LXR qemu/target-arm/translate.c

   1/*
   2 *  ARM translation
   3 *
   4 *  Copyright (c) 2003 Fabrice Bellard
   5 *  Copyright (c) 2005-2007 CodeSourcery
   6 *  Copyright (c) 2007 OpenedHand, Ltd.
   7 *
   8 * This library is free software; you can redistribute it and/or
   9 * modify it under the terms of the GNU Lesser General Public
  10 * License as published by the Free Software Foundation; either
  11 * version 2 of the License, or (at your option) any later version.
  12 *
  13 * This library is distributed in the hope that it will be useful,
  14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16 * Lesser General Public License for more details.
  17 *
  18 * You should have received a copy of the GNU Lesser General Public
  19 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  20 */
  21#include "qemu/osdep.h"
  22
  23#include "cpu.h"
  24#include "internals.h"
  25#include "disas/disas.h"
  26#include "exec/exec-all.h"
  27#include "tcg-op.h"
  28#include "qemu/log.h"
  29#include "qemu/bitops.h"
  30#include "arm_ldst.h"
  31#include "exec/semihost.h"
  32
  33#include "exec/helper-proto.h"
  34#include "exec/helper-gen.h"
  35
  36#include "trace-tcg.h"
  37#include "exec/log.h"
  38
  39
  40#define ENABLE_ARCH_4T    arm_dc_feature(s, ARM_FEATURE_V4T)
  41#define ENABLE_ARCH_5     arm_dc_feature(s, ARM_FEATURE_V5)
  42/* currently all emulated v5 cores are also v5TE, so don't bother */
  43#define ENABLE_ARCH_5TE   arm_dc_feature(s, ARM_FEATURE_V5)
  44#define ENABLE_ARCH_5J    0
  45#define ENABLE_ARCH_6     arm_dc_feature(s, ARM_FEATURE_V6)
  46#define ENABLE_ARCH_6K    arm_dc_feature(s, ARM_FEATURE_V6K)
  47#define ENABLE_ARCH_6T2   arm_dc_feature(s, ARM_FEATURE_THUMB2)
  48#define ENABLE_ARCH_7     arm_dc_feature(s, ARM_FEATURE_V7)
  49#define ENABLE_ARCH_8     arm_dc_feature(s, ARM_FEATURE_V8)
  50
  51#define ARCH(x) do { if (!ENABLE_ARCH_##x) goto illegal_op; } while(0)
  52
  53#include "translate.h"
  54
  55#if defined(CONFIG_USER_ONLY)
  56#define IS_USER(s) 1
  57#else
  58#define IS_USER(s) (s->user)
  59#endif
  60
  61TCGv_env cpu_env;
  62/* We reuse the same 64-bit temporaries for efficiency.  */
  63static TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
  64static TCGv_i32 cpu_R[16];
  65TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF;
  66TCGv_i64 cpu_exclusive_addr;
  67TCGv_i64 cpu_exclusive_val;
  68
  69/* FIXME:  These should be removed.  */
  70static TCGv_i32 cpu_F0s, cpu_F1s;
  71static TCGv_i64 cpu_F0d, cpu_F1d;
  72
  73#include "exec/gen-icount.h"
  74
  75static const char *regnames[] =
  76    { "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
  77      "r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" };
  78
  79/* initialize TCG globals.  */
  80void arm_translate_init(void)
  81{
  82    int i;
  83
  84    cpu_env = tcg_global_reg_new_ptr(TCG_AREG0, "env");
  85    tcg_ctx.tcg_env = cpu_env;
  86
  87    for (i = 0; i < 16; i++) {
  88        cpu_R[i] = tcg_global_mem_new_i32(cpu_env,
  89                                          offsetof(CPUARMState, regs[i]),
  90                                          regnames[i]);
  91    }
  92    cpu_CF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, CF), "CF");
  93    cpu_NF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, NF), "NF");
  94    cpu_VF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, VF), "VF");
  95    cpu_ZF = tcg_global_mem_new_i32(cpu_env, offsetof(CPUARMState, ZF), "ZF");
  96
  97    cpu_exclusive_addr = tcg_global_mem_new_i64(cpu_env,
  98        offsetof(CPUARMState, exclusive_addr), "exclusive_addr");
  99    cpu_exclusive_val = tcg_global_mem_new_i64(cpu_env,
 100        offsetof(CPUARMState, exclusive_val), "exclusive_val");
 101
 102    a64_translate_init();
 103}
 104
 105static inline ARMMMUIdx get_a32_user_mem_index(DisasContext *s)
 106{
 107    /* Return the mmu_idx to use for A32/T32 "unprivileged load/store"
 108     * insns:
 109     *  if PL2, UNPREDICTABLE (we choose to implement as if PL0)
 110     *  otherwise, access as if at PL0.
 111     */
 112    switch (s->mmu_idx) {
 113    case ARMMMUIdx_S1E2:        /* this one is UNPREDICTABLE */
 114    case ARMMMUIdx_S12NSE0:
 115    case ARMMMUIdx_S12NSE1:
 116        return ARMMMUIdx_S12NSE0;
 117    case ARMMMUIdx_S1E3:
 118    case ARMMMUIdx_S1SE0:
 119    case ARMMMUIdx_S1SE1:
 120        return ARMMMUIdx_S1SE0;
 121    case ARMMMUIdx_S2NS:
 122    default:
 123        g_assert_not_reached();
 124    }
 125}
 126
 127static inline TCGv_i32 load_cpu_offset(int offset)
 128{
 129    TCGv_i32 tmp = tcg_temp_new_i32();
 130    tcg_gen_ld_i32(tmp, cpu_env, offset);
 131    return tmp;
 132}
 133
 134#define load_cpu_field(name) load_cpu_offset(offsetof(CPUARMState, name))
 135
 136static inline void store_cpu_offset(TCGv_i32 var, int offset)
 137{
 138    tcg_gen_st_i32(var, cpu_env, offset);
 139    tcg_temp_free_i32(var);
 140}
 141
 142#define store_cpu_field(var, name) \
 143    store_cpu_offset(var, offsetof(CPUARMState, name))
 144
 145/* Set a variable to the value of a CPU register.  */
 146static void load_reg_var(DisasContext *s, TCGv_i32 var, int reg)
 147{
 148    if (reg == 15) {
 149        uint32_t addr;
 150        /* normally, since we updated PC, we need only to add one insn */
 151        if (s->thumb)
 152            addr = (long)s->pc + 2;
 153        else
 154            addr = (long)s->pc + 4;
 155        tcg_gen_movi_i32(var, addr);
 156    } else {
 157        tcg_gen_mov_i32(var, cpu_R[reg]);
 158    }
 159}
 160
 161/* Create a new temporary and set it to the value of a CPU register.  */
 162static inline TCGv_i32 load_reg(DisasContext *s, int reg)
 163{
 164    TCGv_i32 tmp = tcg_temp_new_i32();
 165    load_reg_var(s, tmp, reg);
 166    return tmp;
 167}
 168
 169/* Set a CPU register.  The source must be a temporary and will be
 170   marked as dead.  */
 171static void store_reg(DisasContext *s, int reg, TCGv_i32 var)
 172{
 173    if (reg == 15) {
 174        /* In Thumb mode, we must ignore bit 0.
 175         * In ARM mode, for ARMv4 and ARMv5, it is UNPREDICTABLE if bits [1:0]
 176         * are not 0b00, but for ARMv6 and above, we must ignore bits [1:0].
 177         * We choose to ignore [1:0] in ARM mode for all architecture versions.
 178         */
 179        tcg_gen_andi_i32(var, var, s->thumb ? ~1 : ~3);
 180        s->is_jmp = DISAS_JUMP;
 181    }
 182    tcg_gen_mov_i32(cpu_R[reg], var);
 183    tcg_temp_free_i32(var);
 184}
 185
 186/* Value extensions.  */
 187#define gen_uxtb(var) tcg_gen_ext8u_i32(var, var)
 188#define gen_uxth(var) tcg_gen_ext16u_i32(var, var)
 189#define gen_sxtb(var) tcg_gen_ext8s_i32(var, var)
 190#define gen_sxth(var) tcg_gen_ext16s_i32(var, var)
 191
 192#define gen_sxtb16(var) gen_helper_sxtb16(var, var)
 193#define gen_uxtb16(var) gen_helper_uxtb16(var, var)
 194
 195
 196static inline void gen_set_cpsr(TCGv_i32 var, uint32_t mask)
 197{
 198    TCGv_i32 tmp_mask = tcg_const_i32(mask);
 199    gen_helper_cpsr_write(cpu_env, var, tmp_mask);
 200    tcg_temp_free_i32(tmp_mask);
 201}
 202/* Set NZCV flags from the high 4 bits of var.  */
 203#define gen_set_nzcv(var) gen_set_cpsr(var, CPSR_NZCV)
 204
 205static void gen_exception_internal(int excp)
 206{
 207    TCGv_i32 tcg_excp = tcg_const_i32(excp);
 208
 209    assert(excp_is_internal(excp));
 210    gen_helper_exception_internal(cpu_env, tcg_excp);
 211    tcg_temp_free_i32(tcg_excp);
 212}
 213
 214static void gen_exception(int excp, uint32_t syndrome, uint32_t target_el)
 215{
 216    TCGv_i32 tcg_excp = tcg_const_i32(excp);
 217    TCGv_i32 tcg_syn = tcg_const_i32(syndrome);
 218    TCGv_i32 tcg_el = tcg_const_i32(target_el);
 219
 220    gen_helper_exception_with_syndrome(cpu_env, tcg_excp,
 221                                       tcg_syn, tcg_el);
 222
 223    tcg_temp_free_i32(tcg_el);
 224    tcg_temp_free_i32(tcg_syn);
 225    tcg_temp_free_i32(tcg_excp);
 226}
 227
 228static void gen_ss_advance(DisasContext *s)
 229{
 230    /* If the singlestep state is Active-not-pending, advance to
 231     * Active-pending.
 232     */
 233    if (s->ss_active) {
 234        s->pstate_ss = 0;
 235        gen_helper_clear_pstate_ss(cpu_env);
 236    }
 237}
 238
 239static void gen_step_complete_exception(DisasContext *s)
 240{
 241    /* We just completed step of an insn. Move from Active-not-pending
 242     * to Active-pending, and then also take the swstep exception.
 243     * This corresponds to making the (IMPDEF) choice to prioritize
 244     * swstep exceptions over asynchronous exceptions taken to an exception
 245     * level where debug is disabled. This choice has the advantage that
 246     * we do not need to maintain internal state corresponding to the
 247     * ISV/EX syndrome bits between completion of the step and generation
 248     * of the exception, and our syndrome information is always correct.
 249     */
 250    gen_ss_advance(s);
 251    gen_exception(EXCP_UDEF, syn_swstep(s->ss_same_el, 1, s->is_ldex),
 252                  default_exception_el(s));
 253    s->is_jmp = DISAS_EXC;
 254}
 255
 256static void gen_smul_dual(TCGv_i32 a, TCGv_i32 b)
 257{
 258    TCGv_i32 tmp1 = tcg_temp_new_i32();
 259    TCGv_i32 tmp2 = tcg_temp_new_i32();
 260    tcg_gen_ext16s_i32(tmp1, a);
 261    tcg_gen_ext16s_i32(tmp2, b);
 262    tcg_gen_mul_i32(tmp1, tmp1, tmp2);
 263    tcg_temp_free_i32(tmp2);
 264    tcg_gen_sari_i32(a, a, 16);
 265    tcg_gen_sari_i32(b, b, 16);
 266    tcg_gen_mul_i32(b, b, a);
 267    tcg_gen_mov_i32(a, tmp1);
 268    tcg_temp_free_i32(tmp1);
 269}
 270
 271/* Byteswap each halfword.  */
 272static void gen_rev16(TCGv_i32 var)
 273{
 274    TCGv_i32 tmp = tcg_temp_new_i32();
 275    tcg_gen_shri_i32(tmp, var, 8);
 276    tcg_gen_andi_i32(tmp, tmp, 0x00ff00ff);
 277    tcg_gen_shli_i32(var, var, 8);
 278    tcg_gen_andi_i32(var, var, 0xff00ff00);
 279    tcg_gen_or_i32(var, var, tmp);
 280    tcg_temp_free_i32(tmp);
 281}
 282
 283/* Byteswap low halfword and sign extend.  */
 284static void gen_revsh(TCGv_i32 var)
 285{
 286    tcg_gen_ext16u_i32(var, var);
 287    tcg_gen_bswap16_i32(var, var);
 288    tcg_gen_ext16s_i32(var, var);
 289}
 290
 291/* Unsigned bitfield extract.  */
 292static void gen_ubfx(TCGv_i32 var, int shift, uint32_t mask)
 293{
 294    if (shift)
 295        tcg_gen_shri_i32(var, var, shift);
 296    tcg_gen_andi_i32(var, var, mask);
 297}
 298
 299/* Signed bitfield extract.  */
 300static void gen_sbfx(TCGv_i32 var, int shift, int width)
 301{
 302    uint32_t signbit;
 303
 304    if (shift)
 305        tcg_gen_sari_i32(var, var, shift);
 306    if (shift + width < 32) {
 307        signbit = 1u << (width - 1);
 308        tcg_gen_andi_i32(var, var, (1u << width) - 1);
 309        tcg_gen_xori_i32(var, var, signbit);
 310        tcg_gen_subi_i32(var, var, signbit);
 311    }
 312}
 313
 314/* Return (b << 32) + a. Mark inputs as dead */
 315static TCGv_i64 gen_addq_msw(TCGv_i64 a, TCGv_i32 b)
 316{
 317    TCGv_i64 tmp64 = tcg_temp_new_i64();
 318
 319    tcg_gen_extu_i32_i64(tmp64, b);
 320    tcg_temp_free_i32(b);
 321    tcg_gen_shli_i64(tmp64, tmp64, 32);
 322    tcg_gen_add_i64(a, tmp64, a);
 323
 324    tcg_temp_free_i64(tmp64);
 325    return a;
 326}
 327
 328/* Return (b << 32) - a. Mark inputs as dead. */
 329static TCGv_i64 gen_subq_msw(TCGv_i64 a, TCGv_i32 b)
 330{
 331    TCGv_i64 tmp64 = tcg_temp_new_i64();
 332
 333    tcg_gen_extu_i32_i64(tmp64, b);
 334    tcg_temp_free_i32(b);
 335    tcg_gen_shli_i64(tmp64, tmp64, 32);
 336    tcg_gen_sub_i64(a, tmp64, a);
 337
 338    tcg_temp_free_i64(tmp64);
 339    return a;
 340}
 341
 342/* 32x32->64 multiply.  Marks inputs as dead.  */
 343static TCGv_i64 gen_mulu_i64_i32(TCGv_i32 a, TCGv_i32 b)
 344{
 345    TCGv_i32 lo = tcg_temp_new_i32();
 346    TCGv_i32 hi = tcg_temp_new_i32();
 347    TCGv_i64 ret;
 348
 349    tcg_gen_mulu2_i32(lo, hi, a, b);
 350    tcg_temp_free_i32(a);
 351    tcg_temp_free_i32(b);
 352
 353    ret = tcg_temp_new_i64();
 354    tcg_gen_concat_i32_i64(ret, lo, hi);
 355    tcg_temp_free_i32(lo);
 356    tcg_temp_free_i32(hi);
 357
 358    return ret;
 359}
 360
 361static TCGv_i64 gen_muls_i64_i32(TCGv_i32 a, TCGv_i32 b)
 362{
 363    TCGv_i32 lo = tcg_temp_new_i32();
 364    TCGv_i32 hi = tcg_temp_new_i32();
 365    TCGv_i64 ret;
 366
 367    tcg_gen_muls2_i32(lo, hi, a, b);
 368    tcg_temp_free_i32(a);
 369    tcg_temp_free_i32(b);
 370
 371    ret = tcg_temp_new_i64();
 372    tcg_gen_concat_i32_i64(ret, lo, hi);
 373    tcg_temp_free_i32(lo);
 374    tcg_temp_free_i32(hi);
 375
 376    return ret;
 377}
 378
 379/* Swap low and high halfwords.  */
 380static void gen_swap_half(TCGv_i32 var)
 381{
 382    TCGv_i32 tmp = tcg_temp_new_i32();
 383    tcg_gen_shri_i32(tmp, var, 16);
 384    tcg_gen_shli_i32(var, var, 16);
 385    tcg_gen_or_i32(var, var, tmp);
 386    tcg_temp_free_i32(tmp);
 387}
 388
 389/* Dual 16-bit add.  Result placed in t0 and t1 is marked as dead.
 390    tmp = (t0 ^ t1) & 0x8000;
 391    t0 &= ~0x8000;
 392    t1 &= ~0x8000;
 393    t0 = (t0 + t1) ^ tmp;
 394 */
 395
 396static void gen_add16(TCGv_i32 t0, TCGv_i32 t1)
 397{
 398    TCGv_i32 tmp = tcg_temp_new_i32();
 399    tcg_gen_xor_i32(tmp, t0, t1);
 400    tcg_gen_andi_i32(tmp, tmp, 0x8000);
 401    tcg_gen_andi_i32(t0, t0, ~0x8000);
 402    tcg_gen_andi_i32(t1, t1, ~0x8000);
 403    tcg_gen_add_i32(t0, t0, t1);
 404    tcg_gen_xor_i32(t0, t0, tmp);
 405    tcg_temp_free_i32(tmp);
 406    tcg_temp_free_i32(t1);
 407}
 408
 409/* Set CF to the top bit of var.  */
 410static void gen_set_CF_bit31(TCGv_i32 var)
 411{
 412    tcg_gen_shri_i32(cpu_CF, var, 31);
 413}
 414
 415/* Set N and Z flags from var.  */
 416static inline void gen_logic_CC(TCGv_i32 var)
 417{
 418    tcg_gen_mov_i32(cpu_NF, var);
 419    tcg_gen_mov_i32(cpu_ZF, var);
 420}
 421
 422/* T0 += T1 + CF.  */
 423static void gen_adc(TCGv_i32 t0, TCGv_i32 t1)
 424{
 425    tcg_gen_add_i32(t0, t0, t1);
 426    tcg_gen_add_i32(t0, t0, cpu_CF);
 427}
 428
 429/* dest = T0 + T1 + CF. */
 430static void gen_add_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 431{
 432    tcg_gen_add_i32(dest, t0, t1);
 433    tcg_gen_add_i32(dest, dest, cpu_CF);
 434}
 435
 436/* dest = T0 - T1 + CF - 1.  */
 437static void gen_sub_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 438{
 439    tcg_gen_sub_i32(dest, t0, t1);
 440    tcg_gen_add_i32(dest, dest, cpu_CF);
 441    tcg_gen_subi_i32(dest, dest, 1);
 442}
 443
 444/* dest = T0 + T1. Compute C, N, V and Z flags */
 445static void gen_add_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 446{
 447    TCGv_i32 tmp = tcg_temp_new_i32();
 448    tcg_gen_movi_i32(tmp, 0);
 449    tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, t1, tmp);
 450    tcg_gen_mov_i32(cpu_ZF, cpu_NF);
 451    tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
 452    tcg_gen_xor_i32(tmp, t0, t1);
 453    tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
 454    tcg_temp_free_i32(tmp);
 455    tcg_gen_mov_i32(dest, cpu_NF);
 456}
 457
 458/* dest = T0 + T1 + CF.  Compute C, N, V and Z flags */
 459static void gen_adc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 460{
 461    TCGv_i32 tmp = tcg_temp_new_i32();
 462    if (TCG_TARGET_HAS_add2_i32) {
 463        tcg_gen_movi_i32(tmp, 0);
 464        tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, cpu_CF, tmp);
 465        tcg_gen_add2_i32(cpu_NF, cpu_CF, cpu_NF, cpu_CF, t1, tmp);
 466    } else {
 467        TCGv_i64 q0 = tcg_temp_new_i64();
 468        TCGv_i64 q1 = tcg_temp_new_i64();
 469        tcg_gen_extu_i32_i64(q0, t0);
 470        tcg_gen_extu_i32_i64(q1, t1);
 471        tcg_gen_add_i64(q0, q0, q1);
 472        tcg_gen_extu_i32_i64(q1, cpu_CF);
 473        tcg_gen_add_i64(q0, q0, q1);
 474        tcg_gen_extr_i64_i32(cpu_NF, cpu_CF, q0);
 475        tcg_temp_free_i64(q0);
 476        tcg_temp_free_i64(q1);
 477    }
 478    tcg_gen_mov_i32(cpu_ZF, cpu_NF);
 479    tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
 480    tcg_gen_xor_i32(tmp, t0, t1);
 481    tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp);
 482    tcg_temp_free_i32(tmp);
 483    tcg_gen_mov_i32(dest, cpu_NF);
 484}
 485
 486/* dest = T0 - T1. Compute C, N, V and Z flags */
 487static void gen_sub_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 488{
 489    TCGv_i32 tmp;
 490    tcg_gen_sub_i32(cpu_NF, t0, t1);
 491    tcg_gen_mov_i32(cpu_ZF, cpu_NF);
 492    tcg_gen_setcond_i32(TCG_COND_GEU, cpu_CF, t0, t1);
 493    tcg_gen_xor_i32(cpu_VF, cpu_NF, t0);
 494    tmp = tcg_temp_new_i32();
 495    tcg_gen_xor_i32(tmp, t0, t1);
 496    tcg_gen_and_i32(cpu_VF, cpu_VF, tmp);
 497    tcg_temp_free_i32(tmp);
 498    tcg_gen_mov_i32(dest, cpu_NF);
 499}
 500
 501/* dest = T0 + ~T1 + CF.  Compute C, N, V and Z flags */
 502static void gen_sbc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 503{
 504    TCGv_i32 tmp = tcg_temp_new_i32();
 505    tcg_gen_not_i32(tmp, t1);
 506    gen_adc_CC(dest, t0, tmp);
 507    tcg_temp_free_i32(tmp);
 508}
 509
 510#define GEN_SHIFT(name)                                               \
 511static void gen_##name(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)       \
 512{                                                                     \
 513    TCGv_i32 tmp1, tmp2, tmp3;                                        \
 514    tmp1 = tcg_temp_new_i32();                                        \
 515    tcg_gen_andi_i32(tmp1, t1, 0xff);                                 \
 516    tmp2 = tcg_const_i32(0);                                          \
 517    tmp3 = tcg_const_i32(0x1f);                                       \
 518    tcg_gen_movcond_i32(TCG_COND_GTU, tmp2, tmp1, tmp3, tmp2, t0);    \
 519    tcg_temp_free_i32(tmp3);                                          \
 520    tcg_gen_andi_i32(tmp1, tmp1, 0x1f);                               \
 521    tcg_gen_##name##_i32(dest, tmp2, tmp1);                           \
 522    tcg_temp_free_i32(tmp2);                                          \
 523    tcg_temp_free_i32(tmp1);                                          \
 524}
 525GEN_SHIFT(shl)
 526GEN_SHIFT(shr)
 527#undef GEN_SHIFT
 528
 529static void gen_sar(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 530{
 531    TCGv_i32 tmp1, tmp2;
 532    tmp1 = tcg_temp_new_i32();
 533    tcg_gen_andi_i32(tmp1, t1, 0xff);
 534    tmp2 = tcg_const_i32(0x1f);
 535    tcg_gen_movcond_i32(TCG_COND_GTU, tmp1, tmp1, tmp2, tmp2, tmp1);
 536    tcg_temp_free_i32(tmp2);
 537    tcg_gen_sar_i32(dest, t0, tmp1);
 538    tcg_temp_free_i32(tmp1);
 539}
 540
 541static void tcg_gen_abs_i32(TCGv_i32 dest, TCGv_i32 src)
 542{
 543    TCGv_i32 c0 = tcg_const_i32(0);
 544    TCGv_i32 tmp = tcg_temp_new_i32();
 545    tcg_gen_neg_i32(tmp, src);
 546    tcg_gen_movcond_i32(TCG_COND_GT, dest, src, c0, src, tmp);
 547    tcg_temp_free_i32(c0);
 548    tcg_temp_free_i32(tmp);
 549}
 550
 551static void shifter_out_im(TCGv_i32 var, int shift)
 552{
 553    if (shift == 0) {
 554        tcg_gen_andi_i32(cpu_CF, var, 1);
 555    } else {
 556        tcg_gen_shri_i32(cpu_CF, var, shift);
 557        if (shift != 31) {
 558            tcg_gen_andi_i32(cpu_CF, cpu_CF, 1);
 559        }
 560    }
 561}
 562
 563/* Shift by immediate.  Includes special handling for shift == 0.  */
 564static inline void gen_arm_shift_im(TCGv_i32 var, int shiftop,
 565                                    int shift, int flags)
 566{
 567    switch (shiftop) {
 568    case 0: /* LSL */
 569        if (shift != 0) {
 570            if (flags)
 571                shifter_out_im(var, 32 - shift);
 572            tcg_gen_shli_i32(var, var, shift);
 573        }
 574        break;
 575    case 1: /* LSR */
 576        if (shift == 0) {
 577            if (flags) {
 578                tcg_gen_shri_i32(cpu_CF, var, 31);
 579            }
 580            tcg_gen_movi_i32(var, 0);
 581        } else {
 582            if (flags)
 583                shifter_out_im(var, shift - 1);
 584            tcg_gen_shri_i32(var, var, shift);
 585        }
 586        break;
 587    case 2: /* ASR */
 588        if (shift == 0)
 589            shift = 32;
 590        if (flags)
 591            shifter_out_im(var, shift - 1);
 592        if (shift == 32)
 593          shift = 31;
 594        tcg_gen_sari_i32(var, var, shift);
 595        break;
 596    case 3: /* ROR/RRX */
 597        if (shift != 0) {
 598            if (flags)
 599                shifter_out_im(var, shift - 1);
 600            tcg_gen_rotri_i32(var, var, shift); break;
 601        } else {
 602            TCGv_i32 tmp = tcg_temp_new_i32();
 603            tcg_gen_shli_i32(tmp, cpu_CF, 31);
 604            if (flags)
 605                shifter_out_im(var, 0);
 606            tcg_gen_shri_i32(var, var, 1);
 607            tcg_gen_or_i32(var, var, tmp);
 608            tcg_temp_free_i32(tmp);
 609        }
 610    }
 611};
 612
 613static inline void gen_arm_shift_reg(TCGv_i32 var, int shiftop,
 614                                     TCGv_i32 shift, int flags)
 615{
 616    if (flags) {
 617        switch (shiftop) {
 618        case 0: gen_helper_shl_cc(var, cpu_env, var, shift); break;
 619        case 1: gen_helper_shr_cc(var, cpu_env, var, shift); break;
 620        case 2: gen_helper_sar_cc(var, cpu_env, var, shift); break;
 621        case 3: gen_helper_ror_cc(var, cpu_env, var, shift); break;
 622        }
 623    } else {
 624        switch (shiftop) {
 625        case 0:
 626            gen_shl(var, var, shift);
 627            break;
 628        case 1:
 629            gen_shr(var, var, shift);
 630            break;
 631        case 2:
 632            gen_sar(var, var, shift);
 633            break;
 634        case 3: tcg_gen_andi_i32(shift, shift, 0x1f);
 635                tcg_gen_rotr_i32(var, var, shift); break;
 636        }
 637    }
 638    tcg_temp_free_i32(shift);
 639}
 640
 641#define PAS_OP(pfx) \
 642    switch (op2) {  \
 643    case 0: gen_pas_helper(glue(pfx,add16)); break; \
 644    case 1: gen_pas_helper(glue(pfx,addsubx)); break; \
 645    case 2: gen_pas_helper(glue(pfx,subaddx)); break; \
 646    case 3: gen_pas_helper(glue(pfx,sub16)); break; \
 647    case 4: gen_pas_helper(glue(pfx,add8)); break; \
 648    case 7: gen_pas_helper(glue(pfx,sub8)); break; \
 649    }
 650static void gen_arm_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
 651{
 652    TCGv_ptr tmp;
 653
 654    switch (op1) {
 655#define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
 656    case 1:
 657        tmp = tcg_temp_new_ptr();
 658        tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
 659        PAS_OP(s)
 660        tcg_temp_free_ptr(tmp);
 661        break;
 662    case 5:
 663        tmp = tcg_temp_new_ptr();
 664        tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
 665        PAS_OP(u)
 666        tcg_temp_free_ptr(tmp);
 667        break;
 668#undef gen_pas_helper
 669#define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
 670    case 2:
 671        PAS_OP(q);
 672        break;
 673    case 3:
 674        PAS_OP(sh);
 675        break;
 676    case 6:
 677        PAS_OP(uq);
 678        break;
 679    case 7:
 680        PAS_OP(uh);
 681        break;
 682#undef gen_pas_helper
 683    }
 684}
 685#undef PAS_OP
 686
 687/* For unknown reasons Arm and Thumb-2 use arbitrarily different encodings.  */
 688#define PAS_OP(pfx) \
 689    switch (op1) {  \
 690    case 0: gen_pas_helper(glue(pfx,add8)); break; \
 691    case 1: gen_pas_helper(glue(pfx,add16)); break; \
 692    case 2: gen_pas_helper(glue(pfx,addsubx)); break; \
 693    case 4: gen_pas_helper(glue(pfx,sub8)); break; \
 694    case 5: gen_pas_helper(glue(pfx,sub16)); break; \
 695    case 6: gen_pas_helper(glue(pfx,subaddx)); break; \
 696    }
 697static void gen_thumb2_parallel_addsub(int op1, int op2, TCGv_i32 a, TCGv_i32 b)
 698{
 699    TCGv_ptr tmp;
 700
 701    switch (op2) {
 702#define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
 703    case 0:
 704        tmp = tcg_temp_new_ptr();
 705        tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
 706        PAS_OP(s)
 707        tcg_temp_free_ptr(tmp);
 708        break;
 709    case 4:
 710        tmp = tcg_temp_new_ptr();
 711        tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
 712        PAS_OP(u)
 713        tcg_temp_free_ptr(tmp);
 714        break;
 715#undef gen_pas_helper
 716#define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
 717    case 1:
 718        PAS_OP(q);
 719        break;
 720    case 2:
 721        PAS_OP(sh);
 722        break;
 723    case 5:
 724        PAS_OP(uq);
 725        break;
 726    case 6:
 727        PAS_OP(uh);
 728        break;
 729#undef gen_pas_helper
 730    }
 731}
 732#undef PAS_OP
 733
 734/*
 735 * Generate a conditional based on ARM condition code cc.
 736 * This is common between ARM and Aarch64 targets.
 737 */
 738void arm_test_cc(DisasCompare *cmp, int cc)
 739{
 740    TCGv_i32 value;
 741    TCGCond cond;
 742    bool global = true;
 743
 744    switch (cc) {
 745    case 0: /* eq: Z */
 746    case 1: /* ne: !Z */
 747        cond = TCG_COND_EQ;
 748        value = cpu_ZF;
 749        break;
 750
 751    case 2: /* cs: C */
 752    case 3: /* cc: !C */
 753        cond = TCG_COND_NE;
 754        value = cpu_CF;
 755        break;
 756
 757    case 4: /* mi: N */
 758    case 5: /* pl: !N */
 759        cond = TCG_COND_LT;
 760        value = cpu_NF;
 761        break;
 762
 763    case 6: /* vs: V */
 764    case 7: /* vc: !V */
 765        cond = TCG_COND_LT;
 766        value = cpu_VF;
 767        break;
 768
 769    case 8: /* hi: C && !Z */
 770    case 9: /* ls: !C || Z -> !(C && !Z) */
 771        cond = TCG_COND_NE;
 772        value = tcg_temp_new_i32();
 773        global = false;
 774        /* CF is 1 for C, so -CF is an all-bits-set mask for C;
 775           ZF is non-zero for !Z; so AND the two subexpressions.  */
 776        tcg_gen_neg_i32(value, cpu_CF);
 777        tcg_gen_and_i32(value, value, cpu_ZF);
 778        break;
 779
 780    case 10: /* ge: N == V -> N ^ V == 0 */
 781    case 11: /* lt: N != V -> N ^ V != 0 */
 782        /* Since we're only interested in the sign bit, == 0 is >= 0.  */
 783        cond = TCG_COND_GE;
 784        value = tcg_temp_new_i32();
 785        global = false;
 786        tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
 787        break;
 788
 789    case 12: /* gt: !Z && N == V */
 790    case 13: /* le: Z || N != V */
 791        cond = TCG_COND_NE;
 792        value = tcg_temp_new_i32();
 793        global = false;
 794        /* (N == V) is equal to the sign bit of ~(NF ^ VF).  Propagate
 795         * the sign bit then AND with ZF to yield the result.  */
 796        tcg_gen_xor_i32(value, cpu_VF, cpu_NF);
 797        tcg_gen_sari_i32(value, value, 31);
 798        tcg_gen_andc_i32(value, cpu_ZF, value);
 799        break;
 800
 801    case 14: /* always */
 802    case 15: /* always */
 803        /* Use the ALWAYS condition, which will fold early.
 804         * It doesn't matter what we use for the value.  */
 805        cond = TCG_COND_ALWAYS;
 806        value = cpu_ZF;
 807        goto no_invert;
 808
 809    default:
 810        fprintf(stderr, "Bad condition code 0x%x\n", cc);
 811        abort();
 812    }
 813
 814    if (cc & 1) {
 815        cond = tcg_invert_cond(cond);
 816    }
 817
 818 no_invert:
 819    cmp->cond = cond;
 820    cmp->value = value;
 821    cmp->value_global = global;
 822}
 823
 824void arm_free_cc(DisasCompare *cmp)
 825{
 826    if (!cmp->value_global) {
 827        tcg_temp_free_i32(cmp->value);
 828    }
 829}
 830
 831void arm_jump_cc(DisasCompare *cmp, TCGLabel *label)
 832{
 833    tcg_gen_brcondi_i32(cmp->cond, cmp->value, 0, label);
 834}
 835
 836void arm_gen_test_cc(int cc, TCGLabel *label)
 837{
 838    DisasCompare cmp;
 839    arm_test_cc(&cmp, cc);
 840    arm_jump_cc(&cmp, label);
 841    arm_free_cc(&cmp);
 842}
 843
 844static const uint8_t table_logic_cc[16] = {
 845    1, /* and */
 846    1, /* xor */
 847    0, /* sub */
 848    0, /* rsb */
 849    0, /* add */
 850    0, /* adc */
 851    0, /* sbc */
 852    0, /* rsc */
 853    1, /* andl */
 854    1, /* xorl */
 855    0, /* cmp */
 856    0, /* cmn */
 857    1, /* orr */
 858    1, /* mov */
 859    1, /* bic */
 860    1, /* mvn */
 861};
 862
 863/* Set PC and Thumb state from an immediate address.  */
 864static inline void gen_bx_im(DisasContext *s, uint32_t addr)
 865{
 866    TCGv_i32 tmp;
 867
 868    s->is_jmp = DISAS_JUMP;
 869    if (s->thumb != (addr & 1)) {
 870        tmp = tcg_temp_new_i32();
 871        tcg_gen_movi_i32(tmp, addr & 1);
 872        tcg_gen_st_i32(tmp, cpu_env, offsetof(CPUARMState, thumb));
 873        tcg_temp_free_i32(tmp);
 874    }
 875    tcg_gen_movi_i32(cpu_R[15], addr & ~1);
 876}
 877
 878/* Set PC and Thumb state from var.  var is marked as dead.  */
 879static inline void gen_bx(DisasContext *s, TCGv_i32 var)
 880{
 881    s->is_jmp = DISAS_JUMP;
 882    tcg_gen_andi_i32(cpu_R[15], var, ~1);
 883    tcg_gen_andi_i32(var, var, 1);
 884    store_cpu_field(var, thumb);
 885}
 886
 887/* Variant of store_reg which uses branch&exchange logic when storing
 888   to r15 in ARM architecture v7 and above. The source must be a temporary
 889   and will be marked as dead. */
 890static inline void store_reg_bx(DisasContext *s, int reg, TCGv_i32 var)
 891{
 892    if (reg == 15 && ENABLE_ARCH_7) {
 893        gen_bx(s, var);
 894    } else {
 895        store_reg(s, reg, var);
 896    }
 897}
 898
 899/* Variant of store_reg which uses branch&exchange logic when storing
 900 * to r15 in ARM architecture v5T and above. This is used for storing
 901 * the results of a LDR/LDM/POP into r15, and corresponds to the cases
 902 * in the ARM ARM which use the LoadWritePC() pseudocode function. */
 903static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var)
 904{
 905    if (reg == 15 && ENABLE_ARCH_5) {
 906        gen_bx(s, var);
 907    } else {
 908        store_reg(s, reg, var);
 909    }
 910}
 911
 912#ifdef CONFIG_USER_ONLY
 913#define IS_USER_ONLY 1
 914#else
 915#define IS_USER_ONLY 0
 916#endif
 917
 918/* Abstractions of "generate code to do a guest load/store for
 919 * AArch32", where a vaddr is always 32 bits (and is zero
 920 * extended if we're a 64 bit core) and  data is also
 921 * 32 bits unless specifically doing a 64 bit access.
 922 * These functions work like tcg_gen_qemu_{ld,st}* except
 923 * that the address argument is TCGv_i32 rather than TCGv.
 924 */
 925
 926static inline TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, TCGMemOp op)
 927{
 928    TCGv addr = tcg_temp_new();
 929    tcg_gen_extu_i32_tl(addr, a32);
 930
 931    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
 932    if (!IS_USER_ONLY && s->sctlr_b && (op & MO_SIZE) < MO_32) {
 933        tcg_gen_xori_tl(addr, addr, 4 - (1 << (op & MO_SIZE)));
 934    }
 935    return addr;
 936}
 937
 938static void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
 939                            int index, TCGMemOp opc)
 940{
 941    TCGv addr = gen_aa32_addr(s, a32, opc);
 942    tcg_gen_qemu_ld_i32(val, addr, index, opc);
 943    tcg_temp_free(addr);
 944}
 945
 946static void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32,
 947                            int index, TCGMemOp opc)
 948{
 949    TCGv addr = gen_aa32_addr(s, a32, opc);
 950    tcg_gen_qemu_st_i32(val, addr, index, opc);
 951    tcg_temp_free(addr);
 952}
 953
 954#define DO_GEN_LD(SUFF, OPC)                                             \
 955static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val,      \
 956                                     TCGv_i32 a32, int index)            \
 957{                                                                        \
 958    gen_aa32_ld_i32(s, val, a32, index, OPC | s->be_data);               \
 959}
 960
 961#define DO_GEN_ST(SUFF, OPC)                                             \
 962static inline void gen_aa32_st##SUFF(DisasContext *s, TCGv_i32 val,      \
 963                                     TCGv_i32 a32, int index)            \
 964{                                                                        \
 965    gen_aa32_st_i32(s, val, a32, index, OPC | s->be_data);               \
 966}
 967
 968static inline void gen_aa32_frob64(DisasContext *s, TCGv_i64 val)
 969{
 970    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
 971    if (!IS_USER_ONLY && s->sctlr_b) {
 972        tcg_gen_rotri_i64(val, val, 32);
 973    }
 974}
 975
 976static void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
 977                            int index, TCGMemOp opc)
 978{
 979    TCGv addr = gen_aa32_addr(s, a32, opc);
 980    tcg_gen_qemu_ld_i64(val, addr, index, opc);
 981    gen_aa32_frob64(s, val);
 982    tcg_temp_free(addr);
 983}
 984
 985static inline void gen_aa32_ld64(DisasContext *s, TCGv_i64 val,
 986                                 TCGv_i32 a32, int index)
 987{
 988    gen_aa32_ld_i64(s, val, a32, index, MO_Q | s->be_data);
 989}
 990
 991static void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32,
 992                            int index, TCGMemOp opc)
 993{
 994    TCGv addr = gen_aa32_addr(s, a32, opc);
 995
 996    /* Not needed for user-mode BE32, where we use MO_BE instead.  */
 997    if (!IS_USER_ONLY && s->sctlr_b) {
 998        TCGv_i64 tmp = tcg_temp_new_i64();
 999        tcg_gen_rotri_i64(tmp, val, 32);
1000        tcg_gen_qemu_st_i64(tmp, addr, index, opc);

1001        tcg_temp_free_i64(tmp);
1002    } else {
1003        tcg_gen_qemu_st_i64(val, addr, index, opc);
1004    }
1005    tcg_temp_free(addr);
1006}
1007
1008static inline void gen_aa32_st64(DisasContext *s, TCGv_i64 val,
1009                                 TCGv_i32 a32, int index)
1010{
1011    gen_aa32_st_i64(s, val, a32, index, MO_Q | s->be_data);
1012}
1013
1014DO_GEN_LD(8s, MO_SB)
1015DO_GEN_LD(8u, MO_UB)
1016DO_GEN_LD(16s, MO_SW)
1017DO_GEN_LD(16u, MO_UW)
1018DO_GEN_LD(32u, MO_UL)
1019DO_GEN_ST(8, MO_UB)
1020DO_GEN_ST(16, MO_UW)
1021DO_GEN_ST(32, MO_UL)
1022
1023static inline void gen_set_pc_im(DisasContext *s, target_ulong val)
1024{
1025    tcg_gen_movi_i32(cpu_R[15], val);
1026}
1027
1028static inline void gen_hvc(DisasContext *s, int imm16)
1029{
1030    /* The pre HVC helper handles cases when HVC gets trapped
1031     * as an undefined insn by runtime configuration (ie before
1032     * the insn really executes).
1033     */
1034    gen_set_pc_im(s, s->pc - 4);
1035    gen_helper_pre_hvc(cpu_env);
1036    /* Otherwise we will treat this as a real exception which
1037     * happens after execution of the insn. (The distinction matters
1038     * for the PC value reported to the exception handler and also
1039     * for single stepping.)
1040     */
1041    s->svc_imm = imm16;
1042    gen_set_pc_im(s, s->pc);
1043    s->is_jmp = DISAS_HVC;
1044}
1045
1046static inline void gen_smc(DisasContext *s)
1047{
1048    /* As with HVC, we may take an exception either before or after
1049     * the insn executes.
1050     */
1051    TCGv_i32 tmp;
1052
1053    gen_set_pc_im(s, s->pc - 4);
1054    tmp = tcg_const_i32(syn_aa32_smc());
1055    gen_helper_pre_smc(cpu_env, tmp);
1056    tcg_temp_free_i32(tmp);
1057    gen_set_pc_im(s, s->pc);
1058    s->is_jmp = DISAS_SMC;
1059}
1060
1061static inline void
1062gen_set_condexec (DisasContext *s)
1063{
1064    if (s->condexec_mask) {
1065        uint32_t val = (s->condexec_cond << 4) | (s->condexec_mask >> 1);
1066        TCGv_i32 tmp = tcg_temp_new_i32();
1067        tcg_gen_movi_i32(tmp, val);
1068        store_cpu_field(tmp, condexec_bits);
1069    }
1070}
1071
1072static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
1073{
1074    gen_set_condexec(s);
1075    gen_set_pc_im(s, s->pc - offset);
1076    gen_exception_internal(excp);
1077    s->is_jmp = DISAS_JUMP;
1078}
1079
1080static void gen_exception_insn(DisasContext *s, int offset, int excp,
1081                               int syn, uint32_t target_el)
1082{
1083    gen_set_condexec(s);
1084    gen_set_pc_im(s, s->pc - offset);
1085    gen_exception(excp, syn, target_el);
1086    s->is_jmp = DISAS_JUMP;
1087}
1088
1089/* Force a TB lookup after an instruction that changes the CPU state.  */
1090static inline void gen_lookup_tb(DisasContext *s)
1091{
1092    tcg_gen_movi_i32(cpu_R[15], s->pc & ~1);
1093    s->is_jmp = DISAS_JUMP;
1094}
1095
1096static inline void gen_hlt(DisasContext *s, int imm)
1097{
1098    /* HLT. This has two purposes.
1099     * Architecturally, it is an external halting debug instruction.
1100     * Since QEMU doesn't implement external debug, we treat this as
1101     * it is required for halting debug disabled: it will UNDEF.
1102     * Secondly, "HLT 0x3C" is a T32 semihosting trap instruction,
1103     * and "HLT 0xF000" is an A32 semihosting syscall. These traps
1104     * must trigger semihosting even for ARMv7 and earlier, where
1105     * HLT was an undefined encoding.
1106     * In system mode, we don't allow userspace access to
1107     * semihosting, to provide some semblance of security
1108     * (and for consistency with our 32-bit semihosting).
1109     */
1110    if (semihosting_enabled() &&
1111#ifndef CONFIG_USER_ONLY
1112        s->current_el != 0 &&
1113#endif
1114        (imm == (s->thumb ? 0x3c : 0xf000))) {
1115        gen_exception_internal_insn(s, 0, EXCP_SEMIHOST);
1116        return;
1117    }
1118
1119    gen_exception_insn(s, s->thumb ? 2 : 4, EXCP_UDEF, syn_uncategorized(),
1120                       default_exception_el(s));
1121}
1122
1123static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
1124                                       TCGv_i32 var)
1125{
1126    int val, rm, shift, shiftop;
1127    TCGv_i32 offset;
1128
1129    if (!(insn & (1 << 25))) {
1130        /* immediate */
1131        val = insn & 0xfff;
1132        if (!(insn & (1 << 23)))
1133            val = -val;
1134        if (val != 0)
1135            tcg_gen_addi_i32(var, var, val);
1136    } else {
1137        /* shift/register */
1138        rm = (insn) & 0xf;
1139        shift = (insn >> 7) & 0x1f;
1140        shiftop = (insn >> 5) & 3;
1141        offset = load_reg(s, rm);
1142        gen_arm_shift_im(offset, shiftop, shift, 0);
1143        if (!(insn & (1 << 23)))
1144            tcg_gen_sub_i32(var, var, offset);
1145        else
1146            tcg_gen_add_i32(var, var, offset);
1147        tcg_temp_free_i32(offset);
1148    }
1149}
1150
1151static inline void gen_add_datah_offset(DisasContext *s, unsigned int insn,
1152                                        int extra, TCGv_i32 var)
1153{
1154    int val, rm;
1155    TCGv_i32 offset;
1156
1157    if (insn & (1 << 22)) {
1158        /* immediate */
1159        val = (insn & 0xf) | ((insn >> 4) & 0xf0);
1160        if (!(insn & (1 << 23)))
1161            val = -val;
1162        val += extra;
1163        if (val != 0)
1164            tcg_gen_addi_i32(var, var, val);
1165    } else {
1166        /* register */
1167        if (extra)
1168            tcg_gen_addi_i32(var, var, extra);
1169        rm = (insn) & 0xf;
1170        offset = load_reg(s, rm);
1171        if (!(insn & (1 << 23)))
1172            tcg_gen_sub_i32(var, var, offset);
1173        else
1174            tcg_gen_add_i32(var, var, offset);
1175        tcg_temp_free_i32(offset);
1176    }
1177}
1178
1179static TCGv_ptr get_fpstatus_ptr(int neon)
1180{
1181    TCGv_ptr statusptr = tcg_temp_new_ptr();
1182    int offset;
1183    if (neon) {
1184        offset = offsetof(CPUARMState, vfp.standard_fp_status);
1185    } else {
1186        offset = offsetof(CPUARMState, vfp.fp_status);
1187    }
1188    tcg_gen_addi_ptr(statusptr, cpu_env, offset);
1189    return statusptr;
1190}
1191
1192#define VFP_OP2(name)                                                 \
1193static inline void gen_vfp_##name(int dp)                             \
1194{                                                                     \
1195    TCGv_ptr fpst = get_fpstatus_ptr(0);                              \
1196    if (dp) {                                                         \
1197        gen_helper_vfp_##name##d(cpu_F0d, cpu_F0d, cpu_F1d, fpst);    \
1198    } else {                                                          \
1199        gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, cpu_F1s, fpst);    \
1200    }                                                                 \
1201    tcg_temp_free_ptr(fpst);                                          \
1202}
1203
1204VFP_OP2(add)
1205VFP_OP2(sub)
1206VFP_OP2(mul)
1207VFP_OP2(div)
1208
1209#undef VFP_OP2
1210
1211static inline void gen_vfp_F1_mul(int dp)
1212{
1213    /* Like gen_vfp_mul() but put result in F1 */
1214    TCGv_ptr fpst = get_fpstatus_ptr(0);
1215    if (dp) {
1216        gen_helper_vfp_muld(cpu_F1d, cpu_F0d, cpu_F1d, fpst);
1217    } else {
1218        gen_helper_vfp_muls(cpu_F1s, cpu_F0s, cpu_F1s, fpst);
1219    }
1220    tcg_temp_free_ptr(fpst);
1221}
1222
1223static inline void gen_vfp_F1_neg(int dp)
1224{
1225    /* Like gen_vfp_neg() but put result in F1 */
1226    if (dp) {
1227        gen_helper_vfp_negd(cpu_F1d, cpu_F0d);
1228    } else {
1229        gen_helper_vfp_negs(cpu_F1s, cpu_F0s);
1230    }
1231}
1232
1233static inline void gen_vfp_abs(int dp)
1234{
1235    if (dp)
1236        gen_helper_vfp_absd(cpu_F0d, cpu_F0d);
1237    else
1238        gen_helper_vfp_abss(cpu_F0s, cpu_F0s);
1239}
1240
1241static inline void gen_vfp_neg(int dp)
1242{
1243    if (dp)
1244        gen_helper_vfp_negd(cpu_F0d, cpu_F0d);
1245    else
1246        gen_helper_vfp_negs(cpu_F0s, cpu_F0s);
1247}
1248
1249static inline void gen_vfp_sqrt(int dp)
1250{
1251    if (dp)
1252        gen_helper_vfp_sqrtd(cpu_F0d, cpu_F0d, cpu_env);
1253    else
1254        gen_helper_vfp_sqrts(cpu_F0s, cpu_F0s, cpu_env);
1255}
1256
1257static inline void gen_vfp_cmp(int dp)
1258{
1259    if (dp)
1260        gen_helper_vfp_cmpd(cpu_F0d, cpu_F1d, cpu_env);
1261    else
1262        gen_helper_vfp_cmps(cpu_F0s, cpu_F1s, cpu_env);
1263}
1264
1265static inline void gen_vfp_cmpe(int dp)
1266{
1267    if (dp)
1268        gen_helper_vfp_cmped(cpu_F0d, cpu_F1d, cpu_env);
1269    else
1270        gen_helper_vfp_cmpes(cpu_F0s, cpu_F1s, cpu_env);
1271}
1272
1273static inline void gen_vfp_F1_ld0(int dp)
1274{
1275    if (dp)
1276        tcg_gen_movi_i64(cpu_F1d, 0);
1277    else
1278        tcg_gen_movi_i32(cpu_F1s, 0);
1279}
1280
1281#define VFP_GEN_ITOF(name) \
1282static inline void gen_vfp_##name(int dp, int neon) \
1283{ \
1284    TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
1285    if (dp) { \
1286        gen_helper_vfp_##name##d(cpu_F0d, cpu_F0s, statusptr); \
1287    } else { \
1288        gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, statusptr); \
1289    } \
1290    tcg_temp_free_ptr(statusptr); \
1291}
1292
1293VFP_GEN_ITOF(uito)
1294VFP_GEN_ITOF(sito)
1295#undef VFP_GEN_ITOF
1296
1297#define VFP_GEN_FTOI(name) \
1298static inline void gen_vfp_##name(int dp, int neon) \
1299{ \
1300    TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
1301    if (dp) { \
1302        gen_helper_vfp_##name##d(cpu_F0s, cpu_F0d, statusptr); \
1303    } else { \
1304        gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, statusptr); \
1305    } \
1306    tcg_temp_free_ptr(statusptr); \
1307}
1308
1309VFP_GEN_FTOI(toui)
1310VFP_GEN_FTOI(touiz)
1311VFP_GEN_FTOI(tosi)
1312VFP_GEN_FTOI(tosiz)
1313#undef VFP_GEN_FTOI
1314
1315#define VFP_GEN_FIX(name, round) \
1316static inline void gen_vfp_##name(int dp, int shift, int neon) \
1317{ \
1318    TCGv_i32 tmp_shift = tcg_const_i32(shift); \
1319    TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
1320    if (dp) { \
1321        gen_helper_vfp_##name##d##round(cpu_F0d, cpu_F0d, tmp_shift, \
1322                                        statusptr); \
1323    } else { \
1324        gen_helper_vfp_##name##s##round(cpu_F0s, cpu_F0s, tmp_shift, \
1325                                        statusptr); \
1326    } \
1327    tcg_temp_free_i32(tmp_shift); \
1328    tcg_temp_free_ptr(statusptr); \
1329}
1330VFP_GEN_FIX(tosh, _round_to_zero)
1331VFP_GEN_FIX(tosl, _round_to_zero)
1332VFP_GEN_FIX(touh, _round_to_zero)
1333VFP_GEN_FIX(toul, _round_to_zero)
1334VFP_GEN_FIX(shto, )
1335VFP_GEN_FIX(slto, )
1336VFP_GEN_FIX(uhto, )
1337VFP_GEN_FIX(ulto, )
1338#undef VFP_GEN_FIX
1339
1340static inline void gen_vfp_ld(DisasContext *s, int dp, TCGv_i32 addr)
1341{
1342    if (dp) {
1343        gen_aa32_ld64(s, cpu_F0d, addr, get_mem_index(s));
1344    } else {
1345        gen_aa32_ld32u(s, cpu_F0s, addr, get_mem_index(s));
1346    }
1347}
1348
1349static inline void gen_vfp_st(DisasContext *s, int dp, TCGv_i32 addr)
1350{
1351    if (dp) {
1352        gen_aa32_st64(s, cpu_F0d, addr, get_mem_index(s));
1353    } else {
1354        gen_aa32_st32(s, cpu_F0s, addr, get_mem_index(s));
1355    }
1356}
1357
1358static inline long
1359vfp_reg_offset (int dp, int reg)
1360{
1361    if (dp)
1362        return offsetof(CPUARMState, vfp.regs[reg]);
1363    else if (reg & 1) {
1364        return offsetof(CPUARMState, vfp.regs[reg >> 1])
1365          + offsetof(CPU_DoubleU, l.upper);
1366    } else {
1367        return offsetof(CPUARMState, vfp.regs[reg >> 1])
1368          + offsetof(CPU_DoubleU, l.lower);
1369    }
1370}
1371
1372/* Return the offset of a 32-bit piece of a NEON register.
1373   zero is the least significant end of the register.  */
1374static inline long
1375neon_reg_offset (int reg, int n)
1376{
1377    int sreg;
1378    sreg = reg * 2 + n;
1379    return vfp_reg_offset(0, sreg);
1380}
1381
1382static TCGv_i32 neon_load_reg(int reg, int pass)
1383{
1384    TCGv_i32 tmp = tcg_temp_new_i32();
1385    tcg_gen_ld_i32(tmp, cpu_env, neon_reg_offset(reg, pass));
1386    return tmp;
1387}
1388
1389static void neon_store_reg(int reg, int pass, TCGv_i32 var)
1390{
1391    tcg_gen_st_i32(var, cpu_env, neon_reg_offset(reg, pass));
1392    tcg_temp_free_i32(var);
1393}
1394
1395static inline void neon_load_reg64(TCGv_i64 var, int reg)
1396{
1397    tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(1, reg));
1398}
1399
1400static inline void neon_store_reg64(TCGv_i64 var, int reg)
1401{
1402    tcg_gen_st_i64(var, cpu_env, vfp_reg_offset(1, reg));
1403}
1404
1405#define tcg_gen_ld_f32 tcg_gen_ld_i32
1406#define tcg_gen_ld_f64 tcg_gen_ld_i64
1407#define tcg_gen_st_f32 tcg_gen_st_i32
1408#define tcg_gen_st_f64 tcg_gen_st_i64
1409
1410static inline void gen_mov_F0_vreg(int dp, int reg)
1411{
1412    if (dp)
1413        tcg_gen_ld_f64(cpu_F0d, cpu_env, vfp_reg_offset(dp, reg));
1414    else
1415        tcg_gen_ld_f32(cpu_F0s, cpu_env, vfp_reg_offset(dp, reg));
1416}
1417
1418static inline void gen_mov_F1_vreg(int dp, int reg)
1419{
1420    if (dp)
1421        tcg_gen_ld_f64(cpu_F1d, cpu_env, vfp_reg_offset(dp, reg));
1422    else
1423        tcg_gen_ld_f32(cpu_F1s, cpu_env, vfp_reg_offset(dp, reg));
1424}
1425
1426static inline void gen_mov_vreg_F0(int dp, int reg)
1427{
1428    if (dp)
1429        tcg_gen_st_f64(cpu_F0d, cpu_env, vfp_reg_offset(dp, reg));
1430    else
1431        tcg_gen_st_f32(cpu_F0s, cpu_env, vfp_reg_offset(dp, reg));
1432}
1433
1434#define ARM_CP_RW_BIT   (1 << 20)
1435
1436static inline void iwmmxt_load_reg(TCGv_i64 var, int reg)
1437{
1438    tcg_gen_ld_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1439}
1440
1441static inline void iwmmxt_store_reg(TCGv_i64 var, int reg)
1442{
1443    tcg_gen_st_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
1444}
1445
1446static inline TCGv_i32 iwmmxt_load_creg(int reg)
1447{
1448    TCGv_i32 var = tcg_temp_new_i32();
1449    tcg_gen_ld_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1450    return var;
1451}
1452
1453static inline void iwmmxt_store_creg(int reg, TCGv_i32 var)
1454{
1455    tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
1456    tcg_temp_free_i32(var);
1457}
1458
1459static inline void gen_op_iwmmxt_movq_wRn_M0(int rn)
1460{
1461    iwmmxt_store_reg(cpu_M0, rn);
1462}
1463
1464static inline void gen_op_iwmmxt_movq_M0_wRn(int rn)
1465{
1466    iwmmxt_load_reg(cpu_M0, rn);
1467}
1468
1469static inline void gen_op_iwmmxt_orq_M0_wRn(int rn)
1470{
1471    iwmmxt_load_reg(cpu_V1, rn);
1472    tcg_gen_or_i64(cpu_M0, cpu_M0, cpu_V1);
1473}
1474
1475static inline void gen_op_iwmmxt_andq_M0_wRn(int rn)
1476{
1477    iwmmxt_load_reg(cpu_V1, rn);
1478    tcg_gen_and_i64(cpu_M0, cpu_M0, cpu_V1);
1479}
1480
1481static inline void gen_op_iwmmxt_xorq_M0_wRn(int rn)
1482{
1483    iwmmxt_load_reg(cpu_V1, rn);
1484    tcg_gen_xor_i64(cpu_M0, cpu_M0, cpu_V1);
1485}
1486
1487#define IWMMXT_OP(name) \
1488static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1489{ \
1490    iwmmxt_load_reg(cpu_V1, rn); \
1491    gen_helper_iwmmxt_##name(cpu_M0, cpu_M0, cpu_V1); \
1492}
1493
1494#define IWMMXT_OP_ENV(name) \
1495static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
1496{ \
1497    iwmmxt_load_reg(cpu_V1, rn); \
1498    gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0, cpu_V1); \
1499}
1500
1501#define IWMMXT_OP_ENV_SIZE(name) \
1502IWMMXT_OP_ENV(name##b) \
1503IWMMXT_OP_ENV(name##w) \
1504IWMMXT_OP_ENV(name##l)
1505
1506#define IWMMXT_OP_ENV1(name) \
1507static inline void gen_op_iwmmxt_##name##_M0(void) \
1508{ \
1509    gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0); \
1510}
1511
1512IWMMXT_OP(maddsq)
1513IWMMXT_OP(madduq)
1514IWMMXT_OP(sadb)
1515IWMMXT_OP(sadw)
1516IWMMXT_OP(mulslw)
1517IWMMXT_OP(mulshw)
1518IWMMXT_OP(mululw)
1519IWMMXT_OP(muluhw)
1520IWMMXT_OP(macsw)
1521IWMMXT_OP(macuw)
1522
1523IWMMXT_OP_ENV_SIZE(unpackl)
1524IWMMXT_OP_ENV_SIZE(unpackh)
1525
1526IWMMXT_OP_ENV1(unpacklub)
1527IWMMXT_OP_ENV1(unpackluw)
1528IWMMXT_OP_ENV1(unpacklul)
1529IWMMXT_OP_ENV1(unpackhub)
1530IWMMXT_OP_ENV1(unpackhuw)
1531IWMMXT_OP_ENV1(unpackhul)
1532IWMMXT_OP_ENV1(unpacklsb)
1533IWMMXT_OP_ENV1(unpacklsw)
1534IWMMXT_OP_ENV1(unpacklsl)
1535IWMMXT_OP_ENV1(unpackhsb)
1536IWMMXT_OP_ENV1(unpackhsw)
1537IWMMXT_OP_ENV1(unpackhsl)
1538
1539IWMMXT_OP_ENV_SIZE(cmpeq)
1540IWMMXT_OP_ENV_SIZE(cmpgtu)
1541IWMMXT_OP_ENV_SIZE(cmpgts)
1542
1543IWMMXT_OP_ENV_SIZE(mins)
1544IWMMXT_OP_ENV_SIZE(minu)
1545IWMMXT_OP_ENV_SIZE(maxs)
1546IWMMXT_OP_ENV_SIZE(maxu)
1547
1548IWMMXT_OP_ENV_SIZE(subn)
1549IWMMXT_OP_ENV_SIZE(addn)
1550IWMMXT_OP_ENV_SIZE(subu)
1551IWMMXT_OP_ENV_SIZE(addu)
1552IWMMXT_OP_ENV_SIZE(subs)
1553IWMMXT_OP_ENV_SIZE(adds)
1554
1555IWMMXT_OP_ENV(avgb0)
1556IWMMXT_OP_ENV(avgb1)
1557IWMMXT_OP_ENV(avgw0)
1558IWMMXT_OP_ENV(avgw1)
1559
1560IWMMXT_OP_ENV(packuw)
1561IWMMXT_OP_ENV(packul)
1562IWMMXT_OP_ENV(packuq)
1563IWMMXT_OP_ENV(packsw)
1564IWMMXT_OP_ENV(packsl)
1565IWMMXT_OP_ENV(packsq)
1566
1567static void gen_op_iwmmxt_set_mup(void)
1568{
1569    TCGv_i32 tmp;
1570    tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1571    tcg_gen_ori_i32(tmp, tmp, 2);
1572    store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1573}
1574
1575static void gen_op_iwmmxt_set_cup(void)
1576{
1577    TCGv_i32 tmp;
1578    tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
1579    tcg_gen_ori_i32(tmp, tmp, 1);
1580    store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
1581}
1582
1583static void gen_op_iwmmxt_setpsr_nz(void)
1584{
1585    TCGv_i32 tmp = tcg_temp_new_i32();
1586    gen_helper_iwmmxt_setpsr_nz(tmp, cpu_M0);
1587    store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCASF]);
1588}
1589
1590static inline void gen_op_iwmmxt_addl_M0_wRn(int rn)
1591{
1592    iwmmxt_load_reg(cpu_V1, rn);
1593    tcg_gen_ext32u_i64(cpu_V1, cpu_V1);
1594    tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
1595}
1596
1597static inline int gen_iwmmxt_address(DisasContext *s, uint32_t insn,
1598                                     TCGv_i32 dest)
1599{
1600    int rd;
1601    uint32_t offset;
1602    TCGv_i32 tmp;
1603
1604    rd = (insn >> 16) & 0xf;
1605    tmp = load_reg(s, rd);
1606
1607    offset = (insn & 0xff) << ((insn >> 7) & 2);
1608    if (insn & (1 << 24)) {
1609        /* Pre indexed */
1610        if (insn & (1 << 23))
1611            tcg_gen_addi_i32(tmp, tmp, offset);
1612        else
1613            tcg_gen_addi_i32(tmp, tmp, -offset);
1614        tcg_gen_mov_i32(dest, tmp);
1615        if (insn & (1 << 21))
1616            store_reg(s, rd, tmp);
1617        else
1618            tcg_temp_free_i32(tmp);
1619    } else if (insn & (1 << 21)) {
1620        /* Post indexed */
1621        tcg_gen_mov_i32(dest, tmp);
1622        if (insn & (1 << 23))
1623            tcg_gen_addi_i32(tmp, tmp, offset);
1624        else
1625            tcg_gen_addi_i32(tmp, tmp, -offset);
1626        store_reg(s, rd, tmp);
1627    } else if (!(insn & (1 << 23)))
1628        return 1;
1629    return 0;
1630}
1631
1632static inline int gen_iwmmxt_shift(uint32_t insn, uint32_t mask, TCGv_i32 dest)
1633{
1634    int rd = (insn >> 0) & 0xf;
1635    TCGv_i32 tmp;
1636
1637    if (insn & (1 << 8)) {
1638        if (rd < ARM_IWMMXT_wCGR0 || rd > ARM_IWMMXT_wCGR3) {
1639            return 1;
1640        } else {
1641            tmp = iwmmxt_load_creg(rd);
1642        }
1643    } else {
1644        tmp = tcg_temp_new_i32();
1645        iwmmxt_load_reg(cpu_V0, rd);
1646        tcg_gen_extrl_i64_i32(tmp, cpu_V0);
1647    }
1648    tcg_gen_andi_i32(tmp, tmp, mask);
1649    tcg_gen_mov_i32(dest, tmp);
1650    tcg_temp_free_i32(tmp);
1651    return 0;
1652}
1653
1654/* Disassemble an iwMMXt instruction.  Returns nonzero if an error occurred
1655   (ie. an undefined instruction).  */
1656static int disas_iwmmxt_insn(DisasContext *s, uint32_t insn)
1657{
1658    int rd, wrd;
1659    int rdhi, rdlo, rd0, rd1, i;
1660    TCGv_i32 addr;
1661    TCGv_i32 tmp, tmp2, tmp3;
1662
1663    if ((insn & 0x0e000e00) == 0x0c000000) {
1664        if ((insn & 0x0fe00ff0) == 0x0c400000) {
1665            wrd = insn & 0xf;
1666            rdlo = (insn >> 12) & 0xf;
1667            rdhi = (insn >> 16) & 0xf;
1668            if (insn & ARM_CP_RW_BIT) {                 /* TMRRC */
1669                iwmmxt_load_reg(cpu_V0, wrd);
1670                tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
1671                tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
1672                tcg_gen_extrl_i64_i32(cpu_R[rdhi], cpu_V0);
1673            } else {                                    /* TMCRR */
1674                tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
1675                iwmmxt_store_reg(cpu_V0, wrd);
1676                gen_op_iwmmxt_set_mup();
1677            }
1678            return 0;
1679        }
1680
1681        wrd = (insn >> 12) & 0xf;
1682        addr = tcg_temp_new_i32();
1683        if (gen_iwmmxt_address(s, insn, addr)) {
1684            tcg_temp_free_i32(addr);
1685            return 1;
1686        }
1687        if (insn & ARM_CP_RW_BIT) {
1688            if ((insn >> 28) == 0xf) {                  /* WLDRW wCx */
1689                tmp = tcg_temp_new_i32();
1690                gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1691                iwmmxt_store_creg(wrd, tmp);
1692            } else {
1693                i = 1;
1694                if (insn & (1 << 8)) {
1695                    if (insn & (1 << 22)) {             /* WLDRD */
1696                        gen_aa32_ld64(s, cpu_M0, addr, get_mem_index(s));
1697                        i = 0;
1698                    } else {                            /* WLDRW wRd */
1699                        tmp = tcg_temp_new_i32();
1700                        gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
1701                    }
1702                } else {
1703                    tmp = tcg_temp_new_i32();
1704                    if (insn & (1 << 22)) {             /* WLDRH */
1705                        gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
1706                    } else {                            /* WLDRB */
1707                        gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
1708                    }
1709                }
1710                if (i) {
1711                    tcg_gen_extu_i32_i64(cpu_M0, tmp);
1712                    tcg_temp_free_i32(tmp);
1713                }
1714                gen_op_iwmmxt_movq_wRn_M0(wrd);
1715            }
1716        } else {
1717            if ((insn >> 28) == 0xf) {                  /* WSTRW wCx */
1718                tmp = iwmmxt_load_creg(wrd);
1719                gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1720            } else {
1721                gen_op_iwmmxt_movq_M0_wRn(wrd);
1722                tmp = tcg_temp_new_i32();
1723                if (insn & (1 << 8)) {
1724                    if (insn & (1 << 22)) {             /* WSTRD */
1725                        gen_aa32_st64(s, cpu_M0, addr, get_mem_index(s));
1726                    } else {                            /* WSTRW wRd */
1727                        tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1728                        gen_aa32_st32(s, tmp, addr, get_mem_index(s));
1729                    }
1730                } else {
1731                    if (insn & (1 << 22)) {             /* WSTRH */
1732                        tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1733                        gen_aa32_st16(s, tmp, addr, get_mem_index(s));
1734                    } else {                            /* WSTRB */
1735                        tcg_gen_extrl_i64_i32(tmp, cpu_M0);
1736                        gen_aa32_st8(s, tmp, addr, get_mem_index(s));
1737                    }
1738                }
1739            }
1740            tcg_temp_free_i32(tmp);
1741        }
1742        tcg_temp_free_i32(addr);
1743        return 0;
1744    }
1745
1746    if ((insn & 0x0f000000) != 0x0e000000)
1747        return 1;
1748
1749    switch (((insn >> 12) & 0xf00) | ((insn >> 4) & 0xff)) {
1750    case 0x000:                                         /* WOR */
1751        wrd = (insn >> 12) & 0xf;
1752        rd0 = (insn >> 0) & 0xf;
1753        rd1 = (insn >> 16) & 0xf;
1754        gen_op_iwmmxt_movq_M0_wRn(rd0);
1755        gen_op_iwmmxt_orq_M0_wRn(rd1);
1756        gen_op_iwmmxt_setpsr_nz();
1757        gen_op_iwmmxt_movq_wRn_M0(wrd);
1758        gen_op_iwmmxt_set_mup();
1759        gen_op_iwmmxt_set_cup();
1760        break;
1761    case 0x011:                                         /* TMCR */
1762        if (insn & 0xf)
1763            return 1;
1764        rd = (insn >> 12) & 0xf;
1765        wrd = (insn >> 16) & 0xf;
1766        switch (wrd) {
1767        case ARM_IWMMXT_wCID:
1768        case ARM_IWMMXT_wCASF:
1769            break;
1770        case ARM_IWMMXT_wCon:
1771            gen_op_iwmmxt_set_cup();
1772            /* Fall through.  */
1773        case ARM_IWMMXT_wCSSF:
1774            tmp = iwmmxt_load_creg(wrd);
1775            tmp2 = load_reg(s, rd);
1776            tcg_gen_andc_i32(tmp, tmp, tmp2);
1777            tcg_temp_free_i32(tmp2);
1778            iwmmxt_store_creg(wrd, tmp);
1779            break;
1780        case ARM_IWMMXT_wCGR0:
1781        case ARM_IWMMXT_wCGR1:
1782        case ARM_IWMMXT_wCGR2:
1783        case ARM_IWMMXT_wCGR3:
1784            gen_op_iwmmxt_set_cup();
1785            tmp = load_reg(s, rd);
1786            iwmmxt_store_creg(wrd, tmp);
1787            break;
1788        default:
1789            return 1;
1790        }
1791        break;
1792    case 0x100:                                         /* WXOR */
1793        wrd = (insn >> 12) & 0xf;
1794        rd0 = (insn >> 0) & 0xf;
1795        rd1 = (insn >> 16) & 0xf;
1796        gen_op_iwmmxt_movq_M0_wRn(rd0);
1797        gen_op_iwmmxt_xorq_M0_wRn(rd1);
1798        gen_op_iwmmxt_setpsr_nz();
1799        gen_op_iwmmxt_movq_wRn_M0(wrd);
1800        gen_op_iwmmxt_set_mup();
1801        gen_op_iwmmxt_set_cup();
1802        break;
1803    case 0x111:                                         /* TMRC */
1804        if (insn & 0xf)
1805            return 1;
1806        rd = (insn >> 12) & 0xf;
1807        wrd = (insn >> 16) & 0xf;
1808        tmp = iwmmxt_load_creg(wrd);
1809        store_reg(s, rd, tmp);
1810        break;
1811    case 0x300:                                         /* WANDN */
1812        wrd = (insn >> 12) & 0xf;
1813        rd0 = (insn >> 0) & 0xf;
1814        rd1 = (insn >> 16) & 0xf;
1815        gen_op_iwmmxt_movq_M0_wRn(rd0);
1816        tcg_gen_neg_i64(cpu_M0, cpu_M0);
1817        gen_op_iwmmxt_andq_M0_wRn(rd1);
1818        gen_op_iwmmxt_setpsr_nz();
1819        gen_op_iwmmxt_movq_wRn_M0(wrd);
1820        gen_op_iwmmxt_set_mup();
1821        gen_op_iwmmxt_set_cup();
1822        break;
1823    case 0x200:                                         /* WAND */
1824        wrd = (insn >> 12) & 0xf;
1825        rd0 = (insn >> 0) & 0xf;
1826        rd1 = (insn >> 16) & 0xf;
1827        gen_op_iwmmxt_movq_M0_wRn(rd0);
1828        gen_op_iwmmxt_andq_M0_wRn(rd1);
1829        gen_op_iwmmxt_setpsr_nz();
1830        gen_op_iwmmxt_movq_wRn_M0(wrd);
1831        gen_op_iwmmxt_set_mup();
1832        gen_op_iwmmxt_set_cup();
1833        break;
1834    case 0x810: case 0xa10:                             /* WMADD */
1835        wrd = (insn >> 12) & 0xf;
1836        rd0 = (insn >> 0) & 0xf;
1837        rd1 = (insn >> 16) & 0xf;
1838        gen_op_iwmmxt_movq_M0_wRn(rd0);
1839        if (insn & (1 << 21))
1840            gen_op_iwmmxt_maddsq_M0_wRn(rd1);
1841        else
1842            gen_op_iwmmxt_madduq_M0_wRn(rd1);
1843        gen_op_iwmmxt_movq_wRn_M0(wrd);
1844        gen_op_iwmmxt_set_mup();
1845        break;
1846    case 0x10e: case 0x50e: case 0x90e: case 0xd0e:     /* WUNPCKIL */
1847        wrd = (insn >> 12) & 0xf;
1848        rd0 = (insn >> 16) & 0xf;
1849        rd1 = (insn >> 0) & 0xf;
1850        gen_op_iwmmxt_movq_M0_wRn(rd0);
1851        switch ((insn >> 22) & 3) {
1852        case 0:
1853            gen_op_iwmmxt_unpacklb_M0_wRn(rd1);
1854            break;
1855        case 1:
1856            gen_op_iwmmxt_unpacklw_M0_wRn(rd1);
1857            break;
1858        case 2:
1859            gen_op_iwmmxt_unpackll_M0_wRn(rd1);
1860            break;
1861        case 3:
1862            return 1;
1863        }
1864        gen_op_iwmmxt_movq_wRn_M0(wrd);
1865        gen_op_iwmmxt_set_mup();
1866        gen_op_iwmmxt_set_cup();
1867        break;
1868    case 0x10c: case 0x50c: case 0x90c: case 0xd0c:     /* WUNPCKIH */
1869        wrd = (insn >> 12) & 0xf;
1870        rd0 = (insn >> 16) & 0xf;
1871        rd1 = (insn >> 0) & 0xf;
1872        gen_op_iwmmxt_movq_M0_wRn(rd0);
1873        switch ((insn >> 22) & 3) {
1874        case 0:
1875            gen_op_iwmmxt_unpackhb_M0_wRn(rd1);
1876            break;
1877        case 1:
1878            gen_op_iwmmxt_unpackhw_M0_wRn(rd1);
1879            break;
1880        case 2:
1881            gen_op_iwmmxt_unpackhl_M0_wRn(rd1);
1882            break;
1883        case 3:
1884            return 1;
1885        }
1886        gen_op_iwmmxt_movq_wRn_M0(wrd);
1887        gen_op_iwmmxt_set_mup();
1888        gen_op_iwmmxt_set_cup();
1889        break;
1890    case 0x012: case 0x112: case 0x412: case 0x512:     /* WSAD */
1891        wrd = (insn >> 12) & 0xf;
1892        rd0 = (insn >> 16) & 0xf;
1893        rd1 = (insn >> 0) & 0xf;
1894        gen_op_iwmmxt_movq_M0_wRn(rd0);
1895        if (insn & (1 << 22))
1896            gen_op_iwmmxt_sadw_M0_wRn(rd1);
1897        else
1898            gen_op_iwmmxt_sadb_M0_wRn(rd1);
1899        if (!(insn & (1 << 20)))
1900            gen_op_iwmmxt_addl_M0_wRn(wrd);
1901        gen_op_iwmmxt_movq_wRn_M0(wrd);
1902        gen_op_iwmmxt_set_mup();
1903        break;
1904    case 0x010: case 0x110: case 0x210: case 0x310:     /* WMUL */
1905        wrd = (insn >> 12) & 0xf;
1906        rd0 = (insn >> 16) & 0xf;
1907        rd1 = (insn >> 0) & 0xf;
1908        gen_op_iwmmxt_movq_M0_wRn(rd0);
1909        if (insn & (1 << 21)) {
1910            if (insn & (1 << 20))
1911                gen_op_iwmmxt_mulshw_M0_wRn(rd1);
1912            else
1913                gen_op_iwmmxt_mulslw_M0_wRn(rd1);
1914        } else {
1915            if (insn & (1 << 20))
1916                gen_op_iwmmxt_muluhw_M0_wRn(rd1);
1917            else
1918                gen_op_iwmmxt_mululw_M0_wRn(rd1);
1919        }
1920        gen_op_iwmmxt_movq_wRn_M0(wrd);
1921        gen_op_iwmmxt_set_mup();
1922        break;
1923    case 0x410: case 0x510: case 0x610: case 0x710:     /* WMAC */
1924        wrd = (insn >> 12) & 0xf;
1925        rd0 = (insn >> 16) & 0xf;
1926        rd1 = (insn >> 0) & 0xf;
1927        gen_op_iwmmxt_movq_M0_wRn(rd0);
1928        if (insn & (1 << 21))
1929            gen_op_iwmmxt_macsw_M0_wRn(rd1);
1930        else
1931            gen_op_iwmmxt_macuw_M0_wRn(rd1);
1932        if (!(insn & (1 << 20))) {
1933            iwmmxt_load_reg(cpu_V1, wrd);
1934            tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
1935        }
1936        gen_op_iwmmxt_movq_wRn_M0(wrd);
1937        gen_op_iwmmxt_set_mup();
1938        break;
1939    case 0x006: case 0x406: case 0x806: case 0xc06:     /* WCMPEQ */
1940        wrd = (insn >> 12) & 0xf;
1941        rd0 = (insn >> 16) & 0xf;
1942        rd1 = (insn >> 0) & 0xf;
1943        gen_op_iwmmxt_movq_M0_wRn(rd0);
1944        switch ((insn >> 22) & 3) {
1945        case 0:
1946            gen_op_iwmmxt_cmpeqb_M0_wRn(rd1);
1947            break;
1948        case 1:
1949            gen_op_iwmmxt_cmpeqw_M0_wRn(rd1);
1950            break;
1951        case 2:
1952            gen_op_iwmmxt_cmpeql_M0_wRn(rd1);
1953            break;
1954        case 3:
1955            return 1;
1956        }
1957        gen_op_iwmmxt_movq_wRn_M0(wrd);
1958        gen_op_iwmmxt_set_mup();
1959        gen_op_iwmmxt_set_cup();
1960        break;
1961    case 0x800: case 0x900: case 0xc00: case 0xd00:     /* WAVG2 */
1962        wrd = (insn >> 12) & 0xf;
1963        rd0 = (insn >> 16) & 0xf;
1964        rd1 = (insn >> 0) & 0xf;
1965        gen_op_iwmmxt_movq_M0_wRn(rd0);
1966        if (insn & (1 << 22)) {
1967            if (insn & (1 << 20))
1968                gen_op_iwmmxt_avgw1_M0_wRn(rd1);
1969            else
1970                gen_op_iwmmxt_avgw0_M0_wRn(rd1);
1971        } else {
1972            if (insn & (1 << 20))
1973                gen_op_iwmmxt_avgb1_M0_wRn(rd1);
1974            else
1975                gen_op_iwmmxt_avgb0_M0_wRn(rd1);
1976        }
1977        gen_op_iwmmxt_movq_wRn_M0(wrd);
1978        gen_op_iwmmxt_set_mup();
1979        gen_op_iwmmxt_set_cup();
1980        break;
1981    case 0x802: case 0x902: case 0xa02: case 0xb02:     /* WALIGNR */
1982        wrd = (insn >> 12) & 0xf;
1983        rd0 = (insn >> 16) & 0xf;
1984        rd1 = (insn >> 0) & 0xf;
1985        gen_op_iwmmxt_movq_M0_wRn(rd0);
1986        tmp = iwmmxt_load_creg(ARM_IWMMXT_wCGR0 + ((insn >> 20) & 3));
1987        tcg_gen_andi_i32(tmp, tmp, 7);
1988        iwmmxt_load_reg(cpu_V1, rd1);
1989        gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
1990        tcg_temp_free_i32(tmp);
1991        gen_op_iwmmxt_movq_wRn_M0(wrd);
1992        gen_op_iwmmxt_set_mup();
1993        break;
1994    case 0x601: case 0x605: case 0x609: case 0x60d:     /* TINSR */
1995        if (((insn >> 6) & 3) == 3)
1996            return 1;
1997        rd = (insn >> 12) & 0xf;
1998        wrd = (insn >> 16) & 0xf;
1999        tmp = load_reg(s, rd);
2000        gen_op_iwmmxt_movq_M0_wRn(wrd);

2001        switch ((insn >> 6) & 3) {
2002        case 0:
2003            tmp2 = tcg_const_i32(0xff);
2004            tmp3 = tcg_const_i32((insn & 7) << 3);
2005            break;
2006        case 1:
2007            tmp2 = tcg_const_i32(0xffff);
2008            tmp3 = tcg_const_i32((insn & 3) << 4);
2009            break;
2010        case 2:
2011            tmp2 = tcg_const_i32(0xffffffff);
2012            tmp3 = tcg_const_i32((insn & 1) << 5);
2013            break;
2014        default:
2015            TCGV_UNUSED_I32(tmp2);
2016            TCGV_UNUSED_I32(tmp3);
2017        }
2018        gen_helper_iwmmxt_insr(cpu_M0, cpu_M0, tmp, tmp2, tmp3);
2019        tcg_temp_free_i32(tmp3);
2020        tcg_temp_free_i32(tmp2);
2021        tcg_temp_free_i32(tmp);
2022        gen_op_iwmmxt_movq_wRn_M0(wrd);
2023        gen_op_iwmmxt_set_mup();
2024        break;
2025    case 0x107: case 0x507: case 0x907: case 0xd07:     /* TEXTRM */
2026        rd = (insn >> 12) & 0xf;
2027        wrd = (insn >> 16) & 0xf;
2028        if (rd == 15 || ((insn >> 22) & 3) == 3)
2029            return 1;
2030        gen_op_iwmmxt_movq_M0_wRn(wrd);
2031        tmp = tcg_temp_new_i32();
2032        switch ((insn >> 22) & 3) {
2033        case 0:
2034            tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 7) << 3);
2035            tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2036            if (insn & 8) {
2037                tcg_gen_ext8s_i32(tmp, tmp);
2038            } else {
2039                tcg_gen_andi_i32(tmp, tmp, 0xff);
2040            }
2041            break;
2042        case 1:
2043            tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 3) << 4);
2044            tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2045            if (insn & 8) {
2046                tcg_gen_ext16s_i32(tmp, tmp);
2047            } else {
2048                tcg_gen_andi_i32(tmp, tmp, 0xffff);
2049            }
2050            break;
2051        case 2:
2052            tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 1) << 5);
2053            tcg_gen_extrl_i64_i32(tmp, cpu_M0);
2054            break;
2055        }
2056        store_reg(s, rd, tmp);
2057        break;
2058    case 0x117: case 0x517: case 0x917: case 0xd17:     /* TEXTRC */
2059        if ((insn & 0x000ff008) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2060            return 1;
2061        tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2062        switch ((insn >> 22) & 3) {
2063        case 0:
2064            tcg_gen_shri_i32(tmp, tmp, ((insn & 7) << 2) + 0);
2065            break;
2066        case 1:
2067            tcg_gen_shri_i32(tmp, tmp, ((insn & 3) << 3) + 4);
2068            break;
2069        case 2:
2070            tcg_gen_shri_i32(tmp, tmp, ((insn & 1) << 4) + 12);
2071            break;
2072        }
2073        tcg_gen_shli_i32(tmp, tmp, 28);
2074        gen_set_nzcv(tmp);
2075        tcg_temp_free_i32(tmp);
2076        break;
2077    case 0x401: case 0x405: case 0x409: case 0x40d:     /* TBCST */
2078        if (((insn >> 6) & 3) == 3)
2079            return 1;
2080        rd = (insn >> 12) & 0xf;
2081        wrd = (insn >> 16) & 0xf;
2082        tmp = load_reg(s, rd);
2083        switch ((insn >> 6) & 3) {
2084        case 0:
2085            gen_helper_iwmmxt_bcstb(cpu_M0, tmp);
2086            break;
2087        case 1:
2088            gen_helper_iwmmxt_bcstw(cpu_M0, tmp);
2089            break;
2090        case 2:
2091            gen_helper_iwmmxt_bcstl(cpu_M0, tmp);
2092            break;
2093        }
2094        tcg_temp_free_i32(tmp);
2095        gen_op_iwmmxt_movq_wRn_M0(wrd);
2096        gen_op_iwmmxt_set_mup();
2097        break;
2098    case 0x113: case 0x513: case 0x913: case 0xd13:     /* TANDC */
2099        if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2100            return 1;
2101        tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2102        tmp2 = tcg_temp_new_i32();
2103        tcg_gen_mov_i32(tmp2, tmp);
2104        switch ((insn >> 22) & 3) {
2105        case 0:
2106            for (i = 0; i < 7; i ++) {
2107                tcg_gen_shli_i32(tmp2, tmp2, 4);
2108                tcg_gen_and_i32(tmp, tmp, tmp2);
2109            }
2110            break;
2111        case 1:
2112            for (i = 0; i < 3; i ++) {
2113                tcg_gen_shli_i32(tmp2, tmp2, 8);
2114                tcg_gen_and_i32(tmp, tmp, tmp2);
2115            }
2116            break;
2117        case 2:
2118            tcg_gen_shli_i32(tmp2, tmp2, 16);
2119            tcg_gen_and_i32(tmp, tmp, tmp2);
2120            break;
2121        }
2122        gen_set_nzcv(tmp);
2123        tcg_temp_free_i32(tmp2);
2124        tcg_temp_free_i32(tmp);
2125        break;
2126    case 0x01c: case 0x41c: case 0x81c: case 0xc1c:     /* WACC */
2127        wrd = (insn >> 12) & 0xf;
2128        rd0 = (insn >> 16) & 0xf;
2129        gen_op_iwmmxt_movq_M0_wRn(rd0);
2130        switch ((insn >> 22) & 3) {
2131        case 0:
2132            gen_helper_iwmmxt_addcb(cpu_M0, cpu_M0);
2133            break;
2134        case 1:
2135            gen_helper_iwmmxt_addcw(cpu_M0, cpu_M0);
2136            break;
2137        case 2:
2138            gen_helper_iwmmxt_addcl(cpu_M0, cpu_M0);
2139            break;
2140        case 3:
2141            return 1;
2142        }
2143        gen_op_iwmmxt_movq_wRn_M0(wrd);
2144        gen_op_iwmmxt_set_mup();
2145        break;
2146    case 0x115: case 0x515: case 0x915: case 0xd15:     /* TORC */
2147        if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
2148            return 1;
2149        tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
2150        tmp2 = tcg_temp_new_i32();
2151        tcg_gen_mov_i32(tmp2, tmp);
2152        switch ((insn >> 22) & 3) {
2153        case 0:
2154            for (i = 0; i < 7; i ++) {
2155                tcg_gen_shli_i32(tmp2, tmp2, 4);
2156                tcg_gen_or_i32(tmp, tmp, tmp2);
2157            }
2158            break;
2159        case 1:
2160            for (i = 0; i < 3; i ++) {
2161                tcg_gen_shli_i32(tmp2, tmp2, 8);
2162                tcg_gen_or_i32(tmp, tmp, tmp2);
2163            }
2164            break;
2165        case 2:
2166            tcg_gen_shli_i32(tmp2, tmp2, 16);
2167            tcg_gen_or_i32(tmp, tmp, tmp2);
2168            break;
2169        }
2170        gen_set_nzcv(tmp);
2171        tcg_temp_free_i32(tmp2);
2172        tcg_temp_free_i32(tmp);
2173        break;
2174    case 0x103: case 0x503: case 0x903: case 0xd03:     /* TMOVMSK */
2175        rd = (insn >> 12) & 0xf;
2176        rd0 = (insn >> 16) & 0xf;
2177        if ((insn & 0xf) != 0 || ((insn >> 22) & 3) == 3)
2178            return 1;
2179        gen_op_iwmmxt_movq_M0_wRn(rd0);
2180        tmp = tcg_temp_new_i32();
2181        switch ((insn >> 22) & 3) {
2182        case 0:
2183            gen_helper_iwmmxt_msbb(tmp, cpu_M0);
2184            break;
2185        case 1:
2186            gen_helper_iwmmxt_msbw(tmp, cpu_M0);
2187            break;
2188        case 2:
2189            gen_helper_iwmmxt_msbl(tmp, cpu_M0);
2190            break;
2191        }
2192        store_reg(s, rd, tmp);
2193        break;
2194    case 0x106: case 0x306: case 0x506: case 0x706:     /* WCMPGT */
2195    case 0x906: case 0xb06: case 0xd06: case 0xf06:
2196        wrd = (insn >> 12) & 0xf;
2197        rd0 = (insn >> 16) & 0xf;
2198        rd1 = (insn >> 0) & 0xf;
2199        gen_op_iwmmxt_movq_M0_wRn(rd0);
2200        switch ((insn >> 22) & 3) {
2201        case 0:
2202            if (insn & (1 << 21))
2203                gen_op_iwmmxt_cmpgtsb_M0_wRn(rd1);
2204            else
2205                gen_op_iwmmxt_cmpgtub_M0_wRn(rd1);
2206            break;
2207        case 1:
2208            if (insn & (1 << 21))
2209                gen_op_iwmmxt_cmpgtsw_M0_wRn(rd1);
2210            else
2211                gen_op_iwmmxt_cmpgtuw_M0_wRn(rd1);
2212            break;
2213        case 2:
2214            if (insn & (1 << 21))
2215                gen_op_iwmmxt_cmpgtsl_M0_wRn(rd1);
2216            else
2217                gen_op_iwmmxt_cmpgtul_M0_wRn(rd1);
2218            break;
2219        case 3:
2220            return 1;
2221        }
2222        gen_op_iwmmxt_movq_wRn_M0(wrd);
2223        gen_op_iwmmxt_set_mup();
2224        gen_op_iwmmxt_set_cup();
2225        break;
2226    case 0x00e: case 0x20e: case 0x40e: case 0x60e:     /* WUNPCKEL */
2227    case 0x80e: case 0xa0e: case 0xc0e: case 0xe0e:
2228        wrd = (insn >> 12) & 0xf;
2229        rd0 = (insn >> 16) & 0xf;
2230        gen_op_iwmmxt_movq_M0_wRn(rd0);
2231        switch ((insn >> 22) & 3) {
2232        case 0:
2233            if (insn & (1 << 21))
2234                gen_op_iwmmxt_unpacklsb_M0();
2235            else
2236                gen_op_iwmmxt_unpacklub_M0();
2237            break;
2238        case 1:
2239            if (insn & (1 << 21))
2240                gen_op_iwmmxt_unpacklsw_M0();
2241            else
2242                gen_op_iwmmxt_unpackluw_M0();
2243            break;
2244        case 2:
2245            if (insn & (1 << 21))
2246                gen_op_iwmmxt_unpacklsl_M0();
2247            else
2248                gen_op_iwmmxt_unpacklul_M0();
2249            break;
2250        case 3:
2251            return 1;
2252        }
2253        gen_op_iwmmxt_movq_wRn_M0(wrd);
2254        gen_op_iwmmxt_set_mup();
2255        gen_op_iwmmxt_set_cup();
2256        break;
2257    case 0x00c: case 0x20c: case 0x40c: case 0x60c:     /* WUNPCKEH */
2258    case 0x80c: case 0xa0c: case 0xc0c: case 0xe0c:
2259        wrd = (insn >> 12) & 0xf;
2260        rd0 = (insn >> 16) & 0xf;
2261        gen_op_iwmmxt_movq_M0_wRn(rd0);
2262        switch ((insn >> 22) & 3) {
2263        case 0:
2264            if (insn & (1 << 21))
2265                gen_op_iwmmxt_unpackhsb_M0();
2266            else
2267                gen_op_iwmmxt_unpackhub_M0();
2268            break;
2269        case 1:
2270            if (insn & (1 << 21))
2271                gen_op_iwmmxt_unpackhsw_M0();
2272            else
2273                gen_op_iwmmxt_unpackhuw_M0();
2274            break;
2275        case 2:
2276            if (insn & (1 << 21))
2277                gen_op_iwmmxt_unpackhsl_M0();
2278            else
2279                gen_op_iwmmxt_unpackhul_M0();
2280            break;
2281        case 3:
2282            return 1;
2283        }
2284        gen_op_iwmmxt_movq_wRn_M0(wrd);
2285        gen_op_iwmmxt_set_mup();
2286        gen_op_iwmmxt_set_cup();
2287        break;
2288    case 0x204: case 0x604: case 0xa04: case 0xe04:     /* WSRL */
2289    case 0x214: case 0x614: case 0xa14: case 0xe14:
2290        if (((insn >> 22) & 3) == 0)
2291            return 1;
2292        wrd = (insn >> 12) & 0xf;
2293        rd0 = (insn >> 16) & 0xf;
2294        gen_op_iwmmxt_movq_M0_wRn(rd0);
2295        tmp = tcg_temp_new_i32();
2296        if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2297            tcg_temp_free_i32(tmp);
2298            return 1;
2299        }
2300        switch ((insn >> 22) & 3) {
2301        case 1:
2302            gen_helper_iwmmxt_srlw(cpu_M0, cpu_env, cpu_M0, tmp);
2303            break;
2304        case 2:
2305            gen_helper_iwmmxt_srll(cpu_M0, cpu_env, cpu_M0, tmp);
2306            break;
2307        case 3:
2308            gen_helper_iwmmxt_srlq(cpu_M0, cpu_env, cpu_M0, tmp);
2309            break;
2310        }
2311        tcg_temp_free_i32(tmp);
2312        gen_op_iwmmxt_movq_wRn_M0(wrd);
2313        gen_op_iwmmxt_set_mup();
2314        gen_op_iwmmxt_set_cup();
2315        break;
2316    case 0x004: case 0x404: case 0x804: case 0xc04:     /* WSRA */
2317    case 0x014: case 0x414: case 0x814: case 0xc14:
2318        if (((insn >> 22) & 3) == 0)
2319            return 1;
2320        wrd = (insn >> 12) & 0xf;
2321        rd0 = (insn >> 16) & 0xf;
2322        gen_op_iwmmxt_movq_M0_wRn(rd0);
2323        tmp = tcg_temp_new_i32();
2324        if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2325            tcg_temp_free_i32(tmp);
2326            return 1;
2327        }
2328        switch ((insn >> 22) & 3) {
2329        case 1:
2330            gen_helper_iwmmxt_sraw(cpu_M0, cpu_env, cpu_M0, tmp);
2331            break;
2332        case 2:
2333            gen_helper_iwmmxt_sral(cpu_M0, cpu_env, cpu_M0, tmp);
2334            break;
2335        case 3:
2336            gen_helper_iwmmxt_sraq(cpu_M0, cpu_env, cpu_M0, tmp);
2337            break;
2338        }
2339        tcg_temp_free_i32(tmp);
2340        gen_op_iwmmxt_movq_wRn_M0(wrd);
2341        gen_op_iwmmxt_set_mup();
2342        gen_op_iwmmxt_set_cup();
2343        break;
2344    case 0x104: case 0x504: case 0x904: case 0xd04:     /* WSLL */
2345    case 0x114: case 0x514: case 0x914: case 0xd14:
2346        if (((insn >> 22) & 3) == 0)
2347            return 1;
2348        wrd = (insn >> 12) & 0xf;
2349        rd0 = (insn >> 16) & 0xf;
2350        gen_op_iwmmxt_movq_M0_wRn(rd0);
2351        tmp = tcg_temp_new_i32();
2352        if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
2353            tcg_temp_free_i32(tmp);
2354            return 1;
2355        }
2356        switch ((insn >> 22) & 3) {
2357        case 1:
2358            gen_helper_iwmmxt_sllw(cpu_M0, cpu_env, cpu_M0, tmp);
2359            break;
2360        case 2:
2361            gen_helper_iwmmxt_slll(cpu_M0, cpu_env, cpu_M0, tmp);
2362            break;
2363        case 3:
2364            gen_helper_iwmmxt_sllq(cpu_M0, cpu_env, cpu_M0, tmp);
2365            break;
2366        }
2367        tcg_temp_free_i32(tmp);
2368        gen_op_iwmmxt_movq_wRn_M0(wrd);
2369        gen_op_iwmmxt_set_mup();
2370        gen_op_iwmmxt_set_cup();
2371        break;
2372    case 0x304: case 0x704: case 0xb04: case 0xf04:     /* WROR */
2373    case 0x314: case 0x714: case 0xb14: case 0xf14:
2374        if (((insn >> 22) & 3) == 0)
2375            return 1;
2376        wrd = (insn >> 12) & 0xf;
2377        rd0 = (insn >> 16) & 0xf;
2378        gen_op_iwmmxt_movq_M0_wRn(rd0);
2379        tmp = tcg_temp_new_i32();
2380        switch ((insn >> 22) & 3) {
2381        case 1:
2382            if (gen_iwmmxt_shift(insn, 0xf, tmp)) {
2383                tcg_temp_free_i32(tmp);
2384                return 1;
2385            }
2386            gen_helper_iwmmxt_rorw(cpu_M0, cpu_env, cpu_M0, tmp);
2387            break;
2388        case 2:
2389            if (gen_iwmmxt_shift(insn, 0x1f, tmp)) {
2390                tcg_temp_free_i32(tmp);
2391                return 1;
2392            }
2393            gen_helper_iwmmxt_rorl(cpu_M0, cpu_env, cpu_M0, tmp);
2394            break;
2395        case 3:
2396            if (gen_iwmmxt_shift(insn, 0x3f, tmp)) {
2397                tcg_temp_free_i32(tmp);
2398                return 1;
2399            }
2400            gen_helper_iwmmxt_rorq(cpu_M0, cpu_env, cpu_M0, tmp);
2401            break;
2402        }
2403        tcg_temp_free_i32(tmp);
2404        gen_op_iwmmxt_movq_wRn_M0(wrd);
2405        gen_op_iwmmxt_set_mup();
2406        gen_op_iwmmxt_set_cup();
2407        break;
2408    case 0x116: case 0x316: case 0x516: case 0x716:     /* WMIN */
2409    case 0x916: case 0xb16: case 0xd16: case 0xf16:
2410        wrd = (insn >> 12) & 0xf;
2411        rd0 = (insn >> 16) & 0xf;
2412        rd1 = (insn >> 0) & 0xf;
2413        gen_op_iwmmxt_movq_M0_wRn(rd0);
2414        switch ((insn >> 22) & 3) {
2415        case 0:
2416            if (insn & (1 << 21))
2417                gen_op_iwmmxt_minsb_M0_wRn(rd1);
2418            else
2419                gen_op_iwmmxt_minub_M0_wRn(rd1);
2420            break;
2421        case 1:
2422            if (insn & (1 << 21))
2423                gen_op_iwmmxt_minsw_M0_wRn(rd1);
2424            else
2425                gen_op_iwmmxt_minuw_M0_wRn(rd1);
2426            break;
2427        case 2:
2428            if (insn & (1 << 21))
2429                gen_op_iwmmxt_minsl_M0_wRn(rd1);
2430            else
2431                gen_op_iwmmxt_minul_M0_wRn(rd1);
2432            break;
2433        case 3:
2434            return 1;
2435        }
2436        gen_op_iwmmxt_movq_wRn_M0(wrd);
2437        gen_op_iwmmxt_set_mup();
2438        break;
2439    case 0x016: case 0x216: case 0x416: case 0x616:     /* WMAX */
2440    case 0x816: case 0xa16: case 0xc16: case 0xe16:
2441        wrd = (insn >> 12) & 0xf;
2442        rd0 = (insn >> 16) & 0xf;
2443        rd1 = (insn >> 0) & 0xf;
2444        gen_op_iwmmxt_movq_M0_wRn(rd0);
2445        switch ((insn >> 22) & 3) {
2446        case 0:
2447            if (insn & (1 << 21))
2448                gen_op_iwmmxt_maxsb_M0_wRn(rd1);
2449            else
2450                gen_op_iwmmxt_maxub_M0_wRn(rd1);
2451            break;
2452        case 1:
2453            if (insn & (1 << 21))
2454                gen_op_iwmmxt_maxsw_M0_wRn(rd1);
2455            else
2456                gen_op_iwmmxt_maxuw_M0_wRn(rd1);
2457            break;
2458        case 2:
2459            if (insn & (1 << 21))
2460                gen_op_iwmmxt_maxsl_M0_wRn(rd1);
2461            else
2462                gen_op_iwmmxt_maxul_M0_wRn(rd1);
2463            break;
2464        case 3:
2465            return 1;
2466        }
2467        gen_op_iwmmxt_movq_wRn_M0(wrd);
2468        gen_op_iwmmxt_set_mup();
2469        break;
2470    case 0x002: case 0x102: case 0x202: case 0x302:     /* WALIGNI */
2471    case 0x402: case 0x502: case 0x602: case 0x702:
2472        wrd = (insn >> 12) & 0xf;
2473        rd0 = (insn >> 16) & 0xf;
2474        rd1 = (insn >> 0) & 0xf;
2475        gen_op_iwmmxt_movq_M0_wRn(rd0);
2476        tmp = tcg_const_i32((insn >> 20) & 3);
2477        iwmmxt_load_reg(cpu_V1, rd1);
2478        gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
2479        tcg_temp_free_i32(tmp);
2480        gen_op_iwmmxt_movq_wRn_M0(wrd);
2481        gen_op_iwmmxt_set_mup();
2482        break;
2483    case 0x01a: case 0x11a: case 0x21a: case 0x31a:     /* WSUB */
2484    case 0x41a: case 0x51a: case 0x61a: case 0x71a:
2485    case 0x81a: case 0x91a: case 0xa1a: case 0xb1a:
2486    case 0xc1a: case 0xd1a: case 0xe1a: case 0xf1a:
2487        wrd = (insn >> 12) & 0xf;
2488        rd0 = (insn >> 16) & 0xf;
2489        rd1 = (insn >> 0) & 0xf;
2490        gen_op_iwmmxt_movq_M0_wRn(rd0);
2491        switch ((insn >> 20) & 0xf) {
2492        case 0x0:
2493            gen_op_iwmmxt_subnb_M0_wRn(rd1);
2494            break;
2495        case 0x1:
2496            gen_op_iwmmxt_subub_M0_wRn(rd1);
2497            break;
2498        case 0x3:
2499            gen_op_iwmmxt_subsb_M0_wRn(rd1);
2500            break;
2501        case 0x4:
2502            gen_op_iwmmxt_subnw_M0_wRn(rd1);
2503            break;
2504        case 0x5:
2505            gen_op_iwmmxt_subuw_M0_wRn(rd1);
2506            break;
2507        case 0x7:
2508            gen_op_iwmmxt_subsw_M0_wRn(rd1);
2509            break;
2510        case 0x8:
2511            gen_op_iwmmxt_subnl_M0_wRn(rd1);
2512            break;
2513        case 0x9:
2514            gen_op_iwmmxt_subul_M0_wRn(rd1);
2515            break;
2516        case 0xb:
2517            gen_op_iwmmxt_subsl_M0_wRn(rd1);
2518            break;
2519        default:
2520            return 1;
2521        }
2522        gen_op_iwmmxt_movq_wRn_M0(wrd);
2523        gen_op_iwmmxt_set_mup();
2524        gen_op_iwmmxt_set_cup();
2525        break;
2526    case 0x01e: case 0x11e: case 0x21e: case 0x31e:     /* WSHUFH */
2527    case 0x41e: case 0x51e: case 0x61e: case 0x71e:
2528    case 0x81e: case 0x91e: case 0xa1e: case 0xb1e:
2529    case 0xc1e: case 0xd1e: case 0xe1e: case 0xf1e:
2530        wrd = (insn >> 12) & 0xf;
2531        rd0 = (insn >> 16) & 0xf;
2532        gen_op_iwmmxt_movq_M0_wRn(rd0);
2533        tmp = tcg_const_i32(((insn >> 16) & 0xf0) | (insn & 0x0f));
2534        gen_helper_iwmmxt_shufh(cpu_M0, cpu_env, cpu_M0, tmp);
2535        tcg_temp_free_i32(tmp);
2536        gen_op_iwmmxt_movq_wRn_M0(wrd);
2537        gen_op_iwmmxt_set_mup();
2538        gen_op_iwmmxt_set_cup();
2539        break;
2540    case 0x018: case 0x118: case 0x218: case 0x318:     /* WADD */
2541    case 0x418: case 0x518: case 0x618: case 0x718:
2542    case 0x818: case 0x918: case 0xa18: case 0xb18:
2543    case 0xc18: case 0xd18: case 0xe18: case 0xf18:
2544        wrd = (insn >> 12) & 0xf;
2545        rd0 = (insn >> 16) & 0xf;
2546        rd1 = (insn >> 0) & 0xf;
2547        gen_op_iwmmxt_movq_M0_wRn(rd0);
2548        switch ((insn >> 20) & 0xf) {
2549        case 0x0:
2550            gen_op_iwmmxt_addnb_M0_wRn(rd1);
2551            break;
2552        case 0x1:
2553            gen_op_iwmmxt_addub_M0_wRn(rd1);
2554            break;
2555        case 0x3:
2556            gen_op_iwmmxt_addsb_M0_wRn(rd1);
2557            break;
2558        case 0x4:
2559            gen_op_iwmmxt_addnw_M0_wRn(rd1);
2560            break;
2561        case 0x5:
2562            gen_op_iwmmxt_adduw_M0_wRn(rd1);
2563            break;
2564        case 0x7:
2565            gen_op_iwmmxt_addsw_M0_wRn(rd1);
2566            break;
2567        case 0x8:
2568            gen_op_iwmmxt_addnl_M0_wRn(rd1);
2569            break;
2570        case 0x9:
2571            gen_op_iwmmxt_addul_M0_wRn(rd1);
2572            break;
2573        case 0xb:
2574            gen_op_iwmmxt_addsl_M0_wRn(rd1);
2575            break;
2576        default:
2577            return 1;
2578        }
2579        gen_op_iwmmxt_movq_wRn_M0(wrd);
2580        gen_op_iwmmxt_set_mup();
2581        gen_op_iwmmxt_set_cup();
2582        break;
2583    case 0x008: case 0x108: case 0x208: case 0x308:     /* WPACK */
2584    case 0x408: case 0x508: case 0x608: case 0x708:
2585    case 0x808: case 0x908: case 0xa08: case 0xb08:
2586    case 0xc08: case 0xd08: case 0xe08: case 0xf08:
2587        if (!(insn & (1 << 20)) || ((insn >> 22) & 3) == 0)
2588            return 1;
2589        wrd = (insn >> 12) & 0xf;
2590        rd0 = (insn >> 16) & 0xf;
2591        rd1 = (insn >> 0) & 0xf;
2592        gen_op_iwmmxt_movq_M0_wRn(rd0);
2593        switch ((insn >> 22) & 3) {
2594        case 1:
2595            if (insn & (1 << 21))
2596                gen_op_iwmmxt_packsw_M0_wRn(rd1);
2597            else
2598                gen_op_iwmmxt_packuw_M0_wRn(rd1);
2599            break;
2600        case 2:
2601            if (insn & (1 << 21))
2602                gen_op_iwmmxt_packsl_M0_wRn(rd1);
2603            else
2604                gen_op_iwmmxt_packul_M0_wRn(rd1);
2605            break;
2606        case 3:
2607            if (insn & (1 << 21))
2608                gen_op_iwmmxt_packsq_M0_wRn(rd1);
2609            else
2610                gen_op_iwmmxt_packuq_M0_wRn(rd1);
2611            break;
2612        }
2613        gen_op_iwmmxt_movq_wRn_M0(wrd);
2614        gen_op_iwmmxt_set_mup();
2615        gen_op_iwmmxt_set_cup();
2616        break;
2617    case 0x201: case 0x203: case 0x205: case 0x207:
2618    case 0x209: case 0x20b: case 0x20d: case 0x20f:
2619    case 0x211: case 0x213: case 0x215: case 0x217:
2620    case 0x219: case 0x21b: case 0x21d: case 0x21f:
2621        wrd = (insn >> 5) & 0xf;
2622        rd0 = (insn >> 12) & 0xf;
2623        rd1 = (insn >> 0) & 0xf;
2624        if (rd0 == 0xf || rd1 == 0xf)
2625            return 1;
2626        gen_op_iwmmxt_movq_M0_wRn(wrd);
2627        tmp = load_reg(s, rd0);
2628        tmp2 = load_reg(s, rd1);
2629        switch ((insn >> 16) & 0xf) {
2630        case 0x0:                                       /* TMIA */
2631            gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2632            break;
2633        case 0x8:                                       /* TMIAPH */
2634            gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2635            break;
2636        case 0xc: case 0xd: case 0xe: case 0xf:         /* TMIAxy */
2637            if (insn & (1 << 16))
2638                tcg_gen_shri_i32(tmp, tmp, 16);
2639            if (insn & (1 << 17))
2640                tcg_gen_shri_i32(tmp2, tmp2, 16);
2641            gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2642            break;
2643        default:
2644            tcg_temp_free_i32(tmp2);
2645            tcg_temp_free_i32(tmp);
2646            return 1;
2647        }
2648        tcg_temp_free_i32(tmp2);
2649        tcg_temp_free_i32(tmp);
2650        gen_op_iwmmxt_movq_wRn_M0(wrd);
2651        gen_op_iwmmxt_set_mup();
2652        break;
2653    default:
2654        return 1;
2655    }
2656
2657    return 0;
2658}
2659
2660/* Disassemble an XScale DSP instruction.  Returns nonzero if an error occurred
2661   (ie. an undefined instruction).  */
2662static int disas_dsp_insn(DisasContext *s, uint32_t insn)
2663{
2664    int acc, rd0, rd1, rdhi, rdlo;
2665    TCGv_i32 tmp, tmp2;
2666
2667    if ((insn & 0x0ff00f10) == 0x0e200010) {
2668        /* Multiply with Internal Accumulate Format */
2669        rd0 = (insn >> 12) & 0xf;
2670        rd1 = insn & 0xf;
2671        acc = (insn >> 5) & 7;
2672
2673        if (acc != 0)
2674            return 1;
2675
2676        tmp = load_reg(s, rd0);
2677        tmp2 = load_reg(s, rd1);
2678        switch ((insn >> 16) & 0xf) {
2679        case 0x0:                                       /* MIA */
2680            gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
2681            break;
2682        case 0x8:                                       /* MIAPH */
2683            gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
2684            break;
2685        case 0xc:                                       /* MIABB */
2686        case 0xd:                                       /* MIABT */
2687        case 0xe:                                       /* MIATB */
2688        case 0xf:                                       /* MIATT */
2689            if (insn & (1 << 16))
2690                tcg_gen_shri_i32(tmp, tmp, 16);
2691            if (insn & (1 << 17))
2692                tcg_gen_shri_i32(tmp2, tmp2, 16);
2693            gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
2694            break;
2695        default:
2696            return 1;
2697        }
2698        tcg_temp_free_i32(tmp2);
2699        tcg_temp_free_i32(tmp);
2700
2701        gen_op_iwmmxt_movq_wRn_M0(acc);
2702        return 0;
2703    }
2704
2705    if ((insn & 0x0fe00ff8) == 0x0c400000) {
2706        /* Internal Accumulator Access Format */
2707        rdhi = (insn >> 16) & 0xf;
2708        rdlo = (insn >> 12) & 0xf;
2709        acc = insn & 7;
2710
2711        if (acc != 0)
2712            return 1;
2713
2714        if (insn & ARM_CP_RW_BIT) {                     /* MRA */
2715            iwmmxt_load_reg(cpu_V0, acc);
2716            tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
2717            tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
2718            tcg_gen_extrl_i64_i32(cpu_R[rdhi], cpu_V0);
2719            tcg_gen_andi_i32(cpu_R[rdhi], cpu_R[rdhi], (1 << (40 - 32)) - 1);
2720        } else {                                        /* MAR */
2721            tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
2722            iwmmxt_store_reg(cpu_V0, acc);
2723        }
2724        return 0;
2725    }
2726
2727    return 1;
2728}
2729
2730#define VFP_REG_SHR(x, n) (((n) > 0) ? (x) >> (n) : (x) << -(n))
2731#define VFP_SREG(insn, bigbit, smallbit) \
2732  ((VFP_REG_SHR(insn, bigbit - 1) & 0x1e) | (((insn) >> (smallbit)) & 1))
2733#define VFP_DREG(reg, insn, bigbit, smallbit) do { \
2734    if (arm_dc_feature(s, ARM_FEATURE_VFP3)) { \
2735        reg = (((insn) >> (bigbit)) & 0x0f) \
2736              | (((insn) >> ((smallbit) - 4)) & 0x10); \
2737    } else { \
2738        if (insn & (1 << (smallbit))) \
2739            return 1; \
2740        reg = ((insn) >> (bigbit)) & 0x0f; \
2741    }} while (0)
2742
2743#define VFP_SREG_D(insn) VFP_SREG(insn, 12, 22)
2744#define VFP_DREG_D(reg, insn) VFP_DREG(reg, insn, 12, 22)
2745#define VFP_SREG_N(insn) VFP_SREG(insn, 16,  7)
2746#define VFP_DREG_N(reg, insn) VFP_DREG(reg, insn, 16,  7)
2747#define VFP_SREG_M(insn) VFP_SREG(insn,  0,  5)
2748#define VFP_DREG_M(reg, insn) VFP_DREG(reg, insn,  0,  5)
2749
2750/* Move between integer and VFP cores.  */
2751static TCGv_i32 gen_vfp_mrs(void)
2752{
2753    TCGv_i32 tmp = tcg_temp_new_i32();
2754    tcg_gen_mov_i32(tmp, cpu_F0s);
2755    return tmp;
2756}
2757
2758static void gen_vfp_msr(TCGv_i32 tmp)
2759{
2760    tcg_gen_mov_i32(cpu_F0s, tmp);
2761    tcg_temp_free_i32(tmp);
2762}
2763
2764static void gen_neon_dup_u8(TCGv_i32 var, int shift)
2765{
2766    TCGv_i32 tmp = tcg_temp_new_i32();
2767    if (shift)
2768        tcg_gen_shri_i32(var, var, shift);
2769    tcg_gen_ext8u_i32(var, var);
2770    tcg_gen_shli_i32(tmp, var, 8);
2771    tcg_gen_or_i32(var, var, tmp);
2772    tcg_gen_shli_i32(tmp, var, 16);
2773    tcg_gen_or_i32(var, var, tmp);
2774    tcg_temp_free_i32(tmp);
2775}
2776
2777static void gen_neon_dup_low16(TCGv_i32 var)
2778{
2779    TCGv_i32 tmp = tcg_temp_new_i32();
2780    tcg_gen_ext16u_i32(var, var);
2781    tcg_gen_shli_i32(tmp, var, 16);
2782    tcg_gen_or_i32(var, var, tmp);
2783    tcg_temp_free_i32(tmp);
2784}
2785
2786static void gen_neon_dup_high16(TCGv_i32 var)
2787{
2788    TCGv_i32 tmp = tcg_temp_new_i32();
2789    tcg_gen_andi_i32(var, var, 0xffff0000);
2790    tcg_gen_shri_i32(tmp, var, 16);
2791    tcg_gen_or_i32(var, var, tmp);
2792    tcg_temp_free_i32(tmp);
2793}
2794
2795static TCGv_i32 gen_load_and_replicate(DisasContext *s, TCGv_i32 addr, int size)
2796{
2797    /* Load a single Neon element and replicate into a 32 bit TCG reg */
2798    TCGv_i32 tmp = tcg_temp_new_i32();
2799    switch (size) {
2800    case 0:
2801        gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
2802        gen_neon_dup_u8(tmp, 0);
2803        break;
2804    case 1:
2805        gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
2806        gen_neon_dup_low16(tmp);
2807        break;
2808    case 2:
2809        gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
2810        break;
2811    default: /* Avoid compiler warnings.  */
2812        abort();
2813    }
2814    return tmp;
2815}
2816
2817static int handle_vsel(uint32_t insn, uint32_t rd, uint32_t rn, uint32_t rm,
2818                       uint32_t dp)
2819{
2820    uint32_t cc = extract32(insn, 20, 2);
2821
2822    if (dp) {
2823        TCGv_i64 frn, frm, dest;
2824        TCGv_i64 tmp, zero, zf, nf, vf;
2825
2826        zero = tcg_const_i64(0);
2827
2828        frn = tcg_temp_new_i64();
2829        frm = tcg_temp_new_i64();
2830        dest = tcg_temp_new_i64();
2831
2832        zf = tcg_temp_new_i64();
2833        nf = tcg_temp_new_i64();
2834        vf = tcg_temp_new_i64();
2835
2836        tcg_gen_extu_i32_i64(zf, cpu_ZF);
2837        tcg_gen_ext_i32_i64(nf, cpu_NF);
2838        tcg_gen_ext_i32_i64(vf, cpu_VF);
2839
2840        tcg_gen_ld_f64(frn, cpu_env, vfp_reg_offset(dp, rn));
2841        tcg_gen_ld_f64(frm, cpu_env, vfp_reg_offset(dp, rm));
2842        switch (cc) {
2843        case 0: /* eq: Z */
2844            tcg_gen_movcond_i64(TCG_COND_EQ, dest, zf, zero,
2845                                frn, frm);
2846            break;
2847        case 1: /* vs: V */
2848            tcg_gen_movcond_i64(TCG_COND_LT, dest, vf, zero,
2849                                frn, frm);
2850            break;
2851        case 2: /* ge: N == V -> N ^ V == 0 */
2852            tmp = tcg_temp_new_i64();
2853            tcg_gen_xor_i64(tmp, vf, nf);
2854            tcg_gen_movcond_i64(TCG_COND_GE, dest, tmp, zero,
2855                                frn, frm);
2856            tcg_temp_free_i64(tmp);
2857            break;
2858        case 3: /* gt: !Z && N == V */
2859            tcg_gen_movcond_i64(TCG_COND_NE, dest, zf, zero,
2860                                frn, frm);
2861            tmp = tcg_temp_new_i64();
2862            tcg_gen_xor_i64(tmp, vf, nf);
2863            tcg_gen_movcond_i64(TCG_COND_GE, dest, tmp, zero,
2864                                dest, frm);
2865            tcg_temp_free_i64(tmp);
2866            break;
2867        }
2868        tcg_gen_st_f64(dest, cpu_env, vfp_reg_offset(dp, rd));
2869        tcg_temp_free_i64(frn);
2870        tcg_temp_free_i64(frm);
2871        tcg_temp_free_i64(dest);
2872
2873        tcg_temp_free_i64(zf);
2874        tcg_temp_free_i64(nf);
2875        tcg_temp_free_i64(vf);
2876
2877        tcg_temp_free_i64(zero);
2878    } else {
2879        TCGv_i32 frn, frm, dest;
2880        TCGv_i32 tmp, zero;
2881
2882        zero = tcg_const_i32(0);
2883
2884        frn = tcg_temp_new_i32();
2885        frm = tcg_temp_new_i32();
2886        dest = tcg_temp_new_i32();
2887        tcg_gen_ld_f32(frn, cpu_env, vfp_reg_offset(dp, rn));
2888        tcg_gen_ld_f32(frm, cpu_env, vfp_reg_offset(dp, rm));
2889        switch (cc) {
2890        case 0: /* eq: Z */
2891            tcg_gen_movcond_i32(TCG_COND_EQ, dest, cpu_ZF, zero,
2892                                frn, frm);
2893            break;
2894        case 1: /* vs: V */
2895            tcg_gen_movcond_i32(TCG_COND_LT, dest, cpu_VF, zero,
2896                                frn, frm);
2897            break;
2898        case 2: /* ge: N == V -> N ^ V == 0 */
2899            tmp = tcg_temp_new_i32();
2900            tcg_gen_xor_i32(tmp, cpu_VF, cpu_NF);
2901            tcg_gen_movcond_i32(TCG_COND_GE, dest, tmp, zero,
2902                                frn, frm);
2903            tcg_temp_free_i32(tmp);
2904            break;
2905        case 3: /* gt: !Z && N == V */
2906            tcg_gen_movcond_i32(TCG_COND_NE, dest, cpu_ZF, zero,
2907                                frn, frm);
2908            tmp = tcg_temp_new_i32();
2909            tcg_gen_xor_i32(tmp, cpu_VF, cpu_NF);
2910            tcg_gen_movcond_i32(TCG_COND_GE, dest, tmp, zero,
2911                                dest, frm);
2912            tcg_temp_free_i32(tmp);
2913            break;
2914        }
2915        tcg_gen_st_f32(dest, cpu_env, vfp_reg_offset(dp, rd));
2916        tcg_temp_free_i32(frn);
2917        tcg_temp_free_i32(frm);
2918        tcg_temp_free_i32(dest);
2919
2920        tcg_temp_free_i32(zero);
2921    }
2922
2923    return 0;
2924}
2925
2926static int handle_vminmaxnm(uint32_t insn, uint32_t rd, uint32_t rn,
2927                            uint32_t rm, uint32_t dp)
2928{
2929    uint32_t vmin = extract32(insn, 6, 1);
2930    TCGv_ptr fpst = get_fpstatus_ptr(0);
2931
2932    if (dp) {
2933        TCGv_i64 frn, frm, dest;
2934
2935        frn = tcg_temp_new_i64();
2936        frm = tcg_temp_new_i64();
2937        dest = tcg_temp_new_i64();
2938
2939        tcg_gen_ld_f64(frn, cpu_env, vfp_reg_offset(dp, rn));
2940        tcg_gen_ld_f64(frm, cpu_env, vfp_reg_offset(dp, rm));
2941        if (vmin) {
2942            gen_helper_vfp_minnumd(dest, frn, frm, fpst);
2943        } else {
2944            gen_helper_vfp_maxnumd(dest, frn, frm, fpst);
2945        }
2946        tcg_gen_st_f64(dest, cpu_env, vfp_reg_offset(dp, rd));
2947        tcg_temp_free_i64(frn);
2948        tcg_temp_free_i64(frm);
2949        tcg_temp_free_i64(dest);
2950    } else {
2951        TCGv_i32 frn, frm, dest;
2952
2953        frn = tcg_temp_new_i32();
2954        frm = tcg_temp_new_i32();
2955        dest = tcg_temp_new_i32();
2956
2957        tcg_gen_ld_f32(frn, cpu_env, vfp_reg_offset(dp, rn));
2958        tcg_gen_ld_f32(frm, cpu_env, vfp_reg_offset(dp, rm));
2959        if (vmin) {
2960            gen_helper_vfp_minnums(dest, frn, frm, fpst);
2961        } else {
2962            gen_helper_vfp_maxnums(dest, frn, frm, fpst);
2963        }
2964        tcg_gen_st_f32(dest, cpu_env, vfp_reg_offset(dp, rd));
2965        tcg_temp_free_i32(frn);
2966        tcg_temp_free_i32(frm);
2967        tcg_temp_free_i32(dest);
2968    }
2969
2970    tcg_temp_free_ptr(fpst);
2971    return 0;
2972}
2973
2974static int handle_vrint(uint32_t insn, uint32_t rd, uint32_t rm, uint32_t dp,
2975                        int rounding)
2976{
2977    TCGv_ptr fpst = get_fpstatus_ptr(0);
2978    TCGv_i32 tcg_rmode;
2979
2980    tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rounding));
2981    gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
2982
2983    if (dp) {
2984        TCGv_i64 tcg_op;
2985        TCGv_i64 tcg_res;
2986        tcg_op = tcg_temp_new_i64();
2987        tcg_res = tcg_temp_new_i64();
2988        tcg_gen_ld_f64(tcg_op, cpu_env, vfp_reg_offset(dp, rm));
2989        gen_helper_rintd(tcg_res, tcg_op, fpst);
2990        tcg_gen_st_f64(tcg_res, cpu_env, vfp_reg_offset(dp, rd));
2991        tcg_temp_free_i64(tcg_op);
2992        tcg_temp_free_i64(tcg_res);
2993    } else {
2994        TCGv_i32 tcg_op;
2995        TCGv_i32 tcg_res;
2996        tcg_op = tcg_temp_new_i32();
2997        tcg_res = tcg_temp_new_i32();
2998        tcg_gen_ld_f32(tcg_op, cpu_env, vfp_reg_offset(dp, rm));
2999        gen_helper_rints(tcg_res, tcg_op, fpst);
3000        tcg_gen_st_f32(tcg_res, cpu_env, vfp_reg_offset(dp, rd));

3001        tcg_temp_free_i32(tcg_op);
3002        tcg_temp_free_i32(tcg_res);
3003    }
3004
3005    gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
3006    tcg_temp_free_i32(tcg_rmode);
3007
3008    tcg_temp_free_ptr(fpst);
3009    return 0;
3010}
3011
3012static int handle_vcvt(uint32_t insn, uint32_t rd, uint32_t rm, uint32_t dp,
3013                       int rounding)
3014{
3015    bool is_signed = extract32(insn, 7, 1);
3016    TCGv_ptr fpst = get_fpstatus_ptr(0);
3017    TCGv_i32 tcg_rmode, tcg_shift;
3018
3019    tcg_shift = tcg_const_i32(0);
3020
3021    tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rounding));
3022    gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
3023
3024    if (dp) {
3025        TCGv_i64 tcg_double, tcg_res;
3026        TCGv_i32 tcg_tmp;
3027        /* Rd is encoded as a single precision register even when the source
3028         * is double precision.
3029         */
3030        rd = ((rd << 1) & 0x1e) | ((rd >> 4) & 0x1);
3031        tcg_double = tcg_temp_new_i64();
3032        tcg_res = tcg_temp_new_i64();
3033        tcg_tmp = tcg_temp_new_i32();
3034        tcg_gen_ld_f64(tcg_double, cpu_env, vfp_reg_offset(1, rm));
3035        if (is_signed) {
3036            gen_helper_vfp_tosld(tcg_res, tcg_double, tcg_shift, fpst);
3037        } else {
3038            gen_helper_vfp_tould(tcg_res, tcg_double, tcg_shift, fpst);
3039        }
3040        tcg_gen_extrl_i64_i32(tcg_tmp, tcg_res);
3041        tcg_gen_st_f32(tcg_tmp, cpu_env, vfp_reg_offset(0, rd));
3042        tcg_temp_free_i32(tcg_tmp);
3043        tcg_temp_free_i64(tcg_res);
3044        tcg_temp_free_i64(tcg_double);
3045    } else {
3046        TCGv_i32 tcg_single, tcg_res;
3047        tcg_single = tcg_temp_new_i32();
3048        tcg_res = tcg_temp_new_i32();
3049        tcg_gen_ld_f32(tcg_single, cpu_env, vfp_reg_offset(0, rm));
3050        if (is_signed) {
3051            gen_helper_vfp_tosls(tcg_res, tcg_single, tcg_shift, fpst);
3052        } else {
3053            gen_helper_vfp_touls(tcg_res, tcg_single, tcg_shift, fpst);
3054        }
3055        tcg_gen_st_f32(tcg_res, cpu_env, vfp_reg_offset(0, rd));
3056        tcg_temp_free_i32(tcg_res);
3057        tcg_temp_free_i32(tcg_single);
3058    }
3059
3060    gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
3061    tcg_temp_free_i32(tcg_rmode);
3062
3063    tcg_temp_free_i32(tcg_shift);
3064
3065    tcg_temp_free_ptr(fpst);
3066
3067    return 0;
3068}
3069
3070/* Table for converting the most common AArch32 encoding of
3071 * rounding mode to arm_fprounding order (which matches the
3072 * common AArch64 order); see ARM ARM pseudocode FPDecodeRM().
3073 */
3074static const uint8_t fp_decode_rm[] = {
3075    FPROUNDING_TIEAWAY,
3076    FPROUNDING_TIEEVEN,
3077    FPROUNDING_POSINF,
3078    FPROUNDING_NEGINF,
3079};
3080
3081static int disas_vfp_v8_insn(DisasContext *s, uint32_t insn)
3082{
3083    uint32_t rd, rn, rm, dp = extract32(insn, 8, 1);
3084
3085    if (!arm_dc_feature(s, ARM_FEATURE_V8)) {
3086        return 1;
3087    }
3088
3089    if (dp) {
3090        VFP_DREG_D(rd, insn);
3091        VFP_DREG_N(rn, insn);
3092        VFP_DREG_M(rm, insn);
3093    } else {
3094        rd = VFP_SREG_D(insn);
3095        rn = VFP_SREG_N(insn);
3096        rm = VFP_SREG_M(insn);
3097    }
3098
3099    if ((insn & 0x0f800e50) == 0x0e000a00) {
3100        return handle_vsel(insn, rd, rn, rm, dp);
3101    } else if ((insn & 0x0fb00e10) == 0x0e800a00) {
3102        return handle_vminmaxnm(insn, rd, rn, rm, dp);
3103    } else if ((insn & 0x0fbc0ed0) == 0x0eb80a40) {
3104        /* VRINTA, VRINTN, VRINTP, VRINTM */
3105        int rounding = fp_decode_rm[extract32(insn, 16, 2)];
3106        return handle_vrint(insn, rd, rm, dp, rounding);
3107    } else if ((insn & 0x0fbc0e50) == 0x0ebc0a40) {
3108        /* VCVTA, VCVTN, VCVTP, VCVTM */
3109        int rounding = fp_decode_rm[extract32(insn, 16, 2)];
3110        return handle_vcvt(insn, rd, rm, dp, rounding);
3111    }
3112    return 1;
3113}
3114
3115/* Disassemble a VFP instruction.  Returns nonzero if an error occurred
3116   (ie. an undefined instruction).  */
3117static int disas_vfp_insn(DisasContext *s, uint32_t insn)
3118{
3119    uint32_t rd, rn, rm, op, i, n, offset, delta_d, delta_m, bank_mask;
3120    int dp, veclen;
3121    TCGv_i32 addr;
3122    TCGv_i32 tmp;
3123    TCGv_i32 tmp2;
3124
3125    if (!arm_dc_feature(s, ARM_FEATURE_VFP)) {
3126        return 1;
3127    }
3128
3129    /* FIXME: this access check should not take precedence over UNDEF
3130     * for invalid encodings; we will generate incorrect syndrome information
3131     * for attempts to execute invalid vfp/neon encodings with FP disabled.
3132     */
3133    if (s->fp_excp_el) {
3134        gen_exception_insn(s, 4, EXCP_UDEF,
3135                           syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
3136        return 0;
3137    }
3138
3139    if (!s->vfp_enabled) {
3140        /* VFP disabled.  Only allow fmxr/fmrx to/from some control regs.  */
3141        if ((insn & 0x0fe00fff) != 0x0ee00a10)
3142            return 1;
3143        rn = (insn >> 16) & 0xf;
3144        if (rn != ARM_VFP_FPSID && rn != ARM_VFP_FPEXC && rn != ARM_VFP_MVFR2
3145            && rn != ARM_VFP_MVFR1 && rn != ARM_VFP_MVFR0) {
3146            return 1;
3147        }
3148    }
3149
3150    if (extract32(insn, 28, 4) == 0xf) {
3151        /* Encodings with T=1 (Thumb) or unconditional (ARM):
3152         * only used in v8 and above.
3153         */
3154        return disas_vfp_v8_insn(s, insn);
3155    }
3156
3157    dp = ((insn & 0xf00) == 0xb00);
3158    switch ((insn >> 24) & 0xf) {
3159    case 0xe:
3160        if (insn & (1 << 4)) {
3161            /* single register transfer */
3162            rd = (insn >> 12) & 0xf;
3163            if (dp) {
3164                int size;
3165                int pass;
3166
3167                VFP_DREG_N(rn, insn);
3168                if (insn & 0xf)
3169                    return 1;
3170                if (insn & 0x00c00060
3171                    && !arm_dc_feature(s, ARM_FEATURE_NEON)) {
3172                    return 1;
3173                }
3174
3175                pass = (insn >> 21) & 1;
3176                if (insn & (1 << 22)) {
3177                    size = 0;
3178                    offset = ((insn >> 5) & 3) * 8;
3179                } else if (insn & (1 << 5)) {
3180                    size = 1;
3181                    offset = (insn & (1 << 6)) ? 16 : 0;
3182                } else {
3183                    size = 2;
3184                    offset = 0;
3185                }
3186                if (insn & ARM_CP_RW_BIT) {
3187                    /* vfp->arm */
3188                    tmp = neon_load_reg(rn, pass);
3189                    switch (size) {
3190                    case 0:
3191                        if (offset)
3192                            tcg_gen_shri_i32(tmp, tmp, offset);
3193                        if (insn & (1 << 23))
3194                            gen_uxtb(tmp);
3195                        else
3196                            gen_sxtb(tmp);
3197                        break;
3198                    case 1:
3199                        if (insn & (1 << 23)) {
3200                            if (offset) {
3201                                tcg_gen_shri_i32(tmp, tmp, 16);
3202                            } else {
3203                                gen_uxth(tmp);
3204                            }
3205                        } else {
3206                            if (offset) {
3207                                tcg_gen_sari_i32(tmp, tmp, 16);
3208                            } else {
3209                                gen_sxth(tmp);
3210                            }
3211                        }
3212                        break;
3213                    case 2:
3214                        break;
3215                    }
3216                    store_reg(s, rd, tmp);
3217                } else {
3218                    /* arm->vfp */
3219                    tmp = load_reg(s, rd);
3220                    if (insn & (1 << 23)) {
3221                        /* VDUP */
3222                        if (size == 0) {
3223                            gen_neon_dup_u8(tmp, 0);
3224                        } else if (size == 1) {
3225                            gen_neon_dup_low16(tmp);
3226                        }
3227                        for (n = 0; n <= pass * 2; n++) {
3228                            tmp2 = tcg_temp_new_i32();
3229                            tcg_gen_mov_i32(tmp2, tmp);
3230                            neon_store_reg(rn, n, tmp2);
3231                        }
3232                        neon_store_reg(rn, n, tmp);
3233                    } else {
3234                        /* VMOV */
3235                        switch (size) {
3236                        case 0:
3237                            tmp2 = neon_load_reg(rn, pass);
3238                            tcg_gen_deposit_i32(tmp, tmp2, tmp, offset, 8);
3239                            tcg_temp_free_i32(tmp2);
3240                            break;
3241                        case 1:
3242                            tmp2 = neon_load_reg(rn, pass);
3243                            tcg_gen_deposit_i32(tmp, tmp2, tmp, offset, 16);
3244                            tcg_temp_free_i32(tmp2);
3245                            break;
3246                        case 2:
3247                            break;
3248                        }
3249                        neon_store_reg(rn, pass, tmp);
3250                    }
3251                }
3252            } else { /* !dp */
3253                if ((insn & 0x6f) != 0x00)
3254                    return 1;
3255                rn = VFP_SREG_N(insn);
3256                if (insn & ARM_CP_RW_BIT) {
3257                    /* vfp->arm */
3258                    if (insn & (1 << 21)) {
3259                        /* system register */
3260                        rn >>= 1;
3261
3262                        switch (rn) {
3263                        case ARM_VFP_FPSID:
3264                            /* VFP2 allows access to FSID from userspace.
3265                               VFP3 restricts all id registers to privileged
3266                               accesses.  */
3267                            if (IS_USER(s)
3268                                && arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3269                                return 1;
3270                            }
3271                            tmp = load_cpu_field(vfp.xregs[rn]);
3272                            break;
3273                        case ARM_VFP_FPEXC:
3274                            if (IS_USER(s))
3275                                return 1;
3276                            tmp = load_cpu_field(vfp.xregs[rn]);
3277                            break;
3278                        case ARM_VFP_FPINST:
3279                        case ARM_VFP_FPINST2:
3280                            /* Not present in VFP3.  */
3281                            if (IS_USER(s)
3282                                || arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3283                                return 1;
3284                            }
3285                            tmp = load_cpu_field(vfp.xregs[rn]);
3286                            break;
3287                        case ARM_VFP_FPSCR:
3288                            if (rd == 15) {
3289                                tmp = load_cpu_field(vfp.xregs[ARM_VFP_FPSCR]);
3290                                tcg_gen_andi_i32(tmp, tmp, 0xf0000000);
3291                            } else {
3292                                tmp = tcg_temp_new_i32();
3293                                gen_helper_vfp_get_fpscr(tmp, cpu_env);
3294                            }
3295                            break;
3296                        case ARM_VFP_MVFR2:
3297                            if (!arm_dc_feature(s, ARM_FEATURE_V8)) {
3298                                return 1;
3299                            }
3300                            /* fall through */
3301                        case ARM_VFP_MVFR0:
3302                        case ARM_VFP_MVFR1:
3303                            if (IS_USER(s)
3304                                || !arm_dc_feature(s, ARM_FEATURE_MVFR)) {
3305                                return 1;
3306                            }
3307                            tmp = load_cpu_field(vfp.xregs[rn]);
3308                            break;
3309                        default:
3310                            return 1;
3311                        }
3312                    } else {
3313                        gen_mov_F0_vreg(0, rn);
3314                        tmp = gen_vfp_mrs();
3315                    }
3316                    if (rd == 15) {
3317                        /* Set the 4 flag bits in the CPSR.  */
3318                        gen_set_nzcv(tmp);
3319                        tcg_temp_free_i32(tmp);
3320                    } else {
3321                        store_reg(s, rd, tmp);
3322                    }
3323                } else {
3324                    /* arm->vfp */
3325                    if (insn & (1 << 21)) {
3326                        rn >>= 1;
3327                        /* system register */
3328                        switch (rn) {
3329                        case ARM_VFP_FPSID:
3330                        case ARM_VFP_MVFR0:
3331                        case ARM_VFP_MVFR1:
3332                            /* Writes are ignored.  */
3333                            break;
3334                        case ARM_VFP_FPSCR:
3335                            tmp = load_reg(s, rd);
3336                            gen_helper_vfp_set_fpscr(cpu_env, tmp);
3337                            tcg_temp_free_i32(tmp);
3338                            gen_lookup_tb(s);
3339                            break;
3340                        case ARM_VFP_FPEXC:
3341                            if (IS_USER(s))
3342                                return 1;
3343                            /* TODO: VFP subarchitecture support.
3344                             * For now, keep the EN bit only */
3345                            tmp = load_reg(s, rd);
3346                            tcg_gen_andi_i32(tmp, tmp, 1 << 30);
3347                            store_cpu_field(tmp, vfp.xregs[rn]);
3348                            gen_lookup_tb(s);
3349                            break;
3350                        case ARM_VFP_FPINST:
3351                        case ARM_VFP_FPINST2:
3352                            if (IS_USER(s)) {
3353                                return 1;
3354                            }
3355                            tmp = load_reg(s, rd);
3356                            store_cpu_field(tmp, vfp.xregs[rn]);
3357                            break;
3358                        default:
3359                            return 1;
3360                        }
3361                    } else {
3362                        tmp = load_reg(s, rd);
3363                        gen_vfp_msr(tmp);
3364                        gen_mov_vreg_F0(0, rn);
3365                    }
3366                }
3367            }
3368        } else {
3369            /* data processing */
3370            /* The opcode is in bits 23, 21, 20 and 6.  */
3371            op = ((insn >> 20) & 8) | ((insn >> 19) & 6) | ((insn >> 6) & 1);
3372            if (dp) {
3373                if (op == 15) {
3374                    /* rn is opcode */
3375                    rn = ((insn >> 15) & 0x1e) | ((insn >> 7) & 1);
3376                } else {
3377                    /* rn is register number */
3378                    VFP_DREG_N(rn, insn);
3379                }
3380
3381                if (op == 15 && (rn == 15 || ((rn & 0x1c) == 0x18) ||
3382                                 ((rn & 0x1e) == 0x6))) {
3383                    /* Integer or single/half precision destination.  */
3384                    rd = VFP_SREG_D(insn);
3385                } else {
3386                    VFP_DREG_D(rd, insn);
3387                }
3388                if (op == 15 &&
3389                    (((rn & 0x1c) == 0x10) || ((rn & 0x14) == 0x14) ||
3390                     ((rn & 0x1e) == 0x4))) {
3391                    /* VCVT from int or half precision is always from S reg
3392                     * regardless of dp bit. VCVT with immediate frac_bits
3393                     * has same format as SREG_M.
3394                     */
3395                    rm = VFP_SREG_M(insn);
3396                } else {
3397                    VFP_DREG_M(rm, insn);
3398                }
3399            } else {
3400                rn = VFP_SREG_N(insn);
3401                if (op == 15 && rn == 15) {
3402                    /* Double precision destination.  */
3403                    VFP_DREG_D(rd, insn);
3404                } else {
3405                    rd = VFP_SREG_D(insn);
3406                }
3407                /* NB that we implicitly rely on the encoding for the frac_bits
3408                 * in VCVT of fixed to float being the same as that of an SREG_M
3409                 */
3410                rm = VFP_SREG_M(insn);
3411            }
3412
3413            veclen = s->vec_len;
3414            if (op == 15 && rn > 3)
3415                veclen = 0;
3416
3417            /* Shut up compiler warnings.  */
3418            delta_m = 0;
3419            delta_d = 0;
3420            bank_mask = 0;
3421
3422            if (veclen > 0) {
3423                if (dp)
3424                    bank_mask = 0xc;
3425                else
3426                    bank_mask = 0x18;
3427
3428                /* Figure out what type of vector operation this is.  */
3429                if ((rd & bank_mask) == 0) {
3430                    /* scalar */
3431                    veclen = 0;
3432                } else {
3433                    if (dp)
3434                        delta_d = (s->vec_stride >> 1) + 1;
3435                    else
3436                        delta_d = s->vec_stride + 1;
3437
3438                    if ((rm & bank_mask) == 0) {
3439                        /* mixed scalar/vector */
3440                        delta_m = 0;
3441                    } else {
3442                        /* vector */
3443                        delta_m = delta_d;
3444                    }
3445                }
3446            }
3447
3448            /* Load the initial operands.  */
3449            if (op == 15) {
3450                switch (rn) {
3451                case 16:
3452                case 17:
3453                    /* Integer source */
3454                    gen_mov_F0_vreg(0, rm);
3455                    break;
3456                case 8:
3457                case 9:
3458                    /* Compare */
3459                    gen_mov_F0_vreg(dp, rd);
3460                    gen_mov_F1_vreg(dp, rm);
3461                    break;
3462                case 10:
3463                case 11:
3464                    /* Compare with zero */
3465                    gen_mov_F0_vreg(dp, rd);
3466                    gen_vfp_F1_ld0(dp);
3467                    break;
3468                case 20:
3469                case 21:
3470                case 22:
3471                case 23:
3472                case 28:
3473                case 29:
3474                case 30:
3475                case 31:
3476                    /* Source and destination the same.  */
3477                    gen_mov_F0_vreg(dp, rd);
3478                    break;
3479                case 4:
3480                case 5:
3481                case 6:
3482                case 7:
3483                    /* VCVTB, VCVTT: only present with the halfprec extension
3484                     * UNPREDICTABLE if bit 8 is set prior to ARMv8
3485                     * (we choose to UNDEF)
3486                     */
3487                    if ((dp && !arm_dc_feature(s, ARM_FEATURE_V8)) ||
3488                        !arm_dc_feature(s, ARM_FEATURE_VFP_FP16)) {
3489                        return 1;
3490                    }
3491                    if (!extract32(rn, 1, 1)) {
3492                        /* Half precision source.  */
3493                        gen_mov_F0_vreg(0, rm);
3494                        break;
3495                    }
3496                    /* Otherwise fall through */
3497                default:
3498                    /* One source operand.  */
3499                    gen_mov_F0_vreg(dp, rm);
3500                    break;
3501                }
3502            } else {
3503                /* Two source operands.  */
3504                gen_mov_F0_vreg(dp, rn);
3505                gen_mov_F1_vreg(dp, rm);
3506            }
3507
3508            for (;;) {
3509                /* Perform the calculation.  */
3510                switch (op) {
3511                case 0: /* VMLA: fd + (fn * fm) */
3512                    /* Note that order of inputs to the add matters for NaNs */
3513                    gen_vfp_F1_mul(dp);
3514                    gen_mov_F0_vreg(dp, rd);
3515                    gen_vfp_add(dp);
3516                    break;
3517                case 1: /* VMLS: fd + -(fn * fm) */
3518                    gen_vfp_mul(dp);
3519                    gen_vfp_F1_neg(dp);
3520                    gen_mov_F0_vreg(dp, rd);
3521                    gen_vfp_add(dp);
3522                    break;
3523                case 2: /* VNMLS: -fd + (fn * fm) */
3524                    /* Note that it isn't valid to replace (-A + B) with (B - A)
3525                     * or similar plausible looking simplifications
3526                     * because this will give wrong results for NaNs.
3527                     */
3528                    gen_vfp_F1_mul(dp);
3529                    gen_mov_F0_vreg(dp, rd);
3530                    gen_vfp_neg(dp);
3531                    gen_vfp_add(dp);
3532                    break;
3533                case 3: /* VNMLA: -fd + -(fn * fm) */
3534                    gen_vfp_mul(dp);
3535                    gen_vfp_F1_neg(dp);
3536                    gen_mov_F0_vreg(dp, rd);
3537                    gen_vfp_neg(dp);
3538                    gen_vfp_add(dp);
3539                    break;
3540                case 4: /* mul: fn * fm */
3541                    gen_vfp_mul(dp);
3542                    break;
3543                case 5: /* nmul: -(fn * fm) */
3544                    gen_vfp_mul(dp);
3545                    gen_vfp_neg(dp);
3546                    break;
3547                case 6: /* add: fn + fm */
3548                    gen_vfp_add(dp);
3549                    break;
3550                case 7: /* sub: fn - fm */
3551                    gen_vfp_sub(dp);
3552                    break;
3553                case 8: /* div: fn / fm */
3554                    gen_vfp_div(dp);
3555                    break;
3556                case 10: /* VFNMA : fd = muladd(-fd,  fn, fm) */
3557                case 11: /* VFNMS : fd = muladd(-fd, -fn, fm) */
3558                case 12: /* VFMA  : fd = muladd( fd,  fn, fm) */
3559                case 13: /* VFMS  : fd = muladd( fd, -fn, fm) */
3560                    /* These are fused multiply-add, and must be done as one
3561                     * floating point operation with no rounding between the
3562                     * multiplication and addition steps.
3563                     * NB that doing the negations here as separate steps is
3564                     * correct : an input NaN should come out with its sign bit
3565                     * flipped if it is a negated-input.
3566                     */
3567                    if (!arm_dc_feature(s, ARM_FEATURE_VFP4)) {
3568                        return 1;
3569                    }
3570                    if (dp) {
3571                        TCGv_ptr fpst;
3572                        TCGv_i64 frd;
3573                        if (op & 1) {
3574                            /* VFNMS, VFMS */
3575                            gen_helper_vfp_negd(cpu_F0d, cpu_F0d);
3576                        }
3577                        frd = tcg_temp_new_i64();
3578                        tcg_gen_ld_f64(frd, cpu_env, vfp_reg_offset(dp, rd));
3579                        if (op & 2) {
3580                            /* VFNMA, VFNMS */
3581                            gen_helper_vfp_negd(frd, frd);
3582                        }
3583                        fpst = get_fpstatus_ptr(0);
3584                        gen_helper_vfp_muladdd(cpu_F0d, cpu_F0d,
3585                                               cpu_F1d, frd, fpst);
3586                        tcg_temp_free_ptr(fpst);
3587                        tcg_temp_free_i64(frd);
3588                    } else {
3589                        TCGv_ptr fpst;
3590                        TCGv_i32 frd;
3591                        if (op & 1) {
3592                            /* VFNMS, VFMS */
3593                            gen_helper_vfp_negs(cpu_F0s, cpu_F0s);
3594                        }
3595                        frd = tcg_temp_new_i32();
3596                        tcg_gen_ld_f32(frd, cpu_env, vfp_reg_offset(dp, rd));
3597                        if (op & 2) {
3598                            gen_helper_vfp_negs(frd, frd);
3599                        }
3600                        fpst = get_fpstatus_ptr(0);
3601                        gen_helper_vfp_muladds(cpu_F0s, cpu_F0s,
3602                                               cpu_F1s, frd, fpst);
3603                        tcg_temp_free_ptr(fpst);
3604                        tcg_temp_free_i32(frd);
3605                    }
3606                    break;
3607                case 14: /* fconst */
3608                    if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3609                        return 1;
3610                    }
3611
3612                    n = (insn << 12) & 0x80000000;
3613                    i = ((insn >> 12) & 0x70) | (insn & 0xf);
3614                    if (dp) {
3615                        if (i & 0x40)
3616                            i |= 0x3f80;
3617                        else
3618                            i |= 0x4000;
3619                        n |= i << 16;
3620                        tcg_gen_movi_i64(cpu_F0d, ((uint64_t)n) << 32);
3621                    } else {
3622                        if (i & 0x40)
3623                            i |= 0x780;
3624                        else
3625                            i |= 0x800;
3626                        n |= i << 19;
3627                        tcg_gen_movi_i32(cpu_F0s, n);
3628                    }
3629                    break;
3630                case 15: /* extension space */
3631                    switch (rn) {
3632                    case 0: /* cpy */
3633                        /* no-op */
3634                        break;
3635                    case 1: /* abs */
3636                        gen_vfp_abs(dp);
3637                        break;
3638                    case 2: /* neg */
3639                        gen_vfp_neg(dp);
3640                        break;
3641                    case 3: /* sqrt */
3642                        gen_vfp_sqrt(dp);
3643                        break;
3644                    case 4: /* vcvtb.f32.f16, vcvtb.f64.f16 */
3645                        tmp = gen_vfp_mrs();
3646                        tcg_gen_ext16u_i32(tmp, tmp);
3647                        if (dp) {
3648                            gen_helper_vfp_fcvt_f16_to_f64(cpu_F0d, tmp,
3649                                                           cpu_env);
3650                        } else {
3651                            gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp,
3652                                                           cpu_env);
3653                        }
3654                        tcg_temp_free_i32(tmp);
3655                        break;
3656                    case 5: /* vcvtt.f32.f16, vcvtt.f64.f16 */
3657                        tmp = gen_vfp_mrs();
3658                        tcg_gen_shri_i32(tmp, tmp, 16);
3659                        if (dp) {
3660                            gen_helper_vfp_fcvt_f16_to_f64(cpu_F0d, tmp,
3661                                                           cpu_env);
3662                        } else {
3663                            gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp,
3664                                                           cpu_env);
3665                        }
3666                        tcg_temp_free_i32(tmp);
3667                        break;
3668                    case 6: /* vcvtb.f16.f32, vcvtb.f16.f64 */
3669                        tmp = tcg_temp_new_i32();
3670                        if (dp) {
3671                            gen_helper_vfp_fcvt_f64_to_f16(tmp, cpu_F0d,
3672                                                           cpu_env);
3673                        } else {
3674                            gen_helper_vfp_fcvt_f32_to_f16(tmp, cpu_F0s,
3675                                                           cpu_env);
3676                        }
3677                        gen_mov_F0_vreg(0, rd);
3678                        tmp2 = gen_vfp_mrs();
3679                        tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
3680                        tcg_gen_or_i32(tmp, tmp, tmp2);
3681                        tcg_temp_free_i32(tmp2);
3682                        gen_vfp_msr(tmp);
3683                        break;
3684                    case 7: /* vcvtt.f16.f32, vcvtt.f16.f64 */
3685                        tmp = tcg_temp_new_i32();
3686                        if (dp) {
3687                            gen_helper_vfp_fcvt_f64_to_f16(tmp, cpu_F0d,
3688                                                           cpu_env);
3689                        } else {
3690                            gen_helper_vfp_fcvt_f32_to_f16(tmp, cpu_F0s,
3691                                                           cpu_env);
3692                        }
3693                        tcg_gen_shli_i32(tmp, tmp, 16);
3694                        gen_mov_F0_vreg(0, rd);
3695                        tmp2 = gen_vfp_mrs();
3696                        tcg_gen_ext16u_i32(tmp2, tmp2);
3697                        tcg_gen_or_i32(tmp, tmp, tmp2);
3698                        tcg_temp_free_i32(tmp2);
3699                        gen_vfp_msr(tmp);
3700                        break;
3701                    case 8: /* cmp */
3702                        gen_vfp_cmp(dp);
3703                        break;
3704                    case 9: /* cmpe */
3705                        gen_vfp_cmpe(dp);
3706                        break;
3707                    case 10: /* cmpz */
3708                        gen_vfp_cmp(dp);
3709                        break;
3710                    case 11: /* cmpez */
3711                        gen_vfp_F1_ld0(dp);
3712                        gen_vfp_cmpe(dp);
3713                        break;
3714                    case 12: /* vrintr */
3715                    {
3716                        TCGv_ptr fpst = get_fpstatus_ptr(0);
3717                        if (dp) {
3718                            gen_helper_rintd(cpu_F0d, cpu_F0d, fpst);
3719                        } else {
3720                            gen_helper_rints(cpu_F0s, cpu_F0s, fpst);
3721                        }
3722                        tcg_temp_free_ptr(fpst);
3723                        break;
3724                    }
3725                    case 13: /* vrintz */
3726                    {
3727                        TCGv_ptr fpst = get_fpstatus_ptr(0);
3728                        TCGv_i32 tcg_rmode;
3729                        tcg_rmode = tcg_const_i32(float_round_to_zero);
3730                        gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
3731                        if (dp) {
3732                            gen_helper_rintd(cpu_F0d, cpu_F0d, fpst);
3733                        } else {
3734                            gen_helper_rints(cpu_F0s, cpu_F0s, fpst);
3735                        }
3736                        gen_helper_set_rmode(tcg_rmode, tcg_rmode, cpu_env);
3737                        tcg_temp_free_i32(tcg_rmode);
3738                        tcg_temp_free_ptr(fpst);
3739                        break;
3740                    }
3741                    case 14: /* vrintx */
3742                    {
3743                        TCGv_ptr fpst = get_fpstatus_ptr(0);
3744                        if (dp) {
3745                            gen_helper_rintd_exact(cpu_F0d, cpu_F0d, fpst);
3746                        } else {
3747                            gen_helper_rints_exact(cpu_F0s, cpu_F0s, fpst);
3748                        }
3749                        tcg_temp_free_ptr(fpst);
3750                        break;
3751                    }
3752                    case 15: /* single<->double conversion */
3753                        if (dp)
3754                            gen_helper_vfp_fcvtsd(cpu_F0s, cpu_F0d, cpu_env);
3755                        else
3756                            gen_helper_vfp_fcvtds(cpu_F0d, cpu_F0s, cpu_env);
3757                        break;
3758                    case 16: /* fuito */
3759                        gen_vfp_uito(dp, 0);
3760                        break;
3761                    case 17: /* fsito */
3762                        gen_vfp_sito(dp, 0);
3763                        break;
3764                    case 20: /* fshto */
3765                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3766                            return 1;
3767                        }
3768                        gen_vfp_shto(dp, 16 - rm, 0);
3769                        break;
3770                    case 21: /* fslto */
3771                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3772                            return 1;
3773                        }
3774                        gen_vfp_slto(dp, 32 - rm, 0);
3775                        break;
3776                    case 22: /* fuhto */
3777                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3778                            return 1;
3779                        }
3780                        gen_vfp_uhto(dp, 16 - rm, 0);
3781                        break;
3782                    case 23: /* fulto */
3783                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3784                            return 1;
3785                        }
3786                        gen_vfp_ulto(dp, 32 - rm, 0);
3787                        break;
3788                    case 24: /* ftoui */
3789                        gen_vfp_toui(dp, 0);
3790                        break;
3791                    case 25: /* ftouiz */
3792                        gen_vfp_touiz(dp, 0);
3793                        break;
3794                    case 26: /* ftosi */
3795                        gen_vfp_tosi(dp, 0);
3796                        break;
3797                    case 27: /* ftosiz */
3798                        gen_vfp_tosiz(dp, 0);
3799                        break;
3800                    case 28: /* ftosh */
3801                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3802                            return 1;
3803                        }
3804                        gen_vfp_tosh(dp, 16 - rm, 0);
3805                        break;
3806                    case 29: /* ftosl */
3807                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3808                            return 1;
3809                        }
3810                        gen_vfp_tosl(dp, 32 - rm, 0);
3811                        break;
3812                    case 30: /* ftouh */
3813                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3814                            return 1;
3815                        }
3816                        gen_vfp_touh(dp, 16 - rm, 0);
3817                        break;
3818                    case 31: /* ftoul */
3819                        if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
3820                            return 1;
3821                        }
3822                        gen_vfp_toul(dp, 32 - rm, 0);
3823                        break;
3824                    default: /* undefined */
3825                        return 1;
3826                    }
3827                    break;
3828                default: /* undefined */
3829                    return 1;
3830                }
3831
3832                /* Write back the result.  */
3833                if (op == 15 && (rn >= 8 && rn <= 11)) {
3834                    /* Comparison, do nothing.  */
3835                } else if (op == 15 && dp && ((rn & 0x1c) == 0x18 ||
3836                                              (rn & 0x1e) == 0x6)) {
3837                    /* VCVT double to int: always integer result.
3838                     * VCVT double to half precision is always a single
3839                     * precision result.
3840                     */
3841                    gen_mov_vreg_F0(0, rd);
3842                } else if (op == 15 && rn == 15) {
3843                    /* conversion */
3844                    gen_mov_vreg_F0(!dp, rd);
3845                } else {
3846                    gen_mov_vreg_F0(dp, rd);
3847                }
3848
3849                /* break out of the loop if we have finished  */
3850                if (veclen == 0)
3851                    break;
3852
3853                if (op == 15 && delta_m == 0) {
3854                    /* single source one-many */
3855                    while (veclen--) {
3856                        rd = ((rd + delta_d) & (bank_mask - 1))
3857                             | (rd & bank_mask);
3858                        gen_mov_vreg_F0(dp, rd);
3859                    }
3860                    break;
3861                }
3862                /* Setup the next operands.  */
3863                veclen--;
3864                rd = ((rd + delta_d) & (bank_mask - 1))
3865                     | (rd & bank_mask);
3866
3867                if (op == 15) {
3868                    /* One source operand.  */
3869                    rm = ((rm + delta_m) & (bank_mask - 1))
3870                         | (rm & bank_mask);
3871                    gen_mov_F0_vreg(dp, rm);
3872                } else {
3873                    /* Two source operands.  */
3874                    rn = ((rn + delta_d) & (bank_mask - 1))
3875                         | (rn & bank_mask);
3876                    gen_mov_F0_vreg(dp, rn);
3877                    if (delta_m) {
3878                        rm = ((rm + delta_m) & (bank_mask - 1))
3879                             | (rm & bank_mask);
3880                        gen_mov_F1_vreg(dp, rm);
3881                    }
3882                }
3883            }
3884        }
3885        break;
3886    case 0xc:
3887    case 0xd:
3888        if ((insn & 0x03e00000) == 0x00400000) {
3889            /* two-register transfer */
3890            rn = (insn >> 16) & 0xf;
3891            rd = (insn >> 12) & 0xf;
3892            if (dp) {
3893                VFP_DREG_M(rm, insn);
3894            } else {
3895                rm = VFP_SREG_M(insn);
3896            }
3897
3898            if (insn & ARM_CP_RW_BIT) {
3899                /* vfp->arm */
3900                if (dp) {
3901                    gen_mov_F0_vreg(0, rm * 2);
3902                    tmp = gen_vfp_mrs();
3903                    store_reg(s, rd, tmp);
3904                    gen_mov_F0_vreg(0, rm * 2 + 1);
3905                    tmp = gen_vfp_mrs();
3906                    store_reg(s, rn, tmp);
3907                } else {
3908                    gen_mov_F0_vreg(0, rm);
3909                    tmp = gen_vfp_mrs();
3910                    store_reg(s, rd, tmp);
3911                    gen_mov_F0_vreg(0, rm + 1);
3912                    tmp = gen_vfp_mrs();
3913                    store_reg(s, rn, tmp);
3914                }
3915            } else {
3916                /* arm->vfp */
3917                if (dp) {
3918                    tmp = load_reg(s, rd);
3919                    gen_vfp_msr(tmp);
3920                    gen_mov_vreg_F0(0, rm * 2);
3921                    tmp = load_reg(s, rn);
3922                    gen_vfp_msr(tmp);
3923                    gen_mov_vreg_F0(0, rm * 2 + 1);
3924                } else {
3925                    tmp = load_reg(s, rd);
3926                    gen_vfp_msr(tmp);
3927                    gen_mov_vreg_F0(0, rm);
3928                    tmp = load_reg(s, rn);
3929                    gen_vfp_msr(tmp);
3930                    gen_mov_vreg_F0(0, rm + 1);
3931                }
3932            }
3933        } else {
3934            /* Load/store */
3935            rn = (insn >> 16) & 0xf;
3936            if (dp)
3937                VFP_DREG_D(rd, insn);
3938            else
3939                rd = VFP_SREG_D(insn);
3940            if ((insn & 0x01200000) == 0x01000000) {
3941                /* Single load/store */
3942                offset = (insn & 0xff) << 2;
3943                if ((insn & (1 << 23)) == 0)
3944                    offset = -offset;
3945                if (s->thumb && rn == 15) {
3946                    /* This is actually UNPREDICTABLE */
3947                    addr = tcg_temp_new_i32();
3948                    tcg_gen_movi_i32(addr, s->pc & ~2);
3949                } else {
3950                    addr = load_reg(s, rn);
3951                }
3952                tcg_gen_addi_i32(addr, addr, offset);
3953                if (insn & (1 << 20)) {
3954                    gen_vfp_ld(s, dp, addr);
3955                    gen_mov_vreg_F0(dp, rd);
3956                } else {
3957                    gen_mov_F0_vreg(dp, rd);
3958                    gen_vfp_st(s, dp, addr);
3959                }
3960                tcg_temp_free_i32(addr);
3961            } else {
3962                /* load/store multiple */
3963                int w = insn & (1 << 21);
3964                if (dp)
3965                    n = (insn >> 1) & 0x7f;
3966                else
3967                    n = insn & 0xff;
3968
3969                if (w && !(((insn >> 23) ^ (insn >> 24)) & 1)) {
3970                    /* P == U , W == 1  => UNDEF */
3971                    return 1;
3972                }
3973                if (n == 0 || (rd + n) > 32 || (dp && n > 16)) {
3974                    /* UNPREDICTABLE cases for bad immediates: we choose to
3975                     * UNDEF to avoid generating huge numbers of TCG ops
3976                     */
3977                    return 1;
3978                }
3979                if (rn == 15 && w) {
3980                    /* writeback to PC is UNPREDICTABLE, we choose to UNDEF */
3981                    return 1;
3982                }
3983
3984                if (s->thumb && rn == 15) {
3985                    /* This is actually UNPREDICTABLE */
3986                    addr = tcg_temp_new_i32();
3987                    tcg_gen_movi_i32(addr, s->pc & ~2);
3988                } else {
3989                    addr = load_reg(s, rn);
3990                }
3991                if (insn & (1 << 24)) /* pre-decrement */
3992                    tcg_gen_addi_i32(addr, addr, -((insn & 0xff) << 2));
3993
3994                if (dp)
3995                    offset = 8;
3996                else
3997                    offset = 4;
3998                for (i = 0; i < n; i++) {
3999                    if (insn & ARM_CP_RW_BIT) {
4000                        /* load */

4001                        gen_vfp_ld(s, dp, addr);
4002                        gen_mov_vreg_F0(dp, rd + i);
4003                    } else {
4004                        /* store */
4005                        gen_mov_F0_vreg(dp, rd + i);
4006                        gen_vfp_st(s, dp, addr);
4007                    }
4008                    tcg_gen_addi_i32(addr, addr, offset);
4009                }
4010                if (w) {
4011                    /* writeback */
4012                    if (insn & (1 << 24))
4013                        offset = -offset * n;
4014                    else if (dp && (insn & 1))
4015                        offset = 4;
4016                    else
4017                        offset = 0;
4018
4019                    if (offset != 0)
4020                        tcg_gen_addi_i32(addr, addr, offset);
4021                    store_reg(s, rn, addr);
4022                } else {
4023                    tcg_temp_free_i32(addr);
4024                }
4025            }
4026        }
4027        break;
4028    default:
4029        /* Should never happen.  */
4030        return 1;
4031    }
4032    return 0;
4033}
4034
4035static inline bool use_goto_tb(DisasContext *s, target_ulong dest)
4036{
4037#ifndef CONFIG_USER_ONLY
4038    return (s->tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
4039           ((s->pc - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
4040#else
4041    return true;
4042#endif
4043}
4044
4045static inline void gen_goto_tb(DisasContext *s, int n, target_ulong dest)
4046{
4047    if (use_goto_tb(s, dest)) {
4048        tcg_gen_goto_tb(n);
4049        gen_set_pc_im(s, dest);
4050        tcg_gen_exit_tb((uintptr_t)s->tb + n);
4051    } else {
4052        gen_set_pc_im(s, dest);
4053        tcg_gen_exit_tb(0);
4054    }
4055}
4056
4057static inline void gen_jmp (DisasContext *s, uint32_t dest)
4058{
4059    if (unlikely(s->singlestep_enabled || s->ss_active)) {
4060        /* An indirect jump so that we still trigger the debug exception.  */
4061        if (s->thumb)
4062            dest |= 1;
4063        gen_bx_im(s, dest);
4064    } else {
4065        gen_goto_tb(s, 0, dest);
4066        s->is_jmp = DISAS_TB_JUMP;
4067    }
4068}
4069
4070static inline void gen_mulxy(TCGv_i32 t0, TCGv_i32 t1, int x, int y)
4071{
4072    if (x)
4073        tcg_gen_sari_i32(t0, t0, 16);
4074    else
4075        gen_sxth(t0);
4076    if (y)
4077        tcg_gen_sari_i32(t1, t1, 16);
4078    else
4079        gen_sxth(t1);
4080    tcg_gen_mul_i32(t0, t0, t1);
4081}
4082
4083/* Return the mask of PSR bits set by a MSR instruction.  */
4084static uint32_t msr_mask(DisasContext *s, int flags, int spsr)
4085{
4086    uint32_t mask;
4087
4088    mask = 0;
4089    if (flags & (1 << 0))
4090        mask |= 0xff;
4091    if (flags & (1 << 1))
4092        mask |= 0xff00;
4093    if (flags & (1 << 2))
4094        mask |= 0xff0000;
4095    if (flags & (1 << 3))
4096        mask |= 0xff000000;
4097
4098    /* Mask out undefined bits.  */
4099    mask &= ~CPSR_RESERVED;
4100    if (!arm_dc_feature(s, ARM_FEATURE_V4T)) {
4101        mask &= ~CPSR_T;
4102    }
4103    if (!arm_dc_feature(s, ARM_FEATURE_V5)) {
4104        mask &= ~CPSR_Q; /* V5TE in reality*/
4105    }
4106    if (!arm_dc_feature(s, ARM_FEATURE_V6)) {
4107        mask &= ~(CPSR_E | CPSR_GE);
4108    }
4109    if (!arm_dc_feature(s, ARM_FEATURE_THUMB2)) {
4110        mask &= ~CPSR_IT;
4111    }
4112    /* Mask out execution state and reserved bits.  */
4113    if (!spsr) {
4114        mask &= ~(CPSR_EXEC | CPSR_RESERVED);
4115    }
4116    /* Mask out privileged bits.  */
4117    if (IS_USER(s))
4118        mask &= CPSR_USER;
4119    return mask;
4120}
4121
4122/* Returns nonzero if access to the PSR is not permitted. Marks t0 as dead. */
4123static int gen_set_psr(DisasContext *s, uint32_t mask, int spsr, TCGv_i32 t0)
4124{
4125    TCGv_i32 tmp;
4126    if (spsr) {
4127        /* ??? This is also undefined in system mode.  */
4128        if (IS_USER(s))
4129            return 1;
4130
4131        tmp = load_cpu_field(spsr);
4132        tcg_gen_andi_i32(tmp, tmp, ~mask);
4133        tcg_gen_andi_i32(t0, t0, mask);
4134        tcg_gen_or_i32(tmp, tmp, t0);
4135        store_cpu_field(tmp, spsr);
4136    } else {
4137        gen_set_cpsr(t0, mask);
4138    }
4139    tcg_temp_free_i32(t0);
4140    gen_lookup_tb(s);
4141    return 0;
4142}
4143
4144/* Returns nonzero if access to the PSR is not permitted.  */
4145static int gen_set_psr_im(DisasContext *s, uint32_t mask, int spsr, uint32_t val)
4146{
4147    TCGv_i32 tmp;
4148    tmp = tcg_temp_new_i32();
4149    tcg_gen_movi_i32(tmp, val);
4150    return gen_set_psr(s, mask, spsr, tmp);
4151}
4152
4153static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
4154                                     int *tgtmode, int *regno)
4155{
4156    /* Decode the r and sysm fields of MSR/MRS banked accesses into
4157     * the target mode and register number, and identify the various
4158     * unpredictable cases.
4159     * MSR (banked) and MRS (banked) are CONSTRAINED UNPREDICTABLE if:
4160     *  + executed in user mode
4161     *  + using R15 as the src/dest register
4162     *  + accessing an unimplemented register
4163     *  + accessing a register that's inaccessible at current PL/security state*
4164     *  + accessing a register that you could access with a different insn
4165     * We choose to UNDEF in all these cases.
4166     * Since we don't know which of the various AArch32 modes we are in
4167     * we have to defer some checks to runtime.
4168     * Accesses to Monitor mode registers from Secure EL1 (which implies
4169     * that EL3 is AArch64) must trap to EL3.
4170     *
4171     * If the access checks fail this function will emit code to take
4172     * an exception and return false. Otherwise it will return true,
4173     * and set *tgtmode and *regno appropriately.
4174     */
4175    int exc_target = default_exception_el(s);
4176
4177    /* These instructions are present only in ARMv8, or in ARMv7 with the
4178     * Virtualization Extensions.
4179     */
4180    if (!arm_dc_feature(s, ARM_FEATURE_V8) &&
4181        !arm_dc_feature(s, ARM_FEATURE_EL2)) {
4182        goto undef;
4183    }
4184
4185    if (IS_USER(s) || rn == 15) {
4186        goto undef;
4187    }
4188
4189    /* The table in the v8 ARM ARM section F5.2.3 describes the encoding
4190     * of registers into (r, sysm).
4191     */
4192    if (r) {
4193        /* SPSRs for other modes */
4194        switch (sysm) {
4195        case 0xe: /* SPSR_fiq */
4196            *tgtmode = ARM_CPU_MODE_FIQ;
4197            break;
4198        case 0x10: /* SPSR_irq */
4199            *tgtmode = ARM_CPU_MODE_IRQ;
4200            break;
4201        case 0x12: /* SPSR_svc */
4202            *tgtmode = ARM_CPU_MODE_SVC;
4203            break;
4204        case 0x14: /* SPSR_abt */
4205            *tgtmode = ARM_CPU_MODE_ABT;
4206            break;
4207        case 0x16: /* SPSR_und */
4208            *tgtmode = ARM_CPU_MODE_UND;
4209            break;
4210        case 0x1c: /* SPSR_mon */
4211            *tgtmode = ARM_CPU_MODE_MON;
4212            break;
4213        case 0x1e: /* SPSR_hyp */
4214            *tgtmode = ARM_CPU_MODE_HYP;
4215            break;
4216        default: /* unallocated */
4217            goto undef;
4218        }
4219        /* We arbitrarily assign SPSR a register number of 16. */
4220        *regno = 16;
4221    } else {
4222        /* general purpose registers for other modes */
4223        switch (sysm) {
4224        case 0x0 ... 0x6:   /* 0b00xxx : r8_usr ... r14_usr */
4225            *tgtmode = ARM_CPU_MODE_USR;
4226            *regno = sysm + 8;
4227            break;
4228        case 0x8 ... 0xe:   /* 0b01xxx : r8_fiq ... r14_fiq */
4229            *tgtmode = ARM_CPU_MODE_FIQ;
4230            *regno = sysm;
4231            break;
4232        case 0x10 ... 0x11: /* 0b1000x : r14_irq, r13_irq */
4233            *tgtmode = ARM_CPU_MODE_IRQ;
4234            *regno = sysm & 1 ? 13 : 14;
4235            break;
4236        case 0x12 ... 0x13: /* 0b1001x : r14_svc, r13_svc */
4237            *tgtmode = ARM_CPU_MODE_SVC;
4238            *regno = sysm & 1 ? 13 : 14;
4239            break;
4240        case 0x14 ... 0x15: /* 0b1010x : r14_abt, r13_abt */
4241            *tgtmode = ARM_CPU_MODE_ABT;
4242            *regno = sysm & 1 ? 13 : 14;
4243            break;
4244        case 0x16 ... 0x17: /* 0b1011x : r14_und, r13_und */
4245            *tgtmode = ARM_CPU_MODE_UND;
4246            *regno = sysm & 1 ? 13 : 14;
4247            break;
4248        case 0x1c ... 0x1d: /* 0b1110x : r14_mon, r13_mon */
4249            *tgtmode = ARM_CPU_MODE_MON;
4250            *regno = sysm & 1 ? 13 : 14;
4251            break;
4252        case 0x1e ... 0x1f: /* 0b1111x : elr_hyp, r13_hyp */
4253            *tgtmode = ARM_CPU_MODE_HYP;
4254            /* Arbitrarily pick 17 for ELR_Hyp (which is not a banked LR!) */
4255            *regno = sysm & 1 ? 13 : 17;
4256            break;
4257        default: /* unallocated */
4258            goto undef;
4259        }
4260    }
4261
4262    /* Catch the 'accessing inaccessible register' cases we can detect
4263     * at translate time.
4264     */
4265    switch (*tgtmode) {
4266    case ARM_CPU_MODE_MON:
4267        if (!arm_dc_feature(s, ARM_FEATURE_EL3) || s->ns) {
4268            goto undef;
4269        }
4270        if (s->current_el == 1) {
4271            /* If we're in Secure EL1 (which implies that EL3 is AArch64)
4272             * then accesses to Mon registers trap to EL3
4273             */
4274            exc_target = 3;
4275            goto undef;
4276        }
4277        break;
4278    case ARM_CPU_MODE_HYP:
4279        /* Note that we can forbid accesses from EL2 here because they
4280         * must be from Hyp mode itself
4281         */
4282        if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 3) {
4283            goto undef;
4284        }
4285        break;
4286    default:
4287        break;
4288    }
4289
4290    return true;
4291
4292undef:
4293    /* If we get here then some access check did not pass */
4294    gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(), exc_target);
4295    return false;
4296}
4297
4298static void gen_msr_banked(DisasContext *s, int r, int sysm, int rn)
4299{
4300    TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
4301    int tgtmode = 0, regno = 0;
4302
4303    if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, &regno)) {
4304        return;
4305    }
4306
4307    /* Sync state because msr_banked() can raise exceptions */
4308    gen_set_condexec(s);
4309    gen_set_pc_im(s, s->pc - 4);
4310    tcg_reg = load_reg(s, rn);
4311    tcg_tgtmode = tcg_const_i32(tgtmode);
4312    tcg_regno = tcg_const_i32(regno);
4313    gen_helper_msr_banked(cpu_env, tcg_reg, tcg_tgtmode, tcg_regno);
4314    tcg_temp_free_i32(tcg_tgtmode);
4315    tcg_temp_free_i32(tcg_regno);
4316    tcg_temp_free_i32(tcg_reg);
4317    s->is_jmp = DISAS_UPDATE;
4318}
4319
4320static void gen_mrs_banked(DisasContext *s, int r, int sysm, int rn)
4321{
4322    TCGv_i32 tcg_reg, tcg_tgtmode, tcg_regno;
4323    int tgtmode = 0, regno = 0;
4324
4325    if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, &regno)) {
4326        return;
4327    }
4328
4329    /* Sync state because mrs_banked() can raise exceptions */
4330    gen_set_condexec(s);
4331    gen_set_pc_im(s, s->pc - 4);
4332    tcg_reg = tcg_temp_new_i32();
4333    tcg_tgtmode = tcg_const_i32(tgtmode);
4334    tcg_regno = tcg_const_i32(regno);
4335    gen_helper_mrs_banked(tcg_reg, cpu_env, tcg_tgtmode, tcg_regno);
4336    tcg_temp_free_i32(tcg_tgtmode);
4337    tcg_temp_free_i32(tcg_regno);
4338    store_reg(s, rn, tcg_reg);
4339    s->is_jmp = DISAS_UPDATE;
4340}
4341
4342/* Store value to PC as for an exception return (ie don't
4343 * mask bits). The subsequent call to gen_helper_cpsr_write_eret()
4344 * will do the masking based on the new value of the Thumb bit.
4345 */
4346static void store_pc_exc_ret(DisasContext *s, TCGv_i32 pc)
4347{
4348    tcg_gen_mov_i32(cpu_R[15], pc);
4349    tcg_temp_free_i32(pc);
4350}
4351
4352/* Generate a v6 exception return.  Marks both values as dead.  */
4353static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr)
4354{
4355    store_pc_exc_ret(s, pc);
4356    /* The cpsr_write_eret helper will mask the low bits of PC
4357     * appropriately depending on the new Thumb bit, so it must
4358     * be called after storing the new PC.
4359     */
4360    gen_helper_cpsr_write_eret(cpu_env, cpsr);
4361    tcg_temp_free_i32(cpsr);
4362    s->is_jmp = DISAS_JUMP;
4363}
4364
4365/* Generate an old-style exception return. Marks pc as dead. */
4366static void gen_exception_return(DisasContext *s, TCGv_i32 pc)
4367{
4368    gen_rfe(s, pc, load_cpu_field(spsr));
4369}
4370
4371static void gen_nop_hint(DisasContext *s, int val)
4372{
4373    switch (val) {
4374    case 1: /* yield */
4375        gen_set_pc_im(s, s->pc);
4376        s->is_jmp = DISAS_YIELD;
4377        break;
4378    case 3: /* wfi */
4379        gen_set_pc_im(s, s->pc);
4380        s->is_jmp = DISAS_WFI;
4381        break;
4382    case 2: /* wfe */
4383        gen_set_pc_im(s, s->pc);
4384        s->is_jmp = DISAS_WFE;
4385        break;
4386    case 4: /* sev */
4387    case 5: /* sevl */
4388        /* TODO: Implement SEV, SEVL and WFE.  May help SMP performance.  */
4389    default: /* nop */
4390        break;
4391    }
4392}
4393
4394#define CPU_V001 cpu_V0, cpu_V0, cpu_V1
4395
4396static inline void gen_neon_add(int size, TCGv_i32 t0, TCGv_i32 t1)
4397{
4398    switch (size) {
4399    case 0: gen_helper_neon_add_u8(t0, t0, t1); break;
4400    case 1: gen_helper_neon_add_u16(t0, t0, t1); break;
4401    case 2: tcg_gen_add_i32(t0, t0, t1); break;
4402    default: abort();
4403    }
4404}
4405
4406static inline void gen_neon_rsb(int size, TCGv_i32 t0, TCGv_i32 t1)
4407{
4408    switch (size) {
4409    case 0: gen_helper_neon_sub_u8(t0, t1, t0); break;
4410    case 1: gen_helper_neon_sub_u16(t0, t1, t0); break;
4411    case 2: tcg_gen_sub_i32(t0, t1, t0); break;
4412    default: return;
4413    }
4414}
4415
4416/* 32-bit pairwise ops end up the same as the elementwise versions.  */
4417#define gen_helper_neon_pmax_s32  gen_helper_neon_max_s32
4418#define gen_helper_neon_pmax_u32  gen_helper_neon_max_u32
4419#define gen_helper_neon_pmin_s32  gen_helper_neon_min_s32
4420#define gen_helper_neon_pmin_u32  gen_helper_neon_min_u32
4421
4422#define GEN_NEON_INTEGER_OP_ENV(name) do { \
4423    switch ((size << 1) | u) { \
4424    case 0: \
4425        gen_helper_neon_##name##_s8(tmp, cpu_env, tmp, tmp2); \
4426        break; \
4427    case 1: \
4428        gen_helper_neon_##name##_u8(tmp, cpu_env, tmp, tmp2); \
4429        break; \
4430    case 2: \
4431        gen_helper_neon_##name##_s16(tmp, cpu_env, tmp, tmp2); \
4432        break; \
4433    case 3: \
4434        gen_helper_neon_##name##_u16(tmp, cpu_env, tmp, tmp2); \
4435        break; \
4436    case 4: \
4437        gen_helper_neon_##name##_s32(tmp, cpu_env, tmp, tmp2); \
4438        break; \
4439    case 5: \
4440        gen_helper_neon_##name##_u32(tmp, cpu_env, tmp, tmp2); \
4441        break; \
4442    default: return 1; \
4443    }} while (0)
4444
4445#define GEN_NEON_INTEGER_OP(name) do { \
4446    switch ((size << 1) | u) { \
4447    case 0: \
4448        gen_helper_neon_##name##_s8(tmp, tmp, tmp2); \
4449        break; \
4450    case 1: \
4451        gen_helper_neon_##name##_u8(tmp, tmp, tmp2); \
4452        break; \
4453    case 2: \
4454        gen_helper_neon_##name##_s16(tmp, tmp, tmp2); \
4455        break; \
4456    case 3: \
4457        gen_helper_neon_##name##_u16(tmp, tmp, tmp2); \
4458        break; \
4459    case 4: \
4460        gen_helper_neon_##name##_s32(tmp, tmp, tmp2); \
4461        break; \
4462    case 5: \
4463        gen_helper_neon_##name##_u32(tmp, tmp, tmp2); \
4464        break; \
4465    default: return 1; \
4466    }} while (0)
4467
4468static TCGv_i32 neon_load_scratch(int scratch)
4469{
4470    TCGv_i32 tmp = tcg_temp_new_i32();
4471    tcg_gen_ld_i32(tmp, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
4472    return tmp;
4473}
4474
4475static void neon_store_scratch(int scratch, TCGv_i32 var)
4476{
4477    tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
4478    tcg_temp_free_i32(var);
4479}
4480
4481static inline TCGv_i32 neon_get_scalar(int size, int reg)
4482{
4483    TCGv_i32 tmp;
4484    if (size == 1) {
4485        tmp = neon_load_reg(reg & 7, reg >> 4);
4486        if (reg & 8) {
4487            gen_neon_dup_high16(tmp);
4488        } else {
4489            gen_neon_dup_low16(tmp);
4490        }
4491    } else {
4492        tmp = neon_load_reg(reg & 15, reg >> 4);
4493    }
4494    return tmp;
4495}
4496
4497static int gen_neon_unzip(int rd, int rm, int size, int q)
4498{
4499    TCGv_i32 tmp, tmp2;
4500    if (!q && size == 2) {
4501        return 1;
4502    }
4503    tmp = tcg_const_i32(rd);
4504    tmp2 = tcg_const_i32(rm);
4505    if (q) {
4506        switch (size) {
4507        case 0:
4508            gen_helper_neon_qunzip8(cpu_env, tmp, tmp2);
4509            break;
4510        case 1:
4511            gen_helper_neon_qunzip16(cpu_env, tmp, tmp2);
4512            break;
4513        case 2:
4514            gen_helper_neon_qunzip32(cpu_env, tmp, tmp2);
4515            break;
4516        default:
4517            abort();
4518        }
4519    } else {
4520        switch (size) {
4521        case 0:
4522            gen_helper_neon_unzip8(cpu_env, tmp, tmp2);
4523            break;
4524        case 1:
4525            gen_helper_neon_unzip16(cpu_env, tmp, tmp2);
4526            break;
4527        default:
4528            abort();
4529        }
4530    }
4531    tcg_temp_free_i32(tmp);
4532    tcg_temp_free_i32(tmp2);
4533    return 0;
4534}
4535
4536static int gen_neon_zip(int rd, int rm, int size, int q)
4537{
4538    TCGv_i32 tmp, tmp2;
4539    if (!q && size == 2) {
4540        return 1;
4541    }
4542    tmp = tcg_const_i32(rd);
4543    tmp2 = tcg_const_i32(rm);
4544    if (q) {
4545        switch (size) {
4546        case 0:
4547            gen_helper_neon_qzip8(cpu_env, tmp, tmp2);
4548            break;
4549        case 1:
4550            gen_helper_neon_qzip16(cpu_env, tmp, tmp2);
4551            break;
4552        case 2:
4553            gen_helper_neon_qzip32(cpu_env, tmp, tmp2);
4554            break;
4555        default:
4556            abort();
4557        }
4558    } else {
4559        switch (size) {
4560        case 0:
4561            gen_helper_neon_zip8(cpu_env, tmp, tmp2);
4562            break;
4563        case 1:
4564            gen_helper_neon_zip16(cpu_env, tmp, tmp2);
4565            break;
4566        default:
4567            abort();
4568        }
4569    }
4570    tcg_temp_free_i32(tmp);
4571    tcg_temp_free_i32(tmp2);
4572    return 0;
4573}
4574
4575static void gen_neon_trn_u8(TCGv_i32 t0, TCGv_i32 t1)
4576{
4577    TCGv_i32 rd, tmp;
4578
4579    rd = tcg_temp_new_i32();
4580    tmp = tcg_temp_new_i32();
4581
4582    tcg_gen_shli_i32(rd, t0, 8);
4583    tcg_gen_andi_i32(rd, rd, 0xff00ff00);
4584    tcg_gen_andi_i32(tmp, t1, 0x00ff00ff);
4585    tcg_gen_or_i32(rd, rd, tmp);
4586
4587    tcg_gen_shri_i32(t1, t1, 8);
4588    tcg_gen_andi_i32(t1, t1, 0x00ff00ff);
4589    tcg_gen_andi_i32(tmp, t0, 0xff00ff00);
4590    tcg_gen_or_i32(t1, t1, tmp);
4591    tcg_gen_mov_i32(t0, rd);
4592
4593    tcg_temp_free_i32(tmp);
4594    tcg_temp_free_i32(rd);
4595}
4596
4597static void gen_neon_trn_u16(TCGv_i32 t0, TCGv_i32 t1)
4598{
4599    TCGv_i32 rd, tmp;
4600
4601    rd = tcg_temp_new_i32();
4602    tmp = tcg_temp_new_i32();
4603
4604    tcg_gen_shli_i32(rd, t0, 16);
4605    tcg_gen_andi_i32(tmp, t1, 0xffff);
4606    tcg_gen_or_i32(rd, rd, tmp);
4607    tcg_gen_shri_i32(t1, t1, 16);
4608    tcg_gen_andi_i32(tmp, t0, 0xffff0000);
4609    tcg_gen_or_i32(t1, t1, tmp);
4610    tcg_gen_mov_i32(t0, rd);
4611
4612    tcg_temp_free_i32(tmp);
4613    tcg_temp_free_i32(rd);
4614}
4615
4616
4617static struct {
4618    int nregs;
4619    int interleave;
4620    int spacing;
4621} neon_ls_element_type[11] = {
4622    {4, 4, 1},
4623    {4, 4, 2},
4624    {4, 1, 1},
4625    {4, 2, 1},
4626    {3, 3, 1},
4627    {3, 3, 2},
4628    {3, 1, 1},
4629    {1, 1, 1},
4630    {2, 2, 1},
4631    {2, 2, 2},
4632    {2, 1, 1}
4633};
4634
4635/* Translate a NEON load/store element instruction.  Return nonzero if the
4636   instruction is invalid.  */
4637static int disas_neon_ls_insn(DisasContext *s, uint32_t insn)
4638{
4639    int rd, rn, rm;
4640    int op;
4641    int nregs;
4642    int interleave;
4643    int spacing;
4644    int stride;
4645    int size;
4646    int reg;
4647    int pass;
4648    int load;
4649    int shift;
4650    int n;
4651    TCGv_i32 addr;
4652    TCGv_i32 tmp;
4653    TCGv_i32 tmp2;
4654    TCGv_i64 tmp64;
4655
4656    /* FIXME: this access check should not take precedence over UNDEF
4657     * for invalid encodings; we will generate incorrect syndrome information
4658     * for attempts to execute invalid vfp/neon encodings with FP disabled.
4659     */
4660    if (s->fp_excp_el) {
4661        gen_exception_insn(s, 4, EXCP_UDEF,
4662                           syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
4663        return 0;
4664    }
4665
4666    if (!s->vfp_enabled)
4667      return 1;
4668    VFP_DREG_D(rd, insn);
4669    rn = (insn >> 16) & 0xf;
4670    rm = insn & 0xf;
4671    load = (insn & (1 << 21)) != 0;
4672    if ((insn & (1 << 23)) == 0) {
4673        /* Load store all elements.  */
4674        op = (insn >> 8) & 0xf;
4675        size = (insn >> 6) & 3;
4676        if (op > 10)
4677            return 1;
4678        /* Catch UNDEF cases for bad values of align field */
4679        switch (op & 0xc) {
4680        case 4:
4681            if (((insn >> 5) & 1) == 1) {
4682                return 1;
4683            }
4684            break;
4685        case 8:
4686            if (((insn >> 4) & 3) == 3) {
4687                return 1;
4688            }
4689            break;
4690        default:
4691            break;
4692        }
4693        nregs = neon_ls_element_type[op].nregs;
4694        interleave = neon_ls_element_type[op].interleave;
4695        spacing = neon_ls_element_type[op].spacing;
4696        if (size == 3 && (interleave | spacing) != 1)
4697            return 1;
4698        addr = tcg_temp_new_i32();
4699        load_reg_var(s, addr, rn);
4700        stride = (1 << size) * interleave;
4701        for (reg = 0; reg < nregs; reg++) {
4702            if (interleave > 2 || (interleave == 2 && nregs == 2)) {
4703                load_reg_var(s, addr, rn);
4704                tcg_gen_addi_i32(addr, addr, (1 << size) * reg);
4705            } else if (interleave == 2 && nregs == 4 && reg == 2) {
4706                load_reg_var(s, addr, rn);
4707                tcg_gen_addi_i32(addr, addr, 1 << size);
4708            }
4709            if (size == 3) {
4710                tmp64 = tcg_temp_new_i64();
4711                if (load) {
4712                    gen_aa32_ld64(s, tmp64, addr, get_mem_index(s));
4713                    neon_store_reg64(tmp64, rd);
4714                } else {
4715                    neon_load_reg64(tmp64, rd);
4716                    gen_aa32_st64(s, tmp64, addr, get_mem_index(s));
4717                }
4718                tcg_temp_free_i64(tmp64);
4719                tcg_gen_addi_i32(addr, addr, stride);
4720            } else {
4721                for (pass = 0; pass < 2; pass++) {
4722                    if (size == 2) {
4723                        if (load) {
4724                            tmp = tcg_temp_new_i32();
4725                            gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
4726                            neon_store_reg(rd, pass, tmp);
4727                        } else {
4728                            tmp = neon_load_reg(rd, pass);
4729                            gen_aa32_st32(s, tmp, addr, get_mem_index(s));
4730                            tcg_temp_free_i32(tmp);
4731                        }
4732                        tcg_gen_addi_i32(addr, addr, stride);
4733                    } else if (size == 1) {
4734                        if (load) {
4735                            tmp = tcg_temp_new_i32();
4736                            gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
4737                            tcg_gen_addi_i32(addr, addr, stride);
4738                            tmp2 = tcg_temp_new_i32();
4739                            gen_aa32_ld16u(s, tmp2, addr, get_mem_index(s));
4740                            tcg_gen_addi_i32(addr, addr, stride);
4741                            tcg_gen_shli_i32(tmp2, tmp2, 16);
4742                            tcg_gen_or_i32(tmp, tmp, tmp2);
4743                            tcg_temp_free_i32(tmp2);
4744                            neon_store_reg(rd, pass, tmp);
4745                        } else {
4746                            tmp = neon_load_reg(rd, pass);
4747                            tmp2 = tcg_temp_new_i32();
4748                            tcg_gen_shri_i32(tmp2, tmp, 16);
4749                            gen_aa32_st16(s, tmp, addr, get_mem_index(s));
4750                            tcg_temp_free_i32(tmp);
4751                            tcg_gen_addi_i32(addr, addr, stride);
4752                            gen_aa32_st16(s, tmp2, addr, get_mem_index(s));
4753                            tcg_temp_free_i32(tmp2);
4754                            tcg_gen_addi_i32(addr, addr, stride);
4755                        }
4756                    } else /* size == 0 */ {
4757                        if (load) {
4758                            TCGV_UNUSED_I32(tmp2);
4759                            for (n = 0; n < 4; n++) {
4760                                tmp = tcg_temp_new_i32();
4761                                gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
4762                                tcg_gen_addi_i32(addr, addr, stride);
4763                                if (n == 0) {
4764                                    tmp2 = tmp;
4765                                } else {
4766                                    tcg_gen_shli_i32(tmp, tmp, n * 8);
4767                                    tcg_gen_or_i32(tmp2, tmp2, tmp);
4768                                    tcg_temp_free_i32(tmp);
4769                                }
4770                            }
4771                            neon_store_reg(rd, pass, tmp2);
4772                        } else {
4773                            tmp2 = neon_load_reg(rd, pass);
4774                            for (n = 0; n < 4; n++) {
4775                                tmp = tcg_temp_new_i32();
4776                                if (n == 0) {
4777                                    tcg_gen_mov_i32(tmp, tmp2);
4778                                } else {
4779                                    tcg_gen_shri_i32(tmp, tmp2, n * 8);
4780                                }
4781                                gen_aa32_st8(s, tmp, addr, get_mem_index(s));
4782                                tcg_temp_free_i32(tmp);
4783                                tcg_gen_addi_i32(addr, addr, stride);
4784                            }
4785                            tcg_temp_free_i32(tmp2);
4786                        }
4787                    }
4788                }
4789            }
4790            rd += spacing;
4791        }
4792        tcg_temp_free_i32(addr);
4793        stride = nregs * 8;
4794    } else {
4795        size = (insn >> 10) & 3;
4796        if (size == 3) {
4797            /* Load single element to all lanes.  */
4798            int a = (insn >> 4) & 1;
4799            if (!load) {
4800                return 1;
4801            }
4802            size = (insn >> 6) & 3;
4803            nregs = ((insn >> 8) & 3) + 1;
4804
4805            if (size == 3) {
4806                if (nregs != 4 || a == 0) {
4807                    return 1;
4808                }
4809                /* For VLD4 size==3 a == 1 means 32 bits at 16 byte alignment */
4810                size = 2;
4811            }
4812            if (nregs == 1 && a == 1 && size == 0) {
4813                return 1;
4814            }
4815            if (nregs == 3 && a == 1) {
4816                return 1;
4817            }
4818            addr = tcg_temp_new_i32();
4819            load_reg_var(s, addr, rn);
4820            if (nregs == 1) {
4821                /* VLD1 to all lanes: bit 5 indicates how many Dregs to write */
4822                tmp = gen_load_and_replicate(s, addr, size);
4823                tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 0));
4824                tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 1));
4825                if (insn & (1 << 5)) {
4826                    tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd + 1, 0));
4827                    tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd + 1, 1));
4828                }
4829                tcg_temp_free_i32(tmp);
4830            } else {
4831                /* VLD2/3/4 to all lanes: bit 5 indicates register stride */
4832                stride = (insn & (1 << 5)) ? 2 : 1;
4833                for (reg = 0; reg < nregs; reg++) {
4834                    tmp = gen_load_and_replicate(s, addr, size);
4835                    tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 0));
4836                    tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 1));
4837                    tcg_temp_free_i32(tmp);
4838                    tcg_gen_addi_i32(addr, addr, 1 << size);
4839                    rd += stride;
4840                }
4841            }
4842            tcg_temp_free_i32(addr);
4843            stride = (1 << size) * nregs;
4844        } else {
4845            /* Single element.  */
4846            int idx = (insn >> 4) & 0xf;
4847            pass = (insn >> 7) & 1;
4848            switch (size) {
4849            case 0:
4850                shift = ((insn >> 5) & 3) * 8;
4851                stride = 1;
4852                break;
4853            case 1:
4854                shift = ((insn >> 6) & 1) * 16;
4855                stride = (insn & (1 << 5)) ? 2 : 1;
4856                break;
4857            case 2:
4858                shift = 0;
4859                stride = (insn & (1 << 6)) ? 2 : 1;
4860                break;
4861            default:
4862                abort();
4863            }
4864            nregs = ((insn >> 8) & 3) + 1;
4865            /* Catch the UNDEF cases. This is unavoidably a bit messy. */
4866            switch (nregs) {
4867            case 1:
4868                if (((idx & (1 << size)) != 0) ||
4869                    (size == 2 && ((idx & 3) == 1 || (idx & 3) == 2))) {
4870                    return 1;
4871                }
4872                break;
4873            case 3:
4874                if ((idx & 1) != 0) {
4875                    return 1;
4876                }
4877                /* fall through */
4878            case 2:
4879                if (size == 2 && (idx & 2) != 0) {
4880                    return 1;
4881                }
4882                break;
4883            case 4:
4884                if ((size == 2) && ((idx & 3) == 3)) {
4885                    return 1;
4886                }
4887                break;
4888            default:
4889                abort();
4890            }
4891            if ((rd + stride * (nregs - 1)) > 31) {
4892                /* Attempts to write off the end of the register file
4893                 * are UNPREDICTABLE; we choose to UNDEF because otherwise
4894                 * the neon_load_reg() would write off the end of the array.
4895                 */
4896                return 1;
4897            }
4898            addr = tcg_temp_new_i32();
4899            load_reg_var(s, addr, rn);
4900            for (reg = 0; reg < nregs; reg++) {
4901                if (load) {
4902                    tmp = tcg_temp_new_i32();
4903                    switch (size) {
4904                    case 0:
4905                        gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
4906                        break;
4907                    case 1:
4908                        gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
4909                        break;
4910                    case 2:
4911                        gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
4912                        break;
4913                    default: /* Avoid compiler warnings.  */
4914                        abort();
4915                    }
4916                    if (size != 2) {
4917                        tmp2 = neon_load_reg(rd, pass);
4918                        tcg_gen_deposit_i32(tmp, tmp2, tmp,
4919                                            shift, size ? 16 : 8);
4920                        tcg_temp_free_i32(tmp2);
4921                    }
4922                    neon_store_reg(rd, pass, tmp);
4923                } else { /* Store */
4924                    tmp = neon_load_reg(rd, pass);
4925                    if (shift)
4926                        tcg_gen_shri_i32(tmp, tmp, shift);
4927                    switch (size) {
4928                    case 0:
4929                        gen_aa32_st8(s, tmp, addr, get_mem_index(s));
4930                        break;
4931                    case 1:
4932                        gen_aa32_st16(s, tmp, addr, get_mem_index(s));
4933                        break;
4934                    case 2:
4935                        gen_aa32_st32(s, tmp, addr, get_mem_index(s));
4936                        break;
4937                    }
4938                    tcg_temp_free_i32(tmp);
4939                }
4940                rd += stride;
4941                tcg_gen_addi_i32(addr, addr, 1 << size);
4942            }
4943            tcg_temp_free_i32(addr);
4944            stride = nregs * (1 << size);
4945        }
4946    }
4947    if (rm != 15) {
4948        TCGv_i32 base;
4949
4950        base = load_reg(s, rn);
4951        if (rm == 13) {
4952            tcg_gen_addi_i32(base, base, stride);
4953        } else {
4954            TCGv_i32 index;
4955            index = load_reg(s, rm);
4956            tcg_gen_add_i32(base, base, index);
4957            tcg_temp_free_i32(index);
4958        }
4959        store_reg(s, rn, base);
4960    }
4961    return 0;
4962}
4963
4964/* Bitwise select.  dest = c ? t : f.  Clobbers T and F.  */
4965static void gen_neon_bsl(TCGv_i32 dest, TCGv_i32 t, TCGv_i32 f, TCGv_i32 c)
4966{
4967    tcg_gen_and_i32(t, t, c);
4968    tcg_gen_andc_i32(f, f, c);
4969    tcg_gen_or_i32(dest, t, f);
4970}
4971
4972static inline void gen_neon_narrow(int size, TCGv_i32 dest, TCGv_i64 src)
4973{
4974    switch (size) {
4975    case 0: gen_helper_neon_narrow_u8(dest, src); break;
4976    case 1: gen_helper_neon_narrow_u16(dest, src); break;
4977    case 2: tcg_gen_extrl_i64_i32(dest, src); break;
4978    default: abort();
4979    }
4980}
4981
4982static inline void gen_neon_narrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
4983{
4984    switch (size) {
4985    case 0: gen_helper_neon_narrow_sat_s8(dest, cpu_env, src); break;
4986    case 1: gen_helper_neon_narrow_sat_s16(dest, cpu_env, src); break;
4987    case 2: gen_helper_neon_narrow_sat_s32(dest, cpu_env, src); break;
4988    default: abort();
4989    }
4990}
4991
4992static inline void gen_neon_narrow_satu(int size, TCGv_i32 dest, TCGv_i64 src)
4993{
4994    switch (size) {
4995    case 0: gen_helper_neon_narrow_sat_u8(dest, cpu_env, src); break;
4996    case 1: gen_helper_neon_narrow_sat_u16(dest, cpu_env, src); break;
4997    case 2: gen_helper_neon_narrow_sat_u32(dest, cpu_env, src); break;
4998    default: abort();
4999    }
5000}

5001
5002static inline void gen_neon_unarrow_sats(int size, TCGv_i32 dest, TCGv_i64 src)
5003{
5004    switch (size) {
5005    case 0: gen_helper_neon_unarrow_sat8(dest, cpu_env, src); break;
5006    case 1: gen_helper_neon_unarrow_sat16(dest, cpu_env, src); break;
5007    case 2: gen_helper_neon_unarrow_sat32(dest, cpu_env, src); break;
5008    default: abort();
5009    }
5010}
5011
5012static inline void gen_neon_shift_narrow(int size, TCGv_i32 var, TCGv_i32 shift,
5013                                         int q, int u)
5014{
5015    if (q) {
5016        if (u) {
5017            switch (size) {
5018            case 1: gen_helper_neon_rshl_u16(var, var, shift); break;
5019            case 2: gen_helper_neon_rshl_u32(var, var, shift); break;
5020            default: abort();
5021            }
5022        } else {
5023            switch (size) {
5024            case 1: gen_helper_neon_rshl_s16(var, var, shift); break;
5025            case 2: gen_helper_neon_rshl_s32(var, var, shift); break;
5026            default: abort();
5027            }
5028        }
5029    } else {
5030        if (u) {
5031            switch (size) {
5032            case 1: gen_helper_neon_shl_u16(var, var, shift); break;
5033            case 2: gen_helper_neon_shl_u32(var, var, shift); break;
5034            default: abort();
5035            }
5036        } else {
5037            switch (size) {
5038            case 1: gen_helper_neon_shl_s16(var, var, shift); break;
5039            case 2: gen_helper_neon_shl_s32(var, var, shift); break;
5040            default: abort();
5041            }
5042        }
5043    }
5044}
5045
5046static inline void gen_neon_widen(TCGv_i64 dest, TCGv_i32 src, int size, int u)
5047{
5048    if (u) {
5049        switch (size) {
5050        case 0: gen_helper_neon_widen_u8(dest, src); break;
5051        case 1: gen_helper_neon_widen_u16(dest, src); break;
5052        case 2: tcg_gen_extu_i32_i64(dest, src); break;
5053        default: abort();
5054        }
5055    } else {
5056        switch (size) {
5057        case 0: gen_helper_neon_widen_s8(dest, src); break;
5058        case 1: gen_helper_neon_widen_s16(dest, src); break;
5059        case 2: tcg_gen_ext_i32_i64(dest, src); break;
5060        default: abort();
5061        }
5062    }
5063    tcg_temp_free_i32(src);
5064}
5065
5066static inline void gen_neon_addl(int size)
5067{
5068    switch (size) {
5069    case 0: gen_helper_neon_addl_u16(CPU_V001); break;
5070    case 1: gen_helper_neon_addl_u32(CPU_V001); break;
5071    case 2: tcg_gen_add_i64(CPU_V001); break;
5072    default: abort();
5073    }
5074}
5075
5076static inline void gen_neon_subl(int size)
5077{
5078    switch (size) {
5079    case 0: gen_helper_neon_subl_u16(CPU_V001); break;
5080    case 1: gen_helper_neon_subl_u32(CPU_V001); break;
5081    case 2: tcg_gen_sub_i64(CPU_V001); break;
5082    default: abort();
5083    }
5084}
5085
5086static inline void gen_neon_negl(TCGv_i64 var, int size)
5087{
5088    switch (size) {
5089    case 0: gen_helper_neon_negl_u16(var, var); break;
5090    case 1: gen_helper_neon_negl_u32(var, var); break;
5091    case 2:
5092        tcg_gen_neg_i64(var, var);
5093        break;
5094    default: abort();
5095    }
5096}
5097
5098static inline void gen_neon_addl_saturate(TCGv_i64 op0, TCGv_i64 op1, int size)
5099{
5100    switch (size) {
5101    case 1: gen_helper_neon_addl_saturate_s32(op0, cpu_env, op0, op1); break;
5102    case 2: gen_helper_neon_addl_saturate_s64(op0, cpu_env, op0, op1); break;
5103    default: abort();
5104    }
5105}
5106
5107static inline void gen_neon_mull(TCGv_i64 dest, TCGv_i32 a, TCGv_i32 b,
5108                                 int size, int u)
5109{
5110    TCGv_i64 tmp;
5111
5112    switch ((size << 1) | u) {
5113    case 0: gen_helper_neon_mull_s8(dest, a, b); break;
5114    case 1: gen_helper_neon_mull_u8(dest, a, b); break;
5115    case 2: gen_helper_neon_mull_s16(dest, a, b); break;
5116    case 3: gen_helper_neon_mull_u16(dest, a, b); break;
5117    case 4:
5118        tmp = gen_muls_i64_i32(a, b);
5119        tcg_gen_mov_i64(dest, tmp);
5120        tcg_temp_free_i64(tmp);
5121        break;
5122    case 5:
5123        tmp = gen_mulu_i64_i32(a, b);
5124        tcg_gen_mov_i64(dest, tmp);
5125        tcg_temp_free_i64(tmp);
5126        break;
5127    default: abort();
5128    }
5129
5130    /* gen_helper_neon_mull_[su]{8|16} do not free their parameters.
5131       Don't forget to clean them now.  */
5132    if (size < 2) {
5133        tcg_temp_free_i32(a);
5134        tcg_temp_free_i32(b);
5135    }
5136}
5137
5138static void gen_neon_narrow_op(int op, int u, int size,
5139                               TCGv_i32 dest, TCGv_i64 src)
5140{
5141    if (op) {
5142        if (u) {
5143            gen_neon_unarrow_sats(size, dest, src);
5144        } else {
5145            gen_neon_narrow(size, dest, src);
5146        }
5147    } else {
5148        if (u) {
5149            gen_neon_narrow_satu(size, dest, src);
5150        } else {
5151            gen_neon_narrow_sats(size, dest, src);
5152        }
5153    }
5154}
5155
5156/* Symbolic constants for op fields for Neon 3-register same-length.
5157 * The values correspond to bits [11:8,4]; see the ARM ARM DDI0406B
5158 * table A7-9.
5159 */
5160#define NEON_3R_VHADD 0
5161#define NEON_3R_VQADD 1
5162#define NEON_3R_VRHADD 2
5163#define NEON_3R_LOGIC 3 /* VAND,VBIC,VORR,VMOV,VORN,VEOR,VBIF,VBIT,VBSL */
5164#define NEON_3R_VHSUB 4
5165#define NEON_3R_VQSUB 5
5166#define NEON_3R_VCGT 6
5167#define NEON_3R_VCGE 7
5168#define NEON_3R_VSHL 8
5169#define NEON_3R_VQSHL 9
5170#define NEON_3R_VRSHL 10
5171#define NEON_3R_VQRSHL 11
5172#define NEON_3R_VMAX 12
5173#define NEON_3R_VMIN 13
5174#define NEON_3R_VABD 14
5175#define NEON_3R_VABA 15
5176#define NEON_3R_VADD_VSUB 16
5177#define NEON_3R_VTST_VCEQ 17
5178#define NEON_3R_VML 18 /* VMLA, VMLAL, VMLS, VMLSL */
5179#define NEON_3R_VMUL 19
5180#define NEON_3R_VPMAX 20
5181#define NEON_3R_VPMIN 21
5182#define NEON_3R_VQDMULH_VQRDMULH 22
5183#define NEON_3R_VPADD 23
5184#define NEON_3R_SHA 24 /* SHA1C,SHA1P,SHA1M,SHA1SU0,SHA256H{2},SHA256SU1 */
5185#define NEON_3R_VFM 25 /* VFMA, VFMS : float fused multiply-add */
5186#define NEON_3R_FLOAT_ARITH 26 /* float VADD, VSUB, VPADD, VABD */
5187#define NEON_3R_FLOAT_MULTIPLY 27 /* float VMLA, VMLS, VMUL */
5188#define NEON_3R_FLOAT_CMP 28 /* float VCEQ, VCGE, VCGT */
5189#define NEON_3R_FLOAT_ACMP 29 /* float VACGE, VACGT, VACLE, VACLT */
5190#define NEON_3R_FLOAT_MINMAX 30 /* float VMIN, VMAX */
5191#define NEON_3R_FLOAT_MISC 31 /* float VRECPS, VRSQRTS, VMAXNM/MINNM */
5192
5193static const uint8_t neon_3r_sizes[] = {
5194    [NEON_3R_VHADD] = 0x7,
5195    [NEON_3R_VQADD] = 0xf,
5196    [NEON_3R_VRHADD] = 0x7,
5197    [NEON_3R_LOGIC] = 0xf, /* size field encodes op type */
5198    [NEON_3R_VHSUB] = 0x7,
5199    [NEON_3R_VQSUB] = 0xf,
5200    [NEON_3R_VCGT] = 0x7,
5201    [NEON_3R_VCGE] = 0x7,
5202    [NEON_3R_VSHL] = 0xf,
5203    [NEON_3R_VQSHL] = 0xf,
5204    [NEON_3R_VRSHL] = 0xf,
5205    [NEON_3R_VQRSHL] = 0xf,
5206    [NEON_3R_VMAX] = 0x7,
5207    [NEON_3R_VMIN] = 0x7,
5208    [NEON_3R_VABD] = 0x7,
5209    [NEON_3R_VABA] = 0x7,
5210    [NEON_3R_VADD_VSUB] = 0xf,
5211    [NEON_3R_VTST_VCEQ] = 0x7,
5212    [NEON_3R_VML] = 0x7,
5213    [NEON_3R_VMUL] = 0x7,
5214    [NEON_3R_VPMAX] = 0x7,
5215    [NEON_3R_VPMIN] = 0x7,
5216    [NEON_3R_VQDMULH_VQRDMULH] = 0x6,
5217    [NEON_3R_VPADD] = 0x7,
5218    [NEON_3R_SHA] = 0xf, /* size field encodes op type */
5219    [NEON_3R_VFM] = 0x5, /* size bit 1 encodes op */
5220    [NEON_3R_FLOAT_ARITH] = 0x5, /* size bit 1 encodes op */
5221    [NEON_3R_FLOAT_MULTIPLY] = 0x5, /* size bit 1 encodes op */
5222    [NEON_3R_FLOAT_CMP] = 0x5, /* size bit 1 encodes op */
5223    [NEON_3R_FLOAT_ACMP] = 0x5, /* size bit 1 encodes op */
5224    [NEON_3R_FLOAT_MINMAX] = 0x5, /* size bit 1 encodes op */
5225    [NEON_3R_FLOAT_MISC] = 0x5, /* size bit 1 encodes op */
5226};
5227
5228/* Symbolic constants for op fields for Neon 2-register miscellaneous.
5229 * The values correspond to bits [17:16,10:7]; see the ARM ARM DDI0406B
5230 * table A7-13.
5231 */
5232#define NEON_2RM_VREV64 0
5233#define NEON_2RM_VREV32 1
5234#define NEON_2RM_VREV16 2
5235#define NEON_2RM_VPADDL 4
5236#define NEON_2RM_VPADDL_U 5
5237#define NEON_2RM_AESE 6 /* Includes AESD */
5238#define NEON_2RM_AESMC 7 /* Includes AESIMC */
5239#define NEON_2RM_VCLS 8
5240#define NEON_2RM_VCLZ 9
5241#define NEON_2RM_VCNT 10
5242#define NEON_2RM_VMVN 11
5243#define NEON_2RM_VPADAL 12
5244#define NEON_2RM_VPADAL_U 13
5245#define NEON_2RM_VQABS 14
5246#define NEON_2RM_VQNEG 15
5247#define NEON_2RM_VCGT0 16
5248#define NEON_2RM_VCGE0 17
5249#define NEON_2RM_VCEQ0 18
5250#define NEON_2RM_VCLE0 19
5251#define NEON_2RM_VCLT0 20
5252#define NEON_2RM_SHA1H 21
5253#define NEON_2RM_VABS 22
5254#define NEON_2RM_VNEG 23
5255#define NEON_2RM_VCGT0_F 24
5256#define NEON_2RM_VCGE0_F 25
5257#define NEON_2RM_VCEQ0_F 26
5258#define NEON_2RM_VCLE0_F 27
5259#define NEON_2RM_VCLT0_F 28
5260#define NEON_2RM_VABS_F 30
5261#define NEON_2RM_VNEG_F 31
5262#define NEON_2RM_VSWP 32
5263#define NEON_2RM_VTRN 33
5264#define NEON_2RM_VUZP 34
5265#define NEON_2RM_VZIP 35
5266#define NEON_2RM_VMOVN 36 /* Includes VQMOVN, VQMOVUN */
5267#define NEON_2RM_VQMOVN 37 /* Includes VQMOVUN */
5268#define NEON_2RM_VSHLL 38
5269#define NEON_2RM_SHA1SU1 39 /* Includes SHA256SU0 */
5270#define NEON_2RM_VRINTN 40
5271#define NEON_2RM_VRINTX 41
5272#define NEON_2RM_VRINTA 42
5273#define NEON_2RM_VRINTZ 43
5274#define NEON_2RM_VCVT_F16_F32 44
5275#define NEON_2RM_VRINTM 45
5276#define NEON_2RM_VCVT_F32_F16 46
5277#define NEON_2RM_VRINTP 47
5278#define NEON_2RM_VCVTAU 48
5279#define NEON_2RM_VCVTAS 49
5280#define NEON_2RM_VCVTNU 50
5281#define NEON_2RM_VCVTNS 51
5282#define NEON_2RM_VCVTPU 52
5283#define NEON_2RM_VCVTPS 53
5284#define NEON_2RM_VCVTMU 54
5285#define NEON_2RM_VCVTMS 55
5286#define NEON_2RM_VRECPE 56
5287#define NEON_2RM_VRSQRTE 57
5288#define NEON_2RM_VRECPE_F 58
5289#define NEON_2RM_VRSQRTE_F 59
5290#define NEON_2RM_VCVT_FS 60
5291#define NEON_2RM_VCVT_FU 61
5292#define NEON_2RM_VCVT_SF 62
5293#define NEON_2RM_VCVT_UF 63
5294
5295static int neon_2rm_is_float_op(int op)
5296{
5297    /* Return true if this neon 2reg-misc op is float-to-float */
5298    return (op == NEON_2RM_VABS_F || op == NEON_2RM_VNEG_F ||
5299            (op >= NEON_2RM_VRINTN && op <= NEON_2RM_VRINTZ) ||
5300            op == NEON_2RM_VRINTM ||
5301            (op >= NEON_2RM_VRINTP && op <= NEON_2RM_VCVTMS) ||
5302            op >= NEON_2RM_VRECPE_F);
5303}
5304
5305static bool neon_2rm_is_v8_op(int op)
5306{
5307    /* Return true if this neon 2reg-misc op is ARMv8 and up */
5308    switch (op) {
5309    case NEON_2RM_VRINTN:
5310    case NEON_2RM_VRINTA:
5311    case NEON_2RM_VRINTM:
5312    case NEON_2RM_VRINTP:
5313    case NEON_2RM_VRINTZ:
5314    case NEON_2RM_VRINTX:
5315    case NEON_2RM_VCVTAU:
5316    case NEON_2RM_VCVTAS:
5317    case NEON_2RM_VCVTNU:
5318    case NEON_2RM_VCVTNS:
5319    case NEON_2RM_VCVTPU:
5320    case NEON_2RM_VCVTPS:
5321    case NEON_2RM_VCVTMU:
5322    case NEON_2RM_VCVTMS:
5323        return true;
5324    default:
5325        return false;
5326    }
5327}
5328
5329/* Each entry in this array has bit n set if the insn allows
5330 * size value n (otherwise it will UNDEF). Since unallocated
5331 * op values will have no bits set they always UNDEF.
5332 */
5333static const uint8_t neon_2rm_sizes[] = {
5334    [NEON_2RM_VREV64] = 0x7,
5335    [NEON_2RM_VREV32] = 0x3,
5336    [NEON_2RM_VREV16] = 0x1,
5337    [NEON_2RM_VPADDL] = 0x7,
5338    [NEON_2RM_VPADDL_U] = 0x7,
5339    [NEON_2RM_AESE] = 0x1,
5340    [NEON_2RM_AESMC] = 0x1,
5341    [NEON_2RM_VCLS] = 0x7,
5342    [NEON_2RM_VCLZ] = 0x7,
5343    [NEON_2RM_VCNT] = 0x1,
5344    [NEON_2RM_VMVN] = 0x1,
5345    [NEON_2RM_VPADAL] = 0x7,
5346    [NEON_2RM_VPADAL_U] = 0x7,
5347    [NEON_2RM_VQABS] = 0x7,
5348    [NEON_2RM_VQNEG] = 0x7,
5349    [NEON_2RM_VCGT0] = 0x7,
5350    [NEON_2RM_VCGE0] = 0x7,
5351    [NEON_2RM_VCEQ0] = 0x7,
5352    [NEON_2RM_VCLE0] = 0x7,
5353    [NEON_2RM_VCLT0] = 0x7,
5354    [NEON_2RM_SHA1H] = 0x4,
5355    [NEON_2RM_VABS] = 0x7,
5356    [NEON_2RM_VNEG] = 0x7,
5357    [NEON_2RM_VCGT0_F] = 0x4,
5358    [NEON_2RM_VCGE0_F] = 0x4,
5359    [NEON_2RM_VCEQ0_F] = 0x4,
5360    [NEON_2RM_VCLE0_F] = 0x4,
5361    [NEON_2RM_VCLT0_F] = 0x4,
5362    [NEON_2RM_VABS_F] = 0x4,
5363    [NEON_2RM_VNEG_F] = 0x4,
5364    [NEON_2RM_VSWP] = 0x1,
5365    [NEON_2RM_VTRN] = 0x7,
5366    [NEON_2RM_VUZP] = 0x7,
5367    [NEON_2RM_VZIP] = 0x7,
5368    [NEON_2RM_VMOVN] = 0x7,
5369    [NEON_2RM_VQMOVN] = 0x7,
5370    [NEON_2RM_VSHLL] = 0x7,
5371    [NEON_2RM_SHA1SU1] = 0x4,
5372    [NEON_2RM_VRINTN] = 0x4,
5373    [NEON_2RM_VRINTX] = 0x4,
5374    [NEON_2RM_VRINTA] = 0x4,
5375    [NEON_2RM_VRINTZ] = 0x4,
5376    [NEON_2RM_VCVT_F16_F32] = 0x2,
5377    [NEON_2RM_VRINTM] = 0x4,
5378    [NEON_2RM_VCVT_F32_F16] = 0x2,
5379    [NEON_2RM_VRINTP] = 0x4,
5380    [NEON_2RM_VCVTAU] = 0x4,
5381    [NEON_2RM_VCVTAS] = 0x4,
5382    [NEON_2RM_VCVTNU] = 0x4,
5383    [NEON_2RM_VCVTNS] = 0x4,
5384    [NEON_2RM_VCVTPU] = 0x4,
5385    [NEON_2RM_VCVTPS] = 0x4,
5386    [NEON_2RM_VCVTMU] = 0x4,
5387    [NEON_2RM_VCVTMS] = 0x4,
5388    [NEON_2RM_VRECPE] = 0x4,
5389    [NEON_2RM_VRSQRTE] = 0x4,
5390    [NEON_2RM_VRECPE_F] = 0x4,
5391    [NEON_2RM_VRSQRTE_F] = 0x4,
5392    [NEON_2RM_VCVT_FS] = 0x4,
5393    [NEON_2RM_VCVT_FU] = 0x4,
5394    [NEON_2RM_VCVT_SF] = 0x4,
5395    [NEON_2RM_VCVT_UF] = 0x4,
5396};
5397
5398/* Translate a NEON data processing instruction.  Return nonzero if the
5399   instruction is invalid.
5400   We process data in a mixture of 32-bit and 64-bit chunks.
5401   Mostly we use 32-bit chunks so we can use normal scalar instructions.  */
5402
5403static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
5404{
5405    int op;
5406    int q;
5407    int rd, rn, rm;
5408    int size;
5409    int shift;
5410    int pass;
5411    int count;
5412    int pairwise;
5413    int u;
5414    uint32_t imm, mask;
5415    TCGv_i32 tmp, tmp2, tmp3, tmp4, tmp5;
5416    TCGv_i64 tmp64;
5417
5418    /* FIXME: this access check should not take precedence over UNDEF
5419     * for invalid encodings; we will generate incorrect syndrome information
5420     * for attempts to execute invalid vfp/neon encodings with FP disabled.
5421     */
5422    if (s->fp_excp_el) {
5423        gen_exception_insn(s, 4, EXCP_UDEF,
5424                           syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
5425        return 0;
5426    }
5427
5428    if (!s->vfp_enabled)
5429      return 1;
5430    q = (insn & (1 << 6)) != 0;
5431    u = (insn >> 24) & 1;
5432    VFP_DREG_D(rd, insn);
5433    VFP_DREG_N(rn, insn);
5434    VFP_DREG_M(rm, insn);
5435    size = (insn >> 20) & 3;
5436    if ((insn & (1 << 23)) == 0) {
5437        /* Three register same length.  */
5438        op = ((insn >> 7) & 0x1e) | ((insn >> 4) & 1);
5439        /* Catch invalid op and bad size combinations: UNDEF */
5440        if ((neon_3r_sizes[op] & (1 << size)) == 0) {
5441            return 1;
5442        }
5443        /* All insns of this form UNDEF for either this condition or the
5444         * superset of cases "Q==1"; we catch the latter later.
5445         */
5446        if (q && ((rd | rn | rm) & 1)) {
5447            return 1;
5448        }
5449        /*
5450         * The SHA-1/SHA-256 3-register instructions require special treatment
5451         * here, as their size field is overloaded as an op type selector, and
5452         * they all consume their input in a single pass.
5453         */
5454        if (op == NEON_3R_SHA) {
5455            if (!q) {
5456                return 1;
5457            }
5458            if (!u) { /* SHA-1 */
5459                if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA1)) {
5460                    return 1;
5461                }
5462                tmp = tcg_const_i32(rd);
5463                tmp2 = tcg_const_i32(rn);
5464                tmp3 = tcg_const_i32(rm);
5465                tmp4 = tcg_const_i32(size);
5466                gen_helper_crypto_sha1_3reg(cpu_env, tmp, tmp2, tmp3, tmp4);
5467                tcg_temp_free_i32(tmp4);
5468            } else { /* SHA-256 */
5469                if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA256) || size == 3) {
5470                    return 1;
5471                }
5472                tmp = tcg_const_i32(rd);
5473                tmp2 = tcg_const_i32(rn);
5474                tmp3 = tcg_const_i32(rm);
5475                switch (size) {
5476                case 0:
5477                    gen_helper_crypto_sha256h(cpu_env, tmp, tmp2, tmp3);
5478                    break;
5479                case 1:
5480                    gen_helper_crypto_sha256h2(cpu_env, tmp, tmp2, tmp3);
5481                    break;
5482                case 2:
5483                    gen_helper_crypto_sha256su1(cpu_env, tmp, tmp2, tmp3);
5484                    break;
5485                }
5486            }
5487            tcg_temp_free_i32(tmp);
5488            tcg_temp_free_i32(tmp2);
5489            tcg_temp_free_i32(tmp3);
5490            return 0;
5491        }
5492        if (size == 3 && op != NEON_3R_LOGIC) {
5493            /* 64-bit element instructions. */
5494            for (pass = 0; pass < (q ? 2 : 1); pass++) {
5495                neon_load_reg64(cpu_V0, rn + pass);
5496                neon_load_reg64(cpu_V1, rm + pass);
5497                switch (op) {
5498                case NEON_3R_VQADD:
5499                    if (u) {
5500                        gen_helper_neon_qadd_u64(cpu_V0, cpu_env,
5501                                                 cpu_V0, cpu_V1);
5502                    } else {
5503                        gen_helper_neon_qadd_s64(cpu_V0, cpu_env,
5504                                                 cpu_V0, cpu_V1);
5505                    }
5506                    break;
5507                case NEON_3R_VQSUB:
5508                    if (u) {
5509                        gen_helper_neon_qsub_u64(cpu_V0, cpu_env,
5510                                                 cpu_V0, cpu_V1);
5511                    } else {
5512                        gen_helper_neon_qsub_s64(cpu_V0, cpu_env,
5513                                                 cpu_V0, cpu_V1);
5514                    }
5515                    break;
5516                case NEON_3R_VSHL:
5517                    if (u) {
5518                        gen_helper_neon_shl_u64(cpu_V0, cpu_V1, cpu_V0);
5519                    } else {
5520                        gen_helper_neon_shl_s64(cpu_V0, cpu_V1, cpu_V0);
5521                    }
5522                    break;
5523                case NEON_3R_VQSHL:
5524                    if (u) {
5525                        gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
5526                                                 cpu_V1, cpu_V0);
5527                    } else {
5528                        gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
5529                                                 cpu_V1, cpu_V0);
5530                    }
5531                    break;
5532                case NEON_3R_VRSHL:
5533                    if (u) {
5534                        gen_helper_neon_rshl_u64(cpu_V0, cpu_V1, cpu_V0);
5535                    } else {
5536                        gen_helper_neon_rshl_s64(cpu_V0, cpu_V1, cpu_V0);
5537                    }
5538                    break;
5539                case NEON_3R_VQRSHL:
5540                    if (u) {
5541                        gen_helper_neon_qrshl_u64(cpu_V0, cpu_env,
5542                                                  cpu_V1, cpu_V0);
5543                    } else {
5544                        gen_helper_neon_qrshl_s64(cpu_V0, cpu_env,
5545                                                  cpu_V1, cpu_V0);
5546                    }
5547                    break;
5548                case NEON_3R_VADD_VSUB:
5549                    if (u) {
5550                        tcg_gen_sub_i64(CPU_V001);
5551                    } else {
5552                        tcg_gen_add_i64(CPU_V001);
5553                    }
5554                    break;
5555                default:
5556                    abort();
5557                }
5558                neon_store_reg64(cpu_V0, rd + pass);
5559            }
5560            return 0;
5561        }
5562        pairwise = 0;
5563        switch (op) {
5564        case NEON_3R_VSHL:
5565        case NEON_3R_VQSHL:
5566        case NEON_3R_VRSHL:
5567        case NEON_3R_VQRSHL:
5568            {
5569                int rtmp;
5570                /* Shift instruction operands are reversed.  */
5571                rtmp = rn;
5572                rn = rm;
5573                rm = rtmp;
5574            }
5575            break;
5576        case NEON_3R_VPADD:
5577            if (u) {
5578                return 1;
5579            }
5580            /* Fall through */
5581        case NEON_3R_VPMAX:
5582        case NEON_3R_VPMIN:
5583            pairwise = 1;
5584            break;
5585        case NEON_3R_FLOAT_ARITH:
5586            pairwise = (u && size < 2); /* if VPADD (float) */
5587            break;
5588        case NEON_3R_FLOAT_MINMAX:
5589            pairwise = u; /* if VPMIN/VPMAX (float) */
5590            break;
5591        case NEON_3R_FLOAT_CMP:
5592            if (!u && size) {
5593                /* no encoding for U=0 C=1x */
5594                return 1;
5595            }
5596            break;
5597        case NEON_3R_FLOAT_ACMP:
5598            if (!u) {
5599                return 1;
5600            }
5601            break;
5602        case NEON_3R_FLOAT_MISC:
5603            /* VMAXNM/VMINNM in ARMv8 */
5604            if (u && !arm_dc_feature(s, ARM_FEATURE_V8)) {
5605                return 1;
5606            }
5607            break;
5608        case NEON_3R_VMUL:
5609            if (u && (size != 0)) {
5610                /* UNDEF on invalid size for polynomial subcase */
5611                return 1;
5612            }
5613            break;
5614        case NEON_3R_VFM:
5615            if (!arm_dc_feature(s, ARM_FEATURE_VFP4) || u) {
5616                return 1;
5617            }
5618            break;
5619        default:
5620            break;
5621        }
5622
5623        if (pairwise && q) {
5624            /* All the pairwise insns UNDEF if Q is set */
5625            return 1;
5626        }
5627
5628        for (pass = 0; pass < (q ? 4 : 2); pass++) {
5629
5630        if (pairwise) {
5631            /* Pairwise.  */
5632            if (pass < 1) {
5633                tmp = neon_load_reg(rn, 0);
5634                tmp2 = neon_load_reg(rn, 1);
5635            } else {
5636                tmp = neon_load_reg(rm, 0);
5637                tmp2 = neon_load_reg(rm, 1);
5638            }
5639        } else {
5640            /* Elementwise.  */
5641            tmp = neon_load_reg(rn, pass);
5642            tmp2 = neon_load_reg(rm, pass);
5643        }
5644        switch (op) {
5645        case NEON_3R_VHADD:
5646            GEN_NEON_INTEGER_OP(hadd);
5647            break;
5648        case NEON_3R_VQADD:
5649            GEN_NEON_INTEGER_OP_ENV(qadd);
5650            break;
5651        case NEON_3R_VRHADD:
5652            GEN_NEON_INTEGER_OP(rhadd);
5653            break;
5654        case NEON_3R_LOGIC: /* Logic ops.  */
5655            switch ((u << 2) | size) {
5656            case 0: /* VAND */
5657                tcg_gen_and_i32(tmp, tmp, tmp2);
5658                break;
5659            case 1: /* BIC */
5660                tcg_gen_andc_i32(tmp, tmp, tmp2);
5661                break;
5662            case 2: /* VORR */
5663                tcg_gen_or_i32(tmp, tmp, tmp2);
5664                break;
5665            case 3: /* VORN */
5666                tcg_gen_orc_i32(tmp, tmp, tmp2);
5667                break;
5668            case 4: /* VEOR */
5669                tcg_gen_xor_i32(tmp, tmp, tmp2);
5670                break;
5671            case 5: /* VBSL */
5672                tmp3 = neon_load_reg(rd, pass);
5673                gen_neon_bsl(tmp, tmp, tmp2, tmp3);
5674                tcg_temp_free_i32(tmp3);
5675                break;
5676            case 6: /* VBIT */
5677                tmp3 = neon_load_reg(rd, pass);
5678                gen_neon_bsl(tmp, tmp, tmp3, tmp2);
5679                tcg_temp_free_i32(tmp3);
5680                break;
5681            case 7: /* VBIF */
5682                tmp3 = neon_load_reg(rd, pass);
5683                gen_neon_bsl(tmp, tmp3, tmp, tmp2);
5684                tcg_temp_free_i32(tmp3);
5685                break;
5686            }
5687            break;
5688        case NEON_3R_VHSUB:
5689            GEN_NEON_INTEGER_OP(hsub);
5690            break;
5691        case NEON_3R_VQSUB:
5692            GEN_NEON_INTEGER_OP_ENV(qsub);
5693            break;
5694        case NEON_3R_VCGT:
5695            GEN_NEON_INTEGER_OP(cgt);
5696            break;
5697        case NEON_3R_VCGE:
5698            GEN_NEON_INTEGER_OP(cge);
5699            break;
5700        case NEON_3R_VSHL:
5701            GEN_NEON_INTEGER_OP(shl);
5702            break;
5703        case NEON_3R_VQSHL:
5704            GEN_NEON_INTEGER_OP_ENV(qshl);
5705            break;
5706        case NEON_3R_VRSHL:
5707            GEN_NEON_INTEGER_OP(rshl);
5708            break;
5709        case NEON_3R_VQRSHL:
5710            GEN_NEON_INTEGER_OP_ENV(qrshl);
5711            break;
5712        case NEON_3R_VMAX:
5713            GEN_NEON_INTEGER_OP(max);
5714            break;
5715        case NEON_3R_VMIN:
5716            GEN_NEON_INTEGER_OP(min);
5717            break;
5718        case NEON_3R_VABD:
5719            GEN_NEON_INTEGER_OP(abd);
5720            break;
5721        case NEON_3R_VABA:
5722            GEN_NEON_INTEGER_OP(abd);
5723            tcg_temp_free_i32(tmp2);
5724            tmp2 = neon_load_reg(rd, pass);
5725            gen_neon_add(size, tmp, tmp2);
5726            break;
5727        case NEON_3R_VADD_VSUB:
5728            if (!u) { /* VADD */
5729                gen_neon_add(size, tmp, tmp2);
5730            } else { /* VSUB */
5731                switch (size) {
5732                case 0: gen_helper_neon_sub_u8(tmp, tmp, tmp2); break;
5733                case 1: gen_helper_neon_sub_u16(tmp, tmp, tmp2); break;
5734                case 2: tcg_gen_sub_i32(tmp, tmp, tmp2); break;
5735                default: abort();
5736                }
5737            }
5738            break;
5739        case NEON_3R_VTST_VCEQ:
5740            if (!u) { /* VTST */
5741                switch (size) {
5742                case 0: gen_helper_neon_tst_u8(tmp, tmp, tmp2); break;
5743                case 1: gen_helper_neon_tst_u16(tmp, tmp, tmp2); break;
5744                case 2: gen_helper_neon_tst_u32(tmp, tmp, tmp2); break;
5745                default: abort();
5746                }
5747            } else { /* VCEQ */
5748                switch (size) {
5749                case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
5750                case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
5751                case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
5752                default: abort();
5753                }
5754            }
5755            break;
5756        case NEON_3R_VML: /* VMLA, VMLAL, VMLS,VMLSL */
5757            switch (size) {
5758            case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
5759            case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
5760            case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
5761            default: abort();
5762            }
5763            tcg_temp_free_i32(tmp2);
5764            tmp2 = neon_load_reg(rd, pass);
5765            if (u) { /* VMLS */
5766                gen_neon_rsb(size, tmp, tmp2);
5767            } else { /* VMLA */
5768                gen_neon_add(size, tmp, tmp2);
5769            }
5770            break;
5771        case NEON_3R_VMUL:
5772            if (u) { /* polynomial */
5773                gen_helper_neon_mul_p8(tmp, tmp, tmp2);
5774            } else { /* Integer */
5775                switch (size) {
5776                case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
5777                case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
5778                case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
5779                default: abort();
5780                }
5781            }
5782            break;
5783        case NEON_3R_VPMAX:
5784            GEN_NEON_INTEGER_OP(pmax);
5785            break;
5786        case NEON_3R_VPMIN:
5787            GEN_NEON_INTEGER_OP(pmin);
5788            break;
5789        case NEON_3R_VQDMULH_VQRDMULH: /* Multiply high.  */
5790            if (!u) { /* VQDMULH */
5791                switch (size) {
5792                case 1:
5793                    gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
5794                    break;
5795                case 2:
5796                    gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
5797                    break;
5798                default: abort();
5799                }
5800            } else { /* VQRDMULH */
5801                switch (size) {
5802                case 1:
5803                    gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
5804                    break;
5805                case 2:
5806                    gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
5807                    break;
5808                default: abort();
5809                }
5810            }
5811            break;
5812        case NEON_3R_VPADD:
5813            switch (size) {
5814            case 0: gen_helper_neon_padd_u8(tmp, tmp, tmp2); break;
5815            case 1: gen_helper_neon_padd_u16(tmp, tmp, tmp2); break;
5816            case 2: tcg_gen_add_i32(tmp, tmp, tmp2); break;
5817            default: abort();
5818            }
5819            break;
5820        case NEON_3R_FLOAT_ARITH: /* Floating point arithmetic. */
5821        {
5822            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5823            switch ((u << 2) | size) {
5824            case 0: /* VADD */
5825            case 4: /* VPADD */
5826                gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
5827                break;
5828            case 2: /* VSUB */
5829                gen_helper_vfp_subs(tmp, tmp, tmp2, fpstatus);
5830                break;
5831            case 6: /* VABD */
5832                gen_helper_neon_abd_f32(tmp, tmp, tmp2, fpstatus);
5833                break;
5834            default:
5835                abort();
5836            }
5837            tcg_temp_free_ptr(fpstatus);
5838            break;
5839        }
5840        case NEON_3R_FLOAT_MULTIPLY:
5841        {
5842            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5843            gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
5844            if (!u) {
5845                tcg_temp_free_i32(tmp2);
5846                tmp2 = neon_load_reg(rd, pass);
5847                if (size == 0) {
5848                    gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
5849                } else {
5850                    gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
5851                }
5852            }
5853            tcg_temp_free_ptr(fpstatus);
5854            break;
5855        }
5856        case NEON_3R_FLOAT_CMP:
5857        {
5858            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5859            if (!u) {
5860                gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
5861            } else {
5862                if (size == 0) {
5863                    gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
5864                } else {
5865                    gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
5866                }
5867            }
5868            tcg_temp_free_ptr(fpstatus);
5869            break;
5870        }
5871        case NEON_3R_FLOAT_ACMP:
5872        {
5873            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5874            if (size == 0) {
5875                gen_helper_neon_acge_f32(tmp, tmp, tmp2, fpstatus);
5876            } else {
5877                gen_helper_neon_acgt_f32(tmp, tmp, tmp2, fpstatus);
5878            }
5879            tcg_temp_free_ptr(fpstatus);
5880            break;
5881        }
5882        case NEON_3R_FLOAT_MINMAX:
5883        {
5884            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5885            if (size == 0) {
5886                gen_helper_vfp_maxs(tmp, tmp, tmp2, fpstatus);
5887            } else {
5888                gen_helper_vfp_mins(tmp, tmp, tmp2, fpstatus);
5889            }
5890            tcg_temp_free_ptr(fpstatus);
5891            break;
5892        }
5893        case NEON_3R_FLOAT_MISC:
5894            if (u) {
5895                /* VMAXNM/VMINNM */
5896                TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5897                if (size == 0) {
5898                    gen_helper_vfp_maxnums(tmp, tmp, tmp2, fpstatus);
5899                } else {
5900                    gen_helper_vfp_minnums(tmp, tmp, tmp2, fpstatus);
5901                }
5902                tcg_temp_free_ptr(fpstatus);
5903            } else {
5904                if (size == 0) {
5905                    gen_helper_recps_f32(tmp, tmp, tmp2, cpu_env);
5906                } else {
5907                    gen_helper_rsqrts_f32(tmp, tmp, tmp2, cpu_env);
5908              }
5909            }
5910            break;
5911        case NEON_3R_VFM:
5912        {
5913            /* VFMA, VFMS: fused multiply-add */
5914            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
5915            TCGv_i32 tmp3 = neon_load_reg(rd, pass);
5916            if (size) {
5917                /* VFMS */
5918                gen_helper_vfp_negs(tmp, tmp);
5919            }
5920            gen_helper_vfp_muladds(tmp, tmp, tmp2, tmp3, fpstatus);
5921            tcg_temp_free_i32(tmp3);
5922            tcg_temp_free_ptr(fpstatus);
5923            break;
5924        }
5925        default:
5926            abort();
5927        }
5928        tcg_temp_free_i32(tmp2);
5929
5930        /* Save the result.  For elementwise operations we can put it
5931           straight into the destination register.  For pairwise operations
5932           we have to be careful to avoid clobbering the source operands.  */
5933        if (pairwise && rd == rm) {
5934            neon_store_scratch(pass, tmp);
5935        } else {
5936            neon_store_reg(rd, pass, tmp);
5937        }
5938
5939        } /* for pass */
5940        if (pairwise && rd == rm) {
5941            for (pass = 0; pass < (q ? 4 : 2); pass++) {
5942                tmp = neon_load_scratch(pass);
5943                neon_store_reg(rd, pass, tmp);
5944            }
5945        }
5946        /* End of 3 register same size operations.  */
5947    } else if (insn & (1 << 4)) {
5948        if ((insn & 0x00380080) != 0) {
5949            /* Two registers and shift.  */
5950            op = (insn >> 8) & 0xf;
5951            if (insn & (1 << 7)) {
5952                /* 64-bit shift. */
5953                if (op > 7) {
5954                    return 1;
5955                }
5956                size = 3;
5957            } else {
5958                size = 2;
5959                while ((insn & (1 << (size + 19))) == 0)
5960                    size--;
5961            }
5962            shift = (insn >> 16) & ((1 << (3 + size)) - 1);
5963            /* To avoid excessive duplication of ops we implement shift
5964               by immediate using the variable shift operations.  */
5965            if (op < 8) {
5966                /* Shift by immediate:
5967                   VSHR, VSRA, VRSHR, VRSRA, VSRI, VSHL, VQSHL, VQSHLU.  */
5968                if (q && ((rd | rm) & 1)) {
5969                    return 1;
5970                }
5971                if (!u && (op == 4 || op == 6)) {
5972                    return 1;
5973                }
5974                /* Right shifts are encoded as N - shift, where N is the
5975                   element size in bits.  */
5976                if (op <= 4)
5977                    shift = shift - (1 << (size + 3));
5978                if (size == 3) {
5979                    count = q + 1;
5980                } else {
5981                    count = q ? 4: 2;
5982                }
5983                switch (size) {
5984                case 0:
5985                    imm = (uint8_t) shift;
5986                    imm |= imm << 8;
5987                    imm |= imm << 16;
5988                    break;
5989                case 1:
5990                    imm = (uint16_t) shift;
5991                    imm |= imm << 16;
5992                    break;
5993                case 2:
5994                case 3:
5995                    imm = shift;
5996                    break;
5997                default:
5998                    abort();
5999                }
6000

6001                for (pass = 0; pass < count; pass++) {
6002                    if (size == 3) {
6003                        neon_load_reg64(cpu_V0, rm + pass);
6004                        tcg_gen_movi_i64(cpu_V1, imm);
6005                        switch (op) {
6006                        case 0:  /* VSHR */
6007                        case 1:  /* VSRA */
6008                            if (u)
6009                                gen_helper_neon_shl_u64(cpu_V0, cpu_V0, cpu_V1);
6010                            else
6011                                gen_helper_neon_shl_s64(cpu_V0, cpu_V0, cpu_V1);
6012                            break;
6013                        case 2: /* VRSHR */
6014                        case 3: /* VRSRA */
6015                            if (u)
6016                                gen_helper_neon_rshl_u64(cpu_V0, cpu_V0, cpu_V1);
6017                            else
6018                                gen_helper_neon_rshl_s64(cpu_V0, cpu_V0, cpu_V1);
6019                            break;
6020                        case 4: /* VSRI */
6021                        case 5: /* VSHL, VSLI */
6022                            gen_helper_neon_shl_u64(cpu_V0, cpu_V0, cpu_V1);
6023                            break;
6024                        case 6: /* VQSHLU */
6025                            gen_helper_neon_qshlu_s64(cpu_V0, cpu_env,
6026                                                      cpu_V0, cpu_V1);
6027                            break;
6028                        case 7: /* VQSHL */
6029                            if (u) {
6030                                gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
6031                                                         cpu_V0, cpu_V1);
6032                            } else {
6033                                gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
6034                                                         cpu_V0, cpu_V1);
6035                            }
6036                            break;
6037                        }
6038                        if (op == 1 || op == 3) {
6039                            /* Accumulate.  */
6040                            neon_load_reg64(cpu_V1, rd + pass);
6041                            tcg_gen_add_i64(cpu_V0, cpu_V0, cpu_V1);
6042                        } else if (op == 4 || (op == 5 && u)) {
6043                            /* Insert */
6044                            neon_load_reg64(cpu_V1, rd + pass);
6045                            uint64_t mask;
6046                            if (shift < -63 || shift > 63) {
6047                                mask = 0;
6048                            } else {
6049                                if (op == 4) {
6050                                    mask = 0xffffffffffffffffull >> -shift;
6051                                } else {
6052                                    mask = 0xffffffffffffffffull << shift;
6053                                }
6054                            }
6055                            tcg_gen_andi_i64(cpu_V1, cpu_V1, ~mask);
6056                            tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6057                        }
6058                        neon_store_reg64(cpu_V0, rd + pass);
6059                    } else { /* size < 3 */
6060                        /* Operands in T0 and T1.  */
6061                        tmp = neon_load_reg(rm, pass);
6062                        tmp2 = tcg_temp_new_i32();
6063                        tcg_gen_movi_i32(tmp2, imm);
6064                        switch (op) {
6065                        case 0:  /* VSHR */
6066                        case 1:  /* VSRA */
6067                            GEN_NEON_INTEGER_OP(shl);
6068                            break;
6069                        case 2: /* VRSHR */
6070                        case 3: /* VRSRA */
6071                            GEN_NEON_INTEGER_OP(rshl);
6072                            break;
6073                        case 4: /* VSRI */
6074                        case 5: /* VSHL, VSLI */
6075                            switch (size) {
6076                            case 0: gen_helper_neon_shl_u8(tmp, tmp, tmp2); break;
6077                            case 1: gen_helper_neon_shl_u16(tmp, tmp, tmp2); break;
6078                            case 2: gen_helper_neon_shl_u32(tmp, tmp, tmp2); break;
6079                            default: abort();
6080                            }
6081                            break;
6082                        case 6: /* VQSHLU */
6083                            switch (size) {
6084                            case 0:
6085                                gen_helper_neon_qshlu_s8(tmp, cpu_env,
6086                                                         tmp, tmp2);
6087                                break;
6088                            case 1:
6089                                gen_helper_neon_qshlu_s16(tmp, cpu_env,
6090                                                          tmp, tmp2);
6091                                break;
6092                            case 2:
6093                                gen_helper_neon_qshlu_s32(tmp, cpu_env,
6094                                                          tmp, tmp2);
6095                                break;
6096                            default:
6097                                abort();
6098                            }
6099                            break;
6100                        case 7: /* VQSHL */
6101                            GEN_NEON_INTEGER_OP_ENV(qshl);
6102                            break;
6103                        }
6104                        tcg_temp_free_i32(tmp2);
6105
6106                        if (op == 1 || op == 3) {
6107                            /* Accumulate.  */
6108                            tmp2 = neon_load_reg(rd, pass);
6109                            gen_neon_add(size, tmp, tmp2);
6110                            tcg_temp_free_i32(tmp2);
6111                        } else if (op == 4 || (op == 5 && u)) {
6112                            /* Insert */
6113                            switch (size) {
6114                            case 0:
6115                                if (op == 4)
6116                                    mask = 0xff >> -shift;
6117                                else
6118                                    mask = (uint8_t)(0xff << shift);
6119                                mask |= mask << 8;
6120                                mask |= mask << 16;
6121                                break;
6122                            case 1:
6123                                if (op == 4)
6124                                    mask = 0xffff >> -shift;
6125                                else
6126                                    mask = (uint16_t)(0xffff << shift);
6127                                mask |= mask << 16;
6128                                break;
6129                            case 2:
6130                                if (shift < -31 || shift > 31) {
6131                                    mask = 0;
6132                                } else {
6133                                    if (op == 4)
6134                                        mask = 0xffffffffu >> -shift;
6135                                    else
6136                                        mask = 0xffffffffu << shift;
6137                                }
6138                                break;
6139                            default:
6140                                abort();
6141                            }
6142                            tmp2 = neon_load_reg(rd, pass);
6143                            tcg_gen_andi_i32(tmp, tmp, mask);
6144                            tcg_gen_andi_i32(tmp2, tmp2, ~mask);
6145                            tcg_gen_or_i32(tmp, tmp, tmp2);
6146                            tcg_temp_free_i32(tmp2);
6147                        }
6148                        neon_store_reg(rd, pass, tmp);
6149                    }
6150                } /* for pass */
6151            } else if (op < 10) {
6152                /* Shift by immediate and narrow:
6153                   VSHRN, VRSHRN, VQSHRN, VQRSHRN.  */
6154                int input_unsigned = (op == 8) ? !u : u;
6155                if (rm & 1) {
6156                    return 1;
6157                }
6158                shift = shift - (1 << (size + 3));
6159                size++;
6160                if (size == 3) {
6161                    tmp64 = tcg_const_i64(shift);
6162                    neon_load_reg64(cpu_V0, rm);
6163                    neon_load_reg64(cpu_V1, rm + 1);
6164                    for (pass = 0; pass < 2; pass++) {
6165                        TCGv_i64 in;
6166                        if (pass == 0) {
6167                            in = cpu_V0;
6168                        } else {
6169                            in = cpu_V1;
6170                        }
6171                        if (q) {
6172                            if (input_unsigned) {
6173                                gen_helper_neon_rshl_u64(cpu_V0, in, tmp64);
6174                            } else {
6175                                gen_helper_neon_rshl_s64(cpu_V0, in, tmp64);
6176                            }
6177                        } else {
6178                            if (input_unsigned) {
6179                                gen_helper_neon_shl_u64(cpu_V0, in, tmp64);
6180                            } else {
6181                                gen_helper_neon_shl_s64(cpu_V0, in, tmp64);
6182                            }
6183                        }
6184                        tmp = tcg_temp_new_i32();
6185                        gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
6186                        neon_store_reg(rd, pass, tmp);
6187                    } /* for pass */
6188                    tcg_temp_free_i64(tmp64);
6189                } else {
6190                    if (size == 1) {
6191                        imm = (uint16_t)shift;
6192                        imm |= imm << 16;
6193                    } else {
6194                        /* size == 2 */
6195                        imm = (uint32_t)shift;
6196                    }
6197                    tmp2 = tcg_const_i32(imm);
6198                    tmp4 = neon_load_reg(rm + 1, 0);
6199                    tmp5 = neon_load_reg(rm + 1, 1);
6200                    for (pass = 0; pass < 2; pass++) {
6201                        if (pass == 0) {
6202                            tmp = neon_load_reg(rm, 0);
6203                        } else {
6204                            tmp = tmp4;
6205                        }
6206                        gen_neon_shift_narrow(size, tmp, tmp2, q,
6207                                              input_unsigned);
6208                        if (pass == 0) {
6209                            tmp3 = neon_load_reg(rm, 1);
6210                        } else {
6211                            tmp3 = tmp5;
6212                        }
6213                        gen_neon_shift_narrow(size, tmp3, tmp2, q,
6214                                              input_unsigned);
6215                        tcg_gen_concat_i32_i64(cpu_V0, tmp, tmp3);
6216                        tcg_temp_free_i32(tmp);
6217                        tcg_temp_free_i32(tmp3);
6218                        tmp = tcg_temp_new_i32();
6219                        gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
6220                        neon_store_reg(rd, pass, tmp);
6221                    } /* for pass */
6222                    tcg_temp_free_i32(tmp2);
6223                }
6224            } else if (op == 10) {
6225                /* VSHLL, VMOVL */
6226                if (q || (rd & 1)) {
6227                    return 1;
6228                }
6229                tmp = neon_load_reg(rm, 0);
6230                tmp2 = neon_load_reg(rm, 1);
6231                for (pass = 0; pass < 2; pass++) {
6232                    if (pass == 1)
6233                        tmp = tmp2;
6234
6235                    gen_neon_widen(cpu_V0, tmp, size, u);
6236
6237                    if (shift != 0) {
6238                        /* The shift is less than the width of the source
6239                           type, so we can just shift the whole register.  */
6240                        tcg_gen_shli_i64(cpu_V0, cpu_V0, shift);
6241                        /* Widen the result of shift: we need to clear
6242                         * the potential overflow bits resulting from
6243                         * left bits of the narrow input appearing as
6244                         * right bits of left the neighbour narrow
6245                         * input.  */
6246                        if (size < 2 || !u) {
6247                            uint64_t imm64;
6248                            if (size == 0) {
6249                                imm = (0xffu >> (8 - shift));
6250                                imm |= imm << 16;
6251                            } else if (size == 1) {
6252                                imm = 0xffff >> (16 - shift);
6253                            } else {
6254                                /* size == 2 */
6255                                imm = 0xffffffff >> (32 - shift);
6256                            }
6257                            if (size < 2) {
6258                                imm64 = imm | (((uint64_t)imm) << 32);
6259                            } else {
6260                                imm64 = imm;
6261                            }
6262                            tcg_gen_andi_i64(cpu_V0, cpu_V0, ~imm64);
6263                        }
6264                    }
6265                    neon_store_reg64(cpu_V0, rd + pass);
6266                }
6267            } else if (op >= 14) {
6268                /* VCVT fixed-point.  */
6269                if (!(insn & (1 << 21)) || (q && ((rd | rm) & 1))) {
6270                    return 1;
6271                }
6272                /* We have already masked out the must-be-1 top bit of imm6,
6273                 * hence this 32-shift where the ARM ARM has 64-imm6.
6274                 */
6275                shift = 32 - shift;
6276                for (pass = 0; pass < (q ? 4 : 2); pass++) {
6277                    tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, pass));
6278                    if (!(op & 1)) {
6279                        if (u)
6280                            gen_vfp_ulto(0, shift, 1);
6281                        else
6282                            gen_vfp_slto(0, shift, 1);
6283                    } else {
6284                        if (u)
6285                            gen_vfp_toul(0, shift, 1);
6286                        else
6287                            gen_vfp_tosl(0, shift, 1);
6288                    }
6289                    tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, pass));
6290                }
6291            } else {
6292                return 1;
6293            }
6294        } else { /* (insn & 0x00380080) == 0 */
6295            int invert;
6296            if (q && (rd & 1)) {
6297                return 1;
6298            }
6299
6300            op = (insn >> 8) & 0xf;
6301            /* One register and immediate.  */
6302            imm = (u << 7) | ((insn >> 12) & 0x70) | (insn & 0xf);
6303            invert = (insn & (1 << 5)) != 0;
6304            /* Note that op = 2,3,4,5,6,7,10,11,12,13 imm=0 is UNPREDICTABLE.
6305             * We choose to not special-case this and will behave as if a
6306             * valid constant encoding of 0 had been given.
6307             */
6308            switch (op) {
6309            case 0: case 1:
6310                /* no-op */
6311                break;
6312            case 2: case 3:
6313                imm <<= 8;
6314                break;
6315            case 4: case 5:
6316                imm <<= 16;
6317                break;
6318            case 6: case 7:
6319                imm <<= 24;
6320                break;
6321            case 8: case 9:
6322                imm |= imm << 16;
6323                break;
6324            case 10: case 11:
6325                imm = (imm << 8) | (imm << 24);
6326                break;
6327            case 12:
6328                imm = (imm << 8) | 0xff;
6329                break;
6330            case 13:
6331                imm = (imm << 16) | 0xffff;
6332                break;
6333            case 14:
6334                imm |= (imm << 8) | (imm << 16) | (imm << 24);
6335                if (invert)
6336                    imm = ~imm;
6337                break;
6338            case 15:
6339                if (invert) {
6340                    return 1;
6341                }
6342                imm = ((imm & 0x80) << 24) | ((imm & 0x3f) << 19)
6343                      | ((imm & 0x40) ? (0x1f << 25) : (1 << 30));
6344                break;
6345            }
6346            if (invert)
6347                imm = ~imm;
6348
6349            for (pass = 0; pass < (q ? 4 : 2); pass++) {
6350                if (op & 1 && op < 12) {
6351                    tmp = neon_load_reg(rd, pass);
6352                    if (invert) {
6353                        /* The immediate value has already been inverted, so
6354                           BIC becomes AND.  */
6355                        tcg_gen_andi_i32(tmp, tmp, imm);
6356                    } else {
6357                        tcg_gen_ori_i32(tmp, tmp, imm);
6358                    }
6359                } else {
6360                    /* VMOV, VMVN.  */
6361                    tmp = tcg_temp_new_i32();
6362                    if (op == 14 && invert) {
6363                        int n;
6364                        uint32_t val;
6365                        val = 0;
6366                        for (n = 0; n < 4; n++) {
6367                            if (imm & (1 << (n + (pass & 1) * 4)))
6368                                val |= 0xff << (n * 8);
6369                        }
6370                        tcg_gen_movi_i32(tmp, val);
6371                    } else {
6372                        tcg_gen_movi_i32(tmp, imm);
6373                    }
6374                }
6375                neon_store_reg(rd, pass, tmp);
6376            }
6377        }
6378    } else { /* (insn & 0x00800010 == 0x00800000) */
6379        if (size != 3) {
6380            op = (insn >> 8) & 0xf;
6381            if ((insn & (1 << 6)) == 0) {
6382                /* Three registers of different lengths.  */
6383                int src1_wide;
6384                int src2_wide;
6385                int prewiden;
6386                /* undefreq: bit 0 : UNDEF if size == 0
6387                 *           bit 1 : UNDEF if size == 1
6388                 *           bit 2 : UNDEF if size == 2
6389                 *           bit 3 : UNDEF if U == 1
6390                 * Note that [2:0] set implies 'always UNDEF'
6391                 */
6392                int undefreq;
6393                /* prewiden, src1_wide, src2_wide, undefreq */
6394                static const int neon_3reg_wide[16][4] = {
6395                    {1, 0, 0, 0}, /* VADDL */
6396                    {1, 1, 0, 0}, /* VADDW */
6397                    {1, 0, 0, 0}, /* VSUBL */
6398                    {1, 1, 0, 0}, /* VSUBW */
6399                    {0, 1, 1, 0}, /* VADDHN */
6400                    {0, 0, 0, 0}, /* VABAL */
6401                    {0, 1, 1, 0}, /* VSUBHN */
6402                    {0, 0, 0, 0}, /* VABDL */
6403                    {0, 0, 0, 0}, /* VMLAL */
6404                    {0, 0, 0, 9}, /* VQDMLAL */
6405                    {0, 0, 0, 0}, /* VMLSL */
6406                    {0, 0, 0, 9}, /* VQDMLSL */
6407                    {0, 0, 0, 0}, /* Integer VMULL */
6408                    {0, 0, 0, 1}, /* VQDMULL */
6409                    {0, 0, 0, 0xa}, /* Polynomial VMULL */
6410                    {0, 0, 0, 7}, /* Reserved: always UNDEF */
6411                };
6412
6413                prewiden = neon_3reg_wide[op][0];
6414                src1_wide = neon_3reg_wide[op][1];
6415                src2_wide = neon_3reg_wide[op][2];
6416                undefreq = neon_3reg_wide[op][3];
6417
6418                if ((undefreq & (1 << size)) ||
6419                    ((undefreq & 8) && u)) {
6420                    return 1;
6421                }
6422                if ((src1_wide && (rn & 1)) ||
6423                    (src2_wide && (rm & 1)) ||
6424                    (!src2_wide && (rd & 1))) {
6425                    return 1;
6426                }
6427
6428                /* Handle VMULL.P64 (Polynomial 64x64 to 128 bit multiply)
6429                 * outside the loop below as it only performs a single pass.
6430                 */
6431                if (op == 14 && size == 2) {
6432                    TCGv_i64 tcg_rn, tcg_rm, tcg_rd;
6433
6434                    if (!arm_dc_feature(s, ARM_FEATURE_V8_PMULL)) {
6435                        return 1;
6436                    }
6437                    tcg_rn = tcg_temp_new_i64();
6438                    tcg_rm = tcg_temp_new_i64();
6439                    tcg_rd = tcg_temp_new_i64();
6440                    neon_load_reg64(tcg_rn, rn);
6441                    neon_load_reg64(tcg_rm, rm);
6442                    gen_helper_neon_pmull_64_lo(tcg_rd, tcg_rn, tcg_rm);
6443                    neon_store_reg64(tcg_rd, rd);
6444                    gen_helper_neon_pmull_64_hi(tcg_rd, tcg_rn, tcg_rm);
6445                    neon_store_reg64(tcg_rd, rd + 1);
6446                    tcg_temp_free_i64(tcg_rn);
6447                    tcg_temp_free_i64(tcg_rm);
6448                    tcg_temp_free_i64(tcg_rd);
6449                    return 0;
6450                }
6451
6452                /* Avoid overlapping operands.  Wide source operands are
6453                   always aligned so will never overlap with wide
6454                   destinations in problematic ways.  */
6455                if (rd == rm && !src2_wide) {
6456                    tmp = neon_load_reg(rm, 1);
6457                    neon_store_scratch(2, tmp);
6458                } else if (rd == rn && !src1_wide) {
6459                    tmp = neon_load_reg(rn, 1);
6460                    neon_store_scratch(2, tmp);
6461                }
6462                TCGV_UNUSED_I32(tmp3);
6463                for (pass = 0; pass < 2; pass++) {
6464                    if (src1_wide) {
6465                        neon_load_reg64(cpu_V0, rn + pass);
6466                        TCGV_UNUSED_I32(tmp);
6467                    } else {
6468                        if (pass == 1 && rd == rn) {
6469                            tmp = neon_load_scratch(2);
6470                        } else {
6471                            tmp = neon_load_reg(rn, pass);
6472                        }
6473                        if (prewiden) {
6474                            gen_neon_widen(cpu_V0, tmp, size, u);
6475                        }
6476                    }
6477                    if (src2_wide) {
6478                        neon_load_reg64(cpu_V1, rm + pass);
6479                        TCGV_UNUSED_I32(tmp2);
6480                    } else {
6481                        if (pass == 1 && rd == rm) {
6482                            tmp2 = neon_load_scratch(2);
6483                        } else {
6484                            tmp2 = neon_load_reg(rm, pass);
6485                        }
6486                        if (prewiden) {
6487                            gen_neon_widen(cpu_V1, tmp2, size, u);
6488                        }
6489                    }
6490                    switch (op) {
6491                    case 0: case 1: case 4: /* VADDL, VADDW, VADDHN, VRADDHN */
6492                        gen_neon_addl(size);
6493                        break;
6494                    case 2: case 3: case 6: /* VSUBL, VSUBW, VSUBHN, VRSUBHN */
6495                        gen_neon_subl(size);
6496                        break;
6497                    case 5: case 7: /* VABAL, VABDL */
6498                        switch ((size << 1) | u) {
6499                        case 0:
6500                            gen_helper_neon_abdl_s16(cpu_V0, tmp, tmp2);
6501                            break;
6502                        case 1:
6503                            gen_helper_neon_abdl_u16(cpu_V0, tmp, tmp2);
6504                            break;
6505                        case 2:
6506                            gen_helper_neon_abdl_s32(cpu_V0, tmp, tmp2);
6507                            break;
6508                        case 3:
6509                            gen_helper_neon_abdl_u32(cpu_V0, tmp, tmp2);
6510                            break;
6511                        case 4:
6512                            gen_helper_neon_abdl_s64(cpu_V0, tmp, tmp2);
6513                            break;
6514                        case 5:
6515                            gen_helper_neon_abdl_u64(cpu_V0, tmp, tmp2);
6516                            break;
6517                        default: abort();
6518                        }
6519                        tcg_temp_free_i32(tmp2);
6520                        tcg_temp_free_i32(tmp);
6521                        break;
6522                    case 8: case 9: case 10: case 11: case 12: case 13:
6523                        /* VMLAL, VQDMLAL, VMLSL, VQDMLSL, VMULL, VQDMULL */
6524                        gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
6525                        break;
6526                    case 14: /* Polynomial VMULL */
6527                        gen_helper_neon_mull_p8(cpu_V0, tmp, tmp2);
6528                        tcg_temp_free_i32(tmp2);
6529                        tcg_temp_free_i32(tmp);
6530                        break;
6531                    default: /* 15 is RESERVED: caught earlier  */
6532                        abort();
6533                    }
6534                    if (op == 13) {
6535                        /* VQDMULL */
6536                        gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6537                        neon_store_reg64(cpu_V0, rd + pass);
6538                    } else if (op == 5 || (op >= 8 && op <= 11)) {
6539                        /* Accumulate.  */
6540                        neon_load_reg64(cpu_V1, rd + pass);
6541                        switch (op) {
6542                        case 10: /* VMLSL */
6543                            gen_neon_negl(cpu_V0, size);
6544                            /* Fall through */
6545                        case 5: case 8: /* VABAL, VMLAL */
6546                            gen_neon_addl(size);
6547                            break;
6548                        case 9: case 11: /* VQDMLAL, VQDMLSL */
6549                            gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6550                            if (op == 11) {
6551                                gen_neon_negl(cpu_V0, size);
6552                            }
6553                            gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
6554                            break;
6555                        default:
6556                            abort();
6557                        }
6558                        neon_store_reg64(cpu_V0, rd + pass);
6559                    } else if (op == 4 || op == 6) {
6560                        /* Narrowing operation.  */
6561                        tmp = tcg_temp_new_i32();
6562                        if (!u) {
6563                            switch (size) {
6564                            case 0:
6565                                gen_helper_neon_narrow_high_u8(tmp, cpu_V0);
6566                                break;
6567                            case 1:
6568                                gen_helper_neon_narrow_high_u16(tmp, cpu_V0);
6569                                break;
6570                            case 2:
6571                                tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
6572                                tcg_gen_extrl_i64_i32(tmp, cpu_V0);
6573                                break;
6574                            default: abort();
6575                            }
6576                        } else {
6577                            switch (size) {
6578                            case 0:
6579                                gen_helper_neon_narrow_round_high_u8(tmp, cpu_V0);
6580                                break;
6581                            case 1:
6582                                gen_helper_neon_narrow_round_high_u16(tmp, cpu_V0);
6583                                break;
6584                            case 2:
6585                                tcg_gen_addi_i64(cpu_V0, cpu_V0, 1u << 31);
6586                                tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
6587                                tcg_gen_extrl_i64_i32(tmp, cpu_V0);
6588                                break;
6589                            default: abort();
6590                            }
6591                        }
6592                        if (pass == 0) {
6593                            tmp3 = tmp;
6594                        } else {
6595                            neon_store_reg(rd, 0, tmp3);
6596                            neon_store_reg(rd, 1, tmp);
6597                        }
6598                    } else {
6599                        /* Write back the result.  */
6600                        neon_store_reg64(cpu_V0, rd + pass);
6601                    }
6602                }
6603            } else {
6604                /* Two registers and a scalar. NB that for ops of this form
6605                 * the ARM ARM labels bit 24 as Q, but it is in our variable
6606                 * 'u', not 'q'.
6607                 */
6608                if (size == 0) {
6609                    return 1;
6610                }
6611                switch (op) {
6612                case 1: /* Float VMLA scalar */
6613                case 5: /* Floating point VMLS scalar */
6614                case 9: /* Floating point VMUL scalar */
6615                    if (size == 1) {
6616                        return 1;
6617                    }
6618                    /* fall through */
6619                case 0: /* Integer VMLA scalar */
6620                case 4: /* Integer VMLS scalar */
6621                case 8: /* Integer VMUL scalar */
6622                case 12: /* VQDMULH scalar */
6623                case 13: /* VQRDMULH scalar */
6624                    if (u && ((rd | rn) & 1)) {
6625                        return 1;
6626                    }
6627                    tmp = neon_get_scalar(size, rm);
6628                    neon_store_scratch(0, tmp);
6629                    for (pass = 0; pass < (u ? 4 : 2); pass++) {
6630                        tmp = neon_load_scratch(0);
6631                        tmp2 = neon_load_reg(rn, pass);
6632                        if (op == 12) {
6633                            if (size == 1) {
6634                                gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
6635                            } else {
6636                                gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
6637                            }
6638                        } else if (op == 13) {
6639                            if (size == 1) {
6640                                gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
6641                            } else {
6642                                gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
6643                            }
6644                        } else if (op & 1) {
6645                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6646                            gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
6647                            tcg_temp_free_ptr(fpstatus);
6648                        } else {
6649                            switch (size) {
6650                            case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
6651                            case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
6652                            case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
6653                            default: abort();
6654                            }
6655                        }
6656                        tcg_temp_free_i32(tmp2);
6657                        if (op < 8) {
6658                            /* Accumulate.  */
6659                            tmp2 = neon_load_reg(rd, pass);
6660                            switch (op) {
6661                            case 0:
6662                                gen_neon_add(size, tmp, tmp2);
6663                                break;
6664                            case 1:
6665                            {
6666                                TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6667                                gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
6668                                tcg_temp_free_ptr(fpstatus);
6669                                break;
6670                            }
6671                            case 4:
6672                                gen_neon_rsb(size, tmp, tmp2);
6673                                break;
6674                            case 5:
6675                            {
6676                                TCGv_ptr fpstatus = get_fpstatus_ptr(1);
6677                                gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
6678                                tcg_temp_free_ptr(fpstatus);
6679                                break;
6680                            }
6681                            default:
6682                                abort();
6683                            }
6684                            tcg_temp_free_i32(tmp2);
6685                        }
6686                        neon_store_reg(rd, pass, tmp);
6687                    }
6688                    break;
6689                case 3: /* VQDMLAL scalar */
6690                case 7: /* VQDMLSL scalar */
6691                case 11: /* VQDMULL scalar */
6692                    if (u == 1) {
6693                        return 1;
6694                    }
6695                    /* fall through */
6696                case 2: /* VMLAL sclar */
6697                case 6: /* VMLSL scalar */
6698                case 10: /* VMULL scalar */
6699                    if (rd & 1) {
6700                        return 1;
6701                    }
6702                    tmp2 = neon_get_scalar(size, rm);
6703                    /* We need a copy of tmp2 because gen_neon_mull
6704                     * deletes it during pass 0.  */
6705                    tmp4 = tcg_temp_new_i32();
6706                    tcg_gen_mov_i32(tmp4, tmp2);
6707                    tmp3 = neon_load_reg(rn, 1);
6708
6709                    for (pass = 0; pass < 2; pass++) {
6710                        if (pass == 0) {
6711                            tmp = neon_load_reg(rn, 0);
6712                        } else {
6713                            tmp = tmp3;
6714                            tmp2 = tmp4;
6715                        }
6716                        gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
6717                        if (op != 11) {
6718                            neon_load_reg64(cpu_V1, rd + pass);
6719                        }
6720                        switch (op) {
6721                        case 6:
6722                            gen_neon_negl(cpu_V0, size);
6723                            /* Fall through */
6724                        case 2:
6725                            gen_neon_addl(size);
6726                            break;
6727                        case 3: case 7:
6728                            gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6729                            if (op == 7) {
6730                                gen_neon_negl(cpu_V0, size);
6731                            }
6732                            gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
6733                            break;
6734                        case 10:
6735                            /* no-op */
6736                            break;
6737                        case 11:
6738                            gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
6739                            break;
6740                        default:
6741                            abort();
6742                        }
6743                        neon_store_reg64(cpu_V0, rd + pass);
6744                    }
6745
6746
6747                    break;
6748                default: /* 14 and 15 are RESERVED */
6749                    return 1;
6750                }
6751            }
6752        } else { /* size == 3 */
6753            if (!u) {
6754                /* Extract.  */
6755                imm = (insn >> 8) & 0xf;
6756
6757                if (imm > 7 && !q)
6758                    return 1;
6759
6760                if (q && ((rd | rn | rm) & 1)) {
6761                    return 1;
6762                }
6763
6764                if (imm == 0) {
6765                    neon_load_reg64(cpu_V0, rn);
6766                    if (q) {
6767                        neon_load_reg64(cpu_V1, rn + 1);
6768                    }
6769                } else if (imm == 8) {
6770                    neon_load_reg64(cpu_V0, rn + 1);
6771                    if (q) {
6772                        neon_load_reg64(cpu_V1, rm);
6773                    }
6774                } else if (q) {
6775                    tmp64 = tcg_temp_new_i64();
6776                    if (imm < 8) {
6777                        neon_load_reg64(cpu_V0, rn);
6778                        neon_load_reg64(tmp64, rn + 1);
6779                    } else {
6780                        neon_load_reg64(cpu_V0, rn + 1);
6781                        neon_load_reg64(tmp64, rm);
6782                    }
6783                    tcg_gen_shri_i64(cpu_V0, cpu_V0, (imm & 7) * 8);
6784                    tcg_gen_shli_i64(cpu_V1, tmp64, 64 - ((imm & 7) * 8));
6785                    tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6786                    if (imm < 8) {
6787                        neon_load_reg64(cpu_V1, rm);
6788                    } else {
6789                        neon_load_reg64(cpu_V1, rm + 1);
6790                        imm -= 8;
6791                    }
6792                    tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6793                    tcg_gen_shri_i64(tmp64, tmp64, imm * 8);
6794                    tcg_gen_or_i64(cpu_V1, cpu_V1, tmp64);
6795                    tcg_temp_free_i64(tmp64);
6796                } else {
6797                    /* BUGFIX */
6798                    neon_load_reg64(cpu_V0, rn);
6799                    tcg_gen_shri_i64(cpu_V0, cpu_V0, imm * 8);
6800                    neon_load_reg64(cpu_V1, rm);
6801                    tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
6802                    tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
6803                }
6804                neon_store_reg64(cpu_V0, rd);
6805                if (q) {
6806                    neon_store_reg64(cpu_V1, rd + 1);
6807                }
6808            } else if ((insn & (1 << 11)) == 0) {
6809                /* Two register misc.  */
6810                op = ((insn >> 12) & 0x30) | ((insn >> 7) & 0xf);
6811                size = (insn >> 18) & 3;
6812                /* UNDEF for unknown op values and bad op-size combinations */
6813                if ((neon_2rm_sizes[op] & (1 << size)) == 0) {
6814                    return 1;
6815                }
6816                if (neon_2rm_is_v8_op(op) &&
6817                    !arm_dc_feature(s, ARM_FEATURE_V8)) {
6818                    return 1;
6819                }
6820                if ((op != NEON_2RM_VMOVN && op != NEON_2RM_VQMOVN) &&
6821                    q && ((rm | rd) & 1)) {
6822                    return 1;
6823                }
6824                switch (op) {
6825                case NEON_2RM_VREV64:
6826                    for (pass = 0; pass < (q ? 2 : 1); pass++) {
6827                        tmp = neon_load_reg(rm, pass * 2);
6828                        tmp2 = neon_load_reg(rm, pass * 2 + 1);
6829                        switch (size) {
6830                        case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
6831                        case 1: gen_swap_half(tmp); break;
6832                        case 2: /* no-op */ break;
6833                        default: abort();
6834                        }
6835                        neon_store_reg(rd, pass * 2 + 1, tmp);
6836                        if (size == 2) {
6837                            neon_store_reg(rd, pass * 2, tmp2);
6838                        } else {
6839                            switch (size) {
6840                            case 0: tcg_gen_bswap32_i32(tmp2, tmp2); break;
6841                            case 1: gen_swap_half(tmp2); break;
6842                            default: abort();
6843                            }
6844                            neon_store_reg(rd, pass * 2, tmp2);
6845                        }
6846                    }
6847                    break;
6848                case NEON_2RM_VPADDL: case NEON_2RM_VPADDL_U:
6849                case NEON_2RM_VPADAL: case NEON_2RM_VPADAL_U:
6850                    for (pass = 0; pass < q + 1; pass++) {
6851                        tmp = neon_load_reg(rm, pass * 2);
6852                        gen_neon_widen(cpu_V0, tmp, size, op & 1);
6853                        tmp = neon_load_reg(rm, pass * 2 + 1);
6854                        gen_neon_widen(cpu_V1, tmp, size, op & 1);
6855                        switch (size) {
6856                        case 0: gen_helper_neon_paddl_u16(CPU_V001); break;
6857                        case 1: gen_helper_neon_paddl_u32(CPU_V001); break;
6858                        case 2: tcg_gen_add_i64(CPU_V001); break;
6859                        default: abort();
6860                        }
6861                        if (op >= NEON_2RM_VPADAL) {
6862                            /* Accumulate.  */
6863                            neon_load_reg64(cpu_V1, rd + pass);
6864                            gen_neon_addl(size);
6865                        }
6866                        neon_store_reg64(cpu_V0, rd + pass);
6867                    }
6868                    break;
6869                case NEON_2RM_VTRN:
6870                    if (size == 2) {
6871                        int n;
6872                        for (n = 0; n < (q ? 4 : 2); n += 2) {
6873                            tmp = neon_load_reg(rm, n);
6874                            tmp2 = neon_load_reg(rd, n + 1);
6875                            neon_store_reg(rm, n, tmp2);
6876                            neon_store_reg(rd, n + 1, tmp);
6877                        }
6878                    } else {
6879                        goto elementwise;
6880                    }
6881                    break;
6882                case NEON_2RM_VUZP:
6883                    if (gen_neon_unzip(rd, rm, size, q)) {
6884                        return 1;
6885                    }
6886                    break;
6887                case NEON_2RM_VZIP:
6888                    if (gen_neon_zip(rd, rm, size, q)) {
6889                        return 1;
6890                    }
6891                    break;
6892                case NEON_2RM_VMOVN: case NEON_2RM_VQMOVN:
6893                    /* also VQMOVUN; op field and mnemonics don't line up */
6894                    if (rm & 1) {
6895                        return 1;
6896                    }
6897                    TCGV_UNUSED_I32(tmp2);
6898                    for (pass = 0; pass < 2; pass++) {
6899                        neon_load_reg64(cpu_V0, rm + pass);
6900                        tmp = tcg_temp_new_i32();
6901                        gen_neon_narrow_op(op == NEON_2RM_VMOVN, q, size,
6902                                           tmp, cpu_V0);
6903                        if (pass == 0) {
6904                            tmp2 = tmp;
6905                        } else {
6906                            neon_store_reg(rd, 0, tmp2);
6907                            neon_store_reg(rd, 1, tmp);
6908                        }
6909                    }
6910                    break;
6911                case NEON_2RM_VSHLL:
6912                    if (q || (rd & 1)) {
6913                        return 1;
6914                    }
6915                    tmp = neon_load_reg(rm, 0);
6916                    tmp2 = neon_load_reg(rm, 1);
6917                    for (pass = 0; pass < 2; pass++) {
6918                        if (pass == 1)
6919                            tmp = tmp2;
6920                        gen_neon_widen(cpu_V0, tmp, size, 1);
6921                        tcg_gen_shli_i64(cpu_V0, cpu_V0, 8 << size);
6922                        neon_store_reg64(cpu_V0, rd + pass);
6923                    }
6924                    break;
6925                case NEON_2RM_VCVT_F16_F32:
6926                    if (!arm_dc_feature(s, ARM_FEATURE_VFP_FP16) ||
6927                        q || (rm & 1)) {
6928                        return 1;
6929                    }
6930                    tmp = tcg_temp_new_i32();
6931                    tmp2 = tcg_temp_new_i32();
6932                    tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 0));
6933                    gen_helper_neon_fcvt_f32_to_f16(tmp, cpu_F0s, cpu_env);
6934                    tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 1));
6935                    gen_helper_neon_fcvt_f32_to_f16(tmp2, cpu_F0s, cpu_env);
6936                    tcg_gen_shli_i32(tmp2, tmp2, 16);
6937                    tcg_gen_or_i32(tmp2, tmp2, tmp);
6938                    tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 2));
6939                    gen_helper_neon_fcvt_f32_to_f16(tmp, cpu_F0s, cpu_env);
6940                    tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 3));
6941                    neon_store_reg(rd, 0, tmp2);
6942                    tmp2 = tcg_temp_new_i32();
6943                    gen_helper_neon_fcvt_f32_to_f16(tmp2, cpu_F0s, cpu_env);
6944                    tcg_gen_shli_i32(tmp2, tmp2, 16);
6945                    tcg_gen_or_i32(tmp2, tmp2, tmp);
6946                    neon_store_reg(rd, 1, tmp2);
6947                    tcg_temp_free_i32(tmp);
6948                    break;
6949                case NEON_2RM_VCVT_F32_F16:
6950                    if (!arm_dc_feature(s, ARM_FEATURE_VFP_FP16) ||
6951                        q || (rd & 1)) {
6952                        return 1;
6953                    }
6954                    tmp3 = tcg_temp_new_i32();
6955                    tmp = neon_load_reg(rm, 0);
6956                    tmp2 = neon_load_reg(rm, 1);
6957                    tcg_gen_ext16u_i32(tmp3, tmp);
6958                    gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
6959                    tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 0));
6960                    tcg_gen_shri_i32(tmp3, tmp, 16);
6961                    gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
6962                    tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 1));
6963                    tcg_temp_free_i32(tmp);
6964                    tcg_gen_ext16u_i32(tmp3, tmp2);
6965                    gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
6966                    tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 2));
6967                    tcg_gen_shri_i32(tmp3, tmp2, 16);
6968                    gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
6969                    tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 3));
6970                    tcg_temp_free_i32(tmp2);
6971                    tcg_temp_free_i32(tmp3);
6972                    break;
6973                case NEON_2RM_AESE: case NEON_2RM_AESMC:
6974                    if (!arm_dc_feature(s, ARM_FEATURE_V8_AES)
6975                        || ((rm | rd) & 1)) {
6976                        return 1;
6977                    }
6978                    tmp = tcg_const_i32(rd);
6979                    tmp2 = tcg_const_i32(rm);
6980
6981                     /* Bit 6 is the lowest opcode bit; it distinguishes between
6982                      * encryption (AESE/AESMC) and decryption (AESD/AESIMC)
6983                      */
6984                    tmp3 = tcg_const_i32(extract32(insn, 6, 1));
6985
6986                    if (op == NEON_2RM_AESE) {
6987                        gen_helper_crypto_aese(cpu_env, tmp, tmp2, tmp3);
6988                    } else {
6989                        gen_helper_crypto_aesmc(cpu_env, tmp, tmp2, tmp3);
6990                    }
6991                    tcg_temp_free_i32(tmp);
6992                    tcg_temp_free_i32(tmp2);
6993                    tcg_temp_free_i32(tmp3);
6994                    break;
6995                case NEON_2RM_SHA1H:
6996                    if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA1)
6997                        || ((rm | rd) & 1)) {
6998                        return 1;
6999                    }
7000                    tmp = tcg_const_i32(rd);

7001                    tmp2 = tcg_const_i32(rm);
7002
7003                    gen_helper_crypto_sha1h(cpu_env, tmp, tmp2);
7004
7005                    tcg_temp_free_i32(tmp);
7006                    tcg_temp_free_i32(tmp2);
7007                    break;
7008                case NEON_2RM_SHA1SU1:
7009                    if ((rm | rd) & 1) {
7010                            return 1;
7011                    }
7012                    /* bit 6 (q): set -> SHA256SU0, cleared -> SHA1SU1 */
7013                    if (q) {
7014                        if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA256)) {
7015                            return 1;
7016                        }
7017                    } else if (!arm_dc_feature(s, ARM_FEATURE_V8_SHA1)) {
7018                        return 1;
7019                    }
7020                    tmp = tcg_const_i32(rd);
7021                    tmp2 = tcg_const_i32(rm);
7022                    if (q) {
7023                        gen_helper_crypto_sha256su0(cpu_env, tmp, tmp2);
7024                    } else {
7025                        gen_helper_crypto_sha1su1(cpu_env, tmp, tmp2);
7026                    }
7027                    tcg_temp_free_i32(tmp);
7028                    tcg_temp_free_i32(tmp2);
7029                    break;
7030                default:
7031                elementwise:
7032                    for (pass = 0; pass < (q ? 4 : 2); pass++) {
7033                        if (neon_2rm_is_float_op(op)) {
7034                            tcg_gen_ld_f32(cpu_F0s, cpu_env,
7035                                           neon_reg_offset(rm, pass));
7036                            TCGV_UNUSED_I32(tmp);
7037                        } else {
7038                            tmp = neon_load_reg(rm, pass);
7039                        }
7040                        switch (op) {
7041                        case NEON_2RM_VREV32:
7042                            switch (size) {
7043                            case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
7044                            case 1: gen_swap_half(tmp); break;
7045                            default: abort();
7046                            }
7047                            break;
7048                        case NEON_2RM_VREV16:
7049                            gen_rev16(tmp);
7050                            break;
7051                        case NEON_2RM_VCLS:
7052                            switch (size) {
7053                            case 0: gen_helper_neon_cls_s8(tmp, tmp); break;
7054                            case 1: gen_helper_neon_cls_s16(tmp, tmp); break;
7055                            case 2: gen_helper_neon_cls_s32(tmp, tmp); break;
7056                            default: abort();
7057                            }
7058                            break;
7059                        case NEON_2RM_VCLZ:
7060                            switch (size) {
7061                            case 0: gen_helper_neon_clz_u8(tmp, tmp); break;
7062                            case 1: gen_helper_neon_clz_u16(tmp, tmp); break;
7063                            case 2: gen_helper_clz(tmp, tmp); break;
7064                            default: abort();
7065                            }
7066                            break;
7067                        case NEON_2RM_VCNT:
7068                            gen_helper_neon_cnt_u8(tmp, tmp);
7069                            break;
7070                        case NEON_2RM_VMVN:
7071                            tcg_gen_not_i32(tmp, tmp);
7072                            break;
7073                        case NEON_2RM_VQABS:
7074                            switch (size) {
7075                            case 0:
7076                                gen_helper_neon_qabs_s8(tmp, cpu_env, tmp);
7077                                break;
7078                            case 1:
7079                                gen_helper_neon_qabs_s16(tmp, cpu_env, tmp);
7080                                break;
7081                            case 2:
7082                                gen_helper_neon_qabs_s32(tmp, cpu_env, tmp);
7083                                break;
7084                            default: abort();
7085                            }
7086                            break;
7087                        case NEON_2RM_VQNEG:
7088                            switch (size) {
7089                            case 0:
7090                                gen_helper_neon_qneg_s8(tmp, cpu_env, tmp);
7091                                break;
7092                            case 1:
7093                                gen_helper_neon_qneg_s16(tmp, cpu_env, tmp);
7094                                break;
7095                            case 2:
7096                                gen_helper_neon_qneg_s32(tmp, cpu_env, tmp);
7097                                break;
7098                            default: abort();
7099                            }
7100                            break;
7101                        case NEON_2RM_VCGT0: case NEON_2RM_VCLE0:
7102                            tmp2 = tcg_const_i32(0);
7103                            switch(size) {
7104                            case 0: gen_helper_neon_cgt_s8(tmp, tmp, tmp2); break;
7105                            case 1: gen_helper_neon_cgt_s16(tmp, tmp, tmp2); break;
7106                            case 2: gen_helper_neon_cgt_s32(tmp, tmp, tmp2); break;
7107                            default: abort();
7108                            }
7109                            tcg_temp_free_i32(tmp2);
7110                            if (op == NEON_2RM_VCLE0) {
7111                                tcg_gen_not_i32(tmp, tmp);
7112                            }
7113                            break;
7114                        case NEON_2RM_VCGE0: case NEON_2RM_VCLT0:
7115                            tmp2 = tcg_const_i32(0);
7116                            switch(size) {
7117                            case 0: gen_helper_neon_cge_s8(tmp, tmp, tmp2); break;
7118                            case 1: gen_helper_neon_cge_s16(tmp, tmp, tmp2); break;
7119                            case 2: gen_helper_neon_cge_s32(tmp, tmp, tmp2); break;
7120                            default: abort();
7121                            }
7122                            tcg_temp_free_i32(tmp2);
7123                            if (op == NEON_2RM_VCLT0) {
7124                                tcg_gen_not_i32(tmp, tmp);
7125                            }
7126                            break;
7127                        case NEON_2RM_VCEQ0:
7128                            tmp2 = tcg_const_i32(0);
7129                            switch(size) {
7130                            case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
7131                            case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
7132                            case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
7133                            default: abort();
7134                            }
7135                            tcg_temp_free_i32(tmp2);
7136                            break;
7137                        case NEON_2RM_VABS:
7138                            switch(size) {
7139                            case 0: gen_helper_neon_abs_s8(tmp, tmp); break;
7140                            case 1: gen_helper_neon_abs_s16(tmp, tmp); break;
7141                            case 2: tcg_gen_abs_i32(tmp, tmp); break;
7142                            default: abort();
7143                            }
7144                            break;
7145                        case NEON_2RM_VNEG:
7146                            tmp2 = tcg_const_i32(0);
7147                            gen_neon_rsb(size, tmp, tmp2);
7148                            tcg_temp_free_i32(tmp2);
7149                            break;
7150                        case NEON_2RM_VCGT0_F:
7151                        {
7152                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7153                            tmp2 = tcg_const_i32(0);
7154                            gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
7155                            tcg_temp_free_i32(tmp2);
7156                            tcg_temp_free_ptr(fpstatus);
7157                            break;
7158                        }
7159                        case NEON_2RM_VCGE0_F:
7160                        {
7161                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7162                            tmp2 = tcg_const_i32(0);
7163                            gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
7164                            tcg_temp_free_i32(tmp2);
7165                            tcg_temp_free_ptr(fpstatus);
7166                            break;
7167                        }
7168                        case NEON_2RM_VCEQ0_F:
7169                        {
7170                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7171                            tmp2 = tcg_const_i32(0);
7172                            gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
7173                            tcg_temp_free_i32(tmp2);
7174                            tcg_temp_free_ptr(fpstatus);
7175                            break;
7176                        }
7177                        case NEON_2RM_VCLE0_F:
7178                        {
7179                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7180                            tmp2 = tcg_const_i32(0);
7181                            gen_helper_neon_cge_f32(tmp, tmp2, tmp, fpstatus);
7182                            tcg_temp_free_i32(tmp2);
7183                            tcg_temp_free_ptr(fpstatus);
7184                            break;
7185                        }
7186                        case NEON_2RM_VCLT0_F:
7187                        {
7188                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7189                            tmp2 = tcg_const_i32(0);
7190                            gen_helper_neon_cgt_f32(tmp, tmp2, tmp, fpstatus);
7191                            tcg_temp_free_i32(tmp2);
7192                            tcg_temp_free_ptr(fpstatus);
7193                            break;
7194                        }
7195                        case NEON_2RM_VABS_F:
7196                            gen_vfp_abs(0);
7197                            break;
7198                        case NEON_2RM_VNEG_F:
7199                            gen_vfp_neg(0);
7200                            break;
7201                        case NEON_2RM_VSWP:
7202                            tmp2 = neon_load_reg(rd, pass);
7203                            neon_store_reg(rm, pass, tmp2);
7204                            break;
7205                        case NEON_2RM_VTRN:
7206                            tmp2 = neon_load_reg(rd, pass);
7207                            switch (size) {
7208                            case 0: gen_neon_trn_u8(tmp, tmp2); break;
7209                            case 1: gen_neon_trn_u16(tmp, tmp2); break;
7210                            default: abort();
7211                            }
7212                            neon_store_reg(rm, pass, tmp2);
7213                            break;
7214                        case NEON_2RM_VRINTN:
7215                        case NEON_2RM_VRINTA:
7216                        case NEON_2RM_VRINTM:
7217                        case NEON_2RM_VRINTP:
7218                        case NEON_2RM_VRINTZ:
7219                        {
7220                            TCGv_i32 tcg_rmode;
7221                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7222                            int rmode;
7223
7224                            if (op == NEON_2RM_VRINTZ) {
7225                                rmode = FPROUNDING_ZERO;
7226                            } else {
7227                                rmode = fp_decode_rm[((op & 0x6) >> 1) ^ 1];
7228                            }
7229
7230                            tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
7231                            gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
7232                                                      cpu_env);
7233                            gen_helper_rints(cpu_F0s, cpu_F0s, fpstatus);
7234                            gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
7235                                                      cpu_env);
7236                            tcg_temp_free_ptr(fpstatus);
7237                            tcg_temp_free_i32(tcg_rmode);
7238                            break;
7239                        }
7240                        case NEON_2RM_VRINTX:
7241                        {
7242                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7243                            gen_helper_rints_exact(cpu_F0s, cpu_F0s, fpstatus);
7244                            tcg_temp_free_ptr(fpstatus);
7245                            break;
7246                        }
7247                        case NEON_2RM_VCVTAU:
7248                        case NEON_2RM_VCVTAS:
7249                        case NEON_2RM_VCVTNU:
7250                        case NEON_2RM_VCVTNS:
7251                        case NEON_2RM_VCVTPU:
7252                        case NEON_2RM_VCVTPS:
7253                        case NEON_2RM_VCVTMU:
7254                        case NEON_2RM_VCVTMS:
7255                        {
7256                            bool is_signed = !extract32(insn, 7, 1);
7257                            TCGv_ptr fpst = get_fpstatus_ptr(1);
7258                            TCGv_i32 tcg_rmode, tcg_shift;
7259                            int rmode = fp_decode_rm[extract32(insn, 8, 2)];
7260
7261                            tcg_shift = tcg_const_i32(0);
7262                            tcg_rmode = tcg_const_i32(arm_rmode_to_sf(rmode));
7263                            gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
7264                                                      cpu_env);
7265
7266                            if (is_signed) {
7267                                gen_helper_vfp_tosls(cpu_F0s, cpu_F0s,
7268                                                     tcg_shift, fpst);
7269                            } else {
7270                                gen_helper_vfp_touls(cpu_F0s, cpu_F0s,
7271                                                     tcg_shift, fpst);
7272                            }
7273
7274                            gen_helper_set_neon_rmode(tcg_rmode, tcg_rmode,
7275                                                      cpu_env);
7276                            tcg_temp_free_i32(tcg_rmode);
7277                            tcg_temp_free_i32(tcg_shift);
7278                            tcg_temp_free_ptr(fpst);
7279                            break;
7280                        }
7281                        case NEON_2RM_VRECPE:
7282                        {
7283                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7284                            gen_helper_recpe_u32(tmp, tmp, fpstatus);
7285                            tcg_temp_free_ptr(fpstatus);
7286                            break;
7287                        }
7288                        case NEON_2RM_VRSQRTE:
7289                        {
7290                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7291                            gen_helper_rsqrte_u32(tmp, tmp, fpstatus);
7292                            tcg_temp_free_ptr(fpstatus);
7293                            break;
7294                        }
7295                        case NEON_2RM_VRECPE_F:
7296                        {
7297                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7298                            gen_helper_recpe_f32(cpu_F0s, cpu_F0s, fpstatus);
7299                            tcg_temp_free_ptr(fpstatus);
7300                            break;
7301                        }
7302                        case NEON_2RM_VRSQRTE_F:
7303                        {
7304                            TCGv_ptr fpstatus = get_fpstatus_ptr(1);
7305                            gen_helper_rsqrte_f32(cpu_F0s, cpu_F0s, fpstatus);
7306                            tcg_temp_free_ptr(fpstatus);
7307                            break;
7308                        }
7309                        case NEON_2RM_VCVT_FS: /* VCVT.F32.S32 */
7310                            gen_vfp_sito(0, 1);
7311                            break;
7312                        case NEON_2RM_VCVT_FU: /* VCVT.F32.U32 */
7313                            gen_vfp_uito(0, 1);
7314                            break;
7315                        case NEON_2RM_VCVT_SF: /* VCVT.S32.F32 */
7316                            gen_vfp_tosiz(0, 1);
7317                            break;
7318                        case NEON_2RM_VCVT_UF: /* VCVT.U32.F32 */
7319                            gen_vfp_touiz(0, 1);
7320                            break;
7321                        default:
7322                            /* Reserved op values were caught by the
7323                             * neon_2rm_sizes[] check earlier.
7324                             */
7325                            abort();
7326                        }
7327                        if (neon_2rm_is_float_op(op)) {
7328                            tcg_gen_st_f32(cpu_F0s, cpu_env,
7329                                           neon_reg_offset(rd, pass));
7330                        } else {
7331                            neon_store_reg(rd, pass, tmp);
7332                        }
7333                    }
7334                    break;
7335                }
7336            } else if ((insn & (1 << 10)) == 0) {
7337                /* VTBL, VTBX.  */
7338                int n = ((insn >> 8) & 3) + 1;
7339                if ((rn + n) > 32) {
7340                    /* This is UNPREDICTABLE; we choose to UNDEF to avoid the
7341                     * helper function running off the end of the register file.
7342                     */
7343                    return 1;
7344                }
7345                n <<= 3;
7346                if (insn & (1 << 6)) {
7347                    tmp = neon_load_reg(rd, 0);
7348                } else {
7349                    tmp = tcg_temp_new_i32();
7350                    tcg_gen_movi_i32(tmp, 0);
7351                }
7352                tmp2 = neon_load_reg(rm, 0);
7353                tmp4 = tcg_const_i32(rn);
7354                tmp5 = tcg_const_i32(n);
7355                gen_helper_neon_tbl(tmp2, cpu_env, tmp2, tmp, tmp4, tmp5);
7356                tcg_temp_free_i32(tmp);
7357                if (insn & (1 << 6)) {
7358                    tmp = neon_load_reg(rd, 1);
7359                } else {
7360                    tmp = tcg_temp_new_i32();
7361                    tcg_gen_movi_i32(tmp, 0);
7362                }
7363                tmp3 = neon_load_reg(rm, 1);
7364                gen_helper_neon_tbl(tmp3, cpu_env, tmp3, tmp, tmp4, tmp5);
7365                tcg_temp_free_i32(tmp5);
7366                tcg_temp_free_i32(tmp4);
7367                neon_store_reg(rd, 0, tmp2);
7368                neon_store_reg(rd, 1, tmp3);
7369                tcg_temp_free_i32(tmp);
7370            } else if ((insn & 0x380) == 0) {
7371                /* VDUP */
7372                if ((insn & (7 << 16)) == 0 || (q && (rd & 1))) {
7373                    return 1;
7374                }
7375                if (insn & (1 << 19)) {
7376                    tmp = neon_load_reg(rm, 1);
7377                } else {
7378                    tmp = neon_load_reg(rm, 0);
7379                }
7380                if (insn & (1 << 16)) {
7381                    gen_neon_dup_u8(tmp, ((insn >> 17) & 3) * 8);
7382                } else if (insn & (1 << 17)) {
7383                    if ((insn >> 18) & 1)
7384                        gen_neon_dup_high16(tmp);
7385                    else
7386                        gen_neon_dup_low16(tmp);
7387                }
7388                for (pass = 0; pass < (q ? 4 : 2); pass++) {
7389                    tmp2 = tcg_temp_new_i32();
7390                    tcg_gen_mov_i32(tmp2, tmp);
7391                    neon_store_reg(rd, pass, tmp2);
7392                }
7393                tcg_temp_free_i32(tmp);
7394            } else {
7395                return 1;
7396            }
7397        }
7398    }
7399    return 0;
7400}
7401
7402static int disas_coproc_insn(DisasContext *s, uint32_t insn)
7403{
7404    int cpnum, is64, crn, crm, opc1, opc2, isread, rt, rt2;
7405    const ARMCPRegInfo *ri;
7406
7407    cpnum = (insn >> 8) & 0xf;
7408
7409    /* First check for coprocessor space used for XScale/iwMMXt insns */
7410    if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cpnum < 2)) {
7411        if (extract32(s->c15_cpar, cpnum, 1) == 0) {
7412            return 1;
7413        }
7414        if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
7415            return disas_iwmmxt_insn(s, insn);
7416        } else if (arm_dc_feature(s, ARM_FEATURE_XSCALE)) {
7417            return disas_dsp_insn(s, insn);
7418        }
7419        return 1;
7420    }
7421
7422    /* Otherwise treat as a generic register access */
7423    is64 = (insn & (1 << 25)) == 0;
7424    if (!is64 && ((insn & (1 << 4)) == 0)) {
7425        /* cdp */
7426        return 1;
7427    }
7428
7429    crm = insn & 0xf;
7430    if (is64) {
7431        crn = 0;
7432        opc1 = (insn >> 4) & 0xf;
7433        opc2 = 0;
7434        rt2 = (insn >> 16) & 0xf;
7435    } else {
7436        crn = (insn >> 16) & 0xf;
7437        opc1 = (insn >> 21) & 7;
7438        opc2 = (insn >> 5) & 7;
7439        rt2 = 0;
7440    }
7441    isread = (insn >> 20) & 1;
7442    rt = (insn >> 12) & 0xf;
7443
7444    ri = get_arm_cp_reginfo(s->cp_regs,
7445            ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2));
7446    if (ri) {
7447        /* Check access permissions */
7448        if (!cp_access_ok(s->current_el, ri, isread)) {
7449            return 1;
7450        }
7451
7452        if (ri->accessfn ||
7453            (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) {
7454            /* Emit code to perform further access permissions checks at
7455             * runtime; this may result in an exception.
7456             * Note that on XScale all cp0..c13 registers do an access check
7457             * call in order to handle c15_cpar.
7458             */
7459            TCGv_ptr tmpptr;
7460            TCGv_i32 tcg_syn, tcg_isread;
7461            uint32_t syndrome;
7462
7463            /* Note that since we are an implementation which takes an
7464             * exception on a trapped conditional instruction only if the
7465             * instruction passes its condition code check, we can take
7466             * advantage of the clause in the ARM ARM that allows us to set
7467             * the COND field in the instruction to 0xE in all cases.
7468             * We could fish the actual condition out of the insn (ARM)
7469             * or the condexec bits (Thumb) but it isn't necessary.
7470             */
7471            switch (cpnum) {
7472            case 14:
7473                if (is64) {
7474                    syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7475                                                 isread, false);
7476                } else {
7477                    syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7478                                                rt, isread, false);
7479                }
7480                break;
7481            case 15:
7482                if (is64) {
7483                    syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2,
7484                                                 isread, false);
7485                } else {
7486                    syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm,
7487                                                rt, isread, false);
7488                }
7489                break;
7490            default:
7491                /* ARMv8 defines that only coprocessors 14 and 15 exist,
7492                 * so this can only happen if this is an ARMv7 or earlier CPU,
7493                 * in which case the syndrome information won't actually be
7494                 * guest visible.
7495                 */
7496                assert(!arm_dc_feature(s, ARM_FEATURE_V8));
7497                syndrome = syn_uncategorized();
7498                break;
7499            }
7500
7501            gen_set_condexec(s);
7502            gen_set_pc_im(s, s->pc - 4);
7503            tmpptr = tcg_const_ptr(ri);
7504            tcg_syn = tcg_const_i32(syndrome);
7505            tcg_isread = tcg_const_i32(isread);
7506            gen_helper_access_check_cp_reg(cpu_env, tmpptr, tcg_syn,
7507                                           tcg_isread);
7508            tcg_temp_free_ptr(tmpptr);
7509            tcg_temp_free_i32(tcg_syn);
7510            tcg_temp_free_i32(tcg_isread);
7511        }
7512
7513        /* Handle special cases first */
7514        switch (ri->type & ~(ARM_CP_FLAG_MASK & ~ARM_CP_SPECIAL)) {
7515        case ARM_CP_NOP:
7516            return 0;
7517        case ARM_CP_WFI:
7518            if (isread) {
7519                return 1;
7520            }
7521            gen_set_pc_im(s, s->pc);
7522            s->is_jmp = DISAS_WFI;
7523            return 0;
7524        default:
7525            break;
7526        }
7527
7528        if ((s->tb->cflags & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7529            gen_io_start();
7530        }
7531
7532        if (isread) {
7533            /* Read */
7534            if (is64) {
7535                TCGv_i64 tmp64;
7536                TCGv_i32 tmp;
7537                if (ri->type & ARM_CP_CONST) {
7538                    tmp64 = tcg_const_i64(ri->resetvalue);
7539                } else if (ri->readfn) {
7540                    TCGv_ptr tmpptr;
7541                    tmp64 = tcg_temp_new_i64();
7542                    tmpptr = tcg_const_ptr(ri);
7543                    gen_helper_get_cp_reg64(tmp64, cpu_env, tmpptr);
7544                    tcg_temp_free_ptr(tmpptr);
7545                } else {
7546                    tmp64 = tcg_temp_new_i64();
7547                    tcg_gen_ld_i64(tmp64, cpu_env, ri->fieldoffset);
7548                }
7549                tmp = tcg_temp_new_i32();
7550                tcg_gen_extrl_i64_i32(tmp, tmp64);
7551                store_reg(s, rt, tmp);
7552                tcg_gen_shri_i64(tmp64, tmp64, 32);
7553                tmp = tcg_temp_new_i32();
7554                tcg_gen_extrl_i64_i32(tmp, tmp64);
7555                tcg_temp_free_i64(tmp64);
7556                store_reg(s, rt2, tmp);
7557            } else {
7558                TCGv_i32 tmp;
7559                if (ri->type & ARM_CP_CONST) {
7560                    tmp = tcg_const_i32(ri->resetvalue);
7561                } else if (ri->readfn) {
7562                    TCGv_ptr tmpptr;
7563                    tmp = tcg_temp_new_i32();
7564                    tmpptr = tcg_const_ptr(ri);
7565                    gen_helper_get_cp_reg(tmp, cpu_env, tmpptr);
7566                    tcg_temp_free_ptr(tmpptr);
7567                } else {
7568                    tmp = load_cpu_offset(ri->fieldoffset);
7569                }
7570                if (rt == 15) {
7571                    /* Destination register of r15 for 32 bit loads sets
7572                     * the condition codes from the high 4 bits of the value
7573                     */
7574                    gen_set_nzcv(tmp);
7575                    tcg_temp_free_i32(tmp);
7576                } else {
7577                    store_reg(s, rt, tmp);
7578                }
7579            }
7580        } else {
7581            /* Write */
7582            if (ri->type & ARM_CP_CONST) {
7583                /* If not forbidden by access permissions, treat as WI */
7584                return 0;
7585            }
7586
7587            if (is64) {
7588                TCGv_i32 tmplo, tmphi;
7589                TCGv_i64 tmp64 = tcg_temp_new_i64();
7590                tmplo = load_reg(s, rt);
7591                tmphi = load_reg(s, rt2);
7592                tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi);
7593                tcg_temp_free_i32(tmplo);
7594                tcg_temp_free_i32(tmphi);
7595                if (ri->writefn) {
7596                    TCGv_ptr tmpptr = tcg_const_ptr(ri);
7597                    gen_helper_set_cp_reg64(cpu_env, tmpptr, tmp64);
7598                    tcg_temp_free_ptr(tmpptr);
7599                } else {
7600                    tcg_gen_st_i64(tmp64, cpu_env, ri->fieldoffset);
7601                }
7602                tcg_temp_free_i64(tmp64);
7603            } else {
7604                if (ri->writefn) {
7605                    TCGv_i32 tmp;
7606                    TCGv_ptr tmpptr;
7607                    tmp = load_reg(s, rt);
7608                    tmpptr = tcg_const_ptr(ri);
7609                    gen_helper_set_cp_reg(cpu_env, tmpptr, tmp);
7610                    tcg_temp_free_ptr(tmpptr);
7611                    tcg_temp_free_i32(tmp);
7612                } else {
7613                    TCGv_i32 tmp = load_reg(s, rt);
7614                    store_cpu_offset(tmp, ri->fieldoffset);
7615                }
7616            }
7617        }
7618
7619        if ((s->tb->cflags & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
7620            /* I/O operations must end the TB here (whether read or write) */
7621            gen_io_end();
7622            gen_lookup_tb(s);
7623        } else if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) {
7624            /* We default to ending the TB on a coprocessor register write,
7625             * but allow this to be suppressed by the register definition
7626             * (usually only necessary to work around guest bugs).
7627             */
7628            gen_lookup_tb(s);
7629        }
7630
7631        return 0;
7632    }
7633
7634    /* Unknown register; this might be a guest error or a QEMU
7635     * unimplemented feature.
7636     */
7637    if (is64) {
7638        qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7639                      "64 bit system register cp:%d opc1: %d crm:%d "
7640                      "(%s)\n",
7641                      isread ? "read" : "write", cpnum, opc1, crm,
7642                      s->ns ? "non-secure" : "secure");
7643    } else {
7644        qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 "
7645                      "system register cp:%d opc1:%d crn:%d crm:%d opc2:%d "
7646                      "(%s)\n",
7647                      isread ? "read" : "write", cpnum, opc1, crn, crm, opc2,
7648                      s->ns ? "non-secure" : "secure");
7649    }
7650
7651    return 1;
7652}
7653
7654
7655/* Store a 64-bit value to a register pair.  Clobbers val.  */
7656static void gen_storeq_reg(DisasContext *s, int rlow, int rhigh, TCGv_i64 val)
7657{
7658    TCGv_i32 tmp;
7659    tmp = tcg_temp_new_i32();
7660    tcg_gen_extrl_i64_i32(tmp, val);
7661    store_reg(s, rlow, tmp);
7662    tmp = tcg_temp_new_i32();
7663    tcg_gen_shri_i64(val, val, 32);
7664    tcg_gen_extrl_i64_i32(tmp, val);
7665    store_reg(s, rhigh, tmp);
7666}
7667
7668/* load a 32-bit value from a register and perform a 64-bit accumulate.  */
7669static void gen_addq_lo(DisasContext *s, TCGv_i64 val, int rlow)
7670{
7671    TCGv_i64 tmp;
7672    TCGv_i32 tmp2;
7673
7674    /* Load value and extend to 64 bits.  */
7675    tmp = tcg_temp_new_i64();
7676    tmp2 = load_reg(s, rlow);
7677    tcg_gen_extu_i32_i64(tmp, tmp2);
7678    tcg_temp_free_i32(tmp2);
7679    tcg_gen_add_i64(val, val, tmp);
7680    tcg_temp_free_i64(tmp);
7681}
7682
7683/* load and add a 64-bit value from a register pair.  */
7684static void gen_addq(DisasContext *s, TCGv_i64 val, int rlow, int rhigh)
7685{
7686    TCGv_i64 tmp;
7687    TCGv_i32 tmpl;
7688    TCGv_i32 tmph;
7689
7690    /* Load 64-bit value rd:rn.  */
7691    tmpl = load_reg(s, rlow);
7692    tmph = load_reg(s, rhigh);
7693    tmp = tcg_temp_new_i64();
7694    tcg_gen_concat_i32_i64(tmp, tmpl, tmph);
7695    tcg_temp_free_i32(tmpl);
7696    tcg_temp_free_i32(tmph);
7697    tcg_gen_add_i64(val, val, tmp);
7698    tcg_temp_free_i64(tmp);
7699}
7700
7701/* Set N and Z flags from hi|lo.  */
7702static void gen_logicq_cc(TCGv_i32 lo, TCGv_i32 hi)
7703{
7704    tcg_gen_mov_i32(cpu_NF, hi);
7705    tcg_gen_or_i32(cpu_ZF, lo, hi);
7706}
7707
7708/* Load/Store exclusive instructions are implemented by remembering
7709   the value/address loaded, and seeing if these are the same
7710   when the store is performed.  This should be sufficient to implement
7711   the architecturally mandated semantics, and avoids having to monitor
7712   regular stores.  The compare vs the remembered value is done during
7713   the cmpxchg operation, but we must compare the addresses manually.  */
7714static void gen_load_exclusive(DisasContext *s, int rt, int rt2,
7715                               TCGv_i32 addr, int size)
7716{
7717    TCGv_i32 tmp = tcg_temp_new_i32();
7718    TCGMemOp opc = size | MO_ALIGN | s->be_data;
7719
7720    s->is_ldex = true;
7721
7722    if (size == 3) {
7723        TCGv_i32 tmp2 = tcg_temp_new_i32();
7724        TCGv_i64 t64 = tcg_temp_new_i64();
7725
7726        gen_aa32_ld_i64(s, t64, addr, get_mem_index(s), opc);
7727        tcg_gen_mov_i64(cpu_exclusive_val, t64);
7728        tcg_gen_extr_i64_i32(tmp, tmp2, t64);
7729        tcg_temp_free_i64(t64);
7730
7731        store_reg(s, rt2, tmp2);
7732    } else {
7733        gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), opc);
7734        tcg_gen_extu_i32_i64(cpu_exclusive_val, tmp);
7735    }
7736
7737    store_reg(s, rt, tmp);
7738    tcg_gen_extu_i32_i64(cpu_exclusive_addr, addr);
7739}
7740
7741static void gen_clrex(DisasContext *s)
7742{
7743    tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7744}
7745
7746static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
7747                                TCGv_i32 addr, int size)
7748{
7749    TCGv_i32 t0, t1, t2;
7750    TCGv_i64 extaddr;
7751    TCGv taddr;
7752    TCGLabel *done_label;
7753    TCGLabel *fail_label;
7754    TCGMemOp opc = size | MO_ALIGN | s->be_data;
7755
7756    /* if (env->exclusive_addr == addr && env->exclusive_val == [addr]) {
7757         [addr] = {Rt};
7758         {Rd} = 0;
7759       } else {
7760         {Rd} = 1;
7761       } */
7762    fail_label = gen_new_label();
7763    done_label = gen_new_label();
7764    extaddr = tcg_temp_new_i64();
7765    tcg_gen_extu_i32_i64(extaddr, addr);
7766    tcg_gen_brcond_i64(TCG_COND_NE, extaddr, cpu_exclusive_addr, fail_label);
7767    tcg_temp_free_i64(extaddr);
7768
7769    taddr = gen_aa32_addr(s, addr, opc);
7770    t0 = tcg_temp_new_i32();
7771    t1 = load_reg(s, rt);
7772    if (size == 3) {
7773        TCGv_i64 o64 = tcg_temp_new_i64();
7774        TCGv_i64 n64 = tcg_temp_new_i64();
7775
7776        t2 = load_reg(s, rt2);
7777        tcg_gen_concat_i32_i64(n64, t1, t2);
7778        tcg_temp_free_i32(t2);
7779        gen_aa32_frob64(s, n64);
7780
7781        tcg_gen_atomic_cmpxchg_i64(o64, taddr, cpu_exclusive_val, n64,
7782                                   get_mem_index(s), opc);
7783        tcg_temp_free_i64(n64);
7784
7785        gen_aa32_frob64(s, o64);
7786        tcg_gen_setcond_i64(TCG_COND_NE, o64, o64, cpu_exclusive_val);
7787        tcg_gen_extrl_i64_i32(t0, o64);
7788
7789        tcg_temp_free_i64(o64);
7790    } else {
7791        t2 = tcg_temp_new_i32();
7792        tcg_gen_extrl_i64_i32(t2, cpu_exclusive_val);
7793        tcg_gen_atomic_cmpxchg_i32(t0, taddr, t2, t1, get_mem_index(s), opc);
7794        tcg_gen_setcond_i32(TCG_COND_NE, t0, t0, t2);
7795        tcg_temp_free_i32(t2);
7796    }
7797    tcg_temp_free_i32(t1);
7798    tcg_temp_free(taddr);
7799    tcg_gen_mov_i32(cpu_R[rd], t0);
7800    tcg_temp_free_i32(t0);
7801    tcg_gen_br(done_label);
7802
7803    gen_set_label(fail_label);
7804    tcg_gen_movi_i32(cpu_R[rd], 1);
7805    gen_set_label(done_label);
7806    tcg_gen_movi_i64(cpu_exclusive_addr, -1);
7807}
7808
7809/* gen_srs:
7810 * @env: CPUARMState
7811 * @s: DisasContext
7812 * @mode: mode field from insn (which stack to store to)
7813 * @amode: addressing mode (DA/IA/DB/IB), encoded as per P,U bits in ARM insn
7814 * @writeback: true if writeback bit set
7815 *
7816 * Generate code for the SRS (Store Return State) insn.
7817 */
7818static void gen_srs(DisasContext *s,
7819                    uint32_t mode, uint32_t amode, bool writeback)
7820{
7821    int32_t offset;
7822    TCGv_i32 addr, tmp;
7823    bool undef = false;
7824
7825    /* SRS is:
7826     * - trapped to EL3 if EL3 is AArch64 and we are at Secure EL1
7827     *   and specified mode is monitor mode
7828     * - UNDEFINED in Hyp mode
7829     * - UNPREDICTABLE in User or System mode
7830     * - UNPREDICTABLE if the specified mode is:
7831     * -- not implemented
7832     * -- not a valid mode number
7833     * -- a mode that's at a higher exception level
7834     * -- Monitor, if we are Non-secure
7835     * For the UNPREDICTABLE cases we choose to UNDEF.
7836     */
7837    if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) {
7838        gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(), 3);
7839        return;
7840    }
7841
7842    if (s->current_el == 0 || s->current_el == 2) {
7843        undef = true;
7844    }
7845
7846    switch (mode) {
7847    case ARM_CPU_MODE_USR:
7848    case ARM_CPU_MODE_FIQ:
7849    case ARM_CPU_MODE_IRQ:
7850    case ARM_CPU_MODE_SVC:
7851    case ARM_CPU_MODE_ABT:
7852    case ARM_CPU_MODE_UND:
7853    case ARM_CPU_MODE_SYS:
7854        break;
7855    case ARM_CPU_MODE_HYP:
7856        if (s->current_el == 1 || !arm_dc_feature(s, ARM_FEATURE_EL2)) {
7857            undef = true;
7858        }
7859        break;
7860    case ARM_CPU_MODE_MON:
7861        /* No need to check specifically for "are we non-secure" because
7862         * we've already made EL0 UNDEF and handled the trap for S-EL1;
7863         * so if this isn't EL3 then we must be non-secure.
7864         */
7865        if (s->current_el != 3) {
7866            undef = true;
7867        }
7868        break;
7869    default:
7870        undef = true;
7871    }
7872
7873    if (undef) {
7874        gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
7875                           default_exception_el(s));
7876        return;
7877    }
7878
7879    addr = tcg_temp_new_i32();
7880    tmp = tcg_const_i32(mode);
7881    /* get_r13_banked() will raise an exception if called from System mode */
7882    gen_set_condexec(s);
7883    gen_set_pc_im(s, s->pc - 4);
7884    gen_helper_get_r13_banked(addr, cpu_env, tmp);
7885    tcg_temp_free_i32(tmp);
7886    switch (amode) {
7887    case 0: /* DA */
7888        offset = -4;
7889        break;
7890    case 1: /* IA */
7891        offset = 0;
7892        break;
7893    case 2: /* DB */
7894        offset = -8;
7895        break;
7896    case 3: /* IB */
7897        offset = 4;
7898        break;
7899    default:
7900        abort();
7901    }
7902    tcg_gen_addi_i32(addr, addr, offset);
7903    tmp = load_reg(s, 14);
7904    gen_aa32_st32(s, tmp, addr, get_mem_index(s));
7905    tcg_temp_free_i32(tmp);
7906    tmp = load_cpu_field(spsr);
7907    tcg_gen_addi_i32(addr, addr, 4);
7908    gen_aa32_st32(s, tmp, addr, get_mem_index(s));
7909    tcg_temp_free_i32(tmp);
7910    if (writeback) {
7911        switch (amode) {
7912        case 0:
7913            offset = -8;
7914            break;
7915        case 1:
7916            offset = 4;
7917            break;
7918        case 2:
7919            offset = -4;
7920            break;
7921        case 3:
7922            offset = 0;
7923            break;
7924        default:
7925            abort();
7926        }
7927        tcg_gen_addi_i32(addr, addr, offset);
7928        tmp = tcg_const_i32(mode);
7929        gen_helper_set_r13_banked(cpu_env, tmp, addr);
7930        tcg_temp_free_i32(tmp);
7931    }
7932    tcg_temp_free_i32(addr);
7933    s->is_jmp = DISAS_UPDATE;
7934}
7935
7936static void disas_arm_insn(DisasContext *s, unsigned int insn)
7937{
7938    unsigned int cond, val, op1, i, shift, rm, rs, rn, rd, sh;
7939    TCGv_i32 tmp;
7940    TCGv_i32 tmp2;
7941    TCGv_i32 tmp3;
7942    TCGv_i32 addr;
7943    TCGv_i64 tmp64;
7944
7945    /* M variants do not implement ARM mode.  */
7946    if (arm_dc_feature(s, ARM_FEATURE_M)) {
7947        goto illegal_op;
7948    }
7949    cond = insn >> 28;
7950    if (cond == 0xf){
7951        /* In ARMv3 and v4 the NV condition is UNPREDICTABLE; we
7952         * choose to UNDEF. In ARMv5 and above the space is used
7953         * for miscellaneous unconditional instructions.
7954         */
7955        ARCH(5);
7956
7957        /* Unconditional instructions.  */
7958        if (((insn >> 25) & 7) == 1) {
7959            /* NEON Data processing.  */
7960            if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
7961                goto illegal_op;
7962            }
7963
7964            if (disas_neon_data_insn(s, insn)) {
7965                goto illegal_op;
7966            }
7967            return;
7968        }
7969        if ((insn & 0x0f100000) == 0x04000000) {
7970            /* NEON load/store.  */
7971            if (!arm_dc_feature(s, ARM_FEATURE_NEON)) {
7972                goto illegal_op;
7973            }
7974
7975            if (disas_neon_ls_insn(s, insn)) {
7976                goto illegal_op;
7977            }
7978            return;
7979        }
7980        if ((insn & 0x0f000e10) == 0x0e000a00) {
7981            /* VFP.  */
7982            if (disas_vfp_insn(s, insn)) {
7983                goto illegal_op;
7984            }
7985            return;
7986        }
7987        if (((insn & 0x0f30f000) == 0x0510f000) ||
7988            ((insn & 0x0f30f010) == 0x0710f000)) {
7989            if ((insn & (1 << 22)) == 0) {
7990                /* PLDW; v7MP */
7991                if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
7992                    goto illegal_op;
7993                }
7994            }
7995            /* Otherwise PLD; v5TE+ */
7996            ARCH(5TE);
7997            return;
7998        }
7999        if (((insn & 0x0f70f000) == 0x0450f000) ||
8000            ((insn & 0x0f70f010) == 0x0650f000)) {

8001            ARCH(7);
8002            return; /* PLI; V7 */
8003        }
8004        if (((insn & 0x0f700000) == 0x04100000) ||
8005            ((insn & 0x0f700010) == 0x06100000)) {
8006            if (!arm_dc_feature(s, ARM_FEATURE_V7MP)) {
8007                goto illegal_op;
8008            }
8009            return; /* v7MP: Unallocated memory hint: must NOP */
8010        }
8011
8012        if ((insn & 0x0ffffdff) == 0x01010000) {
8013            ARCH(6);
8014            /* setend */
8015            if (((insn >> 9) & 1) != !!(s->be_data == MO_BE)) {
8016                gen_helper_setend(cpu_env);
8017                s->is_jmp = DISAS_UPDATE;
8018            }
8019            return;
8020        } else if ((insn & 0x0fffff00) == 0x057ff000) {
8021            switch ((insn >> 4) & 0xf) {
8022            case 1: /* clrex */
8023                ARCH(6K);
8024                gen_clrex(s);
8025                return;
8026            case 4: /* dsb */
8027            case 5: /* dmb */
8028                ARCH(7);
8029                tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
8030                return;
8031            case 6: /* isb */
8032                /* We need to break the TB after this insn to execute
8033                 * self-modifying code correctly and also to take
8034                 * any pending interrupts immediately.
8035                 */
8036                gen_lookup_tb(s);
8037                return;
8038            default:
8039                goto illegal_op;
8040            }
8041        } else if ((insn & 0x0e5fffe0) == 0x084d0500) {
8042            /* srs */
8043            ARCH(6);
8044            gen_srs(s, (insn & 0x1f), (insn >> 23) & 3, insn & (1 << 21));
8045            return;
8046        } else if ((insn & 0x0e50ffe0) == 0x08100a00) {
8047            /* rfe */
8048            int32_t offset;
8049            if (IS_USER(s))
8050                goto illegal_op;
8051            ARCH(6);
8052            rn = (insn >> 16) & 0xf;
8053            addr = load_reg(s, rn);
8054            i = (insn >> 23) & 3;
8055            switch (i) {
8056            case 0: offset = -4; break; /* DA */
8057            case 1: offset = 0; break; /* IA */
8058            case 2: offset = -8; break; /* DB */
8059            case 3: offset = 4; break; /* IB */
8060            default: abort();
8061            }
8062            if (offset)
8063                tcg_gen_addi_i32(addr, addr, offset);
8064            /* Load PC into tmp and CPSR into tmp2.  */
8065            tmp = tcg_temp_new_i32();
8066            gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8067            tcg_gen_addi_i32(addr, addr, 4);
8068            tmp2 = tcg_temp_new_i32();
8069            gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
8070            if (insn & (1 << 21)) {
8071                /* Base writeback.  */
8072                switch (i) {
8073                case 0: offset = -8; break;
8074                case 1: offset = 4; break;
8075                case 2: offset = -4; break;
8076                case 3: offset = 0; break;
8077                default: abort();
8078                }
8079                if (offset)
8080                    tcg_gen_addi_i32(addr, addr, offset);
8081                store_reg(s, rn, addr);
8082            } else {
8083                tcg_temp_free_i32(addr);
8084            }
8085            gen_rfe(s, tmp, tmp2);
8086            return;
8087        } else if ((insn & 0x0e000000) == 0x0a000000) {
8088            /* branch link and change to thumb (blx <offset>) */
8089            int32_t offset;
8090
8091            val = (uint32_t)s->pc;
8092            tmp = tcg_temp_new_i32();
8093            tcg_gen_movi_i32(tmp, val);
8094            store_reg(s, 14, tmp);
8095            /* Sign-extend the 24-bit offset */
8096            offset = (((int32_t)insn) << 8) >> 8;
8097            /* offset * 4 + bit24 * 2 + (thumb bit) */
8098            val += (offset << 2) | ((insn >> 23) & 2) | 1;
8099            /* pipeline offset */
8100            val += 4;
8101            /* protected by ARCH(5); above, near the start of uncond block */
8102            gen_bx_im(s, val);
8103            return;
8104        } else if ((insn & 0x0e000f00) == 0x0c000100) {
8105            if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) {
8106                /* iWMMXt register transfer.  */
8107                if (extract32(s->c15_cpar, 1, 1)) {
8108                    if (!disas_iwmmxt_insn(s, insn)) {
8109                        return;
8110                    }
8111                }
8112            }
8113        } else if ((insn & 0x0fe00000) == 0x0c400000) {
8114            /* Coprocessor double register transfer.  */
8115            ARCH(5TE);
8116        } else if ((insn & 0x0f000010) == 0x0e000010) {
8117            /* Additional coprocessor register transfer.  */
8118        } else if ((insn & 0x0ff10020) == 0x01000000) {
8119            uint32_t mask;
8120            uint32_t val;
8121            /* cps (privileged) */
8122            if (IS_USER(s))
8123                return;
8124            mask = val = 0;
8125            if (insn & (1 << 19)) {
8126                if (insn & (1 << 8))
8127                    mask |= CPSR_A;
8128                if (insn & (1 << 7))
8129                    mask |= CPSR_I;
8130                if (insn & (1 << 6))
8131                    mask |= CPSR_F;
8132                if (insn & (1 << 18))
8133                    val |= mask;
8134            }
8135            if (insn & (1 << 17)) {
8136                mask |= CPSR_M;
8137                val |= (insn & 0x1f);
8138            }
8139            if (mask) {
8140                gen_set_psr_im(s, mask, 0, val);
8141            }
8142            return;
8143        }
8144        goto illegal_op;
8145    }
8146    if (cond != 0xe) {
8147        /* if not always execute, we generate a conditional jump to
8148           next instruction */
8149        s->condlabel = gen_new_label();
8150        arm_gen_test_cc(cond ^ 1, s->condlabel);
8151        s->condjmp = 1;
8152    }
8153    if ((insn & 0x0f900000) == 0x03000000) {
8154        if ((insn & (1 << 21)) == 0) {
8155            ARCH(6T2);
8156            rd = (insn >> 12) & 0xf;
8157            val = ((insn >> 4) & 0xf000) | (insn & 0xfff);
8158            if ((insn & (1 << 22)) == 0) {
8159                /* MOVW */
8160                tmp = tcg_temp_new_i32();
8161                tcg_gen_movi_i32(tmp, val);
8162            } else {
8163                /* MOVT */
8164                tmp = load_reg(s, rd);
8165                tcg_gen_ext16u_i32(tmp, tmp);
8166                tcg_gen_ori_i32(tmp, tmp, val << 16);
8167            }
8168            store_reg(s, rd, tmp);
8169        } else {
8170            if (((insn >> 12) & 0xf) != 0xf)
8171                goto illegal_op;
8172            if (((insn >> 16) & 0xf) == 0) {
8173                gen_nop_hint(s, insn & 0xff);
8174            } else {
8175                /* CPSR = immediate */
8176                val = insn & 0xff;
8177                shift = ((insn >> 8) & 0xf) * 2;
8178                if (shift)
8179                    val = (val >> shift) | (val << (32 - shift));
8180                i = ((insn & (1 << 22)) != 0);
8181                if (gen_set_psr_im(s, msr_mask(s, (insn >> 16) & 0xf, i),
8182                                   i, val)) {
8183                    goto illegal_op;
8184                }
8185            }
8186        }
8187    } else if ((insn & 0x0f900000) == 0x01000000
8188               && (insn & 0x00000090) != 0x00000090) {
8189        /* miscellaneous instructions */
8190        op1 = (insn >> 21) & 3;
8191        sh = (insn >> 4) & 0xf;
8192        rm = insn & 0xf;
8193        switch (sh) {
8194        case 0x0: /* MSR, MRS */
8195            if (insn & (1 << 9)) {
8196                /* MSR (banked) and MRS (banked) */
8197                int sysm = extract32(insn, 16, 4) |
8198                    (extract32(insn, 8, 1) << 4);
8199                int r = extract32(insn, 22, 1);
8200
8201                if (op1 & 1) {
8202                    /* MSR (banked) */
8203                    gen_msr_banked(s, r, sysm, rm);
8204                } else {
8205                    /* MRS (banked) */
8206                    int rd = extract32(insn, 12, 4);
8207
8208                    gen_mrs_banked(s, r, sysm, rd);
8209                }
8210                break;
8211            }
8212
8213            /* MSR, MRS (for PSRs) */
8214            if (op1 & 1) {
8215                /* PSR = reg */
8216                tmp = load_reg(s, rm);
8217                i = ((op1 & 2) != 0);
8218                if (gen_set_psr(s, msr_mask(s, (insn >> 16) & 0xf, i), i, tmp))
8219                    goto illegal_op;
8220            } else {
8221                /* reg = PSR */
8222                rd = (insn >> 12) & 0xf;
8223                if (op1 & 2) {
8224                    if (IS_USER(s))
8225                        goto illegal_op;
8226                    tmp = load_cpu_field(spsr);
8227                } else {
8228                    tmp = tcg_temp_new_i32();
8229                    gen_helper_cpsr_read(tmp, cpu_env);
8230                }
8231                store_reg(s, rd, tmp);
8232            }
8233            break;
8234        case 0x1:
8235            if (op1 == 1) {
8236                /* branch/exchange thumb (bx).  */
8237                ARCH(4T);
8238                tmp = load_reg(s, rm);
8239                gen_bx(s, tmp);
8240            } else if (op1 == 3) {
8241                /* clz */
8242                ARCH(5);
8243                rd = (insn >> 12) & 0xf;
8244                tmp = load_reg(s, rm);
8245                gen_helper_clz(tmp, tmp);
8246                store_reg(s, rd, tmp);
8247            } else {
8248                goto illegal_op;
8249            }
8250            break;
8251        case 0x2:
8252            if (op1 == 1) {
8253                ARCH(5J); /* bxj */
8254                /* Trivial implementation equivalent to bx.  */
8255                tmp = load_reg(s, rm);
8256                gen_bx(s, tmp);
8257            } else {
8258                goto illegal_op;
8259            }
8260            break;
8261        case 0x3:
8262            if (op1 != 1)
8263              goto illegal_op;
8264
8265            ARCH(5);
8266            /* branch link/exchange thumb (blx) */
8267            tmp = load_reg(s, rm);
8268            tmp2 = tcg_temp_new_i32();
8269            tcg_gen_movi_i32(tmp2, s->pc);
8270            store_reg(s, 14, tmp2);
8271            gen_bx(s, tmp);
8272            break;
8273        case 0x4:
8274        {
8275            /* crc32/crc32c */
8276            uint32_t c = extract32(insn, 8, 4);
8277
8278            /* Check this CPU supports ARMv8 CRC instructions.
8279             * op1 == 3 is UNPREDICTABLE but handle as UNDEFINED.
8280             * Bits 8, 10 and 11 should be zero.
8281             */
8282            if (!arm_dc_feature(s, ARM_FEATURE_CRC) || op1 == 0x3 ||
8283                (c & 0xd) != 0) {
8284                goto illegal_op;
8285            }
8286
8287            rn = extract32(insn, 16, 4);
8288            rd = extract32(insn, 12, 4);
8289
8290            tmp = load_reg(s, rn);
8291            tmp2 = load_reg(s, rm);
8292            if (op1 == 0) {
8293                tcg_gen_andi_i32(tmp2, tmp2, 0xff);
8294            } else if (op1 == 1) {
8295                tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
8296            }
8297            tmp3 = tcg_const_i32(1 << op1);
8298            if (c & 0x2) {
8299                gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
8300            } else {
8301                gen_helper_crc32(tmp, tmp, tmp2, tmp3);
8302            }
8303            tcg_temp_free_i32(tmp2);
8304            tcg_temp_free_i32(tmp3);
8305            store_reg(s, rd, tmp);
8306            break;
8307        }
8308        case 0x5: /* saturating add/subtract */
8309            ARCH(5TE);
8310            rd = (insn >> 12) & 0xf;
8311            rn = (insn >> 16) & 0xf;
8312            tmp = load_reg(s, rm);
8313            tmp2 = load_reg(s, rn);
8314            if (op1 & 2)
8315                gen_helper_double_saturate(tmp2, cpu_env, tmp2);
8316            if (op1 & 1)
8317                gen_helper_sub_saturate(tmp, cpu_env, tmp, tmp2);
8318            else
8319                gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
8320            tcg_temp_free_i32(tmp2);
8321            store_reg(s, rd, tmp);
8322            break;
8323        case 7:
8324        {
8325            int imm16 = extract32(insn, 0, 4) | (extract32(insn, 8, 12) << 4);
8326            switch (op1) {
8327            case 0:
8328                /* HLT */
8329                gen_hlt(s, imm16);
8330                break;
8331            case 1:
8332                /* bkpt */
8333                ARCH(5);
8334                gen_exception_insn(s, 4, EXCP_BKPT,
8335                                   syn_aa32_bkpt(imm16, false),
8336                                   default_exception_el(s));
8337                break;
8338            case 2:
8339                /* Hypervisor call (v7) */
8340                ARCH(7);
8341                if (IS_USER(s)) {
8342                    goto illegal_op;
8343                }
8344                gen_hvc(s, imm16);
8345                break;
8346            case 3:
8347                /* Secure monitor call (v6+) */
8348                ARCH(6K);
8349                if (IS_USER(s)) {
8350                    goto illegal_op;
8351                }
8352                gen_smc(s);
8353                break;
8354            default:
8355                g_assert_not_reached();
8356            }
8357            break;
8358        }
8359        case 0x8: /* signed multiply */
8360        case 0xa:
8361        case 0xc:
8362        case 0xe:
8363            ARCH(5TE);
8364            rs = (insn >> 8) & 0xf;
8365            rn = (insn >> 12) & 0xf;
8366            rd = (insn >> 16) & 0xf;
8367            if (op1 == 1) {
8368                /* (32 * 16) >> 16 */
8369                tmp = load_reg(s, rm);
8370                tmp2 = load_reg(s, rs);
8371                if (sh & 4)
8372                    tcg_gen_sari_i32(tmp2, tmp2, 16);
8373                else
8374                    gen_sxth(tmp2);
8375                tmp64 = gen_muls_i64_i32(tmp, tmp2);
8376                tcg_gen_shri_i64(tmp64, tmp64, 16);
8377                tmp = tcg_temp_new_i32();
8378                tcg_gen_extrl_i64_i32(tmp, tmp64);
8379                tcg_temp_free_i64(tmp64);
8380                if ((sh & 2) == 0) {
8381                    tmp2 = load_reg(s, rn);
8382                    gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8383                    tcg_temp_free_i32(tmp2);
8384                }
8385                store_reg(s, rd, tmp);
8386            } else {
8387                /* 16 * 16 */
8388                tmp = load_reg(s, rm);
8389                tmp2 = load_reg(s, rs);
8390                gen_mulxy(tmp, tmp2, sh & 2, sh & 4);
8391                tcg_temp_free_i32(tmp2);
8392                if (op1 == 2) {
8393                    tmp64 = tcg_temp_new_i64();
8394                    tcg_gen_ext_i32_i64(tmp64, tmp);
8395                    tcg_temp_free_i32(tmp);
8396                    gen_addq(s, tmp64, rn, rd);
8397                    gen_storeq_reg(s, rn, rd, tmp64);
8398                    tcg_temp_free_i64(tmp64);
8399                } else {
8400                    if (op1 == 0) {
8401                        tmp2 = load_reg(s, rn);
8402                        gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
8403                        tcg_temp_free_i32(tmp2);
8404                    }
8405                    store_reg(s, rd, tmp);
8406                }
8407            }
8408            break;
8409        default:
8410            goto illegal_op;
8411        }
8412    } else if (((insn & 0x0e000000) == 0 &&
8413                (insn & 0x00000090) != 0x90) ||
8414               ((insn & 0x0e000000) == (1 << 25))) {
8415        int set_cc, logic_cc, shiftop;
8416
8417        op1 = (insn >> 21) & 0xf;
8418        set_cc = (insn >> 20) & 1;
8419        logic_cc = table_logic_cc[op1] & set_cc;
8420
8421        /* data processing instruction */
8422        if (insn & (1 << 25)) {
8423            /* immediate operand */
8424            val = insn & 0xff;
8425            shift = ((insn >> 8) & 0xf) * 2;
8426            if (shift) {
8427                val = (val >> shift) | (val << (32 - shift));
8428            }
8429            tmp2 = tcg_temp_new_i32();
8430            tcg_gen_movi_i32(tmp2, val);
8431            if (logic_cc && shift) {
8432                gen_set_CF_bit31(tmp2);
8433            }
8434        } else {
8435            /* register */
8436            rm = (insn) & 0xf;
8437            tmp2 = load_reg(s, rm);
8438            shiftop = (insn >> 5) & 3;
8439            if (!(insn & (1 << 4))) {
8440                shift = (insn >> 7) & 0x1f;
8441                gen_arm_shift_im(tmp2, shiftop, shift, logic_cc);
8442            } else {
8443                rs = (insn >> 8) & 0xf;
8444                tmp = load_reg(s, rs);
8445                gen_arm_shift_reg(tmp2, shiftop, tmp, logic_cc);
8446            }
8447        }
8448        if (op1 != 0x0f && op1 != 0x0d) {
8449            rn = (insn >> 16) & 0xf;
8450            tmp = load_reg(s, rn);
8451        } else {
8452            TCGV_UNUSED_I32(tmp);
8453        }
8454        rd = (insn >> 12) & 0xf;
8455        switch(op1) {
8456        case 0x00:
8457            tcg_gen_and_i32(tmp, tmp, tmp2);
8458            if (logic_cc) {
8459                gen_logic_CC(tmp);
8460            }
8461            store_reg_bx(s, rd, tmp);
8462            break;
8463        case 0x01:
8464            tcg_gen_xor_i32(tmp, tmp, tmp2);
8465            if (logic_cc) {
8466                gen_logic_CC(tmp);
8467            }
8468            store_reg_bx(s, rd, tmp);
8469            break;
8470        case 0x02:
8471            if (set_cc && rd == 15) {
8472                /* SUBS r15, ... is used for exception return.  */
8473                if (IS_USER(s)) {
8474                    goto illegal_op;
8475                }
8476                gen_sub_CC(tmp, tmp, tmp2);
8477                gen_exception_return(s, tmp);
8478            } else {
8479                if (set_cc) {
8480                    gen_sub_CC(tmp, tmp, tmp2);
8481                } else {
8482                    tcg_gen_sub_i32(tmp, tmp, tmp2);
8483                }
8484                store_reg_bx(s, rd, tmp);
8485            }
8486            break;
8487        case 0x03:
8488            if (set_cc) {
8489                gen_sub_CC(tmp, tmp2, tmp);
8490            } else {
8491                tcg_gen_sub_i32(tmp, tmp2, tmp);
8492            }
8493            store_reg_bx(s, rd, tmp);
8494            break;
8495        case 0x04:
8496            if (set_cc) {
8497                gen_add_CC(tmp, tmp, tmp2);
8498            } else {
8499                tcg_gen_add_i32(tmp, tmp, tmp2);
8500            }
8501            store_reg_bx(s, rd, tmp);
8502            break;
8503        case 0x05:
8504            if (set_cc) {
8505                gen_adc_CC(tmp, tmp, tmp2);
8506            } else {
8507                gen_add_carry(tmp, tmp, tmp2);
8508            }
8509            store_reg_bx(s, rd, tmp);
8510            break;
8511        case 0x06:
8512            if (set_cc) {
8513                gen_sbc_CC(tmp, tmp, tmp2);
8514            } else {
8515                gen_sub_carry(tmp, tmp, tmp2);
8516            }
8517            store_reg_bx(s, rd, tmp);
8518            break;
8519        case 0x07:
8520            if (set_cc) {
8521                gen_sbc_CC(tmp, tmp2, tmp);
8522            } else {
8523                gen_sub_carry(tmp, tmp2, tmp);
8524            }
8525            store_reg_bx(s, rd, tmp);
8526            break;
8527        case 0x08:
8528            if (set_cc) {
8529                tcg_gen_and_i32(tmp, tmp, tmp2);
8530                gen_logic_CC(tmp);
8531            }
8532            tcg_temp_free_i32(tmp);
8533            break;
8534        case 0x09:
8535            if (set_cc) {
8536                tcg_gen_xor_i32(tmp, tmp, tmp2);
8537                gen_logic_CC(tmp);
8538            }
8539            tcg_temp_free_i32(tmp);
8540            break;
8541        case 0x0a:
8542            if (set_cc) {
8543                gen_sub_CC(tmp, tmp, tmp2);
8544            }
8545            tcg_temp_free_i32(tmp);
8546            break;
8547        case 0x0b:
8548            if (set_cc) {
8549                gen_add_CC(tmp, tmp, tmp2);
8550            }
8551            tcg_temp_free_i32(tmp);
8552            break;
8553        case 0x0c:
8554            tcg_gen_or_i32(tmp, tmp, tmp2);
8555            if (logic_cc) {
8556                gen_logic_CC(tmp);
8557            }
8558            store_reg_bx(s, rd, tmp);
8559            break;
8560        case 0x0d:
8561            if (logic_cc && rd == 15) {
8562                /* MOVS r15, ... is used for exception return.  */
8563                if (IS_USER(s)) {
8564                    goto illegal_op;
8565                }
8566                gen_exception_return(s, tmp2);
8567            } else {
8568                if (logic_cc) {
8569                    gen_logic_CC(tmp2);
8570                }
8571                store_reg_bx(s, rd, tmp2);
8572            }
8573            break;
8574        case 0x0e:
8575            tcg_gen_andc_i32(tmp, tmp, tmp2);
8576            if (logic_cc) {
8577                gen_logic_CC(tmp);
8578            }
8579            store_reg_bx(s, rd, tmp);
8580            break;
8581        default:
8582        case 0x0f:
8583            tcg_gen_not_i32(tmp2, tmp2);
8584            if (logic_cc) {
8585                gen_logic_CC(tmp2);
8586            }
8587            store_reg_bx(s, rd, tmp2);
8588            break;
8589        }
8590        if (op1 != 0x0f && op1 != 0x0d) {
8591            tcg_temp_free_i32(tmp2);
8592        }
8593    } else {
8594        /* other instructions */
8595        op1 = (insn >> 24) & 0xf;
8596        switch(op1) {
8597        case 0x0:
8598        case 0x1:
8599            /* multiplies, extra load/stores */
8600            sh = (insn >> 5) & 3;
8601            if (sh == 0) {
8602                if (op1 == 0x0) {
8603                    rd = (insn >> 16) & 0xf;
8604                    rn = (insn >> 12) & 0xf;
8605                    rs = (insn >> 8) & 0xf;
8606                    rm = (insn) & 0xf;
8607                    op1 = (insn >> 20) & 0xf;
8608                    switch (op1) {
8609                    case 0: case 1: case 2: case 3: case 6:
8610                        /* 32 bit mul */
8611                        tmp = load_reg(s, rs);
8612                        tmp2 = load_reg(s, rm);
8613                        tcg_gen_mul_i32(tmp, tmp, tmp2);
8614                        tcg_temp_free_i32(tmp2);
8615                        if (insn & (1 << 22)) {
8616                            /* Subtract (mls) */
8617                            ARCH(6T2);
8618                            tmp2 = load_reg(s, rn);
8619                            tcg_gen_sub_i32(tmp, tmp2, tmp);
8620                            tcg_temp_free_i32(tmp2);
8621                        } else if (insn & (1 << 21)) {
8622                            /* Add */
8623                            tmp2 = load_reg(s, rn);
8624                            tcg_gen_add_i32(tmp, tmp, tmp2);
8625                            tcg_temp_free_i32(tmp2);
8626                        }
8627                        if (insn & (1 << 20))
8628                            gen_logic_CC(tmp);
8629                        store_reg(s, rd, tmp);
8630                        break;
8631                    case 4:
8632                        /* 64 bit mul double accumulate (UMAAL) */
8633                        ARCH(6);
8634                        tmp = load_reg(s, rs);
8635                        tmp2 = load_reg(s, rm);
8636                        tmp64 = gen_mulu_i64_i32(tmp, tmp2);
8637                        gen_addq_lo(s, tmp64, rn);
8638                        gen_addq_lo(s, tmp64, rd);
8639                        gen_storeq_reg(s, rn, rd, tmp64);
8640                        tcg_temp_free_i64(tmp64);
8641                        break;
8642                    case 8: case 9: case 10: case 11:
8643                    case 12: case 13: case 14: case 15:
8644                        /* 64 bit mul: UMULL, UMLAL, SMULL, SMLAL. */
8645                        tmp = load_reg(s, rs);
8646                        tmp2 = load_reg(s, rm);
8647                        if (insn & (1 << 22)) {
8648                            tcg_gen_muls2_i32(tmp, tmp2, tmp, tmp2);
8649                        } else {
8650                            tcg_gen_mulu2_i32(tmp, tmp2, tmp, tmp2);
8651                        }
8652                        if (insn & (1 << 21)) { /* mult accumulate */
8653                            TCGv_i32 al = load_reg(s, rn);
8654                            TCGv_i32 ah = load_reg(s, rd);
8655                            tcg_gen_add2_i32(tmp, tmp2, tmp, tmp2, al, ah);
8656                            tcg_temp_free_i32(al);
8657                            tcg_temp_free_i32(ah);
8658                        }
8659                        if (insn & (1 << 20)) {
8660                            gen_logicq_cc(tmp, tmp2);
8661                        }
8662                        store_reg(s, rn, tmp);
8663                        store_reg(s, rd, tmp2);
8664                        break;
8665                    default:
8666                        goto illegal_op;
8667                    }
8668                } else {
8669                    rn = (insn >> 16) & 0xf;
8670                    rd = (insn >> 12) & 0xf;
8671                    if (insn & (1 << 23)) {
8672                        /* load/store exclusive */
8673                        int op2 = (insn >> 8) & 3;
8674                        op1 = (insn >> 21) & 0x3;
8675
8676                        switch (op2) {
8677                        case 0: /* lda/stl */
8678                            if (op1 == 1) {
8679                                goto illegal_op;
8680                            }
8681                            ARCH(8);
8682                            break;
8683                        case 1: /* reserved */
8684                            goto illegal_op;
8685                        case 2: /* ldaex/stlex */
8686                            ARCH(8);
8687                            break;
8688                        case 3: /* ldrex/strex */
8689                            if (op1) {
8690                                ARCH(6K);
8691                            } else {
8692                                ARCH(6);
8693                            }
8694                            break;
8695                        }
8696
8697                        addr = tcg_temp_local_new_i32();
8698                        load_reg_var(s, addr, rn);
8699
8700                        /* Since the emulation does not have barriers,
8701                           the acquire/release semantics need no special
8702                           handling */
8703                        if (op2 == 0) {
8704                            if (insn & (1 << 20)) {
8705                                tmp = tcg_temp_new_i32();
8706                                switch (op1) {
8707                                case 0: /* lda */
8708                                    gen_aa32_ld32u(s, tmp, addr,
8709                                                   get_mem_index(s));
8710                                    break;
8711                                case 2: /* ldab */
8712                                    gen_aa32_ld8u(s, tmp, addr,
8713                                                  get_mem_index(s));
8714                                    break;
8715                                case 3: /* ldah */
8716                                    gen_aa32_ld16u(s, tmp, addr,
8717                                                   get_mem_index(s));
8718                                    break;
8719                                default:
8720                                    abort();
8721                                }
8722                                store_reg(s, rd, tmp);
8723                            } else {
8724                                rm = insn & 0xf;
8725                                tmp = load_reg(s, rm);
8726                                switch (op1) {
8727                                case 0: /* stl */
8728                                    gen_aa32_st32(s, tmp, addr,
8729                                                  get_mem_index(s));
8730                                    break;
8731                                case 2: /* stlb */
8732                                    gen_aa32_st8(s, tmp, addr,
8733                                                 get_mem_index(s));
8734                                    break;
8735                                case 3: /* stlh */
8736                                    gen_aa32_st16(s, tmp, addr,
8737                                                  get_mem_index(s));
8738                                    break;
8739                                default:
8740                                    abort();
8741                                }
8742                                tcg_temp_free_i32(tmp);
8743                            }
8744                        } else if (insn & (1 << 20)) {
8745                            switch (op1) {
8746                            case 0: /* ldrex */
8747                                gen_load_exclusive(s, rd, 15, addr, 2);
8748                                break;
8749                            case 1: /* ldrexd */
8750                                gen_load_exclusive(s, rd, rd + 1, addr, 3);
8751                                break;
8752                            case 2: /* ldrexb */
8753                                gen_load_exclusive(s, rd, 15, addr, 0);
8754                                break;
8755                            case 3: /* ldrexh */
8756                                gen_load_exclusive(s, rd, 15, addr, 1);
8757                                break;
8758                            default:
8759                                abort();
8760                            }
8761                        } else {
8762                            rm = insn & 0xf;
8763                            switch (op1) {
8764                            case 0:  /*  strex */
8765                                gen_store_exclusive(s, rd, rm, 15, addr, 2);
8766                                break;
8767                            case 1: /*  strexd */
8768                                gen_store_exclusive(s, rd, rm, rm + 1, addr, 3);
8769                                break;
8770                            case 2: /*  strexb */
8771                                gen_store_exclusive(s, rd, rm, 15, addr, 0);
8772                                break;
8773                            case 3: /* strexh */
8774                                gen_store_exclusive(s, rd, rm, 15, addr, 1);
8775                                break;
8776                            default:
8777                                abort();
8778                            }
8779                        }
8780                        tcg_temp_free_i32(addr);
8781                    } else {
8782                        TCGv taddr;
8783                        TCGMemOp opc = s->be_data;
8784
8785                        /* SWP instruction */
8786                        rm = (insn) & 0xf;
8787
8788                        if (insn & (1 << 22)) {
8789                            opc |= MO_UB;
8790                        } else {
8791                            opc |= MO_UL | MO_ALIGN;
8792                        }
8793
8794                        addr = load_reg(s, rn);
8795                        taddr = gen_aa32_addr(s, addr, opc);
8796                        tcg_temp_free_i32(addr);
8797
8798                        tmp = load_reg(s, rm);
8799                        tcg_gen_atomic_xchg_i32(tmp, taddr, tmp,
8800                                                get_mem_index(s), opc);
8801                        tcg_temp_free(taddr);
8802                        store_reg(s, rd, tmp);
8803                    }
8804                }
8805            } else {
8806                int address_offset;
8807                bool load = insn & (1 << 20);
8808                bool doubleword = false;
8809                /* Misc load/store */
8810                rn = (insn >> 16) & 0xf;
8811                rd = (insn >> 12) & 0xf;
8812
8813                if (!load && (sh & 2)) {
8814                    /* doubleword */
8815                    ARCH(5TE);
8816                    if (rd & 1) {
8817                        /* UNPREDICTABLE; we choose to UNDEF */
8818                        goto illegal_op;
8819                    }
8820                    load = (sh & 1) == 0;
8821                    doubleword = true;
8822                }
8823
8824                addr = load_reg(s, rn);
8825                if (insn & (1 << 24))
8826                    gen_add_datah_offset(s, insn, 0, addr);
8827                address_offset = 0;
8828
8829                if (doubleword) {
8830                    if (!load) {
8831                        /* store */
8832                        tmp = load_reg(s, rd);
8833                        gen_aa32_st32(s, tmp, addr, get_mem_index(s));
8834                        tcg_temp_free_i32(tmp);
8835                        tcg_gen_addi_i32(addr, addr, 4);
8836                        tmp = load_reg(s, rd + 1);
8837                        gen_aa32_st32(s, tmp, addr, get_mem_index(s));
8838                        tcg_temp_free_i32(tmp);
8839                    } else {
8840                        /* load */
8841                        tmp = tcg_temp_new_i32();
8842                        gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8843                        store_reg(s, rd, tmp);
8844                        tcg_gen_addi_i32(addr, addr, 4);
8845                        tmp = tcg_temp_new_i32();
8846                        gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
8847                        rd++;
8848                    }
8849                    address_offset = -4;
8850                } else if (load) {
8851                    /* load */
8852                    tmp = tcg_temp_new_i32();
8853                    switch (sh) {
8854                    case 1:
8855                        gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
8856                        break;
8857                    case 2:
8858                        gen_aa32_ld8s(s, tmp, addr, get_mem_index(s));
8859                        break;
8860                    default:
8861                    case 3:
8862                        gen_aa32_ld16s(s, tmp, addr, get_mem_index(s));
8863                        break;
8864                    }
8865                } else {
8866                    /* store */
8867                    tmp = load_reg(s, rd);
8868                    gen_aa32_st16(s, tmp, addr, get_mem_index(s));
8869                    tcg_temp_free_i32(tmp);
8870                }
8871                /* Perform base writeback before the loaded value to
8872                   ensure correct behavior with overlapping index registers.
8873                   ldrd with base writeback is undefined if the
8874                   destination and index registers overlap.  */
8875                if (!(insn & (1 << 24))) {
8876                    gen_add_datah_offset(s, insn, address_offset, addr);
8877                    store_reg(s, rn, addr);
8878                } else if (insn & (1 << 21)) {
8879                    if (address_offset)
8880                        tcg_gen_addi_i32(addr, addr, address_offset);
8881                    store_reg(s, rn, addr);
8882                } else {
8883                    tcg_temp_free_i32(addr);
8884                }
8885                if (load) {
8886                    /* Complete the load.  */
8887                    store_reg(s, rd, tmp);
8888                }
8889            }
8890            break;
8891        case 0x4:
8892        case 0x5:
8893            goto do_ldst;
8894        case 0x6:
8895        case 0x7:
8896            if (insn & (1 << 4)) {
8897                ARCH(6);
8898                /* Armv6 Media instructions.  */
8899                rm = insn & 0xf;
8900                rn = (insn >> 16) & 0xf;
8901                rd = (insn >> 12) & 0xf;
8902                rs = (insn >> 8) & 0xf;
8903                switch ((insn >> 23) & 3) {
8904                case 0: /* Parallel add/subtract.  */
8905                    op1 = (insn >> 20) & 7;
8906                    tmp = load_reg(s, rn);
8907                    tmp2 = load_reg(s, rm);
8908                    sh = (insn >> 5) & 7;
8909                    if ((op1 & 3) == 0 || sh == 5 || sh == 6)
8910                        goto illegal_op;
8911                    gen_arm_parallel_addsub(op1, sh, tmp, tmp2);
8912                    tcg_temp_free_i32(tmp2);
8913                    store_reg(s, rd, tmp);
8914                    break;
8915                case 1:
8916                    if ((insn & 0x00700020) == 0) {
8917                        /* Halfword pack.  */
8918                        tmp = load_reg(s, rn);
8919                        tmp2 = load_reg(s, rm);
8920                        shift = (insn >> 7) & 0x1f;
8921                        if (insn & (1 << 6)) {
8922                            /* pkhtb */
8923                            if (shift == 0)
8924                                shift = 31;
8925                            tcg_gen_sari_i32(tmp2, tmp2, shift);
8926                            tcg_gen_andi_i32(tmp, tmp, 0xffff0000);
8927                            tcg_gen_ext16u_i32(tmp2, tmp2);
8928                        } else {
8929                            /* pkhbt */
8930                            if (shift)
8931                                tcg_gen_shli_i32(tmp2, tmp2, shift);
8932                            tcg_gen_ext16u_i32(tmp, tmp);
8933                            tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
8934                        }
8935                        tcg_gen_or_i32(tmp, tmp, tmp2);
8936                        tcg_temp_free_i32(tmp2);
8937                        store_reg(s, rd, tmp);
8938                    } else if ((insn & 0x00200020) == 0x00200000) {
8939                        /* [us]sat */
8940                        tmp = load_reg(s, rm);
8941                        shift = (insn >> 7) & 0x1f;
8942                        if (insn & (1 << 6)) {
8943                            if (shift == 0)
8944                                shift = 31;
8945                            tcg_gen_sari_i32(tmp, tmp, shift);
8946                        } else {
8947                            tcg_gen_shli_i32(tmp, tmp, shift);
8948                        }
8949                        sh = (insn >> 16) & 0x1f;
8950                        tmp2 = tcg_const_i32(sh);
8951                        if (insn & (1 << 22))
8952                          gen_helper_usat(tmp, cpu_env, tmp, tmp2);
8953                        else
8954                          gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
8955                        tcg_temp_free_i32(tmp2);
8956                        store_reg(s, rd, tmp);
8957                    } else if ((insn & 0x00300fe0) == 0x00200f20) {
8958                        /* [us]sat16 */
8959                        tmp = load_reg(s, rm);
8960                        sh = (insn >> 16) & 0x1f;
8961                        tmp2 = tcg_const_i32(sh);
8962                        if (insn & (1 << 22))
8963                          gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
8964                        else
8965                          gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
8966                        tcg_temp_free_i32(tmp2);
8967                        store_reg(s, rd, tmp);
8968                    } else if ((insn & 0x00700fe0) == 0x00000fa0) {
8969                        /* Select bytes.  */
8970                        tmp = load_reg(s, rn);
8971                        tmp2 = load_reg(s, rm);
8972                        tmp3 = tcg_temp_new_i32();
8973                        tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
8974                        gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
8975                        tcg_temp_free_i32(tmp3);
8976                        tcg_temp_free_i32(tmp2);
8977                        store_reg(s, rd, tmp);
8978                    } else if ((insn & 0x000003e0) == 0x00000060) {
8979                        tmp = load_reg(s, rm);
8980                        shift = (insn >> 10) & 3;
8981                        /* ??? In many cases it's not necessary to do a
8982                           rotate, a shift is sufficient.  */
8983                        if (shift != 0)
8984                            tcg_gen_rotri_i32(tmp, tmp, shift * 8);
8985                        op1 = (insn >> 20) & 7;
8986                        switch (op1) {
8987                        case 0: gen_sxtb16(tmp);  break;
8988                        case 2: gen_sxtb(tmp);    break;
8989                        case 3: gen_sxth(tmp);    break;
8990                        case 4: gen_uxtb16(tmp);  break;
8991                        case 6: gen_uxtb(tmp);    break;
8992                        case 7: gen_uxth(tmp);    break;
8993                        default: goto illegal_op;
8994                        }
8995                        if (rn != 15) {
8996                            tmp2 = load_reg(s, rn);
8997                            if ((op1 & 3) == 0) {
8998                                gen_add16(tmp, tmp2);
8999                            } else {
9000                                tcg_gen_add_i32(tmp, tmp, tmp2);

9001                                tcg_temp_free_i32(tmp2);
9002                            }
9003                        }
9004                        store_reg(s, rd, tmp);
9005                    } else if ((insn & 0x003f0f60) == 0x003f0f20) {
9006                        /* rev */
9007                        tmp = load_reg(s, rm);
9008                        if (insn & (1 << 22)) {
9009                            if (insn & (1 << 7)) {
9010                                gen_revsh(tmp);
9011                            } else {
9012                                ARCH(6T2);
9013                                gen_helper_rbit(tmp, tmp);
9014                            }
9015                        } else {
9016                            if (insn & (1 << 7))
9017                                gen_rev16(tmp);
9018                            else
9019                                tcg_gen_bswap32_i32(tmp, tmp);
9020                        }
9021                        store_reg(s, rd, tmp);
9022                    } else {
9023                        goto illegal_op;
9024                    }
9025                    break;
9026                case 2: /* Multiplies (Type 3).  */
9027                    switch ((insn >> 20) & 0x7) {
9028                    case 5:
9029                        if (((insn >> 6) ^ (insn >> 7)) & 1) {
9030                            /* op2 not 00x or 11x : UNDEF */
9031                            goto illegal_op;
9032                        }
9033                        /* Signed multiply most significant [accumulate].
9034                           (SMMUL, SMMLA, SMMLS) */
9035                        tmp = load_reg(s, rm);
9036                        tmp2 = load_reg(s, rs);
9037                        tmp64 = gen_muls_i64_i32(tmp, tmp2);
9038
9039                        if (rd != 15) {
9040                            tmp = load_reg(s, rd);
9041                            if (insn & (1 << 6)) {
9042                                tmp64 = gen_subq_msw(tmp64, tmp);
9043                            } else {
9044                                tmp64 = gen_addq_msw(tmp64, tmp);
9045                            }
9046                        }
9047                        if (insn & (1 << 5)) {
9048                            tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
9049                        }
9050                        tcg_gen_shri_i64(tmp64, tmp64, 32);
9051                        tmp = tcg_temp_new_i32();
9052                        tcg_gen_extrl_i64_i32(tmp, tmp64);
9053                        tcg_temp_free_i64(tmp64);
9054                        store_reg(s, rn, tmp);
9055                        break;
9056                    case 0:
9057                    case 4:
9058                        /* SMLAD, SMUAD, SMLSD, SMUSD, SMLALD, SMLSLD */
9059                        if (insn & (1 << 7)) {
9060                            goto illegal_op;
9061                        }
9062                        tmp = load_reg(s, rm);
9063                        tmp2 = load_reg(s, rs);
9064                        if (insn & (1 << 5))
9065                            gen_swap_half(tmp2);
9066                        gen_smul_dual(tmp, tmp2);
9067                        if (insn & (1 << 22)) {
9068                            /* smlald, smlsld */
9069                            TCGv_i64 tmp64_2;
9070
9071                            tmp64 = tcg_temp_new_i64();
9072                            tmp64_2 = tcg_temp_new_i64();
9073                            tcg_gen_ext_i32_i64(tmp64, tmp);
9074                            tcg_gen_ext_i32_i64(tmp64_2, tmp2);
9075                            tcg_temp_free_i32(tmp);
9076                            tcg_temp_free_i32(tmp2);
9077                            if (insn & (1 << 6)) {
9078                                tcg_gen_sub_i64(tmp64, tmp64, tmp64_2);
9079                            } else {
9080                                tcg_gen_add_i64(tmp64, tmp64, tmp64_2);
9081                            }
9082                            tcg_temp_free_i64(tmp64_2);
9083                            gen_addq(s, tmp64, rd, rn);
9084                            gen_storeq_reg(s, rd, rn, tmp64);
9085                            tcg_temp_free_i64(tmp64);
9086                        } else {
9087                            /* smuad, smusd, smlad, smlsd */
9088                            if (insn & (1 << 6)) {
9089                                /* This subtraction cannot overflow. */
9090                                tcg_gen_sub_i32(tmp, tmp, tmp2);
9091                            } else {
9092                                /* This addition cannot overflow 32 bits;
9093                                 * however it may overflow considered as a
9094                                 * signed operation, in which case we must set
9095                                 * the Q flag.
9096                                 */
9097                                gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9098                            }
9099                            tcg_temp_free_i32(tmp2);
9100                            if (rd != 15)
9101                              {
9102                                tmp2 = load_reg(s, rd);
9103                                gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
9104                                tcg_temp_free_i32(tmp2);
9105                              }
9106                            store_reg(s, rn, tmp);
9107                        }
9108                        break;
9109                    case 1:
9110                    case 3:
9111                        /* SDIV, UDIV */
9112                        if (!arm_dc_feature(s, ARM_FEATURE_ARM_DIV)) {
9113                            goto illegal_op;
9114                        }
9115                        if (((insn >> 5) & 7) || (rd != 15)) {
9116                            goto illegal_op;
9117                        }
9118                        tmp = load_reg(s, rm);
9119                        tmp2 = load_reg(s, rs);
9120                        if (insn & (1 << 21)) {
9121                            gen_helper_udiv(tmp, tmp, tmp2);
9122                        } else {
9123                            gen_helper_sdiv(tmp, tmp, tmp2);
9124                        }
9125                        tcg_temp_free_i32(tmp2);
9126                        store_reg(s, rn, tmp);
9127                        break;
9128                    default:
9129                        goto illegal_op;
9130                    }
9131                    break;
9132                case 3:
9133                    op1 = ((insn >> 17) & 0x38) | ((insn >> 5) & 7);
9134                    switch (op1) {
9135                    case 0: /* Unsigned sum of absolute differences.  */
9136                        ARCH(6);
9137                        tmp = load_reg(s, rm);
9138                        tmp2 = load_reg(s, rs);
9139                        gen_helper_usad8(tmp, tmp, tmp2);
9140                        tcg_temp_free_i32(tmp2);
9141                        if (rd != 15) {
9142                            tmp2 = load_reg(s, rd);
9143                            tcg_gen_add_i32(tmp, tmp, tmp2);
9144                            tcg_temp_free_i32(tmp2);
9145                        }
9146                        store_reg(s, rn, tmp);
9147                        break;
9148                    case 0x20: case 0x24: case 0x28: case 0x2c:
9149                        /* Bitfield insert/clear.  */
9150                        ARCH(6T2);
9151                        shift = (insn >> 7) & 0x1f;
9152                        i = (insn >> 16) & 0x1f;
9153                        if (i < shift) {
9154                            /* UNPREDICTABLE; we choose to UNDEF */
9155                            goto illegal_op;
9156                        }
9157                        i = i + 1 - shift;
9158                        if (rm == 15) {
9159                            tmp = tcg_temp_new_i32();
9160                            tcg_gen_movi_i32(tmp, 0);
9161                        } else {
9162                            tmp = load_reg(s, rm);
9163                        }
9164                        if (i != 32) {
9165                            tmp2 = load_reg(s, rd);
9166                            tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, i);
9167                            tcg_temp_free_i32(tmp2);
9168                        }
9169                        store_reg(s, rd, tmp);
9170                        break;
9171                    case 0x12: case 0x16: case 0x1a: case 0x1e: /* sbfx */
9172                    case 0x32: case 0x36: case 0x3a: case 0x3e: /* ubfx */
9173                        ARCH(6T2);
9174                        tmp = load_reg(s, rm);
9175                        shift = (insn >> 7) & 0x1f;
9176                        i = ((insn >> 16) & 0x1f) + 1;
9177                        if (shift + i > 32)
9178                            goto illegal_op;
9179                        if (i < 32) {
9180                            if (op1 & 0x20) {
9181                                gen_ubfx(tmp, shift, (1u << i) - 1);
9182                            } else {
9183                                gen_sbfx(tmp, shift, i);
9184                            }
9185                        }
9186                        store_reg(s, rd, tmp);
9187                        break;
9188                    default:
9189                        goto illegal_op;
9190                    }
9191                    break;
9192                }
9193                break;
9194            }
9195        do_ldst:
9196            /* Check for undefined extension instructions
9197             * per the ARM Bible IE:
9198             * xxxx 0111 1111 xxxx  xxxx xxxx 1111 xxxx
9199             */
9200            sh = (0xf << 20) | (0xf << 4);
9201            if (op1 == 0x7 && ((insn & sh) == sh))
9202            {
9203                goto illegal_op;
9204            }
9205            /* load/store byte/word */
9206            rn = (insn >> 16) & 0xf;
9207            rd = (insn >> 12) & 0xf;
9208            tmp2 = load_reg(s, rn);
9209            if ((insn & 0x01200000) == 0x00200000) {
9210                /* ldrt/strt */
9211                i = get_a32_user_mem_index(s);
9212            } else {
9213                i = get_mem_index(s);
9214            }
9215            if (insn & (1 << 24))
9216                gen_add_data_offset(s, insn, tmp2);
9217            if (insn & (1 << 20)) {
9218                /* load */
9219                tmp = tcg_temp_new_i32();
9220                if (insn & (1 << 22)) {
9221                    gen_aa32_ld8u(s, tmp, tmp2, i);
9222                } else {
9223                    gen_aa32_ld32u(s, tmp, tmp2, i);
9224                }
9225            } else {
9226                /* store */
9227                tmp = load_reg(s, rd);
9228                if (insn & (1 << 22)) {
9229                    gen_aa32_st8(s, tmp, tmp2, i);
9230                } else {
9231                    gen_aa32_st32(s, tmp, tmp2, i);
9232                }
9233                tcg_temp_free_i32(tmp);
9234            }
9235            if (!(insn & (1 << 24))) {
9236                gen_add_data_offset(s, insn, tmp2);
9237                store_reg(s, rn, tmp2);
9238            } else if (insn & (1 << 21)) {
9239                store_reg(s, rn, tmp2);
9240            } else {
9241                tcg_temp_free_i32(tmp2);
9242            }
9243            if (insn & (1 << 20)) {
9244                /* Complete the load.  */
9245                store_reg_from_load(s, rd, tmp);
9246            }
9247            break;
9248        case 0x08:
9249        case 0x09:
9250            {
9251                int j, n, loaded_base;
9252                bool exc_return = false;
9253                bool is_load = extract32(insn, 20, 1);
9254                bool user = false;
9255                TCGv_i32 loaded_var;
9256                /* load/store multiple words */
9257                /* XXX: store correct base if write back */
9258                if (insn & (1 << 22)) {
9259                    /* LDM (user), LDM (exception return) and STM (user) */
9260                    if (IS_USER(s))
9261                        goto illegal_op; /* only usable in supervisor mode */
9262
9263                    if (is_load && extract32(insn, 15, 1)) {
9264                        exc_return = true;
9265                    } else {
9266                        user = true;
9267                    }
9268                }
9269                rn = (insn >> 16) & 0xf;
9270                addr = load_reg(s, rn);
9271
9272                /* compute total size */
9273                loaded_base = 0;
9274                TCGV_UNUSED_I32(loaded_var);
9275                n = 0;
9276                for(i=0;i<16;i++) {
9277                    if (insn & (1 << i))
9278                        n++;
9279                }
9280                /* XXX: test invalid n == 0 case ? */
9281                if (insn & (1 << 23)) {
9282                    if (insn & (1 << 24)) {
9283                        /* pre increment */
9284                        tcg_gen_addi_i32(addr, addr, 4);
9285                    } else {
9286                        /* post increment */
9287                    }
9288                } else {
9289                    if (insn & (1 << 24)) {
9290                        /* pre decrement */
9291                        tcg_gen_addi_i32(addr, addr, -(n * 4));
9292                    } else {
9293                        /* post decrement */
9294                        if (n != 1)
9295                        tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9296                    }
9297                }
9298                j = 0;
9299                for(i=0;i<16;i++) {
9300                    if (insn & (1 << i)) {
9301                        if (is_load) {
9302                            /* load */
9303                            tmp = tcg_temp_new_i32();
9304                            gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9305                            if (user) {
9306                                tmp2 = tcg_const_i32(i);
9307                                gen_helper_set_user_reg(cpu_env, tmp2, tmp);
9308                                tcg_temp_free_i32(tmp2);
9309                                tcg_temp_free_i32(tmp);
9310                            } else if (i == rn) {
9311                                loaded_var = tmp;
9312                                loaded_base = 1;
9313                            } else if (rn == 15 && exc_return) {
9314                                store_pc_exc_ret(s, tmp);
9315                            } else {
9316                                store_reg_from_load(s, i, tmp);
9317                            }
9318                        } else {
9319                            /* store */
9320                            if (i == 15) {
9321                                /* special case: r15 = PC + 8 */
9322                                val = (long)s->pc + 4;
9323                                tmp = tcg_temp_new_i32();
9324                                tcg_gen_movi_i32(tmp, val);
9325                            } else if (user) {
9326                                tmp = tcg_temp_new_i32();
9327                                tmp2 = tcg_const_i32(i);
9328                                gen_helper_get_user_reg(tmp, cpu_env, tmp2);
9329                                tcg_temp_free_i32(tmp2);
9330                            } else {
9331                                tmp = load_reg(s, i);
9332                            }
9333                            gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9334                            tcg_temp_free_i32(tmp);
9335                        }
9336                        j++;
9337                        /* no need to add after the last transfer */
9338                        if (j != n)
9339                            tcg_gen_addi_i32(addr, addr, 4);
9340                    }
9341                }
9342                if (insn & (1 << 21)) {
9343                    /* write back */
9344                    if (insn & (1 << 23)) {
9345                        if (insn & (1 << 24)) {
9346                            /* pre increment */
9347                        } else {
9348                            /* post increment */
9349                            tcg_gen_addi_i32(addr, addr, 4);
9350                        }
9351                    } else {
9352                        if (insn & (1 << 24)) {
9353                            /* pre decrement */
9354                            if (n != 1)
9355                                tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
9356                        } else {
9357                            /* post decrement */
9358                            tcg_gen_addi_i32(addr, addr, -(n * 4));
9359                        }
9360                    }
9361                    store_reg(s, rn, addr);
9362                } else {
9363                    tcg_temp_free_i32(addr);
9364                }
9365                if (loaded_base) {
9366                    store_reg(s, rn, loaded_var);
9367                }
9368                if (exc_return) {
9369                    /* Restore CPSR from SPSR.  */
9370                    tmp = load_cpu_field(spsr);
9371                    gen_helper_cpsr_write_eret(cpu_env, tmp);
9372                    tcg_temp_free_i32(tmp);
9373                    s->is_jmp = DISAS_JUMP;
9374                }
9375            }
9376            break;
9377        case 0xa:
9378        case 0xb:
9379            {
9380                int32_t offset;
9381
9382                /* branch (and link) */
9383                val = (int32_t)s->pc;
9384                if (insn & (1 << 24)) {
9385                    tmp = tcg_temp_new_i32();
9386                    tcg_gen_movi_i32(tmp, val);
9387                    store_reg(s, 14, tmp);
9388                }
9389                offset = sextract32(insn << 2, 0, 26);
9390                val += offset + 4;
9391                gen_jmp(s, val);
9392            }
9393            break;
9394        case 0xc:
9395        case 0xd:
9396        case 0xe:
9397            if (((insn >> 8) & 0xe) == 10) {
9398                /* VFP.  */
9399                if (disas_vfp_insn(s, insn)) {
9400                    goto illegal_op;
9401                }
9402            } else if (disas_coproc_insn(s, insn)) {
9403                /* Coprocessor.  */
9404                goto illegal_op;
9405            }
9406            break;
9407        case 0xf:
9408            /* swi */
9409            gen_set_pc_im(s, s->pc);
9410            s->svc_imm = extract32(insn, 0, 24);
9411            s->is_jmp = DISAS_SWI;
9412            break;
9413        default:
9414        illegal_op:
9415            gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
9416                               default_exception_el(s));
9417            break;
9418        }
9419    }
9420}
9421
9422/* Return true if this is a Thumb-2 logical op.  */
9423static int
9424thumb2_logic_op(int op)
9425{
9426    return (op < 8);
9427}
9428
9429/* Generate code for a Thumb-2 data processing operation.  If CONDS is nonzero
9430   then set condition code flags based on the result of the operation.
9431   If SHIFTER_OUT is nonzero then set the carry flag for logical operations
9432   to the high bit of T1.
9433   Returns zero if the opcode is valid.  */
9434
9435static int
9436gen_thumb2_data_op(DisasContext *s, int op, int conds, uint32_t shifter_out,
9437                   TCGv_i32 t0, TCGv_i32 t1)
9438{
9439    int logic_cc;
9440
9441    logic_cc = 0;
9442    switch (op) {
9443    case 0: /* and */
9444        tcg_gen_and_i32(t0, t0, t1);
9445        logic_cc = conds;
9446        break;
9447    case 1: /* bic */
9448        tcg_gen_andc_i32(t0, t0, t1);
9449        logic_cc = conds;
9450        break;
9451    case 2: /* orr */
9452        tcg_gen_or_i32(t0, t0, t1);
9453        logic_cc = conds;
9454        break;
9455    case 3: /* orn */
9456        tcg_gen_orc_i32(t0, t0, t1);
9457        logic_cc = conds;
9458        break;
9459    case 4: /* eor */
9460        tcg_gen_xor_i32(t0, t0, t1);
9461        logic_cc = conds;
9462        break;
9463    case 8: /* add */
9464        if (conds)
9465            gen_add_CC(t0, t0, t1);
9466        else
9467            tcg_gen_add_i32(t0, t0, t1);
9468        break;
9469    case 10: /* adc */
9470        if (conds)
9471            gen_adc_CC(t0, t0, t1);
9472        else
9473            gen_adc(t0, t1);
9474        break;
9475    case 11: /* sbc */
9476        if (conds) {
9477            gen_sbc_CC(t0, t0, t1);
9478        } else {
9479            gen_sub_carry(t0, t0, t1);
9480        }
9481        break;
9482    case 13: /* sub */
9483        if (conds)
9484            gen_sub_CC(t0, t0, t1);
9485        else
9486            tcg_gen_sub_i32(t0, t0, t1);
9487        break;
9488    case 14: /* rsb */
9489        if (conds)
9490            gen_sub_CC(t0, t1, t0);
9491        else
9492            tcg_gen_sub_i32(t0, t1, t0);
9493        break;
9494    default: /* 5, 6, 7, 9, 12, 15. */
9495        return 1;
9496    }
9497    if (logic_cc) {
9498        gen_logic_CC(t0);
9499        if (shifter_out)
9500            gen_set_CF_bit31(t1);
9501    }
9502    return 0;
9503}
9504
9505/* Translate a 32-bit thumb instruction.  Returns nonzero if the instruction
9506   is not legal.  */
9507static int disas_thumb2_insn(CPUARMState *env, DisasContext *s, uint16_t insn_hw1)
9508{
9509    uint32_t insn, imm, shift, offset;
9510    uint32_t rd, rn, rm, rs;
9511    TCGv_i32 tmp;
9512    TCGv_i32 tmp2;
9513    TCGv_i32 tmp3;
9514    TCGv_i32 addr;
9515    TCGv_i64 tmp64;
9516    int op;
9517    int shiftop;
9518    int conds;
9519    int logic_cc;
9520
9521    if (!(arm_dc_feature(s, ARM_FEATURE_THUMB2)
9522          || arm_dc_feature(s, ARM_FEATURE_M))) {
9523        /* Thumb-1 cores may need to treat bl and blx as a pair of
9524           16-bit instructions to get correct prefetch abort behavior.  */
9525        insn = insn_hw1;
9526        if ((insn & (1 << 12)) == 0) {
9527            ARCH(5);
9528            /* Second half of blx.  */
9529            offset = ((insn & 0x7ff) << 1);
9530            tmp = load_reg(s, 14);
9531            tcg_gen_addi_i32(tmp, tmp, offset);
9532            tcg_gen_andi_i32(tmp, tmp, 0xfffffffc);
9533
9534            tmp2 = tcg_temp_new_i32();
9535            tcg_gen_movi_i32(tmp2, s->pc | 1);
9536            store_reg(s, 14, tmp2);
9537            gen_bx(s, tmp);
9538            return 0;
9539        }
9540        if (insn & (1 << 11)) {
9541            /* Second half of bl.  */
9542            offset = ((insn & 0x7ff) << 1) | 1;
9543            tmp = load_reg(s, 14);
9544            tcg_gen_addi_i32(tmp, tmp, offset);
9545
9546            tmp2 = tcg_temp_new_i32();
9547            tcg_gen_movi_i32(tmp2, s->pc | 1);
9548            store_reg(s, 14, tmp2);
9549            gen_bx(s, tmp);
9550            return 0;
9551        }
9552        if ((s->pc & ~TARGET_PAGE_MASK) == 0) {
9553            /* Instruction spans a page boundary.  Implement it as two
9554               16-bit instructions in case the second half causes an
9555               prefetch abort.  */
9556            offset = ((int32_t)insn << 21) >> 9;
9557            tcg_gen_movi_i32(cpu_R[14], s->pc + 2 + offset);
9558            return 0;
9559        }
9560        /* Fall through to 32-bit decode.  */
9561    }
9562
9563    insn = arm_lduw_code(env, s->pc, s->sctlr_b);
9564    s->pc += 2;
9565    insn |= (uint32_t)insn_hw1 << 16;
9566
9567    if ((insn & 0xf800e800) != 0xf000e800) {
9568        ARCH(6T2);
9569    }
9570
9571    rn = (insn >> 16) & 0xf;
9572    rs = (insn >> 12) & 0xf;
9573    rd = (insn >> 8) & 0xf;
9574    rm = insn & 0xf;
9575    switch ((insn >> 25) & 0xf) {
9576    case 0: case 1: case 2: case 3:
9577        /* 16-bit instructions.  Should never happen.  */
9578        abort();
9579    case 4:
9580        if (insn & (1 << 22)) {
9581            /* Other load/store, table branch.  */
9582            if (insn & 0x01200000) {
9583                /* Load/store doubleword.  */
9584                if (rn == 15) {
9585                    addr = tcg_temp_new_i32();
9586                    tcg_gen_movi_i32(addr, s->pc & ~3);
9587                } else {
9588                    addr = load_reg(s, rn);
9589                }
9590                offset = (insn & 0xff) * 4;
9591                if ((insn & (1 << 23)) == 0)
9592                    offset = -offset;
9593                if (insn & (1 << 24)) {
9594                    tcg_gen_addi_i32(addr, addr, offset);
9595                    offset = 0;
9596                }
9597                if (insn & (1 << 20)) {
9598                    /* ldrd */
9599                    tmp = tcg_temp_new_i32();
9600                    gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9601                    store_reg(s, rs, tmp);
9602                    tcg_gen_addi_i32(addr, addr, 4);
9603                    tmp = tcg_temp_new_i32();
9604                    gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9605                    store_reg(s, rd, tmp);
9606                } else {
9607                    /* strd */
9608                    tmp = load_reg(s, rs);
9609                    gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9610                    tcg_temp_free_i32(tmp);
9611                    tcg_gen_addi_i32(addr, addr, 4);
9612                    tmp = load_reg(s, rd);
9613                    gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9614                    tcg_temp_free_i32(tmp);
9615                }
9616                if (insn & (1 << 21)) {
9617                    /* Base writeback.  */
9618                    if (rn == 15)
9619                        goto illegal_op;
9620                    tcg_gen_addi_i32(addr, addr, offset - 4);
9621                    store_reg(s, rn, addr);
9622                } else {
9623                    tcg_temp_free_i32(addr);
9624                }
9625            } else if ((insn & (1 << 23)) == 0) {
9626                /* Load/store exclusive word.  */
9627                addr = tcg_temp_local_new_i32();
9628                load_reg_var(s, addr, rn);
9629                tcg_gen_addi_i32(addr, addr, (insn & 0xff) << 2);
9630                if (insn & (1 << 20)) {
9631                    gen_load_exclusive(s, rs, 15, addr, 2);
9632                } else {
9633                    gen_store_exclusive(s, rd, rs, 15, addr, 2);
9634                }
9635                tcg_temp_free_i32(addr);
9636            } else if ((insn & (7 << 5)) == 0) {
9637                /* Table Branch.  */
9638                if (rn == 15) {
9639                    addr = tcg_temp_new_i32();
9640                    tcg_gen_movi_i32(addr, s->pc);
9641                } else {
9642                    addr = load_reg(s, rn);
9643                }
9644                tmp = load_reg(s, rm);
9645                tcg_gen_add_i32(addr, addr, tmp);
9646                if (insn & (1 << 4)) {
9647                    /* tbh */
9648                    tcg_gen_add_i32(addr, addr, tmp);
9649                    tcg_temp_free_i32(tmp);
9650                    tmp = tcg_temp_new_i32();
9651                    gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
9652                } else { /* tbb */
9653                    tcg_temp_free_i32(tmp);
9654                    tmp = tcg_temp_new_i32();
9655                    gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
9656                }
9657                tcg_temp_free_i32(addr);
9658                tcg_gen_shli_i32(tmp, tmp, 1);
9659                tcg_gen_addi_i32(tmp, tmp, s->pc);
9660                store_reg(s, 15, tmp);
9661            } else {
9662                int op2 = (insn >> 6) & 0x3;
9663                op = (insn >> 4) & 0x3;
9664                switch (op2) {
9665                case 0:
9666                    goto illegal_op;
9667                case 1:
9668                    /* Load/store exclusive byte/halfword/doubleword */
9669                    if (op == 2) {
9670                        goto illegal_op;
9671                    }
9672                    ARCH(7);
9673                    break;
9674                case 2:
9675                    /* Load-acquire/store-release */
9676                    if (op == 3) {
9677                        goto illegal_op;
9678                    }
9679                    /* Fall through */
9680                case 3:
9681                    /* Load-acquire/store-release exclusive */
9682                    ARCH(8);
9683                    break;
9684                }
9685                addr = tcg_temp_local_new_i32();
9686                load_reg_var(s, addr, rn);
9687                if (!(op2 & 1)) {
9688                    if (insn & (1 << 20)) {
9689                        tmp = tcg_temp_new_i32();
9690                        switch (op) {
9691                        case 0: /* ldab */
9692                            gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
9693                            break;
9694                        case 1: /* ldah */
9695                            gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
9696                            break;
9697                        case 2: /* lda */
9698                            gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9699                            break;
9700                        default:
9701                            abort();
9702                        }
9703                        store_reg(s, rs, tmp);
9704                    } else {
9705                        tmp = load_reg(s, rs);
9706                        switch (op) {
9707                        case 0: /* stlb */
9708                            gen_aa32_st8(s, tmp, addr, get_mem_index(s));
9709                            break;
9710                        case 1: /* stlh */
9711                            gen_aa32_st16(s, tmp, addr, get_mem_index(s));
9712                            break;
9713                        case 2: /* stl */
9714                            gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9715                            break;
9716                        default:
9717                            abort();
9718                        }
9719                        tcg_temp_free_i32(tmp);
9720                    }
9721                } else if (insn & (1 << 20)) {
9722                    gen_load_exclusive(s, rs, rd, addr, op);
9723                } else {
9724                    gen_store_exclusive(s, rm, rs, rd, addr, op);
9725                }
9726                tcg_temp_free_i32(addr);
9727            }
9728        } else {
9729            /* Load/store multiple, RFE, SRS.  */
9730            if (((insn >> 23) & 1) == ((insn >> 24) & 1)) {
9731                /* RFE, SRS: not available in user mode or on M profile */
9732                if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
9733                    goto illegal_op;
9734                }
9735                if (insn & (1 << 20)) {
9736                    /* rfe */
9737                    addr = load_reg(s, rn);
9738                    if ((insn & (1 << 24)) == 0)
9739                        tcg_gen_addi_i32(addr, addr, -8);
9740                    /* Load PC into tmp and CPSR into tmp2.  */
9741                    tmp = tcg_temp_new_i32();
9742                    gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9743                    tcg_gen_addi_i32(addr, addr, 4);
9744                    tmp2 = tcg_temp_new_i32();
9745                    gen_aa32_ld32u(s, tmp2, addr, get_mem_index(s));
9746                    if (insn & (1 << 21)) {
9747                        /* Base writeback.  */
9748                        if (insn & (1 << 24)) {
9749                            tcg_gen_addi_i32(addr, addr, 4);
9750                        } else {
9751                            tcg_gen_addi_i32(addr, addr, -4);
9752                        }
9753                        store_reg(s, rn, addr);
9754                    } else {
9755                        tcg_temp_free_i32(addr);
9756                    }
9757                    gen_rfe(s, tmp, tmp2);
9758                } else {
9759                    /* srs */
9760                    gen_srs(s, (insn & 0x1f), (insn & (1 << 24)) ? 1 : 2,
9761                            insn & (1 << 21));
9762                }
9763            } else {
9764                int i, loaded_base = 0;
9765                TCGv_i32 loaded_var;
9766                /* Load/store multiple.  */
9767                addr = load_reg(s, rn);
9768                offset = 0;
9769                for (i = 0; i < 16; i++) {
9770                    if (insn & (1 << i))
9771                        offset += 4;
9772                }
9773                if (insn & (1 << 24)) {
9774                    tcg_gen_addi_i32(addr, addr, -offset);
9775                }
9776
9777                TCGV_UNUSED_I32(loaded_var);
9778                for (i = 0; i < 16; i++) {
9779                    if ((insn & (1 << i)) == 0)
9780                        continue;
9781                    if (insn & (1 << 20)) {
9782                        /* Load.  */
9783                        tmp = tcg_temp_new_i32();
9784                        gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
9785                        if (i == 15) {
9786                            gen_bx(s, tmp);
9787                        } else if (i == rn) {
9788                            loaded_var = tmp;
9789                            loaded_base = 1;
9790                        } else {
9791                            store_reg(s, i, tmp);
9792                        }
9793                    } else {
9794                        /* Store.  */
9795                        tmp = load_reg(s, i);
9796                        gen_aa32_st32(s, tmp, addr, get_mem_index(s));
9797                        tcg_temp_free_i32(tmp);
9798                    }
9799                    tcg_gen_addi_i32(addr, addr, 4);
9800                }
9801                if (loaded_base) {
9802                    store_reg(s, rn, loaded_var);
9803                }
9804                if (insn & (1 << 21)) {
9805                    /* Base register writeback.  */
9806                    if (insn & (1 << 24)) {
9807                        tcg_gen_addi_i32(addr, addr, -offset);
9808                    }
9809                    /* Fault if writeback register is in register list.  */
9810                    if (insn & (1 << rn))
9811                        goto illegal_op;
9812                    store_reg(s, rn, addr);
9813                } else {
9814                    tcg_temp_free_i32(addr);
9815                }
9816            }
9817        }
9818        break;
9819    case 5:
9820
9821        op = (insn >> 21) & 0xf;
9822        if (op == 6) {
9823            if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9824                goto illegal_op;
9825            }
9826            /* Halfword pack.  */
9827            tmp = load_reg(s, rn);
9828            tmp2 = load_reg(s, rm);
9829            shift = ((insn >> 10) & 0x1c) | ((insn >> 6) & 0x3);
9830            if (insn & (1 << 5)) {
9831                /* pkhtb */
9832                if (shift == 0)
9833                    shift = 31;
9834                tcg_gen_sari_i32(tmp2, tmp2, shift);
9835                tcg_gen_andi_i32(tmp, tmp, 0xffff0000);
9836                tcg_gen_ext16u_i32(tmp2, tmp2);
9837            } else {
9838                /* pkhbt */
9839                if (shift)
9840                    tcg_gen_shli_i32(tmp2, tmp2, shift);
9841                tcg_gen_ext16u_i32(tmp, tmp);
9842                tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
9843            }
9844            tcg_gen_or_i32(tmp, tmp, tmp2);
9845            tcg_temp_free_i32(tmp2);
9846            store_reg(s, rd, tmp);
9847        } else {
9848            /* Data processing register constant shift.  */
9849            if (rn == 15) {
9850                tmp = tcg_temp_new_i32();
9851                tcg_gen_movi_i32(tmp, 0);
9852            } else {
9853                tmp = load_reg(s, rn);
9854            }
9855            tmp2 = load_reg(s, rm);
9856
9857            shiftop = (insn >> 4) & 3;
9858            shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
9859            conds = (insn & (1 << 20)) != 0;
9860            logic_cc = (conds && thumb2_logic_op(op));
9861            gen_arm_shift_im(tmp2, shiftop, shift, logic_cc);
9862            if (gen_thumb2_data_op(s, op, conds, 0, tmp, tmp2))
9863                goto illegal_op;
9864            tcg_temp_free_i32(tmp2);
9865            if (rd != 15) {
9866                store_reg(s, rd, tmp);
9867            } else {
9868                tcg_temp_free_i32(tmp);
9869            }
9870        }
9871        break;
9872    case 13: /* Misc data processing.  */
9873        op = ((insn >> 22) & 6) | ((insn >> 7) & 1);
9874        if (op < 4 && (insn & 0xf000) != 0xf000)
9875            goto illegal_op;
9876        switch (op) {
9877        case 0: /* Register controlled shift.  */
9878            tmp = load_reg(s, rn);
9879            tmp2 = load_reg(s, rm);
9880            if ((insn & 0x70) != 0)
9881                goto illegal_op;
9882            op = (insn >> 21) & 3;
9883            logic_cc = (insn & (1 << 20)) != 0;
9884            gen_arm_shift_reg(tmp, op, tmp2, logic_cc);
9885            if (logic_cc)
9886                gen_logic_CC(tmp);
9887            store_reg_bx(s, rd, tmp);
9888            break;
9889        case 1: /* Sign/zero extend.  */
9890            op = (insn >> 20) & 7;
9891            switch (op) {
9892            case 0: /* SXTAH, SXTH */
9893            case 1: /* UXTAH, UXTH */
9894            case 4: /* SXTAB, SXTB */
9895            case 5: /* UXTAB, UXTB */
9896                break;
9897            case 2: /* SXTAB16, SXTB16 */
9898            case 3: /* UXTAB16, UXTB16 */
9899                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9900                    goto illegal_op;
9901                }
9902                break;
9903            default:
9904                goto illegal_op;
9905            }
9906            if (rn != 15) {
9907                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9908                    goto illegal_op;
9909                }
9910            }
9911            tmp = load_reg(s, rm);
9912            shift = (insn >> 4) & 3;
9913            /* ??? In many cases it's not necessary to do a
9914               rotate, a shift is sufficient.  */
9915            if (shift != 0)
9916                tcg_gen_rotri_i32(tmp, tmp, shift * 8);
9917            op = (insn >> 20) & 7;
9918            switch (op) {
9919            case 0: gen_sxth(tmp);   break;
9920            case 1: gen_uxth(tmp);   break;
9921            case 2: gen_sxtb16(tmp); break;
9922            case 3: gen_uxtb16(tmp); break;
9923            case 4: gen_sxtb(tmp);   break;
9924            case 5: gen_uxtb(tmp);   break;
9925            default:
9926                g_assert_not_reached();
9927            }
9928            if (rn != 15) {
9929                tmp2 = load_reg(s, rn);
9930                if ((op >> 1) == 1) {
9931                    gen_add16(tmp, tmp2);
9932                } else {
9933                    tcg_gen_add_i32(tmp, tmp, tmp2);
9934                    tcg_temp_free_i32(tmp2);
9935                }
9936            }
9937            store_reg(s, rd, tmp);
9938            break;
9939        case 2: /* SIMD add/subtract.  */
9940            if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9941                goto illegal_op;
9942            }
9943            op = (insn >> 20) & 7;
9944            shift = (insn >> 4) & 7;
9945            if ((op & 3) == 3 || (shift & 3) == 3)
9946                goto illegal_op;
9947            tmp = load_reg(s, rn);
9948            tmp2 = load_reg(s, rm);
9949            gen_thumb2_parallel_addsub(op, shift, tmp, tmp2);
9950            tcg_temp_free_i32(tmp2);
9951            store_reg(s, rd, tmp);
9952            break;
9953        case 3: /* Other data processing.  */
9954            op = ((insn >> 17) & 0x38) | ((insn >> 4) & 7);
9955            if (op < 4) {
9956                /* Saturating add/subtract.  */
9957                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9958                    goto illegal_op;
9959                }
9960                tmp = load_reg(s, rn);
9961                tmp2 = load_reg(s, rm);
9962                if (op & 1)
9963                    gen_helper_double_saturate(tmp, cpu_env, tmp);
9964                if (op & 2)
9965                    gen_helper_sub_saturate(tmp, cpu_env, tmp2, tmp);
9966                else
9967                    gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
9968                tcg_temp_free_i32(tmp2);
9969            } else {
9970                switch (op) {
9971                case 0x0a: /* rbit */
9972                case 0x08: /* rev */
9973                case 0x09: /* rev16 */
9974                case 0x0b: /* revsh */
9975                case 0x18: /* clz */
9976                    break;
9977                case 0x10: /* sel */
9978                    if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
9979                        goto illegal_op;
9980                    }
9981                    break;
9982                case 0x20: /* crc32/crc32c */
9983                case 0x21:
9984                case 0x22:
9985                case 0x28:
9986                case 0x29:
9987                case 0x2a:
9988                    if (!arm_dc_feature(s, ARM_FEATURE_CRC)) {
9989                        goto illegal_op;
9990                    }
9991                    break;
9992                default:
9993                    goto illegal_op;
9994                }
9995                tmp = load_reg(s, rn);
9996                switch (op) {
9997                case 0x0a: /* rbit */
9998                    gen_helper_rbit(tmp, tmp);
9999                    break;
10000                case 0x08: /* rev */

10001                    tcg_gen_bswap32_i32(tmp, tmp);
10002                    break;
10003                case 0x09: /* rev16 */
10004                    gen_rev16(tmp);
10005                    break;
10006                case 0x0b: /* revsh */
10007                    gen_revsh(tmp);
10008                    break;
10009                case 0x10: /* sel */
10010                    tmp2 = load_reg(s, rm);
10011                    tmp3 = tcg_temp_new_i32();
10012                    tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
10013                    gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
10014                    tcg_temp_free_i32(tmp3);
10015                    tcg_temp_free_i32(tmp2);
10016                    break;
10017                case 0x18: /* clz */
10018                    gen_helper_clz(tmp, tmp);
10019                    break;
10020                case 0x20:
10021                case 0x21:
10022                case 0x22:
10023                case 0x28:
10024                case 0x29:
10025                case 0x2a:
10026                {
10027                    /* crc32/crc32c */
10028                    uint32_t sz = op & 0x3;
10029                    uint32_t c = op & 0x8;
10030
10031                    tmp2 = load_reg(s, rm);
10032                    if (sz == 0) {
10033                        tcg_gen_andi_i32(tmp2, tmp2, 0xff);
10034                    } else if (sz == 1) {
10035                        tcg_gen_andi_i32(tmp2, tmp2, 0xffff);
10036                    }
10037                    tmp3 = tcg_const_i32(1 << sz);
10038                    if (c) {
10039                        gen_helper_crc32c(tmp, tmp, tmp2, tmp3);
10040                    } else {
10041                        gen_helper_crc32(tmp, tmp, tmp2, tmp3);
10042                    }
10043                    tcg_temp_free_i32(tmp2);
10044                    tcg_temp_free_i32(tmp3);
10045                    break;
10046                }
10047                default:
10048                    g_assert_not_reached();
10049                }
10050            }
10051            store_reg(s, rd, tmp);
10052            break;
10053        case 4: case 5: /* 32-bit multiply.  Sum of absolute differences.  */
10054            switch ((insn >> 20) & 7) {
10055            case 0: /* 32 x 32 -> 32 */
10056            case 7: /* Unsigned sum of absolute differences.  */
10057                break;
10058            case 1: /* 16 x 16 -> 32 */
10059            case 2: /* Dual multiply add.  */
10060            case 3: /* 32 * 16 -> 32msb */
10061            case 4: /* Dual multiply subtract.  */
10062            case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10063                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10064                    goto illegal_op;
10065                }
10066                break;
10067            }
10068            op = (insn >> 4) & 0xf;
10069            tmp = load_reg(s, rn);
10070            tmp2 = load_reg(s, rm);
10071            switch ((insn >> 20) & 7) {
10072            case 0: /* 32 x 32 -> 32 */
10073                tcg_gen_mul_i32(tmp, tmp, tmp2);
10074                tcg_temp_free_i32(tmp2);
10075                if (rs != 15) {
10076                    tmp2 = load_reg(s, rs);
10077                    if (op)
10078                        tcg_gen_sub_i32(tmp, tmp2, tmp);
10079                    else
10080                        tcg_gen_add_i32(tmp, tmp, tmp2);
10081                    tcg_temp_free_i32(tmp2);
10082                }
10083                break;
10084            case 1: /* 16 x 16 -> 32 */
10085                gen_mulxy(tmp, tmp2, op & 2, op & 1);
10086                tcg_temp_free_i32(tmp2);
10087                if (rs != 15) {
10088                    tmp2 = load_reg(s, rs);
10089                    gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10090                    tcg_temp_free_i32(tmp2);
10091                }
10092                break;
10093            case 2: /* Dual multiply add.  */
10094            case 4: /* Dual multiply subtract.  */
10095                if (op)
10096                    gen_swap_half(tmp2);
10097                gen_smul_dual(tmp, tmp2);
10098                if (insn & (1 << 22)) {
10099                    /* This subtraction cannot overflow. */
10100                    tcg_gen_sub_i32(tmp, tmp, tmp2);
10101                } else {
10102                    /* This addition cannot overflow 32 bits;
10103                     * however it may overflow considered as a signed
10104                     * operation, in which case we must set the Q flag.
10105                     */
10106                    gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10107                }
10108                tcg_temp_free_i32(tmp2);
10109                if (rs != 15)
10110                  {
10111                    tmp2 = load_reg(s, rs);
10112                    gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10113                    tcg_temp_free_i32(tmp2);
10114                  }
10115                break;
10116            case 3: /* 32 * 16 -> 32msb */
10117                if (op)
10118                    tcg_gen_sari_i32(tmp2, tmp2, 16);
10119                else
10120                    gen_sxth(tmp2);
10121                tmp64 = gen_muls_i64_i32(tmp, tmp2);
10122                tcg_gen_shri_i64(tmp64, tmp64, 16);
10123                tmp = tcg_temp_new_i32();
10124                tcg_gen_extrl_i64_i32(tmp, tmp64);
10125                tcg_temp_free_i64(tmp64);
10126                if (rs != 15)
10127                  {
10128                    tmp2 = load_reg(s, rs);
10129                    gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
10130                    tcg_temp_free_i32(tmp2);
10131                  }
10132                break;
10133            case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
10134                tmp64 = gen_muls_i64_i32(tmp, tmp2);
10135                if (rs != 15) {
10136                    tmp = load_reg(s, rs);
10137                    if (insn & (1 << 20)) {
10138                        tmp64 = gen_addq_msw(tmp64, tmp);
10139                    } else {
10140                        tmp64 = gen_subq_msw(tmp64, tmp);
10141                    }
10142                }
10143                if (insn & (1 << 4)) {
10144                    tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
10145                }
10146                tcg_gen_shri_i64(tmp64, tmp64, 32);
10147                tmp = tcg_temp_new_i32();
10148                tcg_gen_extrl_i64_i32(tmp, tmp64);
10149                tcg_temp_free_i64(tmp64);
10150                break;
10151            case 7: /* Unsigned sum of absolute differences.  */
10152                gen_helper_usad8(tmp, tmp, tmp2);
10153                tcg_temp_free_i32(tmp2);
10154                if (rs != 15) {
10155                    tmp2 = load_reg(s, rs);
10156                    tcg_gen_add_i32(tmp, tmp, tmp2);
10157                    tcg_temp_free_i32(tmp2);
10158                }
10159                break;
10160            }
10161            store_reg(s, rd, tmp);
10162            break;
10163        case 6: case 7: /* 64-bit multiply, Divide.  */
10164            op = ((insn >> 4) & 0xf) | ((insn >> 16) & 0x70);
10165            tmp = load_reg(s, rn);
10166            tmp2 = load_reg(s, rm);
10167            if ((op & 0x50) == 0x10) {
10168                /* sdiv, udiv */
10169                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DIV)) {
10170                    goto illegal_op;
10171                }
10172                if (op & 0x20)
10173                    gen_helper_udiv(tmp, tmp, tmp2);
10174                else
10175                    gen_helper_sdiv(tmp, tmp, tmp2);
10176                tcg_temp_free_i32(tmp2);
10177                store_reg(s, rd, tmp);
10178            } else if ((op & 0xe) == 0xc) {
10179                /* Dual multiply accumulate long.  */
10180                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10181                    tcg_temp_free_i32(tmp);
10182                    tcg_temp_free_i32(tmp2);
10183                    goto illegal_op;
10184                }
10185                if (op & 1)
10186                    gen_swap_half(tmp2);
10187                gen_smul_dual(tmp, tmp2);
10188                if (op & 0x10) {
10189                    tcg_gen_sub_i32(tmp, tmp, tmp2);
10190                } else {
10191                    tcg_gen_add_i32(tmp, tmp, tmp2);
10192                }
10193                tcg_temp_free_i32(tmp2);
10194                /* BUGFIX */
10195                tmp64 = tcg_temp_new_i64();
10196                tcg_gen_ext_i32_i64(tmp64, tmp);
10197                tcg_temp_free_i32(tmp);
10198                gen_addq(s, tmp64, rs, rd);
10199                gen_storeq_reg(s, rs, rd, tmp64);
10200                tcg_temp_free_i64(tmp64);
10201            } else {
10202                if (op & 0x20) {
10203                    /* Unsigned 64-bit multiply  */
10204                    tmp64 = gen_mulu_i64_i32(tmp, tmp2);
10205                } else {
10206                    if (op & 8) {
10207                        /* smlalxy */
10208                        if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10209                            tcg_temp_free_i32(tmp2);
10210                            tcg_temp_free_i32(tmp);
10211                            goto illegal_op;
10212                        }
10213                        gen_mulxy(tmp, tmp2, op & 2, op & 1);
10214                        tcg_temp_free_i32(tmp2);
10215                        tmp64 = tcg_temp_new_i64();
10216                        tcg_gen_ext_i32_i64(tmp64, tmp);
10217                        tcg_temp_free_i32(tmp);
10218                    } else {
10219                        /* Signed 64-bit multiply  */
10220                        tmp64 = gen_muls_i64_i32(tmp, tmp2);
10221                    }
10222                }
10223                if (op & 4) {
10224                    /* umaal */
10225                    if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10226                        tcg_temp_free_i64(tmp64);
10227                        goto illegal_op;
10228                    }
10229                    gen_addq_lo(s, tmp64, rs);
10230                    gen_addq_lo(s, tmp64, rd);
10231                } else if (op & 0x40) {
10232                    /* 64-bit accumulate.  */
10233                    gen_addq(s, tmp64, rs, rd);
10234                }
10235                gen_storeq_reg(s, rs, rd, tmp64);
10236                tcg_temp_free_i64(tmp64);
10237            }
10238            break;
10239        }
10240        break;
10241    case 6: case 7: case 14: case 15:
10242        /* Coprocessor.  */
10243        if (((insn >> 24) & 3) == 3) {
10244            /* Translate into the equivalent ARM encoding.  */
10245            insn = (insn & 0xe2ffffff) | ((insn & (1 << 28)) >> 4) | (1 << 28);
10246            if (disas_neon_data_insn(s, insn)) {
10247                goto illegal_op;
10248            }
10249        } else if (((insn >> 8) & 0xe) == 10) {
10250            if (disas_vfp_insn(s, insn)) {
10251                goto illegal_op;
10252            }
10253        } else {
10254            if (insn & (1 << 28))
10255                goto illegal_op;
10256            if (disas_coproc_insn(s, insn)) {
10257                goto illegal_op;
10258            }
10259        }
10260        break;
10261    case 8: case 9: case 10: case 11:
10262        if (insn & (1 << 15)) {
10263            /* Branches, misc control.  */
10264            if (insn & 0x5000) {
10265                /* Unconditional branch.  */
10266                /* signextend(hw1[10:0]) -> offset[:12].  */
10267                offset = ((int32_t)insn << 5) >> 9 & ~(int32_t)0xfff;
10268                /* hw1[10:0] -> offset[11:1].  */
10269                offset |= (insn & 0x7ff) << 1;
10270                /* (~hw2[13, 11] ^ offset[24]) -> offset[23,22]
10271                   offset[24:22] already have the same value because of the
10272                   sign extension above.  */
10273                offset ^= ((~insn) & (1 << 13)) << 10;
10274                offset ^= ((~insn) & (1 << 11)) << 11;
10275
10276                if (insn & (1 << 14)) {
10277                    /* Branch and link.  */
10278                    tcg_gen_movi_i32(cpu_R[14], s->pc | 1);
10279                }
10280
10281                offset += s->pc;
10282                if (insn & (1 << 12)) {
10283                    /* b/bl */
10284                    gen_jmp(s, offset);
10285                } else {
10286                    /* blx */
10287                    offset &= ~(uint32_t)2;
10288                    /* thumb2 bx, no need to check */
10289                    gen_bx_im(s, offset);
10290                }
10291            } else if (((insn >> 23) & 7) == 7) {
10292                /* Misc control */
10293                if (insn & (1 << 13))
10294                    goto illegal_op;
10295
10296                if (insn & (1 << 26)) {
10297                    if (!(insn & (1 << 20))) {
10298                        /* Hypervisor call (v7) */
10299                        int imm16 = extract32(insn, 16, 4) << 12
10300                            | extract32(insn, 0, 12);
10301                        ARCH(7);
10302                        if (IS_USER(s)) {
10303                            goto illegal_op;
10304                        }
10305                        gen_hvc(s, imm16);
10306                    } else {
10307                        /* Secure monitor call (v6+) */
10308                        ARCH(6K);
10309                        if (IS_USER(s)) {
10310                            goto illegal_op;
10311                        }
10312                        gen_smc(s);
10313                    }
10314                } else {
10315                    op = (insn >> 20) & 7;
10316                    switch (op) {
10317                    case 0: /* msr cpsr.  */
10318                        if (arm_dc_feature(s, ARM_FEATURE_M)) {
10319                            tmp = load_reg(s, rn);
10320                            addr = tcg_const_i32(insn & 0xff);
10321                            gen_helper_v7m_msr(cpu_env, addr, tmp);
10322                            tcg_temp_free_i32(addr);
10323                            tcg_temp_free_i32(tmp);
10324                            gen_lookup_tb(s);
10325                            break;
10326                        }
10327                        /* fall through */
10328                    case 1: /* msr spsr.  */
10329                        if (arm_dc_feature(s, ARM_FEATURE_M)) {
10330                            goto illegal_op;
10331                        }
10332
10333                        if (extract32(insn, 5, 1)) {
10334                            /* MSR (banked) */
10335                            int sysm = extract32(insn, 8, 4) |
10336                                (extract32(insn, 4, 1) << 4);
10337                            int r = op & 1;
10338
10339                            gen_msr_banked(s, r, sysm, rm);
10340                            break;
10341                        }
10342
10343                        /* MSR (for PSRs) */
10344                        tmp = load_reg(s, rn);
10345                        if (gen_set_psr(s,
10346                              msr_mask(s, (insn >> 8) & 0xf, op == 1),
10347                              op == 1, tmp))
10348                            goto illegal_op;
10349                        break;
10350                    case 2: /* cps, nop-hint.  */
10351                        if (((insn >> 8) & 7) == 0) {
10352                            gen_nop_hint(s, insn & 0xff);
10353                        }
10354                        /* Implemented as NOP in user mode.  */
10355                        if (IS_USER(s))
10356                            break;
10357                        offset = 0;
10358                        imm = 0;
10359                        if (insn & (1 << 10)) {
10360                            if (insn & (1 << 7))
10361                                offset |= CPSR_A;
10362                            if (insn & (1 << 6))
10363                                offset |= CPSR_I;
10364                            if (insn & (1 << 5))
10365                                offset |= CPSR_F;
10366                            if (insn & (1 << 9))
10367                                imm = CPSR_A | CPSR_I | CPSR_F;
10368                        }
10369                        if (insn & (1 << 8)) {
10370                            offset |= 0x1f;
10371                            imm |= (insn & 0x1f);
10372                        }
10373                        if (offset) {
10374                            gen_set_psr_im(s, offset, 0, imm);
10375                        }
10376                        break;
10377                    case 3: /* Special control operations.  */
10378                        ARCH(7);
10379                        op = (insn >> 4) & 0xf;
10380                        switch (op) {
10381                        case 2: /* clrex */
10382                            gen_clrex(s);
10383                            break;
10384                        case 4: /* dsb */
10385                        case 5: /* dmb */
10386                            tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
10387                            break;
10388                        case 6: /* isb */
10389                            /* We need to break the TB after this insn
10390                             * to execute self-modifying code correctly
10391                             * and also to take any pending interrupts
10392                             * immediately.
10393                             */
10394                            gen_lookup_tb(s);
10395                            break;
10396                        default:
10397                            goto illegal_op;
10398                        }
10399                        break;
10400                    case 4: /* bxj */
10401                        /* Trivial implementation equivalent to bx.  */
10402                        tmp = load_reg(s, rn);
10403                        gen_bx(s, tmp);
10404                        break;
10405                    case 5: /* Exception return.  */
10406                        if (IS_USER(s)) {
10407                            goto illegal_op;
10408                        }
10409                        if (rn != 14 || rd != 15) {
10410                            goto illegal_op;
10411                        }
10412                        tmp = load_reg(s, rn);
10413                        tcg_gen_subi_i32(tmp, tmp, insn & 0xff);
10414                        gen_exception_return(s, tmp);
10415                        break;
10416                    case 6: /* MRS */
10417                        if (extract32(insn, 5, 1)) {
10418                            /* MRS (banked) */
10419                            int sysm = extract32(insn, 16, 4) |
10420                                (extract32(insn, 4, 1) << 4);
10421
10422                            gen_mrs_banked(s, 0, sysm, rd);
10423                            break;
10424                        }
10425
10426                        /* mrs cpsr */
10427                        tmp = tcg_temp_new_i32();
10428                        if (arm_dc_feature(s, ARM_FEATURE_M)) {
10429                            addr = tcg_const_i32(insn & 0xff);
10430                            gen_helper_v7m_mrs(tmp, cpu_env, addr);
10431                            tcg_temp_free_i32(addr);
10432                        } else {
10433                            gen_helper_cpsr_read(tmp, cpu_env);
10434                        }
10435                        store_reg(s, rd, tmp);
10436                        break;
10437                    case 7: /* MRS */
10438                        if (extract32(insn, 5, 1)) {
10439                            /* MRS (banked) */
10440                            int sysm = extract32(insn, 16, 4) |
10441                                (extract32(insn, 4, 1) << 4);
10442
10443                            gen_mrs_banked(s, 1, sysm, rd);
10444                            break;
10445                        }
10446
10447                        /* mrs spsr.  */
10448                        /* Not accessible in user mode.  */
10449                        if (IS_USER(s) || arm_dc_feature(s, ARM_FEATURE_M)) {
10450                            goto illegal_op;
10451                        }
10452                        tmp = load_cpu_field(spsr);
10453                        store_reg(s, rd, tmp);
10454                        break;
10455                    }
10456                }
10457            } else {
10458                /* Conditional branch.  */
10459                op = (insn >> 22) & 0xf;
10460                /* Generate a conditional jump to next instruction.  */
10461                s->condlabel = gen_new_label();
10462                arm_gen_test_cc(op ^ 1, s->condlabel);
10463                s->condjmp = 1;
10464
10465                /* offset[11:1] = insn[10:0] */
10466                offset = (insn & 0x7ff) << 1;
10467                /* offset[17:12] = insn[21:16].  */
10468                offset |= (insn & 0x003f0000) >> 4;
10469                /* offset[31:20] = insn[26].  */
10470                offset |= ((int32_t)((insn << 5) & 0x80000000)) >> 11;
10471                /* offset[18] = insn[13].  */
10472                offset |= (insn & (1 << 13)) << 5;
10473                /* offset[19] = insn[11].  */
10474                offset |= (insn & (1 << 11)) << 8;
10475
10476                /* jump to the offset */
10477                gen_jmp(s, s->pc + offset);
10478            }
10479        } else {
10480            /* Data processing immediate.  */
10481            if (insn & (1 << 25)) {
10482                if (insn & (1 << 24)) {
10483                    if (insn & (1 << 20))
10484                        goto illegal_op;
10485                    /* Bitfield/Saturate.  */
10486                    op = (insn >> 21) & 7;
10487                    imm = insn & 0x1f;
10488                    shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
10489                    if (rn == 15) {
10490                        tmp = tcg_temp_new_i32();
10491                        tcg_gen_movi_i32(tmp, 0);
10492                    } else {
10493                        tmp = load_reg(s, rn);
10494                    }
10495                    switch (op) {
10496                    case 2: /* Signed bitfield extract.  */
10497                        imm++;
10498                        if (shift + imm > 32)
10499                            goto illegal_op;
10500                        if (imm < 32)
10501                            gen_sbfx(tmp, shift, imm);
10502                        break;
10503                    case 6: /* Unsigned bitfield extract.  */
10504                        imm++;
10505                        if (shift + imm > 32)
10506                            goto illegal_op;
10507                        if (imm < 32)
10508                            gen_ubfx(tmp, shift, (1u << imm) - 1);
10509                        break;
10510                    case 3: /* Bitfield insert/clear.  */
10511                        if (imm < shift)
10512                            goto illegal_op;
10513                        imm = imm + 1 - shift;
10514                        if (imm != 32) {
10515                            tmp2 = load_reg(s, rd);
10516                            tcg_gen_deposit_i32(tmp, tmp2, tmp, shift, imm);
10517                            tcg_temp_free_i32(tmp2);
10518                        }
10519                        break;
10520                    case 7:
10521                        goto illegal_op;
10522                    default: /* Saturate.  */
10523                        if (shift) {
10524                            if (op & 1)
10525                                tcg_gen_sari_i32(tmp, tmp, shift);
10526                            else
10527                                tcg_gen_shli_i32(tmp, tmp, shift);
10528                        }
10529                        tmp2 = tcg_const_i32(imm);
10530                        if (op & 4) {
10531                            /* Unsigned.  */
10532                            if ((op & 1) && shift == 0) {
10533                                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10534                                    tcg_temp_free_i32(tmp);
10535                                    tcg_temp_free_i32(tmp2);
10536                                    goto illegal_op;
10537                                }
10538                                gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
10539                            } else {
10540                                gen_helper_usat(tmp, cpu_env, tmp, tmp2);
10541                            }
10542                        } else {
10543                            /* Signed.  */
10544                            if ((op & 1) && shift == 0) {
10545                                if (!arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) {
10546                                    tcg_temp_free_i32(tmp);
10547                                    tcg_temp_free_i32(tmp2);
10548                                    goto illegal_op;
10549                                }
10550                                gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
10551                            } else {
10552                                gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
10553                            }
10554                        }
10555                        tcg_temp_free_i32(tmp2);
10556                        break;
10557                    }
10558                    store_reg(s, rd, tmp);
10559                } else {
10560                    imm = ((insn & 0x04000000) >> 15)
10561                          | ((insn & 0x7000) >> 4) | (insn & 0xff);
10562                    if (insn & (1 << 22)) {
10563                        /* 16-bit immediate.  */
10564                        imm |= (insn >> 4) & 0xf000;
10565                        if (insn & (1 << 23)) {
10566                            /* movt */
10567                            tmp = load_reg(s, rd);
10568                            tcg_gen_ext16u_i32(tmp, tmp);
10569                            tcg_gen_ori_i32(tmp, tmp, imm << 16);
10570                        } else {
10571                            /* movw */
10572                            tmp = tcg_temp_new_i32();
10573                            tcg_gen_movi_i32(tmp, imm);
10574                        }
10575                    } else {
10576                        /* Add/sub 12-bit immediate.  */
10577                        if (rn == 15) {
10578                            offset = s->pc & ~(uint32_t)3;
10579                            if (insn & (1 << 23))
10580                                offset -= imm;
10581                            else
10582                                offset += imm;
10583                            tmp = tcg_temp_new_i32();
10584                            tcg_gen_movi_i32(tmp, offset);
10585                        } else {
10586                            tmp = load_reg(s, rn);
10587                            if (insn & (1 << 23))
10588                                tcg_gen_subi_i32(tmp, tmp, imm);
10589                            else
10590                                tcg_gen_addi_i32(tmp, tmp, imm);
10591                        }
10592                    }
10593                    store_reg(s, rd, tmp);
10594                }
10595            } else {
10596                int shifter_out = 0;
10597                /* modified 12-bit immediate.  */
10598                shift = ((insn & 0x04000000) >> 23) | ((insn & 0x7000) >> 12);
10599                imm = (insn & 0xff);
10600                switch (shift) {
10601                case 0: /* XY */
10602                    /* Nothing to do.  */
10603                    break;
10604                case 1: /* 00XY00XY */
10605                    imm |= imm << 16;
10606                    break;
10607                case 2: /* XY00XY00 */
10608                    imm |= imm << 16;
10609                    imm <<= 8;
10610                    break;
10611                case 3: /* XYXYXYXY */
10612                    imm |= imm << 16;
10613                    imm |= imm << 8;
10614                    break;
10615                default: /* Rotated constant.  */
10616                    shift = (shift << 1) | (imm >> 7);
10617                    imm |= 0x80;
10618                    imm = imm << (32 - shift);
10619                    shifter_out = 1;
10620                    break;
10621                }
10622                tmp2 = tcg_temp_new_i32();
10623                tcg_gen_movi_i32(tmp2, imm);
10624                rn = (insn >> 16) & 0xf;
10625                if (rn == 15) {
10626                    tmp = tcg_temp_new_i32();
10627                    tcg_gen_movi_i32(tmp, 0);
10628                } else {
10629                    tmp = load_reg(s, rn);
10630                }
10631                op = (insn >> 21) & 0xf;
10632                if (gen_thumb2_data_op(s, op, (insn & (1 << 20)) != 0,
10633                                       shifter_out, tmp, tmp2))
10634                    goto illegal_op;
10635                tcg_temp_free_i32(tmp2);
10636                rd = (insn >> 8) & 0xf;
10637                if (rd != 15) {
10638                    store_reg(s, rd, tmp);
10639                } else {
10640                    tcg_temp_free_i32(tmp);
10641                }
10642            }
10643        }
10644        break;
10645    case 12: /* Load/store single data item.  */
10646        {
10647        int postinc = 0;
10648        int writeback = 0;
10649        int memidx;
10650        if ((insn & 0x01100000) == 0x01000000) {
10651            if (disas_neon_ls_insn(s, insn)) {
10652                goto illegal_op;
10653            }
10654            break;
10655        }
10656        op = ((insn >> 21) & 3) | ((insn >> 22) & 4);
10657        if (rs == 15) {
10658            if (!(insn & (1 << 20))) {
10659                goto illegal_op;
10660            }
10661            if (op != 2) {
10662                /* Byte or halfword load space with dest == r15 : memory hints.
10663                 * Catch them early so we don't emit pointless addressing code.
10664                 * This space is a mix of:
10665                 *  PLD/PLDW/PLI,  which we implement as NOPs (note that unlike
10666                 *     the ARM encodings, PLDW space doesn't UNDEF for non-v7MP
10667                 *     cores)
10668                 *  unallocated hints, which must be treated as NOPs
10669                 *  UNPREDICTABLE space, which we NOP or UNDEF depending on
10670                 *     which is easiest for the decoding logic
10671                 *  Some space which must UNDEF
10672                 */
10673                int op1 = (insn >> 23) & 3;
10674                int op2 = (insn >> 6) & 0x3f;
10675                if (op & 2) {
10676                    goto illegal_op;
10677                }
10678                if (rn == 15) {
10679                    /* UNPREDICTABLE, unallocated hint or
10680                     * PLD/PLDW/PLI (literal)
10681                     */
10682                    return 0;
10683                }
10684                if (op1 & 1) {
10685                    return 0; /* PLD/PLDW/PLI or unallocated hint */
10686                }
10687                if ((op2 == 0) || ((op2 & 0x3c) == 0x30)) {
10688                    return 0; /* PLD/PLDW/PLI or unallocated hint */
10689                }
10690                /* UNDEF space, or an UNPREDICTABLE */
10691                return 1;
10692            }
10693        }
10694        memidx = get_mem_index(s);
10695        if (rn == 15) {
10696            addr = tcg_temp_new_i32();
10697            /* PC relative.  */
10698            /* s->pc has already been incremented by 4.  */
10699            imm = s->pc & 0xfffffffc;
10700            if (insn & (1 << 23))
10701                imm += insn & 0xfff;
10702            else
10703                imm -= insn & 0xfff;
10704            tcg_gen_movi_i32(addr, imm);
10705        } else {
10706            addr = load_reg(s, rn);
10707            if (insn & (1 << 23)) {
10708                /* Positive offset.  */
10709                imm = insn & 0xfff;
10710                tcg_gen_addi_i32(addr, addr, imm);
10711            } else {
10712                imm = insn & 0xff;
10713                switch ((insn >> 8) & 0xf) {
10714                case 0x0: /* Shifted Register.  */
10715                    shift = (insn >> 4) & 0xf;
10716                    if (shift > 3) {
10717                        tcg_temp_free_i32(addr);
10718                        goto illegal_op;
10719                    }
10720                    tmp = load_reg(s, rm);
10721                    if (shift)
10722                        tcg_gen_shli_i32(tmp, tmp, shift);
10723                    tcg_gen_add_i32(addr, addr, tmp);
10724                    tcg_temp_free_i32(tmp);
10725                    break;
10726                case 0xc: /* Negative offset.  */
10727                    tcg_gen_addi_i32(addr, addr, -imm);
10728                    break;
10729                case 0xe: /* User privilege.  */
10730                    tcg_gen_addi_i32(addr, addr, imm);
10731                    memidx = get_a32_user_mem_index(s);
10732                    break;
10733                case 0x9: /* Post-decrement.  */
10734                    imm = -imm;
10735                    /* Fall through.  */
10736                case 0xb: /* Post-increment.  */
10737                    postinc = 1;
10738                    writeback = 1;
10739                    break;
10740                case 0xd: /* Pre-decrement.  */
10741                    imm = -imm;
10742                    /* Fall through.  */
10743                case 0xf: /* Pre-increment.  */
10744                    tcg_gen_addi_i32(addr, addr, imm);
10745                    writeback = 1;
10746                    break;
10747                default:
10748                    tcg_temp_free_i32(addr);
10749                    goto illegal_op;
10750                }
10751            }
10752        }
10753        if (insn & (1 << 20)) {
10754            /* Load.  */
10755            tmp = tcg_temp_new_i32();
10756            switch (op) {
10757            case 0:
10758                gen_aa32_ld8u(s, tmp, addr, memidx);
10759                break;
10760            case 4:
10761                gen_aa32_ld8s(s, tmp, addr, memidx);
10762                break;
10763            case 1:
10764                gen_aa32_ld16u(s, tmp, addr, memidx);
10765                break;
10766            case 5:
10767                gen_aa32_ld16s(s, tmp, addr, memidx);
10768                break;
10769            case 2:
10770                gen_aa32_ld32u(s, tmp, addr, memidx);
10771                break;
10772            default:
10773                tcg_temp_free_i32(tmp);
10774                tcg_temp_free_i32(addr);
10775                goto illegal_op;
10776            }
10777            if (rs == 15) {
10778                gen_bx(s, tmp);
10779            } else {
10780                store_reg(s, rs, tmp);
10781            }
10782        } else {
10783            /* Store.  */
10784            tmp = load_reg(s, rs);
10785            switch (op) {
10786            case 0:
10787                gen_aa32_st8(s, tmp, addr, memidx);
10788                break;
10789            case 1:
10790                gen_aa32_st16(s, tmp, addr, memidx);
10791                break;
10792            case 2:
10793                gen_aa32_st32(s, tmp, addr, memidx);
10794                break;
10795            default:
10796                tcg_temp_free_i32(tmp);
10797                tcg_temp_free_i32(addr);
10798                goto illegal_op;
10799            }
10800            tcg_temp_free_i32(tmp);
10801        }
10802        if (postinc)
10803            tcg_gen_addi_i32(addr, addr, imm);
10804        if (writeback) {
10805            store_reg(s, rn, addr);
10806        } else {
10807            tcg_temp_free_i32(addr);
10808        }
10809        }
10810        break;
10811    default:
10812        goto illegal_op;
10813    }
10814    return 0;
10815illegal_op:
10816    return 1;
10817}
10818
10819static void disas_thumb_insn(CPUARMState *env, DisasContext *s)
10820{
10821    uint32_t val, insn, op, rm, rn, rd, shift, cond;
10822    int32_t offset;
10823    int i;
10824    TCGv_i32 tmp;
10825    TCGv_i32 tmp2;
10826    TCGv_i32 addr;
10827
10828    if (s->condexec_mask) {
10829        cond = s->condexec_cond;
10830        if (cond != 0x0e) {     /* Skip conditional when condition is AL. */
10831          s->condlabel = gen_new_label();
10832          arm_gen_test_cc(cond ^ 1, s->condlabel);
10833          s->condjmp = 1;
10834        }
10835    }
10836
10837    insn = arm_lduw_code(env, s->pc, s->sctlr_b);
10838    s->pc += 2;
10839
10840    switch (insn >> 12) {
10841    case 0: case 1:
10842
10843        rd = insn & 7;
10844        op = (insn >> 11) & 3;
10845        if (op == 3) {
10846            /* add/subtract */
10847            rn = (insn >> 3) & 7;
10848            tmp = load_reg(s, rn);
10849            if (insn & (1 << 10)) {
10850                /* immediate */
10851                tmp2 = tcg_temp_new_i32();
10852                tcg_gen_movi_i32(tmp2, (insn >> 6) & 7);
10853            } else {
10854                /* reg */
10855                rm = (insn >> 6) & 7;
10856                tmp2 = load_reg(s, rm);
10857            }
10858            if (insn & (1 << 9)) {
10859                if (s->condexec_mask)
10860                    tcg_gen_sub_i32(tmp, tmp, tmp2);
10861                else
10862                    gen_sub_CC(tmp, tmp, tmp2);
10863            } else {
10864                if (s->condexec_mask)
10865                    tcg_gen_add_i32(tmp, tmp, tmp2);
10866                else
10867                    gen_add_CC(tmp, tmp, tmp2);
10868            }
10869            tcg_temp_free_i32(tmp2);
10870            store_reg(s, rd, tmp);
10871        } else {
10872            /* shift immediate */
10873            rm = (insn >> 3) & 7;
10874            shift = (insn >> 6) & 0x1f;
10875            tmp = load_reg(s, rm);
10876            gen_arm_shift_im(tmp, op, shift, s->condexec_mask == 0);
10877            if (!s->condexec_mask)
10878                gen_logic_CC(tmp);
10879            store_reg(s, rd, tmp);
10880        }
10881        break;
10882    case 2: case 3:
10883        /* arithmetic large immediate */
10884        op = (insn >> 11) & 3;
10885        rd = (insn >> 8) & 0x7;
10886        if (op == 0) { /* mov */
10887            tmp = tcg_temp_new_i32();
10888            tcg_gen_movi_i32(tmp, insn & 0xff);
10889            if (!s->condexec_mask)
10890                gen_logic_CC(tmp);
10891            store_reg(s, rd, tmp);
10892        } else {
10893            tmp = load_reg(s, rd);
10894            tmp2 = tcg_temp_new_i32();
10895            tcg_gen_movi_i32(tmp2, insn & 0xff);
10896            switch (op) {
10897            case 1: /* cmp */
10898                gen_sub_CC(tmp, tmp, tmp2);
10899                tcg_temp_free_i32(tmp);
10900                tcg_temp_free_i32(tmp2);
10901                break;
10902            case 2: /* add */
10903                if (s->condexec_mask)
10904                    tcg_gen_add_i32(tmp, tmp, tmp2);
10905                else
10906                    gen_add_CC(tmp, tmp, tmp2);
10907                tcg_temp_free_i32(tmp2);
10908                store_reg(s, rd, tmp);
10909                break;
10910            case 3: /* sub */
10911                if (s->condexec_mask)
10912                    tcg_gen_sub_i32(tmp, tmp, tmp2);
10913                else
10914                    gen_sub_CC(tmp, tmp, tmp2);
10915                tcg_temp_free_i32(tmp2);
10916                store_reg(s, rd, tmp);
10917                break;
10918            }
10919        }
10920        break;
10921    case 4:
10922        if (insn & (1 << 11)) {
10923            rd = (insn >> 8) & 7;
10924            /* load pc-relative.  Bit 1 of PC is ignored.  */
10925            val = s->pc + 2 + ((insn & 0xff) * 4);
10926            val &= ~(uint32_t)2;
10927            addr = tcg_temp_new_i32();
10928            tcg_gen_movi_i32(addr, val);
10929            tmp = tcg_temp_new_i32();
10930            gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
10931            tcg_temp_free_i32(addr);
10932            store_reg(s, rd, tmp);
10933            break;
10934        }
10935        if (insn & (1 << 10)) {
10936            /* data processing extended or blx */
10937            rd = (insn & 7) | ((insn >> 4) & 8);
10938            rm = (insn >> 3) & 0xf;
10939            op = (insn >> 8) & 3;
10940            switch (op) {
10941            case 0: /* add */
10942                tmp = load_reg(s, rd);
10943                tmp2 = load_reg(s, rm);
10944                tcg_gen_add_i32(tmp, tmp, tmp2);
10945                tcg_temp_free_i32(tmp2);
10946                store_reg(s, rd, tmp);
10947                break;
10948            case 1: /* cmp */
10949                tmp = load_reg(s, rd);
10950                tmp2 = load_reg(s, rm);
10951                gen_sub_CC(tmp, tmp, tmp2);
10952                tcg_temp_free_i32(tmp2);
10953                tcg_temp_free_i32(tmp);
10954                break;
10955            case 2: /* mov/cpy */
10956                tmp = load_reg(s, rm);
10957                store_reg(s, rd, tmp);
10958                break;
10959            case 3:/* branch [and link] exchange thumb register */
10960                tmp = load_reg(s, rm);
10961                if (insn & (1 << 7)) {
10962                    ARCH(5);
10963                    val = (uint32_t)s->pc | 1;
10964                    tmp2 = tcg_temp_new_i32();
10965                    tcg_gen_movi_i32(tmp2, val);
10966                    store_reg(s, 14, tmp2);
10967                }
10968                /* already thumb, no need to check */
10969                gen_bx(s, tmp);
10970                break;
10971            }
10972            break;
10973        }
10974
10975        /* data processing register */
10976        rd = insn & 7;
10977        rm = (insn >> 3) & 7;
10978        op = (insn >> 6) & 0xf;
10979        if (op == 2 || op == 3 || op == 4 || op == 7) {
10980            /* the shift/rotate ops want the operands backwards */
10981            val = rm;
10982            rm = rd;
10983            rd = val;
10984            val = 1;
10985        } else {
10986            val = 0;
10987        }
10988
10989        if (op == 9) { /* neg */
10990            tmp = tcg_temp_new_i32();
10991            tcg_gen_movi_i32(tmp, 0);
10992        } else if (op != 0xf) { /* mvn doesn't read its first operand */
10993            tmp = load_reg(s, rd);
10994        } else {
10995            TCGV_UNUSED_I32(tmp);
10996        }
10997
10998        tmp2 = load_reg(s, rm);
10999        switch (op) {
11000        case 0x0: /* and */

11001            tcg_gen_and_i32(tmp, tmp, tmp2);
11002            if (!s->condexec_mask)
11003                gen_logic_CC(tmp);
11004            break;
11005        case 0x1: /* eor */
11006            tcg_gen_xor_i32(tmp, tmp, tmp2);
11007            if (!s->condexec_mask)
11008                gen_logic_CC(tmp);
11009            break;
11010        case 0x2: /* lsl */
11011            if (s->condexec_mask) {
11012                gen_shl(tmp2, tmp2, tmp);
11013            } else {
11014                gen_helper_shl_cc(tmp2, cpu_env, tmp2, tmp);
11015                gen_logic_CC(tmp2);
11016            }
11017            break;
11018        case 0x3: /* lsr */
11019            if (s->condexec_mask) {
11020                gen_shr(tmp2, tmp2, tmp);
11021            } else {
11022                gen_helper_shr_cc(tmp2, cpu_env, tmp2, tmp);
11023                gen_logic_CC(tmp2);
11024            }
11025            break;
11026        case 0x4: /* asr */
11027            if (s->condexec_mask) {
11028                gen_sar(tmp2, tmp2, tmp);
11029            } else {
11030                gen_helper_sar_cc(tmp2, cpu_env, tmp2, tmp);
11031                gen_logic_CC(tmp2);
11032            }
11033            break;
11034        case 0x5: /* adc */
11035            if (s->condexec_mask) {
11036                gen_adc(tmp, tmp2);
11037            } else {
11038                gen_adc_CC(tmp, tmp, tmp2);
11039            }
11040            break;
11041        case 0x6: /* sbc */
11042            if (s->condexec_mask) {
11043                gen_sub_carry(tmp, tmp, tmp2);
11044            } else {
11045                gen_sbc_CC(tmp, tmp, tmp2);
11046            }
11047            break;
11048        case 0x7: /* ror */
11049            if (s->condexec_mask) {
11050                tcg_gen_andi_i32(tmp, tmp, 0x1f);
11051                tcg_gen_rotr_i32(tmp2, tmp2, tmp);
11052            } else {
11053                gen_helper_ror_cc(tmp2, cpu_env, tmp2, tmp);
11054                gen_logic_CC(tmp2);
11055            }
11056            break;
11057        case 0x8: /* tst */
11058            tcg_gen_and_i32(tmp, tmp, tmp2);
11059            gen_logic_CC(tmp);
11060            rd = 16;
11061            break;
11062        case 0x9: /* neg */
11063            if (s->condexec_mask)
11064                tcg_gen_neg_i32(tmp, tmp2);
11065            else
11066                gen_sub_CC(tmp, tmp, tmp2);
11067            break;
11068        case 0xa: /* cmp */
11069            gen_sub_CC(tmp, tmp, tmp2);
11070            rd = 16;
11071            break;
11072        case 0xb: /* cmn */
11073            gen_add_CC(tmp, tmp, tmp2);
11074            rd = 16;
11075            break;
11076        case 0xc: /* orr */
11077            tcg_gen_or_i32(tmp, tmp, tmp2);
11078            if (!s->condexec_mask)
11079                gen_logic_CC(tmp);
11080            break;
11081        case 0xd: /* mul */
11082            tcg_gen_mul_i32(tmp, tmp, tmp2);
11083            if (!s->condexec_mask)
11084                gen_logic_CC(tmp);
11085            break;
11086        case 0xe: /* bic */
11087            tcg_gen_andc_i32(tmp, tmp, tmp2);
11088            if (!s->condexec_mask)
11089                gen_logic_CC(tmp);
11090            break;
11091        case 0xf: /* mvn */
11092            tcg_gen_not_i32(tmp2, tmp2);
11093            if (!s->condexec_mask)
11094                gen_logic_CC(tmp2);
11095            val = 1;
11096            rm = rd;
11097            break;
11098        }
11099        if (rd != 16) {
11100            if (val) {
11101                store_reg(s, rm, tmp2);
11102                if (op != 0xf)
11103                    tcg_temp_free_i32(tmp);
11104            } else {
11105                store_reg(s, rd, tmp);
11106                tcg_temp_free_i32(tmp2);
11107            }
11108        } else {
11109            tcg_temp_free_i32(tmp);
11110            tcg_temp_free_i32(tmp2);
11111        }
11112        break;
11113
11114    case 5:
11115        /* load/store register offset.  */
11116        rd = insn & 7;
11117        rn = (insn >> 3) & 7;
11118        rm = (insn >> 6) & 7;
11119        op = (insn >> 9) & 7;
11120        addr = load_reg(s, rn);
11121        tmp = load_reg(s, rm);
11122        tcg_gen_add_i32(addr, addr, tmp);
11123        tcg_temp_free_i32(tmp);
11124
11125        if (op < 3) { /* store */
11126            tmp = load_reg(s, rd);
11127        } else {
11128            tmp = tcg_temp_new_i32();
11129        }
11130
11131        switch (op) {
11132        case 0: /* str */
11133            gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11134            break;
11135        case 1: /* strh */
11136            gen_aa32_st16(s, tmp, addr, get_mem_index(s));
11137            break;
11138        case 2: /* strb */
11139            gen_aa32_st8(s, tmp, addr, get_mem_index(s));
11140            break;
11141        case 3: /* ldrsb */
11142            gen_aa32_ld8s(s, tmp, addr, get_mem_index(s));
11143            break;
11144        case 4: /* ldr */
11145            gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11146            break;
11147        case 5: /* ldrh */
11148            gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
11149            break;
11150        case 6: /* ldrb */
11151            gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
11152            break;
11153        case 7: /* ldrsh */
11154            gen_aa32_ld16s(s, tmp, addr, get_mem_index(s));
11155            break;
11156        }
11157        if (op >= 3) { /* load */
11158            store_reg(s, rd, tmp);
11159        } else {
11160            tcg_temp_free_i32(tmp);
11161        }
11162        tcg_temp_free_i32(addr);
11163        break;
11164
11165    case 6:
11166        /* load/store word immediate offset */
11167        rd = insn & 7;
11168        rn = (insn >> 3) & 7;
11169        addr = load_reg(s, rn);
11170        val = (insn >> 4) & 0x7c;
11171        tcg_gen_addi_i32(addr, addr, val);
11172
11173        if (insn & (1 << 11)) {
11174            /* load */
11175            tmp = tcg_temp_new_i32();
11176            gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11177            store_reg(s, rd, tmp);
11178        } else {
11179            /* store */
11180            tmp = load_reg(s, rd);
11181            gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11182            tcg_temp_free_i32(tmp);
11183        }
11184        tcg_temp_free_i32(addr);
11185        break;
11186
11187    case 7:
11188        /* load/store byte immediate offset */
11189        rd = insn & 7;
11190        rn = (insn >> 3) & 7;
11191        addr = load_reg(s, rn);
11192        val = (insn >> 6) & 0x1f;
11193        tcg_gen_addi_i32(addr, addr, val);
11194
11195        if (insn & (1 << 11)) {
11196            /* load */
11197            tmp = tcg_temp_new_i32();
11198            gen_aa32_ld8u(s, tmp, addr, get_mem_index(s));
11199            store_reg(s, rd, tmp);
11200        } else {
11201            /* store */
11202            tmp = load_reg(s, rd);
11203            gen_aa32_st8(s, tmp, addr, get_mem_index(s));
11204            tcg_temp_free_i32(tmp);
11205        }
11206        tcg_temp_free_i32(addr);
11207        break;
11208
11209    case 8:
11210        /* load/store halfword immediate offset */
11211        rd = insn & 7;
11212        rn = (insn >> 3) & 7;
11213        addr = load_reg(s, rn);
11214        val = (insn >> 5) & 0x3e;
11215        tcg_gen_addi_i32(addr, addr, val);
11216
11217        if (insn & (1 << 11)) {
11218            /* load */
11219            tmp = tcg_temp_new_i32();
11220            gen_aa32_ld16u(s, tmp, addr, get_mem_index(s));
11221            store_reg(s, rd, tmp);
11222        } else {
11223            /* store */
11224            tmp = load_reg(s, rd);
11225            gen_aa32_st16(s, tmp, addr, get_mem_index(s));
11226            tcg_temp_free_i32(tmp);
11227        }
11228        tcg_temp_free_i32(addr);
11229        break;
11230
11231    case 9:
11232        /* load/store from stack */
11233        rd = (insn >> 8) & 7;
11234        addr = load_reg(s, 13);
11235        val = (insn & 0xff) * 4;
11236        tcg_gen_addi_i32(addr, addr, val);
11237
11238        if (insn & (1 << 11)) {
11239            /* load */
11240            tmp = tcg_temp_new_i32();
11241            gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11242            store_reg(s, rd, tmp);
11243        } else {
11244            /* store */
11245            tmp = load_reg(s, rd);
11246            gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11247            tcg_temp_free_i32(tmp);
11248        }
11249        tcg_temp_free_i32(addr);
11250        break;
11251
11252    case 10:
11253        /* add to high reg */
11254        rd = (insn >> 8) & 7;
11255        if (insn & (1 << 11)) {
11256            /* SP */
11257            tmp = load_reg(s, 13);
11258        } else {
11259            /* PC. bit 1 is ignored.  */
11260            tmp = tcg_temp_new_i32();
11261            tcg_gen_movi_i32(tmp, (s->pc + 2) & ~(uint32_t)2);
11262        }
11263        val = (insn & 0xff) * 4;
11264        tcg_gen_addi_i32(tmp, tmp, val);
11265        store_reg(s, rd, tmp);
11266        break;
11267
11268    case 11:
11269        /* misc */
11270        op = (insn >> 8) & 0xf;
11271        switch (op) {
11272        case 0:
11273            /* adjust stack pointer */
11274            tmp = load_reg(s, 13);
11275            val = (insn & 0x7f) * 4;
11276            if (insn & (1 << 7))
11277                val = -(int32_t)val;
11278            tcg_gen_addi_i32(tmp, tmp, val);
11279            store_reg(s, 13, tmp);
11280            break;
11281
11282        case 2: /* sign/zero extend.  */
11283            ARCH(6);
11284            rd = insn & 7;
11285            rm = (insn >> 3) & 7;
11286            tmp = load_reg(s, rm);
11287            switch ((insn >> 6) & 3) {
11288            case 0: gen_sxth(tmp); break;
11289            case 1: gen_sxtb(tmp); break;
11290            case 2: gen_uxth(tmp); break;
11291            case 3: gen_uxtb(tmp); break;
11292            }
11293            store_reg(s, rd, tmp);
11294            break;
11295        case 4: case 5: case 0xc: case 0xd:
11296            /* push/pop */
11297            addr = load_reg(s, 13);
11298            if (insn & (1 << 8))
11299                offset = 4;
11300            else
11301                offset = 0;
11302            for (i = 0; i < 8; i++) {
11303                if (insn & (1 << i))
11304                    offset += 4;
11305            }
11306            if ((insn & (1 << 11)) == 0) {
11307                tcg_gen_addi_i32(addr, addr, -offset);
11308            }
11309            for (i = 0; i < 8; i++) {
11310                if (insn & (1 << i)) {
11311                    if (insn & (1 << 11)) {
11312                        /* pop */
11313                        tmp = tcg_temp_new_i32();
11314                        gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11315                        store_reg(s, i, tmp);
11316                    } else {
11317                        /* push */
11318                        tmp = load_reg(s, i);
11319                        gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11320                        tcg_temp_free_i32(tmp);
11321                    }
11322                    /* advance to the next address.  */
11323                    tcg_gen_addi_i32(addr, addr, 4);
11324                }
11325            }
11326            TCGV_UNUSED_I32(tmp);
11327            if (insn & (1 << 8)) {
11328                if (insn & (1 << 11)) {
11329                    /* pop pc */
11330                    tmp = tcg_temp_new_i32();
11331                    gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11332                    /* don't set the pc until the rest of the instruction
11333                       has completed */
11334                } else {
11335                    /* push lr */
11336                    tmp = load_reg(s, 14);
11337                    gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11338                    tcg_temp_free_i32(tmp);
11339                }
11340                tcg_gen_addi_i32(addr, addr, 4);
11341            }
11342            if ((insn & (1 << 11)) == 0) {
11343                tcg_gen_addi_i32(addr, addr, -offset);
11344            }
11345            /* write back the new stack pointer */
11346            store_reg(s, 13, addr);
11347            /* set the new PC value */
11348            if ((insn & 0x0900) == 0x0900) {
11349                store_reg_from_load(s, 15, tmp);
11350            }
11351            break;
11352
11353        case 1: case 3: case 9: case 11: /* czb */
11354            rm = insn & 7;
11355            tmp = load_reg(s, rm);
11356            s->condlabel = gen_new_label();
11357            s->condjmp = 1;
11358            if (insn & (1 << 11))
11359                tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, s->condlabel);
11360            else
11361                tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, s->condlabel);
11362            tcg_temp_free_i32(tmp);
11363            offset = ((insn & 0xf8) >> 2) | (insn & 0x200) >> 3;
11364            val = (uint32_t)s->pc + 2;
11365            val += offset;
11366            gen_jmp(s, val);
11367            break;
11368
11369        case 15: /* IT, nop-hint.  */
11370            if ((insn & 0xf) == 0) {
11371                gen_nop_hint(s, (insn >> 4) & 0xf);
11372                break;
11373            }
11374            /* If Then.  */
11375            s->condexec_cond = (insn >> 4) & 0xe;
11376            s->condexec_mask = insn & 0x1f;
11377            /* No actual code generated for this insn, just setup state.  */
11378            break;
11379
11380        case 0xe: /* bkpt */
11381        {
11382            int imm8 = extract32(insn, 0, 8);
11383            ARCH(5);
11384            gen_exception_insn(s, 2, EXCP_BKPT, syn_aa32_bkpt(imm8, true),
11385                               default_exception_el(s));
11386            break;
11387        }
11388
11389        case 0xa: /* rev, and hlt */
11390        {
11391            int op1 = extract32(insn, 6, 2);
11392
11393            if (op1 == 2) {
11394                /* HLT */
11395                int imm6 = extract32(insn, 0, 6);
11396
11397                gen_hlt(s, imm6);
11398                break;
11399            }
11400
11401            /* Otherwise this is rev */
11402            ARCH(6);
11403            rn = (insn >> 3) & 0x7;
11404            rd = insn & 0x7;
11405            tmp = load_reg(s, rn);
11406            switch (op1) {
11407            case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
11408            case 1: gen_rev16(tmp); break;
11409            case 3: gen_revsh(tmp); break;
11410            default:
11411                g_assert_not_reached();
11412            }
11413            store_reg(s, rd, tmp);
11414            break;
11415        }
11416
11417        case 6:
11418            switch ((insn >> 5) & 7) {
11419            case 2:
11420                /* setend */
11421                ARCH(6);
11422                if (((insn >> 3) & 1) != !!(s->be_data == MO_BE)) {
11423                    gen_helper_setend(cpu_env);
11424                    s->is_jmp = DISAS_UPDATE;
11425                }
11426                break;
11427            case 3:
11428                /* cps */
11429                ARCH(6);
11430                if (IS_USER(s)) {
11431                    break;
11432                }
11433                if (arm_dc_feature(s, ARM_FEATURE_M)) {
11434                    tmp = tcg_const_i32((insn & (1 << 4)) != 0);
11435                    /* FAULTMASK */
11436                    if (insn & 1) {
11437                        addr = tcg_const_i32(19);
11438                        gen_helper_v7m_msr(cpu_env, addr, tmp);
11439                        tcg_temp_free_i32(addr);
11440                    }
11441                    /* PRIMASK */
11442                    if (insn & 2) {
11443                        addr = tcg_const_i32(16);
11444                        gen_helper_v7m_msr(cpu_env, addr, tmp);
11445                        tcg_temp_free_i32(addr);
11446                    }
11447                    tcg_temp_free_i32(tmp);
11448                    gen_lookup_tb(s);
11449                } else {
11450                    if (insn & (1 << 4)) {
11451                        shift = CPSR_A | CPSR_I | CPSR_F;
11452                    } else {
11453                        shift = 0;
11454                    }
11455                    gen_set_psr_im(s, ((insn & 7) << 6), 0, shift);
11456                }
11457                break;
11458            default:
11459                goto undef;
11460            }
11461            break;
11462
11463        default:
11464            goto undef;
11465        }
11466        break;
11467
11468    case 12:
11469    {
11470        /* load/store multiple */
11471        TCGv_i32 loaded_var;
11472        TCGV_UNUSED_I32(loaded_var);
11473        rn = (insn >> 8) & 0x7;
11474        addr = load_reg(s, rn);
11475        for (i = 0; i < 8; i++) {
11476            if (insn & (1 << i)) {
11477                if (insn & (1 << 11)) {
11478                    /* load */
11479                    tmp = tcg_temp_new_i32();
11480                    gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
11481                    if (i == rn) {
11482                        loaded_var = tmp;
11483                    } else {
11484                        store_reg(s, i, tmp);
11485                    }
11486                } else {
11487                    /* store */
11488                    tmp = load_reg(s, i);
11489                    gen_aa32_st32(s, tmp, addr, get_mem_index(s));
11490                    tcg_temp_free_i32(tmp);
11491                }
11492                /* advance to the next address */
11493                tcg_gen_addi_i32(addr, addr, 4);
11494            }
11495        }
11496        if ((insn & (1 << rn)) == 0) {
11497            /* base reg not in list: base register writeback */
11498            store_reg(s, rn, addr);
11499        } else {
11500            /* base reg in list: if load, complete it now */
11501            if (insn & (1 << 11)) {
11502                store_reg(s, rn, loaded_var);
11503            }
11504            tcg_temp_free_i32(addr);
11505        }
11506        break;
11507    }
11508    case 13:
11509        /* conditional branch or swi */
11510        cond = (insn >> 8) & 0xf;
11511        if (cond == 0xe)
11512            goto undef;
11513
11514        if (cond == 0xf) {
11515            /* swi */
11516            gen_set_pc_im(s, s->pc);
11517            s->svc_imm = extract32(insn, 0, 8);
11518            s->is_jmp = DISAS_SWI;
11519            break;
11520        }
11521        /* generate a conditional jump to next instruction */
11522        s->condlabel = gen_new_label();
11523        arm_gen_test_cc(cond ^ 1, s->condlabel);
11524        s->condjmp = 1;
11525
11526        /* jump to the offset */
11527        val = (uint32_t)s->pc + 2;
11528        offset = ((int32_t)insn << 24) >> 24;
11529        val += offset << 1;
11530        gen_jmp(s, val);
11531        break;
11532
11533    case 14:
11534        if (insn & (1 << 11)) {
11535            if (disas_thumb2_insn(env, s, insn))
11536              goto undef32;
11537            break;
11538        }
11539        /* unconditional branch */
11540        val = (uint32_t)s->pc;
11541        offset = ((int32_t)insn << 21) >> 21;
11542        val += (offset << 1) + 2;
11543        gen_jmp(s, val);
11544        break;
11545
11546    case 15:
11547        if (disas_thumb2_insn(env, s, insn))
11548            goto undef32;
11549        break;
11550    }
11551    return;
11552undef32:
11553    gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
11554                       default_exception_el(s));
11555    return;
11556illegal_op:
11557undef:
11558    gen_exception_insn(s, 2, EXCP_UDEF, syn_uncategorized(),
11559                       default_exception_el(s));
11560}
11561
11562static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
11563{
11564    /* Return true if the insn at dc->pc might cross a page boundary.
11565     * (False positives are OK, false negatives are not.)
11566     */
11567    uint16_t insn;
11568
11569    if ((s->pc & 3) == 0) {
11570        /* At a 4-aligned address we can't be crossing a page */
11571        return false;
11572    }
11573
11574    /* This must be a Thumb insn */
11575    insn = arm_lduw_code(env, s->pc, s->sctlr_b);
11576
11577    if ((insn >> 11) >= 0x1d) {
11578        /* Top five bits 0b11101 / 0b11110 / 0b11111 : this is the
11579         * First half of a 32-bit Thumb insn. Thumb-1 cores might
11580         * end up actually treating this as two 16-bit insns (see the
11581         * code at the start of disas_thumb2_insn()) but we don't bother
11582         * to check for that as it is unlikely, and false positives here
11583         * are harmless.
11584         */
11585        return true;
11586    }
11587    /* Definitely a 16-bit insn, can't be crossing a page. */
11588    return false;
11589}
11590
11591/* generate intermediate code for basic block 'tb'.  */
11592void gen_intermediate_code(CPUARMState *env, TranslationBlock *tb)
11593{
11594    ARMCPU *cpu = arm_env_get_cpu(env);
11595    CPUState *cs = CPU(cpu);
11596    DisasContext dc1, *dc = &dc1;
11597    target_ulong pc_start;
11598    target_ulong next_page_start;
11599    int num_insns;
11600    int max_insns;
11601    bool end_of_page;
11602
11603    /* generate intermediate code */
11604
11605    /* The A64 decoder has its own top level loop, because it doesn't need
11606     * the A32/T32 complexity to do with conditional execution/IT blocks/etc.
11607     */
11608    if (ARM_TBFLAG_AARCH64_STATE(tb->flags)) {
11609        gen_intermediate_code_a64(cpu, tb);
11610        return;
11611    }
11612
11613    pc_start = tb->pc;
11614
11615    dc->tb = tb;
11616
11617    dc->is_jmp = DISAS_NEXT;
11618    dc->pc = pc_start;
11619    dc->singlestep_enabled = cs->singlestep_enabled;
11620    dc->condjmp = 0;
11621
11622    dc->aarch64 = 0;
11623    /* If we are coming from secure EL0 in a system with a 32-bit EL3, then
11624     * there is no secure EL1, so we route exceptions to EL3.
11625     */
11626    dc->secure_routed_to_el3 = arm_feature(env, ARM_FEATURE_EL3) &&
11627                               !arm_el_is_aa64(env, 3);
11628    dc->thumb = ARM_TBFLAG_THUMB(tb->flags);
11629    dc->sctlr_b = ARM_TBFLAG_SCTLR_B(tb->flags);
11630    dc->be_data = ARM_TBFLAG_BE_DATA(tb->flags) ? MO_BE : MO_LE;
11631    dc->condexec_mask = (ARM_TBFLAG_CONDEXEC(tb->flags) & 0xf) << 1;
11632    dc->condexec_cond = ARM_TBFLAG_CONDEXEC(tb->flags) >> 4;
11633    dc->mmu_idx = ARM_TBFLAG_MMUIDX(tb->flags);
11634    dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx);
11635#if !defined(CONFIG_USER_ONLY)
11636    dc->user = (dc->current_el == 0);
11637#endif
11638    dc->ns = ARM_TBFLAG_NS(tb->flags);
11639    dc->fp_excp_el = ARM_TBFLAG_FPEXC_EL(tb->flags);
11640    dc->vfp_enabled = ARM_TBFLAG_VFPEN(tb->flags);
11641    dc->vec_len = ARM_TBFLAG_VECLEN(tb->flags);
11642    dc->vec_stride = ARM_TBFLAG_VECSTRIDE(tb->flags);
11643    dc->c15_cpar = ARM_TBFLAG_XSCALE_CPAR(tb->flags);
11644    dc->cp_regs = cpu->cp_regs;
11645    dc->features = env->features;
11646
11647    /* Single step state. The code-generation logic here is:
11648     *  SS_ACTIVE == 0:
11649     *   generate code with no special handling for single-stepping (except
11650     *   that anything that can make us go to SS_ACTIVE == 1 must end the TB;
11651     *   this happens anyway because those changes are all system register or
11652     *   PSTATE writes).
11653     *  SS_ACTIVE == 1, PSTATE.SS == 1: (active-not-pending)
11654     *   emit code for one insn
11655     *   emit code to clear PSTATE.SS
11656     *   emit code to generate software step exception for completed step
11657     *   end TB (as usual for having generated an exception)
11658     *  SS_ACTIVE == 1, PSTATE.SS == 0: (active-pending)
11659     *   emit code to generate a software step exception
11660     *   end the TB
11661     */
11662    dc->ss_active = ARM_TBFLAG_SS_ACTIVE(tb->flags);
11663    dc->pstate_ss = ARM_TBFLAG_PSTATE_SS(tb->flags);
11664    dc->is_ldex = false;
11665    dc->ss_same_el = false; /* Can't be true since EL_d must be AArch64 */
11666
11667    cpu_F0s = tcg_temp_new_i32();
11668    cpu_F1s = tcg_temp_new_i32();
11669    cpu_F0d = tcg_temp_new_i64();
11670    cpu_F1d = tcg_temp_new_i64();
11671    cpu_V0 = cpu_F0d;
11672    cpu_V1 = cpu_F1d;
11673    /* FIXME: cpu_M0 can probably be the same as cpu_V0.  */
11674    cpu_M0 = tcg_temp_new_i64();
11675    next_page_start = (pc_start & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE;
11676    num_insns = 0;
11677    max_insns = tb->cflags & CF_COUNT_MASK;
11678    if (max_insns == 0) {
11679        max_insns = CF_COUNT_MASK;
11680    }
11681    if (max_insns > TCG_MAX_INSNS) {
11682        max_insns = TCG_MAX_INSNS;
11683    }
11684
11685    gen_tb_start(tb);
11686
11687    tcg_clear_temp_count();
11688
11689    /* A note on handling of the condexec (IT) bits:
11690     *
11691     * We want to avoid the overhead of having to write the updated condexec
11692     * bits back to the CPUARMState for every instruction in an IT block. So:
11693     * (1) if the condexec bits are not already zero then we write
11694     * zero back into the CPUARMState now. This avoids complications trying
11695     * to do it at the end of the block. (For example if we don't do this
11696     * it's hard to identify whether we can safely skip writing condexec
11697     * at the end of the TB, which we definitely want to do for the case
11698     * where a TB doesn't do anything with the IT state at all.)
11699     * (2) if we are going to leave the TB then we call gen_set_condexec()
11700     * which will write the correct value into CPUARMState if zero is wrong.
11701     * This is done both for leaving the TB at the end, and for leaving
11702     * it because of an exception we know will happen, which is done in
11703     * gen_exception_insn(). The latter is necessary because we need to
11704     * leave the TB with the PC/IT state just prior to execution of the
11705     * instruction which caused the exception.
11706     * (3) if we leave the TB unexpectedly (eg a data abort on a load)
11707     * then the CPUARMState will be wrong and we need to reset it.
11708     * This is handled in the same way as restoration of the
11709     * PC in these situations; we save the value of the condexec bits
11710     * for each PC via tcg_gen_insn_start(), and restore_state_to_opc()
11711     * then uses this to restore them after an exception.
11712     *
11713     * Note that there are no instructions which can read the condexec
11714     * bits, and none which can write non-static values to them, so
11715     * we don't need to care about whether CPUARMState is correct in the
11716     * middle of a TB.
11717     */
11718
11719    /* Reset the conditional execution bits immediately. This avoids
11720       complications trying to do it at the end of the block.  */
11721    if (dc->condexec_mask || dc->condexec_cond)
11722      {
11723        TCGv_i32 tmp = tcg_temp_new_i32();
11724        tcg_gen_movi_i32(tmp, 0);
11725        store_cpu_field(tmp, condexec_bits);
11726      }
11727    do {
11728        tcg_gen_insn_start(dc->pc,
11729                           (dc->condexec_cond << 4) | (dc->condexec_mask >> 1),
11730                           0);
11731        num_insns++;
11732
11733#ifdef CONFIG_USER_ONLY
11734        /* Intercept jump to the magic kernel page.  */
11735        if (dc->pc >= 0xffff0000) {
11736            /* We always get here via a jump, so know we are not in a
11737               conditional execution block.  */
11738            gen_exception_internal(EXCP_KERNEL_TRAP);
11739            dc->is_jmp = DISAS_EXC;
11740            break;
11741        }
11742#else
11743        if (dc->pc >= 0xfffffff0 && arm_dc_feature(dc, ARM_FEATURE_M)) {
11744            /* We always get here via a jump, so know we are not in a
11745               conditional execution block.  */
11746            gen_exception_internal(EXCP_EXCEPTION_EXIT);
11747            dc->is_jmp = DISAS_EXC;
11748            break;
11749        }
11750#endif
11751
11752        if (unlikely(!QTAILQ_EMPTY(&cs->breakpoints))) {
11753            CPUBreakpoint *bp;
11754            QTAILQ_FOREACH(bp, &cs->breakpoints, entry) {
11755                if (bp->pc == dc->pc) {
11756                    if (bp->flags & BP_CPU) {
11757                        gen_set_condexec(dc);
11758                        gen_set_pc_im(dc, dc->pc);
11759                        gen_helper_check_breakpoints(cpu_env);
11760                        /* End the TB early; it's likely not going to be executed */
11761                        dc->is_jmp = DISAS_UPDATE;
11762                    } else {
11763                        gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
11764                        /* The address covered by the breakpoint must be
11765                           included in [tb->pc, tb->pc + tb->size) in order
11766                           to for it to be properly cleared -- thus we
11767                           increment the PC here so that the logic setting
11768                           tb->size below does the right thing.  */
11769                        /* TODO: Advance PC by correct instruction length to
11770                         * avoid disassembler error messages */
11771                        dc->pc += 2;
11772                        goto done_generating;
11773                    }
11774                    break;
11775                }
11776            }
11777        }
11778
11779        if (num_insns == max_insns && (tb->cflags & CF_LAST_IO)) {
11780            gen_io_start();
11781        }
11782
11783        if (dc->ss_active && !dc->pstate_ss) {
11784            /* Singlestep state is Active-pending.
11785             * If we're in this state at the start of a TB then either
11786             *  a) we just took an exception to an EL which is being debugged
11787             *     and this is the first insn in the exception handler
11788             *  b) debug exceptions were masked and we just unmasked them
11789             *     without changing EL (eg by clearing PSTATE.D)
11790             * In either case we're going to take a swstep exception in the
11791             * "did not step an insn" case, and so the syndrome ISV and EX
11792             * bits should be zero.
11793             */
11794            assert(num_insns == 1);
11795            gen_exception(EXCP_UDEF, syn_swstep(dc->ss_same_el, 0, 0),
11796                          default_exception_el(dc));
11797            goto done_generating;
11798        }
11799
11800        if (dc->thumb) {
11801            disas_thumb_insn(env, dc);
11802            if (dc->condexec_mask) {
11803                dc->condexec_cond = (dc->condexec_cond & 0xe)
11804                                   | ((dc->condexec_mask >> 4) & 1);
11805                dc->condexec_mask = (dc->condexec_mask << 1) & 0x1f;
11806                if (dc->condexec_mask == 0) {
11807                    dc->condexec_cond = 0;
11808                }
11809            }
11810        } else {
11811            unsigned int insn = arm_ldl_code(env, dc->pc, dc->sctlr_b);
11812            dc->pc += 4;
11813            disas_arm_insn(dc, insn);
11814        }
11815
11816        if (dc->condjmp && !dc->is_jmp) {
11817            gen_set_label(dc->condlabel);
11818            dc->condjmp = 0;
11819        }
11820
11821        if (tcg_check_temp_count()) {
11822            fprintf(stderr, "TCG temporary leak before "TARGET_FMT_lx"\n",
11823                    dc->pc);
11824        }
11825
11826        /* Translation stops when a conditional branch is encountered.
11827         * Otherwise the subsequent code could get translated several times.
11828         * Also stop translation when a page boundary is reached.  This
11829         * ensures prefetch aborts occur at the right place.  */
11830
11831        /* We want to stop the TB if the next insn starts in a new page,
11832         * or if it spans between this page and the next. This means that
11833         * if we're looking at the last halfword in the page we need to
11834         * see if it's a 16-bit Thumb insn (which will fit in this TB)
11835         * or a 32-bit Thumb insn (which won't).
11836         * This is to avoid generating a silly TB with a single 16-bit insn
11837         * in it at the end of this page (which would execute correctly
11838         * but isn't very efficient).
11839         */
11840        end_of_page = (dc->pc >= next_page_start) ||
11841            ((dc->pc >= next_page_start - 3) && insn_crosses_page(env, dc));
11842
11843    } while (!dc->is_jmp && !tcg_op_buf_full() &&
11844             !cs->singlestep_enabled &&
11845             !singlestep &&
11846             !dc->ss_active &&
11847             !end_of_page &&
11848             num_insns < max_insns);
11849
11850    if (tb->cflags & CF_LAST_IO) {
11851        if (dc->condjmp) {
11852            /* FIXME:  This can theoretically happen with self-modifying
11853               code.  */
11854            cpu_abort(cs, "IO on conditional branch instruction");
11855        }
11856        gen_io_end();
11857    }
11858
11859    /* At this stage dc->condjmp will only be set when the skipped
11860       instruction was a conditional branch or trap, and the PC has
11861       already been written.  */
11862    if (unlikely(cs->singlestep_enabled || dc->ss_active)) {
11863        /* Unconditional and "condition passed" instruction codepath. */
11864        gen_set_condexec(dc);
11865        switch (dc->is_jmp) {
11866        case DISAS_SWI:
11867            gen_ss_advance(dc);
11868            gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
11869                          default_exception_el(dc));
11870            break;
11871        case DISAS_HVC:
11872            gen_ss_advance(dc);
11873            gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
11874            break;
11875        case DISAS_SMC:
11876            gen_ss_advance(dc);
11877            gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
11878            break;
11879        case DISAS_NEXT:
11880        case DISAS_UPDATE:
11881            gen_set_pc_im(dc, dc->pc);
11882            /* fall through */
11883        default:
11884            if (dc->ss_active) {
11885                gen_step_complete_exception(dc);
11886            } else {
11887                /* FIXME: Single stepping a WFI insn will not halt
11888                   the CPU.  */
11889                gen_exception_internal(EXCP_DEBUG);
11890            }
11891        }
11892        if (dc->condjmp) {
11893            /* "Condition failed" instruction codepath. */
11894            gen_set_label(dc->condlabel);
11895            gen_set_condexec(dc);
11896            gen_set_pc_im(dc, dc->pc);
11897            if (dc->ss_active) {
11898                gen_step_complete_exception(dc);
11899            } else {
11900                gen_exception_internal(EXCP_DEBUG);
11901            }
11902        }
11903    } else {
11904        /* While branches must always occur at the end of an IT block,
11905           there are a few other things that can cause us to terminate
11906           the TB in the middle of an IT block:
11907            - Exception generating instructions (bkpt, swi, undefined).
11908            - Page boundaries.
11909            - Hardware watchpoints.
11910           Hardware breakpoints have already been handled and skip this code.
11911         */
11912        gen_set_condexec(dc);
11913        switch(dc->is_jmp) {
11914        case DISAS_NEXT:
11915            gen_goto_tb(dc, 1, dc->pc);
11916            break;
11917        case DISAS_UPDATE:
11918            gen_set_pc_im(dc, dc->pc);
11919            /* fall through */
11920        case DISAS_JUMP:
11921        default:
11922            /* indicate that the hash table must be used to find the next TB */
11923            tcg_gen_exit_tb(0);
11924            break;
11925        case DISAS_TB_JUMP:
11926            /* nothing more to generate */
11927            break;
11928        case DISAS_WFI:
11929            gen_helper_wfi(cpu_env);
11930            /* The helper doesn't necessarily throw an exception, but we
11931             * must go back to the main loop to check for interrupts anyway.
11932             */
11933            tcg_gen_exit_tb(0);
11934            break;
11935        case DISAS_WFE:
11936            gen_helper_wfe(cpu_env);
11937            break;
11938        case DISAS_YIELD:
11939            gen_helper_yield(cpu_env);
11940            break;
11941        case DISAS_SWI:
11942            gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb),
11943                          default_exception_el(dc));
11944            break;
11945        case DISAS_HVC:
11946            gen_exception(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2);
11947            break;
11948        case DISAS_SMC:
11949            gen_exception(EXCP_SMC, syn_aa32_smc(), 3);
11950            break;
11951        }
11952        if (dc->condjmp) {
11953            gen_set_label(dc->condlabel);
11954            gen_set_condexec(dc);
11955            gen_goto_tb(dc, 1, dc->pc);
11956            dc->condjmp = 0;
11957        }
11958    }
11959
11960done_generating:
11961    gen_tb_end(tb, num_insns);
11962
11963#ifdef DEBUG_DISAS
11964    if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM) &&
11965        qemu_log_in_addr_range(pc_start)) {
11966        qemu_log_lock();
11967        qemu_log("----------------\n");
11968        qemu_log("IN: %s\n", lookup_symbol(pc_start));
11969        log_target_disas(cs, pc_start, dc->pc - pc_start,
11970                         dc->thumb | (dc->sctlr_b << 1));
11971        qemu_log("\n");
11972        qemu_log_unlock();
11973    }
11974#endif
11975    tb->size = dc->pc - pc_start;
11976    tb->icount = num_insns;
11977}
11978
11979static const char *cpu_mode_names[16] = {
11980  "usr", "fiq", "irq", "svc", "???", "???", "mon", "abt",
11981  "???", "???", "hyp", "und", "???", "???", "???", "sys"
11982};
11983
11984void arm_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
11985                        int flags)
11986{
11987    ARMCPU *cpu = ARM_CPU(cs);
11988    CPUARMState *env = &cpu->env;
11989    int i;
11990    uint32_t psr;
11991    const char *ns_status;
11992
11993    if (is_a64(env)) {
11994        aarch64_cpu_dump_state(cs, f, cpu_fprintf, flags);
11995        return;
11996    }
11997
11998    for(i=0;i<16;i++) {
11999        cpu_fprintf(f, "R%02d=%08x", i, env->regs[i]);
12000        if ((i % 4) == 3)

12001            cpu_fprintf(f, "\n");
12002        else
12003            cpu_fprintf(f, " ");
12004    }
12005    psr = cpsr_read(env);
12006
12007    if (arm_feature(env, ARM_FEATURE_EL3) &&
12008        (psr & CPSR_M) != ARM_CPU_MODE_MON) {
12009        ns_status = env->cp15.scr_el3 & SCR_NS ? "NS " : "S ";
12010    } else {
12011        ns_status = "";
12012    }
12013
12014    cpu_fprintf(f, "PSR=%08x %c%c%c%c %c %s%s%d\n",
12015                psr,
12016                psr & (1 << 31) ? 'N' : '-',
12017                psr & (1 << 30) ? 'Z' : '-',
12018                psr & (1 << 29) ? 'C' : '-',
12019                psr & (1 << 28) ? 'V' : '-',
12020                psr & CPSR_T ? 'T' : 'A',
12021                ns_status,
12022                cpu_mode_names[psr & 0xf], (psr & 0x10) ? 32 : 26);
12023
12024    if (flags & CPU_DUMP_FPU) {
12025        int numvfpregs = 0;
12026        if (arm_feature(env, ARM_FEATURE_VFP)) {
12027            numvfpregs += 16;
12028        }
12029        if (arm_feature(env, ARM_FEATURE_VFP3)) {
12030            numvfpregs += 16;
12031        }
12032        for (i = 0; i < numvfpregs; i++) {
12033            uint64_t v = float64_val(env->vfp.regs[i]);
12034            cpu_fprintf(f, "s%02d=%08x s%02d=%08x d%02d=%016" PRIx64 "\n",
12035                        i * 2, (uint32_t)v,
12036                        i * 2 + 1, (uint32_t)(v >> 32),
12037                        i, v);
12038        }
12039        cpu_fprintf(f, "FPSCR: %08x\n", (int)env->vfp.xregs[ARM_VFP_FPSCR]);
12040    }
12041}
12042
12043void restore_state_to_opc(CPUARMState *env, TranslationBlock *tb,
12044                          target_ulong *data)
12045{
12046    if (is_a64(env)) {
12047        env->pc = data[0];
12048        env->condexec_bits = 0;
12049        env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
12050    } else {
12051        env->regs[15] = data[0];
12052        env->condexec_bits = data[1];
12053        env->exception.syndrome = data[2] << ARM_INSN_START_WORD2_SHIFT;
12054    }
12055}
12056