xref: /openbmc/qemu/target/arm/tcg/translate-m-nocp.c (revision ad66b5cb)
1 /*
2  *  ARM translation: M-profile NOCP special-case instructions
3  *
4  *  Copyright (c) 2020 Linaro, Ltd.
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "tcg/tcg-op.h"
22 #include "tcg/tcg-op-gvec.h"
23 #include "translate.h"
24 #include "translate-a32.h"
25 
26 #include "decode-m-nocp.c.inc"
27 
28 /*
29  * Decode VLLDM and VLSTM are nonstandard because:
30  *  * if there is no FPU then these insns must NOP in
31  *    Secure state and UNDEF in Nonsecure state
32  *  * if there is an FPU then these insns do not have
33  *    the usual behaviour that vfp_access_check() provides of
34  *    being controlled by CPACR/NSACR enable bits or the
35  *    lazy-stacking logic.
36  */
37 static bool trans_VLLDM_VLSTM(DisasContext *s, arg_VLLDM_VLSTM *a)
38 {
39     TCGv_i32 fptr;
40 
41     if (!arm_dc_feature(s, ARM_FEATURE_M) ||
42         !arm_dc_feature(s, ARM_FEATURE_V8)) {
43         return false;
44     }
45 
46     if (a->op) {
47         /*
48          * T2 encoding ({D0-D31} reglist): v8.1M and up. We choose not
49          * to take the IMPDEF option to make memory accesses to the stack
50          * slots that correspond to the D16-D31 registers (discarding
51          * read data and writing UNKNOWN values), so for us the T2
52          * encoding behaves identically to the T1 encoding.
53          */
54         if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) {
55             return false;
56         }
57     } else {
58         /*
59          * T1 encoding ({D0-D15} reglist); undef if we have 32 Dregs.
60          * This is currently architecturally impossible, but we add the
61          * check to stay in line with the pseudocode. Note that we must
62          * emit code for the UNDEF so it takes precedence over the NOCP.
63          */
64         if (dc_isar_feature(aa32_simd_r32, s)) {
65             unallocated_encoding(s);
66             return true;
67         }
68     }
69 
70     /*
71      * If not secure, UNDEF. We must emit code for this
72      * rather than returning false so that this takes
73      * precedence over the m-nocp.decode NOCP fallback.
74      */
75     if (!s->v8m_secure) {
76         unallocated_encoding(s);
77         return true;
78     }
79 
80     s->eci_handled = true;
81 
82     /* If no fpu, NOP. */
83     if (!dc_isar_feature(aa32_vfp, s)) {
84         clear_eci_state(s);
85         return true;
86     }
87 
88     fptr = load_reg(s, a->rn);
89     if (a->l) {
90         gen_helper_v7m_vlldm(cpu_env, fptr);
91     } else {
92         gen_helper_v7m_vlstm(cpu_env, fptr);
93     }
94 
95     clear_eci_state(s);
96 
97     /*
98      * End the TB, because we have updated FP control bits,
99      * and possibly VPR or LTPSIZE.
100      */
101     s->base.is_jmp = DISAS_UPDATE_EXIT;
102     return true;
103 }
104 
105 static bool trans_VSCCLRM(DisasContext *s, arg_VSCCLRM *a)
106 {
107     int btmreg, topreg;
108     TCGv_i64 zero;
109     TCGv_i32 aspen, sfpa;
110 
111     if (!dc_isar_feature(aa32_m_sec_state, s)) {
112         /* Before v8.1M, fall through in decode to NOCP check */
113         return false;
114     }
115 
116     /* Explicitly UNDEF because this takes precedence over NOCP */
117     if (!arm_dc_feature(s, ARM_FEATURE_M_MAIN) || !s->v8m_secure) {
118         unallocated_encoding(s);
119         return true;
120     }
121 
122     s->eci_handled = true;
123 
124     if (!dc_isar_feature(aa32_vfp_simd, s)) {
125         /* NOP if we have neither FP nor MVE */
126         clear_eci_state(s);
127         return true;
128     }
129 
130     /*
131      * If FPCCR.ASPEN != 0 && CONTROL_S.SFPA == 0 then there is no
132      * active floating point context so we must NOP (without doing
133      * any lazy state preservation or the NOCP check).
134      */
135     aspen = load_cpu_field(v7m.fpccr[M_REG_S]);
136     sfpa = load_cpu_field(v7m.control[M_REG_S]);
137     tcg_gen_andi_i32(aspen, aspen, R_V7M_FPCCR_ASPEN_MASK);
138     tcg_gen_xori_i32(aspen, aspen, R_V7M_FPCCR_ASPEN_MASK);
139     tcg_gen_andi_i32(sfpa, sfpa, R_V7M_CONTROL_SFPA_MASK);
140     tcg_gen_or_i32(sfpa, sfpa, aspen);
141     arm_gen_condlabel(s);
142     tcg_gen_brcondi_i32(TCG_COND_EQ, sfpa, 0, s->condlabel.label);
143 
144     if (s->fp_excp_el != 0) {
145         gen_exception_insn_el(s, 0, EXCP_NOCP,
146                               syn_uncategorized(), s->fp_excp_el);
147         return true;
148     }
149 
150     topreg = a->vd + a->imm - 1;
151     btmreg = a->vd;
152 
153     /* Convert to Sreg numbers if the insn specified in Dregs */
154     if (a->size == 3) {
155         topreg = topreg * 2 + 1;
156         btmreg *= 2;
157     }
158 
159     if (topreg > 63 || (topreg > 31 && !(topreg & 1))) {
160         /* UNPREDICTABLE: we choose to undef */
161         unallocated_encoding(s);
162         return true;
163     }
164 
165     /* Silently ignore requests to clear D16-D31 if they don't exist */
166     if (topreg > 31 && !dc_isar_feature(aa32_simd_r32, s)) {
167         topreg = 31;
168     }
169 
170     if (!vfp_access_check(s)) {
171         return true;
172     }
173 
174     /* Zero the Sregs from btmreg to topreg inclusive. */
175     zero = tcg_constant_i64(0);
176     if (btmreg & 1) {
177         write_neon_element64(zero, btmreg >> 1, 1, MO_32);
178         btmreg++;
179     }
180     for (; btmreg + 1 <= topreg; btmreg += 2) {
181         write_neon_element64(zero, btmreg >> 1, 0, MO_64);
182     }
183     if (btmreg == topreg) {
184         write_neon_element64(zero, btmreg >> 1, 0, MO_32);
185         btmreg++;
186     }
187     assert(btmreg == topreg + 1);
188     if (dc_isar_feature(aa32_mve, s)) {
189         store_cpu_field(tcg_constant_i32(0), v7m.vpr);
190     }
191 
192     clear_eci_state(s);
193     return true;
194 }
195 
196 /*
197  * M-profile provides two different sets of instructions that can
198  * access floating point system registers: VMSR/VMRS (which move
199  * to/from a general purpose register) and VLDR/VSTR sysreg (which
200  * move directly to/from memory). In some cases there are also side
201  * effects which must happen after any write to memory (which could
202  * cause an exception). So we implement the common logic for the
203  * sysreg access in gen_M_fp_sysreg_write() and gen_M_fp_sysreg_read(),
204  * which take pointers to callback functions which will perform the
205  * actual "read/write general purpose register" and "read/write
206  * memory" operations.
207  */
208 
209 /*
210  * Emit code to store the sysreg to its final destination; frees the
211  * TCG temp 'value' it is passed. do_access is true to do the store,
212  * and false to skip it and only perform side-effects like base
213  * register writeback.
214  */
215 typedef void fp_sysreg_storefn(DisasContext *s, void *opaque, TCGv_i32 value,
216                                bool do_access);
217 /*
218  * Emit code to load the value to be copied to the sysreg; returns
219  * a new TCG temporary. do_access is true to do the store,
220  * and false to skip it and only perform side-effects like base
221  * register writeback.
222  */
223 typedef TCGv_i32 fp_sysreg_loadfn(DisasContext *s, void *opaque,
224                                   bool do_access);
225 
226 /* Common decode/access checks for fp sysreg read/write */
227 typedef enum FPSysRegCheckResult {
228     FPSysRegCheckFailed, /* caller should return false */
229     FPSysRegCheckDone, /* caller should return true */
230     FPSysRegCheckContinue, /* caller should continue generating code */
231 } FPSysRegCheckResult;
232 
233 static FPSysRegCheckResult fp_sysreg_checks(DisasContext *s, int regno)
234 {
235     if (!dc_isar_feature(aa32_fpsp_v2, s) && !dc_isar_feature(aa32_mve, s)) {
236         return FPSysRegCheckFailed;
237     }
238 
239     switch (regno) {
240     case ARM_VFP_FPSCR:
241     case QEMU_VFP_FPSCR_NZCV:
242         break;
243     case ARM_VFP_FPSCR_NZCVQC:
244         if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) {
245             return FPSysRegCheckFailed;
246         }
247         break;
248     case ARM_VFP_FPCXT_S:
249     case ARM_VFP_FPCXT_NS:
250         if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) {
251             return FPSysRegCheckFailed;
252         }
253         if (!s->v8m_secure) {
254             return FPSysRegCheckFailed;
255         }
256         break;
257     case ARM_VFP_VPR:
258     case ARM_VFP_P0:
259         if (!dc_isar_feature(aa32_mve, s)) {
260             return FPSysRegCheckFailed;
261         }
262         break;
263     default:
264         return FPSysRegCheckFailed;
265     }
266 
267     /*
268      * FPCXT_NS is a special case: it has specific handling for
269      * "current FP state is inactive", and must do the PreserveFPState()
270      * but not the usual full set of actions done by ExecuteFPCheck().
271      * So we don't call vfp_access_check() and the callers must handle this.
272      */
273     if (regno != ARM_VFP_FPCXT_NS && !vfp_access_check(s)) {
274         return FPSysRegCheckDone;
275     }
276     return FPSysRegCheckContinue;
277 }
278 
279 static void gen_branch_fpInactive(DisasContext *s, TCGCond cond,
280                                   TCGLabel *label)
281 {
282     /*
283      * FPCXT_NS is a special case: it has specific handling for
284      * "current FP state is inactive", and must do the PreserveFPState()
285      * but not the usual full set of actions done by ExecuteFPCheck().
286      * We don't have a TB flag that matches the fpInactive check, so we
287      * do it at runtime as we don't expect FPCXT_NS accesses to be frequent.
288      *
289      * Emit code that checks fpInactive and does a conditional
290      * branch to label based on it:
291      *  if cond is TCG_COND_NE then branch if fpInactive != 0 (ie if inactive)
292      *  if cond is TCG_COND_EQ then branch if fpInactive == 0 (ie if active)
293      */
294     assert(cond == TCG_COND_EQ || cond == TCG_COND_NE);
295 
296     /* fpInactive = FPCCR_NS.ASPEN == 1 && CONTROL.FPCA == 0 */
297     TCGv_i32 aspen, fpca;
298     aspen = load_cpu_field(v7m.fpccr[M_REG_NS]);
299     fpca = load_cpu_field(v7m.control[M_REG_S]);
300     tcg_gen_andi_i32(aspen, aspen, R_V7M_FPCCR_ASPEN_MASK);
301     tcg_gen_xori_i32(aspen, aspen, R_V7M_FPCCR_ASPEN_MASK);
302     tcg_gen_andi_i32(fpca, fpca, R_V7M_CONTROL_FPCA_MASK);
303     tcg_gen_or_i32(fpca, fpca, aspen);
304     tcg_gen_brcondi_i32(tcg_invert_cond(cond), fpca, 0, label);
305 }
306 
307 static bool gen_M_fp_sysreg_write(DisasContext *s, int regno,
308                                   fp_sysreg_loadfn *loadfn,
309                                   void *opaque)
310 {
311     /* Do a write to an M-profile floating point system register */
312     TCGv_i32 tmp;
313     TCGLabel *lab_end = NULL;
314 
315     switch (fp_sysreg_checks(s, regno)) {
316     case FPSysRegCheckFailed:
317         return false;
318     case FPSysRegCheckDone:
319         return true;
320     case FPSysRegCheckContinue:
321         break;
322     }
323 
324     switch (regno) {
325     case ARM_VFP_FPSCR:
326         tmp = loadfn(s, opaque, true);
327         gen_helper_vfp_set_fpscr(cpu_env, tmp);
328         gen_lookup_tb(s);
329         break;
330     case ARM_VFP_FPSCR_NZCVQC:
331     {
332         TCGv_i32 fpscr;
333         tmp = loadfn(s, opaque, true);
334         if (dc_isar_feature(aa32_mve, s)) {
335             /* QC is only present for MVE; otherwise RES0 */
336             TCGv_i32 qc = tcg_temp_new_i32();
337             tcg_gen_andi_i32(qc, tmp, FPCR_QC);
338             /*
339              * The 4 vfp.qc[] fields need only be "zero" vs "non-zero";
340              * here writing the same value into all elements is simplest.
341              */
342             tcg_gen_gvec_dup_i32(MO_32, offsetof(CPUARMState, vfp.qc),
343                                  16, 16, qc);
344         }
345         tcg_gen_andi_i32(tmp, tmp, FPCR_NZCV_MASK);
346         fpscr = load_cpu_field(vfp.xregs[ARM_VFP_FPSCR]);
347         tcg_gen_andi_i32(fpscr, fpscr, ~FPCR_NZCV_MASK);
348         tcg_gen_or_i32(fpscr, fpscr, tmp);
349         store_cpu_field(fpscr, vfp.xregs[ARM_VFP_FPSCR]);
350         break;
351     }
352     case ARM_VFP_FPCXT_NS:
353     {
354         TCGLabel *lab_active = gen_new_label();
355 
356         lab_end = gen_new_label();
357         gen_branch_fpInactive(s, TCG_COND_EQ, lab_active);
358         /*
359          * fpInactive case: write is a NOP, so only do side effects
360          * like register writeback before we branch to end
361          */
362         loadfn(s, opaque, false);
363         tcg_gen_br(lab_end);
364 
365         gen_set_label(lab_active);
366         /*
367          * !fpInactive: if FPU disabled, take NOCP exception;
368          * otherwise PreserveFPState(), and then FPCXT_NS writes
369          * behave the same as FPCXT_S writes.
370          */
371         if (!vfp_access_check_m(s, true)) {
372             /*
373              * This was only a conditional exception, so override
374              * gen_exception_insn_el()'s default to DISAS_NORETURN
375              */
376             s->base.is_jmp = DISAS_NEXT;
377             break;
378         }
379     }
380     /* fall through */
381     case ARM_VFP_FPCXT_S:
382     {
383         TCGv_i32 sfpa, control;
384         /*
385          * Set FPSCR and CONTROL.SFPA from value; the new FPSCR takes
386          * bits [27:0] from value and zeroes bits [31:28].
387          */
388         tmp = loadfn(s, opaque, true);
389         sfpa = tcg_temp_new_i32();
390         tcg_gen_shri_i32(sfpa, tmp, 31);
391         control = load_cpu_field(v7m.control[M_REG_S]);
392         tcg_gen_deposit_i32(control, control, sfpa,
393                             R_V7M_CONTROL_SFPA_SHIFT, 1);
394         store_cpu_field(control, v7m.control[M_REG_S]);
395         tcg_gen_andi_i32(tmp, tmp, ~FPCR_NZCV_MASK);
396         gen_helper_vfp_set_fpscr(cpu_env, tmp);
397         s->base.is_jmp = DISAS_UPDATE_NOCHAIN;
398         break;
399     }
400     case ARM_VFP_VPR:
401         /* Behaves as NOP if not privileged */
402         if (IS_USER(s)) {
403             loadfn(s, opaque, false);
404             break;
405         }
406         tmp = loadfn(s, opaque, true);
407         store_cpu_field(tmp, v7m.vpr);
408         s->base.is_jmp = DISAS_UPDATE_NOCHAIN;
409         break;
410     case ARM_VFP_P0:
411     {
412         TCGv_i32 vpr;
413         tmp = loadfn(s, opaque, true);
414         vpr = load_cpu_field(v7m.vpr);
415         tcg_gen_deposit_i32(vpr, vpr, tmp,
416                             R_V7M_VPR_P0_SHIFT, R_V7M_VPR_P0_LENGTH);
417         store_cpu_field(vpr, v7m.vpr);
418         s->base.is_jmp = DISAS_UPDATE_NOCHAIN;
419         break;
420     }
421     default:
422         g_assert_not_reached();
423     }
424     if (lab_end) {
425         gen_set_label(lab_end);
426     }
427     return true;
428 }
429 
430 static bool gen_M_fp_sysreg_read(DisasContext *s, int regno,
431                                  fp_sysreg_storefn *storefn,
432                                  void *opaque)
433 {
434     /* Do a read from an M-profile floating point system register */
435     TCGv_i32 tmp;
436     TCGLabel *lab_end = NULL;
437     bool lookup_tb = false;
438 
439     switch (fp_sysreg_checks(s, regno)) {
440     case FPSysRegCheckFailed:
441         return false;
442     case FPSysRegCheckDone:
443         return true;
444     case FPSysRegCheckContinue:
445         break;
446     }
447 
448     if (regno == ARM_VFP_FPSCR_NZCVQC && !dc_isar_feature(aa32_mve, s)) {
449         /* QC is RES0 without MVE, so NZCVQC simplifies to NZCV */
450         regno = QEMU_VFP_FPSCR_NZCV;
451     }
452 
453     switch (regno) {
454     case ARM_VFP_FPSCR:
455         tmp = tcg_temp_new_i32();
456         gen_helper_vfp_get_fpscr(tmp, cpu_env);
457         storefn(s, opaque, tmp, true);
458         break;
459     case ARM_VFP_FPSCR_NZCVQC:
460         tmp = tcg_temp_new_i32();
461         gen_helper_vfp_get_fpscr(tmp, cpu_env);
462         tcg_gen_andi_i32(tmp, tmp, FPCR_NZCVQC_MASK);
463         storefn(s, opaque, tmp, true);
464         break;
465     case QEMU_VFP_FPSCR_NZCV:
466         /*
467          * Read just NZCV; this is a special case to avoid the
468          * helper call for the "VMRS to CPSR.NZCV" insn.
469          */
470         tmp = load_cpu_field(vfp.xregs[ARM_VFP_FPSCR]);
471         tcg_gen_andi_i32(tmp, tmp, FPCR_NZCV_MASK);
472         storefn(s, opaque, tmp, true);
473         break;
474     case ARM_VFP_FPCXT_S:
475     {
476         TCGv_i32 control, sfpa, fpscr;
477         /* Bits [27:0] from FPSCR, bit [31] from CONTROL.SFPA */
478         tmp = tcg_temp_new_i32();
479         sfpa = tcg_temp_new_i32();
480         gen_helper_vfp_get_fpscr(tmp, cpu_env);
481         tcg_gen_andi_i32(tmp, tmp, ~FPCR_NZCV_MASK);
482         control = load_cpu_field(v7m.control[M_REG_S]);
483         tcg_gen_andi_i32(sfpa, control, R_V7M_CONTROL_SFPA_MASK);
484         tcg_gen_shli_i32(sfpa, sfpa, 31 - R_V7M_CONTROL_SFPA_SHIFT);
485         tcg_gen_or_i32(tmp, tmp, sfpa);
486         /*
487          * Store result before updating FPSCR etc, in case
488          * it is a memory write which causes an exception.
489          */
490         storefn(s, opaque, tmp, true);
491         /*
492          * Now we must reset FPSCR from FPDSCR_NS, and clear
493          * CONTROL.SFPA; so we'll end the TB here.
494          */
495         tcg_gen_andi_i32(control, control, ~R_V7M_CONTROL_SFPA_MASK);
496         store_cpu_field(control, v7m.control[M_REG_S]);
497         fpscr = load_cpu_field(v7m.fpdscr[M_REG_NS]);
498         gen_helper_vfp_set_fpscr(cpu_env, fpscr);
499         lookup_tb = true;
500         break;
501     }
502     case ARM_VFP_FPCXT_NS:
503     {
504         TCGv_i32 control, sfpa, fpscr, fpdscr;
505         TCGLabel *lab_active = gen_new_label();
506 
507         lookup_tb = true;
508 
509         gen_branch_fpInactive(s, TCG_COND_EQ, lab_active);
510         /* fpInactive case: reads as FPDSCR_NS */
511         TCGv_i32 tmp = load_cpu_field(v7m.fpdscr[M_REG_NS]);
512         storefn(s, opaque, tmp, true);
513         lab_end = gen_new_label();
514         tcg_gen_br(lab_end);
515 
516         gen_set_label(lab_active);
517         /*
518          * !fpInactive: if FPU disabled, take NOCP exception;
519          * otherwise PreserveFPState(), and then FPCXT_NS
520          * reads the same as FPCXT_S.
521          */
522         if (!vfp_access_check_m(s, true)) {
523             /*
524              * This was only a conditional exception, so override
525              * gen_exception_insn_el()'s default to DISAS_NORETURN
526              */
527             s->base.is_jmp = DISAS_NEXT;
528             break;
529         }
530         tmp = tcg_temp_new_i32();
531         sfpa = tcg_temp_new_i32();
532         fpscr = tcg_temp_new_i32();
533         gen_helper_vfp_get_fpscr(fpscr, cpu_env);
534         tcg_gen_andi_i32(tmp, fpscr, ~FPCR_NZCV_MASK);
535         control = load_cpu_field(v7m.control[M_REG_S]);
536         tcg_gen_andi_i32(sfpa, control, R_V7M_CONTROL_SFPA_MASK);
537         tcg_gen_shli_i32(sfpa, sfpa, 31 - R_V7M_CONTROL_SFPA_SHIFT);
538         tcg_gen_or_i32(tmp, tmp, sfpa);
539         /* Store result before updating FPSCR, in case it faults */
540         storefn(s, opaque, tmp, true);
541         /* If SFPA is zero then set FPSCR from FPDSCR_NS */
542         fpdscr = load_cpu_field(v7m.fpdscr[M_REG_NS]);
543         tcg_gen_movcond_i32(TCG_COND_EQ, fpscr, sfpa, tcg_constant_i32(0),
544                             fpdscr, fpscr);
545         gen_helper_vfp_set_fpscr(cpu_env, fpscr);
546         break;
547     }
548     case ARM_VFP_VPR:
549         /* Behaves as NOP if not privileged */
550         if (IS_USER(s)) {
551             storefn(s, opaque, NULL, false);
552             break;
553         }
554         tmp = load_cpu_field(v7m.vpr);
555         storefn(s, opaque, tmp, true);
556         break;
557     case ARM_VFP_P0:
558         tmp = load_cpu_field(v7m.vpr);
559         tcg_gen_extract_i32(tmp, tmp, R_V7M_VPR_P0_SHIFT, R_V7M_VPR_P0_LENGTH);
560         storefn(s, opaque, tmp, true);
561         break;
562     default:
563         g_assert_not_reached();
564     }
565 
566     if (lab_end) {
567         gen_set_label(lab_end);
568     }
569     if (lookup_tb) {
570         gen_lookup_tb(s);
571     }
572     return true;
573 }
574 
575 static void fp_sysreg_to_gpr(DisasContext *s, void *opaque, TCGv_i32 value,
576                              bool do_access)
577 {
578     arg_VMSR_VMRS *a = opaque;
579 
580     if (!do_access) {
581         return;
582     }
583 
584     if (a->rt == 15) {
585         /* Set the 4 flag bits in the CPSR */
586         gen_set_nzcv(value);
587     } else {
588         store_reg(s, a->rt, value);
589     }
590 }
591 
592 static TCGv_i32 gpr_to_fp_sysreg(DisasContext *s, void *opaque, bool do_access)
593 {
594     arg_VMSR_VMRS *a = opaque;
595 
596     if (!do_access) {
597         return NULL;
598     }
599     return load_reg(s, a->rt);
600 }
601 
602 static bool trans_VMSR_VMRS(DisasContext *s, arg_VMSR_VMRS *a)
603 {
604     /*
605      * Accesses to R15 are UNPREDICTABLE; we choose to undef.
606      * FPSCR -> r15 is a special case which writes to the PSR flags;
607      * set a->reg to a special value to tell gen_M_fp_sysreg_read()
608      * we only care about the top 4 bits of FPSCR there.
609      */
610     if (a->rt == 15) {
611         if (a->l && a->reg == ARM_VFP_FPSCR) {
612             a->reg = QEMU_VFP_FPSCR_NZCV;
613         } else {
614             return false;
615         }
616     }
617 
618     if (a->l) {
619         /* VMRS, move FP system register to gp register */
620         return gen_M_fp_sysreg_read(s, a->reg, fp_sysreg_to_gpr, a);
621     } else {
622         /* VMSR, move gp register to FP system register */
623         return gen_M_fp_sysreg_write(s, a->reg, gpr_to_fp_sysreg, a);
624     }
625 }
626 
627 static void fp_sysreg_to_memory(DisasContext *s, void *opaque, TCGv_i32 value,
628                                 bool do_access)
629 {
630     arg_vldr_sysreg *a = opaque;
631     uint32_t offset = a->imm;
632     TCGv_i32 addr;
633 
634     if (!a->a) {
635         offset = -offset;
636     }
637 
638     if (!do_access && !a->w) {
639         return;
640     }
641 
642     addr = load_reg(s, a->rn);
643     if (a->p) {
644         tcg_gen_addi_i32(addr, addr, offset);
645     }
646 
647     if (s->v8m_stackcheck && a->rn == 13 && a->w) {
648         gen_helper_v8m_stackcheck(cpu_env, addr);
649     }
650 
651     if (do_access) {
652         gen_aa32_st_i32(s, value, addr, get_mem_index(s),
653                         MO_UL | MO_ALIGN | s->be_data);
654     }
655 
656     if (a->w) {
657         /* writeback */
658         if (!a->p) {
659             tcg_gen_addi_i32(addr, addr, offset);
660         }
661         store_reg(s, a->rn, addr);
662     }
663 }
664 
665 static TCGv_i32 memory_to_fp_sysreg(DisasContext *s, void *opaque,
666                                     bool do_access)
667 {
668     arg_vldr_sysreg *a = opaque;
669     uint32_t offset = a->imm;
670     TCGv_i32 addr;
671     TCGv_i32 value = NULL;
672 
673     if (!a->a) {
674         offset = -offset;
675     }
676 
677     if (!do_access && !a->w) {
678         return NULL;
679     }
680 
681     addr = load_reg(s, a->rn);
682     if (a->p) {
683         tcg_gen_addi_i32(addr, addr, offset);
684     }
685 
686     if (s->v8m_stackcheck && a->rn == 13 && a->w) {
687         gen_helper_v8m_stackcheck(cpu_env, addr);
688     }
689 
690     if (do_access) {
691         value = tcg_temp_new_i32();
692         gen_aa32_ld_i32(s, value, addr, get_mem_index(s),
693                         MO_UL | MO_ALIGN | s->be_data);
694     }
695 
696     if (a->w) {
697         /* writeback */
698         if (!a->p) {
699             tcg_gen_addi_i32(addr, addr, offset);
700         }
701         store_reg(s, a->rn, addr);
702     }
703     return value;
704 }
705 
706 static bool trans_VLDR_sysreg(DisasContext *s, arg_vldr_sysreg *a)
707 {
708     if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) {
709         return false;
710     }
711     if (a->rn == 15) {
712         return false;
713     }
714     return gen_M_fp_sysreg_write(s, a->reg, memory_to_fp_sysreg, a);
715 }
716 
717 static bool trans_VSTR_sysreg(DisasContext *s, arg_vldr_sysreg *a)
718 {
719     if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) {
720         return false;
721     }
722     if (a->rn == 15) {
723         return false;
724     }
725     return gen_M_fp_sysreg_read(s, a->reg, fp_sysreg_to_memory, a);
726 }
727 
728 static bool trans_NOCP(DisasContext *s, arg_nocp *a)
729 {
730     /*
731      * Handle M-profile early check for disabled coprocessor:
732      * all we need to do here is emit the NOCP exception if
733      * the coprocessor is disabled. Otherwise we return false
734      * and the real VFP/etc decode will handle the insn.
735      */
736     assert(arm_dc_feature(s, ARM_FEATURE_M));
737 
738     if (a->cp == 11) {
739         a->cp = 10;
740     }
741     if (arm_dc_feature(s, ARM_FEATURE_V8_1M) &&
742         (a->cp == 8 || a->cp == 9 || a->cp == 14 || a->cp == 15)) {
743         /* in v8.1M cp 8, 9, 14, 15 also are governed by the cp10 enable */
744         a->cp = 10;
745     }
746 
747     if (a->cp != 10) {
748         gen_exception_insn(s, 0, EXCP_NOCP, syn_uncategorized());
749         return true;
750     }
751 
752     if (s->fp_excp_el != 0) {
753         gen_exception_insn_el(s, 0, EXCP_NOCP,
754                               syn_uncategorized(), s->fp_excp_el);
755         return true;
756     }
757 
758     return false;
759 }
760 
761 static bool trans_NOCP_8_1(DisasContext *s, arg_nocp *a)
762 {
763     /* This range needs a coprocessor check for v8.1M and later only */
764     if (!arm_dc_feature(s, ARM_FEATURE_V8_1M)) {
765         return false;
766     }
767     return trans_NOCP(s, a);
768 }
769