]> git.proxmox.com Git - mirror_qemu.git/blob - target/arm/translate.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
target/arm: Simplify UMAAL
[mirror_qemu.git] / target / arm / translate.c
1 /*
2 * ARM translation
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2005-2007 CodeSourcery
6 * Copyright (c) 2007 OpenedHand, Ltd.
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2 of the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 */
21 #include "qemu/osdep.h"
22
23 #include "cpu.h"
24 #include "internals.h"
25 #include "disas/disas.h"
26 #include "exec/exec-all.h"
27 #include "tcg-op.h"
28 #include "tcg-op-gvec.h"
29 #include "qemu/log.h"
30 #include "qemu/bitops.h"
31 #include "arm_ldst.h"
32 #include "hw/semihosting/semihost.h"
33
34 #include "exec/helper-proto.h"
35 #include "exec/helper-gen.h"
36
37 #include "trace-tcg.h"
38 #include "exec/log.h"
39
40
41 #define ENABLE_ARCH_4T arm_dc_feature(s, ARM_FEATURE_V4T)
42 #define ENABLE_ARCH_5 arm_dc_feature(s, ARM_FEATURE_V5)
43 /* currently all emulated v5 cores are also v5TE, so don't bother */
44 #define ENABLE_ARCH_5TE arm_dc_feature(s, ARM_FEATURE_V5)
45 #define ENABLE_ARCH_5J dc_isar_feature(jazelle, s)
46 #define ENABLE_ARCH_6 arm_dc_feature(s, ARM_FEATURE_V6)
47 #define ENABLE_ARCH_6K arm_dc_feature(s, ARM_FEATURE_V6K)
48 #define ENABLE_ARCH_6T2 arm_dc_feature(s, ARM_FEATURE_THUMB2)
49 #define ENABLE_ARCH_7 arm_dc_feature(s, ARM_FEATURE_V7)
50 #define ENABLE_ARCH_8 arm_dc_feature(s, ARM_FEATURE_V8)
51
52 #define ARCH(x) do { if (!ENABLE_ARCH_##x) goto illegal_op; } while(0)
53
54 #include "translate.h"
55
56 #if defined(CONFIG_USER_ONLY)
57 #define IS_USER(s) 1
58 #else
59 #define IS_USER(s) (s->user)
60 #endif
61
62 /* We reuse the same 64-bit temporaries for efficiency. */
63 static TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
64 static TCGv_i32 cpu_R[16];
65 TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF;
66 TCGv_i64 cpu_exclusive_addr;
67 TCGv_i64 cpu_exclusive_val;
68
69 #include "exec/gen-icount.h"
70
71 static const char * const regnames[] =
72 { "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
73 "r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" };
74
75 /* Function prototypes for gen_ functions calling Neon helpers. */
76 typedef void NeonGenThreeOpEnvFn(TCGv_i32, TCGv_env, TCGv_i32,
77 TCGv_i32, TCGv_i32);
78 /* Function prototypes for gen_ functions for fix point conversions */
79 typedef void VFPGenFixPointFn(TCGv_i32, TCGv_i32, TCGv_i32, TCGv_ptr);
80
81 /* initialize TCG globals. */
82 void arm_translate_init(void)
83 {
84 int i;
85
86 for (i = 0; i < 16; i++) {
87 cpu_R[i] = tcg_global_mem_new_i32(cpu_env,
88 offsetof(CPUARMState, regs[i]),
89 regnames[i]);
90 }
91 cpu_CF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, CF), "CF");
92 cpu_NF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, NF), "NF");
93 cpu_VF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, VF), "VF");
94 cpu_ZF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, ZF), "ZF");
95
96 cpu_exclusive_addr = tcg_global_mem_new_i64(cpu_env,
97 offsetof(CPUARMState, exclusive_addr), "exclusive_addr");
98 cpu_exclusive_val = tcg_global_mem_new_i64(cpu_env,
99 offsetof(CPUARMState, exclusive_val), "exclusive_val");
100
101 a64_translate_init();
102 }
103
104 /* Flags for the disas_set_da_iss info argument:
105 * lower bits hold the Rt register number, higher bits are flags.
106 */
107 typedef enum ISSInfo {
108 ISSNone = 0,
109 ISSRegMask = 0x1f,
110 ISSInvalid = (1 << 5),
111 ISSIsAcqRel = (1 << 6),
112 ISSIsWrite = (1 << 7),
113 ISSIs16Bit = (1 << 8),
114 } ISSInfo;
115
116 /* Save the syndrome information for a Data Abort */
117 static void disas_set_da_iss(DisasContext *s, MemOp memop, ISSInfo issinfo)
118 {
119 uint32_t syn;
120 int sas = memop & MO_SIZE;
121 bool sse = memop & MO_SIGN;
122 bool is_acqrel = issinfo & ISSIsAcqRel;
123 bool is_write = issinfo & ISSIsWrite;
124 bool is_16bit = issinfo & ISSIs16Bit;
125 int srt = issinfo & ISSRegMask;
126
127 if (issinfo & ISSInvalid) {
128 /* Some callsites want to conditionally provide ISS info,
129 * eg "only if this was not a writeback"
130 */
131 return;
132 }
133
134 if (srt == 15) {
135 /* For AArch32, insns where the src/dest is R15 never generate
136 * ISS information. Catching that here saves checking at all
137 * the call sites.
138 */
139 return;
140 }
141
142 syn = syn_data_abort_with_iss(0, sas, sse, srt, 0, is_acqrel,
143 0, 0, 0, is_write, 0, is_16bit);
144 disas_set_insn_syndrome(s, syn);
145 }
146
147 static inline int get_a32_user_mem_index(DisasContext *s)
148 {
149 /* Return the core mmu_idx to use for A32/T32 "unprivileged load/store"
150 * insns:
151 * if PL2, UNPREDICTABLE (we choose to implement as if PL0)
152 * otherwise, access as if at PL0.
153 */
154 switch (s->mmu_idx) {
155 case ARMMMUIdx_S1E2: /* this one is UNPREDICTABLE */
156 case ARMMMUIdx_S12NSE0:
157 case ARMMMUIdx_S12NSE1:
158 return arm_to_core_mmu_idx(ARMMMUIdx_S12NSE0);
159 case ARMMMUIdx_S1E3:
160 case ARMMMUIdx_S1SE0:
161 case ARMMMUIdx_S1SE1:
162 return arm_to_core_mmu_idx(ARMMMUIdx_S1SE0);
163 case ARMMMUIdx_MUser:
164 case ARMMMUIdx_MPriv:
165 return arm_to_core_mmu_idx(ARMMMUIdx_MUser);
166 case ARMMMUIdx_MUserNegPri:
167 case ARMMMUIdx_MPrivNegPri:
168 return arm_to_core_mmu_idx(ARMMMUIdx_MUserNegPri);
169 case ARMMMUIdx_MSUser:
170 case ARMMMUIdx_MSPriv:
171 return arm_to_core_mmu_idx(ARMMMUIdx_MSUser);
172 case ARMMMUIdx_MSUserNegPri:
173 case ARMMMUIdx_MSPrivNegPri:
174 return arm_to_core_mmu_idx(ARMMMUIdx_MSUserNegPri);
175 case ARMMMUIdx_S2NS:
176 default:
177 g_assert_not_reached();
178 }
179 }
180
181 static inline TCGv_i32 load_cpu_offset(int offset)
182 {
183 TCGv_i32 tmp = tcg_temp_new_i32();
184 tcg_gen_ld_i32(tmp, cpu_env, offset);
185 return tmp;
186 }
187
188 #define load_cpu_field(name) load_cpu_offset(offsetof(CPUARMState, name))
189
190 static inline void store_cpu_offset(TCGv_i32 var, int offset)
191 {
192 tcg_gen_st_i32(var, cpu_env, offset);
193 tcg_temp_free_i32(var);
194 }
195
196 #define store_cpu_field(var, name) \
197 store_cpu_offset(var, offsetof(CPUARMState, name))
198
199 /* The architectural value of PC. */
200 static uint32_t read_pc(DisasContext *s)
201 {
202 return s->pc_curr + (s->thumb ? 4 : 8);
203 }
204
205 /* Set a variable to the value of a CPU register. */
206 static void load_reg_var(DisasContext *s, TCGv_i32 var, int reg)
207 {
208 if (reg == 15) {
209 tcg_gen_movi_i32(var, read_pc(s));
210 } else {
211 tcg_gen_mov_i32(var, cpu_R[reg]);
212 }
213 }
214
215 /* Create a new temporary and set it to the value of a CPU register. */
216 static inline TCGv_i32 load_reg(DisasContext *s, int reg)
217 {
218 TCGv_i32 tmp = tcg_temp_new_i32();
219 load_reg_var(s, tmp, reg);
220 return tmp;
221 }
222
223 /*
224 * Create a new temp, REG + OFS, except PC is ALIGN(PC, 4).
225 * This is used for load/store for which use of PC implies (literal),
226 * or ADD that implies ADR.
227 */
228 static TCGv_i32 add_reg_for_lit(DisasContext *s, int reg, int ofs)
229 {
230 TCGv_i32 tmp = tcg_temp_new_i32();
231
232 if (reg == 15) {
233 tcg_gen_movi_i32(tmp, (read_pc(s) & ~3) + ofs);
234 } else {
235 tcg_gen_addi_i32(tmp, cpu_R[reg], ofs);
236 }
237 return tmp;
238 }
239
240 /* Set a CPU register. The source must be a temporary and will be
241 marked as dead. */
242 static void store_reg(DisasContext *s, int reg, TCGv_i32 var)
243 {
244 if (reg == 15) {
245 /* In Thumb mode, we must ignore bit 0.
246 * In ARM mode, for ARMv4 and ARMv5, it is UNPREDICTABLE if bits [1:0]
247 * are not 0b00, but for ARMv6 and above, we must ignore bits [1:0].
248 * We choose to ignore [1:0] in ARM mode for all architecture versions.
249 */
250 tcg_gen_andi_i32(var, var, s->thumb ? ~1 : ~3);
251 s->base.is_jmp = DISAS_JUMP;
252 }
253 tcg_gen_mov_i32(cpu_R[reg], var);
254 tcg_temp_free_i32(var);
255 }
256
257 /*
258 * Variant of store_reg which applies v8M stack-limit checks before updating
259 * SP. If the check fails this will result in an exception being taken.
260 * We disable the stack checks for CONFIG_USER_ONLY because we have
261 * no idea what the stack limits should be in that case.
262 * If stack checking is not being done this just acts like store_reg().
263 */
264 static void store_sp_checked(DisasContext *s, TCGv_i32 var)
265 {
266 #ifndef CONFIG_USER_ONLY
267 if (s->v8m_stackcheck) {
268 gen_helper_v8m_stackcheck(cpu_env, var);
269 }
270 #endif
271 store_reg(s, 13, var);
272 }
273
274 /* Value extensions. */
275 #define gen_uxtb(var) tcg_gen_ext8u_i32(var, var)
276 #define gen_uxth(var) tcg_gen_ext16u_i32(var, var)
277 #define gen_sxtb(var) tcg_gen_ext8s_i32(var, var)
278 #define gen_sxth(var) tcg_gen_ext16s_i32(var, var)
279
280 #define gen_sxtb16(var) gen_helper_sxtb16(var, var)
281 #define gen_uxtb16(var) gen_helper_uxtb16(var, var)
282
283
284 static inline void gen_set_cpsr(TCGv_i32 var, uint32_t mask)
285 {
286 TCGv_i32 tmp_mask = tcg_const_i32(mask);
287 gen_helper_cpsr_write(cpu_env, var, tmp_mask);
288 tcg_temp_free_i32(tmp_mask);
289 }
290 /* Set NZCV flags from the high 4 bits of var. */
291 #define gen_set_nzcv(var) gen_set_cpsr(var, CPSR_NZCV)
292
293 static void gen_exception_internal(int excp)
294 {
295 TCGv_i32 tcg_excp = tcg_const_i32(excp);
296
297 assert(excp_is_internal(excp));
298 gen_helper_exception_internal(cpu_env, tcg_excp);
299 tcg_temp_free_i32(tcg_excp);
300 }
301
302 static void gen_step_complete_exception(DisasContext *s)
303 {
304 /* We just completed step of an insn. Move from Active-not-pending
305 * to Active-pending, and then also take the swstep exception.
306 * This corresponds to making the (IMPDEF) choice to prioritize
307 * swstep exceptions over asynchronous exceptions taken to an exception
308 * level where debug is disabled. This choice has the advantage that
309 * we do not need to maintain internal state corresponding to the
310 * ISV/EX syndrome bits between completion of the step and generation
311 * of the exception, and our syndrome information is always correct.
312 */
313 gen_ss_advance(s);
314 gen_swstep_exception(s, 1, s->is_ldex);
315 s->base.is_jmp = DISAS_NORETURN;
316 }
317
318 static void gen_singlestep_exception(DisasContext *s)
319 {
320 /* Generate the right kind of exception for singlestep, which is
321 * either the architectural singlestep or EXCP_DEBUG for QEMU's
322 * gdb singlestepping.
323 */
324 if (s->ss_active) {
325 gen_step_complete_exception(s);
326 } else {
327 gen_exception_internal(EXCP_DEBUG);
328 }
329 }
330
331 static inline bool is_singlestepping(DisasContext *s)
332 {
333 /* Return true if we are singlestepping either because of
334 * architectural singlestep or QEMU gdbstub singlestep. This does
335 * not include the command line '-singlestep' mode which is rather
336 * misnamed as it only means "one instruction per TB" and doesn't
337 * affect the code we generate.
338 */
339 return s->base.singlestep_enabled || s->ss_active;
340 }
341
342 static void gen_smul_dual(TCGv_i32 a, TCGv_i32 b)
343 {
344 TCGv_i32 tmp1 = tcg_temp_new_i32();
345 TCGv_i32 tmp2 = tcg_temp_new_i32();
346 tcg_gen_ext16s_i32(tmp1, a);
347 tcg_gen_ext16s_i32(tmp2, b);
348 tcg_gen_mul_i32(tmp1, tmp1, tmp2);
349 tcg_temp_free_i32(tmp2);
350 tcg_gen_sari_i32(a, a, 16);
351 tcg_gen_sari_i32(b, b, 16);
352 tcg_gen_mul_i32(b, b, a);
353 tcg_gen_mov_i32(a, tmp1);
354 tcg_temp_free_i32(tmp1);
355 }
356
357 /* Byteswap each halfword. */
358 static void gen_rev16(TCGv_i32 var)
359 {
360 TCGv_i32 tmp = tcg_temp_new_i32();
361 TCGv_i32 mask = tcg_const_i32(0x00ff00ff);
362 tcg_gen_shri_i32(tmp, var, 8);
363 tcg_gen_and_i32(tmp, tmp, mask);
364 tcg_gen_and_i32(var, var, mask);
365 tcg_gen_shli_i32(var, var, 8);
366 tcg_gen_or_i32(var, var, tmp);
367 tcg_temp_free_i32(mask);
368 tcg_temp_free_i32(tmp);
369 }
370
371 /* Byteswap low halfword and sign extend. */
372 static void gen_revsh(TCGv_i32 var)
373 {
374 tcg_gen_ext16u_i32(var, var);
375 tcg_gen_bswap16_i32(var, var);
376 tcg_gen_ext16s_i32(var, var);
377 }
378
379 /* 32x32->64 multiply. Marks inputs as dead. */
380 static TCGv_i64 gen_mulu_i64_i32(TCGv_i32 a, TCGv_i32 b)
381 {
382 TCGv_i32 lo = tcg_temp_new_i32();
383 TCGv_i32 hi = tcg_temp_new_i32();
384 TCGv_i64 ret;
385
386 tcg_gen_mulu2_i32(lo, hi, a, b);
387 tcg_temp_free_i32(a);
388 tcg_temp_free_i32(b);
389
390 ret = tcg_temp_new_i64();
391 tcg_gen_concat_i32_i64(ret, lo, hi);
392 tcg_temp_free_i32(lo);
393 tcg_temp_free_i32(hi);
394
395 return ret;
396 }
397
398 static TCGv_i64 gen_muls_i64_i32(TCGv_i32 a, TCGv_i32 b)
399 {
400 TCGv_i32 lo = tcg_temp_new_i32();
401 TCGv_i32 hi = tcg_temp_new_i32();
402 TCGv_i64 ret;
403
404 tcg_gen_muls2_i32(lo, hi, a, b);
405 tcg_temp_free_i32(a);
406 tcg_temp_free_i32(b);
407
408 ret = tcg_temp_new_i64();
409 tcg_gen_concat_i32_i64(ret, lo, hi);
410 tcg_temp_free_i32(lo);
411 tcg_temp_free_i32(hi);
412
413 return ret;
414 }
415
416 /* Swap low and high halfwords. */
417 static void gen_swap_half(TCGv_i32 var)
418 {
419 tcg_gen_rotri_i32(var, var, 16);
420 }
421
422 /* Dual 16-bit add. Result placed in t0 and t1 is marked as dead.
423 tmp = (t0 ^ t1) & 0x8000;
424 t0 &= ~0x8000;
425 t1 &= ~0x8000;
426 t0 = (t0 + t1) ^ tmp;
427 */
428
429 static void gen_add16(TCGv_i32 t0, TCGv_i32 t1)
430 {
431 TCGv_i32 tmp = tcg_temp_new_i32();
432 tcg_gen_xor_i32(tmp, t0, t1);
433 tcg_gen_andi_i32(tmp, tmp, 0x8000);
434 tcg_gen_andi_i32(t0, t0, ~0x8000);
435 tcg_gen_andi_i32(t1, t1, ~0x8000);
436 tcg_gen_add_i32(t0, t0, t1);
437 tcg_gen_xor_i32(t0, t0, tmp);
438 tcg_temp_free_i32(tmp);
439 tcg_temp_free_i32(t1);
440 }
441
442 /* Set N and Z flags from var. */
443 static inline void gen_logic_CC(TCGv_i32 var)
444 {
445 tcg_gen_mov_i32(cpu_NF, var);
446 tcg_gen_mov_i32(cpu_ZF, var);
447 }
448
449 /* T0 += T1 + CF. */
450 static void gen_adc(TCGv_i32 t0, TCGv_i32 t1)
451 {
452 tcg_gen_add_i32(t0, t0, t1);
453 tcg_gen_add_i32(t0, t0, cpu_CF);
454 }
455
456 /* dest = T0 + T1 + CF. */
457 static void gen_add_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
458 {
459 tcg_gen_add_i32(dest, t0, t1);
460 tcg_gen_add_i32(dest, dest, cpu_CF);
461 }
462
463 /* dest = T0 - T1 + CF - 1. */
464 static void gen_sub_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
465 {
466 tcg_gen_sub_i32(dest, t0, t1);
467 tcg_gen_add_i32(dest, dest, cpu_CF);
468 tcg_gen_subi_i32(dest, dest, 1);
469 }
470
471 /* dest = T0 + T1. Compute C, N, V and Z flags */
472 static void gen_add_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
473 {
474 TCGv_i32 tmp = tcg_temp_new_i32();
475 tcg_gen_movi_i32(tmp, 0);
476 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, t1, tmp);
477 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
478 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
479 tcg_gen_xor_i32(tmp, t0, t1);
480 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
481 tcg_temp_free_i32(tmp);
482 tcg_gen_mov_i32(dest, cpu_NF);
483 }
484
485 /* dest = T0 + T1 + CF. Compute C, N, V and Z flags */
486 static void gen_adc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
487 {
488 TCGv_i32 tmp = tcg_temp_new_i32();
489 if (TCG_TARGET_HAS_add2_i32) {
490 tcg_gen_movi_i32(tmp, 0);
491 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, cpu_CF, tmp);
492 tcg_gen_add2_i32(cpu_NF, cpu_CF, cpu_NF, cpu_CF, t1, tmp);
493 } else {
494 TCGv_i64 q0 = tcg_temp_new_i64();
495 TCGv_i64 q1 = tcg_temp_new_i64();
496 tcg_gen_extu_i32_i64(q0, t0);
497 tcg_gen_extu_i32_i64(q1, t1);
498 tcg_gen_add_i64(q0, q0, q1);
499 tcg_gen_extu_i32_i64(q1, cpu_CF);
500 tcg_gen_add_i64(q0, q0, q1);
501 tcg_gen_extr_i64_i32(cpu_NF, cpu_CF, q0);
502 tcg_temp_free_i64(q0);
503 tcg_temp_free_i64(q1);
504 }
505 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
506 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
507 tcg_gen_xor_i32(tmp, t0, t1);
508 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
509 tcg_temp_free_i32(tmp);
510 tcg_gen_mov_i32(dest, cpu_NF);
511 }
512
513 /* dest = T0 - T1. Compute C, N, V and Z flags */
514 static void gen_sub_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
515 {
516 TCGv_i32 tmp;
517 tcg_gen_sub_i32(cpu_NF, t0, t1);
518 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
519 tcg_gen_setcond_i32(TCG_COND_GEU, cpu_CF, t0, t1);
520 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
521 tmp = tcg_temp_new_i32();
522 tcg_gen_xor_i32(tmp, t0, t1);
523 tcg_gen_and_i32(cpu_VF, cpu_VF, tmp);
524 tcg_temp_free_i32(tmp);
525 tcg_gen_mov_i32(dest, cpu_NF);
526 }
527
528 /* dest = T0 + ~T1 + CF. Compute C, N, V and Z flags */
529 static void gen_sbc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
530 {
531 TCGv_i32 tmp = tcg_temp_new_i32();
532 tcg_gen_not_i32(tmp, t1);
533 gen_adc_CC(dest, t0, tmp);
534 tcg_temp_free_i32(tmp);
535 }
536
537 #define GEN_SHIFT(name) \
538 static void gen_##name(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) \
539 { \
540 TCGv_i32 tmp1, tmp2, tmp3; \
541 tmp1 = tcg_temp_new_i32(); \
542 tcg_gen_andi_i32(tmp1, t1, 0xff); \
543 tmp2 = tcg_const_i32(0); \
544 tmp3 = tcg_const_i32(0x1f); \
545 tcg_gen_movcond_i32(TCG_COND_GTU, tmp2, tmp1, tmp3, tmp2, t0); \
546 tcg_temp_free_i32(tmp3); \
547 tcg_gen_andi_i32(tmp1, tmp1, 0x1f); \
548 tcg_gen_##name##_i32(dest, tmp2, tmp1); \
549 tcg_temp_free_i32(tmp2); \
550 tcg_temp_free_i32(tmp1); \
551 }
552 GEN_SHIFT(shl)
553 GEN_SHIFT(shr)
554 #undef GEN_SHIFT
555
556 static void gen_sar(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
557 {
558 TCGv_i32 tmp1, tmp2;
559 tmp1 = tcg_temp_new_i32();
560 tcg_gen_andi_i32(tmp1, t1, 0xff);
561 tmp2 = tcg_const_i32(0x1f);
562 tcg_gen_movcond_i32(TCG_COND_GTU, tmp1, tmp1, tmp2, tmp2, tmp1);
563 tcg_temp_free_i32(tmp2);
564 tcg_gen_sar_i32(dest, t0, tmp1);
565 tcg_temp_free_i32(tmp1);
566 }
567
568 static void shifter_out_im(TCGv_i32 var, int shift)
569 {
570 tcg_gen_extract_i32(cpu_CF, var, shift, 1);
571 }
572
573 /* Shift by immediate. Includes special handling for shift == 0. */
574 static inline void gen_arm_shift_im(TCGv_i32 var, int shiftop,
575 int shift, int flags)
576 {
577 switch (shiftop) {
578 case 0: /* LSL */
579 if (shift != 0) {
580 if (flags)
581 shifter_out_im(var, 32 - shift);
582 tcg_gen_shli_i32(var, var, shift);
583 }
584 break;
585 case 1: /* LSR */
586 if (shift == 0) {
587 if (flags) {
588 tcg_gen_shri_i32(cpu_CF, var, 31);
589 }
590 tcg_gen_movi_i32(var, 0);
591 } else {
592 if (flags)
593 shifter_out_im(var, shift - 1);
594 tcg_gen_shri_i32(var, var, shift);
595 }
596 break;
597 case 2: /* ASR */
598 if (shift == 0)
599 shift = 32;
600 if (flags)
601 shifter_out_im(var, shift - 1);
602 if (shift == 32)
603 shift = 31;
604 tcg_gen_sari_i32(var, var, shift);
605 break;
606 case 3: /* ROR/RRX */
607 if (shift != 0) {
608 if (flags)
609 shifter_out_im(var, shift - 1);
610 tcg_gen_rotri_i32(var, var, shift); break;
611 } else {
612 TCGv_i32 tmp = tcg_temp_new_i32();
613 tcg_gen_shli_i32(tmp, cpu_CF, 31);
614 if (flags)
615 shifter_out_im(var, 0);
616 tcg_gen_shri_i32(var, var, 1);
617 tcg_gen_or_i32(var, var, tmp);
618 tcg_temp_free_i32(tmp);
619 }
620 }
621 };
622
623 static inline void gen_arm_shift_reg(TCGv_i32 var, int shiftop,
624 TCGv_i32 shift, int flags)
625 {
626 if (flags) {
627 switch (shiftop) {
628 case 0: gen_helper_shl_cc(var, cpu_env, var, shift); break;
629 case 1: gen_helper_shr_cc(var, cpu_env, var, shift); break;
630 case 2: gen_helper_sar_cc(var, cpu_env, var, shift); break;
631 case 3: gen_helper_ror_cc(var, cpu_env, var, shift); break;
632 }
633 } else {
634 switch (shiftop) {
635 case 0:
636 gen_shl(var, var, shift);
637 break;
638 case 1:
639 gen_shr(var, var, shift);
640 break;
641 case 2:
642 gen_sar(var, var, shift);
643 break;
644 case 3: tcg_gen_andi_i32(shift, shift, 0x1f);
645 tcg_gen_rotr_i32(var, var, shift); break;
646 }
647 }
648 tcg_temp_free_i32(shift);
649 }
650
651 #define PAS_OP(pfx) \
652 switch (op2) { \
653 case 0: gen_pas_helper(glue(pfx,add16)); break; \
654 case 1: gen_pas_helper(glue(pfx,addsubx)); break; \
655 case 2: gen_pas_helper(glue(pfx,subaddx)); break; \
656 case 3: gen_pas_helper(glue(pfx,sub16)); break; \
657 case 4: gen_pas_helper(glue(pfx,add8)); break; \
658 case 7: gen_pas_helper(glue(pfx,sub8)); break; \
659 }
660 static void gen_arm_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
661 {
662 TCGv_ptr tmp;
663
664 switch (op1) {
665 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
666 case 1:
667 tmp = tcg_temp_new_ptr();
668 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
669 PAS_OP(s)
670 tcg_temp_free_ptr(tmp);
671 break;
672 case 5:
673 tmp = tcg_temp_new_ptr();
674 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
675 PAS_OP(u)
676 tcg_temp_free_ptr(tmp);
677 break;
678 #undef gen_pas_helper
679 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
680 case 2:
681 PAS_OP(q);
682 break;
683 case 3:
684 PAS_OP(sh);
685 break;
686 case 6:
687 PAS_OP(uq);
688 break;
689 case 7:
690 PAS_OP(uh);
691 break;
692 #undef gen_pas_helper
693 }
694 }
695 #undef PAS_OP
696
697 /* For unknown reasons Arm and Thumb-2 use arbitrarily different encodings. */
698 #define PAS_OP(pfx) \
699 switch (op1) { \
700 case 0: gen_pas_helper(glue(pfx,add8)); break; \
701 case 1: gen_pas_helper(glue(pfx,add16)); break; \
702 case 2: gen_pas_helper(glue(pfx,addsubx)); break; \
703 case 4: gen_pas_helper(glue(pfx,sub8)); break; \
704 case 5: gen_pas_helper(glue(pfx,sub16)); break; \
705 case 6: gen_pas_helper(glue(pfx,subaddx)); break; \
706 }
707 static void gen_thumb2_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
708 {
709 TCGv_ptr tmp;
710
711 switch (op2) {
712 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
713 case 0:
714 tmp = tcg_temp_new_ptr();
715 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
716 PAS_OP(s)
717 tcg_temp_free_ptr(tmp);
718 break;
719 case 4:
720 tmp = tcg_temp_new_ptr();
721 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
722 PAS_OP(u)
723 tcg_temp_free_ptr(tmp);
724 break;
725 #undef gen_pas_helper
726 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
727 case 1:
728 PAS_OP(q);
729 break;
730 case 2:
731 PAS_OP(sh);
732 break;
733 case 5:
734 PAS_OP(uq);
735 break;
736 case 6:
737 PAS_OP(uh);
738 break;
739 #undef gen_pas_helper
740 }
741 }
742 #undef PAS_OP
743
744 /*
745 * Generate a conditional based on ARM condition code cc.
746 * This is common between ARM and Aarch64 targets.
747 */
748 void arm_test_cc(DisasCompare *cmp, int cc)
749 {
750 TCGv_i32 value;
751 TCGCond cond;
752 bool global = true;
753
754 switch (cc) {
755 case 0: /* eq: Z */
756 case 1: /* ne: !Z */
757 cond = TCG_COND_EQ;
758 value = cpu_ZF;
759 break;
760
761 case 2: /* cs: C */
762 case 3: /* cc: !C */
763 cond = TCG_COND_NE;
764 value = cpu_CF;
765 break;
766
767 case 4: /* mi: N */
768 case 5: /* pl: !N */
769 cond = TCG_COND_LT;
770 value = cpu_NF;
771 break;
772
773 case 6: /* vs: V */
774 case 7: /* vc: !V */
775 cond = TCG_COND_LT;
776 value = cpu_VF;
777 break;
778
779 case 8: /* hi: C && !Z */
780 case 9: /* ls: !C || Z -> !(C && !Z) */
781 cond = TCG_COND_NE;
782 value = tcg_temp_new_i32();
783 global = false;
784 /* CF is 1 for C, so -CF is an all-bits-set mask for C;
785 ZF is non-zero for !Z; so AND the two subexpressions. */
786 tcg_gen_neg_i32(value, cpu_CF);
787 tcg_gen_and_i32(value, value, cpu_ZF);
788 break;
789
790 case 10: /* ge: N == V -> N ^ V == 0 */
791 case 11: /* lt: N != V -> N ^ V != 0 */
792 /* Since we're only interested in the sign bit, == 0 is >= 0. */
793 cond = TCG_COND_GE;
794 value = tcg_temp_new_i32();
795 global = false;
796 tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
797 break;
798
799 case 12: /* gt: !Z && N == V */
800 case 13: /* le: Z || N != V */
801 cond = TCG_COND_NE;
802 value = tcg_temp_new_i32();
803 global = false;
804 /* (N == V) is equal to the sign bit of ~(NF ^ VF). Propagate
805 * the sign bit then AND with ZF to yield the result. */
806 tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
807 tcg_gen_sari_i32(value, value, 31);
808 tcg_gen_andc_i32(value, cpu_ZF, value);
809 break;
810
811 case 14: /* always */
812 case 15: /* always */
813 /* Use the ALWAYS condition, which will fold early.
814 * It doesn't matter what we use for the value. */
815 cond = TCG_COND_ALWAYS;
816 value = cpu_ZF;
817 goto no_invert;
818
819 default:
820 fprintf(stderr, "Bad condition code 0x%x\n", cc);
821 abort();
822 }
823
824 if (cc & 1) {
825 cond = tcg_invert_cond(cond);
826 }
827
828 no_invert:
829 cmp->cond = cond;
830 cmp->value = value;
831 cmp->value_global = global;
832 }
833
834 void arm_free_cc(DisasCompare *cmp)
835 {
836 if (!cmp->value_global) {
837 tcg_temp_free_i32(cmp->value);
838 }
839 }
840
841 void arm_jump_cc(DisasCompare *cmp, TCGLabel *label)
842 {
843 tcg_gen_brcondi_i32(cmp->cond, cmp->value, 0, label);
844 }
845
846 void arm_gen_test_cc(int cc, TCGLabel *label)
847 {
848 DisasCompare cmp;
849 arm_test_cc(&cmp, cc);
850 arm_jump_cc(&cmp, label);
851 arm_free_cc(&cmp);
852 }
853
854 static inline void gen_set_condexec(DisasContext *s)
855 {
856 if (s->condexec_mask) {
857 uint32_t val = (s->condexec_cond << 4) | (s->condexec_mask >> 1);
858 TCGv_i32 tmp = tcg_temp_new_i32();
859 tcg_gen_movi_i32(tmp, val);
860 store_cpu_field(tmp, condexec_bits);
861 }
862 }
863
864 static inline void gen_set_pc_im(DisasContext *s, target_ulong val)
865 {
866 tcg_gen_movi_i32(cpu_R[15], val);
867 }
868
869 /* Set PC and Thumb state from an immediate address. */
870 static inline void gen_bx_im(DisasContext *s, uint32_t addr)
871 {
872 TCGv_i32 tmp;
873
874 s->base.is_jmp = DISAS_JUMP;
875 if (s->thumb != (addr & 1)) {
876 tmp = tcg_temp_new_i32();
877 tcg_gen_movi_i32(tmp, addr & 1);
878 tcg_gen_st_i32(tmp, cpu_env, offsetof(CPUARMState, thumb));
879 tcg_temp_free_i32(tmp);
880 }
881 tcg_gen_movi_i32(cpu_R[15], addr & ~1);
882 }
883
884 /* Set PC and Thumb state from var. var is marked as dead. */
885 static inline void gen_bx(DisasContext *s, TCGv_i32 var)
886 {
887 s->base.is_jmp = DISAS_JUMP;
888 tcg_gen_andi_i32(cpu_R[15], var, ~1);
889 tcg_gen_andi_i32(var, var, 1);
890 store_cpu_field(var, thumb);
891 }
892
893 /*
894 * Set PC and Thumb state from var. var is marked as dead.
895 * For M-profile CPUs, include logic to detect exception-return
896 * branches and handle them. This is needed for Thumb POP/LDM to PC, LDR to PC,
897 * and BX reg, and no others, and happens only for code in Handler mode.
898 * The Security Extension also requires us to check for the FNC_RETURN
899 * which signals a function return from non-secure state; this can happen
900 * in both Handler and Thread mode.
901 * To avoid having to do multiple comparisons in inline generated code,
902 * we make the check we do here loose, so it will match for EXC_RETURN
903 * in Thread mode. For system emulation do_v7m_exception_exit() checks
904 * for these spurious cases and returns without doing anything (giving
905 * the same behaviour as for a branch to a non-magic address).
906 *
907 * In linux-user mode it is unclear what the right behaviour for an
908 * attempted FNC_RETURN should be, because in real hardware this will go
909 * directly to Secure code (ie not the Linux kernel) which will then treat
910 * the error in any way it chooses. For QEMU we opt to make the FNC_RETURN
911 * attempt behave the way it would on a CPU without the security extension,
912 * which is to say "like a normal branch". That means we can simply treat
913 * all branches as normal with no magic address behaviour.
914 */
915 static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
916 {
917 /* Generate the same code here as for a simple bx, but flag via
918 * s->base.is_jmp that we need to do the rest of the work later.
919 */
920 gen_bx(s, var);
921 #ifndef CONFIG_USER_ONLY
922 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY) ||
923 (s->v7m_handler_mode && arm_dc_feature(s, ARM_FEATURE_M))) {
924 s->base.is_jmp = DISAS_BX_EXCRET;
925 }
926 #endif
927 }
928
929 static inline void gen_bx_excret_final_code(DisasContext *s)
930 {
931 /* Generate the code to finish possible exception return and end the TB */
932 TCGLabel *excret_label = gen_new_label();
933 uint32_t min_magic;
934
935 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY)) {
936 /* Covers FNC_RETURN and EXC_RETURN magic */
937 min_magic = FNC_RETURN_MIN_MAGIC;
938 } else {
939 /* EXC_RETURN magic only */
940 min_magic = EXC_RETURN_MIN_MAGIC;
941 }
942
943 /* Is the new PC value in the magic range indicating exception return? */
944 tcg_gen_brcondi_i32(TCG_COND_GEU, cpu_R[15], min_magic, excret_label);
945 /* No: end the TB as we would for a DISAS_JMP */
946 if (is_singlestepping(s)) {
947 gen_singlestep_exception(s);
948 } else {
949 tcg_gen_exit_tb(NULL, 0);
950 }
951 gen_set_label(excret_label);
952 /* Yes: this is an exception return.
953 * At this point in runtime env->regs[15] and env->thumb will hold
954 * the exception-return magic number, which do_v7m_exception_exit()
955 * will read. Nothing else will be able to see those values because
956 * the cpu-exec main loop guarantees that we will always go straight
957 * from raising the exception to the exception-handling code.
958 *
959 * gen_ss_advance(s) does nothing on M profile currently but
960 * calling it is conceptually the right thing as we have executed
961 * this instruction (compare SWI, HVC, SMC handling).
962 */
963 gen_ss_advance(s);
964 gen_exception_internal(EXCP_EXCEPTION_EXIT);
965 }
966
967 static inline void gen_bxns(DisasContext *s, int rm)
968 {
969 TCGv_i32 var = load_reg(s, rm);
970
971 /* The bxns helper may raise an EXCEPTION_EXIT exception, so in theory
972 * we need to sync state before calling it, but:
973 * - we don't need to do gen_set_pc_im() because the bxns helper will
974 * always set the PC itself
975 * - we don't need to do gen_set_condexec() because BXNS is UNPREDICTABLE
976 * unless it's outside an IT block or the last insn in an IT block,
977 * so we know that condexec == 0 (already set at the top of the TB)
978 * is correct in the non-UNPREDICTABLE cases, and we can choose
979 * "zeroes the IT bits" as our UNPREDICTABLE behaviour otherwise.
980 */
981 gen_helper_v7m_bxns(cpu_env, var);
982 tcg_temp_free_i32(var);
983 s->base.is_jmp = DISAS_EXIT;
984 }
985
986 static inline void gen_blxns(DisasContext *s, int rm)
987 {
988 TCGv_i32 var = load_reg(s, rm);
989
990 /* We don't need to sync condexec state, for the same reason as bxns.
991 * We do however need to set the PC, because the blxns helper reads it.
992 * The blxns helper may throw an exception.
993 */
994 gen_set_pc_im(s, s->base.pc_next);
995 gen_helper_v7m_blxns(cpu_env, var);
996 tcg_temp_free_i32(var);
997 s->base.is_jmp = DISAS_EXIT;
998 }
999
1000 /* Variant of store_reg which uses branch&exchange logic when storing
1001 to r15 in ARM architecture v7 and above. The source must be a temporary
1002 and will be marked as dead. */
1003 static inline void store_reg_bx(DisasContext *s, int reg, TCGv_i32 var)
1004 {
1005 if (reg == 15 && ENABLE_ARCH_7) {
1006 gen_bx(s, var);
1007 } else {
1008 store_reg(s, reg, var);
1009 }
1010 }
1011
1012 /* Variant of store_reg which uses branch&exchange logic when storing
1013 * to r15 in ARM architecture v5T and above. This is used for storing
1014 * the results of a LDR/LDM/POP into r15, and corresponds to the cases
1015 * in the ARM ARM which use the LoadWritePC() pseudocode function. */
1016 static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
1017 {
1018 if (reg == 15 && ENABLE_ARCH_5) {
1019 gen_bx_excret(s, var);
1020 } else {
1021 store_reg(s, reg, var);
1022 }
1023 }
1024
1025 #ifdef CONFIG_USER_ONLY
1026 #define IS_USER_ONLY 1
1027 #else
1028 #define IS_USER_ONLY 0
1029 #endif
1030
1031 /* Abstractions of "generate code to do a guest load/store for
1032 * AArch32", where a vaddr is always 32 bits (and is zero
1033 * extended if we're a 64 bit core) and data is also
1034 * 32 bits unless specifically doing a 64 bit access.
1035 * These functions work like tcg_gen_qemu_{ld,st}* except
1036 * that the address argument is TCGv_i32 rather than TCGv.
1037 */
1038
1039 static inline TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, MemOp op)
1040 {
1041 TCGv addr = tcg_temp_new();
1042 tcg_gen_extu_i32_tl(addr, a32);
1043
1044 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1045 if (!IS_USER_ONLY && s->sctlr_b && (op & MO_SIZE) < MO_32) {
1046 tcg_gen_xori_tl(addr, addr, 4 - (1 << (op & MO_SIZE)));
1047 }
1048 return addr;
1049 }
1050
1051 static void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
1052 int index, MemOp opc)
1053 {
1054 TCGv addr;
1055
1056 if (arm_dc_feature(s, ARM_FEATURE_M) &&
1057 !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
1058 opc |= MO_ALIGN;
1059 }
1060
1061 addr = gen_aa32_addr(s, a32, opc);
1062 tcg_gen_qemu_ld_i32(val, addr, index, opc);
1063 tcg_temp_free(addr);
1064 }
1065
1066 static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
1067 int index, MemOp opc)
1068 {
1069 TCGv addr;
1070
1071 if (arm_dc_feature(s, ARM_FEATURE_M) &&
1072 !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
1073 opc |= MO_ALIGN;
1074 }
1075
1076 addr = gen_aa32_addr(s, a32, opc);
1077 tcg_gen_qemu_st_i32(val, addr, index, opc);
1078 tcg_temp_free(addr);
1079 }
1080
1081 #define DO_GEN_LD(SUFF, OPC) \
1082 static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val, \
1083 TCGv_i32 a32, int index) \
1084 { \
1085 gen_aa32_ld_i32(s, val, a32, index, OPC | s->be_data); \
1086 } \
1087 static inline void gen_aa32_ld##SUFF##_iss(DisasContext *s, \
1088 TCGv_i32 val, \
1089 TCGv_i32 a32, int index, \
1090 ISSInfo issinfo) \
1091 { \
1092 gen_aa32_ld##SUFF(s, val, a32, index); \
1093 disas_set_da_iss(s, OPC, issinfo); \
1094 }
1095
1096 #define DO_GEN_ST(SUFF, OPC) \
1097 static inline void gen_aa32_st##SUFF(DisasContext *s, TCGv_i32 val, \
1098 TCGv_i32 a32, int index) \
1099 { \
1100 gen_aa32_st_i32(s, val, a32, index, OPC | s->be_data); \
1101 } \
1102 static inline void gen_aa32_st##SUFF##_iss(DisasContext *s, \
1103 TCGv_i32 val, \
1104 TCGv_i32 a32, int index, \
1105 ISSInfo issinfo) \
1106 { \
1107 gen_aa32_st##SUFF(s, val, a32, index); \
1108 disas_set_da_iss(s, OPC, issinfo | ISSIsWrite); \
1109 }
1110
1111 static inline void gen_aa32_frob64(DisasContext *s, TCGv_i64 val)
1112 {
1113 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1114 if (!IS_USER_ONLY && s->sctlr_b) {
1115 tcg_gen_rotri_i64(val, val, 32);
1116 }
1117 }
1118
1119 static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
1120 int index, MemOp opc)
1121 {
1122 TCGv addr = gen_aa32_addr(s, a32, opc);
1123 tcg_gen_qemu_ld_i64(val, addr, index, opc);
1124 gen_aa32_frob64(s, val);
1125 tcg_temp_free(addr);
1126 }
1127
1128 static inline void gen_aa32_ld64(DisasContext *s, TCGv_i64 val,
1129 TCGv_i32 a32, int index)
1130 {
1131 gen_aa32_ld_i64(s, val, a32, index, MO_Q | s->be_data);
1132 }
1133
1134 static void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
1135 int index, MemOp opc)
1136 {
1137 TCGv addr = gen_aa32_addr(s, a32, opc);
1138
1139 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1140 if (!IS_USER_ONLY && s->sctlr_b) {
1141 TCGv_i64 tmp = tcg_temp_new_i64();
1142 tcg_gen_rotri_i64(tmp, val, 32);
1143 tcg_gen_qemu_st_i64(tmp, addr, index, opc);
1144 tcg_temp_free_i64(tmp);
1145 } else {
1146 tcg_gen_qemu_st_i64(val, addr, index, opc);
1147 }
1148 tcg_temp_free(addr);
1149 }
1150
1151 static inline void gen_aa32_st64(DisasContext *s, TCGv_i64 val,
1152 TCGv_i32 a32, int index)
1153 {
1154 gen_aa32_st_i64(s, val, a32, index, MO_Q | s->be_data);
1155 }
1156
1157 DO_GEN_LD(8s, MO_SB)
1158 DO_GEN_LD(8u, MO_UB)
1159 DO_GEN_LD(16s, MO_SW)
1160 DO_GEN_LD(16u, MO_UW)
1161 DO_GEN_LD(32u, MO_UL)
1162 DO_GEN_ST(8, MO_UB)
1163 DO_GEN_ST(16, MO_UW)
1164 DO_GEN_ST(32, MO_UL)
1165
1166 static inline void gen_hvc(DisasContext *s, int imm16)
1167 {
1168 /* The pre HVC helper handles cases when HVC gets trapped
1169 * as an undefined insn by runtime configuration (ie before
1170 * the insn really executes).
1171 */
1172 gen_set_pc_im(s, s->pc_curr);
1173 gen_helper_pre_hvc(cpu_env);
1174 /* Otherwise we will treat this as a real exception which
1175 * happens after execution of the insn. (The distinction matters
1176 * for the PC value reported to the exception handler and also
1177 * for single stepping.)
1178 */
1179 s->svc_imm = imm16;
1180 gen_set_pc_im(s, s->base.pc_next);
1181 s->base.is_jmp = DISAS_HVC;
1182 }
1183
1184 static inline void gen_smc(DisasContext *s)
1185 {
1186 /* As with HVC, we may take an exception either before or after
1187 * the insn executes.
1188 */
1189 TCGv_i32 tmp;
1190
1191 gen_set_pc_im(s, s->pc_curr);
1192 tmp = tcg_const_i32(syn_aa32_smc());
1193 gen_helper_pre_smc(cpu_env, tmp);
1194 tcg_temp_free_i32(tmp);
1195 gen_set_pc_im(s, s->base.pc_next);
1196 s->base.is_jmp = DISAS_SMC;
1197 }
1198
1199 static void gen_exception_internal_insn(DisasContext *s, uint32_t pc, int excp)
1200 {
1201 gen_set_condexec(s);
1202 gen_set_pc_im(s, pc);
1203 gen_exception_internal(excp);
1204 s->base.is_jmp = DISAS_NORETURN;
1205 }
1206
1207 static void gen_exception_insn(DisasContext *s, uint32_t pc, int excp,
1208 int syn, uint32_t target_el)
1209 {
1210 gen_set_condexec(s);
1211 gen_set_pc_im(s, pc);
1212 gen_exception(excp, syn, target_el);
1213 s->base.is_jmp = DISAS_NORETURN;
1214 }
1215
1216 static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
1217 {
1218 TCGv_i32 tcg_syn;
1219
1220 gen_set_condexec(s);
1221 gen_set_pc_im(s, s->pc_curr);
1222 tcg_syn = tcg_const_i32(syn);
1223 gen_helper_exception_bkpt_insn(cpu_env, tcg_syn);
1224 tcg_temp_free_i32(tcg_syn);
1225 s->base.is_jmp = DISAS_NORETURN;
1226 }
1227
1228 static void unallocated_encoding(DisasContext *s)
1229 {
1230 /* Unallocated and reserved encodings are uncategorized */
1231 gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
1232 default_exception_el(s));
1233 }
1234
1235 /* Force a TB lookup after an instruction that changes the CPU state. */
1236 static inline void gen_lookup_tb(DisasContext *s)
1237 {
1238 tcg_gen_movi_i32(cpu_R[15], s->base.pc_next);
1239 s->base.is_jmp = DISAS_EXIT;
1240 }
1241
1242 static inline void gen_hlt(DisasContext *s, int imm)
1243 {
1244 /* HLT. This has two purposes.
1245 * Architecturally, it is an external halting debug instruction.
1246 * Since QEMU doesn't implement external debug, we treat this as
1247 * it is required for halting debug disabled: it will UNDEF.
1248 * Secondly, "HLT 0x3C" is a T32 semihosting trap instruction,
1249 * and "HLT 0xF000" is an A32 semihosting syscall. These traps
1250 * must trigger semihosting even for ARMv7 and earlier, where
1251 * HLT was an undefined encoding.
1252 * In system mode, we don't allow userspace access to
1253 * semihosting, to provide some semblance of security
1254 * (and for consistency with our 32-bit semihosting).
1255 */
1256 if (semihosting_enabled() &&
1257 #ifndef CONFIG_USER_ONLY
1258 s->current_el != 0 &&
1259 #endif
1260 (imm == (s->thumb ? 0x3c : 0xf000))) {
1261 gen_exception_internal_insn(s, s->base.pc_next, EXCP_SEMIHOST);
1262 return;
1263 }
1264
1265 unallocated_encoding(s);
1266 }
1267
1268 static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
1269 TCGv_i32 var)
1270 {
1271 int val, rm, shift, shiftop;
1272 TCGv_i32 offset;
1273
1274 if (!(insn & (1 << 25))) {
1275 /* immediate */
1276 val = insn & 0xfff;
1277 if (!(insn & (1 << 23)))
1278 val = -val;
1279 if (val != 0)
1280 tcg_gen_addi_i32(var, var, val);
1281 } else {
1282 /* shift/register */
1283 rm = (insn) & 0xf;
1284 shift = (insn >> 7) & 0x1f;
1285 shiftop = (insn >> 5) & 3;
1286 offset = load_reg(s, rm);
1287 gen_arm_shift_im(offset, shiftop, shift, 0);
1288 if (!(insn & (1 << 23)))
1289 tcg_gen_sub_i32(var, var, offset);
1290 else
1291 tcg_gen_add_i32(var, var, offset);
1292 tcg_temp_free_i32(offset);
1293 }
1294 }
1295
1296 static inline void gen_add_datah_offset(DisasContext *s, unsigned int insn,
1297 int extra, TCGv_i32 var)
1298 {
1299 int val, rm;
1300 TCGv_i32 offset;
1301
1302 if (insn & (1 << 22)) {
1303 /* immediate */
1304 val = (insn & 0xf) | ((insn >> 4) & 0xf0);
1305 if (!(insn & (1 << 23)))
1306 val = -val;
1307 val += extra;
1308 if (val != 0)
1309 tcg_gen_addi_i32(var, var, val);
1310 } else {
1311 /* register */
1312 if (extra)
1313 tcg_gen_addi_i32(var, var, extra);
1314 rm = (insn) & 0xf;
1315 offset = load_reg(s, rm);
1316 if (!(insn & (1 << 23)))
1317 tcg_gen_sub_i32(var, var, offset);
1318 else
1319 tcg_gen_add_i32(var, var, offset);
1320 tcg_temp_free_i32(offset);
1321 }
1322 }
1323
1324 static TCGv_ptr get_fpstatus_ptr(int neon)
1325 {
1326 TCGv_ptr statusptr = tcg_temp_new_ptr();
1327 int offset;
1328 if (neon) {
1329 offset = offsetof(CPUARMState, vfp.standard_fp_status);
1330 } else {
1331 offset = offsetof(CPUARMState, vfp.fp_status);
1332 }
1333 tcg_gen_addi_ptr(statusptr, cpu_env, offset);
1334 return statusptr;
1335 }
1336
1337 static inline long vfp_reg_offset(bool dp, unsigned reg)
1338 {
1339 if (dp) {
1340 return offsetof(CPUARMState, vfp.zregs[reg >> 1].d[reg & 1]);
1341 } else {
1342 long ofs = offsetof(CPUARMState, vfp.zregs[reg >> 2].d[(reg >> 1) & 1]);
1343 if (reg & 1) {
1344 ofs += offsetof(CPU_DoubleU, l.upper);
1345 } else {
1346 ofs += offsetof(CPU_DoubleU, l.lower);
1347 }
1348 return ofs;
1349 }
1350 }
1351
1352 /* Return the offset of a 32-bit piece of a NEON register.
1353 zero is the least significant end of the register. */
1354 static inline long
1355 neon_reg_offset (int reg, int n)
1356 {
1357 int sreg;
1358 sreg = reg * 2 + n;
1359 return vfp_reg_offset(0, sreg);
1360 }
1361
1362 /* Return the offset of a 2**SIZE piece of a NEON register, at index ELE,
1363 * where 0 is the least significant end of the register.
1364 */
1365 static inline long
1366 neon_element_offset(int reg, int element, MemOp size)
1367 {
1368 int element_size = 1 << size;
1369 int ofs = element * element_size;
1370 #ifdef HOST_WORDS_BIGENDIAN
1371 /* Calculate the offset assuming fully little-endian,
1372 * then XOR to account for the order of the 8-byte units.
1373 */
1374 if (element_size < 8) {
1375 ofs ^= 8 - element_size;
1376 }
1377 #endif
1378 return neon_reg_offset(reg, 0) + ofs;
1379 }
1380
1381 static TCGv_i32 neon_load_reg(int reg, int pass)
1382 {
1383 TCGv_i32 tmp = tcg_temp_new_i32();
1384 tcg_gen_ld_i32(tmp, cpu_env, neon_reg_offset(reg, pass));
1385 return tmp;
1386 }
1387
1388 static void neon_load_element(TCGv_i32 var, int reg, int ele, MemOp mop)
1389 {
1390 long offset = neon_element_offset(reg, ele, mop & MO_SIZE);
1391
1392 switch (mop) {
1393 case MO_UB:
1394 tcg_gen_ld8u_i32(var, cpu_env, offset);
1395 break;
1396 case MO_UW:
1397 tcg_gen_ld16u_i32(var, cpu_env, offset);
1398 break;
1399 case MO_UL:
1400 tcg_gen_ld_i32(var, cpu_env, offset);
1401 break;
1402 default:
1403 g_assert_not_reached();
1404 }
1405 }
1406
1407 static void neon_load_element64(TCGv_i64 var, int reg, int ele, MemOp mop)
1408 {
1409 long offset = neon_element_offset(reg, ele, mop & MO_SIZE);
1410
1411 switch (mop) {
1412 case MO_UB:
1413 tcg_gen_ld8u_i64(var, cpu_env, offset);
1414 break;
1415 case MO_UW:
1416 tcg_gen_ld16u_i64(var, cpu_env, offset);
1417 break;
1418 case MO_UL:
1419 tcg_gen_ld32u_i64(var, cpu_env, offset);
1420 break;
1421 case MO_Q:
1422 tcg_gen_ld_i64(var, cpu_env, offset);
1423 break;
1424 default:
1425 g_assert_not_reached();
1426 }
1427 }
1428
1429 static void neon_store_reg(int reg, int pass, TCGv_i32 var)
1430 {
1431 tcg_gen_st_i32(var, cpu_env, neon_reg_offset(reg, pass));
1432 tcg_temp_free_i32(var);
1433 }
1434
1435 static void neon_store_element(int reg, int ele, MemOp size, TCGv_i32 var)
1436 {
1437 long offset = neon_element_offset(reg, ele, size);
1438
1439 switch (size) {
1440 case MO_8:
1441 tcg_gen_st8_i32(var, cpu_env, offset);
1442 break;
1443 case MO_16:
1444 tcg_gen_st16_i32(var, cpu_env, offset);
1445 break;
1446 case MO_32:
1447 tcg_gen_st_i32(var, cpu_env, offset);
1448 break;
1449 default:
1450 g_assert_not_reached();
1451 }
1452 }
1453
1454 static void neon_store_element64(int reg, int ele, MemOp size, TCGv_i64 var)
1455 {
1456 long offset = neon_element_offset(reg, ele, size);
1457
1458 switch (size) {
1459 case MO_8:
1460 tcg_gen_st8_i64(var, cpu_env, offset);
1461 break;
1462 case MO_16:
1463 tcg_gen_st16_i64(var, cpu_env, offset);
1464 break;
1465 case MO_32:
1466 tcg_gen_st32_i64(var, cpu_env, offset);
1467 break;
1468 case MO_64:
1469 tcg_gen_st_i64(var, cpu_env, offset);
1470 break;
1471 default:
1472 g_assert_not_reached();
1473 }
1474 }
1475
1476 static inline void neon_load_reg64(TCGv_i64 var, int reg)
1477 {
1478 tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(1, reg));
1479 }
1480
1481 static inline void neon_store_reg64(TCGv_i64 var, int reg)
1482 {
1483 tcg_gen_st_i64(var, cpu_env, vfp_reg_offset(1, reg));
1484 }
1485
1486 static inline void neon_load_reg32(TCGv_i32 var, int reg)
1487 {
1488 tcg_gen_ld_i32(var, cpu_env, vfp_reg_offset(false, reg));
1489 }
1490
1491 static inline void neon_store_reg32(TCGv_i32 var, int reg)
1492 {
1493 tcg_gen_st_i32(var, cpu_env, vfp_reg_offset(false, reg));
1494 }
1495
1496 static TCGv_ptr vfp_reg_ptr(bool dp, int reg)
1497 {
1498 TCGv_ptr ret = tcg_temp_new_ptr();
1499 tcg_gen_addi_ptr(ret, cpu_env, vfp_reg_offset(dp, reg));
1500 return ret;
1501 }
1502
1503 #define ARM_CP_RW_BIT (1 << 20)
1504
1505 /* Include the VFP decoder */
1506 #include "translate-vfp.inc.c"
1507
1508 static inline void iwmmxt_load_reg(TCGv_i64 var, int reg)
1509 {
1510 tcg_gen_ld_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1511 }
1512
1513 static inline void iwmmxt_store_reg(TCGv_i64 var, int reg)
1514 {
1515 tcg_gen_st_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1516 }
1517
1518 static inline TCGv_i32 iwmmxt_load_creg(int reg)
1519 {
1520 TCGv_i32 var = tcg_temp_new_i32();
1521 tcg_gen_ld_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1522 return var;
1523 }
1524
1525 static inline void iwmmxt_store_creg(int reg, TCGv_i32 var)
1526 {
1527 tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1528 tcg_temp_free_i32(var);
1529 }
1530
1531 static inline void gen_op_iwmmxt_movq_wRn_M0(int rn)
1532 {
1533 iwmmxt_store_reg(cpu_M0, rn);
1534 }
1535
1536 static inline void gen_op_iwmmxt_movq_M0_wRn(int rn)
1537 {
1538 iwmmxt_load_reg(cpu_M0, rn);
1539 }
1540
1541 static inline void gen_op_iwmmxt_orq_M0_wRn(int rn)
1542 {
1543 iwmmxt_load_reg(cpu_V1, rn);
1544 tcg_gen_or_i64(cpu_M0, cpu_M0, cpu_V1);
1545 }
1546
1547 static inline void gen_op_iwmmxt_andq_M0_wRn(int rn)
1548 {
1549 iwmmxt_load_reg(cpu_V1, rn);
1550 tcg_gen_and_i64(cpu_M0, cpu_M0, cpu_V1);
1551 }
1552
1553 static inline void gen_op_iwmmxt_xorq_M0_wRn(int rn)
1554 {
1555 iwmmxt_load_reg(cpu_V1, rn);
1556 tcg_gen_xor_i64(cpu_M0, cpu_M0, cpu_V1);
1557 }
1558
1559 #define IWMMXT_OP(name) \
1560 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1561 { \
1562 iwmmxt_load_reg(cpu_V1, rn); \
1563 gen_helper_iwmmxt_##name(cpu_M0, cpu_M0, cpu_V1); \
1564 }
1565
1566 #define IWMMXT_OP_ENV(name) \
1567 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1568 { \
1569 iwmmxt_load_reg(cpu_V1, rn); \
1570 gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0, cpu_V1); \
1571 }
1572
1573 #define IWMMXT_OP_ENV_SIZE(name) \
1574 IWMMXT_OP_ENV(name##b) \
1575 IWMMXT_OP_ENV(name##w) \
1576 IWMMXT_OP_ENV(name##l)
1577
1578 #define IWMMXT_OP_ENV1(name) \
1579 static inline void gen_op_iwmmxt_##name##_M0(void) \
1580 { \
1581 gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0); \
1582 }
1583
1584 IWMMXT_OP(maddsq)
1585 IWMMXT_OP(madduq)
1586 IWMMXT_OP(sadb)
1587 IWMMXT_OP(sadw)
1588 IWMMXT_OP(mulslw)
1589 IWMMXT_OP(mulshw)
1590 IWMMXT_OP(mululw)
1591 IWMMXT_OP(muluhw)
1592 IWMMXT_OP(macsw)
1593 IWMMXT_OP(macuw)
1594
1595 IWMMXT_OP_ENV_SIZE(unpackl)
1596 IWMMXT_OP_ENV_SIZE(unpackh)
1597
1598 IWMMXT_OP_ENV1(unpacklub)
1599 IWMMXT_OP_ENV1(unpackluw)
1600 IWMMXT_OP_ENV1(unpacklul)
1601 IWMMXT_OP_ENV1(unpackhub)
1602 IWMMXT_OP_ENV1(unpackhuw)
1603 IWMMXT_OP_ENV1(unpackhul)
1604 IWMMXT_OP_ENV1(unpacklsb)
1605 IWMMXT_OP_ENV1(unpacklsw)
1606 IWMMXT_OP_ENV1(unpacklsl)
1607 IWMMXT_OP_ENV1(unpackhsb)
1608 IWMMXT_OP_ENV1(unpackhsw)
1609 IWMMXT_OP_ENV1(unpackhsl)
1610
1611 IWMMXT_OP_ENV_SIZE(cmpeq)
1612 IWMMXT_OP_ENV_SIZE(cmpgtu)
1613 IWMMXT_OP_ENV_SIZE(cmpgts)
1614
1615 IWMMXT_OP_ENV_SIZE(mins)
1616 IWMMXT_OP_ENV_SIZE(minu)
1617 IWMMXT_OP_ENV_SIZE(maxs)
1618 IWMMXT_OP_ENV_SIZE(maxu)
1619
1620 IWMMXT_OP_ENV_SIZE(subn)
1621 IWMMXT_OP_ENV_SIZE(addn)
1622 IWMMXT_OP_ENV_SIZE(subu)
1623 IWMMXT_OP_ENV_SIZE(addu)
1624 IWMMXT_OP_ENV_SIZE(subs)
1625 IWMMXT_OP_ENV_SIZE(adds)
1626
1627 IWMMXT_OP_ENV(avgb0)
1628 IWMMXT_OP_ENV(avgb1)
1629 IWMMXT_OP_ENV(avgw0)
1630 IWMMXT_OP_ENV(avgw1)
1631
1632 IWMMXT_OP_ENV(packuw)
1633 IWMMXT_OP_ENV(packul)
1634 IWMMXT_OP_ENV(packuq)
1635 IWMMXT_OP_ENV(packsw)
1636 IWMMXT_OP_ENV(packsl)
1637 IWMMXT_OP_ENV(packsq)
1638
1639 static void gen_op_iwmmxt_set_mup(void)
1640 {
1641 TCGv_i32 tmp;
1642 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1643 tcg_gen_ori_i32(tmp, tmp, 2);
1644 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1645 }
1646
1647 static void gen_op_iwmmxt_set_cup(void)
1648 {
1649 TCGv_i32 tmp;
1650 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1651 tcg_gen_ori_i32(tmp, tmp, 1);
1652 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1653 }
1654
1655 static void gen_op_iwmmxt_setpsr_nz(void)
1656 {
1657 TCGv_i32 tmp = tcg_temp_new_i32();
1658 gen_helper_iwmmxt_setpsr_nz(tmp, cpu_M0);
1659 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCASF]);
1660 }
1661
1662 static inline void gen_op_iwmmxt_addl_M0_wRn(int rn)
1663 {
1664 iwmmxt_load_reg(cpu_V1, rn);
1665 tcg_gen_ext32u_i64(cpu_V1, cpu_V1);
1666 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
1667 }
1668
1669 static inline int gen_iwmmxt_address(DisasContext *s, uint32_t insn,
1670 TCGv_i32 dest)
1671 {
1672 int rd;
1673 uint32_t offset;
1674 TCGv_i32 tmp;
1675
1676 rd = (insn >> 16) & 0xf;
1677 tmp = load_reg(s, rd);
1678
1679 offset = (insn & 0xff) << ((insn >> 7) & 2);
1680 if (insn & (1 << 24)) {
1681 /* Pre indexed */
1682 if (insn & (1 << 23))
1683 tcg_gen_addi_i32(tmp, tmp, offset);
1684 else
1685 tcg_gen_addi_i32(tmp, tmp, -offset);
1686 tcg_gen_mov_i32(dest, tmp);
1687 if (insn & (1 << 21))
1688 store_reg(s, rd, tmp);
1689 else
1690 tcg_temp_free_i32(tmp);
1691 } else if (insn & (1 << 21)) {
1692 /* Post indexed */
1693 tcg_gen_mov_i32(dest, tmp);
1694 if (insn & (1 << 23))
1695 tcg_gen_addi_i32(tmp, tmp, offset);
1696 else
1697 tcg_gen_addi_i32(tmp, tmp, -offset);
1698 store_reg(s, rd, tmp);
1699 } else if (!(insn & (1 << 23)))
1700 return 1;
1701 return 0;
1702 }
1703
1704 static inline int gen_iwmmxt_shift(uint32_t insn, uint32_t mask, TCGv_i32 dest)
1705 {
1706 int rd = (insn >> 0) & 0xf;
1707 TCGv_i32 tmp;
1708
1709 if (insn & (1 << 8)) {
1710 if (rd < ARM_IWMMXT_wCGR0 || rd > ARM_IWMMXT_wCGR3) {
1711 return 1;
1712 } else {
1713 tmp = iwmmxt_load_creg(rd);
1714 }
1715 } else {
1716 tmp = tcg_temp_new_i32();
1717 iwmmxt_load_reg(cpu_V0, rd);
1718 tcg_gen_extrl_i64_i32(tmp, cpu_V0);
1719 }
1720 tcg_gen_andi_i32(tmp, tmp, mask);
1721 tcg_gen_mov_i32(dest, tmp);
1722 tcg_temp_free_i32(tmp);
1723 return 0;
1724 }
1725
1726 /* Disassemble an iwMMXt instruction. Returns nonzero if an error occurred
1727 (ie. an undefined instruction). */
1728 static int disas_iwmmxt_insn(DisasContext *s, uint32_t insn)
1729 {
1730 int rd, wrd;
1731 int rdhi, rdlo, rd0, rd1, i;
1732 TCGv_i32 addr;
1733 TCGv_i32 tmp, tmp2, tmp3;
1734
1735 if ((insn & 0x0e000e00) == 0x0c000000) {
1736 if ((insn & 0x0fe00ff0) == 0x0c400000) {
1737 wrd = insn & 0xf;
1738 rdlo = (insn >> 12) & 0xf;
1739 rdhi = (insn >> 16) & 0xf;
1740 if (insn & ARM_CP_RW_BIT) { /* TMRRC */
1741 iwmmxt_load_reg(cpu_V0, wrd);
1742 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
1743 tcg_gen_extrh_i64_i32(cpu_R[rdhi], cpu_V0);
1744 } else { /* TMCRR */
1745 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
1746 iwmmxt_store_reg(cpu_V0, wrd);
1747 gen_op_iwmmxt_set_mup();
1748 }
1749 return 0;
1750 }
1751
1752 wrd = (insn >> 12) & 0xf;
1753 addr = tcg_temp_new_i32();
1754 if (gen_iwmmxt_address(s, insn, addr)) {
1755 tcg_temp_free_i32(addr);
1756 return 1;
1757 }
1758 if (insn & ARM_CP_RW_BIT) {
1759 if ((insn >> 28) == 0xf) { /* WLDRW wCx */
1760 tmp = tcg_temp_new_i32();
1761 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1762 iwmmxt_store_creg(wrd, tmp);
1763 } else {
1764 i = 1;
1765 if (insn & (1 << 8)) {
1766 if (insn & (1 << 22)) { /* WLDRD */
1767 gen_aa32_ld64(s, cpu_M0, addr, get_mem_index(s));
1768 i = 0;
1769 } else { /* WLDRW wRd */
1770 tmp = tcg_temp_new_i32();
1771 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1772 }
1773 } else {
1774 tmp = tcg_temp_new_i32();
1775 if (insn & (1 << 22)) { /* WLDRH */
1776 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
1777 } else { /* WLDRB */
1778 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
1779 }
1780 }
1781 if (i) {
1782 tcg_gen_extu_i32_i64(cpu_M0, tmp);
1783 tcg_temp_free_i32(tmp);
1784 }
1785 gen_op_iwmmxt_movq_wRn_M0(wrd);
1786 }
1787 } else {
1788 if ((insn >> 28) == 0xf) { /* WSTRW wCx */
1789 tmp = iwmmxt_load_creg(wrd);
1790 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1791 } else {
1792 gen_op_iwmmxt_movq_M0_wRn(wrd);
1793 tmp = tcg_temp_new_i32();
1794 if (insn & (1 << 8)) {
1795 if (insn & (1 << 22)) { /* WSTRD */
1796 gen_aa32_st64(s, cpu_M0, addr, get_mem_index(s));
1797 } else { /* WSTRW wRd */
1798 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1799 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1800 }
1801 } else {
1802 if (insn & (1 << 22)) { /* WSTRH */
1803 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1804 gen_aa32_st16(s, tmp, addr, get_mem_index(s));
1805 } else { /* WSTRB */
1806 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1807 gen_aa32_st8(s, tmp, addr, get_mem_index(s));
1808 }
1809 }
1810 }
1811 tcg_temp_free_i32(tmp);
1812 }
1813 tcg_temp_free_i32(addr);
1814 return 0;
1815 }
1816
1817 if ((insn & 0x0f000000) != 0x0e000000)
1818 return 1;
1819
1820 switch (((insn >> 12) & 0xf00) | ((insn >> 4) & 0xff)) {
1821 case 0x000: /* WOR */
1822 wrd = (insn >> 12) & 0xf;
1823 rd0 = (insn >> 0) & 0xf;
1824 rd1 = (insn >> 16) & 0xf;
1825 gen_op_iwmmxt_movq_M0_wRn(rd0);
1826 gen_op_iwmmxt_orq_M0_wRn(rd1);
1827 gen_op_iwmmxt_setpsr_nz();
1828 gen_op_iwmmxt_movq_wRn_M0(wrd);
1829 gen_op_iwmmxt_set_mup();
1830 gen_op_iwmmxt_set_cup();
1831 break;
1832 case 0x011: /* TMCR */
1833 if (insn & 0xf)
1834 return 1;
1835 rd = (insn >> 12) & 0xf;
1836 wrd = (insn >> 16) & 0xf;
1837 switch (wrd) {
1838 case ARM_IWMMXT_wCID:
1839 case ARM_IWMMXT_wCASF:
1840 break;
1841 case ARM_IWMMXT_wCon:
1842 gen_op_iwmmxt_set_cup();
1843 /* Fall through. */
1844 case ARM_IWMMXT_wCSSF:
1845 tmp = iwmmxt_load_creg(wrd);
1846 tmp2 = load_reg(s, rd);
1847 tcg_gen_andc_i32(tmp, tmp, tmp2);
1848 tcg_temp_free_i32(tmp2);
1849 iwmmxt_store_creg(wrd, tmp);
1850 break;
1851 case ARM_IWMMXT_wCGR0:
1852 case ARM_IWMMXT_wCGR1:
1853 case ARM_IWMMXT_wCGR2:
1854 case ARM_IWMMXT_wCGR3:
1855 gen_op_iwmmxt_set_cup();
1856 tmp = load_reg(s, rd);
1857 iwmmxt_store_creg(wrd, tmp);
1858 break;
1859 default:
1860 return 1;
1861 }
1862 break;
1863 case 0x100: /* WXOR */
1864 wrd = (insn >> 12) & 0xf;
1865 rd0 = (insn >> 0) & 0xf;
1866 rd1 = (insn >> 16) & 0xf;
1867 gen_op_iwmmxt_movq_M0_wRn(rd0);
1868 gen_op_iwmmxt_xorq_M0_wRn(rd1);
1869 gen_op_iwmmxt_setpsr_nz();
1870 gen_op_iwmmxt_movq_wRn_M0(wrd);
1871 gen_op_iwmmxt_set_mup();
1872 gen_op_iwmmxt_set_cup();
1873 break;
1874 case 0x111: /* TMRC */
1875 if (insn & 0xf)
1876 return 1;
1877 rd = (insn >> 12) & 0xf;
1878 wrd = (insn >> 16) & 0xf;
1879 tmp = iwmmxt_load_creg(wrd);
1880 store_reg(s, rd, tmp);
1881 break;
1882 case 0x300: /* WANDN */
1883 wrd = (insn >> 12) & 0xf;
1884 rd0 = (insn >> 0) & 0xf;
1885 rd1 = (insn >> 16) & 0xf;
1886 gen_op_iwmmxt_movq_M0_wRn(rd0);
1887 tcg_gen_neg_i64(cpu_M0, cpu_M0);
1888 gen_op_iwmmxt_andq_M0_wRn(rd1);
1889 gen_op_iwmmxt_setpsr_nz();
1890 gen_op_iwmmxt_movq_wRn_M0(wrd);
1891 gen_op_iwmmxt_set_mup();
1892 gen_op_iwmmxt_set_cup();
1893 break;
1894 case 0x200: /* WAND */
1895 wrd = (insn >> 12) & 0xf;
1896 rd0 = (insn >> 0) & 0xf;
1897 rd1 = (insn >> 16) & 0xf;
1898 gen_op_iwmmxt_movq_M0_wRn(rd0);
1899 gen_op_iwmmxt_andq_M0_wRn(rd1);
1900 gen_op_iwmmxt_setpsr_nz();
1901 gen_op_iwmmxt_movq_wRn_M0(wrd);
1902 gen_op_iwmmxt_set_mup();
1903 gen_op_iwmmxt_set_cup();
1904 break;
1905 case 0x810: case 0xa10: /* WMADD */
1906 wrd = (insn >> 12) & 0xf;
1907 rd0 = (insn >> 0) & 0xf;
1908 rd1 = (insn >> 16) & 0xf;
1909 gen_op_iwmmxt_movq_M0_wRn(rd0);
1910 if (insn & (1 << 21))
1911 gen_op_iwmmxt_maddsq_M0_wRn(rd1);
1912 else
1913 gen_op_iwmmxt_madduq_M0_wRn(rd1);
1914 gen_op_iwmmxt_movq_wRn_M0(wrd);
1915 gen_op_iwmmxt_set_mup();
1916 break;
1917 case 0x10e: case 0x50e: case 0x90e: case 0xd0e: /* WUNPCKIL */
1918 wrd = (insn >> 12) & 0xf;
1919 rd0 = (insn >> 16) & 0xf;
1920 rd1 = (insn >> 0) & 0xf;
1921 gen_op_iwmmxt_movq_M0_wRn(rd0);
1922 switch ((insn >> 22) & 3) {
1923 case 0:
1924 gen_op_iwmmxt_unpacklb_M0_wRn(rd1);
1925 break;
1926 case 1:
1927 gen_op_iwmmxt_unpacklw_M0_wRn(rd1);
1928 break;
1929 case 2:
1930 gen_op_iwmmxt_unpackll_M0_wRn(rd1);
1931 break;
1932 case 3:
1933 return 1;
1934 }
1935 gen_op_iwmmxt_movq_wRn_M0(wrd);
1936 gen_op_iwmmxt_set_mup();
1937 gen_op_iwmmxt_set_cup();
1938 break;
1939 case 0x10c: case 0x50c: case 0x90c: case 0xd0c: /* WUNPCKIH */
1940 wrd = (insn >> 12) & 0xf;
1941 rd0 = (insn >> 16) & 0xf;
1942 rd1 = (insn >> 0) & 0xf;
1943 gen_op_iwmmxt_movq_M0_wRn(rd0);
1944 switch ((insn >> 22) & 3) {
1945 case 0:
1946 gen_op_iwmmxt_unpackhb_M0_wRn(rd1);
1947 break;
1948 case 1:
1949 gen_op_iwmmxt_unpackhw_M0_wRn(rd1);
1950 break;
1951 case 2:
1952 gen_op_iwmmxt_unpackhl_M0_wRn(rd1);
1953 break;
1954 case 3:
1955 return 1;
1956 }
1957 gen_op_iwmmxt_movq_wRn_M0(wrd);
1958 gen_op_iwmmxt_set_mup();
1959 gen_op_iwmmxt_set_cup();
1960 break;
1961 case 0x012: case 0x112: case 0x412: case 0x512: /* WSAD */
1962 wrd = (insn >> 12) & 0xf;
1963 rd0 = (insn >> 16) & 0xf;
1964 rd1 = (insn >> 0) & 0xf;
1965 gen_op_iwmmxt_movq_M0_wRn(rd0);
1966 if (insn & (1 << 22))
1967 gen_op_iwmmxt_sadw_M0_wRn(rd1);
1968 else
1969 gen_op_iwmmxt_sadb_M0_wRn(rd1);
1970 if (!(insn & (1 << 20)))
1971 gen_op_iwmmxt_addl_M0_wRn(wrd);
1972 gen_op_iwmmxt_movq_wRn_M0(wrd);
1973 gen_op_iwmmxt_set_mup();
1974 break;
1975 case 0x010: case 0x110: case 0x210: case 0x310: /* WMUL */
1976 wrd = (insn >> 12) & 0xf;
1977 rd0 = (insn >> 16) & 0xf;
1978 rd1 = (insn >> 0) & 0xf;
1979 gen_op_iwmmxt_movq_M0_wRn(rd0);
1980 if (insn & (1 << 21)) {
1981 if (insn & (1 << 20))
1982 gen_op_iwmmxt_mulshw_M0_wRn(rd1);
1983 else
1984 gen_op_iwmmxt_mulslw_M0_wRn(rd1);
1985 } else {
1986 if (insn & (1 << 20))
1987 gen_op_iwmmxt_muluhw_M0_wRn(rd1);
1988 else
1989 gen_op_iwmmxt_mululw_M0_wRn(rd1);
1990 }
1991 gen_op_iwmmxt_movq_wRn_M0(wrd);
1992 gen_op_iwmmxt_set_mup();
1993 break;
1994 case 0x410: case 0x510: case 0x610: case 0x710: /* WMAC */
1995 wrd = (insn >> 12) & 0xf;
1996 rd0 = (insn >> 16) & 0xf;
1997 rd1 = (insn >> 0) & 0xf;
1998 gen_op_iwmmxt_movq_M0_wRn(rd0);
1999 if (insn & (1 << 21))
2000 gen_op_iwmmxt_macsw_M0_wRn(rd1);
2001 else
2002 gen_op_iwmmxt_macuw_M0_wRn(rd1);
2003 if (!(insn & (1 << 20))) {
2004 iwmmxt_load_reg(cpu_V1, wrd);
2005 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
2006 }
2007 gen_op_iwmmxt_movq_wRn_M0(wrd);
2008 gen_op_iwmmxt_set_mup();
2009 break;
2010 case 0x006: case 0x406: case 0x806: case 0xc06: /* WCMPEQ */
2011 wrd = (insn >> 12) & 0xf;
2012 rd0 = (insn >> 16) & 0xf;
2013 rd1 = (insn >> 0) & 0xf;
2014 gen_op_iwmmxt_movq_M0_wRn(rd0);
2015 switch ((insn >> 22) & 3) {
2016 case 0:
2017 gen_op_iwmmxt_cmpeqb_M0_wRn(rd1);
2018 break;
2019 case 1:
2020 gen_op_iwmmxt_cmpeqw_M0_wRn(rd1);
2021 break;
2022 case 2:
2023 gen_op_iwmmxt_cmpeql_M0_wRn(rd1);
2024 break;
2025 case 3:
2026 return 1;
2027 }
2028 gen_op_iwmmxt_movq_wRn_M0(wrd);
2029 gen_op_iwmmxt_set_mup();
2030 gen_op_iwmmxt_set_cup();
2031 break;
2032 case 0x800: case 0x900: case 0xc00: case 0xd00: /* WAVG2 */
2033 wrd = (insn >> 12) & 0xf;
2034 rd0 = (insn >> 16) & 0xf;
2035 rd1 = (insn >> 0) & 0xf;
2036 gen_op_iwmmxt_movq_M0_wRn(rd0);
2037 if (insn & (1 << 22)) {
2038 if (insn & (1 << 20))
2039 gen_op_iwmmxt_avgw1_M0_wRn(rd1);
2040 else
2041 gen_op_iwmmxt_avgw0_M0_wRn(rd1);
2042 } else {
2043 if (insn & (1 << 20))
2044 gen_op_iwmmxt_avgb1_M0_wRn(rd1);
2045 else
2046 gen_op_iwmmxt_avgb0_M0_wRn(rd1);
2047 }
2048 gen_op_iwmmxt_movq_wRn_M0(wrd);
2049 gen_op_iwmmxt_set_mup();
2050 gen_op_iwmmxt_set_cup();
2051 break;
2052 case 0x802: case 0x902: case 0xa02: case 0xb02: /* WALIGNR */
2053 wrd = (insn >> 12) & 0xf;
2054 rd0 = (insn >> 16) & 0xf;
2055 rd1 = (insn >> 0) & 0xf;
2056 gen_op_iwmmxt_movq_M0_wRn(rd0);
2057 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCGR0 + ((insn >> 20) & 3));
2058 tcg_gen_andi_i32(tmp, tmp, 7);
2059 iwmmxt_load_reg(cpu_V1, rd1);
2060 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2061 tcg_temp_free_i32(tmp);
2062 gen_op_iwmmxt_movq_wRn_M0(wrd);
2063 gen_op_iwmmxt_set_mup();
2064 break;
2065 case 0x601: case 0x605: case 0x609: case 0x60d: /* TINSR */
2066 if (((insn >> 6) & 3) == 3)
2067 return 1;
2068 rd = (insn >> 12) & 0xf;
2069 wrd = (insn >> 16) & 0xf;
2070 tmp = load_reg(s, rd);
2071 gen_op_iwmmxt_movq_M0_wRn(wrd);
2072 switch ((insn >> 6) & 3) {
2073 case 0:
2074 tmp2 = tcg_const_i32(0xff);
2075 tmp3 = tcg_const_i32((insn & 7) << 3);
2076 break;
2077 case 1:
2078 tmp2 = tcg_const_i32(0xffff);
2079 tmp3 = tcg_const_i32((insn & 3) << 4);
2080 break;
2081 case 2:
2082 tmp2 = tcg_const_i32(0xffffffff);
2083 tmp3 = tcg_const_i32((insn & 1) << 5);
2084 break;
2085 default:
2086 tmp2 = NULL;
2087 tmp3 = NULL;
2088 }
2089 gen_helper_iwmmxt_insr(cpu_M0, cpu_M0, tmp, tmp2, tmp3);
2090 tcg_temp_free_i32(tmp3);
2091 tcg_temp_free_i32(tmp2);
2092 tcg_temp_free_i32(tmp);
2093 gen_op_iwmmxt_movq_wRn_M0(wrd);
2094 gen_op_iwmmxt_set_mup();
2095 break;
2096 case 0x107: case 0x507: case 0x907: case 0xd07: /* TEXTRM */
2097 rd = (insn >> 12) & 0xf;
2098 wrd = (insn >> 16) & 0xf;
2099 if (rd == 15 || ((insn >> 22) & 3) == 3)
2100 return 1;
2101 gen_op_iwmmxt_movq_M0_wRn(wrd);
2102 tmp = tcg_temp_new_i32();
2103 switch ((insn >> 22) & 3) {
2104 case 0:
2105 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 7) << 3);
2106 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2107 if (insn & 8) {
2108 tcg_gen_ext8s_i32(tmp, tmp);
2109 } else {
2110 tcg_gen_andi_i32(tmp, tmp, 0xff);
2111 }
2112 break;
2113 case 1:
2114 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 3) << 4);
2115 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2116 if (insn & 8) {
2117 tcg_gen_ext16s_i32(tmp, tmp);
2118 } else {
2119 tcg_gen_andi_i32(tmp, tmp, 0xffff);
2120 }
2121 break;
2122 case 2:
2123 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 1) << 5);
2124 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2125 break;
2126 }
2127 store_reg(s, rd, tmp);
2128 break;
2129 case 0x117: case 0x517: case 0x917: case 0xd17: /* TEXTRC */
2130 if ((insn & 0x000ff008) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2131 return 1;
2132 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2133 switch ((insn >> 22) & 3) {
2134 case 0:
2135 tcg_gen_shri_i32(tmp, tmp, ((insn & 7) << 2) + 0);
2136 break;
2137 case 1:
2138 tcg_gen_shri_i32(tmp, tmp, ((insn & 3) << 3) + 4);
2139 break;
2140 case 2:
2141 tcg_gen_shri_i32(tmp, tmp, ((insn & 1) << 4) + 12);
2142 break;
2143 }
2144 tcg_gen_shli_i32(tmp, tmp, 28);
2145 gen_set_nzcv(tmp);
2146 tcg_temp_free_i32(tmp);
2147 break;
2148 case 0x401: case 0x405: case 0x409: case 0x40d: /* TBCST */
2149 if (((insn >> 6) & 3) == 3)
2150 return 1;
2151 rd = (insn >> 12) & 0xf;
2152 wrd = (insn >> 16) & 0xf;
2153 tmp = load_reg(s, rd);
2154 switch ((insn >> 6) & 3) {
2155 case 0:
2156 gen_helper_iwmmxt_bcstb(cpu_M0, tmp);
2157 break;
2158 case 1:
2159 gen_helper_iwmmxt_bcstw(cpu_M0, tmp);
2160 break;
2161 case 2:
2162 gen_helper_iwmmxt_bcstl(cpu_M0, tmp);
2163 break;
2164 }
2165 tcg_temp_free_i32(tmp);
2166 gen_op_iwmmxt_movq_wRn_M0(wrd);
2167 gen_op_iwmmxt_set_mup();
2168 break;
2169 case 0x113: case 0x513: case 0x913: case 0xd13: /* TANDC */
2170 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2171 return 1;
2172 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2173 tmp2 = tcg_temp_new_i32();
2174 tcg_gen_mov_i32(tmp2, tmp);
2175 switch ((insn >> 22) & 3) {
2176 case 0:
2177 for (i = 0; i < 7; i ++) {
2178 tcg_gen_shli_i32(tmp2, tmp2, 4);
2179 tcg_gen_and_i32(tmp, tmp, tmp2);
2180 }
2181 break;
2182 case 1:
2183 for (i = 0; i < 3; i ++) {
2184 tcg_gen_shli_i32(tmp2, tmp2, 8);
2185 tcg_gen_and_i32(tmp, tmp, tmp2);
2186 }
2187 break;
2188 case 2:
2189 tcg_gen_shli_i32(tmp2, tmp2, 16);
2190 tcg_gen_and_i32(tmp, tmp, tmp2);
2191 break;
2192 }
2193 gen_set_nzcv(tmp);
2194 tcg_temp_free_i32(tmp2);
2195 tcg_temp_free_i32(tmp);
2196 break;
2197 case 0x01c: case 0x41c: case 0x81c: case 0xc1c: /* WACC */
2198 wrd = (insn >> 12) & 0xf;
2199 rd0 = (insn >> 16) & 0xf;
2200 gen_op_iwmmxt_movq_M0_wRn(rd0);
2201 switch ((insn >> 22) & 3) {
2202 case 0:
2203 gen_helper_iwmmxt_addcb(cpu_M0, cpu_M0);
2204 break;
2205 case 1:
2206 gen_helper_iwmmxt_addcw(cpu_M0, cpu_M0);
2207 break;
2208 case 2:
2209 gen_helper_iwmmxt_addcl(cpu_M0, cpu_M0);
2210 break;
2211 case 3:
2212 return 1;
2213 }
2214 gen_op_iwmmxt_movq_wRn_M0(wrd);
2215 gen_op_iwmmxt_set_mup();
2216 break;
2217 case 0x115: case 0x515: case 0x915: case 0xd15: /* TORC */
2218 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2219 return 1;
2220 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2221 tmp2 = tcg_temp_new_i32();
2222 tcg_gen_mov_i32(tmp2, tmp);
2223 switch ((insn >> 22) & 3) {
2224 case 0:
2225 for (i = 0; i < 7; i ++) {
2226 tcg_gen_shli_i32(tmp2, tmp2, 4);
2227 tcg_gen_or_i32(tmp, tmp, tmp2);
2228 }
2229 break;
2230 case 1:
2231 for (i = 0; i < 3; i ++) {
2232 tcg_gen_shli_i32(tmp2, tmp2, 8);
2233 tcg_gen_or_i32(tmp, tmp, tmp2);
2234 }
2235 break;
2236 case 2:
2237 tcg_gen_shli_i32(tmp2, tmp2, 16);
2238 tcg_gen_or_i32(tmp, tmp, tmp2);
2239 break;
2240 }
2241 gen_set_nzcv(tmp);
2242 tcg_temp_free_i32(tmp2);
2243 tcg_temp_free_i32(tmp);
2244 break;
2245 case 0x103: case 0x503: case 0x903: case 0xd03: /* TMOVMSK */
2246 rd = (insn >> 12) & 0xf;
2247 rd0 = (insn >> 16) & 0xf;
2248 if ((insn & 0xf) != 0 || ((insn >> 22) & 3) == 3)
2249 return 1;
2250 gen_op_iwmmxt_movq_M0_wRn(rd0);
2251 tmp = tcg_temp_new_i32();
2252 switch ((insn >> 22) & 3) {
2253 case 0:
2254 gen_helper_iwmmxt_msbb(tmp, cpu_M0);
2255 break;
2256 case 1:
2257 gen_helper_iwmmxt_msbw(tmp, cpu_M0);
2258 break;
2259 case 2:
2260 gen_helper_iwmmxt_msbl(tmp, cpu_M0);
2261 break;
2262 }
2263 store_reg(s, rd, tmp);
2264 break;
2265 case 0x106: case 0x306: case 0x506: case 0x706: /* WCMPGT */
2266 case 0x906: case 0xb06: case 0xd06: case 0xf06:
2267 wrd = (insn >> 12) & 0xf;
2268 rd0 = (insn >> 16) & 0xf;
2269 rd1 = (insn >> 0) & 0xf;
2270 gen_op_iwmmxt_movq_M0_wRn(rd0);
2271 switch ((insn >> 22) & 3) {
2272 case 0:
2273 if (insn & (1 << 21))
2274 gen_op_iwmmxt_cmpgtsb_M0_wRn(rd1);
2275 else
2276 gen_op_iwmmxt_cmpgtub_M0_wRn(rd1);
2277 break;
2278 case 1:
2279 if (insn & (1 << 21))
2280 gen_op_iwmmxt_cmpgtsw_M0_wRn(rd1);
2281 else
2282 gen_op_iwmmxt_cmpgtuw_M0_wRn(rd1);
2283 break;
2284 case 2:
2285 if (insn & (1 << 21))
2286 gen_op_iwmmxt_cmpgtsl_M0_wRn(rd1);
2287 else
2288 gen_op_iwmmxt_cmpgtul_M0_wRn(rd1);
2289 break;
2290 case 3:
2291 return 1;
2292 }
2293 gen_op_iwmmxt_movq_wRn_M0(wrd);
2294 gen_op_iwmmxt_set_mup();
2295 gen_op_iwmmxt_set_cup();
2296 break;
2297 case 0x00e: case 0x20e: case 0x40e: case 0x60e: /* WUNPCKEL */
2298 case 0x80e: case 0xa0e: case 0xc0e: case 0xe0e:
2299 wrd = (insn >> 12) & 0xf;
2300 rd0 = (insn >> 16) & 0xf;
2301 gen_op_iwmmxt_movq_M0_wRn(rd0);
2302 switch ((insn >> 22) & 3) {
2303 case 0:
2304 if (insn & (1 << 21))
2305 gen_op_iwmmxt_unpacklsb_M0();
2306 else
2307 gen_op_iwmmxt_unpacklub_M0();
2308 break;
2309 case 1:
2310 if (insn & (1 << 21))
2311 gen_op_iwmmxt_unpacklsw_M0();
2312 else
2313 gen_op_iwmmxt_unpackluw_M0();
2314 break;
2315 case 2:
2316 if (insn & (1 << 21))
2317 gen_op_iwmmxt_unpacklsl_M0();
2318 else
2319 gen_op_iwmmxt_unpacklul_M0();
2320 break;
2321 case 3:
2322 return 1;
2323 }
2324 gen_op_iwmmxt_movq_wRn_M0(wrd);
2325 gen_op_iwmmxt_set_mup();
2326 gen_op_iwmmxt_set_cup();
2327 break;
2328 case 0x00c: case 0x20c: case 0x40c: case 0x60c: /* WUNPCKEH */
2329 case 0x80c: case 0xa0c: case 0xc0c: case 0xe0c:
2330 wrd = (insn >> 12) & 0xf;
2331 rd0 = (insn >> 16) & 0xf;
2332 gen_op_iwmmxt_movq_M0_wRn(rd0);
2333 switch ((insn >> 22) & 3) {
2334 case 0:
2335 if (insn & (1 << 21))
2336 gen_op_iwmmxt_unpackhsb_M0();
2337 else
2338 gen_op_iwmmxt_unpackhub_M0();
2339 break;
2340 case 1:
2341 if (insn & (1 << 21))
2342 gen_op_iwmmxt_unpackhsw_M0();
2343 else
2344 gen_op_iwmmxt_unpackhuw_M0();
2345 break;
2346 case 2:
2347 if (insn & (1 << 21))
2348 gen_op_iwmmxt_unpackhsl_M0();
2349 else
2350 gen_op_iwmmxt_unpackhul_M0();
2351 break;
2352 case 3:
2353 return 1;
2354 }
2355 gen_op_iwmmxt_movq_wRn_M0(wrd);
2356 gen_op_iwmmxt_set_mup();
2357 gen_op_iwmmxt_set_cup();
2358 break;
2359 case 0x204: case 0x604: case 0xa04: case 0xe04: /* WSRL */
2360 case 0x214: case 0x614: case 0xa14: case 0xe14:
2361 if (((insn >> 22) & 3) == 0)
2362 return 1;
2363 wrd = (insn >> 12) & 0xf;
2364 rd0 = (insn >> 16) & 0xf;
2365 gen_op_iwmmxt_movq_M0_wRn(rd0);
2366 tmp = tcg_temp_new_i32();
2367 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2368 tcg_temp_free_i32(tmp);
2369 return 1;
2370 }
2371 switch ((insn >> 22) & 3) {
2372 case 1:
2373 gen_helper_iwmmxt_srlw(cpu_M0, cpu_env, cpu_M0, tmp);
2374 break;
2375 case 2:
2376 gen_helper_iwmmxt_srll(cpu_M0, cpu_env, cpu_M0, tmp);
2377 break;
2378 case 3:
2379 gen_helper_iwmmxt_srlq(cpu_M0, cpu_env, cpu_M0, tmp);
2380 break;
2381 }
2382 tcg_temp_free_i32(tmp);
2383 gen_op_iwmmxt_movq_wRn_M0(wrd);
2384 gen_op_iwmmxt_set_mup();
2385 gen_op_iwmmxt_set_cup();
2386 break;
2387 case 0x004: case 0x404: case 0x804: case 0xc04: /* WSRA */
2388 case 0x014: case 0x414: case 0x814: case 0xc14:
2389 if (((insn >> 22) & 3) == 0)
2390 return 1;
2391 wrd = (insn >> 12) & 0xf;
2392 rd0 = (insn >> 16) & 0xf;
2393 gen_op_iwmmxt_movq_M0_wRn(rd0);
2394 tmp = tcg_temp_new_i32();
2395 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2396 tcg_temp_free_i32(tmp);
2397 return 1;
2398 }
2399 switch ((insn >> 22) & 3) {
2400 case 1:
2401 gen_helper_iwmmxt_sraw(cpu_M0, cpu_env, cpu_M0, tmp);
2402 break;
2403 case 2:
2404 gen_helper_iwmmxt_sral(cpu_M0, cpu_env, cpu_M0, tmp);
2405 break;
2406 case 3:
2407 gen_helper_iwmmxt_sraq(cpu_M0, cpu_env, cpu_M0, tmp);
2408 break;
2409 }
2410 tcg_temp_free_i32(tmp);
2411 gen_op_iwmmxt_movq_wRn_M0(wrd);
2412 gen_op_iwmmxt_set_mup();
2413 gen_op_iwmmxt_set_cup();
2414 break;
2415 case 0x104: case 0x504: case 0x904: case 0xd04: /* WSLL */
2416 case 0x114: case 0x514: case 0x914: case 0xd14:
2417 if (((insn >> 22) & 3) == 0)
2418 return 1;
2419 wrd = (insn >> 12) & 0xf;
2420 rd0 = (insn >> 16) & 0xf;
2421 gen_op_iwmmxt_movq_M0_wRn(rd0);
2422 tmp = tcg_temp_new_i32();
2423 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2424 tcg_temp_free_i32(tmp);
2425 return 1;
2426 }
2427 switch ((insn >> 22) & 3) {
2428 case 1:
2429 gen_helper_iwmmxt_sllw(cpu_M0, cpu_env, cpu_M0, tmp);
2430 break;
2431 case 2:
2432 gen_helper_iwmmxt_slll(cpu_M0, cpu_env, cpu_M0, tmp);
2433 break;
2434 case 3:
2435 gen_helper_iwmmxt_sllq(cpu_M0, cpu_env, cpu_M0, tmp);
2436 break;
2437 }
2438 tcg_temp_free_i32(tmp);
2439 gen_op_iwmmxt_movq_wRn_M0(wrd);
2440 gen_op_iwmmxt_set_mup();
2441 gen_op_iwmmxt_set_cup();
2442 break;
2443 case 0x304: case 0x704: case 0xb04: case 0xf04: /* WROR */
2444 case 0x314: case 0x714: case 0xb14: case 0xf14:
2445 if (((insn >> 22) & 3) == 0)
2446 return 1;
2447 wrd = (insn >> 12) & 0xf;
2448 rd0 = (insn >> 16) & 0xf;
2449 gen_op_iwmmxt_movq_M0_wRn(rd0);
2450 tmp = tcg_temp_new_i32();
2451 switch ((insn >> 22) & 3) {
2452 case 1:
2453 if (gen_iwmmxt_shift(insn, 0xf, tmp)) {
2454 tcg_temp_free_i32(tmp);
2455 return 1;
2456 }
2457 gen_helper_iwmmxt_rorw(cpu_M0, cpu_env, cpu_M0, tmp);
2458 break;
2459 case 2:
2460 if (gen_iwmmxt_shift(insn, 0x1f, tmp)) {
2461 tcg_temp_free_i32(tmp);
2462 return 1;
2463 }
2464 gen_helper_iwmmxt_rorl(cpu_M0, cpu_env, cpu_M0, tmp);
2465 break;
2466 case 3:
2467 if (gen_iwmmxt_shift(insn, 0x3f, tmp)) {
2468 tcg_temp_free_i32(tmp);
2469 return 1;
2470 }
2471 gen_helper_iwmmxt_rorq(cpu_M0, cpu_env, cpu_M0, tmp);
2472 break;
2473 }
2474 tcg_temp_free_i32(tmp);
2475 gen_op_iwmmxt_movq_wRn_M0(wrd);
2476 gen_op_iwmmxt_set_mup();
2477 gen_op_iwmmxt_set_cup();
2478 break;
2479 case 0x116: case 0x316: case 0x516: case 0x716: /* WMIN */
2480 case 0x916: case 0xb16: case 0xd16: case 0xf16:
2481 wrd = (insn >> 12) & 0xf;
2482 rd0 = (insn >> 16) & 0xf;
2483 rd1 = (insn >> 0) & 0xf;
2484 gen_op_iwmmxt_movq_M0_wRn(rd0);
2485 switch ((insn >> 22) & 3) {
2486 case 0:
2487 if (insn & (1 << 21))
2488 gen_op_iwmmxt_minsb_M0_wRn(rd1);
2489 else
2490 gen_op_iwmmxt_minub_M0_wRn(rd1);
2491 break;
2492 case 1:
2493 if (insn & (1 << 21))
2494 gen_op_iwmmxt_minsw_M0_wRn(rd1);
2495 else
2496 gen_op_iwmmxt_minuw_M0_wRn(rd1);
2497 break;
2498 case 2:
2499 if (insn & (1 << 21))
2500 gen_op_iwmmxt_minsl_M0_wRn(rd1);
2501 else
2502 gen_op_iwmmxt_minul_M0_wRn(rd1);
2503 break;
2504 case 3:
2505 return 1;
2506 }
2507 gen_op_iwmmxt_movq_wRn_M0(wrd);
2508 gen_op_iwmmxt_set_mup();
2509 break;
2510 case 0x016: case 0x216: case 0x416: case 0x616: /* WMAX */
2511 case 0x816: case 0xa16: case 0xc16: case 0xe16:
2512 wrd = (insn >> 12) & 0xf;
2513 rd0 = (insn >> 16) & 0xf;
2514 rd1 = (insn >> 0) & 0xf;
2515 gen_op_iwmmxt_movq_M0_wRn(rd0);
2516 switch ((insn >> 22) & 3) {
2517 case 0:
2518 if (insn & (1 << 21))
2519 gen_op_iwmmxt_maxsb_M0_wRn(rd1);
2520 else
2521 gen_op_iwmmxt_maxub_M0_wRn(rd1);
2522 break;
2523 case 1:
2524 if (insn & (1 << 21))
2525 gen_op_iwmmxt_maxsw_M0_wRn(rd1);
2526 else
2527 gen_op_iwmmxt_maxuw_M0_wRn(rd1);
2528 break;
2529 case 2:
2530 if (insn & (1 << 21))
2531 gen_op_iwmmxt_maxsl_M0_wRn(rd1);
2532 else
2533 gen_op_iwmmxt_maxul_M0_wRn(rd1);
2534 break;
2535 case 3:
2536 return 1;
2537 }
2538 gen_op_iwmmxt_movq_wRn_M0(wrd);
2539 gen_op_iwmmxt_set_mup();
2540 break;
2541 case 0x002: case 0x102: case 0x202: case 0x302: /* WALIGNI */
2542 case 0x402: case 0x502: case 0x602: case 0x702:
2543 wrd = (insn >> 12) & 0xf;
2544 rd0 = (insn >> 16) & 0xf;
2545 rd1 = (insn >> 0) & 0xf;
2546 gen_op_iwmmxt_movq_M0_wRn(rd0);
2547 tmp = tcg_const_i32((insn >> 20) & 3);
2548 iwmmxt_load_reg(cpu_V1, rd1);
2549 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2550 tcg_temp_free_i32(tmp);
2551 gen_op_iwmmxt_movq_wRn_M0(wrd);
2552 gen_op_iwmmxt_set_mup();
2553 break;
2554 case 0x01a: case 0x11a: case 0x21a: case 0x31a: /* WSUB */
2555 case 0x41a: case 0x51a: case 0x61a: case 0x71a:
2556 case 0x81a: case 0x91a: case 0xa1a: case 0xb1a:
2557 case 0xc1a: case 0xd1a: case 0xe1a: case 0xf1a:
2558 wrd = (insn >> 12) & 0xf;
2559 rd0 = (insn >> 16) & 0xf;
2560 rd1 = (insn >> 0) & 0xf;
2561 gen_op_iwmmxt_movq_M0_wRn(rd0);
2562 switch ((insn >> 20) & 0xf) {
2563 case 0x0:
2564 gen_op_iwmmxt_subnb_M0_wRn(rd1);
2565 break;
2566 case 0x1:
2567 gen_op_iwmmxt_subub_M0_wRn(rd1);
2568 break;
2569 case 0x3:
2570 gen_op_iwmmxt_subsb_M0_wRn(rd1);
2571 break;
2572 case 0x4:
2573 gen_op_iwmmxt_subnw_M0_wRn(rd1);
2574 break;
2575 case 0x5:
2576 gen_op_iwmmxt_subuw_M0_wRn(rd1);
2577 break;
2578 case 0x7:
2579 gen_op_iwmmxt_subsw_M0_wRn(rd1);
2580 break;
2581 case 0x8:
2582 gen_op_iwmmxt_subnl_M0_wRn(rd1);
2583 break;
2584 case 0x9:
2585 gen_op_iwmmxt_subul_M0_wRn(rd1);
2586 break;
2587 case 0xb:
2588 gen_op_iwmmxt_subsl_M0_wRn(rd1);
2589 break;
2590 default:
2591 return 1;
2592 }
2593 gen_op_iwmmxt_movq_wRn_M0(wrd);
2594 gen_op_iwmmxt_set_mup();
2595 gen_op_iwmmxt_set_cup();
2596 break;
2597 case 0x01e: case 0x11e: case 0x21e: case 0x31e: /* WSHUFH */
2598 case 0x41e: case 0x51e: case 0x61e: case 0x71e:
2599 case 0x81e: case 0x91e: case 0xa1e: case 0xb1e:
2600 case 0xc1e: case 0xd1e: case 0xe1e: case 0xf1e:
2601 wrd = (insn >> 12) & 0xf;
2602 rd0 = (insn >> 16) & 0xf;
2603 gen_op_iwmmxt_movq_M0_wRn(rd0);
2604 tmp = tcg_const_i32(((insn >> 16) & 0xf0) | (insn & 0x0f));
2605 gen_helper_iwmmxt_shufh(cpu_M0, cpu_env, cpu_M0, tmp);
2606 tcg_temp_free_i32(tmp);
2607 gen_op_iwmmxt_movq_wRn_M0(wrd);
2608 gen_op_iwmmxt_set_mup();
2609 gen_op_iwmmxt_set_cup();
2610 break;
2611 case 0x018: case 0x118: case 0x218: case 0x318: /* WADD */
2612 case 0x418: case 0x518: case 0x618: case 0x718:
2613 case 0x818: case 0x918: case 0xa18: case 0xb18:
2614 case 0xc18: case 0xd18: case 0xe18: case 0xf18:
2615 wrd = (insn >> 12) & 0xf;
2616 rd0 = (insn >> 16) & 0xf;
2617 rd1 = (insn >> 0) & 0xf;
2618 gen_op_iwmmxt_movq_M0_wRn(rd0);
2619 switch ((insn >> 20) & 0xf) {
2620 case 0x0:
2621 gen_op_iwmmxt_addnb_M0_wRn(rd1);
2622 break;
2623 case 0x1:
2624 gen_op_iwmmxt_addub_M0_wRn(rd1);
2625 break;
2626 case 0x3:
2627 gen_op_iwmmxt_addsb_M0_wRn(rd1);
2628 break;
2629 case 0x4:
2630 gen_op_iwmmxt_addnw_M0_wRn(rd1);
2631 break;
2632 case 0x5:
2633 gen_op_iwmmxt_adduw_M0_wRn(rd1);
2634 break;
2635 case 0x7:
2636 gen_op_iwmmxt_addsw_M0_wRn(rd1);
2637 break;
2638 case 0x8:
2639 gen_op_iwmmxt_addnl_M0_wRn(rd1);
2640 break;
2641 case 0x9:
2642 gen_op_iwmmxt_addul_M0_wRn(rd1);
2643 break;
2644 case 0xb:
2645 gen_op_iwmmxt_addsl_M0_wRn(rd1);
2646 break;
2647 default:
2648 return 1;
2649 }
2650 gen_op_iwmmxt_movq_wRn_M0(wrd);
2651 gen_op_iwmmxt_set_mup();
2652 gen_op_iwmmxt_set_cup();
2653 break;
2654 case 0x008: case 0x108: case 0x208: case 0x308: /* WPACK */
2655 case 0x408: case 0x508: case 0x608: case 0x708:
2656 case 0x808: case 0x908: case 0xa08: case 0xb08:
2657 case 0xc08: case 0xd08: case 0xe08: case 0xf08:
2658 if (!(insn & (1 << 20)) || ((insn >> 22) & 3) == 0)
2659 return 1;
2660 wrd = (insn >> 12) & 0xf;
2661 rd0 = (insn >> 16) & 0xf;
2662 rd1 = (insn >> 0) & 0xf;
2663 gen_op_iwmmxt_movq_M0_wRn(rd0);
2664 switch ((insn >> 22) & 3) {
2665 case 1:
2666 if (insn & (1 << 21))
2667 gen_op_iwmmxt_packsw_M0_wRn(rd1);
2668 else
2669 gen_op_iwmmxt_packuw_M0_wRn(rd1);
2670 break;
2671 case 2:
2672 if (insn & (1 << 21))
2673 gen_op_iwmmxt_packsl_M0_wRn(rd1);
2674 else
2675 gen_op_iwmmxt_packul_M0_wRn(rd1);
2676 break;
2677 case 3:
2678 if (insn & (1 << 21))
2679 gen_op_iwmmxt_packsq_M0_wRn(rd1);
2680 else
2681 gen_op_iwmmxt_packuq_M0_wRn(rd1);
2682 break;
2683 }
2684 gen_op_iwmmxt_movq_wRn_M0(wrd);
2685 gen_op_iwmmxt_set_mup();
2686 gen_op_iwmmxt_set_cup();
2687 break;
2688 case 0x201: case 0x203: case 0x205: case 0x207:
2689 case 0x209: case 0x20b: case 0x20d: case 0x20f:
2690 case 0x211: case 0x213: case 0x215: case 0x217:
2691 case 0x219: case 0x21b: case 0x21d: case 0x21f:
2692 wrd = (insn >> 5) & 0xf;
2693 rd0 = (insn >> 12) & 0xf;
2694 rd1 = (insn >> 0) & 0xf;
2695 if (rd0 == 0xf || rd1 == 0xf)
2696 return 1;
2697 gen_op_iwmmxt_movq_M0_wRn(wrd);
2698 tmp = load_reg(s, rd0);
2699 tmp2 = load_reg(s, rd1);
2700 switch ((insn >> 16) & 0xf) {
2701 case 0x0: /* TMIA */
2702 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2703 break;
2704 case 0x8: /* TMIAPH */
2705 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2706 break;
2707 case 0xc: case 0xd: case 0xe: case 0xf: /* TMIAxy */
2708 if (insn & (1 << 16))
2709 tcg_gen_shri_i32(tmp, tmp, 16);
2710 if (insn & (1 << 17))
2711 tcg_gen_shri_i32(tmp2, tmp2, 16);
2712 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2713 break;
2714 default:
2715 tcg_temp_free_i32(tmp2);
2716 tcg_temp_free_i32(tmp);
2717 return 1;
2718 }
2719 tcg_temp_free_i32(tmp2);
2720 tcg_temp_free_i32(tmp);
2721 gen_op_iwmmxt_movq_wRn_M0(wrd);
2722 gen_op_iwmmxt_set_mup();
2723 break;
2724 default:
2725 return 1;
2726 }
2727
2728 return 0;
2729 }
2730
2731 /* Disassemble an XScale DSP instruction. Returns nonzero if an error occurred
2732 (ie. an undefined instruction). */
2733 static int disas_dsp_insn(DisasContext *s, uint32_t insn)
2734 {
2735 int acc, rd0, rd1, rdhi, rdlo;
2736 TCGv_i32 tmp, tmp2;
2737
2738 if ((insn & 0x0ff00f10) == 0x0e200010) {
2739 /* Multiply with Internal Accumulate Format */
2740 rd0 = (insn >> 12) & 0xf;
2741 rd1 = insn & 0xf;
2742 acc = (insn >> 5) & 7;
2743
2744 if (acc != 0)
2745 return 1;
2746
2747 tmp = load_reg(s, rd0);
2748 tmp2 = load_reg(s, rd1);
2749 switch ((insn >> 16) & 0xf) {
2750 case 0x0: /* MIA */
2751 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2752 break;
2753 case 0x8: /* MIAPH */
2754 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2755 break;
2756 case 0xc: /* MIABB */
2757 case 0xd: /* MIABT */
2758 case 0xe: /* MIATB */
2759 case 0xf: /* MIATT */
2760 if (insn & (1 << 16))
2761 tcg_gen_shri_i32(tmp, tmp, 16);
2762 if (insn & (1 << 17))
2763 tcg_gen_shri_i32(tmp2, tmp2, 16);
2764 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2765 break;
2766 default:
2767 return 1;
2768 }
2769 tcg_temp_free_i32(tmp2);
2770 tcg_temp_free_i32(tmp);
2771
2772 gen_op_iwmmxt_movq_wRn_M0(acc);
2773 return 0;
2774 }
2775
2776 if ((insn & 0x0fe00ff8) == 0x0c400000) {
2777 /* Internal Accumulator Access Format */
2778 rdhi = (insn >> 16) & 0xf;
2779 rdlo = (insn >> 12) & 0xf;
2780 acc = insn & 7;
2781
2782 if (acc != 0)
2783 return 1;
2784
2785 if (insn & ARM_CP_RW_BIT) { /* MRA */
2786 iwmmxt_load_reg(cpu_V0, acc);
2787 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
2788 tcg_gen_extrh_i64_i32(cpu_R[rdhi], cpu_V0);
2789 tcg_gen_andi_i32(cpu_R[rdhi], cpu_R[rdhi], (1 << (40 - 32)) - 1);
2790 } else { /* MAR */
2791 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
2792 iwmmxt_store_reg(cpu_V0, acc);
2793 }
2794 return 0;
2795 }
2796
2797 return 1;
2798 }
2799
2800 #define VFP_REG_SHR(x, n) (((n) > 0) ? (x) >> (n) : (x) << -(n))
2801 #define VFP_SREG(insn, bigbit, smallbit) \
2802 ((VFP_REG_SHR(insn, bigbit - 1) & 0x1e) | (((insn) >> (smallbit)) & 1))
2803 #define VFP_DREG(reg, insn, bigbit, smallbit) do { \
2804 if (arm_dc_feature(s, ARM_FEATURE_VFP3)) { \
2805 reg = (((insn) >> (bigbit)) & 0x0f) \
2806 | (((insn) >> ((smallbit) - 4)) & 0x10); \
2807 } else { \
2808 if (insn & (1 << (smallbit))) \
2809 return 1; \
2810 reg = ((insn) >> (bigbit)) & 0x0f; \
2811 }} while (0)
2812
2813 #define VFP_SREG_D(insn) VFP_SREG(insn, 12, 22)
2814 #define VFP_DREG_D(reg, insn) VFP_DREG(reg, insn, 12, 22)
2815 #define VFP_SREG_N(insn) VFP_SREG(insn, 16, 7)
2816 #define VFP_DREG_N(reg, insn) VFP_DREG(reg, insn, 16, 7)
2817 #define VFP_SREG_M(insn) VFP_SREG(insn, 0, 5)
2818 #define VFP_DREG_M(reg, insn) VFP_DREG(reg, insn, 0, 5)
2819
2820 static void gen_neon_dup_low16(TCGv_i32 var)
2821 {
2822 TCGv_i32 tmp = tcg_temp_new_i32();
2823 tcg_gen_ext16u_i32(var, var);
2824 tcg_gen_shli_i32(tmp, var, 16);
2825 tcg_gen_or_i32(var, var, tmp);
2826 tcg_temp_free_i32(tmp);
2827 }
2828
2829 static void gen_neon_dup_high16(TCGv_i32 var)
2830 {
2831 TCGv_i32 tmp = tcg_temp_new_i32();
2832 tcg_gen_andi_i32(var, var, 0xffff0000);
2833 tcg_gen_shri_i32(tmp, var, 16);
2834 tcg_gen_or_i32(var, var, tmp);
2835 tcg_temp_free_i32(tmp);
2836 }
2837
2838 /*
2839 * Disassemble a VFP instruction. Returns nonzero if an error occurred
2840 * (ie. an undefined instruction).
2841 */
2842 static int disas_vfp_insn(DisasContext *s, uint32_t insn)
2843 {
2844 if (!arm_dc_feature(s, ARM_FEATURE_VFP)) {
2845 return 1;
2846 }
2847
2848 /*
2849 * If the decodetree decoder handles this insn it will always
2850 * emit code to either execute the insn or generate an appropriate
2851 * exception; so we don't need to ever return non-zero to tell
2852 * the calling code to emit an UNDEF exception.
2853 */
2854 if (extract32(insn, 28, 4) == 0xf) {
2855 if (disas_vfp_uncond(s, insn)) {
2856 return 0;
2857 }
2858 } else {
2859 if (disas_vfp(s, insn)) {
2860 return 0;
2861 }
2862 }
2863 /* If the decodetree decoder didn't handle this insn, it must be UNDEF */
2864 return 1;
2865 }
2866
2867 static inline bool use_goto_tb(DisasContext *s, target_ulong dest)
2868 {
2869 #ifndef CONFIG_USER_ONLY
2870 return (s->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
2871 ((s->base.pc_next - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
2872 #else
2873 return true;
2874 #endif
2875 }
2876
2877 static void gen_goto_ptr(void)
2878 {
2879 tcg_gen_lookup_and_goto_ptr();
2880 }
2881
2882 /* This will end the TB but doesn't guarantee we'll return to
2883 * cpu_loop_exec. Any live exit_requests will be processed as we
2884 * enter the next TB.
2885 */
2886 static void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
2887 {
2888 if (use_goto_tb(s, dest)) {
2889 tcg_gen_goto_tb(n);
2890 gen_set_pc_im(s, dest);
2891 tcg_gen_exit_tb(s->base.tb, n);
2892 } else {
2893 gen_set_pc_im(s, dest);
2894 gen_goto_ptr();
2895 }
2896 s->base.is_jmp = DISAS_NORETURN;
2897 }
2898
2899 static inline void gen_jmp (DisasContext *s, uint32_t dest)
2900 {
2901 if (unlikely(is_singlestepping(s))) {
2902 /* An indirect jump so that we still trigger the debug exception. */
2903 if (s->thumb)
2904 dest |= 1;
2905 gen_bx_im(s, dest);
2906 } else {
2907 gen_goto_tb(s, 0, dest);
2908 }
2909 }
2910
2911 static inline void gen_mulxy(TCGv_i32 t0, TCGv_i32 t1, int x, int y)
2912 {
2913 if (x)
2914 tcg_gen_sari_i32(t0, t0, 16);
2915 else
2916 gen_sxth(t0);
2917 if (y)
2918 tcg_gen_sari_i32(t1, t1, 16);
2919 else
2920 gen_sxth(t1);
2921 tcg_gen_mul_i32(t0, t0, t1);
2922 }
2923
2924 /* Return the mask of PSR bits set by a MSR instruction. */
2925 static uint32_t msr_mask(DisasContext *s, int flags, int spsr)
2926 {
2927 uint32_t mask;
2928
2929 mask = 0;
2930 if (flags & (1 << 0))
2931 mask |= 0xff;
2932 if (flags & (1 << 1))
2933 mask |= 0xff00;
2934 if (flags & (1 << 2))
2935 mask |= 0xff0000;
2936 if (flags & (1 << 3))
2937 mask |= 0xff000000;
2938
2939 /* Mask out undefined bits. */
2940 mask &= ~CPSR_RESERVED;
2941 if (!arm_dc_feature(s, ARM_FEATURE_V4T)) {
2942 mask &= ~CPSR_T;
2943 }
2944 if (!arm_dc_feature(s, ARM_FEATURE_V5)) {
2945 mask &= ~CPSR_Q; /* V5TE in reality*/
2946 }
2947 if (!arm_dc_feature(s, ARM_FEATURE_V6)) {
2948 mask &= ~(CPSR_E | CPSR_GE);
2949 }
2950 if (!arm_dc_feature(s, ARM_FEATURE_THUMB2)) {
2951 mask &= ~CPSR_IT;
2952 }
2953 /* Mask out execution state and reserved bits. */
2954 if (!spsr) {
2955 mask &= ~(CPSR_EXEC | CPSR_RESERVED);
2956 }
2957 /* Mask out privileged bits. */
2958 if (IS_USER(s))
2959 mask &= CPSR_USER;
2960 return mask;
2961 }
2962
2963 /* Returns nonzero if access to the PSR is not permitted. Marks t0 as dead. */
2964 static int gen_set_psr(DisasContext *s, uint32_t mask, int spsr, TCGv_i32 t0)
2965 {
2966 TCGv_i32 tmp;
2967 if (spsr) {
2968 /* ??? This is also undefined in system mode. */
2969 if (IS_USER(s))
2970 return 1;
2971
2972 tmp = load_cpu_field(spsr);
2973 tcg_gen_andi_i32(tmp, tmp, ~mask);
2974 tcg_gen_andi_i32(t0, t0, mask);
2975 tcg_gen_or_i32(tmp, tmp, t0);
2976 store_cpu_field(tmp, spsr);
2977 } else {
2978 gen_set_cpsr(t0, mask);
2979 }
2980 tcg_temp_free_i32(t0);
2981 gen_lookup_tb(s);
2982 return 0;
2983 }
2984
2985 /* Returns nonzero if access to the PSR is not permitted. */
2986 static int gen_set_psr_im(DisasContext *s, uint32_t mask, int spsr, uint32_t val)
2987 {
2988 TCGv_i32 tmp;
2989 tmp = tcg_temp_new_i32();
2990 tcg_gen_movi_i32(tmp, val);
2991 return gen_set_psr(s, mask, spsr, tmp);
2992 }
2993
2994 static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
2995 int *tgtmode, int *regno)
2996 {
2997 /* Decode the r and sysm fields of MSR/MRS banked accesses into
2998 * the target mode and register number, and identify the various
2999 * unpredictable cases.
3000 * MSR (banked) and MRS (banked) are CONSTRAINED UNPREDICTABLE if:
3001 * + executed in user mode
3002 * + using R15 as the src/dest register
3003 * + accessing an unimplemented register
3004 * + accessing a register that's inaccessible at current PL/security state*
3005 * + accessing a register that you could access with a different insn
3006 * We choose to UNDEF in all these cases.
3007 * Since we don't know which of the various AArch32 modes we are in
3008 * we have to defer some checks to runtime.
3009 * Accesses to Monitor mode registers from Secure EL1 (which implies
3010 * that EL3 is AArch64) must trap to EL3.
3011 *
3012 * If the access checks fail this function will emit code to take
3013 * an exception and return false. Otherwise it will return true,
3014 * and set *tgtmode and *regno appropriately.
3015 */
3016 int exc_target = default_exception_el(s);
3017
3018 /* These instructions are present only in ARMv8, or in ARMv7 with the
3019 * Virtualization Extensions.
3020 */
3021 if (!arm_dc_feature(s, ARM_FEATURE_V8) &&
3022 !arm_dc_feature(s, ARM_FEATURE_EL2)) {
3023 goto undef;
3024 }
3025
3026 if (IS_USER(s) || rn == 15) {
3027 goto undef;
3028 }
3029
3030 /* The table in the v8 ARM ARM section F5.2.3 describes the encoding
3031 * of registers into (r, sysm).
3032 */
3033 if (r) {
3034 /* SPSRs for other modes */
3035 switch (sysm) {
3036 case 0xe: /* SPSR_fiq */
3037 *tgtmode = ARM_CPU_MODE_FIQ;
3038 break;
3039 case 0x10: /* SPSR_irq */
3040 *tgtmode = ARM_CPU_MODE_IRQ;
3041 break;
3042 case 0x12: /* SPSR_svc */
3043 *tgtmode = ARM_CPU_MODE_SVC;
3044 break;
3045 case 0x14: /* SPSR_abt */
3046 *tgtmode = ARM_CPU_MODE_ABT;
3047 break;
3048 case 0x16: /* SPSR_und */
3049 *tgtmode = ARM_CPU_MODE_UND;
3050 break;
3051 case 0x1c: /* SPSR_mon */
3052 *tgtmode = ARM_CPU_MODE_MON;
3053 break;
3054 case 0x1e: /* SPSR_hyp */
3055 *tgtmode = ARM_CPU_MODE_HYP;
3056 break;
3057 default: /* unallocated */
3058 goto undef;
3059 }
3060 /* We arbitrarily assign SPSR a register number of 16. */
3061 *regno = 16;
3062 } else {
3063 /* general purpose registers for other modes */
3064 switch (sysm) {
3065 case 0x0 ... 0x6: /* 0b00xxx : r8_usr ... r14_usr */
3066 *tgtmode = ARM_CPU_MODE_USR;
3067 *regno = sysm + 8;
3068 break;
3069 case 0x8 ... 0xe: /* 0b01xxx : r8_fiq ... r14_fiq */
3070 *tgtmode = ARM_CPU_MODE_FIQ;
3071 *regno = sysm;
3072 break;
3073 case 0x10 ... 0x11: /* 0b1000x : r14_irq, r13_irq */
3074 *tgtmode = ARM_CPU_MODE_IRQ;
3075 *regno = sysm & 1 ? 13 : 14;
3076 break;
3077 case 0x12 ... 0x13: /* 0b1001x : r14_svc, r13_svc */
3078 *tgtmode = ARM_CPU_MODE_SVC;
3079 *regno = sysm & 1 ? 13 : 14;
3080 break;
3081 case 0x14 ... 0x15: /* 0b1010x : r14_abt, r13_abt */
3082 *tgtmode = ARM_CPU_MODE_ABT;
3083 *regno = sysm & 1 ? 13 : 14;
3084 break;
3085 case 0x16 ... 0x17: /* 0b1011x : r14_und, r13_und */
3086 *tgtmode = ARM_CPU_MODE_UND;
3087 *regno = sysm & 1 ? 13 : 14;
3088 break;
3089 case 0x1c ... 0x1d: /* 0b1110x : r14_mon, r13_mon */
3090 *tgtmode = ARM_CPU_MODE_MON;
3091 *regno = sysm & 1 ? 13 : 14;
3092 break;
3093 case 0x1e ... 0x1f: /* 0b1111x : elr_hyp, r13_hyp */
3094 *tgtmode = ARM_CPU_MODE_HYP;
3095 /* Arbitrarily pick 17 for ELR_Hyp (which is not a banked LR!) */
3096 *regno = sysm & 1 ? 13 : 17;
3097 break;
3098 default: /* unallocated */
3099 goto undef;
3100 }
3101 }
3102
3103 /* Catch the 'accessing inaccessible register' cases we can detect
3104 * at translate time.
3105 */
3106 switch (*tgtmode) {
3107 case ARM_CPU_MODE_MON:
3108 if (!arm_dc_feature(s, ARM_FEATURE_EL3) || s->ns) {
3109 goto undef;
3110 }
3111 if (s->current_el == 1) {
3112 /* If we're in Secure EL1 (which implies that EL3 is AArch64)
3113 * then accesses to Mon registers trap to EL3
3114 */
3115 exc_target = 3;
3116 goto undef;
3117 }
3118 break;
3119 case ARM_CPU_MODE_HYP:
3120 /*
3121 * SPSR_hyp and r13_hyp can only be accessed from Monitor mode
3122 * (and so we can forbid accesses from EL2 or below). elr_hyp
3123 * can be accessed also from Hyp mode, so forbid accesses from
3124 * EL0 or EL1.
3125 */
3126 if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 2 ||
3127 (s->current_el < 3 && *regno != 17)) {
3128 goto undef;
3129 }
3130 break;
3131 default:
3132 break;
3133 }
3134
3135 return true;
3136
3137 undef:
3138 /* If we get here then some access check did not pass */
3139 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
3140 syn_uncategorized(), exc_target);
3141 return false;
3142 }
3143
3144 static void gen_msr_banked(DisasContext *s, int r, int sysm, int rn)
3145 {
3146 TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
3147 int tgtmode = 0, regno = 0;
3148
3149 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, &regno)) {
3150 return;
3151 }
3152
3153 /* Sync state because msr_banked() can raise exceptions */
3154 gen_set_condexec(s);
3155 gen_set_pc_im(s, s->pc_curr);
3156 tcg_reg = load_reg(s, rn);
3157 tcg_tgtmode = tcg_const_i32(tgtmode);
3158 tcg_regno = tcg_const_i32(regno);
3159 gen_helper_msr_banked(cpu_env, tcg_reg, tcg_tgtmode, tcg_regno);
3160 tcg_temp_free_i32(tcg_tgtmode);
3161 tcg_temp_free_i32(tcg_regno);
3162 tcg_temp_free_i32(tcg_reg);
3163 s->base.is_jmp = DISAS_UPDATE;
3164 }
3165
3166 static void gen_mrs_banked(DisasContext *s, int r, int sysm, int rn)
3167 {
3168 TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
3169 int tgtmode = 0, regno = 0;
3170
3171 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, &regno)) {
3172 return;
3173 }
3174
3175 /* Sync state because mrs_banked() can raise exceptions */
3176 gen_set_condexec(s);
3177 gen_set_pc_im(s, s->pc_curr);
3178 tcg_reg = tcg_temp_new_i32();
3179 tcg_tgtmode = tcg_const_i32(tgtmode);
3180 tcg_regno = tcg_const_i32(regno);
3181 gen_helper_mrs_banked(tcg_reg, cpu_env, tcg_tgtmode, tcg_regno);
3182 tcg_temp_free_i32(tcg_tgtmode);
3183 tcg_temp_free_i32(tcg_regno);
3184 store_reg(s, rn, tcg_reg);
3185 s->base.is_jmp = DISAS_UPDATE;
3186 }
3187
3188 /* Store value to PC as for an exception return (ie don't
3189 * mask bits). The subsequent call to gen_helper_cpsr_write_eret()
3190 * will do the masking based on the new value of the Thumb bit.
3191 */
3192 static void store_pc_exc_ret(DisasContext *s, TCGv_i32 pc)
3193 {
3194 tcg_gen_mov_i32(cpu_R[15], pc);
3195 tcg_temp_free_i32(pc);
3196 }
3197
3198 /* Generate a v6 exception return. Marks both values as dead. */
3199 static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr)
3200 {
3201 store_pc_exc_ret(s, pc);
3202 /* The cpsr_write_eret helper will mask the low bits of PC
3203 * appropriately depending on the new Thumb bit, so it must
3204 * be called after storing the new PC.
3205 */
3206 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
3207 gen_io_start();
3208 }
3209 gen_helper_cpsr_write_eret(cpu_env, cpsr);
3210 tcg_temp_free_i32(cpsr);
3211 /* Must exit loop to check un-masked IRQs */
3212 s->base.is_jmp = DISAS_EXIT;
3213 }
3214
3215 /* Generate an old-style exception return. Marks pc as dead. */
3216 static void gen_exception_return(DisasContext *s, TCGv_i32 pc)
3217 {
3218 gen_rfe(s, pc, load_cpu_field(spsr));
3219 }
3220
3221 /*
3222 * For WFI we will halt the vCPU until an IRQ. For WFE and YIELD we
3223 * only call the helper when running single threaded TCG code to ensure
3224 * the next round-robin scheduled vCPU gets a crack. In MTTCG mode we
3225 * just skip this instruction. Currently the SEV/SEVL instructions
3226 * which are *one* of many ways to wake the CPU from WFE are not
3227 * implemented so we can't sleep like WFI does.
3228 */
3229 static void gen_nop_hint(DisasContext *s, int val)
3230 {
3231 switch (val) {
3232 /* When running in MTTCG we don't generate jumps to the yield and
3233 * WFE helpers as it won't affect the scheduling of other vCPUs.
3234 * If we wanted to more completely model WFE/SEV so we don't busy
3235 * spin unnecessarily we would need to do something more involved.
3236 */
3237 case 1: /* yield */
3238 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
3239 gen_set_pc_im(s, s->base.pc_next);
3240 s->base.is_jmp = DISAS_YIELD;
3241 }
3242 break;
3243 case 3: /* wfi */
3244 gen_set_pc_im(s, s->base.pc_next);
3245 s->base.is_jmp = DISAS_WFI;
3246 break;
3247 case 2: /* wfe */
3248 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
3249 gen_set_pc_im(s, s->base.pc_next);
3250 s->base.is_jmp = DISAS_WFE;
3251 }
3252 break;
3253 case 4: /* sev */
3254 case 5: /* sevl */
3255 /* TODO: Implement SEV, SEVL and WFE. May help SMP performance. */
3256 default: /* nop */
3257 break;
3258 }
3259 }
3260
3261 #define CPU_V001 cpu_V0, cpu_V0, cpu_V1
3262
3263 static inline void gen_neon_add(int size, TCGv_i32 t0, TCGv_i32 t1)
3264 {
3265 switch (size) {
3266 case 0: gen_helper_neon_add_u8(t0, t0, t1); break;
3267 case 1: gen_helper_neon_add_u16(t0, t0, t1); break;
3268 case 2: tcg_gen_add_i32(t0, t0, t1); break;
3269 default: abort();
3270 }
3271 }
3272
3273 static inline void gen_neon_rsb(int size, TCGv_i32 t0, TCGv_i32 t1)
3274 {
3275 switch (size) {
3276 case 0: gen_helper_neon_sub_u8(t0, t1, t0); break;
3277 case 1: gen_helper_neon_sub_u16(t0, t1, t0); break;
3278 case 2: tcg_gen_sub_i32(t0, t1, t0); break;
3279 default: return;
3280 }
3281 }
3282
3283 /* 32-bit pairwise ops end up the same as the elementwise versions. */
3284 #define gen_helper_neon_pmax_s32 tcg_gen_smax_i32
3285 #define gen_helper_neon_pmax_u32 tcg_gen_umax_i32
3286 #define gen_helper_neon_pmin_s32 tcg_gen_smin_i32
3287 #define gen_helper_neon_pmin_u32 tcg_gen_umin_i32
3288
3289 #define GEN_NEON_INTEGER_OP_ENV(name) do { \
3290 switch ((size << 1) | u) { \
3291 case 0: \
3292 gen_helper_neon_##name##_s8(tmp, cpu_env, tmp, tmp2); \
3293 break; \
3294 case 1: \
3295 gen_helper_neon_##name##_u8(tmp, cpu_env, tmp, tmp2); \
3296 break; \
3297 case 2: \
3298 gen_helper_neon_##name##_s16(tmp, cpu_env, tmp, tmp2); \
3299 break; \
3300 case 3: \
3301 gen_helper_neon_##name##_u16(tmp, cpu_env, tmp, tmp2); \
3302 break; \
3303 case 4: \
3304 gen_helper_neon_##name##_s32(tmp, cpu_env, tmp, tmp2); \
3305 break; \
3306 case 5: \
3307 gen_helper_neon_##name##_u32(tmp, cpu_env, tmp, tmp2); \
3308 break; \
3309 default: return 1; \
3310 }} while (0)
3311
3312 #define GEN_NEON_INTEGER_OP(name) do { \
3313 switch ((size << 1) | u) { \
3314 case 0: \
3315 gen_helper_neon_##name##_s8(tmp, tmp, tmp2); \
3316 break; \
3317 case 1: \
3318 gen_helper_neon_##name##_u8(tmp, tmp, tmp2); \
3319 break; \
3320 case 2: \
3321 gen_helper_neon_##name##_s16(tmp, tmp, tmp2); \
3322 break; \
3323 case 3: \
3324 gen_helper_neon_##name##_u16(tmp, tmp, tmp2); \
3325 break; \
3326 case 4: \
3327 gen_helper_neon_##name##_s32(tmp, tmp, tmp2); \
3328 break; \
3329 case 5: \
3330 gen_helper_neon_##name##_u32(tmp, tmp, tmp2); \
3331 break; \
3332 default: return 1; \
3333 }} while (0)
3334
3335 static TCGv_i32 neon_load_scratch(int scratch)
3336 {
3337 TCGv_i32 tmp = tcg_temp_new_i32();
3338 tcg_gen_ld_i32(tmp, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
3339 return tmp;
3340 }
3341
3342 static void neon_store_scratch(int scratch, TCGv_i32 var)
3343 {
3344 tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
3345 tcg_temp_free_i32(var);
3346 }
3347
3348 static inline TCGv_i32 neon_get_scalar(int size, int reg)
3349 {
3350 TCGv_i32 tmp;
3351 if (size == 1) {
3352 tmp = neon_load_reg(reg & 7, reg >> 4);
3353 if (reg & 8) {
3354 gen_neon_dup_high16(tmp);
3355 } else {
3356 gen_neon_dup_low16(tmp);
3357 }
3358 } else {
3359 tmp = neon_load_reg(reg & 15, reg >> 4);
3360 }
3361 return tmp;
3362 }
3363
3364 static int gen_neon_unzip(int rd, int rm, int size, int q)
3365 {
3366 TCGv_ptr pd, pm;
3367
3368 if (!q && size == 2) {
3369 return 1;
3370 }
3371 pd = vfp_reg_ptr(true, rd);
3372 pm = vfp_reg_ptr(true, rm);
3373 if (q) {
3374 switch (size) {
3375 case 0:
3376 gen_helper_neon_qunzip8(pd, pm);
3377 break;
3378 case 1:
3379 gen_helper_neon_qunzip16(pd, pm);
3380 break;
3381 case 2:
3382 gen_helper_neon_qunzip32(pd, pm);
3383 break;
3384 default:
3385 abort();
3386 }
3387 } else {
3388 switch (size) {
3389 case 0:
3390 gen_helper_neon_unzip8(pd, pm);
3391 break;
3392 case 1:
3393 gen_helper_neon_unzip16(pd, pm);
3394 break;
3395 default:
3396 abort();
3397 }
3398 }
3399 tcg_temp_free_ptr(pd);
3400 tcg_temp_free_ptr(pm);
3401 return 0;
3402 }
3403
3404 static int gen_neon_zip(int rd, int rm, int size, int q)
3405 {
3406 TCGv_ptr pd, pm;
3407
3408 if (!q && size == 2) {
3409 return 1;
3410 }
3411 pd = vfp_reg_ptr(true, rd);
3412 pm = vfp_reg_ptr(true, rm);
3413 if (q) {
3414 switch (size) {
3415 case 0:
3416 gen_helper_neon_qzip8(pd, pm);
3417 break;
3418 case 1:
3419 gen_helper_neon_qzip16(pd, pm);
3420 break;
3421 case 2:
3422 gen_helper_neon_qzip32(pd, pm);
3423 break;
3424 default:
3425 abort();
3426 }
3427 } else {
3428 switch (size) {
3429 case 0:
3430 gen_helper_neon_zip8(pd, pm);
3431 break;
3432 case 1:
3433 gen_helper_neon_zip16(pd, pm);
3434 break;
3435 default:
3436 abort();
3437 }
3438 }
3439 tcg_temp_free_ptr(pd);
3440 tcg_temp_free_ptr(pm);
3441 return 0;
3442 }
3443
3444 static void gen_neon_trn_u8(TCGv_i32 t0, TCGv_i32 t1)
3445 {
3446 TCGv_i32 rd, tmp;
3447
3448 rd = tcg_temp_new_i32();
3449 tmp = tcg_temp_new_i32();
3450
3451 tcg_gen_shli_i32(rd, t0, 8);
3452 tcg_gen_andi_i32(rd, rd, 0xff00ff00);
3453 tcg_gen_andi_i32(tmp, t1, 0x00ff00ff);
3454 tcg_gen_or_i32(rd, rd, tmp);
3455
3456 tcg_gen_shri_i32(t1, t1, 8);
3457 tcg_gen_andi_i32(t1, t1, 0x00ff00ff);
3458 tcg_gen_andi_i32(tmp, t0, 0xff00ff00);
3459 tcg_gen_or_i32(t1, t1, tmp);
3460 tcg_gen_mov_i32(t0, rd);
3461
3462 tcg_temp_free_i32(tmp);
3463 tcg_temp_free_i32(rd);
3464 }
3465
3466 static void gen_neon_trn_u16(TCGv_i32 t0, TCGv_i32 t1)
3467 {
3468 TCGv_i32 rd, tmp;
3469
3470 rd = tcg_temp_new_i32();
3471 tmp = tcg_temp_new_i32();
3472
3473 tcg_gen_shli_i32(rd, t0, 16);
3474 tcg_gen_andi_i32(tmp, t1, 0xffff);
3475 tcg_gen_or_i32(rd, rd, tmp);
3476 tcg_gen_shri_i32(t1, t1, 16);
3477 tcg_gen_andi_i32(tmp, t0, 0xffff0000);
3478 tcg_gen_or_i32(t1, t1, tmp);
3479 tcg_gen_mov_i32(t0, rd);
3480
3481 tcg_temp_free_i32(tmp);
3482 tcg_temp_free_i32(rd);
3483 }
3484
3485
3486 static struct {
3487 int nregs;
3488 int interleave;
3489 int spacing;
3490 } const neon_ls_element_type[11] = {
3491 {1, 4, 1},
3492 {1, 4, 2},
3493 {4, 1, 1},
3494 {2, 2, 2},
3495 {1, 3, 1},
3496 {1, 3, 2},
3497 {3, 1, 1},
3498 {1, 1, 1},
3499 {1, 2, 1},
3500 {1, 2, 2},
3501 {2, 1, 1}
3502 };
3503
3504 /* Translate a NEON load/store element instruction. Return nonzero if the
3505 instruction is invalid. */
3506 static int disas_neon_ls_insn(DisasContext *s, uint32_t insn)
3507 {
3508 int rd, rn, rm;
3509 int op;
3510 int nregs;
3511 int interleave;
3512 int spacing;
3513 int stride;
3514 int size;
3515 int reg;
3516 int load;
3517 int n;
3518 int vec_size;
3519 int mmu_idx;
3520 MemOp endian;
3521 TCGv_i32 addr;
3522 TCGv_i32 tmp;
3523 TCGv_i32 tmp2;
3524 TCGv_i64 tmp64;
3525
3526 /* FIXME: this access check should not take precedence over UNDEF
3527 * for invalid encodings; we will generate incorrect syndrome information
3528 * for attempts to execute invalid vfp/neon encodings with FP disabled.
3529 */
3530 if (s->fp_excp_el) {
3531 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
3532 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
3533 return 0;
3534 }
3535
3536 if (!s->vfp_enabled)
3537 return 1;
3538 VFP_DREG_D(rd, insn);
3539 rn = (insn >> 16) & 0xf;
3540 rm = insn & 0xf;
3541 load = (insn & (1 << 21)) != 0;
3542 endian = s->be_data;
3543 mmu_idx = get_mem_index(s);
3544 if ((insn & (1 << 23)) == 0) {
3545 /* Load store all elements. */
3546 op = (insn >> 8) & 0xf;
3547 size = (insn >> 6) & 3;
3548 if (op > 10)
3549 return 1;
3550 /* Catch UNDEF cases for bad values of align field */
3551 switch (op & 0xc) {
3552 case 4:
3553 if (((insn >> 5) & 1) == 1) {
3554 return 1;
3555 }
3556 break;
3557 case 8:
3558 if (((insn >> 4) & 3) == 3) {
3559 return 1;
3560 }
3561 break;
3562 default:
3563 break;
3564 }
3565 nregs = neon_ls_element_type[op].nregs;
3566 interleave = neon_ls_element_type[op].interleave;
3567 spacing = neon_ls_element_type[op].spacing;
3568 if (size == 3 && (interleave | spacing) != 1) {
3569 return 1;
3570 }
3571 /* For our purposes, bytes are always little-endian. */
3572 if (size == 0) {
3573 endian = MO_LE;
3574 }
3575 /* Consecutive little-endian elements from a single register
3576 * can be promoted to a larger little-endian operation.
3577 */
3578 if (interleave == 1 && endian == MO_LE) {
3579 size = 3;
3580 }
3581 tmp64 = tcg_temp_new_i64();
3582 addr = tcg_temp_new_i32();
3583 tmp2 = tcg_const_i32(1 << size);
3584 load_reg_var(s, addr, rn);
3585 for (reg = 0; reg < nregs; reg++) {
3586 for (n = 0; n < 8 >> size; n++) {
3587 int xs;
3588 for (xs = 0; xs < interleave; xs++) {
3589 int tt = rd + reg + spacing * xs;
3590
3591 if (load) {
3592 gen_aa32_ld_i64(s, tmp64, addr, mmu_idx, endian | size);
3593 neon_store_element64(tt, n, size, tmp64);
3594 } else {
3595 neon_load_element64(tmp64, tt, n, size);
3596 gen_aa32_st_i64(s, tmp64, addr, mmu_idx, endian | size);
3597 }
3598 tcg_gen_add_i32(addr, addr, tmp2);
3599 }
3600 }
3601 }
3602 tcg_temp_free_i32(addr);
3603 tcg_temp_free_i32(tmp2);
3604 tcg_temp_free_i64(tmp64);
3605 stride = nregs * interleave * 8;
3606 } else {
3607 size = (insn >> 10) & 3;
3608 if (size == 3) {
3609 /* Load single element to all lanes. */
3610 int a = (insn >> 4) & 1;
3611 if (!load) {
3612 return 1;
3613 }
3614 size = (insn >> 6) & 3;
3615 nregs = ((insn >> 8) & 3) + 1;
3616
3617 if (size == 3) {
3618 if (nregs != 4 || a == 0) {
3619 return 1;
3620 }
3621 /* For VLD4 size==3 a == 1 means 32 bits at 16 byte alignment */
3622 size = 2;
3623 }
3624 if (nregs == 1 && a == 1 && size == 0) {
3625 return 1;
3626 }
3627 if (nregs == 3 && a == 1) {
3628 return 1;
3629 }
3630 addr = tcg_temp_new_i32();
3631 load_reg_var(s, addr, rn);
3632
3633 /* VLD1 to all lanes: bit 5 indicates how many Dregs to write.
3634 * VLD2/3/4 to all lanes: bit 5 indicates register stride.
3635 */
3636 stride = (insn & (1 << 5)) ? 2 : 1;
3637 vec_size = nregs == 1 ? stride * 8 : 8;
3638
3639 tmp = tcg_temp_new_i32();
3640 for (reg = 0; reg < nregs; reg++) {
3641 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
3642 s->be_data | size);
3643 if ((rd & 1) && vec_size == 16) {
3644 /* We cannot write 16 bytes at once because the
3645 * destination is unaligned.
3646 */
3647 tcg_gen_gvec_dup_i32(size, neon_reg_offset(rd, 0),
3648 8, 8, tmp);
3649 tcg_gen_gvec_mov(0, neon_reg_offset(rd + 1, 0),
3650 neon_reg_offset(rd, 0), 8, 8);
3651 } else {
3652 tcg_gen_gvec_dup_i32(size, neon_reg_offset(rd, 0),
3653 vec_size, vec_size, tmp);
3654 }
3655 tcg_gen_addi_i32(addr, addr, 1 << size);
3656 rd += stride;
3657 }
3658 tcg_temp_free_i32(tmp);
3659 tcg_temp_free_i32(addr);
3660 stride = (1 << size) * nregs;
3661 } else {
3662 /* Single element. */
3663 int idx = (insn >> 4) & 0xf;
3664 int reg_idx;
3665 switch (size) {
3666 case 0:
3667 reg_idx = (insn >> 5) & 7;
3668 stride = 1;
3669 break;
3670 case 1:
3671 reg_idx = (insn >> 6) & 3;
3672 stride = (insn & (1 << 5)) ? 2 : 1;
3673 break;
3674 case 2:
3675 reg_idx = (insn >> 7) & 1;
3676 stride = (insn & (1 << 6)) ? 2 : 1;
3677 break;
3678 default:
3679 abort();
3680 }
3681 nregs = ((insn >> 8) & 3) + 1;
3682 /* Catch the UNDEF cases. This is unavoidably a bit messy. */
3683 switch (nregs) {
3684 case 1:
3685 if (((idx & (1 << size)) != 0) ||
3686 (size == 2 && ((idx & 3) == 1 || (idx & 3) == 2))) {
3687 return 1;
3688 }
3689 break;
3690 case 3:
3691 if ((idx & 1) != 0) {
3692 return 1;
3693 }
3694 /* fall through */
3695 case 2:
3696 if (size == 2 && (idx & 2) != 0) {
3697 return 1;
3698 }
3699 break;
3700 case 4:
3701 if ((size == 2) && ((idx & 3) == 3)) {
3702 return 1;
3703 }
3704 break;
3705 default:
3706 abort();
3707 }
3708 if ((rd + stride * (nregs - 1)) > 31) {
3709 /* Attempts to write off the end of the register file
3710 * are UNPREDICTABLE; we choose to UNDEF because otherwise
3711 * the neon_load_reg() would write off the end of the array.
3712 */
3713 return 1;
3714 }
3715 tmp = tcg_temp_new_i32();
3716 addr = tcg_temp_new_i32();
3717 load_reg_var(s, addr, rn);
3718 for (reg = 0; reg < nregs; reg++) {
3719 if (load) {
3720 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
3721 s->be_data | size);
3722 neon_store_element(rd, reg_idx, size, tmp);
3723 } else { /* Store */
3724 neon_load_element(tmp, rd, reg_idx, size);
3725 gen_aa32_st_i32(s, tmp, addr, get_mem_index(s),
3726 s->be_data | size);
3727 }
3728 rd += stride;
3729 tcg_gen_addi_i32(addr, addr, 1 << size);
3730 }
3731 tcg_temp_free_i32(addr);
3732 tcg_temp_free_i32(tmp);
3733 stride = nregs * (1 << size);
3734 }
3735 }
3736 if (rm != 15) {
3737 TCGv_i32 base;
3738
3739 base = load_reg(s, rn);
3740 if (rm == 13) {
3741 tcg_gen_addi_i32(base, base, stride);
3742 } else {
3743 TCGv_i32 index;
3744 index = load_reg(s, rm);
3745 tcg_gen_add_i32(base, base, index);
3746 tcg_temp_free_i32(index);
3747 }
3748 store_reg(s, rn, base);
3749 }
3750 return 0;
3751 }
3752
3753 static inline void gen_neon_narrow(int size, TCGv_i32 dest, TCGv_i64 src)
3754 {
3755 switch (size) {
3756 case 0: gen_helper_neon_narrow_u8(dest, src); break;
3757 case 1: gen_helper_neon_narrow_u16(dest, src); break;
3758 case 2: tcg_gen_extrl_i64_i32(dest, src); break;
3759 default: abort();
3760 }
3761 }
3762
3763 static inline void gen_neon_narrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
3764 {
3765 switch (size) {
3766 case 0: gen_helper_neon_narrow_sat_s8(dest, cpu_env, src); break;
3767 case 1: gen_helper_neon_narrow_sat_s16(dest, cpu_env, src); break;
3768 case 2: gen_helper_neon_narrow_sat_s32(dest, cpu_env, src); break;
3769 default: abort();
3770 }
3771 }
3772
3773 static inline void gen_neon_narrow_satu(int size, TCGv_i32 dest, TCGv_i64 src)
3774 {
3775 switch (size) {
3776 case 0: gen_helper_neon_narrow_sat_u8(dest, cpu_env, src); break;
3777 case 1: gen_helper_neon_narrow_sat_u16(dest, cpu_env, src); break;
3778 case 2: gen_helper_neon_narrow_sat_u32(dest, cpu_env, src); break;
3779 default: abort();
3780 }
3781 }
3782
3783 static inline void gen_neon_unarrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
3784 {
3785 switch (size) {
3786 case 0: gen_helper_neon_unarrow_sat8(dest, cpu_env, src); break;
3787 case 1: gen_helper_neon_unarrow_sat16(dest, cpu_env, src); break;
3788 case 2: gen_helper_neon_unarrow_sat32(dest, cpu_env, src); break;
3789 default: abort();
3790 }
3791 }
3792
3793 static inline void gen_neon_shift_narrow(int size, TCGv_i32 var, TCGv_i32 shift,
3794 int q, int u)
3795 {
3796 if (q) {
3797 if (u) {
3798 switch (size) {
3799 case 1: gen_helper_neon_rshl_u16(var, var, shift); break;
3800 case 2: gen_helper_neon_rshl_u32(var, var, shift); break;
3801 default: abort();
3802 }
3803 } else {
3804 switch (size) {
3805 case 1: gen_helper_neon_rshl_s16(var, var, shift); break;
3806 case 2: gen_helper_neon_rshl_s32(var, var, shift); break;
3807 default: abort();
3808 }
3809 }
3810 } else {
3811 if (u) {
3812 switch (size) {
3813 case 1: gen_helper_neon_shl_u16(var, var, shift); break;
3814 case 2: gen_helper_neon_shl_u32(var, var, shift); break;
3815 default: abort();
3816 }
3817 } else {
3818 switch (size) {
3819 case 1: gen_helper_neon_shl_s16(var, var, shift); break;
3820 case 2: gen_helper_neon_shl_s32(var, var, shift); break;
3821 default: abort();
3822 }
3823 }
3824 }
3825 }
3826
3827 static inline void gen_neon_widen(TCGv_i64 dest, TCGv_i32 src, int size, int u)
3828 {
3829 if (u) {
3830 switch (size) {
3831 case 0: gen_helper_neon_widen_u8(dest, src); break;
3832 case 1: gen_helper_neon_widen_u16(dest, src); break;
3833 case 2: tcg_gen_extu_i32_i64(dest, src); break;
3834 default: abort();
3835 }
3836 } else {
3837 switch (size) {
3838 case 0: gen_helper_neon_widen_s8(dest, src); break;
3839 case 1: gen_helper_neon_widen_s16(dest, src); break;
3840 case 2: tcg_gen_ext_i32_i64(dest, src); break;
3841 default: abort();
3842 }
3843 }
3844 tcg_temp_free_i32(src);
3845 }
3846
3847 static inline void gen_neon_addl(int size)
3848 {
3849 switch (size) {
3850 case 0: gen_helper_neon_addl_u16(CPU_V001); break;
3851 case 1: gen_helper_neon_addl_u32(CPU_V001); break;
3852 case 2: tcg_gen_add_i64(CPU_V001); break;
3853 default: abort();
3854 }
3855 }
3856
3857 static inline void gen_neon_subl(int size)
3858 {
3859 switch (size) {
3860 case 0: gen_helper_neon_subl_u16(CPU_V001); break;
3861 case 1: gen_helper_neon_subl_u32(CPU_V001); break;
3862 case 2: tcg_gen_sub_i64(CPU_V001); break;
3863 default: abort();
3864 }
3865 }
3866
3867 static inline void gen_neon_negl(TCGv_i64 var, int size)
3868 {
3869 switch (size) {
3870 case 0: gen_helper_neon_negl_u16(var, var); break;
3871 case 1: gen_helper_neon_negl_u32(var, var); break;
3872 case 2:
3873 tcg_gen_neg_i64(var, var);
3874 break;
3875 default: abort();
3876 }
3877 }
3878
3879 static inline void gen_neon_addl_saturate(TCGv_i64 op0, TCGv_i64 op1, int size)
3880 {
3881 switch (size) {
3882 case 1: gen_helper_neon_addl_saturate_s32(op0, cpu_env, op0, op1); break;
3883 case 2: gen_helper_neon_addl_saturate_s64(op0, cpu_env, op0, op1); break;
3884 default: abort();
3885 }
3886 }
3887
3888 static inline void gen_neon_mull(TCGv_i64 dest, TCGv_i32 a, TCGv_i32 b,
3889 int size, int u)
3890 {
3891 TCGv_i64 tmp;
3892
3893 switch ((size << 1) | u) {
3894 case 0: gen_helper_neon_mull_s8(dest, a, b); break;
3895 case 1: gen_helper_neon_mull_u8(dest, a, b); break;
3896 case 2: gen_helper_neon_mull_s16(dest, a, b); break;
3897 case 3: gen_helper_neon_mull_u16(dest, a, b); break;
3898 case 4:
3899 tmp = gen_muls_i64_i32(a, b);
3900 tcg_gen_mov_i64(dest, tmp);
3901 tcg_temp_free_i64(tmp);
3902 break;
3903 case 5:
3904 tmp = gen_mulu_i64_i32(a, b);
3905 tcg_gen_mov_i64(dest, tmp);
3906 tcg_temp_free_i64(tmp);
3907 break;
3908 default: abort();
3909 }
3910
3911 /* gen_helper_neon_mull_[su]{8|16} do not free their parameters.
3912 Don't forget to clean them now. */
3913 if (size < 2) {
3914 tcg_temp_free_i32(a);
3915 tcg_temp_free_i32(b);
3916 }
3917 }
3918
3919 static void gen_neon_narrow_op(int op, int u, int size,
3920 TCGv_i32 dest, TCGv_i64 src)
3921 {
3922 if (op) {
3923 if (u) {
3924 gen_neon_unarrow_sats(size, dest, src);
3925 } else {
3926 gen_neon_narrow(size, dest, src);
3927 }
3928 } else {
3929 if (u) {
3930 gen_neon_narrow_satu(size, dest, src);
3931 } else {
3932 gen_neon_narrow_sats(size, dest, src);
3933 }
3934 }
3935 }
3936
3937 /* Symbolic constants for op fields for Neon 3-register same-length.
3938 * The values correspond to bits [11:8,4]; see the ARM ARM DDI0406B
3939 * table A7-9.
3940 */
3941 #define NEON_3R_VHADD 0
3942 #define NEON_3R_VQADD 1
3943 #define NEON_3R_VRHADD 2
3944 #define NEON_3R_LOGIC 3 /* VAND,VBIC,VORR,VMOV,VORN,VEOR,VBIF,VBIT,VBSL */
3945 #define NEON_3R_VHSUB 4
3946 #define NEON_3R_VQSUB 5
3947 #define NEON_3R_VCGT 6
3948 #define NEON_3R_VCGE 7
3949 #define NEON_3R_VSHL 8
3950 #define NEON_3R_VQSHL 9
3951 #define NEON_3R_VRSHL 10
3952 #define NEON_3R_VQRSHL 11
3953 #define NEON_3R_VMAX 12
3954 #define NEON_3R_VMIN 13
3955 #define NEON_3R_VABD 14
3956 #define NEON_3R_VABA 15
3957 #define NEON_3R_VADD_VSUB 16
3958 #define NEON_3R_VTST_VCEQ 17
3959 #define NEON_3R_VML 18 /* VMLA, VMLS */
3960 #define NEON_3R_VMUL 19
3961 #define NEON_3R_VPMAX 20
3962 #define NEON_3R_VPMIN 21
3963 #define NEON_3R_VQDMULH_VQRDMULH 22
3964 #define NEON_3R_VPADD_VQRDMLAH 23
3965 #define NEON_3R_SHA 24 /* SHA1C,SHA1P,SHA1M,SHA1SU0,SHA256H{2},SHA256SU1 */
3966 #define NEON_3R_VFM_VQRDMLSH 25 /* VFMA, VFMS, VQRDMLSH */
3967 #define NEON_3R_FLOAT_ARITH 26 /* float VADD, VSUB, VPADD, VABD */
3968 #define NEON_3R_FLOAT_MULTIPLY 27 /* float VMLA, VMLS, VMUL */
3969 #define NEON_3R_FLOAT_CMP 28 /* float VCEQ, VCGE, VCGT */
3970 #define NEON_3R_FLOAT_ACMP 29 /* float VACGE, VACGT, VACLE, VACLT */
3971 #define NEON_3R_FLOAT_MINMAX 30 /* float VMIN, VMAX */
3972 #define NEON_3R_FLOAT_MISC 31 /* float VRECPS, VRSQRTS, VMAXNM/MINNM */
3973
3974 static const uint8_t neon_3r_sizes[] = {
3975 [NEON_3R_VHADD] = 0x7,
3976 [NEON_3R_VQADD] = 0xf,
3977 [NEON_3R_VRHADD] = 0x7,
3978 [NEON_3R_LOGIC] = 0xf, /* size field encodes op type */
3979 [NEON_3R_VHSUB] = 0x7,
3980 [NEON_3R_VQSUB] = 0xf,
3981 [NEON_3R_VCGT] = 0x7,
3982 [NEON_3R_VCGE] = 0x7,
3983 [NEON_3R_VSHL] = 0xf,
3984 [NEON_3R_VQSHL] = 0xf,
3985 [NEON_3R_VRSHL] = 0xf,
3986 [NEON_3R_VQRSHL] = 0xf,
3987 [NEON_3R_VMAX] = 0x7,
3988 [NEON_3R_VMIN] = 0x7,
3989 [NEON_3R_VABD] = 0x7,
3990 [NEON_3R_VABA] = 0x7,
3991 [NEON_3R_VADD_VSUB] = 0xf,
3992 [NEON_3R_VTST_VCEQ] = 0x7,
3993 [NEON_3R_VML] = 0x7,
3994 [NEON_3R_VMUL] = 0x7,
3995 [NEON_3R_VPMAX] = 0x7,
3996 [NEON_3R_VPMIN] = 0x7,
3997 [NEON_3R_VQDMULH_VQRDMULH] = 0x6,
3998 [NEON_3R_VPADD_VQRDMLAH] = 0x7,
3999 [NEON_3R_SHA] = 0xf, /* size field encodes op type */
4000 [NEON_3R_VFM_VQRDMLSH] = 0x7, /* For VFM, size bit 1 encodes op */
4001 [NEON_3R_FLOAT_ARITH] = 0x5, /* size bit 1 encodes op */
4002 [NEON_3R_FLOAT_MULTIPLY] = 0x5, /* size bit 1 encodes op */
4003 [NEON_3R_FLOAT_CMP] = 0x5, /* size bit 1 encodes op */
4004 [NEON_3R_FLOAT_ACMP] = 0x5, /* size bit 1 encodes op */
4005 [NEON_3R_FLOAT_MINMAX] = 0x5, /* size bit 1 encodes op */
4006 [NEON_3R_FLOAT_MISC] = 0x5, /* size bit 1 encodes op */
4007 };
4008
4009 /* Symbolic constants for op fields for Neon 2-register miscellaneous.
4010 * The values correspond to bits [17:16,10:7]; see the ARM ARM DDI0406B
4011 * table A7-13.
4012 */
4013 #define NEON_2RM_VREV64 0
4014 #define NEON_2RM_VREV32 1
4015 #define NEON_2RM_VREV16 2
4016 #define NEON_2RM_VPADDL 4
4017 #define NEON_2RM_VPADDL_U 5
4018 #define NEON_2RM_AESE 6 /* Includes AESD */
4019 #define NEON_2RM_AESMC 7 /* Includes AESIMC */
4020 #define NEON_2RM_VCLS 8
4021 #define NEON_2RM_VCLZ 9
4022 #define NEON_2RM_VCNT 10
4023 #define NEON_2RM_VMVN 11
4024 #define NEON_2RM_VPADAL 12
4025 #define NEON_2RM_VPADAL_U 13
4026 #define NEON_2RM_VQABS 14
4027 #define NEON_2RM_VQNEG 15
4028 #define NEON_2RM_VCGT0 16
4029 #define NEON_2RM_VCGE0 17
4030 #define NEON_2RM_VCEQ0 18
4031 #define NEON_2RM_VCLE0 19
4032 #define NEON_2RM_VCLT0 20
4033 #define NEON_2RM_SHA1H 21
4034 #define NEON_2RM_VABS 22
4035 #define NEON_2RM_VNEG 23
4036 #define NEON_2RM_VCGT0_F 24
4037 #define NEON_2RM_VCGE0_F 25
4038 #define NEON_2RM_VCEQ0_F 26
4039 #define NEON_2RM_VCLE0_F 27
4040 #define NEON_2RM_VCLT0_F 28
4041 #define NEON_2RM_VABS_F 30
4042 #define NEON_2RM_VNEG_F 31
4043 #define NEON_2RM_VSWP 32
4044 #define NEON_2RM_VTRN 33
4045 #define NEON_2RM_VUZP 34
4046 #define NEON_2RM_VZIP 35
4047 #define NEON_2RM_VMOVN 36 /* Includes VQMOVN, VQMOVUN */
4048 #define NEON_2RM_VQMOVN 37 /* Includes VQMOVUN */
4049 #define NEON_2RM_VSHLL 38
4050 #define NEON_2RM_SHA1SU1 39 /* Includes SHA256SU0 */
4051 #define NEON_2RM_VRINTN 40
4052 #define NEON_2RM_VRINTX 41
4053 #define NEON_2RM_VRINTA 42
4054 #define NEON_2RM_VRINTZ 43
4055 #define NEON_2RM_VCVT_F16_F32 44
4056 #define NEON_2RM_VRINTM 45
4057 #define NEON_2RM_VCVT_F32_F16 46
4058 #define NEON_2RM_VRINTP 47
4059 #define NEON_2RM_VCVTAU 48
4060 #define NEON_2RM_VCVTAS 49
4061 #define NEON_2RM_VCVTNU 50
4062 #define NEON_2RM_VCVTNS 51
4063 #define NEON_2RM_VCVTPU 52
4064 #define NEON_2RM_VCVTPS 53
4065 #define NEON_2RM_VCVTMU 54
4066 #define NEON_2RM_VCVTMS 55
4067 #define NEON_2RM_VRECPE 56
4068 #define NEON_2RM_VRSQRTE 57
4069 #define NEON_2RM_VRECPE_F 58
4070 #define NEON_2RM_VRSQRTE_F 59
4071 #define NEON_2RM_VCVT_FS 60
4072 #define NEON_2RM_VCVT_FU 61
4073 #define NEON_2RM_VCVT_SF 62
4074 #define NEON_2RM_VCVT_UF 63
4075
4076 static bool neon_2rm_is_v8_op(int op)
4077 {
4078 /* Return true if this neon 2reg-misc op is ARMv8 and up */
4079 switch (op) {
4080 case NEON_2RM_VRINTN:
4081 case NEON_2RM_VRINTA:
4082 case NEON_2RM_VRINTM:
4083 case NEON_2RM_VRINTP:
4084 case NEON_2RM_VRINTZ:
4085 case NEON_2RM_VRINTX:
4086 case NEON_2RM_VCVTAU:
4087 case NEON_2RM_VCVTAS:
4088 case NEON_2RM_VCVTNU:
4089 case NEON_2RM_VCVTNS:
4090 case NEON_2RM_VCVTPU:
4091 case NEON_2RM_VCVTPS:
4092 case NEON_2RM_VCVTMU:
4093 case NEON_2RM_VCVTMS:
4094 return true;
4095 default:
4096 return false;
4097 }
4098 }
4099
4100 /* Each entry in this array has bit n set if the insn allows
4101 * size value n (otherwise it will UNDEF). Since unallocated
4102 * op values will have no bits set they always UNDEF.
4103 */
4104 static const uint8_t neon_2rm_sizes[] = {
4105 [NEON_2RM_VREV64] = 0x7,
4106 [NEON_2RM_VREV32] = 0x3,
4107 [NEON_2RM_VREV16] = 0x1,
4108 [NEON_2RM_VPADDL] = 0x7,
4109 [NEON_2RM_VPADDL_U] = 0x7,
4110 [NEON_2RM_AESE] = 0x1,
4111 [NEON_2RM_AESMC] = 0x1,
4112 [NEON_2RM_VCLS] = 0x7,
4113 [NEON_2RM_VCLZ] = 0x7,
4114 [NEON_2RM_VCNT] = 0x1,
4115 [NEON_2RM_VMVN] = 0x1,
4116 [NEON_2RM_VPADAL] = 0x7,
4117 [NEON_2RM_VPADAL_U] = 0x7,
4118 [NEON_2RM_VQABS] = 0x7,
4119 [NEON_2RM_VQNEG] = 0x7,
4120 [NEON_2RM_VCGT0] = 0x7,
4121 [NEON_2RM_VCGE0] = 0x7,
4122 [NEON_2RM_VCEQ0] = 0x7,
4123 [NEON_2RM_VCLE0] = 0x7,
4124 [NEON_2RM_VCLT0] = 0x7,
4125 [NEON_2RM_SHA1H] = 0x4,
4126 [NEON_2RM_VABS] = 0x7,
4127 [NEON_2RM_VNEG] = 0x7,
4128 [NEON_2RM_VCGT0_F] = 0x4,
4129 [NEON_2RM_VCGE0_F] = 0x4,
4130 [NEON_2RM_VCEQ0_F] = 0x4,
4131 [NEON_2RM_VCLE0_F] = 0x4,
4132 [NEON_2RM_VCLT0_F] = 0x4,
4133 [NEON_2RM_VABS_F] = 0x4,
4134 [NEON_2RM_VNEG_F] = 0x4,
4135 [NEON_2RM_VSWP] = 0x1,
4136 [NEON_2RM_VTRN] = 0x7,
4137 [NEON_2RM_VUZP] = 0x7,
4138 [NEON_2RM_VZIP] = 0x7,
4139 [NEON_2RM_VMOVN] = 0x7,
4140 [NEON_2RM_VQMOVN] = 0x7,
4141 [NEON_2RM_VSHLL] = 0x7,
4142 [NEON_2RM_SHA1SU1] = 0x4,
4143 [NEON_2RM_VRINTN] = 0x4,
4144 [NEON_2RM_VRINTX] = 0x4,
4145 [NEON_2RM_VRINTA] = 0x4,
4146 [NEON_2RM_VRINTZ] = 0x4,
4147 [NEON_2RM_VCVT_F16_F32] = 0x2,
4148 [NEON_2RM_VRINTM] = 0x4,
4149 [NEON_2RM_VCVT_F32_F16] = 0x2,
4150 [NEON_2RM_VRINTP] = 0x4,
4151 [NEON_2RM_VCVTAU] = 0x4,
4152 [NEON_2RM_VCVTAS] = 0x4,
4153 [NEON_2RM_VCVTNU] = 0x4,
4154 [NEON_2RM_VCVTNS] = 0x4,
4155 [NEON_2RM_VCVTPU] = 0x4,
4156 [NEON_2RM_VCVTPS] = 0x4,
4157 [NEON_2RM_VCVTMU] = 0x4,
4158 [NEON_2RM_VCVTMS] = 0x4,
4159 [NEON_2RM_VRECPE] = 0x4,
4160 [NEON_2RM_VRSQRTE] = 0x4,
4161 [NEON_2RM_VRECPE_F] = 0x4,
4162 [NEON_2RM_VRSQRTE_F] = 0x4,
4163 [NEON_2RM_VCVT_FS] = 0x4,
4164 [NEON_2RM_VCVT_FU] = 0x4,
4165 [NEON_2RM_VCVT_SF] = 0x4,
4166 [NEON_2RM_VCVT_UF] = 0x4,
4167 };
4168
4169
4170 /* Expand v8.1 simd helper. */
4171 static int do_v81_helper(DisasContext *s, gen_helper_gvec_3_ptr *fn,
4172 int q, int rd, int rn, int rm)
4173 {
4174 if (dc_isar_feature(aa32_rdm, s)) {
4175 int opr_sz = (1 + q) * 8;
4176 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd),
4177 vfp_reg_offset(1, rn),
4178 vfp_reg_offset(1, rm), cpu_env,
4179 opr_sz, opr_sz, 0, fn);
4180 return 0;
4181 }
4182 return 1;
4183 }
4184
4185 static void gen_ssra8_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4186 {
4187 tcg_gen_vec_sar8i_i64(a, a, shift);
4188 tcg_gen_vec_add8_i64(d, d, a);
4189 }
4190
4191 static void gen_ssra16_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4192 {
4193 tcg_gen_vec_sar16i_i64(a, a, shift);
4194 tcg_gen_vec_add16_i64(d, d, a);
4195 }
4196
4197 static void gen_ssra32_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4198 {
4199 tcg_gen_sari_i32(a, a, shift);
4200 tcg_gen_add_i32(d, d, a);
4201 }
4202
4203 static void gen_ssra64_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4204 {
4205 tcg_gen_sari_i64(a, a, shift);
4206 tcg_gen_add_i64(d, d, a);
4207 }
4208
4209 static void gen_ssra_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4210 {
4211 tcg_gen_sari_vec(vece, a, a, sh);
4212 tcg_gen_add_vec(vece, d, d, a);
4213 }
4214
4215 static const TCGOpcode vecop_list_ssra[] = {
4216 INDEX_op_sari_vec, INDEX_op_add_vec, 0
4217 };
4218
4219 const GVecGen2i ssra_op[4] = {
4220 { .fni8 = gen_ssra8_i64,
4221 .fniv = gen_ssra_vec,
4222 .load_dest = true,
4223 .opt_opc = vecop_list_ssra,
4224 .vece = MO_8 },
4225 { .fni8 = gen_ssra16_i64,
4226 .fniv = gen_ssra_vec,
4227 .load_dest = true,
4228 .opt_opc = vecop_list_ssra,
4229 .vece = MO_16 },
4230 { .fni4 = gen_ssra32_i32,
4231 .fniv = gen_ssra_vec,
4232 .load_dest = true,
4233 .opt_opc = vecop_list_ssra,
4234 .vece = MO_32 },
4235 { .fni8 = gen_ssra64_i64,
4236 .fniv = gen_ssra_vec,
4237 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4238 .opt_opc = vecop_list_ssra,
4239 .load_dest = true,
4240 .vece = MO_64 },
4241 };
4242
4243 static void gen_usra8_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4244 {
4245 tcg_gen_vec_shr8i_i64(a, a, shift);
4246 tcg_gen_vec_add8_i64(d, d, a);
4247 }
4248
4249 static void gen_usra16_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4250 {
4251 tcg_gen_vec_shr16i_i64(a, a, shift);
4252 tcg_gen_vec_add16_i64(d, d, a);
4253 }
4254
4255 static void gen_usra32_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4256 {
4257 tcg_gen_shri_i32(a, a, shift);
4258 tcg_gen_add_i32(d, d, a);
4259 }
4260
4261 static void gen_usra64_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4262 {
4263 tcg_gen_shri_i64(a, a, shift);
4264 tcg_gen_add_i64(d, d, a);
4265 }
4266
4267 static void gen_usra_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4268 {
4269 tcg_gen_shri_vec(vece, a, a, sh);
4270 tcg_gen_add_vec(vece, d, d, a);
4271 }
4272
4273 static const TCGOpcode vecop_list_usra[] = {
4274 INDEX_op_shri_vec, INDEX_op_add_vec, 0
4275 };
4276
4277 const GVecGen2i usra_op[4] = {
4278 { .fni8 = gen_usra8_i64,
4279 .fniv = gen_usra_vec,
4280 .load_dest = true,
4281 .opt_opc = vecop_list_usra,
4282 .vece = MO_8, },
4283 { .fni8 = gen_usra16_i64,
4284 .fniv = gen_usra_vec,
4285 .load_dest = true,
4286 .opt_opc = vecop_list_usra,
4287 .vece = MO_16, },
4288 { .fni4 = gen_usra32_i32,
4289 .fniv = gen_usra_vec,
4290 .load_dest = true,
4291 .opt_opc = vecop_list_usra,
4292 .vece = MO_32, },
4293 { .fni8 = gen_usra64_i64,
4294 .fniv = gen_usra_vec,
4295 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4296 .load_dest = true,
4297 .opt_opc = vecop_list_usra,
4298 .vece = MO_64, },
4299 };
4300
4301 static void gen_shr8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4302 {
4303 uint64_t mask = dup_const(MO_8, 0xff >> shift);
4304 TCGv_i64 t = tcg_temp_new_i64();
4305
4306 tcg_gen_shri_i64(t, a, shift);
4307 tcg_gen_andi_i64(t, t, mask);
4308 tcg_gen_andi_i64(d, d, ~mask);
4309 tcg_gen_or_i64(d, d, t);
4310 tcg_temp_free_i64(t);
4311 }
4312
4313 static void gen_shr16_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4314 {
4315 uint64_t mask = dup_const(MO_16, 0xffff >> shift);
4316 TCGv_i64 t = tcg_temp_new_i64();
4317
4318 tcg_gen_shri_i64(t, a, shift);
4319 tcg_gen_andi_i64(t, t, mask);
4320 tcg_gen_andi_i64(d, d, ~mask);
4321 tcg_gen_or_i64(d, d, t);
4322 tcg_temp_free_i64(t);
4323 }
4324
4325 static void gen_shr32_ins_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4326 {
4327 tcg_gen_shri_i32(a, a, shift);
4328 tcg_gen_deposit_i32(d, d, a, 0, 32 - shift);
4329 }
4330
4331 static void gen_shr64_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4332 {
4333 tcg_gen_shri_i64(a, a, shift);
4334 tcg_gen_deposit_i64(d, d, a, 0, 64 - shift);
4335 }
4336
4337 static void gen_shr_ins_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4338 {
4339 if (sh == 0) {
4340 tcg_gen_mov_vec(d, a);
4341 } else {
4342 TCGv_vec t = tcg_temp_new_vec_matching(d);
4343 TCGv_vec m = tcg_temp_new_vec_matching(d);
4344
4345 tcg_gen_dupi_vec(vece, m, MAKE_64BIT_MASK((8 << vece) - sh, sh));
4346 tcg_gen_shri_vec(vece, t, a, sh);
4347 tcg_gen_and_vec(vece, d, d, m);
4348 tcg_gen_or_vec(vece, d, d, t);
4349
4350 tcg_temp_free_vec(t);
4351 tcg_temp_free_vec(m);
4352 }
4353 }
4354
4355 static const TCGOpcode vecop_list_sri[] = { INDEX_op_shri_vec, 0 };
4356
4357 const GVecGen2i sri_op[4] = {
4358 { .fni8 = gen_shr8_ins_i64,
4359 .fniv = gen_shr_ins_vec,
4360 .load_dest = true,
4361 .opt_opc = vecop_list_sri,
4362 .vece = MO_8 },
4363 { .fni8 = gen_shr16_ins_i64,
4364 .fniv = gen_shr_ins_vec,
4365 .load_dest = true,
4366 .opt_opc = vecop_list_sri,
4367 .vece = MO_16 },
4368 { .fni4 = gen_shr32_ins_i32,
4369 .fniv = gen_shr_ins_vec,
4370 .load_dest = true,
4371 .opt_opc = vecop_list_sri,
4372 .vece = MO_32 },
4373 { .fni8 = gen_shr64_ins_i64,
4374 .fniv = gen_shr_ins_vec,
4375 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4376 .load_dest = true,
4377 .opt_opc = vecop_list_sri,
4378 .vece = MO_64 },
4379 };
4380
4381 static void gen_shl8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4382 {
4383 uint64_t mask = dup_const(MO_8, 0xff << shift);
4384 TCGv_i64 t = tcg_temp_new_i64();
4385
4386 tcg_gen_shli_i64(t, a, shift);
4387 tcg_gen_andi_i64(t, t, mask);
4388 tcg_gen_andi_i64(d, d, ~mask);
4389 tcg_gen_or_i64(d, d, t);
4390 tcg_temp_free_i64(t);
4391 }
4392
4393 static void gen_shl16_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4394 {
4395 uint64_t mask = dup_const(MO_16, 0xffff << shift);
4396 TCGv_i64 t = tcg_temp_new_i64();
4397
4398 tcg_gen_shli_i64(t, a, shift);
4399 tcg_gen_andi_i64(t, t, mask);
4400 tcg_gen_andi_i64(d, d, ~mask);
4401 tcg_gen_or_i64(d, d, t);
4402 tcg_temp_free_i64(t);
4403 }
4404
4405 static void gen_shl32_ins_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4406 {
4407 tcg_gen_deposit_i32(d, d, a, shift, 32 - shift);
4408 }
4409
4410 static void gen_shl64_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4411 {
4412 tcg_gen_deposit_i64(d, d, a, shift, 64 - shift);
4413 }
4414
4415 static void gen_shl_ins_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4416 {
4417 if (sh == 0) {
4418 tcg_gen_mov_vec(d, a);
4419 } else {
4420 TCGv_vec t = tcg_temp_new_vec_matching(d);
4421 TCGv_vec m = tcg_temp_new_vec_matching(d);
4422
4423 tcg_gen_dupi_vec(vece, m, MAKE_64BIT_MASK(0, sh));
4424 tcg_gen_shli_vec(vece, t, a, sh);
4425 tcg_gen_and_vec(vece, d, d, m);
4426 tcg_gen_or_vec(vece, d, d, t);
4427
4428 tcg_temp_free_vec(t);
4429 tcg_temp_free_vec(m);
4430 }
4431 }
4432
4433 static const TCGOpcode vecop_list_sli[] = { INDEX_op_shli_vec, 0 };
4434
4435 const GVecGen2i sli_op[4] = {
4436 { .fni8 = gen_shl8_ins_i64,
4437 .fniv = gen_shl_ins_vec,
4438 .load_dest = true,
4439 .opt_opc = vecop_list_sli,
4440 .vece = MO_8 },
4441 { .fni8 = gen_shl16_ins_i64,
4442 .fniv = gen_shl_ins_vec,
4443 .load_dest = true,
4444 .opt_opc = vecop_list_sli,
4445 .vece = MO_16 },
4446 { .fni4 = gen_shl32_ins_i32,
4447 .fniv = gen_shl_ins_vec,
4448 .load_dest = true,
4449 .opt_opc = vecop_list_sli,
4450 .vece = MO_32 },
4451 { .fni8 = gen_shl64_ins_i64,
4452 .fniv = gen_shl_ins_vec,
4453 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4454 .load_dest = true,
4455 .opt_opc = vecop_list_sli,
4456 .vece = MO_64 },
4457 };
4458
4459 static void gen_mla8_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4460 {
4461 gen_helper_neon_mul_u8(a, a, b);
4462 gen_helper_neon_add_u8(d, d, a);
4463 }
4464
4465 static void gen_mls8_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4466 {
4467 gen_helper_neon_mul_u8(a, a, b);
4468 gen_helper_neon_sub_u8(d, d, a);
4469 }
4470
4471 static void gen_mla16_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4472 {
4473 gen_helper_neon_mul_u16(a, a, b);
4474 gen_helper_neon_add_u16(d, d, a);
4475 }
4476
4477 static void gen_mls16_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4478 {
4479 gen_helper_neon_mul_u16(a, a, b);
4480 gen_helper_neon_sub_u16(d, d, a);
4481 }
4482
4483 static void gen_mla32_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4484 {
4485 tcg_gen_mul_i32(a, a, b);
4486 tcg_gen_add_i32(d, d, a);
4487 }
4488
4489 static void gen_mls32_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4490 {
4491 tcg_gen_mul_i32(a, a, b);
4492 tcg_gen_sub_i32(d, d, a);
4493 }
4494
4495 static void gen_mla64_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4496 {
4497 tcg_gen_mul_i64(a, a, b);
4498 tcg_gen_add_i64(d, d, a);
4499 }
4500
4501 static void gen_mls64_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4502 {
4503 tcg_gen_mul_i64(a, a, b);
4504 tcg_gen_sub_i64(d, d, a);
4505 }
4506
4507 static void gen_mla_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4508 {
4509 tcg_gen_mul_vec(vece, a, a, b);
4510 tcg_gen_add_vec(vece, d, d, a);
4511 }
4512
4513 static void gen_mls_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4514 {
4515 tcg_gen_mul_vec(vece, a, a, b);
4516 tcg_gen_sub_vec(vece, d, d, a);
4517 }
4518
4519 /* Note that while NEON does not support VMLA and VMLS as 64-bit ops,
4520 * these tables are shared with AArch64 which does support them.
4521 */
4522
4523 static const TCGOpcode vecop_list_mla[] = {
4524 INDEX_op_mul_vec, INDEX_op_add_vec, 0
4525 };
4526
4527 static const TCGOpcode vecop_list_mls[] = {
4528 INDEX_op_mul_vec, INDEX_op_sub_vec, 0
4529 };
4530
4531 const GVecGen3 mla_op[4] = {
4532 { .fni4 = gen_mla8_i32,
4533 .fniv = gen_mla_vec,
4534 .load_dest = true,
4535 .opt_opc = vecop_list_mla,
4536 .vece = MO_8 },
4537 { .fni4 = gen_mla16_i32,
4538 .fniv = gen_mla_vec,
4539 .load_dest = true,
4540 .opt_opc = vecop_list_mla,
4541 .vece = MO_16 },
4542 { .fni4 = gen_mla32_i32,
4543 .fniv = gen_mla_vec,
4544 .load_dest = true,
4545 .opt_opc = vecop_list_mla,
4546 .vece = MO_32 },
4547 { .fni8 = gen_mla64_i64,
4548 .fniv = gen_mla_vec,
4549 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4550 .load_dest = true,
4551 .opt_opc = vecop_list_mla,
4552 .vece = MO_64 },
4553 };
4554
4555 const GVecGen3 mls_op[4] = {
4556 { .fni4 = gen_mls8_i32,
4557 .fniv = gen_mls_vec,
4558 .load_dest = true,
4559 .opt_opc = vecop_list_mls,
4560 .vece = MO_8 },
4561 { .fni4 = gen_mls16_i32,
4562 .fniv = gen_mls_vec,
4563 .load_dest = true,
4564 .opt_opc = vecop_list_mls,
4565 .vece = MO_16 },
4566 { .fni4 = gen_mls32_i32,
4567 .fniv = gen_mls_vec,
4568 .load_dest = true,
4569 .opt_opc = vecop_list_mls,
4570 .vece = MO_32 },
4571 { .fni8 = gen_mls64_i64,
4572 .fniv = gen_mls_vec,
4573 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4574 .load_dest = true,
4575 .opt_opc = vecop_list_mls,
4576 .vece = MO_64 },
4577 };
4578
4579 /* CMTST : test is "if (X & Y != 0)". */
4580 static void gen_cmtst_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4581 {
4582 tcg_gen_and_i32(d, a, b);
4583 tcg_gen_setcondi_i32(TCG_COND_NE, d, d, 0);
4584 tcg_gen_neg_i32(d, d);
4585 }
4586
4587 void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4588 {
4589 tcg_gen_and_i64(d, a, b);
4590 tcg_gen_setcondi_i64(TCG_COND_NE, d, d, 0);
4591 tcg_gen_neg_i64(d, d);
4592 }
4593
4594 static void gen_cmtst_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4595 {
4596 tcg_gen_and_vec(vece, d, a, b);
4597 tcg_gen_dupi_vec(vece, a, 0);
4598 tcg_gen_cmp_vec(TCG_COND_NE, vece, d, d, a);
4599 }
4600
4601 static const TCGOpcode vecop_list_cmtst[] = { INDEX_op_cmp_vec, 0 };
4602
4603 const GVecGen3 cmtst_op[4] = {
4604 { .fni4 = gen_helper_neon_tst_u8,
4605 .fniv = gen_cmtst_vec,
4606 .opt_opc = vecop_list_cmtst,
4607 .vece = MO_8 },
4608 { .fni4 = gen_helper_neon_tst_u16,
4609 .fniv = gen_cmtst_vec,
4610 .opt_opc = vecop_list_cmtst,
4611 .vece = MO_16 },
4612 { .fni4 = gen_cmtst_i32,
4613 .fniv = gen_cmtst_vec,
4614 .opt_opc = vecop_list_cmtst,
4615 .vece = MO_32 },
4616 { .fni8 = gen_cmtst_i64,
4617 .fniv = gen_cmtst_vec,
4618 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4619 .opt_opc = vecop_list_cmtst,
4620 .vece = MO_64 },
4621 };
4622
4623 static void gen_uqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4624 TCGv_vec a, TCGv_vec b)
4625 {
4626 TCGv_vec x = tcg_temp_new_vec_matching(t);
4627 tcg_gen_add_vec(vece, x, a, b);
4628 tcg_gen_usadd_vec(vece, t, a, b);
4629 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4630 tcg_gen_or_vec(vece, sat, sat, x);
4631 tcg_temp_free_vec(x);
4632 }
4633
4634 static const TCGOpcode vecop_list_uqadd[] = {
4635 INDEX_op_usadd_vec, INDEX_op_cmp_vec, INDEX_op_add_vec, 0
4636 };
4637
4638 const GVecGen4 uqadd_op[4] = {
4639 { .fniv = gen_uqadd_vec,
4640 .fno = gen_helper_gvec_uqadd_b,
4641 .write_aofs = true,
4642 .opt_opc = vecop_list_uqadd,
4643 .vece = MO_8 },
4644 { .fniv = gen_uqadd_vec,
4645 .fno = gen_helper_gvec_uqadd_h,
4646 .write_aofs = true,
4647 .opt_opc = vecop_list_uqadd,
4648 .vece = MO_16 },
4649 { .fniv = gen_uqadd_vec,
4650 .fno = gen_helper_gvec_uqadd_s,
4651 .write_aofs = true,
4652 .opt_opc = vecop_list_uqadd,
4653 .vece = MO_32 },
4654 { .fniv = gen_uqadd_vec,
4655 .fno = gen_helper_gvec_uqadd_d,
4656 .write_aofs = true,
4657 .opt_opc = vecop_list_uqadd,
4658 .vece = MO_64 },
4659 };
4660
4661 static void gen_sqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4662 TCGv_vec a, TCGv_vec b)
4663 {
4664 TCGv_vec x = tcg_temp_new_vec_matching(t);
4665 tcg_gen_add_vec(vece, x, a, b);
4666 tcg_gen_ssadd_vec(vece, t, a, b);
4667 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4668 tcg_gen_or_vec(vece, sat, sat, x);
4669 tcg_temp_free_vec(x);
4670 }
4671
4672 static const TCGOpcode vecop_list_sqadd[] = {
4673 INDEX_op_ssadd_vec, INDEX_op_cmp_vec, INDEX_op_add_vec, 0
4674 };
4675
4676 const GVecGen4 sqadd_op[4] = {
4677 { .fniv = gen_sqadd_vec,
4678 .fno = gen_helper_gvec_sqadd_b,
4679 .opt_opc = vecop_list_sqadd,
4680 .write_aofs = true,
4681 .vece = MO_8 },
4682 { .fniv = gen_sqadd_vec,
4683 .fno = gen_helper_gvec_sqadd_h,
4684 .opt_opc = vecop_list_sqadd,
4685 .write_aofs = true,
4686 .vece = MO_16 },
4687 { .fniv = gen_sqadd_vec,
4688 .fno = gen_helper_gvec_sqadd_s,
4689 .opt_opc = vecop_list_sqadd,
4690 .write_aofs = true,
4691 .vece = MO_32 },
4692 { .fniv = gen_sqadd_vec,
4693 .fno = gen_helper_gvec_sqadd_d,
4694 .opt_opc = vecop_list_sqadd,
4695 .write_aofs = true,
4696 .vece = MO_64 },
4697 };
4698
4699 static void gen_uqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4700 TCGv_vec a, TCGv_vec b)
4701 {
4702 TCGv_vec x = tcg_temp_new_vec_matching(t);
4703 tcg_gen_sub_vec(vece, x, a, b);
4704 tcg_gen_ussub_vec(vece, t, a, b);
4705 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4706 tcg_gen_or_vec(vece, sat, sat, x);
4707 tcg_temp_free_vec(x);
4708 }
4709
4710 static const TCGOpcode vecop_list_uqsub[] = {
4711 INDEX_op_ussub_vec, INDEX_op_cmp_vec, INDEX_op_sub_vec, 0
4712 };
4713
4714 const GVecGen4 uqsub_op[4] = {
4715 { .fniv = gen_uqsub_vec,
4716 .fno = gen_helper_gvec_uqsub_b,
4717 .opt_opc = vecop_list_uqsub,
4718 .write_aofs = true,
4719 .vece = MO_8 },
4720 { .fniv = gen_uqsub_vec,
4721 .fno = gen_helper_gvec_uqsub_h,
4722 .opt_opc = vecop_list_uqsub,
4723 .write_aofs = true,
4724 .vece = MO_16 },
4725 { .fniv = gen_uqsub_vec,
4726 .fno = gen_helper_gvec_uqsub_s,
4727 .opt_opc = vecop_list_uqsub,
4728 .write_aofs = true,
4729 .vece = MO_32 },
4730 { .fniv = gen_uqsub_vec,
4731 .fno = gen_helper_gvec_uqsub_d,
4732 .opt_opc = vecop_list_uqsub,
4733 .write_aofs = true,
4734 .vece = MO_64 },
4735 };
4736
4737 static void gen_sqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4738 TCGv_vec a, TCGv_vec b)
4739 {
4740 TCGv_vec x = tcg_temp_new_vec_matching(t);
4741 tcg_gen_sub_vec(vece, x, a, b);
4742 tcg_gen_sssub_vec(vece, t, a, b);
4743 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4744 tcg_gen_or_vec(vece, sat, sat, x);
4745 tcg_temp_free_vec(x);
4746 }
4747
4748 static const TCGOpcode vecop_list_sqsub[] = {
4749 INDEX_op_sssub_vec, INDEX_op_cmp_vec, INDEX_op_sub_vec, 0
4750 };
4751
4752 const GVecGen4 sqsub_op[4] = {
4753 { .fniv = gen_sqsub_vec,
4754 .fno = gen_helper_gvec_sqsub_b,
4755 .opt_opc = vecop_list_sqsub,
4756 .write_aofs = true,
4757 .vece = MO_8 },
4758 { .fniv = gen_sqsub_vec,
4759 .fno = gen_helper_gvec_sqsub_h,
4760 .opt_opc = vecop_list_sqsub,
4761 .write_aofs = true,
4762 .vece = MO_16 },
4763 { .fniv = gen_sqsub_vec,
4764 .fno = gen_helper_gvec_sqsub_s,
4765 .opt_opc = vecop_list_sqsub,
4766 .write_aofs = true,
4767 .vece = MO_32 },
4768 { .fniv = gen_sqsub_vec,
4769 .fno = gen_helper_gvec_sqsub_d,
4770 .opt_opc = vecop_list_sqsub,
4771 .write_aofs = true,
4772 .vece = MO_64 },
4773 };
4774
4775 /* Translate a NEON data processing instruction. Return nonzero if the
4776 instruction is invalid.
4777 We process data in a mixture of 32-bit and 64-bit chunks.
4778 Mostly we use 32-bit chunks so we can use normal scalar instructions. */
4779
4780 static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
4781 {
4782 int op;
4783 int q;
4784 int rd, rn, rm, rd_ofs, rn_ofs, rm_ofs;
4785 int size;
4786 int shift;
4787 int pass;
4788 int count;
4789 int pairwise;
4790 int u;
4791 int vec_size;
4792 uint32_t imm;
4793 TCGv_i32 tmp, tmp2, tmp3, tmp4, tmp5;
4794 TCGv_ptr ptr1, ptr2, ptr3;
4795 TCGv_i64 tmp64;
4796
4797 /* FIXME: this access check should not take precedence over UNDEF
4798 * for invalid encodings; we will generate incorrect syndrome information
4799 * for attempts to execute invalid vfp/neon encodings with FP disabled.
4800 */
4801 if (s->fp_excp_el) {
4802 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
4803 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
4804 return 0;
4805 }
4806
4807 if (!s->vfp_enabled)
4808 return 1;
4809 q = (insn & (1 << 6)) != 0;
4810 u = (insn >> 24) & 1;
4811 VFP_DREG_D(rd, insn);
4812 VFP_DREG_N(rn, insn);
4813 VFP_DREG_M(rm, insn);
4814 size = (insn >> 20) & 3;
4815 vec_size = q ? 16 : 8;
4816 rd_ofs = neon_reg_offset(rd, 0);
4817 rn_ofs = neon_reg_offset(rn, 0);
4818 rm_ofs = neon_reg_offset(rm, 0);
4819
4820 if ((insn & (1 << 23)) == 0) {
4821 /* Three register same length. */
4822 op = ((insn >> 7) & 0x1e) | ((insn >> 4) & 1);
4823 /* Catch invalid op and bad size combinations: UNDEF */
4824 if ((neon_3r_sizes[op] & (1 << size)) == 0) {
4825 return 1;
4826 }
4827 /* All insns of this form UNDEF for either this condition or the
4828 * superset of cases "Q==1"; we catch the latter later.
4829 */
4830 if (q && ((rd | rn | rm) & 1)) {
4831 return 1;
4832 }
4833 switch (op) {
4834 case NEON_3R_SHA:
4835 /* The SHA-1/SHA-256 3-register instructions require special
4836 * treatment here, as their size field is overloaded as an
4837 * op type selector, and they all consume their input in a
4838 * single pass.
4839 */
4840 if (!q) {
4841 return 1;
4842 }
4843 if (!u) { /* SHA-1 */
4844 if (!dc_isar_feature(aa32_sha1, s)) {
4845 return 1;
4846 }
4847 ptr1 = vfp_reg_ptr(true, rd);
4848 ptr2 = vfp_reg_ptr(true, rn);
4849 ptr3 = vfp_reg_ptr(true, rm);
4850 tmp4 = tcg_const_i32(size);
4851 gen_helper_crypto_sha1_3reg(ptr1, ptr2, ptr3, tmp4);
4852 tcg_temp_free_i32(tmp4);
4853 } else { /* SHA-256 */
4854 if (!dc_isar_feature(aa32_sha2, s) || size == 3) {
4855 return 1;
4856 }
4857 ptr1 = vfp_reg_ptr(true, rd);
4858 ptr2 = vfp_reg_ptr(true, rn);
4859 ptr3 = vfp_reg_ptr(true, rm);
4860 switch (size) {
4861 case 0:
4862 gen_helper_crypto_sha256h(ptr1, ptr2, ptr3);
4863 break;
4864 case 1:
4865 gen_helper_crypto_sha256h2(ptr1, ptr2, ptr3);
4866 break;
4867 case 2:
4868 gen_helper_crypto_sha256su1(ptr1, ptr2, ptr3);
4869 break;
4870 }
4871 }
4872 tcg_temp_free_ptr(ptr1);
4873 tcg_temp_free_ptr(ptr2);
4874 tcg_temp_free_ptr(ptr3);
4875 return 0;
4876
4877 case NEON_3R_VPADD_VQRDMLAH:
4878 if (!u) {
4879 break; /* VPADD */
4880 }
4881 /* VQRDMLAH */
4882 switch (size) {
4883 case 1:
4884 return do_v81_helper(s, gen_helper_gvec_qrdmlah_s16,
4885 q, rd, rn, rm);
4886 case 2:
4887 return do_v81_helper(s, gen_helper_gvec_qrdmlah_s32,
4888 q, rd, rn, rm);
4889 }
4890 return 1;
4891
4892 case NEON_3R_VFM_VQRDMLSH:
4893 if (!u) {
4894 /* VFM, VFMS */
4895 if (size == 1) {
4896 return 1;
4897 }
4898 break;
4899 }
4900 /* VQRDMLSH */
4901 switch (size) {
4902 case 1:
4903 return do_v81_helper(s, gen_helper_gvec_qrdmlsh_s16,
4904 q, rd, rn, rm);
4905 case 2:
4906 return do_v81_helper(s, gen_helper_gvec_qrdmlsh_s32,
4907 q, rd, rn, rm);
4908 }
4909 return 1;
4910
4911 case NEON_3R_LOGIC: /* Logic ops. */
4912 switch ((u << 2) | size) {
4913 case 0: /* VAND */
4914 tcg_gen_gvec_and(0, rd_ofs, rn_ofs, rm_ofs,
4915 vec_size, vec_size);
4916 break;
4917 case 1: /* VBIC */
4918 tcg_gen_gvec_andc(0, rd_ofs, rn_ofs, rm_ofs,
4919 vec_size, vec_size);
4920 break;
4921 case 2: /* VORR */
4922 tcg_gen_gvec_or(0, rd_ofs, rn_ofs, rm_ofs,
4923 vec_size, vec_size);
4924 break;
4925 case 3: /* VORN */
4926 tcg_gen_gvec_orc(0, rd_ofs, rn_ofs, rm_ofs,
4927 vec_size, vec_size);
4928 break;
4929 case 4: /* VEOR */
4930 tcg_gen_gvec_xor(0, rd_ofs, rn_ofs, rm_ofs,
4931 vec_size, vec_size);
4932 break;
4933 case 5: /* VBSL */
4934 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rd_ofs, rn_ofs, rm_ofs,
4935 vec_size, vec_size);
4936 break;
4937 case 6: /* VBIT */
4938 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rm_ofs, rn_ofs, rd_ofs,
4939 vec_size, vec_size);
4940 break;
4941 case 7: /* VBIF */
4942 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rm_ofs, rd_ofs, rn_ofs,
4943 vec_size, vec_size);
4944 break;
4945 }
4946 return 0;
4947
4948 case NEON_3R_VADD_VSUB:
4949 if (u) {
4950 tcg_gen_gvec_sub(size, rd_ofs, rn_ofs, rm_ofs,
4951 vec_size, vec_size);
4952 } else {
4953 tcg_gen_gvec_add(size, rd_ofs, rn_ofs, rm_ofs,
4954 vec_size, vec_size);
4955 }
4956 return 0;
4957
4958 case NEON_3R_VQADD:
4959 tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
4960 rn_ofs, rm_ofs, vec_size, vec_size,
4961 (u ? uqadd_op : sqadd_op) + size);
4962 return 0;
4963
4964 case NEON_3R_VQSUB:
4965 tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
4966 rn_ofs, rm_ofs, vec_size, vec_size,
4967 (u ? uqsub_op : sqsub_op) + size);
4968 return 0;
4969
4970 case NEON_3R_VMUL: /* VMUL */
4971 if (u) {
4972 /* Polynomial case allows only P8 and is handled below. */
4973 if (size != 0) {
4974 return 1;
4975 }
4976 } else {
4977 tcg_gen_gvec_mul(size, rd_ofs, rn_ofs, rm_ofs,
4978 vec_size, vec_size);
4979 return 0;
4980 }
4981 break;
4982
4983 case NEON_3R_VML: /* VMLA, VMLS */
4984 tcg_gen_gvec_3(rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size,
4985 u ? &mls_op[size] : &mla_op[size]);
4986 return 0;
4987
4988 case NEON_3R_VTST_VCEQ:
4989 if (u) { /* VCEQ */
4990 tcg_gen_gvec_cmp(TCG_COND_EQ, size, rd_ofs, rn_ofs, rm_ofs,
4991 vec_size, vec_size);
4992 } else { /* VTST */
4993 tcg_gen_gvec_3(rd_ofs, rn_ofs, rm_ofs,
4994 vec_size, vec_size, &cmtst_op[size]);
4995 }
4996 return 0;
4997
4998 case NEON_3R_VCGT:
4999 tcg_gen_gvec_cmp(u ? TCG_COND_GTU : TCG_COND_GT, size,
5000 rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size);
5001 return 0;
5002
5003 case NEON_3R_VCGE:
5004 tcg_gen_gvec_cmp(u ? TCG_COND_GEU : TCG_COND_GE, size,
5005 rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size);
5006 return 0;
5007
5008 case NEON_3R_VMAX:
5009 if (u) {
5010 tcg_gen_gvec_umax(size, rd_ofs, rn_ofs, rm_ofs,
5011 vec_size, vec_size);
5012 } else {
5013 tcg_gen_gvec_smax(size, rd_ofs, rn_ofs, rm_ofs,
5014 vec_size, vec_size);
5015 }
5016 return 0;
5017 case NEON_3R_VMIN:
5018 if (u) {
5019 tcg_gen_gvec_umin(size, rd_ofs, rn_ofs, rm_ofs,
5020 vec_size, vec_size);
5021 } else {
5022 tcg_gen_gvec_smin(size, rd_ofs, rn_ofs, rm_ofs,
5023 vec_size, vec_size);
5024 }
5025 return 0;
5026 }
5027
5028 if (size == 3) {
5029 /* 64-bit element instructions. */
5030 for (pass = 0; pass < (q ? 2 : 1); pass++) {
5031 neon_load_reg64(cpu_V0, rn + pass);
5032 neon_load_reg64(cpu_V1, rm + pass);
5033 switch (op) {
5034 case NEON_3R_VSHL:
5035 if (u) {
5036 gen_helper_neon_shl_u64(cpu_V0, cpu_V1, cpu_V0);
5037 } else {
5038 gen_helper_neon_shl_s64(cpu_V0, cpu_V1, cpu_V0);
5039 }
5040 break;
5041 case NEON_3R_VQSHL:
5042 if (u) {
5043 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5044 cpu_V1, cpu_V0);
5045 } else {
5046 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5047 cpu_V1, cpu_V0);
5048 }
5049 break;
5050 case NEON_3R_VRSHL:
5051 if (u) {
5052 gen_helper_neon_rshl_u64(cpu_V0, cpu_V1, cpu_V0);
5053 } else {
5054 gen_helper_neon_rshl_s64(cpu_V0, cpu_V1, cpu_V0);
5055 }
5056 break;
5057 case NEON_3R_VQRSHL:
5058 if (u) {
5059 gen_helper_neon_qrshl_u64(cpu_V0, cpu_env,
5060 cpu_V1, cpu_V0);
5061 } else {
5062 gen_helper_neon_qrshl_s64(cpu_V0, cpu_env,
5063 cpu_V1, cpu_V0);
5064 }
5065 break;
5066 default:
5067 abort();
5068 }
5069 neon_store_reg64(cpu_V0, rd + pass);
5070 }
5071 return 0;
5072 }
5073 pairwise = 0;
5074 switch (op) {
5075 case NEON_3R_VSHL:
5076 case NEON_3R_VQSHL:
5077 case NEON_3R_VRSHL:
5078 case NEON_3R_VQRSHL:
5079 {
5080 int rtmp;
5081 /* Shift instruction operands are reversed. */
5082 rtmp = rn;
5083 rn = rm;
5084 rm = rtmp;
5085 }
5086 break;
5087 case NEON_3R_VPADD_VQRDMLAH:
5088 case NEON_3R_VPMAX:
5089 case NEON_3R_VPMIN:
5090 pairwise = 1;
5091 break;
5092 case NEON_3R_FLOAT_ARITH:
5093 pairwise = (u && size < 2); /* if VPADD (float) */
5094 break;
5095 case NEON_3R_FLOAT_MINMAX:
5096 pairwise = u; /* if VPMIN/VPMAX (float) */
5097 break;
5098 case NEON_3R_FLOAT_CMP:
5099 if (!u && size) {
5100 /* no encoding for U=0 C=1x */
5101 return 1;
5102 }
5103 break;
5104 case NEON_3R_FLOAT_ACMP:
5105 if (!u) {
5106 return 1;
5107 }
5108 break;
5109 case NEON_3R_FLOAT_MISC:
5110 /* VMAXNM/VMINNM in ARMv8 */
5111 if (u && !arm_dc_feature(s, ARM_FEATURE_V8)) {
5112 return 1;
5113 }
5114 break;
5115 case NEON_3R_VFM_VQRDMLSH:
5116 if (!arm_dc_feature(s, ARM_FEATURE_VFP4)) {
5117 return 1;
5118 }
5119 break;
5120 default:
5121 break;
5122 }
5123
5124 if (pairwise && q) {
5125 /* All the pairwise insns UNDEF if Q is set */
5126 return 1;
5127 }
5128
5129 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5130
5131 if (pairwise) {
5132 /* Pairwise. */
5133 if (pass < 1) {
5134 tmp = neon_load_reg(rn, 0);
5135 tmp2 = neon_load_reg(rn, 1);
5136 } else {
5137 tmp = neon_load_reg(rm, 0);
5138 tmp2 = neon_load_reg(rm, 1);
5139 }
5140 } else {
5141 /* Elementwise. */
5142 tmp = neon_load_reg(rn, pass);
5143 tmp2 = neon_load_reg(rm, pass);
5144 }
5145 switch (op) {
5146 case NEON_3R_VHADD:
5147 GEN_NEON_INTEGER_OP(hadd);
5148 break;
5149 case NEON_3R_VRHADD:
5150 GEN_NEON_INTEGER_OP(rhadd);
5151 break;
5152 case NEON_3R_VHSUB:
5153 GEN_NEON_INTEGER_OP(hsub);
5154 break;
5155 case NEON_3R_VSHL:
5156 GEN_NEON_INTEGER_OP(shl);
5157 break;
5158 case NEON_3R_VQSHL:
5159 GEN_NEON_INTEGER_OP_ENV(qshl);
5160 break;
5161 case NEON_3R_VRSHL:
5162 GEN_NEON_INTEGER_OP(rshl);
5163 break;
5164 case NEON_3R_VQRSHL:
5165 GEN_NEON_INTEGER_OP_ENV(qrshl);
5166 break;
5167 case NEON_3R_VABD:
5168 GEN_NEON_INTEGER_OP(abd);
5169 break;
5170 case NEON_3R_VABA:
5171 GEN_NEON_INTEGER_OP(abd);
5172 tcg_temp_free_i32(tmp2);
5173 tmp2 = neon_load_reg(rd, pass);
5174 gen_neon_add(size, tmp, tmp2);
5175 break;
5176 case NEON_3R_VMUL:
5177 /* VMUL.P8; other cases already eliminated. */
5178 gen_helper_neon_mul_p8(tmp, tmp, tmp2);
5179 break;
5180 case NEON_3R_VPMAX:
5181 GEN_NEON_INTEGER_OP(pmax);
5182 break;
5183 case NEON_3R_VPMIN:
5184 GEN_NEON_INTEGER_OP(pmin);
5185 break;
5186 case NEON_3R_VQDMULH_VQRDMULH: /* Multiply high. */
5187 if (!u) { /* VQDMULH */
5188 switch (size) {
5189 case 1:
5190 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
5191 break;
5192 case 2:
5193 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
5194 break;
5195 default: abort();
5196 }
5197 } else { /* VQRDMULH */
5198 switch (size) {
5199 case 1:
5200 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
5201 break;
5202 case 2:
5203 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
5204 break;
5205 default: abort();
5206 }
5207 }
5208 break;
5209 case NEON_3R_VPADD_VQRDMLAH:
5210 switch (size) {
5211 case 0: gen_helper_neon_padd_u8(tmp, tmp, tmp2); break;
5212 case 1: gen_helper_neon_padd_u16(tmp, tmp, tmp2); break;
5213 case 2: tcg_gen_add_i32(tmp, tmp, tmp2); break;
5214 default: abort();
5215 }
5216 break;
5217 case NEON_3R_FLOAT_ARITH: /* Floating point arithmetic. */
5218 {
5219 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5220 switch ((u << 2) | size) {
5221 case 0: /* VADD */
5222 case 4: /* VPADD */
5223 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
5224 break;
5225 case 2: /* VSUB */
5226 gen_helper_vfp_subs(tmp, tmp, tmp2, fpstatus);
5227 break;
5228 case 6: /* VABD */
5229 gen_helper_neon_abd_f32(tmp, tmp, tmp2, fpstatus);
5230 break;
5231 default:
5232 abort();
5233 }
5234 tcg_temp_free_ptr(fpstatus);
5235 break;
5236 }
5237 case NEON_3R_FLOAT_MULTIPLY:
5238 {
5239 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5240 gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
5241 if (!u) {
5242 tcg_temp_free_i32(tmp2);
5243 tmp2 = neon_load_reg(rd, pass);
5244 if (size == 0) {
5245 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
5246 } else {
5247 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
5248 }
5249 }
5250 tcg_temp_free_ptr(fpstatus);
5251 break;
5252 }
5253 case NEON_3R_FLOAT_CMP:
5254 {
5255 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5256 if (!u) {
5257 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
5258 } else {
5259 if (size == 0) {
5260 gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
5261 } else {
5262 gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
5263 }
5264 }
5265 tcg_temp_free_ptr(fpstatus);
5266 break;
5267 }
5268 case NEON_3R_FLOAT_ACMP:
5269 {
5270 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5271 if (size == 0) {
5272 gen_helper_neon_acge_f32(tmp, tmp, tmp2, fpstatus);
5273 } else {
5274 gen_helper_neon_acgt_f32(tmp, tmp, tmp2, fpstatus);
5275 }
5276 tcg_temp_free_ptr(fpstatus);
5277 break;
5278 }
5279 case NEON_3R_FLOAT_MINMAX:
5280 {
5281 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5282 if (size == 0) {
5283 gen_helper_vfp_maxs(tmp, tmp, tmp2, fpstatus);
5284 } else {
5285 gen_helper_vfp_mins(tmp, tmp, tmp2, fpstatus);
5286 }
5287 tcg_temp_free_ptr(fpstatus);
5288 break;
5289 }
5290 case NEON_3R_FLOAT_MISC:
5291 if (u) {
5292 /* VMAXNM/VMINNM */
5293 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5294 if (size == 0) {
5295 gen_helper_vfp_maxnums(tmp, tmp, tmp2, fpstatus);
5296 } else {
5297 gen_helper_vfp_minnums(tmp, tmp, tmp2, fpstatus);
5298 }
5299 tcg_temp_free_ptr(fpstatus);
5300 } else {
5301 if (size == 0) {
5302 gen_helper_recps_f32(tmp, tmp, tmp2, cpu_env);
5303 } else {
5304 gen_helper_rsqrts_f32(tmp, tmp, tmp2, cpu_env);
5305 }
5306 }
5307 break;
5308 case NEON_3R_VFM_VQRDMLSH:
5309 {
5310 /* VFMA, VFMS: fused multiply-add */
5311 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5312 TCGv_i32 tmp3 = neon_load_reg(rd, pass);
5313 if (size) {
5314 /* VFMS */
5315 gen_helper_vfp_negs(tmp, tmp);
5316 }
5317 gen_helper_vfp_muladds(tmp, tmp, tmp2, tmp3, fpstatus);
5318 tcg_temp_free_i32(tmp3);
5319 tcg_temp_free_ptr(fpstatus);
5320 break;
5321 }
5322 default:
5323 abort();
5324 }
5325 tcg_temp_free_i32(tmp2);
5326
5327 /* Save the result. For elementwise operations we can put it
5328 straight into the destination register. For pairwise operations
5329 we have to be careful to avoid clobbering the source operands. */
5330 if (pairwise && rd == rm) {
5331 neon_store_scratch(pass, tmp);
5332 } else {
5333 neon_store_reg(rd, pass, tmp);
5334 }
5335
5336 } /* for pass */
5337 if (pairwise && rd == rm) {
5338 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5339 tmp = neon_load_scratch(pass);
5340 neon_store_reg(rd, pass, tmp);
5341 }
5342 }
5343 /* End of 3 register same size operations. */
5344 } else if (insn & (1 << 4)) {
5345 if ((insn & 0x00380080) != 0) {
5346 /* Two registers and shift. */
5347 op = (insn >> 8) & 0xf;
5348 if (insn & (1 << 7)) {
5349 /* 64-bit shift. */
5350 if (op > 7) {
5351 return 1;
5352 }
5353 size = 3;
5354 } else {
5355 size = 2;
5356 while ((insn & (1 << (size + 19))) == 0)
5357 size--;
5358 }
5359 shift = (insn >> 16) & ((1 << (3 + size)) - 1);
5360 if (op < 8) {
5361 /* Shift by immediate:
5362 VSHR, VSRA, VRSHR, VRSRA, VSRI, VSHL, VQSHL, VQSHLU. */
5363 if (q && ((rd | rm) & 1)) {
5364 return 1;
5365 }
5366 if (!u && (op == 4 || op == 6)) {
5367 return 1;
5368 }
5369 /* Right shifts are encoded as N - shift, where N is the
5370 element size in bits. */
5371 if (op <= 4) {
5372 shift = shift - (1 << (size + 3));
5373 }
5374
5375 switch (op) {
5376 case 0: /* VSHR */
5377 /* Right shift comes here negative. */
5378 shift = -shift;
5379 /* Shifts larger than the element size are architecturally
5380 * valid. Unsigned results in all zeros; signed results
5381 * in all sign bits.
5382 */
5383 if (!u) {
5384 tcg_gen_gvec_sari(size, rd_ofs, rm_ofs,
5385 MIN(shift, (8 << size) - 1),
5386 vec_size, vec_size);
5387 } else if (shift >= 8 << size) {
5388 tcg_gen_gvec_dup8i(rd_ofs, vec_size, vec_size, 0);
5389 } else {
5390 tcg_gen_gvec_shri(size, rd_ofs, rm_ofs, shift,
5391 vec_size, vec_size);
5392 }
5393 return 0;
5394
5395 case 1: /* VSRA */
5396 /* Right shift comes here negative. */
5397 shift = -shift;
5398 /* Shifts larger than the element size are architecturally
5399 * valid. Unsigned results in all zeros; signed results
5400 * in all sign bits.
5401 */
5402 if (!u) {
5403 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5404 MIN(shift, (8 << size) - 1),
5405 &ssra_op[size]);
5406 } else if (shift >= 8 << size) {
5407 /* rd += 0 */
5408 } else {
5409 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5410 shift, &usra_op[size]);
5411 }
5412 return 0;
5413
5414 case 4: /* VSRI */
5415 if (!u) {
5416 return 1;
5417 }
5418 /* Right shift comes here negative. */
5419 shift = -shift;
5420 /* Shift out of range leaves destination unchanged. */
5421 if (shift < 8 << size) {
5422 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5423 shift, &sri_op[size]);
5424 }
5425 return 0;
5426
5427 case 5: /* VSHL, VSLI */
5428 if (u) { /* VSLI */
5429 /* Shift out of range leaves destination unchanged. */
5430 if (shift < 8 << size) {
5431 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size,
5432 vec_size, shift, &sli_op[size]);
5433 }
5434 } else { /* VSHL */
5435 /* Shifts larger than the element size are
5436 * architecturally valid and results in zero.
5437 */
5438 if (shift >= 8 << size) {
5439 tcg_gen_gvec_dup8i(rd_ofs, vec_size, vec_size, 0);
5440 } else {
5441 tcg_gen_gvec_shli(size, rd_ofs, rm_ofs, shift,
5442 vec_size, vec_size);
5443 }
5444 }
5445 return 0;
5446 }
5447
5448 if (size == 3) {
5449 count = q + 1;
5450 } else {
5451 count = q ? 4: 2;
5452 }
5453
5454 /* To avoid excessive duplication of ops we implement shift
5455 * by immediate using the variable shift operations.
5456 */
5457 imm = dup_const(size, shift);
5458
5459 for (pass = 0; pass < count; pass++) {
5460 if (size == 3) {
5461 neon_load_reg64(cpu_V0, rm + pass);
5462 tcg_gen_movi_i64(cpu_V1, imm);
5463 switch (op) {
5464 case 2: /* VRSHR */
5465 case 3: /* VRSRA */
5466 if (u)
5467 gen_helper_neon_rshl_u64(cpu_V0, cpu_V0, cpu_V1);
5468 else
5469 gen_helper_neon_rshl_s64(cpu_V0, cpu_V0, cpu_V1);
5470 break;
5471 case 6: /* VQSHLU */
5472 gen_helper_neon_qshlu_s64(cpu_V0, cpu_env,
5473 cpu_V0, cpu_V1);
5474 break;
5475 case 7: /* VQSHL */
5476 if (u) {
5477 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5478 cpu_V0, cpu_V1);
5479 } else {
5480 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5481 cpu_V0, cpu_V1);
5482 }
5483 break;
5484 default:
5485 g_assert_not_reached();
5486 }
5487 if (op == 3) {
5488 /* Accumulate. */
5489 neon_load_reg64(cpu_V1, rd + pass);
5490 tcg_gen_add_i64(cpu_V0, cpu_V0, cpu_V1);
5491 }
5492 neon_store_reg64(cpu_V0, rd + pass);
5493 } else { /* size < 3 */
5494 /* Operands in T0 and T1. */
5495 tmp = neon_load_reg(rm, pass);
5496 tmp2 = tcg_temp_new_i32();
5497 tcg_gen_movi_i32(tmp2, imm);
5498 switch (op) {
5499 case 2: /* VRSHR */
5500 case 3: /* VRSRA */
5501 GEN_NEON_INTEGER_OP(rshl);
5502 break;
5503 case 6: /* VQSHLU */
5504 switch (size) {
5505 case 0:
5506 gen_helper_neon_qshlu_s8(tmp, cpu_env,
5507 tmp, tmp2);
5508 break;
5509 case 1:
5510 gen_helper_neon_qshlu_s16(tmp, cpu_env,
5511 tmp, tmp2);
5512 break;
5513 case 2:
5514 gen_helper_neon_qshlu_s32(tmp, cpu_env,
5515 tmp, tmp2);
5516 break;
5517 default:
5518 abort();
5519 }
5520 break;
5521 case 7: /* VQSHL */
5522 GEN_NEON_INTEGER_OP_ENV(qshl);
5523 break;
5524 default:
5525 g_assert_not_reached();
5526 }
5527 tcg_temp_free_i32(tmp2);
5528
5529 if (op == 3) {
5530 /* Accumulate. */
5531 tmp2 = neon_load_reg(rd, pass);
5532 gen_neon_add(size, tmp, tmp2);
5533 tcg_temp_free_i32(tmp2);
5534 }
5535 neon_store_reg(rd, pass, tmp);
5536 }
5537 } /* for pass */
5538 } else if (op < 10) {
5539 /* Shift by immediate and narrow:
5540 VSHRN, VRSHRN, VQSHRN, VQRSHRN. */
5541 int input_unsigned = (op == 8) ? !u : u;
5542 if (rm & 1) {
5543 return 1;
5544 }
5545 shift = shift - (1 << (size + 3));
5546 size++;
5547 if (size == 3) {
5548 tmp64 = tcg_const_i64(shift);
5549 neon_load_reg64(cpu_V0, rm);
5550 neon_load_reg64(cpu_V1, rm + 1);
5551 for (pass = 0; pass < 2; pass++) {
5552 TCGv_i64 in;
5553 if (pass == 0) {
5554 in = cpu_V0;
5555 } else {
5556 in = cpu_V1;
5557 }
5558 if (q) {
5559 if (input_unsigned) {
5560 gen_helper_neon_rshl_u64(cpu_V0, in, tmp64);
5561 } else {
5562 gen_helper_neon_rshl_s64(cpu_V0, in, tmp64);
5563 }
5564 } else {
5565 if (input_unsigned) {
5566 gen_helper_neon_shl_u64(cpu_V0, in, tmp64);
5567 } else {
5568 gen_helper_neon_shl_s64(cpu_V0, in, tmp64);
5569 }
5570 }
5571 tmp = tcg_temp_new_i32();
5572 gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
5573 neon_store_reg(rd, pass, tmp);
5574 } /* for pass */
5575 tcg_temp_free_i64(tmp64);
5576 } else {
5577 if (size == 1) {
5578 imm = (uint16_t)shift;
5579 imm |= imm << 16;
5580 } else {
5581 /* size == 2 */
5582 imm = (uint32_t)shift;
5583 }
5584 tmp2 = tcg_const_i32(imm);
5585 tmp4 = neon_load_reg(rm + 1, 0);
5586 tmp5 = neon_load_reg(rm + 1, 1);
5587 for (pass = 0; pass < 2; pass++) {
5588 if (pass == 0) {
5589 tmp = neon_load_reg(rm, 0);
5590 } else {
5591 tmp = tmp4;
5592 }
5593 gen_neon_shift_narrow(size, tmp, tmp2, q,
5594 input_unsigned);
5595 if (pass == 0) {
5596 tmp3 = neon_load_reg(rm, 1);
5597 } else {
5598 tmp3 = tmp5;
5599 }
5600 gen_neon_shift_narrow(size, tmp3, tmp2, q,
5601 input_unsigned);
5602 tcg_gen_concat_i32_i64(cpu_V0, tmp, tmp3);
5603 tcg_temp_free_i32(tmp);
5604 tcg_temp_free_i32(tmp3);
5605 tmp = tcg_temp_new_i32();
5606 gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
5607 neon_store_reg(rd, pass, tmp);
5608 } /* for pass */
5609 tcg_temp_free_i32(tmp2);
5610 }
5611 } else if (op == 10) {
5612 /* VSHLL, VMOVL */
5613 if (q || (rd & 1)) {
5614 return 1;
5615 }
5616 tmp = neon_load_reg(rm, 0);
5617 tmp2 = neon_load_reg(rm, 1);
5618 for (pass = 0; pass < 2; pass++) {
5619 if (pass == 1)
5620 tmp = tmp2;
5621
5622 gen_neon_widen(cpu_V0, tmp, size, u);
5623
5624 if (shift != 0) {
5625 /* The shift is less than the width of the source
5626 type, so we can just shift the whole register. */
5627 tcg_gen_shli_i64(cpu_V0, cpu_V0, shift);
5628 /* Widen the result of shift: we need to clear
5629 * the potential overflow bits resulting from
5630 * left bits of the narrow input appearing as
5631 * right bits of left the neighbour narrow
5632 * input. */
5633 if (size < 2 || !u) {
5634 uint64_t imm64;
5635 if (size == 0) {
5636 imm = (0xffu >> (8 - shift));
5637 imm |= imm << 16;
5638 } else if (size == 1) {
5639 imm = 0xffff >> (16 - shift);
5640 } else {
5641 /* size == 2 */
5642 imm = 0xffffffff >> (32 - shift);
5643 }
5644 if (size < 2) {
5645 imm64 = imm | (((uint64_t)imm) << 32);
5646 } else {
5647 imm64 = imm;
5648 }
5649 tcg_gen_andi_i64(cpu_V0, cpu_V0, ~imm64);
5650 }
5651 }
5652 neon_store_reg64(cpu_V0, rd + pass);
5653 }
5654 } else if (op >= 14) {
5655 /* VCVT fixed-point. */
5656 TCGv_ptr fpst;
5657 TCGv_i32 shiftv;
5658 VFPGenFixPointFn *fn;
5659
5660 if (!(insn & (1 << 21)) || (q && ((rd | rm) & 1))) {
5661 return 1;
5662 }
5663
5664 if (!(op & 1)) {
5665 if (u) {
5666 fn = gen_helper_vfp_ultos;
5667 } else {
5668 fn = gen_helper_vfp_sltos;
5669 }
5670 } else {
5671 if (u) {
5672 fn = gen_helper_vfp_touls_round_to_zero;
5673 } else {
5674 fn = gen_helper_vfp_tosls_round_to_zero;
5675 }
5676 }
5677
5678 /* We have already masked out the must-be-1 top bit of imm6,
5679 * hence this 32-shift where the ARM ARM has 64-imm6.
5680 */
5681 shift = 32 - shift;
5682 fpst = get_fpstatus_ptr(1);
5683 shiftv = tcg_const_i32(shift);
5684 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5685 TCGv_i32 tmpf = neon_load_reg(rm, pass);
5686 fn(tmpf, tmpf, shiftv, fpst);
5687 neon_store_reg(rd, pass, tmpf);
5688 }
5689 tcg_temp_free_ptr(fpst);
5690 tcg_temp_free_i32(shiftv);
5691 } else {
5692 return 1;
5693 }
5694 } else { /* (insn & 0x00380080) == 0 */
5695 int invert, reg_ofs, vec_size;
5696
5697 if (q && (rd & 1)) {
5698 return 1;
5699 }
5700
5701 op = (insn >> 8) & 0xf;
5702 /* One register and immediate. */
5703 imm = (u << 7) | ((insn >> 12) & 0x70) | (insn & 0xf);
5704 invert = (insn & (1 << 5)) != 0;
5705 /* Note that op = 2,3,4,5,6,7,10,11,12,13 imm=0 is UNPREDICTABLE.
5706 * We choose to not special-case this and will behave as if a
5707 * valid constant encoding of 0 had been given.
5708 */
5709 switch (op) {
5710 case 0: case 1:
5711 /* no-op */
5712 break;
5713 case 2: case 3:
5714 imm <<= 8;
5715 break;
5716 case 4: case 5:
5717 imm <<= 16;
5718 break;
5719 case 6: case 7:
5720 imm <<= 24;
5721 break;
5722 case 8: case 9:
5723 imm |= imm << 16;
5724 break;
5725 case 10: case 11:
5726 imm = (imm << 8) | (imm << 24);
5727 break;
5728 case 12:
5729 imm = (imm << 8) | 0xff;
5730 break;
5731 case 13:
5732 imm = (imm << 16) | 0xffff;
5733 break;
5734 case 14:
5735 imm |= (imm << 8) | (imm << 16) | (imm << 24);
5736 if (invert) {
5737 imm = ~imm;
5738 }
5739 break;
5740 case 15:
5741 if (invert) {
5742 return 1;
5743 }
5744 imm = ((imm & 0x80) << 24) | ((imm & 0x3f) << 19)
5745 | ((imm & 0x40) ? (0x1f << 25) : (1 << 30));
5746 break;
5747 }
5748 if (invert) {
5749 imm = ~imm;
5750 }
5751
5752 reg_ofs = neon_reg_offset(rd, 0);
5753 vec_size = q ? 16 : 8;
5754
5755 if (op & 1 && op < 12) {
5756 if (invert) {
5757 /* The immediate value has already been inverted,
5758 * so BIC becomes AND.
5759 */
5760 tcg_gen_gvec_andi(MO_32, reg_ofs, reg_ofs, imm,
5761 vec_size, vec_size);
5762 } else {
5763 tcg_gen_gvec_ori(MO_32, reg_ofs, reg_ofs, imm,
5764 vec_size, vec_size);
5765 }
5766 } else {
5767 /* VMOV, VMVN. */
5768 if (op == 14 && invert) {
5769 TCGv_i64 t64 = tcg_temp_new_i64();
5770
5771 for (pass = 0; pass <= q; ++pass) {
5772 uint64_t val = 0;
5773 int n;
5774
5775 for (n = 0; n < 8; n++) {
5776 if (imm & (1 << (n + pass * 8))) {
5777 val |= 0xffull << (n * 8);
5778 }
5779 }
5780 tcg_gen_movi_i64(t64, val);
5781 neon_store_reg64(t64, rd + pass);
5782 }
5783 tcg_temp_free_i64(t64);
5784 } else {
5785 tcg_gen_gvec_dup32i(reg_ofs, vec_size, vec_size, imm);
5786 }
5787 }
5788 }
5789 } else { /* (insn & 0x00800010 == 0x00800000) */
5790 if (size != 3) {
5791 op = (insn >> 8) & 0xf;
5792 if ((insn & (1 << 6)) == 0) {
5793 /* Three registers of different lengths. */
5794 int src1_wide;
5795 int src2_wide;
5796 int prewiden;
5797 /* undefreq: bit 0 : UNDEF if size == 0
5798 * bit 1 : UNDEF if size == 1
5799 * bit 2 : UNDEF if size == 2
5800 * bit 3 : UNDEF if U == 1
5801 * Note that [2:0] set implies 'always UNDEF'
5802 */
5803 int undefreq;
5804 /* prewiden, src1_wide, src2_wide, undefreq */
5805 static const int neon_3reg_wide[16][4] = {
5806 {1, 0, 0, 0}, /* VADDL */
5807 {1, 1, 0, 0}, /* VADDW */
5808 {1, 0, 0, 0}, /* VSUBL */
5809 {1, 1, 0, 0}, /* VSUBW */
5810 {0, 1, 1, 0}, /* VADDHN */
5811 {0, 0, 0, 0}, /* VABAL */
5812 {0, 1, 1, 0}, /* VSUBHN */
5813 {0, 0, 0, 0}, /* VABDL */
5814 {0, 0, 0, 0}, /* VMLAL */
5815 {0, 0, 0, 9}, /* VQDMLAL */
5816 {0, 0, 0, 0}, /* VMLSL */
5817 {0, 0, 0, 9}, /* VQDMLSL */
5818 {0, 0, 0, 0}, /* Integer VMULL */
5819 {0, 0, 0, 1}, /* VQDMULL */
5820 {0, 0, 0, 0xa}, /* Polynomial VMULL */
5821 {0, 0, 0, 7}, /* Reserved: always UNDEF */
5822 };
5823
5824 prewiden = neon_3reg_wide[op][0];
5825 src1_wide = neon_3reg_wide[op][1];
5826 src2_wide = neon_3reg_wide[op][2];
5827 undefreq = neon_3reg_wide[op][3];
5828
5829 if ((undefreq & (1 << size)) ||
5830 ((undefreq & 8) && u)) {
5831 return 1;
5832 }
5833 if ((src1_wide && (rn & 1)) ||
5834 (src2_wide && (rm & 1)) ||
5835 (!src2_wide && (rd & 1))) {
5836 return 1;
5837 }
5838
5839 /* Handle VMULL.P64 (Polynomial 64x64 to 128 bit multiply)
5840 * outside the loop below as it only performs a single pass.
5841 */
5842 if (op == 14 && size == 2) {
5843 TCGv_i64 tcg_rn, tcg_rm, tcg_rd;
5844
5845 if (!dc_isar_feature(aa32_pmull, s)) {
5846 return 1;
5847 }
5848 tcg_rn = tcg_temp_new_i64();
5849 tcg_rm = tcg_temp_new_i64();
5850 tcg_rd = tcg_temp_new_i64();
5851 neon_load_reg64(tcg_rn, rn);
5852 neon_load_reg64(tcg_rm, rm);
5853 gen_helper_neon_pmull_64_lo(tcg_rd, tcg_rn, tcg_rm);
5854 neon_store_reg64(tcg_rd, rd);
5855 gen_helper_neon_pmull_64_hi(tcg_rd, tcg_rn, tcg_rm);
5856 neon_store_reg64(tcg_rd, rd + 1);
5857 tcg_temp_free_i64(tcg_rn);
5858 tcg_temp_free_i64(tcg_rm);
5859 tcg_temp_free_i64(tcg_rd);
5860 return 0;
5861 }
5862
5863 /* Avoid overlapping operands. Wide source operands are
5864 always aligned so will never overlap with wide
5865 destinations in problematic ways. */
5866 if (rd == rm && !src2_wide) {
5867 tmp = neon_load_reg(rm, 1);
5868 neon_store_scratch(2, tmp);
5869 } else if (rd == rn && !src1_wide) {
5870 tmp = neon_load_reg(rn, 1);
5871 neon_store_scratch(2, tmp);
5872 }
5873 tmp3 = NULL;
5874 for (pass = 0; pass < 2; pass++) {
5875 if (src1_wide) {
5876 neon_load_reg64(cpu_V0, rn + pass);
5877 tmp = NULL;
5878 } else {
5879 if (pass == 1 && rd == rn) {
5880 tmp = neon_load_scratch(2);
5881 } else {
5882 tmp = neon_load_reg(rn, pass);
5883 }
5884 if (prewiden) {
5885 gen_neon_widen(cpu_V0, tmp, size, u);
5886 }
5887 }
5888 if (src2_wide) {
5889 neon_load_reg64(cpu_V1, rm + pass);
5890 tmp2 = NULL;
5891 } else {
5892 if (pass == 1 && rd == rm) {
5893 tmp2 = neon_load_scratch(2);
5894 } else {
5895 tmp2 = neon_load_reg(rm, pass);
5896 }
5897 if (prewiden) {
5898 gen_neon_widen(cpu_V1, tmp2, size, u);
5899 }
5900 }
5901 switch (op) {
5902 case 0: case 1: case 4: /* VADDL, VADDW, VADDHN, VRADDHN */
5903 gen_neon_addl(size);
5904 break;
5905 case 2: case 3: case 6: /* VSUBL, VSUBW, VSUBHN, VRSUBHN */
5906 gen_neon_subl(size);
5907 break;
5908 case 5: case 7: /* VABAL, VABDL */
5909 switch ((size << 1) | u) {
5910 case 0:
5911 gen_helper_neon_abdl_s16(cpu_V0, tmp, tmp2);
5912 break;
5913 case 1:
5914 gen_helper_neon_abdl_u16(cpu_V0, tmp, tmp2);
5915 break;
5916 case 2:
5917 gen_helper_neon_abdl_s32(cpu_V0, tmp, tmp2);
5918 break;
5919 case 3:
5920 gen_helper_neon_abdl_u32(cpu_V0, tmp, tmp2);
5921 break;
5922 case 4:
5923 gen_helper_neon_abdl_s64(cpu_V0, tmp, tmp2);
5924 break;
5925 case 5:
5926 gen_helper_neon_abdl_u64(cpu_V0, tmp, tmp2);
5927 break;
5928 default: abort();
5929 }
5930 tcg_temp_free_i32(tmp2);
5931 tcg_temp_free_i32(tmp);
5932 break;
5933 case 8: case 9: case 10: case 11: case 12: case 13:
5934 /* VMLAL, VQDMLAL, VMLSL, VQDMLSL, VMULL, VQDMULL */
5935 gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
5936 break;
5937 case 14: /* Polynomial VMULL */
5938 gen_helper_neon_mull_p8(cpu_V0, tmp, tmp2);
5939 tcg_temp_free_i32(tmp2);
5940 tcg_temp_free_i32(tmp);
5941 break;
5942 default: /* 15 is RESERVED: caught earlier */
5943 abort();
5944 }
5945 if (op == 13) {
5946 /* VQDMULL */
5947 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
5948 neon_store_reg64(cpu_V0, rd + pass);
5949 } else if (op == 5 || (op >= 8 && op <= 11)) {
5950 /* Accumulate. */
5951 neon_load_reg64(cpu_V1, rd + pass);
5952 switch (op) {
5953 case 10: /* VMLSL */
5954 gen_neon_negl(cpu_V0, size);
5955 /* Fall through */
5956 case 5: case 8: /* VABAL, VMLAL */
5957 gen_neon_addl(size);
5958 break;
5959 case 9: case 11: /* VQDMLAL, VQDMLSL */
5960 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
5961 if (op == 11) {
5962 gen_neon_negl(cpu_V0, size);
5963 }
5964 gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
5965 break;
5966 default:
5967 abort();
5968 }
5969 neon_store_reg64(cpu_V0, rd + pass);
5970 } else if (op == 4 || op == 6) {
5971 /* Narrowing operation. */
5972 tmp = tcg_temp_new_i32();
5973 if (!u) {
5974 switch (size) {
5975 case 0:
5976 gen_helper_neon_narrow_high_u8(tmp, cpu_V0);
5977 break;
5978 case 1:
5979 gen_helper_neon_narrow_high_u16(tmp, cpu_V0);
5980 break;
5981 case 2:
5982 tcg_gen_extrh_i64_i32(tmp, cpu_V0);
5983 break;
5984 default: abort();
5985 }
5986 } else {
5987 switch (size) {
5988 case 0:
5989 gen_helper_neon_narrow_round_high_u8(tmp, cpu_V0);
5990 break;
5991 case 1:
5992 gen_helper_neon_narrow_round_high_u16(tmp, cpu_V0);
5993 break;
5994 case 2:
5995 tcg_gen_addi_i64(cpu_V0, cpu_V0, 1u << 31);
5996 tcg_gen_extrh_i64_i32(tmp, cpu_V0);
5997 break;
5998 default: abort();
5999 }
6000 }
6001 if (pass == 0) {
6002 tmp3 = tmp;
6003 } else {
6004 neon_store_reg(rd, 0, tmp3);
6005 neon_store_reg(rd, 1, tmp);
6006 }
6007 } else {
6008 /* Write back the result. */
6009 neon_store_reg64(cpu_V0, rd + pass);
6010 }
6011 }
6012 } else {
6013 /* Two registers and a scalar. NB that for ops of this form
6014 * the ARM ARM labels bit 24 as Q, but it is in our variable
6015 * 'u', not 'q'.
6016 */
6017 if (size == 0) {
6018 return 1;
6019 }
6020 switch (op) {
6021 case 1: /* Float VMLA scalar */
6022 case 5: /* Floating point VMLS scalar */
6023 case 9: /* Floating point VMUL scalar */
6024 if (size == 1) {
6025 return 1;
6026 }
6027 /* fall through */
6028 case 0: /* Integer VMLA scalar */
6029 case 4: /* Integer VMLS scalar */
6030 case 8: /* Integer VMUL scalar */
6031 case 12: /* VQDMULH scalar */
6032 case 13: /* VQRDMULH scalar */
6033 if (u && ((rd | rn) & 1)) {
6034 return 1;
6035 }
6036 tmp = neon_get_scalar(size, rm);
6037 neon_store_scratch(0, tmp);
6038 for (pass = 0; pass < (u ? 4 : 2); pass++) {
6039 tmp = neon_load_scratch(0);
6040 tmp2 = neon_load_reg(rn, pass);
6041 if (op == 12) {
6042 if (size == 1) {
6043 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
6044 } else {
6045 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
6046 }
6047 } else if (op == 13) {
6048 if (size == 1) {
6049 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
6050 } else {
6051 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
6052 }
6053 } else if (op & 1) {
6054 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6055 gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
6056 tcg_temp_free_ptr(fpstatus);
6057 } else {
6058 switch (size) {
6059 case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
6060 case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
6061 case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
6062 default: abort();
6063 }
6064 }
6065 tcg_temp_free_i32(tmp2);
6066 if (op < 8) {
6067 /* Accumulate. */
6068 tmp2 = neon_load_reg(rd, pass);
6069 switch (op) {
6070 case 0:
6071 gen_neon_add(size, tmp, tmp2);
6072 break;
6073 case 1:
6074 {
6075 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6076 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
6077 tcg_temp_free_ptr(fpstatus);
6078 break;
6079 }
6080 case 4:
6081 gen_neon_rsb(size, tmp, tmp2);
6082 break;
6083 case 5:
6084 {
6085 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6086 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
6087 tcg_temp_free_ptr(fpstatus);
6088 break;
6089 }
6090 default:
6091 abort();
6092 }
6093 tcg_temp_free_i32(tmp2);
6094 }
6095 neon_store_reg(rd, pass, tmp);
6096 }
6097 break;
6098 case 3: /* VQDMLAL scalar */
6099 case 7: /* VQDMLSL scalar */
6100 case 11: /* VQDMULL scalar */
6101 if (u == 1) {
6102 return 1;
6103 }
6104 /* fall through */
6105 case 2: /* VMLAL sclar */
6106 case 6: /* VMLSL scalar */
6107 case 10: /* VMULL scalar */
6108 if (rd & 1) {
6109 return 1;
6110 }
6111 tmp2 = neon_get_scalar(size, rm);
6112 /* We need a copy of tmp2 because gen_neon_mull
6113 * deletes it during pass 0. */
6114 tmp4 = tcg_temp_new_i32();
6115 tcg_gen_mov_i32(tmp4, tmp2);
6116 tmp3 = neon_load_reg(rn, 1);
6117
6118 for (pass = 0; pass < 2; pass++) {
6119 if (pass == 0) {
6120 tmp = neon_load_reg(rn, 0);
6121 } else {
6122 tmp = tmp3;
6123 tmp2 = tmp4;
6124 }
6125 gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
6126 if (op != 11) {
6127 neon_load_reg64(cpu_V1, rd + pass);
6128 }
6129 switch (op) {
6130 case 6:
6131 gen_neon_negl(cpu_V0, size);
6132 /* Fall through */
6133 case 2:
6134 gen_neon_addl(size);
6135 break;
6136 case 3: case 7:
6137 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6138 if (op == 7) {
6139 gen_neon_negl(cpu_V0, size);
6140 }
6141 gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
6142 break;
6143 case 10:
6144 /* no-op */
6145 break;
6146 case 11:
6147 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6148 break;
6149 default:
6150 abort();
6151 }
6152 neon_store_reg64(cpu_V0, rd + pass);
6153 }
6154 break;
6155 case 14: /* VQRDMLAH scalar */
6156 case 15: /* VQRDMLSH scalar */
6157 {
6158 NeonGenThreeOpEnvFn *fn;
6159
6160 if (!dc_isar_feature(aa32_rdm, s)) {
6161 return 1;
6162 }
6163 if (u && ((rd | rn) & 1)) {
6164 return 1;
6165 }
6166 if (op == 14) {
6167 if (size == 1) {
6168 fn = gen_helper_neon_qrdmlah_s16;
6169 } else {
6170 fn = gen_helper_neon_qrdmlah_s32;
6171 }
6172 } else {
6173 if (size == 1) {
6174 fn = gen_helper_neon_qrdmlsh_s16;
6175 } else {
6176 fn = gen_helper_neon_qrdmlsh_s32;
6177 }
6178 }
6179
6180 tmp2 = neon_get_scalar(size, rm);
6181 for (pass = 0; pass < (u ? 4 : 2); pass++) {
6182 tmp = neon_load_reg(rn, pass);
6183 tmp3 = neon_load_reg(rd, pass);
6184 fn(tmp, cpu_env, tmp, tmp2, tmp3);
6185 tcg_temp_free_i32(tmp3);
6186 neon_store_reg(rd, pass, tmp);
6187 }
6188 tcg_temp_free_i32(tmp2);
6189 }
6190 break;
6191 default:
6192 g_assert_not_reached();
6193 }
6194 }
6195 } else { /* size == 3 */
6196 if (!u) {
6197 /* Extract. */
6198 imm = (insn >> 8) & 0xf;
6199
6200 if (imm > 7 && !q)
6201 return 1;
6202
6203 if (q && ((rd | rn | rm) & 1)) {
6204 return 1;
6205 }
6206
6207 if (imm == 0) {
6208 neon_load_reg64(cpu_V0, rn);
6209 if (q) {
6210 neon_load_reg64(cpu_V1, rn + 1);
6211 }
6212 } else if (imm == 8) {
6213 neon_load_reg64(cpu_V0, rn + 1);
6214 if (q) {
6215 neon_load_reg64(cpu_V1, rm);
6216 }
6217 } else if (q) {
6218 tmp64 = tcg_temp_new_i64();
6219 if (imm < 8) {
6220 neon_load_reg64(cpu_V0, rn);
6221 neon_load_reg64(tmp64, rn + 1);
6222 } else {
6223 neon_load_reg64(cpu_V0, rn + 1);
6224 neon_load_reg64(tmp64, rm);
6225 }
6226 tcg_gen_shri_i64(cpu_V0, cpu_V0, (imm & 7) * 8);
6227 tcg_gen_shli_i64(cpu_V1, tmp64, 64 - ((imm & 7) * 8));
6228 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6229 if (imm < 8) {
6230 neon_load_reg64(cpu_V1, rm);
6231 } else {
6232 neon_load_reg64(cpu_V1, rm + 1);
6233 imm -= 8;
6234 }
6235 tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6236 tcg_gen_shri_i64(tmp64, tmp64, imm * 8);
6237 tcg_gen_or_i64(cpu_V1, cpu_V1, tmp64);
6238 tcg_temp_free_i64(tmp64);
6239 } else {
6240 /* BUGFIX */
6241 neon_load_reg64(cpu_V0, rn);
6242 tcg_gen_shri_i64(cpu_V0, cpu_V0, imm * 8);
6243 neon_load_reg64(cpu_V1, rm);
6244 tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6245 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6246 }
6247 neon_store_reg64(cpu_V0, rd);
6248 if (q) {
6249 neon_store_reg64(cpu_V1, rd + 1);
6250 }
6251 } else if ((insn & (1 << 11)) == 0) {
6252 /* Two register misc. */
6253 op = ((insn >> 12) & 0x30) | ((insn >> 7) & 0xf);
6254 size = (insn >> 18) & 3;
6255 /* UNDEF for unknown op values and bad op-size combinations */
6256 if ((neon_2rm_sizes[op] & (1 << size)) == 0) {
6257 return 1;
6258 }
6259 if (neon_2rm_is_v8_op(op) &&
6260 !arm_dc_feature(s, ARM_FEATURE_V8)) {
6261 return 1;
6262 }
6263 if ((op != NEON_2RM_VMOVN && op != NEON_2RM_VQMOVN) &&
6264 q && ((rm | rd) & 1)) {
6265 return 1;
6266 }
6267 switch (op) {
6268 case NEON_2RM_VREV64:
6269 for (pass = 0; pass < (q ? 2 : 1); pass++) {
6270 tmp = neon_load_reg(rm, pass * 2);
6271 tmp2 = neon_load_reg(rm, pass * 2 + 1);
6272 switch (size) {
6273 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
6274 case 1: gen_swap_half(tmp); break;
6275 case 2: /* no-op */ break;
6276 default: abort();
6277 }
6278 neon_store_reg(rd, pass * 2 + 1, tmp);
6279 if (size == 2) {
6280 neon_store_reg(rd, pass * 2, tmp2);
6281 } else {
6282 switch (size) {
6283 case 0: tcg_gen_bswap32_i32(tmp2, tmp2); break;
6284 case 1: gen_swap_half(tmp2); break;
6285 default: abort();
6286 }
6287 neon_store_reg(rd, pass * 2, tmp2);
6288 }
6289 }
6290 break;
6291 case NEON_2RM_VPADDL: case NEON_2RM_VPADDL_U:
6292 case NEON_2RM_VPADAL: case NEON_2RM_VPADAL_U:
6293 for (pass = 0; pass < q + 1; pass++) {
6294 tmp = neon_load_reg(rm, pass * 2);
6295 gen_neon_widen(cpu_V0, tmp, size, op & 1);
6296 tmp = neon_load_reg(rm, pass * 2 + 1);
6297 gen_neon_widen(cpu_V1, tmp, size, op & 1);
6298 switch (size) {
6299 case 0: gen_helper_neon_paddl_u16(CPU_V001); break;
6300 case 1: gen_helper_neon_paddl_u32(CPU_V001); break;
6301 case 2: tcg_gen_add_i64(CPU_V001); break;
6302 default: abort();
6303 }
6304 if (op >= NEON_2RM_VPADAL) {
6305 /* Accumulate. */
6306 neon_load_reg64(cpu_V1, rd + pass);
6307 gen_neon_addl(size);
6308 }
6309 neon_store_reg64(cpu_V0, rd + pass);
6310 }
6311 break;
6312 case NEON_2RM_VTRN:
6313 if (size == 2) {
6314 int n;
6315 for (n = 0; n < (q ? 4 : 2); n += 2) {
6316 tmp = neon_load_reg(rm, n);
6317 tmp2 = neon_load_reg(rd, n + 1);
6318 neon_store_reg(rm, n, tmp2);
6319 neon_store_reg(rd, n + 1, tmp);
6320 }
6321 } else {
6322 goto elementwise;
6323 }
6324 break;
6325 case NEON_2RM_VUZP:
6326 if (gen_neon_unzip(rd, rm, size, q)) {
6327 return 1;
6328 }
6329 break;
6330 case NEON_2RM_VZIP:
6331 if (gen_neon_zip(rd, rm, size, q)) {
6332 return 1;
6333 }
6334 break;
6335 case NEON_2RM_VMOVN: case NEON_2RM_VQMOVN:
6336 /* also VQMOVUN; op field and mnemonics don't line up */
6337 if (rm & 1) {
6338 return 1;
6339 }
6340 tmp2 = NULL;
6341 for (pass = 0; pass < 2; pass++) {
6342 neon_load_reg64(cpu_V0, rm + pass);
6343 tmp = tcg_temp_new_i32();
6344 gen_neon_narrow_op(op == NEON_2RM_VMOVN, q, size,
6345 tmp, cpu_V0);
6346 if (pass == 0) {
6347 tmp2 = tmp;
6348 } else {
6349 neon_store_reg(rd, 0, tmp2);
6350 neon_store_reg(rd, 1, tmp);
6351 }
6352 }
6353 break;
6354 case NEON_2RM_VSHLL:
6355 if (q || (rd & 1)) {
6356 return 1;
6357 }
6358 tmp = neon_load_reg(rm, 0);
6359 tmp2 = neon_load_reg(rm, 1);
6360 for (pass = 0; pass < 2; pass++) {
6361 if (pass == 1)
6362 tmp = tmp2;
6363 gen_neon_widen(cpu_V0, tmp, size, 1);
6364 tcg_gen_shli_i64(cpu_V0, cpu_V0, 8 << size);
6365 neon_store_reg64(cpu_V0, rd + pass);
6366 }
6367 break;
6368 case NEON_2RM_VCVT_F16_F32:
6369 {
6370 TCGv_ptr fpst;
6371 TCGv_i32 ahp;
6372
6373 if (!dc_isar_feature(aa32_fp16_spconv, s) ||
6374 q || (rm & 1)) {
6375 return 1;
6376 }
6377 fpst = get_fpstatus_ptr(true);
6378 ahp = get_ahp_flag();
6379 tmp = neon_load_reg(rm, 0);
6380 gen_helper_vfp_fcvt_f32_to_f16(tmp, tmp, fpst, ahp);
6381 tmp2 = neon_load_reg(rm, 1);
6382 gen_helper_vfp_fcvt_f32_to_f16(tmp2, tmp2, fpst, ahp);
6383 tcg_gen_shli_i32(tmp2, tmp2, 16);
6384 tcg_gen_or_i32(tmp2, tmp2, tmp);
6385 tcg_temp_free_i32(tmp);
6386 tmp = neon_load_reg(rm, 2);
6387 gen_helper_vfp_fcvt_f32_to_f16(tmp, tmp, fpst, ahp);
6388 tmp3 = neon_load_reg(rm, 3);
6389 neon_store_reg(rd, 0, tmp2);
6390 gen_helper_vfp_fcvt_f32_to_f16(tmp3, tmp3, fpst, ahp);
6391 tcg_gen_shli_i32(tmp3, tmp3, 16);
6392 tcg_gen_or_i32(tmp3, tmp3, tmp);
6393 neon_store_reg(rd, 1, tmp3);
6394 tcg_temp_free_i32(tmp);
6395 tcg_temp_free_i32(ahp);
6396 tcg_temp_free_ptr(fpst);
6397 break;
6398 }
6399 case NEON_2RM_VCVT_F32_F16:
6400 {
6401 TCGv_ptr fpst;
6402 TCGv_i32 ahp;
6403 if (!dc_isar_feature(aa32_fp16_spconv, s) ||
6404 q || (rd & 1)) {
6405 return 1;
6406 }
6407 fpst = get_fpstatus_ptr(true);
6408 ahp = get_ahp_flag();
6409 tmp3 = tcg_temp_new_i32();
6410 tmp = neon_load_reg(rm, 0);
6411 tmp2 = neon_load_reg(rm, 1);
6412 tcg_gen_ext16u_i32(tmp3, tmp);
6413 gen_helper_vfp_fcvt_f16_to_f32(tmp3, tmp3, fpst, ahp);
6414 neon_store_reg(rd, 0, tmp3);
6415 tcg_gen_shri_i32(tmp, tmp, 16);
6416 gen_helper_vfp_fcvt_f16_to_f32(tmp, tmp, fpst, ahp);
6417 neon_store_reg(rd, 1, tmp);
6418 tmp3 = tcg_temp_new_i32();
6419 tcg_gen_ext16u_i32(tmp3, tmp2);
6420 gen_helper_vfp_fcvt_f16_to_f32(tmp3, tmp3, fpst, ahp);
6421 neon_store_reg(rd, 2, tmp3);
6422 tcg_gen_shri_i32(tmp2, tmp2, 16);
6423 gen_helper_vfp_fcvt_f16_to_f32(tmp2, tmp2, fpst, ahp);
6424 neon_store_reg(rd, 3, tmp2);
6425 tcg_temp_free_i32(ahp);
6426 tcg_temp_free_ptr(fpst);
6427 break;
6428 }
6429 case NEON_2RM_AESE: case NEON_2RM_AESMC:
6430 if (!dc_isar_feature(aa32_aes, s) || ((rm | rd) & 1)) {
6431 return 1;
6432 }
6433 ptr1 = vfp_reg_ptr(true, rd);
6434 ptr2 = vfp_reg_ptr(true, rm);
6435
6436 /* Bit 6 is the lowest opcode bit; it distinguishes between
6437 * encryption (AESE/AESMC) and decryption (AESD/AESIMC)
6438 */
6439 tmp3 = tcg_const_i32(extract32(insn, 6, 1));
6440
6441 if (op == NEON_2RM_AESE) {
6442 gen_helper_crypto_aese(ptr1, ptr2, tmp3);
6443 } else {
6444 gen_helper_crypto_aesmc(ptr1, ptr2, tmp3);
6445 }
6446 tcg_temp_free_ptr(ptr1);
6447 tcg_temp_free_ptr(ptr2);
6448 tcg_temp_free_i32(tmp3);
6449 break;
6450 case NEON_2RM_SHA1H:
6451 if (!dc_isar_feature(aa32_sha1, s) || ((rm | rd) & 1)) {
6452 return 1;
6453 }
6454 ptr1 = vfp_reg_ptr(true, rd);
6455 ptr2 = vfp_reg_ptr(true, rm);
6456
6457 gen_helper_crypto_sha1h(ptr1, ptr2);
6458
6459 tcg_temp_free_ptr(ptr1);
6460 tcg_temp_free_ptr(ptr2);
6461 break;
6462 case NEON_2RM_SHA1SU1:
6463 if ((rm | rd) & 1) {
6464 return 1;
6465 }
6466 /* bit 6 (q): set -> SHA256SU0, cleared -> SHA1SU1 */
6467 if (q) {
6468 if (!dc_isar_feature(aa32_sha2, s)) {
6469 return 1;
6470 }
6471 } else if (!dc_isar_feature(aa32_sha1, s)) {
6472 return 1;
6473 }
6474 ptr1 = vfp_reg_ptr(true, rd);
6475 ptr2 = vfp_reg_ptr(true, rm);
6476 if (q) {
6477 gen_helper_crypto_sha256su0(ptr1, ptr2);
6478 } else {
6479 gen_helper_crypto_sha1su1(ptr1, ptr2);
6480 }
6481 tcg_temp_free_ptr(ptr1);
6482 tcg_temp_free_ptr(ptr2);
6483 break;
6484
6485 case NEON_2RM_VMVN:
6486 tcg_gen_gvec_not(0, rd_ofs, rm_ofs, vec_size, vec_size);
6487 break;
6488 case NEON_2RM_VNEG:
6489 tcg_gen_gvec_neg(size, rd_ofs, rm_ofs, vec_size, vec_size);
6490 break;
6491 case NEON_2RM_VABS:
6492 tcg_gen_gvec_abs(size, rd_ofs, rm_ofs, vec_size, vec_size);
6493 break;
6494
6495 default:
6496 elementwise:
6497 for (pass = 0; pass < (q ? 4 : 2); pass++) {
6498 tmp = neon_load_reg(rm, pass);
6499 switch (op) {
6500 case NEON_2RM_VREV32:
6501 switch (size) {
6502 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
6503 case 1: gen_swap_half(tmp); break;
6504 default: abort();
6505 }
6506 break;
6507 case NEON_2RM_VREV16:
6508 gen_rev16(tmp);
6509 break;
6510 case NEON_2RM_VCLS:
6511 switch (size) {
6512 case 0: gen_helper_neon_cls_s8(tmp, tmp); break;
6513 case 1: gen_helper_neon_cls_s16(tmp, tmp); break;
6514 case 2: gen_helper_neon_cls_s32(tmp, tmp); break;
6515 default: abort();
6516 }
6517 break;
6518 case NEON_2RM_VCLZ:
6519 switch (size) {
6520 case 0: gen_helper_neon_clz_u8(tmp, tmp); break;
6521 case 1: gen_helper_neon_clz_u16(tmp, tmp); break;
6522 case 2: tcg_gen_clzi_i32(tmp, tmp, 32); break;
6523 default: abort();
6524 }
6525 break;
6526 case NEON_2RM_VCNT:
6527 gen_helper_neon_cnt_u8(tmp, tmp);
6528 break;
6529 case NEON_2RM_VQABS:
6530 switch (size) {
6531 case 0:
6532 gen_helper_neon_qabs_s8(tmp, cpu_env, tmp);
6533 break;
6534 case 1:
6535 gen_helper_neon_qabs_s16(tmp, cpu_env, tmp);
6536 break;
6537 case 2:
6538 gen_helper_neon_qabs_s32(tmp, cpu_env, tmp);
6539 break;
6540 default: abort();
6541 }
6542 break;
6543 case NEON_2RM_VQNEG:
6544 switch (size) {
6545 case 0:
6546 gen_helper_neon_qneg_s8(tmp, cpu_env, tmp);
6547 break;
6548 case 1:
6549 gen_helper_neon_qneg_s16(tmp, cpu_env, tmp);
6550 break;
6551 case 2:
6552 gen_helper_neon_qneg_s32(tmp, cpu_env, tmp);
6553 break;
6554 default: abort();
6555 }
6556 break;
6557 case NEON_2RM_VCGT0: case NEON_2RM_VCLE0:
6558 tmp2 = tcg_const_i32(0);
6559 switch(size) {
6560 case 0: gen_helper_neon_cgt_s8(tmp, tmp, tmp2); break;
6561 case 1: gen_helper_neon_cgt_s16(tmp, tmp, tmp2); break;
6562 case 2: gen_helper_neon_cgt_s32(tmp, tmp, tmp2); break;
6563 default: abort();
6564 }
6565 tcg_temp_free_i32(tmp2);
6566 if (op == NEON_2RM_VCLE0) {
6567 tcg_gen_not_i32(tmp, tmp);
6568 }
6569 break;
6570 case NEON_2RM_VCGE0: case NEON_2RM_VCLT0:
6571 tmp2 = tcg_const_i32(0);
6572 switch(size) {
6573 case 0: gen_helper_neon_cge_s8(tmp, tmp, tmp2); break;
6574 case 1: gen_helper_neon_cge_s16(tmp, tmp, tmp2); break;
6575 case 2: gen_helper_neon_cge_s32(tmp, tmp, tmp2); break;
6576 default: abort();
6577 }
6578 tcg_temp_free_i32(tmp2);
6579 if (op == NEON_2RM_VCLT0) {
6580 tcg_gen_not_i32(tmp, tmp);
6581 }
6582 break;
6583 case NEON_2RM_VCEQ0:
6584 tmp2 = tcg_const_i32(0);
6585 switch(size) {
6586 case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
6587 case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
6588 case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
6589 default: abort();
6590 }
6591 tcg_temp_free_i32(tmp2);
6592 break;
6593 case NEON_2RM_VCGT0_F:
6594 {
6595 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6596 tmp2 = tcg_const_i32(0);
6597 gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
6598 tcg_temp_free_i32(tmp2);
6599 tcg_temp_free_ptr(fpstatus);
6600 break;
6601 }
6602 case NEON_2RM_VCGE0_F:
6603 {
6604 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6605 tmp2 = tcg_const_i32(0);
6606 gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
6607 tcg_temp_free_i32(tmp2);
6608 tcg_temp_free_ptr(fpstatus);
6609 break;
6610 }
6611 case NEON_2RM_VCEQ0_F:
6612 {
6613 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6614 tmp2 = tcg_const_i32(0);
6615 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
6616 tcg_temp_free_i32(tmp2);
6617 tcg_temp_free_ptr(fpstatus);
6618 break;
6619 }
6620 case NEON_2RM_VCLE0_F:
6621 {
6622 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6623 tmp2 = tcg_const_i32(0);
6624 gen_helper_neon_cge_f32(tmp, tmp2, tmp, fpstatus);
6625 tcg_temp_free_i32(tmp2);
6626 tcg_temp_free_ptr(fpstatus);
6627 break;
6628 }
6629 case NEON_2RM_VCLT0_F:
6630 {
6631 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6632 tmp2 = tcg_const_i32(0);
6633 gen_helper_neon_cgt_f32(tmp, tmp2, tmp, fpstatus);
6634 tcg_temp_free_i32(tmp2);
6635 tcg_temp_free_ptr(fpstatus);
6636 break;
6637 }
6638 case NEON_2RM_VABS_F:
6639 gen_helper_vfp_abss(tmp, tmp);
6640 break;
6641 case NEON_2RM_VNEG_F:
6642 gen_helper_vfp_negs(tmp, tmp);
6643 break;
6644 case NEON_2RM_VSWP:
6645 tmp2 = neon_load_reg(rd, pass);
6646 neon_store_reg(rm, pass, tmp2);
6647 break;
6648 case NEON_2RM_VTRN:
6649 tmp2 = neon_load_reg(rd, pass);
6650 switch (size) {
6651 case 0: gen_neon_trn_u8(tmp, tmp2); break;
6652 case 1: gen_neon_trn_u16(tmp, tmp2); break;
6653 default: abort();
6654 }
6655 neon_store_reg(rm, pass, tmp2);
6656 break;
6657 case NEON_2RM_VRINTN:
6658 case NEON_2RM_VRINTA:
6659 case NEON_2RM_VRINTM:
6660 case NEON_2RM_VRINTP:
6661 case NEON_2RM_VRINTZ:
6662 {
6663 TCGv_i32 tcg_rmode;
6664 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6665 int rmode;
6666
6667 if (op == NEON_2RM_VRINTZ) {
6668 rmode = FPROUNDING_ZERO;
6669 } else {
6670 rmode = fp_decode_rm[((op & 0x6) >> 1) ^ 1];
6671 }
6672
6673 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
6674 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6675 cpu_env);
6676 gen_helper_rints(tmp, tmp, fpstatus);
6677 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6678 cpu_env);
6679 tcg_temp_free_ptr(fpstatus);
6680 tcg_temp_free_i32(tcg_rmode);
6681 break;
6682 }
6683 case NEON_2RM_VRINTX:
6684 {
6685 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6686 gen_helper_rints_exact(tmp, tmp, fpstatus);
6687 tcg_temp_free_ptr(fpstatus);
6688 break;
6689 }
6690 case NEON_2RM_VCVTAU:
6691 case NEON_2RM_VCVTAS:
6692 case NEON_2RM_VCVTNU:
6693 case NEON_2RM_VCVTNS:
6694 case NEON_2RM_VCVTPU:
6695 case NEON_2RM_VCVTPS:
6696 case NEON_2RM_VCVTMU:
6697 case NEON_2RM_VCVTMS:
6698 {
6699 bool is_signed = !extract32(insn, 7, 1);
6700 TCGv_ptr fpst = get_fpstatus_ptr(1);
6701 TCGv_i32 tcg_rmode, tcg_shift;
6702 int rmode = fp_decode_rm[extract32(insn, 8, 2)];
6703
6704 tcg_shift = tcg_const_i32(0);
6705 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
6706 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6707 cpu_env);
6708
6709 if (is_signed) {
6710 gen_helper_vfp_tosls(tmp, tmp,
6711 tcg_shift, fpst);
6712 } else {
6713 gen_helper_vfp_touls(tmp, tmp,
6714 tcg_shift, fpst);
6715 }
6716
6717 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6718 cpu_env);
6719 tcg_temp_free_i32(tcg_rmode);
6720 tcg_temp_free_i32(tcg_shift);
6721 tcg_temp_free_ptr(fpst);
6722 break;
6723 }
6724 case NEON_2RM_VRECPE:
6725 {
6726 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6727 gen_helper_recpe_u32(tmp, tmp, fpstatus);
6728 tcg_temp_free_ptr(fpstatus);
6729 break;
6730 }
6731 case NEON_2RM_VRSQRTE:
6732 {
6733 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6734 gen_helper_rsqrte_u32(tmp, tmp, fpstatus);
6735 tcg_temp_free_ptr(fpstatus);
6736 break;
6737 }
6738 case NEON_2RM_VRECPE_F:
6739 {
6740 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6741 gen_helper_recpe_f32(tmp, tmp, fpstatus);
6742 tcg_temp_free_ptr(fpstatus);
6743 break;
6744 }
6745 case NEON_2RM_VRSQRTE_F:
6746 {
6747 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6748 gen_helper_rsqrte_f32(tmp, tmp, fpstatus);
6749 tcg_temp_free_ptr(fpstatus);
6750 break;
6751 }
6752 case NEON_2RM_VCVT_FS: /* VCVT.F32.S32 */
6753 {
6754 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6755 gen_helper_vfp_sitos(tmp, tmp, fpstatus);
6756 tcg_temp_free_ptr(fpstatus);
6757 break;
6758 }
6759 case NEON_2RM_VCVT_FU: /* VCVT.F32.U32 */
6760 {
6761 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6762 gen_helper_vfp_uitos(tmp, tmp, fpstatus);
6763 tcg_temp_free_ptr(fpstatus);
6764 break;
6765 }
6766 case NEON_2RM_VCVT_SF: /* VCVT.S32.F32 */
6767 {
6768 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6769 gen_helper_vfp_tosizs(tmp, tmp, fpstatus);
6770 tcg_temp_free_ptr(fpstatus);
6771 break;
6772 }
6773 case NEON_2RM_VCVT_UF: /* VCVT.U32.F32 */
6774 {
6775 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6776 gen_helper_vfp_touizs(tmp, tmp, fpstatus);
6777 tcg_temp_free_ptr(fpstatus);
6778 break;
6779 }
6780 default:
6781 /* Reserved op values were caught by the
6782 * neon_2rm_sizes[] check earlier.
6783 */
6784 abort();
6785 }
6786 neon_store_reg(rd, pass, tmp);
6787 }
6788 break;
6789 }
6790 } else if ((insn & (1 << 10)) == 0) {
6791 /* VTBL, VTBX. */
6792 int n = ((insn >> 8) & 3) + 1;
6793 if ((rn + n) > 32) {
6794 /* This is UNPREDICTABLE; we choose to UNDEF to avoid the
6795 * helper function running off the end of the register file.
6796 */
6797 return 1;
6798 }
6799 n <<= 3;
6800 if (insn & (1 << 6)) {
6801 tmp = neon_load_reg(rd, 0);
6802 } else {
6803 tmp = tcg_temp_new_i32();
6804 tcg_gen_movi_i32(tmp, 0);
6805 }
6806 tmp2 = neon_load_reg(rm, 0);
6807 ptr1 = vfp_reg_ptr(true, rn);
6808 tmp5 = tcg_const_i32(n);
6809 gen_helper_neon_tbl(tmp2, tmp2, tmp, ptr1, tmp5);
6810 tcg_temp_free_i32(tmp);
6811 if (insn & (1 << 6)) {
6812 tmp = neon_load_reg(rd, 1);
6813 } else {
6814 tmp = tcg_temp_new_i32();
6815 tcg_gen_movi_i32(tmp, 0);
6816 }
6817 tmp3 = neon_load_reg(rm, 1);
6818 gen_helper_neon_tbl(tmp3, tmp3, tmp, ptr1, tmp5);
6819 tcg_temp_free_i32(tmp5);
6820 tcg_temp_free_ptr(ptr1);
6821 neon_store_reg(rd, 0, tmp2);
6822 neon_store_reg(rd, 1, tmp3);
6823 tcg_temp_free_i32(tmp);
6824 } else if ((insn & 0x380) == 0) {
6825 /* VDUP */
6826 int element;
6827 MemOp size;
6828
6829 if ((insn & (7 << 16)) == 0 || (q && (rd & 1))) {
6830 return 1;
6831 }
6832 if (insn & (1 << 16)) {
6833 size = MO_8;
6834 element = (insn >> 17) & 7;
6835 } else if (insn & (1 << 17)) {
6836 size = MO_16;
6837 element = (insn >> 18) & 3;
6838 } else {
6839 size = MO_32;
6840 element = (insn >> 19) & 1;
6841 }
6842 tcg_gen_gvec_dup_mem(size, neon_reg_offset(rd, 0),
6843 neon_element_offset(rm, element, size),
6844 q ? 16 : 8, q ? 16 : 8);
6845 } else {
6846 return 1;
6847 }
6848 }
6849 }
6850 return 0;
6851 }
6852
6853 /* Advanced SIMD three registers of the same length extension.
6854 * 31 25 23 22 20 16 12 11 10 9 8 3 0
6855 * +---------------+-----+---+-----+----+----+---+----+---+----+---------+----+
6856 * | 1 1 1 1 1 1 0 | op1 | D | op2 | Vn | Vd | 1 | o3 | 0 | o4 | N Q M U | Vm |
6857 * +---------------+-----+---+-----+----+----+---+----+---+----+---------+----+
6858 */
6859 static int disas_neon_insn_3same_ext(DisasContext *s, uint32_t insn)
6860 {
6861 gen_helper_gvec_3 *fn_gvec = NULL;
6862 gen_helper_gvec_3_ptr *fn_gvec_ptr = NULL;
6863 int rd, rn, rm, opr_sz;
6864 int data = 0;
6865 int off_rn, off_rm;
6866 bool is_long = false, q = extract32(insn, 6, 1);
6867 bool ptr_is_env = false;
6868
6869 if ((insn & 0xfe200f10) == 0xfc200800) {
6870 /* VCMLA -- 1111 110R R.1S .... .... 1000 ...0 .... */
6871 int size = extract32(insn, 20, 1);
6872 data = extract32(insn, 23, 2); /* rot */
6873 if (!dc_isar_feature(aa32_vcma, s)
6874 || (!size && !dc_isar_feature(aa32_fp16_arith, s))) {
6875 return 1;
6876 }
6877 fn_gvec_ptr = size ? gen_helper_gvec_fcmlas : gen_helper_gvec_fcmlah;
6878 } else if ((insn & 0xfea00f10) == 0xfc800800) {
6879 /* VCADD -- 1111 110R 1.0S .... .... 1000 ...0 .... */
6880 int size = extract32(insn, 20, 1);
6881 data = extract32(insn, 24, 1); /* rot */
6882 if (!dc_isar_feature(aa32_vcma, s)
6883 || (!size && !dc_isar_feature(aa32_fp16_arith, s))) {
6884 return 1;
6885 }
6886 fn_gvec_ptr = size ? gen_helper_gvec_fcadds : gen_helper_gvec_fcaddh;
6887 } else if ((insn & 0xfeb00f00) == 0xfc200d00) {
6888 /* V[US]DOT -- 1111 1100 0.10 .... .... 1101 .Q.U .... */
6889 bool u = extract32(insn, 4, 1);
6890 if (!dc_isar_feature(aa32_dp, s)) {
6891 return 1;
6892 }
6893 fn_gvec = u ? gen_helper_gvec_udot_b : gen_helper_gvec_sdot_b;
6894 } else if ((insn & 0xff300f10) == 0xfc200810) {
6895 /* VFM[AS]L -- 1111 1100 S.10 .... .... 1000 .Q.1 .... */
6896 int is_s = extract32(insn, 23, 1);
6897 if (!dc_isar_feature(aa32_fhm, s)) {
6898 return 1;
6899 }
6900 is_long = true;
6901 data = is_s; /* is_2 == 0 */
6902 fn_gvec_ptr = gen_helper_gvec_fmlal_a32;
6903 ptr_is_env = true;
6904 } else {
6905 return 1;
6906 }
6907
6908 VFP_DREG_D(rd, insn);
6909 if (rd & q) {
6910 return 1;
6911 }
6912 if (q || !is_long) {
6913 VFP_DREG_N(rn, insn);
6914 VFP_DREG_M(rm, insn);
6915 if ((rn | rm) & q & !is_long) {
6916 return 1;
6917 }
6918 off_rn = vfp_reg_offset(1, rn);
6919 off_rm = vfp_reg_offset(1, rm);
6920 } else {
6921 rn = VFP_SREG_N(insn);
6922 rm = VFP_SREG_M(insn);
6923 off_rn = vfp_reg_offset(0, rn);
6924 off_rm = vfp_reg_offset(0, rm);
6925 }
6926
6927 if (s->fp_excp_el) {
6928 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
6929 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
6930 return 0;
6931 }
6932 if (!s->vfp_enabled) {
6933 return 1;
6934 }
6935
6936 opr_sz = (1 + q) * 8;
6937 if (fn_gvec_ptr) {
6938 TCGv_ptr ptr;
6939 if (ptr_is_env) {
6940 ptr = cpu_env;
6941 } else {
6942 ptr = get_fpstatus_ptr(1);
6943 }
6944 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd), off_rn, off_rm, ptr,
6945 opr_sz, opr_sz, data, fn_gvec_ptr);
6946 if (!ptr_is_env) {
6947 tcg_temp_free_ptr(ptr);
6948 }
6949 } else {
6950 tcg_gen_gvec_3_ool(vfp_reg_offset(1, rd), off_rn, off_rm,
6951 opr_sz, opr_sz, data, fn_gvec);
6952 }
6953 return 0;
6954 }
6955
6956 /* Advanced SIMD two registers and a scalar extension.
6957 * 31 24 23 22 20 16 12 11 10 9 8 3 0
6958 * +-----------------+----+---+----+----+----+---+----+---+----+---------+----+
6959 * | 1 1 1 1 1 1 1 0 | o1 | D | o2 | Vn | Vd | 1 | o3 | 0 | o4 | N Q M U | Vm |
6960 * +-----------------+----+---+----+----+----+---+----+---+----+---------+----+
6961 *
6962 */
6963
6964 static int disas_neon_insn_2reg_scalar_ext(DisasContext *s, uint32_t insn)
6965 {
6966 gen_helper_gvec_3 *fn_gvec = NULL;
6967 gen_helper_gvec_3_ptr *fn_gvec_ptr = NULL;
6968 int rd, rn, rm, opr_sz, data;
6969 int off_rn, off_rm;
6970 bool is_long = false, q = extract32(insn, 6, 1);
6971 bool ptr_is_env = false;
6972
6973 if ((insn & 0xff000f10) == 0xfe000800) {
6974 /* VCMLA (indexed) -- 1111 1110 S.RR .... .... 1000 ...0 .... */
6975 int rot = extract32(insn, 20, 2);
6976 int size = extract32(insn, 23, 1);
6977 int index;
6978
6979 if (!dc_isar_feature(aa32_vcma, s)) {
6980 return 1;
6981 }
6982 if (size == 0) {
6983 if (!dc_isar_feature(aa32_fp16_arith, s)) {
6984 return 1;
6985 }
6986 /* For fp16, rm is just Vm, and index is M. */
6987 rm = extract32(insn, 0, 4);
6988 index = extract32(insn, 5, 1);
6989 } else {
6990 /* For fp32, rm is the usual M:Vm, and index is 0. */
6991 VFP_DREG_M(rm, insn);
6992 index = 0;
6993 }
6994 data = (index << 2) | rot;
6995 fn_gvec_ptr = (size ? gen_helper_gvec_fcmlas_idx
6996 : gen_helper_gvec_fcmlah_idx);
6997 } else if ((insn & 0xffb00f00) == 0xfe200d00) {
6998 /* V[US]DOT -- 1111 1110 0.10 .... .... 1101 .Q.U .... */
6999 int u = extract32(insn, 4, 1);
7000
7001 if (!dc_isar_feature(aa32_dp, s)) {
7002 return 1;
7003 }
7004 fn_gvec = u ? gen_helper_gvec_udot_idx_b : gen_helper_gvec_sdot_idx_b;
7005 /* rm is just Vm, and index is M. */
7006 data = extract32(insn, 5, 1); /* index */
7007 rm = extract32(insn, 0, 4);
7008 } else if ((insn & 0xffa00f10) == 0xfe000810) {
7009 /* VFM[AS]L -- 1111 1110 0.0S .... .... 1000 .Q.1 .... */
7010 int is_s = extract32(insn, 20, 1);
7011 int vm20 = extract32(insn, 0, 3);
7012 int vm3 = extract32(insn, 3, 1);
7013 int m = extract32(insn, 5, 1);
7014 int index;
7015
7016 if (!dc_isar_feature(aa32_fhm, s)) {
7017 return 1;
7018 }
7019 if (q) {
7020 rm = vm20;
7021 index = m * 2 + vm3;
7022 } else {
7023 rm = vm20 * 2 + m;
7024 index = vm3;
7025 }
7026 is_long = true;
7027 data = (index << 2) | is_s; /* is_2 == 0 */
7028 fn_gvec_ptr = gen_helper_gvec_fmlal_idx_a32;
7029 ptr_is_env = true;
7030 } else {
7031 return 1;
7032 }
7033
7034 VFP_DREG_D(rd, insn);
7035 if (rd & q) {
7036 return 1;
7037 }
7038 if (q || !is_long) {
7039 VFP_DREG_N(rn, insn);
7040 if (rn & q & !is_long) {
7041 return 1;
7042 }
7043 off_rn = vfp_reg_offset(1, rn);
7044 off_rm = vfp_reg_offset(1, rm);
7045 } else {
7046 rn = VFP_SREG_N(insn);
7047 off_rn = vfp_reg_offset(0, rn);
7048 off_rm = vfp_reg_offset(0, rm);
7049 }
7050 if (s->fp_excp_el) {
7051 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
7052 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
7053 return 0;
7054 }
7055 if (!s->vfp_enabled) {
7056 return 1;
7057 }
7058
7059 opr_sz = (1 + q) * 8;
7060 if (fn_gvec_ptr) {
7061 TCGv_ptr ptr;
7062 if (ptr_is_env) {
7063 ptr = cpu_env;
7064 } else {
7065 ptr = get_fpstatus_ptr(1);
7066 }
7067 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd), off_rn, off_rm, ptr,
7068 opr_sz, opr_sz, data, fn_gvec_ptr);
7069 if (!ptr_is_env) {
7070 tcg_temp_free_ptr(ptr);
7071 }
7072 } else {
7073 tcg_gen_gvec_3_ool(vfp_reg_offset(1, rd), off_rn, off_rm,
7074 opr_sz, opr_sz, data, fn_gvec);
7075 }
7076 return 0;
7077 }
7078
7079 static int disas_coproc_insn(DisasContext *s, uint32_t insn)
7080 {
7081 int cpnum, is64, crn, crm, opc1, opc2, isread, rt, rt2;
7082 const ARMCPRegInfo *ri;
7083
7084 cpnum = (insn >> 8) & 0xf;
7085
7086 /* First check for coprocessor space used for XScale/iwMMXt insns */
7087 if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cpnum < 2)) {
7088 if (extract32(s->c15_cpar, cpnum, 1) == 0) {
7089 return 1;
7090 }
7091 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
7092 return disas_iwmmxt_insn(s, insn);
7093 } else if (arm_dc_feature(s, ARM_FEATURE_XSCALE)) {
7094 return disas_dsp_insn(s, insn);
7095 }
7096 return 1;
7097 }
7098
7099 /* Otherwise treat as a generic register access */
7100 is64 = (insn & (1 << 25)) == 0;
7101 if (!is64 && ((insn & (1 << 4)) == 0)) {
7102 /* cdp */
7103 return 1;
7104 }
7105
7106 crm = insn & 0xf;
7107 if (is64) {
7108 crn = 0;
7109 opc1 = (insn >> 4) & 0xf;
7110 opc2 = 0;
7111 rt2 = (insn >> 16) & 0xf;
7112 } else {
7113 crn = (insn >> 16) & 0xf;
7114 opc1 = (insn >> 21) & 7;
7115 opc2 = (insn >> 5) & 7;
7116 rt2 = 0;
7117 }
7118 isread = (insn >> 20) & 1;
7119 rt = (insn >> 12) & 0xf;
7120
7121 ri = get_arm_cp_reginfo(s->cp_regs,
7122 ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));
7123 if (ri) {
7124 /* Check access permissions */
7125 if (!cp_access_ok(s->current_el, ri, isread)) {
7126 return 1;
7127 }
7128
7129 if (ri->accessfn ||
7130 (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
7131 /* Emit code to perform further access permissions checks at
7132 * runtime; this may result in an exception.
7133 * Note that on XScale all cp0..c13 registers do an access check
7134 * call in order to handle c15_cpar.
7135 */
7136 TCGv_ptr tmpptr;
7137 TCGv_i32 tcg_syn, tcg_isread;
7138 uint32_t syndrome;
7139
7140 /* Note that since we are an implementation which takes an
7141 * exception on a trapped conditional instruction only if the
7142 * instruction passes its condition code check, we can take
7143 * advantage of the clause in the ARM ARM that allows us to set
7144 * the COND field in the instruction to 0xE in all cases.
7145 * We could fish the actual condition out of the insn (ARM)
7146 * or the condexec bits (Thumb) but it isn't necessary.
7147 */
7148 switch (cpnum) {
7149 case 14:
7150 if (is64) {
7151 syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7152 isread, false);
7153 } else {
7154 syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7155 rt, isread, false);
7156 }
7157 break;
7158 case 15:
7159 if (is64) {
7160 syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7161 isread, false);
7162 } else {
7163 syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7164 rt, isread, false);
7165 }
7166 break;
7167 default:
7168 /* ARMv8 defines that only coprocessors 14 and 15 exist,
7169 * so this can only happen if this is an ARMv7 or earlier CPU,
7170 * in which case the syndrome information won't actually be
7171 * guest visible.
7172 */
7173 assert(!arm_dc_feature(s, ARM_FEATURE_V8));
7174 syndrome = syn_uncategorized();
7175 break;
7176 }
7177
7178 gen_set_condexec(s);
7179 gen_set_pc_im(s, s->pc_curr);
7180 tmpptr = tcg_const_ptr(ri);
7181 tcg_syn = tcg_const_i32(syndrome);
7182 tcg_isread = tcg_const_i32(isread);
7183 gen_helper_access_check_cp_reg(cpu_env, tmpptr, tcg_syn,
7184 tcg_isread);
7185 tcg_temp_free_ptr(tmpptr);
7186 tcg_temp_free_i32(tcg_syn);
7187 tcg_temp_free_i32(tcg_isread);
7188 } else if (ri->type & ARM_CP_RAISES_EXC) {
7189 /*
7190 * The readfn or writefn might raise an exception;
7191 * synchronize the CPU state in case it does.
7192 */
7193 gen_set_condexec(s);
7194 gen_set_pc_im(s, s->pc_curr);
7195 }
7196
7197 /* Handle special cases first */
7198 switch (ri->type & ~(ARM_CP_FLAG_MASK & ~ARM_CP_SPECIAL)) {
7199 case ARM_CP_NOP:
7200 return 0;
7201 case ARM_CP_WFI:
7202 if (isread) {
7203 return 1;
7204 }
7205 gen_set_pc_im(s, s->base.pc_next);
7206 s->base.is_jmp = DISAS_WFI;
7207 return 0;
7208 default:
7209 break;
7210 }
7211
7212 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7213 gen_io_start();
7214 }
7215
7216 if (isread) {
7217 /* Read */
7218 if (is64) {
7219 TCGv_i64 tmp64;
7220 TCGv_i32 tmp;
7221 if (ri->type & ARM_CP_CONST) {
7222 tmp64 = tcg_const_i64(ri->resetvalue);
7223 } else if (ri->readfn) {
7224 TCGv_ptr tmpptr;
7225 tmp64 = tcg_temp_new_i64();
7226 tmpptr = tcg_const_ptr(ri);
7227 gen_helper_get_cp_reg64(tmp64, cpu_env, tmpptr);
7228 tcg_temp_free_ptr(tmpptr);
7229 } else {
7230 tmp64 = tcg_temp_new_i64();
7231 tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
7232 }
7233 tmp = tcg_temp_new_i32();
7234 tcg_gen_extrl_i64_i32(tmp, tmp64);
7235 store_reg(s, rt, tmp);
7236 tmp = tcg_temp_new_i32();
7237 tcg_gen_extrh_i64_i32(tmp, tmp64);
7238 tcg_temp_free_i64(tmp64);
7239 store_reg(s, rt2, tmp);
7240 } else {
7241 TCGv_i32 tmp;
7242 if (ri->type & ARM_CP_CONST) {
7243 tmp = tcg_const_i32(ri->resetvalue);
7244 } else if (ri->readfn) {
7245 TCGv_ptr tmpptr;
7246 tmp = tcg_temp_new_i32();
7247 tmpptr = tcg_const_ptr(ri);
7248 gen_helper_get_cp_reg(tmp, cpu_env, tmpptr);
7249 tcg_temp_free_ptr(tmpptr);
7250 } else {
7251 tmp = load_cpu_offset(ri->fieldoffset);
7252 }
7253 if (rt == 15) {
7254 /* Destination register of r15 for 32 bit loads sets
7255 * the condition codes from the high 4 bits of the value
7256 */
7257 gen_set_nzcv(tmp);
7258 tcg_temp_free_i32(tmp);
7259 } else {
7260 store_reg(s, rt, tmp);
7261 }
7262 }
7263 } else {
7264 /* Write */
7265 if (ri->type & ARM_CP_CONST) {
7266 /* If not forbidden by access permissions, treat as WI */
7267 return 0;
7268 }
7269
7270 if (is64) {
7271 TCGv_i32 tmplo, tmphi;
7272 TCGv_i64 tmp64 = tcg_temp_new_i64();
7273 tmplo = load_reg(s, rt);
7274 tmphi = load_reg(s, rt2);
7275 tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);
7276 tcg_temp_free_i32(tmplo);
7277 tcg_temp_free_i32(tmphi);
7278 if (ri->writefn) {
7279 TCGv_ptr tmpptr = tcg_const_ptr(ri);
7280 gen_helper_set_cp_reg64(cpu_env, tmpptr, tmp64);
7281 tcg_temp_free_ptr(tmpptr);
7282 } else {
7283 tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
7284 }
7285 tcg_temp_free_i64(tmp64);
7286 } else {
7287 if (ri->writefn) {
7288 TCGv_i32 tmp;
7289 TCGv_ptr tmpptr;
7290 tmp = load_reg(s, rt);
7291 tmpptr = tcg_const_ptr(ri);
7292 gen_helper_set_cp_reg(cpu_env, tmpptr, tmp);
7293 tcg_temp_free_ptr(tmpptr);
7294 tcg_temp_free_i32(tmp);
7295 } else {
7296 TCGv_i32 tmp = load_reg(s, rt);
7297 store_cpu_offset(tmp, ri->fieldoffset);
7298 }
7299 }
7300 }
7301
7302 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7303 /* I/O operations must end the TB here (whether read or write) */
7304 gen_lookup_tb(s);
7305 } else if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
7306 /* We default to ending the TB on a coprocessor register write,
7307 * but allow this to be suppressed by the register definition
7308 * (usually only necessary to work around guest bugs).
7309 */
7310 gen_lookup_tb(s);
7311 }
7312
7313 return 0;
7314 }
7315
7316 /* Unknown register; this might be a guest error or a QEMU
7317 * unimplemented feature.
7318 */
7319 if (is64) {
7320 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7321 "64 bit system register cp:%d opc1: %d crm:%d "
7322 "(%s)\n",
7323 isread ? "read" : "write", cpnum, opc1, crm,
7324 s->ns ? "non-secure" : "secure");
7325 } else {
7326 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7327 "system register cp:%d opc1:%d crn:%d crm:%d opc2:%d "
7328 "(%s)\n",
7329 isread ? "read" : "write", cpnum, opc1, crn, crm, opc2,
7330 s->ns ? "non-secure" : "secure");
7331 }
7332
7333 return 1;
7334 }
7335
7336
7337 /* Store a 64-bit value to a register pair. Clobbers val. */
7338 static void gen_storeq_reg(DisasContext *s, int rlow, int rhigh, TCGv_i64 val)
7339 {
7340 TCGv_i32 tmp;
7341 tmp = tcg_temp_new_i32();
7342 tcg_gen_extrl_i64_i32(tmp, val);
7343 store_reg(s, rlow, tmp);
7344 tmp = tcg_temp_new_i32();
7345 tcg_gen_extrh_i64_i32(tmp, val);
7346 store_reg(s, rhigh, tmp);
7347 }
7348
7349 /* load and add a 64-bit value from a register pair. */
7350 static void gen_addq(DisasContext *s, TCGv_i64 val, int rlow, int rhigh)
7351 {
7352 TCGv_i64 tmp;
7353 TCGv_i32 tmpl;
7354 TCGv_i32 tmph;
7355
7356 /* Load 64-bit value rd:rn. */
7357 tmpl = load_reg(s, rlow);
7358 tmph = load_reg(s, rhigh);
7359 tmp = tcg_temp_new_i64();
7360 tcg_gen_concat_i32_i64(tmp, tmpl, tmph);
7361 tcg_temp_free_i32(tmpl);
7362 tcg_temp_free_i32(tmph);
7363 tcg_gen_add_i64(val, val, tmp);
7364 tcg_temp_free_i64(tmp);
7365 }
7366
7367 /* Set N and Z flags from hi|lo. */
7368 static void gen_logicq_cc(TCGv_i32 lo, TCGv_i32 hi)
7369 {
7370 tcg_gen_mov_i32(cpu_NF, hi);
7371 tcg_gen_or_i32(cpu_ZF, lo, hi);
7372 }
7373
7374 /* Load/Store exclusive instructions are implemented by remembering
7375 the value/address loaded, and seeing if these are the same
7376 when the store is performed. This should be sufficient to implement
7377 the architecturally mandated semantics, and avoids having to monitor
7378 regular stores. The compare vs the remembered value is done during
7379 the cmpxchg operation, but we must compare the addresses manually. */
7380 static void gen_load_exclusive(DisasContext *s, int rt, int rt2,
7381 TCGv_i32 addr, int size)
7382 {
7383 TCGv_i32 tmp = tcg_temp_new_i32();
7384 MemOp opc = size | MO_ALIGN | s->be_data;
7385
7386 s->is_ldex = true;
7387
7388 if (size == 3) {
7389 TCGv_i32 tmp2 = tcg_temp_new_i32();
7390 TCGv_i64 t64 = tcg_temp_new_i64();
7391
7392 /* For AArch32, architecturally the 32-bit word at the lowest
7393 * address is always Rt and the one at addr+4 is Rt2, even if
7394 * the CPU is big-endian. That means we don't want to do a
7395 * gen_aa32_ld_i64(), which invokes gen_aa32_frob64() as if
7396 * for an architecturally 64-bit access, but instead do a
7397 * 64-bit access using MO_BE if appropriate and then split
7398 * the two halves.
7399 * This only makes a difference for BE32 user-mode, where
7400 * frob64() must not flip the two halves of the 64-bit data
7401 * but this code must treat BE32 user-mode like BE32 system.
7402 */
7403 TCGv taddr = gen_aa32_addr(s, addr, opc);
7404
7405 tcg_gen_qemu_ld_i64(t64, taddr, get_mem_index(s), opc);
7406 tcg_temp_free(taddr);
7407 tcg_gen_mov_i64(cpu_exclusive_val, t64);
7408 if (s->be_data == MO_BE) {
7409 tcg_gen_extr_i64_i32(tmp2, tmp, t64);
7410 } else {
7411 tcg_gen_extr_i64_i32(tmp, tmp2, t64);
7412 }
7413 tcg_temp_free_i64(t64);
7414
7415 store_reg(s, rt2, tmp2);
7416 } else {
7417 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), opc);
7418 tcg_gen_extu_i32_i64(cpu_exclusive_val, tmp);
7419 }
7420
7421 store_reg(s, rt, tmp);
7422 tcg_gen_extu_i32_i64(cpu_exclusive_addr, addr);
7423 }
7424
7425 static void gen_clrex(DisasContext *s)
7426 {
7427 tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7428 }
7429
7430 static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
7431 TCGv_i32 addr, int size)
7432 {
7433 TCGv_i32 t0, t1, t2;
7434 TCGv_i64 extaddr;
7435 TCGv taddr;
7436 TCGLabel *done_label;
7437 TCGLabel *fail_label;
7438 MemOp opc = size | MO_ALIGN | s->be_data;
7439
7440 /* if (env->exclusive_addr == addr && env->exclusive_val == [addr]) {
7441 [addr] = {Rt};
7442 {Rd} = 0;
7443 } else {
7444 {Rd} = 1;
7445 } */
7446 fail_label = gen_new_label();
7447 done_label = gen_new_label();
7448 extaddr = tcg_temp_new_i64();
7449 tcg_gen_extu_i32_i64(extaddr, addr);
7450 tcg_gen_brcond_i64(TCG_COND_NE, extaddr, cpu_exclusive_addr, fail_label);
7451 tcg_temp_free_i64(extaddr);
7452
7453 taddr = gen_aa32_addr(s, addr, opc);
7454 t0 = tcg_temp_new_i32();
7455 t1 = load_reg(s, rt);
7456 if (size == 3) {
7457 TCGv_i64 o64 = tcg_temp_new_i64();
7458 TCGv_i64 n64 = tcg_temp_new_i64();
7459
7460 t2 = load_reg(s, rt2);
7461 /* For AArch32, architecturally the 32-bit word at the lowest
7462 * address is always Rt and the one at addr+4 is Rt2, even if
7463 * the CPU is big-endian. Since we're going to treat this as a
7464 * single 64-bit BE store, we need to put the two halves in the
7465 * opposite order for BE to LE, so that they end up in the right
7466 * places.
7467 * We don't want gen_aa32_frob64() because that does the wrong
7468 * thing for BE32 usermode.
7469 */
7470 if (s->be_data == MO_BE) {
7471 tcg_gen_concat_i32_i64(n64, t2, t1);
7472 } else {
7473 tcg_gen_concat_i32_i64(n64, t1, t2);
7474 }
7475 tcg_temp_free_i32(t2);
7476
7477 tcg_gen_atomic_cmpxchg_i64(o64, taddr, cpu_exclusive_val, n64,
7478 get_mem_index(s), opc);
7479 tcg_temp_free_i64(n64);
7480
7481 tcg_gen_setcond_i64(TCG_COND_NE, o64, o64, cpu_exclusive_val);
7482 tcg_gen_extrl_i64_i32(t0, o64);
7483
7484 tcg_temp_free_i64(o64);
7485 } else {
7486 t2 = tcg_temp_new_i32();
7487 tcg_gen_extrl_i64_i32(t2, cpu_exclusive_val);
7488 tcg_gen_atomic_cmpxchg_i32(t0, taddr, t2, t1, get_mem_index(s), opc);
7489 tcg_gen_setcond_i32(TCG_COND_NE, t0, t0, t2);
7490 tcg_temp_free_i32(t2);
7491 }
7492 tcg_temp_free_i32(t1);
7493 tcg_temp_free(taddr);
7494 tcg_gen_mov_i32(cpu_R[rd], t0);
7495 tcg_temp_free_i32(t0);
7496 tcg_gen_br(done_label);
7497
7498 gen_set_label(fail_label);
7499 tcg_gen_movi_i32(cpu_R[rd], 1);
7500 gen_set_label(done_label);
7501 tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7502 }
7503
7504 /* gen_srs:
7505 * @env: CPUARMState
7506 * @s: DisasContext
7507 * @mode: mode field from insn (which stack to store to)
7508 * @amode: addressing mode (DA/IA/DB/IB), encoded as per P,U bits in ARM insn
7509 * @writeback: true if writeback bit set
7510 *
7511 * Generate code for the SRS (Store Return State) insn.
7512 */
7513 static void gen_srs(DisasContext *s,
7514 uint32_t mode, uint32_t amode, bool writeback)
7515 {
7516 int32_t offset;
7517 TCGv_i32 addr, tmp;
7518 bool undef = false;
7519
7520 /* SRS is:
7521 * - trapped to EL3 if EL3 is AArch64 and we are at Secure EL1
7522 * and specified mode is monitor mode
7523 * - UNDEFINED in Hyp mode
7524 * - UNPREDICTABLE in User or System mode
7525 * - UNPREDICTABLE if the specified mode is:
7526 * -- not implemented
7527 * -- not a valid mode number
7528 * -- a mode that's at a higher exception level
7529 * -- Monitor, if we are Non-secure
7530 * For the UNPREDICTABLE cases we choose to UNDEF.
7531 */
7532 if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) {
7533 gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(), 3);
7534 return;
7535 }
7536
7537 if (s->current_el == 0 || s->current_el == 2) {
7538 undef = true;
7539 }
7540
7541 switch (mode) {
7542 case ARM_CPU_MODE_USR:
7543 case ARM_CPU_MODE_FIQ:
7544 case ARM_CPU_MODE_IRQ:
7545 case ARM_CPU_MODE_SVC:
7546 case ARM_CPU_MODE_ABT:
7547 case ARM_CPU_MODE_UND:
7548 case ARM_CPU_MODE_SYS:
7549 break;
7550 case ARM_CPU_MODE_HYP:
7551 if (s->current_el == 1 || !arm_dc_feature(s, ARM_FEATURE_EL2)) {
7552 undef = true;
7553 }
7554 break;
7555 case ARM_CPU_MODE_MON:
7556 /* No need to check specifically for "are we non-secure" because
7557 * we've already made EL0 UNDEF and handled the trap for S-EL1;
7558 * so if this isn't EL3 then we must be non-secure.
7559 */
7560 if (s->current_el != 3) {
7561 undef = true;
7562 }
7563 break;
7564 default:
7565 undef = true;
7566 }
7567
7568 if (undef) {
7569 unallocated_encoding(s);
7570 return;
7571 }
7572
7573 addr = tcg_temp_new_i32();
7574 tmp = tcg_const_i32(mode);
7575 /* get_r13_banked() will raise an exception if called from System mode */
7576 gen_set_condexec(s);
7577 gen_set_pc_im(s, s->pc_curr);
7578 gen_helper_get_r13_banked(addr, cpu_env, tmp);
7579 tcg_temp_free_i32(tmp);
7580 switch (amode) {
7581 case 0: /* DA */
7582 offset = -4;
7583 break;
7584 case 1: /* IA */
7585 offset = 0;
7586 break;
7587 case 2: /* DB */
7588 offset = -8;
7589 break;
7590 case 3: /* IB */
7591 offset = 4;
7592 break;
7593 default:
7594 abort();
7595 }
7596 tcg_gen_addi_i32(addr, addr, offset);
7597 tmp = load_reg(s, 14);
7598 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
7599 tcg_temp_free_i32(tmp);
7600 tmp = load_cpu_field(spsr);
7601 tcg_gen_addi_i32(addr, addr, 4);
7602 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
7603 tcg_temp_free_i32(tmp);
7604 if (writeback) {
7605 switch (amode) {
7606 case 0:
7607 offset = -8;
7608 break;
7609 case 1:
7610 offset = 4;
7611 break;
7612 case 2:
7613 offset = -4;
7614 break;
7615 case 3:
7616 offset = 0;
7617 break;
7618 default:
7619 abort();
7620 }
7621 tcg_gen_addi_i32(addr, addr, offset);
7622 tmp = tcg_const_i32(mode);
7623 gen_helper_set_r13_banked(cpu_env, tmp, addr);
7624 tcg_temp_free_i32(tmp);
7625 }
7626 tcg_temp_free_i32(addr);
7627 s->base.is_jmp = DISAS_UPDATE;
7628 }
7629
7630 /* Generate a label used for skipping this instruction */
7631 static void arm_gen_condlabel(DisasContext *s)
7632 {
7633 if (!s->condjmp) {
7634 s->condlabel = gen_new_label();
7635 s->condjmp = 1;
7636 }
7637 }
7638
7639 /* Skip this instruction if the ARM condition is false */
7640 static void arm_skip_unless(DisasContext *s, uint32_t cond)
7641 {
7642 arm_gen_condlabel(s);
7643 arm_gen_test_cc(cond ^ 1, s->condlabel);
7644 }
7645
7646
7647 /*
7648 * Constant expanders for the decoders.
7649 */
7650
7651 static int times_2(DisasContext *s, int x)
7652 {
7653 return x * 2;
7654 }
7655
7656 /* Return only the rotation part of T32ExpandImm. */
7657 static int t32_expandimm_rot(DisasContext *s, int x)
7658 {
7659 return x & 0xc00 ? extract32(x, 7, 5) : 0;
7660 }
7661
7662 /* Return the unrotated immediate from T32ExpandImm. */
7663 static int t32_expandimm_imm(DisasContext *s, int x)
7664 {
7665 int imm = extract32(x, 0, 8);
7666
7667 switch (extract32(x, 8, 4)) {
7668 case 0: /* XY */
7669 /* Nothing to do. */
7670 break;
7671 case 1: /* 00XY00XY */
7672 imm *= 0x00010001;
7673 break;
7674 case 2: /* XY00XY00 */
7675 imm *= 0x01000100;
7676 break;
7677 case 3: /* XYXYXYXY */
7678 imm *= 0x01010101;
7679 break;
7680 default:
7681 /* Rotated constant. */
7682 imm |= 0x80;
7683 break;
7684 }
7685 return imm;
7686 }
7687
7688 /*
7689 * Include the generated decoders.
7690 */
7691
7692 #include "decode-a32.inc.c"
7693 #include "decode-a32-uncond.inc.c"
7694 #include "decode-t32.inc.c"
7695
7696 /* Helpers to swap operands for reverse-subtract. */
7697 static void gen_rsb(TCGv_i32 dst, TCGv_i32 a, TCGv_i32 b)
7698 {
7699 tcg_gen_sub_i32(dst, b, a);
7700 }
7701
7702 static void gen_rsb_CC(TCGv_i32 dst, TCGv_i32 a, TCGv_i32 b)
7703 {
7704 gen_sub_CC(dst, b, a);
7705 }
7706
7707 static void gen_rsc(TCGv_i32 dest, TCGv_i32 a, TCGv_i32 b)
7708 {
7709 gen_sub_carry(dest, b, a);
7710 }
7711
7712 static void gen_rsc_CC(TCGv_i32 dest, TCGv_i32 a, TCGv_i32 b)
7713 {
7714 gen_sbc_CC(dest, b, a);
7715 }
7716
7717 /*
7718 * Helpers for the data processing routines.
7719 *
7720 * After the computation store the results back.
7721 * This may be suppressed altogether (STREG_NONE), require a runtime
7722 * check against the stack limits (STREG_SP_CHECK), or generate an
7723 * exception return. Oh, or store into a register.
7724 *
7725 * Always return true, indicating success for a trans_* function.
7726 */
7727 typedef enum {
7728 STREG_NONE,
7729 STREG_NORMAL,
7730 STREG_SP_CHECK,
7731 STREG_EXC_RET,
7732 } StoreRegKind;
7733
7734 static bool store_reg_kind(DisasContext *s, int rd,
7735 TCGv_i32 val, StoreRegKind kind)
7736 {
7737 switch (kind) {
7738 case STREG_NONE:
7739 tcg_temp_free_i32(val);
7740 return true;
7741 case STREG_NORMAL:
7742 /* See ALUWritePC: Interworking only from a32 mode. */
7743 if (s->thumb) {
7744 store_reg(s, rd, val);
7745 } else {
7746 store_reg_bx(s, rd, val);
7747 }
7748 return true;
7749 case STREG_SP_CHECK:
7750 store_sp_checked(s, val);
7751 return true;
7752 case STREG_EXC_RET:
7753 gen_exception_return(s, val);
7754 return true;
7755 }
7756 g_assert_not_reached();
7757 }
7758
7759 /*
7760 * Data Processing (register)
7761 *
7762 * Operate, with set flags, one register source,
7763 * one immediate shifted register source, and a destination.
7764 */
7765 static bool op_s_rrr_shi(DisasContext *s, arg_s_rrr_shi *a,
7766 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32),
7767 int logic_cc, StoreRegKind kind)
7768 {
7769 TCGv_i32 tmp1, tmp2;
7770
7771 tmp2 = load_reg(s, a->rm);
7772 gen_arm_shift_im(tmp2, a->shty, a->shim, logic_cc);
7773 tmp1 = load_reg(s, a->rn);
7774
7775 gen(tmp1, tmp1, tmp2);
7776 tcg_temp_free_i32(tmp2);
7777
7778 if (logic_cc) {
7779 gen_logic_CC(tmp1);
7780 }
7781 return store_reg_kind(s, a->rd, tmp1, kind);
7782 }
7783
7784 static bool op_s_rxr_shi(DisasContext *s, arg_s_rrr_shi *a,
7785 void (*gen)(TCGv_i32, TCGv_i32),
7786 int logic_cc, StoreRegKind kind)
7787 {
7788 TCGv_i32 tmp;
7789
7790 tmp = load_reg(s, a->rm);
7791 gen_arm_shift_im(tmp, a->shty, a->shim, logic_cc);
7792
7793 gen(tmp, tmp);
7794 if (logic_cc) {
7795 gen_logic_CC(tmp);
7796 }
7797 return store_reg_kind(s, a->rd, tmp, kind);
7798 }
7799
7800 /*
7801 * Data-processing (register-shifted register)
7802 *
7803 * Operate, with set flags, one register source,
7804 * one register shifted register source, and a destination.
7805 */
7806 static bool op_s_rrr_shr(DisasContext *s, arg_s_rrr_shr *a,
7807 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32),
7808 int logic_cc, StoreRegKind kind)
7809 {
7810 TCGv_i32 tmp1, tmp2;
7811
7812 tmp1 = load_reg(s, a->rs);
7813 tmp2 = load_reg(s, a->rm);
7814 gen_arm_shift_reg(tmp2, a->shty, tmp1, logic_cc);
7815 tmp1 = load_reg(s, a->rn);
7816
7817 gen(tmp1, tmp1, tmp2);
7818 tcg_temp_free_i32(tmp2);
7819
7820 if (logic_cc) {
7821 gen_logic_CC(tmp1);
7822 }
7823 return store_reg_kind(s, a->rd, tmp1, kind);
7824 }
7825
7826 static bool op_s_rxr_shr(DisasContext *s, arg_s_rrr_shr *a,
7827 void (*gen)(TCGv_i32, TCGv_i32),
7828 int logic_cc, StoreRegKind kind)
7829 {
7830 TCGv_i32 tmp1, tmp2;
7831
7832 tmp1 = load_reg(s, a->rs);
7833 tmp2 = load_reg(s, a->rm);
7834 gen_arm_shift_reg(tmp2, a->shty, tmp1, logic_cc);
7835
7836 gen(tmp2, tmp2);
7837 if (logic_cc) {
7838 gen_logic_CC(tmp2);
7839 }
7840 return store_reg_kind(s, a->rd, tmp2, kind);
7841 }
7842
7843 /*
7844 * Data-processing (immediate)
7845 *
7846 * Operate, with set flags, one register source,
7847 * one rotated immediate, and a destination.
7848 *
7849 * Note that logic_cc && a->rot setting CF based on the msb of the
7850 * immediate is the reason why we must pass in the unrotated form
7851 * of the immediate.
7852 */
7853 static bool op_s_rri_rot(DisasContext *s, arg_s_rri_rot *a,
7854 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32),
7855 int logic_cc, StoreRegKind kind)
7856 {
7857 TCGv_i32 tmp1, tmp2;
7858 uint32_t imm;
7859
7860 imm = ror32(a->imm, a->rot);
7861 if (logic_cc && a->rot) {
7862 tcg_gen_movi_i32(cpu_CF, imm >> 31);
7863 }
7864 tmp2 = tcg_const_i32(imm);
7865 tmp1 = load_reg(s, a->rn);
7866
7867 gen(tmp1, tmp1, tmp2);
7868 tcg_temp_free_i32(tmp2);
7869
7870 if (logic_cc) {
7871 gen_logic_CC(tmp1);
7872 }
7873 return store_reg_kind(s, a->rd, tmp1, kind);
7874 }
7875
7876 static bool op_s_rxi_rot(DisasContext *s, arg_s_rri_rot *a,
7877 void (*gen)(TCGv_i32, TCGv_i32),
7878 int logic_cc, StoreRegKind kind)
7879 {
7880 TCGv_i32 tmp;
7881 uint32_t imm;
7882
7883 imm = ror32(a->imm, a->rot);
7884 if (logic_cc && a->rot) {
7885 tcg_gen_movi_i32(cpu_CF, imm >> 31);
7886 }
7887 tmp = tcg_const_i32(imm);
7888
7889 gen(tmp, tmp);
7890 if (logic_cc) {
7891 gen_logic_CC(tmp);
7892 }
7893 return store_reg_kind(s, a->rd, tmp, kind);
7894 }
7895
7896 #define DO_ANY3(NAME, OP, L, K) \
7897 static bool trans_##NAME##_rrri(DisasContext *s, arg_s_rrr_shi *a) \
7898 { StoreRegKind k = (K); return op_s_rrr_shi(s, a, OP, L, k); } \
7899 static bool trans_##NAME##_rrrr(DisasContext *s, arg_s_rrr_shr *a) \
7900 { StoreRegKind k = (K); return op_s_rrr_shr(s, a, OP, L, k); } \
7901 static bool trans_##NAME##_rri(DisasContext *s, arg_s_rri_rot *a) \
7902 { StoreRegKind k = (K); return op_s_rri_rot(s, a, OP, L, k); }
7903
7904 #define DO_ANY2(NAME, OP, L, K) \
7905 static bool trans_##NAME##_rxri(DisasContext *s, arg_s_rrr_shi *a) \
7906 { StoreRegKind k = (K); return op_s_rxr_shi(s, a, OP, L, k); } \
7907 static bool trans_##NAME##_rxrr(DisasContext *s, arg_s_rrr_shr *a) \
7908 { StoreRegKind k = (K); return op_s_rxr_shr(s, a, OP, L, k); } \
7909 static bool trans_##NAME##_rxi(DisasContext *s, arg_s_rri_rot *a) \
7910 { StoreRegKind k = (K); return op_s_rxi_rot(s, a, OP, L, k); }
7911
7912 #define DO_CMP2(NAME, OP, L) \
7913 static bool trans_##NAME##_xrri(DisasContext *s, arg_s_rrr_shi *a) \
7914 { return op_s_rrr_shi(s, a, OP, L, STREG_NONE); } \
7915 static bool trans_##NAME##_xrrr(DisasContext *s, arg_s_rrr_shr *a) \
7916 { return op_s_rrr_shr(s, a, OP, L, STREG_NONE); } \
7917 static bool trans_##NAME##_xri(DisasContext *s, arg_s_rri_rot *a) \
7918 { return op_s_rri_rot(s, a, OP, L, STREG_NONE); }
7919
7920 DO_ANY3(AND, tcg_gen_and_i32, a->s, STREG_NORMAL)
7921 DO_ANY3(EOR, tcg_gen_xor_i32, a->s, STREG_NORMAL)
7922 DO_ANY3(ORR, tcg_gen_or_i32, a->s, STREG_NORMAL)
7923 DO_ANY3(BIC, tcg_gen_andc_i32, a->s, STREG_NORMAL)
7924
7925 DO_ANY3(RSB, a->s ? gen_rsb_CC : gen_rsb, false, STREG_NORMAL)
7926 DO_ANY3(ADC, a->s ? gen_adc_CC : gen_add_carry, false, STREG_NORMAL)
7927 DO_ANY3(SBC, a->s ? gen_sbc_CC : gen_sub_carry, false, STREG_NORMAL)
7928 DO_ANY3(RSC, a->s ? gen_rsc_CC : gen_rsc, false, STREG_NORMAL)
7929
7930 DO_CMP2(TST, tcg_gen_and_i32, true)
7931 DO_CMP2(TEQ, tcg_gen_xor_i32, true)
7932 DO_CMP2(CMN, gen_add_CC, false)
7933 DO_CMP2(CMP, gen_sub_CC, false)
7934
7935 DO_ANY3(ADD, a->s ? gen_add_CC : tcg_gen_add_i32, false,
7936 a->rd == 13 && a->rn == 13 ? STREG_SP_CHECK : STREG_NORMAL)
7937
7938 /*
7939 * Note for the computation of StoreRegKind we return out of the
7940 * middle of the functions that are expanded by DO_ANY3, and that
7941 * we modify a->s via that parameter before it is used by OP.
7942 */
7943 DO_ANY3(SUB, a->s ? gen_sub_CC : tcg_gen_sub_i32, false,
7944 ({
7945 StoreRegKind ret = STREG_NORMAL;
7946 if (a->rd == 15 && a->s) {
7947 /*
7948 * See ALUExceptionReturn:
7949 * In User mode, UNPREDICTABLE; we choose UNDEF.
7950 * In Hyp mode, UNDEFINED.
7951 */
7952 if (IS_USER(s) || s->current_el == 2) {
7953 unallocated_encoding(s);
7954 return true;
7955 }
7956 /* There is no writeback of nzcv to PSTATE. */
7957 a->s = 0;
7958 ret = STREG_EXC_RET;
7959 } else if (a->rd == 13 && a->rn == 13) {
7960 ret = STREG_SP_CHECK;
7961 }
7962 ret;
7963 }))
7964
7965 DO_ANY2(MOV, tcg_gen_mov_i32, a->s,
7966 ({
7967 StoreRegKind ret = STREG_NORMAL;
7968 if (a->rd == 15 && a->s) {
7969 /*
7970 * See ALUExceptionReturn:
7971 * In User mode, UNPREDICTABLE; we choose UNDEF.
7972 * In Hyp mode, UNDEFINED.
7973 */
7974 if (IS_USER(s) || s->current_el == 2) {
7975 unallocated_encoding(s);
7976 return true;
7977 }
7978 /* There is no writeback of nzcv to PSTATE. */
7979 a->s = 0;
7980 ret = STREG_EXC_RET;
7981 } else if (a->rd == 13) {
7982 ret = STREG_SP_CHECK;
7983 }
7984 ret;
7985 }))
7986
7987 DO_ANY2(MVN, tcg_gen_not_i32, a->s, STREG_NORMAL)
7988
7989 /*
7990 * ORN is only available with T32, so there is no register-shifted-register
7991 * form of the insn. Using the DO_ANY3 macro would create an unused function.
7992 */
7993 static bool trans_ORN_rrri(DisasContext *s, arg_s_rrr_shi *a)
7994 {
7995 return op_s_rrr_shi(s, a, tcg_gen_orc_i32, a->s, STREG_NORMAL);
7996 }
7997
7998 static bool trans_ORN_rri(DisasContext *s, arg_s_rri_rot *a)
7999 {
8000 return op_s_rri_rot(s, a, tcg_gen_orc_i32, a->s, STREG_NORMAL);
8001 }
8002
8003 #undef DO_ANY3
8004 #undef DO_ANY2
8005 #undef DO_CMP2
8006
8007 /*
8008 * Multiply and multiply accumulate
8009 */
8010
8011 static bool op_mla(DisasContext *s, arg_s_rrrr *a, bool add)
8012 {
8013 TCGv_i32 t1, t2;
8014
8015 t1 = load_reg(s, a->rn);
8016 t2 = load_reg(s, a->rm);
8017 tcg_gen_mul_i32(t1, t1, t2);
8018 tcg_temp_free_i32(t2);
8019 if (add) {
8020 t2 = load_reg(s, a->ra);
8021 tcg_gen_add_i32(t1, t1, t2);
8022 tcg_temp_free_i32(t2);
8023 }
8024 if (a->s) {
8025 gen_logic_CC(t1);
8026 }
8027 store_reg(s, a->rd, t1);
8028 return true;
8029 }
8030
8031 static bool trans_MUL(DisasContext *s, arg_MUL *a)
8032 {
8033 return op_mla(s, a, false);
8034 }
8035
8036 static bool trans_MLA(DisasContext *s, arg_MLA *a)
8037 {
8038 return op_mla(s, a, true);
8039 }
8040
8041 static bool trans_MLS(DisasContext *s, arg_MLS *a)
8042 {
8043 TCGv_i32 t1, t2;
8044
8045 if (!ENABLE_ARCH_6T2) {
8046 return false;
8047 }
8048 t1 = load_reg(s, a->rn);
8049 t2 = load_reg(s, a->rm);
8050 tcg_gen_mul_i32(t1, t1, t2);
8051 tcg_temp_free_i32(t2);
8052 t2 = load_reg(s, a->ra);
8053 tcg_gen_sub_i32(t1, t2, t1);
8054 tcg_temp_free_i32(t2);
8055 store_reg(s, a->rd, t1);
8056 return true;
8057 }
8058
8059 static bool op_mlal(DisasContext *s, arg_s_rrrr *a, bool uns, bool add)
8060 {
8061 TCGv_i32 t0, t1, t2, t3;
8062
8063 t0 = load_reg(s, a->rm);
8064 t1 = load_reg(s, a->rn);
8065 if (uns) {
8066 tcg_gen_mulu2_i32(t0, t1, t0, t1);
8067 } else {
8068 tcg_gen_muls2_i32(t0, t1, t0, t1);
8069 }
8070 if (add) {
8071 t2 = load_reg(s, a->ra);
8072 t3 = load_reg(s, a->rd);
8073 tcg_gen_add2_i32(t0, t1, t0, t1, t2, t3);
8074 tcg_temp_free_i32(t2);
8075 tcg_temp_free_i32(t3);
8076 }
8077 if (a->s) {
8078 gen_logicq_cc(t0, t1);
8079 }
8080 store_reg(s, a->ra, t0);
8081 store_reg(s, a->rd, t1);
8082 return true;
8083 }
8084
8085 static bool trans_UMULL(DisasContext *s, arg_UMULL *a)
8086 {
8087 return op_mlal(s, a, true, false);
8088 }
8089
8090 static bool trans_SMULL(DisasContext *s, arg_SMULL *a)
8091 {
8092 return op_mlal(s, a, false, false);
8093 }
8094
8095 static bool trans_UMLAL(DisasContext *s, arg_UMLAL *a)
8096 {
8097 return op_mlal(s, a, true, true);
8098 }
8099
8100 static bool trans_SMLAL(DisasContext *s, arg_SMLAL *a)
8101 {
8102 return op_mlal(s, a, false, true);
8103 }
8104
8105 static bool trans_UMAAL(DisasContext *s, arg_UMAAL *a)
8106 {
8107 TCGv_i32 t0, t1, t2, zero;
8108
8109 if (s->thumb
8110 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)
8111 : !ENABLE_ARCH_6) {
8112 return false;
8113 }
8114
8115 t0 = load_reg(s, a->rm);
8116 t1 = load_reg(s, a->rn);
8117 tcg_gen_mulu2_i32(t0, t1, t0, t1);
8118 zero = tcg_const_i32(0);
8119 t2 = load_reg(s, a->ra);
8120 tcg_gen_add2_i32(t0, t1, t0, t1, t2, zero);
8121 tcg_temp_free_i32(t2);
8122 t2 = load_reg(s, a->rd);
8123 tcg_gen_add2_i32(t0, t1, t0, t1, t2, zero);
8124 tcg_temp_free_i32(t2);
8125 tcg_temp_free_i32(zero);
8126 store_reg(s, a->ra, t0);
8127 store_reg(s, a->rd, t1);
8128 return true;
8129 }
8130
8131 /*
8132 * Legacy decoder.
8133 */
8134
8135 static void disas_arm_insn(DisasContext *s, unsigned int insn)
8136 {
8137 unsigned int cond, val, op1, i, shift, rm, rs, rn, rd, sh;
8138 TCGv_i32 tmp;
8139 TCGv_i32 tmp2;
8140 TCGv_i32 tmp3;
8141 TCGv_i32 addr;
8142 TCGv_i64 tmp64;
8143
8144 /* M variants do not implement ARM mode; this must raise the INVSTATE
8145 * UsageFault exception.
8146 */
8147 if (arm_dc_feature(s, ARM_FEATURE_M)) {
8148 gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
8149 default_exception_el(s));
8150 return;
8151 }
8152 cond = insn >> 28;
8153
8154 if (cond == 0xf) {
8155 /* In ARMv3 and v4 the NV condition is UNPREDICTABLE; we
8156 * choose to UNDEF. In ARMv5 and above the space is used
8157 * for miscellaneous unconditional instructions.
8158 */
8159 ARCH(5);
8160
8161 /* Unconditional instructions. */
8162 if (disas_a32_uncond(s, insn)) {
8163 return;
8164 }
8165 /* fall back to legacy decoder */
8166
8167 if (((insn >> 25) & 7) == 1) {
8168 /* NEON Data processing. */
8169 if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
8170 goto illegal_op;
8171 }
8172
8173 if (disas_neon_data_insn(s, insn)) {
8174 goto illegal_op;
8175 }
8176 return;
8177 }
8178 if ((insn & 0x0f100000) == 0x04000000) {
8179 /* NEON load/store. */
8180 if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
8181 goto illegal_op;
8182 }
8183
8184 if (disas_neon_ls_insn(s, insn)) {
8185 goto illegal_op;
8186 }
8187 return;
8188 }
8189 if ((insn & 0x0f000e10) == 0x0e000a00) {
8190 /* VFP. */
8191 if (disas_vfp_insn(s, insn)) {
8192 goto illegal_op;
8193 }
8194 return;
8195 }
8196 if (((insn & 0x0f30f000) == 0x0510f000) ||
8197 ((insn & 0x0f30f010) == 0x0710f000)) {
8198 if ((insn & (1 << 22)) == 0) {
8199 /* PLDW; v7MP */
8200 if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
8201 goto illegal_op;
8202 }
8203 }
8204 /* Otherwise PLD; v5TE+ */
8205 ARCH(5TE);
8206 return;
8207 }
8208 if (((insn & 0x0f70f000) == 0x0450f000) ||
8209 ((insn & 0x0f70f010) == 0x0650f000)) {
8210 ARCH(7);
8211 return; /* PLI; V7 */
8212 }
8213 if (((insn & 0x0f700000) == 0x04100000) ||
8214 ((insn & 0x0f700010) == 0x06100000)) {
8215 if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
8216 goto illegal_op;
8217 }
8218 return; /* v7MP: Unallocated memory hint: must NOP */
8219 }
8220
8221 if ((insn & 0x0ffffdff) == 0x01010000) {
8222 ARCH(6);
8223 /* setend */
8224 if (((insn >> 9) & 1) != !!(s->be_data == MO_BE)) {
8225 gen_helper_setend(cpu_env);
8226 s->base.is_jmp = DISAS_UPDATE;
8227 }
8228 return;
8229 } else if ((insn & 0x0fffff00) == 0x057ff000) {
8230 switch ((insn >> 4) & 0xf) {
8231 case 1: /* clrex */
8232 ARCH(6K);
8233 gen_clrex(s);
8234 return;
8235 case 4: /* dsb */
8236 case 5: /* dmb */
8237 ARCH(7);
8238 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
8239 return;
8240 case 6: /* isb */
8241 /* We need to break the TB after this insn to execute
8242 * self-modifying code correctly and also to take
8243 * any pending interrupts immediately.
8244 */
8245 gen_goto_tb(s, 0, s->base.pc_next);
8246 return;
8247 case 7: /* sb */
8248 if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
8249 goto illegal_op;
8250 }
8251 /*
8252 * TODO: There is no speculation barrier opcode
8253 * for TCG; MB and end the TB instead.
8254 */
8255 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
8256 gen_goto_tb(s, 0, s->base.pc_next);
8257 return;
8258 default:
8259 goto illegal_op;
8260 }
8261 } else if ((insn & 0x0e5fffe0) == 0x084d0500) {
8262 /* srs */
8263 ARCH(6);
8264 gen_srs(s, (insn & 0x1f), (insn >> 23) & 3, insn & (1 << 21));
8265 return;
8266 } else if ((insn & 0x0e50ffe0) == 0x08100a00) {
8267 /* rfe */
8268 int32_t offset;
8269 if (IS_USER(s))
8270 goto illegal_op;
8271 ARCH(6);
8272 rn = (insn >> 16) & 0xf;
8273 addr = load_reg(s, rn);
8274 i = (insn >> 23) & 3;
8275 switch (i) {
8276 case 0: offset = -4; break; /* DA */
8277 case 1: offset = 0; break; /* IA */
8278 case 2: offset = -8; break; /* DB */
8279 case 3: offset = 4; break; /* IB */
8280 default: abort();
8281 }
8282 if (offset)
8283 tcg_gen_addi_i32(addr, addr, offset);
8284 /* Load PC into tmp and CPSR into tmp2. */
8285 tmp = tcg_temp_new_i32();
8286 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8287 tcg_gen_addi_i32(addr, addr, 4);
8288 tmp2 = tcg_temp_new_i32();
8289 gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
8290 if (insn & (1 << 21)) {
8291 /* Base writeback. */
8292 switch (i) {
8293 case 0: offset = -8; break;
8294 case 1: offset = 4; break;
8295 case 2: offset = -4; break;
8296 case 3: offset = 0; break;
8297 default: abort();
8298 }
8299 if (offset)
8300 tcg_gen_addi_i32(addr, addr, offset);
8301 store_reg(s, rn, addr);
8302 } else {
8303 tcg_temp_free_i32(addr);
8304 }
8305 gen_rfe(s, tmp, tmp2);
8306 return;
8307 } else if ((insn & 0x0e000000) == 0x0a000000) {
8308 /* branch link and change to thumb (blx <offset>) */
8309 int32_t offset;
8310
8311 tmp = tcg_temp_new_i32();
8312 tcg_gen_movi_i32(tmp, s->base.pc_next);
8313 store_reg(s, 14, tmp);
8314 /* Sign-extend the 24-bit offset */
8315 offset = (((int32_t)insn) << 8) >> 8;
8316 val = read_pc(s);
8317 /* offset * 4 + bit24 * 2 + (thumb bit) */
8318 val += (offset << 2) | ((insn >> 23) & 2) | 1;
8319 /* protected by ARCH(5); above, near the start of uncond block */
8320 gen_bx_im(s, val);
8321 return;
8322 } else if ((insn & 0x0e000f00) == 0x0c000100) {
8323 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
8324 /* iWMMXt register transfer. */
8325 if (extract32(s->c15_cpar, 1, 1)) {
8326 if (!disas_iwmmxt_insn(s, insn)) {
8327 return;
8328 }
8329 }
8330 }
8331 } else if ((insn & 0x0e000a00) == 0x0c000800
8332 && arm_dc_feature(s, ARM_FEATURE_V8)) {
8333 if (disas_neon_insn_3same_ext(s, insn)) {
8334 goto illegal_op;
8335 }
8336 return;
8337 } else if ((insn & 0x0f000a00) == 0x0e000800
8338 && arm_dc_feature(s, ARM_FEATURE_V8)) {
8339 if (disas_neon_insn_2reg_scalar_ext(s, insn)) {
8340 goto illegal_op;
8341 }
8342 return;
8343 } else if ((insn & 0x0fe00000) == 0x0c400000) {
8344 /* Coprocessor double register transfer. */
8345 ARCH(5TE);
8346 } else if ((insn & 0x0f000010) == 0x0e000010) {
8347 /* Additional coprocessor register transfer. */
8348 } else if ((insn & 0x0ff10020) == 0x01000000) {
8349 uint32_t mask;
8350 uint32_t val;
8351 /* cps (privileged) */
8352 if (IS_USER(s))
8353 return;
8354 mask = val = 0;
8355 if (insn & (1 << 19)) {
8356 if (insn & (1 << 8))
8357 mask |= CPSR_A;
8358 if (insn & (1 << 7))
8359 mask |= CPSR_I;
8360 if (insn & (1 << 6))
8361 mask |= CPSR_F;
8362 if (insn & (1 << 18))
8363 val |= mask;
8364 }
8365 if (insn & (1 << 17)) {
8366 mask |= CPSR_M;
8367 val |= (insn & 0x1f);
8368 }
8369 if (mask) {
8370 gen_set_psr_im(s, mask, 0, val);
8371 }
8372 return;
8373 }
8374 goto illegal_op;
8375 }
8376 if (cond != 0xe) {
8377 /* if not always execute, we generate a conditional jump to
8378 next instruction */
8379 arm_skip_unless(s, cond);
8380 }
8381
8382 if (disas_a32(s, insn)) {
8383 return;
8384 }
8385 /* fall back to legacy decoder */
8386
8387 if ((insn & 0x0f900000) == 0x03000000) {
8388 if ((insn & (1 << 21)) == 0) {
8389 ARCH(6T2);
8390 rd = (insn >> 12) & 0xf;
8391 val = ((insn >> 4) & 0xf000) | (insn & 0xfff);
8392 if ((insn & (1 << 22)) == 0) {
8393 /* MOVW */
8394 tmp = tcg_temp_new_i32();
8395 tcg_gen_movi_i32(tmp, val);
8396 } else {
8397 /* MOVT */
8398 tmp = load_reg(s, rd);
8399 tcg_gen_ext16u_i32(tmp, tmp);
8400 tcg_gen_ori_i32(tmp, tmp, val << 16);
8401 }
8402 store_reg(s, rd, tmp);
8403 } else {
8404 if (((insn >> 12) & 0xf) != 0xf)
8405 goto illegal_op;
8406 if (((insn >> 16) & 0xf) == 0) {
8407 gen_nop_hint(s, insn & 0xff);
8408 } else {
8409 /* CPSR = immediate */
8410 val = insn & 0xff;
8411 shift = ((insn >> 8) & 0xf) * 2;
8412 val = ror32(val, shift);
8413 i = ((insn & (1 << 22)) != 0);
8414 if (gen_set_psr_im(s, msr_mask(s, (insn >> 16) & 0xf, i),
8415 i, val)) {
8416 goto illegal_op;
8417 }
8418 }
8419 }
8420 } else if ((insn & 0x0f900000) == 0x01000000
8421 && (insn & 0x00000090) != 0x00000090) {
8422 /* miscellaneous instructions */
8423 op1 = (insn >> 21) & 3;
8424 sh = (insn >> 4) & 0xf;
8425 rm = insn & 0xf;
8426 switch (sh) {
8427 case 0x0: /* MSR, MRS */
8428 if (insn & (1 << 9)) {
8429 /* MSR (banked) and MRS (banked) */
8430 int sysm = extract32(insn, 16, 4) |
8431 (extract32(insn, 8, 1) << 4);
8432 int r = extract32(insn, 22, 1);
8433
8434 if (op1 & 1) {
8435 /* MSR (banked) */
8436 gen_msr_banked(s, r, sysm, rm);
8437 } else {
8438 /* MRS (banked) */
8439 int rd = extract32(insn, 12, 4);
8440
8441 gen_mrs_banked(s, r, sysm, rd);
8442 }
8443 break;
8444 }
8445
8446 /* MSR, MRS (for PSRs) */
8447 if (op1 & 1) {
8448 /* PSR = reg */
8449 tmp = load_reg(s, rm);
8450 i = ((op1 & 2) != 0);
8451 if (gen_set_psr(s, msr_mask(s, (insn >> 16) & 0xf, i), i, tmp))
8452 goto illegal_op;
8453 } else {
8454 /* reg = PSR */
8455 rd = (insn >> 12) & 0xf;
8456 if (op1 & 2) {
8457 if (IS_USER(s))
8458 goto illegal_op;
8459 tmp = load_cpu_field(spsr);
8460 } else {
8461 tmp = tcg_temp_new_i32();
8462 gen_helper_cpsr_read(tmp, cpu_env);
8463 }
8464 store_reg(s, rd, tmp);
8465 }
8466 break;
8467 case 0x1:
8468 if (op1 == 1) {
8469 /* branch/exchange thumb (bx). */
8470 ARCH(4T);
8471 tmp = load_reg(s, rm);
8472 gen_bx(s, tmp);
8473 } else if (op1 == 3) {
8474 /* clz */
8475 ARCH(5);
8476 rd = (insn >> 12) & 0xf;
8477 tmp = load_reg(s, rm);
8478 tcg_gen_clzi_i32(tmp, tmp, 32);
8479 store_reg(s, rd, tmp);
8480 } else {
8481 goto illegal_op;
8482 }
8483 break;
8484 case 0x2:
8485 if (op1 == 1) {
8486 ARCH(5J); /* bxj */
8487 /* Trivial implementation equivalent to bx. */
8488 tmp = load_reg(s, rm);
8489 gen_bx(s, tmp);
8490 } else {
8491 goto illegal_op;
8492 }
8493 break;
8494 case 0x3:
8495 if (op1 != 1)
8496 goto illegal_op;
8497
8498 ARCH(5);
8499 /* branch link/exchange thumb (blx) */
8500 tmp = load_reg(s, rm);
8501 tmp2 = tcg_temp_new_i32();
8502 tcg_gen_movi_i32(tmp2, s->base.pc_next);
8503 store_reg(s, 14, tmp2);
8504 gen_bx(s, tmp);
8505 break;
8506 case 0x4:
8507 {
8508 /* crc32/crc32c */
8509 uint32_t c = extract32(insn, 8, 4);
8510
8511 /* Check this CPU supports ARMv8 CRC instructions.
8512 * op1 == 3 is UNPREDICTABLE but handle as UNDEFINED.
8513 * Bits 8, 10 and 11 should be zero.
8514 */
8515 if (!dc_isar_feature(aa32_crc32, s) || op1 == 0x3 || (c & 0xd) != 0) {
8516 goto illegal_op;
8517 }
8518
8519 rn = extract32(insn, 16, 4);
8520 rd = extract32(insn, 12, 4);
8521
8522 tmp = load_reg(s, rn);
8523 tmp2 = load_reg(s, rm);
8524 if (op1 == 0) {
8525 tcg_gen_andi_i32(tmp2, tmp2, 0xff);
8526 } else if (op1 == 1) {
8527 tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
8528 }
8529 tmp3 = tcg_const_i32(1 << op1);
8530 if (c & 0x2) {
8531 gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
8532 } else {
8533 gen_helper_crc32(tmp, tmp, tmp2, tmp3);
8534 }
8535 tcg_temp_free_i32(tmp2);
8536 tcg_temp_free_i32(tmp3);
8537 store_reg(s, rd, tmp);
8538 break;
8539 }
8540 case 0x5: /* saturating add/subtract */
8541 ARCH(5TE);
8542 rd = (insn >> 12) & 0xf;
8543 rn = (insn >> 16) & 0xf;
8544 tmp = load_reg(s, rm);
8545 tmp2 = load_reg(s, rn);
8546 if (op1 & 2)
8547 gen_helper_add_saturate(tmp2, cpu_env, tmp2, tmp2);
8548 if (op1 & 1)
8549 gen_helper_sub_saturate(tmp, cpu_env, tmp, tmp2);
8550 else
8551 gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
8552 tcg_temp_free_i32(tmp2);
8553 store_reg(s, rd, tmp);
8554 break;
8555 case 0x6: /* ERET */
8556 if (op1 != 3) {
8557 goto illegal_op;
8558 }
8559 if (!arm_dc_feature(s, ARM_FEATURE_V7VE)) {
8560 goto illegal_op;
8561 }
8562 if ((insn & 0x000fff0f) != 0x0000000e) {
8563 /* UNPREDICTABLE; we choose to UNDEF */
8564 goto illegal_op;
8565 }
8566
8567 if (s->current_el == 2) {
8568 tmp = load_cpu_field(elr_el[2]);
8569 } else {
8570 tmp = load_reg(s, 14);
8571 }
8572 gen_exception_return(s, tmp);
8573 break;
8574 case 7:
8575 {
8576 int imm16 = extract32(insn, 0, 4) | (extract32(insn, 8, 12) << 4);
8577 switch (op1) {
8578 case 0:
8579 /* HLT */
8580 gen_hlt(s, imm16);
8581 break;
8582 case 1:
8583 /* bkpt */
8584 ARCH(5);
8585 gen_exception_bkpt_insn(s, syn_aa32_bkpt(imm16, false));
8586 break;
8587 case 2:
8588 /* Hypervisor call (v7) */
8589 ARCH(7);
8590 if (IS_USER(s)) {
8591 goto illegal_op;
8592 }
8593 gen_hvc(s, imm16);
8594 break;
8595 case 3:
8596 /* Secure monitor call (v6+) */
8597 ARCH(6K);
8598 if (IS_USER(s)) {
8599 goto illegal_op;
8600 }
8601 gen_smc(s);
8602 break;
8603 default:
8604 g_assert_not_reached();
8605 }
8606 break;
8607 }
8608 case 0x8: /* signed multiply */
8609 case 0xa:
8610 case 0xc:
8611 case 0xe:
8612 ARCH(5TE);
8613 rs = (insn >> 8) & 0xf;
8614 rn = (insn >> 12) & 0xf;
8615 rd = (insn >> 16) & 0xf;
8616 if (op1 == 1) {
8617 /* (32 * 16) >> 16 */
8618 tmp = load_reg(s, rm);
8619 tmp2 = load_reg(s, rs);
8620 if (sh & 4)
8621 tcg_gen_sari_i32(tmp2, tmp2, 16);
8622 else
8623 gen_sxth(tmp2);
8624 tmp64 = gen_muls_i64_i32(tmp, tmp2);
8625 tcg_gen_shri_i64(tmp64, tmp64, 16);
8626 tmp = tcg_temp_new_i32();
8627 tcg_gen_extrl_i64_i32(tmp, tmp64);
8628 tcg_temp_free_i64(tmp64);
8629 if ((sh & 2) == 0) {
8630 tmp2 = load_reg(s, rn);
8631 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8632 tcg_temp_free_i32(tmp2);
8633 }
8634 store_reg(s, rd, tmp);
8635 } else {
8636 /* 16 * 16 */
8637 tmp = load_reg(s, rm);
8638 tmp2 = load_reg(s, rs);
8639 gen_mulxy(tmp, tmp2, sh & 2, sh & 4);
8640 tcg_temp_free_i32(tmp2);
8641 if (op1 == 2) {
8642 tmp64 = tcg_temp_new_i64();
8643 tcg_gen_ext_i32_i64(tmp64, tmp);
8644 tcg_temp_free_i32(tmp);
8645 gen_addq(s, tmp64, rn, rd);
8646 gen_storeq_reg(s, rn, rd, tmp64);
8647 tcg_temp_free_i64(tmp64);
8648 } else {
8649 if (op1 == 0) {
8650 tmp2 = load_reg(s, rn);
8651 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8652 tcg_temp_free_i32(tmp2);
8653 }
8654 store_reg(s, rd, tmp);
8655 }
8656 }
8657 break;
8658 default:
8659 goto illegal_op;
8660 }
8661 } else if (((insn & 0x0e000000) == 0 &&
8662 (insn & 0x00000090) != 0x90) ||
8663 ((insn & 0x0e000000) == (1 << 25))) {
8664 /* Data-processing (reg, reg-shift-reg, imm). */
8665 /* All done in decodetree. Reach here for illegal ops. */
8666 goto illegal_op;
8667 } else {
8668 /* other instructions */
8669 op1 = (insn >> 24) & 0xf;
8670 switch(op1) {
8671 case 0x0:
8672 case 0x1:
8673 /* multiplies, extra load/stores */
8674 sh = (insn >> 5) & 3;
8675 if (sh == 0) {
8676 if (op1 == 0x0) {
8677 /* Multiply and multiply accumulate. */
8678 /* All done in decodetree. Reach here for illegal ops. */
8679 goto illegal_op;
8680 } else {
8681 rn = (insn >> 16) & 0xf;
8682 rd = (insn >> 12) & 0xf;
8683 if (insn & (1 << 23)) {
8684 /* load/store exclusive */
8685 bool is_ld = extract32(insn, 20, 1);
8686 bool is_lasr = !extract32(insn, 8, 1);
8687 int op2 = (insn >> 8) & 3;
8688 op1 = (insn >> 21) & 0x3;
8689
8690 switch (op2) {
8691 case 0: /* lda/stl */
8692 if (op1 == 1) {
8693 goto illegal_op;
8694 }
8695 ARCH(8);
8696 break;
8697 case 1: /* reserved */
8698 goto illegal_op;
8699 case 2: /* ldaex/stlex */
8700 ARCH(8);
8701 break;
8702 case 3: /* ldrex/strex */
8703 if (op1) {
8704 ARCH(6K);
8705 } else {
8706 ARCH(6);
8707 }
8708 break;
8709 }
8710
8711 addr = tcg_temp_local_new_i32();
8712 load_reg_var(s, addr, rn);
8713
8714 if (is_lasr && !is_ld) {
8715 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
8716 }
8717
8718 if (op2 == 0) {
8719 if (is_ld) {
8720 tmp = tcg_temp_new_i32();
8721 switch (op1) {
8722 case 0: /* lda */
8723 gen_aa32_ld32u_iss(s, tmp, addr,
8724 get_mem_index(s),
8725 rd | ISSIsAcqRel);
8726 break;
8727 case 2: /* ldab */
8728 gen_aa32_ld8u_iss(s, tmp, addr,
8729 get_mem_index(s),
8730 rd | ISSIsAcqRel);
8731 break;
8732 case 3: /* ldah */
8733 gen_aa32_ld16u_iss(s, tmp, addr,
8734 get_mem_index(s),
8735 rd | ISSIsAcqRel);
8736 break;
8737 default:
8738 abort();
8739 }
8740 store_reg(s, rd, tmp);
8741 } else {
8742 rm = insn & 0xf;
8743 tmp = load_reg(s, rm);
8744 switch (op1) {
8745 case 0: /* stl */
8746 gen_aa32_st32_iss(s, tmp, addr,
8747 get_mem_index(s),
8748 rm | ISSIsAcqRel);
8749 break;
8750 case 2: /* stlb */
8751 gen_aa32_st8_iss(s, tmp, addr,
8752 get_mem_index(s),
8753 rm | ISSIsAcqRel);
8754 break;
8755 case 3: /* stlh */
8756 gen_aa32_st16_iss(s, tmp, addr,
8757 get_mem_index(s),
8758 rm | ISSIsAcqRel);
8759 break;
8760 default:
8761 abort();
8762 }
8763 tcg_temp_free_i32(tmp);
8764 }
8765 } else if (is_ld) {
8766 switch (op1) {
8767 case 0: /* ldrex */
8768 gen_load_exclusive(s, rd, 15, addr, 2);
8769 break;
8770 case 1: /* ldrexd */
8771 gen_load_exclusive(s, rd, rd + 1, addr, 3);
8772 break;
8773 case 2: /* ldrexb */
8774 gen_load_exclusive(s, rd, 15, addr, 0);
8775 break;
8776 case 3: /* ldrexh */
8777 gen_load_exclusive(s, rd, 15, addr, 1);
8778 break;
8779 default:
8780 abort();
8781 }
8782 } else {
8783 rm = insn & 0xf;
8784 switch (op1) {
8785 case 0: /* strex */
8786 gen_store_exclusive(s, rd, rm, 15, addr, 2);
8787 break;
8788 case 1: /* strexd */
8789 gen_store_exclusive(s, rd, rm, rm + 1, addr, 3);
8790 break;
8791 case 2: /* strexb */
8792 gen_store_exclusive(s, rd, rm, 15, addr, 0);
8793 break;
8794 case 3: /* strexh */
8795 gen_store_exclusive(s, rd, rm, 15, addr, 1);
8796 break;
8797 default:
8798 abort();
8799 }
8800 }
8801 tcg_temp_free_i32(addr);
8802
8803 if (is_lasr && is_ld) {
8804 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
8805 }
8806 } else if ((insn & 0x00300f00) == 0) {
8807 /* 0bcccc_0001_0x00_xxxx_xxxx_0000_1001_xxxx
8808 * - SWP, SWPB
8809 */
8810
8811 TCGv taddr;
8812 MemOp opc = s->be_data;
8813
8814 rm = (insn) & 0xf;
8815
8816 if (insn & (1 << 22)) {
8817 opc |= MO_UB;
8818 } else {
8819 opc |= MO_UL | MO_ALIGN;
8820 }
8821
8822 addr = load_reg(s, rn);
8823 taddr = gen_aa32_addr(s, addr, opc);
8824 tcg_temp_free_i32(addr);
8825
8826 tmp = load_reg(s, rm);
8827 tcg_gen_atomic_xchg_i32(tmp, taddr, tmp,
8828 get_mem_index(s), opc);
8829 tcg_temp_free(taddr);
8830 store_reg(s, rd, tmp);
8831 } else {
8832 goto illegal_op;
8833 }
8834 }
8835 } else {
8836 int address_offset;
8837 bool load = insn & (1 << 20);
8838 bool wbit = insn & (1 << 21);
8839 bool pbit = insn & (1 << 24);
8840 bool doubleword = false;
8841 ISSInfo issinfo;
8842
8843 /* Misc load/store */
8844 rn = (insn >> 16) & 0xf;
8845 rd = (insn >> 12) & 0xf;
8846
8847 /* ISS not valid if writeback */
8848 issinfo = (pbit & !wbit) ? rd : ISSInvalid;
8849
8850 if (!load && (sh & 2)) {
8851 /* doubleword */
8852 ARCH(5TE);
8853 if (rd & 1) {
8854 /* UNPREDICTABLE; we choose to UNDEF */
8855 goto illegal_op;
8856 }
8857 load = (sh & 1) == 0;
8858 doubleword = true;
8859 }
8860
8861 addr = load_reg(s, rn);
8862 if (pbit) {
8863 gen_add_datah_offset(s, insn, 0, addr);
8864 }
8865 address_offset = 0;
8866
8867 if (doubleword) {
8868 if (!load) {
8869 /* store */
8870 tmp = load_reg(s, rd);
8871 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
8872 tcg_temp_free_i32(tmp);
8873 tcg_gen_addi_i32(addr, addr, 4);
8874 tmp = load_reg(s, rd + 1);
8875 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
8876 tcg_temp_free_i32(tmp);
8877 } else {
8878 /* load */
8879 tmp = tcg_temp_new_i32();
8880 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8881 store_reg(s, rd, tmp);
8882 tcg_gen_addi_i32(addr, addr, 4);
8883 tmp = tcg_temp_new_i32();
8884 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8885 rd++;
8886 }
8887 address_offset = -4;
8888 } else if (load) {
8889 /* load */
8890 tmp = tcg_temp_new_i32();
8891 switch (sh) {
8892 case 1:
8893 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s),
8894 issinfo);
8895 break;
8896 case 2:
8897 gen_aa32_ld8s_iss(s, tmp, addr, get_mem_index(s),
8898 issinfo);
8899 break;
8900 default:
8901 case 3:
8902 gen_aa32_ld16s_iss(s, tmp, addr, get_mem_index(s),
8903 issinfo);
8904 break;
8905 }
8906 } else {
8907 /* store */
8908 tmp = load_reg(s, rd);
8909 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), issinfo);
8910 tcg_temp_free_i32(tmp);
8911 }
8912 /* Perform base writeback before the loaded value to
8913 ensure correct behavior with overlapping index registers.
8914 ldrd with base writeback is undefined if the
8915 destination and index registers overlap. */
8916 if (!pbit) {
8917 gen_add_datah_offset(s, insn, address_offset, addr);
8918 store_reg(s, rn, addr);
8919 } else if (wbit) {
8920 if (address_offset)
8921 tcg_gen_addi_i32(addr, addr, address_offset);
8922 store_reg(s, rn, addr);
8923 } else {
8924 tcg_temp_free_i32(addr);
8925 }
8926 if (load) {
8927 /* Complete the load. */
8928 store_reg(s, rd, tmp);
8929 }
8930 }
8931 break;
8932 case 0x4:
8933 case 0x5:
8934 goto do_ldst;
8935 case 0x6:
8936 case 0x7:
8937 if (insn & (1 << 4)) {
8938 ARCH(6);
8939 /* Armv6 Media instructions. */
8940 rm = insn & 0xf;
8941 rn = (insn >> 16) & 0xf;
8942 rd = (insn >> 12) & 0xf;
8943 rs = (insn >> 8) & 0xf;
8944 switch ((insn >> 23) & 3) {
8945 case 0: /* Parallel add/subtract. */
8946 op1 = (insn >> 20) & 7;
8947 tmp = load_reg(s, rn);
8948 tmp2 = load_reg(s, rm);
8949 sh = (insn >> 5) & 7;
8950 if ((op1 & 3) == 0 || sh == 5 || sh == 6)
8951 goto illegal_op;
8952 gen_arm_parallel_addsub(op1, sh, tmp, tmp2);
8953 tcg_temp_free_i32(tmp2);
8954 store_reg(s, rd, tmp);
8955 break;
8956 case 1:
8957 if ((insn & 0x00700020) == 0) {
8958 /* Halfword pack. */
8959 tmp = load_reg(s, rn);
8960 tmp2 = load_reg(s, rm);
8961 shift = (insn >> 7) & 0x1f;
8962 if (insn & (1 << 6)) {
8963 /* pkhtb */
8964 if (shift == 0) {
8965 shift = 31;
8966 }
8967 tcg_gen_sari_i32(tmp2, tmp2, shift);
8968 tcg_gen_deposit_i32(tmp, tmp, tmp2, 0, 16);
8969 } else {
8970 /* pkhbt */
8971 tcg_gen_shli_i32(tmp2, tmp2, shift);
8972 tcg_gen_deposit_i32(tmp, tmp2, tmp, 0, 16);
8973 }
8974 tcg_temp_free_i32(tmp2);
8975 store_reg(s, rd, tmp);
8976 } else if ((insn & 0x00200020) == 0x00200000) {
8977 /* [us]sat */
8978 tmp = load_reg(s, rm);
8979 shift = (insn >> 7) & 0x1f;
8980 if (insn & (1 << 6)) {
8981 if (shift == 0)
8982 shift = 31;
8983 tcg_gen_sari_i32(tmp, tmp, shift);
8984 } else {
8985 tcg_gen_shli_i32(tmp, tmp, shift);
8986 }
8987 sh = (insn >> 16) & 0x1f;
8988 tmp2 = tcg_const_i32(sh);
8989 if (insn & (1 << 22))
8990 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
8991 else
8992 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
8993 tcg_temp_free_i32(tmp2);
8994 store_reg(s, rd, tmp);
8995 } else if ((insn & 0x00300fe0) == 0x00200f20) {
8996 /* [us]sat16 */
8997 tmp = load_reg(s, rm);
8998 sh = (insn >> 16) & 0x1f;
8999 tmp2 = tcg_const_i32(sh);
9000 if (insn & (1 << 22))
9001 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
9002 else
9003 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
9004 tcg_temp_free_i32(tmp2);
9005 store_reg(s, rd, tmp);
9006 } else if ((insn & 0x00700fe0) == 0x00000fa0) {
9007 /* Select bytes. */
9008 tmp = load_reg(s, rn);
9009 tmp2 = load_reg(s, rm);
9010 tmp3 = tcg_temp_new_i32();
9011 tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
9012 gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
9013 tcg_temp_free_i32(tmp3);
9014 tcg_temp_free_i32(tmp2);
9015 store_reg(s, rd, tmp);
9016 } else if ((insn & 0x000003e0) == 0x00000060) {
9017 tmp = load_reg(s, rm);
9018 shift = (insn >> 10) & 3;
9019 /* ??? In many cases it's not necessary to do a
9020 rotate, a shift is sufficient. */
9021 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
9022 op1 = (insn >> 20) & 7;
9023 switch (op1) {
9024 case 0: gen_sxtb16(tmp); break;
9025 case 2: gen_sxtb(tmp); break;
9026 case 3: gen_sxth(tmp); break;
9027 case 4: gen_uxtb16(tmp); break;
9028 case 6: gen_uxtb(tmp); break;
9029 case 7: gen_uxth(tmp); break;
9030 default: goto illegal_op;
9031 }
9032 if (rn != 15) {
9033 tmp2 = load_reg(s, rn);
9034 if ((op1 & 3) == 0) {
9035 gen_add16(tmp, tmp2);
9036 } else {
9037 tcg_gen_add_i32(tmp, tmp, tmp2);
9038 tcg_temp_free_i32(tmp2);
9039 }
9040 }
9041 store_reg(s, rd, tmp);
9042 } else if ((insn & 0x003f0f60) == 0x003f0f20) {
9043 /* rev */
9044 tmp = load_reg(s, rm);
9045 if (insn & (1 << 22)) {
9046 if (insn & (1 << 7)) {
9047 gen_revsh(tmp);
9048 } else {
9049 ARCH(6T2);
9050 gen_helper_rbit(tmp, tmp);
9051 }
9052 } else {
9053 if (insn & (1 << 7))
9054 gen_rev16(tmp);
9055 else
9056 tcg_gen_bswap32_i32(tmp, tmp);
9057 }
9058 store_reg(s, rd, tmp);
9059 } else {
9060 goto illegal_op;
9061 }
9062 break;
9063 case 2: /* Multiplies (Type 3). */
9064 switch ((insn >> 20) & 0x7) {
9065 case 5:
9066 if (((insn >> 6) ^ (insn >> 7)) & 1) {
9067 /* op2 not 00x or 11x : UNDEF */
9068 goto illegal_op;
9069 }
9070 /* Signed multiply most significant [accumulate].
9071 (SMMUL, SMMLA, SMMLS) */
9072 tmp = load_reg(s, rm);
9073 tmp2 = load_reg(s, rs);
9074 tcg_gen_muls2_i32(tmp2, tmp, tmp, tmp2);
9075
9076 if (rd != 15) {
9077 tmp3 = load_reg(s, rd);
9078 if (insn & (1 << 6)) {
9079 /*
9080 * For SMMLS, we need a 64-bit subtract.
9081 * Borrow caused by a non-zero multiplicand
9082 * lowpart, and the correct result lowpart
9083 * for rounding.
9084 */
9085 TCGv_i32 zero = tcg_const_i32(0);
9086 tcg_gen_sub2_i32(tmp2, tmp, zero, tmp3,
9087 tmp2, tmp);
9088 tcg_temp_free_i32(zero);
9089 } else {
9090 tcg_gen_add_i32(tmp, tmp, tmp3);
9091 }
9092 tcg_temp_free_i32(tmp3);
9093 }
9094 if (insn & (1 << 5)) {
9095 /*
9096 * Adding 0x80000000 to the 64-bit quantity
9097 * means that we have carry in to the high
9098 * word when the low word has the high bit set.
9099 */
9100 tcg_gen_shri_i32(tmp2, tmp2, 31);
9101 tcg_gen_add_i32(tmp, tmp, tmp2);
9102 }
9103 tcg_temp_free_i32(tmp2);
9104 store_reg(s, rn, tmp);
9105 break;
9106 case 0:
9107 case 4:
9108 /* SMLAD, SMUAD, SMLSD, SMUSD, SMLALD, SMLSLD */
9109 if (insn & (1 << 7)) {
9110 goto illegal_op;
9111 }
9112 tmp = load_reg(s, rm);
9113 tmp2 = load_reg(s, rs);
9114 if (insn & (1 << 5))
9115 gen_swap_half(tmp2);
9116 gen_smul_dual(tmp, tmp2);
9117 if (insn & (1 << 22)) {
9118 /* smlald, smlsld */
9119 TCGv_i64 tmp64_2;
9120
9121 tmp64 = tcg_temp_new_i64();
9122 tmp64_2 = tcg_temp_new_i64();
9123 tcg_gen_ext_i32_i64(tmp64, tmp);
9124 tcg_gen_ext_i32_i64(tmp64_2, tmp2);
9125 tcg_temp_free_i32(tmp);
9126 tcg_temp_free_i32(tmp2);
9127 if (insn & (1 << 6)) {
9128 tcg_gen_sub_i64(tmp64, tmp64, tmp64_2);
9129 } else {
9130 tcg_gen_add_i64(tmp64, tmp64, tmp64_2);
9131 }
9132 tcg_temp_free_i64(tmp64_2);
9133 gen_addq(s, tmp64, rd, rn);
9134 gen_storeq_reg(s, rd, rn, tmp64);
9135 tcg_temp_free_i64(tmp64);
9136 } else {
9137 /* smuad, smusd, smlad, smlsd */
9138 if (insn & (1 << 6)) {
9139 /* This subtraction cannot overflow. */
9140 tcg_gen_sub_i32(tmp, tmp, tmp2);
9141 } else {
9142 /* This addition cannot overflow 32 bits;
9143 * however it may overflow considered as a
9144 * signed operation, in which case we must set
9145 * the Q flag.
9146 */
9147 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9148 }
9149 tcg_temp_free_i32(tmp2);
9150 if (rd != 15)
9151 {
9152 tmp2 = load_reg(s, rd);
9153 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9154 tcg_temp_free_i32(tmp2);
9155 }
9156 store_reg(s, rn, tmp);
9157 }
9158 break;
9159 case 1:
9160 case 3:
9161 /* SDIV, UDIV */
9162 if (!dc_isar_feature(arm_div, s)) {
9163 goto illegal_op;
9164 }
9165 if (((insn >> 5) & 7) || (rd != 15)) {
9166 goto illegal_op;
9167 }
9168 tmp = load_reg(s, rm);
9169 tmp2 = load_reg(s, rs);
9170 if (insn & (1 << 21)) {
9171 gen_helper_udiv(tmp, tmp, tmp2);
9172 } else {
9173 gen_helper_sdiv(tmp, tmp, tmp2);
9174 }
9175 tcg_temp_free_i32(tmp2);
9176 store_reg(s, rn, tmp);
9177 break;
9178 default:
9179 goto illegal_op;
9180 }
9181 break;
9182 case 3:
9183 op1 = ((insn >> 17) & 0x38) | ((insn >> 5) & 7);
9184 switch (op1) {
9185 case 0: /* Unsigned sum of absolute differences. */
9186 ARCH(6);
9187 tmp = load_reg(s, rm);
9188 tmp2 = load_reg(s, rs);
9189 gen_helper_usad8(tmp, tmp, tmp2);
9190 tcg_temp_free_i32(tmp2);
9191 if (rd != 15) {
9192 tmp2 = load_reg(s, rd);
9193 tcg_gen_add_i32(tmp, tmp, tmp2);
9194 tcg_temp_free_i32(tmp2);
9195 }
9196 store_reg(s, rn, tmp);
9197 break;
9198 case 0x20: case 0x24: case 0x28: case 0x2c:
9199 /* Bitfield insert/clear. */
9200 ARCH(6T2);
9201 shift = (insn >> 7) & 0x1f;
9202 i = (insn >> 16) & 0x1f;
9203 if (i < shift) {
9204 /* UNPREDICTABLE; we choose to UNDEF */
9205 goto illegal_op;
9206 }
9207 i = i + 1 - shift;
9208 if (rm == 15) {
9209 tmp = tcg_temp_new_i32();
9210 tcg_gen_movi_i32(tmp, 0);
9211 } else {
9212 tmp = load_reg(s, rm);
9213 }
9214 if (i != 32) {
9215 tmp2 = load_reg(s, rd);
9216 tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, i);
9217 tcg_temp_free_i32(tmp2);
9218 }
9219 store_reg(s, rd, tmp);
9220 break;
9221 case 0x12: case 0x16: case 0x1a: case 0x1e: /* sbfx */
9222 case 0x32: case 0x36: case 0x3a: case 0x3e: /* ubfx */
9223 ARCH(6T2);
9224 tmp = load_reg(s, rm);
9225 shift = (insn >> 7) & 0x1f;
9226 i = ((insn >> 16) & 0x1f) + 1;
9227 if (shift + i > 32)
9228 goto illegal_op;
9229 if (i < 32) {
9230 if (op1 & 0x20) {
9231 tcg_gen_extract_i32(tmp, tmp, shift, i);
9232 } else {
9233 tcg_gen_sextract_i32(tmp, tmp, shift, i);
9234 }
9235 }
9236 store_reg(s, rd, tmp);
9237 break;
9238 default:
9239 goto illegal_op;
9240 }
9241 break;
9242 }
9243 break;
9244 }
9245 do_ldst:
9246 /* Check for undefined extension instructions
9247 * per the ARM Bible IE:
9248 * xxxx 0111 1111 xxxx xxxx xxxx 1111 xxxx
9249 */
9250 sh = (0xf << 20) | (0xf << 4);
9251 if (op1 == 0x7 && ((insn & sh) == sh))
9252 {
9253 goto illegal_op;
9254 }
9255 /* load/store byte/word */
9256 rn = (insn >> 16) & 0xf;
9257 rd = (insn >> 12) & 0xf;
9258 tmp2 = load_reg(s, rn);
9259 if ((insn & 0x01200000) == 0x00200000) {
9260 /* ldrt/strt */
9261 i = get_a32_user_mem_index(s);
9262 } else {
9263 i = get_mem_index(s);
9264 }
9265 if (insn & (1 << 24))
9266 gen_add_data_offset(s, insn, tmp2);
9267 if (insn & (1 << 20)) {
9268 /* load */
9269 tmp = tcg_temp_new_i32();
9270 if (insn & (1 << 22)) {
9271 gen_aa32_ld8u_iss(s, tmp, tmp2, i, rd);
9272 } else {
9273 gen_aa32_ld32u_iss(s, tmp, tmp2, i, rd);
9274 }
9275 } else {
9276 /* store */
9277 tmp = load_reg(s, rd);
9278 if (insn & (1 << 22)) {
9279 gen_aa32_st8_iss(s, tmp, tmp2, i, rd);
9280 } else {
9281 gen_aa32_st32_iss(s, tmp, tmp2, i, rd);
9282 }
9283 tcg_temp_free_i32(tmp);
9284 }
9285 if (!(insn & (1 << 24))) {
9286 gen_add_data_offset(s, insn, tmp2);
9287 store_reg(s, rn, tmp2);
9288 } else if (insn & (1 << 21)) {
9289 store_reg(s, rn, tmp2);
9290 } else {
9291 tcg_temp_free_i32(tmp2);
9292 }
9293 if (insn & (1 << 20)) {
9294 /* Complete the load. */
9295 store_reg_from_load(s, rd, tmp);
9296 }
9297 break;
9298 case 0x08:
9299 case 0x09:
9300 {
9301 int j, n, loaded_base;
9302 bool exc_return = false;
9303 bool is_load = extract32(insn, 20, 1);
9304 bool user = false;
9305 TCGv_i32 loaded_var;
9306 /* load/store multiple words */
9307 /* XXX: store correct base if write back */
9308 if (insn & (1 << 22)) {
9309 /* LDM (user), LDM (exception return) and STM (user) */
9310 if (IS_USER(s))
9311 goto illegal_op; /* only usable in supervisor mode */
9312
9313 if (is_load && extract32(insn, 15, 1)) {
9314 exc_return = true;
9315 } else {
9316 user = true;
9317 }
9318 }
9319 rn = (insn >> 16) & 0xf;
9320 addr = load_reg(s, rn);
9321
9322 /* compute total size */
9323 loaded_base = 0;
9324 loaded_var = NULL;
9325 n = 0;
9326 for (i = 0; i < 16; i++) {
9327 if (insn & (1 << i))
9328 n++;
9329 }
9330 /* XXX: test invalid n == 0 case ? */
9331 if (insn & (1 << 23)) {
9332 if (insn & (1 << 24)) {
9333 /* pre increment */
9334 tcg_gen_addi_i32(addr, addr, 4);
9335 } else {
9336 /* post increment */
9337 }
9338 } else {
9339 if (insn & (1 << 24)) {
9340 /* pre decrement */
9341 tcg_gen_addi_i32(addr, addr, -(n * 4));
9342 } else {
9343 /* post decrement */
9344 if (n != 1)
9345 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9346 }
9347 }
9348 j = 0;
9349 for (i = 0; i < 16; i++) {
9350 if (insn & (1 << i)) {
9351 if (is_load) {
9352 /* load */
9353 tmp = tcg_temp_new_i32();
9354 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9355 if (user) {
9356 tmp2 = tcg_const_i32(i);
9357 gen_helper_set_user_reg(cpu_env, tmp2, tmp);
9358 tcg_temp_free_i32(tmp2);
9359 tcg_temp_free_i32(tmp);
9360 } else if (i == rn) {
9361 loaded_var = tmp;
9362 loaded_base = 1;
9363 } else if (i == 15 && exc_return) {
9364 store_pc_exc_ret(s, tmp);
9365 } else {
9366 store_reg_from_load(s, i, tmp);
9367 }
9368 } else {
9369 /* store */
9370 if (i == 15) {
9371 tmp = tcg_temp_new_i32();
9372 tcg_gen_movi_i32(tmp, read_pc(s));
9373 } else if (user) {
9374 tmp = tcg_temp_new_i32();
9375 tmp2 = tcg_const_i32(i);
9376 gen_helper_get_user_reg(tmp, cpu_env, tmp2);
9377 tcg_temp_free_i32(tmp2);
9378 } else {
9379 tmp = load_reg(s, i);
9380 }
9381 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9382 tcg_temp_free_i32(tmp);
9383 }
9384 j++;
9385 /* no need to add after the last transfer */
9386 if (j != n)
9387 tcg_gen_addi_i32(addr, addr, 4);
9388 }
9389 }
9390 if (insn & (1 << 21)) {
9391 /* write back */
9392 if (insn & (1 << 23)) {
9393 if (insn & (1 << 24)) {
9394 /* pre increment */
9395 } else {
9396 /* post increment */
9397 tcg_gen_addi_i32(addr, addr, 4);
9398 }
9399 } else {
9400 if (insn & (1 << 24)) {
9401 /* pre decrement */
9402 if (n != 1)
9403 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9404 } else {
9405 /* post decrement */
9406 tcg_gen_addi_i32(addr, addr, -(n * 4));
9407 }
9408 }
9409 store_reg(s, rn, addr);
9410 } else {
9411 tcg_temp_free_i32(addr);
9412 }
9413 if (loaded_base) {
9414 store_reg(s, rn, loaded_var);
9415 }
9416 if (exc_return) {
9417 /* Restore CPSR from SPSR. */
9418 tmp = load_cpu_field(spsr);
9419 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
9420 gen_io_start();
9421 }
9422 gen_helper_cpsr_write_eret(cpu_env, tmp);
9423 tcg_temp_free_i32(tmp);
9424 /* Must exit loop to check un-masked IRQs */
9425 s->base.is_jmp = DISAS_EXIT;
9426 }
9427 }
9428 break;
9429 case 0xa:
9430 case 0xb:
9431 {
9432 int32_t offset;
9433
9434 /* branch (and link) */
9435 if (insn & (1 << 24)) {
9436 tmp = tcg_temp_new_i32();
9437 tcg_gen_movi_i32(tmp, s->base.pc_next);
9438 store_reg(s, 14, tmp);
9439 }
9440 offset = sextract32(insn << 2, 0, 26);
9441 gen_jmp(s, read_pc(s) + offset);
9442 }
9443 break;
9444 case 0xc:
9445 case 0xd:
9446 case 0xe:
9447 if (((insn >> 8) & 0xe) == 10) {
9448 /* VFP. */
9449 if (disas_vfp_insn(s, insn)) {
9450 goto illegal_op;
9451 }
9452 } else if (disas_coproc_insn(s, insn)) {
9453 /* Coprocessor. */
9454 goto illegal_op;
9455 }
9456 break;
9457 case 0xf:
9458 /* swi */
9459 gen_set_pc_im(s, s->base.pc_next);
9460 s->svc_imm = extract32(insn, 0, 24);
9461 s->base.is_jmp = DISAS_SWI;
9462 break;
9463 default:
9464 illegal_op:
9465 unallocated_encoding(s);
9466 break;
9467 }
9468 }
9469 }
9470
9471 static bool thumb_insn_is_16bit(DisasContext *s, uint32_t pc, uint32_t insn)
9472 {
9473 /*
9474 * Return true if this is a 16 bit instruction. We must be precise
9475 * about this (matching the decode).
9476 */
9477 if ((insn >> 11) < 0x1d) {
9478 /* Definitely a 16-bit instruction */
9479 return true;
9480 }
9481
9482 /* Top five bits 0b11101 / 0b11110 / 0b11111 : this is the
9483 * first half of a 32-bit Thumb insn. Thumb-1 cores might
9484 * end up actually treating this as two 16-bit insns, though,
9485 * if it's half of a bl/blx pair that might span a page boundary.
9486 */
9487 if (arm_dc_feature(s, ARM_FEATURE_THUMB2) ||
9488 arm_dc_feature(s, ARM_FEATURE_M)) {
9489 /* Thumb2 cores (including all M profile ones) always treat
9490 * 32-bit insns as 32-bit.
9491 */
9492 return false;
9493 }
9494
9495 if ((insn >> 11) == 0x1e && pc - s->page_start < TARGET_PAGE_SIZE - 3) {
9496 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix, and the suffix
9497 * is not on the next page; we merge this into a 32-bit
9498 * insn.
9499 */
9500 return false;
9501 }
9502 /* 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF);
9503 * 0b1111_1xxx_xxxx_xxxx : BL suffix;
9504 * 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix on the end of a page
9505 * -- handle as single 16 bit insn
9506 */
9507 return true;
9508 }
9509
9510 /* Translate a 32-bit thumb instruction. */
9511 static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
9512 {
9513 uint32_t imm, shift, offset;
9514 uint32_t rd, rn, rm, rs;
9515 TCGv_i32 tmp;
9516 TCGv_i32 tmp2;
9517 TCGv_i32 tmp3;
9518 TCGv_i32 addr;
9519 TCGv_i64 tmp64;
9520 int op;
9521
9522 /*
9523 * ARMv6-M supports a limited subset of Thumb2 instructions.
9524 * Other Thumb1 architectures allow only 32-bit
9525 * combined BL/BLX prefix and suffix.
9526 */
9527 if (arm_dc_feature(s, ARM_FEATURE_M) &&
9528 !arm_dc_feature(s, ARM_FEATURE_V7)) {
9529 int i;
9530 bool found = false;
9531 static const uint32_t armv6m_insn[] = {0xf3808000 /* msr */,
9532 0xf3b08040 /* dsb */,
9533 0xf3b08050 /* dmb */,
9534 0xf3b08060 /* isb */,
9535 0xf3e08000 /* mrs */,
9536 0xf000d000 /* bl */};
9537 static const uint32_t armv6m_mask[] = {0xffe0d000,
9538 0xfff0d0f0,
9539 0xfff0d0f0,
9540 0xfff0d0f0,
9541 0xffe0d000,
9542 0xf800d000};
9543
9544 for (i = 0; i < ARRAY_SIZE(armv6m_insn); i++) {
9545 if ((insn & armv6m_mask[i]) == armv6m_insn[i]) {
9546 found = true;
9547 break;
9548 }
9549 }
9550 if (!found) {
9551 goto illegal_op;
9552 }
9553 } else if ((insn & 0xf800e800) != 0xf000e800) {
9554 ARCH(6T2);
9555 }
9556
9557 if (disas_t32(s, insn)) {
9558 return;
9559 }
9560 /* fall back to legacy decoder */
9561
9562 rn = (insn >> 16) & 0xf;
9563 rs = (insn >> 12) & 0xf;
9564 rd = (insn >> 8) & 0xf;
9565 rm = insn & 0xf;
9566 switch ((insn >> 25) & 0xf) {
9567 case 0: case 1: case 2: case 3:
9568 /* 16-bit instructions. Should never happen. */
9569 abort();
9570 case 4:
9571 if (insn & (1 << 22)) {
9572 /* 0b1110_100x_x1xx_xxxx_xxxx_xxxx_xxxx_xxxx
9573 * - load/store doubleword, load/store exclusive, ldacq/strel,
9574 * table branch, TT.
9575 */
9576 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_M) &&
9577 arm_dc_feature(s, ARM_FEATURE_V8)) {
9578 /* 0b1110_1001_0111_1111_1110_1001_0111_111
9579 * - SG (v8M only)
9580 * The bulk of the behaviour for this instruction is implemented
9581 * in v7m_handle_execute_nsc(), which deals with the insn when
9582 * it is executed by a CPU in non-secure state from memory
9583 * which is Secure & NonSecure-Callable.
9584 * Here we only need to handle the remaining cases:
9585 * * in NS memory (including the "security extension not
9586 * implemented" case) : NOP
9587 * * in S memory but CPU already secure (clear IT bits)
9588 * We know that the attribute for the memory this insn is
9589 * in must match the current CPU state, because otherwise
9590 * get_phys_addr_pmsav8 would have generated an exception.
9591 */
9592 if (s->v8m_secure) {
9593 /* Like the IT insn, we don't need to generate any code */
9594 s->condexec_cond = 0;
9595 s->condexec_mask = 0;
9596 }
9597 } else if (insn & 0x01200000) {
9598 /* 0b1110_1000_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
9599 * - load/store dual (post-indexed)
9600 * 0b1111_1001_x10x_xxxx_xxxx_xxxx_xxxx_xxxx
9601 * - load/store dual (literal and immediate)
9602 * 0b1111_1001_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
9603 * - load/store dual (pre-indexed)
9604 */
9605 bool wback = extract32(insn, 21, 1);
9606
9607 if (rn == 15 && (insn & (1 << 21))) {
9608 /* UNPREDICTABLE */
9609 goto illegal_op;
9610 }
9611
9612 addr = add_reg_for_lit(s, rn, 0);
9613 offset = (insn & 0xff) * 4;
9614 if ((insn & (1 << 23)) == 0) {
9615 offset = -offset;
9616 }
9617
9618 if (s->v8m_stackcheck && rn == 13 && wback) {
9619 /*
9620 * Here 'addr' is the current SP; if offset is +ve we're
9621 * moving SP up, else down. It is UNKNOWN whether the limit
9622 * check triggers when SP starts below the limit and ends
9623 * up above it; check whichever of the current and final
9624 * SP is lower, so QEMU will trigger in that situation.
9625 */
9626 if ((int32_t)offset < 0) {
9627 TCGv_i32 newsp = tcg_temp_new_i32();
9628
9629 tcg_gen_addi_i32(newsp, addr, offset);
9630 gen_helper_v8m_stackcheck(cpu_env, newsp);
9631 tcg_temp_free_i32(newsp);
9632 } else {
9633 gen_helper_v8m_stackcheck(cpu_env, addr);
9634 }
9635 }
9636
9637 if (insn & (1 << 24)) {
9638 tcg_gen_addi_i32(addr, addr, offset);
9639 offset = 0;
9640 }
9641 if (insn & (1 << 20)) {
9642 /* ldrd */
9643 tmp = tcg_temp_new_i32();
9644 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9645 store_reg(s, rs, tmp);
9646 tcg_gen_addi_i32(addr, addr, 4);
9647 tmp = tcg_temp_new_i32();
9648 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9649 store_reg(s, rd, tmp);
9650 } else {
9651 /* strd */
9652 tmp = load_reg(s, rs);
9653 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9654 tcg_temp_free_i32(tmp);
9655 tcg_gen_addi_i32(addr, addr, 4);
9656 tmp = load_reg(s, rd);
9657 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9658 tcg_temp_free_i32(tmp);
9659 }
9660 if (wback) {
9661 /* Base writeback. */
9662 tcg_gen_addi_i32(addr, addr, offset - 4);
9663 store_reg(s, rn, addr);
9664 } else {
9665 tcg_temp_free_i32(addr);
9666 }
9667 } else if ((insn & (1 << 23)) == 0) {
9668 /* 0b1110_1000_010x_xxxx_xxxx_xxxx_xxxx_xxxx
9669 * - load/store exclusive word
9670 * - TT (v8M only)
9671 */
9672 if (rs == 15) {
9673 if (!(insn & (1 << 20)) &&
9674 arm_dc_feature(s, ARM_FEATURE_M) &&
9675 arm_dc_feature(s, ARM_FEATURE_V8)) {
9676 /* 0b1110_1000_0100_xxxx_1111_xxxx_xxxx_xxxx
9677 * - TT (v8M only)
9678 */
9679 bool alt = insn & (1 << 7);
9680 TCGv_i32 addr, op, ttresp;
9681
9682 if ((insn & 0x3f) || rd == 13 || rd == 15 || rn == 15) {
9683 /* we UNDEF for these UNPREDICTABLE cases */
9684 goto illegal_op;
9685 }
9686
9687 if (alt && !s->v8m_secure) {
9688 goto illegal_op;
9689 }
9690
9691 addr = load_reg(s, rn);
9692 op = tcg_const_i32(extract32(insn, 6, 2));
9693 ttresp = tcg_temp_new_i32();
9694 gen_helper_v7m_tt(ttresp, cpu_env, addr, op);
9695 tcg_temp_free_i32(addr);
9696 tcg_temp_free_i32(op);
9697 store_reg(s, rd, ttresp);
9698 break;
9699 }
9700 goto illegal_op;
9701 }
9702 addr = tcg_temp_local_new_i32();
9703 load_reg_var(s, addr, rn);
9704 tcg_gen_addi_i32(addr, addr, (insn & 0xff) << 2);
9705 if (insn & (1 << 20)) {
9706 gen_load_exclusive(s, rs, 15, addr, 2);
9707 } else {
9708 gen_store_exclusive(s, rd, rs, 15, addr, 2);
9709 }
9710 tcg_temp_free_i32(addr);
9711 } else if ((insn & (7 << 5)) == 0) {
9712 /* Table Branch. */
9713 addr = load_reg(s, rn);
9714 tmp = load_reg(s, rm);
9715 tcg_gen_add_i32(addr, addr, tmp);
9716 if (insn & (1 << 4)) {
9717 /* tbh */
9718 tcg_gen_add_i32(addr, addr, tmp);
9719 tcg_temp_free_i32(tmp);
9720 tmp = tcg_temp_new_i32();
9721 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
9722 } else { /* tbb */
9723 tcg_temp_free_i32(tmp);
9724 tmp = tcg_temp_new_i32();
9725 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
9726 }
9727 tcg_temp_free_i32(addr);
9728 tcg_gen_shli_i32(tmp, tmp, 1);
9729 tcg_gen_addi_i32(tmp, tmp, read_pc(s));
9730 store_reg(s, 15, tmp);
9731 } else {
9732 bool is_lasr = false;
9733 bool is_ld = extract32(insn, 20, 1);
9734 int op2 = (insn >> 6) & 0x3;
9735 op = (insn >> 4) & 0x3;
9736 switch (op2) {
9737 case 0:
9738 goto illegal_op;
9739 case 1:
9740 /* Load/store exclusive byte/halfword/doubleword */
9741 if (op == 2) {
9742 goto illegal_op;
9743 }
9744 ARCH(7);
9745 break;
9746 case 2:
9747 /* Load-acquire/store-release */
9748 if (op == 3) {
9749 goto illegal_op;
9750 }
9751 /* Fall through */
9752 case 3:
9753 /* Load-acquire/store-release exclusive */
9754 ARCH(8);
9755 is_lasr = true;
9756 break;
9757 }
9758
9759 if (is_lasr && !is_ld) {
9760 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
9761 }
9762
9763 addr = tcg_temp_local_new_i32();
9764 load_reg_var(s, addr, rn);
9765 if (!(op2 & 1)) {
9766 if (is_ld) {
9767 tmp = tcg_temp_new_i32();
9768 switch (op) {
9769 case 0: /* ldab */
9770 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s),
9771 rs | ISSIsAcqRel);
9772 break;
9773 case 1: /* ldah */
9774 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s),
9775 rs | ISSIsAcqRel);
9776 break;
9777 case 2: /* lda */
9778 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
9779 rs | ISSIsAcqRel);
9780 break;
9781 default:
9782 abort();
9783 }
9784 store_reg(s, rs, tmp);
9785 } else {
9786 tmp = load_reg(s, rs);
9787 switch (op) {
9788 case 0: /* stlb */
9789 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s),
9790 rs | ISSIsAcqRel);
9791 break;
9792 case 1: /* stlh */
9793 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s),
9794 rs | ISSIsAcqRel);
9795 break;
9796 case 2: /* stl */
9797 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s),
9798 rs | ISSIsAcqRel);
9799 break;
9800 default:
9801 abort();
9802 }
9803 tcg_temp_free_i32(tmp);
9804 }
9805 } else if (is_ld) {
9806 gen_load_exclusive(s, rs, rd, addr, op);
9807 } else {
9808 gen_store_exclusive(s, rm, rs, rd, addr, op);
9809 }
9810 tcg_temp_free_i32(addr);
9811
9812 if (is_lasr && is_ld) {
9813 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
9814 }
9815 }
9816 } else {
9817 /* Load/store multiple, RFE, SRS. */
9818 if (((insn >> 23) & 1) == ((insn >> 24) & 1)) {
9819 /* RFE, SRS: not available in user mode or on M profile */
9820 if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
9821 goto illegal_op;
9822 }
9823 if (insn & (1 << 20)) {
9824 /* rfe */
9825 addr = load_reg(s, rn);
9826 if ((insn & (1 << 24)) == 0)
9827 tcg_gen_addi_i32(addr, addr, -8);
9828 /* Load PC into tmp and CPSR into tmp2. */
9829 tmp = tcg_temp_new_i32();
9830 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9831 tcg_gen_addi_i32(addr, addr, 4);
9832 tmp2 = tcg_temp_new_i32();
9833 gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
9834 if (insn & (1 << 21)) {
9835 /* Base writeback. */
9836 if (insn & (1 << 24)) {
9837 tcg_gen_addi_i32(addr, addr, 4);
9838 } else {
9839 tcg_gen_addi_i32(addr, addr, -4);
9840 }
9841 store_reg(s, rn, addr);
9842 } else {
9843 tcg_temp_free_i32(addr);
9844 }
9845 gen_rfe(s, tmp, tmp2);
9846 } else {
9847 /* srs */
9848 gen_srs(s, (insn & 0x1f), (insn & (1 << 24)) ? 1 : 2,
9849 insn & (1 << 21));
9850 }
9851 } else {
9852 int i, loaded_base = 0;
9853 TCGv_i32 loaded_var;
9854 bool wback = extract32(insn, 21, 1);
9855 /* Load/store multiple. */
9856 addr = load_reg(s, rn);
9857 offset = 0;
9858 for (i = 0; i < 16; i++) {
9859 if (insn & (1 << i))
9860 offset += 4;
9861 }
9862
9863 if (insn & (1 << 24)) {
9864 tcg_gen_addi_i32(addr, addr, -offset);
9865 }
9866
9867 if (s->v8m_stackcheck && rn == 13 && wback) {
9868 /*
9869 * If the writeback is incrementing SP rather than
9870 * decrementing it, and the initial SP is below the
9871 * stack limit but the final written-back SP would
9872 * be above, then then we must not perform any memory
9873 * accesses, but it is IMPDEF whether we generate
9874 * an exception. We choose to do so in this case.
9875 * At this point 'addr' is the lowest address, so
9876 * either the original SP (if incrementing) or our
9877 * final SP (if decrementing), so that's what we check.
9878 */
9879 gen_helper_v8m_stackcheck(cpu_env, addr);
9880 }
9881
9882 loaded_var = NULL;
9883 for (i = 0; i < 16; i++) {
9884 if ((insn & (1 << i)) == 0)
9885 continue;
9886 if (insn & (1 << 20)) {
9887 /* Load. */
9888 tmp = tcg_temp_new_i32();
9889 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9890 if (i == rn) {
9891 loaded_var = tmp;
9892 loaded_base = 1;
9893 } else {
9894 store_reg_from_load(s, i, tmp);
9895 }
9896 } else {
9897 /* Store. */
9898 tmp = load_reg(s, i);
9899 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9900 tcg_temp_free_i32(tmp);
9901 }
9902 tcg_gen_addi_i32(addr, addr, 4);
9903 }
9904 if (loaded_base) {
9905 store_reg(s, rn, loaded_var);
9906 }
9907 if (wback) {
9908 /* Base register writeback. */
9909 if (insn & (1 << 24)) {
9910 tcg_gen_addi_i32(addr, addr, -offset);
9911 }
9912 /* Fault if writeback register is in register list. */
9913 if (insn & (1 << rn))
9914 goto illegal_op;
9915 store_reg(s, rn, addr);
9916 } else {
9917 tcg_temp_free_i32(addr);
9918 }
9919 }
9920 }
9921 break;
9922 case 5:
9923
9924 op = (insn >> 21) & 0xf;
9925 if (op == 6) {
9926 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9927 goto illegal_op;
9928 }
9929 /* Halfword pack. */
9930 tmp = load_reg(s, rn);
9931 tmp2 = load_reg(s, rm);
9932 shift = ((insn >> 10) & 0x1c) | ((insn >> 6) & 0x3);
9933 if (insn & (1 << 5)) {
9934 /* pkhtb */
9935 if (shift == 0) {
9936 shift = 31;
9937 }
9938 tcg_gen_sari_i32(tmp2, tmp2, shift);
9939 tcg_gen_deposit_i32(tmp, tmp, tmp2, 0, 16);
9940 } else {
9941 /* pkhbt */
9942 tcg_gen_shli_i32(tmp2, tmp2, shift);
9943 tcg_gen_deposit_i32(tmp, tmp2, tmp, 0, 16);
9944 }
9945 tcg_temp_free_i32(tmp2);
9946 store_reg(s, rd, tmp);
9947 } else {
9948 /* Data processing register constant shift. */
9949 /* All done in decodetree. Reach here for illegal ops. */
9950 goto illegal_op;
9951 }
9952 break;
9953 case 13: /* Misc data processing. */
9954 op = ((insn >> 22) & 6) | ((insn >> 7) & 1);
9955 if (op < 4 && (insn & 0xf000) != 0xf000)
9956 goto illegal_op;
9957 switch (op) {
9958 case 0: /* Register controlled shift, in decodetree */
9959 goto illegal_op;
9960 case 1: /* Sign/zero extend. */
9961 op = (insn >> 20) & 7;
9962 switch (op) {
9963 case 0: /* SXTAH, SXTH */
9964 case 1: /* UXTAH, UXTH */
9965 case 4: /* SXTAB, SXTB */
9966 case 5: /* UXTAB, UXTB */
9967 break;
9968 case 2: /* SXTAB16, SXTB16 */
9969 case 3: /* UXTAB16, UXTB16 */
9970 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9971 goto illegal_op;
9972 }
9973 break;
9974 default:
9975 goto illegal_op;
9976 }
9977 if (rn != 15) {
9978 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9979 goto illegal_op;
9980 }
9981 }
9982 tmp = load_reg(s, rm);
9983 shift = (insn >> 4) & 3;
9984 /* ??? In many cases it's not necessary to do a
9985 rotate, a shift is sufficient. */
9986 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
9987 op = (insn >> 20) & 7;
9988 switch (op) {
9989 case 0: gen_sxth(tmp); break;
9990 case 1: gen_uxth(tmp); break;
9991 case 2: gen_sxtb16(tmp); break;
9992 case 3: gen_uxtb16(tmp); break;
9993 case 4: gen_sxtb(tmp); break;
9994 case 5: gen_uxtb(tmp); break;
9995 default:
9996 g_assert_not_reached();
9997 }
9998 if (rn != 15) {
9999 tmp2 = load_reg(s, rn);
10000 if ((op >> 1) == 1) {
10001 gen_add16(tmp, tmp2);
10002 } else {
10003 tcg_gen_add_i32(tmp, tmp, tmp2);
10004 tcg_temp_free_i32(tmp2);
10005 }
10006 }
10007 store_reg(s, rd, tmp);
10008 break;
10009 case 2: /* SIMD add/subtract. */
10010 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10011 goto illegal_op;
10012 }
10013 op = (insn >> 20) & 7;
10014 shift = (insn >> 4) & 7;
10015 if ((op & 3) == 3 || (shift & 3) == 3)
10016 goto illegal_op;
10017 tmp = load_reg(s, rn);
10018 tmp2 = load_reg(s, rm);
10019 gen_thumb2_parallel_addsub(op, shift, tmp, tmp2);
10020 tcg_temp_free_i32(tmp2);
10021 store_reg(s, rd, tmp);
10022 break;
10023 case 3: /* Other data processing. */
10024 op = ((insn >> 17) & 0x38) | ((insn >> 4) & 7);
10025 if (op < 4) {
10026 /* Saturating add/subtract. */
10027 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10028 goto illegal_op;
10029 }
10030 tmp = load_reg(s, rn);
10031 tmp2 = load_reg(s, rm);
10032 if (op & 1)
10033 gen_helper_add_saturate(tmp, cpu_env, tmp, tmp);
10034 if (op & 2)
10035 gen_helper_sub_saturate(tmp, cpu_env, tmp2, tmp);
10036 else
10037 gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
10038 tcg_temp_free_i32(tmp2);
10039 } else {
10040 switch (op) {
10041 case 0x0a: /* rbit */
10042 case 0x08: /* rev */
10043 case 0x09: /* rev16 */
10044 case 0x0b: /* revsh */
10045 case 0x18: /* clz */
10046 break;
10047 case 0x10: /* sel */
10048 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10049 goto illegal_op;
10050 }
10051 break;
10052 case 0x20: /* crc32/crc32c */
10053 case 0x21:
10054 case 0x22:
10055 case 0x28:
10056 case 0x29:
10057 case 0x2a:
10058 if (!dc_isar_feature(aa32_crc32, s)) {
10059 goto illegal_op;
10060 }
10061 break;
10062 default:
10063 goto illegal_op;
10064 }
10065 tmp = load_reg(s, rn);
10066 switch (op) {
10067 case 0x0a: /* rbit */
10068 gen_helper_rbit(tmp, tmp);
10069 break;
10070 case 0x08: /* rev */
10071 tcg_gen_bswap32_i32(tmp, tmp);
10072 break;
10073 case 0x09: /* rev16 */
10074 gen_rev16(tmp);
10075 break;
10076 case 0x0b: /* revsh */
10077 gen_revsh(tmp);
10078 break;
10079 case 0x10: /* sel */
10080 tmp2 = load_reg(s, rm);
10081 tmp3 = tcg_temp_new_i32();
10082 tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
10083 gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
10084 tcg_temp_free_i32(tmp3);
10085 tcg_temp_free_i32(tmp2);
10086 break;
10087 case 0x18: /* clz */
10088 tcg_gen_clzi_i32(tmp, tmp, 32);
10089 break;
10090 case 0x20:
10091 case 0x21:
10092 case 0x22:
10093 case 0x28:
10094 case 0x29:
10095 case 0x2a:
10096 {
10097 /* crc32/crc32c */
10098 uint32_t sz = op & 0x3;
10099 uint32_t c = op & 0x8;
10100
10101 tmp2 = load_reg(s, rm);
10102 if (sz == 0) {
10103 tcg_gen_andi_i32(tmp2, tmp2, 0xff);
10104 } else if (sz == 1) {
10105 tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
10106 }
10107 tmp3 = tcg_const_i32(1 << sz);
10108 if (c) {
10109 gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
10110 } else {
10111 gen_helper_crc32(tmp, tmp, tmp2, tmp3);
10112 }
10113 tcg_temp_free_i32(tmp2);
10114 tcg_temp_free_i32(tmp3);
10115 break;
10116 }
10117 default:
10118 g_assert_not_reached();
10119 }
10120 }
10121 store_reg(s, rd, tmp);
10122 break;
10123 case 4: case 5: /* 32-bit multiply. Sum of absolute differences. */
10124 switch ((insn >> 20) & 7) {
10125 case 0: /* 32 x 32 -> 32, in decodetree */
10126 goto illegal_op;
10127 case 7: /* Unsigned sum of absolute differences. */
10128 break;
10129 case 1: /* 16 x 16 -> 32 */
10130 case 2: /* Dual multiply add. */
10131 case 3: /* 32 * 16 -> 32msb */
10132 case 4: /* Dual multiply subtract. */
10133 case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10134 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10135 goto illegal_op;
10136 }
10137 break;
10138 }
10139 op = (insn >> 4) & 0xf;
10140 tmp = load_reg(s, rn);
10141 tmp2 = load_reg(s, rm);
10142 switch ((insn >> 20) & 7) {
10143 case 1: /* 16 x 16 -> 32 */
10144 gen_mulxy(tmp, tmp2, op & 2, op & 1);
10145 tcg_temp_free_i32(tmp2);
10146 if (rs != 15) {
10147 tmp2 = load_reg(s, rs);
10148 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10149 tcg_temp_free_i32(tmp2);
10150 }
10151 break;
10152 case 2: /* Dual multiply add. */
10153 case 4: /* Dual multiply subtract. */
10154 if (op)
10155 gen_swap_half(tmp2);
10156 gen_smul_dual(tmp, tmp2);
10157 if (insn & (1 << 22)) {
10158 /* This subtraction cannot overflow. */
10159 tcg_gen_sub_i32(tmp, tmp, tmp2);
10160 } else {
10161 /* This addition cannot overflow 32 bits;
10162 * however it may overflow considered as a signed
10163 * operation, in which case we must set the Q flag.
10164 */
10165 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10166 }
10167 tcg_temp_free_i32(tmp2);
10168 if (rs != 15)
10169 {
10170 tmp2 = load_reg(s, rs);
10171 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10172 tcg_temp_free_i32(tmp2);
10173 }
10174 break;
10175 case 3: /* 32 * 16 -> 32msb */
10176 if (op)
10177 tcg_gen_sari_i32(tmp2, tmp2, 16);
10178 else
10179 gen_sxth(tmp2);
10180 tmp64 = gen_muls_i64_i32(tmp, tmp2);
10181 tcg_gen_shri_i64(tmp64, tmp64, 16);
10182 tmp = tcg_temp_new_i32();
10183 tcg_gen_extrl_i64_i32(tmp, tmp64);
10184 tcg_temp_free_i64(tmp64);
10185 if (rs != 15)
10186 {
10187 tmp2 = load_reg(s, rs);
10188 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10189 tcg_temp_free_i32(tmp2);
10190 }
10191 break;
10192 case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10193 tcg_gen_muls2_i32(tmp2, tmp, tmp, tmp2);
10194 if (rs != 15) {
10195 tmp3 = load_reg(s, rs);
10196 if (insn & (1 << 20)) {
10197 tcg_gen_add_i32(tmp, tmp, tmp3);
10198 } else {
10199 /*
10200 * For SMMLS, we need a 64-bit subtract.
10201 * Borrow caused by a non-zero multiplicand lowpart,
10202 * and the correct result lowpart for rounding.
10203 */
10204 TCGv_i32 zero = tcg_const_i32(0);
10205 tcg_gen_sub2_i32(tmp2, tmp, zero, tmp3, tmp2, tmp);
10206 tcg_temp_free_i32(zero);
10207 }
10208 tcg_temp_free_i32(tmp3);
10209 }
10210 if (insn & (1 << 4)) {
10211 /*
10212 * Adding 0x80000000 to the 64-bit quantity
10213 * means that we have carry in to the high
10214 * word when the low word has the high bit set.
10215 */
10216 tcg_gen_shri_i32(tmp2, tmp2, 31);
10217 tcg_gen_add_i32(tmp, tmp, tmp2);
10218 }
10219 tcg_temp_free_i32(tmp2);
10220 break;
10221 case 7: /* Unsigned sum of absolute differences. */
10222 gen_helper_usad8(tmp, tmp, tmp2);
10223 tcg_temp_free_i32(tmp2);
10224 if (rs != 15) {
10225 tmp2 = load_reg(s, rs);
10226 tcg_gen_add_i32(tmp, tmp, tmp2);
10227 tcg_temp_free_i32(tmp2);
10228 }
10229 break;
10230 }
10231 store_reg(s, rd, tmp);
10232 break;
10233 case 6: case 7: /* 64-bit multiply, Divide. */
10234 op = ((insn >> 4) & 0xf) | ((insn >> 16) & 0x70);
10235 tmp = load_reg(s, rn);
10236 tmp2 = load_reg(s, rm);
10237 if ((op & 0x50) == 0x10) {
10238 /* sdiv, udiv */
10239 if (!dc_isar_feature(thumb_div, s)) {
10240 goto illegal_op;
10241 }
10242 if (op & 0x20)
10243 gen_helper_udiv(tmp, tmp, tmp2);
10244 else
10245 gen_helper_sdiv(tmp, tmp, tmp2);
10246 tcg_temp_free_i32(tmp2);
10247 store_reg(s, rd, tmp);
10248 } else if ((op & 0xe) == 0xc) {
10249 /* Dual multiply accumulate long. */
10250 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10251 tcg_temp_free_i32(tmp);
10252 tcg_temp_free_i32(tmp2);
10253 goto illegal_op;
10254 }
10255 if (op & 1)
10256 gen_swap_half(tmp2);
10257 gen_smul_dual(tmp, tmp2);
10258 if (op & 0x10) {
10259 tcg_gen_sub_i32(tmp, tmp, tmp2);
10260 } else {
10261 tcg_gen_add_i32(tmp, tmp, tmp2);
10262 }
10263 tcg_temp_free_i32(tmp2);
10264 /* BUGFIX */
10265 tmp64 = tcg_temp_new_i64();
10266 tcg_gen_ext_i32_i64(tmp64, tmp);
10267 tcg_temp_free_i32(tmp);
10268 gen_addq(s, tmp64, rs, rd);
10269 gen_storeq_reg(s, rs, rd, tmp64);
10270 tcg_temp_free_i64(tmp64);
10271 } else {
10272 if ((op & 0x20) || !(op & 8)) {
10273 /* Signed/unsigned 64-bit multiply, in decodetree */
10274 tcg_temp_free_i32(tmp2);
10275 tcg_temp_free_i32(tmp);
10276 goto illegal_op;
10277 }
10278 /* smlalxy */
10279 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10280 tcg_temp_free_i32(tmp2);
10281 tcg_temp_free_i32(tmp);
10282 goto illegal_op;
10283 }
10284 gen_mulxy(tmp, tmp2, op & 2, op & 1);
10285 tcg_temp_free_i32(tmp2);
10286 tmp64 = tcg_temp_new_i64();
10287 tcg_gen_ext_i32_i64(tmp64, tmp);
10288 tcg_temp_free_i32(tmp);
10289 if (op & 0x40) {
10290 /* 64-bit accumulate. */
10291 gen_addq(s, tmp64, rs, rd);
10292 }
10293 gen_storeq_reg(s, rs, rd, tmp64);
10294 tcg_temp_free_i64(tmp64);
10295 }
10296 break;
10297 }
10298 break;
10299 case 6: case 7: case 14: case 15:
10300 /* Coprocessor. */
10301 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10302 /* 0b111x_11xx_xxxx_xxxx_xxxx_xxxx_xxxx_xxxx */
10303 if (extract32(insn, 24, 2) == 3) {
10304 goto illegal_op; /* op0 = 0b11 : unallocated */
10305 }
10306
10307 /*
10308 * Decode VLLDM and VLSTM first: these are nonstandard because:
10309 * * if there is no FPU then these insns must NOP in
10310 * Secure state and UNDEF in Nonsecure state
10311 * * if there is an FPU then these insns do not have
10312 * the usual behaviour that disas_vfp_insn() provides of
10313 * being controlled by CPACR/NSACR enable bits or the
10314 * lazy-stacking logic.
10315 */
10316 if (arm_dc_feature(s, ARM_FEATURE_V8) &&
10317 (insn & 0xffa00f00) == 0xec200a00) {
10318 /* 0b1110_1100_0x1x_xxxx_xxxx_1010_xxxx_xxxx
10319 * - VLLDM, VLSTM
10320 * We choose to UNDEF if the RAZ bits are non-zero.
10321 */
10322 if (!s->v8m_secure || (insn & 0x0040f0ff)) {
10323 goto illegal_op;
10324 }
10325
10326 if (arm_dc_feature(s, ARM_FEATURE_VFP)) {
10327 TCGv_i32 fptr = load_reg(s, rn);
10328
10329 if (extract32(insn, 20, 1)) {
10330 gen_helper_v7m_vlldm(cpu_env, fptr);
10331 } else {
10332 gen_helper_v7m_vlstm(cpu_env, fptr);
10333 }
10334 tcg_temp_free_i32(fptr);
10335
10336 /* End the TB, because we have updated FP control bits */
10337 s->base.is_jmp = DISAS_UPDATE;
10338 }
10339 break;
10340 }
10341 if (arm_dc_feature(s, ARM_FEATURE_VFP) &&
10342 ((insn >> 8) & 0xe) == 10) {
10343 /* FP, and the CPU supports it */
10344 if (disas_vfp_insn(s, insn)) {
10345 goto illegal_op;
10346 }
10347 break;
10348 }
10349
10350 /* All other insns: NOCP */
10351 gen_exception_insn(s, s->pc_curr, EXCP_NOCP, syn_uncategorized(),
10352 default_exception_el(s));
10353 break;
10354 }
10355 if ((insn & 0xfe000a00) == 0xfc000800
10356 && arm_dc_feature(s, ARM_FEATURE_V8)) {
10357 /* The Thumb2 and ARM encodings are identical. */
10358 if (disas_neon_insn_3same_ext(s, insn)) {
10359 goto illegal_op;
10360 }
10361 } else if ((insn & 0xff000a00) == 0xfe000800
10362 && arm_dc_feature(s, ARM_FEATURE_V8)) {
10363 /* The Thumb2 and ARM encodings are identical. */
10364 if (disas_neon_insn_2reg_scalar_ext(s, insn)) {
10365 goto illegal_op;
10366 }
10367 } else if (((insn >> 24) & 3) == 3) {
10368 /* Translate into the equivalent ARM encoding. */
10369 insn = (insn & 0xe2ffffff) | ((insn & (1 << 28)) >> 4) | (1 << 28);
10370 if (disas_neon_data_insn(s, insn)) {
10371 goto illegal_op;
10372 }
10373 } else if (((insn >> 8) & 0xe) == 10) {
10374 if (disas_vfp_insn(s, insn)) {
10375 goto illegal_op;
10376 }
10377 } else {
10378 if (insn & (1 << 28))
10379 goto illegal_op;
10380 if (disas_coproc_insn(s, insn)) {
10381 goto illegal_op;
10382 }
10383 }
10384 break;
10385 case 8: case 9: case 10: case 11:
10386 if (insn & (1 << 15)) {
10387 /* Branches, misc control. */
10388 if (insn & 0x5000) {
10389 /* Unconditional branch. */
10390 /* signextend(hw1[10:0]) -> offset[:12]. */
10391 offset = ((int32_t)insn << 5) >> 9 & ~(int32_t)0xfff;
10392 /* hw1[10:0] -> offset[11:1]. */
10393 offset |= (insn & 0x7ff) << 1;
10394 /* (~hw2[13, 11] ^ offset[24]) -> offset[23,22]
10395 offset[24:22] already have the same value because of the
10396 sign extension above. */
10397 offset ^= ((~insn) & (1 << 13)) << 10;
10398 offset ^= ((~insn) & (1 << 11)) << 11;
10399
10400 if (insn & (1 << 14)) {
10401 /* Branch and link. */
10402 tcg_gen_movi_i32(cpu_R[14], s->base.pc_next | 1);
10403 }
10404
10405 offset += read_pc(s);
10406 if (insn & (1 << 12)) {
10407 /* b/bl */
10408 gen_jmp(s, offset);
10409 } else {
10410 /* blx */
10411 offset &= ~(uint32_t)2;
10412 /* thumb2 bx, no need to check */
10413 gen_bx_im(s, offset);
10414 }
10415 } else if (((insn >> 23) & 7) == 7) {
10416 /* Misc control */
10417 if (insn & (1 << 13))
10418 goto illegal_op;
10419
10420 if (insn & (1 << 26)) {
10421 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10422 goto illegal_op;
10423 }
10424 if (!(insn & (1 << 20))) {
10425 /* Hypervisor call (v7) */
10426 int imm16 = extract32(insn, 16, 4) << 12
10427 | extract32(insn, 0, 12);
10428 ARCH(7);
10429 if (IS_USER(s)) {
10430 goto illegal_op;
10431 }
10432 gen_hvc(s, imm16);
10433 } else {
10434 /* Secure monitor call (v6+) */
10435 ARCH(6K);
10436 if (IS_USER(s)) {
10437 goto illegal_op;
10438 }
10439 gen_smc(s);
10440 }
10441 } else {
10442 op = (insn >> 20) & 7;
10443 switch (op) {
10444 case 0: /* msr cpsr. */
10445 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10446 tmp = load_reg(s, rn);
10447 /* the constant is the mask and SYSm fields */
10448 addr = tcg_const_i32(insn & 0xfff);
10449 gen_helper_v7m_msr(cpu_env, addr, tmp);
10450 tcg_temp_free_i32(addr);
10451 tcg_temp_free_i32(tmp);
10452 gen_lookup_tb(s);
10453 break;
10454 }
10455 /* fall through */
10456 case 1: /* msr spsr. */
10457 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10458 goto illegal_op;
10459 }
10460
10461 if (extract32(insn, 5, 1)) {
10462 /* MSR (banked) */
10463 int sysm = extract32(insn, 8, 4) |
10464 (extract32(insn, 4, 1) << 4);
10465 int r = op & 1;
10466
10467 gen_msr_banked(s, r, sysm, rm);
10468 break;
10469 }
10470
10471 /* MSR (for PSRs) */
10472 tmp = load_reg(s, rn);
10473 if (gen_set_psr(s,
10474 msr_mask(s, (insn >> 8) & 0xf, op == 1),
10475 op == 1, tmp))
10476 goto illegal_op;
10477 break;
10478 case 2: /* cps, nop-hint. */
10479 if (((insn >> 8) & 7) == 0) {
10480 gen_nop_hint(s, insn & 0xff);
10481 }
10482 /* Implemented as NOP in user mode. */
10483 if (IS_USER(s))
10484 break;
10485 offset = 0;
10486 imm = 0;
10487 if (insn & (1 << 10)) {
10488 if (insn & (1 << 7))
10489 offset |= CPSR_A;
10490 if (insn & (1 << 6))
10491 offset |= CPSR_I;
10492 if (insn & (1 << 5))
10493 offset |= CPSR_F;
10494 if (insn & (1 << 9))
10495 imm = CPSR_A | CPSR_I | CPSR_F;
10496 }
10497 if (insn & (1 << 8)) {
10498 offset |= 0x1f;
10499 imm |= (insn & 0x1f);
10500 }
10501 if (offset) {
10502 gen_set_psr_im(s, offset, 0, imm);
10503 }
10504 break;
10505 case 3: /* Special control operations. */
10506 if (!arm_dc_feature(s, ARM_FEATURE_V7) &&
10507 !arm_dc_feature(s, ARM_FEATURE_M)) {
10508 goto illegal_op;
10509 }
10510 op = (insn >> 4) & 0xf;
10511 switch (op) {
10512 case 2: /* clrex */
10513 gen_clrex(s);
10514 break;
10515 case 4: /* dsb */
10516 case 5: /* dmb */
10517 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
10518 break;
10519 case 6: /* isb */
10520 /* We need to break the TB after this insn
10521 * to execute self-modifying code correctly
10522 * and also to take any pending interrupts
10523 * immediately.
10524 */
10525 gen_goto_tb(s, 0, s->base.pc_next);
10526 break;
10527 case 7: /* sb */
10528 if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
10529 goto illegal_op;
10530 }
10531 /*
10532 * TODO: There is no speculation barrier opcode
10533 * for TCG; MB and end the TB instead.
10534 */
10535 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
10536 gen_goto_tb(s, 0, s->base.pc_next);
10537 break;
10538 default:
10539 goto illegal_op;
10540 }
10541 break;
10542 case 4: /* bxj */
10543 /* Trivial implementation equivalent to bx.
10544 * This instruction doesn't exist at all for M-profile.
10545 */
10546 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10547 goto illegal_op;
10548 }
10549 tmp = load_reg(s, rn);
10550 gen_bx(s, tmp);
10551 break;
10552 case 5: /* Exception return. */
10553 if (IS_USER(s)) {
10554 goto illegal_op;
10555 }
10556 if (rn != 14 || rd != 15) {
10557 goto illegal_op;
10558 }
10559 if (s->current_el == 2) {
10560 /* ERET from Hyp uses ELR_Hyp, not LR */
10561 if (insn & 0xff) {
10562 goto illegal_op;
10563 }
10564 tmp = load_cpu_field(elr_el[2]);
10565 } else {
10566 tmp = load_reg(s, rn);
10567 tcg_gen_subi_i32(tmp, tmp, insn & 0xff);
10568 }
10569 gen_exception_return(s, tmp);
10570 break;
10571 case 6: /* MRS */
10572 if (extract32(insn, 5, 1) &&
10573 !arm_dc_feature(s, ARM_FEATURE_M)) {
10574 /* MRS (banked) */
10575 int sysm = extract32(insn, 16, 4) |
10576 (extract32(insn, 4, 1) << 4);
10577
10578 gen_mrs_banked(s, 0, sysm, rd);
10579 break;
10580 }
10581
10582 if (extract32(insn, 16, 4) != 0xf) {
10583 goto illegal_op;
10584 }
10585 if (!arm_dc_feature(s, ARM_FEATURE_M) &&
10586 extract32(insn, 0, 8) != 0) {
10587 goto illegal_op;
10588 }
10589
10590 /* mrs cpsr */
10591 tmp = tcg_temp_new_i32();
10592 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10593 addr = tcg_const_i32(insn & 0xff);
10594 gen_helper_v7m_mrs(tmp, cpu_env, addr);
10595 tcg_temp_free_i32(addr);
10596 } else {
10597 gen_helper_cpsr_read(tmp, cpu_env);
10598 }
10599 store_reg(s, rd, tmp);
10600 break;
10601 case 7: /* MRS */
10602 if (extract32(insn, 5, 1) &&
10603 !arm_dc_feature(s, ARM_FEATURE_M)) {
10604 /* MRS (banked) */
10605 int sysm = extract32(insn, 16, 4) |
10606 (extract32(insn, 4, 1) << 4);
10607
10608 gen_mrs_banked(s, 1, sysm, rd);
10609 break;
10610 }
10611
10612 /* mrs spsr. */
10613 /* Not accessible in user mode. */
10614 if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
10615 goto illegal_op;
10616 }
10617
10618 if (extract32(insn, 16, 4) != 0xf ||
10619 extract32(insn, 0, 8) != 0) {
10620 goto illegal_op;
10621 }
10622
10623 tmp = load_cpu_field(spsr);
10624 store_reg(s, rd, tmp);
10625 break;
10626 }
10627 }
10628 } else {
10629 /* Conditional branch. */
10630 op = (insn >> 22) & 0xf;
10631 /* Generate a conditional jump to next instruction. */
10632 arm_skip_unless(s, op);
10633
10634 /* offset[11:1] = insn[10:0] */
10635 offset = (insn & 0x7ff) << 1;
10636 /* offset[17:12] = insn[21:16]. */
10637 offset |= (insn & 0x003f0000) >> 4;
10638 /* offset[31:20] = insn[26]. */
10639 offset |= ((int32_t)((insn << 5) & 0x80000000)) >> 11;
10640 /* offset[18] = insn[13]. */
10641 offset |= (insn & (1 << 13)) << 5;
10642 /* offset[19] = insn[11]. */
10643 offset |= (insn & (1 << 11)) << 8;
10644
10645 /* jump to the offset */
10646 gen_jmp(s, read_pc(s) + offset);
10647 }
10648 } else {
10649 /*
10650 * 0b1111_0xxx_xxxx_0xxx_xxxx_xxxx
10651 * - Data-processing (modified immediate, plain binary immediate)
10652 */
10653 if (insn & (1 << 25)) {
10654 /*
10655 * 0b1111_0x1x_xxxx_0xxx_xxxx_xxxx
10656 * - Data-processing (plain binary immediate)
10657 */
10658 if (insn & (1 << 24)) {
10659 if (insn & (1 << 20))
10660 goto illegal_op;
10661 /* Bitfield/Saturate. */
10662 op = (insn >> 21) & 7;
10663 imm = insn & 0x1f;
10664 shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
10665 if (rn == 15) {
10666 tmp = tcg_temp_new_i32();
10667 tcg_gen_movi_i32(tmp, 0);
10668 } else {
10669 tmp = load_reg(s, rn);
10670 }
10671 switch (op) {
10672 case 2: /* Signed bitfield extract. */
10673 imm++;
10674 if (shift + imm > 32)
10675 goto illegal_op;
10676 if (imm < 32) {
10677 tcg_gen_sextract_i32(tmp, tmp, shift, imm);
10678 }
10679 break;
10680 case 6: /* Unsigned bitfield extract. */
10681 imm++;
10682 if (shift + imm > 32)
10683 goto illegal_op;
10684 if (imm < 32) {
10685 tcg_gen_extract_i32(tmp, tmp, shift, imm);
10686 }
10687 break;
10688 case 3: /* Bitfield insert/clear. */
10689 if (imm < shift)
10690 goto illegal_op;
10691 imm = imm + 1 - shift;
10692 if (imm != 32) {
10693 tmp2 = load_reg(s, rd);
10694 tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, imm);
10695 tcg_temp_free_i32(tmp2);
10696 }
10697 break;
10698 case 7:
10699 goto illegal_op;
10700 default: /* Saturate. */
10701 if (op & 1) {
10702 tcg_gen_sari_i32(tmp, tmp, shift);
10703 } else {
10704 tcg_gen_shli_i32(tmp, tmp, shift);
10705 }
10706 tmp2 = tcg_const_i32(imm);
10707 if (op & 4) {
10708 /* Unsigned. */
10709 if ((op & 1) && shift == 0) {
10710 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10711 tcg_temp_free_i32(tmp);
10712 tcg_temp_free_i32(tmp2);
10713 goto illegal_op;
10714 }
10715 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
10716 } else {
10717 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
10718 }
10719 } else {
10720 /* Signed. */
10721 if ((op & 1) && shift == 0) {
10722 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10723 tcg_temp_free_i32(tmp);
10724 tcg_temp_free_i32(tmp2);
10725 goto illegal_op;
10726 }
10727 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
10728 } else {
10729 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
10730 }
10731 }
10732 tcg_temp_free_i32(tmp2);
10733 break;
10734 }
10735 store_reg(s, rd, tmp);
10736 } else {
10737 imm = ((insn & 0x04000000) >> 15)
10738 | ((insn & 0x7000) >> 4) | (insn & 0xff);
10739 if (insn & (1 << 22)) {
10740 /* 16-bit immediate. */
10741 imm |= (insn >> 4) & 0xf000;
10742 if (insn & (1 << 23)) {
10743 /* movt */
10744 tmp = load_reg(s, rd);
10745 tcg_gen_ext16u_i32(tmp, tmp);
10746 tcg_gen_ori_i32(tmp, tmp, imm << 16);
10747 } else {
10748 /* movw */
10749 tmp = tcg_temp_new_i32();
10750 tcg_gen_movi_i32(tmp, imm);
10751 }
10752 store_reg(s, rd, tmp);
10753 } else {
10754 /* Add/sub 12-bit immediate. */
10755 if (insn & (1 << 23)) {
10756 imm = -imm;
10757 }
10758 tmp = add_reg_for_lit(s, rn, imm);
10759 if (rn == 13 && rd == 13) {
10760 /* ADD SP, SP, imm or SUB SP, SP, imm */
10761 store_sp_checked(s, tmp);
10762 } else {
10763 store_reg(s, rd, tmp);
10764 }
10765 }
10766 }
10767 } else {
10768 /* Data-processing (modified immediate) */
10769 /* All done in decodetree. Reach here for illegal ops. */
10770 goto illegal_op;
10771 }
10772 }
10773 break;
10774 case 12: /* Load/store single data item. */
10775 {
10776 int postinc = 0;
10777 int writeback = 0;
10778 int memidx;
10779 ISSInfo issinfo;
10780
10781 if ((insn & 0x01100000) == 0x01000000) {
10782 if (disas_neon_ls_insn(s, insn)) {
10783 goto illegal_op;
10784 }
10785 break;
10786 }
10787 op = ((insn >> 21) & 3) | ((insn >> 22) & 4);
10788 if (rs == 15) {
10789 if (!(insn & (1 << 20))) {
10790 goto illegal_op;
10791 }
10792 if (op != 2) {
10793 /* Byte or halfword load space with dest == r15 : memory hints.
10794 * Catch them early so we don't emit pointless addressing code.
10795 * This space is a mix of:
10796 * PLD/PLDW/PLI, which we implement as NOPs (note that unlike
10797 * the ARM encodings, PLDW space doesn't UNDEF for non-v7MP
10798 * cores)
10799 * unallocated hints, which must be treated as NOPs
10800 * UNPREDICTABLE space, which we NOP or UNDEF depending on
10801 * which is easiest for the decoding logic
10802 * Some space which must UNDEF
10803 */
10804 int op1 = (insn >> 23) & 3;
10805 int op2 = (insn >> 6) & 0x3f;
10806 if (op & 2) {
10807 goto illegal_op;
10808 }
10809 if (rn == 15) {
10810 /* UNPREDICTABLE, unallocated hint or
10811 * PLD/PLDW/PLI (literal)
10812 */
10813 return;
10814 }
10815 if (op1 & 1) {
10816 return; /* PLD/PLDW/PLI or unallocated hint */
10817 }
10818 if ((op2 == 0) || ((op2 & 0x3c) == 0x30)) {
10819 return; /* PLD/PLDW/PLI or unallocated hint */
10820 }
10821 /* UNDEF space, or an UNPREDICTABLE */
10822 goto illegal_op;
10823 }
10824 }
10825 memidx = get_mem_index(s);
10826 imm = insn & 0xfff;
10827 if (insn & (1 << 23)) {
10828 /* PC relative or Positive offset. */
10829 addr = add_reg_for_lit(s, rn, imm);
10830 } else if (rn == 15) {
10831 /* PC relative with negative offset. */
10832 addr = add_reg_for_lit(s, rn, -imm);
10833 } else {
10834 addr = load_reg(s, rn);
10835 imm = insn & 0xff;
10836 switch ((insn >> 8) & 0xf) {
10837 case 0x0: /* Shifted Register. */
10838 shift = (insn >> 4) & 0xf;
10839 if (shift > 3) {
10840 tcg_temp_free_i32(addr);
10841 goto illegal_op;
10842 }
10843 tmp = load_reg(s, rm);
10844 tcg_gen_shli_i32(tmp, tmp, shift);
10845 tcg_gen_add_i32(addr, addr, tmp);
10846 tcg_temp_free_i32(tmp);
10847 break;
10848 case 0xc: /* Negative offset. */
10849 tcg_gen_addi_i32(addr, addr, -imm);
10850 break;
10851 case 0xe: /* User privilege. */
10852 tcg_gen_addi_i32(addr, addr, imm);
10853 memidx = get_a32_user_mem_index(s);
10854 break;
10855 case 0x9: /* Post-decrement. */
10856 imm = -imm;
10857 /* Fall through. */
10858 case 0xb: /* Post-increment. */
10859 postinc = 1;
10860 writeback = 1;
10861 break;
10862 case 0xd: /* Pre-decrement. */
10863 imm = -imm;
10864 /* Fall through. */
10865 case 0xf: /* Pre-increment. */
10866 writeback = 1;
10867 break;
10868 default:
10869 tcg_temp_free_i32(addr);
10870 goto illegal_op;
10871 }
10872 }
10873
10874 issinfo = writeback ? ISSInvalid : rs;
10875
10876 if (s->v8m_stackcheck && rn == 13 && writeback) {
10877 /*
10878 * Stackcheck. Here we know 'addr' is the current SP;
10879 * if imm is +ve we're moving SP up, else down. It is
10880 * UNKNOWN whether the limit check triggers when SP starts
10881 * below the limit and ends up above it; we chose to do so.
10882 */
10883 if ((int32_t)imm < 0) {
10884 TCGv_i32 newsp = tcg_temp_new_i32();
10885
10886 tcg_gen_addi_i32(newsp, addr, imm);
10887 gen_helper_v8m_stackcheck(cpu_env, newsp);
10888 tcg_temp_free_i32(newsp);
10889 } else {
10890 gen_helper_v8m_stackcheck(cpu_env, addr);
10891 }
10892 }
10893
10894 if (writeback && !postinc) {
10895 tcg_gen_addi_i32(addr, addr, imm);
10896 }
10897
10898 if (insn & (1 << 20)) {
10899 /* Load. */
10900 tmp = tcg_temp_new_i32();
10901 switch (op) {
10902 case 0:
10903 gen_aa32_ld8u_iss(s, tmp, addr, memidx, issinfo);
10904 break;
10905 case 4:
10906 gen_aa32_ld8s_iss(s, tmp, addr, memidx, issinfo);
10907 break;
10908 case 1:
10909 gen_aa32_ld16u_iss(s, tmp, addr, memidx, issinfo);
10910 break;
10911 case 5:
10912 gen_aa32_ld16s_iss(s, tmp, addr, memidx, issinfo);
10913 break;
10914 case 2:
10915 gen_aa32_ld32u_iss(s, tmp, addr, memidx, issinfo);
10916 break;
10917 default:
10918 tcg_temp_free_i32(tmp);
10919 tcg_temp_free_i32(addr);
10920 goto illegal_op;
10921 }
10922 store_reg_from_load(s, rs, tmp);
10923 } else {
10924 /* Store. */
10925 tmp = load_reg(s, rs);
10926 switch (op) {
10927 case 0:
10928 gen_aa32_st8_iss(s, tmp, addr, memidx, issinfo);
10929 break;
10930 case 1:
10931 gen_aa32_st16_iss(s, tmp, addr, memidx, issinfo);
10932 break;
10933 case 2:
10934 gen_aa32_st32_iss(s, tmp, addr, memidx, issinfo);
10935 break;
10936 default:
10937 tcg_temp_free_i32(tmp);
10938 tcg_temp_free_i32(addr);
10939 goto illegal_op;
10940 }
10941 tcg_temp_free_i32(tmp);
10942 }
10943 if (postinc)
10944 tcg_gen_addi_i32(addr, addr, imm);
10945 if (writeback) {
10946 store_reg(s, rn, addr);
10947 } else {
10948 tcg_temp_free_i32(addr);
10949 }
10950 }
10951 break;
10952 default:
10953 goto illegal_op;
10954 }
10955 return;
10956 illegal_op:
10957 unallocated_encoding(s);
10958 }
10959
10960 static void disas_thumb_insn(DisasContext *s, uint32_t insn)
10961 {
10962 uint32_t val, op, rm, rn, rd, shift, cond;
10963 int32_t offset;
10964 int i;
10965 TCGv_i32 tmp;
10966 TCGv_i32 tmp2;
10967 TCGv_i32 addr;
10968
10969 switch (insn >> 12) {
10970 case 0: case 1:
10971
10972 rd = insn & 7;
10973 op = (insn >> 11) & 3;
10974 if (op == 3) {
10975 /*
10976 * 0b0001_1xxx_xxxx_xxxx
10977 * - Add, subtract (three low registers)
10978 * - Add, subtract (two low registers and immediate)
10979 */
10980 rn = (insn >> 3) & 7;
10981 tmp = load_reg(s, rn);
10982 if (insn & (1 << 10)) {
10983 /* immediate */
10984 tmp2 = tcg_temp_new_i32();
10985 tcg_gen_movi_i32(tmp2, (insn >> 6) & 7);
10986 } else {
10987 /* reg */
10988 rm = (insn >> 6) & 7;
10989 tmp2 = load_reg(s, rm);
10990 }
10991 if (insn & (1 << 9)) {
10992 if (s->condexec_mask)
10993 tcg_gen_sub_i32(tmp, tmp, tmp2);
10994 else
10995 gen_sub_CC(tmp, tmp, tmp2);
10996 } else {
10997 if (s->condexec_mask)
10998 tcg_gen_add_i32(tmp, tmp, tmp2);
10999 else
11000 gen_add_CC(tmp, tmp, tmp2);
11001 }
11002 tcg_temp_free_i32(tmp2);
11003 store_reg(s, rd, tmp);
11004 } else {
11005 /* shift immediate */
11006 rm = (insn >> 3) & 7;
11007 shift = (insn >> 6) & 0x1f;
11008 tmp = load_reg(s, rm);
11009 gen_arm_shift_im(tmp, op, shift, s->condexec_mask == 0);
11010 if (!s->condexec_mask)
11011 gen_logic_CC(tmp);
11012 store_reg(s, rd, tmp);
11013 }
11014 break;
11015 case 2: case 3:
11016 /*
11017 * 0b001x_xxxx_xxxx_xxxx
11018 * - Add, subtract, compare, move (one low register and immediate)
11019 */
11020 op = (insn >> 11) & 3;
11021 rd = (insn >> 8) & 0x7;
11022 if (op == 0) { /* mov */
11023 tmp = tcg_temp_new_i32();
11024 tcg_gen_movi_i32(tmp, insn & 0xff);
11025 if (!s->condexec_mask)
11026 gen_logic_CC(tmp);
11027 store_reg(s, rd, tmp);
11028 } else {
11029 tmp = load_reg(s, rd);
11030 tmp2 = tcg_temp_new_i32();
11031 tcg_gen_movi_i32(tmp2, insn & 0xff);
11032 switch (op) {
11033 case 1: /* cmp */
11034 gen_sub_CC(tmp, tmp, tmp2);
11035 tcg_temp_free_i32(tmp);
11036 tcg_temp_free_i32(tmp2);
11037 break;
11038 case 2: /* add */
11039 if (s->condexec_mask)
11040 tcg_gen_add_i32(tmp, tmp, tmp2);
11041 else
11042 gen_add_CC(tmp, tmp, tmp2);
11043 tcg_temp_free_i32(tmp2);
11044 store_reg(s, rd, tmp);
11045 break;
11046 case 3: /* sub */
11047 if (s->condexec_mask)
11048 tcg_gen_sub_i32(tmp, tmp, tmp2);
11049 else
11050 gen_sub_CC(tmp, tmp, tmp2);
11051 tcg_temp_free_i32(tmp2);
11052 store_reg(s, rd, tmp);
11053 break;
11054 }
11055 }
11056 break;
11057 case 4:
11058 if (insn & (1 << 11)) {
11059 rd = (insn >> 8) & 7;
11060 /* load pc-relative. Bit 1 of PC is ignored. */
11061 addr = add_reg_for_lit(s, 15, (insn & 0xff) * 4);
11062 tmp = tcg_temp_new_i32();
11063 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
11064 rd | ISSIs16Bit);
11065 tcg_temp_free_i32(addr);
11066 store_reg(s, rd, tmp);
11067 break;
11068 }
11069 if (insn & (1 << 10)) {
11070 /* 0b0100_01xx_xxxx_xxxx
11071 * - data processing extended, branch and exchange
11072 */
11073 rd = (insn & 7) | ((insn >> 4) & 8);
11074 rm = (insn >> 3) & 0xf;
11075 op = (insn >> 8) & 3;
11076 switch (op) {
11077 case 0: /* add */
11078 tmp = load_reg(s, rd);
11079 tmp2 = load_reg(s, rm);
11080 tcg_gen_add_i32(tmp, tmp, tmp2);
11081 tcg_temp_free_i32(tmp2);
11082 if (rd == 13) {
11083 /* ADD SP, SP, reg */
11084 store_sp_checked(s, tmp);
11085 } else {
11086 store_reg(s, rd, tmp);
11087 }
11088 break;
11089 case 1: /* cmp */
11090 tmp = load_reg(s, rd);
11091 tmp2 = load_reg(s, rm);
11092 gen_sub_CC(tmp, tmp, tmp2);
11093 tcg_temp_free_i32(tmp2);
11094 tcg_temp_free_i32(tmp);
11095 break;
11096 case 2: /* mov/cpy */
11097 tmp = load_reg(s, rm);
11098 if (rd == 13) {
11099 /* MOV SP, reg */
11100 store_sp_checked(s, tmp);
11101 } else {
11102 store_reg(s, rd, tmp);
11103 }
11104 break;
11105 case 3:
11106 {
11107 /* 0b0100_0111_xxxx_xxxx
11108 * - branch [and link] exchange thumb register
11109 */
11110 bool link = insn & (1 << 7);
11111
11112 if (insn & 3) {
11113 goto undef;
11114 }
11115 if (link) {
11116 ARCH(5);
11117 }
11118 if ((insn & 4)) {
11119 /* BXNS/BLXNS: only exists for v8M with the
11120 * security extensions, and always UNDEF if NonSecure.
11121 * We don't implement these in the user-only mode
11122 * either (in theory you can use them from Secure User
11123 * mode but they are too tied in to system emulation.)
11124 */
11125 if (!s->v8m_secure || IS_USER_ONLY) {
11126 goto undef;
11127 }
11128 if (link) {
11129 gen_blxns(s, rm);
11130 } else {
11131 gen_bxns(s, rm);
11132 }
11133 break;
11134 }
11135 /* BLX/BX */
11136 tmp = load_reg(s, rm);
11137 if (link) {
11138 val = (uint32_t)s->base.pc_next | 1;
11139 tmp2 = tcg_temp_new_i32();
11140 tcg_gen_movi_i32(tmp2, val);
11141 store_reg(s, 14, tmp2);
11142 gen_bx(s, tmp);
11143 } else {
11144 /* Only BX works as exception-return, not BLX */
11145 gen_bx_excret(s, tmp);
11146 }
11147 break;
11148 }
11149 }
11150 break;
11151 }
11152
11153 /*
11154 * 0b0100_00xx_xxxx_xxxx
11155 * - Data-processing (two low registers)
11156 */
11157 rd = insn & 7;
11158 rm = (insn >> 3) & 7;
11159 op = (insn >> 6) & 0xf;
11160 if (op == 2 || op == 3 || op == 4 || op == 7) {
11161 /* the shift/rotate ops want the operands backwards */
11162 val = rm;
11163 rm = rd;
11164 rd = val;
11165 val = 1;
11166 } else {
11167 val = 0;
11168 }
11169
11170 if (op == 9) { /* neg */
11171 tmp = tcg_temp_new_i32();
11172 tcg_gen_movi_i32(tmp, 0);
11173 } else if (op != 0xf) { /* mvn doesn't read its first operand */
11174 tmp = load_reg(s, rd);
11175 } else {
11176 tmp = NULL;
11177 }
11178
11179 tmp2 = load_reg(s, rm);
11180 switch (op) {
11181 case 0x0: /* and */
11182 tcg_gen_and_i32(tmp, tmp, tmp2);
11183 if (!s->condexec_mask)
11184 gen_logic_CC(tmp);
11185 break;
11186 case 0x1: /* eor */
11187 tcg_gen_xor_i32(tmp, tmp, tmp2);
11188 if (!s->condexec_mask)
11189 gen_logic_CC(tmp);
11190 break;
11191 case 0x2: /* lsl */
11192 if (s->condexec_mask) {
11193 gen_shl(tmp2, tmp2, tmp);
11194 } else {
11195 gen_helper_shl_cc(tmp2, cpu_env, tmp2, tmp);
11196 gen_logic_CC(tmp2);
11197 }
11198 break;
11199 case 0x3: /* lsr */
11200 if (s->condexec_mask) {
11201 gen_shr(tmp2, tmp2, tmp);
11202 } else {
11203 gen_helper_shr_cc(tmp2, cpu_env, tmp2, tmp);
11204 gen_logic_CC(tmp2);
11205 }
11206 break;
11207 case 0x4: /* asr */
11208 if (s->condexec_mask) {
11209 gen_sar(tmp2, tmp2, tmp);
11210 } else {
11211 gen_helper_sar_cc(tmp2, cpu_env, tmp2, tmp);
11212 gen_logic_CC(tmp2);
11213 }
11214 break;
11215 case 0x5: /* adc */
11216 if (s->condexec_mask) {
11217 gen_adc(tmp, tmp2);
11218 } else {
11219 gen_adc_CC(tmp, tmp, tmp2);
11220 }
11221 break;
11222 case 0x6: /* sbc */
11223 if (s->condexec_mask) {
11224 gen_sub_carry(tmp, tmp, tmp2);
11225 } else {
11226 gen_sbc_CC(tmp, tmp, tmp2);
11227 }
11228 break;
11229 case 0x7: /* ror */
11230 if (s->condexec_mask) {
11231 tcg_gen_andi_i32(tmp, tmp, 0x1f);
11232 tcg_gen_rotr_i32(tmp2, tmp2, tmp);
11233 } else {
11234 gen_helper_ror_cc(tmp2, cpu_env, tmp2, tmp);
11235 gen_logic_CC(tmp2);
11236 }
11237 break;
11238 case 0x8: /* tst */
11239 tcg_gen_and_i32(tmp, tmp, tmp2);
11240 gen_logic_CC(tmp);
11241 rd = 16;
11242 break;
11243 case 0x9: /* neg */
11244 if (s->condexec_mask)
11245 tcg_gen_neg_i32(tmp, tmp2);
11246 else
11247 gen_sub_CC(tmp, tmp, tmp2);
11248 break;
11249 case 0xa: /* cmp */
11250 gen_sub_CC(tmp, tmp, tmp2);
11251 rd = 16;
11252 break;
11253 case 0xb: /* cmn */
11254 gen_add_CC(tmp, tmp, tmp2);
11255 rd = 16;
11256 break;
11257 case 0xc: /* orr */
11258 tcg_gen_or_i32(tmp, tmp, tmp2);
11259 if (!s->condexec_mask)
11260 gen_logic_CC(tmp);
11261 break;
11262 case 0xd: /* mul */
11263 tcg_gen_mul_i32(tmp, tmp, tmp2);
11264 if (!s->condexec_mask)
11265 gen_logic_CC(tmp);
11266 break;
11267 case 0xe: /* bic */
11268 tcg_gen_andc_i32(tmp, tmp, tmp2);
11269 if (!s->condexec_mask)
11270 gen_logic_CC(tmp);
11271 break;
11272 case 0xf: /* mvn */
11273 tcg_gen_not_i32(tmp2, tmp2);
11274 if (!s->condexec_mask)
11275 gen_logic_CC(tmp2);
11276 val = 1;
11277 rm = rd;
11278 break;
11279 }
11280 if (rd != 16) {
11281 if (val) {
11282 store_reg(s, rm, tmp2);
11283 if (op != 0xf)
11284 tcg_temp_free_i32(tmp);
11285 } else {
11286 store_reg(s, rd, tmp);
11287 tcg_temp_free_i32(tmp2);
11288 }
11289 } else {
11290 tcg_temp_free_i32(tmp);
11291 tcg_temp_free_i32(tmp2);
11292 }
11293 break;
11294
11295 case 5:
11296 /* load/store register offset. */
11297 rd = insn & 7;
11298 rn = (insn >> 3) & 7;
11299 rm = (insn >> 6) & 7;
11300 op = (insn >> 9) & 7;
11301 addr = load_reg(s, rn);
11302 tmp = load_reg(s, rm);
11303 tcg_gen_add_i32(addr, addr, tmp);
11304 tcg_temp_free_i32(tmp);
11305
11306 if (op < 3) { /* store */
11307 tmp = load_reg(s, rd);
11308 } else {
11309 tmp = tcg_temp_new_i32();
11310 }
11311
11312 switch (op) {
11313 case 0: /* str */
11314 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11315 break;
11316 case 1: /* strh */
11317 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11318 break;
11319 case 2: /* strb */
11320 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11321 break;
11322 case 3: /* ldrsb */
11323 gen_aa32_ld8s_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11324 break;
11325 case 4: /* ldr */
11326 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11327 break;
11328 case 5: /* ldrh */
11329 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11330 break;
11331 case 6: /* ldrb */
11332 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11333 break;
11334 case 7: /* ldrsh */
11335 gen_aa32_ld16s_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11336 break;
11337 }
11338 if (op >= 3) { /* load */
11339 store_reg(s, rd, tmp);
11340 } else {
11341 tcg_temp_free_i32(tmp);
11342 }
11343 tcg_temp_free_i32(addr);
11344 break;
11345
11346 case 6:
11347 /* load/store word immediate offset */
11348 rd = insn & 7;
11349 rn = (insn >> 3) & 7;
11350 addr = load_reg(s, rn);
11351 val = (insn >> 4) & 0x7c;
11352 tcg_gen_addi_i32(addr, addr, val);
11353
11354 if (insn & (1 << 11)) {
11355 /* load */
11356 tmp = tcg_temp_new_i32();
11357 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11358 store_reg(s, rd, tmp);
11359 } else {
11360 /* store */
11361 tmp = load_reg(s, rd);
11362 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11363 tcg_temp_free_i32(tmp);
11364 }
11365 tcg_temp_free_i32(addr);
11366 break;
11367
11368 case 7:
11369 /* load/store byte immediate offset */
11370 rd = insn & 7;
11371 rn = (insn >> 3) & 7;
11372 addr = load_reg(s, rn);
11373 val = (insn >> 6) & 0x1f;
11374 tcg_gen_addi_i32(addr, addr, val);
11375
11376 if (insn & (1 << 11)) {
11377 /* load */
11378 tmp = tcg_temp_new_i32();
11379 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11380 store_reg(s, rd, tmp);
11381 } else {
11382 /* store */
11383 tmp = load_reg(s, rd);
11384 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11385 tcg_temp_free_i32(tmp);
11386 }
11387 tcg_temp_free_i32(addr);
11388 break;
11389
11390 case 8:
11391 /* load/store halfword immediate offset */
11392 rd = insn & 7;
11393 rn = (insn >> 3) & 7;
11394 addr = load_reg(s, rn);
11395 val = (insn >> 5) & 0x3e;
11396 tcg_gen_addi_i32(addr, addr, val);
11397
11398 if (insn & (1 << 11)) {
11399 /* load */
11400 tmp = tcg_temp_new_i32();
11401 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11402 store_reg(s, rd, tmp);
11403 } else {
11404 /* store */
11405 tmp = load_reg(s, rd);
11406 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11407 tcg_temp_free_i32(tmp);
11408 }
11409 tcg_temp_free_i32(addr);
11410 break;
11411
11412 case 9:
11413 /* load/store from stack */
11414 rd = (insn >> 8) & 7;
11415 addr = load_reg(s, 13);
11416 val = (insn & 0xff) * 4;
11417 tcg_gen_addi_i32(addr, addr, val);
11418
11419 if (insn & (1 << 11)) {
11420 /* load */
11421 tmp = tcg_temp_new_i32();
11422 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11423 store_reg(s, rd, tmp);
11424 } else {
11425 /* store */
11426 tmp = load_reg(s, rd);
11427 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11428 tcg_temp_free_i32(tmp);
11429 }
11430 tcg_temp_free_i32(addr);
11431 break;
11432
11433 case 10:
11434 /*
11435 * 0b1010_xxxx_xxxx_xxxx
11436 * - Add PC/SP (immediate)
11437 */
11438 rd = (insn >> 8) & 7;
11439 val = (insn & 0xff) * 4;
11440 tmp = add_reg_for_lit(s, insn & (1 << 11) ? 13 : 15, val);
11441 store_reg(s, rd, tmp);
11442 break;
11443
11444 case 11:
11445 /* misc */
11446 op = (insn >> 8) & 0xf;
11447 switch (op) {
11448 case 0:
11449 /*
11450 * 0b1011_0000_xxxx_xxxx
11451 * - ADD (SP plus immediate)
11452 * - SUB (SP minus immediate)
11453 */
11454 tmp = load_reg(s, 13);
11455 val = (insn & 0x7f) * 4;
11456 if (insn & (1 << 7))
11457 val = -(int32_t)val;
11458 tcg_gen_addi_i32(tmp, tmp, val);
11459 store_sp_checked(s, tmp);
11460 break;
11461
11462 case 2: /* sign/zero extend. */
11463 ARCH(6);
11464 rd = insn & 7;
11465 rm = (insn >> 3) & 7;
11466 tmp = load_reg(s, rm);
11467 switch ((insn >> 6) & 3) {
11468 case 0: gen_sxth(tmp); break;
11469 case 1: gen_sxtb(tmp); break;
11470 case 2: gen_uxth(tmp); break;
11471 case 3: gen_uxtb(tmp); break;
11472 }
11473 store_reg(s, rd, tmp);
11474 break;
11475 case 4: case 5: case 0xc: case 0xd:
11476 /*
11477 * 0b1011_x10x_xxxx_xxxx
11478 * - push/pop
11479 */
11480 addr = load_reg(s, 13);
11481 if (insn & (1 << 8))
11482 offset = 4;
11483 else
11484 offset = 0;
11485 for (i = 0; i < 8; i++) {
11486 if (insn & (1 << i))
11487 offset += 4;
11488 }
11489 if ((insn & (1 << 11)) == 0) {
11490 tcg_gen_addi_i32(addr, addr, -offset);
11491 }
11492
11493 if (s->v8m_stackcheck) {
11494 /*
11495 * Here 'addr' is the lower of "old SP" and "new SP";
11496 * if this is a pop that starts below the limit and ends
11497 * above it, it is UNKNOWN whether the limit check triggers;
11498 * we choose to trigger.
11499 */
11500 gen_helper_v8m_stackcheck(cpu_env, addr);
11501 }
11502
11503 for (i = 0; i < 8; i++) {
11504 if (insn & (1 << i)) {
11505 if (insn & (1 << 11)) {
11506 /* pop */
11507 tmp = tcg_temp_new_i32();
11508 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11509 store_reg(s, i, tmp);
11510 } else {
11511 /* push */
11512 tmp = load_reg(s, i);
11513 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11514 tcg_temp_free_i32(tmp);
11515 }
11516 /* advance to the next address. */
11517 tcg_gen_addi_i32(addr, addr, 4);
11518 }
11519 }
11520 tmp = NULL;
11521 if (insn & (1 << 8)) {
11522 if (insn & (1 << 11)) {
11523 /* pop pc */
11524 tmp = tcg_temp_new_i32();
11525 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11526 /* don't set the pc until the rest of the instruction
11527 has completed */
11528 } else {
11529 /* push lr */
11530 tmp = load_reg(s, 14);
11531 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11532 tcg_temp_free_i32(tmp);
11533 }
11534 tcg_gen_addi_i32(addr, addr, 4);
11535 }
11536 if ((insn & (1 << 11)) == 0) {
11537 tcg_gen_addi_i32(addr, addr, -offset);
11538 }
11539 /* write back the new stack pointer */
11540 store_reg(s, 13, addr);
11541 /* set the new PC value */
11542 if ((insn & 0x0900) == 0x0900) {
11543 store_reg_from_load(s, 15, tmp);
11544 }
11545 break;
11546
11547 case 1: case 3: case 9: case 11: /* czb */
11548 rm = insn & 7;
11549 tmp = load_reg(s, rm);
11550 arm_gen_condlabel(s);
11551 if (insn & (1 << 11))
11552 tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, s->condlabel);
11553 else
11554 tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, s->condlabel);
11555 tcg_temp_free_i32(tmp);
11556 offset = ((insn & 0xf8) >> 2) | (insn & 0x200) >> 3;
11557 gen_jmp(s, read_pc(s) + offset);
11558 break;
11559
11560 case 15: /* IT, nop-hint. */
11561 if ((insn & 0xf) == 0) {
11562 gen_nop_hint(s, (insn >> 4) & 0xf);
11563 break;
11564 }
11565 /*
11566 * IT (If-Then)
11567 *
11568 * Combinations of firstcond and mask which set up an 0b1111
11569 * condition are UNPREDICTABLE; we take the CONSTRAINED
11570 * UNPREDICTABLE choice to treat 0b1111 the same as 0b1110,
11571 * i.e. both meaning "execute always".
11572 */
11573 s->condexec_cond = (insn >> 4) & 0xe;
11574 s->condexec_mask = insn & 0x1f;
11575 /* No actual code generated for this insn, just setup state. */
11576 break;
11577
11578 case 0xe: /* bkpt */
11579 {
11580 int imm8 = extract32(insn, 0, 8);
11581 ARCH(5);
11582 gen_exception_bkpt_insn(s, syn_aa32_bkpt(imm8, true));
11583 break;
11584 }
11585
11586 case 0xa: /* rev, and hlt */
11587 {
11588 int op1 = extract32(insn, 6, 2);
11589
11590 if (op1 == 2) {
11591 /* HLT */
11592 int imm6 = extract32(insn, 0, 6);
11593
11594 gen_hlt(s, imm6);
11595 break;
11596 }
11597
11598 /* Otherwise this is rev */
11599 ARCH(6);
11600 rn = (insn >> 3) & 0x7;
11601 rd = insn & 0x7;
11602 tmp = load_reg(s, rn);
11603 switch (op1) {
11604 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
11605 case 1: gen_rev16(tmp); break;
11606 case 3: gen_revsh(tmp); break;
11607 default:
11608 g_assert_not_reached();
11609 }
11610 store_reg(s, rd, tmp);
11611 break;
11612 }
11613
11614 case 6:
11615 switch ((insn >> 5) & 7) {
11616 case 2:
11617 /* setend */
11618 ARCH(6);
11619 if (((insn >> 3) & 1) != !!(s->be_data == MO_BE)) {
11620 gen_helper_setend(cpu_env);
11621 s->base.is_jmp = DISAS_UPDATE;
11622 }
11623 break;
11624 case 3:
11625 /* cps */
11626 ARCH(6);
11627 if (IS_USER(s)) {
11628 break;
11629 }
11630 if (arm_dc_feature(s, ARM_FEATURE_M)) {
11631 tmp = tcg_const_i32((insn & (1 << 4)) != 0);
11632 /* FAULTMASK */
11633 if (insn & 1) {
11634 addr = tcg_const_i32(19);
11635 gen_helper_v7m_msr(cpu_env, addr, tmp);
11636 tcg_temp_free_i32(addr);
11637 }
11638 /* PRIMASK */
11639 if (insn & 2) {
11640 addr = tcg_const_i32(16);
11641 gen_helper_v7m_msr(cpu_env, addr, tmp);
11642 tcg_temp_free_i32(addr);
11643 }
11644 tcg_temp_free_i32(tmp);
11645 gen_lookup_tb(s);
11646 } else {
11647 if (insn & (1 << 4)) {
11648 shift = CPSR_A | CPSR_I | CPSR_F;
11649 } else {
11650 shift = 0;
11651 }
11652 gen_set_psr_im(s, ((insn & 7) << 6), 0, shift);
11653 }
11654 break;
11655 default:
11656 goto undef;
11657 }
11658 break;
11659
11660 default:
11661 goto undef;
11662 }
11663 break;
11664
11665 case 12:
11666 {
11667 /* load/store multiple */
11668 TCGv_i32 loaded_var = NULL;
11669 rn = (insn >> 8) & 0x7;
11670 addr = load_reg(s, rn);
11671 for (i = 0; i < 8; i++) {
11672 if (insn & (1 << i)) {
11673 if (insn & (1 << 11)) {
11674 /* load */
11675 tmp = tcg_temp_new_i32();
11676 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11677 if (i == rn) {
11678 loaded_var = tmp;
11679 } else {
11680 store_reg(s, i, tmp);
11681 }
11682 } else {
11683 /* store */
11684 tmp = load_reg(s, i);
11685 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11686 tcg_temp_free_i32(tmp);
11687 }
11688 /* advance to the next address */
11689 tcg_gen_addi_i32(addr, addr, 4);
11690 }
11691 }
11692 if ((insn & (1 << rn)) == 0) {
11693 /* base reg not in list: base register writeback */
11694 store_reg(s, rn, addr);
11695 } else {
11696 /* base reg in list: if load, complete it now */
11697 if (insn & (1 << 11)) {
11698 store_reg(s, rn, loaded_var);
11699 }
11700 tcg_temp_free_i32(addr);
11701 }
11702 break;
11703 }
11704 case 13:
11705 /* conditional branch or swi */
11706 cond = (insn >> 8) & 0xf;
11707 if (cond == 0xe)
11708 goto undef;
11709
11710 if (cond == 0xf) {
11711 /* swi */
11712 gen_set_pc_im(s, s->base.pc_next);
11713 s->svc_imm = extract32(insn, 0, 8);
11714 s->base.is_jmp = DISAS_SWI;
11715 break;
11716 }
11717 /* generate a conditional jump to next instruction */
11718 arm_skip_unless(s, cond);
11719
11720 /* jump to the offset */
11721 val = read_pc(s);
11722 offset = ((int32_t)insn << 24) >> 24;
11723 val += offset << 1;
11724 gen_jmp(s, val);
11725 break;
11726
11727 case 14:
11728 if (insn & (1 << 11)) {
11729 /* thumb_insn_is_16bit() ensures we can't get here for
11730 * a Thumb2 CPU, so this must be a thumb1 split BL/BLX:
11731 * 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF)
11732 */
11733 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2));
11734 ARCH(5);
11735 offset = ((insn & 0x7ff) << 1);
11736 tmp = load_reg(s, 14);
11737 tcg_gen_addi_i32(tmp, tmp, offset);
11738 tcg_gen_andi_i32(tmp, tmp, 0xfffffffc);
11739
11740 tmp2 = tcg_temp_new_i32();
11741 tcg_gen_movi_i32(tmp2, s->base.pc_next | 1);
11742 store_reg(s, 14, tmp2);
11743 gen_bx(s, tmp);
11744 break;
11745 }
11746 /* unconditional branch */
11747 val = read_pc(s);
11748 offset = ((int32_t)insn << 21) >> 21;
11749 val += offset << 1;
11750 gen_jmp(s, val);
11751 break;
11752
11753 case 15:
11754 /* thumb_insn_is_16bit() ensures we can't get here for
11755 * a Thumb2 CPU, so this must be a thumb1 split BL/BLX.
11756 */
11757 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2));
11758
11759 if (insn & (1 << 11)) {
11760 /* 0b1111_1xxx_xxxx_xxxx : BL suffix */
11761 offset = ((insn & 0x7ff) << 1) | 1;
11762 tmp = load_reg(s, 14);
11763 tcg_gen_addi_i32(tmp, tmp, offset);
11764
11765 tmp2 = tcg_temp_new_i32();
11766 tcg_gen_movi_i32(tmp2, s->base.pc_next | 1);
11767 store_reg(s, 14, tmp2);
11768 gen_bx(s, tmp);
11769 } else {
11770 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix */
11771 uint32_t uoffset = ((int32_t)insn << 21) >> 9;
11772
11773 tcg_gen_movi_i32(cpu_R[14], read_pc(s) + uoffset);
11774 }
11775 break;
11776 }
11777 return;
11778 illegal_op:
11779 undef:
11780 unallocated_encoding(s);
11781 }
11782
11783 static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
11784 {
11785 /* Return true if the insn at dc->base.pc_next might cross a page boundary.
11786 * (False positives are OK, false negatives are not.)
11787 * We know this is a Thumb insn, and our caller ensures we are
11788 * only called if dc->base.pc_next is less than 4 bytes from the page
11789 * boundary, so we cross the page if the first 16 bits indicate
11790 * that this is a 32 bit insn.
11791 */
11792 uint16_t insn = arm_lduw_code(env, s->base.pc_next, s->sctlr_b);
11793
11794 return !thumb_insn_is_16bit(s, s->base.pc_next, insn);
11795 }
11796
11797 static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
11798 {
11799 DisasContext *dc = container_of(dcbase, DisasContext, base);
11800 CPUARMState *env = cs->env_ptr;
11801 ARMCPU *cpu = env_archcpu(env);
11802 uint32_t tb_flags = dc->base.tb->flags;
11803 uint32_t condexec, core_mmu_idx;
11804
11805 dc->isar = &cpu->isar;
11806 dc->condjmp = 0;
11807
11808 dc->aarch64 = 0;
11809 /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
11810 * there is no secure EL1, so we route exceptions to EL3.
11811 */
11812 dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
11813 !arm_el_is_aa64(env, 3);
11814 dc->thumb = FIELD_EX32(tb_flags, TBFLAG_A32, THUMB);
11815 dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR_B);
11816 dc->be_data = FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
11817 condexec = FIELD_EX32(tb_flags, TBFLAG_A32, CONDEXEC);
11818 dc->condexec_mask = (condexec & 0xf) << 1;
11819 dc->condexec_cond = condexec >> 4;
11820 core_mmu_idx = FIELD_EX32(tb_flags, TBFLAG_ANY, MMUIDX);
11821 dc->mmu_idx = core_to_arm_mmu_idx(env, core_mmu_idx);
11822 dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
11823 #if !defined(CONFIG_USER_ONLY)
11824 dc->user = (dc->current_el == 0);
11825 #endif
11826 dc->ns = FIELD_EX32(tb_flags, TBFLAG_A32, NS);
11827 dc->fp_excp_el = FIELD_EX32(tb_flags, TBFLAG_ANY, FPEXC_EL);
11828 dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN);
11829 dc->vec_len = FIELD_EX32(tb_flags, TBFLAG_A32, VECLEN);
11830 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
11831 dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR);
11832 dc->vec_stride = 0;
11833 } else {
11834 dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE);
11835 dc->c15_cpar = 0;
11836 }
11837 dc->v7m_handler_mode = FIELD_EX32(tb_flags, TBFLAG_A32, HANDLER);
11838 dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
11839 regime_is_secure(env, dc->mmu_idx);
11840 dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_A32, STACKCHECK);
11841 dc->v8m_fpccr_s_wrong = FIELD_EX32(tb_flags, TBFLAG_A32, FPCCR_S_WRONG);
11842 dc->v7m_new_fp_ctxt_needed =
11843 FIELD_EX32(tb_flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED);
11844 dc->v7m_lspact = FIELD_EX32(tb_flags, TBFLAG_A32, LSPACT);
11845 dc->cp_regs = cpu->cp_regs;
11846 dc->features = env->features;
11847
11848 /* Single step state. The code-generation logic here is:
11849 * SS_ACTIVE == 0:
11850 * generate code with no special handling for single-stepping (except
11851 * that anything that can make us go to SS_ACTIVE == 1 must end the TB;
11852 * this happens anyway because those changes are all system register or
11853 * PSTATE writes).
11854 * SS_ACTIVE == 1, PSTATE.SS == 1: (active-not-pending)
11855 * emit code for one insn
11856 * emit code to clear PSTATE.SS
11857 * emit code to generate software step exception for completed step
11858 * end TB (as usual for having generated an exception)
11859 * SS_ACTIVE == 1, PSTATE.SS == 0: (active-pending)
11860 * emit code to generate a software step exception
11861 * end the TB
11862 */
11863 dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
11864 dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
11865 dc->is_ldex = false;
11866 if (!arm_feature(env, ARM_FEATURE_M)) {
11867 dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
11868 }
11869
11870 dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
11871
11872 /* If architectural single step active, limit to 1. */
11873 if (is_singlestepping(dc)) {
11874 dc->base.max_insns = 1;
11875 }
11876
11877 /* ARM is a fixed-length ISA. Bound the number of insns to execute
11878 to those left on the page. */
11879 if (!dc->thumb) {
11880 int bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
11881 dc->base.max_insns = MIN(dc->base.max_insns, bound);
11882 }
11883
11884 cpu_V0 = tcg_temp_new_i64();
11885 cpu_V1 = tcg_temp_new_i64();
11886 /* FIXME: cpu_M0 can probably be the same as cpu_V0. */
11887 cpu_M0 = tcg_temp_new_i64();
11888 }
11889
11890 static void arm_tr_tb_start(DisasContextBase *dcbase, CPUState *cpu)
11891 {
11892 DisasContext *dc = container_of(dcbase, DisasContext, base);
11893
11894 /* A note on handling of the condexec (IT) bits:
11895 *
11896 * We want to avoid the overhead of having to write the updated condexec
11897 * bits back to the CPUARMState for every instruction in an IT block. So:
11898 * (1) if the condexec bits are not already zero then we write
11899 * zero back into the CPUARMState now. This avoids complications trying
11900 * to do it at the end of the block. (For example if we don't do this
11901 * it's hard to identify whether we can safely skip writing condexec
11902 * at the end of the TB, which we definitely want to do for the case
11903 * where a TB doesn't do anything with the IT state at all.)
11904 * (2) if we are going to leave the TB then we call gen_set_condexec()
11905 * which will write the correct value into CPUARMState if zero is wrong.
11906 * This is done both for leaving the TB at the end, and for leaving
11907 * it because of an exception we know will happen, which is done in
11908 * gen_exception_insn(). The latter is necessary because we need to
11909 * leave the TB with the PC/IT state just prior to execution of the
11910 * instruction which caused the exception.
11911 * (3) if we leave the TB unexpectedly (eg a data abort on a load)
11912 * then the CPUARMState will be wrong and we need to reset it.
11913 * This is handled in the same way as restoration of the
11914 * PC in these situations; we save the value of the condexec bits
11915 * for each PC via tcg_gen_insn_start(), and restore_state_to_opc()
11916 * then uses this to restore them after an exception.
11917 *
11918 * Note that there are no instructions which can read the condexec
11919 * bits, and none which can write non-static values to them, so
11920 * we don't need to care about whether CPUARMState is correct in the
11921 * middle of a TB.
11922 */
11923
11924 /* Reset the conditional execution bits immediately. This avoids
11925 complications trying to do it at the end of the block. */
11926 if (dc->condexec_mask || dc->condexec_cond) {
11927 TCGv_i32 tmp = tcg_temp_new_i32();
11928 tcg_gen_movi_i32(tmp, 0);
11929 store_cpu_field(tmp, condexec_bits);
11930 }
11931 }
11932
11933 static void arm_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
11934 {
11935 DisasContext *dc = container_of(dcbase, DisasContext, base);
11936
11937 tcg_gen_insn_start(dc->base.pc_next,
11938 (dc->condexec_cond << 4) | (dc->condexec_mask >> 1),
11939 0);
11940 dc->insn_start = tcg_last_op();
11941 }
11942
11943 static bool arm_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
11944 const CPUBreakpoint *bp)
11945 {
11946 DisasContext *dc = container_of(dcbase, DisasContext, base);
11947
11948 if (bp->flags & BP_CPU) {
11949 gen_set_condexec(dc);
11950 gen_set_pc_im(dc, dc->base.pc_next);
11951 gen_helper_check_breakpoints(cpu_env);
11952 /* End the TB early; it's likely not going to be executed */
11953 dc->base.is_jmp = DISAS_TOO_MANY;
11954 } else {
11955 gen_exception_internal_insn(dc, dc->base.pc_next, EXCP_DEBUG);
11956 /* The address covered by the breakpoint must be
11957 included in [tb->pc, tb->pc + tb->size) in order
11958 to for it to be properly cleared -- thus we
11959 increment the PC here so that the logic setting
11960 tb->size below does the right thing. */
11961 /* TODO: Advance PC by correct instruction length to
11962 * avoid disassembler error messages */
11963 dc->base.pc_next += 2;
11964 dc->base.is_jmp = DISAS_NORETURN;
11965 }
11966
11967 return true;
11968 }
11969
11970 static bool arm_pre_translate_insn(DisasContext *dc)
11971 {
11972 #ifdef CONFIG_USER_ONLY
11973 /* Intercept jump to the magic kernel page. */
11974 if (dc->base.pc_next >= 0xffff0000) {
11975 /* We always get here via a jump, so know we are not in a
11976 conditional execution block. */
11977 gen_exception_internal(EXCP_KERNEL_TRAP);
11978 dc->base.is_jmp = DISAS_NORETURN;
11979 return true;
11980 }
11981 #endif
11982
11983 if (dc->ss_active && !dc->pstate_ss) {
11984 /* Singlestep state is Active-pending.
11985 * If we're in this state at the start of a TB then either
11986 * a) we just took an exception to an EL which is being debugged
11987 * and this is the first insn in the exception handler
11988 * b) debug exceptions were masked and we just unmasked them
11989 * without changing EL (eg by clearing PSTATE.D)
11990 * In either case we're going to take a swstep exception in the
11991 * "did not step an insn" case, and so the syndrome ISV and EX
11992 * bits should be zero.
11993 */
11994 assert(dc->base.num_insns == 1);
11995 gen_swstep_exception(dc, 0, 0);
11996 dc->base.is_jmp = DISAS_NORETURN;
11997 return true;
11998 }
11999
12000 return false;
12001 }
12002
12003 static void arm_post_translate_insn(DisasContext *dc)
12004 {
12005 if (dc->condjmp && !dc->base.is_jmp) {
12006 gen_set_label(dc->condlabel);
12007 dc->condjmp = 0;
12008 }
12009 translator_loop_temp_check(&dc->base);
12010 }
12011
12012 static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
12013 {
12014 DisasContext *dc = container_of(dcbase, DisasContext, base);
12015 CPUARMState *env = cpu->env_ptr;
12016 unsigned int insn;
12017
12018 if (arm_pre_translate_insn(dc)) {
12019 return;
12020 }
12021
12022 dc->pc_curr = dc->base.pc_next;
12023 insn = arm_ldl_code(env, dc->base.pc_next, dc->sctlr_b);
12024 dc->insn = insn;
12025 dc->base.pc_next += 4;
12026 disas_arm_insn(dc, insn);
12027
12028 arm_post_translate_insn(dc);
12029
12030 /* ARM is a fixed-length ISA. We performed the cross-page check
12031 in init_disas_context by adjusting max_insns. */
12032 }
12033
12034 static bool thumb_insn_is_unconditional(DisasContext *s, uint32_t insn)
12035 {
12036 /* Return true if this Thumb insn is always unconditional,
12037 * even inside an IT block. This is true of only a very few
12038 * instructions: BKPT, HLT, and SG.
12039 *
12040 * A larger class of instructions are UNPREDICTABLE if used
12041 * inside an IT block; we do not need to detect those here, because
12042 * what we do by default (perform the cc check and update the IT
12043 * bits state machine) is a permitted CONSTRAINED UNPREDICTABLE
12044 * choice for those situations.
12045 *
12046 * insn is either a 16-bit or a 32-bit instruction; the two are
12047 * distinguishable because for the 16-bit case the top 16 bits
12048 * are zeroes, and that isn't a valid 32-bit encoding.
12049 */
12050 if ((insn & 0xffffff00) == 0xbe00) {
12051 /* BKPT */
12052 return true;
12053 }
12054
12055 if ((insn & 0xffffffc0) == 0xba80 && arm_dc_feature(s, ARM_FEATURE_V8) &&
12056 !arm_dc_feature(s, ARM_FEATURE_M)) {
12057 /* HLT: v8A only. This is unconditional even when it is going to
12058 * UNDEF; see the v8A ARM ARM DDI0487B.a H3.3.
12059 * For v7 cores this was a plain old undefined encoding and so
12060 * honours its cc check. (We might be using the encoding as
12061 * a semihosting trap, but we don't change the cc check behaviour
12062 * on that account, because a debugger connected to a real v7A
12063 * core and emulating semihosting traps by catching the UNDEF
12064 * exception would also only see cases where the cc check passed.
12065 * No guest code should be trying to do a HLT semihosting trap
12066 * in an IT block anyway.
12067 */
12068 return true;
12069 }
12070
12071 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_V8) &&
12072 arm_dc_feature(s, ARM_FEATURE_M)) {
12073 /* SG: v8M only */
12074 return true;
12075 }
12076
12077 return false;
12078 }
12079
12080 static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
12081 {
12082 DisasContext *dc = container_of(dcbase, DisasContext, base);
12083 CPUARMState *env = cpu->env_ptr;
12084 uint32_t insn;
12085 bool is_16bit;
12086
12087 if (arm_pre_translate_insn(dc)) {
12088 return;
12089 }
12090
12091 dc->pc_curr = dc->base.pc_next;
12092 insn = arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b);
12093 is_16bit = thumb_insn_is_16bit(dc, dc->base.pc_next, insn);
12094 dc->base.pc_next += 2;
12095 if (!is_16bit) {
12096 uint32_t insn2 = arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b);
12097
12098 insn = insn << 16 | insn2;
12099 dc->base.pc_next += 2;
12100 }
12101 dc->insn = insn;
12102
12103 if (dc->condexec_mask && !thumb_insn_is_unconditional(dc, insn)) {
12104 uint32_t cond = dc->condexec_cond;
12105
12106 /*
12107 * Conditionally skip the insn. Note that both 0xe and 0xf mean
12108 * "always"; 0xf is not "never".
12109 */
12110 if (cond < 0x0e) {
12111 arm_skip_unless(dc, cond);
12112 }
12113 }
12114
12115 if (is_16bit) {
12116 disas_thumb_insn(dc, insn);
12117 } else {
12118 disas_thumb2_insn(dc, insn);
12119 }
12120
12121 /* Advance the Thumb condexec condition. */
12122 if (dc->condexec_mask) {
12123 dc->condexec_cond = ((dc->condexec_cond & 0xe) |
12124 ((dc->condexec_mask >> 4) & 1));
12125 dc->condexec_mask = (dc->condexec_mask << 1) & 0x1f;
12126 if (dc->condexec_mask == 0) {
12127 dc->condexec_cond = 0;
12128 }
12129 }
12130
12131 arm_post_translate_insn(dc);
12132
12133 /* Thumb is a variable-length ISA. Stop translation when the next insn
12134 * will touch a new page. This ensures that prefetch aborts occur at
12135 * the right place.
12136 *
12137 * We want to stop the TB if the next insn starts in a new page,
12138 * or if it spans between this page and the next. This means that
12139 * if we're looking at the last halfword in the page we need to
12140 * see if it's a 16-bit Thumb insn (which will fit in this TB)
12141 * or a 32-bit Thumb insn (which won't).
12142 * This is to avoid generating a silly TB with a single 16-bit insn
12143 * in it at the end of this page (which would execute correctly
12144 * but isn't very efficient).
12145 */
12146 if (dc->base.is_jmp == DISAS_NEXT
12147 && (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE
12148 || (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE - 3
12149 && insn_crosses_page(env, dc)))) {
12150 dc->base.is_jmp = DISAS_TOO_MANY;
12151 }
12152 }
12153
12154 static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
12155 {
12156 DisasContext *dc = container_of(dcbase, DisasContext, base);
12157
12158 if (tb_cflags(dc->base.tb) & CF_LAST_IO && dc->condjmp) {
12159 /* FIXME: This can theoretically happen with self-modifying code. */
12160 cpu_abort(cpu, "IO on conditional branch instruction");
12161 }
12162
12163 /* At this stage dc->condjmp will only be set when the skipped
12164 instruction was a conditional branch or trap, and the PC has
12165 already been written. */
12166 gen_set_condexec(dc);
12167 if (dc->base.is_jmp == DISAS_BX_EXCRET) {
12168 /* Exception return branches need some special case code at the
12169 * end of the TB, which is complex enough that it has to
12170 * handle the single-step vs not and the condition-failed
12171 * insn codepath itself.
12172 */
12173 gen_bx_excret_final_code(dc);
12174 } else if (unlikely(is_singlestepping(dc))) {
12175 /* Unconditional and "condition passed" instruction codepath. */
12176 switch (dc->base.is_jmp) {
12177 case DISAS_SWI:
12178 gen_ss_advance(dc);
12179 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
12180 default_exception_el(dc));
12181 break;
12182 case DISAS_HVC:
12183 gen_ss_advance(dc);
12184 gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
12185 break;
12186 case DISAS_SMC:
12187 gen_ss_advance(dc);
12188 gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
12189 break;
12190 case DISAS_NEXT:
12191 case DISAS_TOO_MANY:
12192 case DISAS_UPDATE:
12193 gen_set_pc_im(dc, dc->base.pc_next);
12194 /* fall through */
12195 default:
12196 /* FIXME: Single stepping a WFI insn will not halt the CPU. */
12197 gen_singlestep_exception(dc);
12198 break;
12199 case DISAS_NORETURN:
12200 break;
12201 }
12202 } else {
12203 /* While branches must always occur at the end of an IT block,
12204 there are a few other things that can cause us to terminate
12205 the TB in the middle of an IT block:
12206 - Exception generating instructions (bkpt, swi, undefined).
12207 - Page boundaries.
12208 - Hardware watchpoints.
12209 Hardware breakpoints have already been handled and skip this code.
12210 */
12211 switch(dc->base.is_jmp) {
12212 case DISAS_NEXT:
12213 case DISAS_TOO_MANY:
12214 gen_goto_tb(dc, 1, dc->base.pc_next);
12215 break;
12216 case DISAS_JUMP:
12217 gen_goto_ptr();
12218 break;
12219 case DISAS_UPDATE:
12220 gen_set_pc_im(dc, dc->base.pc_next);
12221 /* fall through */
12222 default:
12223 /* indicate that the hash table must be used to find the next TB */
12224 tcg_gen_exit_tb(NULL, 0);
12225 break;
12226 case DISAS_NORETURN:
12227 /* nothing more to generate */
12228 break;
12229 case DISAS_WFI:
12230 {
12231 TCGv_i32 tmp = tcg_const_i32((dc->thumb &&
12232 !(dc->insn & (1U << 31))) ? 2 : 4);
12233
12234 gen_helper_wfi(cpu_env, tmp);
12235 tcg_temp_free_i32(tmp);
12236 /* The helper doesn't necessarily throw an exception, but we
12237 * must go back to the main loop to check for interrupts anyway.
12238 */
12239 tcg_gen_exit_tb(NULL, 0);
12240 break;
12241 }
12242 case DISAS_WFE:
12243 gen_helper_wfe(cpu_env);
12244 break;
12245 case DISAS_YIELD:
12246 gen_helper_yield(cpu_env);
12247 break;
12248 case DISAS_SWI:
12249 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
12250 default_exception_el(dc));
12251 break;
12252 case DISAS_HVC:
12253 gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
12254 break;
12255 case DISAS_SMC:
12256 gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
12257 break;
12258 }
12259 }
12260
12261 if (dc->condjmp) {
12262 /* "Condition failed" instruction codepath for the branch/trap insn */
12263 gen_set_label(dc->condlabel);
12264 gen_set_condexec(dc);
12265 if (unlikely(is_singlestepping(dc))) {
12266 gen_set_pc_im(dc, dc->base.pc_next);
12267 gen_singlestep_exception(dc);
12268 } else {
12269 gen_goto_tb(dc, 1, dc->base.pc_next);
12270 }
12271 }
12272 }
12273
12274 static void arm_tr_disas_log(const DisasContextBase *dcbase, CPUState *cpu)
12275 {
12276 DisasContext *dc = container_of(dcbase, DisasContext, base);
12277
12278 qemu_log("IN: %s\n", lookup_symbol(dc->base.pc_first));
12279 log_target_disas(cpu, dc->base.pc_first, dc->base.tb->size);
12280 }
12281
12282 static const TranslatorOps arm_translator_ops = {
12283 .init_disas_context = arm_tr_init_disas_context,
12284 .tb_start = arm_tr_tb_start,
12285 .insn_start = arm_tr_insn_start,
12286 .breakpoint_check = arm_tr_breakpoint_check,
12287 .translate_insn = arm_tr_translate_insn,
12288 .tb_stop = arm_tr_tb_stop,
12289 .disas_log = arm_tr_disas_log,
12290 };
12291
12292 static const TranslatorOps thumb_translator_ops = {
12293 .init_disas_context = arm_tr_init_disas_context,
12294 .tb_start = arm_tr_tb_start,
12295 .insn_start = arm_tr_insn_start,
12296 .breakpoint_check = arm_tr_breakpoint_check,
12297 .translate_insn = thumb_tr_translate_insn,
12298 .tb_stop = arm_tr_tb_stop,
12299 .disas_log = arm_tr_disas_log,
12300 };
12301
12302 /* generate intermediate code for basic block 'tb'. */
12303 void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
12304 {
12305 DisasContext dc;
12306 const TranslatorOps *ops = &arm_translator_ops;
12307
12308 if (FIELD_EX32(tb->flags, TBFLAG_A32, THUMB)) {
12309 ops = &thumb_translator_ops;
12310 }
12311 #ifdef TARGET_AARCH64
12312 if (FIELD_EX32(tb->flags, TBFLAG_ANY, AARCH64_STATE)) {
12313 ops = &aarch64_translator_ops;
12314 }
12315 #endif
12316
12317 translator_loop(ops, &dc.base, cpu, tb, max_insns);
12318 }
12319
12320 void restore_state_to_opc(CPUARMState *env, TranslationBlock *tb,
12321 target_ulong *data)
12322 {
12323 if (is_a64(env)) {
12324 env->pc = data[0];
12325 env->condexec_bits = 0;
12326 env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
12327 } else {
12328 env->regs[15] = data[0];
12329 env->condexec_bits = data[1];
12330 env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
12331 }
12332 }
QEMU mirror