]> git.proxmox.com Git - mirror_qemu.git/blob - target/i386/tcg/translate.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
accel/tcg: Pass max_insn to gen_intermediate_code by pointer
[mirror_qemu.git] / target / i386 / tcg / translate.c
1 /*
2 * i386 translation
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "qemu/osdep.h"
20
21 #include "qemu/host-utils.h"
22 #include "cpu.h"
23 #include "disas/disas.h"
24 #include "exec/exec-all.h"
25 #include "tcg/tcg-op.h"
26 #include "tcg/tcg-op-gvec.h"
27 #include "exec/cpu_ldst.h"
28 #include "exec/translator.h"
29 #include "fpu/softfloat.h"
30
31 #include "exec/helper-proto.h"
32 #include "exec/helper-gen.h"
33 #include "helper-tcg.h"
34
35 #include "exec/log.h"
36
37 #define PREFIX_REPZ 0x01
38 #define PREFIX_REPNZ 0x02
39 #define PREFIX_LOCK 0x04
40 #define PREFIX_DATA 0x08
41 #define PREFIX_ADR 0x10
42 #define PREFIX_VEX 0x20
43 #define PREFIX_REX 0x40
44
45 #ifdef TARGET_X86_64
46 # define ctztl ctz64
47 # define clztl clz64
48 #else
49 # define ctztl ctz32
50 # define clztl clz32
51 #endif
52
53 /* For a switch indexed by MODRM, match all memory operands for a given OP. */
54 #define CASE_MODRM_MEM_OP(OP) \
55 case (0 << 6) | (OP << 3) | 0 ... (0 << 6) | (OP << 3) | 7: \
56 case (1 << 6) | (OP << 3) | 0 ... (1 << 6) | (OP << 3) | 7: \
57 case (2 << 6) | (OP << 3) | 0 ... (2 << 6) | (OP << 3) | 7
58
59 #define CASE_MODRM_OP(OP) \
60 case (0 << 6) | (OP << 3) | 0 ... (0 << 6) | (OP << 3) | 7: \
61 case (1 << 6) | (OP << 3) | 0 ... (1 << 6) | (OP << 3) | 7: \
62 case (2 << 6) | (OP << 3) | 0 ... (2 << 6) | (OP << 3) | 7: \
63 case (3 << 6) | (OP << 3) | 0 ... (3 << 6) | (OP << 3) | 7
64
65 //#define MACRO_TEST 1
66
67 /* global register indexes */
68 static TCGv cpu_cc_dst, cpu_cc_src, cpu_cc_src2;
69 static TCGv cpu_eip;
70 static TCGv_i32 cpu_cc_op;
71 static TCGv cpu_regs[CPU_NB_REGS];
72 static TCGv cpu_seg_base[6];
73 static TCGv_i64 cpu_bndl[4];
74 static TCGv_i64 cpu_bndu[4];
75
76 #include "exec/gen-icount.h"
77
78 typedef struct DisasContext {
79 DisasContextBase base;
80
81 target_ulong pc; /* pc = eip + cs_base */
82 target_ulong cs_base; /* base of CS segment */
83 target_ulong pc_save;
84
85 MemOp aflag;
86 MemOp dflag;
87
88 int8_t override; /* -1 if no override, else R_CS, R_DS, etc */
89 uint8_t prefix;
90
91 bool has_modrm;
92 uint8_t modrm;
93
94 #ifndef CONFIG_USER_ONLY
95 uint8_t cpl; /* code priv level */
96 uint8_t iopl; /* i/o priv level */
97 #endif
98 uint8_t vex_l; /* vex vector length */
99 uint8_t vex_v; /* vex vvvv register, without 1's complement. */
100 uint8_t popl_esp_hack; /* for correct popl with esp base handling */
101 uint8_t rip_offset; /* only used in x86_64, but left for simplicity */
102
103 #ifdef TARGET_X86_64
104 uint8_t rex_r;
105 uint8_t rex_x;
106 uint8_t rex_b;
107 #endif
108 bool vex_w; /* used by AVX even on 32-bit processors */
109 bool jmp_opt; /* use direct block chaining for direct jumps */
110 bool repz_opt; /* optimize jumps within repz instructions */
111 bool cc_op_dirty;
112
113 CCOp cc_op; /* current CC operation */
114 int mem_index; /* select memory access functions */
115 uint32_t flags; /* all execution flags */
116 int cpuid_features;
117 int cpuid_ext_features;
118 int cpuid_ext2_features;
119 int cpuid_ext3_features;
120 int cpuid_7_0_ebx_features;
121 int cpuid_7_0_ecx_features;
122 int cpuid_xsave_features;
123
124 /* TCG local temps */
125 TCGv cc_srcT;
126 TCGv A0;
127 TCGv T0;
128 TCGv T1;
129
130 /* TCG local register indexes (only used inside old micro ops) */
131 TCGv tmp0;
132 TCGv tmp4;
133 TCGv_i32 tmp2_i32;
134 TCGv_i32 tmp3_i32;
135 TCGv_i64 tmp1_i64;
136
137 sigjmp_buf jmpbuf;
138 TCGOp *prev_insn_end;
139 } DisasContext;
140
141 #define DISAS_EOB_ONLY DISAS_TARGET_0
142 #define DISAS_EOB_NEXT DISAS_TARGET_1
143 #define DISAS_EOB_INHIBIT_IRQ DISAS_TARGET_2
144 #define DISAS_JUMP DISAS_TARGET_3
145
146 /* The environment in which user-only runs is constrained. */
147 #ifdef CONFIG_USER_ONLY
148 #define PE(S) true
149 #define CPL(S) 3
150 #define IOPL(S) 0
151 #define SVME(S) false
152 #define GUEST(S) false
153 #else
154 #define PE(S) (((S)->flags & HF_PE_MASK) != 0)
155 #define CPL(S) ((S)->cpl)
156 #define IOPL(S) ((S)->iopl)
157 #define SVME(S) (((S)->flags & HF_SVME_MASK) != 0)
158 #define GUEST(S) (((S)->flags & HF_GUEST_MASK) != 0)
159 #endif
160 #if defined(CONFIG_USER_ONLY) && defined(TARGET_X86_64)
161 #define VM86(S) false
162 #define CODE32(S) true
163 #define SS32(S) true
164 #define ADDSEG(S) false
165 #else
166 #define VM86(S) (((S)->flags & HF_VM_MASK) != 0)
167 #define CODE32(S) (((S)->flags & HF_CS32_MASK) != 0)
168 #define SS32(S) (((S)->flags & HF_SS32_MASK) != 0)
169 #define ADDSEG(S) (((S)->flags & HF_ADDSEG_MASK) != 0)
170 #endif
171 #if !defined(TARGET_X86_64)
172 #define CODE64(S) false
173 #define LMA(S) false
174 #elif defined(CONFIG_USER_ONLY)
175 #define CODE64(S) true
176 #define LMA(S) true
177 #else
178 #define CODE64(S) (((S)->flags & HF_CS64_MASK) != 0)
179 #define LMA(S) (((S)->flags & HF_LMA_MASK) != 0)
180 #endif
181
182 #ifdef TARGET_X86_64
183 #define REX_PREFIX(S) (((S)->prefix & PREFIX_REX) != 0)
184 #define REX_W(S) ((S)->vex_w)
185 #define REX_R(S) ((S)->rex_r + 0)
186 #define REX_X(S) ((S)->rex_x + 0)
187 #define REX_B(S) ((S)->rex_b + 0)
188 #else
189 #define REX_PREFIX(S) false
190 #define REX_W(S) false
191 #define REX_R(S) 0
192 #define REX_X(S) 0
193 #define REX_B(S) 0
194 #endif
195
196 /*
197 * Many sysemu-only helpers are not reachable for user-only.
198 * Define stub generators here, so that we need not either sprinkle
199 * ifdefs through the translator, nor provide the helper function.
200 */
201 #define STUB_HELPER(NAME, ...) \
202 static inline void gen_helper_##NAME(__VA_ARGS__) \
203 { qemu_build_not_reached(); }
204
205 #ifdef CONFIG_USER_ONLY
206 STUB_HELPER(clgi, TCGv_env env)
207 STUB_HELPER(flush_page, TCGv_env env, TCGv addr)
208 STUB_HELPER(hlt, TCGv_env env, TCGv_i32 pc_ofs)
209 STUB_HELPER(inb, TCGv ret, TCGv_env env, TCGv_i32 port)
210 STUB_HELPER(inw, TCGv ret, TCGv_env env, TCGv_i32 port)
211 STUB_HELPER(inl, TCGv ret, TCGv_env env, TCGv_i32 port)
212 STUB_HELPER(monitor, TCGv_env env, TCGv addr)
213 STUB_HELPER(mwait, TCGv_env env, TCGv_i32 pc_ofs)
214 STUB_HELPER(outb, TCGv_env env, TCGv_i32 port, TCGv_i32 val)
215 STUB_HELPER(outw, TCGv_env env, TCGv_i32 port, TCGv_i32 val)
216 STUB_HELPER(outl, TCGv_env env, TCGv_i32 port, TCGv_i32 val)
217 STUB_HELPER(rdmsr, TCGv_env env)
218 STUB_HELPER(read_crN, TCGv ret, TCGv_env env, TCGv_i32 reg)
219 STUB_HELPER(get_dr, TCGv ret, TCGv_env env, TCGv_i32 reg)
220 STUB_HELPER(set_dr, TCGv_env env, TCGv_i32 reg, TCGv val)
221 STUB_HELPER(stgi, TCGv_env env)
222 STUB_HELPER(svm_check_intercept, TCGv_env env, TCGv_i32 type)
223 STUB_HELPER(vmload, TCGv_env env, TCGv_i32 aflag)
224 STUB_HELPER(vmmcall, TCGv_env env)
225 STUB_HELPER(vmrun, TCGv_env env, TCGv_i32 aflag, TCGv_i32 pc_ofs)
226 STUB_HELPER(vmsave, TCGv_env env, TCGv_i32 aflag)
227 STUB_HELPER(write_crN, TCGv_env env, TCGv_i32 reg, TCGv val)
228 STUB_HELPER(wrmsr, TCGv_env env)
229 #endif
230
231 static void gen_eob(DisasContext *s);
232 static void gen_jr(DisasContext *s);
233 static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num);
234 static void gen_jmp_rel_csize(DisasContext *s, int diff, int tb_num);
235 static void gen_op(DisasContext *s1, int op, MemOp ot, int d);
236 static void gen_exception_gpf(DisasContext *s);
237
238 /* i386 arith/logic operations */
239 enum {
240 OP_ADDL,
241 OP_ORL,
242 OP_ADCL,
243 OP_SBBL,
244 OP_ANDL,
245 OP_SUBL,
246 OP_XORL,
247 OP_CMPL,
248 };
249
250 /* i386 shift ops */
251 enum {
252 OP_ROL,
253 OP_ROR,
254 OP_RCL,
255 OP_RCR,
256 OP_SHL,
257 OP_SHR,
258 OP_SHL1, /* undocumented */
259 OP_SAR = 7,
260 };
261
262 enum {
263 JCC_O,
264 JCC_B,
265 JCC_Z,
266 JCC_BE,
267 JCC_S,
268 JCC_P,
269 JCC_L,
270 JCC_LE,
271 };
272
273 enum {
274 /* I386 int registers */
275 OR_EAX, /* MUST be even numbered */
276 OR_ECX,
277 OR_EDX,
278 OR_EBX,
279 OR_ESP,
280 OR_EBP,
281 OR_ESI,
282 OR_EDI,
283
284 OR_TMP0 = 16, /* temporary operand register */
285 OR_TMP1,
286 OR_A0, /* temporary register used when doing address evaluation */
287 };
288
289 enum {
290 USES_CC_DST = 1,
291 USES_CC_SRC = 2,
292 USES_CC_SRC2 = 4,
293 USES_CC_SRCT = 8,
294 };
295
296 /* Bit set if the global variable is live after setting CC_OP to X. */
297 static const uint8_t cc_op_live[CC_OP_NB] = {
298 [CC_OP_DYNAMIC] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
299 [CC_OP_EFLAGS] = USES_CC_SRC,
300 [CC_OP_MULB ... CC_OP_MULQ] = USES_CC_DST | USES_CC_SRC,
301 [CC_OP_ADDB ... CC_OP_ADDQ] = USES_CC_DST | USES_CC_SRC,
302 [CC_OP_ADCB ... CC_OP_ADCQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
303 [CC_OP_SUBB ... CC_OP_SUBQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRCT,
304 [CC_OP_SBBB ... CC_OP_SBBQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
305 [CC_OP_LOGICB ... CC_OP_LOGICQ] = USES_CC_DST,
306 [CC_OP_INCB ... CC_OP_INCQ] = USES_CC_DST | USES_CC_SRC,
307 [CC_OP_DECB ... CC_OP_DECQ] = USES_CC_DST | USES_CC_SRC,
308 [CC_OP_SHLB ... CC_OP_SHLQ] = USES_CC_DST | USES_CC_SRC,
309 [CC_OP_SARB ... CC_OP_SARQ] = USES_CC_DST | USES_CC_SRC,
310 [CC_OP_BMILGB ... CC_OP_BMILGQ] = USES_CC_DST | USES_CC_SRC,
311 [CC_OP_ADCX] = USES_CC_DST | USES_CC_SRC,
312 [CC_OP_ADOX] = USES_CC_SRC | USES_CC_SRC2,
313 [CC_OP_ADCOX] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2,
314 [CC_OP_CLR] = 0,
315 [CC_OP_POPCNT] = USES_CC_SRC,
316 };
317
318 static void set_cc_op(DisasContext *s, CCOp op)
319 {
320 int dead;
321
322 if (s->cc_op == op) {
323 return;
324 }
325
326 /* Discard CC computation that will no longer be used. */
327 dead = cc_op_live[s->cc_op] & ~cc_op_live[op];
328 if (dead & USES_CC_DST) {
329 tcg_gen_discard_tl(cpu_cc_dst);
330 }
331 if (dead & USES_CC_SRC) {
332 tcg_gen_discard_tl(cpu_cc_src);
333 }
334 if (dead & USES_CC_SRC2) {
335 tcg_gen_discard_tl(cpu_cc_src2);
336 }
337 if (dead & USES_CC_SRCT) {
338 tcg_gen_discard_tl(s->cc_srcT);
339 }
340
341 if (op == CC_OP_DYNAMIC) {
342 /* The DYNAMIC setting is translator only, and should never be
343 stored. Thus we always consider it clean. */
344 s->cc_op_dirty = false;
345 } else {
346 /* Discard any computed CC_OP value (see shifts). */
347 if (s->cc_op == CC_OP_DYNAMIC) {
348 tcg_gen_discard_i32(cpu_cc_op);
349 }
350 s->cc_op_dirty = true;
351 }
352 s->cc_op = op;
353 }
354
355 static void gen_update_cc_op(DisasContext *s)
356 {
357 if (s->cc_op_dirty) {
358 tcg_gen_movi_i32(cpu_cc_op, s->cc_op);
359 s->cc_op_dirty = false;
360 }
361 }
362
363 #ifdef TARGET_X86_64
364
365 #define NB_OP_SIZES 4
366
367 #else /* !TARGET_X86_64 */
368
369 #define NB_OP_SIZES 3
370
371 #endif /* !TARGET_X86_64 */
372
373 #if HOST_BIG_ENDIAN
374 #define REG_B_OFFSET (sizeof(target_ulong) - 1)
375 #define REG_H_OFFSET (sizeof(target_ulong) - 2)
376 #define REG_W_OFFSET (sizeof(target_ulong) - 2)
377 #define REG_L_OFFSET (sizeof(target_ulong) - 4)
378 #define REG_LH_OFFSET (sizeof(target_ulong) - 8)
379 #else
380 #define REG_B_OFFSET 0
381 #define REG_H_OFFSET 1
382 #define REG_W_OFFSET 0
383 #define REG_L_OFFSET 0
384 #define REG_LH_OFFSET 4
385 #endif
386
387 /* In instruction encodings for byte register accesses the
388 * register number usually indicates "low 8 bits of register N";
389 * however there are some special cases where N 4..7 indicates
390 * [AH, CH, DH, BH], ie "bits 15..8 of register N-4". Return
391 * true for this special case, false otherwise.
392 */
393 static inline bool byte_reg_is_xH(DisasContext *s, int reg)
394 {
395 /* Any time the REX prefix is present, byte registers are uniform */
396 if (reg < 4 || REX_PREFIX(s)) {
397 return false;
398 }
399 return true;
400 }
401
402 /* Select the size of a push/pop operation. */
403 static inline MemOp mo_pushpop(DisasContext *s, MemOp ot)
404 {
405 if (CODE64(s)) {
406 return ot == MO_16 ? MO_16 : MO_64;
407 } else {
408 return ot;
409 }
410 }
411
412 /* Select the size of the stack pointer. */
413 static inline MemOp mo_stacksize(DisasContext *s)
414 {
415 return CODE64(s) ? MO_64 : SS32(s) ? MO_32 : MO_16;
416 }
417
418 /* Select only size 64 else 32. Used for SSE operand sizes. */
419 static inline MemOp mo_64_32(MemOp ot)
420 {
421 #ifdef TARGET_X86_64
422 return ot == MO_64 ? MO_64 : MO_32;
423 #else
424 return MO_32;
425 #endif
426 }
427
428 /* Select size 8 if lsb of B is clear, else OT. Used for decoding
429 byte vs word opcodes. */
430 static inline MemOp mo_b_d(int b, MemOp ot)
431 {
432 return b & 1 ? ot : MO_8;
433 }
434
435 /* Select size 8 if lsb of B is clear, else OT capped at 32.
436 Used for decoding operand size of port opcodes. */
437 static inline MemOp mo_b_d32(int b, MemOp ot)
438 {
439 return b & 1 ? (ot == MO_16 ? MO_16 : MO_32) : MO_8;
440 }
441
442 /* Compute the result of writing t0 to the OT-sized register REG.
443 *
444 * If DEST is NULL, store the result into the register and return the
445 * register's TCGv.
446 *
447 * If DEST is not NULL, store the result into DEST and return the
448 * register's TCGv.
449 */
450 static TCGv gen_op_deposit_reg_v(DisasContext *s, MemOp ot, int reg, TCGv dest, TCGv t0)
451 {
452 switch(ot) {
453 case MO_8:
454 if (byte_reg_is_xH(s, reg)) {
455 dest = dest ? dest : cpu_regs[reg - 4];
456 tcg_gen_deposit_tl(dest, cpu_regs[reg - 4], t0, 8, 8);
457 return cpu_regs[reg - 4];
458 }
459 dest = dest ? dest : cpu_regs[reg];
460 tcg_gen_deposit_tl(dest, cpu_regs[reg], t0, 0, 8);
461 break;
462 case MO_16:
463 dest = dest ? dest : cpu_regs[reg];
464 tcg_gen_deposit_tl(dest, cpu_regs[reg], t0, 0, 16);
465 break;
466 case MO_32:
467 /* For x86_64, this sets the higher half of register to zero.
468 For i386, this is equivalent to a mov. */
469 dest = dest ? dest : cpu_regs[reg];
470 tcg_gen_ext32u_tl(dest, t0);
471 break;
472 #ifdef TARGET_X86_64
473 case MO_64:
474 dest = dest ? dest : cpu_regs[reg];
475 tcg_gen_mov_tl(dest, t0);
476 break;
477 #endif
478 default:
479 tcg_abort();
480 }
481 return cpu_regs[reg];
482 }
483
484 static void gen_op_mov_reg_v(DisasContext *s, MemOp ot, int reg, TCGv t0)
485 {
486 gen_op_deposit_reg_v(s, ot, reg, NULL, t0);
487 }
488
489 static inline
490 void gen_op_mov_v_reg(DisasContext *s, MemOp ot, TCGv t0, int reg)
491 {
492 if (ot == MO_8 && byte_reg_is_xH(s, reg)) {
493 tcg_gen_extract_tl(t0, cpu_regs[reg - 4], 8, 8);
494 } else {
495 tcg_gen_mov_tl(t0, cpu_regs[reg]);
496 }
497 }
498
499 static void gen_add_A0_im(DisasContext *s, int val)
500 {
501 tcg_gen_addi_tl(s->A0, s->A0, val);
502 if (!CODE64(s)) {
503 tcg_gen_ext32u_tl(s->A0, s->A0);
504 }
505 }
506
507 static inline void gen_op_jmp_v(DisasContext *s, TCGv dest)
508 {
509 tcg_gen_mov_tl(cpu_eip, dest);
510 s->pc_save = -1;
511 }
512
513 static inline
514 void gen_op_add_reg_im(DisasContext *s, MemOp size, int reg, int32_t val)
515 {
516 tcg_gen_addi_tl(s->tmp0, cpu_regs[reg], val);
517 gen_op_mov_reg_v(s, size, reg, s->tmp0);
518 }
519
520 static inline void gen_op_add_reg_T0(DisasContext *s, MemOp size, int reg)
521 {
522 tcg_gen_add_tl(s->tmp0, cpu_regs[reg], s->T0);
523 gen_op_mov_reg_v(s, size, reg, s->tmp0);
524 }
525
526 static inline void gen_op_ld_v(DisasContext *s, int idx, TCGv t0, TCGv a0)
527 {
528 tcg_gen_qemu_ld_tl(t0, a0, s->mem_index, idx | MO_LE);
529 }
530
531 static inline void gen_op_st_v(DisasContext *s, int idx, TCGv t0, TCGv a0)
532 {
533 tcg_gen_qemu_st_tl(t0, a0, s->mem_index, idx | MO_LE);
534 }
535
536 static inline void gen_op_st_rm_T0_A0(DisasContext *s, int idx, int d)
537 {
538 if (d == OR_TMP0) {
539 gen_op_st_v(s, idx, s->T0, s->A0);
540 } else {
541 gen_op_mov_reg_v(s, idx, d, s->T0);
542 }
543 }
544
545 static void gen_update_eip_cur(DisasContext *s)
546 {
547 assert(s->pc_save != -1);
548 if (tb_cflags(s->base.tb) & CF_PCREL) {
549 tcg_gen_addi_tl(cpu_eip, cpu_eip, s->base.pc_next - s->pc_save);
550 } else {
551 tcg_gen_movi_tl(cpu_eip, s->base.pc_next - s->cs_base);
552 }
553 s->pc_save = s->base.pc_next;
554 }
555
556 static void gen_update_eip_next(DisasContext *s)
557 {
558 assert(s->pc_save != -1);
559 if (tb_cflags(s->base.tb) & CF_PCREL) {
560 tcg_gen_addi_tl(cpu_eip, cpu_eip, s->pc - s->pc_save);
561 } else {
562 tcg_gen_movi_tl(cpu_eip, s->pc - s->cs_base);
563 }
564 s->pc_save = s->pc;
565 }
566
567 static int cur_insn_len(DisasContext *s)
568 {
569 return s->pc - s->base.pc_next;
570 }
571
572 static TCGv_i32 cur_insn_len_i32(DisasContext *s)
573 {
574 return tcg_constant_i32(cur_insn_len(s));
575 }
576
577 static TCGv_i32 eip_next_i32(DisasContext *s)
578 {
579 assert(s->pc_save != -1);
580 /*
581 * This function has two users: lcall_real (always 16-bit mode), and
582 * iret_protected (16, 32, or 64-bit mode). IRET only uses the value
583 * when EFLAGS.NT is set, which is illegal in 64-bit mode, which is
584 * why passing a 32-bit value isn't broken. To avoid using this where
585 * we shouldn't, return -1 in 64-bit mode so that execution goes into
586 * the weeds quickly.
587 */
588 if (CODE64(s)) {
589 return tcg_constant_i32(-1);
590 }
591 if (tb_cflags(s->base.tb) & CF_PCREL) {
592 TCGv_i32 ret = tcg_temp_new_i32();
593 tcg_gen_trunc_tl_i32(ret, cpu_eip);
594 tcg_gen_addi_i32(ret, ret, s->pc - s->pc_save);
595 return ret;
596 } else {
597 return tcg_constant_i32(s->pc - s->cs_base);
598 }
599 }
600
601 static TCGv eip_next_tl(DisasContext *s)
602 {
603 assert(s->pc_save != -1);
604 if (tb_cflags(s->base.tb) & CF_PCREL) {
605 TCGv ret = tcg_temp_new();
606 tcg_gen_addi_tl(ret, cpu_eip, s->pc - s->pc_save);
607 return ret;
608 } else {
609 return tcg_constant_tl(s->pc - s->cs_base);
610 }
611 }
612
613 static TCGv eip_cur_tl(DisasContext *s)
614 {
615 assert(s->pc_save != -1);
616 if (tb_cflags(s->base.tb) & CF_PCREL) {
617 TCGv ret = tcg_temp_new();
618 tcg_gen_addi_tl(ret, cpu_eip, s->base.pc_next - s->pc_save);
619 return ret;
620 } else {
621 return tcg_constant_tl(s->base.pc_next - s->cs_base);
622 }
623 }
624
625 /* Compute SEG:REG into A0. SEG is selected from the override segment
626 (OVR_SEG) and the default segment (DEF_SEG). OVR_SEG may be -1 to
627 indicate no override. */
628 static void gen_lea_v_seg(DisasContext *s, MemOp aflag, TCGv a0,
629 int def_seg, int ovr_seg)
630 {
631 switch (aflag) {
632 #ifdef TARGET_X86_64
633 case MO_64:
634 if (ovr_seg < 0) {
635 tcg_gen_mov_tl(s->A0, a0);
636 return;
637 }
638 break;
639 #endif
640 case MO_32:
641 /* 32 bit address */
642 if (ovr_seg < 0 && ADDSEG(s)) {
643 ovr_seg = def_seg;
644 }
645 if (ovr_seg < 0) {
646 tcg_gen_ext32u_tl(s->A0, a0);
647 return;
648 }
649 break;
650 case MO_16:
651 /* 16 bit address */
652 tcg_gen_ext16u_tl(s->A0, a0);
653 a0 = s->A0;
654 if (ovr_seg < 0) {
655 if (ADDSEG(s)) {
656 ovr_seg = def_seg;
657 } else {
658 return;
659 }
660 }
661 break;
662 default:
663 tcg_abort();
664 }
665
666 if (ovr_seg >= 0) {
667 TCGv seg = cpu_seg_base[ovr_seg];
668
669 if (aflag == MO_64) {
670 tcg_gen_add_tl(s->A0, a0, seg);
671 } else if (CODE64(s)) {
672 tcg_gen_ext32u_tl(s->A0, a0);
673 tcg_gen_add_tl(s->A0, s->A0, seg);
674 } else {
675 tcg_gen_add_tl(s->A0, a0, seg);
676 tcg_gen_ext32u_tl(s->A0, s->A0);
677 }
678 }
679 }
680
681 static inline void gen_string_movl_A0_ESI(DisasContext *s)
682 {
683 gen_lea_v_seg(s, s->aflag, cpu_regs[R_ESI], R_DS, s->override);
684 }
685
686 static inline void gen_string_movl_A0_EDI(DisasContext *s)
687 {
688 gen_lea_v_seg(s, s->aflag, cpu_regs[R_EDI], R_ES, -1);
689 }
690
691 static inline void gen_op_movl_T0_Dshift(DisasContext *s, MemOp ot)
692 {
693 tcg_gen_ld32s_tl(s->T0, cpu_env, offsetof(CPUX86State, df));
694 tcg_gen_shli_tl(s->T0, s->T0, ot);
695 };
696
697 static TCGv gen_ext_tl(TCGv dst, TCGv src, MemOp size, bool sign)
698 {
699 switch (size) {
700 case MO_8:
701 if (sign) {
702 tcg_gen_ext8s_tl(dst, src);
703 } else {
704 tcg_gen_ext8u_tl(dst, src);
705 }
706 return dst;
707 case MO_16:
708 if (sign) {
709 tcg_gen_ext16s_tl(dst, src);
710 } else {
711 tcg_gen_ext16u_tl(dst, src);
712 }
713 return dst;
714 #ifdef TARGET_X86_64
715 case MO_32:
716 if (sign) {
717 tcg_gen_ext32s_tl(dst, src);
718 } else {
719 tcg_gen_ext32u_tl(dst, src);
720 }
721 return dst;
722 #endif
723 default:
724 return src;
725 }
726 }
727
728 static void gen_extu(MemOp ot, TCGv reg)
729 {
730 gen_ext_tl(reg, reg, ot, false);
731 }
732
733 static void gen_exts(MemOp ot, TCGv reg)
734 {
735 gen_ext_tl(reg, reg, ot, true);
736 }
737
738 static void gen_op_j_ecx(DisasContext *s, TCGCond cond, TCGLabel *label1)
739 {
740 tcg_gen_mov_tl(s->tmp0, cpu_regs[R_ECX]);
741 gen_extu(s->aflag, s->tmp0);
742 tcg_gen_brcondi_tl(cond, s->tmp0, 0, label1);
743 }
744
745 static inline void gen_op_jz_ecx(DisasContext *s, TCGLabel *label1)
746 {
747 gen_op_j_ecx(s, TCG_COND_EQ, label1);
748 }
749
750 static inline void gen_op_jnz_ecx(DisasContext *s, TCGLabel *label1)
751 {
752 gen_op_j_ecx(s, TCG_COND_NE, label1);
753 }
754
755 static void gen_helper_in_func(MemOp ot, TCGv v, TCGv_i32 n)
756 {
757 switch (ot) {
758 case MO_8:
759 gen_helper_inb(v, cpu_env, n);
760 break;
761 case MO_16:
762 gen_helper_inw(v, cpu_env, n);
763 break;
764 case MO_32:
765 gen_helper_inl(v, cpu_env, n);
766 break;
767 default:
768 tcg_abort();
769 }
770 }
771
772 static void gen_helper_out_func(MemOp ot, TCGv_i32 v, TCGv_i32 n)
773 {
774 switch (ot) {
775 case MO_8:
776 gen_helper_outb(cpu_env, v, n);
777 break;
778 case MO_16:
779 gen_helper_outw(cpu_env, v, n);
780 break;
781 case MO_32:
782 gen_helper_outl(cpu_env, v, n);
783 break;
784 default:
785 tcg_abort();
786 }
787 }
788
789 /*
790 * Validate that access to [port, port + 1<<ot) is allowed.
791 * Raise #GP, or VMM exit if not.
792 */
793 static bool gen_check_io(DisasContext *s, MemOp ot, TCGv_i32 port,
794 uint32_t svm_flags)
795 {
796 #ifdef CONFIG_USER_ONLY
797 /*
798 * We do not implement the ioperm(2) syscall, so the TSS check
799 * will always fail.
800 */
801 gen_exception_gpf(s);
802 return false;
803 #else
804 if (PE(s) && (CPL(s) > IOPL(s) || VM86(s))) {
805 gen_helper_check_io(cpu_env, port, tcg_constant_i32(1 << ot));
806 }
807 if (GUEST(s)) {
808 gen_update_cc_op(s);
809 gen_update_eip_cur(s);
810 if (s->prefix & (PREFIX_REPZ | PREFIX_REPNZ)) {
811 svm_flags |= SVM_IOIO_REP_MASK;
812 }
813 svm_flags |= 1 << (SVM_IOIO_SIZE_SHIFT + ot);
814 gen_helper_svm_check_io(cpu_env, port,
815 tcg_constant_i32(svm_flags),
816 cur_insn_len_i32(s));
817 }
818 return true;
819 #endif
820 }
821
822 static void gen_movs(DisasContext *s, MemOp ot)
823 {
824 gen_string_movl_A0_ESI(s);
825 gen_op_ld_v(s, ot, s->T0, s->A0);
826 gen_string_movl_A0_EDI(s);
827 gen_op_st_v(s, ot, s->T0, s->A0);
828 gen_op_movl_T0_Dshift(s, ot);
829 gen_op_add_reg_T0(s, s->aflag, R_ESI);
830 gen_op_add_reg_T0(s, s->aflag, R_EDI);
831 }
832
833 static void gen_op_update1_cc(DisasContext *s)
834 {
835 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
836 }
837
838 static void gen_op_update2_cc(DisasContext *s)
839 {
840 tcg_gen_mov_tl(cpu_cc_src, s->T1);
841 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
842 }
843
844 static void gen_op_update3_cc(DisasContext *s, TCGv reg)
845 {
846 tcg_gen_mov_tl(cpu_cc_src2, reg);
847 tcg_gen_mov_tl(cpu_cc_src, s->T1);
848 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
849 }
850
851 static inline void gen_op_testl_T0_T1_cc(DisasContext *s)
852 {
853 tcg_gen_and_tl(cpu_cc_dst, s->T0, s->T1);
854 }
855
856 static void gen_op_update_neg_cc(DisasContext *s)
857 {
858 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
859 tcg_gen_neg_tl(cpu_cc_src, s->T0);
860 tcg_gen_movi_tl(s->cc_srcT, 0);
861 }
862
863 /* compute all eflags to cc_src */
864 static void gen_compute_eflags(DisasContext *s)
865 {
866 TCGv zero, dst, src1, src2;
867 int live, dead;
868
869 if (s->cc_op == CC_OP_EFLAGS) {
870 return;
871 }
872 if (s->cc_op == CC_OP_CLR) {
873 tcg_gen_movi_tl(cpu_cc_src, CC_Z | CC_P);
874 set_cc_op(s, CC_OP_EFLAGS);
875 return;
876 }
877
878 zero = NULL;
879 dst = cpu_cc_dst;
880 src1 = cpu_cc_src;
881 src2 = cpu_cc_src2;
882
883 /* Take care to not read values that are not live. */
884 live = cc_op_live[s->cc_op] & ~USES_CC_SRCT;
885 dead = live ^ (USES_CC_DST | USES_CC_SRC | USES_CC_SRC2);
886 if (dead) {
887 zero = tcg_const_tl(0);
888 if (dead & USES_CC_DST) {
889 dst = zero;
890 }
891 if (dead & USES_CC_SRC) {
892 src1 = zero;
893 }
894 if (dead & USES_CC_SRC2) {
895 src2 = zero;
896 }
897 }
898
899 gen_update_cc_op(s);
900 gen_helper_cc_compute_all(cpu_cc_src, dst, src1, src2, cpu_cc_op);
901 set_cc_op(s, CC_OP_EFLAGS);
902
903 if (dead) {
904 tcg_temp_free(zero);
905 }
906 }
907
908 typedef struct CCPrepare {
909 TCGCond cond;
910 TCGv reg;
911 TCGv reg2;
912 target_ulong imm;
913 target_ulong mask;
914 bool use_reg2;
915 bool no_setcond;
916 } CCPrepare;
917
918 /* compute eflags.C to reg */
919 static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv reg)
920 {
921 TCGv t0, t1;
922 int size, shift;
923
924 switch (s->cc_op) {
925 case CC_OP_SUBB ... CC_OP_SUBQ:
926 /* (DATA_TYPE)CC_SRCT < (DATA_TYPE)CC_SRC */
927 size = s->cc_op - CC_OP_SUBB;
928 t1 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false);
929 /* If no temporary was used, be careful not to alias t1 and t0. */
930 t0 = t1 == cpu_cc_src ? s->tmp0 : reg;
931 tcg_gen_mov_tl(t0, s->cc_srcT);
932 gen_extu(size, t0);
933 goto add_sub;
934
935 case CC_OP_ADDB ... CC_OP_ADDQ:
936 /* (DATA_TYPE)CC_DST < (DATA_TYPE)CC_SRC */
937 size = s->cc_op - CC_OP_ADDB;
938 t1 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false);
939 t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
940 add_sub:
941 return (CCPrepare) { .cond = TCG_COND_LTU, .reg = t0,
942 .reg2 = t1, .mask = -1, .use_reg2 = true };
943
944 case CC_OP_LOGICB ... CC_OP_LOGICQ:
945 case CC_OP_CLR:
946 case CC_OP_POPCNT:
947 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
948
949 case CC_OP_INCB ... CC_OP_INCQ:
950 case CC_OP_DECB ... CC_OP_DECQ:
951 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
952 .mask = -1, .no_setcond = true };
953
954 case CC_OP_SHLB ... CC_OP_SHLQ:
955 /* (CC_SRC >> (DATA_BITS - 1)) & 1 */
956 size = s->cc_op - CC_OP_SHLB;
957 shift = (8 << size) - 1;
958 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
959 .mask = (target_ulong)1 << shift };
960
961 case CC_OP_MULB ... CC_OP_MULQ:
962 return (CCPrepare) { .cond = TCG_COND_NE,
963 .reg = cpu_cc_src, .mask = -1 };
964
965 case CC_OP_BMILGB ... CC_OP_BMILGQ:
966 size = s->cc_op - CC_OP_BMILGB;
967 t0 = gen_ext_tl(reg, cpu_cc_src, size, false);
968 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = t0, .mask = -1 };
969
970 case CC_OP_ADCX:
971 case CC_OP_ADCOX:
972 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_dst,
973 .mask = -1, .no_setcond = true };
974
975 case CC_OP_EFLAGS:
976 case CC_OP_SARB ... CC_OP_SARQ:
977 /* CC_SRC & 1 */
978 return (CCPrepare) { .cond = TCG_COND_NE,
979 .reg = cpu_cc_src, .mask = CC_C };
980
981 default:
982 /* The need to compute only C from CC_OP_DYNAMIC is important
983 in efficiently implementing e.g. INC at the start of a TB. */
984 gen_update_cc_op(s);
985 gen_helper_cc_compute_c(reg, cpu_cc_dst, cpu_cc_src,
986 cpu_cc_src2, cpu_cc_op);
987 return (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
988 .mask = -1, .no_setcond = true };
989 }
990 }
991
992 /* compute eflags.P to reg */
993 static CCPrepare gen_prepare_eflags_p(DisasContext *s, TCGv reg)
994 {
995 gen_compute_eflags(s);
996 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
997 .mask = CC_P };
998 }
999
1000 /* compute eflags.S to reg */
1001 static CCPrepare gen_prepare_eflags_s(DisasContext *s, TCGv reg)
1002 {
1003 switch (s->cc_op) {
1004 case CC_OP_DYNAMIC:
1005 gen_compute_eflags(s);
1006 /* FALLTHRU */
1007 case CC_OP_EFLAGS:
1008 case CC_OP_ADCX:
1009 case CC_OP_ADOX:
1010 case CC_OP_ADCOX:
1011 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
1012 .mask = CC_S };
1013 case CC_OP_CLR:
1014 case CC_OP_POPCNT:
1015 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
1016 default:
1017 {
1018 MemOp size = (s->cc_op - CC_OP_ADDB) & 3;
1019 TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, true);
1020 return (CCPrepare) { .cond = TCG_COND_LT, .reg = t0, .mask = -1 };
1021 }
1022 }
1023 }
1024
1025 /* compute eflags.O to reg */
1026 static CCPrepare gen_prepare_eflags_o(DisasContext *s, TCGv reg)
1027 {
1028 switch (s->cc_op) {
1029 case CC_OP_ADOX:
1030 case CC_OP_ADCOX:
1031 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src2,
1032 .mask = -1, .no_setcond = true };
1033 case CC_OP_CLR:
1034 case CC_OP_POPCNT:
1035 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 };
1036 default:
1037 gen_compute_eflags(s);
1038 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
1039 .mask = CC_O };
1040 }
1041 }
1042
1043 /* compute eflags.Z to reg */
1044 static CCPrepare gen_prepare_eflags_z(DisasContext *s, TCGv reg)
1045 {
1046 switch (s->cc_op) {
1047 case CC_OP_DYNAMIC:
1048 gen_compute_eflags(s);
1049 /* FALLTHRU */
1050 case CC_OP_EFLAGS:
1051 case CC_OP_ADCX:
1052 case CC_OP_ADOX:
1053 case CC_OP_ADCOX:
1054 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
1055 .mask = CC_Z };
1056 case CC_OP_CLR:
1057 return (CCPrepare) { .cond = TCG_COND_ALWAYS, .mask = -1 };
1058 case CC_OP_POPCNT:
1059 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = cpu_cc_src,
1060 .mask = -1 };
1061 default:
1062 {
1063 MemOp size = (s->cc_op - CC_OP_ADDB) & 3;
1064 TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
1065 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = t0, .mask = -1 };
1066 }
1067 }
1068 }
1069
1070 /* perform a conditional store into register 'reg' according to jump opcode
1071 value 'b'. In the fast case, T0 is guaranted not to be used. */
1072 static CCPrepare gen_prepare_cc(DisasContext *s, int b, TCGv reg)
1073 {
1074 int inv, jcc_op, cond;
1075 MemOp size;
1076 CCPrepare cc;
1077 TCGv t0;
1078
1079 inv = b & 1;
1080 jcc_op = (b >> 1) & 7;
1081
1082 switch (s->cc_op) {
1083 case CC_OP_SUBB ... CC_OP_SUBQ:
1084 /* We optimize relational operators for the cmp/jcc case. */
1085 size = s->cc_op - CC_OP_SUBB;
1086 switch (jcc_op) {
1087 case JCC_BE:
1088 tcg_gen_mov_tl(s->tmp4, s->cc_srcT);
1089 gen_extu(size, s->tmp4);
1090 t0 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false);
1091 cc = (CCPrepare) { .cond = TCG_COND_LEU, .reg = s->tmp4,
1092 .reg2 = t0, .mask = -1, .use_reg2 = true };
1093 break;
1094
1095 case JCC_L:
1096 cond = TCG_COND_LT;
1097 goto fast_jcc_l;
1098 case JCC_LE:
1099 cond = TCG_COND_LE;
1100 fast_jcc_l:
1101 tcg_gen_mov_tl(s->tmp4, s->cc_srcT);
1102 gen_exts(size, s->tmp4);
1103 t0 = gen_ext_tl(s->tmp0, cpu_cc_src, size, true);
1104 cc = (CCPrepare) { .cond = cond, .reg = s->tmp4,
1105 .reg2 = t0, .mask = -1, .use_reg2 = true };
1106 break;
1107
1108 default:
1109 goto slow_jcc;
1110 }
1111 break;
1112
1113 default:
1114 slow_jcc:
1115 /* This actually generates good code for JC, JZ and JS. */
1116 switch (jcc_op) {
1117 case JCC_O:
1118 cc = gen_prepare_eflags_o(s, reg);
1119 break;
1120 case JCC_B:
1121 cc = gen_prepare_eflags_c(s, reg);
1122 break;
1123 case JCC_Z:
1124 cc = gen_prepare_eflags_z(s, reg);
1125 break;
1126 case JCC_BE:
1127 gen_compute_eflags(s);
1128 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src,
1129 .mask = CC_Z | CC_C };
1130 break;
1131 case JCC_S:
1132 cc = gen_prepare_eflags_s(s, reg);
1133 break;
1134 case JCC_P:
1135 cc = gen_prepare_eflags_p(s, reg);
1136 break;
1137 case JCC_L:
1138 gen_compute_eflags(s);
1139 if (reg == cpu_cc_src) {
1140 reg = s->tmp0;
1141 }
1142 tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */
1143 tcg_gen_xor_tl(reg, reg, cpu_cc_src);
1144 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
1145 .mask = CC_S };
1146 break;
1147 default:
1148 case JCC_LE:
1149 gen_compute_eflags(s);
1150 if (reg == cpu_cc_src) {
1151 reg = s->tmp0;
1152 }
1153 tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */
1154 tcg_gen_xor_tl(reg, reg, cpu_cc_src);
1155 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = reg,
1156 .mask = CC_S | CC_Z };
1157 break;
1158 }
1159 break;
1160 }
1161
1162 if (inv) {
1163 cc.cond = tcg_invert_cond(cc.cond);
1164 }
1165 return cc;
1166 }
1167
1168 static void gen_setcc1(DisasContext *s, int b, TCGv reg)
1169 {
1170 CCPrepare cc = gen_prepare_cc(s, b, reg);
1171
1172 if (cc.no_setcond) {
1173 if (cc.cond == TCG_COND_EQ) {
1174 tcg_gen_xori_tl(reg, cc.reg, 1);
1175 } else {
1176 tcg_gen_mov_tl(reg, cc.reg);
1177 }
1178 return;
1179 }
1180
1181 if (cc.cond == TCG_COND_NE && !cc.use_reg2 && cc.imm == 0 &&
1182 cc.mask != 0 && (cc.mask & (cc.mask - 1)) == 0) {
1183 tcg_gen_shri_tl(reg, cc.reg, ctztl(cc.mask));
1184 tcg_gen_andi_tl(reg, reg, 1);
1185 return;
1186 }
1187 if (cc.mask != -1) {
1188 tcg_gen_andi_tl(reg, cc.reg, cc.mask);
1189 cc.reg = reg;
1190 }
1191 if (cc.use_reg2) {
1192 tcg_gen_setcond_tl(cc.cond, reg, cc.reg, cc.reg2);
1193 } else {
1194 tcg_gen_setcondi_tl(cc.cond, reg, cc.reg, cc.imm);
1195 }
1196 }
1197
1198 static inline void gen_compute_eflags_c(DisasContext *s, TCGv reg)
1199 {
1200 gen_setcc1(s, JCC_B << 1, reg);
1201 }
1202
1203 /* generate a conditional jump to label 'l1' according to jump opcode
1204 value 'b'. In the fast case, T0 is guaranted not to be used. */
1205 static inline void gen_jcc1_noeob(DisasContext *s, int b, TCGLabel *l1)
1206 {
1207 CCPrepare cc = gen_prepare_cc(s, b, s->T0);
1208
1209 if (cc.mask != -1) {
1210 tcg_gen_andi_tl(s->T0, cc.reg, cc.mask);
1211 cc.reg = s->T0;
1212 }
1213 if (cc.use_reg2) {
1214 tcg_gen_brcond_tl(cc.cond, cc.reg, cc.reg2, l1);
1215 } else {
1216 tcg_gen_brcondi_tl(cc.cond, cc.reg, cc.imm, l1);
1217 }
1218 }
1219
1220 /* Generate a conditional jump to label 'l1' according to jump opcode
1221 value 'b'. In the fast case, T0 is guaranted not to be used.
1222 A translation block must end soon. */
1223 static inline void gen_jcc1(DisasContext *s, int b, TCGLabel *l1)
1224 {
1225 CCPrepare cc = gen_prepare_cc(s, b, s->T0);
1226
1227 gen_update_cc_op(s);
1228 if (cc.mask != -1) {
1229 tcg_gen_andi_tl(s->T0, cc.reg, cc.mask);
1230 cc.reg = s->T0;
1231 }
1232 set_cc_op(s, CC_OP_DYNAMIC);
1233 if (cc.use_reg2) {
1234 tcg_gen_brcond_tl(cc.cond, cc.reg, cc.reg2, l1);
1235 } else {
1236 tcg_gen_brcondi_tl(cc.cond, cc.reg, cc.imm, l1);
1237 }
1238 }
1239
1240 /* XXX: does not work with gdbstub "ice" single step - not a
1241 serious problem */
1242 static TCGLabel *gen_jz_ecx_string(DisasContext *s)
1243 {
1244 TCGLabel *l1 = gen_new_label();
1245 TCGLabel *l2 = gen_new_label();
1246 gen_op_jnz_ecx(s, l1);
1247 gen_set_label(l2);
1248 gen_jmp_rel_csize(s, 0, 1);
1249 gen_set_label(l1);
1250 return l2;
1251 }
1252
1253 static void gen_stos(DisasContext *s, MemOp ot)
1254 {
1255 gen_op_mov_v_reg(s, MO_32, s->T0, R_EAX);
1256 gen_string_movl_A0_EDI(s);
1257 gen_op_st_v(s, ot, s->T0, s->A0);
1258 gen_op_movl_T0_Dshift(s, ot);
1259 gen_op_add_reg_T0(s, s->aflag, R_EDI);
1260 }
1261
1262 static void gen_lods(DisasContext *s, MemOp ot)
1263 {
1264 gen_string_movl_A0_ESI(s);
1265 gen_op_ld_v(s, ot, s->T0, s->A0);
1266 gen_op_mov_reg_v(s, ot, R_EAX, s->T0);
1267 gen_op_movl_T0_Dshift(s, ot);
1268 gen_op_add_reg_T0(s, s->aflag, R_ESI);
1269 }
1270
1271 static void gen_scas(DisasContext *s, MemOp ot)
1272 {
1273 gen_string_movl_A0_EDI(s);
1274 gen_op_ld_v(s, ot, s->T1, s->A0);
1275 gen_op(s, OP_CMPL, ot, R_EAX);
1276 gen_op_movl_T0_Dshift(s, ot);
1277 gen_op_add_reg_T0(s, s->aflag, R_EDI);
1278 }
1279
1280 static void gen_cmps(DisasContext *s, MemOp ot)
1281 {
1282 gen_string_movl_A0_EDI(s);
1283 gen_op_ld_v(s, ot, s->T1, s->A0);
1284 gen_string_movl_A0_ESI(s);
1285 gen_op(s, OP_CMPL, ot, OR_TMP0);
1286 gen_op_movl_T0_Dshift(s, ot);
1287 gen_op_add_reg_T0(s, s->aflag, R_ESI);
1288 gen_op_add_reg_T0(s, s->aflag, R_EDI);
1289 }
1290
1291 static void gen_bpt_io(DisasContext *s, TCGv_i32 t_port, int ot)
1292 {
1293 if (s->flags & HF_IOBPT_MASK) {
1294 #ifdef CONFIG_USER_ONLY
1295 /* user-mode cpu should not be in IOBPT mode */
1296 g_assert_not_reached();
1297 #else
1298 TCGv_i32 t_size = tcg_constant_i32(1 << ot);
1299 TCGv t_next = eip_next_tl(s);
1300 gen_helper_bpt_io(cpu_env, t_port, t_size, t_next);
1301 #endif /* CONFIG_USER_ONLY */
1302 }
1303 }
1304
1305 static void gen_ins(DisasContext *s, MemOp ot)
1306 {
1307 gen_string_movl_A0_EDI(s);
1308 /* Note: we must do this dummy write first to be restartable in
1309 case of page fault. */
1310 tcg_gen_movi_tl(s->T0, 0);
1311 gen_op_st_v(s, ot, s->T0, s->A0);
1312 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]);
1313 tcg_gen_andi_i32(s->tmp2_i32, s->tmp2_i32, 0xffff);
1314 gen_helper_in_func(ot, s->T0, s->tmp2_i32);
1315 gen_op_st_v(s, ot, s->T0, s->A0);
1316 gen_op_movl_T0_Dshift(s, ot);
1317 gen_op_add_reg_T0(s, s->aflag, R_EDI);
1318 gen_bpt_io(s, s->tmp2_i32, ot);
1319 }
1320
1321 static void gen_outs(DisasContext *s, MemOp ot)
1322 {
1323 gen_string_movl_A0_ESI(s);
1324 gen_op_ld_v(s, ot, s->T0, s->A0);
1325
1326 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]);
1327 tcg_gen_andi_i32(s->tmp2_i32, s->tmp2_i32, 0xffff);
1328 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T0);
1329 gen_helper_out_func(ot, s->tmp2_i32, s->tmp3_i32);
1330 gen_op_movl_T0_Dshift(s, ot);
1331 gen_op_add_reg_T0(s, s->aflag, R_ESI);
1332 gen_bpt_io(s, s->tmp2_i32, ot);
1333 }
1334
1335 /* Generate jumps to current or next instruction */
1336 static void gen_repz(DisasContext *s, MemOp ot,
1337 void (*fn)(DisasContext *s, MemOp ot))
1338 {
1339 TCGLabel *l2;
1340 gen_update_cc_op(s);
1341 l2 = gen_jz_ecx_string(s);
1342 fn(s, ot);
1343 gen_op_add_reg_im(s, s->aflag, R_ECX, -1);
1344 /*
1345 * A loop would cause two single step exceptions if ECX = 1
1346 * before rep string_insn
1347 */
1348 if (s->repz_opt) {
1349 gen_op_jz_ecx(s, l2);
1350 }
1351 gen_jmp_rel_csize(s, -cur_insn_len(s), 0);
1352 }
1353
1354 #define GEN_REPZ(op) \
1355 static inline void gen_repz_ ## op(DisasContext *s, MemOp ot) \
1356 { gen_repz(s, ot, gen_##op); }
1357
1358 static void gen_repz2(DisasContext *s, MemOp ot, int nz,
1359 void (*fn)(DisasContext *s, MemOp ot))
1360 {
1361 TCGLabel *l2;
1362 gen_update_cc_op(s);
1363 l2 = gen_jz_ecx_string(s);
1364 fn(s, ot);
1365 gen_op_add_reg_im(s, s->aflag, R_ECX, -1);
1366 gen_update_cc_op(s);
1367 gen_jcc1(s, (JCC_Z << 1) | (nz ^ 1), l2);
1368 if (s->repz_opt) {
1369 gen_op_jz_ecx(s, l2);
1370 }
1371 gen_jmp_rel_csize(s, -cur_insn_len(s), 0);
1372 }
1373
1374 #define GEN_REPZ2(op) \
1375 static inline void gen_repz_ ## op(DisasContext *s, MemOp ot, int nz) \
1376 { gen_repz2(s, ot, nz, gen_##op); }
1377
1378 GEN_REPZ(movs)
1379 GEN_REPZ(stos)
1380 GEN_REPZ(lods)
1381 GEN_REPZ(ins)
1382 GEN_REPZ(outs)
1383 GEN_REPZ2(scas)
1384 GEN_REPZ2(cmps)
1385
1386 static void gen_helper_fp_arith_ST0_FT0(int op)
1387 {
1388 switch (op) {
1389 case 0:
1390 gen_helper_fadd_ST0_FT0(cpu_env);
1391 break;
1392 case 1:
1393 gen_helper_fmul_ST0_FT0(cpu_env);
1394 break;
1395 case 2:
1396 gen_helper_fcom_ST0_FT0(cpu_env);
1397 break;
1398 case 3:
1399 gen_helper_fcom_ST0_FT0(cpu_env);
1400 break;
1401 case 4:
1402 gen_helper_fsub_ST0_FT0(cpu_env);
1403 break;
1404 case 5:
1405 gen_helper_fsubr_ST0_FT0(cpu_env);
1406 break;
1407 case 6:
1408 gen_helper_fdiv_ST0_FT0(cpu_env);
1409 break;
1410 case 7:
1411 gen_helper_fdivr_ST0_FT0(cpu_env);
1412 break;
1413 }
1414 }
1415
1416 /* NOTE the exception in "r" op ordering */
1417 static void gen_helper_fp_arith_STN_ST0(int op, int opreg)
1418 {
1419 TCGv_i32 tmp = tcg_const_i32(opreg);
1420 switch (op) {
1421 case 0:
1422 gen_helper_fadd_STN_ST0(cpu_env, tmp);
1423 break;
1424 case 1:
1425 gen_helper_fmul_STN_ST0(cpu_env, tmp);
1426 break;
1427 case 4:
1428 gen_helper_fsubr_STN_ST0(cpu_env, tmp);
1429 break;
1430 case 5:
1431 gen_helper_fsub_STN_ST0(cpu_env, tmp);
1432 break;
1433 case 6:
1434 gen_helper_fdivr_STN_ST0(cpu_env, tmp);
1435 break;
1436 case 7:
1437 gen_helper_fdiv_STN_ST0(cpu_env, tmp);
1438 break;
1439 }
1440 }
1441
1442 static void gen_exception(DisasContext *s, int trapno)
1443 {
1444 gen_update_cc_op(s);
1445 gen_update_eip_cur(s);
1446 gen_helper_raise_exception(cpu_env, tcg_const_i32(trapno));
1447 s->base.is_jmp = DISAS_NORETURN;
1448 }
1449
1450 /* Generate #UD for the current instruction. The assumption here is that
1451 the instruction is known, but it isn't allowed in the current cpu mode. */
1452 static void gen_illegal_opcode(DisasContext *s)
1453 {
1454 gen_exception(s, EXCP06_ILLOP);
1455 }
1456
1457 /* Generate #GP for the current instruction. */
1458 static void gen_exception_gpf(DisasContext *s)
1459 {
1460 gen_exception(s, EXCP0D_GPF);
1461 }
1462
1463 /* Check for cpl == 0; if not, raise #GP and return false. */
1464 static bool check_cpl0(DisasContext *s)
1465 {
1466 if (CPL(s) == 0) {
1467 return true;
1468 }
1469 gen_exception_gpf(s);
1470 return false;
1471 }
1472
1473 /* If vm86, check for iopl == 3; if not, raise #GP and return false. */
1474 static bool check_vm86_iopl(DisasContext *s)
1475 {
1476 if (!VM86(s) || IOPL(s) == 3) {
1477 return true;
1478 }
1479 gen_exception_gpf(s);
1480 return false;
1481 }
1482
1483 /* Check for iopl allowing access; if not, raise #GP and return false. */
1484 static bool check_iopl(DisasContext *s)
1485 {
1486 if (VM86(s) ? IOPL(s) == 3 : CPL(s) <= IOPL(s)) {
1487 return true;
1488 }
1489 gen_exception_gpf(s);
1490 return false;
1491 }
1492
1493 /* if d == OR_TMP0, it means memory operand (address in A0) */
1494 static void gen_op(DisasContext *s1, int op, MemOp ot, int d)
1495 {
1496 if (d != OR_TMP0) {
1497 if (s1->prefix & PREFIX_LOCK) {
1498 /* Lock prefix when destination is not memory. */
1499 gen_illegal_opcode(s1);
1500 return;
1501 }
1502 gen_op_mov_v_reg(s1, ot, s1->T0, d);
1503 } else if (!(s1->prefix & PREFIX_LOCK)) {
1504 gen_op_ld_v(s1, ot, s1->T0, s1->A0);
1505 }
1506 switch(op) {
1507 case OP_ADCL:
1508 gen_compute_eflags_c(s1, s1->tmp4);
1509 if (s1->prefix & PREFIX_LOCK) {
1510 tcg_gen_add_tl(s1->T0, s1->tmp4, s1->T1);
1511 tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0,
1512 s1->mem_index, ot | MO_LE);
1513 } else {
1514 tcg_gen_add_tl(s1->T0, s1->T0, s1->T1);
1515 tcg_gen_add_tl(s1->T0, s1->T0, s1->tmp4);
1516 gen_op_st_rm_T0_A0(s1, ot, d);
1517 }
1518 gen_op_update3_cc(s1, s1->tmp4);
1519 set_cc_op(s1, CC_OP_ADCB + ot);
1520 break;
1521 case OP_SBBL:
1522 gen_compute_eflags_c(s1, s1->tmp4);
1523 if (s1->prefix & PREFIX_LOCK) {
1524 tcg_gen_add_tl(s1->T0, s1->T1, s1->tmp4);
1525 tcg_gen_neg_tl(s1->T0, s1->T0);
1526 tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0,
1527 s1->mem_index, ot | MO_LE);
1528 } else {
1529 tcg_gen_sub_tl(s1->T0, s1->T0, s1->T1);
1530 tcg_gen_sub_tl(s1->T0, s1->T0, s1->tmp4);
1531 gen_op_st_rm_T0_A0(s1, ot, d);
1532 }
1533 gen_op_update3_cc(s1, s1->tmp4);
1534 set_cc_op(s1, CC_OP_SBBB + ot);
1535 break;
1536 case OP_ADDL:
1537 if (s1->prefix & PREFIX_LOCK) {
1538 tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T1,
1539 s1->mem_index, ot | MO_LE);
1540 } else {
1541 tcg_gen_add_tl(s1->T0, s1->T0, s1->T1);
1542 gen_op_st_rm_T0_A0(s1, ot, d);
1543 }
1544 gen_op_update2_cc(s1);
1545 set_cc_op(s1, CC_OP_ADDB + ot);
1546 break;
1547 case OP_SUBL:
1548 if (s1->prefix & PREFIX_LOCK) {
1549 tcg_gen_neg_tl(s1->T0, s1->T1);
1550 tcg_gen_atomic_fetch_add_tl(s1->cc_srcT, s1->A0, s1->T0,
1551 s1->mem_index, ot | MO_LE);
1552 tcg_gen_sub_tl(s1->T0, s1->cc_srcT, s1->T1);
1553 } else {
1554 tcg_gen_mov_tl(s1->cc_srcT, s1->T0);
1555 tcg_gen_sub_tl(s1->T0, s1->T0, s1->T1);
1556 gen_op_st_rm_T0_A0(s1, ot, d);
1557 }
1558 gen_op_update2_cc(s1);
1559 set_cc_op(s1, CC_OP_SUBB + ot);
1560 break;
1561 default:
1562 case OP_ANDL:
1563 if (s1->prefix & PREFIX_LOCK) {
1564 tcg_gen_atomic_and_fetch_tl(s1->T0, s1->A0, s1->T1,
1565 s1->mem_index, ot | MO_LE);
1566 } else {
1567 tcg_gen_and_tl(s1->T0, s1->T0, s1->T1);
1568 gen_op_st_rm_T0_A0(s1, ot, d);
1569 }
1570 gen_op_update1_cc(s1);
1571 set_cc_op(s1, CC_OP_LOGICB + ot);
1572 break;
1573 case OP_ORL:
1574 if (s1->prefix & PREFIX_LOCK) {
1575 tcg_gen_atomic_or_fetch_tl(s1->T0, s1->A0, s1->T1,
1576 s1->mem_index, ot | MO_LE);
1577 } else {
1578 tcg_gen_or_tl(s1->T0, s1->T0, s1->T1);
1579 gen_op_st_rm_T0_A0(s1, ot, d);
1580 }
1581 gen_op_update1_cc(s1);
1582 set_cc_op(s1, CC_OP_LOGICB + ot);
1583 break;
1584 case OP_XORL:
1585 if (s1->prefix & PREFIX_LOCK) {
1586 tcg_gen_atomic_xor_fetch_tl(s1->T0, s1->A0, s1->T1,
1587 s1->mem_index, ot | MO_LE);
1588 } else {
1589 tcg_gen_xor_tl(s1->T0, s1->T0, s1->T1);
1590 gen_op_st_rm_T0_A0(s1, ot, d);
1591 }
1592 gen_op_update1_cc(s1);
1593 set_cc_op(s1, CC_OP_LOGICB + ot);
1594 break;
1595 case OP_CMPL:
1596 tcg_gen_mov_tl(cpu_cc_src, s1->T1);
1597 tcg_gen_mov_tl(s1->cc_srcT, s1->T0);
1598 tcg_gen_sub_tl(cpu_cc_dst, s1->T0, s1->T1);
1599 set_cc_op(s1, CC_OP_SUBB + ot);
1600 break;
1601 }
1602 }
1603
1604 /* if d == OR_TMP0, it means memory operand (address in A0) */
1605 static void gen_inc(DisasContext *s1, MemOp ot, int d, int c)
1606 {
1607 if (s1->prefix & PREFIX_LOCK) {
1608 if (d != OR_TMP0) {
1609 /* Lock prefix when destination is not memory */
1610 gen_illegal_opcode(s1);
1611 return;
1612 }
1613 tcg_gen_movi_tl(s1->T0, c > 0 ? 1 : -1);
1614 tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0,
1615 s1->mem_index, ot | MO_LE);
1616 } else {
1617 if (d != OR_TMP0) {
1618 gen_op_mov_v_reg(s1, ot, s1->T0, d);
1619 } else {
1620 gen_op_ld_v(s1, ot, s1->T0, s1->A0);
1621 }
1622 tcg_gen_addi_tl(s1->T0, s1->T0, (c > 0 ? 1 : -1));
1623 gen_op_st_rm_T0_A0(s1, ot, d);
1624 }
1625
1626 gen_compute_eflags_c(s1, cpu_cc_src);
1627 tcg_gen_mov_tl(cpu_cc_dst, s1->T0);
1628 set_cc_op(s1, (c > 0 ? CC_OP_INCB : CC_OP_DECB) + ot);
1629 }
1630
1631 static void gen_shift_flags(DisasContext *s, MemOp ot, TCGv result,
1632 TCGv shm1, TCGv count, bool is_right)
1633 {
1634 TCGv_i32 z32, s32, oldop;
1635 TCGv z_tl;
1636
1637 /* Store the results into the CC variables. If we know that the
1638 variable must be dead, store unconditionally. Otherwise we'll
1639 need to not disrupt the current contents. */
1640 z_tl = tcg_const_tl(0);
1641 if (cc_op_live[s->cc_op] & USES_CC_DST) {
1642 tcg_gen_movcond_tl(TCG_COND_NE, cpu_cc_dst, count, z_tl,
1643 result, cpu_cc_dst);
1644 } else {
1645 tcg_gen_mov_tl(cpu_cc_dst, result);
1646 }
1647 if (cc_op_live[s->cc_op] & USES_CC_SRC) {
1648 tcg_gen_movcond_tl(TCG_COND_NE, cpu_cc_src, count, z_tl,
1649 shm1, cpu_cc_src);
1650 } else {
1651 tcg_gen_mov_tl(cpu_cc_src, shm1);
1652 }
1653 tcg_temp_free(z_tl);
1654
1655 /* Get the two potential CC_OP values into temporaries. */
1656 tcg_gen_movi_i32(s->tmp2_i32, (is_right ? CC_OP_SARB : CC_OP_SHLB) + ot);
1657 if (s->cc_op == CC_OP_DYNAMIC) {
1658 oldop = cpu_cc_op;
1659 } else {
1660 tcg_gen_movi_i32(s->tmp3_i32, s->cc_op);
1661 oldop = s->tmp3_i32;
1662 }
1663
1664 /* Conditionally store the CC_OP value. */
1665 z32 = tcg_const_i32(0);
1666 s32 = tcg_temp_new_i32();
1667 tcg_gen_trunc_tl_i32(s32, count);
1668 tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, s32, z32, s->tmp2_i32, oldop);
1669 tcg_temp_free_i32(z32);
1670 tcg_temp_free_i32(s32);
1671
1672 /* The CC_OP value is no longer predictable. */
1673 set_cc_op(s, CC_OP_DYNAMIC);
1674 }
1675
1676 static void gen_shift_rm_T1(DisasContext *s, MemOp ot, int op1,
1677 int is_right, int is_arith)
1678 {
1679 target_ulong mask = (ot == MO_64 ? 0x3f : 0x1f);
1680
1681 /* load */
1682 if (op1 == OR_TMP0) {
1683 gen_op_ld_v(s, ot, s->T0, s->A0);
1684 } else {
1685 gen_op_mov_v_reg(s, ot, s->T0, op1);
1686 }
1687
1688 tcg_gen_andi_tl(s->T1, s->T1, mask);
1689 tcg_gen_subi_tl(s->tmp0, s->T1, 1);
1690
1691 if (is_right) {
1692 if (is_arith) {
1693 gen_exts(ot, s->T0);
1694 tcg_gen_sar_tl(s->tmp0, s->T0, s->tmp0);
1695 tcg_gen_sar_tl(s->T0, s->T0, s->T1);
1696 } else {
1697 gen_extu(ot, s->T0);
1698 tcg_gen_shr_tl(s->tmp0, s->T0, s->tmp0);
1699 tcg_gen_shr_tl(s->T0, s->T0, s->T1);
1700 }
1701 } else {
1702 tcg_gen_shl_tl(s->tmp0, s->T0, s->tmp0);
1703 tcg_gen_shl_tl(s->T0, s->T0, s->T1);
1704 }
1705
1706 /* store */
1707 gen_op_st_rm_T0_A0(s, ot, op1);
1708
1709 gen_shift_flags(s, ot, s->T0, s->tmp0, s->T1, is_right);
1710 }
1711
1712 static void gen_shift_rm_im(DisasContext *s, MemOp ot, int op1, int op2,
1713 int is_right, int is_arith)
1714 {
1715 int mask = (ot == MO_64 ? 0x3f : 0x1f);
1716
1717 /* load */
1718 if (op1 == OR_TMP0)
1719 gen_op_ld_v(s, ot, s->T0, s->A0);
1720 else
1721 gen_op_mov_v_reg(s, ot, s->T0, op1);
1722
1723 op2 &= mask;
1724 if (op2 != 0) {
1725 if (is_right) {
1726 if (is_arith) {
1727 gen_exts(ot, s->T0);
1728 tcg_gen_sari_tl(s->tmp4, s->T0, op2 - 1);
1729 tcg_gen_sari_tl(s->T0, s->T0, op2);
1730 } else {
1731 gen_extu(ot, s->T0);
1732 tcg_gen_shri_tl(s->tmp4, s->T0, op2 - 1);
1733 tcg_gen_shri_tl(s->T0, s->T0, op2);
1734 }
1735 } else {
1736 tcg_gen_shli_tl(s->tmp4, s->T0, op2 - 1);
1737 tcg_gen_shli_tl(s->T0, s->T0, op2);
1738 }
1739 }
1740
1741 /* store */
1742 gen_op_st_rm_T0_A0(s, ot, op1);
1743
1744 /* update eflags if non zero shift */
1745 if (op2 != 0) {
1746 tcg_gen_mov_tl(cpu_cc_src, s->tmp4);
1747 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
1748 set_cc_op(s, (is_right ? CC_OP_SARB : CC_OP_SHLB) + ot);
1749 }
1750 }
1751
1752 static void gen_rot_rm_T1(DisasContext *s, MemOp ot, int op1, int is_right)
1753 {
1754 target_ulong mask = (ot == MO_64 ? 0x3f : 0x1f);
1755 TCGv_i32 t0, t1;
1756
1757 /* load */
1758 if (op1 == OR_TMP0) {
1759 gen_op_ld_v(s, ot, s->T0, s->A0);
1760 } else {
1761 gen_op_mov_v_reg(s, ot, s->T0, op1);
1762 }
1763
1764 tcg_gen_andi_tl(s->T1, s->T1, mask);
1765
1766 switch (ot) {
1767 case MO_8:
1768 /* Replicate the 8-bit input so that a 32-bit rotate works. */
1769 tcg_gen_ext8u_tl(s->T0, s->T0);
1770 tcg_gen_muli_tl(s->T0, s->T0, 0x01010101);
1771 goto do_long;
1772 case MO_16:
1773 /* Replicate the 16-bit input so that a 32-bit rotate works. */
1774 tcg_gen_deposit_tl(s->T0, s->T0, s->T0, 16, 16);
1775 goto do_long;
1776 do_long:
1777 #ifdef TARGET_X86_64
1778 case MO_32:
1779 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
1780 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1);
1781 if (is_right) {
1782 tcg_gen_rotr_i32(s->tmp2_i32, s->tmp2_i32, s->tmp3_i32);
1783 } else {
1784 tcg_gen_rotl_i32(s->tmp2_i32, s->tmp2_i32, s->tmp3_i32);
1785 }
1786 tcg_gen_extu_i32_tl(s->T0, s->tmp2_i32);
1787 break;
1788 #endif
1789 default:
1790 if (is_right) {
1791 tcg_gen_rotr_tl(s->T0, s->T0, s->T1);
1792 } else {
1793 tcg_gen_rotl_tl(s->T0, s->T0, s->T1);
1794 }
1795 break;
1796 }
1797
1798 /* store */
1799 gen_op_st_rm_T0_A0(s, ot, op1);
1800
1801 /* We'll need the flags computed into CC_SRC. */
1802 gen_compute_eflags(s);
1803
1804 /* The value that was "rotated out" is now present at the other end
1805 of the word. Compute C into CC_DST and O into CC_SRC2. Note that
1806 since we've computed the flags into CC_SRC, these variables are
1807 currently dead. */
1808 if (is_right) {
1809 tcg_gen_shri_tl(cpu_cc_src2, s->T0, mask - 1);
1810 tcg_gen_shri_tl(cpu_cc_dst, s->T0, mask);
1811 tcg_gen_andi_tl(cpu_cc_dst, cpu_cc_dst, 1);
1812 } else {
1813 tcg_gen_shri_tl(cpu_cc_src2, s->T0, mask);
1814 tcg_gen_andi_tl(cpu_cc_dst, s->T0, 1);
1815 }
1816 tcg_gen_andi_tl(cpu_cc_src2, cpu_cc_src2, 1);
1817 tcg_gen_xor_tl(cpu_cc_src2, cpu_cc_src2, cpu_cc_dst);
1818
1819 /* Now conditionally store the new CC_OP value. If the shift count
1820 is 0 we keep the CC_OP_EFLAGS setting so that only CC_SRC is live.
1821 Otherwise reuse CC_OP_ADCOX which have the C and O flags split out
1822 exactly as we computed above. */
1823 t0 = tcg_const_i32(0);
1824 t1 = tcg_temp_new_i32();
1825 tcg_gen_trunc_tl_i32(t1, s->T1);
1826 tcg_gen_movi_i32(s->tmp2_i32, CC_OP_ADCOX);
1827 tcg_gen_movi_i32(s->tmp3_i32, CC_OP_EFLAGS);
1828 tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, t1, t0,
1829 s->tmp2_i32, s->tmp3_i32);
1830 tcg_temp_free_i32(t0);
1831 tcg_temp_free_i32(t1);
1832
1833 /* The CC_OP value is no longer predictable. */
1834 set_cc_op(s, CC_OP_DYNAMIC);
1835 }
1836
1837 static void gen_rot_rm_im(DisasContext *s, MemOp ot, int op1, int op2,
1838 int is_right)
1839 {
1840 int mask = (ot == MO_64 ? 0x3f : 0x1f);
1841 int shift;
1842
1843 /* load */
1844 if (op1 == OR_TMP0) {
1845 gen_op_ld_v(s, ot, s->T0, s->A0);
1846 } else {
1847 gen_op_mov_v_reg(s, ot, s->T0, op1);
1848 }
1849
1850 op2 &= mask;
1851 if (op2 != 0) {
1852 switch (ot) {
1853 #ifdef TARGET_X86_64
1854 case MO_32:
1855 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
1856 if (is_right) {
1857 tcg_gen_rotri_i32(s->tmp2_i32, s->tmp2_i32, op2);
1858 } else {
1859 tcg_gen_rotli_i32(s->tmp2_i32, s->tmp2_i32, op2);
1860 }
1861 tcg_gen_extu_i32_tl(s->T0, s->tmp2_i32);
1862 break;
1863 #endif
1864 default:
1865 if (is_right) {
1866 tcg_gen_rotri_tl(s->T0, s->T0, op2);
1867 } else {
1868 tcg_gen_rotli_tl(s->T0, s->T0, op2);
1869 }
1870 break;
1871 case MO_8:
1872 mask = 7;
1873 goto do_shifts;
1874 case MO_16:
1875 mask = 15;
1876 do_shifts:
1877 shift = op2 & mask;
1878 if (is_right) {
1879 shift = mask + 1 - shift;
1880 }
1881 gen_extu(ot, s->T0);
1882 tcg_gen_shli_tl(s->tmp0, s->T0, shift);
1883 tcg_gen_shri_tl(s->T0, s->T0, mask + 1 - shift);
1884 tcg_gen_or_tl(s->T0, s->T0, s->tmp0);
1885 break;
1886 }
1887 }
1888
1889 /* store */
1890 gen_op_st_rm_T0_A0(s, ot, op1);
1891
1892 if (op2 != 0) {
1893 /* Compute the flags into CC_SRC. */
1894 gen_compute_eflags(s);
1895
1896 /* The value that was "rotated out" is now present at the other end
1897 of the word. Compute C into CC_DST and O into CC_SRC2. Note that
1898 since we've computed the flags into CC_SRC, these variables are
1899 currently dead. */
1900 if (is_right) {
1901 tcg_gen_shri_tl(cpu_cc_src2, s->T0, mask - 1);
1902 tcg_gen_shri_tl(cpu_cc_dst, s->T0, mask);
1903 tcg_gen_andi_tl(cpu_cc_dst, cpu_cc_dst, 1);
1904 } else {
1905 tcg_gen_shri_tl(cpu_cc_src2, s->T0, mask);
1906 tcg_gen_andi_tl(cpu_cc_dst, s->T0, 1);
1907 }
1908 tcg_gen_andi_tl(cpu_cc_src2, cpu_cc_src2, 1);
1909 tcg_gen_xor_tl(cpu_cc_src2, cpu_cc_src2, cpu_cc_dst);
1910 set_cc_op(s, CC_OP_ADCOX);
1911 }
1912 }
1913
1914 /* XXX: add faster immediate = 1 case */
1915 static void gen_rotc_rm_T1(DisasContext *s, MemOp ot, int op1,
1916 int is_right)
1917 {
1918 gen_compute_eflags(s);
1919 assert(s->cc_op == CC_OP_EFLAGS);
1920
1921 /* load */
1922 if (op1 == OR_TMP0)
1923 gen_op_ld_v(s, ot, s->T0, s->A0);
1924 else
1925 gen_op_mov_v_reg(s, ot, s->T0, op1);
1926
1927 if (is_right) {
1928 switch (ot) {
1929 case MO_8:
1930 gen_helper_rcrb(s->T0, cpu_env, s->T0, s->T1);
1931 break;
1932 case MO_16:
1933 gen_helper_rcrw(s->T0, cpu_env, s->T0, s->T1);
1934 break;
1935 case MO_32:
1936 gen_helper_rcrl(s->T0, cpu_env, s->T0, s->T1);
1937 break;
1938 #ifdef TARGET_X86_64
1939 case MO_64:
1940 gen_helper_rcrq(s->T0, cpu_env, s->T0, s->T1);
1941 break;
1942 #endif
1943 default:
1944 tcg_abort();
1945 }
1946 } else {
1947 switch (ot) {
1948 case MO_8:
1949 gen_helper_rclb(s->T0, cpu_env, s->T0, s->T1);
1950 break;
1951 case MO_16:
1952 gen_helper_rclw(s->T0, cpu_env, s->T0, s->T1);
1953 break;
1954 case MO_32:
1955 gen_helper_rcll(s->T0, cpu_env, s->T0, s->T1);
1956 break;
1957 #ifdef TARGET_X86_64
1958 case MO_64:
1959 gen_helper_rclq(s->T0, cpu_env, s->T0, s->T1);
1960 break;
1961 #endif
1962 default:
1963 tcg_abort();
1964 }
1965 }
1966 /* store */
1967 gen_op_st_rm_T0_A0(s, ot, op1);
1968 }
1969
1970 /* XXX: add faster immediate case */
1971 static void gen_shiftd_rm_T1(DisasContext *s, MemOp ot, int op1,
1972 bool is_right, TCGv count_in)
1973 {
1974 target_ulong mask = (ot == MO_64 ? 63 : 31);
1975 TCGv count;
1976
1977 /* load */
1978 if (op1 == OR_TMP0) {
1979 gen_op_ld_v(s, ot, s->T0, s->A0);
1980 } else {
1981 gen_op_mov_v_reg(s, ot, s->T0, op1);
1982 }
1983
1984 count = tcg_temp_new();
1985 tcg_gen_andi_tl(count, count_in, mask);
1986
1987 switch (ot) {
1988 case MO_16:
1989 /* Note: we implement the Intel behaviour for shift count > 16.
1990 This means "shrdw C, B, A" shifts A:B:A >> C. Build the B:A
1991 portion by constructing it as a 32-bit value. */
1992 if (is_right) {
1993 tcg_gen_deposit_tl(s->tmp0, s->T0, s->T1, 16, 16);
1994 tcg_gen_mov_tl(s->T1, s->T0);
1995 tcg_gen_mov_tl(s->T0, s->tmp0);
1996 } else {
1997 tcg_gen_deposit_tl(s->T1, s->T0, s->T1, 16, 16);
1998 }
1999 /*
2000 * If TARGET_X86_64 defined then fall through into MO_32 case,
2001 * otherwise fall through default case.
2002 */
2003 case MO_32:
2004 #ifdef TARGET_X86_64
2005 /* Concatenate the two 32-bit values and use a 64-bit shift. */
2006 tcg_gen_subi_tl(s->tmp0, count, 1);
2007 if (is_right) {
2008 tcg_gen_concat_tl_i64(s->T0, s->T0, s->T1);
2009 tcg_gen_shr_i64(s->tmp0, s->T0, s->tmp0);
2010 tcg_gen_shr_i64(s->T0, s->T0, count);
2011 } else {
2012 tcg_gen_concat_tl_i64(s->T0, s->T1, s->T0);
2013 tcg_gen_shl_i64(s->tmp0, s->T0, s->tmp0);
2014 tcg_gen_shl_i64(s->T0, s->T0, count);
2015 tcg_gen_shri_i64(s->tmp0, s->tmp0, 32);
2016 tcg_gen_shri_i64(s->T0, s->T0, 32);
2017 }
2018 break;
2019 #endif
2020 default:
2021 tcg_gen_subi_tl(s->tmp0, count, 1);
2022 if (is_right) {
2023 tcg_gen_shr_tl(s->tmp0, s->T0, s->tmp0);
2024
2025 tcg_gen_subfi_tl(s->tmp4, mask + 1, count);
2026 tcg_gen_shr_tl(s->T0, s->T0, count);
2027 tcg_gen_shl_tl(s->T1, s->T1, s->tmp4);
2028 } else {
2029 tcg_gen_shl_tl(s->tmp0, s->T0, s->tmp0);
2030 if (ot == MO_16) {
2031 /* Only needed if count > 16, for Intel behaviour. */
2032 tcg_gen_subfi_tl(s->tmp4, 33, count);
2033 tcg_gen_shr_tl(s->tmp4, s->T1, s->tmp4);
2034 tcg_gen_or_tl(s->tmp0, s->tmp0, s->tmp4);
2035 }
2036
2037 tcg_gen_subfi_tl(s->tmp4, mask + 1, count);
2038 tcg_gen_shl_tl(s->T0, s->T0, count);
2039 tcg_gen_shr_tl(s->T1, s->T1, s->tmp4);
2040 }
2041 tcg_gen_movi_tl(s->tmp4, 0);
2042 tcg_gen_movcond_tl(TCG_COND_EQ, s->T1, count, s->tmp4,
2043 s->tmp4, s->T1);
2044 tcg_gen_or_tl(s->T0, s->T0, s->T1);
2045 break;
2046 }
2047
2048 /* store */
2049 gen_op_st_rm_T0_A0(s, ot, op1);
2050
2051 gen_shift_flags(s, ot, s->T0, s->tmp0, count, is_right);
2052 tcg_temp_free(count);
2053 }
2054
2055 static void gen_shift(DisasContext *s1, int op, MemOp ot, int d, int s)
2056 {
2057 if (s != OR_TMP1)
2058 gen_op_mov_v_reg(s1, ot, s1->T1, s);
2059 switch(op) {
2060 case OP_ROL:
2061 gen_rot_rm_T1(s1, ot, d, 0);
2062 break;
2063 case OP_ROR:
2064 gen_rot_rm_T1(s1, ot, d, 1);
2065 break;
2066 case OP_SHL:
2067 case OP_SHL1:
2068 gen_shift_rm_T1(s1, ot, d, 0, 0);
2069 break;
2070 case OP_SHR:
2071 gen_shift_rm_T1(s1, ot, d, 1, 0);
2072 break;
2073 case OP_SAR:
2074 gen_shift_rm_T1(s1, ot, d, 1, 1);
2075 break;
2076 case OP_RCL:
2077 gen_rotc_rm_T1(s1, ot, d, 0);
2078 break;
2079 case OP_RCR:
2080 gen_rotc_rm_T1(s1, ot, d, 1);
2081 break;
2082 }
2083 }
2084
2085 static void gen_shifti(DisasContext *s1, int op, MemOp ot, int d, int c)
2086 {
2087 switch(op) {
2088 case OP_ROL:
2089 gen_rot_rm_im(s1, ot, d, c, 0);
2090 break;
2091 case OP_ROR:
2092 gen_rot_rm_im(s1, ot, d, c, 1);
2093 break;
2094 case OP_SHL:
2095 case OP_SHL1:
2096 gen_shift_rm_im(s1, ot, d, c, 0, 0);
2097 break;
2098 case OP_SHR:
2099 gen_shift_rm_im(s1, ot, d, c, 1, 0);
2100 break;
2101 case OP_SAR:
2102 gen_shift_rm_im(s1, ot, d, c, 1, 1);
2103 break;
2104 default:
2105 /* currently not optimized */
2106 tcg_gen_movi_tl(s1->T1, c);
2107 gen_shift(s1, op, ot, d, OR_TMP1);
2108 break;
2109 }
2110 }
2111
2112 #define X86_MAX_INSN_LENGTH 15
2113
2114 static uint64_t advance_pc(CPUX86State *env, DisasContext *s, int num_bytes)
2115 {
2116 uint64_t pc = s->pc;
2117
2118 /* This is a subsequent insn that crosses a page boundary. */
2119 if (s->base.num_insns > 1 &&
2120 !is_same_page(&s->base, s->pc + num_bytes - 1)) {
2121 siglongjmp(s->jmpbuf, 2);
2122 }
2123
2124 s->pc += num_bytes;
2125 if (unlikely(cur_insn_len(s) > X86_MAX_INSN_LENGTH)) {
2126 /* If the instruction's 16th byte is on a different page than the 1st, a
2127 * page fault on the second page wins over the general protection fault
2128 * caused by the instruction being too long.
2129 * This can happen even if the operand is only one byte long!
2130 */
2131 if (((s->pc - 1) ^ (pc - 1)) & TARGET_PAGE_MASK) {
2132 volatile uint8_t unused =
2133 cpu_ldub_code(env, (s->pc - 1) & TARGET_PAGE_MASK);
2134 (void) unused;
2135 }
2136 siglongjmp(s->jmpbuf, 1);
2137 }
2138
2139 return pc;
2140 }
2141
2142 static inline uint8_t x86_ldub_code(CPUX86State *env, DisasContext *s)
2143 {
2144 return translator_ldub(env, &s->base, advance_pc(env, s, 1));
2145 }
2146
2147 static inline int16_t x86_ldsw_code(CPUX86State *env, DisasContext *s)
2148 {
2149 return translator_lduw(env, &s->base, advance_pc(env, s, 2));
2150 }
2151
2152 static inline uint16_t x86_lduw_code(CPUX86State *env, DisasContext *s)
2153 {
2154 return translator_lduw(env, &s->base, advance_pc(env, s, 2));
2155 }
2156
2157 static inline uint32_t x86_ldl_code(CPUX86State *env, DisasContext *s)
2158 {
2159 return translator_ldl(env, &s->base, advance_pc(env, s, 4));
2160 }
2161
2162 #ifdef TARGET_X86_64
2163 static inline uint64_t x86_ldq_code(CPUX86State *env, DisasContext *s)
2164 {
2165 return translator_ldq(env, &s->base, advance_pc(env, s, 8));
2166 }
2167 #endif
2168
2169 /* Decompose an address. */
2170
2171 typedef struct AddressParts {
2172 int def_seg;
2173 int base;
2174 int index;
2175 int scale;
2176 target_long disp;
2177 } AddressParts;
2178
2179 static AddressParts gen_lea_modrm_0(CPUX86State *env, DisasContext *s,
2180 int modrm)
2181 {
2182 int def_seg, base, index, scale, mod, rm;
2183 target_long disp;
2184 bool havesib;
2185
2186 def_seg = R_DS;
2187 index = -1;
2188 scale = 0;
2189 disp = 0;
2190
2191 mod = (modrm >> 6) & 3;
2192 rm = modrm & 7;
2193 base = rm | REX_B(s);
2194
2195 if (mod == 3) {
2196 /* Normally filtered out earlier, but including this path
2197 simplifies multi-byte nop, as well as bndcl, bndcu, bndcn. */
2198 goto done;
2199 }
2200
2201 switch (s->aflag) {
2202 case MO_64:
2203 case MO_32:
2204 havesib = 0;
2205 if (rm == 4) {
2206 int code = x86_ldub_code(env, s);
2207 scale = (code >> 6) & 3;
2208 index = ((code >> 3) & 7) | REX_X(s);
2209 if (index == 4) {
2210 index = -1; /* no index */
2211 }
2212 base = (code & 7) | REX_B(s);
2213 havesib = 1;
2214 }
2215
2216 switch (mod) {
2217 case 0:
2218 if ((base & 7) == 5) {
2219 base = -1;
2220 disp = (int32_t)x86_ldl_code(env, s);
2221 if (CODE64(s) && !havesib) {
2222 base = -2;
2223 disp += s->pc + s->rip_offset;
2224 }
2225 }
2226 break;
2227 case 1:
2228 disp = (int8_t)x86_ldub_code(env, s);
2229 break;
2230 default:
2231 case 2:
2232 disp = (int32_t)x86_ldl_code(env, s);
2233 break;
2234 }
2235
2236 /* For correct popl handling with esp. */
2237 if (base == R_ESP && s->popl_esp_hack) {
2238 disp += s->popl_esp_hack;
2239 }
2240 if (base == R_EBP || base == R_ESP) {
2241 def_seg = R_SS;
2242 }
2243 break;
2244
2245 case MO_16:
2246 if (mod == 0) {
2247 if (rm == 6) {
2248 base = -1;
2249 disp = x86_lduw_code(env, s);
2250 break;
2251 }
2252 } else if (mod == 1) {
2253 disp = (int8_t)x86_ldub_code(env, s);
2254 } else {
2255 disp = (int16_t)x86_lduw_code(env, s);
2256 }
2257
2258 switch (rm) {
2259 case 0:
2260 base = R_EBX;
2261 index = R_ESI;
2262 break;
2263 case 1:
2264 base = R_EBX;
2265 index = R_EDI;
2266 break;
2267 case 2:
2268 base = R_EBP;
2269 index = R_ESI;
2270 def_seg = R_SS;
2271 break;
2272 case 3:
2273 base = R_EBP;
2274 index = R_EDI;
2275 def_seg = R_SS;
2276 break;
2277 case 4:
2278 base = R_ESI;
2279 break;
2280 case 5:
2281 base = R_EDI;
2282 break;
2283 case 6:
2284 base = R_EBP;
2285 def_seg = R_SS;
2286 break;
2287 default:
2288 case 7:
2289 base = R_EBX;
2290 break;
2291 }
2292 break;
2293
2294 default:
2295 tcg_abort();
2296 }
2297
2298 done:
2299 return (AddressParts){ def_seg, base, index, scale, disp };
2300 }
2301
2302 /* Compute the address, with a minimum number of TCG ops. */
2303 static TCGv gen_lea_modrm_1(DisasContext *s, AddressParts a, bool is_vsib)
2304 {
2305 TCGv ea = NULL;
2306
2307 if (a.index >= 0 && !is_vsib) {
2308 if (a.scale == 0) {
2309 ea = cpu_regs[a.index];
2310 } else {
2311 tcg_gen_shli_tl(s->A0, cpu_regs[a.index], a.scale);
2312 ea = s->A0;
2313 }
2314 if (a.base >= 0) {
2315 tcg_gen_add_tl(s->A0, ea, cpu_regs[a.base]);
2316 ea = s->A0;
2317 }
2318 } else if (a.base >= 0) {
2319 ea = cpu_regs[a.base];
2320 }
2321 if (!ea) {
2322 if (tb_cflags(s->base.tb) & CF_PCREL && a.base == -2) {
2323 /* With cpu_eip ~= pc_save, the expression is pc-relative. */
2324 tcg_gen_addi_tl(s->A0, cpu_eip, a.disp - s->pc_save);
2325 } else {
2326 tcg_gen_movi_tl(s->A0, a.disp);
2327 }
2328 ea = s->A0;
2329 } else if (a.disp != 0) {
2330 tcg_gen_addi_tl(s->A0, ea, a.disp);
2331 ea = s->A0;
2332 }
2333
2334 return ea;
2335 }
2336
2337 static void gen_lea_modrm(CPUX86State *env, DisasContext *s, int modrm)
2338 {
2339 AddressParts a = gen_lea_modrm_0(env, s, modrm);
2340 TCGv ea = gen_lea_modrm_1(s, a, false);
2341 gen_lea_v_seg(s, s->aflag, ea, a.def_seg, s->override);
2342 }
2343
2344 static void gen_nop_modrm(CPUX86State *env, DisasContext *s, int modrm)
2345 {
2346 (void)gen_lea_modrm_0(env, s, modrm);
2347 }
2348
2349 /* Used for BNDCL, BNDCU, BNDCN. */
2350 static void gen_bndck(CPUX86State *env, DisasContext *s, int modrm,
2351 TCGCond cond, TCGv_i64 bndv)
2352 {
2353 AddressParts a = gen_lea_modrm_0(env, s, modrm);
2354 TCGv ea = gen_lea_modrm_1(s, a, false);
2355
2356 tcg_gen_extu_tl_i64(s->tmp1_i64, ea);
2357 if (!CODE64(s)) {
2358 tcg_gen_ext32u_i64(s->tmp1_i64, s->tmp1_i64);
2359 }
2360 tcg_gen_setcond_i64(cond, s->tmp1_i64, s->tmp1_i64, bndv);
2361 tcg_gen_extrl_i64_i32(s->tmp2_i32, s->tmp1_i64);
2362 gen_helper_bndck(cpu_env, s->tmp2_i32);
2363 }
2364
2365 /* used for LEA and MOV AX, mem */
2366 static void gen_add_A0_ds_seg(DisasContext *s)
2367 {
2368 gen_lea_v_seg(s, s->aflag, s->A0, R_DS, s->override);
2369 }
2370
2371 /* generate modrm memory load or store of 'reg'. TMP0 is used if reg ==
2372 OR_TMP0 */
2373 static void gen_ldst_modrm(CPUX86State *env, DisasContext *s, int modrm,
2374 MemOp ot, int reg, int is_store)
2375 {
2376 int mod, rm;
2377
2378 mod = (modrm >> 6) & 3;
2379 rm = (modrm & 7) | REX_B(s);
2380 if (mod == 3) {
2381 if (is_store) {
2382 if (reg != OR_TMP0)
2383 gen_op_mov_v_reg(s, ot, s->T0, reg);
2384 gen_op_mov_reg_v(s, ot, rm, s->T0);
2385 } else {
2386 gen_op_mov_v_reg(s, ot, s->T0, rm);
2387 if (reg != OR_TMP0)
2388 gen_op_mov_reg_v(s, ot, reg, s->T0);
2389 }
2390 } else {
2391 gen_lea_modrm(env, s, modrm);
2392 if (is_store) {
2393 if (reg != OR_TMP0)
2394 gen_op_mov_v_reg(s, ot, s->T0, reg);
2395 gen_op_st_v(s, ot, s->T0, s->A0);
2396 } else {
2397 gen_op_ld_v(s, ot, s->T0, s->A0);
2398 if (reg != OR_TMP0)
2399 gen_op_mov_reg_v(s, ot, reg, s->T0);
2400 }
2401 }
2402 }
2403
2404 static target_ulong insn_get_addr(CPUX86State *env, DisasContext *s, MemOp ot)
2405 {
2406 target_ulong ret;
2407
2408 switch (ot) {
2409 case MO_8:
2410 ret = x86_ldub_code(env, s);
2411 break;
2412 case MO_16:
2413 ret = x86_lduw_code(env, s);
2414 break;
2415 case MO_32:
2416 ret = x86_ldl_code(env, s);
2417 break;
2418 #ifdef TARGET_X86_64
2419 case MO_64:
2420 ret = x86_ldq_code(env, s);
2421 break;
2422 #endif
2423 default:
2424 g_assert_not_reached();
2425 }
2426 return ret;
2427 }
2428
2429 static inline uint32_t insn_get(CPUX86State *env, DisasContext *s, MemOp ot)
2430 {
2431 uint32_t ret;
2432
2433 switch (ot) {
2434 case MO_8:
2435 ret = x86_ldub_code(env, s);
2436 break;
2437 case MO_16:
2438 ret = x86_lduw_code(env, s);
2439 break;
2440 case MO_32:
2441 #ifdef TARGET_X86_64
2442 case MO_64:
2443 #endif
2444 ret = x86_ldl_code(env, s);
2445 break;
2446 default:
2447 tcg_abort();
2448 }
2449 return ret;
2450 }
2451
2452 static target_long insn_get_signed(CPUX86State *env, DisasContext *s, MemOp ot)
2453 {
2454 target_long ret;
2455
2456 switch (ot) {
2457 case MO_8:
2458 ret = (int8_t) x86_ldub_code(env, s);
2459 break;
2460 case MO_16:
2461 ret = (int16_t) x86_lduw_code(env, s);
2462 break;
2463 case MO_32:
2464 ret = (int32_t) x86_ldl_code(env, s);
2465 break;
2466 #ifdef TARGET_X86_64
2467 case MO_64:
2468 ret = x86_ldq_code(env, s);
2469 break;
2470 #endif
2471 default:
2472 g_assert_not_reached();
2473 }
2474 return ret;
2475 }
2476
2477 static inline int insn_const_size(MemOp ot)
2478 {
2479 if (ot <= MO_32) {
2480 return 1 << ot;
2481 } else {
2482 return 4;
2483 }
2484 }
2485
2486 static void gen_jcc(DisasContext *s, int b, int diff)
2487 {
2488 TCGLabel *l1 = gen_new_label();
2489
2490 gen_jcc1(s, b, l1);
2491 gen_jmp_rel_csize(s, 0, 1);
2492 gen_set_label(l1);
2493 gen_jmp_rel(s, s->dflag, diff, 0);
2494 }
2495
2496 static void gen_cmovcc1(CPUX86State *env, DisasContext *s, MemOp ot, int b,
2497 int modrm, int reg)
2498 {
2499 CCPrepare cc;
2500
2501 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
2502
2503 cc = gen_prepare_cc(s, b, s->T1);
2504 if (cc.mask != -1) {
2505 TCGv t0 = tcg_temp_new();
2506 tcg_gen_andi_tl(t0, cc.reg, cc.mask);
2507 cc.reg = t0;
2508 }
2509 if (!cc.use_reg2) {
2510 cc.reg2 = tcg_const_tl(cc.imm);
2511 }
2512
2513 tcg_gen_movcond_tl(cc.cond, s->T0, cc.reg, cc.reg2,
2514 s->T0, cpu_regs[reg]);
2515 gen_op_mov_reg_v(s, ot, reg, s->T0);
2516
2517 if (cc.mask != -1) {
2518 tcg_temp_free(cc.reg);
2519 }
2520 if (!cc.use_reg2) {
2521 tcg_temp_free(cc.reg2);
2522 }
2523 }
2524
2525 static inline void gen_op_movl_T0_seg(DisasContext *s, X86Seg seg_reg)
2526 {
2527 tcg_gen_ld32u_tl(s->T0, cpu_env,
2528 offsetof(CPUX86State,segs[seg_reg].selector));
2529 }
2530
2531 static inline void gen_op_movl_seg_T0_vm(DisasContext *s, X86Seg seg_reg)
2532 {
2533 tcg_gen_ext16u_tl(s->T0, s->T0);
2534 tcg_gen_st32_tl(s->T0, cpu_env,
2535 offsetof(CPUX86State,segs[seg_reg].selector));
2536 tcg_gen_shli_tl(cpu_seg_base[seg_reg], s->T0, 4);
2537 }
2538
2539 /* move T0 to seg_reg and compute if the CPU state may change. Never
2540 call this function with seg_reg == R_CS */
2541 static void gen_movl_seg_T0(DisasContext *s, X86Seg seg_reg)
2542 {
2543 if (PE(s) && !VM86(s)) {
2544 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
2545 gen_helper_load_seg(cpu_env, tcg_const_i32(seg_reg), s->tmp2_i32);
2546 /* abort translation because the addseg value may change or
2547 because ss32 may change. For R_SS, translation must always
2548 stop as a special handling must be done to disable hardware
2549 interrupts for the next instruction */
2550 if (seg_reg == R_SS) {
2551 s->base.is_jmp = DISAS_EOB_INHIBIT_IRQ;
2552 } else if (CODE32(s) && seg_reg < R_FS) {
2553 s->base.is_jmp = DISAS_EOB_NEXT;
2554 }
2555 } else {
2556 gen_op_movl_seg_T0_vm(s, seg_reg);
2557 if (seg_reg == R_SS) {
2558 s->base.is_jmp = DISAS_EOB_INHIBIT_IRQ;
2559 }
2560 }
2561 }
2562
2563 static void gen_svm_check_intercept(DisasContext *s, uint32_t type)
2564 {
2565 /* no SVM activated; fast case */
2566 if (likely(!GUEST(s))) {
2567 return;
2568 }
2569 gen_helper_svm_check_intercept(cpu_env, tcg_constant_i32(type));
2570 }
2571
2572 static inline void gen_stack_update(DisasContext *s, int addend)
2573 {
2574 gen_op_add_reg_im(s, mo_stacksize(s), R_ESP, addend);
2575 }
2576
2577 /* Generate a push. It depends on ss32, addseg and dflag. */
2578 static void gen_push_v(DisasContext *s, TCGv val)
2579 {
2580 MemOp d_ot = mo_pushpop(s, s->dflag);
2581 MemOp a_ot = mo_stacksize(s);
2582 int size = 1 << d_ot;
2583 TCGv new_esp = s->A0;
2584
2585 tcg_gen_subi_tl(s->A0, cpu_regs[R_ESP], size);
2586
2587 if (!CODE64(s)) {
2588 if (ADDSEG(s)) {
2589 new_esp = s->tmp4;
2590 tcg_gen_mov_tl(new_esp, s->A0);
2591 }
2592 gen_lea_v_seg(s, a_ot, s->A0, R_SS, -1);
2593 }
2594
2595 gen_op_st_v(s, d_ot, val, s->A0);
2596 gen_op_mov_reg_v(s, a_ot, R_ESP, new_esp);
2597 }
2598
2599 /* two step pop is necessary for precise exceptions */
2600 static MemOp gen_pop_T0(DisasContext *s)
2601 {
2602 MemOp d_ot = mo_pushpop(s, s->dflag);
2603
2604 gen_lea_v_seg(s, mo_stacksize(s), cpu_regs[R_ESP], R_SS, -1);
2605 gen_op_ld_v(s, d_ot, s->T0, s->A0);
2606
2607 return d_ot;
2608 }
2609
2610 static inline void gen_pop_update(DisasContext *s, MemOp ot)
2611 {
2612 gen_stack_update(s, 1 << ot);
2613 }
2614
2615 static inline void gen_stack_A0(DisasContext *s)
2616 {
2617 gen_lea_v_seg(s, SS32(s) ? MO_32 : MO_16, cpu_regs[R_ESP], R_SS, -1);
2618 }
2619
2620 static void gen_pusha(DisasContext *s)
2621 {
2622 MemOp s_ot = SS32(s) ? MO_32 : MO_16;
2623 MemOp d_ot = s->dflag;
2624 int size = 1 << d_ot;
2625 int i;
2626
2627 for (i = 0; i < 8; i++) {
2628 tcg_gen_addi_tl(s->A0, cpu_regs[R_ESP], (i - 8) * size);
2629 gen_lea_v_seg(s, s_ot, s->A0, R_SS, -1);
2630 gen_op_st_v(s, d_ot, cpu_regs[7 - i], s->A0);
2631 }
2632
2633 gen_stack_update(s, -8 * size);
2634 }
2635
2636 static void gen_popa(DisasContext *s)
2637 {
2638 MemOp s_ot = SS32(s) ? MO_32 : MO_16;
2639 MemOp d_ot = s->dflag;
2640 int size = 1 << d_ot;
2641 int i;
2642
2643 for (i = 0; i < 8; i++) {
2644 /* ESP is not reloaded */
2645 if (7 - i == R_ESP) {
2646 continue;
2647 }
2648 tcg_gen_addi_tl(s->A0, cpu_regs[R_ESP], i * size);
2649 gen_lea_v_seg(s, s_ot, s->A0, R_SS, -1);
2650 gen_op_ld_v(s, d_ot, s->T0, s->A0);
2651 gen_op_mov_reg_v(s, d_ot, 7 - i, s->T0);
2652 }
2653
2654 gen_stack_update(s, 8 * size);
2655 }
2656
2657 static void gen_enter(DisasContext *s, int esp_addend, int level)
2658 {
2659 MemOp d_ot = mo_pushpop(s, s->dflag);
2660 MemOp a_ot = CODE64(s) ? MO_64 : SS32(s) ? MO_32 : MO_16;
2661 int size = 1 << d_ot;
2662
2663 /* Push BP; compute FrameTemp into T1. */
2664 tcg_gen_subi_tl(s->T1, cpu_regs[R_ESP], size);
2665 gen_lea_v_seg(s, a_ot, s->T1, R_SS, -1);
2666 gen_op_st_v(s, d_ot, cpu_regs[R_EBP], s->A0);
2667
2668 level &= 31;
2669 if (level != 0) {
2670 int i;
2671
2672 /* Copy level-1 pointers from the previous frame. */
2673 for (i = 1; i < level; ++i) {
2674 tcg_gen_subi_tl(s->A0, cpu_regs[R_EBP], size * i);
2675 gen_lea_v_seg(s, a_ot, s->A0, R_SS, -1);
2676 gen_op_ld_v(s, d_ot, s->tmp0, s->A0);
2677
2678 tcg_gen_subi_tl(s->A0, s->T1, size * i);
2679 gen_lea_v_seg(s, a_ot, s->A0, R_SS, -1);
2680 gen_op_st_v(s, d_ot, s->tmp0, s->A0);
2681 }
2682
2683 /* Push the current FrameTemp as the last level. */
2684 tcg_gen_subi_tl(s->A0, s->T1, size * level);
2685 gen_lea_v_seg(s, a_ot, s->A0, R_SS, -1);
2686 gen_op_st_v(s, d_ot, s->T1, s->A0);
2687 }
2688
2689 /* Copy the FrameTemp value to EBP. */
2690 gen_op_mov_reg_v(s, a_ot, R_EBP, s->T1);
2691
2692 /* Compute the final value of ESP. */
2693 tcg_gen_subi_tl(s->T1, s->T1, esp_addend + size * level);
2694 gen_op_mov_reg_v(s, a_ot, R_ESP, s->T1);
2695 }
2696
2697 static void gen_leave(DisasContext *s)
2698 {
2699 MemOp d_ot = mo_pushpop(s, s->dflag);
2700 MemOp a_ot = mo_stacksize(s);
2701
2702 gen_lea_v_seg(s, a_ot, cpu_regs[R_EBP], R_SS, -1);
2703 gen_op_ld_v(s, d_ot, s->T0, s->A0);
2704
2705 tcg_gen_addi_tl(s->T1, cpu_regs[R_EBP], 1 << d_ot);
2706
2707 gen_op_mov_reg_v(s, d_ot, R_EBP, s->T0);
2708 gen_op_mov_reg_v(s, a_ot, R_ESP, s->T1);
2709 }
2710
2711 /* Similarly, except that the assumption here is that we don't decode
2712 the instruction at all -- either a missing opcode, an unimplemented
2713 feature, or just a bogus instruction stream. */
2714 static void gen_unknown_opcode(CPUX86State *env, DisasContext *s)
2715 {
2716 gen_illegal_opcode(s);
2717
2718 if (qemu_loglevel_mask(LOG_UNIMP)) {
2719 FILE *logfile = qemu_log_trylock();
2720 if (logfile) {
2721 target_ulong pc = s->base.pc_next, end = s->pc;
2722
2723 fprintf(logfile, "ILLOPC: " TARGET_FMT_lx ":", pc);
2724 for (; pc < end; ++pc) {
2725 fprintf(logfile, " %02x", cpu_ldub_code(env, pc));
2726 }
2727 fprintf(logfile, "\n");
2728 qemu_log_unlock(logfile);
2729 }
2730 }
2731 }
2732
2733 /* an interrupt is different from an exception because of the
2734 privilege checks */
2735 static void gen_interrupt(DisasContext *s, int intno)
2736 {
2737 gen_update_cc_op(s);
2738 gen_update_eip_cur(s);
2739 gen_helper_raise_interrupt(cpu_env, tcg_constant_i32(intno),
2740 cur_insn_len_i32(s));
2741 s->base.is_jmp = DISAS_NORETURN;
2742 }
2743
2744 static void gen_set_hflag(DisasContext *s, uint32_t mask)
2745 {
2746 if ((s->flags & mask) == 0) {
2747 TCGv_i32 t = tcg_temp_new_i32();
2748 tcg_gen_ld_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2749 tcg_gen_ori_i32(t, t, mask);
2750 tcg_gen_st_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2751 tcg_temp_free_i32(t);
2752 s->flags |= mask;
2753 }
2754 }
2755
2756 static void gen_reset_hflag(DisasContext *s, uint32_t mask)
2757 {
2758 if (s->flags & mask) {
2759 TCGv_i32 t = tcg_temp_new_i32();
2760 tcg_gen_ld_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2761 tcg_gen_andi_i32(t, t, ~mask);
2762 tcg_gen_st_i32(t, cpu_env, offsetof(CPUX86State, hflags));
2763 tcg_temp_free_i32(t);
2764 s->flags &= ~mask;
2765 }
2766 }
2767
2768 static void gen_set_eflags(DisasContext *s, target_ulong mask)
2769 {
2770 TCGv t = tcg_temp_new();
2771
2772 tcg_gen_ld_tl(t, cpu_env, offsetof(CPUX86State, eflags));
2773 tcg_gen_ori_tl(t, t, mask);
2774 tcg_gen_st_tl(t, cpu_env, offsetof(CPUX86State, eflags));
2775 tcg_temp_free(t);
2776 }
2777
2778 static void gen_reset_eflags(DisasContext *s, target_ulong mask)
2779 {
2780 TCGv t = tcg_temp_new();
2781
2782 tcg_gen_ld_tl(t, cpu_env, offsetof(CPUX86State, eflags));
2783 tcg_gen_andi_tl(t, t, ~mask);
2784 tcg_gen_st_tl(t, cpu_env, offsetof(CPUX86State, eflags));
2785 tcg_temp_free(t);
2786 }
2787
2788 /* Clear BND registers during legacy branches. */
2789 static void gen_bnd_jmp(DisasContext *s)
2790 {
2791 /* Clear the registers only if BND prefix is missing, MPX is enabled,
2792 and if the BNDREGs are known to be in use (non-zero) already.
2793 The helper itself will check BNDPRESERVE at runtime. */
2794 if ((s->prefix & PREFIX_REPNZ) == 0
2795 && (s->flags & HF_MPX_EN_MASK) != 0
2796 && (s->flags & HF_MPX_IU_MASK) != 0) {
2797 gen_helper_bnd_jmp(cpu_env);
2798 }
2799 }
2800
2801 /* Generate an end of block. Trace exception is also generated if needed.
2802 If INHIBIT, set HF_INHIBIT_IRQ_MASK if it isn't already set.
2803 If RECHECK_TF, emit a rechecking helper for #DB, ignoring the state of
2804 S->TF. This is used by the syscall/sysret insns. */
2805 static void
2806 do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr)
2807 {
2808 gen_update_cc_op(s);
2809
2810 /* If several instructions disable interrupts, only the first does it. */
2811 if (inhibit && !(s->flags & HF_INHIBIT_IRQ_MASK)) {
2812 gen_set_hflag(s, HF_INHIBIT_IRQ_MASK);
2813 } else {
2814 gen_reset_hflag(s, HF_INHIBIT_IRQ_MASK);
2815 }
2816
2817 if (s->base.tb->flags & HF_RF_MASK) {
2818 gen_reset_eflags(s, RF_MASK);
2819 }
2820 if (recheck_tf) {
2821 gen_helper_rechecking_single_step(cpu_env);
2822 tcg_gen_exit_tb(NULL, 0);
2823 } else if (s->flags & HF_TF_MASK) {
2824 gen_helper_single_step(cpu_env);
2825 } else if (jr) {
2826 tcg_gen_lookup_and_goto_ptr();
2827 } else {
2828 tcg_gen_exit_tb(NULL, 0);
2829 }
2830 s->base.is_jmp = DISAS_NORETURN;
2831 }
2832
2833 static inline void
2834 gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf)
2835 {
2836 do_gen_eob_worker(s, inhibit, recheck_tf, false);
2837 }
2838
2839 /* End of block.
2840 If INHIBIT, set HF_INHIBIT_IRQ_MASK if it isn't already set. */
2841 static void gen_eob_inhibit_irq(DisasContext *s, bool inhibit)
2842 {
2843 gen_eob_worker(s, inhibit, false);
2844 }
2845
2846 /* End of block, resetting the inhibit irq flag. */
2847 static void gen_eob(DisasContext *s)
2848 {
2849 gen_eob_worker(s, false, false);
2850 }
2851
2852 /* Jump to register */
2853 static void gen_jr(DisasContext *s)
2854 {
2855 do_gen_eob_worker(s, false, false, true);
2856 }
2857
2858 /* Jump to eip+diff, truncating the result to OT. */
2859 static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num)
2860 {
2861 bool use_goto_tb = s->jmp_opt;
2862 target_ulong mask = -1;
2863 target_ulong new_pc = s->pc + diff;
2864 target_ulong new_eip = new_pc - s->cs_base;
2865
2866 /* In 64-bit mode, operand size is fixed at 64 bits. */
2867 if (!CODE64(s)) {
2868 if (ot == MO_16) {
2869 mask = 0xffff;
2870 if (tb_cflags(s->base.tb) & CF_PCREL && CODE32(s)) {
2871 use_goto_tb = false;
2872 }
2873 } else {
2874 mask = 0xffffffff;
2875 }
2876 }
2877 new_eip &= mask;
2878
2879 gen_update_cc_op(s);
2880 set_cc_op(s, CC_OP_DYNAMIC);
2881
2882 if (tb_cflags(s->base.tb) & CF_PCREL) {
2883 tcg_gen_addi_tl(cpu_eip, cpu_eip, new_pc - s->pc_save);
2884 /*
2885 * If we can prove the branch does not leave the page and we have
2886 * no extra masking to apply (data16 branch in code32, see above),
2887 * then we have also proven that the addition does not wrap.
2888 */
2889 if (!use_goto_tb || !is_same_page(&s->base, new_pc)) {
2890 tcg_gen_andi_tl(cpu_eip, cpu_eip, mask);
2891 use_goto_tb = false;
2892 }
2893 }
2894
2895 if (use_goto_tb &&
2896 translator_use_goto_tb(&s->base, new_eip + s->cs_base)) {
2897 /* jump to same page: we can use a direct jump */
2898 tcg_gen_goto_tb(tb_num);
2899 if (!(tb_cflags(s->base.tb) & CF_PCREL)) {
2900 tcg_gen_movi_tl(cpu_eip, new_eip);
2901 }
2902 tcg_gen_exit_tb(s->base.tb, tb_num);
2903 s->base.is_jmp = DISAS_NORETURN;
2904 } else {
2905 if (!(tb_cflags(s->base.tb) & CF_PCREL)) {
2906 tcg_gen_movi_tl(cpu_eip, new_eip);
2907 }
2908 if (s->jmp_opt) {
2909 gen_jr(s); /* jump to another page */
2910 } else {
2911 gen_eob(s); /* exit to main loop */
2912 }
2913 }
2914 }
2915
2916 /* Jump to eip+diff, truncating to the current code size. */
2917 static void gen_jmp_rel_csize(DisasContext *s, int diff, int tb_num)
2918 {
2919 /* CODE64 ignores the OT argument, so we need not consider it. */
2920 gen_jmp_rel(s, CODE32(s) ? MO_32 : MO_16, diff, tb_num);
2921 }
2922
2923 static inline void gen_ldq_env_A0(DisasContext *s, int offset)
2924 {
2925 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, s->mem_index, MO_LEUQ);
2926 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset);
2927 }
2928
2929 static inline void gen_stq_env_A0(DisasContext *s, int offset)
2930 {
2931 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset);
2932 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0, s->mem_index, MO_LEUQ);
2933 }
2934
2935 static inline void gen_ldo_env_A0(DisasContext *s, int offset, bool align)
2936 {
2937 int mem_index = s->mem_index;
2938 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, mem_index,
2939 MO_LEUQ | (align ? MO_ALIGN_16 : 0));
2940 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(XMMReg, XMM_Q(0)));
2941 tcg_gen_addi_tl(s->tmp0, s->A0, 8);
2942 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ);
2943 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(XMMReg, XMM_Q(1)));
2944 }
2945
2946 static inline void gen_sto_env_A0(DisasContext *s, int offset, bool align)
2947 {
2948 int mem_index = s->mem_index;
2949 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(XMMReg, XMM_Q(0)));
2950 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0, mem_index,
2951 MO_LEUQ | (align ? MO_ALIGN_16 : 0));
2952 tcg_gen_addi_tl(s->tmp0, s->A0, 8);
2953 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(XMMReg, XMM_Q(1)));
2954 tcg_gen_qemu_st_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ);
2955 }
2956
2957 static void gen_ldy_env_A0(DisasContext *s, int offset, bool align)
2958 {
2959 int mem_index = s->mem_index;
2960 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, mem_index,
2961 MO_LEUQ | (align ? MO_ALIGN_32 : 0));
2962 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(0)));
2963 tcg_gen_addi_tl(s->tmp0, s->A0, 8);
2964 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ);
2965 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(1)));
2966
2967 tcg_gen_addi_tl(s->tmp0, s->A0, 16);
2968 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ);
2969 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(2)));
2970 tcg_gen_addi_tl(s->tmp0, s->A0, 24);
2971 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ);
2972 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(3)));
2973 }
2974
2975 static void gen_sty_env_A0(DisasContext *s, int offset, bool align)
2976 {
2977 int mem_index = s->mem_index;
2978 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(0)));
2979 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0, mem_index,
2980 MO_LEUQ | (align ? MO_ALIGN_32 : 0));
2981 tcg_gen_addi_tl(s->tmp0, s->A0, 8);
2982 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(1)));
2983 tcg_gen_qemu_st_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ);
2984 tcg_gen_addi_tl(s->tmp0, s->A0, 16);
2985 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(2)));
2986 tcg_gen_qemu_st_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ);
2987 tcg_gen_addi_tl(s->tmp0, s->A0, 24);
2988 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(3)));
2989 tcg_gen_qemu_st_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ);
2990 }
2991
2992 #include "decode-new.h"
2993 #include "emit.c.inc"
2994 #include "decode-new.c.inc"
2995
2996 static void gen_cmpxchg8b(DisasContext *s, CPUX86State *env, int modrm)
2997 {
2998 TCGv_i64 cmp, val, old;
2999 TCGv Z;
3000
3001 gen_lea_modrm(env, s, modrm);
3002
3003 cmp = tcg_temp_new_i64();
3004 val = tcg_temp_new_i64();
3005 old = tcg_temp_new_i64();
3006
3007 /* Construct the comparison values from the register pair. */
3008 tcg_gen_concat_tl_i64(cmp, cpu_regs[R_EAX], cpu_regs[R_EDX]);
3009 tcg_gen_concat_tl_i64(val, cpu_regs[R_EBX], cpu_regs[R_ECX]);
3010
3011 /* Only require atomic with LOCK; non-parallel handled in generator. */
3012 if (s->prefix & PREFIX_LOCK) {
3013 tcg_gen_atomic_cmpxchg_i64(old, s->A0, cmp, val, s->mem_index, MO_TEUQ);
3014 } else {
3015 tcg_gen_nonatomic_cmpxchg_i64(old, s->A0, cmp, val,
3016 s->mem_index, MO_TEUQ);
3017 }
3018 tcg_temp_free_i64(val);
3019
3020 /* Set tmp0 to match the required value of Z. */
3021 tcg_gen_setcond_i64(TCG_COND_EQ, cmp, old, cmp);
3022 Z = tcg_temp_new();
3023 tcg_gen_trunc_i64_tl(Z, cmp);
3024 tcg_temp_free_i64(cmp);
3025
3026 /*
3027 * Extract the result values for the register pair.
3028 * For 32-bit, we may do this unconditionally, because on success (Z=1),
3029 * the old value matches the previous value in EDX:EAX. For x86_64,
3030 * the store must be conditional, because we must leave the source
3031 * registers unchanged on success, and zero-extend the writeback
3032 * on failure (Z=0).
3033 */
3034 if (TARGET_LONG_BITS == 32) {
3035 tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], old);
3036 } else {
3037 TCGv zero = tcg_constant_tl(0);
3038
3039 tcg_gen_extr_i64_tl(s->T0, s->T1, old);
3040 tcg_gen_movcond_tl(TCG_COND_EQ, cpu_regs[R_EAX], Z, zero,
3041 s->T0, cpu_regs[R_EAX]);
3042 tcg_gen_movcond_tl(TCG_COND_EQ, cpu_regs[R_EDX], Z, zero,
3043 s->T1, cpu_regs[R_EDX]);
3044 }
3045 tcg_temp_free_i64(old);
3046
3047 /* Update Z. */
3048 gen_compute_eflags(s);
3049 tcg_gen_deposit_tl(cpu_cc_src, cpu_cc_src, Z, ctz32(CC_Z), 1);
3050 tcg_temp_free(Z);
3051 }
3052
3053 #ifdef TARGET_X86_64
3054 static void gen_cmpxchg16b(DisasContext *s, CPUX86State *env, int modrm)
3055 {
3056 MemOp mop = MO_TE | MO_128 | MO_ALIGN;
3057 TCGv_i64 t0, t1;
3058 TCGv_i128 cmp, val;
3059
3060 gen_lea_modrm(env, s, modrm);
3061
3062 cmp = tcg_temp_new_i128();
3063 val = tcg_temp_new_i128();
3064 tcg_gen_concat_i64_i128(cmp, cpu_regs[R_EAX], cpu_regs[R_EDX]);
3065 tcg_gen_concat_i64_i128(val, cpu_regs[R_EBX], cpu_regs[R_ECX]);
3066
3067 /* Only require atomic with LOCK; non-parallel handled in generator. */
3068 if (s->prefix & PREFIX_LOCK) {
3069 tcg_gen_atomic_cmpxchg_i128(val, s->A0, cmp, val, s->mem_index, mop);
3070 } else {
3071 tcg_gen_nonatomic_cmpxchg_i128(val, s->A0, cmp, val, s->mem_index, mop);
3072 }
3073
3074 tcg_gen_extr_i128_i64(s->T0, s->T1, val);
3075 tcg_temp_free_i128(cmp);
3076 tcg_temp_free_i128(val);
3077
3078 /* Determine success after the fact. */
3079 t0 = tcg_temp_new_i64();
3080 t1 = tcg_temp_new_i64();
3081 tcg_gen_xor_i64(t0, s->T0, cpu_regs[R_EAX]);
3082 tcg_gen_xor_i64(t1, s->T1, cpu_regs[R_EDX]);
3083 tcg_gen_or_i64(t0, t0, t1);
3084 tcg_temp_free_i64(t1);
3085
3086 /* Update Z. */
3087 gen_compute_eflags(s);
3088 tcg_gen_setcondi_i64(TCG_COND_EQ, t0, t0, 0);
3089 tcg_gen_deposit_tl(cpu_cc_src, cpu_cc_src, t0, ctz32(CC_Z), 1);
3090 tcg_temp_free_i64(t0);
3091
3092 /*
3093 * Extract the result values for the register pair. We may do this
3094 * unconditionally, because on success (Z=1), the old value matches
3095 * the previous value in RDX:RAX.
3096 */
3097 tcg_gen_mov_i64(cpu_regs[R_EAX], s->T0);
3098 tcg_gen_mov_i64(cpu_regs[R_EDX], s->T1);
3099 }
3100 #endif
3101
3102 /* convert one instruction. s->base.is_jmp is set if the translation must
3103 be stopped. Return the next pc value */
3104 static bool disas_insn(DisasContext *s, CPUState *cpu)
3105 {
3106 CPUX86State *env = cpu->env_ptr;
3107 int b, prefixes;
3108 int shift;
3109 MemOp ot, aflag, dflag;
3110 int modrm, reg, rm, mod, op, opreg, val;
3111 bool orig_cc_op_dirty = s->cc_op_dirty;
3112 CCOp orig_cc_op = s->cc_op;
3113 target_ulong orig_pc_save = s->pc_save;
3114
3115 s->pc = s->base.pc_next;
3116 s->override = -1;
3117 #ifdef TARGET_X86_64
3118 s->rex_r = 0;
3119 s->rex_x = 0;
3120 s->rex_b = 0;
3121 #endif
3122 s->rip_offset = 0; /* for relative ip address */
3123 s->vex_l = 0;
3124 s->vex_v = 0;
3125 s->vex_w = false;
3126 switch (sigsetjmp(s->jmpbuf, 0)) {
3127 case 0:
3128 break;
3129 case 1:
3130 gen_exception_gpf(s);
3131 return true;
3132 case 2:
3133 /* Restore state that may affect the next instruction. */
3134 s->pc = s->base.pc_next;
3135 /*
3136 * TODO: These save/restore can be removed after the table-based
3137 * decoder is complete; we will be decoding the insn completely
3138 * before any code generation that might affect these variables.
3139 */
3140 s->cc_op_dirty = orig_cc_op_dirty;
3141 s->cc_op = orig_cc_op;
3142 s->pc_save = orig_pc_save;
3143 /* END TODO */
3144 s->base.num_insns--;
3145 tcg_remove_ops_after(s->prev_insn_end);
3146 s->base.is_jmp = DISAS_TOO_MANY;
3147 return false;
3148 default:
3149 g_assert_not_reached();
3150 }
3151
3152 prefixes = 0;
3153
3154 next_byte:
3155 s->prefix = prefixes;
3156 b = x86_ldub_code(env, s);
3157 /* Collect prefixes. */
3158 switch (b) {
3159 default:
3160 break;
3161 case 0x0f:
3162 b = x86_ldub_code(env, s) + 0x100;
3163 break;
3164 case 0xf3:
3165 prefixes |= PREFIX_REPZ;
3166 prefixes &= ~PREFIX_REPNZ;
3167 goto next_byte;
3168 case 0xf2:
3169 prefixes |= PREFIX_REPNZ;
3170 prefixes &= ~PREFIX_REPZ;
3171 goto next_byte;
3172 case 0xf0:
3173 prefixes |= PREFIX_LOCK;
3174 goto next_byte;
3175 case 0x2e:
3176 s->override = R_CS;
3177 goto next_byte;
3178 case 0x36:
3179 s->override = R_SS;
3180 goto next_byte;
3181 case 0x3e:
3182 s->override = R_DS;
3183 goto next_byte;
3184 case 0x26:
3185 s->override = R_ES;
3186 goto next_byte;
3187 case 0x64:
3188 s->override = R_FS;
3189 goto next_byte;
3190 case 0x65:
3191 s->override = R_GS;
3192 goto next_byte;
3193 case 0x66:
3194 prefixes |= PREFIX_DATA;
3195 goto next_byte;
3196 case 0x67:
3197 prefixes |= PREFIX_ADR;
3198 goto next_byte;
3199 #ifdef TARGET_X86_64
3200 case 0x40 ... 0x4f:
3201 if (CODE64(s)) {
3202 /* REX prefix */
3203 prefixes |= PREFIX_REX;
3204 s->vex_w = (b >> 3) & 1;
3205 s->rex_r = (b & 0x4) << 1;
3206 s->rex_x = (b & 0x2) << 2;
3207 s->rex_b = (b & 0x1) << 3;
3208 goto next_byte;
3209 }
3210 break;
3211 #endif
3212 case 0xc5: /* 2-byte VEX */
3213 case 0xc4: /* 3-byte VEX */
3214 if (CODE32(s) && !VM86(s)) {
3215 int vex2 = x86_ldub_code(env, s);
3216 s->pc--; /* rewind the advance_pc() x86_ldub_code() did */
3217
3218 if (!CODE64(s) && (vex2 & 0xc0) != 0xc0) {
3219 /* 4.1.4.6: In 32-bit mode, bits [7:6] must be 11b,
3220 otherwise the instruction is LES or LDS. */
3221 break;
3222 }
3223 disas_insn_new(s, cpu, b);
3224 return s->pc;
3225 }
3226 break;
3227 }
3228
3229 /* Post-process prefixes. */
3230 if (CODE64(s)) {
3231 /* In 64-bit mode, the default data size is 32-bit. Select 64-bit
3232 data with rex_w, and 16-bit data with 0x66; rex_w takes precedence
3233 over 0x66 if both are present. */
3234 dflag = (REX_W(s) ? MO_64 : prefixes & PREFIX_DATA ? MO_16 : MO_32);
3235 /* In 64-bit mode, 0x67 selects 32-bit addressing. */
3236 aflag = (prefixes & PREFIX_ADR ? MO_32 : MO_64);
3237 } else {
3238 /* In 16/32-bit mode, 0x66 selects the opposite data size. */
3239 if (CODE32(s) ^ ((prefixes & PREFIX_DATA) != 0)) {
3240 dflag = MO_32;
3241 } else {
3242 dflag = MO_16;
3243 }
3244 /* In 16/32-bit mode, 0x67 selects the opposite addressing. */
3245 if (CODE32(s) ^ ((prefixes & PREFIX_ADR) != 0)) {
3246 aflag = MO_32;
3247 } else {
3248 aflag = MO_16;
3249 }
3250 }
3251
3252 s->prefix = prefixes;
3253 s->aflag = aflag;
3254 s->dflag = dflag;
3255
3256 /* now check op code */
3257 switch (b) {
3258 /**************************/
3259 /* arith & logic */
3260 case 0x00 ... 0x05:
3261 case 0x08 ... 0x0d:
3262 case 0x10 ... 0x15:
3263 case 0x18 ... 0x1d:
3264 case 0x20 ... 0x25:
3265 case 0x28 ... 0x2d:
3266 case 0x30 ... 0x35:
3267 case 0x38 ... 0x3d:
3268 {
3269 int op, f, val;
3270 op = (b >> 3) & 7;
3271 f = (b >> 1) & 3;
3272
3273 ot = mo_b_d(b, dflag);
3274
3275 switch(f) {
3276 case 0: /* OP Ev, Gv */
3277 modrm = x86_ldub_code(env, s);
3278 reg = ((modrm >> 3) & 7) | REX_R(s);
3279 mod = (modrm >> 6) & 3;
3280 rm = (modrm & 7) | REX_B(s);
3281 if (mod != 3) {
3282 gen_lea_modrm(env, s, modrm);
3283 opreg = OR_TMP0;
3284 } else if (op == OP_XORL && rm == reg) {
3285 xor_zero:
3286 /* xor reg, reg optimisation */
3287 set_cc_op(s, CC_OP_CLR);
3288 tcg_gen_movi_tl(s->T0, 0);
3289 gen_op_mov_reg_v(s, ot, reg, s->T0);
3290 break;
3291 } else {
3292 opreg = rm;
3293 }
3294 gen_op_mov_v_reg(s, ot, s->T1, reg);
3295 gen_op(s, op, ot, opreg);
3296 break;
3297 case 1: /* OP Gv, Ev */
3298 modrm = x86_ldub_code(env, s);
3299 mod = (modrm >> 6) & 3;
3300 reg = ((modrm >> 3) & 7) | REX_R(s);
3301 rm = (modrm & 7) | REX_B(s);
3302 if (mod != 3) {
3303 gen_lea_modrm(env, s, modrm);
3304 gen_op_ld_v(s, ot, s->T1, s->A0);
3305 } else if (op == OP_XORL && rm == reg) {
3306 goto xor_zero;
3307 } else {
3308 gen_op_mov_v_reg(s, ot, s->T1, rm);
3309 }
3310 gen_op(s, op, ot, reg);
3311 break;
3312 case 2: /* OP A, Iv */
3313 val = insn_get(env, s, ot);
3314 tcg_gen_movi_tl(s->T1, val);
3315 gen_op(s, op, ot, OR_EAX);
3316 break;
3317 }
3318 }
3319 break;
3320
3321 case 0x82:
3322 if (CODE64(s))
3323 goto illegal_op;
3324 /* fall through */
3325 case 0x80: /* GRP1 */
3326 case 0x81:
3327 case 0x83:
3328 {
3329 int val;
3330
3331 ot = mo_b_d(b, dflag);
3332
3333 modrm = x86_ldub_code(env, s);
3334 mod = (modrm >> 6) & 3;
3335 rm = (modrm & 7) | REX_B(s);
3336 op = (modrm >> 3) & 7;
3337
3338 if (mod != 3) {
3339 if (b == 0x83)
3340 s->rip_offset = 1;
3341 else
3342 s->rip_offset = insn_const_size(ot);
3343 gen_lea_modrm(env, s, modrm);
3344 opreg = OR_TMP0;
3345 } else {
3346 opreg = rm;
3347 }
3348
3349 switch(b) {
3350 default:
3351 case 0x80:
3352 case 0x81:
3353 case 0x82:
3354 val = insn_get(env, s, ot);
3355 break;
3356 case 0x83:
3357 val = (int8_t)insn_get(env, s, MO_8);
3358 break;
3359 }
3360 tcg_gen_movi_tl(s->T1, val);
3361 gen_op(s, op, ot, opreg);
3362 }
3363 break;
3364
3365 /**************************/
3366 /* inc, dec, and other misc arith */
3367 case 0x40 ... 0x47: /* inc Gv */
3368 ot = dflag;
3369 gen_inc(s, ot, OR_EAX + (b & 7), 1);
3370 break;
3371 case 0x48 ... 0x4f: /* dec Gv */
3372 ot = dflag;
3373 gen_inc(s, ot, OR_EAX + (b & 7), -1);
3374 break;
3375 case 0xf6: /* GRP3 */
3376 case 0xf7:
3377 ot = mo_b_d(b, dflag);
3378
3379 modrm = x86_ldub_code(env, s);
3380 mod = (modrm >> 6) & 3;
3381 rm = (modrm & 7) | REX_B(s);
3382 op = (modrm >> 3) & 7;
3383 if (mod != 3) {
3384 if (op == 0) {
3385 s->rip_offset = insn_const_size(ot);
3386 }
3387 gen_lea_modrm(env, s, modrm);
3388 /* For those below that handle locked memory, don't load here. */
3389 if (!(s->prefix & PREFIX_LOCK)
3390 || op != 2) {
3391 gen_op_ld_v(s, ot, s->T0, s->A0);
3392 }
3393 } else {
3394 gen_op_mov_v_reg(s, ot, s->T0, rm);
3395 }
3396
3397 switch(op) {
3398 case 0: /* test */
3399 val = insn_get(env, s, ot);
3400 tcg_gen_movi_tl(s->T1, val);
3401 gen_op_testl_T0_T1_cc(s);
3402 set_cc_op(s, CC_OP_LOGICB + ot);
3403 break;
3404 case 2: /* not */
3405 if (s->prefix & PREFIX_LOCK) {
3406 if (mod == 3) {
3407 goto illegal_op;
3408 }
3409 tcg_gen_movi_tl(s->T0, ~0);
3410 tcg_gen_atomic_xor_fetch_tl(s->T0, s->A0, s->T0,
3411 s->mem_index, ot | MO_LE);
3412 } else {
3413 tcg_gen_not_tl(s->T0, s->T0);
3414 if (mod != 3) {
3415 gen_op_st_v(s, ot, s->T0, s->A0);
3416 } else {
3417 gen_op_mov_reg_v(s, ot, rm, s->T0);
3418 }
3419 }
3420 break;
3421 case 3: /* neg */
3422 if (s->prefix & PREFIX_LOCK) {
3423 TCGLabel *label1;
3424 TCGv a0, t0, t1, t2;
3425
3426 if (mod == 3) {
3427 goto illegal_op;
3428 }
3429 a0 = tcg_temp_local_new();
3430 t0 = tcg_temp_local_new();
3431 label1 = gen_new_label();
3432
3433 tcg_gen_mov_tl(a0, s->A0);
3434 tcg_gen_mov_tl(t0, s->T0);
3435
3436 gen_set_label(label1);
3437 t1 = tcg_temp_new();
3438 t2 = tcg_temp_new();
3439 tcg_gen_mov_tl(t2, t0);
3440 tcg_gen_neg_tl(t1, t0);
3441 tcg_gen_atomic_cmpxchg_tl(t0, a0, t0, t1,
3442 s->mem_index, ot | MO_LE);
3443 tcg_temp_free(t1);
3444 tcg_gen_brcond_tl(TCG_COND_NE, t0, t2, label1);
3445
3446 tcg_temp_free(t2);
3447 tcg_temp_free(a0);
3448 tcg_gen_neg_tl(s->T0, t0);
3449 tcg_temp_free(t0);
3450 } else {
3451 tcg_gen_neg_tl(s->T0, s->T0);
3452 if (mod != 3) {
3453 gen_op_st_v(s, ot, s->T0, s->A0);
3454 } else {
3455 gen_op_mov_reg_v(s, ot, rm, s->T0);
3456 }
3457 }
3458 gen_op_update_neg_cc(s);
3459 set_cc_op(s, CC_OP_SUBB + ot);
3460 break;
3461 case 4: /* mul */
3462 switch(ot) {
3463 case MO_8:
3464 gen_op_mov_v_reg(s, MO_8, s->T1, R_EAX);
3465 tcg_gen_ext8u_tl(s->T0, s->T0);
3466 tcg_gen_ext8u_tl(s->T1, s->T1);
3467 /* XXX: use 32 bit mul which could be faster */
3468 tcg_gen_mul_tl(s->T0, s->T0, s->T1);
3469 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0);
3470 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
3471 tcg_gen_andi_tl(cpu_cc_src, s->T0, 0xff00);
3472 set_cc_op(s, CC_OP_MULB);
3473 break;
3474 case MO_16:
3475 gen_op_mov_v_reg(s, MO_16, s->T1, R_EAX);
3476 tcg_gen_ext16u_tl(s->T0, s->T0);
3477 tcg_gen_ext16u_tl(s->T1, s->T1);
3478 /* XXX: use 32 bit mul which could be faster */
3479 tcg_gen_mul_tl(s->T0, s->T0, s->T1);
3480 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0);
3481 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
3482 tcg_gen_shri_tl(s->T0, s->T0, 16);
3483 gen_op_mov_reg_v(s, MO_16, R_EDX, s->T0);
3484 tcg_gen_mov_tl(cpu_cc_src, s->T0);
3485 set_cc_op(s, CC_OP_MULW);
3486 break;
3487 default:
3488 case MO_32:
3489 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
3490 tcg_gen_trunc_tl_i32(s->tmp3_i32, cpu_regs[R_EAX]);
3491 tcg_gen_mulu2_i32(s->tmp2_i32, s->tmp3_i32,
3492 s->tmp2_i32, s->tmp3_i32);
3493 tcg_gen_extu_i32_tl(cpu_regs[R_EAX], s->tmp2_i32);
3494 tcg_gen_extu_i32_tl(cpu_regs[R_EDX], s->tmp3_i32);
3495 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
3496 tcg_gen_mov_tl(cpu_cc_src, cpu_regs[R_EDX]);
3497 set_cc_op(s, CC_OP_MULL);
3498 break;
3499 #ifdef TARGET_X86_64
3500 case MO_64:
3501 tcg_gen_mulu2_i64(cpu_regs[R_EAX], cpu_regs[R_EDX],
3502 s->T0, cpu_regs[R_EAX]);
3503 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
3504 tcg_gen_mov_tl(cpu_cc_src, cpu_regs[R_EDX]);
3505 set_cc_op(s, CC_OP_MULQ);
3506 break;
3507 #endif
3508 }
3509 break;
3510 case 5: /* imul */
3511 switch(ot) {
3512 case MO_8:
3513 gen_op_mov_v_reg(s, MO_8, s->T1, R_EAX);
3514 tcg_gen_ext8s_tl(s->T0, s->T0);
3515 tcg_gen_ext8s_tl(s->T1, s->T1);
3516 /* XXX: use 32 bit mul which could be faster */
3517 tcg_gen_mul_tl(s->T0, s->T0, s->T1);
3518 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0);
3519 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
3520 tcg_gen_ext8s_tl(s->tmp0, s->T0);
3521 tcg_gen_sub_tl(cpu_cc_src, s->T0, s->tmp0);
3522 set_cc_op(s, CC_OP_MULB);
3523 break;
3524 case MO_16:
3525 gen_op_mov_v_reg(s, MO_16, s->T1, R_EAX);
3526 tcg_gen_ext16s_tl(s->T0, s->T0);
3527 tcg_gen_ext16s_tl(s->T1, s->T1);
3528 /* XXX: use 32 bit mul which could be faster */
3529 tcg_gen_mul_tl(s->T0, s->T0, s->T1);
3530 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0);
3531 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
3532 tcg_gen_ext16s_tl(s->tmp0, s->T0);
3533 tcg_gen_sub_tl(cpu_cc_src, s->T0, s->tmp0);
3534 tcg_gen_shri_tl(s->T0, s->T0, 16);
3535 gen_op_mov_reg_v(s, MO_16, R_EDX, s->T0);
3536 set_cc_op(s, CC_OP_MULW);
3537 break;
3538 default:
3539 case MO_32:
3540 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
3541 tcg_gen_trunc_tl_i32(s->tmp3_i32, cpu_regs[R_EAX]);
3542 tcg_gen_muls2_i32(s->tmp2_i32, s->tmp3_i32,
3543 s->tmp2_i32, s->tmp3_i32);
3544 tcg_gen_extu_i32_tl(cpu_regs[R_EAX], s->tmp2_i32);
3545 tcg_gen_extu_i32_tl(cpu_regs[R_EDX], s->tmp3_i32);
3546 tcg_gen_sari_i32(s->tmp2_i32, s->tmp2_i32, 31);
3547 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
3548 tcg_gen_sub_i32(s->tmp2_i32, s->tmp2_i32, s->tmp3_i32);
3549 tcg_gen_extu_i32_tl(cpu_cc_src, s->tmp2_i32);
3550 set_cc_op(s, CC_OP_MULL);
3551 break;
3552 #ifdef TARGET_X86_64
3553 case MO_64:
3554 tcg_gen_muls2_i64(cpu_regs[R_EAX], cpu_regs[R_EDX],
3555 s->T0, cpu_regs[R_EAX]);
3556 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]);
3557 tcg_gen_sari_tl(cpu_cc_src, cpu_regs[R_EAX], 63);
3558 tcg_gen_sub_tl(cpu_cc_src, cpu_cc_src, cpu_regs[R_EDX]);
3559 set_cc_op(s, CC_OP_MULQ);
3560 break;
3561 #endif
3562 }
3563 break;
3564 case 6: /* div */
3565 switch(ot) {
3566 case MO_8:
3567 gen_helper_divb_AL(cpu_env, s->T0);
3568 break;
3569 case MO_16:
3570 gen_helper_divw_AX(cpu_env, s->T0);
3571 break;
3572 default:
3573 case MO_32:
3574 gen_helper_divl_EAX(cpu_env, s->T0);
3575 break;
3576 #ifdef TARGET_X86_64
3577 case MO_64:
3578 gen_helper_divq_EAX(cpu_env, s->T0);
3579 break;
3580 #endif
3581 }
3582 break;
3583 case 7: /* idiv */
3584 switch(ot) {
3585 case MO_8:
3586 gen_helper_idivb_AL(cpu_env, s->T0);
3587 break;
3588 case MO_16:
3589 gen_helper_idivw_AX(cpu_env, s->T0);
3590 break;
3591 default:
3592 case MO_32:
3593 gen_helper_idivl_EAX(cpu_env, s->T0);
3594 break;
3595 #ifdef TARGET_X86_64
3596 case MO_64:
3597 gen_helper_idivq_EAX(cpu_env, s->T0);
3598 break;
3599 #endif
3600 }
3601 break;
3602 default:
3603 goto unknown_op;
3604 }
3605 break;
3606
3607 case 0xfe: /* GRP4 */
3608 case 0xff: /* GRP5 */
3609 ot = mo_b_d(b, dflag);
3610
3611 modrm = x86_ldub_code(env, s);
3612 mod = (modrm >> 6) & 3;
3613 rm = (modrm & 7) | REX_B(s);
3614 op = (modrm >> 3) & 7;
3615 if (op >= 2 && b == 0xfe) {
3616 goto unknown_op;
3617 }
3618 if (CODE64(s)) {
3619 if (op == 2 || op == 4) {
3620 /* operand size for jumps is 64 bit */
3621 ot = MO_64;
3622 } else if (op == 3 || op == 5) {
3623 ot = dflag != MO_16 ? MO_32 + REX_W(s) : MO_16;
3624 } else if (op == 6) {
3625 /* default push size is 64 bit */
3626 ot = mo_pushpop(s, dflag);
3627 }
3628 }
3629 if (mod != 3) {
3630 gen_lea_modrm(env, s, modrm);
3631 if (op >= 2 && op != 3 && op != 5)
3632 gen_op_ld_v(s, ot, s->T0, s->A0);
3633 } else {
3634 gen_op_mov_v_reg(s, ot, s->T0, rm);
3635 }
3636
3637 switch(op) {
3638 case 0: /* inc Ev */
3639 if (mod != 3)
3640 opreg = OR_TMP0;
3641 else
3642 opreg = rm;
3643 gen_inc(s, ot, opreg, 1);
3644 break;
3645 case 1: /* dec Ev */
3646 if (mod != 3)
3647 opreg = OR_TMP0;
3648 else
3649 opreg = rm;
3650 gen_inc(s, ot, opreg, -1);
3651 break;
3652 case 2: /* call Ev */
3653 /* XXX: optimize if memory (no 'and' is necessary) */
3654 if (dflag == MO_16) {
3655 tcg_gen_ext16u_tl(s->T0, s->T0);
3656 }
3657 gen_push_v(s, eip_next_tl(s));
3658 gen_op_jmp_v(s, s->T0);
3659 gen_bnd_jmp(s);
3660 s->base.is_jmp = DISAS_JUMP;
3661 break;
3662 case 3: /* lcall Ev */
3663 if (mod == 3) {
3664 goto illegal_op;
3665 }
3666 gen_op_ld_v(s, ot, s->T1, s->A0);
3667 gen_add_A0_im(s, 1 << ot);
3668 gen_op_ld_v(s, MO_16, s->T0, s->A0);
3669 do_lcall:
3670 if (PE(s) && !VM86(s)) {
3671 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
3672 gen_helper_lcall_protected(cpu_env, s->tmp2_i32, s->T1,
3673 tcg_constant_i32(dflag - 1),
3674 eip_next_tl(s));
3675 } else {
3676 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
3677 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1);
3678 gen_helper_lcall_real(cpu_env, s->tmp2_i32, s->tmp3_i32,
3679 tcg_constant_i32(dflag - 1),
3680 eip_next_i32(s));
3681 }
3682 s->base.is_jmp = DISAS_JUMP;
3683 break;
3684 case 4: /* jmp Ev */
3685 if (dflag == MO_16) {
3686 tcg_gen_ext16u_tl(s->T0, s->T0);
3687 }
3688 gen_op_jmp_v(s, s->T0);
3689 gen_bnd_jmp(s);
3690 s->base.is_jmp = DISAS_JUMP;
3691 break;
3692 case 5: /* ljmp Ev */
3693 if (mod == 3) {
3694 goto illegal_op;
3695 }
3696 gen_op_ld_v(s, ot, s->T1, s->A0);
3697 gen_add_A0_im(s, 1 << ot);
3698 gen_op_ld_v(s, MO_16, s->T0, s->A0);
3699 do_ljmp:
3700 if (PE(s) && !VM86(s)) {
3701 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
3702 gen_helper_ljmp_protected(cpu_env, s->tmp2_i32, s->T1,
3703 eip_next_tl(s));
3704 } else {
3705 gen_op_movl_seg_T0_vm(s, R_CS);
3706 gen_op_jmp_v(s, s->T1);
3707 }
3708 s->base.is_jmp = DISAS_JUMP;
3709 break;
3710 case 6: /* push Ev */
3711 gen_push_v(s, s->T0);
3712 break;
3713 default:
3714 goto unknown_op;
3715 }
3716 break;
3717
3718 case 0x84: /* test Ev, Gv */
3719 case 0x85:
3720 ot = mo_b_d(b, dflag);
3721
3722 modrm = x86_ldub_code(env, s);
3723 reg = ((modrm >> 3) & 7) | REX_R(s);
3724
3725 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3726 gen_op_mov_v_reg(s, ot, s->T1, reg);
3727 gen_op_testl_T0_T1_cc(s);
3728 set_cc_op(s, CC_OP_LOGICB + ot);
3729 break;
3730
3731 case 0xa8: /* test eAX, Iv */
3732 case 0xa9:
3733 ot = mo_b_d(b, dflag);
3734 val = insn_get(env, s, ot);
3735
3736 gen_op_mov_v_reg(s, ot, s->T0, OR_EAX);
3737 tcg_gen_movi_tl(s->T1, val);
3738 gen_op_testl_T0_T1_cc(s);
3739 set_cc_op(s, CC_OP_LOGICB + ot);
3740 break;
3741
3742 case 0x98: /* CWDE/CBW */
3743 switch (dflag) {
3744 #ifdef TARGET_X86_64
3745 case MO_64:
3746 gen_op_mov_v_reg(s, MO_32, s->T0, R_EAX);
3747 tcg_gen_ext32s_tl(s->T0, s->T0);
3748 gen_op_mov_reg_v(s, MO_64, R_EAX, s->T0);
3749 break;
3750 #endif
3751 case MO_32:
3752 gen_op_mov_v_reg(s, MO_16, s->T0, R_EAX);
3753 tcg_gen_ext16s_tl(s->T0, s->T0);
3754 gen_op_mov_reg_v(s, MO_32, R_EAX, s->T0);
3755 break;
3756 case MO_16:
3757 gen_op_mov_v_reg(s, MO_8, s->T0, R_EAX);
3758 tcg_gen_ext8s_tl(s->T0, s->T0);
3759 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0);
3760 break;
3761 default:
3762 tcg_abort();
3763 }
3764 break;
3765 case 0x99: /* CDQ/CWD */
3766 switch (dflag) {
3767 #ifdef TARGET_X86_64
3768 case MO_64:
3769 gen_op_mov_v_reg(s, MO_64, s->T0, R_EAX);
3770 tcg_gen_sari_tl(s->T0, s->T0, 63);
3771 gen_op_mov_reg_v(s, MO_64, R_EDX, s->T0);
3772 break;
3773 #endif
3774 case MO_32:
3775 gen_op_mov_v_reg(s, MO_32, s->T0, R_EAX);
3776 tcg_gen_ext32s_tl(s->T0, s->T0);
3777 tcg_gen_sari_tl(s->T0, s->T0, 31);
3778 gen_op_mov_reg_v(s, MO_32, R_EDX, s->T0);
3779 break;
3780 case MO_16:
3781 gen_op_mov_v_reg(s, MO_16, s->T0, R_EAX);
3782 tcg_gen_ext16s_tl(s->T0, s->T0);
3783 tcg_gen_sari_tl(s->T0, s->T0, 15);
3784 gen_op_mov_reg_v(s, MO_16, R_EDX, s->T0);
3785 break;
3786 default:
3787 tcg_abort();
3788 }
3789 break;
3790 case 0x1af: /* imul Gv, Ev */
3791 case 0x69: /* imul Gv, Ev, I */
3792 case 0x6b:
3793 ot = dflag;
3794 modrm = x86_ldub_code(env, s);
3795 reg = ((modrm >> 3) & 7) | REX_R(s);
3796 if (b == 0x69)
3797 s->rip_offset = insn_const_size(ot);
3798 else if (b == 0x6b)
3799 s->rip_offset = 1;
3800 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
3801 if (b == 0x69) {
3802 val = insn_get(env, s, ot);
3803 tcg_gen_movi_tl(s->T1, val);
3804 } else if (b == 0x6b) {
3805 val = (int8_t)insn_get(env, s, MO_8);
3806 tcg_gen_movi_tl(s->T1, val);
3807 } else {
3808 gen_op_mov_v_reg(s, ot, s->T1, reg);
3809 }
3810 switch (ot) {
3811 #ifdef TARGET_X86_64
3812 case MO_64:
3813 tcg_gen_muls2_i64(cpu_regs[reg], s->T1, s->T0, s->T1);
3814 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[reg]);
3815 tcg_gen_sari_tl(cpu_cc_src, cpu_cc_dst, 63);
3816 tcg_gen_sub_tl(cpu_cc_src, cpu_cc_src, s->T1);
3817 break;
3818 #endif
3819 case MO_32:
3820 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
3821 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1);
3822 tcg_gen_muls2_i32(s->tmp2_i32, s->tmp3_i32,
3823 s->tmp2_i32, s->tmp3_i32);
3824 tcg_gen_extu_i32_tl(cpu_regs[reg], s->tmp2_i32);
3825 tcg_gen_sari_i32(s->tmp2_i32, s->tmp2_i32, 31);
3826 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[reg]);
3827 tcg_gen_sub_i32(s->tmp2_i32, s->tmp2_i32, s->tmp3_i32);
3828 tcg_gen_extu_i32_tl(cpu_cc_src, s->tmp2_i32);
3829 break;
3830 default:
3831 tcg_gen_ext16s_tl(s->T0, s->T0);
3832 tcg_gen_ext16s_tl(s->T1, s->T1);
3833 /* XXX: use 32 bit mul which could be faster */
3834 tcg_gen_mul_tl(s->T0, s->T0, s->T1);
3835 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
3836 tcg_gen_ext16s_tl(s->tmp0, s->T0);
3837 tcg_gen_sub_tl(cpu_cc_src, s->T0, s->tmp0);
3838 gen_op_mov_reg_v(s, ot, reg, s->T0);
3839 break;
3840 }
3841 set_cc_op(s, CC_OP_MULB + ot);
3842 break;
3843 case 0x1c0:
3844 case 0x1c1: /* xadd Ev, Gv */
3845 ot = mo_b_d(b, dflag);
3846 modrm = x86_ldub_code(env, s);
3847 reg = ((modrm >> 3) & 7) | REX_R(s);
3848 mod = (modrm >> 6) & 3;
3849 gen_op_mov_v_reg(s, ot, s->T0, reg);
3850 if (mod == 3) {
3851 rm = (modrm & 7) | REX_B(s);
3852 gen_op_mov_v_reg(s, ot, s->T1, rm);
3853 tcg_gen_add_tl(s->T0, s->T0, s->T1);
3854 gen_op_mov_reg_v(s, ot, reg, s->T1);
3855 gen_op_mov_reg_v(s, ot, rm, s->T0);
3856 } else {
3857 gen_lea_modrm(env, s, modrm);
3858 if (s->prefix & PREFIX_LOCK) {
3859 tcg_gen_atomic_fetch_add_tl(s->T1, s->A0, s->T0,
3860 s->mem_index, ot | MO_LE);
3861 tcg_gen_add_tl(s->T0, s->T0, s->T1);
3862 } else {
3863 gen_op_ld_v(s, ot, s->T1, s->A0);
3864 tcg_gen_add_tl(s->T0, s->T0, s->T1);
3865 gen_op_st_v(s, ot, s->T0, s->A0);
3866 }
3867 gen_op_mov_reg_v(s, ot, reg, s->T1);
3868 }
3869 gen_op_update2_cc(s);
3870 set_cc_op(s, CC_OP_ADDB + ot);
3871 break;
3872 case 0x1b0:
3873 case 0x1b1: /* cmpxchg Ev, Gv */
3874 {
3875 TCGv oldv, newv, cmpv, dest;
3876
3877 ot = mo_b_d(b, dflag);
3878 modrm = x86_ldub_code(env, s);
3879 reg = ((modrm >> 3) & 7) | REX_R(s);
3880 mod = (modrm >> 6) & 3;
3881 oldv = tcg_temp_new();
3882 newv = tcg_temp_new();
3883 cmpv = tcg_temp_new();
3884 gen_op_mov_v_reg(s, ot, newv, reg);
3885 tcg_gen_mov_tl(cmpv, cpu_regs[R_EAX]);
3886 gen_extu(ot, cmpv);
3887 if (s->prefix & PREFIX_LOCK) {
3888 if (mod == 3) {
3889 goto illegal_op;
3890 }
3891 gen_lea_modrm(env, s, modrm);
3892 tcg_gen_atomic_cmpxchg_tl(oldv, s->A0, cmpv, newv,
3893 s->mem_index, ot | MO_LE);
3894 } else {
3895 if (mod == 3) {
3896 rm = (modrm & 7) | REX_B(s);
3897 gen_op_mov_v_reg(s, ot, oldv, rm);
3898 gen_extu(ot, oldv);
3899
3900 /*
3901 * Unlike the memory case, where "the destination operand receives
3902 * a write cycle without regard to the result of the comparison",
3903 * rm must not be touched altogether if the write fails, including
3904 * not zero-extending it on 64-bit processors. So, precompute
3905 * the result of a successful writeback and perform the movcond
3906 * directly on cpu_regs. Also need to write accumulator first, in
3907 * case rm is part of RAX too.
3908 */
3909 dest = gen_op_deposit_reg_v(s, ot, rm, newv, newv);
3910 tcg_gen_movcond_tl(TCG_COND_EQ, dest, oldv, cmpv, newv, dest);
3911 } else {
3912 gen_lea_modrm(env, s, modrm);
3913 gen_op_ld_v(s, ot, oldv, s->A0);
3914
3915 /*
3916 * Perform an unconditional store cycle like physical cpu;
3917 * must be before changing accumulator to ensure
3918 * idempotency if the store faults and the instruction
3919 * is restarted
3920 */
3921 tcg_gen_movcond_tl(TCG_COND_EQ, newv, oldv, cmpv, newv, oldv);
3922 gen_op_st_v(s, ot, newv, s->A0);
3923 }
3924 }
3925 /*
3926 * Write EAX only if the cmpxchg fails; reuse newv as the destination,
3927 * since it's dead here.
3928 */
3929 dest = gen_op_deposit_reg_v(s, ot, R_EAX, newv, oldv);
3930 tcg_gen_movcond_tl(TCG_COND_EQ, dest, oldv, cmpv, dest, newv);
3931 tcg_gen_mov_tl(cpu_cc_src, oldv);
3932 tcg_gen_mov_tl(s->cc_srcT, cmpv);
3933 tcg_gen_sub_tl(cpu_cc_dst, cmpv, oldv);
3934 set_cc_op(s, CC_OP_SUBB + ot);
3935 tcg_temp_free(oldv);
3936 tcg_temp_free(newv);
3937 tcg_temp_free(cmpv);
3938 }
3939 break;
3940 case 0x1c7: /* cmpxchg8b */
3941 modrm = x86_ldub_code(env, s);
3942 mod = (modrm >> 6) & 3;
3943 switch ((modrm >> 3) & 7) {
3944 case 1: /* CMPXCHG8, CMPXCHG16 */
3945 if (mod == 3) {
3946 goto illegal_op;
3947 }
3948 #ifdef TARGET_X86_64
3949 if (dflag == MO_64) {
3950 if (!(s->cpuid_ext_features & CPUID_EXT_CX16)) {
3951 goto illegal_op;
3952 }
3953 gen_cmpxchg16b(s, env, modrm);
3954 break;
3955 }
3956 #endif
3957 if (!(s->cpuid_features & CPUID_CX8)) {
3958 goto illegal_op;
3959 }
3960 gen_cmpxchg8b(s, env, modrm);
3961 break;
3962
3963 case 7: /* RDSEED */
3964 case 6: /* RDRAND */
3965 if (mod != 3 ||
3966 (s->prefix & (PREFIX_LOCK | PREFIX_REPZ | PREFIX_REPNZ)) ||
3967 !(s->cpuid_ext_features & CPUID_EXT_RDRAND)) {
3968 goto illegal_op;
3969 }
3970 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
3971 gen_io_start();
3972 s->base.is_jmp = DISAS_TOO_MANY;
3973 }
3974 gen_helper_rdrand(s->T0, cpu_env);
3975 rm = (modrm & 7) | REX_B(s);
3976 gen_op_mov_reg_v(s, dflag, rm, s->T0);
3977 set_cc_op(s, CC_OP_EFLAGS);
3978 break;
3979
3980 default:
3981 goto illegal_op;
3982 }
3983 break;
3984
3985 /**************************/
3986 /* push/pop */
3987 case 0x50 ... 0x57: /* push */
3988 gen_op_mov_v_reg(s, MO_32, s->T0, (b & 7) | REX_B(s));
3989 gen_push_v(s, s->T0);
3990 break;
3991 case 0x58 ... 0x5f: /* pop */
3992 ot = gen_pop_T0(s);
3993 /* NOTE: order is important for pop %sp */
3994 gen_pop_update(s, ot);
3995 gen_op_mov_reg_v(s, ot, (b & 7) | REX_B(s), s->T0);
3996 break;
3997 case 0x60: /* pusha */
3998 if (CODE64(s))
3999 goto illegal_op;
4000 gen_pusha(s);
4001 break;
4002 case 0x61: /* popa */
4003 if (CODE64(s))
4004 goto illegal_op;
4005 gen_popa(s);
4006 break;
4007 case 0x68: /* push Iv */
4008 case 0x6a:
4009 ot = mo_pushpop(s, dflag);
4010 if (b == 0x68)
4011 val = insn_get(env, s, ot);
4012 else
4013 val = (int8_t)insn_get(env, s, MO_8);
4014 tcg_gen_movi_tl(s->T0, val);
4015 gen_push_v(s, s->T0);
4016 break;
4017 case 0x8f: /* pop Ev */
4018 modrm = x86_ldub_code(env, s);
4019 mod = (modrm >> 6) & 3;
4020 ot = gen_pop_T0(s);
4021 if (mod == 3) {
4022 /* NOTE: order is important for pop %sp */
4023 gen_pop_update(s, ot);
4024 rm = (modrm & 7) | REX_B(s);
4025 gen_op_mov_reg_v(s, ot, rm, s->T0);
4026 } else {
4027 /* NOTE: order is important too for MMU exceptions */
4028 s->popl_esp_hack = 1 << ot;
4029 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
4030 s->popl_esp_hack = 0;
4031 gen_pop_update(s, ot);
4032 }
4033 break;
4034 case 0xc8: /* enter */
4035 {
4036 int level;
4037 val = x86_lduw_code(env, s);
4038 level = x86_ldub_code(env, s);
4039 gen_enter(s, val, level);
4040 }
4041 break;
4042 case 0xc9: /* leave */
4043 gen_leave(s);
4044 break;
4045 case 0x06: /* push es */
4046 case 0x0e: /* push cs */
4047 case 0x16: /* push ss */
4048 case 0x1e: /* push ds */
4049 if (CODE64(s))
4050 goto illegal_op;
4051 gen_op_movl_T0_seg(s, b >> 3);
4052 gen_push_v(s, s->T0);
4053 break;
4054 case 0x1a0: /* push fs */
4055 case 0x1a8: /* push gs */
4056 gen_op_movl_T0_seg(s, (b >> 3) & 7);
4057 gen_push_v(s, s->T0);
4058 break;
4059 case 0x07: /* pop es */
4060 case 0x17: /* pop ss */
4061 case 0x1f: /* pop ds */
4062 if (CODE64(s))
4063 goto illegal_op;
4064 reg = b >> 3;
4065 ot = gen_pop_T0(s);
4066 gen_movl_seg_T0(s, reg);
4067 gen_pop_update(s, ot);
4068 break;
4069 case 0x1a1: /* pop fs */
4070 case 0x1a9: /* pop gs */
4071 ot = gen_pop_T0(s);
4072 gen_movl_seg_T0(s, (b >> 3) & 7);
4073 gen_pop_update(s, ot);
4074 break;
4075
4076 /**************************/
4077 /* mov */
4078 case 0x88:
4079 case 0x89: /* mov Gv, Ev */
4080 ot = mo_b_d(b, dflag);
4081 modrm = x86_ldub_code(env, s);
4082 reg = ((modrm >> 3) & 7) | REX_R(s);
4083
4084 /* generate a generic store */
4085 gen_ldst_modrm(env, s, modrm, ot, reg, 1);
4086 break;
4087 case 0xc6:
4088 case 0xc7: /* mov Ev, Iv */
4089 ot = mo_b_d(b, dflag);
4090 modrm = x86_ldub_code(env, s);
4091 mod = (modrm >> 6) & 3;
4092 if (mod != 3) {
4093 s->rip_offset = insn_const_size(ot);
4094 gen_lea_modrm(env, s, modrm);
4095 }
4096 val = insn_get(env, s, ot);
4097 tcg_gen_movi_tl(s->T0, val);
4098 if (mod != 3) {
4099 gen_op_st_v(s, ot, s->T0, s->A0);
4100 } else {
4101 gen_op_mov_reg_v(s, ot, (modrm & 7) | REX_B(s), s->T0);
4102 }
4103 break;
4104 case 0x8a:
4105 case 0x8b: /* mov Ev, Gv */
4106 ot = mo_b_d(b, dflag);
4107 modrm = x86_ldub_code(env, s);
4108 reg = ((modrm >> 3) & 7) | REX_R(s);
4109
4110 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
4111 gen_op_mov_reg_v(s, ot, reg, s->T0);
4112 break;
4113 case 0x8e: /* mov seg, Gv */
4114 modrm = x86_ldub_code(env, s);
4115 reg = (modrm >> 3) & 7;
4116 if (reg >= 6 || reg == R_CS)
4117 goto illegal_op;
4118 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
4119 gen_movl_seg_T0(s, reg);
4120 break;
4121 case 0x8c: /* mov Gv, seg */
4122 modrm = x86_ldub_code(env, s);
4123 reg = (modrm >> 3) & 7;
4124 mod = (modrm >> 6) & 3;
4125 if (reg >= 6)
4126 goto illegal_op;
4127 gen_op_movl_T0_seg(s, reg);
4128 ot = mod == 3 ? dflag : MO_16;
4129 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
4130 break;
4131
4132 case 0x1b6: /* movzbS Gv, Eb */
4133 case 0x1b7: /* movzwS Gv, Eb */
4134 case 0x1be: /* movsbS Gv, Eb */
4135 case 0x1bf: /* movswS Gv, Eb */
4136 {
4137 MemOp d_ot;
4138 MemOp s_ot;
4139
4140 /* d_ot is the size of destination */
4141 d_ot = dflag;
4142 /* ot is the size of source */
4143 ot = (b & 1) + MO_8;
4144 /* s_ot is the sign+size of source */
4145 s_ot = b & 8 ? MO_SIGN | ot : ot;
4146
4147 modrm = x86_ldub_code(env, s);
4148 reg = ((modrm >> 3) & 7) | REX_R(s);
4149 mod = (modrm >> 6) & 3;
4150 rm = (modrm & 7) | REX_B(s);
4151
4152 if (mod == 3) {
4153 if (s_ot == MO_SB && byte_reg_is_xH(s, rm)) {
4154 tcg_gen_sextract_tl(s->T0, cpu_regs[rm - 4], 8, 8);
4155 } else {
4156 gen_op_mov_v_reg(s, ot, s->T0, rm);
4157 switch (s_ot) {
4158 case MO_UB:
4159 tcg_gen_ext8u_tl(s->T0, s->T0);
4160 break;
4161 case MO_SB:
4162 tcg_gen_ext8s_tl(s->T0, s->T0);
4163 break;
4164 case MO_UW:
4165 tcg_gen_ext16u_tl(s->T0, s->T0);
4166 break;
4167 default:
4168 case MO_SW:
4169 tcg_gen_ext16s_tl(s->T0, s->T0);
4170 break;
4171 }
4172 }
4173 gen_op_mov_reg_v(s, d_ot, reg, s->T0);
4174 } else {
4175 gen_lea_modrm(env, s, modrm);
4176 gen_op_ld_v(s, s_ot, s->T0, s->A0);
4177 gen_op_mov_reg_v(s, d_ot, reg, s->T0);
4178 }
4179 }
4180 break;
4181
4182 case 0x8d: /* lea */
4183 modrm = x86_ldub_code(env, s);
4184 mod = (modrm >> 6) & 3;
4185 if (mod == 3)
4186 goto illegal_op;
4187 reg = ((modrm >> 3) & 7) | REX_R(s);
4188 {
4189 AddressParts a = gen_lea_modrm_0(env, s, modrm);
4190 TCGv ea = gen_lea_modrm_1(s, a, false);
4191 gen_lea_v_seg(s, s->aflag, ea, -1, -1);
4192 gen_op_mov_reg_v(s, dflag, reg, s->A0);
4193 }
4194 break;
4195
4196 case 0xa0: /* mov EAX, Ov */
4197 case 0xa1:
4198 case 0xa2: /* mov Ov, EAX */
4199 case 0xa3:
4200 {
4201 target_ulong offset_addr;
4202
4203 ot = mo_b_d(b, dflag);
4204 offset_addr = insn_get_addr(env, s, s->aflag);
4205 tcg_gen_movi_tl(s->A0, offset_addr);
4206 gen_add_A0_ds_seg(s);
4207 if ((b & 2) == 0) {
4208 gen_op_ld_v(s, ot, s->T0, s->A0);
4209 gen_op_mov_reg_v(s, ot, R_EAX, s->T0);
4210 } else {
4211 gen_op_mov_v_reg(s, ot, s->T0, R_EAX);
4212 gen_op_st_v(s, ot, s->T0, s->A0);
4213 }
4214 }
4215 break;
4216 case 0xd7: /* xlat */
4217 tcg_gen_mov_tl(s->A0, cpu_regs[R_EBX]);
4218 tcg_gen_ext8u_tl(s->T0, cpu_regs[R_EAX]);
4219 tcg_gen_add_tl(s->A0, s->A0, s->T0);
4220 gen_extu(s->aflag, s->A0);
4221 gen_add_A0_ds_seg(s);
4222 gen_op_ld_v(s, MO_8, s->T0, s->A0);
4223 gen_op_mov_reg_v(s, MO_8, R_EAX, s->T0);
4224 break;
4225 case 0xb0 ... 0xb7: /* mov R, Ib */
4226 val = insn_get(env, s, MO_8);
4227 tcg_gen_movi_tl(s->T0, val);
4228 gen_op_mov_reg_v(s, MO_8, (b & 7) | REX_B(s), s->T0);
4229 break;
4230 case 0xb8 ... 0xbf: /* mov R, Iv */
4231 #ifdef TARGET_X86_64
4232 if (dflag == MO_64) {
4233 uint64_t tmp;
4234 /* 64 bit case */
4235 tmp = x86_ldq_code(env, s);
4236 reg = (b & 7) | REX_B(s);
4237 tcg_gen_movi_tl(s->T0, tmp);
4238 gen_op_mov_reg_v(s, MO_64, reg, s->T0);
4239 } else
4240 #endif
4241 {
4242 ot = dflag;
4243 val = insn_get(env, s, ot);
4244 reg = (b & 7) | REX_B(s);
4245 tcg_gen_movi_tl(s->T0, val);
4246 gen_op_mov_reg_v(s, ot, reg, s->T0);
4247 }
4248 break;
4249
4250 case 0x91 ... 0x97: /* xchg R, EAX */
4251 do_xchg_reg_eax:
4252 ot = dflag;
4253 reg = (b & 7) | REX_B(s);
4254 rm = R_EAX;
4255 goto do_xchg_reg;
4256 case 0x86:
4257 case 0x87: /* xchg Ev, Gv */
4258 ot = mo_b_d(b, dflag);
4259 modrm = x86_ldub_code(env, s);
4260 reg = ((modrm >> 3) & 7) | REX_R(s);
4261 mod = (modrm >> 6) & 3;
4262 if (mod == 3) {
4263 rm = (modrm & 7) | REX_B(s);
4264 do_xchg_reg:
4265 gen_op_mov_v_reg(s, ot, s->T0, reg);
4266 gen_op_mov_v_reg(s, ot, s->T1, rm);
4267 gen_op_mov_reg_v(s, ot, rm, s->T0);
4268 gen_op_mov_reg_v(s, ot, reg, s->T1);
4269 } else {
4270 gen_lea_modrm(env, s, modrm);
4271 gen_op_mov_v_reg(s, ot, s->T0, reg);
4272 /* for xchg, lock is implicit */
4273 tcg_gen_atomic_xchg_tl(s->T1, s->A0, s->T0,
4274 s->mem_index, ot | MO_LE);
4275 gen_op_mov_reg_v(s, ot, reg, s->T1);
4276 }
4277 break;
4278 case 0xc4: /* les Gv */
4279 /* In CODE64 this is VEX3; see above. */
4280 op = R_ES;
4281 goto do_lxx;
4282 case 0xc5: /* lds Gv */
4283 /* In CODE64 this is VEX2; see above. */
4284 op = R_DS;
4285 goto do_lxx;
4286 case 0x1b2: /* lss Gv */
4287 op = R_SS;
4288 goto do_lxx;
4289 case 0x1b4: /* lfs Gv */
4290 op = R_FS;
4291 goto do_lxx;
4292 case 0x1b5: /* lgs Gv */
4293 op = R_GS;
4294 do_lxx:
4295 ot = dflag != MO_16 ? MO_32 : MO_16;
4296 modrm = x86_ldub_code(env, s);
4297 reg = ((modrm >> 3) & 7) | REX_R(s);
4298 mod = (modrm >> 6) & 3;
4299 if (mod == 3)
4300 goto illegal_op;
4301 gen_lea_modrm(env, s, modrm);
4302 gen_op_ld_v(s, ot, s->T1, s->A0);
4303 gen_add_A0_im(s, 1 << ot);
4304 /* load the segment first to handle exceptions properly */
4305 gen_op_ld_v(s, MO_16, s->T0, s->A0);
4306 gen_movl_seg_T0(s, op);
4307 /* then put the data */
4308 gen_op_mov_reg_v(s, ot, reg, s->T1);
4309 break;
4310
4311 /************************/
4312 /* shifts */
4313 case 0xc0:
4314 case 0xc1:
4315 /* shift Ev,Ib */
4316 shift = 2;
4317 grp2:
4318 {
4319 ot = mo_b_d(b, dflag);
4320 modrm = x86_ldub_code(env, s);
4321 mod = (modrm >> 6) & 3;
4322 op = (modrm >> 3) & 7;
4323
4324 if (mod != 3) {
4325 if (shift == 2) {
4326 s->rip_offset = 1;
4327 }
4328 gen_lea_modrm(env, s, modrm);
4329 opreg = OR_TMP0;
4330 } else {
4331 opreg = (modrm & 7) | REX_B(s);
4332 }
4333
4334 /* simpler op */
4335 if (shift == 0) {
4336 gen_shift(s, op, ot, opreg, OR_ECX);
4337 } else {
4338 if (shift == 2) {
4339 shift = x86_ldub_code(env, s);
4340 }
4341 gen_shifti(s, op, ot, opreg, shift);
4342 }
4343 }
4344 break;
4345 case 0xd0:
4346 case 0xd1:
4347 /* shift Ev,1 */
4348 shift = 1;
4349 goto grp2;
4350 case 0xd2:
4351 case 0xd3:
4352 /* shift Ev,cl */
4353 shift = 0;
4354 goto grp2;
4355
4356 case 0x1a4: /* shld imm */
4357 op = 0;
4358 shift = 1;
4359 goto do_shiftd;
4360 case 0x1a5: /* shld cl */
4361 op = 0;
4362 shift = 0;
4363 goto do_shiftd;
4364 case 0x1ac: /* shrd imm */
4365 op = 1;
4366 shift = 1;
4367 goto do_shiftd;
4368 case 0x1ad: /* shrd cl */
4369 op = 1;
4370 shift = 0;
4371 do_shiftd:
4372 ot = dflag;
4373 modrm = x86_ldub_code(env, s);
4374 mod = (modrm >> 6) & 3;
4375 rm = (modrm & 7) | REX_B(s);
4376 reg = ((modrm >> 3) & 7) | REX_R(s);
4377 if (mod != 3) {
4378 gen_lea_modrm(env, s, modrm);
4379 opreg = OR_TMP0;
4380 } else {
4381 opreg = rm;
4382 }
4383 gen_op_mov_v_reg(s, ot, s->T1, reg);
4384
4385 if (shift) {
4386 TCGv imm = tcg_const_tl(x86_ldub_code(env, s));
4387 gen_shiftd_rm_T1(s, ot, opreg, op, imm);
4388 tcg_temp_free(imm);
4389 } else {
4390 gen_shiftd_rm_T1(s, ot, opreg, op, cpu_regs[R_ECX]);
4391 }
4392 break;
4393
4394 /************************/
4395 /* floats */
4396 case 0xd8 ... 0xdf:
4397 {
4398 bool update_fip = true;
4399
4400 if (s->flags & (HF_EM_MASK | HF_TS_MASK)) {
4401 /* if CR0.EM or CR0.TS are set, generate an FPU exception */
4402 /* XXX: what to do if illegal op ? */
4403 gen_exception(s, EXCP07_PREX);
4404 break;
4405 }
4406 modrm = x86_ldub_code(env, s);
4407 mod = (modrm >> 6) & 3;
4408 rm = modrm & 7;
4409 op = ((b & 7) << 3) | ((modrm >> 3) & 7);
4410 if (mod != 3) {
4411 /* memory op */
4412 AddressParts a = gen_lea_modrm_0(env, s, modrm);
4413 TCGv ea = gen_lea_modrm_1(s, a, false);
4414 TCGv last_addr = tcg_temp_new();
4415 bool update_fdp = true;
4416
4417 tcg_gen_mov_tl(last_addr, ea);
4418 gen_lea_v_seg(s, s->aflag, ea, a.def_seg, s->override);
4419
4420 switch (op) {
4421 case 0x00 ... 0x07: /* fxxxs */
4422 case 0x10 ... 0x17: /* fixxxl */
4423 case 0x20 ... 0x27: /* fxxxl */
4424 case 0x30 ... 0x37: /* fixxx */
4425 {
4426 int op1;
4427 op1 = op & 7;
4428
4429 switch (op >> 4) {
4430 case 0:
4431 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
4432 s->mem_index, MO_LEUL);
4433 gen_helper_flds_FT0(cpu_env, s->tmp2_i32);
4434 break;
4435 case 1:
4436 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
4437 s->mem_index, MO_LEUL);
4438 gen_helper_fildl_FT0(cpu_env, s->tmp2_i32);
4439 break;
4440 case 2:
4441 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0,
4442 s->mem_index, MO_LEUQ);
4443 gen_helper_fldl_FT0(cpu_env, s->tmp1_i64);
4444 break;
4445 case 3:
4446 default:
4447 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
4448 s->mem_index, MO_LESW);
4449 gen_helper_fildl_FT0(cpu_env, s->tmp2_i32);
4450 break;
4451 }
4452
4453 gen_helper_fp_arith_ST0_FT0(op1);
4454 if (op1 == 3) {
4455 /* fcomp needs pop */
4456 gen_helper_fpop(cpu_env);
4457 }
4458 }
4459 break;
4460 case 0x08: /* flds */
4461 case 0x0a: /* fsts */
4462 case 0x0b: /* fstps */
4463 case 0x18 ... 0x1b: /* fildl, fisttpl, fistl, fistpl */
4464 case 0x28 ... 0x2b: /* fldl, fisttpll, fstl, fstpl */
4465 case 0x38 ... 0x3b: /* filds, fisttps, fists, fistps */
4466 switch (op & 7) {
4467 case 0:
4468 switch (op >> 4) {
4469 case 0:
4470 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
4471 s->mem_index, MO_LEUL);
4472 gen_helper_flds_ST0(cpu_env, s->tmp2_i32);
4473 break;
4474 case 1:
4475 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
4476 s->mem_index, MO_LEUL);
4477 gen_helper_fildl_ST0(cpu_env, s->tmp2_i32);
4478 break;
4479 case 2:
4480 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0,
4481 s->mem_index, MO_LEUQ);
4482 gen_helper_fldl_ST0(cpu_env, s->tmp1_i64);
4483 break;
4484 case 3:
4485 default:
4486 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
4487 s->mem_index, MO_LESW);
4488 gen_helper_fildl_ST0(cpu_env, s->tmp2_i32);
4489 break;
4490 }
4491 break;
4492 case 1:
4493 /* XXX: the corresponding CPUID bit must be tested ! */
4494 switch (op >> 4) {
4495 case 1:
4496 gen_helper_fisttl_ST0(s->tmp2_i32, cpu_env);
4497 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
4498 s->mem_index, MO_LEUL);
4499 break;
4500 case 2:
4501 gen_helper_fisttll_ST0(s->tmp1_i64, cpu_env);
4502 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0,
4503 s->mem_index, MO_LEUQ);
4504 break;
4505 case 3:
4506 default:
4507 gen_helper_fistt_ST0(s->tmp2_i32, cpu_env);
4508 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
4509 s->mem_index, MO_LEUW);
4510 break;
4511 }
4512 gen_helper_fpop(cpu_env);
4513 break;
4514 default:
4515 switch (op >> 4) {
4516 case 0:
4517 gen_helper_fsts_ST0(s->tmp2_i32, cpu_env);
4518 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
4519 s->mem_index, MO_LEUL);
4520 break;
4521 case 1:
4522 gen_helper_fistl_ST0(s->tmp2_i32, cpu_env);
4523 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
4524 s->mem_index, MO_LEUL);
4525 break;
4526 case 2:
4527 gen_helper_fstl_ST0(s->tmp1_i64, cpu_env);
4528 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0,
4529 s->mem_index, MO_LEUQ);
4530 break;
4531 case 3:
4532 default:
4533 gen_helper_fist_ST0(s->tmp2_i32, cpu_env);
4534 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
4535 s->mem_index, MO_LEUW);
4536 break;
4537 }
4538 if ((op & 7) == 3) {
4539 gen_helper_fpop(cpu_env);
4540 }
4541 break;
4542 }
4543 break;
4544 case 0x0c: /* fldenv mem */
4545 gen_helper_fldenv(cpu_env, s->A0,
4546 tcg_const_i32(dflag - 1));
4547 update_fip = update_fdp = false;
4548 break;
4549 case 0x0d: /* fldcw mem */
4550 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0,
4551 s->mem_index, MO_LEUW);
4552 gen_helper_fldcw(cpu_env, s->tmp2_i32);
4553 update_fip = update_fdp = false;
4554 break;
4555 case 0x0e: /* fnstenv mem */
4556 gen_helper_fstenv(cpu_env, s->A0,
4557 tcg_const_i32(dflag - 1));
4558 update_fip = update_fdp = false;
4559 break;
4560 case 0x0f: /* fnstcw mem */
4561 gen_helper_fnstcw(s->tmp2_i32, cpu_env);
4562 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
4563 s->mem_index, MO_LEUW);
4564 update_fip = update_fdp = false;
4565 break;
4566 case 0x1d: /* fldt mem */
4567 gen_helper_fldt_ST0(cpu_env, s->A0);
4568 break;
4569 case 0x1f: /* fstpt mem */
4570 gen_helper_fstt_ST0(cpu_env, s->A0);
4571 gen_helper_fpop(cpu_env);
4572 break;
4573 case 0x2c: /* frstor mem */
4574 gen_helper_frstor(cpu_env, s->A0,
4575 tcg_const_i32(dflag - 1));
4576 update_fip = update_fdp = false;
4577 break;
4578 case 0x2e: /* fnsave mem */
4579 gen_helper_fsave(cpu_env, s->A0,
4580 tcg_const_i32(dflag - 1));
4581 update_fip = update_fdp = false;
4582 break;
4583 case 0x2f: /* fnstsw mem */
4584 gen_helper_fnstsw(s->tmp2_i32, cpu_env);
4585 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0,
4586 s->mem_index, MO_LEUW);
4587 update_fip = update_fdp = false;
4588 break;
4589 case 0x3c: /* fbld */
4590 gen_helper_fbld_ST0(cpu_env, s->A0);
4591 break;
4592 case 0x3e: /* fbstp */
4593 gen_helper_fbst_ST0(cpu_env, s->A0);
4594 gen_helper_fpop(cpu_env);
4595 break;
4596 case 0x3d: /* fildll */
4597 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0,
4598 s->mem_index, MO_LEUQ);
4599 gen_helper_fildll_ST0(cpu_env, s->tmp1_i64);
4600 break;
4601 case 0x3f: /* fistpll */
4602 gen_helper_fistll_ST0(s->tmp1_i64, cpu_env);
4603 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0,
4604 s->mem_index, MO_LEUQ);
4605 gen_helper_fpop(cpu_env);
4606 break;
4607 default:
4608 goto unknown_op;
4609 }
4610
4611 if (update_fdp) {
4612 int last_seg = s->override >= 0 ? s->override : a.def_seg;
4613
4614 tcg_gen_ld_i32(s->tmp2_i32, cpu_env,
4615 offsetof(CPUX86State,
4616 segs[last_seg].selector));
4617 tcg_gen_st16_i32(s->tmp2_i32, cpu_env,
4618 offsetof(CPUX86State, fpds));
4619 tcg_gen_st_tl(last_addr, cpu_env,
4620 offsetof(CPUX86State, fpdp));
4621 }
4622 tcg_temp_free(last_addr);
4623 } else {
4624 /* register float ops */
4625 opreg = rm;
4626
4627 switch (op) {
4628 case 0x08: /* fld sti */
4629 gen_helper_fpush(cpu_env);
4630 gen_helper_fmov_ST0_STN(cpu_env,
4631 tcg_const_i32((opreg + 1) & 7));
4632 break;
4633 case 0x09: /* fxchg sti */
4634 case 0x29: /* fxchg4 sti, undocumented op */
4635 case 0x39: /* fxchg7 sti, undocumented op */
4636 gen_helper_fxchg_ST0_STN(cpu_env, tcg_const_i32(opreg));
4637 break;
4638 case 0x0a: /* grp d9/2 */
4639 switch (rm) {
4640 case 0: /* fnop */
4641 /* check exceptions (FreeBSD FPU probe) */
4642 gen_helper_fwait(cpu_env);
4643 update_fip = false;
4644 break;
4645 default:
4646 goto unknown_op;
4647 }
4648 break;
4649 case 0x0c: /* grp d9/4 */
4650 switch (rm) {
4651 case 0: /* fchs */
4652 gen_helper_fchs_ST0(cpu_env);
4653 break;
4654 case 1: /* fabs */
4655 gen_helper_fabs_ST0(cpu_env);
4656 break;
4657 case 4: /* ftst */
4658 gen_helper_fldz_FT0(cpu_env);
4659 gen_helper_fcom_ST0_FT0(cpu_env);
4660 break;
4661 case 5: /* fxam */
4662 gen_helper_fxam_ST0(cpu_env);
4663 break;
4664 default:
4665 goto unknown_op;
4666 }
4667 break;
4668 case 0x0d: /* grp d9/5 */
4669 {
4670 switch (rm) {
4671 case 0:
4672 gen_helper_fpush(cpu_env);
4673 gen_helper_fld1_ST0(cpu_env);
4674 break;
4675 case 1:
4676 gen_helper_fpush(cpu_env);
4677 gen_helper_fldl2t_ST0(cpu_env);
4678 break;
4679 case 2:
4680 gen_helper_fpush(cpu_env);
4681 gen_helper_fldl2e_ST0(cpu_env);
4682 break;
4683 case 3:
4684 gen_helper_fpush(cpu_env);
4685 gen_helper_fldpi_ST0(cpu_env);
4686 break;
4687 case 4:
4688 gen_helper_fpush(cpu_env);
4689 gen_helper_fldlg2_ST0(cpu_env);
4690 break;
4691 case 5:
4692 gen_helper_fpush(cpu_env);
4693 gen_helper_fldln2_ST0(cpu_env);
4694 break;
4695 case 6:
4696 gen_helper_fpush(cpu_env);
4697 gen_helper_fldz_ST0(cpu_env);
4698 break;
4699 default:
4700 goto unknown_op;
4701 }
4702 }
4703 break;
4704 case 0x0e: /* grp d9/6 */
4705 switch (rm) {
4706 case 0: /* f2xm1 */
4707 gen_helper_f2xm1(cpu_env);
4708 break;
4709 case 1: /* fyl2x */
4710 gen_helper_fyl2x(cpu_env);
4711 break;
4712 case 2: /* fptan */
4713 gen_helper_fptan(cpu_env);
4714 break;
4715 case 3: /* fpatan */
4716 gen_helper_fpatan(cpu_env);
4717 break;
4718 case 4: /* fxtract */
4719 gen_helper_fxtract(cpu_env);
4720 break;
4721 case 5: /* fprem1 */
4722 gen_helper_fprem1(cpu_env);
4723 break;
4724 case 6: /* fdecstp */
4725 gen_helper_fdecstp(cpu_env);
4726 break;
4727 default:
4728 case 7: /* fincstp */
4729 gen_helper_fincstp(cpu_env);
4730 break;
4731 }
4732 break;
4733 case 0x0f: /* grp d9/7 */
4734 switch (rm) {
4735 case 0: /* fprem */
4736 gen_helper_fprem(cpu_env);
4737 break;
4738 case 1: /* fyl2xp1 */
4739 gen_helper_fyl2xp1(cpu_env);
4740 break;
4741 case 2: /* fsqrt */
4742 gen_helper_fsqrt(cpu_env);
4743 break;
4744 case 3: /* fsincos */
4745 gen_helper_fsincos(cpu_env);
4746 break;
4747 case 5: /* fscale */
4748 gen_helper_fscale(cpu_env);
4749 break;
4750 case 4: /* frndint */
4751 gen_helper_frndint(cpu_env);
4752 break;
4753 case 6: /* fsin */
4754 gen_helper_fsin(cpu_env);
4755 break;
4756 default:
4757 case 7: /* fcos */
4758 gen_helper_fcos(cpu_env);
4759 break;
4760 }
4761 break;
4762 case 0x00: case 0x01: case 0x04 ... 0x07: /* fxxx st, sti */
4763 case 0x20: case 0x21: case 0x24 ... 0x27: /* fxxx sti, st */
4764 case 0x30: case 0x31: case 0x34 ... 0x37: /* fxxxp sti, st */
4765 {
4766 int op1;
4767
4768 op1 = op & 7;
4769 if (op >= 0x20) {
4770 gen_helper_fp_arith_STN_ST0(op1, opreg);
4771 if (op >= 0x30) {
4772 gen_helper_fpop(cpu_env);
4773 }
4774 } else {
4775 gen_helper_fmov_FT0_STN(cpu_env,
4776 tcg_const_i32(opreg));
4777 gen_helper_fp_arith_ST0_FT0(op1);
4778 }
4779 }
4780 break;
4781 case 0x02: /* fcom */
4782 case 0x22: /* fcom2, undocumented op */
4783 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
4784 gen_helper_fcom_ST0_FT0(cpu_env);
4785 break;
4786 case 0x03: /* fcomp */
4787 case 0x23: /* fcomp3, undocumented op */
4788 case 0x32: /* fcomp5, undocumented op */
4789 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
4790 gen_helper_fcom_ST0_FT0(cpu_env);
4791 gen_helper_fpop(cpu_env);
4792 break;
4793 case 0x15: /* da/5 */
4794 switch (rm) {
4795 case 1: /* fucompp */
4796 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(1));
4797 gen_helper_fucom_ST0_FT0(cpu_env);
4798 gen_helper_fpop(cpu_env);
4799 gen_helper_fpop(cpu_env);
4800 break;
4801 default:
4802 goto unknown_op;
4803 }
4804 break;
4805 case 0x1c:
4806 switch (rm) {
4807 case 0: /* feni (287 only, just do nop here) */
4808 break;
4809 case 1: /* fdisi (287 only, just do nop here) */
4810 break;
4811 case 2: /* fclex */
4812 gen_helper_fclex(cpu_env);
4813 update_fip = false;
4814 break;
4815 case 3: /* fninit */
4816 gen_helper_fninit(cpu_env);
4817 update_fip = false;
4818 break;
4819 case 4: /* fsetpm (287 only, just do nop here) */
4820 break;
4821 default:
4822 goto unknown_op;
4823 }
4824 break;
4825 case 0x1d: /* fucomi */
4826 if (!(s->cpuid_features & CPUID_CMOV)) {
4827 goto illegal_op;
4828 }
4829 gen_update_cc_op(s);
4830 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
4831 gen_helper_fucomi_ST0_FT0(cpu_env);
4832 set_cc_op(s, CC_OP_EFLAGS);
4833 break;
4834 case 0x1e: /* fcomi */
4835 if (!(s->cpuid_features & CPUID_CMOV)) {
4836 goto illegal_op;
4837 }
4838 gen_update_cc_op(s);
4839 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
4840 gen_helper_fcomi_ST0_FT0(cpu_env);
4841 set_cc_op(s, CC_OP_EFLAGS);
4842 break;
4843 case 0x28: /* ffree sti */
4844 gen_helper_ffree_STN(cpu_env, tcg_const_i32(opreg));
4845 break;
4846 case 0x2a: /* fst sti */
4847 gen_helper_fmov_STN_ST0(cpu_env, tcg_const_i32(opreg));
4848 break;
4849 case 0x2b: /* fstp sti */
4850 case 0x0b: /* fstp1 sti, undocumented op */
4851 case 0x3a: /* fstp8 sti, undocumented op */
4852 case 0x3b: /* fstp9 sti, undocumented op */
4853 gen_helper_fmov_STN_ST0(cpu_env, tcg_const_i32(opreg));
4854 gen_helper_fpop(cpu_env);
4855 break;
4856 case 0x2c: /* fucom st(i) */
4857 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
4858 gen_helper_fucom_ST0_FT0(cpu_env);
4859 break;
4860 case 0x2d: /* fucomp st(i) */
4861 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
4862 gen_helper_fucom_ST0_FT0(cpu_env);
4863 gen_helper_fpop(cpu_env);
4864 break;
4865 case 0x33: /* de/3 */
4866 switch (rm) {
4867 case 1: /* fcompp */
4868 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(1));
4869 gen_helper_fcom_ST0_FT0(cpu_env);
4870 gen_helper_fpop(cpu_env);
4871 gen_helper_fpop(cpu_env);
4872 break;
4873 default:
4874 goto unknown_op;
4875 }
4876 break;
4877 case 0x38: /* ffreep sti, undocumented op */
4878 gen_helper_ffree_STN(cpu_env, tcg_const_i32(opreg));
4879 gen_helper_fpop(cpu_env);
4880 break;
4881 case 0x3c: /* df/4 */
4882 switch (rm) {
4883 case 0:
4884 gen_helper_fnstsw(s->tmp2_i32, cpu_env);
4885 tcg_gen_extu_i32_tl(s->T0, s->tmp2_i32);
4886 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0);
4887 break;
4888 default:
4889 goto unknown_op;
4890 }
4891 break;
4892 case 0x3d: /* fucomip */
4893 if (!(s->cpuid_features & CPUID_CMOV)) {
4894 goto illegal_op;
4895 }
4896 gen_update_cc_op(s);
4897 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
4898 gen_helper_fucomi_ST0_FT0(cpu_env);
4899 gen_helper_fpop(cpu_env);
4900 set_cc_op(s, CC_OP_EFLAGS);
4901 break;
4902 case 0x3e: /* fcomip */
4903 if (!(s->cpuid_features & CPUID_CMOV)) {
4904 goto illegal_op;
4905 }
4906 gen_update_cc_op(s);
4907 gen_helper_fmov_FT0_STN(cpu_env, tcg_const_i32(opreg));
4908 gen_helper_fcomi_ST0_FT0(cpu_env);
4909 gen_helper_fpop(cpu_env);
4910 set_cc_op(s, CC_OP_EFLAGS);
4911 break;
4912 case 0x10 ... 0x13: /* fcmovxx */
4913 case 0x18 ... 0x1b:
4914 {
4915 int op1;
4916 TCGLabel *l1;
4917 static const uint8_t fcmov_cc[8] = {
4918 (JCC_B << 1),
4919 (JCC_Z << 1),
4920 (JCC_BE << 1),
4921 (JCC_P << 1),
4922 };
4923
4924 if (!(s->cpuid_features & CPUID_CMOV)) {
4925 goto illegal_op;
4926 }
4927 op1 = fcmov_cc[op & 3] | (((op >> 3) & 1) ^ 1);
4928 l1 = gen_new_label();
4929 gen_jcc1_noeob(s, op1, l1);
4930 gen_helper_fmov_ST0_STN(cpu_env, tcg_const_i32(opreg));
4931 gen_set_label(l1);
4932 }
4933 break;
4934 default:
4935 goto unknown_op;
4936 }
4937 }
4938
4939 if (update_fip) {
4940 tcg_gen_ld_i32(s->tmp2_i32, cpu_env,
4941 offsetof(CPUX86State, segs[R_CS].selector));
4942 tcg_gen_st16_i32(s->tmp2_i32, cpu_env,
4943 offsetof(CPUX86State, fpcs));
4944 tcg_gen_st_tl(eip_cur_tl(s),
4945 cpu_env, offsetof(CPUX86State, fpip));
4946 }
4947 }
4948 break;
4949 /************************/
4950 /* string ops */
4951
4952 case 0xa4: /* movsS */
4953 case 0xa5:
4954 ot = mo_b_d(b, dflag);
4955 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
4956 gen_repz_movs(s, ot);
4957 } else {
4958 gen_movs(s, ot);
4959 }
4960 break;
4961
4962 case 0xaa: /* stosS */
4963 case 0xab:
4964 ot = mo_b_d(b, dflag);
4965 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
4966 gen_repz_stos(s, ot);
4967 } else {
4968 gen_stos(s, ot);
4969 }
4970 break;
4971 case 0xac: /* lodsS */
4972 case 0xad:
4973 ot = mo_b_d(b, dflag);
4974 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
4975 gen_repz_lods(s, ot);
4976 } else {
4977 gen_lods(s, ot);
4978 }
4979 break;
4980 case 0xae: /* scasS */
4981 case 0xaf:
4982 ot = mo_b_d(b, dflag);
4983 if (prefixes & PREFIX_REPNZ) {
4984 gen_repz_scas(s, ot, 1);
4985 } else if (prefixes & PREFIX_REPZ) {
4986 gen_repz_scas(s, ot, 0);
4987 } else {
4988 gen_scas(s, ot);
4989 }
4990 break;
4991
4992 case 0xa6: /* cmpsS */
4993 case 0xa7:
4994 ot = mo_b_d(b, dflag);
4995 if (prefixes & PREFIX_REPNZ) {
4996 gen_repz_cmps(s, ot, 1);
4997 } else if (prefixes & PREFIX_REPZ) {
4998 gen_repz_cmps(s, ot, 0);
4999 } else {
5000 gen_cmps(s, ot);
5001 }
5002 break;
5003 case 0x6c: /* insS */
5004 case 0x6d:
5005 ot = mo_b_d32(b, dflag);
5006 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]);
5007 tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32);
5008 if (!gen_check_io(s, ot, s->tmp2_i32,
5009 SVM_IOIO_TYPE_MASK | SVM_IOIO_STR_MASK)) {
5010 break;
5011 }
5012 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
5013 gen_io_start();
5014 s->base.is_jmp = DISAS_TOO_MANY;
5015 }
5016 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
5017 gen_repz_ins(s, ot);
5018 } else {
5019 gen_ins(s, ot);
5020 }
5021 break;
5022 case 0x6e: /* outsS */
5023 case 0x6f:
5024 ot = mo_b_d32(b, dflag);
5025 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]);
5026 tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32);
5027 if (!gen_check_io(s, ot, s->tmp2_i32, SVM_IOIO_STR_MASK)) {
5028 break;
5029 }
5030 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
5031 gen_io_start();
5032 s->base.is_jmp = DISAS_TOO_MANY;
5033 }
5034 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
5035 gen_repz_outs(s, ot);
5036 } else {
5037 gen_outs(s, ot);
5038 }
5039 break;
5040
5041 /************************/
5042 /* port I/O */
5043
5044 case 0xe4:
5045 case 0xe5:
5046 ot = mo_b_d32(b, dflag);
5047 val = x86_ldub_code(env, s);
5048 tcg_gen_movi_i32(s->tmp2_i32, val);
5049 if (!gen_check_io(s, ot, s->tmp2_i32, SVM_IOIO_TYPE_MASK)) {
5050 break;
5051 }
5052 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
5053 gen_io_start();
5054 s->base.is_jmp = DISAS_TOO_MANY;
5055 }
5056 gen_helper_in_func(ot, s->T1, s->tmp2_i32);
5057 gen_op_mov_reg_v(s, ot, R_EAX, s->T1);
5058 gen_bpt_io(s, s->tmp2_i32, ot);
5059 break;
5060 case 0xe6:
5061 case 0xe7:
5062 ot = mo_b_d32(b, dflag);
5063 val = x86_ldub_code(env, s);
5064 tcg_gen_movi_i32(s->tmp2_i32, val);
5065 if (!gen_check_io(s, ot, s->tmp2_i32, 0)) {
5066 break;
5067 }
5068 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
5069 gen_io_start();
5070 s->base.is_jmp = DISAS_TOO_MANY;
5071 }
5072 gen_op_mov_v_reg(s, ot, s->T1, R_EAX);
5073 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1);
5074 gen_helper_out_func(ot, s->tmp2_i32, s->tmp3_i32);
5075 gen_bpt_io(s, s->tmp2_i32, ot);
5076 break;
5077 case 0xec:
5078 case 0xed:
5079 ot = mo_b_d32(b, dflag);
5080 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]);
5081 tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32);
5082 if (!gen_check_io(s, ot, s->tmp2_i32, SVM_IOIO_TYPE_MASK)) {
5083 break;
5084 }
5085 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
5086 gen_io_start();
5087 s->base.is_jmp = DISAS_TOO_MANY;
5088 }
5089 gen_helper_in_func(ot, s->T1, s->tmp2_i32);
5090 gen_op_mov_reg_v(s, ot, R_EAX, s->T1);
5091 gen_bpt_io(s, s->tmp2_i32, ot);
5092 break;
5093 case 0xee:
5094 case 0xef:
5095 ot = mo_b_d32(b, dflag);
5096 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]);
5097 tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32);
5098 if (!gen_check_io(s, ot, s->tmp2_i32, 0)) {
5099 break;
5100 }
5101 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
5102 gen_io_start();
5103 s->base.is_jmp = DISAS_TOO_MANY;
5104 }
5105 gen_op_mov_v_reg(s, ot, s->T1, R_EAX);
5106 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1);
5107 gen_helper_out_func(ot, s->tmp2_i32, s->tmp3_i32);
5108 gen_bpt_io(s, s->tmp2_i32, ot);
5109 break;
5110
5111 /************************/
5112 /* control */
5113 case 0xc2: /* ret im */
5114 val = x86_ldsw_code(env, s);
5115 ot = gen_pop_T0(s);
5116 gen_stack_update(s, val + (1 << ot));
5117 /* Note that gen_pop_T0 uses a zero-extending load. */
5118 gen_op_jmp_v(s, s->T0);
5119 gen_bnd_jmp(s);
5120 s->base.is_jmp = DISAS_JUMP;
5121 break;
5122 case 0xc3: /* ret */
5123 ot = gen_pop_T0(s);
5124 gen_pop_update(s, ot);
5125 /* Note that gen_pop_T0 uses a zero-extending load. */
5126 gen_op_jmp_v(s, s->T0);
5127 gen_bnd_jmp(s);
5128 s->base.is_jmp = DISAS_JUMP;
5129 break;
5130 case 0xca: /* lret im */
5131 val = x86_ldsw_code(env, s);
5132 do_lret:
5133 if (PE(s) && !VM86(s)) {
5134 gen_update_cc_op(s);
5135 gen_update_eip_cur(s);
5136 gen_helper_lret_protected(cpu_env, tcg_const_i32(dflag - 1),
5137 tcg_const_i32(val));
5138 } else {
5139 gen_stack_A0(s);
5140 /* pop offset */
5141 gen_op_ld_v(s, dflag, s->T0, s->A0);
5142 /* NOTE: keeping EIP updated is not a problem in case of
5143 exception */
5144 gen_op_jmp_v(s, s->T0);
5145 /* pop selector */
5146 gen_add_A0_im(s, 1 << dflag);
5147 gen_op_ld_v(s, dflag, s->T0, s->A0);
5148 gen_op_movl_seg_T0_vm(s, R_CS);
5149 /* add stack offset */
5150 gen_stack_update(s, val + (2 << dflag));
5151 }
5152 s->base.is_jmp = DISAS_EOB_ONLY;
5153 break;
5154 case 0xcb: /* lret */
5155 val = 0;
5156 goto do_lret;
5157 case 0xcf: /* iret */
5158 gen_svm_check_intercept(s, SVM_EXIT_IRET);
5159 if (!PE(s) || VM86(s)) {
5160 /* real mode or vm86 mode */
5161 if (!check_vm86_iopl(s)) {
5162 break;
5163 }
5164 gen_helper_iret_real(cpu_env, tcg_const_i32(dflag - 1));
5165 } else {
5166 gen_helper_iret_protected(cpu_env, tcg_constant_i32(dflag - 1),
5167 eip_next_i32(s));
5168 }
5169 set_cc_op(s, CC_OP_EFLAGS);
5170 s->base.is_jmp = DISAS_EOB_ONLY;
5171 break;
5172 case 0xe8: /* call im */
5173 {
5174 int diff = (dflag != MO_16
5175 ? (int32_t)insn_get(env, s, MO_32)
5176 : (int16_t)insn_get(env, s, MO_16));
5177 gen_push_v(s, eip_next_tl(s));
5178 gen_bnd_jmp(s);
5179 gen_jmp_rel(s, dflag, diff, 0);
5180 }
5181 break;
5182 case 0x9a: /* lcall im */
5183 {
5184 unsigned int selector, offset;
5185
5186 if (CODE64(s))
5187 goto illegal_op;
5188 ot = dflag;
5189 offset = insn_get(env, s, ot);
5190 selector = insn_get(env, s, MO_16);
5191
5192 tcg_gen_movi_tl(s->T0, selector);
5193 tcg_gen_movi_tl(s->T1, offset);
5194 }
5195 goto do_lcall;
5196 case 0xe9: /* jmp im */
5197 {
5198 int diff = (dflag != MO_16
5199 ? (int32_t)insn_get(env, s, MO_32)
5200 : (int16_t)insn_get(env, s, MO_16));
5201 gen_bnd_jmp(s);
5202 gen_jmp_rel(s, dflag, diff, 0);
5203 }
5204 break;
5205 case 0xea: /* ljmp im */
5206 {
5207 unsigned int selector, offset;
5208
5209 if (CODE64(s))
5210 goto illegal_op;
5211 ot = dflag;
5212 offset = insn_get(env, s, ot);
5213 selector = insn_get(env, s, MO_16);
5214
5215 tcg_gen_movi_tl(s->T0, selector);
5216 tcg_gen_movi_tl(s->T1, offset);
5217 }
5218 goto do_ljmp;
5219 case 0xeb: /* jmp Jb */
5220 {
5221 int diff = (int8_t)insn_get(env, s, MO_8);
5222 gen_jmp_rel(s, dflag, diff, 0);
5223 }
5224 break;
5225 case 0x70 ... 0x7f: /* jcc Jb */
5226 {
5227 int diff = (int8_t)insn_get(env, s, MO_8);
5228 gen_bnd_jmp(s);
5229 gen_jcc(s, b, diff);
5230 }
5231 break;
5232 case 0x180 ... 0x18f: /* jcc Jv */
5233 {
5234 int diff = (dflag != MO_16
5235 ? (int32_t)insn_get(env, s, MO_32)
5236 : (int16_t)insn_get(env, s, MO_16));
5237 gen_bnd_jmp(s);
5238 gen_jcc(s, b, diff);
5239 }
5240 break;
5241
5242 case 0x190 ... 0x19f: /* setcc Gv */
5243 modrm = x86_ldub_code(env, s);
5244 gen_setcc1(s, b, s->T0);
5245 gen_ldst_modrm(env, s, modrm, MO_8, OR_TMP0, 1);
5246 break;
5247 case 0x140 ... 0x14f: /* cmov Gv, Ev */
5248 if (!(s->cpuid_features & CPUID_CMOV)) {
5249 goto illegal_op;
5250 }
5251 ot = dflag;
5252 modrm = x86_ldub_code(env, s);
5253 reg = ((modrm >> 3) & 7) | REX_R(s);
5254 gen_cmovcc1(env, s, ot, b, modrm, reg);
5255 break;
5256
5257 /************************/
5258 /* flags */
5259 case 0x9c: /* pushf */
5260 gen_svm_check_intercept(s, SVM_EXIT_PUSHF);
5261 if (check_vm86_iopl(s)) {
5262 gen_update_cc_op(s);
5263 gen_helper_read_eflags(s->T0, cpu_env);
5264 gen_push_v(s, s->T0);
5265 }
5266 break;
5267 case 0x9d: /* popf */
5268 gen_svm_check_intercept(s, SVM_EXIT_POPF);
5269 if (check_vm86_iopl(s)) {
5270 ot = gen_pop_T0(s);
5271 if (CPL(s) == 0) {
5272 if (dflag != MO_16) {
5273 gen_helper_write_eflags(cpu_env, s->T0,
5274 tcg_const_i32((TF_MASK | AC_MASK |
5275 ID_MASK | NT_MASK |
5276 IF_MASK |
5277 IOPL_MASK)));
5278 } else {
5279 gen_helper_write_eflags(cpu_env, s->T0,
5280 tcg_const_i32((TF_MASK | AC_MASK |
5281 ID_MASK | NT_MASK |
5282 IF_MASK | IOPL_MASK)
5283 & 0xffff));
5284 }
5285 } else {
5286 if (CPL(s) <= IOPL(s)) {
5287 if (dflag != MO_16) {
5288 gen_helper_write_eflags(cpu_env, s->T0,
5289 tcg_const_i32((TF_MASK |
5290 AC_MASK |
5291 ID_MASK |
5292 NT_MASK |
5293 IF_MASK)));
5294 } else {
5295 gen_helper_write_eflags(cpu_env, s->T0,
5296 tcg_const_i32((TF_MASK |
5297 AC_MASK |
5298 ID_MASK |
5299 NT_MASK |
5300 IF_MASK)
5301 & 0xffff));
5302 }
5303 } else {
5304 if (dflag != MO_16) {
5305 gen_helper_write_eflags(cpu_env, s->T0,
5306 tcg_const_i32((TF_MASK | AC_MASK |
5307 ID_MASK | NT_MASK)));
5308 } else {
5309 gen_helper_write_eflags(cpu_env, s->T0,
5310 tcg_const_i32((TF_MASK | AC_MASK |
5311 ID_MASK | NT_MASK)
5312 & 0xffff));
5313 }
5314 }
5315 }
5316 gen_pop_update(s, ot);
5317 set_cc_op(s, CC_OP_EFLAGS);
5318 /* abort translation because TF/AC flag may change */
5319 s->base.is_jmp = DISAS_EOB_NEXT;
5320 }
5321 break;
5322 case 0x9e: /* sahf */
5323 if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM))
5324 goto illegal_op;
5325 tcg_gen_shri_tl(s->T0, cpu_regs[R_EAX], 8);
5326 gen_compute_eflags(s);
5327 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, CC_O);
5328 tcg_gen_andi_tl(s->T0, s->T0, CC_S | CC_Z | CC_A | CC_P | CC_C);
5329 tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, s->T0);
5330 break;
5331 case 0x9f: /* lahf */
5332 if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM))
5333 goto illegal_op;
5334 gen_compute_eflags(s);
5335 /* Note: gen_compute_eflags() only gives the condition codes */
5336 tcg_gen_ori_tl(s->T0, cpu_cc_src, 0x02);
5337 tcg_gen_deposit_tl(cpu_regs[R_EAX], cpu_regs[R_EAX], s->T0, 8, 8);
5338 break;
5339 case 0xf5: /* cmc */
5340 gen_compute_eflags(s);
5341 tcg_gen_xori_tl(cpu_cc_src, cpu_cc_src, CC_C);
5342 break;
5343 case 0xf8: /* clc */
5344 gen_compute_eflags(s);
5345 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, ~CC_C);
5346 break;
5347 case 0xf9: /* stc */
5348 gen_compute_eflags(s);
5349 tcg_gen_ori_tl(cpu_cc_src, cpu_cc_src, CC_C);
5350 break;
5351 case 0xfc: /* cld */
5352 tcg_gen_movi_i32(s->tmp2_i32, 1);
5353 tcg_gen_st_i32(s->tmp2_i32, cpu_env, offsetof(CPUX86State, df));
5354 break;
5355 case 0xfd: /* std */
5356 tcg_gen_movi_i32(s->tmp2_i32, -1);
5357 tcg_gen_st_i32(s->tmp2_i32, cpu_env, offsetof(CPUX86State, df));
5358 break;
5359
5360 /************************/
5361 /* bit operations */
5362 case 0x1ba: /* bt/bts/btr/btc Gv, im */
5363 ot = dflag;
5364 modrm = x86_ldub_code(env, s);
5365 op = (modrm >> 3) & 7;
5366 mod = (modrm >> 6) & 3;
5367 rm = (modrm & 7) | REX_B(s);
5368 if (mod != 3) {
5369 s->rip_offset = 1;
5370 gen_lea_modrm(env, s, modrm);
5371 if (!(s->prefix & PREFIX_LOCK)) {
5372 gen_op_ld_v(s, ot, s->T0, s->A0);
5373 }
5374 } else {
5375 gen_op_mov_v_reg(s, ot, s->T0, rm);
5376 }
5377 /* load shift */
5378 val = x86_ldub_code(env, s);
5379 tcg_gen_movi_tl(s->T1, val);
5380 if (op < 4)
5381 goto unknown_op;
5382 op -= 4;
5383 goto bt_op;
5384 case 0x1a3: /* bt Gv, Ev */
5385 op = 0;
5386 goto do_btx;
5387 case 0x1ab: /* bts */
5388 op = 1;
5389 goto do_btx;
5390 case 0x1b3: /* btr */
5391 op = 2;
5392 goto do_btx;
5393 case 0x1bb: /* btc */
5394 op = 3;
5395 do_btx:
5396 ot = dflag;
5397 modrm = x86_ldub_code(env, s);
5398 reg = ((modrm >> 3) & 7) | REX_R(s);
5399 mod = (modrm >> 6) & 3;
5400 rm = (modrm & 7) | REX_B(s);
5401 gen_op_mov_v_reg(s, MO_32, s->T1, reg);
5402 if (mod != 3) {
5403 AddressParts a = gen_lea_modrm_0(env, s, modrm);
5404 /* specific case: we need to add a displacement */
5405 gen_exts(ot, s->T1);
5406 tcg_gen_sari_tl(s->tmp0, s->T1, 3 + ot);
5407 tcg_gen_shli_tl(s->tmp0, s->tmp0, ot);
5408 tcg_gen_add_tl(s->A0, gen_lea_modrm_1(s, a, false), s->tmp0);
5409 gen_lea_v_seg(s, s->aflag, s->A0, a.def_seg, s->override);
5410 if (!(s->prefix & PREFIX_LOCK)) {
5411 gen_op_ld_v(s, ot, s->T0, s->A0);
5412 }
5413 } else {
5414 gen_op_mov_v_reg(s, ot, s->T0, rm);
5415 }
5416 bt_op:
5417 tcg_gen_andi_tl(s->T1, s->T1, (1 << (3 + ot)) - 1);
5418 tcg_gen_movi_tl(s->tmp0, 1);
5419 tcg_gen_shl_tl(s->tmp0, s->tmp0, s->T1);
5420 if (s->prefix & PREFIX_LOCK) {
5421 switch (op) {
5422 case 0: /* bt */
5423 /* Needs no atomic ops; we surpressed the normal
5424 memory load for LOCK above so do it now. */
5425 gen_op_ld_v(s, ot, s->T0, s->A0);
5426 break;
5427 case 1: /* bts */
5428 tcg_gen_atomic_fetch_or_tl(s->T0, s->A0, s->tmp0,
5429 s->mem_index, ot | MO_LE);
5430 break;
5431 case 2: /* btr */
5432 tcg_gen_not_tl(s->tmp0, s->tmp0);
5433 tcg_gen_atomic_fetch_and_tl(s->T0, s->A0, s->tmp0,
5434 s->mem_index, ot | MO_LE);
5435 break;
5436 default:
5437 case 3: /* btc */
5438 tcg_gen_atomic_fetch_xor_tl(s->T0, s->A0, s->tmp0,
5439 s->mem_index, ot | MO_LE);
5440 break;
5441 }
5442 tcg_gen_shr_tl(s->tmp4, s->T0, s->T1);
5443 } else {
5444 tcg_gen_shr_tl(s->tmp4, s->T0, s->T1);
5445 switch (op) {
5446 case 0: /* bt */
5447 /* Data already loaded; nothing to do. */
5448 break;
5449 case 1: /* bts */
5450 tcg_gen_or_tl(s->T0, s->T0, s->tmp0);
5451 break;
5452 case 2: /* btr */
5453 tcg_gen_andc_tl(s->T0, s->T0, s->tmp0);
5454 break;
5455 default:
5456 case 3: /* btc */
5457 tcg_gen_xor_tl(s->T0, s->T0, s->tmp0);
5458 break;
5459 }
5460 if (op != 0) {
5461 if (mod != 3) {
5462 gen_op_st_v(s, ot, s->T0, s->A0);
5463 } else {
5464 gen_op_mov_reg_v(s, ot, rm, s->T0);
5465 }
5466 }
5467 }
5468
5469 /* Delay all CC updates until after the store above. Note that
5470 C is the result of the test, Z is unchanged, and the others
5471 are all undefined. */
5472 switch (s->cc_op) {
5473 case CC_OP_MULB ... CC_OP_MULQ:
5474 case CC_OP_ADDB ... CC_OP_ADDQ:
5475 case CC_OP_ADCB ... CC_OP_ADCQ:
5476 case CC_OP_SUBB ... CC_OP_SUBQ:
5477 case CC_OP_SBBB ... CC_OP_SBBQ:
5478 case CC_OP_LOGICB ... CC_OP_LOGICQ:
5479 case CC_OP_INCB ... CC_OP_INCQ:
5480 case CC_OP_DECB ... CC_OP_DECQ:
5481 case CC_OP_SHLB ... CC_OP_SHLQ:
5482 case CC_OP_SARB ... CC_OP_SARQ:
5483 case CC_OP_BMILGB ... CC_OP_BMILGQ:
5484 /* Z was going to be computed from the non-zero status of CC_DST.
5485 We can get that same Z value (and the new C value) by leaving
5486 CC_DST alone, setting CC_SRC, and using a CC_OP_SAR of the
5487 same width. */
5488 tcg_gen_mov_tl(cpu_cc_src, s->tmp4);
5489 set_cc_op(s, ((s->cc_op - CC_OP_MULB) & 3) + CC_OP_SARB);
5490 break;
5491 default:
5492 /* Otherwise, generate EFLAGS and replace the C bit. */
5493 gen_compute_eflags(s);
5494 tcg_gen_deposit_tl(cpu_cc_src, cpu_cc_src, s->tmp4,
5495 ctz32(CC_C), 1);
5496 break;
5497 }
5498 break;
5499 case 0x1bc: /* bsf / tzcnt */
5500 case 0x1bd: /* bsr / lzcnt */
5501 ot = dflag;
5502 modrm = x86_ldub_code(env, s);
5503 reg = ((modrm >> 3) & 7) | REX_R(s);
5504 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
5505 gen_extu(ot, s->T0);
5506
5507 /* Note that lzcnt and tzcnt are in different extensions. */
5508 if ((prefixes & PREFIX_REPZ)
5509 && (b & 1
5510 ? s->cpuid_ext3_features & CPUID_EXT3_ABM
5511 : s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)) {
5512 int size = 8 << ot;
5513 /* For lzcnt/tzcnt, C bit is defined related to the input. */
5514 tcg_gen_mov_tl(cpu_cc_src, s->T0);
5515 if (b & 1) {
5516 /* For lzcnt, reduce the target_ulong result by the
5517 number of zeros that we expect to find at the top. */
5518 tcg_gen_clzi_tl(s->T0, s->T0, TARGET_LONG_BITS);
5519 tcg_gen_subi_tl(s->T0, s->T0, TARGET_LONG_BITS - size);
5520 } else {
5521 /* For tzcnt, a zero input must return the operand size. */
5522 tcg_gen_ctzi_tl(s->T0, s->T0, size);
5523 }
5524 /* For lzcnt/tzcnt, Z bit is defined related to the result. */
5525 gen_op_update1_cc(s);
5526 set_cc_op(s, CC_OP_BMILGB + ot);
5527 } else {
5528 /* For bsr/bsf, only the Z bit is defined and it is related
5529 to the input and not the result. */
5530 tcg_gen_mov_tl(cpu_cc_dst, s->T0);
5531 set_cc_op(s, CC_OP_LOGICB + ot);
5532
5533 /* ??? The manual says that the output is undefined when the
5534 input is zero, but real hardware leaves it unchanged, and
5535 real programs appear to depend on that. Accomplish this
5536 by passing the output as the value to return upon zero. */
5537 if (b & 1) {
5538 /* For bsr, return the bit index of the first 1 bit,
5539 not the count of leading zeros. */
5540 tcg_gen_xori_tl(s->T1, cpu_regs[reg], TARGET_LONG_BITS - 1);
5541 tcg_gen_clz_tl(s->T0, s->T0, s->T1);
5542 tcg_gen_xori_tl(s->T0, s->T0, TARGET_LONG_BITS - 1);
5543 } else {
5544 tcg_gen_ctz_tl(s->T0, s->T0, cpu_regs[reg]);
5545 }
5546 }
5547 gen_op_mov_reg_v(s, ot, reg, s->T0);
5548 break;
5549 /************************/
5550 /* bcd */
5551 case 0x27: /* daa */
5552 if (CODE64(s))
5553 goto illegal_op;
5554 gen_update_cc_op(s);
5555 gen_helper_daa(cpu_env);
5556 set_cc_op(s, CC_OP_EFLAGS);
5557 break;
5558 case 0x2f: /* das */
5559 if (CODE64(s))
5560 goto illegal_op;
5561 gen_update_cc_op(s);
5562 gen_helper_das(cpu_env);
5563 set_cc_op(s, CC_OP_EFLAGS);
5564 break;
5565 case 0x37: /* aaa */
5566 if (CODE64(s))
5567 goto illegal_op;
5568 gen_update_cc_op(s);
5569 gen_helper_aaa(cpu_env);
5570 set_cc_op(s, CC_OP_EFLAGS);
5571 break;
5572 case 0x3f: /* aas */
5573 if (CODE64(s))
5574 goto illegal_op;
5575 gen_update_cc_op(s);
5576 gen_helper_aas(cpu_env);
5577 set_cc_op(s, CC_OP_EFLAGS);
5578 break;
5579 case 0xd4: /* aam */
5580 if (CODE64(s))
5581 goto illegal_op;
5582 val = x86_ldub_code(env, s);
5583 if (val == 0) {
5584 gen_exception(s, EXCP00_DIVZ);
5585 } else {
5586 gen_helper_aam(cpu_env, tcg_const_i32(val));
5587 set_cc_op(s, CC_OP_LOGICB);
5588 }
5589 break;
5590 case 0xd5: /* aad */
5591 if (CODE64(s))
5592 goto illegal_op;
5593 val = x86_ldub_code(env, s);
5594 gen_helper_aad(cpu_env, tcg_const_i32(val));
5595 set_cc_op(s, CC_OP_LOGICB);
5596 break;
5597 /************************/
5598 /* misc */
5599 case 0x90: /* nop */
5600 /* XXX: correct lock test for all insn */
5601 if (prefixes & PREFIX_LOCK) {
5602 goto illegal_op;
5603 }
5604 /* If REX_B is set, then this is xchg eax, r8d, not a nop. */
5605 if (REX_B(s)) {
5606 goto do_xchg_reg_eax;
5607 }
5608 if (prefixes & PREFIX_REPZ) {
5609 gen_update_cc_op(s);
5610 gen_update_eip_cur(s);
5611 gen_helper_pause(cpu_env, cur_insn_len_i32(s));
5612 s->base.is_jmp = DISAS_NORETURN;
5613 }
5614 break;
5615 case 0x9b: /* fwait */
5616 if ((s->flags & (HF_MP_MASK | HF_TS_MASK)) ==
5617 (HF_MP_MASK | HF_TS_MASK)) {
5618 gen_exception(s, EXCP07_PREX);
5619 } else {
5620 gen_helper_fwait(cpu_env);
5621 }
5622 break;
5623 case 0xcc: /* int3 */
5624 gen_interrupt(s, EXCP03_INT3);
5625 break;
5626 case 0xcd: /* int N */
5627 val = x86_ldub_code(env, s);
5628 if (check_vm86_iopl(s)) {
5629 gen_interrupt(s, val);
5630 }
5631 break;
5632 case 0xce: /* into */
5633 if (CODE64(s))
5634 goto illegal_op;
5635 gen_update_cc_op(s);
5636 gen_update_eip_cur(s);
5637 gen_helper_into(cpu_env, cur_insn_len_i32(s));
5638 break;
5639 #ifdef WANT_ICEBP
5640 case 0xf1: /* icebp (undocumented, exits to external debugger) */
5641 gen_svm_check_intercept(s, SVM_EXIT_ICEBP);
5642 gen_debug(s);
5643 break;
5644 #endif
5645 case 0xfa: /* cli */
5646 if (check_iopl(s)) {
5647 gen_reset_eflags(s, IF_MASK);
5648 }
5649 break;
5650 case 0xfb: /* sti */
5651 if (check_iopl(s)) {
5652 gen_set_eflags(s, IF_MASK);
5653 /* interruptions are enabled only the first insn after sti */
5654 gen_update_eip_next(s);
5655 gen_eob_inhibit_irq(s, true);
5656 }
5657 break;
5658 case 0x62: /* bound */
5659 if (CODE64(s))
5660 goto illegal_op;
5661 ot = dflag;
5662 modrm = x86_ldub_code(env, s);
5663 reg = (modrm >> 3) & 7;
5664 mod = (modrm >> 6) & 3;
5665 if (mod == 3)
5666 goto illegal_op;
5667 gen_op_mov_v_reg(s, ot, s->T0, reg);
5668 gen_lea_modrm(env, s, modrm);
5669 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
5670 if (ot == MO_16) {
5671 gen_helper_boundw(cpu_env, s->A0, s->tmp2_i32);
5672 } else {
5673 gen_helper_boundl(cpu_env, s->A0, s->tmp2_i32);
5674 }
5675 break;
5676 case 0x1c8 ... 0x1cf: /* bswap reg */
5677 reg = (b & 7) | REX_B(s);
5678 #ifdef TARGET_X86_64
5679 if (dflag == MO_64) {
5680 tcg_gen_bswap64_i64(cpu_regs[reg], cpu_regs[reg]);
5681 break;
5682 }
5683 #endif
5684 tcg_gen_bswap32_tl(cpu_regs[reg], cpu_regs[reg], TCG_BSWAP_OZ);
5685 break;
5686 case 0xd6: /* salc */
5687 if (CODE64(s))
5688 goto illegal_op;
5689 gen_compute_eflags_c(s, s->T0);
5690 tcg_gen_neg_tl(s->T0, s->T0);
5691 gen_op_mov_reg_v(s, MO_8, R_EAX, s->T0);
5692 break;
5693 case 0xe0: /* loopnz */
5694 case 0xe1: /* loopz */
5695 case 0xe2: /* loop */
5696 case 0xe3: /* jecxz */
5697 {
5698 TCGLabel *l1, *l2;
5699 int diff = (int8_t)insn_get(env, s, MO_8);
5700
5701 l1 = gen_new_label();
5702 l2 = gen_new_label();
5703 gen_update_cc_op(s);
5704 b &= 3;
5705 switch(b) {
5706 case 0: /* loopnz */
5707 case 1: /* loopz */
5708 gen_op_add_reg_im(s, s->aflag, R_ECX, -1);
5709 gen_op_jz_ecx(s, l2);
5710 gen_jcc1(s, (JCC_Z << 1) | (b ^ 1), l1);
5711 break;
5712 case 2: /* loop */
5713 gen_op_add_reg_im(s, s->aflag, R_ECX, -1);
5714 gen_op_jnz_ecx(s, l1);
5715 break;
5716 default:
5717 case 3: /* jcxz */
5718 gen_op_jz_ecx(s, l1);
5719 break;
5720 }
5721
5722 gen_set_label(l2);
5723 gen_jmp_rel_csize(s, 0, 1);
5724
5725 gen_set_label(l1);
5726 gen_jmp_rel(s, dflag, diff, 0);
5727 }
5728 break;
5729 case 0x130: /* wrmsr */
5730 case 0x132: /* rdmsr */
5731 if (check_cpl0(s)) {
5732 gen_update_cc_op(s);
5733 gen_update_eip_cur(s);
5734 if (b & 2) {
5735 gen_helper_rdmsr(cpu_env);
5736 } else {
5737 gen_helper_wrmsr(cpu_env);
5738 s->base.is_jmp = DISAS_EOB_NEXT;
5739 }
5740 }
5741 break;
5742 case 0x131: /* rdtsc */
5743 gen_update_cc_op(s);
5744 gen_update_eip_cur(s);
5745 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
5746 gen_io_start();
5747 s->base.is_jmp = DISAS_TOO_MANY;
5748 }
5749 gen_helper_rdtsc(cpu_env);
5750 break;
5751 case 0x133: /* rdpmc */
5752 gen_update_cc_op(s);
5753 gen_update_eip_cur(s);
5754 gen_helper_rdpmc(cpu_env);
5755 s->base.is_jmp = DISAS_NORETURN;
5756 break;
5757 case 0x134: /* sysenter */
5758 /* For Intel SYSENTER is valid on 64-bit */
5759 if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1)
5760 goto illegal_op;
5761 if (!PE(s)) {
5762 gen_exception_gpf(s);
5763 } else {
5764 gen_helper_sysenter(cpu_env);
5765 s->base.is_jmp = DISAS_EOB_ONLY;
5766 }
5767 break;
5768 case 0x135: /* sysexit */
5769 /* For Intel SYSEXIT is valid on 64-bit */
5770 if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1)
5771 goto illegal_op;
5772 if (!PE(s)) {
5773 gen_exception_gpf(s);
5774 } else {
5775 gen_helper_sysexit(cpu_env, tcg_const_i32(dflag - 1));
5776 s->base.is_jmp = DISAS_EOB_ONLY;
5777 }
5778 break;
5779 #ifdef TARGET_X86_64
5780 case 0x105: /* syscall */
5781 /* XXX: is it usable in real mode ? */
5782 gen_update_cc_op(s);
5783 gen_update_eip_cur(s);
5784 gen_helper_syscall(cpu_env, cur_insn_len_i32(s));
5785 /* TF handling for the syscall insn is different. The TF bit is checked
5786 after the syscall insn completes. This allows #DB to not be
5787 generated after one has entered CPL0 if TF is set in FMASK. */
5788 gen_eob_worker(s, false, true);
5789 break;
5790 case 0x107: /* sysret */
5791 if (!PE(s)) {
5792 gen_exception_gpf(s);
5793 } else {
5794 gen_helper_sysret(cpu_env, tcg_const_i32(dflag - 1));
5795 /* condition codes are modified only in long mode */
5796 if (LMA(s)) {
5797 set_cc_op(s, CC_OP_EFLAGS);
5798 }
5799 /* TF handling for the sysret insn is different. The TF bit is
5800 checked after the sysret insn completes. This allows #DB to be
5801 generated "as if" the syscall insn in userspace has just
5802 completed. */
5803 gen_eob_worker(s, false, true);
5804 }
5805 break;
5806 #endif
5807 case 0x1a2: /* cpuid */
5808 gen_update_cc_op(s);
5809 gen_update_eip_cur(s);
5810 gen_helper_cpuid(cpu_env);
5811 break;
5812 case 0xf4: /* hlt */
5813 if (check_cpl0(s)) {
5814 gen_update_cc_op(s);
5815 gen_update_eip_cur(s);
5816 gen_helper_hlt(cpu_env, cur_insn_len_i32(s));
5817 s->base.is_jmp = DISAS_NORETURN;
5818 }
5819 break;
5820 case 0x100:
5821 modrm = x86_ldub_code(env, s);
5822 mod = (modrm >> 6) & 3;
5823 op = (modrm >> 3) & 7;
5824 switch(op) {
5825 case 0: /* sldt */
5826 if (!PE(s) || VM86(s))
5827 goto illegal_op;
5828 if (s->flags & HF_UMIP_MASK && !check_cpl0(s)) {
5829 break;
5830 }
5831 gen_svm_check_intercept(s, SVM_EXIT_LDTR_READ);
5832 tcg_gen_ld32u_tl(s->T0, cpu_env,
5833 offsetof(CPUX86State, ldt.selector));
5834 ot = mod == 3 ? dflag : MO_16;
5835 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
5836 break;
5837 case 2: /* lldt */
5838 if (!PE(s) || VM86(s))
5839 goto illegal_op;
5840 if (check_cpl0(s)) {
5841 gen_svm_check_intercept(s, SVM_EXIT_LDTR_WRITE);
5842 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
5843 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
5844 gen_helper_lldt(cpu_env, s->tmp2_i32);
5845 }
5846 break;
5847 case 1: /* str */
5848 if (!PE(s) || VM86(s))
5849 goto illegal_op;
5850 if (s->flags & HF_UMIP_MASK && !check_cpl0(s)) {
5851 break;
5852 }
5853 gen_svm_check_intercept(s, SVM_EXIT_TR_READ);
5854 tcg_gen_ld32u_tl(s->T0, cpu_env,
5855 offsetof(CPUX86State, tr.selector));
5856 ot = mod == 3 ? dflag : MO_16;
5857 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
5858 break;
5859 case 3: /* ltr */
5860 if (!PE(s) || VM86(s))
5861 goto illegal_op;
5862 if (check_cpl0(s)) {
5863 gen_svm_check_intercept(s, SVM_EXIT_TR_WRITE);
5864 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
5865 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
5866 gen_helper_ltr(cpu_env, s->tmp2_i32);
5867 }
5868 break;
5869 case 4: /* verr */
5870 case 5: /* verw */
5871 if (!PE(s) || VM86(s))
5872 goto illegal_op;
5873 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
5874 gen_update_cc_op(s);
5875 if (op == 4) {
5876 gen_helper_verr(cpu_env, s->T0);
5877 } else {
5878 gen_helper_verw(cpu_env, s->T0);
5879 }
5880 set_cc_op(s, CC_OP_EFLAGS);
5881 break;
5882 default:
5883 goto unknown_op;
5884 }
5885 break;
5886
5887 case 0x101:
5888 modrm = x86_ldub_code(env, s);
5889 switch (modrm) {
5890 CASE_MODRM_MEM_OP(0): /* sgdt */
5891 if (s->flags & HF_UMIP_MASK && !check_cpl0(s)) {
5892 break;
5893 }
5894 gen_svm_check_intercept(s, SVM_EXIT_GDTR_READ);
5895 gen_lea_modrm(env, s, modrm);
5896 tcg_gen_ld32u_tl(s->T0,
5897 cpu_env, offsetof(CPUX86State, gdt.limit));
5898 gen_op_st_v(s, MO_16, s->T0, s->A0);
5899 gen_add_A0_im(s, 2);
5900 tcg_gen_ld_tl(s->T0, cpu_env, offsetof(CPUX86State, gdt.base));
5901 if (dflag == MO_16) {
5902 tcg_gen_andi_tl(s->T0, s->T0, 0xffffff);
5903 }
5904 gen_op_st_v(s, CODE64(s) + MO_32, s->T0, s->A0);
5905 break;
5906
5907 case 0xc8: /* monitor */
5908 if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) || CPL(s) != 0) {
5909 goto illegal_op;
5910 }
5911 gen_update_cc_op(s);
5912 gen_update_eip_cur(s);
5913 tcg_gen_mov_tl(s->A0, cpu_regs[R_EAX]);
5914 gen_extu(s->aflag, s->A0);
5915 gen_add_A0_ds_seg(s);
5916 gen_helper_monitor(cpu_env, s->A0);
5917 break;
5918
5919 case 0xc9: /* mwait */
5920 if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) || CPL(s) != 0) {
5921 goto illegal_op;
5922 }
5923 gen_update_cc_op(s);
5924 gen_update_eip_cur(s);
5925 gen_helper_mwait(cpu_env, cur_insn_len_i32(s));
5926 s->base.is_jmp = DISAS_NORETURN;
5927 break;
5928
5929 case 0xca: /* clac */
5930 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP)
5931 || CPL(s) != 0) {
5932 goto illegal_op;
5933 }
5934 gen_reset_eflags(s, AC_MASK);
5935 s->base.is_jmp = DISAS_EOB_NEXT;
5936 break;
5937
5938 case 0xcb: /* stac */
5939 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP)
5940 || CPL(s) != 0) {
5941 goto illegal_op;
5942 }
5943 gen_set_eflags(s, AC_MASK);
5944 s->base.is_jmp = DISAS_EOB_NEXT;
5945 break;
5946
5947 CASE_MODRM_MEM_OP(1): /* sidt */
5948 if (s->flags & HF_UMIP_MASK && !check_cpl0(s)) {
5949 break;
5950 }
5951 gen_svm_check_intercept(s, SVM_EXIT_IDTR_READ);
5952 gen_lea_modrm(env, s, modrm);
5953 tcg_gen_ld32u_tl(s->T0, cpu_env, offsetof(CPUX86State, idt.limit));
5954 gen_op_st_v(s, MO_16, s->T0, s->A0);
5955 gen_add_A0_im(s, 2);
5956 tcg_gen_ld_tl(s->T0, cpu_env, offsetof(CPUX86State, idt.base));
5957 if (dflag == MO_16) {
5958 tcg_gen_andi_tl(s->T0, s->T0, 0xffffff);
5959 }
5960 gen_op_st_v(s, CODE64(s) + MO_32, s->T0, s->A0);
5961 break;
5962
5963 case 0xd0: /* xgetbv */
5964 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
5965 || (s->prefix & (PREFIX_LOCK | PREFIX_DATA
5966 | PREFIX_REPZ | PREFIX_REPNZ))) {
5967 goto illegal_op;
5968 }
5969 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]);
5970 gen_helper_xgetbv(s->tmp1_i64, cpu_env, s->tmp2_i32);
5971 tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], s->tmp1_i64);
5972 break;
5973
5974 case 0xd1: /* xsetbv */
5975 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
5976 || (s->prefix & (PREFIX_LOCK | PREFIX_DATA
5977 | PREFIX_REPZ | PREFIX_REPNZ))) {
5978 goto illegal_op;
5979 }
5980 if (!check_cpl0(s)) {
5981 break;
5982 }
5983 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX],
5984 cpu_regs[R_EDX]);
5985 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]);
5986 gen_helper_xsetbv(cpu_env, s->tmp2_i32, s->tmp1_i64);
5987 /* End TB because translation flags may change. */
5988 s->base.is_jmp = DISAS_EOB_NEXT;
5989 break;
5990
5991 case 0xd8: /* VMRUN */
5992 if (!SVME(s) || !PE(s)) {
5993 goto illegal_op;
5994 }
5995 if (!check_cpl0(s)) {
5996 break;
5997 }
5998 gen_update_cc_op(s);
5999 gen_update_eip_cur(s);
6000 gen_helper_vmrun(cpu_env, tcg_const_i32(s->aflag - 1),
6001 cur_insn_len_i32(s));
6002 tcg_gen_exit_tb(NULL, 0);
6003 s->base.is_jmp = DISAS_NORETURN;
6004 break;
6005
6006 case 0xd9: /* VMMCALL */
6007 if (!SVME(s)) {
6008 goto illegal_op;
6009 }
6010 gen_update_cc_op(s);
6011 gen_update_eip_cur(s);
6012 gen_helper_vmmcall(cpu_env);
6013 break;
6014
6015 case 0xda: /* VMLOAD */
6016 if (!SVME(s) || !PE(s)) {
6017 goto illegal_op;
6018 }
6019 if (!check_cpl0(s)) {
6020 break;
6021 }
6022 gen_update_cc_op(s);
6023 gen_update_eip_cur(s);
6024 gen_helper_vmload(cpu_env, tcg_const_i32(s->aflag - 1));
6025 break;
6026
6027 case 0xdb: /* VMSAVE */
6028 if (!SVME(s) || !PE(s)) {
6029 goto illegal_op;
6030 }
6031 if (!check_cpl0(s)) {
6032 break;
6033 }
6034 gen_update_cc_op(s);
6035 gen_update_eip_cur(s);
6036 gen_helper_vmsave(cpu_env, tcg_const_i32(s->aflag - 1));
6037 break;
6038
6039 case 0xdc: /* STGI */
6040 if ((!SVME(s) && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT))
6041 || !PE(s)) {
6042 goto illegal_op;
6043 }
6044 if (!check_cpl0(s)) {
6045 break;
6046 }
6047 gen_update_cc_op(s);
6048 gen_helper_stgi(cpu_env);
6049 s->base.is_jmp = DISAS_EOB_NEXT;
6050 break;
6051
6052 case 0xdd: /* CLGI */
6053 if (!SVME(s) || !PE(s)) {
6054 goto illegal_op;
6055 }
6056 if (!check_cpl0(s)) {
6057 break;
6058 }
6059 gen_update_cc_op(s);
6060 gen_update_eip_cur(s);
6061 gen_helper_clgi(cpu_env);
6062 break;
6063
6064 case 0xde: /* SKINIT */
6065 if ((!SVME(s) && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT))
6066 || !PE(s)) {
6067 goto illegal_op;
6068 }
6069 gen_svm_check_intercept(s, SVM_EXIT_SKINIT);
6070 /* If not intercepted, not implemented -- raise #UD. */
6071 goto illegal_op;
6072
6073 case 0xdf: /* INVLPGA */
6074 if (!SVME(s) || !PE(s)) {
6075 goto illegal_op;
6076 }
6077 if (!check_cpl0(s)) {
6078 break;
6079 }
6080 gen_svm_check_intercept(s, SVM_EXIT_INVLPGA);
6081 if (s->aflag == MO_64) {
6082 tcg_gen_mov_tl(s->A0, cpu_regs[R_EAX]);
6083 } else {
6084 tcg_gen_ext32u_tl(s->A0, cpu_regs[R_EAX]);
6085 }
6086 gen_helper_flush_page(cpu_env, s->A0);
6087 s->base.is_jmp = DISAS_EOB_NEXT;
6088 break;
6089
6090 CASE_MODRM_MEM_OP(2): /* lgdt */
6091 if (!check_cpl0(s)) {
6092 break;
6093 }
6094 gen_svm_check_intercept(s, SVM_EXIT_GDTR_WRITE);
6095 gen_lea_modrm(env, s, modrm);
6096 gen_op_ld_v(s, MO_16, s->T1, s->A0);
6097 gen_add_A0_im(s, 2);
6098 gen_op_ld_v(s, CODE64(s) + MO_32, s->T0, s->A0);
6099 if (dflag == MO_16) {
6100 tcg_gen_andi_tl(s->T0, s->T0, 0xffffff);
6101 }
6102 tcg_gen_st_tl(s->T0, cpu_env, offsetof(CPUX86State, gdt.base));
6103 tcg_gen_st32_tl(s->T1, cpu_env, offsetof(CPUX86State, gdt.limit));
6104 break;
6105
6106 CASE_MODRM_MEM_OP(3): /* lidt */
6107 if (!check_cpl0(s)) {
6108 break;
6109 }
6110 gen_svm_check_intercept(s, SVM_EXIT_IDTR_WRITE);
6111 gen_lea_modrm(env, s, modrm);
6112 gen_op_ld_v(s, MO_16, s->T1, s->A0);
6113 gen_add_A0_im(s, 2);
6114 gen_op_ld_v(s, CODE64(s) + MO_32, s->T0, s->A0);
6115 if (dflag == MO_16) {
6116 tcg_gen_andi_tl(s->T0, s->T0, 0xffffff);
6117 }
6118 tcg_gen_st_tl(s->T0, cpu_env, offsetof(CPUX86State, idt.base));
6119 tcg_gen_st32_tl(s->T1, cpu_env, offsetof(CPUX86State, idt.limit));
6120 break;
6121
6122 CASE_MODRM_OP(4): /* smsw */
6123 if (s->flags & HF_UMIP_MASK && !check_cpl0(s)) {
6124 break;
6125 }
6126 gen_svm_check_intercept(s, SVM_EXIT_READ_CR0);
6127 tcg_gen_ld_tl(s->T0, cpu_env, offsetof(CPUX86State, cr[0]));
6128 /*
6129 * In 32-bit mode, the higher 16 bits of the destination
6130 * register are undefined. In practice CR0[31:0] is stored
6131 * just like in 64-bit mode.
6132 */
6133 mod = (modrm >> 6) & 3;
6134 ot = (mod != 3 ? MO_16 : s->dflag);
6135 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
6136 break;
6137 case 0xee: /* rdpkru */
6138 if (prefixes & PREFIX_LOCK) {
6139 goto illegal_op;
6140 }
6141 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]);
6142 gen_helper_rdpkru(s->tmp1_i64, cpu_env, s->tmp2_i32);
6143 tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], s->tmp1_i64);
6144 break;
6145 case 0xef: /* wrpkru */
6146 if (prefixes & PREFIX_LOCK) {
6147 goto illegal_op;
6148 }
6149 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX],
6150 cpu_regs[R_EDX]);
6151 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]);
6152 gen_helper_wrpkru(cpu_env, s->tmp2_i32, s->tmp1_i64);
6153 break;
6154
6155 CASE_MODRM_OP(6): /* lmsw */
6156 if (!check_cpl0(s)) {
6157 break;
6158 }
6159 gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0);
6160 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
6161 /*
6162 * Only the 4 lower bits of CR0 are modified.
6163 * PE cannot be set to zero if already set to one.
6164 */
6165 tcg_gen_ld_tl(s->T1, cpu_env, offsetof(CPUX86State, cr[0]));
6166 tcg_gen_andi_tl(s->T0, s->T0, 0xf);
6167 tcg_gen_andi_tl(s->T1, s->T1, ~0xe);
6168 tcg_gen_or_tl(s->T0, s->T0, s->T1);
6169 gen_helper_write_crN(cpu_env, tcg_constant_i32(0), s->T0);
6170 s->base.is_jmp = DISAS_EOB_NEXT;
6171 break;
6172
6173 CASE_MODRM_MEM_OP(7): /* invlpg */
6174 if (!check_cpl0(s)) {
6175 break;
6176 }
6177 gen_svm_check_intercept(s, SVM_EXIT_INVLPG);
6178 gen_lea_modrm(env, s, modrm);
6179 gen_helper_flush_page(cpu_env, s->A0);
6180 s->base.is_jmp = DISAS_EOB_NEXT;
6181 break;
6182
6183 case 0xf8: /* swapgs */
6184 #ifdef TARGET_X86_64
6185 if (CODE64(s)) {
6186 if (check_cpl0(s)) {
6187 tcg_gen_mov_tl(s->T0, cpu_seg_base[R_GS]);
6188 tcg_gen_ld_tl(cpu_seg_base[R_GS], cpu_env,
6189 offsetof(CPUX86State, kernelgsbase));
6190 tcg_gen_st_tl(s->T0, cpu_env,
6191 offsetof(CPUX86State, kernelgsbase));
6192 }
6193 break;
6194 }
6195 #endif
6196 goto illegal_op;
6197
6198 case 0xf9: /* rdtscp */
6199 if (!(s->cpuid_ext2_features & CPUID_EXT2_RDTSCP)) {
6200 goto illegal_op;
6201 }
6202 gen_update_cc_op(s);
6203 gen_update_eip_cur(s);
6204 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
6205 gen_io_start();
6206 s->base.is_jmp = DISAS_TOO_MANY;
6207 }
6208 gen_helper_rdtscp(cpu_env);
6209 break;
6210
6211 default:
6212 goto unknown_op;
6213 }
6214 break;
6215
6216 case 0x108: /* invd */
6217 case 0x109: /* wbinvd */
6218 if (check_cpl0(s)) {
6219 gen_svm_check_intercept(s, (b & 2) ? SVM_EXIT_INVD : SVM_EXIT_WBINVD);
6220 /* nothing to do */
6221 }
6222 break;
6223 case 0x63: /* arpl or movslS (x86_64) */
6224 #ifdef TARGET_X86_64
6225 if (CODE64(s)) {
6226 int d_ot;
6227 /* d_ot is the size of destination */
6228 d_ot = dflag;
6229
6230 modrm = x86_ldub_code(env, s);
6231 reg = ((modrm >> 3) & 7) | REX_R(s);
6232 mod = (modrm >> 6) & 3;
6233 rm = (modrm & 7) | REX_B(s);
6234
6235 if (mod == 3) {
6236 gen_op_mov_v_reg(s, MO_32, s->T0, rm);
6237 /* sign extend */
6238 if (d_ot == MO_64) {
6239 tcg_gen_ext32s_tl(s->T0, s->T0);
6240 }
6241 gen_op_mov_reg_v(s, d_ot, reg, s->T0);
6242 } else {
6243 gen_lea_modrm(env, s, modrm);
6244 gen_op_ld_v(s, MO_32 | MO_SIGN, s->T0, s->A0);
6245 gen_op_mov_reg_v(s, d_ot, reg, s->T0);
6246 }
6247 } else
6248 #endif
6249 {
6250 TCGLabel *label1;
6251 TCGv t0, t1, t2, a0;
6252
6253 if (!PE(s) || VM86(s))
6254 goto illegal_op;
6255 t0 = tcg_temp_local_new();
6256 t1 = tcg_temp_local_new();
6257 t2 = tcg_temp_local_new();
6258 ot = MO_16;
6259 modrm = x86_ldub_code(env, s);
6260 reg = (modrm >> 3) & 7;
6261 mod = (modrm >> 6) & 3;
6262 rm = modrm & 7;
6263 if (mod != 3) {
6264 gen_lea_modrm(env, s, modrm);
6265 gen_op_ld_v(s, ot, t0, s->A0);
6266 a0 = tcg_temp_local_new();
6267 tcg_gen_mov_tl(a0, s->A0);
6268 } else {
6269 gen_op_mov_v_reg(s, ot, t0, rm);
6270 a0 = NULL;
6271 }
6272 gen_op_mov_v_reg(s, ot, t1, reg);
6273 tcg_gen_andi_tl(s->tmp0, t0, 3);
6274 tcg_gen_andi_tl(t1, t1, 3);
6275 tcg_gen_movi_tl(t2, 0);
6276 label1 = gen_new_label();
6277 tcg_gen_brcond_tl(TCG_COND_GE, s->tmp0, t1, label1);
6278 tcg_gen_andi_tl(t0, t0, ~3);
6279 tcg_gen_or_tl(t0, t0, t1);
6280 tcg_gen_movi_tl(t2, CC_Z);
6281 gen_set_label(label1);
6282 if (mod != 3) {
6283 gen_op_st_v(s, ot, t0, a0);
6284 tcg_temp_free(a0);
6285 } else {
6286 gen_op_mov_reg_v(s, ot, rm, t0);
6287 }
6288 gen_compute_eflags(s);
6289 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, ~CC_Z);
6290 tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, t2);
6291 tcg_temp_free(t0);
6292 tcg_temp_free(t1);
6293 tcg_temp_free(t2);
6294 }
6295 break;
6296 case 0x102: /* lar */
6297 case 0x103: /* lsl */
6298 {
6299 TCGLabel *label1;
6300 TCGv t0;
6301 if (!PE(s) || VM86(s))
6302 goto illegal_op;
6303 ot = dflag != MO_16 ? MO_32 : MO_16;
6304 modrm = x86_ldub_code(env, s);
6305 reg = ((modrm >> 3) & 7) | REX_R(s);
6306 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
6307 t0 = tcg_temp_local_new();
6308 gen_update_cc_op(s);
6309 if (b == 0x102) {
6310 gen_helper_lar(t0, cpu_env, s->T0);
6311 } else {
6312 gen_helper_lsl(t0, cpu_env, s->T0);
6313 }
6314 tcg_gen_andi_tl(s->tmp0, cpu_cc_src, CC_Z);
6315 label1 = gen_new_label();
6316 tcg_gen_brcondi_tl(TCG_COND_EQ, s->tmp0, 0, label1);
6317 gen_op_mov_reg_v(s, ot, reg, t0);
6318 gen_set_label(label1);
6319 set_cc_op(s, CC_OP_EFLAGS);
6320 tcg_temp_free(t0);
6321 }
6322 break;
6323 case 0x118:
6324 modrm = x86_ldub_code(env, s);
6325 mod = (modrm >> 6) & 3;
6326 op = (modrm >> 3) & 7;
6327 switch(op) {
6328 case 0: /* prefetchnta */
6329 case 1: /* prefetchnt0 */
6330 case 2: /* prefetchnt0 */
6331 case 3: /* prefetchnt0 */
6332 if (mod == 3)
6333 goto illegal_op;
6334 gen_nop_modrm(env, s, modrm);
6335 /* nothing more to do */
6336 break;
6337 default: /* nop (multi byte) */
6338 gen_nop_modrm(env, s, modrm);
6339 break;
6340 }
6341 break;
6342 case 0x11a:
6343 modrm = x86_ldub_code(env, s);
6344 if (s->flags & HF_MPX_EN_MASK) {
6345 mod = (modrm >> 6) & 3;
6346 reg = ((modrm >> 3) & 7) | REX_R(s);
6347 if (prefixes & PREFIX_REPZ) {
6348 /* bndcl */
6349 if (reg >= 4
6350 || (prefixes & PREFIX_LOCK)
6351 || s->aflag == MO_16) {
6352 goto illegal_op;
6353 }
6354 gen_bndck(env, s, modrm, TCG_COND_LTU, cpu_bndl[reg]);
6355 } else if (prefixes & PREFIX_REPNZ) {
6356 /* bndcu */
6357 if (reg >= 4
6358 || (prefixes & PREFIX_LOCK)
6359 || s->aflag == MO_16) {
6360 goto illegal_op;
6361 }
6362 TCGv_i64 notu = tcg_temp_new_i64();
6363 tcg_gen_not_i64(notu, cpu_bndu[reg]);
6364 gen_bndck(env, s, modrm, TCG_COND_GTU, notu);
6365 tcg_temp_free_i64(notu);
6366 } else if (prefixes & PREFIX_DATA) {
6367 /* bndmov -- from reg/mem */
6368 if (reg >= 4 || s->aflag == MO_16) {
6369 goto illegal_op;
6370 }
6371 if (mod == 3) {
6372 int reg2 = (modrm & 7) | REX_B(s);
6373 if (reg2 >= 4 || (prefixes & PREFIX_LOCK)) {
6374 goto illegal_op;
6375 }
6376 if (s->flags & HF_MPX_IU_MASK) {
6377 tcg_gen_mov_i64(cpu_bndl[reg], cpu_bndl[reg2]);
6378 tcg_gen_mov_i64(cpu_bndu[reg], cpu_bndu[reg2]);
6379 }
6380 } else {
6381 gen_lea_modrm(env, s, modrm);
6382 if (CODE64(s)) {
6383 tcg_gen_qemu_ld_i64(cpu_bndl[reg], s->A0,
6384 s->mem_index, MO_LEUQ);
6385 tcg_gen_addi_tl(s->A0, s->A0, 8);
6386 tcg_gen_qemu_ld_i64(cpu_bndu[reg], s->A0,
6387 s->mem_index, MO_LEUQ);
6388 } else {
6389 tcg_gen_qemu_ld_i64(cpu_bndl[reg], s->A0,
6390 s->mem_index, MO_LEUL);
6391 tcg_gen_addi_tl(s->A0, s->A0, 4);
6392 tcg_gen_qemu_ld_i64(cpu_bndu[reg], s->A0,
6393 s->mem_index, MO_LEUL);
6394 }
6395 /* bnd registers are now in-use */
6396 gen_set_hflag(s, HF_MPX_IU_MASK);
6397 }
6398 } else if (mod != 3) {
6399 /* bndldx */
6400 AddressParts a = gen_lea_modrm_0(env, s, modrm);
6401 if (reg >= 4
6402 || (prefixes & PREFIX_LOCK)
6403 || s->aflag == MO_16
6404 || a.base < -1) {
6405 goto illegal_op;
6406 }
6407 if (a.base >= 0) {
6408 tcg_gen_addi_tl(s->A0, cpu_regs[a.base], a.disp);
6409 } else {
6410 tcg_gen_movi_tl(s->A0, 0);
6411 }
6412 gen_lea_v_seg(s, s->aflag, s->A0, a.def_seg, s->override);
6413 if (a.index >= 0) {
6414 tcg_gen_mov_tl(s->T0, cpu_regs[a.index]);
6415 } else {
6416 tcg_gen_movi_tl(s->T0, 0);
6417 }
6418 if (CODE64(s)) {
6419 gen_helper_bndldx64(cpu_bndl[reg], cpu_env, s->A0, s->T0);
6420 tcg_gen_ld_i64(cpu_bndu[reg], cpu_env,
6421 offsetof(CPUX86State, mmx_t0.MMX_Q(0)));
6422 } else {
6423 gen_helper_bndldx32(cpu_bndu[reg], cpu_env, s->A0, s->T0);
6424 tcg_gen_ext32u_i64(cpu_bndl[reg], cpu_bndu[reg]);
6425 tcg_gen_shri_i64(cpu_bndu[reg], cpu_bndu[reg], 32);
6426 }
6427 gen_set_hflag(s, HF_MPX_IU_MASK);
6428 }
6429 }
6430 gen_nop_modrm(env, s, modrm);
6431 break;
6432 case 0x11b:
6433 modrm = x86_ldub_code(env, s);
6434 if (s->flags & HF_MPX_EN_MASK) {
6435 mod = (modrm >> 6) & 3;
6436 reg = ((modrm >> 3) & 7) | REX_R(s);
6437 if (mod != 3 && (prefixes & PREFIX_REPZ)) {
6438 /* bndmk */
6439 if (reg >= 4
6440 || (prefixes & PREFIX_LOCK)
6441 || s->aflag == MO_16) {
6442 goto illegal_op;
6443 }
6444 AddressParts a = gen_lea_modrm_0(env, s, modrm);
6445 if (a.base >= 0) {
6446 tcg_gen_extu_tl_i64(cpu_bndl[reg], cpu_regs[a.base]);
6447 if (!CODE64(s)) {
6448 tcg_gen_ext32u_i64(cpu_bndl[reg], cpu_bndl[reg]);
6449 }
6450 } else if (a.base == -1) {
6451 /* no base register has lower bound of 0 */
6452 tcg_gen_movi_i64(cpu_bndl[reg], 0);
6453 } else {
6454 /* rip-relative generates #ud */
6455 goto illegal_op;
6456 }
6457 tcg_gen_not_tl(s->A0, gen_lea_modrm_1(s, a, false));
6458 if (!CODE64(s)) {
6459 tcg_gen_ext32u_tl(s->A0, s->A0);
6460 }
6461 tcg_gen_extu_tl_i64(cpu_bndu[reg], s->A0);
6462 /* bnd registers are now in-use */
6463 gen_set_hflag(s, HF_MPX_IU_MASK);
6464 break;
6465 } else if (prefixes & PREFIX_REPNZ) {
6466 /* bndcn */
6467 if (reg >= 4
6468 || (prefixes & PREFIX_LOCK)
6469 || s->aflag == MO_16) {
6470 goto illegal_op;
6471 }
6472 gen_bndck(env, s, modrm, TCG_COND_GTU, cpu_bndu[reg]);
6473 } else if (prefixes & PREFIX_DATA) {
6474 /* bndmov -- to reg/mem */
6475 if (reg >= 4 || s->aflag == MO_16) {
6476 goto illegal_op;
6477 }
6478 if (mod == 3) {
6479 int reg2 = (modrm & 7) | REX_B(s);
6480 if (reg2 >= 4 || (prefixes & PREFIX_LOCK)) {
6481 goto illegal_op;
6482 }
6483 if (s->flags & HF_MPX_IU_MASK) {
6484 tcg_gen_mov_i64(cpu_bndl[reg2], cpu_bndl[reg]);
6485 tcg_gen_mov_i64(cpu_bndu[reg2], cpu_bndu[reg]);
6486 }
6487 } else {
6488 gen_lea_modrm(env, s, modrm);
6489 if (CODE64(s)) {
6490 tcg_gen_qemu_st_i64(cpu_bndl[reg], s->A0,
6491 s->mem_index, MO_LEUQ);
6492 tcg_gen_addi_tl(s->A0, s->A0, 8);
6493 tcg_gen_qemu_st_i64(cpu_bndu[reg], s->A0,
6494 s->mem_index, MO_LEUQ);
6495 } else {
6496 tcg_gen_qemu_st_i64(cpu_bndl[reg], s->A0,
6497 s->mem_index, MO_LEUL);
6498 tcg_gen_addi_tl(s->A0, s->A0, 4);
6499 tcg_gen_qemu_st_i64(cpu_bndu[reg], s->A0,
6500 s->mem_index, MO_LEUL);
6501 }
6502 }
6503 } else if (mod != 3) {
6504 /* bndstx */
6505 AddressParts a = gen_lea_modrm_0(env, s, modrm);
6506 if (reg >= 4
6507 || (prefixes & PREFIX_LOCK)
6508 || s->aflag == MO_16
6509 || a.base < -1) {
6510 goto illegal_op;
6511 }
6512 if (a.base >= 0) {
6513 tcg_gen_addi_tl(s->A0, cpu_regs[a.base], a.disp);
6514 } else {
6515 tcg_gen_movi_tl(s->A0, 0);
6516 }
6517 gen_lea_v_seg(s, s->aflag, s->A0, a.def_seg, s->override);
6518 if (a.index >= 0) {
6519 tcg_gen_mov_tl(s->T0, cpu_regs[a.index]);
6520 } else {
6521 tcg_gen_movi_tl(s->T0, 0);
6522 }
6523 if (CODE64(s)) {
6524 gen_helper_bndstx64(cpu_env, s->A0, s->T0,
6525 cpu_bndl[reg], cpu_bndu[reg]);
6526 } else {
6527 gen_helper_bndstx32(cpu_env, s->A0, s->T0,
6528 cpu_bndl[reg], cpu_bndu[reg]);
6529 }
6530 }
6531 }
6532 gen_nop_modrm(env, s, modrm);
6533 break;
6534 case 0x119: case 0x11c ... 0x11f: /* nop (multi byte) */
6535 modrm = x86_ldub_code(env, s);
6536 gen_nop_modrm(env, s, modrm);
6537 break;
6538
6539 case 0x120: /* mov reg, crN */
6540 case 0x122: /* mov crN, reg */
6541 if (!check_cpl0(s)) {
6542 break;
6543 }
6544 modrm = x86_ldub_code(env, s);
6545 /*
6546 * Ignore the mod bits (assume (modrm&0xc0)==0xc0).
6547 * AMD documentation (24594.pdf) and testing of Intel 386 and 486
6548 * processors all show that the mod bits are assumed to be 1's,
6549 * regardless of actual values.
6550 */
6551 rm = (modrm & 7) | REX_B(s);
6552 reg = ((modrm >> 3) & 7) | REX_R(s);
6553 switch (reg) {
6554 case 0:
6555 if ((prefixes & PREFIX_LOCK) &&
6556 (s->cpuid_ext3_features & CPUID_EXT3_CR8LEG)) {
6557 reg = 8;
6558 }
6559 break;
6560 case 2:
6561 case 3:
6562 case 4:
6563 case 8:
6564 break;
6565 default:
6566 goto unknown_op;
6567 }
6568 ot = (CODE64(s) ? MO_64 : MO_32);
6569
6570 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) {
6571 gen_io_start();
6572 s->base.is_jmp = DISAS_TOO_MANY;
6573 }
6574 if (b & 2) {
6575 gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0 + reg);
6576 gen_op_mov_v_reg(s, ot, s->T0, rm);
6577 gen_helper_write_crN(cpu_env, tcg_constant_i32(reg), s->T0);
6578 s->base.is_jmp = DISAS_EOB_NEXT;
6579 } else {
6580 gen_svm_check_intercept(s, SVM_EXIT_READ_CR0 + reg);
6581 gen_helper_read_crN(s->T0, cpu_env, tcg_constant_i32(reg));
6582 gen_op_mov_reg_v(s, ot, rm, s->T0);
6583 }
6584 break;
6585
6586 case 0x121: /* mov reg, drN */
6587 case 0x123: /* mov drN, reg */
6588 if (check_cpl0(s)) {
6589 modrm = x86_ldub_code(env, s);
6590 /* Ignore the mod bits (assume (modrm&0xc0)==0xc0).
6591 * AMD documentation (24594.pdf) and testing of
6592 * intel 386 and 486 processors all show that the mod bits
6593 * are assumed to be 1's, regardless of actual values.
6594 */
6595 rm = (modrm & 7) | REX_B(s);
6596 reg = ((modrm >> 3) & 7) | REX_R(s);
6597 if (CODE64(s))
6598 ot = MO_64;
6599 else
6600 ot = MO_32;
6601 if (reg >= 8) {
6602 goto illegal_op;
6603 }
6604 if (b & 2) {
6605 gen_svm_check_intercept(s, SVM_EXIT_WRITE_DR0 + reg);
6606 gen_op_mov_v_reg(s, ot, s->T0, rm);
6607 tcg_gen_movi_i32(s->tmp2_i32, reg);
6608 gen_helper_set_dr(cpu_env, s->tmp2_i32, s->T0);
6609 s->base.is_jmp = DISAS_EOB_NEXT;
6610 } else {
6611 gen_svm_check_intercept(s, SVM_EXIT_READ_DR0 + reg);
6612 tcg_gen_movi_i32(s->tmp2_i32, reg);
6613 gen_helper_get_dr(s->T0, cpu_env, s->tmp2_i32);
6614 gen_op_mov_reg_v(s, ot, rm, s->T0);
6615 }
6616 }
6617 break;
6618 case 0x106: /* clts */
6619 if (check_cpl0(s)) {
6620 gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0);
6621 gen_helper_clts(cpu_env);
6622 /* abort block because static cpu state changed */
6623 s->base.is_jmp = DISAS_EOB_NEXT;
6624 }
6625 break;
6626 /* MMX/3DNow!/SSE/SSE2/SSE3/SSSE3/SSE4 support */
6627 case 0x1c3: /* MOVNTI reg, mem */
6628 if (!(s->cpuid_features & CPUID_SSE2))
6629 goto illegal_op;
6630 ot = mo_64_32(dflag);
6631 modrm = x86_ldub_code(env, s);
6632 mod = (modrm >> 6) & 3;
6633 if (mod == 3)
6634 goto illegal_op;
6635 reg = ((modrm >> 3) & 7) | REX_R(s);
6636 /* generate a generic store */
6637 gen_ldst_modrm(env, s, modrm, ot, reg, 1);
6638 break;
6639 case 0x1ae:
6640 modrm = x86_ldub_code(env, s);
6641 switch (modrm) {
6642 CASE_MODRM_MEM_OP(0): /* fxsave */
6643 if (!(s->cpuid_features & CPUID_FXSR)
6644 || (prefixes & PREFIX_LOCK)) {
6645 goto illegal_op;
6646 }
6647 if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) {
6648 gen_exception(s, EXCP07_PREX);
6649 break;
6650 }
6651 gen_lea_modrm(env, s, modrm);
6652 gen_helper_fxsave(cpu_env, s->A0);
6653 break;
6654
6655 CASE_MODRM_MEM_OP(1): /* fxrstor */
6656 if (!(s->cpuid_features & CPUID_FXSR)
6657 || (prefixes & PREFIX_LOCK)) {
6658 goto illegal_op;
6659 }
6660 if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) {
6661 gen_exception(s, EXCP07_PREX);
6662 break;
6663 }
6664 gen_lea_modrm(env, s, modrm);
6665 gen_helper_fxrstor(cpu_env, s->A0);
6666 break;
6667
6668 CASE_MODRM_MEM_OP(2): /* ldmxcsr */
6669 if ((s->flags & HF_EM_MASK) || !(s->flags & HF_OSFXSR_MASK)) {
6670 goto illegal_op;
6671 }
6672 if (s->flags & HF_TS_MASK) {
6673 gen_exception(s, EXCP07_PREX);
6674 break;
6675 }
6676 gen_lea_modrm(env, s, modrm);
6677 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0, s->mem_index, MO_LEUL);
6678 gen_helper_ldmxcsr(cpu_env, s->tmp2_i32);
6679 break;
6680
6681 CASE_MODRM_MEM_OP(3): /* stmxcsr */
6682 if ((s->flags & HF_EM_MASK) || !(s->flags & HF_OSFXSR_MASK)) {
6683 goto illegal_op;
6684 }
6685 if (s->flags & HF_TS_MASK) {
6686 gen_exception(s, EXCP07_PREX);
6687 break;
6688 }
6689 gen_helper_update_mxcsr(cpu_env);
6690 gen_lea_modrm(env, s, modrm);
6691 tcg_gen_ld32u_tl(s->T0, cpu_env, offsetof(CPUX86State, mxcsr));
6692 gen_op_st_v(s, MO_32, s->T0, s->A0);
6693 break;
6694
6695 CASE_MODRM_MEM_OP(4): /* xsave */
6696 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
6697 || (prefixes & (PREFIX_LOCK | PREFIX_DATA
6698 | PREFIX_REPZ | PREFIX_REPNZ))) {
6699 goto illegal_op;
6700 }
6701 gen_lea_modrm(env, s, modrm);
6702 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX],
6703 cpu_regs[R_EDX]);
6704 gen_helper_xsave(cpu_env, s->A0, s->tmp1_i64);
6705 break;
6706
6707 CASE_MODRM_MEM_OP(5): /* xrstor */
6708 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
6709 || (prefixes & (PREFIX_LOCK | PREFIX_DATA
6710 | PREFIX_REPZ | PREFIX_REPNZ))) {
6711 goto illegal_op;
6712 }
6713 gen_lea_modrm(env, s, modrm);
6714 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX],
6715 cpu_regs[R_EDX]);
6716 gen_helper_xrstor(cpu_env, s->A0, s->tmp1_i64);
6717 /* XRSTOR is how MPX is enabled, which changes how
6718 we translate. Thus we need to end the TB. */
6719 s->base.is_jmp = DISAS_EOB_NEXT;
6720 break;
6721
6722 CASE_MODRM_MEM_OP(6): /* xsaveopt / clwb */
6723 if (prefixes & PREFIX_LOCK) {
6724 goto illegal_op;
6725 }
6726 if (prefixes & PREFIX_DATA) {
6727 /* clwb */
6728 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_CLWB)) {
6729 goto illegal_op;
6730 }
6731 gen_nop_modrm(env, s, modrm);
6732 } else {
6733 /* xsaveopt */
6734 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0
6735 || (s->cpuid_xsave_features & CPUID_XSAVE_XSAVEOPT) == 0
6736 || (prefixes & (PREFIX_REPZ | PREFIX_REPNZ))) {
6737 goto illegal_op;
6738 }
6739 gen_lea_modrm(env, s, modrm);
6740 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX],
6741 cpu_regs[R_EDX]);
6742 gen_helper_xsaveopt(cpu_env, s->A0, s->tmp1_i64);
6743 }
6744 break;
6745
6746 CASE_MODRM_MEM_OP(7): /* clflush / clflushopt */
6747 if (prefixes & PREFIX_LOCK) {
6748 goto illegal_op;
6749 }
6750 if (prefixes & PREFIX_DATA) {
6751 /* clflushopt */
6752 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_CLFLUSHOPT)) {
6753 goto illegal_op;
6754 }
6755 } else {
6756 /* clflush */
6757 if ((s->prefix & (PREFIX_REPZ | PREFIX_REPNZ))
6758 || !(s->cpuid_features & CPUID_CLFLUSH)) {
6759 goto illegal_op;
6760 }
6761 }
6762 gen_nop_modrm(env, s, modrm);
6763 break;
6764
6765 case 0xc0 ... 0xc7: /* rdfsbase (f3 0f ae /0) */
6766 case 0xc8 ... 0xcf: /* rdgsbase (f3 0f ae /1) */
6767 case 0xd0 ... 0xd7: /* wrfsbase (f3 0f ae /2) */
6768 case 0xd8 ... 0xdf: /* wrgsbase (f3 0f ae /3) */
6769 if (CODE64(s)
6770 && (prefixes & PREFIX_REPZ)
6771 && !(prefixes & PREFIX_LOCK)
6772 && (s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_FSGSBASE)) {
6773 TCGv base, treg, src, dst;
6774
6775 /* Preserve hflags bits by testing CR4 at runtime. */
6776 tcg_gen_movi_i32(s->tmp2_i32, CR4_FSGSBASE_MASK);
6777 gen_helper_cr4_testbit(cpu_env, s->tmp2_i32);
6778
6779 base = cpu_seg_base[modrm & 8 ? R_GS : R_FS];
6780 treg = cpu_regs[(modrm & 7) | REX_B(s)];
6781
6782 if (modrm & 0x10) {
6783 /* wr*base */
6784 dst = base, src = treg;
6785 } else {
6786 /* rd*base */
6787 dst = treg, src = base;
6788 }
6789
6790 if (s->dflag == MO_32) {
6791 tcg_gen_ext32u_tl(dst, src);
6792 } else {
6793 tcg_gen_mov_tl(dst, src);
6794 }
6795 break;
6796 }
6797 goto unknown_op;
6798
6799 case 0xf8: /* sfence / pcommit */
6800 if (prefixes & PREFIX_DATA) {
6801 /* pcommit */
6802 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_PCOMMIT)
6803 || (prefixes & PREFIX_LOCK)) {
6804 goto illegal_op;
6805 }
6806 break;
6807 }
6808 /* fallthru */
6809 case 0xf9 ... 0xff: /* sfence */
6810 if (!(s->cpuid_features & CPUID_SSE)
6811 || (prefixes & PREFIX_LOCK)) {
6812 goto illegal_op;
6813 }
6814 tcg_gen_mb(TCG_MO_ST_ST | TCG_BAR_SC);
6815 break;
6816 case 0xe8 ... 0xef: /* lfence */
6817 if (!(s->cpuid_features & CPUID_SSE)
6818 || (prefixes & PREFIX_LOCK)) {
6819 goto illegal_op;
6820 }
6821 tcg_gen_mb(TCG_MO_LD_LD | TCG_BAR_SC);
6822 break;
6823 case 0xf0 ... 0xf7: /* mfence */
6824 if (!(s->cpuid_features & CPUID_SSE2)
6825 || (prefixes & PREFIX_LOCK)) {
6826 goto illegal_op;
6827 }
6828 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
6829 break;
6830
6831 default:
6832 goto unknown_op;
6833 }
6834 break;
6835
6836 case 0x10d: /* 3DNow! prefetch(w) */
6837 modrm = x86_ldub_code(env, s);
6838 mod = (modrm >> 6) & 3;
6839 if (mod == 3)
6840 goto illegal_op;
6841 gen_nop_modrm(env, s, modrm);
6842 break;
6843 case 0x1aa: /* rsm */
6844 gen_svm_check_intercept(s, SVM_EXIT_RSM);
6845 if (!(s->flags & HF_SMM_MASK))
6846 goto illegal_op;
6847 #ifdef CONFIG_USER_ONLY
6848 /* we should not be in SMM mode */
6849 g_assert_not_reached();
6850 #else
6851 gen_update_cc_op(s);
6852 gen_update_eip_next(s);
6853 gen_helper_rsm(cpu_env);
6854 #endif /* CONFIG_USER_ONLY */
6855 s->base.is_jmp = DISAS_EOB_ONLY;
6856 break;
6857 case 0x1b8: /* SSE4.2 popcnt */
6858 if ((prefixes & (PREFIX_REPZ | PREFIX_LOCK | PREFIX_REPNZ)) !=
6859 PREFIX_REPZ)
6860 goto illegal_op;
6861 if (!(s->cpuid_ext_features & CPUID_EXT_POPCNT))
6862 goto illegal_op;
6863
6864 modrm = x86_ldub_code(env, s);
6865 reg = ((modrm >> 3) & 7) | REX_R(s);
6866
6867 if (s->prefix & PREFIX_DATA) {
6868 ot = MO_16;
6869 } else {
6870 ot = mo_64_32(dflag);
6871 }
6872
6873 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
6874 gen_extu(ot, s->T0);
6875 tcg_gen_mov_tl(cpu_cc_src, s->T0);
6876 tcg_gen_ctpop_tl(s->T0, s->T0);
6877 gen_op_mov_reg_v(s, ot, reg, s->T0);
6878
6879 set_cc_op(s, CC_OP_POPCNT);
6880 break;
6881 case 0x10e ... 0x117:
6882 case 0x128 ... 0x12f:
6883 case 0x138 ... 0x13a:
6884 case 0x150 ... 0x179:
6885 case 0x17c ... 0x17f:
6886 case 0x1c2:
6887 case 0x1c4 ... 0x1c6:
6888 case 0x1d0 ... 0x1fe:
6889 disas_insn_new(s, cpu, b);
6890 break;
6891 default:
6892 goto unknown_op;
6893 }
6894 return true;
6895 illegal_op:
6896 gen_illegal_opcode(s);
6897 return true;
6898 unknown_op:
6899 gen_unknown_opcode(env, s);
6900 return true;
6901 }
6902
6903 void tcg_x86_init(void)
6904 {
6905 static const char reg_names[CPU_NB_REGS][4] = {
6906 #ifdef TARGET_X86_64
6907 [R_EAX] = "rax",
6908 [R_EBX] = "rbx",
6909 [R_ECX] = "rcx",
6910 [R_EDX] = "rdx",
6911 [R_ESI] = "rsi",
6912 [R_EDI] = "rdi",
6913 [R_EBP] = "rbp",
6914 [R_ESP] = "rsp",
6915 [8] = "r8",
6916 [9] = "r9",
6917 [10] = "r10",
6918 [11] = "r11",
6919 [12] = "r12",
6920 [13] = "r13",
6921 [14] = "r14",
6922 [15] = "r15",
6923 #else
6924 [R_EAX] = "eax",
6925 [R_EBX] = "ebx",
6926 [R_ECX] = "ecx",
6927 [R_EDX] = "edx",
6928 [R_ESI] = "esi",
6929 [R_EDI] = "edi",
6930 [R_EBP] = "ebp",
6931 [R_ESP] = "esp",
6932 #endif
6933 };
6934 static const char eip_name[] = {
6935 #ifdef TARGET_X86_64
6936 "rip"
6937 #else
6938 "eip"
6939 #endif
6940 };
6941 static const char seg_base_names[6][8] = {
6942 [R_CS] = "cs_base",
6943 [R_DS] = "ds_base",
6944 [R_ES] = "es_base",
6945 [R_FS] = "fs_base",
6946 [R_GS] = "gs_base",
6947 [R_SS] = "ss_base",
6948 };
6949 static const char bnd_regl_names[4][8] = {
6950 "bnd0_lb", "bnd1_lb", "bnd2_lb", "bnd3_lb"
6951 };
6952 static const char bnd_regu_names[4][8] = {
6953 "bnd0_ub", "bnd1_ub", "bnd2_ub", "bnd3_ub"
6954 };
6955 int i;
6956
6957 cpu_cc_op = tcg_global_mem_new_i32(cpu_env,
6958 offsetof(CPUX86State, cc_op), "cc_op");
6959 cpu_cc_dst = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_dst),
6960 "cc_dst");
6961 cpu_cc_src = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_src),
6962 "cc_src");
6963 cpu_cc_src2 = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_src2),
6964 "cc_src2");
6965 cpu_eip = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, eip), eip_name);
6966
6967 for (i = 0; i < CPU_NB_REGS; ++i) {
6968 cpu_regs[i] = tcg_global_mem_new(cpu_env,
6969 offsetof(CPUX86State, regs[i]),
6970 reg_names[i]);
6971 }
6972
6973 for (i = 0; i < 6; ++i) {
6974 cpu_seg_base[i]
6975 = tcg_global_mem_new(cpu_env,
6976 offsetof(CPUX86State, segs[i].base),
6977 seg_base_names[i]);
6978 }
6979
6980 for (i = 0; i < 4; ++i) {
6981 cpu_bndl[i]
6982 = tcg_global_mem_new_i64(cpu_env,
6983 offsetof(CPUX86State, bnd_regs[i].lb),
6984 bnd_regl_names[i]);
6985 cpu_bndu[i]
6986 = tcg_global_mem_new_i64(cpu_env,
6987 offsetof(CPUX86State, bnd_regs[i].ub),
6988 bnd_regu_names[i]);
6989 }
6990 }
6991
6992 static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
6993 {
6994 DisasContext *dc = container_of(dcbase, DisasContext, base);
6995 CPUX86State *env = cpu->env_ptr;
6996 uint32_t flags = dc->base.tb->flags;
6997 uint32_t cflags = tb_cflags(dc->base.tb);
6998 int cpl = (flags >> HF_CPL_SHIFT) & 3;
6999 int iopl = (flags >> IOPL_SHIFT) & 3;
7000
7001 dc->cs_base = dc->base.tb->cs_base;
7002 dc->pc_save = dc->base.pc_next;
7003 dc->flags = flags;
7004 #ifndef CONFIG_USER_ONLY
7005 dc->cpl = cpl;
7006 dc->iopl = iopl;
7007 #endif
7008
7009 /* We make some simplifying assumptions; validate they're correct. */
7010 g_assert(PE(dc) == ((flags & HF_PE_MASK) != 0));
7011 g_assert(CPL(dc) == cpl);
7012 g_assert(IOPL(dc) == iopl);
7013 g_assert(VM86(dc) == ((flags & HF_VM_MASK) != 0));
7014 g_assert(CODE32(dc) == ((flags & HF_CS32_MASK) != 0));
7015 g_assert(CODE64(dc) == ((flags & HF_CS64_MASK) != 0));
7016 g_assert(SS32(dc) == ((flags & HF_SS32_MASK) != 0));
7017 g_assert(LMA(dc) == ((flags & HF_LMA_MASK) != 0));
7018 g_assert(ADDSEG(dc) == ((flags & HF_ADDSEG_MASK) != 0));
7019 g_assert(SVME(dc) == ((flags & HF_SVME_MASK) != 0));
7020 g_assert(GUEST(dc) == ((flags & HF_GUEST_MASK) != 0));
7021
7022 dc->cc_op = CC_OP_DYNAMIC;
7023 dc->cc_op_dirty = false;
7024 dc->popl_esp_hack = 0;
7025 /* select memory access functions */
7026 dc->mem_index = 0;
7027 #ifdef CONFIG_SOFTMMU
7028 dc->mem_index = cpu_mmu_index(env, false);
7029 #endif
7030 dc->cpuid_features = env->features[FEAT_1_EDX];
7031 dc->cpuid_ext_features = env->features[FEAT_1_ECX];
7032 dc->cpuid_ext2_features = env->features[FEAT_8000_0001_EDX];
7033 dc->cpuid_ext3_features = env->features[FEAT_8000_0001_ECX];
7034 dc->cpuid_7_0_ebx_features = env->features[FEAT_7_0_EBX];
7035 dc->cpuid_7_0_ecx_features = env->features[FEAT_7_0_ECX];
7036 dc->cpuid_xsave_features = env->features[FEAT_XSAVE];
7037 dc->jmp_opt = !((cflags & CF_NO_GOTO_TB) ||
7038 (flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK)));
7039 /*
7040 * If jmp_opt, we want to handle each string instruction individually.
7041 * For icount also disable repz optimization so that each iteration
7042 * is accounted separately.
7043 */
7044 dc->repz_opt = !dc->jmp_opt && !(cflags & CF_USE_ICOUNT);
7045
7046 dc->T0 = tcg_temp_new();
7047 dc->T1 = tcg_temp_new();
7048 dc->A0 = tcg_temp_new();
7049
7050 dc->tmp0 = tcg_temp_new();
7051 dc->tmp1_i64 = tcg_temp_new_i64();
7052 dc->tmp2_i32 = tcg_temp_new_i32();
7053 dc->tmp3_i32 = tcg_temp_new_i32();
7054 dc->tmp4 = tcg_temp_new();
7055 dc->cc_srcT = tcg_temp_local_new();
7056 }
7057
7058 static void i386_tr_tb_start(DisasContextBase *db, CPUState *cpu)
7059 {
7060 }
7061
7062 static void i386_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
7063 {
7064 DisasContext *dc = container_of(dcbase, DisasContext, base);
7065 target_ulong pc_arg = dc->base.pc_next;
7066
7067 dc->prev_insn_end = tcg_last_op();
7068 if (tb_cflags(dcbase->tb) & CF_PCREL) {
7069 pc_arg -= dc->cs_base;
7070 pc_arg &= ~TARGET_PAGE_MASK;
7071 }
7072 tcg_gen_insn_start(pc_arg, dc->cc_op);
7073 }
7074
7075 static void i386_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
7076 {
7077 DisasContext *dc = container_of(dcbase, DisasContext, base);
7078
7079 #ifdef TARGET_VSYSCALL_PAGE
7080 /*
7081 * Detect entry into the vsyscall page and invoke the syscall.
7082 */
7083 if ((dc->base.pc_next & TARGET_PAGE_MASK) == TARGET_VSYSCALL_PAGE) {
7084 gen_exception(dc, EXCP_VSYSCALL);
7085 dc->base.pc_next = dc->pc + 1;
7086 return;
7087 }
7088 #endif
7089
7090 if (disas_insn(dc, cpu)) {
7091 target_ulong pc_next = dc->pc;
7092 dc->base.pc_next = pc_next;
7093
7094 if (dc->base.is_jmp == DISAS_NEXT) {
7095 if (dc->flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK)) {
7096 /*
7097 * If single step mode, we generate only one instruction and
7098 * generate an exception.
7099 * If irq were inhibited with HF_INHIBIT_IRQ_MASK, we clear
7100 * the flag and abort the translation to give the irqs a
7101 * chance to happen.
7102 */
7103 dc->base.is_jmp = DISAS_EOB_NEXT;
7104 } else if (!is_same_page(&dc->base, pc_next)) {
7105 dc->base.is_jmp = DISAS_TOO_MANY;
7106 }
7107 }
7108 }
7109 }
7110
7111 static void i386_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
7112 {
7113 DisasContext *dc = container_of(dcbase, DisasContext, base);
7114
7115 switch (dc->base.is_jmp) {
7116 case DISAS_NORETURN:
7117 break;
7118 case DISAS_TOO_MANY:
7119 gen_update_cc_op(dc);
7120 gen_jmp_rel_csize(dc, 0, 0);
7121 break;
7122 case DISAS_EOB_NEXT:
7123 gen_update_cc_op(dc);
7124 gen_update_eip_cur(dc);
7125 /* fall through */
7126 case DISAS_EOB_ONLY:
7127 gen_eob(dc);
7128 break;
7129 case DISAS_EOB_INHIBIT_IRQ:
7130 gen_update_cc_op(dc);
7131 gen_update_eip_cur(dc);
7132 gen_eob_inhibit_irq(dc, true);
7133 break;
7134 case DISAS_JUMP:
7135 gen_jr(dc);
7136 break;
7137 default:
7138 g_assert_not_reached();
7139 }
7140 }
7141
7142 static void i386_tr_disas_log(const DisasContextBase *dcbase,
7143 CPUState *cpu, FILE *logfile)
7144 {
7145 DisasContext *dc = container_of(dcbase, DisasContext, base);
7146
7147 fprintf(logfile, "IN: %s\n", lookup_symbol(dc->base.pc_first));
7148 target_disas(logfile, cpu, dc->base.pc_first, dc->base.tb->size);
7149 }
7150
7151 static const TranslatorOps i386_tr_ops = {
7152 .init_disas_context = i386_tr_init_disas_context,
7153 .tb_start = i386_tr_tb_start,
7154 .insn_start = i386_tr_insn_start,
7155 .translate_insn = i386_tr_translate_insn,
7156 .tb_stop = i386_tr_tb_stop,
7157 .disas_log = i386_tr_disas_log,
7158 };
7159
7160 /* generate intermediate code for basic block 'tb'. */
7161 void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int *max_insns,
7162 target_ulong pc, void *host_pc)
7163 {
7164 DisasContext dc;
7165
7166 translator_loop(cpu, tb, max_insns, pc, host_pc, &i386_tr_ops, &dc.base);
7167 }
QEMU mirror