LXR qemu/target-arm/translate.c

   1/*
   2 *  ARM translation
   3 *
   4 *  Copyright (c) 2003 Fabrice Bellard
   5 *  Copyright (c) 2005-2007 CodeSourcery
   6 *  Copyright (c) 2007 OpenedHand, Ltd.
   7 *
   8 * This library is free software; you can redistribute it and/or
   9 * modify it under the terms of the GNU Lesser General Public
  10 * License as published by the Free Software Foundation; either
  11 * version 2 of the License, or (at your option) any later version.
  12 *
  13 * This library is distributed in the hope that it will be useful,
  14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16 * Lesser General Public License for more details.
  17 *
  18 * You should have received a copy of the GNU Lesser General Public
  19 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  20 */
  21#include <stdarg.h>
  22#include <stdlib.h>
  23#include <stdio.h>
  24#include <string.h>
  25#include <inttypes.h>
  26
  27#include "cpu.h"
  28#include "internals.h"
  29#include "disas/disas.h"
  30#include "tcg-op.h"
  31#include "qemu/log.h"
  32#include "qemu/bitops.h"
  33#include "arm_ldst.h"
  34
  35#include "exec/helper-proto.h"
  36#include "exec/helper-gen.h"
  37
  38#include "trace-tcg.h"
  39
  40
  41#define ENABLE_ARCH_4T    arm_dc_feature(s, ARM_FEATURE_V4T)
  42#define ENABLE_ARCH_5     arm_dc_feature(s, ARM_FEATURE_V5)
  43/* currently all emulated v5 cores are also v5TE, so don't bother */
  44#define ENABLE_ARCH_5TE   arm_dc_feature(s, ARM_FEATURE_V5)
  45#define ENABLE_ARCH_5J    0
  46#define ENABLE_ARCH_6     arm_dc_feature(s, ARM_FEATURE_V6)
  47#define ENABLE_ARCH_6K    arm_dc_feature(s, ARM_FEATURE_V6K)
  48#define ENABLE_ARCH_6T2   arm_dc_feature(s, ARM_FEATURE_THUMB2)
  49#define ENABLE_ARCH_7     arm_dc_feature(s, ARM_FEATURE_V7)
  50#define ENABLE_ARCH_8     arm_dc_feature(s, ARM_FEATURE_V8)
  51
  52#define ARCH(x) do { if (!ENABLE_ARCH_##x) goto illegal_op; } while(0)
  53
  54#include "translate.h"
  55
  56#if defined(CONFIG_USER_ONLY)
  57#define IS_USER(s) 1
  58#else
  59#define IS_USER(s) (s->user)
  60#endif
  61
  62TCGv_ptr cpu_env;
  63/* We reuse the same 64-bit temporaries for efficiency.  */
  64static TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
  65static TCGv_i32 cpu_R[16];
  66TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF;
  67TCGv_i64 cpu_exclusive_addr;
  68TCGv_i64 cpu_exclusive_val;
  69#ifdef CONFIG_USER_ONLY
  70TCGv_i64 cpu_exclusive_test;
  71TCGv_i32 cpu_exclusive_info;
  72#endif
  73
  74/* FIXME:  These should be removed.  */
  75static TCGv_i32 cpu_F0s, cpu_F1s;
  76static TCGv_i64 cpu_F0d, cpu_F1d;
  77
  78#include "exec/gen-icount.h"
  79
  80static const char *regnames[] =
  81    { "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
  82      "r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" };
  83
  84/* initialize TCG globals.  */
  85void arm_translate_init(void)
  86{
  87    int i;
  88
  89    cpu_env = tcg_global_reg_new_ptr(TCG_AREG0, "env");
  90
  91    for (i = 0; i < 16; i++) {
  92        cpu_R[i] = tcg_global_mem_new_i32(TCG_AREG0,
  93                                          offsetof(CPUARMState, regs[i]),
  94                                          regnames[i]);
  95    }
  96    cpu_CF = tcg_global_mem_new_i32(TCG_AREG0, offsetof(CPUARMState, CF), "CF");
  97    cpu_NF = tcg_global_mem_new_i32(TCG_AREG0, offsetof(CPUARMState, NF), "NF");
  98    cpu_VF = tcg_global_mem_new_i32(TCG_AREG0, offsetof(CPUARMState, VF), "VF");
  99    cpu_ZF = tcg_global_mem_new_i32(TCG_AREG0, offsetof(CPUARMState, ZF), "ZF");
 100
 101    cpu_exclusive_addr = tcg_global_mem_new_i64(TCG_AREG0,
 102        offsetof(CPUARMState, exclusive_addr), "exclusive_addr");
 103    cpu_exclusive_val = tcg_global_mem_new_i64(TCG_AREG0,
 104        offsetof(CPUARMState, exclusive_val), "exclusive_val");
 105#ifdef CONFIG_USER_ONLY
 106    cpu_exclusive_test = tcg_global_mem_new_i64(TCG_AREG0,
 107        offsetof(CPUARMState, exclusive_test), "exclusive_test");
 108    cpu_exclusive_info = tcg_global_mem_new_i32(TCG_AREG0,
 109        offsetof(CPUARMState, exclusive_info), "exclusive_info");
 110#endif
 111
 112    a64_translate_init();
 113}
 114
 115static inline ARMMMUIdx get_a32_user_mem_index(DisasContext *s)
 116{
 117    /* Return the mmu_idx to use for A32/T32 "unprivileged load/store"
 118     * insns:
 119     *  if PL2, UNPREDICTABLE (we choose to implement as if PL0)
 120     *  otherwise, access as if at PL0.
 121     */
 122    switch (s->mmu_idx) {
 123    case ARMMMUIdx_S1E2:        /* this one is UNPREDICTABLE */
 124    case ARMMMUIdx_S12NSE0:
 125    case ARMMMUIdx_S12NSE1:
 126        return ARMMMUIdx_S12NSE0;
 127    case ARMMMUIdx_S1E3:
 128    case ARMMMUIdx_S1SE0:
 129    case ARMMMUIdx_S1SE1:
 130        return ARMMMUIdx_S1SE0;
 131    case ARMMMUIdx_S2NS:
 132    default:
 133        g_assert_not_reached();
 134    }
 135}
 136
 137static inline TCGv_i32 load_cpu_offset(int offset)
 138{
 139    TCGv_i32 tmp = tcg_temp_new_i32();
 140    tcg_gen_ld_i32(tmp, cpu_env, offset);
 141    return tmp;
 142}
 143
 144#define load_cpu_field(name) load_cpu_offset(offsetof(CPUARMState, name))
 145
 146static inline void store_cpu_offset(TCGv_i32 var, int offset)
 147{
 148    tcg_gen_st_i32(var, cpu_env, offset);
 149    tcg_temp_free_i32(var);
 150}
 151
 152#define store_cpu_field(var, name) \
 153    store_cpu_offset(var, offsetof(CPUARMState, name))
 154
 155/* Set a variable to the value of a CPU register.  */
 156static void load_reg_var(DisasContext *s, TCGv_i32 var, int reg)
 157{
 158    if (reg == 15) {
 159        uint32_t addr;
 160        /* normally, since we updated PC, we need only to add one insn */
 161        if (s->thumb)
 162            addr = (long)s->pc + 2;
 163        else
 164            addr = (long)s->pc + 4;
 165        tcg_gen_movi_i32(var, addr);
 166    } else {
 167        tcg_gen_mov_i32(var, cpu_R[reg]);
 168    }
 169}
 170
 171/* Create a new temporary and set it to the value of a CPU register.  */
 172static inline TCGv_i32 load_reg(DisasContext *s, int reg)
 173{
 174    TCGv_i32 tmp = tcg_temp_new_i32();
 175    load_reg_var(s, tmp, reg);
 176    return tmp;
 177}
 178
 179/* Set a CPU register.  The source must be a temporary and will be
 180   marked as dead.  */
 181static void store_reg(DisasContext *s, int reg, TCGv_i32 var)
 182{
 183    if (reg == 15) {
 184        tcg_gen_andi_i32(var, var, ~1);
 185        s->is_jmp = DISAS_JUMP;
 186    }
 187    tcg_gen_mov_i32(cpu_R[reg], var);
 188    tcg_temp_free_i32(var);
 189}
 190
 191/* Value extensions.  */
 192#define gen_uxtb(var) tcg_gen_ext8u_i32(var, var)
 193#define gen_uxth(var) tcg_gen_ext16u_i32(var, var)
 194#define gen_sxtb(var) tcg_gen_ext8s_i32(var, var)
 195#define gen_sxth(var) tcg_gen_ext16s_i32(var, var)
 196
 197#define gen_sxtb16(var) gen_helper_sxtb16(var, var)
 198#define gen_uxtb16(var) gen_helper_uxtb16(var, var)
 199
 200
 201static inline void gen_set_cpsr(TCGv_i32 var, uint32_t mask)
 202{
 203    TCGv_i32 tmp_mask = tcg_const_i32(mask);
 204    gen_helper_cpsr_write(cpu_env, var, tmp_mask);
 205    tcg_temp_free_i32(tmp_mask);
 206}
 207/* Set NZCV flags from the high 4 bits of var.  */
 208#define gen_set_nzcv(var) gen_set_cpsr(var, CPSR_NZCV)
 209
 210static void gen_exception_internal(int excp)
 211{
 212    TCGv_i32 tcg_excp = tcg_const_i32(excp);
 213
 214    assert(excp_is_internal(excp));
 215    gen_helper_exception_internal(cpu_env, tcg_excp);
 216    tcg_temp_free_i32(tcg_excp);
 217}
 218
 219static void gen_exception(int excp, uint32_t syndrome, uint32_t target_el)
 220{
 221    TCGv_i32 tcg_excp = tcg_const_i32(excp);
 222    TCGv_i32 tcg_syn = tcg_const_i32(syndrome);
 223    TCGv_i32 tcg_el = tcg_const_i32(target_el);
 224
 225    gen_helper_exception_with_syndrome(cpu_env, tcg_excp,
 226                                       tcg_syn, tcg_el);
 227
 228    tcg_temp_free_i32(tcg_el);
 229    tcg_temp_free_i32(tcg_syn);
 230    tcg_temp_free_i32(tcg_excp);
 231}
 232
 233static void gen_ss_advance(DisasContext *s)
 234{
 235    /* If the singlestep state is Active-not-pending, advance to
 236     * Active-pending.
 237     */
 238    if (s->ss_active) {
 239        s->pstate_ss = 0;
 240        gen_helper_clear_pstate_ss(cpu_env);
 241    }
 242}
 243
 244static void gen_step_complete_exception(DisasContext *s)
 245{
 246    /* We just completed step of an insn. Move from Active-not-pending
 247     * to Active-pending, and then also take the swstep exception.
 248     * This corresponds to making the (IMPDEF) choice to prioritize
 249     * swstep exceptions over asynchronous exceptions taken to an exception
 250     * level where debug is disabled. This choice has the advantage that
 251     * we do not need to maintain internal state corresponding to the
 252     * ISV/EX syndrome bits between completion of the step and generation
 253     * of the exception, and our syndrome information is always correct.
 254     */
 255    gen_ss_advance(s);
 256    gen_exception(EXCP_UDEF, syn_swstep(s->ss_same_el, 1, s->is_ldex),
 257                  default_exception_el(s));
 258    s->is_jmp = DISAS_EXC;
 259}
 260
 261static void gen_smul_dual(TCGv_i32 a, TCGv_i32 b)
 262{
 263    TCGv_i32 tmp1 = tcg_temp_new_i32();
 264    TCGv_i32 tmp2 = tcg_temp_new_i32();
 265    tcg_gen_ext16s_i32(tmp1, a);
 266    tcg_gen_ext16s_i32(tmp2, b);
 267    tcg_gen_mul_i32(tmp1, tmp1, tmp2);
 268    tcg_temp_free_i32(tmp2);
 269    tcg_gen_sari_i32(a, a, 16);
 270    tcg_gen_sari_i32(b, b, 16);
 271    tcg_gen_mul_i32(b, b, a);
 272    tcg_gen_mov_i32(a, tmp1);
 273    tcg_temp_free_i32(tmp1);
 274}
 275
 276/* Byteswap each halfword.  */
 277static void gen_rev16(TCGv_i32 var)
 278{
 279    TCGv_i32 tmp = tcg_temp_new_i32();
 280    tcg_gen_shri_i32(tmp, var, 8);
 281    tcg_gen_andi_i32(tmp, tmp, 0x00ff00ff);
 282    tcg_gen_shli_i32(var, var, 8);
 283    tcg_gen_andi_i32(var, var, 0xff00ff00);
 284    tcg_gen_or_i32(var, var, tmp);
 285    tcg_temp_free_i32(tmp);
 286}
 287
 288/* Byteswap low halfword and sign extend.  */
 289static void gen_revsh(TCGv_i32 var)
 290{
 291    tcg_gen_ext16u_i32(var, var);
 292    tcg_gen_bswap16_i32(var, var);
 293    tcg_gen_ext16s_i32(var, var);
 294}
 295
 296/* Unsigned bitfield extract.  */
 297static void gen_ubfx(TCGv_i32 var, int shift, uint32_t mask)
 298{
 299    if (shift)
 300        tcg_gen_shri_i32(var, var, shift);
 301    tcg_gen_andi_i32(var, var, mask);
 302}
 303
 304/* Signed bitfield extract.  */
 305static void gen_sbfx(TCGv_i32 var, int shift, int width)
 306{
 307    uint32_t signbit;
 308
 309    if (shift)
 310        tcg_gen_sari_i32(var, var, shift);
 311    if (shift + width < 32) {
 312        signbit = 1u << (width - 1);
 313        tcg_gen_andi_i32(var, var, (1u << width) - 1);
 314        tcg_gen_xori_i32(var, var, signbit);
 315        tcg_gen_subi_i32(var, var, signbit);
 316    }
 317}
 318
 319/* Return (b << 32) + a. Mark inputs as dead */
 320static TCGv_i64 gen_addq_msw(TCGv_i64 a, TCGv_i32 b)
 321{
 322    TCGv_i64 tmp64 = tcg_temp_new_i64();
 323
 324    tcg_gen_extu_i32_i64(tmp64, b);
 325    tcg_temp_free_i32(b);
 326    tcg_gen_shli_i64(tmp64, tmp64, 32);
 327    tcg_gen_add_i64(a, tmp64, a);
 328
 329    tcg_temp_free_i64(tmp64);
 330    return a;
 331}
 332
 333/* Return (b << 32) - a. Mark inputs as dead. */
 334static TCGv_i64 gen_subq_msw(TCGv_i64 a, TCGv_i32 b)
 335{
 336    TCGv_i64 tmp64 = tcg_temp_new_i64();
 337
 338    tcg_gen_extu_i32_i64(tmp64, b);
 339    tcg_temp_free_i32(b);
 340    tcg_gen_shli_i64(tmp64, tmp64, 32);
 341    tcg_gen_sub_i64(a, tmp64, a);
 342
 343    tcg_temp_free_i64(tmp64);
 344    return a;
 345}
 346
 347/* 32x32->64 multiply.  Marks inputs as dead.  */
 348static TCGv_i64 gen_mulu_i64_i32(TCGv_i32 a, TCGv_i32 b)
 349{
 350    TCGv_i32 lo = tcg_temp_new_i32();
 351    TCGv_i32 hi = tcg_temp_new_i32();
 352    TCGv_i64 ret;
 353
 354    tcg_gen_mulu2_i32(lo, hi, a, b);
 355    tcg_temp_free_i32(a);
 356    tcg_temp_free_i32(b);
 357
 358    ret = tcg_temp_new_i64();
 359    tcg_gen_concat_i32_i64(ret, lo, hi);
 360    tcg_temp_free_i32(lo);
 361    tcg_temp_free_i32(hi);
 362
 363    return ret;
 364}
 365
 366static TCGv_i64 gen_muls_i64_i32(TCGv_i32 a, TCGv_i32 b)
 367{
 368    TCGv_i32 lo = tcg_temp_new_i32();
 369    TCGv_i32 hi = tcg_temp_new_i32();
 370    TCGv_i64 ret;
 371
 372    tcg_gen_muls2_i32(lo, hi, a, b);
 373    tcg_temp_free_i32(a);
 374    tcg_temp_free_i32(b);
 375
 376    ret = tcg_temp_new_i64();
 377    tcg_gen_concat_i32_i64(ret, lo, hi);
 378    tcg_temp_free_i32(lo);
 379    tcg_temp_free_i32(hi);
 380
 381    return ret;
 382}
 383
 384/* Swap low and high halfwords.  */
 385static void gen_swap_half(TCGv_i32 var)
 386{
 387    TCGv_i32 tmp = tcg_temp_new_i32();
 388    tcg_gen_shri_i32(tmp, var, 16);
 389    tcg_gen_shli_i32(var, var, 16);
 390    tcg_gen_or_i32(var, var, tmp);
 391    tcg_temp_free_i32(tmp);
 392}
 393
 394/* Dual 16-bit add.  Result placed in t0 and t1 is marked as dead.
 395    tmp = (t0 ^ t1) & 0x8000;
 396    t0 &= ~0x8000;
 397    t1 &= ~0x8000;
 398    t0 = (t0 + t1) ^ tmp;
 399 */
 400
 401static void gen_add16(TCGv_i32 t0, TCGv_i32 t1)
 402{
 403    TCGv_i32 tmp = tcg_temp_new_i32();
 404    tcg_gen_xor_i32(tmp, t0, t1);
 405    tcg_gen_andi_i32(tmp, tmp, 0x8000);
 406    tcg_gen_andi_i32(t0, t0, ~0x8000);
 407    tcg_gen_andi_i32(t1, t1, ~0x8000);
 408    tcg_gen_add_i32(t0, t0, t1);
 409    tcg_gen_xor_i32(t0, t0, tmp);
 410    tcg_temp_free_i32(tmp);
 411    tcg_temp_free_i32(t1);
 412}
 413
 414/* Set CF to the top bit of var.  */
 415static void gen_set_CF_bit31(TCGv_i32 var)
 416{
 417    tcg_gen_shri_i32(cpu_CF, var, 31);
 418}
 419
 420/* Set N and Z flags from var.  */
 421static inline void gen_logic_CC(TCGv_i32 var)
 422{
 423    tcg_gen_mov_i32(cpu_NF, var);
 424    tcg_gen_mov_i32(cpu_ZF, var);
 425}
 426
 427/* T0 += T1 + CF.  */
 428static void gen_adc(TCGv_i32 t0, TCGv_i32 t1)
 429{
 430    tcg_gen_add_i32(t0, t0, t1);
 431    tcg_gen_add_i32(t0, t0, cpu_CF);
 432}
 433
 434/* dest = T0 + T1 + CF. */
 435static void gen_add_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 436{
 437    tcg_gen_add_i32(dest, t0, t1);
 438    tcg_gen_add_i32(dest, dest, cpu_CF);
 439}
 440
 441/* dest = T0 - T1 + CF - 1.  */
 442static void gen_sub_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 443{
 444    tcg_gen_sub_i32(dest, t0, t1);
 445    tcg_gen_add_i32(dest, dest, cpu_CF);
 446    tcg_gen_subi_i32(dest, dest, 1);
 447}
 448
 449/* dest = T0 + T1. Compute C, N, V and Z flags */
 450static void gen_add_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 451{
 452    TCGv_i32 tmp = tcg_temp_new_i32();
 453    tcg_gen_movi_i32(tmp, 0);
 454    tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, t1, tmp);
 455    tcg_gen_mov_i32(cpu_ZF, cpu_NF);
 456    tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
 457    tcg_gen_xor_i32(tmp, t0, t1);
 458    tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
 459    tcg_temp_free_i32(tmp);
 460    tcg_gen_mov_i32(dest, cpu_NF);
 461}
 462
 463/* dest = T0 + T1 + CF.  Compute C, N, V and Z flags */
 464static void gen_adc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 465{
 466    TCGv_i32 tmp = tcg_temp_new_i32();
 467    if (TCG_TARGET_HAS_add2_i32) {
 468        tcg_gen_movi_i32(tmp, 0);
 469        tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, cpu_CF, tmp);
 470        tcg_gen_add2_i32(cpu_NF, cpu_CF, cpu_NF, cpu_CF, t1, tmp);
 471    } else {
 472        TCGv_i64 q0 = tcg_temp_new_i64();
 473        TCGv_i64 q1 = tcg_temp_new_i64();
 474        tcg_gen_extu_i32_i64(q0, t0);
 475        tcg_gen_extu_i32_i64(q1, t1);
 476        tcg_gen_add_i64(q0, q0, q1);
 477        tcg_gen_extu_i32_i64(q1, cpu_CF);
 478        tcg_gen_add_i64(q0, q0, q1);
 479        tcg_gen_extr_i64_i32(cpu_NF, cpu_CF, q0);
 480        tcg_temp_free_i64(q0);
 481        tcg_temp_free_i64(q1);
 482    }
 483    tcg_gen_mov_i32(cpu_ZF, cpu_NF);
 484    tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
 485    tcg_gen_xor_i32(tmp, t0, t1);
 486    tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
 487    tcg_temp_free_i32(tmp);
 488    tcg_gen_mov_i32(dest, cpu_NF);
 489}
 490
 491/* dest = T0 - T1. Compute C, N, V and Z flags */
 492static void gen_sub_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 493{
 494    TCGv_i32 tmp;
 495    tcg_gen_sub_i32(cpu_NF, t0, t1);
 496    tcg_gen_mov_i32(cpu_ZF, cpu_NF);
 497    tcg_gen_setcond_i32(TCG_COND_GEU, cpu_CF, t0, t1);
 498    tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
 499    tmp = tcg_temp_new_i32();
 500    tcg_gen_xor_i32(tmp, t0, t1);
 501    tcg_gen_and_i32(cpu_VF, cpu_VF, tmp);
 502    tcg_temp_free_i32(tmp);
 503    tcg_gen_mov_i32(dest, cpu_NF);
 504}
 505
 506/* dest = T0 + ~T1 + CF.  Compute C, N, V and Z flags */
 507static void gen_sbc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 508{
 509    TCGv_i32 tmp = tcg_temp_new_i32();
 510    tcg_gen_not_i32(tmp, t1);
 511    gen_adc_CC(dest, t0, tmp);
 512    tcg_temp_free_i32(tmp);
 513}
 514
 515#define GEN_SHIFT(name)                                               \
 516static void gen_##name(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)       \
 517{                                                                     \
 518    TCGv_i32 tmp1, tmp2, tmp3;                                        \
 519    tmp1 = tcg_temp_new_i32();                                        \
 520    tcg_gen_andi_i32(tmp1, t1, 0xff);                                 \
 521    tmp2 = tcg_const_i32(0);                                          \
 522    tmp3 = tcg_const_i32(0x1f);                                       \
 523    tcg_gen_movcond_i32(TCG_COND_GTU, tmp2, tmp1, tmp3, tmp2, t0);    \
 524    tcg_temp_free_i32(tmp3);                                          \
 525    tcg_gen_andi_i32(tmp1, tmp1, 0x1f);                               \
 526    tcg_gen_##name##_i32(dest, tmp2, tmp1);                           \
 527    tcg_temp_free_i32(tmp2);                                          \
 528    tcg_temp_free_i32(tmp1);                                          \
 529}
 530GEN_SHIFT(shl)
 531GEN_SHIFT(shr)
 532#undef GEN_SHIFT
 533
 534static void gen_sar(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 535{
 536    TCGv_i32 tmp1, tmp2;
 537    tmp1 = tcg_temp_new_i32();
 538    tcg_gen_andi_i32(tmp1, t1, 0xff);
 539    tmp2 = tcg_const_i32(0x1f);
 540    tcg_gen_movcond_i32(TCG_COND_GTU, tmp1, tmp1, tmp2, tmp2, tmp1);
 541    tcg_temp_free_i32(tmp2);
 542    tcg_gen_sar_i32(dest, t0, tmp1);
 543    tcg_temp_free_i32(tmp1);
 544}
 545
 546static void tcg_gen_abs_i32(TCGv_i32 dest, TCGv_i32 src)
 547{
 548    TCGv_i32 c0 = tcg_const_i32(0);
 549    TCGv_i32 tmp = tcg_temp_new_i32();
 550    tcg_gen_neg_i32(tmp, src);
 551    tcg_gen_movcond_i32(TCG_COND_GT, dest, src, c0, src, tmp);
 552    tcg_temp_free_i32(c0);
 553    tcg_temp_free_i32(tmp);
 554}
 555
 556static void shifter_out_im(TCGv_i32 var, int shift)
 557{
 558    if (shift == 0) {
 559        tcg_gen_andi_i32(cpu_CF, var, 1);
 560    } else {
 561        tcg_gen_shri_i32(cpu_CF, var, shift);
 562        if (shift != 31) {
 563            tcg_gen_andi_i32(cpu_CF, cpu_CF, 1);
 564        }
 565    }
 566}
 567
 568/* Shift by immediate.  Includes special handling for shift == 0.  */
 569static inline void gen_arm_shift_im(TCGv_i32 var, int shiftop,
 570                                    int shift, int flags)
 571{
 572    switch (shiftop) {
 573    case 0: /* LSL */
 574        if (shift != 0) {
 575            if (flags)
 576                shifter_out_im(var, 32 - shift);
 577            tcg_gen_shli_i32(var, var, shift);
 578        }
 579        break;
 580    case 1: /* LSR */
 581        if (shift == 0) {
 582            if (flags) {
 583                tcg_gen_shri_i32(cpu_CF, var, 31);
 584            }
 585            tcg_gen_movi_i32(var, 0);
 586        } else {
 587            if (flags)
 588                shifter_out_im(var, shift - 1);
 589            tcg_gen_shri_i32(var, var, shift);
 590        }
 591        break;
 592    case 2: /* ASR */
 593        if (shift == 0)
 594            shift = 32;
 595        if (flags)
 596            shifter_out_im(var, shift - 1);
 597        if (shift == 32)
 598          shift = 31;
 599        tcg_gen_sari_i32(var, var, shift);
 600        break;
 601    case 3: /* ROR/RRX */
 602        if (shift != 0) {
 603            if (flags)
 604                shifter_out_im(var, shift - 1);
 605            tcg_gen_rotri_i32(var, var, shift); break;
 606        } else {
 607            TCGv_i32 tmp = tcg_temp_new_i32();
 608            tcg_gen_shli_i32(tmp, cpu_CF, 31);
 609            if (flags)
 610                shifter_out_im(var, 0);
 611            tcg_gen_shri_i32(var, var, 1);
 612            tcg_gen_or_i32(var, var, tmp);
 613            tcg_temp_free_i32(tmp);
 614        }
 615    }
 616};
 617
 618static inline void gen_arm_shift_reg(TCGv_i32 var, int shiftop,
 619                                     TCGv_i32 shift, int flags)
 620{
 621    if (flags) {
 622        switch (shiftop) {
 623        case 0: gen_helper_shl_cc(var, cpu_env, var, shift); break;
 624        case 1: gen_helper_shr_cc(var, cpu_env, var, shift); break;
 625        case 2: gen_helper_sar_cc(var, cpu_env, var, shift); break;
 626        case 3: gen_helper_ror_cc(var, cpu_env, var, shift); break;
 627        }
 628    } else {
 629        switch (shiftop) {
 630        case 0:
 631            gen_shl(var, var, shift);
 632            break;
 633        case 1:
 634            gen_shr(var, var, shift);
 635            break;
 636        case 2:
 637            gen_sar(var, var, shift);
 638            break;
 639        case 3: tcg_gen_andi_i32(shift, shift, 0x1f);
 640                tcg_gen_rotr_i32(var, var, shift); break;
 641        }
 642    }
 643    tcg_temp_free_i32(shift);
 644}
 645
 646#define PAS_OP(pfx) \
 647    switch (op2) {  \
 648    case 0: gen_pas_helper(glue(pfx,add16)); break; \
 649    case 1: gen_pas_helper(glue(pfx,addsubx)); break; \
 650    case 2: gen_pas_helper(glue(pfx,subaddx)); break; \
 651    case 3: gen_pas_helper(glue(pfx,sub16)); break; \
 652    case 4: gen_pas_helper(glue(pfx,add8)); break; \
 653    case 7: gen_pas_helper(glue(pfx,sub8)); break; \
 654    }
 655static void gen_arm_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
 656{
 657    TCGv_ptr tmp;
 658
 659    switch (op1) {
 660#define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
 661    case 1:
 662        tmp = tcg_temp_new_ptr();
 663        tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
 664        PAS_OP(s)
 665        tcg_temp_free_ptr(tmp);
 666        break;
 667    case 5:
 668        tmp = tcg_temp_new_ptr();
 669        tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
 670        PAS_OP(u)
 671        tcg_temp_free_ptr(tmp);
 672        break;
 673#undef gen_pas_helper
 674#define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
 675    case 2:
 676        PAS_OP(q);
 677        break;
 678    case 3:
 679        PAS_OP(sh);
 680        break;
 681    case 6:
 682        PAS_OP(uq);
 683        break;
 684    case 7:
 685        PAS_OP(uh);
 686        break;
 687#undef gen_pas_helper
 688    }
 689}
 690#undef PAS_OP
 691
 692/* For unknown reasons Arm and Thumb-2 use arbitrarily different encodings.  */
 693#define PAS_OP(pfx) \
 694    switch (op1) {  \
 695    case 0: gen_pas_helper(glue(pfx,add8)); break; \
 696    case 1: gen_pas_helper(glue(pfx,add16)); break; \
 697    case 2: gen_pas_helper(glue(pfx,addsubx)); break; \
 698    case 4: gen_pas_helper(glue(pfx,sub8)); break; \
 699    case 5: gen_pas_helper(glue(pfx,sub16)); break; \
 700    case 6: gen_pas_helper(glue(pfx,subaddx)); break; \
 701    }
 702static void gen_thumb2_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
 703{
 704    TCGv_ptr tmp;
 705
 706    switch (op2) {
 707#define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
 708    case 0:
 709        tmp = tcg_temp_new_ptr();
 710        tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
 711        PAS_OP(s)
 712        tcg_temp_free_ptr(tmp);
 713        break;
 714    case 4:
 715        tmp = tcg_temp_new_ptr();
 716        tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
 717        PAS_OP(u)
 718        tcg_temp_free_ptr(tmp);
 719        break;
 720#undef gen_pas_helper
 721#define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
 722    case 1:
 723        PAS_OP(q);
 724        break;
 725    case 2:
 726        PAS_OP(sh);
 727        break;
 728    case 5:
 729        PAS_OP(uq);
 730        break;
 731    case 6:
 732        PAS_OP(uh);
 733        break;
 734#undef gen_pas_helper
 735    }
 736}
 737#undef PAS_OP
 738
 739/*
 740 * Generate a conditional based on ARM condition code cc.
 741 * This is common between ARM and Aarch64 targets.
 742 */
 743void arm_test_cc(DisasCompare *cmp, int cc)
 744{
 745    TCGv_i32 value;
 746    TCGCond cond;
 747    bool global = true;
 748
 749    switch (cc) {
 750    case 0: /* eq: Z */
 751    case 1: /* ne: !Z */
 752        cond = TCG_COND_EQ;
 753        value = cpu_ZF;
 754        break;
 755
 756    case 2: /* cs: C */
 757    case 3: /* cc: !C */
 758        cond = TCG_COND_NE;
 759        value = cpu_CF;
 760        break;
 761
 762    case 4: /* mi: N */
 763    case 5: /* pl: !N */
 764        cond = TCG_COND_LT;
 765        value = cpu_NF;
 766        break;
 767
 768    case 6: /* vs: V */
 769    case 7: /* vc: !V */
 770        cond = TCG_COND_LT;
 771        value = cpu_VF;
 772        break;
 773
 774    case 8: /* hi: C && !Z */
 775    case 9: /* ls: !C || Z -> !(C && !Z) */
 776        cond = TCG_COND_NE;
 777        value = tcg_temp_new_i32();
 778        global = false;
 779        /* CF is 1 for C, so -CF is an all-bits-set mask for C;
 780           ZF is non-zero for !Z; so AND the two subexpressions.  */
 781        tcg_gen_neg_i32(value, cpu_CF);
 782        tcg_gen_and_i32(value, value, cpu_ZF);
 783        break;
 784
 785    case 10: /* ge: N == V -> N ^ V == 0 */
 786    case 11: /* lt: N != V -> N ^ V != 0 */
 787        /* Since we're only interested in the sign bit, == 0 is >= 0.  */
 788        cond = TCG_COND_GE;
 789        value = tcg_temp_new_i32();
 790        global = false;
 791        tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
 792        break;
 793
 794    case 12: /* gt: !Z && N == V */
 795    case 13: /* le: Z || N != V */
 796        cond = TCG_COND_NE;
 797        value = tcg_temp_new_i32();
 798        global = false;
 799        /* (N == V) is equal to the sign bit of ~(NF ^ VF).  Propagate
 800         * the sign bit then AND with ZF to yield the result.  */
 801        tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
 802        tcg_gen_sari_i32(value, value, 31);
 803        tcg_gen_andc_i32(value, cpu_ZF, value);
 804        break;
 805
 806    case 14: /* always */
 807    case 15: /* always */
 808        /* Use the ALWAYS condition, which will fold early.
 809         * It doesn't matter what we use for the value.  */
 810        cond = TCG_COND_ALWAYS;
 811        value = cpu_ZF;
 812        goto no_invert;
 813
 814    default:
 815        fprintf(stderr, "Bad condition code 0x%x\n", cc);
 816        abort();
 817    }
 818
 819    if (cc & 1) {
 820        cond = tcg_invert_cond(cond);
 821    }
 822
 823 no_invert:
 824    cmp->cond = cond;
 825    cmp->value = value;
 826    cmp->value_global = global;
 827}
 828
 829void arm_free_cc(DisasCompare *cmp)
 830{
 831    if (!cmp->value_global) {
 832        tcg_temp_free_i32(cmp->value);
 833    }
 834}
 835
 836void arm_jump_cc(DisasCompare *cmp, TCGLabel *label)
 837{
 838    tcg_gen_brcondi_i32(cmp->cond, cmp->value, 0, label);
 839}
 840
 841void arm_gen_test_cc(int cc, TCGLabel *label)
 842{
 843    DisasCompare cmp;
 844    arm_test_cc(&cmp, cc);
 845    arm_jump_cc(&cmp, label);
 846    arm_free_cc(&cmp);
 847}
 848
 849static const uint8_t table_logic_cc[16] = {
 850    1, /* and */
 851    1, /* xor */
 852    0, /* sub */
 853    0, /* rsb */
 854    0, /* add */
 855    0, /* adc */
 856    0, /* sbc */
 857    0, /* rsc */
 858    1, /* andl */
 859    1, /* xorl */
 860    0, /* cmp */
 861    0, /* cmn */
 862    1, /* orr */
 863    1, /* mov */
 864    1, /* bic */
 865    1, /* mvn */
 866};
 867
 868/* Set PC and Thumb state from an immediate address.  */
 869static inline void gen_bx_im(DisasContext *s, uint32_t addr)
 870{
 871    TCGv_i32 tmp;
 872
 873    s->is_jmp = DISAS_JUMP;
 874    if (s->thumb != (addr & 1)) {
 875        tmp = tcg_temp_new_i32();
 876        tcg_gen_movi_i32(tmp, addr & 1);
 877        tcg_gen_st_i32(tmp, cpu_env, offsetof(CPUARMState, thumb));
 878        tcg_temp_free_i32(tmp);
 879    }
 880    tcg_gen_movi_i32(cpu_R[15], addr & ~1);
 881}
 882
 883/* Set PC and Thumb state from var.  var is marked as dead.  */
 884static inline void gen_bx(DisasContext *s, TCGv_i32 var)
 885{
 886    s->is_jmp = DISAS_JUMP;
 887    tcg_gen_andi_i32(cpu_R[15], var, ~1);
 888    tcg_gen_andi_i32(var, var, 1);
 889    store_cpu_field(var, thumb);
 890}
 891
 892/* Variant of store_reg which uses branch&exchange logic when storing
 893   to r15 in ARM architecture v7 and above. The source must be a temporary
 894   and will be marked as dead. */
 895static inline void store_reg_bx(DisasContext *s, int reg, TCGv_i32 var)
 896{
 897    if (reg == 15 && ENABLE_ARCH_7) {
 898        gen_bx(s, var);
 899    } else {
 900        store_reg(s, reg, var);
 901    }
 902}
 903
 904/* Variant of store_reg which uses branch&exchange logic when storing
 905 * to r15 in ARM architecture v5T and above. This is used for storing
 906 * the results of a LDR/LDM/POP into r15, and corresponds to the cases
 907 * in the ARM ARM which use the LoadWritePC() pseudocode function. */
 908static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
 909{
 910    if (reg == 15 && ENABLE_ARCH_5) {
 911        gen_bx(s, var);
 912    } else {
 913        store_reg(s, reg, var);
 914    }
 915}
 916
 917/* Abstractions of "generate code to do a guest load/store for
 918 * AArch32", where a vaddr is always 32 bits (and is zero
 919 * extended if we're a 64 bit core) and  data is also
 920 * 32 bits unless specifically doing a 64 bit access.
 921 * These functions work like tcg_gen_qemu_{ld,st}* except
 922 * that the address argument is TCGv_i32 rather than TCGv.
 923 */
 924#if TARGET_LONG_BITS == 32
 925
 926#define DO_GEN_LD(SUFF, OPC)                                             \
 927static inline void gen_aa32_ld##SUFF(TCGv_i32 val, TCGv_i32 addr, int index) \
 928{                                                                        \
 929    tcg_gen_qemu_ld_i32(val, addr, index, OPC);                          \
 930}
 931
 932#define DO_GEN_ST(SUFF, OPC)                                             \
 933static inline void gen_aa32_st##SUFF(TCGv_i32 val, TCGv_i32 addr, int index) \
 934{                                                                        \
 935    tcg_gen_qemu_st_i32(val, addr, index, OPC);                          \
 936}
 937
 938static inline void gen_aa32_ld64(TCGv_i64 val, TCGv_i32 addr, int index)
 939{
 940    tcg_gen_qemu_ld_i64(val, addr, index, MO_TEQ);
 941}
 942
 943static inline void gen_aa32_st64(TCGv_i64 val, TCGv_i32 addr, int index)
 944{
 945    tcg_gen_qemu_st_i64(val, addr, index, MO_TEQ);
 946}
 947
 948#else
 949
 950#define DO_GEN_LD(SUFF, OPC)                                             \
 951static inline void gen_aa32_ld##SUFF(TCGv_i32 val, TCGv_i32 addr, int index) \
 952{                                                                        \
 953    TCGv addr64 = tcg_temp_new();                                        \
 954    tcg_gen_extu_i32_i64(addr64, addr);                                  \
 955    tcg_gen_qemu_ld_i32(val, addr64, index, OPC);                        \
 956    tcg_temp_free(addr64);                                               \
 957}
 958
 959#define DO_GEN_ST(SUFF, OPC)                                             \
 960static inline void gen_aa32_st##SUFF(TCGv_i32 val, TCGv_i32 addr, int index) \
 961{                                                                        \
 962    TCGv addr64 = tcg_temp_new();                                        \
 963    tcg_gen_extu_i32_i64(addr64, addr);                                  \
 964    tcg_gen_qemu_st_i32(val, addr64, index, OPC);                        \
 965    tcg_temp_free(addr64);                                               \
 966}
 967
 968static inline void gen_aa32_ld64(TCGv_i64 val, TCGv_i32 addr, int index)
 969{
 970    TCGv addr64 = tcg_temp_new();
 971    tcg_gen_extu_i32_i64(addr64, addr);
 972    tcg_gen_qemu_ld_i64(val, addr64, index, MO_TEQ);
 973    tcg_temp_free(addr64);
 974}
 975
 976static inline void gen_aa32_st64(TCGv_i64 val, TCGv_i32 addr, int index)
 977{
 978    TCGv addr64 = tcg_temp_new();
 979    tcg_gen_extu_i32_i64(addr64, addr);
 980    tcg_gen_qemu_st_i64(val, addr64, index, MO_TEQ);
 981    tcg_temp_free(addr64);
 982}
 983
 984#endif
 985
 986DO_GEN_LD(8s, MO_SB)
 987DO_GEN_LD(8u, MO_UB)
 988DO_GEN_LD(16s, MO_TESW)
 989DO_GEN_LD(16u, MO_TEUW)
 990DO_GEN_LD(32u, MO_TEUL)
 991DO_GEN_ST(8, MO_UB)
 992DO_GEN_ST(16, MO_TEUW)
 993DO_GEN_ST(32, MO_TEUL)
 994
 995static inline void gen_set_pc_im(DisasContext *s, target_ulong val)
 996{
 997    tcg_gen_movi_i32(cpu_R[15], val);
 998}
 999
1000static inline void gen_hvc(DisasContext *s, int imm16)

1001{
1002    /* The pre HVC helper handles cases when HVC gets trapped
1003     * as an undefined insn by runtime configuration (ie before
1004     * the insn really executes).
1005     */
1006    gen_set_pc_im(s, s->pc - 4);
1007    gen_helper_pre_hvc(cpu_env);
1008    /* Otherwise we will treat this as a real exception which
1009     * happens after execution of the insn. (The distinction matters
1010     * for the PC value reported to the exception handler and also
1011     * for single stepping.)
1012     */
1013    s->svc_imm = imm16;
1014    gen_set_pc_im(s, s->pc);
1015    s->is_jmp = DISAS_HVC;
1016}
1017
1018static inline void gen_smc(DisasContext *s)
1019{
1020    /* As with HVC, we may take an exception either before or after
1021     * the insn executes.
1022     */
1023    TCGv_i32 tmp;
1024
1025    gen_set_pc_im(s, s->pc - 4);
1026    tmp = tcg_const_i32(syn_aa32_smc());
1027    gen_helper_pre_smc(cpu_env, tmp);
1028    tcg_temp_free_i32(tmp);
1029    gen_set_pc_im(s, s->pc);
1030    s->is_jmp = DISAS_SMC;
1031}
1032
1033static inline void
1034gen_set_condexec (DisasContext *s)
1035{
1036    if (s->condexec_mask) {
1037        uint32_t val = (s->condexec_cond << 4) | (s->condexec_mask >> 1);
1038        TCGv_i32 tmp = tcg_temp_new_i32();
1039        tcg_gen_movi_i32(tmp, val);
1040        store_cpu_field(tmp, condexec_bits);
1041    }
1042}
1043
1044static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
1045{
1046    gen_set_condexec(s);
1047    gen_set_pc_im(s, s->pc - offset);
1048    gen_exception_internal(excp);
1049    s->is_jmp = DISAS_JUMP;
1050}
1051
1052static void gen_exception_insn(DisasContext *s, int offset, int excp,
1053                               int syn, uint32_t target_el)
1054{
1055    gen_set_condexec(s);
1056    gen_set_pc_im(s, s->pc - offset);
1057    gen_exception(excp, syn, target_el);
1058    s->is_jmp = DISAS_JUMP;
1059}
1060
1061/* Force a TB lookup after an instruction that changes the CPU state.  */
1062static inline void gen_lookup_tb(DisasContext *s)
1063{
1064    tcg_gen_movi_i32(cpu_R[15], s->pc & ~1);
1065    s->is_jmp = DISAS_JUMP;
1066}
1067
1068static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
1069                                       TCGv_i32 var)
1070{
1071    int val, rm, shift, shiftop;
1072    TCGv_i32 offset;
1073
1074    if (!(insn & (1 << 25))) {
1075        /* immediate */
1076        val = insn & 0xfff;
1077        if (!(insn & (1 << 23)))
1078            val = -val;
1079        if (val != 0)
1080            tcg_gen_addi_i32(var, var, val);
1081    } else {
1082        /* shift/register */
1083        rm = (insn) & 0xf;
1084        shift = (insn >> 7) & 0x1f;
1085        shiftop = (insn >> 5) & 3;
1086        offset = load_reg(s, rm);
1087        gen_arm_shift_im(offset, shiftop, shift, 0);
1088        if (!(insn & (1 << 23)))
1089            tcg_gen_sub_i32(var, var, offset);
1090        else
1091            tcg_gen_add_i32(var, var, offset);
1092        tcg_temp_free_i32(offset);
1093    }
1094}
1095
1096static inline void gen_add_datah_offset(DisasContext *s, unsigned int insn,
1097                                        int extra, TCGv_i32 var)
1098{
1099    int val, rm;
1100    TCGv_i32 offset;
1101
1102    if (insn & (1 << 22)) {
1103        /* immediate */
1104        val = (insn & 0xf) | ((insn >> 4) & 0xf0);
1105        if (!(insn & (1 << 23)))
1106            val = -val;
1107        val += extra;
1108        if (val != 0)
1109            tcg_gen_addi_i32(var, var, val);
1110    } else {
1111        /* register */
1112        if (extra)
1113            tcg_gen_addi_i32(var, var, extra);
1114        rm = (insn) & 0xf;
1115        offset = load_reg(s, rm);
1116        if (!(insn & (1 << 23)))
1117            tcg_gen_sub_i32(var, var, offset);
1118        else
1119            tcg_gen_add_i32(var, var, offset);
1120        tcg_temp_free_i32(offset);
1121    }
1122}
1123
1124static TCGv_ptr get_fpstatus_ptr(int neon)
1125{
1126    TCGv_ptr statusptr = tcg_temp_new_ptr();
1127    int offset;
1128    if (neon) {
1129        offset = offsetof(CPUARMState, vfp.standard_fp_status);
1130    } else {
1131        offset = offsetof(CPUARMState, vfp.fp_status);
1132    }
1133    tcg_gen_addi_ptr(statusptr, cpu_env, offset);
1134    return statusptr;
1135}
1136
1137#define VFP_OP2(name)                                                 \
1138static inline void gen_vfp_##name(int dp)                             \
1139{                                                                     \
1140    TCGv_ptr fpst = get_fpstatus_ptr(0);                              \
1141    if (dp) {                                                         \
1142        gen_helper_vfp_##name##d(cpu_F0d, cpu_F0d, cpu_F1d, fpst);    \
1143    } else {                                                          \
1144        gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, cpu_F1s, fpst);    \
1145    }                                                                 \
1146    tcg_temp_free_ptr(fpst);                                          \
1147}
1148
1149VFP_OP2(add)
1150VFP_OP2(sub)
1151VFP_OP2(mul)
1152VFP_OP2(div)
1153
1154#undef VFP_OP2
1155
1156static inline void gen_vfp_F1_mul(int dp)
1157{
1158    /* Like gen_vfp_mul() but put result in F1 */
1159    TCGv_ptr fpst = get_fpstatus_ptr(0);
1160    if (dp) {
1161        gen_helper_vfp_muld(cpu_F1d, cpu_F0d, cpu_F1d, fpst);
1162    } else {
1163        gen_helper_vfp_muls(cpu_F1s, cpu_F0s, cpu_F1s, fpst);
1164    }
1165    tcg_temp_free_ptr(fpst);
1166}
1167
1168static inline void gen_vfp_F1_neg(int dp)
1169{
1170    /* Like gen_vfp_neg() but put result in F1 */
1171    if (dp) {
1172        gen_helper_vfp_negd(cpu_F1d, cpu_F0d);
1173    } else {
1174        gen_helper_vfp_negs(cpu_F1s, cpu_F0s);
1175    }
1176}
1177
1178static inline void gen_vfp_abs(int dp)
1179{
1180    if (dp)
1181        gen_helper_vfp_absd(cpu_F0d, cpu_F0d);
1182    else
1183        gen_helper_vfp_abss(cpu_F0s, cpu_F0s);
1184}
1185
1186static inline void gen_vfp_neg(int dp)
1187{
1188    if (dp)
1189        gen_helper_vfp_negd(cpu_F0d, cpu_F0d);
1190    else
1191        gen_helper_vfp_negs(cpu_F0s, cpu_F0s);
1192}
1193
1194static inline void gen_vfp_sqrt(int dp)
1195{
1196    if (dp)
1197        gen_helper_vfp_sqrtd(cpu_F0d, cpu_F0d, cpu_env);
1198    else
1199        gen_helper_vfp_sqrts(cpu_F0s, cpu_F0s, cpu_env);
1200}
1201
1202static inline void gen_vfp_cmp(int dp)
1203{
1204    if (dp)
1205        gen_helper_vfp_cmpd(cpu_F0d, cpu_F1d, cpu_env);
1206    else
1207        gen_helper_vfp_cmps(cpu_F0s, cpu_F1s, cpu_env);
1208}
1209
1210static inline void gen_vfp_cmpe(int dp)
1211{
1212    if (dp)
1213        gen_helper_vfp_cmped(cpu_F0d, cpu_F1d, cpu_env);
1214    else
1215        gen_helper_vfp_cmpes(cpu_F0s, cpu_F1s, cpu_env);
1216}
1217
1218static inline void gen_vfp_F1_ld0(int dp)
1219{
1220    if (dp)
1221        tcg_gen_movi_i64(cpu_F1d, 0);
1222    else
1223        tcg_gen_movi_i32(cpu_F1s, 0);
1224}
1225
1226#define VFP_GEN_ITOF(name) \
1227static inline void gen_vfp_##name(int dp, int neon) \
1228{ \
1229    TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
1230    if (dp) { \
1231        gen_helper_vfp_##name##d(cpu_F0d, cpu_F0s, statusptr); \
1232    } else { \
1233        gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, statusptr); \
1234    } \
1235    tcg_temp_free_ptr(statusptr); \
1236}
1237
1238VFP_GEN_ITOF(uito)
1239VFP_GEN_ITOF(sito)
1240#undef VFP_GEN_ITOF
1241
1242#define VFP_GEN_FTOI(name) \
1243static inline void gen_vfp_##name(int dp, int neon) \
1244{ \
1245    TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
1246    if (dp) { \
1247        gen_helper_vfp_##name##d(cpu_F0s, cpu_F0d, statusptr); \
1248    } else { \
1249        gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, statusptr); \
1250    } \
1251    tcg_temp_free_ptr(statusptr); \
1252}
1253
1254VFP_GEN_FTOI(toui)
1255VFP_GEN_FTOI(touiz)
1256VFP_GEN_FTOI(tosi)
1257VFP_GEN_FTOI(tosiz)
1258#undef VFP_GEN_FTOI
1259
1260#define VFP_GEN_FIX(name, round) \
1261static inline void gen_vfp_##name(int dp, int shift, int neon) \
1262{ \
1263    TCGv_i32 tmp_shift = tcg_const_i32(shift); \
1264    TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
1265    if (dp) { \
1266        gen_helper_vfp_##name##d##round(cpu_F0d, cpu_F0d, tmp_shift, \
1267                                        statusptr); \
1268    } else { \
1269        gen_helper_vfp_##name##s##round(cpu_F0s, cpu_F0s, tmp_shift, \
1270                                        statusptr); \
1271    } \
1272    tcg_temp_free_i32(tmp_shift); \
1273    tcg_temp_free_ptr(statusptr); \
1274}
1275VFP_GEN_FIX(tosh, _round_to_zero)
1276VFP_GEN_FIX(tosl, _round_to_zero)
1277VFP_GEN_FIX(touh, _round_to_zero)
1278VFP_GEN_FIX(toul, _round_to_zero)
1279VFP_GEN_FIX(shto, )
1280VFP_GEN_FIX(slto, )
1281VFP_GEN_FIX(uhto, )
1282VFP_GEN_FIX(ulto, )
1283#undef VFP_GEN_FIX
1284
1285static inline void gen_vfp_ld(DisasContext *s, int dp, TCGv_i32 addr)
1286{
1287    if (dp) {
1288        gen_aa32_ld64(cpu_F0d, addr, get_mem_index(s));
1289    } else {
1290        gen_aa32_ld32u(cpu_F0s, addr, get_mem_index(s));
1291    }
1292}
1293
1294static inline void gen_vfp_st(DisasContext *s, int dp, TCGv_i32 addr)
1295{
1296    if (dp) {
1297        gen_aa32_st64(cpu_F0d, addr, get_mem_index(s));
1298    } else {
1299        gen_aa32_st32(cpu_F0s, addr, get_mem_index(s));
1300    }
1301}
1302
1303static inline long
1304vfp_reg_offset (int dp, int reg)
1305{
1306    if (dp)
1307        return offsetof(CPUARMState, vfp.regs[reg]);
1308    else if (reg & 1) {
1309        return offsetof(CPUARMState, vfp.regs[reg >> 1])
1310          + offsetof(CPU_DoubleU, l.upper);
1311    } else {
1312        return offsetof(CPUARMState, vfp.regs[reg >> 1])
1313          + offsetof(CPU_DoubleU, l.lower);
1314    }
1315}
1316
1317/* Return the offset of a 32-bit piece of a NEON register.
1318   zero is the least significant end of the register.  */
1319static inline long
1320neon_reg_offset (int reg, int n)
1321{
1322    int sreg;
1323    sreg = reg * 2 + n;
1324    return vfp_reg_offset(0, sreg);
1325}
1326
1327static TCGv_i32 neon_load_reg(int reg, int pass)
1328{
1329    TCGv_i32 tmp = tcg_temp_new_i32();
1330    tcg_gen_ld_i32(tmp, cpu_env, neon_reg_offset(reg, pass));
1331    return tmp;
1332}
1333
1334static void neon_store_reg(int reg, int pass, TCGv_i32 var)
1335{
1336    tcg_gen_st_i32(var, cpu_env, neon_reg_offset(reg, pass));
1337    tcg_temp_free_i32(var);
1338}
1339
1340static inline void neon_load_reg64(TCGv_i64 var, int reg)
1341{
1342    tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(1, reg));
1343}
1344
1345static inline void neon_store_reg64(TCGv_i64 var, int reg)
1346{
1347    tcg_gen_st_i64(var, cpu_env, vfp_reg_offset(1, reg));
1348}
1349
1350#define tcg_gen_ld_f32 tcg_gen_ld_i32
1351#define tcg_gen_ld_f64 tcg_gen_ld_i64
1352#define tcg_gen_st_f32 tcg_gen_st_i32
1353#define tcg_gen_st_f64 tcg_gen_st_i64
1354
1355static inline void gen_mov_F0_vreg(int dp, int reg)
1356{
1357    if (dp)
1358        tcg_gen_ld_f64(cpu_F0d, cpu_env, vfp_reg_offset(dp, reg));
1359    else
1360        tcg_gen_ld_f32(cpu_F0s, cpu_env, vfp_reg_offset(dp, reg));
1361}
1362
1363static inline void gen_mov_F1_vreg(int dp, int reg)
1364{
1365    if (dp)
1366        tcg_gen_ld_f64(cpu_F1d, cpu_env, vfp_reg_offset(dp, reg));
1367    else
1368        tcg_gen_ld_f32(cpu_F1s, cpu_env, vfp_reg_offset(dp, reg));
1369}
1370
1371static inline void gen_mov_vreg_F0(int dp, int reg)
1372{
1373    if (dp)
1374        tcg_gen_st_f64(cpu_F0d, cpu_env, vfp_reg_offset(dp, reg));
1375    else
1376        tcg_gen_st_f32(cpu_F0s, cpu_env, vfp_reg_offset(dp, reg));
1377}
1378
1379#define ARM_CP_RW_BIT   (1 << 20)
1380
1381static inline void iwmmxt_load_reg(TCGv_i64 var, int reg)
1382{
1383    tcg_gen_ld_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1384}
1385
1386static inline void iwmmxt_store_reg(TCGv_i64 var, int reg)
1387{
1388    tcg_gen_st_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1389}
1390
1391static inline TCGv_i32 iwmmxt_load_creg(int reg)
1392{
1393    TCGv_i32 var = tcg_temp_new_i32();
1394    tcg_gen_ld_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1395    return var;
1396}
1397
1398static inline void iwmmxt_store_creg(int reg, TCGv_i32 var)
1399{
1400    tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1401    tcg_temp_free_i32(var);
1402}
1403
1404static inline void gen_op_iwmmxt_movq_wRn_M0(int rn)
1405{
1406    iwmmxt_store_reg(cpu_M0, rn);
1407}
1408
1409static inline void gen_op_iwmmxt_movq_M0_wRn(int rn)
1410{
1411    iwmmxt_load_reg(cpu_M0, rn);
1412}
1413
1414static inline void gen_op_iwmmxt_orq_M0_wRn(int rn)
1415{
1416    iwmmxt_load_reg(cpu_V1, rn);
1417    tcg_gen_or_i64(cpu_M0, cpu_M0, cpu_V1);
1418}
1419
1420static inline void gen_op_iwmmxt_andq_M0_wRn(int rn)
1421{
1422    iwmmxt_load_reg(cpu_V1, rn);
1423    tcg_gen_and_i64(cpu_M0, cpu_M0, cpu_V1);
1424}
1425
1426static inline void gen_op_iwmmxt_xorq_M0_wRn(int rn)
1427{
1428    iwmmxt_load_reg(cpu_V1, rn);
1429    tcg_gen_xor_i64(cpu_M0, cpu_M0, cpu_V1);
1430}
1431
1432#define IWMMXT_OP(name) \
1433static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1434{ \
1435    iwmmxt_load_reg(cpu_V1, rn); \
1436    gen_helper_iwmmxt_##name(cpu_M0, cpu_M0, cpu_V1); \
1437}
1438
1439#define IWMMXT_OP_ENV(name) \
1440static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1441{ \
1442    iwmmxt_load_reg(cpu_V1, rn); \
1443    gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0, cpu_V1); \
1444}
1445
1446#define IWMMXT_OP_ENV_SIZE(name) \
1447IWMMXT_OP_ENV(name##b) \
1448IWMMXT_OP_ENV(name##w) \
1449IWMMXT_OP_ENV(name##l)
1450
1451#define IWMMXT_OP_ENV1(name) \
1452static inline void gen_op_iwmmxt_##name##_M0(void) \
1453{ \
1454    gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0); \
1455}
1456
1457IWMMXT_OP(maddsq)
1458IWMMXT_OP(madduq)
1459IWMMXT_OP(sadb)
1460IWMMXT_OP(sadw)
1461IWMMXT_OP(mulslw)
1462IWMMXT_OP(mulshw)
1463IWMMXT_OP(mululw)
1464IWMMXT_OP(muluhw)
1465IWMMXT_OP(macsw)
1466IWMMXT_OP(macuw)
1467
1468IWMMXT_OP_ENV_SIZE(unpackl)
1469IWMMXT_OP_ENV_SIZE(unpackh)
1470
1471IWMMXT_OP_ENV1(unpacklub)
1472IWMMXT_OP_ENV1(unpackluw)
1473IWMMXT_OP_ENV1(unpacklul)
1474IWMMXT_OP_ENV1(unpackhub)
1475IWMMXT_OP_ENV1(unpackhuw)
1476IWMMXT_OP_ENV1(unpackhul)
1477IWMMXT_OP_ENV1(unpacklsb)
1478IWMMXT_OP_ENV1(unpacklsw)
1479IWMMXT_OP_ENV1(unpacklsl)
1480IWMMXT_OP_ENV1(unpackhsb)
1481IWMMXT_OP_ENV1(unpackhsw)
1482IWMMXT_OP_ENV1(unpackhsl)
1483
1484IWMMXT_OP_ENV_SIZE(cmpeq)
1485IWMMXT_OP_ENV_SIZE(cmpgtu)
1486IWMMXT_OP_ENV_SIZE(cmpgts)
1487
1488IWMMXT_OP_ENV_SIZE(mins)
1489IWMMXT_OP_ENV_SIZE(minu)
1490IWMMXT_OP_ENV_SIZE(maxs)
1491IWMMXT_OP_ENV_SIZE(maxu)
1492
1493IWMMXT_OP_ENV_SIZE(subn)
1494IWMMXT_OP_ENV_SIZE(addn)
1495IWMMXT_OP_ENV_SIZE(subu)
1496IWMMXT_OP_ENV_SIZE(addu)
1497IWMMXT_OP_ENV_SIZE(subs)
1498IWMMXT_OP_ENV_SIZE(adds)
1499
1500IWMMXT_OP_ENV(avgb0)
1501IWMMXT_OP_ENV(avgb1)
1502IWMMXT_OP_ENV(avgw0)
1503IWMMXT_OP_ENV(avgw1)
1504
1505IWMMXT_OP_ENV(packuw)
1506IWMMXT_OP_ENV(packul)
1507IWMMXT_OP_ENV(packuq)
1508IWMMXT_OP_ENV(packsw)
1509IWMMXT_OP_ENV(packsl)
1510IWMMXT_OP_ENV(packsq)
1511
1512static void gen_op_iwmmxt_set_mup(void)
1513{
1514    TCGv_i32 tmp;
1515    tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1516    tcg_gen_ori_i32(tmp, tmp, 2);
1517    store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1518}
1519
1520static void gen_op_iwmmxt_set_cup(void)
1521{
1522    TCGv_i32 tmp;
1523    tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1524    tcg_gen_ori_i32(tmp, tmp, 1);
1525    store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1526}
1527
1528static void gen_op_iwmmxt_setpsr_nz(void)
1529{
1530    TCGv_i32 tmp = tcg_temp_new_i32();
1531    gen_helper_iwmmxt_setpsr_nz(tmp, cpu_M0);
1532    store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCASF]);
1533}
1534
1535static inline void gen_op_iwmmxt_addl_M0_wRn(int rn)
1536{
1537    iwmmxt_load_reg(cpu_V1, rn);
1538    tcg_gen_ext32u_i64(cpu_V1, cpu_V1);
1539    tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
1540}
1541
1542static inline int gen_iwmmxt_address(DisasContext *s, uint32_t insn,
1543                                     TCGv_i32 dest)
1544{
1545    int rd;
1546    uint32_t offset;
1547    TCGv_i32 tmp;
1548
1549    rd = (insn >> 16) & 0xf;
1550    tmp = load_reg(s, rd);
1551
1552    offset = (insn & 0xff) << ((insn >> 7) & 2);
1553    if (insn & (1 << 24)) {
1554        /* Pre indexed */
1555        if (insn & (1 << 23))
1556            tcg_gen_addi_i32(tmp, tmp, offset);
1557        else
1558            tcg_gen_addi_i32(tmp, tmp, -offset);
1559        tcg_gen_mov_i32(dest, tmp);
1560        if (insn & (1 << 21))
1561            store_reg(s, rd, tmp);
1562        else
1563            tcg_temp_free_i32(tmp);
1564    } else if (insn & (1 << 21)) {
1565        /* Post indexed */
1566        tcg_gen_mov_i32(dest, tmp);
1567        if (insn & (1 << 23))
1568            tcg_gen_addi_i32(tmp, tmp, offset);
1569        else
1570            tcg_gen_addi_i32(tmp, tmp, -offset);
1571        store_reg(s, rd, tmp);
1572    } else if (!(insn & (1 << 23)))
1573        return 1;
1574    return 0;
1575}
1576
1577static inline int gen_iwmmxt_shift(uint32_t insn, uint32_t mask, TCGv_i32 dest)
1578{
1579    int rd = (insn >> 0) & 0xf;
1580    TCGv_i32 tmp;
1581
1582    if (insn & (1 << 8)) {
1583        if (rd < ARM_IWMMXT_wCGR0 || rd > ARM_IWMMXT_wCGR3) {
1584            return 1;
1585        } else {
1586            tmp = iwmmxt_load_creg(rd);
1587        }
1588    } else {
1589        tmp = tcg_temp_new_i32();
1590        iwmmxt_load_reg(cpu_V0, rd);
1591        tcg_gen_extrl_i64_i32(tmp, cpu_V0);
1592    }
1593    tcg_gen_andi_i32(tmp, tmp, mask);
1594    tcg_gen_mov_i32(dest, tmp);
1595    tcg_temp_free_i32(tmp);
1596    return 0;
1597}
1598
1599/* Disassemble an iwMMXt instruction.  Returns nonzero if an error occurred
1600   (ie. an undefined instruction).  */
1601static int disas_iwmmxt_insn(DisasContext *s, uint32_t insn)
1602{
1603    int rd, wrd;
1604    int rdhi, rdlo, rd0, rd1, i;
1605    TCGv_i32 addr;
1606    TCGv_i32 tmp, tmp2, tmp3;
1607
1608    if ((insn & 0x0e000e00) == 0x0c000000) {
1609        if ((insn & 0x0fe00ff0) == 0x0c400000) {
1610            wrd = insn & 0xf;
1611            rdlo = (insn >> 12) & 0xf;
1612            rdhi = (insn >> 16) & 0xf;
1613            if (insn & ARM_CP_RW_BIT) {                 /* TMRRC */
1614                iwmmxt_load_reg(cpu_V0, wrd);
1615                tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
1616                tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
1617                tcg_gen_extrl_i64_i32(cpu_R[rdhi], cpu_V0);
1618            } else {                                    /* TMCRR */
1619                tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
1620                iwmmxt_store_reg(cpu_V0, wrd);
1621                gen_op_iwmmxt_set_mup();
1622            }
1623            return 0;
1624        }
1625
1626        wrd = (insn >> 12) & 0xf;
1627        addr = tcg_temp_new_i32();
1628        if (gen_iwmmxt_address(s, insn, addr)) {
1629            tcg_temp_free_i32(addr);
1630            return 1;
1631        }
1632        if (insn & ARM_CP_RW_BIT) {
1633            if ((insn >> 28) == 0xf) {                  /* WLDRW wCx */
1634                tmp = tcg_temp_new_i32();
1635                gen_aa32_ld32u(tmp, addr, get_mem_index(s));
1636                iwmmxt_store_creg(wrd, tmp);
1637            } else {
1638                i = 1;
1639                if (insn & (1 << 8)) {
1640                    if (insn & (1 << 22)) {             /* WLDRD */
1641                        gen_aa32_ld64(cpu_M0, addr, get_mem_index(s));
1642                        i = 0;
1643                    } else {                            /* WLDRW wRd */
1644                        tmp = tcg_temp_new_i32();
1645                        gen_aa32_ld32u(tmp, addr, get_mem_index(s));
1646                    }
1647                } else {
1648                    tmp = tcg_temp_new_i32();
1649                    if (insn & (1 << 22)) {             /* WLDRH */
1650                        gen_aa32_ld16u(tmp, addr, get_mem_index(s));
1651                    } else {                            /* WLDRB */
1652                        gen_aa32_ld8u(tmp, addr, get_mem_index(s));
1653                    }
1654                }
1655                if (i) {
1656                    tcg_gen_extu_i32_i64(cpu_M0, tmp);
1657                    tcg_temp_free_i32(tmp);
1658                }
1659                gen_op_iwmmxt_movq_wRn_M0(wrd);
1660            }
1661        } else {
1662            if ((insn >> 28) == 0xf) {                  /* WSTRW wCx */
1663                tmp = iwmmxt_load_creg(wrd);
1664                gen_aa32_st32(tmp, addr, get_mem_index(s));
1665            } else {
1666                gen_op_iwmmxt_movq_M0_wRn(wrd);
1667                tmp = tcg_temp_new_i32();
1668                if (insn & (1 << 8)) {
1669                    if (insn & (1 << 22)) {             /* WSTRD */
1670                        gen_aa32_st64(cpu_M0, addr, get_mem_index(s));
1671                    } else {                            /* WSTRW wRd */
1672                        tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1673                        gen_aa32_st32(tmp, addr, get_mem_index(s));
1674                    }
1675                } else {
1676                    if (insn & (1 << 22)) {             /* WSTRH */
1677                        tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1678                        gen_aa32_st16(tmp, addr, get_mem_index(s));
1679                    } else {                            /* WSTRB */
1680                        tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1681                        gen_aa32_st8(tmp, addr, get_mem_index(s));
1682                    }
1683                }
1684            }
1685            tcg_temp_free_i32(tmp);
1686        }
1687        tcg_temp_free_i32(addr);
1688        return 0;
1689    }
1690
1691    if ((insn & 0x0f000000) != 0x0e000000)
1692        return 1;
1693
1694    switch (((insn >> 12) & 0xf00) | ((insn >> 4) & 0xff)) {
1695    case 0x000:                                         /* WOR */
1696        wrd = (insn >> 12) & 0xf;
1697        rd0 = (insn >> 0) & 0xf;
1698        rd1 = (insn >> 16) & 0xf;
1699        gen_op_iwmmxt_movq_M0_wRn(rd0);
1700        gen_op_iwmmxt_orq_M0_wRn(rd1);
1701        gen_op_iwmmxt_setpsr_nz();
1702        gen_op_iwmmxt_movq_wRn_M0(wrd);
1703        gen_op_iwmmxt_set_mup();
1704        gen_op_iwmmxt_set_cup();
1705        break;
1706    case 0x011:                                         /* TMCR */
1707        if (insn & 0xf)
1708            return 1;
1709        rd = (insn >> 12) & 0xf;
1710        wrd = (insn >> 16) & 0xf;
1711        switch (wrd) {
1712        case ARM_IWMMXT_wCID:
1713        case ARM_IWMMXT_wCASF:
1714            break;
1715        case ARM_IWMMXT_wCon:
1716            gen_op_iwmmxt_set_cup();
1717            /* Fall through.  */
1718        case ARM_IWMMXT_wCSSF:
1719            tmp = iwmmxt_load_creg(wrd);
1720            tmp2 = load_reg(s, rd);
1721            tcg_gen_andc_i32(tmp, tmp, tmp2);
1722            tcg_temp_free_i32(tmp2);
1723            iwmmxt_store_creg(wrd, tmp);
1724            break;
1725        case ARM_IWMMXT_wCGR0:
1726        case ARM_IWMMXT_wCGR1:
1727        case ARM_IWMMXT_wCGR2:
1728        case ARM_IWMMXT_wCGR3:
1729            gen_op_iwmmxt_set_cup();
1730            tmp = load_reg(s, rd);
1731            iwmmxt_store_creg(wrd, tmp);
1732            break;
1733        default:
1734            return 1;
1735        }
1736        break;
1737    case 0x100:                                         /* WXOR */
1738        wrd = (insn >> 12) & 0xf;
1739        rd0 = (insn >> 0) & 0xf;
1740        rd1 = (insn >> 16) & 0xf;
1741        gen_op_iwmmxt_movq_M0_wRn(rd0);
1742        gen_op_iwmmxt_xorq_M0_wRn(rd1);
1743        gen_op_iwmmxt_setpsr_nz();
1744        gen_op_iwmmxt_movq_wRn_M0(wrd);
1745        gen_op_iwmmxt_set_mup();
1746        gen_op_iwmmxt_set_cup();
1747        break;
1748    case 0x111:                                         /* TMRC */
1749        if (insn & 0xf)
1750            return 1;
1751        rd = (insn >> 12) & 0xf;
1752        wrd = (insn >> 16) & 0xf;
1753        tmp = iwmmxt_load_creg(wrd);
1754        store_reg(s, rd, tmp);
1755        break;
1756    case 0x300:                                         /* WANDN */
1757        wrd = (insn >> 12) & 0xf;
1758        rd0 = (insn >> 0) & 0xf;
1759        rd1 = (insn >> 16) & 0xf;
1760        gen_op_iwmmxt_movq_M0_wRn(rd0);
1761        tcg_gen_neg_i64(cpu_M0, cpu_M0);
1762        gen_op_iwmmxt_andq_M0_wRn(rd1);
1763        gen_op_iwmmxt_setpsr_nz();
1764        gen_op_iwmmxt_movq_wRn_M0(wrd);
1765        gen_op_iwmmxt_set_mup();
1766        gen_op_iwmmxt_set_cup();
1767        break;
1768    case 0x200:                                         /* WAND */
1769        wrd = (insn >> 12) & 0xf;
1770        rd0 = (insn >> 0) & 0xf;
1771        rd1 = (insn >> 16) & 0xf;
1772        gen_op_iwmmxt_movq_M0_wRn(rd0);
1773        gen_op_iwmmxt_andq_M0_wRn(rd1);
1774        gen_op_iwmmxt_setpsr_nz();
1775        gen_op_iwmmxt_movq_wRn_M0(wrd);
1776        gen_op_iwmmxt_set_mup();
1777        gen_op_iwmmxt_set_cup();
1778        break;
1779    case 0x810: case 0xa10:                             /* WMADD */
1780        wrd = (insn >> 12) & 0xf;
1781        rd0 = (insn >> 0) & 0xf;
1782        rd1 = (insn >> 16) & 0xf;
1783        gen_op_iwmmxt_movq_M0_wRn(rd0);
1784        if (insn & (1 << 21))
1785            gen_op_iwmmxt_maddsq_M0_wRn(rd1);
1786        else
1787            gen_op_iwmmxt_madduq_M0_wRn(rd1);
1788        gen_op_iwmmxt_movq_wRn_M0(wrd);
1789        gen_op_iwmmxt_set_mup();
1790        break;
1791    case 0x10e: case 0x50e: case 0x90e: case 0xd0e:     /* WUNPCKIL */
1792        wrd = (insn >> 12) & 0xf;
1793        rd0 = (insn >> 16) & 0xf;
1794        rd1 = (insn >> 0) & 0xf;
1795        gen_op_iwmmxt_movq_M0_wRn(rd0);
1796        switch ((insn >> 22) & 3) {
1797        case 0:
1798            gen_op_iwmmxt_unpacklb_M0_wRn(rd1);
1799            break;
1800        case 1:
1801            gen_op_iwmmxt_unpacklw_M0_wRn(rd1);
1802            break;
1803        case 2:
1804            gen_op_iwmmxt_unpackll_M0_wRn(rd1);
1805            break;
1806        case 3:
1807            return 1;
1808        }
1809        gen_op_iwmmxt_movq_wRn_M0(wrd);
1810        gen_op_iwmmxt_set_mup();
1811        gen_op_iwmmxt_set_cup();
1812        break;
1813    case 0x10c: case 0x50c: case 0x90c: case 0xd0c:     /* WUNPCKIH */
1814        wrd = (insn >> 12) & 0xf;
1815        rd0 = (insn >> 16) & 0xf;
1816        rd1 = (insn >> 0) & 0xf;
1817        gen_op_iwmmxt_movq_M0_wRn(rd0);
1818        switch ((insn >> 22) & 3) {
1819        case 0:
1820            gen_op_iwmmxt_unpackhb_M0_wRn(rd1);
1821            break;
1822        case 1:
1823            gen_op_iwmmxt_unpackhw_M0_wRn(rd1);
1824            break;
1825        case 2:
1826            gen_op_iwmmxt_unpackhl_M0_wRn(rd1);
1827            break;
1828        case 3:
1829            return 1;
1830        }
1831        gen_op_iwmmxt_movq_wRn_M0(wrd);
1832        gen_op_iwmmxt_set_mup();
1833        gen_op_iwmmxt_set_cup();
1834        break;
1835    case 0x012: case 0x112: case 0x412: case 0x512:     /* WSAD */
1836        wrd = (insn >> 12) & 0xf;
1837        rd0 = (insn >> 16) & 0xf;
1838        rd1 = (insn >> 0) & 0xf;
1839        gen_op_iwmmxt_movq_M0_wRn(rd0);
1840        if (insn & (1 << 22))
1841            gen_op_iwmmxt_sadw_M0_wRn(rd1);
1842        else
1843            gen_op_iwmmxt_sadb_M0_wRn(rd1);
1844        if (!(insn & (1 << 20)))
1845            gen_op_iwmmxt_addl_M0_wRn(wrd);
1846        gen_op_iwmmxt_movq_wRn_M0(wrd);
1847        gen_op_iwmmxt_set_mup();
1848        break;
1849    case 0x010: case 0x110: case 0x210: case 0x310:     /* WMUL */
1850        wrd = (insn >> 12) & 0xf;
1851        rd0 = (insn >> 16) & 0xf;
1852        rd1 = (insn >> 0) & 0xf;
1853        gen_op_iwmmxt_movq_M0_wRn(rd0);
1854        if (insn & (1 << 21)) {
1855            if (insn & (1 << 20))
1856                gen_op_iwmmxt_mulshw_M0_wRn(rd1);
1857            else
1858                gen_op_iwmmxt_mulslw_M0_wRn(rd1);
1859        } else {
1860            if (insn & (1 << 20))
1861                gen_op_iwmmxt_muluhw_M0_wRn(rd1);
1862            else
1863                gen_op_iwmmxt_mululw_M0_wRn(rd1);
1864        }
1865        gen_op_iwmmxt_movq_wRn_M0(wrd);
1866        gen_op_iwmmxt_set_mup();
1867        break;
1868    case 0x410: case 0x510: case 0x610: case 0x710:     /* WMAC */
1869        wrd = (insn >> 12) & 0xf;
1870        rd0 = (insn >> 16) & 0xf;
1871        rd1 = (insn >> 0) & 0xf;
1872        gen_op_iwmmxt_movq_M0_wRn(rd0);
1873        if (insn & (1 << 21))
1874            gen_op_iwmmxt_macsw_M0_wRn(rd1);
1875        else
1876            gen_op_iwmmxt_macuw_M0_wRn(rd1);
1877        if (!(insn & (1 << 20))) {
1878            iwmmxt_load_reg(cpu_V1, wrd);
1879            tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
1880        }
1881        gen_op_iwmmxt_movq_wRn_M0(wrd);
1882        gen_op_iwmmxt_set_mup();
1883        break;
1884    case 0x006: case 0x406: case 0x806: case 0xc06:     /* WCMPEQ */
1885        wrd = (insn >> 12) & 0xf;
1886        rd0 = (insn >> 16) & 0xf;
1887        rd1 = (insn >> 0) & 0xf;
1888        gen_op_iwmmxt_movq_M0_wRn(rd0);
1889        switch ((insn >> 22) & 3) {
1890        case 0:
1891            gen_op_iwmmxt_cmpeqb_M0_wRn(rd1);
1892            break;
1893        case 1:
1894            gen_op_iwmmxt_cmpeqw_M0_wRn(rd1);
1895            break;
1896        case 2:
1897            gen_op_iwmmxt_cmpeql_M0_wRn(rd1);
1898            break;
1899        case 3:
1900            return 1;
1901        }
1902        gen_op_iwmmxt_movq_wRn_M0(wrd);
1903        gen_op_iwmmxt_set_mup();
1904        gen_op_iwmmxt_set_cup();
1905        break;
1906    case 0x800: case 0x900: case 0xc00: case 0xd00:     /* WAVG2 */
1907        wrd = (insn >> 12) & 0xf;
1908        rd0 = (insn >> 16) & 0xf;
1909        rd1 = (insn >> 0) & 0xf;
1910        gen_op_iwmmxt_movq_M0_wRn(rd0);
1911        if (insn & (1 << 22)) {
1912            if (insn & (1 << 20))
1913                gen_op_iwmmxt_avgw1_M0_wRn(rd1);
1914            else
1915                gen_op_iwmmxt_avgw0_M0_wRn(rd1);
1916        } else {
1917            if (insn & (1 << 20))
1918                gen_op_iwmmxt_avgb1_M0_wRn(rd1);
1919            else
1920                gen_op_iwmmxt_avgb0_M0_wRn(rd1);
1921        }
1922        gen_op_iwmmxt_movq_wRn_M0(wrd);
1923        gen_op_iwmmxt_set_mup();
1924        gen_op_iwmmxt_set_cup();
1925        break;
1926    case 0x802: case 0x902: case 0xa02: case 0xb02:     /* WALIGNR */
1927        wrd = (insn >> 12) & 0xf;
1928        rd0 = (insn >> 16) & 0xf;
1929        rd1 = (insn >> 0) & 0xf;
1930        gen_op_iwmmxt_movq_M0_wRn(rd0);
1931        tmp = iwmmxt_load_creg(ARM_IWMMXT_wCGR0 + ((insn >> 20) & 3));
1932        tcg_gen_andi_i32(tmp, tmp, 7);
1933        iwmmxt_load_reg(cpu_V1, rd1);
1934        gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
1935        tcg_temp_free_i32(tmp);
1936        gen_op_iwmmxt_movq_wRn_M0(wrd);
1937        gen_op_iwmmxt_set_mup();
1938        break;
1939    case 0x601: case 0x605: case 0x609: case 0x60d:     /* TINSR */
1940        if (((insn >> 6) & 3) == 3)
1941            return 1;
1942        rd = (insn >> 12) & 0xf;
1943        wrd = (insn >> 16) & 0xf;
1944        tmp = load_reg(s, rd);
1945        gen_op_iwmmxt_movq_M0_wRn(wrd);
1946        switch ((insn >> 6) & 3) {
1947        case 0:
1948            tmp2 = tcg_const_i32(0xff);
1949            tmp3 = tcg_const_i32((insn & 7) << 3);
1950            break;
1951        case 1:
1952            tmp2 = tcg_const_i32(0xffff);
1953            tmp3 = tcg_const_i32((insn & 3) << 4);
1954            break;
1955        case 2:
1956            tmp2 = tcg_const_i32(0xffffffff);
1957            tmp3 = tcg_const_i32((insn & 1) << 5);
1958            break;
1959        default:
1960            TCGV_UNUSED_I32(tmp2);
1961            TCGV_UNUSED_I32(tmp3);
1962        }
1963        gen_helper_iwmmxt_insr(cpu_M0, cpu_M0, tmp, tmp2, tmp3);
1964        tcg_temp_free_i32(tmp3);
1965        tcg_temp_free_i32(tmp2);
1966        tcg_temp_free_i32(tmp);
1967        gen_op_iwmmxt_movq_wRn_M0(wrd);
1968        gen_op_iwmmxt_set_mup();
1969        break;
1970    case 0x107: case 0x507: case 0x907: case 0xd07:     /* TEXTRM */
1971        rd = (insn >> 12) & 0xf;
1972        wrd = (insn >> 16) & 0xf;
1973        if (rd == 15 || ((insn >> 22) & 3) == 3)
1974            return 1;
1975        gen_op_iwmmxt_movq_M0_wRn(wrd);
1976        tmp = tcg_temp_new_i32();
1977        switch ((insn >> 22) & 3) {
1978        case 0:
1979            tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 7) << 3);
1980            tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1981            if (insn & 8) {
1982                tcg_gen_ext8s_i32(tmp, tmp);
1983            } else {
1984                tcg_gen_andi_i32(tmp, tmp, 0xff);
1985            }
1986            break;
1987        case 1:
1988            tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 3) << 4);
1989            tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1990            if (insn & 8) {
1991                tcg_gen_ext16s_i32(tmp, tmp);
1992            } else {
1993                tcg_gen_andi_i32(tmp, tmp, 0xffff);
1994            }
1995            break;
1996        case 2:
1997            tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 1) << 5);
1998            tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1999            break;
2000        }

2001        store_reg(s, rd, tmp);
2002        break;
2003    case 0x117: case 0x517: case 0x917: case 0xd17:     /* TEXTRC */
2004        if ((insn & 0x000ff008) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2005            return 1;
2006        tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2007        switch ((insn >> 22) & 3) {
2008        case 0:
2009            tcg_gen_shri_i32(tmp, tmp, ((insn & 7) << 2) + 0);
2010            break;
2011        case 1:
2012            tcg_gen_shri_i32(tmp, tmp, ((insn & 3) << 3) + 4);
2013            break;
2014        case 2:
2015            tcg_gen_shri_i32(tmp, tmp, ((insn & 1) << 4) + 12);
2016            break;
2017        }
2018        tcg_gen_shli_i32(tmp, tmp, 28);
2019        gen_set_nzcv(tmp);
2020        tcg_temp_free_i32(tmp);
2021        break;
2022    case 0x401: case 0x405: case 0x409: case 0x40d:     /* TBCST */
2023        if (((insn >> 6) & 3) == 3)
2024            return 1;
2025        rd = (insn >> 12) & 0xf;
2026        wrd = (insn >> 16) & 0xf;
2027        tmp = load_reg(s, rd);
2028        switch ((insn >> 6) & 3) {
2029        case 0:
2030            gen_helper_iwmmxt_bcstb(cpu_M0, tmp);
2031            break;
2032        case 1:
2033            gen_helper_iwmmxt_bcstw(cpu_M0, tmp);
2034            break;
2035        case 2:
2036            gen_helper_iwmmxt_bcstl(cpu_M0, tmp);
2037            break;
2038        }
2039        tcg_temp_free_i32(tmp);
2040        gen_op_iwmmxt_movq_wRn_M0(wrd);
2041        gen_op_iwmmxt_set_mup();
2042        break;
2043    case 0x113: case 0x513: case 0x913: case 0xd13:     /* TANDC */
2044        if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2045            return 1;
2046        tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2047        tmp2 = tcg_temp_new_i32();
2048        tcg_gen_mov_i32(tmp2, tmp);
2049        switch ((insn >> 22) & 3) {
2050        case 0:
2051            for (i = 0; i < 7; i ++) {
2052                tcg_gen_shli_i32(tmp2, tmp2, 4);
2053                tcg_gen_and_i32(tmp, tmp, tmp2);
2054            }
2055            break;
2056        case 1:
2057            for (i = 0; i < 3; i ++) {
2058                tcg_gen_shli_i32(tmp2, tmp2, 8);
2059                tcg_gen_and_i32(tmp, tmp, tmp2);
2060            }
2061            break;
2062        case 2:
2063            tcg_gen_shli_i32(tmp2, tmp2, 16);
2064            tcg_gen_and_i32(tmp, tmp, tmp2);
2065            break;
2066        }
2067        gen_set_nzcv(tmp);
2068        tcg_temp_free_i32(tmp2);
2069        tcg_temp_free_i32(tmp);
2070        break;
2071    case 0x01c: case 0x41c: case 0x81c: case 0xc1c:     /* WACC */
2072        wrd = (insn >> 12) & 0xf;
2073        rd0 = (insn >> 16) & 0xf;
2074        gen_op_iwmmxt_movq_M0_wRn(rd0);
2075        switch ((insn >> 22) & 3) {
2076        case 0:
2077            gen_helper_iwmmxt_addcb(cpu_M0, cpu_M0);
2078            break;
2079        case 1:
2080            gen_helper_iwmmxt_addcw(cpu_M0, cpu_M0);
2081            break;
2082        case 2:
2083            gen_helper_iwmmxt_addcl(cpu_M0, cpu_M0);
2084            break;
2085        case 3:
2086            return 1;
2087        }
2088        gen_op_iwmmxt_movq_wRn_M0(wrd);
2089        gen_op_iwmmxt_set_mup();
2090        break;
2091    case 0x115: case 0x515: case 0x915: case 0xd15:     /* TORC */
2092        if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2093            return 1;
2094        tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2095        tmp2 = tcg_temp_new_i32();
2096        tcg_gen_mov_i32(tmp2, tmp);
2097        switch ((insn >> 22) & 3) {
2098        case 0:
2099            for (i = 0; i < 7; i ++) {
2100                tcg_gen_shli_i32(tmp2, tmp2, 4);
2101                tcg_gen_or_i32(tmp, tmp, tmp2);
2102            }
2103            break;
2104        case 1:
2105            for (i = 0; i < 3; i ++) {
2106                tcg_gen_shli_i32(tmp2, tmp2, 8);
2107                tcg_gen_or_i32(tmp, tmp, tmp2);
2108            }
2109            break;
2110        case 2:
2111            tcg_gen_shli_i32(tmp2, tmp2, 16);
2112            tcg_gen_or_i32(tmp, tmp, tmp2);
2113            break;
2114        }
2115        gen_set_nzcv(tmp);
2116        tcg_temp_free_i32(tmp2);
2117        tcg_temp_free_i32(tmp);
2118        break;
2119    case 0x103: case 0x503: case 0x903: case 0xd03:     /* TMOVMSK */
2120        rd = (insn >> 12) & 0xf;
2121        rd0 = (insn >> 16) & 0xf;
2122        if ((insn & 0xf) != 0 || ((insn >> 22) & 3) == 3)
2123            return 1;
2124        gen_op_iwmmxt_movq_M0_wRn(rd0);
2125        tmp = tcg_temp_new_i32();
2126        switch ((insn >> 22) & 3) {
2127        case 0:
2128            gen_helper_iwmmxt_msbb(tmp, cpu_M0);
2129            break;
2130        case 1:
2131            gen_helper_iwmmxt_msbw(tmp, cpu_M0);
2132            break;
2133        case 2:
2134            gen_helper_iwmmxt_msbl(tmp, cpu_M0);
2135            break;
2136        }
2137        store_reg(s, rd, tmp);
2138        break;
2139    case 0x106: case 0x306: case 0x506: case 0x706:     /* WCMPGT */
2140    case 0x906: case 0xb06: case 0xd06: case 0xf06:
2141        wrd = (insn >> 12) & 0xf;
2142        rd0 = (insn >> 16) & 0xf;
2143        rd1 = (insn >> 0) & 0xf;
2144        gen_op_iwmmxt_movq_M0_wRn(rd0);
2145        switch ((insn >> 22) & 3) {
2146        case 0:
2147            if (insn & (1 << 21))
2148                gen_op_iwmmxt_cmpgtsb_M0_wRn(rd1);
2149            else
2150                gen_op_iwmmxt_cmpgtub_M0_wRn(rd1);
2151            break;
2152        case 1:
2153            if (insn & (1 << 21))
2154                gen_op_iwmmxt_cmpgtsw_M0_wRn(rd1);
2155            else
2156                gen_op_iwmmxt_cmpgtuw_M0_wRn(rd1);
2157            break;
2158        case 2:
2159            if (insn & (1 << 21))
2160                gen_op_iwmmxt_cmpgtsl_M0_wRn(rd1);
2161            else
2162                gen_op_iwmmxt_cmpgtul_M0_wRn(rd1);
2163            break;
2164        case 3:
2165            return 1;
2166        }
2167        gen_op_iwmmxt_movq_wRn_M0(wrd);
2168        gen_op_iwmmxt_set_mup();
2169        gen_op_iwmmxt_set_cup();
2170        break;
2171    case 0x00e: case 0x20e: case 0x40e: case 0x60e:     /* WUNPCKEL */
2172    case 0x80e: case 0xa0e: case 0xc0e: case 0xe0e:
2173        wrd = (insn >> 12) & 0xf;
2174        rd0 = (insn >> 16) & 0xf;
2175        gen_op_iwmmxt_movq_M0_wRn(rd0);
2176        switch ((insn >> 22) & 3) {
2177        case 0:
2178            if (insn & (1 << 21))
2179                gen_op_iwmmxt_unpacklsb_M0();
2180            else
2181                gen_op_iwmmxt_unpacklub_M0();
2182            break;
2183        case 1:
2184            if (insn & (1 << 21))
2185                gen_op_iwmmxt_unpacklsw_M0();
2186            else
2187                gen_op_iwmmxt_unpackluw_M0();
2188            break;
2189        case 2:
2190            if (insn & (1 << 21))
2191                gen_op_iwmmxt_unpacklsl_M0();
2192            else
2193                gen_op_iwmmxt_unpacklul_M0();
2194            break;
2195        case 3:
2196            return 1;
2197        }
2198        gen_op_iwmmxt_movq_wRn_M0(wrd);
2199        gen_op_iwmmxt_set_mup();
2200        gen_op_iwmmxt_set_cup();
2201        break;
2202    case 0x00c: case 0x20c: case 0x40c: case 0x60c:     /* WUNPCKEH */
2203    case 0x80c: case 0xa0c: case 0xc0c: case 0xe0c:
2204        wrd = (insn >> 12) & 0xf;
2205        rd0 = (insn >> 16) & 0xf;
2206        gen_op_iwmmxt_movq_M0_wRn(rd0);
2207        switch ((insn >> 22) & 3) {
2208        case 0:
2209            if (insn & (1 << 21))
2210                gen_op_iwmmxt_unpackhsb_M0();
2211            else
2212                gen_op_iwmmxt_unpackhub_M0();
2213            break;
2214        case 1:
2215            if (insn & (1 << 21))
2216                gen_op_iwmmxt_unpackhsw_M0();
2217            else
2218                gen_op_iwmmxt_unpackhuw_M0();
2219            break;
2220        case 2:
2221            if (insn & (1 << 21))
2222                gen_op_iwmmxt_unpackhsl_M0();
2223            else
2224                gen_op_iwmmxt_unpackhul_M0();
2225            break;
2226        case 3:
2227            return 1;
2228        }
2229        gen_op_iwmmxt_movq_wRn_M0(wrd);
2230        gen_op_iwmmxt_set_mup();
2231        gen_op_iwmmxt_set_cup();
2232        break;
2233    case 0x204: case 0x604: case 0xa04: case 0xe04:     /* WSRL */
2234    case 0x214: case 0x614: case 0xa14: case 0xe14:
2235        if (((insn >> 22) & 3) == 0)
2236            return 1;
2237        wrd = (insn >> 12) & 0xf;
2238        rd0 = (insn >> 16) & 0xf;
2239        gen_op_iwmmxt_movq_M0_wRn(rd0);
2240        tmp = tcg_temp_new_i32();
2241        if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2242            tcg_temp_free_i32(tmp);
2243            return 1;
2244        }
2245        switch ((insn >> 22) & 3) {
2246        case 1:
2247            gen_helper_iwmmxt_srlw(cpu_M0, cpu_env, cpu_M0, tmp);
2248            break;
2249        case 2:
2250            gen_helper_iwmmxt_srll(cpu_M0, cpu_env, cpu_M0, tmp);
2251            break;
2252        case 3:
2253            gen_helper_iwmmxt_srlq(cpu_M0, cpu_env, cpu_M0, tmp);
2254            break;
2255        }
2256        tcg_temp_free_i32(tmp);
2257        gen_op_iwmmxt_movq_wRn_M0(wrd);
2258        gen_op_iwmmxt_set_mup();
2259        gen_op_iwmmxt_set_cup();
2260        break;
2261    case 0x004: case 0x404: case 0x804: case 0xc04:     /* WSRA */
2262    case 0x014: case 0x414: case 0x814: case 0xc14:
2263        if (((insn >> 22) & 3) == 0)
2264            return 1;
2265        wrd = (insn >> 12) & 0xf;
2266        rd0 = (insn >> 16) & 0xf;
2267        gen_op_iwmmxt_movq_M0_wRn(rd0);
2268        tmp = tcg_temp_new_i32();
2269        if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2270            tcg_temp_free_i32(tmp);
2271            return 1;
2272        }
2273        switch ((insn >> 22) & 3) {
2274        case 1:
2275            gen_helper_iwmmxt_sraw(cpu_M0, cpu_env, cpu_M0, tmp);
2276            break;
2277        case 2:
2278            gen_helper_iwmmxt_sral(cpu_M0, cpu_env, cpu_M0, tmp);
2279            break;
2280        case 3:
2281            gen_helper_iwmmxt_sraq(cpu_M0, cpu_env, cpu_M0, tmp);
2282            break;
2283        }
2284        tcg_temp_free_i32(tmp);
2285        gen_op_iwmmxt_movq_wRn_M0(wrd);
2286        gen_op_iwmmxt_set_mup();
2287        gen_op_iwmmxt_set_cup();
2288        break;
2289    case 0x104: case 0x504: case 0x904: case 0xd04:     /* WSLL */
2290    case 0x114: case 0x514: case 0x914: case 0xd14:
2291        if (((insn >> 22) & 3) == 0)
2292            return 1;
2293        wrd = (insn >> 12) & 0xf;
2294        rd0 = (insn >> 16) & 0xf;
2295        gen_op_iwmmxt_movq_M0_wRn(rd0);
2296        tmp = tcg_temp_new_i32();
2297        if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2298            tcg_temp_free_i32(tmp);
2299            return 1;
2300        }
2301        switch ((insn >> 22) & 3) {
2302        case 1:
2303            gen_helper_iwmmxt_sllw(cpu_M0, cpu_env, cpu_M0, tmp);
2304            break;
2305        case 2:
2306            gen_helper_iwmmxt_slll(cpu_M0, cpu_env, cpu_M0, tmp);
2307            break;
2308        case 3:
2309            gen_helper_iwmmxt_sllq(cpu_M0, cpu_env, cpu_M0, tmp);
2310            break;
2311        }
2312        tcg_temp_free_i32(tmp);
2313        gen_op_iwmmxt_movq_wRn_M0(wrd);
2314        gen_op_iwmmxt_set_mup();
2315        gen_op_iwmmxt_set_cup();
2316        break;
2317    case 0x304: case 0x704: case 0xb04: case 0xf04:     /* WROR */
2318    case 0x314: case 0x714: case 0xb14: case 0xf14:
2319        if (((insn >> 22) & 3) == 0)
2320            return 1;
2321        wrd = (insn >> 12) & 0xf;
2322        rd0 = (insn >> 16) & 0xf;
2323        gen_op_iwmmxt_movq_M0_wRn(rd0);
2324        tmp = tcg_temp_new_i32();
2325        switch ((insn >> 22) & 3) {
2326        case 1:
2327            if (gen_iwmmxt_shift(insn, 0xf, tmp)) {
2328                tcg_temp_free_i32(tmp);
2329                return 1;
2330            }
2331            gen_helper_iwmmxt_rorw(cpu_M0, cpu_env, cpu_M0, tmp);
2332            break;
2333        case 2:
2334            if (gen_iwmmxt_shift(insn, 0x1f, tmp)) {
2335                tcg_temp_free_i32(tmp);
2336                return 1;
2337            }
2338            gen_helper_iwmmxt_rorl(cpu_M0, cpu_env, cpu_M0, tmp);
2339            break;
2340        case 3:
2341            if (gen_iwmmxt_shift(insn, 0x3f, tmp)) {
2342                tcg_temp_free_i32(tmp);
2343                return 1;
2344            }
2345            gen_helper_iwmmxt_rorq(cpu_M0, cpu_env, cpu_M0, tmp);
2346            break;
2347        }
2348        tcg_temp_free_i32(tmp);
2349        gen_op_iwmmxt_movq_wRn_M0(wrd);
2350        gen_op_iwmmxt_set_mup();
2351        gen_op_iwmmxt_set_cup();
2352        break;
2353    case 0x116: case 0x316: case 0x516: case 0x716:     /* WMIN */
2354    case 0x916: case 0xb16: case 0xd16: case 0xf16:
2355        wrd = (insn >> 12) & 0xf;
2356        rd0 = (insn >> 16) & 0xf;
2357        rd1 = (insn >> 0) & 0xf;
2358        gen_op_iwmmxt_movq_M0_wRn(rd0);
2359        switch ((insn >> 22) & 3) {
2360        case 0:
2361            if (insn & (1 << 21))
2362                gen_op_iwmmxt_minsb_M0_wRn(rd1);
2363            else
2364                gen_op_iwmmxt_minub_M0_wRn(rd1);
2365            break;
2366        case 1:
2367            if (insn & (1 << 21))
2368                gen_op_iwmmxt_minsw_M0_wRn(rd1);
2369            else
2370                gen_op_iwmmxt_minuw_M0_wRn(rd1);
2371            break;
2372        case 2:
2373            if (insn & (1 << 21))
2374                gen_op_iwmmxt_minsl_M0_wRn(rd1);
2375            else
2376                gen_op_iwmmxt_minul_M0_wRn(rd1);
2377            break;
2378        case 3:
2379            return 1;
2380        }
2381        gen_op_iwmmxt_movq_wRn_M0(wrd);
2382        gen_op_iwmmxt_set_mup();
2383        break;
2384    case 0x016: case 0x216: case 0x416: case 0x616:     /* WMAX */
2385    case 0x816: case 0xa16: case 0xc16: case 0xe16:
2386        wrd = (insn >> 12) & 0xf;
2387        rd0 = (insn >> 16) & 0xf;
2388        rd1 = (insn >> 0) & 0xf;
2389        gen_op_iwmmxt_movq_M0_wRn(rd0);
2390        switch ((insn >> 22) & 3) {
2391        case 0:
2392            if (insn & (1 << 21))
2393                gen_op_iwmmxt_maxsb_M0_wRn(rd1);
2394            else
2395                gen_op_iwmmxt_maxub_M0_wRn(rd1);
2396            break;
2397        case 1:
2398            if (insn & (1 << 21))
2399                gen_op_iwmmxt_maxsw_M0_wRn(rd1);
2400            else
2401                gen_op_iwmmxt_maxuw_M0_wRn(rd1);
2402            break;
2403        case 2:
2404            if (insn & (1 << 21))
2405                gen_op_iwmmxt_maxsl_M0_wRn(rd1);
2406            else
2407                gen_op_iwmmxt_maxul_M0_wRn(rd1);
2408            break;
2409        case 3:
2410            return 1;
2411        }
2412        gen_op_iwmmxt_movq_wRn_M0(wrd);
2413        gen_op_iwmmxt_set_mup();
2414        break;
2415    case 0x002: case 0x102: case 0x202: case 0x302:     /* WALIGNI */
2416    case 0x402: case 0x502: case 0x602: case 0x702:
2417        wrd = (insn >> 12) & 0xf;
2418        rd0 = (insn >> 16) & 0xf;
2419        rd1 = (insn >> 0) & 0xf;
2420        gen_op_iwmmxt_movq_M0_wRn(rd0);
2421        tmp = tcg_const_i32((insn >> 20) & 3);
2422        iwmmxt_load_reg(cpu_V1, rd1);
2423        gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2424        tcg_temp_free_i32(tmp);
2425        gen_op_iwmmxt_movq_wRn_M0(wrd);
2426        gen_op_iwmmxt_set_mup();
2427        break;
2428    case 0x01a: case 0x11a: case 0x21a: case 0x31a:     /* WSUB */
2429    case 0x41a: case 0x51a: case 0x61a: case 0x71a:
2430    case 0x81a: case 0x91a: case 0xa1a: case 0xb1a:
2431    case 0xc1a: case 0xd1a: case 0xe1a: case 0xf1a:
2432        wrd = (insn >> 12) & 0xf;
2433        rd0 = (insn >> 16) & 0xf;
2434        rd1 = (insn >> 0) & 0xf;
2435        gen_op_iwmmxt_movq_M0_wRn(rd0);
2436        switch ((insn >> 20) & 0xf) {
2437        case 0x0:
2438            gen_op_iwmmxt_subnb_M0_wRn(rd1);
2439            break;
2440        case 0x1:
2441            gen_op_iwmmxt_subub_M0_wRn(rd1);
2442            break;
2443        case 0x3:
2444            gen_op_iwmmxt_subsb_M0_wRn(rd1);
2445            break;
2446        case 0x4:
2447            gen_op_iwmmxt_subnw_M0_wRn(rd1);
2448            break;
2449        case 0x5:
2450            gen_op_iwmmxt_subuw_M0_wRn(rd1);
2451            break;
2452        case 0x7:
2453            gen_op_iwmmxt_subsw_M0_wRn(rd1);
2454            break;
2455        case 0x8:
2456            gen_op_iwmmxt_subnl_M0_wRn(rd1);
2457            break;
2458        case 0x9:
2459            gen_op_iwmmxt_subul_M0_wRn(rd1);
2460            break;
2461        case 0xb:
2462            gen_op_iwmmxt_subsl_M0_wRn(rd1);
2463            break;
2464        default:
2465            return 1;
2466        }
2467        gen_op_iwmmxt_movq_wRn_M0(wrd);
2468        gen_op_iwmmxt_set_mup();
2469        gen_op_iwmmxt_set_cup();
2470        break;
2471    case 0x01e: case 0x11e: case 0x21e: case 0x31e:     /* WSHUFH */
2472    case 0x41e: case 0x51e: case 0x61e: case 0x71e:
2473    case 0x81e: case 0x91e: case 0xa1e: case 0xb1e:
2474    case 0xc1e: case 0xd1e: case 0xe1e: case 0xf1e:
2475        wrd = (insn >> 12) & 0xf;
2476        rd0 = (insn >> 16) & 0xf;
2477        gen_op_iwmmxt_movq_M0_wRn(rd0);
2478        tmp = tcg_const_i32(((insn >> 16) & 0xf0) | (insn & 0x0f));
2479        gen_helper_iwmmxt_shufh(cpu_M0, cpu_env, cpu_M0, tmp);
2480        tcg_temp_free_i32(tmp);
2481        gen_op_iwmmxt_movq_wRn_M0(wrd);
2482        gen_op_iwmmxt_set_mup();
2483        gen_op_iwmmxt_set_cup();
2484        break;
2485    case 0x018: case 0x118: case 0x218: case 0x318:     /* WADD */
2486    case 0x418: case 0x518: case 0x618: case 0x718:
2487    case 0x818: case 0x918: case 0xa18: case 0xb18:
2488    case 0xc18: case 0xd18: case 0xe18: case 0xf18:
2489        wrd = (insn >> 12) & 0xf;
2490        rd0 = (insn >> 16) & 0xf;
2491        rd1 = (insn >> 0) & 0xf;
2492        gen_op_iwmmxt_movq_M0_wRn(rd0);
2493        switch ((insn >> 20) & 0xf) {
2494        case 0x0:
2495            gen_op_iwmmxt_addnb_M0_wRn(rd1);
2496            break;
2497        case 0x1:
2498            gen_op_iwmmxt_addub_M0_wRn(rd1);
2499            break;
2500        case 0x3:
2501            gen_op_iwmmxt_addsb_M0_wRn(rd1);
2502            break;
2503        case 0x4:
2504            gen_op_iwmmxt_addnw_M0_wRn(rd1);
2505            break;
2506        case 0x5:
2507            gen_op_iwmmxt_adduw_M0_wRn(rd1);
2508            break;
2509        case 0x7:
2510            gen_op_iwmmxt_addsw_M0_wRn(rd1);
2511            break;
2512        case 0x8:
2513            gen_op_iwmmxt_addnl_M0_wRn(rd1);
2514            break;
2515        case 0x9:
2516            gen_op_iwmmxt_addul_M0_wRn(rd1);
2517            break;
2518        case 0xb:
2519            gen_op_iwmmxt_addsl_M0_wRn(rd1);
2520            break;
2521        default:
2522            return 1;
2523        }
2524        gen_op_iwmmxt_movq_wRn_M0(wrd);
2525        gen_op_iwmmxt_set_mup();
2526        gen_op_iwmmxt_set_cup();
2527        break;
2528    case 0x008: case 0x108: case 0x208: case 0x308:     /* WPACK */
2529    case 0x408: case 0x508: case 0x608: case 0x708:
2530    case 0x808: case 0x908: case 0xa08: case 0xb08:
2531    case 0xc08: case 0xd08: case 0xe08: case 0xf08:
2532        if (!(insn & (1 << 20)) || ((insn >> 22) & 3) == 0)
2533            return 1;
2534        wrd = (insn >> 12) & 0xf;
2535        rd0 = (insn >> 16) & 0xf;
2536        rd1 = (insn >> 0) & 0xf;
2537        gen_op_iwmmxt_movq_M0_wRn(rd0);
2538        switch ((insn >> 22) & 3) {
2539        case 1:
2540            if (insn & (1 << 21))
2541                gen_op_iwmmxt_packsw_M0_wRn(rd1);
2542            else
2543                gen_op_iwmmxt_packuw_M0_wRn(rd1);
2544            break;
2545        case 2:
2546            if (insn & (1 << 21))
2547                gen_op_iwmmxt_packsl_M0_wRn(rd1);
2548            else
2549                gen_op_iwmmxt_packul_M0_wRn(rd1);
2550            break;
2551        case 3:
2552            if (insn & (1 << 21))
2553                gen_op_iwmmxt_packsq_M0_wRn(rd1);
2554            else
2555                gen_op_iwmmxt_packuq_M0_wRn(rd1);
2556            break;
2557        }
2558        gen_op_iwmmxt_movq_wRn_M0(wrd);
2559        gen_op_iwmmxt_set_mup();
2560        gen_op_iwmmxt_set_cup();
2561        break;
2562    case 0x201: case 0x203: case 0x205: case 0x207:
2563    case 0x209: case 0x20b: case 0x20d: case 0x20f:
2564    case 0x211: case 0x213: case 0x215: case 0x217:
2565    case 0x219: case 0x21b: case 0x21d: case 0x21f:
2566        wrd = (insn >> 5) & 0xf;
2567        rd0 = (insn >> 12) & 0xf;
2568        rd1 = (insn >> 0) & 0xf;
2569        if (rd0 == 0xf || rd1 == 0xf)
2570            return 1;
2571        gen_op_iwmmxt_movq_M0_wRn(wrd);
2572        tmp = load_reg(s, rd0);
2573        tmp2 = load_reg(s, rd1);
2574        switch ((insn >> 16) & 0xf) {
2575        case 0x0:                                       /* TMIA */
2576            gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2577            break;
2578        case 0x8:                                       /* TMIAPH */
2579            gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2580            break;
2581        case 0xc: case 0xd: case 0xe: case 0xf:         /* TMIAxy */
2582            if (insn & (1 << 16))
2583                tcg_gen_shri_i32(tmp, tmp, 16);
2584            if (insn & (1 << 17))
2585                tcg_gen_shri_i32(tmp2, tmp2, 16);
2586            gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2587            break;
2588        default:
2589            tcg_temp_free_i32(tmp2);
2590            tcg_temp_free_i32(tmp);
2591            return 1;
2592        }
2593        tcg_temp_free_i32(tmp2);
2594        tcg_temp_free_i32(tmp);
2595        gen_op_iwmmxt_movq_wRn_M0(wrd);
2596        gen_op_iwmmxt_set_mup();
2597        break;
2598    default:
2599        return 1;
2600    }
2601
2602    return 0;
2603}
2604
2605/* Disassemble an XScale DSP instruction.  Returns nonzero if an error occurred
2606   (ie. an undefined instruction).  */
2607static int disas_dsp_insn(DisasContext *s, uint32_t insn)
2608{
2609    int acc, rd0, rd1, rdhi, rdlo;
2610    TCGv_i32 tmp, tmp2;
2611
2612    if ((insn & 0x0ff00f10) == 0x0e200010) {
2613        /* Multiply with Internal Accumulate Format */
2614        rd0 = (insn >> 12) & 0xf;
2615        rd1 = insn & 0xf;
2616        acc = (insn >> 5) & 7;
2617
2618        if (acc != 0)
2619            return 1;
2620
2621        tmp = load_reg(s, rd0);
2622        tmp2 = load_reg(s, rd1);
2623        switch ((insn >> 16) & 0xf) {
2624        case 0x0:                                       /* MIA */
2625            gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2626            break;
2627        case 0x8:                                       /* MIAPH */
2628            gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2629            break;
2630        case 0xc:                                       /* MIABB */
2631        case 0xd:                                       /* MIABT */
2632        case 0xe:                                       /* MIATB */
2633        case 0xf:                                       /* MIATT */
2634            if (insn & (1 << 16))
2635                tcg_gen_shri_i32(tmp, tmp, 16);
2636            if (insn & (1 << 17))
2637                tcg_gen_shri_i32(tmp2, tmp2, 16);
2638            gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2639            break;
2640        default:
2641            return 1;
2642        }
2643        tcg_temp_free_i32(tmp2);
2644        tcg_temp_free_i32(tmp);
2645
2646        gen_op_iwmmxt_movq_wRn_M0(acc);
2647        return 0;
2648    }
2649
2650    if ((insn & 0x0fe00ff8) == 0x0c400000) {
2651        /* Internal Accumulator Access Format */
2652        rdhi = (insn >> 16) & 0xf;
2653        rdlo = (insn >> 12) & 0xf;
2654        acc = insn & 7;
2655
2656        if (acc != 0)
2657            return 1;
2658
2659        if (insn & ARM_CP_RW_BIT) {                     /* MRA */
2660            iwmmxt_load_reg(cpu_V0, acc);
2661            tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
2662            tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
2663            tcg_gen_extrl_i64_i32(cpu_R[rdhi], cpu_V0);
2664            tcg_gen_andi_i32(cpu_R[rdhi], cpu_R[rdhi], (1 << (40 - 32)) - 1);
2665        } else {                                        /* MAR */
2666            tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
2667            iwmmxt_store_reg(cpu_V0, acc);
2668        }
2669        return 0;
2670    }
2671
2672    return 1;
2673}
2674
2675#define VFP_REG_SHR(x, n) (((n) > 0) ? (x) >> (n) : (x) << -(n))
2676#define VFP_SREG(insn, bigbit, smallbit) \
2677  ((VFP_REG_SHR(insn, bigbit - 1) & 0x1e) | (((insn) >> (smallbit)) & 1))
2678#define VFP_DREG(reg, insn, bigbit, smallbit) do { \
2679    if (arm_dc_feature(s, ARM_FEATURE_VFP3)) { \
2680        reg = (((insn) >> (bigbit)) & 0x0f) \
2681              | (((insn) >> ((smallbit) - 4)) & 0x10); \
2682    } else { \
2683        if (insn & (1 << (smallbit))) \
2684            return 1; \
2685        reg = ((insn) >> (bigbit)) & 0x0f; \
2686    }} while (0)
2687
2688#define VFP_SREG_D(insn) VFP_SREG(insn, 12, 22)
2689#define VFP_DREG_D(reg, insn) VFP_DREG(reg, insn, 12, 22)
2690#define VFP_SREG_N(insn) VFP_SREG(insn, 16,  7)
2691#define VFP_DREG_N(reg, insn) VFP_DREG(reg, insn, 16,  7)
2692#define VFP_SREG_M(insn) VFP_SREG(insn,  0,  5)
2693#define VFP_DREG_M(reg, insn) VFP_DREG(reg, insn,  0,  5)
2694
2695/* Move between integer and VFP cores.  */
2696static TCGv_i32 gen_vfp_mrs(void)
2697{
2698    TCGv_i32 tmp = tcg_temp_new_i32();
2699    tcg_gen_mov_i32(tmp, cpu_F0s);
2700    return tmp;
2701}
2702
2703static void gen_vfp_msr(TCGv_i32 tmp)
2704{
2705    tcg_gen_mov_i32(cpu_F0s, tmp);
2706    tcg_temp_free_i32(tmp);
2707}
2708
2709static void gen_neon_dup_u8(TCGv_i32 var, int shift)
2710{
2711    TCGv_i32 tmp = tcg_temp_new_i32();
2712    if (shift)
2713        tcg_gen_shri_i32(var, var, shift);
2714    tcg_gen_ext8u_i32(var, var);
2715    tcg_gen_shli_i32(tmp, var, 8);
2716    tcg_gen_or_i32(var, var, tmp);
2717    tcg_gen_shli_i32(tmp, var, 16);
2718    tcg_gen_or_i32(var, var, tmp);
2719    tcg_temp_free_i32(tmp);
2720}
2721
2722static void gen_neon_dup_low16(TCGv_i32 var)
2723{
2724    TCGv_i32 tmp = tcg_temp_new_i32();
2725    tcg_gen_ext16u_i32(var, var);
2726    tcg_gen_shli_i32(tmp, var, 16);
2727    tcg_gen_or_i32(var, var, tmp);
2728    tcg_temp_free_i32(tmp);
2729}
2730
2731static void gen_neon_dup_high16(TCGv_i32 var)
2732{
2733    TCGv_i32 tmp = tcg_temp_new_i32();
2734    tcg_gen_andi_i32(var, var, 0xffff0000);
2735    tcg_gen_shri_i32(tmp, var, 16);
2736    tcg_gen_or_i32(var, var, tmp);
2737    tcg_temp_free_i32(tmp);
2738}
2739
2740static TCGv_i32 gen_load_and_replicate(DisasContext *s, TCGv_i32 addr, int size)
2741{
2742    /* Load a single Neon element and replicate into a 32 bit TCG reg */
2743    TCGv_i32 tmp = tcg_temp_new_i32();
2744    switch (size) {
2745    case 0:
2746        gen_aa32_ld8u(tmp, addr, get_mem_index(s));
2747        gen_neon_dup_u8(tmp, 0);
2748        break;
2749    case 1:
2750        gen_aa32_ld16u(tmp, addr, get_mem_index(s));
2751        gen_neon_dup_low16(tmp);
2752        break;
2753    case 2:
2754        gen_aa32_ld32u(tmp, addr, get_mem_index(s));
2755        break;
2756    default: /* Avoid compiler warnings.  */
2757        abort();
2758    }
2759    return tmp;
2760}
2761
2762static int handle_vsel(uint32_t insn, uint32_t rd, uint32_t rn, uint32_t rm,
2763                       uint32_t dp)
2764{
2765    uint32_t cc = extract32(insn, 20, 2);
2766
2767    if (dp) {
2768        TCGv_i64 frn, frm, dest;
2769        TCGv_i64 tmp, zero, zf, nf, vf;
2770
2771        zero = tcg_const_i64(0);
2772
2773        frn = tcg_temp_new_i64();
2774        frm = tcg_temp_new_i64();
2775        dest = tcg_temp_new_i64();
2776
2777        zf = tcg_temp_new_i64();
2778        nf = tcg_temp_new_i64();
2779        vf = tcg_temp_new_i64();
2780
2781        tcg_gen_extu_i32_i64(zf, cpu_ZF);
2782        tcg_gen_ext_i32_i64(nf, cpu_NF);
2783        tcg_gen_ext_i32_i64(vf, cpu_VF);
2784
2785        tcg_gen_ld_f64(frn, cpu_env, vfp_reg_offset(dp, rn));
2786        tcg_gen_ld_f64(frm, cpu_env, vfp_reg_offset(dp, rm));
2787        switch (cc) {
2788        case 0: /* eq: Z */
2789            tcg_gen_movcond_i64(TCG_COND_EQ, dest, zf, zero,
2790                                frn, frm);
2791            break;
2792        case 1: /* vs: V */
2793            tcg_gen_movcond_i64(TCG_COND_LT, dest, vf, zero,
2794                                frn, frm);
2795            break;
2796        case 2: /* ge: N == V -> N ^ V == 0 */
2797            tmp = tcg_temp_new_i64();
2798            tcg_gen_xor_i64(tmp, vf, nf);
2799            tcg_gen_movcond_i64(TCG_COND_GE, dest, tmp, zero,
2800                                frn, frm);
2801            tcg_temp_free_i64(tmp);
2802            break;
2803        case 3: /* gt: !Z && N == V */
2804            tcg_gen_movcond_i64(TCG_COND_NE, dest, zf, zero,
2805                                frn, frm);
2806            tmp = tcg_temp_new_i64();
2807            tcg_gen_xor_i64(tmp, vf, nf);
2808            tcg_gen_movcond_i64(TCG_COND_GE, dest, tmp, zero,
2809                                dest, frm);
2810            tcg_temp_free_i64(tmp);
2811            break;
2812        }
2813        tcg_gen_st_f64(dest, cpu_env, vfp_reg_offset(dp, rd));
2814        tcg_temp_free_i64(frn);
2815        tcg_temp_free_i64(frm);
2816        tcg_temp_free_i64(dest);
2817
2818        tcg_temp_free_i64(zf);
2819        tcg_temp_free_i64(nf);
2820        tcg_temp_free_i64(vf);
2821
2822        tcg_temp_free_i64(zero);
2823    } else {
2824        TCGv_i32 frn, frm, dest;
2825        TCGv_i32 tmp, zero;
2826
2827        zero = tcg_const_i32(0);
2828
2829        frn = tcg_temp_new_i32();
2830        frm = tcg_temp_new_i32();
2831        dest = tcg_temp_new_i32();
2832        tcg_gen_ld_f32(frn, cpu_env, vfp_reg_offset(dp, rn));
2833        tcg_gen_ld_f32(frm, cpu_env, vfp_reg_offset(dp, rm));
2834        switch (cc) {
2835        case 0: /* eq: Z */
2836            tcg_gen_movcond_i32(TCG_COND_EQ, dest, cpu_ZF, zero,
2837                                frn, frm);
2838            break;
2839        case 1: /* vs: V */
2840            tcg_gen_movcond_i32(TCG_COND_LT, dest, cpu_VF, zero,
2841                                frn, frm);
2842            break;
2843        case 2: /* ge: N == V -> N ^ V == 0 */
2844            tmp = tcg_temp_new_i32();
2845            tcg_gen_xor_i32(tmp, cpu_VF, cpu_NF);
2846            tcg_gen_movcond_i32(TCG_COND_GE, dest, tmp, zero,
2847                                frn, frm);
2848            tcg_temp_free_i32(tmp);
2849            break;
2850        case 3: /* gt: !Z && N == V */
2851            tcg_gen_movcond_i32(TCG_COND_NE, dest, cpu_ZF, zero,
2852                                frn, frm);
2853            tmp = tcg_temp_new_i32();
2854            tcg_gen_xor_i32(tmp, cpu_VF, cpu_NF);
2855            tcg_gen_movcond_i32(TCG_COND_GE, dest, tmp, zero,
2856                                dest, frm);
2857            tcg_temp_free_i32(tmp);
2858            break;
2859        }
2860        tcg_gen_st_f32(dest, cpu_env, vfp_reg_offset(dp, rd));
2861        tcg_temp_free_i32(frn);
2862        tcg_temp_free_i32(frm);
2863        tcg_temp_free_i32(dest);
2864
2865        tcg_temp_free_i32(zero);
2866    }
2867
2868    return 0;
2869}
2870
2871static int handle_vminmaxnm(uint32_t insn, uint32_t rd, uint32_t rn,
2872                            uint32_t rm, uint32_t dp)
2873{
2874    uint32_t vmin = extract32(insn, 6, 1);
2875    TCGv_ptr fpst = get_fpstatus_ptr(0);
2876
2877    if (dp) {
2878        TCGv_i64 frn, frm, dest;
2879
2880        frn = tcg_temp_new_i64();
2881        frm = tcg_temp_new_i64();
2882        dest = tcg_temp_new_i64();
2883
2884        tcg_gen_ld_f64(frn, cpu_env, vfp_reg_offset(dp, rn));
2885        tcg_gen_ld_f64(frm, cpu_env, vfp_reg_offset(dp, rm));
2886        if (vmin) {
2887            gen_helper_vfp_minnumd(dest, frn, frm, fpst);
2888        } else {
2889            gen_helper_vfp_maxnumd(dest, frn, frm, fpst);
2890        }
2891        tcg_gen_st_f64(dest, cpu_env, vfp_reg_offset(dp, rd));
2892        tcg_temp_free_i64(frn);
2893        tcg_temp_free_i64(frm);
2894        tcg_temp_free_i64(dest);
2895    } else {
2896        TCGv_i32 frn, frm, dest;
2897
2898        frn = tcg_temp_new_i32();
2899        frm = tcg_temp_new_i32();
2900        dest = tcg_temp_new_i32();
2901
2902        tcg_gen_ld_f32(frn, cpu_env, vfp_reg_offset(dp, rn));
2903        tcg_gen_ld_f32(frm, cpu_env, vfp_reg_offset(dp, rm));
2904        if (vmin) {
2905            gen_helper_vfp_minnums(dest, frn, frm, fpst);
2906        } else {
2907            gen_helper_vfp_maxnums(dest, frn, frm, fpst);
2908        }
2909        tcg_gen_st_f32(dest, cpu_env, vfp_reg_offset(dp, rd));
2910        tcg_temp_free_i32(frn);
2911        tcg_temp_free_i32(frm);
2912        tcg_temp_free_i32(dest);
2913    }
2914
2915    tcg_temp_free_ptr(fpst);
2916    return 0;
2917}
2918
2919static int handle_vrint(uint32_t insn, uint32_t rd, uint32_t rm, uint32_t dp,
2920                        int rounding)
2921{
2922    TCGv_ptr fpst = get_fpstatus_ptr(0);
2923    TCGv_i32 tcg_rmode;
2924
2925    tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rounding));
2926    gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
2927
2928    if (dp) {
2929        TCGv_i64 tcg_op;
2930        TCGv_i64 tcg_res;
2931        tcg_op = tcg_temp_new_i64();
2932        tcg_res = tcg_temp_new_i64();
2933        tcg_gen_ld_f64(tcg_op, cpu_env, vfp_reg_offset(dp, rm));
2934        gen_helper_rintd(tcg_res, tcg_op, fpst);
2935        tcg_gen_st_f64(tcg_res, cpu_env, vfp_reg_offset(dp, rd));
2936        tcg_temp_free_i64(tcg_op);
2937        tcg_temp_free_i64(tcg_res);
2938    } else {
2939        TCGv_i32 tcg_op;
2940        TCGv_i32 tcg_res;
2941        tcg_op = tcg_temp_new_i32();
2942        tcg_res = tcg_temp_new_i32();
2943        tcg_gen_ld_f32(tcg_op, cpu_env, vfp_reg_offset(dp, rm));
2944        gen_helper_rints(tcg_res, tcg_op, fpst);
2945        tcg_gen_st_f32(tcg_res, cpu_env, vfp_reg_offset(dp, rd));
2946        tcg_temp_free_i32(tcg_op);
2947        tcg_temp_free_i32(tcg_res);
2948    }
2949
2950    gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
2951    tcg_temp_free_i32(tcg_rmode);
2952
2953    tcg_temp_free_ptr(fpst);
2954    return 0;
2955}
2956
2957static int handle_vcvt(uint32_t insn, uint32_t rd, uint32_t rm, uint32_t dp,
2958                       int rounding)
2959{
2960    bool is_signed = extract32(insn, 7, 1);
2961    TCGv_ptr fpst = get_fpstatus_ptr(0);
2962    TCGv_i32 tcg_rmode, tcg_shift;
2963
2964    tcg_shift = tcg_const_i32(0);
2965
2966    tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rounding));
2967    gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
2968
2969    if (dp) {
2970        TCGv_i64 tcg_double, tcg_res;
2971        TCGv_i32 tcg_tmp;
2972        /* Rd is encoded as a single precision register even when the source
2973         * is double precision.
2974         */
2975        rd = ((rd << 1) & 0x1e) | ((rd >> 4) & 0x1);
2976        tcg_double = tcg_temp_new_i64();
2977        tcg_res = tcg_temp_new_i64();
2978        tcg_tmp = tcg_temp_new_i32();
2979        tcg_gen_ld_f64(tcg_double, cpu_env, vfp_reg_offset(1, rm));
2980        if (is_signed) {
2981            gen_helper_vfp_tosld(tcg_res, tcg_double, tcg_shift, fpst);
2982        } else {
2983            gen_helper_vfp_tould(tcg_res, tcg_double, tcg_shift, fpst);
2984        }
2985        tcg_gen_extrl_i64_i32(tcg_tmp, tcg_res);
2986        tcg_gen_st_f32(tcg_tmp, cpu_env, vfp_reg_offset(0, rd));
2987        tcg_temp_free_i32(tcg_tmp);
2988        tcg_temp_free_i64(tcg_res);
2989        tcg_temp_free_i64(tcg_double);
2990    } else {
2991        TCGv_i32 tcg_single, tcg_res;
2992        tcg_single = tcg_temp_new_i32();
2993        tcg_res = tcg_temp_new_i32();
2994        tcg_gen_ld_f32(tcg_single, cpu_env, vfp_reg_offset(0, rm));
2995        if (is_signed) {
2996            gen_helper_vfp_tosls(tcg_res, tcg_single, tcg_shift, fpst);
2997        } else {
2998            gen_helper_vfp_touls(tcg_res, tcg_single, tcg_shift, fpst);
2999        }
3000        tcg_gen_st_f32(tcg_res, cpu_env, vfp_reg_offset(0, rd));

3001        tcg_temp_free_i32(tcg_res);
3002        tcg_temp_free_i32(tcg_single);
3003    }
3004
3005    gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
3006    tcg_temp_free_i32(tcg_rmode);
3007
3008    tcg_temp_free_i32(tcg_shift);
3009
3010    tcg_temp_free_ptr(fpst);
3011
3012    return 0;
3013}
3014
3015/* Table for converting the most common AArch32 encoding of
3016 * rounding mode to arm_fprounding order (which matches the
3017 * common AArch64 order); see ARM ARM pseudocode FPDecodeRM().
3018 */
3019static const uint8_t fp_decode_rm[] = {
3020    FPROUNDING_TIEAWAY,
3021    FPROUNDING_TIEEVEN,
3022    FPROUNDING_POSINF,
3023    FPROUNDING_NEGINF,
3024};
3025
3026static int disas_vfp_v8_insn(DisasContext *s, uint32_t insn)
3027{
3028    uint32_t rd, rn, rm, dp = extract32(insn, 8, 1);
3029
3030    if (!arm_dc_feature(s, ARM_FEATURE_V8)) {
3031        return 1;
3032    }
3033
3034    if (dp) {
3035        VFP_DREG_D(rd, insn);
3036        VFP_DREG_N(rn, insn);
3037        VFP_DREG_M(rm, insn);
3038    } else {
3039        rd = VFP_SREG_D(insn);
3040        rn = VFP_SREG_N(insn);
3041        rm = VFP_SREG_M(insn);
3042    }
3043
3044    if ((insn & 0x0f800e50) == 0x0e000a00) {
3045        return handle_vsel(insn, rd, rn, rm, dp);
3046    } else if ((insn & 0x0fb00e10) == 0x0e800a00) {
3047        return handle_vminmaxnm(insn, rd, rn, rm, dp);
3048    } else if ((insn & 0x0fbc0ed0) == 0x0eb80a40) {
3049        /* VRINTA, VRINTN, VRINTP, VRINTM */
3050        int rounding = fp_decode_rm[extract32(insn, 16, 2)];
3051        return handle_vrint(insn, rd, rm, dp, rounding);
3052    } else if ((insn & 0x0fbc0e50) == 0x0ebc0a40) {
3053        /* VCVTA, VCVTN, VCVTP, VCVTM */
3054        int rounding = fp_decode_rm[extract32(insn, 16, 2)];
3055        return handle_vcvt(insn, rd, rm, dp, rounding);
3056    }
3057    return 1;
3058}
3059
3060/* Disassemble a VFP instruction.  Returns nonzero if an error occurred
3061   (ie. an undefined instruction).  */
3062static int disas_vfp_insn(DisasContext *s, uint32_t insn)
3063{
3064    uint32_t rd, rn, rm, op, i, n, offset, delta_d, delta_m, bank_mask;
3065    int dp, veclen;
3066    TCGv_i32 addr;
3067    TCGv_i32 tmp;
3068    TCGv_i32 tmp2;
3069
3070    if (!arm_dc_feature(s, ARM_FEATURE_VFP)) {
3071        return 1;
3072    }
3073
3074    /* FIXME: this access check should not take precedence over UNDEF
3075     * for invalid encodings; we will generate incorrect syndrome information
3076     * for attempts to execute invalid vfp/neon encodings with FP disabled.
3077     */
3078    if (s->fp_excp_el) {
3079        gen_exception_insn(s, 4, EXCP_UDEF,
3080                           syn_fp_access_trap(1, 0xe, s->thumb), s->fp_excp_el);
3081        return 0;
3082    }
3083
3084    if (!s->vfp_enabled) {
3085        /* VFP disabled.  Only allow fmxr/fmrx to/from some control regs.  */
3086        if ((insn & 0x0fe00fff) != 0x0ee00a10)
3087            return 1;
3088        rn = (insn >> 16) & 0xf;
3089        if (rn != ARM_VFP_FPSID && rn != ARM_VFP_FPEXC && rn != ARM_VFP_MVFR2
3090            && rn != ARM_VFP_MVFR1 && rn != ARM_VFP_MVFR0) {
3091            return 1;
3092        }
3093    }
3094
3095    if (extract32(insn, 28, 4) == 0xf) {
3096        /* Encodings with T=1 (Thumb) or unconditional (ARM):
3097         * only used in v8 and above.
3098         */
3099        return disas_vfp_v8_insn(s, insn);
3100    }
3101
3102    dp = ((insn & 0xf00) == 0xb00);
3103    switch ((insn >> 24) & 0xf) {
3104    case 0xe:
3105        if (insn & (1 << 4)) {
3106            /* single register transfer */
3107            rd = (insn >> 12) & 0xf;
3108            if (dp) {
3109                int size;
3110                int pass;
3111
3112                VFP_DREG_N(rn, insn);
3113                if (insn & 0xf)
3114                    return 1;
3115                if (insn & 0x00c00060
3116                    && !arm_dc_feature(s, ARM_FEATURE_NEON)) {
3117                    return 1;
3118                }
3119
3120                pass = (insn >> 21) & 1;
3121                if (insn & (1 << 22)) {
3122                    size = 0;
3123                    offset = ((insn >> 5) & 3) * 8;
3124                } else if (insn & (1 << 5)) {
3125                    size = 1;
3126                    offset = (insn & (1 << 6)) ? 16 : 0;
3127                } else {
3128                    size = 2;
3129                    offset = 0;
3130                }
3131                if (insn & ARM_CP_RW_BIT) {
3132                    /* vfp->arm */
3133                    tmp = neon_load_reg(rn, pass);
3134                    switch (size) {
3135                    case 0:
3136                        if (offset)
3137                            tcg_gen_shri_i32(tmp, tmp, offset);
3138                        if (insn & (1 << 23))
3139                            gen_uxtb(tmp);
3140                        else
3141                            gen_sxtb(tmp);
3142                        break;
3143                    case 1:
3144                        if (insn & (1 << 23)) {
3145                            if (offset) {
3146                                tcg_gen_shri_i32(tmp, tmp, 16);
3147                            } else {
3148                                gen_uxth(tmp);
3149                            }
3150                        } else {
3151                            if (offset) {
3152                                tcg_gen_sari_i32(tmp, tmp, 16);
3153                            } else {
3154                                gen_sxth(tmp);
3155                            }
3156                        }
3157                        break;
3158                    case 2:
3159                        break;
3160                    }
3161                    store_reg(s, rd, tmp);
3162                } else {
3163                    /* arm->vfp */
3164                    tmp = load_reg(s, rd);
3165                    if (insn & (1 << 23)) {
3166                        /* VDUP */
3167                        if (size == 0) {
3168                            gen_neon_dup_u8(tmp, 0);
3169                        } else if (size == 1) {
3170                            gen_neon_dup_low16(tmp);
3171                        }
3172                        for (n = 0; n <= pass * 2; n++) {
3173                            tmp2 = tcg_temp_new_i32();
3174                            tcg_gen_mov_i32(tmp2, tmp);
3175                            neon_store_reg(rn, n, tmp2);
3176                        }
3177                        neon_store_reg(rn, n, tmp);
3178                    } else {
3179                        /* VMOV */
3180                        switch (size) {
3181                        case 0:
3182                            tmp2 = neon_load_reg(rn, pass);
3183                            tcg_gen_deposit_i32(tmp, tmp2, tmp, offset, 8);
3184                            tcg_temp_free_i32(tmp2);
3185                            break;
3186                        case 1:
3187                            tmp2 = neon_load_reg(rn, pass);
3188                            tcg_gen_deposit_i32(tmp, tmp2, tmp, offset, 16);
3189                            tcg_temp_free_i32(tmp2);
3190                            break;
3191                        case 2:
3192                            break;
3193                        }
3194                        neon_store_reg(rn, pass, tmp);
3195                    }
3196                }
3197            } else { /* !dp */
3198                if ((insn & 0x6f) != 0x00)
3199                    return 1;
3200                rn = VFP_SREG_N(insn);
3201                if (insn & ARM_CP_RW_BIT) {
3202                    /* vfp->arm */
3203                    if (insn & (1 << 21)) {
3204                        /* system register */
3205                        rn >>= 1;
3206
3207                        switch (rn) {
3208                        case ARM_VFP_FPSID:
3209                            /* VFP2 allows access to FSID from userspace.
3210                               VFP3 restricts all id registers to privileged
3211                               accesses.  */
3212                            if (IS_USER(s)
3213                                && arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3214                                return 1;
3215                            }
3216                            tmp = load_cpu_field(vfp.xregs[rn]);
3217                            break;
3218                        case ARM_VFP_FPEXC:
3219                            if (IS_USER(s))
3220                                return 1;
3221                            tmp = load_cpu_field(vfp.xregs[rn]);
3222                            break;
3223                        case ARM_VFP_FPINST:
3224                        case ARM_VFP_FPINST2:
3225                            /* Not present in VFP3.  */
3226                            if (IS_USER(s)
3227                                || arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3228                                return 1;
3229                            }
3230                            tmp = load_cpu_field(vfp.xregs[rn]);
3231                            break;
3232                        case ARM_VFP_FPSCR:
3233                            if (rd == 15) {
3234                                tmp = load_cpu_field(vfp.xregs[ARM_VFP_FPSCR]);
3235                                tcg_gen_andi_i32(tmp, tmp, 0xf0000000);
3236                            } else {
3237                                tmp = tcg_temp_new_i32();
3238                                gen_helper_vfp_get_fpscr(tmp, cpu_env);
3239                            }
3240                            break;
3241                        case ARM_VFP_MVFR2:
3242                            if (!arm_dc_feature(s, ARM_FEATURE_V8)) {
3243                                return 1;
3244                            }
3245                            /* fall through */
3246                        case ARM_VFP_MVFR0:
3247                        case ARM_VFP_MVFR1:
3248                            if (IS_USER(s)
3249                                || !arm_dc_feature(s, ARM_FEATURE_MVFR)) {
3250                                return 1;
3251                            }
3252                            tmp = load_cpu_field(vfp.xregs[rn]);
3253                            break;
3254                        default:
3255                            return 1;
3256                        }
3257                    } else {
3258                        gen_mov_F0_vreg(0, rn);
3259                        tmp = gen_vfp_mrs();
3260                    }
3261                    if (rd == 15) {
3262                        /* Set the 4 flag bits in the CPSR.  */
3263                        gen_set_nzcv(tmp);
3264                        tcg_temp_free_i32(tmp);
3265                    } else {
3266                        store_reg(s, rd, tmp);
3267                    }
3268                } else {
3269                    /* arm->vfp */
3270                    if (insn & (1 << 21)) {
3271                        rn >>= 1;
3272                        /* system register */
3273                        switch (rn) {
3274                        case ARM_VFP_FPSID:
3275                        case ARM_VFP_MVFR0:
3276                        case ARM_VFP_MVFR1:
3277                            /* Writes are ignored.  */
3278                            break;
3279                        case ARM_VFP_FPSCR:
3280                            tmp = load_reg(s, rd);
3281                            gen_helper_vfp_set_fpscr(cpu_env, tmp);
3282                            tcg_temp_free_i32(tmp);
3283                            gen_lookup_tb(s);
3284                            break;
3285                        case ARM_VFP_FPEXC:
3286                            if (IS_USER(s))
3287                                return 1;
3288                            /* TODO: VFP subarchitecture support.
3289                             * For now, keep the EN bit only */
3290                            tmp = load_reg(s, rd);
3291                            tcg_gen_andi_i32(tmp, tmp, 1 << 30);
3292                            store_cpu_field(tmp, vfp.xregs[rn]);
3293                            gen_lookup_tb(s);
3294                            break;
3295                        case ARM_VFP_FPINST:
3296                        case ARM_VFP_FPINST2:
3297                            if (IS_USER(s)) {
3298                                return 1;
3299                            }
3300                            tmp = load_reg(s, rd);
3301                            store_cpu_field(tmp, vfp.xregs[rn]);
3302                            break;
3303                        default:
3304                            return 1;
3305                        }
3306                    } else {
3307                        tmp = load_reg(s, rd);
3308                        gen_vfp_msr(tmp);
3309                        gen_mov_vreg_F0(0, rn);
3310                    }
3311                }
3312            }
3313        } else {
3314            /* data processing */
3315            /* The opcode is in bits 23, 21, 20 and 6.  */
3316            op = ((insn >> 20) & 8) | ((insn >> 19) & 6) | ((insn >> 6) & 1);
3317            if (dp) {
3318                if (op == 15) {
3319                    /* rn is opcode */
3320                    rn = ((insn >> 15) & 0x1e) | ((insn >> 7) & 1);
3321                } else {
3322                    /* rn is register number */
3323                    VFP_DREG_N(rn, insn);
3324                }
3325
3326                if (op == 15 && (rn == 15 || ((rn & 0x1c) == 0x18) ||
3327                                 ((rn & 0x1e) == 0x6))) {
3328                    /* Integer or single/half precision destination.  */
3329                    rd = VFP_SREG_D(insn);
3330                } else {
3331                    VFP_DREG_D(rd, insn);
3332                }
3333                if (op == 15 &&
3334                    (((rn & 0x1c) == 0x10) || ((rn & 0x14) == 0x14) ||
3335                     ((rn & 0x1e) == 0x4))) {
3336                    /* VCVT from int or half precision is always from S reg
3337                     * regardless of dp bit. VCVT with immediate frac_bits
3338                     * has same format as SREG_M.
3339                     */
3340                    rm = VFP_SREG_M(insn);
3341                } else {
3342                    VFP_DREG_M(rm, insn);
3343                }
3344            } else {
3345                rn = VFP_SREG_N(insn);
3346                if (op == 15 && rn == 15) {
3347                    /* Double precision destination.  */
3348                    VFP_DREG_D(rd, insn);
3349                } else {
3350                    rd = VFP_SREG_D(insn);
3351                }
3352                /* NB that we implicitly rely on the encoding for the frac_bits
3353                 * in VCVT of fixed to float being the same as that of an SREG_M
3354                 */
3355                rm = VFP_SREG_M(insn);
3356            }
3357
3358            veclen = s->vec_len;
3359            if (op == 15 && rn > 3)
3360                veclen = 0;
3361
3362            /* Shut up compiler warnings.  */
3363            delta_m = 0;
3364            delta_d = 0;
3365            bank_mask = 0;
3366
3367            if (veclen > 0) {
3368                if (dp)
3369                    bank_mask = 0xc;
3370                else
3371                    bank_mask = 0x18;
3372
3373                /* Figure out what type of vector operation this is.  */
3374                if ((rd & bank_mask) == 0) {
3375                    /* scalar */
3376                    veclen = 0;
3377                } else {
3378                    if (dp)
3379                        delta_d = (s->vec_stride >> 1) + 1;
3380                    else
3381                        delta_d = s->vec_stride + 1;
3382
3383                    if ((rm & bank_mask) == 0) {
3384                        /* mixed scalar/vector */
3385                        delta_m = 0;
3386                    } else {
3387                        /* vector */
3388                        delta_m = delta_d;
3389                    }
3390                }
3391            }
3392
3393            /* Load the initial operands.  */
3394            if (op == 15) {
3395                switch (rn) {
3396                case 16:
3397                case 17:
3398                    /* Integer source */
3399                    gen_mov_F0_vreg(0, rm);
3400                    break;
3401                case 8:
3402                case 9:
3403                    /* Compare */
3404                    gen_mov_F0_vreg(dp, rd);
3405                    gen_mov_F1_vreg(dp, rm);
3406                    break;
3407                case 10:
3408                case 11:
3409                    /* Compare with zero */
3410                    gen_mov_F0_vreg(dp, rd);
3411                    gen_vfp_F1_ld0(dp);
3412                    break;
3413                case 20:
3414                case 21:
3415                case 22:
3416                case 23:
3417                case 28:
3418                case 29:
3419                case 30:
3420                case 31:
3421                    /* Source and destination the same.  */
3422                    gen_mov_F0_vreg(dp, rd);
3423                    break;
3424                case 4:
3425                case 5:
3426                case 6:
3427                case 7:
3428                    /* VCVTB, VCVTT: only present with the halfprec extension
3429                     * UNPREDICTABLE if bit 8 is set prior to ARMv8
3430                     * (we choose to UNDEF)
3431                     */
3432                    if ((dp && !arm_dc_feature(s, ARM_FEATURE_V8)) ||
3433                        !arm_dc_feature(s, ARM_FEATURE_VFP_FP16)) {
3434                        return 1;
3435                    }
3436                    if (!extract32(rn, 1, 1)) {
3437                        /* Half precision source.  */
3438                        gen_mov_F0_vreg(0, rm);
3439                        break;
3440                    }
3441                    /* Otherwise fall through */
3442                default:
3443                    /* One source operand.  */
3444                    gen_mov_F0_vreg(dp, rm);
3445                    break;
3446                }
3447            } else {
3448                /* Two source operands.  */
3449                gen_mov_F0_vreg(dp, rn);
3450                gen_mov_F1_vreg(dp, rm);
3451            }
3452
3453            for (;;) {
3454                /* Perform the calculation.  */
3455                switch (op) {
3456                case 0: /* VMLA: fd + (fn * fm) */
3457                    /* Note that order of inputs to the add matters for NaNs */
3458                    gen_vfp_F1_mul(dp);
3459                    gen_mov_F0_vreg(dp, rd);
3460                    gen_vfp_add(dp);
3461                    break;
3462                case 1: /* VMLS: fd + -(fn * fm) */
3463                    gen_vfp_mul(dp);
3464                    gen_vfp_F1_neg(dp);
3465                    gen_mov_F0_vreg(dp, rd);
3466                    gen_vfp_add(dp);
3467                    break;
3468                case 2: /* VNMLS: -fd + (fn * fm) */
3469                    /* Note that it isn't valid to replace (-A + B) with (B - A)
3470                     * or similar plausible looking simplifications
3471                     * because this will give wrong results for NaNs.
3472                     */
3473                    gen_vfp_F1_mul(dp);
3474                    gen_mov_F0_vreg(dp, rd);
3475                    gen_vfp_neg(dp);
3476                    gen_vfp_add(dp);
3477                    break;
3478                case 3: /* VNMLA: -fd + -(fn * fm) */
3479                    gen_vfp_mul(dp);
3480                    gen_vfp_F1_neg(dp);
3481                    gen_mov_F0_vreg(dp, rd);
3482                    gen_vfp_neg(dp);
3483                    gen_vfp_add(dp);
3484                    break;
3485                case 4: /* mul: fn * fm */
3486                    gen_vfp_mul(dp);
3487                    break;
3488                case 5: /* nmul: -(fn * fm) */
3489                    gen_vfp_mul(dp);
3490                    gen_vfp_neg(dp);
3491                    break;
3492                case 6: /* add: fn + fm */
3493                    gen_vfp_add(dp);
3494                    break;
3495                case 7: /* sub: fn - fm */
3496                    gen_vfp_sub(dp);
3497                    break;
3498                case 8: /* div: fn / fm */
3499                    gen_vfp_div(dp);
3500                    break;
3501                case 10: /* VFNMA : fd = muladd(-fd,  fn, fm) */
3502                case 11: /* VFNMS : fd = muladd(-fd, -fn, fm) */
3503                case 12: /* VFMA  : fd = muladd( fd,  fn, fm) */
3504                case 13: /* VFMS  : fd = muladd( fd, -fn, fm) */
3505                    /* These are fused multiply-add, and must be done as one
3506                     * floating point operation with no rounding between the
3507                     * multiplication and addition steps.
3508                     * NB that doing the negations here as separate steps is
3509                     * correct : an input NaN should come out with its sign bit
3510                     * flipped if it is a negated-input.
3511                     */
3512                    if (!arm_dc_feature(s, ARM_FEATURE_VFP4)) {
3513                        return 1;
3514                    }
3515                    if (dp) {
3516                        TCGv_ptr fpst;
3517                        TCGv_i64 frd;
3518                        if (op & 1) {
3519                            /* VFNMS, VFMS */
3520                            gen_helper_vfp_negd(cpu_F0d, cpu_F0d);
3521                        }
3522                        frd = tcg_temp_new_i64();
3523                        tcg_gen_ld_f64(frd, cpu_env, vfp_reg_offset(dp, rd));
3524                        if (op & 2) {
3525                            /* VFNMA, VFNMS */
3526                            gen_helper_vfp_negd(frd, frd);
3527                        }
3528                        fpst = get_fpstatus_ptr(0);
3529                        gen_helper_vfp_muladdd(cpu_F0d, cpu_F0d,
3530                                               cpu_F1d, frd, fpst);
3531                        tcg_temp_free_ptr(fpst);
3532                        tcg_temp_free_i64(frd);
3533                    } else {
3534                        TCGv_ptr fpst;
3535                        TCGv_i32 frd;
3536                        if (op & 1) {
3537                            /* VFNMS, VFMS */
3538                            gen_helper_vfp_negs(cpu_F0s, cpu_F0s);
3539                        }
3540                        frd = tcg_temp_new_i32();
3541                        tcg_gen_ld_f32(frd, cpu_env, vfp_reg_offset(dp, rd));
3542                        if (op & 2) {
3543                            gen_helper_vfp_negs(frd, frd);
3544                        }
3545                        fpst = get_fpstatus_ptr(0);
3546                        gen_helper_vfp_muladds(cpu_F0s, cpu_F0s,
3547                                               cpu_F1s, frd, fpst);
3548                        tcg_temp_free_ptr(fpst);
3549                        tcg_temp_free_i32(frd);
3550                    }
3551                    break;
3552                case 14: /* fconst */
3553                    if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3554                        return 1;
3555                    }
3556
3557                    n = (insn << 12) & 0x80000000;
3558                    i = ((insn >> 12) & 0x70) | (insn & 0xf);
3559                    if (dp) {
3560                        if (i & 0x40)
3561                            i |= 0x3f80;
3562                        else
3563                            i |= 0x4000;
3564                        n |= i << 16;
3565                        tcg_gen_movi_i64(cpu_F0d, ((uint64_t)n) << 32);
3566                    } else {
3567                        if (i & 0x40)
3568                            i |= 0x780;
3569                        else
3570                            i |= 0x800;
3571                        n |= i << 19;
3572                        tcg_gen_movi_i32(cpu_F0s, n);
3573                    }
3574                    break;
3575                case 15: /* extension space */
3576                    switch (rn) {
3577                    case 0: /* cpy */
3578                        /* no-op */
3579                        break;
3580                    case 1: /* abs */
3581                        gen_vfp_abs(dp);
3582                        break;
3583                    case 2: /* neg */
3584                        gen_vfp_neg(dp);
3585                        break;
3586                    case 3: /* sqrt */
3587                        gen_vfp_sqrt(dp);
3588                        break;
3589                    case 4: /* vcvtb.f32.f16, vcvtb.f64.f16 */
3590                        tmp = gen_vfp_mrs();
3591                        tcg_gen_ext16u_i32(tmp, tmp);
3592                        if (dp) {
3593                            gen_helper_vfp_fcvt_f16_to_f64(cpu_F0d, tmp,
3594                                                           cpu_env);
3595                        } else {
3596                            gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp,
3597                                                           cpu_env);
3598                        }
3599                        tcg_temp_free_i32(tmp);
3600                        break;
3601                    case 5: /* vcvtt.f32.f16, vcvtt.f64.f16 */
3602                        tmp = gen_vfp_mrs();
3603                        tcg_gen_shri_i32(tmp, tmp, 16);
3604                        if (dp) {
3605                            gen_helper_vfp_fcvt_f16_to_f64(cpu_F0d, tmp,
3606                                                           cpu_env);
3607                        } else {
3608                            gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp,
3609                                                           cpu_env);
3610                        }
3611                        tcg_temp_free_i32(tmp);
3612                        break;
3613                    case 6: /* vcvtb.f16.f32, vcvtb.f16.f64 */
3614                        tmp = tcg_temp_new_i32();
3615                        if (dp) {
3616                            gen_helper_vfp_fcvt_f64_to_f16(tmp, cpu_F0d,
3617                                                           cpu_env);
3618                        } else {
3619                            gen_helper_vfp_fcvt_f32_to_f16(tmp, cpu_F0s,
3620                                                           cpu_env);
3621                        }
3622                        gen_mov_F0_vreg(0, rd);
3623                        tmp2 = gen_vfp_mrs();
3624                        tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
3625                        tcg_gen_or_i32(tmp, tmp, tmp2);
3626                        tcg_temp_free_i32(tmp2);
3627                        gen_vfp_msr(tmp);
3628                        break;
3629                    case 7: /* vcvtt.f16.f32, vcvtt.f16.f64 */
3630                        tmp = tcg_temp_new_i32();
3631                        if (dp) {
3632                            gen_helper_vfp_fcvt_f64_to_f16(tmp, cpu_F0d,
3633                                                           cpu_env);
3634                        } else {
3635                            gen_helper_vfp_fcvt_f32_to_f16(tmp, cpu_F0s,
3636                                                           cpu_env);
3637                        }
3638                        tcg_gen_shli_i32(tmp, tmp, 16);
3639                        gen_mov_F0_vreg(0, rd);
3640                        tmp2 = gen_vfp_mrs();
3641                        tcg_gen_ext16u_i32(tmp2, tmp2);
3642                        tcg_gen_or_i32(tmp, tmp, tmp2);
3643                        tcg_temp_free_i32(tmp2);
3644                        gen_vfp_msr(tmp);
3645                        break;
3646                    case 8: /* cmp */
3647                        gen_vfp_cmp(dp);
3648                        break;
3649                    case 9: /* cmpe */
3650                        gen_vfp_cmpe(dp);
3651                        break;
3652                    case 10: /* cmpz */
3653                        gen_vfp_cmp(dp);
3654                        break;
3655                    case 11: /* cmpez */
3656                        gen_vfp_F1_ld0(dp);
3657                        gen_vfp_cmpe(dp);
3658                        break;
3659                    case 12: /* vrintr */
3660                    {
3661                        TCGv_ptr fpst = get_fpstatus_ptr(0);
3662                        if (dp) {
3663                            gen_helper_rintd(cpu_F0d, cpu_F0d, fpst);
3664                        } else {
3665                            gen_helper_rints(cpu_F0s, cpu_F0s, fpst);
3666                        }
3667                        tcg_temp_free_ptr(fpst);
3668                        break;
3669                    }
3670                    case 13: /* vrintz */
3671                    {
3672                        TCGv_ptr fpst = get_fpstatus_ptr(0);
3673                        TCGv_i32 tcg_rmode;
3674                        tcg_rmode = tcg_const_i32(float_round_to_zero);
3675                        gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
3676                        if (dp) {
3677                            gen_helper_rintd(cpu_F0d, cpu_F0d, fpst);
3678                        } else {
3679                            gen_helper_rints(cpu_F0s, cpu_F0s, fpst);
3680                        }
3681                        gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
3682                        tcg_temp_free_i32(tcg_rmode);
3683                        tcg_temp_free_ptr(fpst);
3684                        break;
3685                    }
3686                    case 14: /* vrintx */
3687                    {
3688                        TCGv_ptr fpst = get_fpstatus_ptr(0);
3689                        if (dp) {
3690                            gen_helper_rintd_exact(cpu_F0d, cpu_F0d, fpst);
3691                        } else {
3692                            gen_helper_rints_exact(cpu_F0s, cpu_F0s, fpst);
3693                        }
3694                        tcg_temp_free_ptr(fpst);
3695                        break;
3696                    }
3697                    case 15: /* single<->double conversion */
3698                        if (dp)
3699                            gen_helper_vfp_fcvtsd(cpu_F0s, cpu_F0d, cpu_env);
3700                        else
3701                            gen_helper_vfp_fcvtds(cpu_F0d, cpu_F0s, cpu_env);
3702                        break;
3703                    case 16: /* fuito */
3704                        gen_vfp_uito(dp, 0);
3705                        break;
3706                    case 17: /* fsito */
3707                        gen_vfp_sito(dp, 0);
3708                        break;
3709                    case 20: /* fshto */
3710                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3711                            return 1;
3712                        }
3713                        gen_vfp_shto(dp, 16 - rm, 0);
3714                        break;
3715                    case 21: /* fslto */
3716                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3717                            return 1;
3718                        }
3719                        gen_vfp_slto(dp, 32 - rm, 0);
3720                        break;
3721                    case 22: /* fuhto */
3722                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3723                            return 1;
3724                        }
3725                        gen_vfp_uhto(dp, 16 - rm, 0);
3726                        break;
3727                    case 23: /* fulto */
3728                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3729                            return 1;
3730                        }
3731                        gen_vfp_ulto(dp, 32 - rm, 0);
3732                        break;
3733                    case 24: /* ftoui */
3734                        gen_vfp_toui(dp, 0);
3735                        break;
3736                    case 25: /* ftouiz */
3737                        gen_vfp_touiz(dp, 0);
3738                        break;
3739                    case 26: /* ftosi */
3740                        gen_vfp_tosi(dp, 0);
3741                        break;
3742                    case 27: /* ftosiz */
3743                        gen_vfp_tosiz(dp, 0);
3744                        break;
3745                    case 28: /* ftosh */
3746                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3747                            return 1;
3748                        }
3749                        gen_vfp_tosh(dp, 16 - rm, 0);
3750                        break;
3751                    case 29: /* ftosl */
3752                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3753                            return 1;
3754                        }
3755                        gen_vfp_tosl(dp, 32 - rm, 0);
3756                        break;
3757                    case 30: /* ftouh */
3758                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3759                            return 1;
3760                        }
3761                        gen_vfp_touh(dp, 16 - rm, 0);
3762                        break;
3763                    case 31: /* ftoul */
3764                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3765                            return 1;
3766                        }
3767                        gen_vfp_toul(dp, 32 - rm, 0);
3768                        break;
3769                    default: /* undefined */
3770                        return 1;
3771                    }
3772                    break;
3773                default: /* undefined */
3774                    return 1;
3775                }
3776
3777                /* Write back the result.  */
3778                if (op == 15 && (rn >= 8 && rn <= 11)) {
3779                    /* Comparison, do nothing.  */
3780                } else if (op == 15 && dp && ((rn & 0x1c) == 0x18 ||
3781                                              (rn & 0x1e) == 0x6)) {
3782                    /* VCVT double to int: always integer result.
3783                     * VCVT double to half precision is always a single
3784                     * precision result.
3785                     */
3786                    gen_mov_vreg_F0(0, rd);
3787                } else if (op == 15 && rn == 15) {
3788                    /* conversion */
3789                    gen_mov_vreg_F0(!dp, rd);
3790                } else {
3791                    gen_mov_vreg_F0(dp, rd);
3792                }
3793
3794                /* break out of the loop if we have finished  */
3795                if (veclen == 0)
3796                    break;
3797
3798                if (op == 15 && delta_m == 0) {
3799                    /* single source one-many */
3800                    while (veclen--) {
3801                        rd = ((rd + delta_d) & (bank_mask - 1))
3802                             | (rd & bank_mask);
3803                        gen_mov_vreg_F0(dp, rd);
3804                    }
3805                    break;
3806                }
3807                /* Setup the next operands.  */
3808                veclen--;
3809                rd = ((rd + delta_d) & (bank_mask - 1))
3810                     | (rd & bank_mask);
3811
3812                if (op == 15) {
3813                    /* One source operand.  */
3814                    rm = ((rm + delta_m) & (bank_mask - 1))
3815                         | (rm & bank_mask);
3816                    gen_mov_F0_vreg(dp, rm);
3817                } else {
3818                    /* Two source operands.  */
3819                    rn = ((rn + delta_d) & (bank_mask - 1))
3820                         | (rn & bank_mask);
3821                    gen_mov_F0_vreg(dp, rn);
3822                    if (delta_m) {
3823                        rm = ((rm + delta_m) & (bank_mask - 1))
3824                             | (rm & bank_mask);
3825                        gen_mov_F1_vreg(dp, rm);
3826                    }
3827                }
3828            }
3829        }
3830        break;
3831    case 0xc:
3832    case 0xd:
3833        if ((insn & 0x03e00000) == 0x00400000) {
3834            /* two-register transfer */
3835            rn = (insn >> 16) & 0xf;
3836            rd = (insn >> 12) & 0xf;
3837            if (dp) {
3838                VFP_DREG_M(rm, insn);
3839            } else {
3840                rm = VFP_SREG_M(insn);
3841            }
3842
3843            if (insn & ARM_CP_RW_BIT) {
3844                /* vfp->arm */
3845                if (dp) {
3846                    gen_mov_F0_vreg(0, rm * 2);
3847                    tmp = gen_vfp_mrs();
3848                    store_reg(s, rd, tmp);
3849                    gen_mov_F0_vreg(0, rm * 2 + 1);
3850                    tmp = gen_vfp_mrs();
3851                    store_reg(s, rn, tmp);
3852                } else {
3853                    gen_mov_F0_vreg(0, rm);
3854                    tmp = gen_vfp_mrs();
3855                    store_reg(s, rd, tmp);
3856                    gen_mov_F0_vreg(0, rm + 1);
3857                    tmp = gen_vfp_mrs();
3858                    store_reg(s, rn, tmp);
3859                }
3860            } else {
3861                /* arm->vfp */
3862                if (dp) {
3863                    tmp = load_reg(s, rd);
3864                    gen_vfp_msr(tmp);
3865                    gen_mov_vreg_F0(0, rm * 2);
3866                    tmp = load_reg(s, rn);
3867                    gen_vfp_msr(tmp);
3868                    gen_mov_vreg_F0(0, rm * 2 + 1);
3869                } else {
3870                    tmp = load_reg(s, rd);
3871                    gen_vfp_msr(tmp);
3872                    gen_mov_vreg_F0(0, rm);
3873                    tmp = load_reg(s, rn);
3874                    gen_vfp_msr(tmp);
3875                    gen_mov_vreg_F0(0, rm + 1);
3876                }
3877            }
3878        } else {
3879            /* Load/store */
3880            rn = (insn >> 16) & 0xf;
3881            if (dp)
3882                VFP_DREG_D(rd, insn);
3883            else
3884                rd = VFP_SREG_D(insn);
3885            if ((insn & 0x01200000) == 0x01000000) {
3886                /* Single load/store */
3887                offset = (insn & 0xff) << 2;
3888                if ((insn & (1 << 23)) == 0)
3889                    offset = -offset;
3890                if (s->thumb && rn == 15) {
3891                    /* This is actually UNPREDICTABLE */
3892                    addr = tcg_temp_new_i32();
3893                    tcg_gen_movi_i32(addr, s->pc & ~2);
3894                } else {
3895                    addr = load_reg(s, rn);
3896                }
3897                tcg_gen_addi_i32(addr, addr, offset);
3898                if (insn & (1 << 20)) {
3899                    gen_vfp_ld(s, dp, addr);
3900                    gen_mov_vreg_F0(dp, rd);
3901                } else {
3902                    gen_mov_F0_vreg(dp, rd);
3903                    gen_vfp_st(s, dp, addr);
3904                }
3905                tcg_temp_free_i32(addr);
3906            } else {
3907                /* load/store multiple */
3908                int w = insn & (1 << 21);
3909                if (dp)
3910                    n = (insn >> 1) & 0x7f;
3911                else
3912                    n = insn & 0xff;
3913
3914                if (w && !(((insn >> 23) ^ (insn >> 24)) & 1)) {
3915                    /* P == U , W == 1  => UNDEF */
3916                    return 1;
3917                }
3918                if (n == 0 || (rd + n) > 32 || (dp && n > 16)) {
3919                    /* UNPREDICTABLE cases for bad immediates: we choose to
3920                     * UNDEF to avoid generating huge numbers of TCG ops
3921                     */
3922                    return 1;
3923                }
3924                if (rn == 15 && w) {
3925                    /* writeback to PC is UNPREDICTABLE, we choose to UNDEF */
3926                    return 1;
3927                }
3928
3929                if (s->thumb && rn == 15) {
3930                    /* This is actually UNPREDICTABLE */
3931                    addr = tcg_temp_new_i32();
3932                    tcg_gen_movi_i32(addr, s->pc & ~2);
3933                } else {
3934                    addr = load_reg(s, rn);
3935                }
3936                if (insn & (1 << 24)) /* pre-decrement */
3937                    tcg_gen_addi_i32(addr, addr, -((insn & 0xff) << 2));
3938
3939                if (dp)
3940                    offset = 8;
3941                else
3942                    offset = 4;
3943                for (i = 0; i < n; i++) {
3944                    if (insn & ARM_CP_RW_BIT) {
3945                        /* load */
3946                        gen_vfp_ld(s, dp, addr);
3947                        gen_mov_vreg_F0(dp, rd + i);
3948                    } else {
3949                        /* store */
3950                        gen_mov_F0_vreg(dp, rd + i);
3951                        gen_vfp_st(s, dp, addr);
3952                    }
3953                    tcg_gen_addi_i32(addr, addr, offset);
3954                }
3955                if (w) {
3956                    /* writeback */
3957                    if (insn & (1 << 24))
3958                        offset = -offset * n;
3959                    else if (dp && (insn & 1))
3960                        offset = 4;
3961                    else
3962                        offset = 0;
3963
3964                    if (offset != 0)
3965                        tcg_gen_addi_i32(addr, addr, offset);
3966                    store_reg(s, rn, addr);
3967                } else {
3968                    tcg_temp_free_i32(addr);
3969                }
3970            }
3971        }
3972        break;
3973    default:
3974        /* Should never happen.  */
3975        return 1;
3976    }
3977    return 0;
3978}
3979
3980static inline void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
3981{
3982    TranslationBlock *tb;
3983
3984    tb = s->tb;
3985    if ((tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK)) {
3986        tcg_gen_goto_tb(n);
3987        gen_set_pc_im(s, dest);
3988        tcg_gen_exit_tb((uintptr_t)tb + n);
3989    } else {
3990        gen_set_pc_im(s, dest);
3991        tcg_gen_exit_tb(0);
3992    }
3993}
3994
3995static inline void gen_jmp (DisasContext *s, uint32_t dest)
3996{
3997    if (unlikely(s->singlestep_enabled || s->ss_active)) {
3998        /* An indirect jump so that we still trigger the debug exception.  */
3999        if (s->thumb)
4000            dest |= 1;

4001        gen_bx_im(s, dest);
4002    } else {
4003        gen_goto_tb(s, 0, dest);
4004        s->is_jmp = DISAS_TB_JUMP;
4005    }
4006}
4007
4008static inline void gen_mulxy(TCGv_i32 t0, TCGv_i32 t1, int x, int y)
4009{
4010    if (x)
4011        tcg_gen_sari_i32(t0, t0, 16);
4012    else
4013        gen_sxth(t0);
4014    if (y)
4015        tcg_gen_sari_i32(t1, t1, 16);
4016    else
4017        gen_sxth(t1);
4018    tcg_gen_mul_i32(t0, t0, t1);
4019}
4020
4021/* Return the mask of PSR bits set by a MSR instruction.  */
4022static uint32_t msr_mask(DisasContext *s, int flags, int spsr)
4023{
4024    uint32_t mask;
4025
4026    mask = 0;
4027    if (flags & (1 << 0))
4028        mask |= 0xff;
4029    if (flags & (1 << 1))
4030        mask |= 0xff00;
4031    if (flags & (1 << 2))
4032        mask |= 0xff0000;
4033    if (flags & (1 << 3))
4034        mask |= 0xff000000;
4035
4036    /* Mask out undefined bits.  */
4037    mask &= ~CPSR_RESERVED;
4038    if (!arm_dc_feature(s, ARM_FEATURE_V4T)) {
4039        mask &= ~CPSR_T;
4040    }
4041    if (!arm_dc_feature(s, ARM_FEATURE_V5)) {
4042        mask &= ~CPSR_Q; /* V5TE in reality*/
4043    }
4044    if (!arm_dc_feature(s, ARM_FEATURE_V6)) {
4045        mask &= ~(CPSR_E | CPSR_GE);
4046    }
4047    if (!arm_dc_feature(s, ARM_FEATURE_THUMB2)) {
4048        mask &= ~CPSR_IT;
4049    }
4050    /* Mask out execution state and reserved bits.  */
4051    if (!spsr) {
4052        mask &= ~(CPSR_EXEC | CPSR_RESERVED);
4053    }
4054    /* Mask out privileged bits.  */
4055    if (IS_USER(s))
4056        mask &= CPSR_USER;
4057    return mask;
4058}
4059
4060/* Returns nonzero if access to the PSR is not permitted. Marks t0 as dead. */
4061static int gen_set_psr(DisasContext *s, uint32_t mask, int spsr, TCGv_i32 t0)
4062{
4063    TCGv_i32 tmp;
4064    if (spsr) {
4065        /* ??? This is also undefined in system mode.  */
4066        if (IS_USER(s))
4067            return 1;
4068
4069        tmp = load_cpu_field(spsr);
4070        tcg_gen_andi_i32(tmp, tmp, ~mask);
4071        tcg_gen_andi_i32(t0, t0, mask);
4072        tcg_gen_or_i32(tmp, tmp, t0);
4073        store_cpu_field(tmp, spsr);
4074    } else {
4075        gen_set_cpsr(t0, mask);
4076    }
4077    tcg_temp_free_i32(t0);
4078    gen_lookup_tb(s);
4079    return 0;
4080}
4081
4082/* Returns nonzero if access to the PSR is not permitted.  */
4083static int gen_set_psr_im(DisasContext *s, uint32_t mask, int spsr, uint32_t val)
4084{
4085    TCGv_i32 tmp;
4086    tmp = tcg_temp_new_i32();
4087    tcg_gen_movi_i32(tmp, val);
4088    return gen_set_psr(s, mask, spsr, tmp);
4089}
4090
4091/* Generate an old-style exception return. Marks pc as dead. */
4092static void gen_exception_return(DisasContext *s, TCGv_i32 pc)
4093{
4094    TCGv_i32 tmp;
4095    store_reg(s, 15, pc);
4096    tmp = load_cpu_field(spsr);
4097    gen_set_cpsr(tmp, CPSR_ERET_MASK);
4098    tcg_temp_free_i32(tmp);
4099    s->is_jmp = DISAS_JUMP;
4100}
4101
4102/* Generate a v6 exception return.  Marks both values as dead.  */
4103static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr)
4104{
4105    gen_set_cpsr(cpsr, CPSR_ERET_MASK);
4106    tcg_temp_free_i32(cpsr);
4107    store_reg(s, 15, pc);
4108    s->is_jmp = DISAS_JUMP;
4109}
4110
4111static void gen_nop_hint(DisasContext *s, int val)
4112{
4113    switch (val) {
4114    case 1: /* yield */
4115        gen_set_pc_im(s, s->pc);
4116        s->is_jmp = DISAS_YIELD;
4117        break;
4118    case 3: /* wfi */
4119        gen_set_pc_im(s, s->pc);
4120        s->is_jmp = DISAS_WFI;
4121        break;
4122    case 2: /* wfe */
4123        gen_set_pc_im(s, s->pc);
4124        s->is_jmp = DISAS_WFE;
4125        break;
4126    case 4: /* sev */
4127    case 5: /* sevl */
4128        /* TODO: Implement SEV, SEVL and WFE.  May help SMP performance.  */
4129    default: /* nop */
4130        break;
4131    }
4132}
4133
4134#define CPU_V001 cpu_V0, cpu_V0, cpu_V1
4135
4136static inline void gen_neon_add(int size, TCGv_i32 t0, TCGv_i32 t1)
4137{
4138    switch (size) {
4139    case 0: gen_helper_neon_add_u8(t0, t0, t1); break;
4140    case 1: gen_helper_neon_add_u16(t0, t0, t1); break;
4141    case 2: tcg_gen_add_i32(t0, t0, t1); break;
4142    default: abort();
4143    }
4144}
4145
4146static inline void gen_neon_rsb(int size, TCGv_i32 t0, TCGv_i32 t1)
4147{
4148    switch (size) {
4149    case 0: gen_helper_neon_sub_u8(t0, t1, t0); break;
4150    case 1: gen_helper_neon_sub_u16(t0, t1, t0); break;
4151    case 2: tcg_gen_sub_i32(t0, t1, t0); break;
4152    default: return;
4153    }
4154}
4155
4156/* 32-bit pairwise ops end up the same as the elementwise versions.  */
4157#define gen_helper_neon_pmax_s32  gen_helper_neon_max_s32
4158#define gen_helper_neon_pmax_u32  gen_helper_neon_max_u32
4159#define gen_helper_neon_pmin_s32  gen_helper_neon_min_s32
4160#define gen_helper_neon_pmin_u32  gen_helper_neon_min_u32
4161
4162#define GEN_NEON_INTEGER_OP_ENV(name) do { \
4163    switch ((size << 1) | u) { \
4164    case 0: \
4165        gen_helper_neon_##name##_s8(tmp, cpu_env, tmp, tmp2); \
4166        break; \
4167    case 1: \
4168        gen_helper_neon_##name##_u8(tmp, cpu_env, tmp, tmp2); \
4169        break; \
4170    case 2: \
4171        gen_helper_neon_##name##_s16(tmp, cpu_env, tmp, tmp2); \
4172        break; \
4173    case 3: \
4174        gen_helper_neon_##name##_u16(tmp, cpu_env, tmp, tmp2); \
4175        break; \
4176    case 4: \
4177        gen_helper_neon_##name##_s32(tmp, cpu_env, tmp, tmp2); \
4178        break; \
4179    case 5: \
4180        gen_helper_neon_##name##_u32(tmp, cpu_env, tmp, tmp2); \
4181        break; \
4182    default: return 1; \
4183    }} while (0)
4184
4185#define GEN_NEON_INTEGER_OP(name) do { \
4186    switch ((size << 1) | u) { \
4187    case 0: \
4188        gen_helper_neon_##name##_s8(tmp, tmp, tmp2); \
4189        break; \
4190    case 1: \
4191        gen_helper_neon_##name##_u8(tmp, tmp, tmp2); \
4192        break; \
4193    case 2: \
4194        gen_helper_neon_##name##_s16(tmp, tmp, tmp2); \
4195        break; \
4196    case 3: \
4197        gen_helper_neon_##name##_u16(tmp, tmp, tmp2); \
4198        break; \
4199    case 4: \
4200        gen_helper_neon_##name##_s32(tmp, tmp, tmp2); \
4201        break; \
4202    case 5: \
4203        gen_helper_neon_##name##_u32(tmp, tmp, tmp2); \
4204        break; \
4205    default: return 1; \
4206    }} while (0)
4207
4208static TCGv_i32 neon_load_scratch(int scratch)
4209{
4210    TCGv_i32 tmp = tcg_temp_new_i32();
4211    tcg_gen_ld_i32(tmp, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
4212    return tmp;
4213}
4214
4215static void neon_store_scratch(int scratch, TCGv_i32 var)
4216{
4217    tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
4218    tcg_temp_free_i32(var);
4219}
4220
4221static inline TCGv_i32 neon_get_scalar(int size, int reg)
4222{
4223    TCGv_i32 tmp;
4224    if (size == 1) {
4225        tmp = neon_load_reg(reg & 7, reg >> 4);
4226        if (reg & 8) {
4227            gen_neon_dup_high16(tmp);
4228        } else {
4229            gen_neon_dup_low16(tmp);
4230        }
4231    } else {
4232        tmp = neon_load_reg(reg & 15, reg >> 4);
4233    }
4234    return tmp;
4235}
4236
4237static int gen_neon_unzip(int rd, int rm, int size, int q)
4238{
4239    TCGv_i32 tmp, tmp2;
4240    if (!q && size == 2) {
4241        return 1;
4242    }
4243    tmp = tcg_const_i32(rd);
4244    tmp2 = tcg_const_i32(rm);
4245    if (q) {
4246        switch (size) {
4247        case 0:
4248            gen_helper_neon_qunzip8(cpu_env, tmp, tmp2);
4249            break;
4250        case 1:
4251            gen_helper_neon_qunzip16(cpu_env, tmp, tmp2);
4252            break;
4253        case 2:
4254            gen_helper_neon_qunzip32(cpu_env, tmp, tmp2);
4255            break;
4256        default:
4257            abort();
4258        }
4259    } else {
4260        switch (size) {
4261        case 0:
4262            gen_helper_neon_unzip8(cpu_env, tmp, tmp2);
4263            break;
4264        case 1:
4265            gen_helper_neon_unzip16(cpu_env, tmp, tmp2);
4266            break;
4267        default:
4268            abort();
4269        }
4270    }
4271    tcg_temp_free_i32(tmp);
4272    tcg_temp_free_i32(tmp2);
4273    return 0;
4274}
4275
4276static int gen_neon_zip(int rd, int rm, int size, int q)
4277{
4278    TCGv_i32 tmp, tmp2;
4279    if (!q && size == 2) {
4280        return 1;
4281    }
4282    tmp = tcg_const_i32(rd);
4283    tmp2 = tcg_const_i32(rm);
4284    if (q) {
4285        switch (size) {
4286        case 0:
4287            gen_helper_neon_qzip8(cpu_env, tmp, tmp2);
4288            break;
4289        case 1:
4290            gen_helper_neon_qzip16(cpu_env, tmp, tmp2);
4291            break;
4292        case 2:
4293            gen_helper_neon_qzip32(cpu_env, tmp, tmp2);
4294            break;
4295        default:
4296            abort();
4297        }
4298    } else {
4299        switch (size) {
4300        case 0:
4301            gen_helper_neon_zip8(cpu_env, tmp, tmp2);
4302            break;
4303        case 1:
4304            gen_helper_neon_zip16(cpu_env, tmp, tmp2);
4305            break;
4306        default:
4307            abort();
4308        }
4309    }
4310    tcg_temp_free_i32(tmp);
4311    tcg_temp_free_i32(tmp2);
4312    return 0;
4313}
4314
4315static void gen_neon_trn_u8(TCGv_i32 t0, TCGv_i32 t1)
4316{
4317    TCGv_i32 rd, tmp;
4318
4319    rd = tcg_temp_new_i32();
4320    tmp = tcg_temp_new_i32();
4321
4322    tcg_gen_shli_i32(rd, t0, 8);
4323    tcg_gen_andi_i32(rd, rd, 0xff00ff00);
4324    tcg_gen_andi_i32(tmp, t1, 0x00ff00ff);
4325    tcg_gen_or_i32(rd, rd, tmp);
4326
4327    tcg_gen_shri_i32(t1, t1, 8);
4328    tcg_gen_andi_i32(t1, t1, 0x00ff00ff);
4329    tcg_gen_andi_i32(tmp, t0, 0xff00ff00);
4330    tcg_gen_or_i32(t1, t1, tmp);
4331    tcg_gen_mov_i32(t0, rd);
4332
4333    tcg_temp_free_i32(tmp);
4334    tcg_temp_free_i32(rd);
4335}
4336
4337static void gen_neon_trn_u16(TCGv_i32 t0, TCGv_i32 t1)
4338{
4339    TCGv_i32 rd, tmp;
4340
4341    rd = tcg_temp_new_i32();
4342    tmp = tcg_temp_new_i32();
4343
4344    tcg_gen_shli_i32(rd, t0, 16);
4345    tcg_gen_andi_i32(tmp, t1, 0xffff);
4346    tcg_gen_or_i32(rd, rd, tmp);
4347    tcg_gen_shri_i32(t1, t1, 16);
4348    tcg_gen_andi_i32(tmp, t0, 0xffff0000);
4349    tcg_gen_or_i32(t1, t1, tmp);
4350    tcg_gen_mov_i32(t0, rd);
4351
4352    tcg_temp_free_i32(tmp);
4353    tcg_temp_free_i32(rd);
4354}
4355
4356
4357static struct {
4358    int nregs;
4359    int interleave;
4360    int spacing;
4361} neon_ls_element_type[11] = {
4362    {4, 4, 1},
4363    {4, 4, 2},
4364    {4, 1, 1},
4365    {4, 2, 1},
4366    {3, 3, 1},
4367    {3, 3, 2},
4368    {3, 1, 1},
4369    {1, 1, 1},
4370    {2, 2, 1},
4371    {2, 2, 2},
4372    {2, 1, 1}
4373};
4374
4375/* Translate a NEON load/store element instruction.  Return nonzero if the
4376   instruction is invalid.  */
4377static int disas_neon_ls_insn(DisasContext *s, uint32_t insn)
4378{
4379    int rd, rn, rm;
4380    int op;
4381    int nregs;
4382    int interleave;
4383    int spacing;
4384    int stride;
4385    int size;
4386    int reg;
4387    int pass;
4388    int load;
4389    int shift;
4390    int n;
4391    TCGv_i32 addr;
4392    TCGv_i32 tmp;
4393    TCGv_i32 tmp2;
4394    TCGv_i64 tmp64;
4395
4396    /* FIXME: this access check should not take precedence over UNDEF
4397     * for invalid encodings; we will generate incorrect syndrome information
4398     * for attempts to execute invalid vfp/neon encodings with FP disabled.
4399     */
4400    if (s->fp_excp_el) {
4401        gen_exception_insn(s, 4, EXCP_UDEF,
4402                           syn_fp_access_trap(1, 0xe, s->thumb), s->fp_excp_el);
4403        return 0;
4404    }
4405
4406    if (!s->vfp_enabled)
4407      return 1;
4408    VFP_DREG_D(rd, insn);
4409    rn = (insn >> 16) & 0xf;
4410    rm = insn & 0xf;
4411    load = (insn & (1 << 21)) != 0;
4412    if ((insn & (1 << 23)) == 0) {
4413        /* Load store all elements.  */
4414        op = (insn >> 8) & 0xf;
4415        size = (insn >> 6) & 3;
4416        if (op > 10)
4417            return 1;
4418        /* Catch UNDEF cases for bad values of align field */
4419        switch (op & 0xc) {
4420        case 4:
4421            if (((insn >> 5) & 1) == 1) {
4422                return 1;
4423            }
4424            break;
4425        case 8:
4426            if (((insn >> 4) & 3) == 3) {
4427                return 1;
4428            }
4429            break;
4430        default:
4431            break;
4432        }
4433        nregs = neon_ls_element_type[op].nregs;
4434        interleave = neon_ls_element_type[op].interleave;
4435        spacing = neon_ls_element_type[op].spacing;
4436        if (size == 3 && (interleave | spacing) != 1)
4437            return 1;
4438        addr = tcg_temp_new_i32();
4439        load_reg_var(s, addr, rn);
4440        stride = (1 << size) * interleave;
4441        for (reg = 0; reg < nregs; reg++) {
4442            if (interleave > 2 || (interleave == 2 && nregs == 2)) {
4443                load_reg_var(s, addr, rn);
4444                tcg_gen_addi_i32(addr, addr, (1 << size) * reg);
4445            } else if (interleave == 2 && nregs == 4 && reg == 2) {
4446                load_reg_var(s, addr, rn);
4447                tcg_gen_addi_i32(addr, addr, 1 << size);
4448            }
4449            if (size == 3) {
4450                tmp64 = tcg_temp_new_i64();
4451                if (load) {
4452                    gen_aa32_ld64(tmp64, addr, get_mem_index(s));
4453                    neon_store_reg64(tmp64, rd);
4454                } else {
4455                    neon_load_reg64(tmp64, rd);
4456                    gen_aa32_st64(tmp64, addr, get_mem_index(s));
4457                }
4458                tcg_temp_free_i64(tmp64);
4459                tcg_gen_addi_i32(addr, addr, stride);
4460            } else {
4461                for (pass = 0; pass < 2; pass++) {
4462                    if (size == 2) {
4463                        if (load) {
4464                            tmp = tcg_temp_new_i32();
4465                            gen_aa32_ld32u(tmp, addr, get_mem_index(s));
4466                            neon_store_reg(rd, pass, tmp);
4467                        } else {
4468                            tmp = neon_load_reg(rd, pass);
4469                            gen_aa32_st32(tmp, addr, get_mem_index(s));
4470                            tcg_temp_free_i32(tmp);
4471                        }
4472                        tcg_gen_addi_i32(addr, addr, stride);
4473                    } else if (size == 1) {
4474                        if (load) {
4475                            tmp = tcg_temp_new_i32();
4476                            gen_aa32_ld16u(tmp, addr, get_mem_index(s));
4477                            tcg_gen_addi_i32(addr, addr, stride);
4478                            tmp2 = tcg_temp_new_i32();
4479                            gen_aa32_ld16u(tmp2, addr, get_mem_index(s));
4480                            tcg_gen_addi_i32(addr, addr, stride);
4481                            tcg_gen_shli_i32(tmp2, tmp2, 16);
4482                            tcg_gen_or_i32(tmp, tmp, tmp2);
4483                            tcg_temp_free_i32(tmp2);
4484                            neon_store_reg(rd, pass, tmp);
4485                        } else {
4486                            tmp = neon_load_reg(rd, pass);
4487                            tmp2 = tcg_temp_new_i32();
4488                            tcg_gen_shri_i32(tmp2, tmp, 16);
4489                            gen_aa32_st16(tmp, addr, get_mem_index(s));
4490                            tcg_temp_free_i32(tmp);
4491                            tcg_gen_addi_i32(addr, addr, stride);
4492                            gen_aa32_st16(tmp2, addr, get_mem_index(s));
4493                            tcg_temp_free_i32(tmp2);
4494                            tcg_gen_addi_i32(addr, addr, stride);
4495                        }
4496                    } else /* size == 0 */ {
4497                        if (load) {
4498                            TCGV_UNUSED_I32(tmp2);
4499                            for (n = 0; n < 4; n++) {
4500                                tmp = tcg_temp_new_i32();
4501                                gen_aa32_ld8u(tmp, addr, get_mem_index(s));
4502                                tcg_gen_addi_i32(addr, addr, stride);
4503                                if (n == 0) {
4504                                    tmp2 = tmp;
4505                                } else {
4506                                    tcg_gen_shli_i32(tmp, tmp, n * 8);
4507                                    tcg_gen_or_i32(tmp2, tmp2, tmp);
4508                                    tcg_temp_free_i32(tmp);
4509                                }
4510                            }
4511                            neon_store_reg(rd, pass, tmp2);
4512                        } else {
4513                            tmp2 = neon_load_reg(rd, pass);
4514                            for (n = 0; n < 4; n++) {
4515                                tmp = tcg_temp_new_i32();
4516                                if (n == 0) {
4517                                    tcg_gen_mov_i32(tmp, tmp2);
4518                                } else {
4519                                    tcg_gen_shri_i32(tmp, tmp2, n * 8);
4520                                }
4521                                gen_aa32_st8(tmp, addr, get_mem_index(s));
4522                                tcg_temp_free_i32(tmp);
4523                                tcg_gen_addi_i32(addr, addr, stride);
4524                            }
4525                            tcg_temp_free_i32(tmp2);
4526                        }
4527                    }
4528                }
4529            }
4530            rd += spacing;
4531        }
4532        tcg_temp_free_i32(addr);
4533        stride = nregs * 8;
4534    } else {
4535        size = (insn >> 10) & 3;
4536        if (size == 3) {
4537            /* Load single element to all lanes.  */
4538            int a = (insn >> 4) & 1;
4539            if (!load) {
4540                return 1;
4541            }
4542            size = (insn >> 6) & 3;
4543            nregs = ((insn >> 8) & 3) + 1;
4544
4545            if (size == 3) {
4546                if (nregs != 4 || a == 0) {
4547                    return 1;
4548                }
4549                /* For VLD4 size==3 a == 1 means 32 bits at 16 byte alignment */
4550                size = 2;
4551            }
4552            if (nregs == 1 && a == 1 && size == 0) {
4553                return 1;
4554            }
4555            if (nregs == 3 && a == 1) {
4556                return 1;
4557            }
4558            addr = tcg_temp_new_i32();
4559            load_reg_var(s, addr, rn);
4560            if (nregs == 1) {
4561                /* VLD1 to all lanes: bit 5 indicates how many Dregs to write */
4562                tmp = gen_load_and_replicate(s, addr, size);
4563                tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 0));
4564                tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 1));
4565                if (insn & (1 << 5)) {
4566                    tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd + 1, 0));
4567                    tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd + 1, 1));
4568                }
4569                tcg_temp_free_i32(tmp);
4570            } else {
4571                /* VLD2/3/4 to all lanes: bit 5 indicates register stride */
4572                stride = (insn & (1 << 5)) ? 2 : 1;
4573                for (reg = 0; reg < nregs; reg++) {
4574                    tmp = gen_load_and_replicate(s, addr, size);
4575                    tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 0));
4576                    tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 1));
4577                    tcg_temp_free_i32(tmp);
4578                    tcg_gen_addi_i32(addr, addr, 1 << size);
4579                    rd += stride;
4580                }
4581            }
4582            tcg_temp_free_i32(addr);
4583            stride = (1 << size) * nregs;
4584        } else {
4585            /* Single element.  */
4586            int idx = (insn >> 4) & 0xf;
4587            pass = (insn >> 7) & 1;
4588            switch (size) {
4589            case 0:
4590                shift = ((insn >> 5) & 3) * 8;
4591                stride = 1;
4592                break;
4593            case 1:
4594                shift = ((insn >> 6) & 1) * 16;
4595                stride = (insn & (1 << 5)) ? 2 : 1;
4596                break;
4597            case 2:
4598                shift = 0;
4599                stride = (insn & (1 << 6)) ? 2 : 1;
4600                break;
4601            default:
4602                abort();
4603            }
4604            nregs = ((insn >> 8) & 3) + 1;
4605            /* Catch the UNDEF cases. This is unavoidably a bit messy. */
4606            switch (nregs) {
4607            case 1:
4608                if (((idx & (1 << size)) != 0) ||
4609                    (size == 2 && ((idx & 3) == 1 || (idx & 3) == 2))) {
4610                    return 1;
4611                }
4612                break;
4613            case 3:
4614                if ((idx & 1) != 0) {
4615                    return 1;
4616                }
4617                /* fall through */
4618            case 2:
4619                if (size == 2 && (idx & 2) != 0) {
4620                    return 1;
4621                }
4622                break;
4623            case 4:
4624                if ((size == 2) && ((idx & 3) == 3)) {
4625                    return 1;
4626                }
4627                break;
4628            default:
4629                abort();
4630            }
4631            if ((rd + stride * (nregs - 1)) > 31) {
4632                /* Attempts to write off the end of the register file
4633                 * are UNPREDICTABLE; we choose to UNDEF because otherwise
4634                 * the neon_load_reg() would write off the end of the array.
4635                 */
4636                return 1;
4637            }
4638            addr = tcg_temp_new_i32();
4639            load_reg_var(s, addr, rn);
4640            for (reg = 0; reg < nregs; reg++) {
4641                if (load) {
4642                    tmp = tcg_temp_new_i32();
4643                    switch (size) {
4644                    case 0:
4645                        gen_aa32_ld8u(tmp, addr, get_mem_index(s));
4646                        break;
4647                    case 1:
4648                        gen_aa32_ld16u(tmp, addr, get_mem_index(s));
4649                        break;
4650                    case 2:
4651                        gen_aa32_ld32u(tmp, addr, get_mem_index(s));
4652                        break;
4653                    default: /* Avoid compiler warnings.  */
4654                        abort();
4655                    }
4656                    if (size != 2) {
4657                        tmp2 = neon_load_reg(rd, pass);
4658                        tcg_gen_deposit_i32(tmp, tmp2, tmp,
4659                                            shift, size ? 16 : 8);
4660                        tcg_temp_free_i32(tmp2);
4661                    }
4662                    neon_store_reg(rd, pass, tmp);
4663                } else { /* Store */
4664                    tmp = neon_load_reg(rd, pass);
4665                    if (shift)
4666                        tcg_gen_shri_i32(tmp, tmp, shift);
4667                    switch (size) {
4668                    case 0:
4669                        gen_aa32_st8(tmp, addr, get_mem_index(s));
4670                        break;
4671                    case 1:
4672                        gen_aa32_st16(tmp, addr, get_mem_index(s));
4673                        break;
4674                    case 2:
4675                        gen_aa32_st32(tmp, addr, get_mem_index(s));
4676                        break;
4677                    }
4678                    tcg_temp_free_i32(tmp);
4679                }
4680                rd += stride;
4681                tcg_gen_addi_i32(addr, addr, 1 << size);
4682            }
4683            tcg_temp_free_i32(addr);
4684            stride = nregs * (1 << size);
4685        }
4686    }
4687    if (rm != 15) {
4688        TCGv_i32 base;
4689
4690        base = load_reg(s, rn);
4691        if (rm == 13) {
4692            tcg_gen_addi_i32(base, base, stride);
4693        } else {
4694            TCGv_i32 index;
4695            index = load_reg(s, rm);
4696            tcg_gen_add_i32(base, base, index);
4697            tcg_temp_free_i32(index);
4698        }
4699        store_reg(s, rn, base);
4700    }
4701    return 0;
4702}
4703
4704/* Bitwise select.  dest = c ? t : f.  Clobbers T and F.  */
4705static void gen_neon_bsl(TCGv_i32 dest, TCGv_i32 t, TCGv_i32 f, TCGv_i32 c)
4706{
4707    tcg_gen_and_i32(t, t, c);
4708    tcg_gen_andc_i32(f, f, c);
4709    tcg_gen_or_i32(dest, t, f);
4710}
4711
4712static inline void gen_neon_narrow(int size, TCGv_i32 dest, TCGv_i64 src)
4713{
4714    switch (size) {
4715    case 0: gen_helper_neon_narrow_u8(dest, src); break;
4716    case 1: gen_helper_neon_narrow_u16(dest, src); break;
4717    case 2: tcg_gen_extrl_i64_i32(dest, src); break;
4718    default: abort();
4719    }
4720}
4721
4722static inline void gen_neon_narrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
4723{
4724    switch (size) {
4725    case 0: gen_helper_neon_narrow_sat_s8(dest, cpu_env, src); break;
4726    case 1: gen_helper_neon_narrow_sat_s16(dest, cpu_env, src); break;
4727    case 2: gen_helper_neon_narrow_sat_s32(dest, cpu_env, src); break;
4728    default: abort();
4729    }
4730}
4731
4732static inline void gen_neon_narrow_satu(int size, TCGv_i32 dest, TCGv_i64 src)
4733{
4734    switch (size) {
4735    case 0: gen_helper_neon_narrow_sat_u8(dest, cpu_env, src); break;
4736    case 1: gen_helper_neon_narrow_sat_u16(dest, cpu_env, src); break;
4737    case 2: gen_helper_neon_narrow_sat_u32(dest, cpu_env, src); break;
4738    default: abort();
4739    }
4740}
4741
4742static inline void gen_neon_unarrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
4743{
4744    switch (size) {
4745    case 0: gen_helper_neon_unarrow_sat8(dest, cpu_env, src); break;
4746    case 1: gen_helper_neon_unarrow_sat16(dest, cpu_env, src); break;
4747    case 2: gen_helper_neon_unarrow_sat32(dest, cpu_env, src); break;
4748    default: abort();
4749    }
4750}
4751
4752static inline void gen_neon_shift_narrow(int size, TCGv_i32 var, TCGv_i32 shift,
4753                                         int q, int u)
4754{
4755    if (q) {
4756        if (u) {
4757            switch (size) {
4758            case 1: gen_helper_neon_rshl_u16(var, var, shift); break;
4759            case 2: gen_helper_neon_rshl_u32(var, var, shift); break;
4760            default: abort();
4761            }
4762        } else {
4763            switch (size) {
4764            case 1: gen_helper_neon_rshl_s16(var, var, shift); break;
4765            case 2: gen_helper_neon_rshl_s32(var, var, shift); break;
4766            default: abort();
4767            }
4768        }
4769    } else {
4770        if (u) {
4771            switch (size) {
4772            case 1: gen_helper_neon_shl_u16(var, var, shift); break;
4773            case 2: gen_helper_neon_shl_u32(var, var, shift); break;
4774            default: abort();
4775            }
4776        } else {
4777            switch (size) {
4778            case 1: gen_helper_neon_shl_s16(var, var, shift); break;
4779            case 2: gen_helper_neon_shl_s32(var, var, shift); break;
4780            default: abort();
4781            }
4782        }
4783    }
4784}
4785
4786static inline void gen_neon_widen(TCGv_i64 dest, TCGv_i32 src, int size, int u)
4787{
4788    if (u) {
4789        switch (size) {
4790        case 0: gen_helper_neon_widen_u8(dest, src); break;
4791        case 1: gen_helper_neon_widen_u16(dest, src); break;
4792        case 2: tcg_gen_extu_i32_i64(dest, src); break;
4793        default: abort();
4794        }
4795    } else {
4796        switch (size) {
4797        case 0: gen_helper_neon_widen_s8(dest, src); break;
4798        case 1: gen_helper_neon_widen_s16(dest, src); break;
4799        case 2: tcg_gen_ext_i32_i64(dest, src); break;
4800        default: abort();
4801        }
4802    }
4803    tcg_temp_free_i32(src);
4804}
4805
4806static inline void gen_neon_addl(int size)
4807{
4808    switch (size) {
4809    case 0: gen_helper_neon_addl_u16(CPU_V001); break;
4810    case 1: gen_helper_neon_addl_u32(CPU_V001); break;
4811    case 2: tcg_gen_add_i64(CPU_V001); break;
4812    default: abort();
4813    }
4814}
4815
4816static inline void gen_neon_subl(int size)
4817{
4818    switch (size) {
4819    case 0: gen_helper_neon_subl_u16(CPU_V001); break;
4820    case 1: gen_helper_neon_subl_u32(CPU_V001); break;
4821    case 2: tcg_gen_sub_i64(CPU_V001); break;
4822    default: abort();
4823    }
4824}
4825
4826static inline void gen_neon_negl(TCGv_i64 var, int size)
4827{
4828    switch (size) {
4829    case 0: gen_helper_neon_negl_u16(var, var); break;
4830    case 1: gen_helper_neon_negl_u32(var, var); break;
4831    case 2:
4832        tcg_gen_neg_i64(var, var);
4833        break;
4834    default: abort();
4835    }
4836}
4837
4838static inline void gen_neon_addl_saturate(TCGv_i64 op0, TCGv_i64 op1, int size)
4839{
4840    switch (size) {
4841    case 1: gen_helper_neon_addl_saturate_s32(op0, cpu_env, op0, op1); break;
4842    case 2: gen_helper_neon_addl_saturate_s64(op0, cpu_env, op0, op1); break;
4843    default: abort();
4844    }
4845}
4846
4847static inline void gen_neon_mull(TCGv_i64 dest, TCGv_i32 a, TCGv_i32 b,
4848                                 int size, int u)
4849{
4850    TCGv_i64 tmp;
4851
4852    switch ((size << 1) | u) {
4853    case 0: gen_helper_neon_mull_s8(dest, a, b); break;
4854    case 1: gen_helper_neon_mull_u8(dest, a, b); break;
4855    case 2: gen_helper_neon_mull_s16(dest, a, b); break;
4856    case 3: gen_helper_neon_mull_u16(dest, a, b); break;
4857    case 4:
4858        tmp = gen_muls_i64_i32(a, b);
4859        tcg_gen_mov_i64(dest, tmp);
4860        tcg_temp_free_i64(tmp);
4861        break;
4862    case 5:
4863        tmp = gen_mulu_i64_i32(a, b);
4864        tcg_gen_mov_i64(dest, tmp);
4865        tcg_temp_free_i64(tmp);
4866        break;
4867    default: abort();
4868    }
4869
4870    /* gen_helper_neon_mull_[su]{8|16} do not free their parameters.
4871       Don't forget to clean them now.  */
4872    if (size < 2) {
4873        tcg_temp_free_i32(a);
4874        tcg_temp_free_i32(b);
4875    }
4876}
4877
4878static void gen_neon_narrow_op(int op, int u, int size,
4879                               TCGv_i32 dest, TCGv_i64 src)
4880{
4881    if (op) {
4882        if (u) {
4883            gen_neon_unarrow_sats(size, dest, src);
4884        } else {
4885            gen_neon_narrow(size, dest, src);
4886        }
4887    } else {
4888        if (u) {
4889            gen_neon_narrow_satu(size, dest, src);
4890        } else {
4891            gen_neon_narrow_sats(size, dest, src);
4892        }
4893    }
4894}
4895
4896/* Symbolic constants for op fields for Neon 3-register same-length.
4897 * The values correspond to bits [11:8,4]; see the ARM ARM DDI0406B
4898 * table A7-9.
4899 */
4900#define NEON_3R_VHADD 0
4901#define NEON_3R_VQADD 1
4902#define NEON_3R_VRHADD 2
4903#define NEON_3R_LOGIC 3 /* VAND,VBIC,VORR,VMOV,VORN,VEOR,VBIF,VBIT,VBSL */
4904#define NEON_3R_VHSUB 4
4905#define NEON_3R_VQSUB 5
4906#define NEON_3R_VCGT 6
4907#define NEON_3R_VCGE 7
4908#define NEON_3R_VSHL 8
4909#define NEON_3R_VQSHL 9
4910#define NEON_3R_VRSHL 10
4911#define NEON_3R_VQRSHL 11
4912#define NEON_3R_VMAX 12
4913#define NEON_3R_VMIN 13
4914#define NEON_3R_VABD 14
4915#define NEON_3R_VABA 15
4916#define NEON_3R_VADD_VSUB 16
4917#define NEON_3R_VTST_VCEQ 17
4918#define NEON_3R_VML 18 /* VMLA, VMLAL, VMLS, VMLSL */
4919#define NEON_3R_VMUL 19
4920#define NEON_3R_VPMAX 20
4921#define NEON_3R_VPMIN 21
4922#define NEON_3R_VQDMULH_VQRDMULH 22
4923#define NEON_3R_VPADD 23
4924#define NEON_3R_SHA 24 /* SHA1C,SHA1P,SHA1M,SHA1SU0,SHA256H{2},SHA256SU1 */
4925#define NEON_3R_VFM 25 /* VFMA, VFMS : float fused multiply-add */
4926#define NEON_3R_FLOAT_ARITH 26 /* float VADD, VSUB, VPADD, VABD */
4927#define NEON_3R_FLOAT_MULTIPLY 27 /* float VMLA, VMLS, VMUL */
4928#define NEON_3R_FLOAT_CMP 28 /* float VCEQ, VCGE, VCGT */
4929#define NEON_3R_FLOAT_ACMP 29 /* float VACGE, VACGT, VACLE, VACLT */
4930#define NEON_3R_FLOAT_MINMAX 30 /* float VMIN, VMAX */
4931#define NEON_3R_FLOAT_MISC 31 /* float VRECPS, VRSQRTS, VMAXNM/MINNM */
4932
4933static const uint8_t neon_3r_sizes[] = {
4934    [NEON_3R_VHADD] = 0x7,
4935    [NEON_3R_VQADD] = 0xf,
4936    [NEON_3R_VRHADD] = 0x7,
4937    [NEON_3R_LOGIC] = 0xf, /* size field encodes op type */
4938    [NEON_3R_VHSUB] = 0x7,
4939    [NEON_3R_VQSUB] = 0xf,
4940    [NEON_3R_VCGT] = 0x7,
4941    [NEON_3R_VCGE] = 0x7,
4942    [NEON_3R_VSHL] = 0xf,
4943    [NEON_3R_VQSHL] = 0xf,
4944    [NEON_3R_VRSHL] = 0xf,
4945    [NEON_3R_VQRSHL] = 0xf,
4946    [NEON_3R_VMAX] = 0x7,
4947    [NEON_3R_VMIN] = 0x7,
4948    [NEON_3R_VABD] = 0x7,
4949    [NEON_3R_VABA] = 0x7,
4950    [NEON_3R_VADD_VSUB] = 0xf,
4951    [NEON_3R_VTST_VCEQ] = 0x7,
4952    [NEON_3R_VML] = 0x7,
4953    [NEON_3R_VMUL] = 0x7,
4954    [NEON_3R_VPMAX] = 0x7,
4955    [NEON_3R_VPMIN] = 0x7,
4956    [NEON_3R_VQDMULH_VQRDMULH] = 0x6,
4957    [NEON_3R_VPADD] = 0x7,
4958    [NEON_3R_SHA] = 0xf, /* size field encodes op type */
4959    [NEON_3R_VFM] = 0x5, /* size bit 1 encodes op */
4960    [NEON_3R_FLOAT_ARITH] = 0x5, /* size bit 1 encodes op */
4961    [NEON_3R_FLOAT_MULTIPLY] = 0x5, /* size bit 1 encodes op */
4962    [NEON_3R_FLOAT_CMP] = 0x5, /* size bit 1 encodes op */
4963    [NEON_3R_FLOAT_ACMP] = 0x5, /* size bit 1 encodes op */
4964    [NEON_3R_FLOAT_MINMAX] = 0x5, /* size bit 1 encodes op */
4965    [NEON_3R_FLOAT_MISC] = 0x5, /* size bit 1 encodes op */
4966};
4967
4968/* Symbolic constants for op fields for Neon 2-register miscellaneous.
4969 * The values correspond to bits [17:16,10:7]; see the ARM ARM DDI0406B
4970 * table A7-13.
4971 */
4972#define NEON_2RM_VREV64 0
4973#define NEON_2RM_VREV32 1
4974#define NEON_2RM_VREV16 2
4975#define NEON_2RM_VPADDL 4
4976#define NEON_2RM_VPADDL_U 5
4977#define NEON_2RM_AESE 6 /* Includes AESD */
4978#define NEON_2RM_AESMC 7 /* Includes AESIMC */
4979#define NEON_2RM_VCLS 8
4980#define NEON_2RM_VCLZ 9
4981#define NEON_2RM_VCNT 10
4982#define NEON_2RM_VMVN 11
4983#define NEON_2RM_VPADAL 12
4984#define NEON_2RM_VPADAL_U 13
4985#define NEON_2RM_VQABS 14
4986#define NEON_2RM_VQNEG 15
4987#define NEON_2RM_VCGT0 16
4988#define NEON_2RM_VCGE0 17
4989#define NEON_2RM_VCEQ0 18
4990#define NEON_2RM_VCLE0 19
4991#define NEON_2RM_VCLT0 20
4992#define NEON_2RM_SHA1H 21
4993#define NEON_2RM_VABS 22
4994#define NEON_2RM_VNEG 23
4995#define NEON_2RM_VCGT0_F 24
4996#define NEON_2RM_VCGE0_F 25
4997#define NEON_2RM_VCEQ0_F 26
4998#define NEON_2RM_VCLE0_F 27
4999#define NEON_2RM_VCLT0_F 28
5000#define NEON_2RM_VABS_F 30

5001#define NEON_2RM_VNEG_F 31
5002#define NEON_2RM_VSWP 32
5003#define NEON_2RM_VTRN 33
5004#define NEON_2RM_VUZP 34
5005#define NEON_2RM_VZIP 35
5006#define NEON_2RM_VMOVN 36 /* Includes VQMOVN, VQMOVUN */
5007#define NEON_2RM_VQMOVN 37 /* Includes VQMOVUN */
5008#define NEON_2RM_VSHLL 38
5009#define NEON_2RM_SHA1SU1 39 /* Includes SHA256SU0 */
5010#define NEON_2RM_VRINTN 40
5011#define NEON_2RM_VRINTX 41
5012#define NEON_2RM_VRINTA 42
5013#define NEON_2RM_VRINTZ 43
5014#define NEON_2RM_VCVT_F16_F32 44
5015#define NEON_2RM_VRINTM 45
5016#define NEON_2RM_VCVT_F32_F16 46
5017#define NEON_2RM_VRINTP 47
5018#define NEON_2RM_VCVTAU 48
5019#define NEON_2RM_VCVTAS 49
5020#define NEON_2RM_VCVTNU 50
5021#define NEON_2RM_VCVTNS 51
5022#define NEON_2RM_VCVTPU 52
5023#define NEON_2RM_VCVTPS 53
5024#define NEON_2RM_VCVTMU 54
5025#define NEON_2RM_VCVTMS 55
5026#define NEON_2RM_VRECPE 56
5027#define NEON_2RM_VRSQRTE 57
5028#define NEON_2RM_VRECPE_F 58
5029#define NEON_2RM_VRSQRTE_F 59
5030#define NEON_2RM_VCVT_FS 60
5031#define NEON_2RM_VCVT_FU 61
5032#define NEON_2RM_VCVT_SF 62
5033#define NEON_2RM_VCVT_UF 63
5034
5035static int neon_2rm_is_float_op(int op)
5036{
5037    /* Return true if this neon 2reg-misc op is float-to-float */
5038    return (op == NEON_2RM_VABS_F || op == NEON_2RM_VNEG_F ||
5039            (op >= NEON_2RM_VRINTN && op <= NEON_2RM_VRINTZ) ||
5040            op == NEON_2RM_VRINTM ||
5041            (op >= NEON_2RM_VRINTP && op <= NEON_2RM_VCVTMS) ||
5042            op >= NEON_2RM_VRECPE_F);
5043}
5044
5045/* Each entry in this array has bit n set if the insn allows
5046 * size value n (otherwise it will UNDEF). Since unallocated
5047 * op values will have no bits set they always UNDEF.
5048 */
5049static const uint8_t neon_2rm_sizes[] = {
5050    [NEON_2RM_VREV64] = 0x7,
5051    [NEON_2RM_VREV32] = 0x3,
5052    [NEON_2RM_VREV16] = 0x1,
5053    [NEON_2RM_VPADDL] = 0x7,
5054    [NEON_2RM_VPADDL_U] = 0x7,
5055    [NEON_2RM_AESE] = 0x1,
5056    [NEON_2RM_AESMC] = 0x1,
5057    [NEON_2RM_VCLS] = 0x7,
5058    [NEON_2RM_VCLZ] = 0x7,
5059    [NEON_2RM_VCNT] = 0x1,
5060    [NEON_2RM_VMVN] = 0x1,
5061    [NEON_2RM_VPADAL] = 0x7,
5062    [NEON_2RM_VPADAL_U] = 0x7,
5063    [NEON_2RM_VQABS] = 0x7,
5064    [NEON_2RM_VQNEG] = 0x7,
5065    [NEON_2RM_VCGT0] = 0x7,
5066    [NEON_2RM_VCGE0] = 0x7,
5067    [NEON_2RM_VCEQ0] = 0x7,
5068    [NEON_2RM_VCLE0] = 0x7,
5069    [NEON_2RM_VCLT0] = 0x7,
5070    [NEON_2RM_SHA1H] = 0x4,
5071    [NEON_2RM_VABS] = 0x7,
5072    [NEON_2RM_VNEG] = 0x7,
5073    [NEON_2RM_VCGT0_F] = 0x4,
5074    [NEON_2RM_VCGE0_F] = 0x4,
5075    [NEON_2RM_VCEQ0_F] = 0x4,
5076    [NEON_2RM_VCLE0_F] = 0x4,
5077    [NEON_2RM_VCLT0_F] = 0x4,
5078    [NEON_2RM_VABS_F] = 0x4,
5079    [NEON_2RM_VNEG_F] = 0x4,
5080    [NEON_2RM_VSWP] = 0x1,
5081    [NEON_2RM_VTRN] = 0x7,
5082    [NEON_2RM_VUZP] = 0x7,
5083    [NEON_2RM_VZIP] = 0x7,
5084    [NEON_2RM_VMOVN] = 0x7,
5085    [NEON_2RM_VQMOVN] = 0x7,
5086    [NEON_2RM_VSHLL] = 0x7,
5087    [NEON_2RM_SHA1SU1] = 0x4,
5088    [NEON_2RM_VRINTN] = 0x4,
5089    [NEON_2RM_VRINTX] = 0x4,
5090    [NEON_2RM_VRINTA] = 0x4,
5091    [NEON_2RM_VRINTZ] = 0x4,
5092    [NEON_2RM_VCVT_F16_F32] = 0x2,
5093    [NEON_2RM_VRINTM] = 0x4,
5094    [NEON_2RM_VCVT_F32_F16] = 0x2,
5095    [NEON_2RM_VRINTP] = 0x4,
5096    [NEON_2RM_VCVTAU] = 0x4,
5097    [NEON_2RM_VCVTAS] = 0x4,
5098    [NEON_2RM_VCVTNU] = 0x4,
5099    [NEON_2RM_VCVTNS] = 0x4,
5100    [NEON_2RM_VCVTPU] = 0x4,
5101    [NEON_2RM_VCVTPS] = 0x4,
5102    [NEON_2RM_VCVTMU] = 0x4,
5103    [NEON_2RM_VCVTMS] = 0x4,
5104    [NEON_2RM_VRECPE] = 0x4,
5105    [NEON_2RM_VRSQRTE] = 0x4,
5106    [NEON_2RM_VRECPE_F] = 0x4,
5107    [NEON_2RM_VRSQRTE_F] = 0x4,
5108    [NEON_2RM_VCVT_FS] = 0x4,
5109    [NEON_2RM_VCVT_FU] = 0x4,
5110    [NEON_2RM_VCVT_SF] = 0x4,
5111    [NEON_2RM_VCVT_UF] = 0x4,
5112};
5113
5114/* Translate a NEON data processing instruction.  Return nonzero if the
5115   instruction is invalid.
5116   We process data in a mixture of 32-bit and 64-bit chunks.
5117   Mostly we use 32-bit chunks so we can use normal scalar instructions.  */
5118
5119static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
5120{
5121    int op;
5122    int q;
5123    int rd, rn, rm;
5124    int size;
5125    int shift;
5126    int pass;
5127    int count;
5128    int pairwise;
5129    int u;
5130    uint32_t imm, mask;
5131    TCGv_i32 tmp, tmp2, tmp3, tmp4, tmp5;
5132    TCGv_i64 tmp64;
5133
5134    /* FIXME: this access check should not take precedence over UNDEF
5135     * for invalid encodings; we will generate incorrect syndrome information
5136     * for attempts to execute invalid vfp/neon encodings with FP disabled.
5137     */
5138    if (s->fp_excp_el) {
5139        gen_exception_insn(s, 4, EXCP_UDEF,
5140                           syn_fp_access_trap(1, 0xe, s->thumb), s->fp_excp_el);
5141        return 0;
5142    }
5143
5144    if (!s->vfp_enabled)
5145      return 1;
5146    q = (insn & (1 << 6)) != 0;
5147    u = (insn >> 24) & 1;
5148    VFP_DREG_D(rd, insn);
5149    VFP_DREG_N(rn, insn);
5150    VFP_DREG_M(rm, insn);
5151    size = (insn >> 20) & 3;
5152    if ((insn & (1 << 23)) == 0) {
5153        /* Three register same length.  */
5154        op = ((insn >> 7) & 0x1e) | ((insn >> 4) & 1);
5155        /* Catch invalid op and bad size combinations: UNDEF */
5156        if ((neon_3r_sizes[op] & (1 << size)) == 0) {
5157            return 1;
5158        }
5159        /* All insns of this form UNDEF for either this condition or the
5160         * superset of cases "Q==1"; we catch the latter later.
5161         */
5162        if (q && ((rd | rn | rm) & 1)) {
5163            return 1;
5164        }
5165        /*
5166         * The SHA-1/SHA-256 3-register instructions require special treatment
5167         * here, as their size field is overloaded as an op type selector, and
5168         * they all consume their input in a single pass.
5169         */
5170        if (op == NEON_3R_SHA) {
5171            if (!q) {
5172                return 1;
5173            }
5174            if (!u) { /* SHA-1 */
5175                if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA1)) {
5176                    return 1;
5177                }
5178                tmp = tcg_const_i32(rd);
5179                tmp2 = tcg_const_i32(rn);
5180                tmp3 = tcg_const_i32(rm);
5181                tmp4 = tcg_const_i32(size);
5182                gen_helper_crypto_sha1_3reg(cpu_env, tmp, tmp2, tmp3, tmp4);
5183                tcg_temp_free_i32(tmp4);
5184            } else { /* SHA-256 */
5185                if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA256) || size == 3) {
5186                    return 1;
5187                }
5188                tmp = tcg_const_i32(rd);
5189                tmp2 = tcg_const_i32(rn);
5190                tmp3 = tcg_const_i32(rm);
5191                switch (size) {
5192                case 0:
5193                    gen_helper_crypto_sha256h(cpu_env, tmp, tmp2, tmp3);
5194                    break;
5195                case 1:
5196                    gen_helper_crypto_sha256h2(cpu_env, tmp, tmp2, tmp3);
5197                    break;
5198                case 2:
5199                    gen_helper_crypto_sha256su1(cpu_env, tmp, tmp2, tmp3);
5200                    break;
5201                }
5202            }
5203            tcg_temp_free_i32(tmp);
5204            tcg_temp_free_i32(tmp2);
5205            tcg_temp_free_i32(tmp3);
5206            return 0;
5207        }
5208        if (size == 3 && op != NEON_3R_LOGIC) {
5209            /* 64-bit element instructions. */
5210            for (pass = 0; pass < (q ? 2 : 1); pass++) {
5211                neon_load_reg64(cpu_V0, rn + pass);
5212                neon_load_reg64(cpu_V1, rm + pass);
5213                switch (op) {
5214                case NEON_3R_VQADD:
5215                    if (u) {
5216                        gen_helper_neon_qadd_u64(cpu_V0, cpu_env,
5217                                                 cpu_V0, cpu_V1);
5218                    } else {
5219                        gen_helper_neon_qadd_s64(cpu_V0, cpu_env,
5220                                                 cpu_V0, cpu_V1);
5221                    }
5222                    break;
5223                case NEON_3R_VQSUB:
5224                    if (u) {
5225                        gen_helper_neon_qsub_u64(cpu_V0, cpu_env,
5226                                                 cpu_V0, cpu_V1);
5227                    } else {
5228                        gen_helper_neon_qsub_s64(cpu_V0, cpu_env,
5229                                                 cpu_V0, cpu_V1);
5230                    }
5231                    break;
5232                case NEON_3R_VSHL:
5233                    if (u) {
5234                        gen_helper_neon_shl_u64(cpu_V0, cpu_V1, cpu_V0);
5235                    } else {
5236                        gen_helper_neon_shl_s64(cpu_V0, cpu_V1, cpu_V0);
5237                    }
5238                    break;
5239                case NEON_3R_VQSHL:
5240                    if (u) {
5241                        gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5242                                                 cpu_V1, cpu_V0);
5243                    } else {
5244                        gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5245                                                 cpu_V1, cpu_V0);
5246                    }
5247                    break;
5248                case NEON_3R_VRSHL:
5249                    if (u) {
5250                        gen_helper_neon_rshl_u64(cpu_V0, cpu_V1, cpu_V0);
5251                    } else {
5252                        gen_helper_neon_rshl_s64(cpu_V0, cpu_V1, cpu_V0);
5253                    }
5254                    break;
5255                case NEON_3R_VQRSHL:
5256                    if (u) {
5257                        gen_helper_neon_qrshl_u64(cpu_V0, cpu_env,
5258                                                  cpu_V1, cpu_V0);
5259                    } else {
5260                        gen_helper_neon_qrshl_s64(cpu_V0, cpu_env,
5261                                                  cpu_V1, cpu_V0);
5262                    }
5263                    break;
5264                case NEON_3R_VADD_VSUB:
5265                    if (u) {
5266                        tcg_gen_sub_i64(CPU_V001);
5267                    } else {
5268                        tcg_gen_add_i64(CPU_V001);
5269                    }
5270                    break;
5271                default:
5272                    abort();
5273                }
5274                neon_store_reg64(cpu_V0, rd + pass);
5275            }
5276            return 0;
5277        }
5278        pairwise = 0;
5279        switch (op) {
5280        case NEON_3R_VSHL:
5281        case NEON_3R_VQSHL:
5282        case NEON_3R_VRSHL:
5283        case NEON_3R_VQRSHL:
5284            {
5285                int rtmp;
5286                /* Shift instruction operands are reversed.  */
5287                rtmp = rn;
5288                rn = rm;
5289                rm = rtmp;
5290            }
5291            break;
5292        case NEON_3R_VPADD:
5293            if (u) {
5294                return 1;
5295            }
5296            /* Fall through */
5297        case NEON_3R_VPMAX:
5298        case NEON_3R_VPMIN:
5299            pairwise = 1;
5300            break;
5301        case NEON_3R_FLOAT_ARITH:
5302            pairwise = (u && size < 2); /* if VPADD (float) */
5303            break;
5304        case NEON_3R_FLOAT_MINMAX:
5305            pairwise = u; /* if VPMIN/VPMAX (float) */
5306            break;
5307        case NEON_3R_FLOAT_CMP:
5308            if (!u && size) {
5309                /* no encoding for U=0 C=1x */
5310                return 1;
5311            }
5312            break;
5313        case NEON_3R_FLOAT_ACMP:
5314            if (!u) {
5315                return 1;
5316            }
5317            break;
5318        case NEON_3R_FLOAT_MISC:
5319            /* VMAXNM/VMINNM in ARMv8 */
5320            if (u && !arm_dc_feature(s, ARM_FEATURE_V8)) {
5321                return 1;
5322            }
5323            break;
5324        case NEON_3R_VMUL:
5325            if (u && (size != 0)) {
5326                /* UNDEF on invalid size for polynomial subcase */
5327                return 1;
5328            }
5329            break;
5330        case NEON_3R_VFM:
5331            if (!arm_dc_feature(s, ARM_FEATURE_VFP4) || u) {
5332                return 1;
5333            }
5334            break;
5335        default:
5336            break;
5337        }
5338
5339        if (pairwise && q) {
5340            /* All the pairwise insns UNDEF if Q is set */
5341            return 1;
5342        }
5343
5344        for (pass = 0; pass < (q ? 4 : 2); pass++) {
5345
5346        if (pairwise) {
5347            /* Pairwise.  */
5348            if (pass < 1) {
5349                tmp = neon_load_reg(rn, 0);
5350                tmp2 = neon_load_reg(rn, 1);
5351            } else {
5352                tmp = neon_load_reg(rm, 0);
5353                tmp2 = neon_load_reg(rm, 1);
5354            }
5355        } else {
5356            /* Elementwise.  */
5357            tmp = neon_load_reg(rn, pass);
5358            tmp2 = neon_load_reg(rm, pass);
5359        }
5360        switch (op) {
5361        case NEON_3R_VHADD:
5362            GEN_NEON_INTEGER_OP(hadd);
5363            break;
5364        case NEON_3R_VQADD:
5365            GEN_NEON_INTEGER_OP_ENV(qadd);
5366            break;
5367        case NEON_3R_VRHADD:
5368            GEN_NEON_INTEGER_OP(rhadd);
5369            break;
5370        case NEON_3R_LOGIC: /* Logic ops.  */
5371            switch ((u << 2) | size) {
5372            case 0: /* VAND */
5373                tcg_gen_and_i32(tmp, tmp, tmp2);
5374                break;
5375            case 1: /* BIC */
5376                tcg_gen_andc_i32(tmp, tmp, tmp2);
5377                break;
5378            case 2: /* VORR */
5379                tcg_gen_or_i32(tmp, tmp, tmp2);
5380                break;
5381            case 3: /* VORN */
5382                tcg_gen_orc_i32(tmp, tmp, tmp2);
5383                break;
5384            case 4: /* VEOR */
5385                tcg_gen_xor_i32(tmp, tmp, tmp2);
5386                break;
5387            case 5: /* VBSL */
5388                tmp3 = neon_load_reg(rd, pass);
5389                gen_neon_bsl(tmp, tmp, tmp2, tmp3);
5390                tcg_temp_free_i32(tmp3);
5391                break;
5392            case 6: /* VBIT */
5393                tmp3 = neon_load_reg(rd, pass);
5394                gen_neon_bsl(tmp, tmp, tmp3, tmp2);
5395                tcg_temp_free_i32(tmp3);
5396                break;
5397            case 7: /* VBIF */
5398                tmp3 = neon_load_reg(rd, pass);
5399                gen_neon_bsl(tmp, tmp3, tmp, tmp2);
5400                tcg_temp_free_i32(tmp3);
5401                break;
5402            }
5403            break;
5404        case NEON_3R_VHSUB:
5405            GEN_NEON_INTEGER_OP(hsub);
5406            break;
5407        case NEON_3R_VQSUB:
5408            GEN_NEON_INTEGER_OP_ENV(qsub);
5409            break;
5410        case NEON_3R_VCGT:
5411            GEN_NEON_INTEGER_OP(cgt);
5412            break;
5413        case NEON_3R_VCGE:
5414            GEN_NEON_INTEGER_OP(cge);
5415            break;
5416        case NEON_3R_VSHL:
5417            GEN_NEON_INTEGER_OP(shl);
5418            break;
5419        case NEON_3R_VQSHL:
5420            GEN_NEON_INTEGER_OP_ENV(qshl);
5421            break;
5422        case NEON_3R_VRSHL:
5423            GEN_NEON_INTEGER_OP(rshl);
5424            break;
5425        case NEON_3R_VQRSHL:
5426            GEN_NEON_INTEGER_OP_ENV(qrshl);
5427            break;
5428        case NEON_3R_VMAX:
5429            GEN_NEON_INTEGER_OP(max);
5430            break;
5431        case NEON_3R_VMIN:
5432            GEN_NEON_INTEGER_OP(min);
5433            break;
5434        case NEON_3R_VABD:
5435            GEN_NEON_INTEGER_OP(abd);
5436            break;
5437        case NEON_3R_VABA:
5438            GEN_NEON_INTEGER_OP(abd);
5439            tcg_temp_free_i32(tmp2);
5440            tmp2 = neon_load_reg(rd, pass);
5441            gen_neon_add(size, tmp, tmp2);
5442            break;
5443        case NEON_3R_VADD_VSUB:
5444            if (!u) { /* VADD */
5445                gen_neon_add(size, tmp, tmp2);
5446            } else { /* VSUB */
5447                switch (size) {
5448                case 0: gen_helper_neon_sub_u8(tmp, tmp, tmp2); break;
5449                case 1: gen_helper_neon_sub_u16(tmp, tmp, tmp2); break;
5450                case 2: tcg_gen_sub_i32(tmp, tmp, tmp2); break;
5451                default: abort();
5452                }
5453            }
5454            break;
5455        case NEON_3R_VTST_VCEQ:
5456            if (!u) { /* VTST */
5457                switch (size) {
5458                case 0: gen_helper_neon_tst_u8(tmp, tmp, tmp2); break;
5459                case 1: gen_helper_neon_tst_u16(tmp, tmp, tmp2); break;
5460                case 2: gen_helper_neon_tst_u32(tmp, tmp, tmp2); break;
5461                default: abort();
5462                }
5463            } else { /* VCEQ */
5464                switch (size) {
5465                case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
5466                case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
5467                case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
5468                default: abort();
5469                }
5470            }
5471            break;
5472        case NEON_3R_VML: /* VMLA, VMLAL, VMLS,VMLSL */
5473            switch (size) {
5474            case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
5475            case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
5476            case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
5477            default: abort();
5478            }
5479            tcg_temp_free_i32(tmp2);
5480            tmp2 = neon_load_reg(rd, pass);
5481            if (u) { /* VMLS */
5482                gen_neon_rsb(size, tmp, tmp2);
5483            } else { /* VMLA */
5484                gen_neon_add(size, tmp, tmp2);
5485            }
5486            break;
5487        case NEON_3R_VMUL:
5488            if (u) { /* polynomial */
5489                gen_helper_neon_mul_p8(tmp, tmp, tmp2);
5490            } else { /* Integer */
5491                switch (size) {
5492                case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
5493                case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
5494                case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
5495                default: abort();
5496                }
5497            }
5498            break;
5499        case NEON_3R_VPMAX:
5500            GEN_NEON_INTEGER_OP(pmax);
5501            break;
5502        case NEON_3R_VPMIN:
5503            GEN_NEON_INTEGER_OP(pmin);
5504            break;
5505        case NEON_3R_VQDMULH_VQRDMULH: /* Multiply high.  */
5506            if (!u) { /* VQDMULH */
5507                switch (size) {
5508                case 1:
5509                    gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
5510                    break;
5511                case 2:
5512                    gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
5513                    break;
5514                default: abort();
5515                }
5516            } else { /* VQRDMULH */
5517                switch (size) {
5518                case 1:
5519                    gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
5520                    break;
5521                case 2:
5522                    gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
5523                    break;
5524                default: abort();
5525                }
5526            }
5527            break;
5528        case NEON_3R_VPADD:
5529            switch (size) {
5530            case 0: gen_helper_neon_padd_u8(tmp, tmp, tmp2); break;
5531            case 1: gen_helper_neon_padd_u16(tmp, tmp, tmp2); break;
5532            case 2: tcg_gen_add_i32(tmp, tmp, tmp2); break;
5533            default: abort();
5534            }
5535            break;
5536        case NEON_3R_FLOAT_ARITH: /* Floating point arithmetic. */
5537        {
5538            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5539            switch ((u << 2) | size) {
5540            case 0: /* VADD */
5541            case 4: /* VPADD */
5542                gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
5543                break;
5544            case 2: /* VSUB */
5545                gen_helper_vfp_subs(tmp, tmp, tmp2, fpstatus);
5546                break;
5547            case 6: /* VABD */
5548                gen_helper_neon_abd_f32(tmp, tmp, tmp2, fpstatus);
5549                break;
5550            default:
5551                abort();
5552            }
5553            tcg_temp_free_ptr(fpstatus);
5554            break;
5555        }
5556        case NEON_3R_FLOAT_MULTIPLY:
5557        {
5558            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5559            gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
5560            if (!u) {
5561                tcg_temp_free_i32(tmp2);
5562                tmp2 = neon_load_reg(rd, pass);
5563                if (size == 0) {
5564                    gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
5565                } else {
5566                    gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
5567                }
5568            }
5569            tcg_temp_free_ptr(fpstatus);
5570            break;
5571        }
5572        case NEON_3R_FLOAT_CMP:
5573        {
5574            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5575            if (!u) {
5576                gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
5577            } else {
5578                if (size == 0) {
5579                    gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
5580                } else {
5581                    gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
5582                }
5583            }
5584            tcg_temp_free_ptr(fpstatus);
5585            break;
5586        }
5587        case NEON_3R_FLOAT_ACMP:
5588        {
5589            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5590            if (size == 0) {
5591                gen_helper_neon_acge_f32(tmp, tmp, tmp2, fpstatus);
5592            } else {
5593                gen_helper_neon_acgt_f32(tmp, tmp, tmp2, fpstatus);
5594            }
5595            tcg_temp_free_ptr(fpstatus);
5596            break;
5597        }
5598        case NEON_3R_FLOAT_MINMAX:
5599        {
5600            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5601            if (size == 0) {
5602                gen_helper_vfp_maxs(tmp, tmp, tmp2, fpstatus);
5603            } else {
5604                gen_helper_vfp_mins(tmp, tmp, tmp2, fpstatus);
5605            }
5606            tcg_temp_free_ptr(fpstatus);
5607            break;
5608        }
5609        case NEON_3R_FLOAT_MISC:
5610            if (u) {
5611                /* VMAXNM/VMINNM */
5612                TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5613                if (size == 0) {
5614                    gen_helper_vfp_maxnums(tmp, tmp, tmp2, fpstatus);
5615                } else {
5616                    gen_helper_vfp_minnums(tmp, tmp, tmp2, fpstatus);
5617                }
5618                tcg_temp_free_ptr(fpstatus);
5619            } else {
5620                if (size == 0) {
5621                    gen_helper_recps_f32(tmp, tmp, tmp2, cpu_env);
5622                } else {
5623                    gen_helper_rsqrts_f32(tmp, tmp, tmp2, cpu_env);
5624              }
5625            }
5626            break;
5627        case NEON_3R_VFM:
5628        {
5629            /* VFMA, VFMS: fused multiply-add */
5630            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5631            TCGv_i32 tmp3 = neon_load_reg(rd, pass);
5632            if (size) {
5633                /* VFMS */
5634                gen_helper_vfp_negs(tmp, tmp);
5635            }
5636            gen_helper_vfp_muladds(tmp, tmp, tmp2, tmp3, fpstatus);
5637            tcg_temp_free_i32(tmp3);
5638            tcg_temp_free_ptr(fpstatus);
5639            break;
5640        }
5641        default:
5642            abort();
5643        }
5644        tcg_temp_free_i32(tmp2);
5645
5646        /* Save the result.  For elementwise operations we can put it
5647           straight into the destination register.  For pairwise operations
5648           we have to be careful to avoid clobbering the source operands.  */
5649        if (pairwise && rd == rm) {
5650            neon_store_scratch(pass, tmp);
5651        } else {
5652            neon_store_reg(rd, pass, tmp);
5653        }
5654
5655        } /* for pass */
5656        if (pairwise && rd == rm) {
5657            for (pass = 0; pass < (q ? 4 : 2); pass++) {
5658                tmp = neon_load_scratch(pass);
5659                neon_store_reg(rd, pass, tmp);
5660            }
5661        }
5662        /* End of 3 register same size operations.  */
5663    } else if (insn & (1 << 4)) {
5664        if ((insn & 0x00380080) != 0) {
5665            /* Two registers and shift.  */
5666            op = (insn >> 8) & 0xf;
5667            if (insn & (1 << 7)) {
5668                /* 64-bit shift. */
5669                if (op > 7) {
5670                    return 1;
5671                }
5672                size = 3;
5673            } else {
5674                size = 2;
5675                while ((insn & (1 << (size + 19))) == 0)
5676                    size--;
5677            }
5678            shift = (insn >> 16) & ((1 << (3 + size)) - 1);
5679            /* To avoid excessive duplication of ops we implement shift
5680               by immediate using the variable shift operations.  */
5681            if (op < 8) {
5682                /* Shift by immediate:
5683                   VSHR, VSRA, VRSHR, VRSRA, VSRI, VSHL, VQSHL, VQSHLU.  */
5684                if (q && ((rd | rm) & 1)) {
5685                    return 1;
5686                }
5687                if (!u && (op == 4 || op == 6)) {
5688                    return 1;
5689                }
5690                /* Right shifts are encoded as N - shift, where N is the
5691                   element size in bits.  */
5692                if (op <= 4)
5693                    shift = shift - (1 << (size + 3));
5694                if (size == 3) {
5695                    count = q + 1;
5696                } else {
5697                    count = q ? 4: 2;
5698                }
5699                switch (size) {
5700                case 0:
5701                    imm = (uint8_t) shift;
5702                    imm |= imm << 8;
5703                    imm |= imm << 16;
5704                    break;
5705                case 1:
5706                    imm = (uint16_t) shift;
5707                    imm |= imm << 16;
5708                    break;
5709                case 2:
5710                case 3:
5711                    imm = shift;
5712                    break;
5713                default:
5714                    abort();
5715                }
5716
5717                for (pass = 0; pass < count; pass++) {
5718                    if (size == 3) {
5719                        neon_load_reg64(cpu_V0, rm + pass);
5720                        tcg_gen_movi_i64(cpu_V1, imm);
5721                        switch (op) {
5722                        case 0:  /* VSHR */
5723                        case 1:  /* VSRA */
5724                            if (u)
5725                                gen_helper_neon_shl_u64(cpu_V0, cpu_V0, cpu_V1);
5726                            else
5727                                gen_helper_neon_shl_s64(cpu_V0, cpu_V0, cpu_V1);
5728                            break;
5729                        case 2: /* VRSHR */
5730                        case 3: /* VRSRA */
5731                            if (u)
5732                                gen_helper_neon_rshl_u64(cpu_V0, cpu_V0, cpu_V1);
5733                            else
5734                                gen_helper_neon_rshl_s64(cpu_V0, cpu_V0, cpu_V1);
5735                            break;
5736                        case 4: /* VSRI */
5737                        case 5: /* VSHL, VSLI */
5738                            gen_helper_neon_shl_u64(cpu_V0, cpu_V0, cpu_V1);
5739                            break;
5740                        case 6: /* VQSHLU */
5741                            gen_helper_neon_qshlu_s64(cpu_V0, cpu_env,
5742                                                      cpu_V0, cpu_V1);
5743                            break;
5744                        case 7: /* VQSHL */
5745                            if (u) {
5746                                gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5747                                                         cpu_V0, cpu_V1);
5748                            } else {
5749                                gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5750                                                         cpu_V0, cpu_V1);
5751                            }
5752                            break;
5753                        }
5754                        if (op == 1 || op == 3) {
5755                            /* Accumulate.  */
5756                            neon_load_reg64(cpu_V1, rd + pass);
5757                            tcg_gen_add_i64(cpu_V0, cpu_V0, cpu_V1);
5758                        } else if (op == 4 || (op == 5 && u)) {
5759                            /* Insert */
5760                            neon_load_reg64(cpu_V1, rd + pass);
5761                            uint64_t mask;
5762                            if (shift < -63 || shift > 63) {
5763                                mask = 0;
5764                            } else {
5765                                if (op == 4) {
5766                                    mask = 0xffffffffffffffffull >> -shift;
5767                                } else {
5768                                    mask = 0xffffffffffffffffull << shift;
5769                                }
5770                            }
5771                            tcg_gen_andi_i64(cpu_V1, cpu_V1, ~mask);
5772                            tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
5773                        }
5774                        neon_store_reg64(cpu_V0, rd + pass);
5775                    } else { /* size < 3 */
5776                        /* Operands in T0 and T1.  */
5777                        tmp = neon_load_reg(rm, pass);
5778                        tmp2 = tcg_temp_new_i32();
5779                        tcg_gen_movi_i32(tmp2, imm);
5780                        switch (op) {
5781                        case 0:  /* VSHR */
5782                        case 1:  /* VSRA */
5783                            GEN_NEON_INTEGER_OP(shl);
5784                            break;
5785                        case 2: /* VRSHR */
5786                        case 3: /* VRSRA */
5787                            GEN_NEON_INTEGER_OP(rshl);
5788                            break;
5789                        case 4: /* VSRI */
5790                        case 5: /* VSHL, VSLI */
5791                            switch (size) {
5792                            case 0: gen_helper_neon_shl_u8(tmp, tmp, tmp2); break;
5793                            case 1: gen_helper_neon_shl_u16(tmp, tmp, tmp2); break;
5794                            case 2: gen_helper_neon_shl_u32(tmp, tmp, tmp2); break;
5795                            default: abort();
5796                            }
5797                            break;
5798                        case 6: /* VQSHLU */
5799                            switch (size) {
5800                            case 0:
5801                                gen_helper_neon_qshlu_s8(tmp, cpu_env,
5802                                                         tmp, tmp2);
5803                                break;
5804                            case 1:
5805                                gen_helper_neon_qshlu_s16(tmp, cpu_env,
5806                                                          tmp, tmp2);
5807                                break;
5808                            case 2:
5809                                gen_helper_neon_qshlu_s32(tmp, cpu_env,
5810                                                          tmp, tmp2);
5811                                break;
5812                            default:
5813                                abort();
5814                            }
5815                            break;
5816                        case 7: /* VQSHL */
5817                            GEN_NEON_INTEGER_OP_ENV(qshl);
5818                            break;
5819                        }
5820                        tcg_temp_free_i32(tmp2);
5821
5822                        if (op == 1 || op == 3) {
5823                            /* Accumulate.  */
5824                            tmp2 = neon_load_reg(rd, pass);
5825                            gen_neon_add(size, tmp, tmp2);
5826                            tcg_temp_free_i32(tmp2);
5827                        } else if (op == 4 || (op == 5 && u)) {
5828                            /* Insert */
5829                            switch (size) {
5830                            case 0:
5831                                if (op == 4)
5832                                    mask = 0xff >> -shift;
5833                                else
5834                                    mask = (uint8_t)(0xff << shift);
5835                                mask |= mask << 8;
5836                                mask |= mask << 16;
5837                                break;
5838                            case 1:
5839                                if (op == 4)
5840                                    mask = 0xffff >> -shift;
5841                                else
5842                                    mask = (uint16_t)(0xffff << shift);
5843                                mask |= mask << 16;
5844                                break;
5845                            case 2:
5846                                if (shift < -31 || shift > 31) {
5847                                    mask = 0;
5848                                } else {
5849                                    if (op == 4)
5850                                        mask = 0xffffffffu >> -shift;
5851                                    else
5852                                        mask = 0xffffffffu << shift;
5853                                }
5854                                break;
5855                            default:
5856                                abort();
5857                            }
5858                            tmp2 = neon_load_reg(rd, pass);
5859                            tcg_gen_andi_i32(tmp, tmp, mask);
5860                            tcg_gen_andi_i32(tmp2, tmp2, ~mask);
5861                            tcg_gen_or_i32(tmp, tmp, tmp2);
5862                            tcg_temp_free_i32(tmp2);
5863                        }
5864                        neon_store_reg(rd, pass, tmp);
5865                    }
5866                } /* for pass */
5867            } else if (op < 10) {
5868                /* Shift by immediate and narrow:
5869                   VSHRN, VRSHRN, VQSHRN, VQRSHRN.  */
5870                int input_unsigned = (op == 8) ? !u : u;
5871                if (rm & 1) {
5872                    return 1;
5873                }
5874                shift = shift - (1 << (size + 3));
5875                size++;
5876                if (size == 3) {
5877                    tmp64 = tcg_const_i64(shift);
5878                    neon_load_reg64(cpu_V0, rm);
5879                    neon_load_reg64(cpu_V1, rm + 1);
5880                    for (pass = 0; pass < 2; pass++) {
5881                        TCGv_i64 in;
5882                        if (pass == 0) {
5883                            in = cpu_V0;
5884                        } else {
5885                            in = cpu_V1;
5886                        }
5887                        if (q) {
5888                            if (input_unsigned) {
5889                                gen_helper_neon_rshl_u64(cpu_V0, in, tmp64);
5890                            } else {
5891                                gen_helper_neon_rshl_s64(cpu_V0, in, tmp64);
5892                            }
5893                        } else {
5894                            if (input_unsigned) {
5895                                gen_helper_neon_shl_u64(cpu_V0, in, tmp64);
5896                            } else {
5897                                gen_helper_neon_shl_s64(cpu_V0, in, tmp64);
5898                            }
5899                        }
5900                        tmp = tcg_temp_new_i32();
5901                        gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
5902                        neon_store_reg(rd, pass, tmp);
5903                    } /* for pass */
5904                    tcg_temp_free_i64(tmp64);
5905                } else {
5906                    if (size == 1) {
5907                        imm = (uint16_t)shift;
5908                        imm |= imm << 16;
5909                    } else {
5910                        /* size == 2 */
5911                        imm = (uint32_t)shift;
5912                    }
5913                    tmp2 = tcg_const_i32(imm);
5914                    tmp4 = neon_load_reg(rm + 1, 0);
5915                    tmp5 = neon_load_reg(rm + 1, 1);
5916                    for (pass = 0; pass < 2; pass++) {
5917                        if (pass == 0) {
5918                            tmp = neon_load_reg(rm, 0);
5919                        } else {
5920                            tmp = tmp4;
5921                        }
5922                        gen_neon_shift_narrow(size, tmp, tmp2, q,
5923                                              input_unsigned);
5924                        if (pass == 0) {
5925                            tmp3 = neon_load_reg(rm, 1);
5926                        } else {
5927                            tmp3 = tmp5;
5928                        }
5929                        gen_neon_shift_narrow(size, tmp3, tmp2, q,
5930                                              input_unsigned);
5931                        tcg_gen_concat_i32_i64(cpu_V0, tmp, tmp3);
5932                        tcg_temp_free_i32(tmp);
5933                        tcg_temp_free_i32(tmp3);
5934                        tmp = tcg_temp_new_i32();
5935                        gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
5936                        neon_store_reg(rd, pass, tmp);
5937                    } /* for pass */
5938                    tcg_temp_free_i32(tmp2);
5939                }
5940            } else if (op == 10) {
5941                /* VSHLL, VMOVL */
5942                if (q || (rd & 1)) {
5943                    return 1;
5944                }
5945                tmp = neon_load_reg(rm, 0);
5946                tmp2 = neon_load_reg(rm, 1);
5947                for (pass = 0; pass < 2; pass++) {
5948                    if (pass == 1)
5949                        tmp = tmp2;
5950
5951                    gen_neon_widen(cpu_V0, tmp, size, u);
5952
5953                    if (shift != 0) {
5954                        /* The shift is less than the width of the source
5955                           type, so we can just shift the whole register.  */
5956                        tcg_gen_shli_i64(cpu_V0, cpu_V0, shift);
5957                        /* Widen the result of shift: we need to clear
5958                         * the potential overflow bits resulting from
5959                         * left bits of the narrow input appearing as
5960                         * right bits of left the neighbour narrow
5961                         * input.  */
5962                        if (size < 2 || !u) {
5963                            uint64_t imm64;
5964                            if (size == 0) {
5965                                imm = (0xffu >> (8 - shift));
5966                                imm |= imm << 16;
5967                            } else if (size == 1) {
5968                                imm = 0xffff >> (16 - shift);
5969                            } else {
5970                                /* size == 2 */
5971                                imm = 0xffffffff >> (32 - shift);
5972                            }
5973                            if (size < 2) {
5974                                imm64 = imm | (((uint64_t)imm) << 32);
5975                            } else {
5976                                imm64 = imm;
5977                            }
5978                            tcg_gen_andi_i64(cpu_V0, cpu_V0, ~imm64);
5979                        }
5980                    }
5981                    neon_store_reg64(cpu_V0, rd + pass);
5982                }
5983            } else if (op >= 14) {
5984                /* VCVT fixed-point.  */
5985                if (!(insn & (1 << 21)) || (q && ((rd | rm) & 1))) {
5986                    return 1;
5987                }
5988                /* We have already masked out the must-be-1 top bit of imm6,
5989                 * hence this 32-shift where the ARM ARM has 64-imm6.
5990                 */
5991                shift = 32 - shift;
5992                for (pass = 0; pass < (q ? 4 : 2); pass++) {
5993                    tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, pass));
5994                    if (!(op & 1)) {
5995                        if (u)
5996                            gen_vfp_ulto(0, shift, 1);
5997                        else
5998                            gen_vfp_slto(0, shift, 1);
5999                    } else {
6000                        if (u)

6001                            gen_vfp_toul(0, shift, 1);
6002                        else
6003                            gen_vfp_tosl(0, shift, 1);
6004                    }
6005                    tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, pass));
6006                }
6007            } else {
6008                return 1;
6009            }
6010        } else { /* (insn & 0x00380080) == 0 */
6011            int invert;
6012            if (q && (rd & 1)) {
6013                return 1;
6014            }
6015
6016            op = (insn >> 8) & 0xf;
6017            /* One register and immediate.  */
6018            imm = (u << 7) | ((insn >> 12) & 0x70) | (insn & 0xf);
6019            invert = (insn & (1 << 5)) != 0;
6020            /* Note that op = 2,3,4,5,6,7,10,11,12,13 imm=0 is UNPREDICTABLE.
6021             * We choose to not special-case this and will behave as if a
6022             * valid constant encoding of 0 had been given.
6023             */
6024            switch (op) {
6025            case 0: case 1:
6026                /* no-op */
6027                break;
6028            case 2: case 3:
6029                imm <<= 8;
6030                break;
6031            case 4: case 5:
6032                imm <<= 16;
6033                break;
6034            case 6: case 7:
6035                imm <<= 24;
6036                break;
6037            case 8: case 9:
6038                imm |= imm << 16;
6039                break;
6040            case 10: case 11:
6041                imm = (imm << 8) | (imm << 24);
6042                break;
6043            case 12:
6044                imm = (imm << 8) | 0xff;
6045                break;
6046            case 13:
6047                imm = (imm << 16) | 0xffff;
6048                break;
6049            case 14:
6050                imm |= (imm << 8) | (imm << 16) | (imm << 24);
6051                if (invert)
6052                    imm = ~imm;
6053                break;
6054            case 15:
6055                if (invert) {
6056                    return 1;
6057                }
6058                imm = ((imm & 0x80) << 24) | ((imm & 0x3f) << 19)
6059                      | ((imm & 0x40) ? (0x1f << 25) : (1 << 30));
6060                break;
6061            }
6062            if (invert)
6063                imm = ~imm;
6064
6065            for (pass = 0; pass < (q ? 4 : 2); pass++) {
6066                if (op & 1 && op < 12) {
6067                    tmp = neon_load_reg(rd, pass);
6068                    if (invert) {
6069                        /* The immediate value has already been inverted, so
6070                           BIC becomes AND.  */
6071                        tcg_gen_andi_i32(tmp, tmp, imm);
6072                    } else {
6073                        tcg_gen_ori_i32(tmp, tmp, imm);
6074                    }
6075                } else {
6076                    /* VMOV, VMVN.  */
6077                    tmp = tcg_temp_new_i32();
6078                    if (op == 14 && invert) {
6079                        int n;
6080                        uint32_t val;
6081                        val = 0;
6082                        for (n = 0; n < 4; n++) {
6083                            if (imm & (1 << (n + (pass & 1) * 4)))
6084                                val |= 0xff << (n * 8);
6085                        }
6086                        tcg_gen_movi_i32(tmp, val);
6087                    } else {
6088                        tcg_gen_movi_i32(tmp, imm);
6089                    }
6090                }
6091                neon_store_reg(rd, pass, tmp);
6092            }
6093        }
6094    } else { /* (insn & 0x00800010 == 0x00800000) */
6095        if (size != 3) {
6096            op = (insn >> 8) & 0xf;
6097            if ((insn & (1 << 6)) == 0) {
6098                /* Three registers of different lengths.  */
6099                int src1_wide;
6100                int src2_wide;
6101                int prewiden;
6102                /* undefreq: bit 0 : UNDEF if size == 0
6103                 *           bit 1 : UNDEF if size == 1
6104                 *           bit 2 : UNDEF if size == 2
6105                 *           bit 3 : UNDEF if U == 1
6106                 * Note that [2:0] set implies 'always UNDEF'
6107                 */
6108                int undefreq;
6109                /* prewiden, src1_wide, src2_wide, undefreq */
6110                static const int neon_3reg_wide[16][4] = {
6111                    {1, 0, 0, 0}, /* VADDL */
6112                    {1, 1, 0, 0}, /* VADDW */
6113                    {1, 0, 0, 0}, /* VSUBL */
6114                    {1, 1, 0, 0}, /* VSUBW */
6115                    {0, 1, 1, 0}, /* VADDHN */
6116                    {0, 0, 0, 0}, /* VABAL */
6117                    {0, 1, 1, 0}, /* VSUBHN */
6118                    {0, 0, 0, 0}, /* VABDL */
6119                    {0, 0, 0, 0}, /* VMLAL */
6120                    {0, 0, 0, 9}, /* VQDMLAL */
6121                    {0, 0, 0, 0}, /* VMLSL */
6122                    {0, 0, 0, 9}, /* VQDMLSL */
6123                    {0, 0, 0, 0}, /* Integer VMULL */
6124                    {0, 0, 0, 1}, /* VQDMULL */
6125                    {0, 0, 0, 0xa}, /* Polynomial VMULL */
6126                    {0, 0, 0, 7}, /* Reserved: always UNDEF */
6127                };
6128
6129                prewiden = neon_3reg_wide[op][0];
6130                src1_wide = neon_3reg_wide[op][1];
6131                src2_wide = neon_3reg_wide[op][2];
6132                undefreq = neon_3reg_wide[op][3];
6133
6134                if ((undefreq & (1 << size)) ||
6135                    ((undefreq & 8) && u)) {
6136                    return 1;
6137                }
6138                if ((src1_wide && (rn & 1)) ||
6139                    (src2_wide && (rm & 1)) ||
6140                    (!src2_wide && (rd & 1))) {
6141                    return 1;
6142                }
6143
6144                /* Handle VMULL.P64 (Polynomial 64x64 to 128 bit multiply)
6145                 * outside the loop below as it only performs a single pass.
6146                 */
6147                if (op == 14 && size == 2) {
6148                    TCGv_i64 tcg_rn, tcg_rm, tcg_rd;
6149
6150                    if (!arm_dc_feature(s, ARM_FEATURE_V8_PMULL)) {
6151                        return 1;
6152                    }
6153                    tcg_rn = tcg_temp_new_i64();
6154                    tcg_rm = tcg_temp_new_i64();
6155                    tcg_rd = tcg_temp_new_i64();
6156                    neon_load_reg64(tcg_rn, rn);
6157                    neon_load_reg64(tcg_rm, rm);
6158                    gen_helper_neon_pmull_64_lo(tcg_rd, tcg_rn, tcg_rm);
6159                    neon_store_reg64(tcg_rd, rd);
6160                    gen_helper_neon_pmull_64_hi(tcg_rd, tcg_rn, tcg_rm);
6161                    neon_store_reg64(tcg_rd, rd + 1);
6162                    tcg_temp_free_i64(tcg_rn);
6163                    tcg_temp_free_i64(tcg_rm);
6164                    tcg_temp_free_i64(tcg_rd);
6165                    return 0;
6166                }
6167
6168                /* Avoid overlapping operands.  Wide source operands are
6169                   always aligned so will never overlap with wide
6170                   destinations in problematic ways.  */
6171                if (rd == rm && !src2_wide) {
6172                    tmp = neon_load_reg(rm, 1);
6173                    neon_store_scratch(2, tmp);
6174                } else if (rd == rn && !src1_wide) {
6175                    tmp = neon_load_reg(rn, 1);
6176                    neon_store_scratch(2, tmp);
6177                }
6178                TCGV_UNUSED_I32(tmp3);
6179                for (pass = 0; pass < 2; pass++) {
6180                    if (src1_wide) {
6181                        neon_load_reg64(cpu_V0, rn + pass);
6182                        TCGV_UNUSED_I32(tmp);
6183                    } else {
6184                        if (pass == 1 && rd == rn) {
6185                            tmp = neon_load_scratch(2);
6186                        } else {
6187                            tmp = neon_load_reg(rn, pass);
6188                        }
6189                        if (prewiden) {
6190                            gen_neon_widen(cpu_V0, tmp, size, u);
6191                        }
6192                    }
6193                    if (src2_wide) {
6194                        neon_load_reg64(cpu_V1, rm + pass);
6195                        TCGV_UNUSED_I32(tmp2);
6196                    } else {
6197                        if (pass == 1 && rd == rm) {
6198                            tmp2 = neon_load_scratch(2);
6199                        } else {
6200                            tmp2 = neon_load_reg(rm, pass);
6201                        }
6202                        if (prewiden) {
6203                            gen_neon_widen(cpu_V1, tmp2, size, u);
6204                        }
6205                    }
6206                    switch (op) {
6207                    case 0: case 1: case 4: /* VADDL, VADDW, VADDHN, VRADDHN */
6208                        gen_neon_addl(size);
6209                        break;
6210                    case 2: case 3: case 6: /* VSUBL, VSUBW, VSUBHN, VRSUBHN */
6211                        gen_neon_subl(size);
6212                        break;
6213                    case 5: case 7: /* VABAL, VABDL */
6214                        switch ((size << 1) | u) {
6215                        case 0:
6216                            gen_helper_neon_abdl_s16(cpu_V0, tmp, tmp2);
6217                            break;
6218                        case 1:
6219                            gen_helper_neon_abdl_u16(cpu_V0, tmp, tmp2);
6220                            break;
6221                        case 2:
6222                            gen_helper_neon_abdl_s32(cpu_V0, tmp, tmp2);
6223                            break;
6224                        case 3:
6225                            gen_helper_neon_abdl_u32(cpu_V0, tmp, tmp2);
6226                            break;
6227                        case 4:
6228                            gen_helper_neon_abdl_s64(cpu_V0, tmp, tmp2);
6229                            break;
6230                        case 5:
6231                            gen_helper_neon_abdl_u64(cpu_V0, tmp, tmp2);
6232                            break;
6233                        default: abort();
6234                        }
6235                        tcg_temp_free_i32(tmp2);
6236                        tcg_temp_free_i32(tmp);
6237                        break;
6238                    case 8: case 9: case 10: case 11: case 12: case 13:
6239                        /* VMLAL, VQDMLAL, VMLSL, VQDMLSL, VMULL, VQDMULL */
6240                        gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
6241                        break;
6242                    case 14: /* Polynomial VMULL */
6243                        gen_helper_neon_mull_p8(cpu_V0, tmp, tmp2);
6244                        tcg_temp_free_i32(tmp2);
6245                        tcg_temp_free_i32(tmp);
6246                        break;
6247                    default: /* 15 is RESERVED: caught earlier  */
6248                        abort();
6249                    }
6250                    if (op == 13) {
6251                        /* VQDMULL */
6252                        gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6253                        neon_store_reg64(cpu_V0, rd + pass);
6254                    } else if (op == 5 || (op >= 8 && op <= 11)) {
6255                        /* Accumulate.  */
6256                        neon_load_reg64(cpu_V1, rd + pass);
6257                        switch (op) {
6258                        case 10: /* VMLSL */
6259                            gen_neon_negl(cpu_V0, size);
6260                            /* Fall through */
6261                        case 5: case 8: /* VABAL, VMLAL */
6262                            gen_neon_addl(size);
6263                            break;
6264                        case 9: case 11: /* VQDMLAL, VQDMLSL */
6265                            gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6266                            if (op == 11) {
6267                                gen_neon_negl(cpu_V0, size);
6268                            }
6269                            gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
6270                            break;
6271                        default:
6272                            abort();
6273                        }
6274                        neon_store_reg64(cpu_V0, rd + pass);
6275                    } else if (op == 4 || op == 6) {
6276                        /* Narrowing operation.  */
6277                        tmp = tcg_temp_new_i32();
6278                        if (!u) {
6279                            switch (size) {
6280                            case 0:
6281                                gen_helper_neon_narrow_high_u8(tmp, cpu_V0);
6282                                break;
6283                            case 1:
6284                                gen_helper_neon_narrow_high_u16(tmp, cpu_V0);
6285                                break;
6286                            case 2:
6287                                tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
6288                                tcg_gen_extrl_i64_i32(tmp, cpu_V0);
6289                                break;
6290                            default: abort();
6291                            }
6292                        } else {
6293                            switch (size) {
6294                            case 0:
6295                                gen_helper_neon_narrow_round_high_u8(tmp, cpu_V0);
6296                                break;
6297                            case 1:
6298                                gen_helper_neon_narrow_round_high_u16(tmp, cpu_V0);
6299                                break;
6300                            case 2:
6301                                tcg_gen_addi_i64(cpu_V0, cpu_V0, 1u << 31);
6302                                tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
6303                                tcg_gen_extrl_i64_i32(tmp, cpu_V0);
6304                                break;
6305                            default: abort();
6306                            }
6307                        }
6308                        if (pass == 0) {
6309                            tmp3 = tmp;
6310                        } else {
6311                            neon_store_reg(rd, 0, tmp3);
6312                            neon_store_reg(rd, 1, tmp);
6313                        }
6314                    } else {
6315                        /* Write back the result.  */
6316                        neon_store_reg64(cpu_V0, rd + pass);
6317                    }
6318                }
6319            } else {
6320                /* Two registers and a scalar. NB that for ops of this form
6321                 * the ARM ARM labels bit 24 as Q, but it is in our variable
6322                 * 'u', not 'q'.
6323                 */
6324                if (size == 0) {
6325                    return 1;
6326                }
6327                switch (op) {
6328                case 1: /* Float VMLA scalar */
6329                case 5: /* Floating point VMLS scalar */
6330                case 9: /* Floating point VMUL scalar */
6331                    if (size == 1) {
6332                        return 1;
6333                    }
6334                    /* fall through */
6335                case 0: /* Integer VMLA scalar */
6336                case 4: /* Integer VMLS scalar */
6337                case 8: /* Integer VMUL scalar */
6338                case 12: /* VQDMULH scalar */
6339                case 13: /* VQRDMULH scalar */
6340                    if (u && ((rd | rn) & 1)) {
6341                        return 1;
6342                    }
6343                    tmp = neon_get_scalar(size, rm);
6344                    neon_store_scratch(0, tmp);
6345                    for (pass = 0; pass < (u ? 4 : 2); pass++) {
6346                        tmp = neon_load_scratch(0);
6347                        tmp2 = neon_load_reg(rn, pass);
6348                        if (op == 12) {
6349                            if (size == 1) {
6350                                gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
6351                            } else {
6352                                gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
6353                            }
6354                        } else if (op == 13) {
6355                            if (size == 1) {
6356                                gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
6357                            } else {
6358                                gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
6359                            }
6360                        } else if (op & 1) {
6361                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6362                            gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
6363                            tcg_temp_free_ptr(fpstatus);
6364                        } else {
6365                            switch (size) {
6366                            case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
6367                            case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
6368                            case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
6369                            default: abort();
6370                            }
6371                        }
6372                        tcg_temp_free_i32(tmp2);
6373                        if (op < 8) {
6374                            /* Accumulate.  */
6375                            tmp2 = neon_load_reg(rd, pass);
6376                            switch (op) {
6377                            case 0:
6378                                gen_neon_add(size, tmp, tmp2);
6379                                break;
6380                            case 1:
6381                            {
6382                                TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6383                                gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
6384                                tcg_temp_free_ptr(fpstatus);
6385                                break;
6386                            }
6387                            case 4:
6388                                gen_neon_rsb(size, tmp, tmp2);
6389                                break;
6390                            case 5:
6391                            {
6392                                TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6393                                gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
6394                                tcg_temp_free_ptr(fpstatus);
6395                                break;
6396                            }
6397                            default:
6398                                abort();
6399                            }
6400                            tcg_temp_free_i32(tmp2);
6401                        }
6402                        neon_store_reg(rd, pass, tmp);
6403                    }
6404                    break;
6405                case 3: /* VQDMLAL scalar */
6406                case 7: /* VQDMLSL scalar */
6407                case 11: /* VQDMULL scalar */
6408                    if (u == 1) {
6409                        return 1;
6410                    }
6411                    /* fall through */
6412                case 2: /* VMLAL sclar */
6413                case 6: /* VMLSL scalar */
6414                case 10: /* VMULL scalar */
6415                    if (rd & 1) {
6416                        return 1;
6417                    }
6418                    tmp2 = neon_get_scalar(size, rm);
6419                    /* We need a copy of tmp2 because gen_neon_mull
6420                     * deletes it during pass 0.  */
6421                    tmp4 = tcg_temp_new_i32();
6422                    tcg_gen_mov_i32(tmp4, tmp2);
6423                    tmp3 = neon_load_reg(rn, 1);
6424
6425                    for (pass = 0; pass < 2; pass++) {
6426                        if (pass == 0) {
6427                            tmp = neon_load_reg(rn, 0);
6428                        } else {
6429                            tmp = tmp3;
6430                            tmp2 = tmp4;
6431                        }
6432                        gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
6433                        if (op != 11) {
6434                            neon_load_reg64(cpu_V1, rd + pass);
6435                        }
6436                        switch (op) {
6437                        case 6:
6438                            gen_neon_negl(cpu_V0, size);
6439                            /* Fall through */
6440                        case 2:
6441                            gen_neon_addl(size);
6442                            break;
6443                        case 3: case 7:
6444                            gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6445                            if (op == 7) {
6446                                gen_neon_negl(cpu_V0, size);
6447                            }
6448                            gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
6449                            break;
6450                        case 10:
6451                            /* no-op */
6452                            break;
6453                        case 11:
6454                            gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6455                            break;
6456                        default:
6457                            abort();
6458                        }
6459                        neon_store_reg64(cpu_V0, rd + pass);
6460                    }
6461
6462
6463                    break;
6464                default: /* 14 and 15 are RESERVED */
6465                    return 1;
6466                }
6467            }
6468        } else { /* size == 3 */
6469            if (!u) {
6470                /* Extract.  */
6471                imm = (insn >> 8) & 0xf;
6472
6473                if (imm > 7 && !q)
6474                    return 1;
6475
6476                if (q && ((rd | rn | rm) & 1)) {
6477                    return 1;
6478                }
6479
6480                if (imm == 0) {
6481                    neon_load_reg64(cpu_V0, rn);
6482                    if (q) {
6483                        neon_load_reg64(cpu_V1, rn + 1);
6484                    }
6485                } else if (imm == 8) {
6486                    neon_load_reg64(cpu_V0, rn + 1);
6487                    if (q) {
6488                        neon_load_reg64(cpu_V1, rm);
6489                    }
6490                } else if (q) {
6491                    tmp64 = tcg_temp_new_i64();
6492                    if (imm < 8) {
6493                        neon_load_reg64(cpu_V0, rn);
6494                        neon_load_reg64(tmp64, rn + 1);
6495                    } else {
6496                        neon_load_reg64(cpu_V0, rn + 1);
6497                        neon_load_reg64(tmp64, rm);
6498                    }
6499                    tcg_gen_shri_i64(cpu_V0, cpu_V0, (imm & 7) * 8);
6500                    tcg_gen_shli_i64(cpu_V1, tmp64, 64 - ((imm & 7) * 8));
6501                    tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6502                    if (imm < 8) {
6503                        neon_load_reg64(cpu_V1, rm);
6504                    } else {
6505                        neon_load_reg64(cpu_V1, rm + 1);
6506                        imm -= 8;
6507                    }
6508                    tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6509                    tcg_gen_shri_i64(tmp64, tmp64, imm * 8);
6510                    tcg_gen_or_i64(cpu_V1, cpu_V1, tmp64);
6511                    tcg_temp_free_i64(tmp64);
6512                } else {
6513                    /* BUGFIX */
6514                    neon_load_reg64(cpu_V0, rn);
6515                    tcg_gen_shri_i64(cpu_V0, cpu_V0, imm * 8);
6516                    neon_load_reg64(cpu_V1, rm);
6517                    tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6518                    tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6519                }
6520                neon_store_reg64(cpu_V0, rd);
6521                if (q) {
6522                    neon_store_reg64(cpu_V1, rd + 1);
6523                }
6524            } else if ((insn & (1 << 11)) == 0) {
6525                /* Two register misc.  */
6526                op = ((insn >> 12) & 0x30) | ((insn >> 7) & 0xf);
6527                size = (insn >> 18) & 3;
6528                /* UNDEF for unknown op values and bad op-size combinations */
6529                if ((neon_2rm_sizes[op] & (1 << size)) == 0) {
6530                    return 1;
6531                }
6532                if ((op != NEON_2RM_VMOVN && op != NEON_2RM_VQMOVN) &&
6533                    q && ((rm | rd) & 1)) {
6534                    return 1;
6535                }
6536                switch (op) {
6537                case NEON_2RM_VREV64:
6538                    for (pass = 0; pass < (q ? 2 : 1); pass++) {
6539                        tmp = neon_load_reg(rm, pass * 2);
6540                        tmp2 = neon_load_reg(rm, pass * 2 + 1);
6541                        switch (size) {
6542                        case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
6543                        case 1: gen_swap_half(tmp); break;
6544                        case 2: /* no-op */ break;
6545                        default: abort();
6546                        }
6547                        neon_store_reg(rd, pass * 2 + 1, tmp);
6548                        if (size == 2) {
6549                            neon_store_reg(rd, pass * 2, tmp2);
6550                        } else {
6551                            switch (size) {
6552                            case 0: tcg_gen_bswap32_i32(tmp2, tmp2); break;
6553                            case 1: gen_swap_half(tmp2); break;
6554                            default: abort();
6555                            }
6556                            neon_store_reg(rd, pass * 2, tmp2);
6557                        }
6558                    }
6559                    break;
6560                case NEON_2RM_VPADDL: case NEON_2RM_VPADDL_U:
6561                case NEON_2RM_VPADAL: case NEON_2RM_VPADAL_U:
6562                    for (pass = 0; pass < q + 1; pass++) {
6563                        tmp = neon_load_reg(rm, pass * 2);
6564                        gen_neon_widen(cpu_V0, tmp, size, op & 1);
6565                        tmp = neon_load_reg(rm, pass * 2 + 1);
6566                        gen_neon_widen(cpu_V1, tmp, size, op & 1);
6567                        switch (size) {
6568                        case 0: gen_helper_neon_paddl_u16(CPU_V001); break;
6569                        case 1: gen_helper_neon_paddl_u32(CPU_V001); break;
6570                        case 2: tcg_gen_add_i64(CPU_V001); break;
6571                        default: abort();
6572                        }
6573                        if (op >= NEON_2RM_VPADAL) {
6574                            /* Accumulate.  */
6575                            neon_load_reg64(cpu_V1, rd + pass);
6576                            gen_neon_addl(size);
6577                        }
6578                        neon_store_reg64(cpu_V0, rd + pass);
6579                    }
6580                    break;
6581                case NEON_2RM_VTRN:
6582                    if (size == 2) {
6583                        int n;
6584                        for (n = 0; n < (q ? 4 : 2); n += 2) {
6585                            tmp = neon_load_reg(rm, n);
6586                            tmp2 = neon_load_reg(rd, n + 1);
6587                            neon_store_reg(rm, n, tmp2);
6588                            neon_store_reg(rd, n + 1, tmp);
6589                        }
6590                    } else {
6591                        goto elementwise;
6592                    }
6593                    break;
6594                case NEON_2RM_VUZP:
6595                    if (gen_neon_unzip(rd, rm, size, q)) {
6596                        return 1;
6597                    }
6598                    break;
6599                case NEON_2RM_VZIP:
6600                    if (gen_neon_zip(rd, rm, size, q)) {
6601                        return 1;
6602                    }
6603                    break;
6604                case NEON_2RM_VMOVN: case NEON_2RM_VQMOVN:
6605                    /* also VQMOVUN; op field and mnemonics don't line up */
6606                    if (rm & 1) {
6607                        return 1;
6608                    }
6609                    TCGV_UNUSED_I32(tmp2);
6610                    for (pass = 0; pass < 2; pass++) {
6611                        neon_load_reg64(cpu_V0, rm + pass);
6612                        tmp = tcg_temp_new_i32();
6613                        gen_neon_narrow_op(op == NEON_2RM_VMOVN, q, size,
6614                                           tmp, cpu_V0);
6615                        if (pass == 0) {
6616                            tmp2 = tmp;
6617                        } else {
6618                            neon_store_reg(rd, 0, tmp2);
6619                            neon_store_reg(rd, 1, tmp);
6620                        }
6621                    }
6622                    break;
6623                case NEON_2RM_VSHLL:
6624                    if (q || (rd & 1)) {
6625                        return 1;
6626                    }
6627                    tmp = neon_load_reg(rm, 0);
6628                    tmp2 = neon_load_reg(rm, 1);
6629                    for (pass = 0; pass < 2; pass++) {
6630                        if (pass == 1)
6631                            tmp = tmp2;
6632                        gen_neon_widen(cpu_V0, tmp, size, 1);
6633                        tcg_gen_shli_i64(cpu_V0, cpu_V0, 8 << size);
6634                        neon_store_reg64(cpu_V0, rd + pass);
6635                    }
6636                    break;
6637                case NEON_2RM_VCVT_F16_F32:
6638                    if (!arm_dc_feature(s, ARM_FEATURE_VFP_FP16) ||
6639                        q || (rm & 1)) {
6640                        return 1;
6641                    }
6642                    tmp = tcg_temp_new_i32();
6643                    tmp2 = tcg_temp_new_i32();
6644                    tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 0));
6645                    gen_helper_neon_fcvt_f32_to_f16(tmp, cpu_F0s, cpu_env);
6646                    tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 1));
6647                    gen_helper_neon_fcvt_f32_to_f16(tmp2, cpu_F0s, cpu_env);
6648                    tcg_gen_shli_i32(tmp2, tmp2, 16);
6649                    tcg_gen_or_i32(tmp2, tmp2, tmp);
6650                    tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 2));
6651                    gen_helper_neon_fcvt_f32_to_f16(tmp, cpu_F0s, cpu_env);
6652                    tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 3));
6653                    neon_store_reg(rd, 0, tmp2);
6654                    tmp2 = tcg_temp_new_i32();
6655                    gen_helper_neon_fcvt_f32_to_f16(tmp2, cpu_F0s, cpu_env);
6656                    tcg_gen_shli_i32(tmp2, tmp2, 16);
6657                    tcg_gen_or_i32(tmp2, tmp2, tmp);
6658                    neon_store_reg(rd, 1, tmp2);
6659                    tcg_temp_free_i32(tmp);
6660                    break;
6661                case NEON_2RM_VCVT_F32_F16:
6662                    if (!arm_dc_feature(s, ARM_FEATURE_VFP_FP16) ||
6663                        q || (rd & 1)) {
6664                        return 1;
6665                    }
6666                    tmp3 = tcg_temp_new_i32();
6667                    tmp = neon_load_reg(rm, 0);
6668                    tmp2 = neon_load_reg(rm, 1);
6669                    tcg_gen_ext16u_i32(tmp3, tmp);
6670                    gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
6671                    tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 0));
6672                    tcg_gen_shri_i32(tmp3, tmp, 16);
6673                    gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
6674                    tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 1));
6675                    tcg_temp_free_i32(tmp);
6676                    tcg_gen_ext16u_i32(tmp3, tmp2);
6677                    gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
6678                    tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 2));
6679                    tcg_gen_shri_i32(tmp3, tmp2, 16);
6680                    gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
6681                    tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 3));
6682                    tcg_temp_free_i32(tmp2);
6683                    tcg_temp_free_i32(tmp3);
6684                    break;
6685                case NEON_2RM_AESE: case NEON_2RM_AESMC:
6686                    if (!arm_dc_feature(s, ARM_FEATURE_V8_AES)
6687                        || ((rm | rd) & 1)) {
6688                        return 1;
6689                    }
6690                    tmp = tcg_const_i32(rd);
6691                    tmp2 = tcg_const_i32(rm);
6692
6693                     /* Bit 6 is the lowest opcode bit; it distinguishes between
6694                      * encryption (AESE/AESMC) and decryption (AESD/AESIMC)
6695                      */
6696                    tmp3 = tcg_const_i32(extract32(insn, 6, 1));
6697
6698                    if (op == NEON_2RM_AESE) {
6699                        gen_helper_crypto_aese(cpu_env, tmp, tmp2, tmp3);
6700                    } else {
6701                        gen_helper_crypto_aesmc(cpu_env, tmp, tmp2, tmp3);
6702                    }
6703                    tcg_temp_free_i32(tmp);
6704                    tcg_temp_free_i32(tmp2);
6705                    tcg_temp_free_i32(tmp3);
6706                    break;
6707                case NEON_2RM_SHA1H:
6708                    if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA1)
6709                        || ((rm | rd) & 1)) {
6710                        return 1;
6711                    }
6712                    tmp = tcg_const_i32(rd);
6713                    tmp2 = tcg_const_i32(rm);
6714
6715                    gen_helper_crypto_sha1h(cpu_env, tmp, tmp2);
6716
6717                    tcg_temp_free_i32(tmp);
6718                    tcg_temp_free_i32(tmp2);
6719                    break;
6720                case NEON_2RM_SHA1SU1:
6721                    if ((rm | rd) & 1) {
6722                            return 1;
6723                    }
6724                    /* bit 6 (q): set -> SHA256SU0, cleared -> SHA1SU1 */
6725                    if (q) {
6726                        if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA256)) {
6727                            return 1;
6728                        }
6729                    } else if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA1)) {
6730                        return 1;
6731                    }
6732                    tmp = tcg_const_i32(rd);
6733                    tmp2 = tcg_const_i32(rm);
6734                    if (q) {
6735                        gen_helper_crypto_sha256su0(cpu_env, tmp, tmp2);
6736                    } else {
6737                        gen_helper_crypto_sha1su1(cpu_env, tmp, tmp2);
6738                    }
6739                    tcg_temp_free_i32(tmp);
6740                    tcg_temp_free_i32(tmp2);
6741                    break;
6742                default:
6743                elementwise:
6744                    for (pass = 0; pass < (q ? 4 : 2); pass++) {
6745                        if (neon_2rm_is_float_op(op)) {
6746                            tcg_gen_ld_f32(cpu_F0s, cpu_env,
6747                                           neon_reg_offset(rm, pass));
6748                            TCGV_UNUSED_I32(tmp);
6749                        } else {
6750                            tmp = neon_load_reg(rm, pass);
6751                        }
6752                        switch (op) {
6753                        case NEON_2RM_VREV32:
6754                            switch (size) {
6755                            case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
6756                            case 1: gen_swap_half(tmp); break;
6757                            default: abort();
6758                            }
6759                            break;
6760                        case NEON_2RM_VREV16:
6761                            gen_rev16(tmp);
6762                            break;
6763                        case NEON_2RM_VCLS:
6764                            switch (size) {
6765                            case 0: gen_helper_neon_cls_s8(tmp, tmp); break;
6766                            case 1: gen_helper_neon_cls_s16(tmp, tmp); break;
6767                            case 2: gen_helper_neon_cls_s32(tmp, tmp); break;
6768                            default: abort();
6769                            }
6770                            break;
6771                        case NEON_2RM_VCLZ:
6772                            switch (size) {
6773                            case 0: gen_helper_neon_clz_u8(tmp, tmp); break;
6774                            case 1: gen_helper_neon_clz_u16(tmp, tmp); break;
6775                            case 2: gen_helper_clz(tmp, tmp); break;
6776                            default: abort();
6777                            }
6778                            break;
6779                        case NEON_2RM_VCNT:
6780                            gen_helper_neon_cnt_u8(tmp, tmp);
6781                            break;
6782                        case NEON_2RM_VMVN:
6783                            tcg_gen_not_i32(tmp, tmp);
6784                            break;
6785                        case NEON_2RM_VQABS:
6786                            switch (size) {
6787                            case 0:
6788                                gen_helper_neon_qabs_s8(tmp, cpu_env, tmp);
6789                                break;
6790                            case 1:
6791                                gen_helper_neon_qabs_s16(tmp, cpu_env, tmp);
6792                                break;
6793                            case 2:
6794                                gen_helper_neon_qabs_s32(tmp, cpu_env, tmp);
6795                                break;
6796                            default: abort();
6797                            }
6798                            break;
6799                        case NEON_2RM_VQNEG:
6800                            switch (size) {
6801                            case 0:
6802                                gen_helper_neon_qneg_s8(tmp, cpu_env, tmp);
6803                                break;
6804                            case 1:
6805                                gen_helper_neon_qneg_s16(tmp, cpu_env, tmp);
6806                                break;
6807                            case 2:
6808                                gen_helper_neon_qneg_s32(tmp, cpu_env, tmp);
6809                                break;
6810                            default: abort();
6811                            }
6812                            break;
6813                        case NEON_2RM_VCGT0: case NEON_2RM_VCLE0:
6814                            tmp2 = tcg_const_i32(0);
6815                            switch(size) {
6816                            case 0: gen_helper_neon_cgt_s8(tmp, tmp, tmp2); break;
6817                            case 1: gen_helper_neon_cgt_s16(tmp, tmp, tmp2); break;
6818                            case 2: gen_helper_neon_cgt_s32(tmp, tmp, tmp2); break;
6819                            default: abort();
6820                            }
6821                            tcg_temp_free_i32(tmp2);
6822                            if (op == NEON_2RM_VCLE0) {
6823                                tcg_gen_not_i32(tmp, tmp);
6824                            }
6825                            break;
6826                        case NEON_2RM_VCGE0: case NEON_2RM_VCLT0:
6827                            tmp2 = tcg_const_i32(0);
6828                            switch(size) {
6829                            case 0: gen_helper_neon_cge_s8(tmp, tmp, tmp2); break;
6830                            case 1: gen_helper_neon_cge_s16(tmp, tmp, tmp2); break;
6831                            case 2: gen_helper_neon_cge_s32(tmp, tmp, tmp2); break;
6832                            default: abort();
6833                            }
6834                            tcg_temp_free_i32(tmp2);
6835                            if (op == NEON_2RM_VCLT0) {
6836                                tcg_gen_not_i32(tmp, tmp);
6837                            }
6838                            break;
6839                        case NEON_2RM_VCEQ0:
6840                            tmp2 = tcg_const_i32(0);
6841                            switch(size) {
6842                            case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
6843                            case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
6844                            case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
6845                            default: abort();
6846                            }
6847                            tcg_temp_free_i32(tmp2);
6848                            break;
6849                        case NEON_2RM_VABS:
6850                            switch(size) {
6851                            case 0: gen_helper_neon_abs_s8(tmp, tmp); break;
6852                            case 1: gen_helper_neon_abs_s16(tmp, tmp); break;
6853                            case 2: tcg_gen_abs_i32(tmp, tmp); break;
6854                            default: abort();
6855                            }
6856                            break;
6857                        case NEON_2RM_VNEG:
6858                            tmp2 = tcg_const_i32(0);
6859                            gen_neon_rsb(size, tmp, tmp2);
6860                            tcg_temp_free_i32(tmp2);
6861                            break;
6862                        case NEON_2RM_VCGT0_F:
6863                        {
6864                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6865                            tmp2 = tcg_const_i32(0);
6866                            gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
6867                            tcg_temp_free_i32(tmp2);
6868                            tcg_temp_free_ptr(fpstatus);
6869                            break;
6870                        }
6871                        case NEON_2RM_VCGE0_F:
6872                        {
6873                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6874                            tmp2 = tcg_const_i32(0);
6875                            gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
6876                            tcg_temp_free_i32(tmp2);
6877                            tcg_temp_free_ptr(fpstatus);
6878                            break;
6879                        }
6880                        case NEON_2RM_VCEQ0_F:
6881                        {
6882                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6883                            tmp2 = tcg_const_i32(0);
6884                            gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
6885                            tcg_temp_free_i32(tmp2);
6886                            tcg_temp_free_ptr(fpstatus);
6887                            break;
6888                        }
6889                        case NEON_2RM_VCLE0_F:
6890                        {
6891                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6892                            tmp2 = tcg_const_i32(0);
6893                            gen_helper_neon_cge_f32(tmp, tmp2, tmp, fpstatus);
6894                            tcg_temp_free_i32(tmp2);
6895                            tcg_temp_free_ptr(fpstatus);
6896                            break;
6897                        }
6898                        case NEON_2RM_VCLT0_F:
6899                        {
6900                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6901                            tmp2 = tcg_const_i32(0);
6902                            gen_helper_neon_cgt_f32(tmp, tmp2, tmp, fpstatus);
6903                            tcg_temp_free_i32(tmp2);
6904                            tcg_temp_free_ptr(fpstatus);
6905                            break;
6906                        }
6907                        case NEON_2RM_VABS_F:
6908                            gen_vfp_abs(0);
6909                            break;
6910                        case NEON_2RM_VNEG_F:
6911                            gen_vfp_neg(0);
6912                            break;
6913                        case NEON_2RM_VSWP:
6914                            tmp2 = neon_load_reg(rd, pass);
6915                            neon_store_reg(rm, pass, tmp2);
6916                            break;
6917                        case NEON_2RM_VTRN:
6918                            tmp2 = neon_load_reg(rd, pass);
6919                            switch (size) {
6920                            case 0: gen_neon_trn_u8(tmp, tmp2); break;
6921                            case 1: gen_neon_trn_u16(tmp, tmp2); break;
6922                            default: abort();
6923                            }
6924                            neon_store_reg(rm, pass, tmp2);
6925                            break;
6926                        case NEON_2RM_VRINTN:
6927                        case NEON_2RM_VRINTA:
6928                        case NEON_2RM_VRINTM:
6929                        case NEON_2RM_VRINTP:
6930                        case NEON_2RM_VRINTZ:
6931                        {
6932                            TCGv_i32 tcg_rmode;
6933                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6934                            int rmode;
6935
6936                            if (op == NEON_2RM_VRINTZ) {
6937                                rmode = FPROUNDING_ZERO;
6938                            } else {
6939                                rmode = fp_decode_rm[((op & 0x6) >> 1) ^ 1];
6940                            }
6941
6942                            tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
6943                            gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6944                                                      cpu_env);
6945                            gen_helper_rints(cpu_F0s, cpu_F0s, fpstatus);
6946                            gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6947                                                      cpu_env);
6948                            tcg_temp_free_ptr(fpstatus);
6949                            tcg_temp_free_i32(tcg_rmode);
6950                            break;
6951                        }
6952                        case NEON_2RM_VRINTX:
6953                        {
6954                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6955                            gen_helper_rints_exact(cpu_F0s, cpu_F0s, fpstatus);
6956                            tcg_temp_free_ptr(fpstatus);
6957                            break;
6958                        }
6959                        case NEON_2RM_VCVTAU:
6960                        case NEON_2RM_VCVTAS:
6961                        case NEON_2RM_VCVTNU:
6962                        case NEON_2RM_VCVTNS:
6963                        case NEON_2RM_VCVTPU:
6964                        case NEON_2RM_VCVTPS:
6965                        case NEON_2RM_VCVTMU:
6966                        case NEON_2RM_VCVTMS:
6967                        {
6968                            bool is_signed = !extract32(insn, 7, 1);
6969                            TCGv_ptr fpst = get_fpstatus_ptr(1);
6970                            TCGv_i32 tcg_rmode, tcg_shift;
6971                            int rmode = fp_decode_rm[extract32(insn, 8, 2)];
6972
6973                            tcg_shift = tcg_const_i32(0);
6974                            tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
6975                            gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6976                                                      cpu_env);
6977
6978                            if (is_signed) {
6979                                gen_helper_vfp_tosls(cpu_F0s, cpu_F0s,
6980                                                     tcg_shift, fpst);
6981                            } else {
6982                                gen_helper_vfp_touls(cpu_F0s, cpu_F0s,
6983                                                     tcg_shift, fpst);
6984                            }
6985
6986                            gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
6987                                                      cpu_env);
6988                            tcg_temp_free_i32(tcg_rmode);
6989                            tcg_temp_free_i32(tcg_shift);
6990                            tcg_temp_free_ptr(fpst);
6991                            break;
6992                        }
6993                        case NEON_2RM_VRECPE:
6994                        {
6995                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6996                            gen_helper_recpe_u32(tmp, tmp, fpstatus);
6997                            tcg_temp_free_ptr(fpstatus);
6998                            break;
6999                        }
7000                        case NEON_2RM_VRSQRTE:

7001                        {
7002                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7003                            gen_helper_rsqrte_u32(tmp, tmp, fpstatus);
7004                            tcg_temp_free_ptr(fpstatus);
7005                            break;
7006                        }
7007                        case NEON_2RM_VRECPE_F:
7008                        {
7009                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7010                            gen_helper_recpe_f32(cpu_F0s, cpu_F0s, fpstatus);
7011                            tcg_temp_free_ptr(fpstatus);
7012                            break;
7013                        }
7014                        case NEON_2RM_VRSQRTE_F:
7015                        {
7016                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7017                            gen_helper_rsqrte_f32(cpu_F0s, cpu_F0s, fpstatus);
7018                            tcg_temp_free_ptr(fpstatus);
7019                            break;
7020                        }
7021                        case NEON_2RM_VCVT_FS: /* VCVT.F32.S32 */
7022                            gen_vfp_sito(0, 1);
7023                            break;
7024                        case NEON_2RM_VCVT_FU: /* VCVT.F32.U32 */
7025                            gen_vfp_uito(0, 1);
7026                            break;
7027                        case NEON_2RM_VCVT_SF: /* VCVT.S32.F32 */
7028                            gen_vfp_tosiz(0, 1);
7029                            break;
7030                        case NEON_2RM_VCVT_UF: /* VCVT.U32.F32 */
7031                            gen_vfp_touiz(0, 1);
7032                            break;
7033                        default:
7034                            /* Reserved op values were caught by the
7035                             * neon_2rm_sizes[] check earlier.
7036                             */
7037                            abort();
7038                        }
7039                        if (neon_2rm_is_float_op(op)) {
7040                            tcg_gen_st_f32(cpu_F0s, cpu_env,
7041                                           neon_reg_offset(rd, pass));
7042                        } else {
7043                            neon_store_reg(rd, pass, tmp);
7044                        }
7045                    }
7046                    break;
7047                }
7048            } else if ((insn & (1 << 10)) == 0) {
7049                /* VTBL, VTBX.  */
7050                int n = ((insn >> 8) & 3) + 1;
7051                if ((rn + n) > 32) {
7052                    /* This is UNPREDICTABLE; we choose to UNDEF to avoid the
7053                     * helper function running off the end of the register file.
7054                     */
7055                    return 1;
7056                }
7057                n <<= 3;
7058                if (insn & (1 << 6)) {
7059                    tmp = neon_load_reg(rd, 0);
7060                } else {
7061                    tmp = tcg_temp_new_i32();
7062                    tcg_gen_movi_i32(tmp, 0);
7063                }
7064                tmp2 = neon_load_reg(rm, 0);
7065                tmp4 = tcg_const_i32(rn);
7066                tmp5 = tcg_const_i32(n);
7067                gen_helper_neon_tbl(tmp2, cpu_env, tmp2, tmp, tmp4, tmp5);
7068                tcg_temp_free_i32(tmp);
7069                if (insn & (1 << 6)) {
7070                    tmp = neon_load_reg(rd, 1);
7071                } else {
7072                    tmp = tcg_temp_new_i32();
7073                    tcg_gen_movi_i32(tmp, 0);
7074                }
7075                tmp3 = neon_load_reg(rm, 1);
7076                gen_helper_neon_tbl(tmp3, cpu_env, tmp3, tmp, tmp4, tmp5);
7077                tcg_temp_free_i32(tmp5);
7078                tcg_temp_free_i32(tmp4);
7079                neon_store_reg(rd, 0, tmp2);
7080                neon_store_reg(rd, 1, tmp3);
7081                tcg_temp_free_i32(tmp);
7082            } else if ((insn & 0x380) == 0) {
7083                /* VDUP */
7084                if ((insn & (7 << 16)) == 0 || (q && (rd & 1))) {
7085                    return 1;
7086                }
7087                if (insn & (1 << 19)) {
7088                    tmp = neon_load_reg(rm, 1);
7089                } else {
7090                    tmp = neon_load_reg(rm, 0);
7091                }
7092                if (insn & (1 << 16)) {
7093                    gen_neon_dup_u8(tmp, ((insn >> 17) & 3) * 8);
7094                } else if (insn & (1 << 17)) {
7095                    if ((insn >> 18) & 1)
7096                        gen_neon_dup_high16(tmp);
7097                    else
7098                        gen_neon_dup_low16(tmp);
7099                }
7100                for (pass = 0; pass < (q ? 4 : 2); pass++) {
7101                    tmp2 = tcg_temp_new_i32();
7102                    tcg_gen_mov_i32(tmp2, tmp);
7103                    neon_store_reg(rd, pass, tmp2);
7104                }
7105                tcg_temp_free_i32(tmp);
7106            } else {
7107                return 1;
7108            }
7109        }
7110    }
7111    return 0;
7112}
7113
7114static int disas_coproc_insn(DisasContext *s, uint32_t insn)
7115{
7116    int cpnum, is64, crn, crm, opc1, opc2, isread, rt, rt2;
7117    const ARMCPRegInfo *ri;
7118
7119    cpnum = (insn >> 8) & 0xf;
7120
7121    /* First check for coprocessor space used for XScale/iwMMXt insns */
7122    if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cpnum < 2)) {
7123        if (extract32(s->c15_cpar, cpnum, 1) == 0) {
7124            return 1;
7125        }
7126        if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
7127            return disas_iwmmxt_insn(s, insn);
7128        } else if (arm_dc_feature(s, ARM_FEATURE_XSCALE)) {
7129            return disas_dsp_insn(s, insn);
7130        }
7131        return 1;
7132    }
7133
7134    /* Otherwise treat as a generic register access */
7135    is64 = (insn & (1 << 25)) == 0;
7136    if (!is64 && ((insn & (1 << 4)) == 0)) {
7137        /* cdp */
7138        return 1;
7139    }
7140
7141    crm = insn & 0xf;
7142    if (is64) {
7143        crn = 0;
7144        opc1 = (insn >> 4) & 0xf;
7145        opc2 = 0;
7146        rt2 = (insn >> 16) & 0xf;
7147    } else {
7148        crn = (insn >> 16) & 0xf;
7149        opc1 = (insn >> 21) & 7;
7150        opc2 = (insn >> 5) & 7;
7151        rt2 = 0;
7152    }
7153    isread = (insn >> 20) & 1;
7154    rt = (insn >> 12) & 0xf;
7155
7156    ri = get_arm_cp_reginfo(s->cp_regs,
7157            ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));
7158    if (ri) {
7159        /* Check access permissions */
7160        if (!cp_access_ok(s->current_el, ri, isread)) {
7161            return 1;
7162        }
7163
7164        if (ri->accessfn ||
7165            (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
7166            /* Emit code to perform further access permissions checks at
7167             * runtime; this may result in an exception.
7168             * Note that on XScale all cp0..c13 registers do an access check
7169             * call in order to handle c15_cpar.
7170             */
7171            TCGv_ptr tmpptr;
7172            TCGv_i32 tcg_syn;
7173            uint32_t syndrome;
7174
7175            /* Note that since we are an implementation which takes an
7176             * exception on a trapped conditional instruction only if the
7177             * instruction passes its condition code check, we can take
7178             * advantage of the clause in the ARM ARM that allows us to set
7179             * the COND field in the instruction to 0xE in all cases.
7180             * We could fish the actual condition out of the insn (ARM)
7181             * or the condexec bits (Thumb) but it isn't necessary.
7182             */
7183            switch (cpnum) {
7184            case 14:
7185                if (is64) {
7186                    syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7187                                                 isread, s->thumb);
7188                } else {
7189                    syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7190                                                rt, isread, s->thumb);
7191                }
7192                break;
7193            case 15:
7194                if (is64) {
7195                    syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7196                                                 isread, s->thumb);
7197                } else {
7198                    syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7199                                                rt, isread, s->thumb);
7200                }
7201                break;
7202            default:
7203                /* ARMv8 defines that only coprocessors 14 and 15 exist,
7204                 * so this can only happen if this is an ARMv7 or earlier CPU,
7205                 * in which case the syndrome information won't actually be
7206                 * guest visible.
7207                 */
7208                assert(!arm_dc_feature(s, ARM_FEATURE_V8));
7209                syndrome = syn_uncategorized();
7210                break;
7211            }
7212
7213            gen_set_condexec(s);
7214            gen_set_pc_im(s, s->pc - 4);
7215            tmpptr = tcg_const_ptr(ri);
7216            tcg_syn = tcg_const_i32(syndrome);
7217            gen_helper_access_check_cp_reg(cpu_env, tmpptr, tcg_syn);
7218            tcg_temp_free_ptr(tmpptr);
7219            tcg_temp_free_i32(tcg_syn);
7220        }
7221
7222        /* Handle special cases first */
7223        switch (ri->type & ~(ARM_CP_FLAG_MASK & ~ARM_CP_SPECIAL)) {
7224        case ARM_CP_NOP:
7225            return 0;
7226        case ARM_CP_WFI:
7227            if (isread) {
7228                return 1;
7229            }
7230            gen_set_pc_im(s, s->pc);
7231            s->is_jmp = DISAS_WFI;
7232            return 0;
7233        default:
7234            break;
7235        }
7236
7237        if ((s->tb->cflags & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7238            gen_io_start();
7239        }
7240
7241        if (isread) {
7242            /* Read */
7243            if (is64) {
7244                TCGv_i64 tmp64;
7245                TCGv_i32 tmp;
7246                if (ri->type & ARM_CP_CONST) {
7247                    tmp64 = tcg_const_i64(ri->resetvalue);
7248                } else if (ri->readfn) {
7249                    TCGv_ptr tmpptr;
7250                    tmp64 = tcg_temp_new_i64();
7251                    tmpptr = tcg_const_ptr(ri);
7252                    gen_helper_get_cp_reg64(tmp64, cpu_env, tmpptr);
7253                    tcg_temp_free_ptr(tmpptr);
7254                } else {
7255                    tmp64 = tcg_temp_new_i64();
7256                    tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
7257                }
7258                tmp = tcg_temp_new_i32();
7259                tcg_gen_extrl_i64_i32(tmp, tmp64);
7260                store_reg(s, rt, tmp);
7261                tcg_gen_shri_i64(tmp64, tmp64, 32);
7262                tmp = tcg_temp_new_i32();
7263                tcg_gen_extrl_i64_i32(tmp, tmp64);
7264                tcg_temp_free_i64(tmp64);
7265                store_reg(s, rt2, tmp);
7266            } else {
7267                TCGv_i32 tmp;
7268                if (ri->type & ARM_CP_CONST) {
7269                    tmp = tcg_const_i32(ri->resetvalue);
7270                } else if (ri->readfn) {
7271                    TCGv_ptr tmpptr;
7272                    tmp = tcg_temp_new_i32();
7273                    tmpptr = tcg_const_ptr(ri);
7274                    gen_helper_get_cp_reg(tmp, cpu_env, tmpptr);
7275                    tcg_temp_free_ptr(tmpptr);
7276                } else {
7277                    tmp = load_cpu_offset(ri->fieldoffset);
7278                }
7279                if (rt == 15) {
7280                    /* Destination register of r15 for 32 bit loads sets
7281                     * the condition codes from the high 4 bits of the value
7282                     */
7283                    gen_set_nzcv(tmp);
7284                    tcg_temp_free_i32(tmp);
7285                } else {
7286                    store_reg(s, rt, tmp);
7287                }
7288            }
7289        } else {
7290            /* Write */
7291            if (ri->type & ARM_CP_CONST) {
7292                /* If not forbidden by access permissions, treat as WI */
7293                return 0;
7294            }
7295
7296            if (is64) {
7297                TCGv_i32 tmplo, tmphi;
7298                TCGv_i64 tmp64 = tcg_temp_new_i64();
7299                tmplo = load_reg(s, rt);
7300                tmphi = load_reg(s, rt2);
7301                tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);
7302                tcg_temp_free_i32(tmplo);
7303                tcg_temp_free_i32(tmphi);
7304                if (ri->writefn) {
7305                    TCGv_ptr tmpptr = tcg_const_ptr(ri);
7306                    gen_helper_set_cp_reg64(cpu_env, tmpptr, tmp64);
7307                    tcg_temp_free_ptr(tmpptr);
7308                } else {
7309                    tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
7310                }
7311                tcg_temp_free_i64(tmp64);
7312            } else {
7313                if (ri->writefn) {
7314                    TCGv_i32 tmp;
7315                    TCGv_ptr tmpptr;
7316                    tmp = load_reg(s, rt);
7317                    tmpptr = tcg_const_ptr(ri);
7318                    gen_helper_set_cp_reg(cpu_env, tmpptr, tmp);
7319                    tcg_temp_free_ptr(tmpptr);
7320                    tcg_temp_free_i32(tmp);
7321                } else {
7322                    TCGv_i32 tmp = load_reg(s, rt);
7323                    store_cpu_offset(tmp, ri->fieldoffset);
7324                }
7325            }
7326        }
7327
7328        if ((s->tb->cflags & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7329            /* I/O operations must end the TB here (whether read or write) */
7330            gen_io_end();
7331            gen_lookup_tb(s);
7332        } else if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
7333            /* We default to ending the TB on a coprocessor register write,
7334             * but allow this to be suppressed by the register definition
7335             * (usually only necessary to work around guest bugs).
7336             */
7337            gen_lookup_tb(s);
7338        }
7339
7340        return 0;
7341    }
7342
7343    /* Unknown register; this might be a guest error or a QEMU
7344     * unimplemented feature.
7345     */
7346    if (is64) {
7347        qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7348                      "64 bit system register cp:%d opc1: %d crm:%d "
7349                      "(%s)\n",
7350                      isread ? "read" : "write", cpnum, opc1, crm,
7351                      s->ns ? "non-secure" : "secure");
7352    } else {
7353        qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7354                      "system register cp:%d opc1:%d crn:%d crm:%d opc2:%d "
7355                      "(%s)\n",
7356                      isread ? "read" : "write", cpnum, opc1, crn, crm, opc2,
7357                      s->ns ? "non-secure" : "secure");
7358    }
7359
7360    return 1;
7361}
7362
7363
7364/* Store a 64-bit value to a register pair.  Clobbers val.  */
7365static void gen_storeq_reg(DisasContext *s, int rlow, int rhigh, TCGv_i64 val)
7366{
7367    TCGv_i32 tmp;
7368    tmp = tcg_temp_new_i32();
7369    tcg_gen_extrl_i64_i32(tmp, val);
7370    store_reg(s, rlow, tmp);
7371    tmp = tcg_temp_new_i32();
7372    tcg_gen_shri_i64(val, val, 32);
7373    tcg_gen_extrl_i64_i32(tmp, val);
7374    store_reg(s, rhigh, tmp);
7375}
7376
7377/* load a 32-bit value from a register and perform a 64-bit accumulate.  */
7378static void gen_addq_lo(DisasContext *s, TCGv_i64 val, int rlow)
7379{
7380    TCGv_i64 tmp;
7381    TCGv_i32 tmp2;
7382
7383    /* Load value and extend to 64 bits.  */
7384    tmp = tcg_temp_new_i64();
7385    tmp2 = load_reg(s, rlow);
7386    tcg_gen_extu_i32_i64(tmp, tmp2);
7387    tcg_temp_free_i32(tmp2);
7388    tcg_gen_add_i64(val, val, tmp);
7389    tcg_temp_free_i64(tmp);
7390}
7391
7392/* load and add a 64-bit value from a register pair.  */
7393static void gen_addq(DisasContext *s, TCGv_i64 val, int rlow, int rhigh)
7394{
7395    TCGv_i64 tmp;
7396    TCGv_i32 tmpl;
7397    TCGv_i32 tmph;
7398
7399    /* Load 64-bit value rd:rn.  */
7400    tmpl = load_reg(s, rlow);
7401    tmph = load_reg(s, rhigh);
7402    tmp = tcg_temp_new_i64();
7403    tcg_gen_concat_i32_i64(tmp, tmpl, tmph);
7404    tcg_temp_free_i32(tmpl);
7405    tcg_temp_free_i32(tmph);
7406    tcg_gen_add_i64(val, val, tmp);
7407    tcg_temp_free_i64(tmp);
7408}
7409
7410/* Set N and Z flags from hi|lo.  */
7411static void gen_logicq_cc(TCGv_i32 lo, TCGv_i32 hi)
7412{
7413    tcg_gen_mov_i32(cpu_NF, hi);
7414    tcg_gen_or_i32(cpu_ZF, lo, hi);
7415}
7416
7417/* Load/Store exclusive instructions are implemented by remembering
7418   the value/address loaded, and seeing if these are the same
7419   when the store is performed. This should be sufficient to implement
7420   the architecturally mandated semantics, and avoids having to monitor
7421   regular stores.
7422
7423   In system emulation mode only one CPU will be running at once, so
7424   this sequence is effectively atomic.  In user emulation mode we
7425   throw an exception and handle the atomic operation elsewhere.  */
7426static void gen_load_exclusive(DisasContext *s, int rt, int rt2,
7427                               TCGv_i32 addr, int size)
7428{
7429    TCGv_i32 tmp = tcg_temp_new_i32();
7430
7431    s->is_ldex = true;
7432
7433    switch (size) {
7434    case 0:
7435        gen_aa32_ld8u(tmp, addr, get_mem_index(s));
7436        break;
7437    case 1:
7438        gen_aa32_ld16u(tmp, addr, get_mem_index(s));
7439        break;
7440    case 2:
7441    case 3:
7442        gen_aa32_ld32u(tmp, addr, get_mem_index(s));
7443        break;
7444    default:
7445        abort();
7446    }
7447
7448    if (size == 3) {
7449        TCGv_i32 tmp2 = tcg_temp_new_i32();
7450        TCGv_i32 tmp3 = tcg_temp_new_i32();
7451
7452        tcg_gen_addi_i32(tmp2, addr, 4);
7453        gen_aa32_ld32u(tmp3, tmp2, get_mem_index(s));
7454        tcg_temp_free_i32(tmp2);
7455        tcg_gen_concat_i32_i64(cpu_exclusive_val, tmp, tmp3);
7456        store_reg(s, rt2, tmp3);
7457    } else {
7458        tcg_gen_extu_i32_i64(cpu_exclusive_val, tmp);
7459    }
7460
7461    store_reg(s, rt, tmp);
7462    tcg_gen_extu_i32_i64(cpu_exclusive_addr, addr);
7463}
7464
7465static void gen_clrex(DisasContext *s)
7466{
7467    tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7468}
7469
7470#ifdef CONFIG_USER_ONLY
7471static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
7472                                TCGv_i32 addr, int size)
7473{
7474    tcg_gen_extu_i32_i64(cpu_exclusive_test, addr);
7475    tcg_gen_movi_i32(cpu_exclusive_info,
7476                     size | (rd << 4) | (rt << 8) | (rt2 << 12));
7477    gen_exception_internal_insn(s, 4, EXCP_STREX);
7478}
7479#else
7480static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
7481                                TCGv_i32 addr, int size)
7482{
7483    TCGv_i32 tmp;
7484    TCGv_i64 val64, extaddr;
7485    TCGLabel *done_label;
7486    TCGLabel *fail_label;
7487
7488    /* if (env->exclusive_addr == addr && env->exclusive_val == [addr]) {
7489         [addr] = {Rt};
7490         {Rd} = 0;
7491       } else {
7492         {Rd} = 1;
7493       } */
7494    fail_label = gen_new_label();
7495    done_label = gen_new_label();
7496    extaddr = tcg_temp_new_i64();
7497    tcg_gen_extu_i32_i64(extaddr, addr);
7498    tcg_gen_brcond_i64(TCG_COND_NE, extaddr, cpu_exclusive_addr, fail_label);
7499    tcg_temp_free_i64(extaddr);
7500
7501    tmp = tcg_temp_new_i32();
7502    switch (size) {
7503    case 0:
7504        gen_aa32_ld8u(tmp, addr, get_mem_index(s));
7505        break;
7506    case 1:
7507        gen_aa32_ld16u(tmp, addr, get_mem_index(s));
7508        break;
7509    case 2:
7510    case 3:
7511        gen_aa32_ld32u(tmp, addr, get_mem_index(s));
7512        break;
7513    default:
7514        abort();
7515    }
7516
7517    val64 = tcg_temp_new_i64();
7518    if (size == 3) {
7519        TCGv_i32 tmp2 = tcg_temp_new_i32();
7520        TCGv_i32 tmp3 = tcg_temp_new_i32();
7521        tcg_gen_addi_i32(tmp2, addr, 4);
7522        gen_aa32_ld32u(tmp3, tmp2, get_mem_index(s));
7523        tcg_temp_free_i32(tmp2);
7524        tcg_gen_concat_i32_i64(val64, tmp, tmp3);
7525        tcg_temp_free_i32(tmp3);
7526    } else {
7527        tcg_gen_extu_i32_i64(val64, tmp);
7528    }
7529    tcg_temp_free_i32(tmp);
7530
7531    tcg_gen_brcond_i64(TCG_COND_NE, val64, cpu_exclusive_val, fail_label);
7532    tcg_temp_free_i64(val64);
7533
7534    tmp = load_reg(s, rt);
7535    switch (size) {
7536    case 0:
7537        gen_aa32_st8(tmp, addr, get_mem_index(s));
7538        break;
7539    case 1:
7540        gen_aa32_st16(tmp, addr, get_mem_index(s));
7541        break;
7542    case 2:
7543    case 3:
7544        gen_aa32_st32(tmp, addr, get_mem_index(s));
7545        break;
7546    default:
7547        abort();
7548    }
7549    tcg_temp_free_i32(tmp);
7550    if (size == 3) {
7551        tcg_gen_addi_i32(addr, addr, 4);
7552        tmp = load_reg(s, rt2);
7553        gen_aa32_st32(tmp, addr, get_mem_index(s));
7554        tcg_temp_free_i32(tmp);
7555    }
7556    tcg_gen_movi_i32(cpu_R[rd], 0);
7557    tcg_gen_br(done_label);
7558    gen_set_label(fail_label);
7559    tcg_gen_movi_i32(cpu_R[rd], 1);
7560    gen_set_label(done_label);
7561    tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7562}
7563#endif
7564
7565/* gen_srs:
7566 * @env: CPUARMState
7567 * @s: DisasContext
7568 * @mode: mode field from insn (which stack to store to)
7569 * @amode: addressing mode (DA/IA/DB/IB), encoded as per P,U bits in ARM insn
7570 * @writeback: true if writeback bit set
7571 *
7572 * Generate code for the SRS (Store Return State) insn.
7573 */
7574static void gen_srs(DisasContext *s,
7575                    uint32_t mode, uint32_t amode, bool writeback)
7576{
7577    int32_t offset;
7578    TCGv_i32 addr = tcg_temp_new_i32();
7579    TCGv_i32 tmp = tcg_const_i32(mode);
7580    gen_helper_get_r13_banked(addr, cpu_env, tmp);
7581    tcg_temp_free_i32(tmp);
7582    switch (amode) {
7583    case 0: /* DA */
7584        offset = -4;
7585        break;
7586    case 1: /* IA */
7587        offset = 0;
7588        break;
7589    case 2: /* DB */
7590        offset = -8;
7591        break;
7592    case 3: /* IB */
7593        offset = 4;
7594        break;
7595    default:
7596        abort();
7597    }
7598    tcg_gen_addi_i32(addr, addr, offset);
7599    tmp = load_reg(s, 14);
7600    gen_aa32_st32(tmp, addr, get_mem_index(s));
7601    tcg_temp_free_i32(tmp);
7602    tmp = load_cpu_field(spsr);
7603    tcg_gen_addi_i32(addr, addr, 4);
7604    gen_aa32_st32(tmp, addr, get_mem_index(s));
7605    tcg_temp_free_i32(tmp);
7606    if (writeback) {
7607        switch (amode) {
7608        case 0:
7609            offset = -8;
7610            break;
7611        case 1:
7612            offset = 4;
7613            break;
7614        case 2:
7615            offset = -4;
7616            break;
7617        case 3:
7618            offset = 0;
7619            break;
7620        default:
7621            abort();
7622        }
7623        tcg_gen_addi_i32(addr, addr, offset);
7624        tmp = tcg_const_i32(mode);
7625        gen_helper_set_r13_banked(cpu_env, tmp, addr);
7626        tcg_temp_free_i32(tmp);
7627    }
7628    tcg_temp_free_i32(addr);
7629}
7630
7631static void disas_arm_insn(DisasContext *s, unsigned int insn)
7632{
7633    unsigned int cond, val, op1, i, shift, rm, rs, rn, rd, sh;
7634    TCGv_i32 tmp;
7635    TCGv_i32 tmp2;
7636    TCGv_i32 tmp3;
7637    TCGv_i32 addr;
7638    TCGv_i64 tmp64;
7639
7640    /* M variants do not implement ARM mode.  */
7641    if (arm_dc_feature(s, ARM_FEATURE_M)) {
7642        goto illegal_op;
7643    }
7644    cond = insn >> 28;
7645    if (cond == 0xf){
7646        /* In ARMv3 and v4 the NV condition is UNPREDICTABLE; we
7647         * choose to UNDEF. In ARMv5 and above the space is used
7648         * for miscellaneous unconditional instructions.
7649         */
7650        ARCH(5);
7651
7652        /* Unconditional instructions.  */
7653        if (((insn >> 25) & 7) == 1) {
7654            /* NEON Data processing.  */
7655            if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
7656                goto illegal_op;
7657            }
7658
7659            if (disas_neon_data_insn(s, insn)) {
7660                goto illegal_op;
7661            }
7662            return;
7663        }
7664        if ((insn & 0x0f100000) == 0x04000000) {
7665            /* NEON load/store.  */
7666            if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
7667                goto illegal_op;
7668            }
7669
7670            if (disas_neon_ls_insn(s, insn)) {
7671                goto illegal_op;
7672            }
7673            return;
7674        }
7675        if ((insn & 0x0f000e10) == 0x0e000a00) {
7676            /* VFP.  */
7677            if (disas_vfp_insn(s, insn)) {
7678                goto illegal_op;
7679            }
7680            return;
7681        }
7682        if (((insn & 0x0f30f000) == 0x0510f000) ||
7683            ((insn & 0x0f30f010) == 0x0710f000)) {
7684            if ((insn & (1 << 22)) == 0) {
7685                /* PLDW; v7MP */
7686                if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
7687                    goto illegal_op;
7688                }
7689            }
7690            /* Otherwise PLD; v5TE+ */
7691            ARCH(5TE);
7692            return;
7693        }
7694        if (((insn & 0x0f70f000) == 0x0450f000) ||
7695            ((insn & 0x0f70f010) == 0x0650f000)) {
7696            ARCH(7);
7697            return; /* PLI; V7 */
7698        }
7699        if (((insn & 0x0f700000) == 0x04100000) ||
7700            ((insn & 0x0f700010) == 0x06100000)) {
7701            if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
7702                goto illegal_op;
7703            }
7704            return; /* v7MP: Unallocated memory hint: must NOP */
7705        }
7706
7707        if ((insn & 0x0ffffdff) == 0x01010000) {
7708            ARCH(6);
7709            /* setend */
7710            if (((insn >> 9) & 1) != s->bswap_code) {
7711                /* Dynamic endianness switching not implemented. */
7712                qemu_log_mask(LOG_UNIMP, "arm: unimplemented setend\n");
7713                goto illegal_op;
7714            }
7715            return;
7716        } else if ((insn & 0x0fffff00) == 0x057ff000) {
7717            switch ((insn >> 4) & 0xf) {
7718            case 1: /* clrex */
7719                ARCH(6K);
7720                gen_clrex(s);
7721                return;
7722            case 4: /* dsb */
7723            case 5: /* dmb */
7724                ARCH(7);
7725                /* We don't emulate caches so these are a no-op.  */
7726                return;
7727            case 6: /* isb */
7728                /* We need to break the TB after this insn to execute
7729                 * self-modifying code correctly and also to take
7730                 * any pending interrupts immediately.
7731                 */
7732                gen_lookup_tb(s);
7733                return;
7734            default:
7735                goto illegal_op;
7736            }
7737        } else if ((insn & 0x0e5fffe0) == 0x084d0500) {
7738            /* srs */
7739            if (IS_USER(s)) {
7740                goto illegal_op;
7741            }
7742            ARCH(6);
7743            gen_srs(s, (insn & 0x1f), (insn >> 23) & 3, insn & (1 << 21));
7744            return;
7745        } else if ((insn & 0x0e50ffe0) == 0x08100a00) {
7746            /* rfe */
7747            int32_t offset;
7748            if (IS_USER(s))
7749                goto illegal_op;
7750            ARCH(6);
7751            rn = (insn >> 16) & 0xf;
7752            addr = load_reg(s, rn);
7753            i = (insn >> 23) & 3;
7754            switch (i) {
7755            case 0: offset = -4; break; /* DA */
7756            case 1: offset = 0; break; /* IA */
7757            case 2: offset = -8; break; /* DB */
7758            case 3: offset = 4; break; /* IB */
7759            default: abort();
7760            }
7761            if (offset)
7762                tcg_gen_addi_i32(addr, addr, offset);
7763            /* Load PC into tmp and CPSR into tmp2.  */
7764            tmp = tcg_temp_new_i32();
7765            gen_aa32_ld32u(tmp, addr, get_mem_index(s));
7766            tcg_gen_addi_i32(addr, addr, 4);
7767            tmp2 = tcg_temp_new_i32();
7768            gen_aa32_ld32u(tmp2, addr, get_mem_index(s));
7769            if (insn & (1 << 21)) {
7770                /* Base writeback.  */
7771                switch (i) {
7772                case 0: offset = -8; break;
7773                case 1: offset = 4; break;
7774                case 2: offset = -4; break;
7775                case 3: offset = 0; break;
7776                default: abort();
7777                }
7778                if (offset)
7779                    tcg_gen_addi_i32(addr, addr, offset);
7780                store_reg(s, rn, addr);
7781            } else {
7782                tcg_temp_free_i32(addr);
7783            }
7784            gen_rfe(s, tmp, tmp2);
7785            return;
7786        } else if ((insn & 0x0e000000) == 0x0a000000) {
7787            /* branch link and change to thumb (blx <offset>) */
7788            int32_t offset;
7789
7790            val = (uint32_t)s->pc;
7791            tmp = tcg_temp_new_i32();
7792            tcg_gen_movi_i32(tmp, val);
7793            store_reg(s, 14, tmp);
7794            /* Sign-extend the 24-bit offset */
7795            offset = (((int32_t)insn) << 8) >> 8;
7796            /* offset * 4 + bit24 * 2 + (thumb bit) */
7797            val += (offset << 2) | ((insn >> 23) & 2) | 1;
7798            /* pipeline offset */
7799            val += 4;
7800            /* protected by ARCH(5); above, near the start of uncond block */
7801            gen_bx_im(s, val);
7802            return;
7803        } else if ((insn & 0x0e000f00) == 0x0c000100) {
7804            if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
7805                /* iWMMXt register transfer.  */
7806                if (extract32(s->c15_cpar, 1, 1)) {
7807                    if (!disas_iwmmxt_insn(s, insn)) {
7808                        return;
7809                    }
7810                }
7811            }
7812        } else if ((insn & 0x0fe00000) == 0x0c400000) {
7813            /* Coprocessor double register transfer.  */
7814            ARCH(5TE);
7815        } else if ((insn & 0x0f000010) == 0x0e000010) {
7816            /* Additional coprocessor register transfer.  */
7817        } else if ((insn & 0x0ff10020) == 0x01000000) {
7818            uint32_t mask;
7819            uint32_t val;
7820            /* cps (privileged) */
7821            if (IS_USER(s))
7822                return;
7823            mask = val = 0;
7824            if (insn & (1 << 19)) {
7825                if (insn & (1 << 8))
7826                    mask |= CPSR_A;
7827                if (insn & (1 << 7))
7828                    mask |= CPSR_I;
7829                if (insn & (1 << 6))
7830                    mask |= CPSR_F;
7831                if (insn & (1 << 18))
7832                    val |= mask;
7833            }
7834            if (insn & (1 << 17)) {
7835                mask |= CPSR_M;
7836                val |= (insn & 0x1f);
7837            }
7838            if (mask) {
7839                gen_set_psr_im(s, mask, 0, val);
7840            }
7841            return;
7842        }
7843        goto illegal_op;
7844    }
7845    if (cond != 0xe) {
7846        /* if not always execute, we generate a conditional jump to
7847           next instruction */
7848        s->condlabel = gen_new_label();
7849        arm_gen_test_cc(cond ^ 1, s->condlabel);
7850        s->condjmp = 1;
7851    }
7852    if ((insn & 0x0f900000) == 0x03000000) {
7853        if ((insn & (1 << 21)) == 0) {
7854            ARCH(6T2);
7855            rd = (insn >> 12) & 0xf;
7856            val = ((insn >> 4) & 0xf000) | (insn & 0xfff);
7857            if ((insn & (1 << 22)) == 0) {
7858                /* MOVW */
7859                tmp = tcg_temp_new_i32();
7860                tcg_gen_movi_i32(tmp, val);
7861            } else {
7862                /* MOVT */
7863                tmp = load_reg(s, rd);
7864                tcg_gen_ext16u_i32(tmp, tmp);
7865                tcg_gen_ori_i32(tmp, tmp, val << 16);
7866            }
7867            store_reg(s, rd, tmp);
7868        } else {
7869            if (((insn >> 12) & 0xf) != 0xf)
7870                goto illegal_op;
7871            if (((insn >> 16) & 0xf) == 0) {
7872                gen_nop_hint(s, insn & 0xff);
7873            } else {
7874                /* CPSR = immediate */
7875                val = insn & 0xff;
7876                shift = ((insn >> 8) & 0xf) * 2;
7877                if (shift)
7878                    val = (val >> shift) | (val << (32 - shift));
7879                i = ((insn & (1 << 22)) != 0);
7880                if (gen_set_psr_im(s, msr_mask(s, (insn >> 16) & 0xf, i),
7881                                   i, val)) {
7882                    goto illegal_op;
7883                }
7884            }
7885        }
7886    } else if ((insn & 0x0f900000) == 0x01000000
7887               && (insn & 0x00000090) != 0x00000090) {
7888        /* miscellaneous instructions */
7889        op1 = (insn >> 21) & 3;
7890        sh = (insn >> 4) & 0xf;
7891        rm = insn & 0xf;
7892        switch (sh) {
7893        case 0x0: /* move program status register */
7894            if (op1 & 1) {
7895                /* PSR = reg */
7896                tmp = load_reg(s, rm);
7897                i = ((op1 & 2) != 0);
7898                if (gen_set_psr(s, msr_mask(s, (insn >> 16) & 0xf, i), i, tmp))
7899                    goto illegal_op;
7900            } else {
7901                /* reg = PSR */
7902                rd = (insn >> 12) & 0xf;
7903                if (op1 & 2) {
7904                    if (IS_USER(s))
7905                        goto illegal_op;
7906                    tmp = load_cpu_field(spsr);
7907                } else {
7908                    tmp = tcg_temp_new_i32();
7909                    gen_helper_cpsr_read(tmp, cpu_env);
7910                }
7911                store_reg(s, rd, tmp);
7912            }
7913            break;
7914        case 0x1:
7915            if (op1 == 1) {
7916                /* branch/exchange thumb (bx).  */
7917                ARCH(4T);
7918                tmp = load_reg(s, rm);
7919                gen_bx(s, tmp);
7920            } else if (op1 == 3) {
7921                /* clz */
7922                ARCH(5);
7923                rd = (insn >> 12) & 0xf;
7924                tmp = load_reg(s, rm);
7925                gen_helper_clz(tmp, tmp);
7926                store_reg(s, rd, tmp);
7927            } else {
7928                goto illegal_op;
7929            }
7930            break;
7931        case 0x2:
7932            if (op1 == 1) {
7933                ARCH(5J); /* bxj */
7934                /* Trivial implementation equivalent to bx.  */
7935                tmp = load_reg(s, rm);
7936                gen_bx(s, tmp);
7937            } else {
7938                goto illegal_op;
7939            }
7940            break;
7941        case 0x3:
7942            if (op1 != 1)
7943              goto illegal_op;
7944
7945            ARCH(5);
7946            /* branch link/exchange thumb (blx) */
7947            tmp = load_reg(s, rm);
7948            tmp2 = tcg_temp_new_i32();
7949            tcg_gen_movi_i32(tmp2, s->pc);
7950            store_reg(s, 14, tmp2);
7951            gen_bx(s, tmp);
7952            break;
7953        case 0x4:
7954        {
7955            /* crc32/crc32c */
7956            uint32_t c = extract32(insn, 8, 4);
7957
7958            /* Check this CPU supports ARMv8 CRC instructions.
7959             * op1 == 3 is UNPREDICTABLE but handle as UNDEFINED.
7960             * Bits 8, 10 and 11 should be zero.
7961             */
7962            if (!arm_dc_feature(s, ARM_FEATURE_CRC) || op1 == 0x3 ||
7963                (c & 0xd) != 0) {
7964                goto illegal_op;
7965            }
7966
7967            rn = extract32(insn, 16, 4);
7968            rd = extract32(insn, 12, 4);
7969
7970            tmp = load_reg(s, rn);
7971            tmp2 = load_reg(s, rm);
7972            if (op1 == 0) {
7973                tcg_gen_andi_i32(tmp2, tmp2, 0xff);
7974            } else if (op1 == 1) {
7975                tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
7976            }
7977            tmp3 = tcg_const_i32(1 << op1);
7978            if (c & 0x2) {
7979                gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
7980            } else {
7981                gen_helper_crc32(tmp, tmp, tmp2, tmp3);
7982            }
7983            tcg_temp_free_i32(tmp2);
7984            tcg_temp_free_i32(tmp3);
7985            store_reg(s, rd, tmp);
7986            break;
7987        }
7988        case 0x5: /* saturating add/subtract */
7989            ARCH(5TE);
7990            rd = (insn >> 12) & 0xf;
7991            rn = (insn >> 16) & 0xf;
7992            tmp = load_reg(s, rm);
7993            tmp2 = load_reg(s, rn);
7994            if (op1 & 2)
7995                gen_helper_double_saturate(tmp2, cpu_env, tmp2);
7996            if (op1 & 1)
7997                gen_helper_sub_saturate(tmp, cpu_env, tmp, tmp2);
7998            else
7999                gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
8000            tcg_temp_free_i32(tmp2);

8001            store_reg(s, rd, tmp);
8002            break;
8003        case 7:
8004        {
8005            int imm16 = extract32(insn, 0, 4) | (extract32(insn, 8, 12) << 4);
8006            switch (op1) {
8007            case 1:
8008                /* bkpt */
8009                ARCH(5);
8010                gen_exception_insn(s, 4, EXCP_BKPT,
8011                                   syn_aa32_bkpt(imm16, false),
8012                                   default_exception_el(s));
8013                break;
8014            case 2:
8015                /* Hypervisor call (v7) */
8016                ARCH(7);
8017                if (IS_USER(s)) {
8018                    goto illegal_op;
8019                }
8020                gen_hvc(s, imm16);
8021                break;
8022            case 3:
8023                /* Secure monitor call (v6+) */
8024                ARCH(6K);
8025                if (IS_USER(s)) {
8026                    goto illegal_op;
8027                }
8028                gen_smc(s);
8029                break;
8030            default:
8031                goto illegal_op;
8032            }
8033            break;
8034        }
8035        case 0x8: /* signed multiply */
8036        case 0xa:
8037        case 0xc:
8038        case 0xe:
8039            ARCH(5TE);
8040            rs = (insn >> 8) & 0xf;
8041            rn = (insn >> 12) & 0xf;
8042            rd = (insn >> 16) & 0xf;
8043            if (op1 == 1) {
8044                /* (32 * 16) >> 16 */
8045                tmp = load_reg(s, rm);
8046                tmp2 = load_reg(s, rs);
8047                if (sh & 4)
8048                    tcg_gen_sari_i32(tmp2, tmp2, 16);
8049                else
8050                    gen_sxth(tmp2);
8051                tmp64 = gen_muls_i64_i32(tmp, tmp2);
8052                tcg_gen_shri_i64(tmp64, tmp64, 16);
8053                tmp = tcg_temp_new_i32();
8054                tcg_gen_extrl_i64_i32(tmp, tmp64);
8055                tcg_temp_free_i64(tmp64);
8056                if ((sh & 2) == 0) {
8057                    tmp2 = load_reg(s, rn);
8058                    gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8059                    tcg_temp_free_i32(tmp2);
8060                }
8061                store_reg(s, rd, tmp);
8062            } else {
8063                /* 16 * 16 */
8064                tmp = load_reg(s, rm);
8065                tmp2 = load_reg(s, rs);
8066                gen_mulxy(tmp, tmp2, sh & 2, sh & 4);
8067                tcg_temp_free_i32(tmp2);
8068                if (op1 == 2) {
8069                    tmp64 = tcg_temp_new_i64();
8070                    tcg_gen_ext_i32_i64(tmp64, tmp);
8071                    tcg_temp_free_i32(tmp);
8072                    gen_addq(s, tmp64, rn, rd);
8073                    gen_storeq_reg(s, rn, rd, tmp64);
8074                    tcg_temp_free_i64(tmp64);
8075                } else {
8076                    if (op1 == 0) {
8077                        tmp2 = load_reg(s, rn);
8078                        gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8079                        tcg_temp_free_i32(tmp2);
8080                    }
8081                    store_reg(s, rd, tmp);
8082                }
8083            }
8084            break;
8085        default:
8086            goto illegal_op;
8087        }
8088    } else if (((insn & 0x0e000000) == 0 &&
8089                (insn & 0x00000090) != 0x90) ||
8090               ((insn & 0x0e000000) == (1 << 25))) {
8091        int set_cc, logic_cc, shiftop;
8092
8093        op1 = (insn >> 21) & 0xf;
8094        set_cc = (insn >> 20) & 1;
8095        logic_cc = table_logic_cc[op1] & set_cc;
8096
8097        /* data processing instruction */
8098        if (insn & (1 << 25)) {
8099            /* immediate operand */
8100            val = insn & 0xff;
8101            shift = ((insn >> 8) & 0xf) * 2;
8102            if (shift) {
8103                val = (val >> shift) | (val << (32 - shift));
8104            }
8105            tmp2 = tcg_temp_new_i32();
8106            tcg_gen_movi_i32(tmp2, val);
8107            if (logic_cc && shift) {
8108                gen_set_CF_bit31(tmp2);
8109            }
8110        } else {
8111            /* register */
8112            rm = (insn) & 0xf;
8113            tmp2 = load_reg(s, rm);
8114            shiftop = (insn >> 5) & 3;
8115            if (!(insn & (1 << 4))) {
8116                shift = (insn >> 7) & 0x1f;
8117                gen_arm_shift_im(tmp2, shiftop, shift, logic_cc);
8118            } else {
8119                rs = (insn >> 8) & 0xf;
8120                tmp = load_reg(s, rs);
8121                gen_arm_shift_reg(tmp2, shiftop, tmp, logic_cc);
8122            }
8123        }
8124        if (op1 != 0x0f && op1 != 0x0d) {
8125            rn = (insn >> 16) & 0xf;
8126            tmp = load_reg(s, rn);
8127        } else {
8128            TCGV_UNUSED_I32(tmp);
8129        }
8130        rd = (insn >> 12) & 0xf;
8131        switch(op1) {
8132        case 0x00:
8133            tcg_gen_and_i32(tmp, tmp, tmp2);
8134            if (logic_cc) {
8135                gen_logic_CC(tmp);
8136            }
8137            store_reg_bx(s, rd, tmp);
8138            break;
8139        case 0x01:
8140            tcg_gen_xor_i32(tmp, tmp, tmp2);
8141            if (logic_cc) {
8142                gen_logic_CC(tmp);
8143            }
8144            store_reg_bx(s, rd, tmp);
8145            break;
8146        case 0x02:
8147            if (set_cc && rd == 15) {
8148                /* SUBS r15, ... is used for exception return.  */
8149                if (IS_USER(s)) {
8150                    goto illegal_op;
8151                }
8152                gen_sub_CC(tmp, tmp, tmp2);
8153                gen_exception_return(s, tmp);
8154            } else {
8155                if (set_cc) {
8156                    gen_sub_CC(tmp, tmp, tmp2);
8157                } else {
8158                    tcg_gen_sub_i32(tmp, tmp, tmp2);
8159                }
8160                store_reg_bx(s, rd, tmp);
8161            }
8162            break;
8163        case 0x03:
8164            if (set_cc) {
8165                gen_sub_CC(tmp, tmp2, tmp);
8166            } else {
8167                tcg_gen_sub_i32(tmp, tmp2, tmp);
8168            }
8169            store_reg_bx(s, rd, tmp);
8170            break;
8171        case 0x04:
8172            if (set_cc) {
8173                gen_add_CC(tmp, tmp, tmp2);
8174            } else {
8175                tcg_gen_add_i32(tmp, tmp, tmp2);
8176            }
8177            store_reg_bx(s, rd, tmp);
8178            break;
8179        case 0x05:
8180            if (set_cc) {
8181                gen_adc_CC(tmp, tmp, tmp2);
8182            } else {
8183                gen_add_carry(tmp, tmp, tmp2);
8184            }
8185            store_reg_bx(s, rd, tmp);
8186            break;
8187        case 0x06:
8188            if (set_cc) {
8189                gen_sbc_CC(tmp, tmp, tmp2);
8190            } else {
8191                gen_sub_carry(tmp, tmp, tmp2);
8192            }
8193            store_reg_bx(s, rd, tmp);
8194            break;
8195        case 0x07:
8196            if (set_cc) {
8197                gen_sbc_CC(tmp, tmp2, tmp);
8198            } else {
8199                gen_sub_carry(tmp, tmp2, tmp);
8200            }
8201            store_reg_bx(s, rd, tmp);
8202            break;
8203        case 0x08:
8204            if (set_cc) {
8205                tcg_gen_and_i32(tmp, tmp, tmp2);
8206                gen_logic_CC(tmp);
8207            }
8208            tcg_temp_free_i32(tmp);
8209            break;
8210        case 0x09:
8211            if (set_cc) {
8212                tcg_gen_xor_i32(tmp, tmp, tmp2);
8213                gen_logic_CC(tmp);
8214            }
8215            tcg_temp_free_i32(tmp);
8216            break;
8217        case 0x0a:
8218            if (set_cc) {
8219                gen_sub_CC(tmp, tmp, tmp2);
8220            }
8221            tcg_temp_free_i32(tmp);
8222            break;
8223        case 0x0b:
8224            if (set_cc) {
8225                gen_add_CC(tmp, tmp, tmp2);
8226            }
8227            tcg_temp_free_i32(tmp);
8228            break;
8229        case 0x0c:
8230            tcg_gen_or_i32(tmp, tmp, tmp2);
8231            if (logic_cc) {
8232                gen_logic_CC(tmp);
8233            }
8234            store_reg_bx(s, rd, tmp);
8235            break;
8236        case 0x0d:
8237            if (logic_cc && rd == 15) {
8238                /* MOVS r15, ... is used for exception return.  */
8239                if (IS_USER(s)) {
8240                    goto illegal_op;
8241                }
8242                gen_exception_return(s, tmp2);
8243            } else {
8244                if (logic_cc) {
8245                    gen_logic_CC(tmp2);
8246                }
8247                store_reg_bx(s, rd, tmp2);
8248            }
8249            break;
8250        case 0x0e:
8251            tcg_gen_andc_i32(tmp, tmp, tmp2);
8252            if (logic_cc) {
8253                gen_logic_CC(tmp);
8254            }
8255            store_reg_bx(s, rd, tmp);
8256            break;
8257        default:
8258        case 0x0f:
8259            tcg_gen_not_i32(tmp2, tmp2);
8260            if (logic_cc) {
8261                gen_logic_CC(tmp2);
8262            }
8263            store_reg_bx(s, rd, tmp2);
8264            break;
8265        }
8266        if (op1 != 0x0f && op1 != 0x0d) {
8267            tcg_temp_free_i32(tmp2);
8268        }
8269    } else {
8270        /* other instructions */
8271        op1 = (insn >> 24) & 0xf;
8272        switch(op1) {
8273        case 0x0:
8274        case 0x1:
8275            /* multiplies, extra load/stores */
8276            sh = (insn >> 5) & 3;
8277            if (sh == 0) {
8278                if (op1 == 0x0) {
8279                    rd = (insn >> 16) & 0xf;
8280                    rn = (insn >> 12) & 0xf;
8281                    rs = (insn >> 8) & 0xf;
8282                    rm = (insn) & 0xf;
8283                    op1 = (insn >> 20) & 0xf;
8284                    switch (op1) {
8285                    case 0: case 1: case 2: case 3: case 6:
8286                        /* 32 bit mul */
8287                        tmp = load_reg(s, rs);
8288                        tmp2 = load_reg(s, rm);
8289                        tcg_gen_mul_i32(tmp, tmp, tmp2);
8290                        tcg_temp_free_i32(tmp2);
8291                        if (insn & (1 << 22)) {
8292                            /* Subtract (mls) */
8293                            ARCH(6T2);
8294                            tmp2 = load_reg(s, rn);
8295                            tcg_gen_sub_i32(tmp, tmp2, tmp);
8296                            tcg_temp_free_i32(tmp2);
8297                        } else if (insn & (1 << 21)) {
8298                            /* Add */
8299                            tmp2 = load_reg(s, rn);
8300                            tcg_gen_add_i32(tmp, tmp, tmp2);
8301                            tcg_temp_free_i32(tmp2);
8302                        }
8303                        if (insn & (1 << 20))
8304                            gen_logic_CC(tmp);
8305                        store_reg(s, rd, tmp);
8306                        break;
8307                    case 4:
8308                        /* 64 bit mul double accumulate (UMAAL) */
8309                        ARCH(6);
8310                        tmp = load_reg(s, rs);
8311                        tmp2 = load_reg(s, rm);
8312                        tmp64 = gen_mulu_i64_i32(tmp, tmp2);
8313                        gen_addq_lo(s, tmp64, rn);
8314                        gen_addq_lo(s, tmp64, rd);
8315                        gen_storeq_reg(s, rn, rd, tmp64);
8316                        tcg_temp_free_i64(tmp64);
8317                        break;
8318                    case 8: case 9: case 10: case 11:
8319                    case 12: case 13: case 14: case 15:
8320                        /* 64 bit mul: UMULL, UMLAL, SMULL, SMLAL. */
8321                        tmp = load_reg(s, rs);
8322                        tmp2 = load_reg(s, rm);
8323                        if (insn & (1 << 22)) {
8324                            tcg_gen_muls2_i32(tmp, tmp2, tmp, tmp2);
8325                        } else {
8326                            tcg_gen_mulu2_i32(tmp, tmp2, tmp, tmp2);
8327                        }
8328                        if (insn & (1 << 21)) { /* mult accumulate */
8329                            TCGv_i32 al = load_reg(s, rn);
8330                            TCGv_i32 ah = load_reg(s, rd);
8331                            tcg_gen_add2_i32(tmp, tmp2, tmp, tmp2, al, ah);
8332                            tcg_temp_free_i32(al);
8333                            tcg_temp_free_i32(ah);
8334                        }
8335                        if (insn & (1 << 20)) {
8336                            gen_logicq_cc(tmp, tmp2);
8337                        }
8338                        store_reg(s, rn, tmp);
8339                        store_reg(s, rd, tmp2);
8340                        break;
8341                    default:
8342                        goto illegal_op;
8343                    }
8344                } else {
8345                    rn = (insn >> 16) & 0xf;
8346                    rd = (insn >> 12) & 0xf;
8347                    if (insn & (1 << 23)) {
8348                        /* load/store exclusive */
8349                        int op2 = (insn >> 8) & 3;
8350                        op1 = (insn >> 21) & 0x3;
8351
8352                        switch (op2) {
8353                        case 0: /* lda/stl */
8354                            if (op1 == 1) {
8355                                goto illegal_op;
8356                            }
8357                            ARCH(8);
8358                            break;
8359                        case 1: /* reserved */
8360                            goto illegal_op;
8361                        case 2: /* ldaex/stlex */
8362                            ARCH(8);
8363                            break;
8364                        case 3: /* ldrex/strex */
8365                            if (op1) {
8366                                ARCH(6K);
8367                            } else {
8368                                ARCH(6);
8369                            }
8370                            break;
8371                        }
8372
8373                        addr = tcg_temp_local_new_i32();
8374                        load_reg_var(s, addr, rn);
8375
8376                        /* Since the emulation does not have barriers,
8377                           the acquire/release semantics need no special
8378                           handling */
8379                        if (op2 == 0) {
8380                            if (insn & (1 << 20)) {
8381                                tmp = tcg_temp_new_i32();
8382                                switch (op1) {
8383                                case 0: /* lda */
8384                                    gen_aa32_ld32u(tmp, addr, get_mem_index(s));
8385                                    break;
8386                                case 2: /* ldab */
8387                                    gen_aa32_ld8u(tmp, addr, get_mem_index(s));
8388                                    break;
8389                                case 3: /* ldah */
8390                                    gen_aa32_ld16u(tmp, addr, get_mem_index(s));
8391                                    break;
8392                                default:
8393                                    abort();
8394                                }
8395                                store_reg(s, rd, tmp);
8396                            } else {
8397                                rm = insn & 0xf;
8398                                tmp = load_reg(s, rm);
8399                                switch (op1) {
8400                                case 0: /* stl */
8401                                    gen_aa32_st32(tmp, addr, get_mem_index(s));
8402                                    break;
8403                                case 2: /* stlb */
8404                                    gen_aa32_st8(tmp, addr, get_mem_index(s));
8405                                    break;
8406                                case 3: /* stlh */
8407                                    gen_aa32_st16(tmp, addr, get_mem_index(s));
8408                                    break;
8409                                default:
8410                                    abort();
8411                                }
8412                                tcg_temp_free_i32(tmp);
8413                            }
8414                        } else if (insn & (1 << 20)) {
8415                            switch (op1) {
8416                            case 0: /* ldrex */
8417                                gen_load_exclusive(s, rd, 15, addr, 2);
8418                                break;
8419                            case 1: /* ldrexd */
8420                                gen_load_exclusive(s, rd, rd + 1, addr, 3);
8421                                break;
8422                            case 2: /* ldrexb */
8423                                gen_load_exclusive(s, rd, 15, addr, 0);
8424                                break;
8425                            case 3: /* ldrexh */
8426                                gen_load_exclusive(s, rd, 15, addr, 1);
8427                                break;
8428                            default:
8429                                abort();
8430                            }
8431                        } else {
8432                            rm = insn & 0xf;
8433                            switch (op1) {
8434                            case 0:  /*  strex */
8435                                gen_store_exclusive(s, rd, rm, 15, addr, 2);
8436                                break;
8437                            case 1: /*  strexd */
8438                                gen_store_exclusive(s, rd, rm, rm + 1, addr, 3);
8439                                break;
8440                            case 2: /*  strexb */
8441                                gen_store_exclusive(s, rd, rm, 15, addr, 0);
8442                                break;
8443                            case 3: /* strexh */
8444                                gen_store_exclusive(s, rd, rm, 15, addr, 1);
8445                                break;
8446                            default:
8447                                abort();
8448                            }
8449                        }
8450                        tcg_temp_free_i32(addr);
8451                    } else {
8452                        /* SWP instruction */
8453                        rm = (insn) & 0xf;
8454
8455                        /* ??? This is not really atomic.  However we know
8456                           we never have multiple CPUs running in parallel,
8457                           so it is good enough.  */
8458                        addr = load_reg(s, rn);
8459                        tmp = load_reg(s, rm);
8460                        tmp2 = tcg_temp_new_i32();
8461                        if (insn & (1 << 22)) {
8462                            gen_aa32_ld8u(tmp2, addr, get_mem_index(s));
8463                            gen_aa32_st8(tmp, addr, get_mem_index(s));
8464                        } else {
8465                            gen_aa32_ld32u(tmp2, addr, get_mem_index(s));
8466                            gen_aa32_st32(tmp, addr, get_mem_index(s));
8467                        }
8468                        tcg_temp_free_i32(tmp);
8469                        tcg_temp_free_i32(addr);
8470                        store_reg(s, rd, tmp2);
8471                    }
8472                }
8473            } else {
8474                int address_offset;
8475                bool load = insn & (1 << 20);
8476                bool doubleword = false;
8477                /* Misc load/store */
8478                rn = (insn >> 16) & 0xf;
8479                rd = (insn >> 12) & 0xf;
8480
8481                if (!load && (sh & 2)) {
8482                    /* doubleword */
8483                    ARCH(5TE);
8484                    if (rd & 1) {
8485                        /* UNPREDICTABLE; we choose to UNDEF */
8486                        goto illegal_op;
8487                    }
8488                    load = (sh & 1) == 0;
8489                    doubleword = true;
8490                }
8491
8492                addr = load_reg(s, rn);
8493                if (insn & (1 << 24))
8494                    gen_add_datah_offset(s, insn, 0, addr);
8495                address_offset = 0;
8496
8497                if (doubleword) {
8498                    if (!load) {
8499                        /* store */
8500                        tmp = load_reg(s, rd);
8501                        gen_aa32_st32(tmp, addr, get_mem_index(s));
8502                        tcg_temp_free_i32(tmp);
8503                        tcg_gen_addi_i32(addr, addr, 4);
8504                        tmp = load_reg(s, rd + 1);
8505                        gen_aa32_st32(tmp, addr, get_mem_index(s));
8506                        tcg_temp_free_i32(tmp);
8507                    } else {
8508                        /* load */
8509                        tmp = tcg_temp_new_i32();
8510                        gen_aa32_ld32u(tmp, addr, get_mem_index(s));
8511                        store_reg(s, rd, tmp);
8512                        tcg_gen_addi_i32(addr, addr, 4);
8513                        tmp = tcg_temp_new_i32();
8514                        gen_aa32_ld32u(tmp, addr, get_mem_index(s));
8515                        rd++;
8516                    }
8517                    address_offset = -4;
8518                } else if (load) {
8519                    /* load */
8520                    tmp = tcg_temp_new_i32();
8521                    switch (sh) {
8522                    case 1:
8523                        gen_aa32_ld16u(tmp, addr, get_mem_index(s));
8524                        break;
8525                    case 2:
8526                        gen_aa32_ld8s(tmp, addr, get_mem_index(s));
8527                        break;
8528                    default:
8529                    case 3:
8530                        gen_aa32_ld16s(tmp, addr, get_mem_index(s));
8531                        break;
8532                    }
8533                } else {
8534                    /* store */
8535                    tmp = load_reg(s, rd);
8536                    gen_aa32_st16(tmp, addr, get_mem_index(s));
8537                    tcg_temp_free_i32(tmp);
8538                }
8539                /* Perform base writeback before the loaded value to
8540                   ensure correct behavior with overlapping index registers.
8541                   ldrd with base writeback is undefined if the
8542                   destination and index registers overlap.  */
8543                if (!(insn & (1 << 24))) {
8544                    gen_add_datah_offset(s, insn, address_offset, addr);
8545                    store_reg(s, rn, addr);
8546                } else if (insn & (1 << 21)) {
8547                    if (address_offset)
8548                        tcg_gen_addi_i32(addr, addr, address_offset);
8549                    store_reg(s, rn, addr);
8550                } else {
8551                    tcg_temp_free_i32(addr);
8552                }
8553                if (load) {
8554                    /* Complete the load.  */
8555                    store_reg(s, rd, tmp);
8556                }
8557            }
8558            break;
8559        case 0x4:
8560        case 0x5:
8561            goto do_ldst;
8562        case 0x6:
8563        case 0x7:
8564            if (insn & (1 << 4)) {
8565                ARCH(6);
8566                /* Armv6 Media instructions.  */
8567                rm = insn & 0xf;
8568                rn = (insn >> 16) & 0xf;
8569                rd = (insn >> 12) & 0xf;
8570                rs = (insn >> 8) & 0xf;
8571                switch ((insn >> 23) & 3) {
8572                case 0: /* Parallel add/subtract.  */
8573                    op1 = (insn >> 20) & 7;
8574                    tmp = load_reg(s, rn);
8575                    tmp2 = load_reg(s, rm);
8576                    sh = (insn >> 5) & 7;
8577                    if ((op1 & 3) == 0 || sh == 5 || sh == 6)
8578                        goto illegal_op;
8579                    gen_arm_parallel_addsub(op1, sh, tmp, tmp2);
8580                    tcg_temp_free_i32(tmp2);
8581                    store_reg(s, rd, tmp);
8582                    break;
8583                case 1:
8584                    if ((insn & 0x00700020) == 0) {
8585                        /* Halfword pack.  */
8586                        tmp = load_reg(s, rn);
8587                        tmp2 = load_reg(s, rm);
8588                        shift = (insn >> 7) & 0x1f;
8589                        if (insn & (1 << 6)) {
8590                            /* pkhtb */
8591                            if (shift == 0)
8592                                shift = 31;
8593                            tcg_gen_sari_i32(tmp2, tmp2, shift);
8594                            tcg_gen_andi_i32(tmp, tmp, 0xffff0000);
8595                            tcg_gen_ext16u_i32(tmp2, tmp2);
8596                        } else {
8597                            /* pkhbt */
8598                            if (shift)
8599                                tcg_gen_shli_i32(tmp2, tmp2, shift);
8600                            tcg_gen_ext16u_i32(tmp, tmp);
8601                            tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
8602                        }
8603                        tcg_gen_or_i32(tmp, tmp, tmp2);
8604                        tcg_temp_free_i32(tmp2);
8605                        store_reg(s, rd, tmp);
8606                    } else if ((insn & 0x00200020) == 0x00200000) {
8607                        /* [us]sat */
8608                        tmp = load_reg(s, rm);
8609                        shift = (insn >> 7) & 0x1f;
8610                        if (insn & (1 << 6)) {
8611                            if (shift == 0)
8612                                shift = 31;
8613                            tcg_gen_sari_i32(tmp, tmp, shift);
8614                        } else {
8615                            tcg_gen_shli_i32(tmp, tmp, shift);
8616                        }
8617                        sh = (insn >> 16) & 0x1f;
8618                        tmp2 = tcg_const_i32(sh);
8619                        if (insn & (1 << 22))
8620                          gen_helper_usat(tmp, cpu_env, tmp, tmp2);
8621                        else
8622                          gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
8623                        tcg_temp_free_i32(tmp2);
8624                        store_reg(s, rd, tmp);
8625                    } else if ((insn & 0x00300fe0) == 0x00200f20) {
8626                        /* [us]sat16 */
8627                        tmp = load_reg(s, rm);
8628                        sh = (insn >> 16) & 0x1f;
8629                        tmp2 = tcg_const_i32(sh);
8630                        if (insn & (1 << 22))
8631                          gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
8632                        else
8633                          gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
8634                        tcg_temp_free_i32(tmp2);
8635                        store_reg(s, rd, tmp);
8636                    } else if ((insn & 0x00700fe0) == 0x00000fa0) {
8637                        /* Select bytes.  */
8638                        tmp = load_reg(s, rn);
8639                        tmp2 = load_reg(s, rm);
8640                        tmp3 = tcg_temp_new_i32();
8641                        tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
8642                        gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
8643                        tcg_temp_free_i32(tmp3);
8644                        tcg_temp_free_i32(tmp2);
8645                        store_reg(s, rd, tmp);
8646                    } else if ((insn & 0x000003e0) == 0x00000060) {
8647                        tmp = load_reg(s, rm);
8648                        shift = (insn >> 10) & 3;
8649                        /* ??? In many cases it's not necessary to do a
8650                           rotate, a shift is sufficient.  */
8651                        if (shift != 0)
8652                            tcg_gen_rotri_i32(tmp, tmp, shift * 8);
8653                        op1 = (insn >> 20) & 7;
8654                        switch (op1) {
8655                        case 0: gen_sxtb16(tmp);  break;
8656                        case 2: gen_sxtb(tmp);    break;
8657                        case 3: gen_sxth(tmp);    break;
8658                        case 4: gen_uxtb16(tmp);  break;
8659                        case 6: gen_uxtb(tmp);    break;
8660                        case 7: gen_uxth(tmp);    break;
8661                        default: goto illegal_op;
8662                        }
8663                        if (rn != 15) {
8664                            tmp2 = load_reg(s, rn);
8665                            if ((op1 & 3) == 0) {
8666                                gen_add16(tmp, tmp2);
8667                            } else {
8668                                tcg_gen_add_i32(tmp, tmp, tmp2);
8669                                tcg_temp_free_i32(tmp2);
8670                            }
8671                        }
8672                        store_reg(s, rd, tmp);
8673                    } else if ((insn & 0x003f0f60) == 0x003f0f20) {
8674                        /* rev */
8675                        tmp = load_reg(s, rm);
8676                        if (insn & (1 << 22)) {
8677                            if (insn & (1 << 7)) {
8678                                gen_revsh(tmp);
8679                            } else {
8680                                ARCH(6T2);
8681                                gen_helper_rbit(tmp, tmp);
8682                            }
8683                        } else {
8684                            if (insn & (1 << 7))
8685                                gen_rev16(tmp);
8686                            else
8687                                tcg_gen_bswap32_i32(tmp, tmp);
8688                        }
8689                        store_reg(s, rd, tmp);
8690                    } else {
8691                        goto illegal_op;
8692                    }
8693                    break;
8694                case 2: /* Multiplies (Type 3).  */
8695                    switch ((insn >> 20) & 0x7) {
8696                    case 5:
8697                        if (((insn >> 6) ^ (insn >> 7)) & 1) {
8698                            /* op2 not 00x or 11x : UNDEF */
8699                            goto illegal_op;
8700                        }
8701                        /* Signed multiply most significant [accumulate].
8702                           (SMMUL, SMMLA, SMMLS) */
8703                        tmp = load_reg(s, rm);
8704                        tmp2 = load_reg(s, rs);
8705                        tmp64 = gen_muls_i64_i32(tmp, tmp2);
8706
8707                        if (rd != 15) {
8708                            tmp = load_reg(s, rd);
8709                            if (insn & (1 << 6)) {
8710                                tmp64 = gen_subq_msw(tmp64, tmp);
8711                            } else {
8712                                tmp64 = gen_addq_msw(tmp64, tmp);
8713                            }
8714                        }
8715                        if (insn & (1 << 5)) {
8716                            tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
8717                        }
8718                        tcg_gen_shri_i64(tmp64, tmp64, 32);
8719                        tmp = tcg_temp_new_i32();
8720                        tcg_gen_extrl_i64_i32(tmp, tmp64);
8721                        tcg_temp_free_i64(tmp64);
8722                        store_reg(s, rn, tmp);
8723                        break;
8724                    case 0:
8725                    case 4:
8726                        /* SMLAD, SMUAD, SMLSD, SMUSD, SMLALD, SMLSLD */
8727                        if (insn & (1 << 7)) {
8728                            goto illegal_op;
8729                        }
8730                        tmp = load_reg(s, rm);
8731                        tmp2 = load_reg(s, rs);
8732                        if (insn & (1 << 5))
8733                            gen_swap_half(tmp2);
8734                        gen_smul_dual(tmp, tmp2);
8735                        if (insn & (1 << 22)) {
8736                            /* smlald, smlsld */
8737                            TCGv_i64 tmp64_2;
8738
8739                            tmp64 = tcg_temp_new_i64();
8740                            tmp64_2 = tcg_temp_new_i64();
8741                            tcg_gen_ext_i32_i64(tmp64, tmp);
8742                            tcg_gen_ext_i32_i64(tmp64_2, tmp2);
8743                            tcg_temp_free_i32(tmp);
8744                            tcg_temp_free_i32(tmp2);
8745                            if (insn & (1 << 6)) {
8746                                tcg_gen_sub_i64(tmp64, tmp64, tmp64_2);
8747                            } else {
8748                                tcg_gen_add_i64(tmp64, tmp64, tmp64_2);
8749                            }
8750                            tcg_temp_free_i64(tmp64_2);
8751                            gen_addq(s, tmp64, rd, rn);
8752                            gen_storeq_reg(s, rd, rn, tmp64);
8753                            tcg_temp_free_i64(tmp64);
8754                        } else {
8755                            /* smuad, smusd, smlad, smlsd */
8756                            if (insn & (1 << 6)) {
8757                                /* This subtraction cannot overflow. */
8758                                tcg_gen_sub_i32(tmp, tmp, tmp2);
8759                            } else {
8760                                /* This addition cannot overflow 32 bits;
8761                                 * however it may overflow considered as a
8762                                 * signed operation, in which case we must set
8763                                 * the Q flag.
8764                                 */
8765                                gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8766                            }
8767                            tcg_temp_free_i32(tmp2);
8768                            if (rd != 15)
8769                              {
8770                                tmp2 = load_reg(s, rd);
8771                                gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8772                                tcg_temp_free_i32(tmp2);
8773                              }
8774                            store_reg(s, rn, tmp);
8775                        }
8776                        break;
8777                    case 1:
8778                    case 3:
8779                        /* SDIV, UDIV */
8780                        if (!arm_dc_feature(s, ARM_FEATURE_ARM_DIV)) {
8781                            goto illegal_op;
8782                        }
8783                        if (((insn >> 5) & 7) || (rd != 15)) {
8784                            goto illegal_op;
8785                        }
8786                        tmp = load_reg(s, rm);
8787                        tmp2 = load_reg(s, rs);
8788                        if (insn & (1 << 21)) {
8789                            gen_helper_udiv(tmp, tmp, tmp2);
8790                        } else {
8791                            gen_helper_sdiv(tmp, tmp, tmp2);
8792                        }
8793                        tcg_temp_free_i32(tmp2);
8794                        store_reg(s, rn, tmp);
8795                        break;
8796                    default:
8797                        goto illegal_op;
8798                    }
8799                    break;
8800                case 3:
8801                    op1 = ((insn >> 17) & 0x38) | ((insn >> 5) & 7);
8802                    switch (op1) {
8803                    case 0: /* Unsigned sum of absolute differences.  */
8804                        ARCH(6);
8805                        tmp = load_reg(s, rm);
8806                        tmp2 = load_reg(s, rs);
8807                        gen_helper_usad8(tmp, tmp, tmp2);
8808                        tcg_temp_free_i32(tmp2);
8809                        if (rd != 15) {
8810                            tmp2 = load_reg(s, rd);
8811                            tcg_gen_add_i32(tmp, tmp, tmp2);
8812                            tcg_temp_free_i32(tmp2);
8813                        }
8814                        store_reg(s, rn, tmp);
8815                        break;
8816                    case 0x20: case 0x24: case 0x28: case 0x2c:
8817                        /* Bitfield insert/clear.  */
8818                        ARCH(6T2);
8819                        shift = (insn >> 7) & 0x1f;
8820                        i = (insn >> 16) & 0x1f;
8821                        if (i < shift) {
8822                            /* UNPREDICTABLE; we choose to UNDEF */
8823                            goto illegal_op;
8824                        }
8825                        i = i + 1 - shift;
8826                        if (rm == 15) {
8827                            tmp = tcg_temp_new_i32();
8828                            tcg_gen_movi_i32(tmp, 0);
8829                        } else {
8830                            tmp = load_reg(s, rm);
8831                        }
8832                        if (i != 32) {
8833                            tmp2 = load_reg(s, rd);
8834                            tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, i);
8835                            tcg_temp_free_i32(tmp2);
8836                        }
8837                        store_reg(s, rd, tmp);
8838                        break;
8839                    case 0x12: case 0x16: case 0x1a: case 0x1e: /* sbfx */
8840                    case 0x32: case 0x36: case 0x3a: case 0x3e: /* ubfx */
8841                        ARCH(6T2);
8842                        tmp = load_reg(s, rm);
8843                        shift = (insn >> 7) & 0x1f;
8844                        i = ((insn >> 16) & 0x1f) + 1;
8845                        if (shift + i > 32)
8846                            goto illegal_op;
8847                        if (i < 32) {
8848                            if (op1 & 0x20) {
8849                                gen_ubfx(tmp, shift, (1u << i) - 1);
8850                            } else {
8851                                gen_sbfx(tmp, shift, i);
8852                            }
8853                        }
8854                        store_reg(s, rd, tmp);
8855                        break;
8856                    default:
8857                        goto illegal_op;
8858                    }
8859                    break;
8860                }
8861                break;
8862            }
8863        do_ldst:
8864            /* Check for undefined extension instructions
8865             * per the ARM Bible IE:
8866             * xxxx 0111 1111 xxxx  xxxx xxxx 1111 xxxx
8867             */
8868            sh = (0xf << 20) | (0xf << 4);
8869            if (op1 == 0x7 && ((insn & sh) == sh))
8870            {
8871                goto illegal_op;
8872            }
8873            /* load/store byte/word */
8874            rn = (insn >> 16) & 0xf;
8875            rd = (insn >> 12) & 0xf;
8876            tmp2 = load_reg(s, rn);
8877            if ((insn & 0x01200000) == 0x00200000) {
8878                /* ldrt/strt */
8879                i = get_a32_user_mem_index(s);
8880            } else {
8881                i = get_mem_index(s);
8882            }
8883            if (insn & (1 << 24))
8884                gen_add_data_offset(s, insn, tmp2);
8885            if (insn & (1 << 20)) {
8886                /* load */
8887                tmp = tcg_temp_new_i32();
8888                if (insn & (1 << 22)) {
8889                    gen_aa32_ld8u(tmp, tmp2, i);
8890                } else {
8891                    gen_aa32_ld32u(tmp, tmp2, i);
8892                }
8893            } else {
8894                /* store */
8895                tmp = load_reg(s, rd);
8896                if (insn & (1 << 22)) {
8897                    gen_aa32_st8(tmp, tmp2, i);
8898                } else {
8899                    gen_aa32_st32(tmp, tmp2, i);
8900                }
8901                tcg_temp_free_i32(tmp);
8902            }
8903            if (!(insn & (1 << 24))) {
8904                gen_add_data_offset(s, insn, tmp2);
8905                store_reg(s, rn, tmp2);
8906            } else if (insn & (1 << 21)) {
8907                store_reg(s, rn, tmp2);
8908            } else {
8909                tcg_temp_free_i32(tmp2);
8910            }
8911            if (insn & (1 << 20)) {
8912                /* Complete the load.  */
8913                store_reg_from_load(s, rd, tmp);
8914            }
8915            break;
8916        case 0x08:
8917        case 0x09:
8918            {
8919                int j, n, loaded_base;
8920                bool exc_return = false;
8921                bool is_load = extract32(insn, 20, 1);
8922                bool user = false;
8923                TCGv_i32 loaded_var;
8924                /* load/store multiple words */
8925                /* XXX: store correct base if write back */
8926                if (insn & (1 << 22)) {
8927                    /* LDM (user), LDM (exception return) and STM (user) */
8928                    if (IS_USER(s))
8929                        goto illegal_op; /* only usable in supervisor mode */
8930
8931                    if (is_load && extract32(insn, 15, 1)) {
8932                        exc_return = true;
8933                    } else {
8934                        user = true;
8935                    }
8936                }
8937                rn = (insn >> 16) & 0xf;
8938                addr = load_reg(s, rn);
8939
8940                /* compute total size */
8941                loaded_base = 0;
8942                TCGV_UNUSED_I32(loaded_var);
8943                n = 0;
8944                for(i=0;i<16;i++) {
8945                    if (insn & (1 << i))
8946                        n++;
8947                }
8948                /* XXX: test invalid n == 0 case ? */
8949                if (insn & (1 << 23)) {
8950                    if (insn & (1 << 24)) {
8951                        /* pre increment */
8952                        tcg_gen_addi_i32(addr, addr, 4);
8953                    } else {
8954                        /* post increment */
8955                    }
8956                } else {
8957                    if (insn & (1 << 24)) {
8958                        /* pre decrement */
8959                        tcg_gen_addi_i32(addr, addr, -(n * 4));
8960                    } else {
8961                        /* post decrement */
8962                        if (n != 1)
8963                        tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
8964                    }
8965                }
8966                j = 0;
8967                for(i=0;i<16;i++) {
8968                    if (insn & (1 << i)) {
8969                        if (is_load) {
8970                            /* load */
8971                            tmp = tcg_temp_new_i32();
8972                            gen_aa32_ld32u(tmp, addr, get_mem_index(s));
8973                            if (user) {
8974                                tmp2 = tcg_const_i32(i);
8975                                gen_helper_set_user_reg(cpu_env, tmp2, tmp);
8976                                tcg_temp_free_i32(tmp2);
8977                                tcg_temp_free_i32(tmp);
8978                            } else if (i == rn) {
8979                                loaded_var = tmp;
8980                                loaded_base = 1;
8981                            } else {
8982                                store_reg_from_load(s, i, tmp);
8983                            }
8984                        } else {
8985                            /* store */
8986                            if (i == 15) {
8987                                /* special case: r15 = PC + 8 */
8988                                val = (long)s->pc + 4;
8989                                tmp = tcg_temp_new_i32();
8990                                tcg_gen_movi_i32(tmp, val);
8991                            } else if (user) {
8992                                tmp = tcg_temp_new_i32();
8993                                tmp2 = tcg_const_i32(i);
8994                                gen_helper_get_user_reg(tmp, cpu_env, tmp2);
8995                                tcg_temp_free_i32(tmp2);
8996                            } else {
8997                                tmp = load_reg(s, i);
8998                            }
8999                            gen_aa32_st32(tmp, addr, get_mem_index(s));
9000                            tcg_temp_free_i32(tmp);

9001                        }
9002                        j++;
9003                        /* no need to add after the last transfer */
9004                        if (j != n)
9005                            tcg_gen_addi_i32(addr, addr, 4);
9006                    }
9007                }
9008                if (insn & (1 << 21)) {
9009                    /* write back */
9010                    if (insn & (1 << 23)) {
9011                        if (insn & (1 << 24)) {
9012                            /* pre increment */
9013                        } else {
9014                            /* post increment */
9015                            tcg_gen_addi_i32(addr, addr, 4);
9016                        }
9017                    } else {
9018                        if (insn & (1 << 24)) {
9019                            /* pre decrement */
9020                            if (n != 1)
9021                                tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9022                        } else {
9023                            /* post decrement */
9024                            tcg_gen_addi_i32(addr, addr, -(n * 4));
9025                        }
9026                    }
9027                    store_reg(s, rn, addr);
9028                } else {
9029                    tcg_temp_free_i32(addr);
9030                }
9031                if (loaded_base) {
9032                    store_reg(s, rn, loaded_var);
9033                }
9034                if (exc_return) {
9035                    /* Restore CPSR from SPSR.  */
9036                    tmp = load_cpu_field(spsr);
9037                    gen_set_cpsr(tmp, CPSR_ERET_MASK);
9038                    tcg_temp_free_i32(tmp);
9039                    s->is_jmp = DISAS_JUMP;
9040                }
9041            }
9042            break;
9043        case 0xa:
9044        case 0xb:
9045            {
9046                int32_t offset;
9047
9048                /* branch (and link) */
9049                val = (int32_t)s->pc;
9050                if (insn & (1 << 24)) {
9051                    tmp = tcg_temp_new_i32();
9052                    tcg_gen_movi_i32(tmp, val);
9053                    store_reg(s, 14, tmp);
9054                }
9055                offset = sextract32(insn << 2, 0, 26);
9056                val += offset + 4;
9057                gen_jmp(s, val);
9058            }
9059            break;
9060        case 0xc:
9061        case 0xd:
9062        case 0xe:
9063            if (((insn >> 8) & 0xe) == 10) {
9064                /* VFP.  */
9065                if (disas_vfp_insn(s, insn)) {
9066                    goto illegal_op;
9067                }
9068            } else if (disas_coproc_insn(s, insn)) {
9069                /* Coprocessor.  */
9070                goto illegal_op;
9071            }
9072            break;
9073        case 0xf:
9074            /* swi */
9075            gen_set_pc_im(s, s->pc);
9076            s->svc_imm = extract32(insn, 0, 24);
9077            s->is_jmp = DISAS_SWI;
9078            break;
9079        default:
9080        illegal_op:
9081            gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
9082                               default_exception_el(s));
9083            break;
9084        }
9085    }
9086}
9087
9088/* Return true if this is a Thumb-2 logical op.  */
9089static int
9090thumb2_logic_op(int op)
9091{
9092    return (op < 8);
9093}
9094
9095/* Generate code for a Thumb-2 data processing operation.  If CONDS is nonzero
9096   then set condition code flags based on the result of the operation.
9097   If SHIFTER_OUT is nonzero then set the carry flag for logical operations
9098   to the high bit of T1.
9099   Returns zero if the opcode is valid.  */
9100
9101static int
9102gen_thumb2_data_op(DisasContext *s, int op, int conds, uint32_t shifter_out,
9103                   TCGv_i32 t0, TCGv_i32 t1)
9104{
9105    int logic_cc;
9106
9107    logic_cc = 0;
9108    switch (op) {
9109    case 0: /* and */
9110        tcg_gen_and_i32(t0, t0, t1);
9111        logic_cc = conds;
9112        break;
9113    case 1: /* bic */
9114        tcg_gen_andc_i32(t0, t0, t1);
9115        logic_cc = conds;
9116        break;
9117    case 2: /* orr */
9118        tcg_gen_or_i32(t0, t0, t1);
9119        logic_cc = conds;
9120        break;
9121    case 3: /* orn */
9122        tcg_gen_orc_i32(t0, t0, t1);
9123        logic_cc = conds;
9124        break;
9125    case 4: /* eor */
9126        tcg_gen_xor_i32(t0, t0, t1);
9127        logic_cc = conds;
9128        break;
9129    case 8: /* add */
9130        if (conds)
9131            gen_add_CC(t0, t0, t1);
9132        else
9133            tcg_gen_add_i32(t0, t0, t1);
9134        break;
9135    case 10: /* adc */
9136        if (conds)
9137            gen_adc_CC(t0, t0, t1);
9138        else
9139            gen_adc(t0, t1);
9140        break;
9141    case 11: /* sbc */
9142        if (conds) {
9143            gen_sbc_CC(t0, t0, t1);
9144        } else {
9145            gen_sub_carry(t0, t0, t1);
9146        }
9147        break;
9148    case 13: /* sub */
9149        if (conds)
9150            gen_sub_CC(t0, t0, t1);
9151        else
9152            tcg_gen_sub_i32(t0, t0, t1);
9153        break;
9154    case 14: /* rsb */
9155        if (conds)
9156            gen_sub_CC(t0, t1, t0);
9157        else
9158            tcg_gen_sub_i32(t0, t1, t0);
9159        break;
9160    default: /* 5, 6, 7, 9, 12, 15. */
9161        return 1;
9162    }
9163    if (logic_cc) {
9164        gen_logic_CC(t0);
9165        if (shifter_out)
9166            gen_set_CF_bit31(t1);
9167    }
9168    return 0;
9169}
9170
9171/* Translate a 32-bit thumb instruction.  Returns nonzero if the instruction
9172   is not legal.  */
9173static int disas_thumb2_insn(CPUARMState *env, DisasContext *s, uint16_t insn_hw1)
9174{
9175    uint32_t insn, imm, shift, offset;
9176    uint32_t rd, rn, rm, rs;
9177    TCGv_i32 tmp;
9178    TCGv_i32 tmp2;
9179    TCGv_i32 tmp3;
9180    TCGv_i32 addr;
9181    TCGv_i64 tmp64;
9182    int op;
9183    int shiftop;
9184    int conds;
9185    int logic_cc;
9186
9187    if (!(arm_dc_feature(s, ARM_FEATURE_THUMB2)
9188          || arm_dc_feature(s, ARM_FEATURE_M))) {
9189        /* Thumb-1 cores may need to treat bl and blx as a pair of
9190           16-bit instructions to get correct prefetch abort behavior.  */
9191        insn = insn_hw1;
9192        if ((insn & (1 << 12)) == 0) {
9193            ARCH(5);
9194            /* Second half of blx.  */
9195            offset = ((insn & 0x7ff) << 1);
9196            tmp = load_reg(s, 14);
9197            tcg_gen_addi_i32(tmp, tmp, offset);
9198            tcg_gen_andi_i32(tmp, tmp, 0xfffffffc);
9199
9200            tmp2 = tcg_temp_new_i32();
9201            tcg_gen_movi_i32(tmp2, s->pc | 1);
9202            store_reg(s, 14, tmp2);
9203            gen_bx(s, tmp);
9204            return 0;
9205        }
9206        if (insn & (1 << 11)) {
9207            /* Second half of bl.  */
9208            offset = ((insn & 0x7ff) << 1) | 1;
9209            tmp = load_reg(s, 14);
9210            tcg_gen_addi_i32(tmp, tmp, offset);
9211
9212            tmp2 = tcg_temp_new_i32();
9213            tcg_gen_movi_i32(tmp2, s->pc | 1);
9214            store_reg(s, 14, tmp2);
9215            gen_bx(s, tmp);
9216            return 0;
9217        }
9218        if ((s->pc & ~TARGET_PAGE_MASK) == 0) {
9219            /* Instruction spans a page boundary.  Implement it as two
9220               16-bit instructions in case the second half causes an
9221               prefetch abort.  */
9222            offset = ((int32_t)insn << 21) >> 9;
9223            tcg_gen_movi_i32(cpu_R[14], s->pc + 2 + offset);
9224            return 0;
9225        }
9226        /* Fall through to 32-bit decode.  */
9227    }
9228
9229    insn = arm_lduw_code(env, s->pc, s->bswap_code);
9230    s->pc += 2;
9231    insn |= (uint32_t)insn_hw1 << 16;
9232
9233    if ((insn & 0xf800e800) != 0xf000e800) {
9234        ARCH(6T2);
9235    }
9236
9237    rn = (insn >> 16) & 0xf;
9238    rs = (insn >> 12) & 0xf;
9239    rd = (insn >> 8) & 0xf;
9240    rm = insn & 0xf;
9241    switch ((insn >> 25) & 0xf) {
9242    case 0: case 1: case 2: case 3:
9243        /* 16-bit instructions.  Should never happen.  */
9244        abort();
9245    case 4:
9246        if (insn & (1 << 22)) {
9247            /* Other load/store, table branch.  */
9248            if (insn & 0x01200000) {
9249                /* Load/store doubleword.  */
9250                if (rn == 15) {
9251                    addr = tcg_temp_new_i32();
9252                    tcg_gen_movi_i32(addr, s->pc & ~3);
9253                } else {
9254                    addr = load_reg(s, rn);
9255                }
9256                offset = (insn & 0xff) * 4;
9257                if ((insn & (1 << 23)) == 0)
9258                    offset = -offset;
9259                if (insn & (1 << 24)) {
9260                    tcg_gen_addi_i32(addr, addr, offset);
9261                    offset = 0;
9262                }
9263                if (insn & (1 << 20)) {
9264                    /* ldrd */
9265                    tmp = tcg_temp_new_i32();
9266                    gen_aa32_ld32u(tmp, addr, get_mem_index(s));
9267                    store_reg(s, rs, tmp);
9268                    tcg_gen_addi_i32(addr, addr, 4);
9269                    tmp = tcg_temp_new_i32();
9270                    gen_aa32_ld32u(tmp, addr, get_mem_index(s));
9271                    store_reg(s, rd, tmp);
9272                } else {
9273                    /* strd */
9274                    tmp = load_reg(s, rs);
9275                    gen_aa32_st32(tmp, addr, get_mem_index(s));
9276                    tcg_temp_free_i32(tmp);
9277                    tcg_gen_addi_i32(addr, addr, 4);
9278                    tmp = load_reg(s, rd);
9279                    gen_aa32_st32(tmp, addr, get_mem_index(s));
9280                    tcg_temp_free_i32(tmp);
9281                }
9282                if (insn & (1 << 21)) {
9283                    /* Base writeback.  */
9284                    if (rn == 15)
9285                        goto illegal_op;
9286                    tcg_gen_addi_i32(addr, addr, offset - 4);
9287                    store_reg(s, rn, addr);
9288                } else {
9289                    tcg_temp_free_i32(addr);
9290                }
9291            } else if ((insn & (1 << 23)) == 0) {
9292                /* Load/store exclusive word.  */
9293                addr = tcg_temp_local_new_i32();
9294                load_reg_var(s, addr, rn);
9295                tcg_gen_addi_i32(addr, addr, (insn & 0xff) << 2);
9296                if (insn & (1 << 20)) {
9297                    gen_load_exclusive(s, rs, 15, addr, 2);
9298                } else {
9299                    gen_store_exclusive(s, rd, rs, 15, addr, 2);
9300                }
9301                tcg_temp_free_i32(addr);
9302            } else if ((insn & (7 << 5)) == 0) {
9303                /* Table Branch.  */
9304                if (rn == 15) {
9305                    addr = tcg_temp_new_i32();
9306                    tcg_gen_movi_i32(addr, s->pc);
9307                } else {
9308                    addr = load_reg(s, rn);
9309                }
9310                tmp = load_reg(s, rm);
9311                tcg_gen_add_i32(addr, addr, tmp);
9312                if (insn & (1 << 4)) {
9313                    /* tbh */
9314                    tcg_gen_add_i32(addr, addr, tmp);
9315                    tcg_temp_free_i32(tmp);
9316                    tmp = tcg_temp_new_i32();
9317                    gen_aa32_ld16u(tmp, addr, get_mem_index(s));
9318                } else { /* tbb */
9319                    tcg_temp_free_i32(tmp);
9320                    tmp = tcg_temp_new_i32();
9321                    gen_aa32_ld8u(tmp, addr, get_mem_index(s));
9322                }
9323                tcg_temp_free_i32(addr);
9324                tcg_gen_shli_i32(tmp, tmp, 1);
9325                tcg_gen_addi_i32(tmp, tmp, s->pc);
9326                store_reg(s, 15, tmp);
9327            } else {
9328                int op2 = (insn >> 6) & 0x3;
9329                op = (insn >> 4) & 0x3;
9330                switch (op2) {
9331                case 0:
9332                    goto illegal_op;
9333                case 1:
9334                    /* Load/store exclusive byte/halfword/doubleword */
9335                    if (op == 2) {
9336                        goto illegal_op;
9337                    }
9338                    ARCH(7);
9339                    break;
9340                case 2:
9341                    /* Load-acquire/store-release */
9342                    if (op == 3) {
9343                        goto illegal_op;
9344                    }
9345                    /* Fall through */
9346                case 3:
9347                    /* Load-acquire/store-release exclusive */
9348                    ARCH(8);
9349                    break;
9350                }
9351                addr = tcg_temp_local_new_i32();
9352                load_reg_var(s, addr, rn);
9353                if (!(op2 & 1)) {
9354                    if (insn & (1 << 20)) {
9355                        tmp = tcg_temp_new_i32();
9356                        switch (op) {
9357                        case 0: /* ldab */
9358                            gen_aa32_ld8u(tmp, addr, get_mem_index(s));
9359                            break;
9360                        case 1: /* ldah */
9361                            gen_aa32_ld16u(tmp, addr, get_mem_index(s));
9362                            break;
9363                        case 2: /* lda */
9364                            gen_aa32_ld32u(tmp, addr, get_mem_index(s));
9365                            break;
9366                        default:
9367                            abort();
9368                        }
9369                        store_reg(s, rs, tmp);
9370                    } else {
9371                        tmp = load_reg(s, rs);
9372                        switch (op) {
9373                        case 0: /* stlb */
9374                            gen_aa32_st8(tmp, addr, get_mem_index(s));
9375                            break;
9376                        case 1: /* stlh */
9377                            gen_aa32_st16(tmp, addr, get_mem_index(s));
9378                            break;
9379                        case 2: /* stl */
9380                            gen_aa32_st32(tmp, addr, get_mem_index(s));
9381                            break;
9382                        default:
9383                            abort();
9384                        }
9385                        tcg_temp_free_i32(tmp);
9386                    }
9387                } else if (insn & (1 << 20)) {
9388                    gen_load_exclusive(s, rs, rd, addr, op);
9389                } else {
9390                    gen_store_exclusive(s, rm, rs, rd, addr, op);
9391                }
9392                tcg_temp_free_i32(addr);
9393            }
9394        } else {
9395            /* Load/store multiple, RFE, SRS.  */
9396            if (((insn >> 23) & 1) == ((insn >> 24) & 1)) {
9397                /* RFE, SRS: not available in user mode or on M profile */
9398                if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
9399                    goto illegal_op;
9400                }
9401                if (insn & (1 << 20)) {
9402                    /* rfe */
9403                    addr = load_reg(s, rn);
9404                    if ((insn & (1 << 24)) == 0)
9405                        tcg_gen_addi_i32(addr, addr, -8);
9406                    /* Load PC into tmp and CPSR into tmp2.  */
9407                    tmp = tcg_temp_new_i32();
9408                    gen_aa32_ld32u(tmp, addr, get_mem_index(s));
9409                    tcg_gen_addi_i32(addr, addr, 4);
9410                    tmp2 = tcg_temp_new_i32();
9411                    gen_aa32_ld32u(tmp2, addr, get_mem_index(s));
9412                    if (insn & (1 << 21)) {
9413                        /* Base writeback.  */
9414                        if (insn & (1 << 24)) {
9415                            tcg_gen_addi_i32(addr, addr, 4);
9416                        } else {
9417                            tcg_gen_addi_i32(addr, addr, -4);
9418                        }
9419                        store_reg(s, rn, addr);
9420                    } else {
9421                        tcg_temp_free_i32(addr);
9422                    }
9423                    gen_rfe(s, tmp, tmp2);
9424                } else {
9425                    /* srs */
9426                    gen_srs(s, (insn & 0x1f), (insn & (1 << 24)) ? 1 : 2,
9427                            insn & (1 << 21));
9428                }
9429            } else {
9430                int i, loaded_base = 0;
9431                TCGv_i32 loaded_var;
9432                /* Load/store multiple.  */
9433                addr = load_reg(s, rn);
9434                offset = 0;
9435                for (i = 0; i < 16; i++) {
9436                    if (insn & (1 << i))
9437                        offset += 4;
9438                }
9439                if (insn & (1 << 24)) {
9440                    tcg_gen_addi_i32(addr, addr, -offset);
9441                }
9442
9443                TCGV_UNUSED_I32(loaded_var);
9444                for (i = 0; i < 16; i++) {
9445                    if ((insn & (1 << i)) == 0)
9446                        continue;
9447                    if (insn & (1 << 20)) {
9448                        /* Load.  */
9449                        tmp = tcg_temp_new_i32();
9450                        gen_aa32_ld32u(tmp, addr, get_mem_index(s));
9451                        if (i == 15) {
9452                            gen_bx(s, tmp);
9453                        } else if (i == rn) {
9454                            loaded_var = tmp;
9455                            loaded_base = 1;
9456                        } else {
9457                            store_reg(s, i, tmp);
9458                        }
9459                    } else {
9460                        /* Store.  */
9461                        tmp = load_reg(s, i);
9462                        gen_aa32_st32(tmp, addr, get_mem_index(s));
9463                        tcg_temp_free_i32(tmp);
9464                    }
9465                    tcg_gen_addi_i32(addr, addr, 4);
9466                }
9467                if (loaded_base) {
9468                    store_reg(s, rn, loaded_var);
9469                }
9470                if (insn & (1 << 21)) {
9471                    /* Base register writeback.  */
9472                    if (insn & (1 << 24)) {
9473                        tcg_gen_addi_i32(addr, addr, -offset);
9474                    }
9475                    /* Fault if writeback register is in register list.  */
9476                    if (insn & (1 << rn))
9477                        goto illegal_op;
9478                    store_reg(s, rn, addr);
9479                } else {
9480                    tcg_temp_free_i32(addr);
9481                }
9482            }
9483        }
9484        break;
9485    case 5:
9486
9487        op = (insn >> 21) & 0xf;
9488        if (op == 6) {
9489            if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9490                goto illegal_op;
9491            }
9492            /* Halfword pack.  */
9493            tmp = load_reg(s, rn);
9494            tmp2 = load_reg(s, rm);
9495            shift = ((insn >> 10) & 0x1c) | ((insn >> 6) & 0x3);
9496            if (insn & (1 << 5)) {
9497                /* pkhtb */
9498                if (shift == 0)
9499                    shift = 31;
9500                tcg_gen_sari_i32(tmp2, tmp2, shift);
9501                tcg_gen_andi_i32(tmp, tmp, 0xffff0000);
9502                tcg_gen_ext16u_i32(tmp2, tmp2);
9503            } else {
9504                /* pkhbt */
9505                if (shift)
9506                    tcg_gen_shli_i32(tmp2, tmp2, shift);
9507                tcg_gen_ext16u_i32(tmp, tmp);
9508                tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
9509            }
9510            tcg_gen_or_i32(tmp, tmp, tmp2);
9511            tcg_temp_free_i32(tmp2);
9512            store_reg(s, rd, tmp);
9513        } else {
9514            /* Data processing register constant shift.  */
9515            if (rn == 15) {
9516                tmp = tcg_temp_new_i32();
9517                tcg_gen_movi_i32(tmp, 0);
9518            } else {
9519                tmp = load_reg(s, rn);
9520            }
9521            tmp2 = load_reg(s, rm);
9522
9523            shiftop = (insn >> 4) & 3;
9524            shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
9525            conds = (insn & (1 << 20)) != 0;
9526            logic_cc = (conds && thumb2_logic_op(op));
9527            gen_arm_shift_im(tmp2, shiftop, shift, logic_cc);
9528            if (gen_thumb2_data_op(s, op, conds, 0, tmp, tmp2))
9529                goto illegal_op;
9530            tcg_temp_free_i32(tmp2);
9531            if (rd != 15) {
9532                store_reg(s, rd, tmp);
9533            } else {
9534                tcg_temp_free_i32(tmp);
9535            }
9536        }
9537        break;
9538    case 13: /* Misc data processing.  */
9539        op = ((insn >> 22) & 6) | ((insn >> 7) & 1);
9540        if (op < 4 && (insn & 0xf000) != 0xf000)
9541            goto illegal_op;
9542        switch (op) {
9543        case 0: /* Register controlled shift.  */
9544            tmp = load_reg(s, rn);
9545            tmp2 = load_reg(s, rm);
9546            if ((insn & 0x70) != 0)
9547                goto illegal_op;
9548            op = (insn >> 21) & 3;
9549            logic_cc = (insn & (1 << 20)) != 0;
9550            gen_arm_shift_reg(tmp, op, tmp2, logic_cc);
9551            if (logic_cc)
9552                gen_logic_CC(tmp);
9553            store_reg_bx(s, rd, tmp);
9554            break;
9555        case 1: /* Sign/zero extend.  */
9556            op = (insn >> 20) & 7;
9557            switch (op) {
9558            case 0: /* SXTAH, SXTH */
9559            case 1: /* UXTAH, UXTH */
9560            case 4: /* SXTAB, SXTB */
9561            case 5: /* UXTAB, UXTB */
9562                break;
9563            case 2: /* SXTAB16, SXTB16 */
9564            case 3: /* UXTAB16, UXTB16 */
9565                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9566                    goto illegal_op;
9567                }
9568                break;
9569            default:
9570                goto illegal_op;
9571            }
9572            if (rn != 15) {
9573                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9574                    goto illegal_op;
9575                }
9576            }
9577            tmp = load_reg(s, rm);
9578            shift = (insn >> 4) & 3;
9579            /* ??? In many cases it's not necessary to do a
9580               rotate, a shift is sufficient.  */
9581            if (shift != 0)
9582                tcg_gen_rotri_i32(tmp, tmp, shift * 8);
9583            op = (insn >> 20) & 7;
9584            switch (op) {
9585            case 0: gen_sxth(tmp);   break;
9586            case 1: gen_uxth(tmp);   break;
9587            case 2: gen_sxtb16(tmp); break;
9588            case 3: gen_uxtb16(tmp); break;
9589            case 4: gen_sxtb(tmp);   break;
9590            case 5: gen_uxtb(tmp);   break;
9591            default:
9592                g_assert_not_reached();
9593            }
9594            if (rn != 15) {
9595                tmp2 = load_reg(s, rn);
9596                if ((op >> 1) == 1) {
9597                    gen_add16(tmp, tmp2);
9598                } else {
9599                    tcg_gen_add_i32(tmp, tmp, tmp2);
9600                    tcg_temp_free_i32(tmp2);
9601                }
9602            }
9603            store_reg(s, rd, tmp);
9604            break;
9605        case 2: /* SIMD add/subtract.  */
9606            if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9607                goto illegal_op;
9608            }
9609            op = (insn >> 20) & 7;
9610            shift = (insn >> 4) & 7;
9611            if ((op & 3) == 3 || (shift & 3) == 3)
9612                goto illegal_op;
9613            tmp = load_reg(s, rn);
9614            tmp2 = load_reg(s, rm);
9615            gen_thumb2_parallel_addsub(op, shift, tmp, tmp2);
9616            tcg_temp_free_i32(tmp2);
9617            store_reg(s, rd, tmp);
9618            break;
9619        case 3: /* Other data processing.  */
9620            op = ((insn >> 17) & 0x38) | ((insn >> 4) & 7);
9621            if (op < 4) {
9622                /* Saturating add/subtract.  */
9623                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9624                    goto illegal_op;
9625                }
9626                tmp = load_reg(s, rn);
9627                tmp2 = load_reg(s, rm);
9628                if (op & 1)
9629                    gen_helper_double_saturate(tmp, cpu_env, tmp);
9630                if (op & 2)
9631                    gen_helper_sub_saturate(tmp, cpu_env, tmp2, tmp);
9632                else
9633                    gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
9634                tcg_temp_free_i32(tmp2);
9635            } else {
9636                switch (op) {
9637                case 0x0a: /* rbit */
9638                case 0x08: /* rev */
9639                case 0x09: /* rev16 */
9640                case 0x0b: /* revsh */
9641                case 0x18: /* clz */
9642                    break;
9643                case 0x10: /* sel */
9644                    if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9645                        goto illegal_op;
9646                    }
9647                    break;
9648                case 0x20: /* crc32/crc32c */
9649                case 0x21:
9650                case 0x22:
9651                case 0x28:
9652                case 0x29:
9653                case 0x2a:
9654                    if (!arm_dc_feature(s, ARM_FEATURE_CRC)) {
9655                        goto illegal_op;
9656                    }
9657                    break;
9658                default:
9659                    goto illegal_op;
9660                }
9661                tmp = load_reg(s, rn);
9662                switch (op) {
9663                case 0x0a: /* rbit */
9664                    gen_helper_rbit(tmp, tmp);
9665                    break;
9666                case 0x08: /* rev */
9667                    tcg_gen_bswap32_i32(tmp, tmp);
9668                    break;
9669                case 0x09: /* rev16 */
9670                    gen_rev16(tmp);
9671                    break;
9672                case 0x0b: /* revsh */
9673                    gen_revsh(tmp);
9674                    break;
9675                case 0x10: /* sel */
9676                    tmp2 = load_reg(s, rm);
9677                    tmp3 = tcg_temp_new_i32();
9678                    tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
9679                    gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
9680                    tcg_temp_free_i32(tmp3);
9681                    tcg_temp_free_i32(tmp2);
9682                    break;
9683                case 0x18: /* clz */
9684                    gen_helper_clz(tmp, tmp);
9685                    break;
9686                case 0x20:
9687                case 0x21:
9688                case 0x22:
9689                case 0x28:
9690                case 0x29:
9691                case 0x2a:
9692                {
9693                    /* crc32/crc32c */
9694                    uint32_t sz = op & 0x3;
9695                    uint32_t c = op & 0x8;
9696
9697                    tmp2 = load_reg(s, rm);
9698                    if (sz == 0) {
9699                        tcg_gen_andi_i32(tmp2, tmp2, 0xff);
9700                    } else if (sz == 1) {
9701                        tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
9702                    }
9703                    tmp3 = tcg_const_i32(1 << sz);
9704                    if (c) {
9705                        gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
9706                    } else {
9707                        gen_helper_crc32(tmp, tmp, tmp2, tmp3);
9708                    }
9709                    tcg_temp_free_i32(tmp2);
9710                    tcg_temp_free_i32(tmp3);
9711                    break;
9712                }
9713                default:
9714                    g_assert_not_reached();
9715                }
9716            }
9717            store_reg(s, rd, tmp);
9718            break;
9719        case 4: case 5: /* 32-bit multiply.  Sum of absolute differences.  */
9720            switch ((insn >> 20) & 7) {
9721            case 0: /* 32 x 32 -> 32 */
9722            case 7: /* Unsigned sum of absolute differences.  */
9723                break;
9724            case 1: /* 16 x 16 -> 32 */
9725            case 2: /* Dual multiply add.  */
9726            case 3: /* 32 * 16 -> 32msb */
9727            case 4: /* Dual multiply subtract.  */
9728            case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
9729                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9730                    goto illegal_op;
9731                }
9732                break;
9733            }
9734            op = (insn >> 4) & 0xf;
9735            tmp = load_reg(s, rn);
9736            tmp2 = load_reg(s, rm);
9737            switch ((insn >> 20) & 7) {
9738            case 0: /* 32 x 32 -> 32 */
9739                tcg_gen_mul_i32(tmp, tmp, tmp2);
9740                tcg_temp_free_i32(tmp2);
9741                if (rs != 15) {
9742                    tmp2 = load_reg(s, rs);
9743                    if (op)
9744                        tcg_gen_sub_i32(tmp, tmp2, tmp);
9745                    else
9746                        tcg_gen_add_i32(tmp, tmp, tmp2);
9747                    tcg_temp_free_i32(tmp2);
9748                }
9749                break;
9750            case 1: /* 16 x 16 -> 32 */
9751                gen_mulxy(tmp, tmp2, op & 2, op & 1);
9752                tcg_temp_free_i32(tmp2);
9753                if (rs != 15) {
9754                    tmp2 = load_reg(s, rs);
9755                    gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9756                    tcg_temp_free_i32(tmp2);
9757                }
9758                break;
9759            case 2: /* Dual multiply add.  */
9760            case 4: /* Dual multiply subtract.  */
9761                if (op)
9762                    gen_swap_half(tmp2);
9763                gen_smul_dual(tmp, tmp2);
9764                if (insn & (1 << 22)) {
9765                    /* This subtraction cannot overflow. */
9766                    tcg_gen_sub_i32(tmp, tmp, tmp2);
9767                } else {
9768                    /* This addition cannot overflow 32 bits;
9769                     * however it may overflow considered as a signed
9770                     * operation, in which case we must set the Q flag.
9771                     */
9772                    gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9773                }
9774                tcg_temp_free_i32(tmp2);
9775                if (rs != 15)
9776                  {
9777                    tmp2 = load_reg(s, rs);
9778                    gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9779                    tcg_temp_free_i32(tmp2);
9780                  }
9781                break;
9782            case 3: /* 32 * 16 -> 32msb */
9783                if (op)
9784                    tcg_gen_sari_i32(tmp2, tmp2, 16);
9785                else
9786                    gen_sxth(tmp2);
9787                tmp64 = gen_muls_i64_i32(tmp, tmp2);
9788                tcg_gen_shri_i64(tmp64, tmp64, 16);
9789                tmp = tcg_temp_new_i32();
9790                tcg_gen_extrl_i64_i32(tmp, tmp64);
9791                tcg_temp_free_i64(tmp64);
9792                if (rs != 15)
9793                  {
9794                    tmp2 = load_reg(s, rs);
9795                    gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9796                    tcg_temp_free_i32(tmp2);
9797                  }
9798                break;
9799            case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
9800                tmp64 = gen_muls_i64_i32(tmp, tmp2);
9801                if (rs != 15) {
9802                    tmp = load_reg(s, rs);
9803                    if (insn & (1 << 20)) {
9804                        tmp64 = gen_addq_msw(tmp64, tmp);
9805                    } else {
9806                        tmp64 = gen_subq_msw(tmp64, tmp);
9807                    }
9808                }
9809                if (insn & (1 << 4)) {
9810                    tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
9811                }
9812                tcg_gen_shri_i64(tmp64, tmp64, 32);
9813                tmp = tcg_temp_new_i32();
9814                tcg_gen_extrl_i64_i32(tmp, tmp64);
9815                tcg_temp_free_i64(tmp64);
9816                break;
9817            case 7: /* Unsigned sum of absolute differences.  */
9818                gen_helper_usad8(tmp, tmp, tmp2);
9819                tcg_temp_free_i32(tmp2);
9820                if (rs != 15) {
9821                    tmp2 = load_reg(s, rs);
9822                    tcg_gen_add_i32(tmp, tmp, tmp2);
9823                    tcg_temp_free_i32(tmp2);
9824                }
9825                break;
9826            }
9827            store_reg(s, rd, tmp);
9828            break;
9829        case 6: case 7: /* 64-bit multiply, Divide.  */
9830            op = ((insn >> 4) & 0xf) | ((insn >> 16) & 0x70);
9831            tmp = load_reg(s, rn);
9832            tmp2 = load_reg(s, rm);
9833            if ((op & 0x50) == 0x10) {
9834                /* sdiv, udiv */
9835                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DIV)) {
9836                    goto illegal_op;
9837                }
9838                if (op & 0x20)
9839                    gen_helper_udiv(tmp, tmp, tmp2);
9840                else
9841                    gen_helper_sdiv(tmp, tmp, tmp2);
9842                tcg_temp_free_i32(tmp2);
9843                store_reg(s, rd, tmp);
9844            } else if ((op & 0xe) == 0xc) {
9845                /* Dual multiply accumulate long.  */
9846                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9847                    tcg_temp_free_i32(tmp);
9848                    tcg_temp_free_i32(tmp2);
9849                    goto illegal_op;
9850                }
9851                if (op & 1)
9852                    gen_swap_half(tmp2);
9853                gen_smul_dual(tmp, tmp2);
9854                if (op & 0x10) {
9855                    tcg_gen_sub_i32(tmp, tmp, tmp2);
9856                } else {
9857                    tcg_gen_add_i32(tmp, tmp, tmp2);
9858                }
9859                tcg_temp_free_i32(tmp2);
9860                /* BUGFIX */
9861                tmp64 = tcg_temp_new_i64();
9862                tcg_gen_ext_i32_i64(tmp64, tmp);
9863                tcg_temp_free_i32(tmp);
9864                gen_addq(s, tmp64, rs, rd);
9865                gen_storeq_reg(s, rs, rd, tmp64);
9866                tcg_temp_free_i64(tmp64);
9867            } else {
9868                if (op & 0x20) {
9869                    /* Unsigned 64-bit multiply  */
9870                    tmp64 = gen_mulu_i64_i32(tmp, tmp2);
9871                } else {
9872                    if (op & 8) {
9873                        /* smlalxy */
9874                        if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9875                            tcg_temp_free_i32(tmp2);
9876                            tcg_temp_free_i32(tmp);
9877                            goto illegal_op;
9878                        }
9879                        gen_mulxy(tmp, tmp2, op & 2, op & 1);
9880                        tcg_temp_free_i32(tmp2);
9881                        tmp64 = tcg_temp_new_i64();
9882                        tcg_gen_ext_i32_i64(tmp64, tmp);
9883                        tcg_temp_free_i32(tmp);
9884                    } else {
9885                        /* Signed 64-bit multiply  */
9886                        tmp64 = gen_muls_i64_i32(tmp, tmp2);
9887                    }
9888                }
9889                if (op & 4) {
9890                    /* umaal */
9891                    if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9892                        tcg_temp_free_i64(tmp64);
9893                        goto illegal_op;
9894                    }
9895                    gen_addq_lo(s, tmp64, rs);
9896                    gen_addq_lo(s, tmp64, rd);
9897                } else if (op & 0x40) {
9898                    /* 64-bit accumulate.  */
9899                    gen_addq(s, tmp64, rs, rd);
9900                }
9901                gen_storeq_reg(s, rs, rd, tmp64);
9902                tcg_temp_free_i64(tmp64);
9903            }
9904            break;
9905        }
9906        break;
9907    case 6: case 7: case 14: case 15:
9908        /* Coprocessor.  */
9909        if (((insn >> 24) & 3) == 3) {
9910            /* Translate into the equivalent ARM encoding.  */
9911            insn = (insn & 0xe2ffffff) | ((insn & (1 << 28)) >> 4) | (1 << 28);
9912            if (disas_neon_data_insn(s, insn)) {
9913                goto illegal_op;
9914            }
9915        } else if (((insn >> 8) & 0xe) == 10) {
9916            if (disas_vfp_insn(s, insn)) {
9917                goto illegal_op;
9918            }
9919        } else {
9920            if (insn & (1 << 28))
9921                goto illegal_op;
9922            if (disas_coproc_insn(s, insn)) {
9923                goto illegal_op;
9924            }
9925        }
9926        break;
9927    case 8: case 9: case 10: case 11:
9928        if (insn & (1 << 15)) {
9929            /* Branches, misc control.  */
9930            if (insn & 0x5000) {
9931                /* Unconditional branch.  */
9932                /* signextend(hw1[10:0]) -> offset[:12].  */
9933                offset = ((int32_t)insn << 5) >> 9 & ~(int32_t)0xfff;
9934                /* hw1[10:0] -> offset[11:1].  */
9935                offset |= (insn & 0x7ff) << 1;
9936                /* (~hw2[13, 11] ^ offset[24]) -> offset[23,22]
9937                   offset[24:22] already have the same value because of the
9938                   sign extension above.  */
9939                offset ^= ((~insn) & (1 << 13)) << 10;
9940                offset ^= ((~insn) & (1 << 11)) << 11;
9941
9942                if (insn & (1 << 14)) {
9943                    /* Branch and link.  */
9944                    tcg_gen_movi_i32(cpu_R[14], s->pc | 1);
9945                }
9946
9947                offset += s->pc;
9948                if (insn & (1 << 12)) {
9949                    /* b/bl */
9950                    gen_jmp(s, offset);
9951                } else {
9952                    /* blx */
9953                    offset &= ~(uint32_t)2;
9954                    /* thumb2 bx, no need to check */
9955                    gen_bx_im(s, offset);
9956                }
9957            } else if (((insn >> 23) & 7) == 7) {
9958                /* Misc control */
9959                if (insn & (1 << 13))
9960                    goto illegal_op;
9961
9962                if (insn & (1 << 26)) {
9963                    if (!(insn & (1 << 20))) {
9964                        /* Hypervisor call (v7) */
9965                        int imm16 = extract32(insn, 16, 4) << 12
9966                            | extract32(insn, 0, 12);
9967                        ARCH(7);
9968                        if (IS_USER(s)) {
9969                            goto illegal_op;
9970                        }
9971                        gen_hvc(s, imm16);
9972                    } else {
9973                        /* Secure monitor call (v6+) */
9974                        ARCH(6K);
9975                        if (IS_USER(s)) {
9976                            goto illegal_op;
9977                        }
9978                        gen_smc(s);
9979                    }
9980                } else {
9981                    op = (insn >> 20) & 7;
9982                    switch (op) {
9983                    case 0: /* msr cpsr.  */
9984                        if (arm_dc_feature(s, ARM_FEATURE_M)) {
9985                            tmp = load_reg(s, rn);
9986                            addr = tcg_const_i32(insn & 0xff);
9987                            gen_helper_v7m_msr(cpu_env, addr, tmp);
9988                            tcg_temp_free_i32(addr);
9989                            tcg_temp_free_i32(tmp);
9990                            gen_lookup_tb(s);
9991                            break;
9992                        }
9993                        /* fall through */
9994                    case 1: /* msr spsr.  */
9995                        if (arm_dc_feature(s, ARM_FEATURE_M)) {
9996                            goto illegal_op;
9997                        }
9998                        tmp = load_reg(s, rn);
9999                        if (gen_set_psr(s,
10000                              msr_mask(s, (insn >> 8) & 0xf, op == 1),

10001                              op == 1, tmp))
10002                            goto illegal_op;
10003                        break;
10004                    case 2: /* cps, nop-hint.  */
10005                        if (((insn >> 8) & 7) == 0) {
10006                            gen_nop_hint(s, insn & 0xff);
10007                        }
10008                        /* Implemented as NOP in user mode.  */
10009                        if (IS_USER(s))
10010                            break;
10011                        offset = 0;
10012                        imm = 0;
10013                        if (insn & (1 << 10)) {
10014                            if (insn & (1 << 7))
10015                                offset |= CPSR_A;
10016                            if (insn & (1 << 6))
10017                                offset |= CPSR_I;
10018                            if (insn & (1 << 5))
10019                                offset |= CPSR_F;
10020                            if (insn & (1 << 9))
10021                                imm = CPSR_A | CPSR_I | CPSR_F;
10022                        }
10023                        if (insn & (1 << 8)) {
10024                            offset |= 0x1f;
10025                            imm |= (insn & 0x1f);
10026                        }
10027                        if (offset) {
10028                            gen_set_psr_im(s, offset, 0, imm);
10029                        }
10030                        break;
10031                    case 3: /* Special control operations.  */
10032                        ARCH(7);
10033                        op = (insn >> 4) & 0xf;
10034                        switch (op) {
10035                        case 2: /* clrex */
10036                            gen_clrex(s);
10037                            break;
10038                        case 4: /* dsb */
10039                        case 5: /* dmb */
10040                            /* These execute as NOPs.  */
10041                            break;
10042                        case 6: /* isb */
10043                            /* We need to break the TB after this insn
10044                             * to execute self-modifying code correctly
10045                             * and also to take any pending interrupts
10046                             * immediately.
10047                             */
10048                            gen_lookup_tb(s);
10049                            break;
10050                        default:
10051                            goto illegal_op;
10052                        }
10053                        break;
10054                    case 4: /* bxj */
10055                        /* Trivial implementation equivalent to bx.  */
10056                        tmp = load_reg(s, rn);
10057                        gen_bx(s, tmp);
10058                        break;
10059                    case 5: /* Exception return.  */
10060                        if (IS_USER(s)) {
10061                            goto illegal_op;
10062                        }
10063                        if (rn != 14 || rd != 15) {
10064                            goto illegal_op;
10065                        }
10066                        tmp = load_reg(s, rn);
10067                        tcg_gen_subi_i32(tmp, tmp, insn & 0xff);
10068                        gen_exception_return(s, tmp);
10069                        break;
10070                    case 6: /* mrs cpsr.  */
10071                        tmp = tcg_temp_new_i32();
10072                        if (arm_dc_feature(s, ARM_FEATURE_M)) {
10073                            addr = tcg_const_i32(insn & 0xff);
10074                            gen_helper_v7m_mrs(tmp, cpu_env, addr);
10075                            tcg_temp_free_i32(addr);
10076                        } else {
10077                            gen_helper_cpsr_read(tmp, cpu_env);
10078                        }
10079                        store_reg(s, rd, tmp);
10080                        break;
10081                    case 7: /* mrs spsr.  */
10082                        /* Not accessible in user mode.  */
10083                        if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
10084                            goto illegal_op;
10085                        }
10086                        tmp = load_cpu_field(spsr);
10087                        store_reg(s, rd, tmp);
10088                        break;
10089                    }
10090                }
10091            } else {
10092                /* Conditional branch.  */
10093                op = (insn >> 22) & 0xf;
10094                /* Generate a conditional jump to next instruction.  */
10095                s->condlabel = gen_new_label();
10096                arm_gen_test_cc(op ^ 1, s->condlabel);
10097                s->condjmp = 1;
10098
10099                /* offset[11:1] = insn[10:0] */
10100                offset = (insn & 0x7ff) << 1;
10101                /* offset[17:12] = insn[21:16].  */
10102                offset |= (insn & 0x003f0000) >> 4;
10103                /* offset[31:20] = insn[26].  */
10104                offset |= ((int32_t)((insn << 5) & 0x80000000)) >> 11;
10105                /* offset[18] = insn[13].  */
10106                offset |= (insn & (1 << 13)) << 5;
10107                /* offset[19] = insn[11].  */
10108                offset |= (insn & (1 << 11)) << 8;
10109
10110                /* jump to the offset */
10111                gen_jmp(s, s->pc + offset);
10112            }
10113        } else {
10114            /* Data processing immediate.  */
10115            if (insn & (1 << 25)) {
10116                if (insn & (1 << 24)) {
10117                    if (insn & (1 << 20))
10118                        goto illegal_op;
10119                    /* Bitfield/Saturate.  */
10120                    op = (insn >> 21) & 7;
10121                    imm = insn & 0x1f;
10122                    shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
10123                    if (rn == 15) {
10124                        tmp = tcg_temp_new_i32();
10125                        tcg_gen_movi_i32(tmp, 0);
10126                    } else {
10127                        tmp = load_reg(s, rn);
10128                    }
10129                    switch (op) {
10130                    case 2: /* Signed bitfield extract.  */
10131                        imm++;
10132                        if (shift + imm > 32)
10133                            goto illegal_op;
10134                        if (imm < 32)
10135                            gen_sbfx(tmp, shift, imm);
10136                        break;
10137                    case 6: /* Unsigned bitfield extract.  */
10138                        imm++;
10139                        if (shift + imm > 32)
10140                            goto illegal_op;
10141                        if (imm < 32)
10142                            gen_ubfx(tmp, shift, (1u << imm) - 1);
10143                        break;
10144                    case 3: /* Bitfield insert/clear.  */
10145                        if (imm < shift)
10146                            goto illegal_op;
10147                        imm = imm + 1 - shift;
10148                        if (imm != 32) {
10149                            tmp2 = load_reg(s, rd);
10150                            tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, imm);
10151                            tcg_temp_free_i32(tmp2);
10152                        }
10153                        break;
10154                    case 7:
10155                        goto illegal_op;
10156                    default: /* Saturate.  */
10157                        if (shift) {
10158                            if (op & 1)
10159                                tcg_gen_sari_i32(tmp, tmp, shift);
10160                            else
10161                                tcg_gen_shli_i32(tmp, tmp, shift);
10162                        }
10163                        tmp2 = tcg_const_i32(imm);
10164                        if (op & 4) {
10165                            /* Unsigned.  */
10166                            if ((op & 1) && shift == 0) {
10167                                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10168                                    tcg_temp_free_i32(tmp);
10169                                    tcg_temp_free_i32(tmp2);
10170                                    goto illegal_op;
10171                                }
10172                                gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
10173                            } else {
10174                                gen_helper_usat(tmp, cpu_env, tmp, tmp2);
10175                            }
10176                        } else {
10177                            /* Signed.  */
10178                            if ((op & 1) && shift == 0) {
10179                                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10180                                    tcg_temp_free_i32(tmp);
10181                                    tcg_temp_free_i32(tmp2);
10182                                    goto illegal_op;
10183                                }
10184                                gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
10185                            } else {
10186                                gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
10187                            }
10188                        }
10189                        tcg_temp_free_i32(tmp2);
10190                        break;
10191                    }
10192                    store_reg(s, rd, tmp);
10193                } else {
10194                    imm = ((insn & 0x04000000) >> 15)
10195                          | ((insn & 0x7000) >> 4) | (insn & 0xff);
10196                    if (insn & (1 << 22)) {
10197                        /* 16-bit immediate.  */
10198                        imm |= (insn >> 4) & 0xf000;
10199                        if (insn & (1 << 23)) {
10200                            /* movt */
10201                            tmp = load_reg(s, rd);
10202                            tcg_gen_ext16u_i32(tmp, tmp);
10203                            tcg_gen_ori_i32(tmp, tmp, imm << 16);
10204                        } else {
10205                            /* movw */
10206                            tmp = tcg_temp_new_i32();
10207                            tcg_gen_movi_i32(tmp, imm);
10208                        }
10209                    } else {
10210                        /* Add/sub 12-bit immediate.  */
10211                        if (rn == 15) {
10212                            offset = s->pc & ~(uint32_t)3;
10213                            if (insn & (1 << 23))
10214                                offset -= imm;
10215                            else
10216                                offset += imm;
10217                            tmp = tcg_temp_new_i32();
10218                            tcg_gen_movi_i32(tmp, offset);
10219                        } else {
10220                            tmp = load_reg(s, rn);
10221                            if (insn & (1 << 23))
10222                                tcg_gen_subi_i32(tmp, tmp, imm);
10223                            else
10224                                tcg_gen_addi_i32(tmp, tmp, imm);
10225                        }
10226                    }
10227                    store_reg(s, rd, tmp);
10228                }
10229            } else {
10230                int shifter_out = 0;
10231                /* modified 12-bit immediate.  */
10232                shift = ((insn & 0x04000000) >> 23) | ((insn & 0x7000) >> 12);
10233                imm = (insn & 0xff);
10234                switch (shift) {
10235                case 0: /* XY */
10236                    /* Nothing to do.  */
10237                    break;
10238                case 1: /* 00XY00XY */
10239                    imm |= imm << 16;
10240                    break;
10241                case 2: /* XY00XY00 */
10242                    imm |= imm << 16;
10243                    imm <<= 8;
10244                    break;
10245                case 3: /* XYXYXYXY */
10246                    imm |= imm << 16;
10247                    imm |= imm << 8;
10248                    break;
10249                default: /* Rotated constant.  */
10250                    shift = (shift << 1) | (imm >> 7);
10251                    imm |= 0x80;
10252                    imm = imm << (32 - shift);
10253                    shifter_out = 1;
10254                    break;
10255                }
10256                tmp2 = tcg_temp_new_i32();
10257                tcg_gen_movi_i32(tmp2, imm);
10258                rn = (insn >> 16) & 0xf;
10259                if (rn == 15) {
10260                    tmp = tcg_temp_new_i32();
10261                    tcg_gen_movi_i32(tmp, 0);
10262                } else {
10263                    tmp = load_reg(s, rn);
10264                }
10265                op = (insn >> 21) & 0xf;
10266                if (gen_thumb2_data_op(s, op, (insn & (1 << 20)) != 0,
10267                                       shifter_out, tmp, tmp2))
10268                    goto illegal_op;
10269                tcg_temp_free_i32(tmp2);
10270                rd = (insn >> 8) & 0xf;
10271                if (rd != 15) {
10272                    store_reg(s, rd, tmp);
10273                } else {
10274                    tcg_temp_free_i32(tmp);
10275                }
10276            }
10277        }
10278        break;
10279    case 12: /* Load/store single data item.  */
10280        {
10281        int postinc = 0;
10282        int writeback = 0;
10283        int memidx;
10284        if ((insn & 0x01100000) == 0x01000000) {
10285            if (disas_neon_ls_insn(s, insn)) {
10286                goto illegal_op;
10287            }
10288            break;
10289        }
10290        op = ((insn >> 21) & 3) | ((insn >> 22) & 4);
10291        if (rs == 15) {
10292            if (!(insn & (1 << 20))) {
10293                goto illegal_op;
10294            }
10295            if (op != 2) {
10296                /* Byte or halfword load space with dest == r15 : memory hints.
10297                 * Catch them early so we don't emit pointless addressing code.
10298                 * This space is a mix of:
10299                 *  PLD/PLDW/PLI,  which we implement as NOPs (note that unlike
10300                 *     the ARM encodings, PLDW space doesn't UNDEF for non-v7MP
10301                 *     cores)
10302                 *  unallocated hints, which must be treated as NOPs
10303                 *  UNPREDICTABLE space, which we NOP or UNDEF depending on
10304                 *     which is easiest for the decoding logic
10305                 *  Some space which must UNDEF
10306                 */
10307                int op1 = (insn >> 23) & 3;
10308                int op2 = (insn >> 6) & 0x3f;
10309                if (op & 2) {
10310                    goto illegal_op;
10311                }
10312                if (rn == 15) {
10313                    /* UNPREDICTABLE, unallocated hint or
10314                     * PLD/PLDW/PLI (literal)
10315                     */
10316                    return 0;
10317                }
10318                if (op1 & 1) {
10319                    return 0; /* PLD/PLDW/PLI or unallocated hint */
10320                }
10321                if ((op2 == 0) || ((op2 & 0x3c) == 0x30)) {
10322                    return 0; /* PLD/PLDW/PLI or unallocated hint */
10323                }
10324                /* UNDEF space, or an UNPREDICTABLE */
10325                return 1;
10326            }
10327        }
10328        memidx = get_mem_index(s);
10329        if (rn == 15) {
10330            addr = tcg_temp_new_i32();
10331            /* PC relative.  */
10332            /* s->pc has already been incremented by 4.  */
10333            imm = s->pc & 0xfffffffc;
10334            if (insn & (1 << 23))
10335                imm += insn & 0xfff;
10336            else
10337                imm -= insn & 0xfff;
10338            tcg_gen_movi_i32(addr, imm);
10339        } else {
10340            addr = load_reg(s, rn);
10341            if (insn & (1 << 23)) {
10342                /* Positive offset.  */
10343                imm = insn & 0xfff;
10344                tcg_gen_addi_i32(addr, addr, imm);
10345            } else {
10346                imm = insn & 0xff;
10347                switch ((insn >> 8) & 0xf) {
10348                case 0x0: /* Shifted Register.  */
10349                    shift = (insn >> 4) & 0xf;
10350                    if (shift > 3) {
10351                        tcg_temp_free_i32(addr);
10352                        goto illegal_op;
10353                    }
10354                    tmp = load_reg(s, rm);
10355                    if (shift)
10356                        tcg_gen_shli_i32(tmp, tmp, shift);
10357                    tcg_gen_add_i32(addr, addr, tmp);
10358                    tcg_temp_free_i32(tmp);
10359                    break;
10360                case 0xc: /* Negative offset.  */
10361                    tcg_gen_addi_i32(addr, addr, -imm);
10362                    break;
10363                case 0xe: /* User privilege.  */
10364                    tcg_gen_addi_i32(addr, addr, imm);
10365                    memidx = get_a32_user_mem_index(s);
10366                    break;
10367                case 0x9: /* Post-decrement.  */
10368                    imm = -imm;
10369                    /* Fall through.  */
10370                case 0xb: /* Post-increment.  */
10371                    postinc = 1;
10372                    writeback = 1;
10373                    break;
10374                case 0xd: /* Pre-decrement.  */
10375                    imm = -imm;
10376                    /* Fall through.  */
10377                case 0xf: /* Pre-increment.  */
10378                    tcg_gen_addi_i32(addr, addr, imm);
10379                    writeback = 1;
10380                    break;
10381                default:
10382                    tcg_temp_free_i32(addr);
10383                    goto illegal_op;
10384                }
10385            }
10386        }
10387        if (insn & (1 << 20)) {
10388            /* Load.  */
10389            tmp = tcg_temp_new_i32();
10390            switch (op) {
10391            case 0:
10392                gen_aa32_ld8u(tmp, addr, memidx);
10393                break;
10394            case 4:
10395                gen_aa32_ld8s(tmp, addr, memidx);
10396                break;
10397            case 1:
10398                gen_aa32_ld16u(tmp, addr, memidx);
10399                break;
10400            case 5:
10401                gen_aa32_ld16s(tmp, addr, memidx);
10402                break;
10403            case 2:
10404                gen_aa32_ld32u(tmp, addr, memidx);
10405                break;
10406            default:
10407                tcg_temp_free_i32(tmp);
10408                tcg_temp_free_i32(addr);
10409                goto illegal_op;
10410            }
10411            if (rs == 15) {
10412                gen_bx(s, tmp);
10413            } else {
10414                store_reg(s, rs, tmp);
10415            }
10416        } else {
10417            /* Store.  */
10418            tmp = load_reg(s, rs);
10419            switch (op) {
10420            case 0:
10421                gen_aa32_st8(tmp, addr, memidx);
10422                break;
10423            case 1:
10424                gen_aa32_st16(tmp, addr, memidx);
10425                break;
10426            case 2:
10427                gen_aa32_st32(tmp, addr, memidx);
10428                break;
10429            default:
10430                tcg_temp_free_i32(tmp);
10431                tcg_temp_free_i32(addr);
10432                goto illegal_op;
10433            }
10434            tcg_temp_free_i32(tmp);
10435        }
10436        if (postinc)
10437            tcg_gen_addi_i32(addr, addr, imm);
10438        if (writeback) {
10439            store_reg(s, rn, addr);
10440        } else {
10441            tcg_temp_free_i32(addr);
10442        }
10443        }
10444        break;
10445    default:
10446        goto illegal_op;
10447    }
10448    return 0;
10449illegal_op:
10450    return 1;
10451}
10452
10453static void disas_thumb_insn(CPUARMState *env, DisasContext *s)
10454{
10455    uint32_t val, insn, op, rm, rn, rd, shift, cond;
10456    int32_t offset;
10457    int i;
10458    TCGv_i32 tmp;
10459    TCGv_i32 tmp2;
10460    TCGv_i32 addr;
10461
10462    if (s->condexec_mask) {
10463        cond = s->condexec_cond;
10464        if (cond != 0x0e) {     /* Skip conditional when condition is AL. */
10465          s->condlabel = gen_new_label();
10466          arm_gen_test_cc(cond ^ 1, s->condlabel);
10467          s->condjmp = 1;
10468        }
10469    }
10470
10471    insn = arm_lduw_code(env, s->pc, s->bswap_code);
10472    s->pc += 2;
10473
10474    switch (insn >> 12) {
10475    case 0: case 1:
10476
10477        rd = insn & 7;
10478        op = (insn >> 11) & 3;
10479        if (op == 3) {
10480            /* add/subtract */
10481            rn = (insn >> 3) & 7;
10482            tmp = load_reg(s, rn);
10483            if (insn & (1 << 10)) {
10484                /* immediate */
10485                tmp2 = tcg_temp_new_i32();
10486                tcg_gen_movi_i32(tmp2, (insn >> 6) & 7);
10487            } else {
10488                /* reg */
10489                rm = (insn >> 6) & 7;
10490                tmp2 = load_reg(s, rm);
10491            }
10492            if (insn & (1 << 9)) {
10493                if (s->condexec_mask)
10494                    tcg_gen_sub_i32(tmp, tmp, tmp2);
10495                else
10496                    gen_sub_CC(tmp, tmp, tmp2);
10497            } else {
10498                if (s->condexec_mask)
10499                    tcg_gen_add_i32(tmp, tmp, tmp2);
10500                else
10501                    gen_add_CC(tmp, tmp, tmp2);
10502            }
10503            tcg_temp_free_i32(tmp2);
10504            store_reg(s, rd, tmp);
10505        } else {
10506            /* shift immediate */
10507            rm = (insn >> 3) & 7;
10508            shift = (insn >> 6) & 0x1f;
10509            tmp = load_reg(s, rm);
10510            gen_arm_shift_im(tmp, op, shift, s->condexec_mask == 0);
10511            if (!s->condexec_mask)
10512                gen_logic_CC(tmp);
10513            store_reg(s, rd, tmp);
10514        }
10515        break;
10516    case 2: case 3:
10517        /* arithmetic large immediate */
10518        op = (insn >> 11) & 3;
10519        rd = (insn >> 8) & 0x7;
10520        if (op == 0) { /* mov */
10521            tmp = tcg_temp_new_i32();
10522            tcg_gen_movi_i32(tmp, insn & 0xff);
10523            if (!s->condexec_mask)
10524                gen_logic_CC(tmp);
10525            store_reg(s, rd, tmp);
10526        } else {
10527            tmp = load_reg(s, rd);
10528            tmp2 = tcg_temp_new_i32();
10529            tcg_gen_movi_i32(tmp2, insn & 0xff);
10530            switch (op) {
10531            case 1: /* cmp */
10532                gen_sub_CC(tmp, tmp, tmp2);
10533                tcg_temp_free_i32(tmp);
10534                tcg_temp_free_i32(tmp2);
10535                break;
10536            case 2: /* add */
10537                if (s->condexec_mask)
10538                    tcg_gen_add_i32(tmp, tmp, tmp2);
10539                else
10540                    gen_add_CC(tmp, tmp, tmp2);
10541                tcg_temp_free_i32(tmp2);
10542                store_reg(s, rd, tmp);
10543                break;
10544            case 3: /* sub */
10545                if (s->condexec_mask)
10546                    tcg_gen_sub_i32(tmp, tmp, tmp2);
10547                else
10548                    gen_sub_CC(tmp, tmp, tmp2);
10549                tcg_temp_free_i32(tmp2);
10550                store_reg(s, rd, tmp);
10551                break;
10552            }
10553        }
10554        break;
10555    case 4:
10556        if (insn & (1 << 11)) {
10557            rd = (insn >> 8) & 7;
10558            /* load pc-relative.  Bit 1 of PC is ignored.  */
10559            val = s->pc + 2 + ((insn & 0xff) * 4);
10560            val &= ~(uint32_t)2;
10561            addr = tcg_temp_new_i32();
10562            tcg_gen_movi_i32(addr, val);
10563            tmp = tcg_temp_new_i32();
10564            gen_aa32_ld32u(tmp, addr, get_mem_index(s));
10565            tcg_temp_free_i32(addr);
10566            store_reg(s, rd, tmp);
10567            break;
10568        }
10569        if (insn & (1 << 10)) {
10570            /* data processing extended or blx */
10571            rd = (insn & 7) | ((insn >> 4) & 8);
10572            rm = (insn >> 3) & 0xf;
10573            op = (insn >> 8) & 3;
10574            switch (op) {
10575            case 0: /* add */
10576                tmp = load_reg(s, rd);
10577                tmp2 = load_reg(s, rm);
10578                tcg_gen_add_i32(tmp, tmp, tmp2);
10579                tcg_temp_free_i32(tmp2);
10580                store_reg(s, rd, tmp);
10581                break;
10582            case 1: /* cmp */
10583                tmp = load_reg(s, rd);
10584                tmp2 = load_reg(s, rm);
10585                gen_sub_CC(tmp, tmp, tmp2);
10586                tcg_temp_free_i32(tmp2);
10587                tcg_temp_free_i32(tmp);
10588                break;
10589            case 2: /* mov/cpy */
10590                tmp = load_reg(s, rm);
10591                store_reg(s, rd, tmp);
10592                break;
10593            case 3:/* branch [and link] exchange thumb register */
10594                tmp = load_reg(s, rm);
10595                if (insn & (1 << 7)) {
10596                    ARCH(5);
10597                    val = (uint32_t)s->pc | 1;
10598                    tmp2 = tcg_temp_new_i32();
10599                    tcg_gen_movi_i32(tmp2, val);
10600                    store_reg(s, 14, tmp2);
10601                }
10602                /* already thumb, no need to check */
10603                gen_bx(s, tmp);
10604                break;
10605            }
10606            break;
10607        }
10608
10609        /* data processing register */
10610        rd = insn & 7;
10611        rm = (insn >> 3) & 7;
10612        op = (insn >> 6) & 0xf;
10613        if (op == 2 || op == 3 || op == 4 || op == 7) {
10614            /* the shift/rotate ops want the operands backwards */
10615            val = rm;
10616            rm = rd;
10617            rd = val;
10618            val = 1;
10619        } else {
10620            val = 0;
10621        }
10622
10623        if (op == 9) { /* neg */
10624            tmp = tcg_temp_new_i32();
10625            tcg_gen_movi_i32(tmp, 0);
10626        } else if (op != 0xf) { /* mvn doesn't read its first operand */
10627            tmp = load_reg(s, rd);
10628        } else {
10629            TCGV_UNUSED_I32(tmp);
10630        }
10631
10632        tmp2 = load_reg(s, rm);
10633        switch (op) {
10634        case 0x0: /* and */
10635            tcg_gen_and_i32(tmp, tmp, tmp2);
10636            if (!s->condexec_mask)
10637                gen_logic_CC(tmp);
10638            break;
10639        case 0x1: /* eor */
10640            tcg_gen_xor_i32(tmp, tmp, tmp2);
10641            if (!s->condexec_mask)
10642                gen_logic_CC(tmp);
10643            break;
10644        case 0x2: /* lsl */
10645            if (s->condexec_mask) {
10646                gen_shl(tmp2, tmp2, tmp);
10647            } else {
10648                gen_helper_shl_cc(tmp2, cpu_env, tmp2, tmp);
10649                gen_logic_CC(tmp2);
10650            }
10651            break;
10652        case 0x3: /* lsr */
10653            if (s->condexec_mask) {
10654                gen_shr(tmp2, tmp2, tmp);
10655            } else {
10656                gen_helper_shr_cc(tmp2, cpu_env, tmp2, tmp);
10657                gen_logic_CC(tmp2);
10658            }
10659            break;
10660        case 0x4: /* asr */
10661            if (s->condexec_mask) {
10662                gen_sar(tmp2, tmp2, tmp);
10663            } else {
10664                gen_helper_sar_cc(tmp2, cpu_env, tmp2, tmp);
10665                gen_logic_CC(tmp2);
10666            }
10667            break;
10668        case 0x5: /* adc */
10669            if (s->condexec_mask) {
10670                gen_adc(tmp, tmp2);
10671            } else {
10672                gen_adc_CC(tmp, tmp, tmp2);
10673            }
10674            break;
10675        case 0x6: /* sbc */
10676            if (s->condexec_mask) {
10677                gen_sub_carry(tmp, tmp, tmp2);
10678            } else {
10679                gen_sbc_CC(tmp, tmp, tmp2);
10680            }
10681            break;
10682        case 0x7: /* ror */
10683            if (s->condexec_mask) {
10684                tcg_gen_andi_i32(tmp, tmp, 0x1f);
10685                tcg_gen_rotr_i32(tmp2, tmp2, tmp);
10686            } else {
10687                gen_helper_ror_cc(tmp2, cpu_env, tmp2, tmp);
10688                gen_logic_CC(tmp2);
10689            }
10690            break;
10691        case 0x8: /* tst */
10692            tcg_gen_and_i32(tmp, tmp, tmp2);
10693            gen_logic_CC(tmp);
10694            rd = 16;
10695            break;
10696        case 0x9: /* neg */
10697            if (s->condexec_mask)
10698                tcg_gen_neg_i32(tmp, tmp2);
10699            else
10700                gen_sub_CC(tmp, tmp, tmp2);
10701            break;
10702        case 0xa: /* cmp */
10703            gen_sub_CC(tmp, tmp, tmp2);
10704            rd = 16;
10705            break;
10706        case 0xb: /* cmn */
10707            gen_add_CC(tmp, tmp, tmp2);
10708            rd = 16;
10709            break;
10710        case 0xc: /* orr */
10711            tcg_gen_or_i32(tmp, tmp, tmp2);
10712            if (!s->condexec_mask)
10713                gen_logic_CC(tmp);
10714            break;
10715        case 0xd: /* mul */
10716            tcg_gen_mul_i32(tmp, tmp, tmp2);
10717            if (!s->condexec_mask)
10718                gen_logic_CC(tmp);
10719            break;
10720        case 0xe: /* bic */
10721            tcg_gen_andc_i32(tmp, tmp, tmp2);
10722            if (!s->condexec_mask)
10723                gen_logic_CC(tmp);
10724            break;
10725        case 0xf: /* mvn */
10726            tcg_gen_not_i32(tmp2, tmp2);
10727            if (!s->condexec_mask)
10728                gen_logic_CC(tmp2);
10729            val = 1;
10730            rm = rd;
10731            break;
10732        }
10733        if (rd != 16) {
10734            if (val) {
10735                store_reg(s, rm, tmp2);
10736                if (op != 0xf)
10737                    tcg_temp_free_i32(tmp);
10738            } else {
10739                store_reg(s, rd, tmp);
10740                tcg_temp_free_i32(tmp2);
10741            }
10742        } else {
10743            tcg_temp_free_i32(tmp);
10744            tcg_temp_free_i32(tmp2);
10745        }
10746        break;
10747
10748    case 5:
10749        /* load/store register offset.  */
10750        rd = insn & 7;
10751        rn = (insn >> 3) & 7;
10752        rm = (insn >> 6) & 7;
10753        op = (insn >> 9) & 7;
10754        addr = load_reg(s, rn);
10755        tmp = load_reg(s, rm);
10756        tcg_gen_add_i32(addr, addr, tmp);
10757        tcg_temp_free_i32(tmp);
10758
10759        if (op < 3) { /* store */
10760            tmp = load_reg(s, rd);
10761        } else {
10762            tmp = tcg_temp_new_i32();
10763        }
10764
10765        switch (op) {
10766        case 0: /* str */
10767            gen_aa32_st32(tmp, addr, get_mem_index(s));
10768            break;
10769        case 1: /* strh */
10770            gen_aa32_st16(tmp, addr, get_mem_index(s));
10771            break;
10772        case 2: /* strb */
10773            gen_aa32_st8(tmp, addr, get_mem_index(s));
10774            break;
10775        case 3: /* ldrsb */
10776            gen_aa32_ld8s(tmp, addr, get_mem_index(s));
10777            break;
10778        case 4: /* ldr */
10779            gen_aa32_ld32u(tmp, addr, get_mem_index(s));
10780            break;
10781        case 5: /* ldrh */
10782            gen_aa32_ld16u(tmp, addr, get_mem_index(s));
10783            break;
10784        case 6: /* ldrb */
10785            gen_aa32_ld8u(tmp, addr, get_mem_index(s));
10786            break;
10787        case 7: /* ldrsh */
10788            gen_aa32_ld16s(tmp, addr, get_mem_index(s));
10789            break;
10790        }
10791        if (op >= 3) { /* load */
10792            store_reg(s, rd, tmp);
10793        } else {
10794            tcg_temp_free_i32(tmp);
10795        }
10796        tcg_temp_free_i32(addr);
10797        break;
10798
10799    case 6:
10800        /* load/store word immediate offset */
10801        rd = insn & 7;
10802        rn = (insn >> 3) & 7;
10803        addr = load_reg(s, rn);
10804        val = (insn >> 4) & 0x7c;
10805        tcg_gen_addi_i32(addr, addr, val);
10806
10807        if (insn & (1 << 11)) {
10808            /* load */
10809            tmp = tcg_temp_new_i32();
10810            gen_aa32_ld32u(tmp, addr, get_mem_index(s));
10811            store_reg(s, rd, tmp);
10812        } else {
10813            /* store */
10814            tmp = load_reg(s, rd);
10815            gen_aa32_st32(tmp, addr, get_mem_index(s));
10816            tcg_temp_free_i32(tmp);
10817        }
10818        tcg_temp_free_i32(addr);
10819        break;
10820
10821    case 7:
10822        /* load/store byte immediate offset */
10823        rd = insn & 7;
10824        rn = (insn >> 3) & 7;
10825        addr = load_reg(s, rn);
10826        val = (insn >> 6) & 0x1f;
10827        tcg_gen_addi_i32(addr, addr, val);
10828
10829        if (insn & (1 << 11)) {
10830            /* load */
10831            tmp = tcg_temp_new_i32();
10832            gen_aa32_ld8u(tmp, addr, get_mem_index(s));
10833            store_reg(s, rd, tmp);
10834        } else {
10835            /* store */
10836            tmp = load_reg(s, rd);
10837            gen_aa32_st8(tmp, addr, get_mem_index(s));
10838            tcg_temp_free_i32(tmp);
10839        }
10840        tcg_temp_free_i32(addr);
10841        break;
10842
10843    case 8:
10844        /* load/store halfword immediate offset */
10845        rd = insn & 7;
10846        rn = (insn >> 3) & 7;
10847        addr = load_reg(s, rn);
10848        val = (insn >> 5) & 0x3e;
10849        tcg_gen_addi_i32(addr, addr, val);
10850
10851        if (insn & (1 << 11)) {
10852            /* load */
10853            tmp = tcg_temp_new_i32();
10854            gen_aa32_ld16u(tmp, addr, get_mem_index(s));
10855            store_reg(s, rd, tmp);
10856        } else {
10857            /* store */
10858            tmp = load_reg(s, rd);
10859            gen_aa32_st16(tmp, addr, get_mem_index(s));
10860            tcg_temp_free_i32(tmp);
10861        }
10862        tcg_temp_free_i32(addr);
10863        break;
10864
10865    case 9:
10866        /* load/store from stack */
10867        rd = (insn >> 8) & 7;
10868        addr = load_reg(s, 13);
10869        val = (insn & 0xff) * 4;
10870        tcg_gen_addi_i32(addr, addr, val);
10871
10872        if (insn & (1 << 11)) {
10873            /* load */
10874            tmp = tcg_temp_new_i32();
10875            gen_aa32_ld32u(tmp, addr, get_mem_index(s));
10876            store_reg(s, rd, tmp);
10877        } else {
10878            /* store */
10879            tmp = load_reg(s, rd);
10880            gen_aa32_st32(tmp, addr, get_mem_index(s));
10881            tcg_temp_free_i32(tmp);
10882        }
10883        tcg_temp_free_i32(addr);
10884        break;
10885
10886    case 10:
10887        /* add to high reg */
10888        rd = (insn >> 8) & 7;
10889        if (insn & (1 << 11)) {
10890            /* SP */
10891            tmp = load_reg(s, 13);
10892        } else {
10893            /* PC. bit 1 is ignored.  */
10894            tmp = tcg_temp_new_i32();
10895            tcg_gen_movi_i32(tmp, (s->pc + 2) & ~(uint32_t)2);
10896        }
10897        val = (insn & 0xff) * 4;
10898        tcg_gen_addi_i32(tmp, tmp, val);
10899        store_reg(s, rd, tmp);
10900        break;
10901
10902    case 11:
10903        /* misc */
10904        op = (insn >> 8) & 0xf;
10905        switch (op) {
10906        case 0:
10907            /* adjust stack pointer */
10908            tmp = load_reg(s, 13);
10909            val = (insn & 0x7f) * 4;
10910            if (insn & (1 << 7))
10911                val = -(int32_t)val;
10912            tcg_gen_addi_i32(tmp, tmp, val);
10913            store_reg(s, 13, tmp);
10914            break;
10915
10916        case 2: /* sign/zero extend.  */
10917            ARCH(6);
10918            rd = insn & 7;
10919            rm = (insn >> 3) & 7;
10920            tmp = load_reg(s, rm);
10921            switch ((insn >> 6) & 3) {
10922            case 0: gen_sxth(tmp); break;
10923            case 1: gen_sxtb(tmp); break;
10924            case 2: gen_uxth(tmp); break;
10925            case 3: gen_uxtb(tmp); break;
10926            }
10927            store_reg(s, rd, tmp);
10928            break;
10929        case 4: case 5: case 0xc: case 0xd:
10930            /* push/pop */
10931            addr = load_reg(s, 13);
10932            if (insn & (1 << 8))
10933                offset = 4;
10934            else
10935                offset = 0;
10936            for (i = 0; i < 8; i++) {
10937                if (insn & (1 << i))
10938                    offset += 4;
10939            }
10940            if ((insn & (1 << 11)) == 0) {
10941                tcg_gen_addi_i32(addr, addr, -offset);
10942            }
10943            for (i = 0; i < 8; i++) {
10944                if (insn & (1 << i)) {
10945                    if (insn & (1 << 11)) {
10946                        /* pop */
10947                        tmp = tcg_temp_new_i32();
10948                        gen_aa32_ld32u(tmp, addr, get_mem_index(s));
10949                        store_reg(s, i, tmp);
10950                    } else {
10951                        /* push */
10952                        tmp = load_reg(s, i);
10953                        gen_aa32_st32(tmp, addr, get_mem_index(s));
10954                        tcg_temp_free_i32(tmp);
10955                    }
10956                    /* advance to the next address.  */
10957                    tcg_gen_addi_i32(addr, addr, 4);
10958                }
10959            }
10960            TCGV_UNUSED_I32(tmp);
10961            if (insn & (1 << 8)) {
10962                if (insn & (1 << 11)) {
10963                    /* pop pc */
10964                    tmp = tcg_temp_new_i32();
10965                    gen_aa32_ld32u(tmp, addr, get_mem_index(s));
10966                    /* don't set the pc until the rest of the instruction
10967                       has completed */
10968                } else {
10969                    /* push lr */
10970                    tmp = load_reg(s, 14);
10971                    gen_aa32_st32(tmp, addr, get_mem_index(s));
10972                    tcg_temp_free_i32(tmp);
10973                }
10974                tcg_gen_addi_i32(addr, addr, 4);
10975            }
10976            if ((insn & (1 << 11)) == 0) {
10977                tcg_gen_addi_i32(addr, addr, -offset);
10978            }
10979            /* write back the new stack pointer */
10980            store_reg(s, 13, addr);
10981            /* set the new PC value */
10982            if ((insn & 0x0900) == 0x0900) {
10983                store_reg_from_load(s, 15, tmp);
10984            }
10985            break;
10986
10987        case 1: case 3: case 9: case 11: /* czb */
10988            rm = insn & 7;
10989            tmp = load_reg(s, rm);
10990            s->condlabel = gen_new_label();
10991            s->condjmp = 1;
10992            if (insn & (1 << 11))
10993                tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, s->condlabel);
10994            else
10995                tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, s->condlabel);
10996            tcg_temp_free_i32(tmp);
10997            offset = ((insn & 0xf8) >> 2) | (insn & 0x200) >> 3;
10998            val = (uint32_t)s->pc + 2;
10999            val += offset;
11000            gen_jmp(s, val);

11001            break;
11002
11003        case 15: /* IT, nop-hint.  */
11004            if ((insn & 0xf) == 0) {
11005                gen_nop_hint(s, (insn >> 4) & 0xf);
11006                break;
11007            }
11008            /* If Then.  */
11009            s->condexec_cond = (insn >> 4) & 0xe;
11010            s->condexec_mask = insn & 0x1f;
11011            /* No actual code generated for this insn, just setup state.  */
11012            break;
11013
11014        case 0xe: /* bkpt */
11015        {
11016            int imm8 = extract32(insn, 0, 8);
11017            ARCH(5);
11018            gen_exception_insn(s, 2, EXCP_BKPT, syn_aa32_bkpt(imm8, true),
11019                               default_exception_el(s));
11020            break;
11021        }
11022
11023        case 0xa: /* rev */
11024            ARCH(6);
11025            rn = (insn >> 3) & 0x7;
11026            rd = insn & 0x7;
11027            tmp = load_reg(s, rn);
11028            switch ((insn >> 6) & 3) {
11029            case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
11030            case 1: gen_rev16(tmp); break;
11031            case 3: gen_revsh(tmp); break;
11032            default: goto illegal_op;
11033            }
11034            store_reg(s, rd, tmp);
11035            break;
11036
11037        case 6:
11038            switch ((insn >> 5) & 7) {
11039            case 2:
11040                /* setend */
11041                ARCH(6);
11042                if (((insn >> 3) & 1) != s->bswap_code) {
11043                    /* Dynamic endianness switching not implemented. */
11044                    qemu_log_mask(LOG_UNIMP, "arm: unimplemented setend\n");
11045                    goto illegal_op;
11046                }
11047                break;
11048            case 3:
11049                /* cps */
11050                ARCH(6);
11051                if (IS_USER(s)) {
11052                    break;
11053                }
11054                if (arm_dc_feature(s, ARM_FEATURE_M)) {
11055                    tmp = tcg_const_i32((insn & (1 << 4)) != 0);
11056                    /* FAULTMASK */
11057                    if (insn & 1) {
11058                        addr = tcg_const_i32(19);
11059                        gen_helper_v7m_msr(cpu_env, addr, tmp);
11060                        tcg_temp_free_i32(addr);
11061                    }
11062                    /* PRIMASK */
11063                    if (insn & 2) {
11064                        addr = tcg_const_i32(16);
11065                        gen_helper_v7m_msr(cpu_env, addr, tmp);
11066                        tcg_temp_free_i32(addr);
11067                    }
11068                    tcg_temp_free_i32(tmp);
11069                    gen_lookup_tb(s);
11070                } else {
11071                    if (insn & (1 << 4)) {
11072                        shift = CPSR_A | CPSR_I | CPSR_F;
11073                    } else {
11074                        shift = 0;
11075                    }
11076                    gen_set_psr_im(s, ((insn & 7) << 6), 0, shift);
11077                }
11078                break;
11079            default:
11080                goto undef;
11081            }
11082            break;
11083
11084        default:
11085            goto undef;
11086        }
11087        break;
11088
11089    case 12:
11090    {
11091        /* load/store multiple */
11092        TCGv_i32 loaded_var;
11093        TCGV_UNUSED_I32(loaded_var);
11094        rn = (insn >> 8) & 0x7;
11095        addr = load_reg(s, rn);
11096        for (i = 0; i < 8; i++) {
11097            if (insn & (1 << i)) {
11098                if (insn & (1 << 11)) {
11099                    /* load */
11100                    tmp = tcg_temp_new_i32();
11101                    gen_aa32_ld32u(tmp, addr, get_mem_index(s));
11102                    if (i == rn) {
11103                        loaded_var = tmp;
11104                    } else {
11105                        store_reg(s, i, tmp);
11106                    }
11107                } else {
11108                    /* store */
11109                    tmp = load_reg(s, i);
11110                    gen_aa32_st32(tmp, addr, get_mem_index(s));
11111                    tcg_temp_free_i32(tmp);
11112                }
11113                /* advance to the next address */
11114                tcg_gen_addi_i32(addr, addr, 4);
11115            }
11116        }
11117        if ((insn & (1 << rn)) == 0) {
11118            /* base reg not in list: base register writeback */
11119            store_reg(s, rn, addr);
11120        } else {
11121            /* base reg in list: if load, complete it now */
11122            if (insn & (1 << 11)) {
11123                store_reg(s, rn, loaded_var);
11124            }
11125            tcg_temp_free_i32(addr);
11126        }
11127        break;
11128    }
11129    case 13:
11130        /* conditional branch or swi */
11131        cond = (insn >> 8) & 0xf;
11132        if (cond == 0xe)
11133            goto undef;
11134
11135        if (cond == 0xf) {
11136            /* swi */
11137            gen_set_pc_im(s, s->pc);
11138            s->svc_imm = extract32(insn, 0, 8);
11139            s->is_jmp = DISAS_SWI;
11140            break;
11141        }
11142        /* generate a conditional jump to next instruction */
11143        s->condlabel = gen_new_label();
11144        arm_gen_test_cc(cond ^ 1, s->condlabel);
11145        s->condjmp = 1;
11146
11147        /* jump to the offset */
11148        val = (uint32_t)s->pc + 2;
11149        offset = ((int32_t)insn << 24) >> 24;
11150        val += offset << 1;
11151        gen_jmp(s, val);
11152        break;
11153
11154    case 14:
11155        if (insn & (1 << 11)) {
11156            if (disas_thumb2_insn(env, s, insn))
11157              goto undef32;
11158            break;
11159        }
11160        /* unconditional branch */
11161        val = (uint32_t)s->pc;
11162        offset = ((int32_t)insn << 21) >> 21;
11163        val += (offset << 1) + 2;
11164        gen_jmp(s, val);
11165        break;
11166
11167    case 15:
11168        if (disas_thumb2_insn(env, s, insn))
11169            goto undef32;
11170        break;
11171    }
11172    return;
11173undef32:
11174    gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
11175                       default_exception_el(s));
11176    return;
11177illegal_op:
11178undef:
11179    gen_exception_insn(s, 2, EXCP_UDEF, syn_uncategorized(),
11180                       default_exception_el(s));
11181}
11182
11183static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
11184{
11185    /* Return true if the insn at dc->pc might cross a page boundary.
11186     * (False positives are OK, false negatives are not.)
11187     */
11188    uint16_t insn;
11189
11190    if ((s->pc & 3) == 0) {
11191        /* At a 4-aligned address we can't be crossing a page */
11192        return false;
11193    }
11194
11195    /* This must be a Thumb insn */
11196    insn = arm_lduw_code(env, s->pc, s->bswap_code);
11197
11198    if ((insn >> 11) >= 0x1d) {
11199        /* Top five bits 0b11101 / 0b11110 / 0b11111 : this is the
11200         * First half of a 32-bit Thumb insn. Thumb-1 cores might
11201         * end up actually treating this as two 16-bit insns (see the
11202         * code at the start of disas_thumb2_insn()) but we don't bother
11203         * to check for that as it is unlikely, and false positives here
11204         * are harmless.
11205         */
11206        return true;
11207    }
11208    /* Definitely a 16-bit insn, can't be crossing a page. */
11209    return false;
11210}
11211
11212/* generate intermediate code in gen_opc_buf and gen_opparam_buf for
11213   basic block 'tb'.  */
11214void gen_intermediate_code(CPUARMState *env, TranslationBlock *tb)
11215{
11216    ARMCPU *cpu = arm_env_get_cpu(env);
11217    CPUState *cs = CPU(cpu);
11218    DisasContext dc1, *dc = &dc1;
11219    target_ulong pc_start;
11220    target_ulong next_page_start;
11221    int num_insns;
11222    int max_insns;
11223    bool end_of_page;
11224
11225    /* generate intermediate code */
11226
11227    /* The A64 decoder has its own top level loop, because it doesn't need
11228     * the A32/T32 complexity to do with conditional execution/IT blocks/etc.
11229     */
11230    if (ARM_TBFLAG_AARCH64_STATE(tb->flags)) {
11231        gen_intermediate_code_a64(cpu, tb);
11232        return;
11233    }
11234
11235    pc_start = tb->pc;
11236
11237    dc->tb = tb;
11238
11239    dc->is_jmp = DISAS_NEXT;
11240    dc->pc = pc_start;
11241    dc->singlestep_enabled = cs->singlestep_enabled;
11242    dc->condjmp = 0;
11243
11244    dc->aarch64 = 0;
11245    /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
11246     * there is no secure EL1, so we route exceptions to EL3.
11247     */
11248    dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
11249                               !arm_el_is_aa64(env, 3);
11250    dc->thumb = ARM_TBFLAG_THUMB(tb->flags);
11251    dc->bswap_code = ARM_TBFLAG_BSWAP_CODE(tb->flags);
11252    dc->condexec_mask = (ARM_TBFLAG_CONDEXEC(tb->flags) & 0xf) << 1;
11253    dc->condexec_cond = ARM_TBFLAG_CONDEXEC(tb->flags) >> 4;
11254    dc->mmu_idx = ARM_TBFLAG_MMUIDX(tb->flags);
11255    dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
11256#if !defined(CONFIG_USER_ONLY)
11257    dc->user = (dc->current_el == 0);
11258#endif
11259    dc->ns = ARM_TBFLAG_NS(tb->flags);
11260    dc->fp_excp_el = ARM_TBFLAG_FPEXC_EL(tb->flags);
11261    dc->vfp_enabled = ARM_TBFLAG_VFPEN(tb->flags);
11262    dc->vec_len = ARM_TBFLAG_VECLEN(tb->flags);
11263    dc->vec_stride = ARM_TBFLAG_VECSTRIDE(tb->flags);
11264    dc->c15_cpar = ARM_TBFLAG_XSCALE_CPAR(tb->flags);
11265    dc->cp_regs = cpu->cp_regs;
11266    dc->features = env->features;
11267
11268    /* Single step state. The code-generation logic here is:
11269     *  SS_ACTIVE == 0:
11270     *   generate code with no special handling for single-stepping (except
11271     *   that anything that can make us go to SS_ACTIVE == 1 must end the TB;
11272     *   this happens anyway because those changes are all system register or
11273     *   PSTATE writes).
11274     *  SS_ACTIVE == 1, PSTATE.SS == 1: (active-not-pending)
11275     *   emit code for one insn
11276     *   emit code to clear PSTATE.SS
11277     *   emit code to generate software step exception for completed step
11278     *   end TB (as usual for having generated an exception)
11279     *  SS_ACTIVE == 1, PSTATE.SS == 0: (active-pending)
11280     *   emit code to generate a software step exception
11281     *   end the TB
11282     */
11283    dc->ss_active = ARM_TBFLAG_SS_ACTIVE(tb->flags);
11284    dc->pstate_ss = ARM_TBFLAG_PSTATE_SS(tb->flags);
11285    dc->is_ldex = false;
11286    dc->ss_same_el = false; /* Can't be true since EL_d must be AArch64 */
11287
11288    cpu_F0s = tcg_temp_new_i32();
11289    cpu_F1s = tcg_temp_new_i32();
11290    cpu_F0d = tcg_temp_new_i64();
11291    cpu_F1d = tcg_temp_new_i64();
11292    cpu_V0 = cpu_F0d;
11293    cpu_V1 = cpu_F1d;
11294    /* FIXME: cpu_M0 can probably be the same as cpu_V0.  */
11295    cpu_M0 = tcg_temp_new_i64();
11296    next_page_start = (pc_start & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE;
11297    num_insns = 0;
11298    max_insns = tb->cflags & CF_COUNT_MASK;
11299    if (max_insns == 0) {
11300        max_insns = CF_COUNT_MASK;
11301    }
11302    if (max_insns > TCG_MAX_INSNS) {
11303        max_insns = TCG_MAX_INSNS;
11304    }
11305
11306    gen_tb_start(tb);
11307
11308    tcg_clear_temp_count();
11309
11310    /* A note on handling of the condexec (IT) bits:
11311     *
11312     * We want to avoid the overhead of having to write the updated condexec
11313     * bits back to the CPUARMState for every instruction in an IT block. So:
11314     * (1) if the condexec bits are not already zero then we write
11315     * zero back into the CPUARMState now. This avoids complications trying
11316     * to do it at the end of the block. (For example if we don't do this
11317     * it's hard to identify whether we can safely skip writing condexec
11318     * at the end of the TB, which we definitely want to do for the case
11319     * where a TB doesn't do anything with the IT state at all.)
11320     * (2) if we are going to leave the TB then we call gen_set_condexec()
11321     * which will write the correct value into CPUARMState if zero is wrong.
11322     * This is done both for leaving the TB at the end, and for leaving
11323     * it because of an exception we know will happen, which is done in
11324     * gen_exception_insn(). The latter is necessary because we need to
11325     * leave the TB with the PC/IT state just prior to execution of the
11326     * instruction which caused the exception.
11327     * (3) if we leave the TB unexpectedly (eg a data abort on a load)
11328     * then the CPUARMState will be wrong and we need to reset it.
11329     * This is handled in the same way as restoration of the
11330     * PC in these situations; we save the value of the condexec bits
11331     * for each PC via tcg_gen_insn_start(), and restore_state_to_opc()
11332     * then uses this to restore them after an exception.
11333     *
11334     * Note that there are no instructions which can read the condexec
11335     * bits, and none which can write non-static values to them, so
11336     * we don't need to care about whether CPUARMState is correct in the
11337     * middle of a TB.
11338     */
11339
11340    /* Reset the conditional execution bits immediately. This avoids
11341       complications trying to do it at the end of the block.  */
11342    if (dc->condexec_mask || dc->condexec_cond)
11343      {
11344        TCGv_i32 tmp = tcg_temp_new_i32();
11345        tcg_gen_movi_i32(tmp, 0);
11346        store_cpu_field(tmp, condexec_bits);
11347      }
11348    do {
11349        tcg_gen_insn_start(dc->pc,
11350                           (dc->condexec_cond << 4) | (dc->condexec_mask >> 1));
11351        num_insns++;
11352
11353#ifdef CONFIG_USER_ONLY
11354        /* Intercept jump to the magic kernel page.  */
11355        if (dc->pc >= 0xffff0000) {
11356            /* We always get here via a jump, so know we are not in a
11357               conditional execution block.  */
11358            gen_exception_internal(EXCP_KERNEL_TRAP);
11359            dc->is_jmp = DISAS_EXC;
11360            break;
11361        }
11362#else
11363        if (dc->pc >= 0xfffffff0 && arm_dc_feature(dc, ARM_FEATURE_M)) {
11364            /* We always get here via a jump, so know we are not in a
11365               conditional execution block.  */
11366            gen_exception_internal(EXCP_EXCEPTION_EXIT);
11367            dc->is_jmp = DISAS_EXC;
11368            break;
11369        }
11370#endif
11371
11372        if (unlikely(!QTAILQ_EMPTY(&cs->breakpoints))) {
11373            CPUBreakpoint *bp;
11374            QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
11375                if (bp->pc == dc->pc) {
11376                    if (bp->flags & BP_CPU) {
11377                        gen_set_condexec(dc);
11378                        gen_set_pc_im(dc, dc->pc);
11379                        gen_helper_check_breakpoints(cpu_env);
11380                        /* End the TB early; it's likely not going to be executed */
11381                        dc->is_jmp = DISAS_UPDATE;
11382                    } else {
11383                        gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
11384                        /* The address covered by the breakpoint must be
11385                           included in [tb->pc, tb->pc + tb->size) in order
11386                           to for it to be properly cleared -- thus we
11387                           increment the PC here so that the logic setting
11388                           tb->size below does the right thing.  */
11389                        /* TODO: Advance PC by correct instruction length to
11390                         * avoid disassembler error messages */
11391                        dc->pc += 2;
11392                        goto done_generating;
11393                    }
11394                    break;
11395                }
11396            }
11397        }
11398
11399        if (num_insns == max_insns && (tb->cflags & CF_LAST_IO)) {
11400            gen_io_start();
11401        }
11402
11403        if (dc->ss_active && !dc->pstate_ss) {
11404            /* Singlestep state is Active-pending.
11405             * If we're in this state at the start of a TB then either
11406             *  a) we just took an exception to an EL which is being debugged
11407             *     and this is the first insn in the exception handler
11408             *  b) debug exceptions were masked and we just unmasked them
11409             *     without changing EL (eg by clearing PSTATE.D)
11410             * In either case we're going to take a swstep exception in the
11411             * "did not step an insn" case, and so the syndrome ISV and EX
11412             * bits should be zero.
11413             */
11414            assert(num_insns == 1);
11415            gen_exception(EXCP_UDEF, syn_swstep(dc->ss_same_el, 0, 0),
11416                          default_exception_el(dc));
11417            goto done_generating;
11418        }
11419
11420        if (dc->thumb) {
11421            disas_thumb_insn(env, dc);
11422            if (dc->condexec_mask) {
11423                dc->condexec_cond = (dc->condexec_cond & 0xe)
11424                                   | ((dc->condexec_mask >> 4) & 1);
11425                dc->condexec_mask = (dc->condexec_mask << 1) & 0x1f;
11426                if (dc->condexec_mask == 0) {
11427                    dc->condexec_cond = 0;
11428                }
11429            }
11430        } else {
11431            unsigned int insn = arm_ldl_code(env, dc->pc, dc->bswap_code);
11432            dc->pc += 4;
11433            disas_arm_insn(dc, insn);
11434        }
11435
11436        if (dc->condjmp && !dc->is_jmp) {
11437            gen_set_label(dc->condlabel);
11438            dc->condjmp = 0;
11439        }
11440
11441        if (tcg_check_temp_count()) {
11442            fprintf(stderr, "TCG temporary leak before "TARGET_FMT_lx"\n",
11443                    dc->pc);
11444        }
11445
11446        /* Translation stops when a conditional branch is encountered.
11447         * Otherwise the subsequent code could get translated several times.
11448         * Also stop translation when a page boundary is reached.  This
11449         * ensures prefetch aborts occur at the right place.  */
11450
11451        /* We want to stop the TB if the next insn starts in a new page,
11452         * or if it spans between this page and the next. This means that
11453         * if we're looking at the last halfword in the page we need to
11454         * see if it's a 16-bit Thumb insn (which will fit in this TB)
11455         * or a 32-bit Thumb insn (which won't).
11456         * This is to avoid generating a silly TB with a single 16-bit insn
11457         * in it at the end of this page (which would execute correctly
11458         * but isn't very efficient).
11459         */
11460        end_of_page = (dc->pc >= next_page_start) ||
11461            ((dc->pc >= next_page_start - 3) && insn_crosses_page(env, dc));
11462
11463    } while (!dc->is_jmp && !tcg_op_buf_full() &&
11464             !cs->singlestep_enabled &&
11465             !singlestep &&
11466             !dc->ss_active &&
11467             !end_of_page &&
11468             num_insns < max_insns);
11469
11470    if (tb->cflags & CF_LAST_IO) {
11471        if (dc->condjmp) {
11472            /* FIXME:  This can theoretically happen with self-modifying
11473               code.  */
11474            cpu_abort(cs, "IO on conditional branch instruction");
11475        }
11476        gen_io_end();
11477    }
11478
11479    /* At this stage dc->condjmp will only be set when the skipped
11480       instruction was a conditional branch or trap, and the PC has
11481       already been written.  */
11482    if (unlikely(cs->singlestep_enabled || dc->ss_active)) {
11483        /* Make sure the pc is updated, and raise a debug exception.  */
11484        if (dc->condjmp) {
11485            gen_set_condexec(dc);
11486            if (dc->is_jmp == DISAS_SWI) {
11487                gen_ss_advance(dc);
11488                gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
11489                              default_exception_el(dc));
11490            } else if (dc->is_jmp == DISAS_HVC) {
11491                gen_ss_advance(dc);
11492                gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
11493            } else if (dc->is_jmp == DISAS_SMC) {
11494                gen_ss_advance(dc);
11495                gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
11496            } else if (dc->ss_active) {
11497                gen_step_complete_exception(dc);
11498            } else {
11499                gen_exception_internal(EXCP_DEBUG);
11500            }
11501            gen_set_label(dc->condlabel);
11502        }
11503        if (dc->condjmp || dc->is_jmp == DISAS_NEXT ||
11504            dc->is_jmp == DISAS_UPDATE) {
11505            gen_set_pc_im(dc, dc->pc);
11506            dc->condjmp = 0;
11507        }
11508        gen_set_condexec(dc);
11509        if (dc->is_jmp == DISAS_SWI && !dc->condjmp) {
11510            gen_ss_advance(dc);
11511            gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
11512                          default_exception_el(dc));
11513        } else if (dc->is_jmp == DISAS_HVC && !dc->condjmp) {
11514            gen_ss_advance(dc);
11515            gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
11516        } else if (dc->is_jmp == DISAS_SMC && !dc->condjmp) {
11517            gen_ss_advance(dc);
11518            gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
11519        } else if (dc->ss_active) {
11520            gen_step_complete_exception(dc);
11521        } else {
11522            /* FIXME: Single stepping a WFI insn will not halt
11523               the CPU.  */
11524            gen_exception_internal(EXCP_DEBUG);
11525        }
11526    } else {
11527        /* While branches must always occur at the end of an IT block,
11528           there are a few other things that can cause us to terminate
11529           the TB in the middle of an IT block:
11530            - Exception generating instructions (bkpt, swi, undefined).
11531            - Page boundaries.
11532            - Hardware watchpoints.
11533           Hardware breakpoints have already been handled and skip this code.
11534         */
11535        gen_set_condexec(dc);
11536        switch(dc->is_jmp) {
11537        case DISAS_NEXT:
11538            gen_goto_tb(dc, 1, dc->pc);
11539            break;
11540        case DISAS_UPDATE:
11541            gen_set_pc_im(dc, dc->pc);
11542            /* fall through */
11543        case DISAS_JUMP:
11544        default:
11545            /* indicate that the hash table must be used to find the next TB */
11546            tcg_gen_exit_tb(0);
11547            break;
11548        case DISAS_TB_JUMP:
11549            /* nothing more to generate */
11550            break;
11551        case DISAS_WFI:
11552            gen_helper_wfi(cpu_env);
11553            /* The helper doesn't necessarily throw an exception, but we
11554             * must go back to the main loop to check for interrupts anyway.
11555             */
11556            tcg_gen_exit_tb(0);
11557            break;
11558        case DISAS_WFE:
11559            gen_helper_wfe(cpu_env);
11560            break;
11561        case DISAS_YIELD:
11562            gen_helper_yield(cpu_env);
11563            break;
11564        case DISAS_SWI:
11565            gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
11566                          default_exception_el(dc));
11567            break;
11568        case DISAS_HVC:
11569            gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
11570            break;
11571        case DISAS_SMC:
11572            gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
11573            break;
11574        }
11575        if (dc->condjmp) {
11576            gen_set_label(dc->condlabel);
11577            gen_set_condexec(dc);
11578            gen_goto_tb(dc, 1, dc->pc);
11579            dc->condjmp = 0;
11580        }
11581    }
11582
11583done_generating:
11584    gen_tb_end(tb, num_insns);
11585
11586#ifdef DEBUG_DISAS
11587    if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM)) {
11588        qemu_log("----------------\n");
11589        qemu_log("IN: %s\n", lookup_symbol(pc_start));
11590        log_target_disas(cs, pc_start, dc->pc - pc_start,
11591                         dc->thumb | (dc->bswap_code << 1));
11592        qemu_log("\n");
11593    }
11594#endif
11595    tb->size = dc->pc - pc_start;
11596    tb->icount = num_insns;
11597}
11598
11599static const char *cpu_mode_names[16] = {
11600  "usr", "fiq", "irq", "svc", "???", "???", "mon", "abt",
11601  "???", "???", "hyp", "und", "???", "???", "???", "sys"
11602};
11603
11604void arm_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
11605                        int flags)
11606{
11607    ARMCPU *cpu = ARM_CPU(cs);
11608    CPUARMState *env = &cpu->env;
11609    int i;
11610    uint32_t psr;
11611    const char *ns_status;
11612
11613    if (is_a64(env)) {
11614        aarch64_cpu_dump_state(cs, f, cpu_fprintf, flags);
11615        return;
11616    }
11617
11618    for(i=0;i<16;i++) {
11619        cpu_fprintf(f, "R%02d=%08x", i, env->regs[i]);
11620        if ((i % 4) == 3)
11621            cpu_fprintf(f, "\n");
11622        else
11623            cpu_fprintf(f, " ");
11624    }
11625    psr = cpsr_read(env);
11626
11627    if (arm_feature(env, ARM_FEATURE_EL3) &&
11628        (psr & CPSR_M) != ARM_CPU_MODE_MON) {
11629        ns_status = env->cp15.scr_el3 & SCR_NS ? "NS " : "S ";
11630    } else {
11631        ns_status = "";
11632    }
11633
11634    cpu_fprintf(f, "PSR=%08x %c%c%c%c %c %s%s%d\n",
11635                psr,
11636                psr & (1 << 31) ? 'N' : '-',
11637                psr & (1 << 30) ? 'Z' : '-',
11638                psr & (1 << 29) ? 'C' : '-',
11639                psr & (1 << 28) ? 'V' : '-',
11640                psr & CPSR_T ? 'T' : 'A',
11641                ns_status,
11642                cpu_mode_names[psr & 0xf], (psr & 0x10) ? 32 : 26);
11643
11644    if (flags & CPU_DUMP_FPU) {
11645        int numvfpregs = 0;
11646        if (arm_feature(env, ARM_FEATURE_VFP)) {
11647            numvfpregs += 16;
11648        }
11649        if (arm_feature(env, ARM_FEATURE_VFP3)) {
11650            numvfpregs += 16;
11651        }
11652        for (i = 0; i < numvfpregs; i++) {
11653            uint64_t v = float64_val(env->vfp.regs[i]);
11654            cpu_fprintf(f, "s%02d=%08x s%02d=%08x d%02d=%016" PRIx64 "\n",
11655                        i * 2, (uint32_t)v,
11656                        i * 2 + 1, (uint32_t)(v >> 32),
11657                        i, v);
11658        }
11659        cpu_fprintf(f, "FPSCR: %08x\n", (int)env->vfp.xregs[ARM_VFP_FPSCR]);
11660    }
11661}
11662
11663void restore_state_to_opc(CPUARMState *env, TranslationBlock *tb,
11664                          target_ulong *data)
11665{
11666    if (is_a64(env)) {
11667        env->pc = data[0];
11668        env->condexec_bits = 0;
11669    } else {
11670        env->regs[15] = data[0];
11671        env->condexec_bits = data[1];
11672    }
11673}
11674