1 /* 2 * QEMU AVR CPU 3 * 4 * Copyright (c) 2019-2020 Michael Rolnik 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see 18 * <http://www.gnu.org/licenses/lgpl-2.1.html> 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qemu/qemu-print.h" 23 #include "tcg/tcg.h" 24 #include "cpu.h" 25 #include "exec/exec-all.h" 26 #include "tcg/tcg-op.h" 27 #include "exec/cpu_ldst.h" 28 #include "exec/helper-proto.h" 29 #include "exec/helper-gen.h" 30 #include "exec/log.h" 31 #include "exec/translator.h" 32 #include "exec/gen-icount.h" 33 34 /* 35 * Define if you want a BREAK instruction translated to a breakpoint 36 * Active debugging connection is assumed 37 * This is for 38 * https://github.com/seharris/qemu-avr-tests/tree/master/instruction-tests 39 * tests 40 */ 41 #undef BREAKPOINT_ON_BREAK 42 43 static TCGv cpu_pc; 44 45 static TCGv cpu_Cf; 46 static TCGv cpu_Zf; 47 static TCGv cpu_Nf; 48 static TCGv cpu_Vf; 49 static TCGv cpu_Sf; 50 static TCGv cpu_Hf; 51 static TCGv cpu_Tf; 52 static TCGv cpu_If; 53 54 static TCGv cpu_rampD; 55 static TCGv cpu_rampX; 56 static TCGv cpu_rampY; 57 static TCGv cpu_rampZ; 58 59 static TCGv cpu_r[NUMBER_OF_CPU_REGISTERS]; 60 static TCGv cpu_eind; 61 static TCGv cpu_sp; 62 63 static TCGv cpu_skip; 64 65 static const char reg_names[NUMBER_OF_CPU_REGISTERS][8] = { 66 "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7", 67 "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15", 68 "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23", 69 "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31", 70 }; 71 #define REG(x) (cpu_r[x]) 72 73 #define DISAS_EXIT DISAS_TARGET_0 /* We want return to the cpu main loop. */ 74 #define DISAS_LOOKUP DISAS_TARGET_1 /* We have a variable condition exit. */ 75 #define DISAS_CHAIN DISAS_TARGET_2 /* We have a single condition exit. */ 76 77 typedef struct DisasContext DisasContext; 78 79 /* This is the state at translation time. */ 80 struct DisasContext { 81 DisasContextBase base; 82 83 CPUAVRState *env; 84 CPUState *cs; 85 86 target_long npc; 87 uint32_t opcode; 88 89 /* Routine used to access memory */ 90 int memidx; 91 92 /* 93 * some AVR instructions can make the following instruction to be skipped 94 * Let's name those instructions 95 * A - instruction that can skip the next one 96 * B - instruction that can be skipped. this depends on execution of A 97 * there are two scenarios 98 * 1. A and B belong to the same translation block 99 * 2. A is the last instruction in the translation block and B is the last 100 * 101 * following variables are used to simplify the skipping logic, they are 102 * used in the following manner (sketch) 103 * 104 * TCGLabel *skip_label = NULL; 105 * if (ctx->skip_cond != TCG_COND_NEVER) { 106 * skip_label = gen_new_label(); 107 * tcg_gen_brcond_tl(skip_cond, skip_var0, skip_var1, skip_label); 108 * } 109 * 110 * translate(ctx); 111 * 112 * if (skip_label) { 113 * gen_set_label(skip_label); 114 * } 115 */ 116 TCGv skip_var0; 117 TCGv skip_var1; 118 TCGCond skip_cond; 119 }; 120 121 void avr_cpu_tcg_init(void) 122 { 123 int i; 124 125 #define AVR_REG_OFFS(x) offsetof(CPUAVRState, x) 126 cpu_pc = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(pc_w), "pc"); 127 cpu_Cf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregC), "Cf"); 128 cpu_Zf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregZ), "Zf"); 129 cpu_Nf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregN), "Nf"); 130 cpu_Vf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregV), "Vf"); 131 cpu_Sf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregS), "Sf"); 132 cpu_Hf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregH), "Hf"); 133 cpu_Tf = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregT), "Tf"); 134 cpu_If = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sregI), "If"); 135 cpu_rampD = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampD), "rampD"); 136 cpu_rampX = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampX), "rampX"); 137 cpu_rampY = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampY), "rampY"); 138 cpu_rampZ = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(rampZ), "rampZ"); 139 cpu_eind = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(eind), "eind"); 140 cpu_sp = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(sp), "sp"); 141 cpu_skip = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(skip), "skip"); 142 143 for (i = 0; i < NUMBER_OF_CPU_REGISTERS; i++) { 144 cpu_r[i] = tcg_global_mem_new_i32(cpu_env, AVR_REG_OFFS(r[i]), 145 reg_names[i]); 146 } 147 #undef AVR_REG_OFFS 148 } 149 150 static int to_regs_16_31_by_one(DisasContext *ctx, int indx) 151 { 152 return 16 + (indx % 16); 153 } 154 155 static int to_regs_16_23_by_one(DisasContext *ctx, int indx) 156 { 157 return 16 + (indx % 8); 158 } 159 160 static int to_regs_24_30_by_two(DisasContext *ctx, int indx) 161 { 162 return 24 + (indx % 4) * 2; 163 } 164 165 static int to_regs_00_30_by_two(DisasContext *ctx, int indx) 166 { 167 return (indx % 16) * 2; 168 } 169 170 static uint16_t next_word(DisasContext *ctx) 171 { 172 return cpu_lduw_code(ctx->env, ctx->npc++ * 2); 173 } 174 175 static int append_16(DisasContext *ctx, int x) 176 { 177 return x << 16 | next_word(ctx); 178 } 179 180 static bool avr_have_feature(DisasContext *ctx, int feature) 181 { 182 if (!avr_feature(ctx->env, feature)) { 183 gen_helper_unsupported(cpu_env); 184 ctx->base.is_jmp = DISAS_NORETURN; 185 return false; 186 } 187 return true; 188 } 189 190 static bool decode_insn(DisasContext *ctx, uint16_t insn); 191 #include "decode-insn.c.inc" 192 193 /* 194 * Arithmetic Instructions 195 */ 196 197 /* 198 * Utility functions for updating status registers: 199 * 200 * - gen_add_CHf() 201 * - gen_add_Vf() 202 * - gen_sub_CHf() 203 * - gen_sub_Vf() 204 * - gen_NSf() 205 * - gen_ZNSf() 206 * 207 */ 208 209 static void gen_add_CHf(TCGv R, TCGv Rd, TCGv Rr) 210 { 211 TCGv t1 = tcg_temp_new_i32(); 212 TCGv t2 = tcg_temp_new_i32(); 213 TCGv t3 = tcg_temp_new_i32(); 214 215 tcg_gen_and_tl(t1, Rd, Rr); /* t1 = Rd & Rr */ 216 tcg_gen_andc_tl(t2, Rd, R); /* t2 = Rd & ~R */ 217 tcg_gen_andc_tl(t3, Rr, R); /* t3 = Rr & ~R */ 218 tcg_gen_or_tl(t1, t1, t2); /* t1 = t1 | t2 | t3 */ 219 tcg_gen_or_tl(t1, t1, t3); 220 221 tcg_gen_shri_tl(cpu_Cf, t1, 7); /* Cf = t1(7) */ 222 tcg_gen_shri_tl(cpu_Hf, t1, 3); /* Hf = t1(3) */ 223 tcg_gen_andi_tl(cpu_Hf, cpu_Hf, 1); 224 } 225 226 static void gen_add_Vf(TCGv R, TCGv Rd, TCGv Rr) 227 { 228 TCGv t1 = tcg_temp_new_i32(); 229 TCGv t2 = tcg_temp_new_i32(); 230 231 /* t1 = Rd & Rr & ~R | ~Rd & ~Rr & R */ 232 /* = (Rd ^ R) & ~(Rd ^ Rr) */ 233 tcg_gen_xor_tl(t1, Rd, R); 234 tcg_gen_xor_tl(t2, Rd, Rr); 235 tcg_gen_andc_tl(t1, t1, t2); 236 237 tcg_gen_shri_tl(cpu_Vf, t1, 7); /* Vf = t1(7) */ 238 } 239 240 static void gen_sub_CHf(TCGv R, TCGv Rd, TCGv Rr) 241 { 242 TCGv t1 = tcg_temp_new_i32(); 243 TCGv t2 = tcg_temp_new_i32(); 244 TCGv t3 = tcg_temp_new_i32(); 245 246 tcg_gen_not_tl(t1, Rd); /* t1 = ~Rd */ 247 tcg_gen_and_tl(t2, t1, Rr); /* t2 = ~Rd & Rr */ 248 tcg_gen_or_tl(t3, t1, Rr); /* t3 = (~Rd | Rr) & R */ 249 tcg_gen_and_tl(t3, t3, R); 250 tcg_gen_or_tl(t2, t2, t3); /* t2 = ~Rd & Rr | ~Rd & R | R & Rr */ 251 252 tcg_gen_shri_tl(cpu_Cf, t2, 7); /* Cf = t2(7) */ 253 tcg_gen_shri_tl(cpu_Hf, t2, 3); /* Hf = t2(3) */ 254 tcg_gen_andi_tl(cpu_Hf, cpu_Hf, 1); 255 } 256 257 static void gen_sub_Vf(TCGv R, TCGv Rd, TCGv Rr) 258 { 259 TCGv t1 = tcg_temp_new_i32(); 260 TCGv t2 = tcg_temp_new_i32(); 261 262 /* t1 = Rd & ~Rr & ~R | ~Rd & Rr & R */ 263 /* = (Rd ^ R) & (Rd ^ R) */ 264 tcg_gen_xor_tl(t1, Rd, R); 265 tcg_gen_xor_tl(t2, Rd, Rr); 266 tcg_gen_and_tl(t1, t1, t2); 267 268 tcg_gen_shri_tl(cpu_Vf, t1, 7); /* Vf = t1(7) */ 269 } 270 271 static void gen_NSf(TCGv R) 272 { 273 tcg_gen_shri_tl(cpu_Nf, R, 7); /* Nf = R(7) */ 274 tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */ 275 } 276 277 static void gen_ZNSf(TCGv R) 278 { 279 tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */ 280 281 /* update status register */ 282 tcg_gen_shri_tl(cpu_Nf, R, 7); /* Nf = R(7) */ 283 tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */ 284 } 285 286 /* 287 * Adds two registers without the C Flag and places the result in the 288 * destination register Rd. 289 */ 290 static bool trans_ADD(DisasContext *ctx, arg_ADD *a) 291 { 292 TCGv Rd = cpu_r[a->rd]; 293 TCGv Rr = cpu_r[a->rr]; 294 TCGv R = tcg_temp_new_i32(); 295 296 tcg_gen_add_tl(R, Rd, Rr); /* Rd = Rd + Rr */ 297 tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */ 298 299 /* update status register */ 300 gen_add_CHf(R, Rd, Rr); 301 gen_add_Vf(R, Rd, Rr); 302 gen_ZNSf(R); 303 304 /* update output registers */ 305 tcg_gen_mov_tl(Rd, R); 306 return true; 307 } 308 309 /* 310 * Adds two registers and the contents of the C Flag and places the result in 311 * the destination register Rd. 312 */ 313 static bool trans_ADC(DisasContext *ctx, arg_ADC *a) 314 { 315 TCGv Rd = cpu_r[a->rd]; 316 TCGv Rr = cpu_r[a->rr]; 317 TCGv R = tcg_temp_new_i32(); 318 319 tcg_gen_add_tl(R, Rd, Rr); /* R = Rd + Rr + Cf */ 320 tcg_gen_add_tl(R, R, cpu_Cf); 321 tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */ 322 323 /* update status register */ 324 gen_add_CHf(R, Rd, Rr); 325 gen_add_Vf(R, Rd, Rr); 326 gen_ZNSf(R); 327 328 /* update output registers */ 329 tcg_gen_mov_tl(Rd, R); 330 return true; 331 } 332 333 /* 334 * Adds an immediate value (0 - 63) to a register pair and places the result 335 * in the register pair. This instruction operates on the upper four register 336 * pairs, and is well suited for operations on the pointer registers. This 337 * instruction is not available in all devices. Refer to the device specific 338 * instruction set summary. 339 */ 340 static bool trans_ADIW(DisasContext *ctx, arg_ADIW *a) 341 { 342 if (!avr_have_feature(ctx, AVR_FEATURE_ADIW_SBIW)) { 343 return true; 344 } 345 346 TCGv RdL = cpu_r[a->rd]; 347 TCGv RdH = cpu_r[a->rd + 1]; 348 int Imm = (a->imm); 349 TCGv R = tcg_temp_new_i32(); 350 TCGv Rd = tcg_temp_new_i32(); 351 352 tcg_gen_deposit_tl(Rd, RdL, RdH, 8, 8); /* Rd = RdH:RdL */ 353 tcg_gen_addi_tl(R, Rd, Imm); /* R = Rd + Imm */ 354 tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */ 355 356 /* update status register */ 357 tcg_gen_andc_tl(cpu_Cf, Rd, R); /* Cf = Rd & ~R */ 358 tcg_gen_shri_tl(cpu_Cf, cpu_Cf, 15); 359 tcg_gen_andc_tl(cpu_Vf, R, Rd); /* Vf = R & ~Rd */ 360 tcg_gen_shri_tl(cpu_Vf, cpu_Vf, 15); 361 tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */ 362 tcg_gen_shri_tl(cpu_Nf, R, 15); /* Nf = R(15) */ 363 tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf);/* Sf = Nf ^ Vf */ 364 365 /* update output registers */ 366 tcg_gen_andi_tl(RdL, R, 0xff); 367 tcg_gen_shri_tl(RdH, R, 8); 368 return true; 369 } 370 371 /* 372 * Subtracts two registers and places the result in the destination 373 * register Rd. 374 */ 375 static bool trans_SUB(DisasContext *ctx, arg_SUB *a) 376 { 377 TCGv Rd = cpu_r[a->rd]; 378 TCGv Rr = cpu_r[a->rr]; 379 TCGv R = tcg_temp_new_i32(); 380 381 tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr */ 382 tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */ 383 384 /* update status register */ 385 tcg_gen_andc_tl(cpu_Cf, Rd, R); /* Cf = Rd & ~R */ 386 gen_sub_CHf(R, Rd, Rr); 387 gen_sub_Vf(R, Rd, Rr); 388 gen_ZNSf(R); 389 390 /* update output registers */ 391 tcg_gen_mov_tl(Rd, R); 392 return true; 393 } 394 395 /* 396 * Subtracts a register and a constant and places the result in the 397 * destination register Rd. This instruction is working on Register R16 to R31 398 * and is very well suited for operations on the X, Y, and Z-pointers. 399 */ 400 static bool trans_SUBI(DisasContext *ctx, arg_SUBI *a) 401 { 402 TCGv Rd = cpu_r[a->rd]; 403 TCGv Rr = tcg_constant_i32(a->imm); 404 TCGv R = tcg_temp_new_i32(); 405 406 tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Imm */ 407 tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */ 408 409 /* update status register */ 410 gen_sub_CHf(R, Rd, Rr); 411 gen_sub_Vf(R, Rd, Rr); 412 gen_ZNSf(R); 413 414 /* update output registers */ 415 tcg_gen_mov_tl(Rd, R); 416 return true; 417 } 418 419 /* 420 * Subtracts two registers and subtracts with the C Flag and places the 421 * result in the destination register Rd. 422 */ 423 static bool trans_SBC(DisasContext *ctx, arg_SBC *a) 424 { 425 TCGv Rd = cpu_r[a->rd]; 426 TCGv Rr = cpu_r[a->rr]; 427 TCGv R = tcg_temp_new_i32(); 428 TCGv zero = tcg_constant_i32(0); 429 430 tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr - Cf */ 431 tcg_gen_sub_tl(R, R, cpu_Cf); 432 tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */ 433 434 /* update status register */ 435 gen_sub_CHf(R, Rd, Rr); 436 gen_sub_Vf(R, Rd, Rr); 437 gen_NSf(R); 438 439 /* 440 * Previous value remains unchanged when the result is zero; 441 * cleared otherwise. 442 */ 443 tcg_gen_movcond_tl(TCG_COND_EQ, cpu_Zf, R, zero, cpu_Zf, zero); 444 445 /* update output registers */ 446 tcg_gen_mov_tl(Rd, R); 447 return true; 448 } 449 450 /* 451 * SBCI -- Subtract Immediate with Carry 452 */ 453 static bool trans_SBCI(DisasContext *ctx, arg_SBCI *a) 454 { 455 TCGv Rd = cpu_r[a->rd]; 456 TCGv Rr = tcg_constant_i32(a->imm); 457 TCGv R = tcg_temp_new_i32(); 458 TCGv zero = tcg_constant_i32(0); 459 460 tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr - Cf */ 461 tcg_gen_sub_tl(R, R, cpu_Cf); 462 tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */ 463 464 /* update status register */ 465 gen_sub_CHf(R, Rd, Rr); 466 gen_sub_Vf(R, Rd, Rr); 467 gen_NSf(R); 468 469 /* 470 * Previous value remains unchanged when the result is zero; 471 * cleared otherwise. 472 */ 473 tcg_gen_movcond_tl(TCG_COND_EQ, cpu_Zf, R, zero, cpu_Zf, zero); 474 475 /* update output registers */ 476 tcg_gen_mov_tl(Rd, R); 477 return true; 478 } 479 480 /* 481 * Subtracts an immediate value (0-63) from a register pair and places the 482 * result in the register pair. This instruction operates on the upper four 483 * register pairs, and is well suited for operations on the Pointer Registers. 484 * This instruction is not available in all devices. Refer to the device 485 * specific instruction set summary. 486 */ 487 static bool trans_SBIW(DisasContext *ctx, arg_SBIW *a) 488 { 489 if (!avr_have_feature(ctx, AVR_FEATURE_ADIW_SBIW)) { 490 return true; 491 } 492 493 TCGv RdL = cpu_r[a->rd]; 494 TCGv RdH = cpu_r[a->rd + 1]; 495 int Imm = (a->imm); 496 TCGv R = tcg_temp_new_i32(); 497 TCGv Rd = tcg_temp_new_i32(); 498 499 tcg_gen_deposit_tl(Rd, RdL, RdH, 8, 8); /* Rd = RdH:RdL */ 500 tcg_gen_subi_tl(R, Rd, Imm); /* R = Rd - Imm */ 501 tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */ 502 503 /* update status register */ 504 tcg_gen_andc_tl(cpu_Cf, R, Rd); 505 tcg_gen_shri_tl(cpu_Cf, cpu_Cf, 15); /* Cf = R & ~Rd */ 506 tcg_gen_andc_tl(cpu_Vf, Rd, R); 507 tcg_gen_shri_tl(cpu_Vf, cpu_Vf, 15); /* Vf = Rd & ~R */ 508 tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */ 509 tcg_gen_shri_tl(cpu_Nf, R, 15); /* Nf = R(15) */ 510 tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */ 511 512 /* update output registers */ 513 tcg_gen_andi_tl(RdL, R, 0xff); 514 tcg_gen_shri_tl(RdH, R, 8); 515 return true; 516 } 517 518 /* 519 * Performs the logical AND between the contents of register Rd and register 520 * Rr and places the result in the destination register Rd. 521 */ 522 static bool trans_AND(DisasContext *ctx, arg_AND *a) 523 { 524 TCGv Rd = cpu_r[a->rd]; 525 TCGv Rr = cpu_r[a->rr]; 526 TCGv R = tcg_temp_new_i32(); 527 528 tcg_gen_and_tl(R, Rd, Rr); /* Rd = Rd and Rr */ 529 530 /* update status register */ 531 tcg_gen_movi_tl(cpu_Vf, 0); /* Vf = 0 */ 532 tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */ 533 gen_ZNSf(R); 534 535 /* update output registers */ 536 tcg_gen_mov_tl(Rd, R); 537 return true; 538 } 539 540 /* 541 * Performs the logical AND between the contents of register Rd and a constant 542 * and places the result in the destination register Rd. 543 */ 544 static bool trans_ANDI(DisasContext *ctx, arg_ANDI *a) 545 { 546 TCGv Rd = cpu_r[a->rd]; 547 int Imm = (a->imm); 548 549 tcg_gen_andi_tl(Rd, Rd, Imm); /* Rd = Rd & Imm */ 550 551 /* update status register */ 552 tcg_gen_movi_tl(cpu_Vf, 0x00); /* Vf = 0 */ 553 gen_ZNSf(Rd); 554 555 return true; 556 } 557 558 /* 559 * Performs the logical OR between the contents of register Rd and register 560 * Rr and places the result in the destination register Rd. 561 */ 562 static bool trans_OR(DisasContext *ctx, arg_OR *a) 563 { 564 TCGv Rd = cpu_r[a->rd]; 565 TCGv Rr = cpu_r[a->rr]; 566 TCGv R = tcg_temp_new_i32(); 567 568 tcg_gen_or_tl(R, Rd, Rr); 569 570 /* update status register */ 571 tcg_gen_movi_tl(cpu_Vf, 0); 572 gen_ZNSf(R); 573 574 /* update output registers */ 575 tcg_gen_mov_tl(Rd, R); 576 return true; 577 } 578 579 /* 580 * Performs the logical OR between the contents of register Rd and a 581 * constant and places the result in the destination register Rd. 582 */ 583 static bool trans_ORI(DisasContext *ctx, arg_ORI *a) 584 { 585 TCGv Rd = cpu_r[a->rd]; 586 int Imm = (a->imm); 587 588 tcg_gen_ori_tl(Rd, Rd, Imm); /* Rd = Rd | Imm */ 589 590 /* update status register */ 591 tcg_gen_movi_tl(cpu_Vf, 0x00); /* Vf = 0 */ 592 gen_ZNSf(Rd); 593 594 return true; 595 } 596 597 /* 598 * Performs the logical EOR between the contents of register Rd and 599 * register Rr and places the result in the destination register Rd. 600 */ 601 static bool trans_EOR(DisasContext *ctx, arg_EOR *a) 602 { 603 TCGv Rd = cpu_r[a->rd]; 604 TCGv Rr = cpu_r[a->rr]; 605 606 tcg_gen_xor_tl(Rd, Rd, Rr); 607 608 /* update status register */ 609 tcg_gen_movi_tl(cpu_Vf, 0); 610 gen_ZNSf(Rd); 611 612 return true; 613 } 614 615 /* 616 * Clears the specified bits in register Rd. Performs the logical AND 617 * between the contents of register Rd and the complement of the constant mask 618 * K. The result will be placed in register Rd. 619 */ 620 static bool trans_COM(DisasContext *ctx, arg_COM *a) 621 { 622 TCGv Rd = cpu_r[a->rd]; 623 624 tcg_gen_xori_tl(Rd, Rd, 0xff); 625 626 /* update status register */ 627 tcg_gen_movi_tl(cpu_Cf, 1); /* Cf = 1 */ 628 tcg_gen_movi_tl(cpu_Vf, 0); /* Vf = 0 */ 629 gen_ZNSf(Rd); 630 return true; 631 } 632 633 /* 634 * Replaces the contents of register Rd with its two's complement; the 635 * value $80 is left unchanged. 636 */ 637 static bool trans_NEG(DisasContext *ctx, arg_NEG *a) 638 { 639 TCGv Rd = cpu_r[a->rd]; 640 TCGv t0 = tcg_constant_i32(0); 641 TCGv R = tcg_temp_new_i32(); 642 643 tcg_gen_sub_tl(R, t0, Rd); /* R = 0 - Rd */ 644 tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */ 645 646 /* update status register */ 647 gen_sub_CHf(R, t0, Rd); 648 gen_sub_Vf(R, t0, Rd); 649 gen_ZNSf(R); 650 651 /* update output registers */ 652 tcg_gen_mov_tl(Rd, R); 653 return true; 654 } 655 656 /* 657 * Adds one -1- to the contents of register Rd and places the result in the 658 * destination register Rd. The C Flag in SREG is not affected by the 659 * operation, thus allowing the INC instruction to be used on a loop counter in 660 * multiple-precision computations. When operating on unsigned numbers, only 661 * BREQ and BRNE branches can be expected to perform consistently. When 662 * operating on two's complement values, all signed branches are available. 663 */ 664 static bool trans_INC(DisasContext *ctx, arg_INC *a) 665 { 666 TCGv Rd = cpu_r[a->rd]; 667 668 tcg_gen_addi_tl(Rd, Rd, 1); 669 tcg_gen_andi_tl(Rd, Rd, 0xff); 670 671 /* update status register */ 672 tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Vf, Rd, 0x80); /* Vf = Rd == 0x80 */ 673 gen_ZNSf(Rd); 674 675 return true; 676 } 677 678 /* 679 * Subtracts one -1- from the contents of register Rd and places the result 680 * in the destination register Rd. The C Flag in SREG is not affected by the 681 * operation, thus allowing the DEC instruction to be used on a loop counter in 682 * multiple-precision computations. When operating on unsigned values, only 683 * BREQ and BRNE branches can be expected to perform consistently. When 684 * operating on two's complement values, all signed branches are available. 685 */ 686 static bool trans_DEC(DisasContext *ctx, arg_DEC *a) 687 { 688 TCGv Rd = cpu_r[a->rd]; 689 690 tcg_gen_subi_tl(Rd, Rd, 1); /* Rd = Rd - 1 */ 691 tcg_gen_andi_tl(Rd, Rd, 0xff); /* make it 8 bits */ 692 693 /* update status register */ 694 tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Vf, Rd, 0x7f); /* Vf = Rd == 0x7f */ 695 gen_ZNSf(Rd); 696 697 return true; 698 } 699 700 /* 701 * This instruction performs 8-bit x 8-bit -> 16-bit unsigned multiplication. 702 */ 703 static bool trans_MUL(DisasContext *ctx, arg_MUL *a) 704 { 705 if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) { 706 return true; 707 } 708 709 TCGv R0 = cpu_r[0]; 710 TCGv R1 = cpu_r[1]; 711 TCGv Rd = cpu_r[a->rd]; 712 TCGv Rr = cpu_r[a->rr]; 713 TCGv R = tcg_temp_new_i32(); 714 715 tcg_gen_mul_tl(R, Rd, Rr); /* R = Rd * Rr */ 716 tcg_gen_andi_tl(R0, R, 0xff); 717 tcg_gen_shri_tl(R1, R, 8); 718 719 /* update status register */ 720 tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */ 721 tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */ 722 return true; 723 } 724 725 /* 726 * This instruction performs 8-bit x 8-bit -> 16-bit signed multiplication. 727 */ 728 static bool trans_MULS(DisasContext *ctx, arg_MULS *a) 729 { 730 if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) { 731 return true; 732 } 733 734 TCGv R0 = cpu_r[0]; 735 TCGv R1 = cpu_r[1]; 736 TCGv Rd = cpu_r[a->rd]; 737 TCGv Rr = cpu_r[a->rr]; 738 TCGv R = tcg_temp_new_i32(); 739 TCGv t0 = tcg_temp_new_i32(); 740 TCGv t1 = tcg_temp_new_i32(); 741 742 tcg_gen_ext8s_tl(t0, Rd); /* make Rd full 32 bit signed */ 743 tcg_gen_ext8s_tl(t1, Rr); /* make Rr full 32 bit signed */ 744 tcg_gen_mul_tl(R, t0, t1); /* R = Rd * Rr */ 745 tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */ 746 tcg_gen_andi_tl(R0, R, 0xff); 747 tcg_gen_shri_tl(R1, R, 8); 748 749 /* update status register */ 750 tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */ 751 tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */ 752 return true; 753 } 754 755 /* 756 * This instruction performs 8-bit x 8-bit -> 16-bit multiplication of a 757 * signed and an unsigned number. 758 */ 759 static bool trans_MULSU(DisasContext *ctx, arg_MULSU *a) 760 { 761 if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) { 762 return true; 763 } 764 765 TCGv R0 = cpu_r[0]; 766 TCGv R1 = cpu_r[1]; 767 TCGv Rd = cpu_r[a->rd]; 768 TCGv Rr = cpu_r[a->rr]; 769 TCGv R = tcg_temp_new_i32(); 770 TCGv t0 = tcg_temp_new_i32(); 771 772 tcg_gen_ext8s_tl(t0, Rd); /* make Rd full 32 bit signed */ 773 tcg_gen_mul_tl(R, t0, Rr); /* R = Rd * Rr */ 774 tcg_gen_andi_tl(R, R, 0xffff); /* make R 16 bits */ 775 tcg_gen_andi_tl(R0, R, 0xff); 776 tcg_gen_shri_tl(R1, R, 8); 777 778 /* update status register */ 779 tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */ 780 tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */ 781 return true; 782 } 783 784 /* 785 * This instruction performs 8-bit x 8-bit -> 16-bit unsigned 786 * multiplication and shifts the result one bit left. 787 */ 788 static bool trans_FMUL(DisasContext *ctx, arg_FMUL *a) 789 { 790 if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) { 791 return true; 792 } 793 794 TCGv R0 = cpu_r[0]; 795 TCGv R1 = cpu_r[1]; 796 TCGv Rd = cpu_r[a->rd]; 797 TCGv Rr = cpu_r[a->rr]; 798 TCGv R = tcg_temp_new_i32(); 799 800 tcg_gen_mul_tl(R, Rd, Rr); /* R = Rd * Rr */ 801 802 /* update status register */ 803 tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */ 804 tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */ 805 806 /* update output registers */ 807 tcg_gen_shli_tl(R, R, 1); 808 tcg_gen_andi_tl(R0, R, 0xff); 809 tcg_gen_shri_tl(R1, R, 8); 810 tcg_gen_andi_tl(R1, R1, 0xff); 811 return true; 812 } 813 814 /* 815 * This instruction performs 8-bit x 8-bit -> 16-bit signed multiplication 816 * and shifts the result one bit left. 817 */ 818 static bool trans_FMULS(DisasContext *ctx, arg_FMULS *a) 819 { 820 if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) { 821 return true; 822 } 823 824 TCGv R0 = cpu_r[0]; 825 TCGv R1 = cpu_r[1]; 826 TCGv Rd = cpu_r[a->rd]; 827 TCGv Rr = cpu_r[a->rr]; 828 TCGv R = tcg_temp_new_i32(); 829 TCGv t0 = tcg_temp_new_i32(); 830 TCGv t1 = tcg_temp_new_i32(); 831 832 tcg_gen_ext8s_tl(t0, Rd); /* make Rd full 32 bit signed */ 833 tcg_gen_ext8s_tl(t1, Rr); /* make Rr full 32 bit signed */ 834 tcg_gen_mul_tl(R, t0, t1); /* R = Rd * Rr */ 835 tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */ 836 837 /* update status register */ 838 tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */ 839 tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */ 840 841 /* update output registers */ 842 tcg_gen_shli_tl(R, R, 1); 843 tcg_gen_andi_tl(R0, R, 0xff); 844 tcg_gen_shri_tl(R1, R, 8); 845 tcg_gen_andi_tl(R1, R1, 0xff); 846 return true; 847 } 848 849 /* 850 * This instruction performs 8-bit x 8-bit -> 16-bit signed multiplication 851 * and shifts the result one bit left. 852 */ 853 static bool trans_FMULSU(DisasContext *ctx, arg_FMULSU *a) 854 { 855 if (!avr_have_feature(ctx, AVR_FEATURE_MUL)) { 856 return true; 857 } 858 859 TCGv R0 = cpu_r[0]; 860 TCGv R1 = cpu_r[1]; 861 TCGv Rd = cpu_r[a->rd]; 862 TCGv Rr = cpu_r[a->rr]; 863 TCGv R = tcg_temp_new_i32(); 864 TCGv t0 = tcg_temp_new_i32(); 865 866 tcg_gen_ext8s_tl(t0, Rd); /* make Rd full 32 bit signed */ 867 tcg_gen_mul_tl(R, t0, Rr); /* R = Rd * Rr */ 868 tcg_gen_andi_tl(R, R, 0xffff); /* make it 16 bits */ 869 870 /* update status register */ 871 tcg_gen_shri_tl(cpu_Cf, R, 15); /* Cf = R(15) */ 872 tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */ 873 874 /* update output registers */ 875 tcg_gen_shli_tl(R, R, 1); 876 tcg_gen_andi_tl(R0, R, 0xff); 877 tcg_gen_shri_tl(R1, R, 8); 878 tcg_gen_andi_tl(R1, R1, 0xff); 879 return true; 880 } 881 882 /* 883 * The module is an instruction set extension to the AVR CPU, performing 884 * DES iterations. The 64-bit data block (plaintext or ciphertext) is placed in 885 * the CPU register file, registers R0-R7, where LSB of data is placed in LSB 886 * of R0 and MSB of data is placed in MSB of R7. The full 64-bit key (including 887 * parity bits) is placed in registers R8- R15, organized in the register file 888 * with LSB of key in LSB of R8 and MSB of key in MSB of R15. Executing one DES 889 * instruction performs one round in the DES algorithm. Sixteen rounds must be 890 * executed in increasing order to form the correct DES ciphertext or 891 * plaintext. Intermediate results are stored in the register file (R0-R15) 892 * after each DES instruction. The instruction's operand (K) determines which 893 * round is executed, and the half carry flag (H) determines whether encryption 894 * or decryption is performed. The DES algorithm is described in 895 * "Specifications for the Data Encryption Standard" (Federal Information 896 * Processing Standards Publication 46). Intermediate results in this 897 * implementation differ from the standard because the initial permutation and 898 * the inverse initial permutation are performed each iteration. This does not 899 * affect the result in the final ciphertext or plaintext, but reduces 900 * execution time. 901 */ 902 static bool trans_DES(DisasContext *ctx, arg_DES *a) 903 { 904 /* TODO */ 905 if (!avr_have_feature(ctx, AVR_FEATURE_DES)) { 906 return true; 907 } 908 909 qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__); 910 911 return true; 912 } 913 914 /* 915 * Branch Instructions 916 */ 917 static void gen_jmp_ez(DisasContext *ctx) 918 { 919 tcg_gen_deposit_tl(cpu_pc, cpu_r[30], cpu_r[31], 8, 8); 920 tcg_gen_or_tl(cpu_pc, cpu_pc, cpu_eind); 921 ctx->base.is_jmp = DISAS_LOOKUP; 922 } 923 924 static void gen_jmp_z(DisasContext *ctx) 925 { 926 tcg_gen_deposit_tl(cpu_pc, cpu_r[30], cpu_r[31], 8, 8); 927 ctx->base.is_jmp = DISAS_LOOKUP; 928 } 929 930 static void gen_push_ret(DisasContext *ctx, int ret) 931 { 932 if (avr_feature(ctx->env, AVR_FEATURE_1_BYTE_PC)) { 933 TCGv t0 = tcg_constant_i32(ret & 0x0000ff); 934 935 tcg_gen_qemu_st_tl(t0, cpu_sp, MMU_DATA_IDX, MO_UB); 936 tcg_gen_subi_tl(cpu_sp, cpu_sp, 1); 937 } else if (avr_feature(ctx->env, AVR_FEATURE_2_BYTE_PC)) { 938 TCGv t0 = tcg_constant_i32(ret & 0x00ffff); 939 940 tcg_gen_subi_tl(cpu_sp, cpu_sp, 1); 941 tcg_gen_qemu_st_tl(t0, cpu_sp, MMU_DATA_IDX, MO_BEUW); 942 tcg_gen_subi_tl(cpu_sp, cpu_sp, 1); 943 } else if (avr_feature(ctx->env, AVR_FEATURE_3_BYTE_PC)) { 944 TCGv lo = tcg_constant_i32(ret & 0x0000ff); 945 TCGv hi = tcg_constant_i32((ret & 0xffff00) >> 8); 946 947 tcg_gen_qemu_st_tl(lo, cpu_sp, MMU_DATA_IDX, MO_UB); 948 tcg_gen_subi_tl(cpu_sp, cpu_sp, 2); 949 tcg_gen_qemu_st_tl(hi, cpu_sp, MMU_DATA_IDX, MO_BEUW); 950 tcg_gen_subi_tl(cpu_sp, cpu_sp, 1); 951 } 952 } 953 954 static void gen_pop_ret(DisasContext *ctx, TCGv ret) 955 { 956 if (avr_feature(ctx->env, AVR_FEATURE_1_BYTE_PC)) { 957 tcg_gen_addi_tl(cpu_sp, cpu_sp, 1); 958 tcg_gen_qemu_ld_tl(ret, cpu_sp, MMU_DATA_IDX, MO_UB); 959 } else if (avr_feature(ctx->env, AVR_FEATURE_2_BYTE_PC)) { 960 tcg_gen_addi_tl(cpu_sp, cpu_sp, 1); 961 tcg_gen_qemu_ld_tl(ret, cpu_sp, MMU_DATA_IDX, MO_BEUW); 962 tcg_gen_addi_tl(cpu_sp, cpu_sp, 1); 963 } else if (avr_feature(ctx->env, AVR_FEATURE_3_BYTE_PC)) { 964 TCGv lo = tcg_temp_new_i32(); 965 TCGv hi = tcg_temp_new_i32(); 966 967 tcg_gen_addi_tl(cpu_sp, cpu_sp, 1); 968 tcg_gen_qemu_ld_tl(hi, cpu_sp, MMU_DATA_IDX, MO_BEUW); 969 970 tcg_gen_addi_tl(cpu_sp, cpu_sp, 2); 971 tcg_gen_qemu_ld_tl(lo, cpu_sp, MMU_DATA_IDX, MO_UB); 972 973 tcg_gen_deposit_tl(ret, lo, hi, 8, 16); 974 } 975 } 976 977 static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest) 978 { 979 const TranslationBlock *tb = ctx->base.tb; 980 981 if (translator_use_goto_tb(&ctx->base, dest)) { 982 tcg_gen_goto_tb(n); 983 tcg_gen_movi_i32(cpu_pc, dest); 984 tcg_gen_exit_tb(tb, n); 985 } else { 986 tcg_gen_movi_i32(cpu_pc, dest); 987 tcg_gen_lookup_and_goto_ptr(); 988 } 989 ctx->base.is_jmp = DISAS_NORETURN; 990 } 991 992 /* 993 * Relative jump to an address within PC - 2K +1 and PC + 2K (words). For 994 * AVR microcontrollers with Program memory not exceeding 4K words (8KB) this 995 * instruction can address the entire memory from every address location. See 996 * also JMP. 997 */ 998 static bool trans_RJMP(DisasContext *ctx, arg_RJMP *a) 999 { 1000 int dst = ctx->npc + a->imm; 1001 1002 gen_goto_tb(ctx, 0, dst); 1003 1004 return true; 1005 } 1006 1007 /* 1008 * Indirect jump to the address pointed to by the Z (16 bits) Pointer 1009 * Register in the Register File. The Z-pointer Register is 16 bits wide and 1010 * allows jump within the lowest 64K words (128KB) section of Program memory. 1011 * This instruction is not available in all devices. Refer to the device 1012 * specific instruction set summary. 1013 */ 1014 static bool trans_IJMP(DisasContext *ctx, arg_IJMP *a) 1015 { 1016 if (!avr_have_feature(ctx, AVR_FEATURE_IJMP_ICALL)) { 1017 return true; 1018 } 1019 1020 gen_jmp_z(ctx); 1021 1022 return true; 1023 } 1024 1025 /* 1026 * Indirect jump to the address pointed to by the Z (16 bits) Pointer 1027 * Register in the Register File and the EIND Register in the I/O space. This 1028 * instruction allows for indirect jumps to the entire 4M (words) Program 1029 * memory space. See also IJMP. This instruction is not available in all 1030 * devices. Refer to the device specific instruction set summary. 1031 */ 1032 static bool trans_EIJMP(DisasContext *ctx, arg_EIJMP *a) 1033 { 1034 if (!avr_have_feature(ctx, AVR_FEATURE_EIJMP_EICALL)) { 1035 return true; 1036 } 1037 1038 gen_jmp_ez(ctx); 1039 return true; 1040 } 1041 1042 /* 1043 * Jump to an address within the entire 4M (words) Program memory. See also 1044 * RJMP. This instruction is not available in all devices. Refer to the device 1045 * specific instruction set summary.0 1046 */ 1047 static bool trans_JMP(DisasContext *ctx, arg_JMP *a) 1048 { 1049 if (!avr_have_feature(ctx, AVR_FEATURE_JMP_CALL)) { 1050 return true; 1051 } 1052 1053 gen_goto_tb(ctx, 0, a->imm); 1054 1055 return true; 1056 } 1057 1058 /* 1059 * Relative call to an address within PC - 2K + 1 and PC + 2K (words). The 1060 * return address (the instruction after the RCALL) is stored onto the Stack. 1061 * See also CALL. For AVR microcontrollers with Program memory not exceeding 4K 1062 * words (8KB) this instruction can address the entire memory from every 1063 * address location. The Stack Pointer uses a post-decrement scheme during 1064 * RCALL. 1065 */ 1066 static bool trans_RCALL(DisasContext *ctx, arg_RCALL *a) 1067 { 1068 int ret = ctx->npc; 1069 int dst = ctx->npc + a->imm; 1070 1071 gen_push_ret(ctx, ret); 1072 gen_goto_tb(ctx, 0, dst); 1073 1074 return true; 1075 } 1076 1077 /* 1078 * Calls to a subroutine within the entire 4M (words) Program memory. The 1079 * return address (to the instruction after the CALL) will be stored onto the 1080 * Stack. See also RCALL. The Stack Pointer uses a post-decrement scheme during 1081 * CALL. This instruction is not available in all devices. Refer to the device 1082 * specific instruction set summary. 1083 */ 1084 static bool trans_ICALL(DisasContext *ctx, arg_ICALL *a) 1085 { 1086 if (!avr_have_feature(ctx, AVR_FEATURE_IJMP_ICALL)) { 1087 return true; 1088 } 1089 1090 int ret = ctx->npc; 1091 1092 gen_push_ret(ctx, ret); 1093 gen_jmp_z(ctx); 1094 1095 return true; 1096 } 1097 1098 /* 1099 * Indirect call of a subroutine pointed to by the Z (16 bits) Pointer 1100 * Register in the Register File and the EIND Register in the I/O space. This 1101 * instruction allows for indirect calls to the entire 4M (words) Program 1102 * memory space. See also ICALL. The Stack Pointer uses a post-decrement scheme 1103 * during EICALL. This instruction is not available in all devices. Refer to 1104 * the device specific instruction set summary. 1105 */ 1106 static bool trans_EICALL(DisasContext *ctx, arg_EICALL *a) 1107 { 1108 if (!avr_have_feature(ctx, AVR_FEATURE_EIJMP_EICALL)) { 1109 return true; 1110 } 1111 1112 int ret = ctx->npc; 1113 1114 gen_push_ret(ctx, ret); 1115 gen_jmp_ez(ctx); 1116 return true; 1117 } 1118 1119 /* 1120 * Calls to a subroutine within the entire Program memory. The return 1121 * address (to the instruction after the CALL) will be stored onto the Stack. 1122 * (See also RCALL). The Stack Pointer uses a post-decrement scheme during 1123 * CALL. This instruction is not available in all devices. Refer to the device 1124 * specific instruction set summary. 1125 */ 1126 static bool trans_CALL(DisasContext *ctx, arg_CALL *a) 1127 { 1128 if (!avr_have_feature(ctx, AVR_FEATURE_JMP_CALL)) { 1129 return true; 1130 } 1131 1132 int Imm = a->imm; 1133 int ret = ctx->npc; 1134 1135 gen_push_ret(ctx, ret); 1136 gen_goto_tb(ctx, 0, Imm); 1137 1138 return true; 1139 } 1140 1141 /* 1142 * Returns from subroutine. The return address is loaded from the STACK. 1143 * The Stack Pointer uses a preincrement scheme during RET. 1144 */ 1145 static bool trans_RET(DisasContext *ctx, arg_RET *a) 1146 { 1147 gen_pop_ret(ctx, cpu_pc); 1148 1149 ctx->base.is_jmp = DISAS_LOOKUP; 1150 return true; 1151 } 1152 1153 /* 1154 * Returns from interrupt. The return address is loaded from the STACK and 1155 * the Global Interrupt Flag is set. Note that the Status Register is not 1156 * automatically stored when entering an interrupt routine, and it is not 1157 * restored when returning from an interrupt routine. This must be handled by 1158 * the application program. The Stack Pointer uses a pre-increment scheme 1159 * during RETI. 1160 */ 1161 static bool trans_RETI(DisasContext *ctx, arg_RETI *a) 1162 { 1163 gen_pop_ret(ctx, cpu_pc); 1164 tcg_gen_movi_tl(cpu_If, 1); 1165 1166 /* Need to return to main loop to re-evaluate interrupts. */ 1167 ctx->base.is_jmp = DISAS_EXIT; 1168 return true; 1169 } 1170 1171 /* 1172 * This instruction performs a compare between two registers Rd and Rr, and 1173 * skips the next instruction if Rd = Rr. 1174 */ 1175 static bool trans_CPSE(DisasContext *ctx, arg_CPSE *a) 1176 { 1177 ctx->skip_cond = TCG_COND_EQ; 1178 ctx->skip_var0 = cpu_r[a->rd]; 1179 ctx->skip_var1 = cpu_r[a->rr]; 1180 return true; 1181 } 1182 1183 /* 1184 * This instruction performs a compare between two registers Rd and Rr. 1185 * None of the registers are changed. All conditional branches can be used 1186 * after this instruction. 1187 */ 1188 static bool trans_CP(DisasContext *ctx, arg_CP *a) 1189 { 1190 TCGv Rd = cpu_r[a->rd]; 1191 TCGv Rr = cpu_r[a->rr]; 1192 TCGv R = tcg_temp_new_i32(); 1193 1194 tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr */ 1195 tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */ 1196 1197 /* update status register */ 1198 gen_sub_CHf(R, Rd, Rr); 1199 gen_sub_Vf(R, Rd, Rr); 1200 gen_ZNSf(R); 1201 return true; 1202 } 1203 1204 /* 1205 * This instruction performs a compare between two registers Rd and Rr and 1206 * also takes into account the previous carry. None of the registers are 1207 * changed. All conditional branches can be used after this instruction. 1208 */ 1209 static bool trans_CPC(DisasContext *ctx, arg_CPC *a) 1210 { 1211 TCGv Rd = cpu_r[a->rd]; 1212 TCGv Rr = cpu_r[a->rr]; 1213 TCGv R = tcg_temp_new_i32(); 1214 TCGv zero = tcg_constant_i32(0); 1215 1216 tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr - Cf */ 1217 tcg_gen_sub_tl(R, R, cpu_Cf); 1218 tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */ 1219 /* update status register */ 1220 gen_sub_CHf(R, Rd, Rr); 1221 gen_sub_Vf(R, Rd, Rr); 1222 gen_NSf(R); 1223 1224 /* 1225 * Previous value remains unchanged when the result is zero; 1226 * cleared otherwise. 1227 */ 1228 tcg_gen_movcond_tl(TCG_COND_EQ, cpu_Zf, R, zero, cpu_Zf, zero); 1229 return true; 1230 } 1231 1232 /* 1233 * This instruction performs a compare between register Rd and a constant. 1234 * The register is not changed. All conditional branches can be used after this 1235 * instruction. 1236 */ 1237 static bool trans_CPI(DisasContext *ctx, arg_CPI *a) 1238 { 1239 TCGv Rd = cpu_r[a->rd]; 1240 int Imm = a->imm; 1241 TCGv Rr = tcg_constant_i32(Imm); 1242 TCGv R = tcg_temp_new_i32(); 1243 1244 tcg_gen_sub_tl(R, Rd, Rr); /* R = Rd - Rr */ 1245 tcg_gen_andi_tl(R, R, 0xff); /* make it 8 bits */ 1246 1247 /* update status register */ 1248 gen_sub_CHf(R, Rd, Rr); 1249 gen_sub_Vf(R, Rd, Rr); 1250 gen_ZNSf(R); 1251 return true; 1252 } 1253 1254 /* 1255 * This instruction tests a single bit in a register and skips the next 1256 * instruction if the bit is cleared. 1257 */ 1258 static bool trans_SBRC(DisasContext *ctx, arg_SBRC *a) 1259 { 1260 TCGv Rr = cpu_r[a->rr]; 1261 1262 ctx->skip_cond = TCG_COND_EQ; 1263 ctx->skip_var0 = tcg_temp_new(); 1264 1265 tcg_gen_andi_tl(ctx->skip_var0, Rr, 1 << a->bit); 1266 return true; 1267 } 1268 1269 /* 1270 * This instruction tests a single bit in a register and skips the next 1271 * instruction if the bit is set. 1272 */ 1273 static bool trans_SBRS(DisasContext *ctx, arg_SBRS *a) 1274 { 1275 TCGv Rr = cpu_r[a->rr]; 1276 1277 ctx->skip_cond = TCG_COND_NE; 1278 ctx->skip_var0 = tcg_temp_new(); 1279 1280 tcg_gen_andi_tl(ctx->skip_var0, Rr, 1 << a->bit); 1281 return true; 1282 } 1283 1284 /* 1285 * This instruction tests a single bit in an I/O Register and skips the 1286 * next instruction if the bit is cleared. This instruction operates on the 1287 * lower 32 I/O Registers -- addresses 0-31. 1288 */ 1289 static bool trans_SBIC(DisasContext *ctx, arg_SBIC *a) 1290 { 1291 TCGv data = tcg_temp_new_i32(); 1292 TCGv port = tcg_constant_i32(a->reg); 1293 1294 gen_helper_inb(data, cpu_env, port); 1295 tcg_gen_andi_tl(data, data, 1 << a->bit); 1296 ctx->skip_cond = TCG_COND_EQ; 1297 ctx->skip_var0 = data; 1298 1299 return true; 1300 } 1301 1302 /* 1303 * This instruction tests a single bit in an I/O Register and skips the 1304 * next instruction if the bit is set. This instruction operates on the lower 1305 * 32 I/O Registers -- addresses 0-31. 1306 */ 1307 static bool trans_SBIS(DisasContext *ctx, arg_SBIS *a) 1308 { 1309 TCGv data = tcg_temp_new_i32(); 1310 TCGv port = tcg_constant_i32(a->reg); 1311 1312 gen_helper_inb(data, cpu_env, port); 1313 tcg_gen_andi_tl(data, data, 1 << a->bit); 1314 ctx->skip_cond = TCG_COND_NE; 1315 ctx->skip_var0 = data; 1316 1317 return true; 1318 } 1319 1320 /* 1321 * Conditional relative branch. Tests a single bit in SREG and branches 1322 * relatively to PC if the bit is cleared. This instruction branches relatively 1323 * to PC in either direction (PC - 63 < = destination <= PC + 64). The 1324 * parameter k is the offset from PC and is represented in two's complement 1325 * form. 1326 */ 1327 static bool trans_BRBC(DisasContext *ctx, arg_BRBC *a) 1328 { 1329 TCGLabel *not_taken = gen_new_label(); 1330 1331 TCGv var; 1332 1333 switch (a->bit) { 1334 case 0x00: 1335 var = cpu_Cf; 1336 break; 1337 case 0x01: 1338 var = cpu_Zf; 1339 break; 1340 case 0x02: 1341 var = cpu_Nf; 1342 break; 1343 case 0x03: 1344 var = cpu_Vf; 1345 break; 1346 case 0x04: 1347 var = cpu_Sf; 1348 break; 1349 case 0x05: 1350 var = cpu_Hf; 1351 break; 1352 case 0x06: 1353 var = cpu_Tf; 1354 break; 1355 case 0x07: 1356 var = cpu_If; 1357 break; 1358 default: 1359 g_assert_not_reached(); 1360 } 1361 1362 tcg_gen_brcondi_i32(TCG_COND_NE, var, 0, not_taken); 1363 gen_goto_tb(ctx, 0, ctx->npc + a->imm); 1364 gen_set_label(not_taken); 1365 1366 ctx->base.is_jmp = DISAS_CHAIN; 1367 return true; 1368 } 1369 1370 /* 1371 * Conditional relative branch. Tests a single bit in SREG and branches 1372 * relatively to PC if the bit is set. This instruction branches relatively to 1373 * PC in either direction (PC - 63 < = destination <= PC + 64). The parameter k 1374 * is the offset from PC and is represented in two's complement form. 1375 */ 1376 static bool trans_BRBS(DisasContext *ctx, arg_BRBS *a) 1377 { 1378 TCGLabel *not_taken = gen_new_label(); 1379 1380 TCGv var; 1381 1382 switch (a->bit) { 1383 case 0x00: 1384 var = cpu_Cf; 1385 break; 1386 case 0x01: 1387 var = cpu_Zf; 1388 break; 1389 case 0x02: 1390 var = cpu_Nf; 1391 break; 1392 case 0x03: 1393 var = cpu_Vf; 1394 break; 1395 case 0x04: 1396 var = cpu_Sf; 1397 break; 1398 case 0x05: 1399 var = cpu_Hf; 1400 break; 1401 case 0x06: 1402 var = cpu_Tf; 1403 break; 1404 case 0x07: 1405 var = cpu_If; 1406 break; 1407 default: 1408 g_assert_not_reached(); 1409 } 1410 1411 tcg_gen_brcondi_i32(TCG_COND_EQ, var, 0, not_taken); 1412 gen_goto_tb(ctx, 0, ctx->npc + a->imm); 1413 gen_set_label(not_taken); 1414 1415 ctx->base.is_jmp = DISAS_CHAIN; 1416 return true; 1417 } 1418 1419 /* 1420 * Data Transfer Instructions 1421 */ 1422 1423 /* 1424 * in the gen_set_addr & gen_get_addr functions 1425 * H assumed to be in 0x00ff0000 format 1426 * M assumed to be in 0x000000ff format 1427 * L assumed to be in 0x000000ff format 1428 */ 1429 static void gen_set_addr(TCGv addr, TCGv H, TCGv M, TCGv L) 1430 { 1431 1432 tcg_gen_andi_tl(L, addr, 0x000000ff); 1433 1434 tcg_gen_andi_tl(M, addr, 0x0000ff00); 1435 tcg_gen_shri_tl(M, M, 8); 1436 1437 tcg_gen_andi_tl(H, addr, 0x00ff0000); 1438 } 1439 1440 static void gen_set_xaddr(TCGv addr) 1441 { 1442 gen_set_addr(addr, cpu_rampX, cpu_r[27], cpu_r[26]); 1443 } 1444 1445 static void gen_set_yaddr(TCGv addr) 1446 { 1447 gen_set_addr(addr, cpu_rampY, cpu_r[29], cpu_r[28]); 1448 } 1449 1450 static void gen_set_zaddr(TCGv addr) 1451 { 1452 gen_set_addr(addr, cpu_rampZ, cpu_r[31], cpu_r[30]); 1453 } 1454 1455 static TCGv gen_get_addr(TCGv H, TCGv M, TCGv L) 1456 { 1457 TCGv addr = tcg_temp_new_i32(); 1458 1459 tcg_gen_deposit_tl(addr, M, H, 8, 8); 1460 tcg_gen_deposit_tl(addr, L, addr, 8, 16); 1461 1462 return addr; 1463 } 1464 1465 static TCGv gen_get_xaddr(void) 1466 { 1467 return gen_get_addr(cpu_rampX, cpu_r[27], cpu_r[26]); 1468 } 1469 1470 static TCGv gen_get_yaddr(void) 1471 { 1472 return gen_get_addr(cpu_rampY, cpu_r[29], cpu_r[28]); 1473 } 1474 1475 static TCGv gen_get_zaddr(void) 1476 { 1477 return gen_get_addr(cpu_rampZ, cpu_r[31], cpu_r[30]); 1478 } 1479 1480 /* 1481 * Load one byte indirect from data space to register and stores an clear 1482 * the bits in data space specified by the register. The instruction can only 1483 * be used towards internal SRAM. The data location is pointed to by the Z (16 1484 * bits) Pointer Register in the Register File. Memory access is limited to the 1485 * current data segment of 64KB. To access another data segment in devices with 1486 * more than 64KB data space, the RAMPZ in register in the I/O area has to be 1487 * changed. The Z-pointer Register is left unchanged by the operation. This 1488 * instruction is especially suited for clearing status bits stored in SRAM. 1489 */ 1490 static void gen_data_store(DisasContext *ctx, TCGv data, TCGv addr) 1491 { 1492 if (ctx->base.tb->flags & TB_FLAGS_FULL_ACCESS) { 1493 gen_helper_fullwr(cpu_env, data, addr); 1494 } else { 1495 tcg_gen_qemu_st8(data, addr, MMU_DATA_IDX); /* mem[addr] = data */ 1496 } 1497 } 1498 1499 static void gen_data_load(DisasContext *ctx, TCGv data, TCGv addr) 1500 { 1501 if (ctx->base.tb->flags & TB_FLAGS_FULL_ACCESS) { 1502 gen_helper_fullrd(data, cpu_env, addr); 1503 } else { 1504 tcg_gen_qemu_ld8u(data, addr, MMU_DATA_IDX); /* data = mem[addr] */ 1505 } 1506 } 1507 1508 /* 1509 * This instruction makes a copy of one register into another. The source 1510 * register Rr is left unchanged, while the destination register Rd is loaded 1511 * with a copy of Rr. 1512 */ 1513 static bool trans_MOV(DisasContext *ctx, arg_MOV *a) 1514 { 1515 TCGv Rd = cpu_r[a->rd]; 1516 TCGv Rr = cpu_r[a->rr]; 1517 1518 tcg_gen_mov_tl(Rd, Rr); 1519 1520 return true; 1521 } 1522 1523 /* 1524 * This instruction makes a copy of one register pair into another register 1525 * pair. The source register pair Rr+1:Rr is left unchanged, while the 1526 * destination register pair Rd+1:Rd is loaded with a copy of Rr + 1:Rr. This 1527 * instruction is not available in all devices. Refer to the device specific 1528 * instruction set summary. 1529 */ 1530 static bool trans_MOVW(DisasContext *ctx, arg_MOVW *a) 1531 { 1532 if (!avr_have_feature(ctx, AVR_FEATURE_MOVW)) { 1533 return true; 1534 } 1535 1536 TCGv RdL = cpu_r[a->rd]; 1537 TCGv RdH = cpu_r[a->rd + 1]; 1538 TCGv RrL = cpu_r[a->rr]; 1539 TCGv RrH = cpu_r[a->rr + 1]; 1540 1541 tcg_gen_mov_tl(RdH, RrH); 1542 tcg_gen_mov_tl(RdL, RrL); 1543 1544 return true; 1545 } 1546 1547 /* 1548 * Loads an 8 bit constant directly to register 16 to 31. 1549 */ 1550 static bool trans_LDI(DisasContext *ctx, arg_LDI *a) 1551 { 1552 TCGv Rd = cpu_r[a->rd]; 1553 int imm = a->imm; 1554 1555 tcg_gen_movi_tl(Rd, imm); 1556 1557 return true; 1558 } 1559 1560 /* 1561 * Loads one byte from the data space to a register. For parts with SRAM, 1562 * the data space consists of the Register File, I/O memory and internal SRAM 1563 * (and external SRAM if applicable). For parts without SRAM, the data space 1564 * consists of the register file only. The EEPROM has a separate address space. 1565 * A 16-bit address must be supplied. Memory access is limited to the current 1566 * data segment of 64KB. The LDS instruction uses the RAMPD Register to access 1567 * memory above 64KB. To access another data segment in devices with more than 1568 * 64KB data space, the RAMPD in register in the I/O area has to be changed. 1569 * This instruction is not available in all devices. Refer to the device 1570 * specific instruction set summary. 1571 */ 1572 static bool trans_LDS(DisasContext *ctx, arg_LDS *a) 1573 { 1574 TCGv Rd = cpu_r[a->rd]; 1575 TCGv addr = tcg_temp_new_i32(); 1576 TCGv H = cpu_rampD; 1577 a->imm = next_word(ctx); 1578 1579 tcg_gen_mov_tl(addr, H); /* addr = H:M:L */ 1580 tcg_gen_shli_tl(addr, addr, 16); 1581 tcg_gen_ori_tl(addr, addr, a->imm); 1582 1583 gen_data_load(ctx, Rd, addr); 1584 return true; 1585 } 1586 1587 /* 1588 * Loads one byte indirect from the data space to a register. For parts 1589 * with SRAM, the data space consists of the Register File, I/O memory and 1590 * internal SRAM (and external SRAM if applicable). For parts without SRAM, the 1591 * data space consists of the Register File only. In some parts the Flash 1592 * Memory has been mapped to the data space and can be read using this command. 1593 * The EEPROM has a separate address space. The data location is pointed to by 1594 * the X (16 bits) Pointer Register in the Register File. Memory access is 1595 * limited to the current data segment of 64KB. To access another data segment 1596 * in devices with more than 64KB data space, the RAMPX in register in the I/O 1597 * area has to be changed. The X-pointer Register can either be left unchanged 1598 * by the operation, or it can be post-incremented or predecremented. These 1599 * features are especially suited for accessing arrays, tables, and Stack 1600 * Pointer usage of the X-pointer Register. Note that only the low byte of the 1601 * X-pointer is updated in devices with no more than 256 bytes data space. For 1602 * such devices, the high byte of the pointer is not used by this instruction 1603 * and can be used for other purposes. The RAMPX Register in the I/O area is 1604 * updated in parts with more than 64KB data space or more than 64KB Program 1605 * memory, and the increment/decrement is added to the entire 24-bit address on 1606 * such devices. Not all variants of this instruction is available in all 1607 * devices. Refer to the device specific instruction set summary. In the 1608 * Reduced Core tinyAVR the LD instruction can be used to achieve the same 1609 * operation as LPM since the program memory is mapped to the data memory 1610 * space. 1611 */ 1612 static bool trans_LDX1(DisasContext *ctx, arg_LDX1 *a) 1613 { 1614 TCGv Rd = cpu_r[a->rd]; 1615 TCGv addr = gen_get_xaddr(); 1616 1617 gen_data_load(ctx, Rd, addr); 1618 return true; 1619 } 1620 1621 static bool trans_LDX2(DisasContext *ctx, arg_LDX2 *a) 1622 { 1623 TCGv Rd = cpu_r[a->rd]; 1624 TCGv addr = gen_get_xaddr(); 1625 1626 gen_data_load(ctx, Rd, addr); 1627 tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */ 1628 1629 gen_set_xaddr(addr); 1630 return true; 1631 } 1632 1633 static bool trans_LDX3(DisasContext *ctx, arg_LDX3 *a) 1634 { 1635 TCGv Rd = cpu_r[a->rd]; 1636 TCGv addr = gen_get_xaddr(); 1637 1638 tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */ 1639 gen_data_load(ctx, Rd, addr); 1640 gen_set_xaddr(addr); 1641 return true; 1642 } 1643 1644 /* 1645 * Loads one byte indirect with or without displacement from the data space 1646 * to a register. For parts with SRAM, the data space consists of the Register 1647 * File, I/O memory and internal SRAM (and external SRAM if applicable). For 1648 * parts without SRAM, the data space consists of the Register File only. In 1649 * some parts the Flash Memory has been mapped to the data space and can be 1650 * read using this command. The EEPROM has a separate address space. The data 1651 * location is pointed to by the Y (16 bits) Pointer Register in the Register 1652 * File. Memory access is limited to the current data segment of 64KB. To 1653 * access another data segment in devices with more than 64KB data space, the 1654 * RAMPY in register in the I/O area has to be changed. The Y-pointer Register 1655 * can either be left unchanged by the operation, or it can be post-incremented 1656 * or predecremented. These features are especially suited for accessing 1657 * arrays, tables, and Stack Pointer usage of the Y-pointer Register. Note that 1658 * only the low byte of the Y-pointer is updated in devices with no more than 1659 * 256 bytes data space. For such devices, the high byte of the pointer is not 1660 * used by this instruction and can be used for other purposes. The RAMPY 1661 * Register in the I/O area is updated in parts with more than 64KB data space 1662 * or more than 64KB Program memory, and the increment/decrement/displacement 1663 * is added to the entire 24-bit address on such devices. Not all variants of 1664 * this instruction is available in all devices. Refer to the device specific 1665 * instruction set summary. In the Reduced Core tinyAVR the LD instruction can 1666 * be used to achieve the same operation as LPM since the program memory is 1667 * mapped to the data memory space. 1668 */ 1669 static bool trans_LDY2(DisasContext *ctx, arg_LDY2 *a) 1670 { 1671 TCGv Rd = cpu_r[a->rd]; 1672 TCGv addr = gen_get_yaddr(); 1673 1674 gen_data_load(ctx, Rd, addr); 1675 tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */ 1676 1677 gen_set_yaddr(addr); 1678 return true; 1679 } 1680 1681 static bool trans_LDY3(DisasContext *ctx, arg_LDY3 *a) 1682 { 1683 TCGv Rd = cpu_r[a->rd]; 1684 TCGv addr = gen_get_yaddr(); 1685 1686 tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */ 1687 gen_data_load(ctx, Rd, addr); 1688 gen_set_yaddr(addr); 1689 return true; 1690 } 1691 1692 static bool trans_LDDY(DisasContext *ctx, arg_LDDY *a) 1693 { 1694 TCGv Rd = cpu_r[a->rd]; 1695 TCGv addr = gen_get_yaddr(); 1696 1697 tcg_gen_addi_tl(addr, addr, a->imm); /* addr = addr + q */ 1698 gen_data_load(ctx, Rd, addr); 1699 return true; 1700 } 1701 1702 /* 1703 * Loads one byte indirect with or without displacement from the data space 1704 * to a register. For parts with SRAM, the data space consists of the Register 1705 * File, I/O memory and internal SRAM (and external SRAM if applicable). For 1706 * parts without SRAM, the data space consists of the Register File only. In 1707 * some parts the Flash Memory has been mapped to the data space and can be 1708 * read using this command. The EEPROM has a separate address space. The data 1709 * location is pointed to by the Z (16 bits) Pointer Register in the Register 1710 * File. Memory access is limited to the current data segment of 64KB. To 1711 * access another data segment in devices with more than 64KB data space, the 1712 * RAMPZ in register in the I/O area has to be changed. The Z-pointer Register 1713 * can either be left unchanged by the operation, or it can be post-incremented 1714 * or predecremented. These features are especially suited for Stack Pointer 1715 * usage of the Z-pointer Register, however because the Z-pointer Register can 1716 * be used for indirect subroutine calls, indirect jumps and table lookup, it 1717 * is often more convenient to use the X or Y-pointer as a dedicated Stack 1718 * Pointer. Note that only the low byte of the Z-pointer is updated in devices 1719 * with no more than 256 bytes data space. For such devices, the high byte of 1720 * the pointer is not used by this instruction and can be used for other 1721 * purposes. The RAMPZ Register in the I/O area is updated in parts with more 1722 * than 64KB data space or more than 64KB Program memory, and the 1723 * increment/decrement/displacement is added to the entire 24-bit address on 1724 * such devices. Not all variants of this instruction is available in all 1725 * devices. Refer to the device specific instruction set summary. In the 1726 * Reduced Core tinyAVR the LD instruction can be used to achieve the same 1727 * operation as LPM since the program memory is mapped to the data memory 1728 * space. For using the Z-pointer for table lookup in Program memory see the 1729 * LPM and ELPM instructions. 1730 */ 1731 static bool trans_LDZ2(DisasContext *ctx, arg_LDZ2 *a) 1732 { 1733 TCGv Rd = cpu_r[a->rd]; 1734 TCGv addr = gen_get_zaddr(); 1735 1736 gen_data_load(ctx, Rd, addr); 1737 tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */ 1738 1739 gen_set_zaddr(addr); 1740 return true; 1741 } 1742 1743 static bool trans_LDZ3(DisasContext *ctx, arg_LDZ3 *a) 1744 { 1745 TCGv Rd = cpu_r[a->rd]; 1746 TCGv addr = gen_get_zaddr(); 1747 1748 tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */ 1749 gen_data_load(ctx, Rd, addr); 1750 1751 gen_set_zaddr(addr); 1752 return true; 1753 } 1754 1755 static bool trans_LDDZ(DisasContext *ctx, arg_LDDZ *a) 1756 { 1757 TCGv Rd = cpu_r[a->rd]; 1758 TCGv addr = gen_get_zaddr(); 1759 1760 tcg_gen_addi_tl(addr, addr, a->imm); /* addr = addr + q */ 1761 gen_data_load(ctx, Rd, addr); 1762 return true; 1763 } 1764 1765 /* 1766 * Stores one byte from a Register to the data space. For parts with SRAM, 1767 * the data space consists of the Register File, I/O memory and internal SRAM 1768 * (and external SRAM if applicable). For parts without SRAM, the data space 1769 * consists of the Register File only. The EEPROM has a separate address space. 1770 * A 16-bit address must be supplied. Memory access is limited to the current 1771 * data segment of 64KB. The STS instruction uses the RAMPD Register to access 1772 * memory above 64KB. To access another data segment in devices with more than 1773 * 64KB data space, the RAMPD in register in the I/O area has to be changed. 1774 * This instruction is not available in all devices. Refer to the device 1775 * specific instruction set summary. 1776 */ 1777 static bool trans_STS(DisasContext *ctx, arg_STS *a) 1778 { 1779 TCGv Rd = cpu_r[a->rd]; 1780 TCGv addr = tcg_temp_new_i32(); 1781 TCGv H = cpu_rampD; 1782 a->imm = next_word(ctx); 1783 1784 tcg_gen_mov_tl(addr, H); /* addr = H:M:L */ 1785 tcg_gen_shli_tl(addr, addr, 16); 1786 tcg_gen_ori_tl(addr, addr, a->imm); 1787 gen_data_store(ctx, Rd, addr); 1788 return true; 1789 } 1790 1791 /* 1792 * Stores one byte indirect from a register to data space. For parts with SRAM, 1793 * the data space consists of the Register File, I/O memory, and internal SRAM 1794 * (and external SRAM if applicable). For parts without SRAM, the data space 1795 * consists of the Register File only. The EEPROM has a separate address space. 1796 * 1797 * The data location is pointed to by the X (16 bits) Pointer Register in the 1798 * Register File. Memory access is limited to the current data segment of 64KB. 1799 * To access another data segment in devices with more than 64KB data space, the 1800 * RAMPX in register in the I/O area has to be changed. 1801 * 1802 * The X-pointer Register can either be left unchanged by the operation, or it 1803 * can be post-incremented or pre-decremented. These features are especially 1804 * suited for accessing arrays, tables, and Stack Pointer usage of the 1805 * X-pointer Register. Note that only the low byte of the X-pointer is updated 1806 * in devices with no more than 256 bytes data space. For such devices, the high 1807 * byte of the pointer is not used by this instruction and can be used for other 1808 * purposes. The RAMPX Register in the I/O area is updated in parts with more 1809 * than 64KB data space or more than 64KB Program memory, and the increment / 1810 * decrement is added to the entire 24-bit address on such devices. 1811 */ 1812 static bool trans_STX1(DisasContext *ctx, arg_STX1 *a) 1813 { 1814 TCGv Rd = cpu_r[a->rr]; 1815 TCGv addr = gen_get_xaddr(); 1816 1817 gen_data_store(ctx, Rd, addr); 1818 return true; 1819 } 1820 1821 static bool trans_STX2(DisasContext *ctx, arg_STX2 *a) 1822 { 1823 TCGv Rd = cpu_r[a->rr]; 1824 TCGv addr = gen_get_xaddr(); 1825 1826 gen_data_store(ctx, Rd, addr); 1827 tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */ 1828 gen_set_xaddr(addr); 1829 return true; 1830 } 1831 1832 static bool trans_STX3(DisasContext *ctx, arg_STX3 *a) 1833 { 1834 TCGv Rd = cpu_r[a->rr]; 1835 TCGv addr = gen_get_xaddr(); 1836 1837 tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */ 1838 gen_data_store(ctx, Rd, addr); 1839 gen_set_xaddr(addr); 1840 return true; 1841 } 1842 1843 /* 1844 * Stores one byte indirect with or without displacement from a register to data 1845 * space. For parts with SRAM, the data space consists of the Register File, I/O 1846 * memory, and internal SRAM (and external SRAM if applicable). For parts 1847 * without SRAM, the data space consists of the Register File only. The EEPROM 1848 * has a separate address space. 1849 * 1850 * The data location is pointed to by the Y (16 bits) Pointer Register in the 1851 * Register File. Memory access is limited to the current data segment of 64KB. 1852 * To access another data segment in devices with more than 64KB data space, the 1853 * RAMPY in register in the I/O area has to be changed. 1854 * 1855 * The Y-pointer Register can either be left unchanged by the operation, or it 1856 * can be post-incremented or pre-decremented. These features are especially 1857 * suited for accessing arrays, tables, and Stack Pointer usage of the Y-pointer 1858 * Register. Note that only the low byte of the Y-pointer is updated in devices 1859 * with no more than 256 bytes data space. For such devices, the high byte of 1860 * the pointer is not used by this instruction and can be used for other 1861 * purposes. The RAMPY Register in the I/O area is updated in parts with more 1862 * than 64KB data space or more than 64KB Program memory, and the increment / 1863 * decrement / displacement is added to the entire 24-bit address on such 1864 * devices. 1865 */ 1866 static bool trans_STY2(DisasContext *ctx, arg_STY2 *a) 1867 { 1868 TCGv Rd = cpu_r[a->rd]; 1869 TCGv addr = gen_get_yaddr(); 1870 1871 gen_data_store(ctx, Rd, addr); 1872 tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */ 1873 gen_set_yaddr(addr); 1874 return true; 1875 } 1876 1877 static bool trans_STY3(DisasContext *ctx, arg_STY3 *a) 1878 { 1879 TCGv Rd = cpu_r[a->rd]; 1880 TCGv addr = gen_get_yaddr(); 1881 1882 tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */ 1883 gen_data_store(ctx, Rd, addr); 1884 gen_set_yaddr(addr); 1885 return true; 1886 } 1887 1888 static bool trans_STDY(DisasContext *ctx, arg_STDY *a) 1889 { 1890 TCGv Rd = cpu_r[a->rd]; 1891 TCGv addr = gen_get_yaddr(); 1892 1893 tcg_gen_addi_tl(addr, addr, a->imm); /* addr = addr + q */ 1894 gen_data_store(ctx, Rd, addr); 1895 return true; 1896 } 1897 1898 /* 1899 * Stores one byte indirect with or without displacement from a register to data 1900 * space. For parts with SRAM, the data space consists of the Register File, I/O 1901 * memory, and internal SRAM (and external SRAM if applicable). For parts 1902 * without SRAM, the data space consists of the Register File only. The EEPROM 1903 * has a separate address space. 1904 * 1905 * The data location is pointed to by the Y (16 bits) Pointer Register in the 1906 * Register File. Memory access is limited to the current data segment of 64KB. 1907 * To access another data segment in devices with more than 64KB data space, the 1908 * RAMPY in register in the I/O area has to be changed. 1909 * 1910 * The Y-pointer Register can either be left unchanged by the operation, or it 1911 * can be post-incremented or pre-decremented. These features are especially 1912 * suited for accessing arrays, tables, and Stack Pointer usage of the Y-pointer 1913 * Register. Note that only the low byte of the Y-pointer is updated in devices 1914 * with no more than 256 bytes data space. For such devices, the high byte of 1915 * the pointer is not used by this instruction and can be used for other 1916 * purposes. The RAMPY Register in the I/O area is updated in parts with more 1917 * than 64KB data space or more than 64KB Program memory, and the increment / 1918 * decrement / displacement is added to the entire 24-bit address on such 1919 * devices. 1920 */ 1921 static bool trans_STZ2(DisasContext *ctx, arg_STZ2 *a) 1922 { 1923 TCGv Rd = cpu_r[a->rd]; 1924 TCGv addr = gen_get_zaddr(); 1925 1926 gen_data_store(ctx, Rd, addr); 1927 tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */ 1928 1929 gen_set_zaddr(addr); 1930 return true; 1931 } 1932 1933 static bool trans_STZ3(DisasContext *ctx, arg_STZ3 *a) 1934 { 1935 TCGv Rd = cpu_r[a->rd]; 1936 TCGv addr = gen_get_zaddr(); 1937 1938 tcg_gen_subi_tl(addr, addr, 1); /* addr = addr - 1 */ 1939 gen_data_store(ctx, Rd, addr); 1940 1941 gen_set_zaddr(addr); 1942 return true; 1943 } 1944 1945 static bool trans_STDZ(DisasContext *ctx, arg_STDZ *a) 1946 { 1947 TCGv Rd = cpu_r[a->rd]; 1948 TCGv addr = gen_get_zaddr(); 1949 1950 tcg_gen_addi_tl(addr, addr, a->imm); /* addr = addr + q */ 1951 gen_data_store(ctx, Rd, addr); 1952 return true; 1953 } 1954 1955 /* 1956 * Loads one byte pointed to by the Z-register into the destination 1957 * register Rd. This instruction features a 100% space effective constant 1958 * initialization or constant data fetch. The Program memory is organized in 1959 * 16-bit words while the Z-pointer is a byte address. Thus, the least 1960 * significant bit of the Z-pointer selects either low byte (ZLSB = 0) or high 1961 * byte (ZLSB = 1). This instruction can address the first 64KB (32K words) of 1962 * Program memory. The Zpointer Register can either be left unchanged by the 1963 * operation, or it can be incremented. The incrementation does not apply to 1964 * the RAMPZ Register. 1965 * 1966 * Devices with Self-Programming capability can use the LPM instruction to read 1967 * the Fuse and Lock bit values. 1968 */ 1969 static bool trans_LPM1(DisasContext *ctx, arg_LPM1 *a) 1970 { 1971 if (!avr_have_feature(ctx, AVR_FEATURE_LPM)) { 1972 return true; 1973 } 1974 1975 TCGv Rd = cpu_r[0]; 1976 TCGv addr = tcg_temp_new_i32(); 1977 TCGv H = cpu_r[31]; 1978 TCGv L = cpu_r[30]; 1979 1980 tcg_gen_shli_tl(addr, H, 8); /* addr = H:L */ 1981 tcg_gen_or_tl(addr, addr, L); 1982 tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */ 1983 return true; 1984 } 1985 1986 static bool trans_LPM2(DisasContext *ctx, arg_LPM2 *a) 1987 { 1988 if (!avr_have_feature(ctx, AVR_FEATURE_LPM)) { 1989 return true; 1990 } 1991 1992 TCGv Rd = cpu_r[a->rd]; 1993 TCGv addr = tcg_temp_new_i32(); 1994 TCGv H = cpu_r[31]; 1995 TCGv L = cpu_r[30]; 1996 1997 tcg_gen_shli_tl(addr, H, 8); /* addr = H:L */ 1998 tcg_gen_or_tl(addr, addr, L); 1999 tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */ 2000 return true; 2001 } 2002 2003 static bool trans_LPMX(DisasContext *ctx, arg_LPMX *a) 2004 { 2005 if (!avr_have_feature(ctx, AVR_FEATURE_LPMX)) { 2006 return true; 2007 } 2008 2009 TCGv Rd = cpu_r[a->rd]; 2010 TCGv addr = tcg_temp_new_i32(); 2011 TCGv H = cpu_r[31]; 2012 TCGv L = cpu_r[30]; 2013 2014 tcg_gen_shli_tl(addr, H, 8); /* addr = H:L */ 2015 tcg_gen_or_tl(addr, addr, L); 2016 tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */ 2017 tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */ 2018 tcg_gen_andi_tl(L, addr, 0xff); 2019 tcg_gen_shri_tl(addr, addr, 8); 2020 tcg_gen_andi_tl(H, addr, 0xff); 2021 return true; 2022 } 2023 2024 /* 2025 * Loads one byte pointed to by the Z-register and the RAMPZ Register in 2026 * the I/O space, and places this byte in the destination register Rd. This 2027 * instruction features a 100% space effective constant initialization or 2028 * constant data fetch. The Program memory is organized in 16-bit words while 2029 * the Z-pointer is a byte address. Thus, the least significant bit of the 2030 * Z-pointer selects either low byte (ZLSB = 0) or high byte (ZLSB = 1). This 2031 * instruction can address the entire Program memory space. The Z-pointer 2032 * Register can either be left unchanged by the operation, or it can be 2033 * incremented. The incrementation applies to the entire 24-bit concatenation 2034 * of the RAMPZ and Z-pointer Registers. 2035 * 2036 * Devices with Self-Programming capability can use the ELPM instruction to 2037 * read the Fuse and Lock bit value. 2038 */ 2039 static bool trans_ELPM1(DisasContext *ctx, arg_ELPM1 *a) 2040 { 2041 if (!avr_have_feature(ctx, AVR_FEATURE_ELPM)) { 2042 return true; 2043 } 2044 2045 TCGv Rd = cpu_r[0]; 2046 TCGv addr = gen_get_zaddr(); 2047 2048 tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */ 2049 return true; 2050 } 2051 2052 static bool trans_ELPM2(DisasContext *ctx, arg_ELPM2 *a) 2053 { 2054 if (!avr_have_feature(ctx, AVR_FEATURE_ELPM)) { 2055 return true; 2056 } 2057 2058 TCGv Rd = cpu_r[a->rd]; 2059 TCGv addr = gen_get_zaddr(); 2060 2061 tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */ 2062 return true; 2063 } 2064 2065 static bool trans_ELPMX(DisasContext *ctx, arg_ELPMX *a) 2066 { 2067 if (!avr_have_feature(ctx, AVR_FEATURE_ELPMX)) { 2068 return true; 2069 } 2070 2071 TCGv Rd = cpu_r[a->rd]; 2072 TCGv addr = gen_get_zaddr(); 2073 2074 tcg_gen_qemu_ld8u(Rd, addr, MMU_CODE_IDX); /* Rd = mem[addr] */ 2075 tcg_gen_addi_tl(addr, addr, 1); /* addr = addr + 1 */ 2076 gen_set_zaddr(addr); 2077 return true; 2078 } 2079 2080 /* 2081 * SPM can be used to erase a page in the Program memory, to write a page 2082 * in the Program memory (that is already erased), and to set Boot Loader Lock 2083 * bits. In some devices, the Program memory can be written one word at a time, 2084 * in other devices an entire page can be programmed simultaneously after first 2085 * filling a temporary page buffer. In all cases, the Program memory must be 2086 * erased one page at a time. When erasing the Program memory, the RAMPZ and 2087 * Z-register are used as page address. When writing the Program memory, the 2088 * RAMPZ and Z-register are used as page or word address, and the R1:R0 2089 * register pair is used as data(1). When setting the Boot Loader Lock bits, 2090 * the R1:R0 register pair is used as data. Refer to the device documentation 2091 * for detailed description of SPM usage. This instruction can address the 2092 * entire Program memory. 2093 * 2094 * The SPM instruction is not available in all devices. Refer to the device 2095 * specific instruction set summary. 2096 * 2097 * Note: 1. R1 determines the instruction high byte, and R0 determines the 2098 * instruction low byte. 2099 */ 2100 static bool trans_SPM(DisasContext *ctx, arg_SPM *a) 2101 { 2102 /* TODO */ 2103 if (!avr_have_feature(ctx, AVR_FEATURE_SPM)) { 2104 return true; 2105 } 2106 2107 return true; 2108 } 2109 2110 static bool trans_SPMX(DisasContext *ctx, arg_SPMX *a) 2111 { 2112 /* TODO */ 2113 if (!avr_have_feature(ctx, AVR_FEATURE_SPMX)) { 2114 return true; 2115 } 2116 2117 return true; 2118 } 2119 2120 /* 2121 * Loads data from the I/O Space (Ports, Timers, Configuration Registers, 2122 * etc.) into register Rd in the Register File. 2123 */ 2124 static bool trans_IN(DisasContext *ctx, arg_IN *a) 2125 { 2126 TCGv Rd = cpu_r[a->rd]; 2127 TCGv port = tcg_constant_i32(a->imm); 2128 2129 gen_helper_inb(Rd, cpu_env, port); 2130 return true; 2131 } 2132 2133 /* 2134 * Stores data from register Rr in the Register File to I/O Space (Ports, 2135 * Timers, Configuration Registers, etc.). 2136 */ 2137 static bool trans_OUT(DisasContext *ctx, arg_OUT *a) 2138 { 2139 TCGv Rd = cpu_r[a->rd]; 2140 TCGv port = tcg_constant_i32(a->imm); 2141 2142 gen_helper_outb(cpu_env, port, Rd); 2143 return true; 2144 } 2145 2146 /* 2147 * This instruction stores the contents of register Rr on the STACK. The 2148 * Stack Pointer is post-decremented by 1 after the PUSH. This instruction is 2149 * not available in all devices. Refer to the device specific instruction set 2150 * summary. 2151 */ 2152 static bool trans_PUSH(DisasContext *ctx, arg_PUSH *a) 2153 { 2154 TCGv Rd = cpu_r[a->rd]; 2155 2156 gen_data_store(ctx, Rd, cpu_sp); 2157 tcg_gen_subi_tl(cpu_sp, cpu_sp, 1); 2158 2159 return true; 2160 } 2161 2162 /* 2163 * This instruction loads register Rd with a byte from the STACK. The Stack 2164 * Pointer is pre-incremented by 1 before the POP. This instruction is not 2165 * available in all devices. Refer to the device specific instruction set 2166 * summary. 2167 */ 2168 static bool trans_POP(DisasContext *ctx, arg_POP *a) 2169 { 2170 /* 2171 * Using a temp to work around some strange behaviour: 2172 * tcg_gen_addi_tl(cpu_sp, cpu_sp, 1); 2173 * gen_data_load(ctx, Rd, cpu_sp); 2174 * seems to cause the add to happen twice. 2175 * This doesn't happen if either the add or the load is removed. 2176 */ 2177 TCGv t1 = tcg_temp_new_i32(); 2178 TCGv Rd = cpu_r[a->rd]; 2179 2180 tcg_gen_addi_tl(t1, cpu_sp, 1); 2181 gen_data_load(ctx, Rd, t1); 2182 tcg_gen_mov_tl(cpu_sp, t1); 2183 2184 return true; 2185 } 2186 2187 /* 2188 * Exchanges one byte indirect between register and data space. The data 2189 * location is pointed to by the Z (16 bits) Pointer Register in the Register 2190 * File. Memory access is limited to the current data segment of 64KB. To 2191 * access another data segment in devices with more than 64KB data space, the 2192 * RAMPZ in register in the I/O area has to be changed. 2193 * 2194 * The Z-pointer Register is left unchanged by the operation. This instruction 2195 * is especially suited for writing/reading status bits stored in SRAM. 2196 */ 2197 static bool trans_XCH(DisasContext *ctx, arg_XCH *a) 2198 { 2199 if (!avr_have_feature(ctx, AVR_FEATURE_RMW)) { 2200 return true; 2201 } 2202 2203 TCGv Rd = cpu_r[a->rd]; 2204 TCGv t0 = tcg_temp_new_i32(); 2205 TCGv addr = gen_get_zaddr(); 2206 2207 gen_data_load(ctx, t0, addr); 2208 gen_data_store(ctx, Rd, addr); 2209 tcg_gen_mov_tl(Rd, t0); 2210 return true; 2211 } 2212 2213 /* 2214 * Load one byte indirect from data space to register and set bits in data 2215 * space specified by the register. The instruction can only be used towards 2216 * internal SRAM. The data location is pointed to by the Z (16 bits) Pointer 2217 * Register in the Register File. Memory access is limited to the current data 2218 * segment of 64KB. To access another data segment in devices with more than 2219 * 64KB data space, the RAMPZ in register in the I/O area has to be changed. 2220 * 2221 * The Z-pointer Register is left unchanged by the operation. This instruction 2222 * is especially suited for setting status bits stored in SRAM. 2223 */ 2224 static bool trans_LAS(DisasContext *ctx, arg_LAS *a) 2225 { 2226 if (!avr_have_feature(ctx, AVR_FEATURE_RMW)) { 2227 return true; 2228 } 2229 2230 TCGv Rr = cpu_r[a->rd]; 2231 TCGv addr = gen_get_zaddr(); 2232 TCGv t0 = tcg_temp_new_i32(); 2233 TCGv t1 = tcg_temp_new_i32(); 2234 2235 gen_data_load(ctx, t0, addr); /* t0 = mem[addr] */ 2236 tcg_gen_or_tl(t1, t0, Rr); 2237 tcg_gen_mov_tl(Rr, t0); /* Rr = t0 */ 2238 gen_data_store(ctx, t1, addr); /* mem[addr] = t1 */ 2239 return true; 2240 } 2241 2242 /* 2243 * Load one byte indirect from data space to register and stores and clear 2244 * the bits in data space specified by the register. The instruction can 2245 * only be used towards internal SRAM. The data location is pointed to by 2246 * the Z (16 bits) Pointer Register in the Register File. Memory access is 2247 * limited to the current data segment of 64KB. To access another data 2248 * segment in devices with more than 64KB data space, the RAMPZ in register 2249 * in the I/O area has to be changed. 2250 * 2251 * The Z-pointer Register is left unchanged by the operation. This instruction 2252 * is especially suited for clearing status bits stored in SRAM. 2253 */ 2254 static bool trans_LAC(DisasContext *ctx, arg_LAC *a) 2255 { 2256 if (!avr_have_feature(ctx, AVR_FEATURE_RMW)) { 2257 return true; 2258 } 2259 2260 TCGv Rr = cpu_r[a->rd]; 2261 TCGv addr = gen_get_zaddr(); 2262 TCGv t0 = tcg_temp_new_i32(); 2263 TCGv t1 = tcg_temp_new_i32(); 2264 2265 gen_data_load(ctx, t0, addr); /* t0 = mem[addr] */ 2266 tcg_gen_andc_tl(t1, t0, Rr); /* t1 = t0 & (0xff - Rr) = t0 & ~Rr */ 2267 tcg_gen_mov_tl(Rr, t0); /* Rr = t0 */ 2268 gen_data_store(ctx, t1, addr); /* mem[addr] = t1 */ 2269 return true; 2270 } 2271 2272 2273 /* 2274 * Load one byte indirect from data space to register and toggles bits in 2275 * the data space specified by the register. The instruction can only be used 2276 * towards SRAM. The data location is pointed to by the Z (16 bits) Pointer 2277 * Register in the Register File. Memory access is limited to the current data 2278 * segment of 64KB. To access another data segment in devices with more than 2279 * 64KB data space, the RAMPZ in register in the I/O area has to be changed. 2280 * 2281 * The Z-pointer Register is left unchanged by the operation. This instruction 2282 * is especially suited for changing status bits stored in SRAM. 2283 */ 2284 static bool trans_LAT(DisasContext *ctx, arg_LAT *a) 2285 { 2286 if (!avr_have_feature(ctx, AVR_FEATURE_RMW)) { 2287 return true; 2288 } 2289 2290 TCGv Rd = cpu_r[a->rd]; 2291 TCGv addr = gen_get_zaddr(); 2292 TCGv t0 = tcg_temp_new_i32(); 2293 TCGv t1 = tcg_temp_new_i32(); 2294 2295 gen_data_load(ctx, t0, addr); /* t0 = mem[addr] */ 2296 tcg_gen_xor_tl(t1, t0, Rd); 2297 tcg_gen_mov_tl(Rd, t0); /* Rd = t0 */ 2298 gen_data_store(ctx, t1, addr); /* mem[addr] = t1 */ 2299 return true; 2300 } 2301 2302 /* 2303 * Bit and Bit-test Instructions 2304 */ 2305 static void gen_rshift_ZNVSf(TCGv R) 2306 { 2307 tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, R, 0); /* Zf = R == 0 */ 2308 tcg_gen_shri_tl(cpu_Nf, R, 7); /* Nf = R(7) */ 2309 tcg_gen_xor_tl(cpu_Vf, cpu_Nf, cpu_Cf); 2310 tcg_gen_xor_tl(cpu_Sf, cpu_Nf, cpu_Vf); /* Sf = Nf ^ Vf */ 2311 } 2312 2313 /* 2314 * Shifts all bits in Rd one place to the right. Bit 7 is cleared. Bit 0 is 2315 * loaded into the C Flag of the SREG. This operation effectively divides an 2316 * unsigned value by two. The C Flag can be used to round the result. 2317 */ 2318 static bool trans_LSR(DisasContext *ctx, arg_LSR *a) 2319 { 2320 TCGv Rd = cpu_r[a->rd]; 2321 2322 tcg_gen_andi_tl(cpu_Cf, Rd, 1); 2323 tcg_gen_shri_tl(Rd, Rd, 1); 2324 2325 /* update status register */ 2326 tcg_gen_setcondi_tl(TCG_COND_EQ, cpu_Zf, Rd, 0); /* Zf = Rd == 0 */ 2327 tcg_gen_movi_tl(cpu_Nf, 0); 2328 tcg_gen_mov_tl(cpu_Vf, cpu_Cf); 2329 tcg_gen_mov_tl(cpu_Sf, cpu_Vf); 2330 2331 return true; 2332 } 2333 2334 /* 2335 * Shifts all bits in Rd one place to the right. The C Flag is shifted into 2336 * bit 7 of Rd. Bit 0 is shifted into the C Flag. This operation, combined 2337 * with ASR, effectively divides multi-byte signed values by two. Combined with 2338 * LSR it effectively divides multi-byte unsigned values by two. The Carry Flag 2339 * can be used to round the result. 2340 */ 2341 static bool trans_ROR(DisasContext *ctx, arg_ROR *a) 2342 { 2343 TCGv Rd = cpu_r[a->rd]; 2344 TCGv t0 = tcg_temp_new_i32(); 2345 2346 tcg_gen_shli_tl(t0, cpu_Cf, 7); 2347 2348 /* update status register */ 2349 tcg_gen_andi_tl(cpu_Cf, Rd, 1); 2350 2351 /* update output register */ 2352 tcg_gen_shri_tl(Rd, Rd, 1); 2353 tcg_gen_or_tl(Rd, Rd, t0); 2354 2355 /* update status register */ 2356 gen_rshift_ZNVSf(Rd); 2357 return true; 2358 } 2359 2360 /* 2361 * Shifts all bits in Rd one place to the right. Bit 7 is held constant. Bit 0 2362 * is loaded into the C Flag of the SREG. This operation effectively divides a 2363 * signed value by two without changing its sign. The Carry Flag can be used to 2364 * round the result. 2365 */ 2366 static bool trans_ASR(DisasContext *ctx, arg_ASR *a) 2367 { 2368 TCGv Rd = cpu_r[a->rd]; 2369 TCGv t0 = tcg_temp_new_i32(); 2370 2371 /* update status register */ 2372 tcg_gen_andi_tl(cpu_Cf, Rd, 1); /* Cf = Rd(0) */ 2373 2374 /* update output register */ 2375 tcg_gen_andi_tl(t0, Rd, 0x80); /* Rd = (Rd & 0x80) | (Rd >> 1) */ 2376 tcg_gen_shri_tl(Rd, Rd, 1); 2377 tcg_gen_or_tl(Rd, Rd, t0); 2378 2379 /* update status register */ 2380 gen_rshift_ZNVSf(Rd); 2381 return true; 2382 } 2383 2384 /* 2385 * Swaps high and low nibbles in a register. 2386 */ 2387 static bool trans_SWAP(DisasContext *ctx, arg_SWAP *a) 2388 { 2389 TCGv Rd = cpu_r[a->rd]; 2390 TCGv t0 = tcg_temp_new_i32(); 2391 TCGv t1 = tcg_temp_new_i32(); 2392 2393 tcg_gen_andi_tl(t0, Rd, 0x0f); 2394 tcg_gen_shli_tl(t0, t0, 4); 2395 tcg_gen_andi_tl(t1, Rd, 0xf0); 2396 tcg_gen_shri_tl(t1, t1, 4); 2397 tcg_gen_or_tl(Rd, t0, t1); 2398 return true; 2399 } 2400 2401 /* 2402 * Sets a specified bit in an I/O Register. This instruction operates on 2403 * the lower 32 I/O Registers -- addresses 0-31. 2404 */ 2405 static bool trans_SBI(DisasContext *ctx, arg_SBI *a) 2406 { 2407 TCGv data = tcg_temp_new_i32(); 2408 TCGv port = tcg_constant_i32(a->reg); 2409 2410 gen_helper_inb(data, cpu_env, port); 2411 tcg_gen_ori_tl(data, data, 1 << a->bit); 2412 gen_helper_outb(cpu_env, port, data); 2413 return true; 2414 } 2415 2416 /* 2417 * Clears a specified bit in an I/O Register. This instruction operates on 2418 * the lower 32 I/O Registers -- addresses 0-31. 2419 */ 2420 static bool trans_CBI(DisasContext *ctx, arg_CBI *a) 2421 { 2422 TCGv data = tcg_temp_new_i32(); 2423 TCGv port = tcg_constant_i32(a->reg); 2424 2425 gen_helper_inb(data, cpu_env, port); 2426 tcg_gen_andi_tl(data, data, ~(1 << a->bit)); 2427 gen_helper_outb(cpu_env, port, data); 2428 return true; 2429 } 2430 2431 /* 2432 * Stores bit b from Rd to the T Flag in SREG (Status Register). 2433 */ 2434 static bool trans_BST(DisasContext *ctx, arg_BST *a) 2435 { 2436 TCGv Rd = cpu_r[a->rd]; 2437 2438 tcg_gen_andi_tl(cpu_Tf, Rd, 1 << a->bit); 2439 tcg_gen_shri_tl(cpu_Tf, cpu_Tf, a->bit); 2440 2441 return true; 2442 } 2443 2444 /* 2445 * Copies the T Flag in the SREG (Status Register) to bit b in register Rd. 2446 */ 2447 static bool trans_BLD(DisasContext *ctx, arg_BLD *a) 2448 { 2449 TCGv Rd = cpu_r[a->rd]; 2450 TCGv t1 = tcg_temp_new_i32(); 2451 2452 tcg_gen_andi_tl(Rd, Rd, ~(1u << a->bit)); /* clear bit */ 2453 tcg_gen_shli_tl(t1, cpu_Tf, a->bit); /* create mask */ 2454 tcg_gen_or_tl(Rd, Rd, t1); 2455 return true; 2456 } 2457 2458 /* 2459 * Sets a single Flag or bit in SREG. 2460 */ 2461 static bool trans_BSET(DisasContext *ctx, arg_BSET *a) 2462 { 2463 switch (a->bit) { 2464 case 0x00: 2465 tcg_gen_movi_tl(cpu_Cf, 0x01); 2466 break; 2467 case 0x01: 2468 tcg_gen_movi_tl(cpu_Zf, 0x01); 2469 break; 2470 case 0x02: 2471 tcg_gen_movi_tl(cpu_Nf, 0x01); 2472 break; 2473 case 0x03: 2474 tcg_gen_movi_tl(cpu_Vf, 0x01); 2475 break; 2476 case 0x04: 2477 tcg_gen_movi_tl(cpu_Sf, 0x01); 2478 break; 2479 case 0x05: 2480 tcg_gen_movi_tl(cpu_Hf, 0x01); 2481 break; 2482 case 0x06: 2483 tcg_gen_movi_tl(cpu_Tf, 0x01); 2484 break; 2485 case 0x07: 2486 tcg_gen_movi_tl(cpu_If, 0x01); 2487 break; 2488 } 2489 2490 return true; 2491 } 2492 2493 /* 2494 * Clears a single Flag in SREG. 2495 */ 2496 static bool trans_BCLR(DisasContext *ctx, arg_BCLR *a) 2497 { 2498 switch (a->bit) { 2499 case 0x00: 2500 tcg_gen_movi_tl(cpu_Cf, 0x00); 2501 break; 2502 case 0x01: 2503 tcg_gen_movi_tl(cpu_Zf, 0x00); 2504 break; 2505 case 0x02: 2506 tcg_gen_movi_tl(cpu_Nf, 0x00); 2507 break; 2508 case 0x03: 2509 tcg_gen_movi_tl(cpu_Vf, 0x00); 2510 break; 2511 case 0x04: 2512 tcg_gen_movi_tl(cpu_Sf, 0x00); 2513 break; 2514 case 0x05: 2515 tcg_gen_movi_tl(cpu_Hf, 0x00); 2516 break; 2517 case 0x06: 2518 tcg_gen_movi_tl(cpu_Tf, 0x00); 2519 break; 2520 case 0x07: 2521 tcg_gen_movi_tl(cpu_If, 0x00); 2522 break; 2523 } 2524 2525 return true; 2526 } 2527 2528 /* 2529 * MCU Control Instructions 2530 */ 2531 2532 /* 2533 * The BREAK instruction is used by the On-chip Debug system, and is 2534 * normally not used in the application software. When the BREAK instruction is 2535 * executed, the AVR CPU is set in the Stopped Mode. This gives the On-chip 2536 * Debugger access to internal resources. If any Lock bits are set, or either 2537 * the JTAGEN or OCDEN Fuses are unprogrammed, the CPU will treat the BREAK 2538 * instruction as a NOP and will not enter the Stopped mode. This instruction 2539 * is not available in all devices. Refer to the device specific instruction 2540 * set summary. 2541 */ 2542 static bool trans_BREAK(DisasContext *ctx, arg_BREAK *a) 2543 { 2544 if (!avr_have_feature(ctx, AVR_FEATURE_BREAK)) { 2545 return true; 2546 } 2547 2548 #ifdef BREAKPOINT_ON_BREAK 2549 tcg_gen_movi_tl(cpu_pc, ctx->npc - 1); 2550 gen_helper_debug(cpu_env); 2551 ctx->base.is_jmp = DISAS_EXIT; 2552 #else 2553 /* NOP */ 2554 #endif 2555 2556 return true; 2557 } 2558 2559 /* 2560 * This instruction performs a single cycle No Operation. 2561 */ 2562 static bool trans_NOP(DisasContext *ctx, arg_NOP *a) 2563 { 2564 2565 /* NOP */ 2566 2567 return true; 2568 } 2569 2570 /* 2571 * This instruction sets the circuit in sleep mode defined by the MCU 2572 * Control Register. 2573 */ 2574 static bool trans_SLEEP(DisasContext *ctx, arg_SLEEP *a) 2575 { 2576 gen_helper_sleep(cpu_env); 2577 ctx->base.is_jmp = DISAS_NORETURN; 2578 return true; 2579 } 2580 2581 /* 2582 * This instruction resets the Watchdog Timer. This instruction must be 2583 * executed within a limited time given by the WD prescaler. See the Watchdog 2584 * Timer hardware specification. 2585 */ 2586 static bool trans_WDR(DisasContext *ctx, arg_WDR *a) 2587 { 2588 gen_helper_wdr(cpu_env); 2589 2590 return true; 2591 } 2592 2593 /* 2594 * Core translation mechanism functions: 2595 * 2596 * - translate() 2597 * - canonicalize_skip() 2598 * - gen_intermediate_code() 2599 * - restore_state_to_opc() 2600 * 2601 */ 2602 static void translate(DisasContext *ctx) 2603 { 2604 uint32_t opcode = next_word(ctx); 2605 2606 if (!decode_insn(ctx, opcode)) { 2607 gen_helper_unsupported(cpu_env); 2608 ctx->base.is_jmp = DISAS_NORETURN; 2609 } 2610 } 2611 2612 /* Standardize the cpu_skip condition to NE. */ 2613 static bool canonicalize_skip(DisasContext *ctx) 2614 { 2615 switch (ctx->skip_cond) { 2616 case TCG_COND_NEVER: 2617 /* Normal case: cpu_skip is known to be false. */ 2618 return false; 2619 2620 case TCG_COND_ALWAYS: 2621 /* 2622 * Breakpoint case: cpu_skip is known to be true, via TB_FLAGS_SKIP. 2623 * The breakpoint is on the instruction being skipped, at the start 2624 * of the TranslationBlock. No need to update. 2625 */ 2626 return false; 2627 2628 case TCG_COND_NE: 2629 if (ctx->skip_var1 == NULL) { 2630 tcg_gen_mov_tl(cpu_skip, ctx->skip_var0); 2631 } else { 2632 tcg_gen_xor_tl(cpu_skip, ctx->skip_var0, ctx->skip_var1); 2633 ctx->skip_var1 = NULL; 2634 } 2635 break; 2636 2637 default: 2638 /* Convert to a NE condition vs 0. */ 2639 if (ctx->skip_var1 == NULL) { 2640 tcg_gen_setcondi_tl(ctx->skip_cond, cpu_skip, ctx->skip_var0, 0); 2641 } else { 2642 tcg_gen_setcond_tl(ctx->skip_cond, cpu_skip, 2643 ctx->skip_var0, ctx->skip_var1); 2644 ctx->skip_var1 = NULL; 2645 } 2646 ctx->skip_cond = TCG_COND_NE; 2647 break; 2648 } 2649 ctx->skip_var0 = cpu_skip; 2650 return true; 2651 } 2652 2653 static void avr_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs) 2654 { 2655 DisasContext *ctx = container_of(dcbase, DisasContext, base); 2656 CPUAVRState *env = cs->env_ptr; 2657 uint32_t tb_flags = ctx->base.tb->flags; 2658 2659 ctx->cs = cs; 2660 ctx->env = env; 2661 ctx->npc = ctx->base.pc_first / 2; 2662 2663 ctx->skip_cond = TCG_COND_NEVER; 2664 if (tb_flags & TB_FLAGS_SKIP) { 2665 ctx->skip_cond = TCG_COND_ALWAYS; 2666 ctx->skip_var0 = cpu_skip; 2667 } 2668 2669 if (tb_flags & TB_FLAGS_FULL_ACCESS) { 2670 /* 2671 * This flag is set by ST/LD instruction we will regenerate it ONLY 2672 * with mem/cpu memory access instead of mem access 2673 */ 2674 ctx->base.max_insns = 1; 2675 } 2676 } 2677 2678 static void avr_tr_tb_start(DisasContextBase *db, CPUState *cs) 2679 { 2680 } 2681 2682 static void avr_tr_insn_start(DisasContextBase *dcbase, CPUState *cs) 2683 { 2684 DisasContext *ctx = container_of(dcbase, DisasContext, base); 2685 2686 tcg_gen_insn_start(ctx->npc); 2687 } 2688 2689 static void avr_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs) 2690 { 2691 DisasContext *ctx = container_of(dcbase, DisasContext, base); 2692 TCGLabel *skip_label = NULL; 2693 2694 /* Conditionally skip the next instruction, if indicated. */ 2695 if (ctx->skip_cond != TCG_COND_NEVER) { 2696 skip_label = gen_new_label(); 2697 if (ctx->skip_var0 == cpu_skip) { 2698 /* 2699 * Copy cpu_skip so that we may zero it before the branch. 2700 * This ensures that cpu_skip is non-zero after the label 2701 * if and only if the skipped insn itself sets a skip. 2702 */ 2703 ctx->skip_var0 = tcg_temp_new(); 2704 tcg_gen_mov_tl(ctx->skip_var0, cpu_skip); 2705 tcg_gen_movi_tl(cpu_skip, 0); 2706 } 2707 if (ctx->skip_var1 == NULL) { 2708 tcg_gen_brcondi_tl(ctx->skip_cond, ctx->skip_var0, 0, skip_label); 2709 } else { 2710 tcg_gen_brcond_tl(ctx->skip_cond, ctx->skip_var0, 2711 ctx->skip_var1, skip_label); 2712 ctx->skip_var1 = NULL; 2713 } 2714 ctx->skip_cond = TCG_COND_NEVER; 2715 ctx->skip_var0 = NULL; 2716 } 2717 2718 translate(ctx); 2719 2720 ctx->base.pc_next = ctx->npc * 2; 2721 2722 if (skip_label) { 2723 canonicalize_skip(ctx); 2724 gen_set_label(skip_label); 2725 2726 switch (ctx->base.is_jmp) { 2727 case DISAS_NORETURN: 2728 ctx->base.is_jmp = DISAS_CHAIN; 2729 break; 2730 case DISAS_NEXT: 2731 if (ctx->base.tb->flags & TB_FLAGS_SKIP) { 2732 ctx->base.is_jmp = DISAS_TOO_MANY; 2733 } 2734 break; 2735 default: 2736 break; 2737 } 2738 } 2739 2740 if (ctx->base.is_jmp == DISAS_NEXT) { 2741 target_ulong page_first = ctx->base.pc_first & TARGET_PAGE_MASK; 2742 2743 if ((ctx->base.pc_next - page_first) >= TARGET_PAGE_SIZE - 4) { 2744 ctx->base.is_jmp = DISAS_TOO_MANY; 2745 } 2746 } 2747 } 2748 2749 static void avr_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs) 2750 { 2751 DisasContext *ctx = container_of(dcbase, DisasContext, base); 2752 bool nonconst_skip = canonicalize_skip(ctx); 2753 /* 2754 * Because we disable interrupts while env->skip is set, 2755 * we must return to the main loop to re-evaluate afterward. 2756 */ 2757 bool force_exit = ctx->base.tb->flags & TB_FLAGS_SKIP; 2758 2759 switch (ctx->base.is_jmp) { 2760 case DISAS_NORETURN: 2761 assert(!nonconst_skip); 2762 break; 2763 case DISAS_NEXT: 2764 case DISAS_TOO_MANY: 2765 case DISAS_CHAIN: 2766 if (!nonconst_skip && !force_exit) { 2767 /* Note gen_goto_tb checks singlestep. */ 2768 gen_goto_tb(ctx, 1, ctx->npc); 2769 break; 2770 } 2771 tcg_gen_movi_tl(cpu_pc, ctx->npc); 2772 /* fall through */ 2773 case DISAS_LOOKUP: 2774 if (!force_exit) { 2775 tcg_gen_lookup_and_goto_ptr(); 2776 break; 2777 } 2778 /* fall through */ 2779 case DISAS_EXIT: 2780 tcg_gen_exit_tb(NULL, 0); 2781 break; 2782 default: 2783 g_assert_not_reached(); 2784 } 2785 } 2786 2787 static void avr_tr_disas_log(const DisasContextBase *dcbase, 2788 CPUState *cs, FILE *logfile) 2789 { 2790 fprintf(logfile, "IN: %s\n", lookup_symbol(dcbase->pc_first)); 2791 target_disas(logfile, cs, dcbase->pc_first, dcbase->tb->size); 2792 } 2793 2794 static const TranslatorOps avr_tr_ops = { 2795 .init_disas_context = avr_tr_init_disas_context, 2796 .tb_start = avr_tr_tb_start, 2797 .insn_start = avr_tr_insn_start, 2798 .translate_insn = avr_tr_translate_insn, 2799 .tb_stop = avr_tr_tb_stop, 2800 .disas_log = avr_tr_disas_log, 2801 }; 2802 2803 void gen_intermediate_code(CPUState *cs, TranslationBlock *tb, int *max_insns, 2804 target_ulong pc, void *host_pc) 2805 { 2806 DisasContext dc = { }; 2807 translator_loop(cs, tb, max_insns, pc, host_pc, &avr_tr_ops, &dc.base); 2808 } 2809