xref: /openbmc/qemu/target/avr/translate.c (revision 40f23e4e)
1 /*
2  * QEMU AVR CPU
3  *
4  * Copyright (c) 2019-2020 Michael Rolnik
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see
18  * <http://www.gnu.org/licenses/lgpl-2.1.html>
19  */
20 
21 #include "qemu/osdep.h"
22 #include "qemu/qemu-print.h"
23 #include "tcg/tcg.h"
24 #include "cpu.h"
25 #include "exec/exec-all.h"
26 #include "tcg/tcg-op.h"
27 #include "exec/cpu_ldst.h"
28 #include "exec/helper-proto.h"
29 #include "exec/helper-gen.h"
30 #include "exec/log.h"
31 #include "exec/translator.h"
32 #include "exec/gen-icount.h"
33 
34 /*
35  *  Define if you want a BREAK instruction translated to a breakpoint
36  *  Active debugging connection is assumed
37  *  This is for
38  *  https://github.com/seharris/qemu-avr-tests/tree/master/instruction-tests
39  *  tests
40  */
41 #undef BREAKPOINT_ON_BREAK
42 
43 static TCGv cpu_pc;
44 
45 static TCGv cpu_Cf;
46 static TCGv cpu_Zf;
47 static TCGv cpu_Nf;
48 static TCGv cpu_Vf;
49 static TCGv cpu_Sf;
50 static TCGv cpu_Hf;
51 static TCGv cpu_Tf;
52 static TCGv cpu_If;
53 
54 static TCGv cpu_rampD;
55 static TCGv cpu_rampX;
56 static TCGv cpu_rampY;
57 static TCGv cpu_rampZ;
58 
59 static TCGv cpu_r[NUMBER_OF_CPU_REGISTERS];
60 static TCGv cpu_eind;
61 static TCGv cpu_sp;
62 
63 static TCGv cpu_skip;
64 
65 static const char reg_names[NUMBER_OF_CPU_REGISTERS][8] = {
66     "r0",  "r1",  "r2",  "r3",  "r4",  "r5",  "r6",  "r7",
67     "r8",  "r9",  "r10", "r11", "r12", "r13", "r14", "r15",
68     "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
69     "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
70 };
71 #define REG(x) (cpu_r[x])
72 
73 enum {
74     DISAS_EXIT   = DISAS_TARGET_0,  /* We want return to the cpu main loop.  */
75     DISAS_LOOKUP = DISAS_TARGET_1,  /* We have a variable condition exit.  */
76     DISAS_CHAIN  = DISAS_TARGET_2,  /* We have a single condition exit.  */
77 };
78 
79 typedef struct DisasContext DisasContext;
80 
81 /* This is the state at translation time. */
82 struct DisasContext {
83     DisasContextBase base;
84 
85     CPUAVRState *env;
86     CPUState *cs;
87 
88     target_long npc;
89     uint32_t opcode;
90 
91     /* Routine used to access memory */
92     int memidx;
93 
94     /*
95      * some AVR instructions can make the following instruction to be skipped
96      * Let's name those instructions
97      *     A   - instruction that can skip the next one
98      *     B   - instruction that can be skipped. this depends on execution of A
99      * there are two scenarios
100      * 1. A and B belong to the same translation block
101      * 2. A is the last instruction in the translation block and B is the last
102      *
103      * following variables are used to simplify the skipping logic, they are
104      * used in the following manner (sketch)
105      *
106      * TCGLabel *skip_label = NULL;
107      * if (ctx->skip_cond != TCG_COND_NEVER) {
108      *     skip_label = gen_new_label();
109      *     tcg_gen_brcond_tl(skip_cond, skip_var0, skip_var1, skip_label);
110      * }
111      *
112      * if (free_skip_var0) {
113      *     tcg_temp_free(skip_var0);
114      *     free_skip_var0 = false;
115      * }
116      *
117      * translate(ctx);
118      *
119      * if (skip_label) {
120      *     gen_set_label(skip_label);
121      * }
122      */
123     TCGv skip_var0;
124     TCGv skip_var1;
125     TCGCond skip_cond;
126     bool free_skip_var0;
127 };
128 
129 void avr_cpu_tcg_init(void)
130 {
131     int i;
132 
133 #define AVR_REG_OFFS(x) offsetof(CPUAVRState, x)
134     cpu_pc = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(pc_w), "pc");
135     cpu_Cf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregC), "Cf");
136     cpu_Zf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregZ), "Zf");
137     cpu_Nf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregN), "Nf");
138     cpu_Vf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregV), "Vf");
139     cpu_Sf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregS), "Sf");
140     cpu_Hf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregH), "Hf");
141     cpu_Tf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregT), "Tf");
142     cpu_If = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregI), "If");
143     cpu_rampD = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampD), "rampD");
144     cpu_rampX = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampX), "rampX");
145     cpu_rampY = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampY), "rampY");
146     cpu_rampZ = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampZ), "rampZ");
147     cpu_eind = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(eind), "eind");
148     cpu_sp = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sp), "sp");
149     cpu_skip = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(skip), "skip");
150 
151     for (i = 0; i < NUMBER_OF_CPU_REGISTERS; i++) {
152         cpu_r[i] = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(r[i]),
153                                           reg_names[i]);
154     }
155 #undef AVR_REG_OFFS
156 }
157 
158 static int to_regs_16_31_by_one(DisasContext *ctx, int indx)
159 {
160     return 16 + (indx % 16);
161 }
162 
163 static int to_regs_16_23_by_one(DisasContext *ctx, int indx)
164 {
165     return 16 + (indx % 8);
166 }
167 
168 static int to_regs_24_30_by_two(DisasContext *ctx, int indx)
169 {
170     return 24 + (indx % 4) * 2;
171 }
172 
173 static int to_regs_00_30_by_two(DisasContext *ctx, int indx)
174 {
175     return (indx % 16) * 2;
176 }
177 
178 static uint16_t next_word(DisasContext *ctx)
179 {
180     return cpu_lduw_code(ctx->env, ctx->npc++ * 2);
181 }
182 
183 static int append_16(DisasContext *ctx, int x)
184 {
185     return x << 16 | next_word(ctx);
186 }
187 
188 static bool avr_have_feature(DisasContext *ctx, int feature)
189 {
190     if (!avr_feature(ctx->env, feature)) {
191         gen_helper_unsupported(cpu_env);
192         ctx->base.is_jmp = DISAS_NORETURN;
193         return false;
194     }
195     return true;
196 }
197 
198 static bool decode_insn(DisasContext *ctx, uint16_t insn);
199 #include "decode-insn.c.inc"
200 
201 /*
202  * Arithmetic Instructions
203  */
204 
205 /*
206  * Utility functions for updating status registers:
207  *
208  *   - gen_add_CHf()
209  *   - gen_add_Vf()
210  *   - gen_sub_CHf()
211  *   - gen_sub_Vf()
212  *   - gen_NSf()
213  *   - gen_ZNSf()
214  *
215  */
216 
217 static void gen_add_CHf(TCGv R, TCGv Rd, TCGv Rr)
218 {
219     TCGv t1 = tcg_temp_new_i32();
220     TCGv t2 = tcg_temp_new_i32();
221     TCGv t3 = tcg_temp_new_i32();
222 
223     tcg_gen_and_tl(t1, Rd, Rr); /* t1 = Rd & Rr */
224     tcg_gen_andc_tl(t2, Rd, R); /* t2 = Rd & ~R */
225     tcg_gen_andc_tl(t3, Rr, R); /* t3 = Rr & ~R */
226     tcg_gen_or_tl(t1, t1, t2); /* t1 = t1 | t2 | t3 */
227     tcg_gen_or_tl(t1, t1, t3);
228 
229     tcg_gen_shri_tl(cpu_Cf, t1, 7); /* Cf = t1(7) */
230     tcg_gen_shri_tl(cpu_Hf, t1, 3); /* Hf = t1(3) */
231     tcg_gen_andi_tl(cpu_Hf, cpu_Hf, 1);
232 
233     tcg_temp_free_i32(t3);
234     tcg_temp_free_i32(t2);
235     tcg_temp_free_i32(t1);
236 }
237 
238 static void gen_add_Vf(TCGv R, TCGv Rd, TCGv Rr)
239 {
240     TCGv t1 = tcg_temp_new_i32();
241     TCGv t2 = tcg_temp_new_i32();
242 
243     /* t1 = Rd & Rr & ~R | ~Rd & ~Rr & R */
244     /*    = (Rd ^ R) & ~(Rd ^ Rr) */
245     tcg_gen_xor_tl(t1, Rd, R);
246     tcg_gen_xor_tl(t2, Rd, Rr);
247     tcg_gen_andc_tl(t1, t1, t2);
248 
249     tcg_gen_shri_tl(cpu_Vf, t1, 7); /* Vf = t1(7) */
250 
251     tcg_temp_free_i32(t2);
252     tcg_temp_free_i32(t1);
253 }
254 
255 static void gen_sub_CHf(TCGv R, TCGv Rd, TCGv Rr)
256 {
257     TCGv t1 = tcg_temp_new_i32();
258     TCGv t2 = tcg_temp_new_i32();
259     TCGv t3 = tcg_temp_new_i32();
260 
261     tcg_gen_not_tl(t1, Rd); /* t1 = ~Rd */
262     tcg_gen_and_tl(t2, t1, Rr); /* t2 = ~Rd & Rr */
263     tcg_gen_or_tl(t3, t1, Rr); /* t3 = (~Rd | Rr) & R */
264     tcg_gen_and_tl(t3, t3, R);
265     tcg_gen_or_tl(t2, t2, t3); /* t2 = ~Rd & Rr | ~Rd & R | R & Rr */
266 
267     tcg_gen_shri_tl(cpu_Cf, t2, 7); /* Cf = t2(7) */
268     tcg_gen_shri_tl(cpu_Hf, t2, 3); /* Hf = t2(3) */
269     tcg_gen_andi_tl(cpu_Hf, cpu_Hf, 1);
270 
271     tcg_temp_free_i32(t3);
272     tcg_temp_free_i32(t2);
273     tcg_temp_free_i32(t1);
274 }
275 
276 static void gen_sub_Vf(TCGv R, TCGv Rd, TCGv Rr)
277 {
278     TCGv t1 = tcg_temp_new_i32();
279     TCGv t2 = tcg_temp_new_i32();
280 
281     /* t1 = Rd & ~Rr & ~R | ~Rd & Rr & R */
282     /*    = (Rd ^ R) & (Rd ^ R) */
283     tcg_gen_xor_tl(t1, Rd, R);
284     tcg_gen_xor_tl(t2, Rd, Rr);
285     tcg_gen_and_tl(t1, t1, t2);
286 
287     tcg_gen_shri_tl(cpu_Vf, t1, 7); /* Vf = t1(7) */
288 
289     tcg_temp_free_i32(t2);
290     tcg_temp_free_i32(t1);
291 }
292 
293 static void gen_NSf(TCGv R)
294 {
295     tcg_gen_shri_tl(cpu_Nf, R, 7); /* Nf = R(7) */
296     tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */
297 }
298 
299 static void gen_ZNSf(TCGv R)
300 {
301     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
302 
303     /* update status register */
304     tcg_gen_shri_tl(cpu_Nf, R, 7); /* Nf = R(7) */
305     tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */
306 }
307 
308 /*
309  *  Adds two registers without the C Flag and places the result in the
310  *  destination register Rd.
311  */
312 static bool trans_ADD(DisasContext *ctx, arg_ADD *a)
313 {
314     TCGv Rd = cpu_r[a->rd];
315     TCGv Rr = cpu_r[a->rr];
316     TCGv R = tcg_temp_new_i32();
317 
318     tcg_gen_add_tl(R, Rd, Rr); /* Rd = Rd + Rr */
319     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
320 
321     /* update status register */
322     gen_add_CHf(R, Rd, Rr);
323     gen_add_Vf(R, Rd, Rr);
324     gen_ZNSf(R);
325 
326     /* update output registers */
327     tcg_gen_mov_tl(Rd, R);
328 
329     tcg_temp_free_i32(R);
330 
331     return true;
332 }
333 
334 /*
335  *  Adds two registers and the contents of the C Flag and places the result in
336  *  the destination register Rd.
337  */
338 static bool trans_ADC(DisasContext *ctx, arg_ADC *a)
339 {
340     TCGv Rd = cpu_r[a->rd];
341     TCGv Rr = cpu_r[a->rr];
342     TCGv R = tcg_temp_new_i32();
343 
344     tcg_gen_add_tl(R, Rd, Rr); /* R = Rd + Rr + Cf */
345     tcg_gen_add_tl(R, R, cpu_Cf);
346     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
347 
348     /* update status register */
349     gen_add_CHf(R, Rd, Rr);
350     gen_add_Vf(R, Rd, Rr);
351     gen_ZNSf(R);
352 
353     /* update output registers */
354     tcg_gen_mov_tl(Rd, R);
355 
356     tcg_temp_free_i32(R);
357 
358     return true;
359 }
360 
361 /*
362  *  Adds an immediate value (0 - 63) to a register pair and places the result
363  *  in the register pair. This instruction operates on the upper four register
364  *  pairs, and is well suited for operations on the pointer registers.  This
365  *  instruction is not available in all devices. Refer to the device specific
366  *  instruction set summary.
367  */
368 static bool trans_ADIW(DisasContext *ctx, arg_ADIW *a)
369 {
370     if (!avr_have_feature(ctx, AVR_FEATURE_ADIW_SBIW)) {
371         return true;
372     }
373 
374     TCGv RdL = cpu_r[a->rd];
375     TCGv RdH = cpu_r[a->rd + 1];
376     int Imm = (a->imm);
377     TCGv R = tcg_temp_new_i32();
378     TCGv Rd = tcg_temp_new_i32();
379 
380     tcg_gen_deposit_tl(Rd, RdL, RdH, 8, 8); /* Rd = RdH:RdL */
381     tcg_gen_addi_tl(R, Rd, Imm); /* R = Rd + Imm */
382     tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */
383 
384     /* update status register */
385     tcg_gen_andc_tl(cpu_Cf, Rd, R); /* Cf = Rd & ~R */
386     tcg_gen_shri_tl(cpu_Cf, cpu_Cf, 15);
387     tcg_gen_andc_tl(cpu_Vf, R, Rd); /* Vf = R & ~Rd */
388     tcg_gen_shri_tl(cpu_Vf, cpu_Vf, 15);
389     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
390     tcg_gen_shri_tl(cpu_Nf, R, 15); /* Nf = R(15) */
391     tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf);/* Sf = Nf ^ Vf */
392 
393     /* update output registers */
394     tcg_gen_andi_tl(RdL, R, 0xff);
395     tcg_gen_shri_tl(RdH, R, 8);
396 
397     tcg_temp_free_i32(Rd);
398     tcg_temp_free_i32(R);
399 
400     return true;
401 }
402 
403 /*
404  *  Subtracts two registers and places the result in the destination
405  *  register Rd.
406  */
407 static bool trans_SUB(DisasContext *ctx, arg_SUB *a)
408 {
409     TCGv Rd = cpu_r[a->rd];
410     TCGv Rr = cpu_r[a->rr];
411     TCGv R = tcg_temp_new_i32();
412 
413     tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr */
414     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
415 
416     /* update status register */
417     tcg_gen_andc_tl(cpu_Cf, Rd, R); /* Cf = Rd & ~R */
418     gen_sub_CHf(R, Rd, Rr);
419     gen_sub_Vf(R, Rd, Rr);
420     gen_ZNSf(R);
421 
422     /* update output registers */
423     tcg_gen_mov_tl(Rd, R);
424 
425     tcg_temp_free_i32(R);
426 
427     return true;
428 }
429 
430 /*
431  *  Subtracts a register and a constant and places the result in the
432  *  destination register Rd. This instruction is working on Register R16 to R31
433  *  and is very well suited for operations on the X, Y, and Z-pointers.
434  */
435 static bool trans_SUBI(DisasContext *ctx, arg_SUBI *a)
436 {
437     TCGv Rd = cpu_r[a->rd];
438     TCGv Rr = tcg_const_i32(a->imm);
439     TCGv R = tcg_temp_new_i32();
440 
441     tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Imm */
442     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
443 
444     /* update status register */
445     gen_sub_CHf(R, Rd, Rr);
446     gen_sub_Vf(R, Rd, Rr);
447     gen_ZNSf(R);
448 
449     /* update output registers */
450     tcg_gen_mov_tl(Rd, R);
451 
452     tcg_temp_free_i32(R);
453     tcg_temp_free_i32(Rr);
454 
455     return true;
456 }
457 
458 /*
459  *  Subtracts two registers and subtracts with the C Flag and places the
460  *  result in the destination register Rd.
461  */
462 static bool trans_SBC(DisasContext *ctx, arg_SBC *a)
463 {
464     TCGv Rd = cpu_r[a->rd];
465     TCGv Rr = cpu_r[a->rr];
466     TCGv R = tcg_temp_new_i32();
467     TCGv zero = tcg_const_i32(0);
468 
469     tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr - Cf */
470     tcg_gen_sub_tl(R, R, cpu_Cf);
471     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
472 
473     /* update status register */
474     gen_sub_CHf(R, Rd, Rr);
475     gen_sub_Vf(R, Rd, Rr);
476     gen_NSf(R);
477 
478     /*
479      * Previous value remains unchanged when the result is zero;
480      * cleared otherwise.
481      */
482     tcg_gen_movcond_tl(TCG_COND_EQ, cpu_Zf, R, zero, cpu_Zf, zero);
483 
484     /* update output registers */
485     tcg_gen_mov_tl(Rd, R);
486 
487     tcg_temp_free_i32(zero);
488     tcg_temp_free_i32(R);
489 
490     return true;
491 }
492 
493 /*
494  *  SBCI -- Subtract Immediate with Carry
495  */
496 static bool trans_SBCI(DisasContext *ctx, arg_SBCI *a)
497 {
498     TCGv Rd = cpu_r[a->rd];
499     TCGv Rr = tcg_const_i32(a->imm);
500     TCGv R = tcg_temp_new_i32();
501     TCGv zero = tcg_const_i32(0);
502 
503     tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr - Cf */
504     tcg_gen_sub_tl(R, R, cpu_Cf);
505     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
506 
507     /* update status register */
508     gen_sub_CHf(R, Rd, Rr);
509     gen_sub_Vf(R, Rd, Rr);
510     gen_NSf(R);
511 
512     /*
513      * Previous value remains unchanged when the result is zero;
514      * cleared otherwise.
515      */
516     tcg_gen_movcond_tl(TCG_COND_EQ, cpu_Zf, R, zero, cpu_Zf, zero);
517 
518     /* update output registers */
519     tcg_gen_mov_tl(Rd, R);
520 
521     tcg_temp_free_i32(zero);
522     tcg_temp_free_i32(R);
523     tcg_temp_free_i32(Rr);
524 
525     return true;
526 }
527 
528 /*
529  *  Subtracts an immediate value (0-63) from a register pair and places the
530  *  result in the register pair. This instruction operates on the upper four
531  *  register pairs, and is well suited for operations on the Pointer Registers.
532  *  This instruction is not available in all devices. Refer to the device
533  *  specific instruction set summary.
534  */
535 static bool trans_SBIW(DisasContext *ctx, arg_SBIW *a)
536 {
537     if (!avr_have_feature(ctx, AVR_FEATURE_ADIW_SBIW)) {
538         return true;
539     }
540 
541     TCGv RdL = cpu_r[a->rd];
542     TCGv RdH = cpu_r[a->rd + 1];
543     int Imm = (a->imm);
544     TCGv R = tcg_temp_new_i32();
545     TCGv Rd = tcg_temp_new_i32();
546 
547     tcg_gen_deposit_tl(Rd, RdL, RdH, 8, 8); /* Rd = RdH:RdL */
548     tcg_gen_subi_tl(R, Rd, Imm); /* R = Rd - Imm */
549     tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */
550 
551     /* update status register */
552     tcg_gen_andc_tl(cpu_Cf, R, Rd);
553     tcg_gen_shri_tl(cpu_Cf, cpu_Cf, 15); /* Cf = R & ~Rd */
554     tcg_gen_andc_tl(cpu_Vf, Rd, R);
555     tcg_gen_shri_tl(cpu_Vf, cpu_Vf, 15); /* Vf = Rd & ~R */
556     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
557     tcg_gen_shri_tl(cpu_Nf, R, 15); /* Nf = R(15) */
558     tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */
559 
560     /* update output registers */
561     tcg_gen_andi_tl(RdL, R, 0xff);
562     tcg_gen_shri_tl(RdH, R, 8);
563 
564     tcg_temp_free_i32(Rd);
565     tcg_temp_free_i32(R);
566 
567     return true;
568 }
569 
570 /*
571  *  Performs the logical AND between the contents of register Rd and register
572  *  Rr and places the result in the destination register Rd.
573  */
574 static bool trans_AND(DisasContext *ctx, arg_AND *a)
575 {
576     TCGv Rd = cpu_r[a->rd];
577     TCGv Rr = cpu_r[a->rr];
578     TCGv R = tcg_temp_new_i32();
579 
580     tcg_gen_and_tl(R, Rd, Rr); /* Rd = Rd and Rr */
581 
582     /* update status register */
583     tcg_gen_movi_tl(cpu_Vf, 0); /* Vf = 0 */
584     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
585     gen_ZNSf(R);
586 
587     /* update output registers */
588     tcg_gen_mov_tl(Rd, R);
589 
590     tcg_temp_free_i32(R);
591 
592     return true;
593 }
594 
595 /*
596  *  Performs the logical AND between the contents of register Rd and a constant
597  *  and places the result in the destination register Rd.
598  */
599 static bool trans_ANDI(DisasContext *ctx, arg_ANDI *a)
600 {
601     TCGv Rd = cpu_r[a->rd];
602     int Imm = (a->imm);
603 
604     tcg_gen_andi_tl(Rd, Rd, Imm); /* Rd = Rd & Imm */
605 
606     /* update status register */
607     tcg_gen_movi_tl(cpu_Vf, 0x00); /* Vf = 0 */
608     gen_ZNSf(Rd);
609 
610     return true;
611 }
612 
613 /*
614  *  Performs the logical OR between the contents of register Rd and register
615  *  Rr and places the result in the destination register Rd.
616  */
617 static bool trans_OR(DisasContext *ctx, arg_OR *a)
618 {
619     TCGv Rd = cpu_r[a->rd];
620     TCGv Rr = cpu_r[a->rr];
621     TCGv R = tcg_temp_new_i32();
622 
623     tcg_gen_or_tl(R, Rd, Rr);
624 
625     /* update status register */
626     tcg_gen_movi_tl(cpu_Vf, 0);
627     gen_ZNSf(R);
628 
629     /* update output registers */
630     tcg_gen_mov_tl(Rd, R);
631 
632     tcg_temp_free_i32(R);
633 
634     return true;
635 }
636 
637 /*
638  *  Performs the logical OR between the contents of register Rd and a
639  *  constant and places the result in the destination register Rd.
640  */
641 static bool trans_ORI(DisasContext *ctx, arg_ORI *a)
642 {
643     TCGv Rd = cpu_r[a->rd];
644     int Imm = (a->imm);
645 
646     tcg_gen_ori_tl(Rd, Rd, Imm); /* Rd = Rd | Imm */
647 
648     /* update status register */
649     tcg_gen_movi_tl(cpu_Vf, 0x00); /* Vf = 0 */
650     gen_ZNSf(Rd);
651 
652     return true;
653 }
654 
655 /*
656  *  Performs the logical EOR between the contents of register Rd and
657  *  register Rr and places the result in the destination register Rd.
658  */
659 static bool trans_EOR(DisasContext *ctx, arg_EOR *a)
660 {
661     TCGv Rd = cpu_r[a->rd];
662     TCGv Rr = cpu_r[a->rr];
663 
664     tcg_gen_xor_tl(Rd, Rd, Rr);
665 
666     /* update status register */
667     tcg_gen_movi_tl(cpu_Vf, 0);
668     gen_ZNSf(Rd);
669 
670     return true;
671 }
672 
673 /*
674  *  Clears the specified bits in register Rd. Performs the logical AND
675  *  between the contents of register Rd and the complement of the constant mask
676  *  K. The result will be placed in register Rd.
677  */
678 static bool trans_COM(DisasContext *ctx, arg_COM *a)
679 {
680     TCGv Rd = cpu_r[a->rd];
681     TCGv R = tcg_temp_new_i32();
682 
683     tcg_gen_xori_tl(Rd, Rd, 0xff);
684 
685     /* update status register */
686     tcg_gen_movi_tl(cpu_Cf, 1); /* Cf = 1 */
687     tcg_gen_movi_tl(cpu_Vf, 0); /* Vf = 0 */
688     gen_ZNSf(Rd);
689 
690     tcg_temp_free_i32(R);
691 
692     return true;
693 }
694 
695 /*
696  *  Replaces the contents of register Rd with its two's complement; the
697  *  value $80 is left unchanged.
698  */
699 static bool trans_NEG(DisasContext *ctx, arg_NEG *a)
700 {
701     TCGv Rd = cpu_r[a->rd];
702     TCGv t0 = tcg_const_i32(0);
703     TCGv R = tcg_temp_new_i32();
704 
705     tcg_gen_sub_tl(R, t0, Rd); /* R = 0 - Rd */
706     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
707 
708     /* update status register */
709     gen_sub_CHf(R, t0, Rd);
710     gen_sub_Vf(R, t0, Rd);
711     gen_ZNSf(R);
712 
713     /* update output registers */
714     tcg_gen_mov_tl(Rd, R);
715 
716     tcg_temp_free_i32(t0);
717     tcg_temp_free_i32(R);
718 
719     return true;
720 }
721 
722 /*
723  *  Adds one -1- to the contents of register Rd and places the result in the
724  *  destination register Rd.  The C Flag in SREG is not affected by the
725  *  operation, thus allowing the INC instruction to be used on a loop counter in
726  *  multiple-precision computations.  When operating on unsigned numbers, only
727  *  BREQ and BRNE branches can be expected to perform consistently. When
728  *  operating on two's complement values, all signed branches are available.
729  */
730 static bool trans_INC(DisasContext *ctx, arg_INC *a)
731 {
732     TCGv Rd = cpu_r[a->rd];
733 
734     tcg_gen_addi_tl(Rd, Rd, 1);
735     tcg_gen_andi_tl(Rd, Rd, 0xff);
736 
737     /* update status register */
738     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Vf, Rd, 0x80); /* Vf = Rd == 0x80 */
739     gen_ZNSf(Rd);
740 
741     return true;
742 }
743 
744 /*
745  *  Subtracts one -1- from the contents of register Rd and places the result
746  *  in the destination register Rd.  The C Flag in SREG is not affected by the
747  *  operation, thus allowing the DEC instruction to be used on a loop counter in
748  *  multiple-precision computations.  When operating on unsigned values, only
749  *  BREQ and BRNE branches can be expected to perform consistently.  When
750  *  operating on two's complement values, all signed branches are available.
751  */
752 static bool trans_DEC(DisasContext *ctx, arg_DEC *a)
753 {
754     TCGv Rd = cpu_r[a->rd];
755 
756     tcg_gen_subi_tl(Rd, Rd, 1); /* Rd = Rd - 1 */
757     tcg_gen_andi_tl(Rd, Rd, 0xff); /* make it 8 bits */
758 
759     /* update status register */
760     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Vf, Rd, 0x7f); /* Vf = Rd == 0x7f */
761     gen_ZNSf(Rd);
762 
763     return true;
764 }
765 
766 /*
767  *  This instruction performs 8-bit x 8-bit -> 16-bit unsigned multiplication.
768  */
769 static bool trans_MUL(DisasContext *ctx, arg_MUL *a)
770 {
771     if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) {
772         return true;
773     }
774 
775     TCGv R0 = cpu_r[0];
776     TCGv R1 = cpu_r[1];
777     TCGv Rd = cpu_r[a->rd];
778     TCGv Rr = cpu_r[a->rr];
779     TCGv R = tcg_temp_new_i32();
780 
781     tcg_gen_mul_tl(R, Rd, Rr); /* R = Rd * Rr */
782     tcg_gen_andi_tl(R0, R, 0xff);
783     tcg_gen_shri_tl(R1, R, 8);
784 
785     /* update status register */
786     tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */
787     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
788 
789     tcg_temp_free_i32(R);
790 
791     return true;
792 }
793 
794 /*
795  *  This instruction performs 8-bit x 8-bit -> 16-bit signed multiplication.
796  */
797 static bool trans_MULS(DisasContext *ctx, arg_MULS *a)
798 {
799     if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) {
800         return true;
801     }
802 
803     TCGv R0 = cpu_r[0];
804     TCGv R1 = cpu_r[1];
805     TCGv Rd = cpu_r[a->rd];
806     TCGv Rr = cpu_r[a->rr];
807     TCGv R = tcg_temp_new_i32();
808     TCGv t0 = tcg_temp_new_i32();
809     TCGv t1 = tcg_temp_new_i32();
810 
811     tcg_gen_ext8s_tl(t0, Rd); /* make Rd full 32 bit signed */
812     tcg_gen_ext8s_tl(t1, Rr); /* make Rr full 32 bit signed */
813     tcg_gen_mul_tl(R, t0, t1); /* R = Rd * Rr */
814     tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */
815     tcg_gen_andi_tl(R0, R, 0xff);
816     tcg_gen_shri_tl(R1, R, 8);
817 
818     /* update status register */
819     tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */
820     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
821 
822     tcg_temp_free_i32(t1);
823     tcg_temp_free_i32(t0);
824     tcg_temp_free_i32(R);
825 
826     return true;
827 }
828 
829 /*
830  *  This instruction performs 8-bit x 8-bit -> 16-bit multiplication of a
831  *  signed and an unsigned number.
832  */
833 static bool trans_MULSU(DisasContext *ctx, arg_MULSU *a)
834 {
835     if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) {
836         return true;
837     }
838 
839     TCGv R0 = cpu_r[0];
840     TCGv R1 = cpu_r[1];
841     TCGv Rd = cpu_r[a->rd];
842     TCGv Rr = cpu_r[a->rr];
843     TCGv R = tcg_temp_new_i32();
844     TCGv t0 = tcg_temp_new_i32();
845 
846     tcg_gen_ext8s_tl(t0, Rd); /* make Rd full 32 bit signed */
847     tcg_gen_mul_tl(R, t0, Rr); /* R = Rd * Rr */
848     tcg_gen_andi_tl(R, R, 0xffff); /* make R 16 bits */
849     tcg_gen_andi_tl(R0, R, 0xff);
850     tcg_gen_shri_tl(R1, R, 8);
851 
852     /* update status register */
853     tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */
854     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
855 
856     tcg_temp_free_i32(t0);
857     tcg_temp_free_i32(R);
858 
859     return true;
860 }
861 
862 /*
863  *  This instruction performs 8-bit x 8-bit -> 16-bit unsigned
864  *  multiplication and shifts the result one bit left.
865  */
866 static bool trans_FMUL(DisasContext *ctx, arg_FMUL *a)
867 {
868     if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) {
869         return true;
870     }
871 
872     TCGv R0 = cpu_r[0];
873     TCGv R1 = cpu_r[1];
874     TCGv Rd = cpu_r[a->rd];
875     TCGv Rr = cpu_r[a->rr];
876     TCGv R = tcg_temp_new_i32();
877 
878     tcg_gen_mul_tl(R, Rd, Rr); /* R = Rd * Rr */
879 
880     /* update status register */
881     tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */
882     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
883 
884     /* update output registers */
885     tcg_gen_shli_tl(R, R, 1);
886     tcg_gen_andi_tl(R0, R, 0xff);
887     tcg_gen_shri_tl(R1, R, 8);
888     tcg_gen_andi_tl(R1, R1, 0xff);
889 
890 
891     tcg_temp_free_i32(R);
892 
893     return true;
894 }
895 
896 /*
897  *  This instruction performs 8-bit x 8-bit -> 16-bit signed multiplication
898  *  and shifts the result one bit left.
899  */
900 static bool trans_FMULS(DisasContext *ctx, arg_FMULS *a)
901 {
902     if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) {
903         return true;
904     }
905 
906     TCGv R0 = cpu_r[0];
907     TCGv R1 = cpu_r[1];
908     TCGv Rd = cpu_r[a->rd];
909     TCGv Rr = cpu_r[a->rr];
910     TCGv R = tcg_temp_new_i32();
911     TCGv t0 = tcg_temp_new_i32();
912     TCGv t1 = tcg_temp_new_i32();
913 
914     tcg_gen_ext8s_tl(t0, Rd); /* make Rd full 32 bit signed */
915     tcg_gen_ext8s_tl(t1, Rr); /* make Rr full 32 bit signed */
916     tcg_gen_mul_tl(R, t0, t1); /* R = Rd * Rr */
917     tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */
918 
919     /* update status register */
920     tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */
921     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
922 
923     /* update output registers */
924     tcg_gen_shli_tl(R, R, 1);
925     tcg_gen_andi_tl(R0, R, 0xff);
926     tcg_gen_shri_tl(R1, R, 8);
927     tcg_gen_andi_tl(R1, R1, 0xff);
928 
929     tcg_temp_free_i32(t1);
930     tcg_temp_free_i32(t0);
931     tcg_temp_free_i32(R);
932 
933     return true;
934 }
935 
936 /*
937  *  This instruction performs 8-bit x 8-bit -> 16-bit signed multiplication
938  *  and shifts the result one bit left.
939  */
940 static bool trans_FMULSU(DisasContext *ctx, arg_FMULSU *a)
941 {
942     if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) {
943         return true;
944     }
945 
946     TCGv R0 = cpu_r[0];
947     TCGv R1 = cpu_r[1];
948     TCGv Rd = cpu_r[a->rd];
949     TCGv Rr = cpu_r[a->rr];
950     TCGv R = tcg_temp_new_i32();
951     TCGv t0 = tcg_temp_new_i32();
952 
953     tcg_gen_ext8s_tl(t0, Rd); /* make Rd full 32 bit signed */
954     tcg_gen_mul_tl(R, t0, Rr); /* R = Rd * Rr */
955     tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */
956 
957     /* update status register */
958     tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */
959     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
960 
961     /* update output registers */
962     tcg_gen_shli_tl(R, R, 1);
963     tcg_gen_andi_tl(R0, R, 0xff);
964     tcg_gen_shri_tl(R1, R, 8);
965     tcg_gen_andi_tl(R1, R1, 0xff);
966 
967     tcg_temp_free_i32(t0);
968     tcg_temp_free_i32(R);
969 
970     return true;
971 }
972 
973 /*
974  *  The module is an instruction set extension to the AVR CPU, performing
975  *  DES iterations. The 64-bit data block (plaintext or ciphertext) is placed in
976  *  the CPU register file, registers R0-R7, where LSB of data is placed in LSB
977  *  of R0 and MSB of data is placed in MSB of R7. The full 64-bit key (including
978  *  parity bits) is placed in registers R8- R15, organized in the register file
979  *  with LSB of key in LSB of R8 and MSB of key in MSB of R15. Executing one DES
980  *  instruction performs one round in the DES algorithm. Sixteen rounds must be
981  *  executed in increasing order to form the correct DES ciphertext or
982  *  plaintext. Intermediate results are stored in the register file (R0-R15)
983  *  after each DES instruction. The instruction's operand (K) determines which
984  *  round is executed, and the half carry flag (H) determines whether encryption
985  *  or decryption is performed.  The DES algorithm is described in
986  *  "Specifications for the Data Encryption Standard" (Federal Information
987  *  Processing Standards Publication 46). Intermediate results in this
988  *  implementation differ from the standard because the initial permutation and
989  *  the inverse initial permutation are performed each iteration. This does not
990  *  affect the result in the final ciphertext or plaintext, but reduces
991  *  execution time.
992  */
993 static bool trans_DES(DisasContext *ctx, arg_DES *a)
994 {
995     /* TODO */
996     if (!avr_have_feature(ctx, AVR_FEATURE_DES)) {
997         return true;
998     }
999 
1000     qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
1001 
1002     return true;
1003 }
1004 
1005 /*
1006  * Branch Instructions
1007  */
1008 static void gen_jmp_ez(DisasContext *ctx)
1009 {
1010     tcg_gen_deposit_tl(cpu_pc, cpu_r[30], cpu_r[31], 8, 8);
1011     tcg_gen_or_tl(cpu_pc, cpu_pc, cpu_eind);
1012     ctx->base.is_jmp = DISAS_LOOKUP;
1013 }
1014 
1015 static void gen_jmp_z(DisasContext *ctx)
1016 {
1017     tcg_gen_deposit_tl(cpu_pc, cpu_r[30], cpu_r[31], 8, 8);
1018     ctx->base.is_jmp = DISAS_LOOKUP;
1019 }
1020 
1021 static void gen_push_ret(DisasContext *ctx, int ret)
1022 {
1023     if (avr_feature(ctx->env, AVR_FEATURE_1_BYTE_PC)) {
1024 
1025         TCGv t0 = tcg_const_i32((ret & 0x0000ff));
1026 
1027         tcg_gen_qemu_st_tl(t0, cpu_sp, MMU_DATA_IDX, MO_UB);
1028         tcg_gen_subi_tl(cpu_sp, cpu_sp, 1);
1029 
1030         tcg_temp_free_i32(t0);
1031     } else if (avr_feature(ctx->env, AVR_FEATURE_2_BYTE_PC)) {
1032 
1033         TCGv t0 = tcg_const_i32((ret & 0x00ffff));
1034 
1035         tcg_gen_subi_tl(cpu_sp, cpu_sp, 1);
1036         tcg_gen_qemu_st_tl(t0, cpu_sp, MMU_DATA_IDX, MO_BEUW);
1037         tcg_gen_subi_tl(cpu_sp, cpu_sp, 1);
1038 
1039         tcg_temp_free_i32(t0);
1040 
1041     } else if (avr_feature(ctx->env, AVR_FEATURE_3_BYTE_PC)) {
1042 
1043         TCGv lo = tcg_const_i32((ret & 0x0000ff));
1044         TCGv hi = tcg_const_i32((ret & 0xffff00) >> 8);
1045 
1046         tcg_gen_qemu_st_tl(lo, cpu_sp, MMU_DATA_IDX, MO_UB);
1047         tcg_gen_subi_tl(cpu_sp, cpu_sp, 2);
1048         tcg_gen_qemu_st_tl(hi, cpu_sp, MMU_DATA_IDX, MO_BEUW);
1049         tcg_gen_subi_tl(cpu_sp, cpu_sp, 1);
1050 
1051         tcg_temp_free_i32(lo);
1052         tcg_temp_free_i32(hi);
1053     }
1054 }
1055 
1056 static void gen_pop_ret(DisasContext *ctx, TCGv ret)
1057 {
1058     if (avr_feature(ctx->env, AVR_FEATURE_1_BYTE_PC)) {
1059         tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
1060         tcg_gen_qemu_ld_tl(ret, cpu_sp, MMU_DATA_IDX, MO_UB);
1061     } else if (avr_feature(ctx->env, AVR_FEATURE_2_BYTE_PC)) {
1062         tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
1063         tcg_gen_qemu_ld_tl(ret, cpu_sp, MMU_DATA_IDX, MO_BEUW);
1064         tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
1065     } else if (avr_feature(ctx->env, AVR_FEATURE_3_BYTE_PC)) {
1066         TCGv lo = tcg_temp_new_i32();
1067         TCGv hi = tcg_temp_new_i32();
1068 
1069         tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
1070         tcg_gen_qemu_ld_tl(hi, cpu_sp, MMU_DATA_IDX, MO_BEUW);
1071 
1072         tcg_gen_addi_tl(cpu_sp, cpu_sp, 2);
1073         tcg_gen_qemu_ld_tl(lo, cpu_sp, MMU_DATA_IDX, MO_UB);
1074 
1075         tcg_gen_deposit_tl(ret, lo, hi, 8, 16);
1076 
1077         tcg_temp_free_i32(lo);
1078         tcg_temp_free_i32(hi);
1079     }
1080 }
1081 
1082 static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
1083 {
1084     const TranslationBlock *tb = ctx->base.tb;
1085 
1086     if (!ctx->base.singlestep_enabled) {
1087         tcg_gen_goto_tb(n);
1088         tcg_gen_movi_i32(cpu_pc, dest);
1089         tcg_gen_exit_tb(tb, n);
1090     } else {
1091         tcg_gen_movi_i32(cpu_pc, dest);
1092         gen_helper_debug(cpu_env);
1093         tcg_gen_exit_tb(NULL, 0);
1094     }
1095     ctx->base.is_jmp = DISAS_NORETURN;
1096 }
1097 
1098 /*
1099  *  Relative jump to an address within PC - 2K +1 and PC + 2K (words). For
1100  *  AVR microcontrollers with Program memory not exceeding 4K words (8KB) this
1101  *  instruction can address the entire memory from every address location. See
1102  *  also JMP.
1103  */
1104 static bool trans_RJMP(DisasContext *ctx, arg_RJMP *a)
1105 {
1106     int dst = ctx->npc + a->imm;
1107 
1108     gen_goto_tb(ctx, 0, dst);
1109 
1110     return true;
1111 }
1112 
1113 /*
1114  *  Indirect jump to the address pointed to by the Z (16 bits) Pointer
1115  *  Register in the Register File. The Z-pointer Register is 16 bits wide and
1116  *  allows jump within the lowest 64K words (128KB) section of Program memory.
1117  *  This instruction is not available in all devices. Refer to the device
1118  *  specific instruction set summary.
1119  */
1120 static bool trans_IJMP(DisasContext *ctx, arg_IJMP *a)
1121 {
1122     if (!avr_have_feature(ctx, AVR_FEATURE_IJMP_ICALL)) {
1123         return true;
1124     }
1125 
1126     gen_jmp_z(ctx);
1127 
1128     return true;
1129 }
1130 
1131 /*
1132  *  Indirect jump to the address pointed to by the Z (16 bits) Pointer
1133  *  Register in the Register File and the EIND Register in the I/O space. This
1134  *  instruction allows for indirect jumps to the entire 4M (words) Program
1135  *  memory space. See also IJMP.  This instruction is not available in all
1136  *  devices. Refer to the device specific instruction set summary.
1137  */
1138 static bool trans_EIJMP(DisasContext *ctx, arg_EIJMP *a)
1139 {
1140     if (!avr_have_feature(ctx, AVR_FEATURE_EIJMP_EICALL)) {
1141         return true;
1142     }
1143 
1144     gen_jmp_ez(ctx);
1145     return true;
1146 }
1147 
1148 /*
1149  *  Jump to an address within the entire 4M (words) Program memory. See also
1150  *  RJMP.  This instruction is not available in all devices. Refer to the device
1151  *  specific instruction set summary.0
1152  */
1153 static bool trans_JMP(DisasContext *ctx, arg_JMP *a)
1154 {
1155     if (!avr_have_feature(ctx, AVR_FEATURE_JMP_CALL)) {
1156         return true;
1157     }
1158 
1159     gen_goto_tb(ctx, 0, a->imm);
1160 
1161     return true;
1162 }
1163 
1164 /*
1165  *  Relative call to an address within PC - 2K + 1 and PC + 2K (words). The
1166  *  return address (the instruction after the RCALL) is stored onto the Stack.
1167  *  See also CALL. For AVR microcontrollers with Program memory not exceeding 4K
1168  *  words (8KB) this instruction can address the entire memory from every
1169  *  address location. The Stack Pointer uses a post-decrement scheme during
1170  *  RCALL.
1171  */
1172 static bool trans_RCALL(DisasContext *ctx, arg_RCALL *a)
1173 {
1174     int ret = ctx->npc;
1175     int dst = ctx->npc + a->imm;
1176 
1177     gen_push_ret(ctx, ret);
1178     gen_goto_tb(ctx, 0, dst);
1179 
1180     return true;
1181 }
1182 
1183 /*
1184  *  Calls to a subroutine within the entire 4M (words) Program memory. The
1185  *  return address (to the instruction after the CALL) will be stored onto the
1186  *  Stack. See also RCALL. The Stack Pointer uses a post-decrement scheme during
1187  *  CALL.  This instruction is not available in all devices. Refer to the device
1188  *  specific instruction set summary.
1189  */
1190 static bool trans_ICALL(DisasContext *ctx, arg_ICALL *a)
1191 {
1192     if (!avr_have_feature(ctx, AVR_FEATURE_IJMP_ICALL)) {
1193         return true;
1194     }
1195 
1196     int ret = ctx->npc;
1197 
1198     gen_push_ret(ctx, ret);
1199     gen_jmp_z(ctx);
1200 
1201     return true;
1202 }
1203 
1204 /*
1205  *  Indirect call of a subroutine pointed to by the Z (16 bits) Pointer
1206  *  Register in the Register File and the EIND Register in the I/O space. This
1207  *  instruction allows for indirect calls to the entire 4M (words) Program
1208  *  memory space. See also ICALL. The Stack Pointer uses a post-decrement scheme
1209  *  during EICALL.  This instruction is not available in all devices. Refer to
1210  *  the device specific instruction set summary.
1211  */
1212 static bool trans_EICALL(DisasContext *ctx, arg_EICALL *a)
1213 {
1214     if (!avr_have_feature(ctx, AVR_FEATURE_EIJMP_EICALL)) {
1215         return true;
1216     }
1217 
1218     int ret = ctx->npc;
1219 
1220     gen_push_ret(ctx, ret);
1221     gen_jmp_ez(ctx);
1222     return true;
1223 }
1224 
1225 /*
1226  *  Calls to a subroutine within the entire Program memory. The return
1227  *  address (to the instruction after the CALL) will be stored onto the Stack.
1228  *  (See also RCALL). The Stack Pointer uses a post-decrement scheme during
1229  *  CALL.  This instruction is not available in all devices. Refer to the device
1230  *  specific instruction set summary.
1231  */
1232 static bool trans_CALL(DisasContext *ctx, arg_CALL *a)
1233 {
1234     if (!avr_have_feature(ctx, AVR_FEATURE_JMP_CALL)) {
1235         return true;
1236     }
1237 
1238     int Imm = a->imm;
1239     int ret = ctx->npc;
1240 
1241     gen_push_ret(ctx, ret);
1242     gen_goto_tb(ctx, 0, Imm);
1243 
1244     return true;
1245 }
1246 
1247 /*
1248  *  Returns from subroutine. The return address is loaded from the STACK.
1249  *  The Stack Pointer uses a preincrement scheme during RET.
1250  */
1251 static bool trans_RET(DisasContext *ctx, arg_RET *a)
1252 {
1253     gen_pop_ret(ctx, cpu_pc);
1254 
1255     ctx->base.is_jmp = DISAS_LOOKUP;
1256     return true;
1257 }
1258 
1259 /*
1260  *  Returns from interrupt. The return address is loaded from the STACK and
1261  *  the Global Interrupt Flag is set.  Note that the Status Register is not
1262  *  automatically stored when entering an interrupt routine, and it is not
1263  *  restored when returning from an interrupt routine. This must be handled by
1264  *  the application program. The Stack Pointer uses a pre-increment scheme
1265  *  during RETI.
1266  */
1267 static bool trans_RETI(DisasContext *ctx, arg_RETI *a)
1268 {
1269     gen_pop_ret(ctx, cpu_pc);
1270     tcg_gen_movi_tl(cpu_If, 1);
1271 
1272     /* Need to return to main loop to re-evaluate interrupts.  */
1273     ctx->base.is_jmp = DISAS_EXIT;
1274     return true;
1275 }
1276 
1277 /*
1278  *  This instruction performs a compare between two registers Rd and Rr, and
1279  *  skips the next instruction if Rd = Rr.
1280  */
1281 static bool trans_CPSE(DisasContext *ctx, arg_CPSE *a)
1282 {
1283     ctx->skip_cond = TCG_COND_EQ;
1284     ctx->skip_var0 = cpu_r[a->rd];
1285     ctx->skip_var1 = cpu_r[a->rr];
1286     return true;
1287 }
1288 
1289 /*
1290  *  This instruction performs a compare between two registers Rd and Rr.
1291  *  None of the registers are changed. All conditional branches can be used
1292  *  after this instruction.
1293  */
1294 static bool trans_CP(DisasContext *ctx, arg_CP *a)
1295 {
1296     TCGv Rd = cpu_r[a->rd];
1297     TCGv Rr = cpu_r[a->rr];
1298     TCGv R = tcg_temp_new_i32();
1299 
1300     tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr */
1301     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
1302 
1303     /* update status register */
1304     gen_sub_CHf(R, Rd, Rr);
1305     gen_sub_Vf(R, Rd, Rr);
1306     gen_ZNSf(R);
1307 
1308     tcg_temp_free_i32(R);
1309 
1310     return true;
1311 }
1312 
1313 /*
1314  *  This instruction performs a compare between two registers Rd and Rr and
1315  *  also takes into account the previous carry. None of the registers are
1316  *  changed. All conditional branches can be used after this instruction.
1317  */
1318 static bool trans_CPC(DisasContext *ctx, arg_CPC *a)
1319 {
1320     TCGv Rd = cpu_r[a->rd];
1321     TCGv Rr = cpu_r[a->rr];
1322     TCGv R = tcg_temp_new_i32();
1323     TCGv zero = tcg_const_i32(0);
1324 
1325     tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr - Cf */
1326     tcg_gen_sub_tl(R, R, cpu_Cf);
1327     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
1328     /* update status register */
1329     gen_sub_CHf(R, Rd, Rr);
1330     gen_sub_Vf(R, Rd, Rr);
1331     gen_NSf(R);
1332 
1333     /*
1334      * Previous value remains unchanged when the result is zero;
1335      * cleared otherwise.
1336      */
1337     tcg_gen_movcond_tl(TCG_COND_EQ, cpu_Zf, R, zero, cpu_Zf, zero);
1338 
1339     tcg_temp_free_i32(zero);
1340     tcg_temp_free_i32(R);
1341 
1342     return true;
1343 }
1344 
1345 /*
1346  *  This instruction performs a compare between register Rd and a constant.
1347  *  The register is not changed. All conditional branches can be used after this
1348  *  instruction.
1349  */
1350 static bool trans_CPI(DisasContext *ctx, arg_CPI *a)
1351 {
1352     TCGv Rd = cpu_r[a->rd];
1353     int Imm = a->imm;
1354     TCGv Rr = tcg_const_i32(Imm);
1355     TCGv R = tcg_temp_new_i32();
1356 
1357     tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr */
1358     tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */
1359 
1360     /* update status register */
1361     gen_sub_CHf(R, Rd, Rr);
1362     gen_sub_Vf(R, Rd, Rr);
1363     gen_ZNSf(R);
1364 
1365     tcg_temp_free_i32(R);
1366     tcg_temp_free_i32(Rr);
1367 
1368     return true;
1369 }
1370 
1371 /*
1372  *  This instruction tests a single bit in a register and skips the next
1373  *  instruction if the bit is cleared.
1374  */
1375 static bool trans_SBRC(DisasContext *ctx, arg_SBRC *a)
1376 {
1377     TCGv Rr = cpu_r[a->rr];
1378 
1379     ctx->skip_cond = TCG_COND_EQ;
1380     ctx->skip_var0 = tcg_temp_new();
1381     ctx->free_skip_var0 = true;
1382 
1383     tcg_gen_andi_tl(ctx->skip_var0, Rr, 1 << a->bit);
1384     return true;
1385 }
1386 
1387 /*
1388  *  This instruction tests a single bit in a register and skips the next
1389  *  instruction if the bit is set.
1390  */
1391 static bool trans_SBRS(DisasContext *ctx, arg_SBRS *a)
1392 {
1393     TCGv Rr = cpu_r[a->rr];
1394 
1395     ctx->skip_cond = TCG_COND_NE;
1396     ctx->skip_var0 = tcg_temp_new();
1397     ctx->free_skip_var0 = true;
1398 
1399     tcg_gen_andi_tl(ctx->skip_var0, Rr, 1 << a->bit);
1400     return true;
1401 }
1402 
1403 /*
1404  *  This instruction tests a single bit in an I/O Register and skips the
1405  *  next instruction if the bit is cleared. This instruction operates on the
1406  *  lower 32 I/O Registers -- addresses 0-31.
1407  */
1408 static bool trans_SBIC(DisasContext *ctx, arg_SBIC *a)
1409 {
1410     TCGv temp = tcg_const_i32(a->reg);
1411 
1412     gen_helper_inb(temp, cpu_env, temp);
1413     tcg_gen_andi_tl(temp, temp, 1 << a->bit);
1414     ctx->skip_cond = TCG_COND_EQ;
1415     ctx->skip_var0 = temp;
1416     ctx->free_skip_var0 = true;
1417 
1418     return true;
1419 }
1420 
1421 /*
1422  *  This instruction tests a single bit in an I/O Register and skips the
1423  *  next instruction if the bit is set. This instruction operates on the lower
1424  *  32 I/O Registers -- addresses 0-31.
1425  */
1426 static bool trans_SBIS(DisasContext *ctx, arg_SBIS *a)
1427 {
1428     TCGv temp = tcg_const_i32(a->reg);
1429 
1430     gen_helper_inb(temp, cpu_env, temp);
1431     tcg_gen_andi_tl(temp, temp, 1 << a->bit);
1432     ctx->skip_cond = TCG_COND_NE;
1433     ctx->skip_var0 = temp;
1434     ctx->free_skip_var0 = true;
1435 
1436     return true;
1437 }
1438 
1439 /*
1440  *  Conditional relative branch. Tests a single bit in SREG and branches
1441  *  relatively to PC if the bit is cleared. This instruction branches relatively
1442  *  to PC in either direction (PC - 63 < = destination <= PC + 64). The
1443  *  parameter k is the offset from PC and is represented in two's complement
1444  *  form.
1445  */
1446 static bool trans_BRBC(DisasContext *ctx, arg_BRBC *a)
1447 {
1448     TCGLabel *not_taken = gen_new_label();
1449 
1450     TCGv var;
1451 
1452     switch (a->bit) {
1453     case 0x00:
1454         var = cpu_Cf;
1455         break;
1456     case 0x01:
1457         var = cpu_Zf;
1458         break;
1459     case 0x02:
1460         var = cpu_Nf;
1461         break;
1462     case 0x03:
1463         var = cpu_Vf;
1464         break;
1465     case 0x04:
1466         var = cpu_Sf;
1467         break;
1468     case 0x05:
1469         var = cpu_Hf;
1470         break;
1471     case 0x06:
1472         var = cpu_Tf;
1473         break;
1474     case 0x07:
1475         var = cpu_If;
1476         break;
1477     default:
1478         g_assert_not_reached();
1479     }
1480 
1481     tcg_gen_brcondi_i32(TCG_COND_NE, var, 0, not_taken);
1482     gen_goto_tb(ctx, 0, ctx->npc + a->imm);
1483     gen_set_label(not_taken);
1484 
1485     ctx->base.is_jmp = DISAS_CHAIN;
1486     return true;
1487 }
1488 
1489 /*
1490  *  Conditional relative branch. Tests a single bit in SREG and branches
1491  *  relatively to PC if the bit is set. This instruction branches relatively to
1492  *  PC in either direction (PC - 63 < = destination <= PC + 64). The parameter k
1493  *  is the offset from PC and is represented in two's complement form.
1494  */
1495 static bool trans_BRBS(DisasContext *ctx, arg_BRBS *a)
1496 {
1497     TCGLabel *not_taken = gen_new_label();
1498 
1499     TCGv var;
1500 
1501     switch (a->bit) {
1502     case 0x00:
1503         var = cpu_Cf;
1504         break;
1505     case 0x01:
1506         var = cpu_Zf;
1507         break;
1508     case 0x02:
1509         var = cpu_Nf;
1510         break;
1511     case 0x03:
1512         var = cpu_Vf;
1513         break;
1514     case 0x04:
1515         var = cpu_Sf;
1516         break;
1517     case 0x05:
1518         var = cpu_Hf;
1519         break;
1520     case 0x06:
1521         var = cpu_Tf;
1522         break;
1523     case 0x07:
1524         var = cpu_If;
1525         break;
1526     default:
1527         g_assert_not_reached();
1528     }
1529 
1530     tcg_gen_brcondi_i32(TCG_COND_EQ, var, 0, not_taken);
1531     gen_goto_tb(ctx, 0, ctx->npc + a->imm);
1532     gen_set_label(not_taken);
1533 
1534     ctx->base.is_jmp = DISAS_CHAIN;
1535     return true;
1536 }
1537 
1538 /*
1539  * Data Transfer Instructions
1540  */
1541 
1542 /*
1543  *  in the gen_set_addr & gen_get_addr functions
1544  *  H assumed to be in 0x00ff0000 format
1545  *  M assumed to be in 0x000000ff format
1546  *  L assumed to be in 0x000000ff format
1547  */
1548 static void gen_set_addr(TCGv addr, TCGv H, TCGv M, TCGv L)
1549 {
1550 
1551     tcg_gen_andi_tl(L, addr, 0x000000ff);
1552 
1553     tcg_gen_andi_tl(M, addr, 0x0000ff00);
1554     tcg_gen_shri_tl(M, M, 8);
1555 
1556     tcg_gen_andi_tl(H, addr, 0x00ff0000);
1557 }
1558 
1559 static void gen_set_xaddr(TCGv addr)
1560 {
1561     gen_set_addr(addr, cpu_rampX, cpu_r[27], cpu_r[26]);
1562 }
1563 
1564 static void gen_set_yaddr(TCGv addr)
1565 {
1566     gen_set_addr(addr, cpu_rampY, cpu_r[29], cpu_r[28]);
1567 }
1568 
1569 static void gen_set_zaddr(TCGv addr)
1570 {
1571     gen_set_addr(addr, cpu_rampZ, cpu_r[31], cpu_r[30]);
1572 }
1573 
1574 static TCGv gen_get_addr(TCGv H, TCGv M, TCGv L)
1575 {
1576     TCGv addr = tcg_temp_new_i32();
1577 
1578     tcg_gen_deposit_tl(addr, M, H, 8, 8);
1579     tcg_gen_deposit_tl(addr, L, addr, 8, 16);
1580 
1581     return addr;
1582 }
1583 
1584 static TCGv gen_get_xaddr(void)
1585 {
1586     return gen_get_addr(cpu_rampX, cpu_r[27], cpu_r[26]);
1587 }
1588 
1589 static TCGv gen_get_yaddr(void)
1590 {
1591     return gen_get_addr(cpu_rampY, cpu_r[29], cpu_r[28]);
1592 }
1593 
1594 static TCGv gen_get_zaddr(void)
1595 {
1596     return gen_get_addr(cpu_rampZ, cpu_r[31], cpu_r[30]);
1597 }
1598 
1599 /*
1600  *  Load one byte indirect from data space to register and stores an clear
1601  *  the bits in data space specified by the register. The instruction can only
1602  *  be used towards internal SRAM.  The data location is pointed to by the Z (16
1603  *  bits) Pointer Register in the Register File. Memory access is limited to the
1604  *  current data segment of 64KB. To access another data segment in devices with
1605  *  more than 64KB data space, the RAMPZ in register in the I/O area has to be
1606  *  changed.  The Z-pointer Register is left unchanged by the operation. This
1607  *  instruction is especially suited for clearing status bits stored in SRAM.
1608  */
1609 static void gen_data_store(DisasContext *ctx, TCGv data, TCGv addr)
1610 {
1611     if (ctx->base.tb->flags & TB_FLAGS_FULL_ACCESS) {
1612         gen_helper_fullwr(cpu_env, data, addr);
1613     } else {
1614         tcg_gen_qemu_st8(data, addr, MMU_DATA_IDX); /* mem[addr] = data */
1615     }
1616 }
1617 
1618 static void gen_data_load(DisasContext *ctx, TCGv data, TCGv addr)
1619 {
1620     if (ctx->base.tb->flags & TB_FLAGS_FULL_ACCESS) {
1621         gen_helper_fullrd(data, cpu_env, addr);
1622     } else {
1623         tcg_gen_qemu_ld8u(data, addr, MMU_DATA_IDX); /* data = mem[addr] */
1624     }
1625 }
1626 
1627 /*
1628  *  This instruction makes a copy of one register into another. The source
1629  *  register Rr is left unchanged, while the destination register Rd is loaded
1630  *  with a copy of Rr.
1631  */
1632 static bool trans_MOV(DisasContext *ctx, arg_MOV *a)
1633 {
1634     TCGv Rd = cpu_r[a->rd];
1635     TCGv Rr = cpu_r[a->rr];
1636 
1637     tcg_gen_mov_tl(Rd, Rr);
1638 
1639     return true;
1640 }
1641 
1642 /*
1643  *  This instruction makes a copy of one register pair into another register
1644  *  pair. The source register pair Rr+1:Rr is left unchanged, while the
1645  *  destination register pair Rd+1:Rd is loaded with a copy of Rr + 1:Rr.  This
1646  *  instruction is not available in all devices. Refer to the device specific
1647  *  instruction set summary.
1648  */
1649 static bool trans_MOVW(DisasContext *ctx, arg_MOVW *a)
1650 {
1651     if (!avr_have_feature(ctx, AVR_FEATURE_MOVW)) {
1652         return true;
1653     }
1654 
1655     TCGv RdL = cpu_r[a->rd];
1656     TCGv RdH = cpu_r[a->rd + 1];
1657     TCGv RrL = cpu_r[a->rr];
1658     TCGv RrH = cpu_r[a->rr + 1];
1659 
1660     tcg_gen_mov_tl(RdH, RrH);
1661     tcg_gen_mov_tl(RdL, RrL);
1662 
1663     return true;
1664 }
1665 
1666 /*
1667  * Loads an 8 bit constant directly to register 16 to 31.
1668  */
1669 static bool trans_LDI(DisasContext *ctx, arg_LDI *a)
1670 {
1671     TCGv Rd = cpu_r[a->rd];
1672     int imm = a->imm;
1673 
1674     tcg_gen_movi_tl(Rd, imm);
1675 
1676     return true;
1677 }
1678 
1679 /*
1680  *  Loads one byte from the data space to a register. For parts with SRAM,
1681  *  the data space consists of the Register File, I/O memory and internal SRAM
1682  *  (and external SRAM if applicable). For parts without SRAM, the data space
1683  *  consists of the register file only. The EEPROM has a separate address space.
1684  *  A 16-bit address must be supplied. Memory access is limited to the current
1685  *  data segment of 64KB. The LDS instruction uses the RAMPD Register to access
1686  *  memory above 64KB. To access another data segment in devices with more than
1687  *  64KB data space, the RAMPD in register in the I/O area has to be changed.
1688  *  This instruction is not available in all devices. Refer to the device
1689  *  specific instruction set summary.
1690  */
1691 static bool trans_LDS(DisasContext *ctx, arg_LDS *a)
1692 {
1693     TCGv Rd = cpu_r[a->rd];
1694     TCGv addr = tcg_temp_new_i32();
1695     TCGv H = cpu_rampD;
1696     a->imm = next_word(ctx);
1697 
1698     tcg_gen_mov_tl(addr, H); /* addr = H:M:L */
1699     tcg_gen_shli_tl(addr, addr, 16);
1700     tcg_gen_ori_tl(addr, addr, a->imm);
1701 
1702     gen_data_load(ctx, Rd, addr);
1703 
1704     tcg_temp_free_i32(addr);
1705 
1706     return true;
1707 }
1708 
1709 /*
1710  *  Loads one byte indirect from the data space to a register. For parts
1711  *  with SRAM, the data space consists of the Register File, I/O memory and
1712  *  internal SRAM (and external SRAM if applicable). For parts without SRAM, the
1713  *  data space consists of the Register File only. In some parts the Flash
1714  *  Memory has been mapped to the data space and can be read using this command.
1715  *  The EEPROM has a separate address space.  The data location is pointed to by
1716  *  the X (16 bits) Pointer Register in the Register File. Memory access is
1717  *  limited to the current data segment of 64KB. To access another data segment
1718  *  in devices with more than 64KB data space, the RAMPX in register in the I/O
1719  *  area has to be changed.  The X-pointer Register can either be left unchanged
1720  *  by the operation, or it can be post-incremented or predecremented.  These
1721  *  features are especially suited for accessing arrays, tables, and Stack
1722  *  Pointer usage of the X-pointer Register. Note that only the low byte of the
1723  *  X-pointer is updated in devices with no more than 256 bytes data space. For
1724  *  such devices, the high byte of the pointer is not used by this instruction
1725  *  and can be used for other purposes. The RAMPX Register in the I/O area is
1726  *  updated in parts with more than 64KB data space or more than 64KB Program
1727  *  memory, and the increment/decrement is added to the entire 24-bit address on
1728  *  such devices.  Not all variants of this instruction is available in all
1729  *  devices. Refer to the device specific instruction set summary.  In the
1730  *  Reduced Core tinyAVR the LD instruction can be used to achieve the same
1731  *  operation as LPM since the program memory is mapped to the data memory
1732  *  space.
1733  */
1734 static bool trans_LDX1(DisasContext *ctx, arg_LDX1 *a)
1735 {
1736     TCGv Rd = cpu_r[a->rd];
1737     TCGv addr = gen_get_xaddr();
1738 
1739     gen_data_load(ctx, Rd, addr);
1740 
1741     tcg_temp_free_i32(addr);
1742 
1743     return true;
1744 }
1745 
1746 static bool trans_LDX2(DisasContext *ctx, arg_LDX2 *a)
1747 {
1748     TCGv Rd = cpu_r[a->rd];
1749     TCGv addr = gen_get_xaddr();
1750 
1751     gen_data_load(ctx, Rd, addr);
1752     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
1753 
1754     gen_set_xaddr(addr);
1755 
1756     tcg_temp_free_i32(addr);
1757 
1758     return true;
1759 }
1760 
1761 static bool trans_LDX3(DisasContext *ctx, arg_LDX3 *a)
1762 {
1763     TCGv Rd = cpu_r[a->rd];
1764     TCGv addr = gen_get_xaddr();
1765 
1766     tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */
1767     gen_data_load(ctx, Rd, addr);
1768     gen_set_xaddr(addr);
1769 
1770     tcg_temp_free_i32(addr);
1771 
1772     return true;
1773 }
1774 
1775 /*
1776  *  Loads one byte indirect with or without displacement from the data space
1777  *  to a register. For parts with SRAM, the data space consists of the Register
1778  *  File, I/O memory and internal SRAM (and external SRAM if applicable). For
1779  *  parts without SRAM, the data space consists of the Register File only. In
1780  *  some parts the Flash Memory has been mapped to the data space and can be
1781  *  read using this command. The EEPROM has a separate address space.  The data
1782  *  location is pointed to by the Y (16 bits) Pointer Register in the Register
1783  *  File. Memory access is limited to the current data segment of 64KB. To
1784  *  access another data segment in devices with more than 64KB data space, the
1785  *  RAMPY in register in the I/O area has to be changed.  The Y-pointer Register
1786  *  can either be left unchanged by the operation, or it can be post-incremented
1787  *  or predecremented.  These features are especially suited for accessing
1788  *  arrays, tables, and Stack Pointer usage of the Y-pointer Register. Note that
1789  *  only the low byte of the Y-pointer is updated in devices with no more than
1790  *  256 bytes data space. For such devices, the high byte of the pointer is not
1791  *  used by this instruction and can be used for other purposes. The RAMPY
1792  *  Register in the I/O area is updated in parts with more than 64KB data space
1793  *  or more than 64KB Program memory, and the increment/decrement/displacement
1794  *  is added to the entire 24-bit address on such devices.  Not all variants of
1795  *  this instruction is available in all devices. Refer to the device specific
1796  *  instruction set summary.  In the Reduced Core tinyAVR the LD instruction can
1797  *  be used to achieve the same operation as LPM since the program memory is
1798  *  mapped to the data memory space.
1799  */
1800 static bool trans_LDY2(DisasContext *ctx, arg_LDY2 *a)
1801 {
1802     TCGv Rd = cpu_r[a->rd];
1803     TCGv addr = gen_get_yaddr();
1804 
1805     gen_data_load(ctx, Rd, addr);
1806     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
1807 
1808     gen_set_yaddr(addr);
1809 
1810     tcg_temp_free_i32(addr);
1811 
1812     return true;
1813 }
1814 
1815 static bool trans_LDY3(DisasContext *ctx, arg_LDY3 *a)
1816 {
1817     TCGv Rd = cpu_r[a->rd];
1818     TCGv addr = gen_get_yaddr();
1819 
1820     tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */
1821     gen_data_load(ctx, Rd, addr);
1822     gen_set_yaddr(addr);
1823 
1824     tcg_temp_free_i32(addr);
1825 
1826     return true;
1827 }
1828 
1829 static bool trans_LDDY(DisasContext *ctx, arg_LDDY *a)
1830 {
1831     TCGv Rd = cpu_r[a->rd];
1832     TCGv addr = gen_get_yaddr();
1833 
1834     tcg_gen_addi_tl(addr, addr, a->imm); /* addr = addr + q */
1835     gen_data_load(ctx, Rd, addr);
1836 
1837     tcg_temp_free_i32(addr);
1838 
1839     return true;
1840 }
1841 
1842 /*
1843  *  Loads one byte indirect with or without displacement from the data space
1844  *  to a register. For parts with SRAM, the data space consists of the Register
1845  *  File, I/O memory and internal SRAM (and external SRAM if applicable). For
1846  *  parts without SRAM, the data space consists of the Register File only. In
1847  *  some parts the Flash Memory has been mapped to the data space and can be
1848  *  read using this command. The EEPROM has a separate address space.  The data
1849  *  location is pointed to by the Z (16 bits) Pointer Register in the Register
1850  *  File. Memory access is limited to the current data segment of 64KB. To
1851  *  access another data segment in devices with more than 64KB data space, the
1852  *  RAMPZ in register in the I/O area has to be changed.  The Z-pointer Register
1853  *  can either be left unchanged by the operation, or it can be post-incremented
1854  *  or predecremented.  These features are especially suited for Stack Pointer
1855  *  usage of the Z-pointer Register, however because the Z-pointer Register can
1856  *  be used for indirect subroutine calls, indirect jumps and table lookup, it
1857  *  is often more convenient to use the X or Y-pointer as a dedicated Stack
1858  *  Pointer. Note that only the low byte of the Z-pointer is updated in devices
1859  *  with no more than 256 bytes data space. For such devices, the high byte of
1860  *  the pointer is not used by this instruction and can be used for other
1861  *  purposes. The RAMPZ Register in the I/O area is updated in parts with more
1862  *  than 64KB data space or more than 64KB Program memory, and the
1863  *  increment/decrement/displacement is added to the entire 24-bit address on
1864  *  such devices.  Not all variants of this instruction is available in all
1865  *  devices. Refer to the device specific instruction set summary.  In the
1866  *  Reduced Core tinyAVR the LD instruction can be used to achieve the same
1867  *  operation as LPM since the program memory is mapped to the data memory
1868  *  space.  For using the Z-pointer for table lookup in Program memory see the
1869  *  LPM and ELPM instructions.
1870  */
1871 static bool trans_LDZ2(DisasContext *ctx, arg_LDZ2 *a)
1872 {
1873     TCGv Rd = cpu_r[a->rd];
1874     TCGv addr = gen_get_zaddr();
1875 
1876     gen_data_load(ctx, Rd, addr);
1877     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
1878 
1879     gen_set_zaddr(addr);
1880 
1881     tcg_temp_free_i32(addr);
1882 
1883     return true;
1884 }
1885 
1886 static bool trans_LDZ3(DisasContext *ctx, arg_LDZ3 *a)
1887 {
1888     TCGv Rd = cpu_r[a->rd];
1889     TCGv addr = gen_get_zaddr();
1890 
1891     tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */
1892     gen_data_load(ctx, Rd, addr);
1893 
1894     gen_set_zaddr(addr);
1895 
1896     tcg_temp_free_i32(addr);
1897 
1898     return true;
1899 }
1900 
1901 static bool trans_LDDZ(DisasContext *ctx, arg_LDDZ *a)
1902 {
1903     TCGv Rd = cpu_r[a->rd];
1904     TCGv addr = gen_get_zaddr();
1905 
1906     tcg_gen_addi_tl(addr, addr, a->imm); /* addr = addr + q */
1907     gen_data_load(ctx, Rd, addr);
1908 
1909     tcg_temp_free_i32(addr);
1910 
1911     return true;
1912 }
1913 
1914 /*
1915  *  Stores one byte from a Register to the data space. For parts with SRAM,
1916  *  the data space consists of the Register File, I/O memory and internal SRAM
1917  *  (and external SRAM if applicable). For parts without SRAM, the data space
1918  *  consists of the Register File only. The EEPROM has a separate address space.
1919  *  A 16-bit address must be supplied. Memory access is limited to the current
1920  *  data segment of 64KB. The STS instruction uses the RAMPD Register to access
1921  *  memory above 64KB. To access another data segment in devices with more than
1922  *  64KB data space, the RAMPD in register in the I/O area has to be changed.
1923  *  This instruction is not available in all devices. Refer to the device
1924  *  specific instruction set summary.
1925  */
1926 static bool trans_STS(DisasContext *ctx, arg_STS *a)
1927 {
1928     TCGv Rd = cpu_r[a->rd];
1929     TCGv addr = tcg_temp_new_i32();
1930     TCGv H = cpu_rampD;
1931     a->imm = next_word(ctx);
1932 
1933     tcg_gen_mov_tl(addr, H); /* addr = H:M:L */
1934     tcg_gen_shli_tl(addr, addr, 16);
1935     tcg_gen_ori_tl(addr, addr, a->imm);
1936     gen_data_store(ctx, Rd, addr);
1937 
1938     tcg_temp_free_i32(addr);
1939 
1940     return true;
1941 }
1942 
1943 /*
1944  * Stores one byte indirect from a register to data space. For parts with SRAM,
1945  * the data space consists of the Register File, I/O memory, and internal SRAM
1946  * (and external SRAM if applicable). For parts without SRAM, the data space
1947  * consists of the Register File only. The EEPROM has a separate address space.
1948  *
1949  * The data location is pointed to by the X (16 bits) Pointer Register in the
1950  * Register File. Memory access is limited to the current data segment of 64KB.
1951  * To access another data segment in devices with more than 64KB data space, the
1952  * RAMPX in register in the I/O area has to be changed.
1953  *
1954  * The X-pointer Register can either be left unchanged by the operation, or it
1955  * can be post-incremented or pre-decremented. These features are especially
1956  * suited for accessing arrays, tables, and Stack Pointer usage of the
1957  * X-pointer Register. Note that only the low byte of the X-pointer is updated
1958  * in devices with no more than 256 bytes data space. For such devices, the high
1959  * byte of the pointer is not used by this instruction and can be used for other
1960  * purposes. The RAMPX Register in the I/O area is updated in parts with more
1961  * than 64KB data space or more than 64KB Program memory, and the increment /
1962  * decrement is added to the entire 24-bit address on such devices.
1963  */
1964 static bool trans_STX1(DisasContext *ctx, arg_STX1 *a)
1965 {
1966     TCGv Rd = cpu_r[a->rr];
1967     TCGv addr = gen_get_xaddr();
1968 
1969     gen_data_store(ctx, Rd, addr);
1970 
1971     tcg_temp_free_i32(addr);
1972 
1973     return true;
1974 }
1975 
1976 static bool trans_STX2(DisasContext *ctx, arg_STX2 *a)
1977 {
1978     TCGv Rd = cpu_r[a->rr];
1979     TCGv addr = gen_get_xaddr();
1980 
1981     gen_data_store(ctx, Rd, addr);
1982     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
1983     gen_set_xaddr(addr);
1984 
1985     tcg_temp_free_i32(addr);
1986 
1987     return true;
1988 }
1989 
1990 static bool trans_STX3(DisasContext *ctx, arg_STX3 *a)
1991 {
1992     TCGv Rd = cpu_r[a->rr];
1993     TCGv addr = gen_get_xaddr();
1994 
1995     tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */
1996     gen_data_store(ctx, Rd, addr);
1997     gen_set_xaddr(addr);
1998 
1999     tcg_temp_free_i32(addr);
2000 
2001     return true;
2002 }
2003 
2004 /*
2005  * Stores one byte indirect with or without displacement from a register to data
2006  * space. For parts with SRAM, the data space consists of the Register File, I/O
2007  * memory, and internal SRAM (and external SRAM if applicable). For parts
2008  * without SRAM, the data space consists of the Register File only. The EEPROM
2009  * has a separate address space.
2010  *
2011  * The data location is pointed to by the Y (16 bits) Pointer Register in the
2012  * Register File. Memory access is limited to the current data segment of 64KB.
2013  * To access another data segment in devices with more than 64KB data space, the
2014  * RAMPY in register in the I/O area has to be changed.
2015  *
2016  * The Y-pointer Register can either be left unchanged by the operation, or it
2017  * can be post-incremented or pre-decremented. These features are especially
2018  * suited for accessing arrays, tables, and Stack Pointer usage of the Y-pointer
2019  * Register. Note that only the low byte of the Y-pointer is updated in devices
2020  * with no more than 256 bytes data space. For such devices, the high byte of
2021  * the pointer is not used by this instruction and can be used for other
2022  * purposes. The RAMPY Register in the I/O area is updated in parts with more
2023  * than 64KB data space or more than 64KB Program memory, and the increment /
2024  * decrement / displacement is added to the entire 24-bit address on such
2025  * devices.
2026  */
2027 static bool trans_STY2(DisasContext *ctx, arg_STY2 *a)
2028 {
2029     TCGv Rd = cpu_r[a->rd];
2030     TCGv addr = gen_get_yaddr();
2031 
2032     gen_data_store(ctx, Rd, addr);
2033     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
2034     gen_set_yaddr(addr);
2035 
2036     tcg_temp_free_i32(addr);
2037 
2038     return true;
2039 }
2040 
2041 static bool trans_STY3(DisasContext *ctx, arg_STY3 *a)
2042 {
2043     TCGv Rd = cpu_r[a->rd];
2044     TCGv addr = gen_get_yaddr();
2045 
2046     tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */
2047     gen_data_store(ctx, Rd, addr);
2048     gen_set_yaddr(addr);
2049 
2050     tcg_temp_free_i32(addr);
2051 
2052     return true;
2053 }
2054 
2055 static bool trans_STDY(DisasContext *ctx, arg_STDY *a)
2056 {
2057     TCGv Rd = cpu_r[a->rd];
2058     TCGv addr = gen_get_yaddr();
2059 
2060     tcg_gen_addi_tl(addr, addr, a->imm); /* addr = addr + q */
2061     gen_data_store(ctx, Rd, addr);
2062 
2063     tcg_temp_free_i32(addr);
2064 
2065     return true;
2066 }
2067 
2068 /*
2069  * Stores one byte indirect with or without displacement from a register to data
2070  * space. For parts with SRAM, the data space consists of the Register File, I/O
2071  * memory, and internal SRAM (and external SRAM if applicable). For parts
2072  * without SRAM, the data space consists of the Register File only. The EEPROM
2073  * has a separate address space.
2074  *
2075  * The data location is pointed to by the Y (16 bits) Pointer Register in the
2076  * Register File. Memory access is limited to the current data segment of 64KB.
2077  * To access another data segment in devices with more than 64KB data space, the
2078  * RAMPY in register in the I/O area has to be changed.
2079  *
2080  * The Y-pointer Register can either be left unchanged by the operation, or it
2081  * can be post-incremented or pre-decremented. These features are especially
2082  * suited for accessing arrays, tables, and Stack Pointer usage of the Y-pointer
2083  * Register. Note that only the low byte of the Y-pointer is updated in devices
2084  * with no more than 256 bytes data space. For such devices, the high byte of
2085  * the pointer is not used by this instruction and can be used for other
2086  * purposes. The RAMPY Register in the I/O area is updated in parts with more
2087  * than 64KB data space or more than 64KB Program memory, and the increment /
2088  * decrement / displacement is added to the entire 24-bit address on such
2089  * devices.
2090  */
2091 static bool trans_STZ2(DisasContext *ctx, arg_STZ2 *a)
2092 {
2093     TCGv Rd = cpu_r[a->rd];
2094     TCGv addr = gen_get_zaddr();
2095 
2096     gen_data_store(ctx, Rd, addr);
2097     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
2098 
2099     gen_set_zaddr(addr);
2100 
2101     tcg_temp_free_i32(addr);
2102 
2103     return true;
2104 }
2105 
2106 static bool trans_STZ3(DisasContext *ctx, arg_STZ3 *a)
2107 {
2108     TCGv Rd = cpu_r[a->rd];
2109     TCGv addr = gen_get_zaddr();
2110 
2111     tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */
2112     gen_data_store(ctx, Rd, addr);
2113 
2114     gen_set_zaddr(addr);
2115 
2116     tcg_temp_free_i32(addr);
2117 
2118     return true;
2119 }
2120 
2121 static bool trans_STDZ(DisasContext *ctx, arg_STDZ *a)
2122 {
2123     TCGv Rd = cpu_r[a->rd];
2124     TCGv addr = gen_get_zaddr();
2125 
2126     tcg_gen_addi_tl(addr, addr, a->imm); /* addr = addr + q */
2127     gen_data_store(ctx, Rd, addr);
2128 
2129     tcg_temp_free_i32(addr);
2130 
2131     return true;
2132 }
2133 
2134 /*
2135  *  Loads one byte pointed to by the Z-register into the destination
2136  *  register Rd. This instruction features a 100% space effective constant
2137  *  initialization or constant data fetch. The Program memory is organized in
2138  *  16-bit words while the Z-pointer is a byte address. Thus, the least
2139  *  significant bit of the Z-pointer selects either low byte (ZLSB = 0) or high
2140  *  byte (ZLSB = 1). This instruction can address the first 64KB (32K words) of
2141  *  Program memory. The Zpointer Register can either be left unchanged by the
2142  *  operation, or it can be incremented. The incrementation does not apply to
2143  *  the RAMPZ Register.
2144  *
2145  *  Devices with Self-Programming capability can use the LPM instruction to read
2146  *  the Fuse and Lock bit values.
2147  */
2148 static bool trans_LPM1(DisasContext *ctx, arg_LPM1 *a)
2149 {
2150     if (!avr_have_feature(ctx, AVR_FEATURE_LPM)) {
2151         return true;
2152     }
2153 
2154     TCGv Rd = cpu_r[0];
2155     TCGv addr = tcg_temp_new_i32();
2156     TCGv H = cpu_r[31];
2157     TCGv L = cpu_r[30];
2158 
2159     tcg_gen_shli_tl(addr, H, 8); /* addr = H:L */
2160     tcg_gen_or_tl(addr, addr, L);
2161     tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
2162 
2163     tcg_temp_free_i32(addr);
2164 
2165     return true;
2166 }
2167 
2168 static bool trans_LPM2(DisasContext *ctx, arg_LPM2 *a)
2169 {
2170     if (!avr_have_feature(ctx, AVR_FEATURE_LPM)) {
2171         return true;
2172     }
2173 
2174     TCGv Rd = cpu_r[a->rd];
2175     TCGv addr = tcg_temp_new_i32();
2176     TCGv H = cpu_r[31];
2177     TCGv L = cpu_r[30];
2178 
2179     tcg_gen_shli_tl(addr, H, 8); /* addr = H:L */
2180     tcg_gen_or_tl(addr, addr, L);
2181     tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
2182 
2183     tcg_temp_free_i32(addr);
2184 
2185     return true;
2186 }
2187 
2188 static bool trans_LPMX(DisasContext *ctx, arg_LPMX *a)
2189 {
2190     if (!avr_have_feature(ctx, AVR_FEATURE_LPMX)) {
2191         return true;
2192     }
2193 
2194     TCGv Rd = cpu_r[a->rd];
2195     TCGv addr = tcg_temp_new_i32();
2196     TCGv H = cpu_r[31];
2197     TCGv L = cpu_r[30];
2198 
2199     tcg_gen_shli_tl(addr, H, 8); /* addr = H:L */
2200     tcg_gen_or_tl(addr, addr, L);
2201     tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
2202     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
2203     tcg_gen_andi_tl(L, addr, 0xff);
2204     tcg_gen_shri_tl(addr, addr, 8);
2205     tcg_gen_andi_tl(H, addr, 0xff);
2206 
2207     tcg_temp_free_i32(addr);
2208 
2209     return true;
2210 }
2211 
2212 /*
2213  *  Loads one byte pointed to by the Z-register and the RAMPZ Register in
2214  *  the I/O space, and places this byte in the destination register Rd. This
2215  *  instruction features a 100% space effective constant initialization or
2216  *  constant data fetch. The Program memory is organized in 16-bit words while
2217  *  the Z-pointer is a byte address. Thus, the least significant bit of the
2218  *  Z-pointer selects either low byte (ZLSB = 0) or high byte (ZLSB = 1). This
2219  *  instruction can address the entire Program memory space. The Z-pointer
2220  *  Register can either be left unchanged by the operation, or it can be
2221  *  incremented. The incrementation applies to the entire 24-bit concatenation
2222  *  of the RAMPZ and Z-pointer Registers.
2223  *
2224  *  Devices with Self-Programming capability can use the ELPM instruction to
2225  *  read the Fuse and Lock bit value.
2226  */
2227 static bool trans_ELPM1(DisasContext *ctx, arg_ELPM1 *a)
2228 {
2229     if (!avr_have_feature(ctx, AVR_FEATURE_ELPM)) {
2230         return true;
2231     }
2232 
2233     TCGv Rd = cpu_r[0];
2234     TCGv addr = gen_get_zaddr();
2235 
2236     tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
2237 
2238     tcg_temp_free_i32(addr);
2239 
2240     return true;
2241 }
2242 
2243 static bool trans_ELPM2(DisasContext *ctx, arg_ELPM2 *a)
2244 {
2245     if (!avr_have_feature(ctx, AVR_FEATURE_ELPM)) {
2246         return true;
2247     }
2248 
2249     TCGv Rd = cpu_r[a->rd];
2250     TCGv addr = gen_get_zaddr();
2251 
2252     tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
2253 
2254     tcg_temp_free_i32(addr);
2255 
2256     return true;
2257 }
2258 
2259 static bool trans_ELPMX(DisasContext *ctx, arg_ELPMX *a)
2260 {
2261     if (!avr_have_feature(ctx, AVR_FEATURE_ELPMX)) {
2262         return true;
2263     }
2264 
2265     TCGv Rd = cpu_r[a->rd];
2266     TCGv addr = gen_get_zaddr();
2267 
2268     tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */
2269     tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */
2270     gen_set_zaddr(addr);
2271 
2272     tcg_temp_free_i32(addr);
2273 
2274     return true;
2275 }
2276 
2277 /*
2278  *  SPM can be used to erase a page in the Program memory, to write a page
2279  *  in the Program memory (that is already erased), and to set Boot Loader Lock
2280  *  bits. In some devices, the Program memory can be written one word at a time,
2281  *  in other devices an entire page can be programmed simultaneously after first
2282  *  filling a temporary page buffer. In all cases, the Program memory must be
2283  *  erased one page at a time. When erasing the Program memory, the RAMPZ and
2284  *  Z-register are used as page address. When writing the Program memory, the
2285  *  RAMPZ and Z-register are used as page or word address, and the R1:R0
2286  *  register pair is used as data(1). When setting the Boot Loader Lock bits,
2287  *  the R1:R0 register pair is used as data. Refer to the device documentation
2288  *  for detailed description of SPM usage. This instruction can address the
2289  *  entire Program memory.
2290  *
2291  *  The SPM instruction is not available in all devices. Refer to the device
2292  *  specific instruction set summary.
2293  *
2294  *  Note: 1. R1 determines the instruction high byte, and R0 determines the
2295  *  instruction low byte.
2296  */
2297 static bool trans_SPM(DisasContext *ctx, arg_SPM *a)
2298 {
2299     /* TODO */
2300     if (!avr_have_feature(ctx, AVR_FEATURE_SPM)) {
2301         return true;
2302     }
2303 
2304     return true;
2305 }
2306 
2307 static bool trans_SPMX(DisasContext *ctx, arg_SPMX *a)
2308 {
2309     /* TODO */
2310     if (!avr_have_feature(ctx, AVR_FEATURE_SPMX)) {
2311         return true;
2312     }
2313 
2314     return true;
2315 }
2316 
2317 /*
2318  *  Loads data from the I/O Space (Ports, Timers, Configuration Registers,
2319  *  etc.) into register Rd in the Register File.
2320  */
2321 static bool trans_IN(DisasContext *ctx, arg_IN *a)
2322 {
2323     TCGv Rd = cpu_r[a->rd];
2324     TCGv port = tcg_const_i32(a->imm);
2325 
2326     gen_helper_inb(Rd, cpu_env, port);
2327 
2328     tcg_temp_free_i32(port);
2329 
2330     return true;
2331 }
2332 
2333 /*
2334  *  Stores data from register Rr in the Register File to I/O Space (Ports,
2335  *  Timers, Configuration Registers, etc.).
2336  */
2337 static bool trans_OUT(DisasContext *ctx, arg_OUT *a)
2338 {
2339     TCGv Rd = cpu_r[a->rd];
2340     TCGv port = tcg_const_i32(a->imm);
2341 
2342     gen_helper_outb(cpu_env, port, Rd);
2343 
2344     tcg_temp_free_i32(port);
2345 
2346     return true;
2347 }
2348 
2349 /*
2350  *  This instruction stores the contents of register Rr on the STACK. The
2351  *  Stack Pointer is post-decremented by 1 after the PUSH.  This instruction is
2352  *  not available in all devices. Refer to the device specific instruction set
2353  *  summary.
2354  */
2355 static bool trans_PUSH(DisasContext *ctx, arg_PUSH *a)
2356 {
2357     TCGv Rd = cpu_r[a->rd];
2358 
2359     gen_data_store(ctx, Rd, cpu_sp);
2360     tcg_gen_subi_tl(cpu_sp, cpu_sp, 1);
2361 
2362     return true;
2363 }
2364 
2365 /*
2366  *  This instruction loads register Rd with a byte from the STACK. The Stack
2367  *  Pointer is pre-incremented by 1 before the POP.  This instruction is not
2368  *  available in all devices. Refer to the device specific instruction set
2369  *  summary.
2370  */
2371 static bool trans_POP(DisasContext *ctx, arg_POP *a)
2372 {
2373     /*
2374      * Using a temp to work around some strange behaviour:
2375      * tcg_gen_addi_tl(cpu_sp, cpu_sp, 1);
2376      * gen_data_load(ctx, Rd, cpu_sp);
2377      * seems to cause the add to happen twice.
2378      * This doesn't happen if either the add or the load is removed.
2379      */
2380     TCGv t1 = tcg_temp_new_i32();
2381     TCGv Rd = cpu_r[a->rd];
2382 
2383     tcg_gen_addi_tl(t1, cpu_sp, 1);
2384     gen_data_load(ctx, Rd, t1);
2385     tcg_gen_mov_tl(cpu_sp, t1);
2386 
2387     return true;
2388 }
2389 
2390 /*
2391  *  Exchanges one byte indirect between register and data space.  The data
2392  *  location is pointed to by the Z (16 bits) Pointer Register in the Register
2393  *  File. Memory access is limited to the current data segment of 64KB. To
2394  *  access another data segment in devices with more than 64KB data space, the
2395  *  RAMPZ in register in the I/O area has to be changed.
2396  *
2397  *  The Z-pointer Register is left unchanged by the operation. This instruction
2398  *  is especially suited for writing/reading status bits stored in SRAM.
2399  */
2400 static bool trans_XCH(DisasContext *ctx, arg_XCH *a)
2401 {
2402     if (!avr_have_feature(ctx, AVR_FEATURE_RMW)) {
2403         return true;
2404     }
2405 
2406     TCGv Rd = cpu_r[a->rd];
2407     TCGv t0 = tcg_temp_new_i32();
2408     TCGv addr = gen_get_zaddr();
2409 
2410     gen_data_load(ctx, t0, addr);
2411     gen_data_store(ctx, Rd, addr);
2412     tcg_gen_mov_tl(Rd, t0);
2413 
2414     tcg_temp_free_i32(t0);
2415     tcg_temp_free_i32(addr);
2416 
2417     return true;
2418 }
2419 
2420 /*
2421  *  Load one byte indirect from data space to register and set bits in data
2422  *  space specified by the register. The instruction can only be used towards
2423  *  internal SRAM.  The data location is pointed to by the Z (16 bits) Pointer
2424  *  Register in the Register File. Memory access is limited to the current data
2425  *  segment of 64KB. To access another data segment in devices with more than
2426  *  64KB data space, the RAMPZ in register in the I/O area has to be changed.
2427  *
2428  *  The Z-pointer Register is left unchanged by the operation. This instruction
2429  *  is especially suited for setting status bits stored in SRAM.
2430  */
2431 static bool trans_LAS(DisasContext *ctx, arg_LAS *a)
2432 {
2433     if (!avr_have_feature(ctx, AVR_FEATURE_RMW)) {
2434         return true;
2435     }
2436 
2437     TCGv Rr = cpu_r[a->rd];
2438     TCGv addr = gen_get_zaddr();
2439     TCGv t0 = tcg_temp_new_i32();
2440     TCGv t1 = tcg_temp_new_i32();
2441 
2442     gen_data_load(ctx, t0, addr); /* t0 = mem[addr] */
2443     tcg_gen_or_tl(t1, t0, Rr);
2444     tcg_gen_mov_tl(Rr, t0); /* Rr = t0 */
2445     gen_data_store(ctx, t1, addr); /* mem[addr] = t1 */
2446 
2447     tcg_temp_free_i32(t1);
2448     tcg_temp_free_i32(t0);
2449     tcg_temp_free_i32(addr);
2450 
2451     return true;
2452 }
2453 
2454 /*
2455  *  Load one byte indirect from data space to register and stores and clear
2456  *  the bits in data space specified by the register. The instruction can
2457  *  only be used towards internal SRAM.  The data location is pointed to by
2458  *  the Z (16 bits) Pointer Register in the Register File. Memory access is
2459  *  limited to the current data segment of 64KB. To access another data
2460  *  segment in devices with more than 64KB data space, the RAMPZ in register
2461  *  in the I/O area has to be changed.
2462  *
2463  *  The Z-pointer Register is left unchanged by the operation. This instruction
2464  *  is especially suited for clearing status bits stored in SRAM.
2465  */
2466 static bool trans_LAC(DisasContext *ctx, arg_LAC *a)
2467 {
2468     if (!avr_have_feature(ctx, AVR_FEATURE_RMW)) {
2469         return true;
2470     }
2471 
2472     TCGv Rr = cpu_r[a->rd];
2473     TCGv addr = gen_get_zaddr();
2474     TCGv t0 = tcg_temp_new_i32();
2475     TCGv t1 = tcg_temp_new_i32();
2476 
2477     gen_data_load(ctx, t0, addr); /* t0 = mem[addr] */
2478     tcg_gen_andc_tl(t1, t0, Rr); /* t1 = t0 & (0xff - Rr) = t0 & ~Rr */
2479     tcg_gen_mov_tl(Rr, t0); /* Rr = t0 */
2480     gen_data_store(ctx, t1, addr); /* mem[addr] = t1 */
2481 
2482     tcg_temp_free_i32(t1);
2483     tcg_temp_free_i32(t0);
2484     tcg_temp_free_i32(addr);
2485 
2486     return true;
2487 }
2488 
2489 
2490 /*
2491  *  Load one byte indirect from data space to register and toggles bits in
2492  *  the data space specified by the register.  The instruction can only be used
2493  *  towards SRAM.  The data location is pointed to by the Z (16 bits) Pointer
2494  *  Register in the Register File. Memory access is limited to the current data
2495  *  segment of 64KB. To access another data segment in devices with more than
2496  *  64KB data space, the RAMPZ in register in the I/O area has to be changed.
2497  *
2498  *  The Z-pointer Register is left unchanged by the operation. This instruction
2499  *  is especially suited for changing status bits stored in SRAM.
2500  */
2501 static bool trans_LAT(DisasContext *ctx, arg_LAT *a)
2502 {
2503     if (!avr_have_feature(ctx, AVR_FEATURE_RMW)) {
2504         return true;
2505     }
2506 
2507     TCGv Rd = cpu_r[a->rd];
2508     TCGv addr = gen_get_zaddr();
2509     TCGv t0 = tcg_temp_new_i32();
2510     TCGv t1 = tcg_temp_new_i32();
2511 
2512     gen_data_load(ctx, t0, addr); /* t0 = mem[addr] */
2513     tcg_gen_xor_tl(t1, t0, Rd);
2514     tcg_gen_mov_tl(Rd, t0); /* Rd = t0 */
2515     gen_data_store(ctx, t1, addr); /* mem[addr] = t1 */
2516 
2517     tcg_temp_free_i32(t1);
2518     tcg_temp_free_i32(t0);
2519     tcg_temp_free_i32(addr);
2520 
2521     return true;
2522 }
2523 
2524 /*
2525  * Bit and Bit-test Instructions
2526  */
2527 static void gen_rshift_ZNVSf(TCGv R)
2528 {
2529     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */
2530     tcg_gen_shri_tl(cpu_Nf, R, 7); /* Nf = R(7) */
2531     tcg_gen_xor_tl(cpu_Vf, cpu_Nf, cpu_Cf);
2532     tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */
2533 }
2534 
2535 /*
2536  *  Shifts all bits in Rd one place to the right. Bit 7 is cleared. Bit 0 is
2537  *  loaded into the C Flag of the SREG. This operation effectively divides an
2538  *  unsigned value by two. The C Flag can be used to round the result.
2539  */
2540 static bool trans_LSR(DisasContext *ctx, arg_LSR *a)
2541 {
2542     TCGv Rd = cpu_r[a->rd];
2543 
2544     tcg_gen_andi_tl(cpu_Cf, Rd, 1);
2545     tcg_gen_shri_tl(Rd, Rd, 1);
2546 
2547     /* update status register */
2548     tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, Rd, 0); /* Zf = Rd == 0 */
2549     tcg_gen_movi_tl(cpu_Nf, 0);
2550     tcg_gen_mov_tl(cpu_Vf, cpu_Cf);
2551     tcg_gen_mov_tl(cpu_Sf, cpu_Vf);
2552 
2553     return true;
2554 }
2555 
2556 /*
2557  *  Shifts all bits in Rd one place to the right. The C Flag is shifted into
2558  *  bit 7 of Rd. Bit 0 is shifted into the C Flag.  This operation, combined
2559  *  with ASR, effectively divides multi-byte signed values by two. Combined with
2560  *  LSR it effectively divides multi-byte unsigned values by two. The Carry Flag
2561  *  can be used to round the result.
2562  */
2563 static bool trans_ROR(DisasContext *ctx, arg_ROR *a)
2564 {
2565     TCGv Rd = cpu_r[a->rd];
2566     TCGv t0 = tcg_temp_new_i32();
2567 
2568     tcg_gen_shli_tl(t0, cpu_Cf, 7);
2569 
2570     /* update status register */
2571     tcg_gen_andi_tl(cpu_Cf, Rd, 1);
2572 
2573     /* update output register */
2574     tcg_gen_shri_tl(Rd, Rd, 1);
2575     tcg_gen_or_tl(Rd, Rd, t0);
2576 
2577     /* update status register */
2578     gen_rshift_ZNVSf(Rd);
2579 
2580     tcg_temp_free_i32(t0);
2581 
2582     return true;
2583 }
2584 
2585 /*
2586  *  Shifts all bits in Rd one place to the right. Bit 7 is held constant. Bit 0
2587  *  is loaded into the C Flag of the SREG. This operation effectively divides a
2588  *  signed value by two without changing its sign. The Carry Flag can be used to
2589  *  round the result.
2590  */
2591 static bool trans_ASR(DisasContext *ctx, arg_ASR *a)
2592 {
2593     TCGv Rd = cpu_r[a->rd];
2594     TCGv t0 = tcg_temp_new_i32();
2595 
2596     /* update status register */
2597     tcg_gen_andi_tl(cpu_Cf, Rd, 1); /* Cf = Rd(0) */
2598 
2599     /* update output register */
2600     tcg_gen_andi_tl(t0, Rd, 0x80); /* Rd = (Rd & 0x80) | (Rd >> 1) */
2601     tcg_gen_shri_tl(Rd, Rd, 1);
2602     tcg_gen_or_tl(Rd, Rd, t0);
2603 
2604     /* update status register */
2605     gen_rshift_ZNVSf(Rd);
2606 
2607     tcg_temp_free_i32(t0);
2608 
2609     return true;
2610 }
2611 
2612 /*
2613  *  Swaps high and low nibbles in a register.
2614  */
2615 static bool trans_SWAP(DisasContext *ctx, arg_SWAP *a)
2616 {
2617     TCGv Rd = cpu_r[a->rd];
2618     TCGv t0 = tcg_temp_new_i32();
2619     TCGv t1 = tcg_temp_new_i32();
2620 
2621     tcg_gen_andi_tl(t0, Rd, 0x0f);
2622     tcg_gen_shli_tl(t0, t0, 4);
2623     tcg_gen_andi_tl(t1, Rd, 0xf0);
2624     tcg_gen_shri_tl(t1, t1, 4);
2625     tcg_gen_or_tl(Rd, t0, t1);
2626 
2627     tcg_temp_free_i32(t1);
2628     tcg_temp_free_i32(t0);
2629 
2630     return true;
2631 }
2632 
2633 /*
2634  *  Sets a specified bit in an I/O Register. This instruction operates on
2635  *  the lower 32 I/O Registers -- addresses 0-31.
2636  */
2637 static bool trans_SBI(DisasContext *ctx, arg_SBI *a)
2638 {
2639     TCGv data = tcg_temp_new_i32();
2640     TCGv port = tcg_const_i32(a->reg);
2641 
2642     gen_helper_inb(data, cpu_env, port);
2643     tcg_gen_ori_tl(data, data, 1 << a->bit);
2644     gen_helper_outb(cpu_env, port, data);
2645 
2646     tcg_temp_free_i32(port);
2647     tcg_temp_free_i32(data);
2648 
2649     return true;
2650 }
2651 
2652 /*
2653  *  Clears a specified bit in an I/O Register. This instruction operates on
2654  *  the lower 32 I/O Registers -- addresses 0-31.
2655  */
2656 static bool trans_CBI(DisasContext *ctx, arg_CBI *a)
2657 {
2658     TCGv data = tcg_temp_new_i32();
2659     TCGv port = tcg_const_i32(a->reg);
2660 
2661     gen_helper_inb(data, cpu_env, port);
2662     tcg_gen_andi_tl(data, data, ~(1 << a->bit));
2663     gen_helper_outb(cpu_env, port, data);
2664 
2665     tcg_temp_free_i32(data);
2666     tcg_temp_free_i32(port);
2667 
2668     return true;
2669 }
2670 
2671 /*
2672  *  Stores bit b from Rd to the T Flag in SREG (Status Register).
2673  */
2674 static bool trans_BST(DisasContext *ctx, arg_BST *a)
2675 {
2676     TCGv Rd = cpu_r[a->rd];
2677 
2678     tcg_gen_andi_tl(cpu_Tf, Rd, 1 << a->bit);
2679     tcg_gen_shri_tl(cpu_Tf, cpu_Tf, a->bit);
2680 
2681     return true;
2682 }
2683 
2684 /*
2685  *  Copies the T Flag in the SREG (Status Register) to bit b in register Rd.
2686  */
2687 static bool trans_BLD(DisasContext *ctx, arg_BLD *a)
2688 {
2689     TCGv Rd = cpu_r[a->rd];
2690     TCGv t1 = tcg_temp_new_i32();
2691 
2692     tcg_gen_andi_tl(Rd, Rd, ~(1u << a->bit)); /* clear bit */
2693     tcg_gen_shli_tl(t1, cpu_Tf, a->bit); /* create mask */
2694     tcg_gen_or_tl(Rd, Rd, t1);
2695 
2696     tcg_temp_free_i32(t1);
2697 
2698     return true;
2699 }
2700 
2701 /*
2702  *  Sets a single Flag or bit in SREG.
2703  */
2704 static bool trans_BSET(DisasContext *ctx, arg_BSET *a)
2705 {
2706     switch (a->bit) {
2707     case 0x00:
2708         tcg_gen_movi_tl(cpu_Cf, 0x01);
2709         break;
2710     case 0x01:
2711         tcg_gen_movi_tl(cpu_Zf, 0x01);
2712         break;
2713     case 0x02:
2714         tcg_gen_movi_tl(cpu_Nf, 0x01);
2715         break;
2716     case 0x03:
2717         tcg_gen_movi_tl(cpu_Vf, 0x01);
2718         break;
2719     case 0x04:
2720         tcg_gen_movi_tl(cpu_Sf, 0x01);
2721         break;
2722     case 0x05:
2723         tcg_gen_movi_tl(cpu_Hf, 0x01);
2724         break;
2725     case 0x06:
2726         tcg_gen_movi_tl(cpu_Tf, 0x01);
2727         break;
2728     case 0x07:
2729         tcg_gen_movi_tl(cpu_If, 0x01);
2730         break;
2731     }
2732 
2733     return true;
2734 }
2735 
2736 /*
2737  *  Clears a single Flag in SREG.
2738  */
2739 static bool trans_BCLR(DisasContext *ctx, arg_BCLR *a)
2740 {
2741     switch (a->bit) {
2742     case 0x00:
2743         tcg_gen_movi_tl(cpu_Cf, 0x00);
2744         break;
2745     case 0x01:
2746         tcg_gen_movi_tl(cpu_Zf, 0x00);
2747         break;
2748     case 0x02:
2749         tcg_gen_movi_tl(cpu_Nf, 0x00);
2750         break;
2751     case 0x03:
2752         tcg_gen_movi_tl(cpu_Vf, 0x00);
2753         break;
2754     case 0x04:
2755         tcg_gen_movi_tl(cpu_Sf, 0x00);
2756         break;
2757     case 0x05:
2758         tcg_gen_movi_tl(cpu_Hf, 0x00);
2759         break;
2760     case 0x06:
2761         tcg_gen_movi_tl(cpu_Tf, 0x00);
2762         break;
2763     case 0x07:
2764         tcg_gen_movi_tl(cpu_If, 0x00);
2765         break;
2766     }
2767 
2768     return true;
2769 }
2770 
2771 /*
2772  * MCU Control Instructions
2773  */
2774 
2775 /*
2776  *  The BREAK instruction is used by the On-chip Debug system, and is
2777  *  normally not used in the application software. When the BREAK instruction is
2778  *  executed, the AVR CPU is set in the Stopped Mode. This gives the On-chip
2779  *  Debugger access to internal resources.  If any Lock bits are set, or either
2780  *  the JTAGEN or OCDEN Fuses are unprogrammed, the CPU will treat the BREAK
2781  *  instruction as a NOP and will not enter the Stopped mode.  This instruction
2782  *  is not available in all devices. Refer to the device specific instruction
2783  *  set summary.
2784  */
2785 static bool trans_BREAK(DisasContext *ctx, arg_BREAK *a)
2786 {
2787     if (!avr_have_feature(ctx, AVR_FEATURE_BREAK)) {
2788         return true;
2789     }
2790 
2791 #ifdef BREAKPOINT_ON_BREAK
2792     tcg_gen_movi_tl(cpu_pc, ctx->npc - 1);
2793     gen_helper_debug(cpu_env);
2794     ctx->base.is_jmp = DISAS_EXIT;
2795 #else
2796     /* NOP */
2797 #endif
2798 
2799     return true;
2800 }
2801 
2802 /*
2803  *  This instruction performs a single cycle No Operation.
2804  */
2805 static bool trans_NOP(DisasContext *ctx, arg_NOP *a)
2806 {
2807 
2808     /* NOP */
2809 
2810     return true;
2811 }
2812 
2813 /*
2814  *  This instruction sets the circuit in sleep mode defined by the MCU
2815  *  Control Register.
2816  */
2817 static bool trans_SLEEP(DisasContext *ctx, arg_SLEEP *a)
2818 {
2819     gen_helper_sleep(cpu_env);
2820     ctx->base.is_jmp = DISAS_NORETURN;
2821     return true;
2822 }
2823 
2824 /*
2825  *  This instruction resets the Watchdog Timer. This instruction must be
2826  *  executed within a limited time given by the WD prescaler. See the Watchdog
2827  *  Timer hardware specification.
2828  */
2829 static bool trans_WDR(DisasContext *ctx, arg_WDR *a)
2830 {
2831     gen_helper_wdr(cpu_env);
2832 
2833     return true;
2834 }
2835 
2836 /*
2837  *  Core translation mechanism functions:
2838  *
2839  *    - translate()
2840  *    - canonicalize_skip()
2841  *    - gen_intermediate_code()
2842  *    - restore_state_to_opc()
2843  *
2844  */
2845 static void translate(DisasContext *ctx)
2846 {
2847     uint32_t opcode = next_word(ctx);
2848 
2849     if (!decode_insn(ctx, opcode)) {
2850         gen_helper_unsupported(cpu_env);
2851         ctx->base.is_jmp = DISAS_NORETURN;
2852     }
2853 }
2854 
2855 /* Standardize the cpu_skip condition to NE.  */
2856 static bool canonicalize_skip(DisasContext *ctx)
2857 {
2858     switch (ctx->skip_cond) {
2859     case TCG_COND_NEVER:
2860         /* Normal case: cpu_skip is known to be false.  */
2861         return false;
2862 
2863     case TCG_COND_ALWAYS:
2864         /*
2865          * Breakpoint case: cpu_skip is known to be true, via TB_FLAGS_SKIP.
2866          * The breakpoint is on the instruction being skipped, at the start
2867          * of the TranslationBlock.  No need to update.
2868          */
2869         return false;
2870 
2871     case TCG_COND_NE:
2872         if (ctx->skip_var1 == NULL) {
2873             tcg_gen_mov_tl(cpu_skip, ctx->skip_var0);
2874         } else {
2875             tcg_gen_xor_tl(cpu_skip, ctx->skip_var0, ctx->skip_var1);
2876             ctx->skip_var1 = NULL;
2877         }
2878         break;
2879 
2880     default:
2881         /* Convert to a NE condition vs 0. */
2882         if (ctx->skip_var1 == NULL) {
2883             tcg_gen_setcondi_tl(ctx->skip_cond, cpu_skip, ctx->skip_var0, 0);
2884         } else {
2885             tcg_gen_setcond_tl(ctx->skip_cond, cpu_skip,
2886                                ctx->skip_var0, ctx->skip_var1);
2887             ctx->skip_var1 = NULL;
2888         }
2889         ctx->skip_cond = TCG_COND_NE;
2890         break;
2891     }
2892     if (ctx->free_skip_var0) {
2893         tcg_temp_free(ctx->skip_var0);
2894         ctx->free_skip_var0 = false;
2895     }
2896     ctx->skip_var0 = cpu_skip;
2897     return true;
2898 }
2899 
2900 static void gen_breakpoint(DisasContext *ctx)
2901 {
2902     canonicalize_skip(ctx);
2903     tcg_gen_movi_tl(cpu_pc, ctx->npc);
2904     gen_helper_debug(cpu_env);
2905     ctx->base.is_jmp = DISAS_NORETURN;
2906 }
2907 
2908 static void avr_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
2909 {
2910     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2911     CPUAVRState *env = cs->env_ptr;
2912     uint32_t tb_flags = ctx->base.tb->flags;
2913 
2914     ctx->cs = cs;
2915     ctx->env = env;
2916     ctx->npc = ctx->base.pc_first / 2;
2917 
2918     ctx->skip_cond = TCG_COND_NEVER;
2919     if (tb_flags & TB_FLAGS_SKIP) {
2920         ctx->skip_cond = TCG_COND_ALWAYS;
2921         ctx->skip_var0 = cpu_skip;
2922     }
2923 
2924     if (tb_flags & TB_FLAGS_FULL_ACCESS) {
2925         /*
2926          * This flag is set by ST/LD instruction we will regenerate it ONLY
2927          * with mem/cpu memory access instead of mem access
2928          */
2929         ctx->base.max_insns = 1;
2930     }
2931 }
2932 
2933 static void avr_tr_tb_start(DisasContextBase *db, CPUState *cs)
2934 {
2935 }
2936 
2937 static void avr_tr_insn_start(DisasContextBase *dcbase, CPUState *cs)
2938 {
2939     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2940 
2941     tcg_gen_insn_start(ctx->npc);
2942 }
2943 
2944 static bool avr_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cs,
2945                                     const CPUBreakpoint *bp)
2946 {
2947     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2948 
2949     gen_breakpoint(ctx);
2950     return true;
2951 }
2952 
2953 static void avr_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs)
2954 {
2955     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2956     TCGLabel *skip_label = NULL;
2957 
2958     /*
2959      * This is due to some strange GDB behavior
2960      * Let's assume main has address 0x100:
2961      * b main   - sets breakpoint at address 0x00000100 (code)
2962      * b *0x100 - sets breakpoint at address 0x00800100 (data)
2963      *
2964      * The translator driver has already taken care of the code pointer.
2965      */
2966     if (!ctx->base.singlestep_enabled &&
2967         cpu_breakpoint_test(cs, OFFSET_DATA + ctx->base.pc_next, BP_ANY)) {
2968         gen_breakpoint(ctx);
2969         return;
2970     }
2971 
2972     /* Conditionally skip the next instruction, if indicated.  */
2973     if (ctx->skip_cond != TCG_COND_NEVER) {
2974         skip_label = gen_new_label();
2975         if (ctx->skip_var0 == cpu_skip) {
2976             /*
2977              * Copy cpu_skip so that we may zero it before the branch.
2978              * This ensures that cpu_skip is non-zero after the label
2979              * if and only if the skipped insn itself sets a skip.
2980              */
2981             ctx->free_skip_var0 = true;
2982             ctx->skip_var0 = tcg_temp_new();
2983             tcg_gen_mov_tl(ctx->skip_var0, cpu_skip);
2984             tcg_gen_movi_tl(cpu_skip, 0);
2985         }
2986         if (ctx->skip_var1 == NULL) {
2987             tcg_gen_brcondi_tl(ctx->skip_cond, ctx->skip_var0, 0, skip_label);
2988         } else {
2989             tcg_gen_brcond_tl(ctx->skip_cond, ctx->skip_var0,
2990                               ctx->skip_var1, skip_label);
2991             ctx->skip_var1 = NULL;
2992         }
2993         if (ctx->free_skip_var0) {
2994             tcg_temp_free(ctx->skip_var0);
2995             ctx->free_skip_var0 = false;
2996         }
2997         ctx->skip_cond = TCG_COND_NEVER;
2998         ctx->skip_var0 = NULL;
2999     }
3000 
3001     translate(ctx);
3002 
3003     ctx->base.pc_next = ctx->npc * 2;
3004 
3005     if (skip_label) {
3006         canonicalize_skip(ctx);
3007         gen_set_label(skip_label);
3008         if (ctx->base.is_jmp == DISAS_NORETURN) {
3009             ctx->base.is_jmp = DISAS_CHAIN;
3010         }
3011     }
3012 
3013     if (ctx->base.is_jmp == DISAS_NEXT) {
3014         target_ulong page_first = ctx->base.pc_first & TARGET_PAGE_MASK;
3015 
3016         if ((ctx->base.pc_next - page_first) >= TARGET_PAGE_SIZE - 4) {
3017             ctx->base.is_jmp = DISAS_TOO_MANY;
3018         }
3019     }
3020 }
3021 
3022 static void avr_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
3023 {
3024     DisasContext *ctx = container_of(dcbase, DisasContext, base);
3025     bool nonconst_skip = canonicalize_skip(ctx);
3026 
3027     switch (ctx->base.is_jmp) {
3028     case DISAS_NORETURN:
3029         assert(!nonconst_skip);
3030         break;
3031     case DISAS_NEXT:
3032     case DISAS_TOO_MANY:
3033     case DISAS_CHAIN:
3034         if (!nonconst_skip) {
3035             /* Note gen_goto_tb checks singlestep.  */
3036             gen_goto_tb(ctx, 1, ctx->npc);
3037             break;
3038         }
3039         tcg_gen_movi_tl(cpu_pc, ctx->npc);
3040         /* fall through */
3041     case DISAS_LOOKUP:
3042         if (!ctx->base.singlestep_enabled) {
3043             tcg_gen_lookup_and_goto_ptr();
3044             break;
3045         }
3046         /* fall through */
3047     case DISAS_EXIT:
3048         if (ctx->base.singlestep_enabled) {
3049             gen_helper_debug(cpu_env);
3050         } else {
3051             tcg_gen_exit_tb(NULL, 0);
3052         }
3053         break;
3054     default:
3055         g_assert_not_reached();
3056     }
3057 }
3058 
3059 static void avr_tr_disas_log(const DisasContextBase *dcbase, CPUState *cs)
3060 {
3061     qemu_log("IN: %s\n", lookup_symbol(dcbase->pc_first));
3062     log_target_disas(cs, dcbase->pc_first, dcbase->tb->size);
3063 }
3064 
3065 static const TranslatorOps avr_tr_ops = {
3066     .init_disas_context = avr_tr_init_disas_context,
3067     .tb_start           = avr_tr_tb_start,
3068     .insn_start         = avr_tr_insn_start,
3069     .breakpoint_check   = avr_tr_breakpoint_check,
3070     .translate_insn     = avr_tr_translate_insn,
3071     .tb_stop            = avr_tr_tb_stop,
3072     .disas_log          = avr_tr_disas_log,
3073 };
3074 
3075 void gen_intermediate_code(CPUState *cs, TranslationBlock *tb, int max_insns)
3076 {
3077     DisasContext dc = { };
3078     translator_loop(&avr_tr_ops, &dc.base, cs, tb, max_insns);
3079 }
3080 
3081 void restore_state_to_opc(CPUAVRState *env, TranslationBlock *tb,
3082                             target_ulong *data)
3083 {
3084     env->pc_w = data[0];
3085 }
3086