xref: /openbmc/qemu/target/avr/translate.c (revision 1580b897)
1 /*
2  * QEMU AVR CPU
3  *
4  * Copyright (c) 2019-2020 Michael Rolnik
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see
18  * <http://www.gnu.org/licenses/lgpl-2.1.html>
19  */
20 
21 #include "qemu/osdep.h"
22 #include "qemu/qemu-print.h"
23 #include "tcg/tcg.h"
24 #include "cpu.h"
25 #include "exec/exec-all.h"
26 #include "tcg/tcg-op.h"
27 #include "exec/cpu_ldst.h"
28 #include "exec/helper-proto.h"
29 #include "exec/helper-gen.h"
30 #include "exec/log.h"
31 #include "exec/translator.h"
32 #include "exec/gen-icount.h"
33 
34 /*
35  *  Define if you want a BREAK instruction translated to a breakpoint
36  *  Active debugging connection is assumed
37  *  This is for
38  *  https://github.com/seharris/qemu-avr-tests/tree/master/instruction-tests
39  *  tests
40  */
41 #undef BREAKPOINT_ON_BREAK
42 
43 static TCGv cpu_pc;
44 
45 static TCGv cpu_Cf;
46 static TCGv cpu_Zf;
47 static TCGv cpu_Nf;
48 static TCGv cpu_Vf;
49 static TCGv cpu_Sf;
50 static TCGv cpu_Hf;
51 static TCGv cpu_Tf;
52 static TCGv cpu_If;
53 
54 static TCGv cpu_rampD;
55 static TCGv cpu_rampX;
56 static TCGv cpu_rampY;
57 static TCGv cpu_rampZ;
58 
59 static TCGv cpu_r[NUMBER_OF_CPU_REGISTERS];
60 static TCGv cpu_eind;
61 static TCGv cpu_sp;
62 
63 static TCGv cpu_skip;
64 
65 static const char reg_names[NUMBER_OF_CPU_REGISTERS][8] = {
66     "r0",  "r1",  "r2",  "r3",  "r4",  "r5",  "r6",  "r7",
67     "r8",  "r9",  "r10", "r11", "r12", "r13", "r14", "r15",
68     "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
69     "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
70 };
71 #define REG(x) (cpu_r[x])
72 
73 enum {
74     DISAS_EXIT   = DISAS_TARGET_0,  /* We want return to the cpu main loop.  */
75     DISAS_LOOKUP = DISAS_TARGET_1,  /* We have a variable condition exit.  */
76     DISAS_CHAIN  = DISAS_TARGET_2,  /* We have a single condition exit.  */
77 };
78 
79 typedef struct DisasContext DisasContext;
80 
81 /* This is the state at translation time. */
82 struct DisasContext {
83     DisasContextBase base;
84 
85     CPUAVRState *env;
86     CPUState *cs;
87 
88     target_long npc;
89     uint32_t opcode;
90 
91     /* Routine used to access memory */
92     int memidx;
93 
94     /*
95      * some AVR instructions can make the following instruction to be skipped
96      * Let's name those instructions
97      *     A   - instruction that can skip the next one
98      *     B   - instruction that can be skipped. this depends on execution of A
99      * there are two scenarios
100      * 1. A and B belong to the same translation block
101      * 2. A is the last instruction in the translation block and B is the last
102      *
103      * following variables are used to simplify the skipping logic, they are
104      * used in the following manner (sketch)
105      *
106      * TCGLabel *skip_label = NULL;
107      * if (ctx->skip_cond != TCG_COND_NEVER) {
108      *     skip_label = gen_new_label();
109      *     tcg_gen_brcond_tl(skip_cond, skip_var0, skip_var1, skip_label);
110      * }
111      *
112      * if (free_skip_var0) {
113      *     tcg_temp_free(skip_var0);
114      *     free_skip_var0 = false;
115      * }
116      *
117      * translate(ctx);
118      *
119      * if (skip_label) {
120      *     gen_set_label(skip_label);
121      * }
122      */
123     TCGv skip_var0;
124     TCGv skip_var1;
125     TCGCond skip_cond;
126     bool free_skip_var0;
127 };
128 
129 void avr_cpu_tcg_init(void)
130 {
131     int i;
132 
133 #define AVR_REG_OFFS(x) offsetof(CPUAVRState, x)
134     cpu_pc = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(pc_w), "pc");
135     cpu_Cf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregC), "Cf");
136     cpu_Zf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregZ), "Zf");
137     cpu_Nf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregN), "Nf");
138     cpu_Vf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregV), "Vf");
139     cpu_Sf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregS), "Sf");
140     cpu_Hf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregH), "Hf");
141     cpu_Tf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregT), "Tf");
142     cpu_If = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregI), "If");
143     cpu_rampD = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampD), "rampD");
144     cpu_rampX = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampX), "rampX");
145     cpu_rampY = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampY), "rampY");
146     cpu_rampZ = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampZ), "rampZ");
147     cpu_eind = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(eind), "eind");
148     cpu_sp = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sp), "sp");
149     cpu_skip = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(skip), "skip");
150 
151     for (i = 0; i < NUMBER_OF_CPU_REGISTERS; i++) {
152         cpu_r[i] = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(r[i]),
153                                           reg_names[i]);
154     }
155 #undef AVR_REG_OFFS
156 }
157 
158 static int to_regs_16_31_by_one(DisasContext *ctx, int indx)
159 {
160     return 16 + (indx % 16);
161 }
162 
163 static int to_regs_16_23_by_one(DisasContext *ctx, int indx)
164 {
165     return 16 + (indx % 8);
166 }
167 
168 static int to_regs_24_30_by_two(DisasContext *ctx, int indx)
169 {
170     return 24 + (indx % 4) * 2;
171 }
172 
173 static int to_regs_00_30_by_two(DisasContext *ctx, int indx)
174 {
175     return (indx % 16) * 2;
176 }
177 
178 static uint16_t next_word(DisasContext *ctx)
179 {
180     return cpu_lduw_code(ctx->env, ctx->npc++ * 2);
181 }
182 
183 static int append_16(DisasContext *ctx, int x)
184 {
185     return x << 16 | next_word(ctx);
186 }
187 
188 static bool avr_have_feature(DisasContext *ctx, int feature)
189 {
190     if (!avr_feature(ctx->env, feature)) {
191         gen_helper_unsupported(cpu_env);
192         ctx->base.is_jmp = DISAS_NORETURN;
193         return false;
194     }
195     return true;
196 }
197 
198 static bool decode_insn(DisasContext *ctx, uint16_t insn);
199 #include "decode-insn.c.inc"
200 
201 /*
202  * Arithmetic Instructions
203  */
204 
205 /*
206  * Utility functions for updating status registers:
207  *
208  *   - gen_add_CHf()
209  *   - gen_add_Vf()
210  *   - gen_sub_CHf()
211  *   - gen_sub_Vf()
212  *   - gen_NSf()
213  *   - gen_ZNSf()
214  *
215  */
216 
217 static void gen_add_CHf(TCGv R, TCGv Rd, TCGv Rr)
218 {
219     TCGv t1 = tcg_temp_new_i32();
220     TCGv t2 = tcg_temp_new_i32();
221     TCGv t3 = tcg_temp_new_i32();
222 
223     tcg_gen_and_tl(t1, Rd, Rr); /* t1 = Rd & Rr */
224     tcg_gen_andc_tl(t2, Rd, R); /* t2 = Rd & ~R */
225     tcg_gen_andc_tl(t3, Rr, R); /* t3 = Rr & ~R */
226     tcg_gen_or_tl(t1, t1, t2); /* t1 = t1 | t2 | t3 */
227     tcg_gen_or_tl(t1, t1, t3);
228 
229     tcg_gen_shri_tl(cpu_Cf, t1, 7); /* Cf = t1(7) */
230     tcg_gen_shri_tl(cpu_Hf, t1, 3); /* Hf = t1(3) */
231     tcg_gen_andi_tl(cpu_Hf, cpu_Hf, 1);
232 
233     tcg_temp_free_i32(t3);
234     tcg_temp_free_i32(t2);
235     tcg_temp_free_i32(t1);
236 }
237 
238 static void gen_add_Vf(TCGv R, TCGv Rd, TCGv Rr)
239 {
240     TCGv t1 = tcg_temp_new_i32();
241     TCGv t2 = tcg_temp_new_i32();
242 
243     /* t1 = Rd & Rr & ~R | ~Rd & ~Rr & R */
244     /*    = (Rd ^ R) & ~(Rd ^ Rr) */
245     tcg_gen_xor_tl(t1, Rd, R);
246     tcg_gen_xor_tl(t2, Rd, Rr);
247     tcg_gen_andc_tl(t1, t1, t2);
248 
249     tcg_gen_shri_tl(cpu_Vf, t1, 7); /* Vf = t1(7) */
250 
251     tcg_temp_free_i32(t2);
252     tcg_temp_free_i32(t1);
253 }
254 
255 static void gen_sub_CHf(TCGv R, TCGv Rd, TCGv Rr)
256 {
257     TCGv t1 = tcg_temp_new_i32();
258     TCGv t2 = tcg_temp_new_i32();
259     TCGv t3 = tcg_temp_new_i32();
260 
261     tcg_gen_not_tl(t1, Rd); /* t1 = ~Rd */
262     tcg_gen_and_tl(t2, t1, Rr); /* t2 = ~Rd & Rr */
263     tcg_gen_or_tl(t3, t1, Rr); /* t3 = (~Rd | Rr) & R */
264     tcg_gen_and_tl(t3, t3, R);
265     tcg_gen_or_tl(t2, t2, t3); /* t2 = ~Rd & Rr | ~Rd & R | R & Rr */
266 
267     tcg_gen_shri_tl(cpu_Cf, t2, 7); /* Cf = t2(7) */
268     tcg_gen_shri_tl(cpu_Hf, t2, 3); /* Hf = t2(3) */
269     tcg_gen_andi_tl(cpu_Hf, cpu_Hf, 1);
270 
271     tcg_temp_free_i32(t3);
272     tcg_temp_free_i32(t2);
273     tcg_temp_free_i32(t1);
274 }
275 
276 static void gen_sub_Vf(TCGv R, TCGv Rd, TCGv Rr)
277 {
278     TCGv t1 = tcg_temp_new_i32();
279     TCGv t2 = tcg_temp_new_i32();
280 
281     /* t1 = Rd & ~Rr & ~R | ~Rd & Rr & R */
282     /*    = (Rd ^ R) & (Rd ^ R) */
283     tcg_gen_xor_tl(t1, Rd, R);
284     tcg_gen_xor_tl(t2, Rd, Rr);
285     tcg_gen_and_tl(t1, t1, t2);
286 
287     tcg_gen_shri_tl(cpu_Vf, t1, 7); /* Vf = t1(7) */
288 
289     tcg_temp_free_i32(t2);
290     tcg_temp_free_i32(t1);
291 }
292 
293 static void gen_NSf(TCGv R)
294 {
295     tcg_gen_shri_tl(cpu_Nf, R, 7); /* Nf = R(7) */
296     tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */
297 }
298 
299 static void gen_ZNSf(TCGv R)
300 {
301     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
302 
303     /* update status register */
304     tcg_gen_shri_tl(cpu_Nf, R, 7); /* Nf = R(7) */
305     tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */
306 }
307 
308 /*
309  *  Adds two registers without the C Flag and places the result in the
310  *  destination register Rd.
311  */
312 static bool trans_ADD(DisasContext *ctx, arg_ADD *a)
313 {
314     TCGv Rd = cpu_r[a->rd];
315     TCGv Rr = cpu_r[a->rr];
316     TCGv R = tcg_temp_new_i32();
317 
318     tcg_gen_add_tl(R, Rd, Rr); /* Rd = Rd + Rr */
319     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
320 
321     /* update status register */
322     gen_add_CHf(R, Rd, Rr);
323     gen_add_Vf(R, Rd, Rr);
324     gen_ZNSf(R);
325 
326     /* update output registers */
327     tcg_gen_mov_tl(Rd, R);
328 
329     tcg_temp_free_i32(R);
330 
331     return true;
332 }
333 
334 /*
335  *  Adds two registers and the contents of the C Flag and places the result in
336  *  the destination register Rd.
337  */
338 static bool trans_ADC(DisasContext *ctx, arg_ADC *a)
339 {
340     TCGv Rd = cpu_r[a->rd];
341     TCGv Rr = cpu_r[a->rr];
342     TCGv R = tcg_temp_new_i32();
343 
344     tcg_gen_add_tl(R, Rd, Rr); /* R = Rd + Rr + Cf */
345     tcg_gen_add_tl(R, R, cpu_Cf);
346     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
347 
348     /* update status register */
349     gen_add_CHf(R, Rd, Rr);
350     gen_add_Vf(R, Rd, Rr);
351     gen_ZNSf(R);
352 
353     /* update output registers */
354     tcg_gen_mov_tl(Rd, R);
355 
356     tcg_temp_free_i32(R);
357 
358     return true;
359 }
360 
361 /*
362  *  Adds an immediate value (0 - 63) to a register pair and places the result
363  *  in the register pair. This instruction operates on the upper four register
364  *  pairs, and is well suited for operations on the pointer registers.  This
365  *  instruction is not available in all devices. Refer to the device specific
366  *  instruction set summary.
367  */
368 static bool trans_ADIW(DisasContext *ctx, arg_ADIW *a)
369 {
370     if (!avr_have_feature(ctx, AVR_FEATURE_ADIW_SBIW)) {
371         return true;
372     }
373 
374     TCGv RdL = cpu_r[a->rd];
375     TCGv RdH = cpu_r[a->rd + 1];
376     int Imm = (a->imm);
377     TCGv R = tcg_temp_new_i32();
378     TCGv Rd = tcg_temp_new_i32();
379 
380     tcg_gen_deposit_tl(Rd, RdL, RdH, 8, 8); /* Rd = RdH:RdL */
381     tcg_gen_addi_tl(R, Rd, Imm); /* R = Rd + Imm */
382     tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */
383 
384     /* update status register */
385     tcg_gen_andc_tl(cpu_Cf, Rd, R); /* Cf = Rd & ~R */
386     tcg_gen_shri_tl(cpu_Cf, cpu_Cf, 15);
387     tcg_gen_andc_tl(cpu_Vf, R, Rd); /* Vf = R & ~Rd */
388     tcg_gen_shri_tl(cpu_Vf, cpu_Vf, 15);
389     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
390     tcg_gen_shri_tl(cpu_Nf, R, 15); /* Nf = R(15) */
391     tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf);/* Sf = Nf ^ Vf */
392 
393     /* update output registers */
394     tcg_gen_andi_tl(RdL, R, 0xff);
395     tcg_gen_shri_tl(RdH, R, 8);
396 
397     tcg_temp_free_i32(Rd);
398     tcg_temp_free_i32(R);
399 
400     return true;
401 }
402 
403 /*
404  *  Subtracts two registers and places the result in the destination
405  *  register Rd.
406  */
407 static bool trans_SUB(DisasContext *ctx, arg_SUB *a)
408 {
409     TCGv Rd = cpu_r[a->rd];
410     TCGv Rr = cpu_r[a->rr];
411     TCGv R = tcg_temp_new_i32();
412 
413     tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr */
414     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
415 
416     /* update status register */
417     tcg_gen_andc_tl(cpu_Cf, Rd, R); /* Cf = Rd & ~R */
418     gen_sub_CHf(R, Rd, Rr);
419     gen_sub_Vf(R, Rd, Rr);
420     gen_ZNSf(R);
421 
422     /* update output registers */
423     tcg_gen_mov_tl(Rd, R);
424 
425     tcg_temp_free_i32(R);
426 
427     return true;
428 }
429 
430 /*
431  *  Subtracts a register and a constant and places the result in the
432  *  destination register Rd. This instruction is working on Register R16 to R31
433  *  and is very well suited for operations on the X, Y, and Z-pointers.
434  */
435 static bool trans_SUBI(DisasContext *ctx, arg_SUBI *a)
436 {
437     TCGv Rd = cpu_r[a->rd];
438     TCGv Rr = tcg_const_i32(a->imm);
439     TCGv R = tcg_temp_new_i32();
440 
441     tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Imm */
442     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
443 
444     /* update status register */
445     gen_sub_CHf(R, Rd, Rr);
446     gen_sub_Vf(R, Rd, Rr);
447     gen_ZNSf(R);
448 
449     /* update output registers */
450     tcg_gen_mov_tl(Rd, R);
451 
452     tcg_temp_free_i32(R);
453     tcg_temp_free_i32(Rr);
454 
455     return true;
456 }
457 
458 /*
459  *  Subtracts two registers and subtracts with the C Flag and places the
460  *  result in the destination register Rd.
461  */
462 static bool trans_SBC(DisasContext *ctx, arg_SBC *a)
463 {
464     TCGv Rd = cpu_r[a->rd];
465     TCGv Rr = cpu_r[a->rr];
466     TCGv R = tcg_temp_new_i32();
467     TCGv zero = tcg_const_i32(0);
468 
469     tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr - Cf */
470     tcg_gen_sub_tl(R, R, cpu_Cf);
471     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
472 
473     /* update status register */
474     gen_sub_CHf(R, Rd, Rr);
475     gen_sub_Vf(R, Rd, Rr);
476     gen_NSf(R);
477 
478     /*
479      * Previous value remains unchanged when the result is zero;
480      * cleared otherwise.
481      */
482     tcg_gen_movcond_tl(TCG_COND_EQ, cpu_Zf, R, zero, cpu_Zf, zero);
483 
484     /* update output registers */
485     tcg_gen_mov_tl(Rd, R);
486 
487     tcg_temp_free_i32(zero);
488     tcg_temp_free_i32(R);
489 
490     return true;
491 }
492 
493 /*
494  *  SBCI -- Subtract Immediate with Carry
495  */
496 static bool trans_SBCI(DisasContext *ctx, arg_SBCI *a)
497 {
498     TCGv Rd = cpu_r[a->rd];
499     TCGv Rr = tcg_const_i32(a->imm);
500     TCGv R = tcg_temp_new_i32();
501     TCGv zero = tcg_const_i32(0);
502 
503     tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr - Cf */
504     tcg_gen_sub_tl(R, R, cpu_Cf);
505     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
506 
507     /* update status register */
508     gen_sub_CHf(R, Rd, Rr);
509     gen_sub_Vf(R, Rd, Rr);
510     gen_NSf(R);
511 
512     /*
513      * Previous value remains unchanged when the result is zero;
514      * cleared otherwise.
515      */
516     tcg_gen_movcond_tl(TCG_COND_EQ, cpu_Zf, R, zero, cpu_Zf, zero);
517 
518     /* update output registers */
519     tcg_gen_mov_tl(Rd, R);
520 
521     tcg_temp_free_i32(zero);
522     tcg_temp_free_i32(R);
523     tcg_temp_free_i32(Rr);
524 
525     return true;
526 }
527 
528 /*
529  *  Subtracts an immediate value (0-63) from a register pair and places the
530  *  result in the register pair. This instruction operates on the upper four
531  *  register pairs, and is well suited for operations on the Pointer Registers.
532  *  This instruction is not available in all devices. Refer to the device
533  *  specific instruction set summary.
534  */
535 static bool trans_SBIW(DisasContext *ctx, arg_SBIW *a)
536 {
537     if (!avr_have_feature(ctx, AVR_FEATURE_ADIW_SBIW)) {
538         return true;
539     }
540 
541     TCGv RdL = cpu_r[a->rd];
542     TCGv RdH = cpu_r[a->rd + 1];
543     int Imm = (a->imm);
544     TCGv R = tcg_temp_new_i32();
545     TCGv Rd = tcg_temp_new_i32();
546 
547     tcg_gen_deposit_tl(Rd, RdL, RdH, 8, 8); /* Rd = RdH:RdL */
548     tcg_gen_subi_tl(R, Rd, Imm); /* R = Rd - Imm */
549     tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */
550 
551     /* update status register */
552     tcg_gen_andc_tl(cpu_Cf, R, Rd);
553     tcg_gen_shri_tl(cpu_Cf, cpu_Cf, 15); /* Cf = R & ~Rd */
554     tcg_gen_andc_tl(cpu_Vf, Rd, R);
555     tcg_gen_shri_tl(cpu_Vf, cpu_Vf, 15); /* Vf = Rd & ~R */
556     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
557     tcg_gen_shri_tl(cpu_Nf, R, 15); /* Nf = R(15) */
558     tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */
559 
560     /* update output registers */
561     tcg_gen_andi_tl(RdL, R, 0xff);
562     tcg_gen_shri_tl(RdH, R, 8);
563 
564     tcg_temp_free_i32(Rd);
565     tcg_temp_free_i32(R);
566 
567     return true;
568 }
569 
570 /*
571  *  Performs the logical AND between the contents of register Rd and register
572  *  Rr and places the result in the destination register Rd.
573  */
574 static bool trans_AND(DisasContext *ctx, arg_AND *a)
575 {
576     TCGv Rd = cpu_r[a->rd];
577     TCGv Rr = cpu_r[a->rr];
578     TCGv R = tcg_temp_new_i32();
579 
580     tcg_gen_and_tl(R, Rd, Rr); /* Rd = Rd and Rr */
581 
582     /* update status register */
583     tcg_gen_movi_tl(cpu_Vf, 0); /* Vf = 0 */
584     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
585     gen_ZNSf(R);
586 
587     /* update output registers */
588     tcg_gen_mov_tl(Rd, R);
589 
590     tcg_temp_free_i32(R);
591 
592     return true;
593 }
594 
595 /*
596  *  Performs the logical AND between the contents of register Rd and a constant
597  *  and places the result in the destination register Rd.
598  */
599 static bool trans_ANDI(DisasContext *ctx, arg_ANDI *a)
600 {
601     TCGv Rd = cpu_r[a->rd];
602     int Imm = (a->imm);
603 
604     tcg_gen_andi_tl(Rd, Rd, Imm); /* Rd = Rd & Imm */
605 
606     /* update status register */
607     tcg_gen_movi_tl(cpu_Vf, 0x00); /* Vf = 0 */
608     gen_ZNSf(Rd);
609 
610     return true;
611 }
612 
613 /*
614  *  Performs the logical OR between the contents of register Rd and register
615  *  Rr and places the result in the destination register Rd.
616  */
617 static bool trans_OR(DisasContext *ctx, arg_OR *a)
618 {
619     TCGv Rd = cpu_r[a->rd];
620     TCGv Rr = cpu_r[a->rr];
621     TCGv R = tcg_temp_new_i32();
622 
623     tcg_gen_or_tl(R, Rd, Rr);
624 
625     /* update status register */
626     tcg_gen_movi_tl(cpu_Vf, 0);
627     gen_ZNSf(R);
628 
629     /* update output registers */
630     tcg_gen_mov_tl(Rd, R);
631 
632     tcg_temp_free_i32(R);
633 
634     return true;
635 }
636 
637 /*
638  *  Performs the logical OR between the contents of register Rd and a
639  *  constant and places the result in the destination register Rd.
640  */
641 static bool trans_ORI(DisasContext *ctx, arg_ORI *a)
642 {
643     TCGv Rd = cpu_r[a->rd];
644     int Imm = (a->imm);
645 
646     tcg_gen_ori_tl(Rd, Rd, Imm); /* Rd = Rd | Imm */
647 
648     /* update status register */
649     tcg_gen_movi_tl(cpu_Vf, 0x00); /* Vf = 0 */
650     gen_ZNSf(Rd);
651 
652     return true;
653 }
654 
655 /*
656  *  Performs the logical EOR between the contents of register Rd and
657  *  register Rr and places the result in the destination register Rd.
658  */
659 static bool trans_EOR(DisasContext *ctx, arg_EOR *a)
660 {
661     TCGv Rd = cpu_r[a->rd];
662     TCGv Rr = cpu_r[a->rr];
663 
664     tcg_gen_xor_tl(Rd, Rd, Rr);
665 
666     /* update status register */
667     tcg_gen_movi_tl(cpu_Vf, 0);
668     gen_ZNSf(Rd);
669 
670     return true;
671 }
672 
673 /*
674  *  Clears the specified bits in register Rd. Performs the logical AND
675  *  between the contents of register Rd and the complement of the constant mask
676  *  K. The result will be placed in register Rd.
677  */
678 static bool trans_COM(DisasContext *ctx, arg_COM *a)
679 {
680     TCGv Rd = cpu_r[a->rd];
681     TCGv R = tcg_temp_new_i32();
682 
683     tcg_gen_xori_tl(Rd, Rd, 0xff);
684 
685     /* update status register */
686     tcg_gen_movi_tl(cpu_Cf, 1); /* Cf = 1 */
687     tcg_gen_movi_tl(cpu_Vf, 0); /* Vf = 0 */
688     gen_ZNSf(Rd);
689 
690     tcg_temp_free_i32(R);
691 
692     return true;
693 }
694 
695 /*
696  *  Replaces the contents of register Rd with its two's complement; the
697  *  value $80 is left unchanged.
698  */
699 static bool trans_NEG(DisasContext *ctx, arg_NEG *a)
700 {
701     TCGv Rd = cpu_r[a->rd];
702     TCGv t0 = tcg_const_i32(0);
703     TCGv R = tcg_temp_new_i32();
704 
705     tcg_gen_sub_tl(R, t0, Rd); /* R = 0 - Rd */
706     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
707 
708     /* update status register */
709     gen_sub_CHf(R, t0, Rd);
710     gen_sub_Vf(R, t0, Rd);
711     gen_ZNSf(R);
712 
713     /* update output registers */
714     tcg_gen_mov_tl(Rd, R);
715 
716     tcg_temp_free_i32(t0);
717     tcg_temp_free_i32(R);
718 
719     return true;
720 }
721 
722 /*
723  *  Adds one -1- to the contents of register Rd and places the result in the
724  *  destination register Rd.  The C Flag in SREG is not affected by the
725  *  operation, thus allowing the INC instruction to be used on a loop counter in
726  *  multiple-precision computations.  When operating on unsigned numbers, only
727  *  BREQ and BRNE branches can be expected to perform consistently. When
728  *  operating on two's complement values, all signed branches are available.
729  */
730 static bool trans_INC(DisasContext *ctx, arg_INC *a)
731 {
732     TCGv Rd = cpu_r[a->rd];
733 
734     tcg_gen_addi_tl(Rd, Rd, 1);
735     tcg_gen_andi_tl(Rd, Rd, 0xff);
736 
737     /* update status register */
738     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Vf, Rd, 0x80); /* Vf = Rd == 0x80 */
739     gen_ZNSf(Rd);
740 
741     return true;
742 }
743 
744 /*
745  *  Subtracts one -1- from the contents of register Rd and places the result
746  *  in the destination register Rd.  The C Flag in SREG is not affected by the
747  *  operation, thus allowing the DEC instruction to be used on a loop counter in
748  *  multiple-precision computations.  When operating on unsigned values, only
749  *  BREQ and BRNE branches can be expected to perform consistently.  When
750  *  operating on two's complement values, all signed branches are available.
751  */
752 static bool trans_DEC(DisasContext *ctx, arg_DEC *a)
753 {
754     TCGv Rd = cpu_r[a->rd];
755 
756     tcg_gen_subi_tl(Rd, Rd, 1); /* Rd = Rd - 1 */
757     tcg_gen_andi_tl(Rd, Rd, 0xff); /* make it 8 bits */
758 
759     /* update status register */
760     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Vf, Rd, 0x7f); /* Vf = Rd == 0x7f */
761     gen_ZNSf(Rd);
762 
763     return true;
764 }
765 
766 /*
767  *  This instruction performs 8-bit x 8-bit -> 16-bit unsigned multiplication.
768  */
769 static bool trans_MUL(DisasContext *ctx, arg_MUL *a)
770 {
771     if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) {
772         return true;
773     }
774 
775     TCGv R0 = cpu_r[0];
776     TCGv R1 = cpu_r[1];
777     TCGv Rd = cpu_r[a->rd];
778     TCGv Rr = cpu_r[a->rr];
779     TCGv R = tcg_temp_new_i32();
780 
781     tcg_gen_mul_tl(R, Rd, Rr); /* R = Rd * Rr */
782     tcg_gen_andi_tl(R0, R, 0xff);
783     tcg_gen_shri_tl(R1, R, 8);
784 
785     /* update status register */
786     tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */
787     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
788 
789     tcg_temp_free_i32(R);
790 
791     return true;
792 }
793 
794 /*
795  *  This instruction performs 8-bit x 8-bit -> 16-bit signed multiplication.
796  */
797 static bool trans_MULS(DisasContext *ctx, arg_MULS *a)
798 {
799     if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) {
800         return true;
801     }
802 
803     TCGv R0 = cpu_r[0];
804     TCGv R1 = cpu_r[1];
805     TCGv Rd = cpu_r[a->rd];
806     TCGv Rr = cpu_r[a->rr];
807     TCGv R = tcg_temp_new_i32();
808     TCGv t0 = tcg_temp_new_i32();
809     TCGv t1 = tcg_temp_new_i32();
810 
811     tcg_gen_ext8s_tl(t0, Rd); /* make Rd full 32 bit signed */
812     tcg_gen_ext8s_tl(t1, Rr); /* make Rr full 32 bit signed */
813     tcg_gen_mul_tl(R, t0, t1); /* R = Rd * Rr */
814     tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */
815     tcg_gen_andi_tl(R0, R, 0xff);
816     tcg_gen_shri_tl(R1, R, 8);
817 
818     /* update status register */
819     tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */
820     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
821 
822     tcg_temp_free_i32(t1);
823     tcg_temp_free_i32(t0);
824     tcg_temp_free_i32(R);
825 
826     return true;
827 }
828 
829 /*
830  *  This instruction performs 8-bit x 8-bit -> 16-bit multiplication of a
831  *  signed and an unsigned number.
832  */
833 static bool trans_MULSU(DisasContext *ctx, arg_MULSU *a)
834 {
835     if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) {
836         return true;
837     }
838 
839     TCGv R0 = cpu_r[0];
840     TCGv R1 = cpu_r[1];
841     TCGv Rd = cpu_r[a->rd];
842     TCGv Rr = cpu_r[a->rr];
843     TCGv R = tcg_temp_new_i32();
844     TCGv t0 = tcg_temp_new_i32();
845 
846     tcg_gen_ext8s_tl(t0, Rd); /* make Rd full 32 bit signed */
847     tcg_gen_mul_tl(R, t0, Rr); /* R = Rd * Rr */
848     tcg_gen_andi_tl(R, R, 0xffff); /* make R 16 bits */
849     tcg_gen_andi_tl(R0, R, 0xff);
850     tcg_gen_shri_tl(R1, R, 8);
851 
852     /* update status register */
853     tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */
854     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
855 
856     tcg_temp_free_i32(t0);
857     tcg_temp_free_i32(R);
858 
859     return true;
860 }
861 
862 /*
863  *  This instruction performs 8-bit x 8-bit -> 16-bit unsigned
864  *  multiplication and shifts the result one bit left.
865  */
866 static bool trans_FMUL(DisasContext *ctx, arg_FMUL *a)
867 {
868     if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) {
869         return true;
870     }
871 
872     TCGv R0 = cpu_r[0];
873     TCGv R1 = cpu_r[1];
874     TCGv Rd = cpu_r[a->rd];
875     TCGv Rr = cpu_r[a->rr];
876     TCGv R = tcg_temp_new_i32();
877 
878     tcg_gen_mul_tl(R, Rd, Rr); /* R = Rd * Rr */
879 
880     /* update status register */
881     tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */
882     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
883 
884     /* update output registers */
885     tcg_gen_shli_tl(R, R, 1);
886     tcg_gen_andi_tl(R0, R, 0xff);
887     tcg_gen_shri_tl(R1, R, 8);
888     tcg_gen_andi_tl(R1, R1, 0xff);
889 
890 
891     tcg_temp_free_i32(R);
892 
893     return true;
894 }
895 
896 /*
897  *  This instruction performs 8-bit x 8-bit -> 16-bit signed multiplication
898  *  and shifts the result one bit left.
899  */
900 static bool trans_FMULS(DisasContext *ctx, arg_FMULS *a)
901 {
902     if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) {
903         return true;
904     }
905 
906     TCGv R0 = cpu_r[0];
907     TCGv R1 = cpu_r[1];
908     TCGv Rd = cpu_r[a->rd];
909     TCGv Rr = cpu_r[a->rr];
910     TCGv R = tcg_temp_new_i32();
911     TCGv t0 = tcg_temp_new_i32();
912     TCGv t1 = tcg_temp_new_i32();
913 
914     tcg_gen_ext8s_tl(t0, Rd); /* make Rd full 32 bit signed */
915     tcg_gen_ext8s_tl(t1, Rr); /* make Rr full 32 bit signed */
916     tcg_gen_mul_tl(R, t0, t1); /* R = Rd * Rr */
917     tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */
918 
919     /* update status register */
920     tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */
921     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
922 
923     /* update output registers */
924     tcg_gen_shli_tl(R, R, 1);
925     tcg_gen_andi_tl(R0, R, 0xff);
926     tcg_gen_shri_tl(R1, R, 8);
927     tcg_gen_andi_tl(R1, R1, 0xff);
928 
929     tcg_temp_free_i32(t1);
930     tcg_temp_free_i32(t0);
931     tcg_temp_free_i32(R);
932 
933     return true;
934 }
935 
936 /*
937  *  This instruction performs 8-bit x 8-bit -> 16-bit signed multiplication
938  *  and shifts the result one bit left.
939  */
940 static bool trans_FMULSU(DisasContext *ctx, arg_FMULSU *a)
941 {
942     if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) {
943         return true;
944     }
945 
946     TCGv R0 = cpu_r[0];
947     TCGv R1 = cpu_r[1];
948     TCGv Rd = cpu_r[a->rd];
949     TCGv Rr = cpu_r[a->rr];
950     TCGv R = tcg_temp_new_i32();
951     TCGv t0 = tcg_temp_new_i32();
952 
953     tcg_gen_ext8s_tl(t0, Rd); /* make Rd full 32 bit signed */
954     tcg_gen_mul_tl(R, t0, Rr); /* R = Rd * Rr */
955     tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */
956 
957     /* update status register */
958     tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */
959     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
960 
961     /* update output registers */
962     tcg_gen_shli_tl(R, R, 1);
963     tcg_gen_andi_tl(R0, R, 0xff);
964     tcg_gen_shri_tl(R1, R, 8);
965     tcg_gen_andi_tl(R1, R1, 0xff);
966 
967     tcg_temp_free_i32(t0);
968     tcg_temp_free_i32(R);
969 
970     return true;
971 }
972 
973 /*
974  *  The module is an instruction set extension to the AVR CPU, performing
975  *  DES iterations. The 64-bit data block (plaintext or ciphertext) is placed in
976  *  the CPU register file, registers R0-R7, where LSB of data is placed in LSB
977  *  of R0 and MSB of data is placed in MSB of R7. The full 64-bit key (including
978  *  parity bits) is placed in registers R8- R15, organized in the register file
979  *  with LSB of key in LSB of R8 and MSB of key in MSB of R15. Executing one DES
980  *  instruction performs one round in the DES algorithm. Sixteen rounds must be
981  *  executed in increasing order to form the correct DES ciphertext or
982  *  plaintext. Intermediate results are stored in the register file (R0-R15)
983  *  after each DES instruction. The instruction's operand (K) determines which
984  *  round is executed, and the half carry flag (H) determines whether encryption
985  *  or decryption is performed.  The DES algorithm is described in
986  *  "Specifications for the Data Encryption Standard" (Federal Information
987  *  Processing Standards Publication 46). Intermediate results in this
988  *  implementation differ from the standard because the initial permutation and
989  *  the inverse initial permutation are performed each iteration. This does not
990  *  affect the result in the final ciphertext or plaintext, but reduces
991  *  execution time.
992  */
993 static bool trans_DES(DisasContext *ctx, arg_DES *a)
994 {
995     /* TODO */
996     if (!avr_have_feature(ctx, AVR_FEATURE_DES)) {
997         return true;
998     }
999 
1000     qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
1001 
1002     return true;
1003 }
1004 
1005 /*
1006  * Branch Instructions
1007  */
1008 static void gen_jmp_ez(DisasContext *ctx)
1009 {
1010     tcg_gen_deposit_tl(cpu_pc, cpu_r[30], cpu_r[31], 8, 8);
1011     tcg_gen_or_tl(cpu_pc, cpu_pc, cpu_eind);
1012     ctx->base.is_jmp = DISAS_LOOKUP;
1013 }
1014 
1015 static void gen_jmp_z(DisasContext *ctx)
1016 {
1017     tcg_gen_deposit_tl(cpu_pc, cpu_r[30], cpu_r[31], 8, 8);
1018     ctx->base.is_jmp = DISAS_LOOKUP;
1019 }
1020 
1021 static void gen_push_ret(DisasContext *ctx, int ret)
1022 {
1023     if (avr_feature(ctx->env, AVR_FEATURE_1_BYTE_PC)) {
1024 
1025         TCGv t0 = tcg_const_i32((ret & 0x0000ff));
1026 
1027         tcg_gen_qemu_st_tl(t0, cpu_sp, MMU_DATA_IDX, MO_UB);
1028         tcg_gen_subi_tl(cpu_sp, cpu_sp, 1);
1029 
1030         tcg_temp_free_i32(t0);
1031     } else if (avr_feature(ctx->env, AVR_FEATURE_2_BYTE_PC)) {
1032 
1033         TCGv t0 = tcg_const_i32((ret & 0x00ffff));
1034 
1035         tcg_gen_subi_tl(cpu_sp, cpu_sp, 1);
1036         tcg_gen_qemu_st_tl(t0, cpu_sp, MMU_DATA_IDX, MO_BEUW);
1037         tcg_gen_subi_tl(cpu_sp, cpu_sp, 1);
1038 
1039         tcg_temp_free_i32(t0);
1040 
1041     } else if (avr_feature(ctx->env, AVR_FEATURE_3_BYTE_PC)) {
1042 
1043         TCGv lo = tcg_const_i32((ret & 0x0000ff));
1044         TCGv hi = tcg_const_i32((ret & 0xffff00) >> 8);
1045 
1046         tcg_gen_qemu_st_tl(lo, cpu_sp, MMU_DATA_IDX, MO_UB);
1047         tcg_gen_subi_tl(cpu_sp, cpu_sp, 2);
1048         tcg_gen_qemu_st_tl(hi, cpu_sp, MMU_DATA_IDX, MO_BEUW);
1049         tcg_gen_subi_tl(cpu_sp, cpu_sp, 1);
1050 
1051         tcg_temp_free_i32(lo);
1052         tcg_temp_free_i32(hi);
1053     }
1054 }
1055 
1056 static void gen_pop_ret(DisasContext *ctx, TCGv ret)
1057 {
1058     if (avr_feature(ctx->env, AVR_FEATURE_1_BYTE_PC)) {
1059         tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
1060         tcg_gen_qemu_ld_tl(ret, cpu_sp, MMU_DATA_IDX, MO_UB);
1061     } else if (avr_feature(ctx->env, AVR_FEATURE_2_BYTE_PC)) {
1062         tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
1063         tcg_gen_qemu_ld_tl(ret, cpu_sp, MMU_DATA_IDX, MO_BEUW);
1064         tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
1065     } else if (avr_feature(ctx->env, AVR_FEATURE_3_BYTE_PC)) {
1066         TCGv lo = tcg_temp_new_i32();
1067         TCGv hi = tcg_temp_new_i32();
1068 
1069         tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
1070         tcg_gen_qemu_ld_tl(hi, cpu_sp, MMU_DATA_IDX, MO_BEUW);
1071 
1072         tcg_gen_addi_tl(cpu_sp, cpu_sp, 2);
1073         tcg_gen_qemu_ld_tl(lo, cpu_sp, MMU_DATA_IDX, MO_UB);
1074 
1075         tcg_gen_deposit_tl(ret, lo, hi, 8, 16);
1076 
1077         tcg_temp_free_i32(lo);
1078         tcg_temp_free_i32(hi);
1079     }
1080 }
1081 
1082 static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
1083 {
1084     const TranslationBlock *tb = ctx->base.tb;
1085 
1086     if (translator_use_goto_tb(&ctx->base, dest)) {
1087         tcg_gen_goto_tb(n);
1088         tcg_gen_movi_i32(cpu_pc, dest);
1089         tcg_gen_exit_tb(tb, n);
1090     } else {
1091         tcg_gen_movi_i32(cpu_pc, dest);
1092         if (ctx->base.singlestep_enabled) {
1093             gen_helper_debug(cpu_env);
1094         } else {
1095             tcg_gen_lookup_and_goto_ptr();
1096         }
1097     }
1098     ctx->base.is_jmp = DISAS_NORETURN;
1099 }
1100 
1101 /*
1102  *  Relative jump to an address within PC - 2K +1 and PC + 2K (words). For
1103  *  AVR microcontrollers with Program memory not exceeding 4K words (8KB) this
1104  *  instruction can address the entire memory from every address location. See
1105  *  also JMP.
1106  */
1107 static bool trans_RJMP(DisasContext *ctx, arg_RJMP *a)
1108 {
1109     int dst = ctx->npc + a->imm;
1110 
1111     gen_goto_tb(ctx, 0, dst);
1112 
1113     return true;
1114 }
1115 
1116 /*
1117  *  Indirect jump to the address pointed to by the Z (16 bits) Pointer
1118  *  Register in the Register File. The Z-pointer Register is 16 bits wide and
1119  *  allows jump within the lowest 64K words (128KB) section of Program memory.
1120  *  This instruction is not available in all devices. Refer to the device
1121  *  specific instruction set summary.
1122  */
1123 static bool trans_IJMP(DisasContext *ctx, arg_IJMP *a)
1124 {
1125     if (!avr_have_feature(ctx, AVR_FEATURE_IJMP_ICALL)) {
1126         return true;
1127     }
1128 
1129     gen_jmp_z(ctx);
1130 
1131     return true;
1132 }
1133 
1134 /*
1135  *  Indirect jump to the address pointed to by the Z (16 bits) Pointer
1136  *  Register in the Register File and the EIND Register in the I/O space. This
1137  *  instruction allows for indirect jumps to the entire 4M (words) Program
1138  *  memory space. See also IJMP.  This instruction is not available in all
1139  *  devices. Refer to the device specific instruction set summary.
1140  */
1141 static bool trans_EIJMP(DisasContext *ctx, arg_EIJMP *a)
1142 {
1143     if (!avr_have_feature(ctx, AVR_FEATURE_EIJMP_EICALL)) {
1144         return true;
1145     }
1146 
1147     gen_jmp_ez(ctx);
1148     return true;
1149 }
1150 
1151 /*
1152  *  Jump to an address within the entire 4M (words) Program memory. See also
1153  *  RJMP.  This instruction is not available in all devices. Refer to the device
1154  *  specific instruction set summary.0
1155  */
1156 static bool trans_JMP(DisasContext *ctx, arg_JMP *a)
1157 {
1158     if (!avr_have_feature(ctx, AVR_FEATURE_JMP_CALL)) {
1159         return true;
1160     }
1161 
1162     gen_goto_tb(ctx, 0, a->imm);
1163 
1164     return true;
1165 }
1166 
1167 /*
1168  *  Relative call to an address within PC - 2K + 1 and PC + 2K (words). The
1169  *  return address (the instruction after the RCALL) is stored onto the Stack.
1170  *  See also CALL. For AVR microcontrollers with Program memory not exceeding 4K
1171  *  words (8KB) this instruction can address the entire memory from every
1172  *  address location. The Stack Pointer uses a post-decrement scheme during
1173  *  RCALL.
1174  */
1175 static bool trans_RCALL(DisasContext *ctx, arg_RCALL *a)
1176 {
1177     int ret = ctx->npc;
1178     int dst = ctx->npc + a->imm;
1179 
1180     gen_push_ret(ctx, ret);
1181     gen_goto_tb(ctx, 0, dst);
1182 
1183     return true;
1184 }
1185 
1186 /*
1187  *  Calls to a subroutine within the entire 4M (words) Program memory. The
1188  *  return address (to the instruction after the CALL) will be stored onto the
1189  *  Stack. See also RCALL. The Stack Pointer uses a post-decrement scheme during
1190  *  CALL.  This instruction is not available in all devices. Refer to the device
1191  *  specific instruction set summary.
1192  */
1193 static bool trans_ICALL(DisasContext *ctx, arg_ICALL *a)
1194 {
1195     if (!avr_have_feature(ctx, AVR_FEATURE_IJMP_ICALL)) {
1196         return true;
1197     }
1198 
1199     int ret = ctx->npc;
1200 
1201     gen_push_ret(ctx, ret);
1202     gen_jmp_z(ctx);
1203 
1204     return true;
1205 }
1206 
1207 /*
1208  *  Indirect call of a subroutine pointed to by the Z (16 bits) Pointer
1209  *  Register in the Register File and the EIND Register in the I/O space. This
1210  *  instruction allows for indirect calls to the entire 4M (words) Program
1211  *  memory space. See also ICALL. The Stack Pointer uses a post-decrement scheme
1212  *  during EICALL.  This instruction is not available in all devices. Refer to
1213  *  the device specific instruction set summary.
1214  */
1215 static bool trans_EICALL(DisasContext *ctx, arg_EICALL *a)
1216 {
1217     if (!avr_have_feature(ctx, AVR_FEATURE_EIJMP_EICALL)) {
1218         return true;
1219     }
1220 
1221     int ret = ctx->npc;
1222 
1223     gen_push_ret(ctx, ret);
1224     gen_jmp_ez(ctx);
1225     return true;
1226 }
1227 
1228 /*
1229  *  Calls to a subroutine within the entire Program memory. The return
1230  *  address (to the instruction after the CALL) will be stored onto the Stack.
1231  *  (See also RCALL). The Stack Pointer uses a post-decrement scheme during
1232  *  CALL.  This instruction is not available in all devices. Refer to the device
1233  *  specific instruction set summary.
1234  */
1235 static bool trans_CALL(DisasContext *ctx, arg_CALL *a)
1236 {
1237     if (!avr_have_feature(ctx, AVR_FEATURE_JMP_CALL)) {
1238         return true;
1239     }
1240 
1241     int Imm = a->imm;
1242     int ret = ctx->npc;
1243 
1244     gen_push_ret(ctx, ret);
1245     gen_goto_tb(ctx, 0, Imm);
1246 
1247     return true;
1248 }
1249 
1250 /*
1251  *  Returns from subroutine. The return address is loaded from the STACK.
1252  *  The Stack Pointer uses a preincrement scheme during RET.
1253  */
1254 static bool trans_RET(DisasContext *ctx, arg_RET *a)
1255 {
1256     gen_pop_ret(ctx, cpu_pc);
1257 
1258     ctx->base.is_jmp = DISAS_LOOKUP;
1259     return true;
1260 }
1261 
1262 /*
1263  *  Returns from interrupt. The return address is loaded from the STACK and
1264  *  the Global Interrupt Flag is set.  Note that the Status Register is not
1265  *  automatically stored when entering an interrupt routine, and it is not
1266  *  restored when returning from an interrupt routine. This must be handled by
1267  *  the application program. The Stack Pointer uses a pre-increment scheme
1268  *  during RETI.
1269  */
1270 static bool trans_RETI(DisasContext *ctx, arg_RETI *a)
1271 {
1272     gen_pop_ret(ctx, cpu_pc);
1273     tcg_gen_movi_tl(cpu_If, 1);
1274 
1275     /* Need to return to main loop to re-evaluate interrupts.  */
1276     ctx->base.is_jmp = DISAS_EXIT;
1277     return true;
1278 }
1279 
1280 /*
1281  *  This instruction performs a compare between two registers Rd and Rr, and
1282  *  skips the next instruction if Rd = Rr.
1283  */
1284 static bool trans_CPSE(DisasContext *ctx, arg_CPSE *a)
1285 {
1286     ctx->skip_cond = TCG_COND_EQ;
1287     ctx->skip_var0 = cpu_r[a->rd];
1288     ctx->skip_var1 = cpu_r[a->rr];
1289     return true;
1290 }
1291 
1292 /*
1293  *  This instruction performs a compare between two registers Rd and Rr.
1294  *  None of the registers are changed. All conditional branches can be used
1295  *  after this instruction.
1296  */
1297 static bool trans_CP(DisasContext *ctx, arg_CP *a)
1298 {
1299     TCGv Rd = cpu_r[a->rd];
1300     TCGv Rr = cpu_r[a->rr];
1301     TCGv R = tcg_temp_new_i32();
1302 
1303     tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr */
1304     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
1305 
1306     /* update status register */
1307     gen_sub_CHf(R, Rd, Rr);
1308     gen_sub_Vf(R, Rd, Rr);
1309     gen_ZNSf(R);
1310 
1311     tcg_temp_free_i32(R);
1312 
1313     return true;
1314 }
1315 
1316 /*
1317  *  This instruction performs a compare between two registers Rd and Rr and
1318  *  also takes into account the previous carry. None of the registers are
1319  *  changed. All conditional branches can be used after this instruction.
1320  */
1321 static bool trans_CPC(DisasContext *ctx, arg_CPC *a)
1322 {
1323     TCGv Rd = cpu_r[a->rd];
1324     TCGv Rr = cpu_r[a->rr];
1325     TCGv R = tcg_temp_new_i32();
1326     TCGv zero = tcg_const_i32(0);
1327 
1328     tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr - Cf */
1329     tcg_gen_sub_tl(R, R, cpu_Cf);
1330     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
1331     /* update status register */
1332     gen_sub_CHf(R, Rd, Rr);
1333     gen_sub_Vf(R, Rd, Rr);
1334     gen_NSf(R);
1335 
1336     /*
1337      * Previous value remains unchanged when the result is zero;
1338      * cleared otherwise.
1339      */
1340     tcg_gen_movcond_tl(TCG_COND_EQ, cpu_Zf, R, zero, cpu_Zf, zero);
1341 
1342     tcg_temp_free_i32(zero);
1343     tcg_temp_free_i32(R);
1344 
1345     return true;
1346 }
1347 
1348 /*
1349  *  This instruction performs a compare between register Rd and a constant.
1350  *  The register is not changed. All conditional branches can be used after this
1351  *  instruction.
1352  */
1353 static bool trans_CPI(DisasContext *ctx, arg_CPI *a)
1354 {
1355     TCGv Rd = cpu_r[a->rd];
1356     int Imm = a->imm;
1357     TCGv Rr = tcg_const_i32(Imm);
1358     TCGv R = tcg_temp_new_i32();
1359 
1360     tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr */
1361     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
1362 
1363     /* update status register */
1364     gen_sub_CHf(R, Rd, Rr);
1365     gen_sub_Vf(R, Rd, Rr);
1366     gen_ZNSf(R);
1367 
1368     tcg_temp_free_i32(R);
1369     tcg_temp_free_i32(Rr);
1370 
1371     return true;
1372 }
1373 
1374 /*
1375  *  This instruction tests a single bit in a register and skips the next
1376  *  instruction if the bit is cleared.
1377  */
1378 static bool trans_SBRC(DisasContext *ctx, arg_SBRC *a)
1379 {
1380     TCGv Rr = cpu_r[a->rr];
1381 
1382     ctx->skip_cond = TCG_COND_EQ;
1383     ctx->skip_var0 = tcg_temp_new();
1384     ctx->free_skip_var0 = true;
1385 
1386     tcg_gen_andi_tl(ctx->skip_var0, Rr, 1 << a->bit);
1387     return true;
1388 }
1389 
1390 /*
1391  *  This instruction tests a single bit in a register and skips the next
1392  *  instruction if the bit is set.
1393  */
1394 static bool trans_SBRS(DisasContext *ctx, arg_SBRS *a)
1395 {
1396     TCGv Rr = cpu_r[a->rr];
1397 
1398     ctx->skip_cond = TCG_COND_NE;
1399     ctx->skip_var0 = tcg_temp_new();
1400     ctx->free_skip_var0 = true;
1401 
1402     tcg_gen_andi_tl(ctx->skip_var0, Rr, 1 << a->bit);
1403     return true;
1404 }
1405 
1406 /*
1407  *  This instruction tests a single bit in an I/O Register and skips the
1408  *  next instruction if the bit is cleared. This instruction operates on the
1409  *  lower 32 I/O Registers -- addresses 0-31.
1410  */
1411 static bool trans_SBIC(DisasContext *ctx, arg_SBIC *a)
1412 {
1413     TCGv temp = tcg_const_i32(a->reg);
1414 
1415     gen_helper_inb(temp, cpu_env, temp);
1416     tcg_gen_andi_tl(temp, temp, 1 << a->bit);
1417     ctx->skip_cond = TCG_COND_EQ;
1418     ctx->skip_var0 = temp;
1419     ctx->free_skip_var0 = true;
1420 
1421     return true;
1422 }
1423 
1424 /*
1425  *  This instruction tests a single bit in an I/O Register and skips the
1426  *  next instruction if the bit is set. This instruction operates on the lower
1427  *  32 I/O Registers -- addresses 0-31.
1428  */
1429 static bool trans_SBIS(DisasContext *ctx, arg_SBIS *a)
1430 {
1431     TCGv temp = tcg_const_i32(a->reg);
1432 
1433     gen_helper_inb(temp, cpu_env, temp);
1434     tcg_gen_andi_tl(temp, temp, 1 << a->bit);
1435     ctx->skip_cond = TCG_COND_NE;
1436     ctx->skip_var0 = temp;
1437     ctx->free_skip_var0 = true;
1438 
1439     return true;
1440 }
1441 
1442 /*
1443  *  Conditional relative branch. Tests a single bit in SREG and branches
1444  *  relatively to PC if the bit is cleared. This instruction branches relatively
1445  *  to PC in either direction (PC - 63 < = destination <= PC + 64). The
1446  *  parameter k is the offset from PC and is represented in two's complement
1447  *  form.
1448  */
1449 static bool trans_BRBC(DisasContext *ctx, arg_BRBC *a)
1450 {
1451     TCGLabel *not_taken = gen_new_label();
1452 
1453     TCGv var;
1454 
1455     switch (a->bit) {
1456     case 0x00:
1457         var = cpu_Cf;
1458         break;
1459     case 0x01:
1460         var = cpu_Zf;
1461         break;
1462     case 0x02:
1463         var = cpu_Nf;
1464         break;
1465     case 0x03:
1466         var = cpu_Vf;
1467         break;
1468     case 0x04:
1469         var = cpu_Sf;
1470         break;
1471     case 0x05:
1472         var = cpu_Hf;
1473         break;
1474     case 0x06:
1475         var = cpu_Tf;
1476         break;
1477     case 0x07:
1478         var = cpu_If;
1479         break;
1480     default:
1481         g_assert_not_reached();
1482     }
1483 
1484     tcg_gen_brcondi_i32(TCG_COND_NE, var, 0, not_taken);
1485     gen_goto_tb(ctx, 0, ctx->npc + a->imm);
1486     gen_set_label(not_taken);
1487 
1488     ctx->base.is_jmp = DISAS_CHAIN;
1489     return true;
1490 }
1491 
1492 /*
1493  *  Conditional relative branch. Tests a single bit in SREG and branches
1494  *  relatively to PC if the bit is set. This instruction branches relatively to
1495  *  PC in either direction (PC - 63 < = destination <= PC + 64). The parameter k
1496  *  is the offset from PC and is represented in two's complement form.
1497  */
1498 static bool trans_BRBS(DisasContext *ctx, arg_BRBS *a)
1499 {
1500     TCGLabel *not_taken = gen_new_label();
1501 
1502     TCGv var;
1503 
1504     switch (a->bit) {
1505     case 0x00:
1506         var = cpu_Cf;
1507         break;
1508     case 0x01:
1509         var = cpu_Zf;
1510         break;
1511     case 0x02:
1512         var = cpu_Nf;
1513         break;
1514     case 0x03:
1515         var = cpu_Vf;
1516         break;
1517     case 0x04:
1518         var = cpu_Sf;
1519         break;
1520     case 0x05:
1521         var = cpu_Hf;
1522         break;
1523     case 0x06:
1524         var = cpu_Tf;
1525         break;
1526     case 0x07:
1527         var = cpu_If;
1528         break;
1529     default:
1530         g_assert_not_reached();
1531     }
1532 
1533     tcg_gen_brcondi_i32(TCG_COND_EQ, var, 0, not_taken);
1534     gen_goto_tb(ctx, 0, ctx->npc + a->imm);
1535     gen_set_label(not_taken);
1536 
1537     ctx->base.is_jmp = DISAS_CHAIN;
1538     return true;
1539 }
1540 
1541 /*
1542  * Data Transfer Instructions
1543  */
1544 
1545 /*
1546  *  in the gen_set_addr & gen_get_addr functions
1547  *  H assumed to be in 0x00ff0000 format
1548  *  M assumed to be in 0x000000ff format
1549  *  L assumed to be in 0x000000ff format
1550  */
1551 static void gen_set_addr(TCGv addr, TCGv H, TCGv M, TCGv L)
1552 {
1553 
1554     tcg_gen_andi_tl(L, addr, 0x000000ff);
1555 
1556     tcg_gen_andi_tl(M, addr, 0x0000ff00);
1557     tcg_gen_shri_tl(M, M, 8);
1558 
1559     tcg_gen_andi_tl(H, addr, 0x00ff0000);
1560 }
1561 
1562 static void gen_set_xaddr(TCGv addr)
1563 {
1564     gen_set_addr(addr, cpu_rampX, cpu_r[27], cpu_r[26]);
1565 }
1566 
1567 static void gen_set_yaddr(TCGv addr)
1568 {
1569     gen_set_addr(addr, cpu_rampY, cpu_r[29], cpu_r[28]);
1570 }
1571 
1572 static void gen_set_zaddr(TCGv addr)
1573 {
1574     gen_set_addr(addr, cpu_rampZ, cpu_r[31], cpu_r[30]);
1575 }
1576 
1577 static TCGv gen_get_addr(TCGv H, TCGv M, TCGv L)
1578 {
1579     TCGv addr = tcg_temp_new_i32();
1580 
1581     tcg_gen_deposit_tl(addr, M, H, 8, 8);
1582     tcg_gen_deposit_tl(addr, L, addr, 8, 16);
1583 
1584     return addr;
1585 }
1586 
1587 static TCGv gen_get_xaddr(void)
1588 {
1589     return gen_get_addr(cpu_rampX, cpu_r[27], cpu_r[26]);
1590 }
1591 
1592 static TCGv gen_get_yaddr(void)
1593 {
1594     return gen_get_addr(cpu_rampY, cpu_r[29], cpu_r[28]);
1595 }
1596 
1597 static TCGv gen_get_zaddr(void)
1598 {
1599     return gen_get_addr(cpu_rampZ, cpu_r[31], cpu_r[30]);
1600 }
1601 
1602 /*
1603  *  Load one byte indirect from data space to register and stores an clear
1604  *  the bits in data space specified by the register. The instruction can only
1605  *  be used towards internal SRAM.  The data location is pointed to by the Z (16
1606  *  bits) Pointer Register in the Register File. Memory access is limited to the
1607  *  current data segment of 64KB. To access another data segment in devices with
1608  *  more than 64KB data space, the RAMPZ in register in the I/O area has to be
1609  *  changed.  The Z-pointer Register is left unchanged by the operation. This
1610  *  instruction is especially suited for clearing status bits stored in SRAM.
1611  */
1612 static void gen_data_store(DisasContext *ctx, TCGv data, TCGv addr)
1613 {
1614     if (ctx->base.tb->flags & TB_FLAGS_FULL_ACCESS) {
1615         gen_helper_fullwr(cpu_env, data, addr);
1616     } else {
1617         tcg_gen_qemu_st8(data, addr, MMU_DATA_IDX); /* mem[addr] = data */
1618     }
1619 }
1620 
1621 static void gen_data_load(DisasContext *ctx, TCGv data, TCGv addr)
1622 {
1623     if (ctx->base.tb->flags & TB_FLAGS_FULL_ACCESS) {
1624         gen_helper_fullrd(data, cpu_env, addr);
1625     } else {
1626         tcg_gen_qemu_ld8u(data, addr, MMU_DATA_IDX); /* data = mem[addr] */
1627     }
1628 }
1629 
1630 /*
1631  *  This instruction makes a copy of one register into another. The source
1632  *  register Rr is left unchanged, while the destination register Rd is loaded
1633  *  with a copy of Rr.
1634  */
1635 static bool trans_MOV(DisasContext *ctx, arg_MOV *a)
1636 {
1637     TCGv Rd = cpu_r[a->rd];
1638     TCGv Rr = cpu_r[a->rr];
1639 
1640     tcg_gen_mov_tl(Rd, Rr);
1641 
1642     return true;
1643 }
1644 
1645 /*
1646  *  This instruction makes a copy of one register pair into another register
1647  *  pair. The source register pair Rr+1:Rr is left unchanged, while the
1648  *  destination register pair Rd+1:Rd is loaded with a copy of Rr + 1:Rr.  This
1649  *  instruction is not available in all devices. Refer to the device specific
1650  *  instruction set summary.
1651  */
1652 static bool trans_MOVW(DisasContext *ctx, arg_MOVW *a)
1653 {
1654     if (!avr_have_feature(ctx, AVR_FEATURE_MOVW)) {
1655         return true;
1656     }
1657 
1658     TCGv RdL = cpu_r[a->rd];
1659     TCGv RdH = cpu_r[a->rd + 1];
1660     TCGv RrL = cpu_r[a->rr];
1661     TCGv RrH = cpu_r[a->rr + 1];
1662 
1663     tcg_gen_mov_tl(RdH, RrH);
1664     tcg_gen_mov_tl(RdL, RrL);
1665 
1666     return true;
1667 }
1668 
1669 /*
1670  * Loads an 8 bit constant directly to register 16 to 31.
1671  */
1672 static bool trans_LDI(DisasContext *ctx, arg_LDI *a)
1673 {
1674     TCGv Rd = cpu_r[a->rd];
1675     int imm = a->imm;
1676 
1677     tcg_gen_movi_tl(Rd, imm);
1678 
1679     return true;
1680 }
1681 
1682 /*
1683  *  Loads one byte from the data space to a register. For parts with SRAM,
1684  *  the data space consists of the Register File, I/O memory and internal SRAM
1685  *  (and external SRAM if applicable). For parts without SRAM, the data space
1686  *  consists of the register file only. The EEPROM has a separate address space.
1687  *  A 16-bit address must be supplied. Memory access is limited to the current
1688  *  data segment of 64KB. The LDS instruction uses the RAMPD Register to access
1689  *  memory above 64KB. To access another data segment in devices with more than
1690  *  64KB data space, the RAMPD in register in the I/O area has to be changed.
1691  *  This instruction is not available in all devices. Refer to the device
1692  *  specific instruction set summary.
1693  */
1694 static bool trans_LDS(DisasContext *ctx, arg_LDS *a)
1695 {
1696     TCGv Rd = cpu_r[a->rd];
1697     TCGv addr = tcg_temp_new_i32();
1698     TCGv H = cpu_rampD;
1699     a->imm = next_word(ctx);
1700 
1701     tcg_gen_mov_tl(addr, H); /* addr = H:M:L */
1702     tcg_gen_shli_tl(addr, addr, 16);
1703     tcg_gen_ori_tl(addr, addr, a->imm);
1704 
1705     gen_data_load(ctx, Rd, addr);
1706 
1707     tcg_temp_free_i32(addr);
1708 
1709     return true;
1710 }
1711 
1712 /*
1713  *  Loads one byte indirect from the data space to a register. For parts
1714  *  with SRAM, the data space consists of the Register File, I/O memory and
1715  *  internal SRAM (and external SRAM if applicable). For parts without SRAM, the
1716  *  data space consists of the Register File only. In some parts the Flash
1717  *  Memory has been mapped to the data space and can be read using this command.
1718  *  The EEPROM has a separate address space.  The data location is pointed to by
1719  *  the X (16 bits) Pointer Register in the Register File. Memory access is
1720  *  limited to the current data segment of 64KB. To access another data segment
1721  *  in devices with more than 64KB data space, the RAMPX in register in the I/O
1722  *  area has to be changed.  The X-pointer Register can either be left unchanged
1723  *  by the operation, or it can be post-incremented or predecremented.  These
1724  *  features are especially suited for accessing arrays, tables, and Stack
1725  *  Pointer usage of the X-pointer Register. Note that only the low byte of the
1726  *  X-pointer is updated in devices with no more than 256 bytes data space. For
1727  *  such devices, the high byte of the pointer is not used by this instruction
1728  *  and can be used for other purposes. The RAMPX Register in the I/O area is
1729  *  updated in parts with more than 64KB data space or more than 64KB Program
1730  *  memory, and the increment/decrement is added to the entire 24-bit address on
1731  *  such devices.  Not all variants of this instruction is available in all
1732  *  devices. Refer to the device specific instruction set summary.  In the
1733  *  Reduced Core tinyAVR the LD instruction can be used to achieve the same
1734  *  operation as LPM since the program memory is mapped to the data memory
1735  *  space.
1736  */
1737 static bool trans_LDX1(DisasContext *ctx, arg_LDX1 *a)
1738 {
1739     TCGv Rd = cpu_r[a->rd];
1740     TCGv addr = gen_get_xaddr();
1741 
1742     gen_data_load(ctx, Rd, addr);
1743 
1744     tcg_temp_free_i32(addr);
1745 
1746     return true;
1747 }
1748 
1749 static bool trans_LDX2(DisasContext *ctx, arg_LDX2 *a)
1750 {
1751     TCGv Rd = cpu_r[a->rd];
1752     TCGv addr = gen_get_xaddr();
1753 
1754     gen_data_load(ctx, Rd, addr);
1755     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
1756 
1757     gen_set_xaddr(addr);
1758 
1759     tcg_temp_free_i32(addr);
1760 
1761     return true;
1762 }
1763 
1764 static bool trans_LDX3(DisasContext *ctx, arg_LDX3 *a)
1765 {
1766     TCGv Rd = cpu_r[a->rd];
1767     TCGv addr = gen_get_xaddr();
1768 
1769     tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */
1770     gen_data_load(ctx, Rd, addr);
1771     gen_set_xaddr(addr);
1772 
1773     tcg_temp_free_i32(addr);
1774 
1775     return true;
1776 }
1777 
1778 /*
1779  *  Loads one byte indirect with or without displacement from the data space
1780  *  to a register. For parts with SRAM, the data space consists of the Register
1781  *  File, I/O memory and internal SRAM (and external SRAM if applicable). For
1782  *  parts without SRAM, the data space consists of the Register File only. In
1783  *  some parts the Flash Memory has been mapped to the data space and can be
1784  *  read using this command. The EEPROM has a separate address space.  The data
1785  *  location is pointed to by the Y (16 bits) Pointer Register in the Register
1786  *  File. Memory access is limited to the current data segment of 64KB. To
1787  *  access another data segment in devices with more than 64KB data space, the
1788  *  RAMPY in register in the I/O area has to be changed.  The Y-pointer Register
1789  *  can either be left unchanged by the operation, or it can be post-incremented
1790  *  or predecremented.  These features are especially suited for accessing
1791  *  arrays, tables, and Stack Pointer usage of the Y-pointer Register. Note that
1792  *  only the low byte of the Y-pointer is updated in devices with no more than
1793  *  256 bytes data space. For such devices, the high byte of the pointer is not
1794  *  used by this instruction and can be used for other purposes. The RAMPY
1795  *  Register in the I/O area is updated in parts with more than 64KB data space
1796  *  or more than 64KB Program memory, and the increment/decrement/displacement
1797  *  is added to the entire 24-bit address on such devices.  Not all variants of
1798  *  this instruction is available in all devices. Refer to the device specific
1799  *  instruction set summary.  In the Reduced Core tinyAVR the LD instruction can
1800  *  be used to achieve the same operation as LPM since the program memory is
1801  *  mapped to the data memory space.
1802  */
1803 static bool trans_LDY2(DisasContext *ctx, arg_LDY2 *a)
1804 {
1805     TCGv Rd = cpu_r[a->rd];
1806     TCGv addr = gen_get_yaddr();
1807 
1808     gen_data_load(ctx, Rd, addr);
1809     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
1810 
1811     gen_set_yaddr(addr);
1812 
1813     tcg_temp_free_i32(addr);
1814 
1815     return true;
1816 }
1817 
1818 static bool trans_LDY3(DisasContext *ctx, arg_LDY3 *a)
1819 {
1820     TCGv Rd = cpu_r[a->rd];
1821     TCGv addr = gen_get_yaddr();
1822 
1823     tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */
1824     gen_data_load(ctx, Rd, addr);
1825     gen_set_yaddr(addr);
1826 
1827     tcg_temp_free_i32(addr);
1828 
1829     return true;
1830 }
1831 
1832 static bool trans_LDDY(DisasContext *ctx, arg_LDDY *a)
1833 {
1834     TCGv Rd = cpu_r[a->rd];
1835     TCGv addr = gen_get_yaddr();
1836 
1837     tcg_gen_addi_tl(addr, addr, a->imm); /* addr = addr + q */
1838     gen_data_load(ctx, Rd, addr);
1839 
1840     tcg_temp_free_i32(addr);
1841 
1842     return true;
1843 }
1844 
1845 /*
1846  *  Loads one byte indirect with or without displacement from the data space
1847  *  to a register. For parts with SRAM, the data space consists of the Register
1848  *  File, I/O memory and internal SRAM (and external SRAM if applicable). For
1849  *  parts without SRAM, the data space consists of the Register File only. In
1850  *  some parts the Flash Memory has been mapped to the data space and can be
1851  *  read using this command. The EEPROM has a separate address space.  The data
1852  *  location is pointed to by the Z (16 bits) Pointer Register in the Register
1853  *  File. Memory access is limited to the current data segment of 64KB. To
1854  *  access another data segment in devices with more than 64KB data space, the
1855  *  RAMPZ in register in the I/O area has to be changed.  The Z-pointer Register
1856  *  can either be left unchanged by the operation, or it can be post-incremented
1857  *  or predecremented.  These features are especially suited for Stack Pointer
1858  *  usage of the Z-pointer Register, however because the Z-pointer Register can
1859  *  be used for indirect subroutine calls, indirect jumps and table lookup, it
1860  *  is often more convenient to use the X or Y-pointer as a dedicated Stack
1861  *  Pointer. Note that only the low byte of the Z-pointer is updated in devices
1862  *  with no more than 256 bytes data space. For such devices, the high byte of
1863  *  the pointer is not used by this instruction and can be used for other
1864  *  purposes. The RAMPZ Register in the I/O area is updated in parts with more
1865  *  than 64KB data space or more than 64KB Program memory, and the
1866  *  increment/decrement/displacement is added to the entire 24-bit address on
1867  *  such devices.  Not all variants of this instruction is available in all
1868  *  devices. Refer to the device specific instruction set summary.  In the
1869  *  Reduced Core tinyAVR the LD instruction can be used to achieve the same
1870  *  operation as LPM since the program memory is mapped to the data memory
1871  *  space.  For using the Z-pointer for table lookup in Program memory see the
1872  *  LPM and ELPM instructions.
1873  */
1874 static bool trans_LDZ2(DisasContext *ctx, arg_LDZ2 *a)
1875 {
1876     TCGv Rd = cpu_r[a->rd];
1877     TCGv addr = gen_get_zaddr();
1878 
1879     gen_data_load(ctx, Rd, addr);
1880     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
1881 
1882     gen_set_zaddr(addr);
1883 
1884     tcg_temp_free_i32(addr);
1885 
1886     return true;
1887 }
1888 
1889 static bool trans_LDZ3(DisasContext *ctx, arg_LDZ3 *a)
1890 {
1891     TCGv Rd = cpu_r[a->rd];
1892     TCGv addr = gen_get_zaddr();
1893 
1894     tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */
1895     gen_data_load(ctx, Rd, addr);
1896 
1897     gen_set_zaddr(addr);
1898 
1899     tcg_temp_free_i32(addr);
1900 
1901     return true;
1902 }
1903 
1904 static bool trans_LDDZ(DisasContext *ctx, arg_LDDZ *a)
1905 {
1906     TCGv Rd = cpu_r[a->rd];
1907     TCGv addr = gen_get_zaddr();
1908 
1909     tcg_gen_addi_tl(addr, addr, a->imm); /* addr = addr + q */
1910     gen_data_load(ctx, Rd, addr);
1911 
1912     tcg_temp_free_i32(addr);
1913 
1914     return true;
1915 }
1916 
1917 /*
1918  *  Stores one byte from a Register to the data space. For parts with SRAM,
1919  *  the data space consists of the Register File, I/O memory and internal SRAM
1920  *  (and external SRAM if applicable). For parts without SRAM, the data space
1921  *  consists of the Register File only. The EEPROM has a separate address space.
1922  *  A 16-bit address must be supplied. Memory access is limited to the current
1923  *  data segment of 64KB. The STS instruction uses the RAMPD Register to access
1924  *  memory above 64KB. To access another data segment in devices with more than
1925  *  64KB data space, the RAMPD in register in the I/O area has to be changed.
1926  *  This instruction is not available in all devices. Refer to the device
1927  *  specific instruction set summary.
1928  */
1929 static bool trans_STS(DisasContext *ctx, arg_STS *a)
1930 {
1931     TCGv Rd = cpu_r[a->rd];
1932     TCGv addr = tcg_temp_new_i32();
1933     TCGv H = cpu_rampD;
1934     a->imm = next_word(ctx);
1935 
1936     tcg_gen_mov_tl(addr, H); /* addr = H:M:L */
1937     tcg_gen_shli_tl(addr, addr, 16);
1938     tcg_gen_ori_tl(addr, addr, a->imm);
1939     gen_data_store(ctx, Rd, addr);
1940 
1941     tcg_temp_free_i32(addr);
1942 
1943     return true;
1944 }
1945 
1946 /*
1947  * Stores one byte indirect from a register to data space. For parts with SRAM,
1948  * the data space consists of the Register File, I/O memory, and internal SRAM
1949  * (and external SRAM if applicable). For parts without SRAM, the data space
1950  * consists of the Register File only. The EEPROM has a separate address space.
1951  *
1952  * The data location is pointed to by the X (16 bits) Pointer Register in the
1953  * Register File. Memory access is limited to the current data segment of 64KB.
1954  * To access another data segment in devices with more than 64KB data space, the
1955  * RAMPX in register in the I/O area has to be changed.
1956  *
1957  * The X-pointer Register can either be left unchanged by the operation, or it
1958  * can be post-incremented or pre-decremented. These features are especially
1959  * suited for accessing arrays, tables, and Stack Pointer usage of the
1960  * X-pointer Register. Note that only the low byte of the X-pointer is updated
1961  * in devices with no more than 256 bytes data space. For such devices, the high
1962  * byte of the pointer is not used by this instruction and can be used for other
1963  * purposes. The RAMPX Register in the I/O area is updated in parts with more
1964  * than 64KB data space or more than 64KB Program memory, and the increment /
1965  * decrement is added to the entire 24-bit address on such devices.
1966  */
1967 static bool trans_STX1(DisasContext *ctx, arg_STX1 *a)
1968 {
1969     TCGv Rd = cpu_r[a->rr];
1970     TCGv addr = gen_get_xaddr();
1971 
1972     gen_data_store(ctx, Rd, addr);
1973 
1974     tcg_temp_free_i32(addr);
1975 
1976     return true;
1977 }
1978 
1979 static bool trans_STX2(DisasContext *ctx, arg_STX2 *a)
1980 {
1981     TCGv Rd = cpu_r[a->rr];
1982     TCGv addr = gen_get_xaddr();
1983 
1984     gen_data_store(ctx, Rd, addr);
1985     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
1986     gen_set_xaddr(addr);
1987 
1988     tcg_temp_free_i32(addr);
1989 
1990     return true;
1991 }
1992 
1993 static bool trans_STX3(DisasContext *ctx, arg_STX3 *a)
1994 {
1995     TCGv Rd = cpu_r[a->rr];
1996     TCGv addr = gen_get_xaddr();
1997 
1998     tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */
1999     gen_data_store(ctx, Rd, addr);
2000     gen_set_xaddr(addr);
2001 
2002     tcg_temp_free_i32(addr);
2003 
2004     return true;
2005 }
2006 
2007 /*
2008  * Stores one byte indirect with or without displacement from a register to data
2009  * space. For parts with SRAM, the data space consists of the Register File, I/O
2010  * memory, and internal SRAM (and external SRAM if applicable). For parts
2011  * without SRAM, the data space consists of the Register File only. The EEPROM
2012  * has a separate address space.
2013  *
2014  * The data location is pointed to by the Y (16 bits) Pointer Register in the
2015  * Register File. Memory access is limited to the current data segment of 64KB.
2016  * To access another data segment in devices with more than 64KB data space, the
2017  * RAMPY in register in the I/O area has to be changed.
2018  *
2019  * The Y-pointer Register can either be left unchanged by the operation, or it
2020  * can be post-incremented or pre-decremented. These features are especially
2021  * suited for accessing arrays, tables, and Stack Pointer usage of the Y-pointer
2022  * Register. Note that only the low byte of the Y-pointer is updated in devices
2023  * with no more than 256 bytes data space. For such devices, the high byte of
2024  * the pointer is not used by this instruction and can be used for other
2025  * purposes. The RAMPY Register in the I/O area is updated in parts with more
2026  * than 64KB data space or more than 64KB Program memory, and the increment /
2027  * decrement / displacement is added to the entire 24-bit address on such
2028  * devices.
2029  */
2030 static bool trans_STY2(DisasContext *ctx, arg_STY2 *a)
2031 {
2032     TCGv Rd = cpu_r[a->rd];
2033     TCGv addr = gen_get_yaddr();
2034 
2035     gen_data_store(ctx, Rd, addr);
2036     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
2037     gen_set_yaddr(addr);
2038 
2039     tcg_temp_free_i32(addr);
2040 
2041     return true;
2042 }
2043 
2044 static bool trans_STY3(DisasContext *ctx, arg_STY3 *a)
2045 {
2046     TCGv Rd = cpu_r[a->rd];
2047     TCGv addr = gen_get_yaddr();
2048 
2049     tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */
2050     gen_data_store(ctx, Rd, addr);
2051     gen_set_yaddr(addr);
2052 
2053     tcg_temp_free_i32(addr);
2054 
2055     return true;
2056 }
2057 
2058 static bool trans_STDY(DisasContext *ctx, arg_STDY *a)
2059 {
2060     TCGv Rd = cpu_r[a->rd];
2061     TCGv addr = gen_get_yaddr();
2062 
2063     tcg_gen_addi_tl(addr, addr, a->imm); /* addr = addr + q */
2064     gen_data_store(ctx, Rd, addr);
2065 
2066     tcg_temp_free_i32(addr);
2067 
2068     return true;
2069 }
2070 
2071 /*
2072  * Stores one byte indirect with or without displacement from a register to data
2073  * space. For parts with SRAM, the data space consists of the Register File, I/O
2074  * memory, and internal SRAM (and external SRAM if applicable). For parts
2075  * without SRAM, the data space consists of the Register File only. The EEPROM
2076  * has a separate address space.
2077  *
2078  * The data location is pointed to by the Y (16 bits) Pointer Register in the
2079  * Register File. Memory access is limited to the current data segment of 64KB.
2080  * To access another data segment in devices with more than 64KB data space, the
2081  * RAMPY in register in the I/O area has to be changed.
2082  *
2083  * The Y-pointer Register can either be left unchanged by the operation, or it
2084  * can be post-incremented or pre-decremented. These features are especially
2085  * suited for accessing arrays, tables, and Stack Pointer usage of the Y-pointer
2086  * Register. Note that only the low byte of the Y-pointer is updated in devices
2087  * with no more than 256 bytes data space. For such devices, the high byte of
2088  * the pointer is not used by this instruction and can be used for other
2089  * purposes. The RAMPY Register in the I/O area is updated in parts with more
2090  * than 64KB data space or more than 64KB Program memory, and the increment /
2091  * decrement / displacement is added to the entire 24-bit address on such
2092  * devices.
2093  */
2094 static bool trans_STZ2(DisasContext *ctx, arg_STZ2 *a)
2095 {
2096     TCGv Rd = cpu_r[a->rd];
2097     TCGv addr = gen_get_zaddr();
2098 
2099     gen_data_store(ctx, Rd, addr);
2100     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
2101 
2102     gen_set_zaddr(addr);
2103 
2104     tcg_temp_free_i32(addr);
2105 
2106     return true;
2107 }
2108 
2109 static bool trans_STZ3(DisasContext *ctx, arg_STZ3 *a)
2110 {
2111     TCGv Rd = cpu_r[a->rd];
2112     TCGv addr = gen_get_zaddr();
2113 
2114     tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */
2115     gen_data_store(ctx, Rd, addr);
2116 
2117     gen_set_zaddr(addr);
2118 
2119     tcg_temp_free_i32(addr);
2120 
2121     return true;
2122 }
2123 
2124 static bool trans_STDZ(DisasContext *ctx, arg_STDZ *a)
2125 {
2126     TCGv Rd = cpu_r[a->rd];
2127     TCGv addr = gen_get_zaddr();
2128 
2129     tcg_gen_addi_tl(addr, addr, a->imm); /* addr = addr + q */
2130     gen_data_store(ctx, Rd, addr);
2131 
2132     tcg_temp_free_i32(addr);
2133 
2134     return true;
2135 }
2136 
2137 /*
2138  *  Loads one byte pointed to by the Z-register into the destination
2139  *  register Rd. This instruction features a 100% space effective constant
2140  *  initialization or constant data fetch. The Program memory is organized in
2141  *  16-bit words while the Z-pointer is a byte address. Thus, the least
2142  *  significant bit of the Z-pointer selects either low byte (ZLSB = 0) or high
2143  *  byte (ZLSB = 1). This instruction can address the first 64KB (32K words) of
2144  *  Program memory. The Zpointer Register can either be left unchanged by the
2145  *  operation, or it can be incremented. The incrementation does not apply to
2146  *  the RAMPZ Register.
2147  *
2148  *  Devices with Self-Programming capability can use the LPM instruction to read
2149  *  the Fuse and Lock bit values.
2150  */
2151 static bool trans_LPM1(DisasContext *ctx, arg_LPM1 *a)
2152 {
2153     if (!avr_have_feature(ctx, AVR_FEATURE_LPM)) {
2154         return true;
2155     }
2156 
2157     TCGv Rd = cpu_r[0];
2158     TCGv addr = tcg_temp_new_i32();
2159     TCGv H = cpu_r[31];
2160     TCGv L = cpu_r[30];
2161 
2162     tcg_gen_shli_tl(addr, H, 8); /* addr = H:L */
2163     tcg_gen_or_tl(addr, addr, L);
2164     tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
2165 
2166     tcg_temp_free_i32(addr);
2167 
2168     return true;
2169 }
2170 
2171 static bool trans_LPM2(DisasContext *ctx, arg_LPM2 *a)
2172 {
2173     if (!avr_have_feature(ctx, AVR_FEATURE_LPM)) {
2174         return true;
2175     }
2176 
2177     TCGv Rd = cpu_r[a->rd];
2178     TCGv addr = tcg_temp_new_i32();
2179     TCGv H = cpu_r[31];
2180     TCGv L = cpu_r[30];
2181 
2182     tcg_gen_shli_tl(addr, H, 8); /* addr = H:L */
2183     tcg_gen_or_tl(addr, addr, L);
2184     tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
2185 
2186     tcg_temp_free_i32(addr);
2187 
2188     return true;
2189 }
2190 
2191 static bool trans_LPMX(DisasContext *ctx, arg_LPMX *a)
2192 {
2193     if (!avr_have_feature(ctx, AVR_FEATURE_LPMX)) {
2194         return true;
2195     }
2196 
2197     TCGv Rd = cpu_r[a->rd];
2198     TCGv addr = tcg_temp_new_i32();
2199     TCGv H = cpu_r[31];
2200     TCGv L = cpu_r[30];
2201 
2202     tcg_gen_shli_tl(addr, H, 8); /* addr = H:L */
2203     tcg_gen_or_tl(addr, addr, L);
2204     tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
2205     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
2206     tcg_gen_andi_tl(L, addr, 0xff);
2207     tcg_gen_shri_tl(addr, addr, 8);
2208     tcg_gen_andi_tl(H, addr, 0xff);
2209 
2210     tcg_temp_free_i32(addr);
2211 
2212     return true;
2213 }
2214 
2215 /*
2216  *  Loads one byte pointed to by the Z-register and the RAMPZ Register in
2217  *  the I/O space, and places this byte in the destination register Rd. This
2218  *  instruction features a 100% space effective constant initialization or
2219  *  constant data fetch. The Program memory is organized in 16-bit words while
2220  *  the Z-pointer is a byte address. Thus, the least significant bit of the
2221  *  Z-pointer selects either low byte (ZLSB = 0) or high byte (ZLSB = 1). This
2222  *  instruction can address the entire Program memory space. The Z-pointer
2223  *  Register can either be left unchanged by the operation, or it can be
2224  *  incremented. The incrementation applies to the entire 24-bit concatenation
2225  *  of the RAMPZ and Z-pointer Registers.
2226  *
2227  *  Devices with Self-Programming capability can use the ELPM instruction to
2228  *  read the Fuse and Lock bit value.
2229  */
2230 static bool trans_ELPM1(DisasContext *ctx, arg_ELPM1 *a)
2231 {
2232     if (!avr_have_feature(ctx, AVR_FEATURE_ELPM)) {
2233         return true;
2234     }
2235 
2236     TCGv Rd = cpu_r[0];
2237     TCGv addr = gen_get_zaddr();
2238 
2239     tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
2240 
2241     tcg_temp_free_i32(addr);
2242 
2243     return true;
2244 }
2245 
2246 static bool trans_ELPM2(DisasContext *ctx, arg_ELPM2 *a)
2247 {
2248     if (!avr_have_feature(ctx, AVR_FEATURE_ELPM)) {
2249         return true;
2250     }
2251 
2252     TCGv Rd = cpu_r[a->rd];
2253     TCGv addr = gen_get_zaddr();
2254 
2255     tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
2256 
2257     tcg_temp_free_i32(addr);
2258 
2259     return true;
2260 }
2261 
2262 static bool trans_ELPMX(DisasContext *ctx, arg_ELPMX *a)
2263 {
2264     if (!avr_have_feature(ctx, AVR_FEATURE_ELPMX)) {
2265         return true;
2266     }
2267 
2268     TCGv Rd = cpu_r[a->rd];
2269     TCGv addr = gen_get_zaddr();
2270 
2271     tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
2272     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
2273     gen_set_zaddr(addr);
2274 
2275     tcg_temp_free_i32(addr);
2276 
2277     return true;
2278 }
2279 
2280 /*
2281  *  SPM can be used to erase a page in the Program memory, to write a page
2282  *  in the Program memory (that is already erased), and to set Boot Loader Lock
2283  *  bits. In some devices, the Program memory can be written one word at a time,
2284  *  in other devices an entire page can be programmed simultaneously after first
2285  *  filling a temporary page buffer. In all cases, the Program memory must be
2286  *  erased one page at a time. When erasing the Program memory, the RAMPZ and
2287  *  Z-register are used as page address. When writing the Program memory, the
2288  *  RAMPZ and Z-register are used as page or word address, and the R1:R0
2289  *  register pair is used as data(1). When setting the Boot Loader Lock bits,
2290  *  the R1:R0 register pair is used as data. Refer to the device documentation
2291  *  for detailed description of SPM usage. This instruction can address the
2292  *  entire Program memory.
2293  *
2294  *  The SPM instruction is not available in all devices. Refer to the device
2295  *  specific instruction set summary.
2296  *
2297  *  Note: 1. R1 determines the instruction high byte, and R0 determines the
2298  *  instruction low byte.
2299  */
2300 static bool trans_SPM(DisasContext *ctx, arg_SPM *a)
2301 {
2302     /* TODO */
2303     if (!avr_have_feature(ctx, AVR_FEATURE_SPM)) {
2304         return true;
2305     }
2306 
2307     return true;
2308 }
2309 
2310 static bool trans_SPMX(DisasContext *ctx, arg_SPMX *a)
2311 {
2312     /* TODO */
2313     if (!avr_have_feature(ctx, AVR_FEATURE_SPMX)) {
2314         return true;
2315     }
2316 
2317     return true;
2318 }
2319 
2320 /*
2321  *  Loads data from the I/O Space (Ports, Timers, Configuration Registers,
2322  *  etc.) into register Rd in the Register File.
2323  */
2324 static bool trans_IN(DisasContext *ctx, arg_IN *a)
2325 {
2326     TCGv Rd = cpu_r[a->rd];
2327     TCGv port = tcg_const_i32(a->imm);
2328 
2329     gen_helper_inb(Rd, cpu_env, port);
2330 
2331     tcg_temp_free_i32(port);
2332 
2333     return true;
2334 }
2335 
2336 /*
2337  *  Stores data from register Rr in the Register File to I/O Space (Ports,
2338  *  Timers, Configuration Registers, etc.).
2339  */
2340 static bool trans_OUT(DisasContext *ctx, arg_OUT *a)
2341 {
2342     TCGv Rd = cpu_r[a->rd];
2343     TCGv port = tcg_const_i32(a->imm);
2344 
2345     gen_helper_outb(cpu_env, port, Rd);
2346 
2347     tcg_temp_free_i32(port);
2348 
2349     return true;
2350 }
2351 
2352 /*
2353  *  This instruction stores the contents of register Rr on the STACK. The
2354  *  Stack Pointer is post-decremented by 1 after the PUSH.  This instruction is
2355  *  not available in all devices. Refer to the device specific instruction set
2356  *  summary.
2357  */
2358 static bool trans_PUSH(DisasContext *ctx, arg_PUSH *a)
2359 {
2360     TCGv Rd = cpu_r[a->rd];
2361 
2362     gen_data_store(ctx, Rd, cpu_sp);
2363     tcg_gen_subi_tl(cpu_sp, cpu_sp, 1);
2364 
2365     return true;
2366 }
2367 
2368 /*
2369  *  This instruction loads register Rd with a byte from the STACK. The Stack
2370  *  Pointer is pre-incremented by 1 before the POP.  This instruction is not
2371  *  available in all devices. Refer to the device specific instruction set
2372  *  summary.
2373  */
2374 static bool trans_POP(DisasContext *ctx, arg_POP *a)
2375 {
2376     /*
2377      * Using a temp to work around some strange behaviour:
2378      * tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
2379      * gen_data_load(ctx, Rd, cpu_sp);
2380      * seems to cause the add to happen twice.
2381      * This doesn't happen if either the add or the load is removed.
2382      */
2383     TCGv t1 = tcg_temp_new_i32();
2384     TCGv Rd = cpu_r[a->rd];
2385 
2386     tcg_gen_addi_tl(t1, cpu_sp, 1);
2387     gen_data_load(ctx, Rd, t1);
2388     tcg_gen_mov_tl(cpu_sp, t1);
2389 
2390     return true;
2391 }
2392 
2393 /*
2394  *  Exchanges one byte indirect between register and data space.  The data
2395  *  location is pointed to by the Z (16 bits) Pointer Register in the Register
2396  *  File. Memory access is limited to the current data segment of 64KB. To
2397  *  access another data segment in devices with more than 64KB data space, the
2398  *  RAMPZ in register in the I/O area has to be changed.
2399  *
2400  *  The Z-pointer Register is left unchanged by the operation. This instruction
2401  *  is especially suited for writing/reading status bits stored in SRAM.
2402  */
2403 static bool trans_XCH(DisasContext *ctx, arg_XCH *a)
2404 {
2405     if (!avr_have_feature(ctx, AVR_FEATURE_RMW)) {
2406         return true;
2407     }
2408 
2409     TCGv Rd = cpu_r[a->rd];
2410     TCGv t0 = tcg_temp_new_i32();
2411     TCGv addr = gen_get_zaddr();
2412 
2413     gen_data_load(ctx, t0, addr);
2414     gen_data_store(ctx, Rd, addr);
2415     tcg_gen_mov_tl(Rd, t0);
2416 
2417     tcg_temp_free_i32(t0);
2418     tcg_temp_free_i32(addr);
2419 
2420     return true;
2421 }
2422 
2423 /*
2424  *  Load one byte indirect from data space to register and set bits in data
2425  *  space specified by the register. The instruction can only be used towards
2426  *  internal SRAM.  The data location is pointed to by the Z (16 bits) Pointer
2427  *  Register in the Register File. Memory access is limited to the current data
2428  *  segment of 64KB. To access another data segment in devices with more than
2429  *  64KB data space, the RAMPZ in register in the I/O area has to be changed.
2430  *
2431  *  The Z-pointer Register is left unchanged by the operation. This instruction
2432  *  is especially suited for setting status bits stored in SRAM.
2433  */
2434 static bool trans_LAS(DisasContext *ctx, arg_LAS *a)
2435 {
2436     if (!avr_have_feature(ctx, AVR_FEATURE_RMW)) {
2437         return true;
2438     }
2439 
2440     TCGv Rr = cpu_r[a->rd];
2441     TCGv addr = gen_get_zaddr();
2442     TCGv t0 = tcg_temp_new_i32();
2443     TCGv t1 = tcg_temp_new_i32();
2444 
2445     gen_data_load(ctx, t0, addr); /* t0 = mem[addr] */
2446     tcg_gen_or_tl(t1, t0, Rr);
2447     tcg_gen_mov_tl(Rr, t0); /* Rr = t0 */
2448     gen_data_store(ctx, t1, addr); /* mem[addr] = t1 */
2449 
2450     tcg_temp_free_i32(t1);
2451     tcg_temp_free_i32(t0);
2452     tcg_temp_free_i32(addr);
2453 
2454     return true;
2455 }
2456 
2457 /*
2458  *  Load one byte indirect from data space to register and stores and clear
2459  *  the bits in data space specified by the register. The instruction can
2460  *  only be used towards internal SRAM.  The data location is pointed to by
2461  *  the Z (16 bits) Pointer Register in the Register File. Memory access is
2462  *  limited to the current data segment of 64KB. To access another data
2463  *  segment in devices with more than 64KB data space, the RAMPZ in register
2464  *  in the I/O area has to be changed.
2465  *
2466  *  The Z-pointer Register is left unchanged by the operation. This instruction
2467  *  is especially suited for clearing status bits stored in SRAM.
2468  */
2469 static bool trans_LAC(DisasContext *ctx, arg_LAC *a)
2470 {
2471     if (!avr_have_feature(ctx, AVR_FEATURE_RMW)) {
2472         return true;
2473     }
2474 
2475     TCGv Rr = cpu_r[a->rd];
2476     TCGv addr = gen_get_zaddr();
2477     TCGv t0 = tcg_temp_new_i32();
2478     TCGv t1 = tcg_temp_new_i32();
2479 
2480     gen_data_load(ctx, t0, addr); /* t0 = mem[addr] */
2481     tcg_gen_andc_tl(t1, t0, Rr); /* t1 = t0 & (0xff - Rr) = t0 & ~Rr */
2482     tcg_gen_mov_tl(Rr, t0); /* Rr = t0 */
2483     gen_data_store(ctx, t1, addr); /* mem[addr] = t1 */
2484 
2485     tcg_temp_free_i32(t1);
2486     tcg_temp_free_i32(t0);
2487     tcg_temp_free_i32(addr);
2488 
2489     return true;
2490 }
2491 
2492 
2493 /*
2494  *  Load one byte indirect from data space to register and toggles bits in
2495  *  the data space specified by the register.  The instruction can only be used
2496  *  towards SRAM.  The data location is pointed to by the Z (16 bits) Pointer
2497  *  Register in the Register File. Memory access is limited to the current data
2498  *  segment of 64KB. To access another data segment in devices with more than
2499  *  64KB data space, the RAMPZ in register in the I/O area has to be changed.
2500  *
2501  *  The Z-pointer Register is left unchanged by the operation. This instruction
2502  *  is especially suited for changing status bits stored in SRAM.
2503  */
2504 static bool trans_LAT(DisasContext *ctx, arg_LAT *a)
2505 {
2506     if (!avr_have_feature(ctx, AVR_FEATURE_RMW)) {
2507         return true;
2508     }
2509 
2510     TCGv Rd = cpu_r[a->rd];
2511     TCGv addr = gen_get_zaddr();
2512     TCGv t0 = tcg_temp_new_i32();
2513     TCGv t1 = tcg_temp_new_i32();
2514 
2515     gen_data_load(ctx, t0, addr); /* t0 = mem[addr] */
2516     tcg_gen_xor_tl(t1, t0, Rd);
2517     tcg_gen_mov_tl(Rd, t0); /* Rd = t0 */
2518     gen_data_store(ctx, t1, addr); /* mem[addr] = t1 */
2519 
2520     tcg_temp_free_i32(t1);
2521     tcg_temp_free_i32(t0);
2522     tcg_temp_free_i32(addr);
2523 
2524     return true;
2525 }
2526 
2527 /*
2528  * Bit and Bit-test Instructions
2529  */
2530 static void gen_rshift_ZNVSf(TCGv R)
2531 {
2532     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
2533     tcg_gen_shri_tl(cpu_Nf, R, 7); /* Nf = R(7) */
2534     tcg_gen_xor_tl(cpu_Vf, cpu_Nf, cpu_Cf);
2535     tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */
2536 }
2537 
2538 /*
2539  *  Shifts all bits in Rd one place to the right. Bit 7 is cleared. Bit 0 is
2540  *  loaded into the C Flag of the SREG. This operation effectively divides an
2541  *  unsigned value by two. The C Flag can be used to round the result.
2542  */
2543 static bool trans_LSR(DisasContext *ctx, arg_LSR *a)
2544 {
2545     TCGv Rd = cpu_r[a->rd];
2546 
2547     tcg_gen_andi_tl(cpu_Cf, Rd, 1);
2548     tcg_gen_shri_tl(Rd, Rd, 1);
2549 
2550     /* update status register */
2551     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, Rd, 0); /* Zf = Rd == 0 */
2552     tcg_gen_movi_tl(cpu_Nf, 0);
2553     tcg_gen_mov_tl(cpu_Vf, cpu_Cf);
2554     tcg_gen_mov_tl(cpu_Sf, cpu_Vf);
2555 
2556     return true;
2557 }
2558 
2559 /*
2560  *  Shifts all bits in Rd one place to the right. The C Flag is shifted into
2561  *  bit 7 of Rd. Bit 0 is shifted into the C Flag.  This operation, combined
2562  *  with ASR, effectively divides multi-byte signed values by two. Combined with
2563  *  LSR it effectively divides multi-byte unsigned values by two. The Carry Flag
2564  *  can be used to round the result.
2565  */
2566 static bool trans_ROR(DisasContext *ctx, arg_ROR *a)
2567 {
2568     TCGv Rd = cpu_r[a->rd];
2569     TCGv t0 = tcg_temp_new_i32();
2570 
2571     tcg_gen_shli_tl(t0, cpu_Cf, 7);
2572 
2573     /* update status register */
2574     tcg_gen_andi_tl(cpu_Cf, Rd, 1);
2575 
2576     /* update output register */
2577     tcg_gen_shri_tl(Rd, Rd, 1);
2578     tcg_gen_or_tl(Rd, Rd, t0);
2579 
2580     /* update status register */
2581     gen_rshift_ZNVSf(Rd);
2582 
2583     tcg_temp_free_i32(t0);
2584 
2585     return true;
2586 }
2587 
2588 /*
2589  *  Shifts all bits in Rd one place to the right. Bit 7 is held constant. Bit 0
2590  *  is loaded into the C Flag of the SREG. This operation effectively divides a
2591  *  signed value by two without changing its sign. The Carry Flag can be used to
2592  *  round the result.
2593  */
2594 static bool trans_ASR(DisasContext *ctx, arg_ASR *a)
2595 {
2596     TCGv Rd = cpu_r[a->rd];
2597     TCGv t0 = tcg_temp_new_i32();
2598 
2599     /* update status register */
2600     tcg_gen_andi_tl(cpu_Cf, Rd, 1); /* Cf = Rd(0) */
2601 
2602     /* update output register */
2603     tcg_gen_andi_tl(t0, Rd, 0x80); /* Rd = (Rd & 0x80) | (Rd >> 1) */
2604     tcg_gen_shri_tl(Rd, Rd, 1);
2605     tcg_gen_or_tl(Rd, Rd, t0);
2606 
2607     /* update status register */
2608     gen_rshift_ZNVSf(Rd);
2609 
2610     tcg_temp_free_i32(t0);
2611 
2612     return true;
2613 }
2614 
2615 /*
2616  *  Swaps high and low nibbles in a register.
2617  */
2618 static bool trans_SWAP(DisasContext *ctx, arg_SWAP *a)
2619 {
2620     TCGv Rd = cpu_r[a->rd];
2621     TCGv t0 = tcg_temp_new_i32();
2622     TCGv t1 = tcg_temp_new_i32();
2623 
2624     tcg_gen_andi_tl(t0, Rd, 0x0f);
2625     tcg_gen_shli_tl(t0, t0, 4);
2626     tcg_gen_andi_tl(t1, Rd, 0xf0);
2627     tcg_gen_shri_tl(t1, t1, 4);
2628     tcg_gen_or_tl(Rd, t0, t1);
2629 
2630     tcg_temp_free_i32(t1);
2631     tcg_temp_free_i32(t0);
2632 
2633     return true;
2634 }
2635 
2636 /*
2637  *  Sets a specified bit in an I/O Register. This instruction operates on
2638  *  the lower 32 I/O Registers -- addresses 0-31.
2639  */
2640 static bool trans_SBI(DisasContext *ctx, arg_SBI *a)
2641 {
2642     TCGv data = tcg_temp_new_i32();
2643     TCGv port = tcg_const_i32(a->reg);
2644 
2645     gen_helper_inb(data, cpu_env, port);
2646     tcg_gen_ori_tl(data, data, 1 << a->bit);
2647     gen_helper_outb(cpu_env, port, data);
2648 
2649     tcg_temp_free_i32(port);
2650     tcg_temp_free_i32(data);
2651 
2652     return true;
2653 }
2654 
2655 /*
2656  *  Clears a specified bit in an I/O Register. This instruction operates on
2657  *  the lower 32 I/O Registers -- addresses 0-31.
2658  */
2659 static bool trans_CBI(DisasContext *ctx, arg_CBI *a)
2660 {
2661     TCGv data = tcg_temp_new_i32();
2662     TCGv port = tcg_const_i32(a->reg);
2663 
2664     gen_helper_inb(data, cpu_env, port);
2665     tcg_gen_andi_tl(data, data, ~(1 << a->bit));
2666     gen_helper_outb(cpu_env, port, data);
2667 
2668     tcg_temp_free_i32(data);
2669     tcg_temp_free_i32(port);
2670 
2671     return true;
2672 }
2673 
2674 /*
2675  *  Stores bit b from Rd to the T Flag in SREG (Status Register).
2676  */
2677 static bool trans_BST(DisasContext *ctx, arg_BST *a)
2678 {
2679     TCGv Rd = cpu_r[a->rd];
2680 
2681     tcg_gen_andi_tl(cpu_Tf, Rd, 1 << a->bit);
2682     tcg_gen_shri_tl(cpu_Tf, cpu_Tf, a->bit);
2683 
2684     return true;
2685 }
2686 
2687 /*
2688  *  Copies the T Flag in the SREG (Status Register) to bit b in register Rd.
2689  */
2690 static bool trans_BLD(DisasContext *ctx, arg_BLD *a)
2691 {
2692     TCGv Rd = cpu_r[a->rd];
2693     TCGv t1 = tcg_temp_new_i32();
2694 
2695     tcg_gen_andi_tl(Rd, Rd, ~(1u << a->bit)); /* clear bit */
2696     tcg_gen_shli_tl(t1, cpu_Tf, a->bit); /* create mask */
2697     tcg_gen_or_tl(Rd, Rd, t1);
2698 
2699     tcg_temp_free_i32(t1);
2700 
2701     return true;
2702 }
2703 
2704 /*
2705  *  Sets a single Flag or bit in SREG.
2706  */
2707 static bool trans_BSET(DisasContext *ctx, arg_BSET *a)
2708 {
2709     switch (a->bit) {
2710     case 0x00:
2711         tcg_gen_movi_tl(cpu_Cf, 0x01);
2712         break;
2713     case 0x01:
2714         tcg_gen_movi_tl(cpu_Zf, 0x01);
2715         break;
2716     case 0x02:
2717         tcg_gen_movi_tl(cpu_Nf, 0x01);
2718         break;
2719     case 0x03:
2720         tcg_gen_movi_tl(cpu_Vf, 0x01);
2721         break;
2722     case 0x04:
2723         tcg_gen_movi_tl(cpu_Sf, 0x01);
2724         break;
2725     case 0x05:
2726         tcg_gen_movi_tl(cpu_Hf, 0x01);
2727         break;
2728     case 0x06:
2729         tcg_gen_movi_tl(cpu_Tf, 0x01);
2730         break;
2731     case 0x07:
2732         tcg_gen_movi_tl(cpu_If, 0x01);
2733         break;
2734     }
2735 
2736     return true;
2737 }
2738 
2739 /*
2740  *  Clears a single Flag in SREG.
2741  */
2742 static bool trans_BCLR(DisasContext *ctx, arg_BCLR *a)
2743 {
2744     switch (a->bit) {
2745     case 0x00:
2746         tcg_gen_movi_tl(cpu_Cf, 0x00);
2747         break;
2748     case 0x01:
2749         tcg_gen_movi_tl(cpu_Zf, 0x00);
2750         break;
2751     case 0x02:
2752         tcg_gen_movi_tl(cpu_Nf, 0x00);
2753         break;
2754     case 0x03:
2755         tcg_gen_movi_tl(cpu_Vf, 0x00);
2756         break;
2757     case 0x04:
2758         tcg_gen_movi_tl(cpu_Sf, 0x00);
2759         break;
2760     case 0x05:
2761         tcg_gen_movi_tl(cpu_Hf, 0x00);
2762         break;
2763     case 0x06:
2764         tcg_gen_movi_tl(cpu_Tf, 0x00);
2765         break;
2766     case 0x07:
2767         tcg_gen_movi_tl(cpu_If, 0x00);
2768         break;
2769     }
2770 
2771     return true;
2772 }
2773 
2774 /*
2775  * MCU Control Instructions
2776  */
2777 
2778 /*
2779  *  The BREAK instruction is used by the On-chip Debug system, and is
2780  *  normally not used in the application software. When the BREAK instruction is
2781  *  executed, the AVR CPU is set in the Stopped Mode. This gives the On-chip
2782  *  Debugger access to internal resources.  If any Lock bits are set, or either
2783  *  the JTAGEN or OCDEN Fuses are unprogrammed, the CPU will treat the BREAK
2784  *  instruction as a NOP and will not enter the Stopped mode.  This instruction
2785  *  is not available in all devices. Refer to the device specific instruction
2786  *  set summary.
2787  */
2788 static bool trans_BREAK(DisasContext *ctx, arg_BREAK *a)
2789 {
2790     if (!avr_have_feature(ctx, AVR_FEATURE_BREAK)) {
2791         return true;
2792     }
2793 
2794 #ifdef BREAKPOINT_ON_BREAK
2795     tcg_gen_movi_tl(cpu_pc, ctx->npc - 1);
2796     gen_helper_debug(cpu_env);
2797     ctx->base.is_jmp = DISAS_EXIT;
2798 #else
2799     /* NOP */
2800 #endif
2801 
2802     return true;
2803 }
2804 
2805 /*
2806  *  This instruction performs a single cycle No Operation.
2807  */
2808 static bool trans_NOP(DisasContext *ctx, arg_NOP *a)
2809 {
2810 
2811     /* NOP */
2812 
2813     return true;
2814 }
2815 
2816 /*
2817  *  This instruction sets the circuit in sleep mode defined by the MCU
2818  *  Control Register.
2819  */
2820 static bool trans_SLEEP(DisasContext *ctx, arg_SLEEP *a)
2821 {
2822     gen_helper_sleep(cpu_env);
2823     ctx->base.is_jmp = DISAS_NORETURN;
2824     return true;
2825 }
2826 
2827 /*
2828  *  This instruction resets the Watchdog Timer. This instruction must be
2829  *  executed within a limited time given by the WD prescaler. See the Watchdog
2830  *  Timer hardware specification.
2831  */
2832 static bool trans_WDR(DisasContext *ctx, arg_WDR *a)
2833 {
2834     gen_helper_wdr(cpu_env);
2835 
2836     return true;
2837 }
2838 
2839 /*
2840  *  Core translation mechanism functions:
2841  *
2842  *    - translate()
2843  *    - canonicalize_skip()
2844  *    - gen_intermediate_code()
2845  *    - restore_state_to_opc()
2846  *
2847  */
2848 static void translate(DisasContext *ctx)
2849 {
2850     uint32_t opcode = next_word(ctx);
2851 
2852     if (!decode_insn(ctx, opcode)) {
2853         gen_helper_unsupported(cpu_env);
2854         ctx->base.is_jmp = DISAS_NORETURN;
2855     }
2856 }
2857 
2858 /* Standardize the cpu_skip condition to NE.  */
2859 static bool canonicalize_skip(DisasContext *ctx)
2860 {
2861     switch (ctx->skip_cond) {
2862     case TCG_COND_NEVER:
2863         /* Normal case: cpu_skip is known to be false.  */
2864         return false;
2865 
2866     case TCG_COND_ALWAYS:
2867         /*
2868          * Breakpoint case: cpu_skip is known to be true, via TB_FLAGS_SKIP.
2869          * The breakpoint is on the instruction being skipped, at the start
2870          * of the TranslationBlock.  No need to update.
2871          */
2872         return false;
2873 
2874     case TCG_COND_NE:
2875         if (ctx->skip_var1 == NULL) {
2876             tcg_gen_mov_tl(cpu_skip, ctx->skip_var0);
2877         } else {
2878             tcg_gen_xor_tl(cpu_skip, ctx->skip_var0, ctx->skip_var1);
2879             ctx->skip_var1 = NULL;
2880         }
2881         break;
2882 
2883     default:
2884         /* Convert to a NE condition vs 0. */
2885         if (ctx->skip_var1 == NULL) {
2886             tcg_gen_setcondi_tl(ctx->skip_cond, cpu_skip, ctx->skip_var0, 0);
2887         } else {
2888             tcg_gen_setcond_tl(ctx->skip_cond, cpu_skip,
2889                                ctx->skip_var0, ctx->skip_var1);
2890             ctx->skip_var1 = NULL;
2891         }
2892         ctx->skip_cond = TCG_COND_NE;
2893         break;
2894     }
2895     if (ctx->free_skip_var0) {
2896         tcg_temp_free(ctx->skip_var0);
2897         ctx->free_skip_var0 = false;
2898     }
2899     ctx->skip_var0 = cpu_skip;
2900     return true;
2901 }
2902 
2903 static void gen_breakpoint(DisasContext *ctx)
2904 {
2905     canonicalize_skip(ctx);
2906     tcg_gen_movi_tl(cpu_pc, ctx->npc);
2907     gen_helper_debug(cpu_env);
2908     ctx->base.is_jmp = DISAS_NORETURN;
2909 }
2910 
2911 static void avr_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
2912 {
2913     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2914     CPUAVRState *env = cs->env_ptr;
2915     uint32_t tb_flags = ctx->base.tb->flags;
2916 
2917     ctx->cs = cs;
2918     ctx->env = env;
2919     ctx->npc = ctx->base.pc_first / 2;
2920 
2921     ctx->skip_cond = TCG_COND_NEVER;
2922     if (tb_flags & TB_FLAGS_SKIP) {
2923         ctx->skip_cond = TCG_COND_ALWAYS;
2924         ctx->skip_var0 = cpu_skip;
2925     }
2926 
2927     if (tb_flags & TB_FLAGS_FULL_ACCESS) {
2928         /*
2929          * This flag is set by ST/LD instruction we will regenerate it ONLY
2930          * with mem/cpu memory access instead of mem access
2931          */
2932         ctx->base.max_insns = 1;
2933     }
2934 }
2935 
2936 static void avr_tr_tb_start(DisasContextBase *db, CPUState *cs)
2937 {
2938 }
2939 
2940 static void avr_tr_insn_start(DisasContextBase *dcbase, CPUState *cs)
2941 {
2942     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2943 
2944     tcg_gen_insn_start(ctx->npc);
2945 }
2946 
2947 static bool avr_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cs,
2948                                     const CPUBreakpoint *bp)
2949 {
2950     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2951 
2952     gen_breakpoint(ctx);
2953     return true;
2954 }
2955 
2956 static void avr_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs)
2957 {
2958     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2959     TCGLabel *skip_label = NULL;
2960 
2961     /*
2962      * This is due to some strange GDB behavior
2963      * Let's assume main has address 0x100:
2964      * b main   - sets breakpoint at address 0x00000100 (code)
2965      * b *0x100 - sets breakpoint at address 0x00800100 (data)
2966      *
2967      * The translator driver has already taken care of the code pointer.
2968      */
2969     if (!ctx->base.singlestep_enabled &&
2970         cpu_breakpoint_test(cs, OFFSET_DATA + ctx->base.pc_next, BP_ANY)) {
2971         gen_breakpoint(ctx);
2972         return;
2973     }
2974 
2975     /* Conditionally skip the next instruction, if indicated.  */
2976     if (ctx->skip_cond != TCG_COND_NEVER) {
2977         skip_label = gen_new_label();
2978         if (ctx->skip_var0 == cpu_skip) {
2979             /*
2980              * Copy cpu_skip so that we may zero it before the branch.
2981              * This ensures that cpu_skip is non-zero after the label
2982              * if and only if the skipped insn itself sets a skip.
2983              */
2984             ctx->free_skip_var0 = true;
2985             ctx->skip_var0 = tcg_temp_new();
2986             tcg_gen_mov_tl(ctx->skip_var0, cpu_skip);
2987             tcg_gen_movi_tl(cpu_skip, 0);
2988         }
2989         if (ctx->skip_var1 == NULL) {
2990             tcg_gen_brcondi_tl(ctx->skip_cond, ctx->skip_var0, 0, skip_label);
2991         } else {
2992             tcg_gen_brcond_tl(ctx->skip_cond, ctx->skip_var0,
2993                               ctx->skip_var1, skip_label);
2994             ctx->skip_var1 = NULL;
2995         }
2996         if (ctx->free_skip_var0) {
2997             tcg_temp_free(ctx->skip_var0);
2998             ctx->free_skip_var0 = false;
2999         }
3000         ctx->skip_cond = TCG_COND_NEVER;
3001         ctx->skip_var0 = NULL;
3002     }
3003 
3004     translate(ctx);
3005 
3006     ctx->base.pc_next = ctx->npc * 2;
3007 
3008     if (skip_label) {
3009         canonicalize_skip(ctx);
3010         gen_set_label(skip_label);
3011         if (ctx->base.is_jmp == DISAS_NORETURN) {
3012             ctx->base.is_jmp = DISAS_CHAIN;
3013         }
3014     }
3015 
3016     if (ctx->base.is_jmp == DISAS_NEXT) {
3017         target_ulong page_first = ctx->base.pc_first & TARGET_PAGE_MASK;
3018 
3019         if ((ctx->base.pc_next - page_first) >= TARGET_PAGE_SIZE - 4) {
3020             ctx->base.is_jmp = DISAS_TOO_MANY;
3021         }
3022     }
3023 }
3024 
3025 static void avr_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
3026 {
3027     DisasContext *ctx = container_of(dcbase, DisasContext, base);
3028     bool nonconst_skip = canonicalize_skip(ctx);
3029 
3030     switch (ctx->base.is_jmp) {
3031     case DISAS_NORETURN:
3032         assert(!nonconst_skip);
3033         break;
3034     case DISAS_NEXT:
3035     case DISAS_TOO_MANY:
3036     case DISAS_CHAIN:
3037         if (!nonconst_skip) {
3038             /* Note gen_goto_tb checks singlestep.  */
3039             gen_goto_tb(ctx, 1, ctx->npc);
3040             break;
3041         }
3042         tcg_gen_movi_tl(cpu_pc, ctx->npc);
3043         /* fall through */
3044     case DISAS_LOOKUP:
3045         if (!ctx->base.singlestep_enabled) {
3046             tcg_gen_lookup_and_goto_ptr();
3047             break;
3048         }
3049         /* fall through */
3050     case DISAS_EXIT:
3051         if (ctx->base.singlestep_enabled) {
3052             gen_helper_debug(cpu_env);
3053         } else {
3054             tcg_gen_exit_tb(NULL, 0);
3055         }
3056         break;
3057     default:
3058         g_assert_not_reached();
3059     }
3060 }
3061 
3062 static void avr_tr_disas_log(const DisasContextBase *dcbase, CPUState *cs)
3063 {
3064     qemu_log("IN: %s\n", lookup_symbol(dcbase->pc_first));
3065     log_target_disas(cs, dcbase->pc_first, dcbase->tb->size);
3066 }
3067 
3068 static const TranslatorOps avr_tr_ops = {
3069     .init_disas_context = avr_tr_init_disas_context,
3070     .tb_start           = avr_tr_tb_start,
3071     .insn_start         = avr_tr_insn_start,
3072     .breakpoint_check   = avr_tr_breakpoint_check,
3073     .translate_insn     = avr_tr_translate_insn,
3074     .tb_stop            = avr_tr_tb_stop,
3075     .disas_log          = avr_tr_disas_log,
3076 };
3077 
3078 void gen_intermediate_code(CPUState *cs, TranslationBlock *tb, int max_insns)
3079 {
3080     DisasContext dc = { };
3081     translator_loop(&avr_tr_ops, &dc.base, cs, tb, max_insns);
3082 }
3083 
3084 void restore_state_to_opc(CPUAVRState *env, TranslationBlock *tb,
3085                             target_ulong *data)
3086 {
3087     env->pc_w = data[0];
3088 }
3089