Merge remote-tracking branch 'stefanha/trivial-patches' into staging

[mirror_qemu.git] / target-arm / translate.c
diff --git a/target-arm/translate.c b/target-arm/translate.c

index 0a9b3cf354ed8283a4103c981674f61ba07fe6d3..59190f64ca874ac625b6076f6ce074a41b6f76f5 100644 (file)
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -30,9 +30,9 @@
  #include "tcg-op.h"
  #include "qemu-log.h"
  
-#include "helpers.h"
+#include "helper.h"
  #define GEN_HELPER 1
-#include "helpers.h"
+#include "helper.h"
  
  #define ENABLE_ARCH_4T    arm_feature(env, ARM_FEATURE_V4T)
  #define ENABLE_ARCH_5     arm_feature(env, ARM_FEATURE_V5)
@@ -129,7 +129,7 @@ void arm_translate_init(void)
  #endif
  
  #define GEN_HELPER 2
-#include "helpers.h"
+#include "helper.h"
  }
  
  static inline TCGv load_cpu_offset(int offset)
@@ -1331,7 +1331,7 @@ static inline int gen_iwmmxt_shift(uint32_t insn, uint32_t mask, TCGv dest)
      return 0;
  }
  
-/* Disassemble an iwMMXt instruction.  Returns nonzero if an error occured
+/* Disassemble an iwMMXt instruction.  Returns nonzero if an error occurred
     (ie. an undefined instruction).  */
  static int disas_iwmmxt_insn(CPUState *env, DisasContext *s, uint32_t insn)
  {
@@ -2335,7 +2335,7 @@ static int disas_iwmmxt_insn(CPUState *env, DisasContext *s, uint32_t insn)
      return 0;
  }
  
-/* Disassemble an XScale DSP instruction.  Returns nonzero if an error occured
+/* Disassemble an XScale DSP instruction.  Returns nonzero if an error occurred
     (ie. an undefined instruction).  */
  static int disas_dsp_insn(CPUState *env, DisasContext *s, uint32_t insn)
  {
@@ -2681,7 +2681,7 @@ static TCGv gen_load_and_replicate(DisasContext *s, TCGv addr, int size)
      return tmp;
  }
  
-/* Disassemble a VFP instruction.  Returns nonzero if an error occured
+/* Disassemble a VFP instruction.  Returns nonzero if an error occurred
     (ie. an undefined instruction).  */
  static int disas_vfp_insn(CPUState * env, DisasContext *s, uint32_t insn)
  {
@@ -3662,7 +3662,7 @@ static inline TCGv neon_get_scalar(int size, int reg)
  static int gen_neon_unzip(int rd, int rm, int size, int q)
  {
      TCGv tmp, tmp2;
-    if (size == 3 || (!q && size == 2)) {
+    if (!q && size == 2) {
          return 1;
      }
      tmp = tcg_const_i32(rd);
@@ -3701,7 +3701,7 @@ static int gen_neon_unzip(int rd, int rm, int size, int q)
  static int gen_neon_zip(int rd, int rm, int size, int q)
  {
      TCGv tmp, tmp2;
-    if (size == 3 || (!q && size == 2)) {
+    if (!q && size == 2) {
          return 1;
      }
      tmp = tcg_const_i32(rd);
@@ -3830,6 +3830,21 @@ static int disas_neon_ls_insn(CPUState * env, DisasContext *s, uint32_t insn)
          size = (insn >> 6) & 3;
          if (op > 10)
              return 1;
+        /* Catch UNDEF cases for bad values of align field */
+        switch (op & 0xc) {
+        case 4:
+            if (((insn >> 5) & 1) == 1) {
+                return 1;
+            }
+            break;
+        case 8:
+            if (((insn >> 4) & 3) == 3) {
+                return 1;
+            }
+            break;
+        default:
+            break;
+        }
          nregs = neon_ls_element_type[op].nregs;
          interleave = neon_ls_element_type[op].interleave;
          spacing = neon_ls_element_type[op].spacing;
@@ -3975,6 +3990,7 @@ static int disas_neon_ls_insn(CPUState * env, DisasContext *s, uint32_t insn)
              stride = (1 << size) * nregs;
          } else {
              /* Single element.  */
+            int idx = (insn >> 4) & 0xf;
              pass = (insn >> 7) & 1;
              switch (size) {
              case 0:
@@ -3993,6 +4009,39 @@ static int disas_neon_ls_insn(CPUState * env, DisasContext *s, uint32_t insn)
                  abort();
              }
              nregs = ((insn >> 8) & 3) + 1;
+            /* Catch the UNDEF cases. This is unavoidably a bit messy. */
+            switch (nregs) {
+            case 1:
+                if (((idx & (1 << size)) != 0) ||
+                    (size == 2 && ((idx & 3) == 1 || (idx & 3) == 2))) {
+                    return 1;
+                }
+                break;
+            case 3:
+                if ((idx & 1) != 0) {
+                    return 1;
+                }
+                /* fall through */
+            case 2:
+                if (size == 2 && (idx & 2) != 0) {
+                    return 1;
+                }
+                break;
+            case 4:
+                if ((size == 2) && ((idx & 3) == 3)) {
+                    return 1;
+                }
+                break;
+            default:
+                abort();
+            }
+            if ((rd + stride * (nregs - 1)) > 31) {
+                /* Attempts to write off the end of the register file
+                 * are UNPREDICTABLE; we choose to UNDEF because otherwise
+                 * the neon_load_reg() would write off the end of the array.
+                 */
+                return 1;
+            }
              addr = tcg_temp_new_i32();
              load_reg_var(s, addr, rn);
              for (reg = 0; reg < nregs; reg++) {
@@ -4312,6 +4361,113 @@ static const uint8_t neon_3r_sizes[] = {
      [NEON_3R_VRECPS_VRSQRTS] = 0x5, /* size bit 1 encodes op */
  };
  
+/* Symbolic constants for op fields for Neon 2-register miscellaneous.
+ * The values correspond to bits [17:16,10:7]; see the ARM ARM DDI0406B
+ * table A7-13.
+ */
+#define NEON_2RM_VREV64 0
+#define NEON_2RM_VREV32 1
+#define NEON_2RM_VREV16 2
+#define NEON_2RM_VPADDL 4
+#define NEON_2RM_VPADDL_U 5
+#define NEON_2RM_VCLS 8
+#define NEON_2RM_VCLZ 9
+#define NEON_2RM_VCNT 10
+#define NEON_2RM_VMVN 11
+#define NEON_2RM_VPADAL 12
+#define NEON_2RM_VPADAL_U 13
+#define NEON_2RM_VQABS 14
+#define NEON_2RM_VQNEG 15
+#define NEON_2RM_VCGT0 16
+#define NEON_2RM_VCGE0 17
+#define NEON_2RM_VCEQ0 18
+#define NEON_2RM_VCLE0 19
+#define NEON_2RM_VCLT0 20
+#define NEON_2RM_VABS 22
+#define NEON_2RM_VNEG 23
+#define NEON_2RM_VCGT0_F 24
+#define NEON_2RM_VCGE0_F 25
+#define NEON_2RM_VCEQ0_F 26
+#define NEON_2RM_VCLE0_F 27
+#define NEON_2RM_VCLT0_F 28
+#define NEON_2RM_VABS_F 30
+#define NEON_2RM_VNEG_F 31
+#define NEON_2RM_VSWP 32
+#define NEON_2RM_VTRN 33
+#define NEON_2RM_VUZP 34
+#define NEON_2RM_VZIP 35
+#define NEON_2RM_VMOVN 36 /* Includes VQMOVN, VQMOVUN */
+#define NEON_2RM_VQMOVN 37 /* Includes VQMOVUN */
+#define NEON_2RM_VSHLL 38
+#define NEON_2RM_VCVT_F16_F32 44
+#define NEON_2RM_VCVT_F32_F16 46
+#define NEON_2RM_VRECPE 56
+#define NEON_2RM_VRSQRTE 57
+#define NEON_2RM_VRECPE_F 58
+#define NEON_2RM_VRSQRTE_F 59
+#define NEON_2RM_VCVT_FS 60
+#define NEON_2RM_VCVT_FU 61
+#define NEON_2RM_VCVT_SF 62
+#define NEON_2RM_VCVT_UF 63
+
+static int neon_2rm_is_float_op(int op)
+{
+    /* Return true if this neon 2reg-misc op is float-to-float */
+    return (op == NEON_2RM_VABS_F || op == NEON_2RM_VNEG_F ||
+            op >= NEON_2RM_VRECPE_F);
+}
+
+/* Each entry in this array has bit n set if the insn allows
+ * size value n (otherwise it will UNDEF). Since unallocated
+ * op values will have no bits set they always UNDEF.
+ */
+static const uint8_t neon_2rm_sizes[] = {
+    [NEON_2RM_VREV64] = 0x7,
+    [NEON_2RM_VREV32] = 0x3,
+    [NEON_2RM_VREV16] = 0x1,
+    [NEON_2RM_VPADDL] = 0x7,
+    [NEON_2RM_VPADDL_U] = 0x7,
+    [NEON_2RM_VCLS] = 0x7,
+    [NEON_2RM_VCLZ] = 0x7,
+    [NEON_2RM_VCNT] = 0x1,
+    [NEON_2RM_VMVN] = 0x1,
+    [NEON_2RM_VPADAL] = 0x7,
+    [NEON_2RM_VPADAL_U] = 0x7,
+    [NEON_2RM_VQABS] = 0x7,
+    [NEON_2RM_VQNEG] = 0x7,
+    [NEON_2RM_VCGT0] = 0x7,
+    [NEON_2RM_VCGE0] = 0x7,
+    [NEON_2RM_VCEQ0] = 0x7,
+    [NEON_2RM_VCLE0] = 0x7,
+    [NEON_2RM_VCLT0] = 0x7,
+    [NEON_2RM_VABS] = 0x7,
+    [NEON_2RM_VNEG] = 0x7,
+    [NEON_2RM_VCGT0_F] = 0x4,
+    [NEON_2RM_VCGE0_F] = 0x4,
+    [NEON_2RM_VCEQ0_F] = 0x4,
+    [NEON_2RM_VCLE0_F] = 0x4,
+    [NEON_2RM_VCLT0_F] = 0x4,
+    [NEON_2RM_VABS_F] = 0x4,
+    [NEON_2RM_VNEG_F] = 0x4,
+    [NEON_2RM_VSWP] = 0x1,
+    [NEON_2RM_VTRN] = 0x7,
+    [NEON_2RM_VUZP] = 0x7,
+    [NEON_2RM_VZIP] = 0x7,
+    [NEON_2RM_VMOVN] = 0x7,
+    [NEON_2RM_VQMOVN] = 0x7,
+    [NEON_2RM_VSHLL] = 0x7,
+    [NEON_2RM_VCVT_F16_F32] = 0x2,
+    [NEON_2RM_VCVT_F32_F16] = 0x2,
+    [NEON_2RM_VRECPE] = 0x4,
+    [NEON_2RM_VRSQRTE] = 0x4,
+    [NEON_2RM_VRECPE_F] = 0x4,
+    [NEON_2RM_VRSQRTE_F] = 0x4,
+    [NEON_2RM_VCVT_FS] = 0x4,
+    [NEON_2RM_VCVT_FU] = 0x4,
+    [NEON_2RM_VCVT_SF] = 0x4,
+    [NEON_2RM_VCVT_UF] = 0x4,
+};
+
  /* Translate a NEON data processing instruction.  Return nonzero if the
     instruction is invalid.
     We process data in a mixture of 32-bit and 64-bit chunks.
@@ -5174,31 +5330,47 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                  int src1_wide;
                  int src2_wide;
                  int prewiden;
-                /* prewiden, src1_wide, src2_wide */
-                static const int neon_3reg_wide[16][3] = {
-                    {1, 0, 0}, /* VADDL */
-                    {1, 1, 0}, /* VADDW */
-                    {1, 0, 0}, /* VSUBL */
-                    {1, 1, 0}, /* VSUBW */
-                    {0, 1, 1}, /* VADDHN */
-                    {0, 0, 0}, /* VABAL */
-                    {0, 1, 1}, /* VSUBHN */
-                    {0, 0, 0}, /* VABDL */
-                    {0, 0, 0}, /* VMLAL */
-                    {0, 0, 0}, /* VQDMLAL */
-                    {0, 0, 0}, /* VMLSL */
-                    {0, 0, 0}, /* VQDMLSL */
-                    {0, 0, 0}, /* Integer VMULL */
-                    {0, 0, 0}, /* VQDMULL */
-                    {0, 0, 0}  /* Polynomial VMULL */
+                /* undefreq: bit 0 : UNDEF if size != 0
+                 *           bit 1 : UNDEF if size == 0
+                 *           bit 2 : UNDEF if U == 1
+                 * Note that [1:0] set implies 'always UNDEF'
+                 */
+                int undefreq;
+                /* prewiden, src1_wide, src2_wide, undefreq */
+                static const int neon_3reg_wide[16][4] = {
+                    {1, 0, 0, 0}, /* VADDL */
+                    {1, 1, 0, 0}, /* VADDW */
+                    {1, 0, 0, 0}, /* VSUBL */
+                    {1, 1, 0, 0}, /* VSUBW */
+                    {0, 1, 1, 0}, /* VADDHN */
+                    {0, 0, 0, 0}, /* VABAL */
+                    {0, 1, 1, 0}, /* VSUBHN */
+                    {0, 0, 0, 0}, /* VABDL */
+                    {0, 0, 0, 0}, /* VMLAL */
+                    {0, 0, 0, 6}, /* VQDMLAL */
+                    {0, 0, 0, 0}, /* VMLSL */
+                    {0, 0, 0, 6}, /* VQDMLSL */
+                    {0, 0, 0, 0}, /* Integer VMULL */
+                    {0, 0, 0, 2}, /* VQDMULL */
+                    {0, 0, 0, 5}, /* Polynomial VMULL */
+                    {0, 0, 0, 3}, /* Reserved: always UNDEF */
                  };
  
                  prewiden = neon_3reg_wide[op][0];
                  src1_wide = neon_3reg_wide[op][1];
                  src2_wide = neon_3reg_wide[op][2];
+                undefreq = neon_3reg_wide[op][3];
  
-                if (size == 0 && (op == 9 || op == 11 || op == 13))
+                if (((undefreq & 1) && (size != 0)) ||
+                    ((undefreq & 2) && (size == 0)) ||
+                    ((undefreq & 4) && u)) {
                      return 1;
+                }
+                if ((src1_wide && (rn & 1)) ||
+                    (src2_wide && (rm & 1)) ||
+                    (!src2_wide && (rd & 1))) {
+                    return 1;
+                }
  
                  /* Avoid overlapping operands.  Wide source operands are
                     always aligned so will never overlap with wide
@@ -5279,8 +5451,8 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                          tcg_temp_free_i32(tmp2);
                          tcg_temp_free_i32(tmp);
                          break;
-                    default: /* 15 is RESERVED.  */
-                        return 1;
+                    default: /* 15 is RESERVED: caught earlier  */
+                        abort();
                      }
                      if (op == 13) {
                          /* VQDMULL */
@@ -5352,16 +5524,29 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                      }
                  }
              } else {
-                /* Two registers and a scalar.  */
+                /* Two registers and a scalar. NB that for ops of this form
+                 * the ARM ARM labels bit 24 as Q, but it is in our variable
+                 * 'u', not 'q'.
+                 */
+                if (size == 0) {
+                    return 1;
+                }
                  switch (op) {
-                case 0: /* Integer VMLA scalar */
                  case 1: /* Float VMLA scalar */
-                case 4: /* Integer VMLS scalar */
                  case 5: /* Floating point VMLS scalar */
-                case 8: /* Integer VMUL scalar */
                  case 9: /* Floating point VMUL scalar */
+                    if (size == 1) {
+                        return 1;
+                    }
+                    /* fall through */
+                case 0: /* Integer VMLA scalar */
+                case 4: /* Integer VMLS scalar */
+                case 8: /* Integer VMUL scalar */
                  case 12: /* VQDMULH scalar */
                  case 13: /* VQRDMULH scalar */
+                    if (u && ((rd | rn) & 1)) {
+                        return 1;
+                    }
                      tmp = neon_get_scalar(size, rm);
                      neon_store_scratch(0, tmp);
                      for (pass = 0; pass < (u ? 4 : 2); pass++) {
@@ -5386,7 +5571,7 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                              case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
                              case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
                              case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
-                            default: return 1;
+                            default: abort();
                              }
                          }
                          tcg_temp_free_i32(tmp2);
@@ -5414,15 +5599,19 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                          neon_store_reg(rd, pass, tmp);
                      }
                      break;
-                case 2: /* VMLAL sclar */
                  case 3: /* VQDMLAL scalar */
-                case 6: /* VMLSL scalar */
                  case 7: /* VQDMLSL scalar */
-                case 10: /* VMULL scalar */
                  case 11: /* VQDMULL scalar */
-                    if (size == 0 && (op == 3 || op == 7 || op == 11))
+                    if (u == 1) {
                          return 1;
-
+                    }
+                    /* fall through */
+                case 2: /* VMLAL sclar */
+                case 6: /* VMLSL scalar */
+                case 10: /* VMULL scalar */
+                    if (rd & 1) {
+                        return 1;
+                    }
                      tmp2 = neon_get_scalar(size, rm);
                      /* We need a copy of tmp2 because gen_neon_mull
                       * deletes it during pass 0.  */
@@ -5481,6 +5670,10 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                  if (imm > 7 && !q)
                      return 1;
  
+                if (q && ((rd | rn | rm) & 1)) {
+                    return 1;
+                }
+
                  if (imm == 0) {
                      neon_load_reg64(cpu_V0, rn);
                      if (q) {
@@ -5529,10 +5722,16 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                  /* Two register misc.  */
                  op = ((insn >> 12) & 0x30) | ((insn >> 7) & 0xf);
                  size = (insn >> 18) & 3;
+                /* UNDEF for unknown op values and bad op-size combinations */
+                if ((neon_2rm_sizes[op] & (1 << size)) == 0) {
+                    return 1;
+                }
+                if ((op != NEON_2RM_VMOVN && op != NEON_2RM_VQMOVN) &&
+                    q && ((rm | rd) & 1)) {
+                    return 1;
+                }
                  switch (op) {
-                case 0: /* VREV64 */
-                    if (size == 3)
-                        return 1;
+                case NEON_2RM_VREV64:
                      for (pass = 0; pass < (q ? 2 : 1); pass++) {
                          tmp = neon_load_reg(rm, pass * 2);
                          tmp2 = neon_load_reg(rm, pass * 2 + 1);
@@ -5555,10 +5754,8 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                          }
                      }
                      break;
-                case 4: case 5: /* VPADDL */
-                case 12: case 13: /* VPADAL */
-                    if (size == 3)
-                        return 1;
+                case NEON_2RM_VPADDL: case NEON_2RM_VPADDL_U:
+                case NEON_2RM_VPADAL: case NEON_2RM_VPADAL_U:
                      for (pass = 0; pass < q + 1; pass++) {
                          tmp = neon_load_reg(rm, pass * 2);
                          gen_neon_widen(cpu_V0, tmp, size, op & 1);
@@ -5570,7 +5767,7 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                          case 2: tcg_gen_add_i64(CPU_V001); break;
                          default: abort();
                          }
-                        if (op >= 12) {
+                        if (op >= NEON_2RM_VPADAL) {
                              /* Accumulate.  */
                              neon_load_reg64(cpu_V1, rd + pass);
                              gen_neon_addl(size);
@@ -5578,7 +5775,7 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                          neon_store_reg64(cpu_V0, rd + pass);
                      }
                      break;
-                case 33: /* VTRN */
+                case NEON_2RM_VTRN:
                      if (size == 2) {
                          int n;
                          for (n = 0; n < (q ? 4 : 2); n += 2) {
@@ -5591,24 +5788,27 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                          goto elementwise;
                      }
                      break;
-                case 34: /* VUZP */
+                case NEON_2RM_VUZP:
                      if (gen_neon_unzip(rd, rm, size, q)) {
                          return 1;
                      }
                      break;
-                case 35: /* VZIP */
+                case NEON_2RM_VZIP:
                      if (gen_neon_zip(rd, rm, size, q)) {
                          return 1;
                      }
                      break;
-                case 36: case 37: /* VMOVN, VQMOVUN, VQMOVN */
-                    if (size == 3)
+                case NEON_2RM_VMOVN: case NEON_2RM_VQMOVN:
+                    /* also VQMOVUN; op field and mnemonics don't line up */
+                    if (rm & 1) {
                          return 1;
+                    }
                      TCGV_UNUSED(tmp2);
                      for (pass = 0; pass < 2; pass++) {
                          neon_load_reg64(cpu_V0, rm + pass);
                          tmp = tcg_temp_new_i32();
-                        gen_neon_narrow_op(op == 36, q, size, tmp, cpu_V0);
+                        gen_neon_narrow_op(op == NEON_2RM_VMOVN, q, size,
+                                           tmp, cpu_V0);
                          if (pass == 0) {
                              tmp2 = tmp;
                          } else {
@@ -5617,9 +5817,10 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                          }
                      }
                      break;
-                case 38: /* VSHLL */
-                    if (q || size == 3)
+                case NEON_2RM_VSHLL:
+                    if (q || (rd & 1)) {
                          return 1;
+                    }
                      tmp = neon_load_reg(rm, 0);
                      tmp2 = neon_load_reg(rm, 1);
                      for (pass = 0; pass < 2; pass++) {
@@ -5630,9 +5831,11 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                          neon_store_reg64(cpu_V0, rd + pass);
                      }
                      break;
-                case 44: /* VCVT.F16.F32 */
-                    if (!arm_feature(env, ARM_FEATURE_VFP_FP16))
-                      return 1;
+                case NEON_2RM_VCVT_F16_F32:
+                    if (!arm_feature(env, ARM_FEATURE_VFP_FP16) ||
+                        q || (rm & 1)) {
+                        return 1;
+                    }
                      tmp = tcg_temp_new_i32();
                      tmp2 = tcg_temp_new_i32();
                      tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 0));
@@ -5652,9 +5855,11 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                      neon_store_reg(rd, 1, tmp2);
                      tcg_temp_free_i32(tmp);
                      break;
-                case 46: /* VCVT.F32.F16 */
-                    if (!arm_feature(env, ARM_FEATURE_VFP_FP16))
-                      return 1;
+                case NEON_2RM_VCVT_F32_F16:
+                    if (!arm_feature(env, ARM_FEATURE_VFP_FP16) ||
+                        q || (rd & 1)) {
+                        return 1;
+                    }
                      tmp3 = tcg_temp_new_i32();
                      tmp = neon_load_reg(rm, 0);
                      tmp2 = neon_load_reg(rm, 1);
@@ -5677,7 +5882,7 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                  default:
                  elementwise:
                      for (pass = 0; pass < (q ? 4 : 2); pass++) {
-                        if (op == 30 || op == 31 || op >= 58) {
+                        if (neon_2rm_is_float_op(op)) {
                              tcg_gen_ld_f32(cpu_F0s, cpu_env,
                                             neon_reg_offset(rm, pass));
                              TCGV_UNUSED(tmp);
@@ -5685,183 +5890,178 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                              tmp = neon_load_reg(rm, pass);
                          }
                          switch (op) {
-                        case 1: /* VREV32 */
+                        case NEON_2RM_VREV32:
                              switch (size) {
                              case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
                              case 1: gen_swap_half(tmp); break;
-                            default: return 1;
+                            default: abort();
                              }
                              break;
-                        case 2: /* VREV16 */
-                            if (size != 0)
-                                return 1;
+                        case NEON_2RM_VREV16:
                              gen_rev16(tmp);
                              break;
-                        case 8: /* CLS */
+                        case NEON_2RM_VCLS:
                              switch (size) {
                              case 0: gen_helper_neon_cls_s8(tmp, tmp); break;
                              case 1: gen_helper_neon_cls_s16(tmp, tmp); break;
                              case 2: gen_helper_neon_cls_s32(tmp, tmp); break;
-                            default: return 1;
+                            default: abort();
                              }
                              break;
-                        case 9: /* CLZ */
+                        case NEON_2RM_VCLZ:
                              switch (size) {
                              case 0: gen_helper_neon_clz_u8(tmp, tmp); break;
                              case 1: gen_helper_neon_clz_u16(tmp, tmp); break;
                              case 2: gen_helper_clz(tmp, tmp); break;
-                            default: return 1;
+                            default: abort();
                              }
                              break;
-                        case 10: /* CNT */
-                            if (size != 0)
-                                return 1;
+                        case NEON_2RM_VCNT:
                              gen_helper_neon_cnt_u8(tmp, tmp);
                              break;
-                        case 11: /* VNOT */
-                            if (size != 0)
-                                return 1;
+                        case NEON_2RM_VMVN:
                              tcg_gen_not_i32(tmp, tmp);
                              break;
-                        case 14: /* VQABS */
+                        case NEON_2RM_VQABS:
                              switch (size) {
                              case 0: gen_helper_neon_qabs_s8(tmp, tmp); break;
                              case 1: gen_helper_neon_qabs_s16(tmp, tmp); break;
                              case 2: gen_helper_neon_qabs_s32(tmp, tmp); break;
-                            default: return 1;
+                            default: abort();
                              }
                              break;
-                        case 15: /* VQNEG */
+                        case NEON_2RM_VQNEG:
                              switch (size) {
                              case 0: gen_helper_neon_qneg_s8(tmp, tmp); break;
                              case 1: gen_helper_neon_qneg_s16(tmp, tmp); break;
                              case 2: gen_helper_neon_qneg_s32(tmp, tmp); break;
-                            default: return 1;
+                            default: abort();
                              }
                              break;
-                        case 16: case 19: /* VCGT #0, VCLE #0 */
+                        case NEON_2RM_VCGT0: case NEON_2RM_VCLE0:
                              tmp2 = tcg_const_i32(0);
                              switch(size) {
                              case 0: gen_helper_neon_cgt_s8(tmp, tmp, tmp2); break;
                              case 1: gen_helper_neon_cgt_s16(tmp, tmp, tmp2); break;
                              case 2: gen_helper_neon_cgt_s32(tmp, tmp, tmp2); break;
-                            default: return 1;
+                            default: abort();
                              }
                              tcg_temp_free(tmp2);
-                            if (op == 19)
+                            if (op == NEON_2RM_VCLE0) {
                                  tcg_gen_not_i32(tmp, tmp);
+                            }
                              break;
-                        case 17: case 20: /* VCGE #0, VCLT #0 */
+                        case NEON_2RM_VCGE0: case NEON_2RM_VCLT0:
                              tmp2 = tcg_const_i32(0);
                              switch(size) {
                              case 0: gen_helper_neon_cge_s8(tmp, tmp, tmp2); break;
                              case 1: gen_helper_neon_cge_s16(tmp, tmp, tmp2); break;
                              case 2: gen_helper_neon_cge_s32(tmp, tmp, tmp2); break;
-                            default: return 1;
+                            default: abort();
                              }
                              tcg_temp_free(tmp2);
-                            if (op == 20)
+                            if (op == NEON_2RM_VCLT0) {
                                  tcg_gen_not_i32(tmp, tmp);
+                            }
                              break;
-                        case 18: /* VCEQ #0 */
+                        case NEON_2RM_VCEQ0:
                              tmp2 = tcg_const_i32(0);
                              switch(size) {
                              case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
                              case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
                              case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
-                            default: return 1;
+                            default: abort();
                              }
                              tcg_temp_free(tmp2);
                              break;
-                        case 22: /* VABS */
+                        case NEON_2RM_VABS:
                              switch(size) {
                              case 0: gen_helper_neon_abs_s8(tmp, tmp); break;
                              case 1: gen_helper_neon_abs_s16(tmp, tmp); break;
                              case 2: tcg_gen_abs_i32(tmp, tmp); break;
-                            default: return 1;
+                            default: abort();
                              }
                              break;
-                        case 23: /* VNEG */
-                            if (size == 3)
-                                return 1;
+                        case NEON_2RM_VNEG:
                              tmp2 = tcg_const_i32(0);
                              gen_neon_rsb(size, tmp, tmp2);
                              tcg_temp_free(tmp2);
                              break;
-                        case 24: /* Float VCGT #0 */
+                        case NEON_2RM_VCGT0_F:
                              tmp2 = tcg_const_i32(0);
                              gen_helper_neon_cgt_f32(tmp, tmp, tmp2);
                              tcg_temp_free(tmp2);
                              break;
-                        case 25: /* Float VCGE #0 */
+                        case NEON_2RM_VCGE0_F:
                              tmp2 = tcg_const_i32(0);
                              gen_helper_neon_cge_f32(tmp, tmp, tmp2);
                              tcg_temp_free(tmp2);
                              break;
-                        case 26: /* Float VCEQ #0 */
+                        case NEON_2RM_VCEQ0_F:
                              tmp2 = tcg_const_i32(0);
                              gen_helper_neon_ceq_f32(tmp, tmp, tmp2);
                              tcg_temp_free(tmp2);
                              break;
-                        case 27: /* Float VCLE #0 */
+                        case NEON_2RM_VCLE0_F:
                              tmp2 = tcg_const_i32(0);
                              gen_helper_neon_cge_f32(tmp, tmp2, tmp);
                              tcg_temp_free(tmp2);
                              break;
-                        case 28: /* Float VCLT #0 */
+                        case NEON_2RM_VCLT0_F:
                              tmp2 = tcg_const_i32(0);
                              gen_helper_neon_cgt_f32(tmp, tmp2, tmp);
                              tcg_temp_free(tmp2);
                              break;
-                        case 30: /* Float VABS */
+                        case NEON_2RM_VABS_F:
                              gen_vfp_abs(0);
                              break;
-                        case 31: /* Float VNEG */
+                        case NEON_2RM_VNEG_F:
                              gen_vfp_neg(0);
                              break;
-                        case 32: /* VSWP */
+                        case NEON_2RM_VSWP:
                              tmp2 = neon_load_reg(rd, pass);
                              neon_store_reg(rm, pass, tmp2);
                              break;
-                        case 33: /* VTRN */
+                        case NEON_2RM_VTRN:
                              tmp2 = neon_load_reg(rd, pass);
                              switch (size) {
                              case 0: gen_neon_trn_u8(tmp, tmp2); break;
                              case 1: gen_neon_trn_u16(tmp, tmp2); break;
-                            case 2: abort();
-                            default: return 1;
+                            default: abort();
                              }
                              neon_store_reg(rm, pass, tmp2);
                              break;
-                        case 56: /* Integer VRECPE */
+                        case NEON_2RM_VRECPE:
                              gen_helper_recpe_u32(tmp, tmp, cpu_env);
                              break;
-                        case 57: /* Integer VRSQRTE */
+                        case NEON_2RM_VRSQRTE:
                              gen_helper_rsqrte_u32(tmp, tmp, cpu_env);
                              break;
-                        case 58: /* Float VRECPE */
+                        case NEON_2RM_VRECPE_F:
                              gen_helper_recpe_f32(cpu_F0s, cpu_F0s, cpu_env);
                              break;
-                        case 59: /* Float VRSQRTE */
+                        case NEON_2RM_VRSQRTE_F:
                              gen_helper_rsqrte_f32(cpu_F0s, cpu_F0s, cpu_env);
                              break;
-                        case 60: /* VCVT.F32.S32 */
+                        case NEON_2RM_VCVT_FS: /* VCVT.F32.S32 */
                              gen_vfp_sito(0);
                              break;
-                        case 61: /* VCVT.F32.U32 */
+                        case NEON_2RM_VCVT_FU: /* VCVT.F32.U32 */
                              gen_vfp_uito(0);
                              break;
-                        case 62: /* VCVT.S32.F32 */
+                        case NEON_2RM_VCVT_SF: /* VCVT.S32.F32 */
                              gen_vfp_tosiz(0);
                              break;
-                        case 63: /* VCVT.U32.F32 */
+                        case NEON_2RM_VCVT_UF: /* VCVT.U32.F32 */
                              gen_vfp_touiz(0);
                              break;
                          default:
-                            /* Reserved: 21, 29, 39-56 */
-                            return 1;
+                            /* Reserved op values were caught by the
+                             * neon_2rm_sizes[] check earlier.
+                             */
+                            abort();
                          }
-                        if (op == 30 || op == 31 || op >= 58) {
+                        if (neon_2rm_is_float_op(op)) {
                              tcg_gen_st_f32(cpu_F0s, cpu_env,
                                             neon_reg_offset(rd, pass));
                          } else {
@@ -5872,7 +6072,14 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                  }
              } else if ((insn & (1 << 10)) == 0) {
                  /* VTBL, VTBX.  */
-                int n = ((insn >> 5) & 0x18) + 8;
+                int n = ((insn >> 8) & 3) + 1;
+                if ((rn + n) > 32) {
+                    /* This is UNPREDICTABLE; we choose to UNDEF to avoid the
+                     * helper function running off the end of the register file.
+                     */
+                    return 1;
+                }
+                n <<= 3;
                  if (insn & (1 << 6)) {
                      tmp = neon_load_reg(rd, 0);
                  } else {
@@ -5899,6 +6106,9 @@ static int disas_neon_data_insn(CPUState * env, DisasContext *s, uint32_t insn)
                  tcg_temp_free_i32(tmp);
              } else if ((insn & 0x380) == 0) {
                  /* VDUP */
+                if ((insn & (7 << 16)) == 0 || (q && (rd & 1))) {
+                    return 1;
+                }
                  if (insn & (1 << 19)) {
                      tmp = neon_load_reg(rm, 1);
                  } else {
@@ -7138,7 +7348,7 @@ static void disas_arm_insn(CPUState * env, DisasContext *s)
                      } else if ((insn & 0x000003e0) == 0x00000060) {
                          tmp = load_reg(s, rm);
                          shift = (insn >> 10) & 3;
-                        /* ??? In many cases it's not neccessary to do a
+                        /* ??? In many cases it's not necessary to do a
                             rotate, a shift is sufficient.  */
                          if (shift != 0)
                              tcg_gen_rotri_i32(tmp, tmp, shift * 8);
@@ -7806,7 +8016,8 @@ static int disas_thumb2_insn(CPUState *env, DisasContext *s, uint16_t insn_hw1)
                      }
                  }
              } else {
-                int i;
+                int i, loaded_base = 0;
+                TCGv loaded_var;
                  /* Load/store multiple.  */
                  addr = load_reg(s, rn);
                  offset = 0;
@@ -7818,6 +8029,7 @@ static int disas_thumb2_insn(CPUState *env, DisasContext *s, uint16_t insn_hw1)
                      tcg_gen_addi_i32(addr, addr, -offset);
                  }
  
+                TCGV_UNUSED(loaded_var);
                  for (i = 0; i < 16; i++) {
                      if ((insn & (1 << i)) == 0)
                          continue;
@@ -7826,6 +8038,9 @@ static int disas_thumb2_insn(CPUState *env, DisasContext *s, uint16_t insn_hw1)
                          tmp = gen_ld32(addr, IS_USER(s));
                          if (i == 15) {
                              gen_bx(s, tmp);
+                        } else if (i == rn) {
+                            loaded_var = tmp;
+                            loaded_base = 1;
                          } else {
                              store_reg(s, i, tmp);
                          }
@@ -7836,6 +8051,9 @@ static int disas_thumb2_insn(CPUState *env, DisasContext *s, uint16_t insn_hw1)
                      }
                      tcg_gen_addi_i32(addr, addr, 4);
                  }
+                if (loaded_base) {
+                    store_reg(s, rn, loaded_var);
+                }
                  if (insn & (1 << 21)) {
                      /* Base register writeback.  */
                      if (insn & (1 << 24)) {
@@ -7921,7 +8139,7 @@ static int disas_thumb2_insn(CPUState *env, DisasContext *s, uint16_t insn_hw1)
          case 1: /* Sign/zero extend.  */
              tmp = load_reg(s, rm);
              shift = (insn >> 4) & 3;
-            /* ??? In many cases it's not neccessary to do a
+            /* ??? In many cases it's not necessary to do a
                 rotate, a shift is sufficient.  */
              if (shift != 0)
                  tcg_gen_rotri_i32(tmp, tmp, shift * 8);
@@ -9236,7 +9454,10 @@ static void disas_thumb_insn(CPUState *env, DisasContext *s)
          break;
  
      case 12:
+    {
          /* load/store multiple */
+        TCGv loaded_var;
+        TCGV_UNUSED(loaded_var);
          rn = (insn >> 8) & 0x7;
          addr = load_reg(s, rn);
          for (i = 0; i < 8; i++) {
@@ -9244,7 +9465,11 @@ static void disas_thumb_insn(CPUState *env, DisasContext *s)
                  if (insn & (1 << 11)) {
                      /* load */
                      tmp = gen_ld32(addr, IS_USER(s));
-                    store_reg(s, i, tmp);
+                    if (i == rn) {
+                        loaded_var = tmp;
+                    } else {
+                        store_reg(s, i, tmp);
+                    }
                  } else {
                      /* store */
                      tmp = load_reg(s, i);
@@ -9254,14 +9479,18 @@ static void disas_thumb_insn(CPUState *env, DisasContext *s)
                  tcg_gen_addi_i32(addr, addr, 4);
              }
          }
-        /* Base register writeback.  */
          if ((insn & (1 << rn)) == 0) {
+            /* base reg not in list: base register writeback */
              store_reg(s, rn, addr);
          } else {
+            /* base reg in list: if load, complete it now */
+            if (insn & (1 << 11)) {
+                store_reg(s, rn, loaded_var);
+            }
              tcg_temp_free_i32(addr);
          }
          break;
-
+    }
      case 13:
          /* conditional branch or swi */
          cond = (insn >> 8) & 0xf;
@@ -9390,8 +9619,8 @@ static inline void gen_intermediate_code_internal(CPUState *env,
       * This is handled in the same way as restoration of the
       * PC in these situations: we will be called again with search_pc=1
       * and generate a mapping of the condexec bits for each PC in
-     * gen_opc_condexec_bits[]. gen_pc_load[] then uses this to restore
-     * the condexec bits.
+     * gen_opc_condexec_bits[]. restore_state_to_opc() then uses
+     * this to restore the condexec bits.
       *
       * Note that there are no instructions which can read the condexec
       * bits, and none which can write non-static values to them, so
@@ -9656,8 +9885,7 @@ void cpu_dump_state(CPUState *env, FILE *f, fprintf_function cpu_fprintf,
  #endif
  }
  
-void gen_pc_load(CPUState *env, TranslationBlock *tb,
-                unsigned long searched_pc, int pc_pos, void *puc)
+void restore_state_to_opc(CPUState *env, TranslationBlock *tb, int pc_pos)
  {
      env->regs[15] = gen_opc_pc[pc_pos];
      env->condexec_bits = gen_opc_condexec_bits[pc_pos];