4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2005-2007 CodeSourcery
6 * Copyright (c) 2007 OpenedHand, Ltd.
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu/osdep.h"
24 #include "internals.h"
25 #include "disas/disas.h"
26 #include "exec/exec-all.h"
28 #include "tcg-op-gvec.h"
30 #include "qemu/bitops.h"
32 #include "hw/semihosting/semihost.h"
34 #include "exec/helper-proto.h"
35 #include "exec/helper-gen.h"
37 #include "trace-tcg.h"
41 #define ENABLE_ARCH_4T arm_dc_feature(s, ARM_FEATURE_V4T)
42 #define ENABLE_ARCH_5 arm_dc_feature(s, ARM_FEATURE_V5)
43 /* currently all emulated v5 cores are also v5TE, so don't bother */
44 #define ENABLE_ARCH_5TE arm_dc_feature(s, ARM_FEATURE_V5)
45 #define ENABLE_ARCH_5J dc_isar_feature(jazelle, s)
46 #define ENABLE_ARCH_6 arm_dc_feature(s, ARM_FEATURE_V6)
47 #define ENABLE_ARCH_6K arm_dc_feature(s, ARM_FEATURE_V6K)
48 #define ENABLE_ARCH_6T2 arm_dc_feature(s, ARM_FEATURE_THUMB2)
49 #define ENABLE_ARCH_7 arm_dc_feature(s, ARM_FEATURE_V7)
50 #define ENABLE_ARCH_8 arm_dc_feature(s, ARM_FEATURE_V8)
52 #define ARCH(x) do { if (!ENABLE_ARCH_##x) goto illegal_op; } while(0)
54 #include "translate.h"
56 #if defined(CONFIG_USER_ONLY)
59 #define IS_USER(s) (s->user)
62 /* We reuse the same 64-bit temporaries for efficiency. */
63 static TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
64 static TCGv_i32 cpu_R[16];
65 TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF;
66 TCGv_i64 cpu_exclusive_addr;
67 TCGv_i64 cpu_exclusive_val;
69 #include "exec/gen-icount.h"
71 static const char * const regnames[] =
72 { "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
73 "r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" };
75 /* Function prototypes for gen_ functions calling Neon helpers. */
76 typedef void NeonGenThreeOpEnvFn(TCGv_i32, TCGv_env, TCGv_i32,
78 /* Function prototypes for gen_ functions for fix point conversions */
79 typedef void VFPGenFixPointFn(TCGv_i32, TCGv_i32, TCGv_i32, TCGv_ptr);
81 /* initialize TCG globals. */
82 void arm_translate_init(void)
86 for (i = 0; i < 16; i++) {
87 cpu_R[i] = tcg_global_mem_new_i32(cpu_env,
88 offsetof(CPUARMState, regs[i]),
91 cpu_CF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, CF), "CF");
92 cpu_NF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, NF), "NF");
93 cpu_VF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, VF), "VF");
94 cpu_ZF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, ZF), "ZF");
96 cpu_exclusive_addr = tcg_global_mem_new_i64(cpu_env,
97 offsetof(CPUARMState, exclusive_addr), "exclusive_addr");
98 cpu_exclusive_val = tcg_global_mem_new_i64(cpu_env,
99 offsetof(CPUARMState, exclusive_val), "exclusive_val");
101 a64_translate_init();
104 /* Flags for the disas_set_da_iss info argument:
105 * lower bits hold the Rt register number, higher bits are flags.
107 typedef enum ISSInfo {
110 ISSInvalid = (1 << 5),
111 ISSIsAcqRel = (1 << 6),
112 ISSIsWrite = (1 << 7),
113 ISSIs16Bit = (1 << 8),
116 /* Save the syndrome information for a Data Abort */
117 static void disas_set_da_iss(DisasContext *s, MemOp memop, ISSInfo issinfo)
120 int sas = memop & MO_SIZE;
121 bool sse = memop & MO_SIGN;
122 bool is_acqrel = issinfo & ISSIsAcqRel;
123 bool is_write = issinfo & ISSIsWrite;
124 bool is_16bit = issinfo & ISSIs16Bit;
125 int srt = issinfo & ISSRegMask;
127 if (issinfo & ISSInvalid) {
128 /* Some callsites want to conditionally provide ISS info,
129 * eg "only if this was not a writeback"
135 /* For AArch32, insns where the src/dest is R15 never generate
136 * ISS information. Catching that here saves checking at all
142 syn = syn_data_abort_with_iss(0, sas, sse, srt, 0, is_acqrel,
143 0, 0, 0, is_write, 0, is_16bit);
144 disas_set_insn_syndrome(s, syn);
147 static inline int get_a32_user_mem_index(DisasContext *s)
149 /* Return the core mmu_idx to use for A32/T32 "unprivileged load/store"
151 * if PL2, UNPREDICTABLE (we choose to implement as if PL0)
152 * otherwise, access as if at PL0.
154 switch (s->mmu_idx) {
155 case ARMMMUIdx_S1E2: /* this one is UNPREDICTABLE */
156 case ARMMMUIdx_S12NSE0:
157 case ARMMMUIdx_S12NSE1:
158 return arm_to_core_mmu_idx(ARMMMUIdx_S12NSE0);
160 case ARMMMUIdx_S1SE0:
161 case ARMMMUIdx_S1SE1:
162 return arm_to_core_mmu_idx(ARMMMUIdx_S1SE0);
163 case ARMMMUIdx_MUser:
164 case ARMMMUIdx_MPriv:
165 return arm_to_core_mmu_idx(ARMMMUIdx_MUser);
166 case ARMMMUIdx_MUserNegPri:
167 case ARMMMUIdx_MPrivNegPri:
168 return arm_to_core_mmu_idx(ARMMMUIdx_MUserNegPri);
169 case ARMMMUIdx_MSUser:
170 case ARMMMUIdx_MSPriv:
171 return arm_to_core_mmu_idx(ARMMMUIdx_MSUser);
172 case ARMMMUIdx_MSUserNegPri:
173 case ARMMMUIdx_MSPrivNegPri:
174 return arm_to_core_mmu_idx(ARMMMUIdx_MSUserNegPri);
177 g_assert_not_reached();
181 static inline TCGv_i32 load_cpu_offset(int offset)
183 TCGv_i32 tmp = tcg_temp_new_i32();
184 tcg_gen_ld_i32(tmp, cpu_env, offset);
188 #define load_cpu_field(name) load_cpu_offset(offsetof(CPUARMState, name))
190 static inline void store_cpu_offset(TCGv_i32 var, int offset)
192 tcg_gen_st_i32(var, cpu_env, offset);
193 tcg_temp_free_i32(var);
196 #define store_cpu_field(var, name) \
197 store_cpu_offset(var, offsetof(CPUARMState, name))
199 /* The architectural value of PC. */
200 static uint32_t read_pc(DisasContext *s)
202 return s->pc_curr + (s->thumb ? 4 : 8);
205 /* Set a variable to the value of a CPU register. */
206 static void load_reg_var(DisasContext *s, TCGv_i32 var, int reg)
209 tcg_gen_movi_i32(var, read_pc(s));
211 tcg_gen_mov_i32(var, cpu_R[reg]);
215 /* Create a new temporary and set it to the value of a CPU register. */
216 static inline TCGv_i32 load_reg(DisasContext *s, int reg)
218 TCGv_i32 tmp = tcg_temp_new_i32();
219 load_reg_var(s, tmp, reg);
224 * Create a new temp, REG + OFS, except PC is ALIGN(PC, 4).
225 * This is used for load/store for which use of PC implies (literal),
226 * or ADD that implies ADR.
228 static TCGv_i32 add_reg_for_lit(DisasContext *s, int reg, int ofs)
230 TCGv_i32 tmp = tcg_temp_new_i32();
233 tcg_gen_movi_i32(tmp, (read_pc(s) & ~3) + ofs);
235 tcg_gen_addi_i32(tmp, cpu_R[reg], ofs);
240 /* Set a CPU register. The source must be a temporary and will be
242 static void store_reg(DisasContext *s, int reg, TCGv_i32 var)
245 /* In Thumb mode, we must ignore bit 0.
246 * In ARM mode, for ARMv4 and ARMv5, it is UNPREDICTABLE if bits [1:0]
247 * are not 0b00, but for ARMv6 and above, we must ignore bits [1:0].
248 * We choose to ignore [1:0] in ARM mode for all architecture versions.
250 tcg_gen_andi_i32(var, var, s->thumb ? ~1 : ~3);
251 s->base.is_jmp = DISAS_JUMP;
253 tcg_gen_mov_i32(cpu_R[reg], var);
254 tcg_temp_free_i32(var);
258 * Variant of store_reg which applies v8M stack-limit checks before updating
259 * SP. If the check fails this will result in an exception being taken.
260 * We disable the stack checks for CONFIG_USER_ONLY because we have
261 * no idea what the stack limits should be in that case.
262 * If stack checking is not being done this just acts like store_reg().
264 static void store_sp_checked(DisasContext *s, TCGv_i32 var)
266 #ifndef CONFIG_USER_ONLY
267 if (s->v8m_stackcheck) {
268 gen_helper_v8m_stackcheck(cpu_env, var);
271 store_reg(s, 13, var);
274 /* Value extensions. */
275 #define gen_uxtb(var) tcg_gen_ext8u_i32(var, var)
276 #define gen_uxth(var) tcg_gen_ext16u_i32(var, var)
277 #define gen_sxtb(var) tcg_gen_ext8s_i32(var, var)
278 #define gen_sxth(var) tcg_gen_ext16s_i32(var, var)
280 #define gen_sxtb16(var) gen_helper_sxtb16(var, var)
281 #define gen_uxtb16(var) gen_helper_uxtb16(var, var)
284 static inline void gen_set_cpsr(TCGv_i32 var, uint32_t mask)
286 TCGv_i32 tmp_mask = tcg_const_i32(mask);
287 gen_helper_cpsr_write(cpu_env, var, tmp_mask);
288 tcg_temp_free_i32(tmp_mask);
290 /* Set NZCV flags from the high 4 bits of var. */
291 #define gen_set_nzcv(var) gen_set_cpsr(var, CPSR_NZCV)
293 static void gen_exception_internal(int excp)
295 TCGv_i32 tcg_excp = tcg_const_i32(excp);
297 assert(excp_is_internal(excp));
298 gen_helper_exception_internal(cpu_env, tcg_excp);
299 tcg_temp_free_i32(tcg_excp);
302 static void gen_step_complete_exception(DisasContext *s)
304 /* We just completed step of an insn. Move from Active-not-pending
305 * to Active-pending, and then also take the swstep exception.
306 * This corresponds to making the (IMPDEF) choice to prioritize
307 * swstep exceptions over asynchronous exceptions taken to an exception
308 * level where debug is disabled. This choice has the advantage that
309 * we do not need to maintain internal state corresponding to the
310 * ISV/EX syndrome bits between completion of the step and generation
311 * of the exception, and our syndrome information is always correct.
314 gen_swstep_exception(s, 1, s->is_ldex);
315 s->base.is_jmp = DISAS_NORETURN;
318 static void gen_singlestep_exception(DisasContext *s)
320 /* Generate the right kind of exception for singlestep, which is
321 * either the architectural singlestep or EXCP_DEBUG for QEMU's
322 * gdb singlestepping.
325 gen_step_complete_exception(s);
327 gen_exception_internal(EXCP_DEBUG);
331 static inline bool is_singlestepping(DisasContext *s)
333 /* Return true if we are singlestepping either because of
334 * architectural singlestep or QEMU gdbstub singlestep. This does
335 * not include the command line '-singlestep' mode which is rather
336 * misnamed as it only means "one instruction per TB" and doesn't
337 * affect the code we generate.
339 return s->base.singlestep_enabled || s->ss_active;
342 static void gen_smul_dual(TCGv_i32 a, TCGv_i32 b)
344 TCGv_i32 tmp1 = tcg_temp_new_i32();
345 TCGv_i32 tmp2 = tcg_temp_new_i32();
346 tcg_gen_ext16s_i32(tmp1, a);
347 tcg_gen_ext16s_i32(tmp2, b);
348 tcg_gen_mul_i32(tmp1, tmp1, tmp2);
349 tcg_temp_free_i32(tmp2);
350 tcg_gen_sari_i32(a, a, 16);
351 tcg_gen_sari_i32(b, b, 16);
352 tcg_gen_mul_i32(b, b, a);
353 tcg_gen_mov_i32(a, tmp1);
354 tcg_temp_free_i32(tmp1);
357 /* Byteswap each halfword. */
358 static void gen_rev16(TCGv_i32 var)
360 TCGv_i32 tmp = tcg_temp_new_i32();
361 TCGv_i32 mask = tcg_const_i32(0x00ff00ff);
362 tcg_gen_shri_i32(tmp, var, 8);
363 tcg_gen_and_i32(tmp, tmp, mask);
364 tcg_gen_and_i32(var, var, mask);
365 tcg_gen_shli_i32(var, var, 8);
366 tcg_gen_or_i32(var, var, tmp);
367 tcg_temp_free_i32(mask);
368 tcg_temp_free_i32(tmp);
371 /* Byteswap low halfword and sign extend. */
372 static void gen_revsh(TCGv_i32 var)
374 tcg_gen_ext16u_i32(var, var);
375 tcg_gen_bswap16_i32(var, var);
376 tcg_gen_ext16s_i32(var, var);
379 /* 32x32->64 multiply. Marks inputs as dead. */
380 static TCGv_i64 gen_mulu_i64_i32(TCGv_i32 a, TCGv_i32 b)
382 TCGv_i32 lo = tcg_temp_new_i32();
383 TCGv_i32 hi = tcg_temp_new_i32();
386 tcg_gen_mulu2_i32(lo, hi, a, b);
387 tcg_temp_free_i32(a);
388 tcg_temp_free_i32(b);
390 ret = tcg_temp_new_i64();
391 tcg_gen_concat_i32_i64(ret, lo, hi);
392 tcg_temp_free_i32(lo);
393 tcg_temp_free_i32(hi);
398 static TCGv_i64 gen_muls_i64_i32(TCGv_i32 a, TCGv_i32 b)
400 TCGv_i32 lo = tcg_temp_new_i32();
401 TCGv_i32 hi = tcg_temp_new_i32();
404 tcg_gen_muls2_i32(lo, hi, a, b);
405 tcg_temp_free_i32(a);
406 tcg_temp_free_i32(b);
408 ret = tcg_temp_new_i64();
409 tcg_gen_concat_i32_i64(ret, lo, hi);
410 tcg_temp_free_i32(lo);
411 tcg_temp_free_i32(hi);
416 /* Swap low and high halfwords. */
417 static void gen_swap_half(TCGv_i32 var)
419 tcg_gen_rotri_i32(var, var, 16);
422 /* Dual 16-bit add. Result placed in t0 and t1 is marked as dead.
423 tmp = (t0 ^ t1) & 0x8000;
426 t0 = (t0 + t1) ^ tmp;
429 static void gen_add16(TCGv_i32 t0, TCGv_i32 t1)
431 TCGv_i32 tmp = tcg_temp_new_i32();
432 tcg_gen_xor_i32(tmp, t0, t1);
433 tcg_gen_andi_i32(tmp, tmp, 0x8000);
434 tcg_gen_andi_i32(t0, t0, ~0x8000);
435 tcg_gen_andi_i32(t1, t1, ~0x8000);
436 tcg_gen_add_i32(t0, t0, t1);
437 tcg_gen_xor_i32(t0, t0, tmp);
438 tcg_temp_free_i32(tmp);
439 tcg_temp_free_i32(t1);
442 /* Set N and Z flags from var. */
443 static inline void gen_logic_CC(TCGv_i32 var)
445 tcg_gen_mov_i32(cpu_NF, var);
446 tcg_gen_mov_i32(cpu_ZF, var);
450 static void gen_adc(TCGv_i32 t0, TCGv_i32 t1)
452 tcg_gen_add_i32(t0, t0, t1);
453 tcg_gen_add_i32(t0, t0, cpu_CF);
456 /* dest = T0 + T1 + CF. */
457 static void gen_add_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
459 tcg_gen_add_i32(dest, t0, t1);
460 tcg_gen_add_i32(dest, dest, cpu_CF);
463 /* dest = T0 - T1 + CF - 1. */
464 static void gen_sub_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
466 tcg_gen_sub_i32(dest, t0, t1);
467 tcg_gen_add_i32(dest, dest, cpu_CF);
468 tcg_gen_subi_i32(dest, dest, 1);
471 /* dest = T0 + T1. Compute C, N, V and Z flags */
472 static void gen_add_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
474 TCGv_i32 tmp = tcg_temp_new_i32();
475 tcg_gen_movi_i32(tmp, 0);
476 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, t1, tmp);
477 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
478 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
479 tcg_gen_xor_i32(tmp, t0, t1);
480 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
481 tcg_temp_free_i32(tmp);
482 tcg_gen_mov_i32(dest, cpu_NF);
485 /* dest = T0 + T1 + CF. Compute C, N, V and Z flags */
486 static void gen_adc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
488 TCGv_i32 tmp = tcg_temp_new_i32();
489 if (TCG_TARGET_HAS_add2_i32) {
490 tcg_gen_movi_i32(tmp, 0);
491 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, cpu_CF, tmp);
492 tcg_gen_add2_i32(cpu_NF, cpu_CF, cpu_NF, cpu_CF, t1, tmp);
494 TCGv_i64 q0 = tcg_temp_new_i64();
495 TCGv_i64 q1 = tcg_temp_new_i64();
496 tcg_gen_extu_i32_i64(q0, t0);
497 tcg_gen_extu_i32_i64(q1, t1);
498 tcg_gen_add_i64(q0, q0, q1);
499 tcg_gen_extu_i32_i64(q1, cpu_CF);
500 tcg_gen_add_i64(q0, q0, q1);
501 tcg_gen_extr_i64_i32(cpu_NF, cpu_CF, q0);
502 tcg_temp_free_i64(q0);
503 tcg_temp_free_i64(q1);
505 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
506 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
507 tcg_gen_xor_i32(tmp, t0, t1);
508 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
509 tcg_temp_free_i32(tmp);
510 tcg_gen_mov_i32(dest, cpu_NF);
513 /* dest = T0 - T1. Compute C, N, V and Z flags */
514 static void gen_sub_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
517 tcg_gen_sub_i32(cpu_NF, t0, t1);
518 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
519 tcg_gen_setcond_i32(TCG_COND_GEU, cpu_CF, t0, t1);
520 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
521 tmp = tcg_temp_new_i32();
522 tcg_gen_xor_i32(tmp, t0, t1);
523 tcg_gen_and_i32(cpu_VF, cpu_VF, tmp);
524 tcg_temp_free_i32(tmp);
525 tcg_gen_mov_i32(dest, cpu_NF);
528 /* dest = T0 + ~T1 + CF. Compute C, N, V and Z flags */
529 static void gen_sbc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
531 TCGv_i32 tmp = tcg_temp_new_i32();
532 tcg_gen_not_i32(tmp, t1);
533 gen_adc_CC(dest, t0, tmp);
534 tcg_temp_free_i32(tmp);
537 #define GEN_SHIFT(name) \
538 static void gen_##name(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) \
540 TCGv_i32 tmp1, tmp2, tmp3; \
541 tmp1 = tcg_temp_new_i32(); \
542 tcg_gen_andi_i32(tmp1, t1, 0xff); \
543 tmp2 = tcg_const_i32(0); \
544 tmp3 = tcg_const_i32(0x1f); \
545 tcg_gen_movcond_i32(TCG_COND_GTU, tmp2, tmp1, tmp3, tmp2, t0); \
546 tcg_temp_free_i32(tmp3); \
547 tcg_gen_andi_i32(tmp1, tmp1, 0x1f); \
548 tcg_gen_##name##_i32(dest, tmp2, tmp1); \
549 tcg_temp_free_i32(tmp2); \
550 tcg_temp_free_i32(tmp1); \
556 static void gen_sar(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
559 tmp1 = tcg_temp_new_i32();
560 tcg_gen_andi_i32(tmp1, t1, 0xff);
561 tmp2 = tcg_const_i32(0x1f);
562 tcg_gen_movcond_i32(TCG_COND_GTU, tmp1, tmp1, tmp2, tmp2, tmp1);
563 tcg_temp_free_i32(tmp2);
564 tcg_gen_sar_i32(dest, t0, tmp1);
565 tcg_temp_free_i32(tmp1);
568 static void shifter_out_im(TCGv_i32 var, int shift)
570 tcg_gen_extract_i32(cpu_CF, var, shift, 1);
573 /* Shift by immediate. Includes special handling for shift == 0. */
574 static inline void gen_arm_shift_im(TCGv_i32 var, int shiftop,
575 int shift, int flags)
581 shifter_out_im(var, 32 - shift);
582 tcg_gen_shli_i32(var, var, shift);
588 tcg_gen_shri_i32(cpu_CF, var, 31);
590 tcg_gen_movi_i32(var, 0);
593 shifter_out_im(var, shift - 1);
594 tcg_gen_shri_i32(var, var, shift);
601 shifter_out_im(var, shift - 1);
604 tcg_gen_sari_i32(var, var, shift);
606 case 3: /* ROR/RRX */
609 shifter_out_im(var, shift - 1);
610 tcg_gen_rotri_i32(var, var, shift); break;
612 TCGv_i32 tmp = tcg_temp_new_i32();
613 tcg_gen_shli_i32(tmp, cpu_CF, 31);
615 shifter_out_im(var, 0);
616 tcg_gen_shri_i32(var, var, 1);
617 tcg_gen_or_i32(var, var, tmp);
618 tcg_temp_free_i32(tmp);
623 static inline void gen_arm_shift_reg(TCGv_i32 var, int shiftop,
624 TCGv_i32 shift, int flags)
628 case 0: gen_helper_shl_cc(var, cpu_env, var, shift); break;
629 case 1: gen_helper_shr_cc(var, cpu_env, var, shift); break;
630 case 2: gen_helper_sar_cc(var, cpu_env, var, shift); break;
631 case 3: gen_helper_ror_cc(var, cpu_env, var, shift); break;
636 gen_shl(var, var, shift);
639 gen_shr(var, var, shift);
642 gen_sar(var, var, shift);
644 case 3: tcg_gen_andi_i32(shift, shift, 0x1f);
645 tcg_gen_rotr_i32(var, var, shift); break;
648 tcg_temp_free_i32(shift);
651 #define PAS_OP(pfx) \
653 case 0: gen_pas_helper(glue(pfx,add16)); break; \
654 case 1: gen_pas_helper(glue(pfx,addsubx)); break; \
655 case 2: gen_pas_helper(glue(pfx,subaddx)); break; \
656 case 3: gen_pas_helper(glue(pfx,sub16)); break; \
657 case 4: gen_pas_helper(glue(pfx,add8)); break; \
658 case 7: gen_pas_helper(glue(pfx,sub8)); break; \
660 static void gen_arm_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
665 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
667 tmp = tcg_temp_new_ptr();
668 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
670 tcg_temp_free_ptr(tmp);
673 tmp = tcg_temp_new_ptr();
674 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
676 tcg_temp_free_ptr(tmp);
678 #undef gen_pas_helper
679 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
692 #undef gen_pas_helper
697 /* For unknown reasons Arm and Thumb-2 use arbitrarily different encodings. */
698 #define PAS_OP(pfx) \
700 case 0: gen_pas_helper(glue(pfx,add8)); break; \
701 case 1: gen_pas_helper(glue(pfx,add16)); break; \
702 case 2: gen_pas_helper(glue(pfx,addsubx)); break; \
703 case 4: gen_pas_helper(glue(pfx,sub8)); break; \
704 case 5: gen_pas_helper(glue(pfx,sub16)); break; \
705 case 6: gen_pas_helper(glue(pfx,subaddx)); break; \
707 static void gen_thumb2_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
712 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
714 tmp = tcg_temp_new_ptr();
715 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
717 tcg_temp_free_ptr(tmp);
720 tmp = tcg_temp_new_ptr();
721 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
723 tcg_temp_free_ptr(tmp);
725 #undef gen_pas_helper
726 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
739 #undef gen_pas_helper
745 * Generate a conditional based on ARM condition code cc.
746 * This is common between ARM and Aarch64 targets.
748 void arm_test_cc(DisasCompare *cmp, int cc)
779 case 8: /* hi: C && !Z */
780 case 9: /* ls: !C || Z -> !(C && !Z) */
782 value = tcg_temp_new_i32();
784 /* CF is 1 for C, so -CF is an all-bits-set mask for C;
785 ZF is non-zero for !Z; so AND the two subexpressions. */
786 tcg_gen_neg_i32(value, cpu_CF);
787 tcg_gen_and_i32(value, value, cpu_ZF);
790 case 10: /* ge: N == V -> N ^ V == 0 */
791 case 11: /* lt: N != V -> N ^ V != 0 */
792 /* Since we're only interested in the sign bit, == 0 is >= 0. */
794 value = tcg_temp_new_i32();
796 tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
799 case 12: /* gt: !Z && N == V */
800 case 13: /* le: Z || N != V */
802 value = tcg_temp_new_i32();
804 /* (N == V) is equal to the sign bit of ~(NF ^ VF). Propagate
805 * the sign bit then AND with ZF to yield the result. */
806 tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
807 tcg_gen_sari_i32(value, value, 31);
808 tcg_gen_andc_i32(value, cpu_ZF, value);
811 case 14: /* always */
812 case 15: /* always */
813 /* Use the ALWAYS condition, which will fold early.
814 * It doesn't matter what we use for the value. */
815 cond = TCG_COND_ALWAYS;
820 fprintf(stderr, "Bad condition code 0x%x\n", cc);
825 cond = tcg_invert_cond(cond);
831 cmp->value_global = global;
834 void arm_free_cc(DisasCompare *cmp)
836 if (!cmp->value_global) {
837 tcg_temp_free_i32(cmp->value);
841 void arm_jump_cc(DisasCompare *cmp, TCGLabel *label)
843 tcg_gen_brcondi_i32(cmp->cond, cmp->value, 0, label);
846 void arm_gen_test_cc(int cc, TCGLabel *label)
849 arm_test_cc(&cmp, cc);
850 arm_jump_cc(&cmp, label);
854 static inline void gen_set_condexec(DisasContext *s)
856 if (s->condexec_mask) {
857 uint32_t val = (s->condexec_cond << 4) | (s->condexec_mask >> 1);
858 TCGv_i32 tmp = tcg_temp_new_i32();
859 tcg_gen_movi_i32(tmp, val);
860 store_cpu_field(tmp, condexec_bits);
864 static inline void gen_set_pc_im(DisasContext *s, target_ulong val)
866 tcg_gen_movi_i32(cpu_R[15], val);
869 /* Set PC and Thumb state from an immediate address. */
870 static inline void gen_bx_im(DisasContext *s, uint32_t addr)
874 s->base.is_jmp = DISAS_JUMP;
875 if (s->thumb != (addr & 1)) {
876 tmp = tcg_temp_new_i32();
877 tcg_gen_movi_i32(tmp, addr & 1);
878 tcg_gen_st_i32(tmp, cpu_env, offsetof(CPUARMState, thumb));
879 tcg_temp_free_i32(tmp);
881 tcg_gen_movi_i32(cpu_R[15], addr & ~1);
884 /* Set PC and Thumb state from var. var is marked as dead. */
885 static inline void gen_bx(DisasContext *s, TCGv_i32 var)
887 s->base.is_jmp = DISAS_JUMP;
888 tcg_gen_andi_i32(cpu_R[15], var, ~1);
889 tcg_gen_andi_i32(var, var, 1);
890 store_cpu_field(var, thumb);
894 * Set PC and Thumb state from var. var is marked as dead.
895 * For M-profile CPUs, include logic to detect exception-return
896 * branches and handle them. This is needed for Thumb POP/LDM to PC, LDR to PC,
897 * and BX reg, and no others, and happens only for code in Handler mode.
898 * The Security Extension also requires us to check for the FNC_RETURN
899 * which signals a function return from non-secure state; this can happen
900 * in both Handler and Thread mode.
901 * To avoid having to do multiple comparisons in inline generated code,
902 * we make the check we do here loose, so it will match for EXC_RETURN
903 * in Thread mode. For system emulation do_v7m_exception_exit() checks
904 * for these spurious cases and returns without doing anything (giving
905 * the same behaviour as for a branch to a non-magic address).
907 * In linux-user mode it is unclear what the right behaviour for an
908 * attempted FNC_RETURN should be, because in real hardware this will go
909 * directly to Secure code (ie not the Linux kernel) which will then treat
910 * the error in any way it chooses. For QEMU we opt to make the FNC_RETURN
911 * attempt behave the way it would on a CPU without the security extension,
912 * which is to say "like a normal branch". That means we can simply treat
913 * all branches as normal with no magic address behaviour.
915 static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
917 /* Generate the same code here as for a simple bx, but flag via
918 * s->base.is_jmp that we need to do the rest of the work later.
921 #ifndef CONFIG_USER_ONLY
922 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY) ||
923 (s->v7m_handler_mode && arm_dc_feature(s, ARM_FEATURE_M))) {
924 s->base.is_jmp = DISAS_BX_EXCRET;
929 static inline void gen_bx_excret_final_code(DisasContext *s)
931 /* Generate the code to finish possible exception return and end the TB */
932 TCGLabel *excret_label = gen_new_label();
935 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY)) {
936 /* Covers FNC_RETURN and EXC_RETURN magic */
937 min_magic = FNC_RETURN_MIN_MAGIC;
939 /* EXC_RETURN magic only */
940 min_magic = EXC_RETURN_MIN_MAGIC;
943 /* Is the new PC value in the magic range indicating exception return? */
944 tcg_gen_brcondi_i32(TCG_COND_GEU, cpu_R[15], min_magic, excret_label);
945 /* No: end the TB as we would for a DISAS_JMP */
946 if (is_singlestepping(s)) {
947 gen_singlestep_exception(s);
949 tcg_gen_exit_tb(NULL, 0);
951 gen_set_label(excret_label);
952 /* Yes: this is an exception return.
953 * At this point in runtime env->regs[15] and env->thumb will hold
954 * the exception-return magic number, which do_v7m_exception_exit()
955 * will read. Nothing else will be able to see those values because
956 * the cpu-exec main loop guarantees that we will always go straight
957 * from raising the exception to the exception-handling code.
959 * gen_ss_advance(s) does nothing on M profile currently but
960 * calling it is conceptually the right thing as we have executed
961 * this instruction (compare SWI, HVC, SMC handling).
964 gen_exception_internal(EXCP_EXCEPTION_EXIT);
967 static inline void gen_bxns(DisasContext *s, int rm)
969 TCGv_i32 var = load_reg(s, rm);
971 /* The bxns helper may raise an EXCEPTION_EXIT exception, so in theory
972 * we need to sync state before calling it, but:
973 * - we don't need to do gen_set_pc_im() because the bxns helper will
974 * always set the PC itself
975 * - we don't need to do gen_set_condexec() because BXNS is UNPREDICTABLE
976 * unless it's outside an IT block or the last insn in an IT block,
977 * so we know that condexec == 0 (already set at the top of the TB)
978 * is correct in the non-UNPREDICTABLE cases, and we can choose
979 * "zeroes the IT bits" as our UNPREDICTABLE behaviour otherwise.
981 gen_helper_v7m_bxns(cpu_env, var);
982 tcg_temp_free_i32(var);
983 s->base.is_jmp = DISAS_EXIT;
986 static inline void gen_blxns(DisasContext *s, int rm)
988 TCGv_i32 var = load_reg(s, rm);
990 /* We don't need to sync condexec state, for the same reason as bxns.
991 * We do however need to set the PC, because the blxns helper reads it.
992 * The blxns helper may throw an exception.
994 gen_set_pc_im(s, s->base.pc_next);
995 gen_helper_v7m_blxns(cpu_env, var);
996 tcg_temp_free_i32(var);
997 s->base.is_jmp = DISAS_EXIT;
1000 /* Variant of store_reg which uses branch&exchange logic when storing
1001 to r15 in ARM architecture v7 and above. The source must be a temporary
1002 and will be marked as dead. */
1003 static inline void store_reg_bx(DisasContext *s, int reg, TCGv_i32 var)
1005 if (reg == 15 && ENABLE_ARCH_7) {
1008 store_reg(s, reg, var);
1012 /* Variant of store_reg which uses branch&exchange logic when storing
1013 * to r15 in ARM architecture v5T and above. This is used for storing
1014 * the results of a LDR/LDM/POP into r15, and corresponds to the cases
1015 * in the ARM ARM which use the LoadWritePC() pseudocode function. */
1016 static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
1018 if (reg == 15 && ENABLE_ARCH_5) {
1019 gen_bx_excret(s, var);
1021 store_reg(s, reg, var);
1025 #ifdef CONFIG_USER_ONLY
1026 #define IS_USER_ONLY 1
1028 #define IS_USER_ONLY 0
1031 /* Abstractions of "generate code to do a guest load/store for
1032 * AArch32", where a vaddr is always 32 bits (and is zero
1033 * extended if we're a 64 bit core) and data is also
1034 * 32 bits unless specifically doing a 64 bit access.
1035 * These functions work like tcg_gen_qemu_{ld,st}* except
1036 * that the address argument is TCGv_i32 rather than TCGv.
1039 static inline TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, MemOp op)
1041 TCGv addr = tcg_temp_new();
1042 tcg_gen_extu_i32_tl(addr, a32);
1044 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1045 if (!IS_USER_ONLY && s->sctlr_b && (op & MO_SIZE) < MO_32) {
1046 tcg_gen_xori_tl(addr, addr, 4 - (1 << (op & MO_SIZE)));
1051 static void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
1052 int index, MemOp opc)
1056 if (arm_dc_feature(s, ARM_FEATURE_M) &&
1057 !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
1061 addr = gen_aa32_addr(s, a32, opc);
1062 tcg_gen_qemu_ld_i32(val, addr, index, opc);
1063 tcg_temp_free(addr);
1066 static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
1067 int index, MemOp opc)
1071 if (arm_dc_feature(s, ARM_FEATURE_M) &&
1072 !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
1076 addr = gen_aa32_addr(s, a32, opc);
1077 tcg_gen_qemu_st_i32(val, addr, index, opc);
1078 tcg_temp_free(addr);
1081 #define DO_GEN_LD(SUFF, OPC) \
1082 static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val, \
1083 TCGv_i32 a32, int index) \
1085 gen_aa32_ld_i32(s, val, a32, index, OPC | s->be_data); \
1087 static inline void gen_aa32_ld##SUFF##_iss(DisasContext *s, \
1089 TCGv_i32 a32, int index, \
1092 gen_aa32_ld##SUFF(s, val, a32, index); \
1093 disas_set_da_iss(s, OPC, issinfo); \
1096 #define DO_GEN_ST(SUFF, OPC) \
1097 static inline void gen_aa32_st##SUFF(DisasContext *s, TCGv_i32 val, \
1098 TCGv_i32 a32, int index) \
1100 gen_aa32_st_i32(s, val, a32, index, OPC | s->be_data); \
1102 static inline void gen_aa32_st##SUFF##_iss(DisasContext *s, \
1104 TCGv_i32 a32, int index, \
1107 gen_aa32_st##SUFF(s, val, a32, index); \
1108 disas_set_da_iss(s, OPC, issinfo | ISSIsWrite); \
1111 static inline void gen_aa32_frob64(DisasContext *s, TCGv_i64 val)
1113 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1114 if (!IS_USER_ONLY && s->sctlr_b) {
1115 tcg_gen_rotri_i64(val, val, 32);
1119 static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
1120 int index, MemOp opc)
1122 TCGv addr = gen_aa32_addr(s, a32, opc);
1123 tcg_gen_qemu_ld_i64(val, addr, index, opc);
1124 gen_aa32_frob64(s, val);
1125 tcg_temp_free(addr);
1128 static inline void gen_aa32_ld64(DisasContext *s, TCGv_i64 val,
1129 TCGv_i32 a32, int index)
1131 gen_aa32_ld_i64(s, val, a32, index, MO_Q | s->be_data);
1134 static void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
1135 int index, MemOp opc)
1137 TCGv addr = gen_aa32_addr(s, a32, opc);
1139 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1140 if (!IS_USER_ONLY && s->sctlr_b) {
1141 TCGv_i64 tmp = tcg_temp_new_i64();
1142 tcg_gen_rotri_i64(tmp, val, 32);
1143 tcg_gen_qemu_st_i64(tmp, addr, index, opc);
1144 tcg_temp_free_i64(tmp);
1146 tcg_gen_qemu_st_i64(val, addr, index, opc);
1148 tcg_temp_free(addr);
1151 static inline void gen_aa32_st64(DisasContext *s, TCGv_i64 val,
1152 TCGv_i32 a32, int index)
1154 gen_aa32_st_i64(s, val, a32, index, MO_Q | s->be_data);
1157 DO_GEN_LD(8s, MO_SB)
1158 DO_GEN_LD(8u, MO_UB)
1159 DO_GEN_LD(16s, MO_SW)
1160 DO_GEN_LD(16u, MO_UW)
1161 DO_GEN_LD(32u, MO_UL)
1163 DO_GEN_ST(16, MO_UW)
1164 DO_GEN_ST(32, MO_UL)
1166 static inline void gen_hvc(DisasContext *s, int imm16)
1168 /* The pre HVC helper handles cases when HVC gets trapped
1169 * as an undefined insn by runtime configuration (ie before
1170 * the insn really executes).
1172 gen_set_pc_im(s, s->pc_curr);
1173 gen_helper_pre_hvc(cpu_env);
1174 /* Otherwise we will treat this as a real exception which
1175 * happens after execution of the insn. (The distinction matters
1176 * for the PC value reported to the exception handler and also
1177 * for single stepping.)
1180 gen_set_pc_im(s, s->base.pc_next);
1181 s->base.is_jmp = DISAS_HVC;
1184 static inline void gen_smc(DisasContext *s)
1186 /* As with HVC, we may take an exception either before or after
1187 * the insn executes.
1191 gen_set_pc_im(s, s->pc_curr);
1192 tmp = tcg_const_i32(syn_aa32_smc());
1193 gen_helper_pre_smc(cpu_env, tmp);
1194 tcg_temp_free_i32(tmp);
1195 gen_set_pc_im(s, s->base.pc_next);
1196 s->base.is_jmp = DISAS_SMC;
1199 static void gen_exception_internal_insn(DisasContext *s, uint32_t pc, int excp)
1201 gen_set_condexec(s);
1202 gen_set_pc_im(s, pc);
1203 gen_exception_internal(excp);
1204 s->base.is_jmp = DISAS_NORETURN;
1207 static void gen_exception_insn(DisasContext *s, uint32_t pc, int excp,
1208 int syn, uint32_t target_el)
1210 gen_set_condexec(s);
1211 gen_set_pc_im(s, pc);
1212 gen_exception(excp, syn, target_el);
1213 s->base.is_jmp = DISAS_NORETURN;
1216 static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
1220 gen_set_condexec(s);
1221 gen_set_pc_im(s, s->pc_curr);
1222 tcg_syn = tcg_const_i32(syn);
1223 gen_helper_exception_bkpt_insn(cpu_env, tcg_syn);
1224 tcg_temp_free_i32(tcg_syn);
1225 s->base.is_jmp = DISAS_NORETURN;
1228 static void unallocated_encoding(DisasContext *s)
1230 /* Unallocated and reserved encodings are uncategorized */
1231 gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
1232 default_exception_el(s));
1235 /* Force a TB lookup after an instruction that changes the CPU state. */
1236 static inline void gen_lookup_tb(DisasContext *s)
1238 tcg_gen_movi_i32(cpu_R[15], s->base.pc_next);
1239 s->base.is_jmp = DISAS_EXIT;
1242 static inline void gen_hlt(DisasContext *s, int imm)
1244 /* HLT. This has two purposes.
1245 * Architecturally, it is an external halting debug instruction.
1246 * Since QEMU doesn't implement external debug, we treat this as
1247 * it is required for halting debug disabled: it will UNDEF.
1248 * Secondly, "HLT 0x3C" is a T32 semihosting trap instruction,
1249 * and "HLT 0xF000" is an A32 semihosting syscall. These traps
1250 * must trigger semihosting even for ARMv7 and earlier, where
1251 * HLT was an undefined encoding.
1252 * In system mode, we don't allow userspace access to
1253 * semihosting, to provide some semblance of security
1254 * (and for consistency with our 32-bit semihosting).
1256 if (semihosting_enabled() &&
1257 #ifndef CONFIG_USER_ONLY
1258 s->current_el != 0 &&
1260 (imm == (s->thumb ? 0x3c : 0xf000))) {
1261 gen_exception_internal_insn(s, s->base.pc_next, EXCP_SEMIHOST);
1265 unallocated_encoding(s);
1268 static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
1271 int val, rm, shift, shiftop;
1274 if (!(insn & (1 << 25))) {
1277 if (!(insn & (1 << 23)))
1280 tcg_gen_addi_i32(var, var, val);
1282 /* shift/register */
1284 shift = (insn >> 7) & 0x1f;
1285 shiftop = (insn >> 5) & 3;
1286 offset = load_reg(s, rm);
1287 gen_arm_shift_im(offset, shiftop, shift, 0);
1288 if (!(insn & (1 << 23)))
1289 tcg_gen_sub_i32(var, var, offset);
1291 tcg_gen_add_i32(var, var, offset);
1292 tcg_temp_free_i32(offset);
1296 static inline void gen_add_datah_offset(DisasContext *s, unsigned int insn,
1297 int extra, TCGv_i32 var)
1302 if (insn & (1 << 22)) {
1304 val = (insn & 0xf) | ((insn >> 4) & 0xf0);
1305 if (!(insn & (1 << 23)))
1309 tcg_gen_addi_i32(var, var, val);
1313 tcg_gen_addi_i32(var, var, extra);
1315 offset = load_reg(s, rm);
1316 if (!(insn & (1 << 23)))
1317 tcg_gen_sub_i32(var, var, offset);
1319 tcg_gen_add_i32(var, var, offset);
1320 tcg_temp_free_i32(offset);
1324 static TCGv_ptr get_fpstatus_ptr(int neon)
1326 TCGv_ptr statusptr = tcg_temp_new_ptr();
1329 offset = offsetof(CPUARMState, vfp.standard_fp_status);
1331 offset = offsetof(CPUARMState, vfp.fp_status);
1333 tcg_gen_addi_ptr(statusptr, cpu_env, offset);
1337 static inline long vfp_reg_offset(bool dp, unsigned reg)
1340 return offsetof(CPUARMState, vfp.zregs[reg >> 1].d[reg & 1]);
1342 long ofs = offsetof(CPUARMState, vfp.zregs[reg >> 2].d[(reg >> 1) & 1]);
1344 ofs += offsetof(CPU_DoubleU, l.upper);
1346 ofs += offsetof(CPU_DoubleU, l.lower);
1352 /* Return the offset of a 32-bit piece of a NEON register.
1353 zero is the least significant end of the register. */
1355 neon_reg_offset (int reg, int n)
1359 return vfp_reg_offset(0, sreg);
1362 /* Return the offset of a 2**SIZE piece of a NEON register, at index ELE,
1363 * where 0 is the least significant end of the register.
1366 neon_element_offset(int reg, int element, MemOp size)
1368 int element_size = 1 << size;
1369 int ofs = element * element_size;
1370 #ifdef HOST_WORDS_BIGENDIAN
1371 /* Calculate the offset assuming fully little-endian,
1372 * then XOR to account for the order of the 8-byte units.
1374 if (element_size < 8) {
1375 ofs ^= 8 - element_size;
1378 return neon_reg_offset(reg, 0) + ofs;
1381 static TCGv_i32 neon_load_reg(int reg, int pass)
1383 TCGv_i32 tmp = tcg_temp_new_i32();
1384 tcg_gen_ld_i32(tmp, cpu_env, neon_reg_offset(reg, pass));
1388 static void neon_load_element(TCGv_i32 var, int reg, int ele, MemOp mop)
1390 long offset = neon_element_offset(reg, ele, mop & MO_SIZE);
1394 tcg_gen_ld8u_i32(var, cpu_env, offset);
1397 tcg_gen_ld16u_i32(var, cpu_env, offset);
1400 tcg_gen_ld_i32(var, cpu_env, offset);
1403 g_assert_not_reached();
1407 static void neon_load_element64(TCGv_i64 var, int reg, int ele, MemOp mop)
1409 long offset = neon_element_offset(reg, ele, mop & MO_SIZE);
1413 tcg_gen_ld8u_i64(var, cpu_env, offset);
1416 tcg_gen_ld16u_i64(var, cpu_env, offset);
1419 tcg_gen_ld32u_i64(var, cpu_env, offset);
1422 tcg_gen_ld_i64(var, cpu_env, offset);
1425 g_assert_not_reached();
1429 static void neon_store_reg(int reg, int pass, TCGv_i32 var)
1431 tcg_gen_st_i32(var, cpu_env, neon_reg_offset(reg, pass));
1432 tcg_temp_free_i32(var);
1435 static void neon_store_element(int reg, int ele, MemOp size, TCGv_i32 var)
1437 long offset = neon_element_offset(reg, ele, size);
1441 tcg_gen_st8_i32(var, cpu_env, offset);
1444 tcg_gen_st16_i32(var, cpu_env, offset);
1447 tcg_gen_st_i32(var, cpu_env, offset);
1450 g_assert_not_reached();
1454 static void neon_store_element64(int reg, int ele, MemOp size, TCGv_i64 var)
1456 long offset = neon_element_offset(reg, ele, size);
1460 tcg_gen_st8_i64(var, cpu_env, offset);
1463 tcg_gen_st16_i64(var, cpu_env, offset);
1466 tcg_gen_st32_i64(var, cpu_env, offset);
1469 tcg_gen_st_i64(var, cpu_env, offset);
1472 g_assert_not_reached();
1476 static inline void neon_load_reg64(TCGv_i64 var, int reg)
1478 tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(1, reg));
1481 static inline void neon_store_reg64(TCGv_i64 var, int reg)
1483 tcg_gen_st_i64(var, cpu_env, vfp_reg_offset(1, reg));
1486 static inline void neon_load_reg32(TCGv_i32 var, int reg)
1488 tcg_gen_ld_i32(var, cpu_env, vfp_reg_offset(false, reg));
1491 static inline void neon_store_reg32(TCGv_i32 var, int reg)
1493 tcg_gen_st_i32(var, cpu_env, vfp_reg_offset(false, reg));
1496 static TCGv_ptr vfp_reg_ptr(bool dp, int reg)
1498 TCGv_ptr ret = tcg_temp_new_ptr();
1499 tcg_gen_addi_ptr(ret, cpu_env, vfp_reg_offset(dp, reg));
1503 #define ARM_CP_RW_BIT (1 << 20)
1505 /* Include the VFP decoder */
1506 #include "translate-vfp.inc.c"
1508 static inline void iwmmxt_load_reg(TCGv_i64 var, int reg)
1510 tcg_gen_ld_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1513 static inline void iwmmxt_store_reg(TCGv_i64 var, int reg)
1515 tcg_gen_st_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1518 static inline TCGv_i32 iwmmxt_load_creg(int reg)
1520 TCGv_i32 var = tcg_temp_new_i32();
1521 tcg_gen_ld_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1525 static inline void iwmmxt_store_creg(int reg, TCGv_i32 var)
1527 tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1528 tcg_temp_free_i32(var);
1531 static inline void gen_op_iwmmxt_movq_wRn_M0(int rn)
1533 iwmmxt_store_reg(cpu_M0, rn);
1536 static inline void gen_op_iwmmxt_movq_M0_wRn(int rn)
1538 iwmmxt_load_reg(cpu_M0, rn);
1541 static inline void gen_op_iwmmxt_orq_M0_wRn(int rn)
1543 iwmmxt_load_reg(cpu_V1, rn);
1544 tcg_gen_or_i64(cpu_M0, cpu_M0, cpu_V1);
1547 static inline void gen_op_iwmmxt_andq_M0_wRn(int rn)
1549 iwmmxt_load_reg(cpu_V1, rn);
1550 tcg_gen_and_i64(cpu_M0, cpu_M0, cpu_V1);
1553 static inline void gen_op_iwmmxt_xorq_M0_wRn(int rn)
1555 iwmmxt_load_reg(cpu_V1, rn);
1556 tcg_gen_xor_i64(cpu_M0, cpu_M0, cpu_V1);
1559 #define IWMMXT_OP(name) \
1560 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1562 iwmmxt_load_reg(cpu_V1, rn); \
1563 gen_helper_iwmmxt_##name(cpu_M0, cpu_M0, cpu_V1); \
1566 #define IWMMXT_OP_ENV(name) \
1567 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1569 iwmmxt_load_reg(cpu_V1, rn); \
1570 gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0, cpu_V1); \
1573 #define IWMMXT_OP_ENV_SIZE(name) \
1574 IWMMXT_OP_ENV(name##b) \
1575 IWMMXT_OP_ENV(name##w) \
1576 IWMMXT_OP_ENV(name##l)
1578 #define IWMMXT_OP_ENV1(name) \
1579 static inline void gen_op_iwmmxt_##name##_M0(void) \
1581 gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0); \
1595 IWMMXT_OP_ENV_SIZE(unpackl)
1596 IWMMXT_OP_ENV_SIZE(unpackh)
1598 IWMMXT_OP_ENV1(unpacklub)
1599 IWMMXT_OP_ENV1(unpackluw)
1600 IWMMXT_OP_ENV1(unpacklul)
1601 IWMMXT_OP_ENV1(unpackhub)
1602 IWMMXT_OP_ENV1(unpackhuw)
1603 IWMMXT_OP_ENV1(unpackhul)
1604 IWMMXT_OP_ENV1(unpacklsb)
1605 IWMMXT_OP_ENV1(unpacklsw)
1606 IWMMXT_OP_ENV1(unpacklsl)
1607 IWMMXT_OP_ENV1(unpackhsb)
1608 IWMMXT_OP_ENV1(unpackhsw)
1609 IWMMXT_OP_ENV1(unpackhsl)
1611 IWMMXT_OP_ENV_SIZE(cmpeq)
1612 IWMMXT_OP_ENV_SIZE(cmpgtu)
1613 IWMMXT_OP_ENV_SIZE(cmpgts)
1615 IWMMXT_OP_ENV_SIZE(mins)
1616 IWMMXT_OP_ENV_SIZE(minu)
1617 IWMMXT_OP_ENV_SIZE(maxs)
1618 IWMMXT_OP_ENV_SIZE(maxu)
1620 IWMMXT_OP_ENV_SIZE(subn)
1621 IWMMXT_OP_ENV_SIZE(addn)
1622 IWMMXT_OP_ENV_SIZE(subu)
1623 IWMMXT_OP_ENV_SIZE(addu)
1624 IWMMXT_OP_ENV_SIZE(subs)
1625 IWMMXT_OP_ENV_SIZE(adds)
1627 IWMMXT_OP_ENV(avgb0)
1628 IWMMXT_OP_ENV(avgb1)
1629 IWMMXT_OP_ENV(avgw0)
1630 IWMMXT_OP_ENV(avgw1)
1632 IWMMXT_OP_ENV(packuw)
1633 IWMMXT_OP_ENV(packul)
1634 IWMMXT_OP_ENV(packuq)
1635 IWMMXT_OP_ENV(packsw)
1636 IWMMXT_OP_ENV(packsl)
1637 IWMMXT_OP_ENV(packsq)
1639 static void gen_op_iwmmxt_set_mup(void)
1642 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1643 tcg_gen_ori_i32(tmp, tmp, 2);
1644 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1647 static void gen_op_iwmmxt_set_cup(void)
1650 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1651 tcg_gen_ori_i32(tmp, tmp, 1);
1652 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1655 static void gen_op_iwmmxt_setpsr_nz(void)
1657 TCGv_i32 tmp = tcg_temp_new_i32();
1658 gen_helper_iwmmxt_setpsr_nz(tmp, cpu_M0);
1659 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCASF]);
1662 static inline void gen_op_iwmmxt_addl_M0_wRn(int rn)
1664 iwmmxt_load_reg(cpu_V1, rn);
1665 tcg_gen_ext32u_i64(cpu_V1, cpu_V1);
1666 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
1669 static inline int gen_iwmmxt_address(DisasContext *s, uint32_t insn,
1676 rd = (insn >> 16) & 0xf;
1677 tmp = load_reg(s, rd);
1679 offset = (insn & 0xff) << ((insn >> 7) & 2);
1680 if (insn & (1 << 24)) {
1682 if (insn & (1 << 23))
1683 tcg_gen_addi_i32(tmp, tmp, offset);
1685 tcg_gen_addi_i32(tmp, tmp, -offset);
1686 tcg_gen_mov_i32(dest, tmp);
1687 if (insn & (1 << 21))
1688 store_reg(s, rd, tmp);
1690 tcg_temp_free_i32(tmp);
1691 } else if (insn & (1 << 21)) {
1693 tcg_gen_mov_i32(dest, tmp);
1694 if (insn & (1 << 23))
1695 tcg_gen_addi_i32(tmp, tmp, offset);
1697 tcg_gen_addi_i32(tmp, tmp, -offset);
1698 store_reg(s, rd, tmp);
1699 } else if (!(insn & (1 << 23)))
1704 static inline int gen_iwmmxt_shift(uint32_t insn, uint32_t mask, TCGv_i32 dest)
1706 int rd = (insn >> 0) & 0xf;
1709 if (insn & (1 << 8)) {
1710 if (rd < ARM_IWMMXT_wCGR0 || rd > ARM_IWMMXT_wCGR3) {
1713 tmp = iwmmxt_load_creg(rd);
1716 tmp = tcg_temp_new_i32();
1717 iwmmxt_load_reg(cpu_V0, rd);
1718 tcg_gen_extrl_i64_i32(tmp, cpu_V0);
1720 tcg_gen_andi_i32(tmp, tmp, mask);
1721 tcg_gen_mov_i32(dest, tmp);
1722 tcg_temp_free_i32(tmp);
1726 /* Disassemble an iwMMXt instruction. Returns nonzero if an error occurred
1727 (ie. an undefined instruction). */
1728 static int disas_iwmmxt_insn(DisasContext *s, uint32_t insn)
1731 int rdhi, rdlo, rd0, rd1, i;
1733 TCGv_i32 tmp, tmp2, tmp3;
1735 if ((insn & 0x0e000e00) == 0x0c000000) {
1736 if ((insn & 0x0fe00ff0) == 0x0c400000) {
1738 rdlo = (insn >> 12) & 0xf;
1739 rdhi = (insn >> 16) & 0xf;
1740 if (insn & ARM_CP_RW_BIT) { /* TMRRC */
1741 iwmmxt_load_reg(cpu_V0, wrd);
1742 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
1743 tcg_gen_extrh_i64_i32(cpu_R[rdhi], cpu_V0);
1744 } else { /* TMCRR */
1745 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
1746 iwmmxt_store_reg(cpu_V0, wrd);
1747 gen_op_iwmmxt_set_mup();
1752 wrd = (insn >> 12) & 0xf;
1753 addr = tcg_temp_new_i32();
1754 if (gen_iwmmxt_address(s, insn, addr)) {
1755 tcg_temp_free_i32(addr);
1758 if (insn & ARM_CP_RW_BIT) {
1759 if ((insn >> 28) == 0xf) { /* WLDRW wCx */
1760 tmp = tcg_temp_new_i32();
1761 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1762 iwmmxt_store_creg(wrd, tmp);
1765 if (insn & (1 << 8)) {
1766 if (insn & (1 << 22)) { /* WLDRD */
1767 gen_aa32_ld64(s, cpu_M0, addr, get_mem_index(s));
1769 } else { /* WLDRW wRd */
1770 tmp = tcg_temp_new_i32();
1771 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1774 tmp = tcg_temp_new_i32();
1775 if (insn & (1 << 22)) { /* WLDRH */
1776 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
1777 } else { /* WLDRB */
1778 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
1782 tcg_gen_extu_i32_i64(cpu_M0, tmp);
1783 tcg_temp_free_i32(tmp);
1785 gen_op_iwmmxt_movq_wRn_M0(wrd);
1788 if ((insn >> 28) == 0xf) { /* WSTRW wCx */
1789 tmp = iwmmxt_load_creg(wrd);
1790 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1792 gen_op_iwmmxt_movq_M0_wRn(wrd);
1793 tmp = tcg_temp_new_i32();
1794 if (insn & (1 << 8)) {
1795 if (insn & (1 << 22)) { /* WSTRD */
1796 gen_aa32_st64(s, cpu_M0, addr, get_mem_index(s));
1797 } else { /* WSTRW wRd */
1798 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1799 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1802 if (insn & (1 << 22)) { /* WSTRH */
1803 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1804 gen_aa32_st16(s, tmp, addr, get_mem_index(s));
1805 } else { /* WSTRB */
1806 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1807 gen_aa32_st8(s, tmp, addr, get_mem_index(s));
1811 tcg_temp_free_i32(tmp);
1813 tcg_temp_free_i32(addr);
1817 if ((insn & 0x0f000000) != 0x0e000000)
1820 switch (((insn >> 12) & 0xf00) | ((insn >> 4) & 0xff)) {
1821 case 0x000: /* WOR */
1822 wrd = (insn >> 12) & 0xf;
1823 rd0 = (insn >> 0) & 0xf;
1824 rd1 = (insn >> 16) & 0xf;
1825 gen_op_iwmmxt_movq_M0_wRn(rd0);
1826 gen_op_iwmmxt_orq_M0_wRn(rd1);
1827 gen_op_iwmmxt_setpsr_nz();
1828 gen_op_iwmmxt_movq_wRn_M0(wrd);
1829 gen_op_iwmmxt_set_mup();
1830 gen_op_iwmmxt_set_cup();
1832 case 0x011: /* TMCR */
1835 rd = (insn >> 12) & 0xf;
1836 wrd = (insn >> 16) & 0xf;
1838 case ARM_IWMMXT_wCID:
1839 case ARM_IWMMXT_wCASF:
1841 case ARM_IWMMXT_wCon:
1842 gen_op_iwmmxt_set_cup();
1844 case ARM_IWMMXT_wCSSF:
1845 tmp = iwmmxt_load_creg(wrd);
1846 tmp2 = load_reg(s, rd);
1847 tcg_gen_andc_i32(tmp, tmp, tmp2);
1848 tcg_temp_free_i32(tmp2);
1849 iwmmxt_store_creg(wrd, tmp);
1851 case ARM_IWMMXT_wCGR0:
1852 case ARM_IWMMXT_wCGR1:
1853 case ARM_IWMMXT_wCGR2:
1854 case ARM_IWMMXT_wCGR3:
1855 gen_op_iwmmxt_set_cup();
1856 tmp = load_reg(s, rd);
1857 iwmmxt_store_creg(wrd, tmp);
1863 case 0x100: /* WXOR */
1864 wrd = (insn >> 12) & 0xf;
1865 rd0 = (insn >> 0) & 0xf;
1866 rd1 = (insn >> 16) & 0xf;
1867 gen_op_iwmmxt_movq_M0_wRn(rd0);
1868 gen_op_iwmmxt_xorq_M0_wRn(rd1);
1869 gen_op_iwmmxt_setpsr_nz();
1870 gen_op_iwmmxt_movq_wRn_M0(wrd);
1871 gen_op_iwmmxt_set_mup();
1872 gen_op_iwmmxt_set_cup();
1874 case 0x111: /* TMRC */
1877 rd = (insn >> 12) & 0xf;
1878 wrd = (insn >> 16) & 0xf;
1879 tmp = iwmmxt_load_creg(wrd);
1880 store_reg(s, rd, tmp);
1882 case 0x300: /* WANDN */
1883 wrd = (insn >> 12) & 0xf;
1884 rd0 = (insn >> 0) & 0xf;
1885 rd1 = (insn >> 16) & 0xf;
1886 gen_op_iwmmxt_movq_M0_wRn(rd0);
1887 tcg_gen_neg_i64(cpu_M0, cpu_M0);
1888 gen_op_iwmmxt_andq_M0_wRn(rd1);
1889 gen_op_iwmmxt_setpsr_nz();
1890 gen_op_iwmmxt_movq_wRn_M0(wrd);
1891 gen_op_iwmmxt_set_mup();
1892 gen_op_iwmmxt_set_cup();
1894 case 0x200: /* WAND */
1895 wrd = (insn >> 12) & 0xf;
1896 rd0 = (insn >> 0) & 0xf;
1897 rd1 = (insn >> 16) & 0xf;
1898 gen_op_iwmmxt_movq_M0_wRn(rd0);
1899 gen_op_iwmmxt_andq_M0_wRn(rd1);
1900 gen_op_iwmmxt_setpsr_nz();
1901 gen_op_iwmmxt_movq_wRn_M0(wrd);
1902 gen_op_iwmmxt_set_mup();
1903 gen_op_iwmmxt_set_cup();
1905 case 0x810: case 0xa10: /* WMADD */
1906 wrd = (insn >> 12) & 0xf;
1907 rd0 = (insn >> 0) & 0xf;
1908 rd1 = (insn >> 16) & 0xf;
1909 gen_op_iwmmxt_movq_M0_wRn(rd0);
1910 if (insn & (1 << 21))
1911 gen_op_iwmmxt_maddsq_M0_wRn(rd1);
1913 gen_op_iwmmxt_madduq_M0_wRn(rd1);
1914 gen_op_iwmmxt_movq_wRn_M0(wrd);
1915 gen_op_iwmmxt_set_mup();
1917 case 0x10e: case 0x50e: case 0x90e: case 0xd0e: /* WUNPCKIL */
1918 wrd = (insn >> 12) & 0xf;
1919 rd0 = (insn >> 16) & 0xf;
1920 rd1 = (insn >> 0) & 0xf;
1921 gen_op_iwmmxt_movq_M0_wRn(rd0);
1922 switch ((insn >> 22) & 3) {
1924 gen_op_iwmmxt_unpacklb_M0_wRn(rd1);
1927 gen_op_iwmmxt_unpacklw_M0_wRn(rd1);
1930 gen_op_iwmmxt_unpackll_M0_wRn(rd1);
1935 gen_op_iwmmxt_movq_wRn_M0(wrd);
1936 gen_op_iwmmxt_set_mup();
1937 gen_op_iwmmxt_set_cup();
1939 case 0x10c: case 0x50c: case 0x90c: case 0xd0c: /* WUNPCKIH */
1940 wrd = (insn >> 12) & 0xf;
1941 rd0 = (insn >> 16) & 0xf;
1942 rd1 = (insn >> 0) & 0xf;
1943 gen_op_iwmmxt_movq_M0_wRn(rd0);
1944 switch ((insn >> 22) & 3) {
1946 gen_op_iwmmxt_unpackhb_M0_wRn(rd1);
1949 gen_op_iwmmxt_unpackhw_M0_wRn(rd1);
1952 gen_op_iwmmxt_unpackhl_M0_wRn(rd1);
1957 gen_op_iwmmxt_movq_wRn_M0(wrd);
1958 gen_op_iwmmxt_set_mup();
1959 gen_op_iwmmxt_set_cup();
1961 case 0x012: case 0x112: case 0x412: case 0x512: /* WSAD */
1962 wrd = (insn >> 12) & 0xf;
1963 rd0 = (insn >> 16) & 0xf;
1964 rd1 = (insn >> 0) & 0xf;
1965 gen_op_iwmmxt_movq_M0_wRn(rd0);
1966 if (insn & (1 << 22))
1967 gen_op_iwmmxt_sadw_M0_wRn(rd1);
1969 gen_op_iwmmxt_sadb_M0_wRn(rd1);
1970 if (!(insn & (1 << 20)))
1971 gen_op_iwmmxt_addl_M0_wRn(wrd);
1972 gen_op_iwmmxt_movq_wRn_M0(wrd);
1973 gen_op_iwmmxt_set_mup();
1975 case 0x010: case 0x110: case 0x210: case 0x310: /* WMUL */
1976 wrd = (insn >> 12) & 0xf;
1977 rd0 = (insn >> 16) & 0xf;
1978 rd1 = (insn >> 0) & 0xf;
1979 gen_op_iwmmxt_movq_M0_wRn(rd0);
1980 if (insn & (1 << 21)) {
1981 if (insn & (1 << 20))
1982 gen_op_iwmmxt_mulshw_M0_wRn(rd1);
1984 gen_op_iwmmxt_mulslw_M0_wRn(rd1);
1986 if (insn & (1 << 20))
1987 gen_op_iwmmxt_muluhw_M0_wRn(rd1);
1989 gen_op_iwmmxt_mululw_M0_wRn(rd1);
1991 gen_op_iwmmxt_movq_wRn_M0(wrd);
1992 gen_op_iwmmxt_set_mup();
1994 case 0x410: case 0x510: case 0x610: case 0x710: /* WMAC */
1995 wrd = (insn >> 12) & 0xf;
1996 rd0 = (insn >> 16) & 0xf;
1997 rd1 = (insn >> 0) & 0xf;
1998 gen_op_iwmmxt_movq_M0_wRn(rd0);
1999 if (insn & (1 << 21))
2000 gen_op_iwmmxt_macsw_M0_wRn(rd1);
2002 gen_op_iwmmxt_macuw_M0_wRn(rd1);
2003 if (!(insn & (1 << 20))) {
2004 iwmmxt_load_reg(cpu_V1, wrd);
2005 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
2007 gen_op_iwmmxt_movq_wRn_M0(wrd);
2008 gen_op_iwmmxt_set_mup();
2010 case 0x006: case 0x406: case 0x806: case 0xc06: /* WCMPEQ */
2011 wrd = (insn >> 12) & 0xf;
2012 rd0 = (insn >> 16) & 0xf;
2013 rd1 = (insn >> 0) & 0xf;
2014 gen_op_iwmmxt_movq_M0_wRn(rd0);
2015 switch ((insn >> 22) & 3) {
2017 gen_op_iwmmxt_cmpeqb_M0_wRn(rd1);
2020 gen_op_iwmmxt_cmpeqw_M0_wRn(rd1);
2023 gen_op_iwmmxt_cmpeql_M0_wRn(rd1);
2028 gen_op_iwmmxt_movq_wRn_M0(wrd);
2029 gen_op_iwmmxt_set_mup();
2030 gen_op_iwmmxt_set_cup();
2032 case 0x800: case 0x900: case 0xc00: case 0xd00: /* WAVG2 */
2033 wrd = (insn >> 12) & 0xf;
2034 rd0 = (insn >> 16) & 0xf;
2035 rd1 = (insn >> 0) & 0xf;
2036 gen_op_iwmmxt_movq_M0_wRn(rd0);
2037 if (insn & (1 << 22)) {
2038 if (insn & (1 << 20))
2039 gen_op_iwmmxt_avgw1_M0_wRn(rd1);
2041 gen_op_iwmmxt_avgw0_M0_wRn(rd1);
2043 if (insn & (1 << 20))
2044 gen_op_iwmmxt_avgb1_M0_wRn(rd1);
2046 gen_op_iwmmxt_avgb0_M0_wRn(rd1);
2048 gen_op_iwmmxt_movq_wRn_M0(wrd);
2049 gen_op_iwmmxt_set_mup();
2050 gen_op_iwmmxt_set_cup();
2052 case 0x802: case 0x902: case 0xa02: case 0xb02: /* WALIGNR */
2053 wrd = (insn >> 12) & 0xf;
2054 rd0 = (insn >> 16) & 0xf;
2055 rd1 = (insn >> 0) & 0xf;
2056 gen_op_iwmmxt_movq_M0_wRn(rd0);
2057 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCGR0 + ((insn >> 20) & 3));
2058 tcg_gen_andi_i32(tmp, tmp, 7);
2059 iwmmxt_load_reg(cpu_V1, rd1);
2060 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2061 tcg_temp_free_i32(tmp);
2062 gen_op_iwmmxt_movq_wRn_M0(wrd);
2063 gen_op_iwmmxt_set_mup();
2065 case 0x601: case 0x605: case 0x609: case 0x60d: /* TINSR */
2066 if (((insn >> 6) & 3) == 3)
2068 rd = (insn >> 12) & 0xf;
2069 wrd = (insn >> 16) & 0xf;
2070 tmp = load_reg(s, rd);
2071 gen_op_iwmmxt_movq_M0_wRn(wrd);
2072 switch ((insn >> 6) & 3) {
2074 tmp2 = tcg_const_i32(0xff);
2075 tmp3 = tcg_const_i32((insn & 7) << 3);
2078 tmp2 = tcg_const_i32(0xffff);
2079 tmp3 = tcg_const_i32((insn & 3) << 4);
2082 tmp2 = tcg_const_i32(0xffffffff);
2083 tmp3 = tcg_const_i32((insn & 1) << 5);
2089 gen_helper_iwmmxt_insr(cpu_M0, cpu_M0, tmp, tmp2, tmp3);
2090 tcg_temp_free_i32(tmp3);
2091 tcg_temp_free_i32(tmp2);
2092 tcg_temp_free_i32(tmp);
2093 gen_op_iwmmxt_movq_wRn_M0(wrd);
2094 gen_op_iwmmxt_set_mup();
2096 case 0x107: case 0x507: case 0x907: case 0xd07: /* TEXTRM */
2097 rd = (insn >> 12) & 0xf;
2098 wrd = (insn >> 16) & 0xf;
2099 if (rd == 15 || ((insn >> 22) & 3) == 3)
2101 gen_op_iwmmxt_movq_M0_wRn(wrd);
2102 tmp = tcg_temp_new_i32();
2103 switch ((insn >> 22) & 3) {
2105 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 7) << 3);
2106 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2108 tcg_gen_ext8s_i32(tmp, tmp);
2110 tcg_gen_andi_i32(tmp, tmp, 0xff);
2114 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 3) << 4);
2115 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2117 tcg_gen_ext16s_i32(tmp, tmp);
2119 tcg_gen_andi_i32(tmp, tmp, 0xffff);
2123 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 1) << 5);
2124 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2127 store_reg(s, rd, tmp);
2129 case 0x117: case 0x517: case 0x917: case 0xd17: /* TEXTRC */
2130 if ((insn & 0x000ff008) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2132 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2133 switch ((insn >> 22) & 3) {
2135 tcg_gen_shri_i32(tmp, tmp, ((insn & 7) << 2) + 0);
2138 tcg_gen_shri_i32(tmp, tmp, ((insn & 3) << 3) + 4);
2141 tcg_gen_shri_i32(tmp, tmp, ((insn & 1) << 4) + 12);
2144 tcg_gen_shli_i32(tmp, tmp, 28);
2146 tcg_temp_free_i32(tmp);
2148 case 0x401: case 0x405: case 0x409: case 0x40d: /* TBCST */
2149 if (((insn >> 6) & 3) == 3)
2151 rd = (insn >> 12) & 0xf;
2152 wrd = (insn >> 16) & 0xf;
2153 tmp = load_reg(s, rd);
2154 switch ((insn >> 6) & 3) {
2156 gen_helper_iwmmxt_bcstb(cpu_M0, tmp);
2159 gen_helper_iwmmxt_bcstw(cpu_M0, tmp);
2162 gen_helper_iwmmxt_bcstl(cpu_M0, tmp);
2165 tcg_temp_free_i32(tmp);
2166 gen_op_iwmmxt_movq_wRn_M0(wrd);
2167 gen_op_iwmmxt_set_mup();
2169 case 0x113: case 0x513: case 0x913: case 0xd13: /* TANDC */
2170 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2172 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2173 tmp2 = tcg_temp_new_i32();
2174 tcg_gen_mov_i32(tmp2, tmp);
2175 switch ((insn >> 22) & 3) {
2177 for (i = 0; i < 7; i ++) {
2178 tcg_gen_shli_i32(tmp2, tmp2, 4);
2179 tcg_gen_and_i32(tmp, tmp, tmp2);
2183 for (i = 0; i < 3; i ++) {
2184 tcg_gen_shli_i32(tmp2, tmp2, 8);
2185 tcg_gen_and_i32(tmp, tmp, tmp2);
2189 tcg_gen_shli_i32(tmp2, tmp2, 16);
2190 tcg_gen_and_i32(tmp, tmp, tmp2);
2194 tcg_temp_free_i32(tmp2);
2195 tcg_temp_free_i32(tmp);
2197 case 0x01c: case 0x41c: case 0x81c: case 0xc1c: /* WACC */
2198 wrd = (insn >> 12) & 0xf;
2199 rd0 = (insn >> 16) & 0xf;
2200 gen_op_iwmmxt_movq_M0_wRn(rd0);
2201 switch ((insn >> 22) & 3) {
2203 gen_helper_iwmmxt_addcb(cpu_M0, cpu_M0);
2206 gen_helper_iwmmxt_addcw(cpu_M0, cpu_M0);
2209 gen_helper_iwmmxt_addcl(cpu_M0, cpu_M0);
2214 gen_op_iwmmxt_movq_wRn_M0(wrd);
2215 gen_op_iwmmxt_set_mup();
2217 case 0x115: case 0x515: case 0x915: case 0xd15: /* TORC */
2218 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2220 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2221 tmp2 = tcg_temp_new_i32();
2222 tcg_gen_mov_i32(tmp2, tmp);
2223 switch ((insn >> 22) & 3) {
2225 for (i = 0; i < 7; i ++) {
2226 tcg_gen_shli_i32(tmp2, tmp2, 4);
2227 tcg_gen_or_i32(tmp, tmp, tmp2);
2231 for (i = 0; i < 3; i ++) {
2232 tcg_gen_shli_i32(tmp2, tmp2, 8);
2233 tcg_gen_or_i32(tmp, tmp, tmp2);
2237 tcg_gen_shli_i32(tmp2, tmp2, 16);
2238 tcg_gen_or_i32(tmp, tmp, tmp2);
2242 tcg_temp_free_i32(tmp2);
2243 tcg_temp_free_i32(tmp);
2245 case 0x103: case 0x503: case 0x903: case 0xd03: /* TMOVMSK */
2246 rd = (insn >> 12) & 0xf;
2247 rd0 = (insn >> 16) & 0xf;
2248 if ((insn & 0xf) != 0 || ((insn >> 22) & 3) == 3)
2250 gen_op_iwmmxt_movq_M0_wRn(rd0);
2251 tmp = tcg_temp_new_i32();
2252 switch ((insn >> 22) & 3) {
2254 gen_helper_iwmmxt_msbb(tmp, cpu_M0);
2257 gen_helper_iwmmxt_msbw(tmp, cpu_M0);
2260 gen_helper_iwmmxt_msbl(tmp, cpu_M0);
2263 store_reg(s, rd, tmp);
2265 case 0x106: case 0x306: case 0x506: case 0x706: /* WCMPGT */
2266 case 0x906: case 0xb06: case 0xd06: case 0xf06:
2267 wrd = (insn >> 12) & 0xf;
2268 rd0 = (insn >> 16) & 0xf;
2269 rd1 = (insn >> 0) & 0xf;
2270 gen_op_iwmmxt_movq_M0_wRn(rd0);
2271 switch ((insn >> 22) & 3) {
2273 if (insn & (1 << 21))
2274 gen_op_iwmmxt_cmpgtsb_M0_wRn(rd1);
2276 gen_op_iwmmxt_cmpgtub_M0_wRn(rd1);
2279 if (insn & (1 << 21))
2280 gen_op_iwmmxt_cmpgtsw_M0_wRn(rd1);
2282 gen_op_iwmmxt_cmpgtuw_M0_wRn(rd1);
2285 if (insn & (1 << 21))
2286 gen_op_iwmmxt_cmpgtsl_M0_wRn(rd1);
2288 gen_op_iwmmxt_cmpgtul_M0_wRn(rd1);
2293 gen_op_iwmmxt_movq_wRn_M0(wrd);
2294 gen_op_iwmmxt_set_mup();
2295 gen_op_iwmmxt_set_cup();
2297 case 0x00e: case 0x20e: case 0x40e: case 0x60e: /* WUNPCKEL */
2298 case 0x80e: case 0xa0e: case 0xc0e: case 0xe0e:
2299 wrd = (insn >> 12) & 0xf;
2300 rd0 = (insn >> 16) & 0xf;
2301 gen_op_iwmmxt_movq_M0_wRn(rd0);
2302 switch ((insn >> 22) & 3) {
2304 if (insn & (1 << 21))
2305 gen_op_iwmmxt_unpacklsb_M0();
2307 gen_op_iwmmxt_unpacklub_M0();
2310 if (insn & (1 << 21))
2311 gen_op_iwmmxt_unpacklsw_M0();
2313 gen_op_iwmmxt_unpackluw_M0();
2316 if (insn & (1 << 21))
2317 gen_op_iwmmxt_unpacklsl_M0();
2319 gen_op_iwmmxt_unpacklul_M0();
2324 gen_op_iwmmxt_movq_wRn_M0(wrd);
2325 gen_op_iwmmxt_set_mup();
2326 gen_op_iwmmxt_set_cup();
2328 case 0x00c: case 0x20c: case 0x40c: case 0x60c: /* WUNPCKEH */
2329 case 0x80c: case 0xa0c: case 0xc0c: case 0xe0c:
2330 wrd = (insn >> 12) & 0xf;
2331 rd0 = (insn >> 16) & 0xf;
2332 gen_op_iwmmxt_movq_M0_wRn(rd0);
2333 switch ((insn >> 22) & 3) {
2335 if (insn & (1 << 21))
2336 gen_op_iwmmxt_unpackhsb_M0();
2338 gen_op_iwmmxt_unpackhub_M0();
2341 if (insn & (1 << 21))
2342 gen_op_iwmmxt_unpackhsw_M0();
2344 gen_op_iwmmxt_unpackhuw_M0();
2347 if (insn & (1 << 21))
2348 gen_op_iwmmxt_unpackhsl_M0();
2350 gen_op_iwmmxt_unpackhul_M0();
2355 gen_op_iwmmxt_movq_wRn_M0(wrd);
2356 gen_op_iwmmxt_set_mup();
2357 gen_op_iwmmxt_set_cup();
2359 case 0x204: case 0x604: case 0xa04: case 0xe04: /* WSRL */
2360 case 0x214: case 0x614: case 0xa14: case 0xe14:
2361 if (((insn >> 22) & 3) == 0)
2363 wrd = (insn >> 12) & 0xf;
2364 rd0 = (insn >> 16) & 0xf;
2365 gen_op_iwmmxt_movq_M0_wRn(rd0);
2366 tmp = tcg_temp_new_i32();
2367 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2368 tcg_temp_free_i32(tmp);
2371 switch ((insn >> 22) & 3) {
2373 gen_helper_iwmmxt_srlw(cpu_M0, cpu_env, cpu_M0, tmp);
2376 gen_helper_iwmmxt_srll(cpu_M0, cpu_env, cpu_M0, tmp);
2379 gen_helper_iwmmxt_srlq(cpu_M0, cpu_env, cpu_M0, tmp);
2382 tcg_temp_free_i32(tmp);
2383 gen_op_iwmmxt_movq_wRn_M0(wrd);
2384 gen_op_iwmmxt_set_mup();
2385 gen_op_iwmmxt_set_cup();
2387 case 0x004: case 0x404: case 0x804: case 0xc04: /* WSRA */
2388 case 0x014: case 0x414: case 0x814: case 0xc14:
2389 if (((insn >> 22) & 3) == 0)
2391 wrd = (insn >> 12) & 0xf;
2392 rd0 = (insn >> 16) & 0xf;
2393 gen_op_iwmmxt_movq_M0_wRn(rd0);
2394 tmp = tcg_temp_new_i32();
2395 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2396 tcg_temp_free_i32(tmp);
2399 switch ((insn >> 22) & 3) {
2401 gen_helper_iwmmxt_sraw(cpu_M0, cpu_env, cpu_M0, tmp);
2404 gen_helper_iwmmxt_sral(cpu_M0, cpu_env, cpu_M0, tmp);
2407 gen_helper_iwmmxt_sraq(cpu_M0, cpu_env, cpu_M0, tmp);
2410 tcg_temp_free_i32(tmp);
2411 gen_op_iwmmxt_movq_wRn_M0(wrd);
2412 gen_op_iwmmxt_set_mup();
2413 gen_op_iwmmxt_set_cup();
2415 case 0x104: case 0x504: case 0x904: case 0xd04: /* WSLL */
2416 case 0x114: case 0x514: case 0x914: case 0xd14:
2417 if (((insn >> 22) & 3) == 0)
2419 wrd = (insn >> 12) & 0xf;
2420 rd0 = (insn >> 16) & 0xf;
2421 gen_op_iwmmxt_movq_M0_wRn(rd0);
2422 tmp = tcg_temp_new_i32();
2423 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2424 tcg_temp_free_i32(tmp);
2427 switch ((insn >> 22) & 3) {
2429 gen_helper_iwmmxt_sllw(cpu_M0, cpu_env, cpu_M0, tmp);
2432 gen_helper_iwmmxt_slll(cpu_M0, cpu_env, cpu_M0, tmp);
2435 gen_helper_iwmmxt_sllq(cpu_M0, cpu_env, cpu_M0, tmp);
2438 tcg_temp_free_i32(tmp);
2439 gen_op_iwmmxt_movq_wRn_M0(wrd);
2440 gen_op_iwmmxt_set_mup();
2441 gen_op_iwmmxt_set_cup();
2443 case 0x304: case 0x704: case 0xb04: case 0xf04: /* WROR */
2444 case 0x314: case 0x714: case 0xb14: case 0xf14:
2445 if (((insn >> 22) & 3) == 0)
2447 wrd = (insn >> 12) & 0xf;
2448 rd0 = (insn >> 16) & 0xf;
2449 gen_op_iwmmxt_movq_M0_wRn(rd0);
2450 tmp = tcg_temp_new_i32();
2451 switch ((insn >> 22) & 3) {
2453 if (gen_iwmmxt_shift(insn, 0xf, tmp)) {
2454 tcg_temp_free_i32(tmp);
2457 gen_helper_iwmmxt_rorw(cpu_M0, cpu_env, cpu_M0, tmp);
2460 if (gen_iwmmxt_shift(insn, 0x1f, tmp)) {
2461 tcg_temp_free_i32(tmp);
2464 gen_helper_iwmmxt_rorl(cpu_M0, cpu_env, cpu_M0, tmp);
2467 if (gen_iwmmxt_shift(insn, 0x3f, tmp)) {
2468 tcg_temp_free_i32(tmp);
2471 gen_helper_iwmmxt_rorq(cpu_M0, cpu_env, cpu_M0, tmp);
2474 tcg_temp_free_i32(tmp);
2475 gen_op_iwmmxt_movq_wRn_M0(wrd);
2476 gen_op_iwmmxt_set_mup();
2477 gen_op_iwmmxt_set_cup();
2479 case 0x116: case 0x316: case 0x516: case 0x716: /* WMIN */
2480 case 0x916: case 0xb16: case 0xd16: case 0xf16:
2481 wrd = (insn >> 12) & 0xf;
2482 rd0 = (insn >> 16) & 0xf;
2483 rd1 = (insn >> 0) & 0xf;
2484 gen_op_iwmmxt_movq_M0_wRn(rd0);
2485 switch ((insn >> 22) & 3) {
2487 if (insn & (1 << 21))
2488 gen_op_iwmmxt_minsb_M0_wRn(rd1);
2490 gen_op_iwmmxt_minub_M0_wRn(rd1);
2493 if (insn & (1 << 21))
2494 gen_op_iwmmxt_minsw_M0_wRn(rd1);
2496 gen_op_iwmmxt_minuw_M0_wRn(rd1);
2499 if (insn & (1 << 21))
2500 gen_op_iwmmxt_minsl_M0_wRn(rd1);
2502 gen_op_iwmmxt_minul_M0_wRn(rd1);
2507 gen_op_iwmmxt_movq_wRn_M0(wrd);
2508 gen_op_iwmmxt_set_mup();
2510 case 0x016: case 0x216: case 0x416: case 0x616: /* WMAX */
2511 case 0x816: case 0xa16: case 0xc16: case 0xe16:
2512 wrd = (insn >> 12) & 0xf;
2513 rd0 = (insn >> 16) & 0xf;
2514 rd1 = (insn >> 0) & 0xf;
2515 gen_op_iwmmxt_movq_M0_wRn(rd0);
2516 switch ((insn >> 22) & 3) {
2518 if (insn & (1 << 21))
2519 gen_op_iwmmxt_maxsb_M0_wRn(rd1);
2521 gen_op_iwmmxt_maxub_M0_wRn(rd1);
2524 if (insn & (1 << 21))
2525 gen_op_iwmmxt_maxsw_M0_wRn(rd1);
2527 gen_op_iwmmxt_maxuw_M0_wRn(rd1);
2530 if (insn & (1 << 21))
2531 gen_op_iwmmxt_maxsl_M0_wRn(rd1);
2533 gen_op_iwmmxt_maxul_M0_wRn(rd1);
2538 gen_op_iwmmxt_movq_wRn_M0(wrd);
2539 gen_op_iwmmxt_set_mup();
2541 case 0x002: case 0x102: case 0x202: case 0x302: /* WALIGNI */
2542 case 0x402: case 0x502: case 0x602: case 0x702:
2543 wrd = (insn >> 12) & 0xf;
2544 rd0 = (insn >> 16) & 0xf;
2545 rd1 = (insn >> 0) & 0xf;
2546 gen_op_iwmmxt_movq_M0_wRn(rd0);
2547 tmp = tcg_const_i32((insn >> 20) & 3);
2548 iwmmxt_load_reg(cpu_V1, rd1);
2549 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2550 tcg_temp_free_i32(tmp);
2551 gen_op_iwmmxt_movq_wRn_M0(wrd);
2552 gen_op_iwmmxt_set_mup();
2554 case 0x01a: case 0x11a: case 0x21a: case 0x31a: /* WSUB */
2555 case 0x41a: case 0x51a: case 0x61a: case 0x71a:
2556 case 0x81a: case 0x91a: case 0xa1a: case 0xb1a:
2557 case 0xc1a: case 0xd1a: case 0xe1a: case 0xf1a:
2558 wrd = (insn >> 12) & 0xf;
2559 rd0 = (insn >> 16) & 0xf;
2560 rd1 = (insn >> 0) & 0xf;
2561 gen_op_iwmmxt_movq_M0_wRn(rd0);
2562 switch ((insn >> 20) & 0xf) {
2564 gen_op_iwmmxt_subnb_M0_wRn(rd1);
2567 gen_op_iwmmxt_subub_M0_wRn(rd1);
2570 gen_op_iwmmxt_subsb_M0_wRn(rd1);
2573 gen_op_iwmmxt_subnw_M0_wRn(rd1);
2576 gen_op_iwmmxt_subuw_M0_wRn(rd1);
2579 gen_op_iwmmxt_subsw_M0_wRn(rd1);
2582 gen_op_iwmmxt_subnl_M0_wRn(rd1);
2585 gen_op_iwmmxt_subul_M0_wRn(rd1);
2588 gen_op_iwmmxt_subsl_M0_wRn(rd1);
2593 gen_op_iwmmxt_movq_wRn_M0(wrd);
2594 gen_op_iwmmxt_set_mup();
2595 gen_op_iwmmxt_set_cup();
2597 case 0x01e: case 0x11e: case 0x21e: case 0x31e: /* WSHUFH */
2598 case 0x41e: case 0x51e: case 0x61e: case 0x71e:
2599 case 0x81e: case 0x91e: case 0xa1e: case 0xb1e:
2600 case 0xc1e: case 0xd1e: case 0xe1e: case 0xf1e:
2601 wrd = (insn >> 12) & 0xf;
2602 rd0 = (insn >> 16) & 0xf;
2603 gen_op_iwmmxt_movq_M0_wRn(rd0);
2604 tmp = tcg_const_i32(((insn >> 16) & 0xf0) | (insn & 0x0f));
2605 gen_helper_iwmmxt_shufh(cpu_M0, cpu_env, cpu_M0, tmp);
2606 tcg_temp_free_i32(tmp);
2607 gen_op_iwmmxt_movq_wRn_M0(wrd);
2608 gen_op_iwmmxt_set_mup();
2609 gen_op_iwmmxt_set_cup();
2611 case 0x018: case 0x118: case 0x218: case 0x318: /* WADD */
2612 case 0x418: case 0x518: case 0x618: case 0x718:
2613 case 0x818: case 0x918: case 0xa18: case 0xb18:
2614 case 0xc18: case 0xd18: case 0xe18: case 0xf18:
2615 wrd = (insn >> 12) & 0xf;
2616 rd0 = (insn >> 16) & 0xf;
2617 rd1 = (insn >> 0) & 0xf;
2618 gen_op_iwmmxt_movq_M0_wRn(rd0);
2619 switch ((insn >> 20) & 0xf) {
2621 gen_op_iwmmxt_addnb_M0_wRn(rd1);
2624 gen_op_iwmmxt_addub_M0_wRn(rd1);
2627 gen_op_iwmmxt_addsb_M0_wRn(rd1);
2630 gen_op_iwmmxt_addnw_M0_wRn(rd1);
2633 gen_op_iwmmxt_adduw_M0_wRn(rd1);
2636 gen_op_iwmmxt_addsw_M0_wRn(rd1);
2639 gen_op_iwmmxt_addnl_M0_wRn(rd1);
2642 gen_op_iwmmxt_addul_M0_wRn(rd1);
2645 gen_op_iwmmxt_addsl_M0_wRn(rd1);
2650 gen_op_iwmmxt_movq_wRn_M0(wrd);
2651 gen_op_iwmmxt_set_mup();
2652 gen_op_iwmmxt_set_cup();
2654 case 0x008: case 0x108: case 0x208: case 0x308: /* WPACK */
2655 case 0x408: case 0x508: case 0x608: case 0x708:
2656 case 0x808: case 0x908: case 0xa08: case 0xb08:
2657 case 0xc08: case 0xd08: case 0xe08: case 0xf08:
2658 if (!(insn & (1 << 20)) || ((insn >> 22) & 3) == 0)
2660 wrd = (insn >> 12) & 0xf;
2661 rd0 = (insn >> 16) & 0xf;
2662 rd1 = (insn >> 0) & 0xf;
2663 gen_op_iwmmxt_movq_M0_wRn(rd0);
2664 switch ((insn >> 22) & 3) {
2666 if (insn & (1 << 21))
2667 gen_op_iwmmxt_packsw_M0_wRn(rd1);
2669 gen_op_iwmmxt_packuw_M0_wRn(rd1);
2672 if (insn & (1 << 21))
2673 gen_op_iwmmxt_packsl_M0_wRn(rd1);
2675 gen_op_iwmmxt_packul_M0_wRn(rd1);
2678 if (insn & (1 << 21))
2679 gen_op_iwmmxt_packsq_M0_wRn(rd1);
2681 gen_op_iwmmxt_packuq_M0_wRn(rd1);
2684 gen_op_iwmmxt_movq_wRn_M0(wrd);
2685 gen_op_iwmmxt_set_mup();
2686 gen_op_iwmmxt_set_cup();
2688 case 0x201: case 0x203: case 0x205: case 0x207:
2689 case 0x209: case 0x20b: case 0x20d: case 0x20f:
2690 case 0x211: case 0x213: case 0x215: case 0x217:
2691 case 0x219: case 0x21b: case 0x21d: case 0x21f:
2692 wrd = (insn >> 5) & 0xf;
2693 rd0 = (insn >> 12) & 0xf;
2694 rd1 = (insn >> 0) & 0xf;
2695 if (rd0 == 0xf || rd1 == 0xf)
2697 gen_op_iwmmxt_movq_M0_wRn(wrd);
2698 tmp = load_reg(s, rd0);
2699 tmp2 = load_reg(s, rd1);
2700 switch ((insn >> 16) & 0xf) {
2701 case 0x0: /* TMIA */
2702 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2704 case 0x8: /* TMIAPH */
2705 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2707 case 0xc: case 0xd: case 0xe: case 0xf: /* TMIAxy */
2708 if (insn & (1 << 16))
2709 tcg_gen_shri_i32(tmp, tmp, 16);
2710 if (insn & (1 << 17))
2711 tcg_gen_shri_i32(tmp2, tmp2, 16);
2712 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2715 tcg_temp_free_i32(tmp2);
2716 tcg_temp_free_i32(tmp);
2719 tcg_temp_free_i32(tmp2);
2720 tcg_temp_free_i32(tmp);
2721 gen_op_iwmmxt_movq_wRn_M0(wrd);
2722 gen_op_iwmmxt_set_mup();
2731 /* Disassemble an XScale DSP instruction. Returns nonzero if an error occurred
2732 (ie. an undefined instruction). */
2733 static int disas_dsp_insn(DisasContext *s, uint32_t insn)
2735 int acc, rd0, rd1, rdhi, rdlo;
2738 if ((insn & 0x0ff00f10) == 0x0e200010) {
2739 /* Multiply with Internal Accumulate Format */
2740 rd0 = (insn >> 12) & 0xf;
2742 acc = (insn >> 5) & 7;
2747 tmp = load_reg(s, rd0);
2748 tmp2 = load_reg(s, rd1);
2749 switch ((insn >> 16) & 0xf) {
2751 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2753 case 0x8: /* MIAPH */
2754 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2756 case 0xc: /* MIABB */
2757 case 0xd: /* MIABT */
2758 case 0xe: /* MIATB */
2759 case 0xf: /* MIATT */
2760 if (insn & (1 << 16))
2761 tcg_gen_shri_i32(tmp, tmp, 16);
2762 if (insn & (1 << 17))
2763 tcg_gen_shri_i32(tmp2, tmp2, 16);
2764 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2769 tcg_temp_free_i32(tmp2);
2770 tcg_temp_free_i32(tmp);
2772 gen_op_iwmmxt_movq_wRn_M0(acc);
2776 if ((insn & 0x0fe00ff8) == 0x0c400000) {
2777 /* Internal Accumulator Access Format */
2778 rdhi = (insn >> 16) & 0xf;
2779 rdlo = (insn >> 12) & 0xf;
2785 if (insn & ARM_CP_RW_BIT) { /* MRA */
2786 iwmmxt_load_reg(cpu_V0, acc);
2787 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
2788 tcg_gen_extrh_i64_i32(cpu_R[rdhi], cpu_V0);
2789 tcg_gen_andi_i32(cpu_R[rdhi], cpu_R[rdhi], (1 << (40 - 32)) - 1);
2791 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
2792 iwmmxt_store_reg(cpu_V0, acc);
2800 #define VFP_REG_SHR(x, n) (((n) > 0) ? (x) >> (n) : (x) << -(n))
2801 #define VFP_SREG(insn, bigbit, smallbit) \
2802 ((VFP_REG_SHR(insn, bigbit - 1) & 0x1e) | (((insn) >> (smallbit)) & 1))
2803 #define VFP_DREG(reg, insn, bigbit, smallbit) do { \
2804 if (arm_dc_feature(s, ARM_FEATURE_VFP3)) { \
2805 reg = (((insn) >> (bigbit)) & 0x0f) \
2806 | (((insn) >> ((smallbit) - 4)) & 0x10); \
2808 if (insn & (1 << (smallbit))) \
2810 reg = ((insn) >> (bigbit)) & 0x0f; \
2813 #define VFP_SREG_D(insn) VFP_SREG(insn, 12, 22)
2814 #define VFP_DREG_D(reg, insn) VFP_DREG(reg, insn, 12, 22)
2815 #define VFP_SREG_N(insn) VFP_SREG(insn, 16, 7)
2816 #define VFP_DREG_N(reg, insn) VFP_DREG(reg, insn, 16, 7)
2817 #define VFP_SREG_M(insn) VFP_SREG(insn, 0, 5)
2818 #define VFP_DREG_M(reg, insn) VFP_DREG(reg, insn, 0, 5)
2820 static void gen_neon_dup_low16(TCGv_i32 var)
2822 TCGv_i32 tmp = tcg_temp_new_i32();
2823 tcg_gen_ext16u_i32(var, var);
2824 tcg_gen_shli_i32(tmp, var, 16);
2825 tcg_gen_or_i32(var, var, tmp);
2826 tcg_temp_free_i32(tmp);
2829 static void gen_neon_dup_high16(TCGv_i32 var)
2831 TCGv_i32 tmp = tcg_temp_new_i32();
2832 tcg_gen_andi_i32(var, var, 0xffff0000);
2833 tcg_gen_shri_i32(tmp, var, 16);
2834 tcg_gen_or_i32(var, var, tmp);
2835 tcg_temp_free_i32(tmp);
2839 * Disassemble a VFP instruction. Returns nonzero if an error occurred
2840 * (ie. an undefined instruction).
2842 static int disas_vfp_insn(DisasContext *s, uint32_t insn)
2844 if (!arm_dc_feature(s, ARM_FEATURE_VFP)) {
2849 * If the decodetree decoder handles this insn it will always
2850 * emit code to either execute the insn or generate an appropriate
2851 * exception; so we don't need to ever return non-zero to tell
2852 * the calling code to emit an UNDEF exception.
2854 if (extract32(insn, 28, 4) == 0xf) {
2855 if (disas_vfp_uncond(s, insn)) {
2859 if (disas_vfp(s, insn)) {
2863 /* If the decodetree decoder didn't handle this insn, it must be UNDEF */
2867 static inline bool use_goto_tb(DisasContext *s, target_ulong dest)
2869 #ifndef CONFIG_USER_ONLY
2870 return (s->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
2871 ((s->base.pc_next - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
2877 static void gen_goto_ptr(void)
2879 tcg_gen_lookup_and_goto_ptr();
2882 /* This will end the TB but doesn't guarantee we'll return to
2883 * cpu_loop_exec. Any live exit_requests will be processed as we
2884 * enter the next TB.
2886 static void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
2888 if (use_goto_tb(s, dest)) {
2890 gen_set_pc_im(s, dest);
2891 tcg_gen_exit_tb(s->base.tb, n);
2893 gen_set_pc_im(s, dest);
2896 s->base.is_jmp = DISAS_NORETURN;
2899 static inline void gen_jmp (DisasContext *s, uint32_t dest)
2901 if (unlikely(is_singlestepping(s))) {
2902 /* An indirect jump so that we still trigger the debug exception. */
2907 gen_goto_tb(s, 0, dest);
2911 static inline void gen_mulxy(TCGv_i32 t0, TCGv_i32 t1, int x, int y)
2914 tcg_gen_sari_i32(t0, t0, 16);
2918 tcg_gen_sari_i32(t1, t1, 16);
2921 tcg_gen_mul_i32(t0, t0, t1);
2924 /* Return the mask of PSR bits set by a MSR instruction. */
2925 static uint32_t msr_mask(DisasContext *s, int flags, int spsr)
2930 if (flags & (1 << 0))
2932 if (flags & (1 << 1))
2934 if (flags & (1 << 2))
2936 if (flags & (1 << 3))
2939 /* Mask out undefined bits. */
2940 mask &= ~CPSR_RESERVED;
2941 if (!arm_dc_feature(s, ARM_FEATURE_V4T)) {
2944 if (!arm_dc_feature(s, ARM_FEATURE_V5)) {
2945 mask &= ~CPSR_Q; /* V5TE in reality*/
2947 if (!arm_dc_feature(s, ARM_FEATURE_V6)) {
2948 mask &= ~(CPSR_E | CPSR_GE);
2950 if (!arm_dc_feature(s, ARM_FEATURE_THUMB2)) {
2953 /* Mask out execution state and reserved bits. */
2955 mask &= ~(CPSR_EXEC | CPSR_RESERVED);
2957 /* Mask out privileged bits. */
2963 /* Returns nonzero if access to the PSR is not permitted. Marks t0 as dead. */
2964 static int gen_set_psr(DisasContext *s, uint32_t mask, int spsr, TCGv_i32 t0)
2968 /* ??? This is also undefined in system mode. */
2972 tmp = load_cpu_field(spsr);
2973 tcg_gen_andi_i32(tmp, tmp, ~mask);
2974 tcg_gen_andi_i32(t0, t0, mask);
2975 tcg_gen_or_i32(tmp, tmp, t0);
2976 store_cpu_field(tmp, spsr);
2978 gen_set_cpsr(t0, mask);
2980 tcg_temp_free_i32(t0);
2985 /* Returns nonzero if access to the PSR is not permitted. */
2986 static int gen_set_psr_im(DisasContext *s, uint32_t mask, int spsr, uint32_t val)
2989 tmp = tcg_temp_new_i32();
2990 tcg_gen_movi_i32(tmp, val);
2991 return gen_set_psr(s, mask, spsr, tmp);
2994 static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
2995 int *tgtmode, int *regno)
2997 /* Decode the r and sysm fields of MSR/MRS banked accesses into
2998 * the target mode and register number, and identify the various
2999 * unpredictable cases.
3000 * MSR (banked) and MRS (banked) are CONSTRAINED UNPREDICTABLE if:
3001 * + executed in user mode
3002 * + using R15 as the src/dest register
3003 * + accessing an unimplemented register
3004 * + accessing a register that's inaccessible at current PL/security state*
3005 * + accessing a register that you could access with a different insn
3006 * We choose to UNDEF in all these cases.
3007 * Since we don't know which of the various AArch32 modes we are in
3008 * we have to defer some checks to runtime.
3009 * Accesses to Monitor mode registers from Secure EL1 (which implies
3010 * that EL3 is AArch64) must trap to EL3.
3012 * If the access checks fail this function will emit code to take
3013 * an exception and return false. Otherwise it will return true,
3014 * and set *tgtmode and *regno appropriately.
3016 int exc_target = default_exception_el(s);
3018 /* These instructions are present only in ARMv8, or in ARMv7 with the
3019 * Virtualization Extensions.
3021 if (!arm_dc_feature(s, ARM_FEATURE_V8) &&
3022 !arm_dc_feature(s, ARM_FEATURE_EL2)) {
3026 if (IS_USER(s) || rn == 15) {
3030 /* The table in the v8 ARM ARM section F5.2.3 describes the encoding
3031 * of registers into (r, sysm).
3034 /* SPSRs for other modes */
3036 case 0xe: /* SPSR_fiq */
3037 *tgtmode = ARM_CPU_MODE_FIQ;
3039 case 0x10: /* SPSR_irq */
3040 *tgtmode = ARM_CPU_MODE_IRQ;
3042 case 0x12: /* SPSR_svc */
3043 *tgtmode = ARM_CPU_MODE_SVC;
3045 case 0x14: /* SPSR_abt */
3046 *tgtmode = ARM_CPU_MODE_ABT;
3048 case 0x16: /* SPSR_und */
3049 *tgtmode = ARM_CPU_MODE_UND;
3051 case 0x1c: /* SPSR_mon */
3052 *tgtmode = ARM_CPU_MODE_MON;
3054 case 0x1e: /* SPSR_hyp */
3055 *tgtmode = ARM_CPU_MODE_HYP;
3057 default: /* unallocated */
3060 /* We arbitrarily assign SPSR a register number of 16. */
3063 /* general purpose registers for other modes */
3065 case 0x0 ... 0x6: /* 0b00xxx : r8_usr ... r14_usr */
3066 *tgtmode = ARM_CPU_MODE_USR;
3069 case 0x8 ... 0xe: /* 0b01xxx : r8_fiq ... r14_fiq */
3070 *tgtmode = ARM_CPU_MODE_FIQ;
3073 case 0x10 ... 0x11: /* 0b1000x : r14_irq, r13_irq */
3074 *tgtmode = ARM_CPU_MODE_IRQ;
3075 *regno = sysm & 1 ? 13 : 14;
3077 case 0x12 ... 0x13: /* 0b1001x : r14_svc, r13_svc */
3078 *tgtmode = ARM_CPU_MODE_SVC;
3079 *regno = sysm & 1 ? 13 : 14;
3081 case 0x14 ... 0x15: /* 0b1010x : r14_abt, r13_abt */
3082 *tgtmode = ARM_CPU_MODE_ABT;
3083 *regno = sysm & 1 ? 13 : 14;
3085 case 0x16 ... 0x17: /* 0b1011x : r14_und, r13_und */
3086 *tgtmode = ARM_CPU_MODE_UND;
3087 *regno = sysm & 1 ? 13 : 14;
3089 case 0x1c ... 0x1d: /* 0b1110x : r14_mon, r13_mon */
3090 *tgtmode = ARM_CPU_MODE_MON;
3091 *regno = sysm & 1 ? 13 : 14;
3093 case 0x1e ... 0x1f: /* 0b1111x : elr_hyp, r13_hyp */
3094 *tgtmode = ARM_CPU_MODE_HYP;
3095 /* Arbitrarily pick 17 for ELR_Hyp (which is not a banked LR!) */
3096 *regno = sysm & 1 ? 13 : 17;
3098 default: /* unallocated */
3103 /* Catch the 'accessing inaccessible register' cases we can detect
3104 * at translate time.
3107 case ARM_CPU_MODE_MON:
3108 if (!arm_dc_feature(s, ARM_FEATURE_EL3) || s->ns) {
3111 if (s->current_el == 1) {
3112 /* If we're in Secure EL1 (which implies that EL3 is AArch64)
3113 * then accesses to Mon registers trap to EL3
3119 case ARM_CPU_MODE_HYP:
3121 * SPSR_hyp and r13_hyp can only be accessed from Monitor mode
3122 * (and so we can forbid accesses from EL2 or below). elr_hyp
3123 * can be accessed also from Hyp mode, so forbid accesses from
3126 if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 2 ||
3127 (s->current_el < 3 && *regno != 17)) {
3138 /* If we get here then some access check did not pass */
3139 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
3140 syn_uncategorized(), exc_target);
3144 static void gen_msr_banked(DisasContext *s, int r, int sysm, int rn)
3146 TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
3147 int tgtmode = 0, regno = 0;
3149 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, ®no)) {
3153 /* Sync state because msr_banked() can raise exceptions */
3154 gen_set_condexec(s);
3155 gen_set_pc_im(s, s->pc_curr);
3156 tcg_reg = load_reg(s, rn);
3157 tcg_tgtmode = tcg_const_i32(tgtmode);
3158 tcg_regno = tcg_const_i32(regno);
3159 gen_helper_msr_banked(cpu_env, tcg_reg, tcg_tgtmode, tcg_regno);
3160 tcg_temp_free_i32(tcg_tgtmode);
3161 tcg_temp_free_i32(tcg_regno);
3162 tcg_temp_free_i32(tcg_reg);
3163 s->base.is_jmp = DISAS_UPDATE;
3166 static void gen_mrs_banked(DisasContext *s, int r, int sysm, int rn)
3168 TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
3169 int tgtmode = 0, regno = 0;
3171 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, ®no)) {
3175 /* Sync state because mrs_banked() can raise exceptions */
3176 gen_set_condexec(s);
3177 gen_set_pc_im(s, s->pc_curr);
3178 tcg_reg = tcg_temp_new_i32();
3179 tcg_tgtmode = tcg_const_i32(tgtmode);
3180 tcg_regno = tcg_const_i32(regno);
3181 gen_helper_mrs_banked(tcg_reg, cpu_env, tcg_tgtmode, tcg_regno);
3182 tcg_temp_free_i32(tcg_tgtmode);
3183 tcg_temp_free_i32(tcg_regno);
3184 store_reg(s, rn, tcg_reg);
3185 s->base.is_jmp = DISAS_UPDATE;
3188 /* Store value to PC as for an exception return (ie don't
3189 * mask bits). The subsequent call to gen_helper_cpsr_write_eret()
3190 * will do the masking based on the new value of the Thumb bit.
3192 static void store_pc_exc_ret(DisasContext *s, TCGv_i32 pc)
3194 tcg_gen_mov_i32(cpu_R[15], pc);
3195 tcg_temp_free_i32(pc);
3198 /* Generate a v6 exception return. Marks both values as dead. */
3199 static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr)
3201 store_pc_exc_ret(s, pc);
3202 /* The cpsr_write_eret helper will mask the low bits of PC
3203 * appropriately depending on the new Thumb bit, so it must
3204 * be called after storing the new PC.
3206 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
3209 gen_helper_cpsr_write_eret(cpu_env, cpsr);
3210 tcg_temp_free_i32(cpsr);
3211 /* Must exit loop to check un-masked IRQs */
3212 s->base.is_jmp = DISAS_EXIT;
3215 /* Generate an old-style exception return. Marks pc as dead. */
3216 static void gen_exception_return(DisasContext *s, TCGv_i32 pc)
3218 gen_rfe(s, pc, load_cpu_field(spsr));
3222 * For WFI we will halt the vCPU until an IRQ. For WFE and YIELD we
3223 * only call the helper when running single threaded TCG code to ensure
3224 * the next round-robin scheduled vCPU gets a crack. In MTTCG mode we
3225 * just skip this instruction. Currently the SEV/SEVL instructions
3226 * which are *one* of many ways to wake the CPU from WFE are not
3227 * implemented so we can't sleep like WFI does.
3229 static void gen_nop_hint(DisasContext *s, int val)
3232 /* When running in MTTCG we don't generate jumps to the yield and
3233 * WFE helpers as it won't affect the scheduling of other vCPUs.
3234 * If we wanted to more completely model WFE/SEV so we don't busy
3235 * spin unnecessarily we would need to do something more involved.
3238 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
3239 gen_set_pc_im(s, s->base.pc_next);
3240 s->base.is_jmp = DISAS_YIELD;
3244 gen_set_pc_im(s, s->base.pc_next);
3245 s->base.is_jmp = DISAS_WFI;
3248 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
3249 gen_set_pc_im(s, s->base.pc_next);
3250 s->base.is_jmp = DISAS_WFE;
3255 /* TODO: Implement SEV, SEVL and WFE. May help SMP performance. */
3261 #define CPU_V001 cpu_V0, cpu_V0, cpu_V1
3263 static inline void gen_neon_add(int size, TCGv_i32 t0, TCGv_i32 t1)
3266 case 0: gen_helper_neon_add_u8(t0, t0, t1); break;
3267 case 1: gen_helper_neon_add_u16(t0, t0, t1); break;
3268 case 2: tcg_gen_add_i32(t0, t0, t1); break;
3273 static inline void gen_neon_rsb(int size, TCGv_i32 t0, TCGv_i32 t1)
3276 case 0: gen_helper_neon_sub_u8(t0, t1, t0); break;
3277 case 1: gen_helper_neon_sub_u16(t0, t1, t0); break;
3278 case 2: tcg_gen_sub_i32(t0, t1, t0); break;
3283 /* 32-bit pairwise ops end up the same as the elementwise versions. */
3284 #define gen_helper_neon_pmax_s32 tcg_gen_smax_i32
3285 #define gen_helper_neon_pmax_u32 tcg_gen_umax_i32
3286 #define gen_helper_neon_pmin_s32 tcg_gen_smin_i32
3287 #define gen_helper_neon_pmin_u32 tcg_gen_umin_i32
3289 #define GEN_NEON_INTEGER_OP_ENV(name) do { \
3290 switch ((size << 1) | u) { \
3292 gen_helper_neon_##name##_s8(tmp, cpu_env, tmp, tmp2); \
3295 gen_helper_neon_##name##_u8(tmp, cpu_env, tmp, tmp2); \
3298 gen_helper_neon_##name##_s16(tmp, cpu_env, tmp, tmp2); \
3301 gen_helper_neon_##name##_u16(tmp, cpu_env, tmp, tmp2); \
3304 gen_helper_neon_##name##_s32(tmp, cpu_env, tmp, tmp2); \
3307 gen_helper_neon_##name##_u32(tmp, cpu_env, tmp, tmp2); \
3309 default: return 1; \
3312 #define GEN_NEON_INTEGER_OP(name) do { \
3313 switch ((size << 1) | u) { \
3315 gen_helper_neon_##name##_s8(tmp, tmp, tmp2); \
3318 gen_helper_neon_##name##_u8(tmp, tmp, tmp2); \
3321 gen_helper_neon_##name##_s16(tmp, tmp, tmp2); \
3324 gen_helper_neon_##name##_u16(tmp, tmp, tmp2); \
3327 gen_helper_neon_##name##_s32(tmp, tmp, tmp2); \
3330 gen_helper_neon_##name##_u32(tmp, tmp, tmp2); \
3332 default: return 1; \
3335 static TCGv_i32 neon_load_scratch(int scratch)
3337 TCGv_i32 tmp = tcg_temp_new_i32();
3338 tcg_gen_ld_i32(tmp, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
3342 static void neon_store_scratch(int scratch, TCGv_i32 var)
3344 tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
3345 tcg_temp_free_i32(var);
3348 static inline TCGv_i32 neon_get_scalar(int size, int reg)
3352 tmp = neon_load_reg(reg & 7, reg >> 4);
3354 gen_neon_dup_high16(tmp);
3356 gen_neon_dup_low16(tmp);
3359 tmp = neon_load_reg(reg & 15, reg >> 4);
3364 static int gen_neon_unzip(int rd, int rm, int size, int q)
3368 if (!q && size == 2) {
3371 pd = vfp_reg_ptr(true, rd);
3372 pm = vfp_reg_ptr(true, rm);
3376 gen_helper_neon_qunzip8(pd, pm);
3379 gen_helper_neon_qunzip16(pd, pm);
3382 gen_helper_neon_qunzip32(pd, pm);
3390 gen_helper_neon_unzip8(pd, pm);
3393 gen_helper_neon_unzip16(pd, pm);
3399 tcg_temp_free_ptr(pd);
3400 tcg_temp_free_ptr(pm);
3404 static int gen_neon_zip(int rd, int rm, int size, int q)
3408 if (!q && size == 2) {
3411 pd = vfp_reg_ptr(true, rd);
3412 pm = vfp_reg_ptr(true, rm);
3416 gen_helper_neon_qzip8(pd, pm);
3419 gen_helper_neon_qzip16(pd, pm);
3422 gen_helper_neon_qzip32(pd, pm);
3430 gen_helper_neon_zip8(pd, pm);
3433 gen_helper_neon_zip16(pd, pm);
3439 tcg_temp_free_ptr(pd);
3440 tcg_temp_free_ptr(pm);
3444 static void gen_neon_trn_u8(TCGv_i32 t0, TCGv_i32 t1)
3448 rd = tcg_temp_new_i32();
3449 tmp = tcg_temp_new_i32();
3451 tcg_gen_shli_i32(rd, t0, 8);
3452 tcg_gen_andi_i32(rd, rd, 0xff00ff00);
3453 tcg_gen_andi_i32(tmp, t1, 0x00ff00ff);
3454 tcg_gen_or_i32(rd, rd, tmp);
3456 tcg_gen_shri_i32(t1, t1, 8);
3457 tcg_gen_andi_i32(t1, t1, 0x00ff00ff);
3458 tcg_gen_andi_i32(tmp, t0, 0xff00ff00);
3459 tcg_gen_or_i32(t1, t1, tmp);
3460 tcg_gen_mov_i32(t0, rd);
3462 tcg_temp_free_i32(tmp);
3463 tcg_temp_free_i32(rd);
3466 static void gen_neon_trn_u16(TCGv_i32 t0, TCGv_i32 t1)
3470 rd = tcg_temp_new_i32();
3471 tmp = tcg_temp_new_i32();
3473 tcg_gen_shli_i32(rd, t0, 16);
3474 tcg_gen_andi_i32(tmp, t1, 0xffff);
3475 tcg_gen_or_i32(rd, rd, tmp);
3476 tcg_gen_shri_i32(t1, t1, 16);
3477 tcg_gen_andi_i32(tmp, t0, 0xffff0000);
3478 tcg_gen_or_i32(t1, t1, tmp);
3479 tcg_gen_mov_i32(t0, rd);
3481 tcg_temp_free_i32(tmp);
3482 tcg_temp_free_i32(rd);
3490 } const neon_ls_element_type[11] = {
3504 /* Translate a NEON load/store element instruction. Return nonzero if the
3505 instruction is invalid. */
3506 static int disas_neon_ls_insn(DisasContext *s, uint32_t insn)
3526 /* FIXME: this access check should not take precedence over UNDEF
3527 * for invalid encodings; we will generate incorrect syndrome information
3528 * for attempts to execute invalid vfp/neon encodings with FP disabled.
3530 if (s->fp_excp_el) {
3531 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
3532 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
3536 if (!s->vfp_enabled)
3538 VFP_DREG_D(rd, insn);
3539 rn = (insn >> 16) & 0xf;
3541 load = (insn & (1 << 21)) != 0;
3542 endian = s->be_data;
3543 mmu_idx = get_mem_index(s);
3544 if ((insn & (1 << 23)) == 0) {
3545 /* Load store all elements. */
3546 op = (insn >> 8) & 0xf;
3547 size = (insn >> 6) & 3;
3550 /* Catch UNDEF cases for bad values of align field */
3553 if (((insn >> 5) & 1) == 1) {
3558 if (((insn >> 4) & 3) == 3) {
3565 nregs = neon_ls_element_type[op].nregs;
3566 interleave = neon_ls_element_type[op].interleave;
3567 spacing = neon_ls_element_type[op].spacing;
3568 if (size == 3 && (interleave | spacing) != 1) {
3571 /* For our purposes, bytes are always little-endian. */
3575 /* Consecutive little-endian elements from a single register
3576 * can be promoted to a larger little-endian operation.
3578 if (interleave == 1 && endian == MO_LE) {
3581 tmp64 = tcg_temp_new_i64();
3582 addr = tcg_temp_new_i32();
3583 tmp2 = tcg_const_i32(1 << size);
3584 load_reg_var(s, addr, rn);
3585 for (reg = 0; reg < nregs; reg++) {
3586 for (n = 0; n < 8 >> size; n++) {
3588 for (xs = 0; xs < interleave; xs++) {
3589 int tt = rd + reg + spacing * xs;
3592 gen_aa32_ld_i64(s, tmp64, addr, mmu_idx, endian | size);
3593 neon_store_element64(tt, n, size, tmp64);
3595 neon_load_element64(tmp64, tt, n, size);
3596 gen_aa32_st_i64(s, tmp64, addr, mmu_idx, endian | size);
3598 tcg_gen_add_i32(addr, addr, tmp2);
3602 tcg_temp_free_i32(addr);
3603 tcg_temp_free_i32(tmp2);
3604 tcg_temp_free_i64(tmp64);
3605 stride = nregs * interleave * 8;
3607 size = (insn >> 10) & 3;
3609 /* Load single element to all lanes. */
3610 int a = (insn >> 4) & 1;
3614 size = (insn >> 6) & 3;
3615 nregs = ((insn >> 8) & 3) + 1;
3618 if (nregs != 4 || a == 0) {
3621 /* For VLD4 size==3 a == 1 means 32 bits at 16 byte alignment */
3624 if (nregs == 1 && a == 1 && size == 0) {
3627 if (nregs == 3 && a == 1) {
3630 addr = tcg_temp_new_i32();
3631 load_reg_var(s, addr, rn);
3633 /* VLD1 to all lanes: bit 5 indicates how many Dregs to write.
3634 * VLD2/3/4 to all lanes: bit 5 indicates register stride.
3636 stride = (insn & (1 << 5)) ? 2 : 1;
3637 vec_size = nregs == 1 ? stride * 8 : 8;
3639 tmp = tcg_temp_new_i32();
3640 for (reg = 0; reg < nregs; reg++) {
3641 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
3643 if ((rd & 1) && vec_size == 16) {
3644 /* We cannot write 16 bytes at once because the
3645 * destination is unaligned.
3647 tcg_gen_gvec_dup_i32(size, neon_reg_offset(rd, 0),
3649 tcg_gen_gvec_mov(0, neon_reg_offset(rd + 1, 0),
3650 neon_reg_offset(rd, 0), 8, 8);
3652 tcg_gen_gvec_dup_i32(size, neon_reg_offset(rd, 0),
3653 vec_size, vec_size, tmp);
3655 tcg_gen_addi_i32(addr, addr, 1 << size);
3658 tcg_temp_free_i32(tmp);
3659 tcg_temp_free_i32(addr);
3660 stride = (1 << size) * nregs;
3662 /* Single element. */
3663 int idx = (insn >> 4) & 0xf;
3667 reg_idx = (insn >> 5) & 7;
3671 reg_idx = (insn >> 6) & 3;
3672 stride = (insn & (1 << 5)) ? 2 : 1;
3675 reg_idx = (insn >> 7) & 1;
3676 stride = (insn & (1 << 6)) ? 2 : 1;
3681 nregs = ((insn >> 8) & 3) + 1;
3682 /* Catch the UNDEF cases. This is unavoidably a bit messy. */
3685 if (((idx & (1 << size)) != 0) ||
3686 (size == 2 && ((idx & 3) == 1 || (idx & 3) == 2))) {
3691 if ((idx & 1) != 0) {
3696 if (size == 2 && (idx & 2) != 0) {
3701 if ((size == 2) && ((idx & 3) == 3)) {
3708 if ((rd + stride * (nregs - 1)) > 31) {
3709 /* Attempts to write off the end of the register file
3710 * are UNPREDICTABLE; we choose to UNDEF because otherwise
3711 * the neon_load_reg() would write off the end of the array.
3715 tmp = tcg_temp_new_i32();
3716 addr = tcg_temp_new_i32();
3717 load_reg_var(s, addr, rn);
3718 for (reg = 0; reg < nregs; reg++) {
3720 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
3722 neon_store_element(rd, reg_idx, size, tmp);
3723 } else { /* Store */
3724 neon_load_element(tmp, rd, reg_idx, size);
3725 gen_aa32_st_i32(s, tmp, addr, get_mem_index(s),
3729 tcg_gen_addi_i32(addr, addr, 1 << size);
3731 tcg_temp_free_i32(addr);
3732 tcg_temp_free_i32(tmp);
3733 stride = nregs * (1 << size);
3739 base = load_reg(s, rn);
3741 tcg_gen_addi_i32(base, base, stride);
3744 index = load_reg(s, rm);
3745 tcg_gen_add_i32(base, base, index);
3746 tcg_temp_free_i32(index);
3748 store_reg(s, rn, base);
3753 static inline void gen_neon_narrow(int size, TCGv_i32 dest, TCGv_i64 src)
3756 case 0: gen_helper_neon_narrow_u8(dest, src); break;
3757 case 1: gen_helper_neon_narrow_u16(dest, src); break;
3758 case 2: tcg_gen_extrl_i64_i32(dest, src); break;
3763 static inline void gen_neon_narrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
3766 case 0: gen_helper_neon_narrow_sat_s8(dest, cpu_env, src); break;
3767 case 1: gen_helper_neon_narrow_sat_s16(dest, cpu_env, src); break;
3768 case 2: gen_helper_neon_narrow_sat_s32(dest, cpu_env, src); break;
3773 static inline void gen_neon_narrow_satu(int size, TCGv_i32 dest, TCGv_i64 src)
3776 case 0: gen_helper_neon_narrow_sat_u8(dest, cpu_env, src); break;
3777 case 1: gen_helper_neon_narrow_sat_u16(dest, cpu_env, src); break;
3778 case 2: gen_helper_neon_narrow_sat_u32(dest, cpu_env, src); break;
3783 static inline void gen_neon_unarrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
3786 case 0: gen_helper_neon_unarrow_sat8(dest, cpu_env, src); break;
3787 case 1: gen_helper_neon_unarrow_sat16(dest, cpu_env, src); break;
3788 case 2: gen_helper_neon_unarrow_sat32(dest, cpu_env, src); break;
3793 static inline void gen_neon_shift_narrow(int size, TCGv_i32 var, TCGv_i32 shift,
3799 case 1: gen_helper_neon_rshl_u16(var, var, shift); break;
3800 case 2: gen_helper_neon_rshl_u32(var, var, shift); break;
3805 case 1: gen_helper_neon_rshl_s16(var, var, shift); break;
3806 case 2: gen_helper_neon_rshl_s32(var, var, shift); break;
3813 case 1: gen_helper_neon_shl_u16(var, var, shift); break;
3814 case 2: gen_helper_neon_shl_u32(var, var, shift); break;
3819 case 1: gen_helper_neon_shl_s16(var, var, shift); break;
3820 case 2: gen_helper_neon_shl_s32(var, var, shift); break;
3827 static inline void gen_neon_widen(TCGv_i64 dest, TCGv_i32 src, int size, int u)
3831 case 0: gen_helper_neon_widen_u8(dest, src); break;
3832 case 1: gen_helper_neon_widen_u16(dest, src); break;
3833 case 2: tcg_gen_extu_i32_i64(dest, src); break;
3838 case 0: gen_helper_neon_widen_s8(dest, src); break;
3839 case 1: gen_helper_neon_widen_s16(dest, src); break;
3840 case 2: tcg_gen_ext_i32_i64(dest, src); break;
3844 tcg_temp_free_i32(src);
3847 static inline void gen_neon_addl(int size)
3850 case 0: gen_helper_neon_addl_u16(CPU_V001); break;
3851 case 1: gen_helper_neon_addl_u32(CPU_V001); break;
3852 case 2: tcg_gen_add_i64(CPU_V001); break;
3857 static inline void gen_neon_subl(int size)
3860 case 0: gen_helper_neon_subl_u16(CPU_V001); break;
3861 case 1: gen_helper_neon_subl_u32(CPU_V001); break;
3862 case 2: tcg_gen_sub_i64(CPU_V001); break;
3867 static inline void gen_neon_negl(TCGv_i64 var, int size)
3870 case 0: gen_helper_neon_negl_u16(var, var); break;
3871 case 1: gen_helper_neon_negl_u32(var, var); break;
3873 tcg_gen_neg_i64(var, var);
3879 static inline void gen_neon_addl_saturate(TCGv_i64 op0, TCGv_i64 op1, int size)
3882 case 1: gen_helper_neon_addl_saturate_s32(op0, cpu_env, op0, op1); break;
3883 case 2: gen_helper_neon_addl_saturate_s64(op0, cpu_env, op0, op1); break;
3888 static inline void gen_neon_mull(TCGv_i64 dest, TCGv_i32 a, TCGv_i32 b,
3893 switch ((size << 1) | u) {
3894 case 0: gen_helper_neon_mull_s8(dest, a, b); break;
3895 case 1: gen_helper_neon_mull_u8(dest, a, b); break;
3896 case 2: gen_helper_neon_mull_s16(dest, a, b); break;
3897 case 3: gen_helper_neon_mull_u16(dest, a, b); break;
3899 tmp = gen_muls_i64_i32(a, b);
3900 tcg_gen_mov_i64(dest, tmp);
3901 tcg_temp_free_i64(tmp);
3904 tmp = gen_mulu_i64_i32(a, b);
3905 tcg_gen_mov_i64(dest, tmp);
3906 tcg_temp_free_i64(tmp);
3911 /* gen_helper_neon_mull_[su]{8|16} do not free their parameters.
3912 Don't forget to clean them now. */
3914 tcg_temp_free_i32(a);
3915 tcg_temp_free_i32(b);
3919 static void gen_neon_narrow_op(int op, int u, int size,
3920 TCGv_i32 dest, TCGv_i64 src)
3924 gen_neon_unarrow_sats(size, dest, src);
3926 gen_neon_narrow(size, dest, src);
3930 gen_neon_narrow_satu(size, dest, src);
3932 gen_neon_narrow_sats(size, dest, src);
3937 /* Symbolic constants for op fields for Neon 3-register same-length.
3938 * The values correspond to bits [11:8,4]; see the ARM ARM DDI0406B
3941 #define NEON_3R_VHADD 0
3942 #define NEON_3R_VQADD 1
3943 #define NEON_3R_VRHADD 2
3944 #define NEON_3R_LOGIC 3 /* VAND,VBIC,VORR,VMOV,VORN,VEOR,VBIF,VBIT,VBSL */
3945 #define NEON_3R_VHSUB 4
3946 #define NEON_3R_VQSUB 5
3947 #define NEON_3R_VCGT 6
3948 #define NEON_3R_VCGE 7
3949 #define NEON_3R_VSHL 8
3950 #define NEON_3R_VQSHL 9
3951 #define NEON_3R_VRSHL 10
3952 #define NEON_3R_VQRSHL 11
3953 #define NEON_3R_VMAX 12
3954 #define NEON_3R_VMIN 13
3955 #define NEON_3R_VABD 14
3956 #define NEON_3R_VABA 15
3957 #define NEON_3R_VADD_VSUB 16
3958 #define NEON_3R_VTST_VCEQ 17
3959 #define NEON_3R_VML 18 /* VMLA, VMLS */
3960 #define NEON_3R_VMUL 19
3961 #define NEON_3R_VPMAX 20
3962 #define NEON_3R_VPMIN 21
3963 #define NEON_3R_VQDMULH_VQRDMULH 22
3964 #define NEON_3R_VPADD_VQRDMLAH 23
3965 #define NEON_3R_SHA 24 /* SHA1C,SHA1P,SHA1M,SHA1SU0,SHA256H{2},SHA256SU1 */
3966 #define NEON_3R_VFM_VQRDMLSH 25 /* VFMA, VFMS, VQRDMLSH */
3967 #define NEON_3R_FLOAT_ARITH 26 /* float VADD, VSUB, VPADD, VABD */
3968 #define NEON_3R_FLOAT_MULTIPLY 27 /* float VMLA, VMLS, VMUL */
3969 #define NEON_3R_FLOAT_CMP 28 /* float VCEQ, VCGE, VCGT */
3970 #define NEON_3R_FLOAT_ACMP 29 /* float VACGE, VACGT, VACLE, VACLT */
3971 #define NEON_3R_FLOAT_MINMAX 30 /* float VMIN, VMAX */
3972 #define NEON_3R_FLOAT_MISC 31 /* float VRECPS, VRSQRTS, VMAXNM/MINNM */
3974 static const uint8_t neon_3r_sizes[] = {
3975 [NEON_3R_VHADD] = 0x7,
3976 [NEON_3R_VQADD] = 0xf,
3977 [NEON_3R_VRHADD] = 0x7,
3978 [NEON_3R_LOGIC] = 0xf, /* size field encodes op type */
3979 [NEON_3R_VHSUB] = 0x7,
3980 [NEON_3R_VQSUB] = 0xf,
3981 [NEON_3R_VCGT] = 0x7,
3982 [NEON_3R_VCGE] = 0x7,
3983 [NEON_3R_VSHL] = 0xf,
3984 [NEON_3R_VQSHL] = 0xf,
3985 [NEON_3R_VRSHL] = 0xf,
3986 [NEON_3R_VQRSHL] = 0xf,
3987 [NEON_3R_VMAX] = 0x7,
3988 [NEON_3R_VMIN] = 0x7,
3989 [NEON_3R_VABD] = 0x7,
3990 [NEON_3R_VABA] = 0x7,
3991 [NEON_3R_VADD_VSUB] = 0xf,
3992 [NEON_3R_VTST_VCEQ] = 0x7,
3993 [NEON_3R_VML] = 0x7,
3994 [NEON_3R_VMUL] = 0x7,
3995 [NEON_3R_VPMAX] = 0x7,
3996 [NEON_3R_VPMIN] = 0x7,
3997 [NEON_3R_VQDMULH_VQRDMULH] = 0x6,
3998 [NEON_3R_VPADD_VQRDMLAH] = 0x7,
3999 [NEON_3R_SHA] = 0xf, /* size field encodes op type */
4000 [NEON_3R_VFM_VQRDMLSH] = 0x7, /* For VFM, size bit 1 encodes op */
4001 [NEON_3R_FLOAT_ARITH] = 0x5, /* size bit 1 encodes op */
4002 [NEON_3R_FLOAT_MULTIPLY] = 0x5, /* size bit 1 encodes op */
4003 [NEON_3R_FLOAT_CMP] = 0x5, /* size bit 1 encodes op */
4004 [NEON_3R_FLOAT_ACMP] = 0x5, /* size bit 1 encodes op */
4005 [NEON_3R_FLOAT_MINMAX] = 0x5, /* size bit 1 encodes op */
4006 [NEON_3R_FLOAT_MISC] = 0x5, /* size bit 1 encodes op */
4009 /* Symbolic constants for op fields for Neon 2-register miscellaneous.
4010 * The values correspond to bits [17:16,10:7]; see the ARM ARM DDI0406B
4013 #define NEON_2RM_VREV64 0
4014 #define NEON_2RM_VREV32 1
4015 #define NEON_2RM_VREV16 2
4016 #define NEON_2RM_VPADDL 4
4017 #define NEON_2RM_VPADDL_U 5
4018 #define NEON_2RM_AESE 6 /* Includes AESD */
4019 #define NEON_2RM_AESMC 7 /* Includes AESIMC */
4020 #define NEON_2RM_VCLS 8
4021 #define NEON_2RM_VCLZ 9
4022 #define NEON_2RM_VCNT 10
4023 #define NEON_2RM_VMVN 11
4024 #define NEON_2RM_VPADAL 12
4025 #define NEON_2RM_VPADAL_U 13
4026 #define NEON_2RM_VQABS 14
4027 #define NEON_2RM_VQNEG 15
4028 #define NEON_2RM_VCGT0 16
4029 #define NEON_2RM_VCGE0 17
4030 #define NEON_2RM_VCEQ0 18
4031 #define NEON_2RM_VCLE0 19
4032 #define NEON_2RM_VCLT0 20
4033 #define NEON_2RM_SHA1H 21
4034 #define NEON_2RM_VABS 22
4035 #define NEON_2RM_VNEG 23
4036 #define NEON_2RM_VCGT0_F 24
4037 #define NEON_2RM_VCGE0_F 25
4038 #define NEON_2RM_VCEQ0_F 26
4039 #define NEON_2RM_VCLE0_F 27
4040 #define NEON_2RM_VCLT0_F 28
4041 #define NEON_2RM_VABS_F 30
4042 #define NEON_2RM_VNEG_F 31
4043 #define NEON_2RM_VSWP 32
4044 #define NEON_2RM_VTRN 33
4045 #define NEON_2RM_VUZP 34
4046 #define NEON_2RM_VZIP 35
4047 #define NEON_2RM_VMOVN 36 /* Includes VQMOVN, VQMOVUN */
4048 #define NEON_2RM_VQMOVN 37 /* Includes VQMOVUN */
4049 #define NEON_2RM_VSHLL 38
4050 #define NEON_2RM_SHA1SU1 39 /* Includes SHA256SU0 */
4051 #define NEON_2RM_VRINTN 40
4052 #define NEON_2RM_VRINTX 41
4053 #define NEON_2RM_VRINTA 42
4054 #define NEON_2RM_VRINTZ 43
4055 #define NEON_2RM_VCVT_F16_F32 44
4056 #define NEON_2RM_VRINTM 45
4057 #define NEON_2RM_VCVT_F32_F16 46
4058 #define NEON_2RM_VRINTP 47
4059 #define NEON_2RM_VCVTAU 48
4060 #define NEON_2RM_VCVTAS 49
4061 #define NEON_2RM_VCVTNU 50
4062 #define NEON_2RM_VCVTNS 51
4063 #define NEON_2RM_VCVTPU 52
4064 #define NEON_2RM_VCVTPS 53
4065 #define NEON_2RM_VCVTMU 54
4066 #define NEON_2RM_VCVTMS 55
4067 #define NEON_2RM_VRECPE 56
4068 #define NEON_2RM_VRSQRTE 57
4069 #define NEON_2RM_VRECPE_F 58
4070 #define NEON_2RM_VRSQRTE_F 59
4071 #define NEON_2RM_VCVT_FS 60
4072 #define NEON_2RM_VCVT_FU 61
4073 #define NEON_2RM_VCVT_SF 62
4074 #define NEON_2RM_VCVT_UF 63
4076 static bool neon_2rm_is_v8_op(int op)
4078 /* Return true if this neon 2reg-misc op is ARMv8 and up */
4080 case NEON_2RM_VRINTN:
4081 case NEON_2RM_VRINTA:
4082 case NEON_2RM_VRINTM:
4083 case NEON_2RM_VRINTP:
4084 case NEON_2RM_VRINTZ:
4085 case NEON_2RM_VRINTX:
4086 case NEON_2RM_VCVTAU:
4087 case NEON_2RM_VCVTAS:
4088 case NEON_2RM_VCVTNU:
4089 case NEON_2RM_VCVTNS:
4090 case NEON_2RM_VCVTPU:
4091 case NEON_2RM_VCVTPS:
4092 case NEON_2RM_VCVTMU:
4093 case NEON_2RM_VCVTMS:
4100 /* Each entry in this array has bit n set if the insn allows
4101 * size value n (otherwise it will UNDEF). Since unallocated
4102 * op values will have no bits set they always UNDEF.
4104 static const uint8_t neon_2rm_sizes[] = {
4105 [NEON_2RM_VREV64] = 0x7,
4106 [NEON_2RM_VREV32] = 0x3,
4107 [NEON_2RM_VREV16] = 0x1,
4108 [NEON_2RM_VPADDL] = 0x7,
4109 [NEON_2RM_VPADDL_U] = 0x7,
4110 [NEON_2RM_AESE] = 0x1,
4111 [NEON_2RM_AESMC] = 0x1,
4112 [NEON_2RM_VCLS] = 0x7,
4113 [NEON_2RM_VCLZ] = 0x7,
4114 [NEON_2RM_VCNT] = 0x1,
4115 [NEON_2RM_VMVN] = 0x1,
4116 [NEON_2RM_VPADAL] = 0x7,
4117 [NEON_2RM_VPADAL_U] = 0x7,
4118 [NEON_2RM_VQABS] = 0x7,
4119 [NEON_2RM_VQNEG] = 0x7,
4120 [NEON_2RM_VCGT0] = 0x7,
4121 [NEON_2RM_VCGE0] = 0x7,
4122 [NEON_2RM_VCEQ0] = 0x7,
4123 [NEON_2RM_VCLE0] = 0x7,
4124 [NEON_2RM_VCLT0] = 0x7,
4125 [NEON_2RM_SHA1H] = 0x4,
4126 [NEON_2RM_VABS] = 0x7,
4127 [NEON_2RM_VNEG] = 0x7,
4128 [NEON_2RM_VCGT0_F] = 0x4,
4129 [NEON_2RM_VCGE0_F] = 0x4,
4130 [NEON_2RM_VCEQ0_F] = 0x4,
4131 [NEON_2RM_VCLE0_F] = 0x4,
4132 [NEON_2RM_VCLT0_F] = 0x4,
4133 [NEON_2RM_VABS_F] = 0x4,
4134 [NEON_2RM_VNEG_F] = 0x4,
4135 [NEON_2RM_VSWP] = 0x1,
4136 [NEON_2RM_VTRN] = 0x7,
4137 [NEON_2RM_VUZP] = 0x7,
4138 [NEON_2RM_VZIP] = 0x7,
4139 [NEON_2RM_VMOVN] = 0x7,
4140 [NEON_2RM_VQMOVN] = 0x7,
4141 [NEON_2RM_VSHLL] = 0x7,
4142 [NEON_2RM_SHA1SU1] = 0x4,
4143 [NEON_2RM_VRINTN] = 0x4,
4144 [NEON_2RM_VRINTX] = 0x4,
4145 [NEON_2RM_VRINTA] = 0x4,
4146 [NEON_2RM_VRINTZ] = 0x4,
4147 [NEON_2RM_VCVT_F16_F32] = 0x2,
4148 [NEON_2RM_VRINTM] = 0x4,
4149 [NEON_2RM_VCVT_F32_F16] = 0x2,
4150 [NEON_2RM_VRINTP] = 0x4,
4151 [NEON_2RM_VCVTAU] = 0x4,
4152 [NEON_2RM_VCVTAS] = 0x4,
4153 [NEON_2RM_VCVTNU] = 0x4,
4154 [NEON_2RM_VCVTNS] = 0x4,
4155 [NEON_2RM_VCVTPU] = 0x4,
4156 [NEON_2RM_VCVTPS] = 0x4,
4157 [NEON_2RM_VCVTMU] = 0x4,
4158 [NEON_2RM_VCVTMS] = 0x4,
4159 [NEON_2RM_VRECPE] = 0x4,
4160 [NEON_2RM_VRSQRTE] = 0x4,
4161 [NEON_2RM_VRECPE_F] = 0x4,
4162 [NEON_2RM_VRSQRTE_F] = 0x4,
4163 [NEON_2RM_VCVT_FS] = 0x4,
4164 [NEON_2RM_VCVT_FU] = 0x4,
4165 [NEON_2RM_VCVT_SF] = 0x4,
4166 [NEON_2RM_VCVT_UF] = 0x4,
4170 /* Expand v8.1 simd helper. */
4171 static int do_v81_helper(DisasContext *s, gen_helper_gvec_3_ptr *fn,
4172 int q, int rd, int rn, int rm)
4174 if (dc_isar_feature(aa32_rdm, s)) {
4175 int opr_sz = (1 + q) * 8;
4176 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd),
4177 vfp_reg_offset(1, rn),
4178 vfp_reg_offset(1, rm), cpu_env,
4179 opr_sz, opr_sz, 0, fn);
4185 static void gen_ssra8_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4187 tcg_gen_vec_sar8i_i64(a, a, shift);
4188 tcg_gen_vec_add8_i64(d, d, a);
4191 static void gen_ssra16_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4193 tcg_gen_vec_sar16i_i64(a, a, shift);
4194 tcg_gen_vec_add16_i64(d, d, a);
4197 static void gen_ssra32_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4199 tcg_gen_sari_i32(a, a, shift);
4200 tcg_gen_add_i32(d, d, a);
4203 static void gen_ssra64_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4205 tcg_gen_sari_i64(a, a, shift);
4206 tcg_gen_add_i64(d, d, a);
4209 static void gen_ssra_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4211 tcg_gen_sari_vec(vece, a, a, sh);
4212 tcg_gen_add_vec(vece, d, d, a);
4215 static const TCGOpcode vecop_list_ssra[] = {
4216 INDEX_op_sari_vec, INDEX_op_add_vec, 0
4219 const GVecGen2i ssra_op[4] = {
4220 { .fni8 = gen_ssra8_i64,
4221 .fniv = gen_ssra_vec,
4223 .opt_opc = vecop_list_ssra,
4225 { .fni8 = gen_ssra16_i64,
4226 .fniv = gen_ssra_vec,
4228 .opt_opc = vecop_list_ssra,
4230 { .fni4 = gen_ssra32_i32,
4231 .fniv = gen_ssra_vec,
4233 .opt_opc = vecop_list_ssra,
4235 { .fni8 = gen_ssra64_i64,
4236 .fniv = gen_ssra_vec,
4237 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4238 .opt_opc = vecop_list_ssra,
4243 static void gen_usra8_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4245 tcg_gen_vec_shr8i_i64(a, a, shift);
4246 tcg_gen_vec_add8_i64(d, d, a);
4249 static void gen_usra16_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4251 tcg_gen_vec_shr16i_i64(a, a, shift);
4252 tcg_gen_vec_add16_i64(d, d, a);
4255 static void gen_usra32_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4257 tcg_gen_shri_i32(a, a, shift);
4258 tcg_gen_add_i32(d, d, a);
4261 static void gen_usra64_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4263 tcg_gen_shri_i64(a, a, shift);
4264 tcg_gen_add_i64(d, d, a);
4267 static void gen_usra_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4269 tcg_gen_shri_vec(vece, a, a, sh);
4270 tcg_gen_add_vec(vece, d, d, a);
4273 static const TCGOpcode vecop_list_usra[] = {
4274 INDEX_op_shri_vec, INDEX_op_add_vec, 0
4277 const GVecGen2i usra_op[4] = {
4278 { .fni8 = gen_usra8_i64,
4279 .fniv = gen_usra_vec,
4281 .opt_opc = vecop_list_usra,
4283 { .fni8 = gen_usra16_i64,
4284 .fniv = gen_usra_vec,
4286 .opt_opc = vecop_list_usra,
4288 { .fni4 = gen_usra32_i32,
4289 .fniv = gen_usra_vec,
4291 .opt_opc = vecop_list_usra,
4293 { .fni8 = gen_usra64_i64,
4294 .fniv = gen_usra_vec,
4295 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4297 .opt_opc = vecop_list_usra,
4301 static void gen_shr8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4303 uint64_t mask = dup_const(MO_8, 0xff >> shift);
4304 TCGv_i64 t = tcg_temp_new_i64();
4306 tcg_gen_shri_i64(t, a, shift);
4307 tcg_gen_andi_i64(t, t, mask);
4308 tcg_gen_andi_i64(d, d, ~mask);
4309 tcg_gen_or_i64(d, d, t);
4310 tcg_temp_free_i64(t);
4313 static void gen_shr16_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4315 uint64_t mask = dup_const(MO_16, 0xffff >> shift);
4316 TCGv_i64 t = tcg_temp_new_i64();
4318 tcg_gen_shri_i64(t, a, shift);
4319 tcg_gen_andi_i64(t, t, mask);
4320 tcg_gen_andi_i64(d, d, ~mask);
4321 tcg_gen_or_i64(d, d, t);
4322 tcg_temp_free_i64(t);
4325 static void gen_shr32_ins_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4327 tcg_gen_shri_i32(a, a, shift);
4328 tcg_gen_deposit_i32(d, d, a, 0, 32 - shift);
4331 static void gen_shr64_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4333 tcg_gen_shri_i64(a, a, shift);
4334 tcg_gen_deposit_i64(d, d, a, 0, 64 - shift);
4337 static void gen_shr_ins_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4340 tcg_gen_mov_vec(d, a);
4342 TCGv_vec t = tcg_temp_new_vec_matching(d);
4343 TCGv_vec m = tcg_temp_new_vec_matching(d);
4345 tcg_gen_dupi_vec(vece, m, MAKE_64BIT_MASK((8 << vece) - sh, sh));
4346 tcg_gen_shri_vec(vece, t, a, sh);
4347 tcg_gen_and_vec(vece, d, d, m);
4348 tcg_gen_or_vec(vece, d, d, t);
4350 tcg_temp_free_vec(t);
4351 tcg_temp_free_vec(m);
4355 static const TCGOpcode vecop_list_sri[] = { INDEX_op_shri_vec, 0 };
4357 const GVecGen2i sri_op[4] = {
4358 { .fni8 = gen_shr8_ins_i64,
4359 .fniv = gen_shr_ins_vec,
4361 .opt_opc = vecop_list_sri,
4363 { .fni8 = gen_shr16_ins_i64,
4364 .fniv = gen_shr_ins_vec,
4366 .opt_opc = vecop_list_sri,
4368 { .fni4 = gen_shr32_ins_i32,
4369 .fniv = gen_shr_ins_vec,
4371 .opt_opc = vecop_list_sri,
4373 { .fni8 = gen_shr64_ins_i64,
4374 .fniv = gen_shr_ins_vec,
4375 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4377 .opt_opc = vecop_list_sri,
4381 static void gen_shl8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4383 uint64_t mask = dup_const(MO_8, 0xff << shift);
4384 TCGv_i64 t = tcg_temp_new_i64();
4386 tcg_gen_shli_i64(t, a, shift);
4387 tcg_gen_andi_i64(t, t, mask);
4388 tcg_gen_andi_i64(d, d, ~mask);
4389 tcg_gen_or_i64(d, d, t);
4390 tcg_temp_free_i64(t);
4393 static void gen_shl16_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4395 uint64_t mask = dup_const(MO_16, 0xffff << shift);
4396 TCGv_i64 t = tcg_temp_new_i64();
4398 tcg_gen_shli_i64(t, a, shift);
4399 tcg_gen_andi_i64(t, t, mask);
4400 tcg_gen_andi_i64(d, d, ~mask);
4401 tcg_gen_or_i64(d, d, t);
4402 tcg_temp_free_i64(t);
4405 static void gen_shl32_ins_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4407 tcg_gen_deposit_i32(d, d, a, shift, 32 - shift);
4410 static void gen_shl64_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4412 tcg_gen_deposit_i64(d, d, a, shift, 64 - shift);
4415 static void gen_shl_ins_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4418 tcg_gen_mov_vec(d, a);
4420 TCGv_vec t = tcg_temp_new_vec_matching(d);
4421 TCGv_vec m = tcg_temp_new_vec_matching(d);
4423 tcg_gen_dupi_vec(vece, m, MAKE_64BIT_MASK(0, sh));
4424 tcg_gen_shli_vec(vece, t, a, sh);
4425 tcg_gen_and_vec(vece, d, d, m);
4426 tcg_gen_or_vec(vece, d, d, t);
4428 tcg_temp_free_vec(t);
4429 tcg_temp_free_vec(m);
4433 static const TCGOpcode vecop_list_sli[] = { INDEX_op_shli_vec, 0 };
4435 const GVecGen2i sli_op[4] = {
4436 { .fni8 = gen_shl8_ins_i64,
4437 .fniv = gen_shl_ins_vec,
4439 .opt_opc = vecop_list_sli,
4441 { .fni8 = gen_shl16_ins_i64,
4442 .fniv = gen_shl_ins_vec,
4444 .opt_opc = vecop_list_sli,
4446 { .fni4 = gen_shl32_ins_i32,
4447 .fniv = gen_shl_ins_vec,
4449 .opt_opc = vecop_list_sli,
4451 { .fni8 = gen_shl64_ins_i64,
4452 .fniv = gen_shl_ins_vec,
4453 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4455 .opt_opc = vecop_list_sli,
4459 static void gen_mla8_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4461 gen_helper_neon_mul_u8(a, a, b);
4462 gen_helper_neon_add_u8(d, d, a);
4465 static void gen_mls8_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4467 gen_helper_neon_mul_u8(a, a, b);
4468 gen_helper_neon_sub_u8(d, d, a);
4471 static void gen_mla16_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4473 gen_helper_neon_mul_u16(a, a, b);
4474 gen_helper_neon_add_u16(d, d, a);
4477 static void gen_mls16_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4479 gen_helper_neon_mul_u16(a, a, b);
4480 gen_helper_neon_sub_u16(d, d, a);
4483 static void gen_mla32_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4485 tcg_gen_mul_i32(a, a, b);
4486 tcg_gen_add_i32(d, d, a);
4489 static void gen_mls32_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4491 tcg_gen_mul_i32(a, a, b);
4492 tcg_gen_sub_i32(d, d, a);
4495 static void gen_mla64_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4497 tcg_gen_mul_i64(a, a, b);
4498 tcg_gen_add_i64(d, d, a);
4501 static void gen_mls64_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4503 tcg_gen_mul_i64(a, a, b);
4504 tcg_gen_sub_i64(d, d, a);
4507 static void gen_mla_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4509 tcg_gen_mul_vec(vece, a, a, b);
4510 tcg_gen_add_vec(vece, d, d, a);
4513 static void gen_mls_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4515 tcg_gen_mul_vec(vece, a, a, b);
4516 tcg_gen_sub_vec(vece, d, d, a);
4519 /* Note that while NEON does not support VMLA and VMLS as 64-bit ops,
4520 * these tables are shared with AArch64 which does support them.
4523 static const TCGOpcode vecop_list_mla[] = {
4524 INDEX_op_mul_vec, INDEX_op_add_vec, 0
4527 static const TCGOpcode vecop_list_mls[] = {
4528 INDEX_op_mul_vec, INDEX_op_sub_vec, 0
4531 const GVecGen3 mla_op[4] = {
4532 { .fni4 = gen_mla8_i32,
4533 .fniv = gen_mla_vec,
4535 .opt_opc = vecop_list_mla,
4537 { .fni4 = gen_mla16_i32,
4538 .fniv = gen_mla_vec,
4540 .opt_opc = vecop_list_mla,
4542 { .fni4 = gen_mla32_i32,
4543 .fniv = gen_mla_vec,
4545 .opt_opc = vecop_list_mla,
4547 { .fni8 = gen_mla64_i64,
4548 .fniv = gen_mla_vec,
4549 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4551 .opt_opc = vecop_list_mla,
4555 const GVecGen3 mls_op[4] = {
4556 { .fni4 = gen_mls8_i32,
4557 .fniv = gen_mls_vec,
4559 .opt_opc = vecop_list_mls,
4561 { .fni4 = gen_mls16_i32,
4562 .fniv = gen_mls_vec,
4564 .opt_opc = vecop_list_mls,
4566 { .fni4 = gen_mls32_i32,
4567 .fniv = gen_mls_vec,
4569 .opt_opc = vecop_list_mls,
4571 { .fni8 = gen_mls64_i64,
4572 .fniv = gen_mls_vec,
4573 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4575 .opt_opc = vecop_list_mls,
4579 /* CMTST : test is "if (X & Y != 0)". */
4580 static void gen_cmtst_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4582 tcg_gen_and_i32(d, a, b);
4583 tcg_gen_setcondi_i32(TCG_COND_NE, d, d, 0);
4584 tcg_gen_neg_i32(d, d);
4587 void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4589 tcg_gen_and_i64(d, a, b);
4590 tcg_gen_setcondi_i64(TCG_COND_NE, d, d, 0);
4591 tcg_gen_neg_i64(d, d);
4594 static void gen_cmtst_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4596 tcg_gen_and_vec(vece, d, a, b);
4597 tcg_gen_dupi_vec(vece, a, 0);
4598 tcg_gen_cmp_vec(TCG_COND_NE, vece, d, d, a);
4601 static const TCGOpcode vecop_list_cmtst[] = { INDEX_op_cmp_vec, 0 };
4603 const GVecGen3 cmtst_op[4] = {
4604 { .fni4 = gen_helper_neon_tst_u8,
4605 .fniv = gen_cmtst_vec,
4606 .opt_opc = vecop_list_cmtst,
4608 { .fni4 = gen_helper_neon_tst_u16,
4609 .fniv = gen_cmtst_vec,
4610 .opt_opc = vecop_list_cmtst,
4612 { .fni4 = gen_cmtst_i32,
4613 .fniv = gen_cmtst_vec,
4614 .opt_opc = vecop_list_cmtst,
4616 { .fni8 = gen_cmtst_i64,
4617 .fniv = gen_cmtst_vec,
4618 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4619 .opt_opc = vecop_list_cmtst,
4623 static void gen_uqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4624 TCGv_vec a, TCGv_vec b)
4626 TCGv_vec x = tcg_temp_new_vec_matching(t);
4627 tcg_gen_add_vec(vece, x, a, b);
4628 tcg_gen_usadd_vec(vece, t, a, b);
4629 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4630 tcg_gen_or_vec(vece, sat, sat, x);
4631 tcg_temp_free_vec(x);
4634 static const TCGOpcode vecop_list_uqadd[] = {
4635 INDEX_op_usadd_vec, INDEX_op_cmp_vec, INDEX_op_add_vec, 0
4638 const GVecGen4 uqadd_op[4] = {
4639 { .fniv = gen_uqadd_vec,
4640 .fno = gen_helper_gvec_uqadd_b,
4642 .opt_opc = vecop_list_uqadd,
4644 { .fniv = gen_uqadd_vec,
4645 .fno = gen_helper_gvec_uqadd_h,
4647 .opt_opc = vecop_list_uqadd,
4649 { .fniv = gen_uqadd_vec,
4650 .fno = gen_helper_gvec_uqadd_s,
4652 .opt_opc = vecop_list_uqadd,
4654 { .fniv = gen_uqadd_vec,
4655 .fno = gen_helper_gvec_uqadd_d,
4657 .opt_opc = vecop_list_uqadd,
4661 static void gen_sqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4662 TCGv_vec a, TCGv_vec b)
4664 TCGv_vec x = tcg_temp_new_vec_matching(t);
4665 tcg_gen_add_vec(vece, x, a, b);
4666 tcg_gen_ssadd_vec(vece, t, a, b);
4667 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4668 tcg_gen_or_vec(vece, sat, sat, x);
4669 tcg_temp_free_vec(x);
4672 static const TCGOpcode vecop_list_sqadd[] = {
4673 INDEX_op_ssadd_vec, INDEX_op_cmp_vec, INDEX_op_add_vec, 0
4676 const GVecGen4 sqadd_op[4] = {
4677 { .fniv = gen_sqadd_vec,
4678 .fno = gen_helper_gvec_sqadd_b,
4679 .opt_opc = vecop_list_sqadd,
4682 { .fniv = gen_sqadd_vec,
4683 .fno = gen_helper_gvec_sqadd_h,
4684 .opt_opc = vecop_list_sqadd,
4687 { .fniv = gen_sqadd_vec,
4688 .fno = gen_helper_gvec_sqadd_s,
4689 .opt_opc = vecop_list_sqadd,
4692 { .fniv = gen_sqadd_vec,
4693 .fno = gen_helper_gvec_sqadd_d,
4694 .opt_opc = vecop_list_sqadd,
4699 static void gen_uqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4700 TCGv_vec a, TCGv_vec b)
4702 TCGv_vec x = tcg_temp_new_vec_matching(t);
4703 tcg_gen_sub_vec(vece, x, a, b);
4704 tcg_gen_ussub_vec(vece, t, a, b);
4705 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4706 tcg_gen_or_vec(vece, sat, sat, x);
4707 tcg_temp_free_vec(x);
4710 static const TCGOpcode vecop_list_uqsub[] = {
4711 INDEX_op_ussub_vec, INDEX_op_cmp_vec, INDEX_op_sub_vec, 0
4714 const GVecGen4 uqsub_op[4] = {
4715 { .fniv = gen_uqsub_vec,
4716 .fno = gen_helper_gvec_uqsub_b,
4717 .opt_opc = vecop_list_uqsub,
4720 { .fniv = gen_uqsub_vec,
4721 .fno = gen_helper_gvec_uqsub_h,
4722 .opt_opc = vecop_list_uqsub,
4725 { .fniv = gen_uqsub_vec,
4726 .fno = gen_helper_gvec_uqsub_s,
4727 .opt_opc = vecop_list_uqsub,
4730 { .fniv = gen_uqsub_vec,
4731 .fno = gen_helper_gvec_uqsub_d,
4732 .opt_opc = vecop_list_uqsub,
4737 static void gen_sqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4738 TCGv_vec a, TCGv_vec b)
4740 TCGv_vec x = tcg_temp_new_vec_matching(t);
4741 tcg_gen_sub_vec(vece, x, a, b);
4742 tcg_gen_sssub_vec(vece, t, a, b);
4743 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4744 tcg_gen_or_vec(vece, sat, sat, x);
4745 tcg_temp_free_vec(x);
4748 static const TCGOpcode vecop_list_sqsub[] = {
4749 INDEX_op_sssub_vec, INDEX_op_cmp_vec, INDEX_op_sub_vec, 0
4752 const GVecGen4 sqsub_op[4] = {
4753 { .fniv = gen_sqsub_vec,
4754 .fno = gen_helper_gvec_sqsub_b,
4755 .opt_opc = vecop_list_sqsub,
4758 { .fniv = gen_sqsub_vec,
4759 .fno = gen_helper_gvec_sqsub_h,
4760 .opt_opc = vecop_list_sqsub,
4763 { .fniv = gen_sqsub_vec,
4764 .fno = gen_helper_gvec_sqsub_s,
4765 .opt_opc = vecop_list_sqsub,
4768 { .fniv = gen_sqsub_vec,
4769 .fno = gen_helper_gvec_sqsub_d,
4770 .opt_opc = vecop_list_sqsub,
4775 /* Translate a NEON data processing instruction. Return nonzero if the
4776 instruction is invalid.
4777 We process data in a mixture of 32-bit and 64-bit chunks.
4778 Mostly we use 32-bit chunks so we can use normal scalar instructions. */
4780 static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
4784 int rd, rn, rm, rd_ofs, rn_ofs, rm_ofs;
4793 TCGv_i32 tmp, tmp2, tmp3, tmp4, tmp5;
4794 TCGv_ptr ptr1, ptr2, ptr3;
4797 /* FIXME: this access check should not take precedence over UNDEF
4798 * for invalid encodings; we will generate incorrect syndrome information
4799 * for attempts to execute invalid vfp/neon encodings with FP disabled.
4801 if (s->fp_excp_el) {
4802 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
4803 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
4807 if (!s->vfp_enabled)
4809 q = (insn & (1 << 6)) != 0;
4810 u = (insn >> 24) & 1;
4811 VFP_DREG_D(rd, insn);
4812 VFP_DREG_N(rn, insn);
4813 VFP_DREG_M(rm, insn);
4814 size = (insn >> 20) & 3;
4815 vec_size = q ? 16 : 8;
4816 rd_ofs = neon_reg_offset(rd, 0);
4817 rn_ofs = neon_reg_offset(rn, 0);
4818 rm_ofs = neon_reg_offset(rm, 0);
4820 if ((insn & (1 << 23)) == 0) {
4821 /* Three register same length. */
4822 op = ((insn >> 7) & 0x1e) | ((insn >> 4) & 1);
4823 /* Catch invalid op and bad size combinations: UNDEF */
4824 if ((neon_3r_sizes[op] & (1 << size)) == 0) {
4827 /* All insns of this form UNDEF for either this condition or the
4828 * superset of cases "Q==1"; we catch the latter later.
4830 if (q && ((rd | rn | rm) & 1)) {
4835 /* The SHA-1/SHA-256 3-register instructions require special
4836 * treatment here, as their size field is overloaded as an
4837 * op type selector, and they all consume their input in a
4843 if (!u) { /* SHA-1 */
4844 if (!dc_isar_feature(aa32_sha1, s)) {
4847 ptr1 = vfp_reg_ptr(true, rd);
4848 ptr2 = vfp_reg_ptr(true, rn);
4849 ptr3 = vfp_reg_ptr(true, rm);
4850 tmp4 = tcg_const_i32(size);
4851 gen_helper_crypto_sha1_3reg(ptr1, ptr2, ptr3, tmp4);
4852 tcg_temp_free_i32(tmp4);
4853 } else { /* SHA-256 */
4854 if (!dc_isar_feature(aa32_sha2, s) || size == 3) {
4857 ptr1 = vfp_reg_ptr(true, rd);
4858 ptr2 = vfp_reg_ptr(true, rn);
4859 ptr3 = vfp_reg_ptr(true, rm);
4862 gen_helper_crypto_sha256h(ptr1, ptr2, ptr3);
4865 gen_helper_crypto_sha256h2(ptr1, ptr2, ptr3);
4868 gen_helper_crypto_sha256su1(ptr1, ptr2, ptr3);
4872 tcg_temp_free_ptr(ptr1);
4873 tcg_temp_free_ptr(ptr2);
4874 tcg_temp_free_ptr(ptr3);
4877 case NEON_3R_VPADD_VQRDMLAH:
4884 return do_v81_helper(s, gen_helper_gvec_qrdmlah_s16,
4887 return do_v81_helper(s, gen_helper_gvec_qrdmlah_s32,
4892 case NEON_3R_VFM_VQRDMLSH:
4903 return do_v81_helper(s, gen_helper_gvec_qrdmlsh_s16,
4906 return do_v81_helper(s, gen_helper_gvec_qrdmlsh_s32,
4911 case NEON_3R_LOGIC: /* Logic ops. */
4912 switch ((u << 2) | size) {
4914 tcg_gen_gvec_and(0, rd_ofs, rn_ofs, rm_ofs,
4915 vec_size, vec_size);
4918 tcg_gen_gvec_andc(0, rd_ofs, rn_ofs, rm_ofs,
4919 vec_size, vec_size);
4922 tcg_gen_gvec_or(0, rd_ofs, rn_ofs, rm_ofs,
4923 vec_size, vec_size);
4926 tcg_gen_gvec_orc(0, rd_ofs, rn_ofs, rm_ofs,
4927 vec_size, vec_size);
4930 tcg_gen_gvec_xor(0, rd_ofs, rn_ofs, rm_ofs,
4931 vec_size, vec_size);
4934 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rd_ofs, rn_ofs, rm_ofs,
4935 vec_size, vec_size);
4938 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rm_ofs, rn_ofs, rd_ofs,
4939 vec_size, vec_size);
4942 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rm_ofs, rd_ofs, rn_ofs,
4943 vec_size, vec_size);
4948 case NEON_3R_VADD_VSUB:
4950 tcg_gen_gvec_sub(size, rd_ofs, rn_ofs, rm_ofs,
4951 vec_size, vec_size);
4953 tcg_gen_gvec_add(size, rd_ofs, rn_ofs, rm_ofs,
4954 vec_size, vec_size);
4959 tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
4960 rn_ofs, rm_ofs, vec_size, vec_size,
4961 (u ? uqadd_op : sqadd_op) + size);
4965 tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
4966 rn_ofs, rm_ofs, vec_size, vec_size,
4967 (u ? uqsub_op : sqsub_op) + size);
4970 case NEON_3R_VMUL: /* VMUL */
4972 /* Polynomial case allows only P8 and is handled below. */
4977 tcg_gen_gvec_mul(size, rd_ofs, rn_ofs, rm_ofs,
4978 vec_size, vec_size);
4983 case NEON_3R_VML: /* VMLA, VMLS */
4984 tcg_gen_gvec_3(rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size,
4985 u ? &mls_op[size] : &mla_op[size]);
4988 case NEON_3R_VTST_VCEQ:
4990 tcg_gen_gvec_cmp(TCG_COND_EQ, size, rd_ofs, rn_ofs, rm_ofs,
4991 vec_size, vec_size);
4993 tcg_gen_gvec_3(rd_ofs, rn_ofs, rm_ofs,
4994 vec_size, vec_size, &cmtst_op[size]);
4999 tcg_gen_gvec_cmp(u ? TCG_COND_GTU : TCG_COND_GT, size,
5000 rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size);
5004 tcg_gen_gvec_cmp(u ? TCG_COND_GEU : TCG_COND_GE, size,
5005 rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size);
5010 tcg_gen_gvec_umax(size, rd_ofs, rn_ofs, rm_ofs,
5011 vec_size, vec_size);
5013 tcg_gen_gvec_smax(size, rd_ofs, rn_ofs, rm_ofs,
5014 vec_size, vec_size);
5019 tcg_gen_gvec_umin(size, rd_ofs, rn_ofs, rm_ofs,
5020 vec_size, vec_size);
5022 tcg_gen_gvec_smin(size, rd_ofs, rn_ofs, rm_ofs,
5023 vec_size, vec_size);
5029 /* 64-bit element instructions. */
5030 for (pass = 0; pass < (q ? 2 : 1); pass++) {
5031 neon_load_reg64(cpu_V0, rn + pass);
5032 neon_load_reg64(cpu_V1, rm + pass);
5036 gen_helper_neon_shl_u64(cpu_V0, cpu_V1, cpu_V0);
5038 gen_helper_neon_shl_s64(cpu_V0, cpu_V1, cpu_V0);
5043 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5046 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5052 gen_helper_neon_rshl_u64(cpu_V0, cpu_V1, cpu_V0);
5054 gen_helper_neon_rshl_s64(cpu_V0, cpu_V1, cpu_V0);
5057 case NEON_3R_VQRSHL:
5059 gen_helper_neon_qrshl_u64(cpu_V0, cpu_env,
5062 gen_helper_neon_qrshl_s64(cpu_V0, cpu_env,
5069 neon_store_reg64(cpu_V0, rd + pass);
5078 case NEON_3R_VQRSHL:
5081 /* Shift instruction operands are reversed. */
5087 case NEON_3R_VPADD_VQRDMLAH:
5092 case NEON_3R_FLOAT_ARITH:
5093 pairwise = (u && size < 2); /* if VPADD (float) */
5095 case NEON_3R_FLOAT_MINMAX:
5096 pairwise = u; /* if VPMIN/VPMAX (float) */
5098 case NEON_3R_FLOAT_CMP:
5100 /* no encoding for U=0 C=1x */
5104 case NEON_3R_FLOAT_ACMP:
5109 case NEON_3R_FLOAT_MISC:
5110 /* VMAXNM/VMINNM in ARMv8 */
5111 if (u && !arm_dc_feature(s, ARM_FEATURE_V8)) {
5115 case NEON_3R_VFM_VQRDMLSH:
5116 if (!arm_dc_feature(s, ARM_FEATURE_VFP4)) {
5124 if (pairwise && q) {
5125 /* All the pairwise insns UNDEF if Q is set */
5129 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5134 tmp = neon_load_reg(rn, 0);
5135 tmp2 = neon_load_reg(rn, 1);
5137 tmp = neon_load_reg(rm, 0);
5138 tmp2 = neon_load_reg(rm, 1);
5142 tmp = neon_load_reg(rn, pass);
5143 tmp2 = neon_load_reg(rm, pass);
5147 GEN_NEON_INTEGER_OP(hadd);
5149 case NEON_3R_VRHADD:
5150 GEN_NEON_INTEGER_OP(rhadd);
5153 GEN_NEON_INTEGER_OP(hsub);
5156 GEN_NEON_INTEGER_OP(shl);
5159 GEN_NEON_INTEGER_OP_ENV(qshl);
5162 GEN_NEON_INTEGER_OP(rshl);
5164 case NEON_3R_VQRSHL:
5165 GEN_NEON_INTEGER_OP_ENV(qrshl);
5168 GEN_NEON_INTEGER_OP(abd);
5171 GEN_NEON_INTEGER_OP(abd);
5172 tcg_temp_free_i32(tmp2);
5173 tmp2 = neon_load_reg(rd, pass);
5174 gen_neon_add(size, tmp, tmp2);
5177 /* VMUL.P8; other cases already eliminated. */
5178 gen_helper_neon_mul_p8(tmp, tmp, tmp2);
5181 GEN_NEON_INTEGER_OP(pmax);
5184 GEN_NEON_INTEGER_OP(pmin);
5186 case NEON_3R_VQDMULH_VQRDMULH: /* Multiply high. */
5187 if (!u) { /* VQDMULH */
5190 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
5193 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
5197 } else { /* VQRDMULH */
5200 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
5203 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
5209 case NEON_3R_VPADD_VQRDMLAH:
5211 case 0: gen_helper_neon_padd_u8(tmp, tmp, tmp2); break;
5212 case 1: gen_helper_neon_padd_u16(tmp, tmp, tmp2); break;
5213 case 2: tcg_gen_add_i32(tmp, tmp, tmp2); break;
5217 case NEON_3R_FLOAT_ARITH: /* Floating point arithmetic. */
5219 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5220 switch ((u << 2) | size) {
5223 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
5226 gen_helper_vfp_subs(tmp, tmp, tmp2, fpstatus);
5229 gen_helper_neon_abd_f32(tmp, tmp, tmp2, fpstatus);
5234 tcg_temp_free_ptr(fpstatus);
5237 case NEON_3R_FLOAT_MULTIPLY:
5239 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5240 gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
5242 tcg_temp_free_i32(tmp2);
5243 tmp2 = neon_load_reg(rd, pass);
5245 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
5247 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
5250 tcg_temp_free_ptr(fpstatus);
5253 case NEON_3R_FLOAT_CMP:
5255 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5257 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
5260 gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
5262 gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
5265 tcg_temp_free_ptr(fpstatus);
5268 case NEON_3R_FLOAT_ACMP:
5270 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5272 gen_helper_neon_acge_f32(tmp, tmp, tmp2, fpstatus);
5274 gen_helper_neon_acgt_f32(tmp, tmp, tmp2, fpstatus);
5276 tcg_temp_free_ptr(fpstatus);
5279 case NEON_3R_FLOAT_MINMAX:
5281 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5283 gen_helper_vfp_maxs(tmp, tmp, tmp2, fpstatus);
5285 gen_helper_vfp_mins(tmp, tmp, tmp2, fpstatus);
5287 tcg_temp_free_ptr(fpstatus);
5290 case NEON_3R_FLOAT_MISC:
5293 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5295 gen_helper_vfp_maxnums(tmp, tmp, tmp2, fpstatus);
5297 gen_helper_vfp_minnums(tmp, tmp, tmp2, fpstatus);
5299 tcg_temp_free_ptr(fpstatus);
5302 gen_helper_recps_f32(tmp, tmp, tmp2, cpu_env);
5304 gen_helper_rsqrts_f32(tmp, tmp, tmp2, cpu_env);
5308 case NEON_3R_VFM_VQRDMLSH:
5310 /* VFMA, VFMS: fused multiply-add */
5311 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5312 TCGv_i32 tmp3 = neon_load_reg(rd, pass);
5315 gen_helper_vfp_negs(tmp, tmp);
5317 gen_helper_vfp_muladds(tmp, tmp, tmp2, tmp3, fpstatus);
5318 tcg_temp_free_i32(tmp3);
5319 tcg_temp_free_ptr(fpstatus);
5325 tcg_temp_free_i32(tmp2);
5327 /* Save the result. For elementwise operations we can put it
5328 straight into the destination register. For pairwise operations
5329 we have to be careful to avoid clobbering the source operands. */
5330 if (pairwise && rd == rm) {
5331 neon_store_scratch(pass, tmp);
5333 neon_store_reg(rd, pass, tmp);
5337 if (pairwise && rd == rm) {
5338 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5339 tmp = neon_load_scratch(pass);
5340 neon_store_reg(rd, pass, tmp);
5343 /* End of 3 register same size operations. */
5344 } else if (insn & (1 << 4)) {
5345 if ((insn & 0x00380080) != 0) {
5346 /* Two registers and shift. */
5347 op = (insn >> 8) & 0xf;
5348 if (insn & (1 << 7)) {
5356 while ((insn & (1 << (size + 19))) == 0)
5359 shift = (insn >> 16) & ((1 << (3 + size)) - 1);
5361 /* Shift by immediate:
5362 VSHR, VSRA, VRSHR, VRSRA, VSRI, VSHL, VQSHL, VQSHLU. */
5363 if (q && ((rd | rm) & 1)) {
5366 if (!u && (op == 4 || op == 6)) {
5369 /* Right shifts are encoded as N - shift, where N is the
5370 element size in bits. */
5372 shift = shift - (1 << (size + 3));
5377 /* Right shift comes here negative. */
5379 /* Shifts larger than the element size are architecturally
5380 * valid. Unsigned results in all zeros; signed results
5384 tcg_gen_gvec_sari(size, rd_ofs, rm_ofs,
5385 MIN(shift, (8 << size) - 1),
5386 vec_size, vec_size);
5387 } else if (shift >= 8 << size) {
5388 tcg_gen_gvec_dup8i(rd_ofs, vec_size, vec_size, 0);
5390 tcg_gen_gvec_shri(size, rd_ofs, rm_ofs, shift,
5391 vec_size, vec_size);
5396 /* Right shift comes here negative. */
5398 /* Shifts larger than the element size are architecturally
5399 * valid. Unsigned results in all zeros; signed results
5403 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5404 MIN(shift, (8 << size) - 1),
5406 } else if (shift >= 8 << size) {
5409 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5410 shift, &usra_op[size]);
5418 /* Right shift comes here negative. */
5420 /* Shift out of range leaves destination unchanged. */
5421 if (shift < 8 << size) {
5422 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5423 shift, &sri_op[size]);
5427 case 5: /* VSHL, VSLI */
5429 /* Shift out of range leaves destination unchanged. */
5430 if (shift < 8 << size) {
5431 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size,
5432 vec_size, shift, &sli_op[size]);
5435 /* Shifts larger than the element size are
5436 * architecturally valid and results in zero.
5438 if (shift >= 8 << size) {
5439 tcg_gen_gvec_dup8i(rd_ofs, vec_size, vec_size, 0);
5441 tcg_gen_gvec_shli(size, rd_ofs, rm_ofs, shift,
5442 vec_size, vec_size);
5454 /* To avoid excessive duplication of ops we implement shift
5455 * by immediate using the variable shift operations.
5457 imm = dup_const(size, shift);
5459 for (pass = 0; pass < count; pass++) {
5461 neon_load_reg64(cpu_V0, rm + pass);
5462 tcg_gen_movi_i64(cpu_V1, imm);
5467 gen_helper_neon_rshl_u64(cpu_V0, cpu_V0, cpu_V1);
5469 gen_helper_neon_rshl_s64(cpu_V0, cpu_V0, cpu_V1);
5471 case 6: /* VQSHLU */
5472 gen_helper_neon_qshlu_s64(cpu_V0, cpu_env,
5477 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5480 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5485 g_assert_not_reached();
5489 neon_load_reg64(cpu_V1, rd + pass);
5490 tcg_gen_add_i64(cpu_V0, cpu_V0, cpu_V1);
5492 neon_store_reg64(cpu_V0, rd + pass);
5493 } else { /* size < 3 */
5494 /* Operands in T0 and T1. */
5495 tmp = neon_load_reg(rm, pass);
5496 tmp2 = tcg_temp_new_i32();
5497 tcg_gen_movi_i32(tmp2, imm);
5501 GEN_NEON_INTEGER_OP(rshl);
5503 case 6: /* VQSHLU */
5506 gen_helper_neon_qshlu_s8(tmp, cpu_env,
5510 gen_helper_neon_qshlu_s16(tmp, cpu_env,
5514 gen_helper_neon_qshlu_s32(tmp, cpu_env,
5522 GEN_NEON_INTEGER_OP_ENV(qshl);
5525 g_assert_not_reached();
5527 tcg_temp_free_i32(tmp2);
5531 tmp2 = neon_load_reg(rd, pass);
5532 gen_neon_add(size, tmp, tmp2);
5533 tcg_temp_free_i32(tmp2);
5535 neon_store_reg(rd, pass, tmp);
5538 } else if (op < 10) {
5539 /* Shift by immediate and narrow:
5540 VSHRN, VRSHRN, VQSHRN, VQRSHRN. */
5541 int input_unsigned = (op == 8) ? !u : u;
5545 shift = shift - (1 << (size + 3));
5548 tmp64 = tcg_const_i64(shift);
5549 neon_load_reg64(cpu_V0, rm);
5550 neon_load_reg64(cpu_V1, rm + 1);
5551 for (pass = 0; pass < 2; pass++) {
5559 if (input_unsigned) {
5560 gen_helper_neon_rshl_u64(cpu_V0, in, tmp64);
5562 gen_helper_neon_rshl_s64(cpu_V0, in, tmp64);
5565 if (input_unsigned) {
5566 gen_helper_neon_shl_u64(cpu_V0, in, tmp64);
5568 gen_helper_neon_shl_s64(cpu_V0, in, tmp64);
5571 tmp = tcg_temp_new_i32();
5572 gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
5573 neon_store_reg(rd, pass, tmp);
5575 tcg_temp_free_i64(tmp64);
5578 imm = (uint16_t)shift;
5582 imm = (uint32_t)shift;
5584 tmp2 = tcg_const_i32(imm);
5585 tmp4 = neon_load_reg(rm + 1, 0);
5586 tmp5 = neon_load_reg(rm + 1, 1);
5587 for (pass = 0; pass < 2; pass++) {
5589 tmp = neon_load_reg(rm, 0);
5593 gen_neon_shift_narrow(size, tmp, tmp2, q,
5596 tmp3 = neon_load_reg(rm, 1);
5600 gen_neon_shift_narrow(size, tmp3, tmp2, q,
5602 tcg_gen_concat_i32_i64(cpu_V0, tmp, tmp3);
5603 tcg_temp_free_i32(tmp);
5604 tcg_temp_free_i32(tmp3);
5605 tmp = tcg_temp_new_i32();
5606 gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
5607 neon_store_reg(rd, pass, tmp);
5609 tcg_temp_free_i32(tmp2);
5611 } else if (op == 10) {
5613 if (q || (rd & 1)) {
5616 tmp = neon_load_reg(rm, 0);
5617 tmp2 = neon_load_reg(rm, 1);
5618 for (pass = 0; pass < 2; pass++) {
5622 gen_neon_widen(cpu_V0, tmp, size, u);
5625 /* The shift is less than the width of the source
5626 type, so we can just shift the whole register. */
5627 tcg_gen_shli_i64(cpu_V0, cpu_V0, shift);
5628 /* Widen the result of shift: we need to clear
5629 * the potential overflow bits resulting from
5630 * left bits of the narrow input appearing as
5631 * right bits of left the neighbour narrow
5633 if (size < 2 || !u) {
5636 imm = (0xffu >> (8 - shift));
5638 } else if (size == 1) {
5639 imm = 0xffff >> (16 - shift);
5642 imm = 0xffffffff >> (32 - shift);
5645 imm64 = imm | (((uint64_t)imm) << 32);
5649 tcg_gen_andi_i64(cpu_V0, cpu_V0, ~imm64);
5652 neon_store_reg64(cpu_V0, rd + pass);
5654 } else if (op >= 14) {
5655 /* VCVT fixed-point. */
5658 VFPGenFixPointFn *fn;
5660 if (!(insn & (1 << 21)) || (q && ((rd | rm) & 1))) {
5666 fn = gen_helper_vfp_ultos;
5668 fn = gen_helper_vfp_sltos;
5672 fn = gen_helper_vfp_touls_round_to_zero;
5674 fn = gen_helper_vfp_tosls_round_to_zero;
5678 /* We have already masked out the must-be-1 top bit of imm6,
5679 * hence this 32-shift where the ARM ARM has 64-imm6.
5682 fpst = get_fpstatus_ptr(1);
5683 shiftv = tcg_const_i32(shift);
5684 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5685 TCGv_i32 tmpf = neon_load_reg(rm, pass);
5686 fn(tmpf, tmpf, shiftv, fpst);
5687 neon_store_reg(rd, pass, tmpf);
5689 tcg_temp_free_ptr(fpst);
5690 tcg_temp_free_i32(shiftv);
5694 } else { /* (insn & 0x00380080) == 0 */
5695 int invert, reg_ofs, vec_size;
5697 if (q && (rd & 1)) {
5701 op = (insn >> 8) & 0xf;
5702 /* One register and immediate. */
5703 imm = (u << 7) | ((insn >> 12) & 0x70) | (insn & 0xf);
5704 invert = (insn & (1 << 5)) != 0;
5705 /* Note that op = 2,3,4,5,6,7,10,11,12,13 imm=0 is UNPREDICTABLE.
5706 * We choose to not special-case this and will behave as if a
5707 * valid constant encoding of 0 had been given.
5726 imm = (imm << 8) | (imm << 24);
5729 imm = (imm << 8) | 0xff;
5732 imm = (imm << 16) | 0xffff;
5735 imm |= (imm << 8) | (imm << 16) | (imm << 24);
5744 imm = ((imm & 0x80) << 24) | ((imm & 0x3f) << 19)
5745 | ((imm & 0x40) ? (0x1f << 25) : (1 << 30));
5752 reg_ofs = neon_reg_offset(rd, 0);
5753 vec_size = q ? 16 : 8;
5755 if (op & 1 && op < 12) {
5757 /* The immediate value has already been inverted,
5758 * so BIC becomes AND.
5760 tcg_gen_gvec_andi(MO_32, reg_ofs, reg_ofs, imm,
5761 vec_size, vec_size);
5763 tcg_gen_gvec_ori(MO_32, reg_ofs, reg_ofs, imm,
5764 vec_size, vec_size);
5768 if (op == 14 && invert) {
5769 TCGv_i64 t64 = tcg_temp_new_i64();
5771 for (pass = 0; pass <= q; ++pass) {
5775 for (n = 0; n < 8; n++) {
5776 if (imm & (1 << (n + pass * 8))) {
5777 val |= 0xffull << (n * 8);
5780 tcg_gen_movi_i64(t64, val);
5781 neon_store_reg64(t64, rd + pass);
5783 tcg_temp_free_i64(t64);
5785 tcg_gen_gvec_dup32i(reg_ofs, vec_size, vec_size, imm);
5789 } else { /* (insn & 0x00800010 == 0x00800000) */
5791 op = (insn >> 8) & 0xf;
5792 if ((insn & (1 << 6)) == 0) {
5793 /* Three registers of different lengths. */
5797 /* undefreq: bit 0 : UNDEF if size == 0
5798 * bit 1 : UNDEF if size == 1
5799 * bit 2 : UNDEF if size == 2
5800 * bit 3 : UNDEF if U == 1
5801 * Note that [2:0] set implies 'always UNDEF'
5804 /* prewiden, src1_wide, src2_wide, undefreq */
5805 static const int neon_3reg_wide[16][4] = {
5806 {1, 0, 0, 0}, /* VADDL */
5807 {1, 1, 0, 0}, /* VADDW */
5808 {1, 0, 0, 0}, /* VSUBL */
5809 {1, 1, 0, 0}, /* VSUBW */
5810 {0, 1, 1, 0}, /* VADDHN */
5811 {0, 0, 0, 0}, /* VABAL */
5812 {0, 1, 1, 0}, /* VSUBHN */
5813 {0, 0, 0, 0}, /* VABDL */
5814 {0, 0, 0, 0}, /* VMLAL */
5815 {0, 0, 0, 9}, /* VQDMLAL */
5816 {0, 0, 0, 0}, /* VMLSL */
5817 {0, 0, 0, 9}, /* VQDMLSL */
5818 {0, 0, 0, 0}, /* Integer VMULL */
5819 {0, 0, 0, 1}, /* VQDMULL */
5820 {0, 0, 0, 0xa}, /* Polynomial VMULL */
5821 {0, 0, 0, 7}, /* Reserved: always UNDEF */
5824 prewiden = neon_3reg_wide[op][0];
5825 src1_wide = neon_3reg_wide[op][1];
5826 src2_wide = neon_3reg_wide[op][2];
5827 undefreq = neon_3reg_wide[op][3];
5829 if ((undefreq & (1 << size)) ||
5830 ((undefreq & 8) && u)) {
5833 if ((src1_wide && (rn & 1)) ||
5834 (src2_wide && (rm & 1)) ||
5835 (!src2_wide && (rd & 1))) {
5839 /* Handle VMULL.P64 (Polynomial 64x64 to 128 bit multiply)
5840 * outside the loop below as it only performs a single pass.
5842 if (op == 14 && size == 2) {
5843 TCGv_i64 tcg_rn, tcg_rm, tcg_rd;
5845 if (!dc_isar_feature(aa32_pmull, s)) {
5848 tcg_rn = tcg_temp_new_i64();
5849 tcg_rm = tcg_temp_new_i64();
5850 tcg_rd = tcg_temp_new_i64();
5851 neon_load_reg64(tcg_rn, rn);
5852 neon_load_reg64(tcg_rm, rm);
5853 gen_helper_neon_pmull_64_lo(tcg_rd, tcg_rn, tcg_rm);
5854 neon_store_reg64(tcg_rd, rd);
5855 gen_helper_neon_pmull_64_hi(tcg_rd, tcg_rn, tcg_rm);
5856 neon_store_reg64(tcg_rd, rd + 1);
5857 tcg_temp_free_i64(tcg_rn);
5858 tcg_temp_free_i64(tcg_rm);
5859 tcg_temp_free_i64(tcg_rd);
5863 /* Avoid overlapping operands. Wide source operands are
5864 always aligned so will never overlap with wide
5865 destinations in problematic ways. */
5866 if (rd == rm && !src2_wide) {
5867 tmp = neon_load_reg(rm, 1);
5868 neon_store_scratch(2, tmp);
5869 } else if (rd == rn && !src1_wide) {
5870 tmp = neon_load_reg(rn, 1);
5871 neon_store_scratch(2, tmp);
5874 for (pass = 0; pass < 2; pass++) {
5876 neon_load_reg64(cpu_V0, rn + pass);
5879 if (pass == 1 && rd == rn) {
5880 tmp = neon_load_scratch(2);
5882 tmp = neon_load_reg(rn, pass);
5885 gen_neon_widen(cpu_V0, tmp, size, u);
5889 neon_load_reg64(cpu_V1, rm + pass);
5892 if (pass == 1 && rd == rm) {
5893 tmp2 = neon_load_scratch(2);
5895 tmp2 = neon_load_reg(rm, pass);
5898 gen_neon_widen(cpu_V1, tmp2, size, u);
5902 case 0: case 1: case 4: /* VADDL, VADDW, VADDHN, VRADDHN */
5903 gen_neon_addl(size);
5905 case 2: case 3: case 6: /* VSUBL, VSUBW, VSUBHN, VRSUBHN */
5906 gen_neon_subl(size);
5908 case 5: case 7: /* VABAL, VABDL */
5909 switch ((size << 1) | u) {
5911 gen_helper_neon_abdl_s16(cpu_V0, tmp, tmp2);
5914 gen_helper_neon_abdl_u16(cpu_V0, tmp, tmp2);
5917 gen_helper_neon_abdl_s32(cpu_V0, tmp, tmp2);
5920 gen_helper_neon_abdl_u32(cpu_V0, tmp, tmp2);
5923 gen_helper_neon_abdl_s64(cpu_V0, tmp, tmp2);
5926 gen_helper_neon_abdl_u64(cpu_V0, tmp, tmp2);
5930 tcg_temp_free_i32(tmp2);
5931 tcg_temp_free_i32(tmp);
5933 case 8: case 9: case 10: case 11: case 12: case 13:
5934 /* VMLAL, VQDMLAL, VMLSL, VQDMLSL, VMULL, VQDMULL */
5935 gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
5937 case 14: /* Polynomial VMULL */
5938 gen_helper_neon_mull_p8(cpu_V0, tmp, tmp2);
5939 tcg_temp_free_i32(tmp2);
5940 tcg_temp_free_i32(tmp);
5942 default: /* 15 is RESERVED: caught earlier */
5947 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
5948 neon_store_reg64(cpu_V0, rd + pass);
5949 } else if (op == 5 || (op >= 8 && op <= 11)) {
5951 neon_load_reg64(cpu_V1, rd + pass);
5953 case 10: /* VMLSL */
5954 gen_neon_negl(cpu_V0, size);
5956 case 5: case 8: /* VABAL, VMLAL */
5957 gen_neon_addl(size);
5959 case 9: case 11: /* VQDMLAL, VQDMLSL */
5960 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
5962 gen_neon_negl(cpu_V0, size);
5964 gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
5969 neon_store_reg64(cpu_V0, rd + pass);
5970 } else if (op == 4 || op == 6) {
5971 /* Narrowing operation. */
5972 tmp = tcg_temp_new_i32();
5976 gen_helper_neon_narrow_high_u8(tmp, cpu_V0);
5979 gen_helper_neon_narrow_high_u16(tmp, cpu_V0);
5982 tcg_gen_extrh_i64_i32(tmp, cpu_V0);
5989 gen_helper_neon_narrow_round_high_u8(tmp, cpu_V0);
5992 gen_helper_neon_narrow_round_high_u16(tmp, cpu_V0);
5995 tcg_gen_addi_i64(cpu_V0, cpu_V0, 1u << 31);
5996 tcg_gen_extrh_i64_i32(tmp, cpu_V0);
6004 neon_store_reg(rd, 0, tmp3);
6005 neon_store_reg(rd, 1, tmp);
6008 /* Write back the result. */
6009 neon_store_reg64(cpu_V0, rd + pass);
6013 /* Two registers and a scalar. NB that for ops of this form
6014 * the ARM ARM labels bit 24 as Q, but it is in our variable
6021 case 1: /* Float VMLA scalar */
6022 case 5: /* Floating point VMLS scalar */
6023 case 9: /* Floating point VMUL scalar */
6028 case 0: /* Integer VMLA scalar */
6029 case 4: /* Integer VMLS scalar */
6030 case 8: /* Integer VMUL scalar */
6031 case 12: /* VQDMULH scalar */
6032 case 13: /* VQRDMULH scalar */
6033 if (u && ((rd | rn) & 1)) {
6036 tmp = neon_get_scalar(size, rm);
6037 neon_store_scratch(0, tmp);
6038 for (pass = 0; pass < (u ? 4 : 2); pass++) {
6039 tmp = neon_load_scratch(0);
6040 tmp2 = neon_load_reg(rn, pass);
6043 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
6045 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
6047 } else if (op == 13) {
6049 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
6051 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
6053 } else if (op & 1) {
6054 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6055 gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
6056 tcg_temp_free_ptr(fpstatus);
6059 case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
6060 case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
6061 case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
6065 tcg_temp_free_i32(tmp2);
6068 tmp2 = neon_load_reg(rd, pass);
6071 gen_neon_add(size, tmp, tmp2);
6075 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6076 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
6077 tcg_temp_free_ptr(fpstatus);
6081 gen_neon_rsb(size, tmp, tmp2);
6085 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6086 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
6087 tcg_temp_free_ptr(fpstatus);
6093 tcg_temp_free_i32(tmp2);
6095 neon_store_reg(rd, pass, tmp);
6098 case 3: /* VQDMLAL scalar */
6099 case 7: /* VQDMLSL scalar */
6100 case 11: /* VQDMULL scalar */
6105 case 2: /* VMLAL sclar */
6106 case 6: /* VMLSL scalar */
6107 case 10: /* VMULL scalar */
6111 tmp2 = neon_get_scalar(size, rm);
6112 /* We need a copy of tmp2 because gen_neon_mull
6113 * deletes it during pass 0. */
6114 tmp4 = tcg_temp_new_i32();
6115 tcg_gen_mov_i32(tmp4, tmp2);
6116 tmp3 = neon_load_reg(rn, 1);
6118 for (pass = 0; pass < 2; pass++) {
6120 tmp = neon_load_reg(rn, 0);
6125 gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
6127 neon_load_reg64(cpu_V1, rd + pass);
6131 gen_neon_negl(cpu_V0, size);
6134 gen_neon_addl(size);
6137 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6139 gen_neon_negl(cpu_V0, size);
6141 gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
6147 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6152 neon_store_reg64(cpu_V0, rd + pass);
6155 case 14: /* VQRDMLAH scalar */
6156 case 15: /* VQRDMLSH scalar */
6158 NeonGenThreeOpEnvFn *fn;
6160 if (!dc_isar_feature(aa32_rdm, s)) {
6163 if (u && ((rd | rn) & 1)) {
6168 fn = gen_helper_neon_qrdmlah_s16;
6170 fn = gen_helper_neon_qrdmlah_s32;
6174 fn = gen_helper_neon_qrdmlsh_s16;
6176 fn = gen_helper_neon_qrdmlsh_s32;
6180 tmp2 = neon_get_scalar(size, rm);
6181 for (pass = 0; pass < (u ? 4 : 2); pass++) {
6182 tmp = neon_load_reg(rn, pass);
6183 tmp3 = neon_load_reg(rd, pass);
6184 fn(tmp, cpu_env, tmp, tmp2, tmp3);
6185 tcg_temp_free_i32(tmp3);
6186 neon_store_reg(rd, pass, tmp);
6188 tcg_temp_free_i32(tmp2);
6192 g_assert_not_reached();
6195 } else { /* size == 3 */
6198 imm = (insn >> 8) & 0xf;
6203 if (q && ((rd | rn | rm) & 1)) {
6208 neon_load_reg64(cpu_V0, rn);
6210 neon_load_reg64(cpu_V1, rn + 1);
6212 } else if (imm == 8) {
6213 neon_load_reg64(cpu_V0, rn + 1);
6215 neon_load_reg64(cpu_V1, rm);
6218 tmp64 = tcg_temp_new_i64();
6220 neon_load_reg64(cpu_V0, rn);
6221 neon_load_reg64(tmp64, rn + 1);
6223 neon_load_reg64(cpu_V0, rn + 1);
6224 neon_load_reg64(tmp64, rm);
6226 tcg_gen_shri_i64(cpu_V0, cpu_V0, (imm & 7) * 8);
6227 tcg_gen_shli_i64(cpu_V1, tmp64, 64 - ((imm & 7) * 8));
6228 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6230 neon_load_reg64(cpu_V1, rm);
6232 neon_load_reg64(cpu_V1, rm + 1);
6235 tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6236 tcg_gen_shri_i64(tmp64, tmp64, imm * 8);
6237 tcg_gen_or_i64(cpu_V1, cpu_V1, tmp64);
6238 tcg_temp_free_i64(tmp64);
6241 neon_load_reg64(cpu_V0, rn);
6242 tcg_gen_shri_i64(cpu_V0, cpu_V0, imm * 8);
6243 neon_load_reg64(cpu_V1, rm);
6244 tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6245 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6247 neon_store_reg64(cpu_V0, rd);
6249 neon_store_reg64(cpu_V1, rd + 1);
6251 } else if ((insn & (1 << 11)) == 0) {
6252 /* Two register misc. */
6253 op = ((insn >> 12) & 0x30) | ((insn >> 7) & 0xf);
6254 size = (insn >> 18) & 3;
6255 /* UNDEF for unknown op values and bad op-size combinations */
6256 if ((neon_2rm_sizes[op] & (1 << size)) == 0) {
6259 if (neon_2rm_is_v8_op(op) &&
6260 !arm_dc_feature(s, ARM_FEATURE_V8)) {
6263 if ((op != NEON_2RM_VMOVN && op != NEON_2RM_VQMOVN) &&
6264 q && ((rm | rd) & 1)) {
6268 case NEON_2RM_VREV64:
6269 for (pass = 0; pass < (q ? 2 : 1); pass++) {
6270 tmp = neon_load_reg(rm, pass * 2);
6271 tmp2 = neon_load_reg(rm, pass * 2 + 1);
6273 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
6274 case 1: gen_swap_half(tmp); break;
6275 case 2: /* no-op */ break;
6278 neon_store_reg(rd, pass * 2 + 1, tmp);
6280 neon_store_reg(rd, pass * 2, tmp2);
6283 case 0: tcg_gen_bswap32_i32(tmp2, tmp2); break;
6284 case 1: gen_swap_half(tmp2); break;
6287 neon_store_reg(rd, pass * 2, tmp2);
6291 case NEON_2RM_VPADDL: case NEON_2RM_VPADDL_U:
6292 case NEON_2RM_VPADAL: case NEON_2RM_VPADAL_U:
6293 for (pass = 0; pass < q + 1; pass++) {
6294 tmp = neon_load_reg(rm, pass * 2);
6295 gen_neon_widen(cpu_V0, tmp, size, op & 1);
6296 tmp = neon_load_reg(rm, pass * 2 + 1);
6297 gen_neon_widen(cpu_V1, tmp, size, op & 1);
6299 case 0: gen_helper_neon_paddl_u16(CPU_V001); break;
6300 case 1: gen_helper_neon_paddl_u32(CPU_V001); break;
6301 case 2: tcg_gen_add_i64(CPU_V001); break;
6304 if (op >= NEON_2RM_VPADAL) {
6306 neon_load_reg64(cpu_V1, rd + pass);
6307 gen_neon_addl(size);
6309 neon_store_reg64(cpu_V0, rd + pass);
6315 for (n = 0; n < (q ? 4 : 2); n += 2) {
6316 tmp = neon_load_reg(rm, n);
6317 tmp2 = neon_load_reg(rd, n + 1);
6318 neon_store_reg(rm, n, tmp2);
6319 neon_store_reg(rd, n + 1, tmp);
6326 if (gen_neon_unzip(rd, rm, size, q)) {
6331 if (gen_neon_zip(rd, rm, size, q)) {
6335 case NEON_2RM_VMOVN: case NEON_2RM_VQMOVN:
6336 /* also VQMOVUN; op field and mnemonics don't line up */
6341 for (pass = 0; pass < 2; pass++) {
6342 neon_load_reg64(cpu_V0, rm + pass);
6343 tmp = tcg_temp_new_i32();
6344 gen_neon_narrow_op(op == NEON_2RM_VMOVN, q, size,
6349 neon_store_reg(rd, 0, tmp2);
6350 neon_store_reg(rd, 1, tmp);
6354 case NEON_2RM_VSHLL:
6355 if (q || (rd & 1)) {
6358 tmp = neon_load_reg(rm, 0);
6359 tmp2 = neon_load_reg(rm, 1);
6360 for (pass = 0; pass < 2; pass++) {
6363 gen_neon_widen(cpu_V0, tmp, size, 1);
6364 tcg_gen_shli_i64(cpu_V0, cpu_V0, 8 << size);
6365 neon_store_reg64(cpu_V0, rd + pass);
6368 case NEON_2RM_VCVT_F16_F32:
6373 if (!dc_isar_feature(aa32_fp16_spconv, s) ||
6377 fpst = get_fpstatus_ptr(true);
6378 ahp = get_ahp_flag();
6379 tmp = neon_load_reg(rm, 0);
6380 gen_helper_vfp_fcvt_f32_to_f16(tmp, tmp, fpst, ahp);
6381 tmp2 = neon_load_reg(rm, 1);
6382 gen_helper_vfp_fcvt_f32_to_f16(tmp2, tmp2, fpst, ahp);
6383 tcg_gen_shli_i32(tmp2, tmp2, 16);
6384 tcg_gen_or_i32(tmp2, tmp2, tmp);
6385 tcg_temp_free_i32(tmp);
6386 tmp = neon_load_reg(rm, 2);
6387 gen_helper_vfp_fcvt_f32_to_f16(tmp, tmp, fpst, ahp);
6388 tmp3 = neon_load_reg(rm, 3);
6389 neon_store_reg(rd, 0, tmp2);
6390 gen_helper_vfp_fcvt_f32_to_f16(tmp3, tmp3, fpst, ahp);
6391 tcg_gen_shli_i32(tmp3, tmp3, 16);
6392 tcg_gen_or_i32(tmp3, tmp3, tmp);
6393 neon_store_reg(rd, 1, tmp3);
6394 tcg_temp_free_i32(tmp);
6395 tcg_temp_free_i32(ahp);
6396 tcg_temp_free_ptr(fpst);
6399 case NEON_2RM_VCVT_F32_F16:
6403 if (!dc_isar_feature(aa32_fp16_spconv, s) ||
6407 fpst = get_fpstatus_ptr(true);
6408 ahp = get_ahp_flag();
6409 tmp3 = tcg_temp_new_i32();
6410 tmp = neon_load_reg(rm, 0);
6411 tmp2 = neon_load_reg(rm, 1);
6412 tcg_gen_ext16u_i32(tmp3, tmp);
6413 gen_helper_vfp_fcvt_f16_to_f32(tmp3, tmp3, fpst, ahp);
6414 neon_store_reg(rd, 0, tmp3);
6415 tcg_gen_shri_i32(tmp, tmp, 16);
6416 gen_helper_vfp_fcvt_f16_to_f32(tmp, tmp, fpst, ahp);
6417 neon_store_reg(rd, 1, tmp);
6418 tmp3 = tcg_temp_new_i32();
6419 tcg_gen_ext16u_i32(tmp3, tmp2);
6420 gen_helper_vfp_fcvt_f16_to_f32(tmp3, tmp3, fpst, ahp);
6421 neon_store_reg(rd, 2, tmp3);
6422 tcg_gen_shri_i32(tmp2, tmp2, 16);
6423 gen_helper_vfp_fcvt_f16_to_f32(tmp2, tmp2, fpst, ahp);
6424 neon_store_reg(rd, 3, tmp2);
6425 tcg_temp_free_i32(ahp);
6426 tcg_temp_free_ptr(fpst);
6429 case NEON_2RM_AESE: case NEON_2RM_AESMC:
6430 if (!dc_isar_feature(aa32_aes, s) || ((rm | rd) & 1)) {
6433 ptr1 = vfp_reg_ptr(true, rd);
6434 ptr2 = vfp_reg_ptr(true, rm);
6436 /* Bit 6 is the lowest opcode bit; it distinguishes between
6437 * encryption (AESE/AESMC) and decryption (AESD/AESIMC)
6439 tmp3 = tcg_const_i32(extract32(insn, 6, 1));
6441 if (op == NEON_2RM_AESE) {
6442 gen_helper_crypto_aese(ptr1, ptr2, tmp3);
6444 gen_helper_crypto_aesmc(ptr1, ptr2, tmp3);
6446 tcg_temp_free_ptr(ptr1);
6447 tcg_temp_free_ptr(ptr2);
6448 tcg_temp_free_i32(tmp3);
6450 case NEON_2RM_SHA1H:
6451 if (!dc_isar_feature(aa32_sha1, s) || ((rm | rd) & 1)) {
6454 ptr1 = vfp_reg_ptr(true, rd);
6455 ptr2 = vfp_reg_ptr(true, rm);
6457 gen_helper_crypto_sha1h(ptr1, ptr2);
6459 tcg_temp_free_ptr(ptr1);
6460 tcg_temp_free_ptr(ptr2);
6462 case NEON_2RM_SHA1SU1:
6463 if ((rm | rd) & 1) {
6466 /* bit 6 (q): set -> SHA256SU0, cleared -> SHA1SU1 */
6468 if (!dc_isar_feature(aa32_sha2, s)) {
6471 } else if (!dc_isar_feature(aa32_sha1, s)) {
6474 ptr1 = vfp_reg_ptr(true, rd);
6475 ptr2 = vfp_reg_ptr(true, rm);
6477 gen_helper_crypto_sha256su0(ptr1, ptr2);
6479 gen_helper_crypto_sha1su1(ptr1, ptr2);
6481 tcg_temp_free_ptr(ptr1);
6482 tcg_temp_free_ptr(ptr2);
6486 tcg_gen_gvec_not(0, rd_ofs, rm_ofs, vec_size, vec_size);
6489 tcg_gen_gvec_neg(size, rd_ofs, rm_ofs, vec_size, vec_size);
6492 tcg_gen_gvec_abs(size, rd_ofs, rm_ofs, vec_size, vec_size);
6497 for (pass = 0; pass < (q ? 4 : 2); pass++) {
6498 tmp = neon_load_reg(rm, pass);
6500 case NEON_2RM_VREV32:
6502 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
6503 case 1: gen_swap_half(tmp); break;
6507 case NEON_2RM_VREV16:
6512 case 0: gen_helper_neon_cls_s8(tmp, tmp); break;
6513 case 1: gen_helper_neon_cls_s16(tmp, tmp); break;
6514 case 2: gen_helper_neon_cls_s32(tmp, tmp); break;
6520 case 0: gen_helper_neon_clz_u8(tmp, tmp); break;
6521 case 1: gen_helper_neon_clz_u16(tmp, tmp); break;
6522 case 2: tcg_gen_clzi_i32(tmp, tmp, 32); break;
6527 gen_helper_neon_cnt_u8(tmp, tmp);
6529 case NEON_2RM_VQABS:
6532 gen_helper_neon_qabs_s8(tmp, cpu_env, tmp);
6535 gen_helper_neon_qabs_s16(tmp, cpu_env, tmp);
6538 gen_helper_neon_qabs_s32(tmp, cpu_env, tmp);
6543 case NEON_2RM_VQNEG:
6546 gen_helper_neon_qneg_s8(tmp, cpu_env, tmp);
6549 gen_helper_neon_qneg_s16(tmp, cpu_env, tmp);
6552 gen_helper_neon_qneg_s32(tmp, cpu_env, tmp);
6557 case NEON_2RM_VCGT0: case NEON_2RM_VCLE0:
6558 tmp2 = tcg_const_i32(0);
6560 case 0: gen_helper_neon_cgt_s8(tmp, tmp, tmp2); break;
6561 case 1: gen_helper_neon_cgt_s16(tmp, tmp, tmp2); break;
6562 case 2: gen_helper_neon_cgt_s32(tmp, tmp, tmp2); break;
6565 tcg_temp_free_i32(tmp2);
6566 if (op == NEON_2RM_VCLE0) {
6567 tcg_gen_not_i32(tmp, tmp);
6570 case NEON_2RM_VCGE0: case NEON_2RM_VCLT0:
6571 tmp2 = tcg_const_i32(0);
6573 case 0: gen_helper_neon_cge_s8(tmp, tmp, tmp2); break;
6574 case 1: gen_helper_neon_cge_s16(tmp, tmp, tmp2); break;
6575 case 2: gen_helper_neon_cge_s32(tmp, tmp, tmp2); break;
6578 tcg_temp_free_i32(tmp2);
6579 if (op == NEON_2RM_VCLT0) {
6580 tcg_gen_not_i32(tmp, tmp);
6583 case NEON_2RM_VCEQ0:
6584 tmp2 = tcg_const_i32(0);
6586 case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
6587 case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
6588 case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
6591 tcg_temp_free_i32(tmp2);
6593 case NEON_2RM_VCGT0_F:
6595 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6596 tmp2 = tcg_const_i32(0);
6597 gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
6598 tcg_temp_free_i32(tmp2);
6599 tcg_temp_free_ptr(fpstatus);
6602 case NEON_2RM_VCGE0_F:
6604 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6605 tmp2 = tcg_const_i32(0);
6606 gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
6607 tcg_temp_free_i32(tmp2);
6608 tcg_temp_free_ptr(fpstatus);
6611 case NEON_2RM_VCEQ0_F:
6613 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6614 tmp2 = tcg_const_i32(0);
6615 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
6616 tcg_temp_free_i32(tmp2);
6617 tcg_temp_free_ptr(fpstatus);
6620 case NEON_2RM_VCLE0_F:
6622 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6623 tmp2 = tcg_const_i32(0);
6624 gen_helper_neon_cge_f32(tmp, tmp2, tmp, fpstatus);
6625 tcg_temp_free_i32(tmp2);
6626 tcg_temp_free_ptr(fpstatus);
6629 case NEON_2RM_VCLT0_F:
6631 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6632 tmp2 = tcg_const_i32(0);
6633 gen_helper_neon_cgt_f32(tmp, tmp2, tmp, fpstatus);
6634 tcg_temp_free_i32(tmp2);
6635 tcg_temp_free_ptr(fpstatus);
6638 case NEON_2RM_VABS_F:
6639 gen_helper_vfp_abss(tmp, tmp);
6641 case NEON_2RM_VNEG_F:
6642 gen_helper_vfp_negs(tmp, tmp);
6645 tmp2 = neon_load_reg(rd, pass);
6646 neon_store_reg(rm, pass, tmp2);
6649 tmp2 = neon_load_reg(rd, pass);
6651 case 0: gen_neon_trn_u8(tmp, tmp2); break;
6652 case 1: gen_neon_trn_u16(tmp, tmp2); break;
6655 neon_store_reg(rm, pass, tmp2);
6657 case NEON_2RM_VRINTN:
6658 case NEON_2RM_VRINTA:
6659 case NEON_2RM_VRINTM:
6660 case NEON_2RM_VRINTP:
6661 case NEON_2RM_VRINTZ:
6664 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6667 if (op == NEON_2RM_VRINTZ) {
6668 rmode = FPROUNDING_ZERO;
6670 rmode = fp_decode_rm[((op & 0x6) >> 1) ^ 1];
6673 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
6674 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6676 gen_helper_rints(tmp, tmp, fpstatus);
6677 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6679 tcg_temp_free_ptr(fpstatus);
6680 tcg_temp_free_i32(tcg_rmode);
6683 case NEON_2RM_VRINTX:
6685 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6686 gen_helper_rints_exact(tmp, tmp, fpstatus);
6687 tcg_temp_free_ptr(fpstatus);
6690 case NEON_2RM_VCVTAU:
6691 case NEON_2RM_VCVTAS:
6692 case NEON_2RM_VCVTNU:
6693 case NEON_2RM_VCVTNS:
6694 case NEON_2RM_VCVTPU:
6695 case NEON_2RM_VCVTPS:
6696 case NEON_2RM_VCVTMU:
6697 case NEON_2RM_VCVTMS:
6699 bool is_signed = !extract32(insn, 7, 1);
6700 TCGv_ptr fpst = get_fpstatus_ptr(1);
6701 TCGv_i32 tcg_rmode, tcg_shift;
6702 int rmode = fp_decode_rm[extract32(insn, 8, 2)];
6704 tcg_shift = tcg_const_i32(0);
6705 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
6706 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6710 gen_helper_vfp_tosls(tmp, tmp,
6713 gen_helper_vfp_touls(tmp, tmp,
6717 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6719 tcg_temp_free_i32(tcg_rmode);
6720 tcg_temp_free_i32(tcg_shift);
6721 tcg_temp_free_ptr(fpst);
6724 case NEON_2RM_VRECPE:
6726 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6727 gen_helper_recpe_u32(tmp, tmp, fpstatus);
6728 tcg_temp_free_ptr(fpstatus);
6731 case NEON_2RM_VRSQRTE:
6733 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6734 gen_helper_rsqrte_u32(tmp, tmp, fpstatus);
6735 tcg_temp_free_ptr(fpstatus);
6738 case NEON_2RM_VRECPE_F:
6740 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6741 gen_helper_recpe_f32(tmp, tmp, fpstatus);
6742 tcg_temp_free_ptr(fpstatus);
6745 case NEON_2RM_VRSQRTE_F:
6747 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6748 gen_helper_rsqrte_f32(tmp, tmp, fpstatus);
6749 tcg_temp_free_ptr(fpstatus);
6752 case NEON_2RM_VCVT_FS: /* VCVT.F32.S32 */
6754 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6755 gen_helper_vfp_sitos(tmp, tmp, fpstatus);
6756 tcg_temp_free_ptr(fpstatus);
6759 case NEON_2RM_VCVT_FU: /* VCVT.F32.U32 */
6761 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6762 gen_helper_vfp_uitos(tmp, tmp, fpstatus);
6763 tcg_temp_free_ptr(fpstatus);
6766 case NEON_2RM_VCVT_SF: /* VCVT.S32.F32 */
6768 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6769 gen_helper_vfp_tosizs(tmp, tmp, fpstatus);
6770 tcg_temp_free_ptr(fpstatus);
6773 case NEON_2RM_VCVT_UF: /* VCVT.U32.F32 */
6775 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6776 gen_helper_vfp_touizs(tmp, tmp, fpstatus);
6777 tcg_temp_free_ptr(fpstatus);
6781 /* Reserved op values were caught by the
6782 * neon_2rm_sizes[] check earlier.
6786 neon_store_reg(rd, pass, tmp);
6790 } else if ((insn & (1 << 10)) == 0) {
6792 int n = ((insn >> 8) & 3) + 1;
6793 if ((rn + n) > 32) {
6794 /* This is UNPREDICTABLE; we choose to UNDEF to avoid the
6795 * helper function running off the end of the register file.
6800 if (insn & (1 << 6)) {
6801 tmp = neon_load_reg(rd, 0);
6803 tmp = tcg_temp_new_i32();
6804 tcg_gen_movi_i32(tmp, 0);
6806 tmp2 = neon_load_reg(rm, 0);
6807 ptr1 = vfp_reg_ptr(true, rn);
6808 tmp5 = tcg_const_i32(n);
6809 gen_helper_neon_tbl(tmp2, tmp2, tmp, ptr1, tmp5);
6810 tcg_temp_free_i32(tmp);
6811 if (insn & (1 << 6)) {
6812 tmp = neon_load_reg(rd, 1);
6814 tmp = tcg_temp_new_i32();
6815 tcg_gen_movi_i32(tmp, 0);
6817 tmp3 = neon_load_reg(rm, 1);
6818 gen_helper_neon_tbl(tmp3, tmp3, tmp, ptr1, tmp5);
6819 tcg_temp_free_i32(tmp5);
6820 tcg_temp_free_ptr(ptr1);
6821 neon_store_reg(rd, 0, tmp2);
6822 neon_store_reg(rd, 1, tmp3);
6823 tcg_temp_free_i32(tmp);
6824 } else if ((insn & 0x380) == 0) {
6829 if ((insn & (7 << 16)) == 0 || (q && (rd & 1))) {
6832 if (insn & (1 << 16)) {
6834 element = (insn >> 17) & 7;
6835 } else if (insn & (1 << 17)) {
6837 element = (insn >> 18) & 3;
6840 element = (insn >> 19) & 1;
6842 tcg_gen_gvec_dup_mem(size, neon_reg_offset(rd, 0),
6843 neon_element_offset(rm, element, size),
6844 q ? 16 : 8, q ? 16 : 8);
6853 /* Advanced SIMD three registers of the same length extension.
6854 * 31 25 23 22 20 16 12 11 10 9 8 3 0
6855 * +---------------+-----+---+-----+----+----+---+----+---+----+---------+----+
6856 * | 1 1 1 1 1 1 0 | op1 | D | op2 | Vn | Vd | 1 | o3 | 0 | o4 | N Q M U | Vm |
6857 * +---------------+-----+---+-----+----+----+---+----+---+----+---------+----+
6859 static int disas_neon_insn_3same_ext(DisasContext *s, uint32_t insn)
6861 gen_helper_gvec_3 *fn_gvec = NULL;
6862 gen_helper_gvec_3_ptr *fn_gvec_ptr = NULL;
6863 int rd, rn, rm, opr_sz;
6866 bool is_long = false, q = extract32(insn, 6, 1);
6867 bool ptr_is_env = false;
6869 if ((insn & 0xfe200f10) == 0xfc200800) {
6870 /* VCMLA -- 1111 110R R.1S .... .... 1000 ...0 .... */
6871 int size = extract32(insn, 20, 1);
6872 data = extract32(insn, 23, 2); /* rot */
6873 if (!dc_isar_feature(aa32_vcma, s)
6874 || (!size && !dc_isar_feature(aa32_fp16_arith, s))) {
6877 fn_gvec_ptr = size ? gen_helper_gvec_fcmlas : gen_helper_gvec_fcmlah;
6878 } else if ((insn & 0xfea00f10) == 0xfc800800) {
6879 /* VCADD -- 1111 110R 1.0S .... .... 1000 ...0 .... */
6880 int size = extract32(insn, 20, 1);
6881 data = extract32(insn, 24, 1); /* rot */
6882 if (!dc_isar_feature(aa32_vcma, s)
6883 || (!size && !dc_isar_feature(aa32_fp16_arith, s))) {
6886 fn_gvec_ptr = size ? gen_helper_gvec_fcadds : gen_helper_gvec_fcaddh;
6887 } else if ((insn & 0xfeb00f00) == 0xfc200d00) {
6888 /* V[US]DOT -- 1111 1100 0.10 .... .... 1101 .Q.U .... */
6889 bool u = extract32(insn, 4, 1);
6890 if (!dc_isar_feature(aa32_dp, s)) {
6893 fn_gvec = u ? gen_helper_gvec_udot_b : gen_helper_gvec_sdot_b;
6894 } else if ((insn & 0xff300f10) == 0xfc200810) {
6895 /* VFM[AS]L -- 1111 1100 S.10 .... .... 1000 .Q.1 .... */
6896 int is_s = extract32(insn, 23, 1);
6897 if (!dc_isar_feature(aa32_fhm, s)) {
6901 data = is_s; /* is_2 == 0 */
6902 fn_gvec_ptr = gen_helper_gvec_fmlal_a32;
6908 VFP_DREG_D(rd, insn);
6912 if (q || !is_long) {
6913 VFP_DREG_N(rn, insn);
6914 VFP_DREG_M(rm, insn);
6915 if ((rn | rm) & q & !is_long) {
6918 off_rn = vfp_reg_offset(1, rn);
6919 off_rm = vfp_reg_offset(1, rm);
6921 rn = VFP_SREG_N(insn);
6922 rm = VFP_SREG_M(insn);
6923 off_rn = vfp_reg_offset(0, rn);
6924 off_rm = vfp_reg_offset(0, rm);
6927 if (s->fp_excp_el) {
6928 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
6929 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
6932 if (!s->vfp_enabled) {
6936 opr_sz = (1 + q) * 8;
6942 ptr = get_fpstatus_ptr(1);
6944 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd), off_rn, off_rm, ptr,
6945 opr_sz, opr_sz, data, fn_gvec_ptr);
6947 tcg_temp_free_ptr(ptr);
6950 tcg_gen_gvec_3_ool(vfp_reg_offset(1, rd), off_rn, off_rm,
6951 opr_sz, opr_sz, data, fn_gvec);
6956 /* Advanced SIMD two registers and a scalar extension.
6957 * 31 24 23 22 20 16 12 11 10 9 8 3 0
6958 * +-----------------+----+---+----+----+----+---+----+---+----+---------+----+
6959 * | 1 1 1 1 1 1 1 0 | o1 | D | o2 | Vn | Vd | 1 | o3 | 0 | o4 | N Q M U | Vm |
6960 * +-----------------+----+---+----+----+----+---+----+---+----+---------+----+
6964 static int disas_neon_insn_2reg_scalar_ext(DisasContext *s, uint32_t insn)
6966 gen_helper_gvec_3 *fn_gvec = NULL;
6967 gen_helper_gvec_3_ptr *fn_gvec_ptr = NULL;
6968 int rd, rn, rm, opr_sz, data;
6970 bool is_long = false, q = extract32(insn, 6, 1);
6971 bool ptr_is_env = false;
6973 if ((insn & 0xff000f10) == 0xfe000800) {
6974 /* VCMLA (indexed) -- 1111 1110 S.RR .... .... 1000 ...0 .... */
6975 int rot = extract32(insn, 20, 2);
6976 int size = extract32(insn, 23, 1);
6979 if (!dc_isar_feature(aa32_vcma, s)) {
6983 if (!dc_isar_feature(aa32_fp16_arith, s)) {
6986 /* For fp16, rm is just Vm, and index is M. */
6987 rm = extract32(insn, 0, 4);
6988 index = extract32(insn, 5, 1);
6990 /* For fp32, rm is the usual M:Vm, and index is 0. */
6991 VFP_DREG_M(rm, insn);
6994 data = (index << 2) | rot;
6995 fn_gvec_ptr = (size ? gen_helper_gvec_fcmlas_idx
6996 : gen_helper_gvec_fcmlah_idx);
6997 } else if ((insn & 0xffb00f00) == 0xfe200d00) {
6998 /* V[US]DOT -- 1111 1110 0.10 .... .... 1101 .Q.U .... */
6999 int u = extract32(insn, 4, 1);
7001 if (!dc_isar_feature(aa32_dp, s)) {
7004 fn_gvec = u ? gen_helper_gvec_udot_idx_b : gen_helper_gvec_sdot_idx_b;
7005 /* rm is just Vm, and index is M. */
7006 data = extract32(insn, 5, 1); /* index */
7007 rm = extract32(insn, 0, 4);
7008 } else if ((insn & 0xffa00f10) == 0xfe000810) {
7009 /* VFM[AS]L -- 1111 1110 0.0S .... .... 1000 .Q.1 .... */
7010 int is_s = extract32(insn, 20, 1);
7011 int vm20 = extract32(insn, 0, 3);
7012 int vm3 = extract32(insn, 3, 1);
7013 int m = extract32(insn, 5, 1);
7016 if (!dc_isar_feature(aa32_fhm, s)) {
7021 index = m * 2 + vm3;
7027 data = (index << 2) | is_s; /* is_2 == 0 */
7028 fn_gvec_ptr = gen_helper_gvec_fmlal_idx_a32;
7034 VFP_DREG_D(rd, insn);
7038 if (q || !is_long) {
7039 VFP_DREG_N(rn, insn);
7040 if (rn & q & !is_long) {
7043 off_rn = vfp_reg_offset(1, rn);
7044 off_rm = vfp_reg_offset(1, rm);
7046 rn = VFP_SREG_N(insn);
7047 off_rn = vfp_reg_offset(0, rn);
7048 off_rm = vfp_reg_offset(0, rm);
7050 if (s->fp_excp_el) {
7051 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
7052 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
7055 if (!s->vfp_enabled) {
7059 opr_sz = (1 + q) * 8;
7065 ptr = get_fpstatus_ptr(1);
7067 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd), off_rn, off_rm, ptr,
7068 opr_sz, opr_sz, data, fn_gvec_ptr);
7070 tcg_temp_free_ptr(ptr);
7073 tcg_gen_gvec_3_ool(vfp_reg_offset(1, rd), off_rn, off_rm,
7074 opr_sz, opr_sz, data, fn_gvec);
7079 static int disas_coproc_insn(DisasContext *s, uint32_t insn)
7081 int cpnum, is64, crn, crm, opc1, opc2, isread, rt, rt2;
7082 const ARMCPRegInfo *ri;
7084 cpnum = (insn >> 8) & 0xf;
7086 /* First check for coprocessor space used for XScale/iwMMXt insns */
7087 if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cpnum < 2)) {
7088 if (extract32(s->c15_cpar, cpnum, 1) == 0) {
7091 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
7092 return disas_iwmmxt_insn(s, insn);
7093 } else if (arm_dc_feature(s, ARM_FEATURE_XSCALE)) {
7094 return disas_dsp_insn(s, insn);
7099 /* Otherwise treat as a generic register access */
7100 is64 = (insn & (1 << 25)) == 0;
7101 if (!is64 && ((insn & (1 << 4)) == 0)) {
7109 opc1 = (insn >> 4) & 0xf;
7111 rt2 = (insn >> 16) & 0xf;
7113 crn = (insn >> 16) & 0xf;
7114 opc1 = (insn >> 21) & 7;
7115 opc2 = (insn >> 5) & 7;
7118 isread = (insn >> 20) & 1;
7119 rt = (insn >> 12) & 0xf;
7121 ri = get_arm_cp_reginfo(s->cp_regs,
7122 ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));
7124 /* Check access permissions */
7125 if (!cp_access_ok(s->current_el, ri, isread)) {
7130 (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
7131 /* Emit code to perform further access permissions checks at
7132 * runtime; this may result in an exception.
7133 * Note that on XScale all cp0..c13 registers do an access check
7134 * call in order to handle c15_cpar.
7137 TCGv_i32 tcg_syn, tcg_isread;
7140 /* Note that since we are an implementation which takes an
7141 * exception on a trapped conditional instruction only if the
7142 * instruction passes its condition code check, we can take
7143 * advantage of the clause in the ARM ARM that allows us to set
7144 * the COND field in the instruction to 0xE in all cases.
7145 * We could fish the actual condition out of the insn (ARM)
7146 * or the condexec bits (Thumb) but it isn't necessary.
7151 syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7154 syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7160 syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7163 syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7168 /* ARMv8 defines that only coprocessors 14 and 15 exist,
7169 * so this can only happen if this is an ARMv7 or earlier CPU,
7170 * in which case the syndrome information won't actually be
7173 assert(!arm_dc_feature(s, ARM_FEATURE_V8));
7174 syndrome = syn_uncategorized();
7178 gen_set_condexec(s);
7179 gen_set_pc_im(s, s->pc_curr);
7180 tmpptr = tcg_const_ptr(ri);
7181 tcg_syn = tcg_const_i32(syndrome);
7182 tcg_isread = tcg_const_i32(isread);
7183 gen_helper_access_check_cp_reg(cpu_env, tmpptr, tcg_syn,
7185 tcg_temp_free_ptr(tmpptr);
7186 tcg_temp_free_i32(tcg_syn);
7187 tcg_temp_free_i32(tcg_isread);
7188 } else if (ri->type & ARM_CP_RAISES_EXC) {
7190 * The readfn or writefn might raise an exception;
7191 * synchronize the CPU state in case it does.
7193 gen_set_condexec(s);
7194 gen_set_pc_im(s, s->pc_curr);
7197 /* Handle special cases first */
7198 switch (ri->type & ~(ARM_CP_FLAG_MASK & ~ARM_CP_SPECIAL)) {
7205 gen_set_pc_im(s, s->base.pc_next);
7206 s->base.is_jmp = DISAS_WFI;
7212 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7221 if (ri->type & ARM_CP_CONST) {
7222 tmp64 = tcg_const_i64(ri->resetvalue);
7223 } else if (ri->readfn) {
7225 tmp64 = tcg_temp_new_i64();
7226 tmpptr = tcg_const_ptr(ri);
7227 gen_helper_get_cp_reg64(tmp64, cpu_env, tmpptr);
7228 tcg_temp_free_ptr(tmpptr);
7230 tmp64 = tcg_temp_new_i64();
7231 tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
7233 tmp = tcg_temp_new_i32();
7234 tcg_gen_extrl_i64_i32(tmp, tmp64);
7235 store_reg(s, rt, tmp);
7236 tmp = tcg_temp_new_i32();
7237 tcg_gen_extrh_i64_i32(tmp, tmp64);
7238 tcg_temp_free_i64(tmp64);
7239 store_reg(s, rt2, tmp);
7242 if (ri->type & ARM_CP_CONST) {
7243 tmp = tcg_const_i32(ri->resetvalue);
7244 } else if (ri->readfn) {
7246 tmp = tcg_temp_new_i32();
7247 tmpptr = tcg_const_ptr(ri);
7248 gen_helper_get_cp_reg(tmp, cpu_env, tmpptr);
7249 tcg_temp_free_ptr(tmpptr);
7251 tmp = load_cpu_offset(ri->fieldoffset);
7254 /* Destination register of r15 for 32 bit loads sets
7255 * the condition codes from the high 4 bits of the value
7258 tcg_temp_free_i32(tmp);
7260 store_reg(s, rt, tmp);
7265 if (ri->type & ARM_CP_CONST) {
7266 /* If not forbidden by access permissions, treat as WI */
7271 TCGv_i32 tmplo, tmphi;
7272 TCGv_i64 tmp64 = tcg_temp_new_i64();
7273 tmplo = load_reg(s, rt);
7274 tmphi = load_reg(s, rt2);
7275 tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);
7276 tcg_temp_free_i32(tmplo);
7277 tcg_temp_free_i32(tmphi);
7279 TCGv_ptr tmpptr = tcg_const_ptr(ri);
7280 gen_helper_set_cp_reg64(cpu_env, tmpptr, tmp64);
7281 tcg_temp_free_ptr(tmpptr);
7283 tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
7285 tcg_temp_free_i64(tmp64);
7290 tmp = load_reg(s, rt);
7291 tmpptr = tcg_const_ptr(ri);
7292 gen_helper_set_cp_reg(cpu_env, tmpptr, tmp);
7293 tcg_temp_free_ptr(tmpptr);
7294 tcg_temp_free_i32(tmp);
7296 TCGv_i32 tmp = load_reg(s, rt);
7297 store_cpu_offset(tmp, ri->fieldoffset);
7302 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7303 /* I/O operations must end the TB here (whether read or write) */
7305 } else if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
7306 /* We default to ending the TB on a coprocessor register write,
7307 * but allow this to be suppressed by the register definition
7308 * (usually only necessary to work around guest bugs).
7316 /* Unknown register; this might be a guest error or a QEMU
7317 * unimplemented feature.
7320 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7321 "64 bit system register cp:%d opc1: %d crm:%d "
7323 isread ? "read" : "write", cpnum, opc1, crm,
7324 s->ns ? "non-secure" : "secure");
7326 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7327 "system register cp:%d opc1:%d crn:%d crm:%d opc2:%d "
7329 isread ? "read" : "write", cpnum, opc1, crn, crm, opc2,
7330 s->ns ? "non-secure" : "secure");
7337 /* Store a 64-bit value to a register pair. Clobbers val. */
7338 static void gen_storeq_reg(DisasContext *s, int rlow, int rhigh, TCGv_i64 val)
7341 tmp = tcg_temp_new_i32();
7342 tcg_gen_extrl_i64_i32(tmp, val);
7343 store_reg(s, rlow, tmp);
7344 tmp = tcg_temp_new_i32();
7345 tcg_gen_extrh_i64_i32(tmp, val);
7346 store_reg(s, rhigh, tmp);
7349 /* load and add a 64-bit value from a register pair. */
7350 static void gen_addq(DisasContext *s, TCGv_i64 val, int rlow, int rhigh)
7356 /* Load 64-bit value rd:rn. */
7357 tmpl = load_reg(s, rlow);
7358 tmph = load_reg(s, rhigh);
7359 tmp = tcg_temp_new_i64();
7360 tcg_gen_concat_i32_i64(tmp, tmpl, tmph);
7361 tcg_temp_free_i32(tmpl);
7362 tcg_temp_free_i32(tmph);
7363 tcg_gen_add_i64(val, val, tmp);
7364 tcg_temp_free_i64(tmp);
7367 /* Set N and Z flags from hi|lo. */
7368 static void gen_logicq_cc(TCGv_i32 lo, TCGv_i32 hi)
7370 tcg_gen_mov_i32(cpu_NF, hi);
7371 tcg_gen_or_i32(cpu_ZF, lo, hi);
7374 /* Load/Store exclusive instructions are implemented by remembering
7375 the value/address loaded, and seeing if these are the same
7376 when the store is performed. This should be sufficient to implement
7377 the architecturally mandated semantics, and avoids having to monitor
7378 regular stores. The compare vs the remembered value is done during
7379 the cmpxchg operation, but we must compare the addresses manually. */
7380 static void gen_load_exclusive(DisasContext *s, int rt, int rt2,
7381 TCGv_i32 addr, int size)
7383 TCGv_i32 tmp = tcg_temp_new_i32();
7384 MemOp opc = size | MO_ALIGN | s->be_data;
7389 TCGv_i32 tmp2 = tcg_temp_new_i32();
7390 TCGv_i64 t64 = tcg_temp_new_i64();
7392 /* For AArch32, architecturally the 32-bit word at the lowest
7393 * address is always Rt and the one at addr+4 is Rt2, even if
7394 * the CPU is big-endian. That means we don't want to do a
7395 * gen_aa32_ld_i64(), which invokes gen_aa32_frob64() as if
7396 * for an architecturally 64-bit access, but instead do a
7397 * 64-bit access using MO_BE if appropriate and then split
7399 * This only makes a difference for BE32 user-mode, where
7400 * frob64() must not flip the two halves of the 64-bit data
7401 * but this code must treat BE32 user-mode like BE32 system.
7403 TCGv taddr = gen_aa32_addr(s, addr, opc);
7405 tcg_gen_qemu_ld_i64(t64, taddr, get_mem_index(s), opc);
7406 tcg_temp_free(taddr);
7407 tcg_gen_mov_i64(cpu_exclusive_val, t64);
7408 if (s->be_data == MO_BE) {
7409 tcg_gen_extr_i64_i32(tmp2, tmp, t64);
7411 tcg_gen_extr_i64_i32(tmp, tmp2, t64);
7413 tcg_temp_free_i64(t64);
7415 store_reg(s, rt2, tmp2);
7417 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), opc);
7418 tcg_gen_extu_i32_i64(cpu_exclusive_val, tmp);
7421 store_reg(s, rt, tmp);
7422 tcg_gen_extu_i32_i64(cpu_exclusive_addr, addr);
7425 static void gen_clrex(DisasContext *s)
7427 tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7430 static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
7431 TCGv_i32 addr, int size)
7433 TCGv_i32 t0, t1, t2;
7436 TCGLabel *done_label;
7437 TCGLabel *fail_label;
7438 MemOp opc = size | MO_ALIGN | s->be_data;
7440 /* if (env->exclusive_addr == addr && env->exclusive_val == [addr]) {
7446 fail_label = gen_new_label();
7447 done_label = gen_new_label();
7448 extaddr = tcg_temp_new_i64();
7449 tcg_gen_extu_i32_i64(extaddr, addr);
7450 tcg_gen_brcond_i64(TCG_COND_NE, extaddr, cpu_exclusive_addr, fail_label);
7451 tcg_temp_free_i64(extaddr);
7453 taddr = gen_aa32_addr(s, addr, opc);
7454 t0 = tcg_temp_new_i32();
7455 t1 = load_reg(s, rt);
7457 TCGv_i64 o64 = tcg_temp_new_i64();
7458 TCGv_i64 n64 = tcg_temp_new_i64();
7460 t2 = load_reg(s, rt2);
7461 /* For AArch32, architecturally the 32-bit word at the lowest
7462 * address is always Rt and the one at addr+4 is Rt2, even if
7463 * the CPU is big-endian. Since we're going to treat this as a
7464 * single 64-bit BE store, we need to put the two halves in the
7465 * opposite order for BE to LE, so that they end up in the right
7467 * We don't want gen_aa32_frob64() because that does the wrong
7468 * thing for BE32 usermode.
7470 if (s->be_data == MO_BE) {
7471 tcg_gen_concat_i32_i64(n64, t2, t1);
7473 tcg_gen_concat_i32_i64(n64, t1, t2);
7475 tcg_temp_free_i32(t2);
7477 tcg_gen_atomic_cmpxchg_i64(o64, taddr, cpu_exclusive_val, n64,
7478 get_mem_index(s), opc);
7479 tcg_temp_free_i64(n64);
7481 tcg_gen_setcond_i64(TCG_COND_NE, o64, o64, cpu_exclusive_val);
7482 tcg_gen_extrl_i64_i32(t0, o64);
7484 tcg_temp_free_i64(o64);
7486 t2 = tcg_temp_new_i32();
7487 tcg_gen_extrl_i64_i32(t2, cpu_exclusive_val);
7488 tcg_gen_atomic_cmpxchg_i32(t0, taddr, t2, t1, get_mem_index(s), opc);
7489 tcg_gen_setcond_i32(TCG_COND_NE, t0, t0, t2);
7490 tcg_temp_free_i32(t2);
7492 tcg_temp_free_i32(t1);
7493 tcg_temp_free(taddr);
7494 tcg_gen_mov_i32(cpu_R[rd], t0);
7495 tcg_temp_free_i32(t0);
7496 tcg_gen_br(done_label);
7498 gen_set_label(fail_label);
7499 tcg_gen_movi_i32(cpu_R[rd], 1);
7500 gen_set_label(done_label);
7501 tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7507 * @mode: mode field from insn (which stack to store to)
7508 * @amode: addressing mode (DA/IA/DB/IB), encoded as per P,U bits in ARM insn
7509 * @writeback: true if writeback bit set
7511 * Generate code for the SRS (Store Return State) insn.
7513 static void gen_srs(DisasContext *s,
7514 uint32_t mode, uint32_t amode, bool writeback)
7521 * - trapped to EL3 if EL3 is AArch64 and we are at Secure EL1
7522 * and specified mode is monitor mode
7523 * - UNDEFINED in Hyp mode
7524 * - UNPREDICTABLE in User or System mode
7525 * - UNPREDICTABLE if the specified mode is:
7526 * -- not implemented
7527 * -- not a valid mode number
7528 * -- a mode that's at a higher exception level
7529 * -- Monitor, if we are Non-secure
7530 * For the UNPREDICTABLE cases we choose to UNDEF.
7532 if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) {
7533 gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(), 3);
7537 if (s->current_el == 0 || s->current_el == 2) {
7542 case ARM_CPU_MODE_USR:
7543 case ARM_CPU_MODE_FIQ:
7544 case ARM_CPU_MODE_IRQ:
7545 case ARM_CPU_MODE_SVC:
7546 case ARM_CPU_MODE_ABT:
7547 case ARM_CPU_MODE_UND:
7548 case ARM_CPU_MODE_SYS:
7550 case ARM_CPU_MODE_HYP:
7551 if (s->current_el == 1 || !arm_dc_feature(s, ARM_FEATURE_EL2)) {
7555 case ARM_CPU_MODE_MON:
7556 /* No need to check specifically for "are we non-secure" because
7557 * we've already made EL0 UNDEF and handled the trap for S-EL1;
7558 * so if this isn't EL3 then we must be non-secure.
7560 if (s->current_el != 3) {
7569 unallocated_encoding(s);
7573 addr = tcg_temp_new_i32();
7574 tmp = tcg_const_i32(mode);
7575 /* get_r13_banked() will raise an exception if called from System mode */
7576 gen_set_condexec(s);
7577 gen_set_pc_im(s, s->pc_curr);
7578 gen_helper_get_r13_banked(addr, cpu_env, tmp);
7579 tcg_temp_free_i32(tmp);
7596 tcg_gen_addi_i32(addr, addr, offset);
7597 tmp = load_reg(s, 14);
7598 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
7599 tcg_temp_free_i32(tmp);
7600 tmp = load_cpu_field(spsr);
7601 tcg_gen_addi_i32(addr, addr, 4);
7602 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
7603 tcg_temp_free_i32(tmp);
7621 tcg_gen_addi_i32(addr, addr, offset);
7622 tmp = tcg_const_i32(mode);
7623 gen_helper_set_r13_banked(cpu_env, tmp, addr);
7624 tcg_temp_free_i32(tmp);
7626 tcg_temp_free_i32(addr);
7627 s->base.is_jmp = DISAS_UPDATE;
7630 /* Generate a label used for skipping this instruction */
7631 static void arm_gen_condlabel(DisasContext *s)
7634 s->condlabel = gen_new_label();
7639 /* Skip this instruction if the ARM condition is false */
7640 static void arm_skip_unless(DisasContext *s, uint32_t cond)
7642 arm_gen_condlabel(s);
7643 arm_gen_test_cc(cond ^ 1, s->condlabel);
7648 * Constant expanders for the decoders.
7651 static int times_2(DisasContext *s, int x)
7656 /* Return only the rotation part of T32ExpandImm. */
7657 static int t32_expandimm_rot(DisasContext *s, int x)
7659 return x & 0xc00 ? extract32(x, 7, 5) : 0;
7662 /* Return the unrotated immediate from T32ExpandImm. */
7663 static int t32_expandimm_imm(DisasContext *s, int x)
7665 int imm = extract32(x, 0, 8);
7667 switch (extract32(x, 8, 4)) {
7669 /* Nothing to do. */
7671 case 1: /* 00XY00XY */
7674 case 2: /* XY00XY00 */
7677 case 3: /* XYXYXYXY */
7681 /* Rotated constant. */
7689 * Include the generated decoders.
7692 #include "decode-a32.inc.c"
7693 #include "decode-a32-uncond.inc.c"
7694 #include "decode-t32.inc.c"
7696 /* Helpers to swap operands for reverse-subtract. */
7697 static void gen_rsb(TCGv_i32 dst, TCGv_i32 a, TCGv_i32 b)
7699 tcg_gen_sub_i32(dst, b, a);
7702 static void gen_rsb_CC(TCGv_i32 dst, TCGv_i32 a, TCGv_i32 b)
7704 gen_sub_CC(dst, b, a);
7707 static void gen_rsc(TCGv_i32 dest, TCGv_i32 a, TCGv_i32 b)
7709 gen_sub_carry(dest, b, a);
7712 static void gen_rsc_CC(TCGv_i32 dest, TCGv_i32 a, TCGv_i32 b)
7714 gen_sbc_CC(dest, b, a);
7718 * Helpers for the data processing routines.
7720 * After the computation store the results back.
7721 * This may be suppressed altogether (STREG_NONE), require a runtime
7722 * check against the stack limits (STREG_SP_CHECK), or generate an
7723 * exception return. Oh, or store into a register.
7725 * Always return true, indicating success for a trans_* function.
7734 static bool store_reg_kind(DisasContext *s, int rd,
7735 TCGv_i32 val, StoreRegKind kind)
7739 tcg_temp_free_i32(val);
7742 /* See ALUWritePC: Interworking only from a32 mode. */
7744 store_reg(s, rd, val);
7746 store_reg_bx(s, rd, val);
7749 case STREG_SP_CHECK:
7750 store_sp_checked(s, val);
7753 gen_exception_return(s, val);
7756 g_assert_not_reached();
7760 * Data Processing (register)
7762 * Operate, with set flags, one register source,
7763 * one immediate shifted register source, and a destination.
7765 static bool op_s_rrr_shi(DisasContext *s, arg_s_rrr_shi *a,
7766 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32),
7767 int logic_cc, StoreRegKind kind)
7769 TCGv_i32 tmp1, tmp2;
7771 tmp2 = load_reg(s, a->rm);
7772 gen_arm_shift_im(tmp2, a->shty, a->shim, logic_cc);
7773 tmp1 = load_reg(s, a->rn);
7775 gen(tmp1, tmp1, tmp2);
7776 tcg_temp_free_i32(tmp2);
7781 return store_reg_kind(s, a->rd, tmp1, kind);
7784 static bool op_s_rxr_shi(DisasContext *s, arg_s_rrr_shi *a,
7785 void (*gen)(TCGv_i32, TCGv_i32),
7786 int logic_cc, StoreRegKind kind)
7790 tmp = load_reg(s, a->rm);
7791 gen_arm_shift_im(tmp, a->shty, a->shim, logic_cc);
7797 return store_reg_kind(s, a->rd, tmp, kind);
7801 * Data-processing (register-shifted register)
7803 * Operate, with set flags, one register source,
7804 * one register shifted register source, and a destination.
7806 static bool op_s_rrr_shr(DisasContext *s, arg_s_rrr_shr *a,
7807 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32),
7808 int logic_cc, StoreRegKind kind)
7810 TCGv_i32 tmp1, tmp2;
7812 tmp1 = load_reg(s, a->rs);
7813 tmp2 = load_reg(s, a->rm);
7814 gen_arm_shift_reg(tmp2, a->shty, tmp1, logic_cc);
7815 tmp1 = load_reg(s, a->rn);
7817 gen(tmp1, tmp1, tmp2);
7818 tcg_temp_free_i32(tmp2);
7823 return store_reg_kind(s, a->rd, tmp1, kind);
7826 static bool op_s_rxr_shr(DisasContext *s, arg_s_rrr_shr *a,
7827 void (*gen)(TCGv_i32, TCGv_i32),
7828 int logic_cc, StoreRegKind kind)
7830 TCGv_i32 tmp1, tmp2;
7832 tmp1 = load_reg(s, a->rs);
7833 tmp2 = load_reg(s, a->rm);
7834 gen_arm_shift_reg(tmp2, a->shty, tmp1, logic_cc);
7840 return store_reg_kind(s, a->rd, tmp2, kind);
7844 * Data-processing (immediate)
7846 * Operate, with set flags, one register source,
7847 * one rotated immediate, and a destination.
7849 * Note that logic_cc && a->rot setting CF based on the msb of the
7850 * immediate is the reason why we must pass in the unrotated form
7853 static bool op_s_rri_rot(DisasContext *s, arg_s_rri_rot *a,
7854 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32),
7855 int logic_cc, StoreRegKind kind)
7857 TCGv_i32 tmp1, tmp2;
7860 imm = ror32(a->imm, a->rot);
7861 if (logic_cc && a->rot) {
7862 tcg_gen_movi_i32(cpu_CF, imm >> 31);
7864 tmp2 = tcg_const_i32(imm);
7865 tmp1 = load_reg(s, a->rn);
7867 gen(tmp1, tmp1, tmp2);
7868 tcg_temp_free_i32(tmp2);
7873 return store_reg_kind(s, a->rd, tmp1, kind);
7876 static bool op_s_rxi_rot(DisasContext *s, arg_s_rri_rot *a,
7877 void (*gen)(TCGv_i32, TCGv_i32),
7878 int logic_cc, StoreRegKind kind)
7883 imm = ror32(a->imm, a->rot);
7884 if (logic_cc && a->rot) {
7885 tcg_gen_movi_i32(cpu_CF, imm >> 31);
7887 tmp = tcg_const_i32(imm);
7893 return store_reg_kind(s, a->rd, tmp, kind);
7896 #define DO_ANY3(NAME, OP, L, K) \
7897 static bool trans_##NAME##_rrri(DisasContext *s, arg_s_rrr_shi *a) \
7898 { StoreRegKind k = (K); return op_s_rrr_shi(s, a, OP, L, k); } \
7899 static bool trans_##NAME##_rrrr(DisasContext *s, arg_s_rrr_shr *a) \
7900 { StoreRegKind k = (K); return op_s_rrr_shr(s, a, OP, L, k); } \
7901 static bool trans_##NAME##_rri(DisasContext *s, arg_s_rri_rot *a) \
7902 { StoreRegKind k = (K); return op_s_rri_rot(s, a, OP, L, k); }
7904 #define DO_ANY2(NAME, OP, L, K) \
7905 static bool trans_##NAME##_rxri(DisasContext *s, arg_s_rrr_shi *a) \
7906 { StoreRegKind k = (K); return op_s_rxr_shi(s, a, OP, L, k); } \
7907 static bool trans_##NAME##_rxrr(DisasContext *s, arg_s_rrr_shr *a) \
7908 { StoreRegKind k = (K); return op_s_rxr_shr(s, a, OP, L, k); } \
7909 static bool trans_##NAME##_rxi(DisasContext *s, arg_s_rri_rot *a) \
7910 { StoreRegKind k = (K); return op_s_rxi_rot(s, a, OP, L, k); }
7912 #define DO_CMP2(NAME, OP, L) \
7913 static bool trans_##NAME##_xrri(DisasContext *s, arg_s_rrr_shi *a) \
7914 { return op_s_rrr_shi(s, a, OP, L, STREG_NONE); } \
7915 static bool trans_##NAME##_xrrr(DisasContext *s, arg_s_rrr_shr *a) \
7916 { return op_s_rrr_shr(s, a, OP, L, STREG_NONE); } \
7917 static bool trans_##NAME##_xri(DisasContext *s, arg_s_rri_rot *a) \
7918 { return op_s_rri_rot(s, a, OP, L, STREG_NONE); }
7920 DO_ANY3(AND, tcg_gen_and_i32, a->s, STREG_NORMAL)
7921 DO_ANY3(EOR, tcg_gen_xor_i32, a->s, STREG_NORMAL)
7922 DO_ANY3(ORR, tcg_gen_or_i32, a->s, STREG_NORMAL)
7923 DO_ANY3(BIC, tcg_gen_andc_i32, a->s, STREG_NORMAL)
7925 DO_ANY3(RSB, a->s ? gen_rsb_CC : gen_rsb, false, STREG_NORMAL)
7926 DO_ANY3(ADC, a->s ? gen_adc_CC : gen_add_carry, false, STREG_NORMAL)
7927 DO_ANY3(SBC, a->s ? gen_sbc_CC : gen_sub_carry, false, STREG_NORMAL)
7928 DO_ANY3(RSC, a->s ? gen_rsc_CC : gen_rsc, false, STREG_NORMAL)
7930 DO_CMP2(TST, tcg_gen_and_i32, true)
7931 DO_CMP2(TEQ, tcg_gen_xor_i32, true)
7932 DO_CMP2(CMN, gen_add_CC, false)
7933 DO_CMP2(CMP, gen_sub_CC, false)
7935 DO_ANY3(ADD, a->s ? gen_add_CC : tcg_gen_add_i32, false,
7936 a->rd == 13 && a->rn == 13 ? STREG_SP_CHECK : STREG_NORMAL)
7939 * Note for the computation of StoreRegKind we return out of the
7940 * middle of the functions that are expanded by DO_ANY3, and that
7941 * we modify a->s via that parameter before it is used by OP.
7943 DO_ANY3(SUB, a->s ? gen_sub_CC : tcg_gen_sub_i32, false,
7945 StoreRegKind ret = STREG_NORMAL;
7946 if (a->rd == 15 && a->s) {
7948 * See ALUExceptionReturn:
7949 * In User mode, UNPREDICTABLE; we choose UNDEF.
7950 * In Hyp mode, UNDEFINED.
7952 if (IS_USER(s) || s->current_el == 2) {
7953 unallocated_encoding(s);
7956 /* There is no writeback of nzcv to PSTATE. */
7958 ret = STREG_EXC_RET;
7959 } else if (a->rd == 13 && a->rn == 13) {
7960 ret = STREG_SP_CHECK;
7965 DO_ANY2(MOV, tcg_gen_mov_i32, a->s,
7967 StoreRegKind ret = STREG_NORMAL;
7968 if (a->rd == 15 && a->s) {
7970 * See ALUExceptionReturn:
7971 * In User mode, UNPREDICTABLE; we choose UNDEF.
7972 * In Hyp mode, UNDEFINED.
7974 if (IS_USER(s) || s->current_el == 2) {
7975 unallocated_encoding(s);
7978 /* There is no writeback of nzcv to PSTATE. */
7980 ret = STREG_EXC_RET;
7981 } else if (a->rd == 13) {
7982 ret = STREG_SP_CHECK;
7987 DO_ANY2(MVN, tcg_gen_not_i32, a->s, STREG_NORMAL)
7990 * ORN is only available with T32, so there is no register-shifted-register
7991 * form of the insn. Using the DO_ANY3 macro would create an unused function.
7993 static bool trans_ORN_rrri(DisasContext *s, arg_s_rrr_shi *a)
7995 return op_s_rrr_shi(s, a, tcg_gen_orc_i32, a->s, STREG_NORMAL);
7998 static bool trans_ORN_rri(DisasContext *s, arg_s_rri_rot *a)
8000 return op_s_rri_rot(s, a, tcg_gen_orc_i32, a->s, STREG_NORMAL);
8008 * Multiply and multiply accumulate
8011 static bool op_mla(DisasContext *s, arg_s_rrrr *a, bool add)
8015 t1 = load_reg(s, a->rn);
8016 t2 = load_reg(s, a->rm);
8017 tcg_gen_mul_i32(t1, t1, t2);
8018 tcg_temp_free_i32(t2);
8020 t2 = load_reg(s, a->ra);
8021 tcg_gen_add_i32(t1, t1, t2);
8022 tcg_temp_free_i32(t2);
8027 store_reg(s, a->rd, t1);
8031 static bool trans_MUL(DisasContext *s, arg_MUL *a)
8033 return op_mla(s, a, false);
8036 static bool trans_MLA(DisasContext *s, arg_MLA *a)
8038 return op_mla(s, a, true);
8041 static bool trans_MLS(DisasContext *s, arg_MLS *a)
8045 if (!ENABLE_ARCH_6T2) {
8048 t1 = load_reg(s, a->rn);
8049 t2 = load_reg(s, a->rm);
8050 tcg_gen_mul_i32(t1, t1, t2);
8051 tcg_temp_free_i32(t2);
8052 t2 = load_reg(s, a->ra);
8053 tcg_gen_sub_i32(t1, t2, t1);
8054 tcg_temp_free_i32(t2);
8055 store_reg(s, a->rd, t1);
8059 static bool op_mlal(DisasContext *s, arg_s_rrrr *a, bool uns, bool add)
8061 TCGv_i32 t0, t1, t2, t3;
8063 t0 = load_reg(s, a->rm);
8064 t1 = load_reg(s, a->rn);
8066 tcg_gen_mulu2_i32(t0, t1, t0, t1);
8068 tcg_gen_muls2_i32(t0, t1, t0, t1);
8071 t2 = load_reg(s, a->ra);
8072 t3 = load_reg(s, a->rd);
8073 tcg_gen_add2_i32(t0, t1, t0, t1, t2, t3);
8074 tcg_temp_free_i32(t2);
8075 tcg_temp_free_i32(t3);
8078 gen_logicq_cc(t0, t1);
8080 store_reg(s, a->ra, t0);
8081 store_reg(s, a->rd, t1);
8085 static bool trans_UMULL(DisasContext *s, arg_UMULL *a)
8087 return op_mlal(s, a, true, false);
8090 static bool trans_SMULL(DisasContext *s, arg_SMULL *a)
8092 return op_mlal(s, a, false, false);
8095 static bool trans_UMLAL(DisasContext *s, arg_UMLAL *a)
8097 return op_mlal(s, a, true, true);
8100 static bool trans_SMLAL(DisasContext *s, arg_SMLAL *a)
8102 return op_mlal(s, a, false, true);
8105 static bool trans_UMAAL(DisasContext *s, arg_UMAAL *a)
8107 TCGv_i32 t0, t1, t2, zero;
8110 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)
8115 t0 = load_reg(s, a->rm);
8116 t1 = load_reg(s, a->rn);
8117 tcg_gen_mulu2_i32(t0, t1, t0, t1);
8118 zero = tcg_const_i32(0);
8119 t2 = load_reg(s, a->ra);
8120 tcg_gen_add2_i32(t0, t1, t0, t1, t2, zero);
8121 tcg_temp_free_i32(t2);
8122 t2 = load_reg(s, a->rd);
8123 tcg_gen_add2_i32(t0, t1, t0, t1, t2, zero);
8124 tcg_temp_free_i32(t2);
8125 tcg_temp_free_i32(zero);
8126 store_reg(s, a->ra, t0);
8127 store_reg(s, a->rd, t1);
8132 * Saturating addition and subtraction
8135 static bool op_qaddsub(DisasContext *s, arg_rrr *a, bool add, bool doub)
8140 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)
8141 : !ENABLE_ARCH_5TE) {
8145 t0 = load_reg(s, a->rm);
8146 t1 = load_reg(s, a->rn);
8148 gen_helper_add_saturate(t1, cpu_env, t1, t1);
8151 gen_helper_add_saturate(t0, cpu_env, t0, t1);
8153 gen_helper_sub_saturate(t0, cpu_env, t0, t1);
8155 tcg_temp_free_i32(t1);
8156 store_reg(s, a->rd, t0);
8160 #define DO_QADDSUB(NAME, ADD, DOUB) \
8161 static bool trans_##NAME(DisasContext *s, arg_rrr *a) \
8163 return op_qaddsub(s, a, ADD, DOUB); \
8166 DO_QADDSUB(QADD, true, false)
8167 DO_QADDSUB(QSUB, false, false)
8168 DO_QADDSUB(QDADD, true, true)
8169 DO_QADDSUB(QDSUB, false, true)
8174 * Halfword multiply and multiply accumulate
8177 static bool op_smlaxxx(DisasContext *s, arg_rrrr *a,
8178 int add_long, bool nt, bool mt)
8180 TCGv_i32 t0, t1, tl, th;
8183 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)
8184 : !ENABLE_ARCH_5TE) {
8188 t0 = load_reg(s, a->rn);
8189 t1 = load_reg(s, a->rm);
8190 gen_mulxy(t0, t1, nt, mt);
8191 tcg_temp_free_i32(t1);
8195 store_reg(s, a->rd, t0);
8198 t1 = load_reg(s, a->ra);
8199 gen_helper_add_setq(t0, cpu_env, t0, t1);
8200 tcg_temp_free_i32(t1);
8201 store_reg(s, a->rd, t0);
8204 tl = load_reg(s, a->ra);
8205 th = load_reg(s, a->rd);
8206 t1 = tcg_const_i32(0);
8207 tcg_gen_add2_i32(tl, th, tl, th, t0, t1);
8208 tcg_temp_free_i32(t0);
8209 tcg_temp_free_i32(t1);
8210 store_reg(s, a->ra, tl);
8211 store_reg(s, a->rd, th);
8214 g_assert_not_reached();
8219 #define DO_SMLAX(NAME, add, nt, mt) \
8220 static bool trans_##NAME(DisasContext *s, arg_rrrr *a) \
8222 return op_smlaxxx(s, a, add, nt, mt); \
8225 DO_SMLAX(SMULBB, 0, 0, 0)
8226 DO_SMLAX(SMULBT, 0, 0, 1)
8227 DO_SMLAX(SMULTB, 0, 1, 0)
8228 DO_SMLAX(SMULTT, 0, 1, 1)
8230 DO_SMLAX(SMLABB, 1, 0, 0)
8231 DO_SMLAX(SMLABT, 1, 0, 1)
8232 DO_SMLAX(SMLATB, 1, 1, 0)
8233 DO_SMLAX(SMLATT, 1, 1, 1)
8235 DO_SMLAX(SMLALBB, 2, 0, 0)
8236 DO_SMLAX(SMLALBT, 2, 0, 1)
8237 DO_SMLAX(SMLALTB, 2, 1, 0)
8238 DO_SMLAX(SMLALTT, 2, 1, 1)
8242 static bool op_smlawx(DisasContext *s, arg_rrrr *a, bool add, bool mt)
8247 if (!ENABLE_ARCH_5TE) {
8251 t0 = load_reg(s, a->rn);
8252 t1 = load_reg(s, a->rm);
8254 tcg_gen_sari_i32(t1, t1, 16);
8258 t64 = gen_muls_i64_i32(t0, t1);
8259 tcg_gen_shri_i64(t64, t64, 16);
8260 t1 = tcg_temp_new_i32();
8261 tcg_gen_extrl_i64_i32(t1, t64);
8262 tcg_temp_free_i64(t64);
8264 t0 = load_reg(s, a->ra);
8265 gen_helper_add_setq(t1, cpu_env, t1, t0);
8266 tcg_temp_free_i32(t0);
8268 store_reg(s, a->rd, t1);
8272 #define DO_SMLAWX(NAME, add, mt) \
8273 static bool trans_##NAME(DisasContext *s, arg_rrrr *a) \
8275 return op_smlawx(s, a, add, mt); \
8278 DO_SMLAWX(SMULWB, 0, 0)
8279 DO_SMLAWX(SMULWT, 0, 1)
8280 DO_SMLAWX(SMLAWB, 1, 0)
8281 DO_SMLAWX(SMLAWT, 1, 1)
8289 static void disas_arm_insn(DisasContext *s, unsigned int insn)
8291 unsigned int cond, val, op1, i, shift, rm, rs, rn, rd, sh;
8298 /* M variants do not implement ARM mode; this must raise the INVSTATE
8299 * UsageFault exception.
8301 if (arm_dc_feature(s, ARM_FEATURE_M)) {
8302 gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
8303 default_exception_el(s));
8309 /* In ARMv3 and v4 the NV condition is UNPREDICTABLE; we
8310 * choose to UNDEF. In ARMv5 and above the space is used
8311 * for miscellaneous unconditional instructions.
8315 /* Unconditional instructions. */
8316 if (disas_a32_uncond(s, insn)) {
8319 /* fall back to legacy decoder */
8321 if (((insn >> 25) & 7) == 1) {
8322 /* NEON Data processing. */
8323 if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
8327 if (disas_neon_data_insn(s, insn)) {
8332 if ((insn & 0x0f100000) == 0x04000000) {
8333 /* NEON load/store. */
8334 if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
8338 if (disas_neon_ls_insn(s, insn)) {
8343 if ((insn & 0x0f000e10) == 0x0e000a00) {
8345 if (disas_vfp_insn(s, insn)) {
8350 if (((insn & 0x0f30f000) == 0x0510f000) ||
8351 ((insn & 0x0f30f010) == 0x0710f000)) {
8352 if ((insn & (1 << 22)) == 0) {
8354 if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
8358 /* Otherwise PLD; v5TE+ */
8362 if (((insn & 0x0f70f000) == 0x0450f000) ||
8363 ((insn & 0x0f70f010) == 0x0650f000)) {
8365 return; /* PLI; V7 */
8367 if (((insn & 0x0f700000) == 0x04100000) ||
8368 ((insn & 0x0f700010) == 0x06100000)) {
8369 if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
8372 return; /* v7MP: Unallocated memory hint: must NOP */
8375 if ((insn & 0x0ffffdff) == 0x01010000) {
8378 if (((insn >> 9) & 1) != !!(s->be_data == MO_BE)) {
8379 gen_helper_setend(cpu_env);
8380 s->base.is_jmp = DISAS_UPDATE;
8383 } else if ((insn & 0x0fffff00) == 0x057ff000) {
8384 switch ((insn >> 4) & 0xf) {
8392 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
8395 /* We need to break the TB after this insn to execute
8396 * self-modifying code correctly and also to take
8397 * any pending interrupts immediately.
8399 gen_goto_tb(s, 0, s->base.pc_next);
8402 if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
8406 * TODO: There is no speculation barrier opcode
8407 * for TCG; MB and end the TB instead.
8409 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
8410 gen_goto_tb(s, 0, s->base.pc_next);
8415 } else if ((insn & 0x0e5fffe0) == 0x084d0500) {
8418 gen_srs(s, (insn & 0x1f), (insn >> 23) & 3, insn & (1 << 21));
8420 } else if ((insn & 0x0e50ffe0) == 0x08100a00) {
8426 rn = (insn >> 16) & 0xf;
8427 addr = load_reg(s, rn);
8428 i = (insn >> 23) & 3;
8430 case 0: offset = -4; break; /* DA */
8431 case 1: offset = 0; break; /* IA */
8432 case 2: offset = -8; break; /* DB */
8433 case 3: offset = 4; break; /* IB */
8437 tcg_gen_addi_i32(addr, addr, offset);
8438 /* Load PC into tmp and CPSR into tmp2. */
8439 tmp = tcg_temp_new_i32();
8440 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8441 tcg_gen_addi_i32(addr, addr, 4);
8442 tmp2 = tcg_temp_new_i32();
8443 gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
8444 if (insn & (1 << 21)) {
8445 /* Base writeback. */
8447 case 0: offset = -8; break;
8448 case 1: offset = 4; break;
8449 case 2: offset = -4; break;
8450 case 3: offset = 0; break;
8454 tcg_gen_addi_i32(addr, addr, offset);
8455 store_reg(s, rn, addr);
8457 tcg_temp_free_i32(addr);
8459 gen_rfe(s, tmp, tmp2);
8461 } else if ((insn & 0x0e000000) == 0x0a000000) {
8462 /* branch link and change to thumb (blx <offset>) */
8465 tmp = tcg_temp_new_i32();
8466 tcg_gen_movi_i32(tmp, s->base.pc_next);
8467 store_reg(s, 14, tmp);
8468 /* Sign-extend the 24-bit offset */
8469 offset = (((int32_t)insn) << 8) >> 8;
8471 /* offset * 4 + bit24 * 2 + (thumb bit) */
8472 val += (offset << 2) | ((insn >> 23) & 2) | 1;
8473 /* protected by ARCH(5); above, near the start of uncond block */
8476 } else if ((insn & 0x0e000f00) == 0x0c000100) {
8477 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
8478 /* iWMMXt register transfer. */
8479 if (extract32(s->c15_cpar, 1, 1)) {
8480 if (!disas_iwmmxt_insn(s, insn)) {
8485 } else if ((insn & 0x0e000a00) == 0x0c000800
8486 && arm_dc_feature(s, ARM_FEATURE_V8)) {
8487 if (disas_neon_insn_3same_ext(s, insn)) {
8491 } else if ((insn & 0x0f000a00) == 0x0e000800
8492 && arm_dc_feature(s, ARM_FEATURE_V8)) {
8493 if (disas_neon_insn_2reg_scalar_ext(s, insn)) {
8497 } else if ((insn & 0x0fe00000) == 0x0c400000) {
8498 /* Coprocessor double register transfer. */
8500 } else if ((insn & 0x0f000010) == 0x0e000010) {
8501 /* Additional coprocessor register transfer. */
8502 } else if ((insn & 0x0ff10020) == 0x01000000) {
8505 /* cps (privileged) */
8509 if (insn & (1 << 19)) {
8510 if (insn & (1 << 8))
8512 if (insn & (1 << 7))
8514 if (insn & (1 << 6))
8516 if (insn & (1 << 18))
8519 if (insn & (1 << 17)) {
8521 val |= (insn & 0x1f);
8524 gen_set_psr_im(s, mask, 0, val);
8531 /* if not always execute, we generate a conditional jump to
8533 arm_skip_unless(s, cond);
8536 if (disas_a32(s, insn)) {
8539 /* fall back to legacy decoder */
8541 if ((insn & 0x0f900000) == 0x03000000) {
8542 if ((insn & (1 << 21)) == 0) {
8544 rd = (insn >> 12) & 0xf;
8545 val = ((insn >> 4) & 0xf000) | (insn & 0xfff);
8546 if ((insn & (1 << 22)) == 0) {
8548 tmp = tcg_temp_new_i32();
8549 tcg_gen_movi_i32(tmp, val);
8552 tmp = load_reg(s, rd);
8553 tcg_gen_ext16u_i32(tmp, tmp);
8554 tcg_gen_ori_i32(tmp, tmp, val << 16);
8556 store_reg(s, rd, tmp);
8558 if (((insn >> 12) & 0xf) != 0xf)
8560 if (((insn >> 16) & 0xf) == 0) {
8561 gen_nop_hint(s, insn & 0xff);
8563 /* CPSR = immediate */
8565 shift = ((insn >> 8) & 0xf) * 2;
8566 val = ror32(val, shift);
8567 i = ((insn & (1 << 22)) != 0);
8568 if (gen_set_psr_im(s, msr_mask(s, (insn >> 16) & 0xf, i),
8574 } else if ((insn & 0x0f900000) == 0x01000000
8575 && (insn & 0x00000090) != 0x00000090) {
8576 /* miscellaneous instructions */
8577 op1 = (insn >> 21) & 3;
8578 sh = (insn >> 4) & 0xf;
8581 case 0x0: /* MSR, MRS */
8582 if (insn & (1 << 9)) {
8583 /* MSR (banked) and MRS (banked) */
8584 int sysm = extract32(insn, 16, 4) |
8585 (extract32(insn, 8, 1) << 4);
8586 int r = extract32(insn, 22, 1);
8590 gen_msr_banked(s, r, sysm, rm);
8593 int rd = extract32(insn, 12, 4);
8595 gen_mrs_banked(s, r, sysm, rd);
8600 /* MSR, MRS (for PSRs) */
8603 tmp = load_reg(s, rm);
8604 i = ((op1 & 2) != 0);
8605 if (gen_set_psr(s, msr_mask(s, (insn >> 16) & 0xf, i), i, tmp))
8609 rd = (insn >> 12) & 0xf;
8613 tmp = load_cpu_field(spsr);
8615 tmp = tcg_temp_new_i32();
8616 gen_helper_cpsr_read(tmp, cpu_env);
8618 store_reg(s, rd, tmp);
8623 /* branch/exchange thumb (bx). */
8625 tmp = load_reg(s, rm);
8627 } else if (op1 == 3) {
8630 rd = (insn >> 12) & 0xf;
8631 tmp = load_reg(s, rm);
8632 tcg_gen_clzi_i32(tmp, tmp, 32);
8633 store_reg(s, rd, tmp);
8641 /* Trivial implementation equivalent to bx. */
8642 tmp = load_reg(s, rm);
8653 /* branch link/exchange thumb (blx) */
8654 tmp = load_reg(s, rm);
8655 tmp2 = tcg_temp_new_i32();
8656 tcg_gen_movi_i32(tmp2, s->base.pc_next);
8657 store_reg(s, 14, tmp2);
8663 uint32_t c = extract32(insn, 8, 4);
8665 /* Check this CPU supports ARMv8 CRC instructions.
8666 * op1 == 3 is UNPREDICTABLE but handle as UNDEFINED.
8667 * Bits 8, 10 and 11 should be zero.
8669 if (!dc_isar_feature(aa32_crc32, s) || op1 == 0x3 || (c & 0xd) != 0) {
8673 rn = extract32(insn, 16, 4);
8674 rd = extract32(insn, 12, 4);
8676 tmp = load_reg(s, rn);
8677 tmp2 = load_reg(s, rm);
8679 tcg_gen_andi_i32(tmp2, tmp2, 0xff);
8680 } else if (op1 == 1) {
8681 tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
8683 tmp3 = tcg_const_i32(1 << op1);
8685 gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
8687 gen_helper_crc32(tmp, tmp, tmp2, tmp3);
8689 tcg_temp_free_i32(tmp2);
8690 tcg_temp_free_i32(tmp3);
8691 store_reg(s, rd, tmp);
8695 /* Saturating addition and subtraction. */
8696 /* All done in decodetree. Reach here for illegal ops. */
8698 case 0x6: /* ERET */
8702 if (!arm_dc_feature(s, ARM_FEATURE_V7VE)) {
8705 if ((insn & 0x000fff0f) != 0x0000000e) {
8706 /* UNPREDICTABLE; we choose to UNDEF */
8710 if (s->current_el == 2) {
8711 tmp = load_cpu_field(elr_el[2]);
8713 tmp = load_reg(s, 14);
8715 gen_exception_return(s, tmp);
8719 int imm16 = extract32(insn, 0, 4) | (extract32(insn, 8, 12) << 4);
8728 gen_exception_bkpt_insn(s, syn_aa32_bkpt(imm16, false));
8731 /* Hypervisor call (v7) */
8739 /* Secure monitor call (v6+) */
8747 g_assert_not_reached();
8755 /* Halfword multiply and multiply accumulate. */
8756 /* All done in decodetree. Reach here for illegal ops. */
8761 } else if (((insn & 0x0e000000) == 0 &&
8762 (insn & 0x00000090) != 0x90) ||
8763 ((insn & 0x0e000000) == (1 << 25))) {
8764 /* Data-processing (reg, reg-shift-reg, imm). */
8765 /* All done in decodetree. Reach here for illegal ops. */
8768 /* other instructions */
8769 op1 = (insn >> 24) & 0xf;
8773 /* multiplies, extra load/stores */
8774 sh = (insn >> 5) & 3;
8777 /* Multiply and multiply accumulate. */
8778 /* All done in decodetree. Reach here for illegal ops. */
8781 rn = (insn >> 16) & 0xf;
8782 rd = (insn >> 12) & 0xf;
8783 if (insn & (1 << 23)) {
8784 /* load/store exclusive */
8785 bool is_ld = extract32(insn, 20, 1);
8786 bool is_lasr = !extract32(insn, 8, 1);
8787 int op2 = (insn >> 8) & 3;
8788 op1 = (insn >> 21) & 0x3;
8791 case 0: /* lda/stl */
8797 case 1: /* reserved */
8799 case 2: /* ldaex/stlex */
8802 case 3: /* ldrex/strex */
8811 addr = tcg_temp_local_new_i32();
8812 load_reg_var(s, addr, rn);
8814 if (is_lasr && !is_ld) {
8815 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
8820 tmp = tcg_temp_new_i32();
8823 gen_aa32_ld32u_iss(s, tmp, addr,
8828 gen_aa32_ld8u_iss(s, tmp, addr,
8833 gen_aa32_ld16u_iss(s, tmp, addr,
8840 store_reg(s, rd, tmp);
8843 tmp = load_reg(s, rm);
8846 gen_aa32_st32_iss(s, tmp, addr,
8851 gen_aa32_st8_iss(s, tmp, addr,
8856 gen_aa32_st16_iss(s, tmp, addr,
8863 tcg_temp_free_i32(tmp);
8868 gen_load_exclusive(s, rd, 15, addr, 2);
8870 case 1: /* ldrexd */
8871 gen_load_exclusive(s, rd, rd + 1, addr, 3);
8873 case 2: /* ldrexb */
8874 gen_load_exclusive(s, rd, 15, addr, 0);
8876 case 3: /* ldrexh */
8877 gen_load_exclusive(s, rd, 15, addr, 1);
8886 gen_store_exclusive(s, rd, rm, 15, addr, 2);
8888 case 1: /* strexd */
8889 gen_store_exclusive(s, rd, rm, rm + 1, addr, 3);
8891 case 2: /* strexb */
8892 gen_store_exclusive(s, rd, rm, 15, addr, 0);
8894 case 3: /* strexh */
8895 gen_store_exclusive(s, rd, rm, 15, addr, 1);
8901 tcg_temp_free_i32(addr);
8903 if (is_lasr && is_ld) {
8904 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
8906 } else if ((insn & 0x00300f00) == 0) {
8907 /* 0bcccc_0001_0x00_xxxx_xxxx_0000_1001_xxxx
8912 MemOp opc = s->be_data;
8916 if (insn & (1 << 22)) {
8919 opc |= MO_UL | MO_ALIGN;
8922 addr = load_reg(s, rn);
8923 taddr = gen_aa32_addr(s, addr, opc);
8924 tcg_temp_free_i32(addr);
8926 tmp = load_reg(s, rm);
8927 tcg_gen_atomic_xchg_i32(tmp, taddr, tmp,
8928 get_mem_index(s), opc);
8929 tcg_temp_free(taddr);
8930 store_reg(s, rd, tmp);
8937 bool load = insn & (1 << 20);
8938 bool wbit = insn & (1 << 21);
8939 bool pbit = insn & (1 << 24);
8940 bool doubleword = false;
8943 /* Misc load/store */
8944 rn = (insn >> 16) & 0xf;
8945 rd = (insn >> 12) & 0xf;
8947 /* ISS not valid if writeback */
8948 issinfo = (pbit & !wbit) ? rd : ISSInvalid;
8950 if (!load && (sh & 2)) {
8954 /* UNPREDICTABLE; we choose to UNDEF */
8957 load = (sh & 1) == 0;
8961 addr = load_reg(s, rn);
8963 gen_add_datah_offset(s, insn, 0, addr);
8970 tmp = load_reg(s, rd);
8971 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
8972 tcg_temp_free_i32(tmp);
8973 tcg_gen_addi_i32(addr, addr, 4);
8974 tmp = load_reg(s, rd + 1);
8975 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
8976 tcg_temp_free_i32(tmp);
8979 tmp = tcg_temp_new_i32();
8980 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8981 store_reg(s, rd, tmp);
8982 tcg_gen_addi_i32(addr, addr, 4);
8983 tmp = tcg_temp_new_i32();
8984 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8987 address_offset = -4;
8990 tmp = tcg_temp_new_i32();
8993 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s),
8997 gen_aa32_ld8s_iss(s, tmp, addr, get_mem_index(s),
9002 gen_aa32_ld16s_iss(s, tmp, addr, get_mem_index(s),
9008 tmp = load_reg(s, rd);
9009 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), issinfo);
9010 tcg_temp_free_i32(tmp);
9012 /* Perform base writeback before the loaded value to
9013 ensure correct behavior with overlapping index registers.
9014 ldrd with base writeback is undefined if the
9015 destination and index registers overlap. */
9017 gen_add_datah_offset(s, insn, address_offset, addr);
9018 store_reg(s, rn, addr);
9021 tcg_gen_addi_i32(addr, addr, address_offset);
9022 store_reg(s, rn, addr);
9024 tcg_temp_free_i32(addr);
9027 /* Complete the load. */
9028 store_reg(s, rd, tmp);
9037 if (insn & (1 << 4)) {
9039 /* Armv6 Media instructions. */
9041 rn = (insn >> 16) & 0xf;
9042 rd = (insn >> 12) & 0xf;
9043 rs = (insn >> 8) & 0xf;
9044 switch ((insn >> 23) & 3) {
9045 case 0: /* Parallel add/subtract. */
9046 op1 = (insn >> 20) & 7;
9047 tmp = load_reg(s, rn);
9048 tmp2 = load_reg(s, rm);
9049 sh = (insn >> 5) & 7;
9050 if ((op1 & 3) == 0 || sh == 5 || sh == 6)
9052 gen_arm_parallel_addsub(op1, sh, tmp, tmp2);
9053 tcg_temp_free_i32(tmp2);
9054 store_reg(s, rd, tmp);
9057 if ((insn & 0x00700020) == 0) {
9058 /* Halfword pack. */
9059 tmp = load_reg(s, rn);
9060 tmp2 = load_reg(s, rm);
9061 shift = (insn >> 7) & 0x1f;
9062 if (insn & (1 << 6)) {
9067 tcg_gen_sari_i32(tmp2, tmp2, shift);
9068 tcg_gen_deposit_i32(tmp, tmp, tmp2, 0, 16);
9071 tcg_gen_shli_i32(tmp2, tmp2, shift);
9072 tcg_gen_deposit_i32(tmp, tmp2, tmp, 0, 16);
9074 tcg_temp_free_i32(tmp2);
9075 store_reg(s, rd, tmp);
9076 } else if ((insn & 0x00200020) == 0x00200000) {
9078 tmp = load_reg(s, rm);
9079 shift = (insn >> 7) & 0x1f;
9080 if (insn & (1 << 6)) {
9083 tcg_gen_sari_i32(tmp, tmp, shift);
9085 tcg_gen_shli_i32(tmp, tmp, shift);
9087 sh = (insn >> 16) & 0x1f;
9088 tmp2 = tcg_const_i32(sh);
9089 if (insn & (1 << 22))
9090 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
9092 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
9093 tcg_temp_free_i32(tmp2);
9094 store_reg(s, rd, tmp);
9095 } else if ((insn & 0x00300fe0) == 0x00200f20) {
9097 tmp = load_reg(s, rm);
9098 sh = (insn >> 16) & 0x1f;
9099 tmp2 = tcg_const_i32(sh);
9100 if (insn & (1 << 22))
9101 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
9103 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
9104 tcg_temp_free_i32(tmp2);
9105 store_reg(s, rd, tmp);
9106 } else if ((insn & 0x00700fe0) == 0x00000fa0) {
9108 tmp = load_reg(s, rn);
9109 tmp2 = load_reg(s, rm);
9110 tmp3 = tcg_temp_new_i32();
9111 tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
9112 gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
9113 tcg_temp_free_i32(tmp3);
9114 tcg_temp_free_i32(tmp2);
9115 store_reg(s, rd, tmp);
9116 } else if ((insn & 0x000003e0) == 0x00000060) {
9117 tmp = load_reg(s, rm);
9118 shift = (insn >> 10) & 3;
9119 /* ??? In many cases it's not necessary to do a
9120 rotate, a shift is sufficient. */
9121 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
9122 op1 = (insn >> 20) & 7;
9124 case 0: gen_sxtb16(tmp); break;
9125 case 2: gen_sxtb(tmp); break;
9126 case 3: gen_sxth(tmp); break;
9127 case 4: gen_uxtb16(tmp); break;
9128 case 6: gen_uxtb(tmp); break;
9129 case 7: gen_uxth(tmp); break;
9130 default: goto illegal_op;
9133 tmp2 = load_reg(s, rn);
9134 if ((op1 & 3) == 0) {
9135 gen_add16(tmp, tmp2);
9137 tcg_gen_add_i32(tmp, tmp, tmp2);
9138 tcg_temp_free_i32(tmp2);
9141 store_reg(s, rd, tmp);
9142 } else if ((insn & 0x003f0f60) == 0x003f0f20) {
9144 tmp = load_reg(s, rm);
9145 if (insn & (1 << 22)) {
9146 if (insn & (1 << 7)) {
9150 gen_helper_rbit(tmp, tmp);
9153 if (insn & (1 << 7))
9156 tcg_gen_bswap32_i32(tmp, tmp);
9158 store_reg(s, rd, tmp);
9163 case 2: /* Multiplies (Type 3). */
9164 switch ((insn >> 20) & 0x7) {
9166 if (((insn >> 6) ^ (insn >> 7)) & 1) {
9167 /* op2 not 00x or 11x : UNDEF */
9170 /* Signed multiply most significant [accumulate].
9171 (SMMUL, SMMLA, SMMLS) */
9172 tmp = load_reg(s, rm);
9173 tmp2 = load_reg(s, rs);
9174 tcg_gen_muls2_i32(tmp2, tmp, tmp, tmp2);
9177 tmp3 = load_reg(s, rd);
9178 if (insn & (1 << 6)) {
9180 * For SMMLS, we need a 64-bit subtract.
9181 * Borrow caused by a non-zero multiplicand
9182 * lowpart, and the correct result lowpart
9185 TCGv_i32 zero = tcg_const_i32(0);
9186 tcg_gen_sub2_i32(tmp2, tmp, zero, tmp3,
9188 tcg_temp_free_i32(zero);
9190 tcg_gen_add_i32(tmp, tmp, tmp3);
9192 tcg_temp_free_i32(tmp3);
9194 if (insn & (1 << 5)) {
9196 * Adding 0x80000000 to the 64-bit quantity
9197 * means that we have carry in to the high
9198 * word when the low word has the high bit set.
9200 tcg_gen_shri_i32(tmp2, tmp2, 31);
9201 tcg_gen_add_i32(tmp, tmp, tmp2);
9203 tcg_temp_free_i32(tmp2);
9204 store_reg(s, rn, tmp);
9208 /* SMLAD, SMUAD, SMLSD, SMUSD, SMLALD, SMLSLD */
9209 if (insn & (1 << 7)) {
9212 tmp = load_reg(s, rm);
9213 tmp2 = load_reg(s, rs);
9214 if (insn & (1 << 5))
9215 gen_swap_half(tmp2);
9216 gen_smul_dual(tmp, tmp2);
9217 if (insn & (1 << 22)) {
9218 /* smlald, smlsld */
9221 tmp64 = tcg_temp_new_i64();
9222 tmp64_2 = tcg_temp_new_i64();
9223 tcg_gen_ext_i32_i64(tmp64, tmp);
9224 tcg_gen_ext_i32_i64(tmp64_2, tmp2);
9225 tcg_temp_free_i32(tmp);
9226 tcg_temp_free_i32(tmp2);
9227 if (insn & (1 << 6)) {
9228 tcg_gen_sub_i64(tmp64, tmp64, tmp64_2);
9230 tcg_gen_add_i64(tmp64, tmp64, tmp64_2);
9232 tcg_temp_free_i64(tmp64_2);
9233 gen_addq(s, tmp64, rd, rn);
9234 gen_storeq_reg(s, rd, rn, tmp64);
9235 tcg_temp_free_i64(tmp64);
9237 /* smuad, smusd, smlad, smlsd */
9238 if (insn & (1 << 6)) {
9239 /* This subtraction cannot overflow. */
9240 tcg_gen_sub_i32(tmp, tmp, tmp2);
9242 /* This addition cannot overflow 32 bits;
9243 * however it may overflow considered as a
9244 * signed operation, in which case we must set
9247 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9249 tcg_temp_free_i32(tmp2);
9252 tmp2 = load_reg(s, rd);
9253 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9254 tcg_temp_free_i32(tmp2);
9256 store_reg(s, rn, tmp);
9262 if (!dc_isar_feature(arm_div, s)) {
9265 if (((insn >> 5) & 7) || (rd != 15)) {
9268 tmp = load_reg(s, rm);
9269 tmp2 = load_reg(s, rs);
9270 if (insn & (1 << 21)) {
9271 gen_helper_udiv(tmp, tmp, tmp2);
9273 gen_helper_sdiv(tmp, tmp, tmp2);
9275 tcg_temp_free_i32(tmp2);
9276 store_reg(s, rn, tmp);
9283 op1 = ((insn >> 17) & 0x38) | ((insn >> 5) & 7);
9285 case 0: /* Unsigned sum of absolute differences. */
9287 tmp = load_reg(s, rm);
9288 tmp2 = load_reg(s, rs);
9289 gen_helper_usad8(tmp, tmp, tmp2);
9290 tcg_temp_free_i32(tmp2);
9292 tmp2 = load_reg(s, rd);
9293 tcg_gen_add_i32(tmp, tmp, tmp2);
9294 tcg_temp_free_i32(tmp2);
9296 store_reg(s, rn, tmp);
9298 case 0x20: case 0x24: case 0x28: case 0x2c:
9299 /* Bitfield insert/clear. */
9301 shift = (insn >> 7) & 0x1f;
9302 i = (insn >> 16) & 0x1f;
9304 /* UNPREDICTABLE; we choose to UNDEF */
9309 tmp = tcg_temp_new_i32();
9310 tcg_gen_movi_i32(tmp, 0);
9312 tmp = load_reg(s, rm);
9315 tmp2 = load_reg(s, rd);
9316 tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, i);
9317 tcg_temp_free_i32(tmp2);
9319 store_reg(s, rd, tmp);
9321 case 0x12: case 0x16: case 0x1a: case 0x1e: /* sbfx */
9322 case 0x32: case 0x36: case 0x3a: case 0x3e: /* ubfx */
9324 tmp = load_reg(s, rm);
9325 shift = (insn >> 7) & 0x1f;
9326 i = ((insn >> 16) & 0x1f) + 1;
9331 tcg_gen_extract_i32(tmp, tmp, shift, i);
9333 tcg_gen_sextract_i32(tmp, tmp, shift, i);
9336 store_reg(s, rd, tmp);
9346 /* Check for undefined extension instructions
9347 * per the ARM Bible IE:
9348 * xxxx 0111 1111 xxxx xxxx xxxx 1111 xxxx
9350 sh = (0xf << 20) | (0xf << 4);
9351 if (op1 == 0x7 && ((insn & sh) == sh))
9355 /* load/store byte/word */
9356 rn = (insn >> 16) & 0xf;
9357 rd = (insn >> 12) & 0xf;
9358 tmp2 = load_reg(s, rn);
9359 if ((insn & 0x01200000) == 0x00200000) {
9361 i = get_a32_user_mem_index(s);
9363 i = get_mem_index(s);
9365 if (insn & (1 << 24))
9366 gen_add_data_offset(s, insn, tmp2);
9367 if (insn & (1 << 20)) {
9369 tmp = tcg_temp_new_i32();
9370 if (insn & (1 << 22)) {
9371 gen_aa32_ld8u_iss(s, tmp, tmp2, i, rd);
9373 gen_aa32_ld32u_iss(s, tmp, tmp2, i, rd);
9377 tmp = load_reg(s, rd);
9378 if (insn & (1 << 22)) {
9379 gen_aa32_st8_iss(s, tmp, tmp2, i, rd);
9381 gen_aa32_st32_iss(s, tmp, tmp2, i, rd);
9383 tcg_temp_free_i32(tmp);
9385 if (!(insn & (1 << 24))) {
9386 gen_add_data_offset(s, insn, tmp2);
9387 store_reg(s, rn, tmp2);
9388 } else if (insn & (1 << 21)) {
9389 store_reg(s, rn, tmp2);
9391 tcg_temp_free_i32(tmp2);
9393 if (insn & (1 << 20)) {
9394 /* Complete the load. */
9395 store_reg_from_load(s, rd, tmp);
9401 int j, n, loaded_base;
9402 bool exc_return = false;
9403 bool is_load = extract32(insn, 20, 1);
9405 TCGv_i32 loaded_var;
9406 /* load/store multiple words */
9407 /* XXX: store correct base if write back */
9408 if (insn & (1 << 22)) {
9409 /* LDM (user), LDM (exception return) and STM (user) */
9411 goto illegal_op; /* only usable in supervisor mode */
9413 if (is_load && extract32(insn, 15, 1)) {
9419 rn = (insn >> 16) & 0xf;
9420 addr = load_reg(s, rn);
9422 /* compute total size */
9426 for (i = 0; i < 16; i++) {
9427 if (insn & (1 << i))
9430 /* XXX: test invalid n == 0 case ? */
9431 if (insn & (1 << 23)) {
9432 if (insn & (1 << 24)) {
9434 tcg_gen_addi_i32(addr, addr, 4);
9436 /* post increment */
9439 if (insn & (1 << 24)) {
9441 tcg_gen_addi_i32(addr, addr, -(n * 4));
9443 /* post decrement */
9445 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9449 for (i = 0; i < 16; i++) {
9450 if (insn & (1 << i)) {
9453 tmp = tcg_temp_new_i32();
9454 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9456 tmp2 = tcg_const_i32(i);
9457 gen_helper_set_user_reg(cpu_env, tmp2, tmp);
9458 tcg_temp_free_i32(tmp2);
9459 tcg_temp_free_i32(tmp);
9460 } else if (i == rn) {
9463 } else if (i == 15 && exc_return) {
9464 store_pc_exc_ret(s, tmp);
9466 store_reg_from_load(s, i, tmp);
9471 tmp = tcg_temp_new_i32();
9472 tcg_gen_movi_i32(tmp, read_pc(s));
9474 tmp = tcg_temp_new_i32();
9475 tmp2 = tcg_const_i32(i);
9476 gen_helper_get_user_reg(tmp, cpu_env, tmp2);
9477 tcg_temp_free_i32(tmp2);
9479 tmp = load_reg(s, i);
9481 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9482 tcg_temp_free_i32(tmp);
9485 /* no need to add after the last transfer */
9487 tcg_gen_addi_i32(addr, addr, 4);
9490 if (insn & (1 << 21)) {
9492 if (insn & (1 << 23)) {
9493 if (insn & (1 << 24)) {
9496 /* post increment */
9497 tcg_gen_addi_i32(addr, addr, 4);
9500 if (insn & (1 << 24)) {
9503 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9505 /* post decrement */
9506 tcg_gen_addi_i32(addr, addr, -(n * 4));
9509 store_reg(s, rn, addr);
9511 tcg_temp_free_i32(addr);
9514 store_reg(s, rn, loaded_var);
9517 /* Restore CPSR from SPSR. */
9518 tmp = load_cpu_field(spsr);
9519 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
9522 gen_helper_cpsr_write_eret(cpu_env, tmp);
9523 tcg_temp_free_i32(tmp);
9524 /* Must exit loop to check un-masked IRQs */
9525 s->base.is_jmp = DISAS_EXIT;
9534 /* branch (and link) */
9535 if (insn & (1 << 24)) {
9536 tmp = tcg_temp_new_i32();
9537 tcg_gen_movi_i32(tmp, s->base.pc_next);
9538 store_reg(s, 14, tmp);
9540 offset = sextract32(insn << 2, 0, 26);
9541 gen_jmp(s, read_pc(s) + offset);
9547 if (((insn >> 8) & 0xe) == 10) {
9549 if (disas_vfp_insn(s, insn)) {
9552 } else if (disas_coproc_insn(s, insn)) {
9559 gen_set_pc_im(s, s->base.pc_next);
9560 s->svc_imm = extract32(insn, 0, 24);
9561 s->base.is_jmp = DISAS_SWI;
9565 unallocated_encoding(s);
9571 static bool thumb_insn_is_16bit(DisasContext *s, uint32_t pc, uint32_t insn)
9574 * Return true if this is a 16 bit instruction. We must be precise
9575 * about this (matching the decode).
9577 if ((insn >> 11) < 0x1d) {
9578 /* Definitely a 16-bit instruction */
9582 /* Top five bits 0b11101 / 0b11110 / 0b11111 : this is the
9583 * first half of a 32-bit Thumb insn. Thumb-1 cores might
9584 * end up actually treating this as two 16-bit insns, though,
9585 * if it's half of a bl/blx pair that might span a page boundary.
9587 if (arm_dc_feature(s, ARM_FEATURE_THUMB2) ||
9588 arm_dc_feature(s, ARM_FEATURE_M)) {
9589 /* Thumb2 cores (including all M profile ones) always treat
9590 * 32-bit insns as 32-bit.
9595 if ((insn >> 11) == 0x1e && pc - s->page_start < TARGET_PAGE_SIZE - 3) {
9596 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix, and the suffix
9597 * is not on the next page; we merge this into a 32-bit
9602 /* 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF);
9603 * 0b1111_1xxx_xxxx_xxxx : BL suffix;
9604 * 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix on the end of a page
9605 * -- handle as single 16 bit insn
9610 /* Translate a 32-bit thumb instruction. */
9611 static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
9613 uint32_t imm, shift, offset;
9614 uint32_t rd, rn, rm, rs;
9623 * ARMv6-M supports a limited subset of Thumb2 instructions.
9624 * Other Thumb1 architectures allow only 32-bit
9625 * combined BL/BLX prefix and suffix.
9627 if (arm_dc_feature(s, ARM_FEATURE_M) &&
9628 !arm_dc_feature(s, ARM_FEATURE_V7)) {
9631 static const uint32_t armv6m_insn[] = {0xf3808000 /* msr */,
9632 0xf3b08040 /* dsb */,
9633 0xf3b08050 /* dmb */,
9634 0xf3b08060 /* isb */,
9635 0xf3e08000 /* mrs */,
9636 0xf000d000 /* bl */};
9637 static const uint32_t armv6m_mask[] = {0xffe0d000,
9644 for (i = 0; i < ARRAY_SIZE(armv6m_insn); i++) {
9645 if ((insn & armv6m_mask[i]) == armv6m_insn[i]) {
9653 } else if ((insn & 0xf800e800) != 0xf000e800) {
9657 if (disas_t32(s, insn)) {
9660 /* fall back to legacy decoder */
9662 rn = (insn >> 16) & 0xf;
9663 rs = (insn >> 12) & 0xf;
9664 rd = (insn >> 8) & 0xf;
9666 switch ((insn >> 25) & 0xf) {
9667 case 0: case 1: case 2: case 3:
9668 /* 16-bit instructions. Should never happen. */
9671 if (insn & (1 << 22)) {
9672 /* 0b1110_100x_x1xx_xxxx_xxxx_xxxx_xxxx_xxxx
9673 * - load/store doubleword, load/store exclusive, ldacq/strel,
9676 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_M) &&
9677 arm_dc_feature(s, ARM_FEATURE_V8)) {
9678 /* 0b1110_1001_0111_1111_1110_1001_0111_111
9680 * The bulk of the behaviour for this instruction is implemented
9681 * in v7m_handle_execute_nsc(), which deals with the insn when
9682 * it is executed by a CPU in non-secure state from memory
9683 * which is Secure & NonSecure-Callable.
9684 * Here we only need to handle the remaining cases:
9685 * * in NS memory (including the "security extension not
9686 * implemented" case) : NOP
9687 * * in S memory but CPU already secure (clear IT bits)
9688 * We know that the attribute for the memory this insn is
9689 * in must match the current CPU state, because otherwise
9690 * get_phys_addr_pmsav8 would have generated an exception.
9692 if (s->v8m_secure) {
9693 /* Like the IT insn, we don't need to generate any code */
9694 s->condexec_cond = 0;
9695 s->condexec_mask = 0;
9697 } else if (insn & 0x01200000) {
9698 /* 0b1110_1000_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
9699 * - load/store dual (post-indexed)
9700 * 0b1111_1001_x10x_xxxx_xxxx_xxxx_xxxx_xxxx
9701 * - load/store dual (literal and immediate)
9702 * 0b1111_1001_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
9703 * - load/store dual (pre-indexed)
9705 bool wback = extract32(insn, 21, 1);
9707 if (rn == 15 && (insn & (1 << 21))) {
9712 addr = add_reg_for_lit(s, rn, 0);
9713 offset = (insn & 0xff) * 4;
9714 if ((insn & (1 << 23)) == 0) {
9718 if (s->v8m_stackcheck && rn == 13 && wback) {
9720 * Here 'addr' is the current SP; if offset is +ve we're
9721 * moving SP up, else down. It is UNKNOWN whether the limit
9722 * check triggers when SP starts below the limit and ends
9723 * up above it; check whichever of the current and final
9724 * SP is lower, so QEMU will trigger in that situation.
9726 if ((int32_t)offset < 0) {
9727 TCGv_i32 newsp = tcg_temp_new_i32();
9729 tcg_gen_addi_i32(newsp, addr, offset);
9730 gen_helper_v8m_stackcheck(cpu_env, newsp);
9731 tcg_temp_free_i32(newsp);
9733 gen_helper_v8m_stackcheck(cpu_env, addr);
9737 if (insn & (1 << 24)) {
9738 tcg_gen_addi_i32(addr, addr, offset);
9741 if (insn & (1 << 20)) {
9743 tmp = tcg_temp_new_i32();
9744 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9745 store_reg(s, rs, tmp);
9746 tcg_gen_addi_i32(addr, addr, 4);
9747 tmp = tcg_temp_new_i32();
9748 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9749 store_reg(s, rd, tmp);
9752 tmp = load_reg(s, rs);
9753 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9754 tcg_temp_free_i32(tmp);
9755 tcg_gen_addi_i32(addr, addr, 4);
9756 tmp = load_reg(s, rd);
9757 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9758 tcg_temp_free_i32(tmp);
9761 /* Base writeback. */
9762 tcg_gen_addi_i32(addr, addr, offset - 4);
9763 store_reg(s, rn, addr);
9765 tcg_temp_free_i32(addr);
9767 } else if ((insn & (1 << 23)) == 0) {
9768 /* 0b1110_1000_010x_xxxx_xxxx_xxxx_xxxx_xxxx
9769 * - load/store exclusive word
9773 if (!(insn & (1 << 20)) &&
9774 arm_dc_feature(s, ARM_FEATURE_M) &&
9775 arm_dc_feature(s, ARM_FEATURE_V8)) {
9776 /* 0b1110_1000_0100_xxxx_1111_xxxx_xxxx_xxxx
9779 bool alt = insn & (1 << 7);
9780 TCGv_i32 addr, op, ttresp;
9782 if ((insn & 0x3f) || rd == 13 || rd == 15 || rn == 15) {
9783 /* we UNDEF for these UNPREDICTABLE cases */
9787 if (alt && !s->v8m_secure) {
9791 addr = load_reg(s, rn);
9792 op = tcg_const_i32(extract32(insn, 6, 2));
9793 ttresp = tcg_temp_new_i32();
9794 gen_helper_v7m_tt(ttresp, cpu_env, addr, op);
9795 tcg_temp_free_i32(addr);
9796 tcg_temp_free_i32(op);
9797 store_reg(s, rd, ttresp);
9802 addr = tcg_temp_local_new_i32();
9803 load_reg_var(s, addr, rn);
9804 tcg_gen_addi_i32(addr, addr, (insn & 0xff) << 2);
9805 if (insn & (1 << 20)) {
9806 gen_load_exclusive(s, rs, 15, addr, 2);
9808 gen_store_exclusive(s, rd, rs, 15, addr, 2);
9810 tcg_temp_free_i32(addr);
9811 } else if ((insn & (7 << 5)) == 0) {
9813 addr = load_reg(s, rn);
9814 tmp = load_reg(s, rm);
9815 tcg_gen_add_i32(addr, addr, tmp);
9816 if (insn & (1 << 4)) {
9818 tcg_gen_add_i32(addr, addr, tmp);
9819 tcg_temp_free_i32(tmp);
9820 tmp = tcg_temp_new_i32();
9821 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
9823 tcg_temp_free_i32(tmp);
9824 tmp = tcg_temp_new_i32();
9825 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
9827 tcg_temp_free_i32(addr);
9828 tcg_gen_shli_i32(tmp, tmp, 1);
9829 tcg_gen_addi_i32(tmp, tmp, read_pc(s));
9830 store_reg(s, 15, tmp);
9832 bool is_lasr = false;
9833 bool is_ld = extract32(insn, 20, 1);
9834 int op2 = (insn >> 6) & 0x3;
9835 op = (insn >> 4) & 0x3;
9840 /* Load/store exclusive byte/halfword/doubleword */
9847 /* Load-acquire/store-release */
9853 /* Load-acquire/store-release exclusive */
9859 if (is_lasr && !is_ld) {
9860 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
9863 addr = tcg_temp_local_new_i32();
9864 load_reg_var(s, addr, rn);
9867 tmp = tcg_temp_new_i32();
9870 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s),
9874 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s),
9878 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
9884 store_reg(s, rs, tmp);
9886 tmp = load_reg(s, rs);
9889 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s),
9893 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s),
9897 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s),
9903 tcg_temp_free_i32(tmp);
9906 gen_load_exclusive(s, rs, rd, addr, op);
9908 gen_store_exclusive(s, rm, rs, rd, addr, op);
9910 tcg_temp_free_i32(addr);
9912 if (is_lasr && is_ld) {
9913 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
9917 /* Load/store multiple, RFE, SRS. */
9918 if (((insn >> 23) & 1) == ((insn >> 24) & 1)) {
9919 /* RFE, SRS: not available in user mode or on M profile */
9920 if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
9923 if (insn & (1 << 20)) {
9925 addr = load_reg(s, rn);
9926 if ((insn & (1 << 24)) == 0)
9927 tcg_gen_addi_i32(addr, addr, -8);
9928 /* Load PC into tmp and CPSR into tmp2. */
9929 tmp = tcg_temp_new_i32();
9930 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9931 tcg_gen_addi_i32(addr, addr, 4);
9932 tmp2 = tcg_temp_new_i32();
9933 gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
9934 if (insn & (1 << 21)) {
9935 /* Base writeback. */
9936 if (insn & (1 << 24)) {
9937 tcg_gen_addi_i32(addr, addr, 4);
9939 tcg_gen_addi_i32(addr, addr, -4);
9941 store_reg(s, rn, addr);
9943 tcg_temp_free_i32(addr);
9945 gen_rfe(s, tmp, tmp2);
9948 gen_srs(s, (insn & 0x1f), (insn & (1 << 24)) ? 1 : 2,
9952 int i, loaded_base = 0;
9953 TCGv_i32 loaded_var;
9954 bool wback = extract32(insn, 21, 1);
9955 /* Load/store multiple. */
9956 addr = load_reg(s, rn);
9958 for (i = 0; i < 16; i++) {
9959 if (insn & (1 << i))
9963 if (insn & (1 << 24)) {
9964 tcg_gen_addi_i32(addr, addr, -offset);
9967 if (s->v8m_stackcheck && rn == 13 && wback) {
9969 * If the writeback is incrementing SP rather than
9970 * decrementing it, and the initial SP is below the
9971 * stack limit but the final written-back SP would
9972 * be above, then then we must not perform any memory
9973 * accesses, but it is IMPDEF whether we generate
9974 * an exception. We choose to do so in this case.
9975 * At this point 'addr' is the lowest address, so
9976 * either the original SP (if incrementing) or our
9977 * final SP (if decrementing), so that's what we check.
9979 gen_helper_v8m_stackcheck(cpu_env, addr);
9983 for (i = 0; i < 16; i++) {
9984 if ((insn & (1 << i)) == 0)
9986 if (insn & (1 << 20)) {
9988 tmp = tcg_temp_new_i32();
9989 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9994 store_reg_from_load(s, i, tmp);
9998 tmp = load_reg(s, i);
9999 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
10000 tcg_temp_free_i32(tmp);
10002 tcg_gen_addi_i32(addr, addr, 4);
10005 store_reg(s, rn, loaded_var);
10008 /* Base register writeback. */
10009 if (insn & (1 << 24)) {
10010 tcg_gen_addi_i32(addr, addr, -offset);
10012 /* Fault if writeback register is in register list. */
10013 if (insn & (1 << rn))
10015 store_reg(s, rn, addr);
10017 tcg_temp_free_i32(addr);
10024 op = (insn >> 21) & 0xf;
10026 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10029 /* Halfword pack. */
10030 tmp = load_reg(s, rn);
10031 tmp2 = load_reg(s, rm);
10032 shift = ((insn >> 10) & 0x1c) | ((insn >> 6) & 0x3);
10033 if (insn & (1 << 5)) {
10038 tcg_gen_sari_i32(tmp2, tmp2, shift);
10039 tcg_gen_deposit_i32(tmp, tmp, tmp2, 0, 16);
10042 tcg_gen_shli_i32(tmp2, tmp2, shift);
10043 tcg_gen_deposit_i32(tmp, tmp2, tmp, 0, 16);
10045 tcg_temp_free_i32(tmp2);
10046 store_reg(s, rd, tmp);
10048 /* Data processing register constant shift. */
10049 /* All done in decodetree. Reach here for illegal ops. */
10053 case 13: /* Misc data processing. */
10054 op = ((insn >> 22) & 6) | ((insn >> 7) & 1);
10055 if (op < 4 && (insn & 0xf000) != 0xf000)
10058 case 0: /* Register controlled shift, in decodetree */
10060 case 1: /* Sign/zero extend. */
10061 op = (insn >> 20) & 7;
10063 case 0: /* SXTAH, SXTH */
10064 case 1: /* UXTAH, UXTH */
10065 case 4: /* SXTAB, SXTB */
10066 case 5: /* UXTAB, UXTB */
10068 case 2: /* SXTAB16, SXTB16 */
10069 case 3: /* UXTAB16, UXTB16 */
10070 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10078 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10082 tmp = load_reg(s, rm);
10083 shift = (insn >> 4) & 3;
10084 /* ??? In many cases it's not necessary to do a
10085 rotate, a shift is sufficient. */
10086 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
10087 op = (insn >> 20) & 7;
10089 case 0: gen_sxth(tmp); break;
10090 case 1: gen_uxth(tmp); break;
10091 case 2: gen_sxtb16(tmp); break;
10092 case 3: gen_uxtb16(tmp); break;
10093 case 4: gen_sxtb(tmp); break;
10094 case 5: gen_uxtb(tmp); break;
10096 g_assert_not_reached();
10099 tmp2 = load_reg(s, rn);
10100 if ((op >> 1) == 1) {
10101 gen_add16(tmp, tmp2);
10103 tcg_gen_add_i32(tmp, tmp, tmp2);
10104 tcg_temp_free_i32(tmp2);
10107 store_reg(s, rd, tmp);
10109 case 2: /* SIMD add/subtract. */
10110 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10113 op = (insn >> 20) & 7;
10114 shift = (insn >> 4) & 7;
10115 if ((op & 3) == 3 || (shift & 3) == 3)
10117 tmp = load_reg(s, rn);
10118 tmp2 = load_reg(s, rm);
10119 gen_thumb2_parallel_addsub(op, shift, tmp, tmp2);
10120 tcg_temp_free_i32(tmp2);
10121 store_reg(s, rd, tmp);
10123 case 3: /* Other data processing. */
10124 op = ((insn >> 17) & 0x38) | ((insn >> 4) & 7);
10126 /* Saturating add/subtract. */
10127 /* All done in decodetree. Reach here for illegal ops. */
10131 case 0x0a: /* rbit */
10132 case 0x08: /* rev */
10133 case 0x09: /* rev16 */
10134 case 0x0b: /* revsh */
10135 case 0x18: /* clz */
10137 case 0x10: /* sel */
10138 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10142 case 0x20: /* crc32/crc32c */
10148 if (!dc_isar_feature(aa32_crc32, s)) {
10155 tmp = load_reg(s, rn);
10157 case 0x0a: /* rbit */
10158 gen_helper_rbit(tmp, tmp);
10160 case 0x08: /* rev */
10161 tcg_gen_bswap32_i32(tmp, tmp);
10163 case 0x09: /* rev16 */
10166 case 0x0b: /* revsh */
10169 case 0x10: /* sel */
10170 tmp2 = load_reg(s, rm);
10171 tmp3 = tcg_temp_new_i32();
10172 tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
10173 gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
10174 tcg_temp_free_i32(tmp3);
10175 tcg_temp_free_i32(tmp2);
10177 case 0x18: /* clz */
10178 tcg_gen_clzi_i32(tmp, tmp, 32);
10188 uint32_t sz = op & 0x3;
10189 uint32_t c = op & 0x8;
10191 tmp2 = load_reg(s, rm);
10193 tcg_gen_andi_i32(tmp2, tmp2, 0xff);
10194 } else if (sz == 1) {
10195 tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
10197 tmp3 = tcg_const_i32(1 << sz);
10199 gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
10201 gen_helper_crc32(tmp, tmp, tmp2, tmp3);
10203 tcg_temp_free_i32(tmp2);
10204 tcg_temp_free_i32(tmp3);
10208 g_assert_not_reached();
10211 store_reg(s, rd, tmp);
10213 case 4: case 5: /* 32-bit multiply. Sum of absolute differences. */
10214 switch ((insn >> 20) & 7) {
10215 case 0: /* 32 x 32 -> 32 */
10216 case 1: /* 16 x 16 -> 32 */
10217 case 3: /* 32 * 16 -> 32msb */
10218 /* in decodetree */
10220 case 7: /* Unsigned sum of absolute differences. */
10222 case 2: /* Dual multiply add. */
10223 case 4: /* Dual multiply subtract. */
10224 case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10225 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10230 op = (insn >> 4) & 0xf;
10231 tmp = load_reg(s, rn);
10232 tmp2 = load_reg(s, rm);
10233 switch ((insn >> 20) & 7) {
10234 case 2: /* Dual multiply add. */
10235 case 4: /* Dual multiply subtract. */
10237 gen_swap_half(tmp2);
10238 gen_smul_dual(tmp, tmp2);
10239 if (insn & (1 << 22)) {
10240 /* This subtraction cannot overflow. */
10241 tcg_gen_sub_i32(tmp, tmp, tmp2);
10243 /* This addition cannot overflow 32 bits;
10244 * however it may overflow considered as a signed
10245 * operation, in which case we must set the Q flag.
10247 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10249 tcg_temp_free_i32(tmp2);
10252 tmp2 = load_reg(s, rs);
10253 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10254 tcg_temp_free_i32(tmp2);
10257 case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10258 tcg_gen_muls2_i32(tmp2, tmp, tmp, tmp2);
10260 tmp3 = load_reg(s, rs);
10261 if (insn & (1 << 20)) {
10262 tcg_gen_add_i32(tmp, tmp, tmp3);
10265 * For SMMLS, we need a 64-bit subtract.
10266 * Borrow caused by a non-zero multiplicand lowpart,
10267 * and the correct result lowpart for rounding.
10269 TCGv_i32 zero = tcg_const_i32(0);
10270 tcg_gen_sub2_i32(tmp2, tmp, zero, tmp3, tmp2, tmp);
10271 tcg_temp_free_i32(zero);
10273 tcg_temp_free_i32(tmp3);
10275 if (insn & (1 << 4)) {
10277 * Adding 0x80000000 to the 64-bit quantity
10278 * means that we have carry in to the high
10279 * word when the low word has the high bit set.
10281 tcg_gen_shri_i32(tmp2, tmp2, 31);
10282 tcg_gen_add_i32(tmp, tmp, tmp2);
10284 tcg_temp_free_i32(tmp2);
10286 case 7: /* Unsigned sum of absolute differences. */
10287 gen_helper_usad8(tmp, tmp, tmp2);
10288 tcg_temp_free_i32(tmp2);
10290 tmp2 = load_reg(s, rs);
10291 tcg_gen_add_i32(tmp, tmp, tmp2);
10292 tcg_temp_free_i32(tmp2);
10296 store_reg(s, rd, tmp);
10298 case 6: case 7: /* 64-bit multiply, Divide. */
10299 op = ((insn >> 4) & 0xf) | ((insn >> 16) & 0x70);
10300 tmp = load_reg(s, rn);
10301 tmp2 = load_reg(s, rm);
10302 if ((op & 0x50) == 0x10) {
10304 if (!dc_isar_feature(thumb_div, s)) {
10308 gen_helper_udiv(tmp, tmp, tmp2);
10310 gen_helper_sdiv(tmp, tmp, tmp2);
10311 tcg_temp_free_i32(tmp2);
10312 store_reg(s, rd, tmp);
10313 } else if ((op & 0xe) == 0xc) {
10314 /* Dual multiply accumulate long. */
10315 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10316 tcg_temp_free_i32(tmp);
10317 tcg_temp_free_i32(tmp2);
10321 gen_swap_half(tmp2);
10322 gen_smul_dual(tmp, tmp2);
10324 tcg_gen_sub_i32(tmp, tmp, tmp2);
10326 tcg_gen_add_i32(tmp, tmp, tmp2);
10328 tcg_temp_free_i32(tmp2);
10330 tmp64 = tcg_temp_new_i64();
10331 tcg_gen_ext_i32_i64(tmp64, tmp);
10332 tcg_temp_free_i32(tmp);
10333 gen_addq(s, tmp64, rs, rd);
10334 gen_storeq_reg(s, rs, rd, tmp64);
10335 tcg_temp_free_i64(tmp64);
10337 /* Signed/unsigned 64-bit multiply, in decodetree */
10338 tcg_temp_free_i32(tmp2);
10339 tcg_temp_free_i32(tmp);
10345 case 6: case 7: case 14: case 15:
10347 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10348 /* 0b111x_11xx_xxxx_xxxx_xxxx_xxxx_xxxx_xxxx */
10349 if (extract32(insn, 24, 2) == 3) {
10350 goto illegal_op; /* op0 = 0b11 : unallocated */
10354 * Decode VLLDM and VLSTM first: these are nonstandard because:
10355 * * if there is no FPU then these insns must NOP in
10356 * Secure state and UNDEF in Nonsecure state
10357 * * if there is an FPU then these insns do not have
10358 * the usual behaviour that disas_vfp_insn() provides of
10359 * being controlled by CPACR/NSACR enable bits or the
10360 * lazy-stacking logic.
10362 if (arm_dc_feature(s, ARM_FEATURE_V8) &&
10363 (insn & 0xffa00f00) == 0xec200a00) {
10364 /* 0b1110_1100_0x1x_xxxx_xxxx_1010_xxxx_xxxx
10366 * We choose to UNDEF if the RAZ bits are non-zero.
10368 if (!s->v8m_secure || (insn & 0x0040f0ff)) {
10372 if (arm_dc_feature(s, ARM_FEATURE_VFP)) {
10373 TCGv_i32 fptr = load_reg(s, rn);
10375 if (extract32(insn, 20, 1)) {
10376 gen_helper_v7m_vlldm(cpu_env, fptr);
10378 gen_helper_v7m_vlstm(cpu_env, fptr);
10380 tcg_temp_free_i32(fptr);
10382 /* End the TB, because we have updated FP control bits */
10383 s->base.is_jmp = DISAS_UPDATE;
10387 if (arm_dc_feature(s, ARM_FEATURE_VFP) &&
10388 ((insn >> 8) & 0xe) == 10) {
10389 /* FP, and the CPU supports it */
10390 if (disas_vfp_insn(s, insn)) {
10396 /* All other insns: NOCP */
10397 gen_exception_insn(s, s->pc_curr, EXCP_NOCP, syn_uncategorized(),
10398 default_exception_el(s));
10401 if ((insn & 0xfe000a00) == 0xfc000800
10402 && arm_dc_feature(s, ARM_FEATURE_V8)) {
10403 /* The Thumb2 and ARM encodings are identical. */
10404 if (disas_neon_insn_3same_ext(s, insn)) {
10407 } else if ((insn & 0xff000a00) == 0xfe000800
10408 && arm_dc_feature(s, ARM_FEATURE_V8)) {
10409 /* The Thumb2 and ARM encodings are identical. */
10410 if (disas_neon_insn_2reg_scalar_ext(s, insn)) {
10413 } else if (((insn >> 24) & 3) == 3) {
10414 /* Translate into the equivalent ARM encoding. */
10415 insn = (insn & 0xe2ffffff) | ((insn & (1 << 28)) >> 4) | (1 << 28);
10416 if (disas_neon_data_insn(s, insn)) {
10419 } else if (((insn >> 8) & 0xe) == 10) {
10420 if (disas_vfp_insn(s, insn)) {
10424 if (insn & (1 << 28))
10426 if (disas_coproc_insn(s, insn)) {
10431 case 8: case 9: case 10: case 11:
10432 if (insn & (1 << 15)) {
10433 /* Branches, misc control. */
10434 if (insn & 0x5000) {
10435 /* Unconditional branch. */
10436 /* signextend(hw1[10:0]) -> offset[:12]. */
10437 offset = ((int32_t)insn << 5) >> 9 & ~(int32_t)0xfff;
10438 /* hw1[10:0] -> offset[11:1]. */
10439 offset |= (insn & 0x7ff) << 1;
10440 /* (~hw2[13, 11] ^ offset[24]) -> offset[23,22]
10441 offset[24:22] already have the same value because of the
10442 sign extension above. */
10443 offset ^= ((~insn) & (1 << 13)) << 10;
10444 offset ^= ((~insn) & (1 << 11)) << 11;
10446 if (insn & (1 << 14)) {
10447 /* Branch and link. */
10448 tcg_gen_movi_i32(cpu_R[14], s->base.pc_next | 1);
10451 offset += read_pc(s);
10452 if (insn & (1 << 12)) {
10454 gen_jmp(s, offset);
10457 offset &= ~(uint32_t)2;
10458 /* thumb2 bx, no need to check */
10459 gen_bx_im(s, offset);
10461 } else if (((insn >> 23) & 7) == 7) {
10463 if (insn & (1 << 13))
10466 if (insn & (1 << 26)) {
10467 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10470 if (!(insn & (1 << 20))) {
10471 /* Hypervisor call (v7) */
10472 int imm16 = extract32(insn, 16, 4) << 12
10473 | extract32(insn, 0, 12);
10480 /* Secure monitor call (v6+) */
10488 op = (insn >> 20) & 7;
10490 case 0: /* msr cpsr. */
10491 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10492 tmp = load_reg(s, rn);
10493 /* the constant is the mask and SYSm fields */
10494 addr = tcg_const_i32(insn & 0xfff);
10495 gen_helper_v7m_msr(cpu_env, addr, tmp);
10496 tcg_temp_free_i32(addr);
10497 tcg_temp_free_i32(tmp);
10502 case 1: /* msr spsr. */
10503 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10507 if (extract32(insn, 5, 1)) {
10509 int sysm = extract32(insn, 8, 4) |
10510 (extract32(insn, 4, 1) << 4);
10513 gen_msr_banked(s, r, sysm, rm);
10517 /* MSR (for PSRs) */
10518 tmp = load_reg(s, rn);
10520 msr_mask(s, (insn >> 8) & 0xf, op == 1),
10524 case 2: /* cps, nop-hint. */
10525 if (((insn >> 8) & 7) == 0) {
10526 gen_nop_hint(s, insn & 0xff);
10528 /* Implemented as NOP in user mode. */
10533 if (insn & (1 << 10)) {
10534 if (insn & (1 << 7))
10536 if (insn & (1 << 6))
10538 if (insn & (1 << 5))
10540 if (insn & (1 << 9))
10541 imm = CPSR_A | CPSR_I | CPSR_F;
10543 if (insn & (1 << 8)) {
10545 imm |= (insn & 0x1f);
10548 gen_set_psr_im(s, offset, 0, imm);
10551 case 3: /* Special control operations. */
10552 if (!arm_dc_feature(s, ARM_FEATURE_V7) &&
10553 !arm_dc_feature(s, ARM_FEATURE_M)) {
10556 op = (insn >> 4) & 0xf;
10558 case 2: /* clrex */
10563 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
10566 /* We need to break the TB after this insn
10567 * to execute self-modifying code correctly
10568 * and also to take any pending interrupts
10571 gen_goto_tb(s, 0, s->base.pc_next);
10574 if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
10578 * TODO: There is no speculation barrier opcode
10579 * for TCG; MB and end the TB instead.
10581 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
10582 gen_goto_tb(s, 0, s->base.pc_next);
10589 /* Trivial implementation equivalent to bx.
10590 * This instruction doesn't exist at all for M-profile.
10592 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10595 tmp = load_reg(s, rn);
10598 case 5: /* Exception return. */
10602 if (rn != 14 || rd != 15) {
10605 if (s->current_el == 2) {
10606 /* ERET from Hyp uses ELR_Hyp, not LR */
10610 tmp = load_cpu_field(elr_el[2]);
10612 tmp = load_reg(s, rn);
10613 tcg_gen_subi_i32(tmp, tmp, insn & 0xff);
10615 gen_exception_return(s, tmp);
10618 if (extract32(insn, 5, 1) &&
10619 !arm_dc_feature(s, ARM_FEATURE_M)) {
10621 int sysm = extract32(insn, 16, 4) |
10622 (extract32(insn, 4, 1) << 4);
10624 gen_mrs_banked(s, 0, sysm, rd);
10628 if (extract32(insn, 16, 4) != 0xf) {
10631 if (!arm_dc_feature(s, ARM_FEATURE_M) &&
10632 extract32(insn, 0, 8) != 0) {
10637 tmp = tcg_temp_new_i32();
10638 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10639 addr = tcg_const_i32(insn & 0xff);
10640 gen_helper_v7m_mrs(tmp, cpu_env, addr);
10641 tcg_temp_free_i32(addr);
10643 gen_helper_cpsr_read(tmp, cpu_env);
10645 store_reg(s, rd, tmp);
10648 if (extract32(insn, 5, 1) &&
10649 !arm_dc_feature(s, ARM_FEATURE_M)) {
10651 int sysm = extract32(insn, 16, 4) |
10652 (extract32(insn, 4, 1) << 4);
10654 gen_mrs_banked(s, 1, sysm, rd);
10659 /* Not accessible in user mode. */
10660 if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
10664 if (extract32(insn, 16, 4) != 0xf ||
10665 extract32(insn, 0, 8) != 0) {
10669 tmp = load_cpu_field(spsr);
10670 store_reg(s, rd, tmp);
10675 /* Conditional branch. */
10676 op = (insn >> 22) & 0xf;
10677 /* Generate a conditional jump to next instruction. */
10678 arm_skip_unless(s, op);
10680 /* offset[11:1] = insn[10:0] */
10681 offset = (insn & 0x7ff) << 1;
10682 /* offset[17:12] = insn[21:16]. */
10683 offset |= (insn & 0x003f0000) >> 4;
10684 /* offset[31:20] = insn[26]. */
10685 offset |= ((int32_t)((insn << 5) & 0x80000000)) >> 11;
10686 /* offset[18] = insn[13]. */
10687 offset |= (insn & (1 << 13)) << 5;
10688 /* offset[19] = insn[11]. */
10689 offset |= (insn & (1 << 11)) << 8;
10691 /* jump to the offset */
10692 gen_jmp(s, read_pc(s) + offset);
10696 * 0b1111_0xxx_xxxx_0xxx_xxxx_xxxx
10697 * - Data-processing (modified immediate, plain binary immediate)
10699 if (insn & (1 << 25)) {
10701 * 0b1111_0x1x_xxxx_0xxx_xxxx_xxxx
10702 * - Data-processing (plain binary immediate)
10704 if (insn & (1 << 24)) {
10705 if (insn & (1 << 20))
10707 /* Bitfield/Saturate. */
10708 op = (insn >> 21) & 7;
10710 shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
10712 tmp = tcg_temp_new_i32();
10713 tcg_gen_movi_i32(tmp, 0);
10715 tmp = load_reg(s, rn);
10718 case 2: /* Signed bitfield extract. */
10720 if (shift + imm > 32)
10723 tcg_gen_sextract_i32(tmp, tmp, shift, imm);
10726 case 6: /* Unsigned bitfield extract. */
10728 if (shift + imm > 32)
10731 tcg_gen_extract_i32(tmp, tmp, shift, imm);
10734 case 3: /* Bitfield insert/clear. */
10737 imm = imm + 1 - shift;
10739 tmp2 = load_reg(s, rd);
10740 tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, imm);
10741 tcg_temp_free_i32(tmp2);
10746 default: /* Saturate. */
10748 tcg_gen_sari_i32(tmp, tmp, shift);
10750 tcg_gen_shli_i32(tmp, tmp, shift);
10752 tmp2 = tcg_const_i32(imm);
10755 if ((op & 1) && shift == 0) {
10756 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10757 tcg_temp_free_i32(tmp);
10758 tcg_temp_free_i32(tmp2);
10761 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
10763 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
10767 if ((op & 1) && shift == 0) {
10768 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10769 tcg_temp_free_i32(tmp);
10770 tcg_temp_free_i32(tmp2);
10773 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
10775 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
10778 tcg_temp_free_i32(tmp2);
10781 store_reg(s, rd, tmp);
10783 imm = ((insn & 0x04000000) >> 15)
10784 | ((insn & 0x7000) >> 4) | (insn & 0xff);
10785 if (insn & (1 << 22)) {
10786 /* 16-bit immediate. */
10787 imm |= (insn >> 4) & 0xf000;
10788 if (insn & (1 << 23)) {
10790 tmp = load_reg(s, rd);
10791 tcg_gen_ext16u_i32(tmp, tmp);
10792 tcg_gen_ori_i32(tmp, tmp, imm << 16);
10795 tmp = tcg_temp_new_i32();
10796 tcg_gen_movi_i32(tmp, imm);
10798 store_reg(s, rd, tmp);
10800 /* Add/sub 12-bit immediate. */
10801 if (insn & (1 << 23)) {
10804 tmp = add_reg_for_lit(s, rn, imm);
10805 if (rn == 13 && rd == 13) {
10806 /* ADD SP, SP, imm or SUB SP, SP, imm */
10807 store_sp_checked(s, tmp);
10809 store_reg(s, rd, tmp);
10814 /* Data-processing (modified immediate) */
10815 /* All done in decodetree. Reach here for illegal ops. */
10820 case 12: /* Load/store single data item. */
10827 if ((insn & 0x01100000) == 0x01000000) {
10828 if (disas_neon_ls_insn(s, insn)) {
10833 op = ((insn >> 21) & 3) | ((insn >> 22) & 4);
10835 if (!(insn & (1 << 20))) {
10839 /* Byte or halfword load space with dest == r15 : memory hints.
10840 * Catch them early so we don't emit pointless addressing code.
10841 * This space is a mix of:
10842 * PLD/PLDW/PLI, which we implement as NOPs (note that unlike
10843 * the ARM encodings, PLDW space doesn't UNDEF for non-v7MP
10845 * unallocated hints, which must be treated as NOPs
10846 * UNPREDICTABLE space, which we NOP or UNDEF depending on
10847 * which is easiest for the decoding logic
10848 * Some space which must UNDEF
10850 int op1 = (insn >> 23) & 3;
10851 int op2 = (insn >> 6) & 0x3f;
10856 /* UNPREDICTABLE, unallocated hint or
10857 * PLD/PLDW/PLI (literal)
10862 return; /* PLD/PLDW/PLI or unallocated hint */
10864 if ((op2 == 0) || ((op2 & 0x3c) == 0x30)) {
10865 return; /* PLD/PLDW/PLI or unallocated hint */
10867 /* UNDEF space, or an UNPREDICTABLE */
10871 memidx = get_mem_index(s);
10872 imm = insn & 0xfff;
10873 if (insn & (1 << 23)) {
10874 /* PC relative or Positive offset. */
10875 addr = add_reg_for_lit(s, rn, imm);
10876 } else if (rn == 15) {
10877 /* PC relative with negative offset. */
10878 addr = add_reg_for_lit(s, rn, -imm);
10880 addr = load_reg(s, rn);
10882 switch ((insn >> 8) & 0xf) {
10883 case 0x0: /* Shifted Register. */
10884 shift = (insn >> 4) & 0xf;
10886 tcg_temp_free_i32(addr);
10889 tmp = load_reg(s, rm);
10890 tcg_gen_shli_i32(tmp, tmp, shift);
10891 tcg_gen_add_i32(addr, addr, tmp);
10892 tcg_temp_free_i32(tmp);
10894 case 0xc: /* Negative offset. */
10895 tcg_gen_addi_i32(addr, addr, -imm);
10897 case 0xe: /* User privilege. */
10898 tcg_gen_addi_i32(addr, addr, imm);
10899 memidx = get_a32_user_mem_index(s);
10901 case 0x9: /* Post-decrement. */
10903 /* Fall through. */
10904 case 0xb: /* Post-increment. */
10908 case 0xd: /* Pre-decrement. */
10910 /* Fall through. */
10911 case 0xf: /* Pre-increment. */
10915 tcg_temp_free_i32(addr);
10920 issinfo = writeback ? ISSInvalid : rs;
10922 if (s->v8m_stackcheck && rn == 13 && writeback) {
10924 * Stackcheck. Here we know 'addr' is the current SP;
10925 * if imm is +ve we're moving SP up, else down. It is
10926 * UNKNOWN whether the limit check triggers when SP starts
10927 * below the limit and ends up above it; we chose to do so.
10929 if ((int32_t)imm < 0) {
10930 TCGv_i32 newsp = tcg_temp_new_i32();
10932 tcg_gen_addi_i32(newsp, addr, imm);
10933 gen_helper_v8m_stackcheck(cpu_env, newsp);
10934 tcg_temp_free_i32(newsp);
10936 gen_helper_v8m_stackcheck(cpu_env, addr);
10940 if (writeback && !postinc) {
10941 tcg_gen_addi_i32(addr, addr, imm);
10944 if (insn & (1 << 20)) {
10946 tmp = tcg_temp_new_i32();
10949 gen_aa32_ld8u_iss(s, tmp, addr, memidx, issinfo);
10952 gen_aa32_ld8s_iss(s, tmp, addr, memidx, issinfo);
10955 gen_aa32_ld16u_iss(s, tmp, addr, memidx, issinfo);
10958 gen_aa32_ld16s_iss(s, tmp, addr, memidx, issinfo);
10961 gen_aa32_ld32u_iss(s, tmp, addr, memidx, issinfo);
10964 tcg_temp_free_i32(tmp);
10965 tcg_temp_free_i32(addr);
10968 store_reg_from_load(s, rs, tmp);
10971 tmp = load_reg(s, rs);
10974 gen_aa32_st8_iss(s, tmp, addr, memidx, issinfo);
10977 gen_aa32_st16_iss(s, tmp, addr, memidx, issinfo);
10980 gen_aa32_st32_iss(s, tmp, addr, memidx, issinfo);
10983 tcg_temp_free_i32(tmp);
10984 tcg_temp_free_i32(addr);
10987 tcg_temp_free_i32(tmp);
10990 tcg_gen_addi_i32(addr, addr, imm);
10992 store_reg(s, rn, addr);
10994 tcg_temp_free_i32(addr);
11003 unallocated_encoding(s);
11006 static void disas_thumb_insn(DisasContext *s, uint32_t insn)
11008 uint32_t val, op, rm, rn, rd, shift, cond;
11015 switch (insn >> 12) {
11019 op = (insn >> 11) & 3;
11022 * 0b0001_1xxx_xxxx_xxxx
11023 * - Add, subtract (three low registers)
11024 * - Add, subtract (two low registers and immediate)
11026 rn = (insn >> 3) & 7;
11027 tmp = load_reg(s, rn);
11028 if (insn & (1 << 10)) {
11030 tmp2 = tcg_temp_new_i32();
11031 tcg_gen_movi_i32(tmp2, (insn >> 6) & 7);
11034 rm = (insn >> 6) & 7;
11035 tmp2 = load_reg(s, rm);
11037 if (insn & (1 << 9)) {
11038 if (s->condexec_mask)
11039 tcg_gen_sub_i32(tmp, tmp, tmp2);
11041 gen_sub_CC(tmp, tmp, tmp2);
11043 if (s->condexec_mask)
11044 tcg_gen_add_i32(tmp, tmp, tmp2);
11046 gen_add_CC(tmp, tmp, tmp2);
11048 tcg_temp_free_i32(tmp2);
11049 store_reg(s, rd, tmp);
11051 /* shift immediate */
11052 rm = (insn >> 3) & 7;
11053 shift = (insn >> 6) & 0x1f;
11054 tmp = load_reg(s, rm);
11055 gen_arm_shift_im(tmp, op, shift, s->condexec_mask == 0);
11056 if (!s->condexec_mask)
11058 store_reg(s, rd, tmp);
11063 * 0b001x_xxxx_xxxx_xxxx
11064 * - Add, subtract, compare, move (one low register and immediate)
11066 op = (insn >> 11) & 3;
11067 rd = (insn >> 8) & 0x7;
11068 if (op == 0) { /* mov */
11069 tmp = tcg_temp_new_i32();
11070 tcg_gen_movi_i32(tmp, insn & 0xff);
11071 if (!s->condexec_mask)
11073 store_reg(s, rd, tmp);
11075 tmp = load_reg(s, rd);
11076 tmp2 = tcg_temp_new_i32();
11077 tcg_gen_movi_i32(tmp2, insn & 0xff);
11080 gen_sub_CC(tmp, tmp, tmp2);
11081 tcg_temp_free_i32(tmp);
11082 tcg_temp_free_i32(tmp2);
11085 if (s->condexec_mask)
11086 tcg_gen_add_i32(tmp, tmp, tmp2);
11088 gen_add_CC(tmp, tmp, tmp2);
11089 tcg_temp_free_i32(tmp2);
11090 store_reg(s, rd, tmp);
11093 if (s->condexec_mask)
11094 tcg_gen_sub_i32(tmp, tmp, tmp2);
11096 gen_sub_CC(tmp, tmp, tmp2);
11097 tcg_temp_free_i32(tmp2);
11098 store_reg(s, rd, tmp);
11104 if (insn & (1 << 11)) {
11105 rd = (insn >> 8) & 7;
11106 /* load pc-relative. Bit 1 of PC is ignored. */
11107 addr = add_reg_for_lit(s, 15, (insn & 0xff) * 4);
11108 tmp = tcg_temp_new_i32();
11109 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
11111 tcg_temp_free_i32(addr);
11112 store_reg(s, rd, tmp);
11115 if (insn & (1 << 10)) {
11116 /* 0b0100_01xx_xxxx_xxxx
11117 * - data processing extended, branch and exchange
11119 rd = (insn & 7) | ((insn >> 4) & 8);
11120 rm = (insn >> 3) & 0xf;
11121 op = (insn >> 8) & 3;
11124 tmp = load_reg(s, rd);
11125 tmp2 = load_reg(s, rm);
11126 tcg_gen_add_i32(tmp, tmp, tmp2);
11127 tcg_temp_free_i32(tmp2);
11129 /* ADD SP, SP, reg */
11130 store_sp_checked(s, tmp);
11132 store_reg(s, rd, tmp);
11136 tmp = load_reg(s, rd);
11137 tmp2 = load_reg(s, rm);
11138 gen_sub_CC(tmp, tmp, tmp2);
11139 tcg_temp_free_i32(tmp2);
11140 tcg_temp_free_i32(tmp);
11142 case 2: /* mov/cpy */
11143 tmp = load_reg(s, rm);
11146 store_sp_checked(s, tmp);
11148 store_reg(s, rd, tmp);
11153 /* 0b0100_0111_xxxx_xxxx
11154 * - branch [and link] exchange thumb register
11156 bool link = insn & (1 << 7);
11165 /* BXNS/BLXNS: only exists for v8M with the
11166 * security extensions, and always UNDEF if NonSecure.
11167 * We don't implement these in the user-only mode
11168 * either (in theory you can use them from Secure User
11169 * mode but they are too tied in to system emulation.)
11171 if (!s->v8m_secure || IS_USER_ONLY) {
11182 tmp = load_reg(s, rm);
11184 val = (uint32_t)s->base.pc_next | 1;
11185 tmp2 = tcg_temp_new_i32();
11186 tcg_gen_movi_i32(tmp2, val);
11187 store_reg(s, 14, tmp2);
11190 /* Only BX works as exception-return, not BLX */
11191 gen_bx_excret(s, tmp);
11200 * 0b0100_00xx_xxxx_xxxx
11201 * - Data-processing (two low registers)
11204 rm = (insn >> 3) & 7;
11205 op = (insn >> 6) & 0xf;
11206 if (op == 2 || op == 3 || op == 4 || op == 7) {
11207 /* the shift/rotate ops want the operands backwards */
11216 if (op == 9) { /* neg */
11217 tmp = tcg_temp_new_i32();
11218 tcg_gen_movi_i32(tmp, 0);
11219 } else if (op != 0xf) { /* mvn doesn't read its first operand */
11220 tmp = load_reg(s, rd);
11225 tmp2 = load_reg(s, rm);
11227 case 0x0: /* and */
11228 tcg_gen_and_i32(tmp, tmp, tmp2);
11229 if (!s->condexec_mask)
11232 case 0x1: /* eor */
11233 tcg_gen_xor_i32(tmp, tmp, tmp2);
11234 if (!s->condexec_mask)
11237 case 0x2: /* lsl */
11238 if (s->condexec_mask) {
11239 gen_shl(tmp2, tmp2, tmp);
11241 gen_helper_shl_cc(tmp2, cpu_env, tmp2, tmp);
11242 gen_logic_CC(tmp2);
11245 case 0x3: /* lsr */
11246 if (s->condexec_mask) {
11247 gen_shr(tmp2, tmp2, tmp);
11249 gen_helper_shr_cc(tmp2, cpu_env, tmp2, tmp);
11250 gen_logic_CC(tmp2);
11253 case 0x4: /* asr */
11254 if (s->condexec_mask) {
11255 gen_sar(tmp2, tmp2, tmp);
11257 gen_helper_sar_cc(tmp2, cpu_env, tmp2, tmp);
11258 gen_logic_CC(tmp2);
11261 case 0x5: /* adc */
11262 if (s->condexec_mask) {
11263 gen_adc(tmp, tmp2);
11265 gen_adc_CC(tmp, tmp, tmp2);
11268 case 0x6: /* sbc */
11269 if (s->condexec_mask) {
11270 gen_sub_carry(tmp, tmp, tmp2);
11272 gen_sbc_CC(tmp, tmp, tmp2);
11275 case 0x7: /* ror */
11276 if (s->condexec_mask) {
11277 tcg_gen_andi_i32(tmp, tmp, 0x1f);
11278 tcg_gen_rotr_i32(tmp2, tmp2, tmp);
11280 gen_helper_ror_cc(tmp2, cpu_env, tmp2, tmp);
11281 gen_logic_CC(tmp2);
11284 case 0x8: /* tst */
11285 tcg_gen_and_i32(tmp, tmp, tmp2);
11289 case 0x9: /* neg */
11290 if (s->condexec_mask)
11291 tcg_gen_neg_i32(tmp, tmp2);
11293 gen_sub_CC(tmp, tmp, tmp2);
11295 case 0xa: /* cmp */
11296 gen_sub_CC(tmp, tmp, tmp2);
11299 case 0xb: /* cmn */
11300 gen_add_CC(tmp, tmp, tmp2);
11303 case 0xc: /* orr */
11304 tcg_gen_or_i32(tmp, tmp, tmp2);
11305 if (!s->condexec_mask)
11308 case 0xd: /* mul */
11309 tcg_gen_mul_i32(tmp, tmp, tmp2);
11310 if (!s->condexec_mask)
11313 case 0xe: /* bic */
11314 tcg_gen_andc_i32(tmp, tmp, tmp2);
11315 if (!s->condexec_mask)
11318 case 0xf: /* mvn */
11319 tcg_gen_not_i32(tmp2, tmp2);
11320 if (!s->condexec_mask)
11321 gen_logic_CC(tmp2);
11328 store_reg(s, rm, tmp2);
11330 tcg_temp_free_i32(tmp);
11332 store_reg(s, rd, tmp);
11333 tcg_temp_free_i32(tmp2);
11336 tcg_temp_free_i32(tmp);
11337 tcg_temp_free_i32(tmp2);
11342 /* load/store register offset. */
11344 rn = (insn >> 3) & 7;
11345 rm = (insn >> 6) & 7;
11346 op = (insn >> 9) & 7;
11347 addr = load_reg(s, rn);
11348 tmp = load_reg(s, rm);
11349 tcg_gen_add_i32(addr, addr, tmp);
11350 tcg_temp_free_i32(tmp);
11352 if (op < 3) { /* store */
11353 tmp = load_reg(s, rd);
11355 tmp = tcg_temp_new_i32();
11360 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11363 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11366 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11368 case 3: /* ldrsb */
11369 gen_aa32_ld8s_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11372 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11375 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11378 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11380 case 7: /* ldrsh */
11381 gen_aa32_ld16s_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11384 if (op >= 3) { /* load */
11385 store_reg(s, rd, tmp);
11387 tcg_temp_free_i32(tmp);
11389 tcg_temp_free_i32(addr);
11393 /* load/store word immediate offset */
11395 rn = (insn >> 3) & 7;
11396 addr = load_reg(s, rn);
11397 val = (insn >> 4) & 0x7c;
11398 tcg_gen_addi_i32(addr, addr, val);
11400 if (insn & (1 << 11)) {
11402 tmp = tcg_temp_new_i32();
11403 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11404 store_reg(s, rd, tmp);
11407 tmp = load_reg(s, rd);
11408 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11409 tcg_temp_free_i32(tmp);
11411 tcg_temp_free_i32(addr);
11415 /* load/store byte immediate offset */
11417 rn = (insn >> 3) & 7;
11418 addr = load_reg(s, rn);
11419 val = (insn >> 6) & 0x1f;
11420 tcg_gen_addi_i32(addr, addr, val);
11422 if (insn & (1 << 11)) {
11424 tmp = tcg_temp_new_i32();
11425 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11426 store_reg(s, rd, tmp);
11429 tmp = load_reg(s, rd);
11430 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11431 tcg_temp_free_i32(tmp);
11433 tcg_temp_free_i32(addr);
11437 /* load/store halfword immediate offset */
11439 rn = (insn >> 3) & 7;
11440 addr = load_reg(s, rn);
11441 val = (insn >> 5) & 0x3e;
11442 tcg_gen_addi_i32(addr, addr, val);
11444 if (insn & (1 << 11)) {
11446 tmp = tcg_temp_new_i32();
11447 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11448 store_reg(s, rd, tmp);
11451 tmp = load_reg(s, rd);
11452 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11453 tcg_temp_free_i32(tmp);
11455 tcg_temp_free_i32(addr);
11459 /* load/store from stack */
11460 rd = (insn >> 8) & 7;
11461 addr = load_reg(s, 13);
11462 val = (insn & 0xff) * 4;
11463 tcg_gen_addi_i32(addr, addr, val);
11465 if (insn & (1 << 11)) {
11467 tmp = tcg_temp_new_i32();
11468 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11469 store_reg(s, rd, tmp);
11472 tmp = load_reg(s, rd);
11473 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11474 tcg_temp_free_i32(tmp);
11476 tcg_temp_free_i32(addr);
11481 * 0b1010_xxxx_xxxx_xxxx
11482 * - Add PC/SP (immediate)
11484 rd = (insn >> 8) & 7;
11485 val = (insn & 0xff) * 4;
11486 tmp = add_reg_for_lit(s, insn & (1 << 11) ? 13 : 15, val);
11487 store_reg(s, rd, tmp);
11492 op = (insn >> 8) & 0xf;
11496 * 0b1011_0000_xxxx_xxxx
11497 * - ADD (SP plus immediate)
11498 * - SUB (SP minus immediate)
11500 tmp = load_reg(s, 13);
11501 val = (insn & 0x7f) * 4;
11502 if (insn & (1 << 7))
11503 val = -(int32_t)val;
11504 tcg_gen_addi_i32(tmp, tmp, val);
11505 store_sp_checked(s, tmp);
11508 case 2: /* sign/zero extend. */
11511 rm = (insn >> 3) & 7;
11512 tmp = load_reg(s, rm);
11513 switch ((insn >> 6) & 3) {
11514 case 0: gen_sxth(tmp); break;
11515 case 1: gen_sxtb(tmp); break;
11516 case 2: gen_uxth(tmp); break;
11517 case 3: gen_uxtb(tmp); break;
11519 store_reg(s, rd, tmp);
11521 case 4: case 5: case 0xc: case 0xd:
11523 * 0b1011_x10x_xxxx_xxxx
11526 addr = load_reg(s, 13);
11527 if (insn & (1 << 8))
11531 for (i = 0; i < 8; i++) {
11532 if (insn & (1 << i))
11535 if ((insn & (1 << 11)) == 0) {
11536 tcg_gen_addi_i32(addr, addr, -offset);
11539 if (s->v8m_stackcheck) {
11541 * Here 'addr' is the lower of "old SP" and "new SP";
11542 * if this is a pop that starts below the limit and ends
11543 * above it, it is UNKNOWN whether the limit check triggers;
11544 * we choose to trigger.
11546 gen_helper_v8m_stackcheck(cpu_env, addr);
11549 for (i = 0; i < 8; i++) {
11550 if (insn & (1 << i)) {
11551 if (insn & (1 << 11)) {
11553 tmp = tcg_temp_new_i32();
11554 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11555 store_reg(s, i, tmp);
11558 tmp = load_reg(s, i);
11559 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11560 tcg_temp_free_i32(tmp);
11562 /* advance to the next address. */
11563 tcg_gen_addi_i32(addr, addr, 4);
11567 if (insn & (1 << 8)) {
11568 if (insn & (1 << 11)) {
11570 tmp = tcg_temp_new_i32();
11571 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11572 /* don't set the pc until the rest of the instruction
11576 tmp = load_reg(s, 14);
11577 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11578 tcg_temp_free_i32(tmp);
11580 tcg_gen_addi_i32(addr, addr, 4);
11582 if ((insn & (1 << 11)) == 0) {
11583 tcg_gen_addi_i32(addr, addr, -offset);
11585 /* write back the new stack pointer */
11586 store_reg(s, 13, addr);
11587 /* set the new PC value */
11588 if ((insn & 0x0900) == 0x0900) {
11589 store_reg_from_load(s, 15, tmp);
11593 case 1: case 3: case 9: case 11: /* czb */
11595 tmp = load_reg(s, rm);
11596 arm_gen_condlabel(s);
11597 if (insn & (1 << 11))
11598 tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, s->condlabel);
11600 tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, s->condlabel);
11601 tcg_temp_free_i32(tmp);
11602 offset = ((insn & 0xf8) >> 2) | (insn & 0x200) >> 3;
11603 gen_jmp(s, read_pc(s) + offset);
11606 case 15: /* IT, nop-hint. */
11607 if ((insn & 0xf) == 0) {
11608 gen_nop_hint(s, (insn >> 4) & 0xf);
11614 * Combinations of firstcond and mask which set up an 0b1111
11615 * condition are UNPREDICTABLE; we take the CONSTRAINED
11616 * UNPREDICTABLE choice to treat 0b1111 the same as 0b1110,
11617 * i.e. both meaning "execute always".
11619 s->condexec_cond = (insn >> 4) & 0xe;
11620 s->condexec_mask = insn & 0x1f;
11621 /* No actual code generated for this insn, just setup state. */
11624 case 0xe: /* bkpt */
11626 int imm8 = extract32(insn, 0, 8);
11628 gen_exception_bkpt_insn(s, syn_aa32_bkpt(imm8, true));
11632 case 0xa: /* rev, and hlt */
11634 int op1 = extract32(insn, 6, 2);
11638 int imm6 = extract32(insn, 0, 6);
11644 /* Otherwise this is rev */
11646 rn = (insn >> 3) & 0x7;
11648 tmp = load_reg(s, rn);
11650 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
11651 case 1: gen_rev16(tmp); break;
11652 case 3: gen_revsh(tmp); break;
11654 g_assert_not_reached();
11656 store_reg(s, rd, tmp);
11661 switch ((insn >> 5) & 7) {
11665 if (((insn >> 3) & 1) != !!(s->be_data == MO_BE)) {
11666 gen_helper_setend(cpu_env);
11667 s->base.is_jmp = DISAS_UPDATE;
11676 if (arm_dc_feature(s, ARM_FEATURE_M)) {
11677 tmp = tcg_const_i32((insn & (1 << 4)) != 0);
11680 addr = tcg_const_i32(19);
11681 gen_helper_v7m_msr(cpu_env, addr, tmp);
11682 tcg_temp_free_i32(addr);
11686 addr = tcg_const_i32(16);
11687 gen_helper_v7m_msr(cpu_env, addr, tmp);
11688 tcg_temp_free_i32(addr);
11690 tcg_temp_free_i32(tmp);
11693 if (insn & (1 << 4)) {
11694 shift = CPSR_A | CPSR_I | CPSR_F;
11698 gen_set_psr_im(s, ((insn & 7) << 6), 0, shift);
11713 /* load/store multiple */
11714 TCGv_i32 loaded_var = NULL;
11715 rn = (insn >> 8) & 0x7;
11716 addr = load_reg(s, rn);
11717 for (i = 0; i < 8; i++) {
11718 if (insn & (1 << i)) {
11719 if (insn & (1 << 11)) {
11721 tmp = tcg_temp_new_i32();
11722 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11726 store_reg(s, i, tmp);
11730 tmp = load_reg(s, i);
11731 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11732 tcg_temp_free_i32(tmp);
11734 /* advance to the next address */
11735 tcg_gen_addi_i32(addr, addr, 4);
11738 if ((insn & (1 << rn)) == 0) {
11739 /* base reg not in list: base register writeback */
11740 store_reg(s, rn, addr);
11742 /* base reg in list: if load, complete it now */
11743 if (insn & (1 << 11)) {
11744 store_reg(s, rn, loaded_var);
11746 tcg_temp_free_i32(addr);
11751 /* conditional branch or swi */
11752 cond = (insn >> 8) & 0xf;
11758 gen_set_pc_im(s, s->base.pc_next);
11759 s->svc_imm = extract32(insn, 0, 8);
11760 s->base.is_jmp = DISAS_SWI;
11763 /* generate a conditional jump to next instruction */
11764 arm_skip_unless(s, cond);
11766 /* jump to the offset */
11768 offset = ((int32_t)insn << 24) >> 24;
11769 val += offset << 1;
11774 if (insn & (1 << 11)) {
11775 /* thumb_insn_is_16bit() ensures we can't get here for
11776 * a Thumb2 CPU, so this must be a thumb1 split BL/BLX:
11777 * 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF)
11779 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2));
11781 offset = ((insn & 0x7ff) << 1);
11782 tmp = load_reg(s, 14);
11783 tcg_gen_addi_i32(tmp, tmp, offset);
11784 tcg_gen_andi_i32(tmp, tmp, 0xfffffffc);
11786 tmp2 = tcg_temp_new_i32();
11787 tcg_gen_movi_i32(tmp2, s->base.pc_next | 1);
11788 store_reg(s, 14, tmp2);
11792 /* unconditional branch */
11794 offset = ((int32_t)insn << 21) >> 21;
11795 val += offset << 1;
11800 /* thumb_insn_is_16bit() ensures we can't get here for
11801 * a Thumb2 CPU, so this must be a thumb1 split BL/BLX.
11803 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2));
11805 if (insn & (1 << 11)) {
11806 /* 0b1111_1xxx_xxxx_xxxx : BL suffix */
11807 offset = ((insn & 0x7ff) << 1) | 1;
11808 tmp = load_reg(s, 14);
11809 tcg_gen_addi_i32(tmp, tmp, offset);
11811 tmp2 = tcg_temp_new_i32();
11812 tcg_gen_movi_i32(tmp2, s->base.pc_next | 1);
11813 store_reg(s, 14, tmp2);
11816 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix */
11817 uint32_t uoffset = ((int32_t)insn << 21) >> 9;
11819 tcg_gen_movi_i32(cpu_R[14], read_pc(s) + uoffset);
11826 unallocated_encoding(s);
11829 static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
11831 /* Return true if the insn at dc->base.pc_next might cross a page boundary.
11832 * (False positives are OK, false negatives are not.)
11833 * We know this is a Thumb insn, and our caller ensures we are
11834 * only called if dc->base.pc_next is less than 4 bytes from the page
11835 * boundary, so we cross the page if the first 16 bits indicate
11836 * that this is a 32 bit insn.
11838 uint16_t insn = arm_lduw_code(env, s->base.pc_next, s->sctlr_b);
11840 return !thumb_insn_is_16bit(s, s->base.pc_next, insn);
11843 static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
11845 DisasContext *dc = container_of(dcbase, DisasContext, base);
11846 CPUARMState *env = cs->env_ptr;
11847 ARMCPU *cpu = env_archcpu(env);
11848 uint32_t tb_flags = dc->base.tb->flags;
11849 uint32_t condexec, core_mmu_idx;
11851 dc->isar = &cpu->isar;
11855 /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
11856 * there is no secure EL1, so we route exceptions to EL3.
11858 dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
11859 !arm_el_is_aa64(env, 3);
11860 dc->thumb = FIELD_EX32(tb_flags, TBFLAG_A32, THUMB);
11861 dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR_B);
11862 dc->be_data = FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
11863 condexec = FIELD_EX32(tb_flags, TBFLAG_A32, CONDEXEC);
11864 dc->condexec_mask = (condexec & 0xf) << 1;
11865 dc->condexec_cond = condexec >> 4;
11866 core_mmu_idx = FIELD_EX32(tb_flags, TBFLAG_ANY, MMUIDX);
11867 dc->mmu_idx = core_to_arm_mmu_idx(env, core_mmu_idx);
11868 dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
11869 #if !defined(CONFIG_USER_ONLY)
11870 dc->user = (dc->current_el == 0);
11872 dc->ns = FIELD_EX32(tb_flags, TBFLAG_A32, NS);
11873 dc->fp_excp_el = FIELD_EX32(tb_flags, TBFLAG_ANY, FPEXC_EL);
11874 dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN);
11875 dc->vec_len = FIELD_EX32(tb_flags, TBFLAG_A32, VECLEN);
11876 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
11877 dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR);
11878 dc->vec_stride = 0;
11880 dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE);
11883 dc->v7m_handler_mode = FIELD_EX32(tb_flags, TBFLAG_A32, HANDLER);
11884 dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
11885 regime_is_secure(env, dc->mmu_idx);
11886 dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_A32, STACKCHECK);
11887 dc->v8m_fpccr_s_wrong = FIELD_EX32(tb_flags, TBFLAG_A32, FPCCR_S_WRONG);
11888 dc->v7m_new_fp_ctxt_needed =
11889 FIELD_EX32(tb_flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED);
11890 dc->v7m_lspact = FIELD_EX32(tb_flags, TBFLAG_A32, LSPACT);
11891 dc->cp_regs = cpu->cp_regs;
11892 dc->features = env->features;
11894 /* Single step state. The code-generation logic here is:
11896 * generate code with no special handling for single-stepping (except
11897 * that anything that can make us go to SS_ACTIVE == 1 must end the TB;
11898 * this happens anyway because those changes are all system register or
11900 * SS_ACTIVE == 1, PSTATE.SS == 1: (active-not-pending)
11901 * emit code for one insn
11902 * emit code to clear PSTATE.SS
11903 * emit code to generate software step exception for completed step
11904 * end TB (as usual for having generated an exception)
11905 * SS_ACTIVE == 1, PSTATE.SS == 0: (active-pending)
11906 * emit code to generate a software step exception
11909 dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
11910 dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
11911 dc->is_ldex = false;
11912 if (!arm_feature(env, ARM_FEATURE_M)) {
11913 dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
11916 dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
11918 /* If architectural single step active, limit to 1. */
11919 if (is_singlestepping(dc)) {
11920 dc->base.max_insns = 1;
11923 /* ARM is a fixed-length ISA. Bound the number of insns to execute
11924 to those left on the page. */
11926 int bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
11927 dc->base.max_insns = MIN(dc->base.max_insns, bound);
11930 cpu_V0 = tcg_temp_new_i64();
11931 cpu_V1 = tcg_temp_new_i64();
11932 /* FIXME: cpu_M0 can probably be the same as cpu_V0. */
11933 cpu_M0 = tcg_temp_new_i64();
11936 static void arm_tr_tb_start(DisasContextBase *dcbase, CPUState *cpu)
11938 DisasContext *dc = container_of(dcbase, DisasContext, base);
11940 /* A note on handling of the condexec (IT) bits:
11942 * We want to avoid the overhead of having to write the updated condexec
11943 * bits back to the CPUARMState for every instruction in an IT block. So:
11944 * (1) if the condexec bits are not already zero then we write
11945 * zero back into the CPUARMState now. This avoids complications trying
11946 * to do it at the end of the block. (For example if we don't do this
11947 * it's hard to identify whether we can safely skip writing condexec
11948 * at the end of the TB, which we definitely want to do for the case
11949 * where a TB doesn't do anything with the IT state at all.)
11950 * (2) if we are going to leave the TB then we call gen_set_condexec()
11951 * which will write the correct value into CPUARMState if zero is wrong.
11952 * This is done both for leaving the TB at the end, and for leaving
11953 * it because of an exception we know will happen, which is done in
11954 * gen_exception_insn(). The latter is necessary because we need to
11955 * leave the TB with the PC/IT state just prior to execution of the
11956 * instruction which caused the exception.
11957 * (3) if we leave the TB unexpectedly (eg a data abort on a load)
11958 * then the CPUARMState will be wrong and we need to reset it.
11959 * This is handled in the same way as restoration of the
11960 * PC in these situations; we save the value of the condexec bits
11961 * for each PC via tcg_gen_insn_start(), and restore_state_to_opc()
11962 * then uses this to restore them after an exception.
11964 * Note that there are no instructions which can read the condexec
11965 * bits, and none which can write non-static values to them, so
11966 * we don't need to care about whether CPUARMState is correct in the
11970 /* Reset the conditional execution bits immediately. This avoids
11971 complications trying to do it at the end of the block. */
11972 if (dc->condexec_mask || dc->condexec_cond) {
11973 TCGv_i32 tmp = tcg_temp_new_i32();
11974 tcg_gen_movi_i32(tmp, 0);
11975 store_cpu_field(tmp, condexec_bits);
11979 static void arm_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
11981 DisasContext *dc = container_of(dcbase, DisasContext, base);
11983 tcg_gen_insn_start(dc->base.pc_next,
11984 (dc->condexec_cond << 4) | (dc->condexec_mask >> 1),
11986 dc->insn_start = tcg_last_op();
11989 static bool arm_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
11990 const CPUBreakpoint *bp)
11992 DisasContext *dc = container_of(dcbase, DisasContext, base);
11994 if (bp->flags & BP_CPU) {
11995 gen_set_condexec(dc);
11996 gen_set_pc_im(dc, dc->base.pc_next);
11997 gen_helper_check_breakpoints(cpu_env);
11998 /* End the TB early; it's likely not going to be executed */
11999 dc->base.is_jmp = DISAS_TOO_MANY;
12001 gen_exception_internal_insn(dc, dc->base.pc_next, EXCP_DEBUG);
12002 /* The address covered by the breakpoint must be
12003 included in [tb->pc, tb->pc + tb->size) in order
12004 to for it to be properly cleared -- thus we
12005 increment the PC here so that the logic setting
12006 tb->size below does the right thing. */
12007 /* TODO: Advance PC by correct instruction length to
12008 * avoid disassembler error messages */
12009 dc->base.pc_next += 2;
12010 dc->base.is_jmp = DISAS_NORETURN;
12016 static bool arm_pre_translate_insn(DisasContext *dc)
12018 #ifdef CONFIG_USER_ONLY
12019 /* Intercept jump to the magic kernel page. */
12020 if (dc->base.pc_next >= 0xffff0000) {
12021 /* We always get here via a jump, so know we are not in a
12022 conditional execution block. */
12023 gen_exception_internal(EXCP_KERNEL_TRAP);
12024 dc->base.is_jmp = DISAS_NORETURN;
12029 if (dc->ss_active && !dc->pstate_ss) {
12030 /* Singlestep state is Active-pending.
12031 * If we're in this state at the start of a TB then either
12032 * a) we just took an exception to an EL which is being debugged
12033 * and this is the first insn in the exception handler
12034 * b) debug exceptions were masked and we just unmasked them
12035 * without changing EL (eg by clearing PSTATE.D)
12036 * In either case we're going to take a swstep exception in the
12037 * "did not step an insn" case, and so the syndrome ISV and EX
12038 * bits should be zero.
12040 assert(dc->base.num_insns == 1);
12041 gen_swstep_exception(dc, 0, 0);
12042 dc->base.is_jmp = DISAS_NORETURN;
12049 static void arm_post_translate_insn(DisasContext *dc)
12051 if (dc->condjmp && !dc->base.is_jmp) {
12052 gen_set_label(dc->condlabel);
12055 translator_loop_temp_check(&dc->base);
12058 static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
12060 DisasContext *dc = container_of(dcbase, DisasContext, base);
12061 CPUARMState *env = cpu->env_ptr;
12064 if (arm_pre_translate_insn(dc)) {
12068 dc->pc_curr = dc->base.pc_next;
12069 insn = arm_ldl_code(env, dc->base.pc_next, dc->sctlr_b);
12071 dc->base.pc_next += 4;
12072 disas_arm_insn(dc, insn);
12074 arm_post_translate_insn(dc);
12076 /* ARM is a fixed-length ISA. We performed the cross-page check
12077 in init_disas_context by adjusting max_insns. */
12080 static bool thumb_insn_is_unconditional(DisasContext *s, uint32_t insn)
12082 /* Return true if this Thumb insn is always unconditional,
12083 * even inside an IT block. This is true of only a very few
12084 * instructions: BKPT, HLT, and SG.
12086 * A larger class of instructions are UNPREDICTABLE if used
12087 * inside an IT block; we do not need to detect those here, because
12088 * what we do by default (perform the cc check and update the IT
12089 * bits state machine) is a permitted CONSTRAINED UNPREDICTABLE
12090 * choice for those situations.
12092 * insn is either a 16-bit or a 32-bit instruction; the two are
12093 * distinguishable because for the 16-bit case the top 16 bits
12094 * are zeroes, and that isn't a valid 32-bit encoding.
12096 if ((insn & 0xffffff00) == 0xbe00) {
12101 if ((insn & 0xffffffc0) == 0xba80 && arm_dc_feature(s, ARM_FEATURE_V8) &&
12102 !arm_dc_feature(s, ARM_FEATURE_M)) {
12103 /* HLT: v8A only. This is unconditional even when it is going to
12104 * UNDEF; see the v8A ARM ARM DDI0487B.a H3.3.
12105 * For v7 cores this was a plain old undefined encoding and so
12106 * honours its cc check. (We might be using the encoding as
12107 * a semihosting trap, but we don't change the cc check behaviour
12108 * on that account, because a debugger connected to a real v7A
12109 * core and emulating semihosting traps by catching the UNDEF
12110 * exception would also only see cases where the cc check passed.
12111 * No guest code should be trying to do a HLT semihosting trap
12112 * in an IT block anyway.
12117 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_V8) &&
12118 arm_dc_feature(s, ARM_FEATURE_M)) {
12126 static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
12128 DisasContext *dc = container_of(dcbase, DisasContext, base);
12129 CPUARMState *env = cpu->env_ptr;
12133 if (arm_pre_translate_insn(dc)) {
12137 dc->pc_curr = dc->base.pc_next;
12138 insn = arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b);
12139 is_16bit = thumb_insn_is_16bit(dc, dc->base.pc_next, insn);
12140 dc->base.pc_next += 2;
12142 uint32_t insn2 = arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b);
12144 insn = insn << 16 | insn2;
12145 dc->base.pc_next += 2;
12149 if (dc->condexec_mask && !thumb_insn_is_unconditional(dc, insn)) {
12150 uint32_t cond = dc->condexec_cond;
12153 * Conditionally skip the insn. Note that both 0xe and 0xf mean
12154 * "always"; 0xf is not "never".
12157 arm_skip_unless(dc, cond);
12162 disas_thumb_insn(dc, insn);
12164 disas_thumb2_insn(dc, insn);
12167 /* Advance the Thumb condexec condition. */
12168 if (dc->condexec_mask) {
12169 dc->condexec_cond = ((dc->condexec_cond & 0xe) |
12170 ((dc->condexec_mask >> 4) & 1));
12171 dc->condexec_mask = (dc->condexec_mask << 1) & 0x1f;
12172 if (dc->condexec_mask == 0) {
12173 dc->condexec_cond = 0;
12177 arm_post_translate_insn(dc);
12179 /* Thumb is a variable-length ISA. Stop translation when the next insn
12180 * will touch a new page. This ensures that prefetch aborts occur at
12183 * We want to stop the TB if the next insn starts in a new page,
12184 * or if it spans between this page and the next. This means that
12185 * if we're looking at the last halfword in the page we need to
12186 * see if it's a 16-bit Thumb insn (which will fit in this TB)
12187 * or a 32-bit Thumb insn (which won't).
12188 * This is to avoid generating a silly TB with a single 16-bit insn
12189 * in it at the end of this page (which would execute correctly
12190 * but isn't very efficient).
12192 if (dc->base.is_jmp == DISAS_NEXT
12193 && (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE
12194 || (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE - 3
12195 && insn_crosses_page(env, dc)))) {
12196 dc->base.is_jmp = DISAS_TOO_MANY;
12200 static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
12202 DisasContext *dc = container_of(dcbase, DisasContext, base);
12204 if (tb_cflags(dc->base.tb) & CF_LAST_IO && dc->condjmp) {
12205 /* FIXME: This can theoretically happen with self-modifying code. */
12206 cpu_abort(cpu, "IO on conditional branch instruction");
12209 /* At this stage dc->condjmp will only be set when the skipped
12210 instruction was a conditional branch or trap, and the PC has
12211 already been written. */
12212 gen_set_condexec(dc);
12213 if (dc->base.is_jmp == DISAS_BX_EXCRET) {
12214 /* Exception return branches need some special case code at the
12215 * end of the TB, which is complex enough that it has to
12216 * handle the single-step vs not and the condition-failed
12217 * insn codepath itself.
12219 gen_bx_excret_final_code(dc);
12220 } else if (unlikely(is_singlestepping(dc))) {
12221 /* Unconditional and "condition passed" instruction codepath. */
12222 switch (dc->base.is_jmp) {
12224 gen_ss_advance(dc);
12225 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
12226 default_exception_el(dc));
12229 gen_ss_advance(dc);
12230 gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
12233 gen_ss_advance(dc);
12234 gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
12237 case DISAS_TOO_MANY:
12239 gen_set_pc_im(dc, dc->base.pc_next);
12242 /* FIXME: Single stepping a WFI insn will not halt the CPU. */
12243 gen_singlestep_exception(dc);
12245 case DISAS_NORETURN:
12249 /* While branches must always occur at the end of an IT block,
12250 there are a few other things that can cause us to terminate
12251 the TB in the middle of an IT block:
12252 - Exception generating instructions (bkpt, swi, undefined).
12254 - Hardware watchpoints.
12255 Hardware breakpoints have already been handled and skip this code.
12257 switch(dc->base.is_jmp) {
12259 case DISAS_TOO_MANY:
12260 gen_goto_tb(dc, 1, dc->base.pc_next);
12266 gen_set_pc_im(dc, dc->base.pc_next);
12269 /* indicate that the hash table must be used to find the next TB */
12270 tcg_gen_exit_tb(NULL, 0);
12272 case DISAS_NORETURN:
12273 /* nothing more to generate */
12277 TCGv_i32 tmp = tcg_const_i32((dc->thumb &&
12278 !(dc->insn & (1U << 31))) ? 2 : 4);
12280 gen_helper_wfi(cpu_env, tmp);
12281 tcg_temp_free_i32(tmp);
12282 /* The helper doesn't necessarily throw an exception, but we
12283 * must go back to the main loop to check for interrupts anyway.
12285 tcg_gen_exit_tb(NULL, 0);
12289 gen_helper_wfe(cpu_env);
12292 gen_helper_yield(cpu_env);
12295 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
12296 default_exception_el(dc));
12299 gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
12302 gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
12308 /* "Condition failed" instruction codepath for the branch/trap insn */
12309 gen_set_label(dc->condlabel);
12310 gen_set_condexec(dc);
12311 if (unlikely(is_singlestepping(dc))) {
12312 gen_set_pc_im(dc, dc->base.pc_next);
12313 gen_singlestep_exception(dc);
12315 gen_goto_tb(dc, 1, dc->base.pc_next);
12320 static void arm_tr_disas_log(const DisasContextBase *dcbase, CPUState *cpu)
12322 DisasContext *dc = container_of(dcbase, DisasContext, base);
12324 qemu_log("IN: %s\n", lookup_symbol(dc->base.pc_first));
12325 log_target_disas(cpu, dc->base.pc_first, dc->base.tb->size);
12328 static const TranslatorOps arm_translator_ops = {
12329 .init_disas_context = arm_tr_init_disas_context,
12330 .tb_start = arm_tr_tb_start,
12331 .insn_start = arm_tr_insn_start,
12332 .breakpoint_check = arm_tr_breakpoint_check,
12333 .translate_insn = arm_tr_translate_insn,
12334 .tb_stop = arm_tr_tb_stop,
12335 .disas_log = arm_tr_disas_log,
12338 static const TranslatorOps thumb_translator_ops = {
12339 .init_disas_context = arm_tr_init_disas_context,
12340 .tb_start = arm_tr_tb_start,
12341 .insn_start = arm_tr_insn_start,
12342 .breakpoint_check = arm_tr_breakpoint_check,
12343 .translate_insn = thumb_tr_translate_insn,
12344 .tb_stop = arm_tr_tb_stop,
12345 .disas_log = arm_tr_disas_log,
12348 /* generate intermediate code for basic block 'tb'. */
12349 void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
12352 const TranslatorOps *ops = &arm_translator_ops;
12354 if (FIELD_EX32(tb->flags, TBFLAG_A32, THUMB)) {
12355 ops = &thumb_translator_ops;
12357 #ifdef TARGET_AARCH64
12358 if (FIELD_EX32(tb->flags, TBFLAG_ANY, AARCH64_STATE)) {
12359 ops = &aarch64_translator_ops;
12363 translator_loop(ops, &dc.base, cpu, tb, max_insns);
12366 void restore_state_to_opc(CPUARMState *env, TranslationBlock *tb,
12367 target_ulong *data)
12371 env->condexec_bits = 0;
12372 env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
12374 env->regs[15] = data[0];
12375 env->condexec_bits = data[1];
12376 env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
projects / qemu.git / blob