Home | History | Annotate | Download | only in target-arm 
      1 /*
      2  *  ARM translation
      3  *
      4  *  Copyright (c) 2003 Fabrice Bellard
      5  *  Copyright (c) 2005-2007 CodeSourcery
      6  *  Copyright (c) 2007 OpenedHand, Ltd.
      7  *
      8  * This library is free software; you can redistribute it and/or
      9  * modify it under the terms of the GNU Lesser General Public
     10  * License as published by the Free Software Foundation; either
     11  * version 2 of the License, or (at your option) any later version.
     12  *
     13  * This library is distributed in the hope that it will be useful,
     14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
     15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     16  * Lesser General Public License for more details.
     17  *
     18  * You should have received a copy of the GNU Lesser General Public
     19  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     20  */
     21 #include <stdarg.h>
     22 #include <stdlib.h>
     23 #include <stdio.h>
     24 #include <string.h>
     25 #include <inttypes.h>
     26 
     27 #include "cpu.h"
     28 #include "exec/exec-all.h"
     29 #include "disas/disas.h"
     30 #include "tcg-op.h"
     31 #include "qemu/log.h"
     32 
     33 #include "helper.h"
     34 #define GEN_HELPER 1
     35 #include "helper.h"
     36 
     37 #define ENABLE_ARCH_4T    arm_feature(env, ARM_FEATURE_V4T)
     38 #define ENABLE_ARCH_5     arm_feature(env, ARM_FEATURE_V5)
     39 /* currently all emulated v5 cores are also v5TE, so don't bother */
     40 #define ENABLE_ARCH_5TE   arm_feature(env, ARM_FEATURE_V5)
     41 #define ENABLE_ARCH_5J    0
     42 #define ENABLE_ARCH_6     arm_feature(env, ARM_FEATURE_V6)
     43 #define ENABLE_ARCH_6K   arm_feature(env, ARM_FEATURE_V6K)
     44 #define ENABLE_ARCH_6T2   arm_feature(env, ARM_FEATURE_THUMB2)
     45 #define ENABLE_ARCH_7     arm_feature(env, ARM_FEATURE_V7)
     46 
     47 #define ARCH(x) do { if (!ENABLE_ARCH_##x) goto illegal_op; } while(0)
     48 
     49 /* internal defines */
     50 typedef struct DisasContext {
     51     target_ulong pc;
     52     int is_jmp;
     53     /* Nonzero if this instruction has been conditionally skipped.  */
     54     int condjmp;
     55     /* The label that will be jumped to when the instruction is skipped.  */
     56     int condlabel;
     57     /* Thumb-2 condtional execution bits.  */
     58     int condexec_mask;
     59     int condexec_cond;
     60     struct TranslationBlock *tb;
     61     int singlestep_enabled;
     62     int thumb;
     63 #if !defined(CONFIG_USER_ONLY)
     64     int user;
     65 #endif
     66     int vfp_enabled;
     67     int vec_len;
     68     int vec_stride;
     69 } DisasContext;
     70 
     71 static uint32_t gen_opc_condexec_bits[OPC_BUF_SIZE];
     72 
     73 #if defined(CONFIG_USER_ONLY)
     74 #define IS_USER(s) 1
     75 #else
     76 #define IS_USER(s) (s->user)
     77 #endif
     78 
     79 /* These instructions trap after executing, so defer them until after the
     80    conditional executions state has been updated.  */
     81 #define DISAS_WFI 4
     82 #define DISAS_SWI 5
     83 #define DISAS_SMC 6
     84 
     85 static TCGv_ptr cpu_env;
     86 /* We reuse the same 64-bit temporaries for efficiency.  */
     87 static TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
     88 static TCGv_i32 cpu_R[16];
     89 static TCGv_i32 cpu_exclusive_addr;
     90 static TCGv_i32 cpu_exclusive_val;
     91 static TCGv_i32 cpu_exclusive_high;
     92 #ifdef CONFIG_USER_ONLY
     93 static TCGv_i32 cpu_exclusive_test;
     94 static TCGv_i32 cpu_exclusive_info;
     95 #endif
     96 
     97 /* FIXME:  These should be removed.  */
     98 static TCGv cpu_F0s, cpu_F1s;
     99 static TCGv_i64 cpu_F0d, cpu_F1d;
    100 
    101 #include "exec/gen-icount.h"
    102 
    103 static const char *regnames[] =
    104     { "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
    105       "r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" };
    106 
    107 /* initialize TCG globals.  */
    108 void arm_translate_init(void)
    109 {
    110     int i;
    111 
    112     cpu_env = tcg_global_reg_new_ptr(TCG_AREG0, "env");
    113 
    114     for (i = 0; i < 16; i++) {
    115         cpu_R[i] = tcg_global_mem_new_i32(TCG_AREG0,
    116                                           offsetof(CPUARMState, regs[i]),
    117                                           regnames[i]);
    118     }
    119     cpu_exclusive_addr = tcg_global_mem_new_i32(TCG_AREG0,
    120         offsetof(CPUARMState, exclusive_addr), "exclusive_addr");
    121     cpu_exclusive_val = tcg_global_mem_new_i32(TCG_AREG0,
    122         offsetof(CPUARMState, exclusive_val), "exclusive_val");
    123     cpu_exclusive_high = tcg_global_mem_new_i32(TCG_AREG0,
    124         offsetof(CPUARMState, exclusive_high), "exclusive_high");
    125 #ifdef CONFIG_USER_ONLY
    126     cpu_exclusive_test = tcg_global_mem_new_i32(TCG_AREG0,
    127         offsetof(CPUARMState, exclusive_test), "exclusive_test");
    128     cpu_exclusive_info = tcg_global_mem_new_i32(TCG_AREG0,
    129         offsetof(CPUARMState, exclusive_info), "exclusive_info");
    130 #endif
    131 }
    132 
    133 static inline TCGv load_cpu_offset(int offset)
    134 {
    135     TCGv tmp = tcg_temp_new_i32();
    136     tcg_gen_ld_i32(tmp, cpu_env, offset);
    137     return tmp;
    138 }
    139 
    140 #define load_cpu_field(name) load_cpu_offset(offsetof(CPUARMState, name))
    141 
    142 static inline void store_cpu_offset(TCGv var, int offset)
    143 {
    144     tcg_gen_st_i32(var, cpu_env, offset);
    145     tcg_temp_free_i32(var);
    146 }
    147 
    148 #define store_cpu_field(var, name) \
    149     store_cpu_offset(var, offsetof(CPUARMState, name))
    150 
    151 /* Set a variable to the value of a CPU register.  */
    152 static void load_reg_var(DisasContext *s, TCGv var, int reg)
    153 {
    154     if (reg == 15) {
    155         uint32_t addr;
    156         /* normaly, since we updated PC, we need only to add one insn */
    157         if (s->thumb)
    158             addr = (long)s->pc + 2;
    159         else
    160             addr = (long)s->pc + 4;
    161         tcg_gen_movi_i32(var, addr);
    162     } else {
    163         tcg_gen_mov_i32(var, cpu_R[reg]);
    164     }
    165 }
    166 
    167 /* Create a new temporary and set it to the value of a CPU register.  */
    168 static inline TCGv load_reg(DisasContext *s, int reg)
    169 {
    170     TCGv tmp = tcg_temp_new_i32();
    171     load_reg_var(s, tmp, reg);
    172     return tmp;
    173 }
    174 
    175 /* Set a CPU register.  The source must be a temporary and will be
    176    marked as dead.  */
    177 static void store_reg(DisasContext *s, int reg, TCGv var)
    178 {
    179     if (reg == 15) {
    180         tcg_gen_andi_i32(var, var, ~1);
    181         s->is_jmp = DISAS_JUMP;
    182     }
    183     tcg_gen_mov_i32(cpu_R[reg], var);
    184     tcg_temp_free_i32(var);
    185 }
    186 
    187 /* Value extensions.  */
    188 #define gen_uxtb(var) tcg_gen_ext8u_i32(var, var)
    189 #define gen_uxth(var) tcg_gen_ext16u_i32(var, var)
    190 #define gen_sxtb(var) tcg_gen_ext8s_i32(var, var)
    191 #define gen_sxth(var) tcg_gen_ext16s_i32(var, var)
    192 
    193 #define gen_sxtb16(var) gen_helper_sxtb16(var, var)
    194 #define gen_uxtb16(var) gen_helper_uxtb16(var, var)
    195 
    196 
    197 static inline void gen_set_cpsr(TCGv var, uint32_t mask)
    198 {
    199     TCGv tmp_mask = tcg_const_i32(mask);
    200     gen_helper_cpsr_write(cpu_env, var, tmp_mask);
    201     tcg_temp_free_i32(tmp_mask);
    202 }
    203 /* Set NZCV flags from the high 4 bits of var.  */
    204 #define gen_set_nzcv(var) gen_set_cpsr(var, CPSR_NZCV)
    205 
    206 static void gen_exception(int excp)
    207 {
    208     TCGv tmp = tcg_temp_new_i32();
    209     tcg_gen_movi_i32(tmp, excp);
    210     gen_helper_exception(cpu_env, tmp);
    211     tcg_temp_free_i32(tmp);
    212 }
    213 
    214 static void gen_smul_dual(TCGv a, TCGv b)
    215 {
    216     TCGv tmp1 = tcg_temp_new_i32();
    217     TCGv tmp2 = tcg_temp_new_i32();
    218     tcg_gen_ext16s_i32(tmp1, a);
    219     tcg_gen_ext16s_i32(tmp2, b);
    220     tcg_gen_mul_i32(tmp1, tmp1, tmp2);
    221     tcg_temp_free_i32(tmp2);
    222     tcg_gen_sari_i32(a, a, 16);
    223     tcg_gen_sari_i32(b, b, 16);
    224     tcg_gen_mul_i32(b, b, a);
    225     tcg_gen_mov_i32(a, tmp1);
    226     tcg_temp_free_i32(tmp1);
    227 }
    228 
    229 /* Byteswap each halfword.  */
    230 static void gen_rev16(TCGv var)
    231 {
    232     TCGv tmp = tcg_temp_new_i32();
    233     tcg_gen_shri_i32(tmp, var, 8);
    234     tcg_gen_andi_i32(tmp, tmp, 0x00ff00ff);
    235     tcg_gen_shli_i32(var, var, 8);
    236     tcg_gen_andi_i32(var, var, 0xff00ff00);
    237     tcg_gen_or_i32(var, var, tmp);
    238     tcg_temp_free_i32(tmp);
    239 }
    240 
    241 /* Byteswap low halfword and sign extend.  */
    242 static void gen_revsh(TCGv var)
    243 {
    244     tcg_gen_ext16u_i32(var, var);
    245     tcg_gen_bswap16_i32(var, var);
    246     tcg_gen_ext16s_i32(var, var);
    247 }
    248 
    249 /* Unsigned bitfield extract.  */
    250 static void gen_ubfx(TCGv var, int shift, uint32_t mask)
    251 {
    252     if (shift)
    253         tcg_gen_shri_i32(var, var, shift);
    254     tcg_gen_andi_i32(var, var, mask);
    255 }
    256 
    257 /* Signed bitfield extract.  */
    258 static void gen_sbfx(TCGv var, int shift, int width)
    259 {
    260     uint32_t signbit;
    261 
    262     if (shift)
    263         tcg_gen_sari_i32(var, var, shift);
    264     if (shift + width < 32) {
    265         signbit = 1u << (width - 1);
    266         tcg_gen_andi_i32(var, var, (1u << width) - 1);
    267         tcg_gen_xori_i32(var, var, signbit);
    268         tcg_gen_subi_i32(var, var, signbit);
    269     }
    270 }
    271 
    272 /* Bitfield insertion.  Insert val into base.  Clobbers base and val.  */
    273 static void gen_bfi(TCGv dest, TCGv base, TCGv val, int shift, uint32_t mask)
    274 {
    275     tcg_gen_andi_i32(val, val, mask);
    276     tcg_gen_shli_i32(val, val, shift);
    277     tcg_gen_andi_i32(base, base, ~(mask << shift));
    278     tcg_gen_or_i32(dest, base, val);
    279 }
    280 
    281 /* Return (b << 32) + a. Mark inputs as dead */
    282 static TCGv_i64 gen_addq_msw(TCGv_i64 a, TCGv b)
    283 {
    284     TCGv_i64 tmp64 = tcg_temp_new_i64();
    285 
    286     tcg_gen_extu_i32_i64(tmp64, b);
    287     tcg_temp_free_i32(b);
    288     tcg_gen_shli_i64(tmp64, tmp64, 32);
    289     tcg_gen_add_i64(a, tmp64, a);
    290 
    291     tcg_temp_free_i64(tmp64);
    292     return a;
    293 }
    294 
    295 /* Return (b << 32) - a. Mark inputs as dead. */
    296 static TCGv_i64 gen_subq_msw(TCGv_i64 a, TCGv b)
    297 {
    298     TCGv_i64 tmp64 = tcg_temp_new_i64();
    299 
    300     tcg_gen_extu_i32_i64(tmp64, b);
    301     tcg_temp_free_i32(b);
    302     tcg_gen_shli_i64(tmp64, tmp64, 32);
    303     tcg_gen_sub_i64(a, tmp64, a);
    304 
    305     tcg_temp_free_i64(tmp64);
    306     return a;
    307 }
    308 
    309 /* FIXME: Most targets have native widening multiplication.
    310    It would be good to use that instead of a full wide multiply.  */
    311 /* 32x32->64 multiply.  Marks inputs as dead.  */
    312 static TCGv_i64 gen_mulu_i64_i32(TCGv a, TCGv b)
    313 {
    314     TCGv_i64 tmp1 = tcg_temp_new_i64();
    315     TCGv_i64 tmp2 = tcg_temp_new_i64();
    316 
    317     tcg_gen_extu_i32_i64(tmp1, a);
    318     tcg_temp_free_i32(a);
    319     tcg_gen_extu_i32_i64(tmp2, b);
    320     tcg_temp_free_i32(b);
    321     tcg_gen_mul_i64(tmp1, tmp1, tmp2);
    322     tcg_temp_free_i64(tmp2);
    323     return tmp1;
    324 }
    325 
    326 static TCGv_i64 gen_muls_i64_i32(TCGv a, TCGv b)
    327 {
    328     TCGv_i64 tmp1 = tcg_temp_new_i64();
    329     TCGv_i64 tmp2 = tcg_temp_new_i64();
    330 
    331     tcg_gen_ext_i32_i64(tmp1, a);
    332     tcg_temp_free_i32(a);
    333     tcg_gen_ext_i32_i64(tmp2, b);
    334     tcg_temp_free_i32(b);
    335     tcg_gen_mul_i64(tmp1, tmp1, tmp2);
    336     tcg_temp_free_i64(tmp2);
    337     return tmp1;
    338 }
    339 
    340 /* Swap low and high halfwords.  */
    341 static void gen_swap_half(TCGv var)
    342 {
    343     TCGv tmp = tcg_temp_new_i32();
    344     tcg_gen_shri_i32(tmp, var, 16);
    345     tcg_gen_shli_i32(var, var, 16);
    346     tcg_gen_or_i32(var, var, tmp);
    347     tcg_temp_free_i32(tmp);
    348 }
    349 
    350 /* Dual 16-bit add.  Result placed in t0 and t1 is marked as dead.
    351     tmp = (t0 ^ t1) & 0x8000;
    352     t0 &= ~0x8000;
    353     t1 &= ~0x8000;
    354     t0 = (t0 + t1) ^ tmp;
    355  */
    356 
    357 static void gen_add16(TCGv t0, TCGv t1)
    358 {
    359     TCGv tmp = tcg_temp_new_i32();
    360     tcg_gen_xor_i32(tmp, t0, t1);
    361     tcg_gen_andi_i32(tmp, tmp, 0x8000);
    362     tcg_gen_andi_i32(t0, t0, ~0x8000);
    363     tcg_gen_andi_i32(t1, t1, ~0x8000);
    364     tcg_gen_add_i32(t0, t0, t1);
    365     tcg_gen_xor_i32(t0, t0, tmp);
    366     tcg_temp_free_i32(tmp);
    367     tcg_temp_free_i32(t1);
    368 }
    369 
    370 #define gen_set_CF(var) tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, CF))
    371 
    372 /* Set CF to the top bit of var.  */
    373 static void gen_set_CF_bit31(TCGv var)
    374 {
    375     TCGv tmp = tcg_temp_new_i32();
    376     tcg_gen_shri_i32(tmp, var, 31);
    377     gen_set_CF(tmp);
    378     tcg_temp_free_i32(tmp);
    379 }
    380 
    381 /* Set N and Z flags from var.  */
    382 static inline void gen_logic_CC(TCGv var)
    383 {
    384     tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, NF));
    385     tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, ZF));
    386 }
    387 
    388 /* T0 += T1 + CF.  */
    389 static void gen_adc(TCGv t0, TCGv t1)
    390 {
    391     TCGv tmp;
    392     tcg_gen_add_i32(t0, t0, t1);
    393     tmp = load_cpu_field(CF);
    394     tcg_gen_add_i32(t0, t0, tmp);
    395     tcg_temp_free_i32(tmp);
    396 }
    397 
    398 /* dest = T0 + T1 + CF. */
    399 static void gen_add_carry(TCGv dest, TCGv t0, TCGv t1)
    400 {
    401     TCGv tmp;
    402     tcg_gen_add_i32(dest, t0, t1);
    403     tmp = load_cpu_field(CF);
    404     tcg_gen_add_i32(dest, dest, tmp);
    405     tcg_temp_free_i32(tmp);
    406 }
    407 
    408 /* dest = T0 - T1 + CF - 1.  */
    409 static void gen_sub_carry(TCGv dest, TCGv t0, TCGv t1)
    410 {
    411     TCGv tmp;
    412     tcg_gen_sub_i32(dest, t0, t1);
    413     tmp = load_cpu_field(CF);
    414     tcg_gen_add_i32(dest, dest, tmp);
    415     tcg_gen_subi_i32(dest, dest, 1);
    416     tcg_temp_free_i32(tmp);
    417 }
    418 
    419 /* FIXME:  Implement this natively.  */
    420 #define tcg_gen_abs_i32(t0, t1) gen_helper_abs(t0, t1)
    421 
    422 static void shifter_out_im(TCGv var, int shift)
    423 {
    424     TCGv tmp = tcg_temp_new_i32();
    425     if (shift == 0) {
    426         tcg_gen_andi_i32(tmp, var, 1);
    427     } else {
    428         tcg_gen_shri_i32(tmp, var, shift);
    429         if (shift != 31)
    430             tcg_gen_andi_i32(tmp, tmp, 1);
    431     }
    432     gen_set_CF(tmp);
    433     tcg_temp_free_i32(tmp);
    434 }
    435 
    436 /* Shift by immediate.  Includes special handling for shift == 0.  */
    437 static inline void gen_arm_shift_im(TCGv var, int shiftop, int shift, int flags)
    438 {
    439     switch (shiftop) {
    440     case 0: /* LSL */
    441         if (shift != 0) {
    442             if (flags)
    443                 shifter_out_im(var, 32 - shift);
    444             tcg_gen_shli_i32(var, var, shift);
    445         }
    446         break;
    447     case 1: /* LSR */
    448         if (shift == 0) {
    449             if (flags) {
    450                 tcg_gen_shri_i32(var, var, 31);
    451                 gen_set_CF(var);
    452             }
    453             tcg_gen_movi_i32(var, 0);
    454         } else {
    455             if (flags)
    456                 shifter_out_im(var, shift - 1);
    457             tcg_gen_shri_i32(var, var, shift);
    458         }
    459         break;
    460     case 2: /* ASR */
    461         if (shift == 0)
    462             shift = 32;
    463         if (flags)
    464             shifter_out_im(var, shift - 1);
    465         if (shift == 32)
    466           shift = 31;
    467         tcg_gen_sari_i32(var, var, shift);
    468         break;
    469     case 3: /* ROR/RRX */
    470         if (shift != 0) {
    471             if (flags)
    472                 shifter_out_im(var, shift - 1);
    473             tcg_gen_rotri_i32(var, var, shift); break;
    474         } else {
    475             TCGv tmp = load_cpu_field(CF);
    476             if (flags)
    477                 shifter_out_im(var, 0);
    478             tcg_gen_shri_i32(var, var, 1);
    479             tcg_gen_shli_i32(tmp, tmp, 31);
    480             tcg_gen_or_i32(var, var, tmp);
    481             tcg_temp_free_i32(tmp);
    482         }
    483     }
    484 };
    485 
    486 static inline void gen_arm_shift_reg(TCGv var, int shiftop,
    487                                      TCGv shift, int flags)
    488 {
    489     if (flags) {
    490         switch (shiftop) {
    491         case 0: gen_helper_shl_cc(var, cpu_env, var, shift); break;
    492         case 1: gen_helper_shr_cc(var, cpu_env, var, shift); break;
    493         case 2: gen_helper_sar_cc(var, cpu_env, var, shift); break;
    494         case 3: gen_helper_ror_cc(var, cpu_env, var, shift); break;
    495         }
    496     } else {
    497         switch (shiftop) {
    498         case 0: gen_helper_shl(var, var, shift); break;
    499         case 1: gen_helper_shr(var, var, shift); break;
    500         case 2: gen_helper_sar(var, var, shift); break;
    501         case 3: tcg_gen_andi_i32(shift, shift, 0x1f);
    502                 tcg_gen_rotr_i32(var, var, shift); break;
    503         }
    504     }
    505     tcg_temp_free_i32(shift);
    506 }
    507 
    508 #define PAS_OP(pfx) \
    509     switch (op2) {  \
    510     case 0: gen_pas_helper(glue(pfx,add16)); break; \
    511     case 1: gen_pas_helper(glue(pfx,addsubx)); break; \
    512     case 2: gen_pas_helper(glue(pfx,subaddx)); break; \
    513     case 3: gen_pas_helper(glue(pfx,sub16)); break; \
    514     case 4: gen_pas_helper(glue(pfx,add8)); break; \
    515     case 7: gen_pas_helper(glue(pfx,sub8)); break; \
    516     }
    517 static void gen_arm_parallel_addsub(int op1, int op2, TCGv a, TCGv b)
    518 {
    519     TCGv_ptr tmp;
    520 
    521     switch (op1) {
    522 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
    523     case 1:
    524         tmp = tcg_temp_new_ptr();
    525         tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
    526         PAS_OP(s)
    527         tcg_temp_free_ptr(tmp);
    528         break;
    529     case 5:
    530         tmp = tcg_temp_new_ptr();
    531         tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
    532         PAS_OP(u)
    533         tcg_temp_free_ptr(tmp);
    534         break;
    535 #undef gen_pas_helper
    536 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
    537     case 2:
    538         PAS_OP(q);
    539         break;
    540     case 3:
    541         PAS_OP(sh);
    542         break;
    543     case 6:
    544         PAS_OP(uq);
    545         break;
    546     case 7:
    547         PAS_OP(uh);
    548         break;
    549 #undef gen_pas_helper
    550     }
    551 }
    552 #undef PAS_OP
    553 
    554 /* For unknown reasons Arm and Thumb-2 use arbitrarily different encodings.  */
    555 #define PAS_OP(pfx) \
    556     switch (op1) {  \
    557     case 0: gen_pas_helper(glue(pfx,add8)); break; \
    558     case 1: gen_pas_helper(glue(pfx,add16)); break; \
    559     case 2: gen_pas_helper(glue(pfx,addsubx)); break; \
    560     case 4: gen_pas_helper(glue(pfx,sub8)); break; \
    561     case 5: gen_pas_helper(glue(pfx,sub16)); break; \
    562     case 6: gen_pas_helper(glue(pfx,subaddx)); break; \
    563     }
    564 static void gen_thumb2_parallel_addsub(int op1, int op2, TCGv a, TCGv b)
    565 {
    566     TCGv_ptr tmp;
    567 
    568     switch (op2) {
    569 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b, tmp)
    570     case 0:
    571         tmp = tcg_temp_new_ptr();
    572         tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
    573         PAS_OP(s)
    574         tcg_temp_free_ptr(tmp);
    575         break;
    576     case 4:
    577         tmp = tcg_temp_new_ptr();
    578         tcg_gen_addi_ptr(tmp, cpu_env, offsetof(CPUARMState, GE));
    579         PAS_OP(u)
    580         tcg_temp_free_ptr(tmp);
    581         break;
    582 #undef gen_pas_helper
    583 #define gen_pas_helper(name) glue(gen_helper_,name)(a, a, b)
    584     case 1:
    585         PAS_OP(q);
    586         break;
    587     case 2:
    588         PAS_OP(sh);
    589         break;
    590     case 5:
    591         PAS_OP(uq);
    592         break;
    593     case 6:
    594         PAS_OP(uh);
    595         break;
    596 #undef gen_pas_helper
    597     }
    598 }
    599 #undef PAS_OP
    600 
    601 static void gen_test_cc(int cc, int label)
    602 {
    603     TCGv tmp;
    604     TCGv tmp2;
    605     int inv;
    606 
    607     switch (cc) {
    608     case 0: /* eq: Z */
    609         tmp = load_cpu_field(ZF);
    610         tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, label);
    611         break;
    612     case 1: /* ne: !Z */
    613         tmp = load_cpu_field(ZF);
    614         tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, label);
    615         break;
    616     case 2: /* cs: C */
    617         tmp = load_cpu_field(CF);
    618         tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, label);
    619         break;
    620     case 3: /* cc: !C */
    621         tmp = load_cpu_field(CF);
    622         tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, label);
    623         break;
    624     case 4: /* mi: N */
    625         tmp = load_cpu_field(NF);
    626         tcg_gen_brcondi_i32(TCG_COND_LT, tmp, 0, label);
    627         break;
    628     case 5: /* pl: !N */
    629         tmp = load_cpu_field(NF);
    630         tcg_gen_brcondi_i32(TCG_COND_GE, tmp, 0, label);
    631         break;
    632     case 6: /* vs: V */
    633         tmp = load_cpu_field(VF);
    634         tcg_gen_brcondi_i32(TCG_COND_LT, tmp, 0, label);
    635         break;
    636     case 7: /* vc: !V */
    637         tmp = load_cpu_field(VF);
    638         tcg_gen_brcondi_i32(TCG_COND_GE, tmp, 0, label);
    639         break;
    640     case 8: /* hi: C && !Z */
    641         inv = gen_new_label();
    642         tmp = load_cpu_field(CF);
    643         tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, inv);
    644         tcg_temp_free_i32(tmp);
    645         tmp = load_cpu_field(ZF);
    646         tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, label);
    647         gen_set_label(inv);
    648         break;
    649     case 9: /* ls: !C || Z */
    650         tmp = load_cpu_field(CF);
    651         tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, label);
    652         tcg_temp_free_i32(tmp);
    653         tmp = load_cpu_field(ZF);
    654         tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, label);
    655         break;
    656     case 10: /* ge: N == V -> N ^ V == 0 */
    657         tmp = load_cpu_field(VF);
    658         tmp2 = load_cpu_field(NF);
    659         tcg_gen_xor_i32(tmp, tmp, tmp2);
    660         tcg_temp_free_i32(tmp2);
    661         tcg_gen_brcondi_i32(TCG_COND_GE, tmp, 0, label);
    662         break;
    663     case 11: /* lt: N != V -> N ^ V != 0 */
    664         tmp = load_cpu_field(VF);
    665         tmp2 = load_cpu_field(NF);
    666         tcg_gen_xor_i32(tmp, tmp, tmp2);
    667         tcg_temp_free_i32(tmp2);
    668         tcg_gen_brcondi_i32(TCG_COND_LT, tmp, 0, label);
    669         break;
    670     case 12: /* gt: !Z && N == V */
    671         inv = gen_new_label();
    672         tmp = load_cpu_field(ZF);
    673         tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, inv);
    674         tcg_temp_free_i32(tmp);
    675         tmp = load_cpu_field(VF);
    676         tmp2 = load_cpu_field(NF);
    677         tcg_gen_xor_i32(tmp, tmp, tmp2);
    678         tcg_temp_free_i32(tmp2);
    679         tcg_gen_brcondi_i32(TCG_COND_GE, tmp, 0, label);
    680         gen_set_label(inv);
    681         break;
    682     case 13: /* le: Z || N != V */
    683         tmp = load_cpu_field(ZF);
    684         tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, label);
    685         tcg_temp_free_i32(tmp);
    686         tmp = load_cpu_field(VF);
    687         tmp2 = load_cpu_field(NF);
    688         tcg_gen_xor_i32(tmp, tmp, tmp2);
    689         tcg_temp_free_i32(tmp2);
    690         tcg_gen_brcondi_i32(TCG_COND_LT, tmp, 0, label);
    691         break;
    692     default:
    693         fprintf(stderr, "Bad condition code 0x%x\n", cc);
    694         abort();
    695     }
    696     tcg_temp_free_i32(tmp);
    697 }
    698 
    699 static const uint8_t table_logic_cc[16] = {
    700     1, /* and */
    701     1, /* xor */
    702     0, /* sub */
    703     0, /* rsb */
    704     0, /* add */
    705     0, /* adc */
    706     0, /* sbc */
    707     0, /* rsc */
    708     1, /* andl */
    709     1, /* xorl */
    710     0, /* cmp */
    711     0, /* cmn */
    712     1, /* orr */
    713     1, /* mov */
    714     1, /* bic */
    715     1, /* mvn */
    716 };
    717 
    718 /* Set PC and Thumb state from an immediate address.  */
    719 static inline void gen_bx_im(DisasContext *s, uint32_t addr)
    720 {
    721     TCGv tmp;
    722 
    723     s->is_jmp = DISAS_UPDATE;
    724     if (s->thumb != (addr & 1)) {
    725         tmp = tcg_temp_new_i32();
    726         tcg_gen_movi_i32(tmp, addr & 1);
    727         tcg_gen_st_i32(tmp, cpu_env, offsetof(CPUARMState, thumb));
    728         tcg_temp_free_i32(tmp);
    729     }
    730     tcg_gen_movi_i32(cpu_R[15], addr & ~1);
    731 }
    732 
    733 /* Set PC and Thumb state from var.  var is marked as dead.  */
    734 static inline void gen_bx(DisasContext *s, TCGv var)
    735 {
    736     s->is_jmp = DISAS_UPDATE;
    737     tcg_gen_andi_i32(cpu_R[15], var, ~1);
    738     tcg_gen_andi_i32(var, var, 1);
    739     store_cpu_field(var, thumb);
    740 }
    741 
    742 /* Variant of store_reg which uses branch&exchange logic when storing
    743    to r15 in ARM architecture v7 and above. The source must be a temporary
    744    and will be marked as dead. */
    745 static inline void store_reg_bx(CPUARMState *env, DisasContext *s,
    746                                 int reg, TCGv var)
    747 {
    748     if (reg == 15 && ENABLE_ARCH_7) {
    749         gen_bx(s, var);
    750     } else {
    751         store_reg(s, reg, var);
    752     }
    753 }
    754 
    755 /* Variant of store_reg which uses branch&exchange logic when storing
    756  * to r15 in ARM architecture v5T and above. This is used for storing
    757  * the results of a LDR/LDM/POP into r15, and corresponds to the cases
    758  * in the ARM ARM which use the LoadWritePC() pseudocode function. */
    759 static inline void store_reg_from_load(CPUARMState *env, DisasContext *s,
    760                                 int reg, TCGv var)
    761 {
    762     if (reg == 15 && ENABLE_ARCH_5) {
    763         gen_bx(s, var);
    764     } else {
    765         store_reg(s, reg, var);
    766     }
    767 }
    768 
    769 static inline void gen_smc(CPUARMState *env, DisasContext *s)
    770 {
    771     tcg_gen_movi_i32(cpu_R[15], s->pc);
    772     s->is_jmp = DISAS_SMC;
    773 }
    774 
    775 static inline TCGv gen_ld8s(TCGv addr, int index)
    776 {
    777     TCGv tmp = tcg_temp_new_i32();
    778     tcg_gen_qemu_ld8s(tmp, addr, index);
    779     return tmp;
    780 }
    781 static inline TCGv gen_ld8u(TCGv addr, int index)
    782 {
    783     TCGv tmp = tcg_temp_new_i32();
    784     tcg_gen_qemu_ld8u(tmp, addr, index);
    785     return tmp;
    786 }
    787 static inline TCGv gen_ld16s(TCGv addr, int index)
    788 {
    789     TCGv tmp = tcg_temp_new_i32();
    790     tcg_gen_qemu_ld16s(tmp, addr, index);
    791     return tmp;
    792 }
    793 static inline TCGv gen_ld16u(TCGv addr, int index)
    794 {
    795     TCGv tmp = tcg_temp_new_i32();
    796     tcg_gen_qemu_ld16u(tmp, addr, index);
    797     return tmp;
    798 }
    799 static inline TCGv gen_ld32(TCGv addr, int index)
    800 {
    801     TCGv tmp = tcg_temp_new_i32();
    802     tcg_gen_qemu_ld32u(tmp, addr, index);
    803     return tmp;
    804 }
    805 static inline TCGv_i64 gen_ld64(TCGv addr, int index)
    806 {
    807     TCGv_i64 tmp = tcg_temp_new_i64();
    808     tcg_gen_qemu_ld64(tmp, addr, index);
    809     return tmp;
    810 }
    811 static inline void gen_st8(TCGv val, TCGv addr, int index)
    812 {
    813     tcg_gen_qemu_st8(val, addr, index);
    814     tcg_temp_free_i32(val);
    815 }
    816 static inline void gen_st16(TCGv val, TCGv addr, int index)
    817 {
    818     tcg_gen_qemu_st16(val, addr, index);
    819     tcg_temp_free_i32(val);
    820 }
    821 static inline void gen_st32(TCGv val, TCGv addr, int index)
    822 {
    823     tcg_gen_qemu_st32(val, addr, index);
    824     tcg_temp_free_i32(val);
    825 }
    826 static inline void gen_st64(TCGv_i64 val, TCGv addr, int index)
    827 {
    828     tcg_gen_qemu_st64(val, addr, index);
    829     tcg_temp_free_i64(val);
    830 }
    831 
    832 static inline void gen_set_pc_im(uint32_t val)
    833 {
    834     tcg_gen_movi_i32(cpu_R[15], val);
    835 }
    836 
    837 /* Force a TB lookup after an instruction that changes the CPU state.  */
    838 static inline void gen_lookup_tb(DisasContext *s)
    839 {
    840     tcg_gen_movi_i32(cpu_R[15], s->pc & ~1);
    841     s->is_jmp = DISAS_UPDATE;
    842 }
    843 
    844 static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
    845                                        TCGv var)
    846 {
    847     int val, rm, shift, shiftop;
    848     TCGv offset;
    849 
    850     if (!(insn & (1 << 25))) {
    851         /* immediate */
    852         val = insn & 0xfff;
    853         if (!(insn & (1 << 23)))
    854             val = -val;
    855         if (val != 0)
    856             tcg_gen_addi_i32(var, var, val);
    857     } else {
    858         /* shift/register */
    859         rm = (insn) & 0xf;
    860         shift = (insn >> 7) & 0x1f;
    861         shiftop = (insn >> 5) & 3;
    862         offset = load_reg(s, rm);
    863         gen_arm_shift_im(offset, shiftop, shift, 0);
    864         if (!(insn & (1 << 23)))
    865             tcg_gen_sub_i32(var, var, offset);
    866         else
    867             tcg_gen_add_i32(var, var, offset);
    868         tcg_temp_free_i32(offset);
    869     }
    870 }
    871 
    872 static inline void gen_add_datah_offset(DisasContext *s, unsigned int insn,
    873                                         int extra, TCGv var)
    874 {
    875     int val, rm;
    876     TCGv offset;
    877 
    878     if (insn & (1 << 22)) {
    879         /* immediate */
    880         val = (insn & 0xf) | ((insn >> 4) & 0xf0);
    881         if (!(insn & (1 << 23)))
    882             val = -val;
    883         val += extra;
    884         if (val != 0)
    885             tcg_gen_addi_i32(var, var, val);
    886     } else {
    887         /* register */
    888         if (extra)
    889             tcg_gen_addi_i32(var, var, extra);
    890         rm = (insn) & 0xf;
    891         offset = load_reg(s, rm);
    892         if (!(insn & (1 << 23)))
    893             tcg_gen_sub_i32(var, var, offset);
    894         else
    895             tcg_gen_add_i32(var, var, offset);
    896         tcg_temp_free_i32(offset);
    897     }
    898 }
    899 
    900 static TCGv_ptr get_fpstatus_ptr(int neon)
    901 {
    902     TCGv_ptr statusptr = tcg_temp_new_ptr();
    903     int offset;
    904     if (neon) {
    905         offset = offsetof(CPUARMState, vfp.standard_fp_status);
    906     } else {
    907         offset = offsetof(CPUARMState, vfp.fp_status);
    908     }
    909     tcg_gen_addi_ptr(statusptr, cpu_env, offset);
    910     return statusptr;
    911 }
    912 
    913 #define VFP_OP2(name)                                                 \
    914 static inline void gen_vfp_##name(int dp)                             \
    915 {                                                                     \
    916     TCGv_ptr fpst = get_fpstatus_ptr(0);                              \
    917     if (dp) {                                                         \
    918         gen_helper_vfp_##name##d(cpu_F0d, cpu_F0d, cpu_F1d, fpst);    \
    919     } else {                                                          \
    920         gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, cpu_F1s, fpst);    \
    921     }                                                                 \
    922     tcg_temp_free_ptr(fpst);                                          \
    923 }
    924 
    925 VFP_OP2(add)
    926 VFP_OP2(sub)
    927 VFP_OP2(mul)
    928 VFP_OP2(div)
    929 
    930 #undef VFP_OP2
    931 
    932 static inline void gen_vfp_F1_mul(int dp)
    933 {
    934     /* Like gen_vfp_mul() but put result in F1 */
    935     TCGv_ptr fpst = get_fpstatus_ptr(0);
    936     if (dp) {
    937         gen_helper_vfp_muld(cpu_F1d, cpu_F0d, cpu_F1d, fpst);
    938     } else {
    939         gen_helper_vfp_muls(cpu_F1s, cpu_F0s, cpu_F1s, fpst);
    940     }
    941 }
    942 
    943 static inline void gen_vfp_F1_neg(int dp)
    944 {
    945     /* Like gen_vfp_neg() but put result in F1 */
    946     if (dp) {
    947         gen_helper_vfp_negd(cpu_F1d, cpu_F0d);
    948     } else {
    949         gen_helper_vfp_negs(cpu_F1s, cpu_F0s);
    950     }
    951 }
    952 
    953 static inline void gen_vfp_abs(int dp)
    954 {
    955     if (dp)
    956         gen_helper_vfp_absd(cpu_F0d, cpu_F0d);
    957     else
    958         gen_helper_vfp_abss(cpu_F0s, cpu_F0s);
    959 }
    960 
    961 static inline void gen_vfp_neg(int dp)
    962 {
    963     if (dp)
    964         gen_helper_vfp_negd(cpu_F0d, cpu_F0d);
    965     else
    966         gen_helper_vfp_negs(cpu_F0s, cpu_F0s);
    967 }
    968 
    969 static inline void gen_vfp_sqrt(int dp)
    970 {
    971     if (dp)
    972         gen_helper_vfp_sqrtd(cpu_F0d, cpu_F0d, cpu_env);
    973     else
    974         gen_helper_vfp_sqrts(cpu_F0s, cpu_F0s, cpu_env);
    975 }
    976 
    977 static inline void gen_vfp_cmp(int dp)
    978 {
    979     if (dp)
    980         gen_helper_vfp_cmpd(cpu_F0d, cpu_F1d, cpu_env);
    981     else
    982         gen_helper_vfp_cmps(cpu_F0s, cpu_F1s, cpu_env);
    983 }
    984 
    985 static inline void gen_vfp_cmpe(int dp)
    986 {
    987     if (dp)
    988         gen_helper_vfp_cmped(cpu_F0d, cpu_F1d, cpu_env);
    989     else
    990         gen_helper_vfp_cmpes(cpu_F0s, cpu_F1s, cpu_env);
    991 }
    992 
    993 static inline void gen_vfp_F1_ld0(int dp)
    994 {
    995     if (dp)
    996         tcg_gen_movi_i64(cpu_F1d, 0);
    997     else
    998         tcg_gen_movi_i32(cpu_F1s, 0);
    999 }
   1000 
   1001 #define VFP_GEN_ITOF(name) \
   1002 static inline void gen_vfp_##name(int dp, int neon) \
   1003 { \
   1004     TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
   1005     if (dp) { \
   1006         gen_helper_vfp_##name##d(cpu_F0d, cpu_F0s, statusptr); \
   1007     } else { \
   1008         gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, statusptr); \
   1009     } \
   1010     tcg_temp_free_ptr(statusptr); \
   1011 }
   1012 
   1013 VFP_GEN_ITOF(uito)
   1014 VFP_GEN_ITOF(sito)
   1015 #undef VFP_GEN_ITOF
   1016 
   1017 #define VFP_GEN_FTOI(name) \
   1018 static inline void gen_vfp_##name(int dp, int neon) \
   1019 { \
   1020     TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
   1021     if (dp) { \
   1022         gen_helper_vfp_##name##d(cpu_F0s, cpu_F0d, statusptr); \
   1023     } else { \
   1024         gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, statusptr); \
   1025     } \
   1026     tcg_temp_free_ptr(statusptr); \
   1027 }
   1028 
   1029 VFP_GEN_FTOI(toui)
   1030 VFP_GEN_FTOI(touiz)
   1031 VFP_GEN_FTOI(tosi)
   1032 VFP_GEN_FTOI(tosiz)
   1033 #undef VFP_GEN_FTOI
   1034 
   1035 #define VFP_GEN_FIX(name) \
   1036 static inline void gen_vfp_##name(int dp, int shift, int neon) \
   1037 { \
   1038     TCGv tmp_shift = tcg_const_i32(shift); \
   1039     TCGv_ptr statusptr = get_fpstatus_ptr(neon); \
   1040     if (dp) { \
   1041         gen_helper_vfp_##name##d(cpu_F0d, cpu_F0d, tmp_shift, statusptr); \
   1042     } else { \
   1043         gen_helper_vfp_##name##s(cpu_F0s, cpu_F0s, tmp_shift, statusptr); \
   1044     } \
   1045     tcg_temp_free_i32(tmp_shift); \
   1046     tcg_temp_free_ptr(statusptr); \
   1047 }
   1048 VFP_GEN_FIX(tosh)
   1049 VFP_GEN_FIX(tosl)
   1050 VFP_GEN_FIX(touh)
   1051 VFP_GEN_FIX(toul)
   1052 VFP_GEN_FIX(shto)
   1053 VFP_GEN_FIX(slto)
   1054 VFP_GEN_FIX(uhto)
   1055 VFP_GEN_FIX(ulto)
   1056 #undef VFP_GEN_FIX
   1057 
   1058 static inline void gen_vfp_ld(DisasContext *s, int dp, TCGv addr)
   1059 {
   1060     if (dp)
   1061         tcg_gen_qemu_ld64(cpu_F0d, addr, IS_USER(s));
   1062     else
   1063         tcg_gen_qemu_ld32u(cpu_F0s, addr, IS_USER(s));
   1064 }
   1065 
   1066 static inline void gen_vfp_st(DisasContext *s, int dp, TCGv addr)
   1067 {
   1068     if (dp)
   1069         tcg_gen_qemu_st64(cpu_F0d, addr, IS_USER(s));
   1070     else
   1071         tcg_gen_qemu_st32(cpu_F0s, addr, IS_USER(s));
   1072 }
   1073 
   1074 static inline long
   1075 vfp_reg_offset (int dp, int reg)
   1076 {
   1077     if (dp)
   1078         return offsetof(CPUARMState, vfp.regs[reg]);
   1079     else if (reg & 1) {
   1080         return offsetof(CPUARMState, vfp.regs[reg >> 1])
   1081           + offsetof(CPU_DoubleU, l.upper);
   1082     } else {
   1083         return offsetof(CPUARMState, vfp.regs[reg >> 1])
   1084           + offsetof(CPU_DoubleU, l.lower);
   1085     }
   1086 }
   1087 
   1088 /* Return the offset of a 32-bit piece of a NEON register.
   1089    zero is the least significant end of the register.  */
   1090 static inline long
   1091 neon_reg_offset (int reg, int n)
   1092 {
   1093     int sreg;
   1094     sreg = reg * 2 + n;
   1095     return vfp_reg_offset(0, sreg);
   1096 }
   1097 
   1098 static TCGv neon_load_reg(int reg, int pass)
   1099 {
   1100     TCGv tmp = tcg_temp_new_i32();
   1101     tcg_gen_ld_i32(tmp, cpu_env, neon_reg_offset(reg, pass));
   1102     return tmp;
   1103 }
   1104 
   1105 static void neon_store_reg(int reg, int pass, TCGv var)
   1106 {
   1107     tcg_gen_st_i32(var, cpu_env, neon_reg_offset(reg, pass));
   1108     tcg_temp_free_i32(var);
   1109 }
   1110 
   1111 static inline void neon_load_reg64(TCGv_i64 var, int reg)
   1112 {
   1113     tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(1, reg));
   1114 }
   1115 
   1116 static inline void neon_store_reg64(TCGv_i64 var, int reg)
   1117 {
   1118     tcg_gen_st_i64(var, cpu_env, vfp_reg_offset(1, reg));
   1119 }
   1120 
   1121 #define tcg_gen_ld_f32 tcg_gen_ld_i32
   1122 #define tcg_gen_ld_f64 tcg_gen_ld_i64
   1123 #define tcg_gen_st_f32 tcg_gen_st_i32
   1124 #define tcg_gen_st_f64 tcg_gen_st_i64
   1125 
   1126 static inline void gen_mov_F0_vreg(int dp, int reg)
   1127 {
   1128     if (dp)
   1129         tcg_gen_ld_f64(cpu_F0d, cpu_env, vfp_reg_offset(dp, reg));
   1130     else
   1131         tcg_gen_ld_f32(cpu_F0s, cpu_env, vfp_reg_offset(dp, reg));
   1132 }
   1133 
   1134 static inline void gen_mov_F1_vreg(int dp, int reg)
   1135 {
   1136     if (dp)
   1137         tcg_gen_ld_f64(cpu_F1d, cpu_env, vfp_reg_offset(dp, reg));
   1138     else
   1139         tcg_gen_ld_f32(cpu_F1s, cpu_env, vfp_reg_offset(dp, reg));
   1140 }
   1141 
   1142 static inline void gen_mov_vreg_F0(int dp, int reg)
   1143 {
   1144     if (dp)
   1145         tcg_gen_st_f64(cpu_F0d, cpu_env, vfp_reg_offset(dp, reg));
   1146     else
   1147         tcg_gen_st_f32(cpu_F0s, cpu_env, vfp_reg_offset(dp, reg));
   1148 }
   1149 
   1150 #define ARM_CP_RW_BIT	(1 << 20)
   1151 
   1152 static inline void iwmmxt_load_reg(TCGv_i64 var, int reg)
   1153 {
   1154     tcg_gen_ld_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
   1155 }
   1156 
   1157 static inline void iwmmxt_store_reg(TCGv_i64 var, int reg)
   1158 {
   1159     tcg_gen_st_i64(var, cpu_env, offsetof(CPUARMState, iwmmxt.regs[reg]));
   1160 }
   1161 
   1162 static inline TCGv iwmmxt_load_creg(int reg)
   1163 {
   1164     TCGv var = tcg_temp_new_i32();
   1165     tcg_gen_ld_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
   1166     return var;
   1167 }
   1168 
   1169 static inline void iwmmxt_store_creg(int reg, TCGv var)
   1170 {
   1171     tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, iwmmxt.cregs[reg]));
   1172     tcg_temp_free_i32(var);
   1173 }
   1174 
   1175 static inline void gen_op_iwmmxt_movq_wRn_M0(int rn)
   1176 {
   1177     iwmmxt_store_reg(cpu_M0, rn);
   1178 }
   1179 
   1180 static inline void gen_op_iwmmxt_movq_M0_wRn(int rn)
   1181 {
   1182     iwmmxt_load_reg(cpu_M0, rn);
   1183 }
   1184 
   1185 static inline void gen_op_iwmmxt_orq_M0_wRn(int rn)
   1186 {
   1187     iwmmxt_load_reg(cpu_V1, rn);
   1188     tcg_gen_or_i64(cpu_M0, cpu_M0, cpu_V1);
   1189 }
   1190 
   1191 static inline void gen_op_iwmmxt_andq_M0_wRn(int rn)
   1192 {
   1193     iwmmxt_load_reg(cpu_V1, rn);
   1194     tcg_gen_and_i64(cpu_M0, cpu_M0, cpu_V1);
   1195 }
   1196 
   1197 static inline void gen_op_iwmmxt_xorq_M0_wRn(int rn)
   1198 {
   1199     iwmmxt_load_reg(cpu_V1, rn);
   1200     tcg_gen_xor_i64(cpu_M0, cpu_M0, cpu_V1);
   1201 }
   1202 
   1203 #define IWMMXT_OP(name) \
   1204 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
   1205 { \
   1206     iwmmxt_load_reg(cpu_V1, rn); \
   1207     gen_helper_iwmmxt_##name(cpu_M0, cpu_M0, cpu_V1); \
   1208 }
   1209 
   1210 #define IWMMXT_OP_ENV(name) \
   1211 static inline void gen_op_iwmmxt_##name##_M0_wRn(int rn) \
   1212 { \
   1213     iwmmxt_load_reg(cpu_V1, rn); \
   1214     gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0, cpu_V1); \
   1215 }
   1216 
   1217 #define IWMMXT_OP_ENV_SIZE(name) \
   1218 IWMMXT_OP_ENV(name##b) \
   1219 IWMMXT_OP_ENV(name##w) \
   1220 IWMMXT_OP_ENV(name##l)
   1221 
   1222 #define IWMMXT_OP_ENV1(name) \
   1223 static inline void gen_op_iwmmxt_##name##_M0(void) \
   1224 { \
   1225     gen_helper_iwmmxt_##name(cpu_M0, cpu_env, cpu_M0); \
   1226 }
   1227 
   1228 IWMMXT_OP(maddsq)
   1229 IWMMXT_OP(madduq)
   1230 IWMMXT_OP(sadb)
   1231 IWMMXT_OP(sadw)
   1232 IWMMXT_OP(mulslw)
   1233 IWMMXT_OP(mulshw)
   1234 IWMMXT_OP(mululw)
   1235 IWMMXT_OP(muluhw)
   1236 IWMMXT_OP(macsw)
   1237 IWMMXT_OP(macuw)
   1238 
   1239 IWMMXT_OP_ENV_SIZE(unpackl)
   1240 IWMMXT_OP_ENV_SIZE(unpackh)
   1241 
   1242 IWMMXT_OP_ENV1(unpacklub)
   1243 IWMMXT_OP_ENV1(unpackluw)
   1244 IWMMXT_OP_ENV1(unpacklul)
   1245 IWMMXT_OP_ENV1(unpackhub)
   1246 IWMMXT_OP_ENV1(unpackhuw)
   1247 IWMMXT_OP_ENV1(unpackhul)
   1248 IWMMXT_OP_ENV1(unpacklsb)
   1249 IWMMXT_OP_ENV1(unpacklsw)
   1250 IWMMXT_OP_ENV1(unpacklsl)
   1251 IWMMXT_OP_ENV1(unpackhsb)
   1252 IWMMXT_OP_ENV1(unpackhsw)
   1253 IWMMXT_OP_ENV1(unpackhsl)
   1254 
   1255 IWMMXT_OP_ENV_SIZE(cmpeq)
   1256 IWMMXT_OP_ENV_SIZE(cmpgtu)
   1257 IWMMXT_OP_ENV_SIZE(cmpgts)
   1258 
   1259 IWMMXT_OP_ENV_SIZE(mins)
   1260 IWMMXT_OP_ENV_SIZE(minu)
   1261 IWMMXT_OP_ENV_SIZE(maxs)
   1262 IWMMXT_OP_ENV_SIZE(maxu)
   1263 
   1264 IWMMXT_OP_ENV_SIZE(subn)
   1265 IWMMXT_OP_ENV_SIZE(addn)
   1266 IWMMXT_OP_ENV_SIZE(subu)
   1267 IWMMXT_OP_ENV_SIZE(addu)
   1268 IWMMXT_OP_ENV_SIZE(subs)
   1269 IWMMXT_OP_ENV_SIZE(adds)
   1270 
   1271 IWMMXT_OP_ENV(avgb0)
   1272 IWMMXT_OP_ENV(avgb1)
   1273 IWMMXT_OP_ENV(avgw0)
   1274 IWMMXT_OP_ENV(avgw1)
   1275 
   1276 IWMMXT_OP(msadb)
   1277 
   1278 IWMMXT_OP_ENV(packuw)
   1279 IWMMXT_OP_ENV(packul)
   1280 IWMMXT_OP_ENV(packuq)
   1281 IWMMXT_OP_ENV(packsw)
   1282 IWMMXT_OP_ENV(packsl)
   1283 IWMMXT_OP_ENV(packsq)
   1284 
   1285 static void gen_op_iwmmxt_set_mup(void)
   1286 {
   1287     TCGv tmp;
   1288     tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
   1289     tcg_gen_ori_i32(tmp, tmp, 2);
   1290     store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
   1291 }
   1292 
   1293 static void gen_op_iwmmxt_set_cup(void)
   1294 {
   1295     TCGv tmp;
   1296     tmp = load_cpu_field(iwmmxt.cregs[ARM_IWMMXT_wCon]);
   1297     tcg_gen_ori_i32(tmp, tmp, 1);
   1298     store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCon]);
   1299 }
   1300 
   1301 static void gen_op_iwmmxt_setpsr_nz(void)
   1302 {
   1303     TCGv tmp = tcg_temp_new_i32();
   1304     gen_helper_iwmmxt_setpsr_nz(tmp, cpu_M0);
   1305     store_cpu_field(tmp, iwmmxt.cregs[ARM_IWMMXT_wCASF]);
   1306 }
   1307 
   1308 static inline void gen_op_iwmmxt_addl_M0_wRn(int rn)
   1309 {
   1310     iwmmxt_load_reg(cpu_V1, rn);
   1311     tcg_gen_ext32u_i64(cpu_V1, cpu_V1);
   1312     tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
   1313 }
   1314 
   1315 static inline int gen_iwmmxt_address(DisasContext *s, uint32_t insn, TCGv dest)
   1316 {
   1317     int rd;
   1318     uint32_t offset;
   1319     TCGv tmp;
   1320 
   1321     rd = (insn >> 16) & 0xf;
   1322     tmp = load_reg(s, rd);
   1323 
   1324     offset = (insn & 0xff) << ((insn >> 7) & 2);
   1325     if (insn & (1 << 24)) {
   1326         /* Pre indexed */
   1327         if (insn & (1 << 23))
   1328             tcg_gen_addi_i32(tmp, tmp, offset);
   1329         else
   1330             tcg_gen_addi_i32(tmp, tmp, -offset);
   1331         tcg_gen_mov_i32(dest, tmp);
   1332         if (insn & (1 << 21))
   1333             store_reg(s, rd, tmp);
   1334         else
   1335             tcg_temp_free_i32(tmp);
   1336     } else if (insn & (1 << 21)) {
   1337         /* Post indexed */
   1338         tcg_gen_mov_i32(dest, tmp);
   1339         if (insn & (1 << 23))
   1340             tcg_gen_addi_i32(tmp, tmp, offset);
   1341         else
   1342             tcg_gen_addi_i32(tmp, tmp, -offset);
   1343         store_reg(s, rd, tmp);
   1344     } else if (!(insn & (1 << 23)))
   1345         return 1;
   1346     return 0;
   1347 }
   1348 
   1349 static inline int gen_iwmmxt_shift(uint32_t insn, uint32_t mask, TCGv dest)
   1350 {
   1351     int rd = (insn >> 0) & 0xf;
   1352     TCGv tmp;
   1353 
   1354     if (insn & (1 << 8)) {
   1355         if (rd < ARM_IWMMXT_wCGR0 || rd > ARM_IWMMXT_wCGR3) {
   1356             return 1;
   1357         } else {
   1358             tmp = iwmmxt_load_creg(rd);
   1359         }
   1360     } else {
   1361         tmp = tcg_temp_new_i32();
   1362         iwmmxt_load_reg(cpu_V0, rd);
   1363         tcg_gen_trunc_i64_i32(tmp, cpu_V0);
   1364     }
   1365     tcg_gen_andi_i32(tmp, tmp, mask);
   1366     tcg_gen_mov_i32(dest, tmp);
   1367     tcg_temp_free_i32(tmp);
   1368     return 0;
   1369 }
   1370 
   1371 /* Disassemble an iwMMXt instruction.  Returns nonzero if an error occurred
   1372    (ie. an undefined instruction).  */
   1373 static int disas_iwmmxt_insn(CPUARMState *env, DisasContext *s, uint32_t insn)
   1374 {
   1375     int rd, wrd;
   1376     int rdhi, rdlo, rd0, rd1, i;
   1377     TCGv addr;
   1378     TCGv tmp, tmp2, tmp3;
   1379 
   1380     if ((insn & 0x0e000e00) == 0x0c000000) {
   1381         if ((insn & 0x0fe00ff0) == 0x0c400000) {
   1382             wrd = insn & 0xf;
   1383             rdlo = (insn >> 12) & 0xf;
   1384             rdhi = (insn >> 16) & 0xf;
   1385             if (insn & ARM_CP_RW_BIT) {			/* TMRRC */
   1386                 iwmmxt_load_reg(cpu_V0, wrd);
   1387                 tcg_gen_trunc_i64_i32(cpu_R[rdlo], cpu_V0);
   1388                 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
   1389                 tcg_gen_trunc_i64_i32(cpu_R[rdhi], cpu_V0);
   1390             } else {					/* TMCRR */
   1391                 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
   1392                 iwmmxt_store_reg(cpu_V0, wrd);
   1393                 gen_op_iwmmxt_set_mup();
   1394             }
   1395             return 0;
   1396         }
   1397 
   1398         wrd = (insn >> 12) & 0xf;
   1399         addr = tcg_temp_new_i32();
   1400         if (gen_iwmmxt_address(s, insn, addr)) {
   1401             tcg_temp_free_i32(addr);
   1402             return 1;
   1403         }
   1404         if (insn & ARM_CP_RW_BIT) {
   1405             if ((insn >> 28) == 0xf) {			/* WLDRW wCx */
   1406                 tmp = tcg_temp_new_i32();
   1407                 tcg_gen_qemu_ld32u(tmp, addr, IS_USER(s));
   1408                 iwmmxt_store_creg(wrd, tmp);
   1409             } else {
   1410                 i = 1;
   1411                 if (insn & (1 << 8)) {
   1412                     if (insn & (1 << 22)) {		/* WLDRD */
   1413                         tcg_gen_qemu_ld64(cpu_M0, addr, IS_USER(s));
   1414                         i = 0;
   1415                     } else {				/* WLDRW wRd */
   1416                         tmp = gen_ld32(addr, IS_USER(s));
   1417                     }
   1418                 } else {
   1419                     if (insn & (1 << 22)) {		/* WLDRH */
   1420                         tmp = gen_ld16u(addr, IS_USER(s));
   1421                     } else {				/* WLDRB */
   1422                         tmp = gen_ld8u(addr, IS_USER(s));
   1423                     }
   1424                 }
   1425                 if (i) {
   1426                     tcg_gen_extu_i32_i64(cpu_M0, tmp);
   1427                     tcg_temp_free_i32(tmp);
   1428                 }
   1429                 gen_op_iwmmxt_movq_wRn_M0(wrd);
   1430             }
   1431         } else {
   1432             if ((insn >> 28) == 0xf) {			/* WSTRW wCx */
   1433                 tmp = iwmmxt_load_creg(wrd);
   1434                 gen_st32(tmp, addr, IS_USER(s));
   1435             } else {
   1436                 gen_op_iwmmxt_movq_M0_wRn(wrd);
   1437                 tmp = tcg_temp_new_i32();
   1438                 if (insn & (1 << 8)) {
   1439                     if (insn & (1 << 22)) {		/* WSTRD */
   1440                         tcg_temp_free_i32(tmp);
   1441                         tcg_gen_qemu_st64(cpu_M0, addr, IS_USER(s));
   1442                     } else {				/* WSTRW wRd */
   1443                         tcg_gen_trunc_i64_i32(tmp, cpu_M0);
   1444                         gen_st32(tmp, addr, IS_USER(s));
   1445                     }
   1446                 } else {
   1447                     if (insn & (1 << 22)) {		/* WSTRH */
   1448                         tcg_gen_trunc_i64_i32(tmp, cpu_M0);
   1449                         gen_st16(tmp, addr, IS_USER(s));
   1450                     } else {				/* WSTRB */
   1451                         tcg_gen_trunc_i64_i32(tmp, cpu_M0);
   1452                         gen_st8(tmp, addr, IS_USER(s));
   1453                     }
   1454                 }
   1455             }
   1456         }
   1457         tcg_temp_free_i32(addr);
   1458         return 0;
   1459     }
   1460 
   1461     if ((insn & 0x0f000000) != 0x0e000000)
   1462         return 1;
   1463 
   1464     switch (((insn >> 12) & 0xf00) | ((insn >> 4) & 0xff)) {
   1465     case 0x000:						/* WOR */
   1466         wrd = (insn >> 12) & 0xf;
   1467         rd0 = (insn >> 0) & 0xf;
   1468         rd1 = (insn >> 16) & 0xf;
   1469         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1470         gen_op_iwmmxt_orq_M0_wRn(rd1);
   1471         gen_op_iwmmxt_setpsr_nz();
   1472         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1473         gen_op_iwmmxt_set_mup();
   1474         gen_op_iwmmxt_set_cup();
   1475         break;
   1476     case 0x011:						/* TMCR */
   1477         if (insn & 0xf)
   1478             return 1;
   1479         rd = (insn >> 12) & 0xf;
   1480         wrd = (insn >> 16) & 0xf;
   1481         switch (wrd) {
   1482         case ARM_IWMMXT_wCID:
   1483         case ARM_IWMMXT_wCASF:
   1484             break;
   1485         case ARM_IWMMXT_wCon:
   1486             gen_op_iwmmxt_set_cup();
   1487             /* Fall through.  */
   1488         case ARM_IWMMXT_wCSSF:
   1489             tmp = iwmmxt_load_creg(wrd);
   1490             tmp2 = load_reg(s, rd);
   1491             tcg_gen_andc_i32(tmp, tmp, tmp2);
   1492             tcg_temp_free_i32(tmp2);
   1493             iwmmxt_store_creg(wrd, tmp);
   1494             break;
   1495         case ARM_IWMMXT_wCGR0:
   1496         case ARM_IWMMXT_wCGR1:
   1497         case ARM_IWMMXT_wCGR2:
   1498         case ARM_IWMMXT_wCGR3:
   1499             gen_op_iwmmxt_set_cup();
   1500             tmp = load_reg(s, rd);
   1501             iwmmxt_store_creg(wrd, tmp);
   1502             break;
   1503         default:
   1504             return 1;
   1505         }
   1506         break;
   1507     case 0x100:						/* WXOR */
   1508         wrd = (insn >> 12) & 0xf;
   1509         rd0 = (insn >> 0) & 0xf;
   1510         rd1 = (insn >> 16) & 0xf;
   1511         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1512         gen_op_iwmmxt_xorq_M0_wRn(rd1);
   1513         gen_op_iwmmxt_setpsr_nz();
   1514         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1515         gen_op_iwmmxt_set_mup();
   1516         gen_op_iwmmxt_set_cup();
   1517         break;
   1518     case 0x111:						/* TMRC */
   1519         if (insn & 0xf)
   1520             return 1;
   1521         rd = (insn >> 12) & 0xf;
   1522         wrd = (insn >> 16) & 0xf;
   1523         tmp = iwmmxt_load_creg(wrd);
   1524         store_reg(s, rd, tmp);
   1525         break;
   1526     case 0x300:						/* WANDN */
   1527         wrd = (insn >> 12) & 0xf;
   1528         rd0 = (insn >> 0) & 0xf;
   1529         rd1 = (insn >> 16) & 0xf;
   1530         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1531         tcg_gen_neg_i64(cpu_M0, cpu_M0);
   1532         gen_op_iwmmxt_andq_M0_wRn(rd1);
   1533         gen_op_iwmmxt_setpsr_nz();
   1534         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1535         gen_op_iwmmxt_set_mup();
   1536         gen_op_iwmmxt_set_cup();
   1537         break;
   1538     case 0x200:						/* WAND */
   1539         wrd = (insn >> 12) & 0xf;
   1540         rd0 = (insn >> 0) & 0xf;
   1541         rd1 = (insn >> 16) & 0xf;
   1542         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1543         gen_op_iwmmxt_andq_M0_wRn(rd1);
   1544         gen_op_iwmmxt_setpsr_nz();
   1545         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1546         gen_op_iwmmxt_set_mup();
   1547         gen_op_iwmmxt_set_cup();
   1548         break;
   1549     case 0x810: case 0xa10:				/* WMADD */
   1550         wrd = (insn >> 12) & 0xf;
   1551         rd0 = (insn >> 0) & 0xf;
   1552         rd1 = (insn >> 16) & 0xf;
   1553         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1554         if (insn & (1 << 21))
   1555             gen_op_iwmmxt_maddsq_M0_wRn(rd1);
   1556         else
   1557             gen_op_iwmmxt_madduq_M0_wRn(rd1);
   1558         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1559         gen_op_iwmmxt_set_mup();
   1560         break;
   1561     case 0x10e: case 0x50e: case 0x90e: case 0xd0e:	/* WUNPCKIL */
   1562         wrd = (insn >> 12) & 0xf;
   1563         rd0 = (insn >> 16) & 0xf;
   1564         rd1 = (insn >> 0) & 0xf;
   1565         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1566         switch ((insn >> 22) & 3) {
   1567         case 0:
   1568             gen_op_iwmmxt_unpacklb_M0_wRn(rd1);
   1569             break;
   1570         case 1:
   1571             gen_op_iwmmxt_unpacklw_M0_wRn(rd1);
   1572             break;
   1573         case 2:
   1574             gen_op_iwmmxt_unpackll_M0_wRn(rd1);
   1575             break;
   1576         case 3:
   1577             return 1;
   1578         }
   1579         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1580         gen_op_iwmmxt_set_mup();
   1581         gen_op_iwmmxt_set_cup();
   1582         break;
   1583     case 0x10c: case 0x50c: case 0x90c: case 0xd0c:	/* WUNPCKIH */
   1584         wrd = (insn >> 12) & 0xf;
   1585         rd0 = (insn >> 16) & 0xf;
   1586         rd1 = (insn >> 0) & 0xf;
   1587         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1588         switch ((insn >> 22) & 3) {
   1589         case 0:
   1590             gen_op_iwmmxt_unpackhb_M0_wRn(rd1);
   1591             break;
   1592         case 1:
   1593             gen_op_iwmmxt_unpackhw_M0_wRn(rd1);
   1594             break;
   1595         case 2:
   1596             gen_op_iwmmxt_unpackhl_M0_wRn(rd1);
   1597             break;
   1598         case 3:
   1599             return 1;
   1600         }
   1601         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1602         gen_op_iwmmxt_set_mup();
   1603         gen_op_iwmmxt_set_cup();
   1604         break;
   1605     case 0x012: case 0x112: case 0x412: case 0x512:	/* WSAD */
   1606         wrd = (insn >> 12) & 0xf;
   1607         rd0 = (insn >> 16) & 0xf;
   1608         rd1 = (insn >> 0) & 0xf;
   1609         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1610         if (insn & (1 << 22))
   1611             gen_op_iwmmxt_sadw_M0_wRn(rd1);
   1612         else
   1613             gen_op_iwmmxt_sadb_M0_wRn(rd1);
   1614         if (!(insn & (1 << 20)))
   1615             gen_op_iwmmxt_addl_M0_wRn(wrd);
   1616         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1617         gen_op_iwmmxt_set_mup();
   1618         break;
   1619     case 0x010: case 0x110: case 0x210: case 0x310:	/* WMUL */
   1620         wrd = (insn >> 12) & 0xf;
   1621         rd0 = (insn >> 16) & 0xf;
   1622         rd1 = (insn >> 0) & 0xf;
   1623         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1624         if (insn & (1 << 21)) {
   1625             if (insn & (1 << 20))
   1626                 gen_op_iwmmxt_mulshw_M0_wRn(rd1);
   1627             else
   1628                 gen_op_iwmmxt_mulslw_M0_wRn(rd1);
   1629         } else {
   1630             if (insn & (1 << 20))
   1631                 gen_op_iwmmxt_muluhw_M0_wRn(rd1);
   1632             else
   1633                 gen_op_iwmmxt_mululw_M0_wRn(rd1);
   1634         }
   1635         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1636         gen_op_iwmmxt_set_mup();
   1637         break;
   1638     case 0x410: case 0x510: case 0x610: case 0x710:	/* WMAC */
   1639         wrd = (insn >> 12) & 0xf;
   1640         rd0 = (insn >> 16) & 0xf;
   1641         rd1 = (insn >> 0) & 0xf;
   1642         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1643         if (insn & (1 << 21))
   1644             gen_op_iwmmxt_macsw_M0_wRn(rd1);
   1645         else
   1646             gen_op_iwmmxt_macuw_M0_wRn(rd1);
   1647         if (!(insn & (1 << 20))) {
   1648             iwmmxt_load_reg(cpu_V1, wrd);
   1649             tcg_gen_add_i64(cpu_M0, cpu_M0, cpu_V1);
   1650         }
   1651         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1652         gen_op_iwmmxt_set_mup();
   1653         break;
   1654     case 0x006: case 0x406: case 0x806: case 0xc06:	/* WCMPEQ */
   1655         wrd = (insn >> 12) & 0xf;
   1656         rd0 = (insn >> 16) & 0xf;
   1657         rd1 = (insn >> 0) & 0xf;
   1658         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1659         switch ((insn >> 22) & 3) {
   1660         case 0:
   1661             gen_op_iwmmxt_cmpeqb_M0_wRn(rd1);
   1662             break;
   1663         case 1:
   1664             gen_op_iwmmxt_cmpeqw_M0_wRn(rd1);
   1665             break;
   1666         case 2:
   1667             gen_op_iwmmxt_cmpeql_M0_wRn(rd1);
   1668             break;
   1669         case 3:
   1670             return 1;
   1671         }
   1672         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1673         gen_op_iwmmxt_set_mup();
   1674         gen_op_iwmmxt_set_cup();
   1675         break;
   1676     case 0x800: case 0x900: case 0xc00: case 0xd00:	/* WAVG2 */
   1677         wrd = (insn >> 12) & 0xf;
   1678         rd0 = (insn >> 16) & 0xf;
   1679         rd1 = (insn >> 0) & 0xf;
   1680         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1681         if (insn & (1 << 22)) {
   1682             if (insn & (1 << 20))
   1683                 gen_op_iwmmxt_avgw1_M0_wRn(rd1);
   1684             else
   1685                 gen_op_iwmmxt_avgw0_M0_wRn(rd1);
   1686         } else {
   1687             if (insn & (1 << 20))
   1688                 gen_op_iwmmxt_avgb1_M0_wRn(rd1);
   1689             else
   1690                 gen_op_iwmmxt_avgb0_M0_wRn(rd1);
   1691         }
   1692         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1693         gen_op_iwmmxt_set_mup();
   1694         gen_op_iwmmxt_set_cup();
   1695         break;
   1696     case 0x802: case 0x902: case 0xa02: case 0xb02:	/* WALIGNR */
   1697         wrd = (insn >> 12) & 0xf;
   1698         rd0 = (insn >> 16) & 0xf;
   1699         rd1 = (insn >> 0) & 0xf;
   1700         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1701         tmp = iwmmxt_load_creg(ARM_IWMMXT_wCGR0 + ((insn >> 20) & 3));
   1702         tcg_gen_andi_i32(tmp, tmp, 7);
   1703         iwmmxt_load_reg(cpu_V1, rd1);
   1704         gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
   1705         tcg_temp_free_i32(tmp);
   1706         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1707         gen_op_iwmmxt_set_mup();
   1708         break;
   1709     case 0x601: case 0x605: case 0x609: case 0x60d:	/* TINSR */
   1710         if (((insn >> 6) & 3) == 3)
   1711             return 1;
   1712         rd = (insn >> 12) & 0xf;
   1713         wrd = (insn >> 16) & 0xf;
   1714         tmp = load_reg(s, rd);
   1715         gen_op_iwmmxt_movq_M0_wRn(wrd);
   1716         switch ((insn >> 6) & 3) {
   1717         case 0:
   1718             tmp2 = tcg_const_i32(0xff);
   1719             tmp3 = tcg_const_i32((insn & 7) << 3);
   1720             break;
   1721         case 1:
   1722             tmp2 = tcg_const_i32(0xffff);
   1723             tmp3 = tcg_const_i32((insn & 3) << 4);
   1724             break;
   1725         case 2:
   1726             tmp2 = tcg_const_i32(0xffffffff);
   1727             tmp3 = tcg_const_i32((insn & 1) << 5);
   1728             break;
   1729         default:
   1730             TCGV_UNUSED(tmp2);
   1731             TCGV_UNUSED(tmp3);
   1732         }
   1733         gen_helper_iwmmxt_insr(cpu_M0, cpu_M0, tmp, tmp2, tmp3);
   1734         tcg_temp_free(tmp3);
   1735         tcg_temp_free(tmp2);
   1736         tcg_temp_free_i32(tmp);
   1737         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1738         gen_op_iwmmxt_set_mup();
   1739         break;
   1740     case 0x107: case 0x507: case 0x907: case 0xd07:	/* TEXTRM */
   1741         rd = (insn >> 12) & 0xf;
   1742         wrd = (insn >> 16) & 0xf;
   1743         if (rd == 15 || ((insn >> 22) & 3) == 3)
   1744             return 1;
   1745         gen_op_iwmmxt_movq_M0_wRn(wrd);
   1746         tmp = tcg_temp_new_i32();
   1747         switch ((insn >> 22) & 3) {
   1748         case 0:
   1749             tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 7) << 3);
   1750             tcg_gen_trunc_i64_i32(tmp, cpu_M0);
   1751             if (insn & 8) {
   1752                 tcg_gen_ext8s_i32(tmp, tmp);
   1753             } else {
   1754                 tcg_gen_andi_i32(tmp, tmp, 0xff);
   1755             }
   1756             break;
   1757         case 1:
   1758             tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 3) << 4);
   1759             tcg_gen_trunc_i64_i32(tmp, cpu_M0);
   1760             if (insn & 8) {
   1761                 tcg_gen_ext16s_i32(tmp, tmp);
   1762             } else {
   1763                 tcg_gen_andi_i32(tmp, tmp, 0xffff);
   1764             }
   1765             break;
   1766         case 2:
   1767             tcg_gen_shri_i64(cpu_M0, cpu_M0, (insn & 1) << 5);
   1768             tcg_gen_trunc_i64_i32(tmp, cpu_M0);
   1769             break;
   1770         }
   1771         store_reg(s, rd, tmp);
   1772         break;
   1773     case 0x117: case 0x517: case 0x917: case 0xd17:	/* TEXTRC */
   1774         if ((insn & 0x000ff008) != 0x0003f000 || ((insn >> 22) & 3) == 3)
   1775             return 1;
   1776         tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
   1777         switch ((insn >> 22) & 3) {
   1778         case 0:
   1779             tcg_gen_shri_i32(tmp, tmp, ((insn & 7) << 2) + 0);
   1780             break;
   1781         case 1:
   1782             tcg_gen_shri_i32(tmp, tmp, ((insn & 3) << 3) + 4);
   1783             break;
   1784         case 2:
   1785             tcg_gen_shri_i32(tmp, tmp, ((insn & 1) << 4) + 12);
   1786             break;
   1787         }
   1788         tcg_gen_shli_i32(tmp, tmp, 28);
   1789         gen_set_nzcv(tmp);
   1790         tcg_temp_free_i32(tmp);
   1791         break;
   1792     case 0x401: case 0x405: case 0x409: case 0x40d:	/* TBCST */
   1793         if (((insn >> 6) & 3) == 3)
   1794             return 1;
   1795         rd = (insn >> 12) & 0xf;
   1796         wrd = (insn >> 16) & 0xf;
   1797         tmp = load_reg(s, rd);
   1798         switch ((insn >> 6) & 3) {
   1799         case 0:
   1800             gen_helper_iwmmxt_bcstb(cpu_M0, tmp);
   1801             break;
   1802         case 1:
   1803             gen_helper_iwmmxt_bcstw(cpu_M0, tmp);
   1804             break;
   1805         case 2:
   1806             gen_helper_iwmmxt_bcstl(cpu_M0, tmp);
   1807             break;
   1808         }
   1809         tcg_temp_free_i32(tmp);
   1810         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1811         gen_op_iwmmxt_set_mup();
   1812         break;
   1813     case 0x113: case 0x513: case 0x913: case 0xd13:	/* TANDC */
   1814         if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
   1815             return 1;
   1816         tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
   1817         tmp2 = tcg_temp_new_i32();
   1818         tcg_gen_mov_i32(tmp2, tmp);
   1819         switch ((insn >> 22) & 3) {
   1820         case 0:
   1821             for (i = 0; i < 7; i ++) {
   1822                 tcg_gen_shli_i32(tmp2, tmp2, 4);
   1823                 tcg_gen_and_i32(tmp, tmp, tmp2);
   1824             }
   1825             break;
   1826         case 1:
   1827             for (i = 0; i < 3; i ++) {
   1828                 tcg_gen_shli_i32(tmp2, tmp2, 8);
   1829                 tcg_gen_and_i32(tmp, tmp, tmp2);
   1830             }
   1831             break;
   1832         case 2:
   1833             tcg_gen_shli_i32(tmp2, tmp2, 16);
   1834             tcg_gen_and_i32(tmp, tmp, tmp2);
   1835             break;
   1836         }
   1837         gen_set_nzcv(tmp);
   1838         tcg_temp_free_i32(tmp2);
   1839         tcg_temp_free_i32(tmp);
   1840         break;
   1841     case 0x01c: case 0x41c: case 0x81c: case 0xc1c:	/* WACC */
   1842         wrd = (insn >> 12) & 0xf;
   1843         rd0 = (insn >> 16) & 0xf;
   1844         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1845         switch ((insn >> 22) & 3) {
   1846         case 0:
   1847             gen_helper_iwmmxt_addcb(cpu_M0, cpu_M0);
   1848             break;
   1849         case 1:
   1850             gen_helper_iwmmxt_addcw(cpu_M0, cpu_M0);
   1851             break;
   1852         case 2:
   1853             gen_helper_iwmmxt_addcl(cpu_M0, cpu_M0);
   1854             break;
   1855         case 3:
   1856             return 1;
   1857         }
   1858         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1859         gen_op_iwmmxt_set_mup();
   1860         break;
   1861     case 0x115: case 0x515: case 0x915: case 0xd15:	/* TORC */
   1862         if ((insn & 0x000ff00f) != 0x0003f000 || ((insn >> 22) & 3) == 3)
   1863             return 1;
   1864         tmp = iwmmxt_load_creg(ARM_IWMMXT_wCASF);
   1865         tmp2 = tcg_temp_new_i32();
   1866         tcg_gen_mov_i32(tmp2, tmp);
   1867         switch ((insn >> 22) & 3) {
   1868         case 0:
   1869             for (i = 0; i < 7; i ++) {
   1870                 tcg_gen_shli_i32(tmp2, tmp2, 4);
   1871                 tcg_gen_or_i32(tmp, tmp, tmp2);
   1872             }
   1873             break;
   1874         case 1:
   1875             for (i = 0; i < 3; i ++) {
   1876                 tcg_gen_shli_i32(tmp2, tmp2, 8);
   1877                 tcg_gen_or_i32(tmp, tmp, tmp2);
   1878             }
   1879             break;
   1880         case 2:
   1881             tcg_gen_shli_i32(tmp2, tmp2, 16);
   1882             tcg_gen_or_i32(tmp, tmp, tmp2);
   1883             break;
   1884         }
   1885         gen_set_nzcv(tmp);
   1886         tcg_temp_free_i32(tmp2);
   1887         tcg_temp_free_i32(tmp);
   1888         break;
   1889     case 0x103: case 0x503: case 0x903: case 0xd03:	/* TMOVMSK */
   1890         rd = (insn >> 12) & 0xf;
   1891         rd0 = (insn >> 16) & 0xf;
   1892         if ((insn & 0xf) != 0 || ((insn >> 22) & 3) == 3)
   1893             return 1;
   1894         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1895         tmp = tcg_temp_new_i32();
   1896         switch ((insn >> 22) & 3) {
   1897         case 0:
   1898             gen_helper_iwmmxt_msbb(tmp, cpu_M0);
   1899             break;
   1900         case 1:
   1901             gen_helper_iwmmxt_msbw(tmp, cpu_M0);
   1902             break;
   1903         case 2:
   1904             gen_helper_iwmmxt_msbl(tmp, cpu_M0);
   1905             break;
   1906         }
   1907         store_reg(s, rd, tmp);
   1908         break;
   1909     case 0x106: case 0x306: case 0x506: case 0x706:	/* WCMPGT */
   1910     case 0x906: case 0xb06: case 0xd06: case 0xf06:
   1911         wrd = (insn >> 12) & 0xf;
   1912         rd0 = (insn >> 16) & 0xf;
   1913         rd1 = (insn >> 0) & 0xf;
   1914         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1915         switch ((insn >> 22) & 3) {
   1916         case 0:
   1917             if (insn & (1 << 21))
   1918                 gen_op_iwmmxt_cmpgtsb_M0_wRn(rd1);
   1919             else
   1920                 gen_op_iwmmxt_cmpgtub_M0_wRn(rd1);
   1921             break;
   1922         case 1:
   1923             if (insn & (1 << 21))
   1924                 gen_op_iwmmxt_cmpgtsw_M0_wRn(rd1);
   1925             else
   1926                 gen_op_iwmmxt_cmpgtuw_M0_wRn(rd1);
   1927             break;
   1928         case 2:
   1929             if (insn & (1 << 21))
   1930                 gen_op_iwmmxt_cmpgtsl_M0_wRn(rd1);
   1931             else
   1932                 gen_op_iwmmxt_cmpgtul_M0_wRn(rd1);
   1933             break;
   1934         case 3:
   1935             return 1;
   1936         }
   1937         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1938         gen_op_iwmmxt_set_mup();
   1939         gen_op_iwmmxt_set_cup();
   1940         break;
   1941     case 0x00e: case 0x20e: case 0x40e: case 0x60e:	/* WUNPCKEL */
   1942     case 0x80e: case 0xa0e: case 0xc0e: case 0xe0e:
   1943         wrd = (insn >> 12) & 0xf;
   1944         rd0 = (insn >> 16) & 0xf;
   1945         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1946         switch ((insn >> 22) & 3) {
   1947         case 0:
   1948             if (insn & (1 << 21))
   1949                 gen_op_iwmmxt_unpacklsb_M0();
   1950             else
   1951                 gen_op_iwmmxt_unpacklub_M0();
   1952             break;
   1953         case 1:
   1954             if (insn & (1 << 21))
   1955                 gen_op_iwmmxt_unpacklsw_M0();
   1956             else
   1957                 gen_op_iwmmxt_unpackluw_M0();
   1958             break;
   1959         case 2:
   1960             if (insn & (1 << 21))
   1961                 gen_op_iwmmxt_unpacklsl_M0();
   1962             else
   1963                 gen_op_iwmmxt_unpacklul_M0();
   1964             break;
   1965         case 3:
   1966             return 1;
   1967         }
   1968         gen_op_iwmmxt_movq_wRn_M0(wrd);
   1969         gen_op_iwmmxt_set_mup();
   1970         gen_op_iwmmxt_set_cup();
   1971         break;
   1972     case 0x00c: case 0x20c: case 0x40c: case 0x60c:	/* WUNPCKEH */
   1973     case 0x80c: case 0xa0c: case 0xc0c: case 0xe0c:
   1974         wrd = (insn >> 12) & 0xf;
   1975         rd0 = (insn >> 16) & 0xf;
   1976         gen_op_iwmmxt_movq_M0_wRn(rd0);
   1977         switch ((insn >> 22) & 3) {
   1978         case 0:
   1979             if (insn & (1 << 21))
   1980                 gen_op_iwmmxt_unpackhsb_M0();
   1981             else
   1982                 gen_op_iwmmxt_unpackhub_M0();
   1983             break;
   1984         case 1:
   1985             if (insn & (1 << 21))
   1986                 gen_op_iwmmxt_unpackhsw_M0();
   1987             else
   1988                 gen_op_iwmmxt_unpackhuw_M0();
   1989             break;
   1990         case 2:
   1991             if (insn & (1 << 21))
   1992                 gen_op_iwmmxt_unpackhsl_M0();
   1993             else
   1994                 gen_op_iwmmxt_unpackhul_M0();
   1995             break;
   1996         case 3:
   1997             return 1;
   1998         }
   1999         gen_op_iwmmxt_movq_wRn_M0(wrd);
   2000         gen_op_iwmmxt_set_mup();
   2001         gen_op_iwmmxt_set_cup();
   2002         break;
   2003     case 0x204: case 0x604: case 0xa04: case 0xe04:	/* WSRL */
   2004     case 0x214: case 0x614: case 0xa14: case 0xe14:
   2005         if (((insn >> 22) & 3) == 0)
   2006             return 1;
   2007         wrd = (insn >> 12) & 0xf;
   2008         rd0 = (insn >> 16) & 0xf;
   2009         gen_op_iwmmxt_movq_M0_wRn(rd0);
   2010         tmp = tcg_temp_new_i32();
   2011         if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
   2012             tcg_temp_free_i32(tmp);
   2013             return 1;
   2014         }
   2015         switch ((insn >> 22) & 3) {
   2016         case 1:
   2017             gen_helper_iwmmxt_srlw(cpu_M0, cpu_env, cpu_M0, tmp);
   2018             break;
   2019         case 2:
   2020             gen_helper_iwmmxt_srll(cpu_M0, cpu_env, cpu_M0, tmp);
   2021             break;
   2022         case 3:
   2023             gen_helper_iwmmxt_srlq(cpu_M0, cpu_env, cpu_M0, tmp);
   2024             break;
   2025         }
   2026         tcg_temp_free_i32(tmp);
   2027         gen_op_iwmmxt_movq_wRn_M0(wrd);
   2028         gen_op_iwmmxt_set_mup();
   2029         gen_op_iwmmxt_set_cup();
   2030         break;
   2031     case 0x004: case 0x404: case 0x804: case 0xc04:	/* WSRA */
   2032     case 0x014: case 0x414: case 0x814: case 0xc14:
   2033         if (((insn >> 22) & 3) == 0)
   2034             return 1;
   2035         wrd = (insn >> 12) & 0xf;
   2036         rd0 = (insn >> 16) & 0xf;
   2037         gen_op_iwmmxt_movq_M0_wRn(rd0);
   2038         tmp = tcg_temp_new_i32();
   2039         if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
   2040             tcg_temp_free_i32(tmp);
   2041             return 1;
   2042         }
   2043         switch ((insn >> 22) & 3) {
   2044         case 1:
   2045             gen_helper_iwmmxt_sraw(cpu_M0, cpu_env, cpu_M0, tmp);
   2046             break;
   2047         case 2:
   2048             gen_helper_iwmmxt_sral(cpu_M0, cpu_env, cpu_M0, tmp);
   2049             break;
   2050         case 3:
   2051             gen_helper_iwmmxt_sraq(cpu_M0, cpu_env, cpu_M0, tmp);
   2052             break;
   2053         }
   2054         tcg_temp_free_i32(tmp);
   2055         gen_op_iwmmxt_movq_wRn_M0(wrd);
   2056         gen_op_iwmmxt_set_mup();
   2057         gen_op_iwmmxt_set_cup();
   2058         break;
   2059     case 0x104: case 0x504: case 0x904: case 0xd04:	/* WSLL */
   2060     case 0x114: case 0x514: case 0x914: case 0xd14:
   2061         if (((insn >> 22) & 3) == 0)
   2062             return 1;
   2063         wrd = (insn >> 12) & 0xf;
   2064         rd0 = (insn >> 16) & 0xf;
   2065         gen_op_iwmmxt_movq_M0_wRn(rd0);
   2066         tmp = tcg_temp_new_i32();
   2067         if (gen_iwmmxt_shift(insn, 0xff, tmp)) {
   2068             tcg_temp_free_i32(tmp);
   2069             return 1;
   2070         }
   2071         switch ((insn >> 22) & 3) {
   2072         case 1:
   2073             gen_helper_iwmmxt_sllw(cpu_M0, cpu_env, cpu_M0, tmp);
   2074             break;
   2075         case 2:
   2076             gen_helper_iwmmxt_slll(cpu_M0, cpu_env, cpu_M0, tmp);
   2077             break;
   2078         case 3:
   2079             gen_helper_iwmmxt_sllq(cpu_M0, cpu_env, cpu_M0, tmp);
   2080             break;
   2081         }
   2082         tcg_temp_free_i32(tmp);
   2083         gen_op_iwmmxt_movq_wRn_M0(wrd);
   2084         gen_op_iwmmxt_set_mup();
   2085         gen_op_iwmmxt_set_cup();
   2086         break;
   2087     case 0x304: case 0x704: case 0xb04: case 0xf04:	/* WROR */
   2088     case 0x314: case 0x714: case 0xb14: case 0xf14:
   2089         if (((insn >> 22) & 3) == 0)
   2090             return 1;
   2091         wrd = (insn >> 12) & 0xf;
   2092         rd0 = (insn >> 16) & 0xf;
   2093         gen_op_iwmmxt_movq_M0_wRn(rd0);
   2094         tmp = tcg_temp_new_i32();
   2095         switch ((insn >> 22) & 3) {
   2096         case 1:
   2097             if (gen_iwmmxt_shift(insn, 0xf, tmp)) {
   2098                 tcg_temp_free_i32(tmp);
   2099                 return 1;
   2100             }
   2101             gen_helper_iwmmxt_rorw(cpu_M0, cpu_env, cpu_M0, tmp);
   2102             break;
   2103         case 2:
   2104             if (gen_iwmmxt_shift(insn, 0x1f, tmp)) {
   2105                 tcg_temp_free_i32(tmp);
   2106                 return 1;
   2107             }
   2108             gen_helper_iwmmxt_rorl(cpu_M0, cpu_env, cpu_M0, tmp);
   2109             break;
   2110         case 3:
   2111             if (gen_iwmmxt_shift(insn, 0x3f, tmp)) {
   2112                 tcg_temp_free_i32(tmp);
   2113                 return 1;
   2114             }
   2115             gen_helper_iwmmxt_rorq(cpu_M0, cpu_env, cpu_M0, tmp);
   2116             break;
   2117         }
   2118         tcg_temp_free_i32(tmp);
   2119         gen_op_iwmmxt_movq_wRn_M0(wrd);
   2120         gen_op_iwmmxt_set_mup();
   2121         gen_op_iwmmxt_set_cup();
   2122         break;
   2123     case 0x116: case 0x316: case 0x516: case 0x716:	/* WMIN */
   2124     case 0x916: case 0xb16: case 0xd16: case 0xf16:
   2125         wrd = (insn >> 12) & 0xf;
   2126         rd0 = (insn >> 16) & 0xf;
   2127         rd1 = (insn >> 0) & 0xf;
   2128         gen_op_iwmmxt_movq_M0_wRn(rd0);
   2129         switch ((insn >> 22) & 3) {
   2130         case 0:
   2131             if (insn & (1 << 21))
   2132                 gen_op_iwmmxt_minsb_M0_wRn(rd1);
   2133             else
   2134                 gen_op_iwmmxt_minub_M0_wRn(rd1);
   2135             break;
   2136         case 1:
   2137             if (insn & (1 << 21))
   2138                 gen_op_iwmmxt_minsw_M0_wRn(rd1);
   2139             else
   2140                 gen_op_iwmmxt_minuw_M0_wRn(rd1);
   2141             break;
   2142         case 2:
   2143             if (insn & (1 << 21))
   2144                 gen_op_iwmmxt_minsl_M0_wRn(rd1);
   2145             else
   2146                 gen_op_iwmmxt_minul_M0_wRn(rd1);
   2147             break;
   2148         case 3:
   2149             return 1;
   2150         }
   2151         gen_op_iwmmxt_movq_wRn_M0(wrd);
   2152         gen_op_iwmmxt_set_mup();
   2153         break;
   2154     case 0x016: case 0x216: case 0x416: case 0x616:	/* WMAX */
   2155     case 0x816: case 0xa16: case 0xc16: case 0xe16:
   2156         wrd = (insn >> 12) & 0xf;
   2157         rd0 = (insn >> 16) & 0xf;
   2158         rd1 = (insn >> 0) & 0xf;
   2159         gen_op_iwmmxt_movq_M0_wRn(rd0);
   2160         switch ((insn >> 22) & 3) {
   2161         case 0:
   2162             if (insn & (1 << 21))
   2163                 gen_op_iwmmxt_maxsb_M0_wRn(rd1);
   2164             else
   2165                 gen_op_iwmmxt_maxub_M0_wRn(rd1);
   2166             break;
   2167         case 1:
   2168             if (insn & (1 << 21))
   2169                 gen_op_iwmmxt_maxsw_M0_wRn(rd1);
   2170             else
   2171                 gen_op_iwmmxt_maxuw_M0_wRn(rd1);
   2172             break;
   2173         case 2:
   2174             if (insn & (1 << 21))
   2175                 gen_op_iwmmxt_maxsl_M0_wRn(rd1);
   2176             else
   2177                 gen_op_iwmmxt_maxul_M0_wRn(rd1);
   2178             break;
   2179         case 3:
   2180             return 1;
   2181         }
   2182         gen_op_iwmmxt_movq_wRn_M0(wrd);
   2183         gen_op_iwmmxt_set_mup();
   2184         break;
   2185     case 0x002: case 0x102: case 0x202: case 0x302:	/* WALIGNI */
   2186     case 0x402: case 0x502: case 0x602: case 0x702:
   2187         wrd = (insn >> 12) & 0xf;
   2188         rd0 = (insn >> 16) & 0xf;
   2189         rd1 = (insn >> 0) & 0xf;
   2190         gen_op_iwmmxt_movq_M0_wRn(rd0);
   2191         tmp = tcg_const_i32((insn >> 20) & 3);
   2192         iwmmxt_load_reg(cpu_V1, rd1);
   2193         gen_helper_iwmmxt_align(cpu_M0, cpu_M0, cpu_V1, tmp);
   2194         tcg_temp_free(tmp);
   2195         gen_op_iwmmxt_movq_wRn_M0(wrd);
   2196         gen_op_iwmmxt_set_mup();
   2197         break;
   2198     case 0x01a: case 0x11a: case 0x21a: case 0x31a:	/* WSUB */
   2199     case 0x41a: case 0x51a: case 0x61a: case 0x71a:
   2200     case 0x81a: case 0x91a: case 0xa1a: case 0xb1a:
   2201     case 0xc1a: case 0xd1a: case 0xe1a: case 0xf1a:
   2202         wrd = (insn >> 12) & 0xf;
   2203         rd0 = (insn >> 16) & 0xf;
   2204         rd1 = (insn >> 0) & 0xf;
   2205         gen_op_iwmmxt_movq_M0_wRn(rd0);
   2206         switch ((insn >> 20) & 0xf) {
   2207         case 0x0:
   2208             gen_op_iwmmxt_subnb_M0_wRn(rd1);
   2209             break;
   2210         case 0x1:
   2211             gen_op_iwmmxt_subub_M0_wRn(rd1);
   2212             break;
   2213         case 0x3:
   2214             gen_op_iwmmxt_subsb_M0_wRn(rd1);
   2215             break;
   2216         case 0x4:
   2217             gen_op_iwmmxt_subnw_M0_wRn(rd1);
   2218             break;
   2219         case 0x5:
   2220             gen_op_iwmmxt_subuw_M0_wRn(rd1);
   2221             break;
   2222         case 0x7:
   2223             gen_op_iwmmxt_subsw_M0_wRn(rd1);
   2224             break;
   2225         case 0x8:
   2226             gen_op_iwmmxt_subnl_M0_wRn(rd1);
   2227             break;
   2228         case 0x9:
   2229             gen_op_iwmmxt_subul_M0_wRn(rd1);
   2230             break;
   2231         case 0xb:
   2232             gen_op_iwmmxt_subsl_M0_wRn(rd1);
   2233             break;
   2234         default:
   2235             return 1;
   2236         }
   2237         gen_op_iwmmxt_movq_wRn_M0(wrd);
   2238         gen_op_iwmmxt_set_mup();
   2239         gen_op_iwmmxt_set_cup();
   2240         break;
   2241     case 0x01e: case 0x11e: case 0x21e: case 0x31e:	/* WSHUFH */
   2242     case 0x41e: case 0x51e: case 0x61e: case 0x71e:
   2243     case 0x81e: case 0x91e: case 0xa1e: case 0xb1e:
   2244     case 0xc1e: case 0xd1e: case 0xe1e: case 0xf1e:
   2245         wrd = (insn >> 12) & 0xf;
   2246         rd0 = (insn >> 16) & 0xf;
   2247         gen_op_iwmmxt_movq_M0_wRn(rd0);
   2248         tmp = tcg_const_i32(((insn >> 16) & 0xf0) | (insn & 0x0f));
   2249         gen_helper_iwmmxt_shufh(cpu_M0, cpu_env, cpu_M0, tmp);
   2250         tcg_temp_free(tmp);
   2251         gen_op_iwmmxt_movq_wRn_M0(wrd);
   2252         gen_op_iwmmxt_set_mup();
   2253         gen_op_iwmmxt_set_cup();
   2254         break;
   2255     case 0x018: case 0x118: case 0x218: case 0x318:	/* WADD */
   2256     case 0x418: case 0x518: case 0x618: case 0x718:
   2257     case 0x818: case 0x918: case 0xa18: case 0xb18:
   2258     case 0xc18: case 0xd18: case 0xe18: case 0xf18:
   2259         wrd = (insn >> 12) & 0xf;
   2260         rd0 = (insn >> 16) & 0xf;
   2261         rd1 = (insn >> 0) & 0xf;
   2262         gen_op_iwmmxt_movq_M0_wRn(rd0);
   2263         switch ((insn >> 20) & 0xf) {
   2264         case 0x0:
   2265             gen_op_iwmmxt_addnb_M0_wRn(rd1);
   2266             break;
   2267         case 0x1:
   2268             gen_op_iwmmxt_addub_M0_wRn(rd1);
   2269             break;
   2270         case 0x3:
   2271             gen_op_iwmmxt_addsb_M0_wRn(rd1);
   2272             break;
   2273         case 0x4:
   2274             gen_op_iwmmxt_addnw_M0_wRn(rd1);
   2275             break;
   2276         case 0x5:
   2277             gen_op_iwmmxt_adduw_M0_wRn(rd1);
   2278             break;
   2279         case 0x7:
   2280             gen_op_iwmmxt_addsw_M0_wRn(rd1);
   2281             break;
   2282         case 0x8:
   2283             gen_op_iwmmxt_addnl_M0_wRn(rd1);
   2284             break;
   2285         case 0x9:
   2286             gen_op_iwmmxt_addul_M0_wRn(rd1);
   2287             break;
   2288         case 0xb:
   2289             gen_op_iwmmxt_addsl_M0_wRn(rd1);
   2290             break;
   2291         default:
   2292             return 1;
   2293         }
   2294         gen_op_iwmmxt_movq_wRn_M0(wrd);
   2295         gen_op_iwmmxt_set_mup();
   2296         gen_op_iwmmxt_set_cup();
   2297         break;
   2298     case 0x008: case 0x108: case 0x208: case 0x308:	/* WPACK */
   2299     case 0x408: case 0x508: case 0x608: case 0x708:
   2300     case 0x808: case 0x908: case 0xa08: case 0xb08:
   2301     case 0xc08: case 0xd08: case 0xe08: case 0xf08:
   2302         if (!(insn & (1 << 20)) || ((insn >> 22) & 3) == 0)
   2303             return 1;
   2304         wrd = (insn >> 12) & 0xf;
   2305         rd0 = (insn >> 16) & 0xf;
   2306         rd1 = (insn >> 0) & 0xf;
   2307         gen_op_iwmmxt_movq_M0_wRn(rd0);
   2308         switch ((insn >> 22) & 3) {
   2309         case 1:
   2310             if (insn & (1 << 21))
   2311                 gen_op_iwmmxt_packsw_M0_wRn(rd1);
   2312             else
   2313                 gen_op_iwmmxt_packuw_M0_wRn(rd1);
   2314             break;
   2315         case 2:
   2316             if (insn & (1 << 21))
   2317                 gen_op_iwmmxt_packsl_M0_wRn(rd1);
   2318             else
   2319                 gen_op_iwmmxt_packul_M0_wRn(rd1);
   2320             break;
   2321         case 3:
   2322             if (insn & (1 << 21))
   2323                 gen_op_iwmmxt_packsq_M0_wRn(rd1);
   2324             else
   2325                 gen_op_iwmmxt_packuq_M0_wRn(rd1);
   2326             break;
   2327         }
   2328         gen_op_iwmmxt_movq_wRn_M0(wrd);
   2329         gen_op_iwmmxt_set_mup();
   2330         gen_op_iwmmxt_set_cup();
   2331         break;
   2332     case 0x201: case 0x203: case 0x205: case 0x207:
   2333     case 0x209: case 0x20b: case 0x20d: case 0x20f:
   2334     case 0x211: case 0x213: case 0x215: case 0x217:
   2335     case 0x219: case 0x21b: case 0x21d: case 0x21f:
   2336         wrd = (insn >> 5) & 0xf;
   2337         rd0 = (insn >> 12) & 0xf;
   2338         rd1 = (insn >> 0) & 0xf;
   2339         if (rd0 == 0xf || rd1 == 0xf)
   2340             return 1;
   2341         gen_op_iwmmxt_movq_M0_wRn(wrd);
   2342         tmp = load_reg(s, rd0);
   2343         tmp2 = load_reg(s, rd1);
   2344         switch ((insn >> 16) & 0xf) {
   2345         case 0x0:					/* TMIA */
   2346             gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
   2347             break;
   2348         case 0x8:					/* TMIAPH */
   2349             gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
   2350             break;
   2351         case 0xc: case 0xd: case 0xe: case 0xf:		/* TMIAxy */
   2352             if (insn & (1 << 16))
   2353                 tcg_gen_shri_i32(tmp, tmp, 16);
   2354             if (insn & (1 << 17))
   2355                 tcg_gen_shri_i32(tmp2, tmp2, 16);
   2356             gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
   2357             break;
   2358         default:
   2359             tcg_temp_free_i32(tmp2);
   2360             tcg_temp_free_i32(tmp);
   2361             return 1;
   2362         }
   2363         tcg_temp_free_i32(tmp2);
   2364         tcg_temp_free_i32(tmp);
   2365         gen_op_iwmmxt_movq_wRn_M0(wrd);
   2366         gen_op_iwmmxt_set_mup();
   2367         break;
   2368     default:
   2369         return 1;
   2370     }
   2371 
   2372     return 0;
   2373 }
   2374 
   2375 /* Disassemble an XScale DSP instruction.  Returns nonzero if an error occurred
   2376    (ie. an undefined instruction).  */
   2377 static int disas_dsp_insn(CPUARMState *env, DisasContext *s, uint32_t insn)
   2378 {
   2379     int acc, rd0, rd1, rdhi, rdlo;
   2380     TCGv tmp, tmp2;
   2381 
   2382     if ((insn & 0x0ff00f10) == 0x0e200010) {
   2383         /* Multiply with Internal Accumulate Format */
   2384         rd0 = (insn >> 12) & 0xf;
   2385         rd1 = insn & 0xf;
   2386         acc = (insn >> 5) & 7;
   2387 
   2388         if (acc != 0)
   2389             return 1;
   2390 
   2391         tmp = load_reg(s, rd0);
   2392         tmp2 = load_reg(s, rd1);
   2393         switch ((insn >> 16) & 0xf) {
   2394         case 0x0:					/* MIA */
   2395             gen_helper_iwmmxt_muladdsl(cpu_M0, cpu_M0, tmp, tmp2);
   2396             break;
   2397         case 0x8:					/* MIAPH */
   2398             gen_helper_iwmmxt_muladdsw(cpu_M0, cpu_M0, tmp, tmp2);
   2399             break;
   2400         case 0xc:					/* MIABB */
   2401         case 0xd:					/* MIABT */
   2402         case 0xe:					/* MIATB */
   2403         case 0xf:					/* MIATT */
   2404             if (insn & (1 << 16))
   2405                 tcg_gen_shri_i32(tmp, tmp, 16);
   2406             if (insn & (1 << 17))
   2407                 tcg_gen_shri_i32(tmp2, tmp2, 16);
   2408             gen_helper_iwmmxt_muladdswl(cpu_M0, cpu_M0, tmp, tmp2);
   2409             break;
   2410         default:
   2411             return 1;
   2412         }
   2413         tcg_temp_free_i32(tmp2);
   2414         tcg_temp_free_i32(tmp);
   2415 
   2416         gen_op_iwmmxt_movq_wRn_M0(acc);
   2417         return 0;
   2418     }
   2419 
   2420     if ((insn & 0x0fe00ff8) == 0x0c400000) {
   2421         /* Internal Accumulator Access Format */
   2422         rdhi = (insn >> 16) & 0xf;
   2423         rdlo = (insn >> 12) & 0xf;
   2424         acc = insn & 7;
   2425 
   2426         if (acc != 0)
   2427             return 1;
   2428 
   2429         if (insn & ARM_CP_RW_BIT) {			/* MRA */
   2430             iwmmxt_load_reg(cpu_V0, acc);
   2431             tcg_gen_trunc_i64_i32(cpu_R[rdlo], cpu_V0);
   2432             tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
   2433             tcg_gen_trunc_i64_i32(cpu_R[rdhi], cpu_V0);
   2434             tcg_gen_andi_i32(cpu_R[rdhi], cpu_R[rdhi], (1 << (40 - 32)) - 1);
   2435         } else {					/* MAR */
   2436             tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
   2437             iwmmxt_store_reg(cpu_V0, acc);
   2438         }
   2439         return 0;
   2440     }
   2441 
   2442     return 1;
   2443 }
   2444 
   2445 /* Disassemble system coprocessor instruction.  Return nonzero if
   2446    instruction is not defined.  */
   2447 static int disas_cp_insn(CPUARMState *env, DisasContext *s, uint32_t insn)
   2448 {
   2449     TCGv tmp, tmp2;
   2450     uint32_t rd = (insn >> 12) & 0xf;
   2451     uint32_t cp = (insn >> 8) & 0xf;
   2452 
   2453     if (insn & ARM_CP_RW_BIT) {
   2454         if (!env->cp[cp].cp_read)
   2455             return 1;
   2456         gen_set_pc_im(s->pc);
   2457         tmp = tcg_temp_new_i32();
   2458         tmp2 = tcg_const_i32(insn);
   2459         gen_helper_get_cp(tmp, cpu_env, tmp2);
   2460         tcg_temp_free(tmp2);
   2461         store_reg(s, rd, tmp);
   2462     } else {
   2463         if (!env->cp[cp].cp_write)
   2464             return 1;
   2465         gen_set_pc_im(s->pc);
   2466         tmp = load_reg(s, rd);
   2467         tmp2 = tcg_const_i32(insn);
   2468         gen_helper_set_cp(cpu_env, tmp2, tmp);
   2469         tcg_temp_free(tmp2);
   2470         tcg_temp_free_i32(tmp);
   2471     }
   2472     return 0;
   2473 }
   2474 
   2475 static int cp15_user_ok(CPUARMState *env, uint32_t insn)
   2476 {
   2477     int cpn = (insn >> 16) & 0xf;
   2478     int cpm = insn & 0xf;
   2479     int op = ((insn >> 5) & 7) | ((insn >> 18) & 0x38);
   2480 
   2481     if (arm_feature(env, ARM_FEATURE_V7) && cpn == 9) {
   2482         /* Performance monitor registers fall into three categories:
   2483          *  (a) always UNDEF in usermode
   2484          *  (b) UNDEF only if PMUSERENR.EN is 0
   2485          *  (c) always read OK and UNDEF on write (PMUSERENR only)
   2486          */
   2487         if ((cpm == 12 && (op < 6)) ||
   2488             (cpm == 13 && (op < 3))) {
   2489             return env->cp15.c9_pmuserenr;
   2490         } else if (cpm == 14 && op == 0 && (insn & ARM_CP_RW_BIT)) {
   2491             /* PMUSERENR, read only */
   2492             return 1;
   2493         }
   2494         return 0;
   2495     }
   2496 
   2497     if (cpn == 13 && cpm == 0) {
   2498         /* TLS register.  */
   2499         if (op == 2 || (op == 3 && (insn & ARM_CP_RW_BIT)))
   2500             return 1;
   2501     }
   2502     return 0;
   2503 }
   2504 
   2505 static int cp15_tls_load_store(CPUARMState *env, DisasContext *s, uint32_t insn, uint32_t rd)
   2506 {
   2507     TCGv tmp;
   2508     int cpn = (insn >> 16) & 0xf;
   2509     int cpm = insn & 0xf;
   2510     int op = ((insn >> 5) & 7) | ((insn >> 18) & 0x38);
   2511 
   2512     if (!arm_feature(env, ARM_FEATURE_V6K))
   2513         return 0;
   2514 
   2515     if (!(cpn == 13 && cpm == 0))
   2516         return 0;
   2517 
   2518     if (insn & ARM_CP_RW_BIT) {
   2519         switch (op) {
   2520         case 2:
   2521             tmp = load_cpu_field(cp15.c13_tls1);
   2522             break;
   2523         case 3:
   2524             tmp = load_cpu_field(cp15.c13_tls2);
   2525             break;
   2526         case 4:
   2527             tmp = load_cpu_field(cp15.c13_tls3);
   2528             break;
   2529         default:
   2530             return 0;
   2531         }
   2532         store_reg(s, rd, tmp);
   2533 
   2534     } else {
   2535         tmp = load_reg(s, rd);
   2536         switch (op) {
   2537         case 2:
   2538             store_cpu_field(tmp, cp15.c13_tls1);
   2539             break;
   2540         case 3:
   2541             store_cpu_field(tmp, cp15.c13_tls2);
   2542             break;
   2543         case 4:
   2544             store_cpu_field(tmp, cp15.c13_tls3);
   2545             break;
   2546         default:
   2547             tcg_temp_free_i32(tmp);
   2548             return 0;
   2549         }
   2550     }
   2551     return 1;
   2552 }
   2553 
   2554 /* Disassemble system coprocessor (cp15) instruction.  Return nonzero if
   2555    instruction is not defined.  */
   2556 static int disas_cp15_insn(CPUARMState *env, DisasContext *s, uint32_t insn)
   2557 {
   2558     uint32_t rd;
   2559     TCGv tmp, tmp2;
   2560 
   2561     /* M profile cores use memory mapped registers instead of cp15.  */
   2562     if (arm_feature(env, ARM_FEATURE_M))
   2563 	return 1;
   2564 
   2565     if ((insn & (1 << 25)) == 0) {
   2566         if (insn & (1 << 20)) {
   2567             /* mrrc */
   2568             return 1;
   2569         }
   2570         /* mcrr.  Used for block cache operations, so implement as no-op.  */
   2571         return 0;
   2572     }
   2573     if ((insn & (1 << 4)) == 0) {
   2574         /* cdp */
   2575         return 1;
   2576     }
   2577     /* We special case a number of cp15 instructions which were used
   2578      * for things which are real instructions in ARMv7. This allows
   2579      * them to work in linux-user mode which doesn't provide functional
   2580      * get_cp15/set_cp15 helpers, and is more efficient anyway.
   2581      */
   2582     switch ((insn & 0x0fff0fff)) {
   2583     case 0x0e070f90:
   2584         /* 0,c7,c0,4: Standard v6 WFI (also used in some pre-v6 cores).
   2585          * In v7, this must NOP.
   2586          */
   2587         if (IS_USER(s)) {
   2588             return 1;
   2589         }
   2590         if (!arm_feature(env, ARM_FEATURE_V7)) {
   2591             /* Wait for interrupt.  */
   2592             gen_set_pc_im(s->pc);
   2593             s->is_jmp = DISAS_WFI;
   2594         }
   2595         return 0;
   2596     case 0x0e070f58:
   2597         /* 0,c7,c8,2: Not all pre-v6 cores implemented this WFI,
   2598          * so this is slightly over-broad.
   2599          */
   2600         if (!IS_USER(s) && !arm_feature(env, ARM_FEATURE_V6)) {
   2601             /* Wait for interrupt.  */
   2602             gen_set_pc_im(s->pc);
   2603             s->is_jmp = DISAS_WFI;
   2604             return 0;
   2605         }
   2606         /* Otherwise continue to handle via helper function.
   2607          * In particular, on v7 and some v6 cores this is one of
   2608          * the VA-PA registers.
   2609          */
   2610         break;
   2611     case 0x0e070f3d:
   2612         /* 0,c7,c13,1: prefetch-by-MVA in v6, NOP in v7 */
   2613         if (arm_feature(env, ARM_FEATURE_V6)) {
   2614             return IS_USER(s) ? 1 : 0;
   2615         }
   2616         break;
   2617     case 0x0e070f95: /* 0,c7,c5,4 : ISB */
   2618     case 0x0e070f9a: /* 0,c7,c10,4: DSB */
   2619     case 0x0e070fba: /* 0,c7,c10,5: DMB */
   2620         /* Barriers in both v6 and v7 */
   2621         if (arm_feature(env, ARM_FEATURE_V6)) {
   2622             return 0;
   2623         }
   2624         break;
   2625     default:
   2626         break;
   2627     }
   2628 
   2629     if (IS_USER(s) && !cp15_user_ok(env, insn)) {
   2630         return 1;
   2631     }
   2632 
   2633     rd = (insn >> 12) & 0xf;
   2634 
   2635     if (cp15_tls_load_store(env, s, insn, rd))
   2636         return 0;
   2637 
   2638     tmp2 = tcg_const_i32(insn);
   2639     if (insn & ARM_CP_RW_BIT) {
   2640         tmp = tcg_temp_new_i32();
   2641         gen_helper_get_cp15(tmp, cpu_env, tmp2);
   2642         /* If the destination register is r15 then sets condition codes.  */
   2643         if (rd != 15)
   2644             store_reg(s, rd, tmp);
   2645         else
   2646             tcg_temp_free_i32(tmp);
   2647     } else {
   2648         tmp = load_reg(s, rd);
   2649         gen_helper_set_cp15(cpu_env, tmp2, tmp);
   2650         tcg_temp_free_i32(tmp);
   2651         /* Normally we would always end the TB here, but Linux
   2652          * arch/arm/mach-pxa/sleep.S expects two instructions following
   2653          * an MMU enable to execute from cache.  Imitate this behaviour.  */
   2654         if (!arm_feature(env, ARM_FEATURE_XSCALE) ||
   2655                 (insn & 0x0fff0fff) != 0x0e010f10)
   2656             gen_lookup_tb(s);
   2657     }
   2658     tcg_temp_free_i32(tmp2);
   2659     return 0;
   2660 }
   2661 
   2662 #define VFP_REG_SHR(x, n) (((n) > 0) ? (x) >> (n) : (x) << -(n))
   2663 #define VFP_SREG(insn, bigbit, smallbit) \
   2664   ((VFP_REG_SHR(insn, bigbit - 1) & 0x1e) | (((insn) >> (smallbit)) & 1))
   2665 #define VFP_DREG(reg, insn, bigbit, smallbit) do { \
   2666     if (arm_feature(env, ARM_FEATURE_VFP3)) { \
   2667         reg = (((insn) >> (bigbit)) & 0x0f) \
   2668               | (((insn) >> ((smallbit) - 4)) & 0x10); \
   2669     } else { \
   2670         if (insn & (1 << (smallbit))) \
   2671             return 1; \
   2672         reg = ((insn) >> (bigbit)) & 0x0f; \
   2673     }} while (0)
   2674 
   2675 #define VFP_SREG_D(insn) VFP_SREG(insn, 12, 22)
   2676 #define VFP_DREG_D(reg, insn) VFP_DREG(reg, insn, 12, 22)
   2677 #define VFP_SREG_N(insn) VFP_SREG(insn, 16,  7)
   2678 #define VFP_DREG_N(reg, insn) VFP_DREG(reg, insn, 16,  7)
   2679 #define VFP_SREG_M(insn) VFP_SREG(insn,  0,  5)
   2680 #define VFP_DREG_M(reg, insn) VFP_DREG(reg, insn,  0,  5)
   2681 
   2682 /* Move between integer and VFP cores.  */
   2683 static TCGv gen_vfp_mrs(void)
   2684 {
   2685     TCGv tmp = tcg_temp_new_i32();
   2686     tcg_gen_mov_i32(tmp, cpu_F0s);
   2687     return tmp;
   2688 }
   2689 
   2690 static void gen_vfp_msr(TCGv tmp)
   2691 {
   2692     tcg_gen_mov_i32(cpu_F0s, tmp);
   2693     tcg_temp_free_i32(tmp);
   2694 }
   2695 
   2696 static void gen_neon_dup_u8(TCGv var, int shift)
   2697 {
   2698     TCGv tmp = tcg_temp_new_i32();
   2699     if (shift)
   2700         tcg_gen_shri_i32(var, var, shift);
   2701     tcg_gen_ext8u_i32(var, var);
   2702     tcg_gen_shli_i32(tmp, var, 8);
   2703     tcg_gen_or_i32(var, var, tmp);
   2704     tcg_gen_shli_i32(tmp, var, 16);
   2705     tcg_gen_or_i32(var, var, tmp);
   2706     tcg_temp_free_i32(tmp);
   2707 }
   2708 
   2709 static void gen_neon_dup_low16(TCGv var)
   2710 {
   2711     TCGv tmp = tcg_temp_new_i32();
   2712     tcg_gen_ext16u_i32(var, var);
   2713     tcg_gen_shli_i32(tmp, var, 16);
   2714     tcg_gen_or_i32(var, var, tmp);
   2715     tcg_temp_free_i32(tmp);
   2716 }
   2717 
   2718 static void gen_neon_dup_high16(TCGv var)
   2719 {
   2720     TCGv tmp = tcg_temp_new_i32();
   2721     tcg_gen_andi_i32(var, var, 0xffff0000);
   2722     tcg_gen_shri_i32(tmp, var, 16);
   2723     tcg_gen_or_i32(var, var, tmp);
   2724     tcg_temp_free_i32(tmp);
   2725 }
   2726 
   2727 static TCGv gen_load_and_replicate(DisasContext *s, TCGv addr, int size)
   2728 {
   2729     /* Load a single Neon element and replicate into a 32 bit TCG reg */
   2730     TCGv tmp;
   2731     switch (size) {
   2732     case 0:
   2733         tmp = gen_ld8u(addr, IS_USER(s));
   2734         gen_neon_dup_u8(tmp, 0);
   2735         break;
   2736     case 1:
   2737         tmp = gen_ld16u(addr, IS_USER(s));
   2738         gen_neon_dup_low16(tmp);
   2739         break;
   2740     case 2:
   2741         tmp = gen_ld32(addr, IS_USER(s));
   2742         break;
   2743     default: /* Avoid compiler warnings.  */
   2744         abort();
   2745     }
   2746     return tmp;
   2747 }
   2748 
   2749 /* Disassemble a VFP instruction.  Returns nonzero if an error occurred
   2750    (ie. an undefined instruction).  */
   2751 static int disas_vfp_insn(CPUARMState * env, DisasContext *s, uint32_t insn)
   2752 {
   2753     uint32_t rd, rn, rm, op, i, n, offset, delta_d, delta_m, bank_mask;
   2754     int dp, veclen;
   2755     TCGv addr;
   2756     TCGv tmp;
   2757     TCGv tmp2;
   2758 
   2759     if (!arm_feature(env, ARM_FEATURE_VFP))
   2760         return 1;
   2761 
   2762     if (!s->vfp_enabled) {
   2763         /* VFP disabled.  Only allow fmxr/fmrx to/from some control regs.  */
   2764         if ((insn & 0x0fe00fff) != 0x0ee00a10)
   2765             return 1;
   2766         rn = (insn >> 16) & 0xf;
   2767         if (rn != ARM_VFP_FPSID && rn != ARM_VFP_FPEXC
   2768             && rn != ARM_VFP_MVFR1 && rn != ARM_VFP_MVFR0)
   2769             return 1;
   2770     }
   2771     dp = ((insn & 0xf00) == 0xb00);
   2772     switch ((insn >> 24) & 0xf) {
   2773     case 0xe:
   2774         if (insn & (1 << 4)) {
   2775             /* single register transfer */
   2776             rd = (insn >> 12) & 0xf;
   2777             if (dp) {
   2778                 int size;
   2779                 int pass;
   2780 
   2781                 VFP_DREG_N(rn, insn);
   2782                 if (insn & 0xf)
   2783                     return 1;
   2784                 if (insn & 0x00c00060
   2785                     && !arm_feature(env, ARM_FEATURE_NEON))
   2786                     return 1;
   2787 
   2788                 pass = (insn >> 21) & 1;
   2789                 if (insn & (1 << 22)) {
   2790                     size = 0;
   2791                     offset = ((insn >> 5) & 3) * 8;
   2792                 } else if (insn & (1 << 5)) {
   2793                     size = 1;
   2794                     offset = (insn & (1 << 6)) ? 16 : 0;
   2795                 } else {
   2796                     size = 2;
   2797                     offset = 0;
   2798                 }
   2799                 if (insn & ARM_CP_RW_BIT) {
   2800                     /* vfp->arm */
   2801                     tmp = neon_load_reg(rn, pass);
   2802                     switch (size) {
   2803                     case 0:
   2804                         if (offset)
   2805                             tcg_gen_shri_i32(tmp, tmp, offset);
   2806                         if (insn & (1 << 23))
   2807                             gen_uxtb(tmp);
   2808                         else
   2809                             gen_sxtb(tmp);
   2810                         break;
   2811                     case 1:
   2812                         if (insn & (1 << 23)) {
   2813                             if (offset) {
   2814                                 tcg_gen_shri_i32(tmp, tmp, 16);
   2815                             } else {
   2816                                 gen_uxth(tmp);
   2817                             }
   2818                         } else {
   2819                             if (offset) {
   2820                                 tcg_gen_sari_i32(tmp, tmp, 16);
   2821                             } else {
   2822                                 gen_sxth(tmp);
   2823                             }
   2824                         }
   2825                         break;
   2826                     case 2:
   2827                         break;
   2828                     }
   2829                     store_reg(s, rd, tmp);
   2830                 } else {
   2831                     /* arm->vfp */
   2832                     tmp = load_reg(s, rd);
   2833                     if (insn & (1 << 23)) {
   2834                         /* VDUP */
   2835                         if (size == 0) {
   2836                             gen_neon_dup_u8(tmp, 0);
   2837                         } else if (size == 1) {
   2838                             gen_neon_dup_low16(tmp);
   2839                         }
   2840                         for (n = 0; n <= pass * 2; n++) {
   2841                             tmp2 = tcg_temp_new_i32();
   2842                             tcg_gen_mov_i32(tmp2, tmp);
   2843                             neon_store_reg(rn, n, tmp2);
   2844                         }
   2845                         neon_store_reg(rn, n, tmp);
   2846                     } else {
   2847                         /* VMOV */
   2848                         switch (size) {
   2849                         case 0:
   2850                             tmp2 = neon_load_reg(rn, pass);
   2851                             gen_bfi(tmp, tmp2, tmp, offset, 0xff);
   2852                             tcg_temp_free_i32(tmp2);
   2853                             break;
   2854                         case 1:
   2855                             tmp2 = neon_load_reg(rn, pass);
   2856                             gen_bfi(tmp, tmp2, tmp, offset, 0xffff);
   2857                             tcg_temp_free_i32(tmp2);
   2858                             break;
   2859                         case 2:
   2860                             break;
   2861                         }
   2862                         neon_store_reg(rn, pass, tmp);
   2863                     }
   2864                 }
   2865             } else { /* !dp */
   2866                 if ((insn & 0x6f) != 0x00)
   2867                     return 1;
   2868                 rn = VFP_SREG_N(insn);
   2869                 if (insn & ARM_CP_RW_BIT) {
   2870                     /* vfp->arm */
   2871                     if (insn & (1 << 21)) {
   2872                         /* system register */
   2873                         rn >>= 1;
   2874 
   2875                         switch (rn) {
   2876                         case ARM_VFP_FPSID:
   2877                             /* VFP2 allows access to FSID from userspace.
   2878                                VFP3 restricts all id registers to privileged
   2879                                accesses.  */
   2880                             if (IS_USER(s)
   2881                                 && arm_feature(env, ARM_FEATURE_VFP3))
   2882                                 return 1;
   2883                             tmp = load_cpu_field(vfp.xregs[rn]);
   2884                             break;
   2885                         case ARM_VFP_FPEXC:
   2886                             if (IS_USER(s))
   2887                                 return 1;
   2888                             tmp = load_cpu_field(vfp.xregs[rn]);
   2889                             break;
   2890                         case ARM_VFP_FPINST:
   2891                         case ARM_VFP_FPINST2:
   2892                             /* Not present in VFP3.  */
   2893                             if (IS_USER(s)
   2894                                 || arm_feature(env, ARM_FEATURE_VFP3))
   2895                                 return 1;
   2896                             tmp = load_cpu_field(vfp.xregs[rn]);
   2897                             break;
   2898                         case ARM_VFP_FPSCR:
   2899                             if (rd == 15) {
   2900                                 tmp = load_cpu_field(vfp.xregs[ARM_VFP_FPSCR]);
   2901                                 tcg_gen_andi_i32(tmp, tmp, 0xf0000000);
   2902                             } else {
   2903                                 tmp = tcg_temp_new_i32();
   2904                                 gen_helper_vfp_get_fpscr(tmp, cpu_env);
   2905                             }
   2906                             break;
   2907                         case ARM_VFP_MVFR0:
   2908                         case ARM_VFP_MVFR1:
   2909                             if (IS_USER(s)
   2910                                 || !arm_feature(env, ARM_FEATURE_VFP3))
   2911                                 return 1;
   2912                             tmp = load_cpu_field(vfp.xregs[rn]);
   2913                             break;
   2914                         default:
   2915                             return 1;
   2916                         }
   2917                     } else {
   2918                         gen_mov_F0_vreg(0, rn);
   2919                         tmp = gen_vfp_mrs();
   2920                     }
   2921                     if (rd == 15) {
   2922                         /* Set the 4 flag bits in the CPSR.  */
   2923                         gen_set_nzcv(tmp);
   2924                         tcg_temp_free_i32(tmp);
   2925                     } else {
   2926                         store_reg(s, rd, tmp);
   2927                     }
   2928                 } else {
   2929                     /* arm->vfp */
   2930                     tmp = load_reg(s, rd);
   2931                     if (insn & (1 << 21)) {
   2932                         rn >>= 1;
   2933                         /* system register */
   2934                         switch (rn) {
   2935                         case ARM_VFP_FPSID:
   2936                         case ARM_VFP_MVFR0:
   2937                         case ARM_VFP_MVFR1:
   2938                             /* Writes are ignored.  */
   2939                             break;
   2940                         case ARM_VFP_FPSCR:
   2941                             gen_helper_vfp_set_fpscr(cpu_env, tmp);
   2942                             tcg_temp_free_i32(tmp);
   2943                             gen_lookup_tb(s);
   2944                             break;
   2945                         case ARM_VFP_FPEXC:
   2946                             if (IS_USER(s))
   2947                                 return 1;
   2948                             /* TODO: VFP subarchitecture support.
   2949                              * For now, keep the EN bit only */
   2950                             tcg_gen_andi_i32(tmp, tmp, 1 << 30);
   2951                             store_cpu_field(tmp, vfp.xregs[rn]);
   2952                             gen_lookup_tb(s);
   2953                             break;
   2954                         case ARM_VFP_FPINST:
   2955                         case ARM_VFP_FPINST2:
   2956                             store_cpu_field(tmp, vfp.xregs[rn]);
   2957                             break;
   2958                         default:
   2959                             return 1;
   2960                         }
   2961                     } else {
   2962                         gen_vfp_msr(tmp);
   2963                         gen_mov_vreg_F0(0, rn);
   2964                     }
   2965                 }
   2966             }
   2967         } else {
   2968             /* data processing */
   2969             /* The opcode is in bits 23, 21, 20 and 6.  */
   2970             op = ((insn >> 20) & 8) | ((insn >> 19) & 6) | ((insn >> 6) & 1);
   2971             if (dp) {
   2972                 if (op == 15) {
   2973                     /* rn is opcode */
   2974                     rn = ((insn >> 15) & 0x1e) | ((insn >> 7) & 1);
   2975                 } else {
   2976                     /* rn is register number */
   2977                     VFP_DREG_N(rn, insn);
   2978                 }
   2979 
   2980                 if (op == 15 && (rn == 15 || ((rn & 0x1c) == 0x18))) {
   2981                     /* Integer or single precision destination.  */
   2982                     rd = VFP_SREG_D(insn);
   2983                 } else {
   2984                     VFP_DREG_D(rd, insn);
   2985                 }
   2986                 if (op == 15 &&
   2987                     (((rn & 0x1c) == 0x10) || ((rn & 0x14) == 0x14))) {
   2988                     /* VCVT from int is always from S reg regardless of dp bit.
   2989                      * VCVT with immediate frac_bits has same format as SREG_M
   2990                      */
   2991                     rm = VFP_SREG_M(insn);
   2992                 } else {
   2993                     VFP_DREG_M(rm, insn);
   2994                 }
   2995             } else {
   2996                 rn = VFP_SREG_N(insn);
   2997                 if (op == 15 && rn == 15) {
   2998                     /* Double precision destination.  */
   2999                     VFP_DREG_D(rd, insn);
   3000                 } else {
   3001                     rd = VFP_SREG_D(insn);
   3002                 }
   3003                 /* NB that we implicitly rely on the encoding for the frac_bits
   3004                  * in VCVT of fixed to float being the same as that of an SREG_M
   3005                  */
   3006                 rm = VFP_SREG_M(insn);
   3007             }
   3008 
   3009             veclen = s->vec_len;
   3010             if (op == 15 && rn > 3)
   3011                 veclen = 0;
   3012 
   3013             /* Shut up compiler warnings.  */
   3014             delta_m = 0;
   3015             delta_d = 0;
   3016             bank_mask = 0;
   3017 
   3018             if (veclen > 0) {
   3019                 if (dp)
   3020                     bank_mask = 0xc;
   3021                 else
   3022                     bank_mask = 0x18;
   3023 
   3024                 /* Figure out what type of vector operation this is.  */
   3025                 if ((rd & bank_mask) == 0) {
   3026                     /* scalar */
   3027                     veclen = 0;
   3028                 } else {
   3029                     if (dp)
   3030                         delta_d = (s->vec_stride >> 1) + 1;
   3031                     else
   3032                         delta_d = s->vec_stride + 1;
   3033 
   3034                     if ((rm & bank_mask) == 0) {
   3035                         /* mixed scalar/vector */
   3036                         delta_m = 0;
   3037                     } else {
   3038                         /* vector */
   3039                         delta_m = delta_d;
   3040                     }
   3041                 }
   3042             }
   3043 
   3044             /* Load the initial operands.  */
   3045             if (op == 15) {
   3046                 switch (rn) {
   3047                 case 16:
   3048                 case 17:
   3049                     /* Integer source */
   3050                     gen_mov_F0_vreg(0, rm);
   3051                     break;
   3052                 case 8:
   3053                 case 9:
   3054                     /* Compare */
   3055                     gen_mov_F0_vreg(dp, rd);
   3056                     gen_mov_F1_vreg(dp, rm);
   3057                     break;
   3058                 case 10:
   3059                 case 11:
   3060                     /* Compare with zero */
   3061                     gen_mov_F0_vreg(dp, rd);
   3062                     gen_vfp_F1_ld0(dp);
   3063                     break;
   3064                 case 20:
   3065                 case 21:
   3066                 case 22:
   3067                 case 23:
   3068                 case 28:
   3069                 case 29:
   3070                 case 30:
   3071                 case 31:
   3072                     /* Source and destination the same.  */
   3073                     gen_mov_F0_vreg(dp, rd);
   3074                     break;
   3075                 case 4:
   3076                 case 5:
   3077                 case 6:
   3078                 case 7:
   3079                     /* VCVTB, VCVTT: only present with the halfprec extension,
   3080                      * UNPREDICTABLE if bit 8 is set (we choose to UNDEF)
   3081                      */
   3082                     if (dp || !arm_feature(env, ARM_FEATURE_VFP_FP16)) {
   3083                         return 1;
   3084                     }
   3085                     /* Otherwise fall through */
   3086                 default:
   3087                     /* One source operand.  */
   3088                     gen_mov_F0_vreg(dp, rm);
   3089                     break;
   3090                 }
   3091             } else {
   3092                 /* Two source operands.  */
   3093                 gen_mov_F0_vreg(dp, rn);
   3094                 gen_mov_F1_vreg(dp, rm);
   3095             }
   3096 
   3097             for (;;) {
   3098                 /* Perform the calculation.  */
   3099                 switch (op) {
   3100                 case 0: /* VMLA: fd + (fn * fm) */
   3101                     /* Note that order of inputs to the add matters for NaNs */
   3102                     gen_vfp_F1_mul(dp);
   3103                     gen_mov_F0_vreg(dp, rd);
   3104                     gen_vfp_add(dp);
   3105                     break;
   3106                 case 1: /* VMLS: fd + -(fn * fm) */
   3107                     gen_vfp_mul(dp);
   3108                     gen_vfp_F1_neg(dp);
   3109                     gen_mov_F0_vreg(dp, rd);
   3110                     gen_vfp_add(dp);
   3111                     break;
   3112                 case 2: /* VNMLS: -fd + (fn * fm) */
   3113                     /* Note that it isn't valid to replace (-A + B) with (B - A)
   3114                      * or similar plausible looking simplifications
   3115                      * because this will give wrong results for NaNs.
   3116                      */
   3117                     gen_vfp_F1_mul(dp);
   3118                     gen_mov_F0_vreg(dp, rd);
   3119                     gen_vfp_neg(dp);
   3120                     gen_vfp_add(dp);
   3121                     break;
   3122                 case 3: /* VNMLA: -fd + -(fn * fm) */
   3123                     gen_vfp_mul(dp);
   3124                     gen_vfp_F1_neg(dp);
   3125                     gen_mov_F0_vreg(dp, rd);
   3126                     gen_vfp_neg(dp);
   3127                     gen_vfp_add(dp);
   3128                     break;
   3129                 case 4: /* mul: fn * fm */
   3130                     gen_vfp_mul(dp);
   3131                     break;
   3132                 case 5: /* nmul: -(fn * fm) */
   3133                     gen_vfp_mul(dp);
   3134                     gen_vfp_neg(dp);
   3135                     break;
   3136                 case 6: /* add: fn + fm */
   3137                     gen_vfp_add(dp);
   3138                     break;
   3139                 case 7: /* sub: fn - fm */
   3140                     gen_vfp_sub(dp);
   3141                     break;
   3142                 case 8: /* div: fn / fm */
   3143                     gen_vfp_div(dp);
   3144                     break;
   3145                 case 14: /* fconst */
   3146                     if (!arm_feature(env, ARM_FEATURE_VFP3))
   3147                       return 1;
   3148 
   3149                     n = (insn << 12) & 0x80000000;
   3150                     i = ((insn >> 12) & 0x70) | (insn & 0xf);
   3151                     if (dp) {
   3152                         if (i & 0x40)
   3153                             i |= 0x3f80;
   3154                         else
   3155                             i |= 0x4000;
   3156                         n |= i << 16;
   3157                         tcg_gen_movi_i64(cpu_F0d, ((uint64_t)n) << 32);
   3158                     } else {
   3159                         if (i & 0x40)
   3160                             i |= 0x780;
   3161                         else
   3162                             i |= 0x800;
   3163                         n |= i << 19;
   3164                         tcg_gen_movi_i32(cpu_F0s, n);
   3165                     }
   3166                     break;
   3167                 case 15: /* extension space */
   3168                     switch (rn) {
   3169                     case 0: /* cpy */
   3170                         /* no-op */
   3171                         break;
   3172                     case 1: /* abs */
   3173                         gen_vfp_abs(dp);
   3174                         break;
   3175                     case 2: /* neg */
   3176                         gen_vfp_neg(dp);
   3177                         break;
   3178                     case 3: /* sqrt */
   3179                         gen_vfp_sqrt(dp);
   3180                         break;
   3181                     case 4: /* vcvtb.f32.f16 */
   3182                         tmp = gen_vfp_mrs();
   3183                         tcg_gen_ext16u_i32(tmp, tmp);
   3184                         gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp, cpu_env);
   3185                         tcg_temp_free_i32(tmp);
   3186                         break;
   3187                     case 5: /* vcvtt.f32.f16 */
   3188                         tmp = gen_vfp_mrs();
   3189                         tcg_gen_shri_i32(tmp, tmp, 16);
   3190                         gen_helper_vfp_fcvt_f16_to_f32(cpu_F0s, tmp, cpu_env);
   3191                         tcg_temp_free_i32(tmp);
   3192                         break;
   3193                     case 6: /* vcvtb.f16.f32 */
   3194                         tmp = tcg_temp_new_i32();
   3195                         gen_helper_vfp_fcvt_f32_to_f16(tmp, cpu_F0s, cpu_env);
   3196                         gen_mov_F0_vreg(0, rd);
   3197                         tmp2 = gen_vfp_mrs();
   3198                         tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
   3199                         tcg_gen_or_i32(tmp, tmp, tmp2);
   3200                         tcg_temp_free_i32(tmp2);
   3201                         gen_vfp_msr(tmp);
   3202                         break;
   3203                     case 7: /* vcvtt.f16.f32 */
   3204                         tmp = tcg_temp_new_i32();
   3205                         gen_helper_vfp_fcvt_f32_to_f16(tmp, cpu_F0s, cpu_env);
   3206                         tcg_gen_shli_i32(tmp, tmp, 16);
   3207                         gen_mov_F0_vreg(0, rd);
   3208                         tmp2 = gen_vfp_mrs();
   3209                         tcg_gen_ext16u_i32(tmp2, tmp2);
   3210                         tcg_gen_or_i32(tmp, tmp, tmp2);
   3211                         tcg_temp_free_i32(tmp2);
   3212                         gen_vfp_msr(tmp);
   3213                         break;
   3214                     case 8: /* cmp */
   3215                         gen_vfp_cmp(dp);
   3216                         break;
   3217                     case 9: /* cmpe */
   3218                         gen_vfp_cmpe(dp);
   3219                         break;
   3220                     case 10: /* cmpz */
   3221                         gen_vfp_cmp(dp);
   3222                         break;
   3223                     case 11: /* cmpez */
   3224                         gen_vfp_F1_ld0(dp);
   3225                         gen_vfp_cmpe(dp);
   3226                         break;
   3227                     case 15: /* single<->double conversion */
   3228                         if (dp)
   3229                             gen_helper_vfp_fcvtsd(cpu_F0s, cpu_F0d, cpu_env);
   3230                         else
   3231                             gen_helper_vfp_fcvtds(cpu_F0d, cpu_F0s, cpu_env);
   3232                         break;
   3233                     case 16: /* fuito */
   3234                         gen_vfp_uito(dp, 0);
   3235                         break;
   3236                     case 17: /* fsito */
   3237                         gen_vfp_sito(dp, 0);
   3238                         break;
   3239                     case 20: /* fshto */
   3240                         if (!arm_feature(env, ARM_FEATURE_VFP3))
   3241                           return 1;
   3242                         gen_vfp_shto(dp, 16 - rm, 0);
   3243                         break;
   3244                     case 21: /* fslto */
   3245                         if (!arm_feature(env, ARM_FEATURE_VFP3))
   3246                           return 1;
   3247                         gen_vfp_slto(dp, 32 - rm, 0);
   3248                         break;
   3249                     case 22: /* fuhto */
   3250                         if (!arm_feature(env, ARM_FEATURE_VFP3))
   3251                           return 1;
   3252                         gen_vfp_uhto(dp, 16 - rm, 0);
   3253                         break;
   3254                     case 23: /* fulto */
   3255                         if (!arm_feature(env, ARM_FEATURE_VFP3))
   3256                           return 1;
   3257                         gen_vfp_ulto(dp, 32 - rm, 0);
   3258                         break;
   3259                     case 24: /* ftoui */
   3260                         gen_vfp_toui(dp, 0);
   3261                         break;
   3262                     case 25: /* ftouiz */
   3263                         gen_vfp_touiz(dp, 0);
   3264                         break;
   3265                     case 26: /* ftosi */
   3266                         gen_vfp_tosi(dp, 0);
   3267                         break;
   3268                     case 27: /* ftosiz */
   3269                         gen_vfp_tosiz(dp, 0);
   3270                         break;
   3271                     case 28: /* ftosh */
   3272                         if (!arm_feature(env, ARM_FEATURE_VFP3))
   3273                           return 1;
   3274                         gen_vfp_tosh(dp, 16 - rm, 0);
   3275                         break;
   3276                     case 29: /* ftosl */
   3277                         if (!arm_feature(env, ARM_FEATURE_VFP3))
   3278                           return 1;
   3279                         gen_vfp_tosl(dp, 32 - rm, 0);
   3280                         break;
   3281                     case 30: /* ftouh */
   3282                         if (!arm_feature(env, ARM_FEATURE_VFP3))
   3283                           return 1;
   3284                         gen_vfp_touh(dp, 16 - rm, 0);
   3285                         break;
   3286                     case 31: /* ftoul */
   3287                         if (!arm_feature(env, ARM_FEATURE_VFP3))
   3288                           return 1;
   3289                         gen_vfp_toul(dp, 32 - rm, 0);
   3290                         break;
   3291                     default: /* undefined */
   3292                         printf ("rn:%d\n", rn);
   3293                         return 1;
   3294                     }
   3295                     break;
   3296                 default: /* undefined */
   3297                     printf ("op:%d\n", op);
   3298                     return 1;
   3299                 }
   3300 
   3301                 /* Write back the result.  */
   3302                 if (op == 15 && (rn >= 8 && rn <= 11))
   3303                     ; /* Comparison, do nothing.  */
   3304                 else if (op == 15 && dp && ((rn & 0x1c) == 0x18))
   3305                     /* VCVT double to int: always integer result. */
   3306                     gen_mov_vreg_F0(0, rd);
   3307                 else if (op == 15 && rn == 15)
   3308                     /* conversion */
   3309                     gen_mov_vreg_F0(!dp, rd);
   3310                 else
   3311                     gen_mov_vreg_F0(dp, rd);
   3312 
   3313                 /* break out of the loop if we have finished  */
   3314                 if (veclen == 0)
   3315                     break;
   3316 
   3317                 if (op == 15 && delta_m == 0) {
   3318                     /* single source one-many */
   3319                     while (veclen--) {
   3320                         rd = ((rd + delta_d) & (bank_mask - 1))
   3321                              | (rd & bank_mask);
   3322                         gen_mov_vreg_F0(dp, rd);
   3323                     }
   3324                     break;
   3325                 }
   3326                 /* Setup the next operands.  */
   3327                 veclen--;
   3328                 rd = ((rd + delta_d) & (bank_mask - 1))
   3329                      | (rd & bank_mask);
   3330 
   3331                 if (op == 15) {
   3332                     /* One source operand.  */
   3333                     rm = ((rm + delta_m) & (bank_mask - 1))
   3334                          | (rm & bank_mask);
   3335                     gen_mov_F0_vreg(dp, rm);
   3336                 } else {
   3337                     /* Two source operands.  */
   3338                     rn = ((rn + delta_d) & (bank_mask - 1))
   3339                          | (rn & bank_mask);
   3340                     gen_mov_F0_vreg(dp, rn);
   3341                     if (delta_m) {
   3342                         rm = ((rm + delta_m) & (bank_mask - 1))
   3343                              | (rm & bank_mask);
   3344                         gen_mov_F1_vreg(dp, rm);
   3345                     }
   3346                 }
   3347             }
   3348         }
   3349         break;
   3350     case 0xc:
   3351     case 0xd:
   3352         if ((insn & 0x03e00000) == 0x00400000) {
   3353             /* two-register transfer */
   3354             rn = (insn >> 16) & 0xf;
   3355             rd = (insn >> 12) & 0xf;
   3356             if (dp) {
   3357                 VFP_DREG_M(rm, insn);
   3358             } else {
   3359                 rm = VFP_SREG_M(insn);
   3360             }
   3361 
   3362             if (insn & ARM_CP_RW_BIT) {
   3363                 /* vfp->arm */
   3364                 if (dp) {
   3365                     gen_mov_F0_vreg(0, rm * 2);
   3366                     tmp = gen_vfp_mrs();
   3367                     store_reg(s, rd, tmp);
   3368                     gen_mov_F0_vreg(0, rm * 2 + 1);
   3369                     tmp = gen_vfp_mrs();
   3370                     store_reg(s, rn, tmp);
   3371                 } else {
   3372                     gen_mov_F0_vreg(0, rm);
   3373                     tmp = gen_vfp_mrs();
   3374                     store_reg(s, rd, tmp);
   3375                     gen_mov_F0_vreg(0, rm + 1);
   3376                     tmp = gen_vfp_mrs();
   3377                     store_reg(s, rn, tmp);
   3378                 }
   3379             } else {
   3380                 /* arm->vfp */
   3381                 if (dp) {
   3382                     tmp = load_reg(s, rd);
   3383                     gen_vfp_msr(tmp);
   3384                     gen_mov_vreg_F0(0, rm * 2);
   3385                     tmp = load_reg(s, rn);
   3386                     gen_vfp_msr(tmp);
   3387                     gen_mov_vreg_F0(0, rm * 2 + 1);
   3388                 } else {
   3389                     tmp = load_reg(s, rd);
   3390                     gen_vfp_msr(tmp);
   3391                     gen_mov_vreg_F0(0, rm);
   3392                     tmp = load_reg(s, rn);
   3393                     gen_vfp_msr(tmp);
   3394                     gen_mov_vreg_F0(0, rm + 1);
   3395                 }
   3396             }
   3397         } else {
   3398             /* Load/store */
   3399             rn = (insn >> 16) & 0xf;
   3400             if (dp)
   3401                 VFP_DREG_D(rd, insn);
   3402             else
   3403                 rd = VFP_SREG_D(insn);
   3404             if ((insn & 0x01200000) == 0x01000000) {
   3405                 /* Single load/store */
   3406                 offset = (insn & 0xff) << 2;
   3407                 if ((insn & (1 << 23)) == 0)
   3408                     offset = -offset;
   3409                 if (s->thumb && rn == 15) {
   3410                     /* This is actually UNPREDICTABLE */
   3411                     addr = tcg_temp_new_i32();
   3412                     tcg_gen_movi_i32(addr, s->pc & ~2);
   3413                 } else {
   3414                     addr = load_reg(s, rn);
   3415                 }
   3416                 tcg_gen_addi_i32(addr, addr, offset);
   3417                 if (insn & (1 << 20)) {
   3418                     gen_vfp_ld(s, dp, addr);
   3419                     gen_mov_vreg_F0(dp, rd);
   3420                 } else {
   3421                     gen_mov_F0_vreg(dp, rd);
   3422                     gen_vfp_st(s, dp, addr);
   3423                 }
   3424                 tcg_temp_free_i32(addr);
   3425             } else {
   3426                 /* load/store multiple */
   3427                 int w = insn & (1 << 21);
   3428                 if (dp)
   3429                     n = (insn >> 1) & 0x7f;
   3430                 else
   3431                     n = insn & 0xff;
   3432 
   3433                 if (w && !(((insn >> 23) ^ (insn >> 24)) & 1)) {
   3434                     /* P == U , W == 1  => UNDEF */
   3435                     return 1;
   3436                 }
   3437                 if (n == 0 || (rd + n) > 32 || (dp && n > 16)) {
   3438                     /* UNPREDICTABLE cases for bad immediates: we choose to
   3439                      * UNDEF to avoid generating huge numbers of TCG ops
   3440                      */
   3441                     return 1;
   3442                 }
   3443                 if (rn == 15 && w) {
   3444                     /* writeback to PC is UNPREDICTABLE, we choose to UNDEF */
   3445                     return 1;
   3446                 }
   3447 
   3448                 if (s->thumb && rn == 15) {
   3449                     /* This is actually UNPREDICTABLE */
   3450                     addr = tcg_temp_new_i32();
   3451                     tcg_gen_movi_i32(addr, s->pc & ~2);
   3452                 } else {
   3453                     addr = load_reg(s, rn);
   3454                 }
   3455                 if (insn & (1 << 24)) /* pre-decrement */
   3456                     tcg_gen_addi_i32(addr, addr, -((insn & 0xff) << 2));
   3457 
   3458                 if (dp)
   3459                     offset = 8;
   3460                 else
   3461                     offset = 4;
   3462                 tmp = tcg_const_i32(offset);
   3463                 for (i = 0; i < n; i++) {
   3464                     if (insn & ARM_CP_RW_BIT) {
   3465                         /* load */
   3466                         gen_vfp_ld(s, dp, addr);
   3467                         gen_mov_vreg_F0(dp, rd + i);
   3468                     } else {
   3469                         /* store */
   3470                         gen_mov_F0_vreg(dp, rd + i);
   3471                         gen_vfp_st(s, dp, addr);
   3472                     }
   3473                     tcg_gen_add_i32(addr, addr, tmp);
   3474                 }
   3475                 tcg_temp_free_i32(tmp);
   3476                 if (w) {
   3477                     /* writeback */
   3478                     if (insn & (1 << 24))
   3479                         offset = -offset * n;
   3480                     else if (dp && (insn & 1))
   3481                         offset = 4;
   3482                     else
   3483                         offset = 0;
   3484 
   3485                     if (offset != 0)
   3486                         tcg_gen_addi_i32(addr, addr, offset);
   3487                     store_reg(s, rn, addr);
   3488                 } else {
   3489                     tcg_temp_free_i32(addr);
   3490                 }
   3491             }
   3492         }
   3493         break;
   3494     default:
   3495         /* Should never happen.  */
   3496         return 1;
   3497     }
   3498     return 0;
   3499 }
   3500 
   3501 static inline void gen_goto_tb(DisasContext *s, int n, uint32_t dest)
   3502 {
   3503     TranslationBlock *tb;
   3504 
   3505     tb = s->tb;
   3506     if ((tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK)) {
   3507         tcg_gen_goto_tb(n);
   3508         gen_set_pc_im(dest);
   3509         tcg_gen_exit_tb((tcg_target_long)tb + n);
   3510     } else {
   3511         gen_set_pc_im(dest);
   3512         tcg_gen_exit_tb(0);
   3513     }
   3514 }
   3515 
   3516 static inline void gen_jmp (DisasContext *s, uint32_t dest)
   3517 {
   3518     if (unlikely(s->singlestep_enabled)) {
   3519         /* An indirect jump so that we still trigger the debug exception.  */
   3520         if (s->thumb)
   3521             dest |= 1;
   3522         gen_bx_im(s, dest);
   3523     } else {
   3524         gen_goto_tb(s, 0, dest);
   3525         s->is_jmp = DISAS_TB_JUMP;
   3526     }
   3527 }
   3528 
   3529 static inline void gen_mulxy(TCGv t0, TCGv t1, int x, int y)
   3530 {
   3531     if (x)
   3532         tcg_gen_sari_i32(t0, t0, 16);
   3533     else
   3534         gen_sxth(t0);
   3535     if (y)
   3536         tcg_gen_sari_i32(t1, t1, 16);
   3537     else
   3538         gen_sxth(t1);
   3539     tcg_gen_mul_i32(t0, t0, t1);
   3540 }
   3541 
   3542 /* Return the mask of PSR bits set by a MSR instruction.  */
   3543 static uint32_t msr_mask(CPUARMState *env, DisasContext *s, int flags, int spsr) {
   3544     uint32_t mask;
   3545 
   3546     mask = 0;
   3547     if (flags & (1 << 0))
   3548         mask |= 0xff;
   3549     if (flags & (1 << 1))
   3550         mask |= 0xff00;
   3551     if (flags & (1 << 2))
   3552         mask |= 0xff0000;
   3553     if (flags & (1 << 3))
   3554         mask |= 0xff000000;
   3555 
   3556     /* Mask out undefined bits.  */
   3557     mask &= ~CPSR_RESERVED;
   3558     if (!arm_feature(env, ARM_FEATURE_V4T))
   3559         mask &= ~CPSR_T;
   3560     if (!arm_feature(env, ARM_FEATURE_V5))
   3561         mask &= ~CPSR_Q; /* V5TE in reality*/
   3562     if (!arm_feature(env, ARM_FEATURE_V6))
   3563         mask &= ~(CPSR_E | CPSR_GE);
   3564     if (!arm_feature(env, ARM_FEATURE_THUMB2))
   3565         mask &= ~CPSR_IT;
   3566     /* Mask out execution state bits.  */
   3567     if (!spsr)
   3568         mask &= ~CPSR_EXEC;
   3569     /* Mask out privileged bits.  */
   3570     if (IS_USER(s))
   3571         mask &= CPSR_USER;
   3572     return mask;
   3573 }
   3574 
   3575 /* Returns nonzero if access to the PSR is not permitted. Marks t0 as dead. */
   3576 static int gen_set_psr(DisasContext *s, uint32_t mask, int spsr, TCGv t0)
   3577 {
   3578     TCGv tmp;
   3579     if (spsr) {
   3580         /* ??? This is also undefined in system mode.  */
   3581         if (IS_USER(s))
   3582             return 1;
   3583 
   3584         tmp = load_cpu_field(spsr);
   3585         tcg_gen_andi_i32(tmp, tmp, ~mask);
   3586         tcg_gen_andi_i32(t0, t0, mask);
   3587         tcg_gen_or_i32(tmp, tmp, t0);
   3588         store_cpu_field(tmp, spsr);
   3589     } else {
   3590         gen_set_cpsr(t0, mask);
   3591     }
   3592     tcg_temp_free_i32(t0);
   3593     gen_lookup_tb(s);
   3594     return 0;
   3595 }
   3596 
   3597 /* Returns nonzero if access to the PSR is not permitted.  */
   3598 static int gen_set_psr_im(DisasContext *s, uint32_t mask, int spsr, uint32_t val)
   3599 {
   3600     TCGv tmp;
   3601     tmp = tcg_temp_new_i32();
   3602     tcg_gen_movi_i32(tmp, val);
   3603     return gen_set_psr(s, mask, spsr, tmp);
   3604 }
   3605 
   3606 /* Generate an old-style exception return. Marks pc as dead. */
   3607 static void gen_exception_return(DisasContext *s, TCGv pc)
   3608 {
   3609     TCGv tmp;
   3610     store_reg(s, 15, pc);
   3611     tmp = load_cpu_field(spsr);
   3612     gen_set_cpsr(tmp, 0xffffffff);
   3613     tcg_temp_free_i32(tmp);
   3614     s->is_jmp = DISAS_UPDATE;
   3615 }
   3616 
   3617 /* Generate a v6 exception return.  Marks both values as dead.  */
   3618 static void gen_rfe(DisasContext *s, TCGv pc, TCGv cpsr)
   3619 {
   3620     gen_set_cpsr(cpsr, 0xffffffff);
   3621     tcg_temp_free_i32(cpsr);
   3622     store_reg(s, 15, pc);
   3623     s->is_jmp = DISAS_UPDATE;
   3624 }
   3625 
   3626 static inline void
   3627 gen_set_condexec (DisasContext *s)
   3628 {
   3629     if (s->condexec_mask) {
   3630         uint32_t val = (s->condexec_cond << 4) | (s->condexec_mask >> 1);
   3631         TCGv tmp = tcg_temp_new_i32();
   3632         tcg_gen_movi_i32(tmp, val);
   3633         store_cpu_field(tmp, condexec_bits);
   3634     }
   3635 }
   3636 
   3637 static void gen_exception_insn(DisasContext *s, int offset, int excp)
   3638 {
   3639     gen_set_condexec(s);
   3640     gen_set_pc_im(s->pc - offset);
   3641     gen_exception(excp);
   3642     s->is_jmp = DISAS_JUMP;
   3643 }
   3644 
   3645 static void gen_nop_hint(DisasContext *s, int val)
   3646 {
   3647     switch (val) {
   3648     case 3: /* wfi */
   3649         gen_set_pc_im(s->pc);
   3650         s->is_jmp = DISAS_WFI;
   3651         break;
   3652     case 2: /* wfe */
   3653     case 4: /* sev */
   3654         /* TODO: Implement SEV and WFE.  May help SMP performance.  */
   3655     default: /* nop */
   3656         break;
   3657     }
   3658 }
   3659 
   3660 #define CPU_V001 cpu_V0, cpu_V0, cpu_V1
   3661 
   3662 static inline void gen_neon_add(int size, TCGv t0, TCGv t1)
   3663 {
   3664     switch (size) {
   3665     case 0: gen_helper_neon_add_u8(t0, t0, t1); break;
   3666     case 1: gen_helper_neon_add_u16(t0, t0, t1); break;
   3667     case 2: tcg_gen_add_i32(t0, t0, t1); break;
   3668     default: abort();
   3669     }
   3670 }
   3671 
   3672 static inline void gen_neon_rsb(int size, TCGv t0, TCGv t1)
   3673 {
   3674     switch (size) {
   3675     case 0: gen_helper_neon_sub_u8(t0, t1, t0); break;
   3676     case 1: gen_helper_neon_sub_u16(t0, t1, t0); break;
   3677     case 2: tcg_gen_sub_i32(t0, t1, t0); break;
   3678     default: return;
   3679     }
   3680 }
   3681 
   3682 /* 32-bit pairwise ops end up the same as the elementwise versions.  */
   3683 #define gen_helper_neon_pmax_s32  gen_helper_neon_max_s32
   3684 #define gen_helper_neon_pmax_u32  gen_helper_neon_max_u32
   3685 #define gen_helper_neon_pmin_s32  gen_helper_neon_min_s32
   3686 #define gen_helper_neon_pmin_u32  gen_helper_neon_min_u32
   3687 
   3688 #define GEN_NEON_INTEGER_OP_ENV(name) do { \
   3689     switch ((size << 1) | u) { \
   3690     case 0: \
   3691         gen_helper_neon_##name##_s8(tmp, cpu_env, tmp, tmp2); \
   3692         break; \
   3693     case 1: \
   3694         gen_helper_neon_##name##_u8(tmp, cpu_env, tmp, tmp2); \
   3695         break; \
   3696     case 2: \
   3697         gen_helper_neon_##name##_s16(tmp, cpu_env, tmp, tmp2); \
   3698         break; \
   3699     case 3: \
   3700         gen_helper_neon_##name##_u16(tmp, cpu_env, tmp, tmp2); \
   3701         break; \
   3702     case 4: \
   3703         gen_helper_neon_##name##_s32(tmp, cpu_env, tmp, tmp2); \
   3704         break; \
   3705     case 5: \
   3706         gen_helper_neon_##name##_u32(tmp, cpu_env, tmp, tmp2); \
   3707         break; \
   3708     default: return 1; \
   3709     }} while (0)
   3710 
   3711 #define GEN_NEON_INTEGER_OP(name) do { \
   3712     switch ((size << 1) | u) { \
   3713     case 0: \
   3714         gen_helper_neon_##name##_s8(tmp, tmp, tmp2); \
   3715         break; \
   3716     case 1: \
   3717         gen_helper_neon_##name##_u8(tmp, tmp, tmp2); \
   3718         break; \
   3719     case 2: \
   3720         gen_helper_neon_##name##_s16(tmp, tmp, tmp2); \
   3721         break; \
   3722     case 3: \
   3723         gen_helper_neon_##name##_u16(tmp, tmp, tmp2); \
   3724         break; \
   3725     case 4: \
   3726         gen_helper_neon_##name##_s32(tmp, tmp, tmp2); \
   3727         break; \
   3728     case 5: \
   3729         gen_helper_neon_##name##_u32(tmp, tmp, tmp2); \
   3730         break; \
   3731     default: return 1; \
   3732     }} while (0)
   3733 
   3734 static TCGv neon_load_scratch(int scratch)
   3735 {
   3736     TCGv tmp = tcg_temp_new_i32();
   3737     tcg_gen_ld_i32(tmp, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
   3738     return tmp;
   3739 }
   3740 
   3741 static void neon_store_scratch(int scratch, TCGv var)
   3742 {
   3743     tcg_gen_st_i32(var, cpu_env, offsetof(CPUARMState, vfp.scratch[scratch]));
   3744     tcg_temp_free_i32(var);
   3745 }
   3746 
   3747 static inline TCGv neon_get_scalar(int size, int reg)
   3748 {
   3749     TCGv tmp;
   3750     if (size == 1) {
   3751         tmp = neon_load_reg(reg & 7, reg >> 4);
   3752         if (reg & 8) {
   3753             gen_neon_dup_high16(tmp);
   3754         } else {
   3755             gen_neon_dup_low16(tmp);
   3756         }
   3757     } else {
   3758         tmp = neon_load_reg(reg & 15, reg >> 4);
   3759     }
   3760     return tmp;
   3761 }
   3762 
   3763 static int gen_neon_unzip(int rd, int rm, int size, int q)
   3764 {
   3765     TCGv tmp, tmp2;
   3766     if (!q && size == 2) {
   3767         return 1;
   3768     }
   3769     tmp = tcg_const_i32(rd);
   3770     tmp2 = tcg_const_i32(rm);
   3771     if (q) {
   3772         switch (size) {
   3773         case 0:
   3774             gen_helper_neon_qunzip8(cpu_env, tmp, tmp2);
   3775             break;
   3776         case 1:
   3777             gen_helper_neon_qunzip16(cpu_env, tmp, tmp2);
   3778             break;
   3779         case 2:
   3780             gen_helper_neon_qunzip32(cpu_env, tmp, tmp2);
   3781             break;
   3782         default:
   3783             abort();
   3784         }
   3785     } else {
   3786         switch (size) {
   3787         case 0:
   3788             gen_helper_neon_unzip8(cpu_env, tmp, tmp2);
   3789             break;
   3790         case 1:
   3791             gen_helper_neon_unzip16(cpu_env, tmp, tmp2);
   3792             break;
   3793         default:
   3794             abort();
   3795         }
   3796     }
   3797     tcg_temp_free_i32(tmp);
   3798     tcg_temp_free_i32(tmp2);
   3799     return 0;
   3800 }
   3801 
   3802 static int gen_neon_zip(int rd, int rm, int size, int q)
   3803 {
   3804     TCGv tmp, tmp2;
   3805     if (!q && size == 2) {
   3806         return 1;
   3807     }
   3808     tmp = tcg_const_i32(rd);
   3809     tmp2 = tcg_const_i32(rm);
   3810     if (q) {
   3811         switch (size) {
   3812         case 0:
   3813             gen_helper_neon_qzip8(cpu_env, tmp, tmp2);
   3814             break;
   3815         case 1:
   3816             gen_helper_neon_qzip16(cpu_env, tmp, tmp2);
   3817             break;
   3818         case 2:
   3819             gen_helper_neon_qzip32(cpu_env, tmp, tmp2);
   3820             break;
   3821         default:
   3822             abort();
   3823         }
   3824     } else {
   3825         switch (size) {
   3826         case 0:
   3827             gen_helper_neon_zip8(cpu_env, tmp, tmp2);
   3828             break;
   3829         case 1:
   3830             gen_helper_neon_zip16(cpu_env, tmp, tmp2);
   3831             break;
   3832         default:
   3833             abort();
   3834         }
   3835     }
   3836     tcg_temp_free_i32(tmp);
   3837     tcg_temp_free_i32(tmp2);
   3838     return 0;
   3839 }
   3840 
   3841 static void gen_neon_trn_u8(TCGv t0, TCGv t1)
   3842 {
   3843     TCGv rd, tmp;
   3844 
   3845     rd = tcg_temp_new_i32();
   3846     tmp = tcg_temp_new_i32();
   3847 
   3848     tcg_gen_shli_i32(rd, t0, 8);
   3849     tcg_gen_andi_i32(rd, rd, 0xff00ff00);
   3850     tcg_gen_andi_i32(tmp, t1, 0x00ff00ff);
   3851     tcg_gen_or_i32(rd, rd, tmp);
   3852 
   3853     tcg_gen_shri_i32(t1, t1, 8);
   3854     tcg_gen_andi_i32(t1, t1, 0x00ff00ff);
   3855     tcg_gen_andi_i32(tmp, t0, 0xff00ff00);
   3856     tcg_gen_or_i32(t1, t1, tmp);
   3857     tcg_gen_mov_i32(t0, rd);
   3858 
   3859     tcg_temp_free_i32(tmp);
   3860     tcg_temp_free_i32(rd);
   3861 }
   3862 
   3863 static void gen_neon_trn_u16(TCGv t0, TCGv t1)
   3864 {
   3865     TCGv rd, tmp;
   3866 
   3867     rd = tcg_temp_new_i32();
   3868     tmp = tcg_temp_new_i32();
   3869 
   3870     tcg_gen_shli_i32(rd, t0, 16);
   3871     tcg_gen_andi_i32(tmp, t1, 0xffff);
   3872     tcg_gen_or_i32(rd, rd, tmp);
   3873     tcg_gen_shri_i32(t1, t1, 16);
   3874     tcg_gen_andi_i32(tmp, t0, 0xffff0000);
   3875     tcg_gen_or_i32(t1, t1, tmp);
   3876     tcg_gen_mov_i32(t0, rd);
   3877 
   3878     tcg_temp_free_i32(tmp);
   3879     tcg_temp_free_i32(rd);
   3880 }
   3881 
   3882 
   3883 static struct {
   3884     int nregs;
   3885     int interleave;
   3886     int spacing;
   3887 } neon_ls_element_type[11] = {
   3888     {4, 4, 1},
   3889     {4, 4, 2},
   3890     {4, 1, 1},
   3891     {4, 2, 1},
   3892     {3, 3, 1},
   3893     {3, 3, 2},
   3894     {3, 1, 1},
   3895     {1, 1, 1},
   3896     {2, 2, 1},
   3897     {2, 2, 2},
   3898     {2, 1, 1}
   3899 };
   3900 
   3901 /* Translate a NEON load/store element instruction.  Return nonzero if the
   3902    instruction is invalid.  */
   3903 static int disas_neon_ls_insn(CPUARMState * env, DisasContext *s, uint32_t insn)
   3904 {
   3905     int rd, rn, rm;
   3906     int op;
   3907     int nregs;
   3908     int interleave;
   3909     int spacing;
   3910     int stride;
   3911     int size;
   3912     int reg;
   3913     int pass;
   3914     int load;
   3915     int shift;
   3916     TCGv addr;
   3917     TCGv tmp;
   3918     TCGv tmp2;
   3919 
   3920     if (!s->vfp_enabled)
   3921       return 1;
   3922     VFP_DREG_D(rd, insn);
   3923     rn = (insn >> 16) & 0xf;
   3924     rm = insn & 0xf;
   3925     load = (insn & (1 << 21)) != 0;
   3926     if ((insn & (1 << 23)) == 0) {
   3927         /* Load store all elements.  */
   3928         op = (insn >> 8) & 0xf;
   3929         size = (insn >> 6) & 3;
   3930         if (op > 10)
   3931             return 1;
   3932         /* Catch UNDEF cases for bad values of align field */
   3933         switch (op & 0xc) {
   3934         case 4:
   3935             if (((insn >> 5) & 1) == 1) {
   3936                 return 1;
   3937             }
   3938             break;
   3939         case 8:
   3940             if (((insn >> 4) & 3) == 3) {
   3941                 return 1;
   3942             }
   3943             break;
   3944         default:
   3945             break;
   3946         }
   3947         nregs = neon_ls_element_type[op].nregs;
   3948         interleave = neon_ls_element_type[op].interleave;
   3949         spacing = neon_ls_element_type[op].spacing;
   3950         if (size == 3 && (interleave | spacing) != 1) {
   3951             return 1;
   3952         }
   3953         addr = tcg_const_i32(insn);
   3954         gen_helper_neon_vldst_all(cpu_env, addr);
   3955         tcg_temp_free_i32(addr);
   3956         stride = nregs * 8;
   3957     } else {
   3958         size = (insn >> 10) & 3;
   3959         if (size == 3) {
   3960             /* Load single element to all lanes.  */
   3961             int a = (insn >> 4) & 1;
   3962             if (!load) {
   3963                 return 1;
   3964             }
   3965             size = (insn >> 6) & 3;
   3966             nregs = ((insn >> 8) & 3) + 1;
   3967 
   3968             if (size == 3) {
   3969                 if (nregs != 4 || a == 0) {
   3970                     return 1;
   3971                 }
   3972                 /* For VLD4 size==3 a == 1 means 32 bits at 16 byte alignment */
   3973                 size = 2;
   3974             }
   3975             if (nregs == 1 && a == 1 && size == 0) {
   3976                 return 1;
   3977             }
   3978             if (nregs == 3 && a == 1) {
   3979                 return 1;
   3980             }
   3981             addr = tcg_temp_new_i32();
   3982             load_reg_var(s, addr, rn);
   3983             if (nregs == 1) {
   3984                 /* VLD1 to all lanes: bit 5 indicates how many Dregs to write */
   3985                 tmp = gen_load_and_replicate(s, addr, size);
   3986                 tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 0));
   3987                 tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 1));
   3988                 if (insn & (1 << 5)) {
   3989                     tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd + 1, 0));
   3990                     tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd + 1, 1));
   3991                 }
   3992                 tcg_temp_free_i32(tmp);
   3993             } else {
   3994                 /* VLD2/3/4 to all lanes: bit 5 indicates register stride */
   3995                 stride = (insn & (1 << 5)) ? 2 : 1;
   3996                 for (reg = 0; reg < nregs; reg++) {
   3997                     tmp = gen_load_and_replicate(s, addr, size);
   3998                     tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 0));
   3999                     tcg_gen_st_i32(tmp, cpu_env, neon_reg_offset(rd, 1));
   4000                     tcg_temp_free_i32(tmp);
   4001                     tcg_gen_addi_i32(addr, addr, 1 << size);
   4002                     rd += stride;
   4003                 }
   4004             }
   4005             tcg_temp_free_i32(addr);
   4006             stride = (1 << size) * nregs;
   4007         } else {
   4008             /* Single element.  */
   4009             int idx = (insn >> 4) & 0xf;
   4010             pass = (insn >> 7) & 1;
   4011             switch (size) {
   4012             case 0:
   4013                 shift = ((insn >> 5) & 3) * 8;
   4014                 stride = 1;
   4015                 break;
   4016             case 1:
   4017                 shift = ((insn >> 6) & 1) * 16;
   4018                 stride = (insn & (1 << 5)) ? 2 : 1;
   4019                 break;
   4020             case 2:
   4021                 shift = 0;
   4022                 stride = (insn & (1 << 6)) ? 2 : 1;
   4023                 break;
   4024             default:
   4025                 abort();
   4026             }
   4027             nregs = ((insn >> 8) & 3) + 1;
   4028             /* Catch the UNDEF cases. This is unavoidably a bit messy. */
   4029             switch (nregs) {
   4030             case 1:
   4031                 if (((idx & (1 << size)) != 0) ||
   4032                     (size == 2 && ((idx & 3) == 1 || (idx & 3) == 2))) {
   4033                     return 1;
   4034                 }
   4035                 break;
   4036             case 3:
   4037                 if ((idx & 1) != 0) {
   4038                     return 1;
   4039                 }
   4040                 /* fall through */
   4041             case 2:
   4042                 if (size == 2 && (idx & 2) != 0) {
   4043                     return 1;
   4044                 }
   4045                 break;
   4046             case 4:
   4047                 if ((size == 2) && ((idx & 3) == 3)) {
   4048                     return 1;
   4049                 }
   4050                 break;
   4051             default:
   4052                 abort();
   4053             }
   4054             if ((rd + stride * (nregs - 1)) > 31) {
   4055                 /* Attempts to write off the end of the register file
   4056                  * are UNPREDICTABLE; we choose to UNDEF because otherwise
   4057                  * the neon_load_reg() would write off the end of the array.
   4058                  */
   4059                 return 1;
   4060             }
   4061             addr = tcg_temp_new_i32();
   4062             load_reg_var(s, addr, rn);
   4063             for (reg = 0; reg < nregs; reg++) {
   4064                 if (load) {
   4065                     switch (size) {
   4066                     case 0:
   4067                         tmp = gen_ld8u(addr, IS_USER(s));
   4068                         break;
   4069                     case 1:
   4070                         tmp = gen_ld16u(addr, IS_USER(s));
   4071                         break;
   4072                     case 2:
   4073                         tmp = gen_ld32(addr, IS_USER(s));
   4074                         break;
   4075                     default: /* Avoid compiler warnings.  */
   4076                         abort();
   4077                     }
   4078                     if (size != 2) {
   4079                         tmp2 = neon_load_reg(rd, pass);
   4080                         gen_bfi(tmp, tmp2, tmp, shift, size ? 0xffff : 0xff);
   4081                         tcg_temp_free_i32(tmp2);
   4082                     }
   4083                     neon_store_reg(rd, pass, tmp);
   4084                 } else { /* Store */
   4085                     tmp = neon_load_reg(rd, pass);
   4086                     if (shift)
   4087                         tcg_gen_shri_i32(tmp, tmp, shift);
   4088                     switch (size) {
   4089                     case 0:
   4090                         gen_st8(tmp, addr, IS_USER(s));
   4091                         break;
   4092                     case 1:
   4093                         gen_st16(tmp, addr, IS_USER(s));
   4094                         break;
   4095                     case 2:
   4096                         gen_st32(tmp, addr, IS_USER(s));
   4097                         break;
   4098                     }
   4099                 }
   4100                 rd += stride;
   4101                 tcg_gen_addi_i32(addr, addr, 1 << size);
   4102             }
   4103             tcg_temp_free_i32(addr);
   4104             stride = nregs * (1 << size);
   4105         }
   4106     }
   4107     if (rm != 15) {
   4108         TCGv base;
   4109 
   4110         base = load_reg(s, rn);
   4111         if (rm == 13) {
   4112             tcg_gen_addi_i32(base, base, stride);
   4113         } else {
   4114             TCGv index;
   4115             index = load_reg(s, rm);
   4116             tcg_gen_add_i32(base, base, index);
   4117             tcg_temp_free_i32(index);
   4118         }
   4119         store_reg(s, rn, base);
   4120     }
   4121     return 0;
   4122 }
   4123 
   4124 /* Bitwise select.  dest = c ? t : f.  Clobbers T and F.  */
   4125 static void gen_neon_bsl(TCGv dest, TCGv t, TCGv f, TCGv c)
   4126 {
   4127     tcg_gen_and_i32(t, t, c);
   4128     tcg_gen_andc_i32(f, f, c);
   4129     tcg_gen_or_i32(dest, t, f);
   4130 }
   4131 
   4132 static inline void gen_neon_narrow(int size, TCGv dest, TCGv_i64 src)
   4133 {
   4134     switch (size) {
   4135     case 0: gen_helper_neon_narrow_u8(dest, src); break;
   4136     case 1: gen_helper_neon_narrow_u16(dest, src); break;
   4137     case 2: tcg_gen_trunc_i64_i32(dest, src); break;
   4138     default: abort();
   4139     }
   4140 }
   4141 
   4142 static inline void gen_neon_narrow_sats(int size, TCGv dest, TCGv_i64 src)
   4143 {
   4144     switch (size) {
   4145     case 0: gen_helper_neon_narrow_sat_s8(dest, cpu_env, src); break;
   4146     case 1: gen_helper_neon_narrow_sat_s16(dest, cpu_env, src); break;
   4147     case 2: gen_helper_neon_narrow_sat_s32(dest, cpu_env, src); break;
   4148     default: abort();
   4149     }
   4150 }
   4151 
   4152 static inline void gen_neon_narrow_satu(int size, TCGv dest, TCGv_i64 src)
   4153 {
   4154     switch (size) {
   4155     case 0: gen_helper_neon_narrow_sat_u8(dest, cpu_env, src); break;
   4156     case 1: gen_helper_neon_narrow_sat_u16(dest, cpu_env, src); break;
   4157     case 2: gen_helper_neon_narrow_sat_u32(dest, cpu_env, src); break;
   4158     default: abort();
   4159     }
   4160 }
   4161 
   4162 static inline void gen_neon_unarrow_sats(int size, TCGv dest, TCGv_i64 src)
   4163 {
   4164     switch (size) {
   4165     case 0: gen_helper_neon_unarrow_sat8(dest, cpu_env, src); break;
   4166     case 1: gen_helper_neon_unarrow_sat16(dest, cpu_env, src); break;
   4167     case 2: gen_helper_neon_unarrow_sat32(dest, cpu_env, src); break;
   4168     default: abort();
   4169     }
   4170 }
   4171 
   4172 static inline void gen_neon_shift_narrow(int size, TCGv var, TCGv shift,
   4173                                          int q, int u)
   4174 {
   4175     if (q) {
   4176         if (u) {
   4177             switch (size) {
   4178             case 1: gen_helper_neon_rshl_u16(var, var, shift); break;
   4179             case 2: gen_helper_neon_rshl_u32(var, var, shift); break;
   4180             default: abort();
   4181             }
   4182         } else {
   4183             switch (size) {
   4184             case 1: gen_helper_neon_rshl_s16(var, var, shift); break;
   4185             case 2: gen_helper_neon_rshl_s32(var, var, shift); break;
   4186             default: abort();
   4187             }
   4188         }
   4189     } else {
   4190         if (u) {
   4191             switch (size) {
   4192             case 1: gen_helper_neon_shl_u16(var, var, shift); break;
   4193             case 2: gen_helper_neon_shl_u32(var, var, shift); break;
   4194             default: abort();
   4195             }
   4196         } else {
   4197             switch (size) {
   4198             case 1: gen_helper_neon_shl_s16(var, var, shift); break;
   4199             case 2: gen_helper_neon_shl_s32(var, var, shift); break;
   4200             default: abort();
   4201             }
   4202         }
   4203     }
   4204 }
   4205 
   4206 static inline void gen_neon_widen(TCGv_i64 dest, TCGv src, int size, int u)
   4207 {
   4208     if (u) {
   4209         switch (size) {
   4210         case 0: gen_helper_neon_widen_u8(dest, src); break;
   4211         case 1: gen_helper_neon_widen_u16(dest, src); break;
   4212         case 2: tcg_gen_extu_i32_i64(dest, src); break;
   4213         default: abort();
   4214         }
   4215     } else {
   4216         switch (size) {
   4217         case 0: gen_helper_neon_widen_s8(dest, src); break;
   4218         case 1: gen_helper_neon_widen_s16(dest, src); break;
   4219         case 2: tcg_gen_ext_i32_i64(dest, src); break;
   4220         default: abort();
   4221         }
   4222     }
   4223     tcg_temp_free_i32(src);
   4224 }
   4225 
   4226 static inline void gen_neon_addl(int size)
   4227 {
   4228     switch (size) {
   4229     case 0: gen_helper_neon_addl_u16(CPU_V001); break;
   4230     case 1: gen_helper_neon_addl_u32(CPU_V001); break;
   4231     case 2: tcg_gen_add_i64(CPU_V001); break;
   4232     default: abort();
   4233     }
   4234 }
   4235 
   4236 static inline void gen_neon_subl(int size)
   4237 {
   4238     switch (size) {
   4239     case 0: gen_helper_neon_subl_u16(CPU_V001); break;
   4240     case 1: gen_helper_neon_subl_u32(CPU_V001); break;
   4241     case 2: tcg_gen_sub_i64(CPU_V001); break;
   4242     default: abort();
   4243     }
   4244 }
   4245 
   4246 static inline void gen_neon_negl(TCGv_i64 var, int size)
   4247 {
   4248     switch (size) {
   4249     case 0: gen_helper_neon_negl_u16(var, var); break;
   4250     case 1: gen_helper_neon_negl_u32(var, var); break;
   4251     case 2: gen_helper_neon_negl_u64(var, var); break;
   4252     default: abort();
   4253     }
   4254 }
   4255 
   4256 static inline void gen_neon_addl_saturate(TCGv_i64 op0, TCGv_i64 op1, int size)
   4257 {
   4258     switch (size) {
   4259     case 1: gen_helper_neon_addl_saturate_s32(op0, cpu_env, op0, op1); break;
   4260     case 2: gen_helper_neon_addl_saturate_s64(op0, cpu_env, op0, op1); break;
   4261     default: abort();
   4262     }
   4263 }
   4264 
   4265 static inline void gen_neon_mull(TCGv_i64 dest, TCGv a, TCGv b, int size, int u)
   4266 {
   4267     TCGv_i64 tmp;
   4268 
   4269     switch ((size << 1) | u) {
   4270     case 0: gen_helper_neon_mull_s8(dest, a, b); break;
   4271     case 1: gen_helper_neon_mull_u8(dest, a, b); break;
   4272     case 2: gen_helper_neon_mull_s16(dest, a, b); break;
   4273     case 3: gen_helper_neon_mull_u16(dest, a, b); break;
   4274     case 4:
   4275         tmp = gen_muls_i64_i32(a, b);
   4276         tcg_gen_mov_i64(dest, tmp);
   4277         tcg_temp_free_i64(tmp);
   4278         break;
   4279     case 5:
   4280         tmp = gen_mulu_i64_i32(a, b);
   4281         tcg_gen_mov_i64(dest, tmp);
   4282         tcg_temp_free_i64(tmp);
   4283         break;
   4284     default: abort();
   4285     }
   4286 
   4287     /* gen_helper_neon_mull_[su]{8|16} do not free their parameters.
   4288        Don't forget to clean them now.  */
   4289     if (size < 2) {
   4290         tcg_temp_free_i32(a);
   4291         tcg_temp_free_i32(b);
   4292     }
   4293 }
   4294 
   4295 static void gen_neon_narrow_op(int op, int u, int size, TCGv dest, TCGv_i64 src)
   4296 {
   4297     if (op) {
   4298         if (u) {
   4299             gen_neon_unarrow_sats(size, dest, src);
   4300         } else {
   4301             gen_neon_narrow(size, dest, src);
   4302         }
   4303     } else {
   4304         if (u) {
   4305             gen_neon_narrow_satu(size, dest, src);
   4306         } else {
   4307             gen_neon_narrow_sats(size, dest, src);
   4308         }
   4309     }
   4310 }
   4311 
   4312 /* Symbolic constants for op fields for Neon 3-register same-length.
   4313  * The values correspond to bits [11:8,4]; see the ARM ARM DDI0406B
   4314  * table A7-9.
   4315  */
   4316 #define NEON_3R_VHADD 0
   4317 #define NEON_3R_VQADD 1
   4318 #define NEON_3R_VRHADD 2
   4319 #define NEON_3R_LOGIC 3 /* VAND,VBIC,VORR,VMOV,VORN,VEOR,VBIF,VBIT,VBSL */
   4320 #define NEON_3R_VHSUB 4
   4321 #define NEON_3R_VQSUB 5
   4322 #define NEON_3R_VCGT 6
   4323 #define NEON_3R_VCGE 7
   4324 #define NEON_3R_VSHL 8
   4325 #define NEON_3R_VQSHL 9
   4326 #define NEON_3R_VRSHL 10
   4327 #define NEON_3R_VQRSHL 11
   4328 #define NEON_3R_VMAX 12
   4329 #define NEON_3R_VMIN 13
   4330 #define NEON_3R_VABD 14
   4331 #define NEON_3R_VABA 15
   4332 #define NEON_3R_VADD_VSUB 16
   4333 #define NEON_3R_VTST_VCEQ 17
   4334 #define NEON_3R_VML 18 /* VMLA, VMLAL, VMLS, VMLSL */
   4335 #define NEON_3R_VMUL 19
   4336 #define NEON_3R_VPMAX 20
   4337 #define NEON_3R_VPMIN 21
   4338 #define NEON_3R_VQDMULH_VQRDMULH 22
   4339 #define NEON_3R_VPADD 23
   4340 #define NEON_3R_FLOAT_ARITH 26 /* float VADD, VSUB, VPADD, VABD */
   4341 #define NEON_3R_FLOAT_MULTIPLY 27 /* float VMLA, VMLS, VMUL */
   4342 #define NEON_3R_FLOAT_CMP 28 /* float VCEQ, VCGE, VCGT */
   4343 #define NEON_3R_FLOAT_ACMP 29 /* float VACGE, VACGT, VACLE, VACLT */
   4344 #define NEON_3R_FLOAT_MINMAX 30 /* float VMIN, VMAX */
   4345 #define NEON_3R_VRECPS_VRSQRTS 31 /* float VRECPS, VRSQRTS */
   4346 
   4347 static const uint8_t neon_3r_sizes[] = {
   4348     [NEON_3R_VHADD] = 0x7,
   4349     [NEON_3R_VQADD] = 0xf,
   4350     [NEON_3R_VRHADD] = 0x7,
   4351     [NEON_3R_LOGIC] = 0xf, /* size field encodes op type */
   4352     [NEON_3R_VHSUB] = 0x7,
   4353     [NEON_3R_VQSUB] = 0xf,
   4354     [NEON_3R_VCGT] = 0x7,
   4355     [NEON_3R_VCGE] = 0x7,
   4356     [NEON_3R_VSHL] = 0xf,
   4357     [NEON_3R_VQSHL] = 0xf,
   4358     [NEON_3R_VRSHL] = 0xf,
   4359     [NEON_3R_VQRSHL] = 0xf,
   4360     [NEON_3R_VMAX] = 0x7,
   4361     [NEON_3R_VMIN] = 0x7,
   4362     [NEON_3R_VABD] = 0x7,
   4363     [NEON_3R_VABA] = 0x7,
   4364     [NEON_3R_VADD_VSUB] = 0xf,
   4365     [NEON_3R_VTST_VCEQ] = 0x7,
   4366     [NEON_3R_VML] = 0x7,
   4367     [NEON_3R_VMUL] = 0x7,
   4368     [NEON_3R_VPMAX] = 0x7,
   4369     [NEON_3R_VPMIN] = 0x7,
   4370     [NEON_3R_VQDMULH_VQRDMULH] = 0x6,
   4371     [NEON_3R_VPADD] = 0x7,
   4372     [NEON_3R_FLOAT_ARITH] = 0x5, /* size bit 1 encodes op */
   4373     [NEON_3R_FLOAT_MULTIPLY] = 0x5, /* size bit 1 encodes op */
   4374     [NEON_3R_FLOAT_CMP] = 0x5, /* size bit 1 encodes op */
   4375     [NEON_3R_FLOAT_ACMP] = 0x5, /* size bit 1 encodes op */
   4376     [NEON_3R_FLOAT_MINMAX] = 0x5, /* size bit 1 encodes op */
   4377     [NEON_3R_VRECPS_VRSQRTS] = 0x5, /* size bit 1 encodes op */
   4378 };
   4379 
   4380 /* Symbolic constants for op fields for Neon 2-register miscellaneous.
   4381  * The values correspond to bits [17:16,10:7]; see the ARM ARM DDI0406B
   4382  * table A7-13.
   4383  */
   4384 #define NEON_2RM_VREV64 0
   4385 #define NEON_2RM_VREV32 1
   4386 #define NEON_2RM_VREV16 2
   4387 #define NEON_2RM_VPADDL 4
   4388 #define NEON_2RM_VPADDL_U 5
   4389 #define NEON_2RM_VCLS 8
   4390 #define NEON_2RM_VCLZ 9
   4391 #define NEON_2RM_VCNT 10
   4392 #define NEON_2RM_VMVN 11
   4393 #define NEON_2RM_VPADAL 12
   4394 #define NEON_2RM_VPADAL_U 13
   4395 #define NEON_2RM_VQABS 14
   4396 #define NEON_2RM_VQNEG 15
   4397 #define NEON_2RM_VCGT0 16
   4398 #define NEON_2RM_VCGE0 17
   4399 #define NEON_2RM_VCEQ0 18
   4400 #define NEON_2RM_VCLE0 19
   4401 #define NEON_2RM_VCLT0 20
   4402 #define NEON_2RM_VABS 22
   4403 #define NEON_2RM_VNEG 23
   4404 #define NEON_2RM_VCGT0_F 24
   4405 #define NEON_2RM_VCGE0_F 25
   4406 #define NEON_2RM_VCEQ0_F 26
   4407 #define NEON_2RM_VCLE0_F 27
   4408 #define NEON_2RM_VCLT0_F 28
   4409 #define NEON_2RM_VABS_F 30
   4410 #define NEON_2RM_VNEG_F 31
   4411 #define NEON_2RM_VSWP 32
   4412 #define NEON_2RM_VTRN 33
   4413 #define NEON_2RM_VUZP 34
   4414 #define NEON_2RM_VZIP 35
   4415 #define NEON_2RM_VMOVN 36 /* Includes VQMOVN, VQMOVUN */
   4416 #define NEON_2RM_VQMOVN 37 /* Includes VQMOVUN */
   4417 #define NEON_2RM_VSHLL 38
   4418 #define NEON_2RM_VCVT_F16_F32 44
   4419 #define NEON_2RM_VCVT_F32_F16 46
   4420 #define NEON_2RM_VRECPE 56
   4421 #define NEON_2RM_VRSQRTE 57
   4422 #define NEON_2RM_VRECPE_F 58
   4423 #define NEON_2RM_VRSQRTE_F 59
   4424 #define NEON_2RM_VCVT_FS 60
   4425 #define NEON_2RM_VCVT_FU 61
   4426 #define NEON_2RM_VCVT_SF 62
   4427 #define NEON_2RM_VCVT_UF 63
   4428 
   4429 static int neon_2rm_is_float_op(int op)
   4430 {
   4431     /* Return true if this neon 2reg-misc op is float-to-float */
   4432     return (op == NEON_2RM_VABS_F || op == NEON_2RM_VNEG_F ||
   4433             op >= NEON_2RM_VRECPE_F);
   4434 }
   4435 
   4436 /* Each entry in this array has bit n set if the insn allows
   4437  * size value n (otherwise it will UNDEF). Since unallocated
   4438  * op values will have no bits set they always UNDEF.
   4439  */
   4440 static const uint8_t neon_2rm_sizes[] = {
   4441     [NEON_2RM_VREV64] = 0x7,
   4442     [NEON_2RM_VREV32] = 0x3,
   4443     [NEON_2RM_VREV16] = 0x1,
   4444     [NEON_2RM_VPADDL] = 0x7,
   4445     [NEON_2RM_VPADDL_U] = 0x7,
   4446     [NEON_2RM_VCLS] = 0x7,
   4447     [NEON_2RM_VCLZ] = 0x7,
   4448     [NEON_2RM_VCNT] = 0x1,
   4449     [NEON_2RM_VMVN] = 0x1,
   4450     [NEON_2RM_VPADAL] = 0x7,
   4451     [NEON_2RM_VPADAL_U] = 0x7,
   4452     [NEON_2RM_VQABS] = 0x7,
   4453     [NEON_2RM_VQNEG] = 0x7,
   4454     [NEON_2RM_VCGT0] = 0x7,
   4455     [NEON_2RM_VCGE0] = 0x7,
   4456     [NEON_2RM_VCEQ0] = 0x7,
   4457     [NEON_2RM_VCLE0] = 0x7,
   4458     [NEON_2RM_VCLT0] = 0x7,
   4459     [NEON_2RM_VABS] = 0x7,
   4460     [NEON_2RM_VNEG] = 0x7,
   4461     [NEON_2RM_VCGT0_F] = 0x4,
   4462     [NEON_2RM_VCGE0_F] = 0x4,
   4463     [NEON_2RM_VCEQ0_F] = 0x4,
   4464     [NEON_2RM_VCLE0_F] = 0x4,
   4465     [NEON_2RM_VCLT0_F] = 0x4,
   4466     [NEON_2RM_VABS_F] = 0x4,
   4467     [NEON_2RM_VNEG_F] = 0x4,
   4468     [NEON_2RM_VSWP] = 0x1,
   4469     [NEON_2RM_VTRN] = 0x7,
   4470     [NEON_2RM_VUZP] = 0x7,
   4471     [NEON_2RM_VZIP] = 0x7,
   4472     [NEON_2RM_VMOVN] = 0x7,
   4473     [NEON_2RM_VQMOVN] = 0x7,
   4474     [NEON_2RM_VSHLL] = 0x7,
   4475     [NEON_2RM_VCVT_F16_F32] = 0x2,
   4476     [NEON_2RM_VCVT_F32_F16] = 0x2,
   4477     [NEON_2RM_VRECPE] = 0x4,
   4478     [NEON_2RM_VRSQRTE] = 0x4,
   4479     [NEON_2RM_VRECPE_F] = 0x4,
   4480     [NEON_2RM_VRSQRTE_F] = 0x4,
   4481     [NEON_2RM_VCVT_FS] = 0x4,
   4482     [NEON_2RM_VCVT_FU] = 0x4,
   4483     [NEON_2RM_VCVT_SF] = 0x4,
   4484     [NEON_2RM_VCVT_UF] = 0x4,
   4485 };
   4486 
   4487 /* Translate a NEON data processing instruction.  Return nonzero if the
   4488    instruction is invalid.
   4489    We process data in a mixture of 32-bit and 64-bit chunks.
   4490    Mostly we use 32-bit chunks so we can use normal scalar instructions.  */
   4491 
   4492 static int disas_neon_data_insn(CPUARMState * env, DisasContext *s, uint32_t insn)
   4493 {
   4494     int op;
   4495     int q;
   4496     int rd, rn, rm;
   4497     int size;
   4498     int shift;
   4499     int pass;
   4500     int count;
   4501     int pairwise;
   4502     int u;
   4503     uint32_t imm, mask;
   4504     TCGv tmp, tmp2, tmp3, tmp4, tmp5;
   4505     TCGv_i64 tmp64;
   4506 
   4507     if (!s->vfp_enabled)
   4508       return 1;
   4509     q = (insn & (1 << 6)) != 0;
   4510     u = (insn >> 24) & 1;
   4511     VFP_DREG_D(rd, insn);
   4512     VFP_DREG_N(rn, insn);
   4513     VFP_DREG_M(rm, insn);
   4514     size = (insn >> 20) & 3;
   4515     if ((insn & (1 << 23)) == 0) {
   4516         /* Three register same length.  */
   4517         op = ((insn >> 7) & 0x1e) | ((insn >> 4) & 1);
   4518         /* Catch invalid op and bad size combinations: UNDEF */
   4519         if ((neon_3r_sizes[op] & (1 << size)) == 0) {
   4520             return 1;
   4521         }
   4522         /* All insns of this form UNDEF for either this condition or the
   4523          * superset of cases "Q==1"; we catch the latter later.
   4524          */
   4525         if (q && ((rd | rn | rm) & 1)) {
   4526             return 1;
   4527         }
   4528         if (size == 3 && op != NEON_3R_LOGIC) {
   4529             /* 64-bit element instructions. */
   4530             for (pass = 0; pass < (q ? 2 : 1); pass++) {
   4531                 neon_load_reg64(cpu_V0, rn + pass);
   4532                 neon_load_reg64(cpu_V1, rm + pass);
   4533                 switch (op) {
   4534                 case NEON_3R_VQADD:
   4535                     if (u) {
   4536                         gen_helper_neon_qadd_u64(cpu_V0, cpu_env,
   4537                                                  cpu_V0, cpu_V1);
   4538                     } else {
   4539                         gen_helper_neon_qadd_s64(cpu_V0, cpu_env,
   4540                                                  cpu_V0, cpu_V1);
   4541                     }
   4542                     break;
   4543                 case NEON_3R_VQSUB:
   4544                     if (u) {
   4545                         gen_helper_neon_qsub_u64(cpu_V0, cpu_env,
   4546                                                  cpu_V0, cpu_V1);
   4547                     } else {
   4548                         gen_helper_neon_qsub_s64(cpu_V0, cpu_env,
   4549                                                  cpu_V0, cpu_V1);
   4550                     }
   4551                     break;
   4552                 case NEON_3R_VSHL:
   4553                     if (u) {
   4554                         gen_helper_neon_shl_u64(cpu_V0, cpu_V1, cpu_V0);
   4555                     } else {
   4556                         gen_helper_neon_shl_s64(cpu_V0, cpu_V1, cpu_V0);
   4557                     }
   4558                     break;
   4559                 case NEON_3R_VQSHL:
   4560                     if (u) {
   4561                         gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
   4562                                                  cpu_V1, cpu_V0);
   4563                     } else {
   4564                         gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
   4565                                                  cpu_V1, cpu_V0);
   4566                     }
   4567                     break;
   4568                 case NEON_3R_VRSHL:
   4569                     if (u) {
   4570                         gen_helper_neon_rshl_u64(cpu_V0, cpu_V1, cpu_V0);
   4571                     } else {
   4572                         gen_helper_neon_rshl_s64(cpu_V0, cpu_V1, cpu_V0);
   4573                     }
   4574                     break;
   4575                 case NEON_3R_VQRSHL:
   4576                     if (u) {
   4577                         gen_helper_neon_qrshl_u64(cpu_V0, cpu_env,
   4578                                                   cpu_V1, cpu_V0);
   4579                     } else {
   4580                         gen_helper_neon_qrshl_s64(cpu_V0, cpu_env,
   4581                                                   cpu_V1, cpu_V0);
   4582                     }
   4583                     break;
   4584                 case NEON_3R_VADD_VSUB:
   4585                     if (u) {
   4586                         tcg_gen_sub_i64(CPU_V001);
   4587                     } else {
   4588                         tcg_gen_add_i64(CPU_V001);
   4589                     }
   4590                     break;
   4591                 default:
   4592                     abort();
   4593                 }
   4594                 neon_store_reg64(cpu_V0, rd + pass);
   4595             }
   4596             return 0;
   4597         }
   4598         pairwise = 0;
   4599         switch (op) {
   4600         case NEON_3R_VSHL:
   4601         case NEON_3R_VQSHL:
   4602         case NEON_3R_VRSHL:
   4603         case NEON_3R_VQRSHL:
   4604             {
   4605                 int rtmp;
   4606                 /* Shift instruction operands are reversed.  */
   4607                 rtmp = rn;
   4608                 rn = rm;
   4609                 rm = rtmp;
   4610             }
   4611             break;
   4612         case NEON_3R_VPADD:
   4613             if (u) {
   4614                 return 1;
   4615             }
   4616             /* Fall through */
   4617         case NEON_3R_VPMAX:
   4618         case NEON_3R_VPMIN:
   4619             pairwise = 1;
   4620             break;
   4621         case NEON_3R_FLOAT_ARITH:
   4622             pairwise = (u && size < 2); /* if VPADD (float) */
   4623             break;
   4624         case NEON_3R_FLOAT_MINMAX:
   4625             pairwise = u; /* if VPMIN/VPMAX (float) */
   4626             break;
   4627         case NEON_3R_FLOAT_CMP:
   4628             if (!u && size) {
   4629                 /* no encoding for U=0 C=1x */
   4630                 return 1;
   4631             }
   4632             break;
   4633         case NEON_3R_FLOAT_ACMP:
   4634             if (!u) {
   4635                 return 1;
   4636             }
   4637             break;
   4638         case NEON_3R_VRECPS_VRSQRTS:
   4639             if (u) {
   4640                 return 1;
   4641             }
   4642             break;
   4643         case NEON_3R_VMUL:
   4644             if (u && (size != 0)) {
   4645                 /* UNDEF on invalid size for polynomial subcase */
   4646                 return 1;
   4647             }
   4648             break;
   4649         default:
   4650             break;
   4651         }
   4652 
   4653         if (pairwise && q) {
   4654             /* All the pairwise insns UNDEF if Q is set */
   4655             return 1;
   4656         }
   4657 
   4658         for (pass = 0; pass < (q ? 4 : 2); pass++) {
   4659 
   4660         if (pairwise) {
   4661             /* Pairwise.  */
   4662             if (pass < 1) {
   4663                 tmp = neon_load_reg(rn, 0);
   4664                 tmp2 = neon_load_reg(rn, 1);
   4665             } else {
   4666                 tmp = neon_load_reg(rm, 0);
   4667                 tmp2 = neon_load_reg(rm, 1);
   4668             }
   4669         } else {
   4670             /* Elementwise.  */
   4671             tmp = neon_load_reg(rn, pass);
   4672             tmp2 = neon_load_reg(rm, pass);
   4673         }
   4674         switch (op) {
   4675         case NEON_3R_VHADD:
   4676             GEN_NEON_INTEGER_OP(hadd);
   4677             break;
   4678         case NEON_3R_VQADD:
   4679             GEN_NEON_INTEGER_OP_ENV(qadd);
   4680             break;
   4681         case NEON_3R_VRHADD:
   4682             GEN_NEON_INTEGER_OP(rhadd);
   4683             break;
   4684         case NEON_3R_LOGIC: /* Logic ops.  */
   4685             switch ((u << 2) | size) {
   4686             case 0: /* VAND */
   4687                 tcg_gen_and_i32(tmp, tmp, tmp2);
   4688                 break;
   4689             case 1: /* BIC */
   4690                 tcg_gen_andc_i32(tmp, tmp, tmp2);
   4691                 break;
   4692             case 2: /* VORR */
   4693                 tcg_gen_or_i32(tmp, tmp, tmp2);
   4694                 break;
   4695             case 3: /* VORN */
   4696                 tcg_gen_orc_i32(tmp, tmp, tmp2);
   4697                 break;
   4698             case 4: /* VEOR */
   4699                 tcg_gen_xor_i32(tmp, tmp, tmp2);
   4700                 break;
   4701             case 5: /* VBSL */
   4702                 tmp3 = neon_load_reg(rd, pass);
   4703                 gen_neon_bsl(tmp, tmp, tmp2, tmp3);
   4704                 tcg_temp_free_i32(tmp3);
   4705                 break;
   4706             case 6: /* VBIT */
   4707                 tmp3 = neon_load_reg(rd, pass);
   4708                 gen_neon_bsl(tmp, tmp, tmp3, tmp2);
   4709                 tcg_temp_free_i32(tmp3);
   4710                 break;
   4711             case 7: /* VBIF */
   4712                 tmp3 = neon_load_reg(rd, pass);
   4713                 gen_neon_bsl(tmp, tmp3, tmp, tmp2);
   4714                 tcg_temp_free_i32(tmp3);
   4715                 break;
   4716             }
   4717             break;
   4718         case NEON_3R_VHSUB:
   4719             GEN_NEON_INTEGER_OP(hsub);
   4720             break;
   4721         case NEON_3R_VQSUB:
   4722             GEN_NEON_INTEGER_OP_ENV(qsub);
   4723             break;
   4724         case NEON_3R_VCGT:
   4725             GEN_NEON_INTEGER_OP(cgt);
   4726             break;
   4727         case NEON_3R_VCGE:
   4728             GEN_NEON_INTEGER_OP(cge);
   4729             break;
   4730         case NEON_3R_VSHL:
   4731             GEN_NEON_INTEGER_OP(shl);
   4732             break;
   4733         case NEON_3R_VQSHL:
   4734             GEN_NEON_INTEGER_OP_ENV(qshl);
   4735             break;
   4736         case NEON_3R_VRSHL:
   4737             GEN_NEON_INTEGER_OP(rshl);
   4738             break;
   4739         case NEON_3R_VQRSHL:
   4740             GEN_NEON_INTEGER_OP_ENV(qrshl);
   4741             break;
   4742         case NEON_3R_VMAX:
   4743             GEN_NEON_INTEGER_OP(max);
   4744             break;
   4745         case NEON_3R_VMIN:
   4746             GEN_NEON_INTEGER_OP(min);
   4747             break;
   4748         case NEON_3R_VABD:
   4749             GEN_NEON_INTEGER_OP(abd);
   4750             break;
   4751         case NEON_3R_VABA:
   4752             GEN_NEON_INTEGER_OP(abd);
   4753             tcg_temp_free_i32(tmp2);
   4754             tmp2 = neon_load_reg(rd, pass);
   4755             gen_neon_add(size, tmp, tmp2);
   4756             break;
   4757         case NEON_3R_VADD_VSUB:
   4758             if (!u) { /* VADD */
   4759                 gen_neon_add(size, tmp, tmp2);
   4760             } else { /* VSUB */
   4761                 switch (size) {
   4762                 case 0: gen_helper_neon_sub_u8(tmp, tmp, tmp2); break;
   4763                 case 1: gen_helper_neon_sub_u16(tmp, tmp, tmp2); break;
   4764                 case 2: tcg_gen_sub_i32(tmp, tmp, tmp2); break;
   4765                 default: abort();
   4766                 }
   4767             }
   4768             break;
   4769         case NEON_3R_VTST_VCEQ:
   4770             if (!u) { /* VTST */
   4771                 switch (size) {
   4772                 case 0: gen_helper_neon_tst_u8(tmp, tmp, tmp2); break;
   4773                 case 1: gen_helper_neon_tst_u16(tmp, tmp, tmp2); break;
   4774                 case 2: gen_helper_neon_tst_u32(tmp, tmp, tmp2); break;
   4775                 default: abort();
   4776                 }
   4777             } else { /* VCEQ */
   4778                 switch (size) {
   4779                 case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
   4780                 case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
   4781                 case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
   4782                 default: abort();
   4783                 }
   4784             }
   4785             break;
   4786         case NEON_3R_VML: /* VMLA, VMLAL, VMLS,VMLSL */
   4787             switch (size) {
   4788             case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
   4789             case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
   4790             case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
   4791             default: abort();
   4792             }
   4793             tcg_temp_free_i32(tmp2);
   4794             tmp2 = neon_load_reg(rd, pass);
   4795             if (u) { /* VMLS */
   4796                 gen_neon_rsb(size, tmp, tmp2);
   4797             } else { /* VMLA */
   4798                 gen_neon_add(size, tmp, tmp2);
   4799             }
   4800             break;
   4801         case NEON_3R_VMUL:
   4802             if (u) { /* polynomial */
   4803                 gen_helper_neon_mul_p8(tmp, tmp, tmp2);
   4804             } else { /* Integer */
   4805                 switch (size) {
   4806                 case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
   4807                 case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
   4808                 case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
   4809                 default: abort();
   4810                 }
   4811             }
   4812             break;
   4813         case NEON_3R_VPMAX:
   4814             GEN_NEON_INTEGER_OP(pmax);
   4815             break;
   4816         case NEON_3R_VPMIN:
   4817             GEN_NEON_INTEGER_OP(pmin);
   4818             break;
   4819         case NEON_3R_VQDMULH_VQRDMULH: /* Multiply high.  */
   4820             if (!u) { /* VQDMULH */
   4821                 switch (size) {
   4822                 case 1:
   4823                     gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
   4824                     break;
   4825                 case 2:
   4826                     gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
   4827                     break;
   4828                 default: abort();
   4829                 }
   4830             } else { /* VQRDMULH */
   4831                 switch (size) {
   4832                 case 1:
   4833                     gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
   4834                     break;
   4835                 case 2:
   4836                     gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
   4837                     break;
   4838                 default: abort();
   4839                 }
   4840             }
   4841             break;
   4842         case NEON_3R_VPADD:
   4843             switch (size) {
   4844             case 0: gen_helper_neon_padd_u8(tmp, tmp, tmp2); break;
   4845             case 1: gen_helper_neon_padd_u16(tmp, tmp, tmp2); break;
   4846             case 2: tcg_gen_add_i32(tmp, tmp, tmp2); break;
   4847             default: abort();
   4848             }
   4849             break;
   4850         case NEON_3R_FLOAT_ARITH: /* Floating point arithmetic. */
   4851         {
   4852             TCGv_ptr fpstatus = get_fpstatus_ptr(1);
   4853             switch ((u << 2) | size) {
   4854             case 0: /* VADD */
   4855             case 4: /* VPADD */
   4856                 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
   4857                 break;
   4858             case 2: /* VSUB */
   4859                 gen_helper_vfp_subs(tmp, tmp, tmp2, fpstatus);
   4860                 break;
   4861             case 6: /* VABD */
   4862                 gen_helper_neon_abd_f32(tmp, tmp, tmp2, fpstatus);
   4863                 break;
   4864             default:
   4865                 abort();
   4866             }
   4867             tcg_temp_free_ptr(fpstatus);
   4868             break;
   4869         }
   4870         case NEON_3R_FLOAT_MULTIPLY:
   4871         {
   4872             TCGv_ptr fpstatus = get_fpstatus_ptr(1);
   4873             gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
   4874             if (!u) {
   4875                 tcg_temp_free_i32(tmp2);
   4876                 tmp2 = neon_load_reg(rd, pass);
   4877                 if (size == 0) {
   4878                     gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
   4879                 } else {
   4880                     gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
   4881                 }
   4882             }
   4883             tcg_temp_free_ptr(fpstatus);
   4884             break;
   4885         }
   4886         case NEON_3R_FLOAT_CMP:
   4887         {
   4888             TCGv_ptr fpstatus = get_fpstatus_ptr(1);
   4889             if (!u) {
   4890                 gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
   4891             } else {
   4892                 if (size == 0) {
   4893                     gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
   4894                 } else {
   4895                     gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
   4896                 }
   4897             }
   4898             tcg_temp_free_ptr(fpstatus);
   4899             break;
   4900         }
   4901         case NEON_3R_FLOAT_ACMP:
   4902         {
   4903             TCGv_ptr fpstatus = get_fpstatus_ptr(1);
   4904             if (size == 0) {
   4905                 gen_helper_neon_acge_f32(tmp, tmp, tmp2, fpstatus);
   4906             } else {
   4907                 gen_helper_neon_acgt_f32(tmp, tmp, tmp2, fpstatus);
   4908             }
   4909             tcg_temp_free_ptr(fpstatus);
   4910             break;
   4911         }
   4912         case NEON_3R_FLOAT_MINMAX:
   4913         {
   4914             TCGv_ptr fpstatus = get_fpstatus_ptr(1);
   4915             if (size == 0) {
   4916                 gen_helper_neon_max_f32(tmp, tmp, tmp2, fpstatus);
   4917             } else {
   4918                 gen_helper_neon_min_f32(tmp, tmp, tmp2, fpstatus);
   4919             }
   4920             tcg_temp_free_ptr(fpstatus);
   4921             break;
   4922         }
   4923         case NEON_3R_VRECPS_VRSQRTS:
   4924             if (size == 0)
   4925                 gen_helper_recps_f32(tmp, tmp, tmp2, cpu_env);
   4926             else
   4927                 gen_helper_rsqrts_f32(tmp, tmp, tmp2, cpu_env);
   4928             break;
   4929         default:
   4930             abort();
   4931         }
   4932         tcg_temp_free_i32(tmp2);
   4933 
   4934         /* Save the result.  For elementwise operations we can put it
   4935            straight into the destination register.  For pairwise operations
   4936            we have to be careful to avoid clobbering the source operands.  */
   4937         if (pairwise && rd == rm) {
   4938             neon_store_scratch(pass, tmp);
   4939         } else {
   4940             neon_store_reg(rd, pass, tmp);
   4941         }
   4942 
   4943         } /* for pass */
   4944         if (pairwise && rd == rm) {
   4945             for (pass = 0; pass < (q ? 4 : 2); pass++) {
   4946                 tmp = neon_load_scratch(pass);
   4947                 neon_store_reg(rd, pass, tmp);
   4948             }
   4949         }
   4950         /* End of 3 register same size operations.  */
   4951     } else if (insn & (1 << 4)) {
   4952         if ((insn & 0x00380080) != 0) {
   4953             /* Two registers and shift.  */
   4954             op = (insn >> 8) & 0xf;
   4955             if (insn & (1 << 7)) {
   4956                 /* 64-bit shift. */
   4957                 if (op > 7) {
   4958                     return 1;
   4959                 }
   4960                 size = 3;
   4961             } else {
   4962                 size = 2;
   4963                 while ((insn & (1 << (size + 19))) == 0)
   4964                     size--;
   4965             }
   4966             shift = (insn >> 16) & ((1 << (3 + size)) - 1);
   4967             /* To avoid excessive dumplication of ops we implement shift
   4968                by immediate using the variable shift operations.  */
   4969             if (op < 8) {
   4970                 /* Shift by immediate:
   4971                    VSHR, VSRA, VRSHR, VRSRA, VSRI, VSHL, VQSHL, VQSHLU.  */
   4972                 if (q && ((rd | rm) & 1)) {
   4973                     return 1;
   4974                 }
   4975                 if (!u && (op == 4 || op == 6)) {
   4976                     return 1;
   4977                 }
   4978                 /* Right shifts are encoded as N - shift, where N is the
   4979                    element size in bits.  */
   4980                 if (op <= 4)
   4981                     shift = shift - (1 << (size + 3));
   4982                 if (size == 3) {
   4983                     count = q + 1;
   4984                 } else {
   4985                     count = q ? 4: 2;
   4986                 }
   4987                 switch (size) {
   4988                 case 0:
   4989                     imm = (uint8_t) shift;
   4990                     imm |= imm << 8;
   4991                     imm |= imm << 16;
   4992                     break;
   4993                 case 1:
   4994                     imm = (uint16_t) shift;
   4995                     imm |= imm << 16;
   4996                     break;
   4997                 case 2:
   4998                 case 3:
   4999                     imm = shift;
   5000                     break;
   5001                 default:
   5002                     abort();
   5003                 }
   5004 
   5005                 for (pass = 0; pass < count; pass++) {
   5006                     if (size == 3) {
   5007                         neon_load_reg64(cpu_V0, rm + pass);
   5008                         tcg_gen_movi_i64(cpu_V1, imm);
   5009                         switch (op) {
   5010                         case 0:  /* VSHR */
   5011                         case 1:  /* VSRA */
   5012                             if (u)
   5013                                 gen_helper_neon_shl_u64(cpu_V0, cpu_V0, cpu_V1);
   5014                             else
   5015                                 gen_helper_neon_shl_s64(cpu_V0, cpu_V0, cpu_V1);
   5016                             break;
   5017                         case 2: /* VRSHR */
   5018                         case 3: /* VRSRA */
   5019                             if (u)
   5020                                 gen_helper_neon_rshl_u64(cpu_V0, cpu_V0, cpu_V1);
   5021                             else
   5022                                 gen_helper_neon_rshl_s64(cpu_V0, cpu_V0, cpu_V1);
   5023                             break;
   5024                         case 4: /* VSRI */
   5025                         case 5: /* VSHL, VSLI */
   5026                             gen_helper_neon_shl_u64(cpu_V0, cpu_V0, cpu_V1);
   5027                             break;
   5028                         case 6: /* VQSHLU */
   5029                             gen_helper_neon_qshlu_s64(cpu_V0, cpu_env,
   5030                                                       cpu_V0, cpu_V1);
   5031                             break;
   5032                         case 7: /* VQSHL */
   5033                             if (u) {
   5034                                 gen_helper_neon_qshl_u64(cpu_V0, cpu_env,
   5035                                                          cpu_V0, cpu_V1);
   5036                             } else {
   5037                                 gen_helper_neon_qshl_s64(cpu_V0, cpu_env,
   5038                                                          cpu_V0, cpu_V1);
   5039                             }
   5040                             break;
   5041                         }
   5042                         if (op == 1 || op == 3) {
   5043                             /* Accumulate.  */
   5044                             neon_load_reg64(cpu_V1, rd + pass);
   5045                             tcg_gen_add_i64(cpu_V0, cpu_V0, cpu_V1);
   5046                         } else if (op == 4 || (op == 5 && u)) {
   5047                             /* Insert */
   5048                             neon_load_reg64(cpu_V1, rd + pass);
   5049                             uint64_t mask;
   5050                             if (shift < -63 || shift > 63) {
   5051                                 mask = 0;
   5052                             } else {
   5053                                 if (op == 4) {
   5054                                     mask = 0xffffffffffffffffull >> -shift;
   5055                                 } else {
   5056                                     mask = 0xffffffffffffffffull << shift;
   5057                                 }
   5058                             }
   5059                             tcg_gen_andi_i64(cpu_V1, cpu_V1, ~mask);
   5060                             tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
   5061                         }
   5062                         neon_store_reg64(cpu_V0, rd + pass);
   5063                     } else { /* size < 3 */
   5064                         /* Operands in T0 and T1.  */
   5065                         tmp = neon_load_reg(rm, pass);
   5066                         tmp2 = tcg_const_i32(imm);
   5067                         switch (op) {
   5068                         case 0:  /* VSHR */
   5069                         case 1:  /* VSRA */
   5070                             GEN_NEON_INTEGER_OP(shl);
   5071                             break;
   5072                         case 2: /* VRSHR */
   5073                         case 3: /* VRSRA */
   5074                             GEN_NEON_INTEGER_OP(rshl);
   5075                             break;
   5076                         case 4: /* VSRI */
   5077                         case 5: /* VSHL, VSLI */
   5078                             switch (size) {
   5079                             case 0: gen_helper_neon_shl_u8(tmp, tmp, tmp2); break;
   5080                             case 1: gen_helper_neon_shl_u16(tmp, tmp, tmp2); break;
   5081                             case 2: gen_helper_neon_shl_u32(tmp, tmp, tmp2); break;
   5082                             default: abort();
   5083                             }
   5084                             break;
   5085                         case 6: /* VQSHLU */
   5086                             switch (size) {
   5087                             case 0:
   5088                                 gen_helper_neon_qshlu_s8(tmp, cpu_env,
   5089                                                          tmp, tmp2);
   5090                                 break;
   5091                             case 1:
   5092                                 gen_helper_neon_qshlu_s16(tmp, cpu_env,
   5093                                                           tmp, tmp2);
   5094                                 break;
   5095                             case 2:
   5096                                 gen_helper_neon_qshlu_s32(tmp, cpu_env,
   5097                                                           tmp, tmp2);
   5098                                 break;
   5099                             default:
   5100                                 abort();
   5101                             }
   5102                             break;
   5103                         case 7: /* VQSHL */
   5104                             GEN_NEON_INTEGER_OP_ENV(qshl);
   5105                             break;
   5106                         }
   5107                         tcg_temp_free_i32(tmp2);
   5108 
   5109                         if (op == 1 || op == 3) {
   5110                             /* Accumulate.  */
   5111                             tmp2 = neon_load_reg(rd, pass);
   5112                             gen_neon_add(size, tmp, tmp2);
   5113                             tcg_temp_free_i32(tmp2);
   5114                         } else if (op == 4 || (op == 5 && u)) {
   5115                             /* Insert */
   5116                             switch (size) {
   5117                             case 0:
   5118                                 if (op == 4)
   5119                                     mask = 0xff >> -shift;
   5120                                 else
   5121                                     mask = (uint8_t)(0xff << shift);
   5122                                 mask |= mask << 8;
   5123                                 mask |= mask << 16;
   5124                                 break;
   5125                             case 1:
   5126                                 if (op == 4)
   5127                                     mask = 0xffff >> -shift;
   5128                                 else
   5129                                     mask = (uint16_t)(0xffff << shift);
   5130                                 mask |= mask << 16;
   5131                                 break;
   5132                             case 2:
   5133                                 if (shift < -31 || shift > 31) {
   5134                                     mask = 0;
   5135                                 } else {
   5136                                     if (op == 4)
   5137                                         mask = 0xffffffffu >> -shift;
   5138                                     else
   5139                                         mask = 0xffffffffu << shift;
   5140                                 }
   5141                                 break;
   5142                             default:
   5143                                 abort();
   5144                             }
   5145                             tmp2 = neon_load_reg(rd, pass);
   5146                             tcg_gen_andi_i32(tmp, tmp, mask);
   5147                             tcg_gen_andi_i32(tmp2, tmp2, ~mask);
   5148                             tcg_gen_or_i32(tmp, tmp, tmp2);
   5149                             tcg_temp_free_i32(tmp2);
   5150                         }
   5151                         neon_store_reg(rd, pass, tmp);
   5152                     }
   5153                 } /* for pass */
   5154             } else if (op < 10) {
   5155                 /* Shift by immediate and narrow:
   5156                    VSHRN, VRSHRN, VQSHRN, VQRSHRN.  */
   5157                 int input_unsigned = (op == 8) ? !u : u;
   5158                 if (rm & 1) {
   5159                     return 1;
   5160                 }
   5161                 shift = shift - (1 << (size + 3));
   5162                 size++;
   5163                 if (size == 3) {
   5164                     tmp64 = tcg_const_i64(shift);
   5165                     neon_load_reg64(cpu_V0, rm);
   5166                     neon_load_reg64(cpu_V1, rm + 1);
   5167                     for (pass = 0; pass < 2; pass++) {
   5168                         TCGv_i64 in;
   5169                         if (pass == 0) {
   5170                             in = cpu_V0;
   5171                         } else {
   5172                             in = cpu_V1;
   5173                         }
   5174                         if (q) {
   5175                             if (input_unsigned) {
   5176                                 gen_helper_neon_rshl_u64(cpu_V0, in, tmp64);
   5177                             } else {
   5178                                 gen_helper_neon_rshl_s64(cpu_V0, in, tmp64);
   5179                             }
   5180                         } else {
   5181                             if (input_unsigned) {
   5182                                 gen_helper_neon_shl_u64(cpu_V0, in, tmp64);
   5183                             } else {
   5184                                 gen_helper_neon_shl_s64(cpu_V0, in, tmp64);
   5185                             }
   5186                         }
   5187                         tmp = tcg_temp_new_i32();
   5188                         gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
   5189                         neon_store_reg(rd, pass, tmp);
   5190                     } /* for pass */
   5191                     tcg_temp_free_i64(tmp64);
   5192                 } else {
   5193                     if (size == 1) {
   5194                         imm = (uint16_t)shift;
   5195                         imm |= imm << 16;
   5196                     } else {
   5197                         /* size == 2 */
   5198                         imm = (uint32_t)shift;
   5199                     }
   5200                     tmp2 = tcg_const_i32(imm);
   5201                     tmp4 = neon_load_reg(rm + 1, 0);
   5202                     tmp5 = neon_load_reg(rm + 1, 1);
   5203                     for (pass = 0; pass < 2; pass++) {
   5204                         if (pass == 0) {
   5205                             tmp = neon_load_reg(rm, 0);
   5206                         } else {
   5207                             tmp = tmp4;
   5208                         }
   5209                         gen_neon_shift_narrow(size, tmp, tmp2, q,
   5210                                               input_unsigned);
   5211                         if (pass == 0) {
   5212                             tmp3 = neon_load_reg(rm, 1);
   5213                         } else {
   5214                             tmp3 = tmp5;
   5215                         }
   5216                         gen_neon_shift_narrow(size, tmp3, tmp2, q,
   5217                                               input_unsigned);
   5218                         tcg_gen_concat_i32_i64(cpu_V0, tmp, tmp3);
   5219                         tcg_temp_free_i32(tmp);
   5220                         tcg_temp_free_i32(tmp3);
   5221                         tmp = tcg_temp_new_i32();
   5222                         gen_neon_narrow_op(op == 8, u, size - 1, tmp, cpu_V0);
   5223                         neon_store_reg(rd, pass, tmp);
   5224                     } /* for pass */
   5225                     tcg_temp_free_i32(tmp2);
   5226                 }
   5227             } else if (op == 10) {
   5228                 /* VSHLL, VMOVL */
   5229                 if (q || (rd & 1)) {
   5230                     return 1;
   5231                 }
   5232                 tmp = neon_load_reg(rm, 0);
   5233                 tmp2 = neon_load_reg(rm, 1);
   5234                 for (pass = 0; pass < 2; pass++) {
   5235                     if (pass == 1)
   5236                         tmp = tmp2;
   5237 
   5238                     gen_neon_widen(cpu_V0, tmp, size, u);
   5239 
   5240                     if (shift != 0) {
   5241                         /* The shift is less than the width of the source
   5242                            type, so we can just shift the whole register.  */
   5243                         tcg_gen_shli_i64(cpu_V0, cpu_V0, shift);
   5244                         /* Widen the result of shift: we need to clear
   5245                          * the potential overflow bits resulting from
   5246                          * left bits of the narrow input appearing as
   5247                          * right bits of left the neighbour narrow
   5248                          * input.  */
   5249                         if (size < 2 || !u) {
   5250                             uint64_t imm64;
   5251                             if (size == 0) {
   5252                                 imm = (0xffu >> (8 - shift));
   5253                                 imm |= imm << 16;
   5254                             } else if (size == 1) {
   5255                                 imm = 0xffff >> (16 - shift);
   5256                             } else {
   5257                                 /* size == 2 */
   5258                                 imm = 0xffffffff >> (32 - shift);
   5259                             }
   5260                             if (size < 2) {
   5261                                 imm64 = imm | (((uint64_t)imm) << 32);
   5262                             } else {
   5263                                 imm64 = imm;
   5264                             }
   5265                             tcg_gen_andi_i64(cpu_V0, cpu_V0, ~imm64);
   5266                         }
   5267                     }
   5268                     neon_store_reg64(cpu_V0, rd + pass);
   5269                 }
   5270             } else if (op >= 14) {
   5271                 /* VCVT fixed-point.  */
   5272                 if (!(insn & (1 << 21)) || (q && ((rd | rm) & 1))) {
   5273                     return 1;
   5274                 }
   5275                 /* We have already masked out the must-be-1 top bit of imm6,
   5276                  * hence this 32-shift where the ARM ARM has 64-imm6.
   5277                  */
   5278                 shift = 32 - shift;
   5279                 for (pass = 0; pass < (q ? 4 : 2); pass++) {
   5280                     tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, pass));
   5281                     if (!(op & 1)) {
   5282                         if (u)
   5283                             gen_vfp_ulto(0, shift, 1);
   5284                         else
   5285                             gen_vfp_slto(0, shift, 1);
   5286                     } else {
   5287                         if (u)
   5288                             gen_vfp_toul(0, shift, 1);
   5289                         else
   5290                             gen_vfp_tosl(0, shift, 1);
   5291                     }
   5292                     tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, pass));
   5293                 }
   5294             } else {
   5295                 return 1;
   5296             }
   5297         } else { /* (insn & 0x00380080) == 0 */
   5298             int invert;
   5299             if (q && (rd & 1)) {
   5300                 return 1;
   5301             }
   5302 
   5303             op = (insn >> 8) & 0xf;
   5304             /* One register and immediate.  */
   5305             imm = (u << 7) | ((insn >> 12) & 0x70) | (insn & 0xf);
   5306             invert = (insn & (1 << 5)) != 0;
   5307             /* Note that op = 2,3,4,5,6,7,10,11,12,13 imm=0 is UNPREDICTABLE.
   5308              * We choose to not special-case this and will behave as if a
   5309              * valid constant encoding of 0 had been given.
   5310              */
   5311             switch (op) {
   5312             case 0: case 1:
   5313                 /* no-op */
   5314                 break;
   5315             case 2: case 3:
   5316                 imm <<= 8;
   5317                 break;
   5318             case 4: case 5:
   5319                 imm <<= 16;
   5320                 break;
   5321             case 6: case 7:
   5322                 imm <<= 24;
   5323                 break;
   5324             case 8: case 9:
   5325                 imm |= imm << 16;
   5326                 break;
   5327             case 10: case 11:
   5328                 imm = (imm << 8) | (imm << 24);
   5329                 break;
   5330             case 12:
   5331                 imm = (imm << 8) | 0xff;
   5332                 break;
   5333             case 13:
   5334                 imm = (imm << 16) | 0xffff;
   5335                 break;
   5336             case 14:
   5337                 imm |= (imm << 8) | (imm << 16) | (imm << 24);
   5338                 if (invert)
   5339                     imm = ~imm;
   5340                 break;
   5341             case 15:
   5342                 if (invert) {
   5343                     return 1;
   5344                 }
   5345                 imm = ((imm & 0x80) << 24) | ((imm & 0x3f) << 19)
   5346                       | ((imm & 0x40) ? (0x1f << 25) : (1 << 30));
   5347                 break;
   5348             }
   5349             if (invert)
   5350                 imm = ~imm;
   5351 
   5352             for (pass = 0; pass < (q ? 4 : 2); pass++) {
   5353                 if (op & 1 && op < 12) {
   5354                     tmp = neon_load_reg(rd, pass);
   5355                     if (invert) {
   5356                         /* The immediate value has already been inverted, so
   5357                            BIC becomes AND.  */
   5358                         tcg_gen_andi_i32(tmp, tmp, imm);
   5359                     } else {
   5360                         tcg_gen_ori_i32(tmp, tmp, imm);
   5361                     }
   5362                 } else {
   5363                     /* VMOV, VMVN.  */
   5364                     tmp = tcg_temp_new_i32();
   5365                     if (op == 14 && invert) {
   5366                         int n;
   5367                         uint32_t val;
   5368                         val = 0;
   5369                         for (n = 0; n < 4; n++) {
   5370                             if (imm & (1 << (n + (pass & 1) * 4)))
   5371                                 val |= 0xff << (n * 8);
   5372                         }
   5373                         tcg_gen_movi_i32(tmp, val);
   5374                     } else {
   5375                         tcg_gen_movi_i32(tmp, imm);
   5376                     }
   5377                 }
   5378                 neon_store_reg(rd, pass, tmp);
   5379             }
   5380         }
   5381     } else { /* (insn & 0x00800010 == 0x00800000) */
   5382         if (size != 3) {
   5383             op = (insn >> 8) & 0xf;
   5384             if ((insn & (1 << 6)) == 0) {
   5385                 /* Three registers of different lengths.  */
   5386                 int src1_wide;
   5387                 int src2_wide;
   5388                 int prewiden;
   5389                 /* undefreq: bit 0 : UNDEF if size != 0
   5390                  *           bit 1 : UNDEF if size == 0
   5391                  *           bit 2 : UNDEF if U == 1
   5392                  * Note that [1:0] set implies 'always UNDEF'
   5393                  */
   5394                 int undefreq;
   5395                 /* prewiden, src1_wide, src2_wide, undefreq */
   5396                 static const int neon_3reg_wide[16][4] = {
   5397                     {1, 0, 0, 0}, /* VADDL */
   5398                     {1, 1, 0, 0}, /* VADDW */
   5399                     {1, 0, 0, 0}, /* VSUBL */
   5400                     {1, 1, 0, 0}, /* VSUBW */
   5401                     {0, 1, 1, 0}, /* VADDHN */
   5402                     {0, 0, 0, 0}, /* VABAL */
   5403                     {0, 1, 1, 0}, /* VSUBHN */
   5404                     {0, 0, 0, 0}, /* VABDL */
   5405                     {0, 0, 0, 0}, /* VMLAL */
   5406                     {0, 0, 0, 6}, /* VQDMLAL */
   5407                     {0, 0, 0, 0}, /* VMLSL */
   5408                     {0, 0, 0, 6}, /* VQDMLSL */
   5409                     {0, 0, 0, 0}, /* Integer VMULL */
   5410                     {0, 0, 0, 2}, /* VQDMULL */
   5411                     {0, 0, 0, 5}, /* Polynomial VMULL */
   5412                     {0, 0, 0, 3}, /* Reserved: always UNDEF */
   5413                 };
   5414 
   5415                 prewiden = neon_3reg_wide[op][0];
   5416                 src1_wide = neon_3reg_wide[op][1];
   5417                 src2_wide = neon_3reg_wide[op][2];
   5418                 undefreq = neon_3reg_wide[op][3];
   5419 
   5420                 if (((undefreq & 1) && (size != 0)) ||
   5421                     ((undefreq & 2) && (size == 0)) ||
   5422                     ((undefreq & 4) && u)) {
   5423                     return 1;
   5424                 }
   5425                 if ((src1_wide && (rn & 1)) ||
   5426                     (src2_wide && (rm & 1)) ||
   5427                     (!src2_wide && (rd & 1))) {
   5428                     return 1;
   5429                 }
   5430 
   5431                 /* Avoid overlapping operands.  Wide source operands are
   5432                    always aligned so will never overlap with wide
   5433                    destinations in problematic ways.  */
   5434                 if (rd == rm && !src2_wide) {
   5435                     tmp = neon_load_reg(rm, 1);
   5436                     neon_store_scratch(2, tmp);
   5437                 } else if (rd == rn && !src1_wide) {
   5438                     tmp = neon_load_reg(rn, 1);
   5439                     neon_store_scratch(2, tmp);
   5440                 }
   5441                 TCGV_UNUSED(tmp3);
   5442                 for (pass = 0; pass < 2; pass++) {
   5443                     if (src1_wide) {
   5444                         neon_load_reg64(cpu_V0, rn + pass);
   5445                         TCGV_UNUSED(tmp);
   5446                     } else {
   5447                         if (pass == 1 && rd == rn) {
   5448                             tmp = neon_load_scratch(2);
   5449                         } else {
   5450                             tmp = neon_load_reg(rn, pass);
   5451                         }
   5452                         if (prewiden) {
   5453                             gen_neon_widen(cpu_V0, tmp, size, u);
   5454                         }
   5455                     }
   5456                     if (src2_wide) {
   5457                         neon_load_reg64(cpu_V1, rm + pass);
   5458                         TCGV_UNUSED(tmp2);
   5459                     } else {
   5460                         if (pass == 1 && rd == rm) {
   5461                             tmp2 = neon_load_scratch(2);
   5462                         } else {
   5463                             tmp2 = neon_load_reg(rm, pass);
   5464                         }
   5465                         if (prewiden) {
   5466                             gen_neon_widen(cpu_V1, tmp2, size, u);
   5467                         }
   5468                     }
   5469                     switch (op) {
   5470                     case 0: case 1: case 4: /* VADDL, VADDW, VADDHN, VRADDHN */
   5471                         gen_neon_addl(size);
   5472                         break;
   5473                     case 2: case 3: case 6: /* VSUBL, VSUBW, VSUBHN, VRSUBHN */
   5474                         gen_neon_subl(size);
   5475                         break;
   5476                     case 5: case 7: /* VABAL, VABDL */
   5477                         switch ((size << 1) | u) {
   5478                         case 0:
   5479                             gen_helper_neon_abdl_s16(cpu_V0, tmp, tmp2);
   5480                             break;
   5481                         case 1:
   5482                             gen_helper_neon_abdl_u16(cpu_V0, tmp, tmp2);
   5483                             break;
   5484                         case 2:
   5485                             gen_helper_neon_abdl_s32(cpu_V0, tmp, tmp2);
   5486                             break;
   5487                         case 3:
   5488                             gen_helper_neon_abdl_u32(cpu_V0, tmp, tmp2);
   5489                             break;
   5490                         case 4:
   5491                             gen_helper_neon_abdl_s64(cpu_V0, tmp, tmp2);
   5492                             break;
   5493                         case 5:
   5494                             gen_helper_neon_abdl_u64(cpu_V0, tmp, tmp2);
   5495                             break;
   5496                         default: abort();
   5497                         }
   5498                         tcg_temp_free_i32(tmp2);
   5499                         tcg_temp_free_i32(tmp);
   5500                         break;
   5501                     case 8: case 9: case 10: case 11: case 12: case 13:
   5502                         /* VMLAL, VQDMLAL, VMLSL, VQDMLSL, VMULL, VQDMULL */
   5503                         gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
   5504                         break;
   5505                     case 14: /* Polynomial VMULL */
   5506                         gen_helper_neon_mull_p8(cpu_V0, tmp, tmp2);
   5507                         tcg_temp_free_i32(tmp2);
   5508                         tcg_temp_free_i32(tmp);
   5509                         break;
   5510                     default: /* 15 is RESERVED: caught earlier  */
   5511                         abort();
   5512                     }
   5513                     if (op == 13) {
   5514                         /* VQDMULL */
   5515                         gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
   5516                         neon_store_reg64(cpu_V0, rd + pass);
   5517                     } else if (op == 5 || (op >= 8 && op <= 11)) {
   5518                         /* Accumulate.  */
   5519                         neon_load_reg64(cpu_V1, rd + pass);
   5520                         switch (op) {
   5521                         case 10: /* VMLSL */
   5522                             gen_neon_negl(cpu_V0, size);
   5523                             /* Fall through */
   5524                         case 5: case 8: /* VABAL, VMLAL */
   5525                             gen_neon_addl(size);
   5526                             break;
   5527                         case 9: case 11: /* VQDMLAL, VQDMLSL */
   5528                             gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
   5529                             if (op == 11) {
   5530                                 gen_neon_negl(cpu_V0, size);
   5531                             }
   5532                             gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
   5533                             break;
   5534                         default:
   5535                             abort();
   5536                         }
   5537                         neon_store_reg64(cpu_V0, rd + pass);
   5538                     } else if (op == 4 || op == 6) {
   5539                         /* Narrowing operation.  */
   5540                         tmp = tcg_temp_new_i32();
   5541                         if (!u) {
   5542                             switch (size) {
   5543                             case 0:
   5544                                 gen_helper_neon_narrow_high_u8(tmp, cpu_V0);
   5545                                 break;
   5546                             case 1:
   5547                                 gen_helper_neon_narrow_high_u16(tmp, cpu_V0);
   5548                                 break;
   5549                             case 2:
   5550                                 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
   5551                                 tcg_gen_trunc_i64_i32(tmp, cpu_V0);
   5552                                 break;
   5553                             default: abort();
   5554                             }
   5555                         } else {
   5556                             switch (size) {
   5557                             case 0:
   5558                                 gen_helper_neon_narrow_round_high_u8(tmp, cpu_V0);
   5559                                 break;
   5560                             case 1:
   5561                                 gen_helper_neon_narrow_round_high_u16(tmp, cpu_V0);
   5562                                 break;
   5563                             case 2:
   5564                                 tcg_gen_addi_i64(cpu_V0, cpu_V0, 1u << 31);
   5565                                 tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
   5566                                 tcg_gen_trunc_i64_i32(tmp, cpu_V0);
   5567                                 break;
   5568                             default: abort();
   5569                             }
   5570                         }
   5571                         if (pass == 0) {
   5572                             tmp3 = tmp;
   5573                         } else {
   5574                             neon_store_reg(rd, 0, tmp3);
   5575                             neon_store_reg(rd, 1, tmp);
   5576                         }
   5577                     } else {
   5578                         /* Write back the result.  */
   5579                         neon_store_reg64(cpu_V0, rd + pass);
   5580                     }
   5581                 }
   5582             } else {
   5583                 /* Two registers and a scalar. NB that for ops of this form
   5584                  * the ARM ARM labels bit 24 as Q, but it is in our variable
   5585                  * 'u', not 'q'.
   5586                  */
   5587                 if (size == 0) {
   5588                     return 1;
   5589                 }
   5590                 switch (op) {
   5591                 case 1: /* Float VMLA scalar */
   5592                 case 5: /* Floating point VMLS scalar */
   5593                 case 9: /* Floating point VMUL scalar */
   5594                     if (size == 1) {
   5595                         return 1;
   5596                     }
   5597                     /* fall through */
   5598                 case 0: /* Integer VMLA scalar */
   5599                 case 4: /* Integer VMLS scalar */
   5600                 case 8: /* Integer VMUL scalar */
   5601                 case 12: /* VQDMULH scalar */
   5602                 case 13: /* VQRDMULH scalar */
   5603                     if (u && ((rd | rn) & 1)) {
   5604                         return 1;
   5605                     }
   5606                     tmp = neon_get_scalar(size, rm);
   5607                     neon_store_scratch(0, tmp);
   5608                     for (pass = 0; pass < (u ? 4 : 2); pass++) {
   5609                         tmp = neon_load_scratch(0);
   5610                         tmp2 = neon_load_reg(rn, pass);
   5611                         if (op == 12) {
   5612                             if (size == 1) {
   5613                                 gen_helper_neon_qdmulh_s16(tmp, cpu_env, tmp, tmp2);
   5614                             } else {
   5615                                 gen_helper_neon_qdmulh_s32(tmp, cpu_env, tmp, tmp2);
   5616                             }
   5617                         } else if (op == 13) {
   5618                             if (size == 1) {
   5619                                 gen_helper_neon_qrdmulh_s16(tmp, cpu_env, tmp, tmp2);
   5620                             } else {
   5621                                 gen_helper_neon_qrdmulh_s32(tmp, cpu_env, tmp, tmp2);
   5622                             }
   5623                         } else if (op & 1) {
   5624                             TCGv_ptr fpstatus = get_fpstatus_ptr(1);
   5625                             gen_helper_vfp_muls(tmp, tmp, tmp2, fpstatus);
   5626                             tcg_temp_free_ptr(fpstatus);
   5627                         } else {
   5628                             switch (size) {
   5629                             case 0: gen_helper_neon_mul_u8(tmp, tmp, tmp2); break;
   5630                             case 1: gen_helper_neon_mul_u16(tmp, tmp, tmp2); break;
   5631                             case 2: tcg_gen_mul_i32(tmp, tmp, tmp2); break;
   5632                             default: abort();
   5633                             }
   5634                         }
   5635                         tcg_temp_free_i32(tmp2);
   5636                         if (op < 8) {
   5637                             /* Accumulate.  */
   5638                             tmp2 = neon_load_reg(rd, pass);
   5639                             switch (op) {
   5640                             case 0:
   5641                                 gen_neon_add(size, tmp, tmp2);
   5642                                 break;
   5643                             case 1:
   5644                             {
   5645                                 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
   5646                                 gen_helper_vfp_adds(tmp, tmp, tmp2, fpstatus);
   5647                                 tcg_temp_free_ptr(fpstatus);
   5648                                 break;
   5649                             }
   5650                             case 4:
   5651                                 gen_neon_rsb(size, tmp, tmp2);
   5652                                 break;
   5653                             case 5:
   5654                             {
   5655                                 TCGv_ptr fpstatus = get_fpstatus_ptr(1);
   5656                                 gen_helper_vfp_subs(tmp, tmp2, tmp, fpstatus);
   5657                                 tcg_temp_free_ptr(fpstatus);
   5658                                 break;
   5659                             }
   5660                             default:
   5661                                 abort();
   5662                             }
   5663                             tcg_temp_free_i32(tmp2);
   5664                         }
   5665                         neon_store_reg(rd, pass, tmp);
   5666                     }
   5667                     break;
   5668                 case 3: /* VQDMLAL scalar */
   5669                 case 7: /* VQDMLSL scalar */
   5670                 case 11: /* VQDMULL scalar */
   5671                     if (u == 1) {
   5672                         return 1;
   5673                     }
   5674                     /* fall through */
   5675                 case 2: /* VMLAL sclar */
   5676                 case 6: /* VMLSL scalar */
   5677                 case 10: /* VMULL scalar */
   5678                     if (rd & 1) {
   5679                         return 1;
   5680                     }
   5681                     tmp2 = neon_get_scalar(size, rm);
   5682                     /* We need a copy of tmp2 because gen_neon_mull
   5683                      * deletes it during pass 0.  */
   5684                     tmp4 = tcg_temp_new_i32();
   5685                     tcg_gen_mov_i32(tmp4, tmp2);
   5686                     tmp3 = neon_load_reg(rn, 1);
   5687 
   5688                     for (pass = 0; pass < 2; pass++) {
   5689                         if (pass == 0) {
   5690                             tmp = neon_load_reg(rn, 0);
   5691                         } else {
   5692                             tmp = tmp3;
   5693                             tmp2 = tmp4;
   5694                         }
   5695                         gen_neon_mull(cpu_V0, tmp, tmp2, size, u);
   5696                         if (op != 11) {
   5697                             neon_load_reg64(cpu_V1, rd + pass);
   5698                         }
   5699                         switch (op) {
   5700                         case 6:
   5701                             gen_neon_negl(cpu_V0, size);
   5702                             /* Fall through */
   5703                         case 2:
   5704                             gen_neon_addl(size);
   5705                             break;
   5706                         case 3: case 7:
   5707                             gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
   5708                             if (op == 7) {
   5709                                 gen_neon_negl(cpu_V0, size);
   5710                             }
   5711                             gen_neon_addl_saturate(cpu_V0, cpu_V1, size);
   5712                             break;
   5713                         case 10:
   5714                             /* no-op */
   5715                             break;
   5716                         case 11:
   5717                             gen_neon_addl_saturate(cpu_V0, cpu_V0, size);
   5718                             break;
   5719                         default:
   5720                             abort();
   5721                         }
   5722                         neon_store_reg64(cpu_V0, rd + pass);
   5723                     }
   5724 
   5725 
   5726                     break;
   5727                 default: /* 14 and 15 are RESERVED */
   5728                     return 1;
   5729                 }
   5730             }
   5731         } else { /* size == 3 */
   5732             if (!u) {
   5733                 /* Extract.  */
   5734                 imm = (insn >> 8) & 0xf;
   5735 
   5736                 if (imm > 7 && !q)
   5737                     return 1;
   5738 
   5739                 if (q && ((rd | rn | rm) & 1)) {
   5740                     return 1;
   5741                 }
   5742 
   5743                 if (imm == 0) {
   5744                     neon_load_reg64(cpu_V0, rn);
   5745                     if (q) {
   5746                         neon_load_reg64(cpu_V1, rn + 1);
   5747                     }
   5748                 } else if (imm == 8) {
   5749                     neon_load_reg64(cpu_V0, rn + 1);
   5750                     if (q) {
   5751                         neon_load_reg64(cpu_V1, rm);
   5752                     }
   5753                 } else if (q) {
   5754                     tmp64 = tcg_temp_new_i64();
   5755                     if (imm < 8) {
   5756                         neon_load_reg64(cpu_V0, rn);
   5757                         neon_load_reg64(tmp64, rn + 1);
   5758                     } else {
   5759                         neon_load_reg64(cpu_V0, rn + 1);
   5760                         neon_load_reg64(tmp64, rm);
   5761                     }
   5762                     tcg_gen_shri_i64(cpu_V0, cpu_V0, (imm & 7) * 8);
   5763                     tcg_gen_shli_i64(cpu_V1, tmp64, 64 - ((imm & 7) * 8));
   5764                     tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
   5765                     if (imm < 8) {
   5766                         neon_load_reg64(cpu_V1, rm);
   5767                     } else {
   5768                         neon_load_reg64(cpu_V1, rm + 1);
   5769                         imm -= 8;
   5770                     }
   5771                     tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
   5772                     tcg_gen_shri_i64(tmp64, tmp64, imm * 8);
   5773                     tcg_gen_or_i64(cpu_V1, cpu_V1, tmp64);
   5774                     tcg_temp_free_i64(tmp64);
   5775                 } else {
   5776                     /* BUGFIX */
   5777                     neon_load_reg64(cpu_V0, rn);
   5778                     tcg_gen_shri_i64(cpu_V0, cpu_V0, imm * 8);
   5779                     neon_load_reg64(cpu_V1, rm);
   5780                     tcg_gen_shli_i64(cpu_V1, cpu_V1, 64 - (imm * 8));
   5781                     tcg_gen_or_i64(cpu_V0, cpu_V0, cpu_V1);
   5782                 }
   5783                 neon_store_reg64(cpu_V0, rd);
   5784                 if (q) {
   5785                     neon_store_reg64(cpu_V1, rd + 1);
   5786                 }
   5787             } else if ((insn & (1 << 11)) == 0) {
   5788                 /* Two register misc.  */
   5789                 op = ((insn >> 12) & 0x30) | ((insn >> 7) & 0xf);
   5790                 size = (insn >> 18) & 3;
   5791                 /* UNDEF for unknown op values and bad op-size combinations */
   5792                 if ((neon_2rm_sizes[op] & (1 << size)) == 0) {
   5793                     return 1;
   5794                 }
   5795                 if ((op != NEON_2RM_VMOVN && op != NEON_2RM_VQMOVN) &&
   5796                     q && ((rm | rd) & 1)) {
   5797                     return 1;
   5798                 }
   5799                 switch (op) {
   5800                 case NEON_2RM_VREV64:
   5801                     for (pass = 0; pass < (q ? 2 : 1); pass++) {
   5802                         tmp = neon_load_reg(rm, pass * 2);
   5803                         tmp2 = neon_load_reg(rm, pass * 2 + 1);
   5804                         switch (size) {
   5805                         case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
   5806                         case 1: gen_swap_half(tmp); break;
   5807                         case 2: /* no-op */ break;
   5808                         default: abort();
   5809                         }
   5810                         neon_store_reg(rd, pass * 2 + 1, tmp);
   5811                         if (size == 2) {
   5812                             neon_store_reg(rd, pass * 2, tmp2);
   5813                         } else {
   5814                             switch (size) {
   5815                             case 0: tcg_gen_bswap32_i32(tmp2, tmp2); break;
   5816                             case 1: gen_swap_half(tmp2); break;
   5817                             default: abort();
   5818                             }
   5819                             neon_store_reg(rd, pass * 2, tmp2);
   5820                         }
   5821                     }
   5822                     break;
   5823                 case NEON_2RM_VPADDL: case NEON_2RM_VPADDL_U:
   5824                 case NEON_2RM_VPADAL: case NEON_2RM_VPADAL_U:
   5825                     for (pass = 0; pass < q + 1; pass++) {
   5826                         tmp = neon_load_reg(rm, pass * 2);
   5827                         gen_neon_widen(cpu_V0, tmp, size, op & 1);
   5828                         tmp = neon_load_reg(rm, pass * 2 + 1);
   5829                         gen_neon_widen(cpu_V1, tmp, size, op & 1);
   5830                         switch (size) {
   5831                         case 0: gen_helper_neon_paddl_u16(CPU_V001); break;
   5832                         case 1: gen_helper_neon_paddl_u32(CPU_V001); break;
   5833                         case 2: tcg_gen_add_i64(CPU_V001); break;
   5834                         default: abort();
   5835                         }
   5836                         if (op >= NEON_2RM_VPADAL) {
   5837                             /* Accumulate.  */
   5838                             neon_load_reg64(cpu_V1, rd + pass);
   5839                             gen_neon_addl(size);
   5840                         }
   5841                         neon_store_reg64(cpu_V0, rd + pass);
   5842                     }
   5843                     break;
   5844                 case NEON_2RM_VTRN:
   5845                     if (size == 2) {
   5846                         int n;
   5847                         for (n = 0; n < (q ? 4 : 2); n += 2) {
   5848                             tmp = neon_load_reg(rm, n);
   5849                             tmp2 = neon_load_reg(rd, n + 1);
   5850                             neon_store_reg(rm, n, tmp2);
   5851                             neon_store_reg(rd, n + 1, tmp);
   5852                         }
   5853                     } else {
   5854                         goto elementwise;
   5855                     }
   5856                     break;
   5857                 case NEON_2RM_VUZP:
   5858                     if (gen_neon_unzip(rd, rm, size, q)) {
   5859                         return 1;
   5860                     }
   5861                     break;
   5862                 case NEON_2RM_VZIP:
   5863                     if (gen_neon_zip(rd, rm, size, q)) {
   5864                         return 1;
   5865                     }
   5866                     break;
   5867                 case NEON_2RM_VMOVN: case NEON_2RM_VQMOVN:
   5868                     /* also VQMOVUN; op field and mnemonics don't line up */
   5869                     if (rm & 1) {
   5870                         return 1;
   5871                     }
   5872                     TCGV_UNUSED(tmp2);
   5873                     for (pass = 0; pass < 2; pass++) {
   5874                         neon_load_reg64(cpu_V0, rm + pass);
   5875                         tmp = tcg_temp_new_i32();
   5876                         gen_neon_narrow_op(op == NEON_2RM_VMOVN, q, size,
   5877                                            tmp, cpu_V0);
   5878                         if (pass == 0) {
   5879                             tmp2 = tmp;
   5880                         } else {
   5881                             neon_store_reg(rd, 0, tmp2);
   5882                             neon_store_reg(rd, 1, tmp);
   5883                         }
   5884                     }
   5885                     break;
   5886                 case NEON_2RM_VSHLL:
   5887                     if (q || (rd & 1)) {
   5888                         return 1;
   5889                     }
   5890                     tmp = neon_load_reg(rm, 0);
   5891                     tmp2 = neon_load_reg(rm, 1);
   5892                     for (pass = 0; pass < 2; pass++) {
   5893                         if (pass == 1)
   5894                             tmp = tmp2;
   5895                         gen_neon_widen(cpu_V0, tmp, size, 1);
   5896                         tcg_gen_shli_i64(cpu_V0, cpu_V0, 8 << size);
   5897                         neon_store_reg64(cpu_V0, rd + pass);
   5898                     }
   5899                     break;
   5900                 case NEON_2RM_VCVT_F16_F32:
   5901                     if (!arm_feature(env, ARM_FEATURE_VFP_FP16) ||
   5902                         q || (rm & 1)) {
   5903                         return 1;
   5904                     }
   5905                     tmp = tcg_temp_new_i32();
   5906                     tmp2 = tcg_temp_new_i32();
   5907                     tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 0));
   5908                     gen_helper_neon_fcvt_f32_to_f16(tmp, cpu_F0s, cpu_env);
   5909                     tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 1));
   5910                     gen_helper_neon_fcvt_f32_to_f16(tmp2, cpu_F0s, cpu_env);
   5911                     tcg_gen_shli_i32(tmp2, tmp2, 16);
   5912                     tcg_gen_or_i32(tmp2, tmp2, tmp);
   5913                     tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 2));
   5914                     gen_helper_neon_fcvt_f32_to_f16(tmp, cpu_F0s, cpu_env);
   5915                     tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 3));
   5916                     neon_store_reg(rd, 0, tmp2);
   5917                     tmp2 = tcg_temp_new_i32();
   5918                     gen_helper_neon_fcvt_f32_to_f16(tmp2, cpu_F0s, cpu_env);
   5919                     tcg_gen_shli_i32(tmp2, tmp2, 16);
   5920                     tcg_gen_or_i32(tmp2, tmp2, tmp);
   5921                     neon_store_reg(rd, 1, tmp2);
   5922                     tcg_temp_free_i32(tmp);
   5923                     break;
   5924                 case NEON_2RM_VCVT_F32_F16:
   5925                     if (!arm_feature(env, ARM_FEATURE_VFP_FP16) ||
   5926                         q || (rd & 1)) {
   5927                         return 1;
   5928                     }
   5929                     tmp3 = tcg_temp_new_i32();
   5930                     tmp = neon_load_reg(rm, 0);
   5931                     tmp2 = neon_load_reg(rm, 1);
   5932                     tcg_gen_ext16u_i32(tmp3, tmp);
   5933                     gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
   5934                     tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 0));
   5935                     tcg_gen_shri_i32(tmp3, tmp, 16);
   5936                     gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
   5937                     tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 1));
   5938                     tcg_temp_free_i32(tmp);
   5939                     tcg_gen_ext16u_i32(tmp3, tmp2);
   5940                     gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
   5941                     tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 2));
   5942                     tcg_gen_shri_i32(tmp3, tmp2, 16);
   5943                     gen_helper_neon_fcvt_f16_to_f32(cpu_F0s, tmp3, cpu_env);
   5944                     tcg_gen_st_f32(cpu_F0s, cpu_env, neon_reg_offset(rd, 3));
   5945                     tcg_temp_free_i32(tmp2);
   5946                     tcg_temp_free_i32(tmp3);
   5947                     break;
   5948                 default:
   5949                 elementwise:
   5950                     for (pass = 0; pass < (q ? 4 : 2); pass++) {
   5951                         if (neon_2rm_is_float_op(op)) {
   5952                             tcg_gen_ld_f32(cpu_F0s, cpu_env,
   5953                                            neon_reg_offset(rm, pass));
   5954                             TCGV_UNUSED(tmp);
   5955                         } else {
   5956                             tmp = neon_load_reg(rm, pass);
   5957                         }
   5958                         switch (op) {
   5959                         case NEON_2RM_VREV32:
   5960                             switch (size) {
   5961                             case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
   5962                             case 1: gen_swap_half(tmp); break;
   5963                             default: abort();
   5964                             }
   5965                             break;
   5966                         case NEON_2RM_VREV16:
   5967                             gen_rev16(tmp);
   5968                             break;
   5969                         case NEON_2RM_VCLS:
   5970                             switch (size) {
   5971                             case 0: gen_helper_neon_cls_s8(tmp, tmp); break;
   5972                             case 1: gen_helper_neon_cls_s16(tmp, tmp); break;
   5973                             case 2: gen_helper_neon_cls_s32(tmp, tmp); break;
   5974                             default: abort();
   5975                             }
   5976                             break;
   5977                         case NEON_2RM_VCLZ:
   5978                             switch (size) {
   5979                             case 0: gen_helper_neon_clz_u8(tmp, tmp); break;
   5980                             case 1: gen_helper_neon_clz_u16(tmp, tmp); break;
   5981                             case 2: gen_helper_clz(tmp, tmp); break;
   5982                             default: abort();
   5983                             }
   5984                             break;
   5985                         case NEON_2RM_VCNT:
   5986                             gen_helper_neon_cnt_u8(tmp, tmp);
   5987                             break;
   5988                         case NEON_2RM_VMVN:
   5989                             tcg_gen_not_i32(tmp, tmp);
   5990                             break;
   5991                         case NEON_2RM_VQABS:
   5992                             switch (size) {
   5993                             case 0:
   5994                                 gen_helper_neon_qabs_s8(tmp, cpu_env, tmp);
   5995                                 break;
   5996                             case 1:
   5997                                 gen_helper_neon_qabs_s16(tmp, cpu_env, tmp);
   5998                                 break;
   5999                             case 2:
   6000                                 gen_helper_neon_qabs_s32(tmp, cpu_env, tmp);
   6001                                 break;
   6002                             default: abort();
   6003                             }
   6004                             break;
   6005                         case NEON_2RM_VQNEG:
   6006                             switch (size) {
   6007                             case 0:
   6008                                 gen_helper_neon_qneg_s8(tmp, cpu_env, tmp);
   6009                                 break;
   6010                             case 1:
   6011                                 gen_helper_neon_qneg_s16(tmp, cpu_env, tmp);
   6012                                 break;
   6013                             case 2:
   6014                                 gen_helper_neon_qneg_s32(tmp, cpu_env, tmp);
   6015                                 break;
   6016                             default: abort();
   6017                             }
   6018                             break;
   6019                         case NEON_2RM_VCGT0: case NEON_2RM_VCLE0:
   6020                             tmp2 = tcg_const_i32(0);
   6021                             switch(size) {
   6022                             case 0: gen_helper_neon_cgt_s8(tmp, tmp, tmp2); break;
   6023                             case 1: gen_helper_neon_cgt_s16(tmp, tmp, tmp2); break;
   6024                             case 2: gen_helper_neon_cgt_s32(tmp, tmp, tmp2); break;
   6025                             default: abort();
   6026                             }
   6027                             tcg_temp_free(tmp2);
   6028                             if (op == NEON_2RM_VCLE0) {
   6029                                 tcg_gen_not_i32(tmp, tmp);
   6030                             }
   6031                             break;
   6032                         case NEON_2RM_VCGE0: case NEON_2RM_VCLT0:
   6033                             tmp2 = tcg_const_i32(0);
   6034                             switch(size) {
   6035                             case 0: gen_helper_neon_cge_s8(tmp, tmp, tmp2); break;
   6036                             case 1: gen_helper_neon_cge_s16(tmp, tmp, tmp2); break;
   6037                             case 2: gen_helper_neon_cge_s32(tmp, tmp, tmp2); break;
   6038                             default: abort();
   6039                             }
   6040                             tcg_temp_free(tmp2);
   6041                             if (op == NEON_2RM_VCLT0) {
   6042                                 tcg_gen_not_i32(tmp, tmp);
   6043                             }
   6044                             break;
   6045                         case NEON_2RM_VCEQ0:
   6046                             tmp2 = tcg_const_i32(0);
   6047                             switch(size) {
   6048                             case 0: gen_helper_neon_ceq_u8(tmp, tmp, tmp2); break;
   6049                             case 1: gen_helper_neon_ceq_u16(tmp, tmp, tmp2); break;
   6050                             case 2: gen_helper_neon_ceq_u32(tmp, tmp, tmp2); break;
   6051                             default: abort();
   6052                             }
   6053                             tcg_temp_free(tmp2);
   6054                             break;
   6055                         case NEON_2RM_VABS:
   6056                             switch(size) {
   6057                             case 0: gen_helper_neon_abs_s8(tmp, tmp); break;
   6058                             case 1: gen_helper_neon_abs_s16(tmp, tmp); break;
   6059                             case 2: tcg_gen_abs_i32(tmp, tmp); break;
   6060                             default: abort();
   6061                             }
   6062                             break;
   6063                         case NEON_2RM_VNEG:
   6064                             tmp2 = tcg_const_i32(0);
   6065                             gen_neon_rsb(size, tmp, tmp2);
   6066                             tcg_temp_free(tmp2);
   6067                             break;
   6068                         case NEON_2RM_VCGT0_F:
   6069                         {
   6070                             TCGv_ptr fpstatus = get_fpstatus_ptr(1);
   6071                             tmp2 = tcg_const_i32(0);
   6072                             gen_helper_neon_cgt_f32(tmp, tmp, tmp2, fpstatus);
   6073                             tcg_temp_free(tmp2);
   6074                             break;
   6075                         }
   6076                         case NEON_2RM_VCGE0_F:
   6077                         {
   6078                             TCGv_ptr fpstatus = get_fpstatus_ptr(1);
   6079                             tmp2 = tcg_const_i32(0);
   6080                             gen_helper_neon_cge_f32(tmp, tmp, tmp2, fpstatus);
   6081                             tcg_temp_free(tmp2);
   6082                             tcg_temp_free_ptr(fpstatus);
   6083                             break;
   6084                         }
   6085                         case NEON_2RM_VCEQ0_F:
   6086                         {
   6087                             TCGv_ptr fpstatus = get_fpstatus_ptr(1);
   6088                             tmp2 = tcg_const_i32(0);
   6089                             gen_helper_neon_ceq_f32(tmp, tmp, tmp2, fpstatus);
   6090                             tcg_temp_free(tmp2);
   6091                             tcg_temp_free_ptr(fpstatus);
   6092                             break;
   6093                         }
   6094                         case NEON_2RM_VCLE0_F:
   6095                         {
   6096                             TCGv_ptr fpstatus = get_fpstatus_ptr(1);
   6097                             tmp2 = tcg_const_i32(0);
   6098                             gen_helper_neon_cge_f32(tmp, tmp2, tmp, fpstatus);
   6099                             tcg_temp_free(tmp2);
   6100                             tcg_temp_free_ptr(fpstatus);
   6101                             break;
   6102                         }
   6103                         case NEON_2RM_VCLT0_F:
   6104                         {
   6105                             TCGv_ptr fpstatus = get_fpstatus_ptr(1);
   6106                             tmp2 = tcg_const_i32(0);
   6107                             gen_helper_neon_cgt_f32(tmp, tmp2, tmp, fpstatus);
   6108                             tcg_temp_free(tmp2);
   6109                             tcg_temp_free_ptr(fpstatus);
   6110                             break;
   6111                         }
   6112                         case NEON_2RM_VABS_F:
   6113                             gen_vfp_abs(0);
   6114                             break;
   6115                         case NEON_2RM_VNEG_F:
   6116                             gen_vfp_neg(0);
   6117                             break;
   6118                         case NEON_2RM_VSWP:
   6119                             tmp2 = neon_load_reg(rd, pass);
   6120                             neon_store_reg(rm, pass, tmp2);
   6121                             break;
   6122                         case NEON_2RM_VTRN:
   6123                             tmp2 = neon_load_reg(rd, pass);
   6124                             switch (size) {
   6125                             case 0: gen_neon_trn_u8(tmp, tmp2); break;
   6126                             case 1: gen_neon_trn_u16(tmp, tmp2); break;
   6127                             default: abort();
   6128                             }
   6129                             neon_store_reg(rm, pass, tmp2);
   6130                             break;
   6131                         case NEON_2RM_VRECPE:
   6132                             gen_helper_recpe_u32(tmp, tmp, cpu_env);
   6133                             break;
   6134                         case NEON_2RM_VRSQRTE:
   6135                             gen_helper_rsqrte_u32(tmp, tmp, cpu_env);
   6136                             break;
   6137                         case NEON_2RM_VRECPE_F:
   6138                             gen_helper_recpe_f32(cpu_F0s, cpu_F0s, cpu_env);
   6139                             break;
   6140                         case NEON_2RM_VRSQRTE_F:
   6141                             gen_helper_rsqrte_f32(cpu_F0s, cpu_F0s, cpu_env);
   6142                             break;
   6143                         case NEON_2RM_VCVT_FS: /* VCVT.F32.S32 */
   6144                             gen_vfp_sito(0, 1);
   6145                             break;
   6146                         case NEON_2RM_VCVT_FU: /* VCVT.F32.U32 */
   6147                             gen_vfp_uito(0, 1);
   6148                             break;
   6149                         case NEON_2RM_VCVT_SF: /* VCVT.S32.F32 */
   6150                             gen_vfp_tosiz(0, 1);
   6151                             break;
   6152                         case NEON_2RM_VCVT_UF: /* VCVT.U32.F32 */
   6153                             gen_vfp_touiz(0, 1);
   6154                             break;
   6155                         default:
   6156                             /* Reserved op values were caught by the
   6157                              * neon_2rm_sizes[] check earlier.
   6158                              */
   6159                             abort();
   6160                         }
   6161                         if (neon_2rm_is_float_op(op)) {
   6162                             tcg_gen_st_f32(cpu_F0s, cpu_env,
   6163                                            neon_reg_offset(rd, pass));
   6164                         } else {
   6165                             neon_store_reg(rd, pass, tmp);
   6166                         }
   6167                     }
   6168                     break;
   6169                 }
   6170             } else if ((insn & (1 << 10)) == 0) {
   6171                 /* VTBL, VTBX.  */
   6172                 int n = ((insn >> 8) & 3) + 1;
   6173                 if ((rn + n) > 32) {
   6174                     /* This is UNPREDICTABLE; we choose to UNDEF to avoid the
   6175                      * helper function running off the end of the register file.
   6176                      */
   6177                     return 1;
   6178                 }
   6179                 n <<= 3;
   6180                 if (insn & (1 << 6)) {
   6181                     tmp = neon_load_reg(rd, 0);
   6182                 } else {
   6183                     tmp = tcg_temp_new_i32();
   6184                     tcg_gen_movi_i32(tmp, 0);
   6185                 }
   6186                 tmp2 = neon_load_reg(rm, 0);
   6187                 tmp4 = tcg_const_i32(rn);
   6188                 tmp5 = tcg_const_i32(n);
   6189                 gen_helper_neon_tbl(tmp2, cpu_env, tmp2, tmp, tmp4, tmp5);
   6190                 tcg_temp_free_i32(tmp);
   6191                 if (insn & (1 << 6)) {
   6192                     tmp = neon_load_reg(rd, 1);
   6193                 } else {
   6194                     tmp = tcg_temp_new_i32();
   6195                     tcg_gen_movi_i32(tmp, 0);
   6196                 }
   6197                 tmp3 = neon_load_reg(rm, 1);
   6198                 gen_helper_neon_tbl(tmp3, cpu_env, tmp3, tmp, tmp4, tmp5);
   6199                 tcg_temp_free_i32(tmp5);
   6200                 tcg_temp_free_i32(tmp4);
   6201                 neon_store_reg(rd, 0, tmp2);
   6202                 neon_store_reg(rd, 1, tmp3);
   6203                 tcg_temp_free_i32(tmp);
   6204             } else if ((insn & 0x380) == 0) {
   6205                 /* VDUP */
   6206                 if ((insn & (7 << 16)) == 0 || (q && (rd & 1))) {
   6207                     return 1;
   6208                 }
   6209                 if (insn & (1 << 19)) {
   6210                     tmp = neon_load_reg(rm, 1);
   6211                 } else {
   6212                     tmp = neon_load_reg(rm, 0);
   6213                 }
   6214                 if (insn & (1 << 16)) {
   6215                     gen_neon_dup_u8(tmp, ((insn >> 17) & 3) * 8);
   6216                 } else if (insn & (1 << 17)) {
   6217                     if ((insn >> 18) & 1)
   6218                         gen_neon_dup_high16(tmp);
   6219                     else
   6220                         gen_neon_dup_low16(tmp);
   6221                 }
   6222                 for (pass = 0; pass < (q ? 4 : 2); pass++) {
   6223                     tmp2 = tcg_temp_new_i32();
   6224                     tcg_gen_mov_i32(tmp2, tmp);
   6225                     neon_store_reg(rd, pass, tmp2);
   6226                 }
   6227                 tcg_temp_free_i32(tmp);
   6228             } else {
   6229                 return 1;
   6230             }
   6231         }
   6232     }
   6233     return 0;
   6234 }
   6235 
   6236 static int disas_cp14_read(CPUARMState * env, DisasContext *s, uint32_t insn)
   6237 {
   6238     int crn = (insn >> 16) & 0xf;
   6239     int crm = insn & 0xf;
   6240     int op1 = (insn >> 21) & 7;
   6241     int op2 = (insn >> 5) & 7;
   6242     int rt = (insn >> 12) & 0xf;
   6243     TCGv tmp;
   6244 
   6245     /* Minimal set of debug registers, since we don't support debug */
   6246     if (op1 == 0 && crn == 0 && op2 == 0) {
   6247         switch (crm) {
   6248         case 0:
   6249             /* DBGDIDR: just RAZ. In particular this means the
   6250              * "debug architecture version" bits will read as
   6251              * a reserved value, which should cause Linux to
   6252              * not try to use the debug hardware.
   6253              */
   6254             tmp = tcg_const_i32(0);
   6255             store_reg(s, rt, tmp);
   6256             return 0;
   6257         case 1:
   6258         case 2:
   6259             /* DBGDRAR and DBGDSAR: v7 only. Always RAZ since we
   6260              * don't implement memory mapped debug components
   6261              */
   6262             if (ENABLE_ARCH_7) {
   6263                 tmp = tcg_const_i32(0);
   6264                 store_reg(s, rt, tmp);
   6265                 return 0;
   6266             }
   6267             break;
   6268         default:
   6269             break;
   6270         }
   6271     }
   6272 
   6273     if (arm_feature(env, ARM_FEATURE_THUMB2EE)) {
   6274         if (op1 == 6 && crn == 0 && crm == 0 && op2 == 0) {
   6275             /* TEECR */
   6276             if (IS_USER(s))
   6277                 return 1;
   6278             tmp = load_cpu_field(teecr);
   6279             store_reg(s, rt, tmp);
   6280             return 0;
   6281         }
   6282         if (op1 == 6 && crn == 1 && crm == 0 && op2 == 0) {
   6283             /* TEEHBR */
   6284             if (IS_USER(s) && (env->teecr & 1))
   6285                 return 1;
   6286             tmp = load_cpu_field(teehbr);
   6287             store_reg(s, rt, tmp);
   6288             return 0;
   6289         }
   6290     }
   6291     fprintf(stderr, "Unknown cp14 read op1:%d crn:%d crm:%d op2:%d\n",
   6292             op1, crn, crm, op2);
   6293     return 1;
   6294 }
   6295 
   6296 static int disas_cp14_write(CPUARMState * env, DisasContext *s, uint32_t insn)
   6297 {
   6298     int crn = (insn >> 16) & 0xf;
   6299     int crm = insn & 0xf;
   6300     int op1 = (insn >> 21) & 7;
   6301     int op2 = (insn >> 5) & 7;
   6302     int rt = (insn >> 12) & 0xf;
   6303     TCGv tmp;
   6304 
   6305     /* Minimal set of debug registers, since we don't support debug */
   6306     if (op1 == 0 && crn == 0 && op2 == 0) {
   6307         switch (crm) {
   6308         case 0:
   6309             /* DBGDIDR */
   6310             tmp = load_cpu_field(cp14_dbgdidr);
   6311             store_reg(s, rt, tmp);
   6312             return 0;
   6313         case 1:
   6314         case 2:
   6315             /* DBGDRAR and DBGDSAR: v7 only. Always RAZ since we
   6316              * don't implement memory mapped debug components
   6317              */
   6318             if (ENABLE_ARCH_7) {
   6319                 tmp = tcg_const_i32(0);
   6320                 store_reg(s, rt, tmp);
   6321                 return 0;
   6322             }
   6323             break;
   6324         default:
   6325             break;
   6326         }
   6327     }
   6328 
   6329     if (arm_feature(env, ARM_FEATURE_THUMB2EE)) {
   6330         if (op1 == 6 && crn == 0 && crm == 0 && op2 == 0) {
   6331             /* TEECR */
   6332             if (IS_USER(s))
   6333                 return 1;
   6334             tmp = load_reg(s, rt);
   6335             gen_helper_set_teecr(cpu_env, tmp);
   6336             tcg_temp_free_i32(tmp);
   6337             return 0;
   6338         }
   6339         if (op1 == 6 && crn == 1 && crm == 0 && op2 == 0) {
   6340             /* TEEHBR */
   6341             if (IS_USER(s) && (env->teecr & 1))
   6342                 return 1;
   6343             tmp = load_reg(s, rt);
   6344             store_cpu_field(tmp, teehbr);
   6345             return 0;
   6346         }
   6347     }
   6348     fprintf(stderr, "Unknown cp14 write op1:%d crn:%d crm:%d op2:%d\n",
   6349             op1, crn, crm, op2);
   6350     return 1;
   6351 }
   6352 
   6353 static int disas_coproc_insn(CPUARMState * env, DisasContext *s, uint32_t insn)
   6354 {
   6355     int cpnum;
   6356 
   6357     cpnum = (insn >> 8) & 0xf;
   6358     if (arm_feature(env, ARM_FEATURE_XSCALE)
   6359 	    && ((env->cp15.c15_cpar ^ 0x3fff) & (1 << cpnum)))
   6360 	return 1;
   6361 
   6362     switch (cpnum) {
   6363       case 0:
   6364       case 1:
   6365 	if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
   6366 	    return disas_iwmmxt_insn(env, s, insn);
   6367 	} else if (arm_feature(env, ARM_FEATURE_XSCALE)) {
   6368 	    return disas_dsp_insn(env, s, insn);
   6369 	}
   6370 	goto board;
   6371     case 10:
   6372     case 11:
   6373 	return disas_vfp_insn (env, s, insn);
   6374     case 14:
   6375         /* Coprocessors 7-15 are architecturally reserved by ARM.
   6376            Unfortunately Intel decided to ignore this.  */
   6377         if (arm_feature(env, ARM_FEATURE_XSCALE))
   6378             goto board;
   6379         if (insn & (1 << 20))
   6380             return disas_cp14_read(env, s, insn);
   6381         else
   6382             return disas_cp14_write(env, s, insn);
   6383     case 15:
   6384 	return disas_cp15_insn (env, s, insn);
   6385     default:
   6386     board:
   6387 	/* Unknown coprocessor.  See if the board has hooked it.  */
   6388 	return disas_cp_insn (env, s, insn);
   6389     }
   6390 }
   6391 
   6392 
   6393 /* Store a 64-bit value to a register pair.  Clobbers val.  */
   6394 static void gen_storeq_reg(DisasContext *s, int rlow, int rhigh, TCGv_i64 val)
   6395 {
   6396     TCGv tmp;
   6397     tmp = tcg_temp_new_i32();
   6398     tcg_gen_trunc_i64_i32(tmp, val);
   6399     store_reg(s, rlow, tmp);
   6400     tmp = tcg_temp_new_i32();
   6401     tcg_gen_shri_i64(val, val, 32);
   6402     tcg_gen_trunc_i64_i32(tmp, val);
   6403     store_reg(s, rhigh, tmp);
   6404 }
   6405 
   6406 /* load a 32-bit value from a register and perform a 64-bit accumulate.  */
   6407 static void gen_addq_lo(DisasContext *s, TCGv_i64 val, int rlow)
   6408 {
   6409     TCGv_i64 tmp;
   6410     TCGv tmp2;
   6411 
   6412     /* Load value and extend to 64 bits.  */
   6413     tmp = tcg_temp_new_i64();
   6414     tmp2 = load_reg(s, rlow);
   6415     tcg_gen_extu_i32_i64(tmp, tmp2);
   6416     tcg_temp_free_i32(tmp2);
   6417     tcg_gen_add_i64(val, val, tmp);
   6418     tcg_temp_free_i64(tmp);
   6419 }
   6420 
   6421 /* load and add a 64-bit value from a register pair.  */
   6422 static void gen_addq(DisasContext *s, TCGv_i64 val, int rlow, int rhigh)
   6423 {
   6424     TCGv_i64 tmp;
   6425     TCGv tmpl;
   6426     TCGv tmph;
   6427 
   6428     /* Load 64-bit value rd:rn.  */
   6429     tmpl = load_reg(s, rlow);
   6430     tmph = load_reg(s, rhigh);
   6431     tmp = tcg_temp_new_i64();
   6432     tcg_gen_concat_i32_i64(tmp, tmpl, tmph);
   6433     tcg_temp_free_i32(tmpl);
   6434     tcg_temp_free_i32(tmph);
   6435     tcg_gen_add_i64(val, val, tmp);
   6436     tcg_temp_free_i64(tmp);
   6437 }
   6438 
   6439 /* Set N and Z flags from a 64-bit value.  */
   6440 static void gen_logicq_cc(TCGv_i64 val)
   6441 {
   6442     TCGv tmp = tcg_temp_new_i32();
   6443     gen_helper_logicq_cc(tmp, val);
   6444     gen_logic_CC(tmp);
   6445     tcg_temp_free_i32(tmp);
   6446 }
   6447 
   6448 /* Load/Store exclusive instructions are implemented by remembering
   6449    the value/address loaded, and seeing if these are the same
   6450    when the store is performed. This should be is sufficient to implement
   6451    the architecturally mandated semantics, and avoids having to monitor
   6452    regular stores.
   6453 
   6454    In system emulation mode only one CPU will be running at once, so
   6455    this sequence is effectively atomic.  In user emulation mode we
   6456    throw an exception and handle the atomic operation elsewhere.  */
   6457 static void gen_load_exclusive(DisasContext *s, int rt, int rt2,
   6458                                TCGv addr, int size)
   6459 {
   6460     TCGv tmp;
   6461 
   6462     switch (size) {
   6463     case 0:
   6464         tmp = gen_ld8u(addr, IS_USER(s));
   6465         break;
   6466     case 1:
   6467         tmp = gen_ld16u(addr, IS_USER(s));
   6468         break;
   6469     case 2:
   6470     case 3:
   6471         tmp = gen_ld32(addr, IS_USER(s));
   6472         break;
   6473     default:
   6474         abort();
   6475     }
   6476     tcg_gen_mov_i32(cpu_exclusive_val, tmp);
   6477     store_reg(s, rt, tmp);
   6478     if (size == 3) {
   6479         TCGv tmp2 = tcg_temp_new_i32();
   6480         tcg_gen_addi_i32(tmp2, addr, 4);
   6481         tmp = gen_ld32(tmp2, IS_USER(s));
   6482         tcg_temp_free_i32(tmp2);
   6483         tcg_gen_mov_i32(cpu_exclusive_high, tmp);
   6484         store_reg(s, rt2, tmp);
   6485     }
   6486     tcg_gen_mov_i32(cpu_exclusive_addr, addr);
   6487 }
   6488 
   6489 static void gen_clrex(DisasContext *s)
   6490 {
   6491     tcg_gen_movi_i32(cpu_exclusive_addr, -1);
   6492 }
   6493 
   6494 #ifdef CONFIG_USER_ONLY
   6495 static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
   6496                                 TCGv addr, int size)
   6497 {
   6498     tcg_gen_mov_i32(cpu_exclusive_test, addr);
   6499     tcg_gen_movi_i32(cpu_exclusive_info,
   6500                      size | (rd << 4) | (rt << 8) | (rt2 << 12));
   6501     gen_exception_insn(s, 4, EXCP_STREX);
   6502 }
   6503 #else
   6504 static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2,
   6505                                 TCGv addr, int size)
   6506 {
   6507     TCGv tmp;
   6508     int done_label;
   6509     int fail_label;
   6510 
   6511     /* if (env->exclusive_addr == addr && env->exclusive_val == [addr]) {
   6512          [addr] = {Rt};
   6513          {Rd} = 0;
   6514        } else {
   6515          {Rd} = 1;
   6516        } */
   6517     fail_label = gen_new_label();
   6518     done_label = gen_new_label();
   6519     tcg_gen_brcond_i32(TCG_COND_NE, addr, cpu_exclusive_addr, fail_label);
   6520     switch (size) {
   6521     case 0:
   6522         tmp = gen_ld8u(addr, IS_USER(s));
   6523         break;
   6524     case 1:
   6525         tmp = gen_ld16u(addr, IS_USER(s));
   6526         break;
   6527     case 2:
   6528     case 3:
   6529         tmp = gen_ld32(addr, IS_USER(s));
   6530         break;
   6531     default:
   6532         abort();
   6533     }
   6534     tcg_gen_brcond_i32(TCG_COND_NE, tmp, cpu_exclusive_val, fail_label);
   6535     tcg_temp_free_i32(tmp);
   6536     if (size == 3) {
   6537         TCGv tmp2 = tcg_temp_new_i32();
   6538         tcg_gen_addi_i32(tmp2, addr, 4);
   6539         tmp = gen_ld32(tmp2, IS_USER(s));
   6540         tcg_temp_free_i32(tmp2);
   6541         tcg_gen_brcond_i32(TCG_COND_NE, tmp, cpu_exclusive_high, fail_label);
   6542         tcg_temp_free_i32(tmp);
   6543     }
   6544     tmp = load_reg(s, rt);
   6545     switch (size) {
   6546     case 0:
   6547         gen_st8(tmp, addr, IS_USER(s));
   6548         break;
   6549     case 1:
   6550         gen_st16(tmp, addr, IS_USER(s));
   6551         break;
   6552     case 2:
   6553     case 3:
   6554         gen_st32(tmp, addr, IS_USER(s));
   6555         break;
   6556     default:
   6557         abort();
   6558     }
   6559     if (size == 3) {
   6560         tcg_gen_addi_i32(addr, addr, 4);
   6561         tmp = load_reg(s, rt2);
   6562         gen_st32(tmp, addr, IS_USER(s));
   6563     }
   6564     tcg_gen_movi_i32(cpu_R[rd], 0);
   6565     tcg_gen_br(done_label);
   6566     gen_set_label(fail_label);
   6567     tcg_gen_movi_i32(cpu_R[rd], 1);
   6568     gen_set_label(done_label);
   6569     tcg_gen_movi_i32(cpu_exclusive_addr, -1);
   6570 }
   6571 #endif
   6572 
   6573 static void disas_arm_insn(CPUARMState * env, DisasContext *s)
   6574 {
   6575     unsigned int cond, insn, val, op1, i, shift, rm, rs, rn, rd, sh;
   6576     TCGv tmp;
   6577     TCGv tmp2;
   6578     TCGv tmp3;
   6579     TCGv addr;
   6580     TCGv_i64 tmp64;
   6581 
   6582     insn = cpu_ldl_code(env, s->pc);
   6583 
   6584     s->pc += 4;
   6585 
   6586     /* M variants do not implement ARM mode.  */
   6587     if (IS_M(env))
   6588         goto illegal_op;
   6589     cond = insn >> 28;
   6590     if (cond == 0xf){
   6591         /* In ARMv3 and v4 the NV condition is UNPREDICTABLE; we
   6592          * choose to UNDEF. In ARMv5 and above the space is used
   6593          * for miscellaneous unconditional instructions.
   6594          */
   6595         ARCH(5);
   6596 
   6597         /* Unconditional instructions.  */
   6598         if (((insn >> 25) & 7) == 1) {
   6599             /* NEON Data processing.  */
   6600             if (!arm_feature(env, ARM_FEATURE_NEON))
   6601                 goto illegal_op;
   6602 
   6603             if (disas_neon_data_insn(env, s, insn))
   6604                 goto illegal_op;
   6605             return;
   6606         }
   6607         if ((insn & 0x0f100000) == 0x04000000) {
   6608             /* NEON load/store.  */
   6609             if (!arm_feature(env, ARM_FEATURE_NEON))
   6610                 goto illegal_op;
   6611 
   6612             if (disas_neon_ls_insn(env, s, insn))
   6613                 goto illegal_op;
   6614             return;
   6615         }
   6616         if (((insn & 0x0f30f000) == 0x0510f000) ||
   6617             ((insn & 0x0f30f010) == 0x0710f000)) {
   6618             if ((insn & (1 << 22)) == 0) {
   6619                 /* PLDW; v7MP */
   6620                 if (!arm_feature(env, ARM_FEATURE_V7MP)) {
   6621                     goto illegal_op;
   6622                 }
   6623             }
   6624             /* Otherwise PLD; v5TE+ */
   6625             ARCH(5TE);
   6626             return;
   6627         }
   6628         if (((insn & 0x0f70f000) == 0x0450f000) ||
   6629             ((insn & 0x0f70f010) == 0x0650f000)) {
   6630             ARCH(7);
   6631             return; /* PLI; V7 */
   6632         }
   6633         if (((insn & 0x0f700000) == 0x04100000) ||
   6634             ((insn & 0x0f700010) == 0x06100000)) {
   6635             if (!arm_feature(env, ARM_FEATURE_V7MP)) {
   6636                 goto illegal_op;
   6637             }
   6638             return; /* v7MP: Unallocated memory hint: must NOP */
   6639         }
   6640 
   6641         if ((insn & 0x0ffffdff) == 0x01010000) {
   6642             ARCH(6);
   6643             /* setend */
   6644             if (insn & (1 << 9)) {
   6645                 /* BE8 mode not implemented.  */
   6646                 goto illegal_op;
   6647             }
   6648             return;
   6649         } else if ((insn & 0x0fffff00) == 0x057ff000) {
   6650             switch ((insn >> 4) & 0xf) {
   6651             case 1: /* clrex */
   6652                 ARCH(6K);
   6653                 gen_clrex(s);
   6654                 return;
   6655             case 4: /* dsb */
   6656             case 5: /* dmb */
   6657             case 6: /* isb */
   6658                 ARCH(7);
   6659                 /* We don't emulate caches so these are a no-op.  */
   6660                 return;
   6661             default:
   6662                 goto illegal_op;
   6663             }
   6664         } else if ((insn & 0x0e5fffe0) == 0x084d0500) {
   6665             /* srs */
   6666             int32_t offset;
   6667             if (IS_USER(s))
   6668                 goto illegal_op;
   6669             ARCH(6);
   6670             op1 = (insn & 0x1f);
   6671             addr = tcg_temp_new_i32();
   6672             tmp = tcg_const_i32(op1);
   6673             gen_helper_get_r13_banked(addr, cpu_env, tmp);
   6674             tcg_temp_free_i32(tmp);
   6675             i = (insn >> 23) & 3;
   6676             switch (i) {
   6677             case 0: offset = -4; break; /* DA */
   6678             case 1: offset = 0; break; /* IA */
   6679             case 2: offset = -8; break; /* DB */
   6680             case 3: offset = 4; break; /* IB */
   6681             default: abort();
   6682             }
   6683             if (offset)
   6684                 tcg_gen_addi_i32(addr, addr, offset);
   6685             tmp = load_reg(s, 14);
   6686             gen_st32(tmp, addr, 0);
   6687             tmp = load_cpu_field(spsr);
   6688             tcg_gen_addi_i32(addr, addr, 4);
   6689             gen_st32(tmp, addr, 0);
   6690             if (insn & (1 << 21)) {
   6691                 /* Base writeback.  */
   6692                 switch (i) {
   6693                 case 0: offset = -8; break;
   6694                 case 1: offset = 4; break;
   6695                 case 2: offset = -4; break;
   6696                 case 3: offset = 0; break;
   6697                 default: abort();
   6698                 }
   6699                 if (offset)
   6700                     tcg_gen_addi_i32(addr, addr, offset);
   6701                 tmp = tcg_const_i32(op1);
   6702                 gen_helper_set_r13_banked(cpu_env, tmp, addr);
   6703                 tcg_temp_free_i32(tmp);
   6704                 tcg_temp_free_i32(addr);
   6705             } else {
   6706                 tcg_temp_free_i32(addr);
   6707             }
   6708             return;
   6709         } else if ((insn & 0x0e50ffe0) == 0x08100a00) {
   6710             /* rfe */
   6711             int32_t offset;
   6712             if (IS_USER(s))
   6713                 goto illegal_op;
   6714             ARCH(6);
   6715             rn = (insn >> 16) & 0xf;
   6716             addr = load_reg(s, rn);
   6717             i = (insn >> 23) & 3;
   6718             switch (i) {
   6719             case 0: offset = -4; break; /* DA */
   6720             case 1: offset = 0; break; /* IA */
   6721             case 2: offset = -8; break; /* DB */
   6722             case 3: offset = 4; break; /* IB */
   6723             default: abort();
   6724             }
   6725             if (offset)
   6726                 tcg_gen_addi_i32(addr, addr, offset);
   6727             /* Load PC into tmp and CPSR into tmp2.  */
   6728             tmp = gen_ld32(addr, 0);
   6729             tcg_gen_addi_i32(addr, addr, 4);
   6730             tmp2 = gen_ld32(addr, 0);
   6731             if (insn & (1 << 21)) {
   6732                 /* Base writeback.  */
   6733                 switch (i) {
   6734                 case 0: offset = -8; break;
   6735                 case 1: offset = 4; break;
   6736                 case 2: offset = -4; break;
   6737                 case 3: offset = 0; break;
   6738                 default: abort();
   6739                 }
   6740                 if (offset)
   6741                     tcg_gen_addi_i32(addr, addr, offset);
   6742                 store_reg(s, rn, addr);
   6743             } else {
   6744                 tcg_temp_free_i32(addr);
   6745             }
   6746             gen_rfe(s, tmp, tmp2);
   6747             return;
   6748         } else if ((insn & 0x0e000000) == 0x0a000000) {
   6749             /* branch link and change to thumb (blx <offset>) */
   6750             int32_t offset;
   6751 
   6752             val = (uint32_t)s->pc;
   6753             tmp = tcg_temp_new_i32();
   6754             tcg_gen_movi_i32(tmp, val);
   6755             store_reg(s, 14, tmp);
   6756             /* Sign-extend the 24-bit offset */
   6757             offset = (((int32_t)insn) << 8) >> 8;
   6758             /* offset * 4 + bit24 * 2 + (thumb bit) */
   6759             val += (offset << 2) | ((insn >> 23) & 2) | 1;
   6760             /* pipeline offset */
   6761             val += 4;
   6762             /* protected by ARCH(5); above, near the start of uncond block */
   6763             gen_bx_im(s, val);
   6764             return;
   6765         } else if ((insn & 0x0e000f00) == 0x0c000100) {
   6766             if (arm_feature(env, ARM_FEATURE_IWMMXT)) {
   6767                 /* iWMMXt register transfer.  */
   6768                 if (env->cp15.c15_cpar & (1 << 1))
   6769                     if (!disas_iwmmxt_insn(env, s, insn))
   6770                         return;
   6771             }
   6772         } else if ((insn & 0x0fe00000) == 0x0c400000) {
   6773             /* Coprocessor double register transfer.  */
   6774             ARCH(5TE);
   6775         } else if ((insn & 0x0f000010) == 0x0e000010) {
   6776             /* Additional coprocessor register transfer.  */
   6777             if (!disas_coproc_insn(env, s, insn)) {
   6778                 return;
   6779             }
   6780         } else if ((insn & 0x0ff10020) == 0x01000000) {
   6781             uint32_t mask;
   6782             uint32_t val;
   6783             /* cps (privileged) */
   6784             if (IS_USER(s))
   6785                 return;
   6786             mask = val = 0;
   6787             if (insn & (1 << 19)) {
   6788                 if (insn & (1 << 8))
   6789                     mask |= CPSR_A;
   6790                 if (insn & (1 << 7))
   6791                     mask |= CPSR_I;
   6792                 if (insn & (1 << 6))
   6793                     mask |= CPSR_F;
   6794                 if (insn & (1 << 18))
   6795                     val |= mask;
   6796             }
   6797             if (insn & (1 << 17)) {
   6798                 mask |= CPSR_M;
   6799                 val |= (insn & 0x1f);
   6800             }
   6801             if (mask) {
   6802                 gen_set_psr_im(s, mask, 0, val);
   6803             }
   6804             return;
   6805         }
   6806         goto illegal_op;
   6807     }
   6808     if (cond != 0xe) {
   6809         /* if not always execute, we generate a conditional jump to
   6810            next instruction */
   6811         s->condlabel = gen_new_label();
   6812         gen_test_cc(cond ^ 1, s->condlabel);
   6813         s->condjmp = 1;
   6814     }
   6815     if ((insn & 0x0f900000) == 0x03000000) {
   6816         if ((insn & (1 << 21)) == 0) {
   6817             ARCH(6T2);
   6818             rd = (insn >> 12) & 0xf;
   6819             val = ((insn >> 4) & 0xf000) | (insn & 0xfff);
   6820             if ((insn & (1 << 22)) == 0) {
   6821                 /* MOVW */
   6822                 tmp = tcg_temp_new_i32();
   6823                 tcg_gen_movi_i32(tmp, val);
   6824             } else {
   6825                 /* MOVT */
   6826                 tmp = load_reg(s, rd);
   6827                 tcg_gen_ext16u_i32(tmp, tmp);
   6828                 tcg_gen_ori_i32(tmp, tmp, val << 16);
   6829             }
   6830             store_reg(s, rd, tmp);
   6831         } else {
   6832             if (((insn >> 12) & 0xf) != 0xf)
   6833                 goto illegal_op;
   6834             if (((insn >> 16) & 0xf) == 0) {
   6835                 gen_nop_hint(s, insn & 0xff);
   6836             } else {
   6837                 /* CPSR = immediate */
   6838                 val = insn & 0xff;
   6839                 shift = ((insn >> 8) & 0xf) * 2;
   6840                 if (shift)
   6841                     val = (val >> shift) | (val << (32 - shift));
   6842                 i = ((insn & (1 << 22)) != 0);
   6843                 if (gen_set_psr_im(s, msr_mask(env, s, (insn >> 16) & 0xf, i), i, val))
   6844                     goto illegal_op;
   6845             }
   6846         }
   6847     } else if ((insn & 0x0f900000) == 0x01000000
   6848                && (insn & 0x00000090) != 0x00000090) {
   6849         /* miscellaneous instructions */
   6850         op1 = (insn >> 21) & 3;
   6851         sh = (insn >> 4) & 0xf;
   6852         rm = insn & 0xf;
   6853         switch (sh) {
   6854         case 0x0: /* move program status register */
   6855             if (op1 & 1) {
   6856                 /* PSR = reg */
   6857                 tmp = load_reg(s, rm);
   6858                 i = ((op1 & 2) != 0);
   6859                 if (gen_set_psr(s, msr_mask(env, s, (insn >> 16) & 0xf, i), i, tmp))
   6860                     goto illegal_op;
   6861             } else {
   6862                 /* reg = PSR */
   6863                 rd = (insn >> 12) & 0xf;
   6864                 if (op1 & 2) {
   6865                     if (IS_USER(s))
   6866                         goto illegal_op;
   6867                     tmp = load_cpu_field(spsr);
   6868                 } else {
   6869                     tmp = tcg_temp_new_i32();
   6870                     gen_helper_cpsr_read(tmp, cpu_env);
   6871                 }
   6872                 store_reg(s, rd, tmp);
   6873             }
   6874             break;
   6875         case 0x1:
   6876             if (op1 == 1) {
   6877                 /* branch/exchange thumb (bx).  */
   6878                 ARCH(4T);
   6879                 tmp = load_reg(s, rm);
   6880                 gen_bx(s, tmp);
   6881             } else if (op1 == 3) {
   6882                 /* clz */
   6883                 ARCH(5);
   6884                 rd = (insn >> 12) & 0xf;
   6885                 tmp = load_reg(s, rm);
   6886                 gen_helper_clz(tmp, tmp);
   6887                 store_reg(s, rd, tmp);
   6888             } else {
   6889                 goto illegal_op;
   6890             }
   6891             break;
   6892         case 0x2:
   6893             if (op1 == 1) {
   6894                 ARCH(5J); /* bxj */
   6895                 /* Trivial implementation equivalent to bx.  */
   6896                 tmp = load_reg(s, rm);
   6897                 gen_bx(s, tmp);
   6898             } else {
   6899                 goto illegal_op;
   6900             }
   6901             break;
   6902         case 0x3:
   6903             if (op1 != 1)
   6904               goto illegal_op;
   6905 
   6906             ARCH(5);
   6907             /* branch link/exchange thumb (blx) */
   6908             tmp = load_reg(s, rm);
   6909             tmp2 = tcg_temp_new_i32();
   6910             tcg_gen_movi_i32(tmp2, s->pc);
   6911             store_reg(s, 14, tmp2);
   6912             gen_bx(s, tmp);
   6913             break;
   6914         case 0x5: /* saturating add/subtract */
   6915             ARCH(5TE);
   6916             rd = (insn >> 12) & 0xf;
   6917             rn = (insn >> 16) & 0xf;
   6918             tmp = load_reg(s, rm);
   6919             tmp2 = load_reg(s, rn);
   6920             if (op1 & 2)
   6921                 gen_helper_double_saturate(tmp2, cpu_env, tmp2);
   6922             if (op1 & 1)
   6923                 gen_helper_sub_saturate(tmp, cpu_env, tmp, tmp2);
   6924             else
   6925                 gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
   6926             tcg_temp_free_i32(tmp2);
   6927             store_reg(s, rd, tmp);
   6928             break;
   6929         case 7:
   6930             if (op1 == 1) {
   6931                 /* bkpt */
   6932                 ARCH(5);
   6933                 gen_exception_insn(s, 4, EXCP_BKPT);
   6934             } else if (op1 == 3) {
   6935                 /* smi/smc */
   6936                 if (!(env->cp15.c0_c2[4] & 0xf000) || IS_USER(s)) {
   6937                     goto illegal_op;
   6938                 }
   6939                 gen_smc(env, s);
   6940             } else {
   6941                 goto illegal_op;
   6942             }
   6943             break;
   6944         case 0x8: /* signed multiply */
   6945         case 0xa:
   6946         case 0xc:
   6947         case 0xe:
   6948             ARCH(5TE);
   6949             rs = (insn >> 8) & 0xf;
   6950             rn = (insn >> 12) & 0xf;
   6951             rd = (insn >> 16) & 0xf;
   6952             if (op1 == 1) {
   6953                 /* (32 * 16) >> 16 */
   6954                 tmp = load_reg(s, rm);
   6955                 tmp2 = load_reg(s, rs);
   6956                 if (sh & 4)
   6957                     tcg_gen_sari_i32(tmp2, tmp2, 16);
   6958                 else
   6959                     gen_sxth(tmp2);
   6960                 tmp64 = gen_muls_i64_i32(tmp, tmp2);
   6961                 tcg_gen_shri_i64(tmp64, tmp64, 16);
   6962                 tmp = tcg_temp_new_i32();
   6963                 tcg_gen_trunc_i64_i32(tmp, tmp64);
   6964                 tcg_temp_free_i64(tmp64);
   6965                 if ((sh & 2) == 0) {
   6966                     tmp2 = load_reg(s, rn);
   6967                     gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
   6968                     tcg_temp_free_i32(tmp2);
   6969                 }
   6970                 store_reg(s, rd, tmp);
   6971             } else {
   6972                 /* 16 * 16 */
   6973                 tmp = load_reg(s, rm);
   6974                 tmp2 = load_reg(s, rs);
   6975                 gen_mulxy(tmp, tmp2, sh & 2, sh & 4);
   6976                 tcg_temp_free_i32(tmp2);
   6977                 if (op1 == 2) {
   6978                     tmp64 = tcg_temp_new_i64();
   6979                     tcg_gen_ext_i32_i64(tmp64, tmp);
   6980                     tcg_temp_free_i32(tmp);
   6981                     gen_addq(s, tmp64, rn, rd);
   6982                     gen_storeq_reg(s, rn, rd, tmp64);
   6983                     tcg_temp_free_i64(tmp64);
   6984                 } else {
   6985                     if (op1 == 0) {
   6986                         tmp2 = load_reg(s, rn);
   6987                         gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
   6988                         tcg_temp_free_i32(tmp2);
   6989                     }
   6990                     store_reg(s, rd, tmp);
   6991                 }
   6992             }
   6993             break;
   6994         default:
   6995             goto illegal_op;
   6996         }
   6997     } else if (((insn & 0x0e000000) == 0 &&
   6998                 (insn & 0x00000090) != 0x90) ||
   6999                ((insn & 0x0e000000) == (1 << 25))) {
   7000         int set_cc, logic_cc, shiftop;
   7001 
   7002         op1 = (insn >> 21) & 0xf;
   7003         set_cc = (insn >> 20) & 1;
   7004         logic_cc = table_logic_cc[op1] & set_cc;
   7005 
   7006         /* data processing instruction */
   7007         if (insn & (1 << 25)) {
   7008             /* immediate operand */
   7009             val = insn & 0xff;
   7010             shift = ((insn >> 8) & 0xf) * 2;
   7011             if (shift) {
   7012                 val = (val >> shift) | (val << (32 - shift));
   7013             }
   7014             tmp2 = tcg_temp_new_i32();
   7015             tcg_gen_movi_i32(tmp2, val);
   7016             if (logic_cc && shift) {
   7017                 gen_set_CF_bit31(tmp2);
   7018             }
   7019         } else {
   7020             /* register */
   7021             rm = (insn) & 0xf;
   7022             tmp2 = load_reg(s, rm);
   7023             shiftop = (insn >> 5) & 3;
   7024             if (!(insn & (1 << 4))) {
   7025                 shift = (insn >> 7) & 0x1f;
   7026                 gen_arm_shift_im(tmp2, shiftop, shift, logic_cc);
   7027             } else {
   7028                 rs = (insn >> 8) & 0xf;
   7029                 tmp = load_reg(s, rs);
   7030                 gen_arm_shift_reg(tmp2, shiftop, tmp, logic_cc);
   7031             }
   7032         }
   7033         if (op1 != 0x0f && op1 != 0x0d) {
   7034             rn = (insn >> 16) & 0xf;
   7035             tmp = load_reg(s, rn);
   7036         } else {
   7037             TCGV_UNUSED(tmp);
   7038         }
   7039         rd = (insn >> 12) & 0xf;
   7040         switch(op1) {
   7041         case 0x00:
   7042             tcg_gen_and_i32(tmp, tmp, tmp2);
   7043             if (logic_cc) {
   7044                 gen_logic_CC(tmp);
   7045             }
   7046             store_reg_bx(env, s, rd, tmp);
   7047             break;
   7048         case 0x01:
   7049             tcg_gen_xor_i32(tmp, tmp, tmp2);
   7050             if (logic_cc) {
   7051                 gen_logic_CC(tmp);
   7052             }
   7053             store_reg_bx(env, s, rd, tmp);
   7054             break;
   7055         case 0x02:
   7056             if (set_cc && rd == 15) {
   7057                 /* SUBS r15, ... is used for exception return.  */
   7058                 if (IS_USER(s)) {
   7059                     goto illegal_op;
   7060                 }
   7061                 gen_helper_sub_cc(tmp, cpu_env, tmp, tmp2);
   7062                 gen_exception_return(s, tmp);
   7063             } else {
   7064                 if (set_cc) {
   7065                     gen_helper_sub_cc(tmp, cpu_env, tmp, tmp2);
   7066                 } else {
   7067                     tcg_gen_sub_i32(tmp, tmp, tmp2);
   7068                 }
   7069                 store_reg_bx(env, s, rd, tmp);
   7070             }
   7071             break;
   7072         case 0x03:
   7073             if (set_cc) {
   7074                 gen_helper_sub_cc(tmp, cpu_env, tmp2, tmp);
   7075             } else {
   7076                 tcg_gen_sub_i32(tmp, tmp2, tmp);
   7077             }
   7078             store_reg_bx(env, s, rd, tmp);
   7079             break;
   7080         case 0x04:
   7081             if (set_cc) {
   7082                 gen_helper_add_cc(tmp, cpu_env, tmp, tmp2);
   7083             } else {
   7084                 tcg_gen_add_i32(tmp, tmp, tmp2);
   7085             }
   7086             store_reg_bx(env, s, rd, tmp);
   7087             break;
   7088         case 0x05:
   7089             if (set_cc) {
   7090                 gen_helper_adc_cc(tmp, cpu_env, tmp, tmp2);
   7091             } else {
   7092                 gen_add_carry(tmp, tmp, tmp2);
   7093             }
   7094             store_reg_bx(env, s, rd, tmp);
   7095             break;
   7096         case 0x06:
   7097             if (set_cc) {
   7098                 gen_helper_sbc_cc(tmp, cpu_env, tmp, tmp2);
   7099             } else {
   7100                 gen_sub_carry(tmp, tmp, tmp2);
   7101             }
   7102             store_reg_bx(env, s, rd, tmp);
   7103             break;
   7104         case 0x07:
   7105             if (set_cc) {
   7106                 gen_helper_sbc_cc(tmp, cpu_env, tmp2, tmp);
   7107             } else {
   7108                 gen_sub_carry(tmp, tmp2, tmp);
   7109             }
   7110             store_reg_bx(env, s, rd, tmp);
   7111             break;
   7112         case 0x08:
   7113             if (set_cc) {
   7114                 tcg_gen_and_i32(tmp, tmp, tmp2);
   7115                 gen_logic_CC(tmp);
   7116             }
   7117             tcg_temp_free_i32(tmp);
   7118             break;
   7119         case 0x09:
   7120             if (set_cc) {
   7121                 tcg_gen_xor_i32(tmp, tmp, tmp2);
   7122                 gen_logic_CC(tmp);
   7123             }
   7124             tcg_temp_free_i32(tmp);
   7125             break;
   7126         case 0x0a:
   7127             if (set_cc) {
   7128                 gen_helper_sub_cc(tmp, cpu_env, tmp, tmp2);
   7129             }
   7130             tcg_temp_free_i32(tmp);
   7131             break;
   7132         case 0x0b:
   7133             if (set_cc) {
   7134                 gen_helper_add_cc(tmp, cpu_env, tmp, tmp2);
   7135             }
   7136             tcg_temp_free_i32(tmp);
   7137             break;
   7138         case 0x0c:
   7139             tcg_gen_or_i32(tmp, tmp, tmp2);
   7140             if (logic_cc) {
   7141                 gen_logic_CC(tmp);
   7142             }
   7143             store_reg_bx(env, s, rd, tmp);
   7144             break;
   7145         case 0x0d:
   7146             if (logic_cc && rd == 15) {
   7147                 /* MOVS r15, ... is used for exception return.  */
   7148                 if (IS_USER(s)) {
   7149                     goto illegal_op;
   7150                 }
   7151                 gen_exception_return(s, tmp2);
   7152             } else {
   7153                 if (logic_cc) {
   7154                     gen_logic_CC(tmp2);
   7155                 }
   7156                 store_reg_bx(env, s, rd, tmp2);
   7157             }
   7158             break;
   7159         case 0x0e:
   7160             tcg_gen_andc_i32(tmp, tmp, tmp2);
   7161             if (logic_cc) {
   7162                 gen_logic_CC(tmp);
   7163             }
   7164             store_reg_bx(env, s, rd, tmp);
   7165             break;
   7166         default:
   7167         case 0x0f:
   7168             tcg_gen_not_i32(tmp2, tmp2);
   7169             if (logic_cc) {
   7170                 gen_logic_CC(tmp2);
   7171             }
   7172             store_reg_bx(env, s, rd, tmp2);
   7173             break;
   7174         }
   7175         if (op1 != 0x0f && op1 != 0x0d) {
   7176             tcg_temp_free_i32(tmp2);
   7177         }
   7178     } else {
   7179         /* other instructions */
   7180         op1 = (insn >> 24) & 0xf;
   7181         switch(op1) {
   7182         case 0x0:
   7183         case 0x1:
   7184             /* multiplies, extra load/stores */
   7185             sh = (insn >> 5) & 3;
   7186             if (sh == 0) {
   7187                 if (op1 == 0x0) {
   7188                     rd = (insn >> 16) & 0xf;
   7189                     rn = (insn >> 12) & 0xf;
   7190                     rs = (insn >> 8) & 0xf;
   7191                     rm = (insn) & 0xf;
   7192                     op1 = (insn >> 20) & 0xf;
   7193                     switch (op1) {
   7194                     case 0: case 1: case 2: case 3: case 6:
   7195                         /* 32 bit mul */
   7196                         tmp = load_reg(s, rs);
   7197                         tmp2 = load_reg(s, rm);
   7198                         tcg_gen_mul_i32(tmp, tmp, tmp2);
   7199                         tcg_temp_free_i32(tmp2);
   7200                         if (insn & (1 << 22)) {
   7201                             /* Subtract (mls) */
   7202                             ARCH(6T2);
   7203                             tmp2 = load_reg(s, rn);
   7204                             tcg_gen_sub_i32(tmp, tmp2, tmp);
   7205                             tcg_temp_free_i32(tmp2);
   7206                         } else if (insn & (1 << 21)) {
   7207                             /* Add */
   7208                             tmp2 = load_reg(s, rn);
   7209                             tcg_gen_add_i32(tmp, tmp, tmp2);
   7210                             tcg_temp_free_i32(tmp2);
   7211                         }
   7212                         if (insn & (1 << 20))
   7213                             gen_logic_CC(tmp);
   7214                         store_reg(s, rd, tmp);
   7215                         break;
   7216                     case 4:
   7217                         /* 64 bit mul double accumulate (UMAAL) */
   7218                         ARCH(6);
   7219                         tmp = load_reg(s, rs);
   7220                         tmp2 = load_reg(s, rm);
   7221                         tmp64 = gen_mulu_i64_i32(tmp, tmp2);
   7222                         gen_addq_lo(s, tmp64, rn);
   7223                         gen_addq_lo(s, tmp64, rd);
   7224                         gen_storeq_reg(s, rn, rd, tmp64);
   7225                         tcg_temp_free_i64(tmp64);
   7226                         break;
   7227                     case 8: case 9: case 10: case 11:
   7228                     case 12: case 13: case 14: case 15:
   7229                         /* 64 bit mul: UMULL, UMLAL, SMULL, SMLAL. */
   7230                         tmp = load_reg(s, rs);
   7231                         tmp2 = load_reg(s, rm);
   7232                         if (insn & (1 << 22)) {
   7233                             tmp64 = gen_muls_i64_i32(tmp, tmp2);
   7234                         } else {
   7235                             tmp64 = gen_mulu_i64_i32(tmp, tmp2);
   7236                         }
   7237                         if (insn & (1 << 21)) { /* mult accumulate */
   7238                             gen_addq(s, tmp64, rn, rd);
   7239                         }
   7240                         if (insn & (1 << 20)) {
   7241                             gen_logicq_cc(tmp64);
   7242                         }
   7243                         gen_storeq_reg(s, rn, rd, tmp64);
   7244                         tcg_temp_free_i64(tmp64);
   7245                         break;
   7246                     default:
   7247                         goto illegal_op;
   7248                     }
   7249                 } else {
   7250                     rn = (insn >> 16) & 0xf;
   7251                     rd = (insn >> 12) & 0xf;
   7252                     if (insn & (1 << 23)) {
   7253                         /* load/store exclusive */
   7254                         op1 = (insn >> 21) & 0x3;
   7255                         if (op1)
   7256                             ARCH(6K);
   7257                         else
   7258                             ARCH(6);
   7259                         addr = tcg_temp_local_new_i32();
   7260                         load_reg_var(s, addr, rn);
   7261                         if (insn & (1 << 20)) {
   7262                             switch (op1) {
   7263                             case 0: /* ldrex */
   7264                                 gen_load_exclusive(s, rd, 15, addr, 2);
   7265                                 break;
   7266                             case 1: /* ldrexd */
   7267                                 gen_load_exclusive(s, rd, rd + 1, addr, 3);
   7268                                 break;
   7269                             case 2: /* ldrexb */
   7270                                 gen_load_exclusive(s, rd, 15, addr, 0);
   7271                                 break;
   7272                             case 3: /* ldrexh */
   7273                                 gen_load_exclusive(s, rd, 15, addr, 1);
   7274                                 break;
   7275                             default:
   7276                                 abort();
   7277                             }
   7278                         } else {
   7279                             rm = insn & 0xf;
   7280                             switch (op1) {
   7281                             case 0:  /*  strex */
   7282                                 gen_store_exclusive(s, rd, rm, 15, addr, 2);
   7283                                 break;
   7284                             case 1: /*  strexd */
   7285                                 gen_store_exclusive(s, rd, rm, rm + 1, addr, 3);
   7286                                 break;
   7287                             case 2: /*  strexb */
   7288                                 gen_store_exclusive(s, rd, rm, 15, addr, 0);
   7289                                 break;
   7290                             case 3: /* strexh */
   7291                                 gen_store_exclusive(s, rd, rm, 15, addr, 1);
   7292                                 break;
   7293                             default:
   7294                                 abort();
   7295                             }
   7296                         }
   7297                         tcg_temp_free(addr);
   7298                     } else {
   7299                         /* SWP instruction */
   7300                         rm = (insn) & 0xf;
   7301 
   7302                         /* ??? This is not really atomic.  However we know
   7303                            we never have multiple CPUs running in parallel,
   7304                            so it is good enough.  */
   7305                         addr = load_reg(s, rn);
   7306                         tmp = load_reg(s, rm);
   7307                         if (insn & (1 << 22)) {
   7308                             tmp2 = gen_ld8u(addr, IS_USER(s));
   7309                             gen_st8(tmp, addr, IS_USER(s));
   7310                         } else {
   7311                             tmp2 = gen_ld32(addr, IS_USER(s));
   7312                             gen_st32(tmp, addr, IS_USER(s));
   7313                         }
   7314                         tcg_temp_free_i32(addr);
   7315                         store_reg(s, rd, tmp2);
   7316                     }
   7317                 }
   7318             } else {
   7319                 int address_offset;
   7320                 int load;
   7321                 /* Misc load/store */
   7322                 rn = (insn >> 16) & 0xf;
   7323                 rd = (insn >> 12) & 0xf;
   7324                 addr = load_reg(s, rn);
   7325                 if (insn & (1 << 24))
   7326                     gen_add_datah_offset(s, insn, 0, addr);
   7327                 address_offset = 0;
   7328                 if (insn & (1 << 20)) {
   7329                     /* load */
   7330                     switch(sh) {
   7331                     case 1:
   7332                         tmp = gen_ld16u(addr, IS_USER(s));
   7333                         break;
   7334                     case 2:
   7335                         tmp = gen_ld8s(addr, IS_USER(s));
   7336                         break;
   7337                     default:
   7338                     case 3:
   7339                         tmp = gen_ld16s(addr, IS_USER(s));
   7340                         break;
   7341                     }
   7342                     load = 1;
   7343                 } else if (sh & 2) {
   7344                     ARCH(5TE);
   7345                     /* doubleword */
   7346                     if (sh & 1) {
   7347                         /* store */
   7348                         tmp = load_reg(s, rd);
   7349                         gen_st32(tmp, addr, IS_USER(s));
   7350                         tcg_gen_addi_i32(addr, addr, 4);
   7351                         tmp = load_reg(s, rd + 1);
   7352                         gen_st32(tmp, addr, IS_USER(s));
   7353                         load = 0;
   7354                     } else {
   7355                         /* load */
   7356                         tmp = gen_ld32(addr, IS_USER(s));
   7357                         store_reg(s, rd, tmp);
   7358                         tcg_gen_addi_i32(addr, addr, 4);
   7359                         tmp = gen_ld32(addr, IS_USER(s));
   7360                         rd++;
   7361                         load = 1;
   7362                     }
   7363                     address_offset = -4;
   7364                 } else {
   7365                     /* store */
   7366                     tmp = load_reg(s, rd);
   7367                     gen_st16(tmp, addr, IS_USER(s));
   7368                     load = 0;
   7369                 }
   7370                 /* Perform base writeback before the loaded value to
   7371                    ensure correct behavior with overlapping index registers.
   7372                    ldrd with base writeback is is undefined if the
   7373                    destination and index registers overlap.  */
   7374                 if (!(insn & (1 << 24))) {
   7375                     gen_add_datah_offset(s, insn, address_offset, addr);
   7376                     store_reg(s, rn, addr);
   7377                 } else if (insn & (1 << 21)) {
   7378                     if (address_offset)
   7379                         tcg_gen_addi_i32(addr, addr, address_offset);
   7380                     store_reg(s, rn, addr);
   7381                 } else {
   7382                     tcg_temp_free_i32(addr);
   7383                 }
   7384                 if (load) {
   7385                     /* Complete the load.  */
   7386                     store_reg(s, rd, tmp);
   7387                 }
   7388             }
   7389             break;
   7390         case 0x4:
   7391         case 0x5:
   7392             goto do_ldst;
   7393         case 0x6:
   7394         case 0x7:
   7395             if (insn & (1 << 4)) {
   7396                 ARCH(6);
   7397                 /* Armv6 Media instructions.  */
   7398                 rm = insn & 0xf;
   7399                 rn = (insn >> 16) & 0xf;
   7400                 rd = (insn >> 12) & 0xf;
   7401                 rs = (insn >> 8) & 0xf;
   7402                 switch ((insn >> 23) & 3) {
   7403                 case 0: /* Parallel add/subtract.  */
   7404                     op1 = (insn >> 20) & 7;
   7405                     tmp = load_reg(s, rn);
   7406                     tmp2 = load_reg(s, rm);
   7407                     sh = (insn >> 5) & 7;
   7408                     if ((op1 & 3) == 0 || sh == 5 || sh == 6)
   7409                         goto illegal_op;
   7410                     gen_arm_parallel_addsub(op1, sh, tmp, tmp2);
   7411                     tcg_temp_free_i32(tmp2);
   7412                     store_reg(s, rd, tmp);
   7413                     break;
   7414                 case 1:
   7415                     if ((insn & 0x00700020) == 0) {
   7416                         /* Halfword pack.  */
   7417                         tmp = load_reg(s, rn);
   7418                         tmp2 = load_reg(s, rm);
   7419                         shift = (insn >> 7) & 0x1f;
   7420                         if (insn & (1 << 6)) {
   7421                             /* pkhtb */
   7422                             if (shift == 0)
   7423                                 shift = 31;
   7424                             tcg_gen_sari_i32(tmp2, tmp2, shift);
   7425                             tcg_gen_andi_i32(tmp, tmp, 0xffff0000);
   7426                             tcg_gen_ext16u_i32(tmp2, tmp2);
   7427                         } else {
   7428                             /* pkhbt */
   7429                             if (shift)
   7430                                 tcg_gen_shli_i32(tmp2, tmp2, shift);
   7431                             tcg_gen_ext16u_i32(tmp, tmp);
   7432                             tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
   7433                         }
   7434                         tcg_gen_or_i32(tmp, tmp, tmp2);
   7435                         tcg_temp_free_i32(tmp2);
   7436                         store_reg(s, rd, tmp);
   7437                     } else if ((insn & 0x00200020) == 0x00200000) {
   7438                         /* [us]sat */
   7439                         tmp = load_reg(s, rm);
   7440                         shift = (insn >> 7) & 0x1f;
   7441                         if (insn & (1 << 6)) {
   7442                             if (shift == 0)
   7443                                 shift = 31;
   7444                             tcg_gen_sari_i32(tmp, tmp, shift);
   7445                         } else {
   7446                             tcg_gen_shli_i32(tmp, tmp, shift);
   7447                         }
   7448                         sh = (insn >> 16) & 0x1f;
   7449                         tmp2 = tcg_const_i32(sh);
   7450                         if (insn & (1 << 22))
   7451                           gen_helper_usat(tmp, cpu_env, tmp, tmp2);
   7452                         else
   7453                           gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
   7454                         tcg_temp_free_i32(tmp2);
   7455                         store_reg(s, rd, tmp);
   7456                     } else if ((insn & 0x00300fe0) == 0x00200f20) {
   7457                         /* [us]sat16 */
   7458                         tmp = load_reg(s, rm);
   7459                         sh = (insn >> 16) & 0x1f;
   7460                         tmp2 = tcg_const_i32(sh);
   7461                         if (insn & (1 << 22))
   7462                           gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
   7463                         else
   7464                           gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
   7465                         tcg_temp_free_i32(tmp2);
   7466                         store_reg(s, rd, tmp);
   7467                     } else if ((insn & 0x00700fe0) == 0x00000fa0) {
   7468                         /* Select bytes.  */
   7469                         tmp = load_reg(s, rn);
   7470                         tmp2 = load_reg(s, rm);
   7471                         tmp3 = tcg_temp_new_i32();
   7472                         tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
   7473                         gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
   7474                         tcg_temp_free_i32(tmp3);
   7475                         tcg_temp_free_i32(tmp2);
   7476                         store_reg(s, rd, tmp);
   7477                     } else if ((insn & 0x000003e0) == 0x00000060) {
   7478                         tmp = load_reg(s, rm);
   7479                         shift = (insn >> 10) & 3;
   7480                         /* ??? In many cases it's not necessary to do a
   7481                            rotate, a shift is sufficient.  */
   7482                         if (shift != 0)
   7483                             tcg_gen_rotri_i32(tmp, tmp, shift * 8);
   7484                         op1 = (insn >> 20) & 7;
   7485                         switch (op1) {
   7486                         case 0: gen_sxtb16(tmp);  break;
   7487                         case 2: gen_sxtb(tmp);    break;
   7488                         case 3: gen_sxth(tmp);    break;
   7489                         case 4: gen_uxtb16(tmp);  break;
   7490                         case 6: gen_uxtb(tmp);    break;
   7491                         case 7: gen_uxth(tmp);    break;
   7492                         default: tcg_temp_free_i32(tmp); goto illegal_op;
   7493                         }
   7494                         if (rn != 15) {
   7495                             tmp2 = load_reg(s, rn);
   7496                             if ((op1 & 3) == 0) {
   7497                                 gen_add16(tmp, tmp2);
   7498                             } else {
   7499                                 tcg_gen_add_i32(tmp, tmp, tmp2);
   7500                                 tcg_temp_free_i32(tmp2);
   7501                             }
   7502                         }
   7503                         store_reg(s, rd, tmp);
   7504                     } else if ((insn & 0x003f0f60) == 0x003f0f20) {
   7505                         /* rev */
   7506                         tmp = load_reg(s, rm);
   7507                         if (insn & (1 << 22)) {
   7508                             if (insn & (1 << 7)) {
   7509                                 gen_revsh(tmp);
   7510                             } else {
   7511                                 ARCH(6T2);
   7512                                 gen_helper_rbit(tmp, tmp);
   7513                             }
   7514                         } else {
   7515                             if (insn & (1 << 7))
   7516                                 gen_rev16(tmp);
   7517                             else
   7518                                 tcg_gen_bswap32_i32(tmp, tmp);
   7519                         }
   7520                         store_reg(s, rd, tmp);
   7521                     } else {
   7522                         goto illegal_op;
   7523                     }
   7524                     break;
   7525                 case 2: /* Multiplies (Type 3).  */
   7526                     tmp = load_reg(s, rm);
   7527                     tmp2 = load_reg(s, rs);
   7528                     if (insn & (1 << 20)) {
   7529                         /* Signed multiply most significant [accumulate].
   7530                            (SMMUL, SMMLA, SMMLS) */
   7531                         tmp64 = gen_muls_i64_i32(tmp, tmp2);
   7532 
   7533                         if (rd != 15) {
   7534                             tmp = load_reg(s, rd);
   7535                             if (insn & (1 << 6)) {
   7536                                 tmp64 = gen_subq_msw(tmp64, tmp);
   7537                             } else {
   7538                                 tmp64 = gen_addq_msw(tmp64, tmp);
   7539                             }
   7540                         }
   7541                         if (insn & (1 << 5)) {
   7542                             tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
   7543                         }
   7544                         tcg_gen_shri_i64(tmp64, tmp64, 32);
   7545                         tmp = tcg_temp_new_i32();
   7546                         tcg_gen_trunc_i64_i32(tmp, tmp64);
   7547                         tcg_temp_free_i64(tmp64);
   7548                         store_reg(s, rn, tmp);
   7549                     } else {
   7550                         if (insn & (1 << 5))
   7551                             gen_swap_half(tmp2);
   7552                         gen_smul_dual(tmp, tmp2);
   7553                         if (insn & (1 << 6)) {
   7554                             /* This subtraction cannot overflow. */
   7555                             tcg_gen_sub_i32(tmp, tmp, tmp2);
   7556                         } else {
   7557                             /* This addition cannot overflow 32 bits;
   7558                              * however it may overflow considered as a signed
   7559                              * operation, in which case we must set the Q flag.
   7560                              */
   7561                             gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
   7562                         }
   7563                         tcg_temp_free_i32(tmp2);
   7564                         if (insn & (1 << 22)) {
   7565                             /* smlald, smlsld */
   7566                             tmp64 = tcg_temp_new_i64();
   7567                             tcg_gen_ext_i32_i64(tmp64, tmp);
   7568                             tcg_temp_free_i32(tmp);
   7569                             gen_addq(s, tmp64, rd, rn);
   7570                             gen_storeq_reg(s, rd, rn, tmp64);
   7571                             tcg_temp_free_i64(tmp64);
   7572                         } else {
   7573                             /* smuad, smusd, smlad, smlsd */
   7574                             if (rd != 15)
   7575                               {
   7576                                 tmp2 = load_reg(s, rd);
   7577                                 gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
   7578                                 tcg_temp_free_i32(tmp2);
   7579                               }
   7580                             store_reg(s, rn, tmp);
   7581                         }
   7582                     }
   7583                     break;
   7584                 case 3:
   7585                     op1 = ((insn >> 17) & 0x38) | ((insn >> 5) & 7);
   7586                     switch (op1) {
   7587                     case 0: /* Unsigned sum of absolute differences.  */
   7588                         ARCH(6);
   7589                         tmp = load_reg(s, rm);
   7590                         tmp2 = load_reg(s, rs);
   7591                         gen_helper_usad8(tmp, tmp, tmp2);
   7592                         tcg_temp_free_i32(tmp2);
   7593                         if (rd != 15) {
   7594                             tmp2 = load_reg(s, rd);
   7595                             tcg_gen_add_i32(tmp, tmp, tmp2);
   7596                             tcg_temp_free_i32(tmp2);
   7597                         }
   7598                         store_reg(s, rn, tmp);
   7599                         break;
   7600                     case 0x20: case 0x24: case 0x28: case 0x2c:
   7601                         /* Bitfield insert/clear.  */
   7602                         ARCH(6T2);
   7603                         shift = (insn >> 7) & 0x1f;
   7604                         i = (insn >> 16) & 0x1f;
   7605                         i = i + 1 - shift;
   7606                         if (rm == 15) {
   7607                             tmp = tcg_temp_new_i32();
   7608                             tcg_gen_movi_i32(tmp, 0);
   7609                         } else {
   7610                             tmp = load_reg(s, rm);
   7611                         }
   7612                         if (i != 32) {
   7613                             tmp2 = load_reg(s, rd);
   7614                             gen_bfi(tmp, tmp2, tmp, shift, (1u << i) - 1);
   7615                             tcg_temp_free_i32(tmp2);
   7616                         }
   7617                         store_reg(s, rd, tmp);
   7618                         break;
   7619                     case 0x12: case 0x16: case 0x1a: case 0x1e: /* sbfx */
   7620                     case 0x32: case 0x36: case 0x3a: case 0x3e: /* ubfx */
   7621                         ARCH(6T2);
   7622                         tmp = load_reg(s, rm);
   7623                         shift = (insn >> 7) & 0x1f;
   7624                         i = ((insn >> 16) & 0x1f) + 1;
   7625                         if (shift + i > 32)
   7626                             goto illegal_op;
   7627                         if (i < 32) {
   7628                             if (op1 & 0x20) {
   7629                                 gen_ubfx(tmp, shift, (1u << i) - 1);
   7630                             } else {
   7631                                 gen_sbfx(tmp, shift, i);
   7632                             }
   7633                         }
   7634                         store_reg(s, rd, tmp);
   7635                         break;
   7636                     default:
   7637                         goto illegal_op;
   7638                     }
   7639                     break;
   7640                 }
   7641                 break;
   7642             }
   7643         do_ldst:
   7644             /* Check for undefined extension instructions
   7645              * per the ARM Bible IE:
   7646              * xxxx 0111 1111 xxxx  xxxx xxxx 1111 xxxx
   7647              */
   7648             sh = (0xf << 20) | (0xf << 4);
   7649             if (op1 == 0x7 && ((insn & sh) == sh))
   7650             {
   7651                 goto illegal_op;
   7652             }
   7653             /* load/store byte/word */
   7654             rn = (insn >> 16) & 0xf;
   7655             rd = (insn >> 12) & 0xf;
   7656             tmp2 = load_reg(s, rn);
   7657             i = (IS_USER(s) || (insn & 0x01200000) == 0x00200000);
   7658             if (insn & (1 << 24))
   7659                 gen_add_data_offset(s, insn, tmp2);
   7660             if (insn & (1 << 20)) {
   7661                 /* load */
   7662                 if (insn & (1 << 22)) {
   7663                     tmp = gen_ld8u(tmp2, i);
   7664                 } else {
   7665                     tmp = gen_ld32(tmp2, i);
   7666                 }
   7667             } else {
   7668                 /* store */
   7669                 tmp = load_reg(s, rd);
   7670                 if (insn & (1 << 22))
   7671                     gen_st8(tmp, tmp2, i);
   7672                 else
   7673                     gen_st32(tmp, tmp2, i);
   7674             }
   7675             if (!(insn & (1 << 24))) {
   7676                 gen_add_data_offset(s, insn, tmp2);
   7677                 store_reg(s, rn, tmp2);
   7678             } else if (insn & (1 << 21)) {
   7679                 store_reg(s, rn, tmp2);
   7680             } else {
   7681                 tcg_temp_free_i32(tmp2);
   7682             }
   7683             if (insn & (1 << 20)) {
   7684                 /* Complete the load.  */
   7685                 store_reg_from_load(env, s, rd, tmp);
   7686             }
   7687             break;
   7688         case 0x08:
   7689         case 0x09:
   7690             {
   7691                 int j, n, user, loaded_base;
   7692                 TCGv loaded_var;
   7693                 /* load/store multiple words */
   7694                 /* XXX: store correct base if write back */
   7695                 user = 0;
   7696                 if (insn & (1 << 22)) {
   7697                     if (IS_USER(s))
   7698                         goto illegal_op; /* only usable in supervisor mode */
   7699 
   7700                     if ((insn & (1 << 15)) == 0)
   7701                         user = 1;
   7702                 }
   7703                 rn = (insn >> 16) & 0xf;
   7704                 addr = load_reg(s, rn);
   7705                 tmp3 = tcg_const_i32(4);
   7706 
   7707                 /* compute total size */
   7708                 loaded_base = 0;
   7709                 TCGV_UNUSED(loaded_var);
   7710                 n = 0;
   7711                 for(i=0;i<16;i++) {
   7712                     if (insn & (1 << i))
   7713                         n++;
   7714                 }
   7715                 /* XXX: test invalid n == 0 case ? */
   7716                 if (insn & (1 << 23)) {
   7717                     if (insn & (1 << 24)) {
   7718                         /* pre increment */
   7719                         tcg_gen_add_i32(addr, addr, tmp3);
   7720                     } else {
   7721                         /* post increment */
   7722                     }
   7723                 } else {
   7724                     if (insn & (1 << 24)) {
   7725                         /* pre decrement */
   7726                         tcg_gen_addi_i32(addr, addr, -(n * 4));
   7727                     } else {
   7728                         /* post decrement */
   7729                         if (n != 1)
   7730                         tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
   7731                     }
   7732                 }
   7733                 j = 0;
   7734                 for(i=0;i<16;i++) {
   7735                     if (insn & (1 << i)) {
   7736                         if (insn & (1 << 20)) {
   7737                             /* load */
   7738                             tmp = gen_ld32(addr, IS_USER(s));
   7739                             if (user) {
   7740                                 tmp2 = tcg_const_i32(i);
   7741                                 gen_helper_set_user_reg(cpu_env, tmp2, tmp);
   7742                                 tcg_temp_free_i32(tmp2);
   7743                                 tcg_temp_free_i32(tmp);
   7744                             } else if (i == rn) {
   7745                                 loaded_var = tmp;
   7746                                 loaded_base = 1;
   7747                             } else {
   7748                                 store_reg_from_load(env, s, i, tmp);
   7749                             }
   7750                         } else {
   7751                             /* store */
   7752                             if (i == 15) {
   7753                                 /* special case: r15 = PC + 8 */
   7754                                 val = (long)s->pc + 4;
   7755                                 tmp = tcg_temp_new_i32();
   7756                                 tcg_gen_movi_i32(tmp, val);
   7757                             } else if (user) {
   7758                                 tmp = tcg_temp_new_i32();
   7759                                 tmp2 = tcg_const_i32(i);
   7760                                 gen_helper_get_user_reg(tmp, cpu_env, tmp2);
   7761                                 tcg_temp_free_i32(tmp2);
   7762                             } else {
   7763                                 tmp = load_reg(s, i);
   7764                             }
   7765                             gen_st32(tmp, addr, IS_USER(s));
   7766                         }
   7767                         j++;
   7768                         /* no need to add after the last transfer */
   7769                         if (j != n)
   7770                             tcg_gen_add_i32(addr, addr, tmp3);
   7771                     }
   7772                 }
   7773                 if (insn & (1 << 21)) {
   7774                     /* write back */
   7775                     if (insn & (1 << 23)) {
   7776                         if (insn & (1 << 24)) {
   7777                             /* pre increment */
   7778                         } else {
   7779                             /* post increment */
   7780                             tcg_gen_add_i32(addr, addr, tmp3);
   7781                         }
   7782                     } else {
   7783                         if (insn & (1 << 24)) {
   7784                             /* pre decrement */
   7785                             if (n != 1)
   7786                                 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4));
   7787                         } else {
   7788                             /* post decrement */
   7789                             tcg_gen_addi_i32(addr, addr, -(n * 4));
   7790                         }
   7791                     }
   7792                     store_reg(s, rn, addr);
   7793                 } else {
   7794                     tcg_temp_free_i32(addr);
   7795                 }
   7796                 tcg_temp_free_i32(tmp3);
   7797                 if (loaded_base) {
   7798                     store_reg(s, rn, loaded_var);
   7799                 }
   7800                 if ((insn & (1 << 22)) && !user) {
   7801                     /* Restore CPSR from SPSR.  */
   7802                     tmp = load_cpu_field(spsr);
   7803                     gen_set_cpsr(tmp, 0xffffffff);
   7804                     tcg_temp_free_i32(tmp);
   7805                     s->is_jmp = DISAS_UPDATE;
   7806                 }
   7807             }
   7808             break;
   7809         case 0xa:
   7810         case 0xb:
   7811             {
   7812                 int32_t offset;
   7813 
   7814                 /* branch (and link) */
   7815                 val = (int32_t)s->pc;
   7816                 if (insn & (1 << 24)) {
   7817                     tmp = tcg_temp_new_i32();
   7818                     tcg_gen_movi_i32(tmp, val);
   7819                     store_reg(s, 14, tmp);
   7820                 }
   7821                 offset = (((int32_t)insn << 8) >> 8);
   7822                 val += (offset << 2) + 4;
   7823                 gen_jmp(s, val);
   7824             }
   7825             break;
   7826         case 0xc:
   7827         case 0xd:
   7828         case 0xe:
   7829             /* Coprocessor.  */
   7830             if (disas_coproc_insn(env, s, insn))
   7831                 goto illegal_op;
   7832             break;
   7833         case 0xf:
   7834             /* swi */
   7835             gen_set_pc_im(s->pc);
   7836             s->is_jmp = DISAS_SWI;
   7837             break;
   7838         default:
   7839         illegal_op:
   7840             gen_exception_insn(s, 4, EXCP_UDEF);
   7841             break;
   7842         }
   7843     }
   7844 }
   7845 
   7846 /* Return true if this is a Thumb-2 logical op.  */
   7847 static int
   7848 thumb2_logic_op(int op)
   7849 {
   7850     return (op < 8);
   7851 }
   7852 
   7853 /* Generate code for a Thumb-2 data processing operation.  If CONDS is nonzero
   7854    then set condition code flags based on the result of the operation.
   7855    If SHIFTER_OUT is nonzero then set the carry flag for logical operations
   7856    to the high bit of T1.
   7857    Returns zero if the opcode is valid.  */
   7858 
   7859 static int
   7860 gen_thumb2_data_op(DisasContext *s, int op, int conds, uint32_t shifter_out, TCGv t0, TCGv t1)
   7861 {
   7862     int logic_cc;
   7863 
   7864     logic_cc = 0;
   7865     switch (op) {
   7866     case 0: /* and */
   7867         tcg_gen_and_i32(t0, t0, t1);
   7868         logic_cc = conds;
   7869         break;
   7870     case 1: /* bic */
   7871         tcg_gen_andc_i32(t0, t0, t1);
   7872         logic_cc = conds;
   7873         break;
   7874     case 2: /* orr */
   7875         tcg_gen_or_i32(t0, t0, t1);
   7876         logic_cc = conds;
   7877         break;
   7878     case 3: /* orn */
   7879         tcg_gen_orc_i32(t0, t0, t1);
   7880         logic_cc = conds;
   7881         break;
   7882     case 4: /* eor */
   7883         tcg_gen_xor_i32(t0, t0, t1);
   7884         logic_cc = conds;
   7885         break;
   7886     case 8: /* add */
   7887         if (conds)
   7888             gen_helper_add_cc(t0, cpu_env, t0, t1);
   7889         else
   7890             tcg_gen_add_i32(t0, t0, t1);
   7891         break;
   7892     case 10: /* adc */
   7893         if (conds)
   7894             gen_helper_adc_cc(t0, cpu_env, t0, t1);
   7895         else
   7896             gen_adc(t0, t1);
   7897         break;
   7898     case 11: /* sbc */
   7899         if (conds)
   7900             gen_helper_sbc_cc(t0, cpu_env, t0, t1);
   7901         else
   7902             gen_sub_carry(t0, t0, t1);
   7903         break;
   7904     case 13: /* sub */
   7905         if (conds)
   7906             gen_helper_sub_cc(t0, cpu_env, t0, t1);
   7907         else
   7908             tcg_gen_sub_i32(t0, t0, t1);
   7909         break;
   7910     case 14: /* rsb */
   7911         if (conds)
   7912             gen_helper_sub_cc(t0, cpu_env, t1, t0);
   7913         else
   7914             tcg_gen_sub_i32(t0, t1, t0);
   7915         break;
   7916     default: /* 5, 6, 7, 9, 12, 15. */
   7917         return 1;
   7918     }
   7919     if (logic_cc) {
   7920         gen_logic_CC(t0);
   7921         if (shifter_out)
   7922             gen_set_CF_bit31(t1);
   7923     }
   7924     return 0;
   7925 }
   7926 
   7927 /* Translate a 32-bit thumb instruction.  Returns nonzero if the instruction
   7928    is not legal.  */
   7929 static int disas_thumb2_insn(CPUARMState *env, DisasContext *s, uint16_t insn_hw1)
   7930 {
   7931     uint32_t insn, imm, shift, offset;
   7932     uint32_t rd, rn, rm, rs;
   7933     TCGv tmp;
   7934     TCGv tmp2;
   7935     TCGv tmp3;
   7936     TCGv addr;
   7937     TCGv_i64 tmp64;
   7938     int op;
   7939     int shiftop;
   7940     int conds;
   7941     int logic_cc;
   7942 
   7943     if (!(arm_feature(env, ARM_FEATURE_THUMB2)
   7944           || arm_feature (env, ARM_FEATURE_M))) {
   7945         /* Thumb-1 cores may need to treat bl and blx as a pair of
   7946            16-bit instructions to get correct prefetch abort behavior.  */
   7947         insn = insn_hw1;
   7948         if ((insn & (1 << 12)) == 0) {
   7949             ARCH(5);
   7950             /* Second half of blx.  */
   7951             offset = ((insn & 0x7ff) << 1);
   7952             tmp = load_reg(s, 14);
   7953             tcg_gen_addi_i32(tmp, tmp, offset);
   7954             tcg_gen_andi_i32(tmp, tmp, 0xfffffffc);
   7955 
   7956             tmp2 = tcg_temp_new_i32();
   7957             tcg_gen_movi_i32(tmp2, s->pc | 1);
   7958             store_reg(s, 14, tmp2);
   7959             gen_bx(s, tmp);
   7960             return 0;
   7961         }
   7962         if (insn & (1 << 11)) {
   7963             /* Second half of bl.  */
   7964             offset = ((insn & 0x7ff) << 1) | 1;
   7965             tmp = load_reg(s, 14);
   7966             tcg_gen_addi_i32(tmp, tmp, offset);
   7967 
   7968             tmp2 = tcg_temp_new_i32();
   7969             tcg_gen_movi_i32(tmp2, s->pc | 1);
   7970             store_reg(s, 14, tmp2);
   7971             gen_bx(s, tmp);
   7972             return 0;
   7973         }
   7974         if ((s->pc & ~TARGET_PAGE_MASK) == 0) {
   7975             /* Instruction spans a page boundary.  Implement it as two
   7976                16-bit instructions in case the second half causes an
   7977                prefetch abort.  */
   7978             offset = ((int32_t)insn << 21) >> 9;
   7979             tcg_gen_movi_i32(cpu_R[14], s->pc + 2 + offset);
   7980             return 0;
   7981         }
   7982         /* Fall through to 32-bit decode.  */
   7983     }
   7984 
   7985     insn = cpu_lduw_code(env, s->pc);
   7986     s->pc += 2;
   7987     insn |= (uint32_t)insn_hw1 << 16;
   7988 
   7989     if ((insn & 0xf800e800) != 0xf000e800) {
   7990         ARCH(6T2);
   7991     }
   7992 
   7993     rn = (insn >> 16) & 0xf;
   7994     rs = (insn >> 12) & 0xf;
   7995     rd = (insn >> 8) & 0xf;
   7996     rm = insn & 0xf;
   7997     switch ((insn >> 25) & 0xf) {
   7998     case 0: case 1: case 2: case 3:
   7999         /* 16-bit instructions.  Should never happen.  */
   8000         abort();
   8001     case 4:
   8002         if (insn & (1 << 22)) {
   8003             /* Other load/store, table branch.  */
   8004             if (insn & 0x01200000) {
   8005                 /* Load/store doubleword.  */
   8006                 if (rn == 15) {
   8007                     addr = tcg_temp_new_i32();
   8008                     tcg_gen_movi_i32(addr, s->pc & ~3);
   8009                 } else {
   8010                     addr = load_reg(s, rn);
   8011                 }
   8012                 offset = (insn & 0xff) * 4;
   8013                 if ((insn & (1 << 23)) == 0)
   8014                     offset = -offset;
   8015                 if (insn & (1 << 24)) {
   8016                     tcg_gen_addi_i32(addr, addr, offset);
   8017                     offset = 0;
   8018                 }
   8019                 if (insn & (1 << 20)) {
   8020                     /* ldrd */
   8021                     tmp = gen_ld32(addr, IS_USER(s));
   8022                     store_reg(s, rs, tmp);
   8023                     tcg_gen_addi_i32(addr, addr, 4);
   8024                     tmp = gen_ld32(addr, IS_USER(s));
   8025                     store_reg(s, rd, tmp);
   8026                 } else {
   8027                     /* strd */
   8028                     tmp = load_reg(s, rs);
   8029                     gen_st32(tmp, addr, IS_USER(s));
   8030                     tcg_gen_addi_i32(addr, addr, 4);
   8031                     tmp = load_reg(s, rd);
   8032                     gen_st32(tmp, addr, IS_USER(s));
   8033                 }
   8034                 if (insn & (1 << 21)) {
   8035                     /* Base writeback.  */
   8036                     if (rn == 15)
   8037                         goto illegal_op;
   8038                     tcg_gen_addi_i32(addr, addr, offset - 4);
   8039                     store_reg(s, rn, addr);
   8040                 } else {
   8041                     tcg_temp_free_i32(addr);
   8042                 }
   8043             } else if ((insn & (1 << 23)) == 0) {
   8044                 /* Load/store exclusive word.  */
   8045                 addr = tcg_temp_local_new();
   8046                 load_reg_var(s, addr, rn);
   8047                 tcg_gen_addi_i32(addr, addr, (insn & 0xff) << 2);
   8048                 if (insn & (1 << 20)) {
   8049                     gen_load_exclusive(s, rs, 15, addr, 2);
   8050                 } else {
   8051                     gen_store_exclusive(s, rd, rs, 15, addr, 2);
   8052                 }
   8053                 tcg_temp_free(addr);
   8054             } else if ((insn & (1 << 6)) == 0) {
   8055                 /* Table Branch.  */
   8056                 if (rn == 15) {
   8057                     addr = tcg_temp_new_i32();
   8058                     tcg_gen_movi_i32(addr, s->pc);
   8059                 } else {
   8060                     addr = load_reg(s, rn);
   8061                 }
   8062                 tmp = load_reg(s, rm);
   8063                 tcg_gen_add_i32(addr, addr, tmp);
   8064                 if (insn & (1 << 4)) {
   8065                     /* tbh */
   8066                     tcg_gen_add_i32(addr, addr, tmp);
   8067                     tcg_temp_free_i32(tmp);
   8068                     tmp = gen_ld16u(addr, IS_USER(s));
   8069                 } else { /* tbb */
   8070                     tcg_temp_free_i32(tmp);
   8071                     tmp = gen_ld8u(addr, IS_USER(s));
   8072                 }
   8073                 tcg_temp_free_i32(addr);
   8074                 tcg_gen_shli_i32(tmp, tmp, 1);
   8075                 tcg_gen_addi_i32(tmp, tmp, s->pc);
   8076                 store_reg(s, 15, tmp);
   8077             } else {
   8078                 /* Load/store exclusive byte/halfword/doubleword.  */
   8079                 ARCH(7);
   8080                 op = (insn >> 4) & 0x3;
   8081                 if (op == 2) {
   8082                     goto illegal_op;
   8083                 }
   8084                 addr = tcg_temp_local_new();
   8085                 load_reg_var(s, addr, rn);
   8086                 if (insn & (1 << 20)) {
   8087                     gen_load_exclusive(s, rs, rd, addr, op);
   8088                 } else {
   8089                     gen_store_exclusive(s, rm, rs, rd, addr, op);
   8090                 }
   8091                 tcg_temp_free(addr);
   8092             }
   8093         } else {
   8094             /* Load/store multiple, RFE, SRS.  */
   8095             if (((insn >> 23) & 1) == ((insn >> 24) & 1)) {
   8096                 /* Not available in user mode.  */
   8097                 if (IS_USER(s))
   8098                     goto illegal_op;
   8099                 if (insn & (1 << 20)) {
   8100                     /* rfe */
   8101                     addr = load_reg(s, rn);
   8102                     if ((insn & (1 << 24)) == 0)
   8103                         tcg_gen_addi_i32(addr, addr, -8);
   8104                     /* Load PC into tmp and CPSR into tmp2.  */
   8105                     tmp = gen_ld32(addr, 0);
   8106                     tcg_gen_addi_i32(addr, addr, 4);
   8107                     tmp2 = gen_ld32(addr, 0);
   8108                     if (insn & (1 << 21)) {
   8109                         /* Base writeback.  */
   8110                         if (insn & (1 << 24)) {
   8111                             tcg_gen_addi_i32(addr, addr, 4);
   8112                         } else {
   8113                             tcg_gen_addi_i32(addr, addr, -4);
   8114                         }
   8115                         store_reg(s, rn, addr);
   8116                     } else {
   8117                         tcg_temp_free_i32(addr);
   8118                     }
   8119                     gen_rfe(s, tmp, tmp2);
   8120                 } else {
   8121                     /* srs */
   8122                     op = (insn & 0x1f);
   8123                     addr = tcg_temp_new_i32();
   8124                     tmp = tcg_const_i32(op);
   8125                     gen_helper_get_r13_banked(addr, cpu_env, tmp);
   8126                     tcg_temp_free_i32(tmp);
   8127                     if ((insn & (1 << 24)) == 0) {
   8128                         tcg_gen_addi_i32(addr, addr, -8);
   8129                     }
   8130                     tmp = load_reg(s, 14);
   8131                     gen_st32(tmp, addr, 0);
   8132                     tcg_gen_addi_i32(addr, addr, 4);
   8133                     tmp = tcg_temp_new_i32();
   8134                     gen_helper_cpsr_read(tmp, cpu_env);
   8135                     gen_st32(tmp, addr, 0);
   8136                     if (insn & (1 << 21)) {
   8137                         if ((insn & (1 << 24)) == 0) {
   8138                             tcg_gen_addi_i32(addr, addr, -4);
   8139                         } else {
   8140                             tcg_gen_addi_i32(addr, addr, 4);
   8141                         }
   8142                         tmp = tcg_const_i32(op);
   8143                         gen_helper_set_r13_banked(cpu_env, tmp, addr);
   8144                         tcg_temp_free_i32(tmp);
   8145                     } else {
   8146                         tcg_temp_free_i32(addr);
   8147                     }
   8148                 }
   8149             } else {
   8150                 int i, loaded_base = 0;
   8151                 TCGv loaded_var;
   8152                 /* Load/store multiple.  */
   8153                 addr = load_reg(s, rn);
   8154                 offset = 0;
   8155                 for (i = 0; i < 16; i++) {
   8156                     if (insn & (1 << i))
   8157                         offset += 4;
   8158                 }
   8159                 if (insn & (1 << 24)) {
   8160                     tcg_gen_addi_i32(addr, addr, -offset);
   8161                 }
   8162 
   8163                 TCGV_UNUSED(loaded_var);
   8164                 tmp2 = tcg_const_i32(4);
   8165                 for (i = 0; i < 16; i++) {
   8166                     if ((insn & (1 << i)) == 0)
   8167                         continue;
   8168                     if (insn & (1 << 20)) {
   8169                         /* Load.  */
   8170                         tmp = gen_ld32(addr, IS_USER(s));
   8171                         if (i == 15) {
   8172                             gen_bx(s, tmp);
   8173                         } else if (i == rn) {
   8174                             loaded_var = tmp;
   8175                             loaded_base = 1;
   8176                         } else {
   8177                             store_reg(s, i, tmp);
   8178                         }
   8179                     } else {
   8180                         /* Store.  */
   8181                         tmp = load_reg(s, i);
   8182                         gen_st32(tmp, addr, IS_USER(s));
   8183                     }
   8184                     tcg_gen_add_i32(addr, addr, tmp2);
   8185                 }
   8186                 if (loaded_base) {
   8187                     store_reg(s, rn, loaded_var);
   8188                 }
   8189                 tcg_temp_free_i32(tmp2);
   8190                 if (insn & (1 << 21)) {
   8191                     /* Base register writeback.  */
   8192                     if (insn & (1 << 24)) {
   8193                         tcg_gen_addi_i32(addr, addr, -offset);
   8194                     }
   8195                     /* Fault if writeback register is in register list.  */
   8196                     if (insn & (1 << rn))
   8197                         goto illegal_op;
   8198                     store_reg(s, rn, addr);
   8199                 } else {
   8200                     tcg_temp_free_i32(addr);
   8201                 }
   8202             }
   8203         }
   8204         break;
   8205     case 5:
   8206 
   8207         op = (insn >> 21) & 0xf;
   8208         if (op == 6) {
   8209             /* Halfword pack.  */
   8210             tmp = load_reg(s, rn);
   8211             tmp2 = load_reg(s, rm);
   8212             shift = ((insn >> 10) & 0x1c) | ((insn >> 6) & 0x3);
   8213             if (insn & (1 << 5)) {
   8214                 /* pkhtb */
   8215                 if (shift == 0)
   8216                     shift = 31;
   8217                 tcg_gen_sari_i32(tmp2, tmp2, shift);
   8218                 tcg_gen_andi_i32(tmp, tmp, 0xffff0000);
   8219                 tcg_gen_ext16u_i32(tmp2, tmp2);
   8220             } else {
   8221                 /* pkhbt */
   8222                 if (shift)
   8223                     tcg_gen_shli_i32(tmp2, tmp2, shift);
   8224                 tcg_gen_ext16u_i32(tmp, tmp);
   8225                 tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
   8226             }
   8227             tcg_gen_or_i32(tmp, tmp, tmp2);
   8228             tcg_temp_free_i32(tmp2);
   8229             store_reg(s, rd, tmp);
   8230         } else {
   8231             /* Data processing register constant shift.  */
   8232             if (rn == 15) {
   8233                 tmp = tcg_temp_new_i32();
   8234                 tcg_gen_movi_i32(tmp, 0);
   8235             } else {
   8236                 tmp = load_reg(s, rn);
   8237             }
   8238             tmp2 = load_reg(s, rm);
   8239 
   8240             shiftop = (insn >> 4) & 3;
   8241             shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
   8242             conds = (insn & (1 << 20)) != 0;
   8243             logic_cc = (conds && thumb2_logic_op(op));
   8244             gen_arm_shift_im(tmp2, shiftop, shift, logic_cc);
   8245             if (gen_thumb2_data_op(s, op, conds, 0, tmp, tmp2))
   8246                 goto illegal_op;
   8247             tcg_temp_free_i32(tmp2);
   8248             if (rd != 15) {
   8249                 store_reg(s, rd, tmp);
   8250             } else {
   8251                 tcg_temp_free_i32(tmp);
   8252             }
   8253         }
   8254         break;
   8255     case 13: /* Misc data processing.  */
   8256         op = ((insn >> 22) & 6) | ((insn >> 7) & 1);
   8257         if (op < 4 && (insn & 0xf000) != 0xf000)
   8258             goto illegal_op;
   8259         switch (op) {
   8260         case 0: /* Register controlled shift.  */
   8261             tmp = load_reg(s, rn);
   8262             tmp2 = load_reg(s, rm);
   8263             if ((insn & 0x70) != 0)
   8264                 goto illegal_op;
   8265             op = (insn >> 21) & 3;
   8266             logic_cc = (insn & (1 << 20)) != 0;
   8267             gen_arm_shift_reg(tmp, op, tmp2, logic_cc);
   8268             if (logic_cc)
   8269                 gen_logic_CC(tmp);
   8270             store_reg_bx(env, s, rd, tmp);
   8271             break;
   8272         case 1: /* Sign/zero extend.  */
   8273             tmp = load_reg(s, rm);
   8274             shift = (insn >> 4) & 3;
   8275             /* ??? In many cases it's not necessary to do a
   8276                rotate, a shift is sufficient.  */
   8277             if (shift != 0)
   8278                 tcg_gen_rotri_i32(tmp, tmp, shift * 8);
   8279             op = (insn >> 20) & 7;
   8280             switch (op) {
   8281             case 0: gen_sxth(tmp);   break;
   8282             case 1: gen_uxth(tmp);   break;
   8283             case 2: gen_sxtb16(tmp); break;
   8284             case 3: gen_uxtb16(tmp); break;
   8285             case 4: gen_sxtb(tmp);   break;
   8286             case 5: gen_uxtb(tmp);   break;
   8287             default: goto illegal_op;
   8288             }
   8289             if (rn != 15) {
   8290                 tmp2 = load_reg(s, rn);
   8291                 if ((op >> 1) == 1) {
   8292                     gen_add16(tmp, tmp2);
   8293                 } else {
   8294                     tcg_gen_add_i32(tmp, tmp, tmp2);
   8295                     tcg_temp_free_i32(tmp2);
   8296                 }
   8297             }
   8298             store_reg(s, rd, tmp);
   8299             break;
   8300         case 2: /* SIMD add/subtract.  */
   8301             op = (insn >> 20) & 7;
   8302             shift = (insn >> 4) & 7;
   8303             if ((op & 3) == 3 || (shift & 3) == 3)
   8304                 goto illegal_op;
   8305             tmp = load_reg(s, rn);
   8306             tmp2 = load_reg(s, rm);
   8307             gen_thumb2_parallel_addsub(op, shift, tmp, tmp2);
   8308             tcg_temp_free_i32(tmp2);
   8309             store_reg(s, rd, tmp);
   8310             break;
   8311         case 3: /* Other data processing.  */
   8312             op = ((insn >> 17) & 0x38) | ((insn >> 4) & 7);
   8313             if (op < 4) {
   8314                 /* Saturating add/subtract.  */
   8315                 tmp = load_reg(s, rn);
   8316                 tmp2 = load_reg(s, rm);
   8317                 if (op & 1)
   8318                     gen_helper_double_saturate(tmp, cpu_env, tmp);
   8319                 if (op & 2)
   8320                     gen_helper_sub_saturate(tmp, cpu_env, tmp2, tmp);
   8321                 else
   8322                     gen_helper_add_saturate(tmp, cpu_env, tmp, tmp2);
   8323                 tcg_temp_free_i32(tmp2);
   8324             } else {
   8325                 tmp = load_reg(s, rn);
   8326                 switch (op) {
   8327                 case 0x0a: /* rbit */
   8328                     gen_helper_rbit(tmp, tmp);
   8329                     break;
   8330                 case 0x08: /* rev */
   8331                     tcg_gen_bswap32_i32(tmp, tmp);
   8332                     break;
   8333                 case 0x09: /* rev16 */
   8334                     gen_rev16(tmp);
   8335                     break;
   8336                 case 0x0b: /* revsh */
   8337                     gen_revsh(tmp);
   8338                     break;
   8339                 case 0x10: /* sel */
   8340                     tmp2 = load_reg(s, rm);
   8341                     tmp3 = tcg_temp_new_i32();
   8342                     tcg_gen_ld_i32(tmp3, cpu_env, offsetof(CPUARMState, GE));
   8343                     gen_helper_sel_flags(tmp, tmp3, tmp, tmp2);
   8344                     tcg_temp_free_i32(tmp3);
   8345                     tcg_temp_free_i32(tmp2);
   8346                     break;
   8347                 case 0x18: /* clz */
   8348                     gen_helper_clz(tmp, tmp);
   8349                     break;
   8350                 default:
   8351                     goto illegal_op;
   8352                 }
   8353             }
   8354             store_reg(s, rd, tmp);
   8355             break;
   8356         case 4: case 5: /* 32-bit multiply.  Sum of absolute differences.  */
   8357             op = (insn >> 4) & 0xf;
   8358             tmp = load_reg(s, rn);
   8359             tmp2 = load_reg(s, rm);
   8360             switch ((insn >> 20) & 7) {
   8361             case 0: /* 32 x 32 -> 32 */
   8362                 tcg_gen_mul_i32(tmp, tmp, tmp2);
   8363                 tcg_temp_free_i32(tmp2);
   8364                 if (rs != 15) {
   8365                     tmp2 = load_reg(s, rs);
   8366                     if (op)
   8367                         tcg_gen_sub_i32(tmp, tmp2, tmp);
   8368                     else
   8369                         tcg_gen_add_i32(tmp, tmp, tmp2);
   8370                     tcg_temp_free_i32(tmp2);
   8371                 }
   8372                 break;
   8373             case 1: /* 16 x 16 -> 32 */
   8374                 gen_mulxy(tmp, tmp2, op & 2, op & 1);
   8375                 tcg_temp_free_i32(tmp2);
   8376                 if (rs != 15) {
   8377                     tmp2 = load_reg(s, rs);
   8378                     gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
   8379                     tcg_temp_free_i32(tmp2);
   8380                 }
   8381                 break;
   8382             case 2: /* Dual multiply add.  */
   8383             case 4: /* Dual multiply subtract.  */
   8384                 if (op)
   8385                     gen_swap_half(tmp2);
   8386                 gen_smul_dual(tmp, tmp2);
   8387                 if (insn & (1 << 22)) {
   8388                     /* This subtraction cannot overflow. */
   8389                     tcg_gen_sub_i32(tmp, tmp, tmp2);
   8390                 } else {
   8391                     /* This addition cannot overflow 32 bits;
   8392                      * however it may overflow considered as a signed
   8393                      * operation, in which case we must set the Q flag.
   8394                      */
   8395                     gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
   8396                 }
   8397                 tcg_temp_free_i32(tmp2);
   8398                 if (rs != 15)
   8399                   {
   8400                     tmp2 = load_reg(s, rs);
   8401                     gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
   8402                     tcg_temp_free_i32(tmp2);
   8403                   }
   8404                 break;
   8405             case 3: /* 32 * 16 -> 32msb */
   8406                 if (op)
   8407                     tcg_gen_sari_i32(tmp2, tmp2, 16);
   8408                 else
   8409                     gen_sxth(tmp2);
   8410                 tmp64 = gen_muls_i64_i32(tmp, tmp2);
   8411                 tcg_gen_shri_i64(tmp64, tmp64, 16);
   8412                 tmp = tcg_temp_new_i32();
   8413                 tcg_gen_trunc_i64_i32(tmp, tmp64);
   8414                 tcg_temp_free_i64(tmp64);
   8415                 if (rs != 15)
   8416                   {
   8417                     tmp2 = load_reg(s, rs);
   8418                     gen_helper_add_setq(tmp, cpu_env, tmp, tmp2);
   8419                     tcg_temp_free_i32(tmp2);
   8420                   }
   8421                 break;
   8422             case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
   8423                 tmp64 = gen_muls_i64_i32(tmp, tmp2);
   8424                 if (rs != 15) {
   8425                     tmp = load_reg(s, rs);
   8426                     if (insn & (1 << 20)) {
   8427                         tmp64 = gen_addq_msw(tmp64, tmp);
   8428                     } else {
   8429                         tmp64 = gen_subq_msw(tmp64, tmp);
   8430                     }
   8431                 }
   8432                 if (insn & (1 << 4)) {
   8433                     tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
   8434                 }
   8435                 tcg_gen_shri_i64(tmp64, tmp64, 32);
   8436                 tmp = tcg_temp_new_i32();
   8437                 tcg_gen_trunc_i64_i32(tmp, tmp64);
   8438                 tcg_temp_free_i64(tmp64);
   8439                 break;
   8440             case 7: /* Unsigned sum of absolute differences.  */
   8441                 gen_helper_usad8(tmp, tmp, tmp2);
   8442                 tcg_temp_free_i32(tmp2);
   8443                 if (rs != 15) {
   8444                     tmp2 = load_reg(s, rs);
   8445                     tcg_gen_add_i32(tmp, tmp, tmp2);
   8446                     tcg_temp_free_i32(tmp2);
   8447                 }
   8448                 break;
   8449             }
   8450             store_reg(s, rd, tmp);
   8451             break;
   8452         case 6: case 7: /* 64-bit multiply, Divide.  */
   8453             op = ((insn >> 4) & 0xf) | ((insn >> 16) & 0x70);
   8454             tmp = load_reg(s, rn);
   8455             tmp2 = load_reg(s, rm);
   8456             if ((op & 0x50) == 0x10) {
   8457                 /* sdiv, udiv */
   8458                 if (!arm_feature(env, ARM_FEATURE_DIV))
   8459                     goto illegal_op;
   8460                 if (op & 0x20)
   8461                     gen_helper_udiv(tmp, tmp, tmp2);
   8462                 else
   8463                     gen_helper_sdiv(tmp, tmp, tmp2);
   8464                 tcg_temp_free_i32(tmp2);
   8465                 store_reg(s, rd, tmp);
   8466             } else if ((op & 0xe) == 0xc) {
   8467                 /* Dual multiply accumulate long.  */
   8468                 if (op & 1)
   8469                     gen_swap_half(tmp2);
   8470                 gen_smul_dual(tmp, tmp2);
   8471                 if (op & 0x10) {
   8472                     tcg_gen_sub_i32(tmp, tmp, tmp2);
   8473                 } else {
   8474                     tcg_gen_add_i32(tmp, tmp, tmp2);
   8475                 }
   8476                 tcg_temp_free_i32(tmp2);
   8477                 /* BUGFIX */
   8478                 tmp64 = tcg_temp_new_i64();
   8479                 tcg_gen_ext_i32_i64(tmp64, tmp);
   8480                 tcg_temp_free_i32(tmp);
   8481                 gen_addq(s, tmp64, rs, rd);
   8482                 gen_storeq_reg(s, rs, rd, tmp64);
   8483                 tcg_temp_free_i64(tmp64);
   8484             } else {
   8485                 if (op & 0x20) {
   8486                     /* Unsigned 64-bit multiply  */
   8487                     tmp64 = gen_mulu_i64_i32(tmp, tmp2);
   8488                 } else {
   8489                     if (op & 8) {
   8490                         /* smlalxy */
   8491                         gen_mulxy(tmp, tmp2, op & 2, op & 1);
   8492                         tcg_temp_free_i32(tmp2);
   8493                         tmp64 = tcg_temp_new_i64();
   8494                         tcg_gen_ext_i32_i64(tmp64, tmp);
   8495                         tcg_temp_free_i32(tmp);
   8496                     } else {
   8497                         /* Signed 64-bit multiply  */
   8498                         tmp64 = gen_muls_i64_i32(tmp, tmp2);
   8499                     }
   8500                 }
   8501                 if (op & 4) {
   8502                     /* umaal */
   8503                     gen_addq_lo(s, tmp64, rs);
   8504                     gen_addq_lo(s, tmp64, rd);
   8505                 } else if (op & 0x40) {
   8506                     /* 64-bit accumulate.  */
   8507                     gen_addq(s, tmp64, rs, rd);
   8508                 }
   8509                 gen_storeq_reg(s, rs, rd, tmp64);
   8510                 tcg_temp_free_i64(tmp64);
   8511             }
   8512             break;
   8513         }
   8514         break;
   8515     case 6: case 7: case 14: case 15:
   8516         /* Coprocessor.  */
   8517         if (((insn >> 24) & 3) == 3) {
   8518             /* Translate into the equivalent ARM encoding.  */
   8519             insn = (insn & 0xe2ffffff) | ((insn & (1 << 28)) >> 4) | (1 << 28);
   8520             if (disas_neon_data_insn(env, s, insn))
   8521                 goto illegal_op;
   8522         } else {
   8523             if (insn & (1 << 28))
   8524                 goto illegal_op;
   8525             if (disas_coproc_insn (env, s, insn))
   8526                 goto illegal_op;
   8527         }
   8528         break;
   8529     case 8: case 9: case 10: case 11:
   8530         if (insn & (1 << 15)) {
   8531             /* Branches, misc control.  */
   8532             if (insn & 0x5000) {
   8533                 /* Unconditional branch.  */
   8534                 /* signextend(hw1[10:0]) -> offset[:12].  */
   8535                 offset = ((int32_t)insn << 5) >> 9 & ~(int32_t)0xfff;
   8536                 /* hw1[10:0] -> offset[11:1].  */
   8537                 offset |= (insn & 0x7ff) << 1;
   8538                 /* (~hw2[13, 11] ^ offset[24]) -> offset[23,22]
   8539                    offset[24:22] already have the same value because of the
   8540                    sign extension above.  */
   8541                 offset ^= ((~insn) & (1 << 13)) << 10;
   8542                 offset ^= ((~insn) & (1 << 11)) << 11;
   8543 
   8544                 if (insn & (1 << 14)) {
   8545                     /* Branch and link.  */
   8546                     tcg_gen_movi_i32(cpu_R[14], s->pc | 1);
   8547                 }
   8548 
   8549                 offset += s->pc;
   8550                 if (insn & (1 << 12)) {
   8551                     /* b/bl */
   8552                     gen_jmp(s, offset);
   8553                 } else {
   8554                     /* blx */
   8555                     offset &= ~(uint32_t)2;
   8556                     /* thumb2 bx, no need to check */
   8557                     gen_bx_im(s, offset);
   8558                 }
   8559             } else if (((insn >> 23) & 7) == 7) {
   8560                 /* Misc control */
   8561                 if (insn & (1 << 13))
   8562                     goto illegal_op;
   8563 
   8564                 if (insn & (1 << 26)) {
   8565                     /* Secure monitor call / smc (v6Z) */
   8566                     if (!(env->cp15.c0_c2[4] & 0xf000) || IS_USER(s)) {
   8567                         goto illegal_op;
   8568                     }
   8569                     gen_smc(env, s);
   8570                 } else {
   8571                     op = (insn >> 20) & 7;
   8572                     switch (op) {
   8573                     case 0: /* msr cpsr.  */
   8574                         if (IS_M(env)) {
   8575                             tmp = load_reg(s, rn);
   8576                             addr = tcg_const_i32(insn & 0xff);
   8577                             gen_helper_v7m_msr(cpu_env, addr, tmp);
   8578                             tcg_temp_free_i32(addr);
   8579                             tcg_temp_free_i32(tmp);
   8580                             gen_lookup_tb(s);
   8581                             break;
   8582                         }
   8583                         /* fall through */
   8584                     case 1: /* msr spsr.  */
   8585                         if (IS_M(env))
   8586                             goto illegal_op;
   8587                         tmp = load_reg(s, rn);
   8588                         if (gen_set_psr(s,
   8589                               msr_mask(env, s, (insn >> 8) & 0xf, op == 1),
   8590                               op == 1, tmp))
   8591                             goto illegal_op;
   8592                         break;
   8593                     case 2: /* cps, nop-hint.  */
   8594                         if (((insn >> 8) & 7) == 0) {
   8595                             gen_nop_hint(s, insn & 0xff);
   8596                         }
   8597                         /* Implemented as NOP in user mode.  */
   8598                         if (IS_USER(s))
   8599                             break;
   8600                         offset = 0;
   8601                         imm = 0;
   8602                         if (insn & (1 << 10)) {
   8603                             if (insn & (1 << 7))
   8604                                 offset |= CPSR_A;
   8605                             if (insn & (1 << 6))
   8606                                 offset |= CPSR_I;
   8607                             if (insn & (1 << 5))
   8608                                 offset |= CPSR_F;
   8609                             if (insn & (1 << 9))
   8610                                 imm = CPSR_A | CPSR_I | CPSR_F;
   8611                         }
   8612                         if (insn & (1 << 8)) {
   8613                             offset |= 0x1f;
   8614                             imm |= (insn & 0x1f);
   8615                         }
   8616                         if (offset) {
   8617                             gen_set_psr_im(s, offset, 0, imm);
   8618                         }
   8619                         break;
   8620                     case 3: /* Special control operations.  */
   8621                         ARCH(7);
   8622                         op = (insn >> 4) & 0xf;
   8623                         switch (op) {
   8624                         case 2: /* clrex */
   8625                             gen_clrex(s);
   8626                             break;
   8627                         case 4: /* dsb */
   8628                         case 5: /* dmb */
   8629                         case 6: /* isb */
   8630                             /* These execute as NOPs.  */
   8631                             break;
   8632                         default:
   8633                             goto illegal_op;
   8634                         }
   8635                         break;
   8636                     case 4: /* bxj */
   8637                         /* Trivial implementation equivalent to bx.  */
   8638                         tmp = load_reg(s, rn);
   8639                         gen_bx(s, tmp);
   8640                         break;
   8641                     case 5: /* Exception return.  */
   8642                         if (IS_USER(s)) {
   8643                             goto illegal_op;
   8644                         }
   8645                         if (rn != 14 || rd != 15) {
   8646                             goto illegal_op;
   8647                         }
   8648                         tmp = load_reg(s, rn);
   8649                         tcg_gen_subi_i32(tmp, tmp, insn & 0xff);
   8650                         gen_exception_return(s, tmp);
   8651                         break;
   8652                     case 6: /* mrs cpsr.  */
   8653                         tmp = tcg_temp_new_i32();
   8654                         if (IS_M(env)) {
   8655                             addr = tcg_const_i32(insn & 0xff);
   8656                             gen_helper_v7m_mrs(tmp, cpu_env, addr);
   8657                             tcg_temp_free_i32(addr);
   8658                         } else {
   8659                             gen_helper_cpsr_read(tmp, cpu_env);
   8660                         }
   8661                         store_reg(s, rd, tmp);
   8662                         break;
   8663                     case 7: /* mrs spsr.  */
   8664                         /* Not accessible in user mode.  */
   8665                         if (IS_USER(s) || IS_M(env))
   8666                             goto illegal_op;
   8667                         tmp = load_cpu_field(spsr);
   8668                         store_reg(s, rd, tmp);
   8669                         break;
   8670                     }
   8671                 }
   8672             } else {
   8673                 /* Conditional branch.  */
   8674                 op = (insn >> 22) & 0xf;
   8675                 /* Generate a conditional jump to next instruction.  */
   8676                 s->condlabel = gen_new_label();
   8677                 gen_test_cc(op ^ 1, s->condlabel);
   8678                 s->condjmp = 1;
   8679 
   8680                 /* offset[11:1] = insn[10:0] */
   8681                 offset = (insn & 0x7ff) << 1;
   8682                 /* offset[17:12] = insn[21:16].  */
   8683                 offset |= (insn & 0x003f0000) >> 4;
   8684                 /* offset[31:20] = insn[26].  */
   8685                 offset |= ((int32_t)((insn << 5) & 0x80000000)) >> 11;
   8686                 /* offset[18] = insn[13].  */
   8687                 offset |= (insn & (1 << 13)) << 5;
   8688                 /* offset[19] = insn[11].  */
   8689                 offset |= (insn & (1 << 11)) << 8;
   8690 
   8691                 /* jump to the offset */
   8692                 gen_jmp(s, s->pc + offset);
   8693             }
   8694         } else {
   8695             /* Data processing immediate.  */
   8696             if (insn & (1 << 25)) {
   8697                 if (insn & (1 << 24)) {
   8698                     if (insn & (1 << 20))
   8699                         goto illegal_op;
   8700                     /* Bitfield/Saturate.  */
   8701                     op = (insn >> 21) & 7;
   8702                     imm = insn & 0x1f;
   8703                     shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
   8704                     if (rn == 15) {
   8705                         tmp = tcg_temp_new_i32();
   8706                         tcg_gen_movi_i32(tmp, 0);
   8707                     } else {
   8708                         tmp = load_reg(s, rn);
   8709                     }
   8710                     switch (op) {
   8711                     case 2: /* Signed bitfield extract.  */
   8712                         imm++;
   8713                         if (shift + imm > 32)
   8714                             goto illegal_op;
   8715                         if (imm < 32)
   8716                             gen_sbfx(tmp, shift, imm);
   8717                         break;
   8718                     case 6: /* Unsigned bitfield extract.  */
   8719                         imm++;
   8720                         if (shift + imm > 32)
   8721                             goto illegal_op;
   8722                         if (imm < 32)
   8723                             gen_ubfx(tmp, shift, (1u << imm) - 1);
   8724                         break;
   8725                     case 3: /* Bitfield insert/clear.  */
   8726                         if (imm < shift)
   8727                             goto illegal_op;
   8728                         imm = imm + 1 - shift;
   8729                         if (imm != 32) {
   8730                             tmp2 = load_reg(s, rd);
   8731                             gen_bfi(tmp, tmp2, tmp, shift, (1u << imm) - 1);
   8732                             tcg_temp_free_i32(tmp2);
   8733                         }
   8734                         break;
   8735                     case 7:
   8736                         goto illegal_op;
   8737                     default: /* Saturate.  */
   8738                         if (shift) {
   8739                             if (op & 1)
   8740                                 tcg_gen_sari_i32(tmp, tmp, shift);
   8741                             else
   8742                                 tcg_gen_shli_i32(tmp, tmp, shift);
   8743                         }
   8744                         tmp2 = tcg_const_i32(imm);
   8745                         if (op & 4) {
   8746                             /* Unsigned.  */
   8747                             if ((op & 1) && shift == 0)
   8748                                 gen_helper_usat16(tmp, cpu_env, tmp, tmp2);
   8749                             else
   8750                                 gen_helper_usat(tmp, cpu_env, tmp, tmp2);
   8751                         } else {
   8752                             /* Signed.  */
   8753                             if ((op & 1) && shift == 0)
   8754                                 gen_helper_ssat16(tmp, cpu_env, tmp, tmp2);
   8755                             else
   8756                                 gen_helper_ssat(tmp, cpu_env, tmp, tmp2);
   8757                         }
   8758                         tcg_temp_free_i32(tmp2);
   8759                         break;
   8760                     }
   8761                     store_reg(s, rd, tmp);
   8762                 } else {
   8763                     imm = ((insn & 0x04000000) >> 15)
   8764                           | ((insn & 0x7000) >> 4) | (insn & 0xff);
   8765                     if (insn & (1 << 22)) {
   8766                         /* 16-bit immediate.  */
   8767                         imm |= (insn >> 4) & 0xf000;
   8768                         if (insn & (1 << 23)) {
   8769                             /* movt */
   8770                             tmp = load_reg(s, rd);
   8771                             tcg_gen_ext16u_i32(tmp, tmp);
   8772                             tcg_gen_ori_i32(tmp, tmp, imm << 16);
   8773                         } else {
   8774                             /* movw */
   8775                             tmp = tcg_temp_new_i32();
   8776                             tcg_gen_movi_i32(tmp, imm);
   8777                         }
   8778                     } else {
   8779                         /* Add/sub 12-bit immediate.  */
   8780                         if (rn == 15) {
   8781                             offset = s->pc & ~(uint32_t)3;
   8782                             if (insn & (1 << 23))
   8783                                 offset -= imm;
   8784                             else
   8785                                 offset += imm;
   8786                             tmp = tcg_temp_new_i32();
   8787                             tcg_gen_movi_i32(tmp, offset);
   8788                         } else {
   8789                             tmp = load_reg(s, rn);
   8790                             if (insn & (1 << 23))
   8791                                 tcg_gen_subi_i32(tmp, tmp, imm);
   8792                             else
   8793                                 tcg_gen_addi_i32(tmp, tmp, imm);
   8794                         }
   8795                     }
   8796                     store_reg(s, rd, tmp);
   8797                 }
   8798             } else {
   8799                 int shifter_out = 0;
   8800                 /* modified 12-bit immediate.  */
   8801                 shift = ((insn & 0x04000000) >> 23) | ((insn & 0x7000) >> 12);
   8802                 imm = (insn & 0xff);
   8803                 switch (shift) {
   8804                 case 0: /* XY */
   8805                     /* Nothing to do.  */
   8806                     break;
   8807                 case 1: /* 00XY00XY */
   8808                     imm |= imm << 16;
   8809                     break;
   8810                 case 2: /* XY00XY00 */
   8811                     imm |= imm << 16;
   8812                     imm <<= 8;
   8813                     break;
   8814                 case 3: /* XYXYXYXY */
   8815                     imm |= imm << 16;
   8816                     imm |= imm << 8;
   8817                     break;
   8818                 default: /* Rotated constant.  */
   8819                     shift = (shift << 1) | (imm >> 7);
   8820                     imm |= 0x80;
   8821                     imm = imm << (32 - shift);
   8822                     shifter_out = 1;
   8823                     break;
   8824                 }
   8825                 tmp2 = tcg_temp_new_i32();
   8826                 tcg_gen_movi_i32(tmp2, imm);
   8827                 rn = (insn >> 16) & 0xf;
   8828                 if (rn == 15) {
   8829                     tmp = tcg_temp_new_i32();
   8830                     tcg_gen_movi_i32(tmp, 0);
   8831                 } else {
   8832                     tmp = load_reg(s, rn);
   8833                 }
   8834                 op = (insn >> 21) & 0xf;
   8835                 if (gen_thumb2_data_op(s, op, (insn & (1 << 20)) != 0,
   8836                                        shifter_out, tmp, tmp2))
   8837                     goto illegal_op;
   8838                 tcg_temp_free_i32(tmp2);
   8839                 rd = (insn >> 8) & 0xf;
   8840                 if (rd != 15) {
   8841                     store_reg(s, rd, tmp);
   8842                 } else {
   8843                     tcg_temp_free_i32(tmp);
   8844                 }
   8845             }
   8846         }
   8847         break;
   8848     case 12: /* Load/store single data item.  */
   8849         {
   8850         int postinc = 0;
   8851         int writeback = 0;
   8852         int user;
   8853         if ((insn & 0x01100000) == 0x01000000) {
   8854             if (disas_neon_ls_insn(env, s, insn))
   8855                 goto illegal_op;
   8856             break;
   8857         }
   8858         op = ((insn >> 21) & 3) | ((insn >> 22) & 4);
   8859         if (rs == 15) {
   8860             if (!(insn & (1 << 20))) {
   8861                 goto illegal_op;
   8862             }
   8863             if (op != 2) {
   8864                 /* Byte or halfword load space with dest == r15 : memory hints.
   8865                  * Catch them early so we don't emit pointless addressing code.
   8866                  * This space is a mix of:
   8867                  *  PLD/PLDW/PLI,  which we implement as NOPs (note that unlike
   8868                  *     the ARM encodings, PLDW space doesn't UNDEF for non-v7MP
   8869                  *     cores)
   8870                  *  unallocated hints, which must be treated as NOPs
   8871                  *  UNPREDICTABLE space, which we NOP or UNDEF depending on
   8872                  *     which is easiest for the decoding logic
   8873                  *  Some space which must UNDEF
   8874                  */
   8875                 int op1 = (insn >> 23) & 3;
   8876                 int op2 = (insn >> 6) & 0x3f;
   8877                 if (op & 2) {
   8878                     goto illegal_op;
   8879                 }
   8880                 if (rn == 15) {
   8881                     /* UNPREDICTABLE or unallocated hint */
   8882                     return 0;
   8883                 }
   8884                 if (op1 & 1) {
   8885                     return 0; /* PLD* or unallocated hint */
   8886                 }
   8887                 if ((op2 == 0) || ((op2 & 0x3c) == 0x30)) {
   8888                     return 0; /* PLD* or unallocated hint */
   8889                 }
   8890                 /* UNDEF space, or an UNPREDICTABLE */
   8891                 return 1;
   8892             }
   8893         }
   8894         user = IS_USER(s);
   8895         if (rn == 15) {
   8896             addr = tcg_temp_new_i32();
   8897             /* PC relative.  */
   8898             /* s->pc has already been incremented by 4.  */
   8899             imm = s->pc & 0xfffffffc;
   8900             if (insn & (1 << 23))
   8901                 imm += insn & 0xfff;
   8902             else
   8903                 imm -= insn & 0xfff;
   8904             tcg_gen_movi_i32(addr, imm);
   8905         } else {
   8906             addr = load_reg(s, rn);
   8907             if (insn & (1 << 23)) {
   8908                 /* Positive offset.  */
   8909                 imm = insn & 0xfff;
   8910                 tcg_gen_addi_i32(addr, addr, imm);
   8911             } else {
   8912                 imm = insn & 0xff;
   8913                 switch ((insn >> 8) & 0xf) {
   8914                 case 0x0: /* Shifted Register.  */
   8915                     shift = (insn >> 4) & 0xf;
   8916                     if (shift > 3) {
   8917                         tcg_temp_free_i32(addr);
   8918                         goto illegal_op;
   8919                     }
   8920                     tmp = load_reg(s, rm);
   8921                     if (shift)
   8922                         tcg_gen_shli_i32(tmp, tmp, shift);
   8923                     tcg_gen_add_i32(addr, addr, tmp);
   8924                     tcg_temp_free_i32(tmp);
   8925                     break;
   8926                 case 0xc: /* Negative offset.  */
   8927                     tcg_gen_addi_i32(addr, addr, -imm);
   8928                     break;
   8929                 case 0xe: /* User privilege.  */
   8930                     tcg_gen_addi_i32(addr, addr, imm);
   8931                     user = 1;
   8932                     break;
   8933                 case 0x9: /* Post-decrement.  */
   8934                     imm = -imm;
   8935                     /* Fall through.  */
   8936                 case 0xb: /* Post-increment.  */
   8937                     postinc = 1;
   8938                     writeback = 1;
   8939                     break;
   8940                 case 0xd: /* Pre-decrement.  */
   8941                     imm = -imm;
   8942                     /* Fall through.  */
   8943                 case 0xf: /* Pre-increment.  */
   8944                     tcg_gen_addi_i32(addr, addr, imm);
   8945                     writeback = 1;
   8946                     break;
   8947                 default:
   8948                     tcg_temp_free_i32(addr);
   8949                     goto illegal_op;
   8950                 }
   8951             }
   8952         }
   8953         if (insn & (1 << 20)) {
   8954             /* Load.  */
   8955             switch (op) {
   8956             case 0: tmp = gen_ld8u(addr, user); break;
   8957             case 4: tmp = gen_ld8s(addr, user); break;
   8958             case 1: tmp = gen_ld16u(addr, user); break;
   8959             case 5: tmp = gen_ld16s(addr, user); break;
   8960             case 2: tmp = gen_ld32(addr, user); break;
   8961             default:
   8962                 tcg_temp_free_i32(addr);
   8963                 goto illegal_op;
   8964             }
   8965             if (rs == 15) {
   8966                 gen_bx(s, tmp);
   8967             } else {
   8968                 store_reg(s, rs, tmp);
   8969             }
   8970         } else {
   8971             /* Store.  */
   8972             tmp = load_reg(s, rs);
   8973             switch (op) {
   8974             case 0: gen_st8(tmp, addr, user); break;
   8975             case 1: gen_st16(tmp, addr, user); break;
   8976             case 2: gen_st32(tmp, addr, user); break;
   8977             default:
   8978                 tcg_temp_free_i32(addr);
   8979                 goto illegal_op;
   8980             }
   8981         }
   8982         if (postinc)
   8983             tcg_gen_addi_i32(addr, addr, imm);
   8984         if (writeback) {
   8985             store_reg(s, rn, addr);
   8986         } else {
   8987             tcg_temp_free_i32(addr);
   8988         }
   8989         }
   8990         break;
   8991     default:
   8992         goto illegal_op;
   8993     }
   8994     return 0;
   8995 illegal_op:
   8996     return 1;
   8997 }
   8998 
   8999 static void disas_thumb_insn(CPUARMState *env, DisasContext *s)
   9000 {
   9001     uint32_t val, insn, op, rm, rn, rd, shift, cond;
   9002     int32_t offset;
   9003     int i;
   9004     TCGv tmp;
   9005     TCGv tmp2;
   9006     TCGv addr;
   9007 
   9008     if (s->condexec_mask) {
   9009         cond = s->condexec_cond;
   9010         if (cond != 0x0e) {     /* Skip conditional when condition is AL. */
   9011           s->condlabel = gen_new_label();
   9012           gen_test_cc(cond ^ 1, s->condlabel);
   9013           s->condjmp = 1;
   9014         }
   9015     }
   9016 
   9017     insn = cpu_lduw_code(env, s->pc);
   9018 
   9019     s->pc += 2;
   9020 
   9021     switch (insn >> 12) {
   9022     case 0: case 1:
   9023 
   9024         rd = insn & 7;
   9025         op = (insn >> 11) & 3;
   9026         if (op == 3) {
   9027             /* add/subtract */
   9028             rn = (insn >> 3) & 7;
   9029             tmp = load_reg(s, rn);
   9030             if (insn & (1 << 10)) {
   9031                 /* immediate */
   9032                 tmp2 = tcg_temp_new_i32();
   9033                 tcg_gen_movi_i32(tmp2, (insn >> 6) & 7);
   9034             } else {
   9035                 /* reg */
   9036                 rm = (insn >> 6) & 7;
   9037                 tmp2 = load_reg(s, rm);
   9038             }
   9039             if (insn & (1 << 9)) {
   9040                 if (s->condexec_mask)
   9041                     tcg_gen_sub_i32(tmp, tmp, tmp2);
   9042                 else
   9043                     gen_helper_sub_cc(tmp, cpu_env, tmp, tmp2);
   9044             } else {
   9045                 if (s->condexec_mask)
   9046                     tcg_gen_add_i32(tmp, tmp, tmp2);
   9047                 else
   9048                     gen_helper_add_cc(tmp, cpu_env, tmp, tmp2);
   9049             }
   9050             tcg_temp_free_i32(tmp2);
   9051             store_reg(s, rd, tmp);
   9052         } else {
   9053             /* shift immediate */
   9054             rm = (insn >> 3) & 7;
   9055             shift = (insn >> 6) & 0x1f;
   9056             tmp = load_reg(s, rm);
   9057             gen_arm_shift_im(tmp, op, shift, s->condexec_mask == 0);
   9058             if (!s->condexec_mask)
   9059                 gen_logic_CC(tmp);
   9060             store_reg(s, rd, tmp);
   9061         }
   9062         break;
   9063     case 2: case 3:
   9064         /* arithmetic large immediate */
   9065         op = (insn >> 11) & 3;
   9066         rd = (insn >> 8) & 0x7;
   9067         if (op == 0) { /* mov */
   9068             tmp = tcg_temp_new_i32();
   9069             tcg_gen_movi_i32(tmp, insn & 0xff);
   9070             if (!s->condexec_mask)
   9071                 gen_logic_CC(tmp);
   9072             store_reg(s, rd, tmp);
   9073         } else {
   9074             tmp = load_reg(s, rd);
   9075             tmp2 = tcg_temp_new_i32();
   9076             tcg_gen_movi_i32(tmp2, insn & 0xff);
   9077             switch (op) {
   9078             case 1: /* cmp */
   9079                 gen_helper_sub_cc(tmp, cpu_env, tmp, tmp2);
   9080                 tcg_temp_free_i32(tmp);
   9081                 tcg_temp_free_i32(tmp2);
   9082                 break;
   9083             case 2: /* add */
   9084                 if (s->condexec_mask)
   9085                     tcg_gen_add_i32(tmp, tmp, tmp2);
   9086                 else
   9087                     gen_helper_add_cc(tmp, cpu_env, tmp, tmp2);
   9088                 tcg_temp_free_i32(tmp2);
   9089                 store_reg(s, rd, tmp);
   9090                 break;
   9091             case 3: /* sub */
   9092                 if (s->condexec_mask)
   9093                     tcg_gen_sub_i32(tmp, tmp, tmp2);
   9094                 else
   9095                     gen_helper_sub_cc(tmp, cpu_env, tmp, tmp2);
   9096                 tcg_temp_free_i32(tmp2);
   9097                 store_reg(s, rd, tmp);
   9098                 break;
   9099             }
   9100         }
   9101         break;
   9102     case 4:
   9103         if (insn & (1 << 11)) {
   9104             rd = (insn >> 8) & 7;
   9105             /* load pc-relative.  Bit 1 of PC is ignored.  */
   9106             val = s->pc + 2 + ((insn & 0xff) * 4);
   9107             val &= ~(uint32_t)2;
   9108             addr = tcg_temp_new_i32();
   9109             tcg_gen_movi_i32(addr, val);
   9110             tmp = gen_ld32(addr, IS_USER(s));
   9111             tcg_temp_free_i32(addr);
   9112             store_reg(s, rd, tmp);
   9113             break;
   9114         }
   9115         if (insn & (1 << 10)) {
   9116             /* data processing extended or blx */
   9117             rd = (insn & 7) | ((insn >> 4) & 8);
   9118             rm = (insn >> 3) & 0xf;
   9119             op = (insn >> 8) & 3;
   9120             switch (op) {
   9121             case 0: /* add */
   9122                 tmp = load_reg(s, rd);
   9123                 tmp2 = load_reg(s, rm);
   9124                 tcg_gen_add_i32(tmp, tmp, tmp2);
   9125                 tcg_temp_free_i32(tmp2);
   9126                 store_reg(s, rd, tmp);
   9127                 break;
   9128             case 1: /* cmp */
   9129                 tmp = load_reg(s, rd);
   9130                 tmp2 = load_reg(s, rm);
   9131                 gen_helper_sub_cc(tmp, cpu_env, tmp, tmp2);
   9132                 tcg_temp_free_i32(tmp2);
   9133                 tcg_temp_free_i32(tmp);
   9134                 break;
   9135             case 2: /* mov/cpy */
   9136                 tmp = load_reg(s, rm);
   9137                 store_reg(s, rd, tmp);
   9138                 break;
   9139             case 3:/* branch [and link] exchange thumb register */
   9140                 tmp = load_reg(s, rm);
   9141                 if (insn & (1 << 7)) {
   9142                     ARCH(5);
   9143                     val = (uint32_t)s->pc | 1;
   9144                     tmp2 = tcg_temp_new_i32();
   9145                     tcg_gen_movi_i32(tmp2, val);
   9146                     store_reg(s, 14, tmp2);
   9147                 }
   9148                 /* already thumb, no need to check */
   9149                 gen_bx(s, tmp);
   9150                 break;
   9151             }
   9152             break;
   9153         }
   9154 
   9155         /* data processing register */
   9156         rd = insn & 7;
   9157         rm = (insn >> 3) & 7;
   9158         op = (insn >> 6) & 0xf;
   9159         if (op == 2 || op == 3 || op == 4 || op == 7) {
   9160             /* the shift/rotate ops want the operands backwards */
   9161             val = rm;
   9162             rm = rd;
   9163             rd = val;
   9164             val = 1;
   9165         } else {
   9166             val = 0;
   9167         }
   9168 
   9169         if (op == 9) { /* neg */
   9170             tmp = tcg_temp_new_i32();
   9171             tcg_gen_movi_i32(tmp, 0);
   9172         } else if (op != 0xf) { /* mvn doesn't read its first operand */
   9173             tmp = load_reg(s, rd);
   9174         } else {
   9175             TCGV_UNUSED(tmp);
   9176         }
   9177 
   9178         tmp2 = load_reg(s, rm);
   9179         switch (op) {
   9180         case 0x0: /* and */
   9181             tcg_gen_and_i32(tmp, tmp, tmp2);
   9182             if (!s->condexec_mask)
   9183                 gen_logic_CC(tmp);
   9184             break;
   9185         case 0x1: /* eor */
   9186             tcg_gen_xor_i32(tmp, tmp, tmp2);
   9187             if (!s->condexec_mask)
   9188                 gen_logic_CC(tmp);
   9189             break;
   9190         case 0x2: /* lsl */
   9191             if (s->condexec_mask) {
   9192                 gen_helper_shl(tmp2, tmp2, tmp);
   9193             } else {
   9194                 gen_helper_shl_cc(tmp2, cpu_env, tmp2, tmp);
   9195                 gen_logic_CC(tmp2);
   9196             }
   9197             break;
   9198         case 0x3: /* lsr */
   9199             if (s->condexec_mask) {
   9200                 gen_helper_shr(tmp2, tmp2, tmp);
   9201             } else {
   9202                 gen_helper_shr_cc(tmp2, cpu_env, tmp2, tmp);
   9203                 gen_logic_CC(tmp2);
   9204             }
   9205             break;
   9206         case 0x4: /* asr */
   9207             if (s->condexec_mask) {
   9208                 gen_helper_sar(tmp2, tmp2, tmp);
   9209             } else {
   9210                 gen_helper_sar_cc(tmp2, cpu_env, tmp2, tmp);
   9211                 gen_logic_CC(tmp2);
   9212             }
   9213             break;
   9214         case 0x5: /* adc */
   9215             if (s->condexec_mask)
   9216                 gen_adc(tmp, tmp2);
   9217             else
   9218                 gen_helper_adc_cc(tmp, cpu_env, tmp, tmp2);
   9219             break;
   9220         case 0x6: /* sbc */
   9221             if (s->condexec_mask)
   9222                 gen_sub_carry(tmp, tmp, tmp2);
   9223             else
   9224                 gen_helper_sbc_cc(tmp, cpu_env, tmp, tmp2);
   9225             break;
   9226         case 0x7: /* ror */
   9227             if (s->condexec_mask) {
   9228                 tcg_gen_andi_i32(tmp, tmp, 0x1f);
   9229                 tcg_gen_rotr_i32(tmp2, tmp2, tmp);
   9230             } else {
   9231                 gen_helper_ror_cc(tmp2, cpu_env, tmp2, tmp);
   9232                 gen_logic_CC(tmp2);
   9233             }
   9234             break;
   9235         case 0x8: /* tst */
   9236             tcg_gen_and_i32(tmp, tmp, tmp2);
   9237             gen_logic_CC(tmp);
   9238             rd = 16;
   9239             break;
   9240         case 0x9: /* neg */
   9241             if (s->condexec_mask)
   9242                 tcg_gen_neg_i32(tmp, tmp2);
   9243             else
   9244                 gen_helper_sub_cc(tmp, cpu_env, tmp, tmp2);
   9245             break;
   9246         case 0xa: /* cmp */
   9247             gen_helper_sub_cc(tmp, cpu_env, tmp, tmp2);
   9248             rd = 16;
   9249             break;
   9250         case 0xb: /* cmn */
   9251             gen_helper_add_cc(tmp, cpu_env, tmp, tmp2);
   9252             rd = 16;
   9253             break;
   9254         case 0xc: /* orr */
   9255             tcg_gen_or_i32(tmp, tmp, tmp2);
   9256             if (!s->condexec_mask)
   9257                 gen_logic_CC(tmp);
   9258             break;
   9259         case 0xd: /* mul */
   9260             tcg_gen_mul_i32(tmp, tmp, tmp2);
   9261             if (!s->condexec_mask)
   9262                 gen_logic_CC(tmp);
   9263             break;
   9264         case 0xe: /* bic */
   9265             tcg_gen_andc_i32(tmp, tmp, tmp2);
   9266             if (!s->condexec_mask)
   9267                 gen_logic_CC(tmp);
   9268             break;
   9269         case 0xf: /* mvn */
   9270             tcg_gen_not_i32(tmp2, tmp2);
   9271             if (!s->condexec_mask)
   9272                 gen_logic_CC(tmp2);
   9273             val = 1;
   9274             rm = rd;
   9275             break;
   9276         }
   9277         if (rd != 16) {
   9278             if (val) {
   9279                 store_reg(s, rm, tmp2);
   9280                 if (op != 0xf)
   9281                     tcg_temp_free_i32(tmp);
   9282             } else {
   9283                 store_reg(s, rd, tmp);
   9284                 tcg_temp_free_i32(tmp2);
   9285             }
   9286         } else {
   9287             tcg_temp_free_i32(tmp);
   9288             tcg_temp_free_i32(tmp2);
   9289         }
   9290         break;
   9291 
   9292     case 5:
   9293         /* load/store register offset.  */
   9294         rd = insn & 7;
   9295         rn = (insn >> 3) & 7;
   9296         rm = (insn >> 6) & 7;
   9297         op = (insn >> 9) & 7;
   9298         addr = load_reg(s, rn);
   9299         tmp = load_reg(s, rm);
   9300         tcg_gen_add_i32(addr, addr, tmp);
   9301         tcg_temp_free_i32(tmp);
   9302 
   9303         if (op < 3) /* store */
   9304             tmp = load_reg(s, rd);
   9305 
   9306         switch (op) {
   9307         case 0: /* str */
   9308             gen_st32(tmp, addr, IS_USER(s));
   9309             break;
   9310         case 1: /* strh */
   9311             gen_st16(tmp, addr, IS_USER(s));
   9312             break;
   9313         case 2: /* strb */
   9314             gen_st8(tmp, addr, IS_USER(s));
   9315             break;
   9316         case 3: /* ldrsb */
   9317             tmp = gen_ld8s(addr, IS_USER(s));
   9318             break;
   9319         case 4: /* ldr */
   9320             tmp = gen_ld32(addr, IS_USER(s));
   9321             break;
   9322         case 5: /* ldrh */
   9323             tmp = gen_ld16u(addr, IS_USER(s));
   9324             break;
   9325         case 6: /* ldrb */
   9326             tmp = gen_ld8u(addr, IS_USER(s));
   9327             break;
   9328         case 7: /* ldrsh */
   9329             tmp = gen_ld16s(addr, IS_USER(s));
   9330             break;
   9331         }
   9332         if (op >= 3) /* load */
   9333             store_reg(s, rd, tmp);
   9334         tcg_temp_free_i32(addr);
   9335         break;
   9336 
   9337     case 6:
   9338         /* load/store word immediate offset */
   9339         rd = insn & 7;
   9340         rn = (insn >> 3) & 7;
   9341         addr = load_reg(s, rn);
   9342         val = (insn >> 4) & 0x7c;
   9343         tcg_gen_addi_i32(addr, addr, val);
   9344 
   9345         if (insn & (1 << 11)) {
   9346             /* load */
   9347             tmp = gen_ld32(addr, IS_USER(s));
   9348             store_reg(s, rd, tmp);
   9349         } else {
   9350             /* store */
   9351             tmp = load_reg(s, rd);
   9352             gen_st32(tmp, addr, IS_USER(s));
   9353         }
   9354         tcg_temp_free_i32(addr);
   9355         break;
   9356 
   9357     case 7:
   9358         /* load/store byte immediate offset */
   9359         rd = insn & 7;
   9360         rn = (insn >> 3) & 7;
   9361         addr = load_reg(s, rn);
   9362         val = (insn >> 6) & 0x1f;
   9363         tcg_gen_addi_i32(addr, addr, val);
   9364 
   9365         if (insn & (1 << 11)) {
   9366             /* load */
   9367             tmp = gen_ld8u(addr, IS_USER(s));
   9368             store_reg(s, rd, tmp);
   9369         } else {
   9370             /* store */
   9371             tmp = load_reg(s, rd);
   9372             gen_st8(tmp, addr, IS_USER(s));
   9373         }
   9374         tcg_temp_free_i32(addr);
   9375         break;
   9376 
   9377     case 8:
   9378         /* load/store halfword immediate offset */
   9379         rd = insn & 7;
   9380         rn = (insn >> 3) & 7;
   9381         addr = load_reg(s, rn);
   9382         val = (insn >> 5) & 0x3e;
   9383         tcg_gen_addi_i32(addr, addr, val);
   9384 
   9385         if (insn & (1 << 11)) {
   9386             /* load */
   9387             tmp = gen_ld16u(addr, IS_USER(s));
   9388             store_reg(s, rd, tmp);
   9389         } else {
   9390             /* store */
   9391             tmp = load_reg(s, rd);
   9392             gen_st16(tmp, addr, IS_USER(s));
   9393         }
   9394         tcg_temp_free_i32(addr);
   9395         break;
   9396 
   9397     case 9:
   9398         /* load/store from stack */
   9399         rd = (insn >> 8) & 7;
   9400         addr = load_reg(s, 13);
   9401         val = (insn & 0xff) * 4;
   9402         tcg_gen_addi_i32(addr, addr, val);
   9403 
   9404         if (insn & (1 << 11)) {
   9405             /* load */
   9406             tmp = gen_ld32(addr, IS_USER(s));
   9407             store_reg(s, rd, tmp);
   9408         } else {
   9409             /* store */
   9410             tmp = load_reg(s, rd);
   9411             gen_st32(tmp, addr, IS_USER(s));
   9412         }
   9413         tcg_temp_free_i32(addr);
   9414         break;
   9415 
   9416     case 10:
   9417         /* add to high reg */
   9418         rd = (insn >> 8) & 7;
   9419         if (insn & (1 << 11)) {
   9420             /* SP */
   9421             tmp = load_reg(s, 13);
   9422         } else {
   9423             /* PC. bit 1 is ignored.  */
   9424             tmp = tcg_temp_new_i32();
   9425             tcg_gen_movi_i32(tmp, (s->pc + 2) & ~(uint32_t)2);
   9426         }
   9427         val = (insn & 0xff) * 4;
   9428         tcg_gen_addi_i32(tmp, tmp, val);
   9429         store_reg(s, rd, tmp);
   9430         break;
   9431 
   9432     case 11:
   9433         /* misc */
   9434         op = (insn >> 8) & 0xf;
   9435         switch (op) {
   9436         case 0:
   9437             /* adjust stack pointer */
   9438             tmp = load_reg(s, 13);
   9439             val = (insn & 0x7f) * 4;
   9440             if (insn & (1 << 7))
   9441                 val = -(int32_t)val;
   9442             tcg_gen_addi_i32(tmp, tmp, val);
   9443             store_reg(s, 13, tmp);
   9444             break;
   9445 
   9446         case 2: /* sign/zero extend.  */
   9447             ARCH(6);
   9448             rd = insn & 7;
   9449             rm = (insn >> 3) & 7;
   9450             tmp = load_reg(s, rm);
   9451             switch ((insn >> 6) & 3) {
   9452             case 0: gen_sxth(tmp); break;
   9453             case 1: gen_sxtb(tmp); break;
   9454             case 2: gen_uxth(tmp); break;
   9455             case 3: gen_uxtb(tmp); break;
   9456             }
   9457             store_reg(s, rd, tmp);
   9458             break;
   9459         case 4: case 5: case 0xc: case 0xd:
   9460             /* push/pop */
   9461             addr = load_reg(s, 13);
   9462             if (insn & (1 << 8))
   9463                 offset = 4;
   9464             else
   9465                 offset = 0;
   9466             for (i = 0; i < 8; i++) {
   9467                 if (insn & (1 << i))
   9468                     offset += 4;
   9469             }
   9470             if ((insn & (1 << 11)) == 0) {
   9471                 tcg_gen_addi_i32(addr, addr, -offset);
   9472             }
   9473             tmp2 = tcg_const_i32(4);
   9474             for (i = 0; i < 8; i++) {
   9475                 if (insn & (1 << i)) {
   9476                     if (insn & (1 << 11)) {
   9477                         /* pop */
   9478                         tmp = gen_ld32(addr, IS_USER(s));
   9479                         store_reg(s, i, tmp);
   9480                     } else {
   9481                         /* push */
   9482                         tmp = load_reg(s, i);
   9483                         gen_st32(tmp, addr, IS_USER(s));
   9484                     }
   9485                     /* advance to the next address.  */
   9486                     tcg_gen_add_i32(addr, addr, tmp2);
   9487                 }
   9488             }
   9489             TCGV_UNUSED(tmp);
   9490             if (insn & (1 << 8)) {
   9491                 if (insn & (1 << 11)) {
   9492                     /* pop pc */
   9493                     tmp = gen_ld32(addr, IS_USER(s));
   9494                     /* don't set the pc until the rest of the instruction
   9495                        has completed */
   9496                 } else {
   9497                     /* push lr */
   9498                     tmp = load_reg(s, 14);
   9499                     gen_st32(tmp, addr, IS_USER(s));
   9500                 }
   9501                 tcg_gen_add_i32(addr, addr, tmp2);
   9502             }
   9503             tcg_temp_free_i32(tmp2);
   9504             if ((insn & (1 << 11)) == 0) {
   9505                 tcg_gen_addi_i32(addr, addr, -offset);
   9506             }
   9507             /* write back the new stack pointer */
   9508             store_reg(s, 13, addr);
   9509             /* set the new PC value */
   9510             if ((insn & 0x0900) == 0x0900) {
   9511                 store_reg_from_load(env, s, 15, tmp);
   9512             }
   9513             break;
   9514 
   9515         case 1: case 3: case 9: case 11: /* czb */
   9516             rm = insn & 7;
   9517             tmp = load_reg(s, rm);
   9518             s->condlabel = gen_new_label();
   9519             s->condjmp = 1;
   9520             if (insn & (1 << 11))
   9521                 tcg_gen_brcondi_i32(TCG_COND_EQ, tmp, 0, s->condlabel);
   9522             else
   9523                 tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, s->condlabel);
   9524             tcg_temp_free_i32(tmp);
   9525             offset = ((insn & 0xf8) >> 2) | (insn & 0x200) >> 3;
   9526             val = (uint32_t)s->pc + 2;
   9527             val += offset;
   9528             gen_jmp(s, val);
   9529             break;
   9530 
   9531         case 15: /* IT, nop-hint.  */
   9532             if ((insn & 0xf) == 0) {
   9533                 gen_nop_hint(s, (insn >> 4) & 0xf);
   9534                 break;
   9535             }
   9536             /* If Then.  */
   9537             s->condexec_cond = (insn >> 4) & 0xe;
   9538             s->condexec_mask = insn & 0x1f;
   9539             /* No actual code generated for this insn, just setup state.  */
   9540             break;
   9541 
   9542         case 0xe: /* bkpt */
   9543             ARCH(5);
   9544             gen_exception_insn(s, 2, EXCP_BKPT);
   9545             break;
   9546 
   9547         case 0xa: /* rev */
   9548             ARCH(6);
   9549             rn = (insn >> 3) & 0x7;
   9550             rd = insn & 0x7;
   9551             tmp = load_reg(s, rn);
   9552             switch ((insn >> 6) & 3) {
   9553             case 0: tcg_gen_bswap32_i32(tmp, tmp); break;
   9554             case 1: gen_rev16(tmp); break;
   9555             case 3: gen_revsh(tmp); break;
   9556             default: goto illegal_op;
   9557             }
   9558             store_reg(s, rd, tmp);
   9559             break;
   9560 
   9561         case 6: /* cps */
   9562             ARCH(6);
   9563             if (IS_USER(s))
   9564                 break;
   9565             if (IS_M(env)) {
   9566                 tmp = tcg_const_i32((insn & (1 << 4)) != 0);
   9567                 /* PRIMASK */
   9568                 if (insn & 1) {
   9569                     addr = tcg_const_i32(16);
   9570                     gen_helper_v7m_msr(cpu_env, addr, tmp);
   9571                     tcg_temp_free_i32(addr);
   9572                 }
   9573                 /* FAULTMASK */
   9574                 if (insn & 2) {
   9575                     addr = tcg_const_i32(17);
   9576                     gen_helper_v7m_msr(cpu_env, addr, tmp);
   9577                     tcg_temp_free_i32(addr);
   9578                 }
   9579                 tcg_temp_free_i32(tmp);
   9580                 gen_lookup_tb(s);
   9581             } else {
   9582                 if (insn & (1 << 4))
   9583                     shift = CPSR_A | CPSR_I | CPSR_F;
   9584                 else
   9585                     shift = 0;
   9586                 gen_set_psr_im(s, ((insn & 7) << 6), 0, shift);
   9587             }
   9588             break;
   9589 
   9590         default:
   9591             goto undef;
   9592         }
   9593         break;
   9594 
   9595     case 12:
   9596     {
   9597         /* load/store multiple */
   9598         TCGv loaded_var;
   9599         TCGV_UNUSED(loaded_var);
   9600         rn = (insn >> 8) & 0x7;
   9601         addr = load_reg(s, rn);
   9602         for (i = 0; i < 8; i++) {
   9603             if (insn & (1 << i)) {
   9604                 if (insn & (1 << 11)) {
   9605                     /* load */
   9606                     tmp = gen_ld32(addr, IS_USER(s));
   9607                     if (i == rn) {
   9608                         loaded_var = tmp;
   9609                     } else {
   9610                         store_reg(s, i, tmp);
   9611                     }
   9612                 } else {
   9613                     /* store */
   9614                     tmp = load_reg(s, i);
   9615                     gen_st32(tmp, addr, IS_USER(s));
   9616                 }
   9617                 /* advance to the next address */
   9618                 tcg_gen_addi_i32(addr, addr, 4);
   9619             }
   9620         }
   9621         if ((insn & (1 << rn)) == 0) {
   9622             /* base reg not in list: base register writeback */
   9623             store_reg(s, rn, addr);
   9624         } else {
   9625             /* base reg in list: if load, complete it now */
   9626             if (insn & (1 << 11)) {
   9627                 store_reg(s, rn, loaded_var);
   9628             }
   9629             tcg_temp_free_i32(addr);
   9630         }
   9631         break;
   9632     }
   9633     case 13:
   9634         /* conditional branch or swi */
   9635         cond = (insn >> 8) & 0xf;
   9636         if (cond == 0xe)
   9637             goto undef;
   9638 
   9639         if (cond == 0xf) {
   9640             /* swi */
   9641             gen_set_pc_im(s->pc);
   9642             s->is_jmp = DISAS_SWI;
   9643             break;
   9644         }
   9645         /* generate a conditional jump to next instruction */
   9646         s->condlabel = gen_new_label();
   9647         gen_test_cc(cond ^ 1, s->condlabel);
   9648         s->condjmp = 1;
   9649 
   9650         /* jump to the offset */
   9651         val = (uint32_t)s->pc + 2;
   9652         offset = ((int32_t)insn << 24) >> 24;
   9653         val += offset << 1;
   9654         gen_jmp(s, val);
   9655         break;
   9656 
   9657     case 14:
   9658         if (insn & (1 << 11)) {
   9659             if (disas_thumb2_insn(env, s, insn))
   9660               goto undef32;
   9661             break;
   9662         }
   9663         /* unconditional branch */
   9664         val = (uint32_t)s->pc;
   9665         offset = ((int32_t)insn << 21) >> 21;
   9666         val += (offset << 1) + 2;
   9667         gen_jmp(s, val);
   9668         break;
   9669 
   9670     case 15:
   9671         if (disas_thumb2_insn(env, s, insn))
   9672             goto undef32;
   9673         break;
   9674     }
   9675     return;
   9676 undef32:
   9677     gen_exception_insn(s, 4, EXCP_UDEF);
   9678     return;
   9679 illegal_op:
   9680 undef:
   9681     gen_exception_insn(s, 2, EXCP_UDEF);
   9682 }
   9683 
   9684 /* generate intermediate code in gen_opc_buf and gen_opparam_buf for
   9685    basic block 'tb'. If search_pc is TRUE, also generate PC
   9686    information for each intermediate instruction. */
   9687 static inline void gen_intermediate_code_internal(CPUARMState *env,
   9688                                                   TranslationBlock *tb,
   9689                                                   int search_pc)
   9690 {
   9691     DisasContext dc1, *dc = &dc1;
   9692     CPUBreakpoint *bp;
   9693     uint16_t *gen_opc_end;
   9694     int j, lj;
   9695     target_ulong pc_start;
   9696     uint32_t next_page_start;
   9697     int num_insns;
   9698     int max_insns;
   9699 
   9700     /* generate intermediate code */
   9701     pc_start = tb->pc;
   9702 
   9703     dc->tb = tb;
   9704 
   9705     gen_opc_end = tcg_ctx.gen_opc_buf + OPC_MAX_SIZE;
   9706 
   9707     dc->is_jmp = DISAS_NEXT;
   9708     dc->pc = pc_start;
   9709     dc->singlestep_enabled = ENV_GET_CPU(env)->singlestep_enabled;
   9710     dc->condjmp = 0;
   9711     dc->thumb = ARM_TBFLAG_THUMB(tb->flags);
   9712     dc->condexec_mask = (ARM_TBFLAG_CONDEXEC(tb->flags) & 0xf) << 1;
   9713     dc->condexec_cond = ARM_TBFLAG_CONDEXEC(tb->flags) >> 4;
   9714 #if !defined(CONFIG_USER_ONLY)
   9715     dc->user = (ARM_TBFLAG_PRIV(tb->flags) == 0);
   9716 #endif
   9717     dc->vfp_enabled = ARM_TBFLAG_VFPEN(tb->flags);
   9718     dc->vec_len = ARM_TBFLAG_VECLEN(tb->flags);
   9719     dc->vec_stride = ARM_TBFLAG_VECSTRIDE(tb->flags);
   9720     cpu_F0s = tcg_temp_new_i32();
   9721     cpu_F1s = tcg_temp_new_i32();
   9722     cpu_F0d = tcg_temp_new_i64();
   9723     cpu_F1d = tcg_temp_new_i64();
   9724     cpu_V0 = cpu_F0d;
   9725     cpu_V1 = cpu_F1d;
   9726     /* FIXME: cpu_M0 can probably be the same as cpu_V0.  */
   9727     cpu_M0 = tcg_temp_new_i64();
   9728     next_page_start = (pc_start & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE;
   9729     lj = -1;
   9730     num_insns = 0;
   9731     max_insns = tb->cflags & CF_COUNT_MASK;
   9732     if (max_insns == 0)
   9733         max_insns = CF_COUNT_MASK;
   9734 
   9735     gen_icount_start();
   9736 
   9737     tcg_clear_temp_count();
   9738 
   9739     /* A note on handling of the condexec (IT) bits:
   9740      *
   9741      * We want to avoid the overhead of having to write the updated condexec
   9742      * bits back to the CPUARMState for every instruction in an IT block. So:
   9743      * (1) if the condexec bits are not already zero then we write
   9744      * zero back into the CPUARMState now. This avoids complications trying
   9745      * to do it at the end of the block. (For example if we don't do this
   9746      * it's hard to identify whether we can safely skip writing condexec
   9747      * at the end of the TB, which we definitely want to do for the case
   9748      * where a TB doesn't do anything with the IT state at all.)
   9749      * (2) if we are going to leave the TB then we call gen_set_condexec()
   9750      * which will write the correct value into CPUARMState if zero is wrong.
   9751      * This is done both for leaving the TB at the end, and for leaving
   9752      * it because of an exception we know will happen, which is done in
   9753      * gen_exception_insn(). The latter is necessary because we need to
   9754      * leave the TB with the PC/IT state just prior to execution of the
   9755      * instruction which caused the exception.
   9756      * (3) if we leave the TB unexpectedly (eg a data abort on a load)
   9757      * then the CPUARMState will be wrong and we need to reset it.
   9758      * This is handled in the same way as restoration of the
   9759      * PC in these situations: we will be called again with search_pc=1
   9760      * and generate a mapping of the condexec bits for each PC in
   9761      * gen_opc_condexec_bits[]. restore_state_to_opc() then uses
   9762      * this to restore the condexec bits.
   9763      *
   9764      * Note that there are no instructions which can read the condexec
   9765      * bits, and none which can write non-static values to them, so
   9766      * we don't need to care about whether CPUARMState is correct in the
   9767      * middle of a TB.
   9768      */
   9769 
   9770     /* Reset the conditional execution bits immediately. This avoids
   9771        complications trying to do it at the end of the block.  */
   9772     if (dc->condexec_mask || dc->condexec_cond)
   9773       {
   9774         TCGv tmp = tcg_temp_new_i32();
   9775         tcg_gen_movi_i32(tmp, 0);
   9776         store_cpu_field(tmp, condexec_bits);
   9777       }
   9778     do {
   9779 #ifdef CONFIG_USER_ONLY
   9780         /* Intercept jump to the magic kernel page.  */
   9781         if (dc->pc >= 0xffff0000) {
   9782             /* We always get here via a jump, so know we are not in a
   9783                conditional execution block.  */
   9784             gen_exception(EXCP_KERNEL_TRAP);
   9785             dc->is_jmp = DISAS_UPDATE;
   9786             break;
   9787         }
   9788 #else
   9789         if (dc->pc >= 0xfffffff0 && IS_M(env)) {
   9790             /* We always get here via a jump, so know we are not in a
   9791                conditional execution block.  */
   9792             gen_exception(EXCP_EXCEPTION_EXIT);
   9793             dc->is_jmp = DISAS_UPDATE;
   9794             break;
   9795         }
   9796 #endif
   9797 
   9798         if (unlikely(!QTAILQ_EMPTY(&env->breakpoints))) {
   9799             QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
   9800                 if (bp->pc == dc->pc) {
   9801                     gen_exception_insn(dc, 0, EXCP_DEBUG);
   9802                     /* Advance PC so that clearing the breakpoint will
   9803                        invalidate this TB.  */
   9804                     dc->pc += 2;
   9805                     goto done_generating;
   9806                     break;
   9807                 }
   9808             }
   9809         }
   9810 
   9811         if (search_pc) {
   9812             j = tcg_ctx.gen_opc_ptr - tcg_ctx.gen_opc_buf;
   9813             if (lj < j) {
   9814                 lj++;
   9815                 while (lj < j)
   9816                     tcg_ctx.gen_opc_instr_start[lj++] = 0;
   9817             }
   9818             tcg_ctx.gen_opc_pc[lj] = dc->pc;
   9819             gen_opc_condexec_bits[lj] = (dc->condexec_cond << 4) | (dc->condexec_mask >> 1);
   9820             tcg_ctx.gen_opc_instr_start[lj] = 1;
   9821             tcg_ctx.gen_opc_icount[lj] = num_insns;
   9822         }
   9823 
   9824         if (num_insns + 1 == max_insns && (tb->cflags & CF_LAST_IO))
   9825             gen_io_start();
   9826 
   9827         if (unlikely(qemu_loglevel_mask(CPU_LOG_TB_OP))) {
   9828             tcg_gen_debug_insn_start(dc->pc);
   9829         }
   9830 
   9831         if (dc->thumb) {
   9832             disas_thumb_insn(env, dc);
   9833             if (dc->condexec_mask) {
   9834                 dc->condexec_cond = (dc->condexec_cond & 0xe)
   9835                                    | ((dc->condexec_mask >> 4) & 1);
   9836                 dc->condexec_mask = (dc->condexec_mask << 1) & 0x1f;
   9837                 if (dc->condexec_mask == 0) {
   9838                     dc->condexec_cond = 0;
   9839                 }
   9840             }
   9841         } else {
   9842             disas_arm_insn(env, dc);
   9843         }
   9844 
   9845         if (dc->condjmp && !dc->is_jmp) {
   9846             gen_set_label(dc->condlabel);
   9847             dc->condjmp = 0;
   9848         }
   9849 
   9850         if (tcg_check_temp_count()) {
   9851             fprintf(stderr, "TCG temporary leak before %08x\n", dc->pc);
   9852         }
   9853 
   9854         /* Translation stops when a conditional branch is encountered.
   9855          * Otherwise the subsequent code could get translated several times.
   9856          * Also stop translation when a page boundary is reached.  This
   9857          * ensures prefetch aborts occur at the right place.  */
   9858         num_insns ++;
   9859     } while (!dc->is_jmp && tcg_ctx.gen_opc_ptr < gen_opc_end &&
   9860              !ENV_GET_CPU(env)->singlestep_enabled &&
   9861              !singlestep &&
   9862              dc->pc < next_page_start &&
   9863              num_insns < max_insns);
   9864 
   9865     if (tb->cflags & CF_LAST_IO) {
   9866         if (dc->condjmp) {
   9867             /* FIXME:  This can theoretically happen with self-modifying
   9868                code.  */
   9869             cpu_abort(env, "IO on conditional branch instruction");
   9870         }
   9871         gen_io_end();
   9872     }
   9873 
   9874     /* At this stage dc->condjmp will only be set when the skipped
   9875        instruction was a conditional branch or trap, and the PC has
   9876        already been written.  */
   9877     if (unlikely(ENV_GET_CPU(env)->singlestep_enabled)) {
   9878         /* Make sure the pc is updated, and raise a debug exception.  */
   9879         if (dc->condjmp) {
   9880             gen_set_condexec(dc);
   9881             if (dc->is_jmp == DISAS_SWI) {
   9882                 gen_exception(EXCP_SWI);
   9883             } else if (dc->is_jmp == DISAS_SMC) {
   9884                 gen_exception(EXCP_SMC);
   9885             } else {
   9886                 gen_exception(EXCP_DEBUG);
   9887             }
   9888             gen_set_label(dc->condlabel);
   9889         }
   9890         if (dc->condjmp || !dc->is_jmp) {
   9891             gen_set_pc_im(dc->pc);
   9892             dc->condjmp = 0;
   9893         }
   9894         gen_set_condexec(dc);
   9895         if (dc->is_jmp == DISAS_SWI && !dc->condjmp) {
   9896             gen_exception(EXCP_SWI);
   9897         } else if (dc->is_jmp == DISAS_SMC && !dc->condjmp) {
   9898             gen_exception(EXCP_SMC);
   9899         } else {
   9900             /* FIXME: Single stepping a WFI insn will not halt
   9901                the CPU.  */
   9902             gen_exception(EXCP_DEBUG);
   9903         }
   9904     } else {
   9905         /* While branches must always occur at the end of an IT block,
   9906            there are a few other things that can cause us to terminate
   9907            the TB in the middel of an IT block:
   9908             - Exception generating instructions (bkpt, swi, undefined).
   9909             - Page boundaries.
   9910             - Hardware watchpoints.
   9911            Hardware breakpoints have already been handled and skip this code.
   9912          */
   9913         gen_set_condexec(dc);
   9914         switch(dc->is_jmp) {
   9915         case DISAS_NEXT:
   9916             gen_goto_tb(dc, 1, dc->pc);
   9917             break;
   9918         default:
   9919         case DISAS_JUMP:
   9920         case DISAS_UPDATE:
   9921             /* indicate that the hash table must be used to find the next TB */
   9922             tcg_gen_exit_tb(0);
   9923             break;
   9924         case DISAS_TB_JUMP:
   9925             /* nothing more to generate */
   9926             break;
   9927         case DISAS_WFI:
   9928             gen_helper_wfi(cpu_env);
   9929             break;
   9930         case DISAS_SWI:
   9931             gen_exception(EXCP_SWI);
   9932             break;
   9933         case DISAS_SMC:
   9934             gen_exception(EXCP_SMC);
   9935             break;
   9936         }
   9937         if (dc->condjmp) {
   9938             gen_set_label(dc->condlabel);
   9939             gen_set_condexec(dc);
   9940             gen_goto_tb(dc, 1, dc->pc);
   9941             dc->condjmp = 0;
   9942         }
   9943     }
   9944 
   9945 done_generating:
   9946     gen_icount_end(tb, num_insns);
   9947     *tcg_ctx.gen_opc_ptr = INDEX_op_end;
   9948 
   9949 #ifdef DEBUG_DISAS
   9950     if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM)) {
   9951         qemu_log("----------------\n");
   9952         qemu_log("IN: %s\n", lookup_symbol(pc_start));
   9953         log_target_disas(env, pc_start, dc->pc - pc_start, dc->thumb);
   9954         qemu_log("\n");
   9955     }
   9956 #endif
   9957     if (search_pc) {
   9958         j = tcg_ctx.gen_opc_ptr - tcg_ctx.gen_opc_buf;
   9959         lj++;
   9960         while (lj <= j)
   9961             tcg_ctx.gen_opc_instr_start[lj++] = 0;
   9962     } else {
   9963         tb->size = dc->pc - pc_start;
   9964         tb->icount = num_insns;
   9965     }
   9966 }
   9967 
   9968 void gen_intermediate_code(CPUARMState *env, TranslationBlock *tb)
   9969 {
   9970     gen_intermediate_code_internal(env, tb, 0);
   9971 }
   9972 
   9973 void gen_intermediate_code_pc(CPUARMState *env, TranslationBlock *tb)
   9974 {
   9975     gen_intermediate_code_internal(env, tb, 1);
   9976 }
   9977 
   9978 static const char *cpu_mode_names[16] = {
   9979   "usr", "fiq", "irq", "svc", "???", "???", "???", "abt",
   9980   "???", "???", "???", "und", "???", "???", "???", "sys"
   9981 };
   9982 
   9983 void cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
   9984                     int flags)
   9985 {
   9986     CPUARMState *env = cpu->env_ptr;
   9987     int i;
   9988 #if 0
   9989     union {
   9990         uint32_t i;
   9991         float s;
   9992     } s0, s1;
   9993     CPU_DoubleU d;
   9994     /* ??? This assumes float64 and double have the same layout.
   9995        Oh well, it's only debug dumps.  */
   9996     union {
   9997         float64 f64;
   9998         double d;
   9999     } d0;
   10000 #endif
   10001     uint32_t psr;
   10002 
   10003     for(i=0;i<16;i++) {
   10004         cpu_fprintf(f, "R%02d=%08x", i, env->regs[i]);
   10005         if ((i % 4) == 3)
   10006             cpu_fprintf(f, "\n");
   10007         else
   10008             cpu_fprintf(f, " ");
   10009     }
   10010     psr = cpsr_read(env);
   10011     cpu_fprintf(f, "PSR=%08x %c%c%c%c %c %s%d\n",
   10012                 psr,
   10013                 psr & (1 << 31) ? 'N' : '-',
   10014                 psr & (1 << 30) ? 'Z' : '-',
   10015                 psr & (1 << 29) ? 'C' : '-',
   10016                 psr & (1 << 28) ? 'V' : '-',
   10017                 psr & CPSR_T ? 'T' : 'A',
   10018                 cpu_mode_names[psr & 0xf], (psr & 0x10) ? 32 : 26);
   10019 
   10020 #if 0
   10021     for (i = 0; i < 16; i++) {
   10022         d.d = env->vfp.regs[i];
   10023         s0.i = d.l.lower;
   10024         s1.i = d.l.upper;
   10025         d0.f64 = d.d;
   10026         cpu_fprintf(f, "s%02d=%08x(%8g) s%02d=%08x(%8g) d%02d=%08x%08x(%8g)\n",
   10027                     i * 2, (int)s0.i, s0.s,
   10028                     i * 2 + 1, (int)s1.i, s1.s,
   10029                     i, (int)(uint32_t)d.l.upper, (int)(uint32_t)d.l.lower,
   10030                     d0.d);
   10031     }
   10032     cpu_fprintf(f, "FPSCR: %08x\n", (int)env->vfp.xregs[ARM_VFP_FPSCR]);
   10033 #endif
   10034 }
   10035 
   10036 void restore_state_to_opc(CPUARMState *env, TranslationBlock *tb, int pc_pos)
   10037 {
   10038     env->regs[15] = tcg_ctx.gen_opc_pc[pc_pos];
   10039     env->condexec_bits = gen_opc_condexec_bits[pc_pos];
   10040 }
   10041