]> git.proxmox.com Git - mirror_qemu.git/blob - target/arm/translate.c
projects / mirror_qemu.git / blob
? search:


ebc7c67f025ba675c6d16f07c175508f906b3d08
[mirror_qemu.git] / target / arm / translate.c
1 /*
2 * ARM translation
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 * Copyright (c) 2005-2007 CodeSourcery
6 * Copyright (c) 2007 OpenedHand, Ltd.
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2 of the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
20 */
21 #include "qemu/osdep.h"
22
23 #include "cpu.h"
24 #include "internals.h"
25 #include "disas/disas.h"
26 #include "exec/exec-all.h"
27 #include "tcg-op.h"
28 #include "tcg-op-gvec.h"
29 #include "qemu/log.h"
30 #include "qemu/bitops.h"
31 #include "arm_ldst.h"
32 #include "hw/semihosting/semihost.h"
33
34 #include "exec/helper-proto.h"
35 #include "exec/helper-gen.h"
36
37 #include "trace-tcg.h"
38 #include "exec/log.h"
39
40
41 #define ENABLE_ARCH_4T arm_dc_feature(s, ARM_FEATURE_V4T)
42 #define ENABLE_ARCH_5 arm_dc_feature(s, ARM_FEATURE_V5)
43 /* currently all emulated v5 cores are also v5TE, so don't bother */
44 #define ENABLE_ARCH_5TE arm_dc_feature(s, ARM_FEATURE_V5)
45 #define ENABLE_ARCH_5J dc_isar_feature(jazelle, s)
46 #define ENABLE_ARCH_6 arm_dc_feature(s, ARM_FEATURE_V6)
47 #define ENABLE_ARCH_6K arm_dc_feature(s, ARM_FEATURE_V6K)
48 #define ENABLE_ARCH_6T2 arm_dc_feature(s, ARM_FEATURE_THUMB2)
49 #define ENABLE_ARCH_7 arm_dc_feature(s, ARM_FEATURE_V7)
50 #define ENABLE_ARCH_8 arm_dc_feature(s, ARM_FEATURE_V8)
51
52 #define ARCH(x) do { if (!ENABLE_ARCH_##x) goto illegal_op; } while(0)
53
54 #include "translate.h"
55
56 #if defined(CONFIG_USER_ONLY)
57 #define IS_USER(s) 1
58 #else
59 #define IS_USER(s) (s->user)
60 #endif
61
62 /* We reuse the same 64-bit temporaries for efficiency. */
63 static TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
64 static TCGv_i32 cpu_R[16];
65 TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF;
66 TCGv_i64 cpu_exclusive_addr;
67 TCGv_i64 cpu_exclusive_val;
68
69 #include "exec/gen-icount.h"
70
71 static const char * const regnames[] =
72 { "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
73 "r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" };
74
75 /* Function prototypes for gen_ functions calling Neon helpers. */
76 typedef void NeonGenThreeOpEnvFn(TCGv_i32, TCGv_env, TCGv_i32,
77 TCGv_i32, TCGv_i32);
78 /* Function prototypes for gen_ functions for fix point conversions */
79 typedef void VFPGenFixPointFn(TCGv_i32, TCGv_i32, TCGv_i32, TCGv_ptr);
80
81 /* initialize TCG globals. */
82 void arm_translate_init(void)
83 {
84 int i;
85
86 for (i = 0; i < 16; i++) {
87 cpu_R[i] = tcg_global_mem_new_i32(cpu_env,
88 offsetof(CPUARMState, regs[i]),
89 regnames[i]);
90 }
91 cpu_CF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, CF), "CF");
92 cpu_NF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, NF), "NF");
93 cpu_VF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, VF), "VF");
94 cpu_ZF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, ZF), "ZF");
95
96 cpu_exclusive_addr = tcg_global_mem_new_i64(cpu_env,
97 offsetof(CPUARMState, exclusive_addr), "exclusive_addr");
98 cpu_exclusive_val = tcg_global_mem_new_i64(cpu_env,
99 offsetof(CPUARMState, exclusive_val), "exclusive_val");
100
101 a64_translate_init();
102 }
103
104 /* Flags for the disas_set_da_iss info argument:
105 * lower bits hold the Rt register number, higher bits are flags.
106 */
107 typedef enum ISSInfo {
108 ISSNone = 0,
109 ISSRegMask = 0x1f,
110 ISSInvalid = (1 << 5),
111 ISSIsAcqRel = (1 << 6),
112 ISSIsWrite = (1 << 7),
113 ISSIs16Bit = (1 << 8),
114 } ISSInfo;
115
116 /* Save the syndrome information for a Data Abort */
117 static void disas_set_da_iss(DisasContext *s, TCGMemOp memop, ISSInfo issinfo)
118 {
119 uint32_t syn;
120 int sas = memop & MO_SIZE;
121 bool sse = memop & MO_SIGN;
122 bool is_acqrel = issinfo & ISSIsAcqRel;
123 bool is_write = issinfo & ISSIsWrite;
124 bool is_16bit = issinfo & ISSIs16Bit;
125 int srt = issinfo & ISSRegMask;
126
127 if (issinfo & ISSInvalid) {
128 /* Some callsites want to conditionally provide ISS info,
129 * eg "only if this was not a writeback"
130 */
131 return;
132 }
133
134 if (srt == 15) {
135 /* For AArch32, insns where the src/dest is R15 never generate
136 * ISS information. Catching that here saves checking at all
137 * the call sites.
138 */
139 return;
140 }
141
142 syn = syn_data_abort_with_iss(0, sas, sse, srt, 0, is_acqrel,
143 0, 0, 0, is_write, 0, is_16bit);
144 disas_set_insn_syndrome(s, syn);
145 }
146
147 static inline int get_a32_user_mem_index(DisasContext *s)
148 {
149 /* Return the core mmu_idx to use for A32/T32 "unprivileged load/store"
150 * insns:
151 * if PL2, UNPREDICTABLE (we choose to implement as if PL0)
152 * otherwise, access as if at PL0.
153 */
154 switch (s->mmu_idx) {
155 case ARMMMUIdx_S1E2: /* this one is UNPREDICTABLE */
156 case ARMMMUIdx_S12NSE0:
157 case ARMMMUIdx_S12NSE1:
158 return arm_to_core_mmu_idx(ARMMMUIdx_S12NSE0);
159 case ARMMMUIdx_S1E3:
160 case ARMMMUIdx_S1SE0:
161 case ARMMMUIdx_S1SE1:
162 return arm_to_core_mmu_idx(ARMMMUIdx_S1SE0);
163 case ARMMMUIdx_MUser:
164 case ARMMMUIdx_MPriv:
165 return arm_to_core_mmu_idx(ARMMMUIdx_MUser);
166 case ARMMMUIdx_MUserNegPri:
167 case ARMMMUIdx_MPrivNegPri:
168 return arm_to_core_mmu_idx(ARMMMUIdx_MUserNegPri);
169 case ARMMMUIdx_MSUser:
170 case ARMMMUIdx_MSPriv:
171 return arm_to_core_mmu_idx(ARMMMUIdx_MSUser);
172 case ARMMMUIdx_MSUserNegPri:
173 case ARMMMUIdx_MSPrivNegPri:
174 return arm_to_core_mmu_idx(ARMMMUIdx_MSUserNegPri);
175 case ARMMMUIdx_S2NS:
176 default:
177 g_assert_not_reached();
178 }
179 }
180
181 static inline TCGv_i32 load_cpu_offset(int offset)
182 {
183 TCGv_i32 tmp = tcg_temp_new_i32();
184 tcg_gen_ld_i32(tmp, cpu_env, offset);
185 return tmp;
186 }
187
188 #define load_cpu_field(name) load_cpu_offset(offsetof(CPUARMState, name))
189
190 static inline void store_cpu_offset(TCGv_i32 var, int offset)
191 {
192 tcg_gen_st_i32(var, cpu_env, offset);
193 tcg_temp_free_i32(var);
194 }
195
196 #define store_cpu_field(var, name) \
197 store_cpu_offset(var, offsetof(CPUARMState, name))
198
199 /* The architectural value of PC. */
200 static uint32_t read_pc(DisasContext *s)
201 {
202 return s->pc_curr + (s->thumb ? 4 : 8);
203 }
204
205 /* Set a variable to the value of a CPU register. */
206 static void load_reg_var(DisasContext *s, TCGv_i32 var, int reg)
207 {
208 if (reg == 15) {
209 tcg_gen_movi_i32(var, read_pc(s));
210 } else {
211 tcg_gen_mov_i32(var, cpu_R[reg]);
212 }
213 }
214
215 /* Create a new temporary and set it to the value of a CPU register. */
216 static inline TCGv_i32 load_reg(DisasContext *s, int reg)
217 {
218 TCGv_i32 tmp = tcg_temp_new_i32();
219 load_reg_var(s, tmp, reg);
220 return tmp;
221 }
222
223 /*
224 * Create a new temp, REG + OFS, except PC is ALIGN(PC, 4).
225 * This is used for load/store for which use of PC implies (literal),
226 * or ADD that implies ADR.
227 */
228 static TCGv_i32 add_reg_for_lit(DisasContext *s, int reg, int ofs)
229 {
230 TCGv_i32 tmp = tcg_temp_new_i32();
231
232 if (reg == 15) {
233 tcg_gen_movi_i32(tmp, (read_pc(s) & ~3) + ofs);
234 } else {
235 tcg_gen_addi_i32(tmp, cpu_R[reg], ofs);
236 }
237 return tmp;
238 }
239
240 /* Set a CPU register. The source must be a temporary and will be
241 marked as dead. */
242 static void store_reg(DisasContext *s, int reg, TCGv_i32 var)
243 {
244 if (reg == 15) {
245 /* In Thumb mode, we must ignore bit 0.
246 * In ARM mode, for ARMv4 and ARMv5, it is UNPREDICTABLE if bits [1:0]
247 * are not 0b00, but for ARMv6 and above, we must ignore bits [1:0].
248 * We choose to ignore [1:0] in ARM mode for all architecture versions.
249 */
250 tcg_gen_andi_i32(var, var, s->thumb ? ~1 : ~3);
251 s->base.is_jmp = DISAS_JUMP;
252 }
253 tcg_gen_mov_i32(cpu_R[reg], var);
254 tcg_temp_free_i32(var);
255 }
256
257 /*
258 * Variant of store_reg which applies v8M stack-limit checks before updating
259 * SP. If the check fails this will result in an exception being taken.
260 * We disable the stack checks for CONFIG_USER_ONLY because we have
261 * no idea what the stack limits should be in that case.
262 * If stack checking is not being done this just acts like store_reg().
263 */
264 static void store_sp_checked(DisasContext *s, TCGv_i32 var)
265 {
266 #ifndef CONFIG_USER_ONLY
267 if (s->v8m_stackcheck) {
268 gen_helper_v8m_stackcheck(cpu_env, var);
269 }
270 #endif
271 store_reg(s, 13, var);
272 }
273
274 /* Value extensions. */
275 #define gen_uxtb(var) tcg_gen_ext8u_i32(var, var)
276 #define gen_uxth(var) tcg_gen_ext16u_i32(var, var)
277 #define gen_sxtb(var) tcg_gen_ext8s_i32(var, var)
278 #define gen_sxth(var) tcg_gen_ext16s_i32(var, var)
279
280 #define gen_sxtb16(var) gen_helper_sxtb16(var, var)
281 #define gen_uxtb16(var) gen_helper_uxtb16(var, var)
282
283
284 static inline void gen_set_cpsr(TCGv_i32 var, uint32_t mask)
285 {
286 TCGv_i32 tmp_mask = tcg_const_i32(mask);
287 gen_helper_cpsr_write(cpu_env, var, tmp_mask);
288 tcg_temp_free_i32(tmp_mask);
289 }
290 /* Set NZCV flags from the high 4 bits of var. */
291 #define gen_set_nzcv(var) gen_set_cpsr(var, CPSR_NZCV)
292
293 static void gen_exception_internal(int excp)
294 {
295 TCGv_i32 tcg_excp = tcg_const_i32(excp);
296
297 assert(excp_is_internal(excp));
298 gen_helper_exception_internal(cpu_env, tcg_excp);
299 tcg_temp_free_i32(tcg_excp);
300 }
301
302 static void gen_step_complete_exception(DisasContext *s)
303 {
304 /* We just completed step of an insn. Move from Active-not-pending
305 * to Active-pending, and then also take the swstep exception.
306 * This corresponds to making the (IMPDEF) choice to prioritize
307 * swstep exceptions over asynchronous exceptions taken to an exception
308 * level where debug is disabled. This choice has the advantage that
309 * we do not need to maintain internal state corresponding to the
310 * ISV/EX syndrome bits between completion of the step and generation
311 * of the exception, and our syndrome information is always correct.
312 */
313 gen_ss_advance(s);
314 gen_swstep_exception(s, 1, s->is_ldex);
315 s->base.is_jmp = DISAS_NORETURN;
316 }
317
318 static void gen_singlestep_exception(DisasContext *s)
319 {
320 /* Generate the right kind of exception for singlestep, which is
321 * either the architectural singlestep or EXCP_DEBUG for QEMU's
322 * gdb singlestepping.
323 */
324 if (s->ss_active) {
325 gen_step_complete_exception(s);
326 } else {
327 gen_exception_internal(EXCP_DEBUG);
328 }
329 }
330
331 static inline bool is_singlestepping(DisasContext *s)
332 {
333 /* Return true if we are singlestepping either because of
334 * architectural singlestep or QEMU gdbstub singlestep. This does
335 * not include the command line '-singlestep' mode which is rather
336 * misnamed as it only means "one instruction per TB" and doesn't
337 * affect the code we generate.
338 */
339 return s->base.singlestep_enabled || s->ss_active;
340 }
341
342 static void gen_smul_dual(TCGv_i32 a, TCGv_i32 b)
343 {
344 TCGv_i32 tmp1 = tcg_temp_new_i32();
345 TCGv_i32 tmp2 = tcg_temp_new_i32();
346 tcg_gen_ext16s_i32(tmp1, a);
347 tcg_gen_ext16s_i32(tmp2, b);
348 tcg_gen_mul_i32(tmp1, tmp1, tmp2);
349 tcg_temp_free_i32(tmp2);
350 tcg_gen_sari_i32(a, a, 16);
351 tcg_gen_sari_i32(b, b, 16);
352 tcg_gen_mul_i32(b, b, a);
353 tcg_gen_mov_i32(a, tmp1);
354 tcg_temp_free_i32(tmp1);
355 }
356
357 /* Byteswap each halfword. */
358 static void gen_rev16(TCGv_i32 var)
359 {
360 TCGv_i32 tmp = tcg_temp_new_i32();
361 TCGv_i32 mask = tcg_const_i32(0x00ff00ff);
362 tcg_gen_shri_i32(tmp, var, 8);
363 tcg_gen_and_i32(tmp, tmp, mask);
364 tcg_gen_and_i32(var, var, mask);
365 tcg_gen_shli_i32(var, var, 8);
366 tcg_gen_or_i32(var, var, tmp);
367 tcg_temp_free_i32(mask);
368 tcg_temp_free_i32(tmp);
369 }
370
371 /* Byteswap low halfword and sign extend. */
372 static void gen_revsh(TCGv_i32 var)
373 {
374 tcg_gen_ext16u_i32(var, var);
375 tcg_gen_bswap16_i32(var, var);
376 tcg_gen_ext16s_i32(var, var);
377 }
378
379 /* Return (b << 32) + a. Mark inputs as dead */
380 static TCGv_i64 gen_addq_msw(TCGv_i64 a, TCGv_i32 b)
381 {
382 TCGv_i64 tmp64 = tcg_temp_new_i64();
383
384 tcg_gen_extu_i32_i64(tmp64, b);
385 tcg_temp_free_i32(b);
386 tcg_gen_shli_i64(tmp64, tmp64, 32);
387 tcg_gen_add_i64(a, tmp64, a);
388
389 tcg_temp_free_i64(tmp64);
390 return a;
391 }
392
393 /* Return (b << 32) - a. Mark inputs as dead. */
394 static TCGv_i64 gen_subq_msw(TCGv_i64 a, TCGv_i32 b)
395 {
396 TCGv_i64 tmp64 = tcg_temp_new_i64();
397
398 tcg_gen_extu_i32_i64(tmp64, b);
399 tcg_temp_free_i32(b);
400 tcg_gen_shli_i64(tmp64, tmp64, 32);
401 tcg_gen_sub_i64(a, tmp64, a);
402
403 tcg_temp_free_i64(tmp64);
404 return a;
405 }
406
407 /* 32x32->64 multiply. Marks inputs as dead. */
408 static TCGv_i64 gen_mulu_i64_i32(TCGv_i32 a, TCGv_i32 b)
409 {
410 TCGv_i32 lo = tcg_temp_new_i32();
411 TCGv_i32 hi = tcg_temp_new_i32();
412 TCGv_i64 ret;
413
414 tcg_gen_mulu2_i32(lo, hi, a, b);
415 tcg_temp_free_i32(a);
416 tcg_temp_free_i32(b);
417
418 ret = tcg_temp_new_i64();
419 tcg_gen_concat_i32_i64(ret, lo, hi);
420 tcg_temp_free_i32(lo);
421 tcg_temp_free_i32(hi);
422
423 return ret;
424 }
425
426 static TCGv_i64 gen_muls_i64_i32(TCGv_i32 a, TCGv_i32 b)
427 {
428 TCGv_i32 lo = tcg_temp_new_i32();
429 TCGv_i32 hi = tcg_temp_new_i32();
430 TCGv_i64 ret;
431
432 tcg_gen_muls2_i32(lo, hi, a, b);
433 tcg_temp_free_i32(a);
434 tcg_temp_free_i32(b);
435
436 ret = tcg_temp_new_i64();
437 tcg_gen_concat_i32_i64(ret, lo, hi);
438 tcg_temp_free_i32(lo);
439 tcg_temp_free_i32(hi);
440
441 return ret;
442 }
443
444 /* Swap low and high halfwords. */
445 static void gen_swap_half(TCGv_i32 var)
446 {
447 TCGv_i32 tmp = tcg_temp_new_i32();
448 tcg_gen_shri_i32(tmp, var, 16);
449 tcg_gen_shli_i32(var, var, 16);
450 tcg_gen_or_i32(var, var, tmp);
451 tcg_temp_free_i32(tmp);
452 }
453
454 /* Dual 16-bit add. Result placed in t0 and t1 is marked as dead.
455 tmp = (t0 ^ t1) & 0x8000;
456 t0 &= ~0x8000;
457 t1 &= ~0x8000;
458 t0 = (t0 + t1) ^ tmp;
459 */
460
461 static void gen_add16(TCGv_i32 t0, TCGv_i32 t1)
462 {
463 TCGv_i32 tmp = tcg_temp_new_i32();
464 tcg_gen_xor_i32(tmp, t0, t1);
465 tcg_gen_andi_i32(tmp, tmp, 0x8000);
466 tcg_gen_andi_i32(t0, t0, ~0x8000);
467 tcg_gen_andi_i32(t1, t1, ~0x8000);
468 tcg_gen_add_i32(t0, t0, t1);
469 tcg_gen_xor_i32(t0, t0, tmp);
470 tcg_temp_free_i32(tmp);
471 tcg_temp_free_i32(t1);
472 }
473
474 /* Set CF to the top bit of var. */
475 static void gen_set_CF_bit31(TCGv_i32 var)
476 {
477 tcg_gen_shri_i32(cpu_CF, var, 31);
478 }
479
480 /* Set N and Z flags from var. */
481 static inline void gen_logic_CC(TCGv_i32 var)
482 {
483 tcg_gen_mov_i32(cpu_NF, var);
484 tcg_gen_mov_i32(cpu_ZF, var);
485 }
486
487 /* T0 += T1 + CF. */
488 static void gen_adc(TCGv_i32 t0, TCGv_i32 t1)
489 {
490 tcg_gen_add_i32(t0, t0, t1);
491 tcg_gen_add_i32(t0, t0, cpu_CF);
492 }
493
494 /* dest = T0 + T1 + CF. */
495 static void gen_add_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
496 {
497 tcg_gen_add_i32(dest, t0, t1);
498 tcg_gen_add_i32(dest, dest, cpu_CF);
499 }
500
501 /* dest = T0 - T1 + CF - 1. */
502 static void gen_sub_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
503 {
504 tcg_gen_sub_i32(dest, t0, t1);
505 tcg_gen_add_i32(dest, dest, cpu_CF);
506 tcg_gen_subi_i32(dest, dest, 1);
507 }
508
509 /* dest = T0 + T1. Compute C, N, V and Z flags */
510 static void gen_add_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
511 {
512 TCGv_i32 tmp = tcg_temp_new_i32();
513 tcg_gen_movi_i32(tmp, 0);
514 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, t1, tmp);
515 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
516 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
517 tcg_gen_xor_i32(tmp, t0, t1);
518 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
519 tcg_temp_free_i32(tmp);
520 tcg_gen_mov_i32(dest, cpu_NF);
521 }
522
523 /* dest = T0 + T1 + CF. Compute C, N, V and Z flags */
524 static void gen_adc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
525 {
526 TCGv_i32 tmp = tcg_temp_new_i32();
527 if (TCG_TARGET_HAS_add2_i32) {
528 tcg_gen_movi_i32(tmp, 0);
529 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, cpu_CF, tmp);
530 tcg_gen_add2_i32(cpu_NF, cpu_CF, cpu_NF, cpu_CF, t1, tmp);
531 } else {
532 TCGv_i64 q0 = tcg_temp_new_i64();
533 TCGv_i64 q1 = tcg_temp_new_i64();
534 tcg_gen_extu_i32_i64(q0, t0);
535 tcg_gen_extu_i32_i64(q1, t1);
536 tcg_gen_add_i64(q0, q0, q1);
537 tcg_gen_extu_i32_i64(q1, cpu_CF);
538 tcg_gen_add_i64(q0, q0, q1);
539 tcg_gen_extr_i64_i32(cpu_NF, cpu_CF, q0);
540 tcg_temp_free_i64(q0);
541 tcg_temp_free_i64(q1);
542 }
543 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
544 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
545 tcg_gen_xor_i32(tmp, t0, t1);
546 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
547 tcg_temp_free_i32(tmp);
548 tcg_gen_mov_i32(dest, cpu_NF);
549 }
550
551 /* dest = T0 - T1. Compute C, N, V and Z flags */
552 static void gen_sub_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
553 {
554 TCGv_i32 tmp;
555 tcg_gen_sub_i32(cpu_NF, t0, t1);
556 tcg_gen_mov_i32(cpu_ZF, cpu_NF);
557 tcg_gen_setcond_i32(TCG_COND_GEU, cpu_CF, t0, t1);
558 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
559 tmp = tcg_temp_new_i32();
560 tcg_gen_xor_i32(tmp, t0, t1);
561 tcg_gen_and_i32(cpu_VF, cpu_VF, tmp);
562 tcg_temp_free_i32(tmp);
563 tcg_gen_mov_i32(dest, cpu_NF);
564 }
565
566 /* dest = T0 + ~T1 + CF. Compute C, N, V and Z flags */
567 static void gen_sbc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
568 {
569 TCGv_i32 tmp = tcg_temp_new_i32();
570 tcg_gen_not_i32(tmp, t1);
571 gen_adc_CC(dest, t0, tmp);
572 tcg_temp_free_i32(tmp);
573 }
574
575 #define GEN_SHIFT(name) \
576 static void gen_##name(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) \
577 { \
578 TCGv_i32 tmp1, tmp2, tmp3; \
579 tmp1 = tcg_temp_new_i32(); \
580 tcg_gen_andi_i32(tmp1, t1, 0xff); \
581 tmp2 = tcg_const_i32(0); \
582 tmp3 = tcg_const_i32(0x1f); \
583 tcg_gen_movcond_i32(TCG_COND_GTU, tmp2, tmp1, tmp3, tmp2, t0); \
584 tcg_temp_free_i32(tmp3); \
585 tcg_gen_andi_i32(tmp1, tmp1, 0x1f); \
586 tcg_gen_##name##_i32(dest, tmp2, tmp1); \
587 tcg_temp_free_i32(tmp2); \
588 tcg_temp_free_i32(tmp1); \
589 }
590 GEN_SHIFT(shl)
591 GEN_SHIFT(shr)
592 #undef GEN_SHIFT
593
594 static void gen_sar(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
595 {
596 TCGv_i32 tmp1, tmp2;
597 tmp1 = tcg_temp_new_i32();
598 tcg_gen_andi_i32(tmp1, t1, 0xff);
599 tmp2 = tcg_const_i32(0x1f);
600 tcg_gen_movcond_i32(TCG_COND_GTU, tmp1, tmp1, tmp2, tmp2, tmp1);
601 tcg_temp_free_i32(tmp2);
602 tcg_gen_sar_i32(dest, t0, tmp1);
603 tcg_temp_free_i32(tmp1);
604 }
605
606 static void shifter_out_im(TCGv_i32 var, int shift)
607 {
608 tcg_gen_extract_i32(cpu_CF, var, shift, 1);
609 }
610
611 /* Shift by immediate. Includes special handling for shift == 0. */
612 static inline void gen_arm_shift_im(TCGv_i32 var, int shiftop,
613 int shift, int flags)
614 {
615 switch (shiftop) {
616 case 0: /* LSL */
617 if (shift != 0) {
618 if (flags)
619 shifter_out_im(var, 32 - shift);
620 tcg_gen_shli_i32(var, var, shift);
621 }
622 break;
623 case 1: /* LSR */
624 if (shift == 0) {
625 if (flags) {
626 tcg_gen_shri_i32(cpu_CF, var, 31);
627 }
628 tcg_gen_movi_i32(var, 0);
629 } else {
630 if (flags)
631 shifter_out_im(var, shift - 1);
632 tcg_gen_shri_i32(var, var, shift);
633 }
634 break;
635 case 2: /* ASR */
636 if (shift == 0)
637 shift = 32;
638 if (flags)
639 shifter_out_im(var, shift - 1);
640 if (shift == 32)
641 shift = 31;
642 tcg_gen_sari_i32(var, var, shift);
643 break;
644 case 3: /* ROR/RRX */
645 if (shift != 0) {
646 if (flags)
647 shifter_out_im(var, shift - 1);
648 tcg_gen_rotri_i32(var, var, shift); break;
649 } else {
650 TCGv_i32 tmp = tcg_temp_new_i32();
651 tcg_gen_shli_i32(tmp, cpu_CF, 31);
652 if (flags)
653 shifter_out_im(var, 0);
654 tcg_gen_shri_i32(var, var, 1);
655 tcg_gen_or_i32(var, var, tmp);
656 tcg_temp_free_i32(tmp);
657 }
658 }
659 };
660
661 static inline void gen_arm_shift_reg(TCGv_i32 var, int shiftop,
662 TCGv_i32 shift, int flags)
663 {
664 if (flags) {
665 switch (shiftop) {
666 case 0: gen_helper_shl_cc(var, cpu_env, var, shift); break;
667 case 1: gen_helper_shr_cc(var, cpu_env, var, shift); break;
668 case 2: gen_helper_sar_cc(var, cpu_env, var, shift); break;
669 case 3: gen_helper_ror_cc(var, cpu_env, var, shift); break;
670 }
671 } else {
672 switch (shiftop) {
673 case 0:
674 gen_shl(var, var, shift);
675 break;
676 case 1:
677 gen_shr(var, var, shift);
678 break;
679 case 2:
680 gen_sar(var, var, shift);
681 break;
682 case 3: tcg_gen_andi_i32(shift, shift, 0x1f);
683 tcg_gen_rotr_i32(var, var, shift); break;
684 }
685 }
686 tcg_temp_free_i32(shift);
687 }
688
689 #define PAS_OP(pfx) \
690 switch (op2) { \
691 case 0: gen_pas_helper(glue(pfx,add16)); break; \
692 case 1: gen_pas_helper(glue(pfx,addsubx)); break; \
693 case 2: gen_pas_helper(glue(pfx,subaddx)); break; \
694 case 3: gen_pas_helper(glue(pfx,sub16)); break; \
695 case 4: gen_pas_helper(glue(pfx,add8)); break; \
696 case 7: gen_pas_helper(glue(pfx,sub8)); break; \
697 }
698 static void gen_arm_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
699 {
700 TCGv_ptr tmp;
701
702 switch (op1) {
703 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
704 case 1:
705 tmp = tcg_temp_new_ptr();
706 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
707 PAS_OP(s)
708 tcg_temp_free_ptr(tmp);
709 break;
710 case 5:
711 tmp = tcg_temp_new_ptr();
712 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
713 PAS_OP(u)
714 tcg_temp_free_ptr(tmp);
715 break;
716 #undef gen_pas_helper
717 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
718 case 2:
719 PAS_OP(q);
720 break;
721 case 3:
722 PAS_OP(sh);
723 break;
724 case 6:
725 PAS_OP(uq);
726 break;
727 case 7:
728 PAS_OP(uh);
729 break;
730 #undef gen_pas_helper
731 }
732 }
733 #undef PAS_OP
734
735 /* For unknown reasons Arm and Thumb-2 use arbitrarily different encodings. */
736 #define PAS_OP(pfx) \
737 switch (op1) { \
738 case 0: gen_pas_helper(glue(pfx,add8)); break; \
739 case 1: gen_pas_helper(glue(pfx,add16)); break; \
740 case 2: gen_pas_helper(glue(pfx,addsubx)); break; \
741 case 4: gen_pas_helper(glue(pfx,sub8)); break; \
742 case 5: gen_pas_helper(glue(pfx,sub16)); break; \
743 case 6: gen_pas_helper(glue(pfx,subaddx)); break; \
744 }
745 static void gen_thumb2_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
746 {
747 TCGv_ptr tmp;
748
749 switch (op2) {
750 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
751 case 0:
752 tmp = tcg_temp_new_ptr();
753 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
754 PAS_OP(s)
755 tcg_temp_free_ptr(tmp);
756 break;
757 case 4:
758 tmp = tcg_temp_new_ptr();
759 tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
760 PAS_OP(u)
761 tcg_temp_free_ptr(tmp);
762 break;
763 #undef gen_pas_helper
764 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
765 case 1:
766 PAS_OP(q);
767 break;
768 case 2:
769 PAS_OP(sh);
770 break;
771 case 5:
772 PAS_OP(uq);
773 break;
774 case 6:
775 PAS_OP(uh);
776 break;
777 #undef gen_pas_helper
778 }
779 }
780 #undef PAS_OP
781
782 /*
783 * Generate a conditional based on ARM condition code cc.
784 * This is common between ARM and Aarch64 targets.
785 */
786 void arm_test_cc(DisasCompare *cmp, int cc)
787 {
788 TCGv_i32 value;
789 TCGCond cond;
790 bool global = true;
791
792 switch (cc) {
793 case 0: /* eq: Z */
794 case 1: /* ne: !Z */
795 cond = TCG_COND_EQ;
796 value = cpu_ZF;
797 break;
798
799 case 2: /* cs: C */
800 case 3: /* cc: !C */
801 cond = TCG_COND_NE;
802 value = cpu_CF;
803 break;
804
805 case 4: /* mi: N */
806 case 5: /* pl: !N */
807 cond = TCG_COND_LT;
808 value = cpu_NF;
809 break;
810
811 case 6: /* vs: V */
812 case 7: /* vc: !V */
813 cond = TCG_COND_LT;
814 value = cpu_VF;
815 break;
816
817 case 8: /* hi: C && !Z */
818 case 9: /* ls: !C || Z -> !(C && !Z) */
819 cond = TCG_COND_NE;
820 value = tcg_temp_new_i32();
821 global = false;
822 /* CF is 1 for C, so -CF is an all-bits-set mask for C;
823 ZF is non-zero for !Z; so AND the two subexpressions. */
824 tcg_gen_neg_i32(value, cpu_CF);
825 tcg_gen_and_i32(value, value, cpu_ZF);
826 break;
827
828 case 10: /* ge: N == V -> N ^ V == 0 */
829 case 11: /* lt: N != V -> N ^ V != 0 */
830 /* Since we're only interested in the sign bit, == 0 is >= 0. */
831 cond = TCG_COND_GE;
832 value = tcg_temp_new_i32();
833 global = false;
834 tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
835 break;
836
837 case 12: /* gt: !Z && N == V */
838 case 13: /* le: Z || N != V */
839 cond = TCG_COND_NE;
840 value = tcg_temp_new_i32();
841 global = false;
842 /* (N == V) is equal to the sign bit of ~(NF ^ VF). Propagate
843 * the sign bit then AND with ZF to yield the result. */
844 tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
845 tcg_gen_sari_i32(value, value, 31);
846 tcg_gen_andc_i32(value, cpu_ZF, value);
847 break;
848
849 case 14: /* always */
850 case 15: /* always */
851 /* Use the ALWAYS condition, which will fold early.
852 * It doesn't matter what we use for the value. */
853 cond = TCG_COND_ALWAYS;
854 value = cpu_ZF;
855 goto no_invert;
856
857 default:
858 fprintf(stderr, "Bad condition code 0x%x\n", cc);
859 abort();
860 }
861
862 if (cc & 1) {
863 cond = tcg_invert_cond(cond);
864 }
865
866 no_invert:
867 cmp->cond = cond;
868 cmp->value = value;
869 cmp->value_global = global;
870 }
871
872 void arm_free_cc(DisasCompare *cmp)
873 {
874 if (!cmp->value_global) {
875 tcg_temp_free_i32(cmp->value);
876 }
877 }
878
879 void arm_jump_cc(DisasCompare *cmp, TCGLabel *label)
880 {
881 tcg_gen_brcondi_i32(cmp->cond, cmp->value, 0, label);
882 }
883
884 void arm_gen_test_cc(int cc, TCGLabel *label)
885 {
886 DisasCompare cmp;
887 arm_test_cc(&cmp, cc);
888 arm_jump_cc(&cmp, label);
889 arm_free_cc(&cmp);
890 }
891
892 static const uint8_t table_logic_cc[16] = {
893 1, /* and */
894 1, /* xor */
895 0, /* sub */
896 0, /* rsb */
897 0, /* add */
898 0, /* adc */
899 0, /* sbc */
900 0, /* rsc */
901 1, /* andl */
902 1, /* xorl */
903 0, /* cmp */
904 0, /* cmn */
905 1, /* orr */
906 1, /* mov */
907 1, /* bic */
908 1, /* mvn */
909 };
910
911 static inline void gen_set_condexec(DisasContext *s)
912 {
913 if (s->condexec_mask) {
914 uint32_t val = (s->condexec_cond << 4) | (s->condexec_mask >> 1);
915 TCGv_i32 tmp = tcg_temp_new_i32();
916 tcg_gen_movi_i32(tmp, val);
917 store_cpu_field(tmp, condexec_bits);
918 }
919 }
920
921 static inline void gen_set_pc_im(DisasContext *s, target_ulong val)
922 {
923 tcg_gen_movi_i32(cpu_R[15], val);
924 }
925
926 /* Set PC and Thumb state from an immediate address. */
927 static inline void gen_bx_im(DisasContext *s, uint32_t addr)
928 {
929 TCGv_i32 tmp;
930
931 s->base.is_jmp = DISAS_JUMP;
932 if (s->thumb != (addr & 1)) {
933 tmp = tcg_temp_new_i32();
934 tcg_gen_movi_i32(tmp, addr & 1);
935 tcg_gen_st_i32(tmp, cpu_env, offsetof(CPUARMState, thumb));
936 tcg_temp_free_i32(tmp);
937 }
938 tcg_gen_movi_i32(cpu_R[15], addr & ~1);
939 }
940
941 /* Set PC and Thumb state from var. var is marked as dead. */
942 static inline void gen_bx(DisasContext *s, TCGv_i32 var)
943 {
944 s->base.is_jmp = DISAS_JUMP;
945 tcg_gen_andi_i32(cpu_R[15], var, ~1);
946 tcg_gen_andi_i32(var, var, 1);
947 store_cpu_field(var, thumb);
948 }
949
950 /* Set PC and Thumb state from var. var is marked as dead.
951 * For M-profile CPUs, include logic to detect exception-return
952 * branches and handle them. This is needed for Thumb POP/LDM to PC, LDR to PC,
953 * and BX reg, and no others, and happens only for code in Handler mode.
954 */
955 static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var)
956 {
957 /* Generate the same code here as for a simple bx, but flag via
958 * s->base.is_jmp that we need to do the rest of the work later.
959 */
960 gen_bx(s, var);
961 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY) ||
962 (s->v7m_handler_mode && arm_dc_feature(s, ARM_FEATURE_M))) {
963 s->base.is_jmp = DISAS_BX_EXCRET;
964 }
965 }
966
967 static inline void gen_bx_excret_final_code(DisasContext *s)
968 {
969 /* Generate the code to finish possible exception return and end the TB */
970 TCGLabel *excret_label = gen_new_label();
971 uint32_t min_magic;
972
973 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY)) {
974 /* Covers FNC_RETURN and EXC_RETURN magic */
975 min_magic = FNC_RETURN_MIN_MAGIC;
976 } else {
977 /* EXC_RETURN magic only */
978 min_magic = EXC_RETURN_MIN_MAGIC;
979 }
980
981 /* Is the new PC value in the magic range indicating exception return? */
982 tcg_gen_brcondi_i32(TCG_COND_GEU, cpu_R[15], min_magic, excret_label);
983 /* No: end the TB as we would for a DISAS_JMP */
984 if (is_singlestepping(s)) {
985 gen_singlestep_exception(s);
986 } else {
987 tcg_gen_exit_tb(NULL, 0);
988 }
989 gen_set_label(excret_label);
990 /* Yes: this is an exception return.
991 * At this point in runtime env->regs[15] and env->thumb will hold
992 * the exception-return magic number, which do_v7m_exception_exit()
993 * will read. Nothing else will be able to see those values because
994 * the cpu-exec main loop guarantees that we will always go straight
995 * from raising the exception to the exception-handling code.
996 *
997 * gen_ss_advance(s) does nothing on M profile currently but
998 * calling it is conceptually the right thing as we have executed
999 * this instruction (compare SWI, HVC, SMC handling).
1000 */
1001 gen_ss_advance(s);
1002 gen_exception_internal(EXCP_EXCEPTION_EXIT);
1003 }
1004
1005 static inline void gen_bxns(DisasContext *s, int rm)
1006 {
1007 TCGv_i32 var = load_reg(s, rm);
1008
1009 /* The bxns helper may raise an EXCEPTION_EXIT exception, so in theory
1010 * we need to sync state before calling it, but:
1011 * - we don't need to do gen_set_pc_im() because the bxns helper will
1012 * always set the PC itself
1013 * - we don't need to do gen_set_condexec() because BXNS is UNPREDICTABLE
1014 * unless it's outside an IT block or the last insn in an IT block,
1015 * so we know that condexec == 0 (already set at the top of the TB)
1016 * is correct in the non-UNPREDICTABLE cases, and we can choose
1017 * "zeroes the IT bits" as our UNPREDICTABLE behaviour otherwise.
1018 */
1019 gen_helper_v7m_bxns(cpu_env, var);
1020 tcg_temp_free_i32(var);
1021 s->base.is_jmp = DISAS_EXIT;
1022 }
1023
1024 static inline void gen_blxns(DisasContext *s, int rm)
1025 {
1026 TCGv_i32 var = load_reg(s, rm);
1027
1028 /* We don't need to sync condexec state, for the same reason as bxns.
1029 * We do however need to set the PC, because the blxns helper reads it.
1030 * The blxns helper may throw an exception.
1031 */
1032 gen_set_pc_im(s, s->base.pc_next);
1033 gen_helper_v7m_blxns(cpu_env, var);
1034 tcg_temp_free_i32(var);
1035 s->base.is_jmp = DISAS_EXIT;
1036 }
1037
1038 /* Variant of store_reg which uses branch&exchange logic when storing
1039 to r15 in ARM architecture v7 and above. The source must be a temporary
1040 and will be marked as dead. */
1041 static inline void store_reg_bx(DisasContext *s, int reg, TCGv_i32 var)
1042 {
1043 if (reg == 15 && ENABLE_ARCH_7) {
1044 gen_bx(s, var);
1045 } else {
1046 store_reg(s, reg, var);
1047 }
1048 }
1049
1050 /* Variant of store_reg which uses branch&exchange logic when storing
1051 * to r15 in ARM architecture v5T and above. This is used for storing
1052 * the results of a LDR/LDM/POP into r15, and corresponds to the cases
1053 * in the ARM ARM which use the LoadWritePC() pseudocode function. */
1054 static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
1055 {
1056 if (reg == 15 && ENABLE_ARCH_5) {
1057 gen_bx_excret(s, var);
1058 } else {
1059 store_reg(s, reg, var);
1060 }
1061 }
1062
1063 #ifdef CONFIG_USER_ONLY
1064 #define IS_USER_ONLY 1
1065 #else
1066 #define IS_USER_ONLY 0
1067 #endif
1068
1069 /* Abstractions of "generate code to do a guest load/store for
1070 * AArch32", where a vaddr is always 32 bits (and is zero
1071 * extended if we're a 64 bit core) and data is also
1072 * 32 bits unless specifically doing a 64 bit access.
1073 * These functions work like tcg_gen_qemu_{ld,st}* except
1074 * that the address argument is TCGv_i32 rather than TCGv.
1075 */
1076
1077 static inline TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, TCGMemOp op)
1078 {
1079 TCGv addr = tcg_temp_new();
1080 tcg_gen_extu_i32_tl(addr, a32);
1081
1082 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1083 if (!IS_USER_ONLY && s->sctlr_b && (op & MO_SIZE) < MO_32) {
1084 tcg_gen_xori_tl(addr, addr, 4 - (1 << (op & MO_SIZE)));
1085 }
1086 return addr;
1087 }
1088
1089 static void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
1090 int index, TCGMemOp opc)
1091 {
1092 TCGv addr;
1093
1094 if (arm_dc_feature(s, ARM_FEATURE_M) &&
1095 !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
1096 opc |= MO_ALIGN;
1097 }
1098
1099 addr = gen_aa32_addr(s, a32, opc);
1100 tcg_gen_qemu_ld_i32(val, addr, index, opc);
1101 tcg_temp_free(addr);
1102 }
1103
1104 static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
1105 int index, TCGMemOp opc)
1106 {
1107 TCGv addr;
1108
1109 if (arm_dc_feature(s, ARM_FEATURE_M) &&
1110 !arm_dc_feature(s, ARM_FEATURE_M_MAIN)) {
1111 opc |= MO_ALIGN;
1112 }
1113
1114 addr = gen_aa32_addr(s, a32, opc);
1115 tcg_gen_qemu_st_i32(val, addr, index, opc);
1116 tcg_temp_free(addr);
1117 }
1118
1119 #define DO_GEN_LD(SUFF, OPC) \
1120 static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val, \
1121 TCGv_i32 a32, int index) \
1122 { \
1123 gen_aa32_ld_i32(s, val, a32, index, OPC | s->be_data); \
1124 } \
1125 static inline void gen_aa32_ld##SUFF##_iss(DisasContext *s, \
1126 TCGv_i32 val, \
1127 TCGv_i32 a32, int index, \
1128 ISSInfo issinfo) \
1129 { \
1130 gen_aa32_ld##SUFF(s, val, a32, index); \
1131 disas_set_da_iss(s, OPC, issinfo); \
1132 }
1133
1134 #define DO_GEN_ST(SUFF, OPC) \
1135 static inline void gen_aa32_st##SUFF(DisasContext *s, TCGv_i32 val, \
1136 TCGv_i32 a32, int index) \
1137 { \
1138 gen_aa32_st_i32(s, val, a32, index, OPC | s->be_data); \
1139 } \
1140 static inline void gen_aa32_st##SUFF##_iss(DisasContext *s, \
1141 TCGv_i32 val, \
1142 TCGv_i32 a32, int index, \
1143 ISSInfo issinfo) \
1144 { \
1145 gen_aa32_st##SUFF(s, val, a32, index); \
1146 disas_set_da_iss(s, OPC, issinfo | ISSIsWrite); \
1147 }
1148
1149 static inline void gen_aa32_frob64(DisasContext *s, TCGv_i64 val)
1150 {
1151 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1152 if (!IS_USER_ONLY && s->sctlr_b) {
1153 tcg_gen_rotri_i64(val, val, 32);
1154 }
1155 }
1156
1157 static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
1158 int index, TCGMemOp opc)
1159 {
1160 TCGv addr = gen_aa32_addr(s, a32, opc);
1161 tcg_gen_qemu_ld_i64(val, addr, index, opc);
1162 gen_aa32_frob64(s, val);
1163 tcg_temp_free(addr);
1164 }
1165
1166 static inline void gen_aa32_ld64(DisasContext *s, TCGv_i64 val,
1167 TCGv_i32 a32, int index)
1168 {
1169 gen_aa32_ld_i64(s, val, a32, index, MO_Q | s->be_data);
1170 }
1171
1172 static void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
1173 int index, TCGMemOp opc)
1174 {
1175 TCGv addr = gen_aa32_addr(s, a32, opc);
1176
1177 /* Not needed for user-mode BE32, where we use MO_BE instead. */
1178 if (!IS_USER_ONLY && s->sctlr_b) {
1179 TCGv_i64 tmp = tcg_temp_new_i64();
1180 tcg_gen_rotri_i64(tmp, val, 32);
1181 tcg_gen_qemu_st_i64(tmp, addr, index, opc);
1182 tcg_temp_free_i64(tmp);
1183 } else {
1184 tcg_gen_qemu_st_i64(val, addr, index, opc);
1185 }
1186 tcg_temp_free(addr);
1187 }
1188
1189 static inline void gen_aa32_st64(DisasContext *s, TCGv_i64 val,
1190 TCGv_i32 a32, int index)
1191 {
1192 gen_aa32_st_i64(s, val, a32, index, MO_Q | s->be_data);
1193 }
1194
1195 DO_GEN_LD(8s, MO_SB)
1196 DO_GEN_LD(8u, MO_UB)
1197 DO_GEN_LD(16s, MO_SW)
1198 DO_GEN_LD(16u, MO_UW)
1199 DO_GEN_LD(32u, MO_UL)
1200 DO_GEN_ST(8, MO_UB)
1201 DO_GEN_ST(16, MO_UW)
1202 DO_GEN_ST(32, MO_UL)
1203
1204 static inline void gen_hvc(DisasContext *s, int imm16)
1205 {
1206 /* The pre HVC helper handles cases when HVC gets trapped
1207 * as an undefined insn by runtime configuration (ie before
1208 * the insn really executes).
1209 */
1210 gen_set_pc_im(s, s->pc_curr);
1211 gen_helper_pre_hvc(cpu_env);
1212 /* Otherwise we will treat this as a real exception which
1213 * happens after execution of the insn. (The distinction matters
1214 * for the PC value reported to the exception handler and also
1215 * for single stepping.)
1216 */
1217 s->svc_imm = imm16;
1218 gen_set_pc_im(s, s->base.pc_next);
1219 s->base.is_jmp = DISAS_HVC;
1220 }
1221
1222 static inline void gen_smc(DisasContext *s)
1223 {
1224 /* As with HVC, we may take an exception either before or after
1225 * the insn executes.
1226 */
1227 TCGv_i32 tmp;
1228
1229 gen_set_pc_im(s, s->pc_curr);
1230 tmp = tcg_const_i32(syn_aa32_smc());
1231 gen_helper_pre_smc(cpu_env, tmp);
1232 tcg_temp_free_i32(tmp);
1233 gen_set_pc_im(s, s->base.pc_next);
1234 s->base.is_jmp = DISAS_SMC;
1235 }
1236
1237 static void gen_exception_internal_insn(DisasContext *s, uint32_t pc, int excp)
1238 {
1239 gen_set_condexec(s);
1240 gen_set_pc_im(s, pc);
1241 gen_exception_internal(excp);
1242 s->base.is_jmp = DISAS_NORETURN;
1243 }
1244
1245 static void gen_exception_insn(DisasContext *s, uint32_t pc, int excp,
1246 int syn, uint32_t target_el)
1247 {
1248 gen_set_condexec(s);
1249 gen_set_pc_im(s, pc);
1250 gen_exception(excp, syn, target_el);
1251 s->base.is_jmp = DISAS_NORETURN;
1252 }
1253
1254 static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
1255 {
1256 TCGv_i32 tcg_syn;
1257
1258 gen_set_condexec(s);
1259 gen_set_pc_im(s, s->pc_curr);
1260 tcg_syn = tcg_const_i32(syn);
1261 gen_helper_exception_bkpt_insn(cpu_env, tcg_syn);
1262 tcg_temp_free_i32(tcg_syn);
1263 s->base.is_jmp = DISAS_NORETURN;
1264 }
1265
1266 void unallocated_encoding(DisasContext *s)
1267 {
1268 /* Unallocated and reserved encodings are uncategorized */
1269 gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
1270 default_exception_el(s));
1271 }
1272
1273 /* Force a TB lookup after an instruction that changes the CPU state. */
1274 static inline void gen_lookup_tb(DisasContext *s)
1275 {
1276 tcg_gen_movi_i32(cpu_R[15], s->base.pc_next);
1277 s->base.is_jmp = DISAS_EXIT;
1278 }
1279
1280 static inline void gen_hlt(DisasContext *s, int imm)
1281 {
1282 /* HLT. This has two purposes.
1283 * Architecturally, it is an external halting debug instruction.
1284 * Since QEMU doesn't implement external debug, we treat this as
1285 * it is required for halting debug disabled: it will UNDEF.
1286 * Secondly, "HLT 0x3C" is a T32 semihosting trap instruction,
1287 * and "HLT 0xF000" is an A32 semihosting syscall. These traps
1288 * must trigger semihosting even for ARMv7 and earlier, where
1289 * HLT was an undefined encoding.
1290 * In system mode, we don't allow userspace access to
1291 * semihosting, to provide some semblance of security
1292 * (and for consistency with our 32-bit semihosting).
1293 */
1294 if (semihosting_enabled() &&
1295 #ifndef CONFIG_USER_ONLY
1296 s->current_el != 0 &&
1297 #endif
1298 (imm == (s->thumb ? 0x3c : 0xf000))) {
1299 gen_exception_internal_insn(s, s->base.pc_next, EXCP_SEMIHOST);
1300 return;
1301 }
1302
1303 unallocated_encoding(s);
1304 }
1305
1306 static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
1307 TCGv_i32 var)
1308 {
1309 int val, rm, shift, shiftop;
1310 TCGv_i32 offset;
1311
1312 if (!(insn & (1 << 25))) {
1313 /* immediate */
1314 val = insn & 0xfff;
1315 if (!(insn & (1 << 23)))
1316 val = -val;
1317 if (val != 0)
1318 tcg_gen_addi_i32(var, var, val);
1319 } else {
1320 /* shift/register */
1321 rm = (insn) & 0xf;
1322 shift = (insn >> 7) & 0x1f;
1323 shiftop = (insn >> 5) & 3;
1324 offset = load_reg(s, rm);
1325 gen_arm_shift_im(offset, shiftop, shift, 0);
1326 if (!(insn & (1 << 23)))
1327 tcg_gen_sub_i32(var, var, offset);
1328 else
1329 tcg_gen_add_i32(var, var, offset);
1330 tcg_temp_free_i32(offset);
1331 }
1332 }
1333
1334 static inline void gen_add_datah_offset(DisasContext *s, unsigned int insn,
1335 int extra, TCGv_i32 var)
1336 {
1337 int val, rm;
1338 TCGv_i32 offset;
1339
1340 if (insn & (1 << 22)) {
1341 /* immediate */
1342 val = (insn & 0xf) | ((insn >> 4) & 0xf0);
1343 if (!(insn & (1 << 23)))
1344 val = -val;
1345 val += extra;
1346 if (val != 0)
1347 tcg_gen_addi_i32(var, var, val);
1348 } else {
1349 /* register */
1350 if (extra)
1351 tcg_gen_addi_i32(var, var, extra);
1352 rm = (insn) & 0xf;
1353 offset = load_reg(s, rm);
1354 if (!(insn & (1 << 23)))
1355 tcg_gen_sub_i32(var, var, offset);
1356 else
1357 tcg_gen_add_i32(var, var, offset);
1358 tcg_temp_free_i32(offset);
1359 }
1360 }
1361
1362 static TCGv_ptr get_fpstatus_ptr(int neon)
1363 {
1364 TCGv_ptr statusptr = tcg_temp_new_ptr();
1365 int offset;
1366 if (neon) {
1367 offset = offsetof(CPUARMState, vfp.standard_fp_status);
1368 } else {
1369 offset = offsetof(CPUARMState, vfp.fp_status);
1370 }
1371 tcg_gen_addi_ptr(statusptr, cpu_env, offset);
1372 return statusptr;
1373 }
1374
1375 static inline long vfp_reg_offset(bool dp, unsigned reg)
1376 {
1377 if (dp) {
1378 return offsetof(CPUARMState, vfp.zregs[reg >> 1].d[reg & 1]);
1379 } else {
1380 long ofs = offsetof(CPUARMState, vfp.zregs[reg >> 2].d[(reg >> 1) & 1]);
1381 if (reg & 1) {
1382 ofs += offsetof(CPU_DoubleU, l.upper);
1383 } else {
1384 ofs += offsetof(CPU_DoubleU, l.lower);
1385 }
1386 return ofs;
1387 }
1388 }
1389
1390 /* Return the offset of a 32-bit piece of a NEON register.
1391 zero is the least significant end of the register. */
1392 static inline long
1393 neon_reg_offset (int reg, int n)
1394 {
1395 int sreg;
1396 sreg = reg * 2 + n;
1397 return vfp_reg_offset(0, sreg);
1398 }
1399
1400 /* Return the offset of a 2**SIZE piece of a NEON register, at index ELE,
1401 * where 0 is the least significant end of the register.
1402 */
1403 static inline long
1404 neon_element_offset(int reg, int element, TCGMemOp size)
1405 {
1406 int element_size = 1 << size;
1407 int ofs = element * element_size;
1408 #ifdef HOST_WORDS_BIGENDIAN
1409 /* Calculate the offset assuming fully little-endian,
1410 * then XOR to account for the order of the 8-byte units.
1411 */
1412 if (element_size < 8) {
1413 ofs ^= 8 - element_size;
1414 }
1415 #endif
1416 return neon_reg_offset(reg, 0) + ofs;
1417 }
1418
1419 static TCGv_i32 neon_load_reg(int reg, int pass)
1420 {
1421 TCGv_i32 tmp = tcg_temp_new_i32();
1422 tcg_gen_ld_i32(tmp, cpu_env, neon_reg_offset(reg, pass));
1423 return tmp;
1424 }
1425
1426 static void neon_load_element(TCGv_i32 var, int reg, int ele, TCGMemOp mop)
1427 {
1428 long offset = neon_element_offset(reg, ele, mop & MO_SIZE);
1429
1430 switch (mop) {
1431 case MO_UB:
1432 tcg_gen_ld8u_i32(var, cpu_env, offset);
1433 break;
1434 case MO_UW:
1435 tcg_gen_ld16u_i32(var, cpu_env, offset);
1436 break;
1437 case MO_UL:
1438 tcg_gen_ld_i32(var, cpu_env, offset);
1439 break;
1440 default:
1441 g_assert_not_reached();
1442 }
1443 }
1444
1445 static void neon_load_element64(TCGv_i64 var, int reg, int ele, TCGMemOp mop)
1446 {
1447 long offset = neon_element_offset(reg, ele, mop & MO_SIZE);
1448
1449 switch (mop) {
1450 case MO_UB:
1451 tcg_gen_ld8u_i64(var, cpu_env, offset);
1452 break;
1453 case MO_UW:
1454 tcg_gen_ld16u_i64(var, cpu_env, offset);
1455 break;
1456 case MO_UL:
1457 tcg_gen_ld32u_i64(var, cpu_env, offset);
1458 break;
1459 case MO_Q:
1460 tcg_gen_ld_i64(var, cpu_env, offset);
1461 break;
1462 default:
1463 g_assert_not_reached();
1464 }
1465 }
1466
1467 static void neon_store_reg(int reg, int pass, TCGv_i32 var)
1468 {
1469 tcg_gen_st_i32(var, cpu_env, neon_reg_offset(reg, pass));
1470 tcg_temp_free_i32(var);
1471 }
1472
1473 static void neon_store_element(int reg, int ele, TCGMemOp size, TCGv_i32 var)
1474 {
1475 long offset = neon_element_offset(reg, ele, size);
1476
1477 switch (size) {
1478 case MO_8:
1479 tcg_gen_st8_i32(var, cpu_env, offset);
1480 break;
1481 case MO_16:
1482 tcg_gen_st16_i32(var, cpu_env, offset);
1483 break;
1484 case MO_32:
1485 tcg_gen_st_i32(var, cpu_env, offset);
1486 break;
1487 default:
1488 g_assert_not_reached();
1489 }
1490 }
1491
1492 static void neon_store_element64(int reg, int ele, TCGMemOp size, TCGv_i64 var)
1493 {
1494 long offset = neon_element_offset(reg, ele, size);
1495
1496 switch (size) {
1497 case MO_8:
1498 tcg_gen_st8_i64(var, cpu_env, offset);
1499 break;
1500 case MO_16:
1501 tcg_gen_st16_i64(var, cpu_env, offset);
1502 break;
1503 case MO_32:
1504 tcg_gen_st32_i64(var, cpu_env, offset);
1505 break;
1506 case MO_64:
1507 tcg_gen_st_i64(var, cpu_env, offset);
1508 break;
1509 default:
1510 g_assert_not_reached();
1511 }
1512 }
1513
1514 static inline void neon_load_reg64(TCGv_i64 var, int reg)
1515 {
1516 tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(1, reg));
1517 }
1518
1519 static inline void neon_store_reg64(TCGv_i64 var, int reg)
1520 {
1521 tcg_gen_st_i64(var, cpu_env, vfp_reg_offset(1, reg));
1522 }
1523
1524 static inline void neon_load_reg32(TCGv_i32 var, int reg)
1525 {
1526 tcg_gen_ld_i32(var, cpu_env, vfp_reg_offset(false, reg));
1527 }
1528
1529 static inline void neon_store_reg32(TCGv_i32 var, int reg)
1530 {
1531 tcg_gen_st_i32(var, cpu_env, vfp_reg_offset(false, reg));
1532 }
1533
1534 static TCGv_ptr vfp_reg_ptr(bool dp, int reg)
1535 {
1536 TCGv_ptr ret = tcg_temp_new_ptr();
1537 tcg_gen_addi_ptr(ret, cpu_env, vfp_reg_offset(dp, reg));
1538 return ret;
1539 }
1540
1541 #define ARM_CP_RW_BIT (1 << 20)
1542
1543 /* Include the VFP decoder */
1544 #include "translate-vfp.inc.c"
1545
1546 static inline void iwmmxt_load_reg(TCGv_i64 var, int reg)
1547 {
1548 tcg_gen_ld_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1549 }
1550
1551 static inline void iwmmxt_store_reg(TCGv_i64 var, int reg)
1552 {
1553 tcg_gen_st_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1554 }
1555
1556 static inline TCGv_i32 iwmmxt_load_creg(int reg)
1557 {
1558 TCGv_i32 var = tcg_temp_new_i32();
1559 tcg_gen_ld_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1560 return var;
1561 }
1562
1563 static inline void iwmmxt_store_creg(int reg, TCGv_i32 var)
1564 {
1565 tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1566 tcg_temp_free_i32(var);
1567 }
1568
1569 static inline void gen_op_iwmmxt_movq_wRn_M0(int rn)
1570 {
1571 iwmmxt_store_reg(cpu_M0, rn);
1572 }
1573
1574 static inline void gen_op_iwmmxt_movq_M0_wRn(int rn)
1575 {
1576 iwmmxt_load_reg(cpu_M0, rn);
1577 }
1578
1579 static inline void gen_op_iwmmxt_orq_M0_wRn(int rn)
1580 {
1581 iwmmxt_load_reg(cpu_V1, rn);
1582 tcg_gen_or_i64(cpu_M0, cpu_M0, cpu_V1);
1583 }
1584
1585 static inline void gen_op_iwmmxt_andq_M0_wRn(int rn)
1586 {
1587 iwmmxt_load_reg(cpu_V1, rn);
1588 tcg_gen_and_i64(cpu_M0, cpu_M0, cpu_V1);
1589 }
1590
1591 static inline void gen_op_iwmmxt_xorq_M0_wRn(int rn)
1592 {
1593 iwmmxt_load_reg(cpu_V1, rn);
1594 tcg_gen_xor_i64(cpu_M0, cpu_M0, cpu_V1);
1595 }
1596
1597 #define IWMMXT_OP(name) \
1598 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1599 { \
1600 iwmmxt_load_reg(cpu_V1, rn); \
1601 gen_helper_iwmmxt_##name(cpu_M0, cpu_M0, cpu_V1); \
1602 }
1603
1604 #define IWMMXT_OP_ENV(name) \
1605 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1606 { \
1607 iwmmxt_load_reg(cpu_V1, rn); \
1608 gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0, cpu_V1); \
1609 }
1610
1611 #define IWMMXT_OP_ENV_SIZE(name) \
1612 IWMMXT_OP_ENV(name##b) \
1613 IWMMXT_OP_ENV(name##w) \
1614 IWMMXT_OP_ENV(name##l)
1615
1616 #define IWMMXT_OP_ENV1(name) \
1617 static inline void gen_op_iwmmxt_##name##_M0(void) \
1618 { \
1619 gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0); \
1620 }
1621
1622 IWMMXT_OP(maddsq)
1623 IWMMXT_OP(madduq)
1624 IWMMXT_OP(sadb)
1625 IWMMXT_OP(sadw)
1626 IWMMXT_OP(mulslw)
1627 IWMMXT_OP(mulshw)
1628 IWMMXT_OP(mululw)
1629 IWMMXT_OP(muluhw)
1630 IWMMXT_OP(macsw)
1631 IWMMXT_OP(macuw)
1632
1633 IWMMXT_OP_ENV_SIZE(unpackl)
1634 IWMMXT_OP_ENV_SIZE(unpackh)
1635
1636 IWMMXT_OP_ENV1(unpacklub)
1637 IWMMXT_OP_ENV1(unpackluw)
1638 IWMMXT_OP_ENV1(unpacklul)
1639 IWMMXT_OP_ENV1(unpackhub)
1640 IWMMXT_OP_ENV1(unpackhuw)
1641 IWMMXT_OP_ENV1(unpackhul)
1642 IWMMXT_OP_ENV1(unpacklsb)
1643 IWMMXT_OP_ENV1(unpacklsw)
1644 IWMMXT_OP_ENV1(unpacklsl)
1645 IWMMXT_OP_ENV1(unpackhsb)
1646 IWMMXT_OP_ENV1(unpackhsw)
1647 IWMMXT_OP_ENV1(unpackhsl)
1648
1649 IWMMXT_OP_ENV_SIZE(cmpeq)
1650 IWMMXT_OP_ENV_SIZE(cmpgtu)
1651 IWMMXT_OP_ENV_SIZE(cmpgts)
1652
1653 IWMMXT_OP_ENV_SIZE(mins)
1654 IWMMXT_OP_ENV_SIZE(minu)
1655 IWMMXT_OP_ENV_SIZE(maxs)
1656 IWMMXT_OP_ENV_SIZE(maxu)
1657
1658 IWMMXT_OP_ENV_SIZE(subn)
1659 IWMMXT_OP_ENV_SIZE(addn)
1660 IWMMXT_OP_ENV_SIZE(subu)
1661 IWMMXT_OP_ENV_SIZE(addu)
1662 IWMMXT_OP_ENV_SIZE(subs)
1663 IWMMXT_OP_ENV_SIZE(adds)
1664
1665 IWMMXT_OP_ENV(avgb0)
1666 IWMMXT_OP_ENV(avgb1)
1667 IWMMXT_OP_ENV(avgw0)
1668 IWMMXT_OP_ENV(avgw1)
1669
1670 IWMMXT_OP_ENV(packuw)
1671 IWMMXT_OP_ENV(packul)
1672 IWMMXT_OP_ENV(packuq)
1673 IWMMXT_OP_ENV(packsw)
1674 IWMMXT_OP_ENV(packsl)
1675 IWMMXT_OP_ENV(packsq)
1676
1677 static void gen_op_iwmmxt_set_mup(void)
1678 {
1679 TCGv_i32 tmp;
1680 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1681 tcg_gen_ori_i32(tmp, tmp, 2);
1682 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1683 }
1684
1685 static void gen_op_iwmmxt_set_cup(void)
1686 {
1687 TCGv_i32 tmp;
1688 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1689 tcg_gen_ori_i32(tmp, tmp, 1);
1690 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1691 }
1692
1693 static void gen_op_iwmmxt_setpsr_nz(void)
1694 {
1695 TCGv_i32 tmp = tcg_temp_new_i32();
1696 gen_helper_iwmmxt_setpsr_nz(tmp, cpu_M0);
1697 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCASF]);
1698 }
1699
1700 static inline void gen_op_iwmmxt_addl_M0_wRn(int rn)
1701 {
1702 iwmmxt_load_reg(cpu_V1, rn);
1703 tcg_gen_ext32u_i64(cpu_V1, cpu_V1);
1704 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
1705 }
1706
1707 static inline int gen_iwmmxt_address(DisasContext *s, uint32_t insn,
1708 TCGv_i32 dest)
1709 {
1710 int rd;
1711 uint32_t offset;
1712 TCGv_i32 tmp;
1713
1714 rd = (insn >> 16) & 0xf;
1715 tmp = load_reg(s, rd);
1716
1717 offset = (insn & 0xff) << ((insn >> 7) & 2);
1718 if (insn & (1 << 24)) {
1719 /* Pre indexed */
1720 if (insn & (1 << 23))
1721 tcg_gen_addi_i32(tmp, tmp, offset);
1722 else
1723 tcg_gen_addi_i32(tmp, tmp, -offset);
1724 tcg_gen_mov_i32(dest, tmp);
1725 if (insn & (1 << 21))
1726 store_reg(s, rd, tmp);
1727 else
1728 tcg_temp_free_i32(tmp);
1729 } else if (insn & (1 << 21)) {
1730 /* Post indexed */
1731 tcg_gen_mov_i32(dest, tmp);
1732 if (insn & (1 << 23))
1733 tcg_gen_addi_i32(tmp, tmp, offset);
1734 else
1735 tcg_gen_addi_i32(tmp, tmp, -offset);
1736 store_reg(s, rd, tmp);
1737 } else if (!(insn & (1 << 23)))
1738 return 1;
1739 return 0;
1740 }
1741
1742 static inline int gen_iwmmxt_shift(uint32_t insn, uint32_t mask, TCGv_i32 dest)
1743 {
1744 int rd = (insn >> 0) & 0xf;
1745 TCGv_i32 tmp;
1746
1747 if (insn & (1 << 8)) {
1748 if (rd < ARM_IWMMXT_wCGR0 || rd > ARM_IWMMXT_wCGR3) {
1749 return 1;
1750 } else {
1751 tmp = iwmmxt_load_creg(rd);
1752 }
1753 } else {
1754 tmp = tcg_temp_new_i32();
1755 iwmmxt_load_reg(cpu_V0, rd);
1756 tcg_gen_extrl_i64_i32(tmp, cpu_V0);
1757 }
1758 tcg_gen_andi_i32(tmp, tmp, mask);
1759 tcg_gen_mov_i32(dest, tmp);
1760 tcg_temp_free_i32(tmp);
1761 return 0;
1762 }
1763
1764 /* Disassemble an iwMMXt instruction. Returns nonzero if an error occurred
1765 (ie. an undefined instruction). */
1766 static int disas_iwmmxt_insn(DisasContext *s, uint32_t insn)
1767 {
1768 int rd, wrd;
1769 int rdhi, rdlo, rd0, rd1, i;
1770 TCGv_i32 addr;
1771 TCGv_i32 tmp, tmp2, tmp3;
1772
1773 if ((insn & 0x0e000e00) == 0x0c000000) {
1774 if ((insn & 0x0fe00ff0) == 0x0c400000) {
1775 wrd = insn & 0xf;
1776 rdlo = (insn >> 12) & 0xf;
1777 rdhi = (insn >> 16) & 0xf;
1778 if (insn & ARM_CP_RW_BIT) { /* TMRRC */
1779 iwmmxt_load_reg(cpu_V0, wrd);
1780 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
1781 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
1782 tcg_gen_extrl_i64_i32(cpu_R[rdhi], cpu_V0);
1783 } else { /* TMCRR */
1784 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
1785 iwmmxt_store_reg(cpu_V0, wrd);
1786 gen_op_iwmmxt_set_mup();
1787 }
1788 return 0;
1789 }
1790
1791 wrd = (insn >> 12) & 0xf;
1792 addr = tcg_temp_new_i32();
1793 if (gen_iwmmxt_address(s, insn, addr)) {
1794 tcg_temp_free_i32(addr);
1795 return 1;
1796 }
1797 if (insn & ARM_CP_RW_BIT) {
1798 if ((insn >> 28) == 0xf) { /* WLDRW wCx */
1799 tmp = tcg_temp_new_i32();
1800 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1801 iwmmxt_store_creg(wrd, tmp);
1802 } else {
1803 i = 1;
1804 if (insn & (1 << 8)) {
1805 if (insn & (1 << 22)) { /* WLDRD */
1806 gen_aa32_ld64(s, cpu_M0, addr, get_mem_index(s));
1807 i = 0;
1808 } else { /* WLDRW wRd */
1809 tmp = tcg_temp_new_i32();
1810 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1811 }
1812 } else {
1813 tmp = tcg_temp_new_i32();
1814 if (insn & (1 << 22)) { /* WLDRH */
1815 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
1816 } else { /* WLDRB */
1817 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
1818 }
1819 }
1820 if (i) {
1821 tcg_gen_extu_i32_i64(cpu_M0, tmp);
1822 tcg_temp_free_i32(tmp);
1823 }
1824 gen_op_iwmmxt_movq_wRn_M0(wrd);
1825 }
1826 } else {
1827 if ((insn >> 28) == 0xf) { /* WSTRW wCx */
1828 tmp = iwmmxt_load_creg(wrd);
1829 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1830 } else {
1831 gen_op_iwmmxt_movq_M0_wRn(wrd);
1832 tmp = tcg_temp_new_i32();
1833 if (insn & (1 << 8)) {
1834 if (insn & (1 << 22)) { /* WSTRD */
1835 gen_aa32_st64(s, cpu_M0, addr, get_mem_index(s));
1836 } else { /* WSTRW wRd */
1837 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1838 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1839 }
1840 } else {
1841 if (insn & (1 << 22)) { /* WSTRH */
1842 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1843 gen_aa32_st16(s, tmp, addr, get_mem_index(s));
1844 } else { /* WSTRB */
1845 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1846 gen_aa32_st8(s, tmp, addr, get_mem_index(s));
1847 }
1848 }
1849 }
1850 tcg_temp_free_i32(tmp);
1851 }
1852 tcg_temp_free_i32(addr);
1853 return 0;
1854 }
1855
1856 if ((insn & 0x0f000000) != 0x0e000000)
1857 return 1;
1858
1859 switch (((insn >> 12) & 0xf00) | ((insn >> 4) & 0xff)) {
1860 case 0x000: /* WOR */
1861 wrd = (insn >> 12) & 0xf;
1862 rd0 = (insn >> 0) & 0xf;
1863 rd1 = (insn >> 16) & 0xf;
1864 gen_op_iwmmxt_movq_M0_wRn(rd0);
1865 gen_op_iwmmxt_orq_M0_wRn(rd1);
1866 gen_op_iwmmxt_setpsr_nz();
1867 gen_op_iwmmxt_movq_wRn_M0(wrd);
1868 gen_op_iwmmxt_set_mup();
1869 gen_op_iwmmxt_set_cup();
1870 break;
1871 case 0x011: /* TMCR */
1872 if (insn & 0xf)
1873 return 1;
1874 rd = (insn >> 12) & 0xf;
1875 wrd = (insn >> 16) & 0xf;
1876 switch (wrd) {
1877 case ARM_IWMMXT_wCID:
1878 case ARM_IWMMXT_wCASF:
1879 break;
1880 case ARM_IWMMXT_wCon:
1881 gen_op_iwmmxt_set_cup();
1882 /* Fall through. */
1883 case ARM_IWMMXT_wCSSF:
1884 tmp = iwmmxt_load_creg(wrd);
1885 tmp2 = load_reg(s, rd);
1886 tcg_gen_andc_i32(tmp, tmp, tmp2);
1887 tcg_temp_free_i32(tmp2);
1888 iwmmxt_store_creg(wrd, tmp);
1889 break;
1890 case ARM_IWMMXT_wCGR0:
1891 case ARM_IWMMXT_wCGR1:
1892 case ARM_IWMMXT_wCGR2:
1893 case ARM_IWMMXT_wCGR3:
1894 gen_op_iwmmxt_set_cup();
1895 tmp = load_reg(s, rd);
1896 iwmmxt_store_creg(wrd, tmp);
1897 break;
1898 default:
1899 return 1;
1900 }
1901 break;
1902 case 0x100: /* WXOR */
1903 wrd = (insn >> 12) & 0xf;
1904 rd0 = (insn >> 0) & 0xf;
1905 rd1 = (insn >> 16) & 0xf;
1906 gen_op_iwmmxt_movq_M0_wRn(rd0);
1907 gen_op_iwmmxt_xorq_M0_wRn(rd1);
1908 gen_op_iwmmxt_setpsr_nz();
1909 gen_op_iwmmxt_movq_wRn_M0(wrd);
1910 gen_op_iwmmxt_set_mup();
1911 gen_op_iwmmxt_set_cup();
1912 break;
1913 case 0x111: /* TMRC */
1914 if (insn & 0xf)
1915 return 1;
1916 rd = (insn >> 12) & 0xf;
1917 wrd = (insn >> 16) & 0xf;
1918 tmp = iwmmxt_load_creg(wrd);
1919 store_reg(s, rd, tmp);
1920 break;
1921 case 0x300: /* WANDN */
1922 wrd = (insn >> 12) & 0xf;
1923 rd0 = (insn >> 0) & 0xf;
1924 rd1 = (insn >> 16) & 0xf;
1925 gen_op_iwmmxt_movq_M0_wRn(rd0);
1926 tcg_gen_neg_i64(cpu_M0, cpu_M0);
1927 gen_op_iwmmxt_andq_M0_wRn(rd1);
1928 gen_op_iwmmxt_setpsr_nz();
1929 gen_op_iwmmxt_movq_wRn_M0(wrd);
1930 gen_op_iwmmxt_set_mup();
1931 gen_op_iwmmxt_set_cup();
1932 break;
1933 case 0x200: /* WAND */
1934 wrd = (insn >> 12) & 0xf;
1935 rd0 = (insn >> 0) & 0xf;
1936 rd1 = (insn >> 16) & 0xf;
1937 gen_op_iwmmxt_movq_M0_wRn(rd0);
1938 gen_op_iwmmxt_andq_M0_wRn(rd1);
1939 gen_op_iwmmxt_setpsr_nz();
1940 gen_op_iwmmxt_movq_wRn_M0(wrd);
1941 gen_op_iwmmxt_set_mup();
1942 gen_op_iwmmxt_set_cup();
1943 break;
1944 case 0x810: case 0xa10: /* WMADD */
1945 wrd = (insn >> 12) & 0xf;
1946 rd0 = (insn >> 0) & 0xf;
1947 rd1 = (insn >> 16) & 0xf;
1948 gen_op_iwmmxt_movq_M0_wRn(rd0);
1949 if (insn & (1 << 21))
1950 gen_op_iwmmxt_maddsq_M0_wRn(rd1);
1951 else
1952 gen_op_iwmmxt_madduq_M0_wRn(rd1);
1953 gen_op_iwmmxt_movq_wRn_M0(wrd);
1954 gen_op_iwmmxt_set_mup();
1955 break;
1956 case 0x10e: case 0x50e: case 0x90e: case 0xd0e: /* WUNPCKIL */
1957 wrd = (insn >> 12) & 0xf;
1958 rd0 = (insn >> 16) & 0xf;
1959 rd1 = (insn >> 0) & 0xf;
1960 gen_op_iwmmxt_movq_M0_wRn(rd0);
1961 switch ((insn >> 22) & 3) {
1962 case 0:
1963 gen_op_iwmmxt_unpacklb_M0_wRn(rd1);
1964 break;
1965 case 1:
1966 gen_op_iwmmxt_unpacklw_M0_wRn(rd1);
1967 break;
1968 case 2:
1969 gen_op_iwmmxt_unpackll_M0_wRn(rd1);
1970 break;
1971 case 3:
1972 return 1;
1973 }
1974 gen_op_iwmmxt_movq_wRn_M0(wrd);
1975 gen_op_iwmmxt_set_mup();
1976 gen_op_iwmmxt_set_cup();
1977 break;
1978 case 0x10c: case 0x50c: case 0x90c: case 0xd0c: /* WUNPCKIH */
1979 wrd = (insn >> 12) & 0xf;
1980 rd0 = (insn >> 16) & 0xf;
1981 rd1 = (insn >> 0) & 0xf;
1982 gen_op_iwmmxt_movq_M0_wRn(rd0);
1983 switch ((insn >> 22) & 3) {
1984 case 0:
1985 gen_op_iwmmxt_unpackhb_M0_wRn(rd1);
1986 break;
1987 case 1:
1988 gen_op_iwmmxt_unpackhw_M0_wRn(rd1);
1989 break;
1990 case 2:
1991 gen_op_iwmmxt_unpackhl_M0_wRn(rd1);
1992 break;
1993 case 3:
1994 return 1;
1995 }
1996 gen_op_iwmmxt_movq_wRn_M0(wrd);
1997 gen_op_iwmmxt_set_mup();
1998 gen_op_iwmmxt_set_cup();
1999 break;
2000 case 0x012: case 0x112: case 0x412: case 0x512: /* WSAD */
2001 wrd = (insn >> 12) & 0xf;
2002 rd0 = (insn >> 16) & 0xf;
2003 rd1 = (insn >> 0) & 0xf;
2004 gen_op_iwmmxt_movq_M0_wRn(rd0);
2005 if (insn & (1 << 22))
2006 gen_op_iwmmxt_sadw_M0_wRn(rd1);
2007 else
2008 gen_op_iwmmxt_sadb_M0_wRn(rd1);
2009 if (!(insn & (1 << 20)))
2010 gen_op_iwmmxt_addl_M0_wRn(wrd);
2011 gen_op_iwmmxt_movq_wRn_M0(wrd);
2012 gen_op_iwmmxt_set_mup();
2013 break;
2014 case 0x010: case 0x110: case 0x210: case 0x310: /* WMUL */
2015 wrd = (insn >> 12) & 0xf;
2016 rd0 = (insn >> 16) & 0xf;
2017 rd1 = (insn >> 0) & 0xf;
2018 gen_op_iwmmxt_movq_M0_wRn(rd0);
2019 if (insn & (1 << 21)) {
2020 if (insn & (1 << 20))
2021 gen_op_iwmmxt_mulshw_M0_wRn(rd1);
2022 else
2023 gen_op_iwmmxt_mulslw_M0_wRn(rd1);
2024 } else {
2025 if (insn & (1 << 20))
2026 gen_op_iwmmxt_muluhw_M0_wRn(rd1);
2027 else
2028 gen_op_iwmmxt_mululw_M0_wRn(rd1);
2029 }
2030 gen_op_iwmmxt_movq_wRn_M0(wrd);
2031 gen_op_iwmmxt_set_mup();
2032 break;
2033 case 0x410: case 0x510: case 0x610: case 0x710: /* WMAC */
2034 wrd = (insn >> 12) & 0xf;
2035 rd0 = (insn >> 16) & 0xf;
2036 rd1 = (insn >> 0) & 0xf;
2037 gen_op_iwmmxt_movq_M0_wRn(rd0);
2038 if (insn & (1 << 21))
2039 gen_op_iwmmxt_macsw_M0_wRn(rd1);
2040 else
2041 gen_op_iwmmxt_macuw_M0_wRn(rd1);
2042 if (!(insn & (1 << 20))) {
2043 iwmmxt_load_reg(cpu_V1, wrd);
2044 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
2045 }
2046 gen_op_iwmmxt_movq_wRn_M0(wrd);
2047 gen_op_iwmmxt_set_mup();
2048 break;
2049 case 0x006: case 0x406: case 0x806: case 0xc06: /* WCMPEQ */
2050 wrd = (insn >> 12) & 0xf;
2051 rd0 = (insn >> 16) & 0xf;
2052 rd1 = (insn >> 0) & 0xf;
2053 gen_op_iwmmxt_movq_M0_wRn(rd0);
2054 switch ((insn >> 22) & 3) {
2055 case 0:
2056 gen_op_iwmmxt_cmpeqb_M0_wRn(rd1);
2057 break;
2058 case 1:
2059 gen_op_iwmmxt_cmpeqw_M0_wRn(rd1);
2060 break;
2061 case 2:
2062 gen_op_iwmmxt_cmpeql_M0_wRn(rd1);
2063 break;
2064 case 3:
2065 return 1;
2066 }
2067 gen_op_iwmmxt_movq_wRn_M0(wrd);
2068 gen_op_iwmmxt_set_mup();
2069 gen_op_iwmmxt_set_cup();
2070 break;
2071 case 0x800: case 0x900: case 0xc00: case 0xd00: /* WAVG2 */
2072 wrd = (insn >> 12) & 0xf;
2073 rd0 = (insn >> 16) & 0xf;
2074 rd1 = (insn >> 0) & 0xf;
2075 gen_op_iwmmxt_movq_M0_wRn(rd0);
2076 if (insn & (1 << 22)) {
2077 if (insn & (1 << 20))
2078 gen_op_iwmmxt_avgw1_M0_wRn(rd1);
2079 else
2080 gen_op_iwmmxt_avgw0_M0_wRn(rd1);
2081 } else {
2082 if (insn & (1 << 20))
2083 gen_op_iwmmxt_avgb1_M0_wRn(rd1);
2084 else
2085 gen_op_iwmmxt_avgb0_M0_wRn(rd1);
2086 }
2087 gen_op_iwmmxt_movq_wRn_M0(wrd);
2088 gen_op_iwmmxt_set_mup();
2089 gen_op_iwmmxt_set_cup();
2090 break;
2091 case 0x802: case 0x902: case 0xa02: case 0xb02: /* WALIGNR */
2092 wrd = (insn >> 12) & 0xf;
2093 rd0 = (insn >> 16) & 0xf;
2094 rd1 = (insn >> 0) & 0xf;
2095 gen_op_iwmmxt_movq_M0_wRn(rd0);
2096 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCGR0 + ((insn >> 20) & 3));
2097 tcg_gen_andi_i32(tmp, tmp, 7);
2098 iwmmxt_load_reg(cpu_V1, rd1);
2099 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2100 tcg_temp_free_i32(tmp);
2101 gen_op_iwmmxt_movq_wRn_M0(wrd);
2102 gen_op_iwmmxt_set_mup();
2103 break;
2104 case 0x601: case 0x605: case 0x609: case 0x60d: /* TINSR */
2105 if (((insn >> 6) & 3) == 3)
2106 return 1;
2107 rd = (insn >> 12) & 0xf;
2108 wrd = (insn >> 16) & 0xf;
2109 tmp = load_reg(s, rd);
2110 gen_op_iwmmxt_movq_M0_wRn(wrd);
2111 switch ((insn >> 6) & 3) {
2112 case 0:
2113 tmp2 = tcg_const_i32(0xff);
2114 tmp3 = tcg_const_i32((insn & 7) << 3);
2115 break;
2116 case 1:
2117 tmp2 = tcg_const_i32(0xffff);
2118 tmp3 = tcg_const_i32((insn & 3) << 4);
2119 break;
2120 case 2:
2121 tmp2 = tcg_const_i32(0xffffffff);
2122 tmp3 = tcg_const_i32((insn & 1) << 5);
2123 break;
2124 default:
2125 tmp2 = NULL;
2126 tmp3 = NULL;
2127 }
2128 gen_helper_iwmmxt_insr(cpu_M0, cpu_M0, tmp, tmp2, tmp3);
2129 tcg_temp_free_i32(tmp3);
2130 tcg_temp_free_i32(tmp2);
2131 tcg_temp_free_i32(tmp);
2132 gen_op_iwmmxt_movq_wRn_M0(wrd);
2133 gen_op_iwmmxt_set_mup();
2134 break;
2135 case 0x107: case 0x507: case 0x907: case 0xd07: /* TEXTRM */
2136 rd = (insn >> 12) & 0xf;
2137 wrd = (insn >> 16) & 0xf;
2138 if (rd == 15 || ((insn >> 22) & 3) == 3)
2139 return 1;
2140 gen_op_iwmmxt_movq_M0_wRn(wrd);
2141 tmp = tcg_temp_new_i32();
2142 switch ((insn >> 22) & 3) {
2143 case 0:
2144 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 7) << 3);
2145 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2146 if (insn & 8) {
2147 tcg_gen_ext8s_i32(tmp, tmp);
2148 } else {
2149 tcg_gen_andi_i32(tmp, tmp, 0xff);
2150 }
2151 break;
2152 case 1:
2153 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 3) << 4);
2154 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2155 if (insn & 8) {
2156 tcg_gen_ext16s_i32(tmp, tmp);
2157 } else {
2158 tcg_gen_andi_i32(tmp, tmp, 0xffff);
2159 }
2160 break;
2161 case 2:
2162 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 1) << 5);
2163 tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2164 break;
2165 }
2166 store_reg(s, rd, tmp);
2167 break;
2168 case 0x117: case 0x517: case 0x917: case 0xd17: /* TEXTRC */
2169 if ((insn & 0x000ff008) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2170 return 1;
2171 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2172 switch ((insn >> 22) & 3) {
2173 case 0:
2174 tcg_gen_shri_i32(tmp, tmp, ((insn & 7) << 2) + 0);
2175 break;
2176 case 1:
2177 tcg_gen_shri_i32(tmp, tmp, ((insn & 3) << 3) + 4);
2178 break;
2179 case 2:
2180 tcg_gen_shri_i32(tmp, tmp, ((insn & 1) << 4) + 12);
2181 break;
2182 }
2183 tcg_gen_shli_i32(tmp, tmp, 28);
2184 gen_set_nzcv(tmp);
2185 tcg_temp_free_i32(tmp);
2186 break;
2187 case 0x401: case 0x405: case 0x409: case 0x40d: /* TBCST */
2188 if (((insn >> 6) & 3) == 3)
2189 return 1;
2190 rd = (insn >> 12) & 0xf;
2191 wrd = (insn >> 16) & 0xf;
2192 tmp = load_reg(s, rd);
2193 switch ((insn >> 6) & 3) {
2194 case 0:
2195 gen_helper_iwmmxt_bcstb(cpu_M0, tmp);
2196 break;
2197 case 1:
2198 gen_helper_iwmmxt_bcstw(cpu_M0, tmp);
2199 break;
2200 case 2:
2201 gen_helper_iwmmxt_bcstl(cpu_M0, tmp);
2202 break;
2203 }
2204 tcg_temp_free_i32(tmp);
2205 gen_op_iwmmxt_movq_wRn_M0(wrd);
2206 gen_op_iwmmxt_set_mup();
2207 break;
2208 case 0x113: case 0x513: case 0x913: case 0xd13: /* TANDC */
2209 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2210 return 1;
2211 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2212 tmp2 = tcg_temp_new_i32();
2213 tcg_gen_mov_i32(tmp2, tmp);
2214 switch ((insn >> 22) & 3) {
2215 case 0:
2216 for (i = 0; i < 7; i ++) {
2217 tcg_gen_shli_i32(tmp2, tmp2, 4);
2218 tcg_gen_and_i32(tmp, tmp, tmp2);
2219 }
2220 break;
2221 case 1:
2222 for (i = 0; i < 3; i ++) {
2223 tcg_gen_shli_i32(tmp2, tmp2, 8);
2224 tcg_gen_and_i32(tmp, tmp, tmp2);
2225 }
2226 break;
2227 case 2:
2228 tcg_gen_shli_i32(tmp2, tmp2, 16);
2229 tcg_gen_and_i32(tmp, tmp, tmp2);
2230 break;
2231 }
2232 gen_set_nzcv(tmp);
2233 tcg_temp_free_i32(tmp2);
2234 tcg_temp_free_i32(tmp);
2235 break;
2236 case 0x01c: case 0x41c: case 0x81c: case 0xc1c: /* WACC */
2237 wrd = (insn >> 12) & 0xf;
2238 rd0 = (insn >> 16) & 0xf;
2239 gen_op_iwmmxt_movq_M0_wRn(rd0);
2240 switch ((insn >> 22) & 3) {
2241 case 0:
2242 gen_helper_iwmmxt_addcb(cpu_M0, cpu_M0);
2243 break;
2244 case 1:
2245 gen_helper_iwmmxt_addcw(cpu_M0, cpu_M0);
2246 break;
2247 case 2:
2248 gen_helper_iwmmxt_addcl(cpu_M0, cpu_M0);
2249 break;
2250 case 3:
2251 return 1;
2252 }
2253 gen_op_iwmmxt_movq_wRn_M0(wrd);
2254 gen_op_iwmmxt_set_mup();
2255 break;
2256 case 0x115: case 0x515: case 0x915: case 0xd15: /* TORC */
2257 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2258 return 1;
2259 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2260 tmp2 = tcg_temp_new_i32();
2261 tcg_gen_mov_i32(tmp2, tmp);
2262 switch ((insn >> 22) & 3) {
2263 case 0:
2264 for (i = 0; i < 7; i ++) {
2265 tcg_gen_shli_i32(tmp2, tmp2, 4);
2266 tcg_gen_or_i32(tmp, tmp, tmp2);
2267 }
2268 break;
2269 case 1:
2270 for (i = 0; i < 3; i ++) {
2271 tcg_gen_shli_i32(tmp2, tmp2, 8);
2272 tcg_gen_or_i32(tmp, tmp, tmp2);
2273 }
2274 break;
2275 case 2:
2276 tcg_gen_shli_i32(tmp2, tmp2, 16);
2277 tcg_gen_or_i32(tmp, tmp, tmp2);
2278 break;
2279 }
2280 gen_set_nzcv(tmp);
2281 tcg_temp_free_i32(tmp2);
2282 tcg_temp_free_i32(tmp);
2283 break;
2284 case 0x103: case 0x503: case 0x903: case 0xd03: /* TMOVMSK */
2285 rd = (insn >> 12) & 0xf;
2286 rd0 = (insn >> 16) & 0xf;
2287 if ((insn & 0xf) != 0 || ((insn >> 22) & 3) == 3)
2288 return 1;
2289 gen_op_iwmmxt_movq_M0_wRn(rd0);
2290 tmp = tcg_temp_new_i32();
2291 switch ((insn >> 22) & 3) {
2292 case 0:
2293 gen_helper_iwmmxt_msbb(tmp, cpu_M0);
2294 break;
2295 case 1:
2296 gen_helper_iwmmxt_msbw(tmp, cpu_M0);
2297 break;
2298 case 2:
2299 gen_helper_iwmmxt_msbl(tmp, cpu_M0);
2300 break;
2301 }
2302 store_reg(s, rd, tmp);
2303 break;
2304 case 0x106: case 0x306: case 0x506: case 0x706: /* WCMPGT */
2305 case 0x906: case 0xb06: case 0xd06: case 0xf06:
2306 wrd = (insn >> 12) & 0xf;
2307 rd0 = (insn >> 16) & 0xf;
2308 rd1 = (insn >> 0) & 0xf;
2309 gen_op_iwmmxt_movq_M0_wRn(rd0);
2310 switch ((insn >> 22) & 3) {
2311 case 0:
2312 if (insn & (1 << 21))
2313 gen_op_iwmmxt_cmpgtsb_M0_wRn(rd1);
2314 else
2315 gen_op_iwmmxt_cmpgtub_M0_wRn(rd1);
2316 break;
2317 case 1:
2318 if (insn & (1 << 21))
2319 gen_op_iwmmxt_cmpgtsw_M0_wRn(rd1);
2320 else
2321 gen_op_iwmmxt_cmpgtuw_M0_wRn(rd1);
2322 break;
2323 case 2:
2324 if (insn & (1 << 21))
2325 gen_op_iwmmxt_cmpgtsl_M0_wRn(rd1);
2326 else
2327 gen_op_iwmmxt_cmpgtul_M0_wRn(rd1);
2328 break;
2329 case 3:
2330 return 1;
2331 }
2332 gen_op_iwmmxt_movq_wRn_M0(wrd);
2333 gen_op_iwmmxt_set_mup();
2334 gen_op_iwmmxt_set_cup();
2335 break;
2336 case 0x00e: case 0x20e: case 0x40e: case 0x60e: /* WUNPCKEL */
2337 case 0x80e: case 0xa0e: case 0xc0e: case 0xe0e:
2338 wrd = (insn >> 12) & 0xf;
2339 rd0 = (insn >> 16) & 0xf;
2340 gen_op_iwmmxt_movq_M0_wRn(rd0);
2341 switch ((insn >> 22) & 3) {
2342 case 0:
2343 if (insn & (1 << 21))
2344 gen_op_iwmmxt_unpacklsb_M0();
2345 else
2346 gen_op_iwmmxt_unpacklub_M0();
2347 break;
2348 case 1:
2349 if (insn & (1 << 21))
2350 gen_op_iwmmxt_unpacklsw_M0();
2351 else
2352 gen_op_iwmmxt_unpackluw_M0();
2353 break;
2354 case 2:
2355 if (insn & (1 << 21))
2356 gen_op_iwmmxt_unpacklsl_M0();
2357 else
2358 gen_op_iwmmxt_unpacklul_M0();
2359 break;
2360 case 3:
2361 return 1;
2362 }
2363 gen_op_iwmmxt_movq_wRn_M0(wrd);
2364 gen_op_iwmmxt_set_mup();
2365 gen_op_iwmmxt_set_cup();
2366 break;
2367 case 0x00c: case 0x20c: case 0x40c: case 0x60c: /* WUNPCKEH */
2368 case 0x80c: case 0xa0c: case 0xc0c: case 0xe0c:
2369 wrd = (insn >> 12) & 0xf;
2370 rd0 = (insn >> 16) & 0xf;
2371 gen_op_iwmmxt_movq_M0_wRn(rd0);
2372 switch ((insn >> 22) & 3) {
2373 case 0:
2374 if (insn & (1 << 21))
2375 gen_op_iwmmxt_unpackhsb_M0();
2376 else
2377 gen_op_iwmmxt_unpackhub_M0();
2378 break;
2379 case 1:
2380 if (insn & (1 << 21))
2381 gen_op_iwmmxt_unpackhsw_M0();
2382 else
2383 gen_op_iwmmxt_unpackhuw_M0();
2384 break;
2385 case 2:
2386 if (insn & (1 << 21))
2387 gen_op_iwmmxt_unpackhsl_M0();
2388 else
2389 gen_op_iwmmxt_unpackhul_M0();
2390 break;
2391 case 3:
2392 return 1;
2393 }
2394 gen_op_iwmmxt_movq_wRn_M0(wrd);
2395 gen_op_iwmmxt_set_mup();
2396 gen_op_iwmmxt_set_cup();
2397 break;
2398 case 0x204: case 0x604: case 0xa04: case 0xe04: /* WSRL */
2399 case 0x214: case 0x614: case 0xa14: case 0xe14:
2400 if (((insn >> 22) & 3) == 0)
2401 return 1;
2402 wrd = (insn >> 12) & 0xf;
2403 rd0 = (insn >> 16) & 0xf;
2404 gen_op_iwmmxt_movq_M0_wRn(rd0);
2405 tmp = tcg_temp_new_i32();
2406 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2407 tcg_temp_free_i32(tmp);
2408 return 1;
2409 }
2410 switch ((insn >> 22) & 3) {
2411 case 1:
2412 gen_helper_iwmmxt_srlw(cpu_M0, cpu_env, cpu_M0, tmp);
2413 break;
2414 case 2:
2415 gen_helper_iwmmxt_srll(cpu_M0, cpu_env, cpu_M0, tmp);
2416 break;
2417 case 3:
2418 gen_helper_iwmmxt_srlq(cpu_M0, cpu_env, cpu_M0, tmp);
2419 break;
2420 }
2421 tcg_temp_free_i32(tmp);
2422 gen_op_iwmmxt_movq_wRn_M0(wrd);
2423 gen_op_iwmmxt_set_mup();
2424 gen_op_iwmmxt_set_cup();
2425 break;
2426 case 0x004: case 0x404: case 0x804: case 0xc04: /* WSRA */
2427 case 0x014: case 0x414: case 0x814: case 0xc14:
2428 if (((insn >> 22) & 3) == 0)
2429 return 1;
2430 wrd = (insn >> 12) & 0xf;
2431 rd0 = (insn >> 16) & 0xf;
2432 gen_op_iwmmxt_movq_M0_wRn(rd0);
2433 tmp = tcg_temp_new_i32();
2434 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2435 tcg_temp_free_i32(tmp);
2436 return 1;
2437 }
2438 switch ((insn >> 22) & 3) {
2439 case 1:
2440 gen_helper_iwmmxt_sraw(cpu_M0, cpu_env, cpu_M0, tmp);
2441 break;
2442 case 2:
2443 gen_helper_iwmmxt_sral(cpu_M0, cpu_env, cpu_M0, tmp);
2444 break;
2445 case 3:
2446 gen_helper_iwmmxt_sraq(cpu_M0, cpu_env, cpu_M0, tmp);
2447 break;
2448 }
2449 tcg_temp_free_i32(tmp);
2450 gen_op_iwmmxt_movq_wRn_M0(wrd);
2451 gen_op_iwmmxt_set_mup();
2452 gen_op_iwmmxt_set_cup();
2453 break;
2454 case 0x104: case 0x504: case 0x904: case 0xd04: /* WSLL */
2455 case 0x114: case 0x514: case 0x914: case 0xd14:
2456 if (((insn >> 22) & 3) == 0)
2457 return 1;
2458 wrd = (insn >> 12) & 0xf;
2459 rd0 = (insn >> 16) & 0xf;
2460 gen_op_iwmmxt_movq_M0_wRn(rd0);
2461 tmp = tcg_temp_new_i32();
2462 if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2463 tcg_temp_free_i32(tmp);
2464 return 1;
2465 }
2466 switch ((insn >> 22) & 3) {
2467 case 1:
2468 gen_helper_iwmmxt_sllw(cpu_M0, cpu_env, cpu_M0, tmp);
2469 break;
2470 case 2:
2471 gen_helper_iwmmxt_slll(cpu_M0, cpu_env, cpu_M0, tmp);
2472 break;
2473 case 3:
2474 gen_helper_iwmmxt_sllq(cpu_M0, cpu_env, cpu_M0, tmp);
2475 break;
2476 }
2477 tcg_temp_free_i32(tmp);
2478 gen_op_iwmmxt_movq_wRn_M0(wrd);
2479 gen_op_iwmmxt_set_mup();
2480 gen_op_iwmmxt_set_cup();
2481 break;
2482 case 0x304: case 0x704: case 0xb04: case 0xf04: /* WROR */
2483 case 0x314: case 0x714: case 0xb14: case 0xf14:
2484 if (((insn >> 22) & 3) == 0)
2485 return 1;
2486 wrd = (insn >> 12) & 0xf;
2487 rd0 = (insn >> 16) & 0xf;
2488 gen_op_iwmmxt_movq_M0_wRn(rd0);
2489 tmp = tcg_temp_new_i32();
2490 switch ((insn >> 22) & 3) {
2491 case 1:
2492 if (gen_iwmmxt_shift(insn, 0xf, tmp)) {
2493 tcg_temp_free_i32(tmp);
2494 return 1;
2495 }
2496 gen_helper_iwmmxt_rorw(cpu_M0, cpu_env, cpu_M0, tmp);
2497 break;
2498 case 2:
2499 if (gen_iwmmxt_shift(insn, 0x1f, tmp)) {
2500 tcg_temp_free_i32(tmp);
2501 return 1;
2502 }
2503 gen_helper_iwmmxt_rorl(cpu_M0, cpu_env, cpu_M0, tmp);
2504 break;
2505 case 3:
2506 if (gen_iwmmxt_shift(insn, 0x3f, tmp)) {
2507 tcg_temp_free_i32(tmp);
2508 return 1;
2509 }
2510 gen_helper_iwmmxt_rorq(cpu_M0, cpu_env, cpu_M0, tmp);
2511 break;
2512 }
2513 tcg_temp_free_i32(tmp);
2514 gen_op_iwmmxt_movq_wRn_M0(wrd);
2515 gen_op_iwmmxt_set_mup();
2516 gen_op_iwmmxt_set_cup();
2517 break;
2518 case 0x116: case 0x316: case 0x516: case 0x716: /* WMIN */
2519 case 0x916: case 0xb16: case 0xd16: case 0xf16:
2520 wrd = (insn >> 12) & 0xf;
2521 rd0 = (insn >> 16) & 0xf;
2522 rd1 = (insn >> 0) & 0xf;
2523 gen_op_iwmmxt_movq_M0_wRn(rd0);
2524 switch ((insn >> 22) & 3) {
2525 case 0:
2526 if (insn & (1 << 21))
2527 gen_op_iwmmxt_minsb_M0_wRn(rd1);
2528 else
2529 gen_op_iwmmxt_minub_M0_wRn(rd1);
2530 break;
2531 case 1:
2532 if (insn & (1 << 21))
2533 gen_op_iwmmxt_minsw_M0_wRn(rd1);
2534 else
2535 gen_op_iwmmxt_minuw_M0_wRn(rd1);
2536 break;
2537 case 2:
2538 if (insn & (1 << 21))
2539 gen_op_iwmmxt_minsl_M0_wRn(rd1);
2540 else
2541 gen_op_iwmmxt_minul_M0_wRn(rd1);
2542 break;
2543 case 3:
2544 return 1;
2545 }
2546 gen_op_iwmmxt_movq_wRn_M0(wrd);
2547 gen_op_iwmmxt_set_mup();
2548 break;
2549 case 0x016: case 0x216: case 0x416: case 0x616: /* WMAX */
2550 case 0x816: case 0xa16: case 0xc16: case 0xe16:
2551 wrd = (insn >> 12) & 0xf;
2552 rd0 = (insn >> 16) & 0xf;
2553 rd1 = (insn >> 0) & 0xf;
2554 gen_op_iwmmxt_movq_M0_wRn(rd0);
2555 switch ((insn >> 22) & 3) {
2556 case 0:
2557 if (insn & (1 << 21))
2558 gen_op_iwmmxt_maxsb_M0_wRn(rd1);
2559 else
2560 gen_op_iwmmxt_maxub_M0_wRn(rd1);
2561 break;
2562 case 1:
2563 if (insn & (1 << 21))
2564 gen_op_iwmmxt_maxsw_M0_wRn(rd1);
2565 else
2566 gen_op_iwmmxt_maxuw_M0_wRn(rd1);
2567 break;
2568 case 2:
2569 if (insn & (1 << 21))
2570 gen_op_iwmmxt_maxsl_M0_wRn(rd1);
2571 else
2572 gen_op_iwmmxt_maxul_M0_wRn(rd1);
2573 break;
2574 case 3:
2575 return 1;
2576 }
2577 gen_op_iwmmxt_movq_wRn_M0(wrd);
2578 gen_op_iwmmxt_set_mup();
2579 break;
2580 case 0x002: case 0x102: case 0x202: case 0x302: /* WALIGNI */
2581 case 0x402: case 0x502: case 0x602: case 0x702:
2582 wrd = (insn >> 12) & 0xf;
2583 rd0 = (insn >> 16) & 0xf;
2584 rd1 = (insn >> 0) & 0xf;
2585 gen_op_iwmmxt_movq_M0_wRn(rd0);
2586 tmp = tcg_const_i32((insn >> 20) & 3);
2587 iwmmxt_load_reg(cpu_V1, rd1);
2588 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2589 tcg_temp_free_i32(tmp);
2590 gen_op_iwmmxt_movq_wRn_M0(wrd);
2591 gen_op_iwmmxt_set_mup();
2592 break;
2593 case 0x01a: case 0x11a: case 0x21a: case 0x31a: /* WSUB */
2594 case 0x41a: case 0x51a: case 0x61a: case 0x71a:
2595 case 0x81a: case 0x91a: case 0xa1a: case 0xb1a:
2596 case 0xc1a: case 0xd1a: case 0xe1a: case 0xf1a:
2597 wrd = (insn >> 12) & 0xf;
2598 rd0 = (insn >> 16) & 0xf;
2599 rd1 = (insn >> 0) & 0xf;
2600 gen_op_iwmmxt_movq_M0_wRn(rd0);
2601 switch ((insn >> 20) & 0xf) {
2602 case 0x0:
2603 gen_op_iwmmxt_subnb_M0_wRn(rd1);
2604 break;
2605 case 0x1:
2606 gen_op_iwmmxt_subub_M0_wRn(rd1);
2607 break;
2608 case 0x3:
2609 gen_op_iwmmxt_subsb_M0_wRn(rd1);
2610 break;
2611 case 0x4:
2612 gen_op_iwmmxt_subnw_M0_wRn(rd1);
2613 break;
2614 case 0x5:
2615 gen_op_iwmmxt_subuw_M0_wRn(rd1);
2616 break;
2617 case 0x7:
2618 gen_op_iwmmxt_subsw_M0_wRn(rd1);
2619 break;
2620 case 0x8:
2621 gen_op_iwmmxt_subnl_M0_wRn(rd1);
2622 break;
2623 case 0x9:
2624 gen_op_iwmmxt_subul_M0_wRn(rd1);
2625 break;
2626 case 0xb:
2627 gen_op_iwmmxt_subsl_M0_wRn(rd1);
2628 break;
2629 default:
2630 return 1;
2631 }
2632 gen_op_iwmmxt_movq_wRn_M0(wrd);
2633 gen_op_iwmmxt_set_mup();
2634 gen_op_iwmmxt_set_cup();
2635 break;
2636 case 0x01e: case 0x11e: case 0x21e: case 0x31e: /* WSHUFH */
2637 case 0x41e: case 0x51e: case 0x61e: case 0x71e:
2638 case 0x81e: case 0x91e: case 0xa1e: case 0xb1e:
2639 case 0xc1e: case 0xd1e: case 0xe1e: case 0xf1e:
2640 wrd = (insn >> 12) & 0xf;
2641 rd0 = (insn >> 16) & 0xf;
2642 gen_op_iwmmxt_movq_M0_wRn(rd0);
2643 tmp = tcg_const_i32(((insn >> 16) & 0xf0) | (insn & 0x0f));
2644 gen_helper_iwmmxt_shufh(cpu_M0, cpu_env, cpu_M0, tmp);
2645 tcg_temp_free_i32(tmp);
2646 gen_op_iwmmxt_movq_wRn_M0(wrd);
2647 gen_op_iwmmxt_set_mup();
2648 gen_op_iwmmxt_set_cup();
2649 break;
2650 case 0x018: case 0x118: case 0x218: case 0x318: /* WADD */
2651 case 0x418: case 0x518: case 0x618: case 0x718:
2652 case 0x818: case 0x918: case 0xa18: case 0xb18:
2653 case 0xc18: case 0xd18: case 0xe18: case 0xf18:
2654 wrd = (insn >> 12) & 0xf;
2655 rd0 = (insn >> 16) & 0xf;
2656 rd1 = (insn >> 0) & 0xf;
2657 gen_op_iwmmxt_movq_M0_wRn(rd0);
2658 switch ((insn >> 20) & 0xf) {
2659 case 0x0:
2660 gen_op_iwmmxt_addnb_M0_wRn(rd1);
2661 break;
2662 case 0x1:
2663 gen_op_iwmmxt_addub_M0_wRn(rd1);
2664 break;
2665 case 0x3:
2666 gen_op_iwmmxt_addsb_M0_wRn(rd1);
2667 break;
2668 case 0x4:
2669 gen_op_iwmmxt_addnw_M0_wRn(rd1);
2670 break;
2671 case 0x5:
2672 gen_op_iwmmxt_adduw_M0_wRn(rd1);
2673 break;
2674 case 0x7:
2675 gen_op_iwmmxt_addsw_M0_wRn(rd1);
2676 break;
2677 case 0x8:
2678 gen_op_iwmmxt_addnl_M0_wRn(rd1);
2679 break;
2680 case 0x9:
2681 gen_op_iwmmxt_addul_M0_wRn(rd1);
2682 break;
2683 case 0xb:
2684 gen_op_iwmmxt_addsl_M0_wRn(rd1);
2685 break;
2686 default:
2687 return 1;
2688 }
2689 gen_op_iwmmxt_movq_wRn_M0(wrd);
2690 gen_op_iwmmxt_set_mup();
2691 gen_op_iwmmxt_set_cup();
2692 break;
2693 case 0x008: case 0x108: case 0x208: case 0x308: /* WPACK */
2694 case 0x408: case 0x508: case 0x608: case 0x708:
2695 case 0x808: case 0x908: case 0xa08: case 0xb08:
2696 case 0xc08: case 0xd08: case 0xe08: case 0xf08:
2697 if (!(insn & (1 << 20)) || ((insn >> 22) & 3) == 0)
2698 return 1;
2699 wrd = (insn >> 12) & 0xf;
2700 rd0 = (insn >> 16) & 0xf;
2701 rd1 = (insn >> 0) & 0xf;
2702 gen_op_iwmmxt_movq_M0_wRn(rd0);
2703 switch ((insn >> 22) & 3) {
2704 case 1:
2705 if (insn & (1 << 21))
2706 gen_op_iwmmxt_packsw_M0_wRn(rd1);
2707 else
2708 gen_op_iwmmxt_packuw_M0_wRn(rd1);
2709 break;
2710 case 2:
2711 if (insn & (1 << 21))
2712 gen_op_iwmmxt_packsl_M0_wRn(rd1);
2713 else
2714 gen_op_iwmmxt_packul_M0_wRn(rd1);
2715 break;
2716 case 3:
2717 if (insn & (1 << 21))
2718 gen_op_iwmmxt_packsq_M0_wRn(rd1);
2719 else
2720 gen_op_iwmmxt_packuq_M0_wRn(rd1);
2721 break;
2722 }
2723 gen_op_iwmmxt_movq_wRn_M0(wrd);
2724 gen_op_iwmmxt_set_mup();
2725 gen_op_iwmmxt_set_cup();
2726 break;
2727 case 0x201: case 0x203: case 0x205: case 0x207:
2728 case 0x209: case 0x20b: case 0x20d: case 0x20f:
2729 case 0x211: case 0x213: case 0x215: case 0x217:
2730 case 0x219: case 0x21b: case 0x21d: case 0x21f:
2731 wrd = (insn >> 5) & 0xf;
2732 rd0 = (insn >> 12) & 0xf;
2733 rd1 = (insn >> 0) & 0xf;
2734 if (rd0 == 0xf || rd1 == 0xf)
2735 return 1;
2736 gen_op_iwmmxt_movq_M0_wRn(wrd);
2737 tmp = load_reg(s, rd0);
2738 tmp2 = load_reg(s, rd1);
2739 switch ((insn >> 16) & 0xf) {
2740 case 0x0: /* TMIA */
2741 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2742 break;
2743 case 0x8: /* TMIAPH */
2744 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2745 break;
2746 case 0xc: case 0xd: case 0xe: case 0xf: /* TMIAxy */
2747 if (insn & (1 << 16))
2748 tcg_gen_shri_i32(tmp, tmp, 16);
2749 if (insn & (1 << 17))
2750 tcg_gen_shri_i32(tmp2, tmp2, 16);
2751 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2752 break;
2753 default:
2754 tcg_temp_free_i32(tmp2);
2755 tcg_temp_free_i32(tmp);
2756 return 1;
2757 }
2758 tcg_temp_free_i32(tmp2);
2759 tcg_temp_free_i32(tmp);
2760 gen_op_iwmmxt_movq_wRn_M0(wrd);
2761 gen_op_iwmmxt_set_mup();
2762 break;
2763 default:
2764 return 1;
2765 }
2766
2767 return 0;
2768 }
2769
2770 /* Disassemble an XScale DSP instruction. Returns nonzero if an error occurred
2771 (ie. an undefined instruction). */
2772 static int disas_dsp_insn(DisasContext *s, uint32_t insn)
2773 {
2774 int acc, rd0, rd1, rdhi, rdlo;
2775 TCGv_i32 tmp, tmp2;
2776
2777 if ((insn & 0x0ff00f10) == 0x0e200010) {
2778 /* Multiply with Internal Accumulate Format */
2779 rd0 = (insn >> 12) & 0xf;
2780 rd1 = insn & 0xf;
2781 acc = (insn >> 5) & 7;
2782
2783 if (acc != 0)
2784 return 1;
2785
2786 tmp = load_reg(s, rd0);
2787 tmp2 = load_reg(s, rd1);
2788 switch ((insn >> 16) & 0xf) {
2789 case 0x0: /* MIA */
2790 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2791 break;
2792 case 0x8: /* MIAPH */
2793 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2794 break;
2795 case 0xc: /* MIABB */
2796 case 0xd: /* MIABT */
2797 case 0xe: /* MIATB */
2798 case 0xf: /* MIATT */
2799 if (insn & (1 << 16))
2800 tcg_gen_shri_i32(tmp, tmp, 16);
2801 if (insn & (1 << 17))
2802 tcg_gen_shri_i32(tmp2, tmp2, 16);
2803 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2804 break;
2805 default:
2806 return 1;
2807 }
2808 tcg_temp_free_i32(tmp2);
2809 tcg_temp_free_i32(tmp);
2810
2811 gen_op_iwmmxt_movq_wRn_M0(acc);
2812 return 0;
2813 }
2814
2815 if ((insn & 0x0fe00ff8) == 0x0c400000) {
2816 /* Internal Accumulator Access Format */
2817 rdhi = (insn >> 16) & 0xf;
2818 rdlo = (insn >> 12) & 0xf;
2819 acc = insn & 7;
2820
2821 if (acc != 0)
2822 return 1;
2823
2824 if (insn & ARM_CP_RW_BIT) { /* MRA */
2825 iwmmxt_load_reg(cpu_V0, acc);
2826 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
2827 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
2828 tcg_gen_extrl_i64_i32(cpu_R[rdhi], cpu_V0);
2829 tcg_gen_andi_i32(cpu_R[rdhi], cpu_R[rdhi], (1 << (40 - 32)) - 1);
2830 } else { /* MAR */
2831 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
2832 iwmmxt_store_reg(cpu_V0, acc);
2833 }
2834 return 0;
2835 }
2836
2837 return 1;
2838 }
2839
2840 #define VFP_REG_SHR(x, n) (((n) > 0) ? (x) >> (n) : (x) << -(n))
2841 #define VFP_SREG(insn, bigbit, smallbit) \
2842 ((VFP_REG_SHR(insn, bigbit - 1) & 0x1e) | (((insn) >> (smallbit)) & 1))
2843 #define VFP_DREG(reg, insn, bigbit, smallbit) do { \
2844 if (arm_dc_feature(s, ARM_FEATURE_VFP3)) { \
2845 reg = (((insn) >> (bigbit)) & 0x0f) \
2846 | (((insn) >> ((smallbit) - 4)) & 0x10); \
2847 } else { \
2848 if (insn & (1 << (smallbit))) \
2849 return 1; \
2850 reg = ((insn) >> (bigbit)) & 0x0f; \
2851 }} while (0)
2852
2853 #define VFP_SREG_D(insn) VFP_SREG(insn, 12, 22)
2854 #define VFP_DREG_D(reg, insn) VFP_DREG(reg, insn, 12, 22)
2855 #define VFP_SREG_N(insn) VFP_SREG(insn, 16, 7)
2856 #define VFP_DREG_N(reg, insn) VFP_DREG(reg, insn, 16, 7)
2857 #define VFP_SREG_M(insn) VFP_SREG(insn, 0, 5)
2858 #define VFP_DREG_M(reg, insn) VFP_DREG(reg, insn, 0, 5)
2859
2860 static void gen_neon_dup_low16(TCGv_i32 var)
2861 {
2862 TCGv_i32 tmp = tcg_temp_new_i32();
2863 tcg_gen_ext16u_i32(var, var);
2864 tcg_gen_shli_i32(tmp, var, 16);
2865 tcg_gen_or_i32(var, var, tmp);
2866 tcg_temp_free_i32(tmp);
2867 }
2868
2869 static void gen_neon_dup_high16(TCGv_i32 var)
2870 {
2871 TCGv_i32 tmp = tcg_temp_new_i32();
2872 tcg_gen_andi_i32(var, var, 0xffff0000);
2873 tcg_gen_shri_i32(tmp, var, 16);
2874 tcg_gen_or_i32(var, var, tmp);
2875 tcg_temp_free_i32(tmp);
2876 }
2877
2878 /*
2879 * Disassemble a VFP instruction. Returns nonzero if an error occurred
2880 * (ie. an undefined instruction).
2881 */
2882 static int disas_vfp_insn(DisasContext *s, uint32_t insn)
2883 {
2884 if (!arm_dc_feature(s, ARM_FEATURE_VFP)) {
2885 return 1;
2886 }
2887
2888 /*
2889 * If the decodetree decoder handles this insn it will always
2890 * emit code to either execute the insn or generate an appropriate
2891 * exception; so we don't need to ever return non-zero to tell
2892 * the calling code to emit an UNDEF exception.
2893 */
2894 if (extract32(insn, 28, 4) == 0xf) {
2895 if (disas_vfp_uncond(s, insn)) {
2896 return 0;
2897 }
2898 } else {
2899 if (disas_vfp(s, insn)) {
2900 return 0;
2901 }
2902 }
2903 /* If the decodetree decoder didn't handle this insn, it must be UNDEF */
2904 return 1;
2905 }
2906
2907 static inline bool use_goto_tb(DisasContext *s, target_ulong dest)
2908 {
2909 #ifndef CONFIG_USER_ONLY
2910 return (s->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
2911 ((s->base.pc_next - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
2912 #else
2913 return true;
2914 #endif
2915 }
2916
2917 static void gen_goto_ptr(void)
2918 {
2919 tcg_gen_lookup_and_goto_ptr();
2920 }
2921
2922 /* This will end the TB but doesn't guarantee we'll return to
2923 * cpu_loop_exec. Any live exit_requests will be processed as we
2924 * enter the next TB.
2925 */
2926 static void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
2927 {
2928 if (use_goto_tb(s, dest)) {
2929 tcg_gen_goto_tb(n);
2930 gen_set_pc_im(s, dest);
2931 tcg_gen_exit_tb(s->base.tb, n);
2932 } else {
2933 gen_set_pc_im(s, dest);
2934 gen_goto_ptr();
2935 }
2936 s->base.is_jmp = DISAS_NORETURN;
2937 }
2938
2939 static inline void gen_jmp (DisasContext *s, uint32_t dest)
2940 {
2941 if (unlikely(is_singlestepping(s))) {
2942 /* An indirect jump so that we still trigger the debug exception. */
2943 if (s->thumb)
2944 dest |= 1;
2945 gen_bx_im(s, dest);
2946 } else {
2947 gen_goto_tb(s, 0, dest);
2948 }
2949 }
2950
2951 static inline void gen_mulxy(TCGv_i32 t0, TCGv_i32 t1, int x, int y)
2952 {
2953 if (x)
2954 tcg_gen_sari_i32(t0, t0, 16);
2955 else
2956 gen_sxth(t0);
2957 if (y)
2958 tcg_gen_sari_i32(t1, t1, 16);
2959 else
2960 gen_sxth(t1);
2961 tcg_gen_mul_i32(t0, t0, t1);
2962 }
2963
2964 /* Return the mask of PSR bits set by a MSR instruction. */
2965 static uint32_t msr_mask(DisasContext *s, int flags, int spsr)
2966 {
2967 uint32_t mask;
2968
2969 mask = 0;
2970 if (flags & (1 << 0))
2971 mask |= 0xff;
2972 if (flags & (1 << 1))
2973 mask |= 0xff00;
2974 if (flags & (1 << 2))
2975 mask |= 0xff0000;
2976 if (flags & (1 << 3))
2977 mask |= 0xff000000;
2978
2979 /* Mask out undefined bits. */
2980 mask &= ~CPSR_RESERVED;
2981 if (!arm_dc_feature(s, ARM_FEATURE_V4T)) {
2982 mask &= ~CPSR_T;
2983 }
2984 if (!arm_dc_feature(s, ARM_FEATURE_V5)) {
2985 mask &= ~CPSR_Q; /* V5TE in reality*/
2986 }
2987 if (!arm_dc_feature(s, ARM_FEATURE_V6)) {
2988 mask &= ~(CPSR_E | CPSR_GE);
2989 }
2990 if (!arm_dc_feature(s, ARM_FEATURE_THUMB2)) {
2991 mask &= ~CPSR_IT;
2992 }
2993 /* Mask out execution state and reserved bits. */
2994 if (!spsr) {
2995 mask &= ~(CPSR_EXEC | CPSR_RESERVED);
2996 }
2997 /* Mask out privileged bits. */
2998 if (IS_USER(s))
2999 mask &= CPSR_USER;
3000 return mask;
3001 }
3002
3003 /* Returns nonzero if access to the PSR is not permitted. Marks t0 as dead. */
3004 static int gen_set_psr(DisasContext *s, uint32_t mask, int spsr, TCGv_i32 t0)
3005 {
3006 TCGv_i32 tmp;
3007 if (spsr) {
3008 /* ??? This is also undefined in system mode. */
3009 if (IS_USER(s))
3010 return 1;
3011
3012 tmp = load_cpu_field(spsr);
3013 tcg_gen_andi_i32(tmp, tmp, ~mask);
3014 tcg_gen_andi_i32(t0, t0, mask);
3015 tcg_gen_or_i32(tmp, tmp, t0);
3016 store_cpu_field(tmp, spsr);
3017 } else {
3018 gen_set_cpsr(t0, mask);
3019 }
3020 tcg_temp_free_i32(t0);
3021 gen_lookup_tb(s);
3022 return 0;
3023 }
3024
3025 /* Returns nonzero if access to the PSR is not permitted. */
3026 static int gen_set_psr_im(DisasContext *s, uint32_t mask, int spsr, uint32_t val)
3027 {
3028 TCGv_i32 tmp;
3029 tmp = tcg_temp_new_i32();
3030 tcg_gen_movi_i32(tmp, val);
3031 return gen_set_psr(s, mask, spsr, tmp);
3032 }
3033
3034 static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
3035 int *tgtmode, int *regno)
3036 {
3037 /* Decode the r and sysm fields of MSR/MRS banked accesses into
3038 * the target mode and register number, and identify the various
3039 * unpredictable cases.
3040 * MSR (banked) and MRS (banked) are CONSTRAINED UNPREDICTABLE if:
3041 * + executed in user mode
3042 * + using R15 as the src/dest register
3043 * + accessing an unimplemented register
3044 * + accessing a register that's inaccessible at current PL/security state*
3045 * + accessing a register that you could access with a different insn
3046 * We choose to UNDEF in all these cases.
3047 * Since we don't know which of the various AArch32 modes we are in
3048 * we have to defer some checks to runtime.
3049 * Accesses to Monitor mode registers from Secure EL1 (which implies
3050 * that EL3 is AArch64) must trap to EL3.
3051 *
3052 * If the access checks fail this function will emit code to take
3053 * an exception and return false. Otherwise it will return true,
3054 * and set *tgtmode and *regno appropriately.
3055 */
3056 int exc_target = default_exception_el(s);
3057
3058 /* These instructions are present only in ARMv8, or in ARMv7 with the
3059 * Virtualization Extensions.
3060 */
3061 if (!arm_dc_feature(s, ARM_FEATURE_V8) &&
3062 !arm_dc_feature(s, ARM_FEATURE_EL2)) {
3063 goto undef;
3064 }
3065
3066 if (IS_USER(s) || rn == 15) {
3067 goto undef;
3068 }
3069
3070 /* The table in the v8 ARM ARM section F5.2.3 describes the encoding
3071 * of registers into (r, sysm).
3072 */
3073 if (r) {
3074 /* SPSRs for other modes */
3075 switch (sysm) {
3076 case 0xe: /* SPSR_fiq */
3077 *tgtmode = ARM_CPU_MODE_FIQ;
3078 break;
3079 case 0x10: /* SPSR_irq */
3080 *tgtmode = ARM_CPU_MODE_IRQ;
3081 break;
3082 case 0x12: /* SPSR_svc */
3083 *tgtmode = ARM_CPU_MODE_SVC;
3084 break;
3085 case 0x14: /* SPSR_abt */
3086 *tgtmode = ARM_CPU_MODE_ABT;
3087 break;
3088 case 0x16: /* SPSR_und */
3089 *tgtmode = ARM_CPU_MODE_UND;
3090 break;
3091 case 0x1c: /* SPSR_mon */
3092 *tgtmode = ARM_CPU_MODE_MON;
3093 break;
3094 case 0x1e: /* SPSR_hyp */
3095 *tgtmode = ARM_CPU_MODE_HYP;
3096 break;
3097 default: /* unallocated */
3098 goto undef;
3099 }
3100 /* We arbitrarily assign SPSR a register number of 16. */
3101 *regno = 16;
3102 } else {
3103 /* general purpose registers for other modes */
3104 switch (sysm) {
3105 case 0x0 ... 0x6: /* 0b00xxx : r8_usr ... r14_usr */
3106 *tgtmode = ARM_CPU_MODE_USR;
3107 *regno = sysm + 8;
3108 break;
3109 case 0x8 ... 0xe: /* 0b01xxx : r8_fiq ... r14_fiq */
3110 *tgtmode = ARM_CPU_MODE_FIQ;
3111 *regno = sysm;
3112 break;
3113 case 0x10 ... 0x11: /* 0b1000x : r14_irq, r13_irq */
3114 *tgtmode = ARM_CPU_MODE_IRQ;
3115 *regno = sysm & 1 ? 13 : 14;
3116 break;
3117 case 0x12 ... 0x13: /* 0b1001x : r14_svc, r13_svc */
3118 *tgtmode = ARM_CPU_MODE_SVC;
3119 *regno = sysm & 1 ? 13 : 14;
3120 break;
3121 case 0x14 ... 0x15: /* 0b1010x : r14_abt, r13_abt */
3122 *tgtmode = ARM_CPU_MODE_ABT;
3123 *regno = sysm & 1 ? 13 : 14;
3124 break;
3125 case 0x16 ... 0x17: /* 0b1011x : r14_und, r13_und */
3126 *tgtmode = ARM_CPU_MODE_UND;
3127 *regno = sysm & 1 ? 13 : 14;
3128 break;
3129 case 0x1c ... 0x1d: /* 0b1110x : r14_mon, r13_mon */
3130 *tgtmode = ARM_CPU_MODE_MON;
3131 *regno = sysm & 1 ? 13 : 14;
3132 break;
3133 case 0x1e ... 0x1f: /* 0b1111x : elr_hyp, r13_hyp */
3134 *tgtmode = ARM_CPU_MODE_HYP;
3135 /* Arbitrarily pick 17 for ELR_Hyp (which is not a banked LR!) */
3136 *regno = sysm & 1 ? 13 : 17;
3137 break;
3138 default: /* unallocated */
3139 goto undef;
3140 }
3141 }
3142
3143 /* Catch the 'accessing inaccessible register' cases we can detect
3144 * at translate time.
3145 */
3146 switch (*tgtmode) {
3147 case ARM_CPU_MODE_MON:
3148 if (!arm_dc_feature(s, ARM_FEATURE_EL3) || s->ns) {
3149 goto undef;
3150 }
3151 if (s->current_el == 1) {
3152 /* If we're in Secure EL1 (which implies that EL3 is AArch64)
3153 * then accesses to Mon registers trap to EL3
3154 */
3155 exc_target = 3;
3156 goto undef;
3157 }
3158 break;
3159 case ARM_CPU_MODE_HYP:
3160 /*
3161 * SPSR_hyp and r13_hyp can only be accessed from Monitor mode
3162 * (and so we can forbid accesses from EL2 or below). elr_hyp
3163 * can be accessed also from Hyp mode, so forbid accesses from
3164 * EL0 or EL1.
3165 */
3166 if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 2 ||
3167 (s->current_el < 3 && *regno != 17)) {
3168 goto undef;
3169 }
3170 break;
3171 default:
3172 break;
3173 }
3174
3175 return true;
3176
3177 undef:
3178 /* If we get here then some access check did not pass */
3179 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
3180 syn_uncategorized(), exc_target);
3181 return false;
3182 }
3183
3184 static void gen_msr_banked(DisasContext *s, int r, int sysm, int rn)
3185 {
3186 TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
3187 int tgtmode = 0, regno = 0;
3188
3189 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, &regno)) {
3190 return;
3191 }
3192
3193 /* Sync state because msr_banked() can raise exceptions */
3194 gen_set_condexec(s);
3195 gen_set_pc_im(s, s->pc_curr);
3196 tcg_reg = load_reg(s, rn);
3197 tcg_tgtmode = tcg_const_i32(tgtmode);
3198 tcg_regno = tcg_const_i32(regno);
3199 gen_helper_msr_banked(cpu_env, tcg_reg, tcg_tgtmode, tcg_regno);
3200 tcg_temp_free_i32(tcg_tgtmode);
3201 tcg_temp_free_i32(tcg_regno);
3202 tcg_temp_free_i32(tcg_reg);
3203 s->base.is_jmp = DISAS_UPDATE;
3204 }
3205
3206 static void gen_mrs_banked(DisasContext *s, int r, int sysm, int rn)
3207 {
3208 TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
3209 int tgtmode = 0, regno = 0;
3210
3211 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, &regno)) {
3212 return;
3213 }
3214
3215 /* Sync state because mrs_banked() can raise exceptions */
3216 gen_set_condexec(s);
3217 gen_set_pc_im(s, s->pc_curr);
3218 tcg_reg = tcg_temp_new_i32();
3219 tcg_tgtmode = tcg_const_i32(tgtmode);
3220 tcg_regno = tcg_const_i32(regno);
3221 gen_helper_mrs_banked(tcg_reg, cpu_env, tcg_tgtmode, tcg_regno);
3222 tcg_temp_free_i32(tcg_tgtmode);
3223 tcg_temp_free_i32(tcg_regno);
3224 store_reg(s, rn, tcg_reg);
3225 s->base.is_jmp = DISAS_UPDATE;
3226 }
3227
3228 /* Store value to PC as for an exception return (ie don't
3229 * mask bits). The subsequent call to gen_helper_cpsr_write_eret()
3230 * will do the masking based on the new value of the Thumb bit.
3231 */
3232 static void store_pc_exc_ret(DisasContext *s, TCGv_i32 pc)
3233 {
3234 tcg_gen_mov_i32(cpu_R[15], pc);
3235 tcg_temp_free_i32(pc);
3236 }
3237
3238 /* Generate a v6 exception return. Marks both values as dead. */
3239 static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr)
3240 {
3241 store_pc_exc_ret(s, pc);
3242 /* The cpsr_write_eret helper will mask the low bits of PC
3243 * appropriately depending on the new Thumb bit, so it must
3244 * be called after storing the new PC.
3245 */
3246 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
3247 gen_io_start();
3248 }
3249 gen_helper_cpsr_write_eret(cpu_env, cpsr);
3250 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
3251 gen_io_end();
3252 }
3253 tcg_temp_free_i32(cpsr);
3254 /* Must exit loop to check un-masked IRQs */
3255 s->base.is_jmp = DISAS_EXIT;
3256 }
3257
3258 /* Generate an old-style exception return. Marks pc as dead. */
3259 static void gen_exception_return(DisasContext *s, TCGv_i32 pc)
3260 {
3261 gen_rfe(s, pc, load_cpu_field(spsr));
3262 }
3263
3264 /*
3265 * For WFI we will halt the vCPU until an IRQ. For WFE and YIELD we
3266 * only call the helper when running single threaded TCG code to ensure
3267 * the next round-robin scheduled vCPU gets a crack. In MTTCG mode we
3268 * just skip this instruction. Currently the SEV/SEVL instructions
3269 * which are *one* of many ways to wake the CPU from WFE are not
3270 * implemented so we can't sleep like WFI does.
3271 */
3272 static void gen_nop_hint(DisasContext *s, int val)
3273 {
3274 switch (val) {
3275 /* When running in MTTCG we don't generate jumps to the yield and
3276 * WFE helpers as it won't affect the scheduling of other vCPUs.
3277 * If we wanted to more completely model WFE/SEV so we don't busy
3278 * spin unnecessarily we would need to do something more involved.
3279 */
3280 case 1: /* yield */
3281 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
3282 gen_set_pc_im(s, s->base.pc_next);
3283 s->base.is_jmp = DISAS_YIELD;
3284 }
3285 break;
3286 case 3: /* wfi */
3287 gen_set_pc_im(s, s->base.pc_next);
3288 s->base.is_jmp = DISAS_WFI;
3289 break;
3290 case 2: /* wfe */
3291 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
3292 gen_set_pc_im(s, s->base.pc_next);
3293 s->base.is_jmp = DISAS_WFE;
3294 }
3295 break;
3296 case 4: /* sev */
3297 case 5: /* sevl */
3298 /* TODO: Implement SEV, SEVL and WFE. May help SMP performance. */
3299 default: /* nop */
3300 break;
3301 }
3302 }
3303
3304 #define CPU_V001 cpu_V0, cpu_V0, cpu_V1
3305
3306 static inline void gen_neon_add(int size, TCGv_i32 t0, TCGv_i32 t1)
3307 {
3308 switch (size) {
3309 case 0: gen_helper_neon_add_u8(t0, t0, t1); break;
3310 case 1: gen_helper_neon_add_u16(t0, t0, t1); break;
3311 case 2: tcg_gen_add_i32(t0, t0, t1); break;
3312 default: abort();
3313 }
3314 }
3315
3316 static inline void gen_neon_rsb(int size, TCGv_i32 t0, TCGv_i32 t1)
3317 {
3318 switch (size) {
3319 case 0: gen_helper_neon_sub_u8(t0, t1, t0); break;
3320 case 1: gen_helper_neon_sub_u16(t0, t1, t0); break;
3321 case 2: tcg_gen_sub_i32(t0, t1, t0); break;
3322 default: return;
3323 }
3324 }
3325
3326 /* 32-bit pairwise ops end up the same as the elementwise versions. */
3327 #define gen_helper_neon_pmax_s32 tcg_gen_smax_i32
3328 #define gen_helper_neon_pmax_u32 tcg_gen_umax_i32
3329 #define gen_helper_neon_pmin_s32 tcg_gen_smin_i32
3330 #define gen_helper_neon_pmin_u32 tcg_gen_umin_i32
3331
3332 #define GEN_NEON_INTEGER_OP_ENV(name) do { \
3333 switch ((size << 1) | u) { \
3334 case 0: \
3335 gen_helper_neon_##name##_s8(tmp, cpu_env, tmp, tmp2); \
3336 break; \
3337 case 1: \
3338 gen_helper_neon_##name##_u8(tmp, cpu_env, tmp, tmp2); \
3339 break; \
3340 case 2: \
3341 gen_helper_neon_##name##_s16(tmp, cpu_env, tmp, tmp2); \
3342 break; \
3343 case 3: \
3344 gen_helper_neon_##name##_u16(tmp, cpu_env, tmp, tmp2); \
3345 break; \
3346 case 4: \
3347 gen_helper_neon_##name##_s32(tmp, cpu_env, tmp, tmp2); \
3348 break; \
3349 case 5: \
3350 gen_helper_neon_##name##_u32(tmp, cpu_env, tmp, tmp2); \
3351 break; \
3352 default: return 1; \
3353 }} while (0)
3354
3355 #define GEN_NEON_INTEGER_OP(name) do { \
3356 switch ((size << 1) | u) { \
3357 case 0: \
3358 gen_helper_neon_##name##_s8(tmp, tmp, tmp2); \
3359 break; \
3360 case 1: \
3361 gen_helper_neon_##name##_u8(tmp, tmp, tmp2); \
3362 break; \
3363 case 2: \
3364 gen_helper_neon_##name##_s16(tmp, tmp, tmp2); \
3365 break; \
3366 case 3: \
3367 gen_helper_neon_##name##_u16(tmp, tmp, tmp2); \
3368 break; \
3369 case 4: \
3370 gen_helper_neon_##name##_s32(tmp, tmp, tmp2); \
3371 break; \
3372 case 5: \
3373 gen_helper_neon_##name##_u32(tmp, tmp, tmp2); \
3374 break; \
3375 default: return 1; \
3376 }} while (0)
3377
3378 static TCGv_i32 neon_load_scratch(int scratch)
3379 {
3380 TCGv_i32 tmp = tcg_temp_new_i32();
3381 tcg_gen_ld_i32(tmp, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
3382 return tmp;
3383 }
3384
3385 static void neon_store_scratch(int scratch, TCGv_i32 var)
3386 {
3387 tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
3388 tcg_temp_free_i32(var);
3389 }
3390
3391 static inline TCGv_i32 neon_get_scalar(int size, int reg)
3392 {
3393 TCGv_i32 tmp;
3394 if (size == 1) {
3395 tmp = neon_load_reg(reg & 7, reg >> 4);
3396 if (reg & 8) {
3397 gen_neon_dup_high16(tmp);
3398 } else {
3399 gen_neon_dup_low16(tmp);
3400 }
3401 } else {
3402 tmp = neon_load_reg(reg & 15, reg >> 4);
3403 }
3404 return tmp;
3405 }
3406
3407 static int gen_neon_unzip(int rd, int rm, int size, int q)
3408 {
3409 TCGv_ptr pd, pm;
3410
3411 if (!q && size == 2) {
3412 return 1;
3413 }
3414 pd = vfp_reg_ptr(true, rd);
3415 pm = vfp_reg_ptr(true, rm);
3416 if (q) {
3417 switch (size) {
3418 case 0:
3419 gen_helper_neon_qunzip8(pd, pm);
3420 break;
3421 case 1:
3422 gen_helper_neon_qunzip16(pd, pm);
3423 break;
3424 case 2:
3425 gen_helper_neon_qunzip32(pd, pm);
3426 break;
3427 default:
3428 abort();
3429 }
3430 } else {
3431 switch (size) {
3432 case 0:
3433 gen_helper_neon_unzip8(pd, pm);
3434 break;
3435 case 1:
3436 gen_helper_neon_unzip16(pd, pm);
3437 break;
3438 default:
3439 abort();
3440 }
3441 }
3442 tcg_temp_free_ptr(pd);
3443 tcg_temp_free_ptr(pm);
3444 return 0;
3445 }
3446
3447 static int gen_neon_zip(int rd, int rm, int size, int q)
3448 {
3449 TCGv_ptr pd, pm;
3450
3451 if (!q && size == 2) {
3452 return 1;
3453 }
3454 pd = vfp_reg_ptr(true, rd);
3455 pm = vfp_reg_ptr(true, rm);
3456 if (q) {
3457 switch (size) {
3458 case 0:
3459 gen_helper_neon_qzip8(pd, pm);
3460 break;
3461 case 1:
3462 gen_helper_neon_qzip16(pd, pm);
3463 break;
3464 case 2:
3465 gen_helper_neon_qzip32(pd, pm);
3466 break;
3467 default:
3468 abort();
3469 }
3470 } else {
3471 switch (size) {
3472 case 0:
3473 gen_helper_neon_zip8(pd, pm);
3474 break;
3475 case 1:
3476 gen_helper_neon_zip16(pd, pm);
3477 break;
3478 default:
3479 abort();
3480 }
3481 }
3482 tcg_temp_free_ptr(pd);
3483 tcg_temp_free_ptr(pm);
3484 return 0;
3485 }
3486
3487 static void gen_neon_trn_u8(TCGv_i32 t0, TCGv_i32 t1)
3488 {
3489 TCGv_i32 rd, tmp;
3490
3491 rd = tcg_temp_new_i32();
3492 tmp = tcg_temp_new_i32();
3493
3494 tcg_gen_shli_i32(rd, t0, 8);
3495 tcg_gen_andi_i32(rd, rd, 0xff00ff00);
3496 tcg_gen_andi_i32(tmp, t1, 0x00ff00ff);
3497 tcg_gen_or_i32(rd, rd, tmp);
3498
3499 tcg_gen_shri_i32(t1, t1, 8);
3500 tcg_gen_andi_i32(t1, t1, 0x00ff00ff);
3501 tcg_gen_andi_i32(tmp, t0, 0xff00ff00);
3502 tcg_gen_or_i32(t1, t1, tmp);
3503 tcg_gen_mov_i32(t0, rd);
3504
3505 tcg_temp_free_i32(tmp);
3506 tcg_temp_free_i32(rd);
3507 }
3508
3509 static void gen_neon_trn_u16(TCGv_i32 t0, TCGv_i32 t1)
3510 {
3511 TCGv_i32 rd, tmp;
3512
3513 rd = tcg_temp_new_i32();
3514 tmp = tcg_temp_new_i32();
3515
3516 tcg_gen_shli_i32(rd, t0, 16);
3517 tcg_gen_andi_i32(tmp, t1, 0xffff);
3518 tcg_gen_or_i32(rd, rd, tmp);
3519 tcg_gen_shri_i32(t1, t1, 16);
3520 tcg_gen_andi_i32(tmp, t0, 0xffff0000);
3521 tcg_gen_or_i32(t1, t1, tmp);
3522 tcg_gen_mov_i32(t0, rd);
3523
3524 tcg_temp_free_i32(tmp);
3525 tcg_temp_free_i32(rd);
3526 }
3527
3528
3529 static struct {
3530 int nregs;
3531 int interleave;
3532 int spacing;
3533 } const neon_ls_element_type[11] = {
3534 {1, 4, 1},
3535 {1, 4, 2},
3536 {4, 1, 1},
3537 {2, 2, 2},
3538 {1, 3, 1},
3539 {1, 3, 2},
3540 {3, 1, 1},
3541 {1, 1, 1},
3542 {1, 2, 1},
3543 {1, 2, 2},
3544 {2, 1, 1}
3545 };
3546
3547 /* Translate a NEON load/store element instruction. Return nonzero if the
3548 instruction is invalid. */
3549 static int disas_neon_ls_insn(DisasContext *s, uint32_t insn)
3550 {
3551 int rd, rn, rm;
3552 int op;
3553 int nregs;
3554 int interleave;
3555 int spacing;
3556 int stride;
3557 int size;
3558 int reg;
3559 int load;
3560 int n;
3561 int vec_size;
3562 int mmu_idx;
3563 TCGMemOp endian;
3564 TCGv_i32 addr;
3565 TCGv_i32 tmp;
3566 TCGv_i32 tmp2;
3567 TCGv_i64 tmp64;
3568
3569 /* FIXME: this access check should not take precedence over UNDEF
3570 * for invalid encodings; we will generate incorrect syndrome information
3571 * for attempts to execute invalid vfp/neon encodings with FP disabled.
3572 */
3573 if (s->fp_excp_el) {
3574 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
3575 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
3576 return 0;
3577 }
3578
3579 if (!s->vfp_enabled)
3580 return 1;
3581 VFP_DREG_D(rd, insn);
3582 rn = (insn >> 16) & 0xf;
3583 rm = insn & 0xf;
3584 load = (insn & (1 << 21)) != 0;
3585 endian = s->be_data;
3586 mmu_idx = get_mem_index(s);
3587 if ((insn & (1 << 23)) == 0) {
3588 /* Load store all elements. */
3589 op = (insn >> 8) & 0xf;
3590 size = (insn >> 6) & 3;
3591 if (op > 10)
3592 return 1;
3593 /* Catch UNDEF cases for bad values of align field */
3594 switch (op & 0xc) {
3595 case 4:
3596 if (((insn >> 5) & 1) == 1) {
3597 return 1;
3598 }
3599 break;
3600 case 8:
3601 if (((insn >> 4) & 3) == 3) {
3602 return 1;
3603 }
3604 break;
3605 default:
3606 break;
3607 }
3608 nregs = neon_ls_element_type[op].nregs;
3609 interleave = neon_ls_element_type[op].interleave;
3610 spacing = neon_ls_element_type[op].spacing;
3611 if (size == 3 && (interleave | spacing) != 1) {
3612 return 1;
3613 }
3614 /* For our purposes, bytes are always little-endian. */
3615 if (size == 0) {
3616 endian = MO_LE;
3617 }
3618 /* Consecutive little-endian elements from a single register
3619 * can be promoted to a larger little-endian operation.
3620 */
3621 if (interleave == 1 && endian == MO_LE) {
3622 size = 3;
3623 }
3624 tmp64 = tcg_temp_new_i64();
3625 addr = tcg_temp_new_i32();
3626 tmp2 = tcg_const_i32(1 << size);
3627 load_reg_var(s, addr, rn);
3628 for (reg = 0; reg < nregs; reg++) {
3629 for (n = 0; n < 8 >> size; n++) {
3630 int xs;
3631 for (xs = 0; xs < interleave; xs++) {
3632 int tt = rd + reg + spacing * xs;
3633
3634 if (load) {
3635 gen_aa32_ld_i64(s, tmp64, addr, mmu_idx, endian | size);
3636 neon_store_element64(tt, n, size, tmp64);
3637 } else {
3638 neon_load_element64(tmp64, tt, n, size);
3639 gen_aa32_st_i64(s, tmp64, addr, mmu_idx, endian | size);
3640 }
3641 tcg_gen_add_i32(addr, addr, tmp2);
3642 }
3643 }
3644 }
3645 tcg_temp_free_i32(addr);
3646 tcg_temp_free_i32(tmp2);
3647 tcg_temp_free_i64(tmp64);
3648 stride = nregs * interleave * 8;
3649 } else {
3650 size = (insn >> 10) & 3;
3651 if (size == 3) {
3652 /* Load single element to all lanes. */
3653 int a = (insn >> 4) & 1;
3654 if (!load) {
3655 return 1;
3656 }
3657 size = (insn >> 6) & 3;
3658 nregs = ((insn >> 8) & 3) + 1;
3659
3660 if (size == 3) {
3661 if (nregs != 4 || a == 0) {
3662 return 1;
3663 }
3664 /* For VLD4 size==3 a == 1 means 32 bits at 16 byte alignment */
3665 size = 2;
3666 }
3667 if (nregs == 1 && a == 1 && size == 0) {
3668 return 1;
3669 }
3670 if (nregs == 3 && a == 1) {
3671 return 1;
3672 }
3673 addr = tcg_temp_new_i32();
3674 load_reg_var(s, addr, rn);
3675
3676 /* VLD1 to all lanes: bit 5 indicates how many Dregs to write.
3677 * VLD2/3/4 to all lanes: bit 5 indicates register stride.
3678 */
3679 stride = (insn & (1 << 5)) ? 2 : 1;
3680 vec_size = nregs == 1 ? stride * 8 : 8;
3681
3682 tmp = tcg_temp_new_i32();
3683 for (reg = 0; reg < nregs; reg++) {
3684 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
3685 s->be_data | size);
3686 if ((rd & 1) && vec_size == 16) {
3687 /* We cannot write 16 bytes at once because the
3688 * destination is unaligned.
3689 */
3690 tcg_gen_gvec_dup_i32(size, neon_reg_offset(rd, 0),
3691 8, 8, tmp);
3692 tcg_gen_gvec_mov(0, neon_reg_offset(rd + 1, 0),
3693 neon_reg_offset(rd, 0), 8, 8);
3694 } else {
3695 tcg_gen_gvec_dup_i32(size, neon_reg_offset(rd, 0),
3696 vec_size, vec_size, tmp);
3697 }
3698 tcg_gen_addi_i32(addr, addr, 1 << size);
3699 rd += stride;
3700 }
3701 tcg_temp_free_i32(tmp);
3702 tcg_temp_free_i32(addr);
3703 stride = (1 << size) * nregs;
3704 } else {
3705 /* Single element. */
3706 int idx = (insn >> 4) & 0xf;
3707 int reg_idx;
3708 switch (size) {
3709 case 0:
3710 reg_idx = (insn >> 5) & 7;
3711 stride = 1;
3712 break;
3713 case 1:
3714 reg_idx = (insn >> 6) & 3;
3715 stride = (insn & (1 << 5)) ? 2 : 1;
3716 break;
3717 case 2:
3718 reg_idx = (insn >> 7) & 1;
3719 stride = (insn & (1 << 6)) ? 2 : 1;
3720 break;
3721 default:
3722 abort();
3723 }
3724 nregs = ((insn >> 8) & 3) + 1;
3725 /* Catch the UNDEF cases. This is unavoidably a bit messy. */
3726 switch (nregs) {
3727 case 1:
3728 if (((idx & (1 << size)) != 0) ||
3729 (size == 2 && ((idx & 3) == 1 || (idx & 3) == 2))) {
3730 return 1;
3731 }
3732 break;
3733 case 3:
3734 if ((idx & 1) != 0) {
3735 return 1;
3736 }
3737 /* fall through */
3738 case 2:
3739 if (size == 2 && (idx & 2) != 0) {
3740 return 1;
3741 }
3742 break;
3743 case 4:
3744 if ((size == 2) && ((idx & 3) == 3)) {
3745 return 1;
3746 }
3747 break;
3748 default:
3749 abort();
3750 }
3751 if ((rd + stride * (nregs - 1)) > 31) {
3752 /* Attempts to write off the end of the register file
3753 * are UNPREDICTABLE; we choose to UNDEF because otherwise
3754 * the neon_load_reg() would write off the end of the array.
3755 */
3756 return 1;
3757 }
3758 tmp = tcg_temp_new_i32();
3759 addr = tcg_temp_new_i32();
3760 load_reg_var(s, addr, rn);
3761 for (reg = 0; reg < nregs; reg++) {
3762 if (load) {
3763 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s),
3764 s->be_data | size);
3765 neon_store_element(rd, reg_idx, size, tmp);
3766 } else { /* Store */
3767 neon_load_element(tmp, rd, reg_idx, size);
3768 gen_aa32_st_i32(s, tmp, addr, get_mem_index(s),
3769 s->be_data | size);
3770 }
3771 rd += stride;
3772 tcg_gen_addi_i32(addr, addr, 1 << size);
3773 }
3774 tcg_temp_free_i32(addr);
3775 tcg_temp_free_i32(tmp);
3776 stride = nregs * (1 << size);
3777 }
3778 }
3779 if (rm != 15) {
3780 TCGv_i32 base;
3781
3782 base = load_reg(s, rn);
3783 if (rm == 13) {
3784 tcg_gen_addi_i32(base, base, stride);
3785 } else {
3786 TCGv_i32 index;
3787 index = load_reg(s, rm);
3788 tcg_gen_add_i32(base, base, index);
3789 tcg_temp_free_i32(index);
3790 }
3791 store_reg(s, rn, base);
3792 }
3793 return 0;
3794 }
3795
3796 static inline void gen_neon_narrow(int size, TCGv_i32 dest, TCGv_i64 src)
3797 {
3798 switch (size) {
3799 case 0: gen_helper_neon_narrow_u8(dest, src); break;
3800 case 1: gen_helper_neon_narrow_u16(dest, src); break;
3801 case 2: tcg_gen_extrl_i64_i32(dest, src); break;
3802 default: abort();
3803 }
3804 }
3805
3806 static inline void gen_neon_narrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
3807 {
3808 switch (size) {
3809 case 0: gen_helper_neon_narrow_sat_s8(dest, cpu_env, src); break;
3810 case 1: gen_helper_neon_narrow_sat_s16(dest, cpu_env, src); break;
3811 case 2: gen_helper_neon_narrow_sat_s32(dest, cpu_env, src); break;
3812 default: abort();
3813 }
3814 }
3815
3816 static inline void gen_neon_narrow_satu(int size, TCGv_i32 dest, TCGv_i64 src)
3817 {
3818 switch (size) {
3819 case 0: gen_helper_neon_narrow_sat_u8(dest, cpu_env, src); break;
3820 case 1: gen_helper_neon_narrow_sat_u16(dest, cpu_env, src); break;
3821 case 2: gen_helper_neon_narrow_sat_u32(dest, cpu_env, src); break;
3822 default: abort();
3823 }
3824 }
3825
3826 static inline void gen_neon_unarrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
3827 {
3828 switch (size) {
3829 case 0: gen_helper_neon_unarrow_sat8(dest, cpu_env, src); break;
3830 case 1: gen_helper_neon_unarrow_sat16(dest, cpu_env, src); break;
3831 case 2: gen_helper_neon_unarrow_sat32(dest, cpu_env, src); break;
3832 default: abort();
3833 }
3834 }
3835
3836 static inline void gen_neon_shift_narrow(int size, TCGv_i32 var, TCGv_i32 shift,
3837 int q, int u)
3838 {
3839 if (q) {
3840 if (u) {
3841 switch (size) {
3842 case 1: gen_helper_neon_rshl_u16(var, var, shift); break;
3843 case 2: gen_helper_neon_rshl_u32(var, var, shift); break;
3844 default: abort();
3845 }
3846 } else {
3847 switch (size) {
3848 case 1: gen_helper_neon_rshl_s16(var, var, shift); break;
3849 case 2: gen_helper_neon_rshl_s32(var, var, shift); break;
3850 default: abort();
3851 }
3852 }
3853 } else {
3854 if (u) {
3855 switch (size) {
3856 case 1: gen_helper_neon_shl_u16(var, var, shift); break;
3857 case 2: gen_helper_neon_shl_u32(var, var, shift); break;
3858 default: abort();
3859 }
3860 } else {
3861 switch (size) {
3862 case 1: gen_helper_neon_shl_s16(var, var, shift); break;
3863 case 2: gen_helper_neon_shl_s32(var, var, shift); break;
3864 default: abort();
3865 }
3866 }
3867 }
3868 }
3869
3870 static inline void gen_neon_widen(TCGv_i64 dest, TCGv_i32 src, int size, int u)
3871 {
3872 if (u) {
3873 switch (size) {
3874 case 0: gen_helper_neon_widen_u8(dest, src); break;
3875 case 1: gen_helper_neon_widen_u16(dest, src); break;
3876 case 2: tcg_gen_extu_i32_i64(dest, src); break;
3877 default: abort();
3878 }
3879 } else {
3880 switch (size) {
3881 case 0: gen_helper_neon_widen_s8(dest, src); break;
3882 case 1: gen_helper_neon_widen_s16(dest, src); break;
3883 case 2: tcg_gen_ext_i32_i64(dest, src); break;
3884 default: abort();
3885 }
3886 }
3887 tcg_temp_free_i32(src);
3888 }
3889
3890 static inline void gen_neon_addl(int size)
3891 {
3892 switch (size) {
3893 case 0: gen_helper_neon_addl_u16(CPU_V001); break;
3894 case 1: gen_helper_neon_addl_u32(CPU_V001); break;
3895 case 2: tcg_gen_add_i64(CPU_V001); break;
3896 default: abort();
3897 }
3898 }
3899
3900 static inline void gen_neon_subl(int size)
3901 {
3902 switch (size) {
3903 case 0: gen_helper_neon_subl_u16(CPU_V001); break;
3904 case 1: gen_helper_neon_subl_u32(CPU_V001); break;
3905 case 2: tcg_gen_sub_i64(CPU_V001); break;
3906 default: abort();
3907 }
3908 }
3909
3910 static inline void gen_neon_negl(TCGv_i64 var, int size)
3911 {
3912 switch (size) {
3913 case 0: gen_helper_neon_negl_u16(var, var); break;
3914 case 1: gen_helper_neon_negl_u32(var, var); break;
3915 case 2:
3916 tcg_gen_neg_i64(var, var);
3917 break;
3918 default: abort();
3919 }
3920 }
3921
3922 static inline void gen_neon_addl_saturate(TCGv_i64 op0, TCGv_i64 op1, int size)
3923 {
3924 switch (size) {
3925 case 1: gen_helper_neon_addl_saturate_s32(op0, cpu_env, op0, op1); break;
3926 case 2: gen_helper_neon_addl_saturate_s64(op0, cpu_env, op0, op1); break;
3927 default: abort();
3928 }
3929 }
3930
3931 static inline void gen_neon_mull(TCGv_i64 dest, TCGv_i32 a, TCGv_i32 b,
3932 int size, int u)
3933 {
3934 TCGv_i64 tmp;
3935
3936 switch ((size << 1) | u) {
3937 case 0: gen_helper_neon_mull_s8(dest, a, b); break;
3938 case 1: gen_helper_neon_mull_u8(dest, a, b); break;
3939 case 2: gen_helper_neon_mull_s16(dest, a, b); break;
3940 case 3: gen_helper_neon_mull_u16(dest, a, b); break;
3941 case 4:
3942 tmp = gen_muls_i64_i32(a, b);
3943 tcg_gen_mov_i64(dest, tmp);
3944 tcg_temp_free_i64(tmp);
3945 break;
3946 case 5:
3947 tmp = gen_mulu_i64_i32(a, b);
3948 tcg_gen_mov_i64(dest, tmp);
3949 tcg_temp_free_i64(tmp);
3950 break;
3951 default: abort();
3952 }
3953
3954 /* gen_helper_neon_mull_[su]{8|16} do not free their parameters.
3955 Don't forget to clean them now. */
3956 if (size < 2) {
3957 tcg_temp_free_i32(a);
3958 tcg_temp_free_i32(b);
3959 }
3960 }
3961
3962 static void gen_neon_narrow_op(int op, int u, int size,
3963 TCGv_i32 dest, TCGv_i64 src)
3964 {
3965 if (op) {
3966 if (u) {
3967 gen_neon_unarrow_sats(size, dest, src);
3968 } else {
3969 gen_neon_narrow(size, dest, src);
3970 }
3971 } else {
3972 if (u) {
3973 gen_neon_narrow_satu(size, dest, src);
3974 } else {
3975 gen_neon_narrow_sats(size, dest, src);
3976 }
3977 }
3978 }
3979
3980 /* Symbolic constants for op fields for Neon 3-register same-length.
3981 * The values correspond to bits [11:8,4]; see the ARM ARM DDI0406B
3982 * table A7-9.
3983 */
3984 #define NEON_3R_VHADD 0
3985 #define NEON_3R_VQADD 1
3986 #define NEON_3R_VRHADD 2
3987 #define NEON_3R_LOGIC 3 /* VAND,VBIC,VORR,VMOV,VORN,VEOR,VBIF,VBIT,VBSL */
3988 #define NEON_3R_VHSUB 4
3989 #define NEON_3R_VQSUB 5
3990 #define NEON_3R_VCGT 6
3991 #define NEON_3R_VCGE 7
3992 #define NEON_3R_VSHL 8
3993 #define NEON_3R_VQSHL 9
3994 #define NEON_3R_VRSHL 10
3995 #define NEON_3R_VQRSHL 11
3996 #define NEON_3R_VMAX 12
3997 #define NEON_3R_VMIN 13
3998 #define NEON_3R_VABD 14
3999 #define NEON_3R_VABA 15
4000 #define NEON_3R_VADD_VSUB 16
4001 #define NEON_3R_VTST_VCEQ 17
4002 #define NEON_3R_VML 18 /* VMLA, VMLS */
4003 #define NEON_3R_VMUL 19
4004 #define NEON_3R_VPMAX 20
4005 #define NEON_3R_VPMIN 21
4006 #define NEON_3R_VQDMULH_VQRDMULH 22
4007 #define NEON_3R_VPADD_VQRDMLAH 23
4008 #define NEON_3R_SHA 24 /* SHA1C,SHA1P,SHA1M,SHA1SU0,SHA256H{2},SHA256SU1 */
4009 #define NEON_3R_VFM_VQRDMLSH 25 /* VFMA, VFMS, VQRDMLSH */
4010 #define NEON_3R_FLOAT_ARITH 26 /* float VADD, VSUB, VPADD, VABD */
4011 #define NEON_3R_FLOAT_MULTIPLY 27 /* float VMLA, VMLS, VMUL */
4012 #define NEON_3R_FLOAT_CMP 28 /* float VCEQ, VCGE, VCGT */
4013 #define NEON_3R_FLOAT_ACMP 29 /* float VACGE, VACGT, VACLE, VACLT */
4014 #define NEON_3R_FLOAT_MINMAX 30 /* float VMIN, VMAX */
4015 #define NEON_3R_FLOAT_MISC 31 /* float VRECPS, VRSQRTS, VMAXNM/MINNM */
4016
4017 static const uint8_t neon_3r_sizes[] = {
4018 [NEON_3R_VHADD] = 0x7,
4019 [NEON_3R_VQADD] = 0xf,
4020 [NEON_3R_VRHADD] = 0x7,
4021 [NEON_3R_LOGIC] = 0xf, /* size field encodes op type */
4022 [NEON_3R_VHSUB] = 0x7,
4023 [NEON_3R_VQSUB] = 0xf,
4024 [NEON_3R_VCGT] = 0x7,
4025 [NEON_3R_VCGE] = 0x7,
4026 [NEON_3R_VSHL] = 0xf,
4027 [NEON_3R_VQSHL] = 0xf,
4028 [NEON_3R_VRSHL] = 0xf,
4029 [NEON_3R_VQRSHL] = 0xf,
4030 [NEON_3R_VMAX] = 0x7,
4031 [NEON_3R_VMIN] = 0x7,
4032 [NEON_3R_VABD] = 0x7,
4033 [NEON_3R_VABA] = 0x7,
4034 [NEON_3R_VADD_VSUB] = 0xf,
4035 [NEON_3R_VTST_VCEQ] = 0x7,
4036 [NEON_3R_VML] = 0x7,
4037 [NEON_3R_VMUL] = 0x7,
4038 [NEON_3R_VPMAX] = 0x7,
4039 [NEON_3R_VPMIN] = 0x7,
4040 [NEON_3R_VQDMULH_VQRDMULH] = 0x6,
4041 [NEON_3R_VPADD_VQRDMLAH] = 0x7,
4042 [NEON_3R_SHA] = 0xf, /* size field encodes op type */
4043 [NEON_3R_VFM_VQRDMLSH] = 0x7, /* For VFM, size bit 1 encodes op */
4044 [NEON_3R_FLOAT_ARITH] = 0x5, /* size bit 1 encodes op */
4045 [NEON_3R_FLOAT_MULTIPLY] = 0x5, /* size bit 1 encodes op */
4046 [NEON_3R_FLOAT_CMP] = 0x5, /* size bit 1 encodes op */
4047 [NEON_3R_FLOAT_ACMP] = 0x5, /* size bit 1 encodes op */
4048 [NEON_3R_FLOAT_MINMAX] = 0x5, /* size bit 1 encodes op */
4049 [NEON_3R_FLOAT_MISC] = 0x5, /* size bit 1 encodes op */
4050 };
4051
4052 /* Symbolic constants for op fields for Neon 2-register miscellaneous.
4053 * The values correspond to bits [17:16,10:7]; see the ARM ARM DDI0406B
4054 * table A7-13.
4055 */
4056 #define NEON_2RM_VREV64 0
4057 #define NEON_2RM_VREV32 1
4058 #define NEON_2RM_VREV16 2
4059 #define NEON_2RM_VPADDL 4
4060 #define NEON_2RM_VPADDL_U 5
4061 #define NEON_2RM_AESE 6 /* Includes AESD */
4062 #define NEON_2RM_AESMC 7 /* Includes AESIMC */
4063 #define NEON_2RM_VCLS 8
4064 #define NEON_2RM_VCLZ 9
4065 #define NEON_2RM_VCNT 10
4066 #define NEON_2RM_VMVN 11
4067 #define NEON_2RM_VPADAL 12
4068 #define NEON_2RM_VPADAL_U 13
4069 #define NEON_2RM_VQABS 14
4070 #define NEON_2RM_VQNEG 15
4071 #define NEON_2RM_VCGT0 16
4072 #define NEON_2RM_VCGE0 17
4073 #define NEON_2RM_VCEQ0 18
4074 #define NEON_2RM_VCLE0 19
4075 #define NEON_2RM_VCLT0 20
4076 #define NEON_2RM_SHA1H 21
4077 #define NEON_2RM_VABS 22
4078 #define NEON_2RM_VNEG 23
4079 #define NEON_2RM_VCGT0_F 24
4080 #define NEON_2RM_VCGE0_F 25
4081 #define NEON_2RM_VCEQ0_F 26
4082 #define NEON_2RM_VCLE0_F 27
4083 #define NEON_2RM_VCLT0_F 28
4084 #define NEON_2RM_VABS_F 30
4085 #define NEON_2RM_VNEG_F 31
4086 #define NEON_2RM_VSWP 32
4087 #define NEON_2RM_VTRN 33
4088 #define NEON_2RM_VUZP 34
4089 #define NEON_2RM_VZIP 35
4090 #define NEON_2RM_VMOVN 36 /* Includes VQMOVN, VQMOVUN */
4091 #define NEON_2RM_VQMOVN 37 /* Includes VQMOVUN */
4092 #define NEON_2RM_VSHLL 38
4093 #define NEON_2RM_SHA1SU1 39 /* Includes SHA256SU0 */
4094 #define NEON_2RM_VRINTN 40
4095 #define NEON_2RM_VRINTX 41
4096 #define NEON_2RM_VRINTA 42
4097 #define NEON_2RM_VRINTZ 43
4098 #define NEON_2RM_VCVT_F16_F32 44
4099 #define NEON_2RM_VRINTM 45
4100 #define NEON_2RM_VCVT_F32_F16 46
4101 #define NEON_2RM_VRINTP 47
4102 #define NEON_2RM_VCVTAU 48
4103 #define NEON_2RM_VCVTAS 49
4104 #define NEON_2RM_VCVTNU 50
4105 #define NEON_2RM_VCVTNS 51
4106 #define NEON_2RM_VCVTPU 52
4107 #define NEON_2RM_VCVTPS 53
4108 #define NEON_2RM_VCVTMU 54
4109 #define NEON_2RM_VCVTMS 55
4110 #define NEON_2RM_VRECPE 56
4111 #define NEON_2RM_VRSQRTE 57
4112 #define NEON_2RM_VRECPE_F 58
4113 #define NEON_2RM_VRSQRTE_F 59
4114 #define NEON_2RM_VCVT_FS 60
4115 #define NEON_2RM_VCVT_FU 61
4116 #define NEON_2RM_VCVT_SF 62
4117 #define NEON_2RM_VCVT_UF 63
4118
4119 static bool neon_2rm_is_v8_op(int op)
4120 {
4121 /* Return true if this neon 2reg-misc op is ARMv8 and up */
4122 switch (op) {
4123 case NEON_2RM_VRINTN:
4124 case NEON_2RM_VRINTA:
4125 case NEON_2RM_VRINTM:
4126 case NEON_2RM_VRINTP:
4127 case NEON_2RM_VRINTZ:
4128 case NEON_2RM_VRINTX:
4129 case NEON_2RM_VCVTAU:
4130 case NEON_2RM_VCVTAS:
4131 case NEON_2RM_VCVTNU:
4132 case NEON_2RM_VCVTNS:
4133 case NEON_2RM_VCVTPU:
4134 case NEON_2RM_VCVTPS:
4135 case NEON_2RM_VCVTMU:
4136 case NEON_2RM_VCVTMS:
4137 return true;
4138 default:
4139 return false;
4140 }
4141 }
4142
4143 /* Each entry in this array has bit n set if the insn allows
4144 * size value n (otherwise it will UNDEF). Since unallocated
4145 * op values will have no bits set they always UNDEF.
4146 */
4147 static const uint8_t neon_2rm_sizes[] = {
4148 [NEON_2RM_VREV64] = 0x7,
4149 [NEON_2RM_VREV32] = 0x3,
4150 [NEON_2RM_VREV16] = 0x1,
4151 [NEON_2RM_VPADDL] = 0x7,
4152 [NEON_2RM_VPADDL_U] = 0x7,
4153 [NEON_2RM_AESE] = 0x1,
4154 [NEON_2RM_AESMC] = 0x1,
4155 [NEON_2RM_VCLS] = 0x7,
4156 [NEON_2RM_VCLZ] = 0x7,
4157 [NEON_2RM_VCNT] = 0x1,
4158 [NEON_2RM_VMVN] = 0x1,
4159 [NEON_2RM_VPADAL] = 0x7,
4160 [NEON_2RM_VPADAL_U] = 0x7,
4161 [NEON_2RM_VQABS] = 0x7,
4162 [NEON_2RM_VQNEG] = 0x7,
4163 [NEON_2RM_VCGT0] = 0x7,
4164 [NEON_2RM_VCGE0] = 0x7,
4165 [NEON_2RM_VCEQ0] = 0x7,
4166 [NEON_2RM_VCLE0] = 0x7,
4167 [NEON_2RM_VCLT0] = 0x7,
4168 [NEON_2RM_SHA1H] = 0x4,
4169 [NEON_2RM_VABS] = 0x7,
4170 [NEON_2RM_VNEG] = 0x7,
4171 [NEON_2RM_VCGT0_F] = 0x4,
4172 [NEON_2RM_VCGE0_F] = 0x4,
4173 [NEON_2RM_VCEQ0_F] = 0x4,
4174 [NEON_2RM_VCLE0_F] = 0x4,
4175 [NEON_2RM_VCLT0_F] = 0x4,
4176 [NEON_2RM_VABS_F] = 0x4,
4177 [NEON_2RM_VNEG_F] = 0x4,
4178 [NEON_2RM_VSWP] = 0x1,
4179 [NEON_2RM_VTRN] = 0x7,
4180 [NEON_2RM_VUZP] = 0x7,
4181 [NEON_2RM_VZIP] = 0x7,
4182 [NEON_2RM_VMOVN] = 0x7,
4183 [NEON_2RM_VQMOVN] = 0x7,
4184 [NEON_2RM_VSHLL] = 0x7,
4185 [NEON_2RM_SHA1SU1] = 0x4,
4186 [NEON_2RM_VRINTN] = 0x4,
4187 [NEON_2RM_VRINTX] = 0x4,
4188 [NEON_2RM_VRINTA] = 0x4,
4189 [NEON_2RM_VRINTZ] = 0x4,
4190 [NEON_2RM_VCVT_F16_F32] = 0x2,
4191 [NEON_2RM_VRINTM] = 0x4,
4192 [NEON_2RM_VCVT_F32_F16] = 0x2,
4193 [NEON_2RM_VRINTP] = 0x4,
4194 [NEON_2RM_VCVTAU] = 0x4,
4195 [NEON_2RM_VCVTAS] = 0x4,
4196 [NEON_2RM_VCVTNU] = 0x4,
4197 [NEON_2RM_VCVTNS] = 0x4,
4198 [NEON_2RM_VCVTPU] = 0x4,
4199 [NEON_2RM_VCVTPS] = 0x4,
4200 [NEON_2RM_VCVTMU] = 0x4,
4201 [NEON_2RM_VCVTMS] = 0x4,
4202 [NEON_2RM_VRECPE] = 0x4,
4203 [NEON_2RM_VRSQRTE] = 0x4,
4204 [NEON_2RM_VRECPE_F] = 0x4,
4205 [NEON_2RM_VRSQRTE_F] = 0x4,
4206 [NEON_2RM_VCVT_FS] = 0x4,
4207 [NEON_2RM_VCVT_FU] = 0x4,
4208 [NEON_2RM_VCVT_SF] = 0x4,
4209 [NEON_2RM_VCVT_UF] = 0x4,
4210 };
4211
4212
4213 /* Expand v8.1 simd helper. */
4214 static int do_v81_helper(DisasContext *s, gen_helper_gvec_3_ptr *fn,
4215 int q, int rd, int rn, int rm)
4216 {
4217 if (dc_isar_feature(aa32_rdm, s)) {
4218 int opr_sz = (1 + q) * 8;
4219 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd),
4220 vfp_reg_offset(1, rn),
4221 vfp_reg_offset(1, rm), cpu_env,
4222 opr_sz, opr_sz, 0, fn);
4223 return 0;
4224 }
4225 return 1;
4226 }
4227
4228 static void gen_ssra8_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4229 {
4230 tcg_gen_vec_sar8i_i64(a, a, shift);
4231 tcg_gen_vec_add8_i64(d, d, a);
4232 }
4233
4234 static void gen_ssra16_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4235 {
4236 tcg_gen_vec_sar16i_i64(a, a, shift);
4237 tcg_gen_vec_add16_i64(d, d, a);
4238 }
4239
4240 static void gen_ssra32_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4241 {
4242 tcg_gen_sari_i32(a, a, shift);
4243 tcg_gen_add_i32(d, d, a);
4244 }
4245
4246 static void gen_ssra64_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4247 {
4248 tcg_gen_sari_i64(a, a, shift);
4249 tcg_gen_add_i64(d, d, a);
4250 }
4251
4252 static void gen_ssra_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4253 {
4254 tcg_gen_sari_vec(vece, a, a, sh);
4255 tcg_gen_add_vec(vece, d, d, a);
4256 }
4257
4258 static const TCGOpcode vecop_list_ssra[] = {
4259 INDEX_op_sari_vec, INDEX_op_add_vec, 0
4260 };
4261
4262 const GVecGen2i ssra_op[4] = {
4263 { .fni8 = gen_ssra8_i64,
4264 .fniv = gen_ssra_vec,
4265 .load_dest = true,
4266 .opt_opc = vecop_list_ssra,
4267 .vece = MO_8 },
4268 { .fni8 = gen_ssra16_i64,
4269 .fniv = gen_ssra_vec,
4270 .load_dest = true,
4271 .opt_opc = vecop_list_ssra,
4272 .vece = MO_16 },
4273 { .fni4 = gen_ssra32_i32,
4274 .fniv = gen_ssra_vec,
4275 .load_dest = true,
4276 .opt_opc = vecop_list_ssra,
4277 .vece = MO_32 },
4278 { .fni8 = gen_ssra64_i64,
4279 .fniv = gen_ssra_vec,
4280 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4281 .opt_opc = vecop_list_ssra,
4282 .load_dest = true,
4283 .vece = MO_64 },
4284 };
4285
4286 static void gen_usra8_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4287 {
4288 tcg_gen_vec_shr8i_i64(a, a, shift);
4289 tcg_gen_vec_add8_i64(d, d, a);
4290 }
4291
4292 static void gen_usra16_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4293 {
4294 tcg_gen_vec_shr16i_i64(a, a, shift);
4295 tcg_gen_vec_add16_i64(d, d, a);
4296 }
4297
4298 static void gen_usra32_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4299 {
4300 tcg_gen_shri_i32(a, a, shift);
4301 tcg_gen_add_i32(d, d, a);
4302 }
4303
4304 static void gen_usra64_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4305 {
4306 tcg_gen_shri_i64(a, a, shift);
4307 tcg_gen_add_i64(d, d, a);
4308 }
4309
4310 static void gen_usra_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4311 {
4312 tcg_gen_shri_vec(vece, a, a, sh);
4313 tcg_gen_add_vec(vece, d, d, a);
4314 }
4315
4316 static const TCGOpcode vecop_list_usra[] = {
4317 INDEX_op_shri_vec, INDEX_op_add_vec, 0
4318 };
4319
4320 const GVecGen2i usra_op[4] = {
4321 { .fni8 = gen_usra8_i64,
4322 .fniv = gen_usra_vec,
4323 .load_dest = true,
4324 .opt_opc = vecop_list_usra,
4325 .vece = MO_8, },
4326 { .fni8 = gen_usra16_i64,
4327 .fniv = gen_usra_vec,
4328 .load_dest = true,
4329 .opt_opc = vecop_list_usra,
4330 .vece = MO_16, },
4331 { .fni4 = gen_usra32_i32,
4332 .fniv = gen_usra_vec,
4333 .load_dest = true,
4334 .opt_opc = vecop_list_usra,
4335 .vece = MO_32, },
4336 { .fni8 = gen_usra64_i64,
4337 .fniv = gen_usra_vec,
4338 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4339 .load_dest = true,
4340 .opt_opc = vecop_list_usra,
4341 .vece = MO_64, },
4342 };
4343
4344 static void gen_shr8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4345 {
4346 uint64_t mask = dup_const(MO_8, 0xff >> shift);
4347 TCGv_i64 t = tcg_temp_new_i64();
4348
4349 tcg_gen_shri_i64(t, a, shift);
4350 tcg_gen_andi_i64(t, t, mask);
4351 tcg_gen_andi_i64(d, d, ~mask);
4352 tcg_gen_or_i64(d, d, t);
4353 tcg_temp_free_i64(t);
4354 }
4355
4356 static void gen_shr16_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4357 {
4358 uint64_t mask = dup_const(MO_16, 0xffff >> shift);
4359 TCGv_i64 t = tcg_temp_new_i64();
4360
4361 tcg_gen_shri_i64(t, a, shift);
4362 tcg_gen_andi_i64(t, t, mask);
4363 tcg_gen_andi_i64(d, d, ~mask);
4364 tcg_gen_or_i64(d, d, t);
4365 tcg_temp_free_i64(t);
4366 }
4367
4368 static void gen_shr32_ins_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4369 {
4370 tcg_gen_shri_i32(a, a, shift);
4371 tcg_gen_deposit_i32(d, d, a, 0, 32 - shift);
4372 }
4373
4374 static void gen_shr64_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4375 {
4376 tcg_gen_shri_i64(a, a, shift);
4377 tcg_gen_deposit_i64(d, d, a, 0, 64 - shift);
4378 }
4379
4380 static void gen_shr_ins_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4381 {
4382 if (sh == 0) {
4383 tcg_gen_mov_vec(d, a);
4384 } else {
4385 TCGv_vec t = tcg_temp_new_vec_matching(d);
4386 TCGv_vec m = tcg_temp_new_vec_matching(d);
4387
4388 tcg_gen_dupi_vec(vece, m, MAKE_64BIT_MASK((8 << vece) - sh, sh));
4389 tcg_gen_shri_vec(vece, t, a, sh);
4390 tcg_gen_and_vec(vece, d, d, m);
4391 tcg_gen_or_vec(vece, d, d, t);
4392
4393 tcg_temp_free_vec(t);
4394 tcg_temp_free_vec(m);
4395 }
4396 }
4397
4398 static const TCGOpcode vecop_list_sri[] = { INDEX_op_shri_vec, 0 };
4399
4400 const GVecGen2i sri_op[4] = {
4401 { .fni8 = gen_shr8_ins_i64,
4402 .fniv = gen_shr_ins_vec,
4403 .load_dest = true,
4404 .opt_opc = vecop_list_sri,
4405 .vece = MO_8 },
4406 { .fni8 = gen_shr16_ins_i64,
4407 .fniv = gen_shr_ins_vec,
4408 .load_dest = true,
4409 .opt_opc = vecop_list_sri,
4410 .vece = MO_16 },
4411 { .fni4 = gen_shr32_ins_i32,
4412 .fniv = gen_shr_ins_vec,
4413 .load_dest = true,
4414 .opt_opc = vecop_list_sri,
4415 .vece = MO_32 },
4416 { .fni8 = gen_shr64_ins_i64,
4417 .fniv = gen_shr_ins_vec,
4418 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4419 .load_dest = true,
4420 .opt_opc = vecop_list_sri,
4421 .vece = MO_64 },
4422 };
4423
4424 static void gen_shl8_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4425 {
4426 uint64_t mask = dup_const(MO_8, 0xff << shift);
4427 TCGv_i64 t = tcg_temp_new_i64();
4428
4429 tcg_gen_shli_i64(t, a, shift);
4430 tcg_gen_andi_i64(t, t, mask);
4431 tcg_gen_andi_i64(d, d, ~mask);
4432 tcg_gen_or_i64(d, d, t);
4433 tcg_temp_free_i64(t);
4434 }
4435
4436 static void gen_shl16_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4437 {
4438 uint64_t mask = dup_const(MO_16, 0xffff << shift);
4439 TCGv_i64 t = tcg_temp_new_i64();
4440
4441 tcg_gen_shli_i64(t, a, shift);
4442 tcg_gen_andi_i64(t, t, mask);
4443 tcg_gen_andi_i64(d, d, ~mask);
4444 tcg_gen_or_i64(d, d, t);
4445 tcg_temp_free_i64(t);
4446 }
4447
4448 static void gen_shl32_ins_i32(TCGv_i32 d, TCGv_i32 a, int32_t shift)
4449 {
4450 tcg_gen_deposit_i32(d, d, a, shift, 32 - shift);
4451 }
4452
4453 static void gen_shl64_ins_i64(TCGv_i64 d, TCGv_i64 a, int64_t shift)
4454 {
4455 tcg_gen_deposit_i64(d, d, a, shift, 64 - shift);
4456 }
4457
4458 static void gen_shl_ins_vec(unsigned vece, TCGv_vec d, TCGv_vec a, int64_t sh)
4459 {
4460 if (sh == 0) {
4461 tcg_gen_mov_vec(d, a);
4462 } else {
4463 TCGv_vec t = tcg_temp_new_vec_matching(d);
4464 TCGv_vec m = tcg_temp_new_vec_matching(d);
4465
4466 tcg_gen_dupi_vec(vece, m, MAKE_64BIT_MASK(0, sh));
4467 tcg_gen_shli_vec(vece, t, a, sh);
4468 tcg_gen_and_vec(vece, d, d, m);
4469 tcg_gen_or_vec(vece, d, d, t);
4470
4471 tcg_temp_free_vec(t);
4472 tcg_temp_free_vec(m);
4473 }
4474 }
4475
4476 static const TCGOpcode vecop_list_sli[] = { INDEX_op_shli_vec, 0 };
4477
4478 const GVecGen2i sli_op[4] = {
4479 { .fni8 = gen_shl8_ins_i64,
4480 .fniv = gen_shl_ins_vec,
4481 .load_dest = true,
4482 .opt_opc = vecop_list_sli,
4483 .vece = MO_8 },
4484 { .fni8 = gen_shl16_ins_i64,
4485 .fniv = gen_shl_ins_vec,
4486 .load_dest = true,
4487 .opt_opc = vecop_list_sli,
4488 .vece = MO_16 },
4489 { .fni4 = gen_shl32_ins_i32,
4490 .fniv = gen_shl_ins_vec,
4491 .load_dest = true,
4492 .opt_opc = vecop_list_sli,
4493 .vece = MO_32 },
4494 { .fni8 = gen_shl64_ins_i64,
4495 .fniv = gen_shl_ins_vec,
4496 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4497 .load_dest = true,
4498 .opt_opc = vecop_list_sli,
4499 .vece = MO_64 },
4500 };
4501
4502 static void gen_mla8_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4503 {
4504 gen_helper_neon_mul_u8(a, a, b);
4505 gen_helper_neon_add_u8(d, d, a);
4506 }
4507
4508 static void gen_mls8_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4509 {
4510 gen_helper_neon_mul_u8(a, a, b);
4511 gen_helper_neon_sub_u8(d, d, a);
4512 }
4513
4514 static void gen_mla16_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4515 {
4516 gen_helper_neon_mul_u16(a, a, b);
4517 gen_helper_neon_add_u16(d, d, a);
4518 }
4519
4520 static void gen_mls16_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4521 {
4522 gen_helper_neon_mul_u16(a, a, b);
4523 gen_helper_neon_sub_u16(d, d, a);
4524 }
4525
4526 static void gen_mla32_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4527 {
4528 tcg_gen_mul_i32(a, a, b);
4529 tcg_gen_add_i32(d, d, a);
4530 }
4531
4532 static void gen_mls32_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4533 {
4534 tcg_gen_mul_i32(a, a, b);
4535 tcg_gen_sub_i32(d, d, a);
4536 }
4537
4538 static void gen_mla64_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4539 {
4540 tcg_gen_mul_i64(a, a, b);
4541 tcg_gen_add_i64(d, d, a);
4542 }
4543
4544 static void gen_mls64_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4545 {
4546 tcg_gen_mul_i64(a, a, b);
4547 tcg_gen_sub_i64(d, d, a);
4548 }
4549
4550 static void gen_mla_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4551 {
4552 tcg_gen_mul_vec(vece, a, a, b);
4553 tcg_gen_add_vec(vece, d, d, a);
4554 }
4555
4556 static void gen_mls_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4557 {
4558 tcg_gen_mul_vec(vece, a, a, b);
4559 tcg_gen_sub_vec(vece, d, d, a);
4560 }
4561
4562 /* Note that while NEON does not support VMLA and VMLS as 64-bit ops,
4563 * these tables are shared with AArch64 which does support them.
4564 */
4565
4566 static const TCGOpcode vecop_list_mla[] = {
4567 INDEX_op_mul_vec, INDEX_op_add_vec, 0
4568 };
4569
4570 static const TCGOpcode vecop_list_mls[] = {
4571 INDEX_op_mul_vec, INDEX_op_sub_vec, 0
4572 };
4573
4574 const GVecGen3 mla_op[4] = {
4575 { .fni4 = gen_mla8_i32,
4576 .fniv = gen_mla_vec,
4577 .load_dest = true,
4578 .opt_opc = vecop_list_mla,
4579 .vece = MO_8 },
4580 { .fni4 = gen_mla16_i32,
4581 .fniv = gen_mla_vec,
4582 .load_dest = true,
4583 .opt_opc = vecop_list_mla,
4584 .vece = MO_16 },
4585 { .fni4 = gen_mla32_i32,
4586 .fniv = gen_mla_vec,
4587 .load_dest = true,
4588 .opt_opc = vecop_list_mla,
4589 .vece = MO_32 },
4590 { .fni8 = gen_mla64_i64,
4591 .fniv = gen_mla_vec,
4592 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4593 .load_dest = true,
4594 .opt_opc = vecop_list_mla,
4595 .vece = MO_64 },
4596 };
4597
4598 const GVecGen3 mls_op[4] = {
4599 { .fni4 = gen_mls8_i32,
4600 .fniv = gen_mls_vec,
4601 .load_dest = true,
4602 .opt_opc = vecop_list_mls,
4603 .vece = MO_8 },
4604 { .fni4 = gen_mls16_i32,
4605 .fniv = gen_mls_vec,
4606 .load_dest = true,
4607 .opt_opc = vecop_list_mls,
4608 .vece = MO_16 },
4609 { .fni4 = gen_mls32_i32,
4610 .fniv = gen_mls_vec,
4611 .load_dest = true,
4612 .opt_opc = vecop_list_mls,
4613 .vece = MO_32 },
4614 { .fni8 = gen_mls64_i64,
4615 .fniv = gen_mls_vec,
4616 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4617 .load_dest = true,
4618 .opt_opc = vecop_list_mls,
4619 .vece = MO_64 },
4620 };
4621
4622 /* CMTST : test is "if (X & Y != 0)". */
4623 static void gen_cmtst_i32(TCGv_i32 d, TCGv_i32 a, TCGv_i32 b)
4624 {
4625 tcg_gen_and_i32(d, a, b);
4626 tcg_gen_setcondi_i32(TCG_COND_NE, d, d, 0);
4627 tcg_gen_neg_i32(d, d);
4628 }
4629
4630 void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b)
4631 {
4632 tcg_gen_and_i64(d, a, b);
4633 tcg_gen_setcondi_i64(TCG_COND_NE, d, d, 0);
4634 tcg_gen_neg_i64(d, d);
4635 }
4636
4637 static void gen_cmtst_vec(unsigned vece, TCGv_vec d, TCGv_vec a, TCGv_vec b)
4638 {
4639 tcg_gen_and_vec(vece, d, a, b);
4640 tcg_gen_dupi_vec(vece, a, 0);
4641 tcg_gen_cmp_vec(TCG_COND_NE, vece, d, d, a);
4642 }
4643
4644 static const TCGOpcode vecop_list_cmtst[] = { INDEX_op_cmp_vec, 0 };
4645
4646 const GVecGen3 cmtst_op[4] = {
4647 { .fni4 = gen_helper_neon_tst_u8,
4648 .fniv = gen_cmtst_vec,
4649 .opt_opc = vecop_list_cmtst,
4650 .vece = MO_8 },
4651 { .fni4 = gen_helper_neon_tst_u16,
4652 .fniv = gen_cmtst_vec,
4653 .opt_opc = vecop_list_cmtst,
4654 .vece = MO_16 },
4655 { .fni4 = gen_cmtst_i32,
4656 .fniv = gen_cmtst_vec,
4657 .opt_opc = vecop_list_cmtst,
4658 .vece = MO_32 },
4659 { .fni8 = gen_cmtst_i64,
4660 .fniv = gen_cmtst_vec,
4661 .prefer_i64 = TCG_TARGET_REG_BITS == 64,
4662 .opt_opc = vecop_list_cmtst,
4663 .vece = MO_64 },
4664 };
4665
4666 static void gen_uqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4667 TCGv_vec a, TCGv_vec b)
4668 {
4669 TCGv_vec x = tcg_temp_new_vec_matching(t);
4670 tcg_gen_add_vec(vece, x, a, b);
4671 tcg_gen_usadd_vec(vece, t, a, b);
4672 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4673 tcg_gen_or_vec(vece, sat, sat, x);
4674 tcg_temp_free_vec(x);
4675 }
4676
4677 static const TCGOpcode vecop_list_uqadd[] = {
4678 INDEX_op_usadd_vec, INDEX_op_cmp_vec, INDEX_op_add_vec, 0
4679 };
4680
4681 const GVecGen4 uqadd_op[4] = {
4682 { .fniv = gen_uqadd_vec,
4683 .fno = gen_helper_gvec_uqadd_b,
4684 .write_aofs = true,
4685 .opt_opc = vecop_list_uqadd,
4686 .vece = MO_8 },
4687 { .fniv = gen_uqadd_vec,
4688 .fno = gen_helper_gvec_uqadd_h,
4689 .write_aofs = true,
4690 .opt_opc = vecop_list_uqadd,
4691 .vece = MO_16 },
4692 { .fniv = gen_uqadd_vec,
4693 .fno = gen_helper_gvec_uqadd_s,
4694 .write_aofs = true,
4695 .opt_opc = vecop_list_uqadd,
4696 .vece = MO_32 },
4697 { .fniv = gen_uqadd_vec,
4698 .fno = gen_helper_gvec_uqadd_d,
4699 .write_aofs = true,
4700 .opt_opc = vecop_list_uqadd,
4701 .vece = MO_64 },
4702 };
4703
4704 static void gen_sqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4705 TCGv_vec a, TCGv_vec b)
4706 {
4707 TCGv_vec x = tcg_temp_new_vec_matching(t);
4708 tcg_gen_add_vec(vece, x, a, b);
4709 tcg_gen_ssadd_vec(vece, t, a, b);
4710 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4711 tcg_gen_or_vec(vece, sat, sat, x);
4712 tcg_temp_free_vec(x);
4713 }
4714
4715 static const TCGOpcode vecop_list_sqadd[] = {
4716 INDEX_op_ssadd_vec, INDEX_op_cmp_vec, INDEX_op_add_vec, 0
4717 };
4718
4719 const GVecGen4 sqadd_op[4] = {
4720 { .fniv = gen_sqadd_vec,
4721 .fno = gen_helper_gvec_sqadd_b,
4722 .opt_opc = vecop_list_sqadd,
4723 .write_aofs = true,
4724 .vece = MO_8 },
4725 { .fniv = gen_sqadd_vec,
4726 .fno = gen_helper_gvec_sqadd_h,
4727 .opt_opc = vecop_list_sqadd,
4728 .write_aofs = true,
4729 .vece = MO_16 },
4730 { .fniv = gen_sqadd_vec,
4731 .fno = gen_helper_gvec_sqadd_s,
4732 .opt_opc = vecop_list_sqadd,
4733 .write_aofs = true,
4734 .vece = MO_32 },
4735 { .fniv = gen_sqadd_vec,
4736 .fno = gen_helper_gvec_sqadd_d,
4737 .opt_opc = vecop_list_sqadd,
4738 .write_aofs = true,
4739 .vece = MO_64 },
4740 };
4741
4742 static void gen_uqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4743 TCGv_vec a, TCGv_vec b)
4744 {
4745 TCGv_vec x = tcg_temp_new_vec_matching(t);
4746 tcg_gen_sub_vec(vece, x, a, b);
4747 tcg_gen_ussub_vec(vece, t, a, b);
4748 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4749 tcg_gen_or_vec(vece, sat, sat, x);
4750 tcg_temp_free_vec(x);
4751 }
4752
4753 static const TCGOpcode vecop_list_uqsub[] = {
4754 INDEX_op_ussub_vec, INDEX_op_cmp_vec, INDEX_op_sub_vec, 0
4755 };
4756
4757 const GVecGen4 uqsub_op[4] = {
4758 { .fniv = gen_uqsub_vec,
4759 .fno = gen_helper_gvec_uqsub_b,
4760 .opt_opc = vecop_list_uqsub,
4761 .write_aofs = true,
4762 .vece = MO_8 },
4763 { .fniv = gen_uqsub_vec,
4764 .fno = gen_helper_gvec_uqsub_h,
4765 .opt_opc = vecop_list_uqsub,
4766 .write_aofs = true,
4767 .vece = MO_16 },
4768 { .fniv = gen_uqsub_vec,
4769 .fno = gen_helper_gvec_uqsub_s,
4770 .opt_opc = vecop_list_uqsub,
4771 .write_aofs = true,
4772 .vece = MO_32 },
4773 { .fniv = gen_uqsub_vec,
4774 .fno = gen_helper_gvec_uqsub_d,
4775 .opt_opc = vecop_list_uqsub,
4776 .write_aofs = true,
4777 .vece = MO_64 },
4778 };
4779
4780 static void gen_sqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
4781 TCGv_vec a, TCGv_vec b)
4782 {
4783 TCGv_vec x = tcg_temp_new_vec_matching(t);
4784 tcg_gen_sub_vec(vece, x, a, b);
4785 tcg_gen_sssub_vec(vece, t, a, b);
4786 tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
4787 tcg_gen_or_vec(vece, sat, sat, x);
4788 tcg_temp_free_vec(x);
4789 }
4790
4791 static const TCGOpcode vecop_list_sqsub[] = {
4792 INDEX_op_sssub_vec, INDEX_op_cmp_vec, INDEX_op_sub_vec, 0
4793 };
4794
4795 const GVecGen4 sqsub_op[4] = {
4796 { .fniv = gen_sqsub_vec,
4797 .fno = gen_helper_gvec_sqsub_b,
4798 .opt_opc = vecop_list_sqsub,
4799 .write_aofs = true,
4800 .vece = MO_8 },
4801 { .fniv = gen_sqsub_vec,
4802 .fno = gen_helper_gvec_sqsub_h,
4803 .opt_opc = vecop_list_sqsub,
4804 .write_aofs = true,
4805 .vece = MO_16 },
4806 { .fniv = gen_sqsub_vec,
4807 .fno = gen_helper_gvec_sqsub_s,
4808 .opt_opc = vecop_list_sqsub,
4809 .write_aofs = true,
4810 .vece = MO_32 },
4811 { .fniv = gen_sqsub_vec,
4812 .fno = gen_helper_gvec_sqsub_d,
4813 .opt_opc = vecop_list_sqsub,
4814 .write_aofs = true,
4815 .vece = MO_64 },
4816 };
4817
4818 /* Translate a NEON data processing instruction. Return nonzero if the
4819 instruction is invalid.
4820 We process data in a mixture of 32-bit and 64-bit chunks.
4821 Mostly we use 32-bit chunks so we can use normal scalar instructions. */
4822
4823 static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
4824 {
4825 int op;
4826 int q;
4827 int rd, rn, rm, rd_ofs, rn_ofs, rm_ofs;
4828 int size;
4829 int shift;
4830 int pass;
4831 int count;
4832 int pairwise;
4833 int u;
4834 int vec_size;
4835 uint32_t imm;
4836 TCGv_i32 tmp, tmp2, tmp3, tmp4, tmp5;
4837 TCGv_ptr ptr1, ptr2, ptr3;
4838 TCGv_i64 tmp64;
4839
4840 /* FIXME: this access check should not take precedence over UNDEF
4841 * for invalid encodings; we will generate incorrect syndrome information
4842 * for attempts to execute invalid vfp/neon encodings with FP disabled.
4843 */
4844 if (s->fp_excp_el) {
4845 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
4846 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
4847 return 0;
4848 }
4849
4850 if (!s->vfp_enabled)
4851 return 1;
4852 q = (insn & (1 << 6)) != 0;
4853 u = (insn >> 24) & 1;
4854 VFP_DREG_D(rd, insn);
4855 VFP_DREG_N(rn, insn);
4856 VFP_DREG_M(rm, insn);
4857 size = (insn >> 20) & 3;
4858 vec_size = q ? 16 : 8;
4859 rd_ofs = neon_reg_offset(rd, 0);
4860 rn_ofs = neon_reg_offset(rn, 0);
4861 rm_ofs = neon_reg_offset(rm, 0);
4862
4863 if ((insn & (1 << 23)) == 0) {
4864 /* Three register same length. */
4865 op = ((insn >> 7) & 0x1e) | ((insn >> 4) & 1);
4866 /* Catch invalid op and bad size combinations: UNDEF */
4867 if ((neon_3r_sizes[op] & (1 << size)) == 0) {
4868 return 1;
4869 }
4870 /* All insns of this form UNDEF for either this condition or the
4871 * superset of cases "Q==1"; we catch the latter later.
4872 */
4873 if (q && ((rd | rn | rm) & 1)) {
4874 return 1;
4875 }
4876 switch (op) {
4877 case NEON_3R_SHA:
4878 /* The SHA-1/SHA-256 3-register instructions require special
4879 * treatment here, as their size field is overloaded as an
4880 * op type selector, and they all consume their input in a
4881 * single pass.
4882 */
4883 if (!q) {
4884 return 1;
4885 }
4886 if (!u) { /* SHA-1 */
4887 if (!dc_isar_feature(aa32_sha1, s)) {
4888 return 1;
4889 }
4890 ptr1 = vfp_reg_ptr(true, rd);
4891 ptr2 = vfp_reg_ptr(true, rn);
4892 ptr3 = vfp_reg_ptr(true, rm);
4893 tmp4 = tcg_const_i32(size);
4894 gen_helper_crypto_sha1_3reg(ptr1, ptr2, ptr3, tmp4);
4895 tcg_temp_free_i32(tmp4);
4896 } else { /* SHA-256 */
4897 if (!dc_isar_feature(aa32_sha2, s) || size == 3) {
4898 return 1;
4899 }
4900 ptr1 = vfp_reg_ptr(true, rd);
4901 ptr2 = vfp_reg_ptr(true, rn);
4902 ptr3 = vfp_reg_ptr(true, rm);
4903 switch (size) {
4904 case 0:
4905 gen_helper_crypto_sha256h(ptr1, ptr2, ptr3);
4906 break;
4907 case 1:
4908 gen_helper_crypto_sha256h2(ptr1, ptr2, ptr3);
4909 break;
4910 case 2:
4911 gen_helper_crypto_sha256su1(ptr1, ptr2, ptr3);
4912 break;
4913 }
4914 }
4915 tcg_temp_free_ptr(ptr1);
4916 tcg_temp_free_ptr(ptr2);
4917 tcg_temp_free_ptr(ptr3);
4918 return 0;
4919
4920 case NEON_3R_VPADD_VQRDMLAH:
4921 if (!u) {
4922 break; /* VPADD */
4923 }
4924 /* VQRDMLAH */
4925 switch (size) {
4926 case 1:
4927 return do_v81_helper(s, gen_helper_gvec_qrdmlah_s16,
4928 q, rd, rn, rm);
4929 case 2:
4930 return do_v81_helper(s, gen_helper_gvec_qrdmlah_s32,
4931 q, rd, rn, rm);
4932 }
4933 return 1;
4934
4935 case NEON_3R_VFM_VQRDMLSH:
4936 if (!u) {
4937 /* VFM, VFMS */
4938 if (size == 1) {
4939 return 1;
4940 }
4941 break;
4942 }
4943 /* VQRDMLSH */
4944 switch (size) {
4945 case 1:
4946 return do_v81_helper(s, gen_helper_gvec_qrdmlsh_s16,
4947 q, rd, rn, rm);
4948 case 2:
4949 return do_v81_helper(s, gen_helper_gvec_qrdmlsh_s32,
4950 q, rd, rn, rm);
4951 }
4952 return 1;
4953
4954 case NEON_3R_LOGIC: /* Logic ops. */
4955 switch ((u << 2) | size) {
4956 case 0: /* VAND */
4957 tcg_gen_gvec_and(0, rd_ofs, rn_ofs, rm_ofs,
4958 vec_size, vec_size);
4959 break;
4960 case 1: /* VBIC */
4961 tcg_gen_gvec_andc(0, rd_ofs, rn_ofs, rm_ofs,
4962 vec_size, vec_size);
4963 break;
4964 case 2: /* VORR */
4965 tcg_gen_gvec_or(0, rd_ofs, rn_ofs, rm_ofs,
4966 vec_size, vec_size);
4967 break;
4968 case 3: /* VORN */
4969 tcg_gen_gvec_orc(0, rd_ofs, rn_ofs, rm_ofs,
4970 vec_size, vec_size);
4971 break;
4972 case 4: /* VEOR */
4973 tcg_gen_gvec_xor(0, rd_ofs, rn_ofs, rm_ofs,
4974 vec_size, vec_size);
4975 break;
4976 case 5: /* VBSL */
4977 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rd_ofs, rn_ofs, rm_ofs,
4978 vec_size, vec_size);
4979 break;
4980 case 6: /* VBIT */
4981 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rm_ofs, rn_ofs, rd_ofs,
4982 vec_size, vec_size);
4983 break;
4984 case 7: /* VBIF */
4985 tcg_gen_gvec_bitsel(MO_8, rd_ofs, rm_ofs, rd_ofs, rn_ofs,
4986 vec_size, vec_size);
4987 break;
4988 }
4989 return 0;
4990
4991 case NEON_3R_VADD_VSUB:
4992 if (u) {
4993 tcg_gen_gvec_sub(size, rd_ofs, rn_ofs, rm_ofs,
4994 vec_size, vec_size);
4995 } else {
4996 tcg_gen_gvec_add(size, rd_ofs, rn_ofs, rm_ofs,
4997 vec_size, vec_size);
4998 }
4999 return 0;
5000
5001 case NEON_3R_VQADD:
5002 tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
5003 rn_ofs, rm_ofs, vec_size, vec_size,
5004 (u ? uqadd_op : sqadd_op) + size);
5005 return 0;
5006
5007 case NEON_3R_VQSUB:
5008 tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
5009 rn_ofs, rm_ofs, vec_size, vec_size,
5010 (u ? uqsub_op : sqsub_op) + size);
5011 return 0;
5012
5013 case NEON_3R_VMUL: /* VMUL */
5014 if (u) {
5015 /* Polynomial case allows only P8 and is handled below. */
5016 if (size != 0) {
5017 return 1;
5018 }
5019 } else {
5020 tcg_gen_gvec_mul(size, rd_ofs, rn_ofs, rm_ofs,
5021 vec_size, vec_size);
5022 return 0;
5023 }
5024 break;
5025
5026 case NEON_3R_VML: /* VMLA, VMLS */
5027 tcg_gen_gvec_3(rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size,
5028 u ? &mls_op[size] : &mla_op[size]);
5029 return 0;
5030
5031 case NEON_3R_VTST_VCEQ:
5032 if (u) { /* VCEQ */
5033 tcg_gen_gvec_cmp(TCG_COND_EQ, size, rd_ofs, rn_ofs, rm_ofs,
5034 vec_size, vec_size);
5035 } else { /* VTST */
5036 tcg_gen_gvec_3(rd_ofs, rn_ofs, rm_ofs,
5037 vec_size, vec_size, &cmtst_op[size]);
5038 }
5039 return 0;
5040
5041 case NEON_3R_VCGT:
5042 tcg_gen_gvec_cmp(u ? TCG_COND_GTU : TCG_COND_GT, size,
5043 rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size);
5044 return 0;
5045
5046 case NEON_3R_VCGE:
5047 tcg_gen_gvec_cmp(u ? TCG_COND_GEU : TCG_COND_GE, size,
5048 rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size);
5049 return 0;
5050
5051 case NEON_3R_VMAX:
5052 if (u) {
5053 tcg_gen_gvec_umax(size, rd_ofs, rn_ofs, rm_ofs,
5054 vec_size, vec_size);
5055 } else {
5056 tcg_gen_gvec_smax(size, rd_ofs, rn_ofs, rm_ofs,
5057 vec_size, vec_size);
5058 }
5059 return 0;
5060 case NEON_3R_VMIN:
5061 if (u) {
5062 tcg_gen_gvec_umin(size, rd_ofs, rn_ofs, rm_ofs,
5063 vec_size, vec_size);
5064 } else {
5065 tcg_gen_gvec_smin(size, rd_ofs, rn_ofs, rm_ofs,
5066 vec_size, vec_size);
5067 }
5068 return 0;
5069 }
5070
5071 if (size == 3) {
5072 /* 64-bit element instructions. */
5073 for (pass = 0; pass < (q ? 2 : 1); pass++) {
5074 neon_load_reg64(cpu_V0, rn + pass);
5075 neon_load_reg64(cpu_V1, rm + pass);
5076 switch (op) {
5077 case NEON_3R_VSHL:
5078 if (u) {
5079 gen_helper_neon_shl_u64(cpu_V0, cpu_V1, cpu_V0);
5080 } else {
5081 gen_helper_neon_shl_s64(cpu_V0, cpu_V1, cpu_V0);
5082 }
5083 break;
5084 case NEON_3R_VQSHL:
5085 if (u) {
5086 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5087 cpu_V1, cpu_V0);
5088 } else {
5089 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5090 cpu_V1, cpu_V0);
5091 }
5092 break;
5093 case NEON_3R_VRSHL:
5094 if (u) {
5095 gen_helper_neon_rshl_u64(cpu_V0, cpu_V1, cpu_V0);
5096 } else {
5097 gen_helper_neon_rshl_s64(cpu_V0, cpu_V1, cpu_V0);
5098 }
5099 break;
5100 case NEON_3R_VQRSHL:
5101 if (u) {
5102 gen_helper_neon_qrshl_u64(cpu_V0, cpu_env,
5103 cpu_V1, cpu_V0);
5104 } else {
5105 gen_helper_neon_qrshl_s64(cpu_V0, cpu_env,
5106 cpu_V1, cpu_V0);
5107 }
5108 break;
5109 default:
5110 abort();
5111 }
5112 neon_store_reg64(cpu_V0, rd + pass);
5113 }
5114 return 0;
5115 }
5116 pairwise = 0;
5117 switch (op) {
5118 case NEON_3R_VSHL:
5119 case NEON_3R_VQSHL:
5120 case NEON_3R_VRSHL:
5121 case NEON_3R_VQRSHL:
5122 {
5123 int rtmp;
5124 /* Shift instruction operands are reversed. */
5125 rtmp = rn;
5126 rn = rm;
5127 rm = rtmp;
5128 }
5129 break;
5130 case NEON_3R_VPADD_VQRDMLAH:
5131 case NEON_3R_VPMAX:
5132 case NEON_3R_VPMIN:
5133 pairwise = 1;
5134 break;
5135 case NEON_3R_FLOAT_ARITH:
5136 pairwise = (u && size < 2); /* if VPADD (float) */
5137 break;
5138 case NEON_3R_FLOAT_MINMAX:
5139 pairwise = u; /* if VPMIN/VPMAX (float) */
5140 break;
5141 case NEON_3R_FLOAT_CMP:
5142 if (!u && size) {
5143 /* no encoding for U=0 C=1x */
5144 return 1;
5145 }
5146 break;
5147 case NEON_3R_FLOAT_ACMP:
5148 if (!u) {
5149 return 1;
5150 }
5151 break;
5152 case NEON_3R_FLOAT_MISC:
5153 /* VMAXNM/VMINNM in ARMv8 */
5154 if (u && !arm_dc_feature(s, ARM_FEATURE_V8)) {
5155 return 1;
5156 }
5157 break;
5158 case NEON_3R_VFM_VQRDMLSH:
5159 if (!arm_dc_feature(s, ARM_FEATURE_VFP4)) {
5160 return 1;
5161 }
5162 break;
5163 default:
5164 break;
5165 }
5166
5167 if (pairwise && q) {
5168 /* All the pairwise insns UNDEF if Q is set */
5169 return 1;
5170 }
5171
5172 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5173
5174 if (pairwise) {
5175 /* Pairwise. */
5176 if (pass < 1) {
5177 tmp = neon_load_reg(rn, 0);
5178 tmp2 = neon_load_reg(rn, 1);
5179 } else {
5180 tmp = neon_load_reg(rm, 0);
5181 tmp2 = neon_load_reg(rm, 1);
5182 }
5183 } else {
5184 /* Elementwise. */
5185 tmp = neon_load_reg(rn, pass);
5186 tmp2 = neon_load_reg(rm, pass);
5187 }
5188 switch (op) {
5189 case NEON_3R_VHADD:
5190 GEN_NEON_INTEGER_OP(hadd);
5191 break;
5192 case NEON_3R_VRHADD:
5193 GEN_NEON_INTEGER_OP(rhadd);
5194 break;
5195 case NEON_3R_VHSUB:
5196 GEN_NEON_INTEGER_OP(hsub);
5197 break;
5198 case NEON_3R_VSHL:
5199 GEN_NEON_INTEGER_OP(shl);
5200 break;
5201 case NEON_3R_VQSHL:
5202 GEN_NEON_INTEGER_OP_ENV(qshl);
5203 break;
5204 case NEON_3R_VRSHL:
5205 GEN_NEON_INTEGER_OP(rshl);
5206 break;
5207 case NEON_3R_VQRSHL:
5208 GEN_NEON_INTEGER_OP_ENV(qrshl);
5209 break;
5210 case NEON_3R_VABD:
5211 GEN_NEON_INTEGER_OP(abd);
5212 break;
5213 case NEON_3R_VABA:
5214 GEN_NEON_INTEGER_OP(abd);
5215 tcg_temp_free_i32(tmp2);
5216 tmp2 = neon_load_reg(rd, pass);
5217 gen_neon_add(size, tmp, tmp2);
5218 break;
5219 case NEON_3R_VMUL:
5220 /* VMUL.P8; other cases already eliminated. */
5221 gen_helper_neon_mul_p8(tmp, tmp, tmp2);
5222 break;
5223 case NEON_3R_VPMAX:
5224 GEN_NEON_INTEGER_OP(pmax);
5225 break;
5226 case NEON_3R_VPMIN:
5227 GEN_NEON_INTEGER_OP(pmin);
5228 break;
5229 case NEON_3R_VQDMULH_VQRDMULH: /* Multiply high. */
5230 if (!u) { /* VQDMULH */
5231 switch (size) {
5232 case 1:
5233 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
5234 break;
5235 case 2:
5236 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
5237 break;
5238 default: abort();
5239 }
5240 } else { /* VQRDMULH */
5241 switch (size) {
5242 case 1:
5243 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
5244 break;
5245 case 2:
5246 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
5247 break;
5248 default: abort();
5249 }
5250 }
5251 break;
5252 case NEON_3R_VPADD_VQRDMLAH:
5253 switch (size) {
5254 case 0: gen_helper_neon_padd_u8(tmp, tmp, tmp2); break;
5255 case 1: gen_helper_neon_padd_u16(tmp, tmp, tmp2); break;
5256 case 2: tcg_gen_add_i32(tmp, tmp, tmp2); break;
5257 default: abort();
5258 }
5259 break;
5260 case NEON_3R_FLOAT_ARITH: /* Floating point arithmetic. */
5261 {
5262 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5263 switch ((u << 2) | size) {
5264 case 0: /* VADD */
5265 case 4: /* VPADD */
5266 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
5267 break;
5268 case 2: /* VSUB */
5269 gen_helper_vfp_subs(tmp, tmp, tmp2, fpstatus);
5270 break;
5271 case 6: /* VABD */
5272 gen_helper_neon_abd_f32(tmp, tmp, tmp2, fpstatus);
5273 break;
5274 default:
5275 abort();
5276 }
5277 tcg_temp_free_ptr(fpstatus);
5278 break;
5279 }
5280 case NEON_3R_FLOAT_MULTIPLY:
5281 {
5282 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5283 gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
5284 if (!u) {
5285 tcg_temp_free_i32(tmp2);
5286 tmp2 = neon_load_reg(rd, pass);
5287 if (size == 0) {
5288 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
5289 } else {
5290 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
5291 }
5292 }
5293 tcg_temp_free_ptr(fpstatus);
5294 break;
5295 }
5296 case NEON_3R_FLOAT_CMP:
5297 {
5298 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5299 if (!u) {
5300 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
5301 } else {
5302 if (size == 0) {
5303 gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
5304 } else {
5305 gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
5306 }
5307 }
5308 tcg_temp_free_ptr(fpstatus);
5309 break;
5310 }
5311 case NEON_3R_FLOAT_ACMP:
5312 {
5313 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5314 if (size == 0) {
5315 gen_helper_neon_acge_f32(tmp, tmp, tmp2, fpstatus);
5316 } else {
5317 gen_helper_neon_acgt_f32(tmp, tmp, tmp2, fpstatus);
5318 }
5319 tcg_temp_free_ptr(fpstatus);
5320 break;
5321 }
5322 case NEON_3R_FLOAT_MINMAX:
5323 {
5324 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5325 if (size == 0) {
5326 gen_helper_vfp_maxs(tmp, tmp, tmp2, fpstatus);
5327 } else {
5328 gen_helper_vfp_mins(tmp, tmp, tmp2, fpstatus);
5329 }
5330 tcg_temp_free_ptr(fpstatus);
5331 break;
5332 }
5333 case NEON_3R_FLOAT_MISC:
5334 if (u) {
5335 /* VMAXNM/VMINNM */
5336 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5337 if (size == 0) {
5338 gen_helper_vfp_maxnums(tmp, tmp, tmp2, fpstatus);
5339 } else {
5340 gen_helper_vfp_minnums(tmp, tmp, tmp2, fpstatus);
5341 }
5342 tcg_temp_free_ptr(fpstatus);
5343 } else {
5344 if (size == 0) {
5345 gen_helper_recps_f32(tmp, tmp, tmp2, cpu_env);
5346 } else {
5347 gen_helper_rsqrts_f32(tmp, tmp, tmp2, cpu_env);
5348 }
5349 }
5350 break;
5351 case NEON_3R_VFM_VQRDMLSH:
5352 {
5353 /* VFMA, VFMS: fused multiply-add */
5354 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5355 TCGv_i32 tmp3 = neon_load_reg(rd, pass);
5356 if (size) {
5357 /* VFMS */
5358 gen_helper_vfp_negs(tmp, tmp);
5359 }
5360 gen_helper_vfp_muladds(tmp, tmp, tmp2, tmp3, fpstatus);
5361 tcg_temp_free_i32(tmp3);
5362 tcg_temp_free_ptr(fpstatus);
5363 break;
5364 }
5365 default:
5366 abort();
5367 }
5368 tcg_temp_free_i32(tmp2);
5369
5370 /* Save the result. For elementwise operations we can put it
5371 straight into the destination register. For pairwise operations
5372 we have to be careful to avoid clobbering the source operands. */
5373 if (pairwise && rd == rm) {
5374 neon_store_scratch(pass, tmp);
5375 } else {
5376 neon_store_reg(rd, pass, tmp);
5377 }
5378
5379 } /* for pass */
5380 if (pairwise && rd == rm) {
5381 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5382 tmp = neon_load_scratch(pass);
5383 neon_store_reg(rd, pass, tmp);
5384 }
5385 }
5386 /* End of 3 register same size operations. */
5387 } else if (insn & (1 << 4)) {
5388 if ((insn & 0x00380080) != 0) {
5389 /* Two registers and shift. */
5390 op = (insn >> 8) & 0xf;
5391 if (insn & (1 << 7)) {
5392 /* 64-bit shift. */
5393 if (op > 7) {
5394 return 1;
5395 }
5396 size = 3;
5397 } else {
5398 size = 2;
5399 while ((insn & (1 << (size + 19))) == 0)
5400 size--;
5401 }
5402 shift = (insn >> 16) & ((1 << (3 + size)) - 1);
5403 if (op < 8) {
5404 /* Shift by immediate:
5405 VSHR, VSRA, VRSHR, VRSRA, VSRI, VSHL, VQSHL, VQSHLU. */
5406 if (q && ((rd | rm) & 1)) {
5407 return 1;
5408 }
5409 if (!u && (op == 4 || op == 6)) {
5410 return 1;
5411 }
5412 /* Right shifts are encoded as N - shift, where N is the
5413 element size in bits. */
5414 if (op <= 4) {
5415 shift = shift - (1 << (size + 3));
5416 }
5417
5418 switch (op) {
5419 case 0: /* VSHR */
5420 /* Right shift comes here negative. */
5421 shift = -shift;
5422 /* Shifts larger than the element size are architecturally
5423 * valid. Unsigned results in all zeros; signed results
5424 * in all sign bits.
5425 */
5426 if (!u) {
5427 tcg_gen_gvec_sari(size, rd_ofs, rm_ofs,
5428 MIN(shift, (8 << size) - 1),
5429 vec_size, vec_size);
5430 } else if (shift >= 8 << size) {
5431 tcg_gen_gvec_dup8i(rd_ofs, vec_size, vec_size, 0);
5432 } else {
5433 tcg_gen_gvec_shri(size, rd_ofs, rm_ofs, shift,
5434 vec_size, vec_size);
5435 }
5436 return 0;
5437
5438 case 1: /* VSRA */
5439 /* Right shift comes here negative. */
5440 shift = -shift;
5441 /* Shifts larger than the element size are architecturally
5442 * valid. Unsigned results in all zeros; signed results
5443 * in all sign bits.
5444 */
5445 if (!u) {
5446 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5447 MIN(shift, (8 << size) - 1),
5448 &ssra_op[size]);
5449 } else if (shift >= 8 << size) {
5450 /* rd += 0 */
5451 } else {
5452 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5453 shift, &usra_op[size]);
5454 }
5455 return 0;
5456
5457 case 4: /* VSRI */
5458 if (!u) {
5459 return 1;
5460 }
5461 /* Right shift comes here negative. */
5462 shift = -shift;
5463 /* Shift out of range leaves destination unchanged. */
5464 if (shift < 8 << size) {
5465 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size, vec_size,
5466 shift, &sri_op[size]);
5467 }
5468 return 0;
5469
5470 case 5: /* VSHL, VSLI */
5471 if (u) { /* VSLI */
5472 /* Shift out of range leaves destination unchanged. */
5473 if (shift < 8 << size) {
5474 tcg_gen_gvec_2i(rd_ofs, rm_ofs, vec_size,
5475 vec_size, shift, &sli_op[size]);
5476 }
5477 } else { /* VSHL */
5478 /* Shifts larger than the element size are
5479 * architecturally valid and results in zero.
5480 */
5481 if (shift >= 8 << size) {
5482 tcg_gen_gvec_dup8i(rd_ofs, vec_size, vec_size, 0);
5483 } else {
5484 tcg_gen_gvec_shli(size, rd_ofs, rm_ofs, shift,
5485 vec_size, vec_size);
5486 }
5487 }
5488 return 0;
5489 }
5490
5491 if (size == 3) {
5492 count = q + 1;
5493 } else {
5494 count = q ? 4: 2;
5495 }
5496
5497 /* To avoid excessive duplication of ops we implement shift
5498 * by immediate using the variable shift operations.
5499 */
5500 imm = dup_const(size, shift);
5501
5502 for (pass = 0; pass < count; pass++) {
5503 if (size == 3) {
5504 neon_load_reg64(cpu_V0, rm + pass);
5505 tcg_gen_movi_i64(cpu_V1, imm);
5506 switch (op) {
5507 case 2: /* VRSHR */
5508 case 3: /* VRSRA */
5509 if (u)
5510 gen_helper_neon_rshl_u64(cpu_V0, cpu_V0, cpu_V1);
5511 else
5512 gen_helper_neon_rshl_s64(cpu_V0, cpu_V0, cpu_V1);
5513 break;
5514 case 6: /* VQSHLU */
5515 gen_helper_neon_qshlu_s64(cpu_V0, cpu_env,
5516 cpu_V0, cpu_V1);
5517 break;
5518 case 7: /* VQSHL */
5519 if (u) {
5520 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5521 cpu_V0, cpu_V1);
5522 } else {
5523 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5524 cpu_V0, cpu_V1);
5525 }
5526 break;
5527 default:
5528 g_assert_not_reached();
5529 }
5530 if (op == 3) {
5531 /* Accumulate. */
5532 neon_load_reg64(cpu_V1, rd + pass);
5533 tcg_gen_add_i64(cpu_V0, cpu_V0, cpu_V1);
5534 }
5535 neon_store_reg64(cpu_V0, rd + pass);
5536 } else { /* size < 3 */
5537 /* Operands in T0 and T1. */
5538 tmp = neon_load_reg(rm, pass);
5539 tmp2 = tcg_temp_new_i32();
5540 tcg_gen_movi_i32(tmp2, imm);
5541 switch (op) {
5542 case 2: /* VRSHR */
5543 case 3: /* VRSRA */
5544 GEN_NEON_INTEGER_OP(rshl);
5545 break;
5546 case 6: /* VQSHLU */
5547 switch (size) {
5548 case 0:
5549 gen_helper_neon_qshlu_s8(tmp, cpu_env,
5550 tmp, tmp2);
5551 break;
5552 case 1:
5553 gen_helper_neon_qshlu_s16(tmp, cpu_env,
5554 tmp, tmp2);
5555 break;
5556 case 2:
5557 gen_helper_neon_qshlu_s32(tmp, cpu_env,
5558 tmp, tmp2);
5559 break;
5560 default:
5561 abort();
5562 }
5563 break;
5564 case 7: /* VQSHL */
5565 GEN_NEON_INTEGER_OP_ENV(qshl);
5566 break;
5567 default:
5568 g_assert_not_reached();
5569 }
5570 tcg_temp_free_i32(tmp2);
5571
5572 if (op == 3) {
5573 /* Accumulate. */
5574 tmp2 = neon_load_reg(rd, pass);
5575 gen_neon_add(size, tmp, tmp2);
5576 tcg_temp_free_i32(tmp2);
5577 }
5578 neon_store_reg(rd, pass, tmp);
5579 }
5580 } /* for pass */
5581 } else if (op < 10) {
5582 /* Shift by immediate and narrow:
5583 VSHRN, VRSHRN, VQSHRN, VQRSHRN. */
5584 int input_unsigned = (op == 8) ? !u : u;
5585 if (rm & 1) {
5586 return 1;
5587 }
5588 shift = shift - (1 << (size + 3));
5589 size++;
5590 if (size == 3) {
5591 tmp64 = tcg_const_i64(shift);
5592 neon_load_reg64(cpu_V0, rm);
5593 neon_load_reg64(cpu_V1, rm + 1);
5594 for (pass = 0; pass < 2; pass++) {
5595 TCGv_i64 in;
5596 if (pass == 0) {
5597 in = cpu_V0;
5598 } else {
5599 in = cpu_V1;
5600 }
5601 if (q) {
5602 if (input_unsigned) {
5603 gen_helper_neon_rshl_u64(cpu_V0, in, tmp64);
5604 } else {
5605 gen_helper_neon_rshl_s64(cpu_V0, in, tmp64);
5606 }
5607 } else {
5608 if (input_unsigned) {
5609 gen_helper_neon_shl_u64(cpu_V0, in, tmp64);
5610 } else {
5611 gen_helper_neon_shl_s64(cpu_V0, in, tmp64);
5612 }
5613 }
5614 tmp = tcg_temp_new_i32();
5615 gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
5616 neon_store_reg(rd, pass, tmp);
5617 } /* for pass */
5618 tcg_temp_free_i64(tmp64);
5619 } else {
5620 if (size == 1) {
5621 imm = (uint16_t)shift;
5622 imm |= imm << 16;
5623 } else {
5624 /* size == 2 */
5625 imm = (uint32_t)shift;
5626 }
5627 tmp2 = tcg_const_i32(imm);
5628 tmp4 = neon_load_reg(rm + 1, 0);
5629 tmp5 = neon_load_reg(rm + 1, 1);
5630 for (pass = 0; pass < 2; pass++) {
5631 if (pass == 0) {
5632 tmp = neon_load_reg(rm, 0);
5633 } else {
5634 tmp = tmp4;
5635 }
5636 gen_neon_shift_narrow(size, tmp, tmp2, q,
5637 input_unsigned);
5638 if (pass == 0) {
5639 tmp3 = neon_load_reg(rm, 1);
5640 } else {
5641 tmp3 = tmp5;
5642 }
5643 gen_neon_shift_narrow(size, tmp3, tmp2, q,
5644 input_unsigned);
5645 tcg_gen_concat_i32_i64(cpu_V0, tmp, tmp3);
5646 tcg_temp_free_i32(tmp);
5647 tcg_temp_free_i32(tmp3);
5648 tmp = tcg_temp_new_i32();
5649 gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
5650 neon_store_reg(rd, pass, tmp);
5651 } /* for pass */
5652 tcg_temp_free_i32(tmp2);
5653 }
5654 } else if (op == 10) {
5655 /* VSHLL, VMOVL */
5656 if (q || (rd & 1)) {
5657 return 1;
5658 }
5659 tmp = neon_load_reg(rm, 0);
5660 tmp2 = neon_load_reg(rm, 1);
5661 for (pass = 0; pass < 2; pass++) {
5662 if (pass == 1)
5663 tmp = tmp2;
5664
5665 gen_neon_widen(cpu_V0, tmp, size, u);
5666
5667 if (shift != 0) {
5668 /* The shift is less than the width of the source
5669 type, so we can just shift the whole register. */
5670 tcg_gen_shli_i64(cpu_V0, cpu_V0, shift);
5671 /* Widen the result of shift: we need to clear
5672 * the potential overflow bits resulting from
5673 * left bits of the narrow input appearing as
5674 * right bits of left the neighbour narrow
5675 * input. */
5676 if (size < 2 || !u) {
5677 uint64_t imm64;
5678 if (size == 0) {
5679 imm = (0xffu >> (8 - shift));
5680 imm |= imm << 16;
5681 } else if (size == 1) {
5682 imm = 0xffff >> (16 - shift);
5683 } else {
5684 /* size == 2 */
5685 imm = 0xffffffff >> (32 - shift);
5686 }
5687 if (size < 2) {
5688 imm64 = imm | (((uint64_t)imm) << 32);
5689 } else {
5690 imm64 = imm;
5691 }
5692 tcg_gen_andi_i64(cpu_V0, cpu_V0, ~imm64);
5693 }
5694 }
5695 neon_store_reg64(cpu_V0, rd + pass);
5696 }
5697 } else if (op >= 14) {
5698 /* VCVT fixed-point. */
5699 TCGv_ptr fpst;
5700 TCGv_i32 shiftv;
5701 VFPGenFixPointFn *fn;
5702
5703 if (!(insn & (1 << 21)) || (q && ((rd | rm) & 1))) {
5704 return 1;
5705 }
5706
5707 if (!(op & 1)) {
5708 if (u) {
5709 fn = gen_helper_vfp_ultos;
5710 } else {
5711 fn = gen_helper_vfp_sltos;
5712 }
5713 } else {
5714 if (u) {
5715 fn = gen_helper_vfp_touls_round_to_zero;
5716 } else {
5717 fn = gen_helper_vfp_tosls_round_to_zero;
5718 }
5719 }
5720
5721 /* We have already masked out the must-be-1 top bit of imm6,
5722 * hence this 32-shift where the ARM ARM has 64-imm6.
5723 */
5724 shift = 32 - shift;
5725 fpst = get_fpstatus_ptr(1);
5726 shiftv = tcg_const_i32(shift);
5727 for (pass = 0; pass < (q ? 4 : 2); pass++) {
5728 TCGv_i32 tmpf = neon_load_reg(rm, pass);
5729 fn(tmpf, tmpf, shiftv, fpst);
5730 neon_store_reg(rd, pass, tmpf);
5731 }
5732 tcg_temp_free_ptr(fpst);
5733 tcg_temp_free_i32(shiftv);
5734 } else {
5735 return 1;
5736 }
5737 } else { /* (insn & 0x00380080) == 0 */
5738 int invert, reg_ofs, vec_size;
5739
5740 if (q && (rd & 1)) {
5741 return 1;
5742 }
5743
5744 op = (insn >> 8) & 0xf;
5745 /* One register and immediate. */
5746 imm = (u << 7) | ((insn >> 12) & 0x70) | (insn & 0xf);
5747 invert = (insn & (1 << 5)) != 0;
5748 /* Note that op = 2,3,4,5,6,7,10,11,12,13 imm=0 is UNPREDICTABLE.
5749 * We choose to not special-case this and will behave as if a
5750 * valid constant encoding of 0 had been given.
5751 */
5752 switch (op) {
5753 case 0: case 1:
5754 /* no-op */
5755 break;
5756 case 2: case 3:
5757 imm <<= 8;
5758 break;
5759 case 4: case 5:
5760 imm <<= 16;
5761 break;
5762 case 6: case 7:
5763 imm <<= 24;
5764 break;
5765 case 8: case 9:
5766 imm |= imm << 16;
5767 break;
5768 case 10: case 11:
5769 imm = (imm << 8) | (imm << 24);
5770 break;
5771 case 12:
5772 imm = (imm << 8) | 0xff;
5773 break;
5774 case 13:
5775 imm = (imm << 16) | 0xffff;
5776 break;
5777 case 14:
5778 imm |= (imm << 8) | (imm << 16) | (imm << 24);
5779 if (invert) {
5780 imm = ~imm;
5781 }
5782 break;
5783 case 15:
5784 if (invert) {
5785 return 1;
5786 }
5787 imm = ((imm & 0x80) << 24) | ((imm & 0x3f) << 19)
5788 | ((imm & 0x40) ? (0x1f << 25) : (1 << 30));
5789 break;
5790 }
5791 if (invert) {
5792 imm = ~imm;
5793 }
5794
5795 reg_ofs = neon_reg_offset(rd, 0);
5796 vec_size = q ? 16 : 8;
5797
5798 if (op & 1 && op < 12) {
5799 if (invert) {
5800 /* The immediate value has already been inverted,
5801 * so BIC becomes AND.
5802 */
5803 tcg_gen_gvec_andi(MO_32, reg_ofs, reg_ofs, imm,
5804 vec_size, vec_size);
5805 } else {
5806 tcg_gen_gvec_ori(MO_32, reg_ofs, reg_ofs, imm,
5807 vec_size, vec_size);
5808 }
5809 } else {
5810 /* VMOV, VMVN. */
5811 if (op == 14 && invert) {
5812 TCGv_i64 t64 = tcg_temp_new_i64();
5813
5814 for (pass = 0; pass <= q; ++pass) {
5815 uint64_t val = 0;
5816 int n;
5817
5818 for (n = 0; n < 8; n++) {
5819 if (imm & (1 << (n + pass * 8))) {
5820 val |= 0xffull << (n * 8);
5821 }
5822 }
5823 tcg_gen_movi_i64(t64, val);
5824 neon_store_reg64(t64, rd + pass);
5825 }
5826 tcg_temp_free_i64(t64);
5827 } else {
5828 tcg_gen_gvec_dup32i(reg_ofs, vec_size, vec_size, imm);
5829 }
5830 }
5831 }
5832 } else { /* (insn & 0x00800010 == 0x00800000) */
5833 if (size != 3) {
5834 op = (insn >> 8) & 0xf;
5835 if ((insn & (1 << 6)) == 0) {
5836 /* Three registers of different lengths. */
5837 int src1_wide;
5838 int src2_wide;
5839 int prewiden;
5840 /* undefreq: bit 0 : UNDEF if size == 0
5841 * bit 1 : UNDEF if size == 1
5842 * bit 2 : UNDEF if size == 2
5843 * bit 3 : UNDEF if U == 1
5844 * Note that [2:0] set implies 'always UNDEF'
5845 */
5846 int undefreq;
5847 /* prewiden, src1_wide, src2_wide, undefreq */
5848 static const int neon_3reg_wide[16][4] = {
5849 {1, 0, 0, 0}, /* VADDL */
5850 {1, 1, 0, 0}, /* VADDW */
5851 {1, 0, 0, 0}, /* VSUBL */
5852 {1, 1, 0, 0}, /* VSUBW */
5853 {0, 1, 1, 0}, /* VADDHN */
5854 {0, 0, 0, 0}, /* VABAL */
5855 {0, 1, 1, 0}, /* VSUBHN */
5856 {0, 0, 0, 0}, /* VABDL */
5857 {0, 0, 0, 0}, /* VMLAL */
5858 {0, 0, 0, 9}, /* VQDMLAL */
5859 {0, 0, 0, 0}, /* VMLSL */
5860 {0, 0, 0, 9}, /* VQDMLSL */
5861 {0, 0, 0, 0}, /* Integer VMULL */
5862 {0, 0, 0, 1}, /* VQDMULL */
5863 {0, 0, 0, 0xa}, /* Polynomial VMULL */
5864 {0, 0, 0, 7}, /* Reserved: always UNDEF */
5865 };
5866
5867 prewiden = neon_3reg_wide[op][0];
5868 src1_wide = neon_3reg_wide[op][1];
5869 src2_wide = neon_3reg_wide[op][2];
5870 undefreq = neon_3reg_wide[op][3];
5871
5872 if ((undefreq & (1 << size)) ||
5873 ((undefreq & 8) && u)) {
5874 return 1;
5875 }
5876 if ((src1_wide && (rn & 1)) ||
5877 (src2_wide && (rm & 1)) ||
5878 (!src2_wide && (rd & 1))) {
5879 return 1;
5880 }
5881
5882 /* Handle VMULL.P64 (Polynomial 64x64 to 128 bit multiply)
5883 * outside the loop below as it only performs a single pass.
5884 */
5885 if (op == 14 && size == 2) {
5886 TCGv_i64 tcg_rn, tcg_rm, tcg_rd;
5887
5888 if (!dc_isar_feature(aa32_pmull, s)) {
5889 return 1;
5890 }
5891 tcg_rn = tcg_temp_new_i64();
5892 tcg_rm = tcg_temp_new_i64();
5893 tcg_rd = tcg_temp_new_i64();
5894 neon_load_reg64(tcg_rn, rn);
5895 neon_load_reg64(tcg_rm, rm);
5896 gen_helper_neon_pmull_64_lo(tcg_rd, tcg_rn, tcg_rm);
5897 neon_store_reg64(tcg_rd, rd);
5898 gen_helper_neon_pmull_64_hi(tcg_rd, tcg_rn, tcg_rm);
5899 neon_store_reg64(tcg_rd, rd + 1);
5900 tcg_temp_free_i64(tcg_rn);
5901 tcg_temp_free_i64(tcg_rm);
5902 tcg_temp_free_i64(tcg_rd);
5903 return 0;
5904 }
5905
5906 /* Avoid overlapping operands. Wide source operands are
5907 always aligned so will never overlap with wide
5908 destinations in problematic ways. */
5909 if (rd == rm && !src2_wide) {
5910 tmp = neon_load_reg(rm, 1);
5911 neon_store_scratch(2, tmp);
5912 } else if (rd == rn && !src1_wide) {
5913 tmp = neon_load_reg(rn, 1);
5914 neon_store_scratch(2, tmp);
5915 }
5916 tmp3 = NULL;
5917 for (pass = 0; pass < 2; pass++) {
5918 if (src1_wide) {
5919 neon_load_reg64(cpu_V0, rn + pass);
5920 tmp = NULL;
5921 } else {
5922 if (pass == 1 && rd == rn) {
5923 tmp = neon_load_scratch(2);
5924 } else {
5925 tmp = neon_load_reg(rn, pass);
5926 }
5927 if (prewiden) {
5928 gen_neon_widen(cpu_V0, tmp, size, u);
5929 }
5930 }
5931 if (src2_wide) {
5932 neon_load_reg64(cpu_V1, rm + pass);
5933 tmp2 = NULL;
5934 } else {
5935 if (pass == 1 && rd == rm) {
5936 tmp2 = neon_load_scratch(2);
5937 } else {
5938 tmp2 = neon_load_reg(rm, pass);
5939 }
5940 if (prewiden) {
5941 gen_neon_widen(cpu_V1, tmp2, size, u);
5942 }
5943 }
5944 switch (op) {
5945 case 0: case 1: case 4: /* VADDL, VADDW, VADDHN, VRADDHN */
5946 gen_neon_addl(size);
5947 break;
5948 case 2: case 3: case 6: /* VSUBL, VSUBW, VSUBHN, VRSUBHN */
5949 gen_neon_subl(size);
5950 break;
5951 case 5: case 7: /* VABAL, VABDL */
5952 switch ((size << 1) | u) {
5953 case 0:
5954 gen_helper_neon_abdl_s16(cpu_V0, tmp, tmp2);
5955 break;
5956 case 1:
5957 gen_helper_neon_abdl_u16(cpu_V0, tmp, tmp2);
5958 break;
5959 case 2:
5960 gen_helper_neon_abdl_s32(cpu_V0, tmp, tmp2);
5961 break;
5962 case 3:
5963 gen_helper_neon_abdl_u32(cpu_V0, tmp, tmp2);
5964 break;
5965 case 4:
5966 gen_helper_neon_abdl_s64(cpu_V0, tmp, tmp2);
5967 break;
5968 case 5:
5969 gen_helper_neon_abdl_u64(cpu_V0, tmp, tmp2);
5970 break;
5971 default: abort();
5972 }
5973 tcg_temp_free_i32(tmp2);
5974 tcg_temp_free_i32(tmp);
5975 break;
5976 case 8: case 9: case 10: case 11: case 12: case 13:
5977 /* VMLAL, VQDMLAL, VMLSL, VQDMLSL, VMULL, VQDMULL */
5978 gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
5979 break;
5980 case 14: /* Polynomial VMULL */
5981 gen_helper_neon_mull_p8(cpu_V0, tmp, tmp2);
5982 tcg_temp_free_i32(tmp2);
5983 tcg_temp_free_i32(tmp);
5984 break;
5985 default: /* 15 is RESERVED: caught earlier */
5986 abort();
5987 }
5988 if (op == 13) {
5989 /* VQDMULL */
5990 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
5991 neon_store_reg64(cpu_V0, rd + pass);
5992 } else if (op == 5 || (op >= 8 && op <= 11)) {
5993 /* Accumulate. */
5994 neon_load_reg64(cpu_V1, rd + pass);
5995 switch (op) {
5996 case 10: /* VMLSL */
5997 gen_neon_negl(cpu_V0, size);
5998 /* Fall through */
5999 case 5: case 8: /* VABAL, VMLAL */
6000 gen_neon_addl(size);
6001 break;
6002 case 9: case 11: /* VQDMLAL, VQDMLSL */
6003 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6004 if (op == 11) {
6005 gen_neon_negl(cpu_V0, size);
6006 }
6007 gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
6008 break;
6009 default:
6010 abort();
6011 }
6012 neon_store_reg64(cpu_V0, rd + pass);
6013 } else if (op == 4 || op == 6) {
6014 /* Narrowing operation. */
6015 tmp = tcg_temp_new_i32();
6016 if (!u) {
6017 switch (size) {
6018 case 0:
6019 gen_helper_neon_narrow_high_u8(tmp, cpu_V0);
6020 break;
6021 case 1:
6022 gen_helper_neon_narrow_high_u16(tmp, cpu_V0);
6023 break;
6024 case 2:
6025 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
6026 tcg_gen_extrl_i64_i32(tmp, cpu_V0);
6027 break;
6028 default: abort();
6029 }
6030 } else {
6031 switch (size) {
6032 case 0:
6033 gen_helper_neon_narrow_round_high_u8(tmp, cpu_V0);
6034 break;
6035 case 1:
6036 gen_helper_neon_narrow_round_high_u16(tmp, cpu_V0);
6037 break;
6038 case 2:
6039 tcg_gen_addi_i64(cpu_V0, cpu_V0, 1u << 31);
6040 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
6041 tcg_gen_extrl_i64_i32(tmp, cpu_V0);
6042 break;
6043 default: abort();
6044 }
6045 }
6046 if (pass == 0) {
6047 tmp3 = tmp;
6048 } else {
6049 neon_store_reg(rd, 0, tmp3);
6050 neon_store_reg(rd, 1, tmp);
6051 }
6052 } else {
6053 /* Write back the result. */
6054 neon_store_reg64(cpu_V0, rd + pass);
6055 }
6056 }
6057 } else {
6058 /* Two registers and a scalar. NB that for ops of this form
6059 * the ARM ARM labels bit 24 as Q, but it is in our variable
6060 * 'u', not 'q'.
6061 */
6062 if (size == 0) {
6063 return 1;
6064 }
6065 switch (op) {
6066 case 1: /* Float VMLA scalar */
6067 case 5: /* Floating point VMLS scalar */
6068 case 9: /* Floating point VMUL scalar */
6069 if (size == 1) {
6070 return 1;
6071 }
6072 /* fall through */
6073 case 0: /* Integer VMLA scalar */
6074 case 4: /* Integer VMLS scalar */
6075 case 8: /* Integer VMUL scalar */
6076 case 12: /* VQDMULH scalar */
6077 case 13: /* VQRDMULH scalar */
6078 if (u && ((rd | rn) & 1)) {
6079 return 1;
6080 }
6081 tmp = neon_get_scalar(size, rm);
6082 neon_store_scratch(0, tmp);
6083 for (pass = 0; pass < (u ? 4 : 2); pass++) {
6084 tmp = neon_load_scratch(0);
6085 tmp2 = neon_load_reg(rn, pass);
6086 if (op == 12) {
6087 if (size == 1) {
6088 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
6089 } else {
6090 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
6091 }
6092 } else if (op == 13) {
6093 if (size == 1) {
6094 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
6095 } else {
6096 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
6097 }
6098 } else if (op & 1) {
6099 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6100 gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
6101 tcg_temp_free_ptr(fpstatus);
6102 } else {
6103 switch (size) {
6104 case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
6105 case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
6106 case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
6107 default: abort();
6108 }
6109 }
6110 tcg_temp_free_i32(tmp2);
6111 if (op < 8) {
6112 /* Accumulate. */
6113 tmp2 = neon_load_reg(rd, pass);
6114 switch (op) {
6115 case 0:
6116 gen_neon_add(size, tmp, tmp2);
6117 break;
6118 case 1:
6119 {
6120 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6121 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
6122 tcg_temp_free_ptr(fpstatus);
6123 break;
6124 }
6125 case 4:
6126 gen_neon_rsb(size, tmp, tmp2);
6127 break;
6128 case 5:
6129 {
6130 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6131 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
6132 tcg_temp_free_ptr(fpstatus);
6133 break;
6134 }
6135 default:
6136 abort();
6137 }
6138 tcg_temp_free_i32(tmp2);
6139 }
6140 neon_store_reg(rd, pass, tmp);
6141 }
6142 break;
6143 case 3: /* VQDMLAL scalar */
6144 case 7: /* VQDMLSL scalar */
6145 case 11: /* VQDMULL scalar */
6146 if (u == 1) {
6147 return 1;
6148 }
6149 /* fall through */
6150 case 2: /* VMLAL sclar */
6151 case 6: /* VMLSL scalar */
6152 case 10: /* VMULL scalar */
6153 if (rd & 1) {
6154 return 1;
6155 }
6156 tmp2 = neon_get_scalar(size, rm);
6157 /* We need a copy of tmp2 because gen_neon_mull
6158 * deletes it during pass 0. */
6159 tmp4 = tcg_temp_new_i32();
6160 tcg_gen_mov_i32(tmp4, tmp2);
6161 tmp3 = neon_load_reg(rn, 1);
6162
6163 for (pass = 0; pass < 2; pass++) {
6164 if (pass == 0) {
6165 tmp = neon_load_reg(rn, 0);
6166 } else {
6167 tmp = tmp3;
6168 tmp2 = tmp4;
6169 }
6170 gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
6171 if (op != 11) {
6172 neon_load_reg64(cpu_V1, rd + pass);
6173 }
6174 switch (op) {
6175 case 6:
6176 gen_neon_negl(cpu_V0, size);
6177 /* Fall through */
6178 case 2:
6179 gen_neon_addl(size);
6180 break;
6181 case 3: case 7:
6182 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6183 if (op == 7) {
6184 gen_neon_negl(cpu_V0, size);
6185 }
6186 gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
6187 break;
6188 case 10:
6189 /* no-op */
6190 break;
6191 case 11:
6192 gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6193 break;
6194 default:
6195 abort();
6196 }
6197 neon_store_reg64(cpu_V0, rd + pass);
6198 }
6199 break;
6200 case 14: /* VQRDMLAH scalar */
6201 case 15: /* VQRDMLSH scalar */
6202 {
6203 NeonGenThreeOpEnvFn *fn;
6204
6205 if (!dc_isar_feature(aa32_rdm, s)) {
6206 return 1;
6207 }
6208 if (u && ((rd | rn) & 1)) {
6209 return 1;
6210 }
6211 if (op == 14) {
6212 if (size == 1) {
6213 fn = gen_helper_neon_qrdmlah_s16;
6214 } else {
6215 fn = gen_helper_neon_qrdmlah_s32;
6216 }
6217 } else {
6218 if (size == 1) {
6219 fn = gen_helper_neon_qrdmlsh_s16;
6220 } else {
6221 fn = gen_helper_neon_qrdmlsh_s32;
6222 }
6223 }
6224
6225 tmp2 = neon_get_scalar(size, rm);
6226 for (pass = 0; pass < (u ? 4 : 2); pass++) {
6227 tmp = neon_load_reg(rn, pass);
6228 tmp3 = neon_load_reg(rd, pass);
6229 fn(tmp, cpu_env, tmp, tmp2, tmp3);
6230 tcg_temp_free_i32(tmp3);
6231 neon_store_reg(rd, pass, tmp);
6232 }
6233 tcg_temp_free_i32(tmp2);
6234 }
6235 break;
6236 default:
6237 g_assert_not_reached();
6238 }
6239 }
6240 } else { /* size == 3 */
6241 if (!u) {
6242 /* Extract. */
6243 imm = (insn >> 8) & 0xf;
6244
6245 if (imm > 7 && !q)
6246 return 1;
6247
6248 if (q && ((rd | rn | rm) & 1)) {
6249 return 1;
6250 }
6251
6252 if (imm == 0) {
6253 neon_load_reg64(cpu_V0, rn);
6254 if (q) {
6255 neon_load_reg64(cpu_V1, rn + 1);
6256 }
6257 } else if (imm == 8) {
6258 neon_load_reg64(cpu_V0, rn + 1);
6259 if (q) {
6260 neon_load_reg64(cpu_V1, rm);
6261 }
6262 } else if (q) {
6263 tmp64 = tcg_temp_new_i64();
6264 if (imm < 8) {
6265 neon_load_reg64(cpu_V0, rn);
6266 neon_load_reg64(tmp64, rn + 1);
6267 } else {
6268 neon_load_reg64(cpu_V0, rn + 1);
6269 neon_load_reg64(tmp64, rm);
6270 }
6271 tcg_gen_shri_i64(cpu_V0, cpu_V0, (imm & 7) * 8);
6272 tcg_gen_shli_i64(cpu_V1, tmp64, 64 - ((imm & 7) * 8));
6273 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6274 if (imm < 8) {
6275 neon_load_reg64(cpu_V1, rm);
6276 } else {
6277 neon_load_reg64(cpu_V1, rm + 1);
6278 imm -= 8;
6279 }
6280 tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6281 tcg_gen_shri_i64(tmp64, tmp64, imm * 8);
6282 tcg_gen_or_i64(cpu_V1, cpu_V1, tmp64);
6283 tcg_temp_free_i64(tmp64);
6284 } else {
6285 /* BUGFIX */
6286 neon_load_reg64(cpu_V0, rn);
6287 tcg_gen_shri_i64(cpu_V0, cpu_V0, imm * 8);
6288 neon_load_reg64(cpu_V1, rm);
6289 tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6290 tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6291 }
6292 neon_store_reg64(cpu_V0, rd);
6293 if (q) {
6294 neon_store_reg64(cpu_V1, rd + 1);
6295 }
6296 } else if ((insn & (1 << 11)) == 0) {
6297 /* Two register misc. */
6298 op = ((insn >> 12) & 0x30) | ((insn >> 7) & 0xf);
6299 size = (insn >> 18) & 3;
6300 /* UNDEF for unknown op values and bad op-size combinations */
6301 if ((neon_2rm_sizes[op] & (1 << size)) == 0) {
6302 return 1;
6303 }
6304 if (neon_2rm_is_v8_op(op) &&
6305 !arm_dc_feature(s, ARM_FEATURE_V8)) {
6306 return 1;
6307 }
6308 if ((op != NEON_2RM_VMOVN && op != NEON_2RM_VQMOVN) &&
6309 q && ((rm | rd) & 1)) {
6310 return 1;
6311 }
6312 switch (op) {
6313 case NEON_2RM_VREV64:
6314 for (pass = 0; pass < (q ? 2 : 1); pass++) {
6315 tmp = neon_load_reg(rm, pass * 2);
6316 tmp2 = neon_load_reg(rm, pass * 2 + 1);
6317 switch (size) {
6318 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
6319 case 1: gen_swap_half(tmp); break;
6320 case 2: /* no-op */ break;
6321 default: abort();
6322 }
6323 neon_store_reg(rd, pass * 2 + 1, tmp);
6324 if (size == 2) {
6325 neon_store_reg(rd, pass * 2, tmp2);
6326 } else {
6327 switch (size) {
6328 case 0: tcg_gen_bswap32_i32(tmp2, tmp2); break;
6329 case 1: gen_swap_half(tmp2); break;
6330 default: abort();
6331 }
6332 neon_store_reg(rd, pass * 2, tmp2);
6333 }
6334 }
6335 break;
6336 case NEON_2RM_VPADDL: case NEON_2RM_VPADDL_U:
6337 case NEON_2RM_VPADAL: case NEON_2RM_VPADAL_U:
6338 for (pass = 0; pass < q + 1; pass++) {
6339 tmp = neon_load_reg(rm, pass * 2);
6340 gen_neon_widen(cpu_V0, tmp, size, op & 1);
6341 tmp = neon_load_reg(rm, pass * 2 + 1);
6342 gen_neon_widen(cpu_V1, tmp, size, op & 1);
6343 switch (size) {
6344 case 0: gen_helper_neon_paddl_u16(CPU_V001); break;
6345 case 1: gen_helper_neon_paddl_u32(CPU_V001); break;
6346 case 2: tcg_gen_add_i64(CPU_V001); break;
6347 default: abort();
6348 }
6349 if (op >= NEON_2RM_VPADAL) {
6350 /* Accumulate. */
6351 neon_load_reg64(cpu_V1, rd + pass);
6352 gen_neon_addl(size);
6353 }
6354 neon_store_reg64(cpu_V0, rd + pass);
6355 }
6356 break;
6357 case NEON_2RM_VTRN:
6358 if (size == 2) {
6359 int n;
6360 for (n = 0; n < (q ? 4 : 2); n += 2) {
6361 tmp = neon_load_reg(rm, n);
6362 tmp2 = neon_load_reg(rd, n + 1);
6363 neon_store_reg(rm, n, tmp2);
6364 neon_store_reg(rd, n + 1, tmp);
6365 }
6366 } else {
6367 goto elementwise;
6368 }
6369 break;
6370 case NEON_2RM_VUZP:
6371 if (gen_neon_unzip(rd, rm, size, q)) {
6372 return 1;
6373 }
6374 break;
6375 case NEON_2RM_VZIP:
6376 if (gen_neon_zip(rd, rm, size, q)) {
6377 return 1;
6378 }
6379 break;
6380 case NEON_2RM_VMOVN: case NEON_2RM_VQMOVN:
6381 /* also VQMOVUN; op field and mnemonics don't line up */
6382 if (rm & 1) {
6383 return 1;
6384 }
6385 tmp2 = NULL;
6386 for (pass = 0; pass < 2; pass++) {
6387 neon_load_reg64(cpu_V0, rm + pass);
6388 tmp = tcg_temp_new_i32();
6389 gen_neon_narrow_op(op == NEON_2RM_VMOVN, q, size,
6390 tmp, cpu_V0);
6391 if (pass == 0) {
6392 tmp2 = tmp;
6393 } else {
6394 neon_store_reg(rd, 0, tmp2);
6395 neon_store_reg(rd, 1, tmp);
6396 }
6397 }
6398 break;
6399 case NEON_2RM_VSHLL:
6400 if (q || (rd & 1)) {
6401 return 1;
6402 }
6403 tmp = neon_load_reg(rm, 0);
6404 tmp2 = neon_load_reg(rm, 1);
6405 for (pass = 0; pass < 2; pass++) {
6406 if (pass == 1)
6407 tmp = tmp2;
6408 gen_neon_widen(cpu_V0, tmp, size, 1);
6409 tcg_gen_shli_i64(cpu_V0, cpu_V0, 8 << size);
6410 neon_store_reg64(cpu_V0, rd + pass);
6411 }
6412 break;
6413 case NEON_2RM_VCVT_F16_F32:
6414 {
6415 TCGv_ptr fpst;
6416 TCGv_i32 ahp;
6417
6418 if (!dc_isar_feature(aa32_fp16_spconv, s) ||
6419 q || (rm & 1)) {
6420 return 1;
6421 }
6422 fpst = get_fpstatus_ptr(true);
6423 ahp = get_ahp_flag();
6424 tmp = neon_load_reg(rm, 0);
6425 gen_helper_vfp_fcvt_f32_to_f16(tmp, tmp, fpst, ahp);
6426 tmp2 = neon_load_reg(rm, 1);
6427 gen_helper_vfp_fcvt_f32_to_f16(tmp2, tmp2, fpst, ahp);
6428 tcg_gen_shli_i32(tmp2, tmp2, 16);
6429 tcg_gen_or_i32(tmp2, tmp2, tmp);
6430 tcg_temp_free_i32(tmp);
6431 tmp = neon_load_reg(rm, 2);
6432 gen_helper_vfp_fcvt_f32_to_f16(tmp, tmp, fpst, ahp);
6433 tmp3 = neon_load_reg(rm, 3);
6434 neon_store_reg(rd, 0, tmp2);
6435 gen_helper_vfp_fcvt_f32_to_f16(tmp3, tmp3, fpst, ahp);
6436 tcg_gen_shli_i32(tmp3, tmp3, 16);
6437 tcg_gen_or_i32(tmp3, tmp3, tmp);
6438 neon_store_reg(rd, 1, tmp3);
6439 tcg_temp_free_i32(tmp);
6440 tcg_temp_free_i32(ahp);
6441 tcg_temp_free_ptr(fpst);
6442 break;
6443 }
6444 case NEON_2RM_VCVT_F32_F16:
6445 {
6446 TCGv_ptr fpst;
6447 TCGv_i32 ahp;
6448 if (!dc_isar_feature(aa32_fp16_spconv, s) ||
6449 q || (rd & 1)) {
6450 return 1;
6451 }
6452 fpst = get_fpstatus_ptr(true);
6453 ahp = get_ahp_flag();
6454 tmp3 = tcg_temp_new_i32();
6455 tmp = neon_load_reg(rm, 0);
6456 tmp2 = neon_load_reg(rm, 1);
6457 tcg_gen_ext16u_i32(tmp3, tmp);
6458 gen_helper_vfp_fcvt_f16_to_f32(tmp3, tmp3, fpst, ahp);
6459 neon_store_reg(rd, 0, tmp3);
6460 tcg_gen_shri_i32(tmp, tmp, 16);
6461 gen_helper_vfp_fcvt_f16_to_f32(tmp, tmp, fpst, ahp);
6462 neon_store_reg(rd, 1, tmp);
6463 tmp3 = tcg_temp_new_i32();
6464 tcg_gen_ext16u_i32(tmp3, tmp2);
6465 gen_helper_vfp_fcvt_f16_to_f32(tmp3, tmp3, fpst, ahp);
6466 neon_store_reg(rd, 2, tmp3);
6467 tcg_gen_shri_i32(tmp2, tmp2, 16);
6468 gen_helper_vfp_fcvt_f16_to_f32(tmp2, tmp2, fpst, ahp);
6469 neon_store_reg(rd, 3, tmp2);
6470 tcg_temp_free_i32(ahp);
6471 tcg_temp_free_ptr(fpst);
6472 break;
6473 }
6474 case NEON_2RM_AESE: case NEON_2RM_AESMC:
6475 if (!dc_isar_feature(aa32_aes, s) || ((rm | rd) & 1)) {
6476 return 1;
6477 }
6478 ptr1 = vfp_reg_ptr(true, rd);
6479 ptr2 = vfp_reg_ptr(true, rm);
6480
6481 /* Bit 6 is the lowest opcode bit; it distinguishes between
6482 * encryption (AESE/AESMC) and decryption (AESD/AESIMC)
6483 */
6484 tmp3 = tcg_const_i32(extract32(insn, 6, 1));
6485
6486 if (op == NEON_2RM_AESE) {
6487 gen_helper_crypto_aese(ptr1, ptr2, tmp3);
6488 } else {
6489 gen_helper_crypto_aesmc(ptr1, ptr2, tmp3);
6490 }
6491 tcg_temp_free_ptr(ptr1);
6492 tcg_temp_free_ptr(ptr2);
6493 tcg_temp_free_i32(tmp3);
6494 break;
6495 case NEON_2RM_SHA1H:
6496 if (!dc_isar_feature(aa32_sha1, s) || ((rm | rd) & 1)) {
6497 return 1;
6498 }
6499 ptr1 = vfp_reg_ptr(true, rd);
6500 ptr2 = vfp_reg_ptr(true, rm);
6501
6502 gen_helper_crypto_sha1h(ptr1, ptr2);
6503
6504 tcg_temp_free_ptr(ptr1);
6505 tcg_temp_free_ptr(ptr2);
6506 break;
6507 case NEON_2RM_SHA1SU1:
6508 if ((rm | rd) & 1) {
6509 return 1;
6510 }
6511 /* bit 6 (q): set -> SHA256SU0, cleared -> SHA1SU1 */
6512 if (q) {
6513 if (!dc_isar_feature(aa32_sha2, s)) {
6514 return 1;
6515 }
6516 } else if (!dc_isar_feature(aa32_sha1, s)) {
6517 return 1;
6518 }
6519 ptr1 = vfp_reg_ptr(true, rd);
6520 ptr2 = vfp_reg_ptr(true, rm);
6521 if (q) {
6522 gen_helper_crypto_sha256su0(ptr1, ptr2);
6523 } else {
6524 gen_helper_crypto_sha1su1(ptr1, ptr2);
6525 }
6526 tcg_temp_free_ptr(ptr1);
6527 tcg_temp_free_ptr(ptr2);
6528 break;
6529
6530 case NEON_2RM_VMVN:
6531 tcg_gen_gvec_not(0, rd_ofs, rm_ofs, vec_size, vec_size);
6532 break;
6533 case NEON_2RM_VNEG:
6534 tcg_gen_gvec_neg(size, rd_ofs, rm_ofs, vec_size, vec_size);
6535 break;
6536 case NEON_2RM_VABS:
6537 tcg_gen_gvec_abs(size, rd_ofs, rm_ofs, vec_size, vec_size);
6538 break;
6539
6540 default:
6541 elementwise:
6542 for (pass = 0; pass < (q ? 4 : 2); pass++) {
6543 tmp = neon_load_reg(rm, pass);
6544 switch (op) {
6545 case NEON_2RM_VREV32:
6546 switch (size) {
6547 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
6548 case 1: gen_swap_half(tmp); break;
6549 default: abort();
6550 }
6551 break;
6552 case NEON_2RM_VREV16:
6553 gen_rev16(tmp);
6554 break;
6555 case NEON_2RM_VCLS:
6556 switch (size) {
6557 case 0: gen_helper_neon_cls_s8(tmp, tmp); break;
6558 case 1: gen_helper_neon_cls_s16(tmp, tmp); break;
6559 case 2: gen_helper_neon_cls_s32(tmp, tmp); break;
6560 default: abort();
6561 }
6562 break;
6563 case NEON_2RM_VCLZ:
6564 switch (size) {
6565 case 0: gen_helper_neon_clz_u8(tmp, tmp); break;
6566 case 1: gen_helper_neon_clz_u16(tmp, tmp); break;
6567 case 2: tcg_gen_clzi_i32(tmp, tmp, 32); break;
6568 default: abort();
6569 }
6570 break;
6571 case NEON_2RM_VCNT:
6572 gen_helper_neon_cnt_u8(tmp, tmp);
6573 break;
6574 case NEON_2RM_VQABS:
6575 switch (size) {
6576 case 0:
6577 gen_helper_neon_qabs_s8(tmp, cpu_env, tmp);
6578 break;
6579 case 1:
6580 gen_helper_neon_qabs_s16(tmp, cpu_env, tmp);
6581 break;
6582 case 2:
6583 gen_helper_neon_qabs_s32(tmp, cpu_env, tmp);
6584 break;
6585 default: abort();
6586 }
6587 break;
6588 case NEON_2RM_VQNEG:
6589 switch (size) {
6590 case 0:
6591 gen_helper_neon_qneg_s8(tmp, cpu_env, tmp);
6592 break;
6593 case 1:
6594 gen_helper_neon_qneg_s16(tmp, cpu_env, tmp);
6595 break;
6596 case 2:
6597 gen_helper_neon_qneg_s32(tmp, cpu_env, tmp);
6598 break;
6599 default: abort();
6600 }
6601 break;
6602 case NEON_2RM_VCGT0: case NEON_2RM_VCLE0:
6603 tmp2 = tcg_const_i32(0);
6604 switch(size) {
6605 case 0: gen_helper_neon_cgt_s8(tmp, tmp, tmp2); break;
6606 case 1: gen_helper_neon_cgt_s16(tmp, tmp, tmp2); break;
6607 case 2: gen_helper_neon_cgt_s32(tmp, tmp, tmp2); break;
6608 default: abort();
6609 }
6610 tcg_temp_free_i32(tmp2);
6611 if (op == NEON_2RM_VCLE0) {
6612 tcg_gen_not_i32(tmp, tmp);
6613 }
6614 break;
6615 case NEON_2RM_VCGE0: case NEON_2RM_VCLT0:
6616 tmp2 = tcg_const_i32(0);
6617 switch(size) {
6618 case 0: gen_helper_neon_cge_s8(tmp, tmp, tmp2); break;
6619 case 1: gen_helper_neon_cge_s16(tmp, tmp, tmp2); break;
6620 case 2: gen_helper_neon_cge_s32(tmp, tmp, tmp2); break;
6621 default: abort();
6622 }
6623 tcg_temp_free_i32(tmp2);
6624 if (op == NEON_2RM_VCLT0) {
6625 tcg_gen_not_i32(tmp, tmp);
6626 }
6627 break;
6628 case NEON_2RM_VCEQ0:
6629 tmp2 = tcg_const_i32(0);
6630 switch(size) {
6631 case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
6632 case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
6633 case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
6634 default: abort();
6635 }
6636 tcg_temp_free_i32(tmp2);
6637 break;
6638 case NEON_2RM_VCGT0_F:
6639 {
6640 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6641 tmp2 = tcg_const_i32(0);
6642 gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
6643 tcg_temp_free_i32(tmp2);
6644 tcg_temp_free_ptr(fpstatus);
6645 break;
6646 }
6647 case NEON_2RM_VCGE0_F:
6648 {
6649 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6650 tmp2 = tcg_const_i32(0);
6651 gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
6652 tcg_temp_free_i32(tmp2);
6653 tcg_temp_free_ptr(fpstatus);
6654 break;
6655 }
6656 case NEON_2RM_VCEQ0_F:
6657 {
6658 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6659 tmp2 = tcg_const_i32(0);
6660 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
6661 tcg_temp_free_i32(tmp2);
6662 tcg_temp_free_ptr(fpstatus);
6663 break;
6664 }
6665 case NEON_2RM_VCLE0_F:
6666 {
6667 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6668 tmp2 = tcg_const_i32(0);
6669 gen_helper_neon_cge_f32(tmp, tmp2, tmp, fpstatus);
6670 tcg_temp_free_i32(tmp2);
6671 tcg_temp_free_ptr(fpstatus);
6672 break;
6673 }
6674 case NEON_2RM_VCLT0_F:
6675 {
6676 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6677 tmp2 = tcg_const_i32(0);
6678 gen_helper_neon_cgt_f32(tmp, tmp2, tmp, fpstatus);
6679 tcg_temp_free_i32(tmp2);
6680 tcg_temp_free_ptr(fpstatus);
6681 break;
6682 }
6683 case NEON_2RM_VABS_F:
6684 gen_helper_vfp_abss(tmp, tmp);
6685 break;
6686 case NEON_2RM_VNEG_F:
6687 gen_helper_vfp_negs(tmp, tmp);
6688 break;
6689 case NEON_2RM_VSWP:
6690 tmp2 = neon_load_reg(rd, pass);
6691 neon_store_reg(rm, pass, tmp2);
6692 break;
6693 case NEON_2RM_VTRN:
6694 tmp2 = neon_load_reg(rd, pass);
6695 switch (size) {
6696 case 0: gen_neon_trn_u8(tmp, tmp2); break;
6697 case 1: gen_neon_trn_u16(tmp, tmp2); break;
6698 default: abort();
6699 }
6700 neon_store_reg(rm, pass, tmp2);
6701 break;
6702 case NEON_2RM_VRINTN:
6703 case NEON_2RM_VRINTA:
6704 case NEON_2RM_VRINTM:
6705 case NEON_2RM_VRINTP:
6706 case NEON_2RM_VRINTZ:
6707 {
6708 TCGv_i32 tcg_rmode;
6709 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6710 int rmode;
6711
6712 if (op == NEON_2RM_VRINTZ) {
6713 rmode = FPROUNDING_ZERO;
6714 } else {
6715 rmode = fp_decode_rm[((op & 0x6) >> 1) ^ 1];
6716 }
6717
6718 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
6719 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6720 cpu_env);
6721 gen_helper_rints(tmp, tmp, fpstatus);
6722 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6723 cpu_env);
6724 tcg_temp_free_ptr(fpstatus);
6725 tcg_temp_free_i32(tcg_rmode);
6726 break;
6727 }
6728 case NEON_2RM_VRINTX:
6729 {
6730 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6731 gen_helper_rints_exact(tmp, tmp, fpstatus);
6732 tcg_temp_free_ptr(fpstatus);
6733 break;
6734 }
6735 case NEON_2RM_VCVTAU:
6736 case NEON_2RM_VCVTAS:
6737 case NEON_2RM_VCVTNU:
6738 case NEON_2RM_VCVTNS:
6739 case NEON_2RM_VCVTPU:
6740 case NEON_2RM_VCVTPS:
6741 case NEON_2RM_VCVTMU:
6742 case NEON_2RM_VCVTMS:
6743 {
6744 bool is_signed = !extract32(insn, 7, 1);
6745 TCGv_ptr fpst = get_fpstatus_ptr(1);
6746 TCGv_i32 tcg_rmode, tcg_shift;
6747 int rmode = fp_decode_rm[extract32(insn, 8, 2)];
6748
6749 tcg_shift = tcg_const_i32(0);
6750 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
6751 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6752 cpu_env);
6753
6754 if (is_signed) {
6755 gen_helper_vfp_tosls(tmp, tmp,
6756 tcg_shift, fpst);
6757 } else {
6758 gen_helper_vfp_touls(tmp, tmp,
6759 tcg_shift, fpst);
6760 }
6761
6762 gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6763 cpu_env);
6764 tcg_temp_free_i32(tcg_rmode);
6765 tcg_temp_free_i32(tcg_shift);
6766 tcg_temp_free_ptr(fpst);
6767 break;
6768 }
6769 case NEON_2RM_VRECPE:
6770 {
6771 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6772 gen_helper_recpe_u32(tmp, tmp, fpstatus);
6773 tcg_temp_free_ptr(fpstatus);
6774 break;
6775 }
6776 case NEON_2RM_VRSQRTE:
6777 {
6778 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6779 gen_helper_rsqrte_u32(tmp, tmp, fpstatus);
6780 tcg_temp_free_ptr(fpstatus);
6781 break;
6782 }
6783 case NEON_2RM_VRECPE_F:
6784 {
6785 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6786 gen_helper_recpe_f32(tmp, tmp, fpstatus);
6787 tcg_temp_free_ptr(fpstatus);
6788 break;
6789 }
6790 case NEON_2RM_VRSQRTE_F:
6791 {
6792 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6793 gen_helper_rsqrte_f32(tmp, tmp, fpstatus);
6794 tcg_temp_free_ptr(fpstatus);
6795 break;
6796 }
6797 case NEON_2RM_VCVT_FS: /* VCVT.F32.S32 */
6798 {
6799 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6800 gen_helper_vfp_sitos(tmp, tmp, fpstatus);
6801 tcg_temp_free_ptr(fpstatus);
6802 break;
6803 }
6804 case NEON_2RM_VCVT_FU: /* VCVT.F32.U32 */
6805 {
6806 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6807 gen_helper_vfp_uitos(tmp, tmp, fpstatus);
6808 tcg_temp_free_ptr(fpstatus);
6809 break;
6810 }
6811 case NEON_2RM_VCVT_SF: /* VCVT.S32.F32 */
6812 {
6813 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6814 gen_helper_vfp_tosizs(tmp, tmp, fpstatus);
6815 tcg_temp_free_ptr(fpstatus);
6816 break;
6817 }
6818 case NEON_2RM_VCVT_UF: /* VCVT.U32.F32 */
6819 {
6820 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6821 gen_helper_vfp_touizs(tmp, tmp, fpstatus);
6822 tcg_temp_free_ptr(fpstatus);
6823 break;
6824 }
6825 default:
6826 /* Reserved op values were caught by the
6827 * neon_2rm_sizes[] check earlier.
6828 */
6829 abort();
6830 }
6831 neon_store_reg(rd, pass, tmp);
6832 }
6833 break;
6834 }
6835 } else if ((insn & (1 << 10)) == 0) {
6836 /* VTBL, VTBX. */
6837 int n = ((insn >> 8) & 3) + 1;
6838 if ((rn + n) > 32) {
6839 /* This is UNPREDICTABLE; we choose to UNDEF to avoid the
6840 * helper function running off the end of the register file.
6841 */
6842 return 1;
6843 }
6844 n <<= 3;
6845 if (insn & (1 << 6)) {
6846 tmp = neon_load_reg(rd, 0);
6847 } else {
6848 tmp = tcg_temp_new_i32();
6849 tcg_gen_movi_i32(tmp, 0);
6850 }
6851 tmp2 = neon_load_reg(rm, 0);
6852 ptr1 = vfp_reg_ptr(true, rn);
6853 tmp5 = tcg_const_i32(n);
6854 gen_helper_neon_tbl(tmp2, tmp2, tmp, ptr1, tmp5);
6855 tcg_temp_free_i32(tmp);
6856 if (insn & (1 << 6)) {
6857 tmp = neon_load_reg(rd, 1);
6858 } else {
6859 tmp = tcg_temp_new_i32();
6860 tcg_gen_movi_i32(tmp, 0);
6861 }
6862 tmp3 = neon_load_reg(rm, 1);
6863 gen_helper_neon_tbl(tmp3, tmp3, tmp, ptr1, tmp5);
6864 tcg_temp_free_i32(tmp5);
6865 tcg_temp_free_ptr(ptr1);
6866 neon_store_reg(rd, 0, tmp2);
6867 neon_store_reg(rd, 1, tmp3);
6868 tcg_temp_free_i32(tmp);
6869 } else if ((insn & 0x380) == 0) {
6870 /* VDUP */
6871 int element;
6872 TCGMemOp size;
6873
6874 if ((insn & (7 << 16)) == 0 || (q && (rd & 1))) {
6875 return 1;
6876 }
6877 if (insn & (1 << 16)) {
6878 size = MO_8;
6879 element = (insn >> 17) & 7;
6880 } else if (insn & (1 << 17)) {
6881 size = MO_16;
6882 element = (insn >> 18) & 3;
6883 } else {
6884 size = MO_32;
6885 element = (insn >> 19) & 1;
6886 }
6887 tcg_gen_gvec_dup_mem(size, neon_reg_offset(rd, 0),
6888 neon_element_offset(rm, element, size),
6889 q ? 16 : 8, q ? 16 : 8);
6890 } else {
6891 return 1;
6892 }
6893 }
6894 }
6895 return 0;
6896 }
6897
6898 /* Advanced SIMD three registers of the same length extension.
6899 * 31 25 23 22 20 16 12 11 10 9 8 3 0
6900 * +---------------+-----+---+-----+----+----+---+----+---+----+---------+----+
6901 * | 1 1 1 1 1 1 0 | op1 | D | op2 | Vn | Vd | 1 | o3 | 0 | o4 | N Q M U | Vm |
6902 * +---------------+-----+---+-----+----+----+---+----+---+----+---------+----+
6903 */
6904 static int disas_neon_insn_3same_ext(DisasContext *s, uint32_t insn)
6905 {
6906 gen_helper_gvec_3 *fn_gvec = NULL;
6907 gen_helper_gvec_3_ptr *fn_gvec_ptr = NULL;
6908 int rd, rn, rm, opr_sz;
6909 int data = 0;
6910 int off_rn, off_rm;
6911 bool is_long = false, q = extract32(insn, 6, 1);
6912 bool ptr_is_env = false;
6913
6914 if ((insn & 0xfe200f10) == 0xfc200800) {
6915 /* VCMLA -- 1111 110R R.1S .... .... 1000 ...0 .... */
6916 int size = extract32(insn, 20, 1);
6917 data = extract32(insn, 23, 2); /* rot */
6918 if (!dc_isar_feature(aa32_vcma, s)
6919 || (!size && !dc_isar_feature(aa32_fp16_arith, s))) {
6920 return 1;
6921 }
6922 fn_gvec_ptr = size ? gen_helper_gvec_fcmlas : gen_helper_gvec_fcmlah;
6923 } else if ((insn & 0xfea00f10) == 0xfc800800) {
6924 /* VCADD -- 1111 110R 1.0S .... .... 1000 ...0 .... */
6925 int size = extract32(insn, 20, 1);
6926 data = extract32(insn, 24, 1); /* rot */
6927 if (!dc_isar_feature(aa32_vcma, s)
6928 || (!size && !dc_isar_feature(aa32_fp16_arith, s))) {
6929 return 1;
6930 }
6931 fn_gvec_ptr = size ? gen_helper_gvec_fcadds : gen_helper_gvec_fcaddh;
6932 } else if ((insn & 0xfeb00f00) == 0xfc200d00) {
6933 /* V[US]DOT -- 1111 1100 0.10 .... .... 1101 .Q.U .... */
6934 bool u = extract32(insn, 4, 1);
6935 if (!dc_isar_feature(aa32_dp, s)) {
6936 return 1;
6937 }
6938 fn_gvec = u ? gen_helper_gvec_udot_b : gen_helper_gvec_sdot_b;
6939 } else if ((insn & 0xff300f10) == 0xfc200810) {
6940 /* VFM[AS]L -- 1111 1100 S.10 .... .... 1000 .Q.1 .... */
6941 int is_s = extract32(insn, 23, 1);
6942 if (!dc_isar_feature(aa32_fhm, s)) {
6943 return 1;
6944 }
6945 is_long = true;
6946 data = is_s; /* is_2 == 0 */
6947 fn_gvec_ptr = gen_helper_gvec_fmlal_a32;
6948 ptr_is_env = true;
6949 } else {
6950 return 1;
6951 }
6952
6953 VFP_DREG_D(rd, insn);
6954 if (rd & q) {
6955 return 1;
6956 }
6957 if (q || !is_long) {
6958 VFP_DREG_N(rn, insn);
6959 VFP_DREG_M(rm, insn);
6960 if ((rn | rm) & q & !is_long) {
6961 return 1;
6962 }
6963 off_rn = vfp_reg_offset(1, rn);
6964 off_rm = vfp_reg_offset(1, rm);
6965 } else {
6966 rn = VFP_SREG_N(insn);
6967 rm = VFP_SREG_M(insn);
6968 off_rn = vfp_reg_offset(0, rn);
6969 off_rm = vfp_reg_offset(0, rm);
6970 }
6971
6972 if (s->fp_excp_el) {
6973 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
6974 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
6975 return 0;
6976 }
6977 if (!s->vfp_enabled) {
6978 return 1;
6979 }
6980
6981 opr_sz = (1 + q) * 8;
6982 if (fn_gvec_ptr) {
6983 TCGv_ptr ptr;
6984 if (ptr_is_env) {
6985 ptr = cpu_env;
6986 } else {
6987 ptr = get_fpstatus_ptr(1);
6988 }
6989 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd), off_rn, off_rm, ptr,
6990 opr_sz, opr_sz, data, fn_gvec_ptr);
6991 if (!ptr_is_env) {
6992 tcg_temp_free_ptr(ptr);
6993 }
6994 } else {
6995 tcg_gen_gvec_3_ool(vfp_reg_offset(1, rd), off_rn, off_rm,
6996 opr_sz, opr_sz, data, fn_gvec);
6997 }
6998 return 0;
6999 }
7000
7001 /* Advanced SIMD two registers and a scalar extension.
7002 * 31 24 23 22 20 16 12 11 10 9 8 3 0
7003 * +-----------------+----+---+----+----+----+---+----+---+----+---------+----+
7004 * | 1 1 1 1 1 1 1 0 | o1 | D | o2 | Vn | Vd | 1 | o3 | 0 | o4 | N Q M U | Vm |
7005 * +-----------------+----+---+----+----+----+---+----+---+----+---------+----+
7006 *
7007 */
7008
7009 static int disas_neon_insn_2reg_scalar_ext(DisasContext *s, uint32_t insn)
7010 {
7011 gen_helper_gvec_3 *fn_gvec = NULL;
7012 gen_helper_gvec_3_ptr *fn_gvec_ptr = NULL;
7013 int rd, rn, rm, opr_sz, data;
7014 int off_rn, off_rm;
7015 bool is_long = false, q = extract32(insn, 6, 1);
7016 bool ptr_is_env = false;
7017
7018 if ((insn & 0xff000f10) == 0xfe000800) {
7019 /* VCMLA (indexed) -- 1111 1110 S.RR .... .... 1000 ...0 .... */
7020 int rot = extract32(insn, 20, 2);
7021 int size = extract32(insn, 23, 1);
7022 int index;
7023
7024 if (!dc_isar_feature(aa32_vcma, s)) {
7025 return 1;
7026 }
7027 if (size == 0) {
7028 if (!dc_isar_feature(aa32_fp16_arith, s)) {
7029 return 1;
7030 }
7031 /* For fp16, rm is just Vm, and index is M. */
7032 rm = extract32(insn, 0, 4);
7033 index = extract32(insn, 5, 1);
7034 } else {
7035 /* For fp32, rm is the usual M:Vm, and index is 0. */
7036 VFP_DREG_M(rm, insn);
7037 index = 0;
7038 }
7039 data = (index << 2) | rot;
7040 fn_gvec_ptr = (size ? gen_helper_gvec_fcmlas_idx
7041 : gen_helper_gvec_fcmlah_idx);
7042 } else if ((insn & 0xffb00f00) == 0xfe200d00) {
7043 /* V[US]DOT -- 1111 1110 0.10 .... .... 1101 .Q.U .... */
7044 int u = extract32(insn, 4, 1);
7045
7046 if (!dc_isar_feature(aa32_dp, s)) {
7047 return 1;
7048 }
7049 fn_gvec = u ? gen_helper_gvec_udot_idx_b : gen_helper_gvec_sdot_idx_b;
7050 /* rm is just Vm, and index is M. */
7051 data = extract32(insn, 5, 1); /* index */
7052 rm = extract32(insn, 0, 4);
7053 } else if ((insn & 0xffa00f10) == 0xfe000810) {
7054 /* VFM[AS]L -- 1111 1110 0.0S .... .... 1000 .Q.1 .... */
7055 int is_s = extract32(insn, 20, 1);
7056 int vm20 = extract32(insn, 0, 3);
7057 int vm3 = extract32(insn, 3, 1);
7058 int m = extract32(insn, 5, 1);
7059 int index;
7060
7061 if (!dc_isar_feature(aa32_fhm, s)) {
7062 return 1;
7063 }
7064 if (q) {
7065 rm = vm20;
7066 index = m * 2 + vm3;
7067 } else {
7068 rm = vm20 * 2 + m;
7069 index = vm3;
7070 }
7071 is_long = true;
7072 data = (index << 2) | is_s; /* is_2 == 0 */
7073 fn_gvec_ptr = gen_helper_gvec_fmlal_idx_a32;
7074 ptr_is_env = true;
7075 } else {
7076 return 1;
7077 }
7078
7079 VFP_DREG_D(rd, insn);
7080 if (rd & q) {
7081 return 1;
7082 }
7083 if (q || !is_long) {
7084 VFP_DREG_N(rn, insn);
7085 if (rn & q & !is_long) {
7086 return 1;
7087 }
7088 off_rn = vfp_reg_offset(1, rn);
7089 off_rm = vfp_reg_offset(1, rm);
7090 } else {
7091 rn = VFP_SREG_N(insn);
7092 off_rn = vfp_reg_offset(0, rn);
7093 off_rm = vfp_reg_offset(0, rm);
7094 }
7095 if (s->fp_excp_el) {
7096 gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
7097 syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
7098 return 0;
7099 }
7100 if (!s->vfp_enabled) {
7101 return 1;
7102 }
7103
7104 opr_sz = (1 + q) * 8;
7105 if (fn_gvec_ptr) {
7106 TCGv_ptr ptr;
7107 if (ptr_is_env) {
7108 ptr = cpu_env;
7109 } else {
7110 ptr = get_fpstatus_ptr(1);
7111 }
7112 tcg_gen_gvec_3_ptr(vfp_reg_offset(1, rd), off_rn, off_rm, ptr,
7113 opr_sz, opr_sz, data, fn_gvec_ptr);
7114 if (!ptr_is_env) {
7115 tcg_temp_free_ptr(ptr);
7116 }
7117 } else {
7118 tcg_gen_gvec_3_ool(vfp_reg_offset(1, rd), off_rn, off_rm,
7119 opr_sz, opr_sz, data, fn_gvec);
7120 }
7121 return 0;
7122 }
7123
7124 static int disas_coproc_insn(DisasContext *s, uint32_t insn)
7125 {
7126 int cpnum, is64, crn, crm, opc1, opc2, isread, rt, rt2;
7127 const ARMCPRegInfo *ri;
7128
7129 cpnum = (insn >> 8) & 0xf;
7130
7131 /* First check for coprocessor space used for XScale/iwMMXt insns */
7132 if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cpnum < 2)) {
7133 if (extract32(s->c15_cpar, cpnum, 1) == 0) {
7134 return 1;
7135 }
7136 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
7137 return disas_iwmmxt_insn(s, insn);
7138 } else if (arm_dc_feature(s, ARM_FEATURE_XSCALE)) {
7139 return disas_dsp_insn(s, insn);
7140 }
7141 return 1;
7142 }
7143
7144 /* Otherwise treat as a generic register access */
7145 is64 = (insn & (1 << 25)) == 0;
7146 if (!is64 && ((insn & (1 << 4)) == 0)) {
7147 /* cdp */
7148 return 1;
7149 }
7150
7151 crm = insn & 0xf;
7152 if (is64) {
7153 crn = 0;
7154 opc1 = (insn >> 4) & 0xf;
7155 opc2 = 0;
7156 rt2 = (insn >> 16) & 0xf;
7157 } else {
7158 crn = (insn >> 16) & 0xf;
7159 opc1 = (insn >> 21) & 7;
7160 opc2 = (insn >> 5) & 7;
7161 rt2 = 0;
7162 }
7163 isread = (insn >> 20) & 1;
7164 rt = (insn >> 12) & 0xf;
7165
7166 ri = get_arm_cp_reginfo(s->cp_regs,
7167 ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));
7168 if (ri) {
7169 /* Check access permissions */
7170 if (!cp_access_ok(s->current_el, ri, isread)) {
7171 return 1;
7172 }
7173
7174 if (ri->accessfn ||
7175 (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
7176 /* Emit code to perform further access permissions checks at
7177 * runtime; this may result in an exception.
7178 * Note that on XScale all cp0..c13 registers do an access check
7179 * call in order to handle c15_cpar.
7180 */
7181 TCGv_ptr tmpptr;
7182 TCGv_i32 tcg_syn, tcg_isread;
7183 uint32_t syndrome;
7184
7185 /* Note that since we are an implementation which takes an
7186 * exception on a trapped conditional instruction only if the
7187 * instruction passes its condition code check, we can take
7188 * advantage of the clause in the ARM ARM that allows us to set
7189 * the COND field in the instruction to 0xE in all cases.
7190 * We could fish the actual condition out of the insn (ARM)
7191 * or the condexec bits (Thumb) but it isn't necessary.
7192 */
7193 switch (cpnum) {
7194 case 14:
7195 if (is64) {
7196 syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7197 isread, false);
7198 } else {
7199 syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7200 rt, isread, false);
7201 }
7202 break;
7203 case 15:
7204 if (is64) {
7205 syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7206 isread, false);
7207 } else {
7208 syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7209 rt, isread, false);
7210 }
7211 break;
7212 default:
7213 /* ARMv8 defines that only coprocessors 14 and 15 exist,
7214 * so this can only happen if this is an ARMv7 or earlier CPU,
7215 * in which case the syndrome information won't actually be
7216 * guest visible.
7217 */
7218 assert(!arm_dc_feature(s, ARM_FEATURE_V8));
7219 syndrome = syn_uncategorized();
7220 break;
7221 }
7222
7223 gen_set_condexec(s);
7224 gen_set_pc_im(s, s->pc_curr);
7225 tmpptr = tcg_const_ptr(ri);
7226 tcg_syn = tcg_const_i32(syndrome);
7227 tcg_isread = tcg_const_i32(isread);
7228 gen_helper_access_check_cp_reg(cpu_env, tmpptr, tcg_syn,
7229 tcg_isread);
7230 tcg_temp_free_ptr(tmpptr);
7231 tcg_temp_free_i32(tcg_syn);
7232 tcg_temp_free_i32(tcg_isread);
7233 }
7234
7235 /* Handle special cases first */
7236 switch (ri->type & ~(ARM_CP_FLAG_MASK & ~ARM_CP_SPECIAL)) {
7237 case ARM_CP_NOP:
7238 return 0;
7239 case ARM_CP_WFI:
7240 if (isread) {
7241 return 1;
7242 }
7243 gen_set_pc_im(s, s->base.pc_next);
7244 s->base.is_jmp = DISAS_WFI;
7245 return 0;
7246 default:
7247 break;
7248 }
7249
7250 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7251 gen_io_start();
7252 }
7253
7254 if (isread) {
7255 /* Read */
7256 if (is64) {
7257 TCGv_i64 tmp64;
7258 TCGv_i32 tmp;
7259 if (ri->type & ARM_CP_CONST) {
7260 tmp64 = tcg_const_i64(ri->resetvalue);
7261 } else if (ri->readfn) {
7262 TCGv_ptr tmpptr;
7263 tmp64 = tcg_temp_new_i64();
7264 tmpptr = tcg_const_ptr(ri);
7265 gen_helper_get_cp_reg64(tmp64, cpu_env, tmpptr);
7266 tcg_temp_free_ptr(tmpptr);
7267 } else {
7268 tmp64 = tcg_temp_new_i64();
7269 tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
7270 }
7271 tmp = tcg_temp_new_i32();
7272 tcg_gen_extrl_i64_i32(tmp, tmp64);
7273 store_reg(s, rt, tmp);
7274 tcg_gen_shri_i64(tmp64, tmp64, 32);
7275 tmp = tcg_temp_new_i32();
7276 tcg_gen_extrl_i64_i32(tmp, tmp64);
7277 tcg_temp_free_i64(tmp64);
7278 store_reg(s, rt2, tmp);
7279 } else {
7280 TCGv_i32 tmp;
7281 if (ri->type & ARM_CP_CONST) {
7282 tmp = tcg_const_i32(ri->resetvalue);
7283 } else if (ri->readfn) {
7284 TCGv_ptr tmpptr;
7285 tmp = tcg_temp_new_i32();
7286 tmpptr = tcg_const_ptr(ri);
7287 gen_helper_get_cp_reg(tmp, cpu_env, tmpptr);
7288 tcg_temp_free_ptr(tmpptr);
7289 } else {
7290 tmp = load_cpu_offset(ri->fieldoffset);
7291 }
7292 if (rt == 15) {
7293 /* Destination register of r15 for 32 bit loads sets
7294 * the condition codes from the high 4 bits of the value
7295 */
7296 gen_set_nzcv(tmp);
7297 tcg_temp_free_i32(tmp);
7298 } else {
7299 store_reg(s, rt, tmp);
7300 }
7301 }
7302 } else {
7303 /* Write */
7304 if (ri->type & ARM_CP_CONST) {
7305 /* If not forbidden by access permissions, treat as WI */
7306 return 0;
7307 }
7308
7309 if (is64) {
7310 TCGv_i32 tmplo, tmphi;
7311 TCGv_i64 tmp64 = tcg_temp_new_i64();
7312 tmplo = load_reg(s, rt);
7313 tmphi = load_reg(s, rt2);
7314 tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);
7315 tcg_temp_free_i32(tmplo);
7316 tcg_temp_free_i32(tmphi);
7317 if (ri->writefn) {
7318 TCGv_ptr tmpptr = tcg_const_ptr(ri);
7319 gen_helper_set_cp_reg64(cpu_env, tmpptr, tmp64);
7320 tcg_temp_free_ptr(tmpptr);
7321 } else {
7322 tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
7323 }
7324 tcg_temp_free_i64(tmp64);
7325 } else {
7326 if (ri->writefn) {
7327 TCGv_i32 tmp;
7328 TCGv_ptr tmpptr;
7329 tmp = load_reg(s, rt);
7330 tmpptr = tcg_const_ptr(ri);
7331 gen_helper_set_cp_reg(cpu_env, tmpptr, tmp);
7332 tcg_temp_free_ptr(tmpptr);
7333 tcg_temp_free_i32(tmp);
7334 } else {
7335 TCGv_i32 tmp = load_reg(s, rt);
7336 store_cpu_offset(tmp, ri->fieldoffset);
7337 }
7338 }
7339 }
7340
7341 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7342 /* I/O operations must end the TB here (whether read or write) */
7343 gen_io_end();
7344 gen_lookup_tb(s);
7345 } else if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
7346 /* We default to ending the TB on a coprocessor register write,
7347 * but allow this to be suppressed by the register definition
7348 * (usually only necessary to work around guest bugs).
7349 */
7350 gen_lookup_tb(s);
7351 }
7352
7353 return 0;
7354 }
7355
7356 /* Unknown register; this might be a guest error or a QEMU
7357 * unimplemented feature.
7358 */
7359 if (is64) {
7360 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7361 "64 bit system register cp:%d opc1: %d crm:%d "
7362 "(%s)\n",
7363 isread ? "read" : "write", cpnum, opc1, crm,
7364 s->ns ? "non-secure" : "secure");
7365 } else {
7366 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7367 "system register cp:%d opc1:%d crn:%d crm:%d opc2:%d "
7368 "(%s)\n",
7369 isread ? "read" : "write", cpnum, opc1, crn, crm, opc2,
7370 s->ns ? "non-secure" : "secure");
7371 }
7372
7373 return 1;
7374 }
7375
7376
7377 /* Store a 64-bit value to a register pair. Clobbers val. */
7378 static void gen_storeq_reg(DisasContext *s, int rlow, int rhigh, TCGv_i64 val)
7379 {
7380 TCGv_i32 tmp;
7381 tmp = tcg_temp_new_i32();
7382 tcg_gen_extrl_i64_i32(tmp, val);
7383 store_reg(s, rlow, tmp);
7384 tmp = tcg_temp_new_i32();
7385 tcg_gen_shri_i64(val, val, 32);
7386 tcg_gen_extrl_i64_i32(tmp, val);
7387 store_reg(s, rhigh, tmp);
7388 }
7389
7390 /* load a 32-bit value from a register and perform a 64-bit accumulate. */
7391 static void gen_addq_lo(DisasContext *s, TCGv_i64 val, int rlow)
7392 {
7393 TCGv_i64 tmp;
7394 TCGv_i32 tmp2;
7395
7396 /* Load value and extend to 64 bits. */
7397 tmp = tcg_temp_new_i64();
7398 tmp2 = load_reg(s, rlow);
7399 tcg_gen_extu_i32_i64(tmp, tmp2);
7400 tcg_temp_free_i32(tmp2);
7401 tcg_gen_add_i64(val, val, tmp);
7402 tcg_temp_free_i64(tmp);
7403 }
7404
7405 /* load and add a 64-bit value from a register pair. */
7406 static void gen_addq(DisasContext *s, TCGv_i64 val, int rlow, int rhigh)
7407 {
7408 TCGv_i64 tmp;
7409 TCGv_i32 tmpl;
7410 TCGv_i32 tmph;
7411
7412 /* Load 64-bit value rd:rn. */
7413 tmpl = load_reg(s, rlow);
7414 tmph = load_reg(s, rhigh);
7415 tmp = tcg_temp_new_i64();
7416 tcg_gen_concat_i32_i64(tmp, tmpl, tmph);
7417 tcg_temp_free_i32(tmpl);
7418 tcg_temp_free_i32(tmph);
7419 tcg_gen_add_i64(val, val, tmp);
7420 tcg_temp_free_i64(tmp);
7421 }
7422
7423 /* Set N and Z flags from hi|lo. */
7424 static void gen_logicq_cc(TCGv_i32 lo, TCGv_i32 hi)
7425 {
7426 tcg_gen_mov_i32(cpu_NF, hi);
7427 tcg_gen_or_i32(cpu_ZF, lo, hi);
7428 }
7429
7430 /* Load/Store exclusive instructions are implemented by remembering
7431 the value/address loaded, and seeing if these are the same
7432 when the store is performed. This should be sufficient to implement
7433 the architecturally mandated semantics, and avoids having to monitor
7434 regular stores. The compare vs the remembered value is done during
7435 the cmpxchg operation, but we must compare the addresses manually. */
7436 static void gen_load_exclusive(DisasContext *s, int rt, int rt2,
7437 TCGv_i32 addr, int size)
7438 {
7439 TCGv_i32 tmp = tcg_temp_new_i32();
7440 TCGMemOp opc = size | MO_ALIGN | s->be_data;
7441
7442 s->is_ldex = true;
7443
7444 if (size == 3) {
7445 TCGv_i32 tmp2 = tcg_temp_new_i32();
7446 TCGv_i64 t64 = tcg_temp_new_i64();
7447
7448 /* For AArch32, architecturally the 32-bit word at the lowest
7449 * address is always Rt and the one at addr+4 is Rt2, even if
7450 * the CPU is big-endian. That means we don't want to do a
7451 * gen_aa32_ld_i64(), which invokes gen_aa32_frob64() as if
7452 * for an architecturally 64-bit access, but instead do a
7453 * 64-bit access using MO_BE if appropriate and then split
7454 * the two halves.
7455 * This only makes a difference for BE32 user-mode, where
7456 * frob64() must not flip the two halves of the 64-bit data
7457 * but this code must treat BE32 user-mode like BE32 system.
7458 */
7459 TCGv taddr = gen_aa32_addr(s, addr, opc);
7460
7461 tcg_gen_qemu_ld_i64(t64, taddr, get_mem_index(s), opc);
7462 tcg_temp_free(taddr);
7463 tcg_gen_mov_i64(cpu_exclusive_val, t64);
7464 if (s->be_data == MO_BE) {
7465 tcg_gen_extr_i64_i32(tmp2, tmp, t64);
7466 } else {
7467 tcg_gen_extr_i64_i32(tmp, tmp2, t64);
7468 }
7469 tcg_temp_free_i64(t64);
7470
7471 store_reg(s, rt2, tmp2);
7472 } else {
7473 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), opc);
7474 tcg_gen_extu_i32_i64(cpu_exclusive_val, tmp);
7475 }
7476
7477 store_reg(s, rt, tmp);
7478 tcg_gen_extu_i32_i64(cpu_exclusive_addr, addr);
7479 }
7480
7481 static void gen_clrex(DisasContext *s)
7482 {
7483 tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7484 }
7485
7486 static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
7487 TCGv_i32 addr, int size)
7488 {
7489 TCGv_i32 t0, t1, t2;
7490 TCGv_i64 extaddr;
7491 TCGv taddr;
7492 TCGLabel *done_label;
7493 TCGLabel *fail_label;
7494 TCGMemOp opc = size | MO_ALIGN | s->be_data;
7495
7496 /* if (env->exclusive_addr == addr && env->exclusive_val == [addr]) {
7497 [addr] = {Rt};
7498 {Rd} = 0;
7499 } else {
7500 {Rd} = 1;
7501 } */
7502 fail_label = gen_new_label();
7503 done_label = gen_new_label();
7504 extaddr = tcg_temp_new_i64();
7505 tcg_gen_extu_i32_i64(extaddr, addr);
7506 tcg_gen_brcond_i64(TCG_COND_NE, extaddr, cpu_exclusive_addr, fail_label);
7507 tcg_temp_free_i64(extaddr);
7508
7509 taddr = gen_aa32_addr(s, addr, opc);
7510 t0 = tcg_temp_new_i32();
7511 t1 = load_reg(s, rt);
7512 if (size == 3) {
7513 TCGv_i64 o64 = tcg_temp_new_i64();
7514 TCGv_i64 n64 = tcg_temp_new_i64();
7515
7516 t2 = load_reg(s, rt2);
7517 /* For AArch32, architecturally the 32-bit word at the lowest
7518 * address is always Rt and the one at addr+4 is Rt2, even if
7519 * the CPU is big-endian. Since we're going to treat this as a
7520 * single 64-bit BE store, we need to put the two halves in the
7521 * opposite order for BE to LE, so that they end up in the right
7522 * places.
7523 * We don't want gen_aa32_frob64() because that does the wrong
7524 * thing for BE32 usermode.
7525 */
7526 if (s->be_data == MO_BE) {
7527 tcg_gen_concat_i32_i64(n64, t2, t1);
7528 } else {
7529 tcg_gen_concat_i32_i64(n64, t1, t2);
7530 }
7531 tcg_temp_free_i32(t2);
7532
7533 tcg_gen_atomic_cmpxchg_i64(o64, taddr, cpu_exclusive_val, n64,
7534 get_mem_index(s), opc);
7535 tcg_temp_free_i64(n64);
7536
7537 tcg_gen_setcond_i64(TCG_COND_NE, o64, o64, cpu_exclusive_val);
7538 tcg_gen_extrl_i64_i32(t0, o64);
7539
7540 tcg_temp_free_i64(o64);
7541 } else {
7542 t2 = tcg_temp_new_i32();
7543 tcg_gen_extrl_i64_i32(t2, cpu_exclusive_val);
7544 tcg_gen_atomic_cmpxchg_i32(t0, taddr, t2, t1, get_mem_index(s), opc);
7545 tcg_gen_setcond_i32(TCG_COND_NE, t0, t0, t2);
7546 tcg_temp_free_i32(t2);
7547 }
7548 tcg_temp_free_i32(t1);
7549 tcg_temp_free(taddr);
7550 tcg_gen_mov_i32(cpu_R[rd], t0);
7551 tcg_temp_free_i32(t0);
7552 tcg_gen_br(done_label);
7553
7554 gen_set_label(fail_label);
7555 tcg_gen_movi_i32(cpu_R[rd], 1);
7556 gen_set_label(done_label);
7557 tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7558 }
7559
7560 /* gen_srs:
7561 * @env: CPUARMState
7562 * @s: DisasContext
7563 * @mode: mode field from insn (which stack to store to)
7564 * @amode: addressing mode (DA/IA/DB/IB), encoded as per P,U bits in ARM insn
7565 * @writeback: true if writeback bit set
7566 *
7567 * Generate code for the SRS (Store Return State) insn.
7568 */
7569 static void gen_srs(DisasContext *s,
7570 uint32_t mode, uint32_t amode, bool writeback)
7571 {
7572 int32_t offset;
7573 TCGv_i32 addr, tmp;
7574 bool undef = false;
7575
7576 /* SRS is:
7577 * - trapped to EL3 if EL3 is AArch64 and we are at Secure EL1
7578 * and specified mode is monitor mode
7579 * - UNDEFINED in Hyp mode
7580 * - UNPREDICTABLE in User or System mode
7581 * - UNPREDICTABLE if the specified mode is:
7582 * -- not implemented
7583 * -- not a valid mode number
7584 * -- a mode that's at a higher exception level
7585 * -- Monitor, if we are Non-secure
7586 * For the UNPREDICTABLE cases we choose to UNDEF.
7587 */
7588 if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) {
7589 gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(), 3);
7590 return;
7591 }
7592
7593 if (s->current_el == 0 || s->current_el == 2) {
7594 undef = true;
7595 }
7596
7597 switch (mode) {
7598 case ARM_CPU_MODE_USR:
7599 case ARM_CPU_MODE_FIQ:
7600 case ARM_CPU_MODE_IRQ:
7601 case ARM_CPU_MODE_SVC:
7602 case ARM_CPU_MODE_ABT:
7603 case ARM_CPU_MODE_UND:
7604 case ARM_CPU_MODE_SYS:
7605 break;
7606 case ARM_CPU_MODE_HYP:
7607 if (s->current_el == 1 || !arm_dc_feature(s, ARM_FEATURE_EL2)) {
7608 undef = true;
7609 }
7610 break;
7611 case ARM_CPU_MODE_MON:
7612 /* No need to check specifically for "are we non-secure" because
7613 * we've already made EL0 UNDEF and handled the trap for S-EL1;
7614 * so if this isn't EL3 then we must be non-secure.
7615 */
7616 if (s->current_el != 3) {
7617 undef = true;
7618 }
7619 break;
7620 default:
7621 undef = true;
7622 }
7623
7624 if (undef) {
7625 unallocated_encoding(s);
7626 return;
7627 }
7628
7629 addr = tcg_temp_new_i32();
7630 tmp = tcg_const_i32(mode);
7631 /* get_r13_banked() will raise an exception if called from System mode */
7632 gen_set_condexec(s);
7633 gen_set_pc_im(s, s->pc_curr);
7634 gen_helper_get_r13_banked(addr, cpu_env, tmp);
7635 tcg_temp_free_i32(tmp);
7636 switch (amode) {
7637 case 0: /* DA */
7638 offset = -4;
7639 break;
7640 case 1: /* IA */
7641 offset = 0;
7642 break;
7643 case 2: /* DB */
7644 offset = -8;
7645 break;
7646 case 3: /* IB */
7647 offset = 4;
7648 break;
7649 default:
7650 abort();
7651 }
7652 tcg_gen_addi_i32(addr, addr, offset);
7653 tmp = load_reg(s, 14);
7654 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
7655 tcg_temp_free_i32(tmp);
7656 tmp = load_cpu_field(spsr);
7657 tcg_gen_addi_i32(addr, addr, 4);
7658 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
7659 tcg_temp_free_i32(tmp);
7660 if (writeback) {
7661 switch (amode) {
7662 case 0:
7663 offset = -8;
7664 break;
7665 case 1:
7666 offset = 4;
7667 break;
7668 case 2:
7669 offset = -4;
7670 break;
7671 case 3:
7672 offset = 0;
7673 break;
7674 default:
7675 abort();
7676 }
7677 tcg_gen_addi_i32(addr, addr, offset);
7678 tmp = tcg_const_i32(mode);
7679 gen_helper_set_r13_banked(cpu_env, tmp, addr);
7680 tcg_temp_free_i32(tmp);
7681 }
7682 tcg_temp_free_i32(addr);
7683 s->base.is_jmp = DISAS_UPDATE;
7684 }
7685
7686 /* Generate a label used for skipping this instruction */
7687 static void arm_gen_condlabel(DisasContext *s)
7688 {
7689 if (!s->condjmp) {
7690 s->condlabel = gen_new_label();
7691 s->condjmp = 1;
7692 }
7693 }
7694
7695 /* Skip this instruction if the ARM condition is false */
7696 static void arm_skip_unless(DisasContext *s, uint32_t cond)
7697 {
7698 arm_gen_condlabel(s);
7699 arm_gen_test_cc(cond ^ 1, s->condlabel);
7700 }
7701
7702 static void disas_arm_insn(DisasContext *s, unsigned int insn)
7703 {
7704 unsigned int cond, val, op1, i, shift, rm, rs, rn, rd, sh;
7705 TCGv_i32 tmp;
7706 TCGv_i32 tmp2;
7707 TCGv_i32 tmp3;
7708 TCGv_i32 addr;
7709 TCGv_i64 tmp64;
7710
7711 /* M variants do not implement ARM mode; this must raise the INVSTATE
7712 * UsageFault exception.
7713 */
7714 if (arm_dc_feature(s, ARM_FEATURE_M)) {
7715 gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
7716 default_exception_el(s));
7717 return;
7718 }
7719 cond = insn >> 28;
7720 if (cond == 0xf){
7721 /* In ARMv3 and v4 the NV condition is UNPREDICTABLE; we
7722 * choose to UNDEF. In ARMv5 and above the space is used
7723 * for miscellaneous unconditional instructions.
7724 */
7725 ARCH(5);
7726
7727 /* Unconditional instructions. */
7728 if (((insn >> 25) & 7) == 1) {
7729 /* NEON Data processing. */
7730 if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
7731 goto illegal_op;
7732 }
7733
7734 if (disas_neon_data_insn(s, insn)) {
7735 goto illegal_op;
7736 }
7737 return;
7738 }
7739 if ((insn & 0x0f100000) == 0x04000000) {
7740 /* NEON load/store. */
7741 if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
7742 goto illegal_op;
7743 }
7744
7745 if (disas_neon_ls_insn(s, insn)) {
7746 goto illegal_op;
7747 }
7748 return;
7749 }
7750 if ((insn & 0x0f000e10) == 0x0e000a00) {
7751 /* VFP. */
7752 if (disas_vfp_insn(s, insn)) {
7753 goto illegal_op;
7754 }
7755 return;
7756 }
7757 if (((insn & 0x0f30f000) == 0x0510f000) ||
7758 ((insn & 0x0f30f010) == 0x0710f000)) {
7759 if ((insn & (1 << 22)) == 0) {
7760 /* PLDW; v7MP */
7761 if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
7762 goto illegal_op;
7763 }
7764 }
7765 /* Otherwise PLD; v5TE+ */
7766 ARCH(5TE);
7767 return;
7768 }
7769 if (((insn & 0x0f70f000) == 0x0450f000) ||
7770 ((insn & 0x0f70f010) == 0x0650f000)) {
7771 ARCH(7);
7772 return; /* PLI; V7 */
7773 }
7774 if (((insn & 0x0f700000) == 0x04100000) ||
7775 ((insn & 0x0f700010) == 0x06100000)) {
7776 if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
7777 goto illegal_op;
7778 }
7779 return; /* v7MP: Unallocated memory hint: must NOP */
7780 }
7781
7782 if ((insn & 0x0ffffdff) == 0x01010000) {
7783 ARCH(6);
7784 /* setend */
7785 if (((insn >> 9) & 1) != !!(s->be_data == MO_BE)) {
7786 gen_helper_setend(cpu_env);
7787 s->base.is_jmp = DISAS_UPDATE;
7788 }
7789 return;
7790 } else if ((insn & 0x0fffff00) == 0x057ff000) {
7791 switch ((insn >> 4) & 0xf) {
7792 case 1: /* clrex */
7793 ARCH(6K);
7794 gen_clrex(s);
7795 return;
7796 case 4: /* dsb */
7797 case 5: /* dmb */
7798 ARCH(7);
7799 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
7800 return;
7801 case 6: /* isb */
7802 /* We need to break the TB after this insn to execute
7803 * self-modifying code correctly and also to take
7804 * any pending interrupts immediately.
7805 */
7806 gen_goto_tb(s, 0, s->base.pc_next);
7807 return;
7808 case 7: /* sb */
7809 if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
7810 goto illegal_op;
7811 }
7812 /*
7813 * TODO: There is no speculation barrier opcode
7814 * for TCG; MB and end the TB instead.
7815 */
7816 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
7817 gen_goto_tb(s, 0, s->base.pc_next);
7818 return;
7819 default:
7820 goto illegal_op;
7821 }
7822 } else if ((insn & 0x0e5fffe0) == 0x084d0500) {
7823 /* srs */
7824 ARCH(6);
7825 gen_srs(s, (insn & 0x1f), (insn >> 23) & 3, insn & (1 << 21));
7826 return;
7827 } else if ((insn & 0x0e50ffe0) == 0x08100a00) {
7828 /* rfe */
7829 int32_t offset;
7830 if (IS_USER(s))
7831 goto illegal_op;
7832 ARCH(6);
7833 rn = (insn >> 16) & 0xf;
7834 addr = load_reg(s, rn);
7835 i = (insn >> 23) & 3;
7836 switch (i) {
7837 case 0: offset = -4; break; /* DA */
7838 case 1: offset = 0; break; /* IA */
7839 case 2: offset = -8; break; /* DB */
7840 case 3: offset = 4; break; /* IB */
7841 default: abort();
7842 }
7843 if (offset)
7844 tcg_gen_addi_i32(addr, addr, offset);
7845 /* Load PC into tmp and CPSR into tmp2. */
7846 tmp = tcg_temp_new_i32();
7847 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
7848 tcg_gen_addi_i32(addr, addr, 4);
7849 tmp2 = tcg_temp_new_i32();
7850 gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
7851 if (insn & (1 << 21)) {
7852 /* Base writeback. */
7853 switch (i) {
7854 case 0: offset = -8; break;
7855 case 1: offset = 4; break;
7856 case 2: offset = -4; break;
7857 case 3: offset = 0; break;
7858 default: abort();
7859 }
7860 if (offset)
7861 tcg_gen_addi_i32(addr, addr, offset);
7862 store_reg(s, rn, addr);
7863 } else {
7864 tcg_temp_free_i32(addr);
7865 }
7866 gen_rfe(s, tmp, tmp2);
7867 return;
7868 } else if ((insn & 0x0e000000) == 0x0a000000) {
7869 /* branch link and change to thumb (blx <offset>) */
7870 int32_t offset;
7871
7872 tmp = tcg_temp_new_i32();
7873 tcg_gen_movi_i32(tmp, s->base.pc_next);
7874 store_reg(s, 14, tmp);
7875 /* Sign-extend the 24-bit offset */
7876 offset = (((int32_t)insn) << 8) >> 8;
7877 val = read_pc(s);
7878 /* offset * 4 + bit24 * 2 + (thumb bit) */
7879 val += (offset << 2) | ((insn >> 23) & 2) | 1;
7880 /* protected by ARCH(5); above, near the start of uncond block */
7881 gen_bx_im(s, val);
7882 return;
7883 } else if ((insn & 0x0e000f00) == 0x0c000100) {
7884 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
7885 /* iWMMXt register transfer. */
7886 if (extract32(s->c15_cpar, 1, 1)) {
7887 if (!disas_iwmmxt_insn(s, insn)) {
7888 return;
7889 }
7890 }
7891 }
7892 } else if ((insn & 0x0e000a00) == 0x0c000800
7893 && arm_dc_feature(s, ARM_FEATURE_V8)) {
7894 if (disas_neon_insn_3same_ext(s, insn)) {
7895 goto illegal_op;
7896 }
7897 return;
7898 } else if ((insn & 0x0f000a00) == 0x0e000800
7899 && arm_dc_feature(s, ARM_FEATURE_V8)) {
7900 if (disas_neon_insn_2reg_scalar_ext(s, insn)) {
7901 goto illegal_op;
7902 }
7903 return;
7904 } else if ((insn & 0x0fe00000) == 0x0c400000) {
7905 /* Coprocessor double register transfer. */
7906 ARCH(5TE);
7907 } else if ((insn & 0x0f000010) == 0x0e000010) {
7908 /* Additional coprocessor register transfer. */
7909 } else if ((insn & 0x0ff10020) == 0x01000000) {
7910 uint32_t mask;
7911 uint32_t val;
7912 /* cps (privileged) */
7913 if (IS_USER(s))
7914 return;
7915 mask = val = 0;
7916 if (insn & (1 << 19)) {
7917 if (insn & (1 << 8))
7918 mask |= CPSR_A;
7919 if (insn & (1 << 7))
7920 mask |= CPSR_I;
7921 if (insn & (1 << 6))
7922 mask |= CPSR_F;
7923 if (insn & (1 << 18))
7924 val |= mask;
7925 }
7926 if (insn & (1 << 17)) {
7927 mask |= CPSR_M;
7928 val |= (insn & 0x1f);
7929 }
7930 if (mask) {
7931 gen_set_psr_im(s, mask, 0, val);
7932 }
7933 return;
7934 }
7935 goto illegal_op;
7936 }
7937 if (cond != 0xe) {
7938 /* if not always execute, we generate a conditional jump to
7939 next instruction */
7940 arm_skip_unless(s, cond);
7941 }
7942 if ((insn & 0x0f900000) == 0x03000000) {
7943 if ((insn & (1 << 21)) == 0) {
7944 ARCH(6T2);
7945 rd = (insn >> 12) & 0xf;
7946 val = ((insn >> 4) & 0xf000) | (insn & 0xfff);
7947 if ((insn & (1 << 22)) == 0) {
7948 /* MOVW */
7949 tmp = tcg_temp_new_i32();
7950 tcg_gen_movi_i32(tmp, val);
7951 } else {
7952 /* MOVT */
7953 tmp = load_reg(s, rd);
7954 tcg_gen_ext16u_i32(tmp, tmp);
7955 tcg_gen_ori_i32(tmp, tmp, val << 16);
7956 }
7957 store_reg(s, rd, tmp);
7958 } else {
7959 if (((insn >> 12) & 0xf) != 0xf)
7960 goto illegal_op;
7961 if (((insn >> 16) & 0xf) == 0) {
7962 gen_nop_hint(s, insn & 0xff);
7963 } else {
7964 /* CPSR = immediate */
7965 val = insn & 0xff;
7966 shift = ((insn >> 8) & 0xf) * 2;
7967 if (shift)
7968 val = (val >> shift) | (val << (32 - shift));
7969 i = ((insn & (1 << 22)) != 0);
7970 if (gen_set_psr_im(s, msr_mask(s, (insn >> 16) & 0xf, i),
7971 i, val)) {
7972 goto illegal_op;
7973 }
7974 }
7975 }
7976 } else if ((insn & 0x0f900000) == 0x01000000
7977 && (insn & 0x00000090) != 0x00000090) {
7978 /* miscellaneous instructions */
7979 op1 = (insn >> 21) & 3;
7980 sh = (insn >> 4) & 0xf;
7981 rm = insn & 0xf;
7982 switch (sh) {
7983 case 0x0: /* MSR, MRS */
7984 if (insn & (1 << 9)) {
7985 /* MSR (banked) and MRS (banked) */
7986 int sysm = extract32(insn, 16, 4) |
7987 (extract32(insn, 8, 1) << 4);
7988 int r = extract32(insn, 22, 1);
7989
7990 if (op1 & 1) {
7991 /* MSR (banked) */
7992 gen_msr_banked(s, r, sysm, rm);
7993 } else {
7994 /* MRS (banked) */
7995 int rd = extract32(insn, 12, 4);
7996
7997 gen_mrs_banked(s, r, sysm, rd);
7998 }
7999 break;
8000 }
8001
8002 /* MSR, MRS (for PSRs) */
8003 if (op1 & 1) {
8004 /* PSR = reg */
8005 tmp = load_reg(s, rm);
8006 i = ((op1 & 2) != 0);
8007 if (gen_set_psr(s, msr_mask(s, (insn >> 16) & 0xf, i), i, tmp))
8008 goto illegal_op;
8009 } else {
8010 /* reg = PSR */
8011 rd = (insn >> 12) & 0xf;
8012 if (op1 & 2) {
8013 if (IS_USER(s))
8014 goto illegal_op;
8015 tmp = load_cpu_field(spsr);
8016 } else {
8017 tmp = tcg_temp_new_i32();
8018 gen_helper_cpsr_read(tmp, cpu_env);
8019 }
8020 store_reg(s, rd, tmp);
8021 }
8022 break;
8023 case 0x1:
8024 if (op1 == 1) {
8025 /* branch/exchange thumb (bx). */
8026 ARCH(4T);
8027 tmp = load_reg(s, rm);
8028 gen_bx(s, tmp);
8029 } else if (op1 == 3) {
8030 /* clz */
8031 ARCH(5);
8032 rd = (insn >> 12) & 0xf;
8033 tmp = load_reg(s, rm);
8034 tcg_gen_clzi_i32(tmp, tmp, 32);
8035 store_reg(s, rd, tmp);
8036 } else {
8037 goto illegal_op;
8038 }
8039 break;
8040 case 0x2:
8041 if (op1 == 1) {
8042 ARCH(5J); /* bxj */
8043 /* Trivial implementation equivalent to bx. */
8044 tmp = load_reg(s, rm);
8045 gen_bx(s, tmp);
8046 } else {
8047 goto illegal_op;
8048 }
8049 break;
8050 case 0x3:
8051 if (op1 != 1)
8052 goto illegal_op;
8053
8054 ARCH(5);
8055 /* branch link/exchange thumb (blx) */
8056 tmp = load_reg(s, rm);
8057 tmp2 = tcg_temp_new_i32();
8058 tcg_gen_movi_i32(tmp2, s->base.pc_next);
8059 store_reg(s, 14, tmp2);
8060 gen_bx(s, tmp);
8061 break;
8062 case 0x4:
8063 {
8064 /* crc32/crc32c */
8065 uint32_t c = extract32(insn, 8, 4);
8066
8067 /* Check this CPU supports ARMv8 CRC instructions.
8068 * op1 == 3 is UNPREDICTABLE but handle as UNDEFINED.
8069 * Bits 8, 10 and 11 should be zero.
8070 */
8071 if (!dc_isar_feature(aa32_crc32, s) || op1 == 0x3 || (c & 0xd) != 0) {
8072 goto illegal_op;
8073 }
8074
8075 rn = extract32(insn, 16, 4);
8076 rd = extract32(insn, 12, 4);
8077
8078 tmp = load_reg(s, rn);
8079 tmp2 = load_reg(s, rm);
8080 if (op1 == 0) {
8081 tcg_gen_andi_i32(tmp2, tmp2, 0xff);
8082 } else if (op1 == 1) {
8083 tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
8084 }
8085 tmp3 = tcg_const_i32(1 << op1);
8086 if (c & 0x2) {
8087 gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
8088 } else {
8089 gen_helper_crc32(tmp, tmp, tmp2, tmp3);
8090 }
8091 tcg_temp_free_i32(tmp2);
8092 tcg_temp_free_i32(tmp3);
8093 store_reg(s, rd, tmp);
8094 break;
8095 }
8096 case 0x5: /* saturating add/subtract */
8097 ARCH(5TE);
8098 rd = (insn >> 12) & 0xf;
8099 rn = (insn >> 16) & 0xf;
8100 tmp = load_reg(s, rm);
8101 tmp2 = load_reg(s, rn);
8102 if (op1 & 2)
8103 gen_helper_add_saturate(tmp2, cpu_env, tmp2, tmp2);
8104 if (op1 & 1)
8105 gen_helper_sub_saturate(tmp, cpu_env, tmp, tmp2);
8106 else
8107 gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
8108 tcg_temp_free_i32(tmp2);
8109 store_reg(s, rd, tmp);
8110 break;
8111 case 0x6: /* ERET */
8112 if (op1 != 3) {
8113 goto illegal_op;
8114 }
8115 if (!arm_dc_feature(s, ARM_FEATURE_V7VE)) {
8116 goto illegal_op;
8117 }
8118 if ((insn & 0x000fff0f) != 0x0000000e) {
8119 /* UNPREDICTABLE; we choose to UNDEF */
8120 goto illegal_op;
8121 }
8122
8123 if (s->current_el == 2) {
8124 tmp = load_cpu_field(elr_el[2]);
8125 } else {
8126 tmp = load_reg(s, 14);
8127 }
8128 gen_exception_return(s, tmp);
8129 break;
8130 case 7:
8131 {
8132 int imm16 = extract32(insn, 0, 4) | (extract32(insn, 8, 12) << 4);
8133 switch (op1) {
8134 case 0:
8135 /* HLT */
8136 gen_hlt(s, imm16);
8137 break;
8138 case 1:
8139 /* bkpt */
8140 ARCH(5);
8141 gen_exception_bkpt_insn(s, syn_aa32_bkpt(imm16, false));
8142 break;
8143 case 2:
8144 /* Hypervisor call (v7) */
8145 ARCH(7);
8146 if (IS_USER(s)) {
8147 goto illegal_op;
8148 }
8149 gen_hvc(s, imm16);
8150 break;
8151 case 3:
8152 /* Secure monitor call (v6+) */
8153 ARCH(6K);
8154 if (IS_USER(s)) {
8155 goto illegal_op;
8156 }
8157 gen_smc(s);
8158 break;
8159 default:
8160 g_assert_not_reached();
8161 }
8162 break;
8163 }
8164 case 0x8: /* signed multiply */
8165 case 0xa:
8166 case 0xc:
8167 case 0xe:
8168 ARCH(5TE);
8169 rs = (insn >> 8) & 0xf;
8170 rn = (insn >> 12) & 0xf;
8171 rd = (insn >> 16) & 0xf;
8172 if (op1 == 1) {
8173 /* (32 * 16) >> 16 */
8174 tmp = load_reg(s, rm);
8175 tmp2 = load_reg(s, rs);
8176 if (sh & 4)
8177 tcg_gen_sari_i32(tmp2, tmp2, 16);
8178 else
8179 gen_sxth(tmp2);
8180 tmp64 = gen_muls_i64_i32(tmp, tmp2);
8181 tcg_gen_shri_i64(tmp64, tmp64, 16);
8182 tmp = tcg_temp_new_i32();
8183 tcg_gen_extrl_i64_i32(tmp, tmp64);
8184 tcg_temp_free_i64(tmp64);
8185 if ((sh & 2) == 0) {
8186 tmp2 = load_reg(s, rn);
8187 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8188 tcg_temp_free_i32(tmp2);
8189 }
8190 store_reg(s, rd, tmp);
8191 } else {
8192 /* 16 * 16 */
8193 tmp = load_reg(s, rm);
8194 tmp2 = load_reg(s, rs);
8195 gen_mulxy(tmp, tmp2, sh & 2, sh & 4);
8196 tcg_temp_free_i32(tmp2);
8197 if (op1 == 2) {
8198 tmp64 = tcg_temp_new_i64();
8199 tcg_gen_ext_i32_i64(tmp64, tmp);
8200 tcg_temp_free_i32(tmp);
8201 gen_addq(s, tmp64, rn, rd);
8202 gen_storeq_reg(s, rn, rd, tmp64);
8203 tcg_temp_free_i64(tmp64);
8204 } else {
8205 if (op1 == 0) {
8206 tmp2 = load_reg(s, rn);
8207 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8208 tcg_temp_free_i32(tmp2);
8209 }
8210 store_reg(s, rd, tmp);
8211 }
8212 }
8213 break;
8214 default:
8215 goto illegal_op;
8216 }
8217 } else if (((insn & 0x0e000000) == 0 &&
8218 (insn & 0x00000090) != 0x90) ||
8219 ((insn & 0x0e000000) == (1 << 25))) {
8220 int set_cc, logic_cc, shiftop;
8221
8222 op1 = (insn >> 21) & 0xf;
8223 set_cc = (insn >> 20) & 1;
8224 logic_cc = table_logic_cc[op1] & set_cc;
8225
8226 /* data processing instruction */
8227 if (insn & (1 << 25)) {
8228 /* immediate operand */
8229 val = insn & 0xff;
8230 shift = ((insn >> 8) & 0xf) * 2;
8231 if (shift) {
8232 val = (val >> shift) | (val << (32 - shift));
8233 }
8234 tmp2 = tcg_temp_new_i32();
8235 tcg_gen_movi_i32(tmp2, val);
8236 if (logic_cc && shift) {
8237 gen_set_CF_bit31(tmp2);
8238 }
8239 } else {
8240 /* register */
8241 rm = (insn) & 0xf;
8242 tmp2 = load_reg(s, rm);
8243 shiftop = (insn >> 5) & 3;
8244 if (!(insn & (1 << 4))) {
8245 shift = (insn >> 7) & 0x1f;
8246 gen_arm_shift_im(tmp2, shiftop, shift, logic_cc);
8247 } else {
8248 rs = (insn >> 8) & 0xf;
8249 tmp = load_reg(s, rs);
8250 gen_arm_shift_reg(tmp2, shiftop, tmp, logic_cc);
8251 }
8252 }
8253 if (op1 != 0x0f && op1 != 0x0d) {
8254 rn = (insn >> 16) & 0xf;
8255 tmp = load_reg(s, rn);
8256 } else {
8257 tmp = NULL;
8258 }
8259 rd = (insn >> 12) & 0xf;
8260 switch(op1) {
8261 case 0x00:
8262 tcg_gen_and_i32(tmp, tmp, tmp2);
8263 if (logic_cc) {
8264 gen_logic_CC(tmp);
8265 }
8266 store_reg_bx(s, rd, tmp);
8267 break;
8268 case 0x01:
8269 tcg_gen_xor_i32(tmp, tmp, tmp2);
8270 if (logic_cc) {
8271 gen_logic_CC(tmp);
8272 }
8273 store_reg_bx(s, rd, tmp);
8274 break;
8275 case 0x02:
8276 if (set_cc && rd == 15) {
8277 /* SUBS r15, ... is used for exception return. */
8278 if (IS_USER(s)) {
8279 goto illegal_op;
8280 }
8281 gen_sub_CC(tmp, tmp, tmp2);
8282 gen_exception_return(s, tmp);
8283 } else {
8284 if (set_cc) {
8285 gen_sub_CC(tmp, tmp, tmp2);
8286 } else {
8287 tcg_gen_sub_i32(tmp, tmp, tmp2);
8288 }
8289 store_reg_bx(s, rd, tmp);
8290 }
8291 break;
8292 case 0x03:
8293 if (set_cc) {
8294 gen_sub_CC(tmp, tmp2, tmp);
8295 } else {
8296 tcg_gen_sub_i32(tmp, tmp2, tmp);
8297 }
8298 store_reg_bx(s, rd, tmp);
8299 break;
8300 case 0x04:
8301 if (set_cc) {
8302 gen_add_CC(tmp, tmp, tmp2);
8303 } else {
8304 tcg_gen_add_i32(tmp, tmp, tmp2);
8305 }
8306 store_reg_bx(s, rd, tmp);
8307 break;
8308 case 0x05:
8309 if (set_cc) {
8310 gen_adc_CC(tmp, tmp, tmp2);
8311 } else {
8312 gen_add_carry(tmp, tmp, tmp2);
8313 }
8314 store_reg_bx(s, rd, tmp);
8315 break;
8316 case 0x06:
8317 if (set_cc) {
8318 gen_sbc_CC(tmp, tmp, tmp2);
8319 } else {
8320 gen_sub_carry(tmp, tmp, tmp2);
8321 }
8322 store_reg_bx(s, rd, tmp);
8323 break;
8324 case 0x07:
8325 if (set_cc) {
8326 gen_sbc_CC(tmp, tmp2, tmp);
8327 } else {
8328 gen_sub_carry(tmp, tmp2, tmp);
8329 }
8330 store_reg_bx(s, rd, tmp);
8331 break;
8332 case 0x08:
8333 if (set_cc) {
8334 tcg_gen_and_i32(tmp, tmp, tmp2);
8335 gen_logic_CC(tmp);
8336 }
8337 tcg_temp_free_i32(tmp);
8338 break;
8339 case 0x09:
8340 if (set_cc) {
8341 tcg_gen_xor_i32(tmp, tmp, tmp2);
8342 gen_logic_CC(tmp);
8343 }
8344 tcg_temp_free_i32(tmp);
8345 break;
8346 case 0x0a:
8347 if (set_cc) {
8348 gen_sub_CC(tmp, tmp, tmp2);
8349 }
8350 tcg_temp_free_i32(tmp);
8351 break;
8352 case 0x0b:
8353 if (set_cc) {
8354 gen_add_CC(tmp, tmp, tmp2);
8355 }
8356 tcg_temp_free_i32(tmp);
8357 break;
8358 case 0x0c:
8359 tcg_gen_or_i32(tmp, tmp, tmp2);
8360 if (logic_cc) {
8361 gen_logic_CC(tmp);
8362 }
8363 store_reg_bx(s, rd, tmp);
8364 break;
8365 case 0x0d:
8366 if (logic_cc && rd == 15) {
8367 /* MOVS r15, ... is used for exception return. */
8368 if (IS_USER(s)) {
8369 goto illegal_op;
8370 }
8371 gen_exception_return(s, tmp2);
8372 } else {
8373 if (logic_cc) {
8374 gen_logic_CC(tmp2);
8375 }
8376 store_reg_bx(s, rd, tmp2);
8377 }
8378 break;
8379 case 0x0e:
8380 tcg_gen_andc_i32(tmp, tmp, tmp2);
8381 if (logic_cc) {
8382 gen_logic_CC(tmp);
8383 }
8384 store_reg_bx(s, rd, tmp);
8385 break;
8386 default:
8387 case 0x0f:
8388 tcg_gen_not_i32(tmp2, tmp2);
8389 if (logic_cc) {
8390 gen_logic_CC(tmp2);
8391 }
8392 store_reg_bx(s, rd, tmp2);
8393 break;
8394 }
8395 if (op1 != 0x0f && op1 != 0x0d) {
8396 tcg_temp_free_i32(tmp2);
8397 }
8398 } else {
8399 /* other instructions */
8400 op1 = (insn >> 24) & 0xf;
8401 switch(op1) {
8402 case 0x0:
8403 case 0x1:
8404 /* multiplies, extra load/stores */
8405 sh = (insn >> 5) & 3;
8406 if (sh == 0) {
8407 if (op1 == 0x0) {
8408 rd = (insn >> 16) & 0xf;
8409 rn = (insn >> 12) & 0xf;
8410 rs = (insn >> 8) & 0xf;
8411 rm = (insn) & 0xf;
8412 op1 = (insn >> 20) & 0xf;
8413 switch (op1) {
8414 case 0: case 1: case 2: case 3: case 6:
8415 /* 32 bit mul */
8416 tmp = load_reg(s, rs);
8417 tmp2 = load_reg(s, rm);
8418 tcg_gen_mul_i32(tmp, tmp, tmp2);
8419 tcg_temp_free_i32(tmp2);
8420 if (insn & (1 << 22)) {
8421 /* Subtract (mls) */
8422 ARCH(6T2);
8423 tmp2 = load_reg(s, rn);
8424 tcg_gen_sub_i32(tmp, tmp2, tmp);
8425 tcg_temp_free_i32(tmp2);
8426 } else if (insn & (1 << 21)) {
8427 /* Add */
8428 tmp2 = load_reg(s, rn);
8429 tcg_gen_add_i32(tmp, tmp, tmp2);
8430 tcg_temp_free_i32(tmp2);
8431 }
8432 if (insn & (1 << 20))
8433 gen_logic_CC(tmp);
8434 store_reg(s, rd, tmp);
8435 break;
8436 case 4:
8437 /* 64 bit mul double accumulate (UMAAL) */
8438 ARCH(6);
8439 tmp = load_reg(s, rs);
8440 tmp2 = load_reg(s, rm);
8441 tmp64 = gen_mulu_i64_i32(tmp, tmp2);
8442 gen_addq_lo(s, tmp64, rn);
8443 gen_addq_lo(s, tmp64, rd);
8444 gen_storeq_reg(s, rn, rd, tmp64);
8445 tcg_temp_free_i64(tmp64);
8446 break;
8447 case 8: case 9: case 10: case 11:
8448 case 12: case 13: case 14: case 15:
8449 /* 64 bit mul: UMULL, UMLAL, SMULL, SMLAL. */
8450 tmp = load_reg(s, rs);
8451 tmp2 = load_reg(s, rm);
8452 if (insn & (1 << 22)) {
8453 tcg_gen_muls2_i32(tmp, tmp2, tmp, tmp2);
8454 } else {
8455 tcg_gen_mulu2_i32(tmp, tmp2, tmp, tmp2);
8456 }
8457 if (insn & (1 << 21)) { /* mult accumulate */
8458 TCGv_i32 al = load_reg(s, rn);
8459 TCGv_i32 ah = load_reg(s, rd);
8460 tcg_gen_add2_i32(tmp, tmp2, tmp, tmp2, al, ah);
8461 tcg_temp_free_i32(al);
8462 tcg_temp_free_i32(ah);
8463 }
8464 if (insn & (1 << 20)) {
8465 gen_logicq_cc(tmp, tmp2);
8466 }
8467 store_reg(s, rn, tmp);
8468 store_reg(s, rd, tmp2);
8469 break;
8470 default:
8471 goto illegal_op;
8472 }
8473 } else {
8474 rn = (insn >> 16) & 0xf;
8475 rd = (insn >> 12) & 0xf;
8476 if (insn & (1 << 23)) {
8477 /* load/store exclusive */
8478 bool is_ld = extract32(insn, 20, 1);
8479 bool is_lasr = !extract32(insn, 8, 1);
8480 int op2 = (insn >> 8) & 3;
8481 op1 = (insn >> 21) & 0x3;
8482
8483 switch (op2) {
8484 case 0: /* lda/stl */
8485 if (op1 == 1) {
8486 goto illegal_op;
8487 }
8488 ARCH(8);
8489 break;
8490 case 1: /* reserved */
8491 goto illegal_op;
8492 case 2: /* ldaex/stlex */
8493 ARCH(8);
8494 break;
8495 case 3: /* ldrex/strex */
8496 if (op1) {
8497 ARCH(6K);
8498 } else {
8499 ARCH(6);
8500 }
8501 break;
8502 }
8503
8504 addr = tcg_temp_local_new_i32();
8505 load_reg_var(s, addr, rn);
8506
8507 if (is_lasr && !is_ld) {
8508 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
8509 }
8510
8511 if (op2 == 0) {
8512 if (is_ld) {
8513 tmp = tcg_temp_new_i32();
8514 switch (op1) {
8515 case 0: /* lda */
8516 gen_aa32_ld32u_iss(s, tmp, addr,
8517 get_mem_index(s),
8518 rd | ISSIsAcqRel);
8519 break;
8520 case 2: /* ldab */
8521 gen_aa32_ld8u_iss(s, tmp, addr,
8522 get_mem_index(s),
8523 rd | ISSIsAcqRel);
8524 break;
8525 case 3: /* ldah */
8526 gen_aa32_ld16u_iss(s, tmp, addr,
8527 get_mem_index(s),
8528 rd | ISSIsAcqRel);
8529 break;
8530 default:
8531 abort();
8532 }
8533 store_reg(s, rd, tmp);
8534 } else {
8535 rm = insn & 0xf;
8536 tmp = load_reg(s, rm);
8537 switch (op1) {
8538 case 0: /* stl */
8539 gen_aa32_st32_iss(s, tmp, addr,
8540 get_mem_index(s),
8541 rm | ISSIsAcqRel);
8542 break;
8543 case 2: /* stlb */
8544 gen_aa32_st8_iss(s, tmp, addr,
8545 get_mem_index(s),
8546 rm | ISSIsAcqRel);
8547 break;
8548 case 3: /* stlh */
8549 gen_aa32_st16_iss(s, tmp, addr,
8550 get_mem_index(s),
8551 rm | ISSIsAcqRel);
8552 break;
8553 default:
8554 abort();
8555 }
8556 tcg_temp_free_i32(tmp);
8557 }
8558 } else if (is_ld) {
8559 switch (op1) {
8560 case 0: /* ldrex */
8561 gen_load_exclusive(s, rd, 15, addr, 2);
8562 break;
8563 case 1: /* ldrexd */
8564 gen_load_exclusive(s, rd, rd + 1, addr, 3);
8565 break;
8566 case 2: /* ldrexb */
8567 gen_load_exclusive(s, rd, 15, addr, 0);
8568 break;
8569 case 3: /* ldrexh */
8570 gen_load_exclusive(s, rd, 15, addr, 1);
8571 break;
8572 default:
8573 abort();
8574 }
8575 } else {
8576 rm = insn & 0xf;
8577 switch (op1) {
8578 case 0: /* strex */
8579 gen_store_exclusive(s, rd, rm, 15, addr, 2);
8580 break;
8581 case 1: /* strexd */
8582 gen_store_exclusive(s, rd, rm, rm + 1, addr, 3);
8583 break;
8584 case 2: /* strexb */
8585 gen_store_exclusive(s, rd, rm, 15, addr, 0);
8586 break;
8587 case 3: /* strexh */
8588 gen_store_exclusive(s, rd, rm, 15, addr, 1);
8589 break;
8590 default:
8591 abort();
8592 }
8593 }
8594 tcg_temp_free_i32(addr);
8595
8596 if (is_lasr && is_ld) {
8597 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
8598 }
8599 } else if ((insn & 0x00300f00) == 0) {
8600 /* 0bcccc_0001_0x00_xxxx_xxxx_0000_1001_xxxx
8601 * - SWP, SWPB
8602 */
8603
8604 TCGv taddr;
8605 TCGMemOp opc = s->be_data;
8606
8607 rm = (insn) & 0xf;
8608
8609 if (insn & (1 << 22)) {
8610 opc |= MO_UB;
8611 } else {
8612 opc |= MO_UL | MO_ALIGN;
8613 }
8614
8615 addr = load_reg(s, rn);
8616 taddr = gen_aa32_addr(s, addr, opc);
8617 tcg_temp_free_i32(addr);
8618
8619 tmp = load_reg(s, rm);
8620 tcg_gen_atomic_xchg_i32(tmp, taddr, tmp,
8621 get_mem_index(s), opc);
8622 tcg_temp_free(taddr);
8623 store_reg(s, rd, tmp);
8624 } else {
8625 goto illegal_op;
8626 }
8627 }
8628 } else {
8629 int address_offset;
8630 bool load = insn & (1 << 20);
8631 bool wbit = insn & (1 << 21);
8632 bool pbit = insn & (1 << 24);
8633 bool doubleword = false;
8634 ISSInfo issinfo;
8635
8636 /* Misc load/store */
8637 rn = (insn >> 16) & 0xf;
8638 rd = (insn >> 12) & 0xf;
8639
8640 /* ISS not valid if writeback */
8641 issinfo = (pbit & !wbit) ? rd : ISSInvalid;
8642
8643 if (!load && (sh & 2)) {
8644 /* doubleword */
8645 ARCH(5TE);
8646 if (rd & 1) {
8647 /* UNPREDICTABLE; we choose to UNDEF */
8648 goto illegal_op;
8649 }
8650 load = (sh & 1) == 0;
8651 doubleword = true;
8652 }
8653
8654 addr = load_reg(s, rn);
8655 if (pbit) {
8656 gen_add_datah_offset(s, insn, 0, addr);
8657 }
8658 address_offset = 0;
8659
8660 if (doubleword) {
8661 if (!load) {
8662 /* store */
8663 tmp = load_reg(s, rd);
8664 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
8665 tcg_temp_free_i32(tmp);
8666 tcg_gen_addi_i32(addr, addr, 4);
8667 tmp = load_reg(s, rd + 1);
8668 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
8669 tcg_temp_free_i32(tmp);
8670 } else {
8671 /* load */
8672 tmp = tcg_temp_new_i32();
8673 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8674 store_reg(s, rd, tmp);
8675 tcg_gen_addi_i32(addr, addr, 4);
8676 tmp = tcg_temp_new_i32();
8677 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8678 rd++;
8679 }
8680 address_offset = -4;
8681 } else if (load) {
8682 /* load */
8683 tmp = tcg_temp_new_i32();
8684 switch (sh) {
8685 case 1:
8686 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s),
8687 issinfo);
8688 break;
8689 case 2:
8690 gen_aa32_ld8s_iss(s, tmp, addr, get_mem_index(s),
8691 issinfo);
8692 break;
8693 default:
8694 case 3:
8695 gen_aa32_ld16s_iss(s, tmp, addr, get_mem_index(s),
8696 issinfo);
8697 break;
8698 }
8699 } else {
8700 /* store */
8701 tmp = load_reg(s, rd);
8702 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), issinfo);
8703 tcg_temp_free_i32(tmp);
8704 }
8705 /* Perform base writeback before the loaded value to
8706 ensure correct behavior with overlapping index registers.
8707 ldrd with base writeback is undefined if the
8708 destination and index registers overlap. */
8709 if (!pbit) {
8710 gen_add_datah_offset(s, insn, address_offset, addr);
8711 store_reg(s, rn, addr);
8712 } else if (wbit) {
8713 if (address_offset)
8714 tcg_gen_addi_i32(addr, addr, address_offset);
8715 store_reg(s, rn, addr);
8716 } else {
8717 tcg_temp_free_i32(addr);
8718 }
8719 if (load) {
8720 /* Complete the load. */
8721 store_reg(s, rd, tmp);
8722 }
8723 }
8724 break;
8725 case 0x4:
8726 case 0x5:
8727 goto do_ldst;
8728 case 0x6:
8729 case 0x7:
8730 if (insn & (1 << 4)) {
8731 ARCH(6);
8732 /* Armv6 Media instructions. */
8733 rm = insn & 0xf;
8734 rn = (insn >> 16) & 0xf;
8735 rd = (insn >> 12) & 0xf;
8736 rs = (insn >> 8) & 0xf;
8737 switch ((insn >> 23) & 3) {
8738 case 0: /* Parallel add/subtract. */
8739 op1 = (insn >> 20) & 7;
8740 tmp = load_reg(s, rn);
8741 tmp2 = load_reg(s, rm);
8742 sh = (insn >> 5) & 7;
8743 if ((op1 & 3) == 0 || sh == 5 || sh == 6)
8744 goto illegal_op;
8745 gen_arm_parallel_addsub(op1, sh, tmp, tmp2);
8746 tcg_temp_free_i32(tmp2);
8747 store_reg(s, rd, tmp);
8748 break;
8749 case 1:
8750 if ((insn & 0x00700020) == 0) {
8751 /* Halfword pack. */
8752 tmp = load_reg(s, rn);
8753 tmp2 = load_reg(s, rm);
8754 shift = (insn >> 7) & 0x1f;
8755 if (insn & (1 << 6)) {
8756 /* pkhtb */
8757 if (shift == 0) {
8758 shift = 31;
8759 }
8760 tcg_gen_sari_i32(tmp2, tmp2, shift);
8761 tcg_gen_deposit_i32(tmp, tmp, tmp2, 0, 16);
8762 } else {
8763 /* pkhbt */
8764 tcg_gen_shli_i32(tmp2, tmp2, shift);
8765 tcg_gen_deposit_i32(tmp, tmp2, tmp, 0, 16);
8766 }
8767 tcg_temp_free_i32(tmp2);
8768 store_reg(s, rd, tmp);
8769 } else if ((insn & 0x00200020) == 0x00200000) {
8770 /* [us]sat */
8771 tmp = load_reg(s, rm);
8772 shift = (insn >> 7) & 0x1f;
8773 if (insn & (1 << 6)) {
8774 if (shift == 0)
8775 shift = 31;
8776 tcg_gen_sari_i32(tmp, tmp, shift);
8777 } else {
8778 tcg_gen_shli_i32(tmp, tmp, shift);
8779 }
8780 sh = (insn >> 16) & 0x1f;
8781 tmp2 = tcg_const_i32(sh);
8782 if (insn & (1 << 22))
8783 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
8784 else
8785 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
8786 tcg_temp_free_i32(tmp2);
8787 store_reg(s, rd, tmp);
8788 } else if ((insn & 0x00300fe0) == 0x00200f20) {
8789 /* [us]sat16 */
8790 tmp = load_reg(s, rm);
8791 sh = (insn >> 16) & 0x1f;
8792 tmp2 = tcg_const_i32(sh);
8793 if (insn & (1 << 22))
8794 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
8795 else
8796 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
8797 tcg_temp_free_i32(tmp2);
8798 store_reg(s, rd, tmp);
8799 } else if ((insn & 0x00700fe0) == 0x00000fa0) {
8800 /* Select bytes. */
8801 tmp = load_reg(s, rn);
8802 tmp2 = load_reg(s, rm);
8803 tmp3 = tcg_temp_new_i32();
8804 tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
8805 gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
8806 tcg_temp_free_i32(tmp3);
8807 tcg_temp_free_i32(tmp2);
8808 store_reg(s, rd, tmp);
8809 } else if ((insn & 0x000003e0) == 0x00000060) {
8810 tmp = load_reg(s, rm);
8811 shift = (insn >> 10) & 3;
8812 /* ??? In many cases it's not necessary to do a
8813 rotate, a shift is sufficient. */
8814 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
8815 op1 = (insn >> 20) & 7;
8816 switch (op1) {
8817 case 0: gen_sxtb16(tmp); break;
8818 case 2: gen_sxtb(tmp); break;
8819 case 3: gen_sxth(tmp); break;
8820 case 4: gen_uxtb16(tmp); break;
8821 case 6: gen_uxtb(tmp); break;
8822 case 7: gen_uxth(tmp); break;
8823 default: goto illegal_op;
8824 }
8825 if (rn != 15) {
8826 tmp2 = load_reg(s, rn);
8827 if ((op1 & 3) == 0) {
8828 gen_add16(tmp, tmp2);
8829 } else {
8830 tcg_gen_add_i32(tmp, tmp, tmp2);
8831 tcg_temp_free_i32(tmp2);
8832 }
8833 }
8834 store_reg(s, rd, tmp);
8835 } else if ((insn & 0x003f0f60) == 0x003f0f20) {
8836 /* rev */
8837 tmp = load_reg(s, rm);
8838 if (insn & (1 << 22)) {
8839 if (insn & (1 << 7)) {
8840 gen_revsh(tmp);
8841 } else {
8842 ARCH(6T2);
8843 gen_helper_rbit(tmp, tmp);
8844 }
8845 } else {
8846 if (insn & (1 << 7))
8847 gen_rev16(tmp);
8848 else
8849 tcg_gen_bswap32_i32(tmp, tmp);
8850 }
8851 store_reg(s, rd, tmp);
8852 } else {
8853 goto illegal_op;
8854 }
8855 break;
8856 case 2: /* Multiplies (Type 3). */
8857 switch ((insn >> 20) & 0x7) {
8858 case 5:
8859 if (((insn >> 6) ^ (insn >> 7)) & 1) {
8860 /* op2 not 00x or 11x : UNDEF */
8861 goto illegal_op;
8862 }
8863 /* Signed multiply most significant [accumulate].
8864 (SMMUL, SMMLA, SMMLS) */
8865 tmp = load_reg(s, rm);
8866 tmp2 = load_reg(s, rs);
8867 tmp64 = gen_muls_i64_i32(tmp, tmp2);
8868
8869 if (rd != 15) {
8870 tmp = load_reg(s, rd);
8871 if (insn & (1 << 6)) {
8872 tmp64 = gen_subq_msw(tmp64, tmp);
8873 } else {
8874 tmp64 = gen_addq_msw(tmp64, tmp);
8875 }
8876 }
8877 if (insn & (1 << 5)) {
8878 tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
8879 }
8880 tcg_gen_shri_i64(tmp64, tmp64, 32);
8881 tmp = tcg_temp_new_i32();
8882 tcg_gen_extrl_i64_i32(tmp, tmp64);
8883 tcg_temp_free_i64(tmp64);
8884 store_reg(s, rn, tmp);
8885 break;
8886 case 0:
8887 case 4:
8888 /* SMLAD, SMUAD, SMLSD, SMUSD, SMLALD, SMLSLD */
8889 if (insn & (1 << 7)) {
8890 goto illegal_op;
8891 }
8892 tmp = load_reg(s, rm);
8893 tmp2 = load_reg(s, rs);
8894 if (insn & (1 << 5))
8895 gen_swap_half(tmp2);
8896 gen_smul_dual(tmp, tmp2);
8897 if (insn & (1 << 22)) {
8898 /* smlald, smlsld */
8899 TCGv_i64 tmp64_2;
8900
8901 tmp64 = tcg_temp_new_i64();
8902 tmp64_2 = tcg_temp_new_i64();
8903 tcg_gen_ext_i32_i64(tmp64, tmp);
8904 tcg_gen_ext_i32_i64(tmp64_2, tmp2);
8905 tcg_temp_free_i32(tmp);
8906 tcg_temp_free_i32(tmp2);
8907 if (insn & (1 << 6)) {
8908 tcg_gen_sub_i64(tmp64, tmp64, tmp64_2);
8909 } else {
8910 tcg_gen_add_i64(tmp64, tmp64, tmp64_2);
8911 }
8912 tcg_temp_free_i64(tmp64_2);
8913 gen_addq(s, tmp64, rd, rn);
8914 gen_storeq_reg(s, rd, rn, tmp64);
8915 tcg_temp_free_i64(tmp64);
8916 } else {
8917 /* smuad, smusd, smlad, smlsd */
8918 if (insn & (1 << 6)) {
8919 /* This subtraction cannot overflow. */
8920 tcg_gen_sub_i32(tmp, tmp, tmp2);
8921 } else {
8922 /* This addition cannot overflow 32 bits;
8923 * however it may overflow considered as a
8924 * signed operation, in which case we must set
8925 * the Q flag.
8926 */
8927 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8928 }
8929 tcg_temp_free_i32(tmp2);
8930 if (rd != 15)
8931 {
8932 tmp2 = load_reg(s, rd);
8933 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8934 tcg_temp_free_i32(tmp2);
8935 }
8936 store_reg(s, rn, tmp);
8937 }
8938 break;
8939 case 1:
8940 case 3:
8941 /* SDIV, UDIV */
8942 if (!dc_isar_feature(arm_div, s)) {
8943 goto illegal_op;
8944 }
8945 if (((insn >> 5) & 7) || (rd != 15)) {
8946 goto illegal_op;
8947 }
8948 tmp = load_reg(s, rm);
8949 tmp2 = load_reg(s, rs);
8950 if (insn & (1 << 21)) {
8951 gen_helper_udiv(tmp, tmp, tmp2);
8952 } else {
8953 gen_helper_sdiv(tmp, tmp, tmp2);
8954 }
8955 tcg_temp_free_i32(tmp2);
8956 store_reg(s, rn, tmp);
8957 break;
8958 default:
8959 goto illegal_op;
8960 }
8961 break;
8962 case 3:
8963 op1 = ((insn >> 17) & 0x38) | ((insn >> 5) & 7);
8964 switch (op1) {
8965 case 0: /* Unsigned sum of absolute differences. */
8966 ARCH(6);
8967 tmp = load_reg(s, rm);
8968 tmp2 = load_reg(s, rs);
8969 gen_helper_usad8(tmp, tmp, tmp2);
8970 tcg_temp_free_i32(tmp2);
8971 if (rd != 15) {
8972 tmp2 = load_reg(s, rd);
8973 tcg_gen_add_i32(tmp, tmp, tmp2);
8974 tcg_temp_free_i32(tmp2);
8975 }
8976 store_reg(s, rn, tmp);
8977 break;
8978 case 0x20: case 0x24: case 0x28: case 0x2c:
8979 /* Bitfield insert/clear. */
8980 ARCH(6T2);
8981 shift = (insn >> 7) & 0x1f;
8982 i = (insn >> 16) & 0x1f;
8983 if (i < shift) {
8984 /* UNPREDICTABLE; we choose to UNDEF */
8985 goto illegal_op;
8986 }
8987 i = i + 1 - shift;
8988 if (rm == 15) {
8989 tmp = tcg_temp_new_i32();
8990 tcg_gen_movi_i32(tmp, 0);
8991 } else {
8992 tmp = load_reg(s, rm);
8993 }
8994 if (i != 32) {
8995 tmp2 = load_reg(s, rd);
8996 tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, i);
8997 tcg_temp_free_i32(tmp2);
8998 }
8999 store_reg(s, rd, tmp);
9000 break;
9001 case 0x12: case 0x16: case 0x1a: case 0x1e: /* sbfx */
9002 case 0x32: case 0x36: case 0x3a: case 0x3e: /* ubfx */
9003 ARCH(6T2);
9004 tmp = load_reg(s, rm);
9005 shift = (insn >> 7) & 0x1f;
9006 i = ((insn >> 16) & 0x1f) + 1;
9007 if (shift + i > 32)
9008 goto illegal_op;
9009 if (i < 32) {
9010 if (op1 & 0x20) {
9011 tcg_gen_extract_i32(tmp, tmp, shift, i);
9012 } else {
9013 tcg_gen_sextract_i32(tmp, tmp, shift, i);
9014 }
9015 }
9016 store_reg(s, rd, tmp);
9017 break;
9018 default:
9019 goto illegal_op;
9020 }
9021 break;
9022 }
9023 break;
9024 }
9025 do_ldst:
9026 /* Check for undefined extension instructions
9027 * per the ARM Bible IE:
9028 * xxxx 0111 1111 xxxx xxxx xxxx 1111 xxxx
9029 */
9030 sh = (0xf << 20) | (0xf << 4);
9031 if (op1 == 0x7 && ((insn & sh) == sh))
9032 {
9033 goto illegal_op;
9034 }
9035 /* load/store byte/word */
9036 rn = (insn >> 16) & 0xf;
9037 rd = (insn >> 12) & 0xf;
9038 tmp2 = load_reg(s, rn);
9039 if ((insn & 0x01200000) == 0x00200000) {
9040 /* ldrt/strt */
9041 i = get_a32_user_mem_index(s);
9042 } else {
9043 i = get_mem_index(s);
9044 }
9045 if (insn & (1 << 24))
9046 gen_add_data_offset(s, insn, tmp2);
9047 if (insn & (1 << 20)) {
9048 /* load */
9049 tmp = tcg_temp_new_i32();
9050 if (insn & (1 << 22)) {
9051 gen_aa32_ld8u_iss(s, tmp, tmp2, i, rd);
9052 } else {
9053 gen_aa32_ld32u_iss(s, tmp, tmp2, i, rd);
9054 }
9055 } else {
9056 /* store */
9057 tmp = load_reg(s, rd);
9058 if (insn & (1 << 22)) {
9059 gen_aa32_st8_iss(s, tmp, tmp2, i, rd);
9060 } else {
9061 gen_aa32_st32_iss(s, tmp, tmp2, i, rd);
9062 }
9063 tcg_temp_free_i32(tmp);
9064 }
9065 if (!(insn & (1 << 24))) {
9066 gen_add_data_offset(s, insn, tmp2);
9067 store_reg(s, rn, tmp2);
9068 } else if (insn & (1 << 21)) {
9069 store_reg(s, rn, tmp2);
9070 } else {
9071 tcg_temp_free_i32(tmp2);
9072 }
9073 if (insn & (1 << 20)) {
9074 /* Complete the load. */
9075 store_reg_from_load(s, rd, tmp);
9076 }
9077 break;
9078 case 0x08:
9079 case 0x09:
9080 {
9081 int j, n, loaded_base;
9082 bool exc_return = false;
9083 bool is_load = extract32(insn, 20, 1);
9084 bool user = false;
9085 TCGv_i32 loaded_var;
9086 /* load/store multiple words */
9087 /* XXX: store correct base if write back */
9088 if (insn & (1 << 22)) {
9089 /* LDM (user), LDM (exception return) and STM (user) */
9090 if (IS_USER(s))
9091 goto illegal_op; /* only usable in supervisor mode */
9092
9093 if (is_load && extract32(insn, 15, 1)) {
9094 exc_return = true;
9095 } else {
9096 user = true;
9097 }
9098 }
9099 rn = (insn >> 16) & 0xf;
9100 addr = load_reg(s, rn);
9101
9102 /* compute total size */
9103 loaded_base = 0;
9104 loaded_var = NULL;
9105 n = 0;
9106 for (i = 0; i < 16; i++) {
9107 if (insn & (1 << i))
9108 n++;
9109 }
9110 /* XXX: test invalid n == 0 case ? */
9111 if (insn & (1 << 23)) {
9112 if (insn & (1 << 24)) {
9113 /* pre increment */
9114 tcg_gen_addi_i32(addr, addr, 4);
9115 } else {
9116 /* post increment */
9117 }
9118 } else {
9119 if (insn & (1 << 24)) {
9120 /* pre decrement */
9121 tcg_gen_addi_i32(addr, addr, -(n * 4));
9122 } else {
9123 /* post decrement */
9124 if (n != 1)
9125 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9126 }
9127 }
9128 j = 0;
9129 for (i = 0; i < 16; i++) {
9130 if (insn & (1 << i)) {
9131 if (is_load) {
9132 /* load */
9133 tmp = tcg_temp_new_i32();
9134 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9135 if (user) {
9136 tmp2 = tcg_const_i32(i);
9137 gen_helper_set_user_reg(cpu_env, tmp2, tmp);
9138 tcg_temp_free_i32(tmp2);
9139 tcg_temp_free_i32(tmp);
9140 } else if (i == rn) {
9141 loaded_var = tmp;
9142 loaded_base = 1;
9143 } else if (i == 15 && exc_return) {
9144 store_pc_exc_ret(s, tmp);
9145 } else {
9146 store_reg_from_load(s, i, tmp);
9147 }
9148 } else {
9149 /* store */
9150 if (i == 15) {
9151 tmp = tcg_temp_new_i32();
9152 tcg_gen_movi_i32(tmp, read_pc(s));
9153 } else if (user) {
9154 tmp = tcg_temp_new_i32();
9155 tmp2 = tcg_const_i32(i);
9156 gen_helper_get_user_reg(tmp, cpu_env, tmp2);
9157 tcg_temp_free_i32(tmp2);
9158 } else {
9159 tmp = load_reg(s, i);
9160 }
9161 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9162 tcg_temp_free_i32(tmp);
9163 }
9164 j++;
9165 /* no need to add after the last transfer */
9166 if (j != n)
9167 tcg_gen_addi_i32(addr, addr, 4);
9168 }
9169 }
9170 if (insn & (1 << 21)) {
9171 /* write back */
9172 if (insn & (1 << 23)) {
9173 if (insn & (1 << 24)) {
9174 /* pre increment */
9175 } else {
9176 /* post increment */
9177 tcg_gen_addi_i32(addr, addr, 4);
9178 }
9179 } else {
9180 if (insn & (1 << 24)) {
9181 /* pre decrement */
9182 if (n != 1)
9183 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9184 } else {
9185 /* post decrement */
9186 tcg_gen_addi_i32(addr, addr, -(n * 4));
9187 }
9188 }
9189 store_reg(s, rn, addr);
9190 } else {
9191 tcg_temp_free_i32(addr);
9192 }
9193 if (loaded_base) {
9194 store_reg(s, rn, loaded_var);
9195 }
9196 if (exc_return) {
9197 /* Restore CPSR from SPSR. */
9198 tmp = load_cpu_field(spsr);
9199 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
9200 gen_io_start();
9201 }
9202 gen_helper_cpsr_write_eret(cpu_env, tmp);
9203 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
9204 gen_io_end();
9205 }
9206 tcg_temp_free_i32(tmp);
9207 /* Must exit loop to check un-masked IRQs */
9208 s->base.is_jmp = DISAS_EXIT;
9209 }
9210 }
9211 break;
9212 case 0xa:
9213 case 0xb:
9214 {
9215 int32_t offset;
9216
9217 /* branch (and link) */
9218 if (insn & (1 << 24)) {
9219 tmp = tcg_temp_new_i32();
9220 tcg_gen_movi_i32(tmp, s->base.pc_next);
9221 store_reg(s, 14, tmp);
9222 }
9223 offset = sextract32(insn << 2, 0, 26);
9224 gen_jmp(s, read_pc(s) + offset);
9225 }
9226 break;
9227 case 0xc:
9228 case 0xd:
9229 case 0xe:
9230 if (((insn >> 8) & 0xe) == 10) {
9231 /* VFP. */
9232 if (disas_vfp_insn(s, insn)) {
9233 goto illegal_op;
9234 }
9235 } else if (disas_coproc_insn(s, insn)) {
9236 /* Coprocessor. */
9237 goto illegal_op;
9238 }
9239 break;
9240 case 0xf:
9241 /* swi */
9242 gen_set_pc_im(s, s->base.pc_next);
9243 s->svc_imm = extract32(insn, 0, 24);
9244 s->base.is_jmp = DISAS_SWI;
9245 break;
9246 default:
9247 illegal_op:
9248 unallocated_encoding(s);
9249 break;
9250 }
9251 }
9252 }
9253
9254 static bool thumb_insn_is_16bit(DisasContext *s, uint32_t pc, uint32_t insn)
9255 {
9256 /*
9257 * Return true if this is a 16 bit instruction. We must be precise
9258 * about this (matching the decode).
9259 */
9260 if ((insn >> 11) < 0x1d) {
9261 /* Definitely a 16-bit instruction */
9262 return true;
9263 }
9264
9265 /* Top five bits 0b11101 / 0b11110 / 0b11111 : this is the
9266 * first half of a 32-bit Thumb insn. Thumb-1 cores might
9267 * end up actually treating this as two 16-bit insns, though,
9268 * if it's half of a bl/blx pair that might span a page boundary.
9269 */
9270 if (arm_dc_feature(s, ARM_FEATURE_THUMB2) ||
9271 arm_dc_feature(s, ARM_FEATURE_M)) {
9272 /* Thumb2 cores (including all M profile ones) always treat
9273 * 32-bit insns as 32-bit.
9274 */
9275 return false;
9276 }
9277
9278 if ((insn >> 11) == 0x1e && pc - s->page_start < TARGET_PAGE_SIZE - 3) {
9279 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix, and the suffix
9280 * is not on the next page; we merge this into a 32-bit
9281 * insn.
9282 */
9283 return false;
9284 }
9285 /* 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF);
9286 * 0b1111_1xxx_xxxx_xxxx : BL suffix;
9287 * 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix on the end of a page
9288 * -- handle as single 16 bit insn
9289 */
9290 return true;
9291 }
9292
9293 /* Return true if this is a Thumb-2 logical op. */
9294 static int
9295 thumb2_logic_op(int op)
9296 {
9297 return (op < 8);
9298 }
9299
9300 /* Generate code for a Thumb-2 data processing operation. If CONDS is nonzero
9301 then set condition code flags based on the result of the operation.
9302 If SHIFTER_OUT is nonzero then set the carry flag for logical operations
9303 to the high bit of T1.
9304 Returns zero if the opcode is valid. */
9305
9306 static int
9307 gen_thumb2_data_op(DisasContext *s, int op, int conds, uint32_t shifter_out,
9308 TCGv_i32 t0, TCGv_i32 t1)
9309 {
9310 int logic_cc;
9311
9312 logic_cc = 0;
9313 switch (op) {
9314 case 0: /* and */
9315 tcg_gen_and_i32(t0, t0, t1);
9316 logic_cc = conds;
9317 break;
9318 case 1: /* bic */
9319 tcg_gen_andc_i32(t0, t0, t1);
9320 logic_cc = conds;
9321 break;
9322 case 2: /* orr */
9323 tcg_gen_or_i32(t0, t0, t1);
9324 logic_cc = conds;
9325 break;
9326 case 3: /* orn */
9327 tcg_gen_orc_i32(t0, t0, t1);
9328 logic_cc = conds;
9329 break;
9330 case 4: /* eor */
9331 tcg_gen_xor_i32(t0, t0, t1);
9332 logic_cc = conds;
9333 break;
9334 case 8: /* add */
9335 if (conds)
9336 gen_add_CC(t0, t0, t1);
9337 else
9338 tcg_gen_add_i32(t0, t0, t1);
9339 break;
9340 case 10: /* adc */
9341 if (conds)
9342 gen_adc_CC(t0, t0, t1);
9343 else
9344 gen_adc(t0, t1);
9345 break;
9346 case 11: /* sbc */
9347 if (conds) {
9348 gen_sbc_CC(t0, t0, t1);
9349 } else {
9350 gen_sub_carry(t0, t0, t1);
9351 }
9352 break;
9353 case 13: /* sub */
9354 if (conds)
9355 gen_sub_CC(t0, t0, t1);
9356 else
9357 tcg_gen_sub_i32(t0, t0, t1);
9358 break;
9359 case 14: /* rsb */
9360 if (conds)
9361 gen_sub_CC(t0, t1, t0);
9362 else
9363 tcg_gen_sub_i32(t0, t1, t0);
9364 break;
9365 default: /* 5, 6, 7, 9, 12, 15. */
9366 return 1;
9367 }
9368 if (logic_cc) {
9369 gen_logic_CC(t0);
9370 if (shifter_out)
9371 gen_set_CF_bit31(t1);
9372 }
9373 return 0;
9374 }
9375
9376 /* Translate a 32-bit thumb instruction. */
9377 static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
9378 {
9379 uint32_t imm, shift, offset;
9380 uint32_t rd, rn, rm, rs;
9381 TCGv_i32 tmp;
9382 TCGv_i32 tmp2;
9383 TCGv_i32 tmp3;
9384 TCGv_i32 addr;
9385 TCGv_i64 tmp64;
9386 int op;
9387 int shiftop;
9388 int conds;
9389 int logic_cc;
9390
9391 /*
9392 * ARMv6-M supports a limited subset of Thumb2 instructions.
9393 * Other Thumb1 architectures allow only 32-bit
9394 * combined BL/BLX prefix and suffix.
9395 */
9396 if (arm_dc_feature(s, ARM_FEATURE_M) &&
9397 !arm_dc_feature(s, ARM_FEATURE_V7)) {
9398 int i;
9399 bool found = false;
9400 static const uint32_t armv6m_insn[] = {0xf3808000 /* msr */,
9401 0xf3b08040 /* dsb */,
9402 0xf3b08050 /* dmb */,
9403 0xf3b08060 /* isb */,
9404 0xf3e08000 /* mrs */,
9405 0xf000d000 /* bl */};
9406 static const uint32_t armv6m_mask[] = {0xffe0d000,
9407 0xfff0d0f0,
9408 0xfff0d0f0,
9409 0xfff0d0f0,
9410 0xffe0d000,
9411 0xf800d000};
9412
9413 for (i = 0; i < ARRAY_SIZE(armv6m_insn); i++) {
9414 if ((insn & armv6m_mask[i]) == armv6m_insn[i]) {
9415 found = true;
9416 break;
9417 }
9418 }
9419 if (!found) {
9420 goto illegal_op;
9421 }
9422 } else if ((insn & 0xf800e800) != 0xf000e800) {
9423 ARCH(6T2);
9424 }
9425
9426 rn = (insn >> 16) & 0xf;
9427 rs = (insn >> 12) & 0xf;
9428 rd = (insn >> 8) & 0xf;
9429 rm = insn & 0xf;
9430 switch ((insn >> 25) & 0xf) {
9431 case 0: case 1: case 2: case 3:
9432 /* 16-bit instructions. Should never happen. */
9433 abort();
9434 case 4:
9435 if (insn & (1 << 22)) {
9436 /* 0b1110_100x_x1xx_xxxx_xxxx_xxxx_xxxx_xxxx
9437 * - load/store doubleword, load/store exclusive, ldacq/strel,
9438 * table branch, TT.
9439 */
9440 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_M) &&
9441 arm_dc_feature(s, ARM_FEATURE_V8)) {
9442 /* 0b1110_1001_0111_1111_1110_1001_0111_111
9443 * - SG (v8M only)
9444 * The bulk of the behaviour for this instruction is implemented
9445 * in v7m_handle_execute_nsc(), which deals with the insn when
9446 * it is executed by a CPU in non-secure state from memory
9447 * which is Secure & NonSecure-Callable.
9448 * Here we only need to handle the remaining cases:
9449 * * in NS memory (including the "security extension not
9450 * implemented" case) : NOP
9451 * * in S memory but CPU already secure (clear IT bits)
9452 * We know that the attribute for the memory this insn is
9453 * in must match the current CPU state, because otherwise
9454 * get_phys_addr_pmsav8 would have generated an exception.
9455 */
9456 if (s->v8m_secure) {
9457 /* Like the IT insn, we don't need to generate any code */
9458 s->condexec_cond = 0;
9459 s->condexec_mask = 0;
9460 }
9461 } else if (insn & 0x01200000) {
9462 /* 0b1110_1000_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
9463 * - load/store dual (post-indexed)
9464 * 0b1111_1001_x10x_xxxx_xxxx_xxxx_xxxx_xxxx
9465 * - load/store dual (literal and immediate)
9466 * 0b1111_1001_x11x_xxxx_xxxx_xxxx_xxxx_xxxx
9467 * - load/store dual (pre-indexed)
9468 */
9469 bool wback = extract32(insn, 21, 1);
9470
9471 if (rn == 15 && (insn & (1 << 21))) {
9472 /* UNPREDICTABLE */
9473 goto illegal_op;
9474 }
9475
9476 addr = add_reg_for_lit(s, rn, 0);
9477 offset = (insn & 0xff) * 4;
9478 if ((insn & (1 << 23)) == 0) {
9479 offset = -offset;
9480 }
9481
9482 if (s->v8m_stackcheck && rn == 13 && wback) {
9483 /*
9484 * Here 'addr' is the current SP; if offset is +ve we're
9485 * moving SP up, else down. It is UNKNOWN whether the limit
9486 * check triggers when SP starts below the limit and ends
9487 * up above it; check whichever of the current and final
9488 * SP is lower, so QEMU will trigger in that situation.
9489 */
9490 if ((int32_t)offset < 0) {
9491 TCGv_i32 newsp = tcg_temp_new_i32();
9492
9493 tcg_gen_addi_i32(newsp, addr, offset);
9494 gen_helper_v8m_stackcheck(cpu_env, newsp);
9495 tcg_temp_free_i32(newsp);
9496 } else {
9497 gen_helper_v8m_stackcheck(cpu_env, addr);
9498 }
9499 }
9500
9501 if (insn & (1 << 24)) {
9502 tcg_gen_addi_i32(addr, addr, offset);
9503 offset = 0;
9504 }
9505 if (insn & (1 << 20)) {
9506 /* ldrd */
9507 tmp = tcg_temp_new_i32();
9508 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9509 store_reg(s, rs, tmp);
9510 tcg_gen_addi_i32(addr, addr, 4);
9511 tmp = tcg_temp_new_i32();
9512 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9513 store_reg(s, rd, tmp);
9514 } else {
9515 /* strd */
9516 tmp = load_reg(s, rs);
9517 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9518 tcg_temp_free_i32(tmp);
9519 tcg_gen_addi_i32(addr, addr, 4);
9520 tmp = load_reg(s, rd);
9521 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9522 tcg_temp_free_i32(tmp);
9523 }
9524 if (wback) {
9525 /* Base writeback. */
9526 tcg_gen_addi_i32(addr, addr, offset - 4);
9527 store_reg(s, rn, addr);
9528 } else {
9529 tcg_temp_free_i32(addr);
9530 }
9531 } else if ((insn & (1 << 23)) == 0) {
9532 /* 0b1110_1000_010x_xxxx_xxxx_xxxx_xxxx_xxxx
9533 * - load/store exclusive word
9534 * - TT (v8M only)
9535 */
9536 if (rs == 15) {
9537 if (!(insn & (1 << 20)) &&
9538 arm_dc_feature(s, ARM_FEATURE_M) &&
9539 arm_dc_feature(s, ARM_FEATURE_V8)) {
9540 /* 0b1110_1000_0100_xxxx_1111_xxxx_xxxx_xxxx
9541 * - TT (v8M only)
9542 */
9543 bool alt = insn & (1 << 7);
9544 TCGv_i32 addr, op, ttresp;
9545
9546 if ((insn & 0x3f) || rd == 13 || rd == 15 || rn == 15) {
9547 /* we UNDEF for these UNPREDICTABLE cases */
9548 goto illegal_op;
9549 }
9550
9551 if (alt && !s->v8m_secure) {
9552 goto illegal_op;
9553 }
9554
9555 addr = load_reg(s, rn);
9556 op = tcg_const_i32(extract32(insn, 6, 2));
9557 ttresp = tcg_temp_new_i32();
9558 gen_helper_v7m_tt(ttresp, cpu_env, addr, op);
9559 tcg_temp_free_i32(addr);
9560 tcg_temp_free_i32(op);
9561 store_reg(s, rd, ttresp);
9562 break;
9563 }
9564 goto illegal_op;
9565 }
9566 addr = tcg_temp_local_new_i32();
9567 load_reg_var(s, addr, rn);
9568 tcg_gen_addi_i32(addr, addr, (insn & 0xff) << 2);
9569 if (insn & (1 << 20)) {
9570 gen_load_exclusive(s, rs, 15, addr, 2);
9571 } else {
9572 gen_store_exclusive(s, rd, rs, 15, addr, 2);
9573 }
9574 tcg_temp_free_i32(addr);
9575 } else if ((insn & (7 << 5)) == 0) {
9576 /* Table Branch. */
9577 addr = load_reg(s, rn);
9578 tmp = load_reg(s, rm);
9579 tcg_gen_add_i32(addr, addr, tmp);
9580 if (insn & (1 << 4)) {
9581 /* tbh */
9582 tcg_gen_add_i32(addr, addr, tmp);
9583 tcg_temp_free_i32(tmp);
9584 tmp = tcg_temp_new_i32();
9585 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
9586 } else { /* tbb */
9587 tcg_temp_free_i32(tmp);
9588 tmp = tcg_temp_new_i32();
9589 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
9590 }
9591 tcg_temp_free_i32(addr);
9592 tcg_gen_shli_i32(tmp, tmp, 1);
9593 tcg_gen_addi_i32(tmp, tmp, read_pc(s));
9594 store_reg(s, 15, tmp);
9595 } else {
9596 bool is_lasr = false;
9597 bool is_ld = extract32(insn, 20, 1);
9598 int op2 = (insn >> 6) & 0x3;
9599 op = (insn >> 4) & 0x3;
9600 switch (op2) {
9601 case 0:
9602 goto illegal_op;
9603 case 1:
9604 /* Load/store exclusive byte/halfword/doubleword */
9605 if (op == 2) {
9606 goto illegal_op;
9607 }
9608 ARCH(7);
9609 break;
9610 case 2:
9611 /* Load-acquire/store-release */
9612 if (op == 3) {
9613 goto illegal_op;
9614 }
9615 /* Fall through */
9616 case 3:
9617 /* Load-acquire/store-release exclusive */
9618 ARCH(8);
9619 is_lasr = true;
9620 break;
9621 }
9622
9623 if (is_lasr && !is_ld) {
9624 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL);
9625 }
9626
9627 addr = tcg_temp_local_new_i32();
9628 load_reg_var(s, addr, rn);
9629 if (!(op2 & 1)) {
9630 if (is_ld) {
9631 tmp = tcg_temp_new_i32();
9632 switch (op) {
9633 case 0: /* ldab */
9634 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s),
9635 rs | ISSIsAcqRel);
9636 break;
9637 case 1: /* ldah */
9638 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s),
9639 rs | ISSIsAcqRel);
9640 break;
9641 case 2: /* lda */
9642 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
9643 rs | ISSIsAcqRel);
9644 break;
9645 default:
9646 abort();
9647 }
9648 store_reg(s, rs, tmp);
9649 } else {
9650 tmp = load_reg(s, rs);
9651 switch (op) {
9652 case 0: /* stlb */
9653 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s),
9654 rs | ISSIsAcqRel);
9655 break;
9656 case 1: /* stlh */
9657 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s),
9658 rs | ISSIsAcqRel);
9659 break;
9660 case 2: /* stl */
9661 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s),
9662 rs | ISSIsAcqRel);
9663 break;
9664 default:
9665 abort();
9666 }
9667 tcg_temp_free_i32(tmp);
9668 }
9669 } else if (is_ld) {
9670 gen_load_exclusive(s, rs, rd, addr, op);
9671 } else {
9672 gen_store_exclusive(s, rm, rs, rd, addr, op);
9673 }
9674 tcg_temp_free_i32(addr);
9675
9676 if (is_lasr && is_ld) {
9677 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ);
9678 }
9679 }
9680 } else {
9681 /* Load/store multiple, RFE, SRS. */
9682 if (((insn >> 23) & 1) == ((insn >> 24) & 1)) {
9683 /* RFE, SRS: not available in user mode or on M profile */
9684 if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
9685 goto illegal_op;
9686 }
9687 if (insn & (1 << 20)) {
9688 /* rfe */
9689 addr = load_reg(s, rn);
9690 if ((insn & (1 << 24)) == 0)
9691 tcg_gen_addi_i32(addr, addr, -8);
9692 /* Load PC into tmp and CPSR into tmp2. */
9693 tmp = tcg_temp_new_i32();
9694 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9695 tcg_gen_addi_i32(addr, addr, 4);
9696 tmp2 = tcg_temp_new_i32();
9697 gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
9698 if (insn & (1 << 21)) {
9699 /* Base writeback. */
9700 if (insn & (1 << 24)) {
9701 tcg_gen_addi_i32(addr, addr, 4);
9702 } else {
9703 tcg_gen_addi_i32(addr, addr, -4);
9704 }
9705 store_reg(s, rn, addr);
9706 } else {
9707 tcg_temp_free_i32(addr);
9708 }
9709 gen_rfe(s, tmp, tmp2);
9710 } else {
9711 /* srs */
9712 gen_srs(s, (insn & 0x1f), (insn & (1 << 24)) ? 1 : 2,
9713 insn & (1 << 21));
9714 }
9715 } else {
9716 int i, loaded_base = 0;
9717 TCGv_i32 loaded_var;
9718 bool wback = extract32(insn, 21, 1);
9719 /* Load/store multiple. */
9720 addr = load_reg(s, rn);
9721 offset = 0;
9722 for (i = 0; i < 16; i++) {
9723 if (insn & (1 << i))
9724 offset += 4;
9725 }
9726
9727 if (insn & (1 << 24)) {
9728 tcg_gen_addi_i32(addr, addr, -offset);
9729 }
9730
9731 if (s->v8m_stackcheck && rn == 13 && wback) {
9732 /*
9733 * If the writeback is incrementing SP rather than
9734 * decrementing it, and the initial SP is below the
9735 * stack limit but the final written-back SP would
9736 * be above, then then we must not perform any memory
9737 * accesses, but it is IMPDEF whether we generate
9738 * an exception. We choose to do so in this case.
9739 * At this point 'addr' is the lowest address, so
9740 * either the original SP (if incrementing) or our
9741 * final SP (if decrementing), so that's what we check.
9742 */
9743 gen_helper_v8m_stackcheck(cpu_env, addr);
9744 }
9745
9746 loaded_var = NULL;
9747 for (i = 0; i < 16; i++) {
9748 if ((insn & (1 << i)) == 0)
9749 continue;
9750 if (insn & (1 << 20)) {
9751 /* Load. */
9752 tmp = tcg_temp_new_i32();
9753 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9754 if (i == 15) {
9755 gen_bx_excret(s, tmp);
9756 } else if (i == rn) {
9757 loaded_var = tmp;
9758 loaded_base = 1;
9759 } else {
9760 store_reg(s, i, tmp);
9761 }
9762 } else {
9763 /* Store. */
9764 tmp = load_reg(s, i);
9765 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9766 tcg_temp_free_i32(tmp);
9767 }
9768 tcg_gen_addi_i32(addr, addr, 4);
9769 }
9770 if (loaded_base) {
9771 store_reg(s, rn, loaded_var);
9772 }
9773 if (wback) {
9774 /* Base register writeback. */
9775 if (insn & (1 << 24)) {
9776 tcg_gen_addi_i32(addr, addr, -offset);
9777 }
9778 /* Fault if writeback register is in register list. */
9779 if (insn & (1 << rn))
9780 goto illegal_op;
9781 store_reg(s, rn, addr);
9782 } else {
9783 tcg_temp_free_i32(addr);
9784 }
9785 }
9786 }
9787 break;
9788 case 5:
9789
9790 op = (insn >> 21) & 0xf;
9791 if (op == 6) {
9792 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9793 goto illegal_op;
9794 }
9795 /* Halfword pack. */
9796 tmp = load_reg(s, rn);
9797 tmp2 = load_reg(s, rm);
9798 shift = ((insn >> 10) & 0x1c) | ((insn >> 6) & 0x3);
9799 if (insn & (1 << 5)) {
9800 /* pkhtb */
9801 if (shift == 0) {
9802 shift = 31;
9803 }
9804 tcg_gen_sari_i32(tmp2, tmp2, shift);
9805 tcg_gen_deposit_i32(tmp, tmp, tmp2, 0, 16);
9806 } else {
9807 /* pkhbt */
9808 tcg_gen_shli_i32(tmp2, tmp2, shift);
9809 tcg_gen_deposit_i32(tmp, tmp2, tmp, 0, 16);
9810 }
9811 tcg_temp_free_i32(tmp2);
9812 store_reg(s, rd, tmp);
9813 } else {
9814 /* Data processing register constant shift. */
9815 if (rn == 15) {
9816 tmp = tcg_temp_new_i32();
9817 tcg_gen_movi_i32(tmp, 0);
9818 } else {
9819 tmp = load_reg(s, rn);
9820 }
9821 tmp2 = load_reg(s, rm);
9822
9823 shiftop = (insn >> 4) & 3;
9824 shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
9825 conds = (insn & (1 << 20)) != 0;
9826 logic_cc = (conds && thumb2_logic_op(op));
9827 gen_arm_shift_im(tmp2, shiftop, shift, logic_cc);
9828 if (gen_thumb2_data_op(s, op, conds, 0, tmp, tmp2))
9829 goto illegal_op;
9830 tcg_temp_free_i32(tmp2);
9831 if (rd == 13 &&
9832 ((op == 2 && rn == 15) ||
9833 (op == 8 && rn == 13) ||
9834 (op == 13 && rn == 13))) {
9835 /* MOV SP, ... or ADD SP, SP, ... or SUB SP, SP, ... */
9836 store_sp_checked(s, tmp);
9837 } else if (rd != 15) {
9838 store_reg(s, rd, tmp);
9839 } else {
9840 tcg_temp_free_i32(tmp);
9841 }
9842 }
9843 break;
9844 case 13: /* Misc data processing. */
9845 op = ((insn >> 22) & 6) | ((insn >> 7) & 1);
9846 if (op < 4 && (insn & 0xf000) != 0xf000)
9847 goto illegal_op;
9848 switch (op) {
9849 case 0: /* Register controlled shift. */
9850 tmp = load_reg(s, rn);
9851 tmp2 = load_reg(s, rm);
9852 if ((insn & 0x70) != 0)
9853 goto illegal_op;
9854 /*
9855 * 0b1111_1010_0xxx_xxxx_1111_xxxx_0000_xxxx:
9856 * - MOV, MOVS (register-shifted register), flagsetting
9857 */
9858 op = (insn >> 21) & 3;
9859 logic_cc = (insn & (1 << 20)) != 0;
9860 gen_arm_shift_reg(tmp, op, tmp2, logic_cc);
9861 if (logic_cc)
9862 gen_logic_CC(tmp);
9863 store_reg(s, rd, tmp);
9864 break;
9865 case 1: /* Sign/zero extend. */
9866 op = (insn >> 20) & 7;
9867 switch (op) {
9868 case 0: /* SXTAH, SXTH */
9869 case 1: /* UXTAH, UXTH */
9870 case 4: /* SXTAB, SXTB */
9871 case 5: /* UXTAB, UXTB */
9872 break;
9873 case 2: /* SXTAB16, SXTB16 */
9874 case 3: /* UXTAB16, UXTB16 */
9875 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9876 goto illegal_op;
9877 }
9878 break;
9879 default:
9880 goto illegal_op;
9881 }
9882 if (rn != 15) {
9883 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9884 goto illegal_op;
9885 }
9886 }
9887 tmp = load_reg(s, rm);
9888 shift = (insn >> 4) & 3;
9889 /* ??? In many cases it's not necessary to do a
9890 rotate, a shift is sufficient. */
9891 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
9892 op = (insn >> 20) & 7;
9893 switch (op) {
9894 case 0: gen_sxth(tmp); break;
9895 case 1: gen_uxth(tmp); break;
9896 case 2: gen_sxtb16(tmp); break;
9897 case 3: gen_uxtb16(tmp); break;
9898 case 4: gen_sxtb(tmp); break;
9899 case 5: gen_uxtb(tmp); break;
9900 default:
9901 g_assert_not_reached();
9902 }
9903 if (rn != 15) {
9904 tmp2 = load_reg(s, rn);
9905 if ((op >> 1) == 1) {
9906 gen_add16(tmp, tmp2);
9907 } else {
9908 tcg_gen_add_i32(tmp, tmp, tmp2);
9909 tcg_temp_free_i32(tmp2);
9910 }
9911 }
9912 store_reg(s, rd, tmp);
9913 break;
9914 case 2: /* SIMD add/subtract. */
9915 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9916 goto illegal_op;
9917 }
9918 op = (insn >> 20) & 7;
9919 shift = (insn >> 4) & 7;
9920 if ((op & 3) == 3 || (shift & 3) == 3)
9921 goto illegal_op;
9922 tmp = load_reg(s, rn);
9923 tmp2 = load_reg(s, rm);
9924 gen_thumb2_parallel_addsub(op, shift, tmp, tmp2);
9925 tcg_temp_free_i32(tmp2);
9926 store_reg(s, rd, tmp);
9927 break;
9928 case 3: /* Other data processing. */
9929 op = ((insn >> 17) & 0x38) | ((insn >> 4) & 7);
9930 if (op < 4) {
9931 /* Saturating add/subtract. */
9932 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9933 goto illegal_op;
9934 }
9935 tmp = load_reg(s, rn);
9936 tmp2 = load_reg(s, rm);
9937 if (op & 1)
9938 gen_helper_add_saturate(tmp, cpu_env, tmp, tmp);
9939 if (op & 2)
9940 gen_helper_sub_saturate(tmp, cpu_env, tmp2, tmp);
9941 else
9942 gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
9943 tcg_temp_free_i32(tmp2);
9944 } else {
9945 switch (op) {
9946 case 0x0a: /* rbit */
9947 case 0x08: /* rev */
9948 case 0x09: /* rev16 */
9949 case 0x0b: /* revsh */
9950 case 0x18: /* clz */
9951 break;
9952 case 0x10: /* sel */
9953 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9954 goto illegal_op;
9955 }
9956 break;
9957 case 0x20: /* crc32/crc32c */
9958 case 0x21:
9959 case 0x22:
9960 case 0x28:
9961 case 0x29:
9962 case 0x2a:
9963 if (!dc_isar_feature(aa32_crc32, s)) {
9964 goto illegal_op;
9965 }
9966 break;
9967 default:
9968 goto illegal_op;
9969 }
9970 tmp = load_reg(s, rn);
9971 switch (op) {
9972 case 0x0a: /* rbit */
9973 gen_helper_rbit(tmp, tmp);
9974 break;
9975 case 0x08: /* rev */
9976 tcg_gen_bswap32_i32(tmp, tmp);
9977 break;
9978 case 0x09: /* rev16 */
9979 gen_rev16(tmp);
9980 break;
9981 case 0x0b: /* revsh */
9982 gen_revsh(tmp);
9983 break;
9984 case 0x10: /* sel */
9985 tmp2 = load_reg(s, rm);
9986 tmp3 = tcg_temp_new_i32();
9987 tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
9988 gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
9989 tcg_temp_free_i32(tmp3);
9990 tcg_temp_free_i32(tmp2);
9991 break;
9992 case 0x18: /* clz */
9993 tcg_gen_clzi_i32(tmp, tmp, 32);
9994 break;
9995 case 0x20:
9996 case 0x21:
9997 case 0x22:
9998 case 0x28:
9999 case 0x29:
10000 case 0x2a:
10001 {
10002 /* crc32/crc32c */
10003 uint32_t sz = op & 0x3;
10004 uint32_t c = op & 0x8;
10005
10006 tmp2 = load_reg(s, rm);
10007 if (sz == 0) {
10008 tcg_gen_andi_i32(tmp2, tmp2, 0xff);
10009 } else if (sz == 1) {
10010 tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
10011 }
10012 tmp3 = tcg_const_i32(1 << sz);
10013 if (c) {
10014 gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
10015 } else {
10016 gen_helper_crc32(tmp, tmp, tmp2, tmp3);
10017 }
10018 tcg_temp_free_i32(tmp2);
10019 tcg_temp_free_i32(tmp3);
10020 break;
10021 }
10022 default:
10023 g_assert_not_reached();
10024 }
10025 }
10026 store_reg(s, rd, tmp);
10027 break;
10028 case 4: case 5: /* 32-bit multiply. Sum of absolute differences. */
10029 switch ((insn >> 20) & 7) {
10030 case 0: /* 32 x 32 -> 32 */
10031 case 7: /* Unsigned sum of absolute differences. */
10032 break;
10033 case 1: /* 16 x 16 -> 32 */
10034 case 2: /* Dual multiply add. */
10035 case 3: /* 32 * 16 -> 32msb */
10036 case 4: /* Dual multiply subtract. */
10037 case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10038 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10039 goto illegal_op;
10040 }
10041 break;
10042 }
10043 op = (insn >> 4) & 0xf;
10044 tmp = load_reg(s, rn);
10045 tmp2 = load_reg(s, rm);
10046 switch ((insn >> 20) & 7) {
10047 case 0: /* 32 x 32 -> 32 */
10048 tcg_gen_mul_i32(tmp, tmp, tmp2);
10049 tcg_temp_free_i32(tmp2);
10050 if (rs != 15) {
10051 tmp2 = load_reg(s, rs);
10052 if (op)
10053 tcg_gen_sub_i32(tmp, tmp2, tmp);
10054 else
10055 tcg_gen_add_i32(tmp, tmp, tmp2);
10056 tcg_temp_free_i32(tmp2);
10057 }
10058 break;
10059 case 1: /* 16 x 16 -> 32 */
10060 gen_mulxy(tmp, tmp2, op & 2, op & 1);
10061 tcg_temp_free_i32(tmp2);
10062 if (rs != 15) {
10063 tmp2 = load_reg(s, rs);
10064 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10065 tcg_temp_free_i32(tmp2);
10066 }
10067 break;
10068 case 2: /* Dual multiply add. */
10069 case 4: /* Dual multiply subtract. */
10070 if (op)
10071 gen_swap_half(tmp2);
10072 gen_smul_dual(tmp, tmp2);
10073 if (insn & (1 << 22)) {
10074 /* This subtraction cannot overflow. */
10075 tcg_gen_sub_i32(tmp, tmp, tmp2);
10076 } else {
10077 /* This addition cannot overflow 32 bits;
10078 * however it may overflow considered as a signed
10079 * operation, in which case we must set the Q flag.
10080 */
10081 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10082 }
10083 tcg_temp_free_i32(tmp2);
10084 if (rs != 15)
10085 {
10086 tmp2 = load_reg(s, rs);
10087 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10088 tcg_temp_free_i32(tmp2);
10089 }
10090 break;
10091 case 3: /* 32 * 16 -> 32msb */
10092 if (op)
10093 tcg_gen_sari_i32(tmp2, tmp2, 16);
10094 else
10095 gen_sxth(tmp2);
10096 tmp64 = gen_muls_i64_i32(tmp, tmp2);
10097 tcg_gen_shri_i64(tmp64, tmp64, 16);
10098 tmp = tcg_temp_new_i32();
10099 tcg_gen_extrl_i64_i32(tmp, tmp64);
10100 tcg_temp_free_i64(tmp64);
10101 if (rs != 15)
10102 {
10103 tmp2 = load_reg(s, rs);
10104 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10105 tcg_temp_free_i32(tmp2);
10106 }
10107 break;
10108 case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10109 tmp64 = gen_muls_i64_i32(tmp, tmp2);
10110 if (rs != 15) {
10111 tmp = load_reg(s, rs);
10112 if (insn & (1 << 20)) {
10113 tmp64 = gen_addq_msw(tmp64, tmp);
10114 } else {
10115 tmp64 = gen_subq_msw(tmp64, tmp);
10116 }
10117 }
10118 if (insn & (1 << 4)) {
10119 tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
10120 }
10121 tcg_gen_shri_i64(tmp64, tmp64, 32);
10122 tmp = tcg_temp_new_i32();
10123 tcg_gen_extrl_i64_i32(tmp, tmp64);
10124 tcg_temp_free_i64(tmp64);
10125 break;
10126 case 7: /* Unsigned sum of absolute differences. */
10127 gen_helper_usad8(tmp, tmp, tmp2);
10128 tcg_temp_free_i32(tmp2);
10129 if (rs != 15) {
10130 tmp2 = load_reg(s, rs);
10131 tcg_gen_add_i32(tmp, tmp, tmp2);
10132 tcg_temp_free_i32(tmp2);
10133 }
10134 break;
10135 }
10136 store_reg(s, rd, tmp);
10137 break;
10138 case 6: case 7: /* 64-bit multiply, Divide. */
10139 op = ((insn >> 4) & 0xf) | ((insn >> 16) & 0x70);
10140 tmp = load_reg(s, rn);
10141 tmp2 = load_reg(s, rm);
10142 if ((op & 0x50) == 0x10) {
10143 /* sdiv, udiv */
10144 if (!dc_isar_feature(thumb_div, s)) {
10145 goto illegal_op;
10146 }
10147 if (op & 0x20)
10148 gen_helper_udiv(tmp, tmp, tmp2);
10149 else
10150 gen_helper_sdiv(tmp, tmp, tmp2);
10151 tcg_temp_free_i32(tmp2);
10152 store_reg(s, rd, tmp);
10153 } else if ((op & 0xe) == 0xc) {
10154 /* Dual multiply accumulate long. */
10155 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10156 tcg_temp_free_i32(tmp);
10157 tcg_temp_free_i32(tmp2);
10158 goto illegal_op;
10159 }
10160 if (op & 1)
10161 gen_swap_half(tmp2);
10162 gen_smul_dual(tmp, tmp2);
10163 if (op & 0x10) {
10164 tcg_gen_sub_i32(tmp, tmp, tmp2);
10165 } else {
10166 tcg_gen_add_i32(tmp, tmp, tmp2);
10167 }
10168 tcg_temp_free_i32(tmp2);
10169 /* BUGFIX */
10170 tmp64 = tcg_temp_new_i64();
10171 tcg_gen_ext_i32_i64(tmp64, tmp);
10172 tcg_temp_free_i32(tmp);
10173 gen_addq(s, tmp64, rs, rd);
10174 gen_storeq_reg(s, rs, rd, tmp64);
10175 tcg_temp_free_i64(tmp64);
10176 } else {
10177 if (op & 0x20) {
10178 /* Unsigned 64-bit multiply */
10179 tmp64 = gen_mulu_i64_i32(tmp, tmp2);
10180 } else {
10181 if (op & 8) {
10182 /* smlalxy */
10183 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10184 tcg_temp_free_i32(tmp2);
10185 tcg_temp_free_i32(tmp);
10186 goto illegal_op;
10187 }
10188 gen_mulxy(tmp, tmp2, op & 2, op & 1);
10189 tcg_temp_free_i32(tmp2);
10190 tmp64 = tcg_temp_new_i64();
10191 tcg_gen_ext_i32_i64(tmp64, tmp);
10192 tcg_temp_free_i32(tmp);
10193 } else {
10194 /* Signed 64-bit multiply */
10195 tmp64 = gen_muls_i64_i32(tmp, tmp2);
10196 }
10197 }
10198 if (op & 4) {
10199 /* umaal */
10200 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10201 tcg_temp_free_i64(tmp64);
10202 goto illegal_op;
10203 }
10204 gen_addq_lo(s, tmp64, rs);
10205 gen_addq_lo(s, tmp64, rd);
10206 } else if (op & 0x40) {
10207 /* 64-bit accumulate. */
10208 gen_addq(s, tmp64, rs, rd);
10209 }
10210 gen_storeq_reg(s, rs, rd, tmp64);
10211 tcg_temp_free_i64(tmp64);
10212 }
10213 break;
10214 }
10215 break;
10216 case 6: case 7: case 14: case 15:
10217 /* Coprocessor. */
10218 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10219 /* 0b111x_11xx_xxxx_xxxx_xxxx_xxxx_xxxx_xxxx */
10220 if (extract32(insn, 24, 2) == 3) {
10221 goto illegal_op; /* op0 = 0b11 : unallocated */
10222 }
10223
10224 /*
10225 * Decode VLLDM and VLSTM first: these are nonstandard because:
10226 * * if there is no FPU then these insns must NOP in
10227 * Secure state and UNDEF in Nonsecure state
10228 * * if there is an FPU then these insns do not have
10229 * the usual behaviour that disas_vfp_insn() provides of
10230 * being controlled by CPACR/NSACR enable bits or the
10231 * lazy-stacking logic.
10232 */
10233 if (arm_dc_feature(s, ARM_FEATURE_V8) &&
10234 (insn & 0xffa00f00) == 0xec200a00) {
10235 /* 0b1110_1100_0x1x_xxxx_xxxx_1010_xxxx_xxxx
10236 * - VLLDM, VLSTM
10237 * We choose to UNDEF if the RAZ bits are non-zero.
10238 */
10239 if (!s->v8m_secure || (insn & 0x0040f0ff)) {
10240 goto illegal_op;
10241 }
10242
10243 if (arm_dc_feature(s, ARM_FEATURE_VFP)) {
10244 TCGv_i32 fptr = load_reg(s, rn);
10245
10246 if (extract32(insn, 20, 1)) {
10247 gen_helper_v7m_vlldm(cpu_env, fptr);
10248 } else {
10249 gen_helper_v7m_vlstm(cpu_env, fptr);
10250 }
10251 tcg_temp_free_i32(fptr);
10252
10253 /* End the TB, because we have updated FP control bits */
10254 s->base.is_jmp = DISAS_UPDATE;
10255 }
10256 break;
10257 }
10258 if (arm_dc_feature(s, ARM_FEATURE_VFP) &&
10259 ((insn >> 8) & 0xe) == 10) {
10260 /* FP, and the CPU supports it */
10261 if (disas_vfp_insn(s, insn)) {
10262 goto illegal_op;
10263 }
10264 break;
10265 }
10266
10267 /* All other insns: NOCP */
10268 gen_exception_insn(s, s->pc_curr, EXCP_NOCP, syn_uncategorized(),
10269 default_exception_el(s));
10270 break;
10271 }
10272 if ((insn & 0xfe000a00) == 0xfc000800
10273 && arm_dc_feature(s, ARM_FEATURE_V8)) {
10274 /* The Thumb2 and ARM encodings are identical. */
10275 if (disas_neon_insn_3same_ext(s, insn)) {
10276 goto illegal_op;
10277 }
10278 } else if ((insn & 0xff000a00) == 0xfe000800
10279 && arm_dc_feature(s, ARM_FEATURE_V8)) {
10280 /* The Thumb2 and ARM encodings are identical. */
10281 if (disas_neon_insn_2reg_scalar_ext(s, insn)) {
10282 goto illegal_op;
10283 }
10284 } else if (((insn >> 24) & 3) == 3) {
10285 /* Translate into the equivalent ARM encoding. */
10286 insn = (insn & 0xe2ffffff) | ((insn & (1 << 28)) >> 4) | (1 << 28);
10287 if (disas_neon_data_insn(s, insn)) {
10288 goto illegal_op;
10289 }
10290 } else if (((insn >> 8) & 0xe) == 10) {
10291 if (disas_vfp_insn(s, insn)) {
10292 goto illegal_op;
10293 }
10294 } else {
10295 if (insn & (1 << 28))
10296 goto illegal_op;
10297 if (disas_coproc_insn(s, insn)) {
10298 goto illegal_op;
10299 }
10300 }
10301 break;
10302 case 8: case 9: case 10: case 11:
10303 if (insn & (1 << 15)) {
10304 /* Branches, misc control. */
10305 if (insn & 0x5000) {
10306 /* Unconditional branch. */
10307 /* signextend(hw1[10:0]) -> offset[:12]. */
10308 offset = ((int32_t)insn << 5) >> 9 & ~(int32_t)0xfff;
10309 /* hw1[10:0] -> offset[11:1]. */
10310 offset |= (insn & 0x7ff) << 1;
10311 /* (~hw2[13, 11] ^ offset[24]) -> offset[23,22]
10312 offset[24:22] already have the same value because of the
10313 sign extension above. */
10314 offset ^= ((~insn) & (1 << 13)) << 10;
10315 offset ^= ((~insn) & (1 << 11)) << 11;
10316
10317 if (insn & (1 << 14)) {
10318 /* Branch and link. */
10319 tcg_gen_movi_i32(cpu_R[14], s->base.pc_next | 1);
10320 }
10321
10322 offset += read_pc(s);
10323 if (insn & (1 << 12)) {
10324 /* b/bl */
10325 gen_jmp(s, offset);
10326 } else {
10327 /* blx */
10328 offset &= ~(uint32_t)2;
10329 /* thumb2 bx, no need to check */
10330 gen_bx_im(s, offset);
10331 }
10332 } else if (((insn >> 23) & 7) == 7) {
10333 /* Misc control */
10334 if (insn & (1 << 13))
10335 goto illegal_op;
10336
10337 if (insn & (1 << 26)) {
10338 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10339 goto illegal_op;
10340 }
10341 if (!(insn & (1 << 20))) {
10342 /* Hypervisor call (v7) */
10343 int imm16 = extract32(insn, 16, 4) << 12
10344 | extract32(insn, 0, 12);
10345 ARCH(7);
10346 if (IS_USER(s)) {
10347 goto illegal_op;
10348 }
10349 gen_hvc(s, imm16);
10350 } else {
10351 /* Secure monitor call (v6+) */
10352 ARCH(6K);
10353 if (IS_USER(s)) {
10354 goto illegal_op;
10355 }
10356 gen_smc(s);
10357 }
10358 } else {
10359 op = (insn >> 20) & 7;
10360 switch (op) {
10361 case 0: /* msr cpsr. */
10362 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10363 tmp = load_reg(s, rn);
10364 /* the constant is the mask and SYSm fields */
10365 addr = tcg_const_i32(insn & 0xfff);
10366 gen_helper_v7m_msr(cpu_env, addr, tmp);
10367 tcg_temp_free_i32(addr);
10368 tcg_temp_free_i32(tmp);
10369 gen_lookup_tb(s);
10370 break;
10371 }
10372 /* fall through */
10373 case 1: /* msr spsr. */
10374 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10375 goto illegal_op;
10376 }
10377
10378 if (extract32(insn, 5, 1)) {
10379 /* MSR (banked) */
10380 int sysm = extract32(insn, 8, 4) |
10381 (extract32(insn, 4, 1) << 4);
10382 int r = op & 1;
10383
10384 gen_msr_banked(s, r, sysm, rm);
10385 break;
10386 }
10387
10388 /* MSR (for PSRs) */
10389 tmp = load_reg(s, rn);
10390 if (gen_set_psr(s,
10391 msr_mask(s, (insn >> 8) & 0xf, op == 1),
10392 op == 1, tmp))
10393 goto illegal_op;
10394 break;
10395 case 2: /* cps, nop-hint. */
10396 if (((insn >> 8) & 7) == 0) {
10397 gen_nop_hint(s, insn & 0xff);
10398 }
10399 /* Implemented as NOP in user mode. */
10400 if (IS_USER(s))
10401 break;
10402 offset = 0;
10403 imm = 0;
10404 if (insn & (1 << 10)) {
10405 if (insn & (1 << 7))
10406 offset |= CPSR_A;
10407 if (insn & (1 << 6))
10408 offset |= CPSR_I;
10409 if (insn & (1 << 5))
10410 offset |= CPSR_F;
10411 if (insn & (1 << 9))
10412 imm = CPSR_A | CPSR_I | CPSR_F;
10413 }
10414 if (insn & (1 << 8)) {
10415 offset |= 0x1f;
10416 imm |= (insn & 0x1f);
10417 }
10418 if (offset) {
10419 gen_set_psr_im(s, offset, 0, imm);
10420 }
10421 break;
10422 case 3: /* Special control operations. */
10423 if (!arm_dc_feature(s, ARM_FEATURE_V7) &&
10424 !arm_dc_feature(s, ARM_FEATURE_M)) {
10425 goto illegal_op;
10426 }
10427 op = (insn >> 4) & 0xf;
10428 switch (op) {
10429 case 2: /* clrex */
10430 gen_clrex(s);
10431 break;
10432 case 4: /* dsb */
10433 case 5: /* dmb */
10434 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
10435 break;
10436 case 6: /* isb */
10437 /* We need to break the TB after this insn
10438 * to execute self-modifying code correctly
10439 * and also to take any pending interrupts
10440 * immediately.
10441 */
10442 gen_goto_tb(s, 0, s->base.pc_next);
10443 break;
10444 case 7: /* sb */
10445 if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
10446 goto illegal_op;
10447 }
10448 /*
10449 * TODO: There is no speculation barrier opcode
10450 * for TCG; MB and end the TB instead.
10451 */
10452 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
10453 gen_goto_tb(s, 0, s->base.pc_next);
10454 break;
10455 default:
10456 goto illegal_op;
10457 }
10458 break;
10459 case 4: /* bxj */
10460 /* Trivial implementation equivalent to bx.
10461 * This instruction doesn't exist at all for M-profile.
10462 */
10463 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10464 goto illegal_op;
10465 }
10466 tmp = load_reg(s, rn);
10467 gen_bx(s, tmp);
10468 break;
10469 case 5: /* Exception return. */
10470 if (IS_USER(s)) {
10471 goto illegal_op;
10472 }
10473 if (rn != 14 || rd != 15) {
10474 goto illegal_op;
10475 }
10476 if (s->current_el == 2) {
10477 /* ERET from Hyp uses ELR_Hyp, not LR */
10478 if (insn & 0xff) {
10479 goto illegal_op;
10480 }
10481 tmp = load_cpu_field(elr_el[2]);
10482 } else {
10483 tmp = load_reg(s, rn);
10484 tcg_gen_subi_i32(tmp, tmp, insn & 0xff);
10485 }
10486 gen_exception_return(s, tmp);
10487 break;
10488 case 6: /* MRS */
10489 if (extract32(insn, 5, 1) &&
10490 !arm_dc_feature(s, ARM_FEATURE_M)) {
10491 /* MRS (banked) */
10492 int sysm = extract32(insn, 16, 4) |
10493 (extract32(insn, 4, 1) << 4);
10494
10495 gen_mrs_banked(s, 0, sysm, rd);
10496 break;
10497 }
10498
10499 if (extract32(insn, 16, 4) != 0xf) {
10500 goto illegal_op;
10501 }
10502 if (!arm_dc_feature(s, ARM_FEATURE_M) &&
10503 extract32(insn, 0, 8) != 0) {
10504 goto illegal_op;
10505 }
10506
10507 /* mrs cpsr */
10508 tmp = tcg_temp_new_i32();
10509 if (arm_dc_feature(s, ARM_FEATURE_M)) {
10510 addr = tcg_const_i32(insn & 0xff);
10511 gen_helper_v7m_mrs(tmp, cpu_env, addr);
10512 tcg_temp_free_i32(addr);
10513 } else {
10514 gen_helper_cpsr_read(tmp, cpu_env);
10515 }
10516 store_reg(s, rd, tmp);
10517 break;
10518 case 7: /* MRS */
10519 if (extract32(insn, 5, 1) &&
10520 !arm_dc_feature(s, ARM_FEATURE_M)) {
10521 /* MRS (banked) */
10522 int sysm = extract32(insn, 16, 4) |
10523 (extract32(insn, 4, 1) << 4);
10524
10525 gen_mrs_banked(s, 1, sysm, rd);
10526 break;
10527 }
10528
10529 /* mrs spsr. */
10530 /* Not accessible in user mode. */
10531 if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
10532 goto illegal_op;
10533 }
10534
10535 if (extract32(insn, 16, 4) != 0xf ||
10536 extract32(insn, 0, 8) != 0) {
10537 goto illegal_op;
10538 }
10539
10540 tmp = load_cpu_field(spsr);
10541 store_reg(s, rd, tmp);
10542 break;
10543 }
10544 }
10545 } else {
10546 /* Conditional branch. */
10547 op = (insn >> 22) & 0xf;
10548 /* Generate a conditional jump to next instruction. */
10549 arm_skip_unless(s, op);
10550
10551 /* offset[11:1] = insn[10:0] */
10552 offset = (insn & 0x7ff) << 1;
10553 /* offset[17:12] = insn[21:16]. */
10554 offset |= (insn & 0x003f0000) >> 4;
10555 /* offset[31:20] = insn[26]. */
10556 offset |= ((int32_t)((insn << 5) & 0x80000000)) >> 11;
10557 /* offset[18] = insn[13]. */
10558 offset |= (insn & (1 << 13)) << 5;
10559 /* offset[19] = insn[11]. */
10560 offset |= (insn & (1 << 11)) << 8;
10561
10562 /* jump to the offset */
10563 gen_jmp(s, read_pc(s) + offset);
10564 }
10565 } else {
10566 /*
10567 * 0b1111_0xxx_xxxx_0xxx_xxxx_xxxx
10568 * - Data-processing (modified immediate, plain binary immediate)
10569 */
10570 if (insn & (1 << 25)) {
10571 /*
10572 * 0b1111_0x1x_xxxx_0xxx_xxxx_xxxx
10573 * - Data-processing (plain binary immediate)
10574 */
10575 if (insn & (1 << 24)) {
10576 if (insn & (1 << 20))
10577 goto illegal_op;
10578 /* Bitfield/Saturate. */
10579 op = (insn >> 21) & 7;
10580 imm = insn & 0x1f;
10581 shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
10582 if (rn == 15) {
10583 tmp = tcg_temp_new_i32();
10584 tcg_gen_movi_i32(tmp, 0);
10585 } else {
10586 tmp = load_reg(s, rn);
10587 }
10588 switch (op) {
10589 case 2: /* Signed bitfield extract. */
10590 imm++;
10591 if (shift + imm > 32)
10592 goto illegal_op;
10593 if (imm < 32) {
10594 tcg_gen_sextract_i32(tmp, tmp, shift, imm);
10595 }
10596 break;
10597 case 6: /* Unsigned bitfield extract. */
10598 imm++;
10599 if (shift + imm > 32)
10600 goto illegal_op;
10601 if (imm < 32) {
10602 tcg_gen_extract_i32(tmp, tmp, shift, imm);
10603 }
10604 break;
10605 case 3: /* Bitfield insert/clear. */
10606 if (imm < shift)
10607 goto illegal_op;
10608 imm = imm + 1 - shift;
10609 if (imm != 32) {
10610 tmp2 = load_reg(s, rd);
10611 tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, imm);
10612 tcg_temp_free_i32(tmp2);
10613 }
10614 break;
10615 case 7:
10616 goto illegal_op;
10617 default: /* Saturate. */
10618 if (op & 1) {
10619 tcg_gen_sari_i32(tmp, tmp, shift);
10620 } else {
10621 tcg_gen_shli_i32(tmp, tmp, shift);
10622 }
10623 tmp2 = tcg_const_i32(imm);
10624 if (op & 4) {
10625 /* Unsigned. */
10626 if ((op & 1) && shift == 0) {
10627 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10628 tcg_temp_free_i32(tmp);
10629 tcg_temp_free_i32(tmp2);
10630 goto illegal_op;
10631 }
10632 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
10633 } else {
10634 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
10635 }
10636 } else {
10637 /* Signed. */
10638 if ((op & 1) && shift == 0) {
10639 if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10640 tcg_temp_free_i32(tmp);
10641 tcg_temp_free_i32(tmp2);
10642 goto illegal_op;
10643 }
10644 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
10645 } else {
10646 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
10647 }
10648 }
10649 tcg_temp_free_i32(tmp2);
10650 break;
10651 }
10652 store_reg(s, rd, tmp);
10653 } else {
10654 imm = ((insn & 0x04000000) >> 15)
10655 | ((insn & 0x7000) >> 4) | (insn & 0xff);
10656 if (insn & (1 << 22)) {
10657 /* 16-bit immediate. */
10658 imm |= (insn >> 4) & 0xf000;
10659 if (insn & (1 << 23)) {
10660 /* movt */
10661 tmp = load_reg(s, rd);
10662 tcg_gen_ext16u_i32(tmp, tmp);
10663 tcg_gen_ori_i32(tmp, tmp, imm << 16);
10664 } else {
10665 /* movw */
10666 tmp = tcg_temp_new_i32();
10667 tcg_gen_movi_i32(tmp, imm);
10668 }
10669 store_reg(s, rd, tmp);
10670 } else {
10671 /* Add/sub 12-bit immediate. */
10672 if (insn & (1 << 23)) {
10673 imm = -imm;
10674 }
10675 tmp = add_reg_for_lit(s, rn, imm);
10676 if (rn == 13 && rd == 13) {
10677 /* ADD SP, SP, imm or SUB SP, SP, imm */
10678 store_sp_checked(s, tmp);
10679 } else {
10680 store_reg(s, rd, tmp);
10681 }
10682 }
10683 }
10684 } else {
10685 /*
10686 * 0b1111_0x0x_xxxx_0xxx_xxxx_xxxx
10687 * - Data-processing (modified immediate)
10688 */
10689 int shifter_out = 0;
10690 /* modified 12-bit immediate. */
10691 shift = ((insn & 0x04000000) >> 23) | ((insn & 0x7000) >> 12);
10692 imm = (insn & 0xff);
10693 switch (shift) {
10694 case 0: /* XY */
10695 /* Nothing to do. */
10696 break;
10697 case 1: /* 00XY00XY */
10698 imm |= imm << 16;
10699 break;
10700 case 2: /* XY00XY00 */
10701 imm |= imm << 16;
10702 imm <<= 8;
10703 break;
10704 case 3: /* XYXYXYXY */
10705 imm |= imm << 16;
10706 imm |= imm << 8;
10707 break;
10708 default: /* Rotated constant. */
10709 shift = (shift << 1) | (imm >> 7);
10710 imm |= 0x80;
10711 imm = imm << (32 - shift);
10712 shifter_out = 1;
10713 break;
10714 }
10715 tmp2 = tcg_temp_new_i32();
10716 tcg_gen_movi_i32(tmp2, imm);
10717 rn = (insn >> 16) & 0xf;
10718 if (rn == 15) {
10719 tmp = tcg_temp_new_i32();
10720 tcg_gen_movi_i32(tmp, 0);
10721 } else {
10722 tmp = load_reg(s, rn);
10723 }
10724 op = (insn >> 21) & 0xf;
10725 if (gen_thumb2_data_op(s, op, (insn & (1 << 20)) != 0,
10726 shifter_out, tmp, tmp2))
10727 goto illegal_op;
10728 tcg_temp_free_i32(tmp2);
10729 rd = (insn >> 8) & 0xf;
10730 if (rd == 13 && rn == 13
10731 && (op == 8 || op == 13)) {
10732 /* ADD(S) SP, SP, imm or SUB(S) SP, SP, imm */
10733 store_sp_checked(s, tmp);
10734 } else if (rd != 15) {
10735 store_reg(s, rd, tmp);
10736 } else {
10737 tcg_temp_free_i32(tmp);
10738 }
10739 }
10740 }
10741 break;
10742 case 12: /* Load/store single data item. */
10743 {
10744 int postinc = 0;
10745 int writeback = 0;
10746 int memidx;
10747 ISSInfo issinfo;
10748
10749 if ((insn & 0x01100000) == 0x01000000) {
10750 if (disas_neon_ls_insn(s, insn)) {
10751 goto illegal_op;
10752 }
10753 break;
10754 }
10755 op = ((insn >> 21) & 3) | ((insn >> 22) & 4);
10756 if (rs == 15) {
10757 if (!(insn & (1 << 20))) {
10758 goto illegal_op;
10759 }
10760 if (op != 2) {
10761 /* Byte or halfword load space with dest == r15 : memory hints.
10762 * Catch them early so we don't emit pointless addressing code.
10763 * This space is a mix of:
10764 * PLD/PLDW/PLI, which we implement as NOPs (note that unlike
10765 * the ARM encodings, PLDW space doesn't UNDEF for non-v7MP
10766 * cores)
10767 * unallocated hints, which must be treated as NOPs
10768 * UNPREDICTABLE space, which we NOP or UNDEF depending on
10769 * which is easiest for the decoding logic
10770 * Some space which must UNDEF
10771 */
10772 int op1 = (insn >> 23) & 3;
10773 int op2 = (insn >> 6) & 0x3f;
10774 if (op & 2) {
10775 goto illegal_op;
10776 }
10777 if (rn == 15) {
10778 /* UNPREDICTABLE, unallocated hint or
10779 * PLD/PLDW/PLI (literal)
10780 */
10781 return;
10782 }
10783 if (op1 & 1) {
10784 return; /* PLD/PLDW/PLI or unallocated hint */
10785 }
10786 if ((op2 == 0) || ((op2 & 0x3c) == 0x30)) {
10787 return; /* PLD/PLDW/PLI or unallocated hint */
10788 }
10789 /* UNDEF space, or an UNPREDICTABLE */
10790 goto illegal_op;
10791 }
10792 }
10793 memidx = get_mem_index(s);
10794 imm = insn & 0xfff;
10795 if (insn & (1 << 23)) {
10796 /* PC relative or Positive offset. */
10797 addr = add_reg_for_lit(s, rn, imm);
10798 } else if (rn == 15) {
10799 /* PC relative with negative offset. */
10800 addr = add_reg_for_lit(s, rn, -imm);
10801 } else {
10802 addr = load_reg(s, rn);
10803 imm = insn & 0xff;
10804 switch ((insn >> 8) & 0xf) {
10805 case 0x0: /* Shifted Register. */
10806 shift = (insn >> 4) & 0xf;
10807 if (shift > 3) {
10808 tcg_temp_free_i32(addr);
10809 goto illegal_op;
10810 }
10811 tmp = load_reg(s, rm);
10812 tcg_gen_shli_i32(tmp, tmp, shift);
10813 tcg_gen_add_i32(addr, addr, tmp);
10814 tcg_temp_free_i32(tmp);
10815 break;
10816 case 0xc: /* Negative offset. */
10817 tcg_gen_addi_i32(addr, addr, -imm);
10818 break;
10819 case 0xe: /* User privilege. */
10820 tcg_gen_addi_i32(addr, addr, imm);
10821 memidx = get_a32_user_mem_index(s);
10822 break;
10823 case 0x9: /* Post-decrement. */
10824 imm = -imm;
10825 /* Fall through. */
10826 case 0xb: /* Post-increment. */
10827 postinc = 1;
10828 writeback = 1;
10829 break;
10830 case 0xd: /* Pre-decrement. */
10831 imm = -imm;
10832 /* Fall through. */
10833 case 0xf: /* Pre-increment. */
10834 writeback = 1;
10835 break;
10836 default:
10837 tcg_temp_free_i32(addr);
10838 goto illegal_op;
10839 }
10840 }
10841
10842 issinfo = writeback ? ISSInvalid : rs;
10843
10844 if (s->v8m_stackcheck && rn == 13 && writeback) {
10845 /*
10846 * Stackcheck. Here we know 'addr' is the current SP;
10847 * if imm is +ve we're moving SP up, else down. It is
10848 * UNKNOWN whether the limit check triggers when SP starts
10849 * below the limit and ends up above it; we chose to do so.
10850 */
10851 if ((int32_t)imm < 0) {
10852 TCGv_i32 newsp = tcg_temp_new_i32();
10853
10854 tcg_gen_addi_i32(newsp, addr, imm);
10855 gen_helper_v8m_stackcheck(cpu_env, newsp);
10856 tcg_temp_free_i32(newsp);
10857 } else {
10858 gen_helper_v8m_stackcheck(cpu_env, addr);
10859 }
10860 }
10861
10862 if (writeback && !postinc) {
10863 tcg_gen_addi_i32(addr, addr, imm);
10864 }
10865
10866 if (insn & (1 << 20)) {
10867 /* Load. */
10868 tmp = tcg_temp_new_i32();
10869 switch (op) {
10870 case 0:
10871 gen_aa32_ld8u_iss(s, tmp, addr, memidx, issinfo);
10872 break;
10873 case 4:
10874 gen_aa32_ld8s_iss(s, tmp, addr, memidx, issinfo);
10875 break;
10876 case 1:
10877 gen_aa32_ld16u_iss(s, tmp, addr, memidx, issinfo);
10878 break;
10879 case 5:
10880 gen_aa32_ld16s_iss(s, tmp, addr, memidx, issinfo);
10881 break;
10882 case 2:
10883 gen_aa32_ld32u_iss(s, tmp, addr, memidx, issinfo);
10884 break;
10885 default:
10886 tcg_temp_free_i32(tmp);
10887 tcg_temp_free_i32(addr);
10888 goto illegal_op;
10889 }
10890 if (rs == 15) {
10891 gen_bx_excret(s, tmp);
10892 } else {
10893 store_reg(s, rs, tmp);
10894 }
10895 } else {
10896 /* Store. */
10897 tmp = load_reg(s, rs);
10898 switch (op) {
10899 case 0:
10900 gen_aa32_st8_iss(s, tmp, addr, memidx, issinfo);
10901 break;
10902 case 1:
10903 gen_aa32_st16_iss(s, tmp, addr, memidx, issinfo);
10904 break;
10905 case 2:
10906 gen_aa32_st32_iss(s, tmp, addr, memidx, issinfo);
10907 break;
10908 default:
10909 tcg_temp_free_i32(tmp);
10910 tcg_temp_free_i32(addr);
10911 goto illegal_op;
10912 }
10913 tcg_temp_free_i32(tmp);
10914 }
10915 if (postinc)
10916 tcg_gen_addi_i32(addr, addr, imm);
10917 if (writeback) {
10918 store_reg(s, rn, addr);
10919 } else {
10920 tcg_temp_free_i32(addr);
10921 }
10922 }
10923 break;
10924 default:
10925 goto illegal_op;
10926 }
10927 return;
10928 illegal_op:
10929 unallocated_encoding(s);
10930 }
10931
10932 static void disas_thumb_insn(DisasContext *s, uint32_t insn)
10933 {
10934 uint32_t val, op, rm, rn, rd, shift, cond;
10935 int32_t offset;
10936 int i;
10937 TCGv_i32 tmp;
10938 TCGv_i32 tmp2;
10939 TCGv_i32 addr;
10940
10941 switch (insn >> 12) {
10942 case 0: case 1:
10943
10944 rd = insn & 7;
10945 op = (insn >> 11) & 3;
10946 if (op == 3) {
10947 /*
10948 * 0b0001_1xxx_xxxx_xxxx
10949 * - Add, subtract (three low registers)
10950 * - Add, subtract (two low registers and immediate)
10951 */
10952 rn = (insn >> 3) & 7;
10953 tmp = load_reg(s, rn);
10954 if (insn & (1 << 10)) {
10955 /* immediate */
10956 tmp2 = tcg_temp_new_i32();
10957 tcg_gen_movi_i32(tmp2, (insn >> 6) & 7);
10958 } else {
10959 /* reg */
10960 rm = (insn >> 6) & 7;
10961 tmp2 = load_reg(s, rm);
10962 }
10963 if (insn & (1 << 9)) {
10964 if (s->condexec_mask)
10965 tcg_gen_sub_i32(tmp, tmp, tmp2);
10966 else
10967 gen_sub_CC(tmp, tmp, tmp2);
10968 } else {
10969 if (s->condexec_mask)
10970 tcg_gen_add_i32(tmp, tmp, tmp2);
10971 else
10972 gen_add_CC(tmp, tmp, tmp2);
10973 }
10974 tcg_temp_free_i32(tmp2);
10975 store_reg(s, rd, tmp);
10976 } else {
10977 /* shift immediate */
10978 rm = (insn >> 3) & 7;
10979 shift = (insn >> 6) & 0x1f;
10980 tmp = load_reg(s, rm);
10981 gen_arm_shift_im(tmp, op, shift, s->condexec_mask == 0);
10982 if (!s->condexec_mask)
10983 gen_logic_CC(tmp);
10984 store_reg(s, rd, tmp);
10985 }
10986 break;
10987 case 2: case 3:
10988 /*
10989 * 0b001x_xxxx_xxxx_xxxx
10990 * - Add, subtract, compare, move (one low register and immediate)
10991 */
10992 op = (insn >> 11) & 3;
10993 rd = (insn >> 8) & 0x7;
10994 if (op == 0) { /* mov */
10995 tmp = tcg_temp_new_i32();
10996 tcg_gen_movi_i32(tmp, insn & 0xff);
10997 if (!s->condexec_mask)
10998 gen_logic_CC(tmp);
10999 store_reg(s, rd, tmp);
11000 } else {
11001 tmp = load_reg(s, rd);
11002 tmp2 = tcg_temp_new_i32();
11003 tcg_gen_movi_i32(tmp2, insn & 0xff);
11004 switch (op) {
11005 case 1: /* cmp */
11006 gen_sub_CC(tmp, tmp, tmp2);
11007 tcg_temp_free_i32(tmp);
11008 tcg_temp_free_i32(tmp2);
11009 break;
11010 case 2: /* add */
11011 if (s->condexec_mask)
11012 tcg_gen_add_i32(tmp, tmp, tmp2);
11013 else
11014 gen_add_CC(tmp, tmp, tmp2);
11015 tcg_temp_free_i32(tmp2);
11016 store_reg(s, rd, tmp);
11017 break;
11018 case 3: /* sub */
11019 if (s->condexec_mask)
11020 tcg_gen_sub_i32(tmp, tmp, tmp2);
11021 else
11022 gen_sub_CC(tmp, tmp, tmp2);
11023 tcg_temp_free_i32(tmp2);
11024 store_reg(s, rd, tmp);
11025 break;
11026 }
11027 }
11028 break;
11029 case 4:
11030 if (insn & (1 << 11)) {
11031 rd = (insn >> 8) & 7;
11032 /* load pc-relative. Bit 1 of PC is ignored. */
11033 addr = add_reg_for_lit(s, 15, (insn & 0xff) * 4);
11034 tmp = tcg_temp_new_i32();
11035 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
11036 rd | ISSIs16Bit);
11037 tcg_temp_free_i32(addr);
11038 store_reg(s, rd, tmp);
11039 break;
11040 }
11041 if (insn & (1 << 10)) {
11042 /* 0b0100_01xx_xxxx_xxxx
11043 * - data processing extended, branch and exchange
11044 */
11045 rd = (insn & 7) | ((insn >> 4) & 8);
11046 rm = (insn >> 3) & 0xf;
11047 op = (insn >> 8) & 3;
11048 switch (op) {
11049 case 0: /* add */
11050 tmp = load_reg(s, rd);
11051 tmp2 = load_reg(s, rm);
11052 tcg_gen_add_i32(tmp, tmp, tmp2);
11053 tcg_temp_free_i32(tmp2);
11054 if (rd == 13) {
11055 /* ADD SP, SP, reg */
11056 store_sp_checked(s, tmp);
11057 } else {
11058 store_reg(s, rd, tmp);
11059 }
11060 break;
11061 case 1: /* cmp */
11062 tmp = load_reg(s, rd);
11063 tmp2 = load_reg(s, rm);
11064 gen_sub_CC(tmp, tmp, tmp2);
11065 tcg_temp_free_i32(tmp2);
11066 tcg_temp_free_i32(tmp);
11067 break;
11068 case 2: /* mov/cpy */
11069 tmp = load_reg(s, rm);
11070 if (rd == 13) {
11071 /* MOV SP, reg */
11072 store_sp_checked(s, tmp);
11073 } else {
11074 store_reg(s, rd, tmp);
11075 }
11076 break;
11077 case 3:
11078 {
11079 /* 0b0100_0111_xxxx_xxxx
11080 * - branch [and link] exchange thumb register
11081 */
11082 bool link = insn & (1 << 7);
11083
11084 if (insn & 3) {
11085 goto undef;
11086 }
11087 if (link) {
11088 ARCH(5);
11089 }
11090 if ((insn & 4)) {
11091 /* BXNS/BLXNS: only exists for v8M with the
11092 * security extensions, and always UNDEF if NonSecure.
11093 * We don't implement these in the user-only mode
11094 * either (in theory you can use them from Secure User
11095 * mode but they are too tied in to system emulation.)
11096 */
11097 if (!s->v8m_secure || IS_USER_ONLY) {
11098 goto undef;
11099 }
11100 if (link) {
11101 gen_blxns(s, rm);
11102 } else {
11103 gen_bxns(s, rm);
11104 }
11105 break;
11106 }
11107 /* BLX/BX */
11108 tmp = load_reg(s, rm);
11109 if (link) {
11110 val = (uint32_t)s->base.pc_next | 1;
11111 tmp2 = tcg_temp_new_i32();
11112 tcg_gen_movi_i32(tmp2, val);
11113 store_reg(s, 14, tmp2);
11114 gen_bx(s, tmp);
11115 } else {
11116 /* Only BX works as exception-return, not BLX */
11117 gen_bx_excret(s, tmp);
11118 }
11119 break;
11120 }
11121 }
11122 break;
11123 }
11124
11125 /*
11126 * 0b0100_00xx_xxxx_xxxx
11127 * - Data-processing (two low registers)
11128 */
11129 rd = insn & 7;
11130 rm = (insn >> 3) & 7;
11131 op = (insn >> 6) & 0xf;
11132 if (op == 2 || op == 3 || op == 4 || op == 7) {
11133 /* the shift/rotate ops want the operands backwards */
11134 val = rm;
11135 rm = rd;
11136 rd = val;
11137 val = 1;
11138 } else {
11139 val = 0;
11140 }
11141
11142 if (op == 9) { /* neg */
11143 tmp = tcg_temp_new_i32();
11144 tcg_gen_movi_i32(tmp, 0);
11145 } else if (op != 0xf) { /* mvn doesn't read its first operand */
11146 tmp = load_reg(s, rd);
11147 } else {
11148 tmp = NULL;
11149 }
11150
11151 tmp2 = load_reg(s, rm);
11152 switch (op) {
11153 case 0x0: /* and */
11154 tcg_gen_and_i32(tmp, tmp, tmp2);
11155 if (!s->condexec_mask)
11156 gen_logic_CC(tmp);
11157 break;
11158 case 0x1: /* eor */
11159 tcg_gen_xor_i32(tmp, tmp, tmp2);
11160 if (!s->condexec_mask)
11161 gen_logic_CC(tmp);
11162 break;
11163 case 0x2: /* lsl */
11164 if (s->condexec_mask) {
11165 gen_shl(tmp2, tmp2, tmp);
11166 } else {
11167 gen_helper_shl_cc(tmp2, cpu_env, tmp2, tmp);
11168 gen_logic_CC(tmp2);
11169 }
11170 break;
11171 case 0x3: /* lsr */
11172 if (s->condexec_mask) {
11173 gen_shr(tmp2, tmp2, tmp);
11174 } else {
11175 gen_helper_shr_cc(tmp2, cpu_env, tmp2, tmp);
11176 gen_logic_CC(tmp2);
11177 }
11178 break;
11179 case 0x4: /* asr */
11180 if (s->condexec_mask) {
11181 gen_sar(tmp2, tmp2, tmp);
11182 } else {
11183 gen_helper_sar_cc(tmp2, cpu_env, tmp2, tmp);
11184 gen_logic_CC(tmp2);
11185 }
11186 break;
11187 case 0x5: /* adc */
11188 if (s->condexec_mask) {
11189 gen_adc(tmp, tmp2);
11190 } else {
11191 gen_adc_CC(tmp, tmp, tmp2);
11192 }
11193 break;
11194 case 0x6: /* sbc */
11195 if (s->condexec_mask) {
11196 gen_sub_carry(tmp, tmp, tmp2);
11197 } else {
11198 gen_sbc_CC(tmp, tmp, tmp2);
11199 }
11200 break;
11201 case 0x7: /* ror */
11202 if (s->condexec_mask) {
11203 tcg_gen_andi_i32(tmp, tmp, 0x1f);
11204 tcg_gen_rotr_i32(tmp2, tmp2, tmp);
11205 } else {
11206 gen_helper_ror_cc(tmp2, cpu_env, tmp2, tmp);
11207 gen_logic_CC(tmp2);
11208 }
11209 break;
11210 case 0x8: /* tst */
11211 tcg_gen_and_i32(tmp, tmp, tmp2);
11212 gen_logic_CC(tmp);
11213 rd = 16;
11214 break;
11215 case 0x9: /* neg */
11216 if (s->condexec_mask)
11217 tcg_gen_neg_i32(tmp, tmp2);
11218 else
11219 gen_sub_CC(tmp, tmp, tmp2);
11220 break;
11221 case 0xa: /* cmp */
11222 gen_sub_CC(tmp, tmp, tmp2);
11223 rd = 16;
11224 break;
11225 case 0xb: /* cmn */
11226 gen_add_CC(tmp, tmp, tmp2);
11227 rd = 16;
11228 break;
11229 case 0xc: /* orr */
11230 tcg_gen_or_i32(tmp, tmp, tmp2);
11231 if (!s->condexec_mask)
11232 gen_logic_CC(tmp);
11233 break;
11234 case 0xd: /* mul */
11235 tcg_gen_mul_i32(tmp, tmp, tmp2);
11236 if (!s->condexec_mask)
11237 gen_logic_CC(tmp);
11238 break;
11239 case 0xe: /* bic */
11240 tcg_gen_andc_i32(tmp, tmp, tmp2);
11241 if (!s->condexec_mask)
11242 gen_logic_CC(tmp);
11243 break;
11244 case 0xf: /* mvn */
11245 tcg_gen_not_i32(tmp2, tmp2);
11246 if (!s->condexec_mask)
11247 gen_logic_CC(tmp2);
11248 val = 1;
11249 rm = rd;
11250 break;
11251 }
11252 if (rd != 16) {
11253 if (val) {
11254 store_reg(s, rm, tmp2);
11255 if (op != 0xf)
11256 tcg_temp_free_i32(tmp);
11257 } else {
11258 store_reg(s, rd, tmp);
11259 tcg_temp_free_i32(tmp2);
11260 }
11261 } else {
11262 tcg_temp_free_i32(tmp);
11263 tcg_temp_free_i32(tmp2);
11264 }
11265 break;
11266
11267 case 5:
11268 /* load/store register offset. */
11269 rd = insn & 7;
11270 rn = (insn >> 3) & 7;
11271 rm = (insn >> 6) & 7;
11272 op = (insn >> 9) & 7;
11273 addr = load_reg(s, rn);
11274 tmp = load_reg(s, rm);
11275 tcg_gen_add_i32(addr, addr, tmp);
11276 tcg_temp_free_i32(tmp);
11277
11278 if (op < 3) { /* store */
11279 tmp = load_reg(s, rd);
11280 } else {
11281 tmp = tcg_temp_new_i32();
11282 }
11283
11284 switch (op) {
11285 case 0: /* str */
11286 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11287 break;
11288 case 1: /* strh */
11289 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11290 break;
11291 case 2: /* strb */
11292 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11293 break;
11294 case 3: /* ldrsb */
11295 gen_aa32_ld8s_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11296 break;
11297 case 4: /* ldr */
11298 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11299 break;
11300 case 5: /* ldrh */
11301 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11302 break;
11303 case 6: /* ldrb */
11304 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11305 break;
11306 case 7: /* ldrsh */
11307 gen_aa32_ld16s_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11308 break;
11309 }
11310 if (op >= 3) { /* load */
11311 store_reg(s, rd, tmp);
11312 } else {
11313 tcg_temp_free_i32(tmp);
11314 }
11315 tcg_temp_free_i32(addr);
11316 break;
11317
11318 case 6:
11319 /* load/store word immediate offset */
11320 rd = insn & 7;
11321 rn = (insn >> 3) & 7;
11322 addr = load_reg(s, rn);
11323 val = (insn >> 4) & 0x7c;
11324 tcg_gen_addi_i32(addr, addr, val);
11325
11326 if (insn & (1 << 11)) {
11327 /* load */
11328 tmp = tcg_temp_new_i32();
11329 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11330 store_reg(s, rd, tmp);
11331 } else {
11332 /* store */
11333 tmp = load_reg(s, rd);
11334 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11335 tcg_temp_free_i32(tmp);
11336 }
11337 tcg_temp_free_i32(addr);
11338 break;
11339
11340 case 7:
11341 /* load/store byte immediate offset */
11342 rd = insn & 7;
11343 rn = (insn >> 3) & 7;
11344 addr = load_reg(s, rn);
11345 val = (insn >> 6) & 0x1f;
11346 tcg_gen_addi_i32(addr, addr, val);
11347
11348 if (insn & (1 << 11)) {
11349 /* load */
11350 tmp = tcg_temp_new_i32();
11351 gen_aa32_ld8u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11352 store_reg(s, rd, tmp);
11353 } else {
11354 /* store */
11355 tmp = load_reg(s, rd);
11356 gen_aa32_st8_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11357 tcg_temp_free_i32(tmp);
11358 }
11359 tcg_temp_free_i32(addr);
11360 break;
11361
11362 case 8:
11363 /* load/store halfword immediate offset */
11364 rd = insn & 7;
11365 rn = (insn >> 3) & 7;
11366 addr = load_reg(s, rn);
11367 val = (insn >> 5) & 0x3e;
11368 tcg_gen_addi_i32(addr, addr, val);
11369
11370 if (insn & (1 << 11)) {
11371 /* load */
11372 tmp = tcg_temp_new_i32();
11373 gen_aa32_ld16u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11374 store_reg(s, rd, tmp);
11375 } else {
11376 /* store */
11377 tmp = load_reg(s, rd);
11378 gen_aa32_st16_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11379 tcg_temp_free_i32(tmp);
11380 }
11381 tcg_temp_free_i32(addr);
11382 break;
11383
11384 case 9:
11385 /* load/store from stack */
11386 rd = (insn >> 8) & 7;
11387 addr = load_reg(s, 13);
11388 val = (insn & 0xff) * 4;
11389 tcg_gen_addi_i32(addr, addr, val);
11390
11391 if (insn & (1 << 11)) {
11392 /* load */
11393 tmp = tcg_temp_new_i32();
11394 gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11395 store_reg(s, rd, tmp);
11396 } else {
11397 /* store */
11398 tmp = load_reg(s, rd);
11399 gen_aa32_st32_iss(s, tmp, addr, get_mem_index(s), rd | ISSIs16Bit);
11400 tcg_temp_free_i32(tmp);
11401 }
11402 tcg_temp_free_i32(addr);
11403 break;
11404
11405 case 10:
11406 /*
11407 * 0b1010_xxxx_xxxx_xxxx
11408 * - Add PC/SP (immediate)
11409 */
11410 rd = (insn >> 8) & 7;
11411 val = (insn & 0xff) * 4;
11412 tmp = add_reg_for_lit(s, insn & (1 << 11) ? 13 : 15, val);
11413 store_reg(s, rd, tmp);
11414 break;
11415
11416 case 11:
11417 /* misc */
11418 op = (insn >> 8) & 0xf;
11419 switch (op) {
11420 case 0:
11421 /*
11422 * 0b1011_0000_xxxx_xxxx
11423 * - ADD (SP plus immediate)
11424 * - SUB (SP minus immediate)
11425 */
11426 tmp = load_reg(s, 13);
11427 val = (insn & 0x7f) * 4;
11428 if (insn & (1 << 7))
11429 val = -(int32_t)val;
11430 tcg_gen_addi_i32(tmp, tmp, val);
11431 store_sp_checked(s, tmp);
11432 break;
11433
11434 case 2: /* sign/zero extend. */
11435 ARCH(6);
11436 rd = insn & 7;
11437 rm = (insn >> 3) & 7;
11438 tmp = load_reg(s, rm);
11439 switch ((insn >> 6) & 3) {
11440 case 0: gen_sxth(tmp); break;
11441 case 1: gen_sxtb(tmp); break;
11442 case 2: gen_uxth(tmp); break;
11443 case 3: gen_uxtb(tmp); break;
11444 }
11445 store_reg(s, rd, tmp);
11446 break;
11447 case 4: case 5: case 0xc: case 0xd:
11448 /*
11449 * 0b1011_x10x_xxxx_xxxx
11450 * - push/pop
11451 */
11452 addr = load_reg(s, 13);
11453 if (insn & (1 << 8))
11454 offset = 4;
11455 else
11456 offset = 0;
11457 for (i = 0; i < 8; i++) {
11458 if (insn & (1 << i))
11459 offset += 4;
11460 }
11461 if ((insn & (1 << 11)) == 0) {
11462 tcg_gen_addi_i32(addr, addr, -offset);
11463 }
11464
11465 if (s->v8m_stackcheck) {
11466 /*
11467 * Here 'addr' is the lower of "old SP" and "new SP";
11468 * if this is a pop that starts below the limit and ends
11469 * above it, it is UNKNOWN whether the limit check triggers;
11470 * we choose to trigger.
11471 */
11472 gen_helper_v8m_stackcheck(cpu_env, addr);
11473 }
11474
11475 for (i = 0; i < 8; i++) {
11476 if (insn & (1 << i)) {
11477 if (insn & (1 << 11)) {
11478 /* pop */
11479 tmp = tcg_temp_new_i32();
11480 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11481 store_reg(s, i, tmp);
11482 } else {
11483 /* push */
11484 tmp = load_reg(s, i);
11485 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11486 tcg_temp_free_i32(tmp);
11487 }
11488 /* advance to the next address. */
11489 tcg_gen_addi_i32(addr, addr, 4);
11490 }
11491 }
11492 tmp = NULL;
11493 if (insn & (1 << 8)) {
11494 if (insn & (1 << 11)) {
11495 /* pop pc */
11496 tmp = tcg_temp_new_i32();
11497 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11498 /* don't set the pc until the rest of the instruction
11499 has completed */
11500 } else {
11501 /* push lr */
11502 tmp = load_reg(s, 14);
11503 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11504 tcg_temp_free_i32(tmp);
11505 }
11506 tcg_gen_addi_i32(addr, addr, 4);
11507 }
11508 if ((insn & (1 << 11)) == 0) {
11509 tcg_gen_addi_i32(addr, addr, -offset);
11510 }
11511 /* write back the new stack pointer */
11512 store_reg(s, 13, addr);
11513 /* set the new PC value */
11514 if ((insn & 0x0900) == 0x0900) {
11515 store_reg_from_load(s, 15, tmp);
11516 }
11517 break;
11518
11519 case 1: case 3: case 9: case 11: /* czb */
11520 rm = insn & 7;
11521 tmp = load_reg(s, rm);
11522 arm_gen_condlabel(s);
11523 if (insn & (1 << 11))
11524 tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, s->condlabel);
11525 else
11526 tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, s->condlabel);
11527 tcg_temp_free_i32(tmp);
11528 offset = ((insn & 0xf8) >> 2) | (insn & 0x200) >> 3;
11529 gen_jmp(s, read_pc(s) + offset);
11530 break;
11531
11532 case 15: /* IT, nop-hint. */
11533 if ((insn & 0xf) == 0) {
11534 gen_nop_hint(s, (insn >> 4) & 0xf);
11535 break;
11536 }
11537 /*
11538 * IT (If-Then)
11539 *
11540 * Combinations of firstcond and mask which set up an 0b1111
11541 * condition are UNPREDICTABLE; we take the CONSTRAINED
11542 * UNPREDICTABLE choice to treat 0b1111 the same as 0b1110,
11543 * i.e. both meaning "execute always".
11544 */
11545 s->condexec_cond = (insn >> 4) & 0xe;
11546 s->condexec_mask = insn & 0x1f;
11547 /* No actual code generated for this insn, just setup state. */
11548 break;
11549
11550 case 0xe: /* bkpt */
11551 {
11552 int imm8 = extract32(insn, 0, 8);
11553 ARCH(5);
11554 gen_exception_bkpt_insn(s, syn_aa32_bkpt(imm8, true));
11555 break;
11556 }
11557
11558 case 0xa: /* rev, and hlt */
11559 {
11560 int op1 = extract32(insn, 6, 2);
11561
11562 if (op1 == 2) {
11563 /* HLT */
11564 int imm6 = extract32(insn, 0, 6);
11565
11566 gen_hlt(s, imm6);
11567 break;
11568 }
11569
11570 /* Otherwise this is rev */
11571 ARCH(6);
11572 rn = (insn >> 3) & 0x7;
11573 rd = insn & 0x7;
11574 tmp = load_reg(s, rn);
11575 switch (op1) {
11576 case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
11577 case 1: gen_rev16(tmp); break;
11578 case 3: gen_revsh(tmp); break;
11579 default:
11580 g_assert_not_reached();
11581 }
11582 store_reg(s, rd, tmp);
11583 break;
11584 }
11585
11586 case 6:
11587 switch ((insn >> 5) & 7) {
11588 case 2:
11589 /* setend */
11590 ARCH(6);
11591 if (((insn >> 3) & 1) != !!(s->be_data == MO_BE)) {
11592 gen_helper_setend(cpu_env);
11593 s->base.is_jmp = DISAS_UPDATE;
11594 }
11595 break;
11596 case 3:
11597 /* cps */
11598 ARCH(6);
11599 if (IS_USER(s)) {
11600 break;
11601 }
11602 if (arm_dc_feature(s, ARM_FEATURE_M)) {
11603 tmp = tcg_const_i32((insn & (1 << 4)) != 0);
11604 /* FAULTMASK */
11605 if (insn & 1) {
11606 addr = tcg_const_i32(19);
11607 gen_helper_v7m_msr(cpu_env, addr, tmp);
11608 tcg_temp_free_i32(addr);
11609 }
11610 /* PRIMASK */
11611 if (insn & 2) {
11612 addr = tcg_const_i32(16);
11613 gen_helper_v7m_msr(cpu_env, addr, tmp);
11614 tcg_temp_free_i32(addr);
11615 }
11616 tcg_temp_free_i32(tmp);
11617 gen_lookup_tb(s);
11618 } else {
11619 if (insn & (1 << 4)) {
11620 shift = CPSR_A | CPSR_I | CPSR_F;
11621 } else {
11622 shift = 0;
11623 }
11624 gen_set_psr_im(s, ((insn & 7) << 6), 0, shift);
11625 }
11626 break;
11627 default:
11628 goto undef;
11629 }
11630 break;
11631
11632 default:
11633 goto undef;
11634 }
11635 break;
11636
11637 case 12:
11638 {
11639 /* load/store multiple */
11640 TCGv_i32 loaded_var = NULL;
11641 rn = (insn >> 8) & 0x7;
11642 addr = load_reg(s, rn);
11643 for (i = 0; i < 8; i++) {
11644 if (insn & (1 << i)) {
11645 if (insn & (1 << 11)) {
11646 /* load */
11647 tmp = tcg_temp_new_i32();
11648 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11649 if (i == rn) {
11650 loaded_var = tmp;
11651 } else {
11652 store_reg(s, i, tmp);
11653 }
11654 } else {
11655 /* store */
11656 tmp = load_reg(s, i);
11657 gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11658 tcg_temp_free_i32(tmp);
11659 }
11660 /* advance to the next address */
11661 tcg_gen_addi_i32(addr, addr, 4);
11662 }
11663 }
11664 if ((insn & (1 << rn)) == 0) {
11665 /* base reg not in list: base register writeback */
11666 store_reg(s, rn, addr);
11667 } else {
11668 /* base reg in list: if load, complete it now */
11669 if (insn & (1 << 11)) {
11670 store_reg(s, rn, loaded_var);
11671 }
11672 tcg_temp_free_i32(addr);
11673 }
11674 break;
11675 }
11676 case 13:
11677 /* conditional branch or swi */
11678 cond = (insn >> 8) & 0xf;
11679 if (cond == 0xe)
11680 goto undef;
11681
11682 if (cond == 0xf) {
11683 /* swi */
11684 gen_set_pc_im(s, s->base.pc_next);
11685 s->svc_imm = extract32(insn, 0, 8);
11686 s->base.is_jmp = DISAS_SWI;
11687 break;
11688 }
11689 /* generate a conditional jump to next instruction */
11690 arm_skip_unless(s, cond);
11691
11692 /* jump to the offset */
11693 val = read_pc(s);
11694 offset = ((int32_t)insn << 24) >> 24;
11695 val += offset << 1;
11696 gen_jmp(s, val);
11697 break;
11698
11699 case 14:
11700 if (insn & (1 << 11)) {
11701 /* thumb_insn_is_16bit() ensures we can't get here for
11702 * a Thumb2 CPU, so this must be a thumb1 split BL/BLX:
11703 * 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF)
11704 */
11705 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2));
11706 ARCH(5);
11707 offset = ((insn & 0x7ff) << 1);
11708 tmp = load_reg(s, 14);
11709 tcg_gen_addi_i32(tmp, tmp, offset);
11710 tcg_gen_andi_i32(tmp, tmp, 0xfffffffc);
11711
11712 tmp2 = tcg_temp_new_i32();
11713 tcg_gen_movi_i32(tmp2, s->base.pc_next | 1);
11714 store_reg(s, 14, tmp2);
11715 gen_bx(s, tmp);
11716 break;
11717 }
11718 /* unconditional branch */
11719 val = read_pc(s);
11720 offset = ((int32_t)insn << 21) >> 21;
11721 val += offset << 1;
11722 gen_jmp(s, val);
11723 break;
11724
11725 case 15:
11726 /* thumb_insn_is_16bit() ensures we can't get here for
11727 * a Thumb2 CPU, so this must be a thumb1 split BL/BLX.
11728 */
11729 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2));
11730
11731 if (insn & (1 << 11)) {
11732 /* 0b1111_1xxx_xxxx_xxxx : BL suffix */
11733 offset = ((insn & 0x7ff) << 1) | 1;
11734 tmp = load_reg(s, 14);
11735 tcg_gen_addi_i32(tmp, tmp, offset);
11736
11737 tmp2 = tcg_temp_new_i32();
11738 tcg_gen_movi_i32(tmp2, s->base.pc_next | 1);
11739 store_reg(s, 14, tmp2);
11740 gen_bx(s, tmp);
11741 } else {
11742 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix */
11743 uint32_t uoffset = ((int32_t)insn << 21) >> 9;
11744
11745 tcg_gen_movi_i32(cpu_R[14], read_pc(s) + uoffset);
11746 }
11747 break;
11748 }
11749 return;
11750 illegal_op:
11751 undef:
11752 unallocated_encoding(s);
11753 }
11754
11755 static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
11756 {
11757 /* Return true if the insn at dc->base.pc_next might cross a page boundary.
11758 * (False positives are OK, false negatives are not.)
11759 * We know this is a Thumb insn, and our caller ensures we are
11760 * only called if dc->base.pc_next is less than 4 bytes from the page
11761 * boundary, so we cross the page if the first 16 bits indicate
11762 * that this is a 32 bit insn.
11763 */
11764 uint16_t insn = arm_lduw_code(env, s->base.pc_next, s->sctlr_b);
11765
11766 return !thumb_insn_is_16bit(s, s->base.pc_next, insn);
11767 }
11768
11769 static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
11770 {
11771 DisasContext *dc = container_of(dcbase, DisasContext, base);
11772 CPUARMState *env = cs->env_ptr;
11773 ARMCPU *cpu = env_archcpu(env);
11774 uint32_t tb_flags = dc->base.tb->flags;
11775 uint32_t condexec, core_mmu_idx;
11776
11777 dc->isar = &cpu->isar;
11778 dc->condjmp = 0;
11779
11780 dc->aarch64 = 0;
11781 /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
11782 * there is no secure EL1, so we route exceptions to EL3.
11783 */
11784 dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
11785 !arm_el_is_aa64(env, 3);
11786 dc->thumb = FIELD_EX32(tb_flags, TBFLAG_A32, THUMB);
11787 dc->sctlr_b = FIELD_EX32(tb_flags, TBFLAG_A32, SCTLR_B);
11788 dc->be_data = FIELD_EX32(tb_flags, TBFLAG_ANY, BE_DATA) ? MO_BE : MO_LE;
11789 condexec = FIELD_EX32(tb_flags, TBFLAG_A32, CONDEXEC);
11790 dc->condexec_mask = (condexec & 0xf) << 1;
11791 dc->condexec_cond = condexec >> 4;
11792 core_mmu_idx = FIELD_EX32(tb_flags, TBFLAG_ANY, MMUIDX);
11793 dc->mmu_idx = core_to_arm_mmu_idx(env, core_mmu_idx);
11794 dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
11795 #if !defined(CONFIG_USER_ONLY)
11796 dc->user = (dc->current_el == 0);
11797 #endif
11798 dc->ns = FIELD_EX32(tb_flags, TBFLAG_A32, NS);
11799 dc->fp_excp_el = FIELD_EX32(tb_flags, TBFLAG_ANY, FPEXC_EL);
11800 dc->vfp_enabled = FIELD_EX32(tb_flags, TBFLAG_A32, VFPEN);
11801 dc->vec_len = FIELD_EX32(tb_flags, TBFLAG_A32, VECLEN);
11802 if (arm_feature(env, ARM_FEATURE_XSCALE)) {
11803 dc->c15_cpar = FIELD_EX32(tb_flags, TBFLAG_A32, XSCALE_CPAR);
11804 dc->vec_stride = 0;
11805 } else {
11806 dc->vec_stride = FIELD_EX32(tb_flags, TBFLAG_A32, VECSTRIDE);
11807 dc->c15_cpar = 0;
11808 }
11809 dc->v7m_handler_mode = FIELD_EX32(tb_flags, TBFLAG_A32, HANDLER);
11810 dc->v8m_secure = arm_feature(env, ARM_FEATURE_M_SECURITY) &&
11811 regime_is_secure(env, dc->mmu_idx);
11812 dc->v8m_stackcheck = FIELD_EX32(tb_flags, TBFLAG_A32, STACKCHECK);
11813 dc->v8m_fpccr_s_wrong = FIELD_EX32(tb_flags, TBFLAG_A32, FPCCR_S_WRONG);
11814 dc->v7m_new_fp_ctxt_needed =
11815 FIELD_EX32(tb_flags, TBFLAG_A32, NEW_FP_CTXT_NEEDED);
11816 dc->v7m_lspact = FIELD_EX32(tb_flags, TBFLAG_A32, LSPACT);
11817 dc->cp_regs = cpu->cp_regs;
11818 dc->features = env->features;
11819
11820 /* Single step state. The code-generation logic here is:
11821 * SS_ACTIVE == 0:
11822 * generate code with no special handling for single-stepping (except
11823 * that anything that can make us go to SS_ACTIVE == 1 must end the TB;
11824 * this happens anyway because those changes are all system register or
11825 * PSTATE writes).
11826 * SS_ACTIVE == 1, PSTATE.SS == 1: (active-not-pending)
11827 * emit code for one insn
11828 * emit code to clear PSTATE.SS
11829 * emit code to generate software step exception for completed step
11830 * end TB (as usual for having generated an exception)
11831 * SS_ACTIVE == 1, PSTATE.SS == 0: (active-pending)
11832 * emit code to generate a software step exception
11833 * end the TB
11834 */
11835 dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
11836 dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
11837 dc->is_ldex = false;
11838 if (!arm_feature(env, ARM_FEATURE_M)) {
11839 dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
11840 }
11841
11842 dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
11843
11844 /* If architectural single step active, limit to 1. */
11845 if (is_singlestepping(dc)) {
11846 dc->base.max_insns = 1;
11847 }
11848
11849 /* ARM is a fixed-length ISA. Bound the number of insns to execute
11850 to those left on the page. */
11851 if (!dc->thumb) {
11852 int bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
11853 dc->base.max_insns = MIN(dc->base.max_insns, bound);
11854 }
11855
11856 cpu_V0 = tcg_temp_new_i64();
11857 cpu_V1 = tcg_temp_new_i64();
11858 /* FIXME: cpu_M0 can probably be the same as cpu_V0. */
11859 cpu_M0 = tcg_temp_new_i64();
11860 }
11861
11862 static void arm_tr_tb_start(DisasContextBase *dcbase, CPUState *cpu)
11863 {
11864 DisasContext *dc = container_of(dcbase, DisasContext, base);
11865
11866 /* A note on handling of the condexec (IT) bits:
11867 *
11868 * We want to avoid the overhead of having to write the updated condexec
11869 * bits back to the CPUARMState for every instruction in an IT block. So:
11870 * (1) if the condexec bits are not already zero then we write
11871 * zero back into the CPUARMState now. This avoids complications trying
11872 * to do it at the end of the block. (For example if we don't do this
11873 * it's hard to identify whether we can safely skip writing condexec
11874 * at the end of the TB, which we definitely want to do for the case
11875 * where a TB doesn't do anything with the IT state at all.)
11876 * (2) if we are going to leave the TB then we call gen_set_condexec()
11877 * which will write the correct value into CPUARMState if zero is wrong.
11878 * This is done both for leaving the TB at the end, and for leaving
11879 * it because of an exception we know will happen, which is done in
11880 * gen_exception_insn(). The latter is necessary because we need to
11881 * leave the TB with the PC/IT state just prior to execution of the
11882 * instruction which caused the exception.
11883 * (3) if we leave the TB unexpectedly (eg a data abort on a load)
11884 * then the CPUARMState will be wrong and we need to reset it.
11885 * This is handled in the same way as restoration of the
11886 * PC in these situations; we save the value of the condexec bits
11887 * for each PC via tcg_gen_insn_start(), and restore_state_to_opc()
11888 * then uses this to restore them after an exception.
11889 *
11890 * Note that there are no instructions which can read the condexec
11891 * bits, and none which can write non-static values to them, so
11892 * we don't need to care about whether CPUARMState is correct in the
11893 * middle of a TB.
11894 */
11895
11896 /* Reset the conditional execution bits immediately. This avoids
11897 complications trying to do it at the end of the block. */
11898 if (dc->condexec_mask || dc->condexec_cond) {
11899 TCGv_i32 tmp = tcg_temp_new_i32();
11900 tcg_gen_movi_i32(tmp, 0);
11901 store_cpu_field(tmp, condexec_bits);
11902 }
11903 }
11904
11905 static void arm_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
11906 {
11907 DisasContext *dc = container_of(dcbase, DisasContext, base);
11908
11909 tcg_gen_insn_start(dc->base.pc_next,
11910 (dc->condexec_cond << 4) | (dc->condexec_mask >> 1),
11911 0);
11912 dc->insn_start = tcg_last_op();
11913 }
11914
11915 static bool arm_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
11916 const CPUBreakpoint *bp)
11917 {
11918 DisasContext *dc = container_of(dcbase, DisasContext, base);
11919
11920 if (bp->flags & BP_CPU) {
11921 gen_set_condexec(dc);
11922 gen_set_pc_im(dc, dc->base.pc_next);
11923 gen_helper_check_breakpoints(cpu_env);
11924 /* End the TB early; it's likely not going to be executed */
11925 dc->base.is_jmp = DISAS_TOO_MANY;
11926 } else {
11927 gen_exception_internal_insn(dc, dc->base.pc_next, EXCP_DEBUG);
11928 /* The address covered by the breakpoint must be
11929 included in [tb->pc, tb->pc + tb->size) in order
11930 to for it to be properly cleared -- thus we
11931 increment the PC here so that the logic setting
11932 tb->size below does the right thing. */
11933 /* TODO: Advance PC by correct instruction length to
11934 * avoid disassembler error messages */
11935 dc->base.pc_next += 2;
11936 dc->base.is_jmp = DISAS_NORETURN;
11937 }
11938
11939 return true;
11940 }
11941
11942 static bool arm_pre_translate_insn(DisasContext *dc)
11943 {
11944 #ifdef CONFIG_USER_ONLY
11945 /* Intercept jump to the magic kernel page. */
11946 if (dc->base.pc_next >= 0xffff0000) {
11947 /* We always get here via a jump, so know we are not in a
11948 conditional execution block. */
11949 gen_exception_internal(EXCP_KERNEL_TRAP);
11950 dc->base.is_jmp = DISAS_NORETURN;
11951 return true;
11952 }
11953 #endif
11954
11955 if (dc->ss_active && !dc->pstate_ss) {
11956 /* Singlestep state is Active-pending.
11957 * If we're in this state at the start of a TB then either
11958 * a) we just took an exception to an EL which is being debugged
11959 * and this is the first insn in the exception handler
11960 * b) debug exceptions were masked and we just unmasked them
11961 * without changing EL (eg by clearing PSTATE.D)
11962 * In either case we're going to take a swstep exception in the
11963 * "did not step an insn" case, and so the syndrome ISV and EX
11964 * bits should be zero.
11965 */
11966 assert(dc->base.num_insns == 1);
11967 gen_swstep_exception(dc, 0, 0);
11968 dc->base.is_jmp = DISAS_NORETURN;
11969 return true;
11970 }
11971
11972 return false;
11973 }
11974
11975 static void arm_post_translate_insn(DisasContext *dc)
11976 {
11977 if (dc->condjmp && !dc->base.is_jmp) {
11978 gen_set_label(dc->condlabel);
11979 dc->condjmp = 0;
11980 }
11981 translator_loop_temp_check(&dc->base);
11982 }
11983
11984 static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
11985 {
11986 DisasContext *dc = container_of(dcbase, DisasContext, base);
11987 CPUARMState *env = cpu->env_ptr;
11988 unsigned int insn;
11989
11990 if (arm_pre_translate_insn(dc)) {
11991 return;
11992 }
11993
11994 dc->pc_curr = dc->base.pc_next;
11995 insn = arm_ldl_code(env, dc->base.pc_next, dc->sctlr_b);
11996 dc->insn = insn;
11997 dc->base.pc_next += 4;
11998 disas_arm_insn(dc, insn);
11999
12000 arm_post_translate_insn(dc);
12001
12002 /* ARM is a fixed-length ISA. We performed the cross-page check
12003 in init_disas_context by adjusting max_insns. */
12004 }
12005
12006 static bool thumb_insn_is_unconditional(DisasContext *s, uint32_t insn)
12007 {
12008 /* Return true if this Thumb insn is always unconditional,
12009 * even inside an IT block. This is true of only a very few
12010 * instructions: BKPT, HLT, and SG.
12011 *
12012 * A larger class of instructions are UNPREDICTABLE if used
12013 * inside an IT block; we do not need to detect those here, because
12014 * what we do by default (perform the cc check and update the IT
12015 * bits state machine) is a permitted CONSTRAINED UNPREDICTABLE
12016 * choice for those situations.
12017 *
12018 * insn is either a 16-bit or a 32-bit instruction; the two are
12019 * distinguishable because for the 16-bit case the top 16 bits
12020 * are zeroes, and that isn't a valid 32-bit encoding.
12021 */
12022 if ((insn & 0xffffff00) == 0xbe00) {
12023 /* BKPT */
12024 return true;
12025 }
12026
12027 if ((insn & 0xffffffc0) == 0xba80 && arm_dc_feature(s, ARM_FEATURE_V8) &&
12028 !arm_dc_feature(s, ARM_FEATURE_M)) {
12029 /* HLT: v8A only. This is unconditional even when it is going to
12030 * UNDEF; see the v8A ARM ARM DDI0487B.a H3.3.
12031 * For v7 cores this was a plain old undefined encoding and so
12032 * honours its cc check. (We might be using the encoding as
12033 * a semihosting trap, but we don't change the cc check behaviour
12034 * on that account, because a debugger connected to a real v7A
12035 * core and emulating semihosting traps by catching the UNDEF
12036 * exception would also only see cases where the cc check passed.
12037 * No guest code should be trying to do a HLT semihosting trap
12038 * in an IT block anyway.
12039 */
12040 return true;
12041 }
12042
12043 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_V8) &&
12044 arm_dc_feature(s, ARM_FEATURE_M)) {
12045 /* SG: v8M only */
12046 return true;
12047 }
12048
12049 return false;
12050 }
12051
12052 static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
12053 {
12054 DisasContext *dc = container_of(dcbase, DisasContext, base);
12055 CPUARMState *env = cpu->env_ptr;
12056 uint32_t insn;
12057 bool is_16bit;
12058
12059 if (arm_pre_translate_insn(dc)) {
12060 return;
12061 }
12062
12063 dc->pc_curr = dc->base.pc_next;
12064 insn = arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b);
12065 is_16bit = thumb_insn_is_16bit(dc, dc->base.pc_next, insn);
12066 dc->base.pc_next += 2;
12067 if (!is_16bit) {
12068 uint32_t insn2 = arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b);
12069
12070 insn = insn << 16 | insn2;
12071 dc->base.pc_next += 2;
12072 }
12073 dc->insn = insn;
12074
12075 if (dc->condexec_mask && !thumb_insn_is_unconditional(dc, insn)) {
12076 uint32_t cond = dc->condexec_cond;
12077
12078 /*
12079 * Conditionally skip the insn. Note that both 0xe and 0xf mean
12080 * "always"; 0xf is not "never".
12081 */
12082 if (cond < 0x0e) {
12083 arm_skip_unless(dc, cond);
12084 }
12085 }
12086
12087 if (is_16bit) {
12088 disas_thumb_insn(dc, insn);
12089 } else {
12090 disas_thumb2_insn(dc, insn);
12091 }
12092
12093 /* Advance the Thumb condexec condition. */
12094 if (dc->condexec_mask) {
12095 dc->condexec_cond = ((dc->condexec_cond & 0xe) |
12096 ((dc->condexec_mask >> 4) & 1));
12097 dc->condexec_mask = (dc->condexec_mask << 1) & 0x1f;
12098 if (dc->condexec_mask == 0) {
12099 dc->condexec_cond = 0;
12100 }
12101 }
12102
12103 arm_post_translate_insn(dc);
12104
12105 /* Thumb is a variable-length ISA. Stop translation when the next insn
12106 * will touch a new page. This ensures that prefetch aborts occur at
12107 * the right place.
12108 *
12109 * We want to stop the TB if the next insn starts in a new page,
12110 * or if it spans between this page and the next. This means that
12111 * if we're looking at the last halfword in the page we need to
12112 * see if it's a 16-bit Thumb insn (which will fit in this TB)
12113 * or a 32-bit Thumb insn (which won't).
12114 * This is to avoid generating a silly TB with a single 16-bit insn
12115 * in it at the end of this page (which would execute correctly
12116 * but isn't very efficient).
12117 */
12118 if (dc->base.is_jmp == DISAS_NEXT
12119 && (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE
12120 || (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE - 3
12121 && insn_crosses_page(env, dc)))) {
12122 dc->base.is_jmp = DISAS_TOO_MANY;
12123 }
12124 }
12125
12126 static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
12127 {
12128 DisasContext *dc = container_of(dcbase, DisasContext, base);
12129
12130 if (tb_cflags(dc->base.tb) & CF_LAST_IO && dc->condjmp) {
12131 /* FIXME: This can theoretically happen with self-modifying code. */
12132 cpu_abort(cpu, "IO on conditional branch instruction");
12133 }
12134
12135 /* At this stage dc->condjmp will only be set when the skipped
12136 instruction was a conditional branch or trap, and the PC has
12137 already been written. */
12138 gen_set_condexec(dc);
12139 if (dc->base.is_jmp == DISAS_BX_EXCRET) {
12140 /* Exception return branches need some special case code at the
12141 * end of the TB, which is complex enough that it has to
12142 * handle the single-step vs not and the condition-failed
12143 * insn codepath itself.
12144 */
12145 gen_bx_excret_final_code(dc);
12146 } else if (unlikely(is_singlestepping(dc))) {
12147 /* Unconditional and "condition passed" instruction codepath. */
12148 switch (dc->base.is_jmp) {
12149 case DISAS_SWI:
12150 gen_ss_advance(dc);
12151 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
12152 default_exception_el(dc));
12153 break;
12154 case DISAS_HVC:
12155 gen_ss_advance(dc);
12156 gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
12157 break;
12158 case DISAS_SMC:
12159 gen_ss_advance(dc);
12160 gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
12161 break;
12162 case DISAS_NEXT:
12163 case DISAS_TOO_MANY:
12164 case DISAS_UPDATE:
12165 gen_set_pc_im(dc, dc->base.pc_next);
12166 /* fall through */
12167 default:
12168 /* FIXME: Single stepping a WFI insn will not halt the CPU. */
12169 gen_singlestep_exception(dc);
12170 break;
12171 case DISAS_NORETURN:
12172 break;
12173 }
12174 } else {
12175 /* While branches must always occur at the end of an IT block,
12176 there are a few other things that can cause us to terminate
12177 the TB in the middle of an IT block:
12178 - Exception generating instructions (bkpt, swi, undefined).
12179 - Page boundaries.
12180 - Hardware watchpoints.
12181 Hardware breakpoints have already been handled and skip this code.
12182 */
12183 switch(dc->base.is_jmp) {
12184 case DISAS_NEXT:
12185 case DISAS_TOO_MANY:
12186 gen_goto_tb(dc, 1, dc->base.pc_next);
12187 break;
12188 case DISAS_JUMP:
12189 gen_goto_ptr();
12190 break;
12191 case DISAS_UPDATE:
12192 gen_set_pc_im(dc, dc->base.pc_next);
12193 /* fall through */
12194 default:
12195 /* indicate that the hash table must be used to find the next TB */
12196 tcg_gen_exit_tb(NULL, 0);
12197 break;
12198 case DISAS_NORETURN:
12199 /* nothing more to generate */
12200 break;
12201 case DISAS_WFI:
12202 {
12203 TCGv_i32 tmp = tcg_const_i32((dc->thumb &&
12204 !(dc->insn & (1U << 31))) ? 2 : 4);
12205
12206 gen_helper_wfi(cpu_env, tmp);
12207 tcg_temp_free_i32(tmp);
12208 /* The helper doesn't necessarily throw an exception, but we
12209 * must go back to the main loop to check for interrupts anyway.
12210 */
12211 tcg_gen_exit_tb(NULL, 0);
12212 break;
12213 }
12214 case DISAS_WFE:
12215 gen_helper_wfe(cpu_env);
12216 break;
12217 case DISAS_YIELD:
12218 gen_helper_yield(cpu_env);
12219 break;
12220 case DISAS_SWI:
12221 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
12222 default_exception_el(dc));
12223 break;
12224 case DISAS_HVC:
12225 gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
12226 break;
12227 case DISAS_SMC:
12228 gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
12229 break;
12230 }
12231 }
12232
12233 if (dc->condjmp) {
12234 /* "Condition failed" instruction codepath for the branch/trap insn */
12235 gen_set_label(dc->condlabel);
12236 gen_set_condexec(dc);
12237 if (unlikely(is_singlestepping(dc))) {
12238 gen_set_pc_im(dc, dc->base.pc_next);
12239 gen_singlestep_exception(dc);
12240 } else {
12241 gen_goto_tb(dc, 1, dc->base.pc_next);
12242 }
12243 }
12244 }
12245
12246 static void arm_tr_disas_log(const DisasContextBase *dcbase, CPUState *cpu)
12247 {
12248 DisasContext *dc = container_of(dcbase, DisasContext, base);
12249
12250 qemu_log("IN: %s\n", lookup_symbol(dc->base.pc_first));
12251 log_target_disas(cpu, dc->base.pc_first, dc->base.tb->size);
12252 }
12253
12254 static const TranslatorOps arm_translator_ops = {
12255 .init_disas_context = arm_tr_init_disas_context,
12256 .tb_start = arm_tr_tb_start,
12257 .insn_start = arm_tr_insn_start,
12258 .breakpoint_check = arm_tr_breakpoint_check,
12259 .translate_insn = arm_tr_translate_insn,
12260 .tb_stop = arm_tr_tb_stop,
12261 .disas_log = arm_tr_disas_log,
12262 };
12263
12264 static const TranslatorOps thumb_translator_ops = {
12265 .init_disas_context = arm_tr_init_disas_context,
12266 .tb_start = arm_tr_tb_start,
12267 .insn_start = arm_tr_insn_start,
12268 .breakpoint_check = arm_tr_breakpoint_check,
12269 .translate_insn = thumb_tr_translate_insn,
12270 .tb_stop = arm_tr_tb_stop,
12271 .disas_log = arm_tr_disas_log,
12272 };
12273
12274 /* generate intermediate code for basic block 'tb'. */
12275 void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int max_insns)
12276 {
12277 DisasContext dc;
12278 const TranslatorOps *ops = &arm_translator_ops;
12279
12280 if (FIELD_EX32(tb->flags, TBFLAG_A32, THUMB)) {
12281 ops = &thumb_translator_ops;
12282 }
12283 #ifdef TARGET_AARCH64
12284 if (FIELD_EX32(tb->flags, TBFLAG_ANY, AARCH64_STATE)) {
12285 ops = &aarch64_translator_ops;
12286 }
12287 #endif
12288
12289 translator_loop(ops, &dc.base, cpu, tb, max_insns);
12290 }
12291
12292 void restore_state_to_opc(CPUARMState *env, TranslationBlock *tb,
12293 target_ulong *data)
12294 {
12295 if (is_a64(env)) {
12296 env->pc = data[0];
12297 env->condexec_bits = 0;
12298 env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
12299 } else {
12300 env->regs[15] = data[0];
12301 env->condexec_bits = data[1];
12302 env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
12303 }
12304 }
QEMU mirror