4 * Copyright (c) 2003 Fabrice Bellard
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
26 #include "qemu/host-utils.h"
28 #include "disas/disas.h"
30 #include "exec/cpu_ldst.h"
32 #include "exec/helper-proto.h"
33 #include "exec/helper-gen.h"
35 #include "trace-tcg.h"
38 #define PREFIX_REPZ 0x01
39 #define PREFIX_REPNZ 0x02
40 #define PREFIX_LOCK 0x04
41 #define PREFIX_DATA 0x08
42 #define PREFIX_ADR 0x10
43 #define PREFIX_VEX 0x20
46 #define CODE64(s) ((s)->code64)
47 #define REX_X(s) ((s)->rex_x)
48 #define REX_B(s) ((s)->rex_b)
63 //#define MACRO_TEST 1
65 /* global register indexes */
66 static TCGv_ptr cpu_env;
68 static TCGv cpu_cc_dst, cpu_cc_src, cpu_cc_src2, cpu_cc_srcT;
69 static TCGv_i32 cpu_cc_op;
70 static TCGv cpu_regs[CPU_NB_REGS];
73 /* local register indexes (only used inside old micro ops) */
74 static TCGv cpu_tmp0, cpu_tmp4;
75 static TCGv_ptr cpu_ptr0, cpu_ptr1;
76 static TCGv_i32 cpu_tmp2_i32, cpu_tmp3_i32;
77 static TCGv_i64 cpu_tmp1_i64;
79 static uint8_t gen_opc_cc_op[OPC_BUF_SIZE];
81 #include "exec/gen-icount.h"
84 static int x86_64_hregs;
87 typedef struct DisasContext {
88 /* current insn context */
89 int override; /* -1 if no override */
93 target_ulong pc; /* pc = eip + cs_base */
94 int is_jmp; /* 1 = means jump (stop translation), 2 means CPU
95 static state change (stop translation) */
96 /* current block context */
97 target_ulong cs_base; /* base of CS segment */
98 int pe; /* protected mode */
99 int code32; /* 32 bit code segment */
101 int lma; /* long mode active */
102 int code64; /* 64 bit code segment */
105 int vex_l; /* vex vector length */
106 int vex_v; /* vex vvvv register, without 1's compliment. */
107 int ss32; /* 32 bit stack segment */
108 CCOp cc_op; /* current CC operation */
110 int addseg; /* non zero if either DS/ES/SS have a non zero base */
111 int f_st; /* currently unused */
112 int vm86; /* vm86 mode */
115 int tf; /* TF cpu flag */
116 int singlestep_enabled; /* "hardware" single step enabled */
117 int jmp_opt; /* use direct block chaining for direct jumps */
118 int repz_opt; /* optimize jumps within repz instructions */
119 int mem_index; /* select memory access functions */
120 uint64_t flags; /* all execution flags */
121 struct TranslationBlock *tb;
122 int popl_esp_hack; /* for correct popl with esp base handling */
123 int rip_offset; /* only used in x86_64, but left for simplicity */
125 int cpuid_ext_features;
126 int cpuid_ext2_features;
127 int cpuid_ext3_features;
128 int cpuid_7_0_ebx_features;
131 static void gen_eob(DisasContext *s);
132 static void gen_jmp(DisasContext *s, target_ulong eip);
133 static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num);
134 static void gen_op(DisasContext *s1, int op, TCGMemOp ot, int d);
136 /* i386 arith/logic operations */
156 OP_SHL1, /* undocumented */
172 /* I386 int registers */
173 OR_EAX, /* MUST be even numbered */
182 OR_TMP0 = 16, /* temporary operand register */
184 OR_A0, /* temporary register used when doing address evaluation */
194 /* Bit set if the global variable is live after setting CC_OP to X. */
195 static const uint8_t cc_op_live[CC_OP_NB] = {
196 [CC_OP_DYNAMIC] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
197 [CC_OP_EFLAGS] = USES_CC_SRC,
198 [CC_OP_MULB ... CC_OP_MULQ] = USES_CC_DST | USES_CC_SRC,
199 [CC_OP_ADDB ... CC_OP_ADDQ] = USES_CC_DST | USES_CC_SRC,
200 [CC_OP_ADCB ... CC_OP_ADCQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
201 [CC_OP_SUBB ... CC_OP_SUBQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRCT,
202 [CC_OP_SBBB ... CC_OP_SBBQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
203 [CC_OP_LOGICB ... CC_OP_LOGICQ] = USES_CC_DST,
204 [CC_OP_INCB ... CC_OP_INCQ] = USES_CC_DST | USES_CC_SRC,
205 [CC_OP_DECB ... CC_OP_DECQ] = USES_CC_DST | USES_CC_SRC,
206 [CC_OP_SHLB ... CC_OP_SHLQ] = USES_CC_DST | USES_CC_SRC,
207 [CC_OP_SARB ... CC_OP_SARQ] = USES_CC_DST | USES_CC_SRC,
208 [CC_OP_BMILGB ... CC_OP_BMILGQ] = USES_CC_DST | USES_CC_SRC,
209 [CC_OP_ADCX] = USES_CC_DST | USES_CC_SRC,
210 [CC_OP_ADOX] = USES_CC_SRC | USES_CC_SRC2,
211 [CC_OP_ADCOX] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
215 static void set_cc_op(DisasContext *s, CCOp op)
219 if (s->cc_op == op) {
223 /* Discard CC computation that will no longer be used. */
224 dead = cc_op_live[s->cc_op] & ~cc_op_live[op];
225 if (dead & USES_CC_DST) {
226 tcg_gen_discard_tl(cpu_cc_dst);
228 if (dead & USES_CC_SRC) {
229 tcg_gen_discard_tl(cpu_cc_src);
231 if (dead & USES_CC_SRC2) {
232 tcg_gen_discard_tl(cpu_cc_src2);
234 if (dead & USES_CC_SRCT) {
235 tcg_gen_discard_tl(cpu_cc_srcT);
238 if (op == CC_OP_DYNAMIC) {
239 /* The DYNAMIC setting is translator only, and should never be
240 stored. Thus we always consider it clean. */
241 s->cc_op_dirty = false;
243 /* Discard any computed CC_OP value (see shifts). */
244 if (s->cc_op == CC_OP_DYNAMIC) {
245 tcg_gen_discard_i32(cpu_cc_op);
247 s->cc_op_dirty = true;
252 static void gen_update_cc_op(DisasContext *s)
254 if (s->cc_op_dirty) {
255 tcg_gen_movi_i32(cpu_cc_op, s->cc_op);
256 s->cc_op_dirty = false;
262 #define NB_OP_SIZES 4
264 #else /* !TARGET_X86_64 */
266 #define NB_OP_SIZES 3
268 #endif /* !TARGET_X86_64 */
270 #if defined(HOST_WORDS_BIGENDIAN)
271 #define REG_B_OFFSET (sizeof(target_ulong) - 1)
272 #define REG_H_OFFSET (sizeof(target_ulong) - 2)
273 #define REG_W_OFFSET (sizeof(target_ulong) - 2)
274 #define REG_L_OFFSET (sizeof(target_ulong) - 4)
275 #define REG_LH_OFFSET (sizeof(target_ulong) - 8)
277 #define REG_B_OFFSET 0
278 #define REG_H_OFFSET 1
279 #define REG_W_OFFSET 0
280 #define REG_L_OFFSET 0
281 #define REG_LH_OFFSET 4
284 /* In instruction encodings for byte register accesses the
285 * register number usually indicates "low 8 bits of register N";
286 * however there are some special cases where N 4..7 indicates
287 * [AH, CH, DH, BH], ie "bits 15..8 of register N-4". Return
288 * true for this special case, false otherwise.
290 static inline bool byte_reg_is_xH(int reg)
296 if (reg >= 8 || x86_64_hregs) {
303 /* Select the size of a push/pop operation. */
304 static inline TCGMemOp mo_pushpop(DisasContext *s, TCGMemOp ot)
307 return ot == MO_16 ? MO_16 : MO_64;
313 /* Select only size 64 else 32. Used for SSE operand sizes. */
314 static inline TCGMemOp mo_64_32(TCGMemOp ot)
317 return ot == MO_64 ? MO_64 : MO_32;
323 /* Select size 8 if lsb of B is clear, else OT. Used for decoding
324 byte vs word opcodes. */
325 static inline TCGMemOp mo_b_d(int b, TCGMemOp ot)
327 return b & 1 ? ot : MO_8;
330 /* Select size 8 if lsb of B is clear, else OT capped at 32.
331 Used for decoding operand size of port opcodes. */
332 static inline TCGMemOp mo_b_d32(int b, TCGMemOp ot)
334 return b & 1 ? (ot == MO_16 ? MO_16 : MO_32) : MO_8;
337 static void gen_op_mov_reg_v(TCGMemOp ot, int reg, TCGv t0)
341 if (!byte_reg_is_xH(reg)) {
342 tcg_gen_deposit_tl(cpu_regs[reg], cpu_regs[reg], t0, 0, 8);
344 tcg_gen_deposit_tl(cpu_regs[reg - 4], cpu_regs[reg - 4], t0, 8, 8);
348 tcg_gen_deposit_tl(cpu_regs[reg], cpu_regs[reg], t0, 0, 16);
351 /* For x86_64, this sets the higher half of register to zero.
352 For i386, this is equivalent to a mov. */
353 tcg_gen_ext32u_tl(cpu_regs[reg], t0);
357 tcg_gen_mov_tl(cpu_regs[reg], t0);
365 static inline void gen_op_mov_v_reg(TCGMemOp ot, TCGv t0, int reg)
367 if (ot == MO_8 && byte_reg_is_xH(reg)) {
368 tcg_gen_shri_tl(t0, cpu_regs[reg - 4], 8);
369 tcg_gen_ext8u_tl(t0, t0);
371 tcg_gen_mov_tl(t0, cpu_regs[reg]);
375 static inline void gen_op_movl_A0_reg(int reg)
377 tcg_gen_mov_tl(cpu_A0, cpu_regs[reg]);
380 static inline void gen_op_addl_A0_im(int32_t val)
382 tcg_gen_addi_tl(cpu_A0, cpu_A0, val);
384 tcg_gen_andi_tl(cpu_A0, cpu_A0, 0xffffffff);
389 static inline void gen_op_addq_A0_im(int64_t val)
391 tcg_gen_addi_tl(cpu_A0, cpu_A0, val);
395 static void gen_add_A0_im(DisasContext *s, int val)
399 gen_op_addq_A0_im(val);
402 gen_op_addl_A0_im(val);
405 static inline void gen_op_jmp_v(TCGv dest)
407 tcg_gen_st_tl(dest, cpu_env, offsetof(CPUX86State, eip));
410 static inline void gen_op_add_reg_im(TCGMemOp size, int reg, int32_t val)
412 tcg_gen_addi_tl(cpu_tmp0, cpu_regs[reg], val);
413 gen_op_mov_reg_v(size, reg, cpu_tmp0);
416 static inline void gen_op_add_reg_T0(TCGMemOp size, int reg)
418 tcg_gen_add_tl(cpu_tmp0, cpu_regs[reg], cpu_T[0]);
419 gen_op_mov_reg_v(size, reg, cpu_tmp0);
422 static inline void gen_op_addl_A0_reg_sN(int shift, int reg)
424 tcg_gen_mov_tl(cpu_tmp0, cpu_regs[reg]);
426 tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, shift);
427 tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
428 /* For x86_64, this sets the higher half of register to zero.
429 For i386, this is equivalent to a nop. */
430 tcg_gen_ext32u_tl(cpu_A0, cpu_A0);
433 static inline void gen_op_movl_A0_seg(int reg)
435 tcg_gen_ld32u_tl(cpu_A0, cpu_env, offsetof(CPUX86State, segs[reg].base) + REG_L_OFFSET);
438 static inline void gen_op_addl_A0_seg(DisasContext *s, int reg)
440 tcg_gen_ld_tl(cpu_tmp0, cpu_env, offsetof(CPUX86State, segs[reg].base));
443 tcg_gen_andi_tl(cpu_A0, cpu_A0, 0xffffffff);
444 tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
446 tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
447 tcg_gen_andi_tl(cpu_A0, cpu_A0, 0xffffffff);
450 tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
455 static inline void gen_op_movq_A0_seg(int reg)
457 tcg_gen_ld_tl(cpu_A0, cpu_env, offsetof(CPUX86State, segs[reg].base));
460 static inline void gen_op_addq_A0_seg(int reg)
462 tcg_gen_ld_tl(cpu_tmp0, cpu_env, offsetof(CPUX86State, segs[reg].base));
463 tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
466 static inline void gen_op_movq_A0_reg(int reg)
468 tcg_gen_mov_tl(cpu_A0, cpu_regs[reg]);
471 static inline void gen_op_addq_A0_reg_sN(int shift, int reg)
473 tcg_gen_mov_tl(cpu_tmp0, cpu_regs[reg]);
475 tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, shift);
476 tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
480 static inline void gen_op_ld_v(DisasContext *s, int idx, TCGv t0, TCGv a0)
482 tcg_gen_qemu_ld_tl(t0, a0, s->mem_index, idx | MO_LE);
485 static inline void gen_op_st_v(DisasContext *s, int idx, TCGv t0, TCGv a0)
487 tcg_gen_qemu_st_tl(t0, a0, s->mem_index, idx | MO_LE);
490 static inline void gen_op_st_rm_T0_A0(DisasContext *s, int idx, int d)
493 gen_op_st_v(s, idx, cpu_T[0], cpu_A0);
495 gen_op_mov_reg_v(idx, d, cpu_T[0]);
499 static inline void gen_jmp_im(target_ulong pc)
501 tcg_gen_movi_tl(cpu_tmp0, pc);
502 gen_op_jmp_v(cpu_tmp0);
505 static inline void gen_string_movl_A0_ESI(DisasContext *s)
509 override = s->override;
514 gen_op_movq_A0_seg(override);
515 gen_op_addq_A0_reg_sN(0, R_ESI);
517 gen_op_movq_A0_reg(R_ESI);
523 if (s->addseg && override < 0)
526 gen_op_movl_A0_seg(override);
527 gen_op_addl_A0_reg_sN(0, R_ESI);
529 gen_op_movl_A0_reg(R_ESI);
533 /* 16 address, always override */
536 tcg_gen_ext16u_tl(cpu_A0, cpu_regs[R_ESI]);
537 gen_op_addl_A0_seg(s, override);
544 static inline void gen_string_movl_A0_EDI(DisasContext *s)
549 gen_op_movq_A0_reg(R_EDI);
554 gen_op_movl_A0_seg(R_ES);
555 gen_op_addl_A0_reg_sN(0, R_EDI);
557 gen_op_movl_A0_reg(R_EDI);
561 tcg_gen_ext16u_tl(cpu_A0, cpu_regs[R_EDI]);
562 gen_op_addl_A0_seg(s, R_ES);
569 static inline void gen_op_movl_T0_Dshift(TCGMemOp ot)
571 tcg_gen_ld32s_tl(cpu_T[0], cpu_env, offsetof(CPUX86State, df));
572 tcg_gen_shli_tl(cpu_T[0], cpu_T[0], ot);
575 static TCGv gen_ext_tl(TCGv dst, TCGv src, TCGMemOp size, bool sign)
580 tcg_gen_ext8s_tl(dst, src);
582 tcg_gen_ext8u_tl(dst, src);
587 tcg_gen_ext16s_tl(dst, src);
589 tcg_gen_ext16u_tl(dst, src);
595 tcg_gen_ext32s_tl(dst, src);
597 tcg_gen_ext32u_tl(dst, src);
606 static void gen_extu(TCGMemOp ot, TCGv reg)
608 gen_ext_tl(reg, reg, ot, false);
611 static void gen_exts(TCGMemOp ot, TCGv reg)
613 gen_ext_tl(reg, reg, ot, true);
616 static inline void gen_op_jnz_ecx(TCGMemOp size, int label1)
618 tcg_gen_mov_tl(cpu_tmp0, cpu_regs[R_ECX]);
619 gen_extu(size, cpu_tmp0);
620 tcg_gen_brcondi_tl(TCG_COND_NE, cpu_tmp0, 0, label1);
623 static inline void gen_op_jz_ecx(TCGMemOp size, int label1)
625 tcg_gen_mov_tl(cpu_tmp0, cpu_regs[R_ECX]);
626 gen_extu(size, cpu_tmp0);
627 tcg_gen_brcondi_tl(TCG_COND_EQ, cpu_tmp0, 0, label1);
630 static void gen_helper_in_func(TCGMemOp ot, TCGv v, TCGv_i32 n)
634 gen_helper_inb(v, n);
637 gen_helper_inw(v, n);
640 gen_helper_inl(v, n);
647 static void gen_helper_out_func(TCGMemOp ot, TCGv_i32 v, TCGv_i32 n)
651 gen_helper_outb(v, n);
654 gen_helper_outw(v, n);
657 gen_helper_outl(v, n);
664 static void gen_check_io(DisasContext *s, TCGMemOp ot, target_ulong cur_eip,
668 target_ulong next_eip;
671 if (s->pe && (s->cpl > s->iopl || s->vm86)) {
675 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
678 gen_helper_check_iob(cpu_env, cpu_tmp2_i32);
681 gen_helper_check_iow(cpu_env, cpu_tmp2_i32);
684 gen_helper_check_iol(cpu_env, cpu_tmp2_i32);
690 if(s->flags & HF_SVMI_MASK) {
695 svm_flags |= (1 << (4 + ot));
696 next_eip = s->pc - s->cs_base;
697 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
698 gen_helper_svm_check_io(cpu_env, cpu_tmp2_i32,
699 tcg_const_i32(svm_flags),
700 tcg_const_i32(next_eip - cur_eip));
704 static inline void gen_movs(DisasContext *s, TCGMemOp ot)
706 gen_string_movl_A0_ESI(s);
707 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
708 gen_string_movl_A0_EDI(s);
709 gen_op_st_v(s, ot, cpu_T[0], cpu_A0);
710 gen_op_movl_T0_Dshift(ot);
711 gen_op_add_reg_T0(s->aflag, R_ESI);
712 gen_op_add_reg_T0(s->aflag, R_EDI);
715 static void gen_op_update1_cc(void)
717 tcg_gen_mov_tl(cpu_cc_dst, cpu_T[0]);
720 static void gen_op_update2_cc(void)
722 tcg_gen_mov_tl(cpu_cc_src, cpu_T[1]);
723 tcg_gen_mov_tl(cpu_cc_dst, cpu_T[0]);
726 static void gen_op_update3_cc(TCGv reg)
728 tcg_gen_mov_tl(cpu_cc_src2, reg);
729 tcg_gen_mov_tl(cpu_cc_src, cpu_T[1]);
730 tcg_gen_mov_tl(cpu_cc_dst, cpu_T[0]);
733 static inline void gen_op_testl_T0_T1_cc(void)
735 tcg_gen_and_tl(cpu_cc_dst, cpu_T[0], cpu_T[1]);
738 static void gen_op_update_neg_cc(void)
740 tcg_gen_mov_tl(cpu_cc_dst, cpu_T[0]);
741 tcg_gen_neg_tl(cpu_cc_src, cpu_T[0]);
742 tcg_gen_movi_tl(cpu_cc_srcT, 0);
745 /* compute all eflags to cc_src */
746 static void gen_compute_eflags(DisasContext *s)
748 TCGv zero, dst, src1, src2;
751 if (s->cc_op == CC_OP_EFLAGS) {
754 if (s->cc_op == CC_OP_CLR) {
755 tcg_gen_movi_tl(cpu_cc_src, CC_Z | CC_P);
756 set_cc_op(s, CC_OP_EFLAGS);
765 /* Take care to not read values that are not live. */
766 live = cc_op_live[s->cc_op] & ~USES_CC_SRCT;
767 dead = live ^ (USES_CC_DST | USES_CC_SRC | USES_CC_SRC2);
769 zero = tcg_const_tl(0);
770 if (dead & USES_CC_DST) {
773 if (dead & USES_CC_SRC) {
776 if (dead & USES_CC_SRC2) {
782 gen_helper_cc_compute_all(cpu_cc_src, dst, src1, src2, cpu_cc_op);
783 set_cc_op(s, CC_OP_EFLAGS);
790 typedef struct CCPrepare {
800 /* compute eflags.C to reg */
801 static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv reg)
807 case CC_OP_SUBB ... CC_OP_SUBQ:
808 /* (DATA_TYPE)CC_SRCT < (DATA_TYPE)CC_SRC */
809 size = s->cc_op - CC_OP_SUBB;
810 t1 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
811 /* If no temporary was used, be careful not to alias t1 and t0. */
812 t0 = TCGV_EQUAL(t1, cpu_cc_src) ? cpu_tmp0 : reg;
813 tcg_gen_mov_tl(t0, cpu_cc_srcT);
817 case CC_OP_ADDB ... CC_OP_ADDQ:
818 /* (DATA_TYPE)CC_DST < (DATA_TYPE)CC_SRC */
819 size = s->cc_op - CC_OP_ADDB;
820 t1 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
821 t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
823 return (CCPrepare) { .cond = TCG_COND_LTU, .reg = t0,
824 .reg2 = t1, .mask = -1, .use_reg2 = true };
826 case CC_OP_LOGICB ... CC_OP_LOGICQ:
828 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
830 case CC_OP_INCB ... CC_OP_INCQ:
831 case CC_OP_DECB ... CC_OP_DECQ:
832 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
833 .mask = -1, .no_setcond = true };
835 case CC_OP_SHLB ... CC_OP_SHLQ:
836 /* (CC_SRC >> (DATA_BITS - 1)) & 1 */
837 size = s->cc_op - CC_OP_SHLB;
838 shift = (8 << size) - 1;
839 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
840 .mask = (target_ulong)1 << shift };
842 case CC_OP_MULB ... CC_OP_MULQ:
843 return (CCPrepare) { .cond = TCG_COND_NE,
844 .reg = cpu_cc_src, .mask = -1 };
846 case CC_OP_BMILGB ... CC_OP_BMILGQ:
847 size = s->cc_op - CC_OP_BMILGB;
848 t0 = gen_ext_tl(reg, cpu_cc_src, size, false);
849 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = t0, .mask = -1 };
853 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_dst,
854 .mask = -1, .no_setcond = true };
857 case CC_OP_SARB ... CC_OP_SARQ:
859 return (CCPrepare) { .cond = TCG_COND_NE,
860 .reg = cpu_cc_src, .mask = CC_C };
863 /* The need to compute only C from CC_OP_DYNAMIC is important
864 in efficiently implementing e.g. INC at the start of a TB. */
866 gen_helper_cc_compute_c(reg, cpu_cc_dst, cpu_cc_src,
867 cpu_cc_src2, cpu_cc_op);
868 return (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
869 .mask = -1, .no_setcond = true };
873 /* compute eflags.P to reg */
874 static CCPrepare gen_prepare_eflags_p(DisasContext *s, TCGv reg)
876 gen_compute_eflags(s);
877 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
881 /* compute eflags.S to reg */
882 static CCPrepare gen_prepare_eflags_s(DisasContext *s, TCGv reg)
886 gen_compute_eflags(s);
892 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
895 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
898 TCGMemOp size = (s->cc_op - CC_OP_ADDB) & 3;
899 TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, true);
900 return (CCPrepare) { .cond = TCG_COND_LT, .reg = t0, .mask = -1 };
905 /* compute eflags.O to reg */
906 static CCPrepare gen_prepare_eflags_o(DisasContext *s, TCGv reg)
911 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src2,
912 .mask = -1, .no_setcond = true };
914 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
916 gen_compute_eflags(s);
917 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
922 /* compute eflags.Z to reg */
923 static CCPrepare gen_prepare_eflags_z(DisasContext *s, TCGv reg)
927 gen_compute_eflags(s);
933 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
936 return (CCPrepare) { .cond = TCG_COND_ALWAYS, .mask = -1 };
939 TCGMemOp size = (s->cc_op - CC_OP_ADDB) & 3;
940 TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
941 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = t0, .mask = -1 };
946 /* perform a conditional store into register 'reg' according to jump opcode
947 value 'b'. In the fast case, T0 is guaranted not to be used. */
948 static CCPrepare gen_prepare_cc(DisasContext *s, int b, TCGv reg)
950 int inv, jcc_op, cond;
956 jcc_op = (b >> 1) & 7;
959 case CC_OP_SUBB ... CC_OP_SUBQ:
960 /* We optimize relational operators for the cmp/jcc case. */
961 size = s->cc_op - CC_OP_SUBB;
964 tcg_gen_mov_tl(cpu_tmp4, cpu_cc_srcT);
965 gen_extu(size, cpu_tmp4);
966 t0 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, false);
967 cc = (CCPrepare) { .cond = TCG_COND_LEU, .reg = cpu_tmp4,
968 .reg2 = t0, .mask = -1, .use_reg2 = true };
977 tcg_gen_mov_tl(cpu_tmp4, cpu_cc_srcT);
978 gen_exts(size, cpu_tmp4);
979 t0 = gen_ext_tl(cpu_tmp0, cpu_cc_src, size, true);
980 cc = (CCPrepare) { .cond = cond, .reg = cpu_tmp4,
981 .reg2 = t0, .mask = -1, .use_reg2 = true };
991 /* This actually generates good code for JC, JZ and JS. */
994 cc = gen_prepare_eflags_o(s, reg);
997 cc = gen_prepare_eflags_c(s, reg);
1000 cc = gen_prepare_eflags_z(s, reg);
1003 gen_compute_eflags(s);
1004 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
1005 .mask = CC_Z | CC_C };
1008 cc = gen_prepare_eflags_s(s, reg);
1011 cc = gen_prepare_eflags_p(s, reg);
1014 gen_compute_eflags(s);
1015 if (TCGV_EQUAL(reg, cpu_cc_src)) {
1018 tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */
1019 tcg_gen_xor_tl(reg, reg, cpu_cc_src);
1020 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
1025 gen_compute_eflags(s);
1026 if (TCGV_EQUAL(reg, cpu_cc_src)) {
1029 tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */
1030 tcg_gen_xor_tl(reg, reg, cpu_cc_src);
1031 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
1032 .mask = CC_S | CC_Z };
1039 cc.cond = tcg_invert_cond(cc.cond);
1044 static void gen_setcc1(DisasContext *s, int b, TCGv reg)
1046 CCPrepare cc = gen_prepare_cc(s, b, reg);
1048 if (cc.no_setcond) {
1049 if (cc.cond == TCG_COND_EQ) {
1050 tcg_gen_xori_tl(reg, cc.reg, 1);
1052 tcg_gen_mov_tl(reg, cc.reg);
1057 if (cc.cond == TCG_COND_NE && !cc.use_reg2 && cc.imm == 0 &&
1058 cc.mask != 0 && (cc.mask & (cc.mask - 1)) == 0) {
1059 tcg_gen_shri_tl(reg, cc.reg, ctztl(cc.mask));
1060 tcg_gen_andi_tl(reg, reg, 1);
1063 if (cc.mask != -1) {
1064 tcg_gen_andi_tl(reg, cc.reg, cc.mask);
1068 tcg_gen_setcond_tl(cc.cond, reg, cc.reg, cc.reg2);
1070 tcg_gen_setcondi_tl(cc.cond, reg, cc.reg, cc.imm);
1074 static inline void gen_compute_eflags_c(DisasContext *s, TCGv reg)
1076 gen_setcc1(s, JCC_B << 1, reg);
1079 /* generate a conditional jump to label 'l1' according to jump opcode
1080 value 'b'. In the fast case, T0 is guaranted not to be used. */
1081 static inline void gen_jcc1_noeob(DisasContext *s, int b, int l1)
1083 CCPrepare cc = gen_prepare_cc(s, b, cpu_T[0]);
1085 if (cc.mask != -1) {
1086 tcg_gen_andi_tl(cpu_T[0], cc.reg, cc.mask);
1090 tcg_gen_brcond_tl(cc.cond, cc.reg, cc.reg2, l1);
1092 tcg_gen_brcondi_tl(cc.cond, cc.reg, cc.imm, l1);
1096 /* Generate a conditional jump to label 'l1' according to jump opcode
1097 value 'b'. In the fast case, T0 is guaranted not to be used.
1098 A translation block must end soon. */
1099 static inline void gen_jcc1(DisasContext *s, int b, int l1)
1101 CCPrepare cc = gen_prepare_cc(s, b, cpu_T[0]);
1103 gen_update_cc_op(s);
1104 if (cc.mask != -1) {
1105 tcg_gen_andi_tl(cpu_T[0], cc.reg, cc.mask);
1108 set_cc_op(s, CC_OP_DYNAMIC);
1110 tcg_gen_brcond_tl(cc.cond, cc.reg, cc.reg2, l1);
1112 tcg_gen_brcondi_tl(cc.cond, cc.reg, cc.imm, l1);
1116 /* XXX: does not work with gdbstub "ice" single step - not a
1118 static int gen_jz_ecx_string(DisasContext *s, target_ulong next_eip)
1122 l1 = gen_new_label();
1123 l2 = gen_new_label();
1124 gen_op_jnz_ecx(s->aflag, l1);
1126 gen_jmp_tb(s, next_eip, 1);
1131 static inline void gen_stos(DisasContext *s, TCGMemOp ot)
1133 gen_op_mov_v_reg(MO_32, cpu_T[0], R_EAX);
1134 gen_string_movl_A0_EDI(s);
1135 gen_op_st_v(s, ot, cpu_T[0], cpu_A0);
1136 gen_op_movl_T0_Dshift(ot);
1137 gen_op_add_reg_T0(s->aflag, R_EDI);
1140 static inline void gen_lods(DisasContext *s, TCGMemOp ot)
1142 gen_string_movl_A0_ESI(s);
1143 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
1144 gen_op_mov_reg_v(ot, R_EAX, cpu_T[0]);
1145 gen_op_movl_T0_Dshift(ot);
1146 gen_op_add_reg_T0(s->aflag, R_ESI);
1149 static inline void gen_scas(DisasContext *s, TCGMemOp ot)
1151 gen_string_movl_A0_EDI(s);
1152 gen_op_ld_v(s, ot, cpu_T[1], cpu_A0);
1153 gen_op(s, OP_CMPL, ot, R_EAX);
1154 gen_op_movl_T0_Dshift(ot);
1155 gen_op_add_reg_T0(s->aflag, R_EDI);
1158 static inline void gen_cmps(DisasContext *s, TCGMemOp ot)
1160 gen_string_movl_A0_EDI(s);
1161 gen_op_ld_v(s, ot, cpu_T[1], cpu_A0);
1162 gen_string_movl_A0_ESI(s);
1163 gen_op(s, OP_CMPL, ot, OR_TMP0);
1164 gen_op_movl_T0_Dshift(ot);
1165 gen_op_add_reg_T0(s->aflag, R_ESI);
1166 gen_op_add_reg_T0(s->aflag, R_EDI);
1169 static inline void gen_ins(DisasContext *s, TCGMemOp ot)
1173 gen_string_movl_A0_EDI(s);
1174 /* Note: we must do this dummy write first to be restartable in
1175 case of page fault. */
1176 tcg_gen_movi_tl(cpu_T[0], 0);
1177 gen_op_st_v(s, ot, cpu_T[0], cpu_A0);
1178 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_EDX]);
1179 tcg_gen_andi_i32(cpu_tmp2_i32, cpu_tmp2_i32, 0xffff);
1180 gen_helper_in_func(ot, cpu_T[0], cpu_tmp2_i32);
1181 gen_op_st_v(s, ot, cpu_T[0], cpu_A0);
1182 gen_op_movl_T0_Dshift(ot);
1183 gen_op_add_reg_T0(s->aflag, R_EDI);
1188 static inline void gen_outs(DisasContext *s, TCGMemOp ot)
1192 gen_string_movl_A0_ESI(s);
1193 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
1195 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_EDX]);
1196 tcg_gen_andi_i32(cpu_tmp2_i32, cpu_tmp2_i32, 0xffff);
1197 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T[0]);
1198 gen_helper_out_func(ot, cpu_tmp2_i32, cpu_tmp3_i32);
1200 gen_op_movl_T0_Dshift(ot);
1201 gen_op_add_reg_T0(s->aflag, R_ESI);
1206 /* same method as Valgrind : we generate jumps to current or next
1208 #define GEN_REPZ(op) \
1209 static inline void gen_repz_ ## op(DisasContext *s, TCGMemOp ot, \
1210 target_ulong cur_eip, target_ulong next_eip) \
1213 gen_update_cc_op(s); \
1214 l2 = gen_jz_ecx_string(s, next_eip); \
1215 gen_ ## op(s, ot); \
1216 gen_op_add_reg_im(s->aflag, R_ECX, -1); \
1217 /* a loop would cause two single step exceptions if ECX = 1 \
1218 before rep string_insn */ \
1220 gen_op_jz_ecx(s->aflag, l2); \
1221 gen_jmp(s, cur_eip); \
1224 #define GEN_REPZ2(op) \
1225 static inline void gen_repz_ ## op(DisasContext *s, TCGMemOp ot, \
1226 target_ulong cur_eip, \
1227 target_ulong next_eip, \
1231 gen_update_cc_op(s); \
1232 l2 = gen_jz_ecx_string(s, next_eip); \
1233 gen_ ## op(s, ot); \
1234 gen_op_add_reg_im(s->aflag, R_ECX, -1); \
1235 gen_update_cc_op(s); \
1236 gen_jcc1(s, (JCC_Z << 1) | (nz ^ 1), l2); \
1238 gen_op_jz_ecx(s->aflag, l2); \
1239 gen_jmp(s, cur_eip); \
1250 static void gen_helper_fp_arith_ST0_FT0(int op)
1254 gen_helper_fadd_ST0_FT0(cpu_env);
1257 gen_helper_fmul_ST0_FT0(cpu_env);
1260 gen_helper_fcom_ST0_FT0(cpu_env);
1263 gen_helper_fcom_ST0_FT0(cpu_env);
1266 gen_helper_fsub_ST0_FT0(cpu_env);
1269 gen_helper_fsubr_ST0_FT0(cpu_env);
1272 gen_helper_fdiv_ST0_FT0(cpu_env);
1275 gen_helper_fdivr_ST0_FT0(cpu_env);
1280 /* NOTE the exception in "r" op ordering */
1281 static void gen_helper_fp_arith_STN_ST0(int op, int opreg)
1283 TCGv_i32 tmp = tcg_const_i32(opreg);
1286 gen_helper_fadd_STN_ST0(cpu_env, tmp);
1289 gen_helper_fmul_STN_ST0(cpu_env, tmp);
1292 gen_helper_fsubr_STN_ST0(cpu_env, tmp);
1295 gen_helper_fsub_STN_ST0(cpu_env, tmp);
1298 gen_helper_fdivr_STN_ST0(cpu_env, tmp);
1301 gen_helper_fdiv_STN_ST0(cpu_env, tmp);
1306 /* if d == OR_TMP0, it means memory operand (address in A0) */
1307 static void gen_op(DisasContext *s1, int op, TCGMemOp ot, int d)
1310 gen_op_mov_v_reg(ot, cpu_T[0], d);
1312 gen_op_ld_v(s1, ot, cpu_T[0], cpu_A0);
1316 gen_compute_eflags_c(s1, cpu_tmp4);
1317 tcg_gen_add_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
1318 tcg_gen_add_tl(cpu_T[0], cpu_T[0], cpu_tmp4);
1319 gen_op_st_rm_T0_A0(s1, ot, d);
1320 gen_op_update3_cc(cpu_tmp4);
1321 set_cc_op(s1, CC_OP_ADCB + ot);
1324 gen_compute_eflags_c(s1, cpu_tmp4);
1325 tcg_gen_sub_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
1326 tcg_gen_sub_tl(cpu_T[0], cpu_T[0], cpu_tmp4);
1327 gen_op_st_rm_T0_A0(s1, ot, d);
1328 gen_op_update3_cc(cpu_tmp4);
1329 set_cc_op(s1, CC_OP_SBBB + ot);
1332 tcg_gen_add_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
1333 gen_op_st_rm_T0_A0(s1, ot, d);
1334 gen_op_update2_cc();
1335 set_cc_op(s1, CC_OP_ADDB + ot);
1338 tcg_gen_mov_tl(cpu_cc_srcT, cpu_T[0]);
1339 tcg_gen_sub_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
1340 gen_op_st_rm_T0_A0(s1, ot, d);
1341 gen_op_update2_cc();
1342 set_cc_op(s1, CC_OP_SUBB + ot);
1346 tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
1347 gen_op_st_rm_T0_A0(s1, ot, d);
1348 gen_op_update1_cc();
1349 set_cc_op(s1, CC_OP_LOGICB + ot);
1352 tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
1353 gen_op_st_rm_T0_A0(s1, ot, d);
1354 gen_op_update1_cc();
1355 set_cc_op(s1, CC_OP_LOGICB + ot);
1358 tcg_gen_xor_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
1359 gen_op_st_rm_T0_A0(s1, ot, d);
1360 gen_op_update1_cc();
1361 set_cc_op(s1, CC_OP_LOGICB + ot);
1364 tcg_gen_mov_tl(cpu_cc_src, cpu_T[1]);
1365 tcg_gen_mov_tl(cpu_cc_srcT, cpu_T[0]);
1366 tcg_gen_sub_tl(cpu_cc_dst, cpu_T[0], cpu_T[1]);
1367 set_cc_op(s1, CC_OP_SUBB + ot);
1372 /* if d == OR_TMP0, it means memory operand (address in A0) */
1373 static void gen_inc(DisasContext *s1, TCGMemOp ot, int d, int c)
1376 gen_op_mov_v_reg(ot, cpu_T[0], d);
1378 gen_op_ld_v(s1, ot, cpu_T[0], cpu_A0);
1380 gen_compute_eflags_c(s1, cpu_cc_src);
1382 tcg_gen_addi_tl(cpu_T[0], cpu_T[0], 1);
1383 set_cc_op(s1, CC_OP_INCB + ot);
1385 tcg_gen_addi_tl(cpu_T[0], cpu_T[0], -1);
1386 set_cc_op(s1, CC_OP_DECB + ot);
1388 gen_op_st_rm_T0_A0(s1, ot, d);
1389 tcg_gen_mov_tl(cpu_cc_dst, cpu_T[0]);
1392 static void gen_shift_flags(DisasContext *s, TCGMemOp ot, TCGv result,
1393 TCGv shm1, TCGv count, bool is_right)
1395 TCGv_i32 z32, s32, oldop;
1398 /* Store the results into the CC variables. If we know that the
1399 variable must be dead, store unconditionally. Otherwise we'll
1400 need to not disrupt the current contents. */
1401 z_tl = tcg_const_tl(0);
1402 if (cc_op_live[s->cc_op] & USES_CC_DST) {
1403 tcg_gen_movcond_tl(TCG_COND_NE, cpu_cc_dst, count, z_tl,
1404 result, cpu_cc_dst);
1406 tcg_gen_mov_tl(cpu_cc_dst, result);
1408 if (cc_op_live[s->cc_op] & USES_CC_SRC) {
1409 tcg_gen_movcond_tl(TCG_COND_NE, cpu_cc_src, count, z_tl,
1412 tcg_gen_mov_tl(cpu_cc_src, shm1);
1414 tcg_temp_free(z_tl);
1416 /* Get the two potential CC_OP values into temporaries. */
1417 tcg_gen_movi_i32(cpu_tmp2_i32, (is_right ? CC_OP_SARB : CC_OP_SHLB) + ot);
1418 if (s->cc_op == CC_OP_DYNAMIC) {
1421 tcg_gen_movi_i32(cpu_tmp3_i32, s->cc_op);
1422 oldop = cpu_tmp3_i32;
1425 /* Conditionally store the CC_OP value. */
1426 z32 = tcg_const_i32(0);
1427 s32 = tcg_temp_new_i32();
1428 tcg_gen_trunc_tl_i32(s32, count);
1429 tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, s32, z32, cpu_tmp2_i32, oldop);
1430 tcg_temp_free_i32(z32);
1431 tcg_temp_free_i32(s32);
1433 /* The CC_OP value is no longer predictable. */
1434 set_cc_op(s, CC_OP_DYNAMIC);
1437 static void gen_shift_rm_T1(DisasContext *s, TCGMemOp ot, int op1,
1438 int is_right, int is_arith)
1440 target_ulong mask = (ot == MO_64 ? 0x3f : 0x1f);
1443 if (op1 == OR_TMP0) {
1444 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
1446 gen_op_mov_v_reg(ot, cpu_T[0], op1);
1449 tcg_gen_andi_tl(cpu_T[1], cpu_T[1], mask);
1450 tcg_gen_subi_tl(cpu_tmp0, cpu_T[1], 1);
1454 gen_exts(ot, cpu_T[0]);
1455 tcg_gen_sar_tl(cpu_tmp0, cpu_T[0], cpu_tmp0);
1456 tcg_gen_sar_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
1458 gen_extu(ot, cpu_T[0]);
1459 tcg_gen_shr_tl(cpu_tmp0, cpu_T[0], cpu_tmp0);
1460 tcg_gen_shr_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
1463 tcg_gen_shl_tl(cpu_tmp0, cpu_T[0], cpu_tmp0);
1464 tcg_gen_shl_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
1468 gen_op_st_rm_T0_A0(s, ot, op1);
1470 gen_shift_flags(s, ot, cpu_T[0], cpu_tmp0, cpu_T[1], is_right);
1473 static void gen_shift_rm_im(DisasContext *s, TCGMemOp ot, int op1, int op2,
1474 int is_right, int is_arith)
1476 int mask = (ot == MO_64 ? 0x3f : 0x1f);
1480 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
1482 gen_op_mov_v_reg(ot, cpu_T[0], op1);
1488 gen_exts(ot, cpu_T[0]);
1489 tcg_gen_sari_tl(cpu_tmp4, cpu_T[0], op2 - 1);
1490 tcg_gen_sari_tl(cpu_T[0], cpu_T[0], op2);
1492 gen_extu(ot, cpu_T[0]);
1493 tcg_gen_shri_tl(cpu_tmp4, cpu_T[0], op2 - 1);
1494 tcg_gen_shri_tl(cpu_T[0], cpu_T[0], op2);
1497 tcg_gen_shli_tl(cpu_tmp4, cpu_T[0], op2 - 1);
1498 tcg_gen_shli_tl(cpu_T[0], cpu_T[0], op2);
1503 gen_op_st_rm_T0_A0(s, ot, op1);
1505 /* update eflags if non zero shift */
1507 tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
1508 tcg_gen_mov_tl(cpu_cc_dst, cpu_T[0]);
1509 set_cc_op(s, (is_right ? CC_OP_SARB : CC_OP_SHLB) + ot);
1513 static void gen_rot_rm_T1(DisasContext *s, TCGMemOp ot, int op1, int is_right)
1515 target_ulong mask = (ot == MO_64 ? 0x3f : 0x1f);
1519 if (op1 == OR_TMP0) {
1520 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
1522 gen_op_mov_v_reg(ot, cpu_T[0], op1);
1525 tcg_gen_andi_tl(cpu_T[1], cpu_T[1], mask);
1529 /* Replicate the 8-bit input so that a 32-bit rotate works. */
1530 tcg_gen_ext8u_tl(cpu_T[0], cpu_T[0]);
1531 tcg_gen_muli_tl(cpu_T[0], cpu_T[0], 0x01010101);
1534 /* Replicate the 16-bit input so that a 32-bit rotate works. */
1535 tcg_gen_deposit_tl(cpu_T[0], cpu_T[0], cpu_T[0], 16, 16);
1538 #ifdef TARGET_X86_64
1540 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
1541 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T[1]);
1543 tcg_gen_rotr_i32(cpu_tmp2_i32, cpu_tmp2_i32, cpu_tmp3_i32);
1545 tcg_gen_rotl_i32(cpu_tmp2_i32, cpu_tmp2_i32, cpu_tmp3_i32);
1547 tcg_gen_extu_i32_tl(cpu_T[0], cpu_tmp2_i32);
1552 tcg_gen_rotr_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
1554 tcg_gen_rotl_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
1560 gen_op_st_rm_T0_A0(s, ot, op1);
1562 /* We'll need the flags computed into CC_SRC. */
1563 gen_compute_eflags(s);
1565 /* The value that was "rotated out" is now present at the other end
1566 of the word. Compute C into CC_DST and O into CC_SRC2. Note that
1567 since we've computed the flags into CC_SRC, these variables are
1570 tcg_gen_shri_tl(cpu_cc_src2, cpu_T[0], mask - 1);
1571 tcg_gen_shri_tl(cpu_cc_dst, cpu_T[0], mask);
1572 tcg_gen_andi_tl(cpu_cc_dst, cpu_cc_dst, 1);
1574 tcg_gen_shri_tl(cpu_cc_src2, cpu_T[0], mask);
1575 tcg_gen_andi_tl(cpu_cc_dst, cpu_T[0], 1);
1577 tcg_gen_andi_tl(cpu_cc_src2, cpu_cc_src2, 1);
1578 tcg_gen_xor_tl(cpu_cc_src2, cpu_cc_src2, cpu_cc_dst);
1580 /* Now conditionally store the new CC_OP value. If the shift count
1581 is 0 we keep the CC_OP_EFLAGS setting so that only CC_SRC is live.
1582 Otherwise reuse CC_OP_ADCOX which have the C and O flags split out
1583 exactly as we computed above. */
1584 t0 = tcg_const_i32(0);
1585 t1 = tcg_temp_new_i32();
1586 tcg_gen_trunc_tl_i32(t1, cpu_T[1]);
1587 tcg_gen_movi_i32(cpu_tmp2_i32, CC_OP_ADCOX);
1588 tcg_gen_movi_i32(cpu_tmp3_i32, CC_OP_EFLAGS);
1589 tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, t1, t0,
1590 cpu_tmp2_i32, cpu_tmp3_i32);
1591 tcg_temp_free_i32(t0);
1592 tcg_temp_free_i32(t1);
1594 /* The CC_OP value is no longer predictable. */
1595 set_cc_op(s, CC_OP_DYNAMIC);
1598 static void gen_rot_rm_im(DisasContext *s, TCGMemOp ot, int op1, int op2,
1601 int mask = (ot == MO_64 ? 0x3f : 0x1f);
1605 if (op1 == OR_TMP0) {
1606 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
1608 gen_op_mov_v_reg(ot, cpu_T[0], op1);
1614 #ifdef TARGET_X86_64
1616 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
1618 tcg_gen_rotri_i32(cpu_tmp2_i32, cpu_tmp2_i32, op2);
1620 tcg_gen_rotli_i32(cpu_tmp2_i32, cpu_tmp2_i32, op2);
1622 tcg_gen_extu_i32_tl(cpu_T[0], cpu_tmp2_i32);
1627 tcg_gen_rotri_tl(cpu_T[0], cpu_T[0], op2);
1629 tcg_gen_rotli_tl(cpu_T[0], cpu_T[0], op2);
1640 shift = mask + 1 - shift;
1642 gen_extu(ot, cpu_T[0]);
1643 tcg_gen_shli_tl(cpu_tmp0, cpu_T[0], shift);
1644 tcg_gen_shri_tl(cpu_T[0], cpu_T[0], mask + 1 - shift);
1645 tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
1651 gen_op_st_rm_T0_A0(s, ot, op1);
1654 /* Compute the flags into CC_SRC. */
1655 gen_compute_eflags(s);
1657 /* The value that was "rotated out" is now present at the other end
1658 of the word. Compute C into CC_DST and O into CC_SRC2. Note that
1659 since we've computed the flags into CC_SRC, these variables are
1662 tcg_gen_shri_tl(cpu_cc_src2, cpu_T[0], mask - 1);
1663 tcg_gen_shri_tl(cpu_cc_dst, cpu_T[0], mask);
1664 tcg_gen_andi_tl(cpu_cc_dst, cpu_cc_dst, 1);
1666 tcg_gen_shri_tl(cpu_cc_src2, cpu_T[0], mask);
1667 tcg_gen_andi_tl(cpu_cc_dst, cpu_T[0], 1);
1669 tcg_gen_andi_tl(cpu_cc_src2, cpu_cc_src2, 1);
1670 tcg_gen_xor_tl(cpu_cc_src2, cpu_cc_src2, cpu_cc_dst);
1671 set_cc_op(s, CC_OP_ADCOX);
1675 /* XXX: add faster immediate = 1 case */
1676 static void gen_rotc_rm_T1(DisasContext *s, TCGMemOp ot, int op1,
1679 gen_compute_eflags(s);
1680 assert(s->cc_op == CC_OP_EFLAGS);
1684 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
1686 gen_op_mov_v_reg(ot, cpu_T[0], op1);
1691 gen_helper_rcrb(cpu_T[0], cpu_env, cpu_T[0], cpu_T[1]);
1694 gen_helper_rcrw(cpu_T[0], cpu_env, cpu_T[0], cpu_T[1]);
1697 gen_helper_rcrl(cpu_T[0], cpu_env, cpu_T[0], cpu_T[1]);
1699 #ifdef TARGET_X86_64
1701 gen_helper_rcrq(cpu_T[0], cpu_env, cpu_T[0], cpu_T[1]);
1710 gen_helper_rclb(cpu_T[0], cpu_env, cpu_T[0], cpu_T[1]);
1713 gen_helper_rclw(cpu_T[0], cpu_env, cpu_T[0], cpu_T[1]);
1716 gen_helper_rcll(cpu_T[0], cpu_env, cpu_T[0], cpu_T[1]);
1718 #ifdef TARGET_X86_64
1720 gen_helper_rclq(cpu_T[0], cpu_env, cpu_T[0], cpu_T[1]);
1728 gen_op_st_rm_T0_A0(s, ot, op1);
1731 /* XXX: add faster immediate case */
1732 static void gen_shiftd_rm_T1(DisasContext *s, TCGMemOp ot, int op1,
1733 bool is_right, TCGv count_in)
1735 target_ulong mask = (ot == MO_64 ? 63 : 31);
1739 if (op1 == OR_TMP0) {
1740 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
1742 gen_op_mov_v_reg(ot, cpu_T[0], op1);
1745 count = tcg_temp_new();
1746 tcg_gen_andi_tl(count, count_in, mask);
1750 /* Note: we implement the Intel behaviour for shift count > 16.
1751 This means "shrdw C, B, A" shifts A:B:A >> C. Build the B:A
1752 portion by constructing it as a 32-bit value. */
1754 tcg_gen_deposit_tl(cpu_tmp0, cpu_T[0], cpu_T[1], 16, 16);
1755 tcg_gen_mov_tl(cpu_T[1], cpu_T[0]);
1756 tcg_gen_mov_tl(cpu_T[0], cpu_tmp0);
1758 tcg_gen_deposit_tl(cpu_T[1], cpu_T[0], cpu_T[1], 16, 16);
1761 #ifdef TARGET_X86_64
1763 /* Concatenate the two 32-bit values and use a 64-bit shift. */
1764 tcg_gen_subi_tl(cpu_tmp0, count, 1);
1766 tcg_gen_concat_tl_i64(cpu_T[0], cpu_T[0], cpu_T[1]);
1767 tcg_gen_shr_i64(cpu_tmp0, cpu_T[0], cpu_tmp0);
1768 tcg_gen_shr_i64(cpu_T[0], cpu_T[0], count);
1770 tcg_gen_concat_tl_i64(cpu_T[0], cpu_T[1], cpu_T[0]);
1771 tcg_gen_shl_i64(cpu_tmp0, cpu_T[0], cpu_tmp0);
1772 tcg_gen_shl_i64(cpu_T[0], cpu_T[0], count);
1773 tcg_gen_shri_i64(cpu_tmp0, cpu_tmp0, 32);
1774 tcg_gen_shri_i64(cpu_T[0], cpu_T[0], 32);
1779 tcg_gen_subi_tl(cpu_tmp0, count, 1);
1781 tcg_gen_shr_tl(cpu_tmp0, cpu_T[0], cpu_tmp0);
1783 tcg_gen_subfi_tl(cpu_tmp4, mask + 1, count);
1784 tcg_gen_shr_tl(cpu_T[0], cpu_T[0], count);
1785 tcg_gen_shl_tl(cpu_T[1], cpu_T[1], cpu_tmp4);
1787 tcg_gen_shl_tl(cpu_tmp0, cpu_T[0], cpu_tmp0);
1789 /* Only needed if count > 16, for Intel behaviour. */
1790 tcg_gen_subfi_tl(cpu_tmp4, 33, count);
1791 tcg_gen_shr_tl(cpu_tmp4, cpu_T[1], cpu_tmp4);
1792 tcg_gen_or_tl(cpu_tmp0, cpu_tmp0, cpu_tmp4);
1795 tcg_gen_subfi_tl(cpu_tmp4, mask + 1, count);
1796 tcg_gen_shl_tl(cpu_T[0], cpu_T[0], count);
1797 tcg_gen_shr_tl(cpu_T[1], cpu_T[1], cpu_tmp4);
1799 tcg_gen_movi_tl(cpu_tmp4, 0);
1800 tcg_gen_movcond_tl(TCG_COND_EQ, cpu_T[1], count, cpu_tmp4,
1801 cpu_tmp4, cpu_T[1]);
1802 tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
1807 gen_op_st_rm_T0_A0(s, ot, op1);
1809 gen_shift_flags(s, ot, cpu_T[0], cpu_tmp0, count, is_right);
1810 tcg_temp_free(count);
1813 static void gen_shift(DisasContext *s1, int op, TCGMemOp ot, int d, int s)
1816 gen_op_mov_v_reg(ot, cpu_T[1], s);
1819 gen_rot_rm_T1(s1, ot, d, 0);
1822 gen_rot_rm_T1(s1, ot, d, 1);
1826 gen_shift_rm_T1(s1, ot, d, 0, 0);
1829 gen_shift_rm_T1(s1, ot, d, 1, 0);
1832 gen_shift_rm_T1(s1, ot, d, 1, 1);
1835 gen_rotc_rm_T1(s1, ot, d, 0);
1838 gen_rotc_rm_T1(s1, ot, d, 1);
1843 static void gen_shifti(DisasContext *s1, int op, TCGMemOp ot, int d, int c)
1847 gen_rot_rm_im(s1, ot, d, c, 0);
1850 gen_rot_rm_im(s1, ot, d, c, 1);
1854 gen_shift_rm_im(s1, ot, d, c, 0, 0);
1857 gen_shift_rm_im(s1, ot, d, c, 1, 0);
1860 gen_shift_rm_im(s1, ot, d, c, 1, 1);
1863 /* currently not optimized */
1864 tcg_gen_movi_tl(cpu_T[1], c);
1865 gen_shift(s1, op, ot, d, OR_TMP1);
1870 static void gen_lea_modrm(CPUX86State *env, DisasContext *s, int modrm)
1877 int mod, rm, code, override, must_add_seg;
1880 override = s->override;
1881 must_add_seg = s->addseg;
1884 mod = (modrm >> 6) & 3;
1897 code = cpu_ldub_code(env, s->pc++);
1898 scale = (code >> 6) & 3;
1899 index = ((code >> 3) & 7) | REX_X(s);
1901 index = -1; /* no index */
1909 if ((base & 7) == 5) {
1911 disp = (int32_t)cpu_ldl_code(env, s->pc);
1913 if (CODE64(s) && !havesib) {
1914 disp += s->pc + s->rip_offset;
1921 disp = (int8_t)cpu_ldub_code(env, s->pc++);
1925 disp = (int32_t)cpu_ldl_code(env, s->pc);
1930 /* For correct popl handling with esp. */
1931 if (base == R_ESP && s->popl_esp_hack) {
1932 disp += s->popl_esp_hack;
1935 /* Compute the address, with a minimum number of TCG ops. */
1939 sum = cpu_regs[index];
1941 tcg_gen_shli_tl(cpu_A0, cpu_regs[index], scale);
1945 tcg_gen_add_tl(cpu_A0, sum, cpu_regs[base]);
1948 } else if (base >= 0) {
1949 sum = cpu_regs[base];
1951 if (TCGV_IS_UNUSED(sum)) {
1952 tcg_gen_movi_tl(cpu_A0, disp);
1954 tcg_gen_addi_tl(cpu_A0, sum, disp);
1959 if (base == R_EBP || base == R_ESP) {
1966 tcg_gen_ld_tl(cpu_tmp0, cpu_env,
1967 offsetof(CPUX86State, segs[override].base));
1969 if (s->aflag == MO_32) {
1970 tcg_gen_ext32u_tl(cpu_A0, cpu_A0);
1972 tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
1976 tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
1979 if (s->aflag == MO_32) {
1980 tcg_gen_ext32u_tl(cpu_A0, cpu_A0);
1988 disp = cpu_lduw_code(env, s->pc);
1990 tcg_gen_movi_tl(cpu_A0, disp);
1991 rm = 0; /* avoid SS override */
1998 disp = (int8_t)cpu_ldub_code(env, s->pc++);
2002 disp = (int16_t)cpu_lduw_code(env, s->pc);
2010 tcg_gen_add_tl(cpu_A0, cpu_regs[R_EBX], cpu_regs[R_ESI]);
2013 tcg_gen_add_tl(cpu_A0, cpu_regs[R_EBX], cpu_regs[R_EDI]);
2016 tcg_gen_add_tl(cpu_A0, cpu_regs[R_EBP], cpu_regs[R_ESI]);
2019 tcg_gen_add_tl(cpu_A0, cpu_regs[R_EBP], cpu_regs[R_EDI]);
2022 sum = cpu_regs[R_ESI];
2025 sum = cpu_regs[R_EDI];
2028 sum = cpu_regs[R_EBP];
2032 sum = cpu_regs[R_EBX];
2035 tcg_gen_addi_tl(cpu_A0, sum, disp);
2036 tcg_gen_ext16u_tl(cpu_A0, cpu_A0);
2040 if (rm == 2 || rm == 3 || rm == 6) {
2046 gen_op_addl_A0_seg(s, override);
2055 static void gen_nop_modrm(CPUX86State *env, DisasContext *s, int modrm)
2057 int mod, rm, base, code;
2059 mod = (modrm >> 6) & 3;
2070 code = cpu_ldub_code(env, s->pc++);
2112 /* used for LEA and MOV AX, mem */
2113 static void gen_add_A0_ds_seg(DisasContext *s)
2115 int override, must_add_seg;
2116 must_add_seg = s->addseg;
2118 if (s->override >= 0) {
2119 override = s->override;
2123 #ifdef TARGET_X86_64
2125 gen_op_addq_A0_seg(override);
2129 gen_op_addl_A0_seg(s, override);
2134 /* generate modrm memory load or store of 'reg'. TMP0 is used if reg ==
2136 static void gen_ldst_modrm(CPUX86State *env, DisasContext *s, int modrm,
2137 TCGMemOp ot, int reg, int is_store)
2141 mod = (modrm >> 6) & 3;
2142 rm = (modrm & 7) | REX_B(s);
2146 gen_op_mov_v_reg(ot, cpu_T[0], reg);
2147 gen_op_mov_reg_v(ot, rm, cpu_T[0]);
2149 gen_op_mov_v_reg(ot, cpu_T[0], rm);
2151 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
2154 gen_lea_modrm(env, s, modrm);
2157 gen_op_mov_v_reg(ot, cpu_T[0], reg);
2158 gen_op_st_v(s, ot, cpu_T[0], cpu_A0);
2160 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
2162 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
2167 static inline uint32_t insn_get(CPUX86State *env, DisasContext *s, TCGMemOp ot)
2173 ret = cpu_ldub_code(env, s->pc);
2177 ret = cpu_lduw_code(env, s->pc);
2181 #ifdef TARGET_X86_64
2184 ret = cpu_ldl_code(env, s->pc);
2193 static inline int insn_const_size(TCGMemOp ot)
2202 static inline void gen_goto_tb(DisasContext *s, int tb_num, target_ulong eip)
2204 TranslationBlock *tb;
2207 pc = s->cs_base + eip;
2209 /* NOTE: we handle the case where the TB spans two pages here */
2210 if ((pc & TARGET_PAGE_MASK) == (tb->pc & TARGET_PAGE_MASK) ||
2211 (pc & TARGET_PAGE_MASK) == ((s->pc - 1) & TARGET_PAGE_MASK)) {
2212 /* jump to same page: we can use a direct jump */
2213 tcg_gen_goto_tb(tb_num);
2215 tcg_gen_exit_tb((uintptr_t)tb + tb_num);
2217 /* jump to another page: currently not optimized */
2223 static inline void gen_jcc(DisasContext *s, int b,
2224 target_ulong val, target_ulong next_eip)
2229 l1 = gen_new_label();
2232 gen_goto_tb(s, 0, next_eip);
2235 gen_goto_tb(s, 1, val);
2236 s->is_jmp = DISAS_TB_JUMP;
2238 l1 = gen_new_label();
2239 l2 = gen_new_label();
2242 gen_jmp_im(next_eip);
2252 static void gen_cmovcc1(CPUX86State *env, DisasContext *s, TCGMemOp ot, int b,
2257 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
2259 cc = gen_prepare_cc(s, b, cpu_T[1]);
2260 if (cc.mask != -1) {
2261 TCGv t0 = tcg_temp_new();
2262 tcg_gen_andi_tl(t0, cc.reg, cc.mask);
2266 cc.reg2 = tcg_const_tl(cc.imm);
2269 tcg_gen_movcond_tl(cc.cond, cpu_T[0], cc.reg, cc.reg2,
2270 cpu_T[0], cpu_regs[reg]);
2271 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
2273 if (cc.mask != -1) {
2274 tcg_temp_free(cc.reg);
2277 tcg_temp_free(cc.reg2);
2281 static inline void gen_op_movl_T0_seg(int seg_reg)
2283 tcg_gen_ld32u_tl(cpu_T[0], cpu_env,
2284 offsetof(CPUX86State,segs[seg_reg].selector));
2287 static inline void gen_op_movl_seg_T0_vm(int seg_reg)
2289 tcg_gen_andi_tl(cpu_T[0], cpu_T[0], 0xffff);
2290 tcg_gen_st32_tl(cpu_T[0], cpu_env,
2291 offsetof(CPUX86State,segs[seg_reg].selector));
2292 tcg_gen_shli_tl(cpu_T[0], cpu_T[0], 4);
2293 tcg_gen_st_tl(cpu_T[0], cpu_env,
2294 offsetof(CPUX86State,segs[seg_reg].base));
2297 /* move T0 to seg_reg and compute if the CPU state may change. Never
2298 call this function with seg_reg == R_CS */
2299 static void gen_movl_seg_T0(DisasContext *s, int seg_reg, target_ulong cur_eip)
2301 if (s->pe && !s->vm86) {
2302 /* XXX: optimize by finding processor state dynamically */
2303 gen_update_cc_op(s);
2304 gen_jmp_im(cur_eip);
2305 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
2306 gen_helper_load_seg(cpu_env, tcg_const_i32(seg_reg), cpu_tmp2_i32);
2307 /* abort translation because the addseg value may change or
2308 because ss32 may change. For R_SS, translation must always
2309 stop as a special handling must be done to disable hardware
2310 interrupts for the next instruction */
2311 if (seg_reg == R_SS || (s->code32 && seg_reg < R_FS))
2312 s->is_jmp = DISAS_TB_JUMP;
2314 gen_op_movl_seg_T0_vm(seg_reg);
2315 if (seg_reg == R_SS)
2316 s->is_jmp = DISAS_TB_JUMP;
2320 static inline int svm_is_rep(int prefixes)
2322 return ((prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) ? 8 : 0);
2326 gen_svm_check_intercept_param(DisasContext *s, target_ulong pc_start,
2327 uint32_t type, uint64_t param)
2329 /* no SVM activated; fast case */
2330 if (likely(!(s->flags & HF_SVMI_MASK)))
2332 gen_update_cc_op(s);
2333 gen_jmp_im(pc_start - s->cs_base);
2334 gen_helper_svm_check_intercept_param(cpu_env, tcg_const_i32(type),
2335 tcg_const_i64(param));
2339 gen_svm_check_intercept(DisasContext *s, target_ulong pc_start, uint64_t type)
2341 gen_svm_check_intercept_param(s, pc_start, type, 0);
2344 static inline void gen_stack_update(DisasContext *s, int addend)
2346 #ifdef TARGET_X86_64
2348 gen_op_add_reg_im(MO_64, R_ESP, addend);
2352 gen_op_add_reg_im(MO_32, R_ESP, addend);
2354 gen_op_add_reg_im(MO_16, R_ESP, addend);
2358 /* Generate a push. It depends on ss32, addseg and dflag. */
2359 static void gen_push_v(DisasContext *s, TCGv val)
2361 TCGMemOp a_ot, d_ot = mo_pushpop(s, s->dflag);
2362 int size = 1 << d_ot;
2363 TCGv new_esp = cpu_A0;
2365 tcg_gen_subi_tl(cpu_A0, cpu_regs[R_ESP], size);
2369 } else if (s->ss32) {
2373 tcg_gen_mov_tl(new_esp, cpu_A0);
2374 gen_op_addl_A0_seg(s, R_SS);
2376 tcg_gen_ext32u_tl(cpu_A0, cpu_A0);
2381 tcg_gen_ext16u_tl(cpu_A0, cpu_A0);
2382 tcg_gen_mov_tl(new_esp, cpu_A0);
2383 gen_op_addl_A0_seg(s, R_SS);
2386 gen_op_st_v(s, d_ot, val, cpu_A0);
2387 gen_op_mov_reg_v(a_ot, R_ESP, new_esp);
2390 /* two step pop is necessary for precise exceptions */
2391 static TCGMemOp gen_pop_T0(DisasContext *s)
2393 TCGMemOp d_ot = mo_pushpop(s, s->dflag);
2397 addr = cpu_regs[R_ESP];
2398 } else if (!s->ss32) {
2399 tcg_gen_ext16u_tl(cpu_A0, cpu_regs[R_ESP]);
2400 gen_op_addl_A0_seg(s, R_SS);
2401 } else if (s->addseg) {
2402 tcg_gen_mov_tl(cpu_A0, cpu_regs[R_ESP]);
2403 gen_op_addl_A0_seg(s, R_SS);
2405 tcg_gen_ext32u_tl(cpu_A0, cpu_regs[R_ESP]);
2408 gen_op_ld_v(s, d_ot, cpu_T[0], addr);
2412 static void gen_pop_update(DisasContext *s, TCGMemOp ot)
2414 gen_stack_update(s, 1 << ot);
2417 static void gen_stack_A0(DisasContext *s)
2419 gen_op_movl_A0_reg(R_ESP);
2421 tcg_gen_ext16u_tl(cpu_A0, cpu_A0);
2422 tcg_gen_mov_tl(cpu_T[1], cpu_A0);
2424 gen_op_addl_A0_seg(s, R_SS);
2427 /* NOTE: wrap around in 16 bit not fully handled */
2428 static void gen_pusha(DisasContext *s)
2431 gen_op_movl_A0_reg(R_ESP);
2432 gen_op_addl_A0_im(-8 << s->dflag);
2434 tcg_gen_ext16u_tl(cpu_A0, cpu_A0);
2435 tcg_gen_mov_tl(cpu_T[1], cpu_A0);
2437 gen_op_addl_A0_seg(s, R_SS);
2438 for(i = 0;i < 8; i++) {
2439 gen_op_mov_v_reg(MO_32, cpu_T[0], 7 - i);
2440 gen_op_st_v(s, s->dflag, cpu_T[0], cpu_A0);
2441 gen_op_addl_A0_im(1 << s->dflag);
2443 gen_op_mov_reg_v(MO_16 + s->ss32, R_ESP, cpu_T[1]);
2446 /* NOTE: wrap around in 16 bit not fully handled */
2447 static void gen_popa(DisasContext *s)
2450 gen_op_movl_A0_reg(R_ESP);
2452 tcg_gen_ext16u_tl(cpu_A0, cpu_A0);
2453 tcg_gen_mov_tl(cpu_T[1], cpu_A0);
2454 tcg_gen_addi_tl(cpu_T[1], cpu_T[1], 8 << s->dflag);
2456 gen_op_addl_A0_seg(s, R_SS);
2457 for(i = 0;i < 8; i++) {
2458 /* ESP is not reloaded */
2460 gen_op_ld_v(s, s->dflag, cpu_T[0], cpu_A0);
2461 gen_op_mov_reg_v(s->dflag, 7 - i, cpu_T[0]);
2463 gen_op_addl_A0_im(1 << s->dflag);
2465 gen_op_mov_reg_v(MO_16 + s->ss32, R_ESP, cpu_T[1]);
2468 static void gen_enter(DisasContext *s, int esp_addend, int level)
2470 TCGMemOp ot = mo_pushpop(s, s->dflag);
2471 int opsize = 1 << ot;
2474 #ifdef TARGET_X86_64
2476 gen_op_movl_A0_reg(R_ESP);
2477 gen_op_addq_A0_im(-opsize);
2478 tcg_gen_mov_tl(cpu_T[1], cpu_A0);
2481 gen_op_mov_v_reg(MO_32, cpu_T[0], R_EBP);
2482 gen_op_st_v(s, ot, cpu_T[0], cpu_A0);
2484 /* XXX: must save state */
2485 gen_helper_enter64_level(cpu_env, tcg_const_i32(level),
2486 tcg_const_i32((ot == MO_64)),
2489 gen_op_mov_reg_v(ot, R_EBP, cpu_T[1]);
2490 tcg_gen_addi_tl(cpu_T[1], cpu_T[1], -esp_addend + (-opsize * level));
2491 gen_op_mov_reg_v(MO_64, R_ESP, cpu_T[1]);
2495 gen_op_movl_A0_reg(R_ESP);
2496 gen_op_addl_A0_im(-opsize);
2498 tcg_gen_ext16u_tl(cpu_A0, cpu_A0);
2499 tcg_gen_mov_tl(cpu_T[1], cpu_A0);
2501 gen_op_addl_A0_seg(s, R_SS);
2503 gen_op_mov_v_reg(MO_32, cpu_T[0], R_EBP);
2504 gen_op_st_v(s, ot, cpu_T[0], cpu_A0);
2506 /* XXX: must save state */
2507 gen_helper_enter_level(cpu_env, tcg_const_i32(level),
2508 tcg_const_i32(s->dflag - 1),
2511 gen_op_mov_reg_v(ot, R_EBP, cpu_T[1]);
2512 tcg_gen_addi_tl(cpu_T[1], cpu_T[1], -esp_addend + (-opsize * level));
2513 gen_op_mov_reg_v(MO_16 + s->ss32, R_ESP, cpu_T[1]);
2517 static void gen_exception(DisasContext *s, int trapno, target_ulong cur_eip)
2519 gen_update_cc_op(s);
2520 gen_jmp_im(cur_eip);
2521 gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno));
2522 s->is_jmp = DISAS_TB_JUMP;
2525 /* an interrupt is different from an exception because of the
2527 static void gen_interrupt(DisasContext *s, int intno,
2528 target_ulong cur_eip, target_ulong next_eip)
2530 gen_update_cc_op(s);
2531 gen_jmp_im(cur_eip);
2532 gen_helper_raise_interrupt(cpu_env, tcg_const_i32(intno),
2533 tcg_const_i32(next_eip - cur_eip));
2534 s->is_jmp = DISAS_TB_JUMP;
2537 static void gen_debug(DisasContext *s, target_ulong cur_eip)
2539 gen_update_cc_op(s);
2540 gen_jmp_im(cur_eip);
2541 gen_helper_debug(cpu_env);
2542 s->is_jmp = DISAS_TB_JUMP;
2545 /* generate a generic end of block. Trace exception is also generated
2547 static void gen_eob(DisasContext *s)
2549 gen_update_cc_op(s);
2550 if (s->tb->flags & HF_INHIBIT_IRQ_MASK) {
2551 gen_helper_reset_inhibit_irq(cpu_env);
2553 if (s->tb->flags & HF_RF_MASK) {
2554 gen_helper_reset_rf(cpu_env);
2556 if (s->singlestep_enabled) {
2557 gen_helper_debug(cpu_env);
2559 gen_helper_single_step(cpu_env);
2563 s->is_jmp = DISAS_TB_JUMP;
2566 /* generate a jump to eip. No segment change must happen before as a
2567 direct call to the next block may occur */
2568 static void gen_jmp_tb(DisasContext *s, target_ulong eip, int tb_num)
2570 gen_update_cc_op(s);
2571 set_cc_op(s, CC_OP_DYNAMIC);
2573 gen_goto_tb(s, tb_num, eip);
2574 s->is_jmp = DISAS_TB_JUMP;
2581 static void gen_jmp(DisasContext *s, target_ulong eip)
2583 gen_jmp_tb(s, eip, 0);
2586 static inline void gen_ldq_env_A0(DisasContext *s, int offset)
2588 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0, s->mem_index, MO_LEQ);
2589 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, offset);
2592 static inline void gen_stq_env_A0(DisasContext *s, int offset)
2594 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, offset);
2595 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0, s->mem_index, MO_LEQ);
2598 static inline void gen_ldo_env_A0(DisasContext *s, int offset)
2600 int mem_index = s->mem_index;
2601 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0, mem_index, MO_LEQ);
2602 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(XMMReg, XMM_Q(0)));
2603 tcg_gen_addi_tl(cpu_tmp0, cpu_A0, 8);
2604 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_tmp0, mem_index, MO_LEQ);
2605 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(XMMReg, XMM_Q(1)));
2608 static inline void gen_sto_env_A0(DisasContext *s, int offset)
2610 int mem_index = s->mem_index;
2611 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(XMMReg, XMM_Q(0)));
2612 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0, mem_index, MO_LEQ);
2613 tcg_gen_addi_tl(cpu_tmp0, cpu_A0, 8);
2614 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, offset + offsetof(XMMReg, XMM_Q(1)));
2615 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_tmp0, mem_index, MO_LEQ);
2618 static inline void gen_op_movo(int d_offset, int s_offset)
2620 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, s_offset);
2621 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset);
2622 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, s_offset + 8);
2623 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset + 8);
2626 static inline void gen_op_movq(int d_offset, int s_offset)
2628 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env, s_offset);
2629 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset);
2632 static inline void gen_op_movl(int d_offset, int s_offset)
2634 tcg_gen_ld_i32(cpu_tmp2_i32, cpu_env, s_offset);
2635 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env, d_offset);
2638 static inline void gen_op_movq_env_0(int d_offset)
2640 tcg_gen_movi_i64(cpu_tmp1_i64, 0);
2641 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env, d_offset);
2644 typedef void (*SSEFunc_i_ep)(TCGv_i32 val, TCGv_ptr env, TCGv_ptr reg);
2645 typedef void (*SSEFunc_l_ep)(TCGv_i64 val, TCGv_ptr env, TCGv_ptr reg);
2646 typedef void (*SSEFunc_0_epi)(TCGv_ptr env, TCGv_ptr reg, TCGv_i32 val);
2647 typedef void (*SSEFunc_0_epl)(TCGv_ptr env, TCGv_ptr reg, TCGv_i64 val);
2648 typedef void (*SSEFunc_0_epp)(TCGv_ptr env, TCGv_ptr reg_a, TCGv_ptr reg_b);
2649 typedef void (*SSEFunc_0_eppi)(TCGv_ptr env, TCGv_ptr reg_a, TCGv_ptr reg_b,
2651 typedef void (*SSEFunc_0_ppi)(TCGv_ptr reg_a, TCGv_ptr reg_b, TCGv_i32 val);
2652 typedef void (*SSEFunc_0_eppt)(TCGv_ptr env, TCGv_ptr reg_a, TCGv_ptr reg_b,
2655 #define SSE_SPECIAL ((void *)1)
2656 #define SSE_DUMMY ((void *)2)
2658 #define MMX_OP2(x) { gen_helper_ ## x ## _mmx, gen_helper_ ## x ## _xmm }
2659 #define SSE_FOP(x) { gen_helper_ ## x ## ps, gen_helper_ ## x ## pd, \
2660 gen_helper_ ## x ## ss, gen_helper_ ## x ## sd, }
2662 static const SSEFunc_0_epp sse_op_table1[256][4] = {
2663 /* 3DNow! extensions */
2664 [0x0e] = { SSE_DUMMY }, /* femms */
2665 [0x0f] = { SSE_DUMMY }, /* pf... */
2666 /* pure SSE operations */
2667 [0x10] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movups, movupd, movss, movsd */
2668 [0x11] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movups, movupd, movss, movsd */
2669 [0x12] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movlps, movlpd, movsldup, movddup */
2670 [0x13] = { SSE_SPECIAL, SSE_SPECIAL }, /* movlps, movlpd */
2671 [0x14] = { gen_helper_punpckldq_xmm, gen_helper_punpcklqdq_xmm },
2672 [0x15] = { gen_helper_punpckhdq_xmm, gen_helper_punpckhqdq_xmm },
2673 [0x16] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movhps, movhpd, movshdup */
2674 [0x17] = { SSE_SPECIAL, SSE_SPECIAL }, /* movhps, movhpd */
2676 [0x28] = { SSE_SPECIAL, SSE_SPECIAL }, /* movaps, movapd */
2677 [0x29] = { SSE_SPECIAL, SSE_SPECIAL }, /* movaps, movapd */
2678 [0x2a] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* cvtpi2ps, cvtpi2pd, cvtsi2ss, cvtsi2sd */
2679 [0x2b] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movntps, movntpd, movntss, movntsd */
2680 [0x2c] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* cvttps2pi, cvttpd2pi, cvttsd2si, cvttss2si */
2681 [0x2d] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* cvtps2pi, cvtpd2pi, cvtsd2si, cvtss2si */
2682 [0x2e] = { gen_helper_ucomiss, gen_helper_ucomisd },
2683 [0x2f] = { gen_helper_comiss, gen_helper_comisd },
2684 [0x50] = { SSE_SPECIAL, SSE_SPECIAL }, /* movmskps, movmskpd */
2685 [0x51] = SSE_FOP(sqrt),
2686 [0x52] = { gen_helper_rsqrtps, NULL, gen_helper_rsqrtss, NULL },
2687 [0x53] = { gen_helper_rcpps, NULL, gen_helper_rcpss, NULL },
2688 [0x54] = { gen_helper_pand_xmm, gen_helper_pand_xmm }, /* andps, andpd */
2689 [0x55] = { gen_helper_pandn_xmm, gen_helper_pandn_xmm }, /* andnps, andnpd */
2690 [0x56] = { gen_helper_por_xmm, gen_helper_por_xmm }, /* orps, orpd */
2691 [0x57] = { gen_helper_pxor_xmm, gen_helper_pxor_xmm }, /* xorps, xorpd */
2692 [0x58] = SSE_FOP(add),
2693 [0x59] = SSE_FOP(mul),
2694 [0x5a] = { gen_helper_cvtps2pd, gen_helper_cvtpd2ps,
2695 gen_helper_cvtss2sd, gen_helper_cvtsd2ss },
2696 [0x5b] = { gen_helper_cvtdq2ps, gen_helper_cvtps2dq, gen_helper_cvttps2dq },
2697 [0x5c] = SSE_FOP(sub),
2698 [0x5d] = SSE_FOP(min),
2699 [0x5e] = SSE_FOP(div),
2700 [0x5f] = SSE_FOP(max),
2702 [0xc2] = SSE_FOP(cmpeq),
2703 [0xc6] = { (SSEFunc_0_epp)gen_helper_shufps,
2704 (SSEFunc_0_epp)gen_helper_shufpd }, /* XXX: casts */
2706 /* SSSE3, SSE4, MOVBE, CRC32, BMI1, BMI2, ADX. */
2707 [0x38] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL },
2708 [0x3a] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL },
2710 /* MMX ops and their SSE extensions */
2711 [0x60] = MMX_OP2(punpcklbw),
2712 [0x61] = MMX_OP2(punpcklwd),
2713 [0x62] = MMX_OP2(punpckldq),
2714 [0x63] = MMX_OP2(packsswb),
2715 [0x64] = MMX_OP2(pcmpgtb),
2716 [0x65] = MMX_OP2(pcmpgtw),
2717 [0x66] = MMX_OP2(pcmpgtl),
2718 [0x67] = MMX_OP2(packuswb),
2719 [0x68] = MMX_OP2(punpckhbw),
2720 [0x69] = MMX_OP2(punpckhwd),
2721 [0x6a] = MMX_OP2(punpckhdq),
2722 [0x6b] = MMX_OP2(packssdw),
2723 [0x6c] = { NULL, gen_helper_punpcklqdq_xmm },
2724 [0x6d] = { NULL, gen_helper_punpckhqdq_xmm },
2725 [0x6e] = { SSE_SPECIAL, SSE_SPECIAL }, /* movd mm, ea */
2726 [0x6f] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movq, movdqa, , movqdu */
2727 [0x70] = { (SSEFunc_0_epp)gen_helper_pshufw_mmx,
2728 (SSEFunc_0_epp)gen_helper_pshufd_xmm,
2729 (SSEFunc_0_epp)gen_helper_pshufhw_xmm,
2730 (SSEFunc_0_epp)gen_helper_pshuflw_xmm }, /* XXX: casts */
2731 [0x71] = { SSE_SPECIAL, SSE_SPECIAL }, /* shiftw */
2732 [0x72] = { SSE_SPECIAL, SSE_SPECIAL }, /* shiftd */
2733 [0x73] = { SSE_SPECIAL, SSE_SPECIAL }, /* shiftq */
2734 [0x74] = MMX_OP2(pcmpeqb),
2735 [0x75] = MMX_OP2(pcmpeqw),
2736 [0x76] = MMX_OP2(pcmpeql),
2737 [0x77] = { SSE_DUMMY }, /* emms */
2738 [0x78] = { NULL, SSE_SPECIAL, NULL, SSE_SPECIAL }, /* extrq_i, insertq_i */
2739 [0x79] = { NULL, gen_helper_extrq_r, NULL, gen_helper_insertq_r },
2740 [0x7c] = { NULL, gen_helper_haddpd, NULL, gen_helper_haddps },
2741 [0x7d] = { NULL, gen_helper_hsubpd, NULL, gen_helper_hsubps },
2742 [0x7e] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movd, movd, , movq */
2743 [0x7f] = { SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL }, /* movq, movdqa, movdqu */
2744 [0xc4] = { SSE_SPECIAL, SSE_SPECIAL }, /* pinsrw */
2745 [0xc5] = { SSE_SPECIAL, SSE_SPECIAL }, /* pextrw */
2746 [0xd0] = { NULL, gen_helper_addsubpd, NULL, gen_helper_addsubps },
2747 [0xd1] = MMX_OP2(psrlw),
2748 [0xd2] = MMX_OP2(psrld),
2749 [0xd3] = MMX_OP2(psrlq),
2750 [0xd4] = MMX_OP2(paddq),
2751 [0xd5] = MMX_OP2(pmullw),
2752 [0xd6] = { NULL, SSE_SPECIAL, SSE_SPECIAL, SSE_SPECIAL },
2753 [0xd7] = { SSE_SPECIAL, SSE_SPECIAL }, /* pmovmskb */
2754 [0xd8] = MMX_OP2(psubusb),
2755 [0xd9] = MMX_OP2(psubusw),
2756 [0xda] = MMX_OP2(pminub),
2757 [0xdb] = MMX_OP2(pand),
2758 [0xdc] = MMX_OP2(paddusb),
2759 [0xdd] = MMX_OP2(paddusw),
2760 [0xde] = MMX_OP2(pmaxub),
2761 [0xdf] = MMX_OP2(pandn),
2762 [0xe0] = MMX_OP2(pavgb),
2763 [0xe1] = MMX_OP2(psraw),
2764 [0xe2] = MMX_OP2(psrad),
2765 [0xe3] = MMX_OP2(pavgw),
2766 [0xe4] = MMX_OP2(pmulhuw),
2767 [0xe5] = MMX_OP2(pmulhw),
2768 [0xe6] = { NULL, gen_helper_cvttpd2dq, gen_helper_cvtdq2pd, gen_helper_cvtpd2dq },
2769 [0xe7] = { SSE_SPECIAL , SSE_SPECIAL }, /* movntq, movntq */
2770 [0xe8] = MMX_OP2(psubsb),
2771 [0xe9] = MMX_OP2(psubsw),
2772 [0xea] = MMX_OP2(pminsw),
2773 [0xeb] = MMX_OP2(por),
2774 [0xec] = MMX_OP2(paddsb),
2775 [0xed] = MMX_OP2(paddsw),
2776 [0xee] = MMX_OP2(pmaxsw),
2777 [0xef] = MMX_OP2(pxor),
2778 [0xf0] = { NULL, NULL, NULL, SSE_SPECIAL }, /* lddqu */
2779 [0xf1] = MMX_OP2(psllw),
2780 [0xf2] = MMX_OP2(pslld),
2781 [0xf3] = MMX_OP2(psllq),
2782 [0xf4] = MMX_OP2(pmuludq),
2783 [0xf5] = MMX_OP2(pmaddwd),
2784 [0xf6] = MMX_OP2(psadbw),
2785 [0xf7] = { (SSEFunc_0_epp)gen_helper_maskmov_mmx,
2786 (SSEFunc_0_epp)gen_helper_maskmov_xmm }, /* XXX: casts */
2787 [0xf8] = MMX_OP2(psubb),
2788 [0xf9] = MMX_OP2(psubw),
2789 [0xfa] = MMX_OP2(psubl),
2790 [0xfb] = MMX_OP2(psubq),
2791 [0xfc] = MMX_OP2(paddb),
2792 [0xfd] = MMX_OP2(paddw),
2793 [0xfe] = MMX_OP2(paddl),
2796 static const SSEFunc_0_epp sse_op_table2[3 * 8][2] = {
2797 [0 + 2] = MMX_OP2(psrlw),
2798 [0 + 4] = MMX_OP2(psraw),
2799 [0 + 6] = MMX_OP2(psllw),
2800 [8 + 2] = MMX_OP2(psrld),
2801 [8 + 4] = MMX_OP2(psrad),
2802 [8 + 6] = MMX_OP2(pslld),
2803 [16 + 2] = MMX_OP2(psrlq),
2804 [16 + 3] = { NULL, gen_helper_psrldq_xmm },
2805 [16 + 6] = MMX_OP2(psllq),
2806 [16 + 7] = { NULL, gen_helper_pslldq_xmm },
2809 static const SSEFunc_0_epi sse_op_table3ai[] = {
2810 gen_helper_cvtsi2ss,
2814 #ifdef TARGET_X86_64
2815 static const SSEFunc_0_epl sse_op_table3aq[] = {
2816 gen_helper_cvtsq2ss,
2821 static const SSEFunc_i_ep sse_op_table3bi[] = {
2822 gen_helper_cvttss2si,
2823 gen_helper_cvtss2si,
2824 gen_helper_cvttsd2si,
2828 #ifdef TARGET_X86_64
2829 static const SSEFunc_l_ep sse_op_table3bq[] = {
2830 gen_helper_cvttss2sq,
2831 gen_helper_cvtss2sq,
2832 gen_helper_cvttsd2sq,
2837 static const SSEFunc_0_epp sse_op_table4[8][4] = {
2848 static const SSEFunc_0_epp sse_op_table5[256] = {
2849 [0x0c] = gen_helper_pi2fw,
2850 [0x0d] = gen_helper_pi2fd,
2851 [0x1c] = gen_helper_pf2iw,
2852 [0x1d] = gen_helper_pf2id,
2853 [0x8a] = gen_helper_pfnacc,
2854 [0x8e] = gen_helper_pfpnacc,
2855 [0x90] = gen_helper_pfcmpge,
2856 [0x94] = gen_helper_pfmin,
2857 [0x96] = gen_helper_pfrcp,
2858 [0x97] = gen_helper_pfrsqrt,
2859 [0x9a] = gen_helper_pfsub,
2860 [0x9e] = gen_helper_pfadd,
2861 [0xa0] = gen_helper_pfcmpgt,
2862 [0xa4] = gen_helper_pfmax,
2863 [0xa6] = gen_helper_movq, /* pfrcpit1; no need to actually increase precision */
2864 [0xa7] = gen_helper_movq, /* pfrsqit1 */
2865 [0xaa] = gen_helper_pfsubr,
2866 [0xae] = gen_helper_pfacc,
2867 [0xb0] = gen_helper_pfcmpeq,
2868 [0xb4] = gen_helper_pfmul,
2869 [0xb6] = gen_helper_movq, /* pfrcpit2 */
2870 [0xb7] = gen_helper_pmulhrw_mmx,
2871 [0xbb] = gen_helper_pswapd,
2872 [0xbf] = gen_helper_pavgb_mmx /* pavgusb */
2875 struct SSEOpHelper_epp {
2876 SSEFunc_0_epp op[2];
2880 struct SSEOpHelper_eppi {
2881 SSEFunc_0_eppi op[2];
2885 #define SSSE3_OP(x) { MMX_OP2(x), CPUID_EXT_SSSE3 }
2886 #define SSE41_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, CPUID_EXT_SSE41 }
2887 #define SSE42_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, CPUID_EXT_SSE42 }
2888 #define SSE41_SPECIAL { { NULL, SSE_SPECIAL }, CPUID_EXT_SSE41 }
2889 #define PCLMULQDQ_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, \
2890 CPUID_EXT_PCLMULQDQ }
2891 #define AESNI_OP(x) { { NULL, gen_helper_ ## x ## _xmm }, CPUID_EXT_AES }
2893 static const struct SSEOpHelper_epp sse_op_table6[256] = {
2894 [0x00] = SSSE3_OP(pshufb),
2895 [0x01] = SSSE3_OP(phaddw),
2896 [0x02] = SSSE3_OP(phaddd),
2897 [0x03] = SSSE3_OP(phaddsw),
2898 [0x04] = SSSE3_OP(pmaddubsw),
2899 [0x05] = SSSE3_OP(phsubw),
2900 [0x06] = SSSE3_OP(phsubd),
2901 [0x07] = SSSE3_OP(phsubsw),
2902 [0x08] = SSSE3_OP(psignb),
2903 [0x09] = SSSE3_OP(psignw),
2904 [0x0a] = SSSE3_OP(psignd),
2905 [0x0b] = SSSE3_OP(pmulhrsw),
2906 [0x10] = SSE41_OP(pblendvb),
2907 [0x14] = SSE41_OP(blendvps),
2908 [0x15] = SSE41_OP(blendvpd),
2909 [0x17] = SSE41_OP(ptest),
2910 [0x1c] = SSSE3_OP(pabsb),
2911 [0x1d] = SSSE3_OP(pabsw),
2912 [0x1e] = SSSE3_OP(pabsd),
2913 [0x20] = SSE41_OP(pmovsxbw),
2914 [0x21] = SSE41_OP(pmovsxbd),
2915 [0x22] = SSE41_OP(pmovsxbq),
2916 [0x23] = SSE41_OP(pmovsxwd),
2917 [0x24] = SSE41_OP(pmovsxwq),
2918 [0x25] = SSE41_OP(pmovsxdq),
2919 [0x28] = SSE41_OP(pmuldq),
2920 [0x29] = SSE41_OP(pcmpeqq),
2921 [0x2a] = SSE41_SPECIAL, /* movntqda */
2922 [0x2b] = SSE41_OP(packusdw),
2923 [0x30] = SSE41_OP(pmovzxbw),
2924 [0x31] = SSE41_OP(pmovzxbd),
2925 [0x32] = SSE41_OP(pmovzxbq),
2926 [0x33] = SSE41_OP(pmovzxwd),
2927 [0x34] = SSE41_OP(pmovzxwq),
2928 [0x35] = SSE41_OP(pmovzxdq),
2929 [0x37] = SSE42_OP(pcmpgtq),
2930 [0x38] = SSE41_OP(pminsb),
2931 [0x39] = SSE41_OP(pminsd),
2932 [0x3a] = SSE41_OP(pminuw),
2933 [0x3b] = SSE41_OP(pminud),
2934 [0x3c] = SSE41_OP(pmaxsb),
2935 [0x3d] = SSE41_OP(pmaxsd),
2936 [0x3e] = SSE41_OP(pmaxuw),
2937 [0x3f] = SSE41_OP(pmaxud),
2938 [0x40] = SSE41_OP(pmulld),
2939 [0x41] = SSE41_OP(phminposuw),
2940 [0xdb] = AESNI_OP(aesimc),
2941 [0xdc] = AESNI_OP(aesenc),
2942 [0xdd] = AESNI_OP(aesenclast),
2943 [0xde] = AESNI_OP(aesdec),
2944 [0xdf] = AESNI_OP(aesdeclast),
2947 static const struct SSEOpHelper_eppi sse_op_table7[256] = {
2948 [0x08] = SSE41_OP(roundps),
2949 [0x09] = SSE41_OP(roundpd),
2950 [0x0a] = SSE41_OP(roundss),
2951 [0x0b] = SSE41_OP(roundsd),
2952 [0x0c] = SSE41_OP(blendps),
2953 [0x0d] = SSE41_OP(blendpd),
2954 [0x0e] = SSE41_OP(pblendw),
2955 [0x0f] = SSSE3_OP(palignr),
2956 [0x14] = SSE41_SPECIAL, /* pextrb */
2957 [0x15] = SSE41_SPECIAL, /* pextrw */
2958 [0x16] = SSE41_SPECIAL, /* pextrd/pextrq */
2959 [0x17] = SSE41_SPECIAL, /* extractps */
2960 [0x20] = SSE41_SPECIAL, /* pinsrb */
2961 [0x21] = SSE41_SPECIAL, /* insertps */
2962 [0x22] = SSE41_SPECIAL, /* pinsrd/pinsrq */
2963 [0x40] = SSE41_OP(dpps),
2964 [0x41] = SSE41_OP(dppd),
2965 [0x42] = SSE41_OP(mpsadbw),
2966 [0x44] = PCLMULQDQ_OP(pclmulqdq),
2967 [0x60] = SSE42_OP(pcmpestrm),
2968 [0x61] = SSE42_OP(pcmpestri),
2969 [0x62] = SSE42_OP(pcmpistrm),
2970 [0x63] = SSE42_OP(pcmpistri),
2971 [0xdf] = AESNI_OP(aeskeygenassist),
2974 static void gen_sse(CPUX86State *env, DisasContext *s, int b,
2975 target_ulong pc_start, int rex_r)
2977 int b1, op1_offset, op2_offset, is_xmm, val;
2978 int modrm, mod, rm, reg;
2979 SSEFunc_0_epp sse_fn_epp;
2980 SSEFunc_0_eppi sse_fn_eppi;
2981 SSEFunc_0_ppi sse_fn_ppi;
2982 SSEFunc_0_eppt sse_fn_eppt;
2986 if (s->prefix & PREFIX_DATA)
2988 else if (s->prefix & PREFIX_REPZ)
2990 else if (s->prefix & PREFIX_REPNZ)
2994 sse_fn_epp = sse_op_table1[b][b1];
2998 if ((b <= 0x5f && b >= 0x10) || b == 0xc6 || b == 0xc2) {
3008 /* simple MMX/SSE operation */
3009 if (s->flags & HF_TS_MASK) {
3010 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
3013 if (s->flags & HF_EM_MASK) {
3015 gen_exception(s, EXCP06_ILLOP, pc_start - s->cs_base);
3018 if (is_xmm && !(s->flags & HF_OSFXSR_MASK))
3019 if ((b != 0x38 && b != 0x3a) || (s->prefix & PREFIX_DATA))
3022 if (!(s->cpuid_ext2_features & CPUID_EXT2_3DNOW))
3025 gen_helper_emms(cpu_env);
3030 gen_helper_emms(cpu_env);
3033 /* prepare MMX state (XXX: optimize by storing fptt and fptags in
3034 the static cpu state) */
3036 gen_helper_enter_mmx(cpu_env);
3039 modrm = cpu_ldub_code(env, s->pc++);
3040 reg = ((modrm >> 3) & 7);
3043 mod = (modrm >> 6) & 3;
3044 if (sse_fn_epp == SSE_SPECIAL) {
3047 case 0x0e7: /* movntq */
3050 gen_lea_modrm(env, s, modrm);
3051 gen_stq_env_A0(s, offsetof(CPUX86State, fpregs[reg].mmx));
3053 case 0x1e7: /* movntdq */
3054 case 0x02b: /* movntps */
3055 case 0x12b: /* movntps */
3058 gen_lea_modrm(env, s, modrm);
3059 gen_sto_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3061 case 0x3f0: /* lddqu */
3064 gen_lea_modrm(env, s, modrm);
3065 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3067 case 0x22b: /* movntss */
3068 case 0x32b: /* movntsd */
3071 gen_lea_modrm(env, s, modrm);
3073 gen_stq_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3075 tcg_gen_ld32u_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,
3076 xmm_regs[reg].XMM_L(0)));
3077 gen_op_st_v(s, MO_32, cpu_T[0], cpu_A0);
3080 case 0x6e: /* movd mm, ea */
3081 #ifdef TARGET_X86_64
3082 if (s->dflag == MO_64) {
3083 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 0);
3084 tcg_gen_st_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,fpregs[reg].mmx));
3088 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 0);
3089 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3090 offsetof(CPUX86State,fpregs[reg].mmx));
3091 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
3092 gen_helper_movl_mm_T0_mmx(cpu_ptr0, cpu_tmp2_i32);
3095 case 0x16e: /* movd xmm, ea */
3096 #ifdef TARGET_X86_64
3097 if (s->dflag == MO_64) {
3098 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 0);
3099 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3100 offsetof(CPUX86State,xmm_regs[reg]));
3101 gen_helper_movq_mm_T0_xmm(cpu_ptr0, cpu_T[0]);
3105 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 0);
3106 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3107 offsetof(CPUX86State,xmm_regs[reg]));
3108 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
3109 gen_helper_movl_mm_T0_xmm(cpu_ptr0, cpu_tmp2_i32);
3112 case 0x6f: /* movq mm, ea */
3114 gen_lea_modrm(env, s, modrm);
3115 gen_ldq_env_A0(s, offsetof(CPUX86State, fpregs[reg].mmx));
3118 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env,
3119 offsetof(CPUX86State,fpregs[rm].mmx));
3120 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env,
3121 offsetof(CPUX86State,fpregs[reg].mmx));
3124 case 0x010: /* movups */
3125 case 0x110: /* movupd */
3126 case 0x028: /* movaps */
3127 case 0x128: /* movapd */
3128 case 0x16f: /* movdqa xmm, ea */
3129 case 0x26f: /* movdqu xmm, ea */
3131 gen_lea_modrm(env, s, modrm);
3132 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3134 rm = (modrm & 7) | REX_B(s);
3135 gen_op_movo(offsetof(CPUX86State,xmm_regs[reg]),
3136 offsetof(CPUX86State,xmm_regs[rm]));
3139 case 0x210: /* movss xmm, ea */
3141 gen_lea_modrm(env, s, modrm);
3142 gen_op_ld_v(s, MO_32, cpu_T[0], cpu_A0);
3143 tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_regs[reg].XMM_L(0)));
3144 tcg_gen_movi_tl(cpu_T[0], 0);
3145 tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_regs[reg].XMM_L(1)));
3146 tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_regs[reg].XMM_L(2)));
3147 tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_regs[reg].XMM_L(3)));
3149 rm = (modrm & 7) | REX_B(s);
3150 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].XMM_L(0)),
3151 offsetof(CPUX86State,xmm_regs[rm].XMM_L(0)));
3154 case 0x310: /* movsd xmm, ea */
3156 gen_lea_modrm(env, s, modrm);
3157 gen_ldq_env_A0(s, offsetof(CPUX86State,
3158 xmm_regs[reg].XMM_Q(0)));
3159 tcg_gen_movi_tl(cpu_T[0], 0);
3160 tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_regs[reg].XMM_L(2)));
3161 tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_regs[reg].XMM_L(3)));
3163 rm = (modrm & 7) | REX_B(s);
3164 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].XMM_Q(0)),
3165 offsetof(CPUX86State,xmm_regs[rm].XMM_Q(0)));
3168 case 0x012: /* movlps */
3169 case 0x112: /* movlpd */
3171 gen_lea_modrm(env, s, modrm);
3172 gen_ldq_env_A0(s, offsetof(CPUX86State,
3173 xmm_regs[reg].XMM_Q(0)));
3176 rm = (modrm & 7) | REX_B(s);
3177 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].XMM_Q(0)),
3178 offsetof(CPUX86State,xmm_regs[rm].XMM_Q(1)));
3181 case 0x212: /* movsldup */
3183 gen_lea_modrm(env, s, modrm);
3184 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3186 rm = (modrm & 7) | REX_B(s);
3187 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].XMM_L(0)),
3188 offsetof(CPUX86State,xmm_regs[rm].XMM_L(0)));
3189 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].XMM_L(2)),
3190 offsetof(CPUX86State,xmm_regs[rm].XMM_L(2)));
3192 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].XMM_L(1)),
3193 offsetof(CPUX86State,xmm_regs[reg].XMM_L(0)));
3194 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].XMM_L(3)),
3195 offsetof(CPUX86State,xmm_regs[reg].XMM_L(2)));
3197 case 0x312: /* movddup */
3199 gen_lea_modrm(env, s, modrm);
3200 gen_ldq_env_A0(s, offsetof(CPUX86State,
3201 xmm_regs[reg].XMM_Q(0)));
3203 rm = (modrm & 7) | REX_B(s);
3204 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].XMM_Q(0)),
3205 offsetof(CPUX86State,xmm_regs[rm].XMM_Q(0)));
3207 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].XMM_Q(1)),
3208 offsetof(CPUX86State,xmm_regs[reg].XMM_Q(0)));
3210 case 0x016: /* movhps */
3211 case 0x116: /* movhpd */
3213 gen_lea_modrm(env, s, modrm);
3214 gen_ldq_env_A0(s, offsetof(CPUX86State,
3215 xmm_regs[reg].XMM_Q(1)));
3218 rm = (modrm & 7) | REX_B(s);
3219 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].XMM_Q(1)),
3220 offsetof(CPUX86State,xmm_regs[rm].XMM_Q(0)));
3223 case 0x216: /* movshdup */
3225 gen_lea_modrm(env, s, modrm);
3226 gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3228 rm = (modrm & 7) | REX_B(s);
3229 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].XMM_L(1)),
3230 offsetof(CPUX86State,xmm_regs[rm].XMM_L(1)));
3231 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].XMM_L(3)),
3232 offsetof(CPUX86State,xmm_regs[rm].XMM_L(3)));
3234 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].XMM_L(0)),
3235 offsetof(CPUX86State,xmm_regs[reg].XMM_L(1)));
3236 gen_op_movl(offsetof(CPUX86State,xmm_regs[reg].XMM_L(2)),
3237 offsetof(CPUX86State,xmm_regs[reg].XMM_L(3)));
3242 int bit_index, field_length;
3244 if (b1 == 1 && reg != 0)
3246 field_length = cpu_ldub_code(env, s->pc++) & 0x3F;
3247 bit_index = cpu_ldub_code(env, s->pc++) & 0x3F;
3248 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3249 offsetof(CPUX86State,xmm_regs[reg]));
3251 gen_helper_extrq_i(cpu_env, cpu_ptr0,
3252 tcg_const_i32(bit_index),
3253 tcg_const_i32(field_length));
3255 gen_helper_insertq_i(cpu_env, cpu_ptr0,
3256 tcg_const_i32(bit_index),
3257 tcg_const_i32(field_length));
3260 case 0x7e: /* movd ea, mm */
3261 #ifdef TARGET_X86_64
3262 if (s->dflag == MO_64) {
3263 tcg_gen_ld_i64(cpu_T[0], cpu_env,
3264 offsetof(CPUX86State,fpregs[reg].mmx));
3265 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 1);
3269 tcg_gen_ld32u_tl(cpu_T[0], cpu_env,
3270 offsetof(CPUX86State,fpregs[reg].mmx.MMX_L(0)));
3271 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 1);
3274 case 0x17e: /* movd ea, xmm */
3275 #ifdef TARGET_X86_64
3276 if (s->dflag == MO_64) {
3277 tcg_gen_ld_i64(cpu_T[0], cpu_env,
3278 offsetof(CPUX86State,xmm_regs[reg].XMM_Q(0)));
3279 gen_ldst_modrm(env, s, modrm, MO_64, OR_TMP0, 1);
3283 tcg_gen_ld32u_tl(cpu_T[0], cpu_env,
3284 offsetof(CPUX86State,xmm_regs[reg].XMM_L(0)));
3285 gen_ldst_modrm(env, s, modrm, MO_32, OR_TMP0, 1);
3288 case 0x27e: /* movq xmm, ea */
3290 gen_lea_modrm(env, s, modrm);
3291 gen_ldq_env_A0(s, offsetof(CPUX86State,
3292 xmm_regs[reg].XMM_Q(0)));
3294 rm = (modrm & 7) | REX_B(s);
3295 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].XMM_Q(0)),
3296 offsetof(CPUX86State,xmm_regs[rm].XMM_Q(0)));
3298 gen_op_movq_env_0(offsetof(CPUX86State,xmm_regs[reg].XMM_Q(1)));
3300 case 0x7f: /* movq ea, mm */
3302 gen_lea_modrm(env, s, modrm);
3303 gen_stq_env_A0(s, offsetof(CPUX86State, fpregs[reg].mmx));
3306 gen_op_movq(offsetof(CPUX86State,fpregs[rm].mmx),
3307 offsetof(CPUX86State,fpregs[reg].mmx));
3310 case 0x011: /* movups */
3311 case 0x111: /* movupd */
3312 case 0x029: /* movaps */
3313 case 0x129: /* movapd */
3314 case 0x17f: /* movdqa ea, xmm */
3315 case 0x27f: /* movdqu ea, xmm */
3317 gen_lea_modrm(env, s, modrm);
3318 gen_sto_env_A0(s, offsetof(CPUX86State, xmm_regs[reg]));
3320 rm = (modrm & 7) | REX_B(s);
3321 gen_op_movo(offsetof(CPUX86State,xmm_regs[rm]),
3322 offsetof(CPUX86State,xmm_regs[reg]));
3325 case 0x211: /* movss ea, xmm */
3327 gen_lea_modrm(env, s, modrm);
3328 tcg_gen_ld32u_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_regs[reg].XMM_L(0)));
3329 gen_op_st_v(s, MO_32, cpu_T[0], cpu_A0);
3331 rm = (modrm & 7) | REX_B(s);
3332 gen_op_movl(offsetof(CPUX86State,xmm_regs[rm].XMM_L(0)),
3333 offsetof(CPUX86State,xmm_regs[reg].XMM_L(0)));
3336 case 0x311: /* movsd ea, xmm */
3338 gen_lea_modrm(env, s, modrm);
3339 gen_stq_env_A0(s, offsetof(CPUX86State,
3340 xmm_regs[reg].XMM_Q(0)));
3342 rm = (modrm & 7) | REX_B(s);
3343 gen_op_movq(offsetof(CPUX86State,xmm_regs[rm].XMM_Q(0)),
3344 offsetof(CPUX86State,xmm_regs[reg].XMM_Q(0)));
3347 case 0x013: /* movlps */
3348 case 0x113: /* movlpd */
3350 gen_lea_modrm(env, s, modrm);
3351 gen_stq_env_A0(s, offsetof(CPUX86State,
3352 xmm_regs[reg].XMM_Q(0)));
3357 case 0x017: /* movhps */
3358 case 0x117: /* movhpd */
3360 gen_lea_modrm(env, s, modrm);
3361 gen_stq_env_A0(s, offsetof(CPUX86State,
3362 xmm_regs[reg].XMM_Q(1)));
3367 case 0x71: /* shift mm, im */
3370 case 0x171: /* shift xmm, im */
3376 val = cpu_ldub_code(env, s->pc++);
3378 tcg_gen_movi_tl(cpu_T[0], val);
3379 tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_t0.XMM_L(0)));
3380 tcg_gen_movi_tl(cpu_T[0], 0);
3381 tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_t0.XMM_L(1)));
3382 op1_offset = offsetof(CPUX86State,xmm_t0);
3384 tcg_gen_movi_tl(cpu_T[0], val);
3385 tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,mmx_t0.MMX_L(0)));
3386 tcg_gen_movi_tl(cpu_T[0], 0);
3387 tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,mmx_t0.MMX_L(1)));
3388 op1_offset = offsetof(CPUX86State,mmx_t0);
3390 sse_fn_epp = sse_op_table2[((b - 1) & 3) * 8 +
3391 (((modrm >> 3)) & 7)][b1];
3396 rm = (modrm & 7) | REX_B(s);
3397 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
3400 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
3402 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op2_offset);
3403 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op1_offset);
3404 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
3406 case 0x050: /* movmskps */
3407 rm = (modrm & 7) | REX_B(s);
3408 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3409 offsetof(CPUX86State,xmm_regs[rm]));
3410 gen_helper_movmskps(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3411 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp2_i32);
3413 case 0x150: /* movmskpd */
3414 rm = (modrm & 7) | REX_B(s);
3415 tcg_gen_addi_ptr(cpu_ptr0, cpu_env,
3416 offsetof(CPUX86State,xmm_regs[rm]));
3417 gen_helper_movmskpd(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3418 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp2_i32);
3420 case 0x02a: /* cvtpi2ps */
3421 case 0x12a: /* cvtpi2pd */
3422 gen_helper_enter_mmx(cpu_env);
3424 gen_lea_modrm(env, s, modrm);
3425 op2_offset = offsetof(CPUX86State,mmx_t0);
3426 gen_ldq_env_A0(s, op2_offset);
3429 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
3431 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
3432 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
3433 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
3436 gen_helper_cvtpi2ps(cpu_env, cpu_ptr0, cpu_ptr1);
3440 gen_helper_cvtpi2pd(cpu_env, cpu_ptr0, cpu_ptr1);
3444 case 0x22a: /* cvtsi2ss */
3445 case 0x32a: /* cvtsi2sd */
3446 ot = mo_64_32(s->dflag);
3447 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3448 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
3449 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
3451 SSEFunc_0_epi sse_fn_epi = sse_op_table3ai[(b >> 8) & 1];
3452 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
3453 sse_fn_epi(cpu_env, cpu_ptr0, cpu_tmp2_i32);
3455 #ifdef TARGET_X86_64
3456 SSEFunc_0_epl sse_fn_epl = sse_op_table3aq[(b >> 8) & 1];
3457 sse_fn_epl(cpu_env, cpu_ptr0, cpu_T[0]);
3463 case 0x02c: /* cvttps2pi */
3464 case 0x12c: /* cvttpd2pi */
3465 case 0x02d: /* cvtps2pi */
3466 case 0x12d: /* cvtpd2pi */
3467 gen_helper_enter_mmx(cpu_env);
3469 gen_lea_modrm(env, s, modrm);
3470 op2_offset = offsetof(CPUX86State,xmm_t0);
3471 gen_ldo_env_A0(s, op2_offset);
3473 rm = (modrm & 7) | REX_B(s);
3474 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
3476 op1_offset = offsetof(CPUX86State,fpregs[reg & 7].mmx);
3477 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
3478 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
3481 gen_helper_cvttps2pi(cpu_env, cpu_ptr0, cpu_ptr1);
3484 gen_helper_cvttpd2pi(cpu_env, cpu_ptr0, cpu_ptr1);
3487 gen_helper_cvtps2pi(cpu_env, cpu_ptr0, cpu_ptr1);
3490 gen_helper_cvtpd2pi(cpu_env, cpu_ptr0, cpu_ptr1);
3494 case 0x22c: /* cvttss2si */
3495 case 0x32c: /* cvttsd2si */
3496 case 0x22d: /* cvtss2si */
3497 case 0x32d: /* cvtsd2si */
3498 ot = mo_64_32(s->dflag);
3500 gen_lea_modrm(env, s, modrm);
3502 gen_ldq_env_A0(s, offsetof(CPUX86State, xmm_t0.XMM_Q(0)));
3504 gen_op_ld_v(s, MO_32, cpu_T[0], cpu_A0);
3505 tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_t0.XMM_L(0)));
3507 op2_offset = offsetof(CPUX86State,xmm_t0);
3509 rm = (modrm & 7) | REX_B(s);
3510 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
3512 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op2_offset);
3514 SSEFunc_i_ep sse_fn_i_ep =
3515 sse_op_table3bi[((b >> 7) & 2) | (b & 1)];
3516 sse_fn_i_ep(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3517 tcg_gen_extu_i32_tl(cpu_T[0], cpu_tmp2_i32);
3519 #ifdef TARGET_X86_64
3520 SSEFunc_l_ep sse_fn_l_ep =
3521 sse_op_table3bq[((b >> 7) & 2) | (b & 1)];
3522 sse_fn_l_ep(cpu_T[0], cpu_env, cpu_ptr0);
3527 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
3529 case 0xc4: /* pinsrw */
3532 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
3533 val = cpu_ldub_code(env, s->pc++);
3536 tcg_gen_st16_tl(cpu_T[0], cpu_env,
3537 offsetof(CPUX86State,xmm_regs[reg].XMM_W(val)));
3540 tcg_gen_st16_tl(cpu_T[0], cpu_env,
3541 offsetof(CPUX86State,fpregs[reg].mmx.MMX_W(val)));
3544 case 0xc5: /* pextrw */
3548 ot = mo_64_32(s->dflag);
3549 val = cpu_ldub_code(env, s->pc++);
3552 rm = (modrm & 7) | REX_B(s);
3553 tcg_gen_ld16u_tl(cpu_T[0], cpu_env,
3554 offsetof(CPUX86State,xmm_regs[rm].XMM_W(val)));
3558 tcg_gen_ld16u_tl(cpu_T[0], cpu_env,
3559 offsetof(CPUX86State,fpregs[rm].mmx.MMX_W(val)));
3561 reg = ((modrm >> 3) & 7) | rex_r;
3562 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
3564 case 0x1d6: /* movq ea, xmm */
3566 gen_lea_modrm(env, s, modrm);
3567 gen_stq_env_A0(s, offsetof(CPUX86State,
3568 xmm_regs[reg].XMM_Q(0)));
3570 rm = (modrm & 7) | REX_B(s);
3571 gen_op_movq(offsetof(CPUX86State,xmm_regs[rm].XMM_Q(0)),
3572 offsetof(CPUX86State,xmm_regs[reg].XMM_Q(0)));
3573 gen_op_movq_env_0(offsetof(CPUX86State,xmm_regs[rm].XMM_Q(1)));
3576 case 0x2d6: /* movq2dq */
3577 gen_helper_enter_mmx(cpu_env);
3579 gen_op_movq(offsetof(CPUX86State,xmm_regs[reg].XMM_Q(0)),
3580 offsetof(CPUX86State,fpregs[rm].mmx));
3581 gen_op_movq_env_0(offsetof(CPUX86State,xmm_regs[reg].XMM_Q(1)));
3583 case 0x3d6: /* movdq2q */
3584 gen_helper_enter_mmx(cpu_env);
3585 rm = (modrm & 7) | REX_B(s);
3586 gen_op_movq(offsetof(CPUX86State,fpregs[reg & 7].mmx),
3587 offsetof(CPUX86State,xmm_regs[rm].XMM_Q(0)));
3589 case 0xd7: /* pmovmskb */
3594 rm = (modrm & 7) | REX_B(s);
3595 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, offsetof(CPUX86State,xmm_regs[rm]));
3596 gen_helper_pmovmskb_xmm(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3599 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, offsetof(CPUX86State,fpregs[rm].mmx));
3600 gen_helper_pmovmskb_mmx(cpu_tmp2_i32, cpu_env, cpu_ptr0);
3602 reg = ((modrm >> 3) & 7) | rex_r;
3603 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp2_i32);
3609 if ((b & 0xf0) == 0xf0) {
3612 modrm = cpu_ldub_code(env, s->pc++);
3614 reg = ((modrm >> 3) & 7) | rex_r;
3615 mod = (modrm >> 6) & 3;
3620 sse_fn_epp = sse_op_table6[b].op[b1];
3624 if (!(s->cpuid_ext_features & sse_op_table6[b].ext_mask))
3628 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
3630 op2_offset = offsetof(CPUX86State,xmm_regs[rm | REX_B(s)]);
3632 op2_offset = offsetof(CPUX86State,xmm_t0);
3633 gen_lea_modrm(env, s, modrm);
3635 case 0x20: case 0x30: /* pmovsxbw, pmovzxbw */
3636 case 0x23: case 0x33: /* pmovsxwd, pmovzxwd */
3637 case 0x25: case 0x35: /* pmovsxdq, pmovzxdq */
3638 gen_ldq_env_A0(s, op2_offset +
3639 offsetof(XMMReg, XMM_Q(0)));
3641 case 0x21: case 0x31: /* pmovsxbd, pmovzxbd */
3642 case 0x24: case 0x34: /* pmovsxwq, pmovzxwq */
3643 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
3644 s->mem_index, MO_LEUL);
3645 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env, op2_offset +
3646 offsetof(XMMReg, XMM_L(0)));
3648 case 0x22: case 0x32: /* pmovsxbq, pmovzxbq */
3649 tcg_gen_qemu_ld_tl(cpu_tmp0, cpu_A0,
3650 s->mem_index, MO_LEUW);
3651 tcg_gen_st16_tl(cpu_tmp0, cpu_env, op2_offset +
3652 offsetof(XMMReg, XMM_W(0)));
3654 case 0x2a: /* movntqda */
3655 gen_ldo_env_A0(s, op1_offset);
3658 gen_ldo_env_A0(s, op2_offset);
3662 op1_offset = offsetof(CPUX86State,fpregs[reg].mmx);
3664 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
3666 op2_offset = offsetof(CPUX86State,mmx_t0);
3667 gen_lea_modrm(env, s, modrm);
3668 gen_ldq_env_A0(s, op2_offset);
3671 if (sse_fn_epp == SSE_SPECIAL) {
3675 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
3676 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
3677 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
3680 set_cc_op(s, CC_OP_EFLAGS);
3687 /* Various integer extensions at 0f 38 f[0-f]. */
3688 b = modrm | (b1 << 8);
3689 modrm = cpu_ldub_code(env, s->pc++);
3690 reg = ((modrm >> 3) & 7) | rex_r;
3693 case 0x3f0: /* crc32 Gd,Eb */
3694 case 0x3f1: /* crc32 Gd,Ey */
3696 if (!(s->cpuid_ext_features & CPUID_EXT_SSE42)) {
3699 if ((b & 0xff) == 0xf0) {
3701 } else if (s->dflag != MO_64) {
3702 ot = (s->prefix & PREFIX_DATA ? MO_16 : MO_32);
3707 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[reg]);
3708 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3709 gen_helper_crc32(cpu_T[0], cpu_tmp2_i32,
3710 cpu_T[0], tcg_const_i32(8 << ot));
3712 ot = mo_64_32(s->dflag);
3713 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
3716 case 0x1f0: /* crc32 or movbe */
3718 /* For these insns, the f3 prefix is supposed to have priority
3719 over the 66 prefix, but that's not what we implement above
3721 if (s->prefix & PREFIX_REPNZ) {
3725 case 0x0f0: /* movbe Gy,My */
3726 case 0x0f1: /* movbe My,Gy */
3727 if (!(s->cpuid_ext_features & CPUID_EXT_MOVBE)) {
3730 if (s->dflag != MO_64) {
3731 ot = (s->prefix & PREFIX_DATA ? MO_16 : MO_32);
3736 gen_lea_modrm(env, s, modrm);
3738 tcg_gen_qemu_ld_tl(cpu_T[0], cpu_A0,
3739 s->mem_index, ot | MO_BE);
3740 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
3742 tcg_gen_qemu_st_tl(cpu_regs[reg], cpu_A0,
3743 s->mem_index, ot | MO_BE);
3747 case 0x0f2: /* andn Gy, By, Ey */
3748 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)
3749 || !(s->prefix & PREFIX_VEX)
3753 ot = mo_64_32(s->dflag);
3754 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3755 tcg_gen_andc_tl(cpu_T[0], cpu_regs[s->vex_v], cpu_T[0]);
3756 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
3757 gen_op_update1_cc();
3758 set_cc_op(s, CC_OP_LOGICB + ot);
3761 case 0x0f7: /* bextr Gy, Ey, By */
3762 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)
3763 || !(s->prefix & PREFIX_VEX)
3767 ot = mo_64_32(s->dflag);
3771 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3772 /* Extract START, and shift the operand.
3773 Shifts larger than operand size get zeros. */
3774 tcg_gen_ext8u_tl(cpu_A0, cpu_regs[s->vex_v]);
3775 tcg_gen_shr_tl(cpu_T[0], cpu_T[0], cpu_A0);
3777 bound = tcg_const_tl(ot == MO_64 ? 63 : 31);
3778 zero = tcg_const_tl(0);
3779 tcg_gen_movcond_tl(TCG_COND_LEU, cpu_T[0], cpu_A0, bound,
3781 tcg_temp_free(zero);
3783 /* Extract the LEN into a mask. Lengths larger than
3784 operand size get all ones. */
3785 tcg_gen_shri_tl(cpu_A0, cpu_regs[s->vex_v], 8);
3786 tcg_gen_ext8u_tl(cpu_A0, cpu_A0);
3787 tcg_gen_movcond_tl(TCG_COND_LEU, cpu_A0, cpu_A0, bound,
3789 tcg_temp_free(bound);
3790 tcg_gen_movi_tl(cpu_T[1], 1);
3791 tcg_gen_shl_tl(cpu_T[1], cpu_T[1], cpu_A0);
3792 tcg_gen_subi_tl(cpu_T[1], cpu_T[1], 1);
3793 tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
3795 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
3796 gen_op_update1_cc();
3797 set_cc_op(s, CC_OP_LOGICB + ot);
3801 case 0x0f5: /* bzhi Gy, Ey, By */
3802 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3803 || !(s->prefix & PREFIX_VEX)
3807 ot = mo_64_32(s->dflag);
3808 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3809 tcg_gen_ext8u_tl(cpu_T[1], cpu_regs[s->vex_v]);
3811 TCGv bound = tcg_const_tl(ot == MO_64 ? 63 : 31);
3812 /* Note that since we're using BMILG (in order to get O
3813 cleared) we need to store the inverse into C. */
3814 tcg_gen_setcond_tl(TCG_COND_LT, cpu_cc_src,
3816 tcg_gen_movcond_tl(TCG_COND_GT, cpu_T[1], cpu_T[1],
3817 bound, bound, cpu_T[1]);
3818 tcg_temp_free(bound);
3820 tcg_gen_movi_tl(cpu_A0, -1);
3821 tcg_gen_shl_tl(cpu_A0, cpu_A0, cpu_T[1]);
3822 tcg_gen_andc_tl(cpu_T[0], cpu_T[0], cpu_A0);
3823 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
3824 gen_op_update1_cc();
3825 set_cc_op(s, CC_OP_BMILGB + ot);
3828 case 0x3f6: /* mulx By, Gy, rdx, Ey */
3829 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3830 || !(s->prefix & PREFIX_VEX)
3834 ot = mo_64_32(s->dflag);
3835 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3838 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
3839 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_regs[R_EDX]);
3840 tcg_gen_mulu2_i32(cpu_tmp2_i32, cpu_tmp3_i32,
3841 cpu_tmp2_i32, cpu_tmp3_i32);
3842 tcg_gen_extu_i32_tl(cpu_regs[s->vex_v], cpu_tmp2_i32);
3843 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp3_i32);
3845 #ifdef TARGET_X86_64
3847 tcg_gen_mulu2_i64(cpu_regs[s->vex_v], cpu_regs[reg],
3848 cpu_T[0], cpu_regs[R_EDX]);
3854 case 0x3f5: /* pdep Gy, By, Ey */
3855 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3856 || !(s->prefix & PREFIX_VEX)
3860 ot = mo_64_32(s->dflag);
3861 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3862 /* Note that by zero-extending the mask operand, we
3863 automatically handle zero-extending the result. */
3865 tcg_gen_mov_tl(cpu_T[1], cpu_regs[s->vex_v]);
3867 tcg_gen_ext32u_tl(cpu_T[1], cpu_regs[s->vex_v]);
3869 gen_helper_pdep(cpu_regs[reg], cpu_T[0], cpu_T[1]);
3872 case 0x2f5: /* pext Gy, By, Ey */
3873 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3874 || !(s->prefix & PREFIX_VEX)
3878 ot = mo_64_32(s->dflag);
3879 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3880 /* Note that by zero-extending the mask operand, we
3881 automatically handle zero-extending the result. */
3883 tcg_gen_mov_tl(cpu_T[1], cpu_regs[s->vex_v]);
3885 tcg_gen_ext32u_tl(cpu_T[1], cpu_regs[s->vex_v]);
3887 gen_helper_pext(cpu_regs[reg], cpu_T[0], cpu_T[1]);
3890 case 0x1f6: /* adcx Gy, Ey */
3891 case 0x2f6: /* adox Gy, Ey */
3892 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_ADX)) {
3895 TCGv carry_in, carry_out, zero;
3898 ot = mo_64_32(s->dflag);
3899 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3901 /* Re-use the carry-out from a previous round. */
3902 TCGV_UNUSED(carry_in);
3903 carry_out = (b == 0x1f6 ? cpu_cc_dst : cpu_cc_src2);
3907 carry_in = cpu_cc_dst;
3908 end_op = CC_OP_ADCX;
3910 end_op = CC_OP_ADCOX;
3915 end_op = CC_OP_ADCOX;
3917 carry_in = cpu_cc_src2;
3918 end_op = CC_OP_ADOX;
3922 end_op = CC_OP_ADCOX;
3923 carry_in = carry_out;
3926 end_op = (b == 0x1f6 ? CC_OP_ADCX : CC_OP_ADOX);
3929 /* If we can't reuse carry-out, get it out of EFLAGS. */
3930 if (TCGV_IS_UNUSED(carry_in)) {
3931 if (s->cc_op != CC_OP_ADCX && s->cc_op != CC_OP_ADOX) {
3932 gen_compute_eflags(s);
3934 carry_in = cpu_tmp0;
3935 tcg_gen_shri_tl(carry_in, cpu_cc_src,
3936 ctz32(b == 0x1f6 ? CC_C : CC_O));
3937 tcg_gen_andi_tl(carry_in, carry_in, 1);
3941 #ifdef TARGET_X86_64
3943 /* If we know TL is 64-bit, and we want a 32-bit
3944 result, just do everything in 64-bit arithmetic. */
3945 tcg_gen_ext32u_i64(cpu_regs[reg], cpu_regs[reg]);
3946 tcg_gen_ext32u_i64(cpu_T[0], cpu_T[0]);
3947 tcg_gen_add_i64(cpu_T[0], cpu_T[0], cpu_regs[reg]);
3948 tcg_gen_add_i64(cpu_T[0], cpu_T[0], carry_in);
3949 tcg_gen_ext32u_i64(cpu_regs[reg], cpu_T[0]);
3950 tcg_gen_shri_i64(carry_out, cpu_T[0], 32);
3954 /* Otherwise compute the carry-out in two steps. */
3955 zero = tcg_const_tl(0);
3956 tcg_gen_add2_tl(cpu_T[0], carry_out,
3959 tcg_gen_add2_tl(cpu_regs[reg], carry_out,
3960 cpu_regs[reg], carry_out,
3962 tcg_temp_free(zero);
3965 set_cc_op(s, end_op);
3969 case 0x1f7: /* shlx Gy, Ey, By */
3970 case 0x2f7: /* sarx Gy, Ey, By */
3971 case 0x3f7: /* shrx Gy, Ey, By */
3972 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
3973 || !(s->prefix & PREFIX_VEX)
3977 ot = mo_64_32(s->dflag);
3978 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3980 tcg_gen_andi_tl(cpu_T[1], cpu_regs[s->vex_v], 63);
3982 tcg_gen_andi_tl(cpu_T[1], cpu_regs[s->vex_v], 31);
3985 tcg_gen_shl_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
3986 } else if (b == 0x2f7) {
3988 tcg_gen_ext32s_tl(cpu_T[0], cpu_T[0]);
3990 tcg_gen_sar_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
3993 tcg_gen_ext32u_tl(cpu_T[0], cpu_T[0]);
3995 tcg_gen_shr_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
3997 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
4003 case 0x3f3: /* Group 17 */
4004 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)
4005 || !(s->prefix & PREFIX_VEX)
4009 ot = mo_64_32(s->dflag);
4010 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
4013 case 1: /* blsr By,Ey */
4014 tcg_gen_neg_tl(cpu_T[1], cpu_T[0]);
4015 tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
4016 gen_op_mov_reg_v(ot, s->vex_v, cpu_T[0]);
4017 gen_op_update2_cc();
4018 set_cc_op(s, CC_OP_BMILGB + ot);
4021 case 2: /* blsmsk By,Ey */
4022 tcg_gen_mov_tl(cpu_cc_src, cpu_T[0]);
4023 tcg_gen_subi_tl(cpu_T[0], cpu_T[0], 1);
4024 tcg_gen_xor_tl(cpu_T[0], cpu_T[0], cpu_cc_src);
4025 tcg_gen_mov_tl(cpu_cc_dst, cpu_T[0]);
4026 set_cc_op(s, CC_OP_BMILGB + ot);
4029 case 3: /* blsi By, Ey */
4030 tcg_gen_mov_tl(cpu_cc_src, cpu_T[0]);
4031 tcg_gen_subi_tl(cpu_T[0], cpu_T[0], 1);
4032 tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_cc_src);
4033 tcg_gen_mov_tl(cpu_cc_dst, cpu_T[0]);
4034 set_cc_op(s, CC_OP_BMILGB + ot);
4050 modrm = cpu_ldub_code(env, s->pc++);
4052 reg = ((modrm >> 3) & 7) | rex_r;
4053 mod = (modrm >> 6) & 3;
4058 sse_fn_eppi = sse_op_table7[b].op[b1];
4062 if (!(s->cpuid_ext_features & sse_op_table7[b].ext_mask))
4065 if (sse_fn_eppi == SSE_SPECIAL) {
4066 ot = mo_64_32(s->dflag);
4067 rm = (modrm & 7) | REX_B(s);
4069 gen_lea_modrm(env, s, modrm);
4070 reg = ((modrm >> 3) & 7) | rex_r;
4071 val = cpu_ldub_code(env, s->pc++);
4073 case 0x14: /* pextrb */
4074 tcg_gen_ld8u_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,
4075 xmm_regs[reg].XMM_B(val & 15)));
4077 gen_op_mov_reg_v(ot, rm, cpu_T[0]);
4079 tcg_gen_qemu_st_tl(cpu_T[0], cpu_A0,
4080 s->mem_index, MO_UB);
4083 case 0x15: /* pextrw */
4084 tcg_gen_ld16u_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,
4085 xmm_regs[reg].XMM_W(val & 7)));
4087 gen_op_mov_reg_v(ot, rm, cpu_T[0]);
4089 tcg_gen_qemu_st_tl(cpu_T[0], cpu_A0,
4090 s->mem_index, MO_LEUW);
4094 if (ot == MO_32) { /* pextrd */
4095 tcg_gen_ld_i32(cpu_tmp2_i32, cpu_env,
4096 offsetof(CPUX86State,
4097 xmm_regs[reg].XMM_L(val & 3)));
4099 tcg_gen_extu_i32_tl(cpu_regs[rm], cpu_tmp2_i32);
4101 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
4102 s->mem_index, MO_LEUL);
4104 } else { /* pextrq */
4105 #ifdef TARGET_X86_64
4106 tcg_gen_ld_i64(cpu_tmp1_i64, cpu_env,
4107 offsetof(CPUX86State,
4108 xmm_regs[reg].XMM_Q(val & 1)));
4110 tcg_gen_mov_i64(cpu_regs[rm], cpu_tmp1_i64);
4112 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0,
4113 s->mem_index, MO_LEQ);
4120 case 0x17: /* extractps */
4121 tcg_gen_ld32u_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,
4122 xmm_regs[reg].XMM_L(val & 3)));
4124 gen_op_mov_reg_v(ot, rm, cpu_T[0]);
4126 tcg_gen_qemu_st_tl(cpu_T[0], cpu_A0,
4127 s->mem_index, MO_LEUL);
4130 case 0x20: /* pinsrb */
4132 gen_op_mov_v_reg(MO_32, cpu_T[0], rm);
4134 tcg_gen_qemu_ld_tl(cpu_T[0], cpu_A0,
4135 s->mem_index, MO_UB);
4137 tcg_gen_st8_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,
4138 xmm_regs[reg].XMM_B(val & 15)));
4140 case 0x21: /* insertps */
4142 tcg_gen_ld_i32(cpu_tmp2_i32, cpu_env,
4143 offsetof(CPUX86State,xmm_regs[rm]
4144 .XMM_L((val >> 6) & 3)));
4146 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
4147 s->mem_index, MO_LEUL);
4149 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env,
4150 offsetof(CPUX86State,xmm_regs[reg]
4151 .XMM_L((val >> 4) & 3)));
4153 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4154 cpu_env, offsetof(CPUX86State,
4155 xmm_regs[reg].XMM_L(0)));
4157 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4158 cpu_env, offsetof(CPUX86State,
4159 xmm_regs[reg].XMM_L(1)));
4161 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4162 cpu_env, offsetof(CPUX86State,
4163 xmm_regs[reg].XMM_L(2)));
4165 tcg_gen_st_i32(tcg_const_i32(0 /*float32_zero*/),
4166 cpu_env, offsetof(CPUX86State,
4167 xmm_regs[reg].XMM_L(3)));
4170 if (ot == MO_32) { /* pinsrd */
4172 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[rm]);
4174 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
4175 s->mem_index, MO_LEUL);
4177 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env,
4178 offsetof(CPUX86State,
4179 xmm_regs[reg].XMM_L(val & 3)));
4180 } else { /* pinsrq */
4181 #ifdef TARGET_X86_64
4183 gen_op_mov_v_reg(ot, cpu_tmp1_i64, rm);
4185 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0,
4186 s->mem_index, MO_LEQ);
4188 tcg_gen_st_i64(cpu_tmp1_i64, cpu_env,
4189 offsetof(CPUX86State,
4190 xmm_regs[reg].XMM_Q(val & 1)));
4201 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
4203 op2_offset = offsetof(CPUX86State,xmm_regs[rm | REX_B(s)]);
4205 op2_offset = offsetof(CPUX86State,xmm_t0);
4206 gen_lea_modrm(env, s, modrm);
4207 gen_ldo_env_A0(s, op2_offset);
4210 op1_offset = offsetof(CPUX86State,fpregs[reg].mmx);
4212 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
4214 op2_offset = offsetof(CPUX86State,mmx_t0);
4215 gen_lea_modrm(env, s, modrm);
4216 gen_ldq_env_A0(s, op2_offset);
4219 val = cpu_ldub_code(env, s->pc++);
4221 if ((b & 0xfc) == 0x60) { /* pcmpXstrX */
4222 set_cc_op(s, CC_OP_EFLAGS);
4224 if (s->dflag == MO_64) {
4225 /* The helper must use entire 64-bit gp registers */
4230 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4231 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4232 sse_fn_eppi(cpu_env, cpu_ptr0, cpu_ptr1, tcg_const_i32(val));
4236 /* Various integer extensions at 0f 3a f[0-f]. */
4237 b = modrm | (b1 << 8);
4238 modrm = cpu_ldub_code(env, s->pc++);
4239 reg = ((modrm >> 3) & 7) | rex_r;
4242 case 0x3f0: /* rorx Gy,Ey, Ib */
4243 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2)
4244 || !(s->prefix & PREFIX_VEX)
4248 ot = mo_64_32(s->dflag);
4249 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
4250 b = cpu_ldub_code(env, s->pc++);
4252 tcg_gen_rotri_tl(cpu_T[0], cpu_T[0], b & 63);
4254 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
4255 tcg_gen_rotri_i32(cpu_tmp2_i32, cpu_tmp2_i32, b & 31);
4256 tcg_gen_extu_i32_tl(cpu_T[0], cpu_tmp2_i32);
4258 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
4270 /* generic MMX or SSE operation */
4272 case 0x70: /* pshufx insn */
4273 case 0xc6: /* pshufx insn */
4274 case 0xc2: /* compare insns */
4281 op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
4285 gen_lea_modrm(env, s, modrm);
4286 op2_offset = offsetof(CPUX86State,xmm_t0);
4292 /* Most sse scalar operations. */
4295 } else if (b1 == 3) {
4300 case 0x2e: /* ucomis[sd] */
4301 case 0x2f: /* comis[sd] */
4313 gen_op_ld_v(s, MO_32, cpu_T[0], cpu_A0);
4314 tcg_gen_st32_tl(cpu_T[0], cpu_env,
4315 offsetof(CPUX86State,xmm_t0.XMM_L(0)));
4319 gen_ldq_env_A0(s, offsetof(CPUX86State, xmm_t0.XMM_D(0)));
4322 /* 128 bit access */
4323 gen_ldo_env_A0(s, op2_offset);
4327 rm = (modrm & 7) | REX_B(s);
4328 op2_offset = offsetof(CPUX86State,xmm_regs[rm]);
4331 op1_offset = offsetof(CPUX86State,fpregs[reg].mmx);
4333 gen_lea_modrm(env, s, modrm);
4334 op2_offset = offsetof(CPUX86State,mmx_t0);
4335 gen_ldq_env_A0(s, op2_offset);
4338 op2_offset = offsetof(CPUX86State,fpregs[rm].mmx);
4342 case 0x0f: /* 3DNow! data insns */
4343 if (!(s->cpuid_ext2_features & CPUID_EXT2_3DNOW))
4345 val = cpu_ldub_code(env, s->pc++);
4346 sse_fn_epp = sse_op_table5[val];
4350 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4351 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4352 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
4354 case 0x70: /* pshufx insn */
4355 case 0xc6: /* pshufx insn */
4356 val = cpu_ldub_code(env, s->pc++);
4357 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4358 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4359 /* XXX: introduce a new table? */
4360 sse_fn_ppi = (SSEFunc_0_ppi)sse_fn_epp;
4361 sse_fn_ppi(cpu_ptr0, cpu_ptr1, tcg_const_i32(val));
4365 val = cpu_ldub_code(env, s->pc++);
4368 sse_fn_epp = sse_op_table4[val][b1];
4370 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4371 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4372 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
4375 /* maskmov : we must prepare A0 */
4378 tcg_gen_mov_tl(cpu_A0, cpu_regs[R_EDI]);
4379 gen_extu(s->aflag, cpu_A0);
4380 gen_add_A0_ds_seg(s);
4382 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4383 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4384 /* XXX: introduce a new table? */
4385 sse_fn_eppt = (SSEFunc_0_eppt)sse_fn_epp;
4386 sse_fn_eppt(cpu_env, cpu_ptr0, cpu_ptr1, cpu_A0);
4389 tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
4390 tcg_gen_addi_ptr(cpu_ptr1, cpu_env, op2_offset);
4391 sse_fn_epp(cpu_env, cpu_ptr0, cpu_ptr1);
4394 if (b == 0x2e || b == 0x2f) {
4395 set_cc_op(s, CC_OP_EFLAGS);
4400 /* convert one instruction. s->is_jmp is set if the translation must
4401 be stopped. Return the next pc value */
4402 static target_ulong disas_insn(CPUX86State *env, DisasContext *s,
4403 target_ulong pc_start)
4407 TCGMemOp ot, aflag, dflag;
4408 int modrm, reg, rm, mod, op, opreg, val;
4409 target_ulong next_eip, tval;
4412 if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_OP | CPU_LOG_TB_OP_OPT))) {
4413 tcg_gen_debug_insn_start(pc_start);
4420 #ifdef TARGET_X86_64
4425 s->rip_offset = 0; /* for relative ip address */
4429 b = cpu_ldub_code(env, s->pc);
4431 /* Collect prefixes. */
4434 prefixes |= PREFIX_REPZ;
4437 prefixes |= PREFIX_REPNZ;
4440 prefixes |= PREFIX_LOCK;
4461 prefixes |= PREFIX_DATA;
4464 prefixes |= PREFIX_ADR;
4466 #ifdef TARGET_X86_64
4470 rex_w = (b >> 3) & 1;
4471 rex_r = (b & 0x4) << 1;
4472 s->rex_x = (b & 0x2) << 2;
4473 REX_B(s) = (b & 0x1) << 3;
4474 x86_64_hregs = 1; /* select uniform byte register addressing */
4479 case 0xc5: /* 2-byte VEX */
4480 case 0xc4: /* 3-byte VEX */
4481 /* VEX prefixes cannot be used except in 32-bit mode.
4482 Otherwise the instruction is LES or LDS. */
4483 if (s->code32 && !s->vm86) {
4484 static const int pp_prefix[4] = {
4485 0, PREFIX_DATA, PREFIX_REPZ, PREFIX_REPNZ
4487 int vex3, vex2 = cpu_ldub_code(env, s->pc);
4489 if (!CODE64(s) && (vex2 & 0xc0) != 0xc0) {
4490 /* 4.1.4.6: In 32-bit mode, bits [7:6] must be 11b,
4491 otherwise the instruction is LES or LDS. */
4496 /* 4.1.1-4.1.3: No preceding lock, 66, f2, f3, or rex prefixes. */
4497 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ
4498 | PREFIX_LOCK | PREFIX_DATA)) {
4501 #ifdef TARGET_X86_64
4506 rex_r = (~vex2 >> 4) & 8;
4509 b = cpu_ldub_code(env, s->pc++);
4511 #ifdef TARGET_X86_64
4512 s->rex_x = (~vex2 >> 3) & 8;
4513 s->rex_b = (~vex2 >> 2) & 8;
4515 vex3 = cpu_ldub_code(env, s->pc++);
4516 rex_w = (vex3 >> 7) & 1;
4517 switch (vex2 & 0x1f) {
4518 case 0x01: /* Implied 0f leading opcode bytes. */
4519 b = cpu_ldub_code(env, s->pc++) | 0x100;
4521 case 0x02: /* Implied 0f 38 leading opcode bytes. */
4524 case 0x03: /* Implied 0f 3a leading opcode bytes. */
4527 default: /* Reserved for future use. */
4531 s->vex_v = (~vex3 >> 3) & 0xf;
4532 s->vex_l = (vex3 >> 2) & 1;
4533 prefixes |= pp_prefix[vex3 & 3] | PREFIX_VEX;
4538 /* Post-process prefixes. */
4540 /* In 64-bit mode, the default data size is 32-bit. Select 64-bit
4541 data with rex_w, and 16-bit data with 0x66; rex_w takes precedence
4542 over 0x66 if both are present. */
4543 dflag = (rex_w > 0 ? MO_64 : prefixes & PREFIX_DATA ? MO_16 : MO_32);
4544 /* In 64-bit mode, 0x67 selects 32-bit addressing. */
4545 aflag = (prefixes & PREFIX_ADR ? MO_32 : MO_64);
4547 /* In 16/32-bit mode, 0x66 selects the opposite data size. */
4548 if (s->code32 ^ ((prefixes & PREFIX_DATA) != 0)) {
4553 /* In 16/32-bit mode, 0x67 selects the opposite addressing. */
4554 if (s->code32 ^ ((prefixes & PREFIX_ADR) != 0)) {
4561 s->prefix = prefixes;
4565 /* lock generation */
4566 if (prefixes & PREFIX_LOCK)
4569 /* now check op code */
4573 /**************************/
4574 /* extended op code */
4575 b = cpu_ldub_code(env, s->pc++) | 0x100;
4578 /**************************/
4593 ot = mo_b_d(b, dflag);
4596 case 0: /* OP Ev, Gv */
4597 modrm = cpu_ldub_code(env, s->pc++);
4598 reg = ((modrm >> 3) & 7) | rex_r;
4599 mod = (modrm >> 6) & 3;
4600 rm = (modrm & 7) | REX_B(s);
4602 gen_lea_modrm(env, s, modrm);
4604 } else if (op == OP_XORL && rm == reg) {
4606 /* xor reg, reg optimisation */
4607 set_cc_op(s, CC_OP_CLR);
4608 tcg_gen_movi_tl(cpu_T[0], 0);
4609 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
4614 gen_op_mov_v_reg(ot, cpu_T[1], reg);
4615 gen_op(s, op, ot, opreg);
4617 case 1: /* OP Gv, Ev */
4618 modrm = cpu_ldub_code(env, s->pc++);
4619 mod = (modrm >> 6) & 3;
4620 reg = ((modrm >> 3) & 7) | rex_r;
4621 rm = (modrm & 7) | REX_B(s);
4623 gen_lea_modrm(env, s, modrm);
4624 gen_op_ld_v(s, ot, cpu_T[1], cpu_A0);
4625 } else if (op == OP_XORL && rm == reg) {
4628 gen_op_mov_v_reg(ot, cpu_T[1], rm);
4630 gen_op(s, op, ot, reg);
4632 case 2: /* OP A, Iv */
4633 val = insn_get(env, s, ot);
4634 tcg_gen_movi_tl(cpu_T[1], val);
4635 gen_op(s, op, ot, OR_EAX);
4644 case 0x80: /* GRP1 */
4650 ot = mo_b_d(b, dflag);
4652 modrm = cpu_ldub_code(env, s->pc++);
4653 mod = (modrm >> 6) & 3;
4654 rm = (modrm & 7) | REX_B(s);
4655 op = (modrm >> 3) & 7;
4661 s->rip_offset = insn_const_size(ot);
4662 gen_lea_modrm(env, s, modrm);
4673 val = insn_get(env, s, ot);
4676 val = (int8_t)insn_get(env, s, MO_8);
4679 tcg_gen_movi_tl(cpu_T[1], val);
4680 gen_op(s, op, ot, opreg);
4684 /**************************/
4685 /* inc, dec, and other misc arith */
4686 case 0x40 ... 0x47: /* inc Gv */
4688 gen_inc(s, ot, OR_EAX + (b & 7), 1);
4690 case 0x48 ... 0x4f: /* dec Gv */
4692 gen_inc(s, ot, OR_EAX + (b & 7), -1);
4694 case 0xf6: /* GRP3 */
4696 ot = mo_b_d(b, dflag);
4698 modrm = cpu_ldub_code(env, s->pc++);
4699 mod = (modrm >> 6) & 3;
4700 rm = (modrm & 7) | REX_B(s);
4701 op = (modrm >> 3) & 7;
4704 s->rip_offset = insn_const_size(ot);
4705 gen_lea_modrm(env, s, modrm);
4706 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
4708 gen_op_mov_v_reg(ot, cpu_T[0], rm);
4713 val = insn_get(env, s, ot);
4714 tcg_gen_movi_tl(cpu_T[1], val);
4715 gen_op_testl_T0_T1_cc();
4716 set_cc_op(s, CC_OP_LOGICB + ot);
4719 tcg_gen_not_tl(cpu_T[0], cpu_T[0]);
4721 gen_op_st_v(s, ot, cpu_T[0], cpu_A0);
4723 gen_op_mov_reg_v(ot, rm, cpu_T[0]);
4727 tcg_gen_neg_tl(cpu_T[0], cpu_T[0]);
4729 gen_op_st_v(s, ot, cpu_T[0], cpu_A0);
4731 gen_op_mov_reg_v(ot, rm, cpu_T[0]);
4733 gen_op_update_neg_cc();
4734 set_cc_op(s, CC_OP_SUBB + ot);
4739 gen_op_mov_v_reg(MO_8, cpu_T[1], R_EAX);
4740 tcg_gen_ext8u_tl(cpu_T[0], cpu_T[0]);
4741 tcg_gen_ext8u_tl(cpu_T[1], cpu_T[1]);
4742 /* XXX: use 32 bit mul which could be faster */
4743 tcg_gen_mul_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
4744 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T[0]);
4745 tcg_gen_mov_tl(cpu_cc_dst, cpu_T[0]);
4746 tcg_gen_andi_tl(cpu_cc_src, cpu_T[0], 0xff00);
4747 set_cc_op(s, CC_OP_MULB);
4750 gen_op_mov_v_reg(MO_16, cpu_T[1], R_EAX);
4751 tcg_gen_ext16u_tl(cpu_T[0], cpu_T[0]);
4752 tcg_gen_ext16u_tl(cpu_T[1], cpu_T[1]);
4753 /* XXX: use 32 bit mul which could be faster */
4754 tcg_gen_mul_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
4755 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T[0]);
4756 tcg_gen_mov_tl(cpu_cc_dst, cpu_T[0]);
4757 tcg_gen_shri_tl(cpu_T[0], cpu_T[0], 16);
4758 gen_op_mov_reg_v(MO_16, R_EDX, cpu_T[0]);
4759 tcg_gen_mov_tl(cpu_cc_src, cpu_T[0]);
4760 set_cc_op(s, CC_OP_MULW);
4764 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
4765 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_regs[R_EAX]);
4766 tcg_gen_mulu2_i32(cpu_tmp2_i32, cpu_tmp3_i32,
4767 cpu_tmp2_i32, cpu_tmp3_i32);
4768 tcg_gen_extu_i32_tl(cpu_regs[R_EAX], cpu_tmp2_i32);
4769 tcg_gen_extu_i32_tl(cpu_regs[R_EDX], cpu_tmp3_i32);
4770 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4771 tcg_gen_mov_tl(cpu_cc_src, cpu_regs[R_EDX]);
4772 set_cc_op(s, CC_OP_MULL);
4774 #ifdef TARGET_X86_64
4776 tcg_gen_mulu2_i64(cpu_regs[R_EAX], cpu_regs[R_EDX],
4777 cpu_T[0], cpu_regs[R_EAX]);
4778 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4779 tcg_gen_mov_tl(cpu_cc_src, cpu_regs[R_EDX]);
4780 set_cc_op(s, CC_OP_MULQ);
4788 gen_op_mov_v_reg(MO_8, cpu_T[1], R_EAX);
4789 tcg_gen_ext8s_tl(cpu_T[0], cpu_T[0]);
4790 tcg_gen_ext8s_tl(cpu_T[1], cpu_T[1]);
4791 /* XXX: use 32 bit mul which could be faster */
4792 tcg_gen_mul_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
4793 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T[0]);
4794 tcg_gen_mov_tl(cpu_cc_dst, cpu_T[0]);
4795 tcg_gen_ext8s_tl(cpu_tmp0, cpu_T[0]);
4796 tcg_gen_sub_tl(cpu_cc_src, cpu_T[0], cpu_tmp0);
4797 set_cc_op(s, CC_OP_MULB);
4800 gen_op_mov_v_reg(MO_16, cpu_T[1], R_EAX);
4801 tcg_gen_ext16s_tl(cpu_T[0], cpu_T[0]);
4802 tcg_gen_ext16s_tl(cpu_T[1], cpu_T[1]);
4803 /* XXX: use 32 bit mul which could be faster */
4804 tcg_gen_mul_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
4805 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T[0]);
4806 tcg_gen_mov_tl(cpu_cc_dst, cpu_T[0]);
4807 tcg_gen_ext16s_tl(cpu_tmp0, cpu_T[0]);
4808 tcg_gen_sub_tl(cpu_cc_src, cpu_T[0], cpu_tmp0);
4809 tcg_gen_shri_tl(cpu_T[0], cpu_T[0], 16);
4810 gen_op_mov_reg_v(MO_16, R_EDX, cpu_T[0]);
4811 set_cc_op(s, CC_OP_MULW);
4815 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
4816 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_regs[R_EAX]);
4817 tcg_gen_muls2_i32(cpu_tmp2_i32, cpu_tmp3_i32,
4818 cpu_tmp2_i32, cpu_tmp3_i32);
4819 tcg_gen_extu_i32_tl(cpu_regs[R_EAX], cpu_tmp2_i32);
4820 tcg_gen_extu_i32_tl(cpu_regs[R_EDX], cpu_tmp3_i32);
4821 tcg_gen_sari_i32(cpu_tmp2_i32, cpu_tmp2_i32, 31);
4822 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4823 tcg_gen_sub_i32(cpu_tmp2_i32, cpu_tmp2_i32, cpu_tmp3_i32);
4824 tcg_gen_extu_i32_tl(cpu_cc_src, cpu_tmp2_i32);
4825 set_cc_op(s, CC_OP_MULL);
4827 #ifdef TARGET_X86_64
4829 tcg_gen_muls2_i64(cpu_regs[R_EAX], cpu_regs[R_EDX],
4830 cpu_T[0], cpu_regs[R_EAX]);
4831 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
4832 tcg_gen_sari_tl(cpu_cc_src, cpu_regs[R_EAX], 63);
4833 tcg_gen_sub_tl(cpu_cc_src, cpu_cc_src, cpu_regs[R_EDX]);
4834 set_cc_op(s, CC_OP_MULQ);
4842 gen_jmp_im(pc_start - s->cs_base);
4843 gen_helper_divb_AL(cpu_env, cpu_T[0]);
4846 gen_jmp_im(pc_start - s->cs_base);
4847 gen_helper_divw_AX(cpu_env, cpu_T[0]);
4851 gen_jmp_im(pc_start - s->cs_base);
4852 gen_helper_divl_EAX(cpu_env, cpu_T[0]);
4854 #ifdef TARGET_X86_64
4856 gen_jmp_im(pc_start - s->cs_base);
4857 gen_helper_divq_EAX(cpu_env, cpu_T[0]);
4865 gen_jmp_im(pc_start - s->cs_base);
4866 gen_helper_idivb_AL(cpu_env, cpu_T[0]);
4869 gen_jmp_im(pc_start - s->cs_base);
4870 gen_helper_idivw_AX(cpu_env, cpu_T[0]);
4874 gen_jmp_im(pc_start - s->cs_base);
4875 gen_helper_idivl_EAX(cpu_env, cpu_T[0]);
4877 #ifdef TARGET_X86_64
4879 gen_jmp_im(pc_start - s->cs_base);
4880 gen_helper_idivq_EAX(cpu_env, cpu_T[0]);
4890 case 0xfe: /* GRP4 */
4891 case 0xff: /* GRP5 */
4892 ot = mo_b_d(b, dflag);
4894 modrm = cpu_ldub_code(env, s->pc++);
4895 mod = (modrm >> 6) & 3;
4896 rm = (modrm & 7) | REX_B(s);
4897 op = (modrm >> 3) & 7;
4898 if (op >= 2 && b == 0xfe) {
4902 if (op == 2 || op == 4) {
4903 /* operand size for jumps is 64 bit */
4905 } else if (op == 3 || op == 5) {
4906 ot = dflag != MO_16 ? MO_32 + (rex_w == 1) : MO_16;
4907 } else if (op == 6) {
4908 /* default push size is 64 bit */
4909 ot = mo_pushpop(s, dflag);
4913 gen_lea_modrm(env, s, modrm);
4914 if (op >= 2 && op != 3 && op != 5)
4915 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
4917 gen_op_mov_v_reg(ot, cpu_T[0], rm);
4921 case 0: /* inc Ev */
4926 gen_inc(s, ot, opreg, 1);
4928 case 1: /* dec Ev */
4933 gen_inc(s, ot, opreg, -1);
4935 case 2: /* call Ev */
4936 /* XXX: optimize if memory (no 'and' is necessary) */
4937 if (dflag == MO_16) {
4938 tcg_gen_ext16u_tl(cpu_T[0], cpu_T[0]);
4940 next_eip = s->pc - s->cs_base;
4941 tcg_gen_movi_tl(cpu_T[1], next_eip);
4942 gen_push_v(s, cpu_T[1]);
4943 gen_op_jmp_v(cpu_T[0]);
4946 case 3: /* lcall Ev */
4947 gen_op_ld_v(s, ot, cpu_T[1], cpu_A0);
4948 gen_add_A0_im(s, 1 << ot);
4949 gen_op_ld_v(s, MO_16, cpu_T[0], cpu_A0);
4951 if (s->pe && !s->vm86) {
4952 gen_update_cc_op(s);
4953 gen_jmp_im(pc_start - s->cs_base);
4954 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
4955 gen_helper_lcall_protected(cpu_env, cpu_tmp2_i32, cpu_T[1],
4956 tcg_const_i32(dflag - 1),
4957 tcg_const_i32(s->pc - pc_start));
4959 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
4960 gen_helper_lcall_real(cpu_env, cpu_tmp2_i32, cpu_T[1],
4961 tcg_const_i32(dflag - 1),
4962 tcg_const_i32(s->pc - s->cs_base));
4966 case 4: /* jmp Ev */
4967 if (dflag == MO_16) {
4968 tcg_gen_ext16u_tl(cpu_T[0], cpu_T[0]);
4970 gen_op_jmp_v(cpu_T[0]);
4973 case 5: /* ljmp Ev */
4974 gen_op_ld_v(s, ot, cpu_T[1], cpu_A0);
4975 gen_add_A0_im(s, 1 << ot);
4976 gen_op_ld_v(s, MO_16, cpu_T[0], cpu_A0);
4978 if (s->pe && !s->vm86) {
4979 gen_update_cc_op(s);
4980 gen_jmp_im(pc_start - s->cs_base);
4981 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
4982 gen_helper_ljmp_protected(cpu_env, cpu_tmp2_i32, cpu_T[1],
4983 tcg_const_i32(s->pc - pc_start));
4985 gen_op_movl_seg_T0_vm(R_CS);
4986 gen_op_jmp_v(cpu_T[1]);
4990 case 6: /* push Ev */
4991 gen_push_v(s, cpu_T[0]);
4998 case 0x84: /* test Ev, Gv */
5000 ot = mo_b_d(b, dflag);
5002 modrm = cpu_ldub_code(env, s->pc++);
5003 reg = ((modrm >> 3) & 7) | rex_r;
5005 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
5006 gen_op_mov_v_reg(ot, cpu_T[1], reg);
5007 gen_op_testl_T0_T1_cc();
5008 set_cc_op(s, CC_OP_LOGICB + ot);
5011 case 0xa8: /* test eAX, Iv */
5013 ot = mo_b_d(b, dflag);
5014 val = insn_get(env, s, ot);
5016 gen_op_mov_v_reg(ot, cpu_T[0], OR_EAX);
5017 tcg_gen_movi_tl(cpu_T[1], val);
5018 gen_op_testl_T0_T1_cc();
5019 set_cc_op(s, CC_OP_LOGICB + ot);
5022 case 0x98: /* CWDE/CBW */
5024 #ifdef TARGET_X86_64
5026 gen_op_mov_v_reg(MO_32, cpu_T[0], R_EAX);
5027 tcg_gen_ext32s_tl(cpu_T[0], cpu_T[0]);
5028 gen_op_mov_reg_v(MO_64, R_EAX, cpu_T[0]);
5032 gen_op_mov_v_reg(MO_16, cpu_T[0], R_EAX);
5033 tcg_gen_ext16s_tl(cpu_T[0], cpu_T[0]);
5034 gen_op_mov_reg_v(MO_32, R_EAX, cpu_T[0]);
5037 gen_op_mov_v_reg(MO_8, cpu_T[0], R_EAX);
5038 tcg_gen_ext8s_tl(cpu_T[0], cpu_T[0]);
5039 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T[0]);
5045 case 0x99: /* CDQ/CWD */
5047 #ifdef TARGET_X86_64
5049 gen_op_mov_v_reg(MO_64, cpu_T[0], R_EAX);
5050 tcg_gen_sari_tl(cpu_T[0], cpu_T[0], 63);
5051 gen_op_mov_reg_v(MO_64, R_EDX, cpu_T[0]);
5055 gen_op_mov_v_reg(MO_32, cpu_T[0], R_EAX);
5056 tcg_gen_ext32s_tl(cpu_T[0], cpu_T[0]);
5057 tcg_gen_sari_tl(cpu_T[0], cpu_T[0], 31);
5058 gen_op_mov_reg_v(MO_32, R_EDX, cpu_T[0]);
5061 gen_op_mov_v_reg(MO_16, cpu_T[0], R_EAX);
5062 tcg_gen_ext16s_tl(cpu_T[0], cpu_T[0]);
5063 tcg_gen_sari_tl(cpu_T[0], cpu_T[0], 15);
5064 gen_op_mov_reg_v(MO_16, R_EDX, cpu_T[0]);
5070 case 0x1af: /* imul Gv, Ev */
5071 case 0x69: /* imul Gv, Ev, I */
5074 modrm = cpu_ldub_code(env, s->pc++);
5075 reg = ((modrm >> 3) & 7) | rex_r;
5077 s->rip_offset = insn_const_size(ot);
5080 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
5082 val = insn_get(env, s, ot);
5083 tcg_gen_movi_tl(cpu_T[1], val);
5084 } else if (b == 0x6b) {
5085 val = (int8_t)insn_get(env, s, MO_8);
5086 tcg_gen_movi_tl(cpu_T[1], val);
5088 gen_op_mov_v_reg(ot, cpu_T[1], reg);
5091 #ifdef TARGET_X86_64
5093 tcg_gen_muls2_i64(cpu_regs[reg], cpu_T[1], cpu_T[0], cpu_T[1]);
5094 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[reg]);
5095 tcg_gen_sari_tl(cpu_cc_src, cpu_cc_dst, 63);
5096 tcg_gen_sub_tl(cpu_cc_src, cpu_cc_src, cpu_T[1]);
5100 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
5101 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T[1]);
5102 tcg_gen_muls2_i32(cpu_tmp2_i32, cpu_tmp3_i32,
5103 cpu_tmp2_i32, cpu_tmp3_i32);
5104 tcg_gen_extu_i32_tl(cpu_regs[reg], cpu_tmp2_i32);
5105 tcg_gen_sari_i32(cpu_tmp2_i32, cpu_tmp2_i32, 31);
5106 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[reg]);
5107 tcg_gen_sub_i32(cpu_tmp2_i32, cpu_tmp2_i32, cpu_tmp3_i32);
5108 tcg_gen_extu_i32_tl(cpu_cc_src, cpu_tmp2_i32);
5111 tcg_gen_ext16s_tl(cpu_T[0], cpu_T[0]);
5112 tcg_gen_ext16s_tl(cpu_T[1], cpu_T[1]);
5113 /* XXX: use 32 bit mul which could be faster */
5114 tcg_gen_mul_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
5115 tcg_gen_mov_tl(cpu_cc_dst, cpu_T[0]);
5116 tcg_gen_ext16s_tl(cpu_tmp0, cpu_T[0]);
5117 tcg_gen_sub_tl(cpu_cc_src, cpu_T[0], cpu_tmp0);
5118 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
5121 set_cc_op(s, CC_OP_MULB + ot);
5124 case 0x1c1: /* xadd Ev, Gv */
5125 ot = mo_b_d(b, dflag);
5126 modrm = cpu_ldub_code(env, s->pc++);
5127 reg = ((modrm >> 3) & 7) | rex_r;
5128 mod = (modrm >> 6) & 3;
5130 rm = (modrm & 7) | REX_B(s);
5131 gen_op_mov_v_reg(ot, cpu_T[0], reg);
5132 gen_op_mov_v_reg(ot, cpu_T[1], rm);
5133 tcg_gen_add_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
5134 gen_op_mov_reg_v(ot, reg, cpu_T[1]);
5135 gen_op_mov_reg_v(ot, rm, cpu_T[0]);
5137 gen_lea_modrm(env, s, modrm);
5138 gen_op_mov_v_reg(ot, cpu_T[0], reg);
5139 gen_op_ld_v(s, ot, cpu_T[1], cpu_A0);
5140 tcg_gen_add_tl(cpu_T[0], cpu_T[0], cpu_T[1]);
5141 gen_op_st_v(s, ot, cpu_T[0], cpu_A0);
5142 gen_op_mov_reg_v(ot, reg, cpu_T[1]);
5144 gen_op_update2_cc();
5145 set_cc_op(s, CC_OP_ADDB + ot);
5148 case 0x1b1: /* cmpxchg Ev, Gv */
5151 TCGv t0, t1, t2, a0;
5153 ot = mo_b_d(b, dflag);
5154 modrm = cpu_ldub_code(env, s->pc++);
5155 reg = ((modrm >> 3) & 7) | rex_r;
5156 mod = (modrm >> 6) & 3;
5157 t0 = tcg_temp_local_new();
5158 t1 = tcg_temp_local_new();
5159 t2 = tcg_temp_local_new();
5160 a0 = tcg_temp_local_new();
5161 gen_op_mov_v_reg(ot, t1, reg);
5163 rm = (modrm & 7) | REX_B(s);
5164 gen_op_mov_v_reg(ot, t0, rm);
5166 gen_lea_modrm(env, s, modrm);
5167 tcg_gen_mov_tl(a0, cpu_A0);
5168 gen_op_ld_v(s, ot, t0, a0);
5169 rm = 0; /* avoid warning */
5171 label1 = gen_new_label();
5172 tcg_gen_mov_tl(t2, cpu_regs[R_EAX]);
5175 tcg_gen_brcond_tl(TCG_COND_EQ, t2, t0, label1);
5176 label2 = gen_new_label();
5178 gen_op_mov_reg_v(ot, R_EAX, t0);
5180 gen_set_label(label1);
5181 gen_op_mov_reg_v(ot, rm, t1);
5183 /* perform no-op store cycle like physical cpu; must be
5184 before changing accumulator to ensure idempotency if
5185 the store faults and the instruction is restarted */
5186 gen_op_st_v(s, ot, t0, a0);
5187 gen_op_mov_reg_v(ot, R_EAX, t0);
5189 gen_set_label(label1);
5190 gen_op_st_v(s, ot, t1, a0);
5192 gen_set_label(label2);
5193 tcg_gen_mov_tl(cpu_cc_src, t0);
5194 tcg_gen_mov_tl(cpu_cc_srcT, t2);
5195 tcg_gen_sub_tl(cpu_cc_dst, t2, t0);
5196 set_cc_op(s, CC_OP_SUBB + ot);
5203 case 0x1c7: /* cmpxchg8b */
5204 modrm = cpu_ldub_code(env, s->pc++);
5205 mod = (modrm >> 6) & 3;
5206 if ((mod == 3) || ((modrm & 0x38) != 0x8))
5208 #ifdef TARGET_X86_64
5209 if (dflag == MO_64) {
5210 if (!(s->cpuid_ext_features & CPUID_EXT_CX16))
5212 gen_jmp_im(pc_start - s->cs_base);
5213 gen_update_cc_op(s);
5214 gen_lea_modrm(env, s, modrm);
5215 gen_helper_cmpxchg16b(cpu_env, cpu_A0);
5219 if (!(s->cpuid_features & CPUID_CX8))
5221 gen_jmp_im(pc_start - s->cs_base);
5222 gen_update_cc_op(s);
5223 gen_lea_modrm(env, s, modrm);
5224 gen_helper_cmpxchg8b(cpu_env, cpu_A0);
5226 set_cc_op(s, CC_OP_EFLAGS);
5229 /**************************/
5231 case 0x50 ... 0x57: /* push */
5232 gen_op_mov_v_reg(MO_32, cpu_T[0], (b & 7) | REX_B(s));
5233 gen_push_v(s, cpu_T[0]);
5235 case 0x58 ... 0x5f: /* pop */
5237 /* NOTE: order is important for pop %sp */
5238 gen_pop_update(s, ot);
5239 gen_op_mov_reg_v(ot, (b & 7) | REX_B(s), cpu_T[0]);
5241 case 0x60: /* pusha */
5246 case 0x61: /* popa */
5251 case 0x68: /* push Iv */
5253 ot = mo_pushpop(s, dflag);
5255 val = insn_get(env, s, ot);
5257 val = (int8_t)insn_get(env, s, MO_8);
5258 tcg_gen_movi_tl(cpu_T[0], val);
5259 gen_push_v(s, cpu_T[0]);
5261 case 0x8f: /* pop Ev */
5262 modrm = cpu_ldub_code(env, s->pc++);
5263 mod = (modrm >> 6) & 3;
5266 /* NOTE: order is important for pop %sp */
5267 gen_pop_update(s, ot);
5268 rm = (modrm & 7) | REX_B(s);
5269 gen_op_mov_reg_v(ot, rm, cpu_T[0]);
5271 /* NOTE: order is important too for MMU exceptions */
5272 s->popl_esp_hack = 1 << ot;
5273 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
5274 s->popl_esp_hack = 0;
5275 gen_pop_update(s, ot);
5278 case 0xc8: /* enter */
5281 val = cpu_lduw_code(env, s->pc);
5283 level = cpu_ldub_code(env, s->pc++);
5284 gen_enter(s, val, level);
5287 case 0xc9: /* leave */
5288 /* XXX: exception not precise (ESP is updated before potential exception) */
5290 gen_op_mov_v_reg(MO_64, cpu_T[0], R_EBP);
5291 gen_op_mov_reg_v(MO_64, R_ESP, cpu_T[0]);
5292 } else if (s->ss32) {
5293 gen_op_mov_v_reg(MO_32, cpu_T[0], R_EBP);
5294 gen_op_mov_reg_v(MO_32, R_ESP, cpu_T[0]);
5296 gen_op_mov_v_reg(MO_16, cpu_T[0], R_EBP);
5297 gen_op_mov_reg_v(MO_16, R_ESP, cpu_T[0]);
5300 gen_op_mov_reg_v(ot, R_EBP, cpu_T[0]);
5301 gen_pop_update(s, ot);
5303 case 0x06: /* push es */
5304 case 0x0e: /* push cs */
5305 case 0x16: /* push ss */
5306 case 0x1e: /* push ds */
5309 gen_op_movl_T0_seg(b >> 3);
5310 gen_push_v(s, cpu_T[0]);
5312 case 0x1a0: /* push fs */
5313 case 0x1a8: /* push gs */
5314 gen_op_movl_T0_seg((b >> 3) & 7);
5315 gen_push_v(s, cpu_T[0]);
5317 case 0x07: /* pop es */
5318 case 0x17: /* pop ss */
5319 case 0x1f: /* pop ds */
5324 gen_movl_seg_T0(s, reg, pc_start - s->cs_base);
5325 gen_pop_update(s, ot);
5327 /* if reg == SS, inhibit interrupts/trace. */
5328 /* If several instructions disable interrupts, only the
5330 if (!(s->tb->flags & HF_INHIBIT_IRQ_MASK))
5331 gen_helper_set_inhibit_irq(cpu_env);
5335 gen_jmp_im(s->pc - s->cs_base);
5339 case 0x1a1: /* pop fs */
5340 case 0x1a9: /* pop gs */
5342 gen_movl_seg_T0(s, (b >> 3) & 7, pc_start - s->cs_base);
5343 gen_pop_update(s, ot);
5345 gen_jmp_im(s->pc - s->cs_base);
5350 /**************************/
5353 case 0x89: /* mov Gv, Ev */
5354 ot = mo_b_d(b, dflag);
5355 modrm = cpu_ldub_code(env, s->pc++);
5356 reg = ((modrm >> 3) & 7) | rex_r;
5358 /* generate a generic store */
5359 gen_ldst_modrm(env, s, modrm, ot, reg, 1);
5362 case 0xc7: /* mov Ev, Iv */
5363 ot = mo_b_d(b, dflag);
5364 modrm = cpu_ldub_code(env, s->pc++);
5365 mod = (modrm >> 6) & 3;
5367 s->rip_offset = insn_const_size(ot);
5368 gen_lea_modrm(env, s, modrm);
5370 val = insn_get(env, s, ot);
5371 tcg_gen_movi_tl(cpu_T[0], val);
5373 gen_op_st_v(s, ot, cpu_T[0], cpu_A0);
5375 gen_op_mov_reg_v(ot, (modrm & 7) | REX_B(s), cpu_T[0]);
5379 case 0x8b: /* mov Ev, Gv */
5380 ot = mo_b_d(b, dflag);
5381 modrm = cpu_ldub_code(env, s->pc++);
5382 reg = ((modrm >> 3) & 7) | rex_r;
5384 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
5385 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
5387 case 0x8e: /* mov seg, Gv */
5388 modrm = cpu_ldub_code(env, s->pc++);
5389 reg = (modrm >> 3) & 7;
5390 if (reg >= 6 || reg == R_CS)
5392 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
5393 gen_movl_seg_T0(s, reg, pc_start - s->cs_base);
5395 /* if reg == SS, inhibit interrupts/trace */
5396 /* If several instructions disable interrupts, only the
5398 if (!(s->tb->flags & HF_INHIBIT_IRQ_MASK))
5399 gen_helper_set_inhibit_irq(cpu_env);
5403 gen_jmp_im(s->pc - s->cs_base);
5407 case 0x8c: /* mov Gv, seg */
5408 modrm = cpu_ldub_code(env, s->pc++);
5409 reg = (modrm >> 3) & 7;
5410 mod = (modrm >> 6) & 3;
5413 gen_op_movl_T0_seg(reg);
5414 ot = mod == 3 ? dflag : MO_16;
5415 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
5418 case 0x1b6: /* movzbS Gv, Eb */
5419 case 0x1b7: /* movzwS Gv, Eb */
5420 case 0x1be: /* movsbS Gv, Eb */
5421 case 0x1bf: /* movswS Gv, Eb */
5426 /* d_ot is the size of destination */
5428 /* ot is the size of source */
5429 ot = (b & 1) + MO_8;
5430 /* s_ot is the sign+size of source */
5431 s_ot = b & 8 ? MO_SIGN | ot : ot;
5433 modrm = cpu_ldub_code(env, s->pc++);
5434 reg = ((modrm >> 3) & 7) | rex_r;
5435 mod = (modrm >> 6) & 3;
5436 rm = (modrm & 7) | REX_B(s);
5439 gen_op_mov_v_reg(ot, cpu_T[0], rm);
5442 tcg_gen_ext8u_tl(cpu_T[0], cpu_T[0]);
5445 tcg_gen_ext8s_tl(cpu_T[0], cpu_T[0]);
5448 tcg_gen_ext16u_tl(cpu_T[0], cpu_T[0]);
5452 tcg_gen_ext16s_tl(cpu_T[0], cpu_T[0]);
5455 gen_op_mov_reg_v(d_ot, reg, cpu_T[0]);
5457 gen_lea_modrm(env, s, modrm);
5458 gen_op_ld_v(s, s_ot, cpu_T[0], cpu_A0);
5459 gen_op_mov_reg_v(d_ot, reg, cpu_T[0]);
5464 case 0x8d: /* lea */
5466 modrm = cpu_ldub_code(env, s->pc++);
5467 mod = (modrm >> 6) & 3;
5470 reg = ((modrm >> 3) & 7) | rex_r;
5471 /* we must ensure that no segment is added */
5475 gen_lea_modrm(env, s, modrm);
5477 gen_op_mov_reg_v(ot, reg, cpu_A0);
5480 case 0xa0: /* mov EAX, Ov */
5482 case 0xa2: /* mov Ov, EAX */
5485 target_ulong offset_addr;
5487 ot = mo_b_d(b, dflag);
5489 #ifdef TARGET_X86_64
5491 offset_addr = cpu_ldq_code(env, s->pc);
5496 offset_addr = insn_get(env, s, s->aflag);
5499 tcg_gen_movi_tl(cpu_A0, offset_addr);
5500 gen_add_A0_ds_seg(s);
5502 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
5503 gen_op_mov_reg_v(ot, R_EAX, cpu_T[0]);
5505 gen_op_mov_v_reg(ot, cpu_T[0], R_EAX);
5506 gen_op_st_v(s, ot, cpu_T[0], cpu_A0);
5510 case 0xd7: /* xlat */
5511 tcg_gen_mov_tl(cpu_A0, cpu_regs[R_EBX]);
5512 tcg_gen_ext8u_tl(cpu_T[0], cpu_regs[R_EAX]);
5513 tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_T[0]);
5514 gen_extu(s->aflag, cpu_A0);
5515 gen_add_A0_ds_seg(s);
5516 gen_op_ld_v(s, MO_8, cpu_T[0], cpu_A0);
5517 gen_op_mov_reg_v(MO_8, R_EAX, cpu_T[0]);
5519 case 0xb0 ... 0xb7: /* mov R, Ib */
5520 val = insn_get(env, s, MO_8);
5521 tcg_gen_movi_tl(cpu_T[0], val);
5522 gen_op_mov_reg_v(MO_8, (b & 7) | REX_B(s), cpu_T[0]);
5524 case 0xb8 ... 0xbf: /* mov R, Iv */
5525 #ifdef TARGET_X86_64
5526 if (dflag == MO_64) {
5529 tmp = cpu_ldq_code(env, s->pc);
5531 reg = (b & 7) | REX_B(s);
5532 tcg_gen_movi_tl(cpu_T[0], tmp);
5533 gen_op_mov_reg_v(MO_64, reg, cpu_T[0]);
5538 val = insn_get(env, s, ot);
5539 reg = (b & 7) | REX_B(s);
5540 tcg_gen_movi_tl(cpu_T[0], val);
5541 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
5545 case 0x91 ... 0x97: /* xchg R, EAX */
5548 reg = (b & 7) | REX_B(s);
5552 case 0x87: /* xchg Ev, Gv */
5553 ot = mo_b_d(b, dflag);
5554 modrm = cpu_ldub_code(env, s->pc++);
5555 reg = ((modrm >> 3) & 7) | rex_r;
5556 mod = (modrm >> 6) & 3;
5558 rm = (modrm & 7) | REX_B(s);
5560 gen_op_mov_v_reg(ot, cpu_T[0], reg);
5561 gen_op_mov_v_reg(ot, cpu_T[1], rm);
5562 gen_op_mov_reg_v(ot, rm, cpu_T[0]);
5563 gen_op_mov_reg_v(ot, reg, cpu_T[1]);
5565 gen_lea_modrm(env, s, modrm);
5566 gen_op_mov_v_reg(ot, cpu_T[0], reg);
5567 /* for xchg, lock is implicit */
5568 if (!(prefixes & PREFIX_LOCK))
5570 gen_op_ld_v(s, ot, cpu_T[1], cpu_A0);
5571 gen_op_st_v(s, ot, cpu_T[0], cpu_A0);
5572 if (!(prefixes & PREFIX_LOCK))
5573 gen_helper_unlock();
5574 gen_op_mov_reg_v(ot, reg, cpu_T[1]);
5577 case 0xc4: /* les Gv */
5578 /* In CODE64 this is VEX3; see above. */
5581 case 0xc5: /* lds Gv */
5582 /* In CODE64 this is VEX2; see above. */
5585 case 0x1b2: /* lss Gv */
5588 case 0x1b4: /* lfs Gv */
5591 case 0x1b5: /* lgs Gv */
5594 ot = dflag != MO_16 ? MO_32 : MO_16;
5595 modrm = cpu_ldub_code(env, s->pc++);
5596 reg = ((modrm >> 3) & 7) | rex_r;
5597 mod = (modrm >> 6) & 3;
5600 gen_lea_modrm(env, s, modrm);
5601 gen_op_ld_v(s, ot, cpu_T[1], cpu_A0);
5602 gen_add_A0_im(s, 1 << ot);
5603 /* load the segment first to handle exceptions properly */
5604 gen_op_ld_v(s, MO_16, cpu_T[0], cpu_A0);
5605 gen_movl_seg_T0(s, op, pc_start - s->cs_base);
5606 /* then put the data */
5607 gen_op_mov_reg_v(ot, reg, cpu_T[1]);
5609 gen_jmp_im(s->pc - s->cs_base);
5614 /************************/
5622 ot = mo_b_d(b, dflag);
5623 modrm = cpu_ldub_code(env, s->pc++);
5624 mod = (modrm >> 6) & 3;
5625 op = (modrm >> 3) & 7;
5631 gen_lea_modrm(env, s, modrm);
5634 opreg = (modrm & 7) | REX_B(s);
5639 gen_shift(s, op, ot, opreg, OR_ECX);
5642 shift = cpu_ldub_code(env, s->pc++);
5644 gen_shifti(s, op, ot, opreg, shift);
5659 case 0x1a4: /* shld imm */
5663 case 0x1a5: /* shld cl */
5667 case 0x1ac: /* shrd imm */
5671 case 0x1ad: /* shrd cl */
5676 modrm = cpu_ldub_code(env, s->pc++);
5677 mod = (modrm >> 6) & 3;
5678 rm = (modrm & 7) | REX_B(s);
5679 reg = ((modrm >> 3) & 7) | rex_r;
5681 gen_lea_modrm(env, s, modrm);
5686 gen_op_mov_v_reg(ot, cpu_T[1], reg);
5689 TCGv imm = tcg_const_tl(cpu_ldub_code(env, s->pc++));
5690 gen_shiftd_rm_T1(s, ot, opreg, op, imm);
5693 gen_shiftd_rm_T1(s, ot, opreg, op, cpu_regs[R_ECX]);
5697 /************************/
5700 if (s->flags & (HF_EM_MASK | HF_TS_MASK)) {
5701 /* if CR0.EM or CR0.TS are set, generate an FPU exception */
5702 /* XXX: what to do if illegal op ? */
5703 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
5706 modrm = cpu_ldub_code(env, s->pc++);
5707 mod = (modrm >> 6) & 3;
5709 op = ((b & 7) << 3) | ((modrm >> 3) & 7);
5712 gen_lea_modrm(env, s, modrm);
5714 case 0x00 ... 0x07: /* fxxxs */
5715 case 0x10 ... 0x17: /* fixxxl */
5716 case 0x20 ... 0x27: /* fxxxl */
5717 case 0x30 ... 0x37: /* fixxx */
5724 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5725 s->mem_index, MO_LEUL);
5726 gen_helper_flds_FT0(cpu_env, cpu_tmp2_i32);
5729 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5730 s->mem_index, MO_LEUL);
5731 gen_helper_fildl_FT0(cpu_env, cpu_tmp2_i32);
5734 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0,
5735 s->mem_index, MO_LEQ);
5736 gen_helper_fldl_FT0(cpu_env, cpu_tmp1_i64);
5740 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5741 s->mem_index, MO_LESW);
5742 gen_helper_fildl_FT0(cpu_env, cpu_tmp2_i32);
5746 gen_helper_fp_arith_ST0_FT0(op1);
5748 /* fcomp needs pop */
5749 gen_helper_fpop(cpu_env);
5753 case 0x08: /* flds */
5754 case 0x0a: /* fsts */
5755 case 0x0b: /* fstps */
5756 case 0x18 ... 0x1b: /* fildl, fisttpl, fistl, fistpl */
5757 case 0x28 ... 0x2b: /* fldl, fisttpll, fstl, fstpl */
5758 case 0x38 ... 0x3b: /* filds, fisttps, fists, fistps */
5763 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5764 s->mem_index, MO_LEUL);
5765 gen_helper_flds_ST0(cpu_env, cpu_tmp2_i32);
5768 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5769 s->mem_index, MO_LEUL);
5770 gen_helper_fildl_ST0(cpu_env, cpu_tmp2_i32);
5773 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0,
5774 s->mem_index, MO_LEQ);
5775 gen_helper_fldl_ST0(cpu_env, cpu_tmp1_i64);
5779 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5780 s->mem_index, MO_LESW);
5781 gen_helper_fildl_ST0(cpu_env, cpu_tmp2_i32);
5786 /* XXX: the corresponding CPUID bit must be tested ! */
5789 gen_helper_fisttl_ST0(cpu_tmp2_i32, cpu_env);
5790 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5791 s->mem_index, MO_LEUL);
5794 gen_helper_fisttll_ST0(cpu_tmp1_i64, cpu_env);
5795 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0,
5796 s->mem_index, MO_LEQ);
5800 gen_helper_fistt_ST0(cpu_tmp2_i32, cpu_env);
5801 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5802 s->mem_index, MO_LEUW);
5805 gen_helper_fpop(cpu_env);
5810 gen_helper_fsts_ST0(cpu_tmp2_i32, cpu_env);
5811 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5812 s->mem_index, MO_LEUL);
5815 gen_helper_fistl_ST0(cpu_tmp2_i32, cpu_env);
5816 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5817 s->mem_index, MO_LEUL);
5820 gen_helper_fstl_ST0(cpu_tmp1_i64, cpu_env);
5821 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0,
5822 s->mem_index, MO_LEQ);
5826 gen_helper_fist_ST0(cpu_tmp2_i32, cpu_env);
5827 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5828 s->mem_index, MO_LEUW);
5832 gen_helper_fpop(cpu_env);
5836 case 0x0c: /* fldenv mem */
5837 gen_update_cc_op(s);
5838 gen_jmp_im(pc_start - s->cs_base);
5839 gen_helper_fldenv(cpu_env, cpu_A0, tcg_const_i32(dflag - 1));
5841 case 0x0d: /* fldcw mem */
5842 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
5843 s->mem_index, MO_LEUW);
5844 gen_helper_fldcw(cpu_env, cpu_tmp2_i32);
5846 case 0x0e: /* fnstenv mem */
5847 gen_update_cc_op(s);
5848 gen_jmp_im(pc_start - s->cs_base);
5849 gen_helper_fstenv(cpu_env, cpu_A0, tcg_const_i32(dflag - 1));
5851 case 0x0f: /* fnstcw mem */
5852 gen_helper_fnstcw(cpu_tmp2_i32, cpu_env);
5853 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5854 s->mem_index, MO_LEUW);
5856 case 0x1d: /* fldt mem */
5857 gen_update_cc_op(s);
5858 gen_jmp_im(pc_start - s->cs_base);
5859 gen_helper_fldt_ST0(cpu_env, cpu_A0);
5861 case 0x1f: /* fstpt mem */
5862 gen_update_cc_op(s);
5863 gen_jmp_im(pc_start - s->cs_base);
5864 gen_helper_fstt_ST0(cpu_env, cpu_A0);
5865 gen_helper_fpop(cpu_env);
5867 case 0x2c: /* frstor mem */
5868 gen_update_cc_op(s);
5869 gen_jmp_im(pc_start - s->cs_base);
5870 gen_helper_frstor(cpu_env, cpu_A0, tcg_const_i32(dflag - 1));
5872 case 0x2e: /* fnsave mem */
5873 gen_update_cc_op(s);
5874 gen_jmp_im(pc_start - s->cs_base);
5875 gen_helper_fsave(cpu_env, cpu_A0, tcg_const_i32(dflag - 1));
5877 case 0x2f: /* fnstsw mem */
5878 gen_helper_fnstsw(cpu_tmp2_i32, cpu_env);
5879 tcg_gen_qemu_st_i32(cpu_tmp2_i32, cpu_A0,
5880 s->mem_index, MO_LEUW);
5882 case 0x3c: /* fbld */
5883 gen_update_cc_op(s);
5884 gen_jmp_im(pc_start - s->cs_base);
5885 gen_helper_fbld_ST0(cpu_env, cpu_A0);
5887 case 0x3e: /* fbstp */
5888 gen_update_cc_op(s);
5889 gen_jmp_im(pc_start - s->cs_base);
5890 gen_helper_fbst_ST0(cpu_env, cpu_A0);
5891 gen_helper_fpop(cpu_env);
5893 case 0x3d: /* fildll */
5894 tcg_gen_qemu_ld_i64(cpu_tmp1_i64, cpu_A0, s->mem_index, MO_LEQ);
5895 gen_helper_fildll_ST0(cpu_env, cpu_tmp1_i64);
5897 case 0x3f: /* fistpll */
5898 gen_helper_fistll_ST0(cpu_tmp1_i64, cpu_env);
5899 tcg_gen_qemu_st_i64(cpu_tmp1_i64, cpu_A0, s->mem_index, MO_LEQ);
5900 gen_helper_fpop(cpu_env);
5906 /* register float ops */
5910 case 0x08: /* fld sti */
5911 gen_helper_fpush(cpu_env);
5912 gen_helper_fmov_ST0_STN(cpu_env,
5913 tcg_const_i32((opreg + 1) & 7));
5915 case 0x09: /* fxchg sti */
5916 case 0x29: /* fxchg4 sti, undocumented op */
5917 case 0x39: /* fxchg7 sti, undocumented op */
5918 gen_helper_fxchg_ST0_STN(cpu_env, tcg_const_i32(opreg));
5920 case 0x0a: /* grp d9/2 */
5923 /* check exceptions (FreeBSD FPU probe) */
5924 gen_update_cc_op(s);
5925 gen_jmp_im(pc_start - s->cs_base);
5926 gen_helper_fwait(cpu_env);
5932 case 0x0c: /* grp d9/4 */
5935 gen_helper_fchs_ST0(cpu_env);
5938 gen_helper_fabs_ST0(cpu_env);
5941 gen_helper_fldz_FT0(cpu_env);
5942 gen_helper_fcom_ST0_FT0(cpu_env);
5945 gen_helper_fxam_ST0(cpu_env);
5951 case 0x0d: /* grp d9/5 */
5955 gen_helper_fpush(cpu_env);
5956 gen_helper_fld1_ST0(cpu_env);
5959 gen_helper_fpush(cpu_env);
5960 gen_helper_fldl2t_ST0(cpu_env);
5963 gen_helper_fpush(cpu_env);
5964 gen_helper_fldl2e_ST0(cpu_env);
5967 gen_helper_fpush(cpu_env);
5968 gen_helper_fldpi_ST0(cpu_env);
5971 gen_helper_fpush(cpu_env);
5972 gen_helper_fldlg2_ST0(cpu_env);
5975 gen_helper_fpush(cpu_env);
5976 gen_helper_fldln2_ST0(cpu_env);
5979 gen_helper_fpush(cpu_env);
5980 gen_helper_fldz_ST0(cpu_env);
5987 case 0x0e: /* grp d9/6 */
5990 gen_helper_f2xm1(cpu_env);
5993 gen_helper_fyl2x(cpu_env);
5996 gen_helper_fptan(cpu_env);
5998 case 3: /* fpatan */
5999 gen_helper_fpatan(cpu_env);
6001 case 4: /* fxtract */
6002 gen_helper_fxtract(cpu_env);
6004 case 5: /* fprem1 */
6005 gen_helper_fprem1(cpu_env);
6007 case 6: /* fdecstp */
6008 gen_helper_fdecstp(cpu_env);
6011 case 7: /* fincstp */
6012 gen_helper_fincstp(cpu_env);
6016 case 0x0f: /* grp d9/7 */
6019 gen_helper_fprem(cpu_env);
6021 case 1: /* fyl2xp1 */
6022 gen_helper_fyl2xp1(cpu_env);
6025 gen_helper_fsqrt(cpu_env);
6027 case 3: /* fsincos */
6028 gen_helper_fsincos(cpu_env);
6030 case 5: /* fscale */
6031 gen_helper_fscale(cpu_env);
6033 case 4: /* frndint */
6034 gen_helper_frndint(cpu_env);
6037 gen_helper_fsin(cpu_env);
6041 gen_helper_fcos(cpu_env);
6045 case 0x00: case 0x01: case 0x04 ... 0x07: /* fxxx st, sti */
6046 case 0x20: case 0x21: case 0x24 ... 0x27: /* fxxx sti, st */
6047 case 0x30: case 0x31: case 0x34 ... 0x37: /* fxxxp sti, st */
6053 gen_helper_fp_arith_STN_ST0(op1, opreg);
6055 gen_helper_fpop(cpu_env);
6057 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6058 gen_helper_fp_arith_ST0_FT0(op1);
6062 case 0x02: /* fcom */
6063 case 0x22: /* fcom2, undocumented op */
6064 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6065 gen_helper_fcom_ST0_FT0(cpu_env);
6067 case 0x03: /* fcomp */
6068 case 0x23: /* fcomp3, undocumented op */
6069 case 0x32: /* fcomp5, undocumented op */
6070 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6071 gen_helper_fcom_ST0_FT0(cpu_env);
6072 gen_helper_fpop(cpu_env);
6074 case 0x15: /* da/5 */
6076 case 1: /* fucompp */
6077 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(1));
6078 gen_helper_fucom_ST0_FT0(cpu_env);
6079 gen_helper_fpop(cpu_env);
6080 gen_helper_fpop(cpu_env);
6088 case 0: /* feni (287 only, just do nop here) */
6090 case 1: /* fdisi (287 only, just do nop here) */
6093 gen_helper_fclex(cpu_env);
6095 case 3: /* fninit */
6096 gen_helper_fninit(cpu_env);
6098 case 4: /* fsetpm (287 only, just do nop here) */
6104 case 0x1d: /* fucomi */
6105 if (!(s->cpuid_features & CPUID_CMOV)) {
6108 gen_update_cc_op(s);
6109 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6110 gen_helper_fucomi_ST0_FT0(cpu_env);
6111 set_cc_op(s, CC_OP_EFLAGS);
6113 case 0x1e: /* fcomi */
6114 if (!(s->cpuid_features & CPUID_CMOV)) {
6117 gen_update_cc_op(s);
6118 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6119 gen_helper_fcomi_ST0_FT0(cpu_env);
6120 set_cc_op(s, CC_OP_EFLAGS);
6122 case 0x28: /* ffree sti */
6123 gen_helper_ffree_STN(cpu_env, tcg_const_i32(opreg));
6125 case 0x2a: /* fst sti */
6126 gen_helper_fmov_STN_ST0(cpu_env, tcg_const_i32(opreg));
6128 case 0x2b: /* fstp sti */
6129 case 0x0b: /* fstp1 sti, undocumented op */
6130 case 0x3a: /* fstp8 sti, undocumented op */
6131 case 0x3b: /* fstp9 sti, undocumented op */
6132 gen_helper_fmov_STN_ST0(cpu_env, tcg_const_i32(opreg));
6133 gen_helper_fpop(cpu_env);
6135 case 0x2c: /* fucom st(i) */
6136 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6137 gen_helper_fucom_ST0_FT0(cpu_env);
6139 case 0x2d: /* fucomp st(i) */
6140 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6141 gen_helper_fucom_ST0_FT0(cpu_env);
6142 gen_helper_fpop(cpu_env);
6144 case 0x33: /* de/3 */
6146 case 1: /* fcompp */
6147 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(1));
6148 gen_helper_fcom_ST0_FT0(cpu_env);
6149 gen_helper_fpop(cpu_env);
6150 gen_helper_fpop(cpu_env);
6156 case 0x38: /* ffreep sti, undocumented op */
6157 gen_helper_ffree_STN(cpu_env, tcg_const_i32(opreg));
6158 gen_helper_fpop(cpu_env);
6160 case 0x3c: /* df/4 */
6163 gen_helper_fnstsw(cpu_tmp2_i32, cpu_env);
6164 tcg_gen_extu_i32_tl(cpu_T[0], cpu_tmp2_i32);
6165 gen_op_mov_reg_v(MO_16, R_EAX, cpu_T[0]);
6171 case 0x3d: /* fucomip */
6172 if (!(s->cpuid_features & CPUID_CMOV)) {
6175 gen_update_cc_op(s);
6176 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6177 gen_helper_fucomi_ST0_FT0(cpu_env);
6178 gen_helper_fpop(cpu_env);
6179 set_cc_op(s, CC_OP_EFLAGS);
6181 case 0x3e: /* fcomip */
6182 if (!(s->cpuid_features & CPUID_CMOV)) {
6185 gen_update_cc_op(s);
6186 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
6187 gen_helper_fcomi_ST0_FT0(cpu_env);
6188 gen_helper_fpop(cpu_env);
6189 set_cc_op(s, CC_OP_EFLAGS);
6191 case 0x10 ... 0x13: /* fcmovxx */
6195 static const uint8_t fcmov_cc[8] = {
6202 if (!(s->cpuid_features & CPUID_CMOV)) {
6205 op1 = fcmov_cc[op & 3] | (((op >> 3) & 1) ^ 1);
6206 l1 = gen_new_label();
6207 gen_jcc1_noeob(s, op1, l1);
6208 gen_helper_fmov_ST0_STN(cpu_env, tcg_const_i32(opreg));
6217 /************************/
6220 case 0xa4: /* movsS */
6222 ot = mo_b_d(b, dflag);
6223 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6224 gen_repz_movs(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6230 case 0xaa: /* stosS */
6232 ot = mo_b_d(b, dflag);
6233 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6234 gen_repz_stos(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6239 case 0xac: /* lodsS */
6241 ot = mo_b_d(b, dflag);
6242 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6243 gen_repz_lods(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6248 case 0xae: /* scasS */
6250 ot = mo_b_d(b, dflag);
6251 if (prefixes & PREFIX_REPNZ) {
6252 gen_repz_scas(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 1);
6253 } else if (prefixes & PREFIX_REPZ) {
6254 gen_repz_scas(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 0);
6260 case 0xa6: /* cmpsS */
6262 ot = mo_b_d(b, dflag);
6263 if (prefixes & PREFIX_REPNZ) {
6264 gen_repz_cmps(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 1);
6265 } else if (prefixes & PREFIX_REPZ) {
6266 gen_repz_cmps(s, ot, pc_start - s->cs_base, s->pc - s->cs_base, 0);
6271 case 0x6c: /* insS */
6273 ot = mo_b_d32(b, dflag);
6274 tcg_gen_ext16u_tl(cpu_T[0], cpu_regs[R_EDX]);
6275 gen_check_io(s, ot, pc_start - s->cs_base,
6276 SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes) | 4);
6277 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6278 gen_repz_ins(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6282 gen_jmp(s, s->pc - s->cs_base);
6286 case 0x6e: /* outsS */
6288 ot = mo_b_d32(b, dflag);
6289 tcg_gen_ext16u_tl(cpu_T[0], cpu_regs[R_EDX]);
6290 gen_check_io(s, ot, pc_start - s->cs_base,
6291 svm_is_rep(prefixes) | 4);
6292 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
6293 gen_repz_outs(s, ot, pc_start - s->cs_base, s->pc - s->cs_base);
6297 gen_jmp(s, s->pc - s->cs_base);
6302 /************************/
6307 ot = mo_b_d32(b, dflag);
6308 val = cpu_ldub_code(env, s->pc++);
6309 tcg_gen_movi_tl(cpu_T[0], val);
6310 gen_check_io(s, ot, pc_start - s->cs_base,
6311 SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes));
6314 tcg_gen_movi_i32(cpu_tmp2_i32, val);
6315 gen_helper_in_func(ot, cpu_T[1], cpu_tmp2_i32);
6316 gen_op_mov_reg_v(ot, R_EAX, cpu_T[1]);
6319 gen_jmp(s, s->pc - s->cs_base);
6324 ot = mo_b_d32(b, dflag);
6325 val = cpu_ldub_code(env, s->pc++);
6326 tcg_gen_movi_tl(cpu_T[0], val);
6327 gen_check_io(s, ot, pc_start - s->cs_base,
6328 svm_is_rep(prefixes));
6329 gen_op_mov_v_reg(ot, cpu_T[1], R_EAX);
6333 tcg_gen_movi_i32(cpu_tmp2_i32, val);
6334 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T[1]);
6335 gen_helper_out_func(ot, cpu_tmp2_i32, cpu_tmp3_i32);
6338 gen_jmp(s, s->pc - s->cs_base);
6343 ot = mo_b_d32(b, dflag);
6344 tcg_gen_ext16u_tl(cpu_T[0], cpu_regs[R_EDX]);
6345 gen_check_io(s, ot, pc_start - s->cs_base,
6346 SVM_IOIO_TYPE_MASK | svm_is_rep(prefixes));
6349 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
6350 gen_helper_in_func(ot, cpu_T[1], cpu_tmp2_i32);
6351 gen_op_mov_reg_v(ot, R_EAX, cpu_T[1]);
6354 gen_jmp(s, s->pc - s->cs_base);
6359 ot = mo_b_d32(b, dflag);
6360 tcg_gen_ext16u_tl(cpu_T[0], cpu_regs[R_EDX]);
6361 gen_check_io(s, ot, pc_start - s->cs_base,
6362 svm_is_rep(prefixes));
6363 gen_op_mov_v_reg(ot, cpu_T[1], R_EAX);
6367 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
6368 tcg_gen_trunc_tl_i32(cpu_tmp3_i32, cpu_T[1]);
6369 gen_helper_out_func(ot, cpu_tmp2_i32, cpu_tmp3_i32);
6372 gen_jmp(s, s->pc - s->cs_base);
6376 /************************/
6378 case 0xc2: /* ret im */
6379 val = cpu_ldsw_code(env, s->pc);
6382 gen_stack_update(s, val + (1 << ot));
6383 /* Note that gen_pop_T0 uses a zero-extending load. */
6384 gen_op_jmp_v(cpu_T[0]);
6387 case 0xc3: /* ret */
6389 gen_pop_update(s, ot);
6390 /* Note that gen_pop_T0 uses a zero-extending load. */
6391 gen_op_jmp_v(cpu_T[0]);
6394 case 0xca: /* lret im */
6395 val = cpu_ldsw_code(env, s->pc);
6398 if (s->pe && !s->vm86) {
6399 gen_update_cc_op(s);
6400 gen_jmp_im(pc_start - s->cs_base);
6401 gen_helper_lret_protected(cpu_env, tcg_const_i32(dflag - 1),
6402 tcg_const_i32(val));
6406 gen_op_ld_v(s, dflag, cpu_T[0], cpu_A0);
6407 /* NOTE: keeping EIP updated is not a problem in case of
6409 gen_op_jmp_v(cpu_T[0]);
6411 gen_op_addl_A0_im(1 << dflag);
6412 gen_op_ld_v(s, dflag, cpu_T[0], cpu_A0);
6413 gen_op_movl_seg_T0_vm(R_CS);
6414 /* add stack offset */
6415 gen_stack_update(s, val + (2 << dflag));
6419 case 0xcb: /* lret */
6422 case 0xcf: /* iret */
6423 gen_svm_check_intercept(s, pc_start, SVM_EXIT_IRET);
6426 gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1));
6427 set_cc_op(s, CC_OP_EFLAGS);
6428 } else if (s->vm86) {
6430 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6432 gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1));
6433 set_cc_op(s, CC_OP_EFLAGS);
6436 gen_update_cc_op(s);
6437 gen_jmp_im(pc_start - s->cs_base);
6438 gen_helper_iret_protected(cpu_env, tcg_const_i32(dflag - 1),
6439 tcg_const_i32(s->pc - s->cs_base));
6440 set_cc_op(s, CC_OP_EFLAGS);
6444 case 0xe8: /* call im */
6446 if (dflag != MO_16) {
6447 tval = (int32_t)insn_get(env, s, MO_32);
6449 tval = (int16_t)insn_get(env, s, MO_16);
6451 next_eip = s->pc - s->cs_base;
6453 if (dflag == MO_16) {
6455 } else if (!CODE64(s)) {
6458 tcg_gen_movi_tl(cpu_T[0], next_eip);
6459 gen_push_v(s, cpu_T[0]);
6463 case 0x9a: /* lcall im */
6465 unsigned int selector, offset;
6470 offset = insn_get(env, s, ot);
6471 selector = insn_get(env, s, MO_16);
6473 tcg_gen_movi_tl(cpu_T[0], selector);
6474 tcg_gen_movi_tl(cpu_T[1], offset);
6477 case 0xe9: /* jmp im */
6478 if (dflag != MO_16) {
6479 tval = (int32_t)insn_get(env, s, MO_32);
6481 tval = (int16_t)insn_get(env, s, MO_16);
6483 tval += s->pc - s->cs_base;
6484 if (dflag == MO_16) {
6486 } else if (!CODE64(s)) {
6491 case 0xea: /* ljmp im */
6493 unsigned int selector, offset;
6498 offset = insn_get(env, s, ot);
6499 selector = insn_get(env, s, MO_16);
6501 tcg_gen_movi_tl(cpu_T[0], selector);
6502 tcg_gen_movi_tl(cpu_T[1], offset);
6505 case 0xeb: /* jmp Jb */
6506 tval = (int8_t)insn_get(env, s, MO_8);
6507 tval += s->pc - s->cs_base;
6508 if (dflag == MO_16) {
6513 case 0x70 ... 0x7f: /* jcc Jb */
6514 tval = (int8_t)insn_get(env, s, MO_8);
6516 case 0x180 ... 0x18f: /* jcc Jv */
6517 if (dflag != MO_16) {
6518 tval = (int32_t)insn_get(env, s, MO_32);
6520 tval = (int16_t)insn_get(env, s, MO_16);
6523 next_eip = s->pc - s->cs_base;
6525 if (dflag == MO_16) {
6528 gen_jcc(s, b, tval, next_eip);
6531 case 0x190 ... 0x19f: /* setcc Gv */
6532 modrm = cpu_ldub_code(env, s->pc++);
6533 gen_setcc1(s, b, cpu_T[0]);
6534 gen_ldst_modrm(env, s, modrm, MO_8, OR_TMP0, 1);
6536 case 0x140 ... 0x14f: /* cmov Gv, Ev */
6537 if (!(s->cpuid_features & CPUID_CMOV)) {
6541 modrm = cpu_ldub_code(env, s->pc++);
6542 reg = ((modrm >> 3) & 7) | rex_r;
6543 gen_cmovcc1(env, s, ot, b, modrm, reg);
6546 /************************/
6548 case 0x9c: /* pushf */
6549 gen_svm_check_intercept(s, pc_start, SVM_EXIT_PUSHF);
6550 if (s->vm86 && s->iopl != 3) {
6551 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6553 gen_update_cc_op(s);
6554 gen_helper_read_eflags(cpu_T[0], cpu_env);
6555 gen_push_v(s, cpu_T[0]);
6558 case 0x9d: /* popf */
6559 gen_svm_check_intercept(s, pc_start, SVM_EXIT_POPF);
6560 if (s->vm86 && s->iopl != 3) {
6561 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6565 if (dflag != MO_16) {
6566 gen_helper_write_eflags(cpu_env, cpu_T[0],
6567 tcg_const_i32((TF_MASK | AC_MASK |
6572 gen_helper_write_eflags(cpu_env, cpu_T[0],
6573 tcg_const_i32((TF_MASK | AC_MASK |
6575 IF_MASK | IOPL_MASK)
6579 if (s->cpl <= s->iopl) {
6580 if (dflag != MO_16) {
6581 gen_helper_write_eflags(cpu_env, cpu_T[0],
6582 tcg_const_i32((TF_MASK |
6588 gen_helper_write_eflags(cpu_env, cpu_T[0],
6589 tcg_const_i32((TF_MASK |
6597 if (dflag != MO_16) {
6598 gen_helper_write_eflags(cpu_env, cpu_T[0],
6599 tcg_const_i32((TF_MASK | AC_MASK |
6600 ID_MASK | NT_MASK)));
6602 gen_helper_write_eflags(cpu_env, cpu_T[0],
6603 tcg_const_i32((TF_MASK | AC_MASK |
6609 gen_pop_update(s, ot);
6610 set_cc_op(s, CC_OP_EFLAGS);
6611 /* abort translation because TF/AC flag may change */
6612 gen_jmp_im(s->pc - s->cs_base);
6616 case 0x9e: /* sahf */
6617 if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM))
6619 gen_op_mov_v_reg(MO_8, cpu_T[0], R_AH);
6620 gen_compute_eflags(s);
6621 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, CC_O);
6622 tcg_gen_andi_tl(cpu_T[0], cpu_T[0], CC_S | CC_Z | CC_A | CC_P | CC_C);
6623 tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, cpu_T[0]);
6625 case 0x9f: /* lahf */
6626 if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM))
6628 gen_compute_eflags(s);
6629 /* Note: gen_compute_eflags() only gives the condition codes */
6630 tcg_gen_ori_tl(cpu_T[0], cpu_cc_src, 0x02);
6631 gen_op_mov_reg_v(MO_8, R_AH, cpu_T[0]);
6633 case 0xf5: /* cmc */
6634 gen_compute_eflags(s);
6635 tcg_gen_xori_tl(cpu_cc_src, cpu_cc_src, CC_C);
6637 case 0xf8: /* clc */
6638 gen_compute_eflags(s);
6639 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, ~CC_C);
6641 case 0xf9: /* stc */
6642 gen_compute_eflags(s);
6643 tcg_gen_ori_tl(cpu_cc_src, cpu_cc_src, CC_C);
6645 case 0xfc: /* cld */
6646 tcg_gen_movi_i32(cpu_tmp2_i32, 1);
6647 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env, offsetof(CPUX86State, df));
6649 case 0xfd: /* std */
6650 tcg_gen_movi_i32(cpu_tmp2_i32, -1);
6651 tcg_gen_st_i32(cpu_tmp2_i32, cpu_env, offsetof(CPUX86State, df));
6654 /************************/
6655 /* bit operations */
6656 case 0x1ba: /* bt/bts/btr/btc Gv, im */
6658 modrm = cpu_ldub_code(env, s->pc++);
6659 op = (modrm >> 3) & 7;
6660 mod = (modrm >> 6) & 3;
6661 rm = (modrm & 7) | REX_B(s);
6664 gen_lea_modrm(env, s, modrm);
6665 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
6667 gen_op_mov_v_reg(ot, cpu_T[0], rm);
6670 val = cpu_ldub_code(env, s->pc++);
6671 tcg_gen_movi_tl(cpu_T[1], val);
6676 case 0x1a3: /* bt Gv, Ev */
6679 case 0x1ab: /* bts */
6682 case 0x1b3: /* btr */
6685 case 0x1bb: /* btc */
6689 modrm = cpu_ldub_code(env, s->pc++);
6690 reg = ((modrm >> 3) & 7) | rex_r;
6691 mod = (modrm >> 6) & 3;
6692 rm = (modrm & 7) | REX_B(s);
6693 gen_op_mov_v_reg(MO_32, cpu_T[1], reg);
6695 gen_lea_modrm(env, s, modrm);
6696 /* specific case: we need to add a displacement */
6697 gen_exts(ot, cpu_T[1]);
6698 tcg_gen_sari_tl(cpu_tmp0, cpu_T[1], 3 + ot);
6699 tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, ot);
6700 tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
6701 gen_op_ld_v(s, ot, cpu_T[0], cpu_A0);
6703 gen_op_mov_v_reg(ot, cpu_T[0], rm);
6706 tcg_gen_andi_tl(cpu_T[1], cpu_T[1], (1 << (3 + ot)) - 1);
6707 tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
6712 tcg_gen_movi_tl(cpu_tmp0, 1);
6713 tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
6714 tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
6717 tcg_gen_movi_tl(cpu_tmp0, 1);
6718 tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
6719 tcg_gen_andc_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
6723 tcg_gen_movi_tl(cpu_tmp0, 1);
6724 tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
6725 tcg_gen_xor_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
6730 gen_op_st_v(s, ot, cpu_T[0], cpu_A0);
6732 gen_op_mov_reg_v(ot, rm, cpu_T[0]);
6736 /* Delay all CC updates until after the store above. Note that
6737 C is the result of the test, Z is unchanged, and the others
6738 are all undefined. */
6740 case CC_OP_MULB ... CC_OP_MULQ:
6741 case CC_OP_ADDB ... CC_OP_ADDQ:
6742 case CC_OP_ADCB ... CC_OP_ADCQ:
6743 case CC_OP_SUBB ... CC_OP_SUBQ:
6744 case CC_OP_SBBB ... CC_OP_SBBQ:
6745 case CC_OP_LOGICB ... CC_OP_LOGICQ:
6746 case CC_OP_INCB ... CC_OP_INCQ:
6747 case CC_OP_DECB ... CC_OP_DECQ:
6748 case CC_OP_SHLB ... CC_OP_SHLQ:
6749 case CC_OP_SARB ... CC_OP_SARQ:
6750 case CC_OP_BMILGB ... CC_OP_BMILGQ:
6751 /* Z was going to be computed from the non-zero status of CC_DST.
6752 We can get that same Z value (and the new C value) by leaving
6753 CC_DST alone, setting CC_SRC, and using a CC_OP_SAR of the
6755 tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
6756 set_cc_op(s, ((s->cc_op - CC_OP_MULB) & 3) + CC_OP_SARB);
6759 /* Otherwise, generate EFLAGS and replace the C bit. */
6760 gen_compute_eflags(s);
6761 tcg_gen_deposit_tl(cpu_cc_src, cpu_cc_src, cpu_tmp4,
6766 case 0x1bc: /* bsf / tzcnt */
6767 case 0x1bd: /* bsr / lzcnt */
6769 modrm = cpu_ldub_code(env, s->pc++);
6770 reg = ((modrm >> 3) & 7) | rex_r;
6771 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
6772 gen_extu(ot, cpu_T[0]);
6774 /* Note that lzcnt and tzcnt are in different extensions. */
6775 if ((prefixes & PREFIX_REPZ)
6777 ? s->cpuid_ext3_features & CPUID_EXT3_ABM
6778 : s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)) {
6780 tcg_gen_mov_tl(cpu_cc_src, cpu_T[0]);
6782 /* For lzcnt, reduce the target_ulong result by the
6783 number of zeros that we expect to find at the top. */
6784 gen_helper_clz(cpu_T[0], cpu_T[0]);
6785 tcg_gen_subi_tl(cpu_T[0], cpu_T[0], TARGET_LONG_BITS - size);
6787 /* For tzcnt, a zero input must return the operand size:
6788 force all bits outside the operand size to 1. */
6789 target_ulong mask = (target_ulong)-2 << (size - 1);
6790 tcg_gen_ori_tl(cpu_T[0], cpu_T[0], mask);
6791 gen_helper_ctz(cpu_T[0], cpu_T[0]);
6793 /* For lzcnt/tzcnt, C and Z bits are defined and are
6794 related to the result. */
6795 gen_op_update1_cc();
6796 set_cc_op(s, CC_OP_BMILGB + ot);
6798 /* For bsr/bsf, only the Z bit is defined and it is related
6799 to the input and not the result. */
6800 tcg_gen_mov_tl(cpu_cc_dst, cpu_T[0]);
6801 set_cc_op(s, CC_OP_LOGICB + ot);
6803 /* For bsr, return the bit index of the first 1 bit,
6804 not the count of leading zeros. */
6805 gen_helper_clz(cpu_T[0], cpu_T[0]);
6806 tcg_gen_xori_tl(cpu_T[0], cpu_T[0], TARGET_LONG_BITS - 1);
6808 gen_helper_ctz(cpu_T[0], cpu_T[0]);
6810 /* ??? The manual says that the output is undefined when the
6811 input is zero, but real hardware leaves it unchanged, and
6812 real programs appear to depend on that. */
6813 tcg_gen_movi_tl(cpu_tmp0, 0);
6814 tcg_gen_movcond_tl(TCG_COND_EQ, cpu_T[0], cpu_cc_dst, cpu_tmp0,
6815 cpu_regs[reg], cpu_T[0]);
6817 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
6819 /************************/
6821 case 0x27: /* daa */
6824 gen_update_cc_op(s);
6825 gen_helper_daa(cpu_env);
6826 set_cc_op(s, CC_OP_EFLAGS);
6828 case 0x2f: /* das */
6831 gen_update_cc_op(s);
6832 gen_helper_das(cpu_env);
6833 set_cc_op(s, CC_OP_EFLAGS);
6835 case 0x37: /* aaa */
6838 gen_update_cc_op(s);
6839 gen_helper_aaa(cpu_env);
6840 set_cc_op(s, CC_OP_EFLAGS);
6842 case 0x3f: /* aas */
6845 gen_update_cc_op(s);
6846 gen_helper_aas(cpu_env);
6847 set_cc_op(s, CC_OP_EFLAGS);
6849 case 0xd4: /* aam */
6852 val = cpu_ldub_code(env, s->pc++);
6854 gen_exception(s, EXCP00_DIVZ, pc_start - s->cs_base);
6856 gen_helper_aam(cpu_env, tcg_const_i32(val));
6857 set_cc_op(s, CC_OP_LOGICB);
6860 case 0xd5: /* aad */
6863 val = cpu_ldub_code(env, s->pc++);
6864 gen_helper_aad(cpu_env, tcg_const_i32(val));
6865 set_cc_op(s, CC_OP_LOGICB);
6867 /************************/
6869 case 0x90: /* nop */
6870 /* XXX: correct lock test for all insn */
6871 if (prefixes & PREFIX_LOCK) {
6874 /* If REX_B is set, then this is xchg eax, r8d, not a nop. */
6876 goto do_xchg_reg_eax;
6878 if (prefixes & PREFIX_REPZ) {
6879 gen_update_cc_op(s);
6880 gen_jmp_im(pc_start - s->cs_base);
6881 gen_helper_pause(cpu_env, tcg_const_i32(s->pc - pc_start));
6882 s->is_jmp = DISAS_TB_JUMP;
6885 case 0x9b: /* fwait */
6886 if ((s->flags & (HF_MP_MASK | HF_TS_MASK)) ==
6887 (HF_MP_MASK | HF_TS_MASK)) {
6888 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
6890 gen_update_cc_op(s);
6891 gen_jmp_im(pc_start - s->cs_base);
6892 gen_helper_fwait(cpu_env);
6895 case 0xcc: /* int3 */
6896 gen_interrupt(s, EXCP03_INT3, pc_start - s->cs_base, s->pc - s->cs_base);
6898 case 0xcd: /* int N */
6899 val = cpu_ldub_code(env, s->pc++);
6900 if (s->vm86 && s->iopl != 3) {
6901 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6903 gen_interrupt(s, val, pc_start - s->cs_base, s->pc - s->cs_base);
6906 case 0xce: /* into */
6909 gen_update_cc_op(s);
6910 gen_jmp_im(pc_start - s->cs_base);
6911 gen_helper_into(cpu_env, tcg_const_i32(s->pc - pc_start));
6914 case 0xf1: /* icebp (undocumented, exits to external debugger) */
6915 gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP);
6917 gen_debug(s, pc_start - s->cs_base);
6921 qemu_set_log(CPU_LOG_INT | CPU_LOG_TB_IN_ASM);
6925 case 0xfa: /* cli */
6927 if (s->cpl <= s->iopl) {
6928 gen_helper_cli(cpu_env);
6930 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6934 gen_helper_cli(cpu_env);
6936 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6940 case 0xfb: /* sti */
6942 if (s->cpl <= s->iopl) {
6944 gen_helper_sti(cpu_env);
6945 /* interruptions are enabled only the first insn after sti */
6946 /* If several instructions disable interrupts, only the
6948 if (!(s->tb->flags & HF_INHIBIT_IRQ_MASK))
6949 gen_helper_set_inhibit_irq(cpu_env);
6950 /* give a chance to handle pending irqs */
6951 gen_jmp_im(s->pc - s->cs_base);
6954 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6960 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
6964 case 0x62: /* bound */
6968 modrm = cpu_ldub_code(env, s->pc++);
6969 reg = (modrm >> 3) & 7;
6970 mod = (modrm >> 6) & 3;
6973 gen_op_mov_v_reg(ot, cpu_T[0], reg);
6974 gen_lea_modrm(env, s, modrm);
6975 gen_jmp_im(pc_start - s->cs_base);
6976 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
6978 gen_helper_boundw(cpu_env, cpu_A0, cpu_tmp2_i32);
6980 gen_helper_boundl(cpu_env, cpu_A0, cpu_tmp2_i32);
6983 case 0x1c8 ... 0x1cf: /* bswap reg */
6984 reg = (b & 7) | REX_B(s);
6985 #ifdef TARGET_X86_64
6986 if (dflag == MO_64) {
6987 gen_op_mov_v_reg(MO_64, cpu_T[0], reg);
6988 tcg_gen_bswap64_i64(cpu_T[0], cpu_T[0]);
6989 gen_op_mov_reg_v(MO_64, reg, cpu_T[0]);
6993 gen_op_mov_v_reg(MO_32, cpu_T[0], reg);
6994 tcg_gen_ext32u_tl(cpu_T[0], cpu_T[0]);
6995 tcg_gen_bswap32_tl(cpu_T[0], cpu_T[0]);
6996 gen_op_mov_reg_v(MO_32, reg, cpu_T[0]);
6999 case 0xd6: /* salc */
7002 gen_compute_eflags_c(s, cpu_T[0]);
7003 tcg_gen_neg_tl(cpu_T[0], cpu_T[0]);
7004 gen_op_mov_reg_v(MO_8, R_EAX, cpu_T[0]);
7006 case 0xe0: /* loopnz */
7007 case 0xe1: /* loopz */
7008 case 0xe2: /* loop */
7009 case 0xe3: /* jecxz */
7013 tval = (int8_t)insn_get(env, s, MO_8);
7014 next_eip = s->pc - s->cs_base;
7016 if (dflag == MO_16) {
7020 l1 = gen_new_label();
7021 l2 = gen_new_label();
7022 l3 = gen_new_label();
7025 case 0: /* loopnz */
7027 gen_op_add_reg_im(s->aflag, R_ECX, -1);
7028 gen_op_jz_ecx(s->aflag, l3);
7029 gen_jcc1(s, (JCC_Z << 1) | (b ^ 1), l1);
7032 gen_op_add_reg_im(s->aflag, R_ECX, -1);
7033 gen_op_jnz_ecx(s->aflag, l1);
7037 gen_op_jz_ecx(s->aflag, l1);
7042 gen_jmp_im(next_eip);
7051 case 0x130: /* wrmsr */
7052 case 0x132: /* rdmsr */
7054 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7056 gen_update_cc_op(s);
7057 gen_jmp_im(pc_start - s->cs_base);
7059 gen_helper_rdmsr(cpu_env);
7061 gen_helper_wrmsr(cpu_env);
7065 case 0x131: /* rdtsc */
7066 gen_update_cc_op(s);
7067 gen_jmp_im(pc_start - s->cs_base);
7070 gen_helper_rdtsc(cpu_env);
7073 gen_jmp(s, s->pc - s->cs_base);
7076 case 0x133: /* rdpmc */
7077 gen_update_cc_op(s);
7078 gen_jmp_im(pc_start - s->cs_base);
7079 gen_helper_rdpmc(cpu_env);
7081 case 0x134: /* sysenter */
7082 /* For Intel SYSENTER is valid on 64-bit */
7083 if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1)
7086 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7088 gen_update_cc_op(s);
7089 gen_jmp_im(pc_start - s->cs_base);
7090 gen_helper_sysenter(cpu_env);
7094 case 0x135: /* sysexit */
7095 /* For Intel SYSEXIT is valid on 64-bit */
7096 if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1)
7099 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7101 gen_update_cc_op(s);
7102 gen_jmp_im(pc_start - s->cs_base);
7103 gen_helper_sysexit(cpu_env, tcg_const_i32(dflag - 1));
7107 #ifdef TARGET_X86_64
7108 case 0x105: /* syscall */
7109 /* XXX: is it usable in real mode ? */
7110 gen_update_cc_op(s);
7111 gen_jmp_im(pc_start - s->cs_base);
7112 gen_helper_syscall(cpu_env, tcg_const_i32(s->pc - pc_start));
7115 case 0x107: /* sysret */
7117 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7119 gen_update_cc_op(s);
7120 gen_jmp_im(pc_start - s->cs_base);
7121 gen_helper_sysret(cpu_env, tcg_const_i32(dflag - 1));
7122 /* condition codes are modified only in long mode */
7124 set_cc_op(s, CC_OP_EFLAGS);
7130 case 0x1a2: /* cpuid */
7131 gen_update_cc_op(s);
7132 gen_jmp_im(pc_start - s->cs_base);
7133 gen_helper_cpuid(cpu_env);
7135 case 0xf4: /* hlt */
7137 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7139 gen_update_cc_op(s);
7140 gen_jmp_im(pc_start - s->cs_base);
7141 gen_helper_hlt(cpu_env, tcg_const_i32(s->pc - pc_start));
7142 s->is_jmp = DISAS_TB_JUMP;
7146 modrm = cpu_ldub_code(env, s->pc++);
7147 mod = (modrm >> 6) & 3;
7148 op = (modrm >> 3) & 7;
7151 if (!s->pe || s->vm86)
7153 gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_READ);
7154 tcg_gen_ld32u_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,ldt.selector));
7155 ot = mod == 3 ? dflag : MO_16;
7156 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
7159 if (!s->pe || s->vm86)
7162 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7164 gen_svm_check_intercept(s, pc_start, SVM_EXIT_LDTR_WRITE);
7165 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7166 gen_jmp_im(pc_start - s->cs_base);
7167 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
7168 gen_helper_lldt(cpu_env, cpu_tmp2_i32);
7172 if (!s->pe || s->vm86)
7174 gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_READ);
7175 tcg_gen_ld32u_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,tr.selector));
7176 ot = mod == 3 ? dflag : MO_16;
7177 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
7180 if (!s->pe || s->vm86)
7183 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7185 gen_svm_check_intercept(s, pc_start, SVM_EXIT_TR_WRITE);
7186 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7187 gen_jmp_im(pc_start - s->cs_base);
7188 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
7189 gen_helper_ltr(cpu_env, cpu_tmp2_i32);
7194 if (!s->pe || s->vm86)
7196 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7197 gen_update_cc_op(s);
7199 gen_helper_verr(cpu_env, cpu_T[0]);
7201 gen_helper_verw(cpu_env, cpu_T[0]);
7203 set_cc_op(s, CC_OP_EFLAGS);
7210 modrm = cpu_ldub_code(env, s->pc++);
7211 mod = (modrm >> 6) & 3;
7212 op = (modrm >> 3) & 7;
7218 gen_svm_check_intercept(s, pc_start, SVM_EXIT_GDTR_READ);
7219 gen_lea_modrm(env, s, modrm);
7220 tcg_gen_ld32u_tl(cpu_T[0], cpu_env, offsetof(CPUX86State, gdt.limit));
7221 gen_op_st_v(s, MO_16, cpu_T[0], cpu_A0);
7222 gen_add_A0_im(s, 2);
7223 tcg_gen_ld_tl(cpu_T[0], cpu_env, offsetof(CPUX86State, gdt.base));
7224 if (dflag == MO_16) {
7225 tcg_gen_andi_tl(cpu_T[0], cpu_T[0], 0xffffff);
7227 gen_op_st_v(s, CODE64(s) + MO_32, cpu_T[0], cpu_A0);
7232 case 0: /* monitor */
7233 if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) ||
7236 gen_update_cc_op(s);
7237 gen_jmp_im(pc_start - s->cs_base);
7238 tcg_gen_mov_tl(cpu_A0, cpu_regs[R_EAX]);
7239 gen_extu(s->aflag, cpu_A0);
7240 gen_add_A0_ds_seg(s);
7241 gen_helper_monitor(cpu_env, cpu_A0);
7244 if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) ||
7247 gen_update_cc_op(s);
7248 gen_jmp_im(pc_start - s->cs_base);
7249 gen_helper_mwait(cpu_env, tcg_const_i32(s->pc - pc_start));
7253 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP) ||
7257 gen_helper_clac(cpu_env);
7258 gen_jmp_im(s->pc - s->cs_base);
7262 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP) ||
7266 gen_helper_stac(cpu_env);
7267 gen_jmp_im(s->pc - s->cs_base);
7274 gen_svm_check_intercept(s, pc_start, SVM_EXIT_IDTR_READ);
7275 gen_lea_modrm(env, s, modrm);
7276 tcg_gen_ld32u_tl(cpu_T[0], cpu_env, offsetof(CPUX86State, idt.limit));
7277 gen_op_st_v(s, MO_16, cpu_T[0], cpu_A0);
7278 gen_add_A0_im(s, 2);
7279 tcg_gen_ld_tl(cpu_T[0], cpu_env, offsetof(CPUX86State, idt.base));
7280 if (dflag == MO_16) {
7281 tcg_gen_andi_tl(cpu_T[0], cpu_T[0], 0xffffff);
7283 gen_op_st_v(s, CODE64(s) + MO_32, cpu_T[0], cpu_A0);
7289 gen_update_cc_op(s);
7290 gen_jmp_im(pc_start - s->cs_base);
7293 if (!(s->flags & HF_SVME_MASK) || !s->pe)
7296 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7299 gen_helper_vmrun(cpu_env, tcg_const_i32(s->aflag - 1),
7300 tcg_const_i32(s->pc - pc_start));
7302 s->is_jmp = DISAS_TB_JUMP;
7305 case 1: /* VMMCALL */
7306 if (!(s->flags & HF_SVME_MASK))
7308 gen_helper_vmmcall(cpu_env);
7310 case 2: /* VMLOAD */
7311 if (!(s->flags & HF_SVME_MASK) || !s->pe)
7314 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7317 gen_helper_vmload(cpu_env, tcg_const_i32(s->aflag - 1));
7320 case 3: /* VMSAVE */
7321 if (!(s->flags & HF_SVME_MASK) || !s->pe)
7324 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7327 gen_helper_vmsave(cpu_env, tcg_const_i32(s->aflag - 1));
7331 if ((!(s->flags & HF_SVME_MASK) &&
7332 !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT)) ||
7336 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7339 gen_helper_stgi(cpu_env);
7343 if (!(s->flags & HF_SVME_MASK) || !s->pe)
7346 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7349 gen_helper_clgi(cpu_env);
7352 case 6: /* SKINIT */
7353 if ((!(s->flags & HF_SVME_MASK) &&
7354 !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT)) ||
7357 gen_helper_skinit(cpu_env);
7359 case 7: /* INVLPGA */
7360 if (!(s->flags & HF_SVME_MASK) || !s->pe)
7363 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7366 gen_helper_invlpga(cpu_env,
7367 tcg_const_i32(s->aflag - 1));
7373 } else if (s->cpl != 0) {
7374 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7376 gen_svm_check_intercept(s, pc_start,
7377 op==2 ? SVM_EXIT_GDTR_WRITE : SVM_EXIT_IDTR_WRITE);
7378 gen_lea_modrm(env, s, modrm);
7379 gen_op_ld_v(s, MO_16, cpu_T[1], cpu_A0);
7380 gen_add_A0_im(s, 2);
7381 gen_op_ld_v(s, CODE64(s) + MO_32, cpu_T[0], cpu_A0);
7382 if (dflag == MO_16) {
7383 tcg_gen_andi_tl(cpu_T[0], cpu_T[0], 0xffffff);
7386 tcg_gen_st_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,gdt.base));
7387 tcg_gen_st32_tl(cpu_T[1], cpu_env, offsetof(CPUX86State,gdt.limit));
7389 tcg_gen_st_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,idt.base));
7390 tcg_gen_st32_tl(cpu_T[1], cpu_env, offsetof(CPUX86State,idt.limit));
7395 gen_svm_check_intercept(s, pc_start, SVM_EXIT_READ_CR0);
7396 #if defined TARGET_X86_64 && defined HOST_WORDS_BIGENDIAN
7397 tcg_gen_ld32u_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,cr[0]) + 4);
7399 tcg_gen_ld32u_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,cr[0]));
7401 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 1);
7405 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7407 gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_CR0);
7408 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7409 gen_helper_lmsw(cpu_env, cpu_T[0]);
7410 gen_jmp_im(s->pc - s->cs_base);
7415 if (mod != 3) { /* invlpg */
7417 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7419 gen_update_cc_op(s);
7420 gen_jmp_im(pc_start - s->cs_base);
7421 gen_lea_modrm(env, s, modrm);
7422 gen_helper_invlpg(cpu_env, cpu_A0);
7423 gen_jmp_im(s->pc - s->cs_base);
7428 case 0: /* swapgs */
7429 #ifdef TARGET_X86_64
7432 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7434 tcg_gen_ld_tl(cpu_T[0], cpu_env,
7435 offsetof(CPUX86State,segs[R_GS].base));
7436 tcg_gen_ld_tl(cpu_T[1], cpu_env,
7437 offsetof(CPUX86State,kernelgsbase));
7438 tcg_gen_st_tl(cpu_T[1], cpu_env,
7439 offsetof(CPUX86State,segs[R_GS].base));
7440 tcg_gen_st_tl(cpu_T[0], cpu_env,
7441 offsetof(CPUX86State,kernelgsbase));
7449 case 1: /* rdtscp */
7450 if (!(s->cpuid_ext2_features & CPUID_EXT2_RDTSCP))
7452 gen_update_cc_op(s);
7453 gen_jmp_im(pc_start - s->cs_base);
7456 gen_helper_rdtscp(cpu_env);
7459 gen_jmp(s, s->pc - s->cs_base);
7471 case 0x108: /* invd */
7472 case 0x109: /* wbinvd */
7474 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7476 gen_svm_check_intercept(s, pc_start, (b & 2) ? SVM_EXIT_INVD : SVM_EXIT_WBINVD);
7480 case 0x63: /* arpl or movslS (x86_64) */
7481 #ifdef TARGET_X86_64
7484 /* d_ot is the size of destination */
7487 modrm = cpu_ldub_code(env, s->pc++);
7488 reg = ((modrm >> 3) & 7) | rex_r;
7489 mod = (modrm >> 6) & 3;
7490 rm = (modrm & 7) | REX_B(s);
7493 gen_op_mov_v_reg(MO_32, cpu_T[0], rm);
7495 if (d_ot == MO_64) {
7496 tcg_gen_ext32s_tl(cpu_T[0], cpu_T[0]);
7498 gen_op_mov_reg_v(d_ot, reg, cpu_T[0]);
7500 gen_lea_modrm(env, s, modrm);
7501 gen_op_ld_v(s, MO_32 | MO_SIGN, cpu_T[0], cpu_A0);
7502 gen_op_mov_reg_v(d_ot, reg, cpu_T[0]);
7508 TCGv t0, t1, t2, a0;
7510 if (!s->pe || s->vm86)
7512 t0 = tcg_temp_local_new();
7513 t1 = tcg_temp_local_new();
7514 t2 = tcg_temp_local_new();
7516 modrm = cpu_ldub_code(env, s->pc++);
7517 reg = (modrm >> 3) & 7;
7518 mod = (modrm >> 6) & 3;
7521 gen_lea_modrm(env, s, modrm);
7522 gen_op_ld_v(s, ot, t0, cpu_A0);
7523 a0 = tcg_temp_local_new();
7524 tcg_gen_mov_tl(a0, cpu_A0);
7526 gen_op_mov_v_reg(ot, t0, rm);
7529 gen_op_mov_v_reg(ot, t1, reg);
7530 tcg_gen_andi_tl(cpu_tmp0, t0, 3);
7531 tcg_gen_andi_tl(t1, t1, 3);
7532 tcg_gen_movi_tl(t2, 0);
7533 label1 = gen_new_label();
7534 tcg_gen_brcond_tl(TCG_COND_GE, cpu_tmp0, t1, label1);
7535 tcg_gen_andi_tl(t0, t0, ~3);
7536 tcg_gen_or_tl(t0, t0, t1);
7537 tcg_gen_movi_tl(t2, CC_Z);
7538 gen_set_label(label1);
7540 gen_op_st_v(s, ot, t0, a0);
7543 gen_op_mov_reg_v(ot, rm, t0);
7545 gen_compute_eflags(s);
7546 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, ~CC_Z);
7547 tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, t2);
7553 case 0x102: /* lar */
7554 case 0x103: /* lsl */
7558 if (!s->pe || s->vm86)
7560 ot = dflag != MO_16 ? MO_32 : MO_16;
7561 modrm = cpu_ldub_code(env, s->pc++);
7562 reg = ((modrm >> 3) & 7) | rex_r;
7563 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
7564 t0 = tcg_temp_local_new();
7565 gen_update_cc_op(s);
7567 gen_helper_lar(t0, cpu_env, cpu_T[0]);
7569 gen_helper_lsl(t0, cpu_env, cpu_T[0]);
7571 tcg_gen_andi_tl(cpu_tmp0, cpu_cc_src, CC_Z);
7572 label1 = gen_new_label();
7573 tcg_gen_brcondi_tl(TCG_COND_EQ, cpu_tmp0, 0, label1);
7574 gen_op_mov_reg_v(ot, reg, t0);
7575 gen_set_label(label1);
7576 set_cc_op(s, CC_OP_EFLAGS);
7581 modrm = cpu_ldub_code(env, s->pc++);
7582 mod = (modrm >> 6) & 3;
7583 op = (modrm >> 3) & 7;
7585 case 0: /* prefetchnta */
7586 case 1: /* prefetchnt0 */
7587 case 2: /* prefetchnt0 */
7588 case 3: /* prefetchnt0 */
7591 gen_lea_modrm(env, s, modrm);
7592 /* nothing more to do */
7594 default: /* nop (multi byte) */
7595 gen_nop_modrm(env, s, modrm);
7599 case 0x119 ... 0x11f: /* nop (multi byte) */
7600 modrm = cpu_ldub_code(env, s->pc++);
7601 gen_nop_modrm(env, s, modrm);
7603 case 0x120: /* mov reg, crN */
7604 case 0x122: /* mov crN, reg */
7606 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7608 modrm = cpu_ldub_code(env, s->pc++);
7609 /* Ignore the mod bits (assume (modrm&0xc0)==0xc0).
7610 * AMD documentation (24594.pdf) and testing of
7611 * intel 386 and 486 processors all show that the mod bits
7612 * are assumed to be 1's, regardless of actual values.
7614 rm = (modrm & 7) | REX_B(s);
7615 reg = ((modrm >> 3) & 7) | rex_r;
7620 if ((prefixes & PREFIX_LOCK) && (reg == 0) &&
7621 (s->cpuid_ext3_features & CPUID_EXT3_CR8LEG)) {
7630 gen_update_cc_op(s);
7631 gen_jmp_im(pc_start - s->cs_base);
7633 gen_op_mov_v_reg(ot, cpu_T[0], rm);
7634 gen_helper_write_crN(cpu_env, tcg_const_i32(reg),
7636 gen_jmp_im(s->pc - s->cs_base);
7639 gen_helper_read_crN(cpu_T[0], cpu_env, tcg_const_i32(reg));
7640 gen_op_mov_reg_v(ot, rm, cpu_T[0]);
7648 case 0x121: /* mov reg, drN */
7649 case 0x123: /* mov drN, reg */
7651 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7653 modrm = cpu_ldub_code(env, s->pc++);
7654 /* Ignore the mod bits (assume (modrm&0xc0)==0xc0).
7655 * AMD documentation (24594.pdf) and testing of
7656 * intel 386 and 486 processors all show that the mod bits
7657 * are assumed to be 1's, regardless of actual values.
7659 rm = (modrm & 7) | REX_B(s);
7660 reg = ((modrm >> 3) & 7) | rex_r;
7665 /* XXX: do it dynamically with CR4.DE bit */
7666 if (reg == 4 || reg == 5 || reg >= 8)
7669 gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_DR0 + reg);
7670 gen_op_mov_v_reg(ot, cpu_T[0], rm);
7671 gen_helper_movl_drN_T0(cpu_env, tcg_const_i32(reg), cpu_T[0]);
7672 gen_jmp_im(s->pc - s->cs_base);
7675 gen_svm_check_intercept(s, pc_start, SVM_EXIT_READ_DR0 + reg);
7676 tcg_gen_ld_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,dr[reg]));
7677 gen_op_mov_reg_v(ot, rm, cpu_T[0]);
7681 case 0x106: /* clts */
7683 gen_exception(s, EXCP0D_GPF, pc_start - s->cs_base);
7685 gen_svm_check_intercept(s, pc_start, SVM_EXIT_WRITE_CR0);
7686 gen_helper_clts(cpu_env);
7687 /* abort block because static cpu state changed */
7688 gen_jmp_im(s->pc - s->cs_base);
7692 /* MMX/3DNow!/SSE/SSE2/SSE3/SSSE3/SSE4 support */
7693 case 0x1c3: /* MOVNTI reg, mem */
7694 if (!(s->cpuid_features & CPUID_SSE2))
7696 ot = mo_64_32(dflag);
7697 modrm = cpu_ldub_code(env, s->pc++);
7698 mod = (modrm >> 6) & 3;
7701 reg = ((modrm >> 3) & 7) | rex_r;
7702 /* generate a generic store */
7703 gen_ldst_modrm(env, s, modrm, ot, reg, 1);
7706 modrm = cpu_ldub_code(env, s->pc++);
7707 mod = (modrm >> 6) & 3;
7708 op = (modrm >> 3) & 7;
7710 case 0: /* fxsave */
7711 if (mod == 3 || !(s->cpuid_features & CPUID_FXSR) ||
7712 (s->prefix & PREFIX_LOCK))
7714 if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) {
7715 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
7718 gen_lea_modrm(env, s, modrm);
7719 gen_update_cc_op(s);
7720 gen_jmp_im(pc_start - s->cs_base);
7721 gen_helper_fxsave(cpu_env, cpu_A0, tcg_const_i32(dflag == MO_64));
7723 case 1: /* fxrstor */
7724 if (mod == 3 || !(s->cpuid_features & CPUID_FXSR) ||
7725 (s->prefix & PREFIX_LOCK))
7727 if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) {
7728 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
7731 gen_lea_modrm(env, s, modrm);
7732 gen_update_cc_op(s);
7733 gen_jmp_im(pc_start - s->cs_base);
7734 gen_helper_fxrstor(cpu_env, cpu_A0, tcg_const_i32(dflag == MO_64));
7736 case 2: /* ldmxcsr */
7737 case 3: /* stmxcsr */
7738 if (s->flags & HF_TS_MASK) {
7739 gen_exception(s, EXCP07_PREX, pc_start - s->cs_base);
7742 if ((s->flags & HF_EM_MASK) || !(s->flags & HF_OSFXSR_MASK) ||
7745 gen_lea_modrm(env, s, modrm);
7747 tcg_gen_qemu_ld_i32(cpu_tmp2_i32, cpu_A0,
7748 s->mem_index, MO_LEUL);
7749 gen_helper_ldmxcsr(cpu_env, cpu_tmp2_i32);
7751 tcg_gen_ld32u_tl(cpu_T[0], cpu_env, offsetof(CPUX86State, mxcsr));
7752 gen_op_st_v(s, MO_32, cpu_T[0], cpu_A0);
7755 case 5: /* lfence */
7756 case 6: /* mfence */
7757 if ((modrm & 0xc7) != 0xc0 || !(s->cpuid_features & CPUID_SSE2))
7760 case 7: /* sfence / clflush */
7761 if ((modrm & 0xc7) == 0xc0) {
7763 /* XXX: also check for cpuid_ext2_features & CPUID_EXT2_EMMX */
7764 if (!(s->cpuid_features & CPUID_SSE))
7768 if (!(s->cpuid_features & CPUID_CLFLUSH))
7770 gen_lea_modrm(env, s, modrm);
7777 case 0x10d: /* 3DNow! prefetch(w) */
7778 modrm = cpu_ldub_code(env, s->pc++);
7779 mod = (modrm >> 6) & 3;
7782 gen_lea_modrm(env, s, modrm);
7783 /* ignore for now */
7785 case 0x1aa: /* rsm */
7786 gen_svm_check_intercept(s, pc_start, SVM_EXIT_RSM);
7787 if (!(s->flags & HF_SMM_MASK))
7789 gen_update_cc_op(s);
7790 gen_jmp_im(s->pc - s->cs_base);
7791 gen_helper_rsm(cpu_env);
7794 case 0x1b8: /* SSE4.2 popcnt */
7795 if ((prefixes & (PREFIX_REPZ | PREFIX_LOCK | PREFIX_REPNZ)) !=
7798 if (!(s->cpuid_ext_features & CPUID_EXT_POPCNT))
7801 modrm = cpu_ldub_code(env, s->pc++);
7802 reg = ((modrm >> 3) & 7) | rex_r;
7804 if (s->prefix & PREFIX_DATA) {
7807 ot = mo_64_32(dflag);
7810 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
7811 gen_helper_popcnt(cpu_T[0], cpu_env, cpu_T[0], tcg_const_i32(ot));
7812 gen_op_mov_reg_v(ot, reg, cpu_T[0]);
7814 set_cc_op(s, CC_OP_EFLAGS);
7816 case 0x10e ... 0x10f:
7817 /* 3DNow! instructions, ignore prefixes */
7818 s->prefix &= ~(PREFIX_REPZ | PREFIX_REPNZ | PREFIX_DATA);
7819 case 0x110 ... 0x117:
7820 case 0x128 ... 0x12f:
7821 case 0x138 ... 0x13a:
7822 case 0x150 ... 0x179:
7823 case 0x17c ... 0x17f:
7825 case 0x1c4 ... 0x1c6:
7826 case 0x1d0 ... 0x1fe:
7827 gen_sse(env, s, b, pc_start, rex_r);
7832 /* lock generation */
7833 if (s->prefix & PREFIX_LOCK)
7834 gen_helper_unlock();
7837 if (s->prefix & PREFIX_LOCK)
7838 gen_helper_unlock();
7839 /* XXX: ensure that no lock was generated */
7840 gen_exception(s, EXCP06_ILLOP, pc_start - s->cs_base);
7844 void optimize_flags_init(void)
7846 static const char reg_names[CPU_NB_REGS][4] = {
7847 #ifdef TARGET_X86_64
7877 cpu_env = tcg_global_reg_new_ptr(TCG_AREG0, "env");
7878 cpu_cc_op = tcg_global_mem_new_i32(TCG_AREG0,
7879 offsetof(CPUX86State, cc_op), "cc_op");
7880 cpu_cc_dst = tcg_global_mem_new(TCG_AREG0, offsetof(CPUX86State, cc_dst),
7882 cpu_cc_src = tcg_global_mem_new(TCG_AREG0, offsetof(CPUX86State, cc_src),
7884 cpu_cc_src2 = tcg_global_mem_new(TCG_AREG0, offsetof(CPUX86State, cc_src2),
7887 for (i = 0; i < CPU_NB_REGS; ++i) {
7888 cpu_regs[i] = tcg_global_mem_new(TCG_AREG0,
7889 offsetof(CPUX86State, regs[i]),
7894 /* generate intermediate code in gen_opc_buf and gen_opparam_buf for
7895 basic block 'tb'. If search_pc is TRUE, also generate PC
7896 information for each intermediate instruction. */
7897 static inline void gen_intermediate_code_internal(X86CPU *cpu,
7898 TranslationBlock *tb,
7901 CPUState *cs = CPU(cpu);
7902 CPUX86State *env = &cpu->env;
7903 DisasContext dc1, *dc = &dc1;
7904 target_ulong pc_ptr;
7905 uint16_t *gen_opc_end;
7909 target_ulong pc_start;
7910 target_ulong cs_base;
7914 /* generate intermediate code */
7916 cs_base = tb->cs_base;
7919 dc->pe = (flags >> HF_PE_SHIFT) & 1;
7920 dc->code32 = (flags >> HF_CS32_SHIFT) & 1;
7921 dc->ss32 = (flags >> HF_SS32_SHIFT) & 1;
7922 dc->addseg = (flags >> HF_ADDSEG_SHIFT) & 1;
7924 dc->vm86 = (flags >> VM_SHIFT) & 1;
7925 dc->cpl = (flags >> HF_CPL_SHIFT) & 3;
7926 dc->iopl = (flags >> IOPL_SHIFT) & 3;
7927 dc->tf = (flags >> TF_SHIFT) & 1;
7928 dc->singlestep_enabled = cs->singlestep_enabled;
7929 dc->cc_op = CC_OP_DYNAMIC;
7930 dc->cc_op_dirty = false;
7931 dc->cs_base = cs_base;
7933 dc->popl_esp_hack = 0;
7934 /* select memory access functions */
7936 if (flags & HF_SOFTMMU_MASK) {
7937 dc->mem_index = cpu_mmu_index(env);
7939 dc->cpuid_features = env->features[FEAT_1_EDX];
7940 dc->cpuid_ext_features = env->features[FEAT_1_ECX];
7941 dc->cpuid_ext2_features = env->features[FEAT_8000_0001_EDX];
7942 dc->cpuid_ext3_features = env->features[FEAT_8000_0001_ECX];
7943 dc->cpuid_7_0_ebx_features = env->features[FEAT_7_0_EBX];
7944 #ifdef TARGET_X86_64
7945 dc->lma = (flags >> HF_LMA_SHIFT) & 1;
7946 dc->code64 = (flags >> HF_CS64_SHIFT) & 1;
7949 dc->jmp_opt = !(dc->tf || cs->singlestep_enabled ||
7950 (flags & HF_INHIBIT_IRQ_MASK)
7951 #ifndef CONFIG_SOFTMMU
7952 || (flags & HF_SOFTMMU_MASK)
7955 /* Do not optimize repz jumps at all in icount mode, because
7956 rep movsS instructions are execured with different paths
7957 in !repz_opt and repz_opt modes. The first one was used
7958 always except single step mode. And this setting
7959 disables jumps optimization and control paths become
7960 equivalent in run and single step modes.
7961 Now there will be no jump optimization for repz in
7962 record/replay modes and there will always be an
7963 additional step for ecx=0 when icount is enabled.
7965 dc->repz_opt = !dc->jmp_opt && !use_icount;
7967 /* check addseg logic */
7968 if (!dc->addseg && (dc->vm86 || !dc->pe || !dc->code32))
7969 printf("ERROR addseg\n");
7972 cpu_T[0] = tcg_temp_new();
7973 cpu_T[1] = tcg_temp_new();
7974 cpu_A0 = tcg_temp_new();
7976 cpu_tmp0 = tcg_temp_new();
7977 cpu_tmp1_i64 = tcg_temp_new_i64();
7978 cpu_tmp2_i32 = tcg_temp_new_i32();
7979 cpu_tmp3_i32 = tcg_temp_new_i32();
7980 cpu_tmp4 = tcg_temp_new();
7981 cpu_ptr0 = tcg_temp_new_ptr();
7982 cpu_ptr1 = tcg_temp_new_ptr();
7983 cpu_cc_srcT = tcg_temp_local_new();
7985 gen_opc_end = tcg_ctx.gen_opc_buf + OPC_MAX_SIZE;
7987 dc->is_jmp = DISAS_NEXT;
7991 max_insns = tb->cflags & CF_COUNT_MASK;
7993 max_insns = CF_COUNT_MASK;
7997 if (unlikely(!QTAILQ_EMPTY(&cs->breakpoints))) {
7998 QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
7999 if (bp->pc == pc_ptr &&
8000 !((bp->flags & BP_CPU) && (tb->flags & HF_RF_MASK))) {
8001 gen_debug(dc, pc_ptr - dc->cs_base);
8002 goto done_generating;
8007 j = tcg_ctx.gen_opc_ptr - tcg_ctx.gen_opc_buf;
8011 tcg_ctx.gen_opc_instr_start[lj++] = 0;
8013 tcg_ctx.gen_opc_pc[lj] = pc_ptr;
8014 gen_opc_cc_op[lj] = dc->cc_op;
8015 tcg_ctx.gen_opc_instr_start[lj] = 1;
8016 tcg_ctx.gen_opc_icount[lj] = num_insns;
8018 if (num_insns + 1 == max_insns && (tb->cflags & CF_LAST_IO))
8021 pc_ptr = disas_insn(env, dc, pc_ptr);
8023 /* stop translation if indicated */
8026 /* if single step mode, we generate only one instruction and
8027 generate an exception */
8028 /* if irq were inhibited with HF_INHIBIT_IRQ_MASK, we clear
8029 the flag and abort the translation to give the irqs a
8030 change to be happen */
8031 if (dc->tf || dc->singlestep_enabled ||
8032 (flags & HF_INHIBIT_IRQ_MASK)) {
8033 gen_jmp_im(pc_ptr - dc->cs_base);
8037 /* Do not cross the boundary of the pages in icount mode,
8038 it can cause an exception. Do it only when boundary is
8039 crossed by the first instruction in the block.
8040 If current instruction already crossed the bound - it's ok,
8041 because an exception hasn't stopped this code.
8044 && ((pc_ptr & TARGET_PAGE_MASK)
8045 != ((pc_ptr + TARGET_MAX_INSN_SIZE - 1) & TARGET_PAGE_MASK)
8046 || (pc_ptr & ~TARGET_PAGE_MASK) == 0)) {
8047 gen_jmp_im(pc_ptr - dc->cs_base);
8051 /* if too long translation, stop generation too */
8052 if (tcg_ctx.gen_opc_ptr >= gen_opc_end ||
8053 (pc_ptr - pc_start) >= (TARGET_PAGE_SIZE - 32) ||
8054 num_insns >= max_insns) {
8055 gen_jmp_im(pc_ptr - dc->cs_base);
8060 gen_jmp_im(pc_ptr - dc->cs_base);
8065 if (tb->cflags & CF_LAST_IO)
8068 gen_tb_end(tb, num_insns);
8069 *tcg_ctx.gen_opc_ptr = INDEX_op_end;
8070 /* we don't forget to fill the last values */
8072 j = tcg_ctx.gen_opc_ptr - tcg_ctx.gen_opc_buf;
8075 tcg_ctx.gen_opc_instr_start[lj++] = 0;
8079 if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM)) {
8081 qemu_log("----------------\n");
8082 qemu_log("IN: %s\n", lookup_symbol(pc_start));
8083 #ifdef TARGET_X86_64
8088 disas_flags = !dc->code32;
8089 log_target_disas(env, pc_start, pc_ptr - pc_start, disas_flags);
8095 tb->size = pc_ptr - pc_start;
8096 tb->icount = num_insns;
8100 void gen_intermediate_code(CPUX86State *env, TranslationBlock *tb)
8102 gen_intermediate_code_internal(x86_env_get_cpu(env), tb, false);
8105 void gen_intermediate_code_pc(CPUX86State *env, TranslationBlock *tb)
8107 gen_intermediate_code_internal(x86_env_get_cpu(env), tb, true);
8110 void restore_state_to_opc(CPUX86State *env, TranslationBlock *tb, int pc_pos)
8114 if (qemu_loglevel_mask(CPU_LOG_TB_OP)) {
8116 qemu_log("RESTORE:\n");
8117 for(i = 0;i <= pc_pos; i++) {
8118 if (tcg_ctx.gen_opc_instr_start[i]) {
8119 qemu_log("0x%04x: " TARGET_FMT_lx "\n", i,
8120 tcg_ctx.gen_opc_pc[i]);
8123 qemu_log("pc_pos=0x%x eip=" TARGET_FMT_lx " cs_base=%x\n",
8124 pc_pos, tcg_ctx.gen_opc_pc[pc_pos] - tb->cs_base,
8125 (uint32_t)tb->cs_base);
8128 env->eip = tcg_ctx.gen_opc_pc[pc_pos] - tb->cs_base;
8129 cc_op = gen_opc_cc_op[pc_pos];
8130 if (cc_op != CC_OP_DYNAMIC)
projects / qemu.git / blob