1 /* 2 * ARM translation 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * Copyright (c) 2005-2007 CodeSourcery 6 * Copyright (c) 2007 OpenedHand, Ltd. 7 * 8 * This library is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU Lesser General Public 10 * License as published by the Free Software Foundation; either 11 * version 2.1 of the License, or (at your option) any later version. 12 * 13 * This library is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * Lesser General Public License for more details. 17 * 18 * You should have received a copy of the GNU Lesser General Public 19 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 20 */ 21 #include "qemu/osdep.h" 22 23 #include "translate.h" 24 #include "translate-a32.h" 25 #include "qemu/log.h" 26 #include "arm_ldst.h" 27 #include "semihosting/semihost.h" 28 #include "cpregs.h" 29 #include "exec/helper-proto.h" 30 #include "exec/target_page.h" 31 32 #define HELPER_H "helper.h" 33 #include "exec/helper-info.c.inc" 34 #undef HELPER_H 35 36 #define ENABLE_ARCH_4T arm_dc_feature(s, ARM_FEATURE_V4T) 37 #define ENABLE_ARCH_5 arm_dc_feature(s, ARM_FEATURE_V5) 38 /* currently all emulated v5 cores are also v5TE, so don't bother */ 39 #define ENABLE_ARCH_5TE arm_dc_feature(s, ARM_FEATURE_V5) 40 #define ENABLE_ARCH_5J dc_isar_feature(aa32_jazelle, s) 41 #define ENABLE_ARCH_6 arm_dc_feature(s, ARM_FEATURE_V6) 42 #define ENABLE_ARCH_6K arm_dc_feature(s, ARM_FEATURE_V6K) 43 #define ENABLE_ARCH_6T2 arm_dc_feature(s, ARM_FEATURE_THUMB2) 44 #define ENABLE_ARCH_7 arm_dc_feature(s, ARM_FEATURE_V7) 45 #define ENABLE_ARCH_8 arm_dc_feature(s, ARM_FEATURE_V8) 46 47 /* These are TCG temporaries used only by the legacy iwMMXt decoder */ 48 static TCGv_i64 cpu_V0, cpu_V1, cpu_M0; 49 /* These are TCG globals which alias CPUARMState fields */ 50 static TCGv_i32 cpu_R[16]; 51 TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF; 52 TCGv_i64 cpu_exclusive_addr; 53 TCGv_i64 cpu_exclusive_val; 54 55 static const char * const regnames[] = 56 { "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7", 57 "r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" }; 58 59 60 /* initialize TCG globals. */ 61 void arm_translate_init(void) 62 { 63 int i; 64 65 for (i = 0; i < 16; i++) { 66 cpu_R[i] = tcg_global_mem_new_i32(tcg_env, 67 offsetof(CPUARMState, regs[i]), 68 regnames[i]); 69 } 70 cpu_CF = tcg_global_mem_new_i32(tcg_env, offsetof(CPUARMState, CF), "CF"); 71 cpu_NF = tcg_global_mem_new_i32(tcg_env, offsetof(CPUARMState, NF), "NF"); 72 cpu_VF = tcg_global_mem_new_i32(tcg_env, offsetof(CPUARMState, VF), "VF"); 73 cpu_ZF = tcg_global_mem_new_i32(tcg_env, offsetof(CPUARMState, ZF), "ZF"); 74 75 cpu_exclusive_addr = tcg_global_mem_new_i64(tcg_env, 76 offsetof(CPUARMState, exclusive_addr), "exclusive_addr"); 77 cpu_exclusive_val = tcg_global_mem_new_i64(tcg_env, 78 offsetof(CPUARMState, exclusive_val), "exclusive_val"); 79 80 a64_translate_init(); 81 } 82 83 uint64_t asimd_imm_const(uint32_t imm, int cmode, int op) 84 { 85 /* Expand the encoded constant as per AdvSIMDExpandImm pseudocode */ 86 switch (cmode) { 87 case 0: case 1: 88 /* no-op */ 89 break; 90 case 2: case 3: 91 imm <<= 8; 92 break; 93 case 4: case 5: 94 imm <<= 16; 95 break; 96 case 6: case 7: 97 imm <<= 24; 98 break; 99 case 8: case 9: 100 imm |= imm << 16; 101 break; 102 case 10: case 11: 103 imm = (imm << 8) | (imm << 24); 104 break; 105 case 12: 106 imm = (imm << 8) | 0xff; 107 break; 108 case 13: 109 imm = (imm << 16) | 0xffff; 110 break; 111 case 14: 112 if (op) { 113 /* 114 * This and cmode == 15 op == 1 are the only cases where 115 * the top and bottom 32 bits of the encoded constant differ. 116 */ 117 uint64_t imm64 = 0; 118 int n; 119 120 for (n = 0; n < 8; n++) { 121 if (imm & (1 << n)) { 122 imm64 |= (0xffULL << (n * 8)); 123 } 124 } 125 return imm64; 126 } 127 imm |= (imm << 8) | (imm << 16) | (imm << 24); 128 break; 129 case 15: 130 if (op) { 131 /* Reserved encoding for AArch32; valid for AArch64 */ 132 uint64_t imm64 = (uint64_t)(imm & 0x3f) << 48; 133 if (imm & 0x80) { 134 imm64 |= 0x8000000000000000ULL; 135 } 136 if (imm & 0x40) { 137 imm64 |= 0x3fc0000000000000ULL; 138 } else { 139 imm64 |= 0x4000000000000000ULL; 140 } 141 return imm64; 142 } 143 imm = ((imm & 0x80) << 24) | ((imm & 0x3f) << 19) 144 | ((imm & 0x40) ? (0x1f << 25) : (1 << 30)); 145 break; 146 } 147 if (op) { 148 imm = ~imm; 149 } 150 return dup_const(MO_32, imm); 151 } 152 153 /* Generate a label used for skipping this instruction */ 154 void arm_gen_condlabel(DisasContext *s) 155 { 156 if (!s->condjmp) { 157 s->condlabel = gen_disas_label(s); 158 s->condjmp = 1; 159 } 160 } 161 162 /* Flags for the disas_set_da_iss info argument: 163 * lower bits hold the Rt register number, higher bits are flags. 164 */ 165 typedef enum ISSInfo { 166 ISSNone = 0, 167 ISSRegMask = 0x1f, 168 ISSInvalid = (1 << 5), 169 ISSIsAcqRel = (1 << 6), 170 ISSIsWrite = (1 << 7), 171 ISSIs16Bit = (1 << 8), 172 } ISSInfo; 173 174 /* 175 * Store var into env + offset to a member with size bytes. 176 * Free var after use. 177 */ 178 void store_cpu_offset(TCGv_i32 var, int offset, int size) 179 { 180 switch (size) { 181 case 1: 182 tcg_gen_st8_i32(var, tcg_env, offset); 183 break; 184 case 4: 185 tcg_gen_st_i32(var, tcg_env, offset); 186 break; 187 default: 188 g_assert_not_reached(); 189 } 190 } 191 192 /* Save the syndrome information for a Data Abort */ 193 static void disas_set_da_iss(DisasContext *s, MemOp memop, ISSInfo issinfo) 194 { 195 uint32_t syn; 196 int sas = memop & MO_SIZE; 197 bool sse = memop & MO_SIGN; 198 bool is_acqrel = issinfo & ISSIsAcqRel; 199 bool is_write = issinfo & ISSIsWrite; 200 bool is_16bit = issinfo & ISSIs16Bit; 201 int srt = issinfo & ISSRegMask; 202 203 if (issinfo & ISSInvalid) { 204 /* Some callsites want to conditionally provide ISS info, 205 * eg "only if this was not a writeback" 206 */ 207 return; 208 } 209 210 if (srt == 15) { 211 /* For AArch32, insns where the src/dest is R15 never generate 212 * ISS information. Catching that here saves checking at all 213 * the call sites. 214 */ 215 return; 216 } 217 218 syn = syn_data_abort_with_iss(0, sas, sse, srt, 0, is_acqrel, 219 0, 0, 0, is_write, 0, is_16bit); 220 disas_set_insn_syndrome(s, syn); 221 } 222 223 static inline int get_a32_user_mem_index(DisasContext *s) 224 { 225 /* Return the core mmu_idx to use for A32/T32 "unprivileged load/store" 226 * insns: 227 * if PL2, UNPREDICTABLE (we choose to implement as if PL0) 228 * otherwise, access as if at PL0. 229 */ 230 switch (s->mmu_idx) { 231 case ARMMMUIdx_E3: 232 case ARMMMUIdx_E30_0: 233 case ARMMMUIdx_E30_3_PAN: 234 return arm_to_core_mmu_idx(ARMMMUIdx_E30_0); 235 case ARMMMUIdx_E2: /* this one is UNPREDICTABLE */ 236 case ARMMMUIdx_E10_0: 237 case ARMMMUIdx_E10_1: 238 case ARMMMUIdx_E10_1_PAN: 239 return arm_to_core_mmu_idx(ARMMMUIdx_E10_0); 240 case ARMMMUIdx_MUser: 241 case ARMMMUIdx_MPriv: 242 return arm_to_core_mmu_idx(ARMMMUIdx_MUser); 243 case ARMMMUIdx_MUserNegPri: 244 case ARMMMUIdx_MPrivNegPri: 245 return arm_to_core_mmu_idx(ARMMMUIdx_MUserNegPri); 246 case ARMMMUIdx_MSUser: 247 case ARMMMUIdx_MSPriv: 248 return arm_to_core_mmu_idx(ARMMMUIdx_MSUser); 249 case ARMMMUIdx_MSUserNegPri: 250 case ARMMMUIdx_MSPrivNegPri: 251 return arm_to_core_mmu_idx(ARMMMUIdx_MSUserNegPri); 252 default: 253 g_assert_not_reached(); 254 } 255 } 256 257 /* The pc_curr difference for an architectural jump. */ 258 static target_long jmp_diff(DisasContext *s, target_long diff) 259 { 260 return diff + (s->thumb ? 4 : 8); 261 } 262 263 static void gen_pc_plus_diff(DisasContext *s, TCGv_i32 var, target_long diff) 264 { 265 assert(s->pc_save != -1); 266 if (tb_cflags(s->base.tb) & CF_PCREL) { 267 tcg_gen_addi_i32(var, cpu_R[15], (s->pc_curr - s->pc_save) + diff); 268 } else { 269 tcg_gen_movi_i32(var, s->pc_curr + diff); 270 } 271 } 272 273 /* Set a variable to the value of a CPU register. */ 274 void load_reg_var(DisasContext *s, TCGv_i32 var, int reg) 275 { 276 if (reg == 15) { 277 gen_pc_plus_diff(s, var, jmp_diff(s, 0)); 278 } else { 279 tcg_gen_mov_i32(var, cpu_R[reg]); 280 } 281 } 282 283 /* 284 * Create a new temp, REG + OFS, except PC is ALIGN(PC, 4). 285 * This is used for load/store for which use of PC implies (literal), 286 * or ADD that implies ADR. 287 */ 288 TCGv_i32 add_reg_for_lit(DisasContext *s, int reg, int ofs) 289 { 290 TCGv_i32 tmp = tcg_temp_new_i32(); 291 292 if (reg == 15) { 293 /* 294 * This address is computed from an aligned PC: 295 * subtract off the low bits. 296 */ 297 gen_pc_plus_diff(s, tmp, jmp_diff(s, ofs - (s->pc_curr & 3))); 298 } else { 299 tcg_gen_addi_i32(tmp, cpu_R[reg], ofs); 300 } 301 return tmp; 302 } 303 304 /* Set a CPU register. The source must be a temporary and will be 305 marked as dead. */ 306 void store_reg(DisasContext *s, int reg, TCGv_i32 var) 307 { 308 if (reg == 15) { 309 /* In Thumb mode, we must ignore bit 0. 310 * In ARM mode, for ARMv4 and ARMv5, it is UNPREDICTABLE if bits [1:0] 311 * are not 0b00, but for ARMv6 and above, we must ignore bits [1:0]. 312 * We choose to ignore [1:0] in ARM mode for all architecture versions. 313 */ 314 tcg_gen_andi_i32(var, var, s->thumb ? ~1 : ~3); 315 s->base.is_jmp = DISAS_JUMP; 316 s->pc_save = -1; 317 } else if (reg == 13 && arm_dc_feature(s, ARM_FEATURE_M)) { 318 /* For M-profile SP bits [1:0] are always zero */ 319 tcg_gen_andi_i32(var, var, ~3); 320 } 321 tcg_gen_mov_i32(cpu_R[reg], var); 322 } 323 324 /* 325 * Variant of store_reg which applies v8M stack-limit checks before updating 326 * SP. If the check fails this will result in an exception being taken. 327 * We disable the stack checks for CONFIG_USER_ONLY because we have 328 * no idea what the stack limits should be in that case. 329 * If stack checking is not being done this just acts like store_reg(). 330 */ 331 static void store_sp_checked(DisasContext *s, TCGv_i32 var) 332 { 333 #ifndef CONFIG_USER_ONLY 334 if (s->v8m_stackcheck) { 335 gen_helper_v8m_stackcheck(tcg_env, var); 336 } 337 #endif 338 store_reg(s, 13, var); 339 } 340 341 /* Value extensions. */ 342 #define gen_uxtb(var) tcg_gen_ext8u_i32(var, var) 343 #define gen_uxth(var) tcg_gen_ext16u_i32(var, var) 344 #define gen_sxtb(var) tcg_gen_ext8s_i32(var, var) 345 #define gen_sxth(var) tcg_gen_ext16s_i32(var, var) 346 347 #define gen_sxtb16(var) gen_helper_sxtb16(var, var) 348 #define gen_uxtb16(var) gen_helper_uxtb16(var, var) 349 350 void gen_set_cpsr(TCGv_i32 var, uint32_t mask) 351 { 352 gen_helper_cpsr_write(tcg_env, var, tcg_constant_i32(mask)); 353 } 354 355 static void gen_rebuild_hflags(DisasContext *s, bool new_el) 356 { 357 bool m_profile = arm_dc_feature(s, ARM_FEATURE_M); 358 359 if (new_el) { 360 if (m_profile) { 361 gen_helper_rebuild_hflags_m32_newel(tcg_env); 362 } else { 363 gen_helper_rebuild_hflags_a32_newel(tcg_env); 364 } 365 } else { 366 TCGv_i32 tcg_el = tcg_constant_i32(s->current_el); 367 if (m_profile) { 368 gen_helper_rebuild_hflags_m32(tcg_env, tcg_el); 369 } else { 370 gen_helper_rebuild_hflags_a32(tcg_env, tcg_el); 371 } 372 } 373 } 374 375 static void gen_exception_internal(int excp) 376 { 377 assert(excp_is_internal(excp)); 378 gen_helper_exception_internal(tcg_env, tcg_constant_i32(excp)); 379 } 380 381 static void gen_singlestep_exception(DisasContext *s) 382 { 383 /* We just completed step of an insn. Move from Active-not-pending 384 * to Active-pending, and then also take the swstep exception. 385 * This corresponds to making the (IMPDEF) choice to prioritize 386 * swstep exceptions over asynchronous exceptions taken to an exception 387 * level where debug is disabled. This choice has the advantage that 388 * we do not need to maintain internal state corresponding to the 389 * ISV/EX syndrome bits between completion of the step and generation 390 * of the exception, and our syndrome information is always correct. 391 */ 392 gen_ss_advance(s); 393 gen_swstep_exception(s, 1, s->is_ldex); 394 s->base.is_jmp = DISAS_NORETURN; 395 } 396 397 void clear_eci_state(DisasContext *s) 398 { 399 /* 400 * Clear any ECI/ICI state: used when a load multiple/store 401 * multiple insn executes. 402 */ 403 if (s->eci) { 404 store_cpu_field_constant(0, condexec_bits); 405 s->eci = 0; 406 } 407 } 408 409 static void gen_smul_dual(TCGv_i32 a, TCGv_i32 b) 410 { 411 TCGv_i32 tmp1 = tcg_temp_new_i32(); 412 TCGv_i32 tmp2 = tcg_temp_new_i32(); 413 tcg_gen_ext16s_i32(tmp1, a); 414 tcg_gen_ext16s_i32(tmp2, b); 415 tcg_gen_mul_i32(tmp1, tmp1, tmp2); 416 tcg_gen_sari_i32(a, a, 16); 417 tcg_gen_sari_i32(b, b, 16); 418 tcg_gen_mul_i32(b, b, a); 419 tcg_gen_mov_i32(a, tmp1); 420 } 421 422 /* Byteswap each halfword. */ 423 void gen_rev16(TCGv_i32 dest, TCGv_i32 var) 424 { 425 TCGv_i32 tmp = tcg_temp_new_i32(); 426 TCGv_i32 mask = tcg_constant_i32(0x00ff00ff); 427 tcg_gen_shri_i32(tmp, var, 8); 428 tcg_gen_and_i32(tmp, tmp, mask); 429 tcg_gen_and_i32(var, var, mask); 430 tcg_gen_shli_i32(var, var, 8); 431 tcg_gen_or_i32(dest, var, tmp); 432 } 433 434 /* Byteswap low halfword and sign extend. */ 435 static void gen_revsh(TCGv_i32 dest, TCGv_i32 var) 436 { 437 tcg_gen_bswap16_i32(var, var, TCG_BSWAP_OS); 438 } 439 440 /* Dual 16-bit add. Result placed in t0 and t1 is marked as dead. 441 tmp = (t0 ^ t1) & 0x8000; 442 t0 &= ~0x8000; 443 t1 &= ~0x8000; 444 t0 = (t0 + t1) ^ tmp; 445 */ 446 447 static void gen_add16(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 448 { 449 TCGv_i32 tmp = tcg_temp_new_i32(); 450 tcg_gen_xor_i32(tmp, t0, t1); 451 tcg_gen_andi_i32(tmp, tmp, 0x8000); 452 tcg_gen_andi_i32(t0, t0, ~0x8000); 453 tcg_gen_andi_i32(t1, t1, ~0x8000); 454 tcg_gen_add_i32(t0, t0, t1); 455 tcg_gen_xor_i32(dest, t0, tmp); 456 } 457 458 /* Set N and Z flags from var. */ 459 static inline void gen_logic_CC(TCGv_i32 var) 460 { 461 tcg_gen_mov_i32(cpu_NF, var); 462 tcg_gen_mov_i32(cpu_ZF, var); 463 } 464 465 /* dest = T0 + T1 + CF. */ 466 static void gen_add_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 467 { 468 tcg_gen_add_i32(dest, t0, t1); 469 tcg_gen_add_i32(dest, dest, cpu_CF); 470 } 471 472 /* dest = T0 - T1 + CF - 1. */ 473 static void gen_sub_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 474 { 475 tcg_gen_sub_i32(dest, t0, t1); 476 tcg_gen_add_i32(dest, dest, cpu_CF); 477 tcg_gen_subi_i32(dest, dest, 1); 478 } 479 480 /* dest = T0 + T1. Compute C, N, V and Z flags */ 481 static void gen_add_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 482 { 483 TCGv_i32 tmp = tcg_temp_new_i32(); 484 tcg_gen_movi_i32(tmp, 0); 485 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, t1, tmp); 486 tcg_gen_mov_i32(cpu_ZF, cpu_NF); 487 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0); 488 tcg_gen_xor_i32(tmp, t0, t1); 489 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp); 490 tcg_gen_mov_i32(dest, cpu_NF); 491 } 492 493 /* dest = T0 + T1 + CF. Compute C, N, V and Z flags */ 494 static void gen_adc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 495 { 496 TCGv_i32 tmp = tcg_temp_new_i32(); 497 if (tcg_op_supported(INDEX_op_add2_i32, TCG_TYPE_I32, 0)) { 498 tcg_gen_movi_i32(tmp, 0); 499 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, cpu_CF, tmp); 500 tcg_gen_add2_i32(cpu_NF, cpu_CF, cpu_NF, cpu_CF, t1, tmp); 501 } else { 502 TCGv_i64 q0 = tcg_temp_new_i64(); 503 TCGv_i64 q1 = tcg_temp_new_i64(); 504 tcg_gen_extu_i32_i64(q0, t0); 505 tcg_gen_extu_i32_i64(q1, t1); 506 tcg_gen_add_i64(q0, q0, q1); 507 tcg_gen_extu_i32_i64(q1, cpu_CF); 508 tcg_gen_add_i64(q0, q0, q1); 509 tcg_gen_extr_i64_i32(cpu_NF, cpu_CF, q0); 510 } 511 tcg_gen_mov_i32(cpu_ZF, cpu_NF); 512 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0); 513 tcg_gen_xor_i32(tmp, t0, t1); 514 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp); 515 tcg_gen_mov_i32(dest, cpu_NF); 516 } 517 518 /* dest = T0 - T1. Compute C, N, V and Z flags */ 519 static void gen_sub_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 520 { 521 TCGv_i32 tmp; 522 tcg_gen_sub_i32(cpu_NF, t0, t1); 523 tcg_gen_mov_i32(cpu_ZF, cpu_NF); 524 tcg_gen_setcond_i32(TCG_COND_GEU, cpu_CF, t0, t1); 525 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0); 526 tmp = tcg_temp_new_i32(); 527 tcg_gen_xor_i32(tmp, t0, t1); 528 tcg_gen_and_i32(cpu_VF, cpu_VF, tmp); 529 tcg_gen_mov_i32(dest, cpu_NF); 530 } 531 532 /* dest = T0 + ~T1 + CF. Compute C, N, V and Z flags */ 533 static void gen_sbc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 534 { 535 TCGv_i32 tmp = tcg_temp_new_i32(); 536 tcg_gen_not_i32(tmp, t1); 537 gen_adc_CC(dest, t0, tmp); 538 } 539 540 #define GEN_SHIFT(name) \ 541 static void gen_##name(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) \ 542 { \ 543 TCGv_i32 tmpd = tcg_temp_new_i32(); \ 544 TCGv_i32 tmp1 = tcg_temp_new_i32(); \ 545 TCGv_i32 zero = tcg_constant_i32(0); \ 546 tcg_gen_andi_i32(tmp1, t1, 0x1f); \ 547 tcg_gen_##name##_i32(tmpd, t0, tmp1); \ 548 tcg_gen_andi_i32(tmp1, t1, 0xe0); \ 549 tcg_gen_movcond_i32(TCG_COND_NE, dest, tmp1, zero, zero, tmpd); \ 550 } 551 GEN_SHIFT(shl) 552 GEN_SHIFT(shr) 553 #undef GEN_SHIFT 554 555 static void gen_sar(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 556 { 557 TCGv_i32 tmp1 = tcg_temp_new_i32(); 558 559 tcg_gen_andi_i32(tmp1, t1, 0xff); 560 tcg_gen_umin_i32(tmp1, tmp1, tcg_constant_i32(31)); 561 tcg_gen_sar_i32(dest, t0, tmp1); 562 } 563 564 static void shifter_out_im(TCGv_i32 var, int shift) 565 { 566 tcg_gen_extract_i32(cpu_CF, var, shift, 1); 567 } 568 569 /* Shift by immediate. Includes special handling for shift == 0. */ 570 static inline void gen_arm_shift_im(TCGv_i32 var, int shiftop, 571 int shift, int flags) 572 { 573 switch (shiftop) { 574 case 0: /* LSL */ 575 if (shift != 0) { 576 if (flags) 577 shifter_out_im(var, 32 - shift); 578 tcg_gen_shli_i32(var, var, shift); 579 } 580 break; 581 case 1: /* LSR */ 582 if (shift == 0) { 583 if (flags) { 584 tcg_gen_shri_i32(cpu_CF, var, 31); 585 } 586 tcg_gen_movi_i32(var, 0); 587 } else { 588 if (flags) 589 shifter_out_im(var, shift - 1); 590 tcg_gen_shri_i32(var, var, shift); 591 } 592 break; 593 case 2: /* ASR */ 594 if (shift == 0) 595 shift = 32; 596 if (flags) 597 shifter_out_im(var, shift - 1); 598 if (shift == 32) 599 shift = 31; 600 tcg_gen_sari_i32(var, var, shift); 601 break; 602 case 3: /* ROR/RRX */ 603 if (shift != 0) { 604 if (flags) 605 shifter_out_im(var, shift - 1); 606 tcg_gen_rotri_i32(var, var, shift); break; 607 } else { 608 TCGv_i32 tmp = tcg_temp_new_i32(); 609 tcg_gen_shli_i32(tmp, cpu_CF, 31); 610 if (flags) 611 shifter_out_im(var, 0); 612 tcg_gen_shri_i32(var, var, 1); 613 tcg_gen_or_i32(var, var, tmp); 614 } 615 } 616 }; 617 618 static inline void gen_arm_shift_reg(TCGv_i32 var, int shiftop, 619 TCGv_i32 shift, int flags) 620 { 621 if (flags) { 622 switch (shiftop) { 623 case 0: gen_helper_shl_cc(var, tcg_env, var, shift); break; 624 case 1: gen_helper_shr_cc(var, tcg_env, var, shift); break; 625 case 2: gen_helper_sar_cc(var, tcg_env, var, shift); break; 626 case 3: gen_helper_ror_cc(var, tcg_env, var, shift); break; 627 } 628 } else { 629 switch (shiftop) { 630 case 0: 631 gen_shl(var, var, shift); 632 break; 633 case 1: 634 gen_shr(var, var, shift); 635 break; 636 case 2: 637 gen_sar(var, var, shift); 638 break; 639 case 3: tcg_gen_andi_i32(shift, shift, 0x1f); 640 tcg_gen_rotr_i32(var, var, shift); break; 641 } 642 } 643 } 644 645 /* 646 * Generate a conditional based on ARM condition code cc. 647 * This is common between ARM and Aarch64 targets. 648 */ 649 void arm_test_cc(DisasCompare *cmp, int cc) 650 { 651 TCGv_i32 value; 652 TCGCond cond; 653 654 switch (cc) { 655 case 0: /* eq: Z */ 656 case 1: /* ne: !Z */ 657 cond = TCG_COND_EQ; 658 value = cpu_ZF; 659 break; 660 661 case 2: /* cs: C */ 662 case 3: /* cc: !C */ 663 cond = TCG_COND_NE; 664 value = cpu_CF; 665 break; 666 667 case 4: /* mi: N */ 668 case 5: /* pl: !N */ 669 cond = TCG_COND_LT; 670 value = cpu_NF; 671 break; 672 673 case 6: /* vs: V */ 674 case 7: /* vc: !V */ 675 cond = TCG_COND_LT; 676 value = cpu_VF; 677 break; 678 679 case 8: /* hi: C && !Z */ 680 case 9: /* ls: !C || Z -> !(C && !Z) */ 681 cond = TCG_COND_NE; 682 value = tcg_temp_new_i32(); 683 /* CF is 1 for C, so -CF is an all-bits-set mask for C; 684 ZF is non-zero for !Z; so AND the two subexpressions. */ 685 tcg_gen_neg_i32(value, cpu_CF); 686 tcg_gen_and_i32(value, value, cpu_ZF); 687 break; 688 689 case 10: /* ge: N == V -> N ^ V == 0 */ 690 case 11: /* lt: N != V -> N ^ V != 0 */ 691 /* Since we're only interested in the sign bit, == 0 is >= 0. */ 692 cond = TCG_COND_GE; 693 value = tcg_temp_new_i32(); 694 tcg_gen_xor_i32(value, cpu_VF, cpu_NF); 695 break; 696 697 case 12: /* gt: !Z && N == V */ 698 case 13: /* le: Z || N != V */ 699 cond = TCG_COND_NE; 700 value = tcg_temp_new_i32(); 701 /* (N == V) is equal to the sign bit of ~(NF ^ VF). Propagate 702 * the sign bit then AND with ZF to yield the result. */ 703 tcg_gen_xor_i32(value, cpu_VF, cpu_NF); 704 tcg_gen_sari_i32(value, value, 31); 705 tcg_gen_andc_i32(value, cpu_ZF, value); 706 break; 707 708 case 14: /* always */ 709 case 15: /* always */ 710 /* Use the ALWAYS condition, which will fold early. 711 * It doesn't matter what we use for the value. */ 712 cond = TCG_COND_ALWAYS; 713 value = cpu_ZF; 714 goto no_invert; 715 716 default: 717 fprintf(stderr, "Bad condition code 0x%x\n", cc); 718 abort(); 719 } 720 721 if (cc & 1) { 722 cond = tcg_invert_cond(cond); 723 } 724 725 no_invert: 726 cmp->cond = cond; 727 cmp->value = value; 728 } 729 730 void arm_jump_cc(DisasCompare *cmp, TCGLabel *label) 731 { 732 tcg_gen_brcondi_i32(cmp->cond, cmp->value, 0, label); 733 } 734 735 void arm_gen_test_cc(int cc, TCGLabel *label) 736 { 737 DisasCompare cmp; 738 arm_test_cc(&cmp, cc); 739 arm_jump_cc(&cmp, label); 740 } 741 742 void gen_set_condexec(DisasContext *s) 743 { 744 if (s->condexec_mask) { 745 uint32_t val = (s->condexec_cond << 4) | (s->condexec_mask >> 1); 746 747 store_cpu_field_constant(val, condexec_bits); 748 } 749 } 750 751 void gen_update_pc(DisasContext *s, target_long diff) 752 { 753 gen_pc_plus_diff(s, cpu_R[15], diff); 754 s->pc_save = s->pc_curr + diff; 755 } 756 757 /* Set PC and Thumb state from var. var is marked as dead. */ 758 static inline void gen_bx(DisasContext *s, TCGv_i32 var) 759 { 760 s->base.is_jmp = DISAS_JUMP; 761 tcg_gen_andi_i32(cpu_R[15], var, ~1); 762 tcg_gen_andi_i32(var, var, 1); 763 store_cpu_field(var, thumb); 764 s->pc_save = -1; 765 } 766 767 /* 768 * Set PC and Thumb state from var. var is marked as dead. 769 * For M-profile CPUs, include logic to detect exception-return 770 * branches and handle them. This is needed for Thumb POP/LDM to PC, LDR to PC, 771 * and BX reg, and no others, and happens only for code in Handler mode. 772 * The Security Extension also requires us to check for the FNC_RETURN 773 * which signals a function return from non-secure state; this can happen 774 * in both Handler and Thread mode. 775 * To avoid having to do multiple comparisons in inline generated code, 776 * we make the check we do here loose, so it will match for EXC_RETURN 777 * in Thread mode. For system emulation do_v7m_exception_exit() checks 778 * for these spurious cases and returns without doing anything (giving 779 * the same behaviour as for a branch to a non-magic address). 780 * 781 * In linux-user mode it is unclear what the right behaviour for an 782 * attempted FNC_RETURN should be, because in real hardware this will go 783 * directly to Secure code (ie not the Linux kernel) which will then treat 784 * the error in any way it chooses. For QEMU we opt to make the FNC_RETURN 785 * attempt behave the way it would on a CPU without the security extension, 786 * which is to say "like a normal branch". That means we can simply treat 787 * all branches as normal with no magic address behaviour. 788 */ 789 static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var) 790 { 791 /* Generate the same code here as for a simple bx, but flag via 792 * s->base.is_jmp that we need to do the rest of the work later. 793 */ 794 gen_bx(s, var); 795 #ifndef CONFIG_USER_ONLY 796 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY) || 797 (s->v7m_handler_mode && arm_dc_feature(s, ARM_FEATURE_M))) { 798 s->base.is_jmp = DISAS_BX_EXCRET; 799 } 800 #endif 801 } 802 803 static inline void gen_bx_excret_final_code(DisasContext *s) 804 { 805 /* Generate the code to finish possible exception return and end the TB */ 806 DisasLabel excret_label = gen_disas_label(s); 807 uint32_t min_magic; 808 809 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY)) { 810 /* Covers FNC_RETURN and EXC_RETURN magic */ 811 min_magic = FNC_RETURN_MIN_MAGIC; 812 } else { 813 /* EXC_RETURN magic only */ 814 min_magic = EXC_RETURN_MIN_MAGIC; 815 } 816 817 /* Is the new PC value in the magic range indicating exception return? */ 818 tcg_gen_brcondi_i32(TCG_COND_GEU, cpu_R[15], min_magic, excret_label.label); 819 /* No: end the TB as we would for a DISAS_JMP */ 820 if (s->ss_active) { 821 gen_singlestep_exception(s); 822 } else { 823 tcg_gen_exit_tb(NULL, 0); 824 } 825 set_disas_label(s, excret_label); 826 /* Yes: this is an exception return. 827 * At this point in runtime env->regs[15] and env->thumb will hold 828 * the exception-return magic number, which do_v7m_exception_exit() 829 * will read. Nothing else will be able to see those values because 830 * the cpu-exec main loop guarantees that we will always go straight 831 * from raising the exception to the exception-handling code. 832 * 833 * gen_ss_advance(s) does nothing on M profile currently but 834 * calling it is conceptually the right thing as we have executed 835 * this instruction (compare SWI, HVC, SMC handling). 836 */ 837 gen_ss_advance(s); 838 gen_exception_internal(EXCP_EXCEPTION_EXIT); 839 } 840 841 static inline void gen_bxns(DisasContext *s, int rm) 842 { 843 TCGv_i32 var = load_reg(s, rm); 844 845 /* The bxns helper may raise an EXCEPTION_EXIT exception, so in theory 846 * we need to sync state before calling it, but: 847 * - we don't need to do gen_update_pc() because the bxns helper will 848 * always set the PC itself 849 * - we don't need to do gen_set_condexec() because BXNS is UNPREDICTABLE 850 * unless it's outside an IT block or the last insn in an IT block, 851 * so we know that condexec == 0 (already set at the top of the TB) 852 * is correct in the non-UNPREDICTABLE cases, and we can choose 853 * "zeroes the IT bits" as our UNPREDICTABLE behaviour otherwise. 854 */ 855 gen_helper_v7m_bxns(tcg_env, var); 856 s->base.is_jmp = DISAS_EXIT; 857 } 858 859 static inline void gen_blxns(DisasContext *s, int rm) 860 { 861 TCGv_i32 var = load_reg(s, rm); 862 863 /* We don't need to sync condexec state, for the same reason as bxns. 864 * We do however need to set the PC, because the blxns helper reads it. 865 * The blxns helper may throw an exception. 866 */ 867 gen_update_pc(s, curr_insn_len(s)); 868 gen_helper_v7m_blxns(tcg_env, var); 869 s->base.is_jmp = DISAS_EXIT; 870 } 871 872 /* Variant of store_reg which uses branch&exchange logic when storing 873 to r15 in ARM architecture v7 and above. The source must be a temporary 874 and will be marked as dead. */ 875 static inline void store_reg_bx(DisasContext *s, int reg, TCGv_i32 var) 876 { 877 if (reg == 15 && ENABLE_ARCH_7) { 878 gen_bx(s, var); 879 } else { 880 store_reg(s, reg, var); 881 } 882 } 883 884 /* Variant of store_reg which uses branch&exchange logic when storing 885 * to r15 in ARM architecture v5T and above. This is used for storing 886 * the results of a LDR/LDM/POP into r15, and corresponds to the cases 887 * in the ARM ARM which use the LoadWritePC() pseudocode function. */ 888 static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var) 889 { 890 if (reg == 15 && ENABLE_ARCH_5) { 891 gen_bx_excret(s, var); 892 } else { 893 store_reg(s, reg, var); 894 } 895 } 896 897 #ifdef CONFIG_USER_ONLY 898 #define IS_USER_ONLY 1 899 #else 900 #define IS_USER_ONLY 0 901 #endif 902 903 MemOp pow2_align(unsigned i) 904 { 905 static const MemOp mop_align[] = { 906 0, MO_ALIGN_2, MO_ALIGN_4, MO_ALIGN_8, MO_ALIGN_16, MO_ALIGN_32 907 }; 908 g_assert(i < ARRAY_SIZE(mop_align)); 909 return mop_align[i]; 910 } 911 912 /* 913 * Abstractions of "generate code to do a guest load/store for 914 * AArch32", where a vaddr is always 32 bits (and is zero 915 * extended if we're a 64 bit core) and data is also 916 * 32 bits unless specifically doing a 64 bit access. 917 * These functions work like tcg_gen_qemu_{ld,st}* except 918 * that the address argument is TCGv_i32 rather than TCGv. 919 */ 920 921 static TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, MemOp op) 922 { 923 TCGv addr = tcg_temp_new(); 924 tcg_gen_extu_i32_tl(addr, a32); 925 926 /* Not needed for user-mode BE32, where we use MO_BE instead. */ 927 if (!IS_USER_ONLY && s->sctlr_b && (op & MO_SIZE) < MO_32) { 928 tcg_gen_xori_tl(addr, addr, 4 - (1 << (op & MO_SIZE))); 929 } 930 return addr; 931 } 932 933 /* 934 * Internal routines are used for NEON cases where the endianness 935 * and/or alignment has already been taken into account and manipulated. 936 */ 937 void gen_aa32_ld_internal_i32(DisasContext *s, TCGv_i32 val, 938 TCGv_i32 a32, int index, MemOp opc) 939 { 940 TCGv addr = gen_aa32_addr(s, a32, opc); 941 tcg_gen_qemu_ld_i32(val, addr, index, opc); 942 } 943 944 void gen_aa32_st_internal_i32(DisasContext *s, TCGv_i32 val, 945 TCGv_i32 a32, int index, MemOp opc) 946 { 947 TCGv addr = gen_aa32_addr(s, a32, opc); 948 tcg_gen_qemu_st_i32(val, addr, index, opc); 949 } 950 951 void gen_aa32_ld_internal_i64(DisasContext *s, TCGv_i64 val, 952 TCGv_i32 a32, int index, MemOp opc) 953 { 954 TCGv addr = gen_aa32_addr(s, a32, opc); 955 956 tcg_gen_qemu_ld_i64(val, addr, index, opc); 957 958 /* Not needed for user-mode BE32, where we use MO_BE instead. */ 959 if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) { 960 tcg_gen_rotri_i64(val, val, 32); 961 } 962 } 963 964 void gen_aa32_st_internal_i64(DisasContext *s, TCGv_i64 val, 965 TCGv_i32 a32, int index, MemOp opc) 966 { 967 TCGv addr = gen_aa32_addr(s, a32, opc); 968 969 /* Not needed for user-mode BE32, where we use MO_BE instead. */ 970 if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) { 971 TCGv_i64 tmp = tcg_temp_new_i64(); 972 tcg_gen_rotri_i64(tmp, val, 32); 973 tcg_gen_qemu_st_i64(tmp, addr, index, opc); 974 } else { 975 tcg_gen_qemu_st_i64(val, addr, index, opc); 976 } 977 } 978 979 void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32, 980 int index, MemOp opc) 981 { 982 gen_aa32_ld_internal_i32(s, val, a32, index, finalize_memop(s, opc)); 983 } 984 985 void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32, 986 int index, MemOp opc) 987 { 988 gen_aa32_st_internal_i32(s, val, a32, index, finalize_memop(s, opc)); 989 } 990 991 void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32, 992 int index, MemOp opc) 993 { 994 gen_aa32_ld_internal_i64(s, val, a32, index, finalize_memop(s, opc)); 995 } 996 997 void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32, 998 int index, MemOp opc) 999 { 1000 gen_aa32_st_internal_i64(s, val, a32, index, finalize_memop(s, opc)); 1001 } 1002 1003 #define DO_GEN_LD(SUFF, OPC) \ 1004 static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val, \ 1005 TCGv_i32 a32, int index) \ 1006 { \ 1007 gen_aa32_ld_i32(s, val, a32, index, OPC); \ 1008 } 1009 1010 #define DO_GEN_ST(SUFF, OPC) \ 1011 static inline void gen_aa32_st##SUFF(DisasContext *s, TCGv_i32 val, \ 1012 TCGv_i32 a32, int index) \ 1013 { \ 1014 gen_aa32_st_i32(s, val, a32, index, OPC); \ 1015 } 1016 1017 static inline void gen_hvc(DisasContext *s, int imm16) 1018 { 1019 /* The pre HVC helper handles cases when HVC gets trapped 1020 * as an undefined insn by runtime configuration (ie before 1021 * the insn really executes). 1022 */ 1023 gen_update_pc(s, 0); 1024 gen_helper_pre_hvc(tcg_env); 1025 /* Otherwise we will treat this as a real exception which 1026 * happens after execution of the insn. (The distinction matters 1027 * for the PC value reported to the exception handler and also 1028 * for single stepping.) 1029 */ 1030 s->svc_imm = imm16; 1031 gen_update_pc(s, curr_insn_len(s)); 1032 s->base.is_jmp = DISAS_HVC; 1033 } 1034 1035 static inline void gen_smc(DisasContext *s) 1036 { 1037 /* As with HVC, we may take an exception either before or after 1038 * the insn executes. 1039 */ 1040 gen_update_pc(s, 0); 1041 gen_helper_pre_smc(tcg_env, tcg_constant_i32(syn_aa32_smc())); 1042 gen_update_pc(s, curr_insn_len(s)); 1043 s->base.is_jmp = DISAS_SMC; 1044 } 1045 1046 static void gen_exception_internal_insn(DisasContext *s, int excp) 1047 { 1048 gen_set_condexec(s); 1049 gen_update_pc(s, 0); 1050 gen_exception_internal(excp); 1051 s->base.is_jmp = DISAS_NORETURN; 1052 } 1053 1054 static void gen_exception_el_v(int excp, uint32_t syndrome, TCGv_i32 tcg_el) 1055 { 1056 gen_helper_exception_with_syndrome_el(tcg_env, tcg_constant_i32(excp), 1057 tcg_constant_i32(syndrome), tcg_el); 1058 } 1059 1060 static void gen_exception_el(int excp, uint32_t syndrome, uint32_t target_el) 1061 { 1062 gen_exception_el_v(excp, syndrome, tcg_constant_i32(target_el)); 1063 } 1064 1065 static void gen_exception(int excp, uint32_t syndrome) 1066 { 1067 gen_helper_exception_with_syndrome(tcg_env, tcg_constant_i32(excp), 1068 tcg_constant_i32(syndrome)); 1069 } 1070 1071 static void gen_exception_insn_el_v(DisasContext *s, target_long pc_diff, 1072 int excp, uint32_t syn, TCGv_i32 tcg_el) 1073 { 1074 if (s->aarch64) { 1075 gen_a64_update_pc(s, pc_diff); 1076 } else { 1077 gen_set_condexec(s); 1078 gen_update_pc(s, pc_diff); 1079 } 1080 gen_exception_el_v(excp, syn, tcg_el); 1081 s->base.is_jmp = DISAS_NORETURN; 1082 } 1083 1084 void gen_exception_insn_el(DisasContext *s, target_long pc_diff, int excp, 1085 uint32_t syn, uint32_t target_el) 1086 { 1087 gen_exception_insn_el_v(s, pc_diff, excp, syn, 1088 tcg_constant_i32(target_el)); 1089 } 1090 1091 void gen_exception_insn(DisasContext *s, target_long pc_diff, 1092 int excp, uint32_t syn) 1093 { 1094 if (s->aarch64) { 1095 gen_a64_update_pc(s, pc_diff); 1096 } else { 1097 gen_set_condexec(s); 1098 gen_update_pc(s, pc_diff); 1099 } 1100 gen_exception(excp, syn); 1101 s->base.is_jmp = DISAS_NORETURN; 1102 } 1103 1104 static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn) 1105 { 1106 gen_set_condexec(s); 1107 gen_update_pc(s, 0); 1108 gen_helper_exception_bkpt_insn(tcg_env, tcg_constant_i32(syn)); 1109 s->base.is_jmp = DISAS_NORETURN; 1110 } 1111 1112 void unallocated_encoding(DisasContext *s) 1113 { 1114 /* Unallocated and reserved encodings are uncategorized */ 1115 gen_exception_insn(s, 0, EXCP_UDEF, syn_uncategorized()); 1116 } 1117 1118 /* Force a TB lookup after an instruction that changes the CPU state. */ 1119 void gen_lookup_tb(DisasContext *s) 1120 { 1121 gen_pc_plus_diff(s, cpu_R[15], curr_insn_len(s)); 1122 s->base.is_jmp = DISAS_EXIT; 1123 } 1124 1125 static inline void gen_hlt(DisasContext *s, int imm) 1126 { 1127 /* HLT. This has two purposes. 1128 * Architecturally, it is an external halting debug instruction. 1129 * Since QEMU doesn't implement external debug, we treat this as 1130 * it is required for halting debug disabled: it will UNDEF. 1131 * Secondly, "HLT 0x3C" is a T32 semihosting trap instruction, 1132 * and "HLT 0xF000" is an A32 semihosting syscall. These traps 1133 * must trigger semihosting even for ARMv7 and earlier, where 1134 * HLT was an undefined encoding. 1135 * In system mode, we don't allow userspace access to 1136 * semihosting, to provide some semblance of security 1137 * (and for consistency with our 32-bit semihosting). 1138 */ 1139 if (semihosting_enabled(s->current_el == 0) && 1140 (imm == (s->thumb ? 0x3c : 0xf000))) { 1141 gen_exception_internal_insn(s, EXCP_SEMIHOST); 1142 return; 1143 } 1144 1145 unallocated_encoding(s); 1146 } 1147 1148 /* 1149 * Return the offset of a "full" NEON Dreg. 1150 */ 1151 long neon_full_reg_offset(unsigned reg) 1152 { 1153 return offsetof(CPUARMState, vfp.zregs[reg >> 1].d[reg & 1]); 1154 } 1155 1156 /* 1157 * Return the offset of a 2**SIZE piece of a NEON register, at index ELE, 1158 * where 0 is the least significant end of the register. 1159 */ 1160 long neon_element_offset(int reg, int element, MemOp memop) 1161 { 1162 int element_size = 1 << (memop & MO_SIZE); 1163 int ofs = element * element_size; 1164 #if HOST_BIG_ENDIAN 1165 /* 1166 * Calculate the offset assuming fully little-endian, 1167 * then XOR to account for the order of the 8-byte units. 1168 */ 1169 if (element_size < 8) { 1170 ofs ^= 8 - element_size; 1171 } 1172 #endif 1173 return neon_full_reg_offset(reg) + ofs; 1174 } 1175 1176 /* Return the offset of a VFP Dreg (dp = true) or VFP Sreg (dp = false). */ 1177 long vfp_reg_offset(bool dp, unsigned reg) 1178 { 1179 if (dp) { 1180 return neon_element_offset(reg, 0, MO_64); 1181 } else { 1182 return neon_element_offset(reg >> 1, reg & 1, MO_32); 1183 } 1184 } 1185 1186 void read_neon_element32(TCGv_i32 dest, int reg, int ele, MemOp memop) 1187 { 1188 long off = neon_element_offset(reg, ele, memop); 1189 1190 switch (memop) { 1191 case MO_SB: 1192 tcg_gen_ld8s_i32(dest, tcg_env, off); 1193 break; 1194 case MO_UB: 1195 tcg_gen_ld8u_i32(dest, tcg_env, off); 1196 break; 1197 case MO_SW: 1198 tcg_gen_ld16s_i32(dest, tcg_env, off); 1199 break; 1200 case MO_UW: 1201 tcg_gen_ld16u_i32(dest, tcg_env, off); 1202 break; 1203 case MO_UL: 1204 case MO_SL: 1205 tcg_gen_ld_i32(dest, tcg_env, off); 1206 break; 1207 default: 1208 g_assert_not_reached(); 1209 } 1210 } 1211 1212 void read_neon_element64(TCGv_i64 dest, int reg, int ele, MemOp memop) 1213 { 1214 long off = neon_element_offset(reg, ele, memop); 1215 1216 switch (memop) { 1217 case MO_SL: 1218 tcg_gen_ld32s_i64(dest, tcg_env, off); 1219 break; 1220 case MO_UL: 1221 tcg_gen_ld32u_i64(dest, tcg_env, off); 1222 break; 1223 case MO_UQ: 1224 tcg_gen_ld_i64(dest, tcg_env, off); 1225 break; 1226 default: 1227 g_assert_not_reached(); 1228 } 1229 } 1230 1231 void write_neon_element32(TCGv_i32 src, int reg, int ele, MemOp memop) 1232 { 1233 long off = neon_element_offset(reg, ele, memop); 1234 1235 switch (memop) { 1236 case MO_8: 1237 tcg_gen_st8_i32(src, tcg_env, off); 1238 break; 1239 case MO_16: 1240 tcg_gen_st16_i32(src, tcg_env, off); 1241 break; 1242 case MO_32: 1243 tcg_gen_st_i32(src, tcg_env, off); 1244 break; 1245 default: 1246 g_assert_not_reached(); 1247 } 1248 } 1249 1250 void write_neon_element64(TCGv_i64 src, int reg, int ele, MemOp memop) 1251 { 1252 long off = neon_element_offset(reg, ele, memop); 1253 1254 switch (memop) { 1255 case MO_32: 1256 tcg_gen_st32_i64(src, tcg_env, off); 1257 break; 1258 case MO_64: 1259 tcg_gen_st_i64(src, tcg_env, off); 1260 break; 1261 default: 1262 g_assert_not_reached(); 1263 } 1264 } 1265 1266 #define ARM_CP_RW_BIT (1 << 20) 1267 1268 static inline void iwmmxt_load_reg(TCGv_i64 var, int reg) 1269 { 1270 tcg_gen_ld_i64(var, tcg_env, offsetof(CPUARMState, iwmmxt.regs[reg])); 1271 } 1272 1273 static inline void iwmmxt_store_reg(TCGv_i64 var, int reg) 1274 { 1275 tcg_gen_st_i64(var, tcg_env, offsetof(CPUARMState, iwmmxt.regs[reg])); 1276 } 1277 1278 static inline TCGv_i32 iwmmxt_load_creg(int reg) 1279 { 1280 TCGv_i32 var = tcg_temp_new_i32(); 1281 tcg_gen_ld_i32(var, tcg_env, offsetof(CPUARMState, iwmmxt.cregs[reg])); 1282 return var; 1283 } 1284 1285 static inline void iwmmxt_store_creg(int reg, TCGv_i32 var) 1286 { 1287 tcg_gen_st_i32(var, tcg_env, offsetof(CPUARMState, iwmmxt.cregs[reg])); 1288 } 1289 1290 static inline void gen_op_iwmmxt_movq_wRn_M0(int rn) 1291 { 1292 iwmmxt_store_reg(cpu_M0, rn); 1293 } 1294 1295 static inline void gen_op_iwmmxt_movq_M0_wRn(int rn) 1296 { 1297 iwmmxt_load_reg(cpu_M0, rn); 1298 } 1299 1300 static inline void gen_op_iwmmxt_orq_M0_wRn(int rn) 1301 { 1302 iwmmxt_load_reg(cpu_V1, rn); 1303 tcg_gen_or_i64(cpu_M0, cpu_M0, cpu_V1); 1304 } 1305 1306 static inline void gen_op_iwmmxt_andq_M0_wRn(int rn) 1307 { 1308 iwmmxt_load_reg(cpu_V1, rn); 1309 tcg_gen_and_i64(cpu_M0, cpu_M0, cpu_V1); 1310 } 1311 1312 static inline void gen_op_iwmmxt_xorq_M0_wRn(int rn) 1313 { 1314 iwmmxt_load_reg(cpu_V1, rn); 1315 tcg_gen_xor_i64(cpu_M0, cpu_M0, cpu_V1); 1316 } 1317 1318 #define IWMMXT_OP(name) \ 1319 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \ 1320 { \ 1321 iwmmxt_load_reg(cpu_V1, rn); \ 1322 gen_helper_iwmmxt_##name(cpu_M0, cpu_M0, cpu_V1); \ 1323 } 1324 1325 #define IWMMXT_OP_ENV(name) \ 1326 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \ 1327 { \ 1328 iwmmxt_load_reg(cpu_V1, rn); \ 1329 gen_helper_iwmmxt_##name(cpu_M0, tcg_env, cpu_M0, cpu_V1); \ 1330 } 1331 1332 #define IWMMXT_OP_ENV_SIZE(name) \ 1333 IWMMXT_OP_ENV(name##b) \ 1334 IWMMXT_OP_ENV(name##w) \ 1335 IWMMXT_OP_ENV(name##l) 1336 1337 #define IWMMXT_OP_ENV1(name) \ 1338 static inline void gen_op_iwmmxt_##name##_M0(void) \ 1339 { \ 1340 gen_helper_iwmmxt_##name(cpu_M0, tcg_env, cpu_M0); \ 1341 } 1342 1343 IWMMXT_OP(maddsq) 1344 IWMMXT_OP(madduq) 1345 IWMMXT_OP(sadb) 1346 IWMMXT_OP(sadw) 1347 IWMMXT_OP(mulslw) 1348 IWMMXT_OP(mulshw) 1349 IWMMXT_OP(mululw) 1350 IWMMXT_OP(muluhw) 1351 IWMMXT_OP(macsw) 1352 IWMMXT_OP(macuw) 1353 1354 IWMMXT_OP_ENV_SIZE(unpackl) 1355 IWMMXT_OP_ENV_SIZE(unpackh) 1356 1357 IWMMXT_OP_ENV1(unpacklub) 1358 IWMMXT_OP_ENV1(unpackluw) 1359 IWMMXT_OP_ENV1(unpacklul) 1360 IWMMXT_OP_ENV1(unpackhub) 1361 IWMMXT_OP_ENV1(unpackhuw) 1362 IWMMXT_OP_ENV1(unpackhul) 1363 IWMMXT_OP_ENV1(unpacklsb) 1364 IWMMXT_OP_ENV1(unpacklsw) 1365 IWMMXT_OP_ENV1(unpacklsl) 1366 IWMMXT_OP_ENV1(unpackhsb) 1367 IWMMXT_OP_ENV1(unpackhsw) 1368 IWMMXT_OP_ENV1(unpackhsl) 1369 1370 IWMMXT_OP_ENV_SIZE(cmpeq) 1371 IWMMXT_OP_ENV_SIZE(cmpgtu) 1372 IWMMXT_OP_ENV_SIZE(cmpgts) 1373 1374 IWMMXT_OP_ENV_SIZE(mins) 1375 IWMMXT_OP_ENV_SIZE(minu) 1376 IWMMXT_OP_ENV_SIZE(maxs) 1377 IWMMXT_OP_ENV_SIZE(maxu) 1378 1379 IWMMXT_OP_ENV_SIZE(subn) 1380 IWMMXT_OP_ENV_SIZE(addn) 1381 IWMMXT_OP_ENV_SIZE(subu) 1382 IWMMXT_OP_ENV_SIZE(addu) 1383 IWMMXT_OP_ENV_SIZE(subs) 1384 IWMMXT_OP_ENV_SIZE(adds) 1385 1386 IWMMXT_OP_ENV(avgb0) 1387 IWMMXT_OP_ENV(avgb1) 1388 IWMMXT_OP_ENV(avgw0) 1389 IWMMXT_OP_ENV(avgw1) 1390 1391 IWMMXT_OP_ENV(packuw) 1392 IWMMXT_OP_ENV(packul) 1393 IWMMXT_OP_ENV(packuq) 1394 IWMMXT_OP_ENV(packsw) 1395 IWMMXT_OP_ENV(packsl) 1396 IWMMXT_OP_ENV(packsq) 1397 1398 static void gen_op_iwmmxt_set_mup(void) 1399 { 1400 TCGv_i32 tmp; 1401 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]); 1402 tcg_gen_ori_i32(tmp, tmp, 2); 1403 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]); 1404 } 1405 1406 static void gen_op_iwmmxt_set_cup(void) 1407 { 1408 TCGv_i32 tmp; 1409 tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]); 1410 tcg_gen_ori_i32(tmp, tmp, 1); 1411 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]); 1412 } 1413 1414 static void gen_op_iwmmxt_setpsr_nz(void) 1415 { 1416 TCGv_i32 tmp = tcg_temp_new_i32(); 1417 gen_helper_iwmmxt_setpsr_nz(tmp, cpu_M0); 1418 store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCASF]); 1419 } 1420 1421 static inline void gen_op_iwmmxt_addl_M0_wRn(int rn) 1422 { 1423 iwmmxt_load_reg(cpu_V1, rn); 1424 tcg_gen_ext32u_i64(cpu_V1, cpu_V1); 1425 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1); 1426 } 1427 1428 static inline int gen_iwmmxt_address(DisasContext *s, uint32_t insn, 1429 TCGv_i32 dest) 1430 { 1431 int rd; 1432 uint32_t offset; 1433 TCGv_i32 tmp; 1434 1435 rd = (insn >> 16) & 0xf; 1436 tmp = load_reg(s, rd); 1437 1438 offset = (insn & 0xff) << ((insn >> 7) & 2); 1439 if (insn & (1 << 24)) { 1440 /* Pre indexed */ 1441 if (insn & (1 << 23)) 1442 tcg_gen_addi_i32(tmp, tmp, offset); 1443 else 1444 tcg_gen_addi_i32(tmp, tmp, -offset); 1445 tcg_gen_mov_i32(dest, tmp); 1446 if (insn & (1 << 21)) { 1447 store_reg(s, rd, tmp); 1448 } 1449 } else if (insn & (1 << 21)) { 1450 /* Post indexed */ 1451 tcg_gen_mov_i32(dest, tmp); 1452 if (insn & (1 << 23)) 1453 tcg_gen_addi_i32(tmp, tmp, offset); 1454 else 1455 tcg_gen_addi_i32(tmp, tmp, -offset); 1456 store_reg(s, rd, tmp); 1457 } else if (!(insn & (1 << 23))) 1458 return 1; 1459 return 0; 1460 } 1461 1462 static inline int gen_iwmmxt_shift(uint32_t insn, uint32_t mask, TCGv_i32 dest) 1463 { 1464 int rd = (insn >> 0) & 0xf; 1465 TCGv_i32 tmp; 1466 1467 if (insn & (1 << 8)) { 1468 if (rd < ARM_IWMMXT_wCGR0 || rd > ARM_IWMMXT_wCGR3) { 1469 return 1; 1470 } else { 1471 tmp = iwmmxt_load_creg(rd); 1472 } 1473 } else { 1474 tmp = tcg_temp_new_i32(); 1475 iwmmxt_load_reg(cpu_V0, rd); 1476 tcg_gen_extrl_i64_i32(tmp, cpu_V0); 1477 } 1478 tcg_gen_andi_i32(tmp, tmp, mask); 1479 tcg_gen_mov_i32(dest, tmp); 1480 return 0; 1481 } 1482 1483 /* Disassemble an iwMMXt instruction. Returns nonzero if an error occurred 1484 (ie. an undefined instruction). */ 1485 static int disas_iwmmxt_insn(DisasContext *s, uint32_t insn) 1486 { 1487 int rd, wrd; 1488 int rdhi, rdlo, rd0, rd1, i; 1489 TCGv_i32 addr; 1490 TCGv_i32 tmp, tmp2, tmp3; 1491 1492 if ((insn & 0x0e000e00) == 0x0c000000) { 1493 if ((insn & 0x0fe00ff0) == 0x0c400000) { 1494 wrd = insn & 0xf; 1495 rdlo = (insn >> 12) & 0xf; 1496 rdhi = (insn >> 16) & 0xf; 1497 if (insn & ARM_CP_RW_BIT) { /* TMRRC */ 1498 iwmmxt_load_reg(cpu_V0, wrd); 1499 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0); 1500 tcg_gen_extrh_i64_i32(cpu_R[rdhi], cpu_V0); 1501 } else { /* TMCRR */ 1502 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]); 1503 iwmmxt_store_reg(cpu_V0, wrd); 1504 gen_op_iwmmxt_set_mup(); 1505 } 1506 return 0; 1507 } 1508 1509 wrd = (insn >> 12) & 0xf; 1510 addr = tcg_temp_new_i32(); 1511 if (gen_iwmmxt_address(s, insn, addr)) { 1512 return 1; 1513 } 1514 if (insn & ARM_CP_RW_BIT) { 1515 if ((insn >> 28) == 0xf) { /* WLDRW wCx */ 1516 tmp = tcg_temp_new_i32(); 1517 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s)); 1518 iwmmxt_store_creg(wrd, tmp); 1519 } else { 1520 i = 1; 1521 if (insn & (1 << 8)) { 1522 if (insn & (1 << 22)) { /* WLDRD */ 1523 gen_aa32_ld64(s, cpu_M0, addr, get_mem_index(s)); 1524 i = 0; 1525 } else { /* WLDRW wRd */ 1526 tmp = tcg_temp_new_i32(); 1527 gen_aa32_ld32u(s, tmp, addr, get_mem_index(s)); 1528 } 1529 } else { 1530 tmp = tcg_temp_new_i32(); 1531 if (insn & (1 << 22)) { /* WLDRH */ 1532 gen_aa32_ld16u(s, tmp, addr, get_mem_index(s)); 1533 } else { /* WLDRB */ 1534 gen_aa32_ld8u(s, tmp, addr, get_mem_index(s)); 1535 } 1536 } 1537 if (i) { 1538 tcg_gen_extu_i32_i64(cpu_M0, tmp); 1539 } 1540 gen_op_iwmmxt_movq_wRn_M0(wrd); 1541 } 1542 } else { 1543 if ((insn >> 28) == 0xf) { /* WSTRW wCx */ 1544 tmp = iwmmxt_load_creg(wrd); 1545 gen_aa32_st32(s, tmp, addr, get_mem_index(s)); 1546 } else { 1547 gen_op_iwmmxt_movq_M0_wRn(wrd); 1548 tmp = tcg_temp_new_i32(); 1549 if (insn & (1 << 8)) { 1550 if (insn & (1 << 22)) { /* WSTRD */ 1551 gen_aa32_st64(s, cpu_M0, addr, get_mem_index(s)); 1552 } else { /* WSTRW wRd */ 1553 tcg_gen_extrl_i64_i32(tmp, cpu_M0); 1554 gen_aa32_st32(s, tmp, addr, get_mem_index(s)); 1555 } 1556 } else { 1557 if (insn & (1 << 22)) { /* WSTRH */ 1558 tcg_gen_extrl_i64_i32(tmp, cpu_M0); 1559 gen_aa32_st16(s, tmp, addr, get_mem_index(s)); 1560 } else { /* WSTRB */ 1561 tcg_gen_extrl_i64_i32(tmp, cpu_M0); 1562 gen_aa32_st8(s, tmp, addr, get_mem_index(s)); 1563 } 1564 } 1565 } 1566 } 1567 return 0; 1568 } 1569 1570 if ((insn & 0x0f000000) != 0x0e000000) 1571 return 1; 1572 1573 switch (((insn >> 12) & 0xf00) | ((insn >> 4) & 0xff)) { 1574 case 0x000: /* WOR */ 1575 wrd = (insn >> 12) & 0xf; 1576 rd0 = (insn >> 0) & 0xf; 1577 rd1 = (insn >> 16) & 0xf; 1578 gen_op_iwmmxt_movq_M0_wRn(rd0); 1579 gen_op_iwmmxt_orq_M0_wRn(rd1); 1580 gen_op_iwmmxt_setpsr_nz(); 1581 gen_op_iwmmxt_movq_wRn_M0(wrd); 1582 gen_op_iwmmxt_set_mup(); 1583 gen_op_iwmmxt_set_cup(); 1584 break; 1585 case 0x011: /* TMCR */ 1586 if (insn & 0xf) 1587 return 1; 1588 rd = (insn >> 12) & 0xf; 1589 wrd = (insn >> 16) & 0xf; 1590 switch (wrd) { 1591 case ARM_IWMMXT_wCID: 1592 case ARM_IWMMXT_wCASF: 1593 break; 1594 case ARM_IWMMXT_wCon: 1595 gen_op_iwmmxt_set_cup(); 1596 /* Fall through. */ 1597 case ARM_IWMMXT_wCSSF: 1598 tmp = iwmmxt_load_creg(wrd); 1599 tmp2 = load_reg(s, rd); 1600 tcg_gen_andc_i32(tmp, tmp, tmp2); 1601 iwmmxt_store_creg(wrd, tmp); 1602 break; 1603 case ARM_IWMMXT_wCGR0: 1604 case ARM_IWMMXT_wCGR1: 1605 case ARM_IWMMXT_wCGR2: 1606 case ARM_IWMMXT_wCGR3: 1607 gen_op_iwmmxt_set_cup(); 1608 tmp = load_reg(s, rd); 1609 iwmmxt_store_creg(wrd, tmp); 1610 break; 1611 default: 1612 return 1; 1613 } 1614 break; 1615 case 0x100: /* WXOR */ 1616 wrd = (insn >> 12) & 0xf; 1617 rd0 = (insn >> 0) & 0xf; 1618 rd1 = (insn >> 16) & 0xf; 1619 gen_op_iwmmxt_movq_M0_wRn(rd0); 1620 gen_op_iwmmxt_xorq_M0_wRn(rd1); 1621 gen_op_iwmmxt_setpsr_nz(); 1622 gen_op_iwmmxt_movq_wRn_M0(wrd); 1623 gen_op_iwmmxt_set_mup(); 1624 gen_op_iwmmxt_set_cup(); 1625 break; 1626 case 0x111: /* TMRC */ 1627 if (insn & 0xf) 1628 return 1; 1629 rd = (insn >> 12) & 0xf; 1630 wrd = (insn >> 16) & 0xf; 1631 tmp = iwmmxt_load_creg(wrd); 1632 store_reg(s, rd, tmp); 1633 break; 1634 case 0x300: /* WANDN */ 1635 wrd = (insn >> 12) & 0xf; 1636 rd0 = (insn >> 0) & 0xf; 1637 rd1 = (insn >> 16) & 0xf; 1638 gen_op_iwmmxt_movq_M0_wRn(rd0); 1639 tcg_gen_neg_i64(cpu_M0, cpu_M0); 1640 gen_op_iwmmxt_andq_M0_wRn(rd1); 1641 gen_op_iwmmxt_setpsr_nz(); 1642 gen_op_iwmmxt_movq_wRn_M0(wrd); 1643 gen_op_iwmmxt_set_mup(); 1644 gen_op_iwmmxt_set_cup(); 1645 break; 1646 case 0x200: /* WAND */ 1647 wrd = (insn >> 12) & 0xf; 1648 rd0 = (insn >> 0) & 0xf; 1649 rd1 = (insn >> 16) & 0xf; 1650 gen_op_iwmmxt_movq_M0_wRn(rd0); 1651 gen_op_iwmmxt_andq_M0_wRn(rd1); 1652 gen_op_iwmmxt_setpsr_nz(); 1653 gen_op_iwmmxt_movq_wRn_M0(wrd); 1654 gen_op_iwmmxt_set_mup(); 1655 gen_op_iwmmxt_set_cup(); 1656 break; 1657 case 0x810: case 0xa10: /* WMADD */ 1658 wrd = (insn >> 12) & 0xf; 1659 rd0 = (insn >> 0) & 0xf; 1660 rd1 = (insn >> 16) & 0xf; 1661 gen_op_iwmmxt_movq_M0_wRn(rd0); 1662 if (insn & (1 << 21)) 1663 gen_op_iwmmxt_maddsq_M0_wRn(rd1); 1664 else 1665 gen_op_iwmmxt_madduq_M0_wRn(rd1); 1666 gen_op_iwmmxt_movq_wRn_M0(wrd); 1667 gen_op_iwmmxt_set_mup(); 1668 break; 1669 case 0x10e: case 0x50e: case 0x90e: case 0xd0e: /* WUNPCKIL */ 1670 wrd = (insn >> 12) & 0xf; 1671 rd0 = (insn >> 16) & 0xf; 1672 rd1 = (insn >> 0) & 0xf; 1673 gen_op_iwmmxt_movq_M0_wRn(rd0); 1674 switch ((insn >> 22) & 3) { 1675 case 0: 1676 gen_op_iwmmxt_unpacklb_M0_wRn(rd1); 1677 break; 1678 case 1: 1679 gen_op_iwmmxt_unpacklw_M0_wRn(rd1); 1680 break; 1681 case 2: 1682 gen_op_iwmmxt_unpackll_M0_wRn(rd1); 1683 break; 1684 case 3: 1685 return 1; 1686 } 1687 gen_op_iwmmxt_movq_wRn_M0(wrd); 1688 gen_op_iwmmxt_set_mup(); 1689 gen_op_iwmmxt_set_cup(); 1690 break; 1691 case 0x10c: case 0x50c: case 0x90c: case 0xd0c: /* WUNPCKIH */ 1692 wrd = (insn >> 12) & 0xf; 1693 rd0 = (insn >> 16) & 0xf; 1694 rd1 = (insn >> 0) & 0xf; 1695 gen_op_iwmmxt_movq_M0_wRn(rd0); 1696 switch ((insn >> 22) & 3) { 1697 case 0: 1698 gen_op_iwmmxt_unpackhb_M0_wRn(rd1); 1699 break; 1700 case 1: 1701 gen_op_iwmmxt_unpackhw_M0_wRn(rd1); 1702 break; 1703 case 2: 1704 gen_op_iwmmxt_unpackhl_M0_wRn(rd1); 1705 break; 1706 case 3: 1707 return 1; 1708 } 1709 gen_op_iwmmxt_movq_wRn_M0(wrd); 1710 gen_op_iwmmxt_set_mup(); 1711 gen_op_iwmmxt_set_cup(); 1712 break; 1713 case 0x012: case 0x112: case 0x412: case 0x512: /* WSAD */ 1714 wrd = (insn >> 12) & 0xf; 1715 rd0 = (insn >> 16) & 0xf; 1716 rd1 = (insn >> 0) & 0xf; 1717 gen_op_iwmmxt_movq_M0_wRn(rd0); 1718 if (insn & (1 << 22)) 1719 gen_op_iwmmxt_sadw_M0_wRn(rd1); 1720 else 1721 gen_op_iwmmxt_sadb_M0_wRn(rd1); 1722 if (!(insn & (1 << 20))) 1723 gen_op_iwmmxt_addl_M0_wRn(wrd); 1724 gen_op_iwmmxt_movq_wRn_M0(wrd); 1725 gen_op_iwmmxt_set_mup(); 1726 break; 1727 case 0x010: case 0x110: case 0x210: case 0x310: /* WMUL */ 1728 wrd = (insn >> 12) & 0xf; 1729 rd0 = (insn >> 16) & 0xf; 1730 rd1 = (insn >> 0) & 0xf; 1731 gen_op_iwmmxt_movq_M0_wRn(rd0); 1732 if (insn & (1 << 21)) { 1733 if (insn & (1 << 20)) 1734 gen_op_iwmmxt_mulshw_M0_wRn(rd1); 1735 else 1736 gen_op_iwmmxt_mulslw_M0_wRn(rd1); 1737 } else { 1738 if (insn & (1 << 20)) 1739 gen_op_iwmmxt_muluhw_M0_wRn(rd1); 1740 else 1741 gen_op_iwmmxt_mululw_M0_wRn(rd1); 1742 } 1743 gen_op_iwmmxt_movq_wRn_M0(wrd); 1744 gen_op_iwmmxt_set_mup(); 1745 break; 1746 case 0x410: case 0x510: case 0x610: case 0x710: /* WMAC */ 1747 wrd = (insn >> 12) & 0xf; 1748 rd0 = (insn >> 16) & 0xf; 1749 rd1 = (insn >> 0) & 0xf; 1750 gen_op_iwmmxt_movq_M0_wRn(rd0); 1751 if (insn & (1 << 21)) 1752 gen_op_iwmmxt_macsw_M0_wRn(rd1); 1753 else 1754 gen_op_iwmmxt_macuw_M0_wRn(rd1); 1755 if (!(insn & (1 << 20))) { 1756 iwmmxt_load_reg(cpu_V1, wrd); 1757 tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1); 1758 } 1759 gen_op_iwmmxt_movq_wRn_M0(wrd); 1760 gen_op_iwmmxt_set_mup(); 1761 break; 1762 case 0x006: case 0x406: case 0x806: case 0xc06: /* WCMPEQ */ 1763 wrd = (insn >> 12) & 0xf; 1764 rd0 = (insn >> 16) & 0xf; 1765 rd1 = (insn >> 0) & 0xf; 1766 gen_op_iwmmxt_movq_M0_wRn(rd0); 1767 switch ((insn >> 22) & 3) { 1768 case 0: 1769 gen_op_iwmmxt_cmpeqb_M0_wRn(rd1); 1770 break; 1771 case 1: 1772 gen_op_iwmmxt_cmpeqw_M0_wRn(rd1); 1773 break; 1774 case 2: 1775 gen_op_iwmmxt_cmpeql_M0_wRn(rd1); 1776 break; 1777 case 3: 1778 return 1; 1779 } 1780 gen_op_iwmmxt_movq_wRn_M0(wrd); 1781 gen_op_iwmmxt_set_mup(); 1782 gen_op_iwmmxt_set_cup(); 1783 break; 1784 case 0x800: case 0x900: case 0xc00: case 0xd00: /* WAVG2 */ 1785 wrd = (insn >> 12) & 0xf; 1786 rd0 = (insn >> 16) & 0xf; 1787 rd1 = (insn >> 0) & 0xf; 1788 gen_op_iwmmxt_movq_M0_wRn(rd0); 1789 if (insn & (1 << 22)) { 1790 if (insn & (1 << 20)) 1791 gen_op_iwmmxt_avgw1_M0_wRn(rd1); 1792 else 1793 gen_op_iwmmxt_avgw0_M0_wRn(rd1); 1794 } else { 1795 if (insn & (1 << 20)) 1796 gen_op_iwmmxt_avgb1_M0_wRn(rd1); 1797 else 1798 gen_op_iwmmxt_avgb0_M0_wRn(rd1); 1799 } 1800 gen_op_iwmmxt_movq_wRn_M0(wrd); 1801 gen_op_iwmmxt_set_mup(); 1802 gen_op_iwmmxt_set_cup(); 1803 break; 1804 case 0x802: case 0x902: case 0xa02: case 0xb02: /* WALIGNR */ 1805 wrd = (insn >> 12) & 0xf; 1806 rd0 = (insn >> 16) & 0xf; 1807 rd1 = (insn >> 0) & 0xf; 1808 gen_op_iwmmxt_movq_M0_wRn(rd0); 1809 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCGR0 + ((insn >> 20) & 3)); 1810 tcg_gen_andi_i32(tmp, tmp, 7); 1811 iwmmxt_load_reg(cpu_V1, rd1); 1812 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp); 1813 gen_op_iwmmxt_movq_wRn_M0(wrd); 1814 gen_op_iwmmxt_set_mup(); 1815 break; 1816 case 0x601: case 0x605: case 0x609: case 0x60d: /* TINSR */ 1817 if (((insn >> 6) & 3) == 3) 1818 return 1; 1819 rd = (insn >> 12) & 0xf; 1820 wrd = (insn >> 16) & 0xf; 1821 tmp = load_reg(s, rd); 1822 gen_op_iwmmxt_movq_M0_wRn(wrd); 1823 switch ((insn >> 6) & 3) { 1824 case 0: 1825 tmp2 = tcg_constant_i32(0xff); 1826 tmp3 = tcg_constant_i32((insn & 7) << 3); 1827 break; 1828 case 1: 1829 tmp2 = tcg_constant_i32(0xffff); 1830 tmp3 = tcg_constant_i32((insn & 3) << 4); 1831 break; 1832 case 2: 1833 tmp2 = tcg_constant_i32(0xffffffff); 1834 tmp3 = tcg_constant_i32((insn & 1) << 5); 1835 break; 1836 default: 1837 g_assert_not_reached(); 1838 } 1839 gen_helper_iwmmxt_insr(cpu_M0, cpu_M0, tmp, tmp2, tmp3); 1840 gen_op_iwmmxt_movq_wRn_M0(wrd); 1841 gen_op_iwmmxt_set_mup(); 1842 break; 1843 case 0x107: case 0x507: case 0x907: case 0xd07: /* TEXTRM */ 1844 rd = (insn >> 12) & 0xf; 1845 wrd = (insn >> 16) & 0xf; 1846 if (rd == 15 || ((insn >> 22) & 3) == 3) 1847 return 1; 1848 gen_op_iwmmxt_movq_M0_wRn(wrd); 1849 tmp = tcg_temp_new_i32(); 1850 switch ((insn >> 22) & 3) { 1851 case 0: 1852 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 7) << 3); 1853 tcg_gen_extrl_i64_i32(tmp, cpu_M0); 1854 if (insn & 8) { 1855 tcg_gen_ext8s_i32(tmp, tmp); 1856 } else { 1857 tcg_gen_andi_i32(tmp, tmp, 0xff); 1858 } 1859 break; 1860 case 1: 1861 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 3) << 4); 1862 tcg_gen_extrl_i64_i32(tmp, cpu_M0); 1863 if (insn & 8) { 1864 tcg_gen_ext16s_i32(tmp, tmp); 1865 } else { 1866 tcg_gen_andi_i32(tmp, tmp, 0xffff); 1867 } 1868 break; 1869 case 2: 1870 tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 1) << 5); 1871 tcg_gen_extrl_i64_i32(tmp, cpu_M0); 1872 break; 1873 } 1874 store_reg(s, rd, tmp); 1875 break; 1876 case 0x117: case 0x517: case 0x917: case 0xd17: /* TEXTRC */ 1877 if ((insn & 0x000ff008) != 0x0003f000 || ((insn >> 22) & 3) == 3) 1878 return 1; 1879 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF); 1880 switch ((insn >> 22) & 3) { 1881 case 0: 1882 tcg_gen_shri_i32(tmp, tmp, ((insn & 7) << 2) + 0); 1883 break; 1884 case 1: 1885 tcg_gen_shri_i32(tmp, tmp, ((insn & 3) << 3) + 4); 1886 break; 1887 case 2: 1888 tcg_gen_shri_i32(tmp, tmp, ((insn & 1) << 4) + 12); 1889 break; 1890 } 1891 tcg_gen_shli_i32(tmp, tmp, 28); 1892 gen_set_nzcv(tmp); 1893 break; 1894 case 0x401: case 0x405: case 0x409: case 0x40d: /* TBCST */ 1895 if (((insn >> 6) & 3) == 3) 1896 return 1; 1897 rd = (insn >> 12) & 0xf; 1898 wrd = (insn >> 16) & 0xf; 1899 tmp = load_reg(s, rd); 1900 switch ((insn >> 6) & 3) { 1901 case 0: 1902 gen_helper_iwmmxt_bcstb(cpu_M0, tmp); 1903 break; 1904 case 1: 1905 gen_helper_iwmmxt_bcstw(cpu_M0, tmp); 1906 break; 1907 case 2: 1908 gen_helper_iwmmxt_bcstl(cpu_M0, tmp); 1909 break; 1910 } 1911 gen_op_iwmmxt_movq_wRn_M0(wrd); 1912 gen_op_iwmmxt_set_mup(); 1913 break; 1914 case 0x113: case 0x513: case 0x913: case 0xd13: /* TANDC */ 1915 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3) 1916 return 1; 1917 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF); 1918 tmp2 = tcg_temp_new_i32(); 1919 tcg_gen_mov_i32(tmp2, tmp); 1920 switch ((insn >> 22) & 3) { 1921 case 0: 1922 for (i = 0; i < 7; i ++) { 1923 tcg_gen_shli_i32(tmp2, tmp2, 4); 1924 tcg_gen_and_i32(tmp, tmp, tmp2); 1925 } 1926 break; 1927 case 1: 1928 for (i = 0; i < 3; i ++) { 1929 tcg_gen_shli_i32(tmp2, tmp2, 8); 1930 tcg_gen_and_i32(tmp, tmp, tmp2); 1931 } 1932 break; 1933 case 2: 1934 tcg_gen_shli_i32(tmp2, tmp2, 16); 1935 tcg_gen_and_i32(tmp, tmp, tmp2); 1936 break; 1937 } 1938 gen_set_nzcv(tmp); 1939 break; 1940 case 0x01c: case 0x41c: case 0x81c: case 0xc1c: /* WACC */ 1941 wrd = (insn >> 12) & 0xf; 1942 rd0 = (insn >> 16) & 0xf; 1943 gen_op_iwmmxt_movq_M0_wRn(rd0); 1944 switch ((insn >> 22) & 3) { 1945 case 0: 1946 gen_helper_iwmmxt_addcb(cpu_M0, cpu_M0); 1947 break; 1948 case 1: 1949 gen_helper_iwmmxt_addcw(cpu_M0, cpu_M0); 1950 break; 1951 case 2: 1952 gen_helper_iwmmxt_addcl(cpu_M0, cpu_M0); 1953 break; 1954 case 3: 1955 return 1; 1956 } 1957 gen_op_iwmmxt_movq_wRn_M0(wrd); 1958 gen_op_iwmmxt_set_mup(); 1959 break; 1960 case 0x115: case 0x515: case 0x915: case 0xd15: /* TORC */ 1961 if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3) 1962 return 1; 1963 tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF); 1964 tmp2 = tcg_temp_new_i32(); 1965 tcg_gen_mov_i32(tmp2, tmp); 1966 switch ((insn >> 22) & 3) { 1967 case 0: 1968 for (i = 0; i < 7; i ++) { 1969 tcg_gen_shli_i32(tmp2, tmp2, 4); 1970 tcg_gen_or_i32(tmp, tmp, tmp2); 1971 } 1972 break; 1973 case 1: 1974 for (i = 0; i < 3; i ++) { 1975 tcg_gen_shli_i32(tmp2, tmp2, 8); 1976 tcg_gen_or_i32(tmp, tmp, tmp2); 1977 } 1978 break; 1979 case 2: 1980 tcg_gen_shli_i32(tmp2, tmp2, 16); 1981 tcg_gen_or_i32(tmp, tmp, tmp2); 1982 break; 1983 } 1984 gen_set_nzcv(tmp); 1985 break; 1986 case 0x103: case 0x503: case 0x903: case 0xd03: /* TMOVMSK */ 1987 rd = (insn >> 12) & 0xf; 1988 rd0 = (insn >> 16) & 0xf; 1989 if ((insn & 0xf) != 0 || ((insn >> 22) & 3) == 3) 1990 return 1; 1991 gen_op_iwmmxt_movq_M0_wRn(rd0); 1992 tmp = tcg_temp_new_i32(); 1993 switch ((insn >> 22) & 3) { 1994 case 0: 1995 gen_helper_iwmmxt_msbb(tmp, cpu_M0); 1996 break; 1997 case 1: 1998 gen_helper_iwmmxt_msbw(tmp, cpu_M0); 1999 break; 2000 case 2: 2001 gen_helper_iwmmxt_msbl(tmp, cpu_M0); 2002 break; 2003 } 2004 store_reg(s, rd, tmp); 2005 break; 2006 case 0x106: case 0x306: case 0x506: case 0x706: /* WCMPGT */ 2007 case 0x906: case 0xb06: case 0xd06: case 0xf06: 2008 wrd = (insn >> 12) & 0xf; 2009 rd0 = (insn >> 16) & 0xf; 2010 rd1 = (insn >> 0) & 0xf; 2011 gen_op_iwmmxt_movq_M0_wRn(rd0); 2012 switch ((insn >> 22) & 3) { 2013 case 0: 2014 if (insn & (1 << 21)) 2015 gen_op_iwmmxt_cmpgtsb_M0_wRn(rd1); 2016 else 2017 gen_op_iwmmxt_cmpgtub_M0_wRn(rd1); 2018 break; 2019 case 1: 2020 if (insn & (1 << 21)) 2021 gen_op_iwmmxt_cmpgtsw_M0_wRn(rd1); 2022 else 2023 gen_op_iwmmxt_cmpgtuw_M0_wRn(rd1); 2024 break; 2025 case 2: 2026 if (insn & (1 << 21)) 2027 gen_op_iwmmxt_cmpgtsl_M0_wRn(rd1); 2028 else 2029 gen_op_iwmmxt_cmpgtul_M0_wRn(rd1); 2030 break; 2031 case 3: 2032 return 1; 2033 } 2034 gen_op_iwmmxt_movq_wRn_M0(wrd); 2035 gen_op_iwmmxt_set_mup(); 2036 gen_op_iwmmxt_set_cup(); 2037 break; 2038 case 0x00e: case 0x20e: case 0x40e: case 0x60e: /* WUNPCKEL */ 2039 case 0x80e: case 0xa0e: case 0xc0e: case 0xe0e: 2040 wrd = (insn >> 12) & 0xf; 2041 rd0 = (insn >> 16) & 0xf; 2042 gen_op_iwmmxt_movq_M0_wRn(rd0); 2043 switch ((insn >> 22) & 3) { 2044 case 0: 2045 if (insn & (1 << 21)) 2046 gen_op_iwmmxt_unpacklsb_M0(); 2047 else 2048 gen_op_iwmmxt_unpacklub_M0(); 2049 break; 2050 case 1: 2051 if (insn & (1 << 21)) 2052 gen_op_iwmmxt_unpacklsw_M0(); 2053 else 2054 gen_op_iwmmxt_unpackluw_M0(); 2055 break; 2056 case 2: 2057 if (insn & (1 << 21)) 2058 gen_op_iwmmxt_unpacklsl_M0(); 2059 else 2060 gen_op_iwmmxt_unpacklul_M0(); 2061 break; 2062 case 3: 2063 return 1; 2064 } 2065 gen_op_iwmmxt_movq_wRn_M0(wrd); 2066 gen_op_iwmmxt_set_mup(); 2067 gen_op_iwmmxt_set_cup(); 2068 break; 2069 case 0x00c: case 0x20c: case 0x40c: case 0x60c: /* WUNPCKEH */ 2070 case 0x80c: case 0xa0c: case 0xc0c: case 0xe0c: 2071 wrd = (insn >> 12) & 0xf; 2072 rd0 = (insn >> 16) & 0xf; 2073 gen_op_iwmmxt_movq_M0_wRn(rd0); 2074 switch ((insn >> 22) & 3) { 2075 case 0: 2076 if (insn & (1 << 21)) 2077 gen_op_iwmmxt_unpackhsb_M0(); 2078 else 2079 gen_op_iwmmxt_unpackhub_M0(); 2080 break; 2081 case 1: 2082 if (insn & (1 << 21)) 2083 gen_op_iwmmxt_unpackhsw_M0(); 2084 else 2085 gen_op_iwmmxt_unpackhuw_M0(); 2086 break; 2087 case 2: 2088 if (insn & (1 << 21)) 2089 gen_op_iwmmxt_unpackhsl_M0(); 2090 else 2091 gen_op_iwmmxt_unpackhul_M0(); 2092 break; 2093 case 3: 2094 return 1; 2095 } 2096 gen_op_iwmmxt_movq_wRn_M0(wrd); 2097 gen_op_iwmmxt_set_mup(); 2098 gen_op_iwmmxt_set_cup(); 2099 break; 2100 case 0x204: case 0x604: case 0xa04: case 0xe04: /* WSRL */ 2101 case 0x214: case 0x614: case 0xa14: case 0xe14: 2102 if (((insn >> 22) & 3) == 0) 2103 return 1; 2104 wrd = (insn >> 12) & 0xf; 2105 rd0 = (insn >> 16) & 0xf; 2106 gen_op_iwmmxt_movq_M0_wRn(rd0); 2107 tmp = tcg_temp_new_i32(); 2108 if (gen_iwmmxt_shift(insn, 0xff, tmp)) { 2109 return 1; 2110 } 2111 switch ((insn >> 22) & 3) { 2112 case 1: 2113 gen_helper_iwmmxt_srlw(cpu_M0, tcg_env, cpu_M0, tmp); 2114 break; 2115 case 2: 2116 gen_helper_iwmmxt_srll(cpu_M0, tcg_env, cpu_M0, tmp); 2117 break; 2118 case 3: 2119 gen_helper_iwmmxt_srlq(cpu_M0, tcg_env, cpu_M0, tmp); 2120 break; 2121 } 2122 gen_op_iwmmxt_movq_wRn_M0(wrd); 2123 gen_op_iwmmxt_set_mup(); 2124 gen_op_iwmmxt_set_cup(); 2125 break; 2126 case 0x004: case 0x404: case 0x804: case 0xc04: /* WSRA */ 2127 case 0x014: case 0x414: case 0x814: case 0xc14: 2128 if (((insn >> 22) & 3) == 0) 2129 return 1; 2130 wrd = (insn >> 12) & 0xf; 2131 rd0 = (insn >> 16) & 0xf; 2132 gen_op_iwmmxt_movq_M0_wRn(rd0); 2133 tmp = tcg_temp_new_i32(); 2134 if (gen_iwmmxt_shift(insn, 0xff, tmp)) { 2135 return 1; 2136 } 2137 switch ((insn >> 22) & 3) { 2138 case 1: 2139 gen_helper_iwmmxt_sraw(cpu_M0, tcg_env, cpu_M0, tmp); 2140 break; 2141 case 2: 2142 gen_helper_iwmmxt_sral(cpu_M0, tcg_env, cpu_M0, tmp); 2143 break; 2144 case 3: 2145 gen_helper_iwmmxt_sraq(cpu_M0, tcg_env, cpu_M0, tmp); 2146 break; 2147 } 2148 gen_op_iwmmxt_movq_wRn_M0(wrd); 2149 gen_op_iwmmxt_set_mup(); 2150 gen_op_iwmmxt_set_cup(); 2151 break; 2152 case 0x104: case 0x504: case 0x904: case 0xd04: /* WSLL */ 2153 case 0x114: case 0x514: case 0x914: case 0xd14: 2154 if (((insn >> 22) & 3) == 0) 2155 return 1; 2156 wrd = (insn >> 12) & 0xf; 2157 rd0 = (insn >> 16) & 0xf; 2158 gen_op_iwmmxt_movq_M0_wRn(rd0); 2159 tmp = tcg_temp_new_i32(); 2160 if (gen_iwmmxt_shift(insn, 0xff, tmp)) { 2161 return 1; 2162 } 2163 switch ((insn >> 22) & 3) { 2164 case 1: 2165 gen_helper_iwmmxt_sllw(cpu_M0, tcg_env, cpu_M0, tmp); 2166 break; 2167 case 2: 2168 gen_helper_iwmmxt_slll(cpu_M0, tcg_env, cpu_M0, tmp); 2169 break; 2170 case 3: 2171 gen_helper_iwmmxt_sllq(cpu_M0, tcg_env, cpu_M0, tmp); 2172 break; 2173 } 2174 gen_op_iwmmxt_movq_wRn_M0(wrd); 2175 gen_op_iwmmxt_set_mup(); 2176 gen_op_iwmmxt_set_cup(); 2177 break; 2178 case 0x304: case 0x704: case 0xb04: case 0xf04: /* WROR */ 2179 case 0x314: case 0x714: case 0xb14: case 0xf14: 2180 if (((insn >> 22) & 3) == 0) 2181 return 1; 2182 wrd = (insn >> 12) & 0xf; 2183 rd0 = (insn >> 16) & 0xf; 2184 gen_op_iwmmxt_movq_M0_wRn(rd0); 2185 tmp = tcg_temp_new_i32(); 2186 switch ((insn >> 22) & 3) { 2187 case 1: 2188 if (gen_iwmmxt_shift(insn, 0xf, tmp)) { 2189 return 1; 2190 } 2191 gen_helper_iwmmxt_rorw(cpu_M0, tcg_env, cpu_M0, tmp); 2192 break; 2193 case 2: 2194 if (gen_iwmmxt_shift(insn, 0x1f, tmp)) { 2195 return 1; 2196 } 2197 gen_helper_iwmmxt_rorl(cpu_M0, tcg_env, cpu_M0, tmp); 2198 break; 2199 case 3: 2200 if (gen_iwmmxt_shift(insn, 0x3f, tmp)) { 2201 return 1; 2202 } 2203 gen_helper_iwmmxt_rorq(cpu_M0, tcg_env, cpu_M0, tmp); 2204 break; 2205 } 2206 gen_op_iwmmxt_movq_wRn_M0(wrd); 2207 gen_op_iwmmxt_set_mup(); 2208 gen_op_iwmmxt_set_cup(); 2209 break; 2210 case 0x116: case 0x316: case 0x516: case 0x716: /* WMIN */ 2211 case 0x916: case 0xb16: case 0xd16: case 0xf16: 2212 wrd = (insn >> 12) & 0xf; 2213 rd0 = (insn >> 16) & 0xf; 2214 rd1 = (insn >> 0) & 0xf; 2215 gen_op_iwmmxt_movq_M0_wRn(rd0); 2216 switch ((insn >> 22) & 3) { 2217 case 0: 2218 if (insn & (1 << 21)) 2219 gen_op_iwmmxt_minsb_M0_wRn(rd1); 2220 else 2221 gen_op_iwmmxt_minub_M0_wRn(rd1); 2222 break; 2223 case 1: 2224 if (insn & (1 << 21)) 2225 gen_op_iwmmxt_minsw_M0_wRn(rd1); 2226 else 2227 gen_op_iwmmxt_minuw_M0_wRn(rd1); 2228 break; 2229 case 2: 2230 if (insn & (1 << 21)) 2231 gen_op_iwmmxt_minsl_M0_wRn(rd1); 2232 else 2233 gen_op_iwmmxt_minul_M0_wRn(rd1); 2234 break; 2235 case 3: 2236 return 1; 2237 } 2238 gen_op_iwmmxt_movq_wRn_M0(wrd); 2239 gen_op_iwmmxt_set_mup(); 2240 break; 2241 case 0x016: case 0x216: case 0x416: case 0x616: /* WMAX */ 2242 case 0x816: case 0xa16: case 0xc16: case 0xe16: 2243 wrd = (insn >> 12) & 0xf; 2244 rd0 = (insn >> 16) & 0xf; 2245 rd1 = (insn >> 0) & 0xf; 2246 gen_op_iwmmxt_movq_M0_wRn(rd0); 2247 switch ((insn >> 22) & 3) { 2248 case 0: 2249 if (insn & (1 << 21)) 2250 gen_op_iwmmxt_maxsb_M0_wRn(rd1); 2251 else 2252 gen_op_iwmmxt_maxub_M0_wRn(rd1); 2253 break; 2254 case 1: 2255 if (insn & (1 << 21)) 2256 gen_op_iwmmxt_maxsw_M0_wRn(rd1); 2257 else 2258 gen_op_iwmmxt_maxuw_M0_wRn(rd1); 2259 break; 2260 case 2: 2261 if (insn & (1 << 21)) 2262 gen_op_iwmmxt_maxsl_M0_wRn(rd1); 2263 else 2264 gen_op_iwmmxt_maxul_M0_wRn(rd1); 2265 break; 2266 case 3: 2267 return 1; 2268 } 2269 gen_op_iwmmxt_movq_wRn_M0(wrd); 2270 gen_op_iwmmxt_set_mup(); 2271 break; 2272 case 0x002: case 0x102: case 0x202: case 0x302: /* WALIGNI */ 2273 case 0x402: case 0x502: case 0x602: case 0x702: 2274 wrd = (insn >> 12) & 0xf; 2275 rd0 = (insn >> 16) & 0xf; 2276 rd1 = (insn >> 0) & 0xf; 2277 gen_op_iwmmxt_movq_M0_wRn(rd0); 2278 iwmmxt_load_reg(cpu_V1, rd1); 2279 gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, 2280 tcg_constant_i32((insn >> 20) & 3)); 2281 gen_op_iwmmxt_movq_wRn_M0(wrd); 2282 gen_op_iwmmxt_set_mup(); 2283 break; 2284 case 0x01a: case 0x11a: case 0x21a: case 0x31a: /* WSUB */ 2285 case 0x41a: case 0x51a: case 0x61a: case 0x71a: 2286 case 0x81a: case 0x91a: case 0xa1a: case 0xb1a: 2287 case 0xc1a: case 0xd1a: case 0xe1a: case 0xf1a: 2288 wrd = (insn >> 12) & 0xf; 2289 rd0 = (insn >> 16) & 0xf; 2290 rd1 = (insn >> 0) & 0xf; 2291 gen_op_iwmmxt_movq_M0_wRn(rd0); 2292 switch ((insn >> 20) & 0xf) { 2293 case 0x0: 2294 gen_op_iwmmxt_subnb_M0_wRn(rd1); 2295 break; 2296 case 0x1: 2297 gen_op_iwmmxt_subub_M0_wRn(rd1); 2298 break; 2299 case 0x3: 2300 gen_op_iwmmxt_subsb_M0_wRn(rd1); 2301 break; 2302 case 0x4: 2303 gen_op_iwmmxt_subnw_M0_wRn(rd1); 2304 break; 2305 case 0x5: 2306 gen_op_iwmmxt_subuw_M0_wRn(rd1); 2307 break; 2308 case 0x7: 2309 gen_op_iwmmxt_subsw_M0_wRn(rd1); 2310 break; 2311 case 0x8: 2312 gen_op_iwmmxt_subnl_M0_wRn(rd1); 2313 break; 2314 case 0x9: 2315 gen_op_iwmmxt_subul_M0_wRn(rd1); 2316 break; 2317 case 0xb: 2318 gen_op_iwmmxt_subsl_M0_wRn(rd1); 2319 break; 2320 default: 2321 return 1; 2322 } 2323 gen_op_iwmmxt_movq_wRn_M0(wrd); 2324 gen_op_iwmmxt_set_mup(); 2325 gen_op_iwmmxt_set_cup(); 2326 break; 2327 case 0x01e: case 0x11e: case 0x21e: case 0x31e: /* WSHUFH */ 2328 case 0x41e: case 0x51e: case 0x61e: case 0x71e: 2329 case 0x81e: case 0x91e: case 0xa1e: case 0xb1e: 2330 case 0xc1e: case 0xd1e: case 0xe1e: case 0xf1e: 2331 wrd = (insn >> 12) & 0xf; 2332 rd0 = (insn >> 16) & 0xf; 2333 gen_op_iwmmxt_movq_M0_wRn(rd0); 2334 tmp = tcg_constant_i32(((insn >> 16) & 0xf0) | (insn & 0x0f)); 2335 gen_helper_iwmmxt_shufh(cpu_M0, tcg_env, cpu_M0, tmp); 2336 gen_op_iwmmxt_movq_wRn_M0(wrd); 2337 gen_op_iwmmxt_set_mup(); 2338 gen_op_iwmmxt_set_cup(); 2339 break; 2340 case 0x018: case 0x118: case 0x218: case 0x318: /* WADD */ 2341 case 0x418: case 0x518: case 0x618: case 0x718: 2342 case 0x818: case 0x918: case 0xa18: case 0xb18: 2343 case 0xc18: case 0xd18: case 0xe18: case 0xf18: 2344 wrd = (insn >> 12) & 0xf; 2345 rd0 = (insn >> 16) & 0xf; 2346 rd1 = (insn >> 0) & 0xf; 2347 gen_op_iwmmxt_movq_M0_wRn(rd0); 2348 switch ((insn >> 20) & 0xf) { 2349 case 0x0: 2350 gen_op_iwmmxt_addnb_M0_wRn(rd1); 2351 break; 2352 case 0x1: 2353 gen_op_iwmmxt_addub_M0_wRn(rd1); 2354 break; 2355 case 0x3: 2356 gen_op_iwmmxt_addsb_M0_wRn(rd1); 2357 break; 2358 case 0x4: 2359 gen_op_iwmmxt_addnw_M0_wRn(rd1); 2360 break; 2361 case 0x5: 2362 gen_op_iwmmxt_adduw_M0_wRn(rd1); 2363 break; 2364 case 0x7: 2365 gen_op_iwmmxt_addsw_M0_wRn(rd1); 2366 break; 2367 case 0x8: 2368 gen_op_iwmmxt_addnl_M0_wRn(rd1); 2369 break; 2370 case 0x9: 2371 gen_op_iwmmxt_addul_M0_wRn(rd1); 2372 break; 2373 case 0xb: 2374 gen_op_iwmmxt_addsl_M0_wRn(rd1); 2375 break; 2376 default: 2377 return 1; 2378 } 2379 gen_op_iwmmxt_movq_wRn_M0(wrd); 2380 gen_op_iwmmxt_set_mup(); 2381 gen_op_iwmmxt_set_cup(); 2382 break; 2383 case 0x008: case 0x108: case 0x208: case 0x308: /* WPACK */ 2384 case 0x408: case 0x508: case 0x608: case 0x708: 2385 case 0x808: case 0x908: case 0xa08: case 0xb08: 2386 case 0xc08: case 0xd08: case 0xe08: case 0xf08: 2387 if (!(insn & (1 << 20)) || ((insn >> 22) & 3) == 0) 2388 return 1; 2389 wrd = (insn >> 12) & 0xf; 2390 rd0 = (insn >> 16) & 0xf; 2391 rd1 = (insn >> 0) & 0xf; 2392 gen_op_iwmmxt_movq_M0_wRn(rd0); 2393 switch ((insn >> 22) & 3) { 2394 case 1: 2395 if (insn & (1 << 21)) 2396 gen_op_iwmmxt_packsw_M0_wRn(rd1); 2397 else 2398 gen_op_iwmmxt_packuw_M0_wRn(rd1); 2399 break; 2400 case 2: 2401 if (insn & (1 << 21)) 2402 gen_op_iwmmxt_packsl_M0_wRn(rd1); 2403 else 2404 gen_op_iwmmxt_packul_M0_wRn(rd1); 2405 break; 2406 case 3: 2407 if (insn & (1 << 21)) 2408 gen_op_iwmmxt_packsq_M0_wRn(rd1); 2409 else 2410 gen_op_iwmmxt_packuq_M0_wRn(rd1); 2411 break; 2412 } 2413 gen_op_iwmmxt_movq_wRn_M0(wrd); 2414 gen_op_iwmmxt_set_mup(); 2415 gen_op_iwmmxt_set_cup(); 2416 break; 2417 case 0x201: case 0x203: case 0x205: case 0x207: 2418 case 0x209: case 0x20b: case 0x20d: case 0x20f: 2419 case 0x211: case 0x213: case 0x215: case 0x217: 2420 case 0x219: case 0x21b: case 0x21d: case 0x21f: 2421 wrd = (insn >> 5) & 0xf; 2422 rd0 = (insn >> 12) & 0xf; 2423 rd1 = (insn >> 0) & 0xf; 2424 if (rd0 == 0xf || rd1 == 0xf) 2425 return 1; 2426 gen_op_iwmmxt_movq_M0_wRn(wrd); 2427 tmp = load_reg(s, rd0); 2428 tmp2 = load_reg(s, rd1); 2429 switch ((insn >> 16) & 0xf) { 2430 case 0x0: /* TMIA */ 2431 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2); 2432 break; 2433 case 0x8: /* TMIAPH */ 2434 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2); 2435 break; 2436 case 0xc: case 0xd: case 0xe: case 0xf: /* TMIAxy */ 2437 if (insn & (1 << 16)) 2438 tcg_gen_shri_i32(tmp, tmp, 16); 2439 if (insn & (1 << 17)) 2440 tcg_gen_shri_i32(tmp2, tmp2, 16); 2441 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2); 2442 break; 2443 default: 2444 return 1; 2445 } 2446 gen_op_iwmmxt_movq_wRn_M0(wrd); 2447 gen_op_iwmmxt_set_mup(); 2448 break; 2449 default: 2450 return 1; 2451 } 2452 2453 return 0; 2454 } 2455 2456 /* Disassemble an XScale DSP instruction. Returns nonzero if an error occurred 2457 (ie. an undefined instruction). */ 2458 static int disas_dsp_insn(DisasContext *s, uint32_t insn) 2459 { 2460 int acc, rd0, rd1, rdhi, rdlo; 2461 TCGv_i32 tmp, tmp2; 2462 2463 if ((insn & 0x0ff00f10) == 0x0e200010) { 2464 /* Multiply with Internal Accumulate Format */ 2465 rd0 = (insn >> 12) & 0xf; 2466 rd1 = insn & 0xf; 2467 acc = (insn >> 5) & 7; 2468 2469 if (acc != 0) 2470 return 1; 2471 2472 tmp = load_reg(s, rd0); 2473 tmp2 = load_reg(s, rd1); 2474 switch ((insn >> 16) & 0xf) { 2475 case 0x0: /* MIA */ 2476 gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2); 2477 break; 2478 case 0x8: /* MIAPH */ 2479 gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2); 2480 break; 2481 case 0xc: /* MIABB */ 2482 case 0xd: /* MIABT */ 2483 case 0xe: /* MIATB */ 2484 case 0xf: /* MIATT */ 2485 if (insn & (1 << 16)) 2486 tcg_gen_shri_i32(tmp, tmp, 16); 2487 if (insn & (1 << 17)) 2488 tcg_gen_shri_i32(tmp2, tmp2, 16); 2489 gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2); 2490 break; 2491 default: 2492 return 1; 2493 } 2494 2495 gen_op_iwmmxt_movq_wRn_M0(acc); 2496 return 0; 2497 } 2498 2499 if ((insn & 0x0fe00ff8) == 0x0c400000) { 2500 /* Internal Accumulator Access Format */ 2501 rdhi = (insn >> 16) & 0xf; 2502 rdlo = (insn >> 12) & 0xf; 2503 acc = insn & 7; 2504 2505 if (acc != 0) 2506 return 1; 2507 2508 if (insn & ARM_CP_RW_BIT) { /* MRA */ 2509 iwmmxt_load_reg(cpu_V0, acc); 2510 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0); 2511 tcg_gen_extrh_i64_i32(cpu_R[rdhi], cpu_V0); 2512 tcg_gen_andi_i32(cpu_R[rdhi], cpu_R[rdhi], (1 << (40 - 32)) - 1); 2513 } else { /* MAR */ 2514 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]); 2515 iwmmxt_store_reg(cpu_V0, acc); 2516 } 2517 return 0; 2518 } 2519 2520 return 1; 2521 } 2522 2523 static void gen_goto_ptr(void) 2524 { 2525 tcg_gen_lookup_and_goto_ptr(); 2526 } 2527 2528 /* This will end the TB but doesn't guarantee we'll return to 2529 * cpu_loop_exec. Any live exit_requests will be processed as we 2530 * enter the next TB. 2531 */ 2532 static void gen_goto_tb(DisasContext *s, int n, target_long diff) 2533 { 2534 if (translator_use_goto_tb(&s->base, s->pc_curr + diff)) { 2535 /* 2536 * For pcrel, the pc must always be up-to-date on entry to 2537 * the linked TB, so that it can use simple additions for all 2538 * further adjustments. For !pcrel, the linked TB is compiled 2539 * to know its full virtual address, so we can delay the 2540 * update to pc to the unlinked path. A long chain of links 2541 * can thus avoid many updates to the PC. 2542 */ 2543 if (tb_cflags(s->base.tb) & CF_PCREL) { 2544 gen_update_pc(s, diff); 2545 tcg_gen_goto_tb(n); 2546 } else { 2547 tcg_gen_goto_tb(n); 2548 gen_update_pc(s, diff); 2549 } 2550 tcg_gen_exit_tb(s->base.tb, n); 2551 } else { 2552 gen_update_pc(s, diff); 2553 gen_goto_ptr(); 2554 } 2555 s->base.is_jmp = DISAS_NORETURN; 2556 } 2557 2558 /* Jump, specifying which TB number to use if we gen_goto_tb() */ 2559 static void gen_jmp_tb(DisasContext *s, target_long diff, int tbno) 2560 { 2561 if (unlikely(s->ss_active)) { 2562 /* An indirect jump so that we still trigger the debug exception. */ 2563 gen_update_pc(s, diff); 2564 s->base.is_jmp = DISAS_JUMP; 2565 return; 2566 } 2567 switch (s->base.is_jmp) { 2568 case DISAS_NEXT: 2569 case DISAS_TOO_MANY: 2570 case DISAS_NORETURN: 2571 /* 2572 * The normal case: just go to the destination TB. 2573 * NB: NORETURN happens if we generate code like 2574 * gen_brcondi(l); 2575 * gen_jmp(); 2576 * gen_set_label(l); 2577 * gen_jmp(); 2578 * on the second call to gen_jmp(). 2579 */ 2580 gen_goto_tb(s, tbno, diff); 2581 break; 2582 case DISAS_UPDATE_NOCHAIN: 2583 case DISAS_UPDATE_EXIT: 2584 /* 2585 * We already decided we're leaving the TB for some other reason. 2586 * Avoid using goto_tb so we really do exit back to the main loop 2587 * and don't chain to another TB. 2588 */ 2589 gen_update_pc(s, diff); 2590 gen_goto_ptr(); 2591 s->base.is_jmp = DISAS_NORETURN; 2592 break; 2593 default: 2594 /* 2595 * We shouldn't be emitting code for a jump and also have 2596 * is_jmp set to one of the special cases like DISAS_SWI. 2597 */ 2598 g_assert_not_reached(); 2599 } 2600 } 2601 2602 static inline void gen_jmp(DisasContext *s, target_long diff) 2603 { 2604 gen_jmp_tb(s, diff, 0); 2605 } 2606 2607 static inline void gen_mulxy(TCGv_i32 t0, TCGv_i32 t1, int x, int y) 2608 { 2609 if (x) 2610 tcg_gen_sari_i32(t0, t0, 16); 2611 else 2612 gen_sxth(t0); 2613 if (y) 2614 tcg_gen_sari_i32(t1, t1, 16); 2615 else 2616 gen_sxth(t1); 2617 tcg_gen_mul_i32(t0, t0, t1); 2618 } 2619 2620 /* Return the mask of PSR bits set by a MSR instruction. */ 2621 static uint32_t msr_mask(DisasContext *s, int flags, int spsr) 2622 { 2623 uint32_t mask = 0; 2624 2625 if (flags & (1 << 0)) { 2626 mask |= 0xff; 2627 } 2628 if (flags & (1 << 1)) { 2629 mask |= 0xff00; 2630 } 2631 if (flags & (1 << 2)) { 2632 mask |= 0xff0000; 2633 } 2634 if (flags & (1 << 3)) { 2635 mask |= 0xff000000; 2636 } 2637 2638 /* Mask out undefined and reserved bits. */ 2639 mask &= aarch32_cpsr_valid_mask(s->features, s->isar); 2640 2641 /* Mask out execution state. */ 2642 if (!spsr) { 2643 mask &= ~CPSR_EXEC; 2644 } 2645 2646 /* Mask out privileged bits. */ 2647 if (IS_USER(s)) { 2648 mask &= CPSR_USER; 2649 } 2650 return mask; 2651 } 2652 2653 /* Returns nonzero if access to the PSR is not permitted. Marks t0 as dead. */ 2654 static int gen_set_psr(DisasContext *s, uint32_t mask, int spsr, TCGv_i32 t0) 2655 { 2656 TCGv_i32 tmp; 2657 if (spsr) { 2658 /* ??? This is also undefined in system mode. */ 2659 if (IS_USER(s)) 2660 return 1; 2661 2662 tmp = load_cpu_field(spsr); 2663 tcg_gen_andi_i32(tmp, tmp, ~mask); 2664 tcg_gen_andi_i32(t0, t0, mask); 2665 tcg_gen_or_i32(tmp, tmp, t0); 2666 store_cpu_field(tmp, spsr); 2667 } else { 2668 gen_set_cpsr(t0, mask); 2669 } 2670 gen_lookup_tb(s); 2671 return 0; 2672 } 2673 2674 /* Returns nonzero if access to the PSR is not permitted. */ 2675 static int gen_set_psr_im(DisasContext *s, uint32_t mask, int spsr, uint32_t val) 2676 { 2677 TCGv_i32 tmp; 2678 tmp = tcg_temp_new_i32(); 2679 tcg_gen_movi_i32(tmp, val); 2680 return gen_set_psr(s, mask, spsr, tmp); 2681 } 2682 2683 static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn, 2684 int *tgtmode, int *regno) 2685 { 2686 /* Decode the r and sysm fields of MSR/MRS banked accesses into 2687 * the target mode and register number, and identify the various 2688 * unpredictable cases. 2689 * MSR (banked) and MRS (banked) are CONSTRAINED UNPREDICTABLE if: 2690 * + executed in user mode 2691 * + using R15 as the src/dest register 2692 * + accessing an unimplemented register 2693 * + accessing a register that's inaccessible at current PL/security state* 2694 * + accessing a register that you could access with a different insn 2695 * We choose to UNDEF in all these cases. 2696 * Since we don't know which of the various AArch32 modes we are in 2697 * we have to defer some checks to runtime. 2698 * Accesses to Monitor mode registers from Secure EL1 (which implies 2699 * that EL3 is AArch64) must trap to EL3. 2700 * 2701 * If the access checks fail this function will emit code to take 2702 * an exception and return false. Otherwise it will return true, 2703 * and set *tgtmode and *regno appropriately. 2704 */ 2705 /* These instructions are present only in ARMv8, or in ARMv7 with the 2706 * Virtualization Extensions. 2707 */ 2708 if (!arm_dc_feature(s, ARM_FEATURE_V8) && 2709 !arm_dc_feature(s, ARM_FEATURE_EL2)) { 2710 goto undef; 2711 } 2712 2713 if (IS_USER(s) || rn == 15) { 2714 goto undef; 2715 } 2716 2717 /* The table in the v8 ARM ARM section F5.2.3 describes the encoding 2718 * of registers into (r, sysm). 2719 */ 2720 if (r) { 2721 /* SPSRs for other modes */ 2722 switch (sysm) { 2723 case 0xe: /* SPSR_fiq */ 2724 *tgtmode = ARM_CPU_MODE_FIQ; 2725 break; 2726 case 0x10: /* SPSR_irq */ 2727 *tgtmode = ARM_CPU_MODE_IRQ; 2728 break; 2729 case 0x12: /* SPSR_svc */ 2730 *tgtmode = ARM_CPU_MODE_SVC; 2731 break; 2732 case 0x14: /* SPSR_abt */ 2733 *tgtmode = ARM_CPU_MODE_ABT; 2734 break; 2735 case 0x16: /* SPSR_und */ 2736 *tgtmode = ARM_CPU_MODE_UND; 2737 break; 2738 case 0x1c: /* SPSR_mon */ 2739 *tgtmode = ARM_CPU_MODE_MON; 2740 break; 2741 case 0x1e: /* SPSR_hyp */ 2742 *tgtmode = ARM_CPU_MODE_HYP; 2743 break; 2744 default: /* unallocated */ 2745 goto undef; 2746 } 2747 /* We arbitrarily assign SPSR a register number of 16. */ 2748 *regno = 16; 2749 } else { 2750 /* general purpose registers for other modes */ 2751 switch (sysm) { 2752 case 0x0 ... 0x6: /* 0b00xxx : r8_usr ... r14_usr */ 2753 *tgtmode = ARM_CPU_MODE_USR; 2754 *regno = sysm + 8; 2755 break; 2756 case 0x8 ... 0xe: /* 0b01xxx : r8_fiq ... r14_fiq */ 2757 *tgtmode = ARM_CPU_MODE_FIQ; 2758 *regno = sysm; 2759 break; 2760 case 0x10 ... 0x11: /* 0b1000x : r14_irq, r13_irq */ 2761 *tgtmode = ARM_CPU_MODE_IRQ; 2762 *regno = sysm & 1 ? 13 : 14; 2763 break; 2764 case 0x12 ... 0x13: /* 0b1001x : r14_svc, r13_svc */ 2765 *tgtmode = ARM_CPU_MODE_SVC; 2766 *regno = sysm & 1 ? 13 : 14; 2767 break; 2768 case 0x14 ... 0x15: /* 0b1010x : r14_abt, r13_abt */ 2769 *tgtmode = ARM_CPU_MODE_ABT; 2770 *regno = sysm & 1 ? 13 : 14; 2771 break; 2772 case 0x16 ... 0x17: /* 0b1011x : r14_und, r13_und */ 2773 *tgtmode = ARM_CPU_MODE_UND; 2774 *regno = sysm & 1 ? 13 : 14; 2775 break; 2776 case 0x1c ... 0x1d: /* 0b1110x : r14_mon, r13_mon */ 2777 *tgtmode = ARM_CPU_MODE_MON; 2778 *regno = sysm & 1 ? 13 : 14; 2779 break; 2780 case 0x1e ... 0x1f: /* 0b1111x : elr_hyp, r13_hyp */ 2781 *tgtmode = ARM_CPU_MODE_HYP; 2782 /* Arbitrarily pick 17 for ELR_Hyp (which is not a banked LR!) */ 2783 *regno = sysm & 1 ? 13 : 17; 2784 break; 2785 default: /* unallocated */ 2786 goto undef; 2787 } 2788 } 2789 2790 /* Catch the 'accessing inaccessible register' cases we can detect 2791 * at translate time. 2792 */ 2793 switch (*tgtmode) { 2794 case ARM_CPU_MODE_MON: 2795 if (!arm_dc_feature(s, ARM_FEATURE_EL3) || s->ns) { 2796 goto undef; 2797 } 2798 if (s->current_el == 1) { 2799 /* If we're in Secure EL1 (which implies that EL3 is AArch64) 2800 * then accesses to Mon registers trap to Secure EL2, if it exists, 2801 * otherwise EL3. 2802 */ 2803 TCGv_i32 tcg_el; 2804 2805 if (arm_dc_feature(s, ARM_FEATURE_AARCH64) && 2806 dc_isar_feature(aa64_sel2, s)) { 2807 /* Target EL is EL<3 minus SCR_EL3.EEL2> */ 2808 tcg_el = load_cpu_field_low32(cp15.scr_el3); 2809 tcg_gen_sextract_i32(tcg_el, tcg_el, ctz32(SCR_EEL2), 1); 2810 tcg_gen_addi_i32(tcg_el, tcg_el, 3); 2811 } else { 2812 tcg_el = tcg_constant_i32(3); 2813 } 2814 2815 gen_exception_insn_el_v(s, 0, EXCP_UDEF, 2816 syn_uncategorized(), tcg_el); 2817 return false; 2818 } 2819 break; 2820 case ARM_CPU_MODE_HYP: 2821 /* 2822 * r13_hyp can only be accessed from Monitor mode, and so we 2823 * can forbid accesses from EL2 or below. 2824 * elr_hyp can be accessed also from Hyp mode, so forbid 2825 * accesses from EL0 or EL1. 2826 * SPSR_hyp is supposed to be in the same category as r13_hyp 2827 * and UNPREDICTABLE if accessed from anything except Monitor 2828 * mode. However there is some real-world code that will do 2829 * it because at least some hardware happens to permit the 2830 * access. (Notably a standard Cortex-R52 startup code fragment 2831 * does this.) So we permit SPSR_hyp from Hyp mode also, to allow 2832 * this (incorrect) guest code to run. 2833 */ 2834 if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 2 2835 || (s->current_el < 3 && *regno != 16 && *regno != 17)) { 2836 goto undef; 2837 } 2838 break; 2839 default: 2840 break; 2841 } 2842 2843 return true; 2844 2845 undef: 2846 /* If we get here then some access check did not pass */ 2847 gen_exception_insn(s, 0, EXCP_UDEF, syn_uncategorized()); 2848 return false; 2849 } 2850 2851 static void gen_msr_banked(DisasContext *s, int r, int sysm, int rn) 2852 { 2853 TCGv_i32 tcg_reg; 2854 int tgtmode = 0, regno = 0; 2855 2856 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, ®no)) { 2857 return; 2858 } 2859 2860 /* Sync state because msr_banked() can raise exceptions */ 2861 gen_set_condexec(s); 2862 gen_update_pc(s, 0); 2863 tcg_reg = load_reg(s, rn); 2864 gen_helper_msr_banked(tcg_env, tcg_reg, 2865 tcg_constant_i32(tgtmode), 2866 tcg_constant_i32(regno)); 2867 s->base.is_jmp = DISAS_UPDATE_EXIT; 2868 } 2869 2870 static void gen_mrs_banked(DisasContext *s, int r, int sysm, int rn) 2871 { 2872 TCGv_i32 tcg_reg; 2873 int tgtmode = 0, regno = 0; 2874 2875 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, ®no)) { 2876 return; 2877 } 2878 2879 /* Sync state because mrs_banked() can raise exceptions */ 2880 gen_set_condexec(s); 2881 gen_update_pc(s, 0); 2882 tcg_reg = tcg_temp_new_i32(); 2883 gen_helper_mrs_banked(tcg_reg, tcg_env, 2884 tcg_constant_i32(tgtmode), 2885 tcg_constant_i32(regno)); 2886 store_reg(s, rn, tcg_reg); 2887 s->base.is_jmp = DISAS_UPDATE_EXIT; 2888 } 2889 2890 /* Store value to PC as for an exception return (ie don't 2891 * mask bits). The subsequent call to gen_helper_cpsr_write_eret() 2892 * will do the masking based on the new value of the Thumb bit. 2893 */ 2894 static void store_pc_exc_ret(DisasContext *s, TCGv_i32 pc) 2895 { 2896 tcg_gen_mov_i32(cpu_R[15], pc); 2897 } 2898 2899 /* Generate a v6 exception return. Marks both values as dead. */ 2900 static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr) 2901 { 2902 store_pc_exc_ret(s, pc); 2903 /* The cpsr_write_eret helper will mask the low bits of PC 2904 * appropriately depending on the new Thumb bit, so it must 2905 * be called after storing the new PC. 2906 */ 2907 translator_io_start(&s->base); 2908 gen_helper_cpsr_write_eret(tcg_env, cpsr); 2909 /* Must exit loop to check un-masked IRQs */ 2910 s->base.is_jmp = DISAS_EXIT; 2911 } 2912 2913 /* Generate an old-style exception return. Marks pc as dead. */ 2914 static void gen_exception_return(DisasContext *s, TCGv_i32 pc) 2915 { 2916 gen_rfe(s, pc, load_cpu_field(spsr)); 2917 } 2918 2919 static bool aa32_cpreg_encoding_in_impdef_space(uint8_t crn, uint8_t crm) 2920 { 2921 static const uint16_t mask[3] = { 2922 0b0000000111100111, /* crn == 9, crm == {c0-c2, c5-c8} */ 2923 0b0000000100010011, /* crn == 10, crm == {c0, c1, c4, c8} */ 2924 0b1000000111111111, /* crn == 11, crm == {c0-c8, c15} */ 2925 }; 2926 2927 if (crn >= 9 && crn <= 11) { 2928 return (mask[crn - 9] >> crm) & 1; 2929 } 2930 return false; 2931 } 2932 2933 static void do_coproc_insn(DisasContext *s, int cpnum, int is64, 2934 int opc1, int crn, int crm, int opc2, 2935 bool isread, int rt, int rt2) 2936 { 2937 uint32_t key = ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2); 2938 const ARMCPRegInfo *ri = get_arm_cp_reginfo(s->cp_regs, key); 2939 TCGv_ptr tcg_ri = NULL; 2940 bool need_exit_tb = false; 2941 uint32_t syndrome; 2942 2943 /* 2944 * Note that since we are an implementation which takes an 2945 * exception on a trapped conditional instruction only if the 2946 * instruction passes its condition code check, we can take 2947 * advantage of the clause in the ARM ARM that allows us to set 2948 * the COND field in the instruction to 0xE in all cases. 2949 * We could fish the actual condition out of the insn (ARM) 2950 * or the condexec bits (Thumb) but it isn't necessary. 2951 */ 2952 switch (cpnum) { 2953 case 14: 2954 if (is64) { 2955 syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2, 2956 isread, false); 2957 } else { 2958 syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm, 2959 rt, isread, false); 2960 } 2961 break; 2962 case 15: 2963 if (is64) { 2964 syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2, 2965 isread, false); 2966 } else { 2967 syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm, 2968 rt, isread, false); 2969 } 2970 break; 2971 default: 2972 /* 2973 * ARMv8 defines that only coprocessors 14 and 15 exist, 2974 * so this can only happen if this is an ARMv7 or earlier CPU, 2975 * in which case the syndrome information won't actually be 2976 * guest visible. 2977 */ 2978 assert(!arm_dc_feature(s, ARM_FEATURE_V8)); 2979 syndrome = syn_uncategorized(); 2980 break; 2981 } 2982 2983 if (s->hstr_active && cpnum == 15 && s->current_el == 1) { 2984 /* 2985 * At EL1, check for a HSTR_EL2 trap, which must take precedence 2986 * over the UNDEF for "no such register" or the UNDEF for "access 2987 * permissions forbid this EL1 access". HSTR_EL2 traps from EL0 2988 * only happen if the cpreg doesn't UNDEF at EL0, so we do those in 2989 * access_check_cp_reg(), after the checks for whether the access 2990 * configurably trapped to EL1. 2991 */ 2992 uint32_t maskbit = is64 ? crm : crn; 2993 2994 if (maskbit != 4 && maskbit != 14) { 2995 /* T4 and T14 are RES0 so never cause traps */ 2996 TCGv_i32 t; 2997 DisasLabel over = gen_disas_label(s); 2998 2999 t = load_cpu_offset(offsetoflow32(CPUARMState, cp15.hstr_el2)); 3000 tcg_gen_andi_i32(t, t, 1u << maskbit); 3001 tcg_gen_brcondi_i32(TCG_COND_EQ, t, 0, over.label); 3002 3003 gen_exception_insn_el(s, 0, EXCP_UDEF, syndrome, 2); 3004 /* 3005 * gen_exception_insn() will set is_jmp to DISAS_NORETURN, 3006 * but since we're conditionally branching over it, we want 3007 * to assume continue-to-next-instruction. 3008 */ 3009 s->base.is_jmp = DISAS_NEXT; 3010 set_disas_label(s, over); 3011 } 3012 } 3013 3014 if (cpnum == 15 && aa32_cpreg_encoding_in_impdef_space(crn, crm)) { 3015 /* 3016 * Check for TIDCP trap, which must take precedence over the UNDEF 3017 * for "no such register" etc. It shares precedence with HSTR, 3018 * but raises the same exception, so order doesn't matter. 3019 */ 3020 switch (s->current_el) { 3021 case 0: 3022 if (arm_dc_feature(s, ARM_FEATURE_AARCH64) 3023 && dc_isar_feature(aa64_tidcp1, s)) { 3024 gen_helper_tidcp_el0(tcg_env, tcg_constant_i32(syndrome)); 3025 } 3026 break; 3027 case 1: 3028 gen_helper_tidcp_el1(tcg_env, tcg_constant_i32(syndrome)); 3029 break; 3030 } 3031 } 3032 3033 if (!ri) { 3034 /* 3035 * Unknown register; this might be a guest error or a QEMU 3036 * unimplemented feature. 3037 */ 3038 if (is64) { 3039 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 " 3040 "64 bit system register cp:%d opc1: %d crm:%d " 3041 "(%s)\n", 3042 isread ? "read" : "write", cpnum, opc1, crm, 3043 s->ns ? "non-secure" : "secure"); 3044 } else { 3045 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 " 3046 "system register cp:%d opc1:%d crn:%d crm:%d " 3047 "opc2:%d (%s)\n", 3048 isread ? "read" : "write", cpnum, opc1, crn, 3049 crm, opc2, s->ns ? "non-secure" : "secure"); 3050 } 3051 unallocated_encoding(s); 3052 return; 3053 } 3054 3055 /* Check access permissions */ 3056 if (!cp_access_ok(s->current_el, ri, isread)) { 3057 unallocated_encoding(s); 3058 return; 3059 } 3060 3061 if ((s->hstr_active && s->current_el == 0) || ri->accessfn || 3062 (ri->fgt && s->fgt_active) || 3063 (arm_dc_feature(s, ARM_FEATURE_XSCALE) && cpnum < 14)) { 3064 /* 3065 * Emit code to perform further access permissions checks at 3066 * runtime; this may result in an exception. 3067 * Note that on XScale all cp0..c13 registers do an access check 3068 * call in order to handle c15_cpar. 3069 */ 3070 gen_set_condexec(s); 3071 gen_update_pc(s, 0); 3072 tcg_ri = tcg_temp_new_ptr(); 3073 gen_helper_access_check_cp_reg(tcg_ri, tcg_env, 3074 tcg_constant_i32(key), 3075 tcg_constant_i32(syndrome), 3076 tcg_constant_i32(isread)); 3077 } else if (ri->type & ARM_CP_RAISES_EXC) { 3078 /* 3079 * The readfn or writefn might raise an exception; 3080 * synchronize the CPU state in case it does. 3081 */ 3082 gen_set_condexec(s); 3083 gen_update_pc(s, 0); 3084 } 3085 3086 /* Handle special cases first */ 3087 switch (ri->type & ARM_CP_SPECIAL_MASK) { 3088 case 0: 3089 break; 3090 case ARM_CP_NOP: 3091 return; 3092 case ARM_CP_WFI: 3093 if (isread) { 3094 unallocated_encoding(s); 3095 } else { 3096 gen_update_pc(s, curr_insn_len(s)); 3097 s->base.is_jmp = DISAS_WFI; 3098 } 3099 return; 3100 default: 3101 g_assert_not_reached(); 3102 } 3103 3104 if (ri->type & ARM_CP_IO) { 3105 /* I/O operations must end the TB here (whether read or write) */ 3106 need_exit_tb = translator_io_start(&s->base); 3107 } 3108 3109 if (isread) { 3110 /* Read */ 3111 if (is64) { 3112 TCGv_i64 tmp64; 3113 TCGv_i32 tmp; 3114 if (ri->type & ARM_CP_CONST) { 3115 tmp64 = tcg_constant_i64(ri->resetvalue); 3116 } else if (ri->readfn) { 3117 if (!tcg_ri) { 3118 tcg_ri = gen_lookup_cp_reg(key); 3119 } 3120 tmp64 = tcg_temp_new_i64(); 3121 gen_helper_get_cp_reg64(tmp64, tcg_env, tcg_ri); 3122 } else { 3123 tmp64 = tcg_temp_new_i64(); 3124 tcg_gen_ld_i64(tmp64, tcg_env, ri->fieldoffset); 3125 } 3126 tmp = tcg_temp_new_i32(); 3127 tcg_gen_extrl_i64_i32(tmp, tmp64); 3128 store_reg(s, rt, tmp); 3129 tmp = tcg_temp_new_i32(); 3130 tcg_gen_extrh_i64_i32(tmp, tmp64); 3131 store_reg(s, rt2, tmp); 3132 } else { 3133 TCGv_i32 tmp; 3134 if (ri->type & ARM_CP_CONST) { 3135 tmp = tcg_constant_i32(ri->resetvalue); 3136 } else if (ri->readfn) { 3137 if (!tcg_ri) { 3138 tcg_ri = gen_lookup_cp_reg(key); 3139 } 3140 tmp = tcg_temp_new_i32(); 3141 gen_helper_get_cp_reg(tmp, tcg_env, tcg_ri); 3142 } else { 3143 tmp = load_cpu_offset(ri->fieldoffset); 3144 } 3145 if (rt == 15) { 3146 /* Destination register of r15 for 32 bit loads sets 3147 * the condition codes from the high 4 bits of the value 3148 */ 3149 gen_set_nzcv(tmp); 3150 } else { 3151 store_reg(s, rt, tmp); 3152 } 3153 } 3154 } else { 3155 /* Write */ 3156 if (ri->type & ARM_CP_CONST) { 3157 /* If not forbidden by access permissions, treat as WI */ 3158 return; 3159 } 3160 3161 if (is64) { 3162 TCGv_i32 tmplo, tmphi; 3163 TCGv_i64 tmp64 = tcg_temp_new_i64(); 3164 tmplo = load_reg(s, rt); 3165 tmphi = load_reg(s, rt2); 3166 tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi); 3167 if (ri->writefn) { 3168 if (!tcg_ri) { 3169 tcg_ri = gen_lookup_cp_reg(key); 3170 } 3171 gen_helper_set_cp_reg64(tcg_env, tcg_ri, tmp64); 3172 } else { 3173 tcg_gen_st_i64(tmp64, tcg_env, ri->fieldoffset); 3174 } 3175 } else { 3176 TCGv_i32 tmp = load_reg(s, rt); 3177 if (ri->writefn) { 3178 if (!tcg_ri) { 3179 tcg_ri = gen_lookup_cp_reg(key); 3180 } 3181 gen_helper_set_cp_reg(tcg_env, tcg_ri, tmp); 3182 } else { 3183 store_cpu_offset(tmp, ri->fieldoffset, 4); 3184 } 3185 } 3186 } 3187 3188 if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) { 3189 /* 3190 * A write to any coprocessor register that ends a TB 3191 * must rebuild the hflags for the next TB. 3192 */ 3193 gen_rebuild_hflags(s, ri->type & ARM_CP_NEWEL); 3194 /* 3195 * We default to ending the TB on a coprocessor register write, 3196 * but allow this to be suppressed by the register definition 3197 * (usually only necessary to work around guest bugs). 3198 */ 3199 need_exit_tb = true; 3200 } 3201 if (need_exit_tb) { 3202 gen_lookup_tb(s); 3203 } 3204 } 3205 3206 /* Decode XScale DSP or iWMMXt insn (in the copro space, cp=0 or 1) */ 3207 static void disas_xscale_insn(DisasContext *s, uint32_t insn) 3208 { 3209 int cpnum = (insn >> 8) & 0xf; 3210 3211 if (extract32(s->c15_cpar, cpnum, 1) == 0) { 3212 unallocated_encoding(s); 3213 } else if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) { 3214 if (disas_iwmmxt_insn(s, insn)) { 3215 unallocated_encoding(s); 3216 } 3217 } else if (arm_dc_feature(s, ARM_FEATURE_XSCALE)) { 3218 if (disas_dsp_insn(s, insn)) { 3219 unallocated_encoding(s); 3220 } 3221 } 3222 } 3223 3224 /* Store a 64-bit value to a register pair. Clobbers val. */ 3225 static void gen_storeq_reg(DisasContext *s, int rlow, int rhigh, TCGv_i64 val) 3226 { 3227 TCGv_i32 tmp; 3228 tmp = tcg_temp_new_i32(); 3229 tcg_gen_extrl_i64_i32(tmp, val); 3230 store_reg(s, rlow, tmp); 3231 tmp = tcg_temp_new_i32(); 3232 tcg_gen_extrh_i64_i32(tmp, val); 3233 store_reg(s, rhigh, tmp); 3234 } 3235 3236 /* load and add a 64-bit value from a register pair. */ 3237 static void gen_addq(DisasContext *s, TCGv_i64 val, int rlow, int rhigh) 3238 { 3239 TCGv_i64 tmp; 3240 TCGv_i32 tmpl; 3241 TCGv_i32 tmph; 3242 3243 /* Load 64-bit value rd:rn. */ 3244 tmpl = load_reg(s, rlow); 3245 tmph = load_reg(s, rhigh); 3246 tmp = tcg_temp_new_i64(); 3247 tcg_gen_concat_i32_i64(tmp, tmpl, tmph); 3248 tcg_gen_add_i64(val, val, tmp); 3249 } 3250 3251 /* Set N and Z flags from hi|lo. */ 3252 static void gen_logicq_cc(TCGv_i32 lo, TCGv_i32 hi) 3253 { 3254 tcg_gen_mov_i32(cpu_NF, hi); 3255 tcg_gen_or_i32(cpu_ZF, lo, hi); 3256 } 3257 3258 /* Load/Store exclusive instructions are implemented by remembering 3259 the value/address loaded, and seeing if these are the same 3260 when the store is performed. This should be sufficient to implement 3261 the architecturally mandated semantics, and avoids having to monitor 3262 regular stores. The compare vs the remembered value is done during 3263 the cmpxchg operation, but we must compare the addresses manually. */ 3264 static void gen_load_exclusive(DisasContext *s, int rt, int rt2, 3265 TCGv_i32 addr, int size) 3266 { 3267 TCGv_i32 tmp = tcg_temp_new_i32(); 3268 MemOp opc = size | MO_ALIGN | s->be_data; 3269 3270 s->is_ldex = true; 3271 3272 if (size == 3) { 3273 TCGv_i32 tmp2 = tcg_temp_new_i32(); 3274 TCGv_i64 t64 = tcg_temp_new_i64(); 3275 3276 /* 3277 * For AArch32, architecturally the 32-bit word at the lowest 3278 * address is always Rt and the one at addr+4 is Rt2, even if 3279 * the CPU is big-endian. That means we don't want to do a 3280 * gen_aa32_ld_i64(), which checks SCTLR_B as if for an 3281 * architecturally 64-bit access, but instead do a 64-bit access 3282 * using MO_BE if appropriate and then split the two halves. 3283 */ 3284 TCGv taddr = gen_aa32_addr(s, addr, opc); 3285 3286 tcg_gen_qemu_ld_i64(t64, taddr, get_mem_index(s), opc); 3287 tcg_gen_mov_i64(cpu_exclusive_val, t64); 3288 if (s->be_data == MO_BE) { 3289 tcg_gen_extr_i64_i32(tmp2, tmp, t64); 3290 } else { 3291 tcg_gen_extr_i64_i32(tmp, tmp2, t64); 3292 } 3293 store_reg(s, rt2, tmp2); 3294 } else { 3295 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), opc); 3296 tcg_gen_extu_i32_i64(cpu_exclusive_val, tmp); 3297 } 3298 3299 store_reg(s, rt, tmp); 3300 tcg_gen_extu_i32_i64(cpu_exclusive_addr, addr); 3301 } 3302 3303 static void gen_clrex(DisasContext *s) 3304 { 3305 tcg_gen_movi_i64(cpu_exclusive_addr, -1); 3306 } 3307 3308 static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2, 3309 TCGv_i32 addr, int size) 3310 { 3311 TCGv_i32 t0, t1, t2; 3312 TCGv_i64 extaddr; 3313 TCGv taddr; 3314 TCGLabel *done_label; 3315 TCGLabel *fail_label; 3316 MemOp opc = size | MO_ALIGN | s->be_data; 3317 3318 /* if (env->exclusive_addr == addr && env->exclusive_val == [addr]) { 3319 [addr] = {Rt}; 3320 {Rd} = 0; 3321 } else { 3322 {Rd} = 1; 3323 } */ 3324 fail_label = gen_new_label(); 3325 done_label = gen_new_label(); 3326 extaddr = tcg_temp_new_i64(); 3327 tcg_gen_extu_i32_i64(extaddr, addr); 3328 tcg_gen_brcond_i64(TCG_COND_NE, extaddr, cpu_exclusive_addr, fail_label); 3329 3330 taddr = gen_aa32_addr(s, addr, opc); 3331 t0 = tcg_temp_new_i32(); 3332 t1 = load_reg(s, rt); 3333 if (size == 3) { 3334 TCGv_i64 o64 = tcg_temp_new_i64(); 3335 TCGv_i64 n64 = tcg_temp_new_i64(); 3336 3337 t2 = load_reg(s, rt2); 3338 3339 /* 3340 * For AArch32, architecturally the 32-bit word at the lowest 3341 * address is always Rt and the one at addr+4 is Rt2, even if 3342 * the CPU is big-endian. Since we're going to treat this as a 3343 * single 64-bit BE store, we need to put the two halves in the 3344 * opposite order for BE to LE, so that they end up in the right 3345 * places. We don't want gen_aa32_st_i64, because that checks 3346 * SCTLR_B as if for an architectural 64-bit access. 3347 */ 3348 if (s->be_data == MO_BE) { 3349 tcg_gen_concat_i32_i64(n64, t2, t1); 3350 } else { 3351 tcg_gen_concat_i32_i64(n64, t1, t2); 3352 } 3353 3354 tcg_gen_atomic_cmpxchg_i64(o64, taddr, cpu_exclusive_val, n64, 3355 get_mem_index(s), opc); 3356 3357 tcg_gen_setcond_i64(TCG_COND_NE, o64, o64, cpu_exclusive_val); 3358 tcg_gen_extrl_i64_i32(t0, o64); 3359 } else { 3360 t2 = tcg_temp_new_i32(); 3361 tcg_gen_extrl_i64_i32(t2, cpu_exclusive_val); 3362 tcg_gen_atomic_cmpxchg_i32(t0, taddr, t2, t1, get_mem_index(s), opc); 3363 tcg_gen_setcond_i32(TCG_COND_NE, t0, t0, t2); 3364 } 3365 tcg_gen_mov_i32(cpu_R[rd], t0); 3366 tcg_gen_br(done_label); 3367 3368 gen_set_label(fail_label); 3369 tcg_gen_movi_i32(cpu_R[rd], 1); 3370 gen_set_label(done_label); 3371 tcg_gen_movi_i64(cpu_exclusive_addr, -1); 3372 } 3373 3374 /* gen_srs: 3375 * @env: CPUARMState 3376 * @s: DisasContext 3377 * @mode: mode field from insn (which stack to store to) 3378 * @amode: addressing mode (DA/IA/DB/IB), encoded as per P,U bits in ARM insn 3379 * @writeback: true if writeback bit set 3380 * 3381 * Generate code for the SRS (Store Return State) insn. 3382 */ 3383 static void gen_srs(DisasContext *s, 3384 uint32_t mode, uint32_t amode, bool writeback) 3385 { 3386 int32_t offset; 3387 TCGv_i32 addr, tmp; 3388 bool undef = false; 3389 3390 /* SRS is: 3391 * - trapped to EL3 if EL3 is AArch64 and we are at Secure EL1 3392 * and specified mode is monitor mode 3393 * - UNDEFINED in Hyp mode 3394 * - UNPREDICTABLE in User or System mode 3395 * - UNPREDICTABLE if the specified mode is: 3396 * -- not implemented 3397 * -- not a valid mode number 3398 * -- a mode that's at a higher exception level 3399 * -- Monitor, if we are Non-secure 3400 * For the UNPREDICTABLE cases we choose to UNDEF. 3401 */ 3402 if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) { 3403 gen_exception_insn_el(s, 0, EXCP_UDEF, syn_uncategorized(), 3); 3404 return; 3405 } 3406 3407 if (s->current_el == 0 || s->current_el == 2) { 3408 undef = true; 3409 } 3410 3411 switch (mode) { 3412 case ARM_CPU_MODE_USR: 3413 case ARM_CPU_MODE_FIQ: 3414 case ARM_CPU_MODE_IRQ: 3415 case ARM_CPU_MODE_SVC: 3416 case ARM_CPU_MODE_ABT: 3417 case ARM_CPU_MODE_UND: 3418 case ARM_CPU_MODE_SYS: 3419 break; 3420 case ARM_CPU_MODE_HYP: 3421 if (s->current_el == 1 || !arm_dc_feature(s, ARM_FEATURE_EL2)) { 3422 undef = true; 3423 } 3424 break; 3425 case ARM_CPU_MODE_MON: 3426 /* No need to check specifically for "are we non-secure" because 3427 * we've already made EL0 UNDEF and handled the trap for S-EL1; 3428 * so if this isn't EL3 then we must be non-secure. 3429 */ 3430 if (s->current_el != 3) { 3431 undef = true; 3432 } 3433 break; 3434 default: 3435 undef = true; 3436 } 3437 3438 if (undef) { 3439 unallocated_encoding(s); 3440 return; 3441 } 3442 3443 addr = tcg_temp_new_i32(); 3444 /* get_r13_banked() will raise an exception if called from System mode */ 3445 gen_set_condexec(s); 3446 gen_update_pc(s, 0); 3447 gen_helper_get_r13_banked(addr, tcg_env, tcg_constant_i32(mode)); 3448 switch (amode) { 3449 case 0: /* DA */ 3450 offset = -4; 3451 break; 3452 case 1: /* IA */ 3453 offset = 0; 3454 break; 3455 case 2: /* DB */ 3456 offset = -8; 3457 break; 3458 case 3: /* IB */ 3459 offset = 4; 3460 break; 3461 default: 3462 g_assert_not_reached(); 3463 } 3464 tcg_gen_addi_i32(addr, addr, offset); 3465 tmp = load_reg(s, 14); 3466 gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN); 3467 tmp = load_cpu_field(spsr); 3468 tcg_gen_addi_i32(addr, addr, 4); 3469 gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN); 3470 if (writeback) { 3471 switch (amode) { 3472 case 0: 3473 offset = -8; 3474 break; 3475 case 1: 3476 offset = 4; 3477 break; 3478 case 2: 3479 offset = -4; 3480 break; 3481 case 3: 3482 offset = 0; 3483 break; 3484 default: 3485 g_assert_not_reached(); 3486 } 3487 tcg_gen_addi_i32(addr, addr, offset); 3488 gen_helper_set_r13_banked(tcg_env, tcg_constant_i32(mode), addr); 3489 } 3490 s->base.is_jmp = DISAS_UPDATE_EXIT; 3491 } 3492 3493 /* Skip this instruction if the ARM condition is false */ 3494 static void arm_skip_unless(DisasContext *s, uint32_t cond) 3495 { 3496 arm_gen_condlabel(s); 3497 arm_gen_test_cc(cond ^ 1, s->condlabel.label); 3498 } 3499 3500 3501 /* 3502 * Constant expanders used by T16/T32 decode 3503 */ 3504 3505 /* Return only the rotation part of T32ExpandImm. */ 3506 static int t32_expandimm_rot(DisasContext *s, int x) 3507 { 3508 return x & 0xc00 ? extract32(x, 7, 5) : 0; 3509 } 3510 3511 /* Return the unrotated immediate from T32ExpandImm. */ 3512 static int t32_expandimm_imm(DisasContext *s, int x) 3513 { 3514 uint32_t imm = extract32(x, 0, 8); 3515 3516 switch (extract32(x, 8, 4)) { 3517 case 0: /* XY */ 3518 /* Nothing to do. */ 3519 break; 3520 case 1: /* 00XY00XY */ 3521 imm *= 0x00010001; 3522 break; 3523 case 2: /* XY00XY00 */ 3524 imm *= 0x01000100; 3525 break; 3526 case 3: /* XYXYXYXY */ 3527 imm *= 0x01010101; 3528 break; 3529 default: 3530 /* Rotated constant. */ 3531 imm |= 0x80; 3532 break; 3533 } 3534 return imm; 3535 } 3536 3537 static int t32_branch24(DisasContext *s, int x) 3538 { 3539 /* Convert J1:J2 at x[22:21] to I2:I1, which involves I=J^~S. */ 3540 x ^= !(x < 0) * (3 << 21); 3541 /* Append the final zero. */ 3542 return x << 1; 3543 } 3544 3545 static int t16_setflags(DisasContext *s) 3546 { 3547 return s->condexec_mask == 0; 3548 } 3549 3550 static int t16_push_list(DisasContext *s, int x) 3551 { 3552 return (x & 0xff) | (x & 0x100) << (14 - 8); 3553 } 3554 3555 static int t16_pop_list(DisasContext *s, int x) 3556 { 3557 return (x & 0xff) | (x & 0x100) << (15 - 8); 3558 } 3559 3560 /* 3561 * Include the generated decoders. 3562 */ 3563 3564 #include "decode-a32.c.inc" 3565 #include "decode-a32-uncond.c.inc" 3566 #include "decode-t32.c.inc" 3567 #include "decode-t16.c.inc" 3568 3569 static bool valid_cp(DisasContext *s, int cp) 3570 { 3571 /* 3572 * Return true if this coprocessor field indicates something 3573 * that's really a possible coprocessor. 3574 * For v7 and earlier, coprocessors 8..15 were reserved for Arm use, 3575 * and of those only cp14 and cp15 were used for registers. 3576 * cp10 and cp11 were used for VFP and Neon, whose decode is 3577 * dealt with elsewhere. With the advent of fp16, cp9 is also 3578 * now part of VFP. 3579 * For v8A and later, the encoding has been tightened so that 3580 * only cp14 and cp15 are valid, and other values aren't considered 3581 * to be in the coprocessor-instruction space at all. v8M still 3582 * permits coprocessors 0..7. 3583 * For XScale, we must not decode the XScale cp0, cp1 space as 3584 * a standard coprocessor insn, because we want to fall through to 3585 * the legacy disas_xscale_insn() decoder after decodetree is done. 3586 */ 3587 if (arm_dc_feature(s, ARM_FEATURE_XSCALE) && (cp == 0 || cp == 1)) { 3588 return false; 3589 } 3590 3591 if (arm_dc_feature(s, ARM_FEATURE_V8) && 3592 !arm_dc_feature(s, ARM_FEATURE_M)) { 3593 return cp >= 14; 3594 } 3595 return cp < 8 || cp >= 14; 3596 } 3597 3598 static bool trans_MCR(DisasContext *s, arg_MCR *a) 3599 { 3600 if (!valid_cp(s, a->cp)) { 3601 return false; 3602 } 3603 do_coproc_insn(s, a->cp, false, a->opc1, a->crn, a->crm, a->opc2, 3604 false, a->rt, 0); 3605 return true; 3606 } 3607 3608 static bool trans_MRC(DisasContext *s, arg_MRC *a) 3609 { 3610 if (!valid_cp(s, a->cp)) { 3611 return false; 3612 } 3613 do_coproc_insn(s, a->cp, false, a->opc1, a->crn, a->crm, a->opc2, 3614 true, a->rt, 0); 3615 return true; 3616 } 3617 3618 static bool trans_MCRR(DisasContext *s, arg_MCRR *a) 3619 { 3620 if (!valid_cp(s, a->cp)) { 3621 return false; 3622 } 3623 do_coproc_insn(s, a->cp, true, a->opc1, 0, a->crm, 0, 3624 false, a->rt, a->rt2); 3625 return true; 3626 } 3627 3628 static bool trans_MRRC(DisasContext *s, arg_MRRC *a) 3629 { 3630 if (!valid_cp(s, a->cp)) { 3631 return false; 3632 } 3633 do_coproc_insn(s, a->cp, true, a->opc1, 0, a->crm, 0, 3634 true, a->rt, a->rt2); 3635 return true; 3636 } 3637 3638 /* Helpers to swap operands for reverse-subtract. */ 3639 static void gen_rsb(TCGv_i32 dst, TCGv_i32 a, TCGv_i32 b) 3640 { 3641 tcg_gen_sub_i32(dst, b, a); 3642 } 3643 3644 static void gen_rsb_CC(TCGv_i32 dst, TCGv_i32 a, TCGv_i32 b) 3645 { 3646 gen_sub_CC(dst, b, a); 3647 } 3648 3649 static void gen_rsc(TCGv_i32 dest, TCGv_i32 a, TCGv_i32 b) 3650 { 3651 gen_sub_carry(dest, b, a); 3652 } 3653 3654 static void gen_rsc_CC(TCGv_i32 dest, TCGv_i32 a, TCGv_i32 b) 3655 { 3656 gen_sbc_CC(dest, b, a); 3657 } 3658 3659 /* 3660 * Helpers for the data processing routines. 3661 * 3662 * After the computation store the results back. 3663 * This may be suppressed altogether (STREG_NONE), require a runtime 3664 * check against the stack limits (STREG_SP_CHECK), or generate an 3665 * exception return. Oh, or store into a register. 3666 * 3667 * Always return true, indicating success for a trans_* function. 3668 */ 3669 typedef enum { 3670 STREG_NONE, 3671 STREG_NORMAL, 3672 STREG_SP_CHECK, 3673 STREG_EXC_RET, 3674 } StoreRegKind; 3675 3676 static bool store_reg_kind(DisasContext *s, int rd, 3677 TCGv_i32 val, StoreRegKind kind) 3678 { 3679 switch (kind) { 3680 case STREG_NONE: 3681 return true; 3682 case STREG_NORMAL: 3683 /* See ALUWritePC: Interworking only from a32 mode. */ 3684 if (s->thumb) { 3685 store_reg(s, rd, val); 3686 } else { 3687 store_reg_bx(s, rd, val); 3688 } 3689 return true; 3690 case STREG_SP_CHECK: 3691 store_sp_checked(s, val); 3692 return true; 3693 case STREG_EXC_RET: 3694 gen_exception_return(s, val); 3695 return true; 3696 } 3697 g_assert_not_reached(); 3698 } 3699 3700 /* 3701 * Data Processing (register) 3702 * 3703 * Operate, with set flags, one register source, 3704 * one immediate shifted register source, and a destination. 3705 */ 3706 static bool op_s_rrr_shi(DisasContext *s, arg_s_rrr_shi *a, 3707 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32), 3708 int logic_cc, StoreRegKind kind) 3709 { 3710 TCGv_i32 tmp1, tmp2; 3711 3712 tmp2 = load_reg(s, a->rm); 3713 gen_arm_shift_im(tmp2, a->shty, a->shim, logic_cc); 3714 tmp1 = load_reg(s, a->rn); 3715 3716 gen(tmp1, tmp1, tmp2); 3717 3718 if (logic_cc) { 3719 gen_logic_CC(tmp1); 3720 } 3721 return store_reg_kind(s, a->rd, tmp1, kind); 3722 } 3723 3724 static bool op_s_rxr_shi(DisasContext *s, arg_s_rrr_shi *a, 3725 void (*gen)(TCGv_i32, TCGv_i32), 3726 int logic_cc, StoreRegKind kind) 3727 { 3728 TCGv_i32 tmp; 3729 3730 tmp = load_reg(s, a->rm); 3731 gen_arm_shift_im(tmp, a->shty, a->shim, logic_cc); 3732 3733 gen(tmp, tmp); 3734 if (logic_cc) { 3735 gen_logic_CC(tmp); 3736 } 3737 return store_reg_kind(s, a->rd, tmp, kind); 3738 } 3739 3740 /* 3741 * Data-processing (register-shifted register) 3742 * 3743 * Operate, with set flags, one register source, 3744 * one register shifted register source, and a destination. 3745 */ 3746 static bool op_s_rrr_shr(DisasContext *s, arg_s_rrr_shr *a, 3747 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32), 3748 int logic_cc, StoreRegKind kind) 3749 { 3750 TCGv_i32 tmp1, tmp2; 3751 3752 tmp1 = load_reg(s, a->rs); 3753 tmp2 = load_reg(s, a->rm); 3754 gen_arm_shift_reg(tmp2, a->shty, tmp1, logic_cc); 3755 tmp1 = load_reg(s, a->rn); 3756 3757 gen(tmp1, tmp1, tmp2); 3758 3759 if (logic_cc) { 3760 gen_logic_CC(tmp1); 3761 } 3762 return store_reg_kind(s, a->rd, tmp1, kind); 3763 } 3764 3765 static bool op_s_rxr_shr(DisasContext *s, arg_s_rrr_shr *a, 3766 void (*gen)(TCGv_i32, TCGv_i32), 3767 int logic_cc, StoreRegKind kind) 3768 { 3769 TCGv_i32 tmp1, tmp2; 3770 3771 tmp1 = load_reg(s, a->rs); 3772 tmp2 = load_reg(s, a->rm); 3773 gen_arm_shift_reg(tmp2, a->shty, tmp1, logic_cc); 3774 3775 gen(tmp2, tmp2); 3776 if (logic_cc) { 3777 gen_logic_CC(tmp2); 3778 } 3779 return store_reg_kind(s, a->rd, tmp2, kind); 3780 } 3781 3782 /* 3783 * Data-processing (immediate) 3784 * 3785 * Operate, with set flags, one register source, 3786 * one rotated immediate, and a destination. 3787 * 3788 * Note that logic_cc && a->rot setting CF based on the msb of the 3789 * immediate is the reason why we must pass in the unrotated form 3790 * of the immediate. 3791 */ 3792 static bool op_s_rri_rot(DisasContext *s, arg_s_rri_rot *a, 3793 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32), 3794 int logic_cc, StoreRegKind kind) 3795 { 3796 TCGv_i32 tmp1; 3797 uint32_t imm; 3798 3799 imm = ror32(a->imm, a->rot); 3800 if (logic_cc && a->rot) { 3801 tcg_gen_movi_i32(cpu_CF, imm >> 31); 3802 } 3803 tmp1 = load_reg(s, a->rn); 3804 3805 gen(tmp1, tmp1, tcg_constant_i32(imm)); 3806 3807 if (logic_cc) { 3808 gen_logic_CC(tmp1); 3809 } 3810 return store_reg_kind(s, a->rd, tmp1, kind); 3811 } 3812 3813 static bool op_s_rxi_rot(DisasContext *s, arg_s_rri_rot *a, 3814 void (*gen)(TCGv_i32, TCGv_i32), 3815 int logic_cc, StoreRegKind kind) 3816 { 3817 TCGv_i32 tmp; 3818 uint32_t imm; 3819 3820 imm = ror32(a->imm, a->rot); 3821 if (logic_cc && a->rot) { 3822 tcg_gen_movi_i32(cpu_CF, imm >> 31); 3823 } 3824 3825 tmp = tcg_temp_new_i32(); 3826 gen(tmp, tcg_constant_i32(imm)); 3827 3828 if (logic_cc) { 3829 gen_logic_CC(tmp); 3830 } 3831 return store_reg_kind(s, a->rd, tmp, kind); 3832 } 3833 3834 #define DO_ANY3(NAME, OP, L, K) \ 3835 static bool trans_##NAME##_rrri(DisasContext *s, arg_s_rrr_shi *a) \ 3836 { StoreRegKind k = (K); return op_s_rrr_shi(s, a, OP, L, k); } \ 3837 static bool trans_##NAME##_rrrr(DisasContext *s, arg_s_rrr_shr *a) \ 3838 { StoreRegKind k = (K); return op_s_rrr_shr(s, a, OP, L, k); } \ 3839 static bool trans_##NAME##_rri(DisasContext *s, arg_s_rri_rot *a) \ 3840 { StoreRegKind k = (K); return op_s_rri_rot(s, a, OP, L, k); } 3841 3842 #define DO_ANY2(NAME, OP, L, K) \ 3843 static bool trans_##NAME##_rxri(DisasContext *s, arg_s_rrr_shi *a) \ 3844 { StoreRegKind k = (K); return op_s_rxr_shi(s, a, OP, L, k); } \ 3845 static bool trans_##NAME##_rxrr(DisasContext *s, arg_s_rrr_shr *a) \ 3846 { StoreRegKind k = (K); return op_s_rxr_shr(s, a, OP, L, k); } \ 3847 static bool trans_##NAME##_rxi(DisasContext *s, arg_s_rri_rot *a) \ 3848 { StoreRegKind k = (K); return op_s_rxi_rot(s, a, OP, L, k); } 3849 3850 #define DO_CMP2(NAME, OP, L) \ 3851 static bool trans_##NAME##_xrri(DisasContext *s, arg_s_rrr_shi *a) \ 3852 { return op_s_rrr_shi(s, a, OP, L, STREG_NONE); } \ 3853 static bool trans_##NAME##_xrrr(DisasContext *s, arg_s_rrr_shr *a) \ 3854 { return op_s_rrr_shr(s, a, OP, L, STREG_NONE); } \ 3855 static bool trans_##NAME##_xri(DisasContext *s, arg_s_rri_rot *a) \ 3856 { return op_s_rri_rot(s, a, OP, L, STREG_NONE); } 3857 3858 DO_ANY3(AND, tcg_gen_and_i32, a->s, STREG_NORMAL) 3859 DO_ANY3(EOR, tcg_gen_xor_i32, a->s, STREG_NORMAL) 3860 DO_ANY3(ORR, tcg_gen_or_i32, a->s, STREG_NORMAL) 3861 DO_ANY3(BIC, tcg_gen_andc_i32, a->s, STREG_NORMAL) 3862 3863 DO_ANY3(RSB, a->s ? gen_rsb_CC : gen_rsb, false, STREG_NORMAL) 3864 DO_ANY3(ADC, a->s ? gen_adc_CC : gen_add_carry, false, STREG_NORMAL) 3865 DO_ANY3(SBC, a->s ? gen_sbc_CC : gen_sub_carry, false, STREG_NORMAL) 3866 DO_ANY3(RSC, a->s ? gen_rsc_CC : gen_rsc, false, STREG_NORMAL) 3867 3868 DO_CMP2(TST, tcg_gen_and_i32, true) 3869 DO_CMP2(TEQ, tcg_gen_xor_i32, true) 3870 DO_CMP2(CMN, gen_add_CC, false) 3871 DO_CMP2(CMP, gen_sub_CC, false) 3872 3873 DO_ANY3(ADD, a->s ? gen_add_CC : tcg_gen_add_i32, false, 3874 a->rd == 13 && a->rn == 13 ? STREG_SP_CHECK : STREG_NORMAL) 3875 3876 /* 3877 * Note for the computation of StoreRegKind we return out of the 3878 * middle of the functions that are expanded by DO_ANY3, and that 3879 * we modify a->s via that parameter before it is used by OP. 3880 */ 3881 DO_ANY3(SUB, a->s ? gen_sub_CC : tcg_gen_sub_i32, false, 3882 ({ 3883 StoreRegKind ret = STREG_NORMAL; 3884 if (a->rd == 15 && a->s) { 3885 /* 3886 * See ALUExceptionReturn: 3887 * In User mode, UNPREDICTABLE; we choose UNDEF. 3888 * In Hyp mode, UNDEFINED. 3889 */ 3890 if (IS_USER(s) || s->current_el == 2) { 3891 unallocated_encoding(s); 3892 return true; 3893 } 3894 /* There is no writeback of nzcv to PSTATE. */ 3895 a->s = 0; 3896 ret = STREG_EXC_RET; 3897 } else if (a->rd == 13 && a->rn == 13) { 3898 ret = STREG_SP_CHECK; 3899 } 3900 ret; 3901 })) 3902 3903 DO_ANY2(MOV, tcg_gen_mov_i32, a->s, 3904 ({ 3905 StoreRegKind ret = STREG_NORMAL; 3906 if (a->rd == 15 && a->s) { 3907 /* 3908 * See ALUExceptionReturn: 3909 * In User mode, UNPREDICTABLE; we choose UNDEF. 3910 * In Hyp mode, UNDEFINED. 3911 */ 3912 if (IS_USER(s) || s->current_el == 2) { 3913 unallocated_encoding(s); 3914 return true; 3915 } 3916 /* There is no writeback of nzcv to PSTATE. */ 3917 a->s = 0; 3918 ret = STREG_EXC_RET; 3919 } else if (a->rd == 13) { 3920 ret = STREG_SP_CHECK; 3921 } 3922 ret; 3923 })) 3924 3925 DO_ANY2(MVN, tcg_gen_not_i32, a->s, STREG_NORMAL) 3926 3927 /* 3928 * ORN is only available with T32, so there is no register-shifted-register 3929 * form of the insn. Using the DO_ANY3 macro would create an unused function. 3930 */ 3931 static bool trans_ORN_rrri(DisasContext *s, arg_s_rrr_shi *a) 3932 { 3933 return op_s_rrr_shi(s, a, tcg_gen_orc_i32, a->s, STREG_NORMAL); 3934 } 3935 3936 static bool trans_ORN_rri(DisasContext *s, arg_s_rri_rot *a) 3937 { 3938 return op_s_rri_rot(s, a, tcg_gen_orc_i32, a->s, STREG_NORMAL); 3939 } 3940 3941 #undef DO_ANY3 3942 #undef DO_ANY2 3943 #undef DO_CMP2 3944 3945 static bool trans_ADR(DisasContext *s, arg_ri *a) 3946 { 3947 store_reg_bx(s, a->rd, add_reg_for_lit(s, 15, a->imm)); 3948 return true; 3949 } 3950 3951 static bool trans_MOVW(DisasContext *s, arg_MOVW *a) 3952 { 3953 if (!ENABLE_ARCH_6T2) { 3954 return false; 3955 } 3956 3957 store_reg(s, a->rd, tcg_constant_i32(a->imm)); 3958 return true; 3959 } 3960 3961 static bool trans_MOVT(DisasContext *s, arg_MOVW *a) 3962 { 3963 TCGv_i32 tmp; 3964 3965 if (!ENABLE_ARCH_6T2) { 3966 return false; 3967 } 3968 3969 tmp = load_reg(s, a->rd); 3970 tcg_gen_ext16u_i32(tmp, tmp); 3971 tcg_gen_ori_i32(tmp, tmp, a->imm << 16); 3972 store_reg(s, a->rd, tmp); 3973 return true; 3974 } 3975 3976 /* 3977 * v8.1M MVE wide-shifts 3978 */ 3979 static bool do_mve_shl_ri(DisasContext *s, arg_mve_shl_ri *a, 3980 WideShiftImmFn *fn) 3981 { 3982 TCGv_i64 rda; 3983 TCGv_i32 rdalo, rdahi; 3984 3985 if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) { 3986 /* Decode falls through to ORR/MOV UNPREDICTABLE handling */ 3987 return false; 3988 } 3989 if (a->rdahi == 15) { 3990 /* These are a different encoding (SQSHL/SRSHR/UQSHL/URSHR) */ 3991 return false; 3992 } 3993 if (!dc_isar_feature(aa32_mve, s) || 3994 !arm_dc_feature(s, ARM_FEATURE_M_MAIN) || 3995 a->rdahi == 13) { 3996 /* RdaHi == 13 is UNPREDICTABLE; we choose to UNDEF */ 3997 unallocated_encoding(s); 3998 return true; 3999 } 4000 4001 if (a->shim == 0) { 4002 a->shim = 32; 4003 } 4004 4005 rda = tcg_temp_new_i64(); 4006 rdalo = load_reg(s, a->rdalo); 4007 rdahi = load_reg(s, a->rdahi); 4008 tcg_gen_concat_i32_i64(rda, rdalo, rdahi); 4009 4010 fn(rda, rda, a->shim); 4011 4012 tcg_gen_extrl_i64_i32(rdalo, rda); 4013 tcg_gen_extrh_i64_i32(rdahi, rda); 4014 store_reg(s, a->rdalo, rdalo); 4015 store_reg(s, a->rdahi, rdahi); 4016 4017 return true; 4018 } 4019 4020 static bool trans_ASRL_ri(DisasContext *s, arg_mve_shl_ri *a) 4021 { 4022 return do_mve_shl_ri(s, a, tcg_gen_sari_i64); 4023 } 4024 4025 static bool trans_LSLL_ri(DisasContext *s, arg_mve_shl_ri *a) 4026 { 4027 return do_mve_shl_ri(s, a, tcg_gen_shli_i64); 4028 } 4029 4030 static bool trans_LSRL_ri(DisasContext *s, arg_mve_shl_ri *a) 4031 { 4032 return do_mve_shl_ri(s, a, tcg_gen_shri_i64); 4033 } 4034 4035 static void gen_mve_sqshll(TCGv_i64 r, TCGv_i64 n, int64_t shift) 4036 { 4037 gen_helper_mve_sqshll(r, tcg_env, n, tcg_constant_i32(shift)); 4038 } 4039 4040 static bool trans_SQSHLL_ri(DisasContext *s, arg_mve_shl_ri *a) 4041 { 4042 return do_mve_shl_ri(s, a, gen_mve_sqshll); 4043 } 4044 4045 static void gen_mve_uqshll(TCGv_i64 r, TCGv_i64 n, int64_t shift) 4046 { 4047 gen_helper_mve_uqshll(r, tcg_env, n, tcg_constant_i32(shift)); 4048 } 4049 4050 static bool trans_UQSHLL_ri(DisasContext *s, arg_mve_shl_ri *a) 4051 { 4052 return do_mve_shl_ri(s, a, gen_mve_uqshll); 4053 } 4054 4055 static bool trans_SRSHRL_ri(DisasContext *s, arg_mve_shl_ri *a) 4056 { 4057 return do_mve_shl_ri(s, a, gen_srshr64_i64); 4058 } 4059 4060 static bool trans_URSHRL_ri(DisasContext *s, arg_mve_shl_ri *a) 4061 { 4062 return do_mve_shl_ri(s, a, gen_urshr64_i64); 4063 } 4064 4065 static bool do_mve_shl_rr(DisasContext *s, arg_mve_shl_rr *a, WideShiftFn *fn) 4066 { 4067 TCGv_i64 rda; 4068 TCGv_i32 rdalo, rdahi; 4069 4070 if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) { 4071 /* Decode falls through to ORR/MOV UNPREDICTABLE handling */ 4072 return false; 4073 } 4074 if (a->rdahi == 15) { 4075 /* These are a different encoding (SQSHL/SRSHR/UQSHL/URSHR) */ 4076 return false; 4077 } 4078 if (!dc_isar_feature(aa32_mve, s) || 4079 !arm_dc_feature(s, ARM_FEATURE_M_MAIN) || 4080 a->rdahi == 13 || a->rm == 13 || a->rm == 15 || 4081 a->rm == a->rdahi || a->rm == a->rdalo) { 4082 /* These rdahi/rdalo/rm cases are UNPREDICTABLE; we choose to UNDEF */ 4083 unallocated_encoding(s); 4084 return true; 4085 } 4086 4087 rda = tcg_temp_new_i64(); 4088 rdalo = load_reg(s, a->rdalo); 4089 rdahi = load_reg(s, a->rdahi); 4090 tcg_gen_concat_i32_i64(rda, rdalo, rdahi); 4091 4092 /* The helper takes care of the sign-extension of the low 8 bits of Rm */ 4093 fn(rda, tcg_env, rda, cpu_R[a->rm]); 4094 4095 tcg_gen_extrl_i64_i32(rdalo, rda); 4096 tcg_gen_extrh_i64_i32(rdahi, rda); 4097 store_reg(s, a->rdalo, rdalo); 4098 store_reg(s, a->rdahi, rdahi); 4099 4100 return true; 4101 } 4102 4103 static bool trans_LSLL_rr(DisasContext *s, arg_mve_shl_rr *a) 4104 { 4105 return do_mve_shl_rr(s, a, gen_helper_mve_ushll); 4106 } 4107 4108 static bool trans_ASRL_rr(DisasContext *s, arg_mve_shl_rr *a) 4109 { 4110 return do_mve_shl_rr(s, a, gen_helper_mve_sshrl); 4111 } 4112 4113 static bool trans_UQRSHLL64_rr(DisasContext *s, arg_mve_shl_rr *a) 4114 { 4115 return do_mve_shl_rr(s, a, gen_helper_mve_uqrshll); 4116 } 4117 4118 static bool trans_SQRSHRL64_rr(DisasContext *s, arg_mve_shl_rr *a) 4119 { 4120 return do_mve_shl_rr(s, a, gen_helper_mve_sqrshrl); 4121 } 4122 4123 static bool trans_UQRSHLL48_rr(DisasContext *s, arg_mve_shl_rr *a) 4124 { 4125 return do_mve_shl_rr(s, a, gen_helper_mve_uqrshll48); 4126 } 4127 4128 static bool trans_SQRSHRL48_rr(DisasContext *s, arg_mve_shl_rr *a) 4129 { 4130 return do_mve_shl_rr(s, a, gen_helper_mve_sqrshrl48); 4131 } 4132 4133 static bool do_mve_sh_ri(DisasContext *s, arg_mve_sh_ri *a, ShiftImmFn *fn) 4134 { 4135 if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) { 4136 /* Decode falls through to ORR/MOV UNPREDICTABLE handling */ 4137 return false; 4138 } 4139 if (!dc_isar_feature(aa32_mve, s) || 4140 !arm_dc_feature(s, ARM_FEATURE_M_MAIN) || 4141 a->rda == 13 || a->rda == 15) { 4142 /* These rda cases are UNPREDICTABLE; we choose to UNDEF */ 4143 unallocated_encoding(s); 4144 return true; 4145 } 4146 4147 if (a->shim == 0) { 4148 a->shim = 32; 4149 } 4150 fn(cpu_R[a->rda], cpu_R[a->rda], a->shim); 4151 4152 return true; 4153 } 4154 4155 static bool trans_URSHR_ri(DisasContext *s, arg_mve_sh_ri *a) 4156 { 4157 return do_mve_sh_ri(s, a, gen_urshr32_i32); 4158 } 4159 4160 static bool trans_SRSHR_ri(DisasContext *s, arg_mve_sh_ri *a) 4161 { 4162 return do_mve_sh_ri(s, a, gen_srshr32_i32); 4163 } 4164 4165 static void gen_mve_sqshl(TCGv_i32 r, TCGv_i32 n, int32_t shift) 4166 { 4167 gen_helper_mve_sqshl(r, tcg_env, n, tcg_constant_i32(shift)); 4168 } 4169 4170 static bool trans_SQSHL_ri(DisasContext *s, arg_mve_sh_ri *a) 4171 { 4172 return do_mve_sh_ri(s, a, gen_mve_sqshl); 4173 } 4174 4175 static void gen_mve_uqshl(TCGv_i32 r, TCGv_i32 n, int32_t shift) 4176 { 4177 gen_helper_mve_uqshl(r, tcg_env, n, tcg_constant_i32(shift)); 4178 } 4179 4180 static bool trans_UQSHL_ri(DisasContext *s, arg_mve_sh_ri *a) 4181 { 4182 return do_mve_sh_ri(s, a, gen_mve_uqshl); 4183 } 4184 4185 static bool do_mve_sh_rr(DisasContext *s, arg_mve_sh_rr *a, ShiftFn *fn) 4186 { 4187 if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) { 4188 /* Decode falls through to ORR/MOV UNPREDICTABLE handling */ 4189 return false; 4190 } 4191 if (!dc_isar_feature(aa32_mve, s) || 4192 !arm_dc_feature(s, ARM_FEATURE_M_MAIN) || 4193 a->rda == 13 || a->rda == 15 || a->rm == 13 || a->rm == 15 || 4194 a->rm == a->rda) { 4195 /* These rda/rm cases are UNPREDICTABLE; we choose to UNDEF */ 4196 unallocated_encoding(s); 4197 return true; 4198 } 4199 4200 /* The helper takes care of the sign-extension of the low 8 bits of Rm */ 4201 fn(cpu_R[a->rda], tcg_env, cpu_R[a->rda], cpu_R[a->rm]); 4202 return true; 4203 } 4204 4205 static bool trans_SQRSHR_rr(DisasContext *s, arg_mve_sh_rr *a) 4206 { 4207 return do_mve_sh_rr(s, a, gen_helper_mve_sqrshr); 4208 } 4209 4210 static bool trans_UQRSHL_rr(DisasContext *s, arg_mve_sh_rr *a) 4211 { 4212 return do_mve_sh_rr(s, a, gen_helper_mve_uqrshl); 4213 } 4214 4215 /* 4216 * Multiply and multiply accumulate 4217 */ 4218 4219 static bool op_mla(DisasContext *s, arg_s_rrrr *a, bool add) 4220 { 4221 TCGv_i32 t1, t2; 4222 4223 t1 = load_reg(s, a->rn); 4224 t2 = load_reg(s, a->rm); 4225 tcg_gen_mul_i32(t1, t1, t2); 4226 if (add) { 4227 t2 = load_reg(s, a->ra); 4228 tcg_gen_add_i32(t1, t1, t2); 4229 } 4230 if (a->s) { 4231 gen_logic_CC(t1); 4232 } 4233 store_reg(s, a->rd, t1); 4234 return true; 4235 } 4236 4237 static bool trans_MUL(DisasContext *s, arg_MUL *a) 4238 { 4239 return op_mla(s, a, false); 4240 } 4241 4242 static bool trans_MLA(DisasContext *s, arg_MLA *a) 4243 { 4244 return op_mla(s, a, true); 4245 } 4246 4247 static bool trans_MLS(DisasContext *s, arg_MLS *a) 4248 { 4249 TCGv_i32 t1, t2; 4250 4251 if (!ENABLE_ARCH_6T2) { 4252 return false; 4253 } 4254 t1 = load_reg(s, a->rn); 4255 t2 = load_reg(s, a->rm); 4256 tcg_gen_mul_i32(t1, t1, t2); 4257 t2 = load_reg(s, a->ra); 4258 tcg_gen_sub_i32(t1, t2, t1); 4259 store_reg(s, a->rd, t1); 4260 return true; 4261 } 4262 4263 static bool op_mlal(DisasContext *s, arg_s_rrrr *a, bool uns, bool add) 4264 { 4265 TCGv_i32 t0, t1, t2, t3; 4266 4267 t0 = load_reg(s, a->rm); 4268 t1 = load_reg(s, a->rn); 4269 if (uns) { 4270 tcg_gen_mulu2_i32(t0, t1, t0, t1); 4271 } else { 4272 tcg_gen_muls2_i32(t0, t1, t0, t1); 4273 } 4274 if (add) { 4275 t2 = load_reg(s, a->ra); 4276 t3 = load_reg(s, a->rd); 4277 tcg_gen_add2_i32(t0, t1, t0, t1, t2, t3); 4278 } 4279 if (a->s) { 4280 gen_logicq_cc(t0, t1); 4281 } 4282 store_reg(s, a->ra, t0); 4283 store_reg(s, a->rd, t1); 4284 return true; 4285 } 4286 4287 static bool trans_UMULL(DisasContext *s, arg_UMULL *a) 4288 { 4289 return op_mlal(s, a, true, false); 4290 } 4291 4292 static bool trans_SMULL(DisasContext *s, arg_SMULL *a) 4293 { 4294 return op_mlal(s, a, false, false); 4295 } 4296 4297 static bool trans_UMLAL(DisasContext *s, arg_UMLAL *a) 4298 { 4299 return op_mlal(s, a, true, true); 4300 } 4301 4302 static bool trans_SMLAL(DisasContext *s, arg_SMLAL *a) 4303 { 4304 return op_mlal(s, a, false, true); 4305 } 4306 4307 static bool trans_UMAAL(DisasContext *s, arg_UMAAL *a) 4308 { 4309 TCGv_i32 t0, t1, t2, zero; 4310 4311 if (s->thumb 4312 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 4313 : !ENABLE_ARCH_6) { 4314 return false; 4315 } 4316 4317 t0 = load_reg(s, a->rm); 4318 t1 = load_reg(s, a->rn); 4319 tcg_gen_mulu2_i32(t0, t1, t0, t1); 4320 zero = tcg_constant_i32(0); 4321 t2 = load_reg(s, a->ra); 4322 tcg_gen_add2_i32(t0, t1, t0, t1, t2, zero); 4323 t2 = load_reg(s, a->rd); 4324 tcg_gen_add2_i32(t0, t1, t0, t1, t2, zero); 4325 store_reg(s, a->ra, t0); 4326 store_reg(s, a->rd, t1); 4327 return true; 4328 } 4329 4330 /* 4331 * Saturating addition and subtraction 4332 */ 4333 4334 static bool op_qaddsub(DisasContext *s, arg_rrr *a, bool add, bool doub) 4335 { 4336 TCGv_i32 t0, t1; 4337 4338 if (s->thumb 4339 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 4340 : !ENABLE_ARCH_5TE) { 4341 return false; 4342 } 4343 4344 t0 = load_reg(s, a->rm); 4345 t1 = load_reg(s, a->rn); 4346 if (doub) { 4347 gen_helper_add_saturate(t1, tcg_env, t1, t1); 4348 } 4349 if (add) { 4350 gen_helper_add_saturate(t0, tcg_env, t0, t1); 4351 } else { 4352 gen_helper_sub_saturate(t0, tcg_env, t0, t1); 4353 } 4354 store_reg(s, a->rd, t0); 4355 return true; 4356 } 4357 4358 #define DO_QADDSUB(NAME, ADD, DOUB) \ 4359 static bool trans_##NAME(DisasContext *s, arg_rrr *a) \ 4360 { \ 4361 return op_qaddsub(s, a, ADD, DOUB); \ 4362 } 4363 4364 DO_QADDSUB(QADD, true, false) 4365 DO_QADDSUB(QSUB, false, false) 4366 DO_QADDSUB(QDADD, true, true) 4367 DO_QADDSUB(QDSUB, false, true) 4368 4369 #undef DO_QADDSUB 4370 4371 /* 4372 * Halfword multiply and multiply accumulate 4373 */ 4374 4375 static bool op_smlaxxx(DisasContext *s, arg_rrrr *a, 4376 int add_long, bool nt, bool mt) 4377 { 4378 TCGv_i32 t0, t1, tl, th; 4379 4380 if (s->thumb 4381 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 4382 : !ENABLE_ARCH_5TE) { 4383 return false; 4384 } 4385 4386 t0 = load_reg(s, a->rn); 4387 t1 = load_reg(s, a->rm); 4388 gen_mulxy(t0, t1, nt, mt); 4389 4390 switch (add_long) { 4391 case 0: 4392 store_reg(s, a->rd, t0); 4393 break; 4394 case 1: 4395 t1 = load_reg(s, a->ra); 4396 gen_helper_add_setq(t0, tcg_env, t0, t1); 4397 store_reg(s, a->rd, t0); 4398 break; 4399 case 2: 4400 tl = load_reg(s, a->ra); 4401 th = load_reg(s, a->rd); 4402 /* Sign-extend the 32-bit product to 64 bits. */ 4403 t1 = tcg_temp_new_i32(); 4404 tcg_gen_sari_i32(t1, t0, 31); 4405 tcg_gen_add2_i32(tl, th, tl, th, t0, t1); 4406 store_reg(s, a->ra, tl); 4407 store_reg(s, a->rd, th); 4408 break; 4409 default: 4410 g_assert_not_reached(); 4411 } 4412 return true; 4413 } 4414 4415 #define DO_SMLAX(NAME, add, nt, mt) \ 4416 static bool trans_##NAME(DisasContext *s, arg_rrrr *a) \ 4417 { \ 4418 return op_smlaxxx(s, a, add, nt, mt); \ 4419 } 4420 4421 DO_SMLAX(SMULBB, 0, 0, 0) 4422 DO_SMLAX(SMULBT, 0, 0, 1) 4423 DO_SMLAX(SMULTB, 0, 1, 0) 4424 DO_SMLAX(SMULTT, 0, 1, 1) 4425 4426 DO_SMLAX(SMLABB, 1, 0, 0) 4427 DO_SMLAX(SMLABT, 1, 0, 1) 4428 DO_SMLAX(SMLATB, 1, 1, 0) 4429 DO_SMLAX(SMLATT, 1, 1, 1) 4430 4431 DO_SMLAX(SMLALBB, 2, 0, 0) 4432 DO_SMLAX(SMLALBT, 2, 0, 1) 4433 DO_SMLAX(SMLALTB, 2, 1, 0) 4434 DO_SMLAX(SMLALTT, 2, 1, 1) 4435 4436 #undef DO_SMLAX 4437 4438 static bool op_smlawx(DisasContext *s, arg_rrrr *a, bool add, bool mt) 4439 { 4440 TCGv_i32 t0, t1; 4441 4442 if (!ENABLE_ARCH_5TE) { 4443 return false; 4444 } 4445 4446 t0 = load_reg(s, a->rn); 4447 t1 = load_reg(s, a->rm); 4448 /* 4449 * Since the nominal result is product<47:16>, shift the 16-bit 4450 * input up by 16 bits, so that the result is at product<63:32>. 4451 */ 4452 if (mt) { 4453 tcg_gen_andi_i32(t1, t1, 0xffff0000); 4454 } else { 4455 tcg_gen_shli_i32(t1, t1, 16); 4456 } 4457 tcg_gen_muls2_i32(t0, t1, t0, t1); 4458 if (add) { 4459 t0 = load_reg(s, a->ra); 4460 gen_helper_add_setq(t1, tcg_env, t1, t0); 4461 } 4462 store_reg(s, a->rd, t1); 4463 return true; 4464 } 4465 4466 #define DO_SMLAWX(NAME, add, mt) \ 4467 static bool trans_##NAME(DisasContext *s, arg_rrrr *a) \ 4468 { \ 4469 return op_smlawx(s, a, add, mt); \ 4470 } 4471 4472 DO_SMLAWX(SMULWB, 0, 0) 4473 DO_SMLAWX(SMULWT, 0, 1) 4474 DO_SMLAWX(SMLAWB, 1, 0) 4475 DO_SMLAWX(SMLAWT, 1, 1) 4476 4477 #undef DO_SMLAWX 4478 4479 /* 4480 * MSR (immediate) and hints 4481 */ 4482 4483 static bool trans_YIELD(DisasContext *s, arg_YIELD *a) 4484 { 4485 /* 4486 * When running single-threaded TCG code, use the helper to ensure that 4487 * the next round-robin scheduled vCPU gets a crack. When running in 4488 * MTTCG we don't generate jumps to the helper as it won't affect the 4489 * scheduling of other vCPUs. 4490 */ 4491 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) { 4492 gen_update_pc(s, curr_insn_len(s)); 4493 s->base.is_jmp = DISAS_YIELD; 4494 } 4495 return true; 4496 } 4497 4498 static bool trans_WFE(DisasContext *s, arg_WFE *a) 4499 { 4500 /* 4501 * When running single-threaded TCG code, use the helper to ensure that 4502 * the next round-robin scheduled vCPU gets a crack. In MTTCG mode we 4503 * just skip this instruction. Currently the SEV/SEVL instructions, 4504 * which are *one* of many ways to wake the CPU from WFE, are not 4505 * implemented so we can't sleep like WFI does. 4506 */ 4507 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) { 4508 gen_update_pc(s, curr_insn_len(s)); 4509 s->base.is_jmp = DISAS_WFE; 4510 } 4511 return true; 4512 } 4513 4514 static bool trans_WFI(DisasContext *s, arg_WFI *a) 4515 { 4516 /* For WFI, halt the vCPU until an IRQ. */ 4517 gen_update_pc(s, curr_insn_len(s)); 4518 s->base.is_jmp = DISAS_WFI; 4519 return true; 4520 } 4521 4522 static bool trans_ESB(DisasContext *s, arg_ESB *a) 4523 { 4524 /* 4525 * For M-profile, minimal-RAS ESB can be a NOP. 4526 * Without RAS, we must implement this as NOP. 4527 */ 4528 if (!arm_dc_feature(s, ARM_FEATURE_M) && dc_isar_feature(aa32_ras, s)) { 4529 /* 4530 * QEMU does not have a source of physical SErrors, 4531 * so we are only concerned with virtual SErrors. 4532 * The pseudocode in the ARM for this case is 4533 * if PSTATE.EL IN {EL0, EL1} && EL2Enabled() then 4534 * AArch32.vESBOperation(); 4535 * Most of the condition can be evaluated at translation time. 4536 * Test for EL2 present, and defer test for SEL2 to runtime. 4537 */ 4538 if (s->current_el <= 1 && arm_dc_feature(s, ARM_FEATURE_EL2)) { 4539 gen_helper_vesb(tcg_env); 4540 } 4541 } 4542 return true; 4543 } 4544 4545 static bool trans_NOP(DisasContext *s, arg_NOP *a) 4546 { 4547 return true; 4548 } 4549 4550 static bool trans_MSR_imm(DisasContext *s, arg_MSR_imm *a) 4551 { 4552 uint32_t val = ror32(a->imm, a->rot * 2); 4553 uint32_t mask = msr_mask(s, a->mask, a->r); 4554 4555 if (gen_set_psr_im(s, mask, a->r, val)) { 4556 unallocated_encoding(s); 4557 } 4558 return true; 4559 } 4560 4561 /* 4562 * Cyclic Redundancy Check 4563 */ 4564 4565 static bool op_crc32(DisasContext *s, arg_rrr *a, bool c, MemOp sz) 4566 { 4567 TCGv_i32 t1, t2, t3; 4568 4569 if (!dc_isar_feature(aa32_crc32, s)) { 4570 return false; 4571 } 4572 4573 t1 = load_reg(s, a->rn); 4574 t2 = load_reg(s, a->rm); 4575 switch (sz) { 4576 case MO_8: 4577 gen_uxtb(t2); 4578 break; 4579 case MO_16: 4580 gen_uxth(t2); 4581 break; 4582 case MO_32: 4583 break; 4584 default: 4585 g_assert_not_reached(); 4586 } 4587 t3 = tcg_constant_i32(1 << sz); 4588 if (c) { 4589 gen_helper_crc32c(t1, t1, t2, t3); 4590 } else { 4591 gen_helper_crc32(t1, t1, t2, t3); 4592 } 4593 store_reg(s, a->rd, t1); 4594 return true; 4595 } 4596 4597 #define DO_CRC32(NAME, c, sz) \ 4598 static bool trans_##NAME(DisasContext *s, arg_rrr *a) \ 4599 { return op_crc32(s, a, c, sz); } 4600 4601 DO_CRC32(CRC32B, false, MO_8) 4602 DO_CRC32(CRC32H, false, MO_16) 4603 DO_CRC32(CRC32W, false, MO_32) 4604 DO_CRC32(CRC32CB, true, MO_8) 4605 DO_CRC32(CRC32CH, true, MO_16) 4606 DO_CRC32(CRC32CW, true, MO_32) 4607 4608 #undef DO_CRC32 4609 4610 /* 4611 * Miscellaneous instructions 4612 */ 4613 4614 static bool trans_MRS_bank(DisasContext *s, arg_MRS_bank *a) 4615 { 4616 if (arm_dc_feature(s, ARM_FEATURE_M)) { 4617 return false; 4618 } 4619 gen_mrs_banked(s, a->r, a->sysm, a->rd); 4620 return true; 4621 } 4622 4623 static bool trans_MSR_bank(DisasContext *s, arg_MSR_bank *a) 4624 { 4625 if (arm_dc_feature(s, ARM_FEATURE_M)) { 4626 return false; 4627 } 4628 gen_msr_banked(s, a->r, a->sysm, a->rn); 4629 return true; 4630 } 4631 4632 static bool trans_MRS_reg(DisasContext *s, arg_MRS_reg *a) 4633 { 4634 TCGv_i32 tmp; 4635 4636 if (arm_dc_feature(s, ARM_FEATURE_M)) { 4637 return false; 4638 } 4639 if (a->r) { 4640 if (IS_USER(s)) { 4641 unallocated_encoding(s); 4642 return true; 4643 } 4644 tmp = load_cpu_field(spsr); 4645 } else { 4646 tmp = tcg_temp_new_i32(); 4647 gen_helper_cpsr_read(tmp, tcg_env); 4648 } 4649 store_reg(s, a->rd, tmp); 4650 return true; 4651 } 4652 4653 static bool trans_MSR_reg(DisasContext *s, arg_MSR_reg *a) 4654 { 4655 TCGv_i32 tmp; 4656 uint32_t mask = msr_mask(s, a->mask, a->r); 4657 4658 if (arm_dc_feature(s, ARM_FEATURE_M)) { 4659 return false; 4660 } 4661 tmp = load_reg(s, a->rn); 4662 if (gen_set_psr(s, mask, a->r, tmp)) { 4663 unallocated_encoding(s); 4664 } 4665 return true; 4666 } 4667 4668 static bool trans_MRS_v7m(DisasContext *s, arg_MRS_v7m *a) 4669 { 4670 TCGv_i32 tmp; 4671 4672 if (!arm_dc_feature(s, ARM_FEATURE_M)) { 4673 return false; 4674 } 4675 tmp = tcg_temp_new_i32(); 4676 gen_helper_v7m_mrs(tmp, tcg_env, tcg_constant_i32(a->sysm)); 4677 store_reg(s, a->rd, tmp); 4678 return true; 4679 } 4680 4681 static bool trans_MSR_v7m(DisasContext *s, arg_MSR_v7m *a) 4682 { 4683 TCGv_i32 addr, reg; 4684 4685 if (!arm_dc_feature(s, ARM_FEATURE_M)) { 4686 return false; 4687 } 4688 addr = tcg_constant_i32((a->mask << 10) | a->sysm); 4689 reg = load_reg(s, a->rn); 4690 gen_helper_v7m_msr(tcg_env, addr, reg); 4691 /* If we wrote to CONTROL, the EL might have changed */ 4692 gen_rebuild_hflags(s, true); 4693 gen_lookup_tb(s); 4694 return true; 4695 } 4696 4697 static bool trans_BX(DisasContext *s, arg_BX *a) 4698 { 4699 if (!ENABLE_ARCH_4T) { 4700 return false; 4701 } 4702 gen_bx_excret(s, load_reg(s, a->rm)); 4703 return true; 4704 } 4705 4706 static bool trans_BXJ(DisasContext *s, arg_BXJ *a) 4707 { 4708 if (!ENABLE_ARCH_5J || arm_dc_feature(s, ARM_FEATURE_M)) { 4709 return false; 4710 } 4711 /* 4712 * v7A allows BXJ to be trapped via HSTR.TJDBX. We don't waste a 4713 * TBFLAGS bit on a basically-never-happens case, so call a helper 4714 * function to check for the trap and raise the exception if needed 4715 * (passing it the register number for the syndrome value). 4716 * v8A doesn't have this HSTR bit. 4717 */ 4718 if (!arm_dc_feature(s, ARM_FEATURE_V8) && 4719 arm_dc_feature(s, ARM_FEATURE_EL2) && 4720 s->current_el < 2 && s->ns) { 4721 gen_helper_check_bxj_trap(tcg_env, tcg_constant_i32(a->rm)); 4722 } 4723 /* Trivial implementation equivalent to bx. */ 4724 gen_bx(s, load_reg(s, a->rm)); 4725 return true; 4726 } 4727 4728 static bool trans_BLX_r(DisasContext *s, arg_BLX_r *a) 4729 { 4730 TCGv_i32 tmp; 4731 4732 if (!ENABLE_ARCH_5) { 4733 return false; 4734 } 4735 tmp = load_reg(s, a->rm); 4736 gen_pc_plus_diff(s, cpu_R[14], curr_insn_len(s) | s->thumb); 4737 gen_bx(s, tmp); 4738 return true; 4739 } 4740 4741 /* 4742 * BXNS/BLXNS: only exist for v8M with the security extensions, 4743 * and always UNDEF if NonSecure. We don't implement these in 4744 * the user-only mode either (in theory you can use them from 4745 * Secure User mode but they are too tied in to system emulation). 4746 */ 4747 static bool trans_BXNS(DisasContext *s, arg_BXNS *a) 4748 { 4749 if (!s->v8m_secure || IS_USER_ONLY) { 4750 unallocated_encoding(s); 4751 } else { 4752 gen_bxns(s, a->rm); 4753 } 4754 return true; 4755 } 4756 4757 static bool trans_BLXNS(DisasContext *s, arg_BLXNS *a) 4758 { 4759 if (!s->v8m_secure || IS_USER_ONLY) { 4760 unallocated_encoding(s); 4761 } else { 4762 gen_blxns(s, a->rm); 4763 } 4764 return true; 4765 } 4766 4767 static bool trans_CLZ(DisasContext *s, arg_CLZ *a) 4768 { 4769 TCGv_i32 tmp; 4770 4771 if (!ENABLE_ARCH_5) { 4772 return false; 4773 } 4774 tmp = load_reg(s, a->rm); 4775 tcg_gen_clzi_i32(tmp, tmp, 32); 4776 store_reg(s, a->rd, tmp); 4777 return true; 4778 } 4779 4780 static bool trans_ERET(DisasContext *s, arg_ERET *a) 4781 { 4782 TCGv_i32 tmp; 4783 4784 if (!arm_dc_feature(s, ARM_FEATURE_V7VE)) { 4785 return false; 4786 } 4787 if (IS_USER(s)) { 4788 unallocated_encoding(s); 4789 return true; 4790 } 4791 if (s->current_el == 2) { 4792 /* ERET from Hyp uses ELR_Hyp, not LR */ 4793 tmp = load_cpu_field_low32(elr_el[2]); 4794 } else { 4795 tmp = load_reg(s, 14); 4796 } 4797 gen_exception_return(s, tmp); 4798 return true; 4799 } 4800 4801 static bool trans_HLT(DisasContext *s, arg_HLT *a) 4802 { 4803 gen_hlt(s, a->imm); 4804 return true; 4805 } 4806 4807 static bool trans_BKPT(DisasContext *s, arg_BKPT *a) 4808 { 4809 if (!ENABLE_ARCH_5) { 4810 return false; 4811 } 4812 /* BKPT is OK with ECI set and leaves it untouched */ 4813 s->eci_handled = true; 4814 if (arm_dc_feature(s, ARM_FEATURE_M) && 4815 semihosting_enabled(s->current_el == 0) && 4816 (a->imm == 0xab)) { 4817 gen_exception_internal_insn(s, EXCP_SEMIHOST); 4818 } else { 4819 gen_exception_bkpt_insn(s, syn_aa32_bkpt(a->imm, false)); 4820 } 4821 return true; 4822 } 4823 4824 static bool trans_HVC(DisasContext *s, arg_HVC *a) 4825 { 4826 if (!ENABLE_ARCH_7 || arm_dc_feature(s, ARM_FEATURE_M)) { 4827 return false; 4828 } 4829 if (IS_USER(s)) { 4830 unallocated_encoding(s); 4831 } else { 4832 gen_hvc(s, a->imm); 4833 } 4834 return true; 4835 } 4836 4837 static bool trans_SMC(DisasContext *s, arg_SMC *a) 4838 { 4839 if (!ENABLE_ARCH_6K || arm_dc_feature(s, ARM_FEATURE_M)) { 4840 return false; 4841 } 4842 if (IS_USER(s)) { 4843 unallocated_encoding(s); 4844 } else { 4845 gen_smc(s); 4846 } 4847 return true; 4848 } 4849 4850 static bool trans_SG(DisasContext *s, arg_SG *a) 4851 { 4852 if (!arm_dc_feature(s, ARM_FEATURE_M) || 4853 !arm_dc_feature(s, ARM_FEATURE_V8)) { 4854 return false; 4855 } 4856 /* 4857 * SG (v8M only) 4858 * The bulk of the behaviour for this instruction is implemented 4859 * in v7m_handle_execute_nsc(), which deals with the insn when 4860 * it is executed by a CPU in non-secure state from memory 4861 * which is Secure & NonSecure-Callable. 4862 * Here we only need to handle the remaining cases: 4863 * * in NS memory (including the "security extension not 4864 * implemented" case) : NOP 4865 * * in S memory but CPU already secure (clear IT bits) 4866 * We know that the attribute for the memory this insn is 4867 * in must match the current CPU state, because otherwise 4868 * get_phys_addr_pmsav8 would have generated an exception. 4869 */ 4870 if (s->v8m_secure) { 4871 /* Like the IT insn, we don't need to generate any code */ 4872 s->condexec_cond = 0; 4873 s->condexec_mask = 0; 4874 } 4875 return true; 4876 } 4877 4878 static bool trans_TT(DisasContext *s, arg_TT *a) 4879 { 4880 TCGv_i32 addr, tmp; 4881 4882 if (!arm_dc_feature(s, ARM_FEATURE_M) || 4883 !arm_dc_feature(s, ARM_FEATURE_V8)) { 4884 return false; 4885 } 4886 if (a->rd == 13 || a->rd == 15 || a->rn == 15) { 4887 /* We UNDEF for these UNPREDICTABLE cases */ 4888 unallocated_encoding(s); 4889 return true; 4890 } 4891 if (a->A && !s->v8m_secure) { 4892 /* This case is UNDEFINED. */ 4893 unallocated_encoding(s); 4894 return true; 4895 } 4896 4897 addr = load_reg(s, a->rn); 4898 tmp = tcg_temp_new_i32(); 4899 gen_helper_v7m_tt(tmp, tcg_env, addr, tcg_constant_i32((a->A << 1) | a->T)); 4900 store_reg(s, a->rd, tmp); 4901 return true; 4902 } 4903 4904 /* 4905 * Load/store register index 4906 */ 4907 4908 static ISSInfo make_issinfo(DisasContext *s, int rd, bool p, bool w) 4909 { 4910 ISSInfo ret; 4911 4912 /* ISS not valid if writeback */ 4913 if (p && !w) { 4914 ret = rd; 4915 if (curr_insn_len(s) == 2) { 4916 ret |= ISSIs16Bit; 4917 } 4918 } else { 4919 ret = ISSInvalid; 4920 } 4921 return ret; 4922 } 4923 4924 static TCGv_i32 op_addr_rr_pre(DisasContext *s, arg_ldst_rr *a) 4925 { 4926 TCGv_i32 addr = load_reg(s, a->rn); 4927 4928 if (s->v8m_stackcheck && a->rn == 13 && a->w) { 4929 gen_helper_v8m_stackcheck(tcg_env, addr); 4930 } 4931 4932 if (a->p) { 4933 TCGv_i32 ofs = load_reg(s, a->rm); 4934 gen_arm_shift_im(ofs, a->shtype, a->shimm, 0); 4935 if (a->u) { 4936 tcg_gen_add_i32(addr, addr, ofs); 4937 } else { 4938 tcg_gen_sub_i32(addr, addr, ofs); 4939 } 4940 } 4941 return addr; 4942 } 4943 4944 static void op_addr_rr_post(DisasContext *s, arg_ldst_rr *a, 4945 TCGv_i32 addr) 4946 { 4947 if (!a->p) { 4948 TCGv_i32 ofs = load_reg(s, a->rm); 4949 gen_arm_shift_im(ofs, a->shtype, a->shimm, 0); 4950 if (a->u) { 4951 tcg_gen_add_i32(addr, addr, ofs); 4952 } else { 4953 tcg_gen_sub_i32(addr, addr, ofs); 4954 } 4955 } else if (!a->w) { 4956 return; 4957 } 4958 store_reg(s, a->rn, addr); 4959 } 4960 4961 static bool op_load_rr(DisasContext *s, arg_ldst_rr *a, 4962 MemOp mop, int mem_idx) 4963 { 4964 ISSInfo issinfo = make_issinfo(s, a->rt, a->p, a->w); 4965 TCGv_i32 addr, tmp; 4966 4967 addr = op_addr_rr_pre(s, a); 4968 4969 tmp = tcg_temp_new_i32(); 4970 gen_aa32_ld_i32(s, tmp, addr, mem_idx, mop); 4971 disas_set_da_iss(s, mop, issinfo); 4972 4973 /* 4974 * Perform base writeback before the loaded value to 4975 * ensure correct behavior with overlapping index registers. 4976 */ 4977 op_addr_rr_post(s, a, addr); 4978 store_reg_from_load(s, a->rt, tmp); 4979 return true; 4980 } 4981 4982 static bool op_store_rr(DisasContext *s, arg_ldst_rr *a, 4983 MemOp mop, int mem_idx) 4984 { 4985 ISSInfo issinfo = make_issinfo(s, a->rt, a->p, a->w) | ISSIsWrite; 4986 TCGv_i32 addr, tmp; 4987 4988 /* 4989 * In Thumb encodings of stores Rn=1111 is UNDEF; for Arm it 4990 * is either UNPREDICTABLE or has defined behaviour 4991 */ 4992 if (s->thumb && a->rn == 15) { 4993 return false; 4994 } 4995 4996 addr = op_addr_rr_pre(s, a); 4997 4998 tmp = load_reg(s, a->rt); 4999 gen_aa32_st_i32(s, tmp, addr, mem_idx, mop); 5000 disas_set_da_iss(s, mop, issinfo); 5001 5002 op_addr_rr_post(s, a, addr); 5003 return true; 5004 } 5005 5006 static void do_ldrd_load(DisasContext *s, TCGv_i32 addr, int rt, int rt2) 5007 { 5008 /* 5009 * LDRD is required to be an atomic 64-bit access if the 5010 * address is 8-aligned, two atomic 32-bit accesses if 5011 * it's only 4-aligned, and to give an alignment fault 5012 * if it's not 4-aligned. This is MO_ALIGN_4 | MO_ATOM_SUBALIGN. 5013 * Rt is always the word from the lower address, and Rt2 the 5014 * data from the higher address, regardless of endianness. 5015 * So (like gen_load_exclusive) we avoid gen_aa32_ld_i64() 5016 * so we don't get its SCTLR_B check, and instead do a 64-bit access 5017 * using MO_BE if appropriate and then split the two halves. 5018 * 5019 * For M-profile, and for A-profile before LPAE, the 64-bit 5020 * atomicity is not required. We could model that using 5021 * the looser MO_ATOM_IFALIGN_PAIR, but providing a higher 5022 * level of atomicity than required is harmless (we would not 5023 * currently generate better code for IFALIGN_PAIR here). 5024 * 5025 * This also gives us the correct behaviour of not updating 5026 * rt if the load of rt2 faults; this is required for cases 5027 * like "ldrd r2, r3, [r2]" where rt is also the base register. 5028 */ 5029 int mem_idx = get_mem_index(s); 5030 MemOp opc = MO_64 | MO_ALIGN_4 | MO_ATOM_SUBALIGN | s->be_data; 5031 TCGv taddr = gen_aa32_addr(s, addr, opc); 5032 TCGv_i64 t64 = tcg_temp_new_i64(); 5033 TCGv_i32 tmp = tcg_temp_new_i32(); 5034 TCGv_i32 tmp2 = tcg_temp_new_i32(); 5035 5036 tcg_gen_qemu_ld_i64(t64, taddr, mem_idx, opc); 5037 if (s->be_data == MO_BE) { 5038 tcg_gen_extr_i64_i32(tmp2, tmp, t64); 5039 } else { 5040 tcg_gen_extr_i64_i32(tmp, tmp2, t64); 5041 } 5042 store_reg(s, rt, tmp); 5043 store_reg(s, rt2, tmp2); 5044 } 5045 5046 static bool trans_LDRD_rr(DisasContext *s, arg_ldst_rr *a) 5047 { 5048 TCGv_i32 addr; 5049 5050 if (!ENABLE_ARCH_5TE) { 5051 return false; 5052 } 5053 if (a->rt & 1) { 5054 unallocated_encoding(s); 5055 return true; 5056 } 5057 addr = op_addr_rr_pre(s, a); 5058 5059 do_ldrd_load(s, addr, a->rt, a->rt + 1); 5060 5061 /* LDRD w/ base writeback is undefined if the registers overlap. */ 5062 op_addr_rr_post(s, a, addr); 5063 return true; 5064 } 5065 5066 static void do_strd_store(DisasContext *s, TCGv_i32 addr, int rt, int rt2) 5067 { 5068 /* 5069 * STRD is required to be an atomic 64-bit access if the 5070 * address is 8-aligned, two atomic 32-bit accesses if 5071 * it's only 4-aligned, and to give an alignment fault 5072 * if it's not 4-aligned. 5073 * Rt is always the word from the lower address, and Rt2 the 5074 * data from the higher address, regardless of endianness. 5075 * So (like gen_store_exclusive) we avoid gen_aa32_ld_i64() 5076 * so we don't get its SCTLR_B check, and instead do a 64-bit access 5077 * using MO_BE if appropriate, using a value constructed 5078 * by putting the two halves together in the right order. 5079 * 5080 * As with LDRD, the 64-bit atomicity is not required for 5081 * M-profile, or for A-profile before LPAE, and we provide 5082 * the higher guarantee always for simplicity. 5083 */ 5084 int mem_idx = get_mem_index(s); 5085 MemOp opc = MO_64 | MO_ALIGN_4 | MO_ATOM_SUBALIGN | s->be_data; 5086 TCGv taddr = gen_aa32_addr(s, addr, opc); 5087 TCGv_i32 t1 = load_reg(s, rt); 5088 TCGv_i32 t2 = load_reg(s, rt2); 5089 TCGv_i64 t64 = tcg_temp_new_i64(); 5090 5091 if (s->be_data == MO_BE) { 5092 tcg_gen_concat_i32_i64(t64, t2, t1); 5093 } else { 5094 tcg_gen_concat_i32_i64(t64, t1, t2); 5095 } 5096 tcg_gen_qemu_st_i64(t64, taddr, mem_idx, opc); 5097 } 5098 5099 static bool trans_STRD_rr(DisasContext *s, arg_ldst_rr *a) 5100 { 5101 TCGv_i32 addr; 5102 5103 if (!ENABLE_ARCH_5TE) { 5104 return false; 5105 } 5106 if (a->rt & 1) { 5107 unallocated_encoding(s); 5108 return true; 5109 } 5110 addr = op_addr_rr_pre(s, a); 5111 5112 do_strd_store(s, addr, a->rt, a->rt + 1); 5113 5114 op_addr_rr_post(s, a, addr); 5115 return true; 5116 } 5117 5118 /* 5119 * Load/store immediate index 5120 */ 5121 5122 static TCGv_i32 op_addr_ri_pre(DisasContext *s, arg_ldst_ri *a) 5123 { 5124 int ofs = a->imm; 5125 5126 if (!a->u) { 5127 ofs = -ofs; 5128 } 5129 5130 if (s->v8m_stackcheck && a->rn == 13 && a->w) { 5131 /* 5132 * Stackcheck. Here we know 'addr' is the current SP; 5133 * U is set if we're moving SP up, else down. It is 5134 * UNKNOWN whether the limit check triggers when SP starts 5135 * below the limit and ends up above it; we chose to do so. 5136 */ 5137 if (!a->u) { 5138 TCGv_i32 newsp = tcg_temp_new_i32(); 5139 tcg_gen_addi_i32(newsp, cpu_R[13], ofs); 5140 gen_helper_v8m_stackcheck(tcg_env, newsp); 5141 } else { 5142 gen_helper_v8m_stackcheck(tcg_env, cpu_R[13]); 5143 } 5144 } 5145 5146 return add_reg_for_lit(s, a->rn, a->p ? ofs : 0); 5147 } 5148 5149 static void op_addr_ri_post(DisasContext *s, arg_ldst_ri *a, 5150 TCGv_i32 addr) 5151 { 5152 int address_offset = 0; 5153 if (!a->p) { 5154 if (a->u) { 5155 address_offset = a->imm; 5156 } else { 5157 address_offset = -a->imm; 5158 } 5159 } else if (!a->w) { 5160 return; 5161 } 5162 tcg_gen_addi_i32(addr, addr, address_offset); 5163 store_reg(s, a->rn, addr); 5164 } 5165 5166 static bool op_load_ri(DisasContext *s, arg_ldst_ri *a, 5167 MemOp mop, int mem_idx) 5168 { 5169 ISSInfo issinfo = make_issinfo(s, a->rt, a->p, a->w); 5170 TCGv_i32 addr, tmp; 5171 5172 addr = op_addr_ri_pre(s, a); 5173 5174 tmp = tcg_temp_new_i32(); 5175 gen_aa32_ld_i32(s, tmp, addr, mem_idx, mop); 5176 disas_set_da_iss(s, mop, issinfo); 5177 5178 /* 5179 * Perform base writeback before the loaded value to 5180 * ensure correct behavior with overlapping index registers. 5181 */ 5182 op_addr_ri_post(s, a, addr); 5183 store_reg_from_load(s, a->rt, tmp); 5184 return true; 5185 } 5186 5187 static bool op_store_ri(DisasContext *s, arg_ldst_ri *a, 5188 MemOp mop, int mem_idx) 5189 { 5190 ISSInfo issinfo = make_issinfo(s, a->rt, a->p, a->w) | ISSIsWrite; 5191 TCGv_i32 addr, tmp; 5192 5193 /* 5194 * In Thumb encodings of stores Rn=1111 is UNDEF; for Arm it 5195 * is either UNPREDICTABLE or has defined behaviour 5196 */ 5197 if (s->thumb && a->rn == 15) { 5198 return false; 5199 } 5200 5201 addr = op_addr_ri_pre(s, a); 5202 5203 tmp = load_reg(s, a->rt); 5204 gen_aa32_st_i32(s, tmp, addr, mem_idx, mop); 5205 disas_set_da_iss(s, mop, issinfo); 5206 5207 op_addr_ri_post(s, a, addr); 5208 return true; 5209 } 5210 5211 static bool op_ldrd_ri(DisasContext *s, arg_ldst_ri *a, int rt2) 5212 { 5213 TCGv_i32 addr; 5214 5215 addr = op_addr_ri_pre(s, a); 5216 5217 do_ldrd_load(s, addr, a->rt, rt2); 5218 5219 /* LDRD w/ base writeback is undefined if the registers overlap. */ 5220 op_addr_ri_post(s, a, addr); 5221 return true; 5222 } 5223 5224 static bool trans_LDRD_ri_a32(DisasContext *s, arg_ldst_ri *a) 5225 { 5226 if (!ENABLE_ARCH_5TE || (a->rt & 1)) { 5227 return false; 5228 } 5229 return op_ldrd_ri(s, a, a->rt + 1); 5230 } 5231 5232 static bool trans_LDRD_ri_t32(DisasContext *s, arg_ldst_ri2 *a) 5233 { 5234 arg_ldst_ri b = { 5235 .u = a->u, .w = a->w, .p = a->p, 5236 .rn = a->rn, .rt = a->rt, .imm = a->imm 5237 }; 5238 return op_ldrd_ri(s, &b, a->rt2); 5239 } 5240 5241 static bool op_strd_ri(DisasContext *s, arg_ldst_ri *a, int rt2) 5242 { 5243 TCGv_i32 addr; 5244 5245 addr = op_addr_ri_pre(s, a); 5246 5247 do_strd_store(s, addr, a->rt, rt2); 5248 5249 op_addr_ri_post(s, a, addr); 5250 return true; 5251 } 5252 5253 static bool trans_STRD_ri_a32(DisasContext *s, arg_ldst_ri *a) 5254 { 5255 if (!ENABLE_ARCH_5TE || (a->rt & 1)) { 5256 return false; 5257 } 5258 return op_strd_ri(s, a, a->rt + 1); 5259 } 5260 5261 static bool trans_STRD_ri_t32(DisasContext *s, arg_ldst_ri2 *a) 5262 { 5263 arg_ldst_ri b = { 5264 .u = a->u, .w = a->w, .p = a->p, 5265 .rn = a->rn, .rt = a->rt, .imm = a->imm 5266 }; 5267 return op_strd_ri(s, &b, a->rt2); 5268 } 5269 5270 #define DO_LDST(NAME, WHICH, MEMOP) \ 5271 static bool trans_##NAME##_ri(DisasContext *s, arg_ldst_ri *a) \ 5272 { \ 5273 return op_##WHICH##_ri(s, a, MEMOP, get_mem_index(s)); \ 5274 } \ 5275 static bool trans_##NAME##T_ri(DisasContext *s, arg_ldst_ri *a) \ 5276 { \ 5277 return op_##WHICH##_ri(s, a, MEMOP, get_a32_user_mem_index(s)); \ 5278 } \ 5279 static bool trans_##NAME##_rr(DisasContext *s, arg_ldst_rr *a) \ 5280 { \ 5281 return op_##WHICH##_rr(s, a, MEMOP, get_mem_index(s)); \ 5282 } \ 5283 static bool trans_##NAME##T_rr(DisasContext *s, arg_ldst_rr *a) \ 5284 { \ 5285 return op_##WHICH##_rr(s, a, MEMOP, get_a32_user_mem_index(s)); \ 5286 } 5287 5288 DO_LDST(LDR, load, MO_UL) 5289 DO_LDST(LDRB, load, MO_UB) 5290 DO_LDST(LDRH, load, MO_UW) 5291 DO_LDST(LDRSB, load, MO_SB) 5292 DO_LDST(LDRSH, load, MO_SW) 5293 5294 DO_LDST(STR, store, MO_UL) 5295 DO_LDST(STRB, store, MO_UB) 5296 DO_LDST(STRH, store, MO_UW) 5297 5298 #undef DO_LDST 5299 5300 /* 5301 * Synchronization primitives 5302 */ 5303 5304 static bool op_swp(DisasContext *s, arg_SWP *a, MemOp opc) 5305 { 5306 TCGv_i32 addr, tmp; 5307 TCGv taddr; 5308 5309 opc |= s->be_data; 5310 addr = load_reg(s, a->rn); 5311 taddr = gen_aa32_addr(s, addr, opc); 5312 5313 tmp = load_reg(s, a->rt2); 5314 tcg_gen_atomic_xchg_i32(tmp, taddr, tmp, get_mem_index(s), opc); 5315 5316 store_reg(s, a->rt, tmp); 5317 return true; 5318 } 5319 5320 static bool trans_SWP(DisasContext *s, arg_SWP *a) 5321 { 5322 return op_swp(s, a, MO_UL | MO_ALIGN); 5323 } 5324 5325 static bool trans_SWPB(DisasContext *s, arg_SWP *a) 5326 { 5327 return op_swp(s, a, MO_UB); 5328 } 5329 5330 /* 5331 * Load/Store Exclusive and Load-Acquire/Store-Release 5332 */ 5333 5334 static bool op_strex(DisasContext *s, arg_STREX *a, MemOp mop, bool rel) 5335 { 5336 TCGv_i32 addr; 5337 /* Some cases stopped being UNPREDICTABLE in v8A (but not v8M) */ 5338 bool v8a = ENABLE_ARCH_8 && !arm_dc_feature(s, ARM_FEATURE_M); 5339 5340 /* We UNDEF for these UNPREDICTABLE cases. */ 5341 if (a->rd == 15 || a->rn == 15 || a->rt == 15 5342 || a->rd == a->rn || a->rd == a->rt 5343 || (!v8a && s->thumb && (a->rd == 13 || a->rt == 13)) 5344 || (mop == MO_64 5345 && (a->rt2 == 15 5346 || a->rd == a->rt2 5347 || (!v8a && s->thumb && a->rt2 == 13)))) { 5348 unallocated_encoding(s); 5349 return true; 5350 } 5351 5352 if (rel) { 5353 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL); 5354 } 5355 5356 addr = tcg_temp_new_i32(); 5357 load_reg_var(s, addr, a->rn); 5358 tcg_gen_addi_i32(addr, addr, a->imm); 5359 5360 gen_store_exclusive(s, a->rd, a->rt, a->rt2, addr, mop); 5361 return true; 5362 } 5363 5364 static bool trans_STREX(DisasContext *s, arg_STREX *a) 5365 { 5366 if (!ENABLE_ARCH_6) { 5367 return false; 5368 } 5369 return op_strex(s, a, MO_32, false); 5370 } 5371 5372 static bool trans_STREXD_a32(DisasContext *s, arg_STREX *a) 5373 { 5374 if (!ENABLE_ARCH_6K) { 5375 return false; 5376 } 5377 /* We UNDEF for these UNPREDICTABLE cases. */ 5378 if (a->rt & 1) { 5379 unallocated_encoding(s); 5380 return true; 5381 } 5382 a->rt2 = a->rt + 1; 5383 return op_strex(s, a, MO_64, false); 5384 } 5385 5386 static bool trans_STREXD_t32(DisasContext *s, arg_STREX *a) 5387 { 5388 return op_strex(s, a, MO_64, false); 5389 } 5390 5391 static bool trans_STREXB(DisasContext *s, arg_STREX *a) 5392 { 5393 if (s->thumb ? !ENABLE_ARCH_7 : !ENABLE_ARCH_6K) { 5394 return false; 5395 } 5396 return op_strex(s, a, MO_8, false); 5397 } 5398 5399 static bool trans_STREXH(DisasContext *s, arg_STREX *a) 5400 { 5401 if (s->thumb ? !ENABLE_ARCH_7 : !ENABLE_ARCH_6K) { 5402 return false; 5403 } 5404 return op_strex(s, a, MO_16, false); 5405 } 5406 5407 static bool trans_STLEX(DisasContext *s, arg_STREX *a) 5408 { 5409 if (!ENABLE_ARCH_8) { 5410 return false; 5411 } 5412 return op_strex(s, a, MO_32, true); 5413 } 5414 5415 static bool trans_STLEXD_a32(DisasContext *s, arg_STREX *a) 5416 { 5417 if (!ENABLE_ARCH_8) { 5418 return false; 5419 } 5420 /* We UNDEF for these UNPREDICTABLE cases. */ 5421 if (a->rt & 1) { 5422 unallocated_encoding(s); 5423 return true; 5424 } 5425 a->rt2 = a->rt + 1; 5426 return op_strex(s, a, MO_64, true); 5427 } 5428 5429 static bool trans_STLEXD_t32(DisasContext *s, arg_STREX *a) 5430 { 5431 if (!ENABLE_ARCH_8) { 5432 return false; 5433 } 5434 return op_strex(s, a, MO_64, true); 5435 } 5436 5437 static bool trans_STLEXB(DisasContext *s, arg_STREX *a) 5438 { 5439 if (!ENABLE_ARCH_8) { 5440 return false; 5441 } 5442 return op_strex(s, a, MO_8, true); 5443 } 5444 5445 static bool trans_STLEXH(DisasContext *s, arg_STREX *a) 5446 { 5447 if (!ENABLE_ARCH_8) { 5448 return false; 5449 } 5450 return op_strex(s, a, MO_16, true); 5451 } 5452 5453 static bool op_stl(DisasContext *s, arg_STL *a, MemOp mop) 5454 { 5455 TCGv_i32 addr, tmp; 5456 5457 if (!ENABLE_ARCH_8) { 5458 return false; 5459 } 5460 /* We UNDEF for these UNPREDICTABLE cases. */ 5461 if (a->rn == 15 || a->rt == 15) { 5462 unallocated_encoding(s); 5463 return true; 5464 } 5465 5466 addr = load_reg(s, a->rn); 5467 tmp = load_reg(s, a->rt); 5468 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL); 5469 gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), mop | MO_ALIGN); 5470 disas_set_da_iss(s, mop, a->rt | ISSIsAcqRel | ISSIsWrite); 5471 5472 return true; 5473 } 5474 5475 static bool trans_STL(DisasContext *s, arg_STL *a) 5476 { 5477 return op_stl(s, a, MO_UL); 5478 } 5479 5480 static bool trans_STLB(DisasContext *s, arg_STL *a) 5481 { 5482 return op_stl(s, a, MO_UB); 5483 } 5484 5485 static bool trans_STLH(DisasContext *s, arg_STL *a) 5486 { 5487 return op_stl(s, a, MO_UW); 5488 } 5489 5490 static bool op_ldrex(DisasContext *s, arg_LDREX *a, MemOp mop, bool acq) 5491 { 5492 TCGv_i32 addr; 5493 /* Some cases stopped being UNPREDICTABLE in v8A (but not v8M) */ 5494 bool v8a = ENABLE_ARCH_8 && !arm_dc_feature(s, ARM_FEATURE_M); 5495 5496 /* We UNDEF for these UNPREDICTABLE cases. */ 5497 if (a->rn == 15 || a->rt == 15 5498 || (!v8a && s->thumb && a->rt == 13) 5499 || (mop == MO_64 5500 && (a->rt2 == 15 || a->rt == a->rt2 5501 || (!v8a && s->thumb && a->rt2 == 13)))) { 5502 unallocated_encoding(s); 5503 return true; 5504 } 5505 5506 addr = tcg_temp_new_i32(); 5507 load_reg_var(s, addr, a->rn); 5508 tcg_gen_addi_i32(addr, addr, a->imm); 5509 5510 gen_load_exclusive(s, a->rt, a->rt2, addr, mop); 5511 5512 if (acq) { 5513 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ); 5514 } 5515 return true; 5516 } 5517 5518 static bool trans_LDREX(DisasContext *s, arg_LDREX *a) 5519 { 5520 if (!ENABLE_ARCH_6) { 5521 return false; 5522 } 5523 return op_ldrex(s, a, MO_32, false); 5524 } 5525 5526 static bool trans_LDREXD_a32(DisasContext *s, arg_LDREX *a) 5527 { 5528 if (!ENABLE_ARCH_6K) { 5529 return false; 5530 } 5531 /* We UNDEF for these UNPREDICTABLE cases. */ 5532 if (a->rt & 1) { 5533 unallocated_encoding(s); 5534 return true; 5535 } 5536 a->rt2 = a->rt + 1; 5537 return op_ldrex(s, a, MO_64, false); 5538 } 5539 5540 static bool trans_LDREXD_t32(DisasContext *s, arg_LDREX *a) 5541 { 5542 return op_ldrex(s, a, MO_64, false); 5543 } 5544 5545 static bool trans_LDREXB(DisasContext *s, arg_LDREX *a) 5546 { 5547 if (s->thumb ? !ENABLE_ARCH_7 : !ENABLE_ARCH_6K) { 5548 return false; 5549 } 5550 return op_ldrex(s, a, MO_8, false); 5551 } 5552 5553 static bool trans_LDREXH(DisasContext *s, arg_LDREX *a) 5554 { 5555 if (s->thumb ? !ENABLE_ARCH_7 : !ENABLE_ARCH_6K) { 5556 return false; 5557 } 5558 return op_ldrex(s, a, MO_16, false); 5559 } 5560 5561 static bool trans_LDAEX(DisasContext *s, arg_LDREX *a) 5562 { 5563 if (!ENABLE_ARCH_8) { 5564 return false; 5565 } 5566 return op_ldrex(s, a, MO_32, true); 5567 } 5568 5569 static bool trans_LDAEXD_a32(DisasContext *s, arg_LDREX *a) 5570 { 5571 if (!ENABLE_ARCH_8) { 5572 return false; 5573 } 5574 /* We UNDEF for these UNPREDICTABLE cases. */ 5575 if (a->rt & 1) { 5576 unallocated_encoding(s); 5577 return true; 5578 } 5579 a->rt2 = a->rt + 1; 5580 return op_ldrex(s, a, MO_64, true); 5581 } 5582 5583 static bool trans_LDAEXD_t32(DisasContext *s, arg_LDREX *a) 5584 { 5585 if (!ENABLE_ARCH_8) { 5586 return false; 5587 } 5588 return op_ldrex(s, a, MO_64, true); 5589 } 5590 5591 static bool trans_LDAEXB(DisasContext *s, arg_LDREX *a) 5592 { 5593 if (!ENABLE_ARCH_8) { 5594 return false; 5595 } 5596 return op_ldrex(s, a, MO_8, true); 5597 } 5598 5599 static bool trans_LDAEXH(DisasContext *s, arg_LDREX *a) 5600 { 5601 if (!ENABLE_ARCH_8) { 5602 return false; 5603 } 5604 return op_ldrex(s, a, MO_16, true); 5605 } 5606 5607 static bool op_lda(DisasContext *s, arg_LDA *a, MemOp mop) 5608 { 5609 TCGv_i32 addr, tmp; 5610 5611 if (!ENABLE_ARCH_8) { 5612 return false; 5613 } 5614 /* We UNDEF for these UNPREDICTABLE cases. */ 5615 if (a->rn == 15 || a->rt == 15) { 5616 unallocated_encoding(s); 5617 return true; 5618 } 5619 5620 addr = load_reg(s, a->rn); 5621 tmp = tcg_temp_new_i32(); 5622 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), mop | MO_ALIGN); 5623 disas_set_da_iss(s, mop, a->rt | ISSIsAcqRel); 5624 5625 store_reg(s, a->rt, tmp); 5626 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL); 5627 return true; 5628 } 5629 5630 static bool trans_LDA(DisasContext *s, arg_LDA *a) 5631 { 5632 return op_lda(s, a, MO_UL); 5633 } 5634 5635 static bool trans_LDAB(DisasContext *s, arg_LDA *a) 5636 { 5637 return op_lda(s, a, MO_UB); 5638 } 5639 5640 static bool trans_LDAH(DisasContext *s, arg_LDA *a) 5641 { 5642 return op_lda(s, a, MO_UW); 5643 } 5644 5645 /* 5646 * Media instructions 5647 */ 5648 5649 static bool trans_USADA8(DisasContext *s, arg_USADA8 *a) 5650 { 5651 TCGv_i32 t1, t2; 5652 5653 if (!ENABLE_ARCH_6) { 5654 return false; 5655 } 5656 5657 t1 = load_reg(s, a->rn); 5658 t2 = load_reg(s, a->rm); 5659 gen_helper_usad8(t1, t1, t2); 5660 if (a->ra != 15) { 5661 t2 = load_reg(s, a->ra); 5662 tcg_gen_add_i32(t1, t1, t2); 5663 } 5664 store_reg(s, a->rd, t1); 5665 return true; 5666 } 5667 5668 static bool op_bfx(DisasContext *s, arg_UBFX *a, bool u) 5669 { 5670 TCGv_i32 tmp; 5671 int width = a->widthm1 + 1; 5672 int shift = a->lsb; 5673 5674 if (!ENABLE_ARCH_6T2) { 5675 return false; 5676 } 5677 if (shift + width > 32) { 5678 /* UNPREDICTABLE; we choose to UNDEF */ 5679 unallocated_encoding(s); 5680 return true; 5681 } 5682 5683 tmp = load_reg(s, a->rn); 5684 if (u) { 5685 tcg_gen_extract_i32(tmp, tmp, shift, width); 5686 } else { 5687 tcg_gen_sextract_i32(tmp, tmp, shift, width); 5688 } 5689 store_reg(s, a->rd, tmp); 5690 return true; 5691 } 5692 5693 static bool trans_SBFX(DisasContext *s, arg_SBFX *a) 5694 { 5695 return op_bfx(s, a, false); 5696 } 5697 5698 static bool trans_UBFX(DisasContext *s, arg_UBFX *a) 5699 { 5700 return op_bfx(s, a, true); 5701 } 5702 5703 static bool trans_BFCI(DisasContext *s, arg_BFCI *a) 5704 { 5705 int msb = a->msb, lsb = a->lsb; 5706 TCGv_i32 t_in, t_rd; 5707 int width; 5708 5709 if (!ENABLE_ARCH_6T2) { 5710 return false; 5711 } 5712 if (msb < lsb) { 5713 /* UNPREDICTABLE; we choose to UNDEF */ 5714 unallocated_encoding(s); 5715 return true; 5716 } 5717 5718 width = msb + 1 - lsb; 5719 if (a->rn == 15) { 5720 /* BFC */ 5721 t_in = tcg_constant_i32(0); 5722 } else { 5723 /* BFI */ 5724 t_in = load_reg(s, a->rn); 5725 } 5726 t_rd = load_reg(s, a->rd); 5727 tcg_gen_deposit_i32(t_rd, t_rd, t_in, lsb, width); 5728 store_reg(s, a->rd, t_rd); 5729 return true; 5730 } 5731 5732 static bool trans_UDF(DisasContext *s, arg_UDF *a) 5733 { 5734 unallocated_encoding(s); 5735 return true; 5736 } 5737 5738 /* 5739 * Parallel addition and subtraction 5740 */ 5741 5742 static bool op_par_addsub(DisasContext *s, arg_rrr *a, 5743 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32)) 5744 { 5745 TCGv_i32 t0, t1; 5746 5747 if (s->thumb 5748 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 5749 : !ENABLE_ARCH_6) { 5750 return false; 5751 } 5752 5753 t0 = load_reg(s, a->rn); 5754 t1 = load_reg(s, a->rm); 5755 5756 gen(t0, t0, t1); 5757 5758 store_reg(s, a->rd, t0); 5759 return true; 5760 } 5761 5762 static bool op_par_addsub_ge(DisasContext *s, arg_rrr *a, 5763 void (*gen)(TCGv_i32, TCGv_i32, 5764 TCGv_i32, TCGv_ptr)) 5765 { 5766 TCGv_i32 t0, t1; 5767 TCGv_ptr ge; 5768 5769 if (s->thumb 5770 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 5771 : !ENABLE_ARCH_6) { 5772 return false; 5773 } 5774 5775 t0 = load_reg(s, a->rn); 5776 t1 = load_reg(s, a->rm); 5777 5778 ge = tcg_temp_new_ptr(); 5779 tcg_gen_addi_ptr(ge, tcg_env, offsetof(CPUARMState, GE)); 5780 gen(t0, t0, t1, ge); 5781 5782 store_reg(s, a->rd, t0); 5783 return true; 5784 } 5785 5786 #define DO_PAR_ADDSUB(NAME, helper) \ 5787 static bool trans_##NAME(DisasContext *s, arg_rrr *a) \ 5788 { \ 5789 return op_par_addsub(s, a, helper); \ 5790 } 5791 5792 #define DO_PAR_ADDSUB_GE(NAME, helper) \ 5793 static bool trans_##NAME(DisasContext *s, arg_rrr *a) \ 5794 { \ 5795 return op_par_addsub_ge(s, a, helper); \ 5796 } 5797 5798 DO_PAR_ADDSUB_GE(SADD16, gen_helper_sadd16) 5799 DO_PAR_ADDSUB_GE(SASX, gen_helper_saddsubx) 5800 DO_PAR_ADDSUB_GE(SSAX, gen_helper_ssubaddx) 5801 DO_PAR_ADDSUB_GE(SSUB16, gen_helper_ssub16) 5802 DO_PAR_ADDSUB_GE(SADD8, gen_helper_sadd8) 5803 DO_PAR_ADDSUB_GE(SSUB8, gen_helper_ssub8) 5804 5805 DO_PAR_ADDSUB_GE(UADD16, gen_helper_uadd16) 5806 DO_PAR_ADDSUB_GE(UASX, gen_helper_uaddsubx) 5807 DO_PAR_ADDSUB_GE(USAX, gen_helper_usubaddx) 5808 DO_PAR_ADDSUB_GE(USUB16, gen_helper_usub16) 5809 DO_PAR_ADDSUB_GE(UADD8, gen_helper_uadd8) 5810 DO_PAR_ADDSUB_GE(USUB8, gen_helper_usub8) 5811 5812 DO_PAR_ADDSUB(QADD16, gen_helper_qadd16) 5813 DO_PAR_ADDSUB(QASX, gen_helper_qaddsubx) 5814 DO_PAR_ADDSUB(QSAX, gen_helper_qsubaddx) 5815 DO_PAR_ADDSUB(QSUB16, gen_helper_qsub16) 5816 DO_PAR_ADDSUB(QADD8, gen_helper_qadd8) 5817 DO_PAR_ADDSUB(QSUB8, gen_helper_qsub8) 5818 5819 DO_PAR_ADDSUB(UQADD16, gen_helper_uqadd16) 5820 DO_PAR_ADDSUB(UQASX, gen_helper_uqaddsubx) 5821 DO_PAR_ADDSUB(UQSAX, gen_helper_uqsubaddx) 5822 DO_PAR_ADDSUB(UQSUB16, gen_helper_uqsub16) 5823 DO_PAR_ADDSUB(UQADD8, gen_helper_uqadd8) 5824 DO_PAR_ADDSUB(UQSUB8, gen_helper_uqsub8) 5825 5826 DO_PAR_ADDSUB(SHADD16, gen_helper_shadd16) 5827 DO_PAR_ADDSUB(SHASX, gen_helper_shaddsubx) 5828 DO_PAR_ADDSUB(SHSAX, gen_helper_shsubaddx) 5829 DO_PAR_ADDSUB(SHSUB16, gen_helper_shsub16) 5830 DO_PAR_ADDSUB(SHADD8, gen_helper_shadd8) 5831 DO_PAR_ADDSUB(SHSUB8, gen_helper_shsub8) 5832 5833 DO_PAR_ADDSUB(UHADD16, gen_helper_uhadd16) 5834 DO_PAR_ADDSUB(UHASX, gen_helper_uhaddsubx) 5835 DO_PAR_ADDSUB(UHSAX, gen_helper_uhsubaddx) 5836 DO_PAR_ADDSUB(UHSUB16, gen_helper_uhsub16) 5837 DO_PAR_ADDSUB(UHADD8, gen_helper_uhadd8) 5838 DO_PAR_ADDSUB(UHSUB8, gen_helper_uhsub8) 5839 5840 #undef DO_PAR_ADDSUB 5841 #undef DO_PAR_ADDSUB_GE 5842 5843 /* 5844 * Packing, unpacking, saturation, and reversal 5845 */ 5846 5847 static bool trans_PKH(DisasContext *s, arg_PKH *a) 5848 { 5849 TCGv_i32 tn, tm; 5850 int shift = a->imm; 5851 5852 if (s->thumb 5853 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 5854 : !ENABLE_ARCH_6) { 5855 return false; 5856 } 5857 5858 tn = load_reg(s, a->rn); 5859 tm = load_reg(s, a->rm); 5860 if (a->tb) { 5861 /* PKHTB */ 5862 if (shift == 0) { 5863 shift = 31; 5864 } 5865 tcg_gen_sari_i32(tm, tm, shift); 5866 tcg_gen_deposit_i32(tn, tn, tm, 0, 16); 5867 } else { 5868 /* PKHBT */ 5869 tcg_gen_shli_i32(tm, tm, shift); 5870 tcg_gen_deposit_i32(tn, tm, tn, 0, 16); 5871 } 5872 store_reg(s, a->rd, tn); 5873 return true; 5874 } 5875 5876 static bool op_sat(DisasContext *s, arg_sat *a, 5877 void (*gen)(TCGv_i32, TCGv_env, TCGv_i32, TCGv_i32)) 5878 { 5879 TCGv_i32 tmp; 5880 int shift = a->imm; 5881 5882 if (!ENABLE_ARCH_6) { 5883 return false; 5884 } 5885 5886 tmp = load_reg(s, a->rn); 5887 if (a->sh) { 5888 tcg_gen_sari_i32(tmp, tmp, shift ? shift : 31); 5889 } else { 5890 tcg_gen_shli_i32(tmp, tmp, shift); 5891 } 5892 5893 gen(tmp, tcg_env, tmp, tcg_constant_i32(a->satimm)); 5894 5895 store_reg(s, a->rd, tmp); 5896 return true; 5897 } 5898 5899 static bool trans_SSAT(DisasContext *s, arg_sat *a) 5900 { 5901 return op_sat(s, a, gen_helper_ssat); 5902 } 5903 5904 static bool trans_USAT(DisasContext *s, arg_sat *a) 5905 { 5906 return op_sat(s, a, gen_helper_usat); 5907 } 5908 5909 static bool trans_SSAT16(DisasContext *s, arg_sat *a) 5910 { 5911 if (s->thumb && !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) { 5912 return false; 5913 } 5914 return op_sat(s, a, gen_helper_ssat16); 5915 } 5916 5917 static bool trans_USAT16(DisasContext *s, arg_sat *a) 5918 { 5919 if (s->thumb && !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) { 5920 return false; 5921 } 5922 return op_sat(s, a, gen_helper_usat16); 5923 } 5924 5925 static bool op_xta(DisasContext *s, arg_rrr_rot *a, 5926 void (*gen_extract)(TCGv_i32, TCGv_i32), 5927 void (*gen_add)(TCGv_i32, TCGv_i32, TCGv_i32)) 5928 { 5929 TCGv_i32 tmp; 5930 5931 if (!ENABLE_ARCH_6) { 5932 return false; 5933 } 5934 5935 tmp = load_reg(s, a->rm); 5936 /* 5937 * TODO: In many cases we could do a shift instead of a rotate. 5938 * Combined with a simple extend, that becomes an extract. 5939 */ 5940 tcg_gen_rotri_i32(tmp, tmp, a->rot * 8); 5941 gen_extract(tmp, tmp); 5942 5943 if (a->rn != 15) { 5944 TCGv_i32 tmp2 = load_reg(s, a->rn); 5945 gen_add(tmp, tmp, tmp2); 5946 } 5947 store_reg(s, a->rd, tmp); 5948 return true; 5949 } 5950 5951 static bool trans_SXTAB(DisasContext *s, arg_rrr_rot *a) 5952 { 5953 return op_xta(s, a, tcg_gen_ext8s_i32, tcg_gen_add_i32); 5954 } 5955 5956 static bool trans_SXTAH(DisasContext *s, arg_rrr_rot *a) 5957 { 5958 return op_xta(s, a, tcg_gen_ext16s_i32, tcg_gen_add_i32); 5959 } 5960 5961 static bool trans_SXTAB16(DisasContext *s, arg_rrr_rot *a) 5962 { 5963 if (s->thumb && !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) { 5964 return false; 5965 } 5966 return op_xta(s, a, gen_helper_sxtb16, gen_add16); 5967 } 5968 5969 static bool trans_UXTAB(DisasContext *s, arg_rrr_rot *a) 5970 { 5971 return op_xta(s, a, tcg_gen_ext8u_i32, tcg_gen_add_i32); 5972 } 5973 5974 static bool trans_UXTAH(DisasContext *s, arg_rrr_rot *a) 5975 { 5976 return op_xta(s, a, tcg_gen_ext16u_i32, tcg_gen_add_i32); 5977 } 5978 5979 static bool trans_UXTAB16(DisasContext *s, arg_rrr_rot *a) 5980 { 5981 if (s->thumb && !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) { 5982 return false; 5983 } 5984 return op_xta(s, a, gen_helper_uxtb16, gen_add16); 5985 } 5986 5987 static bool trans_SEL(DisasContext *s, arg_rrr *a) 5988 { 5989 TCGv_i32 t1, t2, t3; 5990 5991 if (s->thumb 5992 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 5993 : !ENABLE_ARCH_6) { 5994 return false; 5995 } 5996 5997 t1 = load_reg(s, a->rn); 5998 t2 = load_reg(s, a->rm); 5999 t3 = tcg_temp_new_i32(); 6000 tcg_gen_ld_i32(t3, tcg_env, offsetof(CPUARMState, GE)); 6001 gen_helper_sel_flags(t1, t3, t1, t2); 6002 store_reg(s, a->rd, t1); 6003 return true; 6004 } 6005 6006 static bool op_rr(DisasContext *s, arg_rr *a, 6007 void (*gen)(TCGv_i32, TCGv_i32)) 6008 { 6009 TCGv_i32 tmp; 6010 6011 tmp = load_reg(s, a->rm); 6012 gen(tmp, tmp); 6013 store_reg(s, a->rd, tmp); 6014 return true; 6015 } 6016 6017 static bool trans_REV(DisasContext *s, arg_rr *a) 6018 { 6019 if (!ENABLE_ARCH_6) { 6020 return false; 6021 } 6022 return op_rr(s, a, tcg_gen_bswap32_i32); 6023 } 6024 6025 static bool trans_REV16(DisasContext *s, arg_rr *a) 6026 { 6027 if (!ENABLE_ARCH_6) { 6028 return false; 6029 } 6030 return op_rr(s, a, gen_rev16); 6031 } 6032 6033 static bool trans_REVSH(DisasContext *s, arg_rr *a) 6034 { 6035 if (!ENABLE_ARCH_6) { 6036 return false; 6037 } 6038 return op_rr(s, a, gen_revsh); 6039 } 6040 6041 static bool trans_RBIT(DisasContext *s, arg_rr *a) 6042 { 6043 if (!ENABLE_ARCH_6T2) { 6044 return false; 6045 } 6046 return op_rr(s, a, gen_helper_rbit); 6047 } 6048 6049 /* 6050 * Signed multiply, signed and unsigned divide 6051 */ 6052 6053 static bool op_smlad(DisasContext *s, arg_rrrr *a, bool m_swap, bool sub) 6054 { 6055 TCGv_i32 t1, t2; 6056 6057 if (!ENABLE_ARCH_6) { 6058 return false; 6059 } 6060 6061 t1 = load_reg(s, a->rn); 6062 t2 = load_reg(s, a->rm); 6063 if (m_swap) { 6064 gen_swap_half(t2, t2); 6065 } 6066 gen_smul_dual(t1, t2); 6067 6068 if (sub) { 6069 /* 6070 * This subtraction cannot overflow, so we can do a simple 6071 * 32-bit subtraction and then a possible 32-bit saturating 6072 * addition of Ra. 6073 */ 6074 tcg_gen_sub_i32(t1, t1, t2); 6075 6076 if (a->ra != 15) { 6077 t2 = load_reg(s, a->ra); 6078 gen_helper_add_setq(t1, tcg_env, t1, t2); 6079 } 6080 } else if (a->ra == 15) { 6081 /* Single saturation-checking addition */ 6082 gen_helper_add_setq(t1, tcg_env, t1, t2); 6083 } else { 6084 /* 6085 * We need to add the products and Ra together and then 6086 * determine whether the final result overflowed. Doing 6087 * this as two separate add-and-check-overflow steps incorrectly 6088 * sets Q for cases like (-32768 * -32768) + (-32768 * -32768) + -1. 6089 * Do all the arithmetic at 64-bits and then check for overflow. 6090 */ 6091 TCGv_i64 p64, q64; 6092 TCGv_i32 t3, qf, one; 6093 6094 p64 = tcg_temp_new_i64(); 6095 q64 = tcg_temp_new_i64(); 6096 tcg_gen_ext_i32_i64(p64, t1); 6097 tcg_gen_ext_i32_i64(q64, t2); 6098 tcg_gen_add_i64(p64, p64, q64); 6099 load_reg_var(s, t2, a->ra); 6100 tcg_gen_ext_i32_i64(q64, t2); 6101 tcg_gen_add_i64(p64, p64, q64); 6102 6103 tcg_gen_extr_i64_i32(t1, t2, p64); 6104 /* 6105 * t1 is the low half of the result which goes into Rd. 6106 * We have overflow and must set Q if the high half (t2) 6107 * is different from the sign-extension of t1. 6108 */ 6109 t3 = tcg_temp_new_i32(); 6110 tcg_gen_sari_i32(t3, t1, 31); 6111 qf = load_cpu_field(QF); 6112 one = tcg_constant_i32(1); 6113 tcg_gen_movcond_i32(TCG_COND_NE, qf, t2, t3, one, qf); 6114 store_cpu_field(qf, QF); 6115 } 6116 store_reg(s, a->rd, t1); 6117 return true; 6118 } 6119 6120 static bool trans_SMLAD(DisasContext *s, arg_rrrr *a) 6121 { 6122 return op_smlad(s, a, false, false); 6123 } 6124 6125 static bool trans_SMLADX(DisasContext *s, arg_rrrr *a) 6126 { 6127 return op_smlad(s, a, true, false); 6128 } 6129 6130 static bool trans_SMLSD(DisasContext *s, arg_rrrr *a) 6131 { 6132 return op_smlad(s, a, false, true); 6133 } 6134 6135 static bool trans_SMLSDX(DisasContext *s, arg_rrrr *a) 6136 { 6137 return op_smlad(s, a, true, true); 6138 } 6139 6140 static bool op_smlald(DisasContext *s, arg_rrrr *a, bool m_swap, bool sub) 6141 { 6142 TCGv_i32 t1, t2; 6143 TCGv_i64 l1, l2; 6144 6145 if (!ENABLE_ARCH_6) { 6146 return false; 6147 } 6148 6149 t1 = load_reg(s, a->rn); 6150 t2 = load_reg(s, a->rm); 6151 if (m_swap) { 6152 gen_swap_half(t2, t2); 6153 } 6154 gen_smul_dual(t1, t2); 6155 6156 l1 = tcg_temp_new_i64(); 6157 l2 = tcg_temp_new_i64(); 6158 tcg_gen_ext_i32_i64(l1, t1); 6159 tcg_gen_ext_i32_i64(l2, t2); 6160 6161 if (sub) { 6162 tcg_gen_sub_i64(l1, l1, l2); 6163 } else { 6164 tcg_gen_add_i64(l1, l1, l2); 6165 } 6166 6167 gen_addq(s, l1, a->ra, a->rd); 6168 gen_storeq_reg(s, a->ra, a->rd, l1); 6169 return true; 6170 } 6171 6172 static bool trans_SMLALD(DisasContext *s, arg_rrrr *a) 6173 { 6174 return op_smlald(s, a, false, false); 6175 } 6176 6177 static bool trans_SMLALDX(DisasContext *s, arg_rrrr *a) 6178 { 6179 return op_smlald(s, a, true, false); 6180 } 6181 6182 static bool trans_SMLSLD(DisasContext *s, arg_rrrr *a) 6183 { 6184 return op_smlald(s, a, false, true); 6185 } 6186 6187 static bool trans_SMLSLDX(DisasContext *s, arg_rrrr *a) 6188 { 6189 return op_smlald(s, a, true, true); 6190 } 6191 6192 static bool op_smmla(DisasContext *s, arg_rrrr *a, bool round, bool sub) 6193 { 6194 TCGv_i32 t1, t2; 6195 6196 if (s->thumb 6197 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 6198 : !ENABLE_ARCH_6) { 6199 return false; 6200 } 6201 6202 t1 = load_reg(s, a->rn); 6203 t2 = load_reg(s, a->rm); 6204 tcg_gen_muls2_i32(t2, t1, t1, t2); 6205 6206 if (a->ra != 15) { 6207 TCGv_i32 t3 = load_reg(s, a->ra); 6208 if (sub) { 6209 /* 6210 * For SMMLS, we need a 64-bit subtract. Borrow caused by 6211 * a non-zero multiplicand lowpart, and the correct result 6212 * lowpart for rounding. 6213 */ 6214 tcg_gen_sub2_i32(t2, t1, tcg_constant_i32(0), t3, t2, t1); 6215 } else { 6216 tcg_gen_add_i32(t1, t1, t3); 6217 } 6218 } 6219 if (round) { 6220 /* 6221 * Adding 0x80000000 to the 64-bit quantity means that we have 6222 * carry in to the high word when the low word has the msb set. 6223 */ 6224 tcg_gen_shri_i32(t2, t2, 31); 6225 tcg_gen_add_i32(t1, t1, t2); 6226 } 6227 store_reg(s, a->rd, t1); 6228 return true; 6229 } 6230 6231 static bool trans_SMMLA(DisasContext *s, arg_rrrr *a) 6232 { 6233 return op_smmla(s, a, false, false); 6234 } 6235 6236 static bool trans_SMMLAR(DisasContext *s, arg_rrrr *a) 6237 { 6238 return op_smmla(s, a, true, false); 6239 } 6240 6241 static bool trans_SMMLS(DisasContext *s, arg_rrrr *a) 6242 { 6243 return op_smmla(s, a, false, true); 6244 } 6245 6246 static bool trans_SMMLSR(DisasContext *s, arg_rrrr *a) 6247 { 6248 return op_smmla(s, a, true, true); 6249 } 6250 6251 static bool op_div(DisasContext *s, arg_rrr *a, bool u) 6252 { 6253 TCGv_i32 t1, t2; 6254 6255 if (s->thumb 6256 ? !dc_isar_feature(aa32_thumb_div, s) 6257 : !dc_isar_feature(aa32_arm_div, s)) { 6258 return false; 6259 } 6260 6261 t1 = load_reg(s, a->rn); 6262 t2 = load_reg(s, a->rm); 6263 if (u) { 6264 gen_helper_udiv(t1, tcg_env, t1, t2); 6265 } else { 6266 gen_helper_sdiv(t1, tcg_env, t1, t2); 6267 } 6268 store_reg(s, a->rd, t1); 6269 return true; 6270 } 6271 6272 static bool trans_SDIV(DisasContext *s, arg_rrr *a) 6273 { 6274 return op_div(s, a, false); 6275 } 6276 6277 static bool trans_UDIV(DisasContext *s, arg_rrr *a) 6278 { 6279 return op_div(s, a, true); 6280 } 6281 6282 /* 6283 * Block data transfer 6284 */ 6285 6286 static TCGv_i32 op_addr_block_pre(DisasContext *s, arg_ldst_block *a, int n) 6287 { 6288 TCGv_i32 addr = load_reg(s, a->rn); 6289 6290 if (a->b) { 6291 if (a->i) { 6292 /* pre increment */ 6293 tcg_gen_addi_i32(addr, addr, 4); 6294 } else { 6295 /* pre decrement */ 6296 tcg_gen_addi_i32(addr, addr, -(n * 4)); 6297 } 6298 } else if (!a->i && n != 1) { 6299 /* post decrement */ 6300 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4)); 6301 } 6302 6303 if (s->v8m_stackcheck && a->rn == 13 && a->w) { 6304 /* 6305 * If the writeback is incrementing SP rather than 6306 * decrementing it, and the initial SP is below the 6307 * stack limit but the final written-back SP would 6308 * be above, then we must not perform any memory 6309 * accesses, but it is IMPDEF whether we generate 6310 * an exception. We choose to do so in this case. 6311 * At this point 'addr' is the lowest address, so 6312 * either the original SP (if incrementing) or our 6313 * final SP (if decrementing), so that's what we check. 6314 */ 6315 gen_helper_v8m_stackcheck(tcg_env, addr); 6316 } 6317 6318 return addr; 6319 } 6320 6321 static void op_addr_block_post(DisasContext *s, arg_ldst_block *a, 6322 TCGv_i32 addr, int n) 6323 { 6324 if (a->w) { 6325 /* write back */ 6326 if (!a->b) { 6327 if (a->i) { 6328 /* post increment */ 6329 tcg_gen_addi_i32(addr, addr, 4); 6330 } else { 6331 /* post decrement */ 6332 tcg_gen_addi_i32(addr, addr, -(n * 4)); 6333 } 6334 } else if (!a->i && n != 1) { 6335 /* pre decrement */ 6336 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4)); 6337 } 6338 store_reg(s, a->rn, addr); 6339 } 6340 } 6341 6342 static bool op_stm(DisasContext *s, arg_ldst_block *a) 6343 { 6344 int i, j, n, list, mem_idx; 6345 bool user = a->u; 6346 TCGv_i32 addr, tmp; 6347 6348 if (user) { 6349 /* STM (user) */ 6350 if (IS_USER(s)) { 6351 /* Only usable in supervisor mode. */ 6352 unallocated_encoding(s); 6353 return true; 6354 } 6355 } 6356 6357 list = a->list; 6358 n = ctpop16(list); 6359 /* 6360 * This is UNPREDICTABLE for n < 1 in all encodings, and we choose 6361 * to UNDEF. In the T32 STM encoding n == 1 is also UNPREDICTABLE, 6362 * but hardware treats it like the A32 version and implements the 6363 * single-register-store, and some in-the-wild (buggy) software 6364 * assumes that, so we don't UNDEF on that case. 6365 */ 6366 if (n < 1 || a->rn == 15) { 6367 unallocated_encoding(s); 6368 return true; 6369 } 6370 6371 s->eci_handled = true; 6372 6373 addr = op_addr_block_pre(s, a, n); 6374 mem_idx = get_mem_index(s); 6375 6376 for (i = j = 0; i < 16; i++) { 6377 if (!(list & (1 << i))) { 6378 continue; 6379 } 6380 6381 if (user && i != 15) { 6382 tmp = tcg_temp_new_i32(); 6383 gen_helper_get_user_reg(tmp, tcg_env, tcg_constant_i32(i)); 6384 } else { 6385 tmp = load_reg(s, i); 6386 } 6387 gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN); 6388 6389 /* No need to add after the last transfer. */ 6390 if (++j != n) { 6391 tcg_gen_addi_i32(addr, addr, 4); 6392 } 6393 } 6394 6395 op_addr_block_post(s, a, addr, n); 6396 clear_eci_state(s); 6397 return true; 6398 } 6399 6400 static bool trans_STM(DisasContext *s, arg_ldst_block *a) 6401 { 6402 return op_stm(s, a); 6403 } 6404 6405 static bool trans_STM_t32(DisasContext *s, arg_ldst_block *a) 6406 { 6407 /* Writeback register in register list is UNPREDICTABLE for T32. */ 6408 if (a->w && (a->list & (1 << a->rn))) { 6409 unallocated_encoding(s); 6410 return true; 6411 } 6412 return op_stm(s, a); 6413 } 6414 6415 static bool do_ldm(DisasContext *s, arg_ldst_block *a) 6416 { 6417 int i, j, n, list, mem_idx; 6418 bool loaded_base; 6419 bool user = a->u; 6420 bool exc_return = false; 6421 TCGv_i32 addr, tmp, loaded_var; 6422 6423 if (user) { 6424 /* LDM (user), LDM (exception return) */ 6425 if (IS_USER(s)) { 6426 /* Only usable in supervisor mode. */ 6427 unallocated_encoding(s); 6428 return true; 6429 } 6430 if (extract32(a->list, 15, 1)) { 6431 exc_return = true; 6432 user = false; 6433 } else { 6434 /* LDM (user) does not allow writeback. */ 6435 if (a->w) { 6436 unallocated_encoding(s); 6437 return true; 6438 } 6439 } 6440 } 6441 6442 list = a->list; 6443 n = ctpop16(list); 6444 /* 6445 * This is UNPREDICTABLE for n < 1 in all encodings, and we choose 6446 * to UNDEF. In the T32 LDM encoding n == 1 is also UNPREDICTABLE, 6447 * but hardware treats it like the A32 version and implements the 6448 * single-register-load, and some in-the-wild (buggy) software 6449 * assumes that, so we don't UNDEF on that case. 6450 */ 6451 if (n < 1 || a->rn == 15) { 6452 unallocated_encoding(s); 6453 return true; 6454 } 6455 6456 s->eci_handled = true; 6457 6458 addr = op_addr_block_pre(s, a, n); 6459 mem_idx = get_mem_index(s); 6460 loaded_base = false; 6461 loaded_var = NULL; 6462 6463 for (i = j = 0; i < 16; i++) { 6464 if (!(list & (1 << i))) { 6465 continue; 6466 } 6467 6468 tmp = tcg_temp_new_i32(); 6469 gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN); 6470 if (user) { 6471 gen_helper_set_user_reg(tcg_env, tcg_constant_i32(i), tmp); 6472 } else if (i == a->rn) { 6473 loaded_var = tmp; 6474 loaded_base = true; 6475 } else if (i == 15 && exc_return) { 6476 store_pc_exc_ret(s, tmp); 6477 } else { 6478 store_reg_from_load(s, i, tmp); 6479 } 6480 6481 /* No need to add after the last transfer. */ 6482 if (++j != n) { 6483 tcg_gen_addi_i32(addr, addr, 4); 6484 } 6485 } 6486 6487 op_addr_block_post(s, a, addr, n); 6488 6489 if (loaded_base) { 6490 /* Note that we reject base == pc above. */ 6491 store_reg(s, a->rn, loaded_var); 6492 } 6493 6494 if (exc_return) { 6495 /* Restore CPSR from SPSR. */ 6496 tmp = load_cpu_field(spsr); 6497 translator_io_start(&s->base); 6498 gen_helper_cpsr_write_eret(tcg_env, tmp); 6499 /* Must exit loop to check un-masked IRQs */ 6500 s->base.is_jmp = DISAS_EXIT; 6501 } 6502 clear_eci_state(s); 6503 return true; 6504 } 6505 6506 static bool trans_LDM_a32(DisasContext *s, arg_ldst_block *a) 6507 { 6508 /* 6509 * Writeback register in register list is UNPREDICTABLE 6510 * for ArchVersion() >= 7. Prior to v7, A32 would write 6511 * an UNKNOWN value to the base register. 6512 */ 6513 if (ENABLE_ARCH_7 && a->w && (a->list & (1 << a->rn))) { 6514 unallocated_encoding(s); 6515 return true; 6516 } 6517 return do_ldm(s, a); 6518 } 6519 6520 static bool trans_LDM_t32(DisasContext *s, arg_ldst_block *a) 6521 { 6522 /* Writeback register in register list is UNPREDICTABLE for T32. */ 6523 if (a->w && (a->list & (1 << a->rn))) { 6524 unallocated_encoding(s); 6525 return true; 6526 } 6527 return do_ldm(s, a); 6528 } 6529 6530 static bool trans_LDM_t16(DisasContext *s, arg_ldst_block *a) 6531 { 6532 /* Writeback is conditional on the base register not being loaded. */ 6533 a->w = !(a->list & (1 << a->rn)); 6534 return do_ldm(s, a); 6535 } 6536 6537 static bool trans_CLRM(DisasContext *s, arg_CLRM *a) 6538 { 6539 int i; 6540 TCGv_i32 zero; 6541 6542 if (!dc_isar_feature(aa32_m_sec_state, s)) { 6543 return false; 6544 } 6545 6546 if (extract32(a->list, 13, 1)) { 6547 return false; 6548 } 6549 6550 if (!a->list) { 6551 /* UNPREDICTABLE; we choose to UNDEF */ 6552 return false; 6553 } 6554 6555 s->eci_handled = true; 6556 6557 zero = tcg_constant_i32(0); 6558 for (i = 0; i < 15; i++) { 6559 if (extract32(a->list, i, 1)) { 6560 /* Clear R[i] */ 6561 tcg_gen_mov_i32(cpu_R[i], zero); 6562 } 6563 } 6564 if (extract32(a->list, 15, 1)) { 6565 /* 6566 * Clear APSR (by calling the MSR helper with the same argument 6567 * as for "MSR APSR_nzcvqg, Rn": mask = 0b1100, SYSM=0) 6568 */ 6569 gen_helper_v7m_msr(tcg_env, tcg_constant_i32(0xc00), zero); 6570 } 6571 clear_eci_state(s); 6572 return true; 6573 } 6574 6575 /* 6576 * Branch, branch with link 6577 */ 6578 6579 static bool trans_B(DisasContext *s, arg_i *a) 6580 { 6581 gen_jmp(s, jmp_diff(s, a->imm)); 6582 return true; 6583 } 6584 6585 static bool trans_B_cond_thumb(DisasContext *s, arg_ci *a) 6586 { 6587 /* This has cond from encoding, required to be outside IT block. */ 6588 if (a->cond >= 0xe) { 6589 return false; 6590 } 6591 if (s->condexec_mask) { 6592 unallocated_encoding(s); 6593 return true; 6594 } 6595 arm_skip_unless(s, a->cond); 6596 gen_jmp(s, jmp_diff(s, a->imm)); 6597 return true; 6598 } 6599 6600 static bool trans_BL(DisasContext *s, arg_i *a) 6601 { 6602 gen_pc_plus_diff(s, cpu_R[14], curr_insn_len(s) | s->thumb); 6603 gen_jmp(s, jmp_diff(s, a->imm)); 6604 return true; 6605 } 6606 6607 static bool trans_BLX_i(DisasContext *s, arg_BLX_i *a) 6608 { 6609 /* 6610 * BLX <imm> would be useless on M-profile; the encoding space 6611 * is used for other insns from v8.1M onward, and UNDEFs before that. 6612 */ 6613 if (arm_dc_feature(s, ARM_FEATURE_M)) { 6614 return false; 6615 } 6616 6617 /* For A32, ARM_FEATURE_V5 is checked near the start of the uncond block. */ 6618 if (s->thumb && (a->imm & 2)) { 6619 return false; 6620 } 6621 gen_pc_plus_diff(s, cpu_R[14], curr_insn_len(s) | s->thumb); 6622 store_cpu_field_constant(!s->thumb, thumb); 6623 /* This jump is computed from an aligned PC: subtract off the low bits. */ 6624 gen_jmp(s, jmp_diff(s, a->imm - (s->pc_curr & 3))); 6625 return true; 6626 } 6627 6628 static bool trans_BL_BLX_prefix(DisasContext *s, arg_BL_BLX_prefix *a) 6629 { 6630 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2)); 6631 gen_pc_plus_diff(s, cpu_R[14], jmp_diff(s, a->imm << 12)); 6632 return true; 6633 } 6634 6635 static bool trans_BL_suffix(DisasContext *s, arg_BL_suffix *a) 6636 { 6637 TCGv_i32 tmp = tcg_temp_new_i32(); 6638 6639 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2)); 6640 tcg_gen_addi_i32(tmp, cpu_R[14], (a->imm << 1) | 1); 6641 gen_pc_plus_diff(s, cpu_R[14], curr_insn_len(s) | 1); 6642 gen_bx(s, tmp); 6643 return true; 6644 } 6645 6646 static bool trans_BLX_suffix(DisasContext *s, arg_BLX_suffix *a) 6647 { 6648 TCGv_i32 tmp; 6649 6650 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2)); 6651 if (!ENABLE_ARCH_5) { 6652 return false; 6653 } 6654 tmp = tcg_temp_new_i32(); 6655 tcg_gen_addi_i32(tmp, cpu_R[14], a->imm << 1); 6656 tcg_gen_andi_i32(tmp, tmp, 0xfffffffc); 6657 gen_pc_plus_diff(s, cpu_R[14], curr_insn_len(s) | 1); 6658 gen_bx(s, tmp); 6659 return true; 6660 } 6661 6662 static bool trans_BF(DisasContext *s, arg_BF *a) 6663 { 6664 /* 6665 * M-profile branch future insns. The architecture permits an 6666 * implementation to implement these as NOPs (equivalent to 6667 * discarding the LO_BRANCH_INFO cache immediately), and we 6668 * take that IMPDEF option because for QEMU a "real" implementation 6669 * would be complicated and wouldn't execute any faster. 6670 */ 6671 if (!dc_isar_feature(aa32_lob, s)) { 6672 return false; 6673 } 6674 if (a->boff == 0) { 6675 /* SEE "Related encodings" (loop insns) */ 6676 return false; 6677 } 6678 /* Handle as NOP */ 6679 return true; 6680 } 6681 6682 static bool trans_DLS(DisasContext *s, arg_DLS *a) 6683 { 6684 /* M-profile low-overhead loop start */ 6685 TCGv_i32 tmp; 6686 6687 if (!dc_isar_feature(aa32_lob, s)) { 6688 return false; 6689 } 6690 if (a->rn == 13 || a->rn == 15) { 6691 /* 6692 * For DLSTP rn == 15 is a related encoding (LCTP); the 6693 * other cases caught by this condition are all 6694 * CONSTRAINED UNPREDICTABLE: we choose to UNDEF 6695 */ 6696 return false; 6697 } 6698 6699 if (a->size != 4) { 6700 /* DLSTP */ 6701 if (!dc_isar_feature(aa32_mve, s)) { 6702 return false; 6703 } 6704 if (!vfp_access_check(s)) { 6705 return true; 6706 } 6707 } 6708 6709 /* Not a while loop: set LR to the count, and set LTPSIZE for DLSTP */ 6710 tmp = load_reg(s, a->rn); 6711 store_reg(s, 14, tmp); 6712 if (a->size != 4) { 6713 /* DLSTP: set FPSCR.LTPSIZE */ 6714 store_cpu_field(tcg_constant_i32(a->size), v7m.ltpsize); 6715 s->base.is_jmp = DISAS_UPDATE_NOCHAIN; 6716 } 6717 return true; 6718 } 6719 6720 static bool trans_WLS(DisasContext *s, arg_WLS *a) 6721 { 6722 /* M-profile low-overhead while-loop start */ 6723 TCGv_i32 tmp; 6724 DisasLabel nextlabel; 6725 6726 if (!dc_isar_feature(aa32_lob, s)) { 6727 return false; 6728 } 6729 if (a->rn == 13 || a->rn == 15) { 6730 /* 6731 * For WLSTP rn == 15 is a related encoding (LE); the 6732 * other cases caught by this condition are all 6733 * CONSTRAINED UNPREDICTABLE: we choose to UNDEF 6734 */ 6735 return false; 6736 } 6737 if (s->condexec_mask) { 6738 /* 6739 * WLS in an IT block is CONSTRAINED UNPREDICTABLE; 6740 * we choose to UNDEF, because otherwise our use of 6741 * gen_goto_tb(1) would clash with the use of TB exit 1 6742 * in the dc->condjmp condition-failed codepath in 6743 * arm_tr_tb_stop() and we'd get an assertion. 6744 */ 6745 return false; 6746 } 6747 if (a->size != 4) { 6748 /* WLSTP */ 6749 if (!dc_isar_feature(aa32_mve, s)) { 6750 return false; 6751 } 6752 /* 6753 * We need to check that the FPU is enabled here, but mustn't 6754 * call vfp_access_check() to do that because we don't want to 6755 * do the lazy state preservation in the "loop count is zero" case. 6756 * Do the check-and-raise-exception by hand. 6757 */ 6758 if (s->fp_excp_el) { 6759 gen_exception_insn_el(s, 0, EXCP_NOCP, 6760 syn_uncategorized(), s->fp_excp_el); 6761 return true; 6762 } 6763 } 6764 6765 nextlabel = gen_disas_label(s); 6766 tcg_gen_brcondi_i32(TCG_COND_EQ, cpu_R[a->rn], 0, nextlabel.label); 6767 tmp = load_reg(s, a->rn); 6768 store_reg(s, 14, tmp); 6769 if (a->size != 4) { 6770 /* 6771 * WLSTP: set FPSCR.LTPSIZE. This requires that we do the 6772 * lazy state preservation, new FP context creation, etc, 6773 * that vfp_access_check() does. We know that the actual 6774 * access check will succeed (ie it won't generate code that 6775 * throws an exception) because we did that check by hand earlier. 6776 */ 6777 bool ok = vfp_access_check(s); 6778 assert(ok); 6779 store_cpu_field(tcg_constant_i32(a->size), v7m.ltpsize); 6780 /* 6781 * LTPSIZE updated, but MVE_NO_PRED will always be the same thing (0) 6782 * when we take this upcoming exit from this TB, so gen_jmp_tb() is OK. 6783 */ 6784 } 6785 gen_jmp_tb(s, curr_insn_len(s), 1); 6786 6787 set_disas_label(s, nextlabel); 6788 gen_jmp(s, jmp_diff(s, a->imm)); 6789 return true; 6790 } 6791 6792 static bool trans_LE(DisasContext *s, arg_LE *a) 6793 { 6794 /* 6795 * M-profile low-overhead loop end. The architecture permits an 6796 * implementation to discard the LO_BRANCH_INFO cache at any time, 6797 * and we take the IMPDEF option to never set it in the first place 6798 * (equivalent to always discarding it immediately), because for QEMU 6799 * a "real" implementation would be complicated and wouldn't execute 6800 * any faster. 6801 */ 6802 TCGv_i32 tmp; 6803 DisasLabel loopend; 6804 bool fpu_active; 6805 6806 if (!dc_isar_feature(aa32_lob, s)) { 6807 return false; 6808 } 6809 if (a->f && a->tp) { 6810 return false; 6811 } 6812 if (s->condexec_mask) { 6813 /* 6814 * LE in an IT block is CONSTRAINED UNPREDICTABLE; 6815 * we choose to UNDEF, because otherwise our use of 6816 * gen_goto_tb(1) would clash with the use of TB exit 1 6817 * in the dc->condjmp condition-failed codepath in 6818 * arm_tr_tb_stop() and we'd get an assertion. 6819 */ 6820 return false; 6821 } 6822 if (a->tp) { 6823 /* LETP */ 6824 if (!dc_isar_feature(aa32_mve, s)) { 6825 return false; 6826 } 6827 if (!vfp_access_check(s)) { 6828 s->eci_handled = true; 6829 return true; 6830 } 6831 } 6832 6833 /* LE/LETP is OK with ECI set and leaves it untouched */ 6834 s->eci_handled = true; 6835 6836 /* 6837 * With MVE, LTPSIZE might not be 4, and we must emit an INVSTATE 6838 * UsageFault exception for the LE insn in that case. Note that we 6839 * are not directly checking FPSCR.LTPSIZE but instead check the 6840 * pseudocode LTPSIZE() function, which returns 4 if the FPU is 6841 * not currently active (ie ActiveFPState() returns false). We 6842 * can identify not-active purely from our TB state flags, as the 6843 * FPU is active only if: 6844 * the FPU is enabled 6845 * AND lazy state preservation is not active 6846 * AND we do not need a new fp context (this is the ASPEN/FPCA check) 6847 * 6848 * Usually we don't need to care about this distinction between 6849 * LTPSIZE and FPSCR.LTPSIZE, because the code in vfp_access_check() 6850 * will either take an exception or clear the conditions that make 6851 * the FPU not active. But LE is an unusual case of a non-FP insn 6852 * that looks at LTPSIZE. 6853 */ 6854 fpu_active = !s->fp_excp_el && !s->v7m_lspact && !s->v7m_new_fp_ctxt_needed; 6855 6856 if (!a->tp && dc_isar_feature(aa32_mve, s) && fpu_active) { 6857 /* Need to do a runtime check for LTPSIZE != 4 */ 6858 DisasLabel skipexc = gen_disas_label(s); 6859 tmp = load_cpu_field(v7m.ltpsize); 6860 tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 4, skipexc.label); 6861 gen_exception_insn(s, 0, EXCP_INVSTATE, syn_uncategorized()); 6862 set_disas_label(s, skipexc); 6863 } 6864 6865 if (a->f) { 6866 /* Loop-forever: just jump back to the loop start */ 6867 gen_jmp(s, jmp_diff(s, -a->imm)); 6868 return true; 6869 } 6870 6871 /* 6872 * Not loop-forever. If LR <= loop-decrement-value this is the last loop. 6873 * For LE, we know at this point that LTPSIZE must be 4 and the 6874 * loop decrement value is 1. For LETP we need to calculate the decrement 6875 * value from LTPSIZE. 6876 */ 6877 loopend = gen_disas_label(s); 6878 if (!a->tp) { 6879 tcg_gen_brcondi_i32(TCG_COND_LEU, cpu_R[14], 1, loopend.label); 6880 tcg_gen_addi_i32(cpu_R[14], cpu_R[14], -1); 6881 } else { 6882 /* 6883 * Decrement by 1 << (4 - LTPSIZE). We need to use a TCG local 6884 * so that decr stays live after the brcondi. 6885 */ 6886 TCGv_i32 decr = tcg_temp_new_i32(); 6887 TCGv_i32 ltpsize = load_cpu_field(v7m.ltpsize); 6888 tcg_gen_sub_i32(decr, tcg_constant_i32(4), ltpsize); 6889 tcg_gen_shl_i32(decr, tcg_constant_i32(1), decr); 6890 6891 tcg_gen_brcond_i32(TCG_COND_LEU, cpu_R[14], decr, loopend.label); 6892 6893 tcg_gen_sub_i32(cpu_R[14], cpu_R[14], decr); 6894 } 6895 /* Jump back to the loop start */ 6896 gen_jmp(s, jmp_diff(s, -a->imm)); 6897 6898 set_disas_label(s, loopend); 6899 if (a->tp) { 6900 /* Exits from tail-pred loops must reset LTPSIZE to 4 */ 6901 store_cpu_field(tcg_constant_i32(4), v7m.ltpsize); 6902 } 6903 /* End TB, continuing to following insn */ 6904 gen_jmp_tb(s, curr_insn_len(s), 1); 6905 return true; 6906 } 6907 6908 static bool trans_LCTP(DisasContext *s, arg_LCTP *a) 6909 { 6910 /* 6911 * M-profile Loop Clear with Tail Predication. Since our implementation 6912 * doesn't cache branch information, all we need to do is reset 6913 * FPSCR.LTPSIZE to 4. 6914 */ 6915 6916 if (!dc_isar_feature(aa32_lob, s) || 6917 !dc_isar_feature(aa32_mve, s)) { 6918 return false; 6919 } 6920 6921 if (!vfp_access_check(s)) { 6922 return true; 6923 } 6924 6925 store_cpu_field_constant(4, v7m.ltpsize); 6926 return true; 6927 } 6928 6929 static bool trans_VCTP(DisasContext *s, arg_VCTP *a) 6930 { 6931 /* 6932 * M-profile Create Vector Tail Predicate. This insn is itself 6933 * predicated and is subject to beatwise execution. 6934 */ 6935 TCGv_i32 rn_shifted, masklen; 6936 6937 if (!dc_isar_feature(aa32_mve, s) || a->rn == 13 || a->rn == 15) { 6938 return false; 6939 } 6940 6941 if (!mve_eci_check(s) || !vfp_access_check(s)) { 6942 return true; 6943 } 6944 6945 /* 6946 * We pre-calculate the mask length here to avoid having 6947 * to have multiple helpers specialized for size. 6948 * We pass the helper "rn <= (1 << (4 - size)) ? (rn << size) : 16". 6949 */ 6950 rn_shifted = tcg_temp_new_i32(); 6951 masklen = load_reg(s, a->rn); 6952 tcg_gen_shli_i32(rn_shifted, masklen, a->size); 6953 tcg_gen_movcond_i32(TCG_COND_LEU, masklen, 6954 masklen, tcg_constant_i32(1 << (4 - a->size)), 6955 rn_shifted, tcg_constant_i32(16)); 6956 gen_helper_mve_vctp(tcg_env, masklen); 6957 /* This insn updates predication bits */ 6958 s->base.is_jmp = DISAS_UPDATE_NOCHAIN; 6959 mve_update_eci(s); 6960 return true; 6961 } 6962 6963 static bool op_tbranch(DisasContext *s, arg_tbranch *a, bool half) 6964 { 6965 TCGv_i32 addr, tmp; 6966 6967 tmp = load_reg(s, a->rm); 6968 if (half) { 6969 tcg_gen_add_i32(tmp, tmp, tmp); 6970 } 6971 addr = load_reg(s, a->rn); 6972 tcg_gen_add_i32(addr, addr, tmp); 6973 6974 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), half ? MO_UW : MO_UB); 6975 6976 tcg_gen_add_i32(tmp, tmp, tmp); 6977 gen_pc_plus_diff(s, addr, jmp_diff(s, 0)); 6978 tcg_gen_add_i32(tmp, tmp, addr); 6979 store_reg(s, 15, tmp); 6980 return true; 6981 } 6982 6983 static bool trans_TBB(DisasContext *s, arg_tbranch *a) 6984 { 6985 return op_tbranch(s, a, false); 6986 } 6987 6988 static bool trans_TBH(DisasContext *s, arg_tbranch *a) 6989 { 6990 return op_tbranch(s, a, true); 6991 } 6992 6993 static bool trans_CBZ(DisasContext *s, arg_CBZ *a) 6994 { 6995 TCGv_i32 tmp = load_reg(s, a->rn); 6996 6997 arm_gen_condlabel(s); 6998 tcg_gen_brcondi_i32(a->nz ? TCG_COND_EQ : TCG_COND_NE, 6999 tmp, 0, s->condlabel.label); 7000 gen_jmp(s, jmp_diff(s, a->imm)); 7001 return true; 7002 } 7003 7004 /* 7005 * Supervisor call - both T32 & A32 come here so we need to check 7006 * which mode we are in when checking for semihosting. 7007 */ 7008 7009 static bool trans_SVC(DisasContext *s, arg_SVC *a) 7010 { 7011 const uint32_t semihost_imm = s->thumb ? 0xab : 0x123456; 7012 7013 if (!arm_dc_feature(s, ARM_FEATURE_M) && 7014 semihosting_enabled(s->current_el == 0) && 7015 (a->imm == semihost_imm)) { 7016 gen_exception_internal_insn(s, EXCP_SEMIHOST); 7017 } else { 7018 if (s->fgt_svc) { 7019 uint32_t syndrome = syn_aa32_svc(a->imm, s->thumb); 7020 gen_exception_insn_el(s, 0, EXCP_UDEF, syndrome, 2); 7021 } else { 7022 gen_update_pc(s, curr_insn_len(s)); 7023 s->svc_imm = a->imm; 7024 s->base.is_jmp = DISAS_SWI; 7025 } 7026 } 7027 return true; 7028 } 7029 7030 /* 7031 * Unconditional system instructions 7032 */ 7033 7034 static bool trans_RFE(DisasContext *s, arg_RFE *a) 7035 { 7036 static const int8_t pre_offset[4] = { 7037 /* DA */ -4, /* IA */ 0, /* DB */ -8, /* IB */ 4 7038 }; 7039 static const int8_t post_offset[4] = { 7040 /* DA */ -8, /* IA */ 4, /* DB */ -4, /* IB */ 0 7041 }; 7042 TCGv_i32 addr, t1, t2; 7043 7044 if (!ENABLE_ARCH_6 || arm_dc_feature(s, ARM_FEATURE_M)) { 7045 return false; 7046 } 7047 if (IS_USER(s)) { 7048 unallocated_encoding(s); 7049 return true; 7050 } 7051 7052 addr = load_reg(s, a->rn); 7053 tcg_gen_addi_i32(addr, addr, pre_offset[a->pu]); 7054 7055 /* Load PC into tmp and CPSR into tmp2. */ 7056 t1 = tcg_temp_new_i32(); 7057 gen_aa32_ld_i32(s, t1, addr, get_mem_index(s), MO_UL | MO_ALIGN); 7058 tcg_gen_addi_i32(addr, addr, 4); 7059 t2 = tcg_temp_new_i32(); 7060 gen_aa32_ld_i32(s, t2, addr, get_mem_index(s), MO_UL | MO_ALIGN); 7061 7062 if (a->w) { 7063 /* Base writeback. */ 7064 tcg_gen_addi_i32(addr, addr, post_offset[a->pu]); 7065 store_reg(s, a->rn, addr); 7066 } 7067 gen_rfe(s, t1, t2); 7068 return true; 7069 } 7070 7071 static bool trans_SRS(DisasContext *s, arg_SRS *a) 7072 { 7073 if (!ENABLE_ARCH_6 || arm_dc_feature(s, ARM_FEATURE_M)) { 7074 return false; 7075 } 7076 gen_srs(s, a->mode, a->pu, a->w); 7077 return true; 7078 } 7079 7080 static bool trans_CPS(DisasContext *s, arg_CPS *a) 7081 { 7082 uint32_t mask, val; 7083 7084 if (!ENABLE_ARCH_6 || arm_dc_feature(s, ARM_FEATURE_M)) { 7085 return false; 7086 } 7087 if (IS_USER(s)) { 7088 /* Implemented as NOP in user mode. */ 7089 return true; 7090 } 7091 /* TODO: There are quite a lot of UNPREDICTABLE argument combinations. */ 7092 7093 mask = val = 0; 7094 if (a->imod & 2) { 7095 if (a->A) { 7096 mask |= CPSR_A; 7097 } 7098 if (a->I) { 7099 mask |= CPSR_I; 7100 } 7101 if (a->F) { 7102 mask |= CPSR_F; 7103 } 7104 if (a->imod & 1) { 7105 val |= mask; 7106 } 7107 } 7108 if (a->M) { 7109 mask |= CPSR_M; 7110 val |= a->mode; 7111 } 7112 if (mask) { 7113 gen_set_psr_im(s, mask, 0, val); 7114 } 7115 return true; 7116 } 7117 7118 static bool trans_CPS_v7m(DisasContext *s, arg_CPS_v7m *a) 7119 { 7120 TCGv_i32 tmp, addr; 7121 7122 if (!arm_dc_feature(s, ARM_FEATURE_M)) { 7123 return false; 7124 } 7125 if (IS_USER(s)) { 7126 /* Implemented as NOP in user mode. */ 7127 return true; 7128 } 7129 7130 tmp = tcg_constant_i32(a->im); 7131 /* FAULTMASK */ 7132 if (a->F) { 7133 addr = tcg_constant_i32(19); 7134 gen_helper_v7m_msr(tcg_env, addr, tmp); 7135 } 7136 /* PRIMASK */ 7137 if (a->I) { 7138 addr = tcg_constant_i32(16); 7139 gen_helper_v7m_msr(tcg_env, addr, tmp); 7140 } 7141 gen_rebuild_hflags(s, false); 7142 gen_lookup_tb(s); 7143 return true; 7144 } 7145 7146 /* 7147 * Clear-Exclusive, Barriers 7148 */ 7149 7150 static bool trans_CLREX(DisasContext *s, arg_CLREX *a) 7151 { 7152 if (s->thumb 7153 ? !ENABLE_ARCH_7 && !arm_dc_feature(s, ARM_FEATURE_M) 7154 : !ENABLE_ARCH_6K) { 7155 return false; 7156 } 7157 gen_clrex(s); 7158 return true; 7159 } 7160 7161 static bool trans_DSB(DisasContext *s, arg_DSB *a) 7162 { 7163 if (!ENABLE_ARCH_7 && !arm_dc_feature(s, ARM_FEATURE_M)) { 7164 return false; 7165 } 7166 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC); 7167 return true; 7168 } 7169 7170 static bool trans_DMB(DisasContext *s, arg_DMB *a) 7171 { 7172 return trans_DSB(s, NULL); 7173 } 7174 7175 static bool trans_ISB(DisasContext *s, arg_ISB *a) 7176 { 7177 if (!ENABLE_ARCH_7 && !arm_dc_feature(s, ARM_FEATURE_M)) { 7178 return false; 7179 } 7180 /* 7181 * We need to break the TB after this insn to execute 7182 * self-modifying code correctly and also to take 7183 * any pending interrupts immediately. 7184 */ 7185 s->base.is_jmp = DISAS_TOO_MANY; 7186 return true; 7187 } 7188 7189 static bool trans_SB(DisasContext *s, arg_SB *a) 7190 { 7191 if (!dc_isar_feature(aa32_sb, s)) { 7192 return false; 7193 } 7194 /* 7195 * TODO: There is no speculation barrier opcode 7196 * for TCG; MB and end the TB instead. 7197 */ 7198 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC); 7199 s->base.is_jmp = DISAS_TOO_MANY; 7200 return true; 7201 } 7202 7203 static bool trans_SETEND(DisasContext *s, arg_SETEND *a) 7204 { 7205 if (!ENABLE_ARCH_6) { 7206 return false; 7207 } 7208 if (a->E != (s->be_data == MO_BE)) { 7209 gen_helper_setend(tcg_env); 7210 s->base.is_jmp = DISAS_UPDATE_EXIT; 7211 } 7212 return true; 7213 } 7214 7215 /* 7216 * Preload instructions 7217 * All are nops, contingent on the appropriate arch level. 7218 */ 7219 7220 static bool trans_PLD(DisasContext *s, arg_PLD *a) 7221 { 7222 return ENABLE_ARCH_5TE; 7223 } 7224 7225 static bool trans_PLDW(DisasContext *s, arg_PLDW *a) 7226 { 7227 return arm_dc_feature(s, ARM_FEATURE_V7MP); 7228 } 7229 7230 static bool trans_PLI(DisasContext *s, arg_PLI *a) 7231 { 7232 return ENABLE_ARCH_7; 7233 } 7234 7235 /* 7236 * If-then 7237 */ 7238 7239 static bool trans_IT(DisasContext *s, arg_IT *a) 7240 { 7241 int cond_mask = a->cond_mask; 7242 7243 /* 7244 * No actual code generated for this insn, just setup state. 7245 * 7246 * Combinations of firstcond and mask which set up an 0b1111 7247 * condition are UNPREDICTABLE; we take the CONSTRAINED 7248 * UNPREDICTABLE choice to treat 0b1111 the same as 0b1110, 7249 * i.e. both meaning "execute always". 7250 */ 7251 s->condexec_cond = (cond_mask >> 4) & 0xe; 7252 s->condexec_mask = cond_mask & 0x1f; 7253 return true; 7254 } 7255 7256 /* v8.1M CSEL/CSINC/CSNEG/CSINV */ 7257 static bool trans_CSEL(DisasContext *s, arg_CSEL *a) 7258 { 7259 TCGv_i32 rn, rm; 7260 DisasCompare c; 7261 7262 if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) { 7263 return false; 7264 } 7265 7266 if (a->rm == 13) { 7267 /* SEE "Related encodings" (MVE shifts) */ 7268 return false; 7269 } 7270 7271 if (a->rd == 13 || a->rd == 15 || a->rn == 13 || a->fcond >= 14) { 7272 /* CONSTRAINED UNPREDICTABLE: we choose to UNDEF */ 7273 return false; 7274 } 7275 7276 /* In this insn input reg fields of 0b1111 mean "zero", not "PC" */ 7277 rn = tcg_temp_new_i32(); 7278 rm = tcg_temp_new_i32(); 7279 if (a->rn == 15) { 7280 tcg_gen_movi_i32(rn, 0); 7281 } else { 7282 load_reg_var(s, rn, a->rn); 7283 } 7284 if (a->rm == 15) { 7285 tcg_gen_movi_i32(rm, 0); 7286 } else { 7287 load_reg_var(s, rm, a->rm); 7288 } 7289 7290 switch (a->op) { 7291 case 0: /* CSEL */ 7292 break; 7293 case 1: /* CSINC */ 7294 tcg_gen_addi_i32(rm, rm, 1); 7295 break; 7296 case 2: /* CSINV */ 7297 tcg_gen_not_i32(rm, rm); 7298 break; 7299 case 3: /* CSNEG */ 7300 tcg_gen_neg_i32(rm, rm); 7301 break; 7302 default: 7303 g_assert_not_reached(); 7304 } 7305 7306 arm_test_cc(&c, a->fcond); 7307 tcg_gen_movcond_i32(c.cond, rn, c.value, tcg_constant_i32(0), rn, rm); 7308 7309 store_reg(s, a->rd, rn); 7310 return true; 7311 } 7312 7313 /* 7314 * Legacy decoder. 7315 */ 7316 7317 static void disas_arm_insn(DisasContext *s, unsigned int insn) 7318 { 7319 unsigned int cond = insn >> 28; 7320 7321 /* M variants do not implement ARM mode; this must raise the INVSTATE 7322 * UsageFault exception. 7323 */ 7324 if (arm_dc_feature(s, ARM_FEATURE_M)) { 7325 gen_exception_insn(s, 0, EXCP_INVSTATE, syn_uncategorized()); 7326 return; 7327 } 7328 7329 if (s->pstate_il) { 7330 /* 7331 * Illegal execution state. This has priority over BTI 7332 * exceptions, but comes after instruction abort exceptions. 7333 */ 7334 gen_exception_insn(s, 0, EXCP_UDEF, syn_illegalstate()); 7335 return; 7336 } 7337 7338 if (cond == 0xf) { 7339 /* In ARMv3 and v4 the NV condition is UNPREDICTABLE; we 7340 * choose to UNDEF. In ARMv5 and above the space is used 7341 * for miscellaneous unconditional instructions. 7342 */ 7343 if (!arm_dc_feature(s, ARM_FEATURE_V5)) { 7344 unallocated_encoding(s); 7345 return; 7346 } 7347 7348 /* Unconditional instructions. */ 7349 /* TODO: Perhaps merge these into one decodetree output file. */ 7350 if (disas_a32_uncond(s, insn) || 7351 disas_vfp_uncond(s, insn) || 7352 disas_neon_dp(s, insn) || 7353 disas_neon_ls(s, insn) || 7354 disas_neon_shared(s, insn)) { 7355 return; 7356 } 7357 /* fall back to legacy decoder */ 7358 7359 if ((insn & 0x0e000f00) == 0x0c000100) { 7360 if (arm_dc_feature(s, ARM_FEATURE_IWMMXT)) { 7361 /* iWMMXt register transfer. */ 7362 if (extract32(s->c15_cpar, 1, 1)) { 7363 if (!disas_iwmmxt_insn(s, insn)) { 7364 return; 7365 } 7366 } 7367 } 7368 } 7369 goto illegal_op; 7370 } 7371 if (cond != 0xe) { 7372 /* if not always execute, we generate a conditional jump to 7373 next instruction */ 7374 arm_skip_unless(s, cond); 7375 } 7376 7377 /* TODO: Perhaps merge these into one decodetree output file. */ 7378 if (disas_a32(s, insn) || 7379 disas_vfp(s, insn)) { 7380 return; 7381 } 7382 /* fall back to legacy decoder */ 7383 /* TODO: convert xscale/iwmmxt decoder to decodetree ?? */ 7384 if (arm_dc_feature(s, ARM_FEATURE_XSCALE)) { 7385 if (((insn & 0x0c000e00) == 0x0c000000) 7386 && ((insn & 0x03000000) != 0x03000000)) { 7387 /* Coprocessor insn, coprocessor 0 or 1 */ 7388 disas_xscale_insn(s, insn); 7389 return; 7390 } 7391 } 7392 7393 illegal_op: 7394 unallocated_encoding(s); 7395 } 7396 7397 static bool thumb_insn_is_16bit(DisasContext *s, uint32_t pc, uint32_t insn) 7398 { 7399 /* 7400 * Return true if this is a 16 bit instruction. We must be precise 7401 * about this (matching the decode). 7402 */ 7403 if ((insn >> 11) < 0x1d) { 7404 /* Definitely a 16-bit instruction */ 7405 return true; 7406 } 7407 7408 /* Top five bits 0b11101 / 0b11110 / 0b11111 : this is the 7409 * first half of a 32-bit Thumb insn. Thumb-1 cores might 7410 * end up actually treating this as two 16-bit insns, though, 7411 * if it's half of a bl/blx pair that might span a page boundary. 7412 */ 7413 if (arm_dc_feature(s, ARM_FEATURE_THUMB2) || 7414 arm_dc_feature(s, ARM_FEATURE_M)) { 7415 /* Thumb2 cores (including all M profile ones) always treat 7416 * 32-bit insns as 32-bit. 7417 */ 7418 return false; 7419 } 7420 7421 if ((insn >> 11) == 0x1e && pc - s->page_start < TARGET_PAGE_SIZE - 3) { 7422 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix, and the suffix 7423 * is not on the next page; we merge this into a 32-bit 7424 * insn. 7425 */ 7426 return false; 7427 } 7428 /* 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF); 7429 * 0b1111_1xxx_xxxx_xxxx : BL suffix; 7430 * 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix on the end of a page 7431 * -- handle as single 16 bit insn 7432 */ 7433 return true; 7434 } 7435 7436 /* Translate a 32-bit thumb instruction. */ 7437 static void disas_thumb2_insn(DisasContext *s, uint32_t insn) 7438 { 7439 /* 7440 * ARMv6-M supports a limited subset of Thumb2 instructions. 7441 * Other Thumb1 architectures allow only 32-bit 7442 * combined BL/BLX prefix and suffix. 7443 */ 7444 if (arm_dc_feature(s, ARM_FEATURE_M) && 7445 !arm_dc_feature(s, ARM_FEATURE_V7)) { 7446 int i; 7447 bool found = false; 7448 static const uint32_t armv6m_insn[] = {0xf3808000 /* msr */, 7449 0xf3b08040 /* dsb */, 7450 0xf3b08050 /* dmb */, 7451 0xf3b08060 /* isb */, 7452 0xf3e08000 /* mrs */, 7453 0xf000d000 /* bl */}; 7454 static const uint32_t armv6m_mask[] = {0xffe0d000, 7455 0xfff0d0f0, 7456 0xfff0d0f0, 7457 0xfff0d0f0, 7458 0xffe0d000, 7459 0xf800d000}; 7460 7461 for (i = 0; i < ARRAY_SIZE(armv6m_insn); i++) { 7462 if ((insn & armv6m_mask[i]) == armv6m_insn[i]) { 7463 found = true; 7464 break; 7465 } 7466 } 7467 if (!found) { 7468 goto illegal_op; 7469 } 7470 } else if ((insn & 0xf800e800) != 0xf000e800) { 7471 if (!arm_dc_feature(s, ARM_FEATURE_THUMB2)) { 7472 unallocated_encoding(s); 7473 return; 7474 } 7475 } 7476 7477 if (arm_dc_feature(s, ARM_FEATURE_M)) { 7478 /* 7479 * NOCP takes precedence over any UNDEF for (almost) the 7480 * entire wide range of coprocessor-space encodings, so check 7481 * for it first before proceeding to actually decode eg VFP 7482 * insns. This decode also handles the few insns which are 7483 * in copro space but do not have NOCP checks (eg VLLDM, VLSTM). 7484 */ 7485 if (disas_m_nocp(s, insn)) { 7486 return; 7487 } 7488 } 7489 7490 if ((insn & 0xef000000) == 0xef000000) { 7491 /* 7492 * T32 encodings 0b111p_1111_qqqq_qqqq_qqqq_qqqq_qqqq_qqqq 7493 * transform into 7494 * A32 encodings 0b1111_001p_qqqq_qqqq_qqqq_qqqq_qqqq_qqqq 7495 */ 7496 uint32_t a32_insn = (insn & 0xe2ffffff) | 7497 ((insn & (1 << 28)) >> 4) | (1 << 28); 7498 7499 if (disas_neon_dp(s, a32_insn)) { 7500 return; 7501 } 7502 } 7503 7504 if ((insn & 0xff100000) == 0xf9000000) { 7505 /* 7506 * T32 encodings 0b1111_1001_ppp0_qqqq_qqqq_qqqq_qqqq_qqqq 7507 * transform into 7508 * A32 encodings 0b1111_0100_ppp0_qqqq_qqqq_qqqq_qqqq_qqqq 7509 */ 7510 uint32_t a32_insn = (insn & 0x00ffffff) | 0xf4000000; 7511 7512 if (disas_neon_ls(s, a32_insn)) { 7513 return; 7514 } 7515 } 7516 7517 /* 7518 * TODO: Perhaps merge these into one decodetree output file. 7519 * Note disas_vfp is written for a32 with cond field in the 7520 * top nibble. The t32 encoding requires 0xe in the top nibble. 7521 */ 7522 if (disas_t32(s, insn) || 7523 disas_vfp_uncond(s, insn) || 7524 disas_neon_shared(s, insn) || 7525 disas_mve(s, insn) || 7526 ((insn >> 28) == 0xe && disas_vfp(s, insn))) { 7527 return; 7528 } 7529 7530 illegal_op: 7531 unallocated_encoding(s); 7532 } 7533 7534 static void disas_thumb_insn(DisasContext *s, uint32_t insn) 7535 { 7536 if (!disas_t16(s, insn)) { 7537 unallocated_encoding(s); 7538 } 7539 } 7540 7541 static bool insn_crosses_page(CPUARMState *env, DisasContext *s) 7542 { 7543 /* Return true if the insn at dc->base.pc_next might cross a page boundary. 7544 * (False positives are OK, false negatives are not.) 7545 * We know this is a Thumb insn, and our caller ensures we are 7546 * only called if dc->base.pc_next is less than 4 bytes from the page 7547 * boundary, so we cross the page if the first 16 bits indicate 7548 * that this is a 32 bit insn. 7549 */ 7550 uint16_t insn = arm_lduw_code(env, &s->base, s->base.pc_next, s->sctlr_b); 7551 7552 return !thumb_insn_is_16bit(s, s->base.pc_next, insn); 7553 } 7554 7555 static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) 7556 { 7557 DisasContext *dc = container_of(dcbase, DisasContext, base); 7558 CPUARMState *env = cpu_env(cs); 7559 ARMCPU *cpu = env_archcpu(env); 7560 CPUARMTBFlags tb_flags = arm_tbflags_from_tb(dc->base.tb); 7561 uint32_t condexec, core_mmu_idx; 7562 7563 dc->isar = &cpu->isar; 7564 dc->condjmp = 0; 7565 dc->pc_save = dc->base.pc_first; 7566 dc->aarch64 = false; 7567 dc->thumb = EX_TBFLAG_AM32(tb_flags, THUMB); 7568 dc->be_data = EX_TBFLAG_ANY(tb_flags, BE_DATA) ? MO_BE : MO_LE; 7569 condexec = EX_TBFLAG_AM32(tb_flags, CONDEXEC); 7570 /* 7571 * the CONDEXEC TB flags are CPSR bits [15:10][26:25]. On A-profile this 7572 * is always the IT bits. On M-profile, some of the reserved encodings 7573 * of IT are used instead to indicate either ICI or ECI, which 7574 * indicate partial progress of a restartable insn that was interrupted 7575 * partway through by an exception: 7576 * * if CONDEXEC[3:0] != 0b0000 : CONDEXEC is IT bits 7577 * * if CONDEXEC[3:0] == 0b0000 : CONDEXEC is ICI or ECI bits 7578 * In all cases CONDEXEC == 0 means "not in IT block or restartable 7579 * insn, behave normally". 7580 */ 7581 dc->eci = dc->condexec_mask = dc->condexec_cond = 0; 7582 dc->eci_handled = false; 7583 if (condexec & 0xf) { 7584 dc->condexec_mask = (condexec & 0xf) << 1; 7585 dc->condexec_cond = condexec >> 4; 7586 } else { 7587 if (arm_feature(env, ARM_FEATURE_M)) { 7588 dc->eci = condexec >> 4; 7589 } 7590 } 7591 7592 core_mmu_idx = EX_TBFLAG_ANY(tb_flags, MMUIDX); 7593 dc->mmu_idx = core_to_arm_mmu_idx(env, core_mmu_idx); 7594 dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx); 7595 #if !defined(CONFIG_USER_ONLY) 7596 dc->user = (dc->current_el == 0); 7597 #endif 7598 dc->fp_excp_el = EX_TBFLAG_ANY(tb_flags, FPEXC_EL); 7599 dc->align_mem = EX_TBFLAG_ANY(tb_flags, ALIGN_MEM); 7600 dc->pstate_il = EX_TBFLAG_ANY(tb_flags, PSTATE__IL); 7601 dc->fgt_active = EX_TBFLAG_ANY(tb_flags, FGT_ACTIVE); 7602 dc->fgt_svc = EX_TBFLAG_ANY(tb_flags, FGT_SVC); 7603 7604 if (arm_feature(env, ARM_FEATURE_M)) { 7605 dc->vfp_enabled = 1; 7606 dc->be_data = MO_TE; 7607 dc->v7m_handler_mode = EX_TBFLAG_M32(tb_flags, HANDLER); 7608 dc->v8m_secure = EX_TBFLAG_M32(tb_flags, SECURE); 7609 dc->v8m_stackcheck = EX_TBFLAG_M32(tb_flags, STACKCHECK); 7610 dc->v8m_fpccr_s_wrong = EX_TBFLAG_M32(tb_flags, FPCCR_S_WRONG); 7611 dc->v7m_new_fp_ctxt_needed = 7612 EX_TBFLAG_M32(tb_flags, NEW_FP_CTXT_NEEDED); 7613 dc->v7m_lspact = EX_TBFLAG_M32(tb_flags, LSPACT); 7614 dc->mve_no_pred = EX_TBFLAG_M32(tb_flags, MVE_NO_PRED); 7615 } else { 7616 dc->sctlr_b = EX_TBFLAG_A32(tb_flags, SCTLR__B); 7617 dc->hstr_active = EX_TBFLAG_A32(tb_flags, HSTR_ACTIVE); 7618 dc->ns = EX_TBFLAG_A32(tb_flags, NS); 7619 dc->vfp_enabled = EX_TBFLAG_A32(tb_flags, VFPEN); 7620 if (arm_feature(env, ARM_FEATURE_XSCALE)) { 7621 dc->c15_cpar = EX_TBFLAG_A32(tb_flags, XSCALE_CPAR); 7622 } else { 7623 dc->vec_len = EX_TBFLAG_A32(tb_flags, VECLEN); 7624 dc->vec_stride = EX_TBFLAG_A32(tb_flags, VECSTRIDE); 7625 } 7626 dc->sme_trap_nonstreaming = 7627 EX_TBFLAG_A32(tb_flags, SME_TRAP_NONSTREAMING); 7628 } 7629 dc->lse2 = false; /* applies only to aarch64 */ 7630 dc->cp_regs = cpu->cp_regs; 7631 dc->features = env->features; 7632 7633 /* Single step state. The code-generation logic here is: 7634 * SS_ACTIVE == 0: 7635 * generate code with no special handling for single-stepping (except 7636 * that anything that can make us go to SS_ACTIVE == 1 must end the TB; 7637 * this happens anyway because those changes are all system register or 7638 * PSTATE writes). 7639 * SS_ACTIVE == 1, PSTATE.SS == 1: (active-not-pending) 7640 * emit code for one insn 7641 * emit code to clear PSTATE.SS 7642 * emit code to generate software step exception for completed step 7643 * end TB (as usual for having generated an exception) 7644 * SS_ACTIVE == 1, PSTATE.SS == 0: (active-pending) 7645 * emit code to generate a software step exception 7646 * end the TB 7647 */ 7648 dc->ss_active = EX_TBFLAG_ANY(tb_flags, SS_ACTIVE); 7649 dc->pstate_ss = EX_TBFLAG_ANY(tb_flags, PSTATE__SS); 7650 dc->is_ldex = false; 7651 7652 dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK; 7653 7654 /* If architectural single step active, limit to 1. */ 7655 if (dc->ss_active) { 7656 dc->base.max_insns = 1; 7657 } 7658 7659 /* ARM is a fixed-length ISA. Bound the number of insns to execute 7660 to those left on the page. */ 7661 if (!dc->thumb) { 7662 int bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4; 7663 dc->base.max_insns = MIN(dc->base.max_insns, bound); 7664 } 7665 7666 cpu_V0 = tcg_temp_new_i64(); 7667 cpu_V1 = tcg_temp_new_i64(); 7668 cpu_M0 = tcg_temp_new_i64(); 7669 } 7670 7671 static void arm_tr_tb_start(DisasContextBase *dcbase, CPUState *cpu) 7672 { 7673 DisasContext *dc = container_of(dcbase, DisasContext, base); 7674 7675 /* A note on handling of the condexec (IT) bits: 7676 * 7677 * We want to avoid the overhead of having to write the updated condexec 7678 * bits back to the CPUARMState for every instruction in an IT block. So: 7679 * (1) if the condexec bits are not already zero then we write 7680 * zero back into the CPUARMState now. This avoids complications trying 7681 * to do it at the end of the block. (For example if we don't do this 7682 * it's hard to identify whether we can safely skip writing condexec 7683 * at the end of the TB, which we definitely want to do for the case 7684 * where a TB doesn't do anything with the IT state at all.) 7685 * (2) if we are going to leave the TB then we call gen_set_condexec() 7686 * which will write the correct value into CPUARMState if zero is wrong. 7687 * This is done both for leaving the TB at the end, and for leaving 7688 * it because of an exception we know will happen, which is done in 7689 * gen_exception_insn(). The latter is necessary because we need to 7690 * leave the TB with the PC/IT state just prior to execution of the 7691 * instruction which caused the exception. 7692 * (3) if we leave the TB unexpectedly (eg a data abort on a load) 7693 * then the CPUARMState will be wrong and we need to reset it. 7694 * This is handled in the same way as restoration of the 7695 * PC in these situations; we save the value of the condexec bits 7696 * for each PC via tcg_gen_insn_start(), and restore_state_to_opc() 7697 * then uses this to restore them after an exception. 7698 * 7699 * Note that there are no instructions which can read the condexec 7700 * bits, and none which can write non-static values to them, so 7701 * we don't need to care about whether CPUARMState is correct in the 7702 * middle of a TB. 7703 */ 7704 7705 /* Reset the conditional execution bits immediately. This avoids 7706 complications trying to do it at the end of the block. */ 7707 if (dc->condexec_mask || dc->condexec_cond) { 7708 store_cpu_field_constant(0, condexec_bits); 7709 } 7710 } 7711 7712 static void arm_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu) 7713 { 7714 DisasContext *dc = container_of(dcbase, DisasContext, base); 7715 /* 7716 * The ECI/ICI bits share PSR bits with the IT bits, so we 7717 * need to reconstitute the bits from the split-out DisasContext 7718 * fields here. 7719 */ 7720 uint32_t condexec_bits; 7721 target_ulong pc_arg = dc->base.pc_next; 7722 7723 if (tb_cflags(dcbase->tb) & CF_PCREL) { 7724 pc_arg &= ~TARGET_PAGE_MASK; 7725 } 7726 if (dc->eci) { 7727 condexec_bits = dc->eci << 4; 7728 } else { 7729 condexec_bits = (dc->condexec_cond << 4) | (dc->condexec_mask >> 1); 7730 } 7731 tcg_gen_insn_start(pc_arg, condexec_bits, 0); 7732 dc->insn_start_updated = false; 7733 } 7734 7735 static bool arm_check_kernelpage(DisasContext *dc) 7736 { 7737 #ifdef CONFIG_USER_ONLY 7738 /* Intercept jump to the magic kernel page. */ 7739 if (dc->base.pc_next >= 0xffff0000) { 7740 /* We always get here via a jump, so know we are not in a 7741 conditional execution block. */ 7742 gen_exception_internal(EXCP_KERNEL_TRAP); 7743 dc->base.is_jmp = DISAS_NORETURN; 7744 return true; 7745 } 7746 #endif 7747 return false; 7748 } 7749 7750 static bool arm_check_ss_active(DisasContext *dc) 7751 { 7752 if (dc->ss_active && !dc->pstate_ss) { 7753 /* Singlestep state is Active-pending. 7754 * If we're in this state at the start of a TB then either 7755 * a) we just took an exception to an EL which is being debugged 7756 * and this is the first insn in the exception handler 7757 * b) debug exceptions were masked and we just unmasked them 7758 * without changing EL (eg by clearing PSTATE.D) 7759 * In either case we're going to take a swstep exception in the 7760 * "did not step an insn" case, and so the syndrome ISV and EX 7761 * bits should be zero. 7762 */ 7763 assert(dc->base.num_insns == 1); 7764 gen_swstep_exception(dc, 0, 0); 7765 dc->base.is_jmp = DISAS_NORETURN; 7766 return true; 7767 } 7768 7769 return false; 7770 } 7771 7772 static void arm_post_translate_insn(DisasContext *dc) 7773 { 7774 if (dc->condjmp && dc->base.is_jmp == DISAS_NEXT) { 7775 if (dc->pc_save != dc->condlabel.pc_save) { 7776 gen_update_pc(dc, dc->condlabel.pc_save - dc->pc_save); 7777 } 7778 gen_set_label(dc->condlabel.label); 7779 dc->condjmp = 0; 7780 } 7781 } 7782 7783 static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) 7784 { 7785 DisasContext *dc = container_of(dcbase, DisasContext, base); 7786 CPUARMState *env = cpu_env(cpu); 7787 uint32_t pc = dc->base.pc_next; 7788 unsigned int insn; 7789 7790 /* Singlestep exceptions have the highest priority. */ 7791 if (arm_check_ss_active(dc)) { 7792 dc->base.pc_next = pc + 4; 7793 return; 7794 } 7795 7796 if (pc & 3) { 7797 /* 7798 * PC alignment fault. This has priority over the instruction abort 7799 * that we would receive from a translation fault via arm_ldl_code 7800 * (or the execution of the kernelpage entrypoint). This should only 7801 * be possible after an indirect branch, at the start of the TB. 7802 */ 7803 assert(dc->base.num_insns == 1); 7804 gen_helper_exception_pc_alignment(tcg_env, tcg_constant_tl(pc)); 7805 dc->base.is_jmp = DISAS_NORETURN; 7806 dc->base.pc_next = QEMU_ALIGN_UP(pc, 4); 7807 return; 7808 } 7809 7810 if (arm_check_kernelpage(dc)) { 7811 dc->base.pc_next = pc + 4; 7812 return; 7813 } 7814 7815 dc->pc_curr = pc; 7816 insn = arm_ldl_code(env, &dc->base, pc, dc->sctlr_b); 7817 dc->insn = insn; 7818 dc->base.pc_next = pc + 4; 7819 disas_arm_insn(dc, insn); 7820 7821 arm_post_translate_insn(dc); 7822 7823 /* ARM is a fixed-length ISA. We performed the cross-page check 7824 in init_disas_context by adjusting max_insns. */ 7825 } 7826 7827 static bool thumb_insn_is_unconditional(DisasContext *s, uint32_t insn) 7828 { 7829 /* Return true if this Thumb insn is always unconditional, 7830 * even inside an IT block. This is true of only a very few 7831 * instructions: BKPT, HLT, and SG. 7832 * 7833 * A larger class of instructions are UNPREDICTABLE if used 7834 * inside an IT block; we do not need to detect those here, because 7835 * what we do by default (perform the cc check and update the IT 7836 * bits state machine) is a permitted CONSTRAINED UNPREDICTABLE 7837 * choice for those situations. 7838 * 7839 * insn is either a 16-bit or a 32-bit instruction; the two are 7840 * distinguishable because for the 16-bit case the top 16 bits 7841 * are zeroes, and that isn't a valid 32-bit encoding. 7842 */ 7843 if ((insn & 0xffffff00) == 0xbe00) { 7844 /* BKPT */ 7845 return true; 7846 } 7847 7848 if ((insn & 0xffffffc0) == 0xba80 && arm_dc_feature(s, ARM_FEATURE_V8) && 7849 !arm_dc_feature(s, ARM_FEATURE_M)) { 7850 /* HLT: v8A only. This is unconditional even when it is going to 7851 * UNDEF; see the v8A ARM ARM DDI0487B.a H3.3. 7852 * For v7 cores this was a plain old undefined encoding and so 7853 * honours its cc check. (We might be using the encoding as 7854 * a semihosting trap, but we don't change the cc check behaviour 7855 * on that account, because a debugger connected to a real v7A 7856 * core and emulating semihosting traps by catching the UNDEF 7857 * exception would also only see cases where the cc check passed. 7858 * No guest code should be trying to do a HLT semihosting trap 7859 * in an IT block anyway. 7860 */ 7861 return true; 7862 } 7863 7864 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_V8) && 7865 arm_dc_feature(s, ARM_FEATURE_M)) { 7866 /* SG: v8M only */ 7867 return true; 7868 } 7869 7870 return false; 7871 } 7872 7873 static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) 7874 { 7875 DisasContext *dc = container_of(dcbase, DisasContext, base); 7876 CPUARMState *env = cpu_env(cpu); 7877 uint32_t pc = dc->base.pc_next; 7878 uint32_t insn; 7879 bool is_16bit; 7880 /* TCG op to rewind to if this turns out to be an invalid ECI state */ 7881 TCGOp *insn_eci_rewind = NULL; 7882 target_ulong insn_eci_pc_save = -1; 7883 7884 /* Misaligned thumb PC is architecturally impossible. */ 7885 assert((dc->base.pc_next & 1) == 0); 7886 7887 if (arm_check_ss_active(dc) || arm_check_kernelpage(dc)) { 7888 dc->base.pc_next = pc + 2; 7889 return; 7890 } 7891 7892 dc->pc_curr = pc; 7893 insn = arm_lduw_code(env, &dc->base, pc, dc->sctlr_b); 7894 is_16bit = thumb_insn_is_16bit(dc, dc->base.pc_next, insn); 7895 pc += 2; 7896 if (!is_16bit) { 7897 uint32_t insn2 = arm_lduw_code(env, &dc->base, pc, dc->sctlr_b); 7898 insn = insn << 16 | insn2; 7899 pc += 2; 7900 } 7901 dc->base.pc_next = pc; 7902 dc->insn = insn; 7903 7904 if (dc->pstate_il) { 7905 /* 7906 * Illegal execution state. This has priority over BTI 7907 * exceptions, but comes after instruction abort exceptions. 7908 */ 7909 gen_exception_insn(dc, 0, EXCP_UDEF, syn_illegalstate()); 7910 return; 7911 } 7912 7913 if (dc->eci) { 7914 /* 7915 * For M-profile continuable instructions, ECI/ICI handling 7916 * falls into these cases: 7917 * - interrupt-continuable instructions 7918 * These are the various load/store multiple insns (both 7919 * integer and fp). The ICI bits indicate the register 7920 * where the load/store can resume. We make the IMPDEF 7921 * choice to always do "instruction restart", ie ignore 7922 * the ICI value and always execute the ldm/stm from the 7923 * start. So all we need to do is zero PSR.ICI if the 7924 * insn executes. 7925 * - MVE instructions subject to beat-wise execution 7926 * Here the ECI bits indicate which beats have already been 7927 * executed, and we must honour this. Each insn of this 7928 * type will handle it correctly. We will update PSR.ECI 7929 * in the helper function for the insn (some ECI values 7930 * mean that the following insn also has been partially 7931 * executed). 7932 * - Special cases which don't advance ECI 7933 * The insns LE, LETP and BKPT leave the ECI/ICI state 7934 * bits untouched. 7935 * - all other insns (the common case) 7936 * Non-zero ECI/ICI means an INVSTATE UsageFault. 7937 * We place a rewind-marker here. Insns in the previous 7938 * three categories will set a flag in the DisasContext. 7939 * If the flag isn't set after we call disas_thumb_insn() 7940 * or disas_thumb2_insn() then we know we have a "some other 7941 * insn" case. We will rewind to the marker (ie throwing away 7942 * all the generated code) and instead emit "take exception". 7943 */ 7944 insn_eci_rewind = tcg_last_op(); 7945 insn_eci_pc_save = dc->pc_save; 7946 } 7947 7948 if (dc->condexec_mask && !thumb_insn_is_unconditional(dc, insn)) { 7949 uint32_t cond = dc->condexec_cond; 7950 7951 /* 7952 * Conditionally skip the insn. Note that both 0xe and 0xf mean 7953 * "always"; 0xf is not "never". 7954 */ 7955 if (cond < 0x0e) { 7956 arm_skip_unless(dc, cond); 7957 } 7958 } 7959 7960 if (is_16bit) { 7961 disas_thumb_insn(dc, insn); 7962 } else { 7963 disas_thumb2_insn(dc, insn); 7964 } 7965 7966 /* Advance the Thumb condexec condition. */ 7967 if (dc->condexec_mask) { 7968 dc->condexec_cond = ((dc->condexec_cond & 0xe) | 7969 ((dc->condexec_mask >> 4) & 1)); 7970 dc->condexec_mask = (dc->condexec_mask << 1) & 0x1f; 7971 if (dc->condexec_mask == 0) { 7972 dc->condexec_cond = 0; 7973 } 7974 } 7975 7976 if (dc->eci && !dc->eci_handled) { 7977 /* 7978 * Insn wasn't valid for ECI/ICI at all: undo what we 7979 * just generated and instead emit an exception 7980 */ 7981 tcg_remove_ops_after(insn_eci_rewind); 7982 dc->pc_save = insn_eci_pc_save; 7983 dc->condjmp = 0; 7984 gen_exception_insn(dc, 0, EXCP_INVSTATE, syn_uncategorized()); 7985 } 7986 7987 arm_post_translate_insn(dc); 7988 7989 /* Thumb is a variable-length ISA. Stop translation when the next insn 7990 * will touch a new page. This ensures that prefetch aborts occur at 7991 * the right place. 7992 * 7993 * We want to stop the TB if the next insn starts in a new page, 7994 * or if it spans between this page and the next. This means that 7995 * if we're looking at the last halfword in the page we need to 7996 * see if it's a 16-bit Thumb insn (which will fit in this TB) 7997 * or a 32-bit Thumb insn (which won't). 7998 * This is to avoid generating a silly TB with a single 16-bit insn 7999 * in it at the end of this page (which would execute correctly 8000 * but isn't very efficient). 8001 */ 8002 if (dc->base.is_jmp == DISAS_NEXT 8003 && (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE 8004 || (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE - 3 8005 && insn_crosses_page(env, dc)))) { 8006 dc->base.is_jmp = DISAS_TOO_MANY; 8007 } 8008 } 8009 8010 static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) 8011 { 8012 DisasContext *dc = container_of(dcbase, DisasContext, base); 8013 8014 /* At this stage dc->condjmp will only be set when the skipped 8015 instruction was a conditional branch or trap, and the PC has 8016 already been written. */ 8017 gen_set_condexec(dc); 8018 if (dc->base.is_jmp == DISAS_BX_EXCRET) { 8019 /* Exception return branches need some special case code at the 8020 * end of the TB, which is complex enough that it has to 8021 * handle the single-step vs not and the condition-failed 8022 * insn codepath itself. 8023 */ 8024 gen_bx_excret_final_code(dc); 8025 } else if (unlikely(dc->ss_active)) { 8026 /* Unconditional and "condition passed" instruction codepath. */ 8027 switch (dc->base.is_jmp) { 8028 case DISAS_SWI: 8029 gen_ss_advance(dc); 8030 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb)); 8031 break; 8032 case DISAS_HVC: 8033 gen_ss_advance(dc); 8034 gen_exception_el(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2); 8035 break; 8036 case DISAS_SMC: 8037 gen_ss_advance(dc); 8038 gen_exception_el(EXCP_SMC, syn_aa32_smc(), 3); 8039 break; 8040 case DISAS_NEXT: 8041 case DISAS_TOO_MANY: 8042 case DISAS_UPDATE_EXIT: 8043 case DISAS_UPDATE_NOCHAIN: 8044 gen_update_pc(dc, curr_insn_len(dc)); 8045 /* fall through */ 8046 default: 8047 /* FIXME: Single stepping a WFI insn will not halt the CPU. */ 8048 gen_singlestep_exception(dc); 8049 break; 8050 case DISAS_NORETURN: 8051 break; 8052 } 8053 } else { 8054 /* While branches must always occur at the end of an IT block, 8055 there are a few other things that can cause us to terminate 8056 the TB in the middle of an IT block: 8057 - Exception generating instructions (bkpt, swi, undefined). 8058 - Page boundaries. 8059 - Hardware watchpoints. 8060 Hardware breakpoints have already been handled and skip this code. 8061 */ 8062 switch (dc->base.is_jmp) { 8063 case DISAS_NEXT: 8064 case DISAS_TOO_MANY: 8065 gen_goto_tb(dc, 1, curr_insn_len(dc)); 8066 break; 8067 case DISAS_UPDATE_NOCHAIN: 8068 gen_update_pc(dc, curr_insn_len(dc)); 8069 /* fall through */ 8070 case DISAS_JUMP: 8071 gen_goto_ptr(); 8072 break; 8073 case DISAS_UPDATE_EXIT: 8074 gen_update_pc(dc, curr_insn_len(dc)); 8075 /* fall through */ 8076 default: 8077 /* indicate that the hash table must be used to find the next TB */ 8078 tcg_gen_exit_tb(NULL, 0); 8079 break; 8080 case DISAS_NORETURN: 8081 /* nothing more to generate */ 8082 break; 8083 case DISAS_WFI: 8084 gen_helper_wfi(tcg_env, tcg_constant_i32(curr_insn_len(dc))); 8085 /* 8086 * The helper doesn't necessarily throw an exception, but we 8087 * must go back to the main loop to check for interrupts anyway. 8088 */ 8089 tcg_gen_exit_tb(NULL, 0); 8090 break; 8091 case DISAS_WFE: 8092 gen_helper_wfe(tcg_env); 8093 break; 8094 case DISAS_YIELD: 8095 gen_helper_yield(tcg_env); 8096 break; 8097 case DISAS_SWI: 8098 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb)); 8099 break; 8100 case DISAS_HVC: 8101 gen_exception_el(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2); 8102 break; 8103 case DISAS_SMC: 8104 gen_exception_el(EXCP_SMC, syn_aa32_smc(), 3); 8105 break; 8106 } 8107 } 8108 8109 if (dc->condjmp) { 8110 /* "Condition failed" instruction codepath for the branch/trap insn */ 8111 set_disas_label(dc, dc->condlabel); 8112 gen_set_condexec(dc); 8113 if (unlikely(dc->ss_active)) { 8114 gen_update_pc(dc, curr_insn_len(dc)); 8115 gen_singlestep_exception(dc); 8116 } else { 8117 gen_goto_tb(dc, 1, curr_insn_len(dc)); 8118 } 8119 } 8120 } 8121 8122 static const TranslatorOps arm_translator_ops = { 8123 .init_disas_context = arm_tr_init_disas_context, 8124 .tb_start = arm_tr_tb_start, 8125 .insn_start = arm_tr_insn_start, 8126 .translate_insn = arm_tr_translate_insn, 8127 .tb_stop = arm_tr_tb_stop, 8128 }; 8129 8130 static const TranslatorOps thumb_translator_ops = { 8131 .init_disas_context = arm_tr_init_disas_context, 8132 .tb_start = arm_tr_tb_start, 8133 .insn_start = arm_tr_insn_start, 8134 .translate_insn = thumb_tr_translate_insn, 8135 .tb_stop = arm_tr_tb_stop, 8136 }; 8137 8138 void arm_translate_code(CPUState *cpu, TranslationBlock *tb, 8139 int *max_insns, vaddr pc, void *host_pc) 8140 { 8141 DisasContext dc = { }; 8142 const TranslatorOps *ops = &arm_translator_ops; 8143 CPUARMTBFlags tb_flags = arm_tbflags_from_tb(tb); 8144 8145 if (EX_TBFLAG_AM32(tb_flags, THUMB)) { 8146 ops = &thumb_translator_ops; 8147 } 8148 #ifdef TARGET_AARCH64 8149 if (EX_TBFLAG_ANY(tb_flags, AARCH64_STATE)) { 8150 ops = &aarch64_translator_ops; 8151 } 8152 #endif 8153 8154 translator_loop(cpu, tb, max_insns, pc, host_pc, ops, &dc.base); 8155 } 8156