);
2404 gen_helper_iwmmxt_sral(cpu_M0, cpu_env, cpu_M0, tmp);
2407 gen_helper_iwmmxt_sraq(cpu_M0, cpu_env, cpu_M0, tmp);
2410 tcg_temp_free_i32(tmp);
2411 gen_op_iwmmxt_movq_wRn_M0(wrd);
2412 gen_op_iwmmxt_set_mup();
2413 gen_op_iwmmxt_set_cup();
2415 case 0x104: case 0x504: case 0x904: case 0xd04: /* WSLL */
2416 case 0x114: case 0x514: case 0x914: case 0xd14:
2417 if (((insn >> 22) & 3) == 0)
2419 wrd = (insn >> 12) & 0xf;
2420 rd0 = (insn >> 16) & 0xf;
2421 gen_op_iwmmxt_movq_M0_wRn(rd0);
2422 tmp = tcg_temp_new_i32();
2423 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2424 tcg_temp_free_i32(tmp);
2427 switch ((insn >> 22) & 3) {
2429 gen_helper_iwmmxt_sllw(cpu_M0, cpu_env, cpu_M0, tmp);
2432 gen_helper_iwmmxt_slll(cpu_M0, cpu_env, cpu_M0, tmp);
2435 gen_helper_iwmmxt_sllq(cpu_M0, cpu_env, cpu_M0, tmp);
2438 tcg_temp_free_i32(tmp);
2439 gen_op_iwmmxt_movq_wRn_M0(wrd);
2440 gen_op_iwmmxt_set_mup();
2441 gen_op_iwmmxt_set_cup();
2443 case 0x304: case 0x704: case 0xb04: case 0xf04: /* WROR */
2444 case 0x314: case 0x714: case 0xb14: case 0xf14:
2445 if (((insn >> 22) & 3) == 0)
2447 wrd = (insn >> 12) & 0xf;
2448 rd0 = (insn >> 16) & 0xf;
2449 gen_op_iwmmxt_movq_M0_wRn(rd0);
2450 tmp = tcg_temp_new_i32();
2451 switch ((insn >> 22) & 3) {
2453 if (gen_iwmmxt_shift(insn, 0xf, tmp)) {
2454 tcg_temp_free_i32(tmp);
2457 gen_helper_iwmmxt_rorw(cpu_M0, cpu_env, cpu_M0, tmp);
2460 if (gen_iwmmxt_shift(insn, 0x1f, tmp)) {
2461 tcg_temp_free_i32(tmp);
2464 gen_helper_iwmmxt_rorl(cpu_M0, cpu_env, cpu_M0, tmp);
2467 if (gen_iwmmxt_shift(insn, 0x3f, tmp)) {
2468 tcg_temp_free_i32(tmp);
2471 gen_helper_iwmmxt_rorq(cpu_M0, cpu_env, cpu_M0, tmp);
2474 tcg_temp_free_i32(tmp);
2475 gen_op_iwmmxt_movq_wRn_M0(wrd);
2476 gen_op_iwmmxt_set_mup();
2477 gen_op_iwmmxt_set_cup();
2479 case 0x116: case 0x316: case 0x516: case 0x716: /* WMIN */
2480 case 0x916: case 0xb16: case 0xd16: case 0xf16:
2481 wrd = (insn >> 12) & 0xf;
2482 rd0 = (insn >> 16) & 0xf;
2483 rd1 = (insn >> 0) & 0xf;
2484 gen_op_iwmmxt_movq_M0_wRn(rd0);
2485 switch ((insn >> 22) & 3) {
2487 if (insn & (1 << 21))
2488 gen_op_iwmmxt_minsb_M0_wRn(rd1);
2490 gen_op_iwmmxt_minub_M0_wRn(rd1);
2493 if (insn & (1 << 21))
2494 gen_op_iwmmxt_minsw_M0_wRn(rd1);
2496 gen_op_iwmmxt_minuw_M0_wRn(rd1);
2499 if (insn & (1 << 21))
2500 gen_op_iwmmxt_minsl_M0_wRn(rd1);
2502 gen_op_iwmmxt_minul_M0_wRn(rd1);
2507 gen_op_iwmmxt_movq_wRn_M0(wrd);
2508 gen_op_iwmmxt_set_mup();
2510 case 0x016: case 0x216: case 0x416: case 0x616: /* WMAX */
2511 case 0x816: case 0xa16: case 0xc16: case 0xe16:
2512 wrd = (insn >> 12) & 0xf;
2513 rd0 = (insn >> 16) & 0xf;
2514 rd1 = (insn >> 0) & 0xf;
2515 gen_op_iwmmxt_movq_M0_wRn(rd0);
2516 switch ((insn >> 22) & 3) {
2518 if (insn & (1 << 21))
2519 gen_op_iwmmxt_maxsb_M0_wRn(rd1);
2521 gen_op_iwmmxt_maxub_M0_wRn(rd1);
2524 if (insn & (1 << 21))
2525 gen_op_iwmmxt_maxsw_M0_wRn(rd1);
2527 gen_op_iwmmxt_maxuw_M0_wRn(rd1);
2530 if (insn & (1 << 21))
2531 gen_op_iwmmxt_maxsl_M0_wRn(rd1);
2533 gen_op_iwmmxt_maxul_M0_wRn(rd1);
2538 gen_op_iwmmxt_movq_wRn_M0(wrd);
2539 gen_op_iwmmxt_set_mup();
2541 case 0x002: case 0x102: case 0x202: case 0x302: /* WALIGNI */
2542 case 0x402: case 0x502: case 0x602: case 0x702:
2543 wrd = (insn >> 12) & 0xf;
2544 rd0 = (insn >> 16) & 0xf;
2545 rd1 = (insn >> 0) & 0xf;
2546 gen_op_iwmmxt_movq_M0_wRn(rd0);
2547 tmp = tcg_const_i32((insn >> 20) & 3);
2548 iwmmxt_load_reg(cpu_V1, rd1);
2549 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2550 tcg_temp_free_i32(tmp);
2551 gen_op_iwmmxt_movq_wRn_M0(wrd);
2552 gen_op_iwmmxt_set_mup();
2554 case 0x01a: case 0x11a: case 0x21a: case 0x31a: /* WSUB */
2555 case 0x41a: case 0x51a: case 0x61a: case 0x71a:
2556 case 0x81a: case 0x91a: case 0xa1a: case 0xb1a:
2557 case 0xc1a: case 0xd1a: case 0xe1a: case 0xf1a:
2558 wrd = (insn >> 12) & 0xf;
2559 rd0 = (insn >> 16) & 0xf;
2560 rd1 = (insn >> 0) & 0xf;
2561 gen_op_iwmmxt_movq_M0_wRn(rd0);
2562 switch ((insn >> 20) & 0xf) {
2564 gen_op_iwmmxt_subnb_M0_wRn(rd1);
2567 gen_op_iwmmxt_subub_M0_wRn(rd1);
2570 gen_op_iwmmxt_subsb_M0_wRn(rd1);
2573 gen_op_iwmmxt_subnw_M0_wRn(rd1);
2576 gen_op_iwmmxt_subuw_M0_wRn(rd1);
2579 gen_op_iwmmxt_subsw_M0_wRn(rd1);
2582 gen_op_iwmmxt_subnl_M0_wRn(rd1);
2585 gen_op_iwmmxt_subul_M0_wRn(rd1);
2588 gen_op_iwmmxt_subsl_M0_wRn(rd1);
2593 gen_op_iwmmxt_movq_wRn_M0(wrd);
2594 gen_op_iwmmxt_set_mup();
2595 gen_op_iwmmxt_set_cup();
2597 case 0x01e: case 0x11e: case 0x21e: case 0x31e: /* WSHUFH */
2598 case 0x41e: case 0x51e: case 0x61e: case 0x71e:
2599 case 0x81e: case 0x91e: case 0xa1e: case 0xb1e:
2600 case 0xc1e: case 0xd1e: case 0xe1e: case 0xf1e:
2601 wrd = (insn >> 12) & 0xf;
2602 rd0 = (insn >> 16) & 0xf;
2603 gen_op_iwmmxt_movq_M0_wRn(rd0);
2604 tmp = tcg_const_i32(((insn >> 16) & 0xf0) | (insn & 0x0f));
2605 gen_helper_iwmmxt_shufh(cpu_M0, cpu_env, cpu_M0, tmp);
2606 tcg_temp_free_i32(tmp);
2607 gen_op_iwmmxt_movq_wRn_M0(wrd);
2608 gen_op_iwmmxt_set_mup();
2609 gen_op_iwmmxt_set_cup();
2611 case 0x018: case 0x118: case 0x218: case 0x318: /* WADD */
2612 case 0x418: case 0x518: case 0x618: case 0x718:
2613 case 0x818: case 0x918: case 0xa18: case 0xb18:
2614 case 0xc18: case 0xd18: case 0xe18: case 0xf18:
2615 wrd = (insn >> 12) & 0xf;
2616 rd0 = (insn >> 16) & 0xf;
2617 rd1 = (insn >> 0) & 0xf;
2618 gen_op_iwmmxt_movq_M0_wRn(rd0);
2619 switch ((insn >> 20) & 0xf) {
2621 gen_op_iwmmxt_addnb_M0_wRn(rd1);
2624 gen_op_iwmmxt_addub_M0_wRn(rd1);
2627 gen_op_iwmmxt_addsb_M0_wRn(rd1);
2630 gen_op_iwmmxt_addnw_M0_wRn(rd1);
2633 gen_op_iwmmxt_adduw_M0_wRn(rd1);
2636 gen_op_iwmmxt_addsw_M0_wRn(rd1);
2639 gen_op_iwmmxt_addnl_M0_wRn(rd1);
2642 gen_op_iwmmxt_addul_M0_wRn(rd1);
2645 gen_op_iwmmxt_addsl_M0_wRn(rd1);
2650 gen_op_iwmmxt_movq_wRn_M0(wrd);
2651 gen_op_iwmmxt_set_mup();
2652 gen_op_iwmmxt_set_cup();
2654 case 0x008: case 0x108: case 0x208: case 0x308: /* WPACK */
2655 case 0x408: case 0x508: case 0x608: case 0x708:
2656 case 0x808: case 0x908: case 0xa08: case 0xb08:
2657 case 0xc08: case 0xd08: case 0xe08: case 0xf08:
2658 if (!(insn & (1 << 20)) || ((insn >> 22) & 3) == 0)
2660 wrd = (insn >> 12) & 0xf;
2661 rd0 = (insn >> 16) & 0xf;
2662 rd1 = (insn >> 0) & 0xf;
2663 gen_op_iwmmxt_movq_M0_wRn(rd0);
2664 switch ((insn >> 22) & 3) {
2666 if (insn & (1 << 21))
2667 gen_op_iwmmxt_packsw_M0_wRn(rd1);
2669 gen_op_iwmmxt_packuw_M0_wRn(rd1);
2672 if (insn & (1 << 21))
2673 gen_op_iwmmxt_packsl_M0_wRn(rd1);
2675 gen_op_iwmmxt_packul_M0_wRn(rd1);
2678 if (insn & (1 << 21))
2679 gen_op_iwmmxt_packsq_M0_wRn(rd1);
2681 gen_op_iwmmxt_packuq_M0_wRn(rd1);
2684 gen_op_iwmmxt_movq_wRn_M0(wrd);
2685 gen_op_iwmmxt_set_mup();
2686 gen_op_iwmmxt_set_cup();
2688 case 0x201: case 0x203: case 0x205: case 0x207:
2689 case 0x209: case 0x20b: case 0x20d: case 0x20f:
2690 case 0x211: case 0x213: case 0x215: case 0x217:
2691 case 0x219: case 0x21b: case 0x21d: case 0x21f:
2692 wrd = (insn >> 5) & 0xf;
2693 rd0 = (insn >> 12) & 0xf;
2694 rd1 = (insn >> 0) & 0xf;
2695 if (rd0 == 0xf || rd1 == 0xf)
2697 gen_op_iwmmxt_movq_M0_wRn(wrd);
2698 tmp = load_reg(s, rd0);
2699 tmp2 = load_reg(s, rd1);
2700 switch ((insn >> 16) & 0xf) {
2701 case 0x0: /* TMIA */
2702 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2704 case 0x8: /* TMIAPH */
2705 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2707 case 0xc: case 0xd: case 0xe: case 0xf: /* TMIAxy */
2708 if (insn & (1 << 16))
2709 tcg_gen_shri_i32(tmp, tmp, 16);
2710 if (insn & (1 << 17))
2711 tcg_gen_shri_i32(tmp2, tmp2, 16);
2712 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2715 tcg_temp_free_i32(tmp2);
2716 tcg_temp_free_i32(tmp);
2719 tcg_temp_free_i32(tmp2);
2720 tcg_temp_free_i32(tmp);
2721 gen_op_iwmmxt_movq_wRn_M0(wrd);
2722 gen_op_iwmmxt_set_mup();
2731 /* Disassemble an XScale DSP instruction. Returns nonzero if an error occurred
2732 (ie. an undefined instruction). */
2733 static int disas_dsp_insn(DisasContext *s, uint32_t insn)
2735 int acc, rd0, rd1, rdhi, rdlo;
2738 if ((insn & 0x0ff00f10) == 0x0e200010) {
2739 /* Multiply with Internal Accumulate Format */
2740 rd0 = (insn >> 12) & 0xf;
2742 acc = (insn >> 5) & 7;
2747 tmp = load_reg(s, rd0);
2748 tmp2 = load_reg(s, rd1);
2749 switch ((insn >> 16) & 0xf) {
2751 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2753 case 0x8: /* MIAPH */
2754 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2756 case 0xc: /* MIABB */
2757 case 0xd: /* MIABT */
2758 case 0xe: /* MIATB */
2759 case 0xf: /* MIATT */
2760 if (insn & (1 << 16))
2761 tcg_gen_shri_i32(tmp, tmp, 16);
2762 if (insn & (1 << 17))
2763 tcg_gen_shri_i32(tmp2, tmp2, 16);
2764 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2769 tcg_temp_free_i32(tmp2);
2770 tcg_temp_free_i32(tmp);
2772 gen_op_iwmmxt_movq_wRn_M0(acc);
2776 if ((insn & 0x0fe00ff8) == 0x0c400000) {
2777 /* Internal Accumulator Access Format */
2778 rdhi = (insn >> 16) & 0xf;
2779 rdlo = (insn >> 12) & 0xf;
2785 if (insn & ARM_CP_RW_BIT) { /* MRA */
2786 iwmmxt_load_reg(cpu_V0, acc);
2787 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
2788 tcg_gen_extrh_i64_i32(cpu_R[rdhi], cpu_V0);
2789 tcg_gen_andi_i32(cpu_R[rdhi], cpu_R[rdhi], (1 << (40 - 32)) - 1);
2791 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
2792 iwmmxt_store_reg(cpu_V0, acc);
2800 #define VFP_REG_SHR(x, n) (((n) > 0) ? (x) >> (n) : (x) << -(n))
2801 #define VFP_SREG(insn, bigbit, smallbit) \
2802 ((VFP_REG_SHR(insn, bigbit - 1) & 0x1e) | (((insn) >> (smallbit)) & 1))
2803 #define VFP_DREG(reg, insn, bigbit, smallbit) do { \
2804 if (arm_dc_feature(s, ARM_FEATURE_VFP3)) { \
2805 reg = (((insn) >> (bigbit)) & 0x0f) \
2806 | (((insn) >> ((smallbit) - 4)) & 0x10); \
2808 if (insn & (1 << (smallbit))) \
2810 reg = ((insn) >> (bigbit)) & 0x0f; \
2813 #define VFP_SREG_D(insn) VFP_SREG(insn, 12, 22)
2814 #define VFP_DREG_D(reg, insn) VFP_DREG(reg, insn, 12, 22)
2815 #define VFP_SREG_N(insn) VFP_SREG(insn, 16, 7)
2816 #define VFP_DREG_N(reg, insn) VFP_DREG(reg, insn, 16, 7)
2817 #define VFP_SREG_M(insn) VFP_SREG(insn, 0, 5)
2818 #define VFP_DREG_M(reg, insn) VFP_DREG(reg, insn, 0, 5)
2820 static void gen_neon_dup_low16(TCGv_i32 var)
2822 TCGv_i32 tmp = tcg_temp_new_i32();
2823 tcg_gen_ext16u_i32(var, var);
2824 tcg_gen_shli_i32(tmp, var, 16);
2825 tcg_gen_or_i32(var, var, tmp);
2826 tcg_temp_free_i32(tmp);
2829 static void gen_neon_dup_high16(TCGv_i32 var)
2831 TCGv_i32 tmp = tcg_temp_new_i32();
2832 tcg_gen_andi_i32(var, var, 0xffff0000);
2833 tcg_gen_shri_i32(tmp, var, 16);
2834 tcg_gen_or_i32(var, var, tmp);
2835 tcg_temp_free_i32(tmp);
2839 * Disassemble a VFP instruction. Returns nonzero if an error occurred
2840 * (ie. an undefined instruction).
2842 static int disas_vfp_insn(DisasContext *s, uint32_t insn)
2844 if (!arm_dc_feature(s, ARM_FEATURE_VFP)) {
2849 * If the decodetree decoder handles this insn it will always
2850 * emit code to either execute the insn or generate an appropriate
2851 * exception; so we don't need to ever return non-zero to tell
2852 * the calling code to emit an UNDEF exception.
2854 if (extract32(insn, 28, 4) == 0xf) {
2855 if (disas_vfp_uncond(s, insn)) {
2859 if (disas_vfp(s, insn)) {
2863 /* If the decodetree decoder didn't handle this insn, it must be UNDEF */
2867 static inline bool use_goto_tb(DisasContext *s, target_ulong dest)
2869 #ifndef CONFIG_USER_ONLY
2870 return (s->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
2871 ((s->base.pc_next - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
2877 static void gen_goto_ptr(void)
2879 tcg_gen_lookup_and_goto_ptr();
2882 /* This will end the TB but doesn't guarantee we'll return to
2883 * cpu_loop_exec. Any live exit_requests will be processed as we
2884 * enter the next TB.
2886 static void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
2888 if (use_goto_tb(s, dest)) {
2890 gen_set_pc_im(s, dest);
2891 tcg_gen_exit_tb(s->base.tb, n);
2893 gen_set_pc_im(s, dest);
2896 s->base.is_jmp = DISAS_NORETURN;
2899 static inline void gen_jmp (DisasContext *s, uint32_t dest)
2901 if (unlikely(is_singlestepping(s))) {
2902 /* An indirect jump so that we still trigger the debug exception. */
2907 gen_goto_tb(s, 0, dest);
2911 static inline void gen_mulxy(TCGv_i32 t0, TCGv_i32 t1, int x, int y)
2914 tcg_gen_sari_i32(t0, t0, 16);
2918 tcg_gen_sari_i32(t1, t1, 16);
2921 tcg_gen_mul_i32(t0, t0, t1);
2924 /* Return the mask of PSR bits set by a MSR instruction. */
2925 static uint32_t msr_mask(DisasContext *s, int flags, int spsr)
2930 if (flags & (1 << 0))
2932 if (flags & (1 << 1))
2934 if (flags & (1 << 2))
2936 if (flags & (1 << 3))
2939 /* Mask out undefined bits. */
2940 mask &= ~CPSR_RESERVED;
2941 if (!arm_dc_feature(s, ARM_FEATURE_V4T)) {
2944 if (!arm_dc_feature(s, ARM_FEATURE_V5)) {
2945 mask &= ~CPSR_Q; /* V5TE in reality*/
2947 if (!arm_dc_feature(s, ARM_FEATURE_V6)) {
2948 mask &= ~(CPSR_E | CPSR_GE);
2950 if (!arm_dc_feature(s, ARM_FEATURE_THUMB2)) {
2953 /* Mask out execution state and reserved bits. */
2955 mask &= ~(CPSR_EXEC | CPSR_RESERVED);
2957 /* Mask out privileged bits. */
2963 /* Returns nonzero if access to the PSR is not permitted. Marks t0 as dead. */
2964 static int gen_set_psr(DisasContext *s, uint32_t mask, int spsr, TCGv_i32 t0)
2968 /* ??? This is also undefined in system mode. */
2972 tmp = load_cpu_field(spsr);
2973 tcg_gen_andi_i32(tmp, tmp, ~mask);
2974 tcg_gen_andi_i32(t0, t0, mask);
2975 tcg_gen_or_i32(tmp, tmp, t0);
2976 store_cpu_field(tmp, spsr);
2978 gen_set_cpsr(t0, mask);
2980 tcg_temp_free_i32(t0);
2985 /* Returns nonzero if access to the PSR is not permitted. */
2986 static int gen_set_psr_im(DisasContext *s, uint32_t mask, int spsr, uint32_t val)
2989 tmp = tcg_temp_new_i32();
2990 tcg_gen_movi_i32(tmp, val);
2991 return gen_set_psr(s, mask, spsr, tmp);
2994 static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
2995 int *tgtmode, int *regno)
2997 /* Decode the r and sysm fields of MSR/MRS banked accesses into
2998 * the target mode and register number, and identify the various
2999 * unpredictable cases.
3000 * MSR (banked) and MRS (banked) are CONSTRAINED UNPREDICTABLE if:
3001 * + executed in user mode
3002 * + using R15 as the src/dest register
3003 * + accessing an unimplemented register
3004 * + accessing a register that's inaccessible at current PL/security state*
3005 * + accessing a register that you could access with a different insn
3006 * We choose to UNDEF in all these cases.
3007 * Since we don't know which of the various AArch32 modes we are in
3008 * we have to defer some checks to runtime.
3009 * Accesses to Monitor mode registers from Secure EL1 (which implies
3010 * that EL3 is AArch64) must trap to EL3.
3012 * If the access checks fail this function will emit code to take
3013 * an exception and return false. Otherwise it will return true,
3014 * and set *tgtmode and *regno appropriately.
3016 int exc_target = default_exception_el(s);
3018 /* These instructions are present only in ARMv8, or in ARMv7 with the
3019 * Virtualization Extensions.
3021 if (!arm_dc_feature(s, ARM_FEATURE_V8) &&
3022 !arm_dc_feature(s, ARM_FEATURE_EL2)) {
3026 if (IS_USER(s) || rn == 15) {
3030 /* The table in the v8 ARM ARM section F5.2.3 describes the encoding
3031 * of registers into (r, sysm).
3034 /* SPSRs for other modes */
3036 case 0xe: /* SPSR_fiq */
3037 *tgtmode = ARM_CPU_MODE_FIQ;
3039 case 0x10: /* SPSR_irq */
3040 *tgtmode = ARM_CPU_MODE_IRQ;
3042 case 0x12: /* SPSR_svc */
3043 *tgtmode = ARM_CPU_MODE_SVC;
3045 case 0x14: /* SPSR_abt */
3046 *tgtmode = ARM_CPU_MODE_ABT;
3048 case 0x16: /* SPSR_und */
3049 *tgtmode = ARM_CPU_MODE_UND;
3051 case 0x1c: /* SPSR_mon */
3052 *tgtmode = ARM_CPU_MODE_MON;
3054 case 0x1e: /* SPSR_hyp */
3055 *tgtmode = ARM_CPU_MODE_HYP;
3057 default: /* unallocated */
3060 /* We arbitrarily assign SPSR a register number of 16. */
3063 /* general purpose registers for other modes */
3065 case 0x0 ... 0x6: /* 0b00xxx : r8_usr ... r14_usr */
3066 *tgtmode = ARM_CPU_MODE_USR;
3069 case 0x8 ... 0xe: /* 0b01xxx : r8_fiq ... r14_fiq */
3070 *tgtmode = ARM_CPU_MODE_FIQ;
3073 case 0x10 ... 0x11: /* 0b1000x : r14_irq, r13_irq */
3074 *tgtmode = ARM_CPU_MODE_IRQ;
3075 *regno = sysm & 1 ? 13 : 14;
3077 case 0x12 ... 0x13: /* 0b1001x : r14_svc, r13_svc */
3078 *tgtmode = ARM_CPU_MODE_SVC;
3079 *regno = sysm & 1 ? 13 : 14;
3081 case 0x14 ... 0x15: /* 0b1010x : r14_abt, r13_abt */
3082 *tgtmode = ARM_CPU_MODE_ABT;
3083 *regno = sysm & 1 ? 13 : 14;
3085 case 0x16 ... 0x17: /* 0b1011x : r14_und, r13_und */
3086 *tgtmode = ARM_CPU_MODE_UND;
3087 *regno = sysm & 1 ? 13 : 14;
3089 case 0x1c ... 0x1d: /* 0b1110x : r14_mon, r13_mon */
3090 *tgtmode = ARM_CPU_MODE_MON;
3091 *regno = sysm & 1 ? 13 : 14;
3093 case 0x1e ... 0x1f: /* 0b1111x : elr_hyp, r13_hyp */
3094 *tgtmode = ARM_CPU_MODE_HYP;
3095 /* Arbitrarily pick 17 for ELR_Hyp (which is not a banked LR!) */
3096 *regno = sysm & 1 ? 13 : 17;
3098 default: /* unallocated */
3103 /* Catch the 'accessing inaccessible register' cases we can detect
3104 * at translate time.
3107 case ARM_CPU_MODE_MON:
3108 if (!arm_dc_feature(s, ARM_FEATURE_EL3) || s->ns) {
3111 if (s->current_el == 1) {
3112 /* If we're in Secure EL1 (which implies that EL3 is AArch64)
3113 * then accesses to Mon registers trap to EL3
3119 case ARM_CPU_MODE_HYP:
3121 * SPSR_hyp and r13_hyp can only be accessed from Monitor mode
3122 * (and so we can forbid accesses from EL2 or below). elr_hyp
3123 * can be accessed also from Hyp mode, so forbid accesses from
3126 if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 2 ||
3127 (s->current_el < 3 && *regno != 17)) {
3138 /* If we get here then some access check did not pass */
3139 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
3140 syn_uncategorized(), exc_target);
3144 static void gen_msr_banked(DisasContext *s, int r, int sysm, int rn)
3146 TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
3147 int tgtmode = 0, regno = 0;
3149 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, ®no)) {
3153 /* Sync state because msr_banked() can raise exceptions */
3154 gen_set_condexec(s);
3155 gen_set_pc_im(s, s->pc_curr);
3156 tcg_reg = load_reg(s, rn);
3157 tcg_tgtmode = tcg_const_i32(tgtmode);
3158 tcg_regno = tcg_const_i32(regno);
3159 gen_helper_msr_banked(cpu_env, tcg_reg, tcg_tgtmode, tcg_regno);
3160 tcg_temp_free_i32(tcg_tgtmode);
3161 tcg_temp_free_i32(tcg_regno);
3162 tcg_temp_free_i32(tcg_reg);
3163 s->base.is_jmp = DISAS_UPDATE;
3166 static void gen_mrs_banked(DisasContext *s, int r, int sysm, int rn)
3168 TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
3169 int tgtmode = 0, regno = 0;
3171 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, ®no)) {
3175 /* Sync state because mrs_banked() can raise exceptions */
3176 gen_set_condexec(s);
3177 gen_set_pc_im(s, s->pc_curr);
3178 tcg_reg = tcg_temp_new_i32();
3179 tcg_tgtmode = tcg_const_i32(tgtmode);
3180 tcg_regno = tcg_const_i32(regno);
3181 gen_helper_mrs_banked(tcg_reg, cpu_env, tcg_tgtmode, tcg_regno);
3182 tcg_temp_free_i32(tcg_tgtmode);
3183 tcg_temp_free_i32(tcg_regno);
3184 store_reg(s, rn, tcg_reg);
3185 s->base.is_jmp = DISAS_UPDATE;
3188 /* Store value to PC as for an exception return (ie don't
3189 * mask bits). The subsequent call to gen_helper_cpsr_write_eret()
3190 * will do the masking based on the new value of the Thumb bit.
3192 static void store_pc_exc_ret(DisasContext *s, TCGv_i32 pc)
3194 tcg_gen_mov_i32(cpu_R[15], pc);
3195 tcg_temp_free_i32(pc);
3198 /* Generate a v6 exception return. Marks both values as dead. */
3199 static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr)
3201 store_pc_exc_ret(s, pc);
3202 /* The cpsr_write_eret helper will mask the low bits of PC
3203 * appropriately depending on the new Thumb bit, so it must
3204 * be called after storing the new PC.
3206 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
3209 gen_helper_cpsr_write_eret(cpu_env, cpsr);
3210 tcg_temp_free_i32(cpsr);
3211 /* Must exit loop to check un-masked IRQs */
3212 s->base.is_jmp = DISAS_EXIT;
3215 /* Generate an old-style exception return. Marks pc as dead. */
3216 static void gen_exception_return(DisasContext *s, TCGv_i32 pc)
3218 gen_rfe(s, pc, load_cpu_field(spsr));
3222 * For WFI we will halt the vCPU until an IRQ. For WFE and YIELD we
3223 * only call the helper when running single threaded TCG code to ensure
3224 * the next round-robin scheduled vCPU gets a crack. In MTTCG mode we
3225 * just skip this instruction. Currently the SEV/SEVL instructions
3226 * which are *one* of many ways to wake the CPU from WFE are not
3227 * implemented so we can't sleep like WFI does.
3229 static void gen_nop_hint(DisasContext *s, int val)
3232 /* When running in MTTCG we don't generate jumps to the yield and
3233 * WFE helpers as it won't affect the scheduling of other vCPUs.
3234 * If we wanted to more completely model WFE/SEV so we don't busy
3235 * spin unnecessarily we would need to do something more involved.
3238 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
3239 gen_set_pc_im(s, s->base.pc_next);
3240 s->base.is_jmp = DISAS_YIELD;
3244 gen_set_pc_im(s, s->base.pc_next);
3245 s->base.is_jmp = DISAS_WFI;
3248 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
3249 gen_set_pc_im(s, s->base.pc_next);
3250 s->base.is_jmp = DISAS_WFE;
3255 /* TODO: Implement SEV, SEVL and WFE. May help SMP performance. */
3261 #define CPU_V001 cpu_V0, cpu_V0, cpu_V1
3263 static inline void gen_neon_add(int size, TCGv_i32 t0, TCGv_i32 t1)
3266 case 0: gen_helper_neon_add_u8(t0, t0, t1); break;
3267 case 1: gen_helper_neon_add_u16(t0, t0, t1); break;
3268 case 2: tcg_gen_add_i32(t0, t0, t1); break;
3273 static inline void gen_neon_rsb(int size, TCGv_i32 t0, TCGv_i32 t1)
3276 case 0: gen_helper_neon_sub_u8(t0, t1, t0); break;
3277 case 1: gen_helper_neon_sub_u16(t0, t1, t0); break;
3278 case 2: tcg_gen_sub_i32(t0, t1, t0); break;
3283 /* 32-bit pairwise ops end up the same as the elementwise versions. */
3284 #define gen_helper_neon_pmax_s32 tcg_gen_smax_i32
3285 #define gen_helper_neon_pmax_u32 tcg_gen_umax_i32
3286 #define gen_helper_neon_pmin_s32 tcg_gen_smin_i32
3287 #define gen_helper_neon_pmin_u32 tcg_gen_umin_i32
3289 #define GEN_NEON_INTEGER_OP_ENV(name) do { \
3290 switch ((size << 1) | u) { \
3292 gen_helper_neon_##name##_s8(tmp, cpu_env, tmp, tmp2); \
3295 gen_helper_neon_##name##_u8(tmp, cpu_env, tmp, tmp2); \
3298 gen_helper_neon_##name##_s16(tmp, cpu_env, tmp, tmp2); \
3301 gen_helper_neon_##name##_u16(tmp, cpu_env, tmp, tmp2); \
3304 gen_helper_neon_##name##_s32(tmp, cpu_env, tmp, tmp2); \
3307 gen_helper_neon_##name##_u32(tmp, cpu_env, tmp, tmp2); \
3309 default: return 1; \
3312 #define GEN_NEON_INTEGER_OP(name) do { \
3313 switch ((size << 1) | u) { \
3315 gen_helper_neon_##name##_s8(tmp, tmp, tmp2); \
3318 gen_helper_neon_##name##_u8(tmp, tmp, tmp2); \
3321 gen_helper_neon_##name##_s16(tmp, tmp, tmp2); \
3324 gen_helper_neon_##name##_u16(tmp, tmp, tmp2); \
3327 gen_helper_neon_##name##_s32(tmp, tmp, tmp2); \
3330 gen_helper_neon_##name##_u32(tmp, tmp, tmp2); \
3332 default: return 1; \
3335 static TCGv_i32 neon_load_scratch(int scratch)
3337 TCGv_i32 tmp = tcg_temp_new_i32();
3338 tcg_gen_ld_i32(tmp, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
3342 static void neon_store_scratch(int scratch, TCGv_i32 var)
3344 tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
3345 tcg_temp_free_i32(var);
3348 static inline TCGv_i32 neon_get_scalar(int size, int reg)
3352 tmp = neon_load_reg(reg & 7, reg >> 4);
3354 gen_neon_dup_high16(tmp);
3356 gen_neon_dup_low16(tmp);
3359 tmp = neon_load_reg(reg & 15, reg >> 4);
3364 static int gen_neon_unzip(int rd, int rm, int size, int q)
3368 if (!q && size == 2) {
3371 pd = vfp_reg_ptr(true, rd);
3372 pm = vfp_reg_ptr(true, rm);
3376 gen_helper_neon_qunzip8(pd, pm);
3379 gen_helper_neon_qunzip16(pd, pm);
3382 gen_helper_neon_qunzip32(pd, pm);
3390 gen_helper_neon_unzip8(pd, pm);
3393 gen_helper_neon_unzip16(pd, pm);
3399 tcg_temp_free_ptr(pd);
3400 tcg_temp_free_ptr(pm);
3404 static int gen_neon_zip(int rd, int rm, int size, int q)
3408 if (!q && size == 2) {
3411 pd = vfp_reg_ptr(true, rd);
3412 pm = vfp_reg_ptr(true, rm);
3416 gen_helper_neon_qzip8(pd, pm);
3419 gen_helper_neon_qzip16(pd, pm);
3422 gen_helper_neon_qzip32(pd, pm);
3430 gen_helper_neon_zip8(pd, pm);
3433 gen_helper_neon_zip16(pd, pm);
3439 tcg_temp_free_ptr(pd);
3440 tcg_temp_free_ptr(pm);
3444 static void gen_neon_trn_u8(TCGv_i32 t0, TCGv_i32 t1)
3448 rd = tcg_temp_new_i32();
3449 tmp = tcg_temp_new_i32();
3451 tcg_gen_shli_i32(rd, t0, 8);
3452 tcg_gen_andi_i32(rd, rd, 0xff00ff00);
3453 tcg_gen_andi_i32(tmp, t1, 0x00ff00ff);
3454 tcg_gen_or_i32(rd, rd, tmp);
3456 tcg_gen_shri_i32(t1, t1, 8);
3457 tcg_gen_andi_i32(t1, t1, 0x00ff00ff);
3458 tcg_gen_andi_i32(tmp, t0, 0xff00ff00);
3459 tcg_gen_or_i32(t1, t1, tmp);
3460 tcg_gen_mov_i32(t0, rd);
3462 tcg_temp_free_i32(tmp);
3463 tcg_temp_free_i32(rd);
3466 static void gen_neon_trn_u16(TCGv_i32 t0, TCGv_i32 t1)
3470 rd = tcg_temp_new_i32();
3471 tmp = tcg_temp_new_i32();
3473 tcg_gen_shli_i32(rd, t0, 16);
3474 tcg_gen_andi_i32(tmp, t1, 0xffff);
3475 tcg_gen_or_i32(rd, rd, tmp);
3476 tcg_gen_shri_i32(t1, t1, 16);
3477 tcg_gen_andi_i32(tmp, t0, 0xffff0000);
3478 tcg_gen_or_i32(t1, t1, tmp);
3479 tcg_gen_mov_i32(t0, rd);
3481 tcg_temp_free_i32(tmp);
3482 tcg_temp_free_i32(rd);
3490 } const neon_ls_element_type[11] = {
3504 /* Translate a NEON load/store element instruction. Return nonzero if the
3505 instruction is invalid. */
3506 static int disas_neon_ls_insn(DisasContext *s, uint32_t insn)
3526 /* FIXME: this access check should not take precedence over UNDEF
3527 * for invalid encodings; we will generate incorrect syndrome information
3528 * for attempts to execute invalid vfp/neon encodings with FP disabled.
3530 if (s->fp_excp_el) {
3531 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
3532 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
3536 if (!s->vfp_enabled)
3538 VFP_DREG_D(rd, insn);
3539 rn = (insn >> 16) & 0xf;
3541 load = (insn & (1 << 21)) != 0;
3542 endian = s->be_data;
3543 mmu_idx = get_mem_index(s);
3544 if ((insn & (1 << 23)) == 0) {
3545 /* Load store all elements. */
3546 op = (insn >> 8) & 0xf;
3547 size = (insn >> 6) & 3;
3550 /* Catch UNDEF cases for bad values of align field */
3553 if (((insn >> 5) & 1) == 1) {
3558 if (((insn >> 4) & 3) == 3) {
3565 nregs = neon_ls_element_type[op].nregs;
3566 interleave = neon_ls_element_type[op].interleave;
3567 spacing = neon_ls_element_type[op].spacing;
3568 if (size == 3 && (interleave | spacing) != 1) {
3571 /* For our purposes, bytes are always little-endian. */
3575 /* Consecutive little-endian elements from a single register
3576 * can be promoted to a larger little-endian operation.
3578 if (interleave == 1 && endian == MO_LE) {
3581 tmp64 = tcg_temp_new_i64();
3582 addr = tcg_temp_new_i32();
3583 tmp2 = tcg_const_i32(1 << size);
3584 load_reg_var(s, addr, rn);
3585 for (reg = 0; reg < nregs; reg++) {
3586 for (n = 0; n < 8 >> size; n++) {
3588 for (xs = 0; xs < interleave; xs++) {
3589 int tt = rd + reg + spacing * xs;
3592 gen_aa32_ld_i64(s, tmp64, addr, mmu_idx, endian | size);
3593 neon_store_element64(tt, n, size, tmp64);
3595 neon_load_element64(tmp64, tt, n, size);
3596 gen_aa32_st_i64(s, tmp64, addr, mmu_idx, endian | size);
3598 tcg_gen_add_i32(addr, addr, tmp2);
3602 tcg_temp_free_i32(addr);
3603 tcg_temp_free_i32(tmp2);
3604 tcg_temp_free_i64(tmp64);
3605 stride = nregs * interleave * 8;
3607 size = (insn >> 10) & 3;
3609 /* Load single element to all lanes. */
3610 int a = (insn >> 4) & 1;
3614 size = (insn >> 6) & 3;
3615 nregs = ((insn >> 8) & 3) + 1;
3618 if (nregs != 4 || a == 0) {
3621 /* For VLD4 size==3 a == 1 means 32 bits at 16 byte alignment */
3624 if (nregs == 1 && a == 1 && size == 0) {
3627 if (nregs == 3 && a == 1) {
3630 addr = tcg_temp_new_i32();
3631 load_reg_var(s, addr, rn);
3633 /* VLD1 to all lanes: bit 5 indicates how many Dregs to write.
3634 * VLD2/3/4 to all lanes: bit 5 indicates register stride.
3636 stride = (insn & (1 << 5)) ? 2 : 1;
3637 vec_size = nregs == 1 ? stride * 8 : 8;
3639 tmp = tcg_temp_new_i32();
3640 for (reg = 0; reg < nregs; reg++) {
3641 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
3643 if ((rd & 1) && vec_size == 16) {
3644 /* We cannot write 16 bytes at once because the
3645 * destination is unaligned.
3647 tcg_gen_gvec_dup_i32(size, neon_reg_offset(rd, 0),
3649 tcg_gen_gvec_mov(0, neon_reg_offset(rd + 1, 0),
3650 neon_reg_offset(rd, 0), 8, 8);
3652 tcg_gen_gvec_dup_i32(size, neon_reg_offset(rd, 0),
3653 vec_size, vec_size, tmp);
3655 tcg_gen_addi_i32(addr, addr, 1 << size);
3658 tcg_temp_free_i32(tmp);
3659 tcg_temp_free_i32(addr);
3660 stride = (1 << size) * nregs;
3662 /* Single element. */
3663 int idx = (insn >> 4) & 0xf;
3667 reg_idx = (insn >> 5) & 7;
3671 reg_idx = (insn >> 6) & 3;
3672 stride = (insn & (1 << 5)) ? 2 : 1;
3675 reg_idx = (insn >> 7) & 1;
3676 stride = (insn & (1 << 6)) ? 2 : 1;
3681 nregs = ((insn >> 8) & 3) + 1;
3682 /* Catch the UNDEF cases. This is unavoidably a bit messy. */
3685 if (((idx & (1 << size)) != 0) ||
3686 (size == 2 && ((idx & 3) == 1 || (idx & 3) == 2))) {
3691 if ((idx & 1) != 0) {
3696 if (size == 2 && (idx & 2) != 0) {
3701 if ((size == 2) && ((idx & 3) == 3)) {
3708 if ((rd + stride * (nregs - 1)) > 31) {
3709 /* Attempts to write off the end of the register file
3710 * are UNPREDICTABLE; we choose to UNDEF because otherwise
3711 * the neon_load_reg() would write off the end of the array.
3715 tmp = tcg_temp_new_i32();
3716 addr = tcg_temp_new_i32();
3717 load_reg_var(s, addr, rn);
3718 for (reg = 0; reg < nregs; reg++) {
3720 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
3722 neon_store_element(rd, reg_idx, size, tmp);
3723 } else { /* Store */
3724 neon_load_element(tmp, rd, reg_idx, size);
3725 gen_aa32_st_i32(s, tmp, addr, get_mem_index(s),
3729 tcg_gen_addi_i32(addr, addr, 1 << size);
3731 tcg_temp_free_i32(addr);
3732 tcg_temp_free_i32(tmp);
3733 stride = nregs * (1 << size);
3739 base = load_reg(s, rn);
3741 tcg_gen_addi_i32(base, base, stride);
3744 index = load_reg(s, rm);
3745 tcg_gen_add_i32(base, base, index);
3746 tcg_temp_free_i32(index);
3748 store_reg(s, rn, base);
3753 static inline void gen_neon_narrow(int size, TCGv_i32 dest, TCGv_i64 src)
3756 case 0: gen_helper_neon_narrow_u8(dest, src); break;
3757 case 1: gen_helper_neon_narrow_u16(dest, src); break;
3758 case 2: tcg_gen_extrl_i64_i32(dest, src); break;
3763 static inline void gen_neon_narrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
3766 case 0: gen_helper_neon_narrow_sat_s8(dest, cpu_env, src); break;
3767 case 1: gen_helper_neon_narrow_sat_s16(dest, cpu_env, src); break;
3768 case 2: gen_helper_neon_narrow_sat_s32(dest, cpu_env, src); break;
3773 static inline void gen_neon_narrow_satu(int size, TCGv_i32 dest, TCGv_i64 src)
3776 case 0: gen_helper_neon_narrow_sat_u8(dest, cpu_env, src); break;
3777 case 1: gen_helper_neon_narrow_sat_u16(dest, cpu_env, src); break;
3778 case 2: gen_helper_neon_narrow_sat_u32(dest, cpu_env, src); break;
3783 static inline void gen_neon_unarrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
3786 case 0: gen_helper_neon_unarrow_sat8(dest, cpu_env, src); break;
3787 case 1: gen_helper_neon_unarrow_sat16(dest, cpu_env, src); break;
3788 case 2: gen_helper_neon_unarrow_sat32(dest, cpu_env, src); break;
3793 static inline void gen_neon_shift_narrow(int size, TCGv_i32 var, TCGv_i32 shift,
3799 case 1: gen_helper_neon_rshl_u16(var, var, shift); break;
3800 case 2: gen_helper_neon_rshl_u32(var, var, shift); break;
3805 case 1: gen_helper_neon_rshl_s16(var, var, shift); break;
3806 case 2: gen_helper_neon_rshl_s32(var, var, shift); break;
3813 case 1: gen_helper_neon_shl_u16(var, var, shift); break;
3814 case 2: gen_helper_neon_shl_u32(var, var, shift); break;
3819 case 1: gen_helper_neon_shl_s16(var, var, shift); break;
3820 case 2: gen_helper_neon_shl_s32(var, var, shift); break;
3827 static inline void gen_neon_widen(TCGv_i64 dest, TCGv_i32 src, int size, int u)
3831 case 0: gen_helper_neon_widen_u8(dest, src); break;
3832 case 1: gen_helper_neon_widen_u16(dest, src); break;
3833 case 2: tcg_gen_extu_i32_i64(dest, src); break;
3838 case 0: gen_helper_neon_widen_s8(dest, src); break;
3839 case 1: gen_helper_neon_widen_s16(dest, src); break;
3840 case 2: tcg_gen_ext_i32_i64(dest, src); break;
3844 tcg_temp_free_i32(src);
3847 static inline void gen_neon_addl(int size)
3850 case 0: gen_helper_neon_addl_u16(CPU_V001); break;
3851 case 1: gen_helper_neon_addl_u32(CPU_V001); break;
3852 case 2: tcg_gen_add_i64(CPU_V001); break;
3857 static inline void gen_neon_subl(int size)
3860 case 0: gen_helper_neon_subl_u16(CPU_V001); break;
3861 case 1: gen_helper_neon_subl_u32(CPU_V001); break;
3862 case 2: tcg_gen_sub_i64(CPU_V001); break;
3867 static inline void gen_neon_negl(TCGv_i64 var, int size)
3870 case 0: gen_helper_neon_negl_u16(var, var); break;
3871 case 1: gen_helper_neon_negl_u32(var, var); break;
3873 tcg_gen_neg_i64(var, var);
3879 static inline void gen_neon_addl_saturate(TCGv_i64 op0, TCGv_i64 op1, int size)
3882 case 1: gen_helper_neon_addl_saturate_s32(op0, cpu_env, op0, op1); break;
3883 case 2: gen_helper_neon_addl_saturate_s64(op0, cpu_env, op0, op1); break;
3888 static inline void gen_neon_mull(TCGv_i64 dest, TCGv_i32 a, TCGv_i32 b,
3893 switch ((size << 1) | u) {
3894 case 0: gen_helper_neon_mull_s8(dest, a, b); break;
3895 case 1: gen_helper_neon_mull_u8(dest, a, b); break;
3896 case 2: gen_helper_neon_mull_s16(dest, a, b); break;
3897 case 3: gen_helper_neon_mull_u16(dest, a, b); break;
3899 tmp = gen_muls_i64_i32(a, b);
3900 tcg_gen_mov_i64(dest, tmp);
3901 tcg_temp_free_i64(tmp);
3904 tmp = gen_mulu_i64_i32(a, b);
3905 tcg_gen_mov_i64(dest, tmp);
3906 tcg_temp_free_i64(tmp);
3911 /* gen_helper_neon_mull_[su]{8|16} do not free their parameters.
3912 Don't forget to clean them now. */
3914 tcg_temp_free_i32(a);
3915 tcg_temp_free_i32(b);
3919 static void gen_neon_narrow_op(int op, int u, int size,
3920 TCGv_i32 dest, TCGv_i64 src)
3924 gen_neon_unarrow_sats(size, dest, src);
3926 gen_neon_narrow(size, dest, src);
3930 gen_neon_narrow_satu(size, dest, src);
3932 gen_neon_narrow_sats(size, dest, src);
3937 /* Symbolic constants for op fields for Neon 3-register same-length.
3938 * The values correspond to bits [11:8,4]; see the ARM ARM DDI0406B
3941 #define NEON_3R_VHADD 0
3942 #define NEON_3R_VQADD 1
3943 #define NEON_3R_VRHADD 2
3944 #define NEON_3R_LOGIC 3 /* VAND,VBIC,VORR,VMOV,VORN,VEOR,VBIF,VBIT,VBSL */
3945 #define NEON_3R_VHSUB 4
3946 #define NEON_3R_VQSUB 5
3947 #define NEON_3R_VCGT 6
3948 #define NEON_3R_VCGE 7
3949 #define NEON_3R_VSHL 8
3950 #define NEON_3R_VQSHL 9
3951 #define NEON_3R_VRSHL 10
3952 #define NEON_3R_VQRSHL 11
3953 #define NEON_3R_VMAX 12
3954 #define NEON_3R_VMIN 13
3955 #define NEON_3R_VABD 14
3956 #define NEON_3R_VABA 15
3957 #define NEON_3R_VADD_VSUB 16
3958 #define NEON_3R_VTST_VCEQ 17
3959 #define NEON_3R_VML 18 /* VMLA, VMLS */
3960 #define NEON_3R_VMUL 19
3961 #define NEON_3R_VPMAX 20
3962 #define NEON_3R_VPMIN 21
3963 #define NEON_3R_VQDMULH_VQRDMULH 22
3964 #define NEON_3R_VPADD_VQRDMLAH 23
3965 #define NEON_3R_SHA 24 /* SHA1C,SHA1P,SHA1M,SHA1SU0,SHA256H{2},SHA256SU1 */
3966 #define NEON_3R_VFM_VQRDMLSH 25 /* VFMA, VFMS, VQRDMLSH */
3967 #define NEON_3R_FLOAT_ARITH 26 /* float VADD, VSUB, VPADD, VABD */
3968 #define NEON_3R_FLOAT_MULTIPLY 27 /* float VMLA, VMLS, VMUL */
3969 #define NEON_3R_FLOAT_CMP 28 /* float VCEQ, VCGE, VCGT */
3970 #define NEON_3R_FLOAT_ACMP 29 /* float VACGE, VACGT, VACLE, VACLT */
3971 #define NEON_3R_FLOAT_MINMAX 30 /* float VMIN, VMAX */
3972 #define NEON_3R_FLOAT_MISC 31 /* float VRECPS, VRSQRTS, VMAXNM/MINNM */
3974 static const uint8_t neon_3r_sizes[] = {
3975 [NEON_3R_VHADD] = 0x7,
3976 [NEON_3R_VQADD] = 0xf,
3977 [NEON_3R_VRHADD] = 0x7,
3978 [NEON_3R_LOGIC] = 0xf, /* size field encodes op type */
3979 [NEON_3R_VHSUB] = 0x7,
3980 [NEON_3R_VQSUB] = 0xf,
3981 [NEON_3R_VCGT] = 0x7,
3982 [NEON_3R_VCGE] = 0x7,
3983 [NEON_3R_VSHL] = 0xf,
3984 [NEON_3R_VQSHL] = 0xf,
3985 [NEON_3R_VRSHL] = 0xf,
3986 [NEON_3R_VQRSHL] = 0xf,
3987 [NEON_3R_VMAX] = 0x7,
3988 [NEON_3R_VMIN] = 0x7,
3989 [NEON_3R_VABD] = 0x7,
3990 [NEON_3R_VABA] = 0x7,
3991 [NEON_3R_VADD_VSUB] = 0xf,
3992 [NEON_3R_VTST_VCEQ] = 0x7,
3993 [NEON_3R_VML] = 0x7,
3994 [NEON_3R_VMUL] = 0x7,
3995 [NEON_3R_VPMAX] = 0x7,
3996 [NEON_3R_VPMIN] = 0x7,
3997 [NEON_3R_VQDMULH_VQRDMULH] = 0x6,
3998 [NEON_3R_VPADD_VQRDMLAH] = 0x7,
3999 [NEON_3R_SHA] = 0xf, /* size field encodes op type */
4000 [NEON_3R_VFM_VQRDMLSH] = 0x7, /* For VFM, size bit 1 encodes op */
4001 [NEON_3R_FLOAT_ARITH] = 0x5, /* size bit 1 encodes op */
4002 [NEON_3R_FLOAT_MULTIPLY] = 0x5, /* size bit 1 encodes op */
4003 [NEON_3R_FLOAT_CMP] = 0x5, /* size bit 1 encodes op */
4004 [NEON_3R_FLOAT_ACMP] = 0x5, /* size bit 1 encodes op */
4005 [NEON_3R_FLOAT_MINMAX] = 0x5, /* size bit 1 encodes op */
4006 [NEON_3R_FLOAT_MISC] = 0x5, /* size bit 1 encodes op */
4009 /* Symbolic constants for op fields for Neon 2-register miscellaneous.
4010 * The values correspond to bits [17:16,10:7]; see the ARM ARM DDI0406B
4013 #define NEON_2RM_VREV64 0
4014 #define NEON_2RM_VREV32 1
4015 #define NEON_2RM_VREV16 2
4016 #define NEON_2RM_VPADDL 4
4017 #define NEON_2RM_VPADDL_U 5
4018 #define NEON_2RM_AESE 6 /* Includes AESD */
4019 #define NEON_2RM_AESMC 7 /* Includes AESIMC */
4020 #define NEON_2RM_VCLS 8
4021 #define NEON_2RM_VCLZ 9
4022 #define NEON_2RM_VCNT 10
4023 #define NEON_2RM_VMVN 11
4024 #define NEON_2RM_VPADAL 12
4025 #define NEON_2RM_VPADAL_U 13
4026 #define NEON_2RM_VQABS 14
4027 #define NEON_2RM_VQNEG 15
4028 #define NEON_2RM_VCGT0 16
4029 #define NEON_2RM_VCGE0 17
4030 #define NEON_2RM_VCEQ0 18
4031 #define NEON_2RM_VCLE0 19
4032 #define NEON_2RM_VCLT0 20
4033 #define NEON_2RM_SHA1H 21
4034 #define NEON_2RM_VABS 22
4035 #define NEON_2RM_VNEG 23
4036 #define NEON_2RM_VCGT0_F 24
4037 #define NEON_2RM_VCGE0_F 25
4038 #define NEON_2RM_VCEQ0_F 26
4039 #define NEON_2RM_VCLE0_F 27
4040 #define NEON_2RM_VCLT0_F 28
4041 #define NEON_2RM_VABS_F 30
4042 #define NEON_2RM_VNEG_F 31
4043 #define NEON_2RM_VSWP 32
4044 #define NEON_2RM_VTRN 33
4045 #define NEON_2RM_VUZP 34
4046 #define NEON_2RM_VZIP 35
4047 #define NEON_2RM_VMOVN 36 /* Includes VQMOVN, VQMOVUN */
4048 #define NEON_2RM_VQMOVN 37 /* Includes VQMOVUN */
4049 #define NEON_2RM_VSHLL 38
4050 #define NEON_2RM_SHA1SU1 39 /* Includes SHA256SU0 */
4051 #define NEON_2RM_VRINTN 40
4052 #define NEON_2RM_VRINTX 41
4053 #define NEON_2RM_VRINTA 42
4054 #define NEON_2RM_VRINTZ 43
4055 #define NEON_2RM_VCVT_F16_F32 44
4056 #define NEON_2RM_VRINTM 45
4057 #define NEON_2RM_VCVT_F32_F16 46
4058 #define NEON_2RM_VRINTP 47
4059 #define NEON_2RM_VCVTAU 48
4060 #define NEON_2RM_VCVTAS 49
4061 #define NEON_2RM_VCVTNU 50
4062 #define NEON_2RM_VCVTNS 51
4063 #define NEON_2RM_VCVTPU 52
4064 #define NEON_2RM_VCVTPS 53
4065 #define NEON_2RM_VCVTMU 54
4066 #define NEON_2RM_VCVTMS 55
4067 #define NEON_2RM_VRECPE 56
4068 #define NEON_2RM_VRSQRTE 57
4069 #define NEON_2RM_VRECPE_F 58
4070 #define NEON_2RM_VRSQRTE_F 59
4071 #define NEON_2RM_VCVT_FS 60
4072 #define NEON_2RM_VCVT_FU 61
4073 #define NEON_2RM_VCVT_SF 62
4074 #define NEON_2RM_VCVT_UF 63
4076 static bool neon_2rm_is_v8_op(int op)
4078 /* Return true if this neon 2reg-misc op is ARMv8 and up */
4080 case NEON_2RM_VRINTN:
4081 case NEON_2RM_VRINTA:
4082 case NEON_2RM_VRINTM:
4083 case NEON_2RM_VRINTP:
4084 case NEON_2RM_VRINTZ:
4085 case NEON_2RM_VRINTX:
4086 case NEON_2RM_VCVTAU:
4087 case NEON_2RM_VCVTAS:
4088 case NEON_2RM_VCVTNU:
4089 case NEON_2RM_VCVTNS:
4090 case NEON_2RM_VCVTPU:
4091 case NEON_2RM_VCVTPS:
4092 case NEON_2RM_VCVTMU:
4093 case NEON_2RM_VCVTMS:
4100 /* Each entry in this array has bit n set if the insn allows
4101 * size value n (otherwise it will UNDEF). Since unallocated
4102 * op values will have no bits set they always UNDEF.
4104 static const uint8_t neon_2rm_sizes[] = {
4105 [NEON_2RM_VREV64] = 0x7,
4106 [NEON_2RM_VREV32] = 0x3,
4107 [NEON_2RM_VREV16] = 0x1,
4108 [NEON_2RM_VPADDL] = 0x7,
4109 [NEON_2RM_VPADDL_U] = 0x7,
4110 [NEON_2RM_AESE] = 0x1,
4111 [NEON_2RM_AESMC] = 0x1,
4112 [NEON_2RM_VCLS] = 0x7,
4113 [NEON_2RM_VCLZ] = 0x7,
4114 [NEON_2RM_VCNT] = 0x1,
4115 [NEON_2RM_VMVN] = 0x1,
4116 [NEON_2RM_VPADAL] = 0x7,
4117 [NEON_2RM_VPADAL_U] = 0x7,
4118 [NEON_2RM_VQABS] = 0x7,
4119 [NEON_2RM_VQNEG] = 0x7,
4120 [NEON_2RM_VCGT0] = 0x7,
4121 [NEON_2RM_VCGE0] = 0x7,
4122 [NEON_2RM_VCEQ0] = 0x7,
4123 [NEON_2RM_VCLE0] = 0x7,
4124 [NEON_2RM_VCLT0] = 0x7,
4125 [NEON_2RM_SHA1H] = 0x4,
4126 [NEON_2RM_VABS] = 0x7,
4127 [NEON_2RM_VNEG] = 0x7,
4128 [NEON_2RM_VCGT0_F] = 0x4,
4129 [NEON_2RM_VCGE0_F] = 0x4,
4130 [NEON_2RM_VCEQ0_F] = 0x4,
4131 [NEON_2RM_VCLE0_F] = 0x4,
4132 [NEON_2RM_VCLT0_F] = 0x4,
4133 [NEON_2RM_VABS_F] = 0x4,
4134 [NEON_2RM_VNEG_F] = 0x4,
4135 [NEON_2RM_VSWP] = 0x1,
4136 [NEON_2RM_VTRN] = 0x7,
4137 [NEON_2RM_VUZP] = 0x7,
4138 [NEON_2RM_VZIP] = 0x7,
4139 [NEON_2RM_VMOVN] = 0x7,
4140 [NEON_2RM_VQMOVN] = 0x7,
4141 [NEON_2RM_VSHLL] = 0x7,
4142 [NEON_2RM_SHA1SU1] = 0x4,
4143 [NEON_2RM_VRINTN] = 0x4,
4144 [NEON_2RM_VRINTX] = 0x4,
4145 [NEON_2RM_VRINTA] = 0x4,
4146 [NEON_2RM_VRINTZ] = 0x4,
4147 [NEON_2RM_VCVT_F16_F32] = 0x2,
4148 [NEON_2RM_VRINTM] = 0x4,
4149 [NEON_2RM_VCVT_F32_F16] = 0x2,
4150 [NEON_2RM_VRINTP] = 0x4,
4151 [NEON_2RM_VCVTAU] = 0x4,
4152 [NEON_2RM_VCVTAS] = 0x4,
4153 [NEON_2RM_VCVTNU] = 0x4,
4154 [NEON_2RM_VCVTNS] = 0x4,
4155 [NEON_2RM_VCVTPU] = 0x4,
4156 [NEON_2RM_VCVTPS] = 0x4,
4157 [NEON_2RM_VCVTMU] = 0x4,
4158 [NEON_2RM_VCVTMS] = 0x4,
4159 [NEON_2RM_VRECPE] = 0x4,
4160 [NEON_2RM_VRSQRTE] = 0x4,
4161 [NEON_2RM_VRECPE_F] = 0x4,
4162 [NEON_2RM_VRSQRTE_F] = 0x4,
4163 [NEON_2RM_VCVT_FS] = 0x4,
4164 [NEON_2RM_VCVT_FU] = 0x4,
4165 [NEON_2RM_VCVT_SF] = 0x4,
4166 [NEON_2RM_VCVT_UF] = 0x4,
4170 /* Expand v8.1 simd helper. */
4171 static int do_v81_helper(DisasContext *s, gen_helper_gvec_3_ptr *fn,
4172 int q, int rd, int rn, int rm)
4174 if (dc_isar_feature(aa32_rdm, s)) {
4175 int opr_sz = (1 + q) * 8;
4176 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd),
4177 vfp_reg_offset(1, rn),
4178 vfp_reg_offset(1, rm), cpu_env,
4179 opr_sz, opr_sz, 0, fn);
4185 static void gen_ssra8_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4187 tcg_gen_vec_sar8i_i64(a, a, shift);
4188 tcg_gen_vec_add8_i64(d, d, a);
4191 static void gen_ssra16_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4193 tcg_gen_vec_sar16i_i64(a, a, shift);
4194 tcg_gen_vec_add16_i64(d, d, a);
4197 static void gen_ssra32_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4199 tcg_gen_sari_i32(a, a, shift);
4200 tcg_gen_add_i32(d, d, a);
4203 static void gen_ssra64_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4205 tcg_gen_sari_i64(a, a, shift);
4206 tcg_gen_add_i64(d, d, a);
4209 static void gen_ssra_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4211 tcg_gen_sari_vec(vece, a, a, sh);
4212 tcg_gen_add_vec(vece, d, d, a);
4215 static const TCGOpcode vecop_list_ssra[] = {
4216 INDEX_op_sari_vec, INDEX_op_add_vec, 0
4219 const GVecGen2i ssra_op[4] = {
4220 { .fni8 = gen_ssra8_i64,
4221 .fniv = gen_ssra_vec,
4223 .opt_opc = vecop_list_ssra,
4225 { .fni8 = gen_ssra16_i64,
4226 .fniv = gen_ssra_vec,
4228 .opt_opc = vecop_list_ssra,
4230 { .fni4 = gen_ssra32_i32,
4231 .fniv = gen_ssra_vec,
4233 .opt_opc = vecop_list_ssra,
4235 { .fni8 = gen_ssra64_i64,
4236 .fniv = gen_ssra_vec,
4237 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4238 .opt_opc = vecop_list_ssra,
4243 static void gen_usra8_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4245 tcg_gen_vec_shr8i_i64(a, a, shift);
4246 tcg_gen_vec_add8_i64(d, d, a);
4249 static void gen_usra16_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4251 tcg_gen_vec_shr16i_i64(a, a, shift);
4252 tcg_gen_vec_add16_i64(d, d, a);
4255 static void gen_usra32_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4257 tcg_gen_shri_i32(a, a, shift);
4258 tcg_gen_add_i32(d, d, a);
4261 static void gen_usra64_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4263 tcg_gen_shri_i64(a, a, shift);
4264 tcg_gen_add_i64(d, d, a);
4267 static void gen_usra_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4269 tcg_gen_shri_vec(vece, a, a, sh);
4270 tcg_gen_add_vec(vece, d, d, a);
4273 static const TCGOpcode vecop_list_usra[] = {
4274 INDEX_op_shri_vec, INDEX_op_add_vec, 0
4277 const GVecGen2i usra_op[4] = {
4278 { .fni8 = gen_usra8_i64,
4279 .fniv = gen_usra_vec,
4281 .opt_opc = vecop_list_usra,
4283 { .fni8 = gen_usra16_i64,
4284 .fniv = gen_usra_vec,
4286 .opt_opc = vecop_list_usra,
4288 { .fni4 = gen_usra32_i32,
4289 .fniv = gen_usra_vec,
4291 .opt_opc = vecop_list_usra,
4293 { .fni8 = gen_usra64_i64,
4294 .fniv = gen_usra_vec,
4295 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4297 .opt_opc = vecop_list_usra,
4301 static void gen_shr8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4303 uint64_t mask = dup_const(MO_8, 0xff >> shift);
4304 TCGv_i64 t = tcg_temp_new_i64();
4306 tcg_gen_shri_i64(t, a, shift);
4307 tcg_gen_andi_i64(t, t, mask);
4308 tcg_gen_andi_i64(d, d, ~mask);
4309 tcg_gen_or_i64(d, d, t);
4310 tcg_temp_free_i64(t);
4313 static void gen_shr16_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4315 uint64_t mask = dup_const(MO_16, 0xffff >> shift);
4316 TCGv_i64 t = tcg_temp_new_i64();
4318 tcg_gen_shri_i64(t, a, shift);
4319 tcg_gen_andi_i64(t, t, mask);
4320 tcg_gen_andi_i64(d, d, ~mask);
4321 tcg_gen_or_i64(d, d, t);
4322 tcg_temp_free_i64(t);
4325 static void gen_shr32_ins_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4327 tcg_gen_shri_i32(a, a, shift);
4328 tcg_gen_deposit_i32(d, d, a, 0, 32 - shift);
4331 static void gen_shr64_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4333 tcg_gen_shri_i64(a, a, shift);
4334 tcg_gen_deposit_i64(d, d, a, 0, 64 - shift);
4337 static void gen_shr_ins_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4340 tcg_gen_mov_vec(d, a);
4342 TCGv_vec t = tcg_temp_new_vec_matching(d);
4343 TCGv_vec m = tcg_temp_new_vec_matching(d);
4345 tcg_gen_dupi_vec(vece, m, MAKE_64BIT_MASK((8 << vece) - sh, sh));
4346 tcg_gen_shri_vec(vece, t, a, sh);
4347 tcg_gen_and_vec(vece, d, d, m);
4348 tcg_gen_or_vec(vece, d, d, t);
4350 tcg_temp_free_vec(t);
4351 tcg_temp_free_vec(m);
4355 static const TCGOpcode vecop_list_sri[] = { INDEX_op_shri_vec, 0 };
4357 const GVecGen2i sri_op[4] = {
4358 { .fni8 = gen_shr8_ins_i64,
4359 .fniv = gen_shr_ins_vec,
4361 .opt_opc = vecop_list_sri,
4363 { .fni8 = gen_shr16_ins_i64,
4364 .fniv = gen_shr_ins_vec,
4366 .opt_opc = vecop_list_sri,
4368 { .fni4 = gen_shr32_ins_i32,
4369 .fniv = gen_shr_ins_vec,
4371 .opt_opc = vecop_list_sri,
4373 { .fni8 = gen_shr64_ins_i64,
4374 .fniv = gen_shr_ins_vec,
4375 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4377 .opt_opc = vecop_list_sri,
4381 static void gen_shl8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4383 uint64_t mask = dup_const(MO_8, 0xff << shift);
4384 TCGv_i64 t = tcg_temp_new_i64();
4386 tcg_gen_shli_i64(t, a, shift);
4387 tcg_gen_andi_i64(t, t, mask);
4388 tcg_gen_andi_i64(d, d, ~mask);
4389 tcg_gen_or_i64(d, d, t);
4390 tcg_temp_free_i64(t);
4393 static void gen_shl16_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4395 uint64_t mask = dup_const(MO_16, 0xffff << shift);
4396 TCGv_i64 t = tcg_temp_new_i64();
4398 tcg_gen_shli_i64(t, a, shift);
4399 tcg_gen_andi_i64(t, t, mask);
4400 tcg_gen_andi_i64(d, d, ~mask);
4401 tcg_gen_or_i64(d, d, t);
4402 tcg_temp_free_i64(t);
4405 static void gen_shl32_ins_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4407 tcg_gen_deposit_i32(d, d, a, shift, 32 - shift);
4410 static void gen_shl64_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4412 tcg_gen_deposit_i64(d, d, a, shift, 64 - shift);
4415 static void gen_shl_ins_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4418 tcg_gen_mov_vec(d, a);
4420 TCGv_vec t = tcg_temp_new_vec_matching(d);
4421 TCGv_vec m = tcg_temp_new_vec_matching(d);
4423 tcg_gen_dupi_vec(vece, m, MAKE_64BIT_MASK(0, sh));
4424 tcg_gen_shli_vec(vece, t, a, sh);
4425 tcg_gen_and_vec(vece, d, d, m);
4426 tcg_gen_or_vec(vece, d, d, t);
4428 tcg_temp_free_vec(t);
4429 tcg_temp_free_vec(m);
4433 static const TCGOpcode vecop_list_sli[] = { INDEX_op_shli_vec, 0 };
4435 const GVecGen2i sli_op[4] = {
4436 { .fni8 = gen_shl8_ins_i64,
4437 .fniv = gen_shl_ins_vec,
4439 .opt_opc = vecop_list_sli,
4441 { .fni8 = gen_shl16_ins_i64,
4442 .fniv = gen_shl_ins_vec,
4444 .opt_opc = vecop_list_sli,
4446 { .fni4 = gen_shl32_ins_i32,
4447 .fniv = gen_shl_ins_vec,
4449 .opt_opc = vecop_list_sli,
4451 { .fni8 = gen_shl64_ins_i64,
4452 .fniv = gen_shl_ins_vec,
4453 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4455 .opt_opc = vecop_list_sli,
4459 static void gen_mla8_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4461 gen_helper_neon_mul_u8(a, a, b);
4462 gen_helper_neon_add_u8(d, d, a);
4465 static void gen_mls8_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4467 gen_helper_neon_mul_u8(a, a, b);
4468 gen_helper_neon_sub_u8(d, d, a);
4471 static void gen_mla16_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4473 gen_helper_neon_mul_u16(a, a, b);
4474 gen_helper_neon_add_u16(d, d, a);
4477 static void gen_mls16_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4479 gen_helper_neon_mul_u16(a, a, b);
4480 gen_helper_neon_sub_u16(d, d, a);
4483 static void gen_mla32_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4485 tcg_gen_mul_i32(a, a, b);
4486 tcg_gen_add_i32(d, d, a);
4489 static void gen_mls32_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4491 tcg_gen_mul_i32(a, a, b);
4492 tcg_gen_sub_i32(d, d, a);
4495 static void gen_mla64_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4497 tcg_gen_mul_i64(a, a, b);
4498 tcg_gen_add_i64(d, d, a);
4501 static void gen_mls64_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4503 tcg_gen_mul_i64(a, a, b);
4504 tcg_gen_sub_i64(d, d, a);
4507 static void gen_mla_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4509 tcg_gen_mul_vec(vece, a, a, b);
4510 tcg_gen_add_vec(vece, d, d, a);
4513 static void gen_mls_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4515 tcg_gen_mul_vec(vece, a, a, b);
4516 tcg_gen_sub_vec(vece, d, d, a);
4519 /* Note that while NEON does not support VMLA and VMLS as 64-bit ops,
4520 * these tables are shared with AArch64 which does support them.
4523 static const TCGOpcode vecop_list_mla[] = {
4524 INDEX_op_mul_vec, INDEX_op_add_vec, 0
4527 static const TCGOpcode vecop_list_mls[] = {
4528 INDEX_op_mul_vec, INDEX_op_sub_vec, 0
4531 const GVecGen3 mla_op[4] = {
4532 { .fni4 = gen_mla8_i32,
4533 .fniv = gen_mla_vec,
4535 .opt_opc = vecop_list_mla,
4537 { .fni4 = gen_mla16_i32,
4538 .fniv = gen_mla_vec,
4540 .opt_opc = vecop_list_mla,
4542 { .fni4 = gen_mla32_i32,
4543 .fniv = gen_mla_vec,
4545 .opt_opc = vecop_list_mla,
4547 { .fni8 = gen_mla64_i64,
4548 .fniv = gen_mla_vec,
4549 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4551 .opt_opc = vecop_list_mla,
4555 const GVecGen3 mls_op[4] = {
4556 { .fni4 = gen_mls8_i32,
4557 .fniv = gen_mls_vec,
4559 .opt_opc = vecop_list_mls,
4561 { .fni4 = gen_mls16_i32,
4562 .fniv = gen_mls_vec,
4564 .opt_opc = vecop_list_mls,
4566 { .fni4 = gen_mls32_i32,
4567 .fniv = gen_mls_vec,
4569 .opt_opc = vecop_list_mls,
4571 { .fni8 = gen_mls64_i64,
4572 .fniv = gen_mls_vec,
4573 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4575 .opt_opc = vecop_list_mls,
4579 /* CMTST : test is "if (X & Y != 0)". */
4580 static void gen_cmtst_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4582 tcg_gen_and_i32(d, a, b);
4583 tcg_gen_setcondi_i32(TCG_COND_NE, d, d, 0);
4584 tcg_gen_neg_i32(d, d);
4587 void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4589 tcg_gen_and_i64(d, a, b);
4590 tcg_gen_setcondi_i64(TCG_COND_NE, d, d, 0);
4591 tcg_gen_neg_i64(d, d);
4594 static void gen_cmtst_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4596 tcg_gen_and_vec(vece, d, a, b);
4597 tcg_gen_dupi_vec(vece, a, 0);
4598 tcg_gen_cmp_vec(TCG_COND_NE, vece, d, d, a);
4601 static const TCGOpcode vecop_list_cmtst[] = { INDEX_op_cmp_vec, 0 };
4603 const GVecGen3 cmtst_op[4] = {
4604 { .fni4 = gen_helper_neon_tst_u8,
4605 .fniv = gen_cmtst_vec,
4606 .opt_opc = vecop_list_cmtst,
4608 { .fni4 = gen_helper_neon_tst_u16,
4609 .fniv = gen_cmtst_vec,
4610 .opt_opc = vecop_list_cmtst,
4612 { .fni4 = gen_cmtst_i32,
4613 .fniv = gen_cmtst_vec,
4614 .opt_opc = vecop_list_cmtst,
4616 { .fni8 = gen_cmtst_i64,
4617 .fniv = gen_cmtst_vec,
4618 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4619 .opt_opc = vecop_list_cmtst,
4623 static void gen_uqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4624 TCGv_vec a, TCGv_vec b)
4626 TCGv_vec x = tcg_temp_new_vec_matching(t);
4627 tcg_gen_add_vec(vece, x, a, b);
4628 tcg_gen_usadd_vec(vece, t, a, b);
4629 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4630 tcg_gen_or_vec(vece, sat, sat, x);
4631 tcg_temp_free_vec(x);
4634 static const TCGOpcode vecop_list_uqadd[] = {
4635 INDEX_op_usadd_vec, INDEX_op_cmp_vec, INDEX_op_add_vec, 0
4638 const GVecGen4 uqadd_op[4] = {
4639 { .fniv = gen_uqadd_vec,
4640 .fno = gen_helper_gvec_uqadd_b,
4642 .opt_opc = vecop_list_uqadd,
4644 { .fniv = gen_uqadd_vec,
4645 .fno = gen_helper_gvec_uqadd_h,
4647 .opt_opc = vecop_list_uqadd,
4649 { .fniv = gen_uqadd_vec,
4650 .fno = gen_helper_gvec_uqadd_s,
4652 .opt_opc = vecop_list_uqadd,
4654 { .fniv = gen_uqadd_vec,
4655 .fno = gen_helper_gvec_uqadd_d,
4657 .opt_opc = vecop_list_uqadd,
4661 static void gen_sqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4662 TCGv_vec a, TCGv_vec b)
4664 TCGv_vec x = tcg_temp_new_vec_matching(t);
4665 tcg_gen_add_vec(vece, x, a, b);
4666 tcg_gen_ssadd_vec(vece, t, a, b);
4667 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4668 tcg_gen_or_vec(vece, sat, sat, x);
4669 tcg_temp_free_vec(x);
4672 static const TCGOpcode vecop_list_sqadd[] = {
4673 INDEX_op_ssadd_vec, INDEX_op_cmp_vec, INDEX_op_add_vec, 0
4676 const GVecGen4 sqadd_op[4] = {
4677 { .fniv = gen_sqadd_vec,
4678 .fno = gen_helper_gvec_sqadd_b,
4679 .opt_opc = vecop_list_sqadd,
4682 { .fniv = gen_sqadd_vec,
4683 .fno = gen_helper_gvec_sqadd_h,
4684 .opt_opc = vecop_list_sqadd,
4687 { .fniv = gen_sqadd_vec,
4688 .fno = gen_helper_gvec_sqadd_s,
4689 .opt_opc = vecop_list_sqadd,
4692 { .fniv = gen_sqadd_vec,
4693 .fno = gen_helper_gvec_sqadd_d,
4694 .opt_opc = vecop_list_sqadd,
4699 static void gen_uqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4700 TCGv_vec a, TCGv_vec b)
4702 TCGv_vec x = tcg_temp_new_vec_matching(t);
4703 tcg_gen_sub_vec(vece, x, a, b);
4704 tcg_gen_ussub_vec(vece, t, a, b);
4705 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4706 tcg_gen_or_vec(vece, sat, sat, x);
4707 tcg_temp_free_vec(x);
4710 static const TCGOpcode vecop_list_uqsub[] = {
4711 INDEX_op_ussub_vec, INDEX_op_cmp_vec, INDEX_op_sub_vec, 0
4714 const GVecGen4 uqsub_op[4] = {
4715 { .fniv = gen_uqsub_vec,
4716 .fno = gen_helper_gvec_uqsub_b,
4717 .opt_opc = vecop_list_uqsub,
4720 { .fniv = gen_uqsub_vec,
4721 .fno = gen_helper_gvec_uqsub_h,
4722 .opt_opc = vecop_list_uqsub,
4725 { .fniv = gen_uqsub_vec,
4726 .fno = gen_helper_gvec_uqsub_s,
4727 .opt_opc = vecop_list_uqsub,
4730 { .fniv = gen_uqsub_vec,
4731 .fno = gen_helper_gvec_uqsub_d,
4732 .opt_opc = vecop_list_uqsub,
4737 static void gen_sqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4738 TCGv_vec a, TCGv_vec b)
4740 TCGv_vec x = tcg_temp_new_vec_matching(t);
4741 tcg_gen_sub_vec(vece, x, a, b);
4742 tcg_gen_sssub_vec(vece, t, a, b);
4743 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4744 tcg_gen_or_vec(vece, sat, sat, x);
4745 tcg_temp_free_vec(x);
4748 static const TCGOpcode vecop_list_sqsub[] = {
4749 INDEX_op_sssub_vec, INDEX_op_cmp_vec, INDEX_op_sub_vec, 0
4752 const GVecGen4 sqsub_op[4] = {
4753 { .fniv = gen_sqsub_vec,
4754 .fno = gen_helper_gvec_sqsub_b,
4755 .opt_opc = vecop_list_sqsub,
4758 { .fniv = gen_sqsub_vec,
4759 .fno = gen_helper_gvec_sqsub_h,
4760 .opt_opc = vecop_list_sqsub,
4763 { .fniv = gen_sqsub_vec,
4764 .fno = gen_helper_gvec_sqsub_s,
4765 .opt_opc = vecop_list_sqsub,
4768 { .fniv = gen_sqsub_vec,
4769 .fno = gen_helper_gvec_sqsub_d,
4770 .opt_opc = vecop_list_sqsub,
4775 /* Translate a NEON data processing instruction. Return nonzero if the
4776 instruction is invalid.
4777 We process data in a mixture of 32-bit and 64-bit chunks.
4778 Mostly we use 32-bit chunks so we can use normal scalar instructions. */
4780 static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
4784 int rd, rn, rm, rd_ofs, rn_ofs, rm_ofs;
4793 TCGv_i32 tmp, tmp2, tmp3, tmp4, tmp5;
4794 TCGv_ptr ptr1, ptr2, ptr3;
4797 /* FIXME: this access check should not take precedence over UNDEF
4798 * for invalid encodings; we will generate incorrect syndrome information
4799 * for attempts to execute invalid vfp/neon encodings with FP disabled.
4801 if (s->fp_excp_el) {
4802 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
4803 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
4807 if (!s->vfp_enabled)
4809 q = (insn & (1 << 6)) != 0;
4810 u = (insn >> 24) & 1;
4811 VFP_DREG_D(rd, insn);
4812 VFP_DREG_N(rn, insn);
4813 VFP_DREG_M(rm, insn);
4814 size = (insn >> 20) & 3;
4815 vec_size = q ? 16 : 8;
4816 rd_ofs = neon_reg_offset(rd, 0);
4817 rn_ofs = neon_reg_offset(rn, 0);
4818 rm_ofs = neon_reg_offset(rm, 0);
4820 if ((insn & (1 << 23)) == 0) {
4821 /* Three register same length. */
4822 op = ((insn >> 7) & 0x1e) | ((insn >> 4) & 1);
4823 /* Catch invalid op and bad size combinations: UNDEF */
4824 if ((neon_3r_sizes[op] & (1 << size)) == 0) {
4827 /* All insns of this form UNDEF for either this condition or the
4828 * superset of cases "Q==1"; we catch the latter later.
4830 if (q && ((rd | rn | rm) & 1)) {
4835 /* The SHA-1/SHA-256 3-register instructions require special
4836 * treatment here, as their size field is overloaded as an
4837 * op type selector, and they all consume their input in a
4843 if (!u) { /* SHA-1 */
4844 if (!dc_isar_feature(aa32_sha1, s)) {
4847 ptr1 = vfp_reg_ptr(true, rd);
4848 ptr2 = vfp_reg_ptr(true, rn);
4849 ptr3 = vfp_reg_ptr(true, rm);
4850 tmp4 = tcg_const_i32(size);
4851 gen_helper_crypto_sha1_3reg(ptr1, ptr2, ptr3, tmp4);
4852 tcg_temp_free_i32(tmp4);
4853 } else { /* SHA-256 */
4854 if (!dc_isar_feature(aa32_sha2, s) || size == 3) {
4857 ptr1 = vfp_reg_ptr(true, rd);
4858 ptr2 = vfp_reg_ptr(true, rn);
4859 ptr3 = vfp_reg_ptr(true, rm);
4862 gen_helper_crypto_sha256h(ptr1, ptr2, ptr3);
4865 gen_helper_crypto_sha256h2(ptr1, ptr2, ptr3);
4868 gen_helper_crypto_sha256su1(ptr1, ptr2, ptr3);
4872 tcg_temp_free_ptr(ptr1);
4873 tcg_temp_free_ptr(ptr2);
4874 tcg_temp_free_ptr(ptr3);
4877 case NEON_3R_VPADD_VQRDMLAH:
4884 return do_v81_helper(s, gen_helper_gvec_qrdmlah_s16,
4887 return do_v81_helper(s, gen_helper_gvec_qrdmlah_s32,
4892 case NEON_3R_VFM_VQRDMLSH:
4903 return do_v81_helper(s, gen_helper_gvec_qrdmlsh_s16,
4906 return do_v81_helper(s, gen_helper_gvec_qrdmlsh_s32,
4911 case NEON_3R_LOGIC: /* Logic ops. */
4912 switch ((u << 2) | size) {
4914 tcg_gen_gvec_and(0, rd_ofs, rn_ofs, rm_ofs,
4915 vec_size, vec_size);
4918 tcg_gen_gvec_andc(0, rd_ofs, rn_ofs, rm_ofs,
4919 vec_size, vec_size);
4922 tcg_gen_gvec_or(0, rd_ofs, rn_ofs, rm_ofs,
4923 vec_size, vec_size);
4926 tcg_gen_gvec_orc(0, rd_ofs, rn_ofs, rm_ofs,
4927 vec_size, vec_size);
4930 tcg_gen_gvec_xor(0, rd_ofs, rn_ofs, rm_ofs,
4931 vec_size, vec_size);
4934 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rd_ofs, rn_ofs, rm_ofs,
4935 vec_size, vec_size);
4938 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rm_ofs, rn_ofs, rd_ofs,
4939 vec_size, vec_size);
4942 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rm_ofs, rd_ofs, rn_ofs,
4943 vec_size, vec_size);
4948 case NEON_3R_VADD_VSUB:
4950 tcg_gen_gvec_sub(size, rd_ofs, rn_ofs, rm_ofs,
4951 vec_size, vec_size);
4953 tcg_gen_gvec_add(size, rd_ofs, rn_ofs, rm_ofs,
4954 vec_size, vec_size);
4959 tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
4960 rn_ofs, rm_ofs, vec_size, vec_size,
4961 (u ? uqadd_op : sqadd_op) + size);
4965 tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
4966 rn_ofs, rm_ofs, vec_size, vec_size,
4967 (u ? uqsub_op : sqsub_op) + size);
4970 case NEON_3R_VMUL: /* VMUL */
4972 /* Polynomial case allows only P8 and is handled below. */
4977 tcg_gen_gvec_mul(size, rd_ofs, rn_ofs, rm_ofs,
4978 vec_size, vec_size);
4983 case NEON_3R_VML: /* VMLA, VMLS */
4984 tcg_gen_gvec_3(rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size,
4985 u ? &mls_op[size] : &mla_op[size]);
4988 case NEON_3R_VTST_VCEQ:
4990 tcg_gen_gvec_cmp(TCG_COND_EQ, size, rd_ofs, rn_ofs, rm_ofs,
4991 vec_size, vec_size);
4993 tcg_gen_gvec_3(rd_ofs, rn_ofs, rm_ofs,
4994 vec_size, vec_size, &cmtst_op[size]);
4999 tcg_gen_gvec_cmp(u ? TCG_COND_GTU : TCG_COND_GT, size,
5000 rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size);
5004 tcg_gen_gvec_cmp(u ? TCG_COND_GEU : TCG_COND_GE, size,
5005 rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size);
5010 tcg_gen_gvec_umax(size, rd_ofs, rn_ofs, rm_ofs,
5011 vec_size, vec_size);
5013 tcg_gen_gvec_smax(size, rd_ofs, rn_ofs, rm_ofs,
5014 vec_size, vec_size);
5019 tcg_gen_gvec_umin(size, rd_ofs, rn_ofs, rm_ofs,
5020 vec_size, vec_size);
5022 tcg_gen_gvec_smin(size, rd_ofs, rn_ofs, rm_ofs,
5023 vec_size, vec_size);
5029 /* 64-bit element instructions. */
5030 for (pass = 0; pass < (q ? 2 : 1); pass++) {
5031 neon_load_reg64(cpu_V0, rn + pass);
5032 neon_load_reg64(cpu_V1, rm + pass);
5036 gen_helper_neon_shl_u64(cpu_V0, cpu_V1, cpu_V0);
5038 gen_helper_neon_shl_s64(cpu_V0, cpu_V1, cpu_V0);
5043 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5046 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5052 gen_helper_neon_rshl_u64(cpu_V0, cpu_V1, cpu_V0);
5054 gen_helper_neon_rshl_s64(cpu_V0, cpu_V1, cpu_V0);
5057 case NEON_3R_VQRSHL:
5059 gen_helper_neon_qrshl_u64(cpu_V0, cpu_env,
5062 gen_helper_neon_qrshl_s64(cpu_V0, cpu_env,
5069 neon_store_reg64(cpu_V0, rd + pass);
5078 case NEON_3R_VQRSHL:
5081 /* Shift instruction operands are reversed. */
5087 case NEON_3R_VPADD_VQRDMLAH:
5092 case NEON_3R_FLOAT_ARITH:
5093 pairwise = (u && size < 2); /* if VPADD (float) */
5095 case NEON_3R_FLOAT_MINMAX:
5096 pairwise = u; /* if VPMIN/VPMAX (float) */
5098 case NEON_3R_FLOAT_CMP:
5100 /* no encoding for U=0 C=1x */
5104 case NEON_3R_FLOAT_ACMP:
5109 case NEON_3R_FLOAT_MISC:
5110 /* VMAXNM/VMINNM in ARMv8 */
5111 if (u && !arm_dc_feature(s, ARM_FEATURE_V8)) {
5115 case NEON_3R_VFM_VQRDMLSH:
5116 if (!arm_dc_feature(s, ARM_FEATURE_VFP4)) {
5124 if (pairwise && q) {
5125 /* All the pairwise insns UNDEF if Q is set */
5129 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5134 tmp = neon_load_reg(rn, 0);
5135 tmp2 = neon_load_reg(rn, 1);
5137 tmp = neon_load_reg(rm, 0);
5138 tmp2 = neon_load_reg(rm, 1);
5142 tmp = neon_load_reg(rn, pass);
5143 tmp2 = neon_load_reg(rm, pass);
5147 GEN_NEON_INTEGER_OP(hadd);
5149 case NEON_3R_VRHADD:
5150 GEN_NEON_INTEGER_OP(rhadd);
5153 GEN_NEON_INTEGER_OP(hsub);
5156 GEN_NEON_INTEGER_OP(shl);
5159 GEN_NEON_INTEGER_OP_ENV(qshl);
5162 GEN_NEON_INTEGER_OP(rshl);
5164 case NEON_3R_VQRSHL:
5165 GEN_NEON_INTEGER_OP_ENV(qrshl);
5168 GEN_NEON_INTEGER_OP(abd);
5171 GEN_NEON_INTEGER_OP(abd);
5172 tcg_temp_free_i32(tmp2);
5173 tmp2 = neon_load_reg(rd, pass);
5174 gen_neon_add(size, tmp, tmp2);
5177 /* VMUL.P8; other cases already eliminated. */
5178 gen_helper_neon_mul_p8(tmp, tmp, tmp2);
5181 GEN_NEON_INTEGER_OP(pmax);
5184 GEN_NEON_INTEGER_OP(pmin);
5186 case NEON_3R_VQDMULH_VQRDMULH: /* Multiply high. */
5187 if (!u) { /* VQDMULH */
5190 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
5193 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
5197 } else { /* VQRDMULH */
5200 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
5203 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
5209 case NEON_3R_VPADD_VQRDMLAH:
5211 case 0: gen_helper_neon_padd_u8(tmp, tmp, tmp2); break;
5212 case 1: gen_helper_neon_padd_u16(tmp, tmp, tmp2); break;
5213 case 2: tcg_gen_add_i32(tmp, tmp, tmp2); break;
5217 case NEON_3R_FLOAT_ARITH: /* Floating point arithmetic. */
5219 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5220 switch ((u << 2) | size) {
5223 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
5226 gen_helper_vfp_subs(tmp, tmp, tmp2, fpstatus);
5229 gen_helper_neon_abd_f32(tmp, tmp, tmp2, fpstatus);
5234 tcg_temp_free_ptr(fpstatus);
5237 case NEON_3R_FLOAT_MULTIPLY:
5239 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5240 gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
5242 tcg_temp_free_i32(tmp2);
5243 tmp2 = neon_load_reg(rd, pass);
5245 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
5247 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
5250 tcg_temp_free_ptr(fpstatus);
5253 case NEON_3R_FLOAT_CMP:
5255 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5257 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
5260 gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
5262 gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
5265 tcg_temp_free_ptr(fpstatus);
5268 case NEON_3R_FLOAT_ACMP:
5270 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5272 gen_helper_neon_acge_f32(tmp, tmp, tmp2, fpstatus);
5274 gen_helper_neon_acgt_f32(tmp, tmp, tmp2, fpstatus);
5276 tcg_temp_free_ptr(fpstatus);
5279 case NEON_3R_FLOAT_MINMAX:
5281 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5283 gen_helper_vfp_maxs(tmp, tmp, tmp2, fpstatus);
5285 gen_helper_vfp_mins(tmp, tmp, tmp2, fpstatus);
5287 tcg_temp_free_ptr(fpstatus);
5290 case NEON_3R_FLOAT_MISC:
5293 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5295 gen_helper_vfp_maxnums(tmp, tmp, tmp2, fpstatus);
5297 gen_helper_vfp_minnums(tmp, tmp, tmp2, fpstatus);
5299 tcg_temp_free_ptr(fpstatus);
5302 gen_helper_recps_f32(tmp, tmp, tmp2, cpu_env);
5304 gen_helper_rsqrts_f32(tmp, tmp, tmp2, cpu_env);
5308 case NEON_3R_VFM_VQRDMLSH:
5310 /* VFMA, VFMS: fused multiply-add */
5311 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5312 TCGv_i32 tmp3 = neon_load_reg(rd, pass);
5315 gen_helper_vfp_negs(tmp, tmp);
5317 gen_helper_vfp_muladds(tmp, tmp, tmp2, tmp3, fpstatus);
5318 tcg_temp_free_i32(tmp3);
5319 tcg_temp_free_ptr(fpstatus);
5325 tcg_temp_free_i32(tmp2);
5327 /* Save the result. For elementwise operations we can put it
5328 straight into the destination register. For pairwise operations
5329 we have to be careful to avoid clobbering the source operands. */
5330 if (pairwise && rd == rm) {
5331 neon_store_scratch(pass, tmp);
5333 neon_store_reg(rd, pass, tmp);
5337 if (pairwise && rd == rm) {
5338 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5339 tmp = neon_load_scratch(pass);
5340 neon_store_reg(rd, pass, tmp);
5343 /* End of 3 register same size operations. */
5344 } else if (insn & (1 << 4)) {
5345 if ((insn & 0x00380080) != 0) {
5346 /* Two registers and shift. */
5347 op = (insn >> 8) & 0xf;
5348 if (insn & (1 << 7)) {
5356 while ((insn & (1 << (size + 19))) == 0)
5359 shift = (insn >> 16) & ((1 << (3 + size)) - 1);
5361 /* Shift by immediate:
5362 VSHR, VSRA, VRSHR, VRSRA, VSRI, VSHL, VQSHL, VQSHLU. */
5363 if (q && ((rd | rm) & 1)) {
5366 if (!u && (op == 4 || op == 6)) {
5369 /* Right shifts are encoded as N - shift, where N is the
5370 element size in bits. */
5372 shift = shift - (1 << (size + 3));
5377 /* Right shift comes here negative. */
5379 /* Shifts larger than the element size are architecturally
5380 * valid. Unsigned results in all zeros; signed results
5384 tcg_gen_gvec_sari(size, rd_ofs, rm_ofs,
5385 MIN(shift, (8 << size) - 1),
5386 vec_size, vec_size);
5387 } else if (shift >= 8 << size) {
5388 tcg_gen_gvec_dup8i(rd_ofs, vec_size, vec_size, 0);
5390 tcg_gen_gvec_shri(size, rd_ofs, rm_ofs, shift,
5391 vec_size, vec_size);
5396 /* Right shift comes here negative. */
5398 /* Shifts larger than the element size are architecturally
5399 * valid. Unsigned results in all zeros; signed results
5403 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5404 MIN(shift, (8 << size) - 1),
5406 } else if (shift >= 8 << size) {
5409 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5410 shift, &usra_op[size]);
5418 /* Right shift comes here negative. */
5420 /* Shift out of range leaves destination unchanged. */
5421 if (shift < 8 << size) {
5422 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5423 shift, &sri_op[size]);
5427 case 5: /* VSHL, VSLI */
5429 /* Shift out of range leaves destination unchanged. */
5430 if (shift < 8 << size) {
5431 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size,
5432 vec_size, shift, &sli_op[size]);
5435 /* Shifts larger than the element size are
5436 * architecturally valid and results in zero.
5438 if (shift >= 8 << size) {
5439 tcg_gen_gvec_dup8i(rd_ofs, vec_size, vec_size, 0);
5441 tcg_gen_gvec_shli(size, rd_ofs, rm_ofs, shift,
5442 vec_size, vec_size);
5454 /* To avoid excessive duplication of ops we implement shift
5455 * by immediate using the variable shift operations.
5457 imm = dup_const(size, shift);
5459 for (pass = 0; pass < count; pass++) {
5461 neon_load_reg64(cpu_V0, rm + pass);
5462 tcg_gen_movi_i64(cpu_V1, imm);
5467 gen_helper_neon_rshl_u64(cpu_V0, cpu_V0, cpu_V1);
5469 gen_helper_neon_rshl_s64(cpu_V0, cpu_V0, cpu_V1);
5471 case 6: /* VQSHLU */
5472 gen_helper_neon_qshlu_s64(cpu_V0, cpu_env,
5477 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5480 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5485 g_assert_not_reached();
5489 neon_load_reg64(cpu_V1, rd + pass);
5490 tcg_gen_add_i64(cpu_V0, cpu_V0, cpu_V1);
5492 neon_store_reg64(cpu_V0, rd + pass);
5493 } else { /* size < 3 */
5494 /* Operands in T0 and T1. */
5495 tmp = neon_load_reg(rm, pass);
5496 tmp2 = tcg_temp_new_i32();
5497 tcg_gen_movi_i32(tmp2, imm);
5501 GEN_NEON_INTEGER_OP(rshl);
5503 case 6: /* VQSHLU */
5506 gen_helper_neon_qshlu_s8(tmp, cpu_env,
5510 gen_helper_neon_qshlu_s16(tmp, cpu_env,
5514 gen_helper_neon_qshlu_s32(tmp, cpu_env,
5522 GEN_NEON_INTEGER_OP_ENV(qshl);
5525 g_assert_not_reached();
5527 tcg_temp_free_i32(tmp2);
5531 tmp2 = neon_load_reg(rd, pass);
5532 gen_neon_add(size, tmp, tmp2);
5533 tcg_temp_free_i32(tmp2);
5535 neon_store_reg(rd, pass, tmp);
5538 } else if (op < 10) {
5539 /* Shift by immediate and narrow:
5540 VSHRN, VRSHRN, VQSHRN, VQRSHRN. */
5541 int input_unsigned = (op == 8) ? !u : u;
5545 shift = shift - (1 << (size + 3));
5548 tmp64 = tcg_const_i64(shift);
5549 neon_load_reg64(cpu_V0, rm);
5550 neon_load_reg64(cpu_V1, rm + 1);
5551 for (pass = 0; pass < 2; pass++) {
5559 if (input_unsigned) {
5560 gen_helper_neon_rshl_u64(cpu_V0, in, tmp64);
5562 gen_helper_neon_rshl_s64(cpu_V0, in, tmp64);
5565 if (input_unsigned) {
5566 gen_helper_neon_shl_u64(cpu_V0, in, tmp64);
5568 gen_helper_neon_shl_s64(cpu_V0, in, tmp64);
5571 tmp = tcg_temp_new_i32();
5572 gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
5573 neon_store_reg(rd, pass, tmp);
5575 tcg_temp_free_i64(tmp64);
5578 imm = (uint16_t)shift;
5582 imm = (uint32_t)shift;
5584 tmp2 = tcg_const_i32(imm);
5585 tmp4 = neon_load_reg(rm + 1, 0);
5586 tmp5 = neon_load_reg(rm + 1, 1);
5587 for (pass = 0; pass < 2; pass++) {
5589 tmp = neon_load_reg(rm, 0);
5593 gen_neon_shift_narrow(size, tmp, tmp2, q,
5596 tmp3 = neon_load_reg(rm, 1);
5600 gen_neon_shift_narrow(size, tmp3, tmp2, q,
5602 tcg_gen_concat_i32_i64(cpu_V0, tmp, tmp3);
5603 tcg_temp_free_i32(tmp);
5604 tcg_temp_free_i32(tmp3);
5605 tmp = tcg_temp_new_i32();
5606 gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
5607 neon_store_reg(rd, pass, tmp);
5609 tcg_temp_free_i32(tmp2);
5611 } else if (op == 10) {
5613 if (q || (rd & 1)) {
5616 tmp = neon_load_reg(rm, 0);
5617 tmp2 = neon_load_reg(rm, 1);
5618 for (pass = 0; pass < 2; pass++) {
5622 gen_neon_widen(cpu_V0, tmp, size, u);
5625 /* The shift is less than the width of the source
5626 type, so we can just shift the whole register. */
5627 tcg_gen_shli_i64(cpu_V0, cpu_V0, shift);
5628 /* Widen the result of shift: we need to clear
5629 * the potential overflow bits resulting from
5630 * left bits of the narrow input appearing as
5631 * right bits of left the neighbour narrow
5633 if (size < 2 || !u) {
5636 imm = (0xffu >> (8 - shift));
5638 } else if (size == 1) {
5639 imm = 0xffff >> (16 - shift);
5642 imm = 0xffffffff >> (32 - shift);
5645 imm64 = imm | (((uint64_t)imm) << 32);
5649 tcg_gen_andi_i64(cpu_V0, cpu_V0, ~imm64);
5652 neon_store_reg64(cpu_V0, rd + pass);
5654 } else if (op >= 14) {
5655 /* VCVT fixed-point. */
5658 VFPGenFixPointFn *fn;
5660 if (!(insn & (1 << 21)) || (q && ((rd | rm) & 1))) {
5666 fn = gen_helper_vfp_ultos;
5668 fn = gen_helper_vfp_sltos;
5672 fn = gen_helper_vfp_touls_round_to_zero;
5674 fn = gen_helper_vfp_tosls_round_to_zero;
5678 /* We have already masked out the must-be-1 top bit of imm6,
5679 * hence this 32-shift where the ARM ARM has 64-imm6.
5682 fpst = get_fpstatus_ptr(1);
5683 shiftv = tcg_const_i32(shift);
5684 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5685 TCGv_i32 tmpf = neon_load_reg(rm, pass);
5686 fn(tmpf, tmpf, shiftv, fpst);
5687 neon_store_reg(rd, pass, tmpf);
5689 tcg_temp_free_ptr(fpst);
5690 tcg_temp_free_i32(shiftv);
5694 } else { /* (insn & 0x00380080) == 0 */
5695 int invert, reg_ofs, vec_size;
5697 if (q && (rd & 1)) {
5701 op = (insn >> 8) & 0xf;
5702 /* One register and immediate. */
5703 imm = (u << 7) | ((insn >> 12) & 0x70) | (insn & 0xf);
5704 invert = (insn & (1 << 5)) != 0;
5705 /* Note that op = 2,3,4,5,6,7,10,11,12,13 imm=0 is UNPREDICTABLE.
5706 * We choose to not special-case this and will behave as if a
5707 * valid constant encoding of 0 had been given.
5726 imm = (imm << 8) | (imm << 24);
5729 imm = (imm << 8) | 0xff;
5732 imm = (imm << 16) | 0xffff;
5735 imm |= (imm << 8) | (imm << 16) | (imm << 24);
5744 imm = ((imm & 0x80) << 24) | ((imm & 0x3f) << 19)
5745 | ((imm & 0x40) ? (0x1f << 25) : (1 << 30));
5752 reg_ofs = neon_reg_offset(rd, 0);
5753 vec_size = q ? 16 : 8;
5755 if (op & 1 && op < 12) {
5757 /* The immediate value has already been inverted,
5758 * so BIC becomes AND.
5760 tcg_gen_gvec_andi(MO_32, reg_ofs, reg_ofs, imm,
5761 vec_size, vec_size);
5763 tcg_gen_gvec_ori(MO_32, reg_ofs, reg_ofs, imm,
5764 vec_size, vec_size);
5768 if (op == 14 && invert) {
5769 TCGv_i64 t64 = tcg_temp_new_i64();
5771 for (pass = 0; pass <= q; ++pass) {
5775 for (n = 0; n < 8; n++) {
5776 if (imm & (1 << (n + pass * 8))) {
5777 val |= 0xffull << (n * 8);
5780 tcg_gen_movi_i64(t64, val);
5781 neon_store_reg64(t64, rd + pass);
5783 tcg_temp_free_i64(t64);
5785 tcg_gen_gvec_dup32i(reg_ofs, vec_size, vec_size, imm);
5789 } else { /* (insn & 0x00800010 == 0x00800000) */
5791 op = (insn >> 8) & 0xf;
5792 if ((insn & (1 << 6)) == 0) {
5793 /* Three registers of different lengths. */
5797 /* undefreq: bit 0 : UNDEF if size == 0
5798 * bit 1 : UNDEF if size == 1
5799 * bit 2 : UNDEF if size == 2
5800 * bit 3 : UNDEF if U == 1
5801 * Note that [2:0] set implies 'always UNDEF'
5804 /* prewiden, src1_wide, src2_wide, undefreq */
5805 static const int neon_3reg_wide[16][4] = {
5806 {1, 0, 0, 0}, /* VADDL */
5807 {1, 1, 0, 0}, /* VADDW */
5808 {1, 0, 0, 0}, /* VSUBL */
5809 {1, 1, 0, 0}, /* VSUBW */
5810 {0, 1, 1, 0}, /* VADDHN */
5811 {0, 0, 0, 0}, /* VABAL */
5812 {0, 1, 1, 0}, /* VSUBHN */
5813 {0, 0, 0, 0}, /* VABDL */
5814 {0, 0, 0, 0}, /* VMLAL */
5815 {0, 0, 0, 9}, /* VQDMLAL */
5816 {0, 0, 0, 0}, /* VMLSL */
5817 {0, 0, 0, 9}, /* VQDMLSL */
5818 {0, 0, 0, 0}, /* Integer VMULL */
5819 {0, 0, 0, 1}, /* VQDMULL */
5820 {0, 0, 0, 0xa}, /* Polynomial VMULL */
5821 {0, 0, 0, 7}, /* Reserved: always UNDEF */
5824 prewiden = neon_3reg_wide[op][0];
5825 src1_wide = neon_3reg_wide[op][1];
5826 src2_wide = neon_3reg_wide[op][2];
5827 undefreq = neon_3reg_wide[op][3];
5829 if ((undefreq & (1 << size)) ||
5830 ((undefreq & 8) && u)) {
5833 if ((src1_wide && (rn & 1)) ||
5834 (src2_wide && (rm & 1)) ||
5835 (!src2_wide && (rd & 1))) {
5839 /* Handle VMULL.P64 (Polynomial 64x64 to 128 bit multiply)
5840 * outside the loop below as it only performs a single pass.
5842 if (op == 14 && size == 2) {
5843 TCGv_i64 tcg_rn, tcg_rm, tcg_rd;
5845 if (!dc_isar_feature(aa32_pmull, s)) {
5848 tcg_rn = tcg_temp_new_i64();
5849 tcg_rm = tcg_temp_new_i64();
5850 tcg_rd = tcg_temp_new_i64();
5851 neon_load_reg64(tcg_rn, rn);
5852 neon_load_reg64(tcg_rm, rm);
5853 gen_helper_neon_pmull_64_lo(tcg_rd, tcg_rn, tcg_rm);
5854 neon_store_reg64(tcg_rd, rd);
5855 gen_helper_neon_pmull_64_hi(tcg_rd, tcg_rn, tcg_rm);
5856 neon_store_reg64(tcg_rd, rd + 1);
5857 tcg_temp_free_i64(tcg_rn);
5858 tcg_temp_free_i64(tcg_rm);
5859 tcg_temp_free_i64(tcg_rd);
5863 /* Avoid overlapping operands. Wide source operands are
5864 always aligned so will never overlap with wide
5865 destinations in problematic ways. */
5866 if (rd == rm && !src2_wide) {
5867 tmp = neon_load_reg(rm, 1);
5868 neon_store_scratch(2, tmp);
5869 } else if (rd == rn && !src1_wide) {
5870 tmp = neon_load_reg(rn, 1);
5871 neon_store_scratch(2, tmp);
5874 for (pass = 0; pass < 2; pass++) {
5876 neon_load_reg64(cpu_V0, rn + pass);
5879 if (pass == 1 && rd == rn) {
5880 tmp = neon_load_scratch(2);
5882 tmp = neon_load_reg(rn, pass);
5885 gen_neon_widen(cpu_V0, tmp, size, u);
5889 neon_load_reg64(cpu_V1, rm + pass);
5892 if (pass == 1 && rd == rm) {
5893 tmp2 = neon_load_scratch(2);
5895 tmp2 = neon_load_reg(rm, pass);
5898 gen_neon_widen(cpu_V1, tmp2, size, u);
5902 case 0: case 1: case 4: /* VADDL, VADDW, VADDHN, VRADDHN */
5903 gen_neon_addl(size);
5905 case 2: case 3: case 6: /* VSUBL, VSUBW, VSUBHN, VRSUBHN */
5906 gen_neon_subl(size);
5908 case 5: case 7: /* VABAL, VABDL */
5909 switch ((size << 1) | u) {
5911 gen_helper_neon_abdl_s16(cpu_V0, tmp, tmp2);
5914 gen_helper_neon_abdl_u16(cpu_V0, tmp, tmp2);
5917 gen_helper_neon_abdl_s32(cpu_V0, tmp, tmp2);
5920 gen_helper_neon_abdl_u32(cpu_V0, tmp, tmp2);
5923 gen_helper_neon_abdl_s64(cpu_V0, tmp, tmp2);
5926 gen_helper_neon_abdl_u64(cpu_V0, tmp, tmp2);
5930 tcg_temp_free_i32(tmp2);
5931 tcg_temp_free_i32(tmp);
5933 case 8: case 9: case 10: case 11: case 12: case 13:
5934 /* VMLAL, VQDMLAL, VMLSL, VQDMLSL, VMULL, VQDMULL */
5935 gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
5937 case 14: /* Polynomial VMULL */
5938 gen_helper_neon_mull_p8(cpu_V0, tmp, tmp2);
5939 tcg_temp_free_i32(tmp2);
5940 tcg_temp_free_i32(tmp);
5942 default: /* 15 is RESERVED: caught earlier */
5947 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
5948 neon_store_reg64(cpu_V0, rd + pass);
5949 } else if (op == 5 || (op >= 8 && op <= 11)) {
5951 neon_load_reg64(cpu_V1, rd + pass);
5953 case 10: /* VMLSL */
5954 gen_neon_negl(cpu_V0, size);
5956 case 5: case 8: /* VABAL, VMLAL */
5957 gen_neon_addl(size);
5959 case 9: case 11: /* VQDMLAL, VQDMLSL */
5960 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
5962 gen_neon_negl(cpu_V0, size);
5964 gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
5969 neon_store_reg64(cpu_V0, rd + pass);
5970 } else if (op == 4 || op == 6) {
5971 /* Narrowing operation. */
5972 tmp = tcg_temp_new_i32();
5976 gen_helper_neon_narrow_high_u8(tmp, cpu_V0);
5979 gen_helper_neon_narrow_high_u16(tmp, cpu_V0);
5982 tcg_gen_extrh_i64_i32(tmp, cpu_V0);
5989 gen_helper_neon_narrow_round_high_u8(tmp, cpu_V0);
5992 gen_helper_neon_narrow_round_high_u16(tmp, cpu_V0);
5995 tcg_gen_addi_i64(cpu_V0, cpu_V0, 1u << 31);
5996 tcg_gen_extrh_i64_i32(tmp, cpu_V0);
6004 neon_store_reg(rd, 0, tmp3);
6005 neon_store_reg(rd, 1, tmp);
6008 /* Write back the result. */
6009 neon_store_reg64(cpu_V0, rd + pass);
6013 /* Two registers and a scalar. NB that for ops of this form
6014 * the ARM ARM labels bit 24 as Q, but it is in our variable
6021 case 1: /* Float VMLA scalar */
6022 case 5: /* Floating point VMLS scalar */
6023 case 9: /* Floating point VMUL scalar */
6028 case 0: /* Integer VMLA scalar */
6029 case 4: /* Integer VMLS scalar */
6030 case 8: /* Integer VMUL scalar */
6031 case 12: /* VQDMULH scalar */
6032 case 13: /* VQRDMULH scalar */
6033 if (u && ((rd | rn) & 1)) {
6036 tmp = neon_get_scalar(size, rm);
6037 neon_store_scratch(0, tmp);
6038 for (pass = 0; pass < (u ? 4 : 2); pass++) {
6039 tmp = neon_load_scratch(0);
6040 tmp2 = neon_load_reg(rn, pass);
6043 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
6045 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
6047 } else if (op == 13) {
6049 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
6051 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
6053 } else if (op & 1) {
6054 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6055 gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
6056 tcg_temp_free_ptr(fpstatus);
6059 case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
6060 case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
6061 case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
6065 tcg_temp_free_i32(tmp2);
6068 tmp2 = neon_load_reg(rd, pass);
6071 gen_neon_add(size, tmp, tmp2);
6075 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6076 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
6077 tcg_temp_free_ptr(fpstatus);
6081 gen_neon_rsb(size, tmp, tmp2);
6085 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6086 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
6087 tcg_temp_free_ptr(fpstatus);
6093 tcg_temp_free_i32(tmp2);
6095 neon_store_reg(rd, pass, tmp);
6098 case 3: /* VQDMLAL scalar */
6099 case 7: /* VQDMLSL scalar */
6100 case 11: /* VQDMULL scalar */
6105 case 2: /* VMLAL sclar */
6106 case 6: /* VMLSL scalar */
6107 case 10: /* VMULL scalar */
6111 tmp2 = neon_get_scalar(size, rm);
6112 /* We need a copy of tmp2 because gen_neon_mull
6113 * deletes it during pass 0. */
6114 tmp4 = tcg_temp_new_i32();
6115 tcg_gen_mov_i32(tmp4, tmp2);
6116 tmp3 = neon_load_reg(rn, 1);
6118 for (pass = 0; pass < 2; pass++) {
6120 tmp = neon_load_reg(rn, 0);
6125 gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
6127 neon_load_reg64(cpu_V1, rd + pass);
6131 gen_neon_negl(cpu_V0, size);
6134 gen_neon_addl(size);
6137 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6139 gen_neon_negl(cpu_V0, size);
6141 gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
6147 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6152 neon_store_reg64(cpu_V0, rd + pass);
6155 case 14: /* VQRDMLAH scalar */
6156 case 15: /* VQRDMLSH scalar */
6158 NeonGenThreeOpEnvFn *fn;
6160 if (!dc_isar_feature(aa32_rdm, s)) {
6163 if (u && ((rd | rn) & 1)) {
6168 fn = gen_helper_neon_qrdmlah_s16;
6170 fn = gen_helper_neon_qrdmlah_s32;
6174 fn = gen_helper_neon_qrdmlsh_s16;
6176 fn = gen_helper_neon_qrdmlsh_s32;
6180 tmp2 = neon_get_scalar(size, rm);
6181 for (pass = 0; pass < (u ? 4 : 2); pass++) {
6182 tmp = neon_load_reg(rn, pass);
6183 tmp3 = neon_load_reg(rd, pass);
6184 fn(tmp, cpu_env, tmp, tmp2, tmp3);
6185 tcg_temp_free_i32(tmp3);
6186 neon_store_reg(rd, pass, tmp);
6188 tcg_temp_free_i32(tmp2);
6192 g_assert_not_reached();
6195 } else { /* size == 3 */
6198 imm = (insn >> 8) & 0xf;
6203 if (q && ((rd | rn | rm) & 1)) {
6208 neon_load_reg64(cpu_V0, rn);
6210 neon_load_reg64(cpu_V1, rn + 1);
6212 } else if (imm == 8) {
6213 neon_load_reg64(cpu_V0, rn + 1);
6215 neon_load_reg64(cpu_V1, rm);
6218 tmp64 = tcg_temp_new_i64();
6220 neon_load_reg64(cpu_V0, rn);
6221 neon_load_reg64(tmp64, rn + 1);
6223 neon_load_reg64(cpu_V0, rn + 1);
6224 neon_load_reg64(tmp64, rm);
6226 tcg_gen_shri_i64(cpu_V0, cpu_V0, (imm & 7) * 8);
6227 tcg_gen_shli_i64(cpu_V1, tmp64, 64 - ((imm & 7) * 8));
6228 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6230 neon_load_reg64(cpu_V1, rm);
6232 neon_load_reg64(cpu_V1, rm + 1);
6235 tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6236 tcg_gen_shri_i64(tmp64, tmp64, imm * 8);
6237 tcg_gen_or_i64(cpu_V1, cpu_V1, tmp64);
6238 tcg_temp_free_i64(tmp64);
6241 neon_load_reg64(cpu_V0, rn);
6242 tcg_gen_shri_i64(cpu_V0, cpu_V0, imm * 8);
6243 neon_load_reg64(cpu_V1, rm);
6244 tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6245 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6247 neon_store_reg64(cpu_V0, rd);
6249 neon_store_reg64(cpu_V1, rd + 1);
6251 } else if ((insn & (1 << 11)) == 0) {
6252 /* Two register misc. */
6253 op = ((insn >> 12) & 0x30) | ((insn >> 7) & 0xf);
6254 size = (insn >> 18) & 3;
6255 /* UNDEF for unknown op values and bad op-size combinations */
6256 if ((neon_2rm_sizes[op] & (1 << size)) == 0) {
6259 if (neon_2rm_is_v8_op(op) &&
6260 !arm_dc_feature(s, ARM_FEATURE_V8)) {
6263 if ((op != NEON_2RM_VMOVN && op != NEON_2RM_VQMOVN) &&
6264 q && ((rm | rd) & 1)) {
6268 case NEON_2RM_VREV64:
6269 for (pass = 0; pass < (q ? 2 : 1); pass++) {
6270 tmp = neon_load_reg(rm, pass * 2);
6271 tmp2 = neon_load_reg(rm, pass * 2 + 1);
6273 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
6274 case 1: gen_swap_half(tmp); break;
6275 case 2: /* no-op */ break;
6278 neon_store_reg(rd, pass * 2 + 1, tmp);
6280 neon_store_reg(rd, pass * 2, tmp2);
6283 case 0: tcg_gen_bswap32_i32(tmp2, tmp2); break;
6284 case 1: gen_swap_half(tmp2); break;
6287 neon_store_reg(rd, pass * 2, tmp2);
6291 case NEON_2RM_VPADDL: case NEON_2RM_VPADDL_U:
6292 case NEON_2RM_VPADAL: case NEON_2RM_VPADAL_U:
6293 for (pass = 0; pass < q + 1; pass++) {
6294 tmp = neon_load_reg(rm, pass * 2);
6295 gen_neon_widen(cpu_V0, tmp, size, op & 1);
6296 tmp = neon_load_reg(rm, pass * 2 + 1);
6297 gen_neon_widen(cpu_V1, tmp, size, op & 1);
6299 case 0: gen_helper_neon_paddl_u16(CPU_V001); break;
6300 case 1: gen_helper_neon_paddl_u32(CPU_V001); break;
6301 case 2: tcg_gen_add_i64(CPU_V001); break;
6304 if (op >= NEON_2RM_VPADAL) {
6306 neon_load_reg64(cpu_V1, rd + pass);
6307 gen_neon_addl(size);
6309 neon_store_reg64(cpu_V0, rd + pass);
6315 for (n = 0; n < (q ? 4 : 2); n += 2) {
6316 tmp = neon_load_reg(rm, n);
6317 tmp2 = neon_load_reg(rd, n + 1);
6318 neon_store_reg(rm, n, tmp2);
6319 neon_store_reg(rd, n + 1, tmp);
6326 if (gen_neon_unzip(rd, rm, size, q)) {
6331 if (gen_neon_zip(rd, rm, size, q)) {
6335 case NEON_2RM_VMOVN: case NEON_2RM_VQMOVN:
6336 /* also VQMOVUN; op field and mnemonics don't line up */
6341 for (pass = 0; pass < 2; pass++) {
6342 neon_load_reg64(cpu_V0, rm + pass);
6343 tmp = tcg_temp_new_i32();
6344 gen_neon_narrow_op(op == NEON_2RM_VMOVN, q, size,
6349 neon_store_reg(rd, 0, tmp2);
6350 neon_store_reg(rd, 1, tmp);
6354 case NEON_2RM_VSHLL:
6355 if (q || (rd & 1)) {
6358 tmp = neon_load_reg(rm, 0);
6359 tmp2 = neon_load_reg(rm, 1);
6360 for (pass = 0; pass < 2; pass++) {
6363 gen_neon_widen(cpu_V0, tmp, size, 1);
6364 tcg_gen_shli_i64(cpu_V0, cpu_V0, 8 << size);
6365 neon_store_reg64(cpu_V0, rd + pass);
6368 case NEON_2RM_VCVT_F16_F32:
6373 if (!dc_isar_feature(aa32_fp16_spconv, s) ||
6377 fpst = get_fpstatus_ptr(true);
6378 ahp = get_ahp_flag();
6379 tmp = neon_load_reg(rm, 0);
6380 gen_helper_vfp_fcvt_f32_to_f16(tmp, tmp, fpst, ahp);
6381 tmp2 = neon_load_reg(rm, 1);
6382 gen_helper_vfp_fcvt_f32_to_f16(tmp2, tmp2, fpst, ahp);
6383 tcg_gen_shli_i32(tmp2, tmp2, 16);
6384 tcg_gen_or_i32(tmp2, tmp2, tmp);
6385 tcg_temp_free_i32(tmp);
6386 tmp = neon_load_reg(rm, 2);
6387 gen_helper_vfp_fcvt_f32_to_f16(tmp, tmp, fpst, ahp);
6388 tmp3 = neon_load_reg(rm, 3);
6389 neon_store_reg(rd, 0, tmp2);
6390 gen_helper_vfp_fcvt_f32_to_f16(tmp3, tmp3, fpst, ahp);
6391 tcg_gen_shli_i32(tmp3, tmp3, 16);
6392 tcg_gen_or_i32(tmp3, tmp3, tmp);
6393 neon_store_reg(rd, 1, tmp3);
6394 tcg_temp_free_i32(tmp);
6395 tcg_temp_free_i32(ahp);
6396 tcg_temp_free_ptr(fpst);
6399 case NEON_2RM_VCVT_F32_F16:
6403 if (!dc_isar_feature(aa32_fp16_spconv, s) ||
6407 fpst = get_fpstatus_ptr(true);
6408 ahp = get_ahp_flag();
6409 tmp3 = tcg_temp_new_i32();
6410 tmp = neon_load_reg(rm, 0);
6411 tmp2 = neon_load_reg(rm, 1);
6412 tcg_gen_ext16u_i32(tmp3, tmp);
6413 gen_helper_vfp_fcvt_f16_to_f32(tmp3, tmp3, fpst, ahp);
6414 neon_store_reg(rd, 0, tmp3);
6415 tcg_gen_shri_i32(tmp, tmp, 16);
6416 gen_helper_vfp_fcvt_f16_to_f32(tmp, tmp, fpst, ahp);
6417 neon_store_reg(rd, 1, tmp);
6418 tmp3 = tcg_temp_new_i32();
6419 tcg_gen_ext16u_i32(tmp3, tmp2);
6420 gen_helper_vfp_fcvt_f16_to_f32(tmp3, tmp3, fpst, ahp);
6421 neon_store_reg(rd, 2, tmp3);
6422 tcg_gen_shri_i32(tmp2, tmp2, 16);
6423 gen_helper_vfp_fcvt_f16_to_f32(tmp2, tmp2, fpst, ahp);
6424 neon_store_reg(rd, 3, tmp2);
6425 tcg_temp_free_i32(ahp);
6426 tcg_temp_free_ptr(fpst);
6429 case NEON_2RM_AESE: case NEON_2RM_AESMC:
6430 if (!dc_isar_feature(aa32_aes, s) || ((rm | rd) & 1)) {
6433 ptr1 = vfp_reg_ptr(true, rd);
6434 ptr2 = vfp_reg_ptr(true, rm);
6436 /* Bit 6 is the lowest opcode bit; it distinguishes between
6437 * encryption (AESE/AESMC) and decryption (AESD/AESIMC)
6439 tmp3 = tcg_const_i32(extract32(insn, 6, 1));
6441 if (op == NEON_2RM_AESE) {
6442 gen_helper_crypto_aese(ptr1, ptr2, tmp3);
6444 gen_helper_crypto_aesmc(ptr1, ptr2, tmp3);
6446 tcg_temp_free_ptr(ptr1);
6447 tcg_temp_free_ptr(ptr2);
6448 tcg_temp_free_i32(tmp3);
6450 case NEON_2RM_SHA1H:
6451 if (!dc_isar_feature(aa32_sha1, s) || ((rm | rd) & 1)) {
6454 ptr1 = vfp_reg_ptr(true, rd);
6455 ptr2 = vfp_reg_ptr(true, rm);
6457 gen_helper_crypto_sha1h(ptr1, ptr2);
6459 tcg_temp_free_ptr(ptr1);
6460 tcg_temp_free_ptr(ptr2);
6462 case NEON_2RM_SHA1SU1:
6463 if ((rm | rd) & 1) {
6466 /* bit 6 (q): set -> SHA256SU0, cleared -> SHA1SU1 */
6468 if (!dc_isar_feature(aa32_sha2, s)) {
6471 } else if (!dc_isar_feature(aa32_sha1, s)) {
6474 ptr1 = vfp_reg_ptr(true, rd);
6475 ptr2 = vfp_reg_ptr(true, rm);
6477 gen_helper_crypto_sha256su0(ptr1, ptr2);
6479 gen_helper_crypto_sha1su1(ptr1, ptr2);
6481 tcg_temp_free_ptr(ptr1);
6482 tcg_temp_free_ptr(ptr2);
6486 tcg_gen_gvec_not(0, rd_ofs, rm_ofs, vec_size, vec_size);
6489 tcg_gen_gvec_neg(size, rd_ofs, rm_ofs, vec_size, vec_size);
6492 tcg_gen_gvec_abs(size, rd_ofs, rm_ofs, vec_size, vec_size);
6497 for (pass = 0; pass < (q ? 4 : 2); pass++) {
6498 tmp = neon_load_reg(rm, pass);
6500 case NEON_2RM_VREV32:
6502 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
6503 case 1: gen_swap_half(tmp); break;
6507 case NEON_2RM_VREV16:
6512 case 0: gen_helper_neon_cls_s8(tmp, tmp); break;
6513 case 1: gen_helper_neon_cls_s16(tmp, tmp); break;
6514 case 2: gen_helper_neon_cls_s32(tmp, tmp); break;
6520 case 0: gen_helper_neon_clz_u8(tmp, tmp); break;
6521 case 1: gen_helper_neon_clz_u16(tmp, tmp); break;
6522 case 2: tcg_gen_clzi_i32(tmp, tmp, 32); break;
6527 gen_helper_neon_cnt_u8(tmp, tmp);
6529 case NEON_2RM_VQABS:
6532 gen_helper_neon_qabs_s8(tmp, cpu_env, tmp);
6535 gen_helper_neon_qabs_s16(tmp, cpu_env, tmp);
6538 gen_helper_neon_qabs_s32(tmp, cpu_env, tmp);
6543 case NEON_2RM_VQNEG:
6546 gen_helper_neon_qneg_s8(tmp, cpu_env, tmp);
6549 gen_helper_neon_qneg_s16(tmp, cpu_env, tmp);
6552 gen_helper_neon_qneg_s32(tmp, cpu_env, tmp);
6557 case NEON_2RM_VCGT0: case NEON_2RM_VCLE0:
6558 tmp2 = tcg_const_i32(0);
6560 case 0: gen_helper_neon_cgt_s8(tmp, tmp, tmp2); break;
6561 case 1: gen_helper_neon_cgt_s16(tmp, tmp, tmp2); break;
6562 case 2: gen_helper_neon_cgt_s32(tmp, tmp, tmp2); break;
6565 tcg_temp_free_i32(tmp2);
6566 if (op == NEON_2RM_VCLE0) {
6567 tcg_gen_not_i32(tmp, tmp);
6570 case NEON_2RM_VCGE0: case NEON_2RM_VCLT0:
6571 tmp2 = tcg_const_i32(0);
6573 case 0: gen_helper_neon_cge_s8(tmp, tmp, tmp2); break;
6574 case 1: gen_helper_neon_cge_s16(tmp, tmp, tmp2); break;
6575 case 2: gen_helper_neon_cge_s32(tmp, tmp, tmp2); break;
6578 tcg_temp_free_i32(tmp2);
6579 if (op == NEON_2RM_VCLT0) {
6580 tcg_gen_not_i32(tmp, tmp);
6583 case NEON_2RM_VCEQ0:
6584 tmp2 = tcg_const_i32(0);
6586 case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
6587 case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
6588 case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
6591 tcg_temp_free_i32(tmp2);
6593 case NEON_2RM_VCGT0_F:
6595 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6596 tmp2 = tcg_const_i32(0);
6597 gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
6598 tcg_temp_free_i32(tmp2);
6599 tcg_temp_free_ptr(fpstatus);
6602 case NEON_2RM_VCGE0_F:
6604 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6605 tmp2 = tcg_const_i32(0);
6606 gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
6607 tcg_temp_free_i32(tmp2);
6608 tcg_temp_free_ptr(fpstatus);
6611 case NEON_2RM_VCEQ0_F:
6613 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6614 tmp2 = tcg_const_i32(0);
6615 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
6616 tcg_temp_free_i32(tmp2);
6617 tcg_temp_free_ptr(fpstatus);
6620 case NEON_2RM_VCLE0_F:
6622 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6623 tmp2 = tcg_const_i32(0);
6624 gen_helper_neon_cge_f32(tmp, tmp2, tmp, fpstatus);
6625 tcg_temp_free_i32(tmp2);
6626 tcg_temp_free_ptr(fpstatus);
6629 case NEON_2RM_VCLT0_F:
6631 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6632 tmp2 = tcg_const_i32(0);
6633 gen_helper_neon_cgt_f32(tmp, tmp2, tmp, fpstatus);
6634 tcg_temp_free_i32(tmp2);
6635 tcg_temp_free_ptr(fpstatus);
6638 case NEON_2RM_VABS_F:
6639 gen_helper_vfp_abss(tmp, tmp);
6641 case NEON_2RM_VNEG_F:
6642 gen_helper_vfp_negs(tmp, tmp);
6645 tmp2 = neon_load_reg(rd, pass);
6646 neon_store_reg(rm, pass, tmp2);
6649 tmp2 = neon_load_reg(rd, pass);
6651 case 0: gen_neon_trn_u8(tmp, tmp2); break;
6652 case 1: gen_neon_trn_u16(tmp, tmp2); break;
6655 neon_store_reg(rm, pass, tmp2);
6657 case NEON_2RM_VRINTN:
6658 case NEON_2RM_VRINTA:
6659 case NEON_2RM_VRINTM:
6660 case NEON_2RM_VRINTP:
6661 case NEON_2RM_VRINTZ:
6664 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6667 if (op == NEON_2RM_VRINTZ) {
6668 rmode = FPROUNDING_ZERO;
6670 rmode = fp_decode_rm[((op & 0x6) >> 1) ^ 1];
6673 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
6674 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6676 gen_helper_rints(tmp, tmp, fpstatus);
6677 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6679 tcg_temp_free_ptr(fpstatus);
6680 tcg_temp_free_i32(tcg_rmode);
6683 case NEON_2RM_VRINTX:
6685 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6686 gen_helper_rints_exact(tmp, tmp, fpstatus);
6687 tcg_temp_free_ptr(fpstatus);
6690 case NEON_2RM_VCVTAU:
6691 case NEON_2RM_VCVTAS:
6692 case NEON_2RM_VCVTNU:
6693 case NEON_2RM_VCVTNS:
6694 case NEON_2RM_VCVTPU:
6695 case NEON_2RM_VCVTPS:
6696 case NEON_2RM_VCVTMU:
6697 case NEON_2RM_VCVTMS:
6699 bool is_signed = !extract32(insn, 7, 1);
6700 TCGv_ptr fpst = get_fpstatus_ptr(1);
6701 TCGv_i32 tcg_rmode, tcg_shift;
6702 int rmode = fp_decode_rm[extract32(insn, 8, 2)];
6704 tcg_shift = tcg_const_i32(0);
6705 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
6706 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6710 gen_helper_vfp_tosls(tmp, tmp,
6713 gen_helper_vfp_touls(tmp, tmp,
6717 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6719 tcg_temp_free_i32(tcg_rmode);
6720 tcg_temp_free_i32(tcg_shift);
6721 tcg_temp_free_ptr(fpst);
6724 case NEON_2RM_VRECPE:
6726 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6727 gen_helper_recpe_u32(tmp, tmp, fpstatus);
6728 tcg_temp_free_ptr(fpstatus);
6731 case NEON_2RM_VRSQRTE:
6733 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6734 gen_helper_rsqrte_u32(tmp, tmp, fpstatus);
6735 tcg_temp_free_ptr(fpstatus);
6738 case NEON_2RM_VRECPE_F:
6740 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6741 gen_helper_recpe_f32(tmp, tmp, fpstatus);
6742 tcg_temp_free_ptr(fpstatus);
6745 case NEON_2RM_VRSQRTE_F:
6747 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6748 gen_helper_rsqrte_f32(tmp, tmp, fpstatus);
6749 tcg_temp_free_ptr(fpstatus);
6752 case NEON_2RM_VCVT_FS: /* VCVT.F32.S32 */
6754 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6755 gen_helper_vfp_sitos(tmp, tmp, fpstatus);
6756 tcg_temp_free_ptr(fpstatus);
6759 case NEON_2RM_VCVT_FU: /* VCVT.F32.U32 */
6761 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6762 gen_helper_vfp_uitos(tmp, tmp, fpstatus);
6763 tcg_temp_free_ptr(fpstatus);
6766 case NEON_2RM_VCVT_SF: /* VCVT.S32.F32 */
6768 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6769 gen_helper_vfp_tosizs(tmp, tmp, fpstatus);
6770 tcg_temp_free_ptr(fpstatus);
6773 case NEON_2RM_VCVT_UF: /* VCVT.U32.F32 */
6775 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6776 gen_helper_vfp_touizs(tmp, tmp, fpstatus);
6777 tcg_temp_free_ptr(fpstatus);
6781 /* Reserved op values were caught by the
6782 * neon_2rm_sizes[] check earlier.
6786 neon_store_reg(rd, pass, tmp);
6790 } else if ((insn & (1 << 10)) == 0) {
6792 int n = ((insn >> 8) & 3) + 1;
6793 if ((rn + n) > 32) {
6794 /* This is UNPREDICTABLE; we choose to UNDEF to avoid the
6795 * helper function running off the end of the register file.
6800 if (insn & (1 << 6)) {
6801 tmp = neon_load_reg(rd, 0);
6803 tmp = tcg_temp_new_i32();
6804 tcg_gen_movi_i32(tmp, 0);
6806 tmp2 = neon_load_reg(rm, 0);
6807 ptr1 = vfp_reg_ptr(true, rn);
6808 tmp5 = tcg_const_i32(n);
6809 gen_helper_neon_tbl(tmp2, tmp2, tmp, ptr1, tmp5);
6810 tcg_temp_free_i32(tmp);
6811 if (insn & (1 << 6)) {
6812 tmp = neon_load_reg(rd, 1);
6814 tmp = tcg_temp_new_i32();
6815 tcg_gen_movi_i32(tmp, 0);
6817 tmp3 = neon_load_reg(rm, 1);
6818 gen_helper_neon_tbl(tmp3, tmp3, tmp, ptr1, tmp5);
6819 tcg_temp_free_i32(tmp5);
6820 tcg_temp_free_ptr(ptr1);
6821 neon_store_reg(rd, 0, tmp2);
6822 neon_store_reg(rd, 1, tmp3);
6823 tcg_temp_free_i32(tmp);
6824 } else if ((insn & 0x380) == 0) {
6829 if ((insn & (7 << 16)) == 0 || (q && (rd & 1))) {
6832 if (insn & (1 << 16)) {
6834 element = (insn >> 17) & 7;
6835 } else if (insn & (1 << 17)) {
6837 element = (insn >> 18) & 3;
6840 element = (insn >> 19) & 1;
6842 tcg_gen_gvec_dup_mem(size, neon_reg_offset(rd, 0),
6843 neon_element_offset(rm, element, size),
6844 q ? 16 : 8, q ? 16 : 8);
6853 /* Advanced SIMD three registers of the same length extension.
6854 * 31 25 23 22 20 16 12 11 10 9 8 3 0
6855 * +---------------+-----+---+-----+----+----+---+----+---+----+---------+----+
6856 * | 1 1 1 1 1 1 0 | op1 | D | op2 | Vn | Vd | 1 | o3 | 0 | o4 | N Q M U | Vm |
6857 * +---------------+-----+---+-----+----+----+---+----+---+----+---------+----+
6859 static int disas_neon_insn_3same_ext(DisasContext *s, uint32_t insn)
6861 gen_helper_gvec_3 *fn_gvec = NULL;
6862 gen_helper_gvec_3_ptr *fn_gvec_ptr = NULL;
6863 int rd, rn, rm, opr_sz;
6866 bool is_long = false, q = extract32(insn, 6, 1);
6867 bool ptr_is_env = false;
6869 if ((insn & 0xfe200f10) == 0xfc200800) {
6870 /* VCMLA -- 1111 110R R.1S .... .... 1000 ...0 .... */
6871 int size = extract32(insn, 20, 1);
6872 data = extract32(insn, 23, 2); /* rot */
6873 if (!dc_isar_feature(aa32_vcma, s)
6874 || (!size && !dc_isar_feature(aa32_fp16_arith, s))) {
6877 fn_gvec_ptr = size ? gen_helper_gvec_fcmlas : gen_helper_gvec_fcmlah;
6878 } else if ((insn & 0xfea00f10) == 0xfc800800) {
6879 /* VCADD -- 1111 110R 1.0S .... .... 1000 ...0 .... */
6880 int size = extract32(insn, 20, 1);
6881 data = extract32(insn, 24, 1); /* rot */
6882 if (!dc_isar_feature(aa32_vcma, s)
6883 || (!size && !dc_isar_feature(aa32_fp16_arith, s))) {
6886 fn_gvec_ptr = size ? gen_helper_gvec_fcadds : gen_helper_gvec_fcaddh;
6887 } else if ((insn & 0xfeb00f00) == 0xfc200d00) {
6888 /* V[US]DOT -- 1111 1100 0.10 .... .... 1101 .Q.U .... */
6889 bool u = extract32(insn, 4, 1);
6890 if (!dc_isar_feature(aa32_dp, s)) {
6893 fn_gvec = u ? gen_helper_gvec_udot_b : gen_helper_gvec_sdot_b;
6894 } else if ((insn & 0xff300f10) == 0xfc200810) {
6895 /* VFM[AS]L -- 1111 1100 S.10 .... .... 1000 .Q.1 .... */
6896 int is_s = extract32(insn, 23, 1);
6897 if (!dc_isar_feature(aa32_fhm, s)) {
6901 data = is_s; /* is_2 == 0 */
6902 fn_gvec_ptr = gen_helper_gvec_fmlal_a32;
6908 VFP_DREG_D(rd, insn);
6912 if (q || !is_long) {
6913 VFP_DREG_N(rn, insn);
6914 VFP_DREG_M(rm, insn);
6915 if ((rn | rm) & q & !is_long) {
6918 off_rn = vfp_reg_offset(1, rn);
6919 off_rm = vfp_reg_offset(1, rm);
6921 rn = VFP_SREG_N(insn);
6922 rm = VFP_SREG_M(insn);
6923 off_rn = vfp_reg_offset(0, rn);
6924 off_rm = vfp_reg_offset(0, rm);
6927 if (s->fp_excp_el) {
6928 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
6929 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
6932 if (!s->vfp_enabled) {
6936 opr_sz = (1 + q) * 8;
6942 ptr = get_fpstatus_ptr(1);
6944 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd), off_rn, off_rm, ptr,
6945 opr_sz, opr_sz, data, fn_gvec_ptr);
6947 tcg_temp_free_ptr(ptr);
6950 tcg_gen_gvec_3_ool(vfp_reg_offset(1, rd), off_rn, off_rm,
6951 opr_sz, opr_sz, data, fn_gvec);
6956 /* Advanced SIMD two registers and a scalar extension.
6957 * 31 24 23 22 20 16 12 11 10 9 8 3 0
6958 * +-----------------+----+---+----+----+----+---+----+---+----+---------+----+
6959 * | 1 1 1 1 1 1 1 0 | o1 | D | o2 | Vn | Vd | 1 | o3 | 0 | o4 | N Q M U | Vm |
6960 * +-----------------+----+---+----+----+----+---+----+---+----+---------+----+
6964 static int disas_neon_insn_2reg_scalar_ext(DisasContext *s, uint32_t insn)
6966 gen_helper_gvec_3 *fn_gvec = NULL;
6967 gen_helper_gvec_3_ptr *fn_gvec_ptr = NULL;
6968 int rd, rn, rm, opr_sz, data;
6970 bool is_long = false, q = extract32(insn, 6, 1);
6971 bool ptr_is_env = false;
6973 if ((insn & 0xff000f10) == 0xfe000800) {
6974 /* VCMLA (indexed) -- 1111 1110 S.RR .... .... 1000 ...0 .... */
6975 int rot = extract32(insn, 20, 2);
6976 int size = extract32(insn, 23, 1);
6979 if (!dc_isar_feature(aa32_vcma, s)) {
6983 if (!dc_isar_feature(aa32_fp16_arith, s)) {
6986 /* For fp16, rm is just Vm, and index is M. */
6987 rm = extract32(insn, 0, 4);
6988 index = extract32(insn, 5, 1);
6990 /* For fp32, rm is the usual M:Vm, and index is 0. */
6991 VFP_DREG_M(rm, insn);
6994 data = (index << 2) | rot;
6995 fn_gvec_ptr = (size ? gen_helper_gvec_fcmlas_idx
6996 : gen_helper_gvec_fcmlah_idx);
6997 } else if ((insn & 0xffb00f00) == 0xfe200d00) {
6998 /* V[US]DOT -- 1111 1110 0.10 .... .... 1101 .Q.U .... */
6999 int u = extract32(insn, 4, 1);
7001 if (!dc_isar_feature(aa32_dp, s)) {
7004 fn_gvec = u ? gen_helper_gvec_udot_idx_b : gen_helper_gvec_sdot_idx_b;
7005 /* rm is just Vm, and index is M. */
7006 data = extract32(insn, 5, 1); /* index */
7007 rm = extract32(insn, 0, 4);
7008 } else if ((insn & 0xffa00f10) == 0xfe000810) {
7009 /* VFM[AS]L -- 1111 1110 0.0S .... .... 1000 .Q.1 .... */
7010 int is_s = extract32(insn, 20, 1);
7011 int vm20 = extract32(insn, 0, 3);
7012 int vm3 = extract32(insn, 3, 1);
7013 int m = extract32(insn, 5, 1);
7016 if (!dc_isar_feature(aa32_fhm, s)) {
7021 index = m * 2 + vm3;
7027 data = (index << 2) | is_s; /* is_2 == 0 */
7028 fn_gvec_ptr = gen_helper_gvec_fmlal_idx_a32;
7034 VFP_DREG_D(rd, insn);
7038 if (q || !is_long) {
7039 VFP_DREG_N(rn, insn);
7040 if (rn & q & !is_long) {
7043 off_rn = vfp_reg_offset(1, rn);
7044 off_rm = vfp_reg_offset(1, rm);
7046 rn = VFP_SREG_N(insn);
7047 off_rn = vfp_reg_offset(0, rn);
7048 off_rm = vfp_reg_offset(0, rm);
7050 if (s->fp_excp_el) {
7051 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
7052 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
7055 if (!s->vfp_enabled) {
7059 opr_sz = (1 + q) * 8;
7065 ptr = get_fpstatus_ptr(1);
7067 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd), off_rn, off_rm, ptr,
7068 opr_sz, opr_sz, data, fn_gvec_ptr);
7070 tcg_temp_free_ptr(ptr);
7073 tcg_gen_gvec_3_ool(vfp_reg_offset(1, rd), off_rn, off_rm,
7074 opr_sz, opr_sz, data, fn_gvec);
7079 static int disas_coproc_insn(DisasContext *s, uint32_t insn)
7081 int cpnum, is64, crn, crm, opc1, opc2, isread, rt, rt2;
7082 const ARMCPRegInfo *ri;
7084 cpnum = (insn >> 8) & 0xf;
7086 /* First check for coprocessor space used for XScale/iwMMXt insns */
7087 if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cpnum < 2)) {
7088 if (extract32(s->c15_cpar, cpnum, 1) == 0) {
7091 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
7092 return disas_iwmmxt_insn(s, insn);
7093 } else if (arm_dc_feature(s, ARM_FEATURE_XSCALE)) {
7094 return disas_dsp_insn(s, insn);
7099 /* Otherwise treat as a generic register access */
7100 is64 = (insn & (1 << 25)) == 0;
7101 if (!is64 && ((insn & (1 << 4)) == 0)) {
7109 opc1 = (insn >> 4) & 0xf;
7111 rt2 = (insn >> 16) & 0xf;
7113 crn = (insn >> 16) & 0xf;
7114 opc1 = (insn >> 21) & 7;
7115 opc2 = (insn >> 5) & 7;
7118 isread = (insn >> 20) & 1;
7119 rt = (insn >> 12) & 0xf;
7121 ri = get_arm_cp_reginfo(s->cp_regs,
7122 ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));
7124 /* Check access permissions */
7125 if (!cp_access_ok(s->current_el, ri, isread)) {
7130 (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
7131 /* Emit code to perform further access permissions checks at
7132 * runtime; this may result in an exception.
7133 * Note that on XScale all cp0..c13 registers do an access check
7134 * call in order to handle c15_cpar.
7137 TCGv_i32 tcg_syn, tcg_isread;
7140 /* Note that since we are an implementation which takes an
7141 * exception on a trapped conditional instruction only if the
7142 * instruction passes its condition code check, we can take
7143 * advantage of the clause in the ARM ARM that allows us to set
7144 * the COND field in the instruction to 0xE in all cases.
7145 * We could fish the actual condition out of the insn (ARM)
7146 * or the condexec bits (Thumb) but it isn't necessary.
7151 syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7154 syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7160 syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7163 syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7168 /* ARMv8 defines that only coprocessors 14 and 15 exist,
7169 * so this can only happen if this is an ARMv7 or earlier CPU,
7170 * in which case the syndrome information won't actually be
7173 assert(!arm_dc_feature(s, ARM_FEATURE_V8));
7174 syndrome = syn_uncategorized();
7178 gen_set_condexec(s);
7179 gen_set_pc_im(s, s->pc_curr);
7180 tmpptr = tcg_const_ptr(ri);
7181 tcg_syn = tcg_const_i32(syndrome);
7182 tcg_isread = tcg_const_i32(isread);
7183 gen_helper_access_check_cp_reg(cpu_env, tmpptr, tcg_syn,
7185 tcg_temp_free_ptr(tmpptr);
7186 tcg_temp_free_i32(tcg_syn);
7187 tcg_temp_free_i32(tcg_isread);
7188 } else if (ri->type & ARM_CP_RAISES_EXC) {
7190 * The readfn or writefn might raise an exception;
7191 * synchronize the CPU state in case it does.
7193 gen_set_condexec(s);
7194 gen_set_pc_im(s, s->pc_curr);
7197 /* Handle special cases first */
7198 switch (ri->type & ~(ARM_CP_FLAG_MASK & ~ARM_CP_SPECIAL)) {
7205 gen_set_pc_im(s, s->base.pc_next);
7206 s->base.is_jmp = DISAS_WFI;
7212 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7221 if (ri->type & ARM_CP_CONST) {
7222 tmp64 = tcg_const_i64(ri->resetvalue);
7223 } else if (ri->readfn) {
7225 tmp64 = tcg_temp_new_i64();
7226 tmpptr = tcg_const_ptr(ri);
7227 gen_helper_get_cp_reg64(tmp64, cpu_env, tmpptr);
7228 tcg_temp_free_ptr(tmpptr);
7230 tmp64 = tcg_temp_new_i64();
7231 tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
7233 tmp = tcg_temp_new_i32();
7234 tcg_gen_extrl_i64_i32(tmp, tmp64);
7235 store_reg(s, rt, tmp);
7236 tmp = tcg_temp_new_i32();
7237 tcg_gen_extrh_i64_i32(tmp, tmp64);
7238 tcg_temp_free_i64(tmp64);
7239 store_reg(s, rt2, tmp);
7242 if (ri->type & ARM_CP_CONST) {
7243 tmp = tcg_const_i32(ri->resetvalue);
7244 } else if (ri->readfn) {
7246 tmp = tcg_temp_new_i32();
7247 tmpptr = tcg_const_ptr(ri);
7248 gen_helper_get_cp_reg(tmp, cpu_env, tmpptr);
7249 tcg_temp_free_ptr(tmpptr);
7251 tmp = load_cpu_offset(ri->fieldoffset);
7254 /* Destination register of r15 for 32 bit loads sets
7255 * the condition codes from the high 4 bits of the value
7258 tcg_temp_free_i32(tmp);
7260 store_reg(s, rt, tmp);
7265 if (ri->type & ARM_CP_CONST) {
7266 /* If not forbidden by access permissions, treat as WI */
7271 TCGv_i32 tmplo, tmphi;
7272 TCGv_i64 tmp64 = tcg_temp_new_i64();
7273 tmplo = load_reg(s, rt);
7274 tmphi = load_reg(s, rt2);
7275 tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);
7276 tcg_temp_free_i32(tmplo);
7277 tcg_temp_free_i32(tmphi);
7279 TCGv_ptr tmpptr = tcg_const_ptr(ri);
7280 gen_helper_set_cp_reg64(cpu_env, tmpptr, tmp64);
7281 tcg_temp_free_ptr(tmpptr);
7283 tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
7285 tcg_temp_free_i64(tmp64);
7290 tmp = load_reg(s, rt);
7291 tmpptr = tcg_const_ptr(ri);
7292 gen_helper_set_cp_reg(cpu_env, tmpptr, tmp);
7293 tcg_temp_free_ptr(tmpptr);
7294 tcg_temp_free_i32(tmp);
7296 TCGv_i32 tmp = load_reg(s, rt);
7297 store_cpu_offset(tmp, ri->fieldoffset);
7302 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7303 /* I/O operations must end the TB here (whether read or write) */
7305 } else if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
7306 /* We default to ending the TB on a coprocessor register write,
7307 * but allow this to be suppressed by the register definition
7308 * (usually only necessary to work around guest bugs).
7316 /* Unknown register; this might be a guest error or a QEMU
7317 * unimplemented feature.
7320 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7321 "64 bit system register cp:%d opc1: %d crm:%d "
7323 isread ? "read" : "write", cpnum, opc1, crm,
7324 s->ns ? "non-secure" : "secure");
7326 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7327 "system register cp:%d opc1:%d crn:%d crm:%d opc2:%d "
7329 isread ? "read" : "write", cpnum, opc1, crn, crm, opc2,
7330 s->ns ? "non-secure" : "secure");
7337 /* Store a 64-bit value to a register pair. Clobbers val. */
7338 static void gen_storeq_reg(DisasContext *s, int rlow, int rhigh, TCGv_i64 val)
7341 tmp = tcg_temp_new_i32();
7342 tcg_gen_extrl_i64_i32(tmp, val);
7343 store_reg(s, rlow, tmp);
7344 tmp = tcg_temp_new_i32();
7345 tcg_gen_extrh_i64_i32(tmp, val);
7346 store_reg(s, rhigh, tmp);
7349 /* load and add a 64-bit value from a register pair. */
7350 static void gen_addq(DisasContext *s, TCGv_i64 val, int rlow, int rhigh)
7356 /* Load 64-bit value rd:rn. */
7357 tmpl = load_reg(s, rlow);
7358 tmph = load_reg(s, rhigh);
7359 tmp = tcg_temp_new_i64();
7360 tcg_gen_concat_i32_i64(tmp, tmpl, tmph);
7361 tcg_temp_free_i32(tmpl);
7362 tcg_temp_free_i32(tmph);
7363 tcg_gen_add_i64(val, val, tmp);
7364 tcg_temp_free_i64(tmp);
7367 /* Set N and Z flags from hi|lo. */
7368 static void gen_logicq_cc(TCGv_i32 lo, TCGv_i32 hi)
7370 tcg_gen_mov_i32(cpu_NF, hi);
7371 tcg_gen_or_i32(cpu_ZF, lo, hi);
7374 /* Load/Store exclusive instructions are implemented by remembering
7375 the value/address loaded, and seeing if these are the same
7376 when the store is performed. This should be sufficient to implement
7377 the architecturally mandated semantics, and avoids having to monitor
7378 regular stores. The compare vs the remembered value is done during
7379 the cmpxchg operation, but we must compare the addresses manually. */
7380 static void gen_load_exclusive(DisasContext *s, int rt, int rt2,
7381 TCGv_i32 addr, int size)
7383 TCGv_i32 tmp = tcg_temp_new_i32();
7384 MemOp opc = size | MO_ALIGN | s->be_data;
7389 TCGv_i32 tmp2 = tcg_temp_new_i32();
7390 TCGv_i64 t64 = tcg_temp_new_i64();
7392 /* For AArch32, architecturally the 32-bit word at the lowest
7393 * address is always Rt and the one at addr+4 is Rt2, even if
7394 * the CPU is big-endian. That means we don't want to do a
7395 * gen_aa32_ld_i64(), which invokes gen_aa32_frob64() as if
7396 * for an architecturally 64-bit access, but instead do a
7397 * 64-bit access using MO_BE if appropriate and then split
7399 * This only makes a difference for BE32 user-mode, where
7400 * frob64() must not flip the two halves of the 64-bit data
7401 * but this code must treat BE32 user-mode like BE32 system.
7403 TCGv taddr = gen_aa32_addr(s, addr, opc);
7405 tcg_gen_qemu_ld_i64(t64, taddr, get_mem_index(s), opc);
7406 tcg_temp_free(taddr);
7407 tcg_gen_mov_i64(cpu_exclusive_val, t64);
7408 if (s->be_data == MO_BE) {
7409 tcg_gen_extr_i64_i32(tmp2, tmp, t64);
7411 tcg_gen_extr_i64_i32(tmp, tmp2, t64);
7413 tcg_temp_free_i64(t64);
7415 store_reg(s, rt2, tmp2);
7417 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), opc);
7418 tcg_gen_extu_i32_i64(cpu_exclusive_val, tmp);
7421 store_reg(s, rt, tmp);
7422 tcg_gen_extu_i32_i64(cpu_exclusive_addr, addr);
7425 static void gen_clrex(DisasContext *s)
7427 tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7430 static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
7431 TCGv_i32 addr, int size)
7433 TCGv_i32 t0, t1, t2;
7436 TCGLabel *done_label;
7437 TCGLabel *fail_label;
7438 MemOp opc = size | MO_ALIGN | s->be_data;
7440 /* if (env->exclusive_addr == addr && env->exclusive_val == [addr]) {
7446 fail_label = gen_new_label();
7447 done_label = gen_new_label();
7448 extaddr = tcg_temp_new_i64();
7449 tcg_gen_extu_i32_i64(extaddr, addr);
7450 tcg_gen_brcond_i64(TCG_COND_NE, extaddr, cpu_exclusive_addr, fail_label);
7451 tcg_temp_free_i64(extaddr);
7453 taddr = gen_aa32_addr(s, addr, opc);
7454 t0 = tcg_temp_new_i32();
7455 t1 = load_reg(s, rt);
7457 TCGv_i64 o64 = tcg_temp_new_i64();
7458 TCGv_i64 n64 = tcg_temp_new_i64();
7460 t2 = load_reg(s, rt2);
7461 /* For AArch32, architecturally the 32-bit word at the lowest
7462 * address is always Rt and the one at addr+4 is Rt2, even if
7463 * the CPU is big-endian. Since we're going to treat this as a
7464 * single 64-bit BE store, we need to put the two halves in the
7465 * opposite order for BE to LE, so that they end up in the right
7467 * We don't want gen_aa32_frob64() because that does the wrong
7468 * thing for BE32 usermode.
7470 if (s->be_data == MO_BE) {
7471 tcg_gen_concat_i32_i64(n64, t2, t1);
7473 tcg_gen_concat_i32_i64(n64, t1, t2);
7475 tcg_temp_free_i32(t2);
7477 tcg_gen_atomic_cmpxchg_i64(o64, taddr, cpu_exclusive_val, n64,
7478 get_mem_index(s), opc);
7479 tcg_temp_free_i64(n64);
7481 tcg_gen_setcond_i64(TCG_COND_NE, o64, o64, cpu_exclusive_val);
7482 tcg_gen_extrl_i64_i32(t0, o64);
7484 tcg_temp_free_i64(o64);
7486 t2 = tcg_temp_new_i32();
7487 tcg_gen_extrl_i64_i32(t2, cpu_exclusive_val);
7488 tcg_gen_atomic_cmpxchg_i32(t0, taddr, t2, t1, get_mem_index(s), opc);
7489 tcg_gen_setcond_i32(TCG_COND_NE, t0, t0, t2);
7490 tcg_temp_free_i32(t2);
7492 tcg_temp_free_i32(t1);
7493 tcg_temp_free(taddr);
7494 tcg_gen_mov_i32(cpu_R[rd], t0);
7495 tcg_temp_free_i32(t0);
7496 tcg_gen_br(done_label);
7498 gen_set_label(fail_label);
7499 tcg_gen_movi_i32(cpu_R[rd], 1);
7500 gen_set_label(done_label);
7501 tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7507 * @mode: mode field from insn (which stack to store to)
7508 * @amode: addressing mode (DA/IA/DB/IB), encoded as per P,U bits in ARM insn
7509 * @writeback: true if writeback bit set
7511 * Generate code for the SRS (Store Return State) insn.
7513 static void gen_srs(DisasContext *s,
7514 uint32_t mode, uint32_t amode, bool writeback)
7521 * - trapped to EL3 if EL3 is AArch64 and we are at Secure EL1
7522 * and specified mode is monitor mode
7523 * - UNDEFINED in Hyp mode
7524 * - UNPREDICTABLE in User or System mode
7525 * - UNPREDICTABLE if the specified mode is:
7526 * -- not implemented
7527 * -- not a valid mode number
7528 * -- a mode that's at a higher exception level
7529 * -- Monitor, if we are Non-secure
7530 * For the UNPREDICTABLE cases we choose to UNDEF.
7532 if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) {
7533 gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(), 3);
7537 if (s->current_el == 0 || s->current_el == 2) {
7542 case ARM_CPU_MODE_USR:
7543 case ARM_CPU_MODE_FIQ:
7544 case ARM_CPU_MODE_IRQ:
7545 case ARM_CPU_MODE_SVC:
7546 case ARM_CPU_MODE_ABT:
7547 case ARM_CPU_MODE_UND:
7548 case ARM_CPU_MODE_SYS:
7550 case ARM_CPU_MODE_HYP:
7551 if (s->current_el == 1 || !arm_dc_feature(s, ARM_FEATURE_EL2)) {
7555 case ARM_CPU_MODE_MON:
7556 /* No need to check specifically for "are we non-secure" because
7557 * we've already made EL0 UNDEF and handled the trap for S-EL1;
7558 * so if this isn't EL3 then we must be non-secure.
7560 if (s->current_el != 3) {
7569 unallocated_encoding(s);
7573 addr = tcg_temp_new_i32();
7574 tmp = tcg_const_i32(mode);
7575 /* get_r13_banked() will raise an exception if called from System mode */
7576 gen_set_condexec(s);
7577 gen_set_pc_im(s, s->pc_curr);
7578 gen_helper_get_r13_banked(addr, cpu_env, tmp);
7579 tcg_temp_free_i32(tmp);
7596 tcg_gen_addi_i32(addr, addr, offset);
7597 tmp = load_reg(s, 14);
7598 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
7599 tcg_temp_free_i32(tmp);
7600 tmp = load_cpu_field(spsr);
7601 tcg_gen_addi_i32(addr, addr, 4);
7602 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
7603 tcg_temp_free_i32(tmp);
7621 tcg_gen_addi_i32(addr, addr, offset);
7622 tmp = tcg_const_i32(mode);
7623 gen_helper_set_r13_banked(cpu_env, tmp, addr);
7624 tcg_temp_free_i32(tmp);
7626 tcg_temp_free_i32(addr);
7627 s->base.is_jmp = DISAS_UPDATE;
7630 /* Generate a label used for skipping this instruction */
7631 static void arm_gen_condlabel(DisasContext *s)
7634 s->condlabel = gen_new_label();
7639 /* Skip this instruction if the ARM condition is false */
7640 static void arm_skip_unless(DisasContext *s, uint32_t cond)
7642 arm_gen_condlabel(s);
7643 arm_gen_test_cc(cond ^ 1, s->condlabel);
7648 * Constant expanders for the decoders.
7651 static int times_2(DisasContext *s, int x)
7656 /* Return only the rotation part of T32ExpandImm. */
7657 static int t32_expandimm_rot(DisasContext *s, int x)
7659 return x & 0xc00 ? extract32(x, 7, 5) : 0;
7662 /* Return the unrotated immediate from T32ExpandImm. */
7663 static int t32_expandimm_imm(DisasContext *s, int x)
7665 int imm = extract32(x, 0, 8);
7667 switch (extract32(x, 8, 4)) {
7669 /* Nothing to do. */
7671 case 1: /* 00XY00XY */
7674 case 2: /* XY00XY00 */
7677 case 3: /* XYXYXYXY */
7681 /* Rotated constant. */
7689 * Include the generated decoders.
7692 #include "decode-a32.inc.c"
7693 #include "decode-a32-uncond.inc.c"
7694 #include "decode-t32.inc.c"
7696 /* Helpers to swap operands for reverse-subtract. */
7697 static void gen_rsb(TCGv_i32 dst, TCGv_i32 a, TCGv_i32 b)
7699 tcg_gen_sub_i32(dst, b, a);
7702 static void gen_rsb_CC(TCGv_i32 dst, TCGv_i32 a, TCGv_i32 b)
7704 gen_sub_CC(dst, b, a);
7707 static void gen_rsc(TCGv_i32 dest, TCGv_i32 a, TCGv_i32 b)
7709 gen_sub_carry(dest, b, a);
7712 static void gen_rsc_CC(TCGv_i32 dest, TCGv_i32 a, TCGv_i32 b)
7714 gen_sbc_CC(dest, b, a);
7718 * Helpers for the data processing routines.
7720 * After the computation store the results back.
7721 * This may be suppressed altogether (STREG_NONE), require a runtime
7722 * check against the stack limits (STREG_SP_CHECK), or generate an
7723 * exception return. Oh, or store into a register.
7725 * Always return true, indicating success for a trans_* function.
7734 static bool store_reg_kind(DisasContext *s, int rd,
7735 TCGv_i32 val, StoreRegKind kind)
7739 tcg_temp_free_i32(val);
7742 /* See ALUWritePC: Interworking only from a32 mode. */
7744 store_reg(s, rd, val);
7746 store_reg_bx(s, rd, val);
7749 case STREG_SP_CHECK:
7750 store_sp_checked(s, val);
7753 gen_exception_return(s, val);
7756 g_assert_not_reached();
7760 * Data Processing (register)
7762 * Operate, with set flags, one register source,
7763 * one immediate shifted register source, and a destination.
7765 static bool op_s_rrr_shi(DisasContext *s, arg_s_rrr_shi *a,
7766 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32),
7767 int logic_cc, StoreRegKind kind)
7769 TCGv_i32 tmp1, tmp2;
7771 tmp2 = load_reg(s, a->rm);
7772 gen_arm_shift_im(tmp2, a->shty, a->shim, logic_cc);
7773 tmp1 = load_reg(s, a->rn);
7775 gen(tmp1, tmp1, tmp2);
7776 tcg_temp_free_i32(tmp2);
7781 return store_reg_kind(s, a->rd, tmp1, kind);
7784 static bool op_s_rxr_shi(DisasContext *s, arg_s_rrr_shi *a,
7785 void (*gen)(TCGv_i32, TCGv_i32),
7786 int logic_cc, StoreRegKind kind)
7790 tmp = load_reg(s, a->rm);
7791 gen_arm_shift_im(tmp, a->shty, a->shim, logic_cc);
7797 return store_reg_kind(s, a->rd, tmp, kind);
7801 * Data-processing (register-shifted register)
7803 * Operate, with set flags, one register source,
7804 * one register shifted register source, and a destination.
7806 static bool op_s_rrr_shr(DisasContext *s, arg_s_rrr_shr *a,
7807 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32),
7808 int logic_cc, StoreRegKind kind)
7810 TCGv_i32 tmp1, tmp2;
7812 tmp1 = load_reg(s, a->rs);
7813 tmp2 = load_reg(s, a->rm);
7814 gen_arm_shift_reg(tmp2, a->shty, tmp1, logic_cc);
7815 tmp1 = load_reg(s, a->rn);
7817 gen(tmp1, tmp1, tmp2);
7818 tcg_temp_free_i32(tmp2);
7823 return store_reg_kind(s, a->rd, tmp1, kind);
7826 static bool op_s_rxr_shr(DisasContext *s, arg_s_rrr_shr *a,
7827 void (*gen)(TCGv_i32, TCGv_i32),
7828 int logic_cc, StoreRegKind kind)
7830 TCGv_i32 tmp1, tmp2;
7832 tmp1 = load_reg(s, a->rs);
7833 tmp2 = load_reg(s, a->rm);
7834 gen_arm_shift_reg(tmp2, a->shty, tmp1, logic_cc);
7840 return store_reg_kind(s, a->rd, tmp2, kind);
7844 * Data-processing (immediate)
7846 * Operate, with set flags, one register source,
7847 * one rotated immediate, and a destination.
7849 * Note that logic_cc && a->rot setting CF based on the msb of the
7850 * immediate is the reason why we must pass in the unrotated form
7853 static bool op_s_rri_rot(DisasContext *s, arg_s_rri_rot *a,
7854 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32),
7855 int logic_cc, StoreRegKind kind)
7857 TCGv_i32 tmp1, tmp2;
7860 imm = ror32(a->imm, a->rot);
7861 if (logic_cc && a->rot) {
7862 tcg_gen_movi_i32(cpu_CF, imm >> 31);
7864 tmp2 = tcg_const_i32(imm);
7865 tmp1 = load_reg(s, a->rn);
7867 gen(tmp1, tmp1, tmp2);
7868 tcg_temp_free_i32(tmp2);
7873 return store_reg_kind(s, a->rd, tmp1, kind);
7876 static bool op_s_rxi_rot(DisasContext *s, arg_s_rri_rot *a,
7877 void (*gen)(TCGv_i32, TCGv_i32),
7878 int logic_cc, StoreRegKind kind)
7883 imm = ror32(a->imm, a->rot);
7884 if (logic_cc && a->rot) {
7885 tcg_gen_movi_i32(cpu_CF, imm >> 31);
7887 tmp = tcg_const_i32(imm);
7893 return store_reg_kind(s, a->rd, tmp, kind);
7896 #define DO_ANY3(NAME, OP, L, K) \
7897 static bool trans_##NAME##_rrri(DisasContext *s, arg_s_rrr_shi *a) \
7898 { StoreRegKind k = (K); return op_s_rrr_shi(s, a, OP, L, k); } \
7899 static bool trans_##NAME##_rrrr(DisasContext *s, arg_s_rrr_shr *a) \
7900 { StoreRegKind k = (K); return op_s_rrr_shr(s, a, OP, L, k); } \
7901 static bool trans_##NAME##_rri(DisasContext *s, arg_s_rri_rot *a) \
7902 { StoreRegKind k = (K); return op_s_rri_rot(s, a, OP, L, k); }
7904 #define DO_ANY2(NAME, OP, L, K) \
7905 static bool trans_##NAME##_rxri(DisasContext *s, arg_s_rrr_shi *a) \
7906 { StoreRegKind k = (K); return op_s_rxr_shi(s, a, OP, L, k); } \
7907 static bool trans_##NAME##_rxrr(DisasContext *s, arg_s_rrr_shr *a) \
7908 { StoreRegKind k = (K); return op_s_rxr_shr(s, a, OP, L, k); } \
7909 static bool trans_##NAME##_rxi(DisasContext *s, arg_s_rri_rot *a) \
7910 { StoreRegKind k = (K); return op_s_rxi_rot(s, a, OP, L, k); }
7912 #define DO_CMP2(NAME, OP, L) \
7913 static bool trans_##NAME##_xrri(DisasContext *s, arg_s_rrr_shi *a) \
7914 { return op_s_rrr_shi(s, a, OP, L, STREG_NONE); } \
7915 static bool trans_##NAME##_xrrr(DisasContext *s, arg_s_rrr_shr *a) \
7916 { return op_s_rrr_shr(s, a, OP, L, STREG_NONE); } \
7917 static bool trans_##NAME##_xri(DisasContext *s, arg_s_rri_rot *a) \
7918 { return op_s_rri_rot(s, a, OP, L, STREG_NONE); }
7920 DO_ANY3(AND, tcg_gen_and_i32, a->s, STREG_NORMAL)
7921 DO_ANY3(EOR, tcg_gen_xor_i32, a->s, STREG_NORMAL)
7922 DO_ANY3(ORR, tcg_gen_or_i32, a->s, STREG_NORMAL)
7923 DO_ANY3(BIC, tcg_gen_andc_i32, a->s, STREG_NORMAL)
7925 DO_ANY3(RSB, a->s ? gen_rsb_CC : gen_rsb, false, STREG_NORMAL)
7926 DO_ANY3(ADC, a->s ? gen_adc_CC : gen_add_carry, false, STREG_NORMAL)
7927 DO_ANY3(SBC, a->s ? gen_sbc_CC : gen_sub_carry, false, STREG_NORMAL)
7928 DO_ANY3(RSC, a->s ? gen_rsc_CC : gen_rsc, false, STREG_NORMAL)
7930 DO_CMP2(TST, tcg_gen_and_i32, true)
7931 DO_CMP2(TEQ, tcg_gen_xor_i32, true)
7932 DO_CMP2(CMN, gen_add_CC, false)
7933 DO_CMP2(CMP, gen_sub_CC, false)
7935 DO_ANY3(ADD, a->s ? gen_add_CC : tcg_gen_add_i32, false,
7936 a->rd == 13 && a->rn == 13 ? STREG_SP_CHECK : STREG_NORMAL)
7939 * Note for the computation of StoreRegKind we return out of the
7940 * middle of the functions that are expanded by DO_ANY3, and that
7941 * we modify a->s via that parameter before it is used by OP.
7943 DO_ANY3(SUB, a->s ? gen_sub_CC : tcg_gen_sub_i32, false,
7945 StoreRegKind ret = STREG_NORMAL;
7946 if (a->rd == 15 && a->s) {
7948 * See ALUExceptionReturn:
7949 * In User mode, UNPREDICTABLE; we choose UNDEF.
7950 * In Hyp mode, UNDEFINED.
7952 if (IS_USER(s) || s->current_el == 2) {
7953 unallocated_encoding(s);
7956 /* There is no writeback of nzcv to PSTATE. */
7958 ret = STREG_EXC_RET;
7959 } else if (a->rd == 13 && a->rn == 13) {
7960 ret = STREG_SP_CHECK;
7965 DO_ANY2(MOV, tcg_gen_mov_i32, a->s,
7967 StoreRegKind ret = STREG_NORMAL;
7968 if (a->rd == 15 && a->s) {
7970 * See ALUExceptionReturn:
7971 * In User mode, UNPREDICTABLE; we choose UNDEF.
7972 * In Hyp mode, UNDEFINED.
7974 if (IS_USER(s) || s->current_el == 2) {
7975 unallocated_encoding(s);
7978 /* There is no writeback of nzcv to PSTATE. */
7980 ret = STREG_EXC_RET;
7981 } else if (a->rd == 13) {
7982 ret = STREG_SP_CHECK;
7987 DO_ANY2(MVN, tcg_gen_not_i32, a->s, STREG_NORMAL)
7990 * ORN is only available with T32, so there is no register-shifted-register
7991 * form of the insn. Using the DO_ANY3 macro would create an unused function.
7993 static bool trans_ORN_rrri(DisasContext *s, arg_s_rrr_shi *a)
7995 return op_s_rrr_shi(s, a, tcg_gen_orc_i32, a->s, STREG_NORMAL);
7998 static bool trans_ORN_rri(DisasContext *s, arg_s_rri_rot *a)
8000 return op_s_rri_rot(s, a, tcg_gen_orc_i32, a->s, STREG_NORMAL);
8008 * Multiply and multiply accumulate
8011 static bool op_mla(DisasContext *s, arg_s_rrrr *a, bool add)
8015 t1 = load_reg(s, a->rn);
8016 t2 = load_reg(s, a->rm);
8017 tcg_gen_mul_i32(t1, t1, t2);
8018 tcg_temp_free_i32(t2);
8020 t2 = load_reg(s, a->ra);
8021 tcg_gen_add_i32(t1, t1, t2);
8022 tcg_temp_free_i32(t2);
8027 store_reg(s, a->rd, t1);
8031 static bool trans_MUL(DisasContext *s, arg_MUL *a)
8033 return op_mla(s, a, false);
8036 static bool trans_MLA(DisasContext *s, arg_MLA *a)
8038 return op_mla(s, a, true);
8041 static bool trans_MLS(DisasContext *s, arg_MLS *a)
8045 if (!ENABLE_ARCH_6T2) {
8048 t1 = load_reg(s, a->rn);
8049 t2 = load_reg(s, a->rm);
8050 tcg_gen_mul_i32(t1, t1, t2);
8051 tcg_temp_free_i32(t2);
8052 t2 = load_reg(s, a->ra);
8053 tcg_gen_sub_i32(t1, t2, t1);
8054 tcg_temp_free_i32(t2);
8055 store_reg(s, a->rd, t1);
8059 static bool op_mlal(DisasContext *s, arg_s_rrrr *a, bool uns, bool add)
8061 TCGv_i32 t0, t1, t2, t3;
8063 t0 = load_reg(s, a->rm);
8064 t1 = load_reg(s, a->rn);
8066 tcg_gen_mulu2_i32(t0, t1, t0, t1);
8068 tcg_gen_muls2_i32(t0, t1, t0, t1);
8071 t2 = load_reg(s, a->ra);
8072 t3 = load_reg(s, a->rd);
8073 tcg_gen_add2_i32(t0, t1, t0, t1, t2, t3);
8074 tcg_temp_free_i32(t2);
8075 tcg_temp_free_i32(t3);
8078 gen_logicq_cc(t0, t1);
8080 store_reg(s, a->ra, t0);
8081 store_reg(s, a->rd, t1);
8085 static bool trans_UMULL(DisasContext *s, arg_UMULL *a)
8087 return op_mlal(s, a, true, false);
8090 static bool trans_SMULL(DisasContext *s, arg_SMULL *a)
8092 return op_mlal(s, a, false, false);
8095 static bool trans_UMLAL(DisasContext *s, arg_UMLAL *a)
8097 return op_mlal(s, a, true, true);
8100 static bool trans_SMLAL(DisasContext *s, arg_SMLAL *a)
8102 return op_mlal(s, a, false, true);
8105 static bool trans_UMAAL(DisasContext *s, arg_UMAAL *a)
8107 TCGv_i32 t0, t1, t2, zero;
8110 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)
8115 t0 = load_reg(s, a->rm);
8116 t1 = load_reg(s, a->rn);
8117 tcg_gen_mulu2_i32(t0, t1, t0, t1);
8118 zero = tcg_const_i32(0);
8119 t2 = load_reg(s, a->ra);
8120 tcg_gen_add2_i32(t0, t1, t0, t1, t2, zero);
8121 tcg_temp_free_i32(t2);
8122 t2 = load_reg(s, a->rd);
8123 tcg_gen_add2_i32(t0, t1, t0, t1, t2, zero);
8124 tcg_temp_free_i32(t2);
8125 tcg_temp_free_i32(zero);
8126 store_reg(s, a->ra, t0);
8127 store_reg(s, a->rd, t1);
8132 * Saturating addition and subtraction
8135 static bool op_qaddsub(DisasContext *s, arg_rrr *a, bool add, bool doub)
8140 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)
8141 : !ENABLE_ARCH_5TE) {
8145 t0 = load_reg(s, a->rm);
8146 t1 = load_reg(s, a->rn);
8148 gen_helper_add_saturate(t1, cpu_env, t1, t1);
8151 gen_helper_add_saturate(t0, cpu_env, t0, t1);
8153 gen_helper_sub_saturate(t0, cpu_env, t0, t1);
8155 tcg_temp_free_i32(t1);
8156 store_reg(s, a->rd, t0);
8160 #define DO_QADDSUB(NAME, ADD, DOUB) \
8161 static bool trans_##NAME(DisasContext *s, arg_rrr *a) \
8163 return op_qaddsub(s, a, ADD, DOUB); \
8166 DO_QADDSUB(QADD, true, false)
8167 DO_QADDSUB(QSUB, false, false)
8168 DO_QADDSUB(QDADD, true, true)
8169 DO_QADDSUB(QDSUB, false, true)
8174 * Halfword multiply and multiply accumulate
8177 static bool op_smlaxxx(DisasContext *s, arg_rrrr *a,
8178 int add_long, bool nt, bool mt)
8180 TCGv_i32 t0, t1, tl, th;
8183 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)
8184 : !ENABLE_ARCH_5TE) {
8188 t0 = load_reg(s, a->rn);
8189 t1 = load_reg(s, a->rm);
8190 gen_mulxy(t0, t1, nt, mt);
8191 tcg_temp_free_i32(t1);
8195 store_reg(s, a->rd, t0);
8198 t1 = load_reg(s, a->ra);
8199 gen_helper_add_setq(t0, cpu_env, t0, t1);
8200 tcg_temp_free_i32(t1);
8201 store_reg(s, a->rd, t0);
8204 tl = load_reg(s, a->ra);
8205 th = load_reg(s, a->rd);
8206 t1 = tcg_const_i32(0);
8207 tcg_gen_add2_i32(tl, th, tl, th, t0, t1);
8208 tcg_temp_free_i32(t0);
8209 tcg_temp_free_i32(t1);
8210 store_reg(s, a->ra, tl);
8211 store_reg(s, a->rd, th);
8214 g_assert_not_reached();
8219 #define DO_SMLAX(NAME, add, nt, mt) \
8220 static bool trans_##NAME(DisasContext *s, arg_rrrr *a) \
8222 return op_smlaxxx(s, a, add, nt, mt); \
8225 DO_SMLAX(SMULBB, 0, 0, 0)
8226 DO_SMLAX(SMULBT, 0, 0, 1)
8227 DO_SMLAX(SMULTB, 0, 1, 0)
8228 DO_SMLAX(SMULTT, 0, 1, 1)
8230 DO_SMLAX(SMLABB, 1, 0, 0)
8231 DO_SMLAX(SMLABT, 1, 0, 1)
8232 DO_SMLAX(SMLATB, 1, 1, 0)
8233 DO_SMLAX(SMLATT, 1, 1, 1)
8235 DO_SMLAX(SMLALBB, 2, 0, 0)
8236 DO_SMLAX(SMLALBT, 2, 0, 1)
8237 DO_SMLAX(SMLALTB, 2, 1, 0)
8238 DO_SMLAX(SMLALTT, 2, 1, 1)
8242 static bool op_smlawx(DisasContext *s, arg_rrrr *a, bool add, bool mt)
8246 if (!ENABLE_ARCH_5TE) {
8250 t0 = load_reg(s, a->rn);
8251 t1 = load_reg(s, a->rm);
8253 * Since the nominal result is product<47:16>, shift the 16-bit
8254 * input up by 16 bits, so that the result is at product<63:32>.
8257 tcg_gen_andi_i32(t1, t1, 0xffff0000);
8259 tcg_gen_shli_i32(t1, t1, 16);
8261 tcg_gen_muls2_i32(t0, t1, t0, t1);
8262 tcg_temp_free_i32(t0);
8264 t0 = load_reg(s, a->ra);
8265 gen_helper_add_setq(t1, cpu_env, t1, t0);
8266 tcg_temp_free_i32(t0);
8268 store_reg(s, a->rd, t1);
8272 #define DO_SMLAWX(NAME, add, mt) \
8273 static bool trans_##NAME(DisasContext *s, arg_rrrr *a) \
8275 return op_smlawx(s, a, add, mt); \
8278 DO_SMLAWX(SMULWB, 0, 0)
8279 DO_SMLAWX(SMULWT, 0, 1)
8280 DO_SMLAWX(SMLAWB, 1, 0)
8281 DO_SMLAWX(SMLAWT, 1, 1)
8286 * MSR (immediate) and hints
8289 static bool trans_YIELD(DisasContext *s, arg_YIELD *a)
8295 static bool trans_WFE(DisasContext *s, arg_WFE *a)
8301 static bool trans_WFI(DisasContext *s, arg_WFI *a)
8307 static bool trans_NOP(DisasContext *s, arg_NOP *a)
8312 static bool trans_MSR_imm(DisasContext *s, arg_MSR_imm *a)
8314 uint32_t val = ror32(a->imm, a->rot * 2);
8315 uint32_t mask = msr_mask(s, a->mask, a->r);
8317 if (gen_set_psr_im(s, mask, a->r, val)) {
8318 unallocated_encoding(s);
8324 * Cyclic Redundancy Check
8327 static bool op_crc32(DisasContext *s, arg_rrr *a, bool c, MemOp sz)
8329 TCGv_i32 t1, t2, t3;
8331 if (!dc_isar_feature(aa32_crc32, s)) {
8335 t1 = load_reg(s, a->rn);
8336 t2 = load_reg(s, a->rm);
8347 g_assert_not_reached();
8349 t3 = tcg_const_i32(1 << sz);
8351 gen_helper_crc32c(t1, t1, t2, t3);
8353 gen_helper_crc32(t1, t1, t2, t3);
8355 tcg_temp_free_i32(t2);
8356 tcg_temp_free_i32(t3);
8357 store_reg(s, a->rd, t1);
8361 #define DO_CRC32(NAME, c, sz) \
8362 static bool trans_##NAME(DisasContext *s, arg_rrr *a) \
8363 { return op_crc32(s, a, c, sz); }
8365 DO_CRC32(CRC32B, false, MO_8)
8366 DO_CRC32(CRC32H, false, MO_16)
8367 DO_CRC32(CRC32W, false, MO_32)
8368 DO_CRC32(CRC32CB, true, MO_8)
8369 DO_CRC32(CRC32CH, true, MO_16)
8370 DO_CRC32(CRC32CW, true, MO_32)
8375 * Miscellaneous instructions
8378 static bool trans_MRS_bank(DisasContext *s, arg_MRS_bank *a)
8380 if (arm_dc_feature(s, ARM_FEATURE_M)) {
8383 gen_mrs_banked(s, a->r, a->sysm, a->rd);
8387 static bool trans_MSR_bank(DisasContext *s, arg_MSR_bank *a)
8389 if (arm_dc_feature(s, ARM_FEATURE_M)) {
8392 gen_msr_banked(s, a->r, a->sysm, a->rn);
8396 static bool trans_MRS_reg(DisasContext *s, arg_MRS_reg *a)
8400 if (arm_dc_feature(s, ARM_FEATURE_M)) {
8405 unallocated_encoding(s);
8408 tmp = load_cpu_field(spsr);
8410 tmp = tcg_temp_new_i32();
8411 gen_helper_cpsr_read(tmp, cpu_env);
8413 store_reg(s, a->rd, tmp);
8417 static bool trans_MSR_reg(DisasContext *s, arg_MSR_reg *a)
8420 uint32_t mask = msr_mask(s, a->mask, a->r);
8422 if (arm_dc_feature(s, ARM_FEATURE_M)) {
8425 tmp = load_reg(s, a->rn);
8426 if (gen_set_psr(s, mask, a->r, tmp)) {
8427 unallocated_encoding(s);
8432 static bool trans_MRS_v7m(DisasContext *s, arg_MRS_v7m *a)
8436 if (!arm_dc_feature(s, ARM_FEATURE_M)) {
8439 tmp = tcg_const_i32(a->sysm);
8440 gen_helper_v7m_mrs(tmp, cpu_env, tmp);
8441 store_reg(s, a->rd, tmp);
8445 static bool trans_MSR_v7m(DisasContext *s, arg_MSR_v7m *a)
8449 if (!arm_dc_feature(s, ARM_FEATURE_M)) {
8452 addr = tcg_const_i32((a->mask << 10) | a->sysm);
8453 reg = load_reg(s, a->rn);
8454 gen_helper_v7m_msr(cpu_env, addr, reg);
8455 tcg_temp_free_i32(addr);
8456 tcg_temp_free_i32(reg);
8461 static bool trans_BX(DisasContext *s, arg_BX *a)
8463 if (!ENABLE_ARCH_4T) {
8466 gen_bx(s, load_reg(s, a->rm));
8470 static bool trans_BXJ(DisasContext *s, arg_BXJ *a)
8472 if (!ENABLE_ARCH_5J || arm_dc_feature(s, ARM_FEATURE_M)) {
8475 /* Trivial implementation equivalent to bx. */
8476 gen_bx(s, load_reg(s, a->rm));
8480 static bool trans_BLX_r(DisasContext *s, arg_BLX_r *a)
8484 if (!ENABLE_ARCH_5) {
8487 tmp = load_reg(s, a->rm);
8488 tcg_gen_movi_i32(cpu_R[14], s->base.pc_next | s->thumb);
8493 static bool trans_CLZ(DisasContext *s, arg_CLZ *a)
8497 if (!ENABLE_ARCH_5) {
8500 tmp = load_reg(s, a->rm);
8501 tcg_gen_clzi_i32(tmp, tmp, 32);
8502 store_reg(s, a->rd, tmp);
8506 static bool trans_ERET(DisasContext *s, arg_ERET *a)
8510 if (!arm_dc_feature(s, ARM_FEATURE_V7VE)) {
8514 unallocated_encoding(s);
8517 if (s->current_el == 2) {
8518 /* ERET from Hyp uses ELR_Hyp, not LR */
8519 tmp = load_cpu_field(elr_el[2]);
8521 tmp = load_reg(s, 14);
8523 gen_exception_return(s, tmp);
8527 static bool trans_HLT(DisasContext *s, arg_HLT *a)
8533 static bool trans_BKPT(DisasContext *s, arg_BKPT *a)
8535 if (!ENABLE_ARCH_5) {
8538 gen_exception_bkpt_insn(s, syn_aa32_bkpt(a->imm, false));
8542 static bool trans_HVC(DisasContext *s, arg_HVC *a)
8544 if (!ENABLE_ARCH_7 || arm_dc_feature(s, ARM_FEATURE_M)) {
8548 unallocated_encoding(s);
8555 static bool trans_SMC(DisasContext *s, arg_SMC *a)
8557 if (!ENABLE_ARCH_6K || arm_dc_feature(s, ARM_FEATURE_M)) {
8561 unallocated_encoding(s);
8572 static void disas_arm_insn(DisasContext *s, unsigned int insn)
8574 unsigned int cond, val, op1, i, shift, rm, rs, rn, rd, sh;
8581 /* M variants do not implement ARM mode; this must raise the INVSTATE
8582 * UsageFault exception.
8584 if (arm_dc_feature(s, ARM_FEATURE_M)) {
8585 gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
8586 default_exception_el(s));
8592 /* In ARMv3 and v4 the NV condition is UNPREDICTABLE; we
8593 * choose to UNDEF. In ARMv5 and above the space is used
8594 * for miscellaneous unconditional instructions.
8598 /* Unconditional instructions. */
8599 if (disas_a32_uncond(s, insn)) {
8602 /* fall back to legacy decoder */
8604 if (((insn >> 25) & 7) == 1) {
8605 /* NEON Data processing. */
8606 if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
8610 if (disas_neon_data_insn(s, insn)) {
8615 if ((insn & 0x0f100000) == 0x04000000) {
8616 /* NEON load/store. */
8617 if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
8621 if (disas_neon_ls_insn(s, insn)) {
8626 if ((insn & 0x0f000e10) == 0x0e000a00) {
8628 if (disas_vfp_insn(s, insn)) {
8633 if (((insn & 0x0f30f000) == 0x0510f000) ||
8634 ((insn & 0x0f30f010) == 0x0710f000)) {
8635 if ((insn & (1 << 22)) == 0) {
8637 if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
8641 /* Otherwise PLD; v5TE+ */
8645 if (((insn & 0x0f70f000) == 0x0450f000) ||
8646 ((insn & 0x0f70f010) == 0x0650f000)) {
8648 return; /* PLI; V7 */
8650 if (((insn & 0x0f700000) == 0x04100000) ||
8651 ((insn & 0x0f700010) == 0x06100000)) {
8652 if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
8655 return; /* v7MP: Unallocated memory hint: must NOP */
8658 if ((insn & 0x0ffffdff) == 0x01010000) {
8661 if (((insn >> 9) & 1) != !!(s->be_data == MO_BE)) {
8662 gen_helper_setend(cpu_env);
8663 s->base.is_jmp = DISAS_UPDATE;
8666 } else if ((insn & 0x0fffff00) == 0x057ff000) {
8667 switch ((insn >> 4) & 0xf) {
8675 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
8678 /* We need to break the TB after this insn to execute
8679 * self-modifying code correctly and also to take
8680 * any pending interrupts immediately.
8682 gen_goto_tb(s, 0, s->base.pc_next);
8685 if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
8689 * TODO: There is no speculation barrier opcode
8690 * for TCG; MB and end the TB instead.
8692 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
8693 gen_goto_tb(s, 0, s->base.pc_next);
8698 } else if ((insn & 0x0e5fffe0) == 0x084d0500) {
8701 gen_srs(s, (insn & 0x1f), (insn >> 23) & 3, insn & (1 << 21));
8703 } else if ((insn & 0x0e50ffe0) == 0x08100a00) {
8709 rn = (insn >> 16) & 0xf;
8710 addr = load_reg(s, rn);
8711 i = (insn >> 23) & 3;
8713 case 0: offset = -4; break; /* DA */
8714 case 1: offset = 0; break; /* IA */
8715 case 2: offset = -8; break; /* DB */
8716 case 3: offset = 4; break; /* IB */
8720 tcg_gen_addi_i32(addr, addr, offset);
8721 /* Load PC into tmp and CPSR into tmp2. */
8722 tmp = tcg_temp_new_i32();
8723 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8724 tcg_gen_addi_i32(addr, addr, 4);
8725 tmp2 = tcg_temp_new_i32();
8726 gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
8727 if (insn & (1 << 21)) {
8728 /* Base writeback. */
8730 case 0: offset = -8; break;
8731 case 1: offset = 4; break;
8732 case 2: offset = -4; break;
8733 case 3: offset = 0; break;
8737 tcg_gen_addi_i32(addr, addr, offset);
8738 store_reg(s, rn, addr);
8740 tcg_temp_free_i32(addr);
8742 gen_rfe(s, tmp, tmp2);
8744 } else if ((insn & 0x0e000000) == 0x0a000000) {
8745 /* branch link and change to thumb (blx <offset>) */
8748 tmp = tcg_temp_new_i32();
8749 tcg_gen_movi_i32(tmp, s->base.pc_next);
8750 store_reg(s, 14, tmp);
8751 /* Sign-extend the 24-bit offset */
8752 offset = (((int32_t)insn) << 8) >> 8;
8754 /* offset * 4 + bit24 * 2 + (thumb bit) */
8755 val += (offset << 2) | ((insn >> 23) & 2) | 1;
8756 /* protected by ARCH(5); above, near the start of uncond block */
8759 } else if ((insn & 0x0e000f00) == 0x0c000100) {
8760 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
8761 /* iWMMXt register transfer. */
8762 if (extract32(s->c15_cpar, 1, 1)) {
8763 if (!disas_iwmmxt_insn(s, insn)) {
8768 } else if ((insn & 0x0e000a00) == 0x0c000800
8769 && arm_dc_feature(s, ARM_FEATURE_V8)) {
8770 if (disas_neon_insn_3same_ext(s, insn)) {
8774 } else if ((insn & 0x0f000a00) == 0x0e000800
8775 && arm_dc_feature(s, ARM_FEATURE_V8)) {
8776 if (disas_neon_insn_2reg_scalar_ext(s, insn)) {
8780 } else if ((insn & 0x0fe00000) == 0x0c400000) {
8781 /* Coprocessor double register transfer. */
8783 } else if ((insn & 0x0f000010) == 0x0e000010) {
8784 /* Additional coprocessor register transfer. */
8785 } else if ((insn & 0x0ff10020) == 0x01000000) {
8788 /* cps (privileged) */
8792 if (insn & (1 << 19)) {
8793 if (insn & (1 << 8))
8795 if (insn & (1 << 7))
8797 if (insn & (1 << 6))
8799 if (insn & (1 << 18))
8802 if (insn & (1 << 17)) {
8804 val |= (insn & 0x1f);
8807 gen_set_psr_im(s, mask, 0, val);
8814 /* if not always execute, we generate a conditional jump to
8816 arm_skip_unless(s, cond);
8819 if (disas_a32(s, insn)) {
8822 /* fall back to legacy decoder */
8824 if ((insn & 0x0f900000) == 0x03000000) {
8825 if ((insn & (1 << 21)) == 0) {
8827 rd = (insn >> 12) & 0xf;
8828 val = ((insn >> 4) & 0xf000) | (insn & 0xfff);
8829 if ((insn & (1 << 22)) == 0) {
8831 tmp = tcg_temp_new_i32();
8832 tcg_gen_movi_i32(tmp, val);
8835 tmp = load_reg(s, rd);
8836 tcg_gen_ext16u_i32(tmp, tmp);
8837 tcg_gen_ori_i32(tmp, tmp, val << 16);
8839 store_reg(s, rd, tmp);
8841 /* MSR (immediate) and hints */
8842 /* All done in decodetree. Illegal ops already signalled. */
8843 g_assert_not_reached();
8845 } else if ((insn & 0x0f900000) == 0x01000000
8846 && (insn & 0x00000090) != 0x00000090) {
8847 /* miscellaneous instructions */
8848 /* All done in decodetree. Illegal ops reach here. */
8850 } else if (((insn & 0x0e000000) == 0 &&
8851 (insn & 0x00000090) != 0x90) ||
8852 ((insn & 0x0e000000) == (1 << 25))) {
8853 /* Data-processing (reg, reg-shift-reg, imm). */
8854 /* All done in decodetree. Reach here for illegal ops. */
8857 /* other instructions */
8858 op1 = (insn >> 24) & 0xf;
8862 /* multiplies, extra load/stores */
8863 sh = (insn >> 5) & 3;
8866 /* Multiply and multiply accumulate. */
8867 /* All done in decodetree. Reach here for illegal ops. */
8870 rn = (insn >> 16) & 0xf;
8871 rd = (insn >> 12) & 0xf;
8872 if (insn & (1 << 23)) {
8873 /* load/store exclusive */
8874 bool is_ld = extract32(insn, 20, 1);
8875 bool is_lasr = !extract32(insn, 8, 1);
8876 int op2 = (insn >> 8) & 3;
8877 op1 = (insn >> 21) & 0x3;
8880 case 0: /* lda/stl */
8886 case 1: /* reserved */
8888 case 2: /* ldaex/stlex */
8891 case 3: /* ldrex/strex */
8900 addr = tcg_temp_local_new_i32();
8901 load_reg_var(s, addr, rn);
8903 if (is_lasr && !is_ld) {
8904 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
8909 tmp = tcg_temp_new_i32();
8912 gen_aa32_ld32u_iss(s, tmp, addr,
8917 gen_aa32_ld8u_iss(s, tmp, addr,
8922 gen_aa32_ld16u_iss(s, tmp, addr,
8929 store_reg(s, rd, tmp);
8932 tmp = load_reg(s, rm);
8935 gen_aa32_st32_iss(s, tmp, addr,
8940 gen_aa32_st8_iss(s, tmp, addr,
8945 gen_aa32_st16_iss(s, tmp, addr,
8952 tcg_temp_free_i32(tmp);
8957 gen_load_exclusive(s, rd, 15, addr, 2);
8959 case 1: /* ldrexd */
8960 gen_load_exclusive(s, rd, rd + 1, addr, 3);
8962 case 2: /* ldrexb */
8963 gen_load_exclusive(s, rd, 15, addr, 0);
8965 case 3: /* ldrexh */
8966 gen_load_exclusive(s, rd, 15, addr, 1);
8975 gen_store_exclusive(s, rd, rm, 15, addr, 2);
8977 case 1: /* strexd */
8978 gen_store_exclusive(s, rd, rm, rm + 1, addr, 3);
8980 case 2: /* strexb */
8981 gen_store_exclusive(s, rd, rm, 15, addr, 0);
8983 case 3: /* strexh */
8984 gen_store_exclusive(s, rd, rm, 15, addr, 1);
8990 tcg_temp_free_i32(addr);
8992 if (is_lasr && is_ld) {
8993 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
8995 } else if ((insn & 0x00300f00) == 0) {
8996 /* 0bcccc_0001_0x00_xxxx_xxxx_0000_1001_xxxx
9001 MemOp opc = s->be_data;
9005 if (insn & (1 << 22)) {
9008 opc |= MO_UL | MO_ALIGN;
9011 addr = load_reg(s, rn);
9012 taddr = gen_aa32_addr(s, addr, opc);
9013 tcg_temp_free_i32(addr);
9015 tmp = load_reg(s, rm);
9016 tcg_gen_atomic_xchg_i32(tmp, taddr, tmp,
9017 get_mem_index(s), opc);
9018 tcg_temp_free(taddr);
9019 store_reg(s, rd, tmp);
9026 bool load = insn & (1 << 20);
9027 bool wbit = insn & (1 << 21);
9028 bool pbit = insn & (1 << 24);
9029 bool doubleword = false;
9032 /* Misc load/store */
9033 rn = (insn >> 16) & 0xf;
9034 rd = (insn >> 12) & 0xf;
9036 /* ISS not valid if writeback */
9037 issinfo = (pbit & !wbit) ? rd : ISSInvalid;
9039 if (!load && (sh & 2)) {
9043 /* UNPREDICTABLE; we choose to UNDEF */
9046 load = (sh & 1) == 0;
9050 addr = load_reg(s, rn);
9052 gen_add_datah_offset(s, insn, 0, addr);
9059 tmp = load_reg(s, rd);
9060 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9061 tcg_temp_free_i32(tmp);
9062 tcg_gen_addi_i32(addr, addr, 4);
9063 tmp = load_reg(s, rd + 1);
9064 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9065 tcg_temp_free_i32(tmp);
9068 tmp = tcg_temp_new_i32();
9069 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9070 store_reg(s, rd, tmp);
9071 tcg_gen_addi_i32(addr, addr, 4);
9072 tmp = tcg_temp_new_i32();
9073 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9076 address_offset = -4;
9079 tmp = tcg_temp_new_i32();
9082 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s),
9086 gen_aa32_ld8s_iss(s, tmp, addr, get_mem_index(s),
9091 gen_aa32_ld16s_iss(s, tmp, addr, get_mem_index(s),
9097 tmp = load_reg(s, rd);
9098 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), issinfo);
9099 tcg_temp_free_i32(tmp);
9101 /* Perform base writeback before the loaded value to
9102 ensure correct behavior with overlapping index registers.
9103 ldrd with base writeback is undefined if the
9104 destination and index registers overlap. */
9106 gen_add_datah_offset(s, insn, address_offset, addr);
9107 store_reg(s, rn, addr);
9110 tcg_gen_addi_i32(addr, addr, address_offset);
9111 store_reg(s, rn, addr);
9113 tcg_temp_free_i32(addr);
9116 /* Complete the load. */
9117 store_reg(s, rd, tmp);
9126 if (insn & (1 << 4)) {
9128 /* Armv6 Media instructions. */
9130 rn = (insn >> 16) & 0xf;
9131 rd = (insn >> 12) & 0xf;
9132 rs = (insn >> 8) & 0xf;
9133 switch ((insn >> 23) & 3) {
9134 case 0: /* Parallel add/subtract. */
9135 op1 = (insn >> 20) & 7;
9136 tmp = load_reg(s, rn);
9137 tmp2 = load_reg(s, rm);
9138 sh = (insn >> 5) & 7;
9139 if ((op1 & 3) == 0 || sh == 5 || sh == 6)
9141 gen_arm_parallel_addsub(op1, sh, tmp, tmp2);
9142 tcg_temp_free_i32(tmp2);
9143 store_reg(s, rd, tmp);
9146 if ((insn & 0x00700020) == 0) {
9147 /* Halfword pack. */
9148 tmp = load_reg(s, rn);
9149 tmp2 = load_reg(s, rm);
9150 shift = (insn >> 7) & 0x1f;
9151 if (insn & (1 << 6)) {
9156 tcg_gen_sari_i32(tmp2, tmp2, shift);
9157 tcg_gen_deposit_i32(tmp, tmp, tmp2, 0, 16);
9160 tcg_gen_shli_i32(tmp2, tmp2, shift);
9161 tcg_gen_deposit_i32(tmp, tmp2, tmp, 0, 16);
9163 tcg_temp_free_i32(tmp2);
9164 store_reg(s, rd, tmp);
9165 } else if ((insn & 0x00200020) == 0x00200000) {
9167 tmp = load_reg(s, rm);
9168 shift = (insn >> 7) & 0x1f;
9169 if (insn & (1 << 6)) {
9172 tcg_gen_sari_i32(tmp, tmp, shift);
9174 tcg_gen_shli_i32(tmp, tmp, shift);
9176 sh = (insn >> 16) & 0x1f;
9177 tmp2 = tcg_const_i32(sh);
9178 if (insn & (1 << 22))
9179 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
9181 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
9182 tcg_temp_free_i32(tmp2);
9183 store_reg(s, rd, tmp);
9184 } else if ((insn & 0x00300fe0) == 0x00200f20) {
9186 tmp = load_reg(s, rm);
9187 sh = (insn >> 16) & 0x1f;
9188 tmp2 = tcg_const_i32(sh);
9189 if (insn & (1 << 22))
9190 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
9192 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
9193 tcg_temp_free_i32(tmp2);
9194 store_reg(s, rd, tmp);
9195 } else if ((insn & 0x00700fe0) == 0x00000fa0) {
9197 tmp = load_reg(s, rn);
9198 tmp2 = load_reg(s, rm);
9199 tmp3 = tcg_temp_new_i32();
9200 tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
9201 gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
9202 tcg_temp_free_i32(tmp3);
9203 tcg_temp_free_i32(tmp2);
9204 store_reg(s, rd, tmp);
9205 } else if ((insn & 0x000003e0) == 0x00000060) {
9206 tmp = load_reg(s, rm);
9207 shift = (insn >> 10) & 3;
9208 /* ??? In many cases it's not necessary to do a
9209 rotate, a shift is sufficient. */
9210 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
9211 op1 = (insn >> 20) & 7;
9213 case 0: gen_sxtb16(tmp); break;
9214 case 2: gen_sxtb(tmp); break;
9215 case 3: gen_sxth(tmp); break;
9216 case 4: gen_uxtb16(tmp); break;
9217 case 6: gen_uxtb(tmp); break;
9218 case 7: gen_uxth(tmp); break;
9219 default: goto illegal_op;
9222 tmp2 = load_reg(s, rn);
9223 if ((op1 & 3) == 0) {
9224 gen_add16(tmp, tmp2);
9226 tcg_gen_add_i32(tmp, tmp, tmp2);
9227 tcg_temp_free_i32(tmp2);
9230 store_reg(s, rd, tmp);
9231 } else if ((insn & 0x003f0f60) == 0x003f0f20) {
9233 tmp = load_reg(s, rm);
9234 if (insn & (1 << 22)) {
9235 if (insn & (1 << 7)) {
9239 gen_helper_rbit(tmp, tmp);
9242 if (insn & (1 << 7))
9245 tcg_gen_bswap32_i32(tmp, tmp);
9247 store_reg(s, rd, tmp);
9252 case 2: /* Multiplies (Type 3). */
9253 switch ((insn >> 20) & 0x7) {
9255 if (((insn >> 6) ^ (insn >> 7)) & 1) {
9256 /* op2 not 00x or 11x : UNDEF */
9259 /* Signed multiply most significant [accumulate].
9260 (SMMUL, SMMLA, SMMLS) */
9261 tmp = load_reg(s, rm);
9262 tmp2 = load_reg(s, rs);
9263 tcg_gen_muls2_i32(tmp2, tmp, tmp, tmp2);
9266 tmp3 = load_reg(s, rd);
9267 if (insn & (1 << 6)) {
9269 * For SMMLS, we need a 64-bit subtract.
9270 * Borrow caused by a non-zero multiplicand
9271 * lowpart, and the correct result lowpart
9274 TCGv_i32 zero = tcg_const_i32(0);
9275 tcg_gen_sub2_i32(tmp2, tmp, zero, tmp3,
9277 tcg_temp_free_i32(zero);
9279 tcg_gen_add_i32(tmp, tmp, tmp3);
9281 tcg_temp_free_i32(tmp3);
9283 if (insn & (1 << 5)) {
9285 * Adding 0x80000000 to the 64-bit quantity
9286 * means that we have carry in to the high
9287 * word when the low word has the high bit set.
9289 tcg_gen_shri_i32(tmp2, tmp2, 31);
9290 tcg_gen_add_i32(tmp, tmp, tmp2);
9292 tcg_temp_free_i32(tmp2);
9293 store_reg(s, rn, tmp);
9297 /* SMLAD, SMUAD, SMLSD, SMUSD, SMLALD, SMLSLD */
9298 if (insn & (1 << 7)) {
9301 tmp = load_reg(s, rm);
9302 tmp2 = load_reg(s, rs);
9303 if (insn & (1 << 5))
9304 gen_swap_half(tmp2);
9305 gen_smul_dual(tmp, tmp2);
9306 if (insn & (1 << 22)) {
9307 /* smlald, smlsld */
9310 tmp64 = tcg_temp_new_i64();
9311 tmp64_2 = tcg_temp_new_i64();
9312 tcg_gen_ext_i32_i64(tmp64, tmp);
9313 tcg_gen_ext_i32_i64(tmp64_2, tmp2);
9314 tcg_temp_free_i32(tmp);
9315 tcg_temp_free_i32(tmp2);
9316 if (insn & (1 << 6)) {
9317 tcg_gen_sub_i64(tmp64, tmp64, tmp64_2);
9319 tcg_gen_add_i64(tmp64, tmp64, tmp64_2);
9321 tcg_temp_free_i64(tmp64_2);
9322 gen_addq(s, tmp64, rd, rn);
9323 gen_storeq_reg(s, rd, rn, tmp64);
9324 tcg_temp_free_i64(tmp64);
9326 /* smuad, smusd, smlad, smlsd */
9327 if (insn & (1 << 6)) {
9328 /* This subtraction cannot overflow. */
9329 tcg_gen_sub_i32(tmp, tmp, tmp2);
9331 /* This addition cannot overflow 32 bits;
9332 * however it may overflow considered as a
9333 * signed operation, in which case we must set
9336 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9338 tcg_temp_free_i32(tmp2);
9341 tmp2 = load_reg(s, rd);
9342 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9343 tcg_temp_free_i32(tmp2);
9345 store_reg(s, rn, tmp);
9351 if (!dc_isar_feature(arm_div, s)) {
9354 if (((insn >> 5) & 7) || (rd != 15)) {
9357 tmp = load_reg(s, rm);
9358 tmp2 = load_reg(s, rs);
9359 if (insn & (1 << 21)) {
9360 gen_helper_udiv(tmp, tmp, tmp2);
9362 gen_helper_sdiv(tmp, tmp, tmp2);
9364 tcg_temp_free_i32(tmp2);
9365 store_reg(s, rn, tmp);
9372 op1 = ((insn >> 17) & 0x38) | ((insn >> 5) & 7);
9374 case 0: /* Unsigned sum of absolute differences. */
9376 tmp = load_reg(s, rm);
9377 tmp2 = load_reg(s, rs);
9378 gen_helper_usad8(tmp, tmp, tmp2);
9379 tcg_temp_free_i32(tmp2);
9381 tmp2 = load_reg(s, rd);
9382 tcg_gen_add_i32(tmp, tmp, tmp2);
9383 tcg_temp_free_i32(tmp2);
9385 store_reg(s, rn, tmp);
9387 case 0x20: case 0x24: case 0x28: case 0x2c:
9388 /* Bitfield insert/clear. */
9390 shift = (insn >> 7) & 0x1f;
9391 i = (insn >> 16) & 0x1f;
9393 /* UNPREDICTABLE; we choose to UNDEF */
9398 tmp = tcg_temp_new_i32();
9399 tcg_gen_movi_i32(tmp, 0);
9401 tmp = load_reg(s, rm);
9404 tmp2 = load_reg(s, rd);
9405 tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, i);
9406 tcg_temp_free_i32(tmp2);
9408 store_reg(s, rd, tmp);
9410 case 0x12: case 0x16: case 0x1a: case 0x1e: /* sbfx */
9411 case 0x32: case 0x36: case 0x3a: case 0x3e: /* ubfx */
9413 tmp = load_reg(s, rm);
9414 shift = (insn >> 7) & 0x1f;
9415 i = ((insn >> 16) & 0x1f) + 1;
9420 tcg_gen_extract_i32(tmp, tmp, shift, i);
9422 tcg_gen_sextract_i32(tmp, tmp, shift, i);
9425 store_reg(s, rd, tmp);
9435 /* Check for undefined extension instructions
9436 * per the ARM Bible IE:
9437 * xxxx 0111 1111 xxxx xxxx xxxx 1111 xxxx
9439 sh = (0xf << 20) | (0xf << 4);
9440 if (op1 == 0x7 && ((insn & sh) == sh))
9444 /* load/store byte/word */
9445 rn = (insn >> 16) & 0xf;
9446 rd = (insn >> 12) & 0xf;
9447 tmp2 = load_reg(s, rn);
9448 if ((insn & 0x01200000) == 0x00200000) {
9450 i = get_a32_user_mem_index(s);
9452 i = get_mem_index(s);
9454 if (insn & (1 << 24))
9455 gen_add_data_offset(s, insn, tmp2);
9456 if (insn & (1 << 20)) {
9458 tmp = tcg_temp_new_i32();
9459 if (insn & (1 << 22)) {
9460 gen_aa32_ld8u_iss(s, tmp, tmp2, i, rd);
9462 gen_aa32_ld32u_iss(s, tmp, tmp2, i, rd);
9466 tmp = load_reg(s, rd);
9467 if (insn & (1 << 22)) {
9468 gen_aa32_st8_iss(s, tmp, tmp2, i, rd);
9470 gen_aa32_st32_iss(s, tmp, tmp2, i, rd);
9472 tcg_temp_free_i32(tmp);
9474 if (!(insn & (1 << 24))) {
9475 gen_add_data_offset(s, insn, tmp2);
9476 store_reg(s, rn, tmp2);
9477 } else if (insn & (1 << 21)) {
9478 store_reg(s, rn, tmp2);
9480 tcg_temp_free_i32(tmp2);
9482 if (insn & (1 << 20)) {
9483 /* Complete the load. */
9484 store_reg_from_load(s, rd, tmp);
9490 int j, n, loaded_base;
9491 bool exc_return = false;
9492 bool is_load = extract32(insn, 20, 1);
9494 TCGv_i32 loaded_var;
9495 /* load/store multiple words */
9496 /* XXX: store correct base if write back */
9497 if (insn & (1 << 22)) {
9498 /* LDM (user), LDM (exception return) and STM (user) */
9500 goto illegal_op; /* only usable in supervisor mode */
9502 if (is_load && extract32(insn, 15, 1)) {
9508 rn = (insn >> 16) & 0xf;
9509 addr = load_reg(s, rn);
9511 /* compute total size */
9515 for (i = 0; i < 16; i++) {
9516 if (insn & (1 << i))
9519 /* XXX: test invalid n == 0 case ? */
9520 if (insn & (1 << 23)) {
9521 if (insn & (1 << 24)) {
9523 tcg_gen_addi_i32(addr, addr, 4);
9525 /* post increment */
9528 if (insn & (1 << 24)) {
9530 tcg_gen_addi_i32(addr, addr, -(n * 4));
9532 /* post decrement */
9534 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9538 for (i = 0; i < 16; i++) {
9539 if (insn & (1 << i)) {
9542 tmp = tcg_temp_new_i32();
9543 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9545 tmp2 = tcg_const_i32(i);
9546 gen_helper_set_user_reg(cpu_env, tmp2, tmp);
9547 tcg_temp_free_i32(tmp2);
9548 tcg_temp_free_i32(tmp);
9549 } else if (i == rn) {
9552 } else if (i == 15 && exc_return) {
9553 store_pc_exc_ret(s, tmp);
9555 store_reg_from_load(s, i, tmp);
9560 tmp = tcg_temp_new_i32();
9561 tcg_gen_movi_i32(tmp, read_pc(s));
9563 tmp = tcg_temp_new_i32();
9564 tmp2 = tcg_const_i32(i);
9565 gen_helper_get_user_reg(tmp, cpu_env, tmp2);
9566 tcg_temp_free_i32(tmp2);
9568 tmp = load_reg(s, i);
9570 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9571 tcg_temp_free_i32(tmp);
9574 /* no need to add after the last transfer */
9576 tcg_gen_addi_i32(addr, addr, 4);
9579 if (insn & (1 << 21)) {
9581 if (insn & (1 << 23)) {
9582 if (insn & (1 << 24)) {
9585 /* post increment */
9586 tcg_gen_addi_i32(addr, addr, 4);
9589 if (insn & (1 << 24)) {
9592 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9594 /* post decrement */
9595 tcg_gen_addi_i32(addr, addr, -(n * 4));
9598 store_reg(s, rn, addr);
9600 tcg_temp_free_i32(addr);
9603 store_reg(s, rn, loaded_var);
9606 /* Restore CPSR from SPSR. */
9607 tmp = load_cpu_field(spsr);
9608 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
9611 gen_helper_cpsr_write_eret(cpu_env, tmp);
9612 tcg_temp_free_i32(tmp);
9613 /* Must exit loop to check un-masked IRQs */
9614 s->base.is_jmp = DISAS_EXIT;
9623 /* branch (and link) */
9624 if (insn & (1 << 24)) {
9625 tmp = tcg_temp_new_i32();
9626 tcg_gen_movi_i32(tmp, s->base.pc_next);
9627 store_reg(s, 14, tmp);
9629 offset = sextract32(insn << 2, 0, 26);
9630 gen_jmp(s, read_pc(s) + offset);
9636 if (((insn >> 8) & 0xe) == 10) {
9638 if (disas_vfp_insn(s, insn)) {
9641 } else if (disas_coproc_insn(s, insn)) {
9648 gen_set_pc_im(s, s->base.pc_next);
9649 s->svc_imm = extract32(insn, 0, 24);
9650 s->base.is_jmp = DISAS_SWI;
9654 unallocated_encoding(s);
9660 static bool thumb_insn_is_16bit(DisasContext *s, uint32_t pc, uint32_t insn)
9663 * Return true if this is a 16 bit instruction. We must be precise
9664 * about this (matching the decode).
9666 if ((insn >> 11) < 0x1d) {
9667 /* Definitely a 16-bit instruction */
9671 /* Top five bits 0b11101 / 0b11110 / 0b11111 : this is the
9672 * first half of a 32-bit Thumb insn. Thumb-1 cores might
9673 * end up actually treating this as two 16-bit insns, though,
9674 * if it's half of a bl/blx pair that might span a page boundary.
9676 if (arm_dc_feature(s, ARM_FEATURE_THUMB2) ||
9677 arm_dc_feature(s, ARM_FEATURE_M)) {
9678 /* Thumb2 cores (including all M profile ones) always treat
9679 * 32-bit insns as 32-bit.
9684 if ((insn >> 11) == 0x1e && pc - s->page_start < TARGET_PAGE_SIZE - 3) {
9685 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix, and the suffix
9686 * is not on the next page; we merge this into a 32-bit
9691 /* 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF);
9692 * 0b1111_1xxx_xxxx_xxxx : BL suffix;
9693 * 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix on the end of a page
9694 * -- handle as single 16 bit insn
9699 /* Translate a 32-bit thumb instruction. */
9700 static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
9702 uint32_t imm, shift, offset;
9703 uint32_t rd, rn, rm, rs;
9712 * ARMv6-M supports a limited subset of Thumb2 instructions.
9713 * Other Thumb1 architectures allow only 32-bit
9714 * combined BL/BLX prefix and suffix.
9716 if (arm_dc_feature(s, ARM_FEATURE_M) &&
9717 !arm_dc_feature(s, ARM_FEATURE_V7)) {
9720 static const uint32_t armv6m_insn[] = {0xf3808000 /* msr */,
9721 0xf3b08040 /* dsb */,
9722 0xf3b08050 /* dmb */,
9723 0xf3b08060 /* isb */,
9724 0xf3e08000 /* mrs */,
9725 0xf000d000 /* bl */};
9726 static const uint32_t armv6m_mask[] = {0xffe0d000,
9733 for (i = 0; i < ARRAY_SIZE(armv6m_insn); i++) {
9734 if ((insn & armv6m_mask[i]) == armv6m_insn[i]) {
9742 } else if ((insn & 0xf800e800) != 0xf000e800) {
9746 if (disas_t32(s, insn)) {
9749 /* fall back to legacy decoder */
9751 rn = (insn >> 16) & 0xf;
9752 rs = (insn >> 12) & 0xf;
9753 rd = (insn >> 8) & 0xf;
9755 switch ((insn >> 25) & 0xf) {
9756 case 0: case 1: case 2: case 3:
9757 /* 16-bit instructions. Should never happen. */
9760 if (insn & (1 << 22)) {
9761 /* 0b1110_100x_x1xx_xxxx_xxxx_xxxx_xxxx_xxxx
9762 * - load/store doubleword, load/store exclusive, ldacq/strel,
9765 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_M) &&
9766 arm_dc_feature(s, ARM_FEATURE_V8)) {
9767 /* 0b1110_1001_0111_1111_1110_1001_0111_111
9769 * The bulk of the behaviour for this instruction is implemented
9770 * in v7m_handle_execute_nsc(), which deals with the insn when
9771 * it is executed by a CPU in non-secure state from memory
9772 * which is Secure & NonSecure-Callable.
9773 * Here we only need to handle the remaining cases:
9774 * * in NS memory (including the "security extension not
9775 * implemented" case) : NOP
9776 * * in S memory but CPU already secure (clear IT bits)
9777 * We know that the attribute for the memory this insn is
9778 * in must match the current CPU state, because otherwise
9779 * get_phys_addr_pmsav8 would have generated an exception.
9781 if (s->v8m_secure) {
9782 /* Like the IT insn, we don't need to generate any code */
9783 s->condexec_cond = 0;
9784 s->condexec_mask = 0;
9786 } else if (insn & 0x01200000) {
9787 /* 0b1110_1000_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
9788 * - load/store dual (post-indexed)
9789 * 0b1111_1001_x10x_xxxx_xxxx_xxxx_xxxx_xxxx
9790 * - load/store dual (literal and immediate)
9791 * 0b1111_1001_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
9792 * - load/store dual (pre-indexed)
9794 bool wback = extract32(insn, 21, 1);
9796 if (rn == 15 && (insn & (1 << 21))) {
9801 addr = add_reg_for_lit(s, rn, 0);
9802 offset = (insn & 0xff) * 4;
9803 if ((insn & (1 << 23)) == 0) {
9807 if (s->v8m_stackcheck && rn == 13 && wback) {
9809 * Here 'addr' is the current SP; if offset is +ve we're
9810 * moving SP up, else down. It is UNKNOWN whether the limit
9811 * check triggers when SP starts below the limit and ends
9812 * up above it; check whichever of the current and final
9813 * SP is lower, so QEMU will trigger in that situation.
9815 if ((int32_t)offset < 0) {
9816 TCGv_i32 newsp = tcg_temp_new_i32();
9818 tcg_gen_addi_i32(newsp, addr, offset);
9819 gen_helper_v8m_stackcheck(cpu_env, newsp);
9820 tcg_temp_free_i32(newsp);
9822 gen_helper_v8m_stackcheck(cpu_env, addr);
9826 if (insn & (1 << 24)) {
9827 tcg_gen_addi_i32(addr, addr, offset);
9830 if (insn & (1 << 20)) {
9832 tmp = tcg_temp_new_i32();
9833 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9834 store_reg(s, rs, tmp);
9835 tcg_gen_addi_i32(addr, addr, 4);
9836 tmp = tcg_temp_new_i32();
9837 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9838 store_reg(s, rd, tmp);
9841 tmp = load_reg(s, rs);
9842 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9843 tcg_temp_free_i32(tmp);
9844 tcg_gen_addi_i32(addr, addr, 4);
9845 tmp = load_reg(s, rd);
9846 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9847 tcg_temp_free_i32(tmp);
9850 /* Base writeback. */
9851 tcg_gen_addi_i32(addr, addr, offset - 4);
9852 store_reg(s, rn, addr);
9854 tcg_temp_free_i32(addr);
9856 } else if ((insn & (1 << 23)) == 0) {
9857 /* 0b1110_1000_010x_xxxx_xxxx_xxxx_xxxx_xxxx
9858 * - load/store exclusive word
9862 if (!(insn & (1 << 20)) &&
9863 arm_dc_feature(s, ARM_FEATURE_M) &&
9864 arm_dc_feature(s, ARM_FEATURE_V8)) {
9865 /* 0b1110_1000_0100_xxxx_1111_xxxx_xxxx_xxxx
9868 bool alt = insn & (1 << 7);
9869 TCGv_i32 addr, op, ttresp;
9871 if ((insn & 0x3f) || rd == 13 || rd == 15 || rn == 15) {
9872 /* we UNDEF for these UNPREDICTABLE cases */
9876 if (alt && !s->v8m_secure) {
9880 addr = load_reg(s, rn);
9881 op = tcg_const_i32(extract32(insn, 6, 2));
9882 ttresp = tcg_temp_new_i32();
9883 gen_helper_v7m_tt(ttresp, cpu_env, addr, op);
9884 tcg_temp_free_i32(addr);
9885 tcg_temp_free_i32(op);
9886 store_reg(s, rd, ttresp);
9891 addr = tcg_temp_local_new_i32();
9892 load_reg_var(s, addr, rn);
9893 tcg_gen_addi_i32(addr, addr, (insn & 0xff) << 2);
9894 if (insn & (1 << 20)) {
9895 gen_load_exclusive(s, rs, 15, addr, 2);
9897 gen_store_exclusive(s, rd, rs, 15, addr, 2);
9899 tcg_temp_free_i32(addr);
9900 } else if ((insn & (7 << 5)) == 0) {
9902 addr = load_reg(s, rn);
9903 tmp = load_reg(s, rm);
9904 tcg_gen_add_i32(addr, addr, tmp);
9905 if (insn & (1 << 4)) {
9907 tcg_gen_add_i32(addr, addr, tmp);
9908 tcg_temp_free_i32(tmp);
9909 tmp = tcg_temp_new_i32();
9910 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
9912 tcg_temp_free_i32(tmp);
9913 tmp = tcg_temp_new_i32();
9914 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
9916 tcg_temp_free_i32(addr);
9917 tcg_gen_shli_i32(tmp, tmp, 1);
9918 tcg_gen_addi_i32(tmp, tmp, read_pc(s));
9919 store_reg(s, 15, tmp);
9921 bool is_lasr = false;
9922 bool is_ld = extract32(insn, 20, 1);
9923 int op2 = (insn >> 6) & 0x3;
9924 op = (insn >> 4) & 0x3;
9929 /* Load/store exclusive byte/halfword/doubleword */
9936 /* Load-acquire/store-release */
9942 /* Load-acquire/store-release exclusive */
9948 if (is_lasr && !is_ld) {
9949 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
9952 addr = tcg_temp_local_new_i32();
9953 load_reg_var(s, addr, rn);
9956 tmp = tcg_temp_new_i32();
9959 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s),
9963 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s),
9967 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
9973 store_reg(s, rs, tmp);
9975 tmp = load_reg(s, rs);
9978 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s),
9982 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s),
9986 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s),
9992 tcg_temp_free_i32(tmp);
9995 gen_load_exclusive(s, rs, rd, addr, op);
9997 gen_store_exclusive(s, rm, rs, rd, addr, op);
9999 tcg_temp_free_i32(addr);
10001 if (is_lasr && is_ld) {
10002 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
10006 /* Load/store multiple, RFE, SRS. */
10007 if (((insn >> 23) & 1) == ((insn >> 24) & 1)) {
10008 /* RFE, SRS: not available in user mode or on M profile */
10009 if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
10012 if (insn & (1 << 20)) {
10014 addr = load_reg(s, rn);
10015 if ((insn & (1 << 24)) == 0)
10016 tcg_gen_addi_i32(addr, addr, -8);
10017 /* Load PC into tmp and CPSR into tmp2. */
10018 tmp = tcg_temp_new_i32();
10019 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
10020 tcg_gen_addi_i32(addr, addr, 4);
10021 tmp2 = tcg_temp_new_i32();
10022 gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
10023 if (insn & (1 << 21)) {
10024 /* Base writeback. */
10025 if (insn & (1 << 24)) {
10026 tcg_gen_addi_i32(addr, addr, 4);
10028 tcg_gen_addi_i32(addr, addr, -4);
10030 store_reg(s, rn, addr);
10032 tcg_temp_free_i32(addr);
10034 gen_rfe(s, tmp, tmp2);
10037 gen_srs(s, (insn & 0x1f), (insn & (1 << 24)) ? 1 : 2,
10041 int i, loaded_base = 0;
10042 TCGv_i32 loaded_var;
10043 bool wback = extract32(insn, 21, 1);
10044 /* Load/store multiple. */
10045 addr = load_reg(s, rn);
10047 for (i = 0; i < 16; i++) {
10048 if (insn & (1 << i))
10052 if (insn & (1 << 24)) {
10053 tcg_gen_addi_i32(addr, addr, -offset);
10056 if (s->v8m_stackcheck && rn == 13 && wback) {
10058 * If the writeback is incrementing SP rather than
10059 * decrementing it, and the initial SP is below the
10060 * stack limit but the final written-back SP would
10061 * be above, then then we must not perform any memory
10062 * accesses, but it is IMPDEF whether we generate
10063 * an exception. We choose to do so in this case.
10064 * At this point 'addr' is the lowest address, so
10065 * either the original SP (if incrementing) or our
10066 * final SP (if decrementing), so that's what we check.
10068 gen_helper_v8m_stackcheck(cpu_env, addr);
10072 for (i = 0; i < 16; i++) {
10073 if ((insn & (1 << i)) == 0)
10075 if (insn & (1 << 20)) {
10077 tmp = tcg_temp_new_i32();
10078 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
10083 store_reg_from_load(s, i, tmp);
10087 tmp = load_reg(s, i);
10088 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
10089 tcg_temp_free_i32(tmp);
10091 tcg_gen_addi_i32(addr, addr, 4);
10094 store_reg(s, rn, loaded_var);
10097 /* Base register writeback. */
10098 if (insn & (1 << 24)) {
10099 tcg_gen_addi_i32(addr, addr, -offset);
10101 /* Fault if writeback register is in register list. */
10102 if (insn & (1 << rn))
10104 store_reg(s, rn, addr);
10106 tcg_temp_free_i32(addr);
10113 op = (insn >> 21) & 0xf;
10115 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10118 /* Halfword pack. */
10119 tmp = load_reg(s, rn);
10120 tmp2 = load_reg(s, rm);
10121 shift = ((insn >> 10) & 0x1c) | ((insn >> 6) & 0x3);
10122 if (insn & (1 << 5)) {
10127 tcg_gen_sari_i32(tmp2, tmp2, shift);
10128 tcg_gen_deposit_i32(tmp, tmp, tmp2, 0, 16);
10131 tcg_gen_shli_i32(tmp2, tmp2, shift);
10132 tcg_gen_deposit_i32(tmp, tmp2, tmp, 0, 16);
10134 tcg_temp_free_i32(tmp2);
10135 store_reg(s, rd, tmp);
10137 /* Data processing register constant shift. */
10138 /* All done in decodetree. Reach here for illegal ops. */
10142 case 13: /* Misc data processing. */
10143 op = ((insn >> 22) & 6) | ((insn >> 7) & 1);
10144 if (op < 4 && (insn & 0xf000) != 0xf000)
10147 case 0: /* Register controlled shift, in decodetree */
10149 case 1: /* Sign/zero extend. */
10150 op = (insn >> 20) & 7;
10152 case 0: /* SXTAH, SXTH */
10153 case 1: /* UXTAH, UXTH */
10154 case 4: /* SXTAB, SXTB */
10155 case 5: /* UXTAB, UXTB */
10157 case 2: /* SXTAB16, SXTB16 */
10158 case 3: /* UXTAB16, UXTB16 */
10159 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10167 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10171 tmp = load_reg(s, rm);
10172 shift = (insn >> 4) & 3;
10173 /* ??? In many cases it's not necessary to do a
10174 rotate, a shift is sufficient. */
10175 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
10176 op = (insn >> 20) & 7;
10178 case 0: gen_sxth(tmp); break;
10179 case 1: gen_uxth(tmp); break;
10180 case 2: gen_sxtb16(tmp); break;
10181 case 3: gen_uxtb16(tmp); break;
10182 case 4: gen_sxtb(tmp); break;
10183 case 5: gen_uxtb(tmp); break;
10185 g_assert_not_reached();
10188 tmp2 = load_reg(s, rn);
10189 if ((op >> 1) == 1) {
10190 gen_add16(tmp, tmp2);
10192 tcg_gen_add_i32(tmp, tmp, tmp2);
10193 tcg_temp_free_i32(tmp2);
10196 store_reg(s, rd, tmp);
10198 case 2: /* SIMD add/subtract. */
10199 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10202 op = (insn >> 20) & 7;
10203 shift = (insn >> 4) & 7;
10204 if ((op & 3) == 3 || (shift & 3) == 3)
10206 tmp = load_reg(s, rn);
10207 tmp2 = load_reg(s, rm);
10208 gen_thumb2_parallel_addsub(op, shift, tmp, tmp2);
10209 tcg_temp_free_i32(tmp2);
10210 store_reg(s, rd, tmp);
10212 case 3: /* Other data processing. */
10213 op = ((insn >> 17) & 0x38) | ((insn >> 4) & 7);
10215 /* Saturating add/subtract. */
10216 /* All done in decodetree. Reach here for illegal ops. */
10220 case 0x0a: /* rbit */
10221 case 0x08: /* rev */
10222 case 0x09: /* rev16 */
10223 case 0x0b: /* revsh */
10225 case 0x10: /* sel */
10226 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10230 case 0x18: /* clz, in decodetree */
10231 case 0x20: /* crc32/crc32c, in decodetree */
10241 tmp = load_reg(s, rn);
10243 case 0x0a: /* rbit */
10244 gen_helper_rbit(tmp, tmp);
10246 case 0x08: /* rev */
10247 tcg_gen_bswap32_i32(tmp, tmp);
10249 case 0x09: /* rev16 */
10252 case 0x0b: /* revsh */
10255 case 0x10: /* sel */
10256 tmp2 = load_reg(s, rm);
10257 tmp3 = tcg_temp_new_i32();
10258 tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
10259 gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
10260 tcg_temp_free_i32(tmp3);
10261 tcg_temp_free_i32(tmp2);
10264 g_assert_not_reached();
10267 store_reg(s, rd, tmp);
10269 case 4: case 5: /* 32-bit multiply. Sum of absolute differences. */
10270 switch ((insn >> 20) & 7) {
10271 case 0: /* 32 x 32 -> 32 */
10272 case 1: /* 16 x 16 -> 32 */
10273 case 3: /* 32 * 16 -> 32msb */
10274 /* in decodetree */
10276 case 7: /* Unsigned sum of absolute differences. */
10278 case 2: /* Dual multiply add. */
10279 case 4: /* Dual multiply subtract. */
10280 case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10281 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10286 op = (insn >> 4) & 0xf;
10287 tmp = load_reg(s, rn);
10288 tmp2 = load_reg(s, rm);
10289 switch ((insn >> 20) & 7) {
10290 case 2: /* Dual multiply add. */
10291 case 4: /* Dual multiply subtract. */
10293 gen_swap_half(tmp2);
10294 gen_smul_dual(tmp, tmp2);
10295 if (insn & (1 << 22)) {
10296 /* This subtraction cannot overflow. */
10297 tcg_gen_sub_i32(tmp, tmp, tmp2);
10299 /* This addition cannot overflow 32 bits;
10300 * however it may overflow considered as a signed
10301 * operation, in which case we must set the Q flag.
10303 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10305 tcg_temp_free_i32(tmp2);
10308 tmp2 = load_reg(s, rs);
10309 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10310 tcg_temp_free_i32(tmp2);
10313 case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10314 tcg_gen_muls2_i32(tmp2, tmp, tmp, tmp2);
10316 tmp3 = load_reg(s, rs);
10317 if (insn & (1 << 20)) {
10318 tcg_gen_add_i32(tmp, tmp, tmp3);
10321 * For SMMLS, we need a 64-bit subtract.
10322 * Borrow caused by a non-zero multiplicand lowpart,
10323 * and the correct result lowpart for rounding.
10325 TCGv_i32 zero = tcg_const_i32(0);
10326 tcg_gen_sub2_i32(tmp2, tmp, zero, tmp3, tmp2, tmp);
10327 tcg_temp_free_i32(zero);
10329 tcg_temp_free_i32(tmp3);
10331 if (insn & (1 << 4)) {
10333 * Adding 0x80000000 to the 64-bit quantity
10334 * means that we have carry in to the high
10335 * word when the low word has the high bit set.
10337 tcg_gen_shri_i32(tmp2, tmp2, 31);
10338 tcg_gen_add_i32(tmp, tmp, tmp2);
10340 tcg_temp_free_i32(tmp2);
10342 case 7: /* Unsigned sum of absolute differences. */
10343 gen_helper_usad8(tmp, tmp, tmp2);
10344 tcg_temp_free_i32(tmp2);
10346 tmp2 = load_reg(s, rs);
10347 tcg_gen_add_i32(tmp, tmp, tmp2);
10348 tcg_temp_free_i32(tmp2);
10352 store_reg(s, rd, tmp);
10354 case 6: case 7: /* 64-bit multiply, Divide. */
10355 op = ((insn >> 4) & 0xf) | ((insn >> 16) & 0x70);
10356 tmp = load_reg(s, rn);
10357 tmp2 = load_reg(s, rm);
10358 if ((op & 0x50) == 0x10) {
10360 if (!dc_isar_feature(thumb_div, s)) {
10364 gen_helper_udiv(tmp, tmp, tmp2);
10366 gen_helper_sdiv(tmp, tmp, tmp2);
10367 tcg_temp_free_i32(tmp2);
10368 store_reg(s, rd, tmp);
10369 } else if ((op & 0xe) == 0xc) {
10370 /* Dual multiply accumulate long. */
10371 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10372 tcg_temp_free_i32(tmp);
10373 tcg_temp_free_i32(tmp2);
10377 gen_swap_half(tmp2);
10378 gen_smul_dual(tmp, tmp2);
10380 tcg_gen_sub_i32(tmp, tmp, tmp2);
10382 tcg_gen_add_i32(tmp, tmp, tmp2);
10384 tcg_temp_free_i32(tmp2);
10386 tmp64 = tcg_temp_new_i64();
10387 tcg_gen_ext_i32_i64(tmp64, tmp);
10388 tcg_temp_free_i32(tmp);
10389 gen_addq(s, tmp64, rs, rd);
10390 gen_storeq_reg(s, rs, rd, tmp64);
10391 tcg_temp_free_i64(tmp64);
10393 /* Signed/unsigned 64-bit multiply, in decodetree */
10394 tcg_temp_free_i32(tmp2);
10395 tcg_temp_free_i32(tmp);
10401 case 6: case 7: case 14: case 15:
10403 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10404 /* 0b111x_11xx_xxxx_xxxx_xxxx_xxxx_xxxx_xxxx */
10405 if (extract32(insn, 24, 2) == 3) {
10406 goto illegal_op; /* op0 = 0b11 : unallocated */
10410 * Decode VLLDM and VLSTM first: these are nonstandard because:
10411 * * if there is no FPU then these insns must NOP in
10412 * Secure state and UNDEF in Nonsecure state
10413 * * if there is an FPU then these insns do not have
10414 * the usual behaviour that disas_vfp_insn() provides of
10415 * being controlled by CPACR/NSACR enable bits or the
10416 * lazy-stacking logic.
10418 if (arm_dc_feature(s, ARM_FEATURE_V8) &&
10419 (insn & 0xffa00f00) == 0xec200a00) {
10420 /* 0b1110_1100_0x1x_xxxx_xxxx_1010_xxxx_xxxx
10422 * We choose to UNDEF if the RAZ bits are non-zero.
10424 if (!s->v8m_secure || (insn & 0x0040f0ff)) {
10428 if (arm_dc_feature(s, ARM_FEATURE_VFP)) {
10429 TCGv_i32 fptr = load_reg(s, rn);
10431 if (extract32(insn, 20, 1)) {
10432 gen_helper_v7m_vlldm(cpu_env, fptr);
10434 gen_helper_v7m_vlstm(cpu_env, fptr);
10436 tcg_temp_free_i32(fptr);
10438 /* End the TB, because we have updated FP control bits */
10439 s->base.is_jmp = DISAS_UPDATE;
10443 if (arm_dc_feature(s, ARM_FEATURE_VFP) &&
10444 ((insn >> 8) & 0xe) == 10) {
10445 /* FP, and the CPU supports it */
10446 if (disas_vfp_insn(s, insn)) {
10452 /* All other insns: NOCP */
10453 gen_exception_insn(s, s->pc_curr, EXCP_NOCP, syn_uncategorized(),
10454 default_exception_el(s));
10457 if ((insn & 0xfe000a00) == 0xfc000800
10458 && arm_dc_feature(s, ARM_FEATURE_V8)) {
10459 /* The Thumb2 and ARM encodings are identical. */
10460 if (disas_neon_insn_3same_ext(s, insn)) {
10463 } else if ((insn & 0xff000a00) == 0xfe000800
10464 && arm_dc_feature(s, ARM_FEATURE_V8)) {
10465 /* The Thumb2 and ARM encodings are identical. */
10466 if (disas_neon_insn_2reg_scalar_ext(s, insn)) {
10469 } else if (((insn >> 24) & 3) == 3) {
10470 /* Translate into the equivalent ARM encoding. */
10471 insn = (insn & 0xe2ffffff) | ((insn & (1 << 28)) >> 4) | (1 << 28);
10472 if (disas_neon_data_insn(s, insn)) {
10475 } else if (((insn >> 8) & 0xe) == 10) {
10476 if (disas_vfp_insn(s, insn)) {
10480 if (insn & (1 << 28))
10482 if (disas_coproc_insn(s, insn)) {
10487 case 8: case 9: case 10: case 11:
10488 if (insn & (1 << 15)) {
10489 /* Branches, misc control. */
10490 if (insn & 0x5000) {
10491 /* Unconditional branch. */
10492 /* signextend(hw1[10:0]) -> offset[:12]. */
10493 offset = ((int32_t)insn << 5) >> 9 & ~(int32_t)0xfff;
10494 /* hw1[10:0] -> offset[11:1]. */
10495 offset |= (insn & 0x7ff) << 1;
10496 /* (~hw2[13, 11] ^ offset[24]) -> offset[23,22]
10497 offset[24:22] already have the same value because of the
10498 sign extension above. */
10499 offset ^= ((~insn) & (1 << 13)) << 10;
10500 offset ^= ((~insn) & (1 << 11)) << 11;
10502 if (insn & (1 << 14)) {
10503 /* Branch and link. */
10504 tcg_gen_movi_i32(cpu_R[14], s->base.pc_next | 1);
10507 offset += read_pc(s);
10508 if (insn & (1 << 12)) {
10510 gen_jmp(s, offset);
10513 offset &= ~(uint32_t)2;
10514 /* thumb2 bx, no need to check */
10515 gen_bx_im(s, offset);
10517 } else if (((insn >> 23) & 7) == 7) {
10519 if (insn & (1 << 13))
10522 if (insn & (1 << 26)) {
10523 /* hvc, smc, in decodetree */
10526 op = (insn >> 20) & 7;
10528 case 0: /* msr cpsr, in decodetree */
10529 case 1: /* msr spsr, in decodetree */
10531 case 2: /* cps, nop-hint. */
10532 /* nop hints in decodetree */
10533 /* Implemented as NOP in user mode. */
10538 if (insn & (1 << 10)) {
10539 if (insn & (1 << 7))
10541 if (insn & (1 << 6))
10543 if (insn & (1 << 5))
10545 if (insn & (1 << 9))
10546 imm = CPSR_A | CPSR_I | CPSR_F;
10548 if (insn & (1 << 8)) {
10550 imm |= (insn & 0x1f);
10553 gen_set_psr_im(s, offset, 0, imm);
10556 case 3: /* Special control operations. */
10557 if (!arm_dc_feature(s, ARM_FEATURE_V7) &&
10558 !arm_dc_feature(s, ARM_FEATURE_M)) {
10561 op = (insn >> 4) & 0xf;
10563 case 2: /* clrex */
10568 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
10571 /* We need to break the TB after this insn
10572 * to execute self-modifying code correctly
10573 * and also to take any pending interrupts
10576 gen_goto_tb(s, 0, s->base.pc_next);
10579 if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
10583 * TODO: There is no speculation barrier opcode
10584 * for TCG; MB and end the TB instead.
10586 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
10587 gen_goto_tb(s, 0, s->base.pc_next);
10593 case 4: /* bxj, in decodetree */
10595 case 5: /* Exception return. */
10596 case 6: /* MRS, in decodetree */
10597 case 7: /* MSR, in decodetree */
10602 /* Conditional branch. */
10603 op = (insn >> 22) & 0xf;
10604 /* Generate a conditional jump to next instruction. */
10605 arm_skip_unless(s, op);
10607 /* offset[11:1] = insn[10:0] */
10608 offset = (insn & 0x7ff) << 1;
10609 /* offset[17:12] = insn[21:16]. */
10610 offset |= (insn & 0x003f0000) >> 4;
10611 /* offset[31:20] = insn[26]. */
10612 offset |= ((int32_t)((insn << 5) & 0x80000000)) >> 11;
10613 /* offset[18] = insn[13]. */
10614 offset |= (insn & (1 << 13)) << 5;
10615 /* offset[19] = insn[11]. */
10616 offset |= (insn & (1 << 11)) << 8;
10618 /* jump to the offset */
10619 gen_jmp(s, read_pc(s) + offset);
10623 * 0b1111_0xxx_xxxx_0xxx_xxxx_xxxx
10624 * - Data-processing (modified immediate, plain binary immediate)
10626 if (insn & (1 << 25)) {
10628 * 0b1111_0x1x_xxxx_0xxx_xxxx_xxxx
10629 * - Data-processing (plain binary immediate)
10631 if (insn & (1 << 24)) {
10632 if (insn & (1 << 20))
10634 /* Bitfield/Saturate. */
10635 op = (insn >> 21) & 7;
10637 shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
10639 tmp = tcg_temp_new_i32();
10640 tcg_gen_movi_i32(tmp, 0);
10642 tmp = load_reg(s, rn);
10645 case 2: /* Signed bitfield extract. */
10647 if (shift + imm > 32)
10650 tcg_gen_sextract_i32(tmp, tmp, shift, imm);
10653 case 6: /* Unsigned bitfield extract. */
10655 if (shift + imm > 32)
10658 tcg_gen_extract_i32(tmp, tmp, shift, imm);
10661 case 3: /* Bitfield insert/clear. */
10664 imm = imm + 1 - shift;
10666 tmp2 = load_reg(s, rd);
10667 tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, imm);
10668 tcg_temp_free_i32(tmp2);
10673 default: /* Saturate. */
10675 tcg_gen_sari_i32(tmp, tmp, shift);
10677 tcg_gen_shli_i32(tmp, tmp, shift);
10679 tmp2 = tcg_const_i32(imm);
10682 if ((op & 1) && shift == 0) {
10683 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10684 tcg_temp_free_i32(tmp);
10685 tcg_temp_free_i32(tmp2);
10688 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
10690 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
10694 if ((op & 1) && shift == 0) {
10695 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10696 tcg_temp_free_i32(tmp);
10697 tcg_temp_free_i32(tmp2);
10700 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
10702 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
10705 tcg_temp_free_i32(tmp2);
10708 store_reg(s, rd, tmp);
10710 imm = ((insn & 0x04000000) >> 15)
10711 | ((insn & 0x7000) >> 4) | (insn & 0xff);
10712 if (insn & (1 << 22)) {
10713 /* 16-bit immediate. */
10714 imm |= (insn >> 4) & 0xf000;
10715 if (insn & (1 << 23)) {
10717 tmp = load_reg(s, rd);
10718 tcg_gen_ext16u_i32(tmp, tmp);
10719 tcg_gen_ori_i32(tmp, tmp, imm << 16);
10722 tmp = tcg_temp_new_i32();
10723 tcg_gen_movi_i32(tmp, imm);
10725 store_reg(s, rd, tmp);
10727 /* Add/sub 12-bit immediate. */
10728 if (insn & (1 << 23)) {
10731 tmp = add_reg_for_lit(s, rn, imm);
10732 if (rn == 13 && rd == 13) {
10733 /* ADD SP, SP, imm or SUB SP, SP, imm */
10734 store_sp_checked(s, tmp);
10736 store_reg(s, rd, tmp);
10741 /* Data-processing (modified immediate) */
10742 /* All done in decodetree. Reach here for illegal ops. */
10747 case 12: /* Load/store single data item. */
10754 if ((insn & 0x01100000) == 0x01000000) {
10755 if (disas_neon_ls_insn(s, insn)) {
10760 op = ((insn >> 21) & 3) | ((insn >> 22) & 4);
10762 if (!(insn & (1 << 20))) {
10766 /* Byte or halfword load space with dest == r15 : memory hints.
10767 * Catch them early so we don't emit pointless addressing code.
10768 * This space is a mix of:
10769 * PLD/PLDW/PLI, which we implement as NOPs (note that unlike
10770 * the ARM encodings, PLDW space doesn't UNDEF for non-v7MP
10772 * unallocated hints, which must be treated as NOPs
10773 * UNPREDICTABLE space, which we NOP or UNDEF depending on
10774 * which is easiest for the decoding logic
10775 * Some space which must UNDEF
10777 int op1 = (insn >> 23) & 3;
10778 int op2 = (insn >> 6) & 0x3f;
10783 /* UNPREDICTABLE, unallocated hint or
10784 * PLD/PLDW/PLI (literal)
10789 return; /* PLD/PLDW/PLI or unallocated hint */
10791 if ((op2 == 0) || ((op2 & 0x3c) == 0x30)) {
10792 return; /* PLD/PLDW/PLI or unallocated hint */
10794 /* UNDEF space, or an UNPREDICTABLE */
10798 memidx = get_mem_index(s);
10799 imm = insn & 0xfff;
10800 if (insn & (1 << 23)) {
10801 /* PC relative or Positive offset. */
10802 addr = add_reg_for_lit(s, rn, imm);
10803 } else if (rn == 15) {
10804 /* PC relative with negative offset. */
10805 addr = add_reg_for_lit(s, rn, -imm);
10807 addr = load_reg(s, rn);
10809 switch ((insn >> 8) & 0xf) {
10810 case 0x0: /* Shifted Register. */
10811 shift = (insn >> 4) & 0xf;
10813 tcg_temp_free_i32(addr);
10816 tmp = load_reg(s, rm);
10817 tcg_gen_shli_i32(tmp, tmp, shift);
10818 tcg_gen_add_i32(addr, addr, tmp);
10819 tcg_temp_free_i32(tmp);
10821 case 0xc: /* Negative offset. */
10822 tcg_gen_addi_i32(addr, addr, -imm);
10824 case 0xe: /* User privilege. */
10825 tcg_gen_addi_i32(addr, addr, imm);
10826 memidx = get_a32_user_mem_index(s);
10828 case 0x9: /* Post-decrement. */
10830 /* Fall through. */
10831 case 0xb: /* Post-increment. */
10835 case 0xd: /* Pre-decrement. */
10837 /* Fall through. */
10838 case 0xf: /* Pre-increment. */
10842 tcg_temp_free_i32(addr);
10847 issinfo = writeback ? ISSInvalid : rs;
10849 if (s->v8m_stackcheck && rn == 13 && writeback) {
10851 * Stackcheck. Here we know 'addr' is the current SP;
10852 * if imm is +ve we're moving SP up, else down. It is
10853 * UNKNOWN whether the limit check triggers when SP starts
10854 * below the limit and ends up above it; we chose to do so.
10856 if ((int32_t)imm < 0) {
10857 TCGv_i32 newsp = tcg_temp_new_i32();
10859 tcg_gen_addi_i32(newsp, addr, imm);
10860 gen_helper_v8m_stackcheck(cpu_env, newsp);
10861 tcg_temp_free_i32(newsp);
10863 gen_helper_v8m_stackcheck(cpu_env, addr);
10867 if (writeback && !postinc) {
10868 tcg_gen_addi_i32(addr, addr, imm);
10871 if (insn & (1 << 20)) {
10873 tmp = tcg_temp_new_i32();
10876 gen_aa32_ld8u_iss(s, tmp, addr, memidx, issinfo);
10879 gen_aa32_ld8s_iss(s, tmp, addr, memidx, issinfo);
10882 gen_aa32_ld16u_iss(s, tmp, addr, memidx, issinfo);
10885 gen_aa32_ld16s_iss(s, tmp, addr, memidx, issinfo);
10888 gen_aa32_ld32u_iss(s, tmp, addr, memidx, issinfo);
10891 tcg_temp_free_i32(tmp);
10892 tcg_temp_free_i32(addr);
10895 store_reg_from_load(s, rs, tmp);
10898 tmp = load_reg(s, rs);
10901 gen_aa32_st8_iss(s, tmp, addr, memidx, issinfo);
10904 gen_aa32_st16_iss(s, tmp, addr, memidx, issinfo);
10907 gen_aa32_st32_iss(s, tmp, addr, memidx, issinfo);
10910 tcg_temp_free_i32(tmp);
10911 tcg_temp_free_i32(addr);
10914 tcg_temp_free_i32(tmp);
10917 tcg_gen_addi_i32(addr, addr, imm);
10919 store_reg(s, rn, addr);
10921 tcg_temp_free_i32(addr);
10930 unallocated_encoding(s);
10933 static void disas_thumb_insn(DisasContext *s, uint32_t insn)
10935 uint32_t val, op, rm, rn, rd, shift, cond;
10942 switch (insn >> 12) {
10946 op = (insn >> 11) & 3;
10949 * 0b0001_1xxx_xxxx_xxxx
10950 * - Add, subtract (three low registers)
10951 * - Add, subtract (two low registers and immediate)
10953 rn = (insn >> 3) & 7;
10954 tmp = load_reg(s, rn);
10955 if (insn & (1 << 10)) {
10957 tmp2 = tcg_temp_new_i32();
10958 tcg_gen_movi_i32(tmp2, (insn >> 6) & 7);
10961 rm = (insn >> 6) & 7;
10962 tmp2 = load_reg(s, rm);
10964 if (insn & (1 << 9)) {
10965 if (s->condexec_mask)
10966 tcg_gen_sub_i32(tmp, tmp, tmp2);
10968 gen_sub_CC(tmp, tmp, tmp2);
10970 if (s->condexec_mask)
10971 tcg_gen_add_i32(tmp, tmp, tmp2);
10973 gen_add_CC(tmp, tmp, tmp2);
10975 tcg_temp_free_i32(tmp2);
10976 store_reg(s, rd, tmp);
10978 /* shift immediate */
10979 rm = (insn >> 3) & 7;
10980 shift = (insn >> 6) & 0x1f;
10981 tmp = load_reg(s, rm);
10982 gen_arm_shift_im(tmp, op, shift, s->condexec_mask == 0);
10983 if (!s->condexec_mask)
10985 store_reg(s, rd, tmp);
10990 * 0b001x_xxxx_xxxx_xxxx
10991 * - Add, subtract, compare, move (one low register and immediate)
10993 op = (insn >> 11) & 3;
10994 rd = (insn >> 8) & 0x7;
10995 if (op == 0) { /* mov */
10996 tmp = tcg_temp_new_i32();
10997 tcg_gen_movi_i32(tmp, insn & 0xff);
10998 if (!s->condexec_mask)
11000 store_reg(s, rd, tmp);
11002 tmp = load_reg(s, rd);
11003 tmp2 = tcg_temp_new_i32();
11004 tcg_gen_movi_i32(tmp2, insn & 0xff);
11007 gen_sub_CC(tmp, tmp, tmp2);
11008 tcg_temp_free_i32(tmp);
11009 tcg_temp_free_i32(tmp2);
11012 if (s->condexec_mask)
11013 tcg_gen_add_i32(tmp, tmp, tmp2);
11015 gen_add_CC(tmp, tmp, tmp2);
11016 tcg_temp_free_i32(tmp2);
11017 store_reg(s, rd, tmp);
11020 if (s->condexec_mask)
11021 tcg_gen_sub_i32(tmp, tmp, tmp2);
11023 gen_sub_CC(tmp, tmp, tmp2);
11024 tcg_temp_free_i32(tmp2);
11025 store_reg(s, rd, tmp);
11031 if (insn & (1 << 11)) {
11032 rd = (insn >> 8) & 7;
11033 /* load pc-relative. Bit 1 of PC is ignored. */
11034 addr = add_reg_for_lit(s, 15, (insn & 0xff) * 4);
11035 tmp = tcg_temp_new_i32();
11036 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
11038 tcg_temp_free_i32(addr);
11039 store_reg(s, rd, tmp);
11042 if (insn & (1 << 10)) {
11043 /* 0b0100_01xx_xxxx_xxxx
11044 * - data processing extended, branch and exchange
11046 rd = (insn & 7) | ((insn >> 4) & 8);
11047 rm = (insn >> 3) & 0xf;
11048 op = (insn >> 8) & 3;
11051 tmp = load_reg(s, rd);
11052 tmp2 = load_reg(s, rm);
11053 tcg_gen_add_i32(tmp, tmp, tmp2);
11054 tcg_temp_free_i32(tmp2);
11056 /* ADD SP, SP, reg */
11057 store_sp_checked(s, tmp);
11059 store_reg(s, rd, tmp);
11063 tmp = load_reg(s, rd);
11064 tmp2 = load_reg(s, rm);
11065 gen_sub_CC(tmp, tmp, tmp2);
11066 tcg_temp_free_i32(tmp2);
11067 tcg_temp_free_i32(tmp);
11069 case 2: /* mov/cpy */
11070 tmp = load_reg(s, rm);
11073 store_sp_checked(s, tmp);
11075 store_reg(s, rd, tmp);
11080 /* 0b0100_0111_xxxx_xxxx
11081 * - branch [and link] exchange thumb register
11083 bool link = insn & (1 << 7);
11092 /* BXNS/BLXNS: only exists for v8M with the
11093 * security extensions, and always UNDEF if NonSecure.
11094 * We don't implement these in the user-only mode
11095 * either (in theory you can use them from Secure User
11096 * mode but they are too tied in to system emulation.)
11098 if (!s->v8m_secure || IS_USER_ONLY) {
11109 tmp = load_reg(s, rm);
11111 val = (uint32_t)s->base.pc_next | 1;
11112 tmp2 = tcg_temp_new_i32();
11113 tcg_gen_movi_i32(tmp2, val);
11114 store_reg(s, 14, tmp2);
11117 /* Only BX works as exception-return, not BLX */
11118 gen_bx_excret(s, tmp);
11127 * 0b0100_00xx_xxxx_xxxx
11128 * - Data-processing (two low registers)
11131 rm = (insn >> 3) & 7;
11132 op = (insn >> 6) & 0xf;
11133 if (op == 2 || op == 3 || op == 4 || op == 7) {
11134 /* the shift/rotate ops want the operands backwards */
11143 if (op == 9) { /* neg */
11144 tmp = tcg_temp_new_i32();
11145 tcg_gen_movi_i32(tmp, 0);
11146 } else if (op != 0xf) { /* mvn doesn't read its first operand */
11147 tmp = load_reg(s, rd);
11152 tmp2 = load_reg(s, rm);
11154 case 0x0: /* and */
11155 tcg_gen_and_i32(tmp, tmp, tmp2);
11156 if (!s->condexec_mask)
11159 case 0x1: /* eor */
11160 tcg_gen_xor_i32(tmp, tmp, tmp2);
11161 if (!s->condexec_mask)
11164 case 0x2: /* lsl */
11165 if (s->condexec_mask) {
11166 gen_shl(tmp2, tmp2, tmp);
11168 gen_helper_shl_cc(tmp2, cpu_env, tmp2, tmp);
11169 gen_logic_CC(tmp2);
11172 case 0x3: /* lsr */
11173 if (s->condexec_mask) {
11174 gen_shr(tmp2, tmp2, tmp);
11176 gen_helper_shr_cc(tmp2, cpu_env, tmp2, tmp);
11177 gen_logic_CC(tmp2);
11180 case 0x4: /* asr */
11181 if (s->condexec_mask) {
11182 gen_sar(tmp2, tmp2, tmp);
11184 gen_helper_sar_cc(tmp2, cpu_env, tmp2, tmp);
11185 gen_logic_CC(tmp2);
11188 case 0x5: /* adc */
11189 if (s->condexec_mask) {
11190 gen_adc(tmp, tmp2);
11192 gen_adc_CC(tmp, tmp, tmp2);
11195 case 0x6: /* sbc */
11196 if (s->condexec_mask) {
11197 gen_sub_carry(tmp, tmp, tmp2);
11199 gen_sbc_CC(tmp, tmp, tmp2);
11202 case 0x7: /* ror */
11203 if (s->condexec_mask) {
11204 tcg_gen_andi_i32(tmp, tmp, 0x1f);
11205 tcg_gen_rotr_i32(tmp2, tmp2, tmp);
11207 gen_helper_ror_cc(tmp2, cpu_env, tmp2, tmp);
11208 gen_logic_CC(tmp2);
11211 case 0x8: /* tst */
11212 tcg_gen_and_i32(tmp, tmp, tmp2);
11216 case 0x9: /* neg */
11217 if (s->condexec_mask)
11218 tcg_gen_neg_i32(tmp, tmp2);
11220 gen_sub_CC(tmp, tmp, tmp2);
11222 case 0xa: /* cmp */
11223 gen_sub_CC(tmp, tmp, tmp2);
11226 case 0xb: /* cmn */
11227 gen_add_CC(tmp, tmp, tmp2);
11230 case 0xc: /* orr */
11231 tcg_gen_or_i32(tmp, tmp, tmp2);
11232 if (!s->condexec_mask)
11235 case 0xd: /* mul */
11236 tcg_gen_mul_i32(tmp, tmp, tmp2);
11237 if (!s->condexec_mask)
11240 case 0xe: /* bic */
11241 tcg_gen_andc_i32(tmp, tmp, tmp2);
11242 if (!s->condexec_mask)
11245 case 0xf: /* mvn */
11246 tcg_gen_not_i32(tmp2, tmp2);
11247 if (!s->condexec_mask)
11248 gen_logic_CC(tmp2);
11255 store_reg(s, rm, tmp2);
11257 tcg_temp_free_i32(tmp);
11259 store_reg(s, rd, tmp);
11260 tcg_temp_free_i32(tmp2);
11263 tcg_temp_free_i32(tmp);
11264 tcg_temp_free_i32(tmp2);
11269 /* load/store register offset. */
11271 rn = (insn >> 3) & 7;
11272 rm = (insn >> 6) & 7;
11273 op = (insn >> 9) & 7;
11274 addr = load_reg(s, rn);
11275 tmp = load_reg(s, rm);
11276 tcg_gen_add_i32(addr, addr, tmp);
11277 tcg_temp_free_i32(tmp);
11279 if (op < 3) { /* store */
11280 tmp = load_reg(s, rd);
11282 tmp = tcg_temp_new_i32();
11287 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11290 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11293 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11295 case 3: /* ldrsb */
11296 gen_aa32_ld8s_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11299 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11302 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11305 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11307 case 7: /* ldrsh */
11308 gen_aa32_ld16s_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11311 if (op >= 3) { /* load */
11312 store_reg(s, rd, tmp);
11314 tcg_temp_free_i32(tmp);
11316 tcg_temp_free_i32(addr);
11320 /* load/store word immediate offset */
11322 rn = (insn >> 3) & 7;
11323 addr = load_reg(s, rn);
11324 val = (insn >> 4) & 0x7c;
11325 tcg_gen_addi_i32(addr, addr, val);
11327 if (insn & (1 << 11)) {
11329 tmp = tcg_temp_new_i32();
11330 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11331 store_reg(s, rd, tmp);
11334 tmp = load_reg(s, rd);
11335 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11336 tcg_temp_free_i32(tmp);
11338 tcg_temp_free_i32(addr);
11342 /* load/store byte immediate offset */
11344 rn = (insn >> 3) & 7;
11345 addr = load_reg(s, rn);
11346 val = (insn >> 6) & 0x1f;
11347 tcg_gen_addi_i32(addr, addr, val);
11349 if (insn & (1 << 11)) {
11351 tmp = tcg_temp_new_i32();
11352 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11353 store_reg(s, rd, tmp);
11356 tmp = load_reg(s, rd);
11357 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11358 tcg_temp_free_i32(tmp);
11360 tcg_temp_free_i32(addr);
11364 /* load/store halfword immediate offset */
11366 rn = (insn >> 3) & 7;
11367 addr = load_reg(s, rn);
11368 val = (insn >> 5) & 0x3e;
11369 tcg_gen_addi_i32(addr, addr, val);
11371 if (insn & (1 << 11)) {
11373 tmp = tcg_temp_new_i32();
11374 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11375 store_reg(s, rd, tmp);
11378 tmp = load_reg(s, rd);
11379 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11380 tcg_temp_free_i32(tmp);
11382 tcg_temp_free_i32(addr);
11386 /* load/store from stack */
11387 rd = (insn >> 8) & 7;
11388 addr = load_reg(s, 13);
11389 val = (insn & 0xff) * 4;
11390 tcg_gen_addi_i32(addr, addr, val);
11392 if (insn & (1 << 11)) {
11394 tmp = tcg_temp_new_i32();
11395 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11396 store_reg(s, rd, tmp);
11399 tmp = load_reg(s, rd);
11400 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11401 tcg_temp_free_i32(tmp);
11403 tcg_temp_free_i32(addr);
11408 * 0b1010_xxxx_xxxx_xxxx
11409 * - Add PC/SP (immediate)
11411 rd = (insn >> 8) & 7;
11412 val = (insn & 0xff) * 4;
11413 tmp = add_reg_for_lit(s, insn & (1 << 11) ? 13 : 15, val);
11414 store_reg(s, rd, tmp);
11419 op = (insn >> 8) & 0xf;
11423 * 0b1011_0000_xxxx_xxxx
11424 * - ADD (SP plus immediate)
11425 * - SUB (SP minus immediate)
11427 tmp = load_reg(s, 13);
11428 val = (insn & 0x7f) * 4;
11429 if (insn & (1 << 7))
11430 val = -(int32_t)val;
11431 tcg_gen_addi_i32(tmp, tmp, val);
11432 store_sp_checked(s, tmp);
11435 case 2: /* sign/zero extend. */
11438 rm = (insn >> 3) & 7;
11439 tmp = load_reg(s, rm);
11440 switch ((insn >> 6) & 3) {
11441 case 0: gen_sxth(tmp); break;
11442 case 1: gen_sxtb(tmp); break;
11443 case 2: gen_uxth(tmp); break;
11444 case 3: gen_uxtb(tmp); break;
11446 store_reg(s, rd, tmp);
11448 case 4: case 5: case 0xc: case 0xd:
11450 * 0b1011_x10x_xxxx_xxxx
11453 addr = load_reg(s, 13);
11454 if (insn & (1 << 8))
11458 for (i = 0; i < 8; i++) {
11459 if (insn & (1 << i))
11462 if ((insn & (1 << 11)) == 0) {
11463 tcg_gen_addi_i32(addr, addr, -offset);
11466 if (s->v8m_stackcheck) {
11468 * Here 'addr' is the lower of "old SP" and "new SP";
11469 * if this is a pop that starts below the limit and ends
11470 * above it, it is UNKNOWN whether the limit check triggers;
11471 * we choose to trigger.
11473 gen_helper_v8m_stackcheck(cpu_env, addr);
11476 for (i = 0; i < 8; i++) {
11477 if (insn & (1 << i)) {
11478 if (insn & (1 << 11)) {
11480 tmp = tcg_temp_new_i32();
11481 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11482 store_reg(s, i, tmp);
11485 tmp = load_reg(s, i);
11486 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11487 tcg_temp_free_i32(tmp);
11489 /* advance to the next address. */
11490 tcg_gen_addi_i32(addr, addr, 4);
11494 if (insn & (1 << 8)) {
11495 if (insn & (1 << 11)) {
11497 tmp = tcg_temp_new_i32();
11498 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11499 /* don't set the pc until the rest of the instruction
11503 tmp = load_reg(s, 14);
11504 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11505 tcg_temp_free_i32(tmp);
11507 tcg_gen_addi_i32(addr, addr, 4);
11509 if ((insn & (1 << 11)) == 0) {
11510 tcg_gen_addi_i32(addr, addr, -offset);
11512 /* write back the new stack pointer */
11513 store_reg(s, 13, addr);
11514 /* set the new PC value */
11515 if ((insn & 0x0900) == 0x0900) {
11516 store_reg_from_load(s, 15, tmp);
11520 case 1: case 3: case 9: case 11: /* czb */
11522 tmp = load_reg(s, rm);
11523 arm_gen_condlabel(s);
11524 if (insn & (1 << 11))
11525 tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, s->condlabel);
11527 tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, s->condlabel);
11528 tcg_temp_free_i32(tmp);
11529 offset = ((insn & 0xf8) >> 2) | (insn & 0x200) >> 3;
11530 gen_jmp(s, read_pc(s) + offset);
11533 case 15: /* IT, nop-hint. */
11534 if ((insn & 0xf) == 0) {
11535 gen_nop_hint(s, (insn >> 4) & 0xf);
11541 * Combinations of firstcond and mask which set up an 0b1111
11542 * condition are UNPREDICTABLE; we take the CONSTRAINED
11543 * UNPREDICTABLE choice to treat 0b1111 the same as 0b1110,
11544 * i.e. both meaning "execute always".
11546 s->condexec_cond = (insn >> 4) & 0xe;
11547 s->condexec_mask = insn & 0x1f;
11548 /* No actual code generated for this insn, just setup state. */
11551 case 0xe: /* bkpt */
11553 int imm8 = extract32(insn, 0, 8);
11555 gen_exception_bkpt_insn(s, syn_aa32_bkpt(imm8, true));
11559 case 0xa: /* rev, and hlt */
11561 int op1 = extract32(insn, 6, 2);
11565 int imm6 = extract32(insn, 0, 6);
11571 /* Otherwise this is rev */
11573 rn = (insn >> 3) & 0x7;
11575 tmp = load_reg(s, rn);
11577 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
11578 case 1: gen_rev16(tmp); break;
11579 case 3: gen_revsh(tmp); break;
11581 g_assert_not_reached();
11583 store_reg(s, rd, tmp);
11588 switch ((insn >> 5) & 7) {
11592 if (((insn >> 3) & 1) != !!(s->be_data == MO_BE)) {
11593 gen_helper_setend(cpu_env);
11594 s->base.is_jmp = DISAS_UPDATE;
11603 if (arm_dc_feature(s, ARM_FEATURE_M)) {
11604 tmp = tcg_const_i32((insn & (1 << 4)) != 0);
11607 addr = tcg_const_i32(19);
11608 gen_helper_v7m_msr(cpu_env, addr, tmp);
11609 tcg_temp_free_i32(addr);
11613 addr = tcg_const_i32(16);
11614 gen_helper_v7m_msr(cpu_env, addr, tmp);
11615 tcg_temp_free_i32(addr);
11617 tcg_temp_free_i32(tmp);
11620 if (insn & (1 << 4)) {
11621 shift = CPSR_A | CPSR_I | CPSR_F;
11625 gen_set_psr_im(s, ((insn & 7) << 6), 0, shift);
11640 /* load/store multiple */
11641 TCGv_i32 loaded_var = NULL;
11642 rn = (insn >> 8) & 0x7;
11643 addr = load_reg(s, rn);
11644 for (i = 0; i < 8; i++) {
11645 if (insn & (1 << i)) {
11646 if (insn & (1 << 11)) {
11648 tmp = tcg_temp_new_i32();
11649 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11653 store_reg(s, i, tmp);
11657 tmp = load_reg(s, i);
11658 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11659 tcg_temp_free_i32(tmp);
11661 /* advance to the next address */
11662 tcg_gen_addi_i32(addr, addr, 4);
11665 if ((insn & (1 << rn)) == 0) {
11666 /* base reg not in list: base register writeback */
11667 store_reg(s, rn, addr);
11669 /* base reg in list: if load, complete it now */
11670 if (insn & (1 << 11)) {
11671 store_reg(s, rn, loaded_var);
11673 tcg_temp_free_i32(addr);
11678 /* conditional branch or swi */
11679 cond = (insn >> 8) & 0xf;
11685 gen_set_pc_im(s, s->base.pc_next);
11686 s->svc_imm = extract32(insn, 0, 8);
11687 s->base.is_jmp = DISAS_SWI;
11690 /* generate a conditional jump to next instruction */
11691 arm_skip_unless(s, cond);
11693 /* jump to the offset */
11695 offset = ((int32_t)insn << 24) >> 24;
11696 val += offset << 1;
11701 if (insn & (1 << 11)) {
11702 /* thumb_insn_is_16bit() ensures we can't get here for
11703 * a Thumb2 CPU, so this must be a thumb1 split BL/BLX:
11704 * 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF)
11706 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2));
11708 offset = ((insn & 0x7ff) << 1);
11709 tmp = load_reg(s, 14);
11710 tcg_gen_addi_i32(tmp, tmp, offset);
11711 tcg_gen_andi_i32(tmp, tmp, 0xfffffffc);
11713 tmp2 = tcg_temp_new_i32();
11714 tcg_gen_movi_i32(tmp2, s->base.pc_next | 1);
11715 store_reg(s, 14, tmp2);
11719 /* unconditional branch */
11721 offset = ((int32_t)insn << 21) >> 21;
11722 val += offset << 1;
11727 /* thumb_insn_is_16bit() ensures we can't get here for
11728 * a Thumb2 CPU, so this must be a thumb1 split BL/BLX.
11730 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2));
11732 if (insn & (1 << 11)) {
11733 /* 0b1111_1xxx_xxxx_xxxx : BL suffix */
11734 offset = ((insn & 0x7ff) << 1) | 1;
11735 tmp = load_reg(s, 14);
11736 tcg_gen_addi_i32(tmp, tmp, offset);
11738 tmp2 = tcg_temp_new_i32();
11739 tcg_gen_movi_i32(tmp2, s->base.pc_next | 1);
11740 store_reg(s, 14, tmp2);
11743 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix */
11744 uint32_t uoffset = ((int32_t)insn << 21) >> 9;
11746 tcg_gen_movi_i32(cpu_R[14], read_pc(s) + uoffset);
11753 unallocated_encoding(s);
11756 static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
11758 /* Return true if the insn at dc->base.pc_next might cross a page boundary.
11759 * (False positives are OK, false negatives are not.)
11760 * We know this is a Thumb insn, and our caller ensures we are
11761 * only called if dc->base.pc_next is less than 4 bytes from the page
11762 * boundary, so we cross the page if the first 16 bits indicate
11763 * that this is a 32 bit insn.
11765 uint16_t insn = arm_lduw_code(env, s->base.pc_next, s->sctlr_b);
11767 return !thumb_insn_is_16bit(s, s->base.pc_next, insn);
11770 static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
11772 DisasContext *dc = container_of(dcbase, DisasContext, base);
11773 CPUARMState *env = cs->env_ptr;
11774 ARMCPU *cpu = env_archcpu(env);
11775 uint32_t tb_flags = dc->base.tb->flags;
11776 uint32_t condexec, core_mmu_idx;
11778 dc->isar = &cpu->isar;
11782 /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
11783 * there is no secure EL1, so we route exceptions to EL3.
11785 dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
11786 !arm_el_is_aa64(env, 3);
11787 dc->thumb = FIELD_EX32(tb_flags, TBFLAG_A32, THUMB);
11788 dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR_B);
11789 dc->be_data = FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
11790 condexec = FIELD_EX32(tb_flags, TBFLAG_A32, CONDEXEC);
11791 dc->condexec_mask = (condexec & 0xf) << 1;
11792 dc->condexec_cond = condexec >> 4;
11793 core_mmu_idx = FIELD_EX32(tb_flags, TBFLAG_ANY, MMUIDX);
11794 dc->mmu_idx = core_to_arm_mmu_idx(env, core_mmu_idx);
11795 dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
11796 #if !defined(CONFIG_USER_ONLY)
11797 dc->user = (dc->current_el == 0);
11799 dc->ns = FIELD_EX32(tb_flags, TBFLAG_A32, NS);
11800 dc->fp_excp_el = FIELD_EX32(tb_flags, TBFLAG_ANY, FPEXC_EL);
11801 dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN);
11802 dc->vec_len = FIELD_EX32(tb_flags, TBFLAG_A32, VECLEN);
11803 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
11804 dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR);
11805 dc->vec_stride = 0;
11807 dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE);
11810 dc->v7m_handler_mode = FIELD_EX32(tb_flags, TBFLAG_A32, HANDLER);
11811 dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
11812 regime_is_secure(env, dc->mmu_idx);
11813 dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_A32, STACKCHECK);
11814 dc->v8m_fpccr_s_wrong = FIELD_EX32(tb_flags, TBFLAG_A32, FPCCR_S_WRONG);
11815 dc->v7m_new_fp_ctxt_needed =
11816 FIELD_EX32(tb_flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED);
11817 dc->v7m_lspact = FIELD_EX32(tb_flags, TBFLAG_A32, LSPACT);
11818 dc->cp_regs = cpu->cp_regs;
11819 dc->features = env->features;
11821 /* Single step state. The code-generation logic here is:
11823 * generate code with no special handling for single-stepping (except
11824 * that anything that can make us go to SS_ACTIVE == 1 must end the TB;
11825 * this happens anyway because those changes are all system register or
11827 * SS_ACTIVE == 1, PSTATE.SS == 1: (active-not-pending)
11828 * emit code for one insn
11829 * emit code to clear PSTATE.SS
11830 * emit code to generate software step exception for completed step
11831 * end TB (as usual for having generated an exception)
11832 * SS_ACTIVE == 1, PSTATE.SS == 0: (active-pending)
11833 * emit code to generate a software step exception
11836 dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
11837 dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
11838 dc->is_ldex = false;
11839 if (!arm_feature(env, ARM_FEATURE_M)) {
11840 dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
11843 dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
11845 /* If architectural single step active, limit to 1. */
11846 if (is_singlestepping(dc)) {
11847 dc->base.max_insns = 1;
11850 /* ARM is a fixed-length ISA. Bound the number of insns to execute
11851 to those left on the page. */
11853 int bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
11854 dc->base.max_insns = MIN(dc->base.max_insns, bound);
11857 cpu_V0 = tcg_temp_new_i64();
11858 cpu_V1 = tcg_temp_new_i64();
11859 /* FIXME: cpu_M0 can probably be the same as cpu_V0. */
11860 cpu_M0 = tcg_temp_new_i64();
11863 static void arm_tr_tb_start(DisasContextBase *dcbase, CPUState *cpu)
11865 DisasContext *dc = container_of(dcbase, DisasContext, base);
11867 /* A note on handling of the condexec (IT) bits:
11869 * We want to avoid the overhead of having to write the updated condexec
11870 * bits back to the CPUARMState for every instruction in an IT block. So:
11871 * (1) if the condexec bits are not already zero then we write
11872 * zero back into the CPUARMState now. This avoids complications trying
11873 * to do it at the end of the block. (For example if we don't do this
11874 * it's hard to identify whether we can safely skip writing condexec
11875 * at the end of the TB, which we definitely want to do for the case
11876 * where a TB doesn't do anything with the IT state at all.)
11877 * (2) if we are going to leave the TB then we call gen_set_condexec()
11878 * which will write the correct value into CPUARMState if zero is wrong.
11879 * This is done both for leaving the TB at the end, and for leaving
11880 * it because of an exception we know will happen, which is done in
11881 * gen_exception_insn(). The latter is necessary because we need to
11882 * leave the TB with the PC/IT state just prior to execution of the
11883 * instruction which caused the exception.
11884 * (3) if we leave the TB unexpectedly (eg a data abort on a load)
11885 * then the CPUARMState will be wrong and we need to reset it.
11886 * This is handled in the same way as restoration of the
11887 * PC in these situations; we save the value of the condexec bits
11888 * for each PC via tcg_gen_insn_start(), and restore_state_to_opc()
11889 * then uses this to restore them after an exception.
11891 * Note that there are no instructions which can read the condexec
11892 * bits, and none which can write non-static values to them, so
11893 * we don't need to care about whether CPUARMState is correct in the
11897 /* Reset the conditional execution bits immediately. This avoids
11898 complications trying to do it at the end of the block. */
11899 if (dc->condexec_mask || dc->condexec_cond) {
11900 TCGv_i32 tmp = tcg_temp_new_i32();
11901 tcg_gen_movi_i32(tmp, 0);
11902 store_cpu_field(tmp, condexec_bits);
11906 static void arm_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
11908 DisasContext *dc = container_of(dcbase, DisasContext, base);
11910 tcg_gen_insn_start(dc->base.pc_next,
11911 (dc->condexec_cond << 4) | (dc->condexec_mask >> 1),
11913 dc->insn_start = tcg_last_op();
11916 static bool arm_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
11917 const CPUBreakpoint *bp)
11919 DisasContext *dc = container_of(dcbase, DisasContext, base);
11921 if (bp->flags & BP_CPU) {
11922 gen_set_condexec(dc);
11923 gen_set_pc_im(dc, dc->base.pc_next);
11924 gen_helper_check_breakpoints(cpu_env);
11925 /* End the TB early; it's likely not going to be executed */
11926 dc->base.is_jmp = DISAS_TOO_MANY;
11928 gen_exception_internal_insn(dc, dc->base.pc_next, EXCP_DEBUG);
11929 /* The address covered by the breakpoint must be
11930 included in [tb->pc, tb->pc + tb->size) in order
11931 to for it to be properly cleared -- thus we
11932 increment the PC here so that the logic setting
11933 tb->size below does the right thing. */
11934 /* TODO: Advance PC by correct instruction length to
11935 * avoid disassembler error messages */
11936 dc->base.pc_next += 2;
11937 dc->base.is_jmp = DISAS_NORETURN;
11943 static bool arm_pre_translate_insn(DisasContext *dc)
11945 #ifdef CONFIG_USER_ONLY
11946 /* Intercept jump to the magic kernel page. */
11947 if (dc->base.pc_next >= 0xffff0000) {
11948 /* We always get here via a jump, so know we are not in a
11949 conditional execution block. */
11950 gen_exception_internal(EXCP_KERNEL_TRAP);
11951 dc->base.is_jmp = DISAS_NORETURN;
11956 if (dc->ss_active && !dc->pstate_ss) {
11957 /* Singlestep state is Active-pending.
11958 * If we're in this state at the start of a TB then either
11959 * a) we just took an exception to an EL which is being debugged
11960 * and this is the first insn in the exception handler
11961 * b) debug exceptions were masked and we just unmasked them
11962 * without changing EL (eg by clearing PSTATE.D)
11963 * In either case we're going to take a swstep exception in the
11964 * "did not step an insn" case, and so the syndrome ISV and EX
11965 * bits should be zero.
11967 assert(dc->base.num_insns == 1);
11968 gen_swstep_exception(dc, 0, 0);
11969 dc->base.is_jmp = DISAS_NORETURN;
11976 static void arm_post_translate_insn(DisasContext *dc)
11978 if (dc->condjmp && !dc->base.is_jmp) {
11979 gen_set_label(dc->condlabel);
11982 translator_loop_temp_check(&dc->base);
11985 static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
11987 DisasContext *dc = container_of(dcbase, DisasContext, base);
11988 CPUARMState *env = cpu->env_ptr;
11991 if (arm_pre_translate_insn(dc)) {
11995 dc->pc_curr = dc->base.pc_next;
11996 insn = arm_ldl_code(env, dc->base.pc_next, dc->sctlr_b);
11998 dc->base.pc_next += 4;
11999 disas_arm_insn(dc, insn);
12001 arm_post_translate_insn(dc);
12003 /* ARM is a fixed-length ISA. We performed the cross-page check
12004 in init_disas_context by adjusting max_insns. */
12007 static bool thumb_insn_is_unconditional(DisasContext *s, uint32_t insn)
12009 /* Return true if this Thumb insn is always unconditional,
12010 * even inside an IT block. This is true of only a very few
12011 * instructions: BKPT, HLT, and SG.
12013 * A larger class of instructions are UNPREDICTABLE if used
12014 * inside an IT block; we do not need to detect those here, because
12015 * what we do by default (perform the cc check and update the IT
12016 * bits state machine) is a permitted CONSTRAINED UNPREDICTABLE
12017 * choice for those situations.
12019 * insn is either a 16-bit or a 32-bit instruction; the two are
12020 * distinguishable because for the 16-bit case the top 16 bits
12021 * are zeroes, and that isn't a valid 32-bit encoding.
12023 if ((insn & 0xffffff00) == 0xbe00) {
12028 if ((insn & 0xffffffc0) == 0xba80 && arm_dc_feature(s, ARM_FEATURE_V8) &&
12029 !arm_dc_feature(s, ARM_FEATURE_M)) {
12030 /* HLT: v8A only. This is unconditional even when it is going to
12031 * UNDEF; see the v8A ARM ARM DDI0487B.a H3.3.
12032 * For v7 cores this was a plain old undefined encoding and so
12033 * honours its cc check. (We might be using the encoding as
12034 * a semihosting trap, but we don't change the cc check behaviour
12035 * on that account, because a debugger connected to a real v7A
12036 * core and emulating semihosting traps by catching the UNDEF
12037 * exception would also only see cases where the cc check passed.
12038 * No guest code should be trying to do a HLT semihosting trap
12039 * in an IT block anyway.
12044 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_V8) &&
12045 arm_dc_feature(s, ARM_FEATURE_M)) {
12053 static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
12055 DisasContext *dc = container_of(dcbase, DisasContext, base);
12056 CPUARMState *env = cpu->env_ptr;
12060 if (arm_pre_translate_insn(dc)) {
12064 dc->pc_curr = dc->base.pc_next;
12065 insn = arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b);
12066 is_16bit = thumb_insn_is_16bit(dc, dc->base.pc_next, insn);
12067 dc->base.pc_next += 2;
12069 uint32_t insn2 = arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b);
12071 insn = insn << 16 | insn2;
12072 dc->base.pc_next += 2;
12076 if (dc->condexec_mask && !thumb_insn_is_unconditional(dc, insn)) {
12077 uint32_t cond = dc->condexec_cond;
12080 * Conditionally skip the insn. Note that both 0xe and 0xf mean
12081 * "always"; 0xf is not "never".
12084 arm_skip_unless(dc, cond);
12089 disas_thumb_insn(dc, insn);
12091 disas_thumb2_insn(dc, insn);
12094 /* Advance the Thumb condexec condition. */
12095 if (dc->condexec_mask) {
12096 dc->condexec_cond = ((dc->condexec_cond & 0xe) |
12097 ((dc->condexec_mask >> 4) & 1));
12098 dc->condexec_mask = (dc->condexec_mask << 1) & 0x1f;
12099 if (dc->condexec_mask == 0) {
12100 dc->condexec_cond = 0;
12104 arm_post_translate_insn(dc);
12106 /* Thumb is a variable-length ISA. Stop translation when the next insn
12107 * will touch a new page. This ensures that prefetch aborts occur at
12110 * We want to stop the TB if the next insn starts in a new page,
12111 * or if it spans between this page and the next. This means that
12112 * if we're looking at the last halfword in the page we need to
12113 * see if it's a 16-bit Thumb insn (which will fit in this TB)
12114 * or a 32-bit Thumb insn (which won't).
12115 * This is to avoid generating a silly TB with a single 16-bit insn
12116 * in it at the end of this page (which would execute correctly
12117 * but isn't very efficient).
12119 if (dc->base.is_jmp == DISAS_NEXT
12120 && (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE
12121 || (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE - 3
12122 && insn_crosses_page(env, dc)))) {
12123 dc->base.is_jmp = DISAS_TOO_MANY;
12127 static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
12129 DisasContext *dc = container_of(dcbase, DisasContext, base);
12131 if (tb_cflags(dc->base.tb) & CF_LAST_IO && dc->condjmp) {
12132 /* FIXME: This can theoretically happen with self-modifying code. */
12133 cpu_abort(cpu, "IO on conditional branch instruction");
12136 /* At this stage dc->condjmp will only be set when the skipped
12137 instruction was a conditional branch or trap, and the PC has
12138 already been written. */
12139 gen_set_condexec(dc);
12140 if (dc->base.is_jmp == DISAS_BX_EXCRET) {
12141 /* Exception return branches need some special case code at the
12142 * end of the TB, which is complex enough that it has to
12143 * handle the single-step vs not and the condition-failed
12144 * insn codepath itself.
12146 gen_bx_excret_final_code(dc);
12147 } else if (unlikely(is_singlestepping(dc))) {
12148 /* Unconditional and "condition passed" instruction codepath. */
12149 switch (dc->base.is_jmp) {
12151 gen_ss_advance(dc);
12152 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
12153 default_exception_el(dc));
12156 gen_ss_advance(dc);
12157 gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
12160 gen_ss_advance(dc);
12161 gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
12164 case DISAS_TOO_MANY:
12166 gen_set_pc_im(dc, dc->base.pc_next);
12169 /* FIXME: Single stepping a WFI insn will not halt the CPU. */
12170 gen_singlestep_exception(dc);
12172 case DISAS_NORETURN:
12176 /* While branches must always occur at the end of an IT block,
12177 there are a few other things that can cause us to terminate
12178 the TB in the middle of an IT block:
12179 - Exception generating instructions (bkpt, swi, undefined).
12181 - Hardware watchpoints.
12182 Hardware breakpoints have already been handled and skip this code.
12184 switch(dc->base.is_jmp) {
12186 case DISAS_TOO_MANY:
12187 gen_goto_tb(dc, 1, dc->base.pc_next);
12193 gen_set_pc_im(dc, dc->base.pc_next);
12196 /* indicate that the hash table must be used to find the next TB */
12197 tcg_gen_exit_tb(NULL, 0);
12199 case DISAS_NORETURN:
12200 /* nothing more to generate */
12204 TCGv_i32 tmp = tcg_const_i32((dc->thumb &&
12205 !(dc->insn & (1U << 31))) ? 2 : 4);
12207 gen_helper_wfi(cpu_env, tmp);
12208 tcg_temp_free_i32(tmp);
12209 /* The helper doesn't necessarily throw an exception, but we
12210 * must go back to the main loop to check for interrupts anyway.
12212 tcg_gen_exit_tb(NULL, 0);
12216 gen_helper_wfe(cpu_env);
12219 gen_helper_yield(cpu_env);
12222 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
12223 default_exception_el(dc));
12226 gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
12229 gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
12235 /* "Condition failed" instruction codepath for the branch/trap insn */
12236 gen_set_label(dc->condlabel);
12237 gen_set_condexec(dc);
12238 if (unlikely(is_singlestepping(dc))) {
12239 gen_set_pc_im(dc, dc->base.pc_next);
12240 gen_singlestep_exception(dc);
12242 gen_goto_tb(dc, 1, dc->base.pc_next);
12247 static void arm_tr_disas_log(const DisasContextBase *dcbase, CPUState *cpu)
12249 DisasContext *dc = container_of(dcbase, DisasContext, base);
12251 qemu_log("IN: %s\n", lookup_symbol(dc->base.pc_first));
12252 log_target_disas(cpu, dc->base.pc_first, dc->base.tb->size);
12255 static const TranslatorOps arm_translator_ops = {
12256 .init_disas_context = arm_tr_init_disas_context,
12257 .tb_start = arm_tr_tb_start,
12258 .insn_start = arm_tr_insn_start,
12259 .breakpoint_check = arm_tr_breakpoint_check,
12260 .translate_insn = arm_tr_translate_insn,
12261 .tb_stop = arm_tr_tb_stop,
12262 .disas_log = arm_tr_disas_log,
12265 static const TranslatorOps thumb_translator_ops = {
12266 .init_disas_context = arm_tr_init_disas_context,
12267 .tb_start = arm_tr_tb_start,
12268 .insn_start = arm_tr_insn_start,
12269 .breakpoint_check = arm_tr_breakpoint_check,
12270 .translate_insn = thumb_tr_translate_insn,
12271 .tb_stop = arm_tr_tb_stop,
12272 .disas_log = arm_tr_disas_log,
12275 /* generate intermediate code for basic block 'tb'. */
12276 void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
12279 const TranslatorOps *ops = &arm_translator_ops;
12281 if (FIELD_EX32(tb->flags, TBFLAG_A32, THUMB)) {
12282 ops = &thumb_translator_ops;
12284 #ifdef TARGET_AARCH64
12285 if (FIELD_EX32(tb->flags, TBFLAG_ANY, AARCH64_STATE)) {
12286 ops = &aarch64_translator_ops;
12290 translator_loop(ops, &dc.base, cpu, tb, max_insns);
12293 void restore_state_to_opc(CPUARMState *env, TranslationBlock *tb,
12294 target_ulong *data)
12298 env->condexec_bits = 0;
12299 env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
12301 env->regs[15] = data[0];
12302 env->condexec_bits = data[1];
12303 env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
projects / qemu.git / blob