4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2005-2007 CodeSourcery
6 * Copyright (c) 2007 OpenedHand, Ltd.
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu/osdep.h"
24 #include "internals.h"
25 #include "disas/disas.h"
26 #include "exec/exec-all.h"
28 #include "tcg-op-gvec.h"
30 #include "qemu/bitops.h"
32 #include "exec/semihost.h"
34 #include "exec/helper-proto.h"
35 #include "exec/helper-gen.h"
37 #include "trace-tcg.h"
41 #define ENABLE_ARCH_4T arm_dc_feature(s, ARM_FEATURE_V4T)
42 #define ENABLE_ARCH_5 arm_dc_feature(s, ARM_FEATURE_V5)
43 /* currently all emulated v5 cores are also v5TE, so don't bother */
44 #define ENABLE_ARCH_5TE arm_dc_feature(s, ARM_FEATURE_V5)
45 #define ENABLE_ARCH_5J arm_dc_feature(s, ARM_FEATURE_JAZELLE)
46 #define ENABLE_ARCH_6 arm_dc_feature(s, ARM_FEATURE_V6)
47 #define ENABLE_ARCH_6K arm_dc_feature(s, ARM_FEATURE_V6K)
48 #define ENABLE_ARCH_6T2 arm_dc_feature(s, ARM_FEATURE_THUMB2)
49 #define ENABLE_ARCH_7 arm_dc_feature(s, ARM_FEATURE_V7)
50 #define ENABLE_ARCH_8 arm_dc_feature(s, ARM_FEATURE_V8)
52 #define ARCH(x) do { if (!ENABLE_ARCH_##x) goto illegal_op; } while(0)
54 #include "translate.h"
56 #if defined(CONFIG_USER_ONLY)
59 #define IS_USER(s) (s->user)
62 /* We reuse the same 64-bit temporaries for efficiency. */
63 static TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
64 static TCGv_i32 cpu_R[16];
65 TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF;
66 TCGv_i64 cpu_exclusive_addr;
67 TCGv_i64 cpu_exclusive_val;
69 /* FIXME: These should be removed. */
70 static TCGv_i32 cpu_F0s, cpu_F1s;
71 static TCGv_i64 cpu_F0d, cpu_F1d;
73 #include "exec/gen-icount.h"
75 static const char *regnames[] =
76 { "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
77 "r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" };
79 /* Function prototypes for gen_ functions calling Neon helpers. */
80 typedef void NeonGenThreeOpEnvFn(TCGv_i32, TCGv_env, TCGv_i32,
83 /* initialize TCG globals. */
84 void arm_translate_init(void)
88 for (i = 0; i < 16; i++) {
89 cpu_R[i] = tcg_global_mem_new_i32(cpu_env,
90 offsetof(CPUARMState, regs[i]),
93 cpu_CF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, CF), "CF");
94 cpu_NF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, NF), "NF");
95 cpu_VF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, VF), "VF");
96 cpu_ZF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, ZF), "ZF");
98 cpu_exclusive_addr = tcg_global_mem_new_i64(cpu_env,
99 offsetof(CPUARMState, exclusive_addr), "exclusive_addr");
100 cpu_exclusive_val = tcg_global_mem_new_i64(cpu_env,
101 offsetof(CPUARMState, exclusive_val), "exclusive_val");
103 a64_translate_init();
106 /* Flags for the disas_set_da_iss info argument:
107 * lower bits hold the Rt register number, higher bits are flags.
109 typedef enum ISSInfo {
112 ISSInvalid = (1 << 5),
113 ISSIsAcqRel = (1 << 6),
114 ISSIsWrite = (1 << 7),
115 ISSIs16Bit = (1 << 8),
118 /* Save the syndrome information for a Data Abort */
119 static void disas_set_da_iss(DisasContext *s, TCGMemOp memop, ISSInfo issinfo)
122 int sas = memop & MO_SIZE;
123 bool sse = memop & MO_SIGN;
124 bool is_acqrel = issinfo & ISSIsAcqRel;
125 bool is_write = issinfo & ISSIsWrite;
126 bool is_16bit = issinfo & ISSIs16Bit;
127 int srt = issinfo & ISSRegMask;
129 if (issinfo & ISSInvalid) {
130 /* Some callsites want to conditionally provide ISS info,
131 * eg "only if this was not a writeback"
137 /* For AArch32, insns where the src/dest is R15 never generate
138 * ISS information. Catching that here saves checking at all
144 syn = syn_data_abort_with_iss(0, sas, sse, srt, 0, is_acqrel,
145 0, 0, 0, is_write, 0, is_16bit);
146 disas_set_insn_syndrome(s, syn);
149 static inline int get_a32_user_mem_index(DisasContext *s)
151 /* Return the core mmu_idx to use for A32/T32 "unprivileged load/store"
153 * if PL2, UNPREDICTABLE (we choose to implement as if PL0)
154 * otherwise, access as if at PL0.
156 switch (s->mmu_idx) {
157 case ARMMMUIdx_S1E2: /* this one is UNPREDICTABLE */
158 case ARMMMUIdx_S12NSE0:
159 case ARMMMUIdx_S12NSE1:
160 return arm_to_core_mmu_idx(ARMMMUIdx_S12NSE0);
162 case ARMMMUIdx_S1SE0:
163 case ARMMMUIdx_S1SE1:
164 return arm_to_core_mmu_idx(ARMMMUIdx_S1SE0);
165 case ARMMMUIdx_MUser:
166 case ARMMMUIdx_MPriv:
167 return arm_to_core_mmu_idx(ARMMMUIdx_MUser);
168 case ARMMMUIdx_MUserNegPri:
169 case ARMMMUIdx_MPrivNegPri:
170 return arm_to_core_mmu_idx(ARMMMUIdx_MUserNegPri);
171 case ARMMMUIdx_MSUser:
172 case ARMMMUIdx_MSPriv:
173 return arm_to_core_mmu_idx(ARMMMUIdx_MSUser);
174 case ARMMMUIdx_MSUserNegPri:
175 case ARMMMUIdx_MSPrivNegPri:
176 return arm_to_core_mmu_idx(ARMMMUIdx_MSUserNegPri);
179 g_assert_not_reached();
183 static inline TCGv_i32 load_cpu_offset(int offset)
185 TCGv_i32 tmp = tcg_temp_new_i32();
186 tcg_gen_ld_i32(tmp, cpu_env, offset);
190 #define load_cpu_field(name) load_cpu_offset(offsetof(CPUARMState, name))
192 static inline void store_cpu_offset(TCGv_i32 var, int offset)
194 tcg_gen_st_i32(var, cpu_env, offset);
195 tcg_temp_free_i32(var);
198 #define store_cpu_field(var, name) \
199 store_cpu_offset(var, offsetof(CPUARMState, name))
201 /* Set a variable to the value of a CPU register. */
202 static void load_reg_var(DisasContext *s, TCGv_i32 var, int reg)
206 /* normally, since we updated PC, we need only to add one insn */
208 addr = (long)s->pc + 2;
210 addr = (long)s->pc + 4;
211 tcg_gen_movi_i32(var, addr);
213 tcg_gen_mov_i32(var, cpu_R[reg]);
217 /* Create a new temporary and set it to the value of a CPU register. */
218 static inline TCGv_i32 load_reg(DisasContext *s, int reg)
220 TCGv_i32 tmp = tcg_temp_new_i32();
221 load_reg_var(s, tmp, reg);
225 /* Set a CPU register. The source must be a temporary and will be
227 static void store_reg(DisasContext *s, int reg, TCGv_i32 var)
230 /* In Thumb mode, we must ignore bit 0.
231 * In ARM mode, for ARMv4 and ARMv5, it is UNPREDICTABLE if bits [1:0]
232 * are not 0b00, but for ARMv6 and above, we must ignore bits [1:0].
233 * We choose to ignore [1:0] in ARM mode for all architecture versions.
235 tcg_gen_andi_i32(var, var, s->thumb ? ~1 : ~3);
236 s->base.is_jmp = DISAS_JUMP;
238 tcg_gen_mov_i32(cpu_R[reg], var);
239 tcg_temp_free_i32(var);
243 * Variant of store_reg which applies v8M stack-limit checks before updating
244 * SP. If the check fails this will result in an exception being taken.
245 * We disable the stack checks for CONFIG_USER_ONLY because we have
246 * no idea what the stack limits should be in that case.
247 * If stack checking is not being done this just acts like store_reg().
249 static void store_sp_checked(DisasContext *s, TCGv_i32 var)
251 #ifndef CONFIG_USER_ONLY
252 if (s->v8m_stackcheck) {
253 gen_helper_v8m_stackcheck(cpu_env, var);
256 store_reg(s, 13, var);
259 /* Value extensions. */
260 #define gen_uxtb(var) tcg_gen_ext8u_i32(var, var)
261 #define gen_uxth(var) tcg_gen_ext16u_i32(var, var)
262 #define gen_sxtb(var) tcg_gen_ext8s_i32(var, var)
263 #define gen_sxth(var) tcg_gen_ext16s_i32(var, var)
265 #define gen_sxtb16(var) gen_helper_sxtb16(var, var)
266 #define gen_uxtb16(var) gen_helper_uxtb16(var, var)
269 static inline void gen_set_cpsr(TCGv_i32 var, uint32_t mask)
271 TCGv_i32 tmp_mask = tcg_const_i32(mask);
272 gen_helper_cpsr_write(cpu_env, var, tmp_mask);
273 tcg_temp_free_i32(tmp_mask);
275 /* Set NZCV flags from the high 4 bits of var. */
276 #define gen_set_nzcv(var) gen_set_cpsr(var, CPSR_NZCV)
278 static void gen_exception_internal(int excp)
280 TCGv_i32 tcg_excp = tcg_const_i32(excp);
282 assert(excp_is_internal(excp));
283 gen_helper_exception_internal(cpu_env, tcg_excp);
284 tcg_temp_free_i32(tcg_excp);
287 static void gen_exception(int excp, uint32_t syndrome, uint32_t target_el)
289 TCGv_i32 tcg_excp = tcg_const_i32(excp);
290 TCGv_i32 tcg_syn = tcg_const_i32(syndrome);
291 TCGv_i32 tcg_el = tcg_const_i32(target_el);
293 gen_helper_exception_with_syndrome(cpu_env, tcg_excp,
296 tcg_temp_free_i32(tcg_el);
297 tcg_temp_free_i32(tcg_syn);
298 tcg_temp_free_i32(tcg_excp);
301 static void gen_ss_advance(DisasContext *s)
303 /* If the singlestep state is Active-not-pending, advance to
308 gen_helper_clear_pstate_ss(cpu_env);
312 static void gen_step_complete_exception(DisasContext *s)
314 /* We just completed step of an insn. Move from Active-not-pending
315 * to Active-pending, and then also take the swstep exception.
316 * This corresponds to making the (IMPDEF) choice to prioritize
317 * swstep exceptions over asynchronous exceptions taken to an exception
318 * level where debug is disabled. This choice has the advantage that
319 * we do not need to maintain internal state corresponding to the
320 * ISV/EX syndrome bits between completion of the step and generation
321 * of the exception, and our syndrome information is always correct.
324 gen_exception(EXCP_UDEF, syn_swstep(s->ss_same_el, 1, s->is_ldex),
325 default_exception_el(s));
326 s->base.is_jmp = DISAS_NORETURN;
329 static void gen_singlestep_exception(DisasContext *s)
331 /* Generate the right kind of exception for singlestep, which is
332 * either the architectural singlestep or EXCP_DEBUG for QEMU's
333 * gdb singlestepping.
336 gen_step_complete_exception(s);
338 gen_exception_internal(EXCP_DEBUG);
342 static inline bool is_singlestepping(DisasContext *s)
344 /* Return true if we are singlestepping either because of
345 * architectural singlestep or QEMU gdbstub singlestep. This does
346 * not include the command line '-singlestep' mode which is rather
347 * misnamed as it only means "one instruction per TB" and doesn't
348 * affect the code we generate.
350 return s->base.singlestep_enabled || s->ss_active;
353 static void gen_smul_dual(TCGv_i32 a, TCGv_i32 b)
355 TCGv_i32 tmp1 = tcg_temp_new_i32();
356 TCGv_i32 tmp2 = tcg_temp_new_i32();
357 tcg_gen_ext16s_i32(tmp1, a);
358 tcg_gen_ext16s_i32(tmp2, b);
359 tcg_gen_mul_i32(tmp1, tmp1, tmp2);
360 tcg_temp_free_i32(tmp2);
361 tcg_gen_sari_i32(a, a, 16);
362 tcg_gen_sari_i32(b, b, 16);
363 tcg_gen_mul_i32(b, b, a);
364 tcg_gen_mov_i32(a, tmp1);
365 tcg_temp_free_i32(tmp1);
368 /* Byteswap each halfword. */
369 static void gen_rev16(TCGv_i32 var)
371 TCGv_i32 tmp = tcg_temp_new_i32();
372 TCGv_i32 mask = tcg_const_i32(0x00ff00ff);
373 tcg_gen_shri_i32(tmp, var, 8);
374 tcg_gen_and_i32(tmp, tmp, mask);
375 tcg_gen_and_i32(var, var, mask);
376 tcg_gen_shli_i32(var, var, 8);
377 tcg_gen_or_i32(var, var, tmp);
378 tcg_temp_free_i32(mask);
379 tcg_temp_free_i32(tmp);
382 /* Byteswap low halfword and sign extend. */
383 static void gen_revsh(TCGv_i32 var)
385 tcg_gen_ext16u_i32(var, var);
386 tcg_gen_bswap16_i32(var, var);
387 tcg_gen_ext16s_i32(var, var);
390 /* Return (b << 32) + a. Mark inputs as dead */
391 static TCGv_i64 gen_addq_msw(TCGv_i64 a, TCGv_i32 b)
393 TCGv_i64 tmp64 = tcg_temp_new_i64();
395 tcg_gen_extu_i32_i64(tmp64, b);
396 tcg_temp_free_i32(b);
397 tcg_gen_shli_i64(tmp64, tmp64, 32);
398 tcg_gen_add_i64(a, tmp64, a);
400 tcg_temp_free_i64(tmp64);
404 /* Return (b << 32) - a. Mark inputs as dead. */
405 static TCGv_i64 gen_subq_msw(TCGv_i64 a, TCGv_i32 b)
407 TCGv_i64 tmp64 = tcg_temp_new_i64();
409 tcg_gen_extu_i32_i64(tmp64, b);
410 tcg_temp_free_i32(b);
411 tcg_gen_shli_i64(tmp64, tmp64, 32);
412 tcg_gen_sub_i64(a, tmp64, a);
414 tcg_temp_free_i64(tmp64);
418 /* 32x32->64 multiply. Marks inputs as dead. */
419 static TCGv_i64 gen_mulu_i64_i32(TCGv_i32 a, TCGv_i32 b)
421 TCGv_i32 lo = tcg_temp_new_i32();
422 TCGv_i32 hi = tcg_temp_new_i32();
425 tcg_gen_mulu2_i32(lo, hi, a, b);
426 tcg_temp_free_i32(a);
427 tcg_temp_free_i32(b);
429 ret = tcg_temp_new_i64();
430 tcg_gen_concat_i32_i64(ret, lo, hi);
431 tcg_temp_free_i32(lo);
432 tcg_temp_free_i32(hi);
437 static TCGv_i64 gen_muls_i64_i32(TCGv_i32 a, TCGv_i32 b)
439 TCGv_i32 lo = tcg_temp_new_i32();
440 TCGv_i32 hi = tcg_temp_new_i32();
443 tcg_gen_muls2_i32(lo, hi, a, b);
444 tcg_temp_free_i32(a);
445 tcg_temp_free_i32(b);
447 ret = tcg_temp_new_i64();
448 tcg_gen_concat_i32_i64(ret, lo, hi);
449 tcg_temp_free_i32(lo);
450 tcg_temp_free_i32(hi);
455 /* Swap low and high halfwords. */
456 static void gen_swap_half(TCGv_i32 var)
458 TCGv_i32 tmp = tcg_temp_new_i32();
459 tcg_gen_shri_i32(tmp, var, 16);
460 tcg_gen_shli_i32(var, var, 16);
461 tcg_gen_or_i32(var, var, tmp);
462 tcg_temp_free_i32(tmp);
465 /* Dual 16-bit add. Result placed in t0 and t1 is marked as dead.
466 tmp = (t0 ^ t1) & 0x8000;
469 t0 = (t0 + t1) ^ tmp;
472 static void gen_add16(TCGv_i32 t0, TCGv_i32 t1)
474 TCGv_i32 tmp = tcg_temp_new_i32();
475 tcg_gen_xor_i32(tmp, t0, t1);
476 tcg_gen_andi_i32(tmp, tmp, 0x8000);
477 tcg_gen_andi_i32(t0, t0, ~0x8000);
478 tcg_gen_andi_i32(t1, t1, ~0x8000);
479 tcg_gen_add_i32(t0, t0, t1);
480 tcg_gen_xor_i32(t0, t0, tmp);
481 tcg_temp_free_i32(tmp);
482 tcg_temp_free_i32(t1);
485 /* Set CF to the top bit of var. */
486 static void gen_set_CF_bit31(TCGv_i32 var)
488 tcg_gen_shri_i32(cpu_CF, var, 31);
491 /* Set N and Z flags from var. */
492 static inline void gen_logic_CC(TCGv_i32 var)
494 tcg_gen_mov_i32(cpu_NF, var);
495 tcg_gen_mov_i32(cpu_ZF, var);
499 static void gen_adc(TCGv_i32 t0, TCGv_i32 t1)
501 tcg_gen_add_i32(t0, t0, t1);
502 tcg_gen_add_i32(t0, t0, cpu_CF);
505 /* dest = T0 + T1 + CF. */
506 static void gen_add_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
508 tcg_gen_add_i32(dest, t0, t1);
509 tcg_gen_add_i32(dest, dest, cpu_CF);
512 /* dest = T0 - T1 + CF - 1. */
513 static void gen_sub_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
515 tcg_gen_sub_i32(dest, t0, t1);
516 tcg_gen_add_i32(dest, dest, cpu_CF);
517 tcg_gen_subi_i32(dest, dest, 1);
520 /* dest = T0 + T1. Compute C, N, V and Z flags */
521 static void gen_add_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
523 TCGv_i32 tmp = tcg_temp_new_i32();
524 tcg_gen_movi_i32(tmp, 0);
525 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, t1, tmp);
526 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
527 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
528 tcg_gen_xor_i32(tmp, t0, t1);
529 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
530 tcg_temp_free_i32(tmp);
531 tcg_gen_mov_i32(dest, cpu_NF);
534 /* dest = T0 + T1 + CF. Compute C, N, V and Z flags */
535 static void gen_adc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
537 TCGv_i32 tmp = tcg_temp_new_i32();
538 if (TCG_TARGET_HAS_add2_i32) {
539 tcg_gen_movi_i32(tmp, 0);
540 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, cpu_CF, tmp);
541 tcg_gen_add2_i32(cpu_NF, cpu_CF, cpu_NF, cpu_CF, t1, tmp);
543 TCGv_i64 q0 = tcg_temp_new_i64();
544 TCGv_i64 q1 = tcg_temp_new_i64();
545 tcg_gen_extu_i32_i64(q0, t0);
546 tcg_gen_extu_i32_i64(q1, t1);
547 tcg_gen_add_i64(q0, q0, q1);
548 tcg_gen_extu_i32_i64(q1, cpu_CF);
549 tcg_gen_add_i64(q0, q0, q1);
550 tcg_gen_extr_i64_i32(cpu_NF, cpu_CF, q0);
551 tcg_temp_free_i64(q0);
552 tcg_temp_free_i64(q1);
554 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
555 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
556 tcg_gen_xor_i32(tmp, t0, t1);
557 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
558 tcg_temp_free_i32(tmp);
559 tcg_gen_mov_i32(dest, cpu_NF);
562 /* dest = T0 - T1. Compute C, N, V and Z flags */
563 static void gen_sub_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
566 tcg_gen_sub_i32(cpu_NF, t0, t1);
567 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
568 tcg_gen_setcond_i32(TCG_COND_GEU, cpu_CF, t0, t1);
569 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
570 tmp = tcg_temp_new_i32();
571 tcg_gen_xor_i32(tmp, t0, t1);
572 tcg_gen_and_i32(cpu_VF, cpu_VF, tmp);
573 tcg_temp_free_i32(tmp);
574 tcg_gen_mov_i32(dest, cpu_NF);
577 /* dest = T0 + ~T1 + CF. Compute C, N, V and Z flags */
578 static void gen_sbc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
580 TCGv_i32 tmp = tcg_temp_new_i32();
581 tcg_gen_not_i32(tmp, t1);
582 gen_adc_CC(dest, t0, tmp);
583 tcg_temp_free_i32(tmp);
586 #define GEN_SHIFT(name) \
587 static void gen_##name(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) \
589 TCGv_i32 tmp1, tmp2, tmp3; \
590 tmp1 = tcg_temp_new_i32(); \
591 tcg_gen_andi_i32(tmp1, t1, 0xff); \
592 tmp2 = tcg_const_i32(0); \
593 tmp3 = tcg_const_i32(0x1f); \
594 tcg_gen_movcond_i32(TCG_COND_GTU, tmp2, tmp1, tmp3, tmp2, t0); \
595 tcg_temp_free_i32(tmp3); \
596 tcg_gen_andi_i32(tmp1, tmp1, 0x1f); \
597 tcg_gen_##name##_i32(dest, tmp2, tmp1); \
598 tcg_temp_free_i32(tmp2); \
599 tcg_temp_free_i32(tmp1); \
605 static void gen_sar(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
608 tmp1 = tcg_temp_new_i32();
609 tcg_gen_andi_i32(tmp1, t1, 0xff);
610 tmp2 = tcg_const_i32(0x1f);
611 tcg_gen_movcond_i32(TCG_COND_GTU, tmp1, tmp1, tmp2, tmp2, tmp1);
612 tcg_temp_free_i32(tmp2);
613 tcg_gen_sar_i32(dest, t0, tmp1);
614 tcg_temp_free_i32(tmp1);
617 static void tcg_gen_abs_i32(TCGv_i32 dest, TCGv_i32 src)
619 TCGv_i32 c0 = tcg_const_i32(0);
620 TCGv_i32 tmp = tcg_temp_new_i32();
621 tcg_gen_neg_i32(tmp, src);
622 tcg_gen_movcond_i32(TCG_COND_GT, dest, src, c0, src, tmp);
623 tcg_temp_free_i32(c0);
624 tcg_temp_free_i32(tmp);
627 static void shifter_out_im(TCGv_i32 var, int shift)
630 tcg_gen_andi_i32(cpu_CF, var, 1);
632 tcg_gen_shri_i32(cpu_CF, var, shift);
634 tcg_gen_andi_i32(cpu_CF, cpu_CF, 1);
639 /* Shift by immediate. Includes special handling for shift == 0. */
640 static inline void gen_arm_shift_im(TCGv_i32 var, int shiftop,
641 int shift, int flags)
647 shifter_out_im(var, 32 - shift);
648 tcg_gen_shli_i32(var, var, shift);
654 tcg_gen_shri_i32(cpu_CF, var, 31);
656 tcg_gen_movi_i32(var, 0);
659 shifter_out_im(var, shift - 1);
660 tcg_gen_shri_i32(var, var, shift);
667 shifter_out_im(var, shift - 1);
670 tcg_gen_sari_i32(var, var, shift);
672 case 3: /* ROR/RRX */
675 shifter_out_im(var, shift - 1);
676 tcg_gen_rotri_i32(var, var, shift); break;
678 TCGv_i32 tmp = tcg_temp_new_i32();
679 tcg_gen_shli_i32(tmp, cpu_CF, 31);
681 shifter_out_im(var, 0);
682 tcg_gen_shri_i32(var, var, 1);
683 tcg_gen_or_i32(var, var, tmp);
684 tcg_temp_free_i32(tmp);
689 static inline void gen_arm_shift_reg(TCGv_i32 var, int shiftop,
690 TCGv_i32 shift, int flags)
694 case 0: gen_helper_shl_cc(var, cpu_env, var, shift); break;
695 case 1: gen_helper_shr_cc(var, cpu_env, var, shift); break;
696 case 2: gen_helper_sar_cc(var, cpu_env, var, shift); break;
697 case 3: gen_helper_ror_cc(var, cpu_env, var, shift); break;
702 gen_shl(var, var, shift);
705 gen_shr(var, var, shift);
708 gen_sar(var, var, shift);
710 case 3: tcg_gen_andi_i32(shift, shift, 0x1f);
711 tcg_gen_rotr_i32(var, var, shift); break;
714 tcg_temp_free_i32(shift);
717 #define PAS_OP(pfx) \
719 case 0: gen_pas_helper(glue(pfx,add16)); break; \
720 case 1: gen_pas_helper(glue(pfx,addsubx)); break; \
721 case 2: gen_pas_helper(glue(pfx,subaddx)); break; \
722 case 3: gen_pas_helper(glue(pfx,sub16)); break; \
723 case 4: gen_pas_helper(glue(pfx,add8)); break; \
724 case 7: gen_pas_helper(glue(pfx,sub8)); break; \
726 static void gen_arm_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
731 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
733 tmp = tcg_temp_new_ptr();
734 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
736 tcg_temp_free_ptr(tmp);
739 tmp = tcg_temp_new_ptr();
740 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
742 tcg_temp_free_ptr(tmp);
744 #undef gen_pas_helper
745 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
758 #undef gen_pas_helper
763 /* For unknown reasons Arm and Thumb-2 use arbitrarily different encodings. */
764 #define PAS_OP(pfx) \
766 case 0: gen_pas_helper(glue(pfx,add8)); break; \
767 case 1: gen_pas_helper(glue(pfx,add16)); break; \
768 case 2: gen_pas_helper(glue(pfx,addsubx)); break; \
769 case 4: gen_pas_helper(glue(pfx,sub8)); break; \
770 case 5: gen_pas_helper(glue(pfx,sub16)); break; \
771 case 6: gen_pas_helper(glue(pfx,subaddx)); break; \
773 static void gen_thumb2_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
778 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
780 tmp = tcg_temp_new_ptr();
781 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
783 tcg_temp_free_ptr(tmp);
786 tmp = tcg_temp_new_ptr();
787 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
789 tcg_temp_free_ptr(tmp);
791 #undef gen_pas_helper
792 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
805 #undef gen_pas_helper
811 * Generate a conditional based on ARM condition code cc.
812 * This is common between ARM and Aarch64 targets.
814 void arm_test_cc(DisasCompare *cmp, int cc)
845 case 8: /* hi: C && !Z */
846 case 9: /* ls: !C || Z -> !(C && !Z) */
848 value = tcg_temp_new_i32();
850 /* CF is 1 for C, so -CF is an all-bits-set mask for C;
851 ZF is non-zero for !Z; so AND the two subexpressions. */
852 tcg_gen_neg_i32(value, cpu_CF);
853 tcg_gen_and_i32(value, value, cpu_ZF);
856 case 10: /* ge: N == V -> N ^ V == 0 */
857 case 11: /* lt: N != V -> N ^ V != 0 */
858 /* Since we're only interested in the sign bit, == 0 is >= 0. */
860 value = tcg_temp_new_i32();
862 tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
865 case 12: /* gt: !Z && N == V */
866 case 13: /* le: Z || N != V */
868 value = tcg_temp_new_i32();
870 /* (N == V) is equal to the sign bit of ~(NF ^ VF). Propagate
871 * the sign bit then AND with ZF to yield the result. */
872 tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
873 tcg_gen_sari_i32(value, value, 31);
874 tcg_gen_andc_i32(value, cpu_ZF, value);
877 case 14: /* always */
878 case 15: /* always */
879 /* Use the ALWAYS condition, which will fold early.
880 * It doesn't matter what we use for the value. */
881 cond = TCG_COND_ALWAYS;
886 fprintf(stderr, "Bad condition code 0x%x\n", cc);
891 cond = tcg_invert_cond(cond);
897 cmp->value_global = global;
900 void arm_free_cc(DisasCompare *cmp)
902 if (!cmp->value_global) {
903 tcg_temp_free_i32(cmp->value);
907 void arm_jump_cc(DisasCompare *cmp, TCGLabel *label)
909 tcg_gen_brcondi_i32(cmp->cond, cmp->value, 0, label);
912 void arm_gen_test_cc(int cc, TCGLabel *label)
915 arm_test_cc(&cmp, cc);
916 arm_jump_cc(&cmp, label);
920 static const uint8_t table_logic_cc[16] = {
939 static inline void gen_set_condexec(DisasContext *s)
941 if (s->condexec_mask) {
942 uint32_t val = (s->condexec_cond << 4) | (s->condexec_mask >> 1);
943 TCGv_i32 tmp = tcg_temp_new_i32();
944 tcg_gen_movi_i32(tmp, val);
945 store_cpu_field(tmp, condexec_bits);
949 static inline void gen_set_pc_im(DisasContext *s, target_ulong val)
951 tcg_gen_movi_i32(cpu_R[15], val);
954 /* Set PC and Thumb state from an immediate address. */
955 static inline void gen_bx_im(DisasContext *s, uint32_t addr)
959 s->base.is_jmp = DISAS_JUMP;
960 if (s->thumb != (addr & 1)) {
961 tmp = tcg_temp_new_i32();
962 tcg_gen_movi_i32(tmp, addr & 1);
963 tcg_gen_st_i32(tmp, cpu_env, offsetof(CPUARMState, thumb));
964 tcg_temp_free_i32(tmp);
966 tcg_gen_movi_i32(cpu_R[15], addr & ~1);
969 /* Set PC and Thumb state from var. var is marked as dead. */
970 static inline void gen_bx(DisasContext *s, TCGv_i32 var)
972 s->base.is_jmp = DISAS_JUMP;
973 tcg_gen_andi_i32(cpu_R[15], var, ~1);
974 tcg_gen_andi_i32(var, var, 1);
975 store_cpu_field(var, thumb);
978 /* Set PC and Thumb state from var. var is marked as dead.
979 * For M-profile CPUs, include logic to detect exception-return
980 * branches and handle them. This is needed for Thumb POP/LDM to PC, LDR to PC,
981 * and BX reg, and no others, and happens only for code in Handler mode.
983 static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
985 /* Generate the same code here as for a simple bx, but flag via
986 * s->base.is_jmp that we need to do the rest of the work later.
989 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY) ||
990 (s->v7m_handler_mode && arm_dc_feature(s, ARM_FEATURE_M))) {
991 s->base.is_jmp = DISAS_BX_EXCRET;
995 static inline void gen_bx_excret_final_code(DisasContext *s)
997 /* Generate the code to finish possible exception return and end the TB */
998 TCGLabel *excret_label = gen_new_label();
1001 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY)) {
1002 /* Covers FNC_RETURN and EXC_RETURN magic */
1003 min_magic = FNC_RETURN_MIN_MAGIC;
1005 /* EXC_RETURN magic only */
1006 min_magic = EXC_RETURN_MIN_MAGIC;
1009 /* Is the new PC value in the magic range indicating exception return? */
1010 tcg_gen_brcondi_i32(TCG_COND_GEU, cpu_R[15], min_magic, excret_label);
1011 /* No: end the TB as we would for a DISAS_JMP */
1012 if (is_singlestepping(s)) {
1013 gen_singlestep_exception(s);
1015 tcg_gen_exit_tb(NULL, 0);
1017 gen_set_label(excret_label);
1018 /* Yes: this is an exception return.
1019 * At this point in runtime env->regs[15] and env->thumb will hold
1020 * the exception-return magic number, which do_v7m_exception_exit()
1021 * will read. Nothing else will be able to see those values because
1022 * the cpu-exec main loop guarantees that we will always go straight
1023 * from raising the exception to the exception-handling code.
1025 * gen_ss_advance(s) does nothing on M profile currently but
1026 * calling it is conceptually the right thing as we have executed
1027 * this instruction (compare SWI, HVC, SMC handling).
1030 gen_exception_internal(EXCP_EXCEPTION_EXIT);
1033 static inline void gen_bxns(DisasContext *s, int rm)
1035 TCGv_i32 var = load_reg(s, rm);
1037 /* The bxns helper may raise an EXCEPTION_EXIT exception, so in theory
1038 * we need to sync state before calling it, but:
1039 * - we don't need to do gen_set_pc_im() because the bxns helper will
1040 * always set the PC itself
1041 * - we don't need to do gen_set_condexec() because BXNS is UNPREDICTABLE
1042 * unless it's outside an IT block or the last insn in an IT block,
1043 * so we know that condexec == 0 (already set at the top of the TB)
1044 * is correct in the non-UNPREDICTABLE cases, and we can choose
1045 * "zeroes the IT bits" as our UNPREDICTABLE behaviour otherwise.
1047 gen_helper_v7m_bxns(cpu_env, var);
1048 tcg_temp_free_i32(var);
1049 s->base.is_jmp = DISAS_EXIT;
1052 static inline void gen_blxns(DisasContext *s, int rm)
1054 TCGv_i32 var = load_reg(s, rm);
1056 /* We don't need to sync condexec state, for the same reason as bxns.
1057 * We do however need to set the PC, because the blxns helper reads it.
1058 * The blxns helper may throw an exception.
1060 gen_set_pc_im(s, s->pc);
1061 gen_helper_v7m_blxns(cpu_env, var);
1062 tcg_temp_free_i32(var);
1063 s->base.is_jmp = DISAS_EXIT;
1066 /* Variant of store_reg which uses branch&exchange logic when storing
1067 to r15 in ARM architecture v7 and above. The source must be a temporary
1068 and will be marked as dead. */
1069 static inline void store_reg_bx(DisasContext *s, int reg, TCGv_i32 var)
1071 if (reg == 15 && ENABLE_ARCH_7) {
1074 store_reg(s, reg, var);
1078 /* Variant of store_reg which uses branch&exchange logic when storing
1079 * to r15 in ARM architecture v5T and above. This is used for storing
1080 * the results of a LDR/LDM/POP into r15, and corresponds to the cases
1081 * in the ARM ARM which use the LoadWritePC() pseudocode function. */
1082 static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
1084 if (reg == 15 && ENABLE_ARCH_5) {
1085 gen_bx_excret(s, var);
1087 store_reg(s, reg, var);
1091 #ifdef CONFIG_USER_ONLY
1092 #define IS_USER_ONLY 1
1094 #define IS_USER_ONLY 0
1097 /* Abstractions of "generate code to do a guest load/store for
1098 * AArch32", where a vaddr is always 32 bits (and is zero
1099 * extended if we're a 64 bit core) and data is also
1100 * 32 bits unless specifically doing a 64 bit access.
1101 * These functions work like tcg_gen_qemu_{ld,st}* except
1102 * that the address argument is TCGv_i32 rather than TCGv.
1105 static inline TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, TCGMemOp op)
1107 TCGv addr = tcg_temp_new();
1108 tcg_gen_extu_i32_tl(addr, a32);
1110 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1111 if (!IS_USER_ONLY && s->sctlr_b && (op & MO_SIZE) < MO_32) {
1112 tcg_gen_xori_tl(addr, addr, 4 - (1 << (op & MO_SIZE)));
1117 static void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
1118 int index, TCGMemOp opc)
1122 if (arm_dc_feature(s, ARM_FEATURE_M) &&
1123 !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
1127 addr = gen_aa32_addr(s, a32, opc);
1128 tcg_gen_qemu_ld_i32(val, addr, index, opc);
1129 tcg_temp_free(addr);
1132 static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
1133 int index, TCGMemOp opc)
1137 if (arm_dc_feature(s, ARM_FEATURE_M) &&
1138 !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
1142 addr = gen_aa32_addr(s, a32, opc);
1143 tcg_gen_qemu_st_i32(val, addr, index, opc);
1144 tcg_temp_free(addr);
1147 #define DO_GEN_LD(SUFF, OPC) \
1148 static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val, \
1149 TCGv_i32 a32, int index) \
1151 gen_aa32_ld_i32(s, val, a32, index, OPC | s->be_data); \
1153 static inline void gen_aa32_ld##SUFF##_iss(DisasContext *s, \
1155 TCGv_i32 a32, int index, \
1158 gen_aa32_ld##SUFF(s, val, a32, index); \
1159 disas_set_da_iss(s, OPC, issinfo); \
1162 #define DO_GEN_ST(SUFF, OPC) \
1163 static inline void gen_aa32_st##SUFF(DisasContext *s, TCGv_i32 val, \
1164 TCGv_i32 a32, int index) \
1166 gen_aa32_st_i32(s, val, a32, index, OPC | s->be_data); \
1168 static inline void gen_aa32_st##SUFF##_iss(DisasContext *s, \
1170 TCGv_i32 a32, int index, \
1173 gen_aa32_st##SUFF(s, val, a32, index); \
1174 disas_set_da_iss(s, OPC, issinfo | ISSIsWrite); \
1177 static inline void gen_aa32_frob64(DisasContext *s, TCGv_i64 val)
1179 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1180 if (!IS_USER_ONLY && s->sctlr_b) {
1181 tcg_gen_rotri_i64(val, val, 32);
1185 static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
1186 int index, TCGMemOp opc)
1188 TCGv addr = gen_aa32_addr(s, a32, opc);
1189 tcg_gen_qemu_ld_i64(val, addr, index, opc);
1190 gen_aa32_frob64(s, val);
1191 tcg_temp_free(addr);
1194 static inline void gen_aa32_ld64(DisasContext *s, TCGv_i64 val,
1195 TCGv_i32 a32, int index)
1197 gen_aa32_ld_i64(s, val, a32, index, MO_Q | s->be_data);
1200 static void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
1201 int index, TCGMemOp opc)
1203 TCGv addr = gen_aa32_addr(s, a32, opc);
1205 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1206 if (!IS_USER_ONLY && s->sctlr_b) {
1207 TCGv_i64 tmp = tcg_temp_new_i64();
1208 tcg_gen_rotri_i64(tmp, val, 32);
1209 tcg_gen_qemu_st_i64(tmp, addr, index, opc);
1210 tcg_temp_free_i64(tmp);
1212 tcg_gen_qemu_st_i64(val, addr, index, opc);
1214 tcg_temp_free(addr);
1217 static inline void gen_aa32_st64(DisasContext *s, TCGv_i64 val,
1218 TCGv_i32 a32, int index)
1220 gen_aa32_st_i64(s, val, a32, index, MO_Q | s->be_data);
1223 DO_GEN_LD(8s, MO_SB)
1224 DO_GEN_LD(8u, MO_UB)
1225 DO_GEN_LD(16s, MO_SW)
1226 DO_GEN_LD(16u, MO_UW)
1227 DO_GEN_LD(32u, MO_UL)
1229 DO_GEN_ST(16, MO_UW)
1230 DO_GEN_ST(32, MO_UL)
1232 static inline void gen_hvc(DisasContext *s, int imm16)
1234 /* The pre HVC helper handles cases when HVC gets trapped
1235 * as an undefined insn by runtime configuration (ie before
1236 * the insn really executes).
1238 gen_set_pc_im(s, s->pc - 4);
1239 gen_helper_pre_hvc(cpu_env);
1240 /* Otherwise we will treat this as a real exception which
1241 * happens after execution of the insn. (The distinction matters
1242 * for the PC value reported to the exception handler and also
1243 * for single stepping.)
1246 gen_set_pc_im(s, s->pc);
1247 s->base.is_jmp = DISAS_HVC;
1250 static inline void gen_smc(DisasContext *s)
1252 /* As with HVC, we may take an exception either before or after
1253 * the insn executes.
1257 gen_set_pc_im(s, s->pc - 4);
1258 tmp = tcg_const_i32(syn_aa32_smc());
1259 gen_helper_pre_smc(cpu_env, tmp);
1260 tcg_temp_free_i32(tmp);
1261 gen_set_pc_im(s, s->pc);
1262 s->base.is_jmp = DISAS_SMC;
1265 static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
1267 gen_set_condexec(s);
1268 gen_set_pc_im(s, s->pc - offset);
1269 gen_exception_internal(excp);
1270 s->base.is_jmp = DISAS_NORETURN;
1273 static void gen_exception_insn(DisasContext *s, int offset, int excp,
1274 int syn, uint32_t target_el)
1276 gen_set_condexec(s);
1277 gen_set_pc_im(s, s->pc - offset);
1278 gen_exception(excp, syn, target_el);
1279 s->base.is_jmp = DISAS_NORETURN;
1282 static void gen_exception_bkpt_insn(DisasContext *s, int offset, uint32_t syn)
1286 gen_set_condexec(s);
1287 gen_set_pc_im(s, s->pc - offset);
1288 tcg_syn = tcg_const_i32(syn);
1289 gen_helper_exception_bkpt_insn(cpu_env, tcg_syn);
1290 tcg_temp_free_i32(tcg_syn);
1291 s->base.is_jmp = DISAS_NORETURN;
1294 /* Force a TB lookup after an instruction that changes the CPU state. */
1295 static inline void gen_lookup_tb(DisasContext *s)
1297 tcg_gen_movi_i32(cpu_R[15], s->pc & ~1);
1298 s->base.is_jmp = DISAS_EXIT;
1301 static inline void gen_hlt(DisasContext *s, int imm)
1303 /* HLT. This has two purposes.
1304 * Architecturally, it is an external halting debug instruction.
1305 * Since QEMU doesn't implement external debug, we treat this as
1306 * it is required for halting debug disabled: it will UNDEF.
1307 * Secondly, "HLT 0x3C" is a T32 semihosting trap instruction,
1308 * and "HLT 0xF000" is an A32 semihosting syscall. These traps
1309 * must trigger semihosting even for ARMv7 and earlier, where
1310 * HLT was an undefined encoding.
1311 * In system mode, we don't allow userspace access to
1312 * semihosting, to provide some semblance of security
1313 * (and for consistency with our 32-bit semihosting).
1315 if (semihosting_enabled() &&
1316 #ifndef CONFIG_USER_ONLY
1317 s->current_el != 0 &&
1319 (imm == (s->thumb ? 0x3c : 0xf000))) {
1320 gen_exception_internal_insn(s, 0, EXCP_SEMIHOST);
1324 gen_exception_insn(s, s->thumb ? 2 : 4, EXCP_UDEF, syn_uncategorized(),
1325 default_exception_el(s));
1328 static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
1331 int val, rm, shift, shiftop;
1334 if (!(insn & (1 << 25))) {
1337 if (!(insn & (1 << 23)))
1340 tcg_gen_addi_i32(var, var, val);
1342 /* shift/register */
1344 shift = (insn >> 7) & 0x1f;
1345 shiftop = (insn >> 5) & 3;
1346 offset = load_reg(s, rm);
1347 gen_arm_shift_im(offset, shiftop, shift, 0);
1348 if (!(insn & (1 << 23)))
1349 tcg_gen_sub_i32(var, var, offset);
1351 tcg_gen_add_i32(var, var, offset);
1352 tcg_temp_free_i32(offset);
1356 static inline void gen_add_datah_offset(DisasContext *s, unsigned int insn,
1357 int extra, TCGv_i32 var)
1362 if (insn & (1 << 22)) {
1364 val = (insn & 0xf) | ((insn >> 4) & 0xf0);
1365 if (!(insn & (1 << 23)))
1369 tcg_gen_addi_i32(var, var, val);
1373 tcg_gen_addi_i32(var, var, extra);
1375 offset = load_reg(s, rm);
1376 if (!(insn & (1 << 23)))
1377 tcg_gen_sub_i32(var, var, offset);
1379 tcg_gen_add_i32(var, var, offset);
1380 tcg_temp_free_i32(offset);
1384 static TCGv_ptr get_fpstatus_ptr(int neon)
1386 TCGv_ptr statusptr = tcg_temp_new_ptr();
1389 offset = offsetof(CPUARMState, vfp.standard_fp_status);
1391 offset = offsetof(CPUARMState, vfp.fp_status);
1393 tcg_gen_addi_ptr(statusptr, cpu_env, offset);
1397 #define VFP_OP2(name) \
1398 static inline void gen_vfp_##name(int dp) \
1400 TCGv_ptr fpst = get_fpstatus_ptr(0); \
1402 gen_helper_vfp_##name##d(cpu_F0d, cpu_F0d, cpu_F1d, fpst); \
1404 gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, cpu_F1s, fpst); \
1406 tcg_temp_free_ptr(fpst); \
1416 static inline void gen_vfp_F1_mul(int dp)
1418 /* Like gen_vfp_mul() but put result in F1 */
1419 TCGv_ptr fpst = get_fpstatus_ptr(0);
1421 gen_helper_vfp_muld(cpu_F1d, cpu_F0d, cpu_F1d, fpst);
1423 gen_helper_vfp_muls(cpu_F1s, cpu_F0s, cpu_F1s, fpst);
1425 tcg_temp_free_ptr(fpst);
1428 static inline void gen_vfp_F1_neg(int dp)
1430 /* Like gen_vfp_neg() but put result in F1 */
1432 gen_helper_vfp_negd(cpu_F1d, cpu_F0d);
1434 gen_helper_vfp_negs(cpu_F1s, cpu_F0s);
1438 static inline void gen_vfp_abs(int dp)
1441 gen_helper_vfp_absd(cpu_F0d, cpu_F0d);
1443 gen_helper_vfp_abss(cpu_F0s, cpu_F0s);
1446 static inline void gen_vfp_neg(int dp)
1449 gen_helper_vfp_negd(cpu_F0d, cpu_F0d);
1451 gen_helper_vfp_negs(cpu_F0s, cpu_F0s);
1454 static inline void gen_vfp_sqrt(int dp)
1457 gen_helper_vfp_sqrtd(cpu_F0d, cpu_F0d, cpu_env);
1459 gen_helper_vfp_sqrts(cpu_F0s, cpu_F0s, cpu_env);
1462 static inline void gen_vfp_cmp(int dp)
1465 gen_helper_vfp_cmpd(cpu_F0d, cpu_F1d, cpu_env);
1467 gen_helper_vfp_cmps(cpu_F0s, cpu_F1s, cpu_env);
1470 static inline void gen_vfp_cmpe(int dp)
1473 gen_helper_vfp_cmped(cpu_F0d, cpu_F1d, cpu_env);
1475 gen_helper_vfp_cmpes(cpu_F0s, cpu_F1s, cpu_env);
1478 static inline void gen_vfp_F1_ld0(int dp)
1481 tcg_gen_movi_i64(cpu_F1d, 0);
1483 tcg_gen_movi_i32(cpu_F1s, 0);
1486 #define VFP_GEN_ITOF(name) \
1487 static inline void gen_vfp_##name(int dp, int neon) \
1489 TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
1491 gen_helper_vfp_##name##d(cpu_F0d, cpu_F0s, statusptr); \
1493 gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, statusptr); \
1495 tcg_temp_free_ptr(statusptr); \
1502 #define VFP_GEN_FTOI(name) \
1503 static inline void gen_vfp_##name(int dp, int neon) \
1505 TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
1507 gen_helper_vfp_##name##d(cpu_F0s, cpu_F0d, statusptr); \
1509 gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, statusptr); \
1511 tcg_temp_free_ptr(statusptr); \
1520 #define VFP_GEN_FIX(name, round) \
1521 static inline void gen_vfp_##name(int dp, int shift, int neon) \
1523 TCGv_i32 tmp_shift = tcg_const_i32(shift); \
1524 TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
1526 gen_helper_vfp_##name##d##round(cpu_F0d, cpu_F0d, tmp_shift, \
1529 gen_helper_vfp_##name##s##round(cpu_F0s, cpu_F0s, tmp_shift, \
1532 tcg_temp_free_i32(tmp_shift); \
1533 tcg_temp_free_ptr(statusptr); \
1535 VFP_GEN_FIX(tosh, _round_to_zero)
1536 VFP_GEN_FIX(tosl, _round_to_zero)
1537 VFP_GEN_FIX(touh, _round_to_zero)
1538 VFP_GEN_FIX(toul, _round_to_zero)
1545 static inline void gen_vfp_ld(DisasContext *s, int dp, TCGv_i32 addr)
1548 gen_aa32_ld64(s, cpu_F0d, addr, get_mem_index(s));
1550 gen_aa32_ld32u(s, cpu_F0s, addr, get_mem_index(s));
1554 static inline void gen_vfp_st(DisasContext *s, int dp, TCGv_i32 addr)
1557 gen_aa32_st64(s, cpu_F0d, addr, get_mem_index(s));
1559 gen_aa32_st32(s, cpu_F0s, addr, get_mem_index(s));
1563 static inline long vfp_reg_offset(bool dp, unsigned reg)
1566 return offsetof(CPUARMState, vfp.zregs[reg >> 1].d[reg & 1]);
1568 long ofs = offsetof(CPUARMState, vfp.zregs[reg >> 2].d[(reg >> 1) & 1]);
1570 ofs += offsetof(CPU_DoubleU, l.upper);
1572 ofs += offsetof(CPU_DoubleU, l.lower);
1578 /* Return the offset of a 32-bit piece of a NEON register.
1579 zero is the least significant end of the register. */
1581 neon_reg_offset (int reg, int n)
1585 return vfp_reg_offset(0, sreg);
1588 static TCGv_i32 neon_load_reg(int reg, int pass)
1590 TCGv_i32 tmp = tcg_temp_new_i32();
1591 tcg_gen_ld_i32(tmp, cpu_env, neon_reg_offset(reg, pass));
1595 static void neon_store_reg(int reg, int pass, TCGv_i32 var)
1597 tcg_gen_st_i32(var, cpu_env, neon_reg_offset(reg, pass));
1598 tcg_temp_free_i32(var);
1601 static inline void neon_load_reg64(TCGv_i64 var, int reg)
1603 tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(1, reg));
1606 static inline void neon_store_reg64(TCGv_i64 var, int reg)
1608 tcg_gen_st_i64(var, cpu_env, vfp_reg_offset(1, reg));
1611 static TCGv_ptr vfp_reg_ptr(bool dp, int reg)
1613 TCGv_ptr ret = tcg_temp_new_ptr();
1614 tcg_gen_addi_ptr(ret, cpu_env, vfp_reg_offset(dp, reg));
1618 #define tcg_gen_ld_f32 tcg_gen_ld_i32
1619 #define tcg_gen_ld_f64 tcg_gen_ld_i64
1620 #define tcg_gen_st_f32 tcg_gen_st_i32
1621 #define tcg_gen_st_f64 tcg_gen_st_i64
1623 static inline void gen_mov_F0_vreg(int dp, int reg)
1626 tcg_gen_ld_f64(cpu_F0d, cpu_env, vfp_reg_offset(dp, reg));
1628 tcg_gen_ld_f32(cpu_F0s, cpu_env, vfp_reg_offset(dp, reg));
1631 static inline void gen_mov_F1_vreg(int dp, int reg)
1634 tcg_gen_ld_f64(cpu_F1d, cpu_env, vfp_reg_offset(dp, reg));
1636 tcg_gen_ld_f32(cpu_F1s, cpu_env, vfp_reg_offset(dp, reg));
1639 static inline void gen_mov_vreg_F0(int dp, int reg)
1642 tcg_gen_st_f64(cpu_F0d, cpu_env, vfp_reg_offset(dp, reg));
1644 tcg_gen_st_f32(cpu_F0s, cpu_env, vfp_reg_offset(dp, reg));
1647 #define ARM_CP_RW_BIT (1 << 20)
1649 static inline void iwmmxt_load_reg(TCGv_i64 var, int reg)
1651 tcg_gen_ld_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1654 static inline void iwmmxt_store_reg(TCGv_i64 var, int reg)
1656 tcg_gen_st_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1659 static inline TCGv_i32 iwmmxt_load_creg(int reg)
1661 TCGv_i32 var = tcg_temp_new_i32();
1662 tcg_gen_ld_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1666 static inline void iwmmxt_store_creg(int reg, TCGv_i32 var)
1668 tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1669 tcg_temp_free_i32(var);
1672 static inline void gen_op_iwmmxt_movq_wRn_M0(int rn)
1674 iwmmxt_store_reg(cpu_M0, rn);
1677 static inline void gen_op_iwmmxt_movq_M0_wRn(int rn)
1679 iwmmxt_load_reg(cpu_M0, rn);
1682 static inline void gen_op_iwmmxt_orq_M0_wRn(int rn)
1684 iwmmxt_load_reg(cpu_V1, rn);
1685 tcg_gen_or_i64(cpu_M0, cpu_M0, cpu_V1);
1688 static inline void gen_op_iwmmxt_andq_M0_wRn(int rn)
1690 iwmmxt_load_reg(cpu_V1, rn);
1691 tcg_gen_and_i64(cpu_M0, cpu_M0, cpu_V1);
1694 static inline void gen_op_iwmmxt_xorq_M0_wRn(int rn)
1696 iwmmxt_load_reg(cpu_V1, rn);
1697 tcg_gen_xor_i64(cpu_M0, cpu_M0, cpu_V1);
1700 #define IWMMXT_OP(name) \
1701 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1703 iwmmxt_load_reg(cpu_V1, rn); \
1704 gen_helper_iwmmxt_##name(cpu_M0, cpu_M0, cpu_V1); \
1707 #define IWMMXT_OP_ENV(name) \
1708 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1710 iwmmxt_load_reg(cpu_V1, rn); \
1711 gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0, cpu_V1); \
1714 #define IWMMXT_OP_ENV_SIZE(name) \
1715 IWMMXT_OP_ENV(name##b) \
1716 IWMMXT_OP_ENV(name##w) \
1717 IWMMXT_OP_ENV(name##l)
1719 #define IWMMXT_OP_ENV1(name) \
1720 static inline void gen_op_iwmmxt_##name##_M0(void) \
1722 gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0); \
1736 IWMMXT_OP_ENV_SIZE(unpackl)
1737 IWMMXT_OP_ENV_SIZE(unpackh)
1739 IWMMXT_OP_ENV1(unpacklub)
1740 IWMMXT_OP_ENV1(unpackluw)
1741 IWMMXT_OP_ENV1(unpacklul)
1742 IWMMXT_OP_ENV1(unpackhub)
1743 IWMMXT_OP_ENV1(unpackhuw)
1744 IWMMXT_OP_ENV1(unpackhul)
1745 IWMMXT_OP_ENV1(unpacklsb)
1746 IWMMXT_OP_ENV1(unpacklsw)
1747 IWMMXT_OP_ENV1(unpacklsl)
1748 IWMMXT_OP_ENV1(unpackhsb)
1749 IWMMXT_OP_ENV1(unpackhsw)
1750 IWMMXT_OP_ENV1(unpackhsl)
1752 IWMMXT_OP_ENV_SIZE(cmpeq)
1753 IWMMXT_OP_ENV_SIZE(cmpgtu)
1754 IWMMXT_OP_ENV_SIZE(cmpgts)
1756 IWMMXT_OP_ENV_SIZE(mins)
1757 IWMMXT_OP_ENV_SIZE(minu)
1758 IWMMXT_OP_ENV_SIZE(maxs)
1759 IWMMXT_OP_ENV_SIZE(maxu)
1761 IWMMXT_OP_ENV_SIZE(subn)
1762 IWMMXT_OP_ENV_SIZE(addn)
1763 IWMMXT_OP_ENV_SIZE(subu)
1764 IWMMXT_OP_ENV_SIZE(addu)
1765 IWMMXT_OP_ENV_SIZE(subs)
1766 IWMMXT_OP_ENV_SIZE(adds)
1768 IWMMXT_OP_ENV(avgb0)
1769 IWMMXT_OP_ENV(avgb1)
1770 IWMMXT_OP_ENV(avgw0)
1771 IWMMXT_OP_ENV(avgw1)
1773 IWMMXT_OP_ENV(packuw)
1774 IWMMXT_OP_ENV(packul)
1775 IWMMXT_OP_ENV(packuq)
1776 IWMMXT_OP_ENV(packsw)
1777 IWMMXT_OP_ENV(packsl)
1778 IWMMXT_OP_ENV(packsq)
1780 static void gen_op_iwmmxt_set_mup(void)
1783 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1784 tcg_gen_ori_i32(tmp, tmp, 2);
1785 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1788 static void gen_op_iwmmxt_set_cup(void)
1791 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1792 tcg_gen_ori_i32(tmp, tmp, 1);
1793 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1796 static void gen_op_iwmmxt_setpsr_nz(void)
1798 TCGv_i32 tmp = tcg_temp_new_i32();
1799 gen_helper_iwmmxt_setpsr_nz(tmp, cpu_M0);
1800 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCASF]);
1803 static inline void gen_op_iwmmxt_addl_M0_wRn(int rn)
1805 iwmmxt_load_reg(cpu_V1, rn);
1806 tcg_gen_ext32u_i64(cpu_V1, cpu_V1);
1807 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
1810 static inline int gen_iwmmxt_address(DisasContext *s, uint32_t insn,
1817 rd = (insn >> 16) & 0xf;
1818 tmp = load_reg(s, rd);
1820 offset = (insn & 0xff) << ((insn >> 7) & 2);
1821 if (insn & (1 << 24)) {
1823 if (insn & (1 << 23))
1824 tcg_gen_addi_i32(tmp, tmp, offset);
1826 tcg_gen_addi_i32(tmp, tmp, -offset);
1827 tcg_gen_mov_i32(dest, tmp);
1828 if (insn & (1 << 21))
1829 store_reg(s, rd, tmp);
1831 tcg_temp_free_i32(tmp);
1832 } else if (insn & (1 << 21)) {
1834 tcg_gen_mov_i32(dest, tmp);
1835 if (insn & (1 << 23))
1836 tcg_gen_addi_i32(tmp, tmp, offset);
1838 tcg_gen_addi_i32(tmp, tmp, -offset);
1839 store_reg(s, rd, tmp);
1840 } else if (!(insn & (1 << 23)))
1845 static inline int gen_iwmmxt_shift(uint32_t insn, uint32_t mask, TCGv_i32 dest)
1847 int rd = (insn >> 0) & 0xf;
1850 if (insn & (1 << 8)) {
1851 if (rd < ARM_IWMMXT_wCGR0 || rd > ARM_IWMMXT_wCGR3) {
1854 tmp = iwmmxt_load_creg(rd);
1857 tmp = tcg_temp_new_i32();
1858 iwmmxt_load_reg(cpu_V0, rd);
1859 tcg_gen_extrl_i64_i32(tmp, cpu_V0);
1861 tcg_gen_andi_i32(tmp, tmp, mask);
1862 tcg_gen_mov_i32(dest, tmp);
1863 tcg_temp_free_i32(tmp);
1867 /* Disassemble an iwMMXt instruction. Returns nonzero if an error occurred
1868 (ie. an undefined instruction). */
1869 static int disas_iwmmxt_insn(DisasContext *s, uint32_t insn)
1872 int rdhi, rdlo, rd0, rd1, i;
1874 TCGv_i32 tmp, tmp2, tmp3;
1876 if ((insn & 0x0e000e00) == 0x0c000000) {
1877 if ((insn & 0x0fe00ff0) == 0x0c400000) {
1879 rdlo = (insn >> 12) & 0xf;
1880 rdhi = (insn >> 16) & 0xf;
1881 if (insn & ARM_CP_RW_BIT) { /* TMRRC */
1882 iwmmxt_load_reg(cpu_V0, wrd);
1883 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
1884 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
1885 tcg_gen_extrl_i64_i32(cpu_R[rdhi], cpu_V0);
1886 } else { /* TMCRR */
1887 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
1888 iwmmxt_store_reg(cpu_V0, wrd);
1889 gen_op_iwmmxt_set_mup();
1894 wrd = (insn >> 12) & 0xf;
1895 addr = tcg_temp_new_i32();
1896 if (gen_iwmmxt_address(s, insn, addr)) {
1897 tcg_temp_free_i32(addr);
1900 if (insn & ARM_CP_RW_BIT) {
1901 if ((insn >> 28) == 0xf) { /* WLDRW wCx */
1902 tmp = tcg_temp_new_i32();
1903 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1904 iwmmxt_store_creg(wrd, tmp);
1907 if (insn & (1 << 8)) {
1908 if (insn & (1 << 22)) { /* WLDRD */
1909 gen_aa32_ld64(s, cpu_M0, addr, get_mem_index(s));
1911 } else { /* WLDRW wRd */
1912 tmp = tcg_temp_new_i32();
1913 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1916 tmp = tcg_temp_new_i32();
1917 if (insn & (1 << 22)) { /* WLDRH */
1918 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
1919 } else { /* WLDRB */
1920 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
1924 tcg_gen_extu_i32_i64(cpu_M0, tmp);
1925 tcg_temp_free_i32(tmp);
1927 gen_op_iwmmxt_movq_wRn_M0(wrd);
1930 if ((insn >> 28) == 0xf) { /* WSTRW wCx */
1931 tmp = iwmmxt_load_creg(wrd);
1932 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1934 gen_op_iwmmxt_movq_M0_wRn(wrd);
1935 tmp = tcg_temp_new_i32();
1936 if (insn & (1 << 8)) {
1937 if (insn & (1 << 22)) { /* WSTRD */
1938 gen_aa32_st64(s, cpu_M0, addr, get_mem_index(s));
1939 } else { /* WSTRW wRd */
1940 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1941 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1944 if (insn & (1 << 22)) { /* WSTRH */
1945 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1946 gen_aa32_st16(s, tmp, addr, get_mem_index(s));
1947 } else { /* WSTRB */
1948 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1949 gen_aa32_st8(s, tmp, addr, get_mem_index(s));
1953 tcg_temp_free_i32(tmp);
1955 tcg_temp_free_i32(addr);
1959 if ((insn & 0x0f000000) != 0x0e000000)
1962 switch (((insn >> 12) & 0xf00) | ((insn >> 4) & 0xff)) {
1963 case 0x000: /* WOR */
1964 wrd = (insn >> 12) & 0xf;
1965 rd0 = (insn >> 0) & 0xf;
1966 rd1 = (insn >> 16) & 0xf;
1967 gen_op_iwmmxt_movq_M0_wRn(rd0);
1968 gen_op_iwmmxt_orq_M0_wRn(rd1);
1969 gen_op_iwmmxt_setpsr_nz();
1970 gen_op_iwmmxt_movq_wRn_M0(wrd);
1971 gen_op_iwmmxt_set_mup();
1972 gen_op_iwmmxt_set_cup();
1974 case 0x011: /* TMCR */
1977 rd = (insn >> 12) & 0xf;
1978 wrd = (insn >> 16) & 0xf;
1980 case ARM_IWMMXT_wCID:
1981 case ARM_IWMMXT_wCASF:
1983 case ARM_IWMMXT_wCon:
1984 gen_op_iwmmxt_set_cup();
1986 case ARM_IWMMXT_wCSSF:
1987 tmp = iwmmxt_load_creg(wrd);
1988 tmp2 = load_reg(s, rd);
1989 tcg_gen_andc_i32(tmp, tmp, tmp2);
1990 tcg_temp_free_i32(tmp2);
1991 iwmmxt_store_creg(wrd, tmp);
1993 case ARM_IWMMXT_wCGR0:
1994 case ARM_IWMMXT_wCGR1:
1995 case ARM_IWMMXT_wCGR2:
1996 case ARM_IWMMXT_wCGR3:
1997 gen_op_iwmmxt_set_cup();
1998 tmp = load_reg(s, rd);
1999 iwmmxt_store_creg(wrd, tmp);
2005 case 0x100: /* WXOR */
2006 wrd = (insn >> 12) & 0xf;
2007 rd0 = (insn >> 0) & 0xf;
2008 rd1 = (insn >> 16) & 0xf;
2009 gen_op_iwmmxt_movq_M0_wRn(rd0);
2010 gen_op_iwmmxt_xorq_M0_wRn(rd1);
2011 gen_op_iwmmxt_setpsr_nz();
2012 gen_op_iwmmxt_movq_wRn_M0(wrd);
2013 gen_op_iwmmxt_set_mup();
2014 gen_op_iwmmxt_set_cup();
2016 case 0x111: /* TMRC */
2019 rd = (insn >> 12) & 0xf;
2020 wrd = (insn >> 16) & 0xf;
2021 tmp = iwmmxt_load_creg(wrd);
2022 store_reg(s, rd, tmp);
2024 case 0x300: /* WANDN */
2025 wrd = (insn >> 12) & 0xf;
2026 rd0 = (insn >> 0) & 0xf;
2027 rd1 = (insn >> 16) & 0xf;
2028 gen_op_iwmmxt_movq_M0_wRn(rd0);
2029 tcg_gen_neg_i64(cpu_M0, cpu_M0);
2030 gen_op_iwmmxt_andq_M0_wRn(rd1);
2031 gen_op_iwmmxt_setpsr_nz();
2032 gen_op_iwmmxt_movq_wRn_M0(wrd);
2033 gen_op_iwmmxt_set_mup();
2034 gen_op_iwmmxt_set_cup();
2036 case 0x200: /* WAND */
2037 wrd = (insn >> 12) & 0xf;
2038 rd0 = (insn >> 0) & 0xf;
2039 rd1 = (insn >> 16) & 0xf;
2040 gen_op_iwmmxt_movq_M0_wRn(rd0);
2041 gen_op_iwmmxt_andq_M0_wRn(rd1);
2042 gen_op_iwmmxt_setpsr_nz();
2043 gen_op_iwmmxt_movq_wRn_M0(wrd);
2044 gen_op_iwmmxt_set_mup();
2045 gen_op_iwmmxt_set_cup();
2047 case 0x810: case 0xa10: /* WMADD */
2048 wrd = (insn >> 12) & 0xf;
2049 rd0 = (insn >> 0) & 0xf;
2050 rd1 = (insn >> 16) & 0xf;
2051 gen_op_iwmmxt_movq_M0_wRn(rd0);
2052 if (insn & (1 << 21))
2053 gen_op_iwmmxt_maddsq_M0_wRn(rd1);
2055 gen_op_iwmmxt_madduq_M0_wRn(rd1);
2056 gen_op_iwmmxt_movq_wRn_M0(wrd);
2057 gen_op_iwmmxt_set_mup();
2059 case 0x10e: case 0x50e: case 0x90e: case 0xd0e: /* WUNPCKIL */
2060 wrd = (insn >> 12) & 0xf;
2061 rd0 = (insn >> 16) & 0xf;
2062 rd1 = (insn >> 0) & 0xf;
2063 gen_op_iwmmxt_movq_M0_wRn(rd0);
2064 switch ((insn >> 22) & 3) {
2066 gen_op_iwmmxt_unpacklb_M0_wRn(rd1);
2069 gen_op_iwmmxt_unpacklw_M0_wRn(rd1);
2072 gen_op_iwmmxt_unpackll_M0_wRn(rd1);
2077 gen_op_iwmmxt_movq_wRn_M0(wrd);
2078 gen_op_iwmmxt_set_mup();
2079 gen_op_iwmmxt_set_cup();
2081 case 0x10c: case 0x50c: case 0x90c: case 0xd0c: /* WUNPCKIH */
2082 wrd = (insn >> 12) & 0xf;
2083 rd0 = (insn >> 16) & 0xf;
2084 rd1 = (insn >> 0) & 0xf;
2085 gen_op_iwmmxt_movq_M0_wRn(rd0);
2086 switch ((insn >> 22) & 3) {
2088 gen_op_iwmmxt_unpackhb_M0_wRn(rd1);
2091 gen_op_iwmmxt_unpackhw_M0_wRn(rd1);
2094 gen_op_iwmmxt_unpackhl_M0_wRn(rd1);
2099 gen_op_iwmmxt_movq_wRn_M0(wrd);
2100 gen_op_iwmmxt_set_mup();
2101 gen_op_iwmmxt_set_cup();
2103 case 0x012: case 0x112: case 0x412: case 0x512: /* WSAD */
2104 wrd = (insn >> 12) & 0xf;
2105 rd0 = (insn >> 16) & 0xf;
2106 rd1 = (insn >> 0) & 0xf;
2107 gen_op_iwmmxt_movq_M0_wRn(rd0);
2108 if (insn & (1 << 22))
2109 gen_op_iwmmxt_sadw_M0_wRn(rd1);
2111 gen_op_iwmmxt_sadb_M0_wRn(rd1);
2112 if (!(insn & (1 << 20)))
2113 gen_op_iwmmxt_addl_M0_wRn(wrd);
2114 gen_op_iwmmxt_movq_wRn_M0(wrd);
2115 gen_op_iwmmxt_set_mup();
2117 case 0x010: case 0x110: case 0x210: case 0x310: /* WMUL */
2118 wrd = (insn >> 12) & 0xf;
2119 rd0 = (insn >> 16) & 0xf;
2120 rd1 = (insn >> 0) & 0xf;
2121 gen_op_iwmmxt_movq_M0_wRn(rd0);
2122 if (insn & (1 << 21)) {
2123 if (insn & (1 << 20))
2124 gen_op_iwmmxt_mulshw_M0_wRn(rd1);
2126 gen_op_iwmmxt_mulslw_M0_wRn(rd1);
2128 if (insn & (1 << 20))
2129 gen_op_iwmmxt_muluhw_M0_wRn(rd1);
2131 gen_op_iwmmxt_mululw_M0_wRn(rd1);
2133 gen_op_iwmmxt_movq_wRn_M0(wrd);
2134 gen_op_iwmmxt_set_mup();
2136 case 0x410: case 0x510: case 0x610: case 0x710: /* WMAC */
2137 wrd = (insn >> 12) & 0xf;
2138 rd0 = (insn >> 16) & 0xf;
2139 rd1 = (insn >> 0) & 0xf;
2140 gen_op_iwmmxt_movq_M0_wRn(rd0);
2141 if (insn & (1 << 21))
2142 gen_op_iwmmxt_macsw_M0_wRn(rd1);
2144 gen_op_iwmmxt_macuw_M0_wRn(rd1);
2145 if (!(insn & (1 << 20))) {
2146 iwmmxt_load_reg(cpu_V1, wrd);
2147 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
2149 gen_op_iwmmxt_movq_wRn_M0(wrd);
2150 gen_op_iwmmxt_set_mup();
2152 case 0x006: case 0x406: case 0x806: case 0xc06: /* WCMPEQ */
2153 wrd = (insn >> 12) & 0xf;
2154 rd0 = (insn >> 16) & 0xf;
2155 rd1 = (insn >> 0) & 0xf;
2156 gen_op_iwmmxt_movq_M0_wRn(rd0);
2157 switch ((insn >> 22) & 3) {
2159 gen_op_iwmmxt_cmpeqb_M0_wRn(rd1);
2162 gen_op_iwmmxt_cmpeqw_M0_wRn(rd1);
2165 gen_op_iwmmxt_cmpeql_M0_wRn(rd1);
2170 gen_op_iwmmxt_movq_wRn_M0(wrd);
2171 gen_op_iwmmxt_set_mup();
2172 gen_op_iwmmxt_set_cup();
2174 case 0x800: case 0x900: case 0xc00: case 0xd00: /* WAVG2 */
2175 wrd = (insn >> 12) & 0xf;
2176 rd0 = (insn >> 16) & 0xf;
2177 rd1 = (insn >> 0) & 0xf;
2178 gen_op_iwmmxt_movq_M0_wRn(rd0);
2179 if (insn & (1 << 22)) {
2180 if (insn & (1 << 20))
2181 gen_op_iwmmxt_avgw1_M0_wRn(rd1);
2183 gen_op_iwmmxt_avgw0_M0_wRn(rd1);
2185 if (insn & (1 << 20))
2186 gen_op_iwmmxt_avgb1_M0_wRn(rd1);
2188 gen_op_iwmmxt_avgb0_M0_wRn(rd1);
2190 gen_op_iwmmxt_movq_wRn_M0(wrd);
2191 gen_op_iwmmxt_set_mup();
2192 gen_op_iwmmxt_set_cup();
2194 case 0x802: case 0x902: case 0xa02: case 0xb02: /* WALIGNR */
2195 wrd = (insn >> 12) & 0xf;
2196 rd0 = (insn >> 16) & 0xf;
2197 rd1 = (insn >> 0) & 0xf;
2198 gen_op_iwmmxt_movq_M0_wRn(rd0);
2199 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCGR0 + ((insn >> 20) & 3));
2200 tcg_gen_andi_i32(tmp, tmp, 7);
2201 iwmmxt_load_reg(cpu_V1, rd1);
2202 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2203 tcg_temp_free_i32(tmp);
2204 gen_op_iwmmxt_movq_wRn_M0(wrd);
2205 gen_op_iwmmxt_set_mup();
2207 case 0x601: case 0x605: case 0x609: case 0x60d: /* TINSR */
2208 if (((insn >> 6) & 3) == 3)
2210 rd = (insn >> 12) & 0xf;
2211 wrd = (insn >> 16) & 0xf;
2212 tmp = load_reg(s, rd);
2213 gen_op_iwmmxt_movq_M0_wRn(wrd);
2214 switch ((insn >> 6) & 3) {
2216 tmp2 = tcg_const_i32(0xff);
2217 tmp3 = tcg_const_i32((insn & 7) << 3);
2220 tmp2 = tcg_const_i32(0xffff);
2221 tmp3 = tcg_const_i32((insn & 3) << 4);
2224 tmp2 = tcg_const_i32(0xffffffff);
2225 tmp3 = tcg_const_i32((insn & 1) << 5);
2231 gen_helper_iwmmxt_insr(cpu_M0, cpu_M0, tmp, tmp2, tmp3);
2232 tcg_temp_free_i32(tmp3);
2233 tcg_temp_free_i32(tmp2);
2234 tcg_temp_free_i32(tmp);
2235 gen_op_iwmmxt_movq_wRn_M0(wrd);
2236 gen_op_iwmmxt_set_mup();
2238 case 0x107: case 0x507: case 0x907: case 0xd07: /* TEXTRM */
2239 rd = (insn >> 12) & 0xf;
2240 wrd = (insn >> 16) & 0xf;
2241 if (rd == 15 || ((insn >> 22) & 3) == 3)
2243 gen_op_iwmmxt_movq_M0_wRn(wrd);
2244 tmp = tcg_temp_new_i32();
2245 switch ((insn >> 22) & 3) {
2247 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 7) << 3);
2248 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2250 tcg_gen_ext8s_i32(tmp, tmp);
2252 tcg_gen_andi_i32(tmp, tmp, 0xff);
2256 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 3) << 4);
2257 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2259 tcg_gen_ext16s_i32(tmp, tmp);
2261 tcg_gen_andi_i32(tmp, tmp, 0xffff);
2265 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 1) << 5);
2266 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2269 store_reg(s, rd, tmp);
2271 case 0x117: case 0x517: case 0x917: case 0xd17: /* TEXTRC */
2272 if ((insn & 0x000ff008) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2274 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2275 switch ((insn >> 22) & 3) {
2277 tcg_gen_shri_i32(tmp, tmp, ((insn & 7) << 2) + 0);
2280 tcg_gen_shri_i32(tmp, tmp, ((insn & 3) << 3) + 4);
2283 tcg_gen_shri_i32(tmp, tmp, ((insn & 1) << 4) + 12);
2286 tcg_gen_shli_i32(tmp, tmp, 28);
2288 tcg_temp_free_i32(tmp);
2290 case 0x401: case 0x405: case 0x409: case 0x40d: /* TBCST */
2291 if (((insn >> 6) & 3) == 3)
2293 rd = (insn >> 12) & 0xf;
2294 wrd = (insn >> 16) & 0xf;
2295 tmp = load_reg(s, rd);
2296 switch ((insn >> 6) & 3) {
2298 gen_helper_iwmmxt_bcstb(cpu_M0, tmp);
2301 gen_helper_iwmmxt_bcstw(cpu_M0, tmp);
2304 gen_helper_iwmmxt_bcstl(cpu_M0, tmp);
2307 tcg_temp_free_i32(tmp);
2308 gen_op_iwmmxt_movq_wRn_M0(wrd);
2309 gen_op_iwmmxt_set_mup();
2311 case 0x113: case 0x513: case 0x913: case 0xd13: /* TANDC */
2312 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2314 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2315 tmp2 = tcg_temp_new_i32();
2316 tcg_gen_mov_i32(tmp2, tmp);
2317 switch ((insn >> 22) & 3) {
2319 for (i = 0; i < 7; i ++) {
2320 tcg_gen_shli_i32(tmp2, tmp2, 4);
2321 tcg_gen_and_i32(tmp, tmp, tmp2);
2325 for (i = 0; i < 3; i ++) {
2326 tcg_gen_shli_i32(tmp2, tmp2, 8);
2327 tcg_gen_and_i32(tmp, tmp, tmp2);
2331 tcg_gen_shli_i32(tmp2, tmp2, 16);
2332 tcg_gen_and_i32(tmp, tmp, tmp2);
2336 tcg_temp_free_i32(tmp2);
2337 tcg_temp_free_i32(tmp);
2339 case 0x01c: case 0x41c: case 0x81c: case 0xc1c: /* WACC */
2340 wrd = (insn >> 12) & 0xf;
2341 rd0 = (insn >> 16) & 0xf;
2342 gen_op_iwmmxt_movq_M0_wRn(rd0);
2343 switch ((insn >> 22) & 3) {
2345 gen_helper_iwmmxt_addcb(cpu_M0, cpu_M0);
2348 gen_helper_iwmmxt_addcw(cpu_M0, cpu_M0);
2351 gen_helper_iwmmxt_addcl(cpu_M0, cpu_M0);
2356 gen_op_iwmmxt_movq_wRn_M0(wrd);
2357 gen_op_iwmmxt_set_mup();
2359 case 0x115: case 0x515: case 0x915: case 0xd15: /* TORC */
2360 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2362 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2363 tmp2 = tcg_temp_new_i32();
2364 tcg_gen_mov_i32(tmp2, tmp);
2365 switch ((insn >> 22) & 3) {
2367 for (i = 0; i < 7; i ++) {
2368 tcg_gen_shli_i32(tmp2, tmp2, 4);
2369 tcg_gen_or_i32(tmp, tmp, tmp2);
2373 for (i = 0; i < 3; i ++) {
2374 tcg_gen_shli_i32(tmp2, tmp2, 8);
2375 tcg_gen_or_i32(tmp, tmp, tmp2);
2379 tcg_gen_shli_i32(tmp2, tmp2, 16);
2380 tcg_gen_or_i32(tmp, tmp, tmp2);
2384 tcg_temp_free_i32(tmp2);
2385 tcg_temp_free_i32(tmp);
2387 case 0x103: case 0x503: case 0x903: case 0xd03: /* TMOVMSK */
2388 rd = (insn >> 12) & 0xf;
2389 rd0 = (insn >> 16) & 0xf;
2390 if ((insn & 0xf) != 0 || ((insn >> 22) & 3) == 3)
2392 gen_op_iwmmxt_movq_M0_wRn(rd0);
2393 tmp = tcg_temp_new_i32();
2394 switch ((insn >> 22) & 3) {
2396 gen_helper_iwmmxt_msbb(tmp, cpu_M0);
2399 gen_helper_iwmmxt_msbw(tmp, cpu_M0);
2402 gen_helper_iwmmxt_msbl(tmp, cpu_M0);
2405 store_reg(s, rd, tmp);
2407 case 0x106: case 0x306: case 0x506: case 0x706: /* WCMPGT */
2408 case 0x906: case 0xb06: case 0xd06: case 0xf06:
2409 wrd = (insn >> 12) & 0xf;
2410 rd0 = (insn >> 16) & 0xf;
2411 rd1 = (insn >> 0) & 0xf;
2412 gen_op_iwmmxt_movq_M0_wRn(rd0);
2413 switch ((insn >> 22) & 3) {
2415 if (insn & (1 << 21))
2416 gen_op_iwmmxt_cmpgtsb_M0_wRn(rd1);
2418 gen_op_iwmmxt_cmpgtub_M0_wRn(rd1);
2421 if (insn & (1 << 21))
2422 gen_op_iwmmxt_cmpgtsw_M0_wRn(rd1);
2424 gen_op_iwmmxt_cmpgtuw_M0_wRn(rd1);
2427 if (insn & (1 << 21))
2428 gen_op_iwmmxt_cmpgtsl_M0_wRn(rd1);
2430 gen_op_iwmmxt_cmpgtul_M0_wRn(rd1);
2435 gen_op_iwmmxt_movq_wRn_M0(wrd);
2436 gen_op_iwmmxt_set_mup();
2437 gen_op_iwmmxt_set_cup();
2439 case 0x00e: case 0x20e: case 0x40e: case 0x60e: /* WUNPCKEL */
2440 case 0x80e: case 0xa0e: case 0xc0e: case 0xe0e:
2441 wrd = (insn >> 12) & 0xf;
2442 rd0 = (insn >> 16) & 0xf;
2443 gen_op_iwmmxt_movq_M0_wRn(rd0);
2444 switch ((insn >> 22) & 3) {
2446 if (insn & (1 << 21))
2447 gen_op_iwmmxt_unpacklsb_M0();
2449 gen_op_iwmmxt_unpacklub_M0();
2452 if (insn & (1 << 21))
2453 gen_op_iwmmxt_unpacklsw_M0();
2455 gen_op_iwmmxt_unpackluw_M0();
2458 if (insn & (1 << 21))
2459 gen_op_iwmmxt_unpacklsl_M0();
2461 gen_op_iwmmxt_unpacklul_M0();
2466 gen_op_iwmmxt_movq_wRn_M0(wrd);
2467 gen_op_iwmmxt_set_mup();
2468 gen_op_iwmmxt_set_cup();
2470 case 0x00c: case 0x20c: case 0x40c: case 0x60c: /* WUNPCKEH */
2471 case 0x80c: case 0xa0c: case 0xc0c: case 0xe0c:
2472 wrd = (insn >> 12) & 0xf;
2473 rd0 = (insn >> 16) & 0xf;
2474 gen_op_iwmmxt_movq_M0_wRn(rd0);
2475 switch ((insn >> 22) & 3) {
2477 if (insn & (1 << 21))
2478 gen_op_iwmmxt_unpackhsb_M0();
2480 gen_op_iwmmxt_unpackhub_M0();
2483 if (insn & (1 << 21))
2484 gen_op_iwmmxt_unpackhsw_M0();
2486 gen_op_iwmmxt_unpackhuw_M0();
2489 if (insn & (1 << 21))
2490 gen_op_iwmmxt_unpackhsl_M0();
2492 gen_op_iwmmxt_unpackhul_M0();
2497 gen_op_iwmmxt_movq_wRn_M0(wrd);
2498 gen_op_iwmmxt_set_mup();
2499 gen_op_iwmmxt_set_cup();
2501 case 0x204: case 0x604: case 0xa04: case 0xe04: /* WSRL */
2502 case 0x214: case 0x614: case 0xa14: case 0xe14:
2503 if (((insn >> 22) & 3) == 0)
2505 wrd = (insn >> 12) & 0xf;
2506 rd0 = (insn >> 16) & 0xf;
2507 gen_op_iwmmxt_movq_M0_wRn(rd0);
2508 tmp = tcg_temp_new_i32();
2509 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2510 tcg_temp_free_i32(tmp);
2513 switch ((insn >> 22) & 3) {
2515 gen_helper_iwmmxt_srlw(cpu_M0, cpu_env, cpu_M0, tmp);
2518 gen_helper_iwmmxt_srll(cpu_M0, cpu_env, cpu_M0, tmp);
2521 gen_helper_iwmmxt_srlq(cpu_M0, cpu_env, cpu_M0, tmp);
2524 tcg_temp_free_i32(tmp);
2525 gen_op_iwmmxt_movq_wRn_M0(wrd);
2526 gen_op_iwmmxt_set_mup();
2527 gen_op_iwmmxt_set_cup();
2529 case 0x004: case 0x404: case 0x804: case 0xc04: /* WSRA */
2530 case 0x014: case 0x414: case 0x814: case 0xc14:
2531 if (((insn >> 22) & 3) == 0)
2533 wrd = (insn >> 12) & 0xf;
2534 rd0 = (insn >> 16) & 0xf;
2535 gen_op_iwmmxt_movq_M0_wRn(rd0);
2536 tmp = tcg_temp_new_i32();
2537 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2538 tcg_temp_free_i32(tmp);
2541 switch ((insn >> 22) & 3) {
2543 gen_helper_iwmmxt_sraw(cpu_M0, cpu_env, cpu_M0, tmp);
2546 gen_helper_iwmmxt_sral(cpu_M0, cpu_env, cpu_M0, tmp);
2549 gen_helper_iwmmxt_sraq(cpu_M0, cpu_env, cpu_M0, tmp);
2552 tcg_temp_free_i32(tmp);
2553 gen_op_iwmmxt_movq_wRn_M0(wrd);
2554 gen_op_iwmmxt_set_mup();
2555 gen_op_iwmmxt_set_cup();
2557 case 0x104: case 0x504: case 0x904: case 0xd04: /* WSLL */
2558 case 0x114: case 0x514: case 0x914: case 0xd14:
2559 if (((insn >> 22) & 3) == 0)
2561 wrd = (insn >> 12) & 0xf;
2562 rd0 = (insn >> 16) & 0xf;
2563 gen_op_iwmmxt_movq_M0_wRn(rd0);
2564 tmp = tcg_temp_new_i32();
2565 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2566 tcg_temp_free_i32(tmp);
2569 switch ((insn >> 22) & 3) {
2571 gen_helper_iwmmxt_sllw(cpu_M0, cpu_env, cpu_M0, tmp);
2574 gen_helper_iwmmxt_slll(cpu_M0, cpu_env, cpu_M0, tmp);
2577 gen_helper_iwmmxt_sllq(cpu_M0, cpu_env, cpu_M0, tmp);
2580 tcg_temp_free_i32(tmp);
2581 gen_op_iwmmxt_movq_wRn_M0(wrd);
2582 gen_op_iwmmxt_set_mup();
2583 gen_op_iwmmxt_set_cup();
2585 case 0x304: case 0x704: case 0xb04: case 0xf04: /* WROR */
2586 case 0x314: case 0x714: case 0xb14: case 0xf14:
2587 if (((insn >> 22) & 3) == 0)
2589 wrd = (insn >> 12) & 0xf;
2590 rd0 = (insn >> 16) & 0xf;
2591 gen_op_iwmmxt_movq_M0_wRn(rd0);
2592 tmp = tcg_temp_new_i32();
2593 switch ((insn >> 22) & 3) {
2595 if (gen_iwmmxt_shift(insn, 0xf, tmp)) {
2596 tcg_temp_free_i32(tmp);
2599 gen_helper_iwmmxt_rorw(cpu_M0, cpu_env, cpu_M0, tmp);
2602 if (gen_iwmmxt_shift(insn, 0x1f, tmp)) {
2603 tcg_temp_free_i32(tmp);
2606 gen_helper_iwmmxt_rorl(cpu_M0, cpu_env, cpu_M0, tmp);
2609 if (gen_iwmmxt_shift(insn, 0x3f, tmp)) {
2610 tcg_temp_free_i32(tmp);
2613 gen_helper_iwmmxt_rorq(cpu_M0, cpu_env, cpu_M0, tmp);
2616 tcg_temp_free_i32(tmp);
2617 gen_op_iwmmxt_movq_wRn_M0(wrd);
2618 gen_op_iwmmxt_set_mup();
2619 gen_op_iwmmxt_set_cup();
2621 case 0x116: case 0x316: case 0x516: case 0x716: /* WMIN */
2622 case 0x916: case 0xb16: case 0xd16: case 0xf16:
2623 wrd = (insn >> 12) & 0xf;
2624 rd0 = (insn >> 16) & 0xf;
2625 rd1 = (insn >> 0) & 0xf;
2626 gen_op_iwmmxt_movq_M0_wRn(rd0);
2627 switch ((insn >> 22) & 3) {
2629 if (insn & (1 << 21))
2630 gen_op_iwmmxt_minsb_M0_wRn(rd1);
2632 gen_op_iwmmxt_minub_M0_wRn(rd1);
2635 if (insn & (1 << 21))
2636 gen_op_iwmmxt_minsw_M0_wRn(rd1);
2638 gen_op_iwmmxt_minuw_M0_wRn(rd1);
2641 if (insn & (1 << 21))
2642 gen_op_iwmmxt_minsl_M0_wRn(rd1);
2644 gen_op_iwmmxt_minul_M0_wRn(rd1);
2649 gen_op_iwmmxt_movq_wRn_M0(wrd);
2650 gen_op_iwmmxt_set_mup();
2652 case 0x016: case 0x216: case 0x416: case 0x616: /* WMAX */
2653 case 0x816: case 0xa16: case 0xc16: case 0xe16:
2654 wrd = (insn >> 12) & 0xf;
2655 rd0 = (insn >> 16) & 0xf;
2656 rd1 = (insn >> 0) & 0xf;
2657 gen_op_iwmmxt_movq_M0_wRn(rd0);
2658 switch ((insn >> 22) & 3) {
2660 if (insn & (1 << 21))
2661 gen_op_iwmmxt_maxsb_M0_wRn(rd1);
2663 gen_op_iwmmxt_maxub_M0_wRn(rd1);
2666 if (insn & (1 << 21))
2667 gen_op_iwmmxt_maxsw_M0_wRn(rd1);
2669 gen_op_iwmmxt_maxuw_M0_wRn(rd1);
2672 if (insn & (1 << 21))
2673 gen_op_iwmmxt_maxsl_M0_wRn(rd1);
2675 gen_op_iwmmxt_maxul_M0_wRn(rd1);
2680 gen_op_iwmmxt_movq_wRn_M0(wrd);
2681 gen_op_iwmmxt_set_mup();
2683 case 0x002: case 0x102: case 0x202: case 0x302: /* WALIGNI */
2684 case 0x402: case 0x502: case 0x602: case 0x702:
2685 wrd = (insn >> 12) & 0xf;
2686 rd0 = (insn >> 16) & 0xf;
2687 rd1 = (insn >> 0) & 0xf;
2688 gen_op_iwmmxt_movq_M0_wRn(rd0);
2689 tmp = tcg_const_i32((insn >> 20) & 3);
2690 iwmmxt_load_reg(cpu_V1, rd1);
2691 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2692 tcg_temp_free_i32(tmp);
2693 gen_op_iwmmxt_movq_wRn_M0(wrd);
2694 gen_op_iwmmxt_set_mup();
2696 case 0x01a: case 0x11a: case 0x21a: case 0x31a: /* WSUB */
2697 case 0x41a: case 0x51a: case 0x61a: case 0x71a:
2698 case 0x81a: case 0x91a: case 0xa1a: case 0xb1a:
2699 case 0xc1a: case 0xd1a: case 0xe1a: case 0xf1a:
2700 wrd = (insn >> 12) & 0xf;
2701 rd0 = (insn >> 16) & 0xf;
2702 rd1 = (insn >> 0) & 0xf;
2703 gen_op_iwmmxt_movq_M0_wRn(rd0);
2704 switch ((insn >> 20) & 0xf) {
2706 gen_op_iwmmxt_subnb_M0_wRn(rd1);
2709 gen_op_iwmmxt_subub_M0_wRn(rd1);
2712 gen_op_iwmmxt_subsb_M0_wRn(rd1);
2715 gen_op_iwmmxt_subnw_M0_wRn(rd1);
2718 gen_op_iwmmxt_subuw_M0_wRn(rd1);
2721 gen_op_iwmmxt_subsw_M0_wRn(rd1);
2724 gen_op_iwmmxt_subnl_M0_wRn(rd1);
2727 gen_op_iwmmxt_subul_M0_wRn(rd1);
2730 gen_op_iwmmxt_subsl_M0_wRn(rd1);
2735 gen_op_iwmmxt_movq_wRn_M0(wrd);
2736 gen_op_iwmmxt_set_mup();
2737 gen_op_iwmmxt_set_cup();
2739 case 0x01e: case 0x11e: case 0x21e: case 0x31e: /* WSHUFH */
2740 case 0x41e: case 0x51e: case 0x61e: case 0x71e:
2741 case 0x81e: case 0x91e: case 0xa1e: case 0xb1e:
2742 case 0xc1e: case 0xd1e: case 0xe1e: case 0xf1e:
2743 wrd = (insn >> 12) & 0xf;
2744 rd0 = (insn >> 16) & 0xf;
2745 gen_op_iwmmxt_movq_M0_wRn(rd0);
2746 tmp = tcg_const_i32(((insn >> 16) & 0xf0) | (insn & 0x0f));
2747 gen_helper_iwmmxt_shufh(cpu_M0, cpu_env, cpu_M0, tmp);
2748 tcg_temp_free_i32(tmp);
2749 gen_op_iwmmxt_movq_wRn_M0(wrd);
2750 gen_op_iwmmxt_set_mup();
2751 gen_op_iwmmxt_set_cup();
2753 case 0x018: case 0x118: case 0x218: case 0x318: /* WADD */
2754 case 0x418: case 0x518: case 0x618: case 0x718:
2755 case 0x818: case 0x918: case 0xa18: case 0xb18:
2756 case 0xc18: case 0xd18: case 0xe18: case 0xf18:
2757 wrd = (insn >> 12) & 0xf;
2758 rd0 = (insn >> 16) & 0xf;
2759 rd1 = (insn >> 0) & 0xf;
2760 gen_op_iwmmxt_movq_M0_wRn(rd0);
2761 switch ((insn >> 20) & 0xf) {
2763 gen_op_iwmmxt_addnb_M0_wRn(rd1);
2766 gen_op_iwmmxt_addub_M0_wRn(rd1);
2769 gen_op_iwmmxt_addsb_M0_wRn(rd1);
2772 gen_op_iwmmxt_addnw_M0_wRn(rd1);
2775 gen_op_iwmmxt_adduw_M0_wRn(rd1);
2778 gen_op_iwmmxt_addsw_M0_wRn(rd1);
2781 gen_op_iwmmxt_addnl_M0_wRn(rd1);
2784 gen_op_iwmmxt_addul_M0_wRn(rd1);
2787 gen_op_iwmmxt_addsl_M0_wRn(rd1);
2792 gen_op_iwmmxt_movq_wRn_M0(wrd);
2793 gen_op_iwmmxt_set_mup();
2794 gen_op_iwmmxt_set_cup();
2796 case 0x008: case 0x108: case 0x208: case 0x308: /* WPACK */
2797 case 0x408: case 0x508: case 0x608: case 0x708:
2798 case 0x808: case 0x908: case 0xa08: case 0xb08:
2799 case 0xc08: case 0xd08: case 0xe08: case 0xf08:
2800 if (!(insn & (1 << 20)) || ((insn >> 22) & 3) == 0)
2802 wrd = (insn >> 12) & 0xf;
2803 rd0 = (insn >> 16) & 0xf;
2804 rd1 = (insn >> 0) & 0xf;
2805 gen_op_iwmmxt_movq_M0_wRn(rd0);
2806 switch ((insn >> 22) & 3) {
2808 if (insn & (1 << 21))
2809 gen_op_iwmmxt_packsw_M0_wRn(rd1);
2811 gen_op_iwmmxt_packuw_M0_wRn(rd1);
2814 if (insn & (1 << 21))
2815 gen_op_iwmmxt_packsl_M0_wRn(rd1);
2817 gen_op_iwmmxt_packul_M0_wRn(rd1);
2820 if (insn & (1 << 21))
2821 gen_op_iwmmxt_packsq_M0_wRn(rd1);
2823 gen_op_iwmmxt_packuq_M0_wRn(rd1);
2826 gen_op_iwmmxt_movq_wRn_M0(wrd);
2827 gen_op_iwmmxt_set_mup();
2828 gen_op_iwmmxt_set_cup();
2830 case 0x201: case 0x203: case 0x205: case 0x207:
2831 case 0x209: case 0x20b: case 0x20d: case 0x20f:
2832 case 0x211: case 0x213: case 0x215: case 0x217:
2833 case 0x219: case 0x21b: case 0x21d: case 0x21f:
2834 wrd = (insn >> 5) & 0xf;
2835 rd0 = (insn >> 12) & 0xf;
2836 rd1 = (insn >> 0) & 0xf;
2837 if (rd0 == 0xf || rd1 == 0xf)
2839 gen_op_iwmmxt_movq_M0_wRn(wrd);
2840 tmp = load_reg(s, rd0);
2841 tmp2 = load_reg(s, rd1);
2842 switch ((insn >> 16) & 0xf) {
2843 case 0x0: /* TMIA */
2844 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2846 case 0x8: /* TMIAPH */
2847 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2849 case 0xc: case 0xd: case 0xe: case 0xf: /* TMIAxy */
2850 if (insn & (1 << 16))
2851 tcg_gen_shri_i32(tmp, tmp, 16);
2852 if (insn & (1 << 17))
2853 tcg_gen_shri_i32(tmp2, tmp2, 16);
2854 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2857 tcg_temp_free_i32(tmp2);
2858 tcg_temp_free_i32(tmp);
2861 tcg_temp_free_i32(tmp2);
2862 tcg_temp_free_i32(tmp);
2863 gen_op_iwmmxt_movq_wRn_M0(wrd);
2864 gen_op_iwmmxt_set_mup();
2873 /* Disassemble an XScale DSP instruction. Returns nonzero if an error occurred
2874 (ie. an undefined instruction). */
2875 static int disas_dsp_insn(DisasContext *s, uint32_t insn)
2877 int acc, rd0, rd1, rdhi, rdlo;
2880 if ((insn & 0x0ff00f10) == 0x0e200010) {
2881 /* Multiply with Internal Accumulate Format */
2882 rd0 = (insn >> 12) & 0xf;
2884 acc = (insn >> 5) & 7;
2889 tmp = load_reg(s, rd0);
2890 tmp2 = load_reg(s, rd1);
2891 switch ((insn >> 16) & 0xf) {
2893 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2895 case 0x8: /* MIAPH */
2896 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2898 case 0xc: /* MIABB */
2899 case 0xd: /* MIABT */
2900 case 0xe: /* MIATB */
2901 case 0xf: /* MIATT */
2902 if (insn & (1 << 16))
2903 tcg_gen_shri_i32(tmp, tmp, 16);
2904 if (insn & (1 << 17))
2905 tcg_gen_shri_i32(tmp2, tmp2, 16);
2906 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2911 tcg_temp_free_i32(tmp2);
2912 tcg_temp_free_i32(tmp);
2914 gen_op_iwmmxt_movq_wRn_M0(acc);
2918 if ((insn & 0x0fe00ff8) == 0x0c400000) {
2919 /* Internal Accumulator Access Format */
2920 rdhi = (insn >> 16) & 0xf;
2921 rdlo = (insn >> 12) & 0xf;
2927 if (insn & ARM_CP_RW_BIT) { /* MRA */
2928 iwmmxt_load_reg(cpu_V0, acc);
2929 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
2930 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
2931 tcg_gen_extrl_i64_i32(cpu_R[rdhi], cpu_V0);
2932 tcg_gen_andi_i32(cpu_R[rdhi], cpu_R[rdhi], (1 << (40 - 32)) - 1);
2934 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
2935 iwmmxt_store_reg(cpu_V0, acc);
2943 #define VFP_REG_SHR(x, n) (((n) > 0) ? (x) >> (n) : (x) << -(n))
2944 #define VFP_SREG(insn, bigbit, smallbit) \
2945 ((VFP_REG_SHR(insn, bigbit - 1) & 0x1e) | (((insn) >> (smallbit)) & 1))
2946 #define VFP_DREG(reg, insn, bigbit, smallbit) do { \
2947 if (arm_dc_feature(s, ARM_FEATURE_VFP3)) { \
2948 reg = (((insn) >> (bigbit)) & 0x0f) \
2949 | (((insn) >> ((smallbit) - 4)) & 0x10); \
2951 if (insn & (1 << (smallbit))) \
2953 reg = ((insn) >> (bigbit)) & 0x0f; \
2956 #define VFP_SREG_D(insn) VFP_SREG(insn, 12, 22)
2957 #define VFP_DREG_D(reg, insn) VFP_DREG(reg, insn, 12, 22)
2958 #define VFP_SREG_N(insn) VFP_SREG(insn, 16, 7)
2959 #define VFP_DREG_N(reg, insn) VFP_DREG(reg, insn, 16, 7)
2960 #define VFP_SREG_M(insn) VFP_SREG(insn, 0, 5)
2961 #define VFP_DREG_M(reg, insn) VFP_DREG(reg, insn, 0, 5)
2963 /* Move between integer and VFP cores. */
2964 static TCGv_i32 gen_vfp_mrs(void)
2966 TCGv_i32 tmp = tcg_temp_new_i32();
2967 tcg_gen_mov_i32(tmp, cpu_F0s);
2971 static void gen_vfp_msr(TCGv_i32 tmp)
2973 tcg_gen_mov_i32(cpu_F0s, tmp);
2974 tcg_temp_free_i32(tmp);
2977 static void gen_neon_dup_u8(TCGv_i32 var, int shift)
2979 TCGv_i32 tmp = tcg_temp_new_i32();
2981 tcg_gen_shri_i32(var, var, shift);
2982 tcg_gen_ext8u_i32(var, var);
2983 tcg_gen_shli_i32(tmp, var, 8);
2984 tcg_gen_or_i32(var, var, tmp);
2985 tcg_gen_shli_i32(tmp, var, 16);
2986 tcg_gen_or_i32(var, var, tmp);
2987 tcg_temp_free_i32(tmp);
2990 static void gen_neon_dup_low16(TCGv_i32 var)
2992 TCGv_i32 tmp = tcg_temp_new_i32();
2993 tcg_gen_ext16u_i32(var, var);
2994 tcg_gen_shli_i32(tmp, var, 16);
2995 tcg_gen_or_i32(var, var, tmp);
2996 tcg_temp_free_i32(tmp);
2999 static void gen_neon_dup_high16(TCGv_i32 var)
3001 TCGv_i32 tmp = tcg_temp_new_i32();
3002 tcg_gen_andi_i32(var, var, 0xffff0000);
3003 tcg_gen_shri_i32(tmp, var, 16);
3004 tcg_gen_or_i32(var, var, tmp);
3005 tcg_temp_free_i32(tmp);
3008 static TCGv_i32 gen_load_and_replicate(DisasContext *s, TCGv_i32 addr, int size)
3010 /* Load a single Neon element and replicate into a 32 bit TCG reg */
3011 TCGv_i32 tmp = tcg_temp_new_i32();
3014 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
3015 gen_neon_dup_u8(tmp, 0);
3018 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
3019 gen_neon_dup_low16(tmp);
3022 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
3024 default: /* Avoid compiler warnings. */
3030 static int handle_vsel(uint32_t insn, uint32_t rd, uint32_t rn, uint32_t rm,
3033 uint32_t cc = extract32(insn, 20, 2);
3036 TCGv_i64 frn, frm, dest;
3037 TCGv_i64 tmp, zero, zf, nf, vf;
3039 zero = tcg_const_i64(0);
3041 frn = tcg_temp_new_i64();
3042 frm = tcg_temp_new_i64();
3043 dest = tcg_temp_new_i64();
3045 zf = tcg_temp_new_i64();
3046 nf = tcg_temp_new_i64();
3047 vf = tcg_temp_new_i64();
3049 tcg_gen_extu_i32_i64(zf, cpu_ZF);
3050 tcg_gen_ext_i32_i64(nf, cpu_NF);
3051 tcg_gen_ext_i32_i64(vf, cpu_VF);
3053 tcg_gen_ld_f64(frn, cpu_env, vfp_reg_offset(dp, rn));
3054 tcg_gen_ld_f64(frm, cpu_env, vfp_reg_offset(dp, rm));
3057 tcg_gen_movcond_i64(TCG_COND_EQ, dest, zf, zero,
3061 tcg_gen_movcond_i64(TCG_COND_LT, dest, vf, zero,
3064 case 2: /* ge: N == V -> N ^ V == 0 */
3065 tmp = tcg_temp_new_i64();
3066 tcg_gen_xor_i64(tmp, vf, nf);
3067 tcg_gen_movcond_i64(TCG_COND_GE, dest, tmp, zero,
3069 tcg_temp_free_i64(tmp);
3071 case 3: /* gt: !Z && N == V */
3072 tcg_gen_movcond_i64(TCG_COND_NE, dest, zf, zero,
3074 tmp = tcg_temp_new_i64();
3075 tcg_gen_xor_i64(tmp, vf, nf);
3076 tcg_gen_movcond_i64(TCG_COND_GE, dest, tmp, zero,
3078 tcg_temp_free_i64(tmp);
3081 tcg_gen_st_f64(dest, cpu_env, vfp_reg_offset(dp, rd));
3082 tcg_temp_free_i64(frn);
3083 tcg_temp_free_i64(frm);
3084 tcg_temp_free_i64(dest);
3086 tcg_temp_free_i64(zf);
3087 tcg_temp_free_i64(nf);
3088 tcg_temp_free_i64(vf);
3090 tcg_temp_free_i64(zero);
3092 TCGv_i32 frn, frm, dest;
3095 zero = tcg_const_i32(0);
3097 frn = tcg_temp_new_i32();
3098 frm = tcg_temp_new_i32();
3099 dest = tcg_temp_new_i32();
3100 tcg_gen_ld_f32(frn, cpu_env, vfp_reg_offset(dp, rn));
3101 tcg_gen_ld_f32(frm, cpu_env, vfp_reg_offset(dp, rm));
3104 tcg_gen_movcond_i32(TCG_COND_EQ, dest, cpu_ZF, zero,
3108 tcg_gen_movcond_i32(TCG_COND_LT, dest, cpu_VF, zero,
3111 case 2: /* ge: N == V -> N ^ V == 0 */
3112 tmp = tcg_temp_new_i32();
3113 tcg_gen_xor_i32(tmp, cpu_VF, cpu_NF);
3114 tcg_gen_movcond_i32(TCG_COND_GE, dest, tmp, zero,
3116 tcg_temp_free_i32(tmp);
3118 case 3: /* gt: !Z && N == V */
3119 tcg_gen_movcond_i32(TCG_COND_NE, dest, cpu_ZF, zero,
3121 tmp = tcg_temp_new_i32();
3122 tcg_gen_xor_i32(tmp, cpu_VF, cpu_NF);
3123 tcg_gen_movcond_i32(TCG_COND_GE, dest, tmp, zero,
3125 tcg_temp_free_i32(tmp);
3128 tcg_gen_st_f32(dest, cpu_env, vfp_reg_offset(dp, rd));
3129 tcg_temp_free_i32(frn);
3130 tcg_temp_free_i32(frm);
3131 tcg_temp_free_i32(dest);
3133 tcg_temp_free_i32(zero);
3139 static int handle_vminmaxnm(uint32_t insn, uint32_t rd, uint32_t rn,
3140 uint32_t rm, uint32_t dp)
3142 uint32_t vmin = extract32(insn, 6, 1);
3143 TCGv_ptr fpst = get_fpstatus_ptr(0);
3146 TCGv_i64 frn, frm, dest;
3148 frn = tcg_temp_new_i64();
3149 frm = tcg_temp_new_i64();
3150 dest = tcg_temp_new_i64();
3152 tcg_gen_ld_f64(frn, cpu_env, vfp_reg_offset(dp, rn));
3153 tcg_gen_ld_f64(frm, cpu_env, vfp_reg_offset(dp, rm));
3155 gen_helper_vfp_minnumd(dest, frn, frm, fpst);
3157 gen_helper_vfp_maxnumd(dest, frn, frm, fpst);
3159 tcg_gen_st_f64(dest, cpu_env, vfp_reg_offset(dp, rd));
3160 tcg_temp_free_i64(frn);
3161 tcg_temp_free_i64(frm);
3162 tcg_temp_free_i64(dest);
3164 TCGv_i32 frn, frm, dest;
3166 frn = tcg_temp_new_i32();
3167 frm = tcg_temp_new_i32();
3168 dest = tcg_temp_new_i32();
3170 tcg_gen_ld_f32(frn, cpu_env, vfp_reg_offset(dp, rn));
3171 tcg_gen_ld_f32(frm, cpu_env, vfp_reg_offset(dp, rm));
3173 gen_helper_vfp_minnums(dest, frn, frm, fpst);
3175 gen_helper_vfp_maxnums(dest, frn, frm, fpst);
3177 tcg_gen_st_f32(dest, cpu_env, vfp_reg_offset(dp, rd));
3178 tcg_temp_free_i32(frn);
3179 tcg_temp_free_i32(frm);
3180 tcg_temp_free_i32(dest);
3183 tcg_temp_free_ptr(fpst);
3187 static int handle_vrint(uint32_t insn, uint32_t rd, uint32_t rm, uint32_t dp,
3190 TCGv_ptr fpst = get_fpstatus_ptr(0);
3193 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rounding));
3194 gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
3199 tcg_op = tcg_temp_new_i64();
3200 tcg_res = tcg_temp_new_i64();
3201 tcg_gen_ld_f64(tcg_op, cpu_env, vfp_reg_offset(dp, rm));
3202 gen_helper_rintd(tcg_res, tcg_op, fpst);
3203 tcg_gen_st_f64(tcg_res, cpu_env, vfp_reg_offset(dp, rd));
3204 tcg_temp_free_i64(tcg_op);
3205 tcg_temp_free_i64(tcg_res);
3209 tcg_op = tcg_temp_new_i32();
3210 tcg_res = tcg_temp_new_i32();
3211 tcg_gen_ld_f32(tcg_op, cpu_env, vfp_reg_offset(dp, rm));
3212 gen_helper_rints(tcg_res, tcg_op, fpst);
3213 tcg_gen_st_f32(tcg_res, cpu_env, vfp_reg_offset(dp, rd));
3214 tcg_temp_free_i32(tcg_op);
3215 tcg_temp_free_i32(tcg_res);
3218 gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
3219 tcg_temp_free_i32(tcg_rmode);
3221 tcg_temp_free_ptr(fpst);
3225 static int handle_vcvt(uint32_t insn, uint32_t rd, uint32_t rm, uint32_t dp,
3228 bool is_signed = extract32(insn, 7, 1);
3229 TCGv_ptr fpst = get_fpstatus_ptr(0);
3230 TCGv_i32 tcg_rmode, tcg_shift;
3232 tcg_shift = tcg_const_i32(0);
3234 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rounding));
3235 gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
3238 TCGv_i64 tcg_double, tcg_res;
3240 /* Rd is encoded as a single precision register even when the source
3241 * is double precision.
3243 rd = ((rd << 1) & 0x1e) | ((rd >> 4) & 0x1);
3244 tcg_double = tcg_temp_new_i64();
3245 tcg_res = tcg_temp_new_i64();
3246 tcg_tmp = tcg_temp_new_i32();
3247 tcg_gen_ld_f64(tcg_double, cpu_env, vfp_reg_offset(1, rm));
3249 gen_helper_vfp_tosld(tcg_res, tcg_double, tcg_shift, fpst);
3251 gen_helper_vfp_tould(tcg_res, tcg_double, tcg_shift, fpst);
3253 tcg_gen_extrl_i64_i32(tcg_tmp, tcg_res);
3254 tcg_gen_st_f32(tcg_tmp, cpu_env, vfp_reg_offset(0, rd));
3255 tcg_temp_free_i32(tcg_tmp);
3256 tcg_temp_free_i64(tcg_res);
3257 tcg_temp_free_i64(tcg_double);
3259 TCGv_i32 tcg_single, tcg_res;
3260 tcg_single = tcg_temp_new_i32();
3261 tcg_res = tcg_temp_new_i32();
3262 tcg_gen_ld_f32(tcg_single, cpu_env, vfp_reg_offset(0, rm));
3264 gen_helper_vfp_tosls(tcg_res, tcg_single, tcg_shift, fpst);
3266 gen_helper_vfp_touls(tcg_res, tcg_single, tcg_shift, fpst);
3268 tcg_gen_st_f32(tcg_res, cpu_env, vfp_reg_offset(0, rd));
3269 tcg_temp_free_i32(tcg_res);
3270 tcg_temp_free_i32(tcg_single);
3273 gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
3274 tcg_temp_free_i32(tcg_rmode);
3276 tcg_temp_free_i32(tcg_shift);
3278 tcg_temp_free_ptr(fpst);
3283 /* Table for converting the most common AArch32 encoding of
3284 * rounding mode to arm_fprounding order (which matches the
3285 * common AArch64 order); see ARM ARM pseudocode FPDecodeRM().
3287 static const uint8_t fp_decode_rm[] = {
3294 static int disas_vfp_v8_insn(DisasContext *s, uint32_t insn)
3296 uint32_t rd, rn, rm, dp = extract32(insn, 8, 1);
3298 if (!arm_dc_feature(s, ARM_FEATURE_V8)) {
3303 VFP_DREG_D(rd, insn);
3304 VFP_DREG_N(rn, insn);
3305 VFP_DREG_M(rm, insn);
3307 rd = VFP_SREG_D(insn);
3308 rn = VFP_SREG_N(insn);
3309 rm = VFP_SREG_M(insn);
3312 if ((insn & 0x0f800e50) == 0x0e000a00) {
3313 return handle_vsel(insn, rd, rn, rm, dp);
3314 } else if ((insn & 0x0fb00e10) == 0x0e800a00) {
3315 return handle_vminmaxnm(insn, rd, rn, rm, dp);
3316 } else if ((insn & 0x0fbc0ed0) == 0x0eb80a40) {
3317 /* VRINTA, VRINTN, VRINTP, VRINTM */
3318 int rounding = fp_decode_rm[extract32(insn, 16, 2)];
3319 return handle_vrint(insn, rd, rm, dp, rounding);
3320 } else if ((insn & 0x0fbc0e50) == 0x0ebc0a40) {
3321 /* VCVTA, VCVTN, VCVTP, VCVTM */
3322 int rounding = fp_decode_rm[extract32(insn, 16, 2)];
3323 return handle_vcvt(insn, rd, rm, dp, rounding);
3328 /* Disassemble a VFP instruction. Returns nonzero if an error occurred
3329 (ie. an undefined instruction). */
3330 static int disas_vfp_insn(DisasContext *s, uint32_t insn)
3332 uint32_t rd, rn, rm, op, i, n, offset, delta_d, delta_m, bank_mask;
3338 if (!arm_dc_feature(s, ARM_FEATURE_VFP)) {
3342 /* FIXME: this access check should not take precedence over UNDEF
3343 * for invalid encodings; we will generate incorrect syndrome information
3344 * for attempts to execute invalid vfp/neon encodings with FP disabled.
3346 if (s->fp_excp_el) {
3347 gen_exception_insn(s, 4, EXCP_UDEF,
3348 syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
3352 if (!s->vfp_enabled) {
3353 /* VFP disabled. Only allow fmxr/fmrx to/from some control regs. */
3354 if ((insn & 0x0fe00fff) != 0x0ee00a10)
3356 rn = (insn >> 16) & 0xf;
3357 if (rn != ARM_VFP_FPSID && rn != ARM_VFP_FPEXC && rn != ARM_VFP_MVFR2
3358 && rn != ARM_VFP_MVFR1 && rn != ARM_VFP_MVFR0) {
3363 if (extract32(insn, 28, 4) == 0xf) {
3364 /* Encodings with T=1 (Thumb) or unconditional (ARM):
3365 * only used in v8 and above.
3367 return disas_vfp_v8_insn(s, insn);
3370 dp = ((insn & 0xf00) == 0xb00);
3371 switch ((insn >> 24) & 0xf) {
3373 if (insn & (1 << 4)) {
3374 /* single register transfer */
3375 rd = (insn >> 12) & 0xf;
3380 VFP_DREG_N(rn, insn);
3383 if (insn & 0x00c00060
3384 && !arm_dc_feature(s, ARM_FEATURE_NEON)) {
3388 pass = (insn >> 21) & 1;
3389 if (insn & (1 << 22)) {
3391 offset = ((insn >> 5) & 3) * 8;
3392 } else if (insn & (1 << 5)) {
3394 offset = (insn & (1 << 6)) ? 16 : 0;
3399 if (insn & ARM_CP_RW_BIT) {
3401 tmp = neon_load_reg(rn, pass);
3405 tcg_gen_shri_i32(tmp, tmp, offset);
3406 if (insn & (1 << 23))
3412 if (insn & (1 << 23)) {
3414 tcg_gen_shri_i32(tmp, tmp, 16);
3420 tcg_gen_sari_i32(tmp, tmp, 16);
3429 store_reg(s, rd, tmp);
3432 tmp = load_reg(s, rd);
3433 if (insn & (1 << 23)) {
3436 gen_neon_dup_u8(tmp, 0);
3437 } else if (size == 1) {
3438 gen_neon_dup_low16(tmp);
3440 for (n = 0; n <= pass * 2; n++) {
3441 tmp2 = tcg_temp_new_i32();
3442 tcg_gen_mov_i32(tmp2, tmp);
3443 neon_store_reg(rn, n, tmp2);
3445 neon_store_reg(rn, n, tmp);
3450 tmp2 = neon_load_reg(rn, pass);
3451 tcg_gen_deposit_i32(tmp, tmp2, tmp, offset, 8);
3452 tcg_temp_free_i32(tmp2);
3455 tmp2 = neon_load_reg(rn, pass);
3456 tcg_gen_deposit_i32(tmp, tmp2, tmp, offset, 16);
3457 tcg_temp_free_i32(tmp2);
3462 neon_store_reg(rn, pass, tmp);
3466 if ((insn & 0x6f) != 0x00)
3468 rn = VFP_SREG_N(insn);
3469 if (insn & ARM_CP_RW_BIT) {
3471 if (insn & (1 << 21)) {
3472 /* system register */
3477 /* VFP2 allows access to FSID from userspace.
3478 VFP3 restricts all id registers to privileged
3481 && arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3484 tmp = load_cpu_field(vfp.xregs[rn]);
3489 tmp = load_cpu_field(vfp.xregs[rn]);
3491 case ARM_VFP_FPINST:
3492 case ARM_VFP_FPINST2:
3493 /* Not present in VFP3. */
3495 || arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3498 tmp = load_cpu_field(vfp.xregs[rn]);
3502 tmp = load_cpu_field(vfp.xregs[ARM_VFP_FPSCR]);
3503 tcg_gen_andi_i32(tmp, tmp, 0xf0000000);
3505 tmp = tcg_temp_new_i32();
3506 gen_helper_vfp_get_fpscr(tmp, cpu_env);
3510 if (!arm_dc_feature(s, ARM_FEATURE_V8)) {
3517 || !arm_dc_feature(s, ARM_FEATURE_MVFR)) {
3520 tmp = load_cpu_field(vfp.xregs[rn]);
3526 gen_mov_F0_vreg(0, rn);
3527 tmp = gen_vfp_mrs();
3530 /* Set the 4 flag bits in the CPSR. */
3532 tcg_temp_free_i32(tmp);
3534 store_reg(s, rd, tmp);
3538 if (insn & (1 << 21)) {
3540 /* system register */
3545 /* Writes are ignored. */
3548 tmp = load_reg(s, rd);
3549 gen_helper_vfp_set_fpscr(cpu_env, tmp);
3550 tcg_temp_free_i32(tmp);
3556 /* TODO: VFP subarchitecture support.
3557 * For now, keep the EN bit only */
3558 tmp = load_reg(s, rd);
3559 tcg_gen_andi_i32(tmp, tmp, 1 << 30);
3560 store_cpu_field(tmp, vfp.xregs[rn]);
3563 case ARM_VFP_FPINST:
3564 case ARM_VFP_FPINST2:
3568 tmp = load_reg(s, rd);
3569 store_cpu_field(tmp, vfp.xregs[rn]);
3575 tmp = load_reg(s, rd);
3577 gen_mov_vreg_F0(0, rn);
3582 /* data processing */
3583 /* The opcode is in bits 23, 21, 20 and 6. */
3584 op = ((insn >> 20) & 8) | ((insn >> 19) & 6) | ((insn >> 6) & 1);
3588 rn = ((insn >> 15) & 0x1e) | ((insn >> 7) & 1);
3590 /* rn is register number */
3591 VFP_DREG_N(rn, insn);
3594 if (op == 15 && (rn == 15 || ((rn & 0x1c) == 0x18) ||
3595 ((rn & 0x1e) == 0x6))) {
3596 /* Integer or single/half precision destination. */
3597 rd = VFP_SREG_D(insn);
3599 VFP_DREG_D(rd, insn);
3602 (((rn & 0x1c) == 0x10) || ((rn & 0x14) == 0x14) ||
3603 ((rn & 0x1e) == 0x4))) {
3604 /* VCVT from int or half precision is always from S reg
3605 * regardless of dp bit. VCVT with immediate frac_bits
3606 * has same format as SREG_M.
3608 rm = VFP_SREG_M(insn);
3610 VFP_DREG_M(rm, insn);
3613 rn = VFP_SREG_N(insn);
3614 if (op == 15 && rn == 15) {
3615 /* Double precision destination. */
3616 VFP_DREG_D(rd, insn);
3618 rd = VFP_SREG_D(insn);
3620 /* NB that we implicitly rely on the encoding for the frac_bits
3621 * in VCVT of fixed to float being the same as that of an SREG_M
3623 rm = VFP_SREG_M(insn);
3626 veclen = s->vec_len;
3627 if (op == 15 && rn > 3)
3630 /* Shut up compiler warnings. */
3641 /* Figure out what type of vector operation this is. */
3642 if ((rd & bank_mask) == 0) {
3647 delta_d = (s->vec_stride >> 1) + 1;
3649 delta_d = s->vec_stride + 1;
3651 if ((rm & bank_mask) == 0) {
3652 /* mixed scalar/vector */
3661 /* Load the initial operands. */
3666 /* Integer source */
3667 gen_mov_F0_vreg(0, rm);
3672 gen_mov_F0_vreg(dp, rd);
3673 gen_mov_F1_vreg(dp, rm);
3677 /* Compare with zero */
3678 gen_mov_F0_vreg(dp, rd);
3689 /* Source and destination the same. */
3690 gen_mov_F0_vreg(dp, rd);
3696 /* VCVTB, VCVTT: only present with the halfprec extension
3697 * UNPREDICTABLE if bit 8 is set prior to ARMv8
3698 * (we choose to UNDEF)
3700 if ((dp && !arm_dc_feature(s, ARM_FEATURE_V8)) ||
3701 !arm_dc_feature(s, ARM_FEATURE_VFP_FP16)) {
3704 if (!extract32(rn, 1, 1)) {
3705 /* Half precision source. */
3706 gen_mov_F0_vreg(0, rm);
3709 /* Otherwise fall through */
3711 /* One source operand. */
3712 gen_mov_F0_vreg(dp, rm);
3716 /* Two source operands. */
3717 gen_mov_F0_vreg(dp, rn);
3718 gen_mov_F1_vreg(dp, rm);
3722 /* Perform the calculation. */
3724 case 0: /* VMLA: fd + (fn * fm) */
3725 /* Note that order of inputs to the add matters for NaNs */
3727 gen_mov_F0_vreg(dp, rd);
3730 case 1: /* VMLS: fd + -(fn * fm) */
3733 gen_mov_F0_vreg(dp, rd);
3736 case 2: /* VNMLS: -fd + (fn * fm) */
3737 /* Note that it isn't valid to replace (-A + B) with (B - A)
3738 * or similar plausible looking simplifications
3739 * because this will give wrong results for NaNs.
3742 gen_mov_F0_vreg(dp, rd);
3746 case 3: /* VNMLA: -fd + -(fn * fm) */
3749 gen_mov_F0_vreg(dp, rd);
3753 case 4: /* mul: fn * fm */
3756 case 5: /* nmul: -(fn * fm) */
3760 case 6: /* add: fn + fm */
3763 case 7: /* sub: fn - fm */
3766 case 8: /* div: fn / fm */
3769 case 10: /* VFNMA : fd = muladd(-fd, fn, fm) */
3770 case 11: /* VFNMS : fd = muladd(-fd, -fn, fm) */
3771 case 12: /* VFMA : fd = muladd( fd, fn, fm) */
3772 case 13: /* VFMS : fd = muladd( fd, -fn, fm) */
3773 /* These are fused multiply-add, and must be done as one
3774 * floating point operation with no rounding between the
3775 * multiplication and addition steps.
3776 * NB that doing the negations here as separate steps is
3777 * correct : an input NaN should come out with its sign bit
3778 * flipped if it is a negated-input.
3780 if (!arm_dc_feature(s, ARM_FEATURE_VFP4)) {
3788 gen_helper_vfp_negd(cpu_F0d, cpu_F0d);
3790 frd = tcg_temp_new_i64();
3791 tcg_gen_ld_f64(frd, cpu_env, vfp_reg_offset(dp, rd));
3794 gen_helper_vfp_negd(frd, frd);
3796 fpst = get_fpstatus_ptr(0);
3797 gen_helper_vfp_muladdd(cpu_F0d, cpu_F0d,
3798 cpu_F1d, frd, fpst);
3799 tcg_temp_free_ptr(fpst);
3800 tcg_temp_free_i64(frd);
3806 gen_helper_vfp_negs(cpu_F0s, cpu_F0s);
3808 frd = tcg_temp_new_i32();
3809 tcg_gen_ld_f32(frd, cpu_env, vfp_reg_offset(dp, rd));
3811 gen_helper_vfp_negs(frd, frd);
3813 fpst = get_fpstatus_ptr(0);
3814 gen_helper_vfp_muladds(cpu_F0s, cpu_F0s,
3815 cpu_F1s, frd, fpst);
3816 tcg_temp_free_ptr(fpst);
3817 tcg_temp_free_i32(frd);
3820 case 14: /* fconst */
3821 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3825 n = (insn << 12) & 0x80000000;
3826 i = ((insn >> 12) & 0x70) | (insn & 0xf);
3833 tcg_gen_movi_i64(cpu_F0d, ((uint64_t)n) << 32);
3840 tcg_gen_movi_i32(cpu_F0s, n);
3843 case 15: /* extension space */
3857 case 4: /* vcvtb.f32.f16, vcvtb.f64.f16 */
3859 TCGv_ptr fpst = get_fpstatus_ptr(false);
3860 TCGv_i32 ahp_mode = get_ahp_flag();
3861 tmp = gen_vfp_mrs();
3862 tcg_gen_ext16u_i32(tmp, tmp);
3864 gen_helper_vfp_fcvt_f16_to_f64(cpu_F0d, tmp,
3867 gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp,
3870 tcg_temp_free_i32(ahp_mode);
3871 tcg_temp_free_ptr(fpst);
3872 tcg_temp_free_i32(tmp);
3875 case 5: /* vcvtt.f32.f16, vcvtt.f64.f16 */
3877 TCGv_ptr fpst = get_fpstatus_ptr(false);
3878 TCGv_i32 ahp = get_ahp_flag();
3879 tmp = gen_vfp_mrs();
3880 tcg_gen_shri_i32(tmp, tmp, 16);
3882 gen_helper_vfp_fcvt_f16_to_f64(cpu_F0d, tmp,
3885 gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp,
3888 tcg_temp_free_i32(tmp);
3889 tcg_temp_free_i32(ahp);
3890 tcg_temp_free_ptr(fpst);
3893 case 6: /* vcvtb.f16.f32, vcvtb.f16.f64 */
3895 TCGv_ptr fpst = get_fpstatus_ptr(false);
3896 TCGv_i32 ahp = get_ahp_flag();
3897 tmp = tcg_temp_new_i32();
3900 gen_helper_vfp_fcvt_f64_to_f16(tmp, cpu_F0d,
3903 gen_helper_vfp_fcvt_f32_to_f16(tmp, cpu_F0s,
3906 tcg_temp_free_i32(ahp);
3907 tcg_temp_free_ptr(fpst);
3908 gen_mov_F0_vreg(0, rd);
3909 tmp2 = gen_vfp_mrs();
3910 tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
3911 tcg_gen_or_i32(tmp, tmp, tmp2);
3912 tcg_temp_free_i32(tmp2);
3916 case 7: /* vcvtt.f16.f32, vcvtt.f16.f64 */
3918 TCGv_ptr fpst = get_fpstatus_ptr(false);
3919 TCGv_i32 ahp = get_ahp_flag();
3920 tmp = tcg_temp_new_i32();
3922 gen_helper_vfp_fcvt_f64_to_f16(tmp, cpu_F0d,
3925 gen_helper_vfp_fcvt_f32_to_f16(tmp, cpu_F0s,
3928 tcg_temp_free_i32(ahp);
3929 tcg_temp_free_ptr(fpst);
3930 tcg_gen_shli_i32(tmp, tmp, 16);
3931 gen_mov_F0_vreg(0, rd);
3932 tmp2 = gen_vfp_mrs();
3933 tcg_gen_ext16u_i32(tmp2, tmp2);
3934 tcg_gen_or_i32(tmp, tmp, tmp2);
3935 tcg_temp_free_i32(tmp2);
3948 case 11: /* cmpez */
3952 case 12: /* vrintr */
3954 TCGv_ptr fpst = get_fpstatus_ptr(0);
3956 gen_helper_rintd(cpu_F0d, cpu_F0d, fpst);
3958 gen_helper_rints(cpu_F0s, cpu_F0s, fpst);
3960 tcg_temp_free_ptr(fpst);
3963 case 13: /* vrintz */
3965 TCGv_ptr fpst = get_fpstatus_ptr(0);
3967 tcg_rmode = tcg_const_i32(float_round_to_zero);
3968 gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
3970 gen_helper_rintd(cpu_F0d, cpu_F0d, fpst);
3972 gen_helper_rints(cpu_F0s, cpu_F0s, fpst);
3974 gen_helper_set_rmode(tcg_rmode, tcg_rmode, fpst);
3975 tcg_temp_free_i32(tcg_rmode);
3976 tcg_temp_free_ptr(fpst);
3979 case 14: /* vrintx */
3981 TCGv_ptr fpst = get_fpstatus_ptr(0);
3983 gen_helper_rintd_exact(cpu_F0d, cpu_F0d, fpst);
3985 gen_helper_rints_exact(cpu_F0s, cpu_F0s, fpst);
3987 tcg_temp_free_ptr(fpst);
3990 case 15: /* single<->double conversion */
3992 gen_helper_vfp_fcvtsd(cpu_F0s, cpu_F0d, cpu_env);
3994 gen_helper_vfp_fcvtds(cpu_F0d, cpu_F0s, cpu_env);
3996 case 16: /* fuito */
3997 gen_vfp_uito(dp, 0);
3999 case 17: /* fsito */
4000 gen_vfp_sito(dp, 0);
4002 case 20: /* fshto */
4003 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
4006 gen_vfp_shto(dp, 16 - rm, 0);
4008 case 21: /* fslto */
4009 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
4012 gen_vfp_slto(dp, 32 - rm, 0);
4014 case 22: /* fuhto */
4015 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
4018 gen_vfp_uhto(dp, 16 - rm, 0);
4020 case 23: /* fulto */
4021 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
4024 gen_vfp_ulto(dp, 32 - rm, 0);
4026 case 24: /* ftoui */
4027 gen_vfp_toui(dp, 0);
4029 case 25: /* ftouiz */
4030 gen_vfp_touiz(dp, 0);
4032 case 26: /* ftosi */
4033 gen_vfp_tosi(dp, 0);
4035 case 27: /* ftosiz */
4036 gen_vfp_tosiz(dp, 0);
4038 case 28: /* ftosh */
4039 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
4042 gen_vfp_tosh(dp, 16 - rm, 0);
4044 case 29: /* ftosl */
4045 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
4048 gen_vfp_tosl(dp, 32 - rm, 0);
4050 case 30: /* ftouh */
4051 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
4054 gen_vfp_touh(dp, 16 - rm, 0);
4056 case 31: /* ftoul */
4057 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
4060 gen_vfp_toul(dp, 32 - rm, 0);
4062 default: /* undefined */
4066 default: /* undefined */
4070 /* Write back the result. */
4071 if (op == 15 && (rn >= 8 && rn <= 11)) {
4072 /* Comparison, do nothing. */
4073 } else if (op == 15 && dp && ((rn & 0x1c) == 0x18 ||
4074 (rn & 0x1e) == 0x6)) {
4075 /* VCVT double to int: always integer result.
4076 * VCVT double to half precision is always a single
4079 gen_mov_vreg_F0(0, rd);
4080 } else if (op == 15 && rn == 15) {
4082 gen_mov_vreg_F0(!dp, rd);
4084 gen_mov_vreg_F0(dp, rd);
4087 /* break out of the loop if we have finished */
4091 if (op == 15 && delta_m == 0) {
4092 /* single source one-many */
4094 rd = ((rd + delta_d) & (bank_mask - 1))
4096 gen_mov_vreg_F0(dp, rd);
4100 /* Setup the next operands. */
4102 rd = ((rd + delta_d) & (bank_mask - 1))
4106 /* One source operand. */
4107 rm = ((rm + delta_m) & (bank_mask - 1))
4109 gen_mov_F0_vreg(dp, rm);
4111 /* Two source operands. */
4112 rn = ((rn + delta_d) & (bank_mask - 1))
4114 gen_mov_F0_vreg(dp, rn);
4116 rm = ((rm + delta_m) & (bank_mask - 1))
4118 gen_mov_F1_vreg(dp, rm);
4126 if ((insn & 0x03e00000) == 0x00400000) {
4127 /* two-register transfer */
4128 rn = (insn >> 16) & 0xf;
4129 rd = (insn >> 12) & 0xf;
4131 VFP_DREG_M(rm, insn);
4133 rm = VFP_SREG_M(insn);
4136 if (insn & ARM_CP_RW_BIT) {
4139 gen_mov_F0_vreg(0, rm * 2);
4140 tmp = gen_vfp_mrs();
4141 store_reg(s, rd, tmp);
4142 gen_mov_F0_vreg(0, rm * 2 + 1);
4143 tmp = gen_vfp_mrs();
4144 store_reg(s, rn, tmp);
4146 gen_mov_F0_vreg(0, rm);
4147 tmp = gen_vfp_mrs();
4148 store_reg(s, rd, tmp);
4149 gen_mov_F0_vreg(0, rm + 1);
4150 tmp = gen_vfp_mrs();
4151 store_reg(s, rn, tmp);
4156 tmp = load_reg(s, rd);
4158 gen_mov_vreg_F0(0, rm * 2);
4159 tmp = load_reg(s, rn);
4161 gen_mov_vreg_F0(0, rm * 2 + 1);
4163 tmp = load_reg(s, rd);
4165 gen_mov_vreg_F0(0, rm);
4166 tmp = load_reg(s, rn);
4168 gen_mov_vreg_F0(0, rm + 1);
4173 rn = (insn >> 16) & 0xf;
4175 VFP_DREG_D(rd, insn);
4177 rd = VFP_SREG_D(insn);
4178 if ((insn & 0x01200000) == 0x01000000) {
4179 /* Single load/store */
4180 offset = (insn & 0xff) << 2;
4181 if ((insn & (1 << 23)) == 0)
4183 if (s->thumb && rn == 15) {
4184 /* This is actually UNPREDICTABLE */
4185 addr = tcg_temp_new_i32();
4186 tcg_gen_movi_i32(addr, s->pc & ~2);
4188 addr = load_reg(s, rn);
4190 tcg_gen_addi_i32(addr, addr, offset);
4191 if (insn & (1 << 20)) {
4192 gen_vfp_ld(s, dp, addr);
4193 gen_mov_vreg_F0(dp, rd);
4195 gen_mov_F0_vreg(dp, rd);
4196 gen_vfp_st(s, dp, addr);
4198 tcg_temp_free_i32(addr);
4200 /* load/store multiple */
4201 int w = insn & (1 << 21);
4203 n = (insn >> 1) & 0x7f;
4207 if (w && !(((insn >> 23) ^ (insn >> 24)) & 1)) {
4208 /* P == U , W == 1 => UNDEF */
4211 if (n == 0 || (rd + n) > 32 || (dp && n > 16)) {
4212 /* UNPREDICTABLE cases for bad immediates: we choose to
4213 * UNDEF to avoid generating huge numbers of TCG ops
4217 if (rn == 15 && w) {
4218 /* writeback to PC is UNPREDICTABLE, we choose to UNDEF */
4222 if (s->thumb && rn == 15) {
4223 /* This is actually UNPREDICTABLE */
4224 addr = tcg_temp_new_i32();
4225 tcg_gen_movi_i32(addr, s->pc & ~2);
4227 addr = load_reg(s, rn);
4229 if (insn & (1 << 24)) /* pre-decrement */
4230 tcg_gen_addi_i32(addr, addr, -((insn & 0xff) << 2));
4236 for (i = 0; i < n; i++) {
4237 if (insn & ARM_CP_RW_BIT) {
4239 gen_vfp_ld(s, dp, addr);
4240 gen_mov_vreg_F0(dp, rd + i);
4243 gen_mov_F0_vreg(dp, rd + i);
4244 gen_vfp_st(s, dp, addr);
4246 tcg_gen_addi_i32(addr, addr, offset);
4250 if (insn & (1 << 24))
4251 offset = -offset * n;
4252 else if (dp && (insn & 1))
4258 tcg_gen_addi_i32(addr, addr, offset);
4259 store_reg(s, rn, addr);
4261 tcg_temp_free_i32(addr);
4267 /* Should never happen. */
4273 static inline bool use_goto_tb(DisasContext *s, target_ulong dest)
4275 #ifndef CONFIG_USER_ONLY
4276 return (s->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
4277 ((s->pc - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
4283 static void gen_goto_ptr(void)
4285 tcg_gen_lookup_and_goto_ptr();
4288 /* This will end the TB but doesn't guarantee we'll return to
4289 * cpu_loop_exec. Any live exit_requests will be processed as we
4290 * enter the next TB.
4292 static void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
4294 if (use_goto_tb(s, dest)) {
4296 gen_set_pc_im(s, dest);
4297 tcg_gen_exit_tb(s->base.tb, n);
4299 gen_set_pc_im(s, dest);
4302 s->base.is_jmp = DISAS_NORETURN;
4305 static inline void gen_jmp (DisasContext *s, uint32_t dest)
4307 if (unlikely(is_singlestepping(s))) {
4308 /* An indirect jump so that we still trigger the debug exception. */
4313 gen_goto_tb(s, 0, dest);
4317 static inline void gen_mulxy(TCGv_i32 t0, TCGv_i32 t1, int x, int y)
4320 tcg_gen_sari_i32(t0, t0, 16);
4324 tcg_gen_sari_i32(t1, t1, 16);
4327 tcg_gen_mul_i32(t0, t0, t1);
4330 /* Return the mask of PSR bits set by a MSR instruction. */
4331 static uint32_t msr_mask(DisasContext *s, int flags, int spsr)
4336 if (flags & (1 << 0))
4338 if (flags & (1 << 1))
4340 if (flags & (1 << 2))
4342 if (flags & (1 << 3))
4345 /* Mask out undefined bits. */
4346 mask &= ~CPSR_RESERVED;
4347 if (!arm_dc_feature(s, ARM_FEATURE_V4T)) {
4350 if (!arm_dc_feature(s, ARM_FEATURE_V5)) {
4351 mask &= ~CPSR_Q; /* V5TE in reality*/
4353 if (!arm_dc_feature(s, ARM_FEATURE_V6)) {
4354 mask &= ~(CPSR_E | CPSR_GE);
4356 if (!arm_dc_feature(s, ARM_FEATURE_THUMB2)) {
4359 /* Mask out execution state and reserved bits. */
4361 mask &= ~(CPSR_EXEC | CPSR_RESERVED);
4363 /* Mask out privileged bits. */
4369 /* Returns nonzero if access to the PSR is not permitted. Marks t0 as dead. */
4370 static int gen_set_psr(DisasContext *s, uint32_t mask, int spsr, TCGv_i32 t0)
4374 /* ??? This is also undefined in system mode. */
4378 tmp = load_cpu_field(spsr);
4379 tcg_gen_andi_i32(tmp, tmp, ~mask);
4380 tcg_gen_andi_i32(t0, t0, mask);
4381 tcg_gen_or_i32(tmp, tmp, t0);
4382 store_cpu_field(tmp, spsr);
4384 gen_set_cpsr(t0, mask);
4386 tcg_temp_free_i32(t0);
4391 /* Returns nonzero if access to the PSR is not permitted. */
4392 static int gen_set_psr_im(DisasContext *s, uint32_t mask, int spsr, uint32_t val)
4395 tmp = tcg_temp_new_i32();
4396 tcg_gen_movi_i32(tmp, val);
4397 return gen_set_psr(s, mask, spsr, tmp);
4400 static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
4401 int *tgtmode, int *regno)
4403 /* Decode the r and sysm fields of MSR/MRS banked accesses into
4404 * the target mode and register number, and identify the various
4405 * unpredictable cases.
4406 * MSR (banked) and MRS (banked) are CONSTRAINED UNPREDICTABLE if:
4407 * + executed in user mode
4408 * + using R15 as the src/dest register
4409 * + accessing an unimplemented register
4410 * + accessing a register that's inaccessible at current PL/security state*
4411 * + accessing a register that you could access with a different insn
4412 * We choose to UNDEF in all these cases.
4413 * Since we don't know which of the various AArch32 modes we are in
4414 * we have to defer some checks to runtime.
4415 * Accesses to Monitor mode registers from Secure EL1 (which implies
4416 * that EL3 is AArch64) must trap to EL3.
4418 * If the access checks fail this function will emit code to take
4419 * an exception and return false. Otherwise it will return true,
4420 * and set *tgtmode and *regno appropriately.
4422 int exc_target = default_exception_el(s);
4424 /* These instructions are present only in ARMv8, or in ARMv7 with the
4425 * Virtualization Extensions.
4427 if (!arm_dc_feature(s, ARM_FEATURE_V8) &&
4428 !arm_dc_feature(s, ARM_FEATURE_EL2)) {
4432 if (IS_USER(s) || rn == 15) {
4436 /* The table in the v8 ARM ARM section F5.2.3 describes the encoding
4437 * of registers into (r, sysm).
4440 /* SPSRs for other modes */
4442 case 0xe: /* SPSR_fiq */
4443 *tgtmode = ARM_CPU_MODE_FIQ;
4445 case 0x10: /* SPSR_irq */
4446 *tgtmode = ARM_CPU_MODE_IRQ;
4448 case 0x12: /* SPSR_svc */
4449 *tgtmode = ARM_CPU_MODE_SVC;
4451 case 0x14: /* SPSR_abt */
4452 *tgtmode = ARM_CPU_MODE_ABT;
4454 case 0x16: /* SPSR_und */
4455 *tgtmode = ARM_CPU_MODE_UND;
4457 case 0x1c: /* SPSR_mon */
4458 *tgtmode = ARM_CPU_MODE_MON;
4460 case 0x1e: /* SPSR_hyp */
4461 *tgtmode = ARM_CPU_MODE_HYP;
4463 default: /* unallocated */
4466 /* We arbitrarily assign SPSR a register number of 16. */
4469 /* general purpose registers for other modes */
4471 case 0x0 ... 0x6: /* 0b00xxx : r8_usr ... r14_usr */
4472 *tgtmode = ARM_CPU_MODE_USR;
4475 case 0x8 ... 0xe: /* 0b01xxx : r8_fiq ... r14_fiq */
4476 *tgtmode = ARM_CPU_MODE_FIQ;
4479 case 0x10 ... 0x11: /* 0b1000x : r14_irq, r13_irq */
4480 *tgtmode = ARM_CPU_MODE_IRQ;
4481 *regno = sysm & 1 ? 13 : 14;
4483 case 0x12 ... 0x13: /* 0b1001x : r14_svc, r13_svc */
4484 *tgtmode = ARM_CPU_MODE_SVC;
4485 *regno = sysm & 1 ? 13 : 14;
4487 case 0x14 ... 0x15: /* 0b1010x : r14_abt, r13_abt */
4488 *tgtmode = ARM_CPU_MODE_ABT;
4489 *regno = sysm & 1 ? 13 : 14;
4491 case 0x16 ... 0x17: /* 0b1011x : r14_und, r13_und */
4492 *tgtmode = ARM_CPU_MODE_UND;
4493 *regno = sysm & 1 ? 13 : 14;
4495 case 0x1c ... 0x1d: /* 0b1110x : r14_mon, r13_mon */
4496 *tgtmode = ARM_CPU_MODE_MON;
4497 *regno = sysm & 1 ? 13 : 14;
4499 case 0x1e ... 0x1f: /* 0b1111x : elr_hyp, r13_hyp */
4500 *tgtmode = ARM_CPU_MODE_HYP;
4501 /* Arbitrarily pick 17 for ELR_Hyp (which is not a banked LR!) */
4502 *regno = sysm & 1 ? 13 : 17;
4504 default: /* unallocated */
4509 /* Catch the 'accessing inaccessible register' cases we can detect
4510 * at translate time.
4513 case ARM_CPU_MODE_MON:
4514 if (!arm_dc_feature(s, ARM_FEATURE_EL3) || s->ns) {
4517 if (s->current_el == 1) {
4518 /* If we're in Secure EL1 (which implies that EL3 is AArch64)
4519 * then accesses to Mon registers trap to EL3
4525 case ARM_CPU_MODE_HYP:
4527 * SPSR_hyp and r13_hyp can only be accessed from Monitor mode
4528 * (and so we can forbid accesses from EL2 or below). elr_hyp
4529 * can be accessed also from Hyp mode, so forbid accesses from
4532 if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 2 ||
4533 (s->current_el < 3 && *regno != 17)) {
4544 /* If we get here then some access check did not pass */
4545 gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(), exc_target);
4549 static void gen_msr_banked(DisasContext *s, int r, int sysm, int rn)
4551 TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
4552 int tgtmode = 0, regno = 0;
4554 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, ®no)) {
4558 /* Sync state because msr_banked() can raise exceptions */
4559 gen_set_condexec(s);
4560 gen_set_pc_im(s, s->pc - 4);
4561 tcg_reg = load_reg(s, rn);
4562 tcg_tgtmode = tcg_const_i32(tgtmode);
4563 tcg_regno = tcg_const_i32(regno);
4564 gen_helper_msr_banked(cpu_env, tcg_reg, tcg_tgtmode, tcg_regno);
4565 tcg_temp_free_i32(tcg_tgtmode);
4566 tcg_temp_free_i32(tcg_regno);
4567 tcg_temp_free_i32(tcg_reg);
4568 s->base.is_jmp = DISAS_UPDATE;
4571 static void gen_mrs_banked(DisasContext *s, int r, int sysm, int rn)
4573 TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
4574 int tgtmode = 0, regno = 0;
4576 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, ®no)) {
4580 /* Sync state because mrs_banked() can raise exceptions */
4581 gen_set_condexec(s);
4582 gen_set_pc_im(s, s->pc - 4);
4583 tcg_reg = tcg_temp_new_i32();
4584 tcg_tgtmode = tcg_const_i32(tgtmode);
4585 tcg_regno = tcg_const_i32(regno);
4586 gen_helper_mrs_banked(tcg_reg, cpu_env, tcg_tgtmode, tcg_regno);
4587 tcg_temp_free_i32(tcg_tgtmode);
4588 tcg_temp_free_i32(tcg_regno);
4589 store_reg(s, rn, tcg_reg);
4590 s->base.is_jmp = DISAS_UPDATE;
4593 /* Store value to PC as for an exception return (ie don't
4594 * mask bits). The subsequent call to gen_helper_cpsr_write_eret()
4595 * will do the masking based on the new value of the Thumb bit.
4597 static void store_pc_exc_ret(DisasContext *s, TCGv_i32 pc)
4599 tcg_gen_mov_i32(cpu_R[15], pc);
4600 tcg_temp_free_i32(pc);
4603 /* Generate a v6 exception return. Marks both values as dead. */
4604 static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr)
4606 store_pc_exc_ret(s, pc);
4607 /* The cpsr_write_eret helper will mask the low bits of PC
4608 * appropriately depending on the new Thumb bit, so it must
4609 * be called after storing the new PC.
4611 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
4614 gen_helper_cpsr_write_eret(cpu_env, cpsr);
4615 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
4618 tcg_temp_free_i32(cpsr);
4619 /* Must exit loop to check un-masked IRQs */
4620 s->base.is_jmp = DISAS_EXIT;
4623 /* Generate an old-style exception return. Marks pc as dead. */
4624 static void gen_exception_return(DisasContext *s, TCGv_i32 pc)
4626 gen_rfe(s, pc, load_cpu_field(spsr));
4630 * For WFI we will halt the vCPU until an IRQ. For WFE and YIELD we
4631 * only call the helper when running single threaded TCG code to ensure
4632 * the next round-robin scheduled vCPU gets a crack. In MTTCG mode we
4633 * just skip this instruction. Currently the SEV/SEVL instructions
4634 * which are *one* of many ways to wake the CPU from WFE are not
4635 * implemented so we can't sleep like WFI does.
4637 static void gen_nop_hint(DisasContext *s, int val)
4640 /* When running in MTTCG we don't generate jumps to the yield and
4641 * WFE helpers as it won't affect the scheduling of other vCPUs.
4642 * If we wanted to more completely model WFE/SEV so we don't busy
4643 * spin unnecessarily we would need to do something more involved.
4646 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
4647 gen_set_pc_im(s, s->pc);
4648 s->base.is_jmp = DISAS_YIELD;
4652 gen_set_pc_im(s, s->pc);
4653 s->base.is_jmp = DISAS_WFI;
4656 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
4657 gen_set_pc_im(s, s->pc);
4658 s->base.is_jmp = DISAS_WFE;
4663 /* TODO: Implement SEV, SEVL and WFE. May help SMP performance. */
4669 #define CPU_V001 cpu_V0, cpu_V0, cpu_V1
4671 static inline void gen_neon_add(int size, TCGv_i32 t0, TCGv_i32 t1)
4674 case 0: gen_helper_neon_add_u8(t0, t0, t1); break;
4675 case 1: gen_helper_neon_add_u16(t0, t0, t1); break;
4676 case 2: tcg_gen_add_i32(t0, t0, t1); break;
4681 static inline void gen_neon_rsb(int size, TCGv_i32 t0, TCGv_i32 t1)
4684 case 0: gen_helper_neon_sub_u8(t0, t1, t0); break;
4685 case 1: gen_helper_neon_sub_u16(t0, t1, t0); break;
4686 case 2: tcg_gen_sub_i32(t0, t1, t0); break;
4691 /* 32-bit pairwise ops end up the same as the elementwise versions. */
4692 #define gen_helper_neon_pmax_s32 gen_helper_neon_max_s32
4693 #define gen_helper_neon_pmax_u32 gen_helper_neon_max_u32
4694 #define gen_helper_neon_pmin_s32 gen_helper_neon_min_s32
4695 #define gen_helper_neon_pmin_u32 gen_helper_neon_min_u32
4697 #define GEN_NEON_INTEGER_OP_ENV(name) do { \
4698 switch ((size << 1) | u) { \
4700 gen_helper_neon_##name##_s8(tmp, cpu_env, tmp, tmp2); \
4703 gen_helper_neon_##name##_u8(tmp, cpu_env, tmp, tmp2); \
4706 gen_helper_neon_##name##_s16(tmp, cpu_env, tmp, tmp2); \
4709 gen_helper_neon_##name##_u16(tmp, cpu_env, tmp, tmp2); \
4712 gen_helper_neon_##name##_s32(tmp, cpu_env, tmp, tmp2); \
4715 gen_helper_neon_##name##_u32(tmp, cpu_env, tmp, tmp2); \
4717 default: return 1; \
4720 #define GEN_NEON_INTEGER_OP(name) do { \
4721 switch ((size << 1) | u) { \
4723 gen_helper_neon_##name##_s8(tmp, tmp, tmp2); \
4726 gen_helper_neon_##name##_u8(tmp, tmp, tmp2); \
4729 gen_helper_neon_##name##_s16(tmp, tmp, tmp2); \
4732 gen_helper_neon_##name##_u16(tmp, tmp, tmp2); \
4735 gen_helper_neon_##name##_s32(tmp, tmp, tmp2); \
4738 gen_helper_neon_##name##_u32(tmp, tmp, tmp2); \
4740 default: return 1; \
4743 static TCGv_i32 neon_load_scratch(int scratch)
4745 TCGv_i32 tmp = tcg_temp_new_i32();
4746 tcg_gen_ld_i32(tmp, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
4750 static void neon_store_scratch(int scratch, TCGv_i32 var)
4752 tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
4753 tcg_temp_free_i32(var);
4756 static inline TCGv_i32 neon_get_scalar(int size, int reg)
4760 tmp = neon_load_reg(reg & 7, reg >> 4);
4762 gen_neon_dup_high16(tmp);
4764 gen_neon_dup_low16(tmp);
4767 tmp = neon_load_reg(reg & 15, reg >> 4);
4772 static int gen_neon_unzip(int rd, int rm, int size, int q)
4776 if (!q && size == 2) {
4779 pd = vfp_reg_ptr(true, rd);
4780 pm = vfp_reg_ptr(true, rm);
4784 gen_helper_neon_qunzip8(pd, pm);
4787 gen_helper_neon_qunzip16(pd, pm);
4790 gen_helper_neon_qunzip32(pd, pm);
4798 gen_helper_neon_unzip8(pd, pm);
4801 gen_helper_neon_unzip16(pd, pm);
4807 tcg_temp_free_ptr(pd);
4808 tcg_temp_free_ptr(pm);
4812 static int gen_neon_zip(int rd, int rm, int size, int q)
4816 if (!q && size == 2) {
4819 pd = vfp_reg_ptr(true, rd);
4820 pm = vfp_reg_ptr(true, rm);
4824 gen_helper_neon_qzip8(pd, pm);
4827 gen_helper_neon_qzip16(pd, pm);
4830 gen_helper_neon_qzip32(pd, pm);
4838 gen_helper_neon_zip8(pd, pm);
4841 gen_helper_neon_zip16(pd, pm);
4847 tcg_temp_free_ptr(pd);
4848 tcg_temp_free_ptr(pm);
4852 static void gen_neon_trn_u8(TCGv_i32 t0, TCGv_i32 t1)
4856 rd = tcg_temp_new_i32();
4857 tmp = tcg_temp_new_i32();
4859 tcg_gen_shli_i32(rd, t0, 8);
4860 tcg_gen_andi_i32(rd, rd, 0xff00ff00);
4861 tcg_gen_andi_i32(tmp, t1, 0x00ff00ff);
4862 tcg_gen_or_i32(rd, rd, tmp);
4864 tcg_gen_shri_i32(t1, t1, 8);
4865 tcg_gen_andi_i32(t1, t1, 0x00ff00ff);
4866 tcg_gen_andi_i32(tmp, t0, 0xff00ff00);
4867 tcg_gen_or_i32(t1, t1, tmp);
4868 tcg_gen_mov_i32(t0, rd);
4870 tcg_temp_free_i32(tmp);
4871 tcg_temp_free_i32(rd);
4874 static void gen_neon_trn_u16(TCGv_i32 t0, TCGv_i32 t1)
4878 rd = tcg_temp_new_i32();
4879 tmp = tcg_temp_new_i32();
4881 tcg_gen_shli_i32(rd, t0, 16);
4882 tcg_gen_andi_i32(tmp, t1, 0xffff);
4883 tcg_gen_or_i32(rd, rd, tmp);
4884 tcg_gen_shri_i32(t1, t1, 16);
4885 tcg_gen_andi_i32(tmp, t0, 0xffff0000);
4886 tcg_gen_or_i32(t1, t1, tmp);
4887 tcg_gen_mov_i32(t0, rd);
4889 tcg_temp_free_i32(tmp);
4890 tcg_temp_free_i32(rd);
4898 } neon_ls_element_type[11] = {
4912 /* Translate a NEON load/store element instruction. Return nonzero if the
4913 instruction is invalid. */
4914 static int disas_neon_ls_insn(DisasContext *s, uint32_t insn)
4933 /* FIXME: this access check should not take precedence over UNDEF
4934 * for invalid encodings; we will generate incorrect syndrome information
4935 * for attempts to execute invalid vfp/neon encodings with FP disabled.
4937 if (s->fp_excp_el) {
4938 gen_exception_insn(s, 4, EXCP_UDEF,
4939 syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
4943 if (!s->vfp_enabled)
4945 VFP_DREG_D(rd, insn);
4946 rn = (insn >> 16) & 0xf;
4948 load = (insn & (1 << 21)) != 0;
4949 if ((insn & (1 << 23)) == 0) {
4950 /* Load store all elements. */
4951 op = (insn >> 8) & 0xf;
4952 size = (insn >> 6) & 3;
4955 /* Catch UNDEF cases for bad values of align field */
4958 if (((insn >> 5) & 1) == 1) {
4963 if (((insn >> 4) & 3) == 3) {
4970 nregs = neon_ls_element_type[op].nregs;
4971 interleave = neon_ls_element_type[op].interleave;
4972 spacing = neon_ls_element_type[op].spacing;
4973 if (size == 3 && (interleave | spacing) != 1)
4975 addr = tcg_temp_new_i32();
4976 load_reg_var(s, addr, rn);
4977 stride = (1 << size) * interleave;
4978 for (reg = 0; reg < nregs; reg++) {
4979 if (interleave > 2 || (interleave == 2 && nregs == 2)) {
4980 load_reg_var(s, addr, rn);
4981 tcg_gen_addi_i32(addr, addr, (1 << size) * reg);
4982 } else if (interleave == 2 && nregs == 4 && reg == 2) {
4983 load_reg_var(s, addr, rn);
4984 tcg_gen_addi_i32(addr, addr, 1 << size);
4987 tmp64 = tcg_temp_new_i64();
4989 gen_aa32_ld64(s, tmp64, addr, get_mem_index(s));
4990 neon_store_reg64(tmp64, rd);
4992 neon_load_reg64(tmp64, rd);
4993 gen_aa32_st64(s, tmp64, addr, get_mem_index(s));
4995 tcg_temp_free_i64(tmp64);
4996 tcg_gen_addi_i32(addr, addr, stride);
4998 for (pass = 0; pass < 2; pass++) {
5001 tmp = tcg_temp_new_i32();
5002 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
5003 neon_store_reg(rd, pass, tmp);
5005 tmp = neon_load_reg(rd, pass);
5006 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
5007 tcg_temp_free_i32(tmp);
5009 tcg_gen_addi_i32(addr, addr, stride);
5010 } else if (size == 1) {
5012 tmp = tcg_temp_new_i32();
5013 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
5014 tcg_gen_addi_i32(addr, addr, stride);
5015 tmp2 = tcg_temp_new_i32();
5016 gen_aa32_ld16u(s, tmp2, addr, get_mem_index(s));
5017 tcg_gen_addi_i32(addr, addr, stride);
5018 tcg_gen_shli_i32(tmp2, tmp2, 16);
5019 tcg_gen_or_i32(tmp, tmp, tmp2);
5020 tcg_temp_free_i32(tmp2);
5021 neon_store_reg(rd, pass, tmp);
5023 tmp = neon_load_reg(rd, pass);
5024 tmp2 = tcg_temp_new_i32();
5025 tcg_gen_shri_i32(tmp2, tmp, 16);
5026 gen_aa32_st16(s, tmp, addr, get_mem_index(s));
5027 tcg_temp_free_i32(tmp);
5028 tcg_gen_addi_i32(addr, addr, stride);
5029 gen_aa32_st16(s, tmp2, addr, get_mem_index(s));
5030 tcg_temp_free_i32(tmp2);
5031 tcg_gen_addi_i32(addr, addr, stride);
5033 } else /* size == 0 */ {
5036 for (n = 0; n < 4; n++) {
5037 tmp = tcg_temp_new_i32();
5038 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
5039 tcg_gen_addi_i32(addr, addr, stride);
5043 tcg_gen_shli_i32(tmp, tmp, n * 8);
5044 tcg_gen_or_i32(tmp2, tmp2, tmp);
5045 tcg_temp_free_i32(tmp);
5048 neon_store_reg(rd, pass, tmp2);
5050 tmp2 = neon_load_reg(rd, pass);
5051 for (n = 0; n < 4; n++) {
5052 tmp = tcg_temp_new_i32();
5054 tcg_gen_mov_i32(tmp, tmp2);
5056 tcg_gen_shri_i32(tmp, tmp2, n * 8);
5058 gen_aa32_st8(s, tmp, addr, get_mem_index(s));
5059 tcg_temp_free_i32(tmp);
5060 tcg_gen_addi_i32(addr, addr, stride);
5062 tcg_temp_free_i32(tmp2);
5069 tcg_temp_free_i32(addr);
5072 size = (insn >> 10) & 3;
5074 /* Load single element to all lanes. */
5075 int a = (insn >> 4) & 1;
5079 size = (insn >> 6) & 3;
5080 nregs = ((insn >> 8) & 3) + 1;
5083 if (nregs != 4 || a == 0) {
5086 /* For VLD4 size==3 a == 1 means 32 bits at 16 byte alignment */
5089 if (nregs == 1 && a == 1 && size == 0) {
5092 if (nregs == 3 && a == 1) {
5095 addr = tcg_temp_new_i32();
5096 load_reg_var(s, addr, rn);
5098 /* VLD1 to all lanes: bit 5 indicates how many Dregs to write */
5099 tmp = gen_load_and_replicate(s, addr, size);
5100 tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 0));
5101 tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 1));
5102 if (insn & (1 << 5)) {
5103 tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd + 1, 0));
5104 tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd + 1, 1));
5106 tcg_temp_free_i32(tmp);
5108 /* VLD2/3/4 to all lanes: bit 5 indicates register stride */
5109 stride = (insn & (1 << 5)) ? 2 : 1;
5110 for (reg = 0; reg < nregs; reg++) {
5111 tmp = gen_load_and_replicate(s, addr, size);
5112 tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 0));
5113 tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 1));
5114 tcg_temp_free_i32(tmp);
5115 tcg_gen_addi_i32(addr, addr, 1 << size);
5119 tcg_temp_free_i32(addr);
5120 stride = (1 << size) * nregs;
5122 /* Single element. */
5123 int idx = (insn >> 4) & 0xf;
5124 pass = (insn >> 7) & 1;
5127 shift = ((insn >> 5) & 3) * 8;
5131 shift = ((insn >> 6) & 1) * 16;
5132 stride = (insn & (1 << 5)) ? 2 : 1;
5136 stride = (insn & (1 << 6)) ? 2 : 1;
5141 nregs = ((insn >> 8) & 3) + 1;
5142 /* Catch the UNDEF cases. This is unavoidably a bit messy. */
5145 if (((idx & (1 << size)) != 0) ||
5146 (size == 2 && ((idx & 3) == 1 || (idx & 3) == 2))) {
5151 if ((idx & 1) != 0) {
5156 if (size == 2 && (idx & 2) != 0) {
5161 if ((size == 2) && ((idx & 3) == 3)) {
5168 if ((rd + stride * (nregs - 1)) > 31) {
5169 /* Attempts to write off the end of the register file
5170 * are UNPREDICTABLE; we choose to UNDEF because otherwise
5171 * the neon_load_reg() would write off the end of the array.
5175 addr = tcg_temp_new_i32();
5176 load_reg_var(s, addr, rn);
5177 for (reg = 0; reg < nregs; reg++) {
5179 tmp = tcg_temp_new_i32();
5182 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
5185 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
5188 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
5190 default: /* Avoid compiler warnings. */
5194 tmp2 = neon_load_reg(rd, pass);
5195 tcg_gen_deposit_i32(tmp, tmp2, tmp,
5196 shift, size ? 16 : 8);
5197 tcg_temp_free_i32(tmp2);
5199 neon_store_reg(rd, pass, tmp);
5200 } else { /* Store */
5201 tmp = neon_load_reg(rd, pass);
5203 tcg_gen_shri_i32(tmp, tmp, shift);
5206 gen_aa32_st8(s, tmp, addr, get_mem_index(s));
5209 gen_aa32_st16(s, tmp, addr, get_mem_index(s));
5212 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
5215 tcg_temp_free_i32(tmp);
5218 tcg_gen_addi_i32(addr, addr, 1 << size);
5220 tcg_temp_free_i32(addr);
5221 stride = nregs * (1 << size);
5227 base = load_reg(s, rn);
5229 tcg_gen_addi_i32(base, base, stride);
5232 index = load_reg(s, rm);
5233 tcg_gen_add_i32(base, base, index);
5234 tcg_temp_free_i32(index);
5236 store_reg(s, rn, base);
5241 /* Bitwise select. dest = c ? t : f. Clobbers T and F. */
5242 static void gen_neon_bsl(TCGv_i32 dest, TCGv_i32 t, TCGv_i32 f, TCGv_i32 c)
5244 tcg_gen_and_i32(t, t, c);
5245 tcg_gen_andc_i32(f, f, c);
5246 tcg_gen_or_i32(dest, t, f);
5249 static inline void gen_neon_narrow(int size, TCGv_i32 dest, TCGv_i64 src)
5252 case 0: gen_helper_neon_narrow_u8(dest, src); break;
5253 case 1: gen_helper_neon_narrow_u16(dest, src); break;
5254 case 2: tcg_gen_extrl_i64_i32(dest, src); break;
5259 static inline void gen_neon_narrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
5262 case 0: gen_helper_neon_narrow_sat_s8(dest, cpu_env, src); break;
5263 case 1: gen_helper_neon_narrow_sat_s16(dest, cpu_env, src); break;
5264 case 2: gen_helper_neon_narrow_sat_s32(dest, cpu_env, src); break;
5269 static inline void gen_neon_narrow_satu(int size, TCGv_i32 dest, TCGv_i64 src)
5272 case 0: gen_helper_neon_narrow_sat_u8(dest, cpu_env, src); break;
5273 case 1: gen_helper_neon_narrow_sat_u16(dest, cpu_env, src); break;
5274 case 2: gen_helper_neon_narrow_sat_u32(dest, cpu_env, src); break;
5279 static inline void gen_neon_unarrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
5282 case 0: gen_helper_neon_unarrow_sat8(dest, cpu_env, src); break;
5283 case 1: gen_helper_neon_unarrow_sat16(dest, cpu_env, src); break;
5284 case 2: gen_helper_neon_unarrow_sat32(dest, cpu_env, src); break;
5289 static inline void gen_neon_shift_narrow(int size, TCGv_i32 var, TCGv_i32 shift,
5295 case 1: gen_helper_neon_rshl_u16(var, var, shift); break;
5296 case 2: gen_helper_neon_rshl_u32(var, var, shift); break;
5301 case 1: gen_helper_neon_rshl_s16(var, var, shift); break;
5302 case 2: gen_helper_neon_rshl_s32(var, var, shift); break;
5309 case 1: gen_helper_neon_shl_u16(var, var, shift); break;
5310 case 2: gen_helper_neon_shl_u32(var, var, shift); break;
5315 case 1: gen_helper_neon_shl_s16(var, var, shift); break;
5316 case 2: gen_helper_neon_shl_s32(var, var, shift); break;
5323 static inline void gen_neon_widen(TCGv_i64 dest, TCGv_i32 src, int size, int u)
5327 case 0: gen_helper_neon_widen_u8(dest, src); break;
5328 case 1: gen_helper_neon_widen_u16(dest, src); break;
5329 case 2: tcg_gen_extu_i32_i64(dest, src); break;
5334 case 0: gen_helper_neon_widen_s8(dest, src); break;
5335 case 1: gen_helper_neon_widen_s16(dest, src); break;
5336 case 2: tcg_gen_ext_i32_i64(dest, src); break;
5340 tcg_temp_free_i32(src);
5343 static inline void gen_neon_addl(int size)
5346 case 0: gen_helper_neon_addl_u16(CPU_V001); break;
5347 case 1: gen_helper_neon_addl_u32(CPU_V001); break;
5348 case 2: tcg_gen_add_i64(CPU_V001); break;
5353 static inline void gen_neon_subl(int size)
5356 case 0: gen_helper_neon_subl_u16(CPU_V001); break;
5357 case 1: gen_helper_neon_subl_u32(CPU_V001); break;
5358 case 2: tcg_gen_sub_i64(CPU_V001); break;
5363 static inline void gen_neon_negl(TCGv_i64 var, int size)
5366 case 0: gen_helper_neon_negl_u16(var, var); break;
5367 case 1: gen_helper_neon_negl_u32(var, var); break;
5369 tcg_gen_neg_i64(var, var);
5375 static inline void gen_neon_addl_saturate(TCGv_i64 op0, TCGv_i64 op1, int size)
5378 case 1: gen_helper_neon_addl_saturate_s32(op0, cpu_env, op0, op1); break;
5379 case 2: gen_helper_neon_addl_saturate_s64(op0, cpu_env, op0, op1); break;
5384 static inline void gen_neon_mull(TCGv_i64 dest, TCGv_i32 a, TCGv_i32 b,
5389 switch ((size << 1) | u) {
5390 case 0: gen_helper_neon_mull_s8(dest, a, b); break;
5391 case 1: gen_helper_neon_mull_u8(dest, a, b); break;
5392 case 2: gen_helper_neon_mull_s16(dest, a, b); break;
5393 case 3: gen_helper_neon_mull_u16(dest, a, b); break;
5395 tmp = gen_muls_i64_i32(a, b);
5396 tcg_gen_mov_i64(dest, tmp);
5397 tcg_temp_free_i64(tmp);
5400 tmp = gen_mulu_i64_i32(a, b);
5401 tcg_gen_mov_i64(dest, tmp);
5402 tcg_temp_free_i64(tmp);
5407 /* gen_helper_neon_mull_[su]{8|16} do not free their parameters.
5408 Don't forget to clean them now. */
5410 tcg_temp_free_i32(a);
5411 tcg_temp_free_i32(b);
5415 static void gen_neon_narrow_op(int op, int u, int size,
5416 TCGv_i32 dest, TCGv_i64 src)
5420 gen_neon_unarrow_sats(size, dest, src);
5422 gen_neon_narrow(size, dest, src);
5426 gen_neon_narrow_satu(size, dest, src);
5428 gen_neon_narrow_sats(size, dest, src);
5433 /* Symbolic constants for op fields for Neon 3-register same-length.
5434 * The values correspond to bits [11:8,4]; see the ARM ARM DDI0406B
5437 #define NEON_3R_VHADD 0
5438 #define NEON_3R_VQADD 1
5439 #define NEON_3R_VRHADD 2
5440 #define NEON_3R_LOGIC 3 /* VAND,VBIC,VORR,VMOV,VORN,VEOR,VBIF,VBIT,VBSL */
5441 #define NEON_3R_VHSUB 4
5442 #define NEON_3R_VQSUB 5
5443 #define NEON_3R_VCGT 6
5444 #define NEON_3R_VCGE 7
5445 #define NEON_3R_VSHL 8
5446 #define NEON_3R_VQSHL 9
5447 #define NEON_3R_VRSHL 10
5448 #define NEON_3R_VQRSHL 11
5449 #define NEON_3R_VMAX 12
5450 #define NEON_3R_VMIN 13
5451 #define NEON_3R_VABD 14
5452 #define NEON_3R_VABA 15
5453 #define NEON_3R_VADD_VSUB 16
5454 #define NEON_3R_VTST_VCEQ 17
5455 #define NEON_3R_VML 18 /* VMLA, VMLAL, VMLS, VMLSL */
5456 #define NEON_3R_VMUL 19
5457 #define NEON_3R_VPMAX 20
5458 #define NEON_3R_VPMIN 21
5459 #define NEON_3R_VQDMULH_VQRDMULH 22
5460 #define NEON_3R_VPADD_VQRDMLAH 23
5461 #define NEON_3R_SHA 24 /* SHA1C,SHA1P,SHA1M,SHA1SU0,SHA256H{2},SHA256SU1 */
5462 #define NEON_3R_VFM_VQRDMLSH 25 /* VFMA, VFMS, VQRDMLSH */
5463 #define NEON_3R_FLOAT_ARITH 26 /* float VADD, VSUB, VPADD, VABD */
5464 #define NEON_3R_FLOAT_MULTIPLY 27 /* float VMLA, VMLS, VMUL */
5465 #define NEON_3R_FLOAT_CMP 28 /* float VCEQ, VCGE, VCGT */
5466 #define NEON_3R_FLOAT_ACMP 29 /* float VACGE, VACGT, VACLE, VACLT */
5467 #define NEON_3R_FLOAT_MINMAX 30 /* float VMIN, VMAX */
5468 #define NEON_3R_FLOAT_MISC 31 /* float VRECPS, VRSQRTS, VMAXNM/MINNM */
5470 static const uint8_t neon_3r_sizes[] = {
5471 [NEON_3R_VHADD] = 0x7,
5472 [NEON_3R_VQADD] = 0xf,
5473 [NEON_3R_VRHADD] = 0x7,
5474 [NEON_3R_LOGIC] = 0xf, /* size field encodes op type */
5475 [NEON_3R_VHSUB] = 0x7,
5476 [NEON_3R_VQSUB] = 0xf,
5477 [NEON_3R_VCGT] = 0x7,
5478 [NEON_3R_VCGE] = 0x7,
5479 [NEON_3R_VSHL] = 0xf,
5480 [NEON_3R_VQSHL] = 0xf,
5481 [NEON_3R_VRSHL] = 0xf,
5482 [NEON_3R_VQRSHL] = 0xf,
5483 [NEON_3R_VMAX] = 0x7,
5484 [NEON_3R_VMIN] = 0x7,
5485 [NEON_3R_VABD] = 0x7,
5486 [NEON_3R_VABA] = 0x7,
5487 [NEON_3R_VADD_VSUB] = 0xf,
5488 [NEON_3R_VTST_VCEQ] = 0x7,
5489 [NEON_3R_VML] = 0x7,
5490 [NEON_3R_VMUL] = 0x7,
5491 [NEON_3R_VPMAX] = 0x7,
5492 [NEON_3R_VPMIN] = 0x7,
5493 [NEON_3R_VQDMULH_VQRDMULH] = 0x6,
5494 [NEON_3R_VPADD_VQRDMLAH] = 0x7,
5495 [NEON_3R_SHA] = 0xf, /* size field encodes op type */
5496 [NEON_3R_VFM_VQRDMLSH] = 0x7, /* For VFM, size bit 1 encodes op */
5497 [NEON_3R_FLOAT_ARITH] = 0x5, /* size bit 1 encodes op */
5498 [NEON_3R_FLOAT_MULTIPLY] = 0x5, /* size bit 1 encodes op */
5499 [NEON_3R_FLOAT_CMP] = 0x5, /* size bit 1 encodes op */
5500 [NEON_3R_FLOAT_ACMP] = 0x5, /* size bit 1 encodes op */
5501 [NEON_3R_FLOAT_MINMAX] = 0x5, /* size bit 1 encodes op */
5502 [NEON_3R_FLOAT_MISC] = 0x5, /* size bit 1 encodes op */
5505 /* Symbolic constants for op fields for Neon 2-register miscellaneous.
5506 * The values correspond to bits [17:16,10:7]; see the ARM ARM DDI0406B
5509 #define NEON_2RM_VREV64 0
5510 #define NEON_2RM_VREV32 1
5511 #define NEON_2RM_VREV16 2
5512 #define NEON_2RM_VPADDL 4
5513 #define NEON_2RM_VPADDL_U 5
5514 #define NEON_2RM_AESE 6 /* Includes AESD */
5515 #define NEON_2RM_AESMC 7 /* Includes AESIMC */
5516 #define NEON_2RM_VCLS 8
5517 #define NEON_2RM_VCLZ 9
5518 #define NEON_2RM_VCNT 10
5519 #define NEON_2RM_VMVN 11
5520 #define NEON_2RM_VPADAL 12
5521 #define NEON_2RM_VPADAL_U 13
5522 #define NEON_2RM_VQABS 14
5523 #define NEON_2RM_VQNEG 15
5524 #define NEON_2RM_VCGT0 16
5525 #define NEON_2RM_VCGE0 17
5526 #define NEON_2RM_VCEQ0 18
5527 #define NEON_2RM_VCLE0 19
5528 #define NEON_2RM_VCLT0 20
5529 #define NEON_2RM_SHA1H 21
5530 #define NEON_2RM_VABS 22
5531 #define NEON_2RM_VNEG 23
5532 #define NEON_2RM_VCGT0_F 24
5533 #define NEON_2RM_VCGE0_F 25
5534 #define NEON_2RM_VCEQ0_F 26
5535 #define NEON_2RM_VCLE0_F 27
5536 #define NEON_2RM_VCLT0_F 28
5537 #define NEON_2RM_VABS_F 30
5538 #define NEON_2RM_VNEG_F 31
5539 #define NEON_2RM_VSWP 32
5540 #define NEON_2RM_VTRN 33
5541 #define NEON_2RM_VUZP 34
5542 #define NEON_2RM_VZIP 35
5543 #define NEON_2RM_VMOVN 36 /* Includes VQMOVN, VQMOVUN */
5544 #define NEON_2RM_VQMOVN 37 /* Includes VQMOVUN */
5545 #define NEON_2RM_VSHLL 38
5546 #define NEON_2RM_SHA1SU1 39 /* Includes SHA256SU0 */
5547 #define NEON_2RM_VRINTN 40
5548 #define NEON_2RM_VRINTX 41
5549 #define NEON_2RM_VRINTA 42
5550 #define NEON_2RM_VRINTZ 43
5551 #define NEON_2RM_VCVT_F16_F32 44
5552 #define NEON_2RM_VRINTM 45
5553 #define NEON_2RM_VCVT_F32_F16 46
5554 #define NEON_2RM_VRINTP 47
5555 #define NEON_2RM_VCVTAU 48
5556 #define NEON_2RM_VCVTAS 49
5557 #define NEON_2RM_VCVTNU 50
5558 #define NEON_2RM_VCVTNS 51
5559 #define NEON_2RM_VCVTPU 52
5560 #define NEON_2RM_VCVTPS 53
5561 #define NEON_2RM_VCVTMU 54
5562 #define NEON_2RM_VCVTMS 55
5563 #define NEON_2RM_VRECPE 56
5564 #define NEON_2RM_VRSQRTE 57
5565 #define NEON_2RM_VRECPE_F 58
5566 #define NEON_2RM_VRSQRTE_F 59
5567 #define NEON_2RM_VCVT_FS 60
5568 #define NEON_2RM_VCVT_FU 61
5569 #define NEON_2RM_VCVT_SF 62
5570 #define NEON_2RM_VCVT_UF 63
5572 static int neon_2rm_is_float_op(int op)
5574 /* Return true if this neon 2reg-misc op is float-to-float */
5575 return (op == NEON_2RM_VABS_F || op == NEON_2RM_VNEG_F ||
5576 (op >= NEON_2RM_VRINTN && op <= NEON_2RM_VRINTZ) ||
5577 op == NEON_2RM_VRINTM ||
5578 (op >= NEON_2RM_VRINTP && op <= NEON_2RM_VCVTMS) ||
5579 op >= NEON_2RM_VRECPE_F);
5582 static bool neon_2rm_is_v8_op(int op)
5584 /* Return true if this neon 2reg-misc op is ARMv8 and up */
5586 case NEON_2RM_VRINTN:
5587 case NEON_2RM_VRINTA:
5588 case NEON_2RM_VRINTM:
5589 case NEON_2RM_VRINTP:
5590 case NEON_2RM_VRINTZ:
5591 case NEON_2RM_VRINTX:
5592 case NEON_2RM_VCVTAU:
5593 case NEON_2RM_VCVTAS:
5594 case NEON_2RM_VCVTNU:
5595 case NEON_2RM_VCVTNS:
5596 case NEON_2RM_VCVTPU:
5597 case NEON_2RM_VCVTPS:
5598 case NEON_2RM_VCVTMU:
5599 case NEON_2RM_VCVTMS:
5606 /* Each entry in this array has bit n set if the insn allows
5607 * size value n (otherwise it will UNDEF). Since unallocated
5608 * op values will have no bits set they always UNDEF.
5610 static const uint8_t neon_2rm_sizes[] = {
5611 [NEON_2RM_VREV64] = 0x7,
5612 [NEON_2RM_VREV32] = 0x3,
5613 [NEON_2RM_VREV16] = 0x1,
5614 [NEON_2RM_VPADDL] = 0x7,
5615 [NEON_2RM_VPADDL_U] = 0x7,
5616 [NEON_2RM_AESE] = 0x1,
5617 [NEON_2RM_AESMC] = 0x1,
5618 [NEON_2RM_VCLS] = 0x7,
5619 [NEON_2RM_VCLZ] = 0x7,
5620 [NEON_2RM_VCNT] = 0x1,
5621 [NEON_2RM_VMVN] = 0x1,
5622 [NEON_2RM_VPADAL] = 0x7,
5623 [NEON_2RM_VPADAL_U] = 0x7,
5624 [NEON_2RM_VQABS] = 0x7,
5625 [NEON_2RM_VQNEG] = 0x7,
5626 [NEON_2RM_VCGT0] = 0x7,
5627 [NEON_2RM_VCGE0] = 0x7,
5628 [NEON_2RM_VCEQ0] = 0x7,
5629 [NEON_2RM_VCLE0] = 0x7,
5630 [NEON_2RM_VCLT0] = 0x7,
5631 [NEON_2RM_SHA1H] = 0x4,
5632 [NEON_2RM_VABS] = 0x7,
5633 [NEON_2RM_VNEG] = 0x7,
5634 [NEON_2RM_VCGT0_F] = 0x4,
5635 [NEON_2RM_VCGE0_F] = 0x4,
5636 [NEON_2RM_VCEQ0_F] = 0x4,
5637 [NEON_2RM_VCLE0_F] = 0x4,
5638 [NEON_2RM_VCLT0_F] = 0x4,
5639 [NEON_2RM_VABS_F] = 0x4,
5640 [NEON_2RM_VNEG_F] = 0x4,
5641 [NEON_2RM_VSWP] = 0x1,
5642 [NEON_2RM_VTRN] = 0x7,
5643 [NEON_2RM_VUZP] = 0x7,
5644 [NEON_2RM_VZIP] = 0x7,
5645 [NEON_2RM_VMOVN] = 0x7,
5646 [NEON_2RM_VQMOVN] = 0x7,
5647 [NEON_2RM_VSHLL] = 0x7,
5648 [NEON_2RM_SHA1SU1] = 0x4,
5649 [NEON_2RM_VRINTN] = 0x4,
5650 [NEON_2RM_VRINTX] = 0x4,
5651 [NEON_2RM_VRINTA] = 0x4,
5652 [NEON_2RM_VRINTZ] = 0x4,
5653 [NEON_2RM_VCVT_F16_F32] = 0x2,
5654 [NEON_2RM_VRINTM] = 0x4,
5655 [NEON_2RM_VCVT_F32_F16] = 0x2,
5656 [NEON_2RM_VRINTP] = 0x4,
5657 [NEON_2RM_VCVTAU] = 0x4,
5658 [NEON_2RM_VCVTAS] = 0x4,
5659 [NEON_2RM_VCVTNU] = 0x4,
5660 [NEON_2RM_VCVTNS] = 0x4,
5661 [NEON_2RM_VCVTPU] = 0x4,
5662 [NEON_2RM_VCVTPS] = 0x4,
5663 [NEON_2RM_VCVTMU] = 0x4,
5664 [NEON_2RM_VCVTMS] = 0x4,
5665 [NEON_2RM_VRECPE] = 0x4,
5666 [NEON_2RM_VRSQRTE] = 0x4,
5667 [NEON_2RM_VRECPE_F] = 0x4,
5668 [NEON_2RM_VRSQRTE_F] = 0x4,
5669 [NEON_2RM_VCVT_FS] = 0x4,
5670 [NEON_2RM_VCVT_FU] = 0x4,
5671 [NEON_2RM_VCVT_SF] = 0x4,
5672 [NEON_2RM_VCVT_UF] = 0x4,
5676 /* Expand v8.1 simd helper. */
5677 static int do_v81_helper(DisasContext *s, gen_helper_gvec_3_ptr *fn,
5678 int q, int rd, int rn, int rm)
5680 if (arm_dc_feature(s, ARM_FEATURE_V8_RDM)) {
5681 int opr_sz = (1 + q) * 8;
5682 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd),
5683 vfp_reg_offset(1, rn),
5684 vfp_reg_offset(1, rm), cpu_env,
5685 opr_sz, opr_sz, 0, fn);
5691 /* Translate a NEON data processing instruction. Return nonzero if the
5692 instruction is invalid.
5693 We process data in a mixture of 32-bit and 64-bit chunks.
5694 Mostly we use 32-bit chunks so we can use normal scalar instructions. */
5696 static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
5708 TCGv_i32 tmp, tmp2, tmp3, tmp4, tmp5;
5709 TCGv_ptr ptr1, ptr2, ptr3;
5712 /* FIXME: this access check should not take precedence over UNDEF
5713 * for invalid encodings; we will generate incorrect syndrome information
5714 * for attempts to execute invalid vfp/neon encodings with FP disabled.
5716 if (s->fp_excp_el) {
5717 gen_exception_insn(s, 4, EXCP_UDEF,
5718 syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
5722 if (!s->vfp_enabled)
5724 q = (insn & (1 << 6)) != 0;
5725 u = (insn >> 24) & 1;
5726 VFP_DREG_D(rd, insn);
5727 VFP_DREG_N(rn, insn);
5728 VFP_DREG_M(rm, insn);
5729 size = (insn >> 20) & 3;
5730 if ((insn & (1 << 23)) == 0) {
5731 /* Three register same length. */
5732 op = ((insn >> 7) & 0x1e) | ((insn >> 4) & 1);
5733 /* Catch invalid op and bad size combinations: UNDEF */
5734 if ((neon_3r_sizes[op] & (1 << size)) == 0) {
5737 /* All insns of this form UNDEF for either this condition or the
5738 * superset of cases "Q==1"; we catch the latter later.
5740 if (q && ((rd | rn | rm) & 1)) {
5745 /* The SHA-1/SHA-256 3-register instructions require special
5746 * treatment here, as their size field is overloaded as an
5747 * op type selector, and they all consume their input in a
5753 if (!u) { /* SHA-1 */
5754 if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA1)) {
5757 ptr1 = vfp_reg_ptr(true, rd);
5758 ptr2 = vfp_reg_ptr(true, rn);
5759 ptr3 = vfp_reg_ptr(true, rm);
5760 tmp4 = tcg_const_i32(size);
5761 gen_helper_crypto_sha1_3reg(ptr1, ptr2, ptr3, tmp4);
5762 tcg_temp_free_i32(tmp4);
5763 } else { /* SHA-256 */
5764 if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA256) || size == 3) {
5767 ptr1 = vfp_reg_ptr(true, rd);
5768 ptr2 = vfp_reg_ptr(true, rn);
5769 ptr3 = vfp_reg_ptr(true, rm);
5772 gen_helper_crypto_sha256h(ptr1, ptr2, ptr3);
5775 gen_helper_crypto_sha256h2(ptr1, ptr2, ptr3);
5778 gen_helper_crypto_sha256su1(ptr1, ptr2, ptr3);
5782 tcg_temp_free_ptr(ptr1);
5783 tcg_temp_free_ptr(ptr2);
5784 tcg_temp_free_ptr(ptr3);
5787 case NEON_3R_VPADD_VQRDMLAH:
5794 return do_v81_helper(s, gen_helper_gvec_qrdmlah_s16,
5797 return do_v81_helper(s, gen_helper_gvec_qrdmlah_s32,
5802 case NEON_3R_VFM_VQRDMLSH:
5813 return do_v81_helper(s, gen_helper_gvec_qrdmlsh_s16,
5816 return do_v81_helper(s, gen_helper_gvec_qrdmlsh_s32,
5821 if (size == 3 && op != NEON_3R_LOGIC) {
5822 /* 64-bit element instructions. */
5823 for (pass = 0; pass < (q ? 2 : 1); pass++) {
5824 neon_load_reg64(cpu_V0, rn + pass);
5825 neon_load_reg64(cpu_V1, rm + pass);
5829 gen_helper_neon_qadd_u64(cpu_V0, cpu_env,
5832 gen_helper_neon_qadd_s64(cpu_V0, cpu_env,
5838 gen_helper_neon_qsub_u64(cpu_V0, cpu_env,
5841 gen_helper_neon_qsub_s64(cpu_V0, cpu_env,
5847 gen_helper_neon_shl_u64(cpu_V0, cpu_V1, cpu_V0);
5849 gen_helper_neon_shl_s64(cpu_V0, cpu_V1, cpu_V0);
5854 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5857 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5863 gen_helper_neon_rshl_u64(cpu_V0, cpu_V1, cpu_V0);
5865 gen_helper_neon_rshl_s64(cpu_V0, cpu_V1, cpu_V0);
5868 case NEON_3R_VQRSHL:
5870 gen_helper_neon_qrshl_u64(cpu_V0, cpu_env,
5873 gen_helper_neon_qrshl_s64(cpu_V0, cpu_env,
5877 case NEON_3R_VADD_VSUB:
5879 tcg_gen_sub_i64(CPU_V001);
5881 tcg_gen_add_i64(CPU_V001);
5887 neon_store_reg64(cpu_V0, rd + pass);
5896 case NEON_3R_VQRSHL:
5899 /* Shift instruction operands are reversed. */
5905 case NEON_3R_VPADD_VQRDMLAH:
5910 case NEON_3R_FLOAT_ARITH:
5911 pairwise = (u && size < 2); /* if VPADD (float) */
5913 case NEON_3R_FLOAT_MINMAX:
5914 pairwise = u; /* if VPMIN/VPMAX (float) */
5916 case NEON_3R_FLOAT_CMP:
5918 /* no encoding for U=0 C=1x */
5922 case NEON_3R_FLOAT_ACMP:
5927 case NEON_3R_FLOAT_MISC:
5928 /* VMAXNM/VMINNM in ARMv8 */
5929 if (u && !arm_dc_feature(s, ARM_FEATURE_V8)) {
5934 if (u && (size != 0)) {
5935 /* UNDEF on invalid size for polynomial subcase */
5939 case NEON_3R_VFM_VQRDMLSH:
5940 if (!arm_dc_feature(s, ARM_FEATURE_VFP4)) {
5948 if (pairwise && q) {
5949 /* All the pairwise insns UNDEF if Q is set */
5953 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5958 tmp = neon_load_reg(rn, 0);
5959 tmp2 = neon_load_reg(rn, 1);
5961 tmp = neon_load_reg(rm, 0);
5962 tmp2 = neon_load_reg(rm, 1);
5966 tmp = neon_load_reg(rn, pass);
5967 tmp2 = neon_load_reg(rm, pass);
5971 GEN_NEON_INTEGER_OP(hadd);
5974 GEN_NEON_INTEGER_OP_ENV(qadd);
5976 case NEON_3R_VRHADD:
5977 GEN_NEON_INTEGER_OP(rhadd);
5979 case NEON_3R_LOGIC: /* Logic ops. */
5980 switch ((u << 2) | size) {
5982 tcg_gen_and_i32(tmp, tmp, tmp2);
5985 tcg_gen_andc_i32(tmp, tmp, tmp2);
5988 tcg_gen_or_i32(tmp, tmp, tmp2);
5991 tcg_gen_orc_i32(tmp, tmp, tmp2);
5994 tcg_gen_xor_i32(tmp, tmp, tmp2);
5997 tmp3 = neon_load_reg(rd, pass);
5998 gen_neon_bsl(tmp, tmp, tmp2, tmp3);
5999 tcg_temp_free_i32(tmp3);
6002 tmp3 = neon_load_reg(rd, pass);
6003 gen_neon_bsl(tmp, tmp, tmp3, tmp2);
6004 tcg_temp_free_i32(tmp3);
6007 tmp3 = neon_load_reg(rd, pass);
6008 gen_neon_bsl(tmp, tmp3, tmp, tmp2);
6009 tcg_temp_free_i32(tmp3);
6014 GEN_NEON_INTEGER_OP(hsub);
6017 GEN_NEON_INTEGER_OP_ENV(qsub);
6020 GEN_NEON_INTEGER_OP(cgt);
6023 GEN_NEON_INTEGER_OP(cge);
6026 GEN_NEON_INTEGER_OP(shl);
6029 GEN_NEON_INTEGER_OP_ENV(qshl);
6032 GEN_NEON_INTEGER_OP(rshl);
6034 case NEON_3R_VQRSHL:
6035 GEN_NEON_INTEGER_OP_ENV(qrshl);
6038 GEN_NEON_INTEGER_OP(max);
6041 GEN_NEON_INTEGER_OP(min);
6044 GEN_NEON_INTEGER_OP(abd);
6047 GEN_NEON_INTEGER_OP(abd);
6048 tcg_temp_free_i32(tmp2);
6049 tmp2 = neon_load_reg(rd, pass);
6050 gen_neon_add(size, tmp, tmp2);
6052 case NEON_3R_VADD_VSUB:
6053 if (!u) { /* VADD */
6054 gen_neon_add(size, tmp, tmp2);
6057 case 0: gen_helper_neon_sub_u8(tmp, tmp, tmp2); break;
6058 case 1: gen_helper_neon_sub_u16(tmp, tmp, tmp2); break;
6059 case 2: tcg_gen_sub_i32(tmp, tmp, tmp2); break;
6064 case NEON_3R_VTST_VCEQ:
6065 if (!u) { /* VTST */
6067 case 0: gen_helper_neon_tst_u8(tmp, tmp, tmp2); break;
6068 case 1: gen_helper_neon_tst_u16(tmp, tmp, tmp2); break;
6069 case 2: gen_helper_neon_tst_u32(tmp, tmp, tmp2); break;
6074 case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
6075 case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
6076 case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
6081 case NEON_3R_VML: /* VMLA, VMLAL, VMLS,VMLSL */
6083 case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
6084 case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
6085 case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
6088 tcg_temp_free_i32(tmp2);
6089 tmp2 = neon_load_reg(rd, pass);
6091 gen_neon_rsb(size, tmp, tmp2);
6093 gen_neon_add(size, tmp, tmp2);
6097 if (u) { /* polynomial */
6098 gen_helper_neon_mul_p8(tmp, tmp, tmp2);
6099 } else { /* Integer */
6101 case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
6102 case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
6103 case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
6109 GEN_NEON_INTEGER_OP(pmax);
6112 GEN_NEON_INTEGER_OP(pmin);
6114 case NEON_3R_VQDMULH_VQRDMULH: /* Multiply high. */
6115 if (!u) { /* VQDMULH */
6118 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
6121 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
6125 } else { /* VQRDMULH */
6128 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
6131 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
6137 case NEON_3R_VPADD_VQRDMLAH:
6139 case 0: gen_helper_neon_padd_u8(tmp, tmp, tmp2); break;
6140 case 1: gen_helper_neon_padd_u16(tmp, tmp, tmp2); break;
6141 case 2: tcg_gen_add_i32(tmp, tmp, tmp2); break;
6145 case NEON_3R_FLOAT_ARITH: /* Floating point arithmetic. */
6147 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6148 switch ((u << 2) | size) {
6151 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
6154 gen_helper_vfp_subs(tmp, tmp, tmp2, fpstatus);
6157 gen_helper_neon_abd_f32(tmp, tmp, tmp2, fpstatus);
6162 tcg_temp_free_ptr(fpstatus);
6165 case NEON_3R_FLOAT_MULTIPLY:
6167 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6168 gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
6170 tcg_temp_free_i32(tmp2);
6171 tmp2 = neon_load_reg(rd, pass);
6173 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
6175 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
6178 tcg_temp_free_ptr(fpstatus);
6181 case NEON_3R_FLOAT_CMP:
6183 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6185 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
6188 gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
6190 gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
6193 tcg_temp_free_ptr(fpstatus);
6196 case NEON_3R_FLOAT_ACMP:
6198 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6200 gen_helper_neon_acge_f32(tmp, tmp, tmp2, fpstatus);
6202 gen_helper_neon_acgt_f32(tmp, tmp, tmp2, fpstatus);
6204 tcg_temp_free_ptr(fpstatus);
6207 case NEON_3R_FLOAT_MINMAX:
6209 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6211 gen_helper_vfp_maxs(tmp, tmp, tmp2, fpstatus);
6213 gen_helper_vfp_mins(tmp, tmp, tmp2, fpstatus);
6215 tcg_temp_free_ptr(fpstatus);
6218 case NEON_3R_FLOAT_MISC:
6221 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6223 gen_helper_vfp_maxnums(tmp, tmp, tmp2, fpstatus);
6225 gen_helper_vfp_minnums(tmp, tmp, tmp2, fpstatus);
6227 tcg_temp_free_ptr(fpstatus);
6230 gen_helper_recps_f32(tmp, tmp, tmp2, cpu_env);
6232 gen_helper_rsqrts_f32(tmp, tmp, tmp2, cpu_env);
6236 case NEON_3R_VFM_VQRDMLSH:
6238 /* VFMA, VFMS: fused multiply-add */
6239 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6240 TCGv_i32 tmp3 = neon_load_reg(rd, pass);
6243 gen_helper_vfp_negs(tmp, tmp);
6245 gen_helper_vfp_muladds(tmp, tmp, tmp2, tmp3, fpstatus);
6246 tcg_temp_free_i32(tmp3);
6247 tcg_temp_free_ptr(fpstatus);
6253 tcg_temp_free_i32(tmp2);
6255 /* Save the result. For elementwise operations we can put it
6256 straight into the destination register. For pairwise operations
6257 we have to be careful to avoid clobbering the source operands. */
6258 if (pairwise && rd == rm) {
6259 neon_store_scratch(pass, tmp);
6261 neon_store_reg(rd, pass, tmp);
6265 if (pairwise && rd == rm) {
6266 for (pass = 0; pass < (q ? 4 : 2); pass++) {
6267 tmp = neon_load_scratch(pass);
6268 neon_store_reg(rd, pass, tmp);
6271 /* End of 3 register same size operations. */
6272 } else if (insn & (1 << 4)) {
6273 if ((insn & 0x00380080) != 0) {
6274 /* Two registers and shift. */
6275 op = (insn >> 8) & 0xf;
6276 if (insn & (1 << 7)) {
6284 while ((insn & (1 << (size + 19))) == 0)
6287 shift = (insn >> 16) & ((1 << (3 + size)) - 1);
6288 /* To avoid excessive duplication of ops we implement shift
6289 by immediate using the variable shift operations. */
6291 /* Shift by immediate:
6292 VSHR, VSRA, VRSHR, VRSRA, VSRI, VSHL, VQSHL, VQSHLU. */
6293 if (q && ((rd | rm) & 1)) {
6296 if (!u && (op == 4 || op == 6)) {
6299 /* Right shifts are encoded as N - shift, where N is the
6300 element size in bits. */
6302 shift = shift - (1 << (size + 3));
6310 imm = (uint8_t) shift;
6315 imm = (uint16_t) shift;
6326 for (pass = 0; pass < count; pass++) {
6328 neon_load_reg64(cpu_V0, rm + pass);
6329 tcg_gen_movi_i64(cpu_V1, imm);
6334 gen_helper_neon_shl_u64(cpu_V0, cpu_V0, cpu_V1);
6336 gen_helper_neon_shl_s64(cpu_V0, cpu_V0, cpu_V1);
6341 gen_helper_neon_rshl_u64(cpu_V0, cpu_V0, cpu_V1);
6343 gen_helper_neon_rshl_s64(cpu_V0, cpu_V0, cpu_V1);
6346 case 5: /* VSHL, VSLI */
6347 gen_helper_neon_shl_u64(cpu_V0, cpu_V0, cpu_V1);
6349 case 6: /* VQSHLU */
6350 gen_helper_neon_qshlu_s64(cpu_V0, cpu_env,
6355 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
6358 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
6363 if (op == 1 || op == 3) {
6365 neon_load_reg64(cpu_V1, rd + pass);
6366 tcg_gen_add_i64(cpu_V0, cpu_V0, cpu_V1);
6367 } else if (op == 4 || (op == 5 && u)) {
6369 neon_load_reg64(cpu_V1, rd + pass);
6371 if (shift < -63 || shift > 63) {
6375 mask = 0xffffffffffffffffull >> -shift;
6377 mask = 0xffffffffffffffffull << shift;
6380 tcg_gen_andi_i64(cpu_V1, cpu_V1, ~mask);
6381 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6383 neon_store_reg64(cpu_V0, rd + pass);
6384 } else { /* size < 3 */
6385 /* Operands in T0 and T1. */
6386 tmp = neon_load_reg(rm, pass);
6387 tmp2 = tcg_temp_new_i32();
6388 tcg_gen_movi_i32(tmp2, imm);
6392 GEN_NEON_INTEGER_OP(shl);
6396 GEN_NEON_INTEGER_OP(rshl);
6399 case 5: /* VSHL, VSLI */
6401 case 0: gen_helper_neon_shl_u8(tmp, tmp, tmp2); break;
6402 case 1: gen_helper_neon_shl_u16(tmp, tmp, tmp2); break;
6403 case 2: gen_helper_neon_shl_u32(tmp, tmp, tmp2); break;
6407 case 6: /* VQSHLU */
6410 gen_helper_neon_qshlu_s8(tmp, cpu_env,
6414 gen_helper_neon_qshlu_s16(tmp, cpu_env,
6418 gen_helper_neon_qshlu_s32(tmp, cpu_env,
6426 GEN_NEON_INTEGER_OP_ENV(qshl);
6429 tcg_temp_free_i32(tmp2);
6431 if (op == 1 || op == 3) {
6433 tmp2 = neon_load_reg(rd, pass);
6434 gen_neon_add(size, tmp, tmp2);
6435 tcg_temp_free_i32(tmp2);
6436 } else if (op == 4 || (op == 5 && u)) {
6441 mask = 0xff >> -shift;
6443 mask = (uint8_t)(0xff << shift);
6449 mask = 0xffff >> -shift;
6451 mask = (uint16_t)(0xffff << shift);
6455 if (shift < -31 || shift > 31) {
6459 mask = 0xffffffffu >> -shift;
6461 mask = 0xffffffffu << shift;
6467 tmp2 = neon_load_reg(rd, pass);
6468 tcg_gen_andi_i32(tmp, tmp, mask);
6469 tcg_gen_andi_i32(tmp2, tmp2, ~mask);
6470 tcg_gen_or_i32(tmp, tmp, tmp2);
6471 tcg_temp_free_i32(tmp2);
6473 neon_store_reg(rd, pass, tmp);
6476 } else if (op < 10) {
6477 /* Shift by immediate and narrow:
6478 VSHRN, VRSHRN, VQSHRN, VQRSHRN. */
6479 int input_unsigned = (op == 8) ? !u : u;
6483 shift = shift - (1 << (size + 3));
6486 tmp64 = tcg_const_i64(shift);
6487 neon_load_reg64(cpu_V0, rm);
6488 neon_load_reg64(cpu_V1, rm + 1);
6489 for (pass = 0; pass < 2; pass++) {
6497 if (input_unsigned) {
6498 gen_helper_neon_rshl_u64(cpu_V0, in, tmp64);
6500 gen_helper_neon_rshl_s64(cpu_V0, in, tmp64);
6503 if (input_unsigned) {
6504 gen_helper_neon_shl_u64(cpu_V0, in, tmp64);
6506 gen_helper_neon_shl_s64(cpu_V0, in, tmp64);
6509 tmp = tcg_temp_new_i32();
6510 gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
6511 neon_store_reg(rd, pass, tmp);
6513 tcg_temp_free_i64(tmp64);
6516 imm = (uint16_t)shift;
6520 imm = (uint32_t)shift;
6522 tmp2 = tcg_const_i32(imm);
6523 tmp4 = neon_load_reg(rm + 1, 0);
6524 tmp5 = neon_load_reg(rm + 1, 1);
6525 for (pass = 0; pass < 2; pass++) {
6527 tmp = neon_load_reg(rm, 0);
6531 gen_neon_shift_narrow(size, tmp, tmp2, q,
6534 tmp3 = neon_load_reg(rm, 1);
6538 gen_neon_shift_narrow(size, tmp3, tmp2, q,
6540 tcg_gen_concat_i32_i64(cpu_V0, tmp, tmp3);
6541 tcg_temp_free_i32(tmp);
6542 tcg_temp_free_i32(tmp3);
6543 tmp = tcg_temp_new_i32();
6544 gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
6545 neon_store_reg(rd, pass, tmp);
6547 tcg_temp_free_i32(tmp2);
6549 } else if (op == 10) {
6551 if (q || (rd & 1)) {
6554 tmp = neon_load_reg(rm, 0);
6555 tmp2 = neon_load_reg(rm, 1);
6556 for (pass = 0; pass < 2; pass++) {
6560 gen_neon_widen(cpu_V0, tmp, size, u);
6563 /* The shift is less than the width of the source
6564 type, so we can just shift the whole register. */
6565 tcg_gen_shli_i64(cpu_V0, cpu_V0, shift);
6566 /* Widen the result of shift: we need to clear
6567 * the potential overflow bits resulting from
6568 * left bits of the narrow input appearing as
6569 * right bits of left the neighbour narrow
6571 if (size < 2 || !u) {
6574 imm = (0xffu >> (8 - shift));
6576 } else if (size == 1) {
6577 imm = 0xffff >> (16 - shift);
6580 imm = 0xffffffff >> (32 - shift);
6583 imm64 = imm | (((uint64_t)imm) << 32);
6587 tcg_gen_andi_i64(cpu_V0, cpu_V0, ~imm64);
6590 neon_store_reg64(cpu_V0, rd + pass);
6592 } else if (op >= 14) {
6593 /* VCVT fixed-point. */
6594 if (!(insn & (1 << 21)) || (q && ((rd | rm) & 1))) {
6597 /* We have already masked out the must-be-1 top bit of imm6,
6598 * hence this 32-shift where the ARM ARM has 64-imm6.
6601 for (pass = 0; pass < (q ? 4 : 2); pass++) {
6602 tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, pass));
6605 gen_vfp_ulto(0, shift, 1);
6607 gen_vfp_slto(0, shift, 1);
6610 gen_vfp_toul(0, shift, 1);
6612 gen_vfp_tosl(0, shift, 1);
6614 tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, pass));
6619 } else { /* (insn & 0x00380080) == 0 */
6621 if (q && (rd & 1)) {
6625 op = (insn >> 8) & 0xf;
6626 /* One register and immediate. */
6627 imm = (u << 7) | ((insn >> 12) & 0x70) | (insn & 0xf);
6628 invert = (insn & (1 << 5)) != 0;
6629 /* Note that op = 2,3,4,5,6,7,10,11,12,13 imm=0 is UNPREDICTABLE.
6630 * We choose to not special-case this and will behave as if a
6631 * valid constant encoding of 0 had been given.
6650 imm = (imm << 8) | (imm << 24);
6653 imm = (imm << 8) | 0xff;
6656 imm = (imm << 16) | 0xffff;
6659 imm |= (imm << 8) | (imm << 16) | (imm << 24);
6667 imm = ((imm & 0x80) << 24) | ((imm & 0x3f) << 19)
6668 | ((imm & 0x40) ? (0x1f << 25) : (1 << 30));
6674 for (pass = 0; pass < (q ? 4 : 2); pass++) {
6675 if (op & 1 && op < 12) {
6676 tmp = neon_load_reg(rd, pass);
6678 /* The immediate value has already been inverted, so
6680 tcg_gen_andi_i32(tmp, tmp, imm);
6682 tcg_gen_ori_i32(tmp, tmp, imm);
6686 tmp = tcg_temp_new_i32();
6687 if (op == 14 && invert) {
6691 for (n = 0; n < 4; n++) {
6692 if (imm & (1 << (n + (pass & 1) * 4)))
6693 val |= 0xff << (n * 8);
6695 tcg_gen_movi_i32(tmp, val);
6697 tcg_gen_movi_i32(tmp, imm);
6700 neon_store_reg(rd, pass, tmp);
6703 } else { /* (insn & 0x00800010 == 0x00800000) */
6705 op = (insn >> 8) & 0xf;
6706 if ((insn & (1 << 6)) == 0) {
6707 /* Three registers of different lengths. */
6711 /* undefreq: bit 0 : UNDEF if size == 0
6712 * bit 1 : UNDEF if size == 1
6713 * bit 2 : UNDEF if size == 2
6714 * bit 3 : UNDEF if U == 1
6715 * Note that [2:0] set implies 'always UNDEF'
6718 /* prewiden, src1_wide, src2_wide, undefreq */
6719 static const int neon_3reg_wide[16][4] = {
6720 {1, 0, 0, 0}, /* VADDL */
6721 {1, 1, 0, 0}, /* VADDW */
6722 {1, 0, 0, 0}, /* VSUBL */
6723 {1, 1, 0, 0}, /* VSUBW */
6724 {0, 1, 1, 0}, /* VADDHN */
6725 {0, 0, 0, 0}, /* VABAL */
6726 {0, 1, 1, 0}, /* VSUBHN */
6727 {0, 0, 0, 0}, /* VABDL */
6728 {0, 0, 0, 0}, /* VMLAL */
6729 {0, 0, 0, 9}, /* VQDMLAL */
6730 {0, 0, 0, 0}, /* VMLSL */
6731 {0, 0, 0, 9}, /* VQDMLSL */
6732 {0, 0, 0, 0}, /* Integer VMULL */
6733 {0, 0, 0, 1}, /* VQDMULL */
6734 {0, 0, 0, 0xa}, /* Polynomial VMULL */
6735 {0, 0, 0, 7}, /* Reserved: always UNDEF */
6738 prewiden = neon_3reg_wide[op][0];
6739 src1_wide = neon_3reg_wide[op][1];
6740 src2_wide = neon_3reg_wide[op][2];
6741 undefreq = neon_3reg_wide[op][3];
6743 if ((undefreq & (1 << size)) ||
6744 ((undefreq & 8) && u)) {
6747 if ((src1_wide && (rn & 1)) ||
6748 (src2_wide && (rm & 1)) ||
6749 (!src2_wide && (rd & 1))) {
6753 /* Handle VMULL.P64 (Polynomial 64x64 to 128 bit multiply)
6754 * outside the loop below as it only performs a single pass.
6756 if (op == 14 && size == 2) {
6757 TCGv_i64 tcg_rn, tcg_rm, tcg_rd;
6759 if (!arm_dc_feature(s, ARM_FEATURE_V8_PMULL)) {
6762 tcg_rn = tcg_temp_new_i64();
6763 tcg_rm = tcg_temp_new_i64();
6764 tcg_rd = tcg_temp_new_i64();
6765 neon_load_reg64(tcg_rn, rn);
6766 neon_load_reg64(tcg_rm, rm);
6767 gen_helper_neon_pmull_64_lo(tcg_rd, tcg_rn, tcg_rm);
6768 neon_store_reg64(tcg_rd, rd);
6769 gen_helper_neon_pmull_64_hi(tcg_rd, tcg_rn, tcg_rm);
6770 neon_store_reg64(tcg_rd, rd + 1);
6771 tcg_temp_free_i64(tcg_rn);
6772 tcg_temp_free_i64(tcg_rm);
6773 tcg_temp_free_i64(tcg_rd);
6777 /* Avoid overlapping operands. Wide source operands are
6778 always aligned so will never overlap with wide
6779 destinations in problematic ways. */
6780 if (rd == rm && !src2_wide) {
6781 tmp = neon_load_reg(rm, 1);
6782 neon_store_scratch(2, tmp);
6783 } else if (rd == rn && !src1_wide) {
6784 tmp = neon_load_reg(rn, 1);
6785 neon_store_scratch(2, tmp);
6788 for (pass = 0; pass < 2; pass++) {
6790 neon_load_reg64(cpu_V0, rn + pass);
6793 if (pass == 1 && rd == rn) {
6794 tmp = neon_load_scratch(2);
6796 tmp = neon_load_reg(rn, pass);
6799 gen_neon_widen(cpu_V0, tmp, size, u);
6803 neon_load_reg64(cpu_V1, rm + pass);
6806 if (pass == 1 && rd == rm) {
6807 tmp2 = neon_load_scratch(2);
6809 tmp2 = neon_load_reg(rm, pass);
6812 gen_neon_widen(cpu_V1, tmp2, size, u);
6816 case 0: case 1: case 4: /* VADDL, VADDW, VADDHN, VRADDHN */
6817 gen_neon_addl(size);
6819 case 2: case 3: case 6: /* VSUBL, VSUBW, VSUBHN, VRSUBHN */
6820 gen_neon_subl(size);
6822 case 5: case 7: /* VABAL, VABDL */
6823 switch ((size << 1) | u) {
6825 gen_helper_neon_abdl_s16(cpu_V0, tmp, tmp2);
6828 gen_helper_neon_abdl_u16(cpu_V0, tmp, tmp2);
6831 gen_helper_neon_abdl_s32(cpu_V0, tmp, tmp2);
6834 gen_helper_neon_abdl_u32(cpu_V0, tmp, tmp2);
6837 gen_helper_neon_abdl_s64(cpu_V0, tmp, tmp2);
6840 gen_helper_neon_abdl_u64(cpu_V0, tmp, tmp2);
6844 tcg_temp_free_i32(tmp2);
6845 tcg_temp_free_i32(tmp);
6847 case 8: case 9: case 10: case 11: case 12: case 13:
6848 /* VMLAL, VQDMLAL, VMLSL, VQDMLSL, VMULL, VQDMULL */
6849 gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
6851 case 14: /* Polynomial VMULL */
6852 gen_helper_neon_mull_p8(cpu_V0, tmp, tmp2);
6853 tcg_temp_free_i32(tmp2);
6854 tcg_temp_free_i32(tmp);
6856 default: /* 15 is RESERVED: caught earlier */
6861 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6862 neon_store_reg64(cpu_V0, rd + pass);
6863 } else if (op == 5 || (op >= 8 && op <= 11)) {
6865 neon_load_reg64(cpu_V1, rd + pass);
6867 case 10: /* VMLSL */
6868 gen_neon_negl(cpu_V0, size);
6870 case 5: case 8: /* VABAL, VMLAL */
6871 gen_neon_addl(size);
6873 case 9: case 11: /* VQDMLAL, VQDMLSL */
6874 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6876 gen_neon_negl(cpu_V0, size);
6878 gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
6883 neon_store_reg64(cpu_V0, rd + pass);
6884 } else if (op == 4 || op == 6) {
6885 /* Narrowing operation. */
6886 tmp = tcg_temp_new_i32();
6890 gen_helper_neon_narrow_high_u8(tmp, cpu_V0);
6893 gen_helper_neon_narrow_high_u16(tmp, cpu_V0);
6896 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
6897 tcg_gen_extrl_i64_i32(tmp, cpu_V0);
6904 gen_helper_neon_narrow_round_high_u8(tmp, cpu_V0);
6907 gen_helper_neon_narrow_round_high_u16(tmp, cpu_V0);
6910 tcg_gen_addi_i64(cpu_V0, cpu_V0, 1u << 31);
6911 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
6912 tcg_gen_extrl_i64_i32(tmp, cpu_V0);
6920 neon_store_reg(rd, 0, tmp3);
6921 neon_store_reg(rd, 1, tmp);
6924 /* Write back the result. */
6925 neon_store_reg64(cpu_V0, rd + pass);
6929 /* Two registers and a scalar. NB that for ops of this form
6930 * the ARM ARM labels bit 24 as Q, but it is in our variable
6937 case 1: /* Float VMLA scalar */
6938 case 5: /* Floating point VMLS scalar */
6939 case 9: /* Floating point VMUL scalar */
6944 case 0: /* Integer VMLA scalar */
6945 case 4: /* Integer VMLS scalar */
6946 case 8: /* Integer VMUL scalar */
6947 case 12: /* VQDMULH scalar */
6948 case 13: /* VQRDMULH scalar */
6949 if (u && ((rd | rn) & 1)) {
6952 tmp = neon_get_scalar(size, rm);
6953 neon_store_scratch(0, tmp);
6954 for (pass = 0; pass < (u ? 4 : 2); pass++) {
6955 tmp = neon_load_scratch(0);
6956 tmp2 = neon_load_reg(rn, pass);
6959 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
6961 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
6963 } else if (op == 13) {
6965 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
6967 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
6969 } else if (op & 1) {
6970 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6971 gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
6972 tcg_temp_free_ptr(fpstatus);
6975 case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
6976 case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
6977 case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
6981 tcg_temp_free_i32(tmp2);
6984 tmp2 = neon_load_reg(rd, pass);
6987 gen_neon_add(size, tmp, tmp2);
6991 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6992 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
6993 tcg_temp_free_ptr(fpstatus);
6997 gen_neon_rsb(size, tmp, tmp2);
7001 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7002 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
7003 tcg_temp_free_ptr(fpstatus);
7009 tcg_temp_free_i32(tmp2);
7011 neon_store_reg(rd, pass, tmp);
7014 case 3: /* VQDMLAL scalar */
7015 case 7: /* VQDMLSL scalar */
7016 case 11: /* VQDMULL scalar */
7021 case 2: /* VMLAL sclar */
7022 case 6: /* VMLSL scalar */
7023 case 10: /* VMULL scalar */
7027 tmp2 = neon_get_scalar(size, rm);
7028 /* We need a copy of tmp2 because gen_neon_mull
7029 * deletes it during pass 0. */
7030 tmp4 = tcg_temp_new_i32();
7031 tcg_gen_mov_i32(tmp4, tmp2);
7032 tmp3 = neon_load_reg(rn, 1);
7034 for (pass = 0; pass < 2; pass++) {
7036 tmp = neon_load_reg(rn, 0);
7041 gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
7043 neon_load_reg64(cpu_V1, rd + pass);
7047 gen_neon_negl(cpu_V0, size);
7050 gen_neon_addl(size);
7053 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
7055 gen_neon_negl(cpu_V0, size);
7057 gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
7063 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
7068 neon_store_reg64(cpu_V0, rd + pass);
7071 case 14: /* VQRDMLAH scalar */
7072 case 15: /* VQRDMLSH scalar */
7074 NeonGenThreeOpEnvFn *fn;
7076 if (!arm_dc_feature(s, ARM_FEATURE_V8_RDM)) {
7079 if (u && ((rd | rn) & 1)) {
7084 fn = gen_helper_neon_qrdmlah_s16;
7086 fn = gen_helper_neon_qrdmlah_s32;
7090 fn = gen_helper_neon_qrdmlsh_s16;
7092 fn = gen_helper_neon_qrdmlsh_s32;
7096 tmp2 = neon_get_scalar(size, rm);
7097 for (pass = 0; pass < (u ? 4 : 2); pass++) {
7098 tmp = neon_load_reg(rn, pass);
7099 tmp3 = neon_load_reg(rd, pass);
7100 fn(tmp, cpu_env, tmp, tmp2, tmp3);
7101 tcg_temp_free_i32(tmp3);
7102 neon_store_reg(rd, pass, tmp);
7104 tcg_temp_free_i32(tmp2);
7108 g_assert_not_reached();
7111 } else { /* size == 3 */
7114 imm = (insn >> 8) & 0xf;
7119 if (q && ((rd | rn | rm) & 1)) {
7124 neon_load_reg64(cpu_V0, rn);
7126 neon_load_reg64(cpu_V1, rn + 1);
7128 } else if (imm == 8) {
7129 neon_load_reg64(cpu_V0, rn + 1);
7131 neon_load_reg64(cpu_V1, rm);
7134 tmp64 = tcg_temp_new_i64();
7136 neon_load_reg64(cpu_V0, rn);
7137 neon_load_reg64(tmp64, rn + 1);
7139 neon_load_reg64(cpu_V0, rn + 1);
7140 neon_load_reg64(tmp64, rm);
7142 tcg_gen_shri_i64(cpu_V0, cpu_V0, (imm & 7) * 8);
7143 tcg_gen_shli_i64(cpu_V1, tmp64, 64 - ((imm & 7) * 8));
7144 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
7146 neon_load_reg64(cpu_V1, rm);
7148 neon_load_reg64(cpu_V1, rm + 1);
7151 tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
7152 tcg_gen_shri_i64(tmp64, tmp64, imm * 8);
7153 tcg_gen_or_i64(cpu_V1, cpu_V1, tmp64);
7154 tcg_temp_free_i64(tmp64);
7157 neon_load_reg64(cpu_V0, rn);
7158 tcg_gen_shri_i64(cpu_V0, cpu_V0, imm * 8);
7159 neon_load_reg64(cpu_V1, rm);
7160 tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
7161 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
7163 neon_store_reg64(cpu_V0, rd);
7165 neon_store_reg64(cpu_V1, rd + 1);
7167 } else if ((insn & (1 << 11)) == 0) {
7168 /* Two register misc. */
7169 op = ((insn >> 12) & 0x30) | ((insn >> 7) & 0xf);
7170 size = (insn >> 18) & 3;
7171 /* UNDEF for unknown op values and bad op-size combinations */
7172 if ((neon_2rm_sizes[op] & (1 << size)) == 0) {
7175 if (neon_2rm_is_v8_op(op) &&
7176 !arm_dc_feature(s, ARM_FEATURE_V8)) {
7179 if ((op != NEON_2RM_VMOVN && op != NEON_2RM_VQMOVN) &&
7180 q && ((rm | rd) & 1)) {
7184 case NEON_2RM_VREV64:
7185 for (pass = 0; pass < (q ? 2 : 1); pass++) {
7186 tmp = neon_load_reg(rm, pass * 2);
7187 tmp2 = neon_load_reg(rm, pass * 2 + 1);
7189 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
7190 case 1: gen_swap_half(tmp); break;
7191 case 2: /* no-op */ break;
7194 neon_store_reg(rd, pass * 2 + 1, tmp);
7196 neon_store_reg(rd, pass * 2, tmp2);
7199 case 0: tcg_gen_bswap32_i32(tmp2, tmp2); break;
7200 case 1: gen_swap_half(tmp2); break;
7203 neon_store_reg(rd, pass * 2, tmp2);
7207 case NEON_2RM_VPADDL: case NEON_2RM_VPADDL_U:
7208 case NEON_2RM_VPADAL: case NEON_2RM_VPADAL_U:
7209 for (pass = 0; pass < q + 1; pass++) {
7210 tmp = neon_load_reg(rm, pass * 2);
7211 gen_neon_widen(cpu_V0, tmp, size, op & 1);
7212 tmp = neon_load_reg(rm, pass * 2 + 1);
7213 gen_neon_widen(cpu_V1, tmp, size, op & 1);
7215 case 0: gen_helper_neon_paddl_u16(CPU_V001); break;
7216 case 1: gen_helper_neon_paddl_u32(CPU_V001); break;
7217 case 2: tcg_gen_add_i64(CPU_V001); break;
7220 if (op >= NEON_2RM_VPADAL) {
7222 neon_load_reg64(cpu_V1, rd + pass);
7223 gen_neon_addl(size);
7225 neon_store_reg64(cpu_V0, rd + pass);
7231 for (n = 0; n < (q ? 4 : 2); n += 2) {
7232 tmp = neon_load_reg(rm, n);
7233 tmp2 = neon_load_reg(rd, n + 1);
7234 neon_store_reg(rm, n, tmp2);
7235 neon_store_reg(rd, n + 1, tmp);
7242 if (gen_neon_unzip(rd, rm, size, q)) {
7247 if (gen_neon_zip(rd, rm, size, q)) {
7251 case NEON_2RM_VMOVN: case NEON_2RM_VQMOVN:
7252 /* also VQMOVUN; op field and mnemonics don't line up */
7257 for (pass = 0; pass < 2; pass++) {
7258 neon_load_reg64(cpu_V0, rm + pass);
7259 tmp = tcg_temp_new_i32();
7260 gen_neon_narrow_op(op == NEON_2RM_VMOVN, q, size,
7265 neon_store_reg(rd, 0, tmp2);
7266 neon_store_reg(rd, 1, tmp);
7270 case NEON_2RM_VSHLL:
7271 if (q || (rd & 1)) {
7274 tmp = neon_load_reg(rm, 0);
7275 tmp2 = neon_load_reg(rm, 1);
7276 for (pass = 0; pass < 2; pass++) {
7279 gen_neon_widen(cpu_V0, tmp, size, 1);
7280 tcg_gen_shli_i64(cpu_V0, cpu_V0, 8 << size);
7281 neon_store_reg64(cpu_V0, rd + pass);
7284 case NEON_2RM_VCVT_F16_F32:
7289 if (!arm_dc_feature(s, ARM_FEATURE_VFP_FP16) ||
7293 tmp = tcg_temp_new_i32();
7294 tmp2 = tcg_temp_new_i32();
7295 fpst = get_fpstatus_ptr(true);
7296 ahp = get_ahp_flag();
7297 tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 0));
7298 gen_helper_vfp_fcvt_f32_to_f16(tmp, cpu_F0s, fpst, ahp);
7299 tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 1));
7300 gen_helper_vfp_fcvt_f32_to_f16(tmp2, cpu_F0s, fpst, ahp);
7301 tcg_gen_shli_i32(tmp2, tmp2, 16);
7302 tcg_gen_or_i32(tmp2, tmp2, tmp);
7303 tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 2));
7304 gen_helper_vfp_fcvt_f32_to_f16(tmp, cpu_F0s, fpst, ahp);
7305 tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 3));
7306 neon_store_reg(rd, 0, tmp2);
7307 tmp2 = tcg_temp_new_i32();
7308 gen_helper_vfp_fcvt_f32_to_f16(tmp2, cpu_F0s, fpst, ahp);
7309 tcg_gen_shli_i32(tmp2, tmp2, 16);
7310 tcg_gen_or_i32(tmp2, tmp2, tmp);
7311 neon_store_reg(rd, 1, tmp2);
7312 tcg_temp_free_i32(tmp);
7313 tcg_temp_free_i32(ahp);
7314 tcg_temp_free_ptr(fpst);
7317 case NEON_2RM_VCVT_F32_F16:
7321 if (!arm_dc_feature(s, ARM_FEATURE_VFP_FP16) ||
7325 fpst = get_fpstatus_ptr(true);
7326 ahp = get_ahp_flag();
7327 tmp3 = tcg_temp_new_i32();
7328 tmp = neon_load_reg(rm, 0);
7329 tmp2 = neon_load_reg(rm, 1);
7330 tcg_gen_ext16u_i32(tmp3, tmp);
7331 gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp3, fpst, ahp);
7332 tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 0));
7333 tcg_gen_shri_i32(tmp3, tmp, 16);
7334 gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp3, fpst, ahp);
7335 tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 1));
7336 tcg_temp_free_i32(tmp);
7337 tcg_gen_ext16u_i32(tmp3, tmp2);
7338 gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp3, fpst, ahp);
7339 tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 2));
7340 tcg_gen_shri_i32(tmp3, tmp2, 16);
7341 gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp3, fpst, ahp);
7342 tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 3));
7343 tcg_temp_free_i32(tmp2);
7344 tcg_temp_free_i32(tmp3);
7345 tcg_temp_free_i32(ahp);
7346 tcg_temp_free_ptr(fpst);
7349 case NEON_2RM_AESE: case NEON_2RM_AESMC:
7350 if (!arm_dc_feature(s, ARM_FEATURE_V8_AES)
7351 || ((rm | rd) & 1)) {
7354 ptr1 = vfp_reg_ptr(true, rd);
7355 ptr2 = vfp_reg_ptr(true, rm);
7357 /* Bit 6 is the lowest opcode bit; it distinguishes between
7358 * encryption (AESE/AESMC) and decryption (AESD/AESIMC)
7360 tmp3 = tcg_const_i32(extract32(insn, 6, 1));
7362 if (op == NEON_2RM_AESE) {
7363 gen_helper_crypto_aese(ptr1, ptr2, tmp3);
7365 gen_helper_crypto_aesmc(ptr1, ptr2, tmp3);
7367 tcg_temp_free_ptr(ptr1);
7368 tcg_temp_free_ptr(ptr2);
7369 tcg_temp_free_i32(tmp3);
7371 case NEON_2RM_SHA1H:
7372 if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA1)
7373 || ((rm | rd) & 1)) {
7376 ptr1 = vfp_reg_ptr(true, rd);
7377 ptr2 = vfp_reg_ptr(true, rm);
7379 gen_helper_crypto_sha1h(ptr1, ptr2);
7381 tcg_temp_free_ptr(ptr1);
7382 tcg_temp_free_ptr(ptr2);
7384 case NEON_2RM_SHA1SU1:
7385 if ((rm | rd) & 1) {
7388 /* bit 6 (q): set -> SHA256SU0, cleared -> SHA1SU1 */
7390 if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA256)) {
7393 } else if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA1)) {
7396 ptr1 = vfp_reg_ptr(true, rd);
7397 ptr2 = vfp_reg_ptr(true, rm);
7399 gen_helper_crypto_sha256su0(ptr1, ptr2);
7401 gen_helper_crypto_sha1su1(ptr1, ptr2);
7403 tcg_temp_free_ptr(ptr1);
7404 tcg_temp_free_ptr(ptr2);
7408 for (pass = 0; pass < (q ? 4 : 2); pass++) {
7409 if (neon_2rm_is_float_op(op)) {
7410 tcg_gen_ld_f32(cpu_F0s, cpu_env,
7411 neon_reg_offset(rm, pass));
7414 tmp = neon_load_reg(rm, pass);
7417 case NEON_2RM_VREV32:
7419 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
7420 case 1: gen_swap_half(tmp); break;
7424 case NEON_2RM_VREV16:
7429 case 0: gen_helper_neon_cls_s8(tmp, tmp); break;
7430 case 1: gen_helper_neon_cls_s16(tmp, tmp); break;
7431 case 2: gen_helper_neon_cls_s32(tmp, tmp); break;
7437 case 0: gen_helper_neon_clz_u8(tmp, tmp); break;
7438 case 1: gen_helper_neon_clz_u16(tmp, tmp); break;
7439 case 2: tcg_gen_clzi_i32(tmp, tmp, 32); break;
7444 gen_helper_neon_cnt_u8(tmp, tmp);
7447 tcg_gen_not_i32(tmp, tmp);
7449 case NEON_2RM_VQABS:
7452 gen_helper_neon_qabs_s8(tmp, cpu_env, tmp);
7455 gen_helper_neon_qabs_s16(tmp, cpu_env, tmp);
7458 gen_helper_neon_qabs_s32(tmp, cpu_env, tmp);
7463 case NEON_2RM_VQNEG:
7466 gen_helper_neon_qneg_s8(tmp, cpu_env, tmp);
7469 gen_helper_neon_qneg_s16(tmp, cpu_env, tmp);
7472 gen_helper_neon_qneg_s32(tmp, cpu_env, tmp);
7477 case NEON_2RM_VCGT0: case NEON_2RM_VCLE0:
7478 tmp2 = tcg_const_i32(0);
7480 case 0: gen_helper_neon_cgt_s8(tmp, tmp, tmp2); break;
7481 case 1: gen_helper_neon_cgt_s16(tmp, tmp, tmp2); break;
7482 case 2: gen_helper_neon_cgt_s32(tmp, tmp, tmp2); break;
7485 tcg_temp_free_i32(tmp2);
7486 if (op == NEON_2RM_VCLE0) {
7487 tcg_gen_not_i32(tmp, tmp);
7490 case NEON_2RM_VCGE0: case NEON_2RM_VCLT0:
7491 tmp2 = tcg_const_i32(0);
7493 case 0: gen_helper_neon_cge_s8(tmp, tmp, tmp2); break;
7494 case 1: gen_helper_neon_cge_s16(tmp, tmp, tmp2); break;
7495 case 2: gen_helper_neon_cge_s32(tmp, tmp, tmp2); break;
7498 tcg_temp_free_i32(tmp2);
7499 if (op == NEON_2RM_VCLT0) {
7500 tcg_gen_not_i32(tmp, tmp);
7503 case NEON_2RM_VCEQ0:
7504 tmp2 = tcg_const_i32(0);
7506 case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
7507 case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
7508 case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
7511 tcg_temp_free_i32(tmp2);
7515 case 0: gen_helper_neon_abs_s8(tmp, tmp); break;
7516 case 1: gen_helper_neon_abs_s16(tmp, tmp); break;
7517 case 2: tcg_gen_abs_i32(tmp, tmp); break;
7522 tmp2 = tcg_const_i32(0);
7523 gen_neon_rsb(size, tmp, tmp2);
7524 tcg_temp_free_i32(tmp2);
7526 case NEON_2RM_VCGT0_F:
7528 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7529 tmp2 = tcg_const_i32(0);
7530 gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
7531 tcg_temp_free_i32(tmp2);
7532 tcg_temp_free_ptr(fpstatus);
7535 case NEON_2RM_VCGE0_F:
7537 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7538 tmp2 = tcg_const_i32(0);
7539 gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
7540 tcg_temp_free_i32(tmp2);
7541 tcg_temp_free_ptr(fpstatus);
7544 case NEON_2RM_VCEQ0_F:
7546 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7547 tmp2 = tcg_const_i32(0);
7548 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
7549 tcg_temp_free_i32(tmp2);
7550 tcg_temp_free_ptr(fpstatus);
7553 case NEON_2RM_VCLE0_F:
7555 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7556 tmp2 = tcg_const_i32(0);
7557 gen_helper_neon_cge_f32(tmp, tmp2, tmp, fpstatus);
7558 tcg_temp_free_i32(tmp2);
7559 tcg_temp_free_ptr(fpstatus);
7562 case NEON_2RM_VCLT0_F:
7564 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7565 tmp2 = tcg_const_i32(0);
7566 gen_helper_neon_cgt_f32(tmp, tmp2, tmp, fpstatus);
7567 tcg_temp_free_i32(tmp2);
7568 tcg_temp_free_ptr(fpstatus);
7571 case NEON_2RM_VABS_F:
7574 case NEON_2RM_VNEG_F:
7578 tmp2 = neon_load_reg(rd, pass);
7579 neon_store_reg(rm, pass, tmp2);
7582 tmp2 = neon_load_reg(rd, pass);
7584 case 0: gen_neon_trn_u8(tmp, tmp2); break;
7585 case 1: gen_neon_trn_u16(tmp, tmp2); break;
7588 neon_store_reg(rm, pass, tmp2);
7590 case NEON_2RM_VRINTN:
7591 case NEON_2RM_VRINTA:
7592 case NEON_2RM_VRINTM:
7593 case NEON_2RM_VRINTP:
7594 case NEON_2RM_VRINTZ:
7597 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7600 if (op == NEON_2RM_VRINTZ) {
7601 rmode = FPROUNDING_ZERO;
7603 rmode = fp_decode_rm[((op & 0x6) >> 1) ^ 1];
7606 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
7607 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
7609 gen_helper_rints(cpu_F0s, cpu_F0s, fpstatus);
7610 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
7612 tcg_temp_free_ptr(fpstatus);
7613 tcg_temp_free_i32(tcg_rmode);
7616 case NEON_2RM_VRINTX:
7618 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7619 gen_helper_rints_exact(cpu_F0s, cpu_F0s, fpstatus);
7620 tcg_temp_free_ptr(fpstatus);
7623 case NEON_2RM_VCVTAU:
7624 case NEON_2RM_VCVTAS:
7625 case NEON_2RM_VCVTNU:
7626 case NEON_2RM_VCVTNS:
7627 case NEON_2RM_VCVTPU:
7628 case NEON_2RM_VCVTPS:
7629 case NEON_2RM_VCVTMU:
7630 case NEON_2RM_VCVTMS:
7632 bool is_signed = !extract32(insn, 7, 1);
7633 TCGv_ptr fpst = get_fpstatus_ptr(1);
7634 TCGv_i32 tcg_rmode, tcg_shift;
7635 int rmode = fp_decode_rm[extract32(insn, 8, 2)];
7637 tcg_shift = tcg_const_i32(0);
7638 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
7639 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
7643 gen_helper_vfp_tosls(cpu_F0s, cpu_F0s,
7646 gen_helper_vfp_touls(cpu_F0s, cpu_F0s,
7650 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
7652 tcg_temp_free_i32(tcg_rmode);
7653 tcg_temp_free_i32(tcg_shift);
7654 tcg_temp_free_ptr(fpst);
7657 case NEON_2RM_VRECPE:
7659 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7660 gen_helper_recpe_u32(tmp, tmp, fpstatus);
7661 tcg_temp_free_ptr(fpstatus);
7664 case NEON_2RM_VRSQRTE:
7666 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7667 gen_helper_rsqrte_u32(tmp, tmp, fpstatus);
7668 tcg_temp_free_ptr(fpstatus);
7671 case NEON_2RM_VRECPE_F:
7673 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7674 gen_helper_recpe_f32(cpu_F0s, cpu_F0s, fpstatus);
7675 tcg_temp_free_ptr(fpstatus);
7678 case NEON_2RM_VRSQRTE_F:
7680 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7681 gen_helper_rsqrte_f32(cpu_F0s, cpu_F0s, fpstatus);
7682 tcg_temp_free_ptr(fpstatus);
7685 case NEON_2RM_VCVT_FS: /* VCVT.F32.S32 */
7688 case NEON_2RM_VCVT_FU: /* VCVT.F32.U32 */
7691 case NEON_2RM_VCVT_SF: /* VCVT.S32.F32 */
7692 gen_vfp_tosiz(0, 1);
7694 case NEON_2RM_VCVT_UF: /* VCVT.U32.F32 */
7695 gen_vfp_touiz(0, 1);
7698 /* Reserved op values were caught by the
7699 * neon_2rm_sizes[] check earlier.
7703 if (neon_2rm_is_float_op(op)) {
7704 tcg_gen_st_f32(cpu_F0s, cpu_env,
7705 neon_reg_offset(rd, pass));
7707 neon_store_reg(rd, pass, tmp);
7712 } else if ((insn & (1 << 10)) == 0) {
7714 int n = ((insn >> 8) & 3) + 1;
7715 if ((rn + n) > 32) {
7716 /* This is UNPREDICTABLE; we choose to UNDEF to avoid the
7717 * helper function running off the end of the register file.
7722 if (insn & (1 << 6)) {
7723 tmp = neon_load_reg(rd, 0);
7725 tmp = tcg_temp_new_i32();
7726 tcg_gen_movi_i32(tmp, 0);
7728 tmp2 = neon_load_reg(rm, 0);
7729 ptr1 = vfp_reg_ptr(true, rn);
7730 tmp5 = tcg_const_i32(n);
7731 gen_helper_neon_tbl(tmp2, tmp2, tmp, ptr1, tmp5);
7732 tcg_temp_free_i32(tmp);
7733 if (insn & (1 << 6)) {
7734 tmp = neon_load_reg(rd, 1);
7736 tmp = tcg_temp_new_i32();
7737 tcg_gen_movi_i32(tmp, 0);
7739 tmp3 = neon_load_reg(rm, 1);
7740 gen_helper_neon_tbl(tmp3, tmp3, tmp, ptr1, tmp5);
7741 tcg_temp_free_i32(tmp5);
7742 tcg_temp_free_ptr(ptr1);
7743 neon_store_reg(rd, 0, tmp2);
7744 neon_store_reg(rd, 1, tmp3);
7745 tcg_temp_free_i32(tmp);
7746 } else if ((insn & 0x380) == 0) {
7748 if ((insn & (7 << 16)) == 0 || (q && (rd & 1))) {
7751 if (insn & (1 << 19)) {
7752 tmp = neon_load_reg(rm, 1);
7754 tmp = neon_load_reg(rm, 0);
7756 if (insn & (1 << 16)) {
7757 gen_neon_dup_u8(tmp, ((insn >> 17) & 3) * 8);
7758 } else if (insn & (1 << 17)) {
7759 if ((insn >> 18) & 1)
7760 gen_neon_dup_high16(tmp);
7762 gen_neon_dup_low16(tmp);
7764 for (pass = 0; pass < (q ? 4 : 2); pass++) {
7765 tmp2 = tcg_temp_new_i32();
7766 tcg_gen_mov_i32(tmp2, tmp);
7767 neon_store_reg(rd, pass, tmp2);
7769 tcg_temp_free_i32(tmp);
7778 /* Advanced SIMD three registers of the same length extension.
7779 * 31 25 23 22 20 16 12 11 10 9 8 3 0
7780 * +---------------+-----+---+-----+----+----+---+----+---+----+---------+----+
7781 * | 1 1 1 1 1 1 0 | op1 | D | op2 | Vn | Vd | 1 | o3 | 0 | o4 | N Q M U | Vm |
7782 * +---------------+-----+---+-----+----+----+---+----+---+----+---------+----+
7784 static int disas_neon_insn_3same_ext(DisasContext *s, uint32_t insn)
7786 gen_helper_gvec_3 *fn_gvec = NULL;
7787 gen_helper_gvec_3_ptr *fn_gvec_ptr = NULL;
7788 int rd, rn, rm, opr_sz;
7792 q = extract32(insn, 6, 1);
7793 VFP_DREG_D(rd, insn);
7794 VFP_DREG_N(rn, insn);
7795 VFP_DREG_M(rm, insn);
7796 if ((rd | rn | rm) & q) {
7800 if ((insn & 0xfe200f10) == 0xfc200800) {
7801 /* VCMLA -- 1111 110R R.1S .... .... 1000 ...0 .... */
7802 int size = extract32(insn, 20, 1);
7803 data = extract32(insn, 23, 2); /* rot */
7804 if (!arm_dc_feature(s, ARM_FEATURE_V8_FCMA)
7805 || (!size && !arm_dc_feature(s, ARM_FEATURE_V8_FP16))) {
7808 fn_gvec_ptr = size ? gen_helper_gvec_fcmlas : gen_helper_gvec_fcmlah;
7809 } else if ((insn & 0xfea00f10) == 0xfc800800) {
7810 /* VCADD -- 1111 110R 1.0S .... .... 1000 ...0 .... */
7811 int size = extract32(insn, 20, 1);
7812 data = extract32(insn, 24, 1); /* rot */
7813 if (!arm_dc_feature(s, ARM_FEATURE_V8_FCMA)
7814 || (!size && !arm_dc_feature(s, ARM_FEATURE_V8_FP16))) {
7817 fn_gvec_ptr = size ? gen_helper_gvec_fcadds : gen_helper_gvec_fcaddh;
7818 } else if ((insn & 0xfeb00f00) == 0xfc200d00) {
7819 /* V[US]DOT -- 1111 1100 0.10 .... .... 1101 .Q.U .... */
7820 bool u = extract32(insn, 4, 1);
7821 if (!arm_dc_feature(s, ARM_FEATURE_V8_DOTPROD)) {
7824 fn_gvec = u ? gen_helper_gvec_udot_b : gen_helper_gvec_sdot_b;
7829 if (s->fp_excp_el) {
7830 gen_exception_insn(s, 4, EXCP_UDEF,
7831 syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
7834 if (!s->vfp_enabled) {
7838 opr_sz = (1 + q) * 8;
7840 TCGv_ptr fpst = get_fpstatus_ptr(1);
7841 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd),
7842 vfp_reg_offset(1, rn),
7843 vfp_reg_offset(1, rm), fpst,
7844 opr_sz, opr_sz, data, fn_gvec_ptr);
7845 tcg_temp_free_ptr(fpst);
7847 tcg_gen_gvec_3_ool(vfp_reg_offset(1, rd),
7848 vfp_reg_offset(1, rn),
7849 vfp_reg_offset(1, rm),
7850 opr_sz, opr_sz, data, fn_gvec);
7855 /* Advanced SIMD two registers and a scalar extension.
7856 * 31 24 23 22 20 16 12 11 10 9 8 3 0
7857 * +-----------------+----+---+----+----+----+---+----+---+----+---------+----+
7858 * | 1 1 1 1 1 1 1 0 | o1 | D | o2 | Vn | Vd | 1 | o3 | 0 | o4 | N Q M U | Vm |
7859 * +-----------------+----+---+----+----+----+---+----+---+----+---------+----+
7863 static int disas_neon_insn_2reg_scalar_ext(DisasContext *s, uint32_t insn)
7865 gen_helper_gvec_3 *fn_gvec = NULL;
7866 gen_helper_gvec_3_ptr *fn_gvec_ptr = NULL;
7867 int rd, rn, rm, opr_sz, data;
7870 q = extract32(insn, 6, 1);
7871 VFP_DREG_D(rd, insn);
7872 VFP_DREG_N(rn, insn);
7873 if ((rd | rn) & q) {
7877 if ((insn & 0xff000f10) == 0xfe000800) {
7878 /* VCMLA (indexed) -- 1111 1110 S.RR .... .... 1000 ...0 .... */
7879 int rot = extract32(insn, 20, 2);
7880 int size = extract32(insn, 23, 1);
7883 if (!arm_dc_feature(s, ARM_FEATURE_V8_FCMA)) {
7887 if (!arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
7890 /* For fp16, rm is just Vm, and index is M. */
7891 rm = extract32(insn, 0, 4);
7892 index = extract32(insn, 5, 1);
7894 /* For fp32, rm is the usual M:Vm, and index is 0. */
7895 VFP_DREG_M(rm, insn);
7898 data = (index << 2) | rot;
7899 fn_gvec_ptr = (size ? gen_helper_gvec_fcmlas_idx
7900 : gen_helper_gvec_fcmlah_idx);
7901 } else if ((insn & 0xffb00f00) == 0xfe200d00) {
7902 /* V[US]DOT -- 1111 1110 0.10 .... .... 1101 .Q.U .... */
7903 int u = extract32(insn, 4, 1);
7904 if (!arm_dc_feature(s, ARM_FEATURE_V8_DOTPROD)) {
7907 fn_gvec = u ? gen_helper_gvec_udot_idx_b : gen_helper_gvec_sdot_idx_b;
7908 /* rm is just Vm, and index is M. */
7909 data = extract32(insn, 5, 1); /* index */
7910 rm = extract32(insn, 0, 4);
7915 if (s->fp_excp_el) {
7916 gen_exception_insn(s, 4, EXCP_UDEF,
7917 syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
7920 if (!s->vfp_enabled) {
7924 opr_sz = (1 + q) * 8;
7926 TCGv_ptr fpst = get_fpstatus_ptr(1);
7927 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd),
7928 vfp_reg_offset(1, rn),
7929 vfp_reg_offset(1, rm), fpst,
7930 opr_sz, opr_sz, data, fn_gvec_ptr);
7931 tcg_temp_free_ptr(fpst);
7933 tcg_gen_gvec_3_ool(vfp_reg_offset(1, rd),
7934 vfp_reg_offset(1, rn),
7935 vfp_reg_offset(1, rm),
7936 opr_sz, opr_sz, data, fn_gvec);
7941 static int disas_coproc_insn(DisasContext *s, uint32_t insn)
7943 int cpnum, is64, crn, crm, opc1, opc2, isread, rt, rt2;
7944 const ARMCPRegInfo *ri;
7946 cpnum = (insn >> 8) & 0xf;
7948 /* First check for coprocessor space used for XScale/iwMMXt insns */
7949 if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cpnum < 2)) {
7950 if (extract32(s->c15_cpar, cpnum, 1) == 0) {
7953 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
7954 return disas_iwmmxt_insn(s, insn);
7955 } else if (arm_dc_feature(s, ARM_FEATURE_XSCALE)) {
7956 return disas_dsp_insn(s, insn);
7961 /* Otherwise treat as a generic register access */
7962 is64 = (insn & (1 << 25)) == 0;
7963 if (!is64 && ((insn & (1 << 4)) == 0)) {
7971 opc1 = (insn >> 4) & 0xf;
7973 rt2 = (insn >> 16) & 0xf;
7975 crn = (insn >> 16) & 0xf;
7976 opc1 = (insn >> 21) & 7;
7977 opc2 = (insn >> 5) & 7;
7980 isread = (insn >> 20) & 1;
7981 rt = (insn >> 12) & 0xf;
7983 ri = get_arm_cp_reginfo(s->cp_regs,
7984 ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));
7986 /* Check access permissions */
7987 if (!cp_access_ok(s->current_el, ri, isread)) {
7992 (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
7993 /* Emit code to perform further access permissions checks at
7994 * runtime; this may result in an exception.
7995 * Note that on XScale all cp0..c13 registers do an access check
7996 * call in order to handle c15_cpar.
7999 TCGv_i32 tcg_syn, tcg_isread;
8002 /* Note that since we are an implementation which takes an
8003 * exception on a trapped conditional instruction only if the
8004 * instruction passes its condition code check, we can take
8005 * advantage of the clause in the ARM ARM that allows us to set
8006 * the COND field in the instruction to 0xE in all cases.
8007 * We could fish the actual condition out of the insn (ARM)
8008 * or the condexec bits (Thumb) but it isn't necessary.
8013 syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
8016 syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
8022 syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
8025 syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
8030 /* ARMv8 defines that only coprocessors 14 and 15 exist,
8031 * so this can only happen if this is an ARMv7 or earlier CPU,
8032 * in which case the syndrome information won't actually be
8035 assert(!arm_dc_feature(s, ARM_FEATURE_V8));
8036 syndrome = syn_uncategorized();
8040 gen_set_condexec(s);
8041 gen_set_pc_im(s, s->pc - 4);
8042 tmpptr = tcg_const_ptr(ri);
8043 tcg_syn = tcg_const_i32(syndrome);
8044 tcg_isread = tcg_const_i32(isread);
8045 gen_helper_access_check_cp_reg(cpu_env, tmpptr, tcg_syn,
8047 tcg_temp_free_ptr(tmpptr);
8048 tcg_temp_free_i32(tcg_syn);
8049 tcg_temp_free_i32(tcg_isread);
8052 /* Handle special cases first */
8053 switch (ri->type & ~(ARM_CP_FLAG_MASK & ~ARM_CP_SPECIAL)) {
8060 gen_set_pc_im(s, s->pc);
8061 s->base.is_jmp = DISAS_WFI;
8067 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
8076 if (ri->type & ARM_CP_CONST) {
8077 tmp64 = tcg_const_i64(ri->resetvalue);
8078 } else if (ri->readfn) {
8080 tmp64 = tcg_temp_new_i64();
8081 tmpptr = tcg_const_ptr(ri);
8082 gen_helper_get_cp_reg64(tmp64, cpu_env, tmpptr);
8083 tcg_temp_free_ptr(tmpptr);
8085 tmp64 = tcg_temp_new_i64();
8086 tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
8088 tmp = tcg_temp_new_i32();
8089 tcg_gen_extrl_i64_i32(tmp, tmp64);
8090 store_reg(s, rt, tmp);
8091 tcg_gen_shri_i64(tmp64, tmp64, 32);
8092 tmp = tcg_temp_new_i32();
8093 tcg_gen_extrl_i64_i32(tmp, tmp64);
8094 tcg_temp_free_i64(tmp64);
8095 store_reg(s, rt2, tmp);
8098 if (ri->type & ARM_CP_CONST) {
8099 tmp = tcg_const_i32(ri->resetvalue);
8100 } else if (ri->readfn) {
8102 tmp = tcg_temp_new_i32();
8103 tmpptr = tcg_const_ptr(ri);
8104 gen_helper_get_cp_reg(tmp, cpu_env, tmpptr);
8105 tcg_temp_free_ptr(tmpptr);
8107 tmp = load_cpu_offset(ri->fieldoffset);
8110 /* Destination register of r15 for 32 bit loads sets
8111 * the condition codes from the high 4 bits of the value
8114 tcg_temp_free_i32(tmp);
8116 store_reg(s, rt, tmp);
8121 if (ri->type & ARM_CP_CONST) {
8122 /* If not forbidden by access permissions, treat as WI */
8127 TCGv_i32 tmplo, tmphi;
8128 TCGv_i64 tmp64 = tcg_temp_new_i64();
8129 tmplo = load_reg(s, rt);
8130 tmphi = load_reg(s, rt2);
8131 tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);
8132 tcg_temp_free_i32(tmplo);
8133 tcg_temp_free_i32(tmphi);
8135 TCGv_ptr tmpptr = tcg_const_ptr(ri);
8136 gen_helper_set_cp_reg64(cpu_env, tmpptr, tmp64);
8137 tcg_temp_free_ptr(tmpptr);
8139 tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
8141 tcg_temp_free_i64(tmp64);
8146 tmp = load_reg(s, rt);
8147 tmpptr = tcg_const_ptr(ri);
8148 gen_helper_set_cp_reg(cpu_env, tmpptr, tmp);
8149 tcg_temp_free_ptr(tmpptr);
8150 tcg_temp_free_i32(tmp);
8152 TCGv_i32 tmp = load_reg(s, rt);
8153 store_cpu_offset(tmp, ri->fieldoffset);
8158 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
8159 /* I/O operations must end the TB here (whether read or write) */
8162 } else if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
8163 /* We default to ending the TB on a coprocessor register write,
8164 * but allow this to be suppressed by the register definition
8165 * (usually only necessary to work around guest bugs).
8173 /* Unknown register; this might be a guest error or a QEMU
8174 * unimplemented feature.
8177 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
8178 "64 bit system register cp:%d opc1: %d crm:%d "
8180 isread ? "read" : "write", cpnum, opc1, crm,
8181 s->ns ? "non-secure" : "secure");
8183 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
8184 "system register cp:%d opc1:%d crn:%d crm:%d opc2:%d "
8186 isread ? "read" : "write", cpnum, opc1, crn, crm, opc2,
8187 s->ns ? "non-secure" : "secure");
8194 /* Store a 64-bit value to a register pair. Clobbers val. */
8195 static void gen_storeq_reg(DisasContext *s, int rlow, int rhigh, TCGv_i64 val)
8198 tmp = tcg_temp_new_i32();
8199 tcg_gen_extrl_i64_i32(tmp, val);
8200 store_reg(s, rlow, tmp);
8201 tmp = tcg_temp_new_i32();
8202 tcg_gen_shri_i64(val, val, 32);
8203 tcg_gen_extrl_i64_i32(tmp, val);
8204 store_reg(s, rhigh, tmp);
8207 /* load a 32-bit value from a register and perform a 64-bit accumulate. */
8208 static void gen_addq_lo(DisasContext *s, TCGv_i64 val, int rlow)
8213 /* Load value and extend to 64 bits. */
8214 tmp = tcg_temp_new_i64();
8215 tmp2 = load_reg(s, rlow);
8216 tcg_gen_extu_i32_i64(tmp, tmp2);
8217 tcg_temp_free_i32(tmp2);
8218 tcg_gen_add_i64(val, val, tmp);
8219 tcg_temp_free_i64(tmp);
8222 /* load and add a 64-bit value from a register pair. */
8223 static void gen_addq(DisasContext *s, TCGv_i64 val, int rlow, int rhigh)
8229 /* Load 64-bit value rd:rn. */
8230 tmpl = load_reg(s, rlow);
8231 tmph = load_reg(s, rhigh);
8232 tmp = tcg_temp_new_i64();
8233 tcg_gen_concat_i32_i64(tmp, tmpl, tmph);
8234 tcg_temp_free_i32(tmpl);
8235 tcg_temp_free_i32(tmph);
8236 tcg_gen_add_i64(val, val, tmp);
8237 tcg_temp_free_i64(tmp);
8240 /* Set N and Z flags from hi|lo. */
8241 static void gen_logicq_cc(TCGv_i32 lo, TCGv_i32 hi)
8243 tcg_gen_mov_i32(cpu_NF, hi);
8244 tcg_gen_or_i32(cpu_ZF, lo, hi);
8247 /* Load/Store exclusive instructions are implemented by remembering
8248 the value/address loaded, and seeing if these are the same
8249 when the store is performed. This should be sufficient to implement
8250 the architecturally mandated semantics, and avoids having to monitor
8251 regular stores. The compare vs the remembered value is done during
8252 the cmpxchg operation, but we must compare the addresses manually. */
8253 static void gen_load_exclusive(DisasContext *s, int rt, int rt2,
8254 TCGv_i32 addr, int size)
8256 TCGv_i32 tmp = tcg_temp_new_i32();
8257 TCGMemOp opc = size | MO_ALIGN | s->be_data;
8262 TCGv_i32 tmp2 = tcg_temp_new_i32();
8263 TCGv_i64 t64 = tcg_temp_new_i64();
8265 /* For AArch32, architecturally the 32-bit word at the lowest
8266 * address is always Rt and the one at addr+4 is Rt2, even if
8267 * the CPU is big-endian. That means we don't want to do a
8268 * gen_aa32_ld_i64(), which invokes gen_aa32_frob64() as if
8269 * for an architecturally 64-bit access, but instead do a
8270 * 64-bit access using MO_BE if appropriate and then split
8272 * This only makes a difference for BE32 user-mode, where
8273 * frob64() must not flip the two halves of the 64-bit data
8274 * but this code must treat BE32 user-mode like BE32 system.
8276 TCGv taddr = gen_aa32_addr(s, addr, opc);
8278 tcg_gen_qemu_ld_i64(t64, taddr, get_mem_index(s), opc);
8279 tcg_temp_free(taddr);
8280 tcg_gen_mov_i64(cpu_exclusive_val, t64);
8281 if (s->be_data == MO_BE) {
8282 tcg_gen_extr_i64_i32(tmp2, tmp, t64);
8284 tcg_gen_extr_i64_i32(tmp, tmp2, t64);
8286 tcg_temp_free_i64(t64);
8288 store_reg(s, rt2, tmp2);
8290 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), opc);
8291 tcg_gen_extu_i32_i64(cpu_exclusive_val, tmp);
8294 store_reg(s, rt, tmp);
8295 tcg_gen_extu_i32_i64(cpu_exclusive_addr, addr);
8298 static void gen_clrex(DisasContext *s)
8300 tcg_gen_movi_i64(cpu_exclusive_addr, -1);
8303 static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
8304 TCGv_i32 addr, int size)
8306 TCGv_i32 t0, t1, t2;
8309 TCGLabel *done_label;
8310 TCGLabel *fail_label;
8311 TCGMemOp opc = size | MO_ALIGN | s->be_data;
8313 /* if (env->exclusive_addr == addr && env->exclusive_val == [addr]) {
8319 fail_label = gen_new_label();
8320 done_label = gen_new_label();
8321 extaddr = tcg_temp_new_i64();
8322 tcg_gen_extu_i32_i64(extaddr, addr);
8323 tcg_gen_brcond_i64(TCG_COND_NE, extaddr, cpu_exclusive_addr, fail_label);
8324 tcg_temp_free_i64(extaddr);
8326 taddr = gen_aa32_addr(s, addr, opc);
8327 t0 = tcg_temp_new_i32();
8328 t1 = load_reg(s, rt);
8330 TCGv_i64 o64 = tcg_temp_new_i64();
8331 TCGv_i64 n64 = tcg_temp_new_i64();
8333 t2 = load_reg(s, rt2);
8334 /* For AArch32, architecturally the 32-bit word at the lowest
8335 * address is always Rt and the one at addr+4 is Rt2, even if
8336 * the CPU is big-endian. Since we're going to treat this as a
8337 * single 64-bit BE store, we need to put the two halves in the
8338 * opposite order for BE to LE, so that they end up in the right
8340 * We don't want gen_aa32_frob64() because that does the wrong
8341 * thing for BE32 usermode.
8343 if (s->be_data == MO_BE) {
8344 tcg_gen_concat_i32_i64(n64, t2, t1);
8346 tcg_gen_concat_i32_i64(n64, t1, t2);
8348 tcg_temp_free_i32(t2);
8350 tcg_gen_atomic_cmpxchg_i64(o64, taddr, cpu_exclusive_val, n64,
8351 get_mem_index(s), opc);
8352 tcg_temp_free_i64(n64);
8354 tcg_gen_setcond_i64(TCG_COND_NE, o64, o64, cpu_exclusive_val);
8355 tcg_gen_extrl_i64_i32(t0, o64);
8357 tcg_temp_free_i64(o64);
8359 t2 = tcg_temp_new_i32();
8360 tcg_gen_extrl_i64_i32(t2, cpu_exclusive_val);
8361 tcg_gen_atomic_cmpxchg_i32(t0, taddr, t2, t1, get_mem_index(s), opc);
8362 tcg_gen_setcond_i32(TCG_COND_NE, t0, t0, t2);
8363 tcg_temp_free_i32(t2);
8365 tcg_temp_free_i32(t1);
8366 tcg_temp_free(taddr);
8367 tcg_gen_mov_i32(cpu_R[rd], t0);
8368 tcg_temp_free_i32(t0);
8369 tcg_gen_br(done_label);
8371 gen_set_label(fail_label);
8372 tcg_gen_movi_i32(cpu_R[rd], 1);
8373 gen_set_label(done_label);
8374 tcg_gen_movi_i64(cpu_exclusive_addr, -1);
8380 * @mode: mode field from insn (which stack to store to)
8381 * @amode: addressing mode (DA/IA/DB/IB), encoded as per P,U bits in ARM insn
8382 * @writeback: true if writeback bit set
8384 * Generate code for the SRS (Store Return State) insn.
8386 static void gen_srs(DisasContext *s,
8387 uint32_t mode, uint32_t amode, bool writeback)
8394 * - trapped to EL3 if EL3 is AArch64 and we are at Secure EL1
8395 * and specified mode is monitor mode
8396 * - UNDEFINED in Hyp mode
8397 * - UNPREDICTABLE in User or System mode
8398 * - UNPREDICTABLE if the specified mode is:
8399 * -- not implemented
8400 * -- not a valid mode number
8401 * -- a mode that's at a higher exception level
8402 * -- Monitor, if we are Non-secure
8403 * For the UNPREDICTABLE cases we choose to UNDEF.
8405 if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) {
8406 gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(), 3);
8410 if (s->current_el == 0 || s->current_el == 2) {
8415 case ARM_CPU_MODE_USR:
8416 case ARM_CPU_MODE_FIQ:
8417 case ARM_CPU_MODE_IRQ:
8418 case ARM_CPU_MODE_SVC:
8419 case ARM_CPU_MODE_ABT:
8420 case ARM_CPU_MODE_UND:
8421 case ARM_CPU_MODE_SYS:
8423 case ARM_CPU_MODE_HYP:
8424 if (s->current_el == 1 || !arm_dc_feature(s, ARM_FEATURE_EL2)) {
8428 case ARM_CPU_MODE_MON:
8429 /* No need to check specifically for "are we non-secure" because
8430 * we've already made EL0 UNDEF and handled the trap for S-EL1;
8431 * so if this isn't EL3 then we must be non-secure.
8433 if (s->current_el != 3) {
8442 gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
8443 default_exception_el(s));
8447 addr = tcg_temp_new_i32();
8448 tmp = tcg_const_i32(mode);
8449 /* get_r13_banked() will raise an exception if called from System mode */
8450 gen_set_condexec(s);
8451 gen_set_pc_im(s, s->pc - 4);
8452 gen_helper_get_r13_banked(addr, cpu_env, tmp);
8453 tcg_temp_free_i32(tmp);
8470 tcg_gen_addi_i32(addr, addr, offset);
8471 tmp = load_reg(s, 14);
8472 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
8473 tcg_temp_free_i32(tmp);
8474 tmp = load_cpu_field(spsr);
8475 tcg_gen_addi_i32(addr, addr, 4);
8476 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
8477 tcg_temp_free_i32(tmp);
8495 tcg_gen_addi_i32(addr, addr, offset);
8496 tmp = tcg_const_i32(mode);
8497 gen_helper_set_r13_banked(cpu_env, tmp, addr);
8498 tcg_temp_free_i32(tmp);
8500 tcg_temp_free_i32(addr);
8501 s->base.is_jmp = DISAS_UPDATE;
8504 /* Generate a label used for skipping this instruction */
8505 static void arm_gen_condlabel(DisasContext *s)
8508 s->condlabel = gen_new_label();
8513 /* Skip this instruction if the ARM condition is false */
8514 static void arm_skip_unless(DisasContext *s, uint32_t cond)
8516 arm_gen_condlabel(s);
8517 arm_gen_test_cc(cond ^ 1, s->condlabel);
8520 static void disas_arm_insn(DisasContext *s, unsigned int insn)
8522 unsigned int cond, val, op1, i, shift, rm, rs, rn, rd, sh;
8529 /* M variants do not implement ARM mode; this must raise the INVSTATE
8530 * UsageFault exception.
8532 if (arm_dc_feature(s, ARM_FEATURE_M)) {
8533 gen_exception_insn(s, 4, EXCP_INVSTATE, syn_uncategorized(),
8534 default_exception_el(s));
8539 /* In ARMv3 and v4 the NV condition is UNPREDICTABLE; we
8540 * choose to UNDEF. In ARMv5 and above the space is used
8541 * for miscellaneous unconditional instructions.
8545 /* Unconditional instructions. */
8546 if (((insn >> 25) & 7) == 1) {
8547 /* NEON Data processing. */
8548 if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
8552 if (disas_neon_data_insn(s, insn)) {
8557 if ((insn & 0x0f100000) == 0x04000000) {
8558 /* NEON load/store. */
8559 if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
8563 if (disas_neon_ls_insn(s, insn)) {
8568 if ((insn & 0x0f000e10) == 0x0e000a00) {
8570 if (disas_vfp_insn(s, insn)) {
8575 if (((insn & 0x0f30f000) == 0x0510f000) ||
8576 ((insn & 0x0f30f010) == 0x0710f000)) {
8577 if ((insn & (1 << 22)) == 0) {
8579 if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
8583 /* Otherwise PLD; v5TE+ */
8587 if (((insn & 0x0f70f000) == 0x0450f000) ||
8588 ((insn & 0x0f70f010) == 0x0650f000)) {
8590 return; /* PLI; V7 */
8592 if (((insn & 0x0f700000) == 0x04100000) ||
8593 ((insn & 0x0f700010) == 0x06100000)) {
8594 if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
8597 return; /* v7MP: Unallocated memory hint: must NOP */
8600 if ((insn & 0x0ffffdff) == 0x01010000) {
8603 if (((insn >> 9) & 1) != !!(s->be_data == MO_BE)) {
8604 gen_helper_setend(cpu_env);
8605 s->base.is_jmp = DISAS_UPDATE;
8608 } else if ((insn & 0x0fffff00) == 0x057ff000) {
8609 switch ((insn >> 4) & 0xf) {
8617 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
8620 /* We need to break the TB after this insn to execute
8621 * self-modifying code correctly and also to take
8622 * any pending interrupts immediately.
8624 gen_goto_tb(s, 0, s->pc & ~1);
8629 } else if ((insn & 0x0e5fffe0) == 0x084d0500) {
8632 gen_srs(s, (insn & 0x1f), (insn >> 23) & 3, insn & (1 << 21));
8634 } else if ((insn & 0x0e50ffe0) == 0x08100a00) {
8640 rn = (insn >> 16) & 0xf;
8641 addr = load_reg(s, rn);
8642 i = (insn >> 23) & 3;
8644 case 0: offset = -4; break; /* DA */
8645 case 1: offset = 0; break; /* IA */
8646 case 2: offset = -8; break; /* DB */
8647 case 3: offset = 4; break; /* IB */
8651 tcg_gen_addi_i32(addr, addr, offset);
8652 /* Load PC into tmp and CPSR into tmp2. */
8653 tmp = tcg_temp_new_i32();
8654 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8655 tcg_gen_addi_i32(addr, addr, 4);
8656 tmp2 = tcg_temp_new_i32();
8657 gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
8658 if (insn & (1 << 21)) {
8659 /* Base writeback. */
8661 case 0: offset = -8; break;
8662 case 1: offset = 4; break;
8663 case 2: offset = -4; break;
8664 case 3: offset = 0; break;
8668 tcg_gen_addi_i32(addr, addr, offset);
8669 store_reg(s, rn, addr);
8671 tcg_temp_free_i32(addr);
8673 gen_rfe(s, tmp, tmp2);
8675 } else if ((insn & 0x0e000000) == 0x0a000000) {
8676 /* branch link and change to thumb (blx <offset>) */
8679 val = (uint32_t)s->pc;
8680 tmp = tcg_temp_new_i32();
8681 tcg_gen_movi_i32(tmp, val);
8682 store_reg(s, 14, tmp);
8683 /* Sign-extend the 24-bit offset */
8684 offset = (((int32_t)insn) << 8) >> 8;
8685 /* offset * 4 + bit24 * 2 + (thumb bit) */
8686 val += (offset << 2) | ((insn >> 23) & 2) | 1;
8687 /* pipeline offset */
8689 /* protected by ARCH(5); above, near the start of uncond block */
8692 } else if ((insn & 0x0e000f00) == 0x0c000100) {
8693 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
8694 /* iWMMXt register transfer. */
8695 if (extract32(s->c15_cpar, 1, 1)) {
8696 if (!disas_iwmmxt_insn(s, insn)) {
8701 } else if ((insn & 0x0e000a00) == 0x0c000800
8702 && arm_dc_feature(s, ARM_FEATURE_V8)) {
8703 if (disas_neon_insn_3same_ext(s, insn)) {
8707 } else if ((insn & 0x0f000a00) == 0x0e000800
8708 && arm_dc_feature(s, ARM_FEATURE_V8)) {
8709 if (disas_neon_insn_2reg_scalar_ext(s, insn)) {
8713 } else if ((insn & 0x0fe00000) == 0x0c400000) {
8714 /* Coprocessor double register transfer. */
8716 } else if ((insn & 0x0f000010) == 0x0e000010) {
8717 /* Additional coprocessor register transfer. */
8718 } else if ((insn & 0x0ff10020) == 0x01000000) {
8721 /* cps (privileged) */
8725 if (insn & (1 << 19)) {
8726 if (insn & (1 << 8))
8728 if (insn & (1 << 7))
8730 if (insn & (1 << 6))
8732 if (insn & (1 << 18))
8735 if (insn & (1 << 17)) {
8737 val |= (insn & 0x1f);
8740 gen_set_psr_im(s, mask, 0, val);
8747 /* if not always execute, we generate a conditional jump to
8749 arm_skip_unless(s, cond);
8751 if ((insn & 0x0f900000) == 0x03000000) {
8752 if ((insn & (1 << 21)) == 0) {
8754 rd = (insn >> 12) & 0xf;
8755 val = ((insn >> 4) & 0xf000) | (insn & 0xfff);
8756 if ((insn & (1 << 22)) == 0) {
8758 tmp = tcg_temp_new_i32();
8759 tcg_gen_movi_i32(tmp, val);
8762 tmp = load_reg(s, rd);
8763 tcg_gen_ext16u_i32(tmp, tmp);
8764 tcg_gen_ori_i32(tmp, tmp, val << 16);
8766 store_reg(s, rd, tmp);
8768 if (((insn >> 12) & 0xf) != 0xf)
8770 if (((insn >> 16) & 0xf) == 0) {
8771 gen_nop_hint(s, insn & 0xff);
8773 /* CPSR = immediate */
8775 shift = ((insn >> 8) & 0xf) * 2;
8777 val = (val >> shift) | (val << (32 - shift));
8778 i = ((insn & (1 << 22)) != 0);
8779 if (gen_set_psr_im(s, msr_mask(s, (insn >> 16) & 0xf, i),
8785 } else if ((insn & 0x0f900000) == 0x01000000
8786 && (insn & 0x00000090) != 0x00000090) {
8787 /* miscellaneous instructions */
8788 op1 = (insn >> 21) & 3;
8789 sh = (insn >> 4) & 0xf;
8792 case 0x0: /* MSR, MRS */
8793 if (insn & (1 << 9)) {
8794 /* MSR (banked) and MRS (banked) */
8795 int sysm = extract32(insn, 16, 4) |
8796 (extract32(insn, 8, 1) << 4);
8797 int r = extract32(insn, 22, 1);
8801 gen_msr_banked(s, r, sysm, rm);
8804 int rd = extract32(insn, 12, 4);
8806 gen_mrs_banked(s, r, sysm, rd);
8811 /* MSR, MRS (for PSRs) */
8814 tmp = load_reg(s, rm);
8815 i = ((op1 & 2) != 0);
8816 if (gen_set_psr(s, msr_mask(s, (insn >> 16) & 0xf, i), i, tmp))
8820 rd = (insn >> 12) & 0xf;
8824 tmp = load_cpu_field(spsr);
8826 tmp = tcg_temp_new_i32();
8827 gen_helper_cpsr_read(tmp, cpu_env);
8829 store_reg(s, rd, tmp);
8834 /* branch/exchange thumb (bx). */
8836 tmp = load_reg(s, rm);
8838 } else if (op1 == 3) {
8841 rd = (insn >> 12) & 0xf;
8842 tmp = load_reg(s, rm);
8843 tcg_gen_clzi_i32(tmp, tmp, 32);
8844 store_reg(s, rd, tmp);
8852 /* Trivial implementation equivalent to bx. */
8853 tmp = load_reg(s, rm);
8864 /* branch link/exchange thumb (blx) */
8865 tmp = load_reg(s, rm);
8866 tmp2 = tcg_temp_new_i32();
8867 tcg_gen_movi_i32(tmp2, s->pc);
8868 store_reg(s, 14, tmp2);
8874 uint32_t c = extract32(insn, 8, 4);
8876 /* Check this CPU supports ARMv8 CRC instructions.
8877 * op1 == 3 is UNPREDICTABLE but handle as UNDEFINED.
8878 * Bits 8, 10 and 11 should be zero.
8880 if (!arm_dc_feature(s, ARM_FEATURE_CRC) || op1 == 0x3 ||
8885 rn = extract32(insn, 16, 4);
8886 rd = extract32(insn, 12, 4);
8888 tmp = load_reg(s, rn);
8889 tmp2 = load_reg(s, rm);
8891 tcg_gen_andi_i32(tmp2, tmp2, 0xff);
8892 } else if (op1 == 1) {
8893 tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
8895 tmp3 = tcg_const_i32(1 << op1);
8897 gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
8899 gen_helper_crc32(tmp, tmp, tmp2, tmp3);
8901 tcg_temp_free_i32(tmp2);
8902 tcg_temp_free_i32(tmp3);
8903 store_reg(s, rd, tmp);
8906 case 0x5: /* saturating add/subtract */
8908 rd = (insn >> 12) & 0xf;
8909 rn = (insn >> 16) & 0xf;
8910 tmp = load_reg(s, rm);
8911 tmp2 = load_reg(s, rn);
8913 gen_helper_double_saturate(tmp2, cpu_env, tmp2);
8915 gen_helper_sub_saturate(tmp, cpu_env, tmp, tmp2);
8917 gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
8918 tcg_temp_free_i32(tmp2);
8919 store_reg(s, rd, tmp);
8921 case 0x6: /* ERET */
8925 if (!arm_dc_feature(s, ARM_FEATURE_V7VE)) {
8928 if ((insn & 0x000fff0f) != 0x0000000e) {
8929 /* UNPREDICTABLE; we choose to UNDEF */
8933 if (s->current_el == 2) {
8934 tmp = load_cpu_field(elr_el[2]);
8936 tmp = load_reg(s, 14);
8938 gen_exception_return(s, tmp);
8942 int imm16 = extract32(insn, 0, 4) | (extract32(insn, 8, 12) << 4);
8951 gen_exception_bkpt_insn(s, 4, syn_aa32_bkpt(imm16, false));
8954 /* Hypervisor call (v7) */
8962 /* Secure monitor call (v6+) */
8970 g_assert_not_reached();
8974 case 0x8: /* signed multiply */
8979 rs = (insn >> 8) & 0xf;
8980 rn = (insn >> 12) & 0xf;
8981 rd = (insn >> 16) & 0xf;
8983 /* (32 * 16) >> 16 */
8984 tmp = load_reg(s, rm);
8985 tmp2 = load_reg(s, rs);
8987 tcg_gen_sari_i32(tmp2, tmp2, 16);
8990 tmp64 = gen_muls_i64_i32(tmp, tmp2);
8991 tcg_gen_shri_i64(tmp64, tmp64, 16);
8992 tmp = tcg_temp_new_i32();
8993 tcg_gen_extrl_i64_i32(tmp, tmp64);
8994 tcg_temp_free_i64(tmp64);
8995 if ((sh & 2) == 0) {
8996 tmp2 = load_reg(s, rn);
8997 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8998 tcg_temp_free_i32(tmp2);
9000 store_reg(s, rd, tmp);
9003 tmp = load_reg(s, rm);
9004 tmp2 = load_reg(s, rs);
9005 gen_mulxy(tmp, tmp2, sh & 2, sh & 4);
9006 tcg_temp_free_i32(tmp2);
9008 tmp64 = tcg_temp_new_i64();
9009 tcg_gen_ext_i32_i64(tmp64, tmp);
9010 tcg_temp_free_i32(tmp);
9011 gen_addq(s, tmp64, rn, rd);
9012 gen_storeq_reg(s, rn, rd, tmp64);
9013 tcg_temp_free_i64(tmp64);
9016 tmp2 = load_reg(s, rn);
9017 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9018 tcg_temp_free_i32(tmp2);
9020 store_reg(s, rd, tmp);
9027 } else if (((insn & 0x0e000000) == 0 &&
9028 (insn & 0x00000090) != 0x90) ||
9029 ((insn & 0x0e000000) == (1 << 25))) {
9030 int set_cc, logic_cc, shiftop;
9032 op1 = (insn >> 21) & 0xf;
9033 set_cc = (insn >> 20) & 1;
9034 logic_cc = table_logic_cc[op1] & set_cc;
9036 /* data processing instruction */
9037 if (insn & (1 << 25)) {
9038 /* immediate operand */
9040 shift = ((insn >> 8) & 0xf) * 2;
9042 val = (val >> shift) | (val << (32 - shift));
9044 tmp2 = tcg_temp_new_i32();
9045 tcg_gen_movi_i32(tmp2, val);
9046 if (logic_cc && shift) {
9047 gen_set_CF_bit31(tmp2);
9052 tmp2 = load_reg(s, rm);
9053 shiftop = (insn >> 5) & 3;
9054 if (!(insn & (1 << 4))) {
9055 shift = (insn >> 7) & 0x1f;
9056 gen_arm_shift_im(tmp2, shiftop, shift, logic_cc);
9058 rs = (insn >> 8) & 0xf;
9059 tmp = load_reg(s, rs);
9060 gen_arm_shift_reg(tmp2, shiftop, tmp, logic_cc);
9063 if (op1 != 0x0f && op1 != 0x0d) {
9064 rn = (insn >> 16) & 0xf;
9065 tmp = load_reg(s, rn);
9069 rd = (insn >> 12) & 0xf;
9072 tcg_gen_and_i32(tmp, tmp, tmp2);
9076 store_reg_bx(s, rd, tmp);
9079 tcg_gen_xor_i32(tmp, tmp, tmp2);
9083 store_reg_bx(s, rd, tmp);
9086 if (set_cc && rd == 15) {
9087 /* SUBS r15, ... is used for exception return. */
9091 gen_sub_CC(tmp, tmp, tmp2);
9092 gen_exception_return(s, tmp);
9095 gen_sub_CC(tmp, tmp, tmp2);
9097 tcg_gen_sub_i32(tmp, tmp, tmp2);
9099 store_reg_bx(s, rd, tmp);
9104 gen_sub_CC(tmp, tmp2, tmp);
9106 tcg_gen_sub_i32(tmp, tmp2, tmp);
9108 store_reg_bx(s, rd, tmp);
9112 gen_add_CC(tmp, tmp, tmp2);
9114 tcg_gen_add_i32(tmp, tmp, tmp2);
9116 store_reg_bx(s, rd, tmp);
9120 gen_adc_CC(tmp, tmp, tmp2);
9122 gen_add_carry(tmp, tmp, tmp2);
9124 store_reg_bx(s, rd, tmp);
9128 gen_sbc_CC(tmp, tmp, tmp2);
9130 gen_sub_carry(tmp, tmp, tmp2);
9132 store_reg_bx(s, rd, tmp);
9136 gen_sbc_CC(tmp, tmp2, tmp);
9138 gen_sub_carry(tmp, tmp2, tmp);
9140 store_reg_bx(s, rd, tmp);
9144 tcg_gen_and_i32(tmp, tmp, tmp2);
9147 tcg_temp_free_i32(tmp);
9151 tcg_gen_xor_i32(tmp, tmp, tmp2);
9154 tcg_temp_free_i32(tmp);
9158 gen_sub_CC(tmp, tmp, tmp2);
9160 tcg_temp_free_i32(tmp);
9164 gen_add_CC(tmp, tmp, tmp2);
9166 tcg_temp_free_i32(tmp);
9169 tcg_gen_or_i32(tmp, tmp, tmp2);
9173 store_reg_bx(s, rd, tmp);
9176 if (logic_cc && rd == 15) {
9177 /* MOVS r15, ... is used for exception return. */
9181 gen_exception_return(s, tmp2);
9186 store_reg_bx(s, rd, tmp2);
9190 tcg_gen_andc_i32(tmp, tmp, tmp2);
9194 store_reg_bx(s, rd, tmp);
9198 tcg_gen_not_i32(tmp2, tmp2);
9202 store_reg_bx(s, rd, tmp2);
9205 if (op1 != 0x0f && op1 != 0x0d) {
9206 tcg_temp_free_i32(tmp2);
9209 /* other instructions */
9210 op1 = (insn >> 24) & 0xf;
9214 /* multiplies, extra load/stores */
9215 sh = (insn >> 5) & 3;
9218 rd = (insn >> 16) & 0xf;
9219 rn = (insn >> 12) & 0xf;
9220 rs = (insn >> 8) & 0xf;
9222 op1 = (insn >> 20) & 0xf;
9224 case 0: case 1: case 2: case 3: case 6:
9226 tmp = load_reg(s, rs);
9227 tmp2 = load_reg(s, rm);
9228 tcg_gen_mul_i32(tmp, tmp, tmp2);
9229 tcg_temp_free_i32(tmp2);
9230 if (insn & (1 << 22)) {
9231 /* Subtract (mls) */
9233 tmp2 = load_reg(s, rn);
9234 tcg_gen_sub_i32(tmp, tmp2, tmp);
9235 tcg_temp_free_i32(tmp2);
9236 } else if (insn & (1 << 21)) {
9238 tmp2 = load_reg(s, rn);
9239 tcg_gen_add_i32(tmp, tmp, tmp2);
9240 tcg_temp_free_i32(tmp2);
9242 if (insn & (1 << 20))
9244 store_reg(s, rd, tmp);
9247 /* 64 bit mul double accumulate (UMAAL) */
9249 tmp = load_reg(s, rs);
9250 tmp2 = load_reg(s, rm);
9251 tmp64 = gen_mulu_i64_i32(tmp, tmp2);
9252 gen_addq_lo(s, tmp64, rn);
9253 gen_addq_lo(s, tmp64, rd);
9254 gen_storeq_reg(s, rn, rd, tmp64);
9255 tcg_temp_free_i64(tmp64);
9257 case 8: case 9: case 10: case 11:
9258 case 12: case 13: case 14: case 15:
9259 /* 64 bit mul: UMULL, UMLAL, SMULL, SMLAL. */
9260 tmp = load_reg(s, rs);
9261 tmp2 = load_reg(s, rm);
9262 if (insn & (1 << 22)) {
9263 tcg_gen_muls2_i32(tmp, tmp2, tmp, tmp2);
9265 tcg_gen_mulu2_i32(tmp, tmp2, tmp, tmp2);
9267 if (insn & (1 << 21)) { /* mult accumulate */
9268 TCGv_i32 al = load_reg(s, rn);
9269 TCGv_i32 ah = load_reg(s, rd);
9270 tcg_gen_add2_i32(tmp, tmp2, tmp, tmp2, al, ah);
9271 tcg_temp_free_i32(al);
9272 tcg_temp_free_i32(ah);
9274 if (insn & (1 << 20)) {
9275 gen_logicq_cc(tmp, tmp2);
9277 store_reg(s, rn, tmp);
9278 store_reg(s, rd, tmp2);
9284 rn = (insn >> 16) & 0xf;
9285 rd = (insn >> 12) & 0xf;
9286 if (insn & (1 << 23)) {
9287 /* load/store exclusive */
9288 int op2 = (insn >> 8) & 3;
9289 op1 = (insn >> 21) & 0x3;
9292 case 0: /* lda/stl */
9298 case 1: /* reserved */
9300 case 2: /* ldaex/stlex */
9303 case 3: /* ldrex/strex */
9312 addr = tcg_temp_local_new_i32();
9313 load_reg_var(s, addr, rn);
9315 /* Since the emulation does not have barriers,
9316 the acquire/release semantics need no special
9319 if (insn & (1 << 20)) {
9320 tmp = tcg_temp_new_i32();
9323 gen_aa32_ld32u_iss(s, tmp, addr,
9328 gen_aa32_ld8u_iss(s, tmp, addr,
9333 gen_aa32_ld16u_iss(s, tmp, addr,
9340 store_reg(s, rd, tmp);
9343 tmp = load_reg(s, rm);
9346 gen_aa32_st32_iss(s, tmp, addr,
9351 gen_aa32_st8_iss(s, tmp, addr,
9356 gen_aa32_st16_iss(s, tmp, addr,
9363 tcg_temp_free_i32(tmp);
9365 } else if (insn & (1 << 20)) {
9368 gen_load_exclusive(s, rd, 15, addr, 2);
9370 case 1: /* ldrexd */
9371 gen_load_exclusive(s, rd, rd + 1, addr, 3);
9373 case 2: /* ldrexb */
9374 gen_load_exclusive(s, rd, 15, addr, 0);
9376 case 3: /* ldrexh */
9377 gen_load_exclusive(s, rd, 15, addr, 1);
9386 gen_store_exclusive(s, rd, rm, 15, addr, 2);
9388 case 1: /* strexd */
9389 gen_store_exclusive(s, rd, rm, rm + 1, addr, 3);
9391 case 2: /* strexb */
9392 gen_store_exclusive(s, rd, rm, 15, addr, 0);
9394 case 3: /* strexh */
9395 gen_store_exclusive(s, rd, rm, 15, addr, 1);
9401 tcg_temp_free_i32(addr);
9402 } else if ((insn & 0x00300f00) == 0) {
9403 /* 0bcccc_0001_0x00_xxxx_xxxx_0000_1001_xxxx
9408 TCGMemOp opc = s->be_data;
9412 if (insn & (1 << 22)) {
9415 opc |= MO_UL | MO_ALIGN;
9418 addr = load_reg(s, rn);
9419 taddr = gen_aa32_addr(s, addr, opc);
9420 tcg_temp_free_i32(addr);
9422 tmp = load_reg(s, rm);
9423 tcg_gen_atomic_xchg_i32(tmp, taddr, tmp,
9424 get_mem_index(s), opc);
9425 tcg_temp_free(taddr);
9426 store_reg(s, rd, tmp);
9433 bool load = insn & (1 << 20);
9434 bool wbit = insn & (1 << 21);
9435 bool pbit = insn & (1 << 24);
9436 bool doubleword = false;
9439 /* Misc load/store */
9440 rn = (insn >> 16) & 0xf;
9441 rd = (insn >> 12) & 0xf;
9443 /* ISS not valid if writeback */
9444 issinfo = (pbit & !wbit) ? rd : ISSInvalid;
9446 if (!load && (sh & 2)) {
9450 /* UNPREDICTABLE; we choose to UNDEF */
9453 load = (sh & 1) == 0;
9457 addr = load_reg(s, rn);
9459 gen_add_datah_offset(s, insn, 0, addr);
9466 tmp = load_reg(s, rd);
9467 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9468 tcg_temp_free_i32(tmp);
9469 tcg_gen_addi_i32(addr, addr, 4);
9470 tmp = load_reg(s, rd + 1);
9471 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9472 tcg_temp_free_i32(tmp);
9475 tmp = tcg_temp_new_i32();
9476 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9477 store_reg(s, rd, tmp);
9478 tcg_gen_addi_i32(addr, addr, 4);
9479 tmp = tcg_temp_new_i32();
9480 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9483 address_offset = -4;
9486 tmp = tcg_temp_new_i32();
9489 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s),
9493 gen_aa32_ld8s_iss(s, tmp, addr, get_mem_index(s),
9498 gen_aa32_ld16s_iss(s, tmp, addr, get_mem_index(s),
9504 tmp = load_reg(s, rd);
9505 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), issinfo);
9506 tcg_temp_free_i32(tmp);
9508 /* Perform base writeback before the loaded value to
9509 ensure correct behavior with overlapping index registers.
9510 ldrd with base writeback is undefined if the
9511 destination and index registers overlap. */
9513 gen_add_datah_offset(s, insn, address_offset, addr);
9514 store_reg(s, rn, addr);
9517 tcg_gen_addi_i32(addr, addr, address_offset);
9518 store_reg(s, rn, addr);
9520 tcg_temp_free_i32(addr);
9523 /* Complete the load. */
9524 store_reg(s, rd, tmp);
9533 if (insn & (1 << 4)) {
9535 /* Armv6 Media instructions. */
9537 rn = (insn >> 16) & 0xf;
9538 rd = (insn >> 12) & 0xf;
9539 rs = (insn >> 8) & 0xf;
9540 switch ((insn >> 23) & 3) {
9541 case 0: /* Parallel add/subtract. */
9542 op1 = (insn >> 20) & 7;
9543 tmp = load_reg(s, rn);
9544 tmp2 = load_reg(s, rm);
9545 sh = (insn >> 5) & 7;
9546 if ((op1 & 3) == 0 || sh == 5 || sh == 6)
9548 gen_arm_parallel_addsub(op1, sh, tmp, tmp2);
9549 tcg_temp_free_i32(tmp2);
9550 store_reg(s, rd, tmp);
9553 if ((insn & 0x00700020) == 0) {
9554 /* Halfword pack. */
9555 tmp = load_reg(s, rn);
9556 tmp2 = load_reg(s, rm);
9557 shift = (insn >> 7) & 0x1f;
9558 if (insn & (1 << 6)) {
9562 tcg_gen_sari_i32(tmp2, tmp2, shift);
9563 tcg_gen_andi_i32(tmp, tmp, 0xffff0000);
9564 tcg_gen_ext16u_i32(tmp2, tmp2);
9568 tcg_gen_shli_i32(tmp2, tmp2, shift);
9569 tcg_gen_ext16u_i32(tmp, tmp);
9570 tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
9572 tcg_gen_or_i32(tmp, tmp, tmp2);
9573 tcg_temp_free_i32(tmp2);
9574 store_reg(s, rd, tmp);
9575 } else if ((insn & 0x00200020) == 0x00200000) {
9577 tmp = load_reg(s, rm);
9578 shift = (insn >> 7) & 0x1f;
9579 if (insn & (1 << 6)) {
9582 tcg_gen_sari_i32(tmp, tmp, shift);
9584 tcg_gen_shli_i32(tmp, tmp, shift);
9586 sh = (insn >> 16) & 0x1f;
9587 tmp2 = tcg_const_i32(sh);
9588 if (insn & (1 << 22))
9589 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
9591 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
9592 tcg_temp_free_i32(tmp2);
9593 store_reg(s, rd, tmp);
9594 } else if ((insn & 0x00300fe0) == 0x00200f20) {
9596 tmp = load_reg(s, rm);
9597 sh = (insn >> 16) & 0x1f;
9598 tmp2 = tcg_const_i32(sh);
9599 if (insn & (1 << 22))
9600 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
9602 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
9603 tcg_temp_free_i32(tmp2);
9604 store_reg(s, rd, tmp);
9605 } else if ((insn & 0x00700fe0) == 0x00000fa0) {
9607 tmp = load_reg(s, rn);
9608 tmp2 = load_reg(s, rm);
9609 tmp3 = tcg_temp_new_i32();
9610 tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
9611 gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
9612 tcg_temp_free_i32(tmp3);
9613 tcg_temp_free_i32(tmp2);
9614 store_reg(s, rd, tmp);
9615 } else if ((insn & 0x000003e0) == 0x00000060) {
9616 tmp = load_reg(s, rm);
9617 shift = (insn >> 10) & 3;
9618 /* ??? In many cases it's not necessary to do a
9619 rotate, a shift is sufficient. */
9621 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
9622 op1 = (insn >> 20) & 7;
9624 case 0: gen_sxtb16(tmp); break;
9625 case 2: gen_sxtb(tmp); break;
9626 case 3: gen_sxth(tmp); break;
9627 case 4: gen_uxtb16(tmp); break;
9628 case 6: gen_uxtb(tmp); break;
9629 case 7: gen_uxth(tmp); break;
9630 default: goto illegal_op;
9633 tmp2 = load_reg(s, rn);
9634 if ((op1 & 3) == 0) {
9635 gen_add16(tmp, tmp2);
9637 tcg_gen_add_i32(tmp, tmp, tmp2);
9638 tcg_temp_free_i32(tmp2);
9641 store_reg(s, rd, tmp);
9642 } else if ((insn & 0x003f0f60) == 0x003f0f20) {
9644 tmp = load_reg(s, rm);
9645 if (insn & (1 << 22)) {
9646 if (insn & (1 << 7)) {
9650 gen_helper_rbit(tmp, tmp);
9653 if (insn & (1 << 7))
9656 tcg_gen_bswap32_i32(tmp, tmp);
9658 store_reg(s, rd, tmp);
9663 case 2: /* Multiplies (Type 3). */
9664 switch ((insn >> 20) & 0x7) {
9666 if (((insn >> 6) ^ (insn >> 7)) & 1) {
9667 /* op2 not 00x or 11x : UNDEF */
9670 /* Signed multiply most significant [accumulate].
9671 (SMMUL, SMMLA, SMMLS) */
9672 tmp = load_reg(s, rm);
9673 tmp2 = load_reg(s, rs);
9674 tmp64 = gen_muls_i64_i32(tmp, tmp2);
9677 tmp = load_reg(s, rd);
9678 if (insn & (1 << 6)) {
9679 tmp64 = gen_subq_msw(tmp64, tmp);
9681 tmp64 = gen_addq_msw(tmp64, tmp);
9684 if (insn & (1 << 5)) {
9685 tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
9687 tcg_gen_shri_i64(tmp64, tmp64, 32);
9688 tmp = tcg_temp_new_i32();
9689 tcg_gen_extrl_i64_i32(tmp, tmp64);
9690 tcg_temp_free_i64(tmp64);
9691 store_reg(s, rn, tmp);
9695 /* SMLAD, SMUAD, SMLSD, SMUSD, SMLALD, SMLSLD */
9696 if (insn & (1 << 7)) {
9699 tmp = load_reg(s, rm);
9700 tmp2 = load_reg(s, rs);
9701 if (insn & (1 << 5))
9702 gen_swap_half(tmp2);
9703 gen_smul_dual(tmp, tmp2);
9704 if (insn & (1 << 22)) {
9705 /* smlald, smlsld */
9708 tmp64 = tcg_temp_new_i64();
9709 tmp64_2 = tcg_temp_new_i64();
9710 tcg_gen_ext_i32_i64(tmp64, tmp);
9711 tcg_gen_ext_i32_i64(tmp64_2, tmp2);
9712 tcg_temp_free_i32(tmp);
9713 tcg_temp_free_i32(tmp2);
9714 if (insn & (1 << 6)) {
9715 tcg_gen_sub_i64(tmp64, tmp64, tmp64_2);
9717 tcg_gen_add_i64(tmp64, tmp64, tmp64_2);
9719 tcg_temp_free_i64(tmp64_2);
9720 gen_addq(s, tmp64, rd, rn);
9721 gen_storeq_reg(s, rd, rn, tmp64);
9722 tcg_temp_free_i64(tmp64);
9724 /* smuad, smusd, smlad, smlsd */
9725 if (insn & (1 << 6)) {
9726 /* This subtraction cannot overflow. */
9727 tcg_gen_sub_i32(tmp, tmp, tmp2);
9729 /* This addition cannot overflow 32 bits;
9730 * however it may overflow considered as a
9731 * signed operation, in which case we must set
9734 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9736 tcg_temp_free_i32(tmp2);
9739 tmp2 = load_reg(s, rd);
9740 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9741 tcg_temp_free_i32(tmp2);
9743 store_reg(s, rn, tmp);
9749 if (!arm_dc_feature(s, ARM_FEATURE_ARM_DIV)) {
9752 if (((insn >> 5) & 7) || (rd != 15)) {
9755 tmp = load_reg(s, rm);
9756 tmp2 = load_reg(s, rs);
9757 if (insn & (1 << 21)) {
9758 gen_helper_udiv(tmp, tmp, tmp2);
9760 gen_helper_sdiv(tmp, tmp, tmp2);
9762 tcg_temp_free_i32(tmp2);
9763 store_reg(s, rn, tmp);
9770 op1 = ((insn >> 17) & 0x38) | ((insn >> 5) & 7);
9772 case 0: /* Unsigned sum of absolute differences. */
9774 tmp = load_reg(s, rm);
9775 tmp2 = load_reg(s, rs);
9776 gen_helper_usad8(tmp, tmp, tmp2);
9777 tcg_temp_free_i32(tmp2);
9779 tmp2 = load_reg(s, rd);
9780 tcg_gen_add_i32(tmp, tmp, tmp2);
9781 tcg_temp_free_i32(tmp2);
9783 store_reg(s, rn, tmp);
9785 case 0x20: case 0x24: case 0x28: case 0x2c:
9786 /* Bitfield insert/clear. */
9788 shift = (insn >> 7) & 0x1f;
9789 i = (insn >> 16) & 0x1f;
9791 /* UNPREDICTABLE; we choose to UNDEF */
9796 tmp = tcg_temp_new_i32();
9797 tcg_gen_movi_i32(tmp, 0);
9799 tmp = load_reg(s, rm);
9802 tmp2 = load_reg(s, rd);
9803 tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, i);
9804 tcg_temp_free_i32(tmp2);
9806 store_reg(s, rd, tmp);
9808 case 0x12: case 0x16: case 0x1a: case 0x1e: /* sbfx */
9809 case 0x32: case 0x36: case 0x3a: case 0x3e: /* ubfx */
9811 tmp = load_reg(s, rm);
9812 shift = (insn >> 7) & 0x1f;
9813 i = ((insn >> 16) & 0x1f) + 1;
9818 tcg_gen_extract_i32(tmp, tmp, shift, i);
9820 tcg_gen_sextract_i32(tmp, tmp, shift, i);
9823 store_reg(s, rd, tmp);
9833 /* Check for undefined extension instructions
9834 * per the ARM Bible IE:
9835 * xxxx 0111 1111 xxxx xxxx xxxx 1111 xxxx
9837 sh = (0xf << 20) | (0xf << 4);
9838 if (op1 == 0x7 && ((insn & sh) == sh))
9842 /* load/store byte/word */
9843 rn = (insn >> 16) & 0xf;
9844 rd = (insn >> 12) & 0xf;
9845 tmp2 = load_reg(s, rn);
9846 if ((insn & 0x01200000) == 0x00200000) {
9848 i = get_a32_user_mem_index(s);
9850 i = get_mem_index(s);
9852 if (insn & (1 << 24))
9853 gen_add_data_offset(s, insn, tmp2);
9854 if (insn & (1 << 20)) {
9856 tmp = tcg_temp_new_i32();
9857 if (insn & (1 << 22)) {
9858 gen_aa32_ld8u_iss(s, tmp, tmp2, i, rd);
9860 gen_aa32_ld32u_iss(s, tmp, tmp2, i, rd);
9864 tmp = load_reg(s, rd);
9865 if (insn & (1 << 22)) {
9866 gen_aa32_st8_iss(s, tmp, tmp2, i, rd);
9868 gen_aa32_st32_iss(s, tmp, tmp2, i, rd);
9870 tcg_temp_free_i32(tmp);
9872 if (!(insn & (1 << 24))) {
9873 gen_add_data_offset(s, insn, tmp2);
9874 store_reg(s, rn, tmp2);
9875 } else if (insn & (1 << 21)) {
9876 store_reg(s, rn, tmp2);
9878 tcg_temp_free_i32(tmp2);
9880 if (insn & (1 << 20)) {
9881 /* Complete the load. */
9882 store_reg_from_load(s, rd, tmp);
9888 int j, n, loaded_base;
9889 bool exc_return = false;
9890 bool is_load = extract32(insn, 20, 1);
9892 TCGv_i32 loaded_var;
9893 /* load/store multiple words */
9894 /* XXX: store correct base if write back */
9895 if (insn & (1 << 22)) {
9896 /* LDM (user), LDM (exception return) and STM (user) */
9898 goto illegal_op; /* only usable in supervisor mode */
9900 if (is_load && extract32(insn, 15, 1)) {
9906 rn = (insn >> 16) & 0xf;
9907 addr = load_reg(s, rn);
9909 /* compute total size */
9914 if (insn & (1 << i))
9917 /* XXX: test invalid n == 0 case ? */
9918 if (insn & (1 << 23)) {
9919 if (insn & (1 << 24)) {
9921 tcg_gen_addi_i32(addr, addr, 4);
9923 /* post increment */
9926 if (insn & (1 << 24)) {
9928 tcg_gen_addi_i32(addr, addr, -(n * 4));
9930 /* post decrement */
9932 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9937 if (insn & (1 << i)) {
9940 tmp = tcg_temp_new_i32();
9941 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9943 tmp2 = tcg_const_i32(i);
9944 gen_helper_set_user_reg(cpu_env, tmp2, tmp);
9945 tcg_temp_free_i32(tmp2);
9946 tcg_temp_free_i32(tmp);
9947 } else if (i == rn) {
9950 } else if (rn == 15 && exc_return) {
9951 store_pc_exc_ret(s, tmp);
9953 store_reg_from_load(s, i, tmp);
9958 /* special case: r15 = PC + 8 */
9959 val = (long)s->pc + 4;
9960 tmp = tcg_temp_new_i32();
9961 tcg_gen_movi_i32(tmp, val);
9963 tmp = tcg_temp_new_i32();
9964 tmp2 = tcg_const_i32(i);
9965 gen_helper_get_user_reg(tmp, cpu_env, tmp2);
9966 tcg_temp_free_i32(tmp2);
9968 tmp = load_reg(s, i);
9970 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9971 tcg_temp_free_i32(tmp);
9974 /* no need to add after the last transfer */
9976 tcg_gen_addi_i32(addr, addr, 4);
9979 if (insn & (1 << 21)) {
9981 if (insn & (1 << 23)) {
9982 if (insn & (1 << 24)) {
9985 /* post increment */
9986 tcg_gen_addi_i32(addr, addr, 4);
9989 if (insn & (1 << 24)) {
9992 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9994 /* post decrement */
9995 tcg_gen_addi_i32(addr, addr, -(n * 4));
9998 store_reg(s, rn, addr);
10000 tcg_temp_free_i32(addr);
10003 store_reg(s, rn, loaded_var);
10006 /* Restore CPSR from SPSR. */
10007 tmp = load_cpu_field(spsr);
10008 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
10011 gen_helper_cpsr_write_eret(cpu_env, tmp);
10012 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
10015 tcg_temp_free_i32(tmp);
10016 /* Must exit loop to check un-masked IRQs */
10017 s->base.is_jmp = DISAS_EXIT;
10026 /* branch (and link) */
10027 val = (int32_t)s->pc;
10028 if (insn & (1 << 24)) {
10029 tmp = tcg_temp_new_i32();
10030 tcg_gen_movi_i32(tmp, val);
10031 store_reg(s, 14, tmp);
10033 offset = sextract32(insn << 2, 0, 26);
10041 if (((insn >> 8) & 0xe) == 10) {
10043 if (disas_vfp_insn(s, insn)) {
10046 } else if (disas_coproc_insn(s, insn)) {
10053 gen_set_pc_im(s, s->pc);
10054 s->svc_imm = extract32(insn, 0, 24);
10055 s->base.is_jmp = DISAS_SWI;
10059 gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
10060 default_exception_el(s));
10066 static bool thumb_insn_is_16bit(DisasContext *s, uint32_t insn)
10068 /* Return true if this is a 16 bit instruction. We must be precise
10069 * about this (matching the decode). We assume that s->pc still
10070 * points to the first 16 bits of the insn.
10072 if ((insn >> 11) < 0x1d) {
10073 /* Definitely a 16-bit instruction */
10077 /* Top five bits 0b11101 / 0b11110 / 0b11111 : this is the
10078 * first half of a 32-bit Thumb insn. Thumb-1 cores might
10079 * end up actually treating this as two 16-bit insns, though,
10080 * if it's half of a bl/blx pair that might span a page boundary.
10082 if (arm_dc_feature(s, ARM_FEATURE_THUMB2) ||
10083 arm_dc_feature(s, ARM_FEATURE_M)) {
10084 /* Thumb2 cores (including all M profile ones) always treat
10085 * 32-bit insns as 32-bit.
10090 if ((insn >> 11) == 0x1e && s->pc - s->page_start < TARGET_PAGE_SIZE - 3) {
10091 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix, and the suffix
10092 * is not on the next page; we merge this into a 32-bit
10097 /* 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF);
10098 * 0b1111_1xxx_xxxx_xxxx : BL suffix;
10099 * 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix on the end of a page
10100 * -- handle as single 16 bit insn
10105 /* Return true if this is a Thumb-2 logical op. */
10107 thumb2_logic_op(int op)
10112 /* Generate code for a Thumb-2 data processing operation. If CONDS is nonzero
10113 then set condition code flags based on the result of the operation.
10114 If SHIFTER_OUT is nonzero then set the carry flag for logical operations
10115 to the high bit of T1.
10116 Returns zero if the opcode is valid. */
10119 gen_thumb2_data_op(DisasContext *s, int op, int conds, uint32_t shifter_out,
10120 TCGv_i32 t0, TCGv_i32 t1)
10127 tcg_gen_and_i32(t0, t0, t1);
10131 tcg_gen_andc_i32(t0, t0, t1);
10135 tcg_gen_or_i32(t0, t0, t1);
10139 tcg_gen_orc_i32(t0, t0, t1);
10143 tcg_gen_xor_i32(t0, t0, t1);
10148 gen_add_CC(t0, t0, t1);
10150 tcg_gen_add_i32(t0, t0, t1);
10154 gen_adc_CC(t0, t0, t1);
10160 gen_sbc_CC(t0, t0, t1);
10162 gen_sub_carry(t0, t0, t1);
10167 gen_sub_CC(t0, t0, t1);
10169 tcg_gen_sub_i32(t0, t0, t1);
10173 gen_sub_CC(t0, t1, t0);
10175 tcg_gen_sub_i32(t0, t1, t0);
10177 default: /* 5, 6, 7, 9, 12, 15. */
10183 gen_set_CF_bit31(t1);
10188 /* Translate a 32-bit thumb instruction. */
10189 static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
10191 uint32_t imm, shift, offset;
10192 uint32_t rd, rn, rm, rs;
10204 * ARMv6-M supports a limited subset of Thumb2 instructions.
10205 * Other Thumb1 architectures allow only 32-bit
10206 * combined BL/BLX prefix and suffix.
10208 if (arm_dc_feature(s, ARM_FEATURE_M) &&
10209 !arm_dc_feature(s, ARM_FEATURE_V7)) {
10211 bool found = false;
10212 static const uint32_t armv6m_insn[] = {0xf3808000 /* msr */,
10213 0xf3b08040 /* dsb */,
10214 0xf3b08050 /* dmb */,
10215 0xf3b08060 /* isb */,
10216 0xf3e08000 /* mrs */,
10217 0xf000d000 /* bl */};
10218 static const uint32_t armv6m_mask[] = {0xffe0d000,
10225 for (i = 0; i < ARRAY_SIZE(armv6m_insn); i++) {
10226 if ((insn & armv6m_mask[i]) == armv6m_insn[i]) {
10234 } else if ((insn & 0xf800e800) != 0xf000e800) {
10238 rn = (insn >> 16) & 0xf;
10239 rs = (insn >> 12) & 0xf;
10240 rd = (insn >> 8) & 0xf;
10242 switch ((insn >> 25) & 0xf) {
10243 case 0: case 1: case 2: case 3:
10244 /* 16-bit instructions. Should never happen. */
10247 if (insn & (1 << 22)) {
10248 /* 0b1110_100x_x1xx_xxxx_xxxx_xxxx_xxxx_xxxx
10249 * - load/store doubleword, load/store exclusive, ldacq/strel,
10250 * table branch, TT.
10252 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_M) &&
10253 arm_dc_feature(s, ARM_FEATURE_V8)) {
10254 /* 0b1110_1001_0111_1111_1110_1001_0111_111
10256 * The bulk of the behaviour for this instruction is implemented
10257 * in v7m_handle_execute_nsc(), which deals with the insn when
10258 * it is executed by a CPU in non-secure state from memory
10259 * which is Secure & NonSecure-Callable.
10260 * Here we only need to handle the remaining cases:
10261 * * in NS memory (including the "security extension not
10262 * implemented" case) : NOP
10263 * * in S memory but CPU already secure (clear IT bits)
10264 * We know that the attribute for the memory this insn is
10265 * in must match the current CPU state, because otherwise
10266 * get_phys_addr_pmsav8 would have generated an exception.
10268 if (s->v8m_secure) {
10269 /* Like the IT insn, we don't need to generate any code */
10270 s->condexec_cond = 0;
10271 s->condexec_mask = 0;
10273 } else if (insn & 0x01200000) {
10274 /* 0b1110_1000_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
10275 * - load/store dual (post-indexed)
10276 * 0b1111_1001_x10x_xxxx_xxxx_xxxx_xxxx_xxxx
10277 * - load/store dual (literal and immediate)
10278 * 0b1111_1001_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
10279 * - load/store dual (pre-indexed)
10282 if (insn & (1 << 21)) {
10283 /* UNPREDICTABLE */
10286 addr = tcg_temp_new_i32();
10287 tcg_gen_movi_i32(addr, s->pc & ~3);
10289 addr = load_reg(s, rn);
10291 offset = (insn & 0xff) * 4;
10292 if ((insn & (1 << 23)) == 0)
10294 if (insn & (1 << 24)) {
10295 tcg_gen_addi_i32(addr, addr, offset);
10298 if (insn & (1 << 20)) {
10300 tmp = tcg_temp_new_i32();
10301 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
10302 store_reg(s, rs, tmp);
10303 tcg_gen_addi_i32(addr, addr, 4);
10304 tmp = tcg_temp_new_i32();
10305 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
10306 store_reg(s, rd, tmp);
10309 tmp = load_reg(s, rs);
10310 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
10311 tcg_temp_free_i32(tmp);
10312 tcg_gen_addi_i32(addr, addr, 4);
10313 tmp = load_reg(s, rd);
10314 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
10315 tcg_temp_free_i32(tmp);
10317 if (insn & (1 << 21)) {
10318 /* Base writeback. */
10319 tcg_gen_addi_i32(addr, addr, offset - 4);
10320 store_reg(s, rn, addr);
10322 tcg_temp_free_i32(addr);
10324 } else if ((insn & (1 << 23)) == 0) {
10325 /* 0b1110_1000_010x_xxxx_xxxx_xxxx_xxxx_xxxx
10326 * - load/store exclusive word
10330 if (!(insn & (1 << 20)) &&
10331 arm_dc_feature(s, ARM_FEATURE_M) &&
10332 arm_dc_feature(s, ARM_FEATURE_V8)) {
10333 /* 0b1110_1000_0100_xxxx_1111_xxxx_xxxx_xxxx
10336 bool alt = insn & (1 << 7);
10337 TCGv_i32 addr, op, ttresp;
10339 if ((insn & 0x3f) || rd == 13 || rd == 15 || rn == 15) {
10340 /* we UNDEF for these UNPREDICTABLE cases */
10344 if (alt && !s->v8m_secure) {
10348 addr = load_reg(s, rn);
10349 op = tcg_const_i32(extract32(insn, 6, 2));
10350 ttresp = tcg_temp_new_i32();
10351 gen_helper_v7m_tt(ttresp, cpu_env, addr, op);
10352 tcg_temp_free_i32(addr);
10353 tcg_temp_free_i32(op);
10354 store_reg(s, rd, ttresp);
10359 addr = tcg_temp_local_new_i32();
10360 load_reg_var(s, addr, rn);
10361 tcg_gen_addi_i32(addr, addr, (insn & 0xff) << 2);
10362 if (insn & (1 << 20)) {
10363 gen_load_exclusive(s, rs, 15, addr, 2);
10365 gen_store_exclusive(s, rd, rs, 15, addr, 2);
10367 tcg_temp_free_i32(addr);
10368 } else if ((insn & (7 << 5)) == 0) {
10369 /* Table Branch. */
10371 addr = tcg_temp_new_i32();
10372 tcg_gen_movi_i32(addr, s->pc);
10374 addr = load_reg(s, rn);
10376 tmp = load_reg(s, rm);
10377 tcg_gen_add_i32(addr, addr, tmp);
10378 if (insn & (1 << 4)) {
10380 tcg_gen_add_i32(addr, addr, tmp);
10381 tcg_temp_free_i32(tmp);
10382 tmp = tcg_temp_new_i32();
10383 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
10385 tcg_temp_free_i32(tmp);
10386 tmp = tcg_temp_new_i32();
10387 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
10389 tcg_temp_free_i32(addr);
10390 tcg_gen_shli_i32(tmp, tmp, 1);
10391 tcg_gen_addi_i32(tmp, tmp, s->pc);
10392 store_reg(s, 15, tmp);
10394 int op2 = (insn >> 6) & 0x3;
10395 op = (insn >> 4) & 0x3;
10400 /* Load/store exclusive byte/halfword/doubleword */
10407 /* Load-acquire/store-release */
10413 /* Load-acquire/store-release exclusive */
10417 addr = tcg_temp_local_new_i32();
10418 load_reg_var(s, addr, rn);
10420 if (insn & (1 << 20)) {
10421 tmp = tcg_temp_new_i32();
10424 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s),
10428 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s),
10432 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
10438 store_reg(s, rs, tmp);
10440 tmp = load_reg(s, rs);
10443 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s),
10447 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s),
10451 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s),
10457 tcg_temp_free_i32(tmp);
10459 } else if (insn & (1 << 20)) {
10460 gen_load_exclusive(s, rs, rd, addr, op);
10462 gen_store_exclusive(s, rm, rs, rd, addr, op);
10464 tcg_temp_free_i32(addr);
10467 /* Load/store multiple, RFE, SRS. */
10468 if (((insn >> 23) & 1) == ((insn >> 24) & 1)) {
10469 /* RFE, SRS: not available in user mode or on M profile */
10470 if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
10473 if (insn & (1 << 20)) {
10475 addr = load_reg(s, rn);
10476 if ((insn & (1 << 24)) == 0)
10477 tcg_gen_addi_i32(addr, addr, -8);
10478 /* Load PC into tmp and CPSR into tmp2. */
10479 tmp = tcg_temp_new_i32();
10480 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
10481 tcg_gen_addi_i32(addr, addr, 4);
10482 tmp2 = tcg_temp_new_i32();
10483 gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
10484 if (insn & (1 << 21)) {
10485 /* Base writeback. */
10486 if (insn & (1 << 24)) {
10487 tcg_gen_addi_i32(addr, addr, 4);
10489 tcg_gen_addi_i32(addr, addr, -4);
10491 store_reg(s, rn, addr);
10493 tcg_temp_free_i32(addr);
10495 gen_rfe(s, tmp, tmp2);
10498 gen_srs(s, (insn & 0x1f), (insn & (1 << 24)) ? 1 : 2,
10502 int i, loaded_base = 0;
10503 TCGv_i32 loaded_var;
10504 /* Load/store multiple. */
10505 addr = load_reg(s, rn);
10507 for (i = 0; i < 16; i++) {
10508 if (insn & (1 << i))
10511 if (insn & (1 << 24)) {
10512 tcg_gen_addi_i32(addr, addr, -offset);
10516 for (i = 0; i < 16; i++) {
10517 if ((insn & (1 << i)) == 0)
10519 if (insn & (1 << 20)) {
10521 tmp = tcg_temp_new_i32();
10522 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
10524 gen_bx_excret(s, tmp);
10525 } else if (i == rn) {
10529 store_reg(s, i, tmp);
10533 tmp = load_reg(s, i);
10534 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
10535 tcg_temp_free_i32(tmp);
10537 tcg_gen_addi_i32(addr, addr, 4);
10540 store_reg(s, rn, loaded_var);
10542 if (insn & (1 << 21)) {
10543 /* Base register writeback. */
10544 if (insn & (1 << 24)) {
10545 tcg_gen_addi_i32(addr, addr, -offset);
10547 /* Fault if writeback register is in register list. */
10548 if (insn & (1 << rn))
10550 store_reg(s, rn, addr);
10552 tcg_temp_free_i32(addr);
10559 op = (insn >> 21) & 0xf;
10561 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10564 /* Halfword pack. */
10565 tmp = load_reg(s, rn);
10566 tmp2 = load_reg(s, rm);
10567 shift = ((insn >> 10) & 0x1c) | ((insn >> 6) & 0x3);
10568 if (insn & (1 << 5)) {
10572 tcg_gen_sari_i32(tmp2, tmp2, shift);
10573 tcg_gen_andi_i32(tmp, tmp, 0xffff0000);
10574 tcg_gen_ext16u_i32(tmp2, tmp2);
10578 tcg_gen_shli_i32(tmp2, tmp2, shift);
10579 tcg_gen_ext16u_i32(tmp, tmp);
10580 tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
10582 tcg_gen_or_i32(tmp, tmp, tmp2);
10583 tcg_temp_free_i32(tmp2);
10584 store_reg(s, rd, tmp);
10586 /* Data processing register constant shift. */
10588 tmp = tcg_temp_new_i32();
10589 tcg_gen_movi_i32(tmp, 0);
10591 tmp = load_reg(s, rn);
10593 tmp2 = load_reg(s, rm);
10595 shiftop = (insn >> 4) & 3;
10596 shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
10597 conds = (insn & (1 << 20)) != 0;
10598 logic_cc = (conds && thumb2_logic_op(op));
10599 gen_arm_shift_im(tmp2, shiftop, shift, logic_cc);
10600 if (gen_thumb2_data_op(s, op, conds, 0, tmp, tmp2))
10602 tcg_temp_free_i32(tmp2);
10604 ((op == 2 && rn == 15) ||
10605 (op == 8 && rn == 13) ||
10606 (op == 13 && rn == 13))) {
10607 /* MOV SP, ... or ADD SP, SP, ... or SUB SP, SP, ... */
10608 store_sp_checked(s, tmp);
10609 } else if (rd != 15) {
10610 store_reg(s, rd, tmp);
10612 tcg_temp_free_i32(tmp);
10616 case 13: /* Misc data processing. */
10617 op = ((insn >> 22) & 6) | ((insn >> 7) & 1);
10618 if (op < 4 && (insn & 0xf000) != 0xf000)
10621 case 0: /* Register controlled shift. */
10622 tmp = load_reg(s, rn);
10623 tmp2 = load_reg(s, rm);
10624 if ((insn & 0x70) != 0)
10626 op = (insn >> 21) & 3;
10627 logic_cc = (insn & (1 << 20)) != 0;
10628 gen_arm_shift_reg(tmp, op, tmp2, logic_cc);
10631 store_reg(s, rd, tmp);
10633 case 1: /* Sign/zero extend. */
10634 op = (insn >> 20) & 7;
10636 case 0: /* SXTAH, SXTH */
10637 case 1: /* UXTAH, UXTH */
10638 case 4: /* SXTAB, SXTB */
10639 case 5: /* UXTAB, UXTB */
10641 case 2: /* SXTAB16, SXTB16 */
10642 case 3: /* UXTAB16, UXTB16 */
10643 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10651 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10655 tmp = load_reg(s, rm);
10656 shift = (insn >> 4) & 3;
10657 /* ??? In many cases it's not necessary to do a
10658 rotate, a shift is sufficient. */
10660 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
10661 op = (insn >> 20) & 7;
10663 case 0: gen_sxth(tmp); break;
10664 case 1: gen_uxth(tmp); break;
10665 case 2: gen_sxtb16(tmp); break;
10666 case 3: gen_uxtb16(tmp); break;
10667 case 4: gen_sxtb(tmp); break;
10668 case 5: gen_uxtb(tmp); break;
10670 g_assert_not_reached();
10673 tmp2 = load_reg(s, rn);
10674 if ((op >> 1) == 1) {
10675 gen_add16(tmp, tmp2);
10677 tcg_gen_add_i32(tmp, tmp, tmp2);
10678 tcg_temp_free_i32(tmp2);
10681 store_reg(s, rd, tmp);
10683 case 2: /* SIMD add/subtract. */
10684 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10687 op = (insn >> 20) & 7;
10688 shift = (insn >> 4) & 7;
10689 if ((op & 3) == 3 || (shift & 3) == 3)
10691 tmp = load_reg(s, rn);
10692 tmp2 = load_reg(s, rm);
10693 gen_thumb2_parallel_addsub(op, shift, tmp, tmp2);
10694 tcg_temp_free_i32(tmp2);
10695 store_reg(s, rd, tmp);
10697 case 3: /* Other data processing. */
10698 op = ((insn >> 17) & 0x38) | ((insn >> 4) & 7);
10700 /* Saturating add/subtract. */
10701 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10704 tmp = load_reg(s, rn);
10705 tmp2 = load_reg(s, rm);
10707 gen_helper_double_saturate(tmp, cpu_env, tmp);
10709 gen_helper_sub_saturate(tmp, cpu_env, tmp2, tmp);
10711 gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
10712 tcg_temp_free_i32(tmp2);
10715 case 0x0a: /* rbit */
10716 case 0x08: /* rev */
10717 case 0x09: /* rev16 */
10718 case 0x0b: /* revsh */
10719 case 0x18: /* clz */
10721 case 0x10: /* sel */
10722 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10726 case 0x20: /* crc32/crc32c */
10732 if (!arm_dc_feature(s, ARM_FEATURE_CRC)) {
10739 tmp = load_reg(s, rn);
10741 case 0x0a: /* rbit */
10742 gen_helper_rbit(tmp, tmp);
10744 case 0x08: /* rev */
10745 tcg_gen_bswap32_i32(tmp, tmp);
10747 case 0x09: /* rev16 */
10750 case 0x0b: /* revsh */
10753 case 0x10: /* sel */
10754 tmp2 = load_reg(s, rm);
10755 tmp3 = tcg_temp_new_i32();
10756 tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
10757 gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
10758 tcg_temp_free_i32(tmp3);
10759 tcg_temp_free_i32(tmp2);
10761 case 0x18: /* clz */
10762 tcg_gen_clzi_i32(tmp, tmp, 32);
10772 uint32_t sz = op & 0x3;
10773 uint32_t c = op & 0x8;
10775 tmp2 = load_reg(s, rm);
10777 tcg_gen_andi_i32(tmp2, tmp2, 0xff);
10778 } else if (sz == 1) {
10779 tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
10781 tmp3 = tcg_const_i32(1 << sz);
10783 gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
10785 gen_helper_crc32(tmp, tmp, tmp2, tmp3);
10787 tcg_temp_free_i32(tmp2);
10788 tcg_temp_free_i32(tmp3);
10792 g_assert_not_reached();
10795 store_reg(s, rd, tmp);
10797 case 4: case 5: /* 32-bit multiply. Sum of absolute differences. */
10798 switch ((insn >> 20) & 7) {
10799 case 0: /* 32 x 32 -> 32 */
10800 case 7: /* Unsigned sum of absolute differences. */
10802 case 1: /* 16 x 16 -> 32 */
10803 case 2: /* Dual multiply add. */
10804 case 3: /* 32 * 16 -> 32msb */
10805 case 4: /* Dual multiply subtract. */
10806 case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10807 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10812 op = (insn >> 4) & 0xf;
10813 tmp = load_reg(s, rn);
10814 tmp2 = load_reg(s, rm);
10815 switch ((insn >> 20) & 7) {
10816 case 0: /* 32 x 32 -> 32 */
10817 tcg_gen_mul_i32(tmp, tmp, tmp2);
10818 tcg_temp_free_i32(tmp2);
10820 tmp2 = load_reg(s, rs);
10822 tcg_gen_sub_i32(tmp, tmp2, tmp);
10824 tcg_gen_add_i32(tmp, tmp, tmp2);
10825 tcg_temp_free_i32(tmp2);
10828 case 1: /* 16 x 16 -> 32 */
10829 gen_mulxy(tmp, tmp2, op & 2, op & 1);
10830 tcg_temp_free_i32(tmp2);
10832 tmp2 = load_reg(s, rs);
10833 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10834 tcg_temp_free_i32(tmp2);
10837 case 2: /* Dual multiply add. */
10838 case 4: /* Dual multiply subtract. */
10840 gen_swap_half(tmp2);
10841 gen_smul_dual(tmp, tmp2);
10842 if (insn & (1 << 22)) {
10843 /* This subtraction cannot overflow. */
10844 tcg_gen_sub_i32(tmp, tmp, tmp2);
10846 /* This addition cannot overflow 32 bits;
10847 * however it may overflow considered as a signed
10848 * operation, in which case we must set the Q flag.
10850 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10852 tcg_temp_free_i32(tmp2);
10855 tmp2 = load_reg(s, rs);
10856 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10857 tcg_temp_free_i32(tmp2);
10860 case 3: /* 32 * 16 -> 32msb */
10862 tcg_gen_sari_i32(tmp2, tmp2, 16);
10865 tmp64 = gen_muls_i64_i32(tmp, tmp2);
10866 tcg_gen_shri_i64(tmp64, tmp64, 16);
10867 tmp = tcg_temp_new_i32();
10868 tcg_gen_extrl_i64_i32(tmp, tmp64);
10869 tcg_temp_free_i64(tmp64);
10872 tmp2 = load_reg(s, rs);
10873 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10874 tcg_temp_free_i32(tmp2);
10877 case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10878 tmp64 = gen_muls_i64_i32(tmp, tmp2);
10880 tmp = load_reg(s, rs);
10881 if (insn & (1 << 20)) {
10882 tmp64 = gen_addq_msw(tmp64, tmp);
10884 tmp64 = gen_subq_msw(tmp64, tmp);
10887 if (insn & (1 << 4)) {
10888 tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
10890 tcg_gen_shri_i64(tmp64, tmp64, 32);
10891 tmp = tcg_temp_new_i32();
10892 tcg_gen_extrl_i64_i32(tmp, tmp64);
10893 tcg_temp_free_i64(tmp64);
10895 case 7: /* Unsigned sum of absolute differences. */
10896 gen_helper_usad8(tmp, tmp, tmp2);
10897 tcg_temp_free_i32(tmp2);
10899 tmp2 = load_reg(s, rs);
10900 tcg_gen_add_i32(tmp, tmp, tmp2);
10901 tcg_temp_free_i32(tmp2);
10905 store_reg(s, rd, tmp);
10907 case 6: case 7: /* 64-bit multiply, Divide. */
10908 op = ((insn >> 4) & 0xf) | ((insn >> 16) & 0x70);
10909 tmp = load_reg(s, rn);
10910 tmp2 = load_reg(s, rm);
10911 if ((op & 0x50) == 0x10) {
10913 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DIV)) {
10917 gen_helper_udiv(tmp, tmp, tmp2);
10919 gen_helper_sdiv(tmp, tmp, tmp2);
10920 tcg_temp_free_i32(tmp2);
10921 store_reg(s, rd, tmp);
10922 } else if ((op & 0xe) == 0xc) {
10923 /* Dual multiply accumulate long. */
10924 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10925 tcg_temp_free_i32(tmp);
10926 tcg_temp_free_i32(tmp2);
10930 gen_swap_half(tmp2);
10931 gen_smul_dual(tmp, tmp2);
10933 tcg_gen_sub_i32(tmp, tmp, tmp2);
10935 tcg_gen_add_i32(tmp, tmp, tmp2);
10937 tcg_temp_free_i32(tmp2);
10939 tmp64 = tcg_temp_new_i64();
10940 tcg_gen_ext_i32_i64(tmp64, tmp);
10941 tcg_temp_free_i32(tmp);
10942 gen_addq(s, tmp64, rs, rd);
10943 gen_storeq_reg(s, rs, rd, tmp64);
10944 tcg_temp_free_i64(tmp64);
10947 /* Unsigned 64-bit multiply */
10948 tmp64 = gen_mulu_i64_i32(tmp, tmp2);
10952 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10953 tcg_temp_free_i32(tmp2);
10954 tcg_temp_free_i32(tmp);
10957 gen_mulxy(tmp, tmp2, op & 2, op & 1);
10958 tcg_temp_free_i32(tmp2);
10959 tmp64 = tcg_temp_new_i64();
10960 tcg_gen_ext_i32_i64(tmp64, tmp);
10961 tcg_temp_free_i32(tmp);
10963 /* Signed 64-bit multiply */
10964 tmp64 = gen_muls_i64_i32(tmp, tmp2);
10969 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10970 tcg_temp_free_i64(tmp64);
10973 gen_addq_lo(s, tmp64, rs);
10974 gen_addq_lo(s, tmp64, rd);
10975 } else if (op & 0x40) {
10976 /* 64-bit accumulate. */
10977 gen_addq(s, tmp64, rs, rd);
10979 gen_storeq_reg(s, rs, rd, tmp64);
10980 tcg_temp_free_i64(tmp64);
10985 case 6: case 7: case 14: case 15:
10987 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10988 /* We don't currently implement M profile FP support,
10989 * so this entire space should give a NOCP fault, with
10990 * the exception of the v8M VLLDM and VLSTM insns, which
10991 * must be NOPs in Secure state and UNDEF in Nonsecure state.
10993 if (arm_dc_feature(s, ARM_FEATURE_V8) &&
10994 (insn & 0xffa00f00) == 0xec200a00) {
10995 /* 0b1110_1100_0x1x_xxxx_xxxx_1010_xxxx_xxxx
10997 * We choose to UNDEF if the RAZ bits are non-zero.
10999 if (!s->v8m_secure || (insn & 0x0040f0ff)) {
11002 /* Just NOP since FP support is not implemented */
11005 /* All other insns: NOCP */
11006 gen_exception_insn(s, 4, EXCP_NOCP, syn_uncategorized(),
11007 default_exception_el(s));
11010 if ((insn & 0xfe000a00) == 0xfc000800
11011 && arm_dc_feature(s, ARM_FEATURE_V8)) {
11012 /* The Thumb2 and ARM encodings are identical. */
11013 if (disas_neon_insn_3same_ext(s, insn)) {
11016 } else if ((insn & 0xff000a00) == 0xfe000800
11017 && arm_dc_feature(s, ARM_FEATURE_V8)) {
11018 /* The Thumb2 and ARM encodings are identical. */
11019 if (disas_neon_insn_2reg_scalar_ext(s, insn)) {
11022 } else if (((insn >> 24) & 3) == 3) {
11023 /* Translate into the equivalent ARM encoding. */
11024 insn = (insn & 0xe2ffffff) | ((insn & (1 << 28)) >> 4) | (1 << 28);
11025 if (disas_neon_data_insn(s, insn)) {
11028 } else if (((insn >> 8) & 0xe) == 10) {
11029 if (disas_vfp_insn(s, insn)) {
11033 if (insn & (1 << 28))
11035 if (disas_coproc_insn(s, insn)) {
11040 case 8: case 9: case 10: case 11:
11041 if (insn & (1 << 15)) {
11042 /* Branches, misc control. */
11043 if (insn & 0x5000) {
11044 /* Unconditional branch. */
11045 /* signextend(hw1[10:0]) -> offset[:12]. */
11046 offset = ((int32_t)insn << 5) >> 9 & ~(int32_t)0xfff;
11047 /* hw1[10:0] -> offset[11:1]. */
11048 offset |= (insn & 0x7ff) << 1;
11049 /* (~hw2[13, 11] ^ offset[24]) -> offset[23,22]
11050 offset[24:22] already have the same value because of the
11051 sign extension above. */
11052 offset ^= ((~insn) & (1 << 13)) << 10;
11053 offset ^= ((~insn) & (1 << 11)) << 11;
11055 if (insn & (1 << 14)) {
11056 /* Branch and link. */
11057 tcg_gen_movi_i32(cpu_R[14], s->pc | 1);
11061 if (insn & (1 << 12)) {
11063 gen_jmp(s, offset);
11066 offset &= ~(uint32_t)2;
11067 /* thumb2 bx, no need to check */
11068 gen_bx_im(s, offset);
11070 } else if (((insn >> 23) & 7) == 7) {
11072 if (insn & (1 << 13))
11075 if (insn & (1 << 26)) {
11076 if (arm_dc_feature(s, ARM_FEATURE_M)) {
11079 if (!(insn & (1 << 20))) {
11080 /* Hypervisor call (v7) */
11081 int imm16 = extract32(insn, 16, 4) << 12
11082 | extract32(insn, 0, 12);
11089 /* Secure monitor call (v6+) */
11097 op = (insn >> 20) & 7;
11099 case 0: /* msr cpsr. */
11100 if (arm_dc_feature(s, ARM_FEATURE_M)) {
11101 tmp = load_reg(s, rn);
11102 /* the constant is the mask and SYSm fields */
11103 addr = tcg_const_i32(insn & 0xfff);
11104 gen_helper_v7m_msr(cpu_env, addr, tmp);
11105 tcg_temp_free_i32(addr);
11106 tcg_temp_free_i32(tmp);
11111 case 1: /* msr spsr. */
11112 if (arm_dc_feature(s, ARM_FEATURE_M)) {
11116 if (extract32(insn, 5, 1)) {
11118 int sysm = extract32(insn, 8, 4) |
11119 (extract32(insn, 4, 1) << 4);
11122 gen_msr_banked(s, r, sysm, rm);
11126 /* MSR (for PSRs) */
11127 tmp = load_reg(s, rn);
11129 msr_mask(s, (insn >> 8) & 0xf, op == 1),
11133 case 2: /* cps, nop-hint. */
11134 if (((insn >> 8) & 7) == 0) {
11135 gen_nop_hint(s, insn & 0xff);
11137 /* Implemented as NOP in user mode. */
11142 if (insn & (1 << 10)) {
11143 if (insn & (1 << 7))
11145 if (insn & (1 << 6))
11147 if (insn & (1 << 5))
11149 if (insn & (1 << 9))
11150 imm = CPSR_A | CPSR_I | CPSR_F;
11152 if (insn & (1 << 8)) {
11154 imm |= (insn & 0x1f);
11157 gen_set_psr_im(s, offset, 0, imm);
11160 case 3: /* Special control operations. */
11161 if (!arm_dc_feature(s, ARM_FEATURE_V7) &&
11162 !arm_dc_feature(s, ARM_FEATURE_M)) {
11165 op = (insn >> 4) & 0xf;
11167 case 2: /* clrex */
11172 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
11175 /* We need to break the TB after this insn
11176 * to execute self-modifying code correctly
11177 * and also to take any pending interrupts
11180 gen_goto_tb(s, 0, s->pc & ~1);
11187 /* Trivial implementation equivalent to bx.
11188 * This instruction doesn't exist at all for M-profile.
11190 if (arm_dc_feature(s, ARM_FEATURE_M)) {
11193 tmp = load_reg(s, rn);
11196 case 5: /* Exception return. */
11200 if (rn != 14 || rd != 15) {
11203 if (s->current_el == 2) {
11204 /* ERET from Hyp uses ELR_Hyp, not LR */
11208 tmp = load_cpu_field(elr_el[2]);
11210 tmp = load_reg(s, rn);
11211 tcg_gen_subi_i32(tmp, tmp, insn & 0xff);
11213 gen_exception_return(s, tmp);
11216 if (extract32(insn, 5, 1) &&
11217 !arm_dc_feature(s, ARM_FEATURE_M)) {
11219 int sysm = extract32(insn, 16, 4) |
11220 (extract32(insn, 4, 1) << 4);
11222 gen_mrs_banked(s, 0, sysm, rd);
11226 if (extract32(insn, 16, 4) != 0xf) {
11229 if (!arm_dc_feature(s, ARM_FEATURE_M) &&
11230 extract32(insn, 0, 8) != 0) {
11235 tmp = tcg_temp_new_i32();
11236 if (arm_dc_feature(s, ARM_FEATURE_M)) {
11237 addr = tcg_const_i32(insn & 0xff);
11238 gen_helper_v7m_mrs(tmp, cpu_env, addr);
11239 tcg_temp_free_i32(addr);
11241 gen_helper_cpsr_read(tmp, cpu_env);
11243 store_reg(s, rd, tmp);
11246 if (extract32(insn, 5, 1) &&
11247 !arm_dc_feature(s, ARM_FEATURE_M)) {
11249 int sysm = extract32(insn, 16, 4) |
11250 (extract32(insn, 4, 1) << 4);
11252 gen_mrs_banked(s, 1, sysm, rd);
11257 /* Not accessible in user mode. */
11258 if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
11262 if (extract32(insn, 16, 4) != 0xf ||
11263 extract32(insn, 0, 8) != 0) {
11267 tmp = load_cpu_field(spsr);
11268 store_reg(s, rd, tmp);
11273 /* Conditional branch. */
11274 op = (insn >> 22) & 0xf;
11275 /* Generate a conditional jump to next instruction. */
11276 arm_skip_unless(s, op);
11278 /* offset[11:1] = insn[10:0] */
11279 offset = (insn & 0x7ff) << 1;
11280 /* offset[17:12] = insn[21:16]. */
11281 offset |= (insn & 0x003f0000) >> 4;
11282 /* offset[31:20] = insn[26]. */
11283 offset |= ((int32_t)((insn << 5) & 0x80000000)) >> 11;
11284 /* offset[18] = insn[13]. */
11285 offset |= (insn & (1 << 13)) << 5;
11286 /* offset[19] = insn[11]. */
11287 offset |= (insn & (1 << 11)) << 8;
11289 /* jump to the offset */
11290 gen_jmp(s, s->pc + offset);
11294 * 0b1111_0xxx_xxxx_0xxx_xxxx_xxxx
11295 * - Data-processing (modified immediate, plain binary immediate)
11297 if (insn & (1 << 25)) {
11299 * 0b1111_0x1x_xxxx_0xxx_xxxx_xxxx
11300 * - Data-processing (plain binary immediate)
11302 if (insn & (1 << 24)) {
11303 if (insn & (1 << 20))
11305 /* Bitfield/Saturate. */
11306 op = (insn >> 21) & 7;
11308 shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
11310 tmp = tcg_temp_new_i32();
11311 tcg_gen_movi_i32(tmp, 0);
11313 tmp = load_reg(s, rn);
11316 case 2: /* Signed bitfield extract. */
11318 if (shift + imm > 32)
11321 tcg_gen_sextract_i32(tmp, tmp, shift, imm);
11324 case 6: /* Unsigned bitfield extract. */
11326 if (shift + imm > 32)
11329 tcg_gen_extract_i32(tmp, tmp, shift, imm);
11332 case 3: /* Bitfield insert/clear. */
11335 imm = imm + 1 - shift;
11337 tmp2 = load_reg(s, rd);
11338 tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, imm);
11339 tcg_temp_free_i32(tmp2);
11344 default: /* Saturate. */
11347 tcg_gen_sari_i32(tmp, tmp, shift);
11349 tcg_gen_shli_i32(tmp, tmp, shift);
11351 tmp2 = tcg_const_i32(imm);
11354 if ((op & 1) && shift == 0) {
11355 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
11356 tcg_temp_free_i32(tmp);
11357 tcg_temp_free_i32(tmp2);
11360 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
11362 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
11366 if ((op & 1) && shift == 0) {
11367 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
11368 tcg_temp_free_i32(tmp);
11369 tcg_temp_free_i32(tmp2);
11372 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
11374 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
11377 tcg_temp_free_i32(tmp2);
11380 store_reg(s, rd, tmp);
11382 imm = ((insn & 0x04000000) >> 15)
11383 | ((insn & 0x7000) >> 4) | (insn & 0xff);
11384 if (insn & (1 << 22)) {
11385 /* 16-bit immediate. */
11386 imm |= (insn >> 4) & 0xf000;
11387 if (insn & (1 << 23)) {
11389 tmp = load_reg(s, rd);
11390 tcg_gen_ext16u_i32(tmp, tmp);
11391 tcg_gen_ori_i32(tmp, tmp, imm << 16);
11394 tmp = tcg_temp_new_i32();
11395 tcg_gen_movi_i32(tmp, imm);
11397 store_reg(s, rd, tmp);
11399 /* Add/sub 12-bit immediate. */
11401 offset = s->pc & ~(uint32_t)3;
11402 if (insn & (1 << 23))
11406 tmp = tcg_temp_new_i32();
11407 tcg_gen_movi_i32(tmp, offset);
11408 store_reg(s, rd, tmp);
11410 tmp = load_reg(s, rn);
11411 if (insn & (1 << 23))
11412 tcg_gen_subi_i32(tmp, tmp, imm);
11414 tcg_gen_addi_i32(tmp, tmp, imm);
11415 if (rn == 13 && rd == 13) {
11416 /* ADD SP, SP, imm or SUB SP, SP, imm */
11417 store_sp_checked(s, tmp);
11419 store_reg(s, rd, tmp);
11426 * 0b1111_0x0x_xxxx_0xxx_xxxx_xxxx
11427 * - Data-processing (modified immediate)
11429 int shifter_out = 0;
11430 /* modified 12-bit immediate. */
11431 shift = ((insn & 0x04000000) >> 23) | ((insn & 0x7000) >> 12);
11432 imm = (insn & 0xff);
11435 /* Nothing to do. */
11437 case 1: /* 00XY00XY */
11440 case 2: /* XY00XY00 */
11444 case 3: /* XYXYXYXY */
11448 default: /* Rotated constant. */
11449 shift = (shift << 1) | (imm >> 7);
11451 imm = imm << (32 - shift);
11455 tmp2 = tcg_temp_new_i32();
11456 tcg_gen_movi_i32(tmp2, imm);
11457 rn = (insn >> 16) & 0xf;
11459 tmp = tcg_temp_new_i32();
11460 tcg_gen_movi_i32(tmp, 0);
11462 tmp = load_reg(s, rn);
11464 op = (insn >> 21) & 0xf;
11465 if (gen_thumb2_data_op(s, op, (insn & (1 << 20)) != 0,
11466 shifter_out, tmp, tmp2))
11468 tcg_temp_free_i32(tmp2);
11469 rd = (insn >> 8) & 0xf;
11470 if (rd == 13 && rn == 13
11471 && (op == 8 || op == 13)) {
11472 /* ADD(S) SP, SP, imm or SUB(S) SP, SP, imm */
11473 store_sp_checked(s, tmp);
11474 } else if (rd != 15) {
11475 store_reg(s, rd, tmp);
11477 tcg_temp_free_i32(tmp);
11482 case 12: /* Load/store single data item. */
11489 if ((insn & 0x01100000) == 0x01000000) {
11490 if (disas_neon_ls_insn(s, insn)) {
11495 op = ((insn >> 21) & 3) | ((insn >> 22) & 4);
11497 if (!(insn & (1 << 20))) {
11501 /* Byte or halfword load space with dest == r15 : memory hints.
11502 * Catch them early so we don't emit pointless addressing code.
11503 * This space is a mix of:
11504 * PLD/PLDW/PLI, which we implement as NOPs (note that unlike
11505 * the ARM encodings, PLDW space doesn't UNDEF for non-v7MP
11507 * unallocated hints, which must be treated as NOPs
11508 * UNPREDICTABLE space, which we NOP or UNDEF depending on
11509 * which is easiest for the decoding logic
11510 * Some space which must UNDEF
11512 int op1 = (insn >> 23) & 3;
11513 int op2 = (insn >> 6) & 0x3f;
11518 /* UNPREDICTABLE, unallocated hint or
11519 * PLD/PLDW/PLI (literal)
11524 return; /* PLD/PLDW/PLI or unallocated hint */
11526 if ((op2 == 0) || ((op2 & 0x3c) == 0x30)) {
11527 return; /* PLD/PLDW/PLI or unallocated hint */
11529 /* UNDEF space, or an UNPREDICTABLE */
11533 memidx = get_mem_index(s);
11535 addr = tcg_temp_new_i32();
11537 /* s->pc has already been incremented by 4. */
11538 imm = s->pc & 0xfffffffc;
11539 if (insn & (1 << 23))
11540 imm += insn & 0xfff;
11542 imm -= insn & 0xfff;
11543 tcg_gen_movi_i32(addr, imm);
11545 addr = load_reg(s, rn);
11546 if (insn & (1 << 23)) {
11547 /* Positive offset. */
11548 imm = insn & 0xfff;
11549 tcg_gen_addi_i32(addr, addr, imm);
11552 switch ((insn >> 8) & 0xf) {
11553 case 0x0: /* Shifted Register. */
11554 shift = (insn >> 4) & 0xf;
11556 tcg_temp_free_i32(addr);
11559 tmp = load_reg(s, rm);
11561 tcg_gen_shli_i32(tmp, tmp, shift);
11562 tcg_gen_add_i32(addr, addr, tmp);
11563 tcg_temp_free_i32(tmp);
11565 case 0xc: /* Negative offset. */
11566 tcg_gen_addi_i32(addr, addr, -imm);
11568 case 0xe: /* User privilege. */
11569 tcg_gen_addi_i32(addr, addr, imm);
11570 memidx = get_a32_user_mem_index(s);
11572 case 0x9: /* Post-decrement. */
11574 /* Fall through. */
11575 case 0xb: /* Post-increment. */
11579 case 0xd: /* Pre-decrement. */
11581 /* Fall through. */
11582 case 0xf: /* Pre-increment. */
11583 tcg_gen_addi_i32(addr, addr, imm);
11587 tcg_temp_free_i32(addr);
11593 issinfo = writeback ? ISSInvalid : rs;
11595 if (insn & (1 << 20)) {
11597 tmp = tcg_temp_new_i32();
11600 gen_aa32_ld8u_iss(s, tmp, addr, memidx, issinfo);
11603 gen_aa32_ld8s_iss(s, tmp, addr, memidx, issinfo);
11606 gen_aa32_ld16u_iss(s, tmp, addr, memidx, issinfo);
11609 gen_aa32_ld16s_iss(s, tmp, addr, memidx, issinfo);
11612 gen_aa32_ld32u_iss(s, tmp, addr, memidx, issinfo);
11615 tcg_temp_free_i32(tmp);
11616 tcg_temp_free_i32(addr);
11620 gen_bx_excret(s, tmp);
11622 store_reg(s, rs, tmp);
11626 tmp = load_reg(s, rs);
11629 gen_aa32_st8_iss(s, tmp, addr, memidx, issinfo);
11632 gen_aa32_st16_iss(s, tmp, addr, memidx, issinfo);
11635 gen_aa32_st32_iss(s, tmp, addr, memidx, issinfo);
11638 tcg_temp_free_i32(tmp);
11639 tcg_temp_free_i32(addr);
11642 tcg_temp_free_i32(tmp);
11645 tcg_gen_addi_i32(addr, addr, imm);
11647 store_reg(s, rn, addr);
11649 tcg_temp_free_i32(addr);
11658 gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
11659 default_exception_el(s));
11662 static void disas_thumb_insn(DisasContext *s, uint32_t insn)
11664 uint32_t val, op, rm, rn, rd, shift, cond;
11671 switch (insn >> 12) {
11675 op = (insn >> 11) & 3;
11678 rn = (insn >> 3) & 7;
11679 tmp = load_reg(s, rn);
11680 if (insn & (1 << 10)) {
11682 tmp2 = tcg_temp_new_i32();
11683 tcg_gen_movi_i32(tmp2, (insn >> 6) & 7);
11686 rm = (insn >> 6) & 7;
11687 tmp2 = load_reg(s, rm);
11689 if (insn & (1 << 9)) {
11690 if (s->condexec_mask)
11691 tcg_gen_sub_i32(tmp, tmp, tmp2);
11693 gen_sub_CC(tmp, tmp, tmp2);
11695 if (s->condexec_mask)
11696 tcg_gen_add_i32(tmp, tmp, tmp2);
11698 gen_add_CC(tmp, tmp, tmp2);
11700 tcg_temp_free_i32(tmp2);
11701 store_reg(s, rd, tmp);
11703 /* shift immediate */
11704 rm = (insn >> 3) & 7;
11705 shift = (insn >> 6) & 0x1f;
11706 tmp = load_reg(s, rm);
11707 gen_arm_shift_im(tmp, op, shift, s->condexec_mask == 0);
11708 if (!s->condexec_mask)
11710 store_reg(s, rd, tmp);
11714 /* arithmetic large immediate */
11715 op = (insn >> 11) & 3;
11716 rd = (insn >> 8) & 0x7;
11717 if (op == 0) { /* mov */
11718 tmp = tcg_temp_new_i32();
11719 tcg_gen_movi_i32(tmp, insn & 0xff);
11720 if (!s->condexec_mask)
11722 store_reg(s, rd, tmp);
11724 tmp = load_reg(s, rd);
11725 tmp2 = tcg_temp_new_i32();
11726 tcg_gen_movi_i32(tmp2, insn & 0xff);
11729 gen_sub_CC(tmp, tmp, tmp2);
11730 tcg_temp_free_i32(tmp);
11731 tcg_temp_free_i32(tmp2);
11734 if (s->condexec_mask)
11735 tcg_gen_add_i32(tmp, tmp, tmp2);
11737 gen_add_CC(tmp, tmp, tmp2);
11738 tcg_temp_free_i32(tmp2);
11739 store_reg(s, rd, tmp);
11742 if (s->condexec_mask)
11743 tcg_gen_sub_i32(tmp, tmp, tmp2);
11745 gen_sub_CC(tmp, tmp, tmp2);
11746 tcg_temp_free_i32(tmp2);
11747 store_reg(s, rd, tmp);
11753 if (insn & (1 << 11)) {
11754 rd = (insn >> 8) & 7;
11755 /* load pc-relative. Bit 1 of PC is ignored. */
11756 val = s->pc + 2 + ((insn & 0xff) * 4);
11757 val &= ~(uint32_t)2;
11758 addr = tcg_temp_new_i32();
11759 tcg_gen_movi_i32(addr, val);
11760 tmp = tcg_temp_new_i32();
11761 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
11763 tcg_temp_free_i32(addr);
11764 store_reg(s, rd, tmp);
11767 if (insn & (1 << 10)) {
11768 /* 0b0100_01xx_xxxx_xxxx
11769 * - data processing extended, branch and exchange
11771 rd = (insn & 7) | ((insn >> 4) & 8);
11772 rm = (insn >> 3) & 0xf;
11773 op = (insn >> 8) & 3;
11776 tmp = load_reg(s, rd);
11777 tmp2 = load_reg(s, rm);
11778 tcg_gen_add_i32(tmp, tmp, tmp2);
11779 tcg_temp_free_i32(tmp2);
11781 /* ADD SP, SP, reg */
11782 store_sp_checked(s, tmp);
11784 store_reg(s, rd, tmp);
11788 tmp = load_reg(s, rd);
11789 tmp2 = load_reg(s, rm);
11790 gen_sub_CC(tmp, tmp, tmp2);
11791 tcg_temp_free_i32(tmp2);
11792 tcg_temp_free_i32(tmp);
11794 case 2: /* mov/cpy */
11795 tmp = load_reg(s, rm);
11798 store_sp_checked(s, tmp);
11800 store_reg(s, rd, tmp);
11805 /* 0b0100_0111_xxxx_xxxx
11806 * - branch [and link] exchange thumb register
11808 bool link = insn & (1 << 7);
11817 /* BXNS/BLXNS: only exists for v8M with the
11818 * security extensions, and always UNDEF if NonSecure.
11819 * We don't implement these in the user-only mode
11820 * either (in theory you can use them from Secure User
11821 * mode but they are too tied in to system emulation.)
11823 if (!s->v8m_secure || IS_USER_ONLY) {
11834 tmp = load_reg(s, rm);
11836 val = (uint32_t)s->pc | 1;
11837 tmp2 = tcg_temp_new_i32();
11838 tcg_gen_movi_i32(tmp2, val);
11839 store_reg(s, 14, tmp2);
11842 /* Only BX works as exception-return, not BLX */
11843 gen_bx_excret(s, tmp);
11851 /* data processing register */
11853 rm = (insn >> 3) & 7;
11854 op = (insn >> 6) & 0xf;
11855 if (op == 2 || op == 3 || op == 4 || op == 7) {
11856 /* the shift/rotate ops want the operands backwards */
11865 if (op == 9) { /* neg */
11866 tmp = tcg_temp_new_i32();
11867 tcg_gen_movi_i32(tmp, 0);
11868 } else if (op != 0xf) { /* mvn doesn't read its first operand */
11869 tmp = load_reg(s, rd);
11874 tmp2 = load_reg(s, rm);
11876 case 0x0: /* and */
11877 tcg_gen_and_i32(tmp, tmp, tmp2);
11878 if (!s->condexec_mask)
11881 case 0x1: /* eor */
11882 tcg_gen_xor_i32(tmp, tmp, tmp2);
11883 if (!s->condexec_mask)
11886 case 0x2: /* lsl */
11887 if (s->condexec_mask) {
11888 gen_shl(tmp2, tmp2, tmp);
11890 gen_helper_shl_cc(tmp2, cpu_env, tmp2, tmp);
11891 gen_logic_CC(tmp2);
11894 case 0x3: /* lsr */
11895 if (s->condexec_mask) {
11896 gen_shr(tmp2, tmp2, tmp);
11898 gen_helper_shr_cc(tmp2, cpu_env, tmp2, tmp);
11899 gen_logic_CC(tmp2);
11902 case 0x4: /* asr */
11903 if (s->condexec_mask) {
11904 gen_sar(tmp2, tmp2, tmp);
11906 gen_helper_sar_cc(tmp2, cpu_env, tmp2, tmp);
11907 gen_logic_CC(tmp2);
11910 case 0x5: /* adc */
11911 if (s->condexec_mask) {
11912 gen_adc(tmp, tmp2);
11914 gen_adc_CC(tmp, tmp, tmp2);
11917 case 0x6: /* sbc */
11918 if (s->condexec_mask) {
11919 gen_sub_carry(tmp, tmp, tmp2);
11921 gen_sbc_CC(tmp, tmp, tmp2);
11924 case 0x7: /* ror */
11925 if (s->condexec_mask) {
11926 tcg_gen_andi_i32(tmp, tmp, 0x1f);
11927 tcg_gen_rotr_i32(tmp2, tmp2, tmp);
11929 gen_helper_ror_cc(tmp2, cpu_env, tmp2, tmp);
11930 gen_logic_CC(tmp2);
11933 case 0x8: /* tst */
11934 tcg_gen_and_i32(tmp, tmp, tmp2);
11938 case 0x9: /* neg */
11939 if (s->condexec_mask)
11940 tcg_gen_neg_i32(tmp, tmp2);
11942 gen_sub_CC(tmp, tmp, tmp2);
11944 case 0xa: /* cmp */
11945 gen_sub_CC(tmp, tmp, tmp2);
11948 case 0xb: /* cmn */
11949 gen_add_CC(tmp, tmp, tmp2);
11952 case 0xc: /* orr */
11953 tcg_gen_or_i32(tmp, tmp, tmp2);
11954 if (!s->condexec_mask)
11957 case 0xd: /* mul */
11958 tcg_gen_mul_i32(tmp, tmp, tmp2);
11959 if (!s->condexec_mask)
11962 case 0xe: /* bic */
11963 tcg_gen_andc_i32(tmp, tmp, tmp2);
11964 if (!s->condexec_mask)
11967 case 0xf: /* mvn */
11968 tcg_gen_not_i32(tmp2, tmp2);
11969 if (!s->condexec_mask)
11970 gen_logic_CC(tmp2);
11977 store_reg(s, rm, tmp2);
11979 tcg_temp_free_i32(tmp);
11981 store_reg(s, rd, tmp);
11982 tcg_temp_free_i32(tmp2);
11985 tcg_temp_free_i32(tmp);
11986 tcg_temp_free_i32(tmp2);
11991 /* load/store register offset. */
11993 rn = (insn >> 3) & 7;
11994 rm = (insn >> 6) & 7;
11995 op = (insn >> 9) & 7;
11996 addr = load_reg(s, rn);
11997 tmp = load_reg(s, rm);
11998 tcg_gen_add_i32(addr, addr, tmp);
11999 tcg_temp_free_i32(tmp);
12001 if (op < 3) { /* store */
12002 tmp = load_reg(s, rd);
12004 tmp = tcg_temp_new_i32();
12009 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
12012 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
12015 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
12017 case 3: /* ldrsb */
12018 gen_aa32_ld8s_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
12021 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
12024 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
12027 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
12029 case 7: /* ldrsh */
12030 gen_aa32_ld16s_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
12033 if (op >= 3) { /* load */
12034 store_reg(s, rd, tmp);
12036 tcg_temp_free_i32(tmp);
12038 tcg_temp_free_i32(addr);
12042 /* load/store word immediate offset */
12044 rn = (insn >> 3) & 7;
12045 addr = load_reg(s, rn);
12046 val = (insn >> 4) & 0x7c;
12047 tcg_gen_addi_i32(addr, addr, val);
12049 if (insn & (1 << 11)) {
12051 tmp = tcg_temp_new_i32();
12052 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
12053 store_reg(s, rd, tmp);
12056 tmp = load_reg(s, rd);
12057 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
12058 tcg_temp_free_i32(tmp);
12060 tcg_temp_free_i32(addr);
12064 /* load/store byte immediate offset */
12066 rn = (insn >> 3) & 7;
12067 addr = load_reg(s, rn);
12068 val = (insn >> 6) & 0x1f;
12069 tcg_gen_addi_i32(addr, addr, val);
12071 if (insn & (1 << 11)) {
12073 tmp = tcg_temp_new_i32();
12074 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
12075 store_reg(s, rd, tmp);
12078 tmp = load_reg(s, rd);
12079 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
12080 tcg_temp_free_i32(tmp);
12082 tcg_temp_free_i32(addr);
12086 /* load/store halfword immediate offset */
12088 rn = (insn >> 3) & 7;
12089 addr = load_reg(s, rn);
12090 val = (insn >> 5) & 0x3e;
12091 tcg_gen_addi_i32(addr, addr, val);
12093 if (insn & (1 << 11)) {
12095 tmp = tcg_temp_new_i32();
12096 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
12097 store_reg(s, rd, tmp);
12100 tmp = load_reg(s, rd);
12101 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
12102 tcg_temp_free_i32(tmp);
12104 tcg_temp_free_i32(addr);
12108 /* load/store from stack */
12109 rd = (insn >> 8) & 7;
12110 addr = load_reg(s, 13);
12111 val = (insn & 0xff) * 4;
12112 tcg_gen_addi_i32(addr, addr, val);
12114 if (insn & (1 << 11)) {
12116 tmp = tcg_temp_new_i32();
12117 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
12118 store_reg(s, rd, tmp);
12121 tmp = load_reg(s, rd);
12122 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
12123 tcg_temp_free_i32(tmp);
12125 tcg_temp_free_i32(addr);
12130 * 0b1010_xxxx_xxxx_xxxx
12131 * - Add PC/SP (immediate)
12133 rd = (insn >> 8) & 7;
12134 if (insn & (1 << 11)) {
12136 tmp = load_reg(s, 13);
12138 /* PC. bit 1 is ignored. */
12139 tmp = tcg_temp_new_i32();
12140 tcg_gen_movi_i32(tmp, (s->pc + 2) & ~(uint32_t)2);
12142 val = (insn & 0xff) * 4;
12143 tcg_gen_addi_i32(tmp, tmp, val);
12144 store_reg(s, rd, tmp);
12149 op = (insn >> 8) & 0xf;
12153 * 0b1011_0000_xxxx_xxxx
12154 * - ADD (SP plus immediate)
12155 * - SUB (SP minus immediate)
12157 tmp = load_reg(s, 13);
12158 val = (insn & 0x7f) * 4;
12159 if (insn & (1 << 7))
12160 val = -(int32_t)val;
12161 tcg_gen_addi_i32(tmp, tmp, val);
12162 store_sp_checked(s, tmp);
12165 case 2: /* sign/zero extend. */
12168 rm = (insn >> 3) & 7;
12169 tmp = load_reg(s, rm);
12170 switch ((insn >> 6) & 3) {
12171 case 0: gen_sxth(tmp); break;
12172 case 1: gen_sxtb(tmp); break;
12173 case 2: gen_uxth(tmp); break;
12174 case 3: gen_uxtb(tmp); break;
12176 store_reg(s, rd, tmp);
12178 case 4: case 5: case 0xc: case 0xd:
12180 addr = load_reg(s, 13);
12181 if (insn & (1 << 8))
12185 for (i = 0; i < 8; i++) {
12186 if (insn & (1 << i))
12189 if ((insn & (1 << 11)) == 0) {
12190 tcg_gen_addi_i32(addr, addr, -offset);
12192 for (i = 0; i < 8; i++) {
12193 if (insn & (1 << i)) {
12194 if (insn & (1 << 11)) {
12196 tmp = tcg_temp_new_i32();
12197 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
12198 store_reg(s, i, tmp);
12201 tmp = load_reg(s, i);
12202 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
12203 tcg_temp_free_i32(tmp);
12205 /* advance to the next address. */
12206 tcg_gen_addi_i32(addr, addr, 4);
12210 if (insn & (1 << 8)) {
12211 if (insn & (1 << 11)) {
12213 tmp = tcg_temp_new_i32();
12214 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
12215 /* don't set the pc until the rest of the instruction
12219 tmp = load_reg(s, 14);
12220 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
12221 tcg_temp_free_i32(tmp);
12223 tcg_gen_addi_i32(addr, addr, 4);
12225 if ((insn & (1 << 11)) == 0) {
12226 tcg_gen_addi_i32(addr, addr, -offset);
12228 /* write back the new stack pointer */
12229 store_reg(s, 13, addr);
12230 /* set the new PC value */
12231 if ((insn & 0x0900) == 0x0900) {
12232 store_reg_from_load(s, 15, tmp);
12236 case 1: case 3: case 9: case 11: /* czb */
12238 tmp = load_reg(s, rm);
12239 arm_gen_condlabel(s);
12240 if (insn & (1 << 11))
12241 tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, s->condlabel);
12243 tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, s->condlabel);
12244 tcg_temp_free_i32(tmp);
12245 offset = ((insn & 0xf8) >> 2) | (insn & 0x200) >> 3;
12246 val = (uint32_t)s->pc + 2;
12251 case 15: /* IT, nop-hint. */
12252 if ((insn & 0xf) == 0) {
12253 gen_nop_hint(s, (insn >> 4) & 0xf);
12257 s->condexec_cond = (insn >> 4) & 0xe;
12258 s->condexec_mask = insn & 0x1f;
12259 /* No actual code generated for this insn, just setup state. */
12262 case 0xe: /* bkpt */
12264 int imm8 = extract32(insn, 0, 8);
12266 gen_exception_bkpt_insn(s, 2, syn_aa32_bkpt(imm8, true));
12270 case 0xa: /* rev, and hlt */
12272 int op1 = extract32(insn, 6, 2);
12276 int imm6 = extract32(insn, 0, 6);
12282 /* Otherwise this is rev */
12284 rn = (insn >> 3) & 0x7;
12286 tmp = load_reg(s, rn);
12288 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
12289 case 1: gen_rev16(tmp); break;
12290 case 3: gen_revsh(tmp); break;
12292 g_assert_not_reached();
12294 store_reg(s, rd, tmp);
12299 switch ((insn >> 5) & 7) {
12303 if (((insn >> 3) & 1) != !!(s->be_data == MO_BE)) {
12304 gen_helper_setend(cpu_env);
12305 s->base.is_jmp = DISAS_UPDATE;
12314 if (arm_dc_feature(s, ARM_FEATURE_M)) {
12315 tmp = tcg_const_i32((insn & (1 << 4)) != 0);
12318 addr = tcg_const_i32(19);
12319 gen_helper_v7m_msr(cpu_env, addr, tmp);
12320 tcg_temp_free_i32(addr);
12324 addr = tcg_const_i32(16);
12325 gen_helper_v7m_msr(cpu_env, addr, tmp);
12326 tcg_temp_free_i32(addr);
12328 tcg_temp_free_i32(tmp);
12331 if (insn & (1 << 4)) {
12332 shift = CPSR_A | CPSR_I | CPSR_F;
12336 gen_set_psr_im(s, ((insn & 7) << 6), 0, shift);
12351 /* load/store multiple */
12352 TCGv_i32 loaded_var = NULL;
12353 rn = (insn >> 8) & 0x7;
12354 addr = load_reg(s, rn);
12355 for (i = 0; i < 8; i++) {
12356 if (insn & (1 << i)) {
12357 if (insn & (1 << 11)) {
12359 tmp = tcg_temp_new_i32();
12360 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
12364 store_reg(s, i, tmp);
12368 tmp = load_reg(s, i);
12369 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
12370 tcg_temp_free_i32(tmp);
12372 /* advance to the next address */
12373 tcg_gen_addi_i32(addr, addr, 4);
12376 if ((insn & (1 << rn)) == 0) {
12377 /* base reg not in list: base register writeback */
12378 store_reg(s, rn, addr);
12380 /* base reg in list: if load, complete it now */
12381 if (insn & (1 << 11)) {
12382 store_reg(s, rn, loaded_var);
12384 tcg_temp_free_i32(addr);
12389 /* conditional branch or swi */
12390 cond = (insn >> 8) & 0xf;
12396 gen_set_pc_im(s, s->pc);
12397 s->svc_imm = extract32(insn, 0, 8);
12398 s->base.is_jmp = DISAS_SWI;
12401 /* generate a conditional jump to next instruction */
12402 arm_skip_unless(s, cond);
12404 /* jump to the offset */
12405 val = (uint32_t)s->pc + 2;
12406 offset = ((int32_t)insn << 24) >> 24;
12407 val += offset << 1;
12412 if (insn & (1 << 11)) {
12413 /* thumb_insn_is_16bit() ensures we can't get here for
12414 * a Thumb2 CPU, so this must be a thumb1 split BL/BLX:
12415 * 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF)
12417 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2));
12419 offset = ((insn & 0x7ff) << 1);
12420 tmp = load_reg(s, 14);
12421 tcg_gen_addi_i32(tmp, tmp, offset);
12422 tcg_gen_andi_i32(tmp, tmp, 0xfffffffc);
12424 tmp2 = tcg_temp_new_i32();
12425 tcg_gen_movi_i32(tmp2, s->pc | 1);
12426 store_reg(s, 14, tmp2);
12430 /* unconditional branch */
12431 val = (uint32_t)s->pc;
12432 offset = ((int32_t)insn << 21) >> 21;
12433 val += (offset << 1) + 2;
12438 /* thumb_insn_is_16bit() ensures we can't get here for
12439 * a Thumb2 CPU, so this must be a thumb1 split BL/BLX.
12441 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2));
12443 if (insn & (1 << 11)) {
12444 /* 0b1111_1xxx_xxxx_xxxx : BL suffix */
12445 offset = ((insn & 0x7ff) << 1) | 1;
12446 tmp = load_reg(s, 14);
12447 tcg_gen_addi_i32(tmp, tmp, offset);
12449 tmp2 = tcg_temp_new_i32();
12450 tcg_gen_movi_i32(tmp2, s->pc | 1);
12451 store_reg(s, 14, tmp2);
12454 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix */
12455 uint32_t uoffset = ((int32_t)insn << 21) >> 9;
12457 tcg_gen_movi_i32(cpu_R[14], s->pc + 2 + uoffset);
12464 gen_exception_insn(s, 2, EXCP_UDEF, syn_uncategorized(),
12465 default_exception_el(s));
12468 static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
12470 /* Return true if the insn at dc->pc might cross a page boundary.
12471 * (False positives are OK, false negatives are not.)
12472 * We know this is a Thumb insn, and our caller ensures we are
12473 * only called if dc->pc is less than 4 bytes from the page
12474 * boundary, so we cross the page if the first 16 bits indicate
12475 * that this is a 32 bit insn.
12477 uint16_t insn = arm_lduw_code(env, s->pc, s->sctlr_b);
12479 return !thumb_insn_is_16bit(s, insn);
12482 static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
12484 DisasContext *dc = container_of(dcbase, DisasContext, base);
12485 CPUARMState *env = cs->env_ptr;
12486 ARMCPU *cpu = arm_env_get_cpu(env);
12488 dc->pc = dc->base.pc_first;
12492 /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
12493 * there is no secure EL1, so we route exceptions to EL3.
12495 dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
12496 !arm_el_is_aa64(env, 3);
12497 dc->thumb = ARM_TBFLAG_THUMB(dc->base.tb->flags);
12498 dc->sctlr_b = ARM_TBFLAG_SCTLR_B(dc->base.tb->flags);
12499 dc->be_data = ARM_TBFLAG_BE_DATA(dc->base.tb->flags) ? MO_BE : MO_LE;
12500 dc->condexec_mask = (ARM_TBFLAG_CONDEXEC(dc->base.tb->flags) & 0xf) << 1;
12501 dc->condexec_cond = ARM_TBFLAG_CONDEXEC(dc->base.tb->flags) >> 4;
12502 dc->mmu_idx = core_to_arm_mmu_idx(env, ARM_TBFLAG_MMUIDX(dc->base.tb->flags));
12503 dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
12504 #if !defined(CONFIG_USER_ONLY)
12505 dc->user = (dc->current_el == 0);
12507 dc->ns = ARM_TBFLAG_NS(dc->base.tb->flags);
12508 dc->fp_excp_el = ARM_TBFLAG_FPEXC_EL(dc->base.tb->flags);
12509 dc->vfp_enabled = ARM_TBFLAG_VFPEN(dc->base.tb->flags);
12510 dc->vec_len = ARM_TBFLAG_VECLEN(dc->base.tb->flags);
12511 dc->vec_stride = ARM_TBFLAG_VECSTRIDE(dc->base.tb->flags);
12512 dc->c15_cpar = ARM_TBFLAG_XSCALE_CPAR(dc->base.tb->flags);
12513 dc->v7m_handler_mode = ARM_TBFLAG_HANDLER(dc->base.tb->flags);
12514 dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
12515 regime_is_secure(env, dc->mmu_idx);
12516 dc->v8m_stackcheck = ARM_TBFLAG_STACKCHECK(dc->base.tb->flags);
12517 dc->cp_regs = cpu->cp_regs;
12518 dc->features = env->features;
12520 /* Single step state. The code-generation logic here is:
12522 * generate code with no special handling for single-stepping (except
12523 * that anything that can make us go to SS_ACTIVE == 1 must end the TB;
12524 * this happens anyway because those changes are all system register or
12526 * SS_ACTIVE == 1, PSTATE.SS == 1: (active-not-pending)
12527 * emit code for one insn
12528 * emit code to clear PSTATE.SS
12529 * emit code to generate software step exception for completed step
12530 * end TB (as usual for having generated an exception)
12531 * SS_ACTIVE == 1, PSTATE.SS == 0: (active-pending)
12532 * emit code to generate a software step exception
12535 dc->ss_active = ARM_TBFLAG_SS_ACTIVE(dc->base.tb->flags);
12536 dc->pstate_ss = ARM_TBFLAG_PSTATE_SS(dc->base.tb->flags);
12537 dc->is_ldex = false;
12538 dc->ss_same_el = false; /* Can't be true since EL_d must be AArch64 */
12540 dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
12542 /* If architectural single step active, limit to 1. */
12543 if (is_singlestepping(dc)) {
12544 dc->base.max_insns = 1;
12547 /* ARM is a fixed-length ISA. Bound the number of insns to execute
12548 to those left on the page. */
12550 int bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
12551 dc->base.max_insns = MIN(dc->base.max_insns, bound);
12554 cpu_F0s = tcg_temp_new_i32();
12555 cpu_F1s = tcg_temp_new_i32();
12556 cpu_F0d = tcg_temp_new_i64();
12557 cpu_F1d = tcg_temp_new_i64();
12560 /* FIXME: cpu_M0 can probably be the same as cpu_V0. */
12561 cpu_M0 = tcg_temp_new_i64();
12564 static void arm_tr_tb_start(DisasContextBase *dcbase, CPUState *cpu)
12566 DisasContext *dc = container_of(dcbase, DisasContext, base);
12568 /* A note on handling of the condexec (IT) bits:
12570 * We want to avoid the overhead of having to write the updated condexec
12571 * bits back to the CPUARMState for every instruction in an IT block. So:
12572 * (1) if the condexec bits are not already zero then we write
12573 * zero back into the CPUARMState now. This avoids complications trying
12574 * to do it at the end of the block. (For example if we don't do this
12575 * it's hard to identify whether we can safely skip writing condexec
12576 * at the end of the TB, which we definitely want to do for the case
12577 * where a TB doesn't do anything with the IT state at all.)
12578 * (2) if we are going to leave the TB then we call gen_set_condexec()
12579 * which will write the correct value into CPUARMState if zero is wrong.
12580 * This is done both for leaving the TB at the end, and for leaving
12581 * it because of an exception we know will happen, which is done in
12582 * gen_exception_insn(). The latter is necessary because we need to
12583 * leave the TB with the PC/IT state just prior to execution of the
12584 * instruction which caused the exception.
12585 * (3) if we leave the TB unexpectedly (eg a data abort on a load)
12586 * then the CPUARMState will be wrong and we need to reset it.
12587 * This is handled in the same way as restoration of the
12588 * PC in these situations; we save the value of the condexec bits
12589 * for each PC via tcg_gen_insn_start(), and restore_state_to_opc()
12590 * then uses this to restore them after an exception.
12592 * Note that there are no instructions which can read the condexec
12593 * bits, and none which can write non-static values to them, so
12594 * we don't need to care about whether CPUARMState is correct in the
12598 /* Reset the conditional execution bits immediately. This avoids
12599 complications trying to do it at the end of the block. */
12600 if (dc->condexec_mask || dc->condexec_cond) {
12601 TCGv_i32 tmp = tcg_temp_new_i32();
12602 tcg_gen_movi_i32(tmp, 0);
12603 store_cpu_field(tmp, condexec_bits);
12605 tcg_clear_temp_count();
12608 static void arm_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
12610 DisasContext *dc = container_of(dcbase, DisasContext, base);
12612 tcg_gen_insn_start(dc->pc,
12613 (dc->condexec_cond << 4) | (dc->condexec_mask >> 1),
12615 dc->insn_start = tcg_last_op();
12618 static bool arm_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
12619 const CPUBreakpoint *bp)
12621 DisasContext *dc = container_of(dcbase, DisasContext, base);
12623 if (bp->flags & BP_CPU) {
12624 gen_set_condexec(dc);
12625 gen_set_pc_im(dc, dc->pc);
12626 gen_helper_check_breakpoints(cpu_env);
12627 /* End the TB early; it's likely not going to be executed */
12628 dc->base.is_jmp = DISAS_TOO_MANY;
12630 gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
12631 /* The address covered by the breakpoint must be
12632 included in [tb->pc, tb->pc + tb->size) in order
12633 to for it to be properly cleared -- thus we
12634 increment the PC here so that the logic setting
12635 tb->size below does the right thing. */
12636 /* TODO: Advance PC by correct instruction length to
12637 * avoid disassembler error messages */
12639 dc->base.is_jmp = DISAS_NORETURN;
12645 static bool arm_pre_translate_insn(DisasContext *dc)
12647 #ifdef CONFIG_USER_ONLY
12648 /* Intercept jump to the magic kernel page. */
12649 if (dc->pc >= 0xffff0000) {
12650 /* We always get here via a jump, so know we are not in a
12651 conditional execution block. */
12652 gen_exception_internal(EXCP_KERNEL_TRAP);
12653 dc->base.is_jmp = DISAS_NORETURN;
12658 if (dc->ss_active && !dc->pstate_ss) {
12659 /* Singlestep state is Active-pending.
12660 * If we're in this state at the start of a TB then either
12661 * a) we just took an exception to an EL which is being debugged
12662 * and this is the first insn in the exception handler
12663 * b) debug exceptions were masked and we just unmasked them
12664 * without changing EL (eg by clearing PSTATE.D)
12665 * In either case we're going to take a swstep exception in the
12666 * "did not step an insn" case, and so the syndrome ISV and EX
12667 * bits should be zero.
12669 assert(dc->base.num_insns == 1);
12670 gen_exception(EXCP_UDEF, syn_swstep(dc->ss_same_el, 0, 0),
12671 default_exception_el(dc));
12672 dc->base.is_jmp = DISAS_NORETURN;
12679 static void arm_post_translate_insn(DisasContext *dc)
12681 if (dc->condjmp && !dc->base.is_jmp) {
12682 gen_set_label(dc->condlabel);
12685 dc->base.pc_next = dc->pc;
12686 translator_loop_temp_check(&dc->base);
12689 static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
12691 DisasContext *dc = container_of(dcbase, DisasContext, base);
12692 CPUARMState *env = cpu->env_ptr;
12695 if (arm_pre_translate_insn(dc)) {
12699 insn = arm_ldl_code(env, dc->pc, dc->sctlr_b);
12702 disas_arm_insn(dc, insn);
12704 arm_post_translate_insn(dc);
12706 /* ARM is a fixed-length ISA. We performed the cross-page check
12707 in init_disas_context by adjusting max_insns. */
12710 static bool thumb_insn_is_unconditional(DisasContext *s, uint32_t insn)
12712 /* Return true if this Thumb insn is always unconditional,
12713 * even inside an IT block. This is true of only a very few
12714 * instructions: BKPT, HLT, and SG.
12716 * A larger class of instructions are UNPREDICTABLE if used
12717 * inside an IT block; we do not need to detect those here, because
12718 * what we do by default (perform the cc check and update the IT
12719 * bits state machine) is a permitted CONSTRAINED UNPREDICTABLE
12720 * choice for those situations.
12722 * insn is either a 16-bit or a 32-bit instruction; the two are
12723 * distinguishable because for the 16-bit case the top 16 bits
12724 * are zeroes, and that isn't a valid 32-bit encoding.
12726 if ((insn & 0xffffff00) == 0xbe00) {
12731 if ((insn & 0xffffffc0) == 0xba80 && arm_dc_feature(s, ARM_FEATURE_V8) &&
12732 !arm_dc_feature(s, ARM_FEATURE_M)) {
12733 /* HLT: v8A only. This is unconditional even when it is going to
12734 * UNDEF; see the v8A ARM ARM DDI0487B.a H3.3.
12735 * For v7 cores this was a plain old undefined encoding and so
12736 * honours its cc check. (We might be using the encoding as
12737 * a semihosting trap, but we don't change the cc check behaviour
12738 * on that account, because a debugger connected to a real v7A
12739 * core and emulating semihosting traps by catching the UNDEF
12740 * exception would also only see cases where the cc check passed.
12741 * No guest code should be trying to do a HLT semihosting trap
12742 * in an IT block anyway.
12747 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_V8) &&
12748 arm_dc_feature(s, ARM_FEATURE_M)) {
12756 static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
12758 DisasContext *dc = container_of(dcbase, DisasContext, base);
12759 CPUARMState *env = cpu->env_ptr;
12763 if (arm_pre_translate_insn(dc)) {
12767 insn = arm_lduw_code(env, dc->pc, dc->sctlr_b);
12768 is_16bit = thumb_insn_is_16bit(dc, insn);
12771 uint32_t insn2 = arm_lduw_code(env, dc->pc, dc->sctlr_b);
12773 insn = insn << 16 | insn2;
12778 if (dc->condexec_mask && !thumb_insn_is_unconditional(dc, insn)) {
12779 uint32_t cond = dc->condexec_cond;
12781 if (cond != 0x0e) { /* Skip conditional when condition is AL. */
12782 arm_skip_unless(dc, cond);
12787 disas_thumb_insn(dc, insn);
12789 disas_thumb2_insn(dc, insn);
12792 /* Advance the Thumb condexec condition. */
12793 if (dc->condexec_mask) {
12794 dc->condexec_cond = ((dc->condexec_cond & 0xe) |
12795 ((dc->condexec_mask >> 4) & 1));
12796 dc->condexec_mask = (dc->condexec_mask << 1) & 0x1f;
12797 if (dc->condexec_mask == 0) {
12798 dc->condexec_cond = 0;
12802 arm_post_translate_insn(dc);
12804 /* Thumb is a variable-length ISA. Stop translation when the next insn
12805 * will touch a new page. This ensures that prefetch aborts occur at
12808 * We want to stop the TB if the next insn starts in a new page,
12809 * or if it spans between this page and the next. This means that
12810 * if we're looking at the last halfword in the page we need to
12811 * see if it's a 16-bit Thumb insn (which will fit in this TB)
12812 * or a 32-bit Thumb insn (which won't).
12813 * This is to avoid generating a silly TB with a single 16-bit insn
12814 * in it at the end of this page (which would execute correctly
12815 * but isn't very efficient).
12817 if (dc->base.is_jmp == DISAS_NEXT
12818 && (dc->pc - dc->page_start >= TARGET_PAGE_SIZE
12819 || (dc->pc - dc->page_start >= TARGET_PAGE_SIZE - 3
12820 && insn_crosses_page(env, dc)))) {
12821 dc->base.is_jmp = DISAS_TOO_MANY;
12825 static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
12827 DisasContext *dc = container_of(dcbase, DisasContext, base);
12829 if (tb_cflags(dc->base.tb) & CF_LAST_IO && dc->condjmp) {
12830 /* FIXME: This can theoretically happen with self-modifying code. */
12831 cpu_abort(cpu, "IO on conditional branch instruction");
12834 /* At this stage dc->condjmp will only be set when the skipped
12835 instruction was a conditional branch or trap, and the PC has
12836 already been written. */
12837 gen_set_condexec(dc);
12838 if (dc->base.is_jmp == DISAS_BX_EXCRET) {
12839 /* Exception return branches need some special case code at the
12840 * end of the TB, which is complex enough that it has to
12841 * handle the single-step vs not and the condition-failed
12842 * insn codepath itself.
12844 gen_bx_excret_final_code(dc);
12845 } else if (unlikely(is_singlestepping(dc))) {
12846 /* Unconditional and "condition passed" instruction codepath. */
12847 switch (dc->base.is_jmp) {
12849 gen_ss_advance(dc);
12850 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
12851 default_exception_el(dc));
12854 gen_ss_advance(dc);
12855 gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
12858 gen_ss_advance(dc);
12859 gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
12862 case DISAS_TOO_MANY:
12864 gen_set_pc_im(dc, dc->pc);
12867 /* FIXME: Single stepping a WFI insn will not halt the CPU. */
12868 gen_singlestep_exception(dc);
12870 case DISAS_NORETURN:
12874 /* While branches must always occur at the end of an IT block,
12875 there are a few other things that can cause us to terminate
12876 the TB in the middle of an IT block:
12877 - Exception generating instructions (bkpt, swi, undefined).
12879 - Hardware watchpoints.
12880 Hardware breakpoints have already been handled and skip this code.
12882 switch(dc->base.is_jmp) {
12884 case DISAS_TOO_MANY:
12885 gen_goto_tb(dc, 1, dc->pc);
12891 gen_set_pc_im(dc, dc->pc);
12894 /* indicate that the hash table must be used to find the next TB */
12895 tcg_gen_exit_tb(NULL, 0);
12897 case DISAS_NORETURN:
12898 /* nothing more to generate */
12902 TCGv_i32 tmp = tcg_const_i32((dc->thumb &&
12903 !(dc->insn & (1U << 31))) ? 2 : 4);
12905 gen_helper_wfi(cpu_env, tmp);
12906 tcg_temp_free_i32(tmp);
12907 /* The helper doesn't necessarily throw an exception, but we
12908 * must go back to the main loop to check for interrupts anyway.
12910 tcg_gen_exit_tb(NULL, 0);
12914 gen_helper_wfe(cpu_env);
12917 gen_helper_yield(cpu_env);
12920 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
12921 default_exception_el(dc));
12924 gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
12927 gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
12933 /* "Condition failed" instruction codepath for the branch/trap insn */
12934 gen_set_label(dc->condlabel);
12935 gen_set_condexec(dc);
12936 if (unlikely(is_singlestepping(dc))) {
12937 gen_set_pc_im(dc, dc->pc);
12938 gen_singlestep_exception(dc);
12940 gen_goto_tb(dc, 1, dc->pc);
12944 /* Functions above can change dc->pc, so re-align db->pc_next */
12945 dc->base.pc_next = dc->pc;
12948 static void arm_tr_disas_log(const DisasContextBase *dcbase, CPUState *cpu)
12950 DisasContext *dc = container_of(dcbase, DisasContext, base);
12952 qemu_log("IN: %s\n", lookup_symbol(dc->base.pc_first));
12953 log_target_disas(cpu, dc->base.pc_first, dc->base.tb->size);
12956 static const TranslatorOps arm_translator_ops = {
12957 .init_disas_context = arm_tr_init_disas_context,
12958 .tb_start = arm_tr_tb_start,
12959 .insn_start = arm_tr_insn_start,
12960 .breakpoint_check = arm_tr_breakpoint_check,
12961 .translate_insn = arm_tr_translate_insn,
12962 .tb_stop = arm_tr_tb_stop,
12963 .disas_log = arm_tr_disas_log,
12966 static const TranslatorOps thumb_translator_ops = {
12967 .init_disas_context = arm_tr_init_disas_context,
12968 .tb_start = arm_tr_tb_start,
12969 .insn_start = arm_tr_insn_start,
12970 .breakpoint_check = arm_tr_breakpoint_check,
12971 .translate_insn = thumb_tr_translate_insn,
12972 .tb_stop = arm_tr_tb_stop,
12973 .disas_log = arm_tr_disas_log,
12976 /* generate intermediate code for basic block 'tb'. */
12977 void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb)
12980 const TranslatorOps *ops = &arm_translator_ops;
12982 if (ARM_TBFLAG_THUMB(tb->flags)) {
12983 ops = &thumb_translator_ops;
12985 #ifdef TARGET_AARCH64
12986 if (ARM_TBFLAG_AARCH64_STATE(tb->flags)) {
12987 ops = &aarch64_translator_ops;
12991 translator_loop(ops, &dc.base, cpu, tb);
12994 static const char *cpu_mode_names[16] = {
12995 "usr", "fiq", "irq", "svc", "???", "???", "mon", "abt",
12996 "???", "???", "hyp", "und", "???", "???", "???", "sys"
12999 void arm_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
13002 ARMCPU *cpu = ARM_CPU(cs);
13003 CPUARMState *env = &cpu->env;
13007 aarch64_cpu_dump_state(cs, f, cpu_fprintf, flags);
13011 for(i=0;i<16;i++) {
13012 cpu_fprintf(f, "R%02d=%08x", i, env->regs[i]);
13014 cpu_fprintf(f, "\n");
13016 cpu_fprintf(f, " ");
13019 if (arm_feature(env, ARM_FEATURE_M)) {
13020 uint32_t xpsr = xpsr_read(env);
13022 const char *ns_status = "";
13024 if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
13025 ns_status = env->v7m.secure ? "S " : "NS ";
13028 if (xpsr & XPSR_EXCP) {
13031 if (env->v7m.control[env->v7m.secure] & R_V7M_CONTROL_NPRIV_MASK) {
13032 mode = "unpriv-thread";
13034 mode = "priv-thread";
13038 cpu_fprintf(f, "XPSR=%08x %c%c%c%c %c %s%s\n",
13040 xpsr & XPSR_N ? 'N' : '-',
13041 xpsr & XPSR_Z ? 'Z' : '-',
13042 xpsr & XPSR_C ? 'C' : '-',
13043 xpsr & XPSR_V ? 'V' : '-',
13044 xpsr & XPSR_T ? 'T' : 'A',
13048 uint32_t psr = cpsr_read(env);
13049 const char *ns_status = "";
13051 if (arm_feature(env, ARM_FEATURE_EL3) &&
13052 (psr & CPSR_M) != ARM_CPU_MODE_MON) {
13053 ns_status = env->cp15.scr_el3 & SCR_NS ? "NS " : "S ";
13056 cpu_fprintf(f, "PSR=%08x %c%c%c%c %c %s%s%d\n",
13058 psr & CPSR_N ? 'N' : '-',
13059 psr & CPSR_Z ? 'Z' : '-',
13060 psr & CPSR_C ? 'C' : '-',
13061 psr & CPSR_V ? 'V' : '-',
13062 psr & CPSR_T ? 'T' : 'A',
13064 cpu_mode_names[psr & 0xf], (psr & 0x10) ? 32 : 26);
13067 if (flags & CPU_DUMP_FPU) {
13068 int numvfpregs = 0;
13069 if (arm_feature(env, ARM_FEATURE_VFP)) {
13072 if (arm_feature(env, ARM_FEATURE_VFP3)) {
13075 for (i = 0; i < numvfpregs; i++) {
13076 uint64_t v = *aa32_vfp_dreg(env, i);
13077 cpu_fprintf(f, "s%02d=%08x s%02d=%08x d%02d=%016" PRIx64 "\n",
13078 i * 2, (uint32_t)v,
13079 i * 2 + 1, (uint32_t)(v >> 32),
13082 cpu_fprintf(f, "FPSCR: %08x\n", (int)env->vfp.xregs[ARM_VFP_FPSCR]);
13086 void restore_state_to_opc(CPUARMState *env, TranslationBlock *tb,
13087 target_ulong *data)
13091 env->condexec_bits = 0;
13092 env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
13094 env->regs[15] = data[0];
13095 env->condexec_bits = data[1];
13096 env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
projects / qemu.git / blob