1 /* 2 * ARM translation 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * Copyright (c) 2005-2007 CodeSourcery 6 * Copyright (c) 2007 OpenedHand, Ltd. 7 * 8 * This library is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU Lesser General Public 10 * License as published by the Free Software Foundation; either 11 * version 2.1 of the License, or (at your option) any later version. 12 * 13 * This library is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * Lesser General Public License for more details. 17 * 18 * You should have received a copy of the GNU Lesser General Public 19 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 20 */ 21 #include "qemu/osdep.h" 22 23 #include "translate.h" 24 #include "translate-a32.h" 25 #include "qemu/log.h" 26 #include "arm_ldst.h" 27 #include "semihosting/semihost.h" 28 #include "cpregs.h" 29 #include "exec/helper-proto.h" 30 #include "exec/target_page.h" 31 32 #define HELPER_H "helper.h" 33 #include "exec/helper-info.c.inc" 34 #undef HELPER_H 35 36 #define ENABLE_ARCH_4T arm_dc_feature(s, ARM_FEATURE_V4T) 37 #define ENABLE_ARCH_5 arm_dc_feature(s, ARM_FEATURE_V5) 38 /* currently all emulated v5 cores are also v5TE, so don't bother */ 39 #define ENABLE_ARCH_5TE arm_dc_feature(s, ARM_FEATURE_V5) 40 #define ENABLE_ARCH_5J dc_isar_feature(aa32_jazelle, s) 41 #define ENABLE_ARCH_6 arm_dc_feature(s, ARM_FEATURE_V6) 42 #define ENABLE_ARCH_6K arm_dc_feature(s, ARM_FEATURE_V6K) 43 #define ENABLE_ARCH_6T2 arm_dc_feature(s, ARM_FEATURE_THUMB2) 44 #define ENABLE_ARCH_7 arm_dc_feature(s, ARM_FEATURE_V7) 45 #define ENABLE_ARCH_8 arm_dc_feature(s, ARM_FEATURE_V8) 46 47 /* These are TCG globals which alias CPUARMState fields */ 48 static TCGv_i32 cpu_R[16]; 49 TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF; 50 TCGv_i64 cpu_exclusive_addr; 51 TCGv_i64 cpu_exclusive_val; 52 53 static const char * const regnames[] = 54 { "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7", 55 "r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" }; 56 57 58 /* initialize TCG globals. */ 59 void arm_translate_init(void) 60 { 61 int i; 62 63 for (i = 0; i < 16; i++) { 64 cpu_R[i] = tcg_global_mem_new_i32(tcg_env, 65 offsetof(CPUARMState, regs[i]), 66 regnames[i]); 67 } 68 cpu_CF = tcg_global_mem_new_i32(tcg_env, offsetof(CPUARMState, CF), "CF"); 69 cpu_NF = tcg_global_mem_new_i32(tcg_env, offsetof(CPUARMState, NF), "NF"); 70 cpu_VF = tcg_global_mem_new_i32(tcg_env, offsetof(CPUARMState, VF), "VF"); 71 cpu_ZF = tcg_global_mem_new_i32(tcg_env, offsetof(CPUARMState, ZF), "ZF"); 72 73 cpu_exclusive_addr = tcg_global_mem_new_i64(tcg_env, 74 offsetof(CPUARMState, exclusive_addr), "exclusive_addr"); 75 cpu_exclusive_val = tcg_global_mem_new_i64(tcg_env, 76 offsetof(CPUARMState, exclusive_val), "exclusive_val"); 77 78 a64_translate_init(); 79 } 80 81 uint64_t asimd_imm_const(uint32_t imm, int cmode, int op) 82 { 83 /* Expand the encoded constant as per AdvSIMDExpandImm pseudocode */ 84 switch (cmode) { 85 case 0: case 1: 86 /* no-op */ 87 break; 88 case 2: case 3: 89 imm <<= 8; 90 break; 91 case 4: case 5: 92 imm <<= 16; 93 break; 94 case 6: case 7: 95 imm <<= 24; 96 break; 97 case 8: case 9: 98 imm |= imm << 16; 99 break; 100 case 10: case 11: 101 imm = (imm << 8) | (imm << 24); 102 break; 103 case 12: 104 imm = (imm << 8) | 0xff; 105 break; 106 case 13: 107 imm = (imm << 16) | 0xffff; 108 break; 109 case 14: 110 if (op) { 111 /* 112 * This and cmode == 15 op == 1 are the only cases where 113 * the top and bottom 32 bits of the encoded constant differ. 114 */ 115 uint64_t imm64 = 0; 116 int n; 117 118 for (n = 0; n < 8; n++) { 119 if (imm & (1 << n)) { 120 imm64 |= (0xffULL << (n * 8)); 121 } 122 } 123 return imm64; 124 } 125 imm |= (imm << 8) | (imm << 16) | (imm << 24); 126 break; 127 case 15: 128 if (op) { 129 /* Reserved encoding for AArch32; valid for AArch64 */ 130 uint64_t imm64 = (uint64_t)(imm & 0x3f) << 48; 131 if (imm & 0x80) { 132 imm64 |= 0x8000000000000000ULL; 133 } 134 if (imm & 0x40) { 135 imm64 |= 0x3fc0000000000000ULL; 136 } else { 137 imm64 |= 0x4000000000000000ULL; 138 } 139 return imm64; 140 } 141 imm = ((imm & 0x80) << 24) | ((imm & 0x3f) << 19) 142 | ((imm & 0x40) ? (0x1f << 25) : (1 << 30)); 143 break; 144 } 145 if (op) { 146 imm = ~imm; 147 } 148 return dup_const(MO_32, imm); 149 } 150 151 /* Generate a label used for skipping this instruction */ 152 void arm_gen_condlabel(DisasContext *s) 153 { 154 if (!s->condjmp) { 155 s->condlabel = gen_disas_label(s); 156 s->condjmp = 1; 157 } 158 } 159 160 /* Flags for the disas_set_da_iss info argument: 161 * lower bits hold the Rt register number, higher bits are flags. 162 */ 163 typedef enum ISSInfo { 164 ISSNone = 0, 165 ISSRegMask = 0x1f, 166 ISSInvalid = (1 << 5), 167 ISSIsAcqRel = (1 << 6), 168 ISSIsWrite = (1 << 7), 169 ISSIs16Bit = (1 << 8), 170 } ISSInfo; 171 172 /* 173 * Store var into env + offset to a member with size bytes. 174 * Free var after use. 175 */ 176 void store_cpu_offset(TCGv_i32 var, int offset, int size) 177 { 178 switch (size) { 179 case 1: 180 tcg_gen_st8_i32(var, tcg_env, offset); 181 break; 182 case 4: 183 tcg_gen_st_i32(var, tcg_env, offset); 184 break; 185 default: 186 g_assert_not_reached(); 187 } 188 } 189 190 /* Save the syndrome information for a Data Abort */ 191 static void disas_set_da_iss(DisasContext *s, MemOp memop, ISSInfo issinfo) 192 { 193 uint32_t syn; 194 int sas = memop & MO_SIZE; 195 bool sse = memop & MO_SIGN; 196 bool is_acqrel = issinfo & ISSIsAcqRel; 197 bool is_write = issinfo & ISSIsWrite; 198 bool is_16bit = issinfo & ISSIs16Bit; 199 int srt = issinfo & ISSRegMask; 200 201 if (issinfo & ISSInvalid) { 202 /* Some callsites want to conditionally provide ISS info, 203 * eg "only if this was not a writeback" 204 */ 205 return; 206 } 207 208 if (srt == 15) { 209 /* For AArch32, insns where the src/dest is R15 never generate 210 * ISS information. Catching that here saves checking at all 211 * the call sites. 212 */ 213 return; 214 } 215 216 syn = syn_data_abort_with_iss(0, sas, sse, srt, 0, is_acqrel, 217 0, 0, 0, is_write, 0, is_16bit); 218 disas_set_insn_syndrome(s, syn); 219 } 220 221 static inline int get_a32_user_mem_index(DisasContext *s) 222 { 223 /* Return the core mmu_idx to use for A32/T32 "unprivileged load/store" 224 * insns: 225 * if PL2, UNPREDICTABLE (we choose to implement as if PL0) 226 * otherwise, access as if at PL0. 227 */ 228 switch (s->mmu_idx) { 229 case ARMMMUIdx_E3: 230 case ARMMMUIdx_E30_0: 231 case ARMMMUIdx_E30_3_PAN: 232 return arm_to_core_mmu_idx(ARMMMUIdx_E30_0); 233 case ARMMMUIdx_E2: /* this one is UNPREDICTABLE */ 234 case ARMMMUIdx_E10_0: 235 case ARMMMUIdx_E10_1: 236 case ARMMMUIdx_E10_1_PAN: 237 return arm_to_core_mmu_idx(ARMMMUIdx_E10_0); 238 case ARMMMUIdx_MUser: 239 case ARMMMUIdx_MPriv: 240 return arm_to_core_mmu_idx(ARMMMUIdx_MUser); 241 case ARMMMUIdx_MUserNegPri: 242 case ARMMMUIdx_MPrivNegPri: 243 return arm_to_core_mmu_idx(ARMMMUIdx_MUserNegPri); 244 case ARMMMUIdx_MSUser: 245 case ARMMMUIdx_MSPriv: 246 return arm_to_core_mmu_idx(ARMMMUIdx_MSUser); 247 case ARMMMUIdx_MSUserNegPri: 248 case ARMMMUIdx_MSPrivNegPri: 249 return arm_to_core_mmu_idx(ARMMMUIdx_MSUserNegPri); 250 default: 251 g_assert_not_reached(); 252 } 253 } 254 255 /* The pc_curr difference for an architectural jump. */ 256 static target_long jmp_diff(DisasContext *s, target_long diff) 257 { 258 return diff + (s->thumb ? 4 : 8); 259 } 260 261 static void gen_pc_plus_diff(DisasContext *s, TCGv_i32 var, target_long diff) 262 { 263 assert(s->pc_save != -1); 264 if (tb_cflags(s->base.tb) & CF_PCREL) { 265 tcg_gen_addi_i32(var, cpu_R[15], (s->pc_curr - s->pc_save) + diff); 266 } else { 267 tcg_gen_movi_i32(var, s->pc_curr + diff); 268 } 269 } 270 271 /* Set a variable to the value of a CPU register. */ 272 void load_reg_var(DisasContext *s, TCGv_i32 var, int reg) 273 { 274 if (reg == 15) { 275 gen_pc_plus_diff(s, var, jmp_diff(s, 0)); 276 } else { 277 tcg_gen_mov_i32(var, cpu_R[reg]); 278 } 279 } 280 281 /* 282 * Create a new temp, REG + OFS, except PC is ALIGN(PC, 4). 283 * This is used for load/store for which use of PC implies (literal), 284 * or ADD that implies ADR. 285 */ 286 TCGv_i32 add_reg_for_lit(DisasContext *s, int reg, int ofs) 287 { 288 TCGv_i32 tmp = tcg_temp_new_i32(); 289 290 if (reg == 15) { 291 /* 292 * This address is computed from an aligned PC: 293 * subtract off the low bits. 294 */ 295 gen_pc_plus_diff(s, tmp, jmp_diff(s, ofs - (s->pc_curr & 3))); 296 } else { 297 tcg_gen_addi_i32(tmp, cpu_R[reg], ofs); 298 } 299 return tmp; 300 } 301 302 /* Set a CPU register. The source must be a temporary and will be 303 marked as dead. */ 304 void store_reg(DisasContext *s, int reg, TCGv_i32 var) 305 { 306 uint32_t mask = 0; 307 308 if (reg == 15) { 309 /* 310 * In Thumb mode, we must ignore bit 0. 311 * In ARM mode, for ARMv4 and ARMv5, it is UNPREDICTABLE if bits [1:0] 312 * are not 0b00, but for ARMv6 and above, we must ignore bits [1:0]. 313 * We choose to ignore [1:0] in ARM mode for all architecture versions. 314 */ 315 mask = s->thumb ? 1 : 3; 316 s->base.is_jmp = DISAS_JUMP; 317 s->pc_save = -1; 318 } else if (reg == 13 && arm_dc_feature(s, ARM_FEATURE_M)) { 319 /* For M-profile SP bits [1:0] are always zero */ 320 mask = 3; 321 } 322 tcg_gen_andi_i32(cpu_R[reg], var, ~mask); 323 } 324 325 /* 326 * Variant of store_reg which applies v8M stack-limit checks before updating 327 * SP. If the check fails this will result in an exception being taken. 328 * We disable the stack checks for CONFIG_USER_ONLY because we have 329 * no idea what the stack limits should be in that case. 330 * If stack checking is not being done this just acts like store_reg(). 331 */ 332 static void store_sp_checked(DisasContext *s, TCGv_i32 var) 333 { 334 #ifndef CONFIG_USER_ONLY 335 if (s->v8m_stackcheck) { 336 gen_helper_v8m_stackcheck(tcg_env, var); 337 } 338 #endif 339 store_reg(s, 13, var); 340 } 341 342 /* Value extensions. */ 343 #define gen_uxtb(var) tcg_gen_ext8u_i32(var, var) 344 #define gen_uxth(var) tcg_gen_ext16u_i32(var, var) 345 #define gen_sxtb(var) tcg_gen_ext8s_i32(var, var) 346 #define gen_sxth(var) tcg_gen_ext16s_i32(var, var) 347 348 #define gen_sxtb16(var) gen_helper_sxtb16(var, var) 349 #define gen_uxtb16(var) gen_helper_uxtb16(var, var) 350 351 void gen_set_cpsr(TCGv_i32 var, uint32_t mask) 352 { 353 gen_helper_cpsr_write(tcg_env, var, tcg_constant_i32(mask)); 354 } 355 356 static void gen_rebuild_hflags(DisasContext *s, bool new_el) 357 { 358 bool m_profile = arm_dc_feature(s, ARM_FEATURE_M); 359 360 if (new_el) { 361 if (m_profile) { 362 gen_helper_rebuild_hflags_m32_newel(tcg_env); 363 } else { 364 gen_helper_rebuild_hflags_a32_newel(tcg_env); 365 } 366 } else { 367 TCGv_i32 tcg_el = tcg_constant_i32(s->current_el); 368 if (m_profile) { 369 gen_helper_rebuild_hflags_m32(tcg_env, tcg_el); 370 } else { 371 gen_helper_rebuild_hflags_a32(tcg_env, tcg_el); 372 } 373 } 374 } 375 376 void gen_exception_internal(int excp) 377 { 378 assert(excp_is_internal(excp)); 379 gen_helper_exception_internal(tcg_env, tcg_constant_i32(excp)); 380 } 381 382 static void gen_singlestep_exception(DisasContext *s) 383 { 384 /* We just completed step of an insn. Move from Active-not-pending 385 * to Active-pending, and then also take the swstep exception. 386 * This corresponds to making the (IMPDEF) choice to prioritize 387 * swstep exceptions over asynchronous exceptions taken to an exception 388 * level where debug is disabled. This choice has the advantage that 389 * we do not need to maintain internal state corresponding to the 390 * ISV/EX syndrome bits between completion of the step and generation 391 * of the exception, and our syndrome information is always correct. 392 */ 393 gen_ss_advance(s); 394 gen_swstep_exception(s, 1, s->is_ldex); 395 s->base.is_jmp = DISAS_NORETURN; 396 } 397 398 void clear_eci_state(DisasContext *s) 399 { 400 /* 401 * Clear any ECI/ICI state: used when a load multiple/store 402 * multiple insn executes. 403 */ 404 if (s->eci) { 405 store_cpu_field_constant(0, condexec_bits); 406 s->eci = 0; 407 } 408 } 409 410 static void gen_smul_dual(TCGv_i32 a, TCGv_i32 b) 411 { 412 TCGv_i32 tmp1 = tcg_temp_new_i32(); 413 TCGv_i32 tmp2 = tcg_temp_new_i32(); 414 tcg_gen_ext16s_i32(tmp1, a); 415 tcg_gen_ext16s_i32(tmp2, b); 416 tcg_gen_mul_i32(tmp1, tmp1, tmp2); 417 tcg_gen_sari_i32(a, a, 16); 418 tcg_gen_sari_i32(b, b, 16); 419 tcg_gen_mul_i32(b, b, a); 420 tcg_gen_mov_i32(a, tmp1); 421 } 422 423 /* Byteswap each halfword. */ 424 void gen_rev16(TCGv_i32 dest, TCGv_i32 var) 425 { 426 TCGv_i32 tmp = tcg_temp_new_i32(); 427 TCGv_i32 mask = tcg_constant_i32(0x00ff00ff); 428 tcg_gen_shri_i32(tmp, var, 8); 429 tcg_gen_and_i32(tmp, tmp, mask); 430 tcg_gen_and_i32(var, var, mask); 431 tcg_gen_shli_i32(var, var, 8); 432 tcg_gen_or_i32(dest, var, tmp); 433 } 434 435 /* Byteswap low halfword and sign extend. */ 436 static void gen_revsh(TCGv_i32 dest, TCGv_i32 var) 437 { 438 tcg_gen_bswap16_i32(var, var, TCG_BSWAP_OS); 439 } 440 441 /* Dual 16-bit add. Result placed in t0 and t1 is marked as dead. 442 tmp = (t0 ^ t1) & 0x8000; 443 t0 &= ~0x8000; 444 t1 &= ~0x8000; 445 t0 = (t0 + t1) ^ tmp; 446 */ 447 448 static void gen_add16(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 449 { 450 TCGv_i32 tmp = tcg_temp_new_i32(); 451 tcg_gen_xor_i32(tmp, t0, t1); 452 tcg_gen_andi_i32(tmp, tmp, 0x8000); 453 tcg_gen_andi_i32(t0, t0, ~0x8000); 454 tcg_gen_andi_i32(t1, t1, ~0x8000); 455 tcg_gen_add_i32(t0, t0, t1); 456 tcg_gen_xor_i32(dest, t0, tmp); 457 } 458 459 /* Set N and Z flags from var. */ 460 static inline void gen_logic_CC(TCGv_i32 var) 461 { 462 tcg_gen_mov_i32(cpu_NF, var); 463 tcg_gen_mov_i32(cpu_ZF, var); 464 } 465 466 /* dest = T0 + T1 + CF. */ 467 static void gen_add_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 468 { 469 tcg_gen_add_i32(dest, t0, t1); 470 tcg_gen_add_i32(dest, dest, cpu_CF); 471 } 472 473 /* dest = T0 - T1 + CF - 1. */ 474 static void gen_sub_carry(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 475 { 476 tcg_gen_sub_i32(dest, t0, t1); 477 tcg_gen_add_i32(dest, dest, cpu_CF); 478 tcg_gen_subi_i32(dest, dest, 1); 479 } 480 481 /* dest = T0 + T1. Compute C, N, V and Z flags */ 482 static void gen_add_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 483 { 484 TCGv_i32 tmp = tcg_temp_new_i32(); 485 tcg_gen_movi_i32(tmp, 0); 486 tcg_gen_add2_i32(cpu_NF, cpu_CF, t0, tmp, t1, tmp); 487 tcg_gen_mov_i32(cpu_ZF, cpu_NF); 488 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0); 489 tcg_gen_xor_i32(tmp, t0, t1); 490 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp); 491 tcg_gen_mov_i32(dest, cpu_NF); 492 } 493 494 /* dest = T0 + T1 + CF. Compute C, N, V and Z flags */ 495 static void gen_adc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 496 { 497 TCGv_i32 tmp = tcg_temp_new_i32(); 498 499 tcg_gen_addcio_i32(cpu_NF, cpu_CF, t0, t1, cpu_CF); 500 501 tcg_gen_mov_i32(cpu_ZF, cpu_NF); 502 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0); 503 tcg_gen_xor_i32(tmp, t0, t1); 504 tcg_gen_andc_i32(cpu_VF, cpu_VF, tmp); 505 tcg_gen_mov_i32(dest, cpu_NF); 506 } 507 508 /* dest = T0 - T1. Compute C, N, V and Z flags */ 509 static void gen_sub_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 510 { 511 TCGv_i32 tmp; 512 tcg_gen_sub_i32(cpu_NF, t0, t1); 513 tcg_gen_mov_i32(cpu_ZF, cpu_NF); 514 tcg_gen_setcond_i32(TCG_COND_GEU, cpu_CF, t0, t1); 515 tcg_gen_xor_i32(cpu_VF, cpu_NF, t0); 516 tmp = tcg_temp_new_i32(); 517 tcg_gen_xor_i32(tmp, t0, t1); 518 tcg_gen_and_i32(cpu_VF, cpu_VF, tmp); 519 tcg_gen_mov_i32(dest, cpu_NF); 520 } 521 522 /* dest = T0 + ~T1 + CF. Compute C, N, V and Z flags */ 523 static void gen_sbc_CC(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 524 { 525 TCGv_i32 tmp = tcg_temp_new_i32(); 526 tcg_gen_not_i32(tmp, t1); 527 gen_adc_CC(dest, t0, tmp); 528 } 529 530 #define GEN_SHIFT(name) \ 531 static void gen_##name(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) \ 532 { \ 533 TCGv_i32 tmpd = tcg_temp_new_i32(); \ 534 TCGv_i32 tmp1 = tcg_temp_new_i32(); \ 535 TCGv_i32 zero = tcg_constant_i32(0); \ 536 tcg_gen_andi_i32(tmp1, t1, 0x1f); \ 537 tcg_gen_##name##_i32(tmpd, t0, tmp1); \ 538 tcg_gen_andi_i32(tmp1, t1, 0xe0); \ 539 tcg_gen_movcond_i32(TCG_COND_NE, dest, tmp1, zero, zero, tmpd); \ 540 } 541 GEN_SHIFT(shl) 542 GEN_SHIFT(shr) 543 #undef GEN_SHIFT 544 545 static void gen_sar(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1) 546 { 547 TCGv_i32 tmp1 = tcg_temp_new_i32(); 548 549 tcg_gen_andi_i32(tmp1, t1, 0xff); 550 tcg_gen_umin_i32(tmp1, tmp1, tcg_constant_i32(31)); 551 tcg_gen_sar_i32(dest, t0, tmp1); 552 } 553 554 static void shifter_out_im(TCGv_i32 var, int shift) 555 { 556 tcg_gen_extract_i32(cpu_CF, var, shift, 1); 557 } 558 559 /* Shift by immediate. Includes special handling for shift == 0. */ 560 static inline void gen_arm_shift_im(TCGv_i32 var, int shiftop, 561 int shift, int flags) 562 { 563 switch (shiftop) { 564 case 0: /* LSL */ 565 if (shift != 0) { 566 if (flags) 567 shifter_out_im(var, 32 - shift); 568 tcg_gen_shli_i32(var, var, shift); 569 } 570 break; 571 case 1: /* LSR */ 572 if (shift == 0) { 573 if (flags) { 574 tcg_gen_shri_i32(cpu_CF, var, 31); 575 } 576 tcg_gen_movi_i32(var, 0); 577 } else { 578 if (flags) 579 shifter_out_im(var, shift - 1); 580 tcg_gen_shri_i32(var, var, shift); 581 } 582 break; 583 case 2: /* ASR */ 584 if (shift == 0) 585 shift = 32; 586 if (flags) 587 shifter_out_im(var, shift - 1); 588 if (shift == 32) 589 shift = 31; 590 tcg_gen_sari_i32(var, var, shift); 591 break; 592 case 3: /* ROR/RRX */ 593 if (shift != 0) { 594 if (flags) 595 shifter_out_im(var, shift - 1); 596 tcg_gen_rotri_i32(var, var, shift); break; 597 } else { 598 TCGv_i32 tmp = tcg_temp_new_i32(); 599 tcg_gen_shli_i32(tmp, cpu_CF, 31); 600 if (flags) 601 shifter_out_im(var, 0); 602 tcg_gen_shri_i32(var, var, 1); 603 tcg_gen_or_i32(var, var, tmp); 604 } 605 } 606 }; 607 608 static inline void gen_arm_shift_reg(TCGv_i32 var, int shiftop, 609 TCGv_i32 shift, int flags) 610 { 611 if (flags) { 612 switch (shiftop) { 613 case 0: gen_helper_shl_cc(var, tcg_env, var, shift); break; 614 case 1: gen_helper_shr_cc(var, tcg_env, var, shift); break; 615 case 2: gen_helper_sar_cc(var, tcg_env, var, shift); break; 616 case 3: gen_helper_ror_cc(var, tcg_env, var, shift); break; 617 } 618 } else { 619 switch (shiftop) { 620 case 0: 621 gen_shl(var, var, shift); 622 break; 623 case 1: 624 gen_shr(var, var, shift); 625 break; 626 case 2: 627 gen_sar(var, var, shift); 628 break; 629 case 3: tcg_gen_andi_i32(shift, shift, 0x1f); 630 tcg_gen_rotr_i32(var, var, shift); break; 631 } 632 } 633 } 634 635 /* 636 * Generate a conditional based on ARM condition code cc. 637 * This is common between ARM and Aarch64 targets. 638 */ 639 void arm_test_cc(DisasCompare *cmp, int cc) 640 { 641 TCGv_i32 value; 642 TCGCond cond; 643 644 switch (cc) { 645 case 0: /* eq: Z */ 646 case 1: /* ne: !Z */ 647 cond = TCG_COND_EQ; 648 value = cpu_ZF; 649 break; 650 651 case 2: /* cs: C */ 652 case 3: /* cc: !C */ 653 cond = TCG_COND_NE; 654 value = cpu_CF; 655 break; 656 657 case 4: /* mi: N */ 658 case 5: /* pl: !N */ 659 cond = TCG_COND_LT; 660 value = cpu_NF; 661 break; 662 663 case 6: /* vs: V */ 664 case 7: /* vc: !V */ 665 cond = TCG_COND_LT; 666 value = cpu_VF; 667 break; 668 669 case 8: /* hi: C && !Z */ 670 case 9: /* ls: !C || Z -> !(C && !Z) */ 671 cond = TCG_COND_NE; 672 value = tcg_temp_new_i32(); 673 /* CF is 1 for C, so -CF is an all-bits-set mask for C; 674 ZF is non-zero for !Z; so AND the two subexpressions. */ 675 tcg_gen_neg_i32(value, cpu_CF); 676 tcg_gen_and_i32(value, value, cpu_ZF); 677 break; 678 679 case 10: /* ge: N == V -> N ^ V == 0 */ 680 case 11: /* lt: N != V -> N ^ V != 0 */ 681 /* Since we're only interested in the sign bit, == 0 is >= 0. */ 682 cond = TCG_COND_GE; 683 value = tcg_temp_new_i32(); 684 tcg_gen_xor_i32(value, cpu_VF, cpu_NF); 685 break; 686 687 case 12: /* gt: !Z && N == V */ 688 case 13: /* le: Z || N != V */ 689 cond = TCG_COND_NE; 690 value = tcg_temp_new_i32(); 691 /* (N == V) is equal to the sign bit of ~(NF ^ VF). Propagate 692 * the sign bit then AND with ZF to yield the result. */ 693 tcg_gen_xor_i32(value, cpu_VF, cpu_NF); 694 tcg_gen_sari_i32(value, value, 31); 695 tcg_gen_andc_i32(value, cpu_ZF, value); 696 break; 697 698 case 14: /* always */ 699 case 15: /* always */ 700 /* Use the ALWAYS condition, which will fold early. 701 * It doesn't matter what we use for the value. */ 702 cond = TCG_COND_ALWAYS; 703 value = cpu_ZF; 704 goto no_invert; 705 706 default: 707 fprintf(stderr, "Bad condition code 0x%x\n", cc); 708 abort(); 709 } 710 711 if (cc & 1) { 712 cond = tcg_invert_cond(cond); 713 } 714 715 no_invert: 716 cmp->cond = cond; 717 cmp->value = value; 718 } 719 720 void arm_jump_cc(DisasCompare *cmp, TCGLabel *label) 721 { 722 tcg_gen_brcondi_i32(cmp->cond, cmp->value, 0, label); 723 } 724 725 void arm_gen_test_cc(int cc, TCGLabel *label) 726 { 727 DisasCompare cmp; 728 arm_test_cc(&cmp, cc); 729 arm_jump_cc(&cmp, label); 730 } 731 732 void gen_set_condexec(DisasContext *s) 733 { 734 if (s->condexec_mask) { 735 uint32_t val = (s->condexec_cond << 4) | (s->condexec_mask >> 1); 736 737 store_cpu_field_constant(val, condexec_bits); 738 } 739 } 740 741 void gen_update_pc(DisasContext *s, target_long diff) 742 { 743 gen_pc_plus_diff(s, cpu_R[15], diff); 744 s->pc_save = s->pc_curr + diff; 745 } 746 747 /* Set PC and Thumb state from var. var is marked as dead. */ 748 static inline void gen_bx(DisasContext *s, TCGv_i32 var) 749 { 750 s->base.is_jmp = DISAS_JUMP; 751 tcg_gen_andi_i32(cpu_R[15], var, ~1); 752 tcg_gen_andi_i32(var, var, 1); 753 store_cpu_field(var, thumb); 754 s->pc_save = -1; 755 } 756 757 /* 758 * Set PC and Thumb state from var. var is marked as dead. 759 * For M-profile CPUs, include logic to detect exception-return 760 * branches and handle them. This is needed for Thumb POP/LDM to PC, LDR to PC, 761 * and BX reg, and no others, and happens only for code in Handler mode. 762 * The Security Extension also requires us to check for the FNC_RETURN 763 * which signals a function return from non-secure state; this can happen 764 * in both Handler and Thread mode. 765 * To avoid having to do multiple comparisons in inline generated code, 766 * we make the check we do here loose, so it will match for EXC_RETURN 767 * in Thread mode. For system emulation do_v7m_exception_exit() checks 768 * for these spurious cases and returns without doing anything (giving 769 * the same behaviour as for a branch to a non-magic address). 770 * 771 * In linux-user mode it is unclear what the right behaviour for an 772 * attempted FNC_RETURN should be, because in real hardware this will go 773 * directly to Secure code (ie not the Linux kernel) which will then treat 774 * the error in any way it chooses. For QEMU we opt to make the FNC_RETURN 775 * attempt behave the way it would on a CPU without the security extension, 776 * which is to say "like a normal branch". That means we can simply treat 777 * all branches as normal with no magic address behaviour. 778 */ 779 static inline void gen_bx_excret(DisasContext *s, TCGv_i32 var) 780 { 781 /* Generate the same code here as for a simple bx, but flag via 782 * s->base.is_jmp that we need to do the rest of the work later. 783 */ 784 gen_bx(s, var); 785 #ifndef CONFIG_USER_ONLY 786 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY) || 787 (s->v7m_handler_mode && arm_dc_feature(s, ARM_FEATURE_M))) { 788 s->base.is_jmp = DISAS_BX_EXCRET; 789 } 790 #endif 791 } 792 793 static inline void gen_bx_excret_final_code(DisasContext *s) 794 { 795 /* Generate the code to finish possible exception return and end the TB */ 796 DisasLabel excret_label = gen_disas_label(s); 797 uint32_t min_magic; 798 799 if (arm_dc_feature(s, ARM_FEATURE_M_SECURITY)) { 800 /* Covers FNC_RETURN and EXC_RETURN magic */ 801 min_magic = FNC_RETURN_MIN_MAGIC; 802 } else { 803 /* EXC_RETURN magic only */ 804 min_magic = EXC_RETURN_MIN_MAGIC; 805 } 806 807 /* Is the new PC value in the magic range indicating exception return? */ 808 tcg_gen_brcondi_i32(TCG_COND_GEU, cpu_R[15], min_magic, excret_label.label); 809 /* No: end the TB as we would for a DISAS_JMP */ 810 if (s->ss_active) { 811 gen_singlestep_exception(s); 812 } else { 813 tcg_gen_exit_tb(NULL, 0); 814 } 815 set_disas_label(s, excret_label); 816 /* Yes: this is an exception return. 817 * At this point in runtime env->regs[15] and env->thumb will hold 818 * the exception-return magic number, which do_v7m_exception_exit() 819 * will read. Nothing else will be able to see those values because 820 * the cpu-exec main loop guarantees that we will always go straight 821 * from raising the exception to the exception-handling code. 822 * 823 * gen_ss_advance(s) does nothing on M profile currently but 824 * calling it is conceptually the right thing as we have executed 825 * this instruction (compare SWI, HVC, SMC handling). 826 */ 827 gen_ss_advance(s); 828 gen_exception_internal(EXCP_EXCEPTION_EXIT); 829 } 830 831 static inline void gen_bxns(DisasContext *s, int rm) 832 { 833 TCGv_i32 var = load_reg(s, rm); 834 835 /* The bxns helper may raise an EXCEPTION_EXIT exception, so in theory 836 * we need to sync state before calling it, but: 837 * - we don't need to do gen_update_pc() because the bxns helper will 838 * always set the PC itself 839 * - we don't need to do gen_set_condexec() because BXNS is UNPREDICTABLE 840 * unless it's outside an IT block or the last insn in an IT block, 841 * so we know that condexec == 0 (already set at the top of the TB) 842 * is correct in the non-UNPREDICTABLE cases, and we can choose 843 * "zeroes the IT bits" as our UNPREDICTABLE behaviour otherwise. 844 */ 845 gen_helper_v7m_bxns(tcg_env, var); 846 s->base.is_jmp = DISAS_EXIT; 847 } 848 849 static inline void gen_blxns(DisasContext *s, int rm) 850 { 851 TCGv_i32 var = load_reg(s, rm); 852 853 /* We don't need to sync condexec state, for the same reason as bxns. 854 * We do however need to set the PC, because the blxns helper reads it. 855 * The blxns helper may throw an exception. 856 */ 857 gen_update_pc(s, curr_insn_len(s)); 858 gen_helper_v7m_blxns(tcg_env, var); 859 s->base.is_jmp = DISAS_EXIT; 860 } 861 862 /* Variant of store_reg which uses branch&exchange logic when storing 863 to r15 in ARM architecture v7 and above. The source must be a temporary 864 and will be marked as dead. */ 865 static inline void store_reg_bx(DisasContext *s, int reg, TCGv_i32 var) 866 { 867 if (reg == 15 && ENABLE_ARCH_7) { 868 gen_bx(s, var); 869 } else { 870 store_reg(s, reg, var); 871 } 872 } 873 874 /* Variant of store_reg which uses branch&exchange logic when storing 875 * to r15 in ARM architecture v5T and above. This is used for storing 876 * the results of a LDR/LDM/POP into r15, and corresponds to the cases 877 * in the ARM ARM which use the LoadWritePC() pseudocode function. */ 878 static inline void store_reg_from_load(DisasContext *s, int reg, TCGv_i32 var) 879 { 880 if (reg == 15 && ENABLE_ARCH_5) { 881 gen_bx_excret(s, var); 882 } else { 883 store_reg(s, reg, var); 884 } 885 } 886 887 #ifdef CONFIG_USER_ONLY 888 #define IS_USER_ONLY 1 889 #else 890 #define IS_USER_ONLY 0 891 #endif 892 893 MemOp pow2_align(unsigned i) 894 { 895 static const MemOp mop_align[] = { 896 0, MO_ALIGN_2, MO_ALIGN_4, MO_ALIGN_8, MO_ALIGN_16, MO_ALIGN_32 897 }; 898 g_assert(i < ARRAY_SIZE(mop_align)); 899 return mop_align[i]; 900 } 901 902 /* 903 * Abstractions of "generate code to do a guest load/store for 904 * AArch32", where a vaddr is always 32 bits (and is zero 905 * extended if we're a 64 bit core) and data is also 906 * 32 bits unless specifically doing a 64 bit access. 907 * These functions work like tcg_gen_qemu_{ld,st}* except 908 * that the address argument is TCGv_i32 rather than TCGv. 909 */ 910 911 static TCGv gen_aa32_addr(DisasContext *s, TCGv_i32 a32, MemOp op) 912 { 913 TCGv addr = tcg_temp_new(); 914 tcg_gen_extu_i32_tl(addr, a32); 915 916 /* Not needed for user-mode BE32, where we use MO_BE instead. */ 917 if (!IS_USER_ONLY && s->sctlr_b && (op & MO_SIZE) < MO_32) { 918 tcg_gen_xori_tl(addr, addr, 4 - (1 << (op & MO_SIZE))); 919 } 920 return addr; 921 } 922 923 /* 924 * Internal routines are used for NEON cases where the endianness 925 * and/or alignment has already been taken into account and manipulated. 926 */ 927 void gen_aa32_ld_internal_i32(DisasContext *s, TCGv_i32 val, 928 TCGv_i32 a32, int index, MemOp opc) 929 { 930 TCGv addr = gen_aa32_addr(s, a32, opc); 931 tcg_gen_qemu_ld_i32(val, addr, index, opc); 932 } 933 934 void gen_aa32_st_internal_i32(DisasContext *s, TCGv_i32 val, 935 TCGv_i32 a32, int index, MemOp opc) 936 { 937 TCGv addr = gen_aa32_addr(s, a32, opc); 938 tcg_gen_qemu_st_i32(val, addr, index, opc); 939 } 940 941 void gen_aa32_ld_internal_i64(DisasContext *s, TCGv_i64 val, 942 TCGv_i32 a32, int index, MemOp opc) 943 { 944 TCGv addr = gen_aa32_addr(s, a32, opc); 945 946 tcg_gen_qemu_ld_i64(val, addr, index, opc); 947 948 /* Not needed for user-mode BE32, where we use MO_BE instead. */ 949 if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) { 950 tcg_gen_rotri_i64(val, val, 32); 951 } 952 } 953 954 void gen_aa32_st_internal_i64(DisasContext *s, TCGv_i64 val, 955 TCGv_i32 a32, int index, MemOp opc) 956 { 957 TCGv addr = gen_aa32_addr(s, a32, opc); 958 959 /* Not needed for user-mode BE32, where we use MO_BE instead. */ 960 if (!IS_USER_ONLY && s->sctlr_b && (opc & MO_SIZE) == MO_64) { 961 TCGv_i64 tmp = tcg_temp_new_i64(); 962 tcg_gen_rotri_i64(tmp, val, 32); 963 tcg_gen_qemu_st_i64(tmp, addr, index, opc); 964 } else { 965 tcg_gen_qemu_st_i64(val, addr, index, opc); 966 } 967 } 968 969 void gen_aa32_ld_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32, 970 int index, MemOp opc) 971 { 972 gen_aa32_ld_internal_i32(s, val, a32, index, finalize_memop(s, opc)); 973 } 974 975 void gen_aa32_st_i32(DisasContext *s, TCGv_i32 val, TCGv_i32 a32, 976 int index, MemOp opc) 977 { 978 gen_aa32_st_internal_i32(s, val, a32, index, finalize_memop(s, opc)); 979 } 980 981 void gen_aa32_ld_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32, 982 int index, MemOp opc) 983 { 984 gen_aa32_ld_internal_i64(s, val, a32, index, finalize_memop(s, opc)); 985 } 986 987 void gen_aa32_st_i64(DisasContext *s, TCGv_i64 val, TCGv_i32 a32, 988 int index, MemOp opc) 989 { 990 gen_aa32_st_internal_i64(s, val, a32, index, finalize_memop(s, opc)); 991 } 992 993 #define DO_GEN_LD(SUFF, OPC) \ 994 static inline void gen_aa32_ld##SUFF(DisasContext *s, TCGv_i32 val, \ 995 TCGv_i32 a32, int index) \ 996 { \ 997 gen_aa32_ld_i32(s, val, a32, index, OPC); \ 998 } 999 1000 #define DO_GEN_ST(SUFF, OPC) \ 1001 static inline void gen_aa32_st##SUFF(DisasContext *s, TCGv_i32 val, \ 1002 TCGv_i32 a32, int index) \ 1003 { \ 1004 gen_aa32_st_i32(s, val, a32, index, OPC); \ 1005 } 1006 1007 static inline void gen_hvc(DisasContext *s, int imm16) 1008 { 1009 /* The pre HVC helper handles cases when HVC gets trapped 1010 * as an undefined insn by runtime configuration (ie before 1011 * the insn really executes). 1012 */ 1013 gen_update_pc(s, 0); 1014 gen_helper_pre_hvc(tcg_env); 1015 /* Otherwise we will treat this as a real exception which 1016 * happens after execution of the insn. (The distinction matters 1017 * for the PC value reported to the exception handler and also 1018 * for single stepping.) 1019 */ 1020 s->svc_imm = imm16; 1021 gen_update_pc(s, curr_insn_len(s)); 1022 s->base.is_jmp = DISAS_HVC; 1023 } 1024 1025 static inline void gen_smc(DisasContext *s) 1026 { 1027 /* As with HVC, we may take an exception either before or after 1028 * the insn executes. 1029 */ 1030 gen_update_pc(s, 0); 1031 gen_helper_pre_smc(tcg_env, tcg_constant_i32(syn_aa32_smc())); 1032 gen_update_pc(s, curr_insn_len(s)); 1033 s->base.is_jmp = DISAS_SMC; 1034 } 1035 1036 static void gen_exception_internal_insn(DisasContext *s, int excp) 1037 { 1038 gen_set_condexec(s); 1039 gen_update_pc(s, 0); 1040 gen_exception_internal(excp); 1041 s->base.is_jmp = DISAS_NORETURN; 1042 } 1043 1044 static void gen_exception_el_v(int excp, uint32_t syndrome, TCGv_i32 tcg_el) 1045 { 1046 gen_helper_exception_with_syndrome_el(tcg_env, tcg_constant_i32(excp), 1047 tcg_constant_i32(syndrome), tcg_el); 1048 } 1049 1050 static void gen_exception_el(int excp, uint32_t syndrome, uint32_t target_el) 1051 { 1052 gen_exception_el_v(excp, syndrome, tcg_constant_i32(target_el)); 1053 } 1054 1055 static void gen_exception(int excp, uint32_t syndrome) 1056 { 1057 gen_helper_exception_with_syndrome(tcg_env, tcg_constant_i32(excp), 1058 tcg_constant_i32(syndrome)); 1059 } 1060 1061 static void gen_exception_insn_el_v(DisasContext *s, target_long pc_diff, 1062 int excp, uint32_t syn, TCGv_i32 tcg_el) 1063 { 1064 if (s->aarch64) { 1065 gen_a64_update_pc(s, pc_diff); 1066 } else { 1067 gen_set_condexec(s); 1068 gen_update_pc(s, pc_diff); 1069 } 1070 gen_exception_el_v(excp, syn, tcg_el); 1071 s->base.is_jmp = DISAS_NORETURN; 1072 } 1073 1074 void gen_exception_insn_el(DisasContext *s, target_long pc_diff, int excp, 1075 uint32_t syn, uint32_t target_el) 1076 { 1077 gen_exception_insn_el_v(s, pc_diff, excp, syn, 1078 tcg_constant_i32(target_el)); 1079 } 1080 1081 void gen_exception_insn(DisasContext *s, target_long pc_diff, 1082 int excp, uint32_t syn) 1083 { 1084 if (s->aarch64) { 1085 gen_a64_update_pc(s, pc_diff); 1086 } else { 1087 gen_set_condexec(s); 1088 gen_update_pc(s, pc_diff); 1089 } 1090 gen_exception(excp, syn); 1091 s->base.is_jmp = DISAS_NORETURN; 1092 } 1093 1094 TCGLabel *delay_exception_el(DisasContext *s, int excp, 1095 uint32_t syn, uint32_t target_el) 1096 { 1097 /* Use tcg_malloc for automatic release on longjmp out of translation. */ 1098 DisasDelayException *e = tcg_malloc(sizeof(DisasDelayException)); 1099 1100 memset(e, 0, sizeof(*e)); 1101 1102 /* Save enough of the current state to satisfy gen_exception_insn. */ 1103 e->pc_curr = s->pc_curr; 1104 e->pc_save = s->pc_save; 1105 if (!s->aarch64) { 1106 e->condexec_cond = s->condexec_cond; 1107 e->condexec_mask = s->condexec_mask; 1108 } 1109 1110 e->excp = excp; 1111 e->syn = syn; 1112 e->target_el = target_el; 1113 1114 e->next = s->delay_excp_list; 1115 s->delay_excp_list = e; 1116 1117 e->lab = gen_new_label(); 1118 return e->lab; 1119 } 1120 1121 TCGLabel *delay_exception(DisasContext *s, int excp, uint32_t syn) 1122 { 1123 return delay_exception_el(s, excp, syn, 0); 1124 } 1125 1126 void emit_delayed_exceptions(DisasContext *s) 1127 { 1128 for (DisasDelayException *e = s->delay_excp_list; e ; e = e->next) { 1129 gen_set_label(e->lab); 1130 1131 /* Restore the insn state to satisfy gen_exception_insn. */ 1132 s->pc_curr = e->pc_curr; 1133 s->pc_save = e->pc_save; 1134 s->condexec_cond = e->condexec_cond; 1135 s->condexec_mask = e->condexec_mask; 1136 1137 if (e->target_el) { 1138 gen_exception_insn_el(s, 0, e->excp, e->syn, e->target_el); 1139 } else { 1140 gen_exception_insn(s, 0, e->excp, e->syn); 1141 } 1142 } 1143 } 1144 1145 static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn) 1146 { 1147 gen_set_condexec(s); 1148 gen_update_pc(s, 0); 1149 gen_helper_exception_bkpt_insn(tcg_env, tcg_constant_i32(syn)); 1150 s->base.is_jmp = DISAS_NORETURN; 1151 } 1152 1153 void unallocated_encoding(DisasContext *s) 1154 { 1155 /* Unallocated and reserved encodings are uncategorized */ 1156 gen_exception_insn(s, 0, EXCP_UDEF, syn_uncategorized()); 1157 } 1158 1159 /* Force a TB lookup after an instruction that changes the CPU state. */ 1160 void gen_lookup_tb(DisasContext *s) 1161 { 1162 gen_pc_plus_diff(s, cpu_R[15], curr_insn_len(s)); 1163 s->base.is_jmp = DISAS_EXIT; 1164 } 1165 1166 static inline void gen_hlt(DisasContext *s, int imm) 1167 { 1168 /* HLT. This has two purposes. 1169 * Architecturally, it is an external halting debug instruction. 1170 * Since QEMU doesn't implement external debug, we treat this as 1171 * it is required for halting debug disabled: it will UNDEF. 1172 * Secondly, "HLT 0x3C" is a T32 semihosting trap instruction, 1173 * and "HLT 0xF000" is an A32 semihosting syscall. These traps 1174 * must trigger semihosting even for ARMv7 and earlier, where 1175 * HLT was an undefined encoding. 1176 * In system mode, we don't allow userspace access to 1177 * semihosting, to provide some semblance of security 1178 * (and for consistency with our 32-bit semihosting). 1179 */ 1180 if (semihosting_enabled(s->current_el == 0) && 1181 (imm == (s->thumb ? 0x3c : 0xf000))) { 1182 gen_exception_internal_insn(s, EXCP_SEMIHOST); 1183 return; 1184 } 1185 1186 unallocated_encoding(s); 1187 } 1188 1189 /* 1190 * Return the offset of a "full" NEON Dreg. 1191 */ 1192 long neon_full_reg_offset(unsigned reg) 1193 { 1194 return offsetof(CPUARMState, vfp.zregs[reg >> 1].d[reg & 1]); 1195 } 1196 1197 /* 1198 * Return the offset of a 2**SIZE piece of a NEON register, at index ELE, 1199 * where 0 is the least significant end of the register. 1200 */ 1201 long neon_element_offset(int reg, int element, MemOp memop) 1202 { 1203 int element_size = 1 << (memop & MO_SIZE); 1204 int ofs = element * element_size; 1205 #if HOST_BIG_ENDIAN 1206 /* 1207 * Calculate the offset assuming fully little-endian, 1208 * then XOR to account for the order of the 8-byte units. 1209 */ 1210 if (element_size < 8) { 1211 ofs ^= 8 - element_size; 1212 } 1213 #endif 1214 return neon_full_reg_offset(reg) + ofs; 1215 } 1216 1217 /* Return the offset of a VFP Dreg (dp = true) or VFP Sreg (dp = false). */ 1218 long vfp_reg_offset(bool dp, unsigned reg) 1219 { 1220 if (dp) { 1221 return neon_element_offset(reg, 0, MO_64); 1222 } else { 1223 return neon_element_offset(reg >> 1, reg & 1, MO_32); 1224 } 1225 } 1226 1227 void read_neon_element32(TCGv_i32 dest, int reg, int ele, MemOp memop) 1228 { 1229 long off = neon_element_offset(reg, ele, memop); 1230 1231 switch (memop) { 1232 case MO_SB: 1233 tcg_gen_ld8s_i32(dest, tcg_env, off); 1234 break; 1235 case MO_UB: 1236 tcg_gen_ld8u_i32(dest, tcg_env, off); 1237 break; 1238 case MO_SW: 1239 tcg_gen_ld16s_i32(dest, tcg_env, off); 1240 break; 1241 case MO_UW: 1242 tcg_gen_ld16u_i32(dest, tcg_env, off); 1243 break; 1244 case MO_UL: 1245 case MO_SL: 1246 tcg_gen_ld_i32(dest, tcg_env, off); 1247 break; 1248 default: 1249 g_assert_not_reached(); 1250 } 1251 } 1252 1253 void read_neon_element64(TCGv_i64 dest, int reg, int ele, MemOp memop) 1254 { 1255 long off = neon_element_offset(reg, ele, memop); 1256 1257 switch (memop) { 1258 case MO_SL: 1259 tcg_gen_ld32s_i64(dest, tcg_env, off); 1260 break; 1261 case MO_UL: 1262 tcg_gen_ld32u_i64(dest, tcg_env, off); 1263 break; 1264 case MO_UQ: 1265 tcg_gen_ld_i64(dest, tcg_env, off); 1266 break; 1267 default: 1268 g_assert_not_reached(); 1269 } 1270 } 1271 1272 void write_neon_element32(TCGv_i32 src, int reg, int ele, MemOp memop) 1273 { 1274 long off = neon_element_offset(reg, ele, memop); 1275 1276 switch (memop) { 1277 case MO_8: 1278 tcg_gen_st8_i32(src, tcg_env, off); 1279 break; 1280 case MO_16: 1281 tcg_gen_st16_i32(src, tcg_env, off); 1282 break; 1283 case MO_32: 1284 tcg_gen_st_i32(src, tcg_env, off); 1285 break; 1286 default: 1287 g_assert_not_reached(); 1288 } 1289 } 1290 1291 void write_neon_element64(TCGv_i64 src, int reg, int ele, MemOp memop) 1292 { 1293 long off = neon_element_offset(reg, ele, memop); 1294 1295 switch (memop) { 1296 case MO_32: 1297 tcg_gen_st32_i64(src, tcg_env, off); 1298 break; 1299 case MO_64: 1300 tcg_gen_st_i64(src, tcg_env, off); 1301 break; 1302 default: 1303 g_assert_not_reached(); 1304 } 1305 } 1306 1307 static void gen_goto_ptr(void) 1308 { 1309 tcg_gen_lookup_and_goto_ptr(); 1310 } 1311 1312 /* This will end the TB but doesn't guarantee we'll return to 1313 * cpu_loop_exec. Any live exit_requests will be processed as we 1314 * enter the next TB. 1315 */ 1316 static void gen_goto_tb(DisasContext *s, unsigned tb_slot_idx, target_long diff) 1317 { 1318 if (translator_use_goto_tb(&s->base, s->pc_curr + diff)) { 1319 /* 1320 * For pcrel, the pc must always be up-to-date on entry to 1321 * the linked TB, so that it can use simple additions for all 1322 * further adjustments. For !pcrel, the linked TB is compiled 1323 * to know its full virtual address, so we can delay the 1324 * update to pc to the unlinked path. A long chain of links 1325 * can thus avoid many updates to the PC. 1326 */ 1327 if (tb_cflags(s->base.tb) & CF_PCREL) { 1328 gen_update_pc(s, diff); 1329 tcg_gen_goto_tb(tb_slot_idx); 1330 } else { 1331 tcg_gen_goto_tb(tb_slot_idx); 1332 gen_update_pc(s, diff); 1333 } 1334 tcg_gen_exit_tb(s->base.tb, tb_slot_idx); 1335 } else { 1336 gen_update_pc(s, diff); 1337 gen_goto_ptr(); 1338 } 1339 s->base.is_jmp = DISAS_NORETURN; 1340 } 1341 1342 /* Jump, specifying which TB number to use if we gen_goto_tb() */ 1343 static void gen_jmp_tb(DisasContext *s, target_long diff, int tbno) 1344 { 1345 if (unlikely(s->ss_active)) { 1346 /* An indirect jump so that we still trigger the debug exception. */ 1347 gen_update_pc(s, diff); 1348 s->base.is_jmp = DISAS_JUMP; 1349 return; 1350 } 1351 switch (s->base.is_jmp) { 1352 case DISAS_NEXT: 1353 case DISAS_TOO_MANY: 1354 case DISAS_NORETURN: 1355 /* 1356 * The normal case: just go to the destination TB. 1357 * NB: NORETURN happens if we generate code like 1358 * gen_brcondi(l); 1359 * gen_jmp(); 1360 * gen_set_label(l); 1361 * gen_jmp(); 1362 * on the second call to gen_jmp(). 1363 */ 1364 gen_goto_tb(s, tbno, diff); 1365 break; 1366 case DISAS_UPDATE_NOCHAIN: 1367 case DISAS_UPDATE_EXIT: 1368 /* 1369 * We already decided we're leaving the TB for some other reason. 1370 * Avoid using goto_tb so we really do exit back to the main loop 1371 * and don't chain to another TB. 1372 */ 1373 gen_update_pc(s, diff); 1374 gen_goto_ptr(); 1375 s->base.is_jmp = DISAS_NORETURN; 1376 break; 1377 default: 1378 /* 1379 * We shouldn't be emitting code for a jump and also have 1380 * is_jmp set to one of the special cases like DISAS_SWI. 1381 */ 1382 g_assert_not_reached(); 1383 } 1384 } 1385 1386 static inline void gen_jmp(DisasContext *s, target_long diff) 1387 { 1388 gen_jmp_tb(s, diff, 0); 1389 } 1390 1391 static inline void gen_mulxy(TCGv_i32 t0, TCGv_i32 t1, int x, int y) 1392 { 1393 if (x) 1394 tcg_gen_sari_i32(t0, t0, 16); 1395 else 1396 gen_sxth(t0); 1397 if (y) 1398 tcg_gen_sari_i32(t1, t1, 16); 1399 else 1400 gen_sxth(t1); 1401 tcg_gen_mul_i32(t0, t0, t1); 1402 } 1403 1404 /* Return the mask of PSR bits set by a MSR instruction. */ 1405 static uint32_t msr_mask(DisasContext *s, int flags, int spsr) 1406 { 1407 uint32_t mask = 0; 1408 1409 if (flags & (1 << 0)) { 1410 mask |= 0xff; 1411 } 1412 if (flags & (1 << 1)) { 1413 mask |= 0xff00; 1414 } 1415 if (flags & (1 << 2)) { 1416 mask |= 0xff0000; 1417 } 1418 if (flags & (1 << 3)) { 1419 mask |= 0xff000000; 1420 } 1421 1422 /* Mask out undefined and reserved bits. */ 1423 mask &= aarch32_cpsr_valid_mask(s->features, s->isar); 1424 1425 /* Mask out execution state. */ 1426 if (!spsr) { 1427 mask &= ~CPSR_EXEC; 1428 } 1429 1430 /* Mask out privileged bits. */ 1431 if (IS_USER(s)) { 1432 mask &= CPSR_USER; 1433 } 1434 return mask; 1435 } 1436 1437 /* Returns nonzero if access to the PSR is not permitted. Marks t0 as dead. */ 1438 static int gen_set_psr(DisasContext *s, uint32_t mask, int spsr, TCGv_i32 t0) 1439 { 1440 TCGv_i32 tmp; 1441 if (spsr) { 1442 /* ??? This is also undefined in system mode. */ 1443 if (IS_USER(s)) 1444 return 1; 1445 1446 tmp = load_cpu_field(spsr); 1447 tcg_gen_andi_i32(tmp, tmp, ~mask); 1448 tcg_gen_andi_i32(t0, t0, mask); 1449 tcg_gen_or_i32(tmp, tmp, t0); 1450 store_cpu_field(tmp, spsr); 1451 } else { 1452 gen_set_cpsr(t0, mask); 1453 } 1454 gen_lookup_tb(s); 1455 return 0; 1456 } 1457 1458 /* Returns nonzero if access to the PSR is not permitted. */ 1459 static int gen_set_psr_im(DisasContext *s, uint32_t mask, int spsr, uint32_t val) 1460 { 1461 TCGv_i32 tmp; 1462 tmp = tcg_temp_new_i32(); 1463 tcg_gen_movi_i32(tmp, val); 1464 return gen_set_psr(s, mask, spsr, tmp); 1465 } 1466 1467 static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn, 1468 int *tgtmode, int *regno) 1469 { 1470 /* Decode the r and sysm fields of MSR/MRS banked accesses into 1471 * the target mode and register number, and identify the various 1472 * unpredictable cases. 1473 * MSR (banked) and MRS (banked) are CONSTRAINED UNPREDICTABLE if: 1474 * + executed in user mode 1475 * + using R15 as the src/dest register 1476 * + accessing an unimplemented register 1477 * + accessing a register that's inaccessible at current PL/security state* 1478 * + accessing a register that you could access with a different insn 1479 * We choose to UNDEF in all these cases. 1480 * Since we don't know which of the various AArch32 modes we are in 1481 * we have to defer some checks to runtime. 1482 * Accesses to Monitor mode registers from Secure EL1 (which implies 1483 * that EL3 is AArch64) must trap to EL3. 1484 * 1485 * If the access checks fail this function will emit code to take 1486 * an exception and return false. Otherwise it will return true, 1487 * and set *tgtmode and *regno appropriately. 1488 */ 1489 /* These instructions are present only in ARMv8, or in ARMv7 with the 1490 * Virtualization Extensions. 1491 */ 1492 if (!arm_dc_feature(s, ARM_FEATURE_V8) && 1493 !arm_dc_feature(s, ARM_FEATURE_EL2)) { 1494 goto undef; 1495 } 1496 1497 if (IS_USER(s) || rn == 15) { 1498 goto undef; 1499 } 1500 1501 /* The table in the v8 ARM ARM section F5.2.3 describes the encoding 1502 * of registers into (r, sysm). 1503 */ 1504 if (r) { 1505 /* SPSRs for other modes */ 1506 switch (sysm) { 1507 case 0xe: /* SPSR_fiq */ 1508 *tgtmode = ARM_CPU_MODE_FIQ; 1509 break; 1510 case 0x10: /* SPSR_irq */ 1511 *tgtmode = ARM_CPU_MODE_IRQ; 1512 break; 1513 case 0x12: /* SPSR_svc */ 1514 *tgtmode = ARM_CPU_MODE_SVC; 1515 break; 1516 case 0x14: /* SPSR_abt */ 1517 *tgtmode = ARM_CPU_MODE_ABT; 1518 break; 1519 case 0x16: /* SPSR_und */ 1520 *tgtmode = ARM_CPU_MODE_UND; 1521 break; 1522 case 0x1c: /* SPSR_mon */ 1523 *tgtmode = ARM_CPU_MODE_MON; 1524 break; 1525 case 0x1e: /* SPSR_hyp */ 1526 *tgtmode = ARM_CPU_MODE_HYP; 1527 break; 1528 default: /* unallocated */ 1529 goto undef; 1530 } 1531 /* We arbitrarily assign SPSR a register number of 16. */ 1532 *regno = 16; 1533 } else { 1534 /* general purpose registers for other modes */ 1535 switch (sysm) { 1536 case 0x0 ... 0x6: /* 0b00xxx : r8_usr ... r14_usr */ 1537 *tgtmode = ARM_CPU_MODE_USR; 1538 *regno = sysm + 8; 1539 break; 1540 case 0x8 ... 0xe: /* 0b01xxx : r8_fiq ... r14_fiq */ 1541 *tgtmode = ARM_CPU_MODE_FIQ; 1542 *regno = sysm; 1543 break; 1544 case 0x10 ... 0x11: /* 0b1000x : r14_irq, r13_irq */ 1545 *tgtmode = ARM_CPU_MODE_IRQ; 1546 *regno = sysm & 1 ? 13 : 14; 1547 break; 1548 case 0x12 ... 0x13: /* 0b1001x : r14_svc, r13_svc */ 1549 *tgtmode = ARM_CPU_MODE_SVC; 1550 *regno = sysm & 1 ? 13 : 14; 1551 break; 1552 case 0x14 ... 0x15: /* 0b1010x : r14_abt, r13_abt */ 1553 *tgtmode = ARM_CPU_MODE_ABT; 1554 *regno = sysm & 1 ? 13 : 14; 1555 break; 1556 case 0x16 ... 0x17: /* 0b1011x : r14_und, r13_und */ 1557 *tgtmode = ARM_CPU_MODE_UND; 1558 *regno = sysm & 1 ? 13 : 14; 1559 break; 1560 case 0x1c ... 0x1d: /* 0b1110x : r14_mon, r13_mon */ 1561 *tgtmode = ARM_CPU_MODE_MON; 1562 *regno = sysm & 1 ? 13 : 14; 1563 break; 1564 case 0x1e ... 0x1f: /* 0b1111x : elr_hyp, r13_hyp */ 1565 *tgtmode = ARM_CPU_MODE_HYP; 1566 /* Arbitrarily pick 17 for ELR_Hyp (which is not a banked LR!) */ 1567 *regno = sysm & 1 ? 13 : 17; 1568 break; 1569 default: /* unallocated */ 1570 goto undef; 1571 } 1572 } 1573 1574 /* Catch the 'accessing inaccessible register' cases we can detect 1575 * at translate time. 1576 */ 1577 switch (*tgtmode) { 1578 case ARM_CPU_MODE_MON: 1579 if (!arm_dc_feature(s, ARM_FEATURE_EL3) || s->ns) { 1580 goto undef; 1581 } 1582 if (s->current_el == 1) { 1583 /* If we're in Secure EL1 (which implies that EL3 is AArch64) 1584 * then accesses to Mon registers trap to Secure EL2, if it exists, 1585 * otherwise EL3. 1586 */ 1587 TCGv_i32 tcg_el; 1588 1589 if (arm_dc_feature(s, ARM_FEATURE_AARCH64) && 1590 dc_isar_feature(aa64_sel2, s)) { 1591 /* Target EL is EL<3 minus SCR_EL3.EEL2> */ 1592 tcg_el = load_cpu_field_low32(cp15.scr_el3); 1593 tcg_gen_sextract_i32(tcg_el, tcg_el, ctz32(SCR_EEL2), 1); 1594 tcg_gen_addi_i32(tcg_el, tcg_el, 3); 1595 } else { 1596 tcg_el = tcg_constant_i32(3); 1597 } 1598 1599 gen_exception_insn_el_v(s, 0, EXCP_UDEF, 1600 syn_uncategorized(), tcg_el); 1601 return false; 1602 } 1603 break; 1604 case ARM_CPU_MODE_HYP: 1605 /* 1606 * r13_hyp can only be accessed from Monitor mode, and so we 1607 * can forbid accesses from EL2 or below. 1608 * elr_hyp can be accessed also from Hyp mode, so forbid 1609 * accesses from EL0 or EL1. 1610 * SPSR_hyp is supposed to be in the same category as r13_hyp 1611 * and UNPREDICTABLE if accessed from anything except Monitor 1612 * mode. However there is some real-world code that will do 1613 * it because at least some hardware happens to permit the 1614 * access. (Notably a standard Cortex-R52 startup code fragment 1615 * does this.) So we permit SPSR_hyp from Hyp mode also, to allow 1616 * this (incorrect) guest code to run. 1617 */ 1618 if (!arm_dc_feature(s, ARM_FEATURE_EL2) || s->current_el < 2 1619 || (s->current_el < 3 && *regno != 16 && *regno != 17)) { 1620 goto undef; 1621 } 1622 break; 1623 default: 1624 break; 1625 } 1626 1627 return true; 1628 1629 undef: 1630 /* If we get here then some access check did not pass */ 1631 gen_exception_insn(s, 0, EXCP_UDEF, syn_uncategorized()); 1632 return false; 1633 } 1634 1635 static void gen_msr_banked(DisasContext *s, int r, int sysm, int rn) 1636 { 1637 TCGv_i32 tcg_reg; 1638 int tgtmode = 0, regno = 0; 1639 1640 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, ®no)) { 1641 return; 1642 } 1643 1644 /* Sync state because msr_banked() can raise exceptions */ 1645 gen_set_condexec(s); 1646 gen_update_pc(s, 0); 1647 tcg_reg = load_reg(s, rn); 1648 gen_helper_msr_banked(tcg_env, tcg_reg, 1649 tcg_constant_i32(tgtmode), 1650 tcg_constant_i32(regno)); 1651 s->base.is_jmp = DISAS_UPDATE_EXIT; 1652 } 1653 1654 static void gen_mrs_banked(DisasContext *s, int r, int sysm, int rn) 1655 { 1656 TCGv_i32 tcg_reg; 1657 int tgtmode = 0, regno = 0; 1658 1659 if (!msr_banked_access_decode(s, r, sysm, rn, &tgtmode, ®no)) { 1660 return; 1661 } 1662 1663 /* Sync state because mrs_banked() can raise exceptions */ 1664 gen_set_condexec(s); 1665 gen_update_pc(s, 0); 1666 tcg_reg = tcg_temp_new_i32(); 1667 gen_helper_mrs_banked(tcg_reg, tcg_env, 1668 tcg_constant_i32(tgtmode), 1669 tcg_constant_i32(regno)); 1670 store_reg(s, rn, tcg_reg); 1671 s->base.is_jmp = DISAS_UPDATE_EXIT; 1672 } 1673 1674 /* Store value to PC as for an exception return (ie don't 1675 * mask bits). The subsequent call to gen_helper_cpsr_write_eret() 1676 * will do the masking based on the new value of the Thumb bit. 1677 */ 1678 static void store_pc_exc_ret(DisasContext *s, TCGv_i32 pc) 1679 { 1680 tcg_gen_mov_i32(cpu_R[15], pc); 1681 } 1682 1683 /* Generate a v6 exception return. Marks both values as dead. */ 1684 static void gen_rfe(DisasContext *s, TCGv_i32 pc, TCGv_i32 cpsr) 1685 { 1686 store_pc_exc_ret(s, pc); 1687 /* The cpsr_write_eret helper will mask the low bits of PC 1688 * appropriately depending on the new Thumb bit, so it must 1689 * be called after storing the new PC. 1690 */ 1691 translator_io_start(&s->base); 1692 gen_helper_cpsr_write_eret(tcg_env, cpsr); 1693 /* Must exit loop to check un-masked IRQs */ 1694 s->base.is_jmp = DISAS_EXIT; 1695 } 1696 1697 /* Generate an old-style exception return. Marks pc as dead. */ 1698 static void gen_exception_return(DisasContext *s, TCGv_i32 pc) 1699 { 1700 gen_rfe(s, pc, load_cpu_field(spsr)); 1701 } 1702 1703 static bool aa32_cpreg_encoding_in_impdef_space(uint8_t crn, uint8_t crm) 1704 { 1705 static const uint16_t mask[3] = { 1706 0b0000000111100111, /* crn == 9, crm == {c0-c2, c5-c8} */ 1707 0b0000000100010011, /* crn == 10, crm == {c0, c1, c4, c8} */ 1708 0b1000000111111111, /* crn == 11, crm == {c0-c8, c15} */ 1709 }; 1710 1711 if (crn >= 9 && crn <= 11) { 1712 return (mask[crn - 9] >> crm) & 1; 1713 } 1714 return false; 1715 } 1716 1717 static void do_coproc_insn(DisasContext *s, int cpnum, int is64, 1718 int opc1, int crn, int crm, int opc2, 1719 bool isread, int rt, int rt2) 1720 { 1721 uint32_t key = ENCODE_CP_REG(cpnum, is64, s->ns, crn, crm, opc1, opc2); 1722 const ARMCPRegInfo *ri = get_arm_cp_reginfo(s->cp_regs, key); 1723 TCGv_ptr tcg_ri = NULL; 1724 bool need_exit_tb = false; 1725 uint32_t syndrome; 1726 1727 /* 1728 * Note that since we are an implementation which takes an 1729 * exception on a trapped conditional instruction only if the 1730 * instruction passes its condition code check, we can take 1731 * advantage of the clause in the ARM ARM that allows us to set 1732 * the COND field in the instruction to 0xE in all cases. 1733 * We could fish the actual condition out of the insn (ARM) 1734 * or the condexec bits (Thumb) but it isn't necessary. 1735 */ 1736 switch (cpnum) { 1737 case 14: 1738 if (is64) { 1739 syndrome = syn_cp14_rrt_trap(1, 0xe, opc1, crm, rt, rt2, 1740 isread, false); 1741 } else { 1742 syndrome = syn_cp14_rt_trap(1, 0xe, opc1, opc2, crn, crm, 1743 rt, isread, false); 1744 } 1745 break; 1746 case 15: 1747 if (is64) { 1748 syndrome = syn_cp15_rrt_trap(1, 0xe, opc1, crm, rt, rt2, 1749 isread, false); 1750 } else { 1751 syndrome = syn_cp15_rt_trap(1, 0xe, opc1, opc2, crn, crm, 1752 rt, isread, false); 1753 } 1754 break; 1755 default: 1756 /* 1757 * ARMv8 defines that only coprocessors 14 and 15 exist, 1758 * so this can only happen if this is an ARMv7 or earlier CPU, 1759 * in which case the syndrome information won't actually be 1760 * guest visible. 1761 */ 1762 assert(!arm_dc_feature(s, ARM_FEATURE_V8)); 1763 syndrome = syn_uncategorized(); 1764 break; 1765 } 1766 1767 if (s->hstr_active && cpnum == 15 && s->current_el == 1) { 1768 /* 1769 * At EL1, check for a HSTR_EL2 trap, which must take precedence 1770 * over the UNDEF for "no such register" or the UNDEF for "access 1771 * permissions forbid this EL1 access". HSTR_EL2 traps from EL0 1772 * only happen if the cpreg doesn't UNDEF at EL0, so we do those in 1773 * access_check_cp_reg(), after the checks for whether the access 1774 * configurably trapped to EL1. 1775 */ 1776 uint32_t maskbit = is64 ? crm : crn; 1777 1778 if (maskbit != 4 && maskbit != 14) { 1779 /* T4 and T14 are RES0 so never cause traps */ 1780 TCGLabel *fail = delay_exception_el(s, EXCP_UDEF, syndrome, 2); 1781 TCGv_i32 t = 1782 load_cpu_offset(offsetoflow32(CPUARMState, cp15.hstr_el2)); 1783 1784 tcg_gen_brcondi_i32(TCG_COND_TSTNE, t, 1u << maskbit, fail); 1785 } 1786 } 1787 1788 if (cpnum == 15 && aa32_cpreg_encoding_in_impdef_space(crn, crm)) { 1789 /* 1790 * Check for TIDCP trap, which must take precedence over the UNDEF 1791 * for "no such register" etc. It shares precedence with HSTR, 1792 * but raises the same exception, so order doesn't matter. 1793 */ 1794 switch (s->current_el) { 1795 case 0: 1796 if (arm_dc_feature(s, ARM_FEATURE_AARCH64) 1797 && dc_isar_feature(aa64_tidcp1, s)) { 1798 gen_helper_tidcp_el0(tcg_env, tcg_constant_i32(syndrome)); 1799 } 1800 break; 1801 case 1: 1802 gen_helper_tidcp_el1(tcg_env, tcg_constant_i32(syndrome)); 1803 break; 1804 } 1805 } 1806 1807 if (!ri) { 1808 /* 1809 * Unknown register; this might be a guest error or a QEMU 1810 * unimplemented feature. 1811 */ 1812 if (is64) { 1813 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 " 1814 "64 bit system register cp:%d opc1: %d crm:%d " 1815 "(%s)\n", 1816 isread ? "read" : "write", cpnum, opc1, crm, 1817 s->ns ? "non-secure" : "secure"); 1818 } else { 1819 qemu_log_mask(LOG_UNIMP, "%s access to unsupported AArch32 " 1820 "system register cp:%d opc1:%d crn:%d crm:%d " 1821 "opc2:%d (%s)\n", 1822 isread ? "read" : "write", cpnum, opc1, crn, 1823 crm, opc2, s->ns ? "non-secure" : "secure"); 1824 } 1825 unallocated_encoding(s); 1826 return; 1827 } 1828 1829 /* Check access permissions */ 1830 if (!cp_access_ok(s->current_el, ri, isread)) { 1831 unallocated_encoding(s); 1832 return; 1833 } 1834 1835 if ((s->hstr_active && s->current_el == 0) || ri->accessfn || 1836 (ri->fgt && s->fgt_active)) { 1837 /* 1838 * Emit code to perform further access permissions checks at 1839 * runtime; this may result in an exception. 1840 */ 1841 gen_set_condexec(s); 1842 gen_update_pc(s, 0); 1843 tcg_ri = tcg_temp_new_ptr(); 1844 gen_helper_access_check_cp_reg(tcg_ri, tcg_env, 1845 tcg_constant_i32(key), 1846 tcg_constant_i32(syndrome), 1847 tcg_constant_i32(isread)); 1848 } else if (ri->type & ARM_CP_RAISES_EXC) { 1849 /* 1850 * The readfn or writefn might raise an exception; 1851 * synchronize the CPU state in case it does. 1852 */ 1853 gen_set_condexec(s); 1854 gen_update_pc(s, 0); 1855 } 1856 1857 /* Handle special cases first */ 1858 switch (ri->type & ARM_CP_SPECIAL_MASK) { 1859 case 0: 1860 break; 1861 case ARM_CP_NOP: 1862 return; 1863 case ARM_CP_WFI: 1864 if (isread) { 1865 unallocated_encoding(s); 1866 } else { 1867 gen_update_pc(s, curr_insn_len(s)); 1868 s->base.is_jmp = DISAS_WFI; 1869 } 1870 return; 1871 default: 1872 g_assert_not_reached(); 1873 } 1874 1875 if (ri->type & ARM_CP_IO) { 1876 /* I/O operations must end the TB here (whether read or write) */ 1877 need_exit_tb = translator_io_start(&s->base); 1878 } 1879 1880 if (isread) { 1881 /* Read */ 1882 if (is64) { 1883 TCGv_i64 tmp64; 1884 TCGv_i32 tmp; 1885 if (ri->type & ARM_CP_CONST) { 1886 tmp64 = tcg_constant_i64(ri->resetvalue); 1887 } else if (ri->readfn) { 1888 if (!tcg_ri) { 1889 tcg_ri = gen_lookup_cp_reg(key); 1890 } 1891 tmp64 = tcg_temp_new_i64(); 1892 gen_helper_get_cp_reg64(tmp64, tcg_env, tcg_ri); 1893 } else { 1894 tmp64 = tcg_temp_new_i64(); 1895 tcg_gen_ld_i64(tmp64, tcg_env, ri->fieldoffset); 1896 } 1897 tmp = tcg_temp_new_i32(); 1898 tcg_gen_extrl_i64_i32(tmp, tmp64); 1899 store_reg(s, rt, tmp); 1900 tmp = tcg_temp_new_i32(); 1901 tcg_gen_extrh_i64_i32(tmp, tmp64); 1902 store_reg(s, rt2, tmp); 1903 } else { 1904 TCGv_i32 tmp; 1905 if (ri->type & ARM_CP_CONST) { 1906 tmp = tcg_constant_i32(ri->resetvalue); 1907 } else if (ri->readfn) { 1908 if (!tcg_ri) { 1909 tcg_ri = gen_lookup_cp_reg(key); 1910 } 1911 tmp = tcg_temp_new_i32(); 1912 gen_helper_get_cp_reg(tmp, tcg_env, tcg_ri); 1913 } else { 1914 tmp = load_cpu_offset(ri->fieldoffset); 1915 } 1916 if (rt == 15) { 1917 /* Destination register of r15 for 32 bit loads sets 1918 * the condition codes from the high 4 bits of the value 1919 */ 1920 gen_set_nzcv(tmp); 1921 } else { 1922 store_reg(s, rt, tmp); 1923 } 1924 } 1925 } else { 1926 /* Write */ 1927 if (ri->type & ARM_CP_CONST) { 1928 /* If not forbidden by access permissions, treat as WI */ 1929 return; 1930 } 1931 1932 if (is64) { 1933 TCGv_i32 tmplo, tmphi; 1934 TCGv_i64 tmp64 = tcg_temp_new_i64(); 1935 tmplo = load_reg(s, rt); 1936 tmphi = load_reg(s, rt2); 1937 tcg_gen_concat_i32_i64(tmp64, tmplo, tmphi); 1938 if (ri->writefn) { 1939 if (!tcg_ri) { 1940 tcg_ri = gen_lookup_cp_reg(key); 1941 } 1942 gen_helper_set_cp_reg64(tcg_env, tcg_ri, tmp64); 1943 } else { 1944 tcg_gen_st_i64(tmp64, tcg_env, ri->fieldoffset); 1945 } 1946 } else { 1947 TCGv_i32 tmp = load_reg(s, rt); 1948 if (ri->writefn) { 1949 if (!tcg_ri) { 1950 tcg_ri = gen_lookup_cp_reg(key); 1951 } 1952 gen_helper_set_cp_reg(tcg_env, tcg_ri, tmp); 1953 } else { 1954 store_cpu_offset(tmp, ri->fieldoffset, 4); 1955 } 1956 } 1957 } 1958 1959 if (!isread && !(ri->type & ARM_CP_SUPPRESS_TB_END)) { 1960 /* 1961 * A write to any coprocessor register that ends a TB 1962 * must rebuild the hflags for the next TB. 1963 */ 1964 gen_rebuild_hflags(s, ri->type & ARM_CP_NEWEL); 1965 /* 1966 * We default to ending the TB on a coprocessor register write, 1967 * but allow this to be suppressed by the register definition 1968 * (usually only necessary to work around guest bugs). 1969 */ 1970 need_exit_tb = true; 1971 } 1972 if (need_exit_tb) { 1973 gen_lookup_tb(s); 1974 } 1975 } 1976 1977 /* Store a 64-bit value to a register pair. Clobbers val. */ 1978 static void gen_storeq_reg(DisasContext *s, int rlow, int rhigh, TCGv_i64 val) 1979 { 1980 TCGv_i32 tmp; 1981 tmp = tcg_temp_new_i32(); 1982 tcg_gen_extrl_i64_i32(tmp, val); 1983 store_reg(s, rlow, tmp); 1984 tmp = tcg_temp_new_i32(); 1985 tcg_gen_extrh_i64_i32(tmp, val); 1986 store_reg(s, rhigh, tmp); 1987 } 1988 1989 /* load and add a 64-bit value from a register pair. */ 1990 static void gen_addq(DisasContext *s, TCGv_i64 val, int rlow, int rhigh) 1991 { 1992 TCGv_i64 tmp; 1993 TCGv_i32 tmpl; 1994 TCGv_i32 tmph; 1995 1996 /* Load 64-bit value rd:rn. */ 1997 tmpl = load_reg(s, rlow); 1998 tmph = load_reg(s, rhigh); 1999 tmp = tcg_temp_new_i64(); 2000 tcg_gen_concat_i32_i64(tmp, tmpl, tmph); 2001 tcg_gen_add_i64(val, val, tmp); 2002 } 2003 2004 /* Set N and Z flags from hi|lo. */ 2005 static void gen_logicq_cc(TCGv_i32 lo, TCGv_i32 hi) 2006 { 2007 tcg_gen_mov_i32(cpu_NF, hi); 2008 tcg_gen_or_i32(cpu_ZF, lo, hi); 2009 } 2010 2011 /* Load/Store exclusive instructions are implemented by remembering 2012 the value/address loaded, and seeing if these are the same 2013 when the store is performed. This should be sufficient to implement 2014 the architecturally mandated semantics, and avoids having to monitor 2015 regular stores. The compare vs the remembered value is done during 2016 the cmpxchg operation, but we must compare the addresses manually. */ 2017 static void gen_load_exclusive(DisasContext *s, int rt, int rt2, 2018 TCGv_i32 addr, int size) 2019 { 2020 TCGv_i32 tmp = tcg_temp_new_i32(); 2021 MemOp opc = size | MO_ALIGN | s->be_data; 2022 2023 s->is_ldex = true; 2024 2025 if (size == 3) { 2026 TCGv_i32 tmp2 = tcg_temp_new_i32(); 2027 TCGv_i64 t64 = tcg_temp_new_i64(); 2028 2029 /* 2030 * For AArch32, architecturally the 32-bit word at the lowest 2031 * address is always Rt and the one at addr+4 is Rt2, even if 2032 * the CPU is big-endian. That means we don't want to do a 2033 * gen_aa32_ld_i64(), which checks SCTLR_B as if for an 2034 * architecturally 64-bit access, but instead do a 64-bit access 2035 * using MO_BE if appropriate and then split the two halves. 2036 */ 2037 TCGv taddr = gen_aa32_addr(s, addr, opc); 2038 2039 tcg_gen_qemu_ld_i64(t64, taddr, get_mem_index(s), opc); 2040 tcg_gen_mov_i64(cpu_exclusive_val, t64); 2041 if (s->be_data == MO_BE) { 2042 tcg_gen_extr_i64_i32(tmp2, tmp, t64); 2043 } else { 2044 tcg_gen_extr_i64_i32(tmp, tmp2, t64); 2045 } 2046 store_reg(s, rt2, tmp2); 2047 } else { 2048 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), opc); 2049 tcg_gen_extu_i32_i64(cpu_exclusive_val, tmp); 2050 } 2051 2052 store_reg(s, rt, tmp); 2053 tcg_gen_extu_i32_i64(cpu_exclusive_addr, addr); 2054 } 2055 2056 static void gen_clrex(DisasContext *s) 2057 { 2058 tcg_gen_movi_i64(cpu_exclusive_addr, -1); 2059 } 2060 2061 static void gen_store_exclusive(DisasContext *s, int rd, int rt, int rt2, 2062 TCGv_i32 addr, int size) 2063 { 2064 TCGv_i32 t0, t1, t2; 2065 TCGv_i64 extaddr; 2066 TCGv taddr; 2067 TCGLabel *done_label; 2068 TCGLabel *fail_label; 2069 MemOp opc = size | MO_ALIGN | s->be_data; 2070 2071 /* if (env->exclusive_addr == addr && env->exclusive_val == [addr]) { 2072 [addr] = {Rt}; 2073 {Rd} = 0; 2074 } else { 2075 {Rd} = 1; 2076 } */ 2077 fail_label = gen_new_label(); 2078 done_label = gen_new_label(); 2079 extaddr = tcg_temp_new_i64(); 2080 tcg_gen_extu_i32_i64(extaddr, addr); 2081 tcg_gen_brcond_i64(TCG_COND_NE, extaddr, cpu_exclusive_addr, fail_label); 2082 2083 taddr = gen_aa32_addr(s, addr, opc); 2084 t0 = tcg_temp_new_i32(); 2085 t1 = load_reg(s, rt); 2086 if (size == 3) { 2087 TCGv_i64 o64 = tcg_temp_new_i64(); 2088 TCGv_i64 n64 = tcg_temp_new_i64(); 2089 2090 t2 = load_reg(s, rt2); 2091 2092 /* 2093 * For AArch32, architecturally the 32-bit word at the lowest 2094 * address is always Rt and the one at addr+4 is Rt2, even if 2095 * the CPU is big-endian. Since we're going to treat this as a 2096 * single 64-bit BE store, we need to put the two halves in the 2097 * opposite order for BE to LE, so that they end up in the right 2098 * places. We don't want gen_aa32_st_i64, because that checks 2099 * SCTLR_B as if for an architectural 64-bit access. 2100 */ 2101 if (s->be_data == MO_BE) { 2102 tcg_gen_concat_i32_i64(n64, t2, t1); 2103 } else { 2104 tcg_gen_concat_i32_i64(n64, t1, t2); 2105 } 2106 2107 tcg_gen_atomic_cmpxchg_i64(o64, taddr, cpu_exclusive_val, n64, 2108 get_mem_index(s), opc); 2109 2110 tcg_gen_setcond_i64(TCG_COND_NE, o64, o64, cpu_exclusive_val); 2111 tcg_gen_extrl_i64_i32(t0, o64); 2112 } else { 2113 t2 = tcg_temp_new_i32(); 2114 tcg_gen_extrl_i64_i32(t2, cpu_exclusive_val); 2115 tcg_gen_atomic_cmpxchg_i32(t0, taddr, t2, t1, get_mem_index(s), opc); 2116 tcg_gen_setcond_i32(TCG_COND_NE, t0, t0, t2); 2117 } 2118 tcg_gen_mov_i32(cpu_R[rd], t0); 2119 tcg_gen_br(done_label); 2120 2121 gen_set_label(fail_label); 2122 tcg_gen_movi_i32(cpu_R[rd], 1); 2123 gen_set_label(done_label); 2124 tcg_gen_movi_i64(cpu_exclusive_addr, -1); 2125 } 2126 2127 /* gen_srs: 2128 * @env: CPUARMState 2129 * @s: DisasContext 2130 * @mode: mode field from insn (which stack to store to) 2131 * @amode: addressing mode (DA/IA/DB/IB), encoded as per P,U bits in ARM insn 2132 * @writeback: true if writeback bit set 2133 * 2134 * Generate code for the SRS (Store Return State) insn. 2135 */ 2136 static void gen_srs(DisasContext *s, 2137 uint32_t mode, uint32_t amode, bool writeback) 2138 { 2139 int32_t offset; 2140 TCGv_i32 addr, tmp; 2141 bool undef = false; 2142 2143 /* SRS is: 2144 * - trapped to EL3 if EL3 is AArch64 and we are at Secure EL1 2145 * and specified mode is monitor mode 2146 * - UNDEFINED in Hyp mode 2147 * - UNPREDICTABLE in User or System mode 2148 * - UNPREDICTABLE if the specified mode is: 2149 * -- not implemented 2150 * -- not a valid mode number 2151 * -- a mode that's at a higher exception level 2152 * -- Monitor, if we are Non-secure 2153 * For the UNPREDICTABLE cases we choose to UNDEF. 2154 */ 2155 if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) { 2156 gen_exception_insn_el(s, 0, EXCP_UDEF, syn_uncategorized(), 3); 2157 return; 2158 } 2159 2160 if (s->current_el == 0 || s->current_el == 2) { 2161 undef = true; 2162 } 2163 2164 switch (mode) { 2165 case ARM_CPU_MODE_USR: 2166 case ARM_CPU_MODE_FIQ: 2167 case ARM_CPU_MODE_IRQ: 2168 case ARM_CPU_MODE_SVC: 2169 case ARM_CPU_MODE_ABT: 2170 case ARM_CPU_MODE_UND: 2171 case ARM_CPU_MODE_SYS: 2172 break; 2173 case ARM_CPU_MODE_HYP: 2174 if (s->current_el == 1 || !arm_dc_feature(s, ARM_FEATURE_EL2)) { 2175 undef = true; 2176 } 2177 break; 2178 case ARM_CPU_MODE_MON: 2179 /* No need to check specifically for "are we non-secure" because 2180 * we've already made EL0 UNDEF and handled the trap for S-EL1; 2181 * so if this isn't EL3 then we must be non-secure. 2182 */ 2183 if (s->current_el != 3) { 2184 undef = true; 2185 } 2186 break; 2187 default: 2188 undef = true; 2189 } 2190 2191 if (undef) { 2192 unallocated_encoding(s); 2193 return; 2194 } 2195 2196 addr = tcg_temp_new_i32(); 2197 /* get_r13_banked() will raise an exception if called from System mode */ 2198 gen_set_condexec(s); 2199 gen_update_pc(s, 0); 2200 gen_helper_get_r13_banked(addr, tcg_env, tcg_constant_i32(mode)); 2201 switch (amode) { 2202 case 0: /* DA */ 2203 offset = -4; 2204 break; 2205 case 1: /* IA */ 2206 offset = 0; 2207 break; 2208 case 2: /* DB */ 2209 offset = -8; 2210 break; 2211 case 3: /* IB */ 2212 offset = 4; 2213 break; 2214 default: 2215 g_assert_not_reached(); 2216 } 2217 tcg_gen_addi_i32(addr, addr, offset); 2218 tmp = load_reg(s, 14); 2219 gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN); 2220 tmp = load_cpu_field(spsr); 2221 tcg_gen_addi_i32(addr, addr, 4); 2222 gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), MO_UL | MO_ALIGN); 2223 if (writeback) { 2224 switch (amode) { 2225 case 0: 2226 offset = -8; 2227 break; 2228 case 1: 2229 offset = 4; 2230 break; 2231 case 2: 2232 offset = -4; 2233 break; 2234 case 3: 2235 offset = 0; 2236 break; 2237 default: 2238 g_assert_not_reached(); 2239 } 2240 tcg_gen_addi_i32(addr, addr, offset); 2241 gen_helper_set_r13_banked(tcg_env, tcg_constant_i32(mode), addr); 2242 } 2243 s->base.is_jmp = DISAS_UPDATE_EXIT; 2244 } 2245 2246 /* Skip this instruction if the ARM condition is false */ 2247 static void arm_skip_unless(DisasContext *s, uint32_t cond) 2248 { 2249 arm_gen_condlabel(s); 2250 arm_gen_test_cc(cond ^ 1, s->condlabel.label); 2251 } 2252 2253 2254 /* 2255 * Constant expanders used by T16/T32 decode 2256 */ 2257 2258 /* Return only the rotation part of T32ExpandImm. */ 2259 static int t32_expandimm_rot(DisasContext *s, int x) 2260 { 2261 return x & 0xc00 ? extract32(x, 7, 5) : 0; 2262 } 2263 2264 /* Return the unrotated immediate from T32ExpandImm. */ 2265 static int t32_expandimm_imm(DisasContext *s, int x) 2266 { 2267 uint32_t imm = extract32(x, 0, 8); 2268 2269 switch (extract32(x, 8, 4)) { 2270 case 0: /* XY */ 2271 /* Nothing to do. */ 2272 break; 2273 case 1: /* 00XY00XY */ 2274 imm *= 0x00010001; 2275 break; 2276 case 2: /* XY00XY00 */ 2277 imm *= 0x01000100; 2278 break; 2279 case 3: /* XYXYXYXY */ 2280 imm *= 0x01010101; 2281 break; 2282 default: 2283 /* Rotated constant. */ 2284 imm |= 0x80; 2285 break; 2286 } 2287 return imm; 2288 } 2289 2290 static int t32_branch24(DisasContext *s, int x) 2291 { 2292 /* Convert J1:J2 at x[22:21] to I2:I1, which involves I=J^~S. */ 2293 x ^= !(x < 0) * (3 << 21); 2294 /* Append the final zero. */ 2295 return x << 1; 2296 } 2297 2298 static int t16_setflags(DisasContext *s) 2299 { 2300 return s->condexec_mask == 0; 2301 } 2302 2303 static int t16_push_list(DisasContext *s, int x) 2304 { 2305 return (x & 0xff) | (x & 0x100) << (14 - 8); 2306 } 2307 2308 static int t16_pop_list(DisasContext *s, int x) 2309 { 2310 return (x & 0xff) | (x & 0x100) << (15 - 8); 2311 } 2312 2313 /* 2314 * Include the generated decoders. 2315 */ 2316 2317 #include "decode-a32.c.inc" 2318 #include "decode-a32-uncond.c.inc" 2319 #include "decode-t32.c.inc" 2320 #include "decode-t16.c.inc" 2321 2322 static bool valid_cp(DisasContext *s, int cp) 2323 { 2324 /* 2325 * Return true if this coprocessor field indicates something 2326 * that's really a possible coprocessor. 2327 * For v7 and earlier, coprocessors 8..15 were reserved for Arm use, 2328 * and of those only cp14 and cp15 were used for registers. 2329 * cp10 and cp11 were used for VFP and Neon, whose decode is 2330 * dealt with elsewhere. With the advent of fp16, cp9 is also 2331 * now part of VFP. 2332 * For v8A and later, the encoding has been tightened so that 2333 * only cp14 and cp15 are valid, and other values aren't considered 2334 * to be in the coprocessor-instruction space at all. v8M still 2335 * permits coprocessors 0..7. 2336 */ 2337 if (arm_dc_feature(s, ARM_FEATURE_V8) && 2338 !arm_dc_feature(s, ARM_FEATURE_M)) { 2339 return cp >= 14; 2340 } 2341 return cp < 8 || cp >= 14; 2342 } 2343 2344 static bool trans_MCR(DisasContext *s, arg_MCR *a) 2345 { 2346 if (!valid_cp(s, a->cp)) { 2347 return false; 2348 } 2349 do_coproc_insn(s, a->cp, false, a->opc1, a->crn, a->crm, a->opc2, 2350 false, a->rt, 0); 2351 return true; 2352 } 2353 2354 static bool trans_MRC(DisasContext *s, arg_MRC *a) 2355 { 2356 if (!valid_cp(s, a->cp)) { 2357 return false; 2358 } 2359 do_coproc_insn(s, a->cp, false, a->opc1, a->crn, a->crm, a->opc2, 2360 true, a->rt, 0); 2361 return true; 2362 } 2363 2364 static bool trans_MCRR(DisasContext *s, arg_MCRR *a) 2365 { 2366 if (!valid_cp(s, a->cp)) { 2367 return false; 2368 } 2369 do_coproc_insn(s, a->cp, true, a->opc1, 0, a->crm, 0, 2370 false, a->rt, a->rt2); 2371 return true; 2372 } 2373 2374 static bool trans_MRRC(DisasContext *s, arg_MRRC *a) 2375 { 2376 if (!valid_cp(s, a->cp)) { 2377 return false; 2378 } 2379 do_coproc_insn(s, a->cp, true, a->opc1, 0, a->crm, 0, 2380 true, a->rt, a->rt2); 2381 return true; 2382 } 2383 2384 /* Helpers to swap operands for reverse-subtract. */ 2385 static void gen_rsb(TCGv_i32 dst, TCGv_i32 a, TCGv_i32 b) 2386 { 2387 tcg_gen_sub_i32(dst, b, a); 2388 } 2389 2390 static void gen_rsb_CC(TCGv_i32 dst, TCGv_i32 a, TCGv_i32 b) 2391 { 2392 gen_sub_CC(dst, b, a); 2393 } 2394 2395 static void gen_rsc(TCGv_i32 dest, TCGv_i32 a, TCGv_i32 b) 2396 { 2397 gen_sub_carry(dest, b, a); 2398 } 2399 2400 static void gen_rsc_CC(TCGv_i32 dest, TCGv_i32 a, TCGv_i32 b) 2401 { 2402 gen_sbc_CC(dest, b, a); 2403 } 2404 2405 /* 2406 * Helpers for the data processing routines. 2407 * 2408 * After the computation store the results back. 2409 * This may be suppressed altogether (STREG_NONE), require a runtime 2410 * check against the stack limits (STREG_SP_CHECK), or generate an 2411 * exception return. Oh, or store into a register. 2412 * 2413 * Always return true, indicating success for a trans_* function. 2414 */ 2415 typedef enum { 2416 STREG_NONE, 2417 STREG_NORMAL, 2418 STREG_SP_CHECK, 2419 STREG_EXC_RET, 2420 } StoreRegKind; 2421 2422 static bool store_reg_kind(DisasContext *s, int rd, 2423 TCGv_i32 val, StoreRegKind kind) 2424 { 2425 switch (kind) { 2426 case STREG_NONE: 2427 return true; 2428 case STREG_NORMAL: 2429 /* See ALUWritePC: Interworking only from a32 mode. */ 2430 if (s->thumb) { 2431 store_reg(s, rd, val); 2432 } else { 2433 store_reg_bx(s, rd, val); 2434 } 2435 return true; 2436 case STREG_SP_CHECK: 2437 store_sp_checked(s, val); 2438 return true; 2439 case STREG_EXC_RET: 2440 gen_exception_return(s, val); 2441 return true; 2442 } 2443 g_assert_not_reached(); 2444 } 2445 2446 /* 2447 * Data Processing (register) 2448 * 2449 * Operate, with set flags, one register source, 2450 * one immediate shifted register source, and a destination. 2451 */ 2452 static bool op_s_rrr_shi(DisasContext *s, arg_s_rrr_shi *a, 2453 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32), 2454 int logic_cc, StoreRegKind kind) 2455 { 2456 TCGv_i32 tmp1, tmp2; 2457 2458 tmp2 = load_reg(s, a->rm); 2459 gen_arm_shift_im(tmp2, a->shty, a->shim, logic_cc); 2460 tmp1 = load_reg(s, a->rn); 2461 2462 gen(tmp1, tmp1, tmp2); 2463 2464 if (logic_cc) { 2465 gen_logic_CC(tmp1); 2466 } 2467 return store_reg_kind(s, a->rd, tmp1, kind); 2468 } 2469 2470 static bool op_s_rxr_shi(DisasContext *s, arg_s_rrr_shi *a, 2471 void (*gen)(TCGv_i32, TCGv_i32), 2472 int logic_cc, StoreRegKind kind) 2473 { 2474 TCGv_i32 tmp; 2475 2476 tmp = load_reg(s, a->rm); 2477 gen_arm_shift_im(tmp, a->shty, a->shim, logic_cc); 2478 2479 gen(tmp, tmp); 2480 if (logic_cc) { 2481 gen_logic_CC(tmp); 2482 } 2483 return store_reg_kind(s, a->rd, tmp, kind); 2484 } 2485 2486 /* 2487 * Data-processing (register-shifted register) 2488 * 2489 * Operate, with set flags, one register source, 2490 * one register shifted register source, and a destination. 2491 */ 2492 static bool op_s_rrr_shr(DisasContext *s, arg_s_rrr_shr *a, 2493 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32), 2494 int logic_cc, StoreRegKind kind) 2495 { 2496 TCGv_i32 tmp1, tmp2; 2497 2498 tmp1 = load_reg(s, a->rs); 2499 tmp2 = load_reg(s, a->rm); 2500 gen_arm_shift_reg(tmp2, a->shty, tmp1, logic_cc); 2501 tmp1 = load_reg(s, a->rn); 2502 2503 gen(tmp1, tmp1, tmp2); 2504 2505 if (logic_cc) { 2506 gen_logic_CC(tmp1); 2507 } 2508 return store_reg_kind(s, a->rd, tmp1, kind); 2509 } 2510 2511 static bool op_s_rxr_shr(DisasContext *s, arg_s_rrr_shr *a, 2512 void (*gen)(TCGv_i32, TCGv_i32), 2513 int logic_cc, StoreRegKind kind) 2514 { 2515 TCGv_i32 tmp1, tmp2; 2516 2517 tmp1 = load_reg(s, a->rs); 2518 tmp2 = load_reg(s, a->rm); 2519 gen_arm_shift_reg(tmp2, a->shty, tmp1, logic_cc); 2520 2521 gen(tmp2, tmp2); 2522 if (logic_cc) { 2523 gen_logic_CC(tmp2); 2524 } 2525 return store_reg_kind(s, a->rd, tmp2, kind); 2526 } 2527 2528 /* 2529 * Data-processing (immediate) 2530 * 2531 * Operate, with set flags, one register source, 2532 * one rotated immediate, and a destination. 2533 * 2534 * Note that logic_cc && a->rot setting CF based on the msb of the 2535 * immediate is the reason why we must pass in the unrotated form 2536 * of the immediate. 2537 */ 2538 static bool op_s_rri_rot(DisasContext *s, arg_s_rri_rot *a, 2539 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32), 2540 int logic_cc, StoreRegKind kind) 2541 { 2542 TCGv_i32 tmp1; 2543 uint32_t imm; 2544 2545 imm = ror32(a->imm, a->rot); 2546 if (logic_cc && a->rot) { 2547 tcg_gen_movi_i32(cpu_CF, imm >> 31); 2548 } 2549 tmp1 = load_reg(s, a->rn); 2550 2551 gen(tmp1, tmp1, tcg_constant_i32(imm)); 2552 2553 if (logic_cc) { 2554 gen_logic_CC(tmp1); 2555 } 2556 return store_reg_kind(s, a->rd, tmp1, kind); 2557 } 2558 2559 static bool op_s_rxi_rot(DisasContext *s, arg_s_rri_rot *a, 2560 void (*gen)(TCGv_i32, TCGv_i32), 2561 int logic_cc, StoreRegKind kind) 2562 { 2563 TCGv_i32 tmp; 2564 uint32_t imm; 2565 2566 imm = ror32(a->imm, a->rot); 2567 if (logic_cc && a->rot) { 2568 tcg_gen_movi_i32(cpu_CF, imm >> 31); 2569 } 2570 2571 tmp = tcg_temp_new_i32(); 2572 gen(tmp, tcg_constant_i32(imm)); 2573 2574 if (logic_cc) { 2575 gen_logic_CC(tmp); 2576 } 2577 return store_reg_kind(s, a->rd, tmp, kind); 2578 } 2579 2580 #define DO_ANY3(NAME, OP, L, K) \ 2581 static bool trans_##NAME##_rrri(DisasContext *s, arg_s_rrr_shi *a) \ 2582 { StoreRegKind k = (K); return op_s_rrr_shi(s, a, OP, L, k); } \ 2583 static bool trans_##NAME##_rrrr(DisasContext *s, arg_s_rrr_shr *a) \ 2584 { StoreRegKind k = (K); return op_s_rrr_shr(s, a, OP, L, k); } \ 2585 static bool trans_##NAME##_rri(DisasContext *s, arg_s_rri_rot *a) \ 2586 { StoreRegKind k = (K); return op_s_rri_rot(s, a, OP, L, k); } 2587 2588 #define DO_ANY2(NAME, OP, L, K) \ 2589 static bool trans_##NAME##_rxri(DisasContext *s, arg_s_rrr_shi *a) \ 2590 { StoreRegKind k = (K); return op_s_rxr_shi(s, a, OP, L, k); } \ 2591 static bool trans_##NAME##_rxrr(DisasContext *s, arg_s_rrr_shr *a) \ 2592 { StoreRegKind k = (K); return op_s_rxr_shr(s, a, OP, L, k); } \ 2593 static bool trans_##NAME##_rxi(DisasContext *s, arg_s_rri_rot *a) \ 2594 { StoreRegKind k = (K); return op_s_rxi_rot(s, a, OP, L, k); } 2595 2596 #define DO_CMP2(NAME, OP, L) \ 2597 static bool trans_##NAME##_xrri(DisasContext *s, arg_s_rrr_shi *a) \ 2598 { return op_s_rrr_shi(s, a, OP, L, STREG_NONE); } \ 2599 static bool trans_##NAME##_xrrr(DisasContext *s, arg_s_rrr_shr *a) \ 2600 { return op_s_rrr_shr(s, a, OP, L, STREG_NONE); } \ 2601 static bool trans_##NAME##_xri(DisasContext *s, arg_s_rri_rot *a) \ 2602 { return op_s_rri_rot(s, a, OP, L, STREG_NONE); } 2603 2604 DO_ANY3(AND, tcg_gen_and_i32, a->s, STREG_NORMAL) 2605 DO_ANY3(EOR, tcg_gen_xor_i32, a->s, STREG_NORMAL) 2606 DO_ANY3(ORR, tcg_gen_or_i32, a->s, STREG_NORMAL) 2607 DO_ANY3(BIC, tcg_gen_andc_i32, a->s, STREG_NORMAL) 2608 2609 DO_ANY3(RSB, a->s ? gen_rsb_CC : gen_rsb, false, STREG_NORMAL) 2610 DO_ANY3(ADC, a->s ? gen_adc_CC : gen_add_carry, false, STREG_NORMAL) 2611 DO_ANY3(SBC, a->s ? gen_sbc_CC : gen_sub_carry, false, STREG_NORMAL) 2612 DO_ANY3(RSC, a->s ? gen_rsc_CC : gen_rsc, false, STREG_NORMAL) 2613 2614 DO_CMP2(TST, tcg_gen_and_i32, true) 2615 DO_CMP2(TEQ, tcg_gen_xor_i32, true) 2616 DO_CMP2(CMN, gen_add_CC, false) 2617 DO_CMP2(CMP, gen_sub_CC, false) 2618 2619 DO_ANY3(ADD, a->s ? gen_add_CC : tcg_gen_add_i32, false, 2620 a->rd == 13 && a->rn == 13 ? STREG_SP_CHECK : STREG_NORMAL) 2621 2622 /* 2623 * Note for the computation of StoreRegKind we return out of the 2624 * middle of the functions that are expanded by DO_ANY3, and that 2625 * we modify a->s via that parameter before it is used by OP. 2626 */ 2627 DO_ANY3(SUB, a->s ? gen_sub_CC : tcg_gen_sub_i32, false, 2628 ({ 2629 StoreRegKind ret = STREG_NORMAL; 2630 if (a->rd == 15 && a->s) { 2631 /* 2632 * See ALUExceptionReturn: 2633 * In User mode, UNPREDICTABLE; we choose UNDEF. 2634 * In Hyp mode, UNDEFINED. 2635 */ 2636 if (IS_USER(s) || s->current_el == 2) { 2637 unallocated_encoding(s); 2638 return true; 2639 } 2640 /* There is no writeback of nzcv to PSTATE. */ 2641 a->s = 0; 2642 ret = STREG_EXC_RET; 2643 } else if (a->rd == 13 && a->rn == 13) { 2644 ret = STREG_SP_CHECK; 2645 } 2646 ret; 2647 })) 2648 2649 DO_ANY2(MOV, tcg_gen_mov_i32, a->s, 2650 ({ 2651 StoreRegKind ret = STREG_NORMAL; 2652 if (a->rd == 15 && a->s) { 2653 /* 2654 * See ALUExceptionReturn: 2655 * In User mode, UNPREDICTABLE; we choose UNDEF. 2656 * In Hyp mode, UNDEFINED. 2657 */ 2658 if (IS_USER(s) || s->current_el == 2) { 2659 unallocated_encoding(s); 2660 return true; 2661 } 2662 /* There is no writeback of nzcv to PSTATE. */ 2663 a->s = 0; 2664 ret = STREG_EXC_RET; 2665 } else if (a->rd == 13) { 2666 ret = STREG_SP_CHECK; 2667 } 2668 ret; 2669 })) 2670 2671 DO_ANY2(MVN, tcg_gen_not_i32, a->s, STREG_NORMAL) 2672 2673 /* 2674 * ORN is only available with T32, so there is no register-shifted-register 2675 * form of the insn. Using the DO_ANY3 macro would create an unused function. 2676 */ 2677 static bool trans_ORN_rrri(DisasContext *s, arg_s_rrr_shi *a) 2678 { 2679 return op_s_rrr_shi(s, a, tcg_gen_orc_i32, a->s, STREG_NORMAL); 2680 } 2681 2682 static bool trans_ORN_rri(DisasContext *s, arg_s_rri_rot *a) 2683 { 2684 return op_s_rri_rot(s, a, tcg_gen_orc_i32, a->s, STREG_NORMAL); 2685 } 2686 2687 #undef DO_ANY3 2688 #undef DO_ANY2 2689 #undef DO_CMP2 2690 2691 static bool trans_ADR(DisasContext *s, arg_ri *a) 2692 { 2693 store_reg_bx(s, a->rd, add_reg_for_lit(s, 15, a->imm)); 2694 return true; 2695 } 2696 2697 static bool trans_MOVW(DisasContext *s, arg_MOVW *a) 2698 { 2699 if (!ENABLE_ARCH_6T2) { 2700 return false; 2701 } 2702 2703 store_reg(s, a->rd, tcg_constant_i32(a->imm)); 2704 return true; 2705 } 2706 2707 static bool trans_MOVT(DisasContext *s, arg_MOVW *a) 2708 { 2709 TCGv_i32 tmp; 2710 2711 if (!ENABLE_ARCH_6T2) { 2712 return false; 2713 } 2714 2715 tmp = load_reg(s, a->rd); 2716 tcg_gen_ext16u_i32(tmp, tmp); 2717 tcg_gen_ori_i32(tmp, tmp, a->imm << 16); 2718 store_reg(s, a->rd, tmp); 2719 return true; 2720 } 2721 2722 /* 2723 * v8.1M MVE wide-shifts 2724 */ 2725 static bool do_mve_shl_ri(DisasContext *s, arg_mve_shl_ri *a, 2726 WideShiftImmFn *fn) 2727 { 2728 TCGv_i64 rda; 2729 TCGv_i32 rdalo, rdahi; 2730 2731 if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) { 2732 /* Decode falls through to ORR/MOV UNPREDICTABLE handling */ 2733 return false; 2734 } 2735 if (a->rdahi == 15) { 2736 /* These are a different encoding (SQSHL/SRSHR/UQSHL/URSHR) */ 2737 return false; 2738 } 2739 if (!dc_isar_feature(aa32_mve, s) || 2740 !arm_dc_feature(s, ARM_FEATURE_M_MAIN) || 2741 a->rdahi == 13) { 2742 /* RdaHi == 13 is UNPREDICTABLE; we choose to UNDEF */ 2743 unallocated_encoding(s); 2744 return true; 2745 } 2746 2747 if (a->shim == 0) { 2748 a->shim = 32; 2749 } 2750 2751 rda = tcg_temp_new_i64(); 2752 rdalo = load_reg(s, a->rdalo); 2753 rdahi = load_reg(s, a->rdahi); 2754 tcg_gen_concat_i32_i64(rda, rdalo, rdahi); 2755 2756 fn(rda, rda, a->shim); 2757 2758 tcg_gen_extrl_i64_i32(rdalo, rda); 2759 tcg_gen_extrh_i64_i32(rdahi, rda); 2760 store_reg(s, a->rdalo, rdalo); 2761 store_reg(s, a->rdahi, rdahi); 2762 2763 return true; 2764 } 2765 2766 static bool trans_ASRL_ri(DisasContext *s, arg_mve_shl_ri *a) 2767 { 2768 return do_mve_shl_ri(s, a, tcg_gen_sari_i64); 2769 } 2770 2771 static bool trans_LSLL_ri(DisasContext *s, arg_mve_shl_ri *a) 2772 { 2773 return do_mve_shl_ri(s, a, tcg_gen_shli_i64); 2774 } 2775 2776 static bool trans_LSRL_ri(DisasContext *s, arg_mve_shl_ri *a) 2777 { 2778 return do_mve_shl_ri(s, a, tcg_gen_shri_i64); 2779 } 2780 2781 static void gen_mve_sqshll(TCGv_i64 r, TCGv_i64 n, int64_t shift) 2782 { 2783 gen_helper_mve_sqshll(r, tcg_env, n, tcg_constant_i32(shift)); 2784 } 2785 2786 static bool trans_SQSHLL_ri(DisasContext *s, arg_mve_shl_ri *a) 2787 { 2788 return do_mve_shl_ri(s, a, gen_mve_sqshll); 2789 } 2790 2791 static void gen_mve_uqshll(TCGv_i64 r, TCGv_i64 n, int64_t shift) 2792 { 2793 gen_helper_mve_uqshll(r, tcg_env, n, tcg_constant_i32(shift)); 2794 } 2795 2796 static bool trans_UQSHLL_ri(DisasContext *s, arg_mve_shl_ri *a) 2797 { 2798 return do_mve_shl_ri(s, a, gen_mve_uqshll); 2799 } 2800 2801 static bool trans_SRSHRL_ri(DisasContext *s, arg_mve_shl_ri *a) 2802 { 2803 return do_mve_shl_ri(s, a, gen_srshr64_i64); 2804 } 2805 2806 static bool trans_URSHRL_ri(DisasContext *s, arg_mve_shl_ri *a) 2807 { 2808 return do_mve_shl_ri(s, a, gen_urshr64_i64); 2809 } 2810 2811 static bool do_mve_shl_rr(DisasContext *s, arg_mve_shl_rr *a, WideShiftFn *fn) 2812 { 2813 TCGv_i64 rda; 2814 TCGv_i32 rdalo, rdahi; 2815 2816 if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) { 2817 /* Decode falls through to ORR/MOV UNPREDICTABLE handling */ 2818 return false; 2819 } 2820 if (a->rdahi == 15) { 2821 /* These are a different encoding (SQSHL/SRSHR/UQSHL/URSHR) */ 2822 return false; 2823 } 2824 if (!dc_isar_feature(aa32_mve, s) || 2825 !arm_dc_feature(s, ARM_FEATURE_M_MAIN) || 2826 a->rdahi == 13 || a->rm == 13 || a->rm == 15 || 2827 a->rm == a->rdahi || a->rm == a->rdalo) { 2828 /* These rdahi/rdalo/rm cases are UNPREDICTABLE; we choose to UNDEF */ 2829 unallocated_encoding(s); 2830 return true; 2831 } 2832 2833 rda = tcg_temp_new_i64(); 2834 rdalo = load_reg(s, a->rdalo); 2835 rdahi = load_reg(s, a->rdahi); 2836 tcg_gen_concat_i32_i64(rda, rdalo, rdahi); 2837 2838 /* The helper takes care of the sign-extension of the low 8 bits of Rm */ 2839 fn(rda, tcg_env, rda, cpu_R[a->rm]); 2840 2841 tcg_gen_extrl_i64_i32(rdalo, rda); 2842 tcg_gen_extrh_i64_i32(rdahi, rda); 2843 store_reg(s, a->rdalo, rdalo); 2844 store_reg(s, a->rdahi, rdahi); 2845 2846 return true; 2847 } 2848 2849 static bool trans_LSLL_rr(DisasContext *s, arg_mve_shl_rr *a) 2850 { 2851 return do_mve_shl_rr(s, a, gen_helper_mve_ushll); 2852 } 2853 2854 static bool trans_ASRL_rr(DisasContext *s, arg_mve_shl_rr *a) 2855 { 2856 return do_mve_shl_rr(s, a, gen_helper_mve_sshrl); 2857 } 2858 2859 static bool trans_UQRSHLL64_rr(DisasContext *s, arg_mve_shl_rr *a) 2860 { 2861 return do_mve_shl_rr(s, a, gen_helper_mve_uqrshll); 2862 } 2863 2864 static bool trans_SQRSHRL64_rr(DisasContext *s, arg_mve_shl_rr *a) 2865 { 2866 return do_mve_shl_rr(s, a, gen_helper_mve_sqrshrl); 2867 } 2868 2869 static bool trans_UQRSHLL48_rr(DisasContext *s, arg_mve_shl_rr *a) 2870 { 2871 return do_mve_shl_rr(s, a, gen_helper_mve_uqrshll48); 2872 } 2873 2874 static bool trans_SQRSHRL48_rr(DisasContext *s, arg_mve_shl_rr *a) 2875 { 2876 return do_mve_shl_rr(s, a, gen_helper_mve_sqrshrl48); 2877 } 2878 2879 static bool do_mve_sh_ri(DisasContext *s, arg_mve_sh_ri *a, ShiftImmFn *fn) 2880 { 2881 if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) { 2882 /* Decode falls through to ORR/MOV UNPREDICTABLE handling */ 2883 return false; 2884 } 2885 if (!dc_isar_feature(aa32_mve, s) || 2886 !arm_dc_feature(s, ARM_FEATURE_M_MAIN) || 2887 a->rda == 13 || a->rda == 15) { 2888 /* These rda cases are UNPREDICTABLE; we choose to UNDEF */ 2889 unallocated_encoding(s); 2890 return true; 2891 } 2892 2893 if (a->shim == 0) { 2894 a->shim = 32; 2895 } 2896 fn(cpu_R[a->rda], cpu_R[a->rda], a->shim); 2897 2898 return true; 2899 } 2900 2901 static bool trans_URSHR_ri(DisasContext *s, arg_mve_sh_ri *a) 2902 { 2903 return do_mve_sh_ri(s, a, gen_urshr32_i32); 2904 } 2905 2906 static bool trans_SRSHR_ri(DisasContext *s, arg_mve_sh_ri *a) 2907 { 2908 return do_mve_sh_ri(s, a, gen_srshr32_i32); 2909 } 2910 2911 static void gen_mve_sqshl(TCGv_i32 r, TCGv_i32 n, int32_t shift) 2912 { 2913 gen_helper_mve_sqshl(r, tcg_env, n, tcg_constant_i32(shift)); 2914 } 2915 2916 static bool trans_SQSHL_ri(DisasContext *s, arg_mve_sh_ri *a) 2917 { 2918 return do_mve_sh_ri(s, a, gen_mve_sqshl); 2919 } 2920 2921 static void gen_mve_uqshl(TCGv_i32 r, TCGv_i32 n, int32_t shift) 2922 { 2923 gen_helper_mve_uqshl(r, tcg_env, n, tcg_constant_i32(shift)); 2924 } 2925 2926 static bool trans_UQSHL_ri(DisasContext *s, arg_mve_sh_ri *a) 2927 { 2928 return do_mve_sh_ri(s, a, gen_mve_uqshl); 2929 } 2930 2931 static bool do_mve_sh_rr(DisasContext *s, arg_mve_sh_rr *a, ShiftFn *fn) 2932 { 2933 if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) { 2934 /* Decode falls through to ORR/MOV UNPREDICTABLE handling */ 2935 return false; 2936 } 2937 if (!dc_isar_feature(aa32_mve, s) || 2938 !arm_dc_feature(s, ARM_FEATURE_M_MAIN) || 2939 a->rda == 13 || a->rda == 15 || a->rm == 13 || a->rm == 15 || 2940 a->rm == a->rda) { 2941 /* These rda/rm cases are UNPREDICTABLE; we choose to UNDEF */ 2942 unallocated_encoding(s); 2943 return true; 2944 } 2945 2946 /* The helper takes care of the sign-extension of the low 8 bits of Rm */ 2947 fn(cpu_R[a->rda], tcg_env, cpu_R[a->rda], cpu_R[a->rm]); 2948 return true; 2949 } 2950 2951 static bool trans_SQRSHR_rr(DisasContext *s, arg_mve_sh_rr *a) 2952 { 2953 return do_mve_sh_rr(s, a, gen_helper_mve_sqrshr); 2954 } 2955 2956 static bool trans_UQRSHL_rr(DisasContext *s, arg_mve_sh_rr *a) 2957 { 2958 return do_mve_sh_rr(s, a, gen_helper_mve_uqrshl); 2959 } 2960 2961 /* 2962 * Multiply and multiply accumulate 2963 */ 2964 2965 static bool op_mla(DisasContext *s, arg_s_rrrr *a, bool add) 2966 { 2967 TCGv_i32 t1, t2; 2968 2969 t1 = load_reg(s, a->rn); 2970 t2 = load_reg(s, a->rm); 2971 tcg_gen_mul_i32(t1, t1, t2); 2972 if (add) { 2973 t2 = load_reg(s, a->ra); 2974 tcg_gen_add_i32(t1, t1, t2); 2975 } 2976 if (a->s) { 2977 gen_logic_CC(t1); 2978 } 2979 store_reg(s, a->rd, t1); 2980 return true; 2981 } 2982 2983 static bool trans_MUL(DisasContext *s, arg_MUL *a) 2984 { 2985 return op_mla(s, a, false); 2986 } 2987 2988 static bool trans_MLA(DisasContext *s, arg_MLA *a) 2989 { 2990 return op_mla(s, a, true); 2991 } 2992 2993 static bool trans_MLS(DisasContext *s, arg_MLS *a) 2994 { 2995 TCGv_i32 t1, t2; 2996 2997 if (!ENABLE_ARCH_6T2) { 2998 return false; 2999 } 3000 t1 = load_reg(s, a->rn); 3001 t2 = load_reg(s, a->rm); 3002 tcg_gen_mul_i32(t1, t1, t2); 3003 t2 = load_reg(s, a->ra); 3004 tcg_gen_sub_i32(t1, t2, t1); 3005 store_reg(s, a->rd, t1); 3006 return true; 3007 } 3008 3009 static bool op_mlal(DisasContext *s, arg_s_rrrr *a, bool uns, bool add) 3010 { 3011 TCGv_i32 t0, t1, t2, t3; 3012 3013 t0 = load_reg(s, a->rm); 3014 t1 = load_reg(s, a->rn); 3015 if (uns) { 3016 tcg_gen_mulu2_i32(t0, t1, t0, t1); 3017 } else { 3018 tcg_gen_muls2_i32(t0, t1, t0, t1); 3019 } 3020 if (add) { 3021 t2 = load_reg(s, a->ra); 3022 t3 = load_reg(s, a->rd); 3023 tcg_gen_add2_i32(t0, t1, t0, t1, t2, t3); 3024 } 3025 if (a->s) { 3026 gen_logicq_cc(t0, t1); 3027 } 3028 store_reg(s, a->ra, t0); 3029 store_reg(s, a->rd, t1); 3030 return true; 3031 } 3032 3033 static bool trans_UMULL(DisasContext *s, arg_UMULL *a) 3034 { 3035 return op_mlal(s, a, true, false); 3036 } 3037 3038 static bool trans_SMULL(DisasContext *s, arg_SMULL *a) 3039 { 3040 return op_mlal(s, a, false, false); 3041 } 3042 3043 static bool trans_UMLAL(DisasContext *s, arg_UMLAL *a) 3044 { 3045 return op_mlal(s, a, true, true); 3046 } 3047 3048 static bool trans_SMLAL(DisasContext *s, arg_SMLAL *a) 3049 { 3050 return op_mlal(s, a, false, true); 3051 } 3052 3053 static bool trans_UMAAL(DisasContext *s, arg_UMAAL *a) 3054 { 3055 TCGv_i32 t0, t1, t2, zero; 3056 3057 if (s->thumb 3058 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 3059 : !ENABLE_ARCH_6) { 3060 return false; 3061 } 3062 3063 t0 = load_reg(s, a->rm); 3064 t1 = load_reg(s, a->rn); 3065 tcg_gen_mulu2_i32(t0, t1, t0, t1); 3066 zero = tcg_constant_i32(0); 3067 t2 = load_reg(s, a->ra); 3068 tcg_gen_add2_i32(t0, t1, t0, t1, t2, zero); 3069 t2 = load_reg(s, a->rd); 3070 tcg_gen_add2_i32(t0, t1, t0, t1, t2, zero); 3071 store_reg(s, a->ra, t0); 3072 store_reg(s, a->rd, t1); 3073 return true; 3074 } 3075 3076 /* 3077 * Saturating addition and subtraction 3078 */ 3079 3080 static bool op_qaddsub(DisasContext *s, arg_rrr *a, bool add, bool doub) 3081 { 3082 TCGv_i32 t0, t1; 3083 3084 if (s->thumb 3085 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 3086 : !ENABLE_ARCH_5TE) { 3087 return false; 3088 } 3089 3090 t0 = load_reg(s, a->rm); 3091 t1 = load_reg(s, a->rn); 3092 if (doub) { 3093 gen_helper_add_saturate(t1, tcg_env, t1, t1); 3094 } 3095 if (add) { 3096 gen_helper_add_saturate(t0, tcg_env, t0, t1); 3097 } else { 3098 gen_helper_sub_saturate(t0, tcg_env, t0, t1); 3099 } 3100 store_reg(s, a->rd, t0); 3101 return true; 3102 } 3103 3104 #define DO_QADDSUB(NAME, ADD, DOUB) \ 3105 static bool trans_##NAME(DisasContext *s, arg_rrr *a) \ 3106 { \ 3107 return op_qaddsub(s, a, ADD, DOUB); \ 3108 } 3109 3110 DO_QADDSUB(QADD, true, false) 3111 DO_QADDSUB(QSUB, false, false) 3112 DO_QADDSUB(QDADD, true, true) 3113 DO_QADDSUB(QDSUB, false, true) 3114 3115 #undef DO_QADDSUB 3116 3117 /* 3118 * Halfword multiply and multiply accumulate 3119 */ 3120 3121 static bool op_smlaxxx(DisasContext *s, arg_rrrr *a, 3122 int add_long, bool nt, bool mt) 3123 { 3124 TCGv_i32 t0, t1, tl, th; 3125 3126 if (s->thumb 3127 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 3128 : !ENABLE_ARCH_5TE) { 3129 return false; 3130 } 3131 3132 t0 = load_reg(s, a->rn); 3133 t1 = load_reg(s, a->rm); 3134 gen_mulxy(t0, t1, nt, mt); 3135 3136 switch (add_long) { 3137 case 0: 3138 store_reg(s, a->rd, t0); 3139 break; 3140 case 1: 3141 t1 = load_reg(s, a->ra); 3142 gen_helper_add_setq(t0, tcg_env, t0, t1); 3143 store_reg(s, a->rd, t0); 3144 break; 3145 case 2: 3146 tl = load_reg(s, a->ra); 3147 th = load_reg(s, a->rd); 3148 /* Sign-extend the 32-bit product to 64 bits. */ 3149 t1 = tcg_temp_new_i32(); 3150 tcg_gen_sari_i32(t1, t0, 31); 3151 tcg_gen_add2_i32(tl, th, tl, th, t0, t1); 3152 store_reg(s, a->ra, tl); 3153 store_reg(s, a->rd, th); 3154 break; 3155 default: 3156 g_assert_not_reached(); 3157 } 3158 return true; 3159 } 3160 3161 #define DO_SMLAX(NAME, add, nt, mt) \ 3162 static bool trans_##NAME(DisasContext *s, arg_rrrr *a) \ 3163 { \ 3164 return op_smlaxxx(s, a, add, nt, mt); \ 3165 } 3166 3167 DO_SMLAX(SMULBB, 0, 0, 0) 3168 DO_SMLAX(SMULBT, 0, 0, 1) 3169 DO_SMLAX(SMULTB, 0, 1, 0) 3170 DO_SMLAX(SMULTT, 0, 1, 1) 3171 3172 DO_SMLAX(SMLABB, 1, 0, 0) 3173 DO_SMLAX(SMLABT, 1, 0, 1) 3174 DO_SMLAX(SMLATB, 1, 1, 0) 3175 DO_SMLAX(SMLATT, 1, 1, 1) 3176 3177 DO_SMLAX(SMLALBB, 2, 0, 0) 3178 DO_SMLAX(SMLALBT, 2, 0, 1) 3179 DO_SMLAX(SMLALTB, 2, 1, 0) 3180 DO_SMLAX(SMLALTT, 2, 1, 1) 3181 3182 #undef DO_SMLAX 3183 3184 static bool op_smlawx(DisasContext *s, arg_rrrr *a, bool add, bool mt) 3185 { 3186 TCGv_i32 t0, t1; 3187 3188 if (!ENABLE_ARCH_5TE) { 3189 return false; 3190 } 3191 3192 t0 = load_reg(s, a->rn); 3193 t1 = load_reg(s, a->rm); 3194 /* 3195 * Since the nominal result is product<47:16>, shift the 16-bit 3196 * input up by 16 bits, so that the result is at product<63:32>. 3197 */ 3198 if (mt) { 3199 tcg_gen_andi_i32(t1, t1, 0xffff0000); 3200 } else { 3201 tcg_gen_shli_i32(t1, t1, 16); 3202 } 3203 tcg_gen_muls2_i32(t0, t1, t0, t1); 3204 if (add) { 3205 t0 = load_reg(s, a->ra); 3206 gen_helper_add_setq(t1, tcg_env, t1, t0); 3207 } 3208 store_reg(s, a->rd, t1); 3209 return true; 3210 } 3211 3212 #define DO_SMLAWX(NAME, add, mt) \ 3213 static bool trans_##NAME(DisasContext *s, arg_rrrr *a) \ 3214 { \ 3215 return op_smlawx(s, a, add, mt); \ 3216 } 3217 3218 DO_SMLAWX(SMULWB, 0, 0) 3219 DO_SMLAWX(SMULWT, 0, 1) 3220 DO_SMLAWX(SMLAWB, 1, 0) 3221 DO_SMLAWX(SMLAWT, 1, 1) 3222 3223 #undef DO_SMLAWX 3224 3225 /* 3226 * MSR (immediate) and hints 3227 */ 3228 3229 static bool trans_YIELD(DisasContext *s, arg_YIELD *a) 3230 { 3231 /* 3232 * When running single-threaded TCG code, use the helper to ensure that 3233 * the next round-robin scheduled vCPU gets a crack. When running in 3234 * MTTCG we don't generate jumps to the helper as it won't affect the 3235 * scheduling of other vCPUs. 3236 */ 3237 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) { 3238 gen_update_pc(s, curr_insn_len(s)); 3239 s->base.is_jmp = DISAS_YIELD; 3240 } 3241 return true; 3242 } 3243 3244 static bool trans_WFE(DisasContext *s, arg_WFE *a) 3245 { 3246 /* 3247 * When running single-threaded TCG code, use the helper to ensure that 3248 * the next round-robin scheduled vCPU gets a crack. In MTTCG mode we 3249 * just skip this instruction. Currently the SEV/SEVL instructions, 3250 * which are *one* of many ways to wake the CPU from WFE, are not 3251 * implemented so we can't sleep like WFI does. 3252 */ 3253 if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) { 3254 gen_update_pc(s, curr_insn_len(s)); 3255 s->base.is_jmp = DISAS_WFE; 3256 } 3257 return true; 3258 } 3259 3260 static bool trans_WFI(DisasContext *s, arg_WFI *a) 3261 { 3262 /* For WFI, halt the vCPU until an IRQ. */ 3263 gen_update_pc(s, curr_insn_len(s)); 3264 s->base.is_jmp = DISAS_WFI; 3265 return true; 3266 } 3267 3268 static bool trans_ESB(DisasContext *s, arg_ESB *a) 3269 { 3270 /* 3271 * For M-profile, minimal-RAS ESB can be a NOP. 3272 * Without RAS, we must implement this as NOP. 3273 */ 3274 if (!arm_dc_feature(s, ARM_FEATURE_M) && dc_isar_feature(aa32_ras, s)) { 3275 /* 3276 * QEMU does not have a source of physical SErrors, 3277 * so we are only concerned with virtual SErrors. 3278 * The pseudocode in the ARM for this case is 3279 * if PSTATE.EL IN {EL0, EL1} && EL2Enabled() then 3280 * AArch32.vESBOperation(); 3281 * Most of the condition can be evaluated at translation time. 3282 * Test for EL2 present, and defer test for SEL2 to runtime. 3283 */ 3284 if (s->current_el <= 1 && arm_dc_feature(s, ARM_FEATURE_EL2)) { 3285 gen_helper_vesb(tcg_env); 3286 } 3287 } 3288 return true; 3289 } 3290 3291 static bool trans_NOP(DisasContext *s, arg_NOP *a) 3292 { 3293 return true; 3294 } 3295 3296 static bool trans_MSR_imm(DisasContext *s, arg_MSR_imm *a) 3297 { 3298 uint32_t val = ror32(a->imm, a->rot * 2); 3299 uint32_t mask = msr_mask(s, a->mask, a->r); 3300 3301 if (gen_set_psr_im(s, mask, a->r, val)) { 3302 unallocated_encoding(s); 3303 } 3304 return true; 3305 } 3306 3307 /* 3308 * Cyclic Redundancy Check 3309 */ 3310 3311 static bool op_crc32(DisasContext *s, arg_rrr *a, bool c, MemOp sz) 3312 { 3313 TCGv_i32 t1, t2, t3; 3314 3315 if (!dc_isar_feature(aa32_crc32, s)) { 3316 return false; 3317 } 3318 3319 t1 = load_reg(s, a->rn); 3320 t2 = load_reg(s, a->rm); 3321 switch (sz) { 3322 case MO_8: 3323 gen_uxtb(t2); 3324 break; 3325 case MO_16: 3326 gen_uxth(t2); 3327 break; 3328 case MO_32: 3329 break; 3330 default: 3331 g_assert_not_reached(); 3332 } 3333 t3 = tcg_constant_i32(1 << sz); 3334 if (c) { 3335 gen_helper_crc32c(t1, t1, t2, t3); 3336 } else { 3337 gen_helper_crc32(t1, t1, t2, t3); 3338 } 3339 store_reg(s, a->rd, t1); 3340 return true; 3341 } 3342 3343 #define DO_CRC32(NAME, c, sz) \ 3344 static bool trans_##NAME(DisasContext *s, arg_rrr *a) \ 3345 { return op_crc32(s, a, c, sz); } 3346 3347 DO_CRC32(CRC32B, false, MO_8) 3348 DO_CRC32(CRC32H, false, MO_16) 3349 DO_CRC32(CRC32W, false, MO_32) 3350 DO_CRC32(CRC32CB, true, MO_8) 3351 DO_CRC32(CRC32CH, true, MO_16) 3352 DO_CRC32(CRC32CW, true, MO_32) 3353 3354 #undef DO_CRC32 3355 3356 /* 3357 * Miscellaneous instructions 3358 */ 3359 3360 static bool trans_MRS_bank(DisasContext *s, arg_MRS_bank *a) 3361 { 3362 if (arm_dc_feature(s, ARM_FEATURE_M)) { 3363 return false; 3364 } 3365 gen_mrs_banked(s, a->r, a->sysm, a->rd); 3366 return true; 3367 } 3368 3369 static bool trans_MSR_bank(DisasContext *s, arg_MSR_bank *a) 3370 { 3371 if (arm_dc_feature(s, ARM_FEATURE_M)) { 3372 return false; 3373 } 3374 gen_msr_banked(s, a->r, a->sysm, a->rn); 3375 return true; 3376 } 3377 3378 static bool trans_MRS_reg(DisasContext *s, arg_MRS_reg *a) 3379 { 3380 TCGv_i32 tmp; 3381 3382 if (arm_dc_feature(s, ARM_FEATURE_M)) { 3383 return false; 3384 } 3385 if (a->r) { 3386 if (IS_USER(s)) { 3387 unallocated_encoding(s); 3388 return true; 3389 } 3390 tmp = load_cpu_field(spsr); 3391 } else { 3392 tmp = tcg_temp_new_i32(); 3393 gen_helper_cpsr_read(tmp, tcg_env); 3394 } 3395 store_reg(s, a->rd, tmp); 3396 return true; 3397 } 3398 3399 static bool trans_MSR_reg(DisasContext *s, arg_MSR_reg *a) 3400 { 3401 TCGv_i32 tmp; 3402 uint32_t mask = msr_mask(s, a->mask, a->r); 3403 3404 if (arm_dc_feature(s, ARM_FEATURE_M)) { 3405 return false; 3406 } 3407 tmp = load_reg(s, a->rn); 3408 if (gen_set_psr(s, mask, a->r, tmp)) { 3409 unallocated_encoding(s); 3410 } 3411 return true; 3412 } 3413 3414 static bool trans_MRS_v7m(DisasContext *s, arg_MRS_v7m *a) 3415 { 3416 TCGv_i32 tmp; 3417 3418 if (!arm_dc_feature(s, ARM_FEATURE_M)) { 3419 return false; 3420 } 3421 tmp = tcg_temp_new_i32(); 3422 gen_helper_v7m_mrs(tmp, tcg_env, tcg_constant_i32(a->sysm)); 3423 store_reg(s, a->rd, tmp); 3424 return true; 3425 } 3426 3427 static bool trans_MSR_v7m(DisasContext *s, arg_MSR_v7m *a) 3428 { 3429 TCGv_i32 addr, reg; 3430 3431 if (!arm_dc_feature(s, ARM_FEATURE_M)) { 3432 return false; 3433 } 3434 addr = tcg_constant_i32((a->mask << 10) | a->sysm); 3435 reg = load_reg(s, a->rn); 3436 gen_helper_v7m_msr(tcg_env, addr, reg); 3437 /* If we wrote to CONTROL, the EL might have changed */ 3438 gen_rebuild_hflags(s, true); 3439 gen_lookup_tb(s); 3440 return true; 3441 } 3442 3443 static bool trans_BX(DisasContext *s, arg_BX *a) 3444 { 3445 if (!ENABLE_ARCH_4T) { 3446 return false; 3447 } 3448 gen_bx_excret(s, load_reg(s, a->rm)); 3449 return true; 3450 } 3451 3452 static bool trans_BXJ(DisasContext *s, arg_BXJ *a) 3453 { 3454 if (!ENABLE_ARCH_5J || arm_dc_feature(s, ARM_FEATURE_M)) { 3455 return false; 3456 } 3457 /* 3458 * v7A allows BXJ to be trapped via HSTR.TJDBX. We don't waste a 3459 * TBFLAGS bit on a basically-never-happens case, so call a helper 3460 * function to check for the trap and raise the exception if needed 3461 * (passing it the register number for the syndrome value). 3462 * v8A doesn't have this HSTR bit. 3463 */ 3464 if (!arm_dc_feature(s, ARM_FEATURE_V8) && 3465 arm_dc_feature(s, ARM_FEATURE_EL2) && 3466 s->current_el < 2 && s->ns) { 3467 gen_helper_check_bxj_trap(tcg_env, tcg_constant_i32(a->rm)); 3468 } 3469 /* Trivial implementation equivalent to bx. */ 3470 gen_bx(s, load_reg(s, a->rm)); 3471 return true; 3472 } 3473 3474 static bool trans_BLX_r(DisasContext *s, arg_BLX_r *a) 3475 { 3476 TCGv_i32 tmp; 3477 3478 if (!ENABLE_ARCH_5) { 3479 return false; 3480 } 3481 tmp = load_reg(s, a->rm); 3482 gen_pc_plus_diff(s, cpu_R[14], curr_insn_len(s) | s->thumb); 3483 gen_bx(s, tmp); 3484 return true; 3485 } 3486 3487 /* 3488 * BXNS/BLXNS: only exist for v8M with the security extensions, 3489 * and always UNDEF if NonSecure. We don't implement these in 3490 * the user-only mode either (in theory you can use them from 3491 * Secure User mode but they are too tied in to system emulation). 3492 */ 3493 static bool trans_BXNS(DisasContext *s, arg_BXNS *a) 3494 { 3495 if (!s->v8m_secure || IS_USER_ONLY) { 3496 unallocated_encoding(s); 3497 } else { 3498 gen_bxns(s, a->rm); 3499 } 3500 return true; 3501 } 3502 3503 static bool trans_BLXNS(DisasContext *s, arg_BLXNS *a) 3504 { 3505 if (!s->v8m_secure || IS_USER_ONLY) { 3506 unallocated_encoding(s); 3507 } else { 3508 gen_blxns(s, a->rm); 3509 } 3510 return true; 3511 } 3512 3513 static bool trans_CLZ(DisasContext *s, arg_CLZ *a) 3514 { 3515 TCGv_i32 tmp; 3516 3517 if (!ENABLE_ARCH_5) { 3518 return false; 3519 } 3520 tmp = load_reg(s, a->rm); 3521 tcg_gen_clzi_i32(tmp, tmp, 32); 3522 store_reg(s, a->rd, tmp); 3523 return true; 3524 } 3525 3526 static bool trans_ERET(DisasContext *s, arg_ERET *a) 3527 { 3528 TCGv_i32 tmp; 3529 3530 if (!arm_dc_feature(s, ARM_FEATURE_V7VE)) { 3531 return false; 3532 } 3533 if (IS_USER(s)) { 3534 unallocated_encoding(s); 3535 return true; 3536 } 3537 if (s->current_el == 2) { 3538 /* ERET from Hyp uses ELR_Hyp, not LR */ 3539 tmp = load_cpu_field_low32(elr_el[2]); 3540 } else { 3541 tmp = load_reg(s, 14); 3542 } 3543 gen_exception_return(s, tmp); 3544 return true; 3545 } 3546 3547 static bool trans_HLT(DisasContext *s, arg_HLT *a) 3548 { 3549 gen_hlt(s, a->imm); 3550 return true; 3551 } 3552 3553 static bool trans_BKPT(DisasContext *s, arg_BKPT *a) 3554 { 3555 if (!ENABLE_ARCH_5) { 3556 return false; 3557 } 3558 /* BKPT is OK with ECI set and leaves it untouched */ 3559 s->eci_handled = true; 3560 if (arm_dc_feature(s, ARM_FEATURE_M) && 3561 semihosting_enabled(s->current_el == 0) && 3562 (a->imm == 0xab)) { 3563 gen_exception_internal_insn(s, EXCP_SEMIHOST); 3564 } else { 3565 gen_exception_bkpt_insn(s, syn_aa32_bkpt(a->imm, false)); 3566 } 3567 return true; 3568 } 3569 3570 static bool trans_HVC(DisasContext *s, arg_HVC *a) 3571 { 3572 if (!ENABLE_ARCH_7 || arm_dc_feature(s, ARM_FEATURE_M)) { 3573 return false; 3574 } 3575 if (IS_USER(s)) { 3576 unallocated_encoding(s); 3577 } else { 3578 gen_hvc(s, a->imm); 3579 } 3580 return true; 3581 } 3582 3583 static bool trans_SMC(DisasContext *s, arg_SMC *a) 3584 { 3585 if (!ENABLE_ARCH_6K || arm_dc_feature(s, ARM_FEATURE_M)) { 3586 return false; 3587 } 3588 if (IS_USER(s)) { 3589 unallocated_encoding(s); 3590 } else { 3591 gen_smc(s); 3592 } 3593 return true; 3594 } 3595 3596 static bool trans_SG(DisasContext *s, arg_SG *a) 3597 { 3598 if (!arm_dc_feature(s, ARM_FEATURE_M) || 3599 !arm_dc_feature(s, ARM_FEATURE_V8)) { 3600 return false; 3601 } 3602 /* 3603 * SG (v8M only) 3604 * The bulk of the behaviour for this instruction is implemented 3605 * in v7m_handle_execute_nsc(), which deals with the insn when 3606 * it is executed by a CPU in non-secure state from memory 3607 * which is Secure & NonSecure-Callable. 3608 * Here we only need to handle the remaining cases: 3609 * * in NS memory (including the "security extension not 3610 * implemented" case) : NOP 3611 * * in S memory but CPU already secure (clear IT bits) 3612 * We know that the attribute for the memory this insn is 3613 * in must match the current CPU state, because otherwise 3614 * get_phys_addr_pmsav8 would have generated an exception. 3615 */ 3616 if (s->v8m_secure) { 3617 /* Like the IT insn, we don't need to generate any code */ 3618 s->condexec_cond = 0; 3619 s->condexec_mask = 0; 3620 } 3621 return true; 3622 } 3623 3624 static bool trans_TT(DisasContext *s, arg_TT *a) 3625 { 3626 TCGv_i32 addr, tmp; 3627 3628 if (!arm_dc_feature(s, ARM_FEATURE_M) || 3629 !arm_dc_feature(s, ARM_FEATURE_V8)) { 3630 return false; 3631 } 3632 if (a->rd == 13 || a->rd == 15 || a->rn == 15) { 3633 /* We UNDEF for these UNPREDICTABLE cases */ 3634 unallocated_encoding(s); 3635 return true; 3636 } 3637 if (a->A && !s->v8m_secure) { 3638 /* This case is UNDEFINED. */ 3639 unallocated_encoding(s); 3640 return true; 3641 } 3642 3643 addr = load_reg(s, a->rn); 3644 tmp = tcg_temp_new_i32(); 3645 gen_helper_v7m_tt(tmp, tcg_env, addr, tcg_constant_i32((a->A << 1) | a->T)); 3646 store_reg(s, a->rd, tmp); 3647 return true; 3648 } 3649 3650 /* 3651 * Load/store register index 3652 */ 3653 3654 static ISSInfo make_issinfo(DisasContext *s, int rd, bool p, bool w) 3655 { 3656 ISSInfo ret; 3657 3658 /* ISS not valid if writeback */ 3659 if (p && !w) { 3660 ret = rd; 3661 if (curr_insn_len(s) == 2) { 3662 ret |= ISSIs16Bit; 3663 } 3664 } else { 3665 ret = ISSInvalid; 3666 } 3667 return ret; 3668 } 3669 3670 static TCGv_i32 op_addr_rr_pre(DisasContext *s, arg_ldst_rr *a) 3671 { 3672 TCGv_i32 addr = load_reg(s, a->rn); 3673 3674 if (s->v8m_stackcheck && a->rn == 13 && a->w) { 3675 gen_helper_v8m_stackcheck(tcg_env, addr); 3676 } 3677 3678 if (a->p) { 3679 TCGv_i32 ofs = load_reg(s, a->rm); 3680 gen_arm_shift_im(ofs, a->shtype, a->shimm, 0); 3681 if (a->u) { 3682 tcg_gen_add_i32(addr, addr, ofs); 3683 } else { 3684 tcg_gen_sub_i32(addr, addr, ofs); 3685 } 3686 } 3687 return addr; 3688 } 3689 3690 static void op_addr_rr_post(DisasContext *s, arg_ldst_rr *a, 3691 TCGv_i32 addr) 3692 { 3693 if (!a->p) { 3694 TCGv_i32 ofs = load_reg(s, a->rm); 3695 gen_arm_shift_im(ofs, a->shtype, a->shimm, 0); 3696 if (a->u) { 3697 tcg_gen_add_i32(addr, addr, ofs); 3698 } else { 3699 tcg_gen_sub_i32(addr, addr, ofs); 3700 } 3701 } else if (!a->w) { 3702 return; 3703 } 3704 store_reg(s, a->rn, addr); 3705 } 3706 3707 static bool op_load_rr(DisasContext *s, arg_ldst_rr *a, 3708 MemOp mop, int mem_idx) 3709 { 3710 ISSInfo issinfo = make_issinfo(s, a->rt, a->p, a->w); 3711 TCGv_i32 addr, tmp; 3712 3713 addr = op_addr_rr_pre(s, a); 3714 3715 tmp = tcg_temp_new_i32(); 3716 gen_aa32_ld_i32(s, tmp, addr, mem_idx, mop); 3717 disas_set_da_iss(s, mop, issinfo); 3718 3719 /* 3720 * Perform base writeback before the loaded value to 3721 * ensure correct behavior with overlapping index registers. 3722 */ 3723 op_addr_rr_post(s, a, addr); 3724 store_reg_from_load(s, a->rt, tmp); 3725 return true; 3726 } 3727 3728 static bool op_store_rr(DisasContext *s, arg_ldst_rr *a, 3729 MemOp mop, int mem_idx) 3730 { 3731 ISSInfo issinfo = make_issinfo(s, a->rt, a->p, a->w) | ISSIsWrite; 3732 TCGv_i32 addr, tmp; 3733 3734 /* 3735 * In Thumb encodings of stores Rn=1111 is UNDEF; for Arm it 3736 * is either UNPREDICTABLE or has defined behaviour 3737 */ 3738 if (s->thumb && a->rn == 15) { 3739 return false; 3740 } 3741 3742 addr = op_addr_rr_pre(s, a); 3743 3744 tmp = load_reg(s, a->rt); 3745 gen_aa32_st_i32(s, tmp, addr, mem_idx, mop); 3746 disas_set_da_iss(s, mop, issinfo); 3747 3748 op_addr_rr_post(s, a, addr); 3749 return true; 3750 } 3751 3752 static void do_ldrd_load(DisasContext *s, TCGv_i32 addr, int rt, int rt2) 3753 { 3754 /* 3755 * LDRD is required to be an atomic 64-bit access if the 3756 * address is 8-aligned, two atomic 32-bit accesses if 3757 * it's only 4-aligned, and to give an alignment fault 3758 * if it's not 4-aligned. This is MO_ALIGN_4 | MO_ATOM_SUBALIGN. 3759 * Rt is always the word from the lower address, and Rt2 the 3760 * data from the higher address, regardless of endianness. 3761 * So (like gen_load_exclusive) we avoid gen_aa32_ld_i64() 3762 * so we don't get its SCTLR_B check, and instead do a 64-bit access 3763 * using MO_BE if appropriate and then split the two halves. 3764 * 3765 * For M-profile, and for A-profile before LPAE, the 64-bit 3766 * atomicity is not required. We could model that using 3767 * the looser MO_ATOM_IFALIGN_PAIR, but providing a higher 3768 * level of atomicity than required is harmless (we would not 3769 * currently generate better code for IFALIGN_PAIR here). 3770 * 3771 * This also gives us the correct behaviour of not updating 3772 * rt if the load of rt2 faults; this is required for cases 3773 * like "ldrd r2, r3, [r2]" where rt is also the base register. 3774 */ 3775 int mem_idx = get_mem_index(s); 3776 MemOp opc = MO_64 | MO_ALIGN_4 | MO_ATOM_SUBALIGN | s->be_data; 3777 TCGv taddr = gen_aa32_addr(s, addr, opc); 3778 TCGv_i64 t64 = tcg_temp_new_i64(); 3779 TCGv_i32 tmp = tcg_temp_new_i32(); 3780 TCGv_i32 tmp2 = tcg_temp_new_i32(); 3781 3782 tcg_gen_qemu_ld_i64(t64, taddr, mem_idx, opc); 3783 if (s->be_data == MO_BE) { 3784 tcg_gen_extr_i64_i32(tmp2, tmp, t64); 3785 } else { 3786 tcg_gen_extr_i64_i32(tmp, tmp2, t64); 3787 } 3788 store_reg(s, rt, tmp); 3789 store_reg(s, rt2, tmp2); 3790 } 3791 3792 static bool trans_LDRD_rr(DisasContext *s, arg_ldst_rr *a) 3793 { 3794 TCGv_i32 addr; 3795 3796 if (!ENABLE_ARCH_5TE) { 3797 return false; 3798 } 3799 if (a->rt & 1) { 3800 unallocated_encoding(s); 3801 return true; 3802 } 3803 addr = op_addr_rr_pre(s, a); 3804 3805 do_ldrd_load(s, addr, a->rt, a->rt + 1); 3806 3807 /* LDRD w/ base writeback is undefined if the registers overlap. */ 3808 op_addr_rr_post(s, a, addr); 3809 return true; 3810 } 3811 3812 static void do_strd_store(DisasContext *s, TCGv_i32 addr, int rt, int rt2) 3813 { 3814 /* 3815 * STRD is required to be an atomic 64-bit access if the 3816 * address is 8-aligned, two atomic 32-bit accesses if 3817 * it's only 4-aligned, and to give an alignment fault 3818 * if it's not 4-aligned. 3819 * Rt is always the word from the lower address, and Rt2 the 3820 * data from the higher address, regardless of endianness. 3821 * So (like gen_store_exclusive) we avoid gen_aa32_ld_i64() 3822 * so we don't get its SCTLR_B check, and instead do a 64-bit access 3823 * using MO_BE if appropriate, using a value constructed 3824 * by putting the two halves together in the right order. 3825 * 3826 * As with LDRD, the 64-bit atomicity is not required for 3827 * M-profile, or for A-profile before LPAE, and we provide 3828 * the higher guarantee always for simplicity. 3829 */ 3830 int mem_idx = get_mem_index(s); 3831 MemOp opc = MO_64 | MO_ALIGN_4 | MO_ATOM_SUBALIGN | s->be_data; 3832 TCGv taddr = gen_aa32_addr(s, addr, opc); 3833 TCGv_i32 t1 = load_reg(s, rt); 3834 TCGv_i32 t2 = load_reg(s, rt2); 3835 TCGv_i64 t64 = tcg_temp_new_i64(); 3836 3837 if (s->be_data == MO_BE) { 3838 tcg_gen_concat_i32_i64(t64, t2, t1); 3839 } else { 3840 tcg_gen_concat_i32_i64(t64, t1, t2); 3841 } 3842 tcg_gen_qemu_st_i64(t64, taddr, mem_idx, opc); 3843 } 3844 3845 static bool trans_STRD_rr(DisasContext *s, arg_ldst_rr *a) 3846 { 3847 TCGv_i32 addr; 3848 3849 if (!ENABLE_ARCH_5TE) { 3850 return false; 3851 } 3852 if (a->rt & 1) { 3853 unallocated_encoding(s); 3854 return true; 3855 } 3856 addr = op_addr_rr_pre(s, a); 3857 3858 do_strd_store(s, addr, a->rt, a->rt + 1); 3859 3860 op_addr_rr_post(s, a, addr); 3861 return true; 3862 } 3863 3864 /* 3865 * Load/store immediate index 3866 */ 3867 3868 static TCGv_i32 op_addr_ri_pre(DisasContext *s, arg_ldst_ri *a) 3869 { 3870 int ofs = a->imm; 3871 3872 if (!a->u) { 3873 ofs = -ofs; 3874 } 3875 3876 if (s->v8m_stackcheck && a->rn == 13 && a->w) { 3877 /* 3878 * Stackcheck. Here we know 'addr' is the current SP; 3879 * U is set if we're moving SP up, else down. It is 3880 * UNKNOWN whether the limit check triggers when SP starts 3881 * below the limit and ends up above it; we chose to do so. 3882 */ 3883 if (!a->u) { 3884 TCGv_i32 newsp = tcg_temp_new_i32(); 3885 tcg_gen_addi_i32(newsp, cpu_R[13], ofs); 3886 gen_helper_v8m_stackcheck(tcg_env, newsp); 3887 } else { 3888 gen_helper_v8m_stackcheck(tcg_env, cpu_R[13]); 3889 } 3890 } 3891 3892 return add_reg_for_lit(s, a->rn, a->p ? ofs : 0); 3893 } 3894 3895 static void op_addr_ri_post(DisasContext *s, arg_ldst_ri *a, 3896 TCGv_i32 addr) 3897 { 3898 int address_offset = 0; 3899 if (!a->p) { 3900 if (a->u) { 3901 address_offset = a->imm; 3902 } else { 3903 address_offset = -a->imm; 3904 } 3905 } else if (!a->w) { 3906 return; 3907 } 3908 tcg_gen_addi_i32(addr, addr, address_offset); 3909 store_reg(s, a->rn, addr); 3910 } 3911 3912 static bool op_load_ri(DisasContext *s, arg_ldst_ri *a, 3913 MemOp mop, int mem_idx) 3914 { 3915 ISSInfo issinfo = make_issinfo(s, a->rt, a->p, a->w); 3916 TCGv_i32 addr, tmp; 3917 3918 addr = op_addr_ri_pre(s, a); 3919 3920 tmp = tcg_temp_new_i32(); 3921 gen_aa32_ld_i32(s, tmp, addr, mem_idx, mop); 3922 disas_set_da_iss(s, mop, issinfo); 3923 3924 /* 3925 * Perform base writeback before the loaded value to 3926 * ensure correct behavior with overlapping index registers. 3927 */ 3928 op_addr_ri_post(s, a, addr); 3929 store_reg_from_load(s, a->rt, tmp); 3930 return true; 3931 } 3932 3933 static bool op_store_ri(DisasContext *s, arg_ldst_ri *a, 3934 MemOp mop, int mem_idx) 3935 { 3936 ISSInfo issinfo = make_issinfo(s, a->rt, a->p, a->w) | ISSIsWrite; 3937 TCGv_i32 addr, tmp; 3938 3939 /* 3940 * In Thumb encodings of stores Rn=1111 is UNDEF; for Arm it 3941 * is either UNPREDICTABLE or has defined behaviour 3942 */ 3943 if (s->thumb && a->rn == 15) { 3944 return false; 3945 } 3946 3947 addr = op_addr_ri_pre(s, a); 3948 3949 tmp = load_reg(s, a->rt); 3950 gen_aa32_st_i32(s, tmp, addr, mem_idx, mop); 3951 disas_set_da_iss(s, mop, issinfo); 3952 3953 op_addr_ri_post(s, a, addr); 3954 return true; 3955 } 3956 3957 static bool op_ldrd_ri(DisasContext *s, arg_ldst_ri *a, int rt2) 3958 { 3959 TCGv_i32 addr; 3960 3961 addr = op_addr_ri_pre(s, a); 3962 3963 do_ldrd_load(s, addr, a->rt, rt2); 3964 3965 /* LDRD w/ base writeback is undefined if the registers overlap. */ 3966 op_addr_ri_post(s, a, addr); 3967 return true; 3968 } 3969 3970 static bool trans_LDRD_ri_a32(DisasContext *s, arg_ldst_ri *a) 3971 { 3972 if (!ENABLE_ARCH_5TE || (a->rt & 1)) { 3973 return false; 3974 } 3975 return op_ldrd_ri(s, a, a->rt + 1); 3976 } 3977 3978 static bool trans_LDRD_ri_t32(DisasContext *s, arg_ldst_ri2 *a) 3979 { 3980 arg_ldst_ri b = { 3981 .u = a->u, .w = a->w, .p = a->p, 3982 .rn = a->rn, .rt = a->rt, .imm = a->imm 3983 }; 3984 return op_ldrd_ri(s, &b, a->rt2); 3985 } 3986 3987 static bool op_strd_ri(DisasContext *s, arg_ldst_ri *a, int rt2) 3988 { 3989 TCGv_i32 addr; 3990 3991 addr = op_addr_ri_pre(s, a); 3992 3993 do_strd_store(s, addr, a->rt, rt2); 3994 3995 op_addr_ri_post(s, a, addr); 3996 return true; 3997 } 3998 3999 static bool trans_STRD_ri_a32(DisasContext *s, arg_ldst_ri *a) 4000 { 4001 if (!ENABLE_ARCH_5TE || (a->rt & 1)) { 4002 return false; 4003 } 4004 return op_strd_ri(s, a, a->rt + 1); 4005 } 4006 4007 static bool trans_STRD_ri_t32(DisasContext *s, arg_ldst_ri2 *a) 4008 { 4009 arg_ldst_ri b = { 4010 .u = a->u, .w = a->w, .p = a->p, 4011 .rn = a->rn, .rt = a->rt, .imm = a->imm 4012 }; 4013 return op_strd_ri(s, &b, a->rt2); 4014 } 4015 4016 #define DO_LDST(NAME, WHICH, MEMOP) \ 4017 static bool trans_##NAME##_ri(DisasContext *s, arg_ldst_ri *a) \ 4018 { \ 4019 return op_##WHICH##_ri(s, a, MEMOP, get_mem_index(s)); \ 4020 } \ 4021 static bool trans_##NAME##T_ri(DisasContext *s, arg_ldst_ri *a) \ 4022 { \ 4023 return op_##WHICH##_ri(s, a, MEMOP, get_a32_user_mem_index(s)); \ 4024 } \ 4025 static bool trans_##NAME##_rr(DisasContext *s, arg_ldst_rr *a) \ 4026 { \ 4027 return op_##WHICH##_rr(s, a, MEMOP, get_mem_index(s)); \ 4028 } \ 4029 static bool trans_##NAME##T_rr(DisasContext *s, arg_ldst_rr *a) \ 4030 { \ 4031 return op_##WHICH##_rr(s, a, MEMOP, get_a32_user_mem_index(s)); \ 4032 } 4033 4034 DO_LDST(LDR, load, MO_UL) 4035 DO_LDST(LDRB, load, MO_UB) 4036 DO_LDST(LDRH, load, MO_UW) 4037 DO_LDST(LDRSB, load, MO_SB) 4038 DO_LDST(LDRSH, load, MO_SW) 4039 4040 DO_LDST(STR, store, MO_UL) 4041 DO_LDST(STRB, store, MO_UB) 4042 DO_LDST(STRH, store, MO_UW) 4043 4044 #undef DO_LDST 4045 4046 /* 4047 * Synchronization primitives 4048 */ 4049 4050 static bool op_swp(DisasContext *s, arg_SWP *a, MemOp opc) 4051 { 4052 TCGv_i32 addr, tmp; 4053 TCGv taddr; 4054 4055 opc |= s->be_data; 4056 addr = load_reg(s, a->rn); 4057 taddr = gen_aa32_addr(s, addr, opc); 4058 4059 tmp = load_reg(s, a->rt2); 4060 tcg_gen_atomic_xchg_i32(tmp, taddr, tmp, get_mem_index(s), opc); 4061 4062 store_reg(s, a->rt, tmp); 4063 return true; 4064 } 4065 4066 static bool trans_SWP(DisasContext *s, arg_SWP *a) 4067 { 4068 return op_swp(s, a, MO_UL | MO_ALIGN); 4069 } 4070 4071 static bool trans_SWPB(DisasContext *s, arg_SWP *a) 4072 { 4073 return op_swp(s, a, MO_UB); 4074 } 4075 4076 /* 4077 * Load/Store Exclusive and Load-Acquire/Store-Release 4078 */ 4079 4080 static bool op_strex(DisasContext *s, arg_STREX *a, MemOp mop, bool rel) 4081 { 4082 TCGv_i32 addr; 4083 /* Some cases stopped being UNPREDICTABLE in v8A (but not v8M) */ 4084 bool v8a = ENABLE_ARCH_8 && !arm_dc_feature(s, ARM_FEATURE_M); 4085 4086 /* We UNDEF for these UNPREDICTABLE cases. */ 4087 if (a->rd == 15 || a->rn == 15 || a->rt == 15 4088 || a->rd == a->rn || a->rd == a->rt 4089 || (!v8a && s->thumb && (a->rd == 13 || a->rt == 13)) 4090 || (mop == MO_64 4091 && (a->rt2 == 15 4092 || a->rd == a->rt2 4093 || (!v8a && s->thumb && a->rt2 == 13)))) { 4094 unallocated_encoding(s); 4095 return true; 4096 } 4097 4098 if (rel) { 4099 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL); 4100 } 4101 4102 addr = tcg_temp_new_i32(); 4103 load_reg_var(s, addr, a->rn); 4104 tcg_gen_addi_i32(addr, addr, a->imm); 4105 4106 gen_store_exclusive(s, a->rd, a->rt, a->rt2, addr, mop); 4107 return true; 4108 } 4109 4110 static bool trans_STREX(DisasContext *s, arg_STREX *a) 4111 { 4112 if (!ENABLE_ARCH_6) { 4113 return false; 4114 } 4115 return op_strex(s, a, MO_32, false); 4116 } 4117 4118 static bool trans_STREXD_a32(DisasContext *s, arg_STREX *a) 4119 { 4120 if (!ENABLE_ARCH_6K) { 4121 return false; 4122 } 4123 /* We UNDEF for these UNPREDICTABLE cases. */ 4124 if (a->rt & 1) { 4125 unallocated_encoding(s); 4126 return true; 4127 } 4128 a->rt2 = a->rt + 1; 4129 return op_strex(s, a, MO_64, false); 4130 } 4131 4132 static bool trans_STREXD_t32(DisasContext *s, arg_STREX *a) 4133 { 4134 return op_strex(s, a, MO_64, false); 4135 } 4136 4137 static bool trans_STREXB(DisasContext *s, arg_STREX *a) 4138 { 4139 if (s->thumb ? !ENABLE_ARCH_7 : !ENABLE_ARCH_6K) { 4140 return false; 4141 } 4142 return op_strex(s, a, MO_8, false); 4143 } 4144 4145 static bool trans_STREXH(DisasContext *s, arg_STREX *a) 4146 { 4147 if (s->thumb ? !ENABLE_ARCH_7 : !ENABLE_ARCH_6K) { 4148 return false; 4149 } 4150 return op_strex(s, a, MO_16, false); 4151 } 4152 4153 static bool trans_STLEX(DisasContext *s, arg_STREX *a) 4154 { 4155 if (!ENABLE_ARCH_8) { 4156 return false; 4157 } 4158 return op_strex(s, a, MO_32, true); 4159 } 4160 4161 static bool trans_STLEXD_a32(DisasContext *s, arg_STREX *a) 4162 { 4163 if (!ENABLE_ARCH_8) { 4164 return false; 4165 } 4166 /* We UNDEF for these UNPREDICTABLE cases. */ 4167 if (a->rt & 1) { 4168 unallocated_encoding(s); 4169 return true; 4170 } 4171 a->rt2 = a->rt + 1; 4172 return op_strex(s, a, MO_64, true); 4173 } 4174 4175 static bool trans_STLEXD_t32(DisasContext *s, arg_STREX *a) 4176 { 4177 if (!ENABLE_ARCH_8) { 4178 return false; 4179 } 4180 return op_strex(s, a, MO_64, true); 4181 } 4182 4183 static bool trans_STLEXB(DisasContext *s, arg_STREX *a) 4184 { 4185 if (!ENABLE_ARCH_8) { 4186 return false; 4187 } 4188 return op_strex(s, a, MO_8, true); 4189 } 4190 4191 static bool trans_STLEXH(DisasContext *s, arg_STREX *a) 4192 { 4193 if (!ENABLE_ARCH_8) { 4194 return false; 4195 } 4196 return op_strex(s, a, MO_16, true); 4197 } 4198 4199 static bool op_stl(DisasContext *s, arg_STL *a, MemOp mop) 4200 { 4201 TCGv_i32 addr, tmp; 4202 4203 if (!ENABLE_ARCH_8) { 4204 return false; 4205 } 4206 /* We UNDEF for these UNPREDICTABLE cases. */ 4207 if (a->rn == 15 || a->rt == 15) { 4208 unallocated_encoding(s); 4209 return true; 4210 } 4211 4212 addr = load_reg(s, a->rn); 4213 tmp = load_reg(s, a->rt); 4214 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL); 4215 gen_aa32_st_i32(s, tmp, addr, get_mem_index(s), mop | MO_ALIGN); 4216 disas_set_da_iss(s, mop, a->rt | ISSIsAcqRel | ISSIsWrite); 4217 4218 return true; 4219 } 4220 4221 static bool trans_STL(DisasContext *s, arg_STL *a) 4222 { 4223 return op_stl(s, a, MO_UL); 4224 } 4225 4226 static bool trans_STLB(DisasContext *s, arg_STL *a) 4227 { 4228 return op_stl(s, a, MO_UB); 4229 } 4230 4231 static bool trans_STLH(DisasContext *s, arg_STL *a) 4232 { 4233 return op_stl(s, a, MO_UW); 4234 } 4235 4236 static bool op_ldrex(DisasContext *s, arg_LDREX *a, MemOp mop, bool acq) 4237 { 4238 TCGv_i32 addr; 4239 /* Some cases stopped being UNPREDICTABLE in v8A (but not v8M) */ 4240 bool v8a = ENABLE_ARCH_8 && !arm_dc_feature(s, ARM_FEATURE_M); 4241 4242 /* We UNDEF for these UNPREDICTABLE cases. */ 4243 if (a->rn == 15 || a->rt == 15 4244 || (!v8a && s->thumb && a->rt == 13) 4245 || (mop == MO_64 4246 && (a->rt2 == 15 || a->rt == a->rt2 4247 || (!v8a && s->thumb && a->rt2 == 13)))) { 4248 unallocated_encoding(s); 4249 return true; 4250 } 4251 4252 addr = tcg_temp_new_i32(); 4253 load_reg_var(s, addr, a->rn); 4254 tcg_gen_addi_i32(addr, addr, a->imm); 4255 4256 gen_load_exclusive(s, a->rt, a->rt2, addr, mop); 4257 4258 if (acq) { 4259 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_LDAQ); 4260 } 4261 return true; 4262 } 4263 4264 static bool trans_LDREX(DisasContext *s, arg_LDREX *a) 4265 { 4266 if (!ENABLE_ARCH_6) { 4267 return false; 4268 } 4269 return op_ldrex(s, a, MO_32, false); 4270 } 4271 4272 static bool trans_LDREXD_a32(DisasContext *s, arg_LDREX *a) 4273 { 4274 if (!ENABLE_ARCH_6K) { 4275 return false; 4276 } 4277 /* We UNDEF for these UNPREDICTABLE cases. */ 4278 if (a->rt & 1) { 4279 unallocated_encoding(s); 4280 return true; 4281 } 4282 a->rt2 = a->rt + 1; 4283 return op_ldrex(s, a, MO_64, false); 4284 } 4285 4286 static bool trans_LDREXD_t32(DisasContext *s, arg_LDREX *a) 4287 { 4288 return op_ldrex(s, a, MO_64, false); 4289 } 4290 4291 static bool trans_LDREXB(DisasContext *s, arg_LDREX *a) 4292 { 4293 if (s->thumb ? !ENABLE_ARCH_7 : !ENABLE_ARCH_6K) { 4294 return false; 4295 } 4296 return op_ldrex(s, a, MO_8, false); 4297 } 4298 4299 static bool trans_LDREXH(DisasContext *s, arg_LDREX *a) 4300 { 4301 if (s->thumb ? !ENABLE_ARCH_7 : !ENABLE_ARCH_6K) { 4302 return false; 4303 } 4304 return op_ldrex(s, a, MO_16, false); 4305 } 4306 4307 static bool trans_LDAEX(DisasContext *s, arg_LDREX *a) 4308 { 4309 if (!ENABLE_ARCH_8) { 4310 return false; 4311 } 4312 return op_ldrex(s, a, MO_32, true); 4313 } 4314 4315 static bool trans_LDAEXD_a32(DisasContext *s, arg_LDREX *a) 4316 { 4317 if (!ENABLE_ARCH_8) { 4318 return false; 4319 } 4320 /* We UNDEF for these UNPREDICTABLE cases. */ 4321 if (a->rt & 1) { 4322 unallocated_encoding(s); 4323 return true; 4324 } 4325 a->rt2 = a->rt + 1; 4326 return op_ldrex(s, a, MO_64, true); 4327 } 4328 4329 static bool trans_LDAEXD_t32(DisasContext *s, arg_LDREX *a) 4330 { 4331 if (!ENABLE_ARCH_8) { 4332 return false; 4333 } 4334 return op_ldrex(s, a, MO_64, true); 4335 } 4336 4337 static bool trans_LDAEXB(DisasContext *s, arg_LDREX *a) 4338 { 4339 if (!ENABLE_ARCH_8) { 4340 return false; 4341 } 4342 return op_ldrex(s, a, MO_8, true); 4343 } 4344 4345 static bool trans_LDAEXH(DisasContext *s, arg_LDREX *a) 4346 { 4347 if (!ENABLE_ARCH_8) { 4348 return false; 4349 } 4350 return op_ldrex(s, a, MO_16, true); 4351 } 4352 4353 static bool op_lda(DisasContext *s, arg_LDA *a, MemOp mop) 4354 { 4355 TCGv_i32 addr, tmp; 4356 4357 if (!ENABLE_ARCH_8) { 4358 return false; 4359 } 4360 /* We UNDEF for these UNPREDICTABLE cases. */ 4361 if (a->rn == 15 || a->rt == 15) { 4362 unallocated_encoding(s); 4363 return true; 4364 } 4365 4366 addr = load_reg(s, a->rn); 4367 tmp = tcg_temp_new_i32(); 4368 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), mop | MO_ALIGN); 4369 disas_set_da_iss(s, mop, a->rt | ISSIsAcqRel); 4370 4371 store_reg(s, a->rt, tmp); 4372 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_STRL); 4373 return true; 4374 } 4375 4376 static bool trans_LDA(DisasContext *s, arg_LDA *a) 4377 { 4378 return op_lda(s, a, MO_UL); 4379 } 4380 4381 static bool trans_LDAB(DisasContext *s, arg_LDA *a) 4382 { 4383 return op_lda(s, a, MO_UB); 4384 } 4385 4386 static bool trans_LDAH(DisasContext *s, arg_LDA *a) 4387 { 4388 return op_lda(s, a, MO_UW); 4389 } 4390 4391 /* 4392 * Media instructions 4393 */ 4394 4395 static bool trans_USADA8(DisasContext *s, arg_USADA8 *a) 4396 { 4397 TCGv_i32 t1, t2; 4398 4399 if (!ENABLE_ARCH_6) { 4400 return false; 4401 } 4402 4403 t1 = load_reg(s, a->rn); 4404 t2 = load_reg(s, a->rm); 4405 gen_helper_usad8(t1, t1, t2); 4406 if (a->ra != 15) { 4407 t2 = load_reg(s, a->ra); 4408 tcg_gen_add_i32(t1, t1, t2); 4409 } 4410 store_reg(s, a->rd, t1); 4411 return true; 4412 } 4413 4414 static bool op_bfx(DisasContext *s, arg_UBFX *a, bool u) 4415 { 4416 TCGv_i32 tmp; 4417 int width = a->widthm1 + 1; 4418 int shift = a->lsb; 4419 4420 if (!ENABLE_ARCH_6T2) { 4421 return false; 4422 } 4423 if (shift + width > 32) { 4424 /* UNPREDICTABLE; we choose to UNDEF */ 4425 unallocated_encoding(s); 4426 return true; 4427 } 4428 4429 tmp = load_reg(s, a->rn); 4430 if (u) { 4431 tcg_gen_extract_i32(tmp, tmp, shift, width); 4432 } else { 4433 tcg_gen_sextract_i32(tmp, tmp, shift, width); 4434 } 4435 store_reg(s, a->rd, tmp); 4436 return true; 4437 } 4438 4439 static bool trans_SBFX(DisasContext *s, arg_SBFX *a) 4440 { 4441 return op_bfx(s, a, false); 4442 } 4443 4444 static bool trans_UBFX(DisasContext *s, arg_UBFX *a) 4445 { 4446 return op_bfx(s, a, true); 4447 } 4448 4449 static bool trans_BFCI(DisasContext *s, arg_BFCI *a) 4450 { 4451 int msb = a->msb, lsb = a->lsb; 4452 TCGv_i32 t_in, t_rd; 4453 int width; 4454 4455 if (!ENABLE_ARCH_6T2) { 4456 return false; 4457 } 4458 if (msb < lsb) { 4459 /* UNPREDICTABLE; we choose to UNDEF */ 4460 unallocated_encoding(s); 4461 return true; 4462 } 4463 4464 width = msb + 1 - lsb; 4465 if (a->rn == 15) { 4466 /* BFC */ 4467 t_in = tcg_constant_i32(0); 4468 } else { 4469 /* BFI */ 4470 t_in = load_reg(s, a->rn); 4471 } 4472 t_rd = load_reg(s, a->rd); 4473 tcg_gen_deposit_i32(t_rd, t_rd, t_in, lsb, width); 4474 store_reg(s, a->rd, t_rd); 4475 return true; 4476 } 4477 4478 static bool trans_UDF(DisasContext *s, arg_UDF *a) 4479 { 4480 unallocated_encoding(s); 4481 return true; 4482 } 4483 4484 /* 4485 * Parallel addition and subtraction 4486 */ 4487 4488 static bool op_par_addsub(DisasContext *s, arg_rrr *a, 4489 void (*gen)(TCGv_i32, TCGv_i32, TCGv_i32)) 4490 { 4491 TCGv_i32 t0, t1; 4492 4493 if (s->thumb 4494 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 4495 : !ENABLE_ARCH_6) { 4496 return false; 4497 } 4498 4499 t0 = load_reg(s, a->rn); 4500 t1 = load_reg(s, a->rm); 4501 4502 gen(t0, t0, t1); 4503 4504 store_reg(s, a->rd, t0); 4505 return true; 4506 } 4507 4508 static bool op_par_addsub_ge(DisasContext *s, arg_rrr *a, 4509 void (*gen)(TCGv_i32, TCGv_i32, 4510 TCGv_i32, TCGv_ptr)) 4511 { 4512 TCGv_i32 t0, t1; 4513 TCGv_ptr ge; 4514 4515 if (s->thumb 4516 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 4517 : !ENABLE_ARCH_6) { 4518 return false; 4519 } 4520 4521 t0 = load_reg(s, a->rn); 4522 t1 = load_reg(s, a->rm); 4523 4524 ge = tcg_temp_new_ptr(); 4525 tcg_gen_addi_ptr(ge, tcg_env, offsetof(CPUARMState, GE)); 4526 gen(t0, t0, t1, ge); 4527 4528 store_reg(s, a->rd, t0); 4529 return true; 4530 } 4531 4532 #define DO_PAR_ADDSUB(NAME, helper) \ 4533 static bool trans_##NAME(DisasContext *s, arg_rrr *a) \ 4534 { \ 4535 return op_par_addsub(s, a, helper); \ 4536 } 4537 4538 #define DO_PAR_ADDSUB_GE(NAME, helper) \ 4539 static bool trans_##NAME(DisasContext *s, arg_rrr *a) \ 4540 { \ 4541 return op_par_addsub_ge(s, a, helper); \ 4542 } 4543 4544 DO_PAR_ADDSUB_GE(SADD16, gen_helper_sadd16) 4545 DO_PAR_ADDSUB_GE(SASX, gen_helper_saddsubx) 4546 DO_PAR_ADDSUB_GE(SSAX, gen_helper_ssubaddx) 4547 DO_PAR_ADDSUB_GE(SSUB16, gen_helper_ssub16) 4548 DO_PAR_ADDSUB_GE(SADD8, gen_helper_sadd8) 4549 DO_PAR_ADDSUB_GE(SSUB8, gen_helper_ssub8) 4550 4551 DO_PAR_ADDSUB_GE(UADD16, gen_helper_uadd16) 4552 DO_PAR_ADDSUB_GE(UASX, gen_helper_uaddsubx) 4553 DO_PAR_ADDSUB_GE(USAX, gen_helper_usubaddx) 4554 DO_PAR_ADDSUB_GE(USUB16, gen_helper_usub16) 4555 DO_PAR_ADDSUB_GE(UADD8, gen_helper_uadd8) 4556 DO_PAR_ADDSUB_GE(USUB8, gen_helper_usub8) 4557 4558 DO_PAR_ADDSUB(QADD16, gen_helper_qadd16) 4559 DO_PAR_ADDSUB(QASX, gen_helper_qaddsubx) 4560 DO_PAR_ADDSUB(QSAX, gen_helper_qsubaddx) 4561 DO_PAR_ADDSUB(QSUB16, gen_helper_qsub16) 4562 DO_PAR_ADDSUB(QADD8, gen_helper_qadd8) 4563 DO_PAR_ADDSUB(QSUB8, gen_helper_qsub8) 4564 4565 DO_PAR_ADDSUB(UQADD16, gen_helper_uqadd16) 4566 DO_PAR_ADDSUB(UQASX, gen_helper_uqaddsubx) 4567 DO_PAR_ADDSUB(UQSAX, gen_helper_uqsubaddx) 4568 DO_PAR_ADDSUB(UQSUB16, gen_helper_uqsub16) 4569 DO_PAR_ADDSUB(UQADD8, gen_helper_uqadd8) 4570 DO_PAR_ADDSUB(UQSUB8, gen_helper_uqsub8) 4571 4572 DO_PAR_ADDSUB(SHADD16, gen_helper_shadd16) 4573 DO_PAR_ADDSUB(SHASX, gen_helper_shaddsubx) 4574 DO_PAR_ADDSUB(SHSAX, gen_helper_shsubaddx) 4575 DO_PAR_ADDSUB(SHSUB16, gen_helper_shsub16) 4576 DO_PAR_ADDSUB(SHADD8, gen_helper_shadd8) 4577 DO_PAR_ADDSUB(SHSUB8, gen_helper_shsub8) 4578 4579 DO_PAR_ADDSUB(UHADD16, gen_helper_uhadd16) 4580 DO_PAR_ADDSUB(UHASX, gen_helper_uhaddsubx) 4581 DO_PAR_ADDSUB(UHSAX, gen_helper_uhsubaddx) 4582 DO_PAR_ADDSUB(UHSUB16, gen_helper_uhsub16) 4583 DO_PAR_ADDSUB(UHADD8, gen_helper_uhadd8) 4584 DO_PAR_ADDSUB(UHSUB8, gen_helper_uhsub8) 4585 4586 #undef DO_PAR_ADDSUB 4587 #undef DO_PAR_ADDSUB_GE 4588 4589 /* 4590 * Packing, unpacking, saturation, and reversal 4591 */ 4592 4593 static bool trans_PKH(DisasContext *s, arg_PKH *a) 4594 { 4595 TCGv_i32 tn, tm; 4596 int shift = a->imm; 4597 4598 if (s->thumb 4599 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 4600 : !ENABLE_ARCH_6) { 4601 return false; 4602 } 4603 4604 tn = load_reg(s, a->rn); 4605 tm = load_reg(s, a->rm); 4606 if (a->tb) { 4607 /* PKHTB */ 4608 if (shift == 0) { 4609 shift = 31; 4610 } 4611 tcg_gen_sari_i32(tm, tm, shift); 4612 tcg_gen_deposit_i32(tn, tn, tm, 0, 16); 4613 } else { 4614 /* PKHBT */ 4615 tcg_gen_shli_i32(tm, tm, shift); 4616 tcg_gen_deposit_i32(tn, tm, tn, 0, 16); 4617 } 4618 store_reg(s, a->rd, tn); 4619 return true; 4620 } 4621 4622 static bool op_sat(DisasContext *s, arg_sat *a, 4623 void (*gen)(TCGv_i32, TCGv_env, TCGv_i32, TCGv_i32)) 4624 { 4625 TCGv_i32 tmp; 4626 int shift = a->imm; 4627 4628 if (!ENABLE_ARCH_6) { 4629 return false; 4630 } 4631 4632 tmp = load_reg(s, a->rn); 4633 if (a->sh) { 4634 tcg_gen_sari_i32(tmp, tmp, shift ? shift : 31); 4635 } else { 4636 tcg_gen_shli_i32(tmp, tmp, shift); 4637 } 4638 4639 gen(tmp, tcg_env, tmp, tcg_constant_i32(a->satimm)); 4640 4641 store_reg(s, a->rd, tmp); 4642 return true; 4643 } 4644 4645 static bool trans_SSAT(DisasContext *s, arg_sat *a) 4646 { 4647 return op_sat(s, a, gen_helper_ssat); 4648 } 4649 4650 static bool trans_USAT(DisasContext *s, arg_sat *a) 4651 { 4652 return op_sat(s, a, gen_helper_usat); 4653 } 4654 4655 static bool trans_SSAT16(DisasContext *s, arg_sat *a) 4656 { 4657 if (s->thumb && !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) { 4658 return false; 4659 } 4660 return op_sat(s, a, gen_helper_ssat16); 4661 } 4662 4663 static bool trans_USAT16(DisasContext *s, arg_sat *a) 4664 { 4665 if (s->thumb && !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) { 4666 return false; 4667 } 4668 return op_sat(s, a, gen_helper_usat16); 4669 } 4670 4671 static bool op_xta(DisasContext *s, arg_rrr_rot *a, 4672 void (*gen_extract)(TCGv_i32, TCGv_i32), 4673 void (*gen_add)(TCGv_i32, TCGv_i32, TCGv_i32)) 4674 { 4675 TCGv_i32 tmp; 4676 4677 if (!ENABLE_ARCH_6) { 4678 return false; 4679 } 4680 4681 tmp = load_reg(s, a->rm); 4682 /* 4683 * TODO: In many cases we could do a shift instead of a rotate. 4684 * Combined with a simple extend, that becomes an extract. 4685 */ 4686 tcg_gen_rotri_i32(tmp, tmp, a->rot * 8); 4687 gen_extract(tmp, tmp); 4688 4689 if (a->rn != 15) { 4690 TCGv_i32 tmp2 = load_reg(s, a->rn); 4691 gen_add(tmp, tmp, tmp2); 4692 } 4693 store_reg(s, a->rd, tmp); 4694 return true; 4695 } 4696 4697 static bool trans_SXTAB(DisasContext *s, arg_rrr_rot *a) 4698 { 4699 return op_xta(s, a, tcg_gen_ext8s_i32, tcg_gen_add_i32); 4700 } 4701 4702 static bool trans_SXTAH(DisasContext *s, arg_rrr_rot *a) 4703 { 4704 return op_xta(s, a, tcg_gen_ext16s_i32, tcg_gen_add_i32); 4705 } 4706 4707 static bool trans_SXTAB16(DisasContext *s, arg_rrr_rot *a) 4708 { 4709 if (s->thumb && !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) { 4710 return false; 4711 } 4712 return op_xta(s, a, gen_helper_sxtb16, gen_add16); 4713 } 4714 4715 static bool trans_UXTAB(DisasContext *s, arg_rrr_rot *a) 4716 { 4717 return op_xta(s, a, tcg_gen_ext8u_i32, tcg_gen_add_i32); 4718 } 4719 4720 static bool trans_UXTAH(DisasContext *s, arg_rrr_rot *a) 4721 { 4722 return op_xta(s, a, tcg_gen_ext16u_i32, tcg_gen_add_i32); 4723 } 4724 4725 static bool trans_UXTAB16(DisasContext *s, arg_rrr_rot *a) 4726 { 4727 if (s->thumb && !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP)) { 4728 return false; 4729 } 4730 return op_xta(s, a, gen_helper_uxtb16, gen_add16); 4731 } 4732 4733 static bool trans_SEL(DisasContext *s, arg_rrr *a) 4734 { 4735 TCGv_i32 t1, t2, t3; 4736 4737 if (s->thumb 4738 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 4739 : !ENABLE_ARCH_6) { 4740 return false; 4741 } 4742 4743 t1 = load_reg(s, a->rn); 4744 t2 = load_reg(s, a->rm); 4745 t3 = tcg_temp_new_i32(); 4746 tcg_gen_ld_i32(t3, tcg_env, offsetof(CPUARMState, GE)); 4747 gen_helper_sel_flags(t1, t3, t1, t2); 4748 store_reg(s, a->rd, t1); 4749 return true; 4750 } 4751 4752 static bool op_rr(DisasContext *s, arg_rr *a, 4753 void (*gen)(TCGv_i32, TCGv_i32)) 4754 { 4755 TCGv_i32 tmp; 4756 4757 tmp = load_reg(s, a->rm); 4758 gen(tmp, tmp); 4759 store_reg(s, a->rd, tmp); 4760 return true; 4761 } 4762 4763 static bool trans_REV(DisasContext *s, arg_rr *a) 4764 { 4765 if (!ENABLE_ARCH_6) { 4766 return false; 4767 } 4768 return op_rr(s, a, tcg_gen_bswap32_i32); 4769 } 4770 4771 static bool trans_REV16(DisasContext *s, arg_rr *a) 4772 { 4773 if (!ENABLE_ARCH_6) { 4774 return false; 4775 } 4776 return op_rr(s, a, gen_rev16); 4777 } 4778 4779 static bool trans_REVSH(DisasContext *s, arg_rr *a) 4780 { 4781 if (!ENABLE_ARCH_6) { 4782 return false; 4783 } 4784 return op_rr(s, a, gen_revsh); 4785 } 4786 4787 static bool trans_RBIT(DisasContext *s, arg_rr *a) 4788 { 4789 if (!ENABLE_ARCH_6T2) { 4790 return false; 4791 } 4792 return op_rr(s, a, gen_helper_rbit); 4793 } 4794 4795 /* 4796 * Signed multiply, signed and unsigned divide 4797 */ 4798 4799 static bool op_smlad(DisasContext *s, arg_rrrr *a, bool m_swap, bool sub) 4800 { 4801 TCGv_i32 t1, t2; 4802 4803 if (!ENABLE_ARCH_6) { 4804 return false; 4805 } 4806 4807 t1 = load_reg(s, a->rn); 4808 t2 = load_reg(s, a->rm); 4809 if (m_swap) { 4810 gen_swap_half(t2, t2); 4811 } 4812 gen_smul_dual(t1, t2); 4813 4814 if (sub) { 4815 /* 4816 * This subtraction cannot overflow, so we can do a simple 4817 * 32-bit subtraction and then a possible 32-bit saturating 4818 * addition of Ra. 4819 */ 4820 tcg_gen_sub_i32(t1, t1, t2); 4821 4822 if (a->ra != 15) { 4823 t2 = load_reg(s, a->ra); 4824 gen_helper_add_setq(t1, tcg_env, t1, t2); 4825 } 4826 } else if (a->ra == 15) { 4827 /* Single saturation-checking addition */ 4828 gen_helper_add_setq(t1, tcg_env, t1, t2); 4829 } else { 4830 /* 4831 * We need to add the products and Ra together and then 4832 * determine whether the final result overflowed. Doing 4833 * this as two separate add-and-check-overflow steps incorrectly 4834 * sets Q for cases like (-32768 * -32768) + (-32768 * -32768) + -1. 4835 * Do all the arithmetic at 64-bits and then check for overflow. 4836 */ 4837 TCGv_i64 p64, q64; 4838 TCGv_i32 t3, qf, one; 4839 4840 p64 = tcg_temp_new_i64(); 4841 q64 = tcg_temp_new_i64(); 4842 tcg_gen_ext_i32_i64(p64, t1); 4843 tcg_gen_ext_i32_i64(q64, t2); 4844 tcg_gen_add_i64(p64, p64, q64); 4845 load_reg_var(s, t2, a->ra); 4846 tcg_gen_ext_i32_i64(q64, t2); 4847 tcg_gen_add_i64(p64, p64, q64); 4848 4849 tcg_gen_extr_i64_i32(t1, t2, p64); 4850 /* 4851 * t1 is the low half of the result which goes into Rd. 4852 * We have overflow and must set Q if the high half (t2) 4853 * is different from the sign-extension of t1. 4854 */ 4855 t3 = tcg_temp_new_i32(); 4856 tcg_gen_sari_i32(t3, t1, 31); 4857 qf = load_cpu_field(QF); 4858 one = tcg_constant_i32(1); 4859 tcg_gen_movcond_i32(TCG_COND_NE, qf, t2, t3, one, qf); 4860 store_cpu_field(qf, QF); 4861 } 4862 store_reg(s, a->rd, t1); 4863 return true; 4864 } 4865 4866 static bool trans_SMLAD(DisasContext *s, arg_rrrr *a) 4867 { 4868 return op_smlad(s, a, false, false); 4869 } 4870 4871 static bool trans_SMLADX(DisasContext *s, arg_rrrr *a) 4872 { 4873 return op_smlad(s, a, true, false); 4874 } 4875 4876 static bool trans_SMLSD(DisasContext *s, arg_rrrr *a) 4877 { 4878 return op_smlad(s, a, false, true); 4879 } 4880 4881 static bool trans_SMLSDX(DisasContext *s, arg_rrrr *a) 4882 { 4883 return op_smlad(s, a, true, true); 4884 } 4885 4886 static bool op_smlald(DisasContext *s, arg_rrrr *a, bool m_swap, bool sub) 4887 { 4888 TCGv_i32 t1, t2; 4889 TCGv_i64 l1, l2; 4890 4891 if (!ENABLE_ARCH_6) { 4892 return false; 4893 } 4894 4895 t1 = load_reg(s, a->rn); 4896 t2 = load_reg(s, a->rm); 4897 if (m_swap) { 4898 gen_swap_half(t2, t2); 4899 } 4900 gen_smul_dual(t1, t2); 4901 4902 l1 = tcg_temp_new_i64(); 4903 l2 = tcg_temp_new_i64(); 4904 tcg_gen_ext_i32_i64(l1, t1); 4905 tcg_gen_ext_i32_i64(l2, t2); 4906 4907 if (sub) { 4908 tcg_gen_sub_i64(l1, l1, l2); 4909 } else { 4910 tcg_gen_add_i64(l1, l1, l2); 4911 } 4912 4913 gen_addq(s, l1, a->ra, a->rd); 4914 gen_storeq_reg(s, a->ra, a->rd, l1); 4915 return true; 4916 } 4917 4918 static bool trans_SMLALD(DisasContext *s, arg_rrrr *a) 4919 { 4920 return op_smlald(s, a, false, false); 4921 } 4922 4923 static bool trans_SMLALDX(DisasContext *s, arg_rrrr *a) 4924 { 4925 return op_smlald(s, a, true, false); 4926 } 4927 4928 static bool trans_SMLSLD(DisasContext *s, arg_rrrr *a) 4929 { 4930 return op_smlald(s, a, false, true); 4931 } 4932 4933 static bool trans_SMLSLDX(DisasContext *s, arg_rrrr *a) 4934 { 4935 return op_smlald(s, a, true, true); 4936 } 4937 4938 static bool op_smmla(DisasContext *s, arg_rrrr *a, bool round, bool sub) 4939 { 4940 TCGv_i32 t1, t2; 4941 4942 if (s->thumb 4943 ? !arm_dc_feature(s, ARM_FEATURE_THUMB_DSP) 4944 : !ENABLE_ARCH_6) { 4945 return false; 4946 } 4947 4948 t1 = load_reg(s, a->rn); 4949 t2 = load_reg(s, a->rm); 4950 tcg_gen_muls2_i32(t2, t1, t1, t2); 4951 4952 if (a->ra != 15) { 4953 TCGv_i32 t3 = load_reg(s, a->ra); 4954 if (sub) { 4955 /* 4956 * For SMMLS, we need a 64-bit subtract. Borrow caused by 4957 * a non-zero multiplicand lowpart, and the correct result 4958 * lowpart for rounding. 4959 */ 4960 tcg_gen_sub2_i32(t2, t1, tcg_constant_i32(0), t3, t2, t1); 4961 } else { 4962 tcg_gen_add_i32(t1, t1, t3); 4963 } 4964 } 4965 if (round) { 4966 /* 4967 * Adding 0x80000000 to the 64-bit quantity means that we have 4968 * carry in to the high word when the low word has the msb set. 4969 */ 4970 tcg_gen_shri_i32(t2, t2, 31); 4971 tcg_gen_add_i32(t1, t1, t2); 4972 } 4973 store_reg(s, a->rd, t1); 4974 return true; 4975 } 4976 4977 static bool trans_SMMLA(DisasContext *s, arg_rrrr *a) 4978 { 4979 return op_smmla(s, a, false, false); 4980 } 4981 4982 static bool trans_SMMLAR(DisasContext *s, arg_rrrr *a) 4983 { 4984 return op_smmla(s, a, true, false); 4985 } 4986 4987 static bool trans_SMMLS(DisasContext *s, arg_rrrr *a) 4988 { 4989 return op_smmla(s, a, false, true); 4990 } 4991 4992 static bool trans_SMMLSR(DisasContext *s, arg_rrrr *a) 4993 { 4994 return op_smmla(s, a, true, true); 4995 } 4996 4997 static bool op_div(DisasContext *s, arg_rrr *a, bool u) 4998 { 4999 TCGv_i32 t1, t2; 5000 5001 if (s->thumb 5002 ? !dc_isar_feature(aa32_thumb_div, s) 5003 : !dc_isar_feature(aa32_arm_div, s)) { 5004 return false; 5005 } 5006 5007 t1 = load_reg(s, a->rn); 5008 t2 = load_reg(s, a->rm); 5009 if (u) { 5010 gen_helper_udiv(t1, tcg_env, t1, t2); 5011 } else { 5012 gen_helper_sdiv(t1, tcg_env, t1, t2); 5013 } 5014 store_reg(s, a->rd, t1); 5015 return true; 5016 } 5017 5018 static bool trans_SDIV(DisasContext *s, arg_rrr *a) 5019 { 5020 return op_div(s, a, false); 5021 } 5022 5023 static bool trans_UDIV(DisasContext *s, arg_rrr *a) 5024 { 5025 return op_div(s, a, true); 5026 } 5027 5028 /* 5029 * Block data transfer 5030 */ 5031 5032 static TCGv_i32 op_addr_block_pre(DisasContext *s, arg_ldst_block *a, int n) 5033 { 5034 TCGv_i32 addr = load_reg(s, a->rn); 5035 5036 if (a->b) { 5037 if (a->i) { 5038 /* pre increment */ 5039 tcg_gen_addi_i32(addr, addr, 4); 5040 } else { 5041 /* pre decrement */ 5042 tcg_gen_addi_i32(addr, addr, -(n * 4)); 5043 } 5044 } else if (!a->i && n != 1) { 5045 /* post decrement */ 5046 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4)); 5047 } 5048 5049 if (s->v8m_stackcheck && a->rn == 13 && a->w) { 5050 /* 5051 * If the writeback is incrementing SP rather than 5052 * decrementing it, and the initial SP is below the 5053 * stack limit but the final written-back SP would 5054 * be above, then we must not perform any memory 5055 * accesses, but it is IMPDEF whether we generate 5056 * an exception. We choose to do so in this case. 5057 * At this point 'addr' is the lowest address, so 5058 * either the original SP (if incrementing) or our 5059 * final SP (if decrementing), so that's what we check. 5060 */ 5061 gen_helper_v8m_stackcheck(tcg_env, addr); 5062 } 5063 5064 return addr; 5065 } 5066 5067 static void op_addr_block_post(DisasContext *s, arg_ldst_block *a, 5068 TCGv_i32 addr, int n) 5069 { 5070 if (a->w) { 5071 /* write back */ 5072 if (!a->b) { 5073 if (a->i) { 5074 /* post increment */ 5075 tcg_gen_addi_i32(addr, addr, 4); 5076 } else { 5077 /* post decrement */ 5078 tcg_gen_addi_i32(addr, addr, -(n * 4)); 5079 } 5080 } else if (!a->i && n != 1) { 5081 /* pre decrement */ 5082 tcg_gen_addi_i32(addr, addr, -((n - 1) * 4)); 5083 } 5084 store_reg(s, a->rn, addr); 5085 } 5086 } 5087 5088 static bool op_stm(DisasContext *s, arg_ldst_block *a) 5089 { 5090 int i, j, n, list, mem_idx; 5091 bool user = a->u; 5092 TCGv_i32 addr, tmp; 5093 5094 if (user) { 5095 /* STM (user) */ 5096 if (IS_USER(s)) { 5097 /* Only usable in supervisor mode. */ 5098 unallocated_encoding(s); 5099 return true; 5100 } 5101 } 5102 5103 list = a->list; 5104 n = ctpop16(list); 5105 /* 5106 * This is UNPREDICTABLE for n < 1 in all encodings, and we choose 5107 * to UNDEF. In the T32 STM encoding n == 1 is also UNPREDICTABLE, 5108 * but hardware treats it like the A32 version and implements the 5109 * single-register-store, and some in-the-wild (buggy) software 5110 * assumes that, so we don't UNDEF on that case. 5111 */ 5112 if (n < 1 || a->rn == 15) { 5113 unallocated_encoding(s); 5114 return true; 5115 } 5116 5117 s->eci_handled = true; 5118 5119 addr = op_addr_block_pre(s, a, n); 5120 mem_idx = get_mem_index(s); 5121 5122 for (i = j = 0; i < 16; i++) { 5123 if (!(list & (1 << i))) { 5124 continue; 5125 } 5126 5127 if (user && i != 15) { 5128 tmp = tcg_temp_new_i32(); 5129 gen_helper_get_user_reg(tmp, tcg_env, tcg_constant_i32(i)); 5130 } else { 5131 tmp = load_reg(s, i); 5132 } 5133 gen_aa32_st_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN); 5134 5135 /* No need to add after the last transfer. */ 5136 if (++j != n) { 5137 tcg_gen_addi_i32(addr, addr, 4); 5138 } 5139 } 5140 5141 op_addr_block_post(s, a, addr, n); 5142 clear_eci_state(s); 5143 return true; 5144 } 5145 5146 static bool trans_STM(DisasContext *s, arg_ldst_block *a) 5147 { 5148 return op_stm(s, a); 5149 } 5150 5151 static bool trans_STM_t32(DisasContext *s, arg_ldst_block *a) 5152 { 5153 /* Writeback register in register list is UNPREDICTABLE for T32. */ 5154 if (a->w && (a->list & (1 << a->rn))) { 5155 unallocated_encoding(s); 5156 return true; 5157 } 5158 return op_stm(s, a); 5159 } 5160 5161 static bool do_ldm(DisasContext *s, arg_ldst_block *a) 5162 { 5163 int i, j, n, list, mem_idx; 5164 bool loaded_base; 5165 bool user = a->u; 5166 bool exc_return = false; 5167 TCGv_i32 addr, tmp, loaded_var; 5168 5169 if (user) { 5170 /* LDM (user), LDM (exception return) */ 5171 if (IS_USER(s)) { 5172 /* Only usable in supervisor mode. */ 5173 unallocated_encoding(s); 5174 return true; 5175 } 5176 if (extract32(a->list, 15, 1)) { 5177 exc_return = true; 5178 user = false; 5179 } else { 5180 /* LDM (user) does not allow writeback. */ 5181 if (a->w) { 5182 unallocated_encoding(s); 5183 return true; 5184 } 5185 } 5186 } 5187 5188 list = a->list; 5189 n = ctpop16(list); 5190 /* 5191 * This is UNPREDICTABLE for n < 1 in all encodings, and we choose 5192 * to UNDEF. In the T32 LDM encoding n == 1 is also UNPREDICTABLE, 5193 * but hardware treats it like the A32 version and implements the 5194 * single-register-load, and some in-the-wild (buggy) software 5195 * assumes that, so we don't UNDEF on that case. 5196 */ 5197 if (n < 1 || a->rn == 15) { 5198 unallocated_encoding(s); 5199 return true; 5200 } 5201 5202 s->eci_handled = true; 5203 5204 addr = op_addr_block_pre(s, a, n); 5205 mem_idx = get_mem_index(s); 5206 loaded_base = false; 5207 loaded_var = NULL; 5208 5209 for (i = j = 0; i < 16; i++) { 5210 if (!(list & (1 << i))) { 5211 continue; 5212 } 5213 5214 tmp = tcg_temp_new_i32(); 5215 gen_aa32_ld_i32(s, tmp, addr, mem_idx, MO_UL | MO_ALIGN); 5216 if (user) { 5217 gen_helper_set_user_reg(tcg_env, tcg_constant_i32(i), tmp); 5218 } else if (i == a->rn) { 5219 loaded_var = tmp; 5220 loaded_base = true; 5221 } else if (i == 15 && exc_return) { 5222 store_pc_exc_ret(s, tmp); 5223 } else { 5224 store_reg_from_load(s, i, tmp); 5225 } 5226 5227 /* No need to add after the last transfer. */ 5228 if (++j != n) { 5229 tcg_gen_addi_i32(addr, addr, 4); 5230 } 5231 } 5232 5233 op_addr_block_post(s, a, addr, n); 5234 5235 if (loaded_base) { 5236 /* Note that we reject base == pc above. */ 5237 store_reg(s, a->rn, loaded_var); 5238 } 5239 5240 if (exc_return) { 5241 /* Restore CPSR from SPSR. */ 5242 tmp = load_cpu_field(spsr); 5243 translator_io_start(&s->base); 5244 gen_helper_cpsr_write_eret(tcg_env, tmp); 5245 /* Must exit loop to check un-masked IRQs */ 5246 s->base.is_jmp = DISAS_EXIT; 5247 } 5248 clear_eci_state(s); 5249 return true; 5250 } 5251 5252 static bool trans_LDM_a32(DisasContext *s, arg_ldst_block *a) 5253 { 5254 /* 5255 * Writeback register in register list is UNPREDICTABLE 5256 * for ArchVersion() >= 7. Prior to v7, A32 would write 5257 * an UNKNOWN value to the base register. 5258 */ 5259 if (ENABLE_ARCH_7 && a->w && (a->list & (1 << a->rn))) { 5260 unallocated_encoding(s); 5261 return true; 5262 } 5263 return do_ldm(s, a); 5264 } 5265 5266 static bool trans_LDM_t32(DisasContext *s, arg_ldst_block *a) 5267 { 5268 /* Writeback register in register list is UNPREDICTABLE for T32. */ 5269 if (a->w && (a->list & (1 << a->rn))) { 5270 unallocated_encoding(s); 5271 return true; 5272 } 5273 return do_ldm(s, a); 5274 } 5275 5276 static bool trans_LDM_t16(DisasContext *s, arg_ldst_block *a) 5277 { 5278 /* Writeback is conditional on the base register not being loaded. */ 5279 a->w = !(a->list & (1 << a->rn)); 5280 return do_ldm(s, a); 5281 } 5282 5283 static bool trans_CLRM(DisasContext *s, arg_CLRM *a) 5284 { 5285 int i; 5286 TCGv_i32 zero; 5287 5288 if (!dc_isar_feature(aa32_m_sec_state, s)) { 5289 return false; 5290 } 5291 5292 if (extract32(a->list, 13, 1)) { 5293 return false; 5294 } 5295 5296 if (!a->list) { 5297 /* UNPREDICTABLE; we choose to UNDEF */ 5298 return false; 5299 } 5300 5301 s->eci_handled = true; 5302 5303 zero = tcg_constant_i32(0); 5304 for (i = 0; i < 15; i++) { 5305 if (extract32(a->list, i, 1)) { 5306 /* Clear R[i] */ 5307 tcg_gen_mov_i32(cpu_R[i], zero); 5308 } 5309 } 5310 if (extract32(a->list, 15, 1)) { 5311 /* 5312 * Clear APSR (by calling the MSR helper with the same argument 5313 * as for "MSR APSR_nzcvqg, Rn": mask = 0b1100, SYSM=0) 5314 */ 5315 gen_helper_v7m_msr(tcg_env, tcg_constant_i32(0xc00), zero); 5316 } 5317 clear_eci_state(s); 5318 return true; 5319 } 5320 5321 /* 5322 * Branch, branch with link 5323 */ 5324 5325 static bool trans_B(DisasContext *s, arg_i *a) 5326 { 5327 gen_jmp(s, jmp_diff(s, a->imm)); 5328 return true; 5329 } 5330 5331 static bool trans_B_cond_thumb(DisasContext *s, arg_ci *a) 5332 { 5333 /* This has cond from encoding, required to be outside IT block. */ 5334 if (a->cond >= 0xe) { 5335 return false; 5336 } 5337 if (s->condexec_mask) { 5338 unallocated_encoding(s); 5339 return true; 5340 } 5341 arm_skip_unless(s, a->cond); 5342 gen_jmp(s, jmp_diff(s, a->imm)); 5343 return true; 5344 } 5345 5346 static bool trans_BL(DisasContext *s, arg_i *a) 5347 { 5348 gen_pc_plus_diff(s, cpu_R[14], curr_insn_len(s) | s->thumb); 5349 gen_jmp(s, jmp_diff(s, a->imm)); 5350 return true; 5351 } 5352 5353 static bool trans_BLX_i(DisasContext *s, arg_BLX_i *a) 5354 { 5355 /* 5356 * BLX <imm> would be useless on M-profile; the encoding space 5357 * is used for other insns from v8.1M onward, and UNDEFs before that. 5358 */ 5359 if (arm_dc_feature(s, ARM_FEATURE_M)) { 5360 return false; 5361 } 5362 5363 /* For A32, ARM_FEATURE_V5 is checked near the start of the uncond block. */ 5364 if (s->thumb && (a->imm & 2)) { 5365 return false; 5366 } 5367 gen_pc_plus_diff(s, cpu_R[14], curr_insn_len(s) | s->thumb); 5368 store_cpu_field_constant(!s->thumb, thumb); 5369 /* This jump is computed from an aligned PC: subtract off the low bits. */ 5370 gen_jmp(s, jmp_diff(s, a->imm - (s->pc_curr & 3))); 5371 return true; 5372 } 5373 5374 static bool trans_BL_BLX_prefix(DisasContext *s, arg_BL_BLX_prefix *a) 5375 { 5376 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2)); 5377 gen_pc_plus_diff(s, cpu_R[14], jmp_diff(s, a->imm << 12)); 5378 return true; 5379 } 5380 5381 static bool trans_BL_suffix(DisasContext *s, arg_BL_suffix *a) 5382 { 5383 TCGv_i32 tmp = tcg_temp_new_i32(); 5384 5385 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2)); 5386 tcg_gen_addi_i32(tmp, cpu_R[14], (a->imm << 1) | 1); 5387 gen_pc_plus_diff(s, cpu_R[14], curr_insn_len(s) | 1); 5388 gen_bx(s, tmp); 5389 return true; 5390 } 5391 5392 static bool trans_BLX_suffix(DisasContext *s, arg_BLX_suffix *a) 5393 { 5394 TCGv_i32 tmp; 5395 5396 assert(!arm_dc_feature(s, ARM_FEATURE_THUMB2)); 5397 if (!ENABLE_ARCH_5) { 5398 return false; 5399 } 5400 tmp = tcg_temp_new_i32(); 5401 tcg_gen_addi_i32(tmp, cpu_R[14], a->imm << 1); 5402 tcg_gen_andi_i32(tmp, tmp, 0xfffffffc); 5403 gen_pc_plus_diff(s, cpu_R[14], curr_insn_len(s) | 1); 5404 gen_bx(s, tmp); 5405 return true; 5406 } 5407 5408 static bool trans_BF(DisasContext *s, arg_BF *a) 5409 { 5410 /* 5411 * M-profile branch future insns. The architecture permits an 5412 * implementation to implement these as NOPs (equivalent to 5413 * discarding the LO_BRANCH_INFO cache immediately), and we 5414 * take that IMPDEF option because for QEMU a "real" implementation 5415 * would be complicated and wouldn't execute any faster. 5416 */ 5417 if (!dc_isar_feature(aa32_lob, s)) { 5418 return false; 5419 } 5420 if (a->boff == 0) { 5421 /* SEE "Related encodings" (loop insns) */ 5422 return false; 5423 } 5424 /* Handle as NOP */ 5425 return true; 5426 } 5427 5428 static bool trans_DLS(DisasContext *s, arg_DLS *a) 5429 { 5430 /* M-profile low-overhead loop start */ 5431 TCGv_i32 tmp; 5432 5433 if (!dc_isar_feature(aa32_lob, s)) { 5434 return false; 5435 } 5436 if (a->rn == 13 || a->rn == 15) { 5437 /* 5438 * For DLSTP rn == 15 is a related encoding (LCTP); the 5439 * other cases caught by this condition are all 5440 * CONSTRAINED UNPREDICTABLE: we choose to UNDEF 5441 */ 5442 return false; 5443 } 5444 5445 if (a->size != 4) { 5446 /* DLSTP */ 5447 if (!dc_isar_feature(aa32_mve, s)) { 5448 return false; 5449 } 5450 if (!vfp_access_check(s)) { 5451 return true; 5452 } 5453 } 5454 5455 /* Not a while loop: set LR to the count, and set LTPSIZE for DLSTP */ 5456 tmp = load_reg(s, a->rn); 5457 store_reg(s, 14, tmp); 5458 if (a->size != 4) { 5459 /* DLSTP: set FPSCR.LTPSIZE */ 5460 store_cpu_field(tcg_constant_i32(a->size), v7m.ltpsize); 5461 s->base.is_jmp = DISAS_UPDATE_NOCHAIN; 5462 } 5463 return true; 5464 } 5465 5466 static bool trans_WLS(DisasContext *s, arg_WLS *a) 5467 { 5468 /* M-profile low-overhead while-loop start */ 5469 TCGv_i32 tmp; 5470 DisasLabel nextlabel; 5471 5472 if (!dc_isar_feature(aa32_lob, s)) { 5473 return false; 5474 } 5475 if (a->rn == 13 || a->rn == 15) { 5476 /* 5477 * For WLSTP rn == 15 is a related encoding (LE); the 5478 * other cases caught by this condition are all 5479 * CONSTRAINED UNPREDICTABLE: we choose to UNDEF 5480 */ 5481 return false; 5482 } 5483 if (s->condexec_mask) { 5484 /* 5485 * WLS in an IT block is CONSTRAINED UNPREDICTABLE; 5486 * we choose to UNDEF, because otherwise our use of 5487 * gen_goto_tb(1) would clash with the use of TB exit 1 5488 * in the dc->condjmp condition-failed codepath in 5489 * arm_tr_tb_stop() and we'd get an assertion. 5490 */ 5491 return false; 5492 } 5493 if (a->size != 4) { 5494 /* WLSTP */ 5495 if (!dc_isar_feature(aa32_mve, s)) { 5496 return false; 5497 } 5498 /* 5499 * We need to check that the FPU is enabled here, but mustn't 5500 * call vfp_access_check() to do that because we don't want to 5501 * do the lazy state preservation in the "loop count is zero" case. 5502 * Do the check-and-raise-exception by hand. 5503 */ 5504 if (s->fp_excp_el) { 5505 gen_exception_insn_el(s, 0, EXCP_NOCP, 5506 syn_uncategorized(), s->fp_excp_el); 5507 return true; 5508 } 5509 } 5510 5511 nextlabel = gen_disas_label(s); 5512 tcg_gen_brcondi_i32(TCG_COND_EQ, cpu_R[a->rn], 0, nextlabel.label); 5513 tmp = load_reg(s, a->rn); 5514 store_reg(s, 14, tmp); 5515 if (a->size != 4) { 5516 /* 5517 * WLSTP: set FPSCR.LTPSIZE. This requires that we do the 5518 * lazy state preservation, new FP context creation, etc, 5519 * that vfp_access_check() does. We know that the actual 5520 * access check will succeed (ie it won't generate code that 5521 * throws an exception) because we did that check by hand earlier. 5522 */ 5523 bool ok = vfp_access_check(s); 5524 assert(ok); 5525 store_cpu_field(tcg_constant_i32(a->size), v7m.ltpsize); 5526 /* 5527 * LTPSIZE updated, but MVE_NO_PRED will always be the same thing (0) 5528 * when we take this upcoming exit from this TB, so gen_jmp_tb() is OK. 5529 */ 5530 } 5531 gen_jmp_tb(s, curr_insn_len(s), 1); 5532 5533 set_disas_label(s, nextlabel); 5534 gen_jmp(s, jmp_diff(s, a->imm)); 5535 return true; 5536 } 5537 5538 static bool trans_LE(DisasContext *s, arg_LE *a) 5539 { 5540 /* 5541 * M-profile low-overhead loop end. The architecture permits an 5542 * implementation to discard the LO_BRANCH_INFO cache at any time, 5543 * and we take the IMPDEF option to never set it in the first place 5544 * (equivalent to always discarding it immediately), because for QEMU 5545 * a "real" implementation would be complicated and wouldn't execute 5546 * any faster. 5547 */ 5548 TCGv_i32 tmp; 5549 DisasLabel loopend; 5550 bool fpu_active; 5551 5552 if (!dc_isar_feature(aa32_lob, s)) { 5553 return false; 5554 } 5555 if (a->f && a->tp) { 5556 return false; 5557 } 5558 if (s->condexec_mask) { 5559 /* 5560 * LE in an IT block is CONSTRAINED UNPREDICTABLE; 5561 * we choose to UNDEF, because otherwise our use of 5562 * gen_goto_tb(1) would clash with the use of TB exit 1 5563 * in the dc->condjmp condition-failed codepath in 5564 * arm_tr_tb_stop() and we'd get an assertion. 5565 */ 5566 return false; 5567 } 5568 if (a->tp) { 5569 /* LETP */ 5570 if (!dc_isar_feature(aa32_mve, s)) { 5571 return false; 5572 } 5573 if (!vfp_access_check(s)) { 5574 s->eci_handled = true; 5575 return true; 5576 } 5577 } 5578 5579 /* LE/LETP is OK with ECI set and leaves it untouched */ 5580 s->eci_handled = true; 5581 5582 /* 5583 * With MVE, LTPSIZE might not be 4, and we must emit an INVSTATE 5584 * UsageFault exception for the LE insn in that case. Note that we 5585 * are not directly checking FPSCR.LTPSIZE but instead check the 5586 * pseudocode LTPSIZE() function, which returns 4 if the FPU is 5587 * not currently active (ie ActiveFPState() returns false). We 5588 * can identify not-active purely from our TB state flags, as the 5589 * FPU is active only if: 5590 * the FPU is enabled 5591 * AND lazy state preservation is not active 5592 * AND we do not need a new fp context (this is the ASPEN/FPCA check) 5593 * 5594 * Usually we don't need to care about this distinction between 5595 * LTPSIZE and FPSCR.LTPSIZE, because the code in vfp_access_check() 5596 * will either take an exception or clear the conditions that make 5597 * the FPU not active. But LE is an unusual case of a non-FP insn 5598 * that looks at LTPSIZE. 5599 */ 5600 fpu_active = !s->fp_excp_el && !s->v7m_lspact && !s->v7m_new_fp_ctxt_needed; 5601 5602 if (!a->tp && dc_isar_feature(aa32_mve, s) && fpu_active) { 5603 /* Need to do a runtime check for LTPSIZE != 4 */ 5604 TCGLabel *fail = delay_exception(s, EXCP_INVSTATE, syn_uncategorized()); 5605 5606 tmp = load_cpu_field(v7m.ltpsize); 5607 tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 4, fail); 5608 } 5609 5610 if (a->f) { 5611 /* Loop-forever: just jump back to the loop start */ 5612 gen_jmp(s, jmp_diff(s, -a->imm)); 5613 return true; 5614 } 5615 5616 /* 5617 * Not loop-forever. If LR <= loop-decrement-value this is the last loop. 5618 * For LE, we know at this point that LTPSIZE must be 4 and the 5619 * loop decrement value is 1. For LETP we need to calculate the decrement 5620 * value from LTPSIZE. 5621 */ 5622 loopend = gen_disas_label(s); 5623 if (!a->tp) { 5624 tcg_gen_brcondi_i32(TCG_COND_LEU, cpu_R[14], 1, loopend.label); 5625 tcg_gen_addi_i32(cpu_R[14], cpu_R[14], -1); 5626 } else { 5627 /* 5628 * Decrement by 1 << (4 - LTPSIZE). We need to use a TCG local 5629 * so that decr stays live after the brcondi. 5630 */ 5631 TCGv_i32 decr = tcg_temp_new_i32(); 5632 TCGv_i32 ltpsize = load_cpu_field(v7m.ltpsize); 5633 tcg_gen_sub_i32(decr, tcg_constant_i32(4), ltpsize); 5634 tcg_gen_shl_i32(decr, tcg_constant_i32(1), decr); 5635 5636 tcg_gen_brcond_i32(TCG_COND_LEU, cpu_R[14], decr, loopend.label); 5637 5638 tcg_gen_sub_i32(cpu_R[14], cpu_R[14], decr); 5639 } 5640 /* Jump back to the loop start */ 5641 gen_jmp(s, jmp_diff(s, -a->imm)); 5642 5643 set_disas_label(s, loopend); 5644 if (a->tp) { 5645 /* Exits from tail-pred loops must reset LTPSIZE to 4 */ 5646 store_cpu_field(tcg_constant_i32(4), v7m.ltpsize); 5647 } 5648 /* End TB, continuing to following insn */ 5649 gen_jmp_tb(s, curr_insn_len(s), 1); 5650 return true; 5651 } 5652 5653 static bool trans_LCTP(DisasContext *s, arg_LCTP *a) 5654 { 5655 /* 5656 * M-profile Loop Clear with Tail Predication. Since our implementation 5657 * doesn't cache branch information, all we need to do is reset 5658 * FPSCR.LTPSIZE to 4. 5659 */ 5660 5661 if (!dc_isar_feature(aa32_lob, s) || 5662 !dc_isar_feature(aa32_mve, s)) { 5663 return false; 5664 } 5665 5666 if (!vfp_access_check(s)) { 5667 return true; 5668 } 5669 5670 store_cpu_field_constant(4, v7m.ltpsize); 5671 return true; 5672 } 5673 5674 static bool trans_VCTP(DisasContext *s, arg_VCTP *a) 5675 { 5676 /* 5677 * M-profile Create Vector Tail Predicate. This insn is itself 5678 * predicated and is subject to beatwise execution. 5679 */ 5680 TCGv_i32 rn_shifted, masklen; 5681 5682 if (!dc_isar_feature(aa32_mve, s) || a->rn == 13 || a->rn == 15) { 5683 return false; 5684 } 5685 5686 if (!mve_eci_check(s) || !vfp_access_check(s)) { 5687 return true; 5688 } 5689 5690 /* 5691 * We pre-calculate the mask length here to avoid having 5692 * to have multiple helpers specialized for size. 5693 * We pass the helper "rn <= (1 << (4 - size)) ? (rn << size) : 16". 5694 */ 5695 rn_shifted = tcg_temp_new_i32(); 5696 masklen = load_reg(s, a->rn); 5697 tcg_gen_shli_i32(rn_shifted, masklen, a->size); 5698 tcg_gen_movcond_i32(TCG_COND_LEU, masklen, 5699 masklen, tcg_constant_i32(1 << (4 - a->size)), 5700 rn_shifted, tcg_constant_i32(16)); 5701 gen_helper_mve_vctp(tcg_env, masklen); 5702 /* This insn updates predication bits */ 5703 s->base.is_jmp = DISAS_UPDATE_NOCHAIN; 5704 mve_update_eci(s); 5705 return true; 5706 } 5707 5708 static bool op_tbranch(DisasContext *s, arg_tbranch *a, bool half) 5709 { 5710 TCGv_i32 addr, tmp; 5711 5712 tmp = load_reg(s, a->rm); 5713 if (half) { 5714 tcg_gen_add_i32(tmp, tmp, tmp); 5715 } 5716 addr = load_reg(s, a->rn); 5717 tcg_gen_add_i32(addr, addr, tmp); 5718 5719 gen_aa32_ld_i32(s, tmp, addr, get_mem_index(s), half ? MO_UW : MO_UB); 5720 5721 tcg_gen_add_i32(tmp, tmp, tmp); 5722 gen_pc_plus_diff(s, addr, jmp_diff(s, 0)); 5723 tcg_gen_add_i32(tmp, tmp, addr); 5724 store_reg(s, 15, tmp); 5725 return true; 5726 } 5727 5728 static bool trans_TBB(DisasContext *s, arg_tbranch *a) 5729 { 5730 return op_tbranch(s, a, false); 5731 } 5732 5733 static bool trans_TBH(DisasContext *s, arg_tbranch *a) 5734 { 5735 return op_tbranch(s, a, true); 5736 } 5737 5738 static bool trans_CBZ(DisasContext *s, arg_CBZ *a) 5739 { 5740 TCGv_i32 tmp = load_reg(s, a->rn); 5741 5742 arm_gen_condlabel(s); 5743 tcg_gen_brcondi_i32(a->nz ? TCG_COND_EQ : TCG_COND_NE, 5744 tmp, 0, s->condlabel.label); 5745 gen_jmp(s, jmp_diff(s, a->imm)); 5746 return true; 5747 } 5748 5749 /* 5750 * Supervisor call - both T32 & A32 come here so we need to check 5751 * which mode we are in when checking for semihosting. 5752 */ 5753 5754 static bool trans_SVC(DisasContext *s, arg_SVC *a) 5755 { 5756 const uint32_t semihost_imm = s->thumb ? 0xab : 0x123456; 5757 5758 if (!arm_dc_feature(s, ARM_FEATURE_M) && 5759 semihosting_enabled(s->current_el == 0) && 5760 (a->imm == semihost_imm)) { 5761 gen_exception_internal_insn(s, EXCP_SEMIHOST); 5762 } else { 5763 if (s->fgt_svc) { 5764 uint32_t syndrome = syn_aa32_svc(a->imm, s->thumb); 5765 gen_exception_insn_el(s, 0, EXCP_UDEF, syndrome, 2); 5766 } else { 5767 gen_update_pc(s, curr_insn_len(s)); 5768 s->svc_imm = a->imm; 5769 s->base.is_jmp = DISAS_SWI; 5770 } 5771 } 5772 return true; 5773 } 5774 5775 /* 5776 * Unconditional system instructions 5777 */ 5778 5779 static bool trans_RFE(DisasContext *s, arg_RFE *a) 5780 { 5781 static const int8_t pre_offset[4] = { 5782 /* DA */ -4, /* IA */ 0, /* DB */ -8, /* IB */ 4 5783 }; 5784 static const int8_t post_offset[4] = { 5785 /* DA */ -8, /* IA */ 4, /* DB */ -4, /* IB */ 0 5786 }; 5787 TCGv_i32 addr, t1, t2; 5788 5789 if (!ENABLE_ARCH_6 || arm_dc_feature(s, ARM_FEATURE_M)) { 5790 return false; 5791 } 5792 if (IS_USER(s)) { 5793 unallocated_encoding(s); 5794 return true; 5795 } 5796 5797 addr = load_reg(s, a->rn); 5798 tcg_gen_addi_i32(addr, addr, pre_offset[a->pu]); 5799 5800 /* Load PC into tmp and CPSR into tmp2. */ 5801 t1 = tcg_temp_new_i32(); 5802 gen_aa32_ld_i32(s, t1, addr, get_mem_index(s), MO_UL | MO_ALIGN); 5803 tcg_gen_addi_i32(addr, addr, 4); 5804 t2 = tcg_temp_new_i32(); 5805 gen_aa32_ld_i32(s, t2, addr, get_mem_index(s), MO_UL | MO_ALIGN); 5806 5807 if (a->w) { 5808 /* Base writeback. */ 5809 tcg_gen_addi_i32(addr, addr, post_offset[a->pu]); 5810 store_reg(s, a->rn, addr); 5811 } 5812 gen_rfe(s, t1, t2); 5813 return true; 5814 } 5815 5816 static bool trans_SRS(DisasContext *s, arg_SRS *a) 5817 { 5818 if (!ENABLE_ARCH_6 || arm_dc_feature(s, ARM_FEATURE_M)) { 5819 return false; 5820 } 5821 gen_srs(s, a->mode, a->pu, a->w); 5822 return true; 5823 } 5824 5825 static bool trans_CPS(DisasContext *s, arg_CPS *a) 5826 { 5827 uint32_t mask, val; 5828 5829 if (!ENABLE_ARCH_6 || arm_dc_feature(s, ARM_FEATURE_M)) { 5830 return false; 5831 } 5832 if (IS_USER(s)) { 5833 /* Implemented as NOP in user mode. */ 5834 return true; 5835 } 5836 /* TODO: There are quite a lot of UNPREDICTABLE argument combinations. */ 5837 5838 mask = val = 0; 5839 if (a->imod & 2) { 5840 if (a->A) { 5841 mask |= CPSR_A; 5842 } 5843 if (a->I) { 5844 mask |= CPSR_I; 5845 } 5846 if (a->F) { 5847 mask |= CPSR_F; 5848 } 5849 if (a->imod & 1) { 5850 val |= mask; 5851 } 5852 } 5853 if (a->M) { 5854 mask |= CPSR_M; 5855 val |= a->mode; 5856 } 5857 if (mask) { 5858 gen_set_psr_im(s, mask, 0, val); 5859 } 5860 return true; 5861 } 5862 5863 static bool trans_CPS_v7m(DisasContext *s, arg_CPS_v7m *a) 5864 { 5865 TCGv_i32 tmp, addr; 5866 5867 if (!arm_dc_feature(s, ARM_FEATURE_M)) { 5868 return false; 5869 } 5870 if (IS_USER(s)) { 5871 /* Implemented as NOP in user mode. */ 5872 return true; 5873 } 5874 5875 tmp = tcg_constant_i32(a->im); 5876 /* FAULTMASK */ 5877 if (a->F) { 5878 addr = tcg_constant_i32(19); 5879 gen_helper_v7m_msr(tcg_env, addr, tmp); 5880 } 5881 /* PRIMASK */ 5882 if (a->I) { 5883 addr = tcg_constant_i32(16); 5884 gen_helper_v7m_msr(tcg_env, addr, tmp); 5885 } 5886 gen_rebuild_hflags(s, false); 5887 gen_lookup_tb(s); 5888 return true; 5889 } 5890 5891 /* 5892 * Clear-Exclusive, Barriers 5893 */ 5894 5895 static bool trans_CLREX(DisasContext *s, arg_CLREX *a) 5896 { 5897 if (s->thumb 5898 ? !ENABLE_ARCH_7 && !arm_dc_feature(s, ARM_FEATURE_M) 5899 : !ENABLE_ARCH_6K) { 5900 return false; 5901 } 5902 gen_clrex(s); 5903 return true; 5904 } 5905 5906 static bool trans_DSB(DisasContext *s, arg_DSB *a) 5907 { 5908 if (!ENABLE_ARCH_7 && !arm_dc_feature(s, ARM_FEATURE_M)) { 5909 return false; 5910 } 5911 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC); 5912 return true; 5913 } 5914 5915 static bool trans_DMB(DisasContext *s, arg_DMB *a) 5916 { 5917 return trans_DSB(s, NULL); 5918 } 5919 5920 static bool trans_ISB(DisasContext *s, arg_ISB *a) 5921 { 5922 if (!ENABLE_ARCH_7 && !arm_dc_feature(s, ARM_FEATURE_M)) { 5923 return false; 5924 } 5925 /* 5926 * We need to break the TB after this insn to execute 5927 * self-modifying code correctly and also to take 5928 * any pending interrupts immediately. 5929 */ 5930 s->base.is_jmp = DISAS_TOO_MANY; 5931 return true; 5932 } 5933 5934 static bool trans_SB(DisasContext *s, arg_SB *a) 5935 { 5936 if (!dc_isar_feature(aa32_sb, s)) { 5937 return false; 5938 } 5939 /* 5940 * TODO: There is no speculation barrier opcode 5941 * for TCG; MB and end the TB instead. 5942 */ 5943 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC); 5944 s->base.is_jmp = DISAS_TOO_MANY; 5945 return true; 5946 } 5947 5948 static bool trans_SETEND(DisasContext *s, arg_SETEND *a) 5949 { 5950 if (!ENABLE_ARCH_6) { 5951 return false; 5952 } 5953 if (a->E != (s->be_data == MO_BE)) { 5954 gen_helper_setend(tcg_env); 5955 s->base.is_jmp = DISAS_UPDATE_EXIT; 5956 } 5957 return true; 5958 } 5959 5960 /* 5961 * Preload instructions 5962 * All are nops, contingent on the appropriate arch level. 5963 */ 5964 5965 static bool trans_PLD(DisasContext *s, arg_PLD *a) 5966 { 5967 return ENABLE_ARCH_5TE; 5968 } 5969 5970 static bool trans_PLDW(DisasContext *s, arg_PLDW *a) 5971 { 5972 return arm_dc_feature(s, ARM_FEATURE_V7MP); 5973 } 5974 5975 static bool trans_PLI(DisasContext *s, arg_PLI *a) 5976 { 5977 return ENABLE_ARCH_7; 5978 } 5979 5980 /* 5981 * If-then 5982 */ 5983 5984 static bool trans_IT(DisasContext *s, arg_IT *a) 5985 { 5986 int cond_mask = a->cond_mask; 5987 5988 /* 5989 * No actual code generated for this insn, just setup state. 5990 * 5991 * Combinations of firstcond and mask which set up an 0b1111 5992 * condition are UNPREDICTABLE; we take the CONSTRAINED 5993 * UNPREDICTABLE choice to treat 0b1111 the same as 0b1110, 5994 * i.e. both meaning "execute always". 5995 */ 5996 s->condexec_cond = (cond_mask >> 4) & 0xe; 5997 s->condexec_mask = cond_mask & 0x1f; 5998 return true; 5999 } 6000 6001 /* v8.1M CSEL/CSINC/CSNEG/CSINV */ 6002 static bool trans_CSEL(DisasContext *s, arg_CSEL *a) 6003 { 6004 TCGv_i32 rn, rm; 6005 DisasCompare c; 6006 6007 if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) { 6008 return false; 6009 } 6010 6011 if (a->rm == 13) { 6012 /* SEE "Related encodings" (MVE shifts) */ 6013 return false; 6014 } 6015 6016 if (a->rd == 13 || a->rd == 15 || a->rn == 13 || a->fcond >= 14) { 6017 /* CONSTRAINED UNPREDICTABLE: we choose to UNDEF */ 6018 return false; 6019 } 6020 6021 /* In this insn input reg fields of 0b1111 mean "zero", not "PC" */ 6022 rn = tcg_temp_new_i32(); 6023 rm = tcg_temp_new_i32(); 6024 if (a->rn == 15) { 6025 tcg_gen_movi_i32(rn, 0); 6026 } else { 6027 load_reg_var(s, rn, a->rn); 6028 } 6029 if (a->rm == 15) { 6030 tcg_gen_movi_i32(rm, 0); 6031 } else { 6032 load_reg_var(s, rm, a->rm); 6033 } 6034 6035 switch (a->op) { 6036 case 0: /* CSEL */ 6037 break; 6038 case 1: /* CSINC */ 6039 tcg_gen_addi_i32(rm, rm, 1); 6040 break; 6041 case 2: /* CSINV */ 6042 tcg_gen_not_i32(rm, rm); 6043 break; 6044 case 3: /* CSNEG */ 6045 tcg_gen_neg_i32(rm, rm); 6046 break; 6047 default: 6048 g_assert_not_reached(); 6049 } 6050 6051 arm_test_cc(&c, a->fcond); 6052 tcg_gen_movcond_i32(c.cond, rn, c.value, tcg_constant_i32(0), rn, rm); 6053 6054 store_reg(s, a->rd, rn); 6055 return true; 6056 } 6057 6058 /* 6059 * Legacy decoder. 6060 */ 6061 6062 static void disas_arm_insn(DisasContext *s, unsigned int insn) 6063 { 6064 unsigned int cond = insn >> 28; 6065 6066 /* M variants do not implement ARM mode; this must raise the INVSTATE 6067 * UsageFault exception. 6068 */ 6069 if (arm_dc_feature(s, ARM_FEATURE_M)) { 6070 gen_exception_insn(s, 0, EXCP_INVSTATE, syn_uncategorized()); 6071 return; 6072 } 6073 6074 if (s->pstate_il) { 6075 /* 6076 * Illegal execution state. This has priority over BTI 6077 * exceptions, but comes after instruction abort exceptions. 6078 */ 6079 gen_exception_insn(s, 0, EXCP_UDEF, syn_illegalstate()); 6080 return; 6081 } 6082 6083 if (cond == 0xf) { 6084 /* In ARMv3 and v4 the NV condition is UNPREDICTABLE; we 6085 * choose to UNDEF. In ARMv5 and above the space is used 6086 * for miscellaneous unconditional instructions. 6087 */ 6088 if (!arm_dc_feature(s, ARM_FEATURE_V5)) { 6089 unallocated_encoding(s); 6090 return; 6091 } 6092 6093 /* Unconditional instructions. */ 6094 /* TODO: Perhaps merge these into one decodetree output file. */ 6095 if (disas_a32_uncond(s, insn) || 6096 disas_vfp_uncond(s, insn) || 6097 disas_neon_dp(s, insn) || 6098 disas_neon_ls(s, insn) || 6099 disas_neon_shared(s, insn)) { 6100 return; 6101 } 6102 goto illegal_op; 6103 } 6104 if (cond != 0xe) { 6105 /* if not always execute, we generate a conditional jump to 6106 next instruction */ 6107 arm_skip_unless(s, cond); 6108 } 6109 6110 /* TODO: Perhaps merge these into one decodetree output file. */ 6111 if (disas_a32(s, insn) || 6112 disas_vfp(s, insn)) { 6113 return; 6114 } 6115 /* We didn't match anything in the decoder: UNDEF */ 6116 6117 illegal_op: 6118 unallocated_encoding(s); 6119 } 6120 6121 static bool thumb_insn_is_16bit(DisasContext *s, uint32_t pc, uint32_t insn) 6122 { 6123 /* 6124 * Return true if this is a 16 bit instruction. We must be precise 6125 * about this (matching the decode). 6126 */ 6127 if ((insn >> 11) < 0x1d) { 6128 /* Definitely a 16-bit instruction */ 6129 return true; 6130 } 6131 6132 /* Top five bits 0b11101 / 0b11110 / 0b11111 : this is the 6133 * first half of a 32-bit Thumb insn. Thumb-1 cores might 6134 * end up actually treating this as two 16-bit insns, though, 6135 * if it's half of a bl/blx pair that might span a page boundary. 6136 */ 6137 if (arm_dc_feature(s, ARM_FEATURE_THUMB2) || 6138 arm_dc_feature(s, ARM_FEATURE_M)) { 6139 /* Thumb2 cores (including all M profile ones) always treat 6140 * 32-bit insns as 32-bit. 6141 */ 6142 return false; 6143 } 6144 6145 if ((insn >> 11) == 0x1e && pc - s->page_start < TARGET_PAGE_SIZE - 3) { 6146 /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix, and the suffix 6147 * is not on the next page; we merge this into a 32-bit 6148 * insn. 6149 */ 6150 return false; 6151 } 6152 /* 0b1110_1xxx_xxxx_xxxx : BLX suffix (or UNDEF); 6153 * 0b1111_1xxx_xxxx_xxxx : BL suffix; 6154 * 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix on the end of a page 6155 * -- handle as single 16 bit insn 6156 */ 6157 return true; 6158 } 6159 6160 /* Translate a 32-bit thumb instruction. */ 6161 static void disas_thumb2_insn(DisasContext *s, uint32_t insn) 6162 { 6163 /* 6164 * ARMv6-M supports a limited subset of Thumb2 instructions. 6165 * Other Thumb1 architectures allow only 32-bit 6166 * combined BL/BLX prefix and suffix. 6167 */ 6168 if (arm_dc_feature(s, ARM_FEATURE_M) && 6169 !arm_dc_feature(s, ARM_FEATURE_V7)) { 6170 int i; 6171 bool found = false; 6172 static const uint32_t armv6m_insn[] = {0xf3808000 /* msr */, 6173 0xf3b08040 /* dsb */, 6174 0xf3b08050 /* dmb */, 6175 0xf3b08060 /* isb */, 6176 0xf3e08000 /* mrs */, 6177 0xf000d000 /* bl */}; 6178 static const uint32_t armv6m_mask[] = {0xffe0d000, 6179 0xfff0d0f0, 6180 0xfff0d0f0, 6181 0xfff0d0f0, 6182 0xffe0d000, 6183 0xf800d000}; 6184 6185 for (i = 0; i < ARRAY_SIZE(armv6m_insn); i++) { 6186 if ((insn & armv6m_mask[i]) == armv6m_insn[i]) { 6187 found = true; 6188 break; 6189 } 6190 } 6191 if (!found) { 6192 goto illegal_op; 6193 } 6194 } else if ((insn & 0xf800e800) != 0xf000e800) { 6195 if (!arm_dc_feature(s, ARM_FEATURE_THUMB2)) { 6196 unallocated_encoding(s); 6197 return; 6198 } 6199 } 6200 6201 if (arm_dc_feature(s, ARM_FEATURE_M)) { 6202 /* 6203 * NOCP takes precedence over any UNDEF for (almost) the 6204 * entire wide range of coprocessor-space encodings, so check 6205 * for it first before proceeding to actually decode eg VFP 6206 * insns. This decode also handles the few insns which are 6207 * in copro space but do not have NOCP checks (eg VLLDM, VLSTM). 6208 */ 6209 if (disas_m_nocp(s, insn)) { 6210 return; 6211 } 6212 } 6213 6214 if ((insn & 0xef000000) == 0xef000000) { 6215 /* 6216 * T32 encodings 0b111p_1111_qqqq_qqqq_qqqq_qqqq_qqqq_qqqq 6217 * transform into 6218 * A32 encodings 0b1111_001p_qqqq_qqqq_qqqq_qqqq_qqqq_qqqq 6219 */ 6220 uint32_t a32_insn = (insn & 0xe2ffffff) | 6221 ((insn & (1 << 28)) >> 4) | (1 << 28); 6222 6223 if (disas_neon_dp(s, a32_insn)) { 6224 return; 6225 } 6226 } 6227 6228 if ((insn & 0xff100000) == 0xf9000000) { 6229 /* 6230 * T32 encodings 0b1111_1001_ppp0_qqqq_qqqq_qqqq_qqqq_qqqq 6231 * transform into 6232 * A32 encodings 0b1111_0100_ppp0_qqqq_qqqq_qqqq_qqqq_qqqq 6233 */ 6234 uint32_t a32_insn = (insn & 0x00ffffff) | 0xf4000000; 6235 6236 if (disas_neon_ls(s, a32_insn)) { 6237 return; 6238 } 6239 } 6240 6241 /* 6242 * TODO: Perhaps merge these into one decodetree output file. 6243 * Note disas_vfp is written for a32 with cond field in the 6244 * top nibble. The t32 encoding requires 0xe in the top nibble. 6245 */ 6246 if (disas_t32(s, insn) || 6247 disas_vfp_uncond(s, insn) || 6248 disas_neon_shared(s, insn) || 6249 disas_mve(s, insn) || 6250 ((insn >> 28) == 0xe && disas_vfp(s, insn))) { 6251 return; 6252 } 6253 6254 illegal_op: 6255 unallocated_encoding(s); 6256 } 6257 6258 static void disas_thumb_insn(DisasContext *s, uint32_t insn) 6259 { 6260 if (!disas_t16(s, insn)) { 6261 unallocated_encoding(s); 6262 } 6263 } 6264 6265 static bool insn_crosses_page(CPUARMState *env, DisasContext *s) 6266 { 6267 /* Return true if the insn at dc->base.pc_next might cross a page boundary. 6268 * (False positives are OK, false negatives are not.) 6269 * We know this is a Thumb insn, and our caller ensures we are 6270 * only called if dc->base.pc_next is less than 4 bytes from the page 6271 * boundary, so we cross the page if the first 16 bits indicate 6272 * that this is a 32 bit insn. 6273 */ 6274 uint16_t insn = arm_lduw_code(env, &s->base, s->base.pc_next, s->sctlr_b); 6275 6276 return !thumb_insn_is_16bit(s, s->base.pc_next, insn); 6277 } 6278 6279 static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) 6280 { 6281 DisasContext *dc = container_of(dcbase, DisasContext, base); 6282 CPUARMState *env = cpu_env(cs); 6283 ARMCPU *cpu = env_archcpu(env); 6284 CPUARMTBFlags tb_flags = arm_tbflags_from_tb(dc->base.tb); 6285 uint32_t condexec, core_mmu_idx; 6286 6287 dc->isar = &cpu->isar; 6288 dc->condjmp = 0; 6289 dc->pc_save = dc->base.pc_first; 6290 dc->aarch64 = false; 6291 dc->thumb = EX_TBFLAG_AM32(tb_flags, THUMB); 6292 dc->be_data = EX_TBFLAG_ANY(tb_flags, BE_DATA) ? MO_BE : MO_LE; 6293 condexec = EX_TBFLAG_AM32(tb_flags, CONDEXEC); 6294 /* 6295 * the CONDEXEC TB flags are CPSR bits [15:10][26:25]. On A-profile this 6296 * is always the IT bits. On M-profile, some of the reserved encodings 6297 * of IT are used instead to indicate either ICI or ECI, which 6298 * indicate partial progress of a restartable insn that was interrupted 6299 * partway through by an exception: 6300 * * if CONDEXEC[3:0] != 0b0000 : CONDEXEC is IT bits 6301 * * if CONDEXEC[3:0] == 0b0000 : CONDEXEC is ICI or ECI bits 6302 * In all cases CONDEXEC == 0 means "not in IT block or restartable 6303 * insn, behave normally". 6304 */ 6305 dc->eci = dc->condexec_mask = dc->condexec_cond = 0; 6306 dc->eci_handled = false; 6307 if (condexec & 0xf) { 6308 dc->condexec_mask = (condexec & 0xf) << 1; 6309 dc->condexec_cond = condexec >> 4; 6310 } else { 6311 if (arm_feature(env, ARM_FEATURE_M)) { 6312 dc->eci = condexec >> 4; 6313 } 6314 } 6315 6316 core_mmu_idx = EX_TBFLAG_ANY(tb_flags, MMUIDX); 6317 dc->mmu_idx = core_to_arm_mmu_idx(env, core_mmu_idx); 6318 dc->current_el = arm_mmu_idx_to_el(dc->mmu_idx); 6319 #if !defined(CONFIG_USER_ONLY) 6320 dc->user = (dc->current_el == 0); 6321 #endif 6322 dc->fp_excp_el = EX_TBFLAG_ANY(tb_flags, FPEXC_EL); 6323 dc->align_mem = EX_TBFLAG_ANY(tb_flags, ALIGN_MEM); 6324 dc->pstate_il = EX_TBFLAG_ANY(tb_flags, PSTATE__IL); 6325 dc->fgt_active = EX_TBFLAG_ANY(tb_flags, FGT_ACTIVE); 6326 dc->fgt_svc = EX_TBFLAG_ANY(tb_flags, FGT_SVC); 6327 6328 if (arm_feature(env, ARM_FEATURE_M)) { 6329 dc->vfp_enabled = 1; 6330 dc->be_data = MO_TE; 6331 dc->v7m_handler_mode = EX_TBFLAG_M32(tb_flags, HANDLER); 6332 dc->v8m_secure = EX_TBFLAG_M32(tb_flags, SECURE); 6333 dc->v8m_stackcheck = EX_TBFLAG_M32(tb_flags, STACKCHECK); 6334 dc->v8m_fpccr_s_wrong = EX_TBFLAG_M32(tb_flags, FPCCR_S_WRONG); 6335 dc->v7m_new_fp_ctxt_needed = 6336 EX_TBFLAG_M32(tb_flags, NEW_FP_CTXT_NEEDED); 6337 dc->v7m_lspact = EX_TBFLAG_M32(tb_flags, LSPACT); 6338 dc->mve_no_pred = EX_TBFLAG_M32(tb_flags, MVE_NO_PRED); 6339 } else { 6340 dc->sctlr_b = EX_TBFLAG_A32(tb_flags, SCTLR__B); 6341 dc->hstr_active = EX_TBFLAG_A32(tb_flags, HSTR_ACTIVE); 6342 dc->ns = EX_TBFLAG_A32(tb_flags, NS); 6343 dc->vfp_enabled = EX_TBFLAG_A32(tb_flags, VFPEN); 6344 dc->vec_len = EX_TBFLAG_A32(tb_flags, VECLEN); 6345 dc->vec_stride = EX_TBFLAG_A32(tb_flags, VECSTRIDE); 6346 dc->sme_trap_nonstreaming = 6347 EX_TBFLAG_A32(tb_flags, SME_TRAP_NONSTREAMING); 6348 } 6349 dc->lse2 = false; /* applies only to aarch64 */ 6350 dc->cp_regs = cpu->cp_regs; 6351 dc->features = env->features; 6352 6353 /* Single step state. The code-generation logic here is: 6354 * SS_ACTIVE == 0: 6355 * generate code with no special handling for single-stepping (except 6356 * that anything that can make us go to SS_ACTIVE == 1 must end the TB; 6357 * this happens anyway because those changes are all system register or 6358 * PSTATE writes). 6359 * SS_ACTIVE == 1, PSTATE.SS == 1: (active-not-pending) 6360 * emit code for one insn 6361 * emit code to clear PSTATE.SS 6362 * emit code to generate software step exception for completed step 6363 * end TB (as usual for having generated an exception) 6364 * SS_ACTIVE == 1, PSTATE.SS == 0: (active-pending) 6365 * emit code to generate a software step exception 6366 * end the TB 6367 */ 6368 dc->ss_active = EX_TBFLAG_ANY(tb_flags, SS_ACTIVE); 6369 dc->pstate_ss = EX_TBFLAG_ANY(tb_flags, PSTATE__SS); 6370 dc->is_ldex = false; 6371 6372 dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK; 6373 6374 /* If architectural single step active, limit to 1. */ 6375 if (dc->ss_active) { 6376 dc->base.max_insns = 1; 6377 } 6378 6379 /* ARM is a fixed-length ISA. Bound the number of insns to execute 6380 to those left on the page. */ 6381 if (!dc->thumb) { 6382 int bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4; 6383 dc->base.max_insns = MIN(dc->base.max_insns, bound); 6384 } 6385 } 6386 6387 static void arm_tr_tb_start(DisasContextBase *dcbase, CPUState *cpu) 6388 { 6389 DisasContext *dc = container_of(dcbase, DisasContext, base); 6390 6391 /* A note on handling of the condexec (IT) bits: 6392 * 6393 * We want to avoid the overhead of having to write the updated condexec 6394 * bits back to the CPUARMState for every instruction in an IT block. So: 6395 * (1) if the condexec bits are not already zero then we write 6396 * zero back into the CPUARMState now. This avoids complications trying 6397 * to do it at the end of the block. (For example if we don't do this 6398 * it's hard to identify whether we can safely skip writing condexec 6399 * at the end of the TB, which we definitely want to do for the case 6400 * where a TB doesn't do anything with the IT state at all.) 6401 * (2) if we are going to leave the TB then we call gen_set_condexec() 6402 * which will write the correct value into CPUARMState if zero is wrong. 6403 * This is done both for leaving the TB at the end, and for leaving 6404 * it because of an exception we know will happen, which is done in 6405 * gen_exception_insn(). The latter is necessary because we need to 6406 * leave the TB with the PC/IT state just prior to execution of the 6407 * instruction which caused the exception. 6408 * (3) if we leave the TB unexpectedly (eg a data abort on a load) 6409 * then the CPUARMState will be wrong and we need to reset it. 6410 * This is handled in the same way as restoration of the 6411 * PC in these situations; we save the value of the condexec bits 6412 * for each PC via tcg_gen_insn_start(), and restore_state_to_opc() 6413 * then uses this to restore them after an exception. 6414 * 6415 * Note that there are no instructions which can read the condexec 6416 * bits, and none which can write non-static values to them, so 6417 * we don't need to care about whether CPUARMState is correct in the 6418 * middle of a TB. 6419 */ 6420 6421 /* Reset the conditional execution bits immediately. This avoids 6422 complications trying to do it at the end of the block. */ 6423 if (dc->condexec_mask || dc->condexec_cond) { 6424 store_cpu_field_constant(0, condexec_bits); 6425 } 6426 } 6427 6428 static void arm_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu) 6429 { 6430 DisasContext *dc = container_of(dcbase, DisasContext, base); 6431 /* 6432 * The ECI/ICI bits share PSR bits with the IT bits, so we 6433 * need to reconstitute the bits from the split-out DisasContext 6434 * fields here. 6435 */ 6436 uint32_t condexec_bits; 6437 target_ulong pc_arg = dc->base.pc_next; 6438 6439 if (tb_cflags(dcbase->tb) & CF_PCREL) { 6440 pc_arg &= ~TARGET_PAGE_MASK; 6441 } 6442 if (dc->eci) { 6443 condexec_bits = dc->eci << 4; 6444 } else { 6445 condexec_bits = (dc->condexec_cond << 4) | (dc->condexec_mask >> 1); 6446 } 6447 tcg_gen_insn_start(pc_arg, condexec_bits, 0); 6448 dc->insn_start_updated = false; 6449 } 6450 6451 static bool arm_check_kernelpage(DisasContext *dc) 6452 { 6453 #ifdef CONFIG_USER_ONLY 6454 /* Intercept jump to the magic kernel page. */ 6455 if (dc->base.pc_next >= 0xffff0000) { 6456 /* We always get here via a jump, so know we are not in a 6457 conditional execution block. */ 6458 gen_exception_internal(EXCP_KERNEL_TRAP); 6459 dc->base.is_jmp = DISAS_NORETURN; 6460 return true; 6461 } 6462 #endif 6463 return false; 6464 } 6465 6466 static bool arm_check_ss_active(DisasContext *dc) 6467 { 6468 if (dc->ss_active && !dc->pstate_ss) { 6469 /* Singlestep state is Active-pending. 6470 * If we're in this state at the start of a TB then either 6471 * a) we just took an exception to an EL which is being debugged 6472 * and this is the first insn in the exception handler 6473 * b) debug exceptions were masked and we just unmasked them 6474 * without changing EL (eg by clearing PSTATE.D) 6475 * In either case we're going to take a swstep exception in the 6476 * "did not step an insn" case, and so the syndrome ISV and EX 6477 * bits should be zero. 6478 */ 6479 assert(dc->base.num_insns == 1); 6480 gen_swstep_exception(dc, 0, 0); 6481 dc->base.is_jmp = DISAS_NORETURN; 6482 return true; 6483 } 6484 6485 return false; 6486 } 6487 6488 static void arm_post_translate_insn(DisasContext *dc) 6489 { 6490 if (dc->condjmp && 6491 (dc->base.is_jmp == DISAS_NEXT || dc->base.is_jmp == DISAS_TOO_MANY)) { 6492 if (dc->pc_save != dc->condlabel.pc_save) { 6493 gen_update_pc(dc, dc->condlabel.pc_save - dc->pc_save); 6494 } 6495 gen_set_label(dc->condlabel.label); 6496 dc->condjmp = 0; 6497 } 6498 } 6499 6500 static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) 6501 { 6502 DisasContext *dc = container_of(dcbase, DisasContext, base); 6503 CPUARMState *env = cpu_env(cpu); 6504 uint32_t pc = dc->base.pc_next; 6505 unsigned int insn; 6506 6507 /* Singlestep exceptions have the highest priority. */ 6508 if (arm_check_ss_active(dc)) { 6509 dc->base.pc_next = pc + 4; 6510 return; 6511 } 6512 6513 if (pc & 3) { 6514 /* 6515 * PC alignment fault. This has priority over the instruction abort 6516 * that we would receive from a translation fault via arm_ldl_code 6517 * (or the execution of the kernelpage entrypoint). This should only 6518 * be possible after an indirect branch, at the start of the TB. 6519 */ 6520 assert(dc->base.num_insns == 1); 6521 gen_helper_exception_pc_alignment(tcg_env, tcg_constant_vaddr(pc)); 6522 dc->base.is_jmp = DISAS_NORETURN; 6523 dc->base.pc_next = QEMU_ALIGN_UP(pc, 4); 6524 return; 6525 } 6526 6527 if (arm_check_kernelpage(dc)) { 6528 dc->base.pc_next = pc + 4; 6529 return; 6530 } 6531 6532 dc->pc_curr = pc; 6533 insn = arm_ldl_code(env, &dc->base, pc, dc->sctlr_b); 6534 dc->insn = insn; 6535 dc->base.pc_next = pc + 4; 6536 disas_arm_insn(dc, insn); 6537 6538 arm_post_translate_insn(dc); 6539 6540 /* ARM is a fixed-length ISA. We performed the cross-page check 6541 in init_disas_context by adjusting max_insns. */ 6542 } 6543 6544 static bool thumb_insn_is_unconditional(DisasContext *s, uint32_t insn) 6545 { 6546 /* Return true if this Thumb insn is always unconditional, 6547 * even inside an IT block. This is true of only a very few 6548 * instructions: BKPT, HLT, and SG. 6549 * 6550 * A larger class of instructions are UNPREDICTABLE if used 6551 * inside an IT block; we do not need to detect those here, because 6552 * what we do by default (perform the cc check and update the IT 6553 * bits state machine) is a permitted CONSTRAINED UNPREDICTABLE 6554 * choice for those situations. 6555 * 6556 * insn is either a 16-bit or a 32-bit instruction; the two are 6557 * distinguishable because for the 16-bit case the top 16 bits 6558 * are zeroes, and that isn't a valid 32-bit encoding. 6559 */ 6560 if ((insn & 0xffffff00) == 0xbe00) { 6561 /* BKPT */ 6562 return true; 6563 } 6564 6565 if ((insn & 0xffffffc0) == 0xba80 && arm_dc_feature(s, ARM_FEATURE_V8) && 6566 !arm_dc_feature(s, ARM_FEATURE_M)) { 6567 /* HLT: v8A only. This is unconditional even when it is going to 6568 * UNDEF; see the v8A ARM ARM DDI0487B.a H3.3. 6569 * For v7 cores this was a plain old undefined encoding and so 6570 * honours its cc check. (We might be using the encoding as 6571 * a semihosting trap, but we don't change the cc check behaviour 6572 * on that account, because a debugger connected to a real v7A 6573 * core and emulating semihosting traps by catching the UNDEF 6574 * exception would also only see cases where the cc check passed. 6575 * No guest code should be trying to do a HLT semihosting trap 6576 * in an IT block anyway. 6577 */ 6578 return true; 6579 } 6580 6581 if (insn == 0xe97fe97f && arm_dc_feature(s, ARM_FEATURE_V8) && 6582 arm_dc_feature(s, ARM_FEATURE_M)) { 6583 /* SG: v8M only */ 6584 return true; 6585 } 6586 6587 return false; 6588 } 6589 6590 static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) 6591 { 6592 DisasContext *dc = container_of(dcbase, DisasContext, base); 6593 CPUARMState *env = cpu_env(cpu); 6594 uint32_t pc = dc->base.pc_next; 6595 uint32_t insn; 6596 bool is_16bit; 6597 /* TCG op to rewind to if this turns out to be an invalid ECI state */ 6598 TCGOp *insn_eci_rewind = NULL; 6599 target_ulong insn_eci_pc_save = -1; 6600 6601 /* Misaligned thumb PC is architecturally impossible. */ 6602 assert((dc->base.pc_next & 1) == 0); 6603 6604 if (arm_check_ss_active(dc) || arm_check_kernelpage(dc)) { 6605 dc->base.pc_next = pc + 2; 6606 return; 6607 } 6608 6609 dc->pc_curr = pc; 6610 insn = arm_lduw_code(env, &dc->base, pc, dc->sctlr_b); 6611 is_16bit = thumb_insn_is_16bit(dc, dc->base.pc_next, insn); 6612 pc += 2; 6613 if (!is_16bit) { 6614 uint32_t insn2 = arm_lduw_code(env, &dc->base, pc, dc->sctlr_b); 6615 insn = insn << 16 | insn2; 6616 pc += 2; 6617 } 6618 dc->base.pc_next = pc; 6619 dc->insn = insn; 6620 6621 if (dc->pstate_il) { 6622 /* 6623 * Illegal execution state. This has priority over BTI 6624 * exceptions, but comes after instruction abort exceptions. 6625 */ 6626 gen_exception_insn(dc, 0, EXCP_UDEF, syn_illegalstate()); 6627 return; 6628 } 6629 6630 if (dc->eci) { 6631 /* 6632 * For M-profile continuable instructions, ECI/ICI handling 6633 * falls into these cases: 6634 * - interrupt-continuable instructions 6635 * These are the various load/store multiple insns (both 6636 * integer and fp). The ICI bits indicate the register 6637 * where the load/store can resume. We make the IMPDEF 6638 * choice to always do "instruction restart", ie ignore 6639 * the ICI value and always execute the ldm/stm from the 6640 * start. So all we need to do is zero PSR.ICI if the 6641 * insn executes. 6642 * - MVE instructions subject to beat-wise execution 6643 * Here the ECI bits indicate which beats have already been 6644 * executed, and we must honour this. Each insn of this 6645 * type will handle it correctly. We will update PSR.ECI 6646 * in the helper function for the insn (some ECI values 6647 * mean that the following insn also has been partially 6648 * executed). 6649 * - Special cases which don't advance ECI 6650 * The insns LE, LETP and BKPT leave the ECI/ICI state 6651 * bits untouched. 6652 * - all other insns (the common case) 6653 * Non-zero ECI/ICI means an INVSTATE UsageFault. 6654 * We place a rewind-marker here. Insns in the previous 6655 * three categories will set a flag in the DisasContext. 6656 * If the flag isn't set after we call disas_thumb_insn() 6657 * or disas_thumb2_insn() then we know we have a "some other 6658 * insn" case. We will rewind to the marker (ie throwing away 6659 * all the generated code) and instead emit "take exception". 6660 */ 6661 insn_eci_rewind = tcg_last_op(); 6662 insn_eci_pc_save = dc->pc_save; 6663 } 6664 6665 if (dc->condexec_mask && !thumb_insn_is_unconditional(dc, insn)) { 6666 uint32_t cond = dc->condexec_cond; 6667 6668 /* 6669 * Conditionally skip the insn. Note that both 0xe and 0xf mean 6670 * "always"; 0xf is not "never". 6671 */ 6672 if (cond < 0x0e) { 6673 arm_skip_unless(dc, cond); 6674 } 6675 } 6676 6677 if (is_16bit) { 6678 disas_thumb_insn(dc, insn); 6679 } else { 6680 disas_thumb2_insn(dc, insn); 6681 } 6682 6683 /* Advance the Thumb condexec condition. */ 6684 if (dc->condexec_mask) { 6685 dc->condexec_cond = ((dc->condexec_cond & 0xe) | 6686 ((dc->condexec_mask >> 4) & 1)); 6687 dc->condexec_mask = (dc->condexec_mask << 1) & 0x1f; 6688 if (dc->condexec_mask == 0) { 6689 dc->condexec_cond = 0; 6690 } 6691 } 6692 6693 if (dc->eci && !dc->eci_handled) { 6694 /* 6695 * Insn wasn't valid for ECI/ICI at all: undo what we 6696 * just generated and instead emit an exception 6697 */ 6698 tcg_remove_ops_after(insn_eci_rewind); 6699 dc->pc_save = insn_eci_pc_save; 6700 dc->condjmp = 0; 6701 gen_exception_insn(dc, 0, EXCP_INVSTATE, syn_uncategorized()); 6702 } 6703 6704 arm_post_translate_insn(dc); 6705 6706 /* Thumb is a variable-length ISA. Stop translation when the next insn 6707 * will touch a new page. This ensures that prefetch aborts occur at 6708 * the right place. 6709 * 6710 * We want to stop the TB if the next insn starts in a new page, 6711 * or if it spans between this page and the next. This means that 6712 * if we're looking at the last halfword in the page we need to 6713 * see if it's a 16-bit Thumb insn (which will fit in this TB) 6714 * or a 32-bit Thumb insn (which won't). 6715 * This is to avoid generating a silly TB with a single 16-bit insn 6716 * in it at the end of this page (which would execute correctly 6717 * but isn't very efficient). 6718 */ 6719 if (dc->base.is_jmp == DISAS_NEXT 6720 && (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE 6721 || (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE - 3 6722 && insn_crosses_page(env, dc)))) { 6723 dc->base.is_jmp = DISAS_TOO_MANY; 6724 } 6725 } 6726 6727 static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) 6728 { 6729 DisasContext *dc = container_of(dcbase, DisasContext, base); 6730 6731 /* At this stage dc->condjmp will only be set when the skipped 6732 instruction was a conditional branch or trap, and the PC has 6733 already been written. */ 6734 gen_set_condexec(dc); 6735 if (dc->base.is_jmp == DISAS_BX_EXCRET) { 6736 /* Exception return branches need some special case code at the 6737 * end of the TB, which is complex enough that it has to 6738 * handle the single-step vs not and the condition-failed 6739 * insn codepath itself. 6740 */ 6741 gen_bx_excret_final_code(dc); 6742 } else if (unlikely(dc->ss_active)) { 6743 /* Unconditional and "condition passed" instruction codepath. */ 6744 switch (dc->base.is_jmp) { 6745 case DISAS_SWI: 6746 gen_ss_advance(dc); 6747 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb)); 6748 break; 6749 case DISAS_HVC: 6750 gen_ss_advance(dc); 6751 gen_exception_el(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2); 6752 break; 6753 case DISAS_SMC: 6754 gen_ss_advance(dc); 6755 gen_exception_el(EXCP_SMC, syn_aa32_smc(), 3); 6756 break; 6757 case DISAS_NEXT: 6758 case DISAS_TOO_MANY: 6759 case DISAS_UPDATE_EXIT: 6760 case DISAS_UPDATE_NOCHAIN: 6761 gen_update_pc(dc, curr_insn_len(dc)); 6762 /* fall through */ 6763 default: 6764 /* FIXME: Single stepping a WFI insn will not halt the CPU. */ 6765 gen_singlestep_exception(dc); 6766 break; 6767 case DISAS_NORETURN: 6768 break; 6769 } 6770 } else { 6771 /* While branches must always occur at the end of an IT block, 6772 there are a few other things that can cause us to terminate 6773 the TB in the middle of an IT block: 6774 - Exception generating instructions (bkpt, swi, undefined). 6775 - Page boundaries. 6776 - Hardware watchpoints. 6777 Hardware breakpoints have already been handled and skip this code. 6778 */ 6779 switch (dc->base.is_jmp) { 6780 case DISAS_NEXT: 6781 case DISAS_TOO_MANY: 6782 gen_goto_tb(dc, 1, curr_insn_len(dc)); 6783 break; 6784 case DISAS_UPDATE_NOCHAIN: 6785 gen_update_pc(dc, curr_insn_len(dc)); 6786 /* fall through */ 6787 case DISAS_JUMP: 6788 gen_goto_ptr(); 6789 break; 6790 case DISAS_UPDATE_EXIT: 6791 gen_update_pc(dc, curr_insn_len(dc)); 6792 /* fall through */ 6793 default: 6794 /* indicate that the hash table must be used to find the next TB */ 6795 tcg_gen_exit_tb(NULL, 0); 6796 break; 6797 case DISAS_NORETURN: 6798 /* nothing more to generate */ 6799 break; 6800 case DISAS_WFI: 6801 gen_helper_wfi(tcg_env, tcg_constant_i32(curr_insn_len(dc))); 6802 /* 6803 * The helper doesn't necessarily throw an exception, but we 6804 * must go back to the main loop to check for interrupts anyway. 6805 */ 6806 tcg_gen_exit_tb(NULL, 0); 6807 break; 6808 case DISAS_WFE: 6809 gen_helper_wfe(tcg_env); 6810 break; 6811 case DISAS_YIELD: 6812 gen_helper_yield(tcg_env); 6813 break; 6814 case DISAS_SWI: 6815 gen_exception(EXCP_SWI, syn_aa32_svc(dc->svc_imm, dc->thumb)); 6816 break; 6817 case DISAS_HVC: 6818 gen_exception_el(EXCP_HVC, syn_aa32_hvc(dc->svc_imm), 2); 6819 break; 6820 case DISAS_SMC: 6821 gen_exception_el(EXCP_SMC, syn_aa32_smc(), 3); 6822 break; 6823 } 6824 } 6825 6826 if (dc->condjmp) { 6827 /* "Condition failed" instruction codepath for the branch/trap insn */ 6828 set_disas_label(dc, dc->condlabel); 6829 gen_set_condexec(dc); 6830 if (unlikely(dc->ss_active)) { 6831 gen_update_pc(dc, curr_insn_len(dc)); 6832 gen_singlestep_exception(dc); 6833 } else { 6834 gen_goto_tb(dc, 1, curr_insn_len(dc)); 6835 } 6836 } 6837 6838 emit_delayed_exceptions(dc); 6839 } 6840 6841 static const TranslatorOps arm_translator_ops = { 6842 .init_disas_context = arm_tr_init_disas_context, 6843 .tb_start = arm_tr_tb_start, 6844 .insn_start = arm_tr_insn_start, 6845 .translate_insn = arm_tr_translate_insn, 6846 .tb_stop = arm_tr_tb_stop, 6847 }; 6848 6849 static const TranslatorOps thumb_translator_ops = { 6850 .init_disas_context = arm_tr_init_disas_context, 6851 .tb_start = arm_tr_tb_start, 6852 .insn_start = arm_tr_insn_start, 6853 .translate_insn = thumb_tr_translate_insn, 6854 .tb_stop = arm_tr_tb_stop, 6855 }; 6856 6857 void arm_translate_code(CPUState *cpu, TranslationBlock *tb, 6858 int *max_insns, vaddr pc, void *host_pc) 6859 { 6860 DisasContext dc = { }; 6861 const TranslatorOps *ops = &arm_translator_ops; 6862 CPUARMTBFlags tb_flags = arm_tbflags_from_tb(tb); 6863 6864 if (EX_TBFLAG_AM32(tb_flags, THUMB)) { 6865 ops = &thumb_translator_ops; 6866 } 6867 #ifdef TARGET_AARCH64 6868 if (EX_TBFLAG_ANY(tb_flags, AARCH64_STATE)) { 6869 ops = &aarch64_translator_ops; 6870 } 6871 #endif 6872 6873 translator_loop(cpu, tb, max_insns, pc, host_pc, ops, &dc.base); 6874 } 6875