1 /* 2 * i386 translation 3 * 4 * Copyright (c) 2003 Fabrice Bellard 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 #include "qemu/osdep.h" 20 21 #include "qemu/host-utils.h" 22 #include "cpu.h" 23 #include "disas/disas.h" 24 #include "exec/exec-all.h" 25 #include "tcg/tcg-op.h" 26 #include "tcg/tcg-op-gvec.h" 27 #include "exec/cpu_ldst.h" 28 #include "exec/translator.h" 29 #include "fpu/softfloat.h" 30 31 #include "exec/helper-proto.h" 32 #include "exec/helper-gen.h" 33 #include "helper-tcg.h" 34 35 #include "exec/log.h" 36 37 #define PREFIX_REPZ 0x01 38 #define PREFIX_REPNZ 0x02 39 #define PREFIX_LOCK 0x04 40 #define PREFIX_DATA 0x08 41 #define PREFIX_ADR 0x10 42 #define PREFIX_VEX 0x20 43 #define PREFIX_REX 0x40 44 45 #ifdef TARGET_X86_64 46 # define ctztl ctz64 47 # define clztl clz64 48 #else 49 # define ctztl ctz32 50 # define clztl clz32 51 #endif 52 53 /* For a switch indexed by MODRM, match all memory operands for a given OP. */ 54 #define CASE_MODRM_MEM_OP(OP) \ 55 case (0 << 6) | (OP << 3) | 0 ... (0 << 6) | (OP << 3) | 7: \ 56 case (1 << 6) | (OP << 3) | 0 ... (1 << 6) | (OP << 3) | 7: \ 57 case (2 << 6) | (OP << 3) | 0 ... (2 << 6) | (OP << 3) | 7 58 59 #define CASE_MODRM_OP(OP) \ 60 case (0 << 6) | (OP << 3) | 0 ... (0 << 6) | (OP << 3) | 7: \ 61 case (1 << 6) | (OP << 3) | 0 ... (1 << 6) | (OP << 3) | 7: \ 62 case (2 << 6) | (OP << 3) | 0 ... (2 << 6) | (OP << 3) | 7: \ 63 case (3 << 6) | (OP << 3) | 0 ... (3 << 6) | (OP << 3) | 7 64 65 //#define MACRO_TEST 1 66 67 /* global register indexes */ 68 static TCGv cpu_cc_dst, cpu_cc_src, cpu_cc_src2; 69 static TCGv cpu_eip; 70 static TCGv_i32 cpu_cc_op; 71 static TCGv cpu_regs[CPU_NB_REGS]; 72 static TCGv cpu_seg_base[6]; 73 static TCGv_i64 cpu_bndl[4]; 74 static TCGv_i64 cpu_bndu[4]; 75 76 #include "exec/gen-icount.h" 77 78 typedef struct DisasContext { 79 DisasContextBase base; 80 81 target_ulong pc; /* pc = eip + cs_base */ 82 target_ulong cs_base; /* base of CS segment */ 83 target_ulong pc_save; 84 85 MemOp aflag; 86 MemOp dflag; 87 88 int8_t override; /* -1 if no override, else R_CS, R_DS, etc */ 89 uint8_t prefix; 90 91 bool has_modrm; 92 uint8_t modrm; 93 94 #ifndef CONFIG_USER_ONLY 95 uint8_t cpl; /* code priv level */ 96 uint8_t iopl; /* i/o priv level */ 97 #endif 98 uint8_t vex_l; /* vex vector length */ 99 uint8_t vex_v; /* vex vvvv register, without 1's complement. */ 100 uint8_t popl_esp_hack; /* for correct popl with esp base handling */ 101 uint8_t rip_offset; /* only used in x86_64, but left for simplicity */ 102 103 #ifdef TARGET_X86_64 104 uint8_t rex_r; 105 uint8_t rex_x; 106 uint8_t rex_b; 107 #endif 108 bool vex_w; /* used by AVX even on 32-bit processors */ 109 bool jmp_opt; /* use direct block chaining for direct jumps */ 110 bool repz_opt; /* optimize jumps within repz instructions */ 111 bool cc_op_dirty; 112 113 CCOp cc_op; /* current CC operation */ 114 int mem_index; /* select memory access functions */ 115 uint32_t flags; /* all execution flags */ 116 int cpuid_features; 117 int cpuid_ext_features; 118 int cpuid_ext2_features; 119 int cpuid_ext3_features; 120 int cpuid_7_0_ebx_features; 121 int cpuid_7_0_ecx_features; 122 int cpuid_xsave_features; 123 124 /* TCG local temps */ 125 TCGv cc_srcT; 126 TCGv A0; 127 TCGv T0; 128 TCGv T1; 129 130 /* TCG local register indexes (only used inside old micro ops) */ 131 TCGv tmp0; 132 TCGv tmp4; 133 TCGv_i32 tmp2_i32; 134 TCGv_i32 tmp3_i32; 135 TCGv_i64 tmp1_i64; 136 137 sigjmp_buf jmpbuf; 138 TCGOp *prev_insn_end; 139 } DisasContext; 140 141 #define DISAS_EOB_ONLY DISAS_TARGET_0 142 #define DISAS_EOB_NEXT DISAS_TARGET_1 143 #define DISAS_EOB_INHIBIT_IRQ DISAS_TARGET_2 144 #define DISAS_JUMP DISAS_TARGET_3 145 146 /* The environment in which user-only runs is constrained. */ 147 #ifdef CONFIG_USER_ONLY 148 #define PE(S) true 149 #define CPL(S) 3 150 #define IOPL(S) 0 151 #define SVME(S) false 152 #define GUEST(S) false 153 #else 154 #define PE(S) (((S)->flags & HF_PE_MASK) != 0) 155 #define CPL(S) ((S)->cpl) 156 #define IOPL(S) ((S)->iopl) 157 #define SVME(S) (((S)->flags & HF_SVME_MASK) != 0) 158 #define GUEST(S) (((S)->flags & HF_GUEST_MASK) != 0) 159 #endif 160 #if defined(CONFIG_USER_ONLY) && defined(TARGET_X86_64) 161 #define VM86(S) false 162 #define CODE32(S) true 163 #define SS32(S) true 164 #define ADDSEG(S) false 165 #else 166 #define VM86(S) (((S)->flags & HF_VM_MASK) != 0) 167 #define CODE32(S) (((S)->flags & HF_CS32_MASK) != 0) 168 #define SS32(S) (((S)->flags & HF_SS32_MASK) != 0) 169 #define ADDSEG(S) (((S)->flags & HF_ADDSEG_MASK) != 0) 170 #endif 171 #if !defined(TARGET_X86_64) 172 #define CODE64(S) false 173 #define LMA(S) false 174 #elif defined(CONFIG_USER_ONLY) 175 #define CODE64(S) true 176 #define LMA(S) true 177 #else 178 #define CODE64(S) (((S)->flags & HF_CS64_MASK) != 0) 179 #define LMA(S) (((S)->flags & HF_LMA_MASK) != 0) 180 #endif 181 182 #ifdef TARGET_X86_64 183 #define REX_PREFIX(S) (((S)->prefix & PREFIX_REX) != 0) 184 #define REX_W(S) ((S)->vex_w) 185 #define REX_R(S) ((S)->rex_r + 0) 186 #define REX_X(S) ((S)->rex_x + 0) 187 #define REX_B(S) ((S)->rex_b + 0) 188 #else 189 #define REX_PREFIX(S) false 190 #define REX_W(S) false 191 #define REX_R(S) 0 192 #define REX_X(S) 0 193 #define REX_B(S) 0 194 #endif 195 196 /* 197 * Many sysemu-only helpers are not reachable for user-only. 198 * Define stub generators here, so that we need not either sprinkle 199 * ifdefs through the translator, nor provide the helper function. 200 */ 201 #define STUB_HELPER(NAME, ...) \ 202 static inline void gen_helper_##NAME(__VA_ARGS__) \ 203 { qemu_build_not_reached(); } 204 205 #ifdef CONFIG_USER_ONLY 206 STUB_HELPER(clgi, TCGv_env env) 207 STUB_HELPER(flush_page, TCGv_env env, TCGv addr) 208 STUB_HELPER(hlt, TCGv_env env, TCGv_i32 pc_ofs) 209 STUB_HELPER(inb, TCGv ret, TCGv_env env, TCGv_i32 port) 210 STUB_HELPER(inw, TCGv ret, TCGv_env env, TCGv_i32 port) 211 STUB_HELPER(inl, TCGv ret, TCGv_env env, TCGv_i32 port) 212 STUB_HELPER(monitor, TCGv_env env, TCGv addr) 213 STUB_HELPER(mwait, TCGv_env env, TCGv_i32 pc_ofs) 214 STUB_HELPER(outb, TCGv_env env, TCGv_i32 port, TCGv_i32 val) 215 STUB_HELPER(outw, TCGv_env env, TCGv_i32 port, TCGv_i32 val) 216 STUB_HELPER(outl, TCGv_env env, TCGv_i32 port, TCGv_i32 val) 217 STUB_HELPER(rdmsr, TCGv_env env) 218 STUB_HELPER(read_crN, TCGv ret, TCGv_env env, TCGv_i32 reg) 219 STUB_HELPER(get_dr, TCGv ret, TCGv_env env, TCGv_i32 reg) 220 STUB_HELPER(set_dr, TCGv_env env, TCGv_i32 reg, TCGv val) 221 STUB_HELPER(stgi, TCGv_env env) 222 STUB_HELPER(svm_check_intercept, TCGv_env env, TCGv_i32 type) 223 STUB_HELPER(vmload, TCGv_env env, TCGv_i32 aflag) 224 STUB_HELPER(vmmcall, TCGv_env env) 225 STUB_HELPER(vmrun, TCGv_env env, TCGv_i32 aflag, TCGv_i32 pc_ofs) 226 STUB_HELPER(vmsave, TCGv_env env, TCGv_i32 aflag) 227 STUB_HELPER(write_crN, TCGv_env env, TCGv_i32 reg, TCGv val) 228 STUB_HELPER(wrmsr, TCGv_env env) 229 #endif 230 231 static void gen_eob(DisasContext *s); 232 static void gen_jr(DisasContext *s); 233 static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num); 234 static void gen_jmp_rel_csize(DisasContext *s, int diff, int tb_num); 235 static void gen_op(DisasContext *s1, int op, MemOp ot, int d); 236 static void gen_exception_gpf(DisasContext *s); 237 238 /* i386 arith/logic operations */ 239 enum { 240 OP_ADDL, 241 OP_ORL, 242 OP_ADCL, 243 OP_SBBL, 244 OP_ANDL, 245 OP_SUBL, 246 OP_XORL, 247 OP_CMPL, 248 }; 249 250 /* i386 shift ops */ 251 enum { 252 OP_ROL, 253 OP_ROR, 254 OP_RCL, 255 OP_RCR, 256 OP_SHL, 257 OP_SHR, 258 OP_SHL1, /* undocumented */ 259 OP_SAR = 7, 260 }; 261 262 enum { 263 JCC_O, 264 JCC_B, 265 JCC_Z, 266 JCC_BE, 267 JCC_S, 268 JCC_P, 269 JCC_L, 270 JCC_LE, 271 }; 272 273 enum { 274 /* I386 int registers */ 275 OR_EAX, /* MUST be even numbered */ 276 OR_ECX, 277 OR_EDX, 278 OR_EBX, 279 OR_ESP, 280 OR_EBP, 281 OR_ESI, 282 OR_EDI, 283 284 OR_TMP0 = 16, /* temporary operand register */ 285 OR_TMP1, 286 OR_A0, /* temporary register used when doing address evaluation */ 287 }; 288 289 enum { 290 USES_CC_DST = 1, 291 USES_CC_SRC = 2, 292 USES_CC_SRC2 = 4, 293 USES_CC_SRCT = 8, 294 }; 295 296 /* Bit set if the global variable is live after setting CC_OP to X. */ 297 static const uint8_t cc_op_live[CC_OP_NB] = { 298 [CC_OP_DYNAMIC] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2, 299 [CC_OP_EFLAGS] = USES_CC_SRC, 300 [CC_OP_MULB ... CC_OP_MULQ] = USES_CC_DST | USES_CC_SRC, 301 [CC_OP_ADDB ... CC_OP_ADDQ] = USES_CC_DST | USES_CC_SRC, 302 [CC_OP_ADCB ... CC_OP_ADCQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2, 303 [CC_OP_SUBB ... CC_OP_SUBQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRCT, 304 [CC_OP_SBBB ... CC_OP_SBBQ] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2, 305 [CC_OP_LOGICB ... CC_OP_LOGICQ] = USES_CC_DST, 306 [CC_OP_INCB ... CC_OP_INCQ] = USES_CC_DST | USES_CC_SRC, 307 [CC_OP_DECB ... CC_OP_DECQ] = USES_CC_DST | USES_CC_SRC, 308 [CC_OP_SHLB ... CC_OP_SHLQ] = USES_CC_DST | USES_CC_SRC, 309 [CC_OP_SARB ... CC_OP_SARQ] = USES_CC_DST | USES_CC_SRC, 310 [CC_OP_BMILGB ... CC_OP_BMILGQ] = USES_CC_DST | USES_CC_SRC, 311 [CC_OP_ADCX] = USES_CC_DST | USES_CC_SRC, 312 [CC_OP_ADOX] = USES_CC_SRC | USES_CC_SRC2, 313 [CC_OP_ADCOX] = USES_CC_DST | USES_CC_SRC | USES_CC_SRC2, 314 [CC_OP_CLR] = 0, 315 [CC_OP_POPCNT] = USES_CC_SRC, 316 }; 317 318 static void set_cc_op(DisasContext *s, CCOp op) 319 { 320 int dead; 321 322 if (s->cc_op == op) { 323 return; 324 } 325 326 /* Discard CC computation that will no longer be used. */ 327 dead = cc_op_live[s->cc_op] & ~cc_op_live[op]; 328 if (dead & USES_CC_DST) { 329 tcg_gen_discard_tl(cpu_cc_dst); 330 } 331 if (dead & USES_CC_SRC) { 332 tcg_gen_discard_tl(cpu_cc_src); 333 } 334 if (dead & USES_CC_SRC2) { 335 tcg_gen_discard_tl(cpu_cc_src2); 336 } 337 if (dead & USES_CC_SRCT) { 338 tcg_gen_discard_tl(s->cc_srcT); 339 } 340 341 if (op == CC_OP_DYNAMIC) { 342 /* The DYNAMIC setting is translator only, and should never be 343 stored. Thus we always consider it clean. */ 344 s->cc_op_dirty = false; 345 } else { 346 /* Discard any computed CC_OP value (see shifts). */ 347 if (s->cc_op == CC_OP_DYNAMIC) { 348 tcg_gen_discard_i32(cpu_cc_op); 349 } 350 s->cc_op_dirty = true; 351 } 352 s->cc_op = op; 353 } 354 355 static void gen_update_cc_op(DisasContext *s) 356 { 357 if (s->cc_op_dirty) { 358 tcg_gen_movi_i32(cpu_cc_op, s->cc_op); 359 s->cc_op_dirty = false; 360 } 361 } 362 363 #ifdef TARGET_X86_64 364 365 #define NB_OP_SIZES 4 366 367 #else /* !TARGET_X86_64 */ 368 369 #define NB_OP_SIZES 3 370 371 #endif /* !TARGET_X86_64 */ 372 373 #if HOST_BIG_ENDIAN 374 #define REG_B_OFFSET (sizeof(target_ulong) - 1) 375 #define REG_H_OFFSET (sizeof(target_ulong) - 2) 376 #define REG_W_OFFSET (sizeof(target_ulong) - 2) 377 #define REG_L_OFFSET (sizeof(target_ulong) - 4) 378 #define REG_LH_OFFSET (sizeof(target_ulong) - 8) 379 #else 380 #define REG_B_OFFSET 0 381 #define REG_H_OFFSET 1 382 #define REG_W_OFFSET 0 383 #define REG_L_OFFSET 0 384 #define REG_LH_OFFSET 4 385 #endif 386 387 /* In instruction encodings for byte register accesses the 388 * register number usually indicates "low 8 bits of register N"; 389 * however there are some special cases where N 4..7 indicates 390 * [AH, CH, DH, BH], ie "bits 15..8 of register N-4". Return 391 * true for this special case, false otherwise. 392 */ 393 static inline bool byte_reg_is_xH(DisasContext *s, int reg) 394 { 395 /* Any time the REX prefix is present, byte registers are uniform */ 396 if (reg < 4 || REX_PREFIX(s)) { 397 return false; 398 } 399 return true; 400 } 401 402 /* Select the size of a push/pop operation. */ 403 static inline MemOp mo_pushpop(DisasContext *s, MemOp ot) 404 { 405 if (CODE64(s)) { 406 return ot == MO_16 ? MO_16 : MO_64; 407 } else { 408 return ot; 409 } 410 } 411 412 /* Select the size of the stack pointer. */ 413 static inline MemOp mo_stacksize(DisasContext *s) 414 { 415 return CODE64(s) ? MO_64 : SS32(s) ? MO_32 : MO_16; 416 } 417 418 /* Select only size 64 else 32. Used for SSE operand sizes. */ 419 static inline MemOp mo_64_32(MemOp ot) 420 { 421 #ifdef TARGET_X86_64 422 return ot == MO_64 ? MO_64 : MO_32; 423 #else 424 return MO_32; 425 #endif 426 } 427 428 /* Select size 8 if lsb of B is clear, else OT. Used for decoding 429 byte vs word opcodes. */ 430 static inline MemOp mo_b_d(int b, MemOp ot) 431 { 432 return b & 1 ? ot : MO_8; 433 } 434 435 /* Select size 8 if lsb of B is clear, else OT capped at 32. 436 Used for decoding operand size of port opcodes. */ 437 static inline MemOp mo_b_d32(int b, MemOp ot) 438 { 439 return b & 1 ? (ot == MO_16 ? MO_16 : MO_32) : MO_8; 440 } 441 442 /* Compute the result of writing t0 to the OT-sized register REG. 443 * 444 * If DEST is NULL, store the result into the register and return the 445 * register's TCGv. 446 * 447 * If DEST is not NULL, store the result into DEST and return the 448 * register's TCGv. 449 */ 450 static TCGv gen_op_deposit_reg_v(DisasContext *s, MemOp ot, int reg, TCGv dest, TCGv t0) 451 { 452 switch(ot) { 453 case MO_8: 454 if (byte_reg_is_xH(s, reg)) { 455 dest = dest ? dest : cpu_regs[reg - 4]; 456 tcg_gen_deposit_tl(dest, cpu_regs[reg - 4], t0, 8, 8); 457 return cpu_regs[reg - 4]; 458 } 459 dest = dest ? dest : cpu_regs[reg]; 460 tcg_gen_deposit_tl(dest, cpu_regs[reg], t0, 0, 8); 461 break; 462 case MO_16: 463 dest = dest ? dest : cpu_regs[reg]; 464 tcg_gen_deposit_tl(dest, cpu_regs[reg], t0, 0, 16); 465 break; 466 case MO_32: 467 /* For x86_64, this sets the higher half of register to zero. 468 For i386, this is equivalent to a mov. */ 469 dest = dest ? dest : cpu_regs[reg]; 470 tcg_gen_ext32u_tl(dest, t0); 471 break; 472 #ifdef TARGET_X86_64 473 case MO_64: 474 dest = dest ? dest : cpu_regs[reg]; 475 tcg_gen_mov_tl(dest, t0); 476 break; 477 #endif 478 default: 479 tcg_abort(); 480 } 481 return cpu_regs[reg]; 482 } 483 484 static void gen_op_mov_reg_v(DisasContext *s, MemOp ot, int reg, TCGv t0) 485 { 486 gen_op_deposit_reg_v(s, ot, reg, NULL, t0); 487 } 488 489 static inline 490 void gen_op_mov_v_reg(DisasContext *s, MemOp ot, TCGv t0, int reg) 491 { 492 if (ot == MO_8 && byte_reg_is_xH(s, reg)) { 493 tcg_gen_extract_tl(t0, cpu_regs[reg - 4], 8, 8); 494 } else { 495 tcg_gen_mov_tl(t0, cpu_regs[reg]); 496 } 497 } 498 499 static void gen_add_A0_im(DisasContext *s, int val) 500 { 501 tcg_gen_addi_tl(s->A0, s->A0, val); 502 if (!CODE64(s)) { 503 tcg_gen_ext32u_tl(s->A0, s->A0); 504 } 505 } 506 507 static inline void gen_op_jmp_v(DisasContext *s, TCGv dest) 508 { 509 tcg_gen_mov_tl(cpu_eip, dest); 510 s->pc_save = -1; 511 } 512 513 static inline 514 void gen_op_add_reg_im(DisasContext *s, MemOp size, int reg, int32_t val) 515 { 516 tcg_gen_addi_tl(s->tmp0, cpu_regs[reg], val); 517 gen_op_mov_reg_v(s, size, reg, s->tmp0); 518 } 519 520 static inline void gen_op_add_reg_T0(DisasContext *s, MemOp size, int reg) 521 { 522 tcg_gen_add_tl(s->tmp0, cpu_regs[reg], s->T0); 523 gen_op_mov_reg_v(s, size, reg, s->tmp0); 524 } 525 526 static inline void gen_op_ld_v(DisasContext *s, int idx, TCGv t0, TCGv a0) 527 { 528 tcg_gen_qemu_ld_tl(t0, a0, s->mem_index, idx | MO_LE); 529 } 530 531 static inline void gen_op_st_v(DisasContext *s, int idx, TCGv t0, TCGv a0) 532 { 533 tcg_gen_qemu_st_tl(t0, a0, s->mem_index, idx | MO_LE); 534 } 535 536 static inline void gen_op_st_rm_T0_A0(DisasContext *s, int idx, int d) 537 { 538 if (d == OR_TMP0) { 539 gen_op_st_v(s, idx, s->T0, s->A0); 540 } else { 541 gen_op_mov_reg_v(s, idx, d, s->T0); 542 } 543 } 544 545 static void gen_update_eip_cur(DisasContext *s) 546 { 547 assert(s->pc_save != -1); 548 if (tb_cflags(s->base.tb) & CF_PCREL) { 549 tcg_gen_addi_tl(cpu_eip, cpu_eip, s->base.pc_next - s->pc_save); 550 } else { 551 tcg_gen_movi_tl(cpu_eip, s->base.pc_next - s->cs_base); 552 } 553 s->pc_save = s->base.pc_next; 554 } 555 556 static void gen_update_eip_next(DisasContext *s) 557 { 558 assert(s->pc_save != -1); 559 if (tb_cflags(s->base.tb) & CF_PCREL) { 560 tcg_gen_addi_tl(cpu_eip, cpu_eip, s->pc - s->pc_save); 561 } else { 562 tcg_gen_movi_tl(cpu_eip, s->pc - s->cs_base); 563 } 564 s->pc_save = s->pc; 565 } 566 567 static int cur_insn_len(DisasContext *s) 568 { 569 return s->pc - s->base.pc_next; 570 } 571 572 static TCGv_i32 cur_insn_len_i32(DisasContext *s) 573 { 574 return tcg_constant_i32(cur_insn_len(s)); 575 } 576 577 static TCGv_i32 eip_next_i32(DisasContext *s) 578 { 579 assert(s->pc_save != -1); 580 /* 581 * This function has two users: lcall_real (always 16-bit mode), and 582 * iret_protected (16, 32, or 64-bit mode). IRET only uses the value 583 * when EFLAGS.NT is set, which is illegal in 64-bit mode, which is 584 * why passing a 32-bit value isn't broken. To avoid using this where 585 * we shouldn't, return -1 in 64-bit mode so that execution goes into 586 * the weeds quickly. 587 */ 588 if (CODE64(s)) { 589 return tcg_constant_i32(-1); 590 } 591 if (tb_cflags(s->base.tb) & CF_PCREL) { 592 TCGv_i32 ret = tcg_temp_new_i32(); 593 tcg_gen_trunc_tl_i32(ret, cpu_eip); 594 tcg_gen_addi_i32(ret, ret, s->pc - s->pc_save); 595 return ret; 596 } else { 597 return tcg_constant_i32(s->pc - s->cs_base); 598 } 599 } 600 601 static TCGv eip_next_tl(DisasContext *s) 602 { 603 assert(s->pc_save != -1); 604 if (tb_cflags(s->base.tb) & CF_PCREL) { 605 TCGv ret = tcg_temp_new(); 606 tcg_gen_addi_tl(ret, cpu_eip, s->pc - s->pc_save); 607 return ret; 608 } else { 609 return tcg_constant_tl(s->pc - s->cs_base); 610 } 611 } 612 613 static TCGv eip_cur_tl(DisasContext *s) 614 { 615 assert(s->pc_save != -1); 616 if (tb_cflags(s->base.tb) & CF_PCREL) { 617 TCGv ret = tcg_temp_new(); 618 tcg_gen_addi_tl(ret, cpu_eip, s->base.pc_next - s->pc_save); 619 return ret; 620 } else { 621 return tcg_constant_tl(s->base.pc_next - s->cs_base); 622 } 623 } 624 625 /* Compute SEG:REG into A0. SEG is selected from the override segment 626 (OVR_SEG) and the default segment (DEF_SEG). OVR_SEG may be -1 to 627 indicate no override. */ 628 static void gen_lea_v_seg(DisasContext *s, MemOp aflag, TCGv a0, 629 int def_seg, int ovr_seg) 630 { 631 switch (aflag) { 632 #ifdef TARGET_X86_64 633 case MO_64: 634 if (ovr_seg < 0) { 635 tcg_gen_mov_tl(s->A0, a0); 636 return; 637 } 638 break; 639 #endif 640 case MO_32: 641 /* 32 bit address */ 642 if (ovr_seg < 0 && ADDSEG(s)) { 643 ovr_seg = def_seg; 644 } 645 if (ovr_seg < 0) { 646 tcg_gen_ext32u_tl(s->A0, a0); 647 return; 648 } 649 break; 650 case MO_16: 651 /* 16 bit address */ 652 tcg_gen_ext16u_tl(s->A0, a0); 653 a0 = s->A0; 654 if (ovr_seg < 0) { 655 if (ADDSEG(s)) { 656 ovr_seg = def_seg; 657 } else { 658 return; 659 } 660 } 661 break; 662 default: 663 tcg_abort(); 664 } 665 666 if (ovr_seg >= 0) { 667 TCGv seg = cpu_seg_base[ovr_seg]; 668 669 if (aflag == MO_64) { 670 tcg_gen_add_tl(s->A0, a0, seg); 671 } else if (CODE64(s)) { 672 tcg_gen_ext32u_tl(s->A0, a0); 673 tcg_gen_add_tl(s->A0, s->A0, seg); 674 } else { 675 tcg_gen_add_tl(s->A0, a0, seg); 676 tcg_gen_ext32u_tl(s->A0, s->A0); 677 } 678 } 679 } 680 681 static inline void gen_string_movl_A0_ESI(DisasContext *s) 682 { 683 gen_lea_v_seg(s, s->aflag, cpu_regs[R_ESI], R_DS, s->override); 684 } 685 686 static inline void gen_string_movl_A0_EDI(DisasContext *s) 687 { 688 gen_lea_v_seg(s, s->aflag, cpu_regs[R_EDI], R_ES, -1); 689 } 690 691 static inline void gen_op_movl_T0_Dshift(DisasContext *s, MemOp ot) 692 { 693 tcg_gen_ld32s_tl(s->T0, cpu_env, offsetof(CPUX86State, df)); 694 tcg_gen_shli_tl(s->T0, s->T0, ot); 695 }; 696 697 static TCGv gen_ext_tl(TCGv dst, TCGv src, MemOp size, bool sign) 698 { 699 switch (size) { 700 case MO_8: 701 if (sign) { 702 tcg_gen_ext8s_tl(dst, src); 703 } else { 704 tcg_gen_ext8u_tl(dst, src); 705 } 706 return dst; 707 case MO_16: 708 if (sign) { 709 tcg_gen_ext16s_tl(dst, src); 710 } else { 711 tcg_gen_ext16u_tl(dst, src); 712 } 713 return dst; 714 #ifdef TARGET_X86_64 715 case MO_32: 716 if (sign) { 717 tcg_gen_ext32s_tl(dst, src); 718 } else { 719 tcg_gen_ext32u_tl(dst, src); 720 } 721 return dst; 722 #endif 723 default: 724 return src; 725 } 726 } 727 728 static void gen_extu(MemOp ot, TCGv reg) 729 { 730 gen_ext_tl(reg, reg, ot, false); 731 } 732 733 static void gen_exts(MemOp ot, TCGv reg) 734 { 735 gen_ext_tl(reg, reg, ot, true); 736 } 737 738 static void gen_op_j_ecx(DisasContext *s, TCGCond cond, TCGLabel *label1) 739 { 740 tcg_gen_mov_tl(s->tmp0, cpu_regs[R_ECX]); 741 gen_extu(s->aflag, s->tmp0); 742 tcg_gen_brcondi_tl(cond, s->tmp0, 0, label1); 743 } 744 745 static inline void gen_op_jz_ecx(DisasContext *s, TCGLabel *label1) 746 { 747 gen_op_j_ecx(s, TCG_COND_EQ, label1); 748 } 749 750 static inline void gen_op_jnz_ecx(DisasContext *s, TCGLabel *label1) 751 { 752 gen_op_j_ecx(s, TCG_COND_NE, label1); 753 } 754 755 static void gen_helper_in_func(MemOp ot, TCGv v, TCGv_i32 n) 756 { 757 switch (ot) { 758 case MO_8: 759 gen_helper_inb(v, cpu_env, n); 760 break; 761 case MO_16: 762 gen_helper_inw(v, cpu_env, n); 763 break; 764 case MO_32: 765 gen_helper_inl(v, cpu_env, n); 766 break; 767 default: 768 tcg_abort(); 769 } 770 } 771 772 static void gen_helper_out_func(MemOp ot, TCGv_i32 v, TCGv_i32 n) 773 { 774 switch (ot) { 775 case MO_8: 776 gen_helper_outb(cpu_env, v, n); 777 break; 778 case MO_16: 779 gen_helper_outw(cpu_env, v, n); 780 break; 781 case MO_32: 782 gen_helper_outl(cpu_env, v, n); 783 break; 784 default: 785 tcg_abort(); 786 } 787 } 788 789 /* 790 * Validate that access to [port, port + 1<<ot) is allowed. 791 * Raise #GP, or VMM exit if not. 792 */ 793 static bool gen_check_io(DisasContext *s, MemOp ot, TCGv_i32 port, 794 uint32_t svm_flags) 795 { 796 #ifdef CONFIG_USER_ONLY 797 /* 798 * We do not implement the ioperm(2) syscall, so the TSS check 799 * will always fail. 800 */ 801 gen_exception_gpf(s); 802 return false; 803 #else 804 if (PE(s) && (CPL(s) > IOPL(s) || VM86(s))) { 805 gen_helper_check_io(cpu_env, port, tcg_constant_i32(1 << ot)); 806 } 807 if (GUEST(s)) { 808 gen_update_cc_op(s); 809 gen_update_eip_cur(s); 810 if (s->prefix & (PREFIX_REPZ | PREFIX_REPNZ)) { 811 svm_flags |= SVM_IOIO_REP_MASK; 812 } 813 svm_flags |= 1 << (SVM_IOIO_SIZE_SHIFT + ot); 814 gen_helper_svm_check_io(cpu_env, port, 815 tcg_constant_i32(svm_flags), 816 cur_insn_len_i32(s)); 817 } 818 return true; 819 #endif 820 } 821 822 static void gen_movs(DisasContext *s, MemOp ot) 823 { 824 gen_string_movl_A0_ESI(s); 825 gen_op_ld_v(s, ot, s->T0, s->A0); 826 gen_string_movl_A0_EDI(s); 827 gen_op_st_v(s, ot, s->T0, s->A0); 828 gen_op_movl_T0_Dshift(s, ot); 829 gen_op_add_reg_T0(s, s->aflag, R_ESI); 830 gen_op_add_reg_T0(s, s->aflag, R_EDI); 831 } 832 833 static void gen_op_update1_cc(DisasContext *s) 834 { 835 tcg_gen_mov_tl(cpu_cc_dst, s->T0); 836 } 837 838 static void gen_op_update2_cc(DisasContext *s) 839 { 840 tcg_gen_mov_tl(cpu_cc_src, s->T1); 841 tcg_gen_mov_tl(cpu_cc_dst, s->T0); 842 } 843 844 static void gen_op_update3_cc(DisasContext *s, TCGv reg) 845 { 846 tcg_gen_mov_tl(cpu_cc_src2, reg); 847 tcg_gen_mov_tl(cpu_cc_src, s->T1); 848 tcg_gen_mov_tl(cpu_cc_dst, s->T0); 849 } 850 851 static inline void gen_op_testl_T0_T1_cc(DisasContext *s) 852 { 853 tcg_gen_and_tl(cpu_cc_dst, s->T0, s->T1); 854 } 855 856 static void gen_op_update_neg_cc(DisasContext *s) 857 { 858 tcg_gen_mov_tl(cpu_cc_dst, s->T0); 859 tcg_gen_neg_tl(cpu_cc_src, s->T0); 860 tcg_gen_movi_tl(s->cc_srcT, 0); 861 } 862 863 /* compute all eflags to cc_src */ 864 static void gen_compute_eflags(DisasContext *s) 865 { 866 TCGv zero, dst, src1, src2; 867 int live, dead; 868 869 if (s->cc_op == CC_OP_EFLAGS) { 870 return; 871 } 872 if (s->cc_op == CC_OP_CLR) { 873 tcg_gen_movi_tl(cpu_cc_src, CC_Z | CC_P); 874 set_cc_op(s, CC_OP_EFLAGS); 875 return; 876 } 877 878 zero = NULL; 879 dst = cpu_cc_dst; 880 src1 = cpu_cc_src; 881 src2 = cpu_cc_src2; 882 883 /* Take care to not read values that are not live. */ 884 live = cc_op_live[s->cc_op] & ~USES_CC_SRCT; 885 dead = live ^ (USES_CC_DST | USES_CC_SRC | USES_CC_SRC2); 886 if (dead) { 887 zero = tcg_constant_tl(0); 888 if (dead & USES_CC_DST) { 889 dst = zero; 890 } 891 if (dead & USES_CC_SRC) { 892 src1 = zero; 893 } 894 if (dead & USES_CC_SRC2) { 895 src2 = zero; 896 } 897 } 898 899 gen_update_cc_op(s); 900 gen_helper_cc_compute_all(cpu_cc_src, dst, src1, src2, cpu_cc_op); 901 set_cc_op(s, CC_OP_EFLAGS); 902 } 903 904 typedef struct CCPrepare { 905 TCGCond cond; 906 TCGv reg; 907 TCGv reg2; 908 target_ulong imm; 909 target_ulong mask; 910 bool use_reg2; 911 bool no_setcond; 912 } CCPrepare; 913 914 /* compute eflags.C to reg */ 915 static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv reg) 916 { 917 TCGv t0, t1; 918 int size, shift; 919 920 switch (s->cc_op) { 921 case CC_OP_SUBB ... CC_OP_SUBQ: 922 /* (DATA_TYPE)CC_SRCT < (DATA_TYPE)CC_SRC */ 923 size = s->cc_op - CC_OP_SUBB; 924 t1 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false); 925 /* If no temporary was used, be careful not to alias t1 and t0. */ 926 t0 = t1 == cpu_cc_src ? s->tmp0 : reg; 927 tcg_gen_mov_tl(t0, s->cc_srcT); 928 gen_extu(size, t0); 929 goto add_sub; 930 931 case CC_OP_ADDB ... CC_OP_ADDQ: 932 /* (DATA_TYPE)CC_DST < (DATA_TYPE)CC_SRC */ 933 size = s->cc_op - CC_OP_ADDB; 934 t1 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false); 935 t0 = gen_ext_tl(reg, cpu_cc_dst, size, false); 936 add_sub: 937 return (CCPrepare) { .cond = TCG_COND_LTU, .reg = t0, 938 .reg2 = t1, .mask = -1, .use_reg2 = true }; 939 940 case CC_OP_LOGICB ... CC_OP_LOGICQ: 941 case CC_OP_CLR: 942 case CC_OP_POPCNT: 943 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 }; 944 945 case CC_OP_INCB ... CC_OP_INCQ: 946 case CC_OP_DECB ... CC_OP_DECQ: 947 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src, 948 .mask = -1, .no_setcond = true }; 949 950 case CC_OP_SHLB ... CC_OP_SHLQ: 951 /* (CC_SRC >> (DATA_BITS - 1)) & 1 */ 952 size = s->cc_op - CC_OP_SHLB; 953 shift = (8 << size) - 1; 954 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src, 955 .mask = (target_ulong)1 << shift }; 956 957 case CC_OP_MULB ... CC_OP_MULQ: 958 return (CCPrepare) { .cond = TCG_COND_NE, 959 .reg = cpu_cc_src, .mask = -1 }; 960 961 case CC_OP_BMILGB ... CC_OP_BMILGQ: 962 size = s->cc_op - CC_OP_BMILGB; 963 t0 = gen_ext_tl(reg, cpu_cc_src, size, false); 964 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = t0, .mask = -1 }; 965 966 case CC_OP_ADCX: 967 case CC_OP_ADCOX: 968 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_dst, 969 .mask = -1, .no_setcond = true }; 970 971 case CC_OP_EFLAGS: 972 case CC_OP_SARB ... CC_OP_SARQ: 973 /* CC_SRC & 1 */ 974 return (CCPrepare) { .cond = TCG_COND_NE, 975 .reg = cpu_cc_src, .mask = CC_C }; 976 977 default: 978 /* The need to compute only C from CC_OP_DYNAMIC is important 979 in efficiently implementing e.g. INC at the start of a TB. */ 980 gen_update_cc_op(s); 981 gen_helper_cc_compute_c(reg, cpu_cc_dst, cpu_cc_src, 982 cpu_cc_src2, cpu_cc_op); 983 return (CCPrepare) { .cond = TCG_COND_NE, .reg = reg, 984 .mask = -1, .no_setcond = true }; 985 } 986 } 987 988 /* compute eflags.P to reg */ 989 static CCPrepare gen_prepare_eflags_p(DisasContext *s, TCGv reg) 990 { 991 gen_compute_eflags(s); 992 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src, 993 .mask = CC_P }; 994 } 995 996 /* compute eflags.S to reg */ 997 static CCPrepare gen_prepare_eflags_s(DisasContext *s, TCGv reg) 998 { 999 switch (s->cc_op) { 1000 case CC_OP_DYNAMIC: 1001 gen_compute_eflags(s); 1002 /* FALLTHRU */ 1003 case CC_OP_EFLAGS: 1004 case CC_OP_ADCX: 1005 case CC_OP_ADOX: 1006 case CC_OP_ADCOX: 1007 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src, 1008 .mask = CC_S }; 1009 case CC_OP_CLR: 1010 case CC_OP_POPCNT: 1011 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 }; 1012 default: 1013 { 1014 MemOp size = (s->cc_op - CC_OP_ADDB) & 3; 1015 TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, true); 1016 return (CCPrepare) { .cond = TCG_COND_LT, .reg = t0, .mask = -1 }; 1017 } 1018 } 1019 } 1020 1021 /* compute eflags.O to reg */ 1022 static CCPrepare gen_prepare_eflags_o(DisasContext *s, TCGv reg) 1023 { 1024 switch (s->cc_op) { 1025 case CC_OP_ADOX: 1026 case CC_OP_ADCOX: 1027 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src2, 1028 .mask = -1, .no_setcond = true }; 1029 case CC_OP_CLR: 1030 case CC_OP_POPCNT: 1031 return (CCPrepare) { .cond = TCG_COND_NEVER, .mask = -1 }; 1032 default: 1033 gen_compute_eflags(s); 1034 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src, 1035 .mask = CC_O }; 1036 } 1037 } 1038 1039 /* compute eflags.Z to reg */ 1040 static CCPrepare gen_prepare_eflags_z(DisasContext *s, TCGv reg) 1041 { 1042 switch (s->cc_op) { 1043 case CC_OP_DYNAMIC: 1044 gen_compute_eflags(s); 1045 /* FALLTHRU */ 1046 case CC_OP_EFLAGS: 1047 case CC_OP_ADCX: 1048 case CC_OP_ADOX: 1049 case CC_OP_ADCOX: 1050 return (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src, 1051 .mask = CC_Z }; 1052 case CC_OP_CLR: 1053 return (CCPrepare) { .cond = TCG_COND_ALWAYS, .mask = -1 }; 1054 case CC_OP_POPCNT: 1055 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = cpu_cc_src, 1056 .mask = -1 }; 1057 default: 1058 { 1059 MemOp size = (s->cc_op - CC_OP_ADDB) & 3; 1060 TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, false); 1061 return (CCPrepare) { .cond = TCG_COND_EQ, .reg = t0, .mask = -1 }; 1062 } 1063 } 1064 } 1065 1066 /* perform a conditional store into register 'reg' according to jump opcode 1067 value 'b'. In the fast case, T0 is guaranted not to be used. */ 1068 static CCPrepare gen_prepare_cc(DisasContext *s, int b, TCGv reg) 1069 { 1070 int inv, jcc_op, cond; 1071 MemOp size; 1072 CCPrepare cc; 1073 TCGv t0; 1074 1075 inv = b & 1; 1076 jcc_op = (b >> 1) & 7; 1077 1078 switch (s->cc_op) { 1079 case CC_OP_SUBB ... CC_OP_SUBQ: 1080 /* We optimize relational operators for the cmp/jcc case. */ 1081 size = s->cc_op - CC_OP_SUBB; 1082 switch (jcc_op) { 1083 case JCC_BE: 1084 tcg_gen_mov_tl(s->tmp4, s->cc_srcT); 1085 gen_extu(size, s->tmp4); 1086 t0 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false); 1087 cc = (CCPrepare) { .cond = TCG_COND_LEU, .reg = s->tmp4, 1088 .reg2 = t0, .mask = -1, .use_reg2 = true }; 1089 break; 1090 1091 case JCC_L: 1092 cond = TCG_COND_LT; 1093 goto fast_jcc_l; 1094 case JCC_LE: 1095 cond = TCG_COND_LE; 1096 fast_jcc_l: 1097 tcg_gen_mov_tl(s->tmp4, s->cc_srcT); 1098 gen_exts(size, s->tmp4); 1099 t0 = gen_ext_tl(s->tmp0, cpu_cc_src, size, true); 1100 cc = (CCPrepare) { .cond = cond, .reg = s->tmp4, 1101 .reg2 = t0, .mask = -1, .use_reg2 = true }; 1102 break; 1103 1104 default: 1105 goto slow_jcc; 1106 } 1107 break; 1108 1109 default: 1110 slow_jcc: 1111 /* This actually generates good code for JC, JZ and JS. */ 1112 switch (jcc_op) { 1113 case JCC_O: 1114 cc = gen_prepare_eflags_o(s, reg); 1115 break; 1116 case JCC_B: 1117 cc = gen_prepare_eflags_c(s, reg); 1118 break; 1119 case JCC_Z: 1120 cc = gen_prepare_eflags_z(s, reg); 1121 break; 1122 case JCC_BE: 1123 gen_compute_eflags(s); 1124 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = cpu_cc_src, 1125 .mask = CC_Z | CC_C }; 1126 break; 1127 case JCC_S: 1128 cc = gen_prepare_eflags_s(s, reg); 1129 break; 1130 case JCC_P: 1131 cc = gen_prepare_eflags_p(s, reg); 1132 break; 1133 case JCC_L: 1134 gen_compute_eflags(s); 1135 if (reg == cpu_cc_src) { 1136 reg = s->tmp0; 1137 } 1138 tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */ 1139 tcg_gen_xor_tl(reg, reg, cpu_cc_src); 1140 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = reg, 1141 .mask = CC_S }; 1142 break; 1143 default: 1144 case JCC_LE: 1145 gen_compute_eflags(s); 1146 if (reg == cpu_cc_src) { 1147 reg = s->tmp0; 1148 } 1149 tcg_gen_shri_tl(reg, cpu_cc_src, 4); /* CC_O -> CC_S */ 1150 tcg_gen_xor_tl(reg, reg, cpu_cc_src); 1151 cc = (CCPrepare) { .cond = TCG_COND_NE, .reg = reg, 1152 .mask = CC_S | CC_Z }; 1153 break; 1154 } 1155 break; 1156 } 1157 1158 if (inv) { 1159 cc.cond = tcg_invert_cond(cc.cond); 1160 } 1161 return cc; 1162 } 1163 1164 static void gen_setcc1(DisasContext *s, int b, TCGv reg) 1165 { 1166 CCPrepare cc = gen_prepare_cc(s, b, reg); 1167 1168 if (cc.no_setcond) { 1169 if (cc.cond == TCG_COND_EQ) { 1170 tcg_gen_xori_tl(reg, cc.reg, 1); 1171 } else { 1172 tcg_gen_mov_tl(reg, cc.reg); 1173 } 1174 return; 1175 } 1176 1177 if (cc.cond == TCG_COND_NE && !cc.use_reg2 && cc.imm == 0 && 1178 cc.mask != 0 && (cc.mask & (cc.mask - 1)) == 0) { 1179 tcg_gen_shri_tl(reg, cc.reg, ctztl(cc.mask)); 1180 tcg_gen_andi_tl(reg, reg, 1); 1181 return; 1182 } 1183 if (cc.mask != -1) { 1184 tcg_gen_andi_tl(reg, cc.reg, cc.mask); 1185 cc.reg = reg; 1186 } 1187 if (cc.use_reg2) { 1188 tcg_gen_setcond_tl(cc.cond, reg, cc.reg, cc.reg2); 1189 } else { 1190 tcg_gen_setcondi_tl(cc.cond, reg, cc.reg, cc.imm); 1191 } 1192 } 1193 1194 static inline void gen_compute_eflags_c(DisasContext *s, TCGv reg) 1195 { 1196 gen_setcc1(s, JCC_B << 1, reg); 1197 } 1198 1199 /* generate a conditional jump to label 'l1' according to jump opcode 1200 value 'b'. In the fast case, T0 is guaranted not to be used. */ 1201 static inline void gen_jcc1_noeob(DisasContext *s, int b, TCGLabel *l1) 1202 { 1203 CCPrepare cc = gen_prepare_cc(s, b, s->T0); 1204 1205 if (cc.mask != -1) { 1206 tcg_gen_andi_tl(s->T0, cc.reg, cc.mask); 1207 cc.reg = s->T0; 1208 } 1209 if (cc.use_reg2) { 1210 tcg_gen_brcond_tl(cc.cond, cc.reg, cc.reg2, l1); 1211 } else { 1212 tcg_gen_brcondi_tl(cc.cond, cc.reg, cc.imm, l1); 1213 } 1214 } 1215 1216 /* Generate a conditional jump to label 'l1' according to jump opcode 1217 value 'b'. In the fast case, T0 is guaranted not to be used. 1218 A translation block must end soon. */ 1219 static inline void gen_jcc1(DisasContext *s, int b, TCGLabel *l1) 1220 { 1221 CCPrepare cc = gen_prepare_cc(s, b, s->T0); 1222 1223 gen_update_cc_op(s); 1224 if (cc.mask != -1) { 1225 tcg_gen_andi_tl(s->T0, cc.reg, cc.mask); 1226 cc.reg = s->T0; 1227 } 1228 set_cc_op(s, CC_OP_DYNAMIC); 1229 if (cc.use_reg2) { 1230 tcg_gen_brcond_tl(cc.cond, cc.reg, cc.reg2, l1); 1231 } else { 1232 tcg_gen_brcondi_tl(cc.cond, cc.reg, cc.imm, l1); 1233 } 1234 } 1235 1236 /* XXX: does not work with gdbstub "ice" single step - not a 1237 serious problem */ 1238 static TCGLabel *gen_jz_ecx_string(DisasContext *s) 1239 { 1240 TCGLabel *l1 = gen_new_label(); 1241 TCGLabel *l2 = gen_new_label(); 1242 gen_op_jnz_ecx(s, l1); 1243 gen_set_label(l2); 1244 gen_jmp_rel_csize(s, 0, 1); 1245 gen_set_label(l1); 1246 return l2; 1247 } 1248 1249 static void gen_stos(DisasContext *s, MemOp ot) 1250 { 1251 gen_op_mov_v_reg(s, MO_32, s->T0, R_EAX); 1252 gen_string_movl_A0_EDI(s); 1253 gen_op_st_v(s, ot, s->T0, s->A0); 1254 gen_op_movl_T0_Dshift(s, ot); 1255 gen_op_add_reg_T0(s, s->aflag, R_EDI); 1256 } 1257 1258 static void gen_lods(DisasContext *s, MemOp ot) 1259 { 1260 gen_string_movl_A0_ESI(s); 1261 gen_op_ld_v(s, ot, s->T0, s->A0); 1262 gen_op_mov_reg_v(s, ot, R_EAX, s->T0); 1263 gen_op_movl_T0_Dshift(s, ot); 1264 gen_op_add_reg_T0(s, s->aflag, R_ESI); 1265 } 1266 1267 static void gen_scas(DisasContext *s, MemOp ot) 1268 { 1269 gen_string_movl_A0_EDI(s); 1270 gen_op_ld_v(s, ot, s->T1, s->A0); 1271 gen_op(s, OP_CMPL, ot, R_EAX); 1272 gen_op_movl_T0_Dshift(s, ot); 1273 gen_op_add_reg_T0(s, s->aflag, R_EDI); 1274 } 1275 1276 static void gen_cmps(DisasContext *s, MemOp ot) 1277 { 1278 gen_string_movl_A0_EDI(s); 1279 gen_op_ld_v(s, ot, s->T1, s->A0); 1280 gen_string_movl_A0_ESI(s); 1281 gen_op(s, OP_CMPL, ot, OR_TMP0); 1282 gen_op_movl_T0_Dshift(s, ot); 1283 gen_op_add_reg_T0(s, s->aflag, R_ESI); 1284 gen_op_add_reg_T0(s, s->aflag, R_EDI); 1285 } 1286 1287 static void gen_bpt_io(DisasContext *s, TCGv_i32 t_port, int ot) 1288 { 1289 if (s->flags & HF_IOBPT_MASK) { 1290 #ifdef CONFIG_USER_ONLY 1291 /* user-mode cpu should not be in IOBPT mode */ 1292 g_assert_not_reached(); 1293 #else 1294 TCGv_i32 t_size = tcg_constant_i32(1 << ot); 1295 TCGv t_next = eip_next_tl(s); 1296 gen_helper_bpt_io(cpu_env, t_port, t_size, t_next); 1297 #endif /* CONFIG_USER_ONLY */ 1298 } 1299 } 1300 1301 static void gen_ins(DisasContext *s, MemOp ot) 1302 { 1303 gen_string_movl_A0_EDI(s); 1304 /* Note: we must do this dummy write first to be restartable in 1305 case of page fault. */ 1306 tcg_gen_movi_tl(s->T0, 0); 1307 gen_op_st_v(s, ot, s->T0, s->A0); 1308 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]); 1309 tcg_gen_andi_i32(s->tmp2_i32, s->tmp2_i32, 0xffff); 1310 gen_helper_in_func(ot, s->T0, s->tmp2_i32); 1311 gen_op_st_v(s, ot, s->T0, s->A0); 1312 gen_op_movl_T0_Dshift(s, ot); 1313 gen_op_add_reg_T0(s, s->aflag, R_EDI); 1314 gen_bpt_io(s, s->tmp2_i32, ot); 1315 } 1316 1317 static void gen_outs(DisasContext *s, MemOp ot) 1318 { 1319 gen_string_movl_A0_ESI(s); 1320 gen_op_ld_v(s, ot, s->T0, s->A0); 1321 1322 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]); 1323 tcg_gen_andi_i32(s->tmp2_i32, s->tmp2_i32, 0xffff); 1324 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T0); 1325 gen_helper_out_func(ot, s->tmp2_i32, s->tmp3_i32); 1326 gen_op_movl_T0_Dshift(s, ot); 1327 gen_op_add_reg_T0(s, s->aflag, R_ESI); 1328 gen_bpt_io(s, s->tmp2_i32, ot); 1329 } 1330 1331 /* Generate jumps to current or next instruction */ 1332 static void gen_repz(DisasContext *s, MemOp ot, 1333 void (*fn)(DisasContext *s, MemOp ot)) 1334 { 1335 TCGLabel *l2; 1336 gen_update_cc_op(s); 1337 l2 = gen_jz_ecx_string(s); 1338 fn(s, ot); 1339 gen_op_add_reg_im(s, s->aflag, R_ECX, -1); 1340 /* 1341 * A loop would cause two single step exceptions if ECX = 1 1342 * before rep string_insn 1343 */ 1344 if (s->repz_opt) { 1345 gen_op_jz_ecx(s, l2); 1346 } 1347 gen_jmp_rel_csize(s, -cur_insn_len(s), 0); 1348 } 1349 1350 #define GEN_REPZ(op) \ 1351 static inline void gen_repz_ ## op(DisasContext *s, MemOp ot) \ 1352 { gen_repz(s, ot, gen_##op); } 1353 1354 static void gen_repz2(DisasContext *s, MemOp ot, int nz, 1355 void (*fn)(DisasContext *s, MemOp ot)) 1356 { 1357 TCGLabel *l2; 1358 gen_update_cc_op(s); 1359 l2 = gen_jz_ecx_string(s); 1360 fn(s, ot); 1361 gen_op_add_reg_im(s, s->aflag, R_ECX, -1); 1362 gen_update_cc_op(s); 1363 gen_jcc1(s, (JCC_Z << 1) | (nz ^ 1), l2); 1364 if (s->repz_opt) { 1365 gen_op_jz_ecx(s, l2); 1366 } 1367 gen_jmp_rel_csize(s, -cur_insn_len(s), 0); 1368 } 1369 1370 #define GEN_REPZ2(op) \ 1371 static inline void gen_repz_ ## op(DisasContext *s, MemOp ot, int nz) \ 1372 { gen_repz2(s, ot, nz, gen_##op); } 1373 1374 GEN_REPZ(movs) 1375 GEN_REPZ(stos) 1376 GEN_REPZ(lods) 1377 GEN_REPZ(ins) 1378 GEN_REPZ(outs) 1379 GEN_REPZ2(scas) 1380 GEN_REPZ2(cmps) 1381 1382 static void gen_helper_fp_arith_ST0_FT0(int op) 1383 { 1384 switch (op) { 1385 case 0: 1386 gen_helper_fadd_ST0_FT0(cpu_env); 1387 break; 1388 case 1: 1389 gen_helper_fmul_ST0_FT0(cpu_env); 1390 break; 1391 case 2: 1392 gen_helper_fcom_ST0_FT0(cpu_env); 1393 break; 1394 case 3: 1395 gen_helper_fcom_ST0_FT0(cpu_env); 1396 break; 1397 case 4: 1398 gen_helper_fsub_ST0_FT0(cpu_env); 1399 break; 1400 case 5: 1401 gen_helper_fsubr_ST0_FT0(cpu_env); 1402 break; 1403 case 6: 1404 gen_helper_fdiv_ST0_FT0(cpu_env); 1405 break; 1406 case 7: 1407 gen_helper_fdivr_ST0_FT0(cpu_env); 1408 break; 1409 } 1410 } 1411 1412 /* NOTE the exception in "r" op ordering */ 1413 static void gen_helper_fp_arith_STN_ST0(int op, int opreg) 1414 { 1415 TCGv_i32 tmp = tcg_constant_i32(opreg); 1416 switch (op) { 1417 case 0: 1418 gen_helper_fadd_STN_ST0(cpu_env, tmp); 1419 break; 1420 case 1: 1421 gen_helper_fmul_STN_ST0(cpu_env, tmp); 1422 break; 1423 case 4: 1424 gen_helper_fsubr_STN_ST0(cpu_env, tmp); 1425 break; 1426 case 5: 1427 gen_helper_fsub_STN_ST0(cpu_env, tmp); 1428 break; 1429 case 6: 1430 gen_helper_fdivr_STN_ST0(cpu_env, tmp); 1431 break; 1432 case 7: 1433 gen_helper_fdiv_STN_ST0(cpu_env, tmp); 1434 break; 1435 } 1436 } 1437 1438 static void gen_exception(DisasContext *s, int trapno) 1439 { 1440 gen_update_cc_op(s); 1441 gen_update_eip_cur(s); 1442 gen_helper_raise_exception(cpu_env, tcg_constant_i32(trapno)); 1443 s->base.is_jmp = DISAS_NORETURN; 1444 } 1445 1446 /* Generate #UD for the current instruction. The assumption here is that 1447 the instruction is known, but it isn't allowed in the current cpu mode. */ 1448 static void gen_illegal_opcode(DisasContext *s) 1449 { 1450 gen_exception(s, EXCP06_ILLOP); 1451 } 1452 1453 /* Generate #GP for the current instruction. */ 1454 static void gen_exception_gpf(DisasContext *s) 1455 { 1456 gen_exception(s, EXCP0D_GPF); 1457 } 1458 1459 /* Check for cpl == 0; if not, raise #GP and return false. */ 1460 static bool check_cpl0(DisasContext *s) 1461 { 1462 if (CPL(s) == 0) { 1463 return true; 1464 } 1465 gen_exception_gpf(s); 1466 return false; 1467 } 1468 1469 /* If vm86, check for iopl == 3; if not, raise #GP and return false. */ 1470 static bool check_vm86_iopl(DisasContext *s) 1471 { 1472 if (!VM86(s) || IOPL(s) == 3) { 1473 return true; 1474 } 1475 gen_exception_gpf(s); 1476 return false; 1477 } 1478 1479 /* Check for iopl allowing access; if not, raise #GP and return false. */ 1480 static bool check_iopl(DisasContext *s) 1481 { 1482 if (VM86(s) ? IOPL(s) == 3 : CPL(s) <= IOPL(s)) { 1483 return true; 1484 } 1485 gen_exception_gpf(s); 1486 return false; 1487 } 1488 1489 /* if d == OR_TMP0, it means memory operand (address in A0) */ 1490 static void gen_op(DisasContext *s1, int op, MemOp ot, int d) 1491 { 1492 if (d != OR_TMP0) { 1493 if (s1->prefix & PREFIX_LOCK) { 1494 /* Lock prefix when destination is not memory. */ 1495 gen_illegal_opcode(s1); 1496 return; 1497 } 1498 gen_op_mov_v_reg(s1, ot, s1->T0, d); 1499 } else if (!(s1->prefix & PREFIX_LOCK)) { 1500 gen_op_ld_v(s1, ot, s1->T0, s1->A0); 1501 } 1502 switch(op) { 1503 case OP_ADCL: 1504 gen_compute_eflags_c(s1, s1->tmp4); 1505 if (s1->prefix & PREFIX_LOCK) { 1506 tcg_gen_add_tl(s1->T0, s1->tmp4, s1->T1); 1507 tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0, 1508 s1->mem_index, ot | MO_LE); 1509 } else { 1510 tcg_gen_add_tl(s1->T0, s1->T0, s1->T1); 1511 tcg_gen_add_tl(s1->T0, s1->T0, s1->tmp4); 1512 gen_op_st_rm_T0_A0(s1, ot, d); 1513 } 1514 gen_op_update3_cc(s1, s1->tmp4); 1515 set_cc_op(s1, CC_OP_ADCB + ot); 1516 break; 1517 case OP_SBBL: 1518 gen_compute_eflags_c(s1, s1->tmp4); 1519 if (s1->prefix & PREFIX_LOCK) { 1520 tcg_gen_add_tl(s1->T0, s1->T1, s1->tmp4); 1521 tcg_gen_neg_tl(s1->T0, s1->T0); 1522 tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0, 1523 s1->mem_index, ot | MO_LE); 1524 } else { 1525 tcg_gen_sub_tl(s1->T0, s1->T0, s1->T1); 1526 tcg_gen_sub_tl(s1->T0, s1->T0, s1->tmp4); 1527 gen_op_st_rm_T0_A0(s1, ot, d); 1528 } 1529 gen_op_update3_cc(s1, s1->tmp4); 1530 set_cc_op(s1, CC_OP_SBBB + ot); 1531 break; 1532 case OP_ADDL: 1533 if (s1->prefix & PREFIX_LOCK) { 1534 tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T1, 1535 s1->mem_index, ot | MO_LE); 1536 } else { 1537 tcg_gen_add_tl(s1->T0, s1->T0, s1->T1); 1538 gen_op_st_rm_T0_A0(s1, ot, d); 1539 } 1540 gen_op_update2_cc(s1); 1541 set_cc_op(s1, CC_OP_ADDB + ot); 1542 break; 1543 case OP_SUBL: 1544 if (s1->prefix & PREFIX_LOCK) { 1545 tcg_gen_neg_tl(s1->T0, s1->T1); 1546 tcg_gen_atomic_fetch_add_tl(s1->cc_srcT, s1->A0, s1->T0, 1547 s1->mem_index, ot | MO_LE); 1548 tcg_gen_sub_tl(s1->T0, s1->cc_srcT, s1->T1); 1549 } else { 1550 tcg_gen_mov_tl(s1->cc_srcT, s1->T0); 1551 tcg_gen_sub_tl(s1->T0, s1->T0, s1->T1); 1552 gen_op_st_rm_T0_A0(s1, ot, d); 1553 } 1554 gen_op_update2_cc(s1); 1555 set_cc_op(s1, CC_OP_SUBB + ot); 1556 break; 1557 default: 1558 case OP_ANDL: 1559 if (s1->prefix & PREFIX_LOCK) { 1560 tcg_gen_atomic_and_fetch_tl(s1->T0, s1->A0, s1->T1, 1561 s1->mem_index, ot | MO_LE); 1562 } else { 1563 tcg_gen_and_tl(s1->T0, s1->T0, s1->T1); 1564 gen_op_st_rm_T0_A0(s1, ot, d); 1565 } 1566 gen_op_update1_cc(s1); 1567 set_cc_op(s1, CC_OP_LOGICB + ot); 1568 break; 1569 case OP_ORL: 1570 if (s1->prefix & PREFIX_LOCK) { 1571 tcg_gen_atomic_or_fetch_tl(s1->T0, s1->A0, s1->T1, 1572 s1->mem_index, ot | MO_LE); 1573 } else { 1574 tcg_gen_or_tl(s1->T0, s1->T0, s1->T1); 1575 gen_op_st_rm_T0_A0(s1, ot, d); 1576 } 1577 gen_op_update1_cc(s1); 1578 set_cc_op(s1, CC_OP_LOGICB + ot); 1579 break; 1580 case OP_XORL: 1581 if (s1->prefix & PREFIX_LOCK) { 1582 tcg_gen_atomic_xor_fetch_tl(s1->T0, s1->A0, s1->T1, 1583 s1->mem_index, ot | MO_LE); 1584 } else { 1585 tcg_gen_xor_tl(s1->T0, s1->T0, s1->T1); 1586 gen_op_st_rm_T0_A0(s1, ot, d); 1587 } 1588 gen_op_update1_cc(s1); 1589 set_cc_op(s1, CC_OP_LOGICB + ot); 1590 break; 1591 case OP_CMPL: 1592 tcg_gen_mov_tl(cpu_cc_src, s1->T1); 1593 tcg_gen_mov_tl(s1->cc_srcT, s1->T0); 1594 tcg_gen_sub_tl(cpu_cc_dst, s1->T0, s1->T1); 1595 set_cc_op(s1, CC_OP_SUBB + ot); 1596 break; 1597 } 1598 } 1599 1600 /* if d == OR_TMP0, it means memory operand (address in A0) */ 1601 static void gen_inc(DisasContext *s1, MemOp ot, int d, int c) 1602 { 1603 if (s1->prefix & PREFIX_LOCK) { 1604 if (d != OR_TMP0) { 1605 /* Lock prefix when destination is not memory */ 1606 gen_illegal_opcode(s1); 1607 return; 1608 } 1609 tcg_gen_movi_tl(s1->T0, c > 0 ? 1 : -1); 1610 tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0, 1611 s1->mem_index, ot | MO_LE); 1612 } else { 1613 if (d != OR_TMP0) { 1614 gen_op_mov_v_reg(s1, ot, s1->T0, d); 1615 } else { 1616 gen_op_ld_v(s1, ot, s1->T0, s1->A0); 1617 } 1618 tcg_gen_addi_tl(s1->T0, s1->T0, (c > 0 ? 1 : -1)); 1619 gen_op_st_rm_T0_A0(s1, ot, d); 1620 } 1621 1622 gen_compute_eflags_c(s1, cpu_cc_src); 1623 tcg_gen_mov_tl(cpu_cc_dst, s1->T0); 1624 set_cc_op(s1, (c > 0 ? CC_OP_INCB : CC_OP_DECB) + ot); 1625 } 1626 1627 static void gen_shift_flags(DisasContext *s, MemOp ot, TCGv result, 1628 TCGv shm1, TCGv count, bool is_right) 1629 { 1630 TCGv_i32 z32, s32, oldop; 1631 TCGv z_tl; 1632 1633 /* Store the results into the CC variables. If we know that the 1634 variable must be dead, store unconditionally. Otherwise we'll 1635 need to not disrupt the current contents. */ 1636 z_tl = tcg_constant_tl(0); 1637 if (cc_op_live[s->cc_op] & USES_CC_DST) { 1638 tcg_gen_movcond_tl(TCG_COND_NE, cpu_cc_dst, count, z_tl, 1639 result, cpu_cc_dst); 1640 } else { 1641 tcg_gen_mov_tl(cpu_cc_dst, result); 1642 } 1643 if (cc_op_live[s->cc_op] & USES_CC_SRC) { 1644 tcg_gen_movcond_tl(TCG_COND_NE, cpu_cc_src, count, z_tl, 1645 shm1, cpu_cc_src); 1646 } else { 1647 tcg_gen_mov_tl(cpu_cc_src, shm1); 1648 } 1649 1650 /* Get the two potential CC_OP values into temporaries. */ 1651 tcg_gen_movi_i32(s->tmp2_i32, (is_right ? CC_OP_SARB : CC_OP_SHLB) + ot); 1652 if (s->cc_op == CC_OP_DYNAMIC) { 1653 oldop = cpu_cc_op; 1654 } else { 1655 tcg_gen_movi_i32(s->tmp3_i32, s->cc_op); 1656 oldop = s->tmp3_i32; 1657 } 1658 1659 /* Conditionally store the CC_OP value. */ 1660 z32 = tcg_constant_i32(0); 1661 s32 = tcg_temp_new_i32(); 1662 tcg_gen_trunc_tl_i32(s32, count); 1663 tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, s32, z32, s->tmp2_i32, oldop); 1664 1665 /* The CC_OP value is no longer predictable. */ 1666 set_cc_op(s, CC_OP_DYNAMIC); 1667 } 1668 1669 static void gen_shift_rm_T1(DisasContext *s, MemOp ot, int op1, 1670 int is_right, int is_arith) 1671 { 1672 target_ulong mask = (ot == MO_64 ? 0x3f : 0x1f); 1673 1674 /* load */ 1675 if (op1 == OR_TMP0) { 1676 gen_op_ld_v(s, ot, s->T0, s->A0); 1677 } else { 1678 gen_op_mov_v_reg(s, ot, s->T0, op1); 1679 } 1680 1681 tcg_gen_andi_tl(s->T1, s->T1, mask); 1682 tcg_gen_subi_tl(s->tmp0, s->T1, 1); 1683 1684 if (is_right) { 1685 if (is_arith) { 1686 gen_exts(ot, s->T0); 1687 tcg_gen_sar_tl(s->tmp0, s->T0, s->tmp0); 1688 tcg_gen_sar_tl(s->T0, s->T0, s->T1); 1689 } else { 1690 gen_extu(ot, s->T0); 1691 tcg_gen_shr_tl(s->tmp0, s->T0, s->tmp0); 1692 tcg_gen_shr_tl(s->T0, s->T0, s->T1); 1693 } 1694 } else { 1695 tcg_gen_shl_tl(s->tmp0, s->T0, s->tmp0); 1696 tcg_gen_shl_tl(s->T0, s->T0, s->T1); 1697 } 1698 1699 /* store */ 1700 gen_op_st_rm_T0_A0(s, ot, op1); 1701 1702 gen_shift_flags(s, ot, s->T0, s->tmp0, s->T1, is_right); 1703 } 1704 1705 static void gen_shift_rm_im(DisasContext *s, MemOp ot, int op1, int op2, 1706 int is_right, int is_arith) 1707 { 1708 int mask = (ot == MO_64 ? 0x3f : 0x1f); 1709 1710 /* load */ 1711 if (op1 == OR_TMP0) 1712 gen_op_ld_v(s, ot, s->T0, s->A0); 1713 else 1714 gen_op_mov_v_reg(s, ot, s->T0, op1); 1715 1716 op2 &= mask; 1717 if (op2 != 0) { 1718 if (is_right) { 1719 if (is_arith) { 1720 gen_exts(ot, s->T0); 1721 tcg_gen_sari_tl(s->tmp4, s->T0, op2 - 1); 1722 tcg_gen_sari_tl(s->T0, s->T0, op2); 1723 } else { 1724 gen_extu(ot, s->T0); 1725 tcg_gen_shri_tl(s->tmp4, s->T0, op2 - 1); 1726 tcg_gen_shri_tl(s->T0, s->T0, op2); 1727 } 1728 } else { 1729 tcg_gen_shli_tl(s->tmp4, s->T0, op2 - 1); 1730 tcg_gen_shli_tl(s->T0, s->T0, op2); 1731 } 1732 } 1733 1734 /* store */ 1735 gen_op_st_rm_T0_A0(s, ot, op1); 1736 1737 /* update eflags if non zero shift */ 1738 if (op2 != 0) { 1739 tcg_gen_mov_tl(cpu_cc_src, s->tmp4); 1740 tcg_gen_mov_tl(cpu_cc_dst, s->T0); 1741 set_cc_op(s, (is_right ? CC_OP_SARB : CC_OP_SHLB) + ot); 1742 } 1743 } 1744 1745 static void gen_rot_rm_T1(DisasContext *s, MemOp ot, int op1, int is_right) 1746 { 1747 target_ulong mask = (ot == MO_64 ? 0x3f : 0x1f); 1748 TCGv_i32 t0, t1; 1749 1750 /* load */ 1751 if (op1 == OR_TMP0) { 1752 gen_op_ld_v(s, ot, s->T0, s->A0); 1753 } else { 1754 gen_op_mov_v_reg(s, ot, s->T0, op1); 1755 } 1756 1757 tcg_gen_andi_tl(s->T1, s->T1, mask); 1758 1759 switch (ot) { 1760 case MO_8: 1761 /* Replicate the 8-bit input so that a 32-bit rotate works. */ 1762 tcg_gen_ext8u_tl(s->T0, s->T0); 1763 tcg_gen_muli_tl(s->T0, s->T0, 0x01010101); 1764 goto do_long; 1765 case MO_16: 1766 /* Replicate the 16-bit input so that a 32-bit rotate works. */ 1767 tcg_gen_deposit_tl(s->T0, s->T0, s->T0, 16, 16); 1768 goto do_long; 1769 do_long: 1770 #ifdef TARGET_X86_64 1771 case MO_32: 1772 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); 1773 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1); 1774 if (is_right) { 1775 tcg_gen_rotr_i32(s->tmp2_i32, s->tmp2_i32, s->tmp3_i32); 1776 } else { 1777 tcg_gen_rotl_i32(s->tmp2_i32, s->tmp2_i32, s->tmp3_i32); 1778 } 1779 tcg_gen_extu_i32_tl(s->T0, s->tmp2_i32); 1780 break; 1781 #endif 1782 default: 1783 if (is_right) { 1784 tcg_gen_rotr_tl(s->T0, s->T0, s->T1); 1785 } else { 1786 tcg_gen_rotl_tl(s->T0, s->T0, s->T1); 1787 } 1788 break; 1789 } 1790 1791 /* store */ 1792 gen_op_st_rm_T0_A0(s, ot, op1); 1793 1794 /* We'll need the flags computed into CC_SRC. */ 1795 gen_compute_eflags(s); 1796 1797 /* The value that was "rotated out" is now present at the other end 1798 of the word. Compute C into CC_DST and O into CC_SRC2. Note that 1799 since we've computed the flags into CC_SRC, these variables are 1800 currently dead. */ 1801 if (is_right) { 1802 tcg_gen_shri_tl(cpu_cc_src2, s->T0, mask - 1); 1803 tcg_gen_shri_tl(cpu_cc_dst, s->T0, mask); 1804 tcg_gen_andi_tl(cpu_cc_dst, cpu_cc_dst, 1); 1805 } else { 1806 tcg_gen_shri_tl(cpu_cc_src2, s->T0, mask); 1807 tcg_gen_andi_tl(cpu_cc_dst, s->T0, 1); 1808 } 1809 tcg_gen_andi_tl(cpu_cc_src2, cpu_cc_src2, 1); 1810 tcg_gen_xor_tl(cpu_cc_src2, cpu_cc_src2, cpu_cc_dst); 1811 1812 /* Now conditionally store the new CC_OP value. If the shift count 1813 is 0 we keep the CC_OP_EFLAGS setting so that only CC_SRC is live. 1814 Otherwise reuse CC_OP_ADCOX which have the C and O flags split out 1815 exactly as we computed above. */ 1816 t0 = tcg_constant_i32(0); 1817 t1 = tcg_temp_new_i32(); 1818 tcg_gen_trunc_tl_i32(t1, s->T1); 1819 tcg_gen_movi_i32(s->tmp2_i32, CC_OP_ADCOX); 1820 tcg_gen_movi_i32(s->tmp3_i32, CC_OP_EFLAGS); 1821 tcg_gen_movcond_i32(TCG_COND_NE, cpu_cc_op, t1, t0, 1822 s->tmp2_i32, s->tmp3_i32); 1823 1824 /* The CC_OP value is no longer predictable. */ 1825 set_cc_op(s, CC_OP_DYNAMIC); 1826 } 1827 1828 static void gen_rot_rm_im(DisasContext *s, MemOp ot, int op1, int op2, 1829 int is_right) 1830 { 1831 int mask = (ot == MO_64 ? 0x3f : 0x1f); 1832 int shift; 1833 1834 /* load */ 1835 if (op1 == OR_TMP0) { 1836 gen_op_ld_v(s, ot, s->T0, s->A0); 1837 } else { 1838 gen_op_mov_v_reg(s, ot, s->T0, op1); 1839 } 1840 1841 op2 &= mask; 1842 if (op2 != 0) { 1843 switch (ot) { 1844 #ifdef TARGET_X86_64 1845 case MO_32: 1846 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); 1847 if (is_right) { 1848 tcg_gen_rotri_i32(s->tmp2_i32, s->tmp2_i32, op2); 1849 } else { 1850 tcg_gen_rotli_i32(s->tmp2_i32, s->tmp2_i32, op2); 1851 } 1852 tcg_gen_extu_i32_tl(s->T0, s->tmp2_i32); 1853 break; 1854 #endif 1855 default: 1856 if (is_right) { 1857 tcg_gen_rotri_tl(s->T0, s->T0, op2); 1858 } else { 1859 tcg_gen_rotli_tl(s->T0, s->T0, op2); 1860 } 1861 break; 1862 case MO_8: 1863 mask = 7; 1864 goto do_shifts; 1865 case MO_16: 1866 mask = 15; 1867 do_shifts: 1868 shift = op2 & mask; 1869 if (is_right) { 1870 shift = mask + 1 - shift; 1871 } 1872 gen_extu(ot, s->T0); 1873 tcg_gen_shli_tl(s->tmp0, s->T0, shift); 1874 tcg_gen_shri_tl(s->T0, s->T0, mask + 1 - shift); 1875 tcg_gen_or_tl(s->T0, s->T0, s->tmp0); 1876 break; 1877 } 1878 } 1879 1880 /* store */ 1881 gen_op_st_rm_T0_A0(s, ot, op1); 1882 1883 if (op2 != 0) { 1884 /* Compute the flags into CC_SRC. */ 1885 gen_compute_eflags(s); 1886 1887 /* The value that was "rotated out" is now present at the other end 1888 of the word. Compute C into CC_DST and O into CC_SRC2. Note that 1889 since we've computed the flags into CC_SRC, these variables are 1890 currently dead. */ 1891 if (is_right) { 1892 tcg_gen_shri_tl(cpu_cc_src2, s->T0, mask - 1); 1893 tcg_gen_shri_tl(cpu_cc_dst, s->T0, mask); 1894 tcg_gen_andi_tl(cpu_cc_dst, cpu_cc_dst, 1); 1895 } else { 1896 tcg_gen_shri_tl(cpu_cc_src2, s->T0, mask); 1897 tcg_gen_andi_tl(cpu_cc_dst, s->T0, 1); 1898 } 1899 tcg_gen_andi_tl(cpu_cc_src2, cpu_cc_src2, 1); 1900 tcg_gen_xor_tl(cpu_cc_src2, cpu_cc_src2, cpu_cc_dst); 1901 set_cc_op(s, CC_OP_ADCOX); 1902 } 1903 } 1904 1905 /* XXX: add faster immediate = 1 case */ 1906 static void gen_rotc_rm_T1(DisasContext *s, MemOp ot, int op1, 1907 int is_right) 1908 { 1909 gen_compute_eflags(s); 1910 assert(s->cc_op == CC_OP_EFLAGS); 1911 1912 /* load */ 1913 if (op1 == OR_TMP0) 1914 gen_op_ld_v(s, ot, s->T0, s->A0); 1915 else 1916 gen_op_mov_v_reg(s, ot, s->T0, op1); 1917 1918 if (is_right) { 1919 switch (ot) { 1920 case MO_8: 1921 gen_helper_rcrb(s->T0, cpu_env, s->T0, s->T1); 1922 break; 1923 case MO_16: 1924 gen_helper_rcrw(s->T0, cpu_env, s->T0, s->T1); 1925 break; 1926 case MO_32: 1927 gen_helper_rcrl(s->T0, cpu_env, s->T0, s->T1); 1928 break; 1929 #ifdef TARGET_X86_64 1930 case MO_64: 1931 gen_helper_rcrq(s->T0, cpu_env, s->T0, s->T1); 1932 break; 1933 #endif 1934 default: 1935 tcg_abort(); 1936 } 1937 } else { 1938 switch (ot) { 1939 case MO_8: 1940 gen_helper_rclb(s->T0, cpu_env, s->T0, s->T1); 1941 break; 1942 case MO_16: 1943 gen_helper_rclw(s->T0, cpu_env, s->T0, s->T1); 1944 break; 1945 case MO_32: 1946 gen_helper_rcll(s->T0, cpu_env, s->T0, s->T1); 1947 break; 1948 #ifdef TARGET_X86_64 1949 case MO_64: 1950 gen_helper_rclq(s->T0, cpu_env, s->T0, s->T1); 1951 break; 1952 #endif 1953 default: 1954 tcg_abort(); 1955 } 1956 } 1957 /* store */ 1958 gen_op_st_rm_T0_A0(s, ot, op1); 1959 } 1960 1961 /* XXX: add faster immediate case */ 1962 static void gen_shiftd_rm_T1(DisasContext *s, MemOp ot, int op1, 1963 bool is_right, TCGv count_in) 1964 { 1965 target_ulong mask = (ot == MO_64 ? 63 : 31); 1966 TCGv count; 1967 1968 /* load */ 1969 if (op1 == OR_TMP0) { 1970 gen_op_ld_v(s, ot, s->T0, s->A0); 1971 } else { 1972 gen_op_mov_v_reg(s, ot, s->T0, op1); 1973 } 1974 1975 count = tcg_temp_new(); 1976 tcg_gen_andi_tl(count, count_in, mask); 1977 1978 switch (ot) { 1979 case MO_16: 1980 /* Note: we implement the Intel behaviour for shift count > 16. 1981 This means "shrdw C, B, A" shifts A:B:A >> C. Build the B:A 1982 portion by constructing it as a 32-bit value. */ 1983 if (is_right) { 1984 tcg_gen_deposit_tl(s->tmp0, s->T0, s->T1, 16, 16); 1985 tcg_gen_mov_tl(s->T1, s->T0); 1986 tcg_gen_mov_tl(s->T0, s->tmp0); 1987 } else { 1988 tcg_gen_deposit_tl(s->T1, s->T0, s->T1, 16, 16); 1989 } 1990 /* 1991 * If TARGET_X86_64 defined then fall through into MO_32 case, 1992 * otherwise fall through default case. 1993 */ 1994 case MO_32: 1995 #ifdef TARGET_X86_64 1996 /* Concatenate the two 32-bit values and use a 64-bit shift. */ 1997 tcg_gen_subi_tl(s->tmp0, count, 1); 1998 if (is_right) { 1999 tcg_gen_concat_tl_i64(s->T0, s->T0, s->T1); 2000 tcg_gen_shr_i64(s->tmp0, s->T0, s->tmp0); 2001 tcg_gen_shr_i64(s->T0, s->T0, count); 2002 } else { 2003 tcg_gen_concat_tl_i64(s->T0, s->T1, s->T0); 2004 tcg_gen_shl_i64(s->tmp0, s->T0, s->tmp0); 2005 tcg_gen_shl_i64(s->T0, s->T0, count); 2006 tcg_gen_shri_i64(s->tmp0, s->tmp0, 32); 2007 tcg_gen_shri_i64(s->T0, s->T0, 32); 2008 } 2009 break; 2010 #endif 2011 default: 2012 tcg_gen_subi_tl(s->tmp0, count, 1); 2013 if (is_right) { 2014 tcg_gen_shr_tl(s->tmp0, s->T0, s->tmp0); 2015 2016 tcg_gen_subfi_tl(s->tmp4, mask + 1, count); 2017 tcg_gen_shr_tl(s->T0, s->T0, count); 2018 tcg_gen_shl_tl(s->T1, s->T1, s->tmp4); 2019 } else { 2020 tcg_gen_shl_tl(s->tmp0, s->T0, s->tmp0); 2021 if (ot == MO_16) { 2022 /* Only needed if count > 16, for Intel behaviour. */ 2023 tcg_gen_subfi_tl(s->tmp4, 33, count); 2024 tcg_gen_shr_tl(s->tmp4, s->T1, s->tmp4); 2025 tcg_gen_or_tl(s->tmp0, s->tmp0, s->tmp4); 2026 } 2027 2028 tcg_gen_subfi_tl(s->tmp4, mask + 1, count); 2029 tcg_gen_shl_tl(s->T0, s->T0, count); 2030 tcg_gen_shr_tl(s->T1, s->T1, s->tmp4); 2031 } 2032 tcg_gen_movi_tl(s->tmp4, 0); 2033 tcg_gen_movcond_tl(TCG_COND_EQ, s->T1, count, s->tmp4, 2034 s->tmp4, s->T1); 2035 tcg_gen_or_tl(s->T0, s->T0, s->T1); 2036 break; 2037 } 2038 2039 /* store */ 2040 gen_op_st_rm_T0_A0(s, ot, op1); 2041 2042 gen_shift_flags(s, ot, s->T0, s->tmp0, count, is_right); 2043 } 2044 2045 static void gen_shift(DisasContext *s1, int op, MemOp ot, int d, int s) 2046 { 2047 if (s != OR_TMP1) 2048 gen_op_mov_v_reg(s1, ot, s1->T1, s); 2049 switch(op) { 2050 case OP_ROL: 2051 gen_rot_rm_T1(s1, ot, d, 0); 2052 break; 2053 case OP_ROR: 2054 gen_rot_rm_T1(s1, ot, d, 1); 2055 break; 2056 case OP_SHL: 2057 case OP_SHL1: 2058 gen_shift_rm_T1(s1, ot, d, 0, 0); 2059 break; 2060 case OP_SHR: 2061 gen_shift_rm_T1(s1, ot, d, 1, 0); 2062 break; 2063 case OP_SAR: 2064 gen_shift_rm_T1(s1, ot, d, 1, 1); 2065 break; 2066 case OP_RCL: 2067 gen_rotc_rm_T1(s1, ot, d, 0); 2068 break; 2069 case OP_RCR: 2070 gen_rotc_rm_T1(s1, ot, d, 1); 2071 break; 2072 } 2073 } 2074 2075 static void gen_shifti(DisasContext *s1, int op, MemOp ot, int d, int c) 2076 { 2077 switch(op) { 2078 case OP_ROL: 2079 gen_rot_rm_im(s1, ot, d, c, 0); 2080 break; 2081 case OP_ROR: 2082 gen_rot_rm_im(s1, ot, d, c, 1); 2083 break; 2084 case OP_SHL: 2085 case OP_SHL1: 2086 gen_shift_rm_im(s1, ot, d, c, 0, 0); 2087 break; 2088 case OP_SHR: 2089 gen_shift_rm_im(s1, ot, d, c, 1, 0); 2090 break; 2091 case OP_SAR: 2092 gen_shift_rm_im(s1, ot, d, c, 1, 1); 2093 break; 2094 default: 2095 /* currently not optimized */ 2096 tcg_gen_movi_tl(s1->T1, c); 2097 gen_shift(s1, op, ot, d, OR_TMP1); 2098 break; 2099 } 2100 } 2101 2102 #define X86_MAX_INSN_LENGTH 15 2103 2104 static uint64_t advance_pc(CPUX86State *env, DisasContext *s, int num_bytes) 2105 { 2106 uint64_t pc = s->pc; 2107 2108 /* This is a subsequent insn that crosses a page boundary. */ 2109 if (s->base.num_insns > 1 && 2110 !is_same_page(&s->base, s->pc + num_bytes - 1)) { 2111 siglongjmp(s->jmpbuf, 2); 2112 } 2113 2114 s->pc += num_bytes; 2115 if (unlikely(cur_insn_len(s) > X86_MAX_INSN_LENGTH)) { 2116 /* If the instruction's 16th byte is on a different page than the 1st, a 2117 * page fault on the second page wins over the general protection fault 2118 * caused by the instruction being too long. 2119 * This can happen even if the operand is only one byte long! 2120 */ 2121 if (((s->pc - 1) ^ (pc - 1)) & TARGET_PAGE_MASK) { 2122 volatile uint8_t unused = 2123 cpu_ldub_code(env, (s->pc - 1) & TARGET_PAGE_MASK); 2124 (void) unused; 2125 } 2126 siglongjmp(s->jmpbuf, 1); 2127 } 2128 2129 return pc; 2130 } 2131 2132 static inline uint8_t x86_ldub_code(CPUX86State *env, DisasContext *s) 2133 { 2134 return translator_ldub(env, &s->base, advance_pc(env, s, 1)); 2135 } 2136 2137 static inline int16_t x86_ldsw_code(CPUX86State *env, DisasContext *s) 2138 { 2139 return translator_lduw(env, &s->base, advance_pc(env, s, 2)); 2140 } 2141 2142 static inline uint16_t x86_lduw_code(CPUX86State *env, DisasContext *s) 2143 { 2144 return translator_lduw(env, &s->base, advance_pc(env, s, 2)); 2145 } 2146 2147 static inline uint32_t x86_ldl_code(CPUX86State *env, DisasContext *s) 2148 { 2149 return translator_ldl(env, &s->base, advance_pc(env, s, 4)); 2150 } 2151 2152 #ifdef TARGET_X86_64 2153 static inline uint64_t x86_ldq_code(CPUX86State *env, DisasContext *s) 2154 { 2155 return translator_ldq(env, &s->base, advance_pc(env, s, 8)); 2156 } 2157 #endif 2158 2159 /* Decompose an address. */ 2160 2161 typedef struct AddressParts { 2162 int def_seg; 2163 int base; 2164 int index; 2165 int scale; 2166 target_long disp; 2167 } AddressParts; 2168 2169 static AddressParts gen_lea_modrm_0(CPUX86State *env, DisasContext *s, 2170 int modrm) 2171 { 2172 int def_seg, base, index, scale, mod, rm; 2173 target_long disp; 2174 bool havesib; 2175 2176 def_seg = R_DS; 2177 index = -1; 2178 scale = 0; 2179 disp = 0; 2180 2181 mod = (modrm >> 6) & 3; 2182 rm = modrm & 7; 2183 base = rm | REX_B(s); 2184 2185 if (mod == 3) { 2186 /* Normally filtered out earlier, but including this path 2187 simplifies multi-byte nop, as well as bndcl, bndcu, bndcn. */ 2188 goto done; 2189 } 2190 2191 switch (s->aflag) { 2192 case MO_64: 2193 case MO_32: 2194 havesib = 0; 2195 if (rm == 4) { 2196 int code = x86_ldub_code(env, s); 2197 scale = (code >> 6) & 3; 2198 index = ((code >> 3) & 7) | REX_X(s); 2199 if (index == 4) { 2200 index = -1; /* no index */ 2201 } 2202 base = (code & 7) | REX_B(s); 2203 havesib = 1; 2204 } 2205 2206 switch (mod) { 2207 case 0: 2208 if ((base & 7) == 5) { 2209 base = -1; 2210 disp = (int32_t)x86_ldl_code(env, s); 2211 if (CODE64(s) && !havesib) { 2212 base = -2; 2213 disp += s->pc + s->rip_offset; 2214 } 2215 } 2216 break; 2217 case 1: 2218 disp = (int8_t)x86_ldub_code(env, s); 2219 break; 2220 default: 2221 case 2: 2222 disp = (int32_t)x86_ldl_code(env, s); 2223 break; 2224 } 2225 2226 /* For correct popl handling with esp. */ 2227 if (base == R_ESP && s->popl_esp_hack) { 2228 disp += s->popl_esp_hack; 2229 } 2230 if (base == R_EBP || base == R_ESP) { 2231 def_seg = R_SS; 2232 } 2233 break; 2234 2235 case MO_16: 2236 if (mod == 0) { 2237 if (rm == 6) { 2238 base = -1; 2239 disp = x86_lduw_code(env, s); 2240 break; 2241 } 2242 } else if (mod == 1) { 2243 disp = (int8_t)x86_ldub_code(env, s); 2244 } else { 2245 disp = (int16_t)x86_lduw_code(env, s); 2246 } 2247 2248 switch (rm) { 2249 case 0: 2250 base = R_EBX; 2251 index = R_ESI; 2252 break; 2253 case 1: 2254 base = R_EBX; 2255 index = R_EDI; 2256 break; 2257 case 2: 2258 base = R_EBP; 2259 index = R_ESI; 2260 def_seg = R_SS; 2261 break; 2262 case 3: 2263 base = R_EBP; 2264 index = R_EDI; 2265 def_seg = R_SS; 2266 break; 2267 case 4: 2268 base = R_ESI; 2269 break; 2270 case 5: 2271 base = R_EDI; 2272 break; 2273 case 6: 2274 base = R_EBP; 2275 def_seg = R_SS; 2276 break; 2277 default: 2278 case 7: 2279 base = R_EBX; 2280 break; 2281 } 2282 break; 2283 2284 default: 2285 tcg_abort(); 2286 } 2287 2288 done: 2289 return (AddressParts){ def_seg, base, index, scale, disp }; 2290 } 2291 2292 /* Compute the address, with a minimum number of TCG ops. */ 2293 static TCGv gen_lea_modrm_1(DisasContext *s, AddressParts a, bool is_vsib) 2294 { 2295 TCGv ea = NULL; 2296 2297 if (a.index >= 0 && !is_vsib) { 2298 if (a.scale == 0) { 2299 ea = cpu_regs[a.index]; 2300 } else { 2301 tcg_gen_shli_tl(s->A0, cpu_regs[a.index], a.scale); 2302 ea = s->A0; 2303 } 2304 if (a.base >= 0) { 2305 tcg_gen_add_tl(s->A0, ea, cpu_regs[a.base]); 2306 ea = s->A0; 2307 } 2308 } else if (a.base >= 0) { 2309 ea = cpu_regs[a.base]; 2310 } 2311 if (!ea) { 2312 if (tb_cflags(s->base.tb) & CF_PCREL && a.base == -2) { 2313 /* With cpu_eip ~= pc_save, the expression is pc-relative. */ 2314 tcg_gen_addi_tl(s->A0, cpu_eip, a.disp - s->pc_save); 2315 } else { 2316 tcg_gen_movi_tl(s->A0, a.disp); 2317 } 2318 ea = s->A0; 2319 } else if (a.disp != 0) { 2320 tcg_gen_addi_tl(s->A0, ea, a.disp); 2321 ea = s->A0; 2322 } 2323 2324 return ea; 2325 } 2326 2327 static void gen_lea_modrm(CPUX86State *env, DisasContext *s, int modrm) 2328 { 2329 AddressParts a = gen_lea_modrm_0(env, s, modrm); 2330 TCGv ea = gen_lea_modrm_1(s, a, false); 2331 gen_lea_v_seg(s, s->aflag, ea, a.def_seg, s->override); 2332 } 2333 2334 static void gen_nop_modrm(CPUX86State *env, DisasContext *s, int modrm) 2335 { 2336 (void)gen_lea_modrm_0(env, s, modrm); 2337 } 2338 2339 /* Used for BNDCL, BNDCU, BNDCN. */ 2340 static void gen_bndck(CPUX86State *env, DisasContext *s, int modrm, 2341 TCGCond cond, TCGv_i64 bndv) 2342 { 2343 AddressParts a = gen_lea_modrm_0(env, s, modrm); 2344 TCGv ea = gen_lea_modrm_1(s, a, false); 2345 2346 tcg_gen_extu_tl_i64(s->tmp1_i64, ea); 2347 if (!CODE64(s)) { 2348 tcg_gen_ext32u_i64(s->tmp1_i64, s->tmp1_i64); 2349 } 2350 tcg_gen_setcond_i64(cond, s->tmp1_i64, s->tmp1_i64, bndv); 2351 tcg_gen_extrl_i64_i32(s->tmp2_i32, s->tmp1_i64); 2352 gen_helper_bndck(cpu_env, s->tmp2_i32); 2353 } 2354 2355 /* used for LEA and MOV AX, mem */ 2356 static void gen_add_A0_ds_seg(DisasContext *s) 2357 { 2358 gen_lea_v_seg(s, s->aflag, s->A0, R_DS, s->override); 2359 } 2360 2361 /* generate modrm memory load or store of 'reg'. TMP0 is used if reg == 2362 OR_TMP0 */ 2363 static void gen_ldst_modrm(CPUX86State *env, DisasContext *s, int modrm, 2364 MemOp ot, int reg, int is_store) 2365 { 2366 int mod, rm; 2367 2368 mod = (modrm >> 6) & 3; 2369 rm = (modrm & 7) | REX_B(s); 2370 if (mod == 3) { 2371 if (is_store) { 2372 if (reg != OR_TMP0) 2373 gen_op_mov_v_reg(s, ot, s->T0, reg); 2374 gen_op_mov_reg_v(s, ot, rm, s->T0); 2375 } else { 2376 gen_op_mov_v_reg(s, ot, s->T0, rm); 2377 if (reg != OR_TMP0) 2378 gen_op_mov_reg_v(s, ot, reg, s->T0); 2379 } 2380 } else { 2381 gen_lea_modrm(env, s, modrm); 2382 if (is_store) { 2383 if (reg != OR_TMP0) 2384 gen_op_mov_v_reg(s, ot, s->T0, reg); 2385 gen_op_st_v(s, ot, s->T0, s->A0); 2386 } else { 2387 gen_op_ld_v(s, ot, s->T0, s->A0); 2388 if (reg != OR_TMP0) 2389 gen_op_mov_reg_v(s, ot, reg, s->T0); 2390 } 2391 } 2392 } 2393 2394 static target_ulong insn_get_addr(CPUX86State *env, DisasContext *s, MemOp ot) 2395 { 2396 target_ulong ret; 2397 2398 switch (ot) { 2399 case MO_8: 2400 ret = x86_ldub_code(env, s); 2401 break; 2402 case MO_16: 2403 ret = x86_lduw_code(env, s); 2404 break; 2405 case MO_32: 2406 ret = x86_ldl_code(env, s); 2407 break; 2408 #ifdef TARGET_X86_64 2409 case MO_64: 2410 ret = x86_ldq_code(env, s); 2411 break; 2412 #endif 2413 default: 2414 g_assert_not_reached(); 2415 } 2416 return ret; 2417 } 2418 2419 static inline uint32_t insn_get(CPUX86State *env, DisasContext *s, MemOp ot) 2420 { 2421 uint32_t ret; 2422 2423 switch (ot) { 2424 case MO_8: 2425 ret = x86_ldub_code(env, s); 2426 break; 2427 case MO_16: 2428 ret = x86_lduw_code(env, s); 2429 break; 2430 case MO_32: 2431 #ifdef TARGET_X86_64 2432 case MO_64: 2433 #endif 2434 ret = x86_ldl_code(env, s); 2435 break; 2436 default: 2437 tcg_abort(); 2438 } 2439 return ret; 2440 } 2441 2442 static target_long insn_get_signed(CPUX86State *env, DisasContext *s, MemOp ot) 2443 { 2444 target_long ret; 2445 2446 switch (ot) { 2447 case MO_8: 2448 ret = (int8_t) x86_ldub_code(env, s); 2449 break; 2450 case MO_16: 2451 ret = (int16_t) x86_lduw_code(env, s); 2452 break; 2453 case MO_32: 2454 ret = (int32_t) x86_ldl_code(env, s); 2455 break; 2456 #ifdef TARGET_X86_64 2457 case MO_64: 2458 ret = x86_ldq_code(env, s); 2459 break; 2460 #endif 2461 default: 2462 g_assert_not_reached(); 2463 } 2464 return ret; 2465 } 2466 2467 static inline int insn_const_size(MemOp ot) 2468 { 2469 if (ot <= MO_32) { 2470 return 1 << ot; 2471 } else { 2472 return 4; 2473 } 2474 } 2475 2476 static void gen_jcc(DisasContext *s, int b, int diff) 2477 { 2478 TCGLabel *l1 = gen_new_label(); 2479 2480 gen_jcc1(s, b, l1); 2481 gen_jmp_rel_csize(s, 0, 1); 2482 gen_set_label(l1); 2483 gen_jmp_rel(s, s->dflag, diff, 0); 2484 } 2485 2486 static void gen_cmovcc1(CPUX86State *env, DisasContext *s, MemOp ot, int b, 2487 int modrm, int reg) 2488 { 2489 CCPrepare cc; 2490 2491 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0); 2492 2493 cc = gen_prepare_cc(s, b, s->T1); 2494 if (cc.mask != -1) { 2495 TCGv t0 = tcg_temp_new(); 2496 tcg_gen_andi_tl(t0, cc.reg, cc.mask); 2497 cc.reg = t0; 2498 } 2499 if (!cc.use_reg2) { 2500 cc.reg2 = tcg_constant_tl(cc.imm); 2501 } 2502 2503 tcg_gen_movcond_tl(cc.cond, s->T0, cc.reg, cc.reg2, 2504 s->T0, cpu_regs[reg]); 2505 gen_op_mov_reg_v(s, ot, reg, s->T0); 2506 } 2507 2508 static inline void gen_op_movl_T0_seg(DisasContext *s, X86Seg seg_reg) 2509 { 2510 tcg_gen_ld32u_tl(s->T0, cpu_env, 2511 offsetof(CPUX86State,segs[seg_reg].selector)); 2512 } 2513 2514 static inline void gen_op_movl_seg_T0_vm(DisasContext *s, X86Seg seg_reg) 2515 { 2516 tcg_gen_ext16u_tl(s->T0, s->T0); 2517 tcg_gen_st32_tl(s->T0, cpu_env, 2518 offsetof(CPUX86State,segs[seg_reg].selector)); 2519 tcg_gen_shli_tl(cpu_seg_base[seg_reg], s->T0, 4); 2520 } 2521 2522 /* move T0 to seg_reg and compute if the CPU state may change. Never 2523 call this function with seg_reg == R_CS */ 2524 static void gen_movl_seg_T0(DisasContext *s, X86Seg seg_reg) 2525 { 2526 if (PE(s) && !VM86(s)) { 2527 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); 2528 gen_helper_load_seg(cpu_env, tcg_constant_i32(seg_reg), s->tmp2_i32); 2529 /* abort translation because the addseg value may change or 2530 because ss32 may change. For R_SS, translation must always 2531 stop as a special handling must be done to disable hardware 2532 interrupts for the next instruction */ 2533 if (seg_reg == R_SS) { 2534 s->base.is_jmp = DISAS_EOB_INHIBIT_IRQ; 2535 } else if (CODE32(s) && seg_reg < R_FS) { 2536 s->base.is_jmp = DISAS_EOB_NEXT; 2537 } 2538 } else { 2539 gen_op_movl_seg_T0_vm(s, seg_reg); 2540 if (seg_reg == R_SS) { 2541 s->base.is_jmp = DISAS_EOB_INHIBIT_IRQ; 2542 } 2543 } 2544 } 2545 2546 static void gen_svm_check_intercept(DisasContext *s, uint32_t type) 2547 { 2548 /* no SVM activated; fast case */ 2549 if (likely(!GUEST(s))) { 2550 return; 2551 } 2552 gen_helper_svm_check_intercept(cpu_env, tcg_constant_i32(type)); 2553 } 2554 2555 static inline void gen_stack_update(DisasContext *s, int addend) 2556 { 2557 gen_op_add_reg_im(s, mo_stacksize(s), R_ESP, addend); 2558 } 2559 2560 /* Generate a push. It depends on ss32, addseg and dflag. */ 2561 static void gen_push_v(DisasContext *s, TCGv val) 2562 { 2563 MemOp d_ot = mo_pushpop(s, s->dflag); 2564 MemOp a_ot = mo_stacksize(s); 2565 int size = 1 << d_ot; 2566 TCGv new_esp = s->A0; 2567 2568 tcg_gen_subi_tl(s->A0, cpu_regs[R_ESP], size); 2569 2570 if (!CODE64(s)) { 2571 if (ADDSEG(s)) { 2572 new_esp = s->tmp4; 2573 tcg_gen_mov_tl(new_esp, s->A0); 2574 } 2575 gen_lea_v_seg(s, a_ot, s->A0, R_SS, -1); 2576 } 2577 2578 gen_op_st_v(s, d_ot, val, s->A0); 2579 gen_op_mov_reg_v(s, a_ot, R_ESP, new_esp); 2580 } 2581 2582 /* two step pop is necessary for precise exceptions */ 2583 static MemOp gen_pop_T0(DisasContext *s) 2584 { 2585 MemOp d_ot = mo_pushpop(s, s->dflag); 2586 2587 gen_lea_v_seg(s, mo_stacksize(s), cpu_regs[R_ESP], R_SS, -1); 2588 gen_op_ld_v(s, d_ot, s->T0, s->A0); 2589 2590 return d_ot; 2591 } 2592 2593 static inline void gen_pop_update(DisasContext *s, MemOp ot) 2594 { 2595 gen_stack_update(s, 1 << ot); 2596 } 2597 2598 static inline void gen_stack_A0(DisasContext *s) 2599 { 2600 gen_lea_v_seg(s, SS32(s) ? MO_32 : MO_16, cpu_regs[R_ESP], R_SS, -1); 2601 } 2602 2603 static void gen_pusha(DisasContext *s) 2604 { 2605 MemOp s_ot = SS32(s) ? MO_32 : MO_16; 2606 MemOp d_ot = s->dflag; 2607 int size = 1 << d_ot; 2608 int i; 2609 2610 for (i = 0; i < 8; i++) { 2611 tcg_gen_addi_tl(s->A0, cpu_regs[R_ESP], (i - 8) * size); 2612 gen_lea_v_seg(s, s_ot, s->A0, R_SS, -1); 2613 gen_op_st_v(s, d_ot, cpu_regs[7 - i], s->A0); 2614 } 2615 2616 gen_stack_update(s, -8 * size); 2617 } 2618 2619 static void gen_popa(DisasContext *s) 2620 { 2621 MemOp s_ot = SS32(s) ? MO_32 : MO_16; 2622 MemOp d_ot = s->dflag; 2623 int size = 1 << d_ot; 2624 int i; 2625 2626 for (i = 0; i < 8; i++) { 2627 /* ESP is not reloaded */ 2628 if (7 - i == R_ESP) { 2629 continue; 2630 } 2631 tcg_gen_addi_tl(s->A0, cpu_regs[R_ESP], i * size); 2632 gen_lea_v_seg(s, s_ot, s->A0, R_SS, -1); 2633 gen_op_ld_v(s, d_ot, s->T0, s->A0); 2634 gen_op_mov_reg_v(s, d_ot, 7 - i, s->T0); 2635 } 2636 2637 gen_stack_update(s, 8 * size); 2638 } 2639 2640 static void gen_enter(DisasContext *s, int esp_addend, int level) 2641 { 2642 MemOp d_ot = mo_pushpop(s, s->dflag); 2643 MemOp a_ot = CODE64(s) ? MO_64 : SS32(s) ? MO_32 : MO_16; 2644 int size = 1 << d_ot; 2645 2646 /* Push BP; compute FrameTemp into T1. */ 2647 tcg_gen_subi_tl(s->T1, cpu_regs[R_ESP], size); 2648 gen_lea_v_seg(s, a_ot, s->T1, R_SS, -1); 2649 gen_op_st_v(s, d_ot, cpu_regs[R_EBP], s->A0); 2650 2651 level &= 31; 2652 if (level != 0) { 2653 int i; 2654 2655 /* Copy level-1 pointers from the previous frame. */ 2656 for (i = 1; i < level; ++i) { 2657 tcg_gen_subi_tl(s->A0, cpu_regs[R_EBP], size * i); 2658 gen_lea_v_seg(s, a_ot, s->A0, R_SS, -1); 2659 gen_op_ld_v(s, d_ot, s->tmp0, s->A0); 2660 2661 tcg_gen_subi_tl(s->A0, s->T1, size * i); 2662 gen_lea_v_seg(s, a_ot, s->A0, R_SS, -1); 2663 gen_op_st_v(s, d_ot, s->tmp0, s->A0); 2664 } 2665 2666 /* Push the current FrameTemp as the last level. */ 2667 tcg_gen_subi_tl(s->A0, s->T1, size * level); 2668 gen_lea_v_seg(s, a_ot, s->A0, R_SS, -1); 2669 gen_op_st_v(s, d_ot, s->T1, s->A0); 2670 } 2671 2672 /* Copy the FrameTemp value to EBP. */ 2673 gen_op_mov_reg_v(s, a_ot, R_EBP, s->T1); 2674 2675 /* Compute the final value of ESP. */ 2676 tcg_gen_subi_tl(s->T1, s->T1, esp_addend + size * level); 2677 gen_op_mov_reg_v(s, a_ot, R_ESP, s->T1); 2678 } 2679 2680 static void gen_leave(DisasContext *s) 2681 { 2682 MemOp d_ot = mo_pushpop(s, s->dflag); 2683 MemOp a_ot = mo_stacksize(s); 2684 2685 gen_lea_v_seg(s, a_ot, cpu_regs[R_EBP], R_SS, -1); 2686 gen_op_ld_v(s, d_ot, s->T0, s->A0); 2687 2688 tcg_gen_addi_tl(s->T1, cpu_regs[R_EBP], 1 << d_ot); 2689 2690 gen_op_mov_reg_v(s, d_ot, R_EBP, s->T0); 2691 gen_op_mov_reg_v(s, a_ot, R_ESP, s->T1); 2692 } 2693 2694 /* Similarly, except that the assumption here is that we don't decode 2695 the instruction at all -- either a missing opcode, an unimplemented 2696 feature, or just a bogus instruction stream. */ 2697 static void gen_unknown_opcode(CPUX86State *env, DisasContext *s) 2698 { 2699 gen_illegal_opcode(s); 2700 2701 if (qemu_loglevel_mask(LOG_UNIMP)) { 2702 FILE *logfile = qemu_log_trylock(); 2703 if (logfile) { 2704 target_ulong pc = s->base.pc_next, end = s->pc; 2705 2706 fprintf(logfile, "ILLOPC: " TARGET_FMT_lx ":", pc); 2707 for (; pc < end; ++pc) { 2708 fprintf(logfile, " %02x", cpu_ldub_code(env, pc)); 2709 } 2710 fprintf(logfile, "\n"); 2711 qemu_log_unlock(logfile); 2712 } 2713 } 2714 } 2715 2716 /* an interrupt is different from an exception because of the 2717 privilege checks */ 2718 static void gen_interrupt(DisasContext *s, int intno) 2719 { 2720 gen_update_cc_op(s); 2721 gen_update_eip_cur(s); 2722 gen_helper_raise_interrupt(cpu_env, tcg_constant_i32(intno), 2723 cur_insn_len_i32(s)); 2724 s->base.is_jmp = DISAS_NORETURN; 2725 } 2726 2727 static void gen_set_hflag(DisasContext *s, uint32_t mask) 2728 { 2729 if ((s->flags & mask) == 0) { 2730 TCGv_i32 t = tcg_temp_new_i32(); 2731 tcg_gen_ld_i32(t, cpu_env, offsetof(CPUX86State, hflags)); 2732 tcg_gen_ori_i32(t, t, mask); 2733 tcg_gen_st_i32(t, cpu_env, offsetof(CPUX86State, hflags)); 2734 s->flags |= mask; 2735 } 2736 } 2737 2738 static void gen_reset_hflag(DisasContext *s, uint32_t mask) 2739 { 2740 if (s->flags & mask) { 2741 TCGv_i32 t = tcg_temp_new_i32(); 2742 tcg_gen_ld_i32(t, cpu_env, offsetof(CPUX86State, hflags)); 2743 tcg_gen_andi_i32(t, t, ~mask); 2744 tcg_gen_st_i32(t, cpu_env, offsetof(CPUX86State, hflags)); 2745 s->flags &= ~mask; 2746 } 2747 } 2748 2749 static void gen_set_eflags(DisasContext *s, target_ulong mask) 2750 { 2751 TCGv t = tcg_temp_new(); 2752 2753 tcg_gen_ld_tl(t, cpu_env, offsetof(CPUX86State, eflags)); 2754 tcg_gen_ori_tl(t, t, mask); 2755 tcg_gen_st_tl(t, cpu_env, offsetof(CPUX86State, eflags)); 2756 } 2757 2758 static void gen_reset_eflags(DisasContext *s, target_ulong mask) 2759 { 2760 TCGv t = tcg_temp_new(); 2761 2762 tcg_gen_ld_tl(t, cpu_env, offsetof(CPUX86State, eflags)); 2763 tcg_gen_andi_tl(t, t, ~mask); 2764 tcg_gen_st_tl(t, cpu_env, offsetof(CPUX86State, eflags)); 2765 } 2766 2767 /* Clear BND registers during legacy branches. */ 2768 static void gen_bnd_jmp(DisasContext *s) 2769 { 2770 /* Clear the registers only if BND prefix is missing, MPX is enabled, 2771 and if the BNDREGs are known to be in use (non-zero) already. 2772 The helper itself will check BNDPRESERVE at runtime. */ 2773 if ((s->prefix & PREFIX_REPNZ) == 0 2774 && (s->flags & HF_MPX_EN_MASK) != 0 2775 && (s->flags & HF_MPX_IU_MASK) != 0) { 2776 gen_helper_bnd_jmp(cpu_env); 2777 } 2778 } 2779 2780 /* Generate an end of block. Trace exception is also generated if needed. 2781 If INHIBIT, set HF_INHIBIT_IRQ_MASK if it isn't already set. 2782 If RECHECK_TF, emit a rechecking helper for #DB, ignoring the state of 2783 S->TF. This is used by the syscall/sysret insns. */ 2784 static void 2785 do_gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf, bool jr) 2786 { 2787 gen_update_cc_op(s); 2788 2789 /* If several instructions disable interrupts, only the first does it. */ 2790 if (inhibit && !(s->flags & HF_INHIBIT_IRQ_MASK)) { 2791 gen_set_hflag(s, HF_INHIBIT_IRQ_MASK); 2792 } else { 2793 gen_reset_hflag(s, HF_INHIBIT_IRQ_MASK); 2794 } 2795 2796 if (s->base.tb->flags & HF_RF_MASK) { 2797 gen_reset_eflags(s, RF_MASK); 2798 } 2799 if (recheck_tf) { 2800 gen_helper_rechecking_single_step(cpu_env); 2801 tcg_gen_exit_tb(NULL, 0); 2802 } else if (s->flags & HF_TF_MASK) { 2803 gen_helper_single_step(cpu_env); 2804 } else if (jr) { 2805 tcg_gen_lookup_and_goto_ptr(); 2806 } else { 2807 tcg_gen_exit_tb(NULL, 0); 2808 } 2809 s->base.is_jmp = DISAS_NORETURN; 2810 } 2811 2812 static inline void 2813 gen_eob_worker(DisasContext *s, bool inhibit, bool recheck_tf) 2814 { 2815 do_gen_eob_worker(s, inhibit, recheck_tf, false); 2816 } 2817 2818 /* End of block. 2819 If INHIBIT, set HF_INHIBIT_IRQ_MASK if it isn't already set. */ 2820 static void gen_eob_inhibit_irq(DisasContext *s, bool inhibit) 2821 { 2822 gen_eob_worker(s, inhibit, false); 2823 } 2824 2825 /* End of block, resetting the inhibit irq flag. */ 2826 static void gen_eob(DisasContext *s) 2827 { 2828 gen_eob_worker(s, false, false); 2829 } 2830 2831 /* Jump to register */ 2832 static void gen_jr(DisasContext *s) 2833 { 2834 do_gen_eob_worker(s, false, false, true); 2835 } 2836 2837 /* Jump to eip+diff, truncating the result to OT. */ 2838 static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num) 2839 { 2840 bool use_goto_tb = s->jmp_opt; 2841 target_ulong mask = -1; 2842 target_ulong new_pc = s->pc + diff; 2843 target_ulong new_eip = new_pc - s->cs_base; 2844 2845 /* In 64-bit mode, operand size is fixed at 64 bits. */ 2846 if (!CODE64(s)) { 2847 if (ot == MO_16) { 2848 mask = 0xffff; 2849 if (tb_cflags(s->base.tb) & CF_PCREL && CODE32(s)) { 2850 use_goto_tb = false; 2851 } 2852 } else { 2853 mask = 0xffffffff; 2854 } 2855 } 2856 new_eip &= mask; 2857 2858 gen_update_cc_op(s); 2859 set_cc_op(s, CC_OP_DYNAMIC); 2860 2861 if (tb_cflags(s->base.tb) & CF_PCREL) { 2862 tcg_gen_addi_tl(cpu_eip, cpu_eip, new_pc - s->pc_save); 2863 /* 2864 * If we can prove the branch does not leave the page and we have 2865 * no extra masking to apply (data16 branch in code32, see above), 2866 * then we have also proven that the addition does not wrap. 2867 */ 2868 if (!use_goto_tb || !is_same_page(&s->base, new_pc)) { 2869 tcg_gen_andi_tl(cpu_eip, cpu_eip, mask); 2870 use_goto_tb = false; 2871 } 2872 } 2873 2874 if (use_goto_tb && 2875 translator_use_goto_tb(&s->base, new_eip + s->cs_base)) { 2876 /* jump to same page: we can use a direct jump */ 2877 tcg_gen_goto_tb(tb_num); 2878 if (!(tb_cflags(s->base.tb) & CF_PCREL)) { 2879 tcg_gen_movi_tl(cpu_eip, new_eip); 2880 } 2881 tcg_gen_exit_tb(s->base.tb, tb_num); 2882 s->base.is_jmp = DISAS_NORETURN; 2883 } else { 2884 if (!(tb_cflags(s->base.tb) & CF_PCREL)) { 2885 tcg_gen_movi_tl(cpu_eip, new_eip); 2886 } 2887 if (s->jmp_opt) { 2888 gen_jr(s); /* jump to another page */ 2889 } else { 2890 gen_eob(s); /* exit to main loop */ 2891 } 2892 } 2893 } 2894 2895 /* Jump to eip+diff, truncating to the current code size. */ 2896 static void gen_jmp_rel_csize(DisasContext *s, int diff, int tb_num) 2897 { 2898 /* CODE64 ignores the OT argument, so we need not consider it. */ 2899 gen_jmp_rel(s, CODE32(s) ? MO_32 : MO_16, diff, tb_num); 2900 } 2901 2902 static inline void gen_ldq_env_A0(DisasContext *s, int offset) 2903 { 2904 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, s->mem_index, MO_LEUQ); 2905 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset); 2906 } 2907 2908 static inline void gen_stq_env_A0(DisasContext *s, int offset) 2909 { 2910 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset); 2911 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0, s->mem_index, MO_LEUQ); 2912 } 2913 2914 static inline void gen_ldo_env_A0(DisasContext *s, int offset, bool align) 2915 { 2916 int mem_index = s->mem_index; 2917 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, mem_index, 2918 MO_LEUQ | (align ? MO_ALIGN_16 : 0)); 2919 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(XMMReg, XMM_Q(0))); 2920 tcg_gen_addi_tl(s->tmp0, s->A0, 8); 2921 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ); 2922 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(XMMReg, XMM_Q(1))); 2923 } 2924 2925 static inline void gen_sto_env_A0(DisasContext *s, int offset, bool align) 2926 { 2927 int mem_index = s->mem_index; 2928 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(XMMReg, XMM_Q(0))); 2929 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0, mem_index, 2930 MO_LEUQ | (align ? MO_ALIGN_16 : 0)); 2931 tcg_gen_addi_tl(s->tmp0, s->A0, 8); 2932 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(XMMReg, XMM_Q(1))); 2933 tcg_gen_qemu_st_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ); 2934 } 2935 2936 static void gen_ldy_env_A0(DisasContext *s, int offset, bool align) 2937 { 2938 int mem_index = s->mem_index; 2939 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, mem_index, 2940 MO_LEUQ | (align ? MO_ALIGN_32 : 0)); 2941 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(0))); 2942 tcg_gen_addi_tl(s->tmp0, s->A0, 8); 2943 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ); 2944 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(1))); 2945 2946 tcg_gen_addi_tl(s->tmp0, s->A0, 16); 2947 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ); 2948 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(2))); 2949 tcg_gen_addi_tl(s->tmp0, s->A0, 24); 2950 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ); 2951 tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(3))); 2952 } 2953 2954 static void gen_sty_env_A0(DisasContext *s, int offset, bool align) 2955 { 2956 int mem_index = s->mem_index; 2957 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(0))); 2958 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0, mem_index, 2959 MO_LEUQ | (align ? MO_ALIGN_32 : 0)); 2960 tcg_gen_addi_tl(s->tmp0, s->A0, 8); 2961 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(1))); 2962 tcg_gen_qemu_st_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ); 2963 tcg_gen_addi_tl(s->tmp0, s->A0, 16); 2964 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(2))); 2965 tcg_gen_qemu_st_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ); 2966 tcg_gen_addi_tl(s->tmp0, s->A0, 24); 2967 tcg_gen_ld_i64(s->tmp1_i64, cpu_env, offset + offsetof(YMMReg, YMM_Q(3))); 2968 tcg_gen_qemu_st_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ); 2969 } 2970 2971 #include "decode-new.h" 2972 #include "emit.c.inc" 2973 #include "decode-new.c.inc" 2974 2975 static void gen_cmpxchg8b(DisasContext *s, CPUX86State *env, int modrm) 2976 { 2977 TCGv_i64 cmp, val, old; 2978 TCGv Z; 2979 2980 gen_lea_modrm(env, s, modrm); 2981 2982 cmp = tcg_temp_new_i64(); 2983 val = tcg_temp_new_i64(); 2984 old = tcg_temp_new_i64(); 2985 2986 /* Construct the comparison values from the register pair. */ 2987 tcg_gen_concat_tl_i64(cmp, cpu_regs[R_EAX], cpu_regs[R_EDX]); 2988 tcg_gen_concat_tl_i64(val, cpu_regs[R_EBX], cpu_regs[R_ECX]); 2989 2990 /* Only require atomic with LOCK; non-parallel handled in generator. */ 2991 if (s->prefix & PREFIX_LOCK) { 2992 tcg_gen_atomic_cmpxchg_i64(old, s->A0, cmp, val, s->mem_index, MO_TEUQ); 2993 } else { 2994 tcg_gen_nonatomic_cmpxchg_i64(old, s->A0, cmp, val, 2995 s->mem_index, MO_TEUQ); 2996 } 2997 2998 /* Set tmp0 to match the required value of Z. */ 2999 tcg_gen_setcond_i64(TCG_COND_EQ, cmp, old, cmp); 3000 Z = tcg_temp_new(); 3001 tcg_gen_trunc_i64_tl(Z, cmp); 3002 3003 /* 3004 * Extract the result values for the register pair. 3005 * For 32-bit, we may do this unconditionally, because on success (Z=1), 3006 * the old value matches the previous value in EDX:EAX. For x86_64, 3007 * the store must be conditional, because we must leave the source 3008 * registers unchanged on success, and zero-extend the writeback 3009 * on failure (Z=0). 3010 */ 3011 if (TARGET_LONG_BITS == 32) { 3012 tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], old); 3013 } else { 3014 TCGv zero = tcg_constant_tl(0); 3015 3016 tcg_gen_extr_i64_tl(s->T0, s->T1, old); 3017 tcg_gen_movcond_tl(TCG_COND_EQ, cpu_regs[R_EAX], Z, zero, 3018 s->T0, cpu_regs[R_EAX]); 3019 tcg_gen_movcond_tl(TCG_COND_EQ, cpu_regs[R_EDX], Z, zero, 3020 s->T1, cpu_regs[R_EDX]); 3021 } 3022 3023 /* Update Z. */ 3024 gen_compute_eflags(s); 3025 tcg_gen_deposit_tl(cpu_cc_src, cpu_cc_src, Z, ctz32(CC_Z), 1); 3026 } 3027 3028 #ifdef TARGET_X86_64 3029 static void gen_cmpxchg16b(DisasContext *s, CPUX86State *env, int modrm) 3030 { 3031 MemOp mop = MO_TE | MO_128 | MO_ALIGN; 3032 TCGv_i64 t0, t1; 3033 TCGv_i128 cmp, val; 3034 3035 gen_lea_modrm(env, s, modrm); 3036 3037 cmp = tcg_temp_new_i128(); 3038 val = tcg_temp_new_i128(); 3039 tcg_gen_concat_i64_i128(cmp, cpu_regs[R_EAX], cpu_regs[R_EDX]); 3040 tcg_gen_concat_i64_i128(val, cpu_regs[R_EBX], cpu_regs[R_ECX]); 3041 3042 /* Only require atomic with LOCK; non-parallel handled in generator. */ 3043 if (s->prefix & PREFIX_LOCK) { 3044 tcg_gen_atomic_cmpxchg_i128(val, s->A0, cmp, val, s->mem_index, mop); 3045 } else { 3046 tcg_gen_nonatomic_cmpxchg_i128(val, s->A0, cmp, val, s->mem_index, mop); 3047 } 3048 3049 tcg_gen_extr_i128_i64(s->T0, s->T1, val); 3050 3051 /* Determine success after the fact. */ 3052 t0 = tcg_temp_new_i64(); 3053 t1 = tcg_temp_new_i64(); 3054 tcg_gen_xor_i64(t0, s->T0, cpu_regs[R_EAX]); 3055 tcg_gen_xor_i64(t1, s->T1, cpu_regs[R_EDX]); 3056 tcg_gen_or_i64(t0, t0, t1); 3057 3058 /* Update Z. */ 3059 gen_compute_eflags(s); 3060 tcg_gen_setcondi_i64(TCG_COND_EQ, t0, t0, 0); 3061 tcg_gen_deposit_tl(cpu_cc_src, cpu_cc_src, t0, ctz32(CC_Z), 1); 3062 3063 /* 3064 * Extract the result values for the register pair. We may do this 3065 * unconditionally, because on success (Z=1), the old value matches 3066 * the previous value in RDX:RAX. 3067 */ 3068 tcg_gen_mov_i64(cpu_regs[R_EAX], s->T0); 3069 tcg_gen_mov_i64(cpu_regs[R_EDX], s->T1); 3070 } 3071 #endif 3072 3073 /* convert one instruction. s->base.is_jmp is set if the translation must 3074 be stopped. Return the next pc value */ 3075 static bool disas_insn(DisasContext *s, CPUState *cpu) 3076 { 3077 CPUX86State *env = cpu->env_ptr; 3078 int b, prefixes; 3079 int shift; 3080 MemOp ot, aflag, dflag; 3081 int modrm, reg, rm, mod, op, opreg, val; 3082 bool orig_cc_op_dirty = s->cc_op_dirty; 3083 CCOp orig_cc_op = s->cc_op; 3084 target_ulong orig_pc_save = s->pc_save; 3085 3086 s->pc = s->base.pc_next; 3087 s->override = -1; 3088 #ifdef TARGET_X86_64 3089 s->rex_r = 0; 3090 s->rex_x = 0; 3091 s->rex_b = 0; 3092 #endif 3093 s->rip_offset = 0; /* for relative ip address */ 3094 s->vex_l = 0; 3095 s->vex_v = 0; 3096 s->vex_w = false; 3097 switch (sigsetjmp(s->jmpbuf, 0)) { 3098 case 0: 3099 break; 3100 case 1: 3101 gen_exception_gpf(s); 3102 return true; 3103 case 2: 3104 /* Restore state that may affect the next instruction. */ 3105 s->pc = s->base.pc_next; 3106 /* 3107 * TODO: These save/restore can be removed after the table-based 3108 * decoder is complete; we will be decoding the insn completely 3109 * before any code generation that might affect these variables. 3110 */ 3111 s->cc_op_dirty = orig_cc_op_dirty; 3112 s->cc_op = orig_cc_op; 3113 s->pc_save = orig_pc_save; 3114 /* END TODO */ 3115 s->base.num_insns--; 3116 tcg_remove_ops_after(s->prev_insn_end); 3117 s->base.is_jmp = DISAS_TOO_MANY; 3118 return false; 3119 default: 3120 g_assert_not_reached(); 3121 } 3122 3123 prefixes = 0; 3124 3125 next_byte: 3126 s->prefix = prefixes; 3127 b = x86_ldub_code(env, s); 3128 /* Collect prefixes. */ 3129 switch (b) { 3130 default: 3131 break; 3132 case 0x0f: 3133 b = x86_ldub_code(env, s) + 0x100; 3134 break; 3135 case 0xf3: 3136 prefixes |= PREFIX_REPZ; 3137 prefixes &= ~PREFIX_REPNZ; 3138 goto next_byte; 3139 case 0xf2: 3140 prefixes |= PREFIX_REPNZ; 3141 prefixes &= ~PREFIX_REPZ; 3142 goto next_byte; 3143 case 0xf0: 3144 prefixes |= PREFIX_LOCK; 3145 goto next_byte; 3146 case 0x2e: 3147 s->override = R_CS; 3148 goto next_byte; 3149 case 0x36: 3150 s->override = R_SS; 3151 goto next_byte; 3152 case 0x3e: 3153 s->override = R_DS; 3154 goto next_byte; 3155 case 0x26: 3156 s->override = R_ES; 3157 goto next_byte; 3158 case 0x64: 3159 s->override = R_FS; 3160 goto next_byte; 3161 case 0x65: 3162 s->override = R_GS; 3163 goto next_byte; 3164 case 0x66: 3165 prefixes |= PREFIX_DATA; 3166 goto next_byte; 3167 case 0x67: 3168 prefixes |= PREFIX_ADR; 3169 goto next_byte; 3170 #ifdef TARGET_X86_64 3171 case 0x40 ... 0x4f: 3172 if (CODE64(s)) { 3173 /* REX prefix */ 3174 prefixes |= PREFIX_REX; 3175 s->vex_w = (b >> 3) & 1; 3176 s->rex_r = (b & 0x4) << 1; 3177 s->rex_x = (b & 0x2) << 2; 3178 s->rex_b = (b & 0x1) << 3; 3179 goto next_byte; 3180 } 3181 break; 3182 #endif 3183 case 0xc5: /* 2-byte VEX */ 3184 case 0xc4: /* 3-byte VEX */ 3185 if (CODE32(s) && !VM86(s)) { 3186 int vex2 = x86_ldub_code(env, s); 3187 s->pc--; /* rewind the advance_pc() x86_ldub_code() did */ 3188 3189 if (!CODE64(s) && (vex2 & 0xc0) != 0xc0) { 3190 /* 4.1.4.6: In 32-bit mode, bits [7:6] must be 11b, 3191 otherwise the instruction is LES or LDS. */ 3192 break; 3193 } 3194 disas_insn_new(s, cpu, b); 3195 return s->pc; 3196 } 3197 break; 3198 } 3199 3200 /* Post-process prefixes. */ 3201 if (CODE64(s)) { 3202 /* In 64-bit mode, the default data size is 32-bit. Select 64-bit 3203 data with rex_w, and 16-bit data with 0x66; rex_w takes precedence 3204 over 0x66 if both are present. */ 3205 dflag = (REX_W(s) ? MO_64 : prefixes & PREFIX_DATA ? MO_16 : MO_32); 3206 /* In 64-bit mode, 0x67 selects 32-bit addressing. */ 3207 aflag = (prefixes & PREFIX_ADR ? MO_32 : MO_64); 3208 } else { 3209 /* In 16/32-bit mode, 0x66 selects the opposite data size. */ 3210 if (CODE32(s) ^ ((prefixes & PREFIX_DATA) != 0)) { 3211 dflag = MO_32; 3212 } else { 3213 dflag = MO_16; 3214 } 3215 /* In 16/32-bit mode, 0x67 selects the opposite addressing. */ 3216 if (CODE32(s) ^ ((prefixes & PREFIX_ADR) != 0)) { 3217 aflag = MO_32; 3218 } else { 3219 aflag = MO_16; 3220 } 3221 } 3222 3223 s->prefix = prefixes; 3224 s->aflag = aflag; 3225 s->dflag = dflag; 3226 3227 /* now check op code */ 3228 switch (b) { 3229 /**************************/ 3230 /* arith & logic */ 3231 case 0x00 ... 0x05: 3232 case 0x08 ... 0x0d: 3233 case 0x10 ... 0x15: 3234 case 0x18 ... 0x1d: 3235 case 0x20 ... 0x25: 3236 case 0x28 ... 0x2d: 3237 case 0x30 ... 0x35: 3238 case 0x38 ... 0x3d: 3239 { 3240 int op, f, val; 3241 op = (b >> 3) & 7; 3242 f = (b >> 1) & 3; 3243 3244 ot = mo_b_d(b, dflag); 3245 3246 switch(f) { 3247 case 0: /* OP Ev, Gv */ 3248 modrm = x86_ldub_code(env, s); 3249 reg = ((modrm >> 3) & 7) | REX_R(s); 3250 mod = (modrm >> 6) & 3; 3251 rm = (modrm & 7) | REX_B(s); 3252 if (mod != 3) { 3253 gen_lea_modrm(env, s, modrm); 3254 opreg = OR_TMP0; 3255 } else if (op == OP_XORL && rm == reg) { 3256 xor_zero: 3257 /* xor reg, reg optimisation */ 3258 set_cc_op(s, CC_OP_CLR); 3259 tcg_gen_movi_tl(s->T0, 0); 3260 gen_op_mov_reg_v(s, ot, reg, s->T0); 3261 break; 3262 } else { 3263 opreg = rm; 3264 } 3265 gen_op_mov_v_reg(s, ot, s->T1, reg); 3266 gen_op(s, op, ot, opreg); 3267 break; 3268 case 1: /* OP Gv, Ev */ 3269 modrm = x86_ldub_code(env, s); 3270 mod = (modrm >> 6) & 3; 3271 reg = ((modrm >> 3) & 7) | REX_R(s); 3272 rm = (modrm & 7) | REX_B(s); 3273 if (mod != 3) { 3274 gen_lea_modrm(env, s, modrm); 3275 gen_op_ld_v(s, ot, s->T1, s->A0); 3276 } else if (op == OP_XORL && rm == reg) { 3277 goto xor_zero; 3278 } else { 3279 gen_op_mov_v_reg(s, ot, s->T1, rm); 3280 } 3281 gen_op(s, op, ot, reg); 3282 break; 3283 case 2: /* OP A, Iv */ 3284 val = insn_get(env, s, ot); 3285 tcg_gen_movi_tl(s->T1, val); 3286 gen_op(s, op, ot, OR_EAX); 3287 break; 3288 } 3289 } 3290 break; 3291 3292 case 0x82: 3293 if (CODE64(s)) 3294 goto illegal_op; 3295 /* fall through */ 3296 case 0x80: /* GRP1 */ 3297 case 0x81: 3298 case 0x83: 3299 { 3300 int val; 3301 3302 ot = mo_b_d(b, dflag); 3303 3304 modrm = x86_ldub_code(env, s); 3305 mod = (modrm >> 6) & 3; 3306 rm = (modrm & 7) | REX_B(s); 3307 op = (modrm >> 3) & 7; 3308 3309 if (mod != 3) { 3310 if (b == 0x83) 3311 s->rip_offset = 1; 3312 else 3313 s->rip_offset = insn_const_size(ot); 3314 gen_lea_modrm(env, s, modrm); 3315 opreg = OR_TMP0; 3316 } else { 3317 opreg = rm; 3318 } 3319 3320 switch(b) { 3321 default: 3322 case 0x80: 3323 case 0x81: 3324 case 0x82: 3325 val = insn_get(env, s, ot); 3326 break; 3327 case 0x83: 3328 val = (int8_t)insn_get(env, s, MO_8); 3329 break; 3330 } 3331 tcg_gen_movi_tl(s->T1, val); 3332 gen_op(s, op, ot, opreg); 3333 } 3334 break; 3335 3336 /**************************/ 3337 /* inc, dec, and other misc arith */ 3338 case 0x40 ... 0x47: /* inc Gv */ 3339 ot = dflag; 3340 gen_inc(s, ot, OR_EAX + (b & 7), 1); 3341 break; 3342 case 0x48 ... 0x4f: /* dec Gv */ 3343 ot = dflag; 3344 gen_inc(s, ot, OR_EAX + (b & 7), -1); 3345 break; 3346 case 0xf6: /* GRP3 */ 3347 case 0xf7: 3348 ot = mo_b_d(b, dflag); 3349 3350 modrm = x86_ldub_code(env, s); 3351 mod = (modrm >> 6) & 3; 3352 rm = (modrm & 7) | REX_B(s); 3353 op = (modrm >> 3) & 7; 3354 if (mod != 3) { 3355 if (op == 0) { 3356 s->rip_offset = insn_const_size(ot); 3357 } 3358 gen_lea_modrm(env, s, modrm); 3359 /* For those below that handle locked memory, don't load here. */ 3360 if (!(s->prefix & PREFIX_LOCK) 3361 || op != 2) { 3362 gen_op_ld_v(s, ot, s->T0, s->A0); 3363 } 3364 } else { 3365 gen_op_mov_v_reg(s, ot, s->T0, rm); 3366 } 3367 3368 switch(op) { 3369 case 0: /* test */ 3370 val = insn_get(env, s, ot); 3371 tcg_gen_movi_tl(s->T1, val); 3372 gen_op_testl_T0_T1_cc(s); 3373 set_cc_op(s, CC_OP_LOGICB + ot); 3374 break; 3375 case 2: /* not */ 3376 if (s->prefix & PREFIX_LOCK) { 3377 if (mod == 3) { 3378 goto illegal_op; 3379 } 3380 tcg_gen_movi_tl(s->T0, ~0); 3381 tcg_gen_atomic_xor_fetch_tl(s->T0, s->A0, s->T0, 3382 s->mem_index, ot | MO_LE); 3383 } else { 3384 tcg_gen_not_tl(s->T0, s->T0); 3385 if (mod != 3) { 3386 gen_op_st_v(s, ot, s->T0, s->A0); 3387 } else { 3388 gen_op_mov_reg_v(s, ot, rm, s->T0); 3389 } 3390 } 3391 break; 3392 case 3: /* neg */ 3393 if (s->prefix & PREFIX_LOCK) { 3394 TCGLabel *label1; 3395 TCGv a0, t0, t1, t2; 3396 3397 if (mod == 3) { 3398 goto illegal_op; 3399 } 3400 a0 = s->A0; 3401 t0 = s->T0; 3402 label1 = gen_new_label(); 3403 3404 gen_set_label(label1); 3405 t1 = tcg_temp_new(); 3406 t2 = tcg_temp_new(); 3407 tcg_gen_mov_tl(t2, t0); 3408 tcg_gen_neg_tl(t1, t0); 3409 tcg_gen_atomic_cmpxchg_tl(t0, a0, t0, t1, 3410 s->mem_index, ot | MO_LE); 3411 tcg_gen_brcond_tl(TCG_COND_NE, t0, t2, label1); 3412 3413 tcg_gen_neg_tl(s->T0, t0); 3414 } else { 3415 tcg_gen_neg_tl(s->T0, s->T0); 3416 if (mod != 3) { 3417 gen_op_st_v(s, ot, s->T0, s->A0); 3418 } else { 3419 gen_op_mov_reg_v(s, ot, rm, s->T0); 3420 } 3421 } 3422 gen_op_update_neg_cc(s); 3423 set_cc_op(s, CC_OP_SUBB + ot); 3424 break; 3425 case 4: /* mul */ 3426 switch(ot) { 3427 case MO_8: 3428 gen_op_mov_v_reg(s, MO_8, s->T1, R_EAX); 3429 tcg_gen_ext8u_tl(s->T0, s->T0); 3430 tcg_gen_ext8u_tl(s->T1, s->T1); 3431 /* XXX: use 32 bit mul which could be faster */ 3432 tcg_gen_mul_tl(s->T0, s->T0, s->T1); 3433 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0); 3434 tcg_gen_mov_tl(cpu_cc_dst, s->T0); 3435 tcg_gen_andi_tl(cpu_cc_src, s->T0, 0xff00); 3436 set_cc_op(s, CC_OP_MULB); 3437 break; 3438 case MO_16: 3439 gen_op_mov_v_reg(s, MO_16, s->T1, R_EAX); 3440 tcg_gen_ext16u_tl(s->T0, s->T0); 3441 tcg_gen_ext16u_tl(s->T1, s->T1); 3442 /* XXX: use 32 bit mul which could be faster */ 3443 tcg_gen_mul_tl(s->T0, s->T0, s->T1); 3444 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0); 3445 tcg_gen_mov_tl(cpu_cc_dst, s->T0); 3446 tcg_gen_shri_tl(s->T0, s->T0, 16); 3447 gen_op_mov_reg_v(s, MO_16, R_EDX, s->T0); 3448 tcg_gen_mov_tl(cpu_cc_src, s->T0); 3449 set_cc_op(s, CC_OP_MULW); 3450 break; 3451 default: 3452 case MO_32: 3453 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); 3454 tcg_gen_trunc_tl_i32(s->tmp3_i32, cpu_regs[R_EAX]); 3455 tcg_gen_mulu2_i32(s->tmp2_i32, s->tmp3_i32, 3456 s->tmp2_i32, s->tmp3_i32); 3457 tcg_gen_extu_i32_tl(cpu_regs[R_EAX], s->tmp2_i32); 3458 tcg_gen_extu_i32_tl(cpu_regs[R_EDX], s->tmp3_i32); 3459 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]); 3460 tcg_gen_mov_tl(cpu_cc_src, cpu_regs[R_EDX]); 3461 set_cc_op(s, CC_OP_MULL); 3462 break; 3463 #ifdef TARGET_X86_64 3464 case MO_64: 3465 tcg_gen_mulu2_i64(cpu_regs[R_EAX], cpu_regs[R_EDX], 3466 s->T0, cpu_regs[R_EAX]); 3467 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]); 3468 tcg_gen_mov_tl(cpu_cc_src, cpu_regs[R_EDX]); 3469 set_cc_op(s, CC_OP_MULQ); 3470 break; 3471 #endif 3472 } 3473 break; 3474 case 5: /* imul */ 3475 switch(ot) { 3476 case MO_8: 3477 gen_op_mov_v_reg(s, MO_8, s->T1, R_EAX); 3478 tcg_gen_ext8s_tl(s->T0, s->T0); 3479 tcg_gen_ext8s_tl(s->T1, s->T1); 3480 /* XXX: use 32 bit mul which could be faster */ 3481 tcg_gen_mul_tl(s->T0, s->T0, s->T1); 3482 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0); 3483 tcg_gen_mov_tl(cpu_cc_dst, s->T0); 3484 tcg_gen_ext8s_tl(s->tmp0, s->T0); 3485 tcg_gen_sub_tl(cpu_cc_src, s->T0, s->tmp0); 3486 set_cc_op(s, CC_OP_MULB); 3487 break; 3488 case MO_16: 3489 gen_op_mov_v_reg(s, MO_16, s->T1, R_EAX); 3490 tcg_gen_ext16s_tl(s->T0, s->T0); 3491 tcg_gen_ext16s_tl(s->T1, s->T1); 3492 /* XXX: use 32 bit mul which could be faster */ 3493 tcg_gen_mul_tl(s->T0, s->T0, s->T1); 3494 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0); 3495 tcg_gen_mov_tl(cpu_cc_dst, s->T0); 3496 tcg_gen_ext16s_tl(s->tmp0, s->T0); 3497 tcg_gen_sub_tl(cpu_cc_src, s->T0, s->tmp0); 3498 tcg_gen_shri_tl(s->T0, s->T0, 16); 3499 gen_op_mov_reg_v(s, MO_16, R_EDX, s->T0); 3500 set_cc_op(s, CC_OP_MULW); 3501 break; 3502 default: 3503 case MO_32: 3504 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); 3505 tcg_gen_trunc_tl_i32(s->tmp3_i32, cpu_regs[R_EAX]); 3506 tcg_gen_muls2_i32(s->tmp2_i32, s->tmp3_i32, 3507 s->tmp2_i32, s->tmp3_i32); 3508 tcg_gen_extu_i32_tl(cpu_regs[R_EAX], s->tmp2_i32); 3509 tcg_gen_extu_i32_tl(cpu_regs[R_EDX], s->tmp3_i32); 3510 tcg_gen_sari_i32(s->tmp2_i32, s->tmp2_i32, 31); 3511 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]); 3512 tcg_gen_sub_i32(s->tmp2_i32, s->tmp2_i32, s->tmp3_i32); 3513 tcg_gen_extu_i32_tl(cpu_cc_src, s->tmp2_i32); 3514 set_cc_op(s, CC_OP_MULL); 3515 break; 3516 #ifdef TARGET_X86_64 3517 case MO_64: 3518 tcg_gen_muls2_i64(cpu_regs[R_EAX], cpu_regs[R_EDX], 3519 s->T0, cpu_regs[R_EAX]); 3520 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[R_EAX]); 3521 tcg_gen_sari_tl(cpu_cc_src, cpu_regs[R_EAX], 63); 3522 tcg_gen_sub_tl(cpu_cc_src, cpu_cc_src, cpu_regs[R_EDX]); 3523 set_cc_op(s, CC_OP_MULQ); 3524 break; 3525 #endif 3526 } 3527 break; 3528 case 6: /* div */ 3529 switch(ot) { 3530 case MO_8: 3531 gen_helper_divb_AL(cpu_env, s->T0); 3532 break; 3533 case MO_16: 3534 gen_helper_divw_AX(cpu_env, s->T0); 3535 break; 3536 default: 3537 case MO_32: 3538 gen_helper_divl_EAX(cpu_env, s->T0); 3539 break; 3540 #ifdef TARGET_X86_64 3541 case MO_64: 3542 gen_helper_divq_EAX(cpu_env, s->T0); 3543 break; 3544 #endif 3545 } 3546 break; 3547 case 7: /* idiv */ 3548 switch(ot) { 3549 case MO_8: 3550 gen_helper_idivb_AL(cpu_env, s->T0); 3551 break; 3552 case MO_16: 3553 gen_helper_idivw_AX(cpu_env, s->T0); 3554 break; 3555 default: 3556 case MO_32: 3557 gen_helper_idivl_EAX(cpu_env, s->T0); 3558 break; 3559 #ifdef TARGET_X86_64 3560 case MO_64: 3561 gen_helper_idivq_EAX(cpu_env, s->T0); 3562 break; 3563 #endif 3564 } 3565 break; 3566 default: 3567 goto unknown_op; 3568 } 3569 break; 3570 3571 case 0xfe: /* GRP4 */ 3572 case 0xff: /* GRP5 */ 3573 ot = mo_b_d(b, dflag); 3574 3575 modrm = x86_ldub_code(env, s); 3576 mod = (modrm >> 6) & 3; 3577 rm = (modrm & 7) | REX_B(s); 3578 op = (modrm >> 3) & 7; 3579 if (op >= 2 && b == 0xfe) { 3580 goto unknown_op; 3581 } 3582 if (CODE64(s)) { 3583 if (op == 2 || op == 4) { 3584 /* operand size for jumps is 64 bit */ 3585 ot = MO_64; 3586 } else if (op == 3 || op == 5) { 3587 ot = dflag != MO_16 ? MO_32 + REX_W(s) : MO_16; 3588 } else if (op == 6) { 3589 /* default push size is 64 bit */ 3590 ot = mo_pushpop(s, dflag); 3591 } 3592 } 3593 if (mod != 3) { 3594 gen_lea_modrm(env, s, modrm); 3595 if (op >= 2 && op != 3 && op != 5) 3596 gen_op_ld_v(s, ot, s->T0, s->A0); 3597 } else { 3598 gen_op_mov_v_reg(s, ot, s->T0, rm); 3599 } 3600 3601 switch(op) { 3602 case 0: /* inc Ev */ 3603 if (mod != 3) 3604 opreg = OR_TMP0; 3605 else 3606 opreg = rm; 3607 gen_inc(s, ot, opreg, 1); 3608 break; 3609 case 1: /* dec Ev */ 3610 if (mod != 3) 3611 opreg = OR_TMP0; 3612 else 3613 opreg = rm; 3614 gen_inc(s, ot, opreg, -1); 3615 break; 3616 case 2: /* call Ev */ 3617 /* XXX: optimize if memory (no 'and' is necessary) */ 3618 if (dflag == MO_16) { 3619 tcg_gen_ext16u_tl(s->T0, s->T0); 3620 } 3621 gen_push_v(s, eip_next_tl(s)); 3622 gen_op_jmp_v(s, s->T0); 3623 gen_bnd_jmp(s); 3624 s->base.is_jmp = DISAS_JUMP; 3625 break; 3626 case 3: /* lcall Ev */ 3627 if (mod == 3) { 3628 goto illegal_op; 3629 } 3630 gen_op_ld_v(s, ot, s->T1, s->A0); 3631 gen_add_A0_im(s, 1 << ot); 3632 gen_op_ld_v(s, MO_16, s->T0, s->A0); 3633 do_lcall: 3634 if (PE(s) && !VM86(s)) { 3635 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); 3636 gen_helper_lcall_protected(cpu_env, s->tmp2_i32, s->T1, 3637 tcg_constant_i32(dflag - 1), 3638 eip_next_tl(s)); 3639 } else { 3640 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); 3641 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1); 3642 gen_helper_lcall_real(cpu_env, s->tmp2_i32, s->tmp3_i32, 3643 tcg_constant_i32(dflag - 1), 3644 eip_next_i32(s)); 3645 } 3646 s->base.is_jmp = DISAS_JUMP; 3647 break; 3648 case 4: /* jmp Ev */ 3649 if (dflag == MO_16) { 3650 tcg_gen_ext16u_tl(s->T0, s->T0); 3651 } 3652 gen_op_jmp_v(s, s->T0); 3653 gen_bnd_jmp(s); 3654 s->base.is_jmp = DISAS_JUMP; 3655 break; 3656 case 5: /* ljmp Ev */ 3657 if (mod == 3) { 3658 goto illegal_op; 3659 } 3660 gen_op_ld_v(s, ot, s->T1, s->A0); 3661 gen_add_A0_im(s, 1 << ot); 3662 gen_op_ld_v(s, MO_16, s->T0, s->A0); 3663 do_ljmp: 3664 if (PE(s) && !VM86(s)) { 3665 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); 3666 gen_helper_ljmp_protected(cpu_env, s->tmp2_i32, s->T1, 3667 eip_next_tl(s)); 3668 } else { 3669 gen_op_movl_seg_T0_vm(s, R_CS); 3670 gen_op_jmp_v(s, s->T1); 3671 } 3672 s->base.is_jmp = DISAS_JUMP; 3673 break; 3674 case 6: /* push Ev */ 3675 gen_push_v(s, s->T0); 3676 break; 3677 default: 3678 goto unknown_op; 3679 } 3680 break; 3681 3682 case 0x84: /* test Ev, Gv */ 3683 case 0x85: 3684 ot = mo_b_d(b, dflag); 3685 3686 modrm = x86_ldub_code(env, s); 3687 reg = ((modrm >> 3) & 7) | REX_R(s); 3688 3689 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0); 3690 gen_op_mov_v_reg(s, ot, s->T1, reg); 3691 gen_op_testl_T0_T1_cc(s); 3692 set_cc_op(s, CC_OP_LOGICB + ot); 3693 break; 3694 3695 case 0xa8: /* test eAX, Iv */ 3696 case 0xa9: 3697 ot = mo_b_d(b, dflag); 3698 val = insn_get(env, s, ot); 3699 3700 gen_op_mov_v_reg(s, ot, s->T0, OR_EAX); 3701 tcg_gen_movi_tl(s->T1, val); 3702 gen_op_testl_T0_T1_cc(s); 3703 set_cc_op(s, CC_OP_LOGICB + ot); 3704 break; 3705 3706 case 0x98: /* CWDE/CBW */ 3707 switch (dflag) { 3708 #ifdef TARGET_X86_64 3709 case MO_64: 3710 gen_op_mov_v_reg(s, MO_32, s->T0, R_EAX); 3711 tcg_gen_ext32s_tl(s->T0, s->T0); 3712 gen_op_mov_reg_v(s, MO_64, R_EAX, s->T0); 3713 break; 3714 #endif 3715 case MO_32: 3716 gen_op_mov_v_reg(s, MO_16, s->T0, R_EAX); 3717 tcg_gen_ext16s_tl(s->T0, s->T0); 3718 gen_op_mov_reg_v(s, MO_32, R_EAX, s->T0); 3719 break; 3720 case MO_16: 3721 gen_op_mov_v_reg(s, MO_8, s->T0, R_EAX); 3722 tcg_gen_ext8s_tl(s->T0, s->T0); 3723 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0); 3724 break; 3725 default: 3726 tcg_abort(); 3727 } 3728 break; 3729 case 0x99: /* CDQ/CWD */ 3730 switch (dflag) { 3731 #ifdef TARGET_X86_64 3732 case MO_64: 3733 gen_op_mov_v_reg(s, MO_64, s->T0, R_EAX); 3734 tcg_gen_sari_tl(s->T0, s->T0, 63); 3735 gen_op_mov_reg_v(s, MO_64, R_EDX, s->T0); 3736 break; 3737 #endif 3738 case MO_32: 3739 gen_op_mov_v_reg(s, MO_32, s->T0, R_EAX); 3740 tcg_gen_ext32s_tl(s->T0, s->T0); 3741 tcg_gen_sari_tl(s->T0, s->T0, 31); 3742 gen_op_mov_reg_v(s, MO_32, R_EDX, s->T0); 3743 break; 3744 case MO_16: 3745 gen_op_mov_v_reg(s, MO_16, s->T0, R_EAX); 3746 tcg_gen_ext16s_tl(s->T0, s->T0); 3747 tcg_gen_sari_tl(s->T0, s->T0, 15); 3748 gen_op_mov_reg_v(s, MO_16, R_EDX, s->T0); 3749 break; 3750 default: 3751 tcg_abort(); 3752 } 3753 break; 3754 case 0x1af: /* imul Gv, Ev */ 3755 case 0x69: /* imul Gv, Ev, I */ 3756 case 0x6b: 3757 ot = dflag; 3758 modrm = x86_ldub_code(env, s); 3759 reg = ((modrm >> 3) & 7) | REX_R(s); 3760 if (b == 0x69) 3761 s->rip_offset = insn_const_size(ot); 3762 else if (b == 0x6b) 3763 s->rip_offset = 1; 3764 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0); 3765 if (b == 0x69) { 3766 val = insn_get(env, s, ot); 3767 tcg_gen_movi_tl(s->T1, val); 3768 } else if (b == 0x6b) { 3769 val = (int8_t)insn_get(env, s, MO_8); 3770 tcg_gen_movi_tl(s->T1, val); 3771 } else { 3772 gen_op_mov_v_reg(s, ot, s->T1, reg); 3773 } 3774 switch (ot) { 3775 #ifdef TARGET_X86_64 3776 case MO_64: 3777 tcg_gen_muls2_i64(cpu_regs[reg], s->T1, s->T0, s->T1); 3778 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[reg]); 3779 tcg_gen_sari_tl(cpu_cc_src, cpu_cc_dst, 63); 3780 tcg_gen_sub_tl(cpu_cc_src, cpu_cc_src, s->T1); 3781 break; 3782 #endif 3783 case MO_32: 3784 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); 3785 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1); 3786 tcg_gen_muls2_i32(s->tmp2_i32, s->tmp3_i32, 3787 s->tmp2_i32, s->tmp3_i32); 3788 tcg_gen_extu_i32_tl(cpu_regs[reg], s->tmp2_i32); 3789 tcg_gen_sari_i32(s->tmp2_i32, s->tmp2_i32, 31); 3790 tcg_gen_mov_tl(cpu_cc_dst, cpu_regs[reg]); 3791 tcg_gen_sub_i32(s->tmp2_i32, s->tmp2_i32, s->tmp3_i32); 3792 tcg_gen_extu_i32_tl(cpu_cc_src, s->tmp2_i32); 3793 break; 3794 default: 3795 tcg_gen_ext16s_tl(s->T0, s->T0); 3796 tcg_gen_ext16s_tl(s->T1, s->T1); 3797 /* XXX: use 32 bit mul which could be faster */ 3798 tcg_gen_mul_tl(s->T0, s->T0, s->T1); 3799 tcg_gen_mov_tl(cpu_cc_dst, s->T0); 3800 tcg_gen_ext16s_tl(s->tmp0, s->T0); 3801 tcg_gen_sub_tl(cpu_cc_src, s->T0, s->tmp0); 3802 gen_op_mov_reg_v(s, ot, reg, s->T0); 3803 break; 3804 } 3805 set_cc_op(s, CC_OP_MULB + ot); 3806 break; 3807 case 0x1c0: 3808 case 0x1c1: /* xadd Ev, Gv */ 3809 ot = mo_b_d(b, dflag); 3810 modrm = x86_ldub_code(env, s); 3811 reg = ((modrm >> 3) & 7) | REX_R(s); 3812 mod = (modrm >> 6) & 3; 3813 gen_op_mov_v_reg(s, ot, s->T0, reg); 3814 if (mod == 3) { 3815 rm = (modrm & 7) | REX_B(s); 3816 gen_op_mov_v_reg(s, ot, s->T1, rm); 3817 tcg_gen_add_tl(s->T0, s->T0, s->T1); 3818 gen_op_mov_reg_v(s, ot, reg, s->T1); 3819 gen_op_mov_reg_v(s, ot, rm, s->T0); 3820 } else { 3821 gen_lea_modrm(env, s, modrm); 3822 if (s->prefix & PREFIX_LOCK) { 3823 tcg_gen_atomic_fetch_add_tl(s->T1, s->A0, s->T0, 3824 s->mem_index, ot | MO_LE); 3825 tcg_gen_add_tl(s->T0, s->T0, s->T1); 3826 } else { 3827 gen_op_ld_v(s, ot, s->T1, s->A0); 3828 tcg_gen_add_tl(s->T0, s->T0, s->T1); 3829 gen_op_st_v(s, ot, s->T0, s->A0); 3830 } 3831 gen_op_mov_reg_v(s, ot, reg, s->T1); 3832 } 3833 gen_op_update2_cc(s); 3834 set_cc_op(s, CC_OP_ADDB + ot); 3835 break; 3836 case 0x1b0: 3837 case 0x1b1: /* cmpxchg Ev, Gv */ 3838 { 3839 TCGv oldv, newv, cmpv, dest; 3840 3841 ot = mo_b_d(b, dflag); 3842 modrm = x86_ldub_code(env, s); 3843 reg = ((modrm >> 3) & 7) | REX_R(s); 3844 mod = (modrm >> 6) & 3; 3845 oldv = tcg_temp_new(); 3846 newv = tcg_temp_new(); 3847 cmpv = tcg_temp_new(); 3848 gen_op_mov_v_reg(s, ot, newv, reg); 3849 tcg_gen_mov_tl(cmpv, cpu_regs[R_EAX]); 3850 gen_extu(ot, cmpv); 3851 if (s->prefix & PREFIX_LOCK) { 3852 if (mod == 3) { 3853 goto illegal_op; 3854 } 3855 gen_lea_modrm(env, s, modrm); 3856 tcg_gen_atomic_cmpxchg_tl(oldv, s->A0, cmpv, newv, 3857 s->mem_index, ot | MO_LE); 3858 } else { 3859 if (mod == 3) { 3860 rm = (modrm & 7) | REX_B(s); 3861 gen_op_mov_v_reg(s, ot, oldv, rm); 3862 gen_extu(ot, oldv); 3863 3864 /* 3865 * Unlike the memory case, where "the destination operand receives 3866 * a write cycle without regard to the result of the comparison", 3867 * rm must not be touched altogether if the write fails, including 3868 * not zero-extending it on 64-bit processors. So, precompute 3869 * the result of a successful writeback and perform the movcond 3870 * directly on cpu_regs. Also need to write accumulator first, in 3871 * case rm is part of RAX too. 3872 */ 3873 dest = gen_op_deposit_reg_v(s, ot, rm, newv, newv); 3874 tcg_gen_movcond_tl(TCG_COND_EQ, dest, oldv, cmpv, newv, dest); 3875 } else { 3876 gen_lea_modrm(env, s, modrm); 3877 gen_op_ld_v(s, ot, oldv, s->A0); 3878 3879 /* 3880 * Perform an unconditional store cycle like physical cpu; 3881 * must be before changing accumulator to ensure 3882 * idempotency if the store faults and the instruction 3883 * is restarted 3884 */ 3885 tcg_gen_movcond_tl(TCG_COND_EQ, newv, oldv, cmpv, newv, oldv); 3886 gen_op_st_v(s, ot, newv, s->A0); 3887 } 3888 } 3889 /* 3890 * Write EAX only if the cmpxchg fails; reuse newv as the destination, 3891 * since it's dead here. 3892 */ 3893 dest = gen_op_deposit_reg_v(s, ot, R_EAX, newv, oldv); 3894 tcg_gen_movcond_tl(TCG_COND_EQ, dest, oldv, cmpv, dest, newv); 3895 tcg_gen_mov_tl(cpu_cc_src, oldv); 3896 tcg_gen_mov_tl(s->cc_srcT, cmpv); 3897 tcg_gen_sub_tl(cpu_cc_dst, cmpv, oldv); 3898 set_cc_op(s, CC_OP_SUBB + ot); 3899 } 3900 break; 3901 case 0x1c7: /* cmpxchg8b */ 3902 modrm = x86_ldub_code(env, s); 3903 mod = (modrm >> 6) & 3; 3904 switch ((modrm >> 3) & 7) { 3905 case 1: /* CMPXCHG8, CMPXCHG16 */ 3906 if (mod == 3) { 3907 goto illegal_op; 3908 } 3909 #ifdef TARGET_X86_64 3910 if (dflag == MO_64) { 3911 if (!(s->cpuid_ext_features & CPUID_EXT_CX16)) { 3912 goto illegal_op; 3913 } 3914 gen_cmpxchg16b(s, env, modrm); 3915 break; 3916 } 3917 #endif 3918 if (!(s->cpuid_features & CPUID_CX8)) { 3919 goto illegal_op; 3920 } 3921 gen_cmpxchg8b(s, env, modrm); 3922 break; 3923 3924 case 7: /* RDSEED */ 3925 case 6: /* RDRAND */ 3926 if (mod != 3 || 3927 (s->prefix & (PREFIX_LOCK | PREFIX_REPZ | PREFIX_REPNZ)) || 3928 !(s->cpuid_ext_features & CPUID_EXT_RDRAND)) { 3929 goto illegal_op; 3930 } 3931 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { 3932 gen_io_start(); 3933 s->base.is_jmp = DISAS_TOO_MANY; 3934 } 3935 gen_helper_rdrand(s->T0, cpu_env); 3936 rm = (modrm & 7) | REX_B(s); 3937 gen_op_mov_reg_v(s, dflag, rm, s->T0); 3938 set_cc_op(s, CC_OP_EFLAGS); 3939 break; 3940 3941 default: 3942 goto illegal_op; 3943 } 3944 break; 3945 3946 /**************************/ 3947 /* push/pop */ 3948 case 0x50 ... 0x57: /* push */ 3949 gen_op_mov_v_reg(s, MO_32, s->T0, (b & 7) | REX_B(s)); 3950 gen_push_v(s, s->T0); 3951 break; 3952 case 0x58 ... 0x5f: /* pop */ 3953 ot = gen_pop_T0(s); 3954 /* NOTE: order is important for pop %sp */ 3955 gen_pop_update(s, ot); 3956 gen_op_mov_reg_v(s, ot, (b & 7) | REX_B(s), s->T0); 3957 break; 3958 case 0x60: /* pusha */ 3959 if (CODE64(s)) 3960 goto illegal_op; 3961 gen_pusha(s); 3962 break; 3963 case 0x61: /* popa */ 3964 if (CODE64(s)) 3965 goto illegal_op; 3966 gen_popa(s); 3967 break; 3968 case 0x68: /* push Iv */ 3969 case 0x6a: 3970 ot = mo_pushpop(s, dflag); 3971 if (b == 0x68) 3972 val = insn_get(env, s, ot); 3973 else 3974 val = (int8_t)insn_get(env, s, MO_8); 3975 tcg_gen_movi_tl(s->T0, val); 3976 gen_push_v(s, s->T0); 3977 break; 3978 case 0x8f: /* pop Ev */ 3979 modrm = x86_ldub_code(env, s); 3980 mod = (modrm >> 6) & 3; 3981 ot = gen_pop_T0(s); 3982 if (mod == 3) { 3983 /* NOTE: order is important for pop %sp */ 3984 gen_pop_update(s, ot); 3985 rm = (modrm & 7) | REX_B(s); 3986 gen_op_mov_reg_v(s, ot, rm, s->T0); 3987 } else { 3988 /* NOTE: order is important too for MMU exceptions */ 3989 s->popl_esp_hack = 1 << ot; 3990 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1); 3991 s->popl_esp_hack = 0; 3992 gen_pop_update(s, ot); 3993 } 3994 break; 3995 case 0xc8: /* enter */ 3996 { 3997 int level; 3998 val = x86_lduw_code(env, s); 3999 level = x86_ldub_code(env, s); 4000 gen_enter(s, val, level); 4001 } 4002 break; 4003 case 0xc9: /* leave */ 4004 gen_leave(s); 4005 break; 4006 case 0x06: /* push es */ 4007 case 0x0e: /* push cs */ 4008 case 0x16: /* push ss */ 4009 case 0x1e: /* push ds */ 4010 if (CODE64(s)) 4011 goto illegal_op; 4012 gen_op_movl_T0_seg(s, b >> 3); 4013 gen_push_v(s, s->T0); 4014 break; 4015 case 0x1a0: /* push fs */ 4016 case 0x1a8: /* push gs */ 4017 gen_op_movl_T0_seg(s, (b >> 3) & 7); 4018 gen_push_v(s, s->T0); 4019 break; 4020 case 0x07: /* pop es */ 4021 case 0x17: /* pop ss */ 4022 case 0x1f: /* pop ds */ 4023 if (CODE64(s)) 4024 goto illegal_op; 4025 reg = b >> 3; 4026 ot = gen_pop_T0(s); 4027 gen_movl_seg_T0(s, reg); 4028 gen_pop_update(s, ot); 4029 break; 4030 case 0x1a1: /* pop fs */ 4031 case 0x1a9: /* pop gs */ 4032 ot = gen_pop_T0(s); 4033 gen_movl_seg_T0(s, (b >> 3) & 7); 4034 gen_pop_update(s, ot); 4035 break; 4036 4037 /**************************/ 4038 /* mov */ 4039 case 0x88: 4040 case 0x89: /* mov Gv, Ev */ 4041 ot = mo_b_d(b, dflag); 4042 modrm = x86_ldub_code(env, s); 4043 reg = ((modrm >> 3) & 7) | REX_R(s); 4044 4045 /* generate a generic store */ 4046 gen_ldst_modrm(env, s, modrm, ot, reg, 1); 4047 break; 4048 case 0xc6: 4049 case 0xc7: /* mov Ev, Iv */ 4050 ot = mo_b_d(b, dflag); 4051 modrm = x86_ldub_code(env, s); 4052 mod = (modrm >> 6) & 3; 4053 if (mod != 3) { 4054 s->rip_offset = insn_const_size(ot); 4055 gen_lea_modrm(env, s, modrm); 4056 } 4057 val = insn_get(env, s, ot); 4058 tcg_gen_movi_tl(s->T0, val); 4059 if (mod != 3) { 4060 gen_op_st_v(s, ot, s->T0, s->A0); 4061 } else { 4062 gen_op_mov_reg_v(s, ot, (modrm & 7) | REX_B(s), s->T0); 4063 } 4064 break; 4065 case 0x8a: 4066 case 0x8b: /* mov Ev, Gv */ 4067 ot = mo_b_d(b, dflag); 4068 modrm = x86_ldub_code(env, s); 4069 reg = ((modrm >> 3) & 7) | REX_R(s); 4070 4071 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0); 4072 gen_op_mov_reg_v(s, ot, reg, s->T0); 4073 break; 4074 case 0x8e: /* mov seg, Gv */ 4075 modrm = x86_ldub_code(env, s); 4076 reg = (modrm >> 3) & 7; 4077 if (reg >= 6 || reg == R_CS) 4078 goto illegal_op; 4079 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); 4080 gen_movl_seg_T0(s, reg); 4081 break; 4082 case 0x8c: /* mov Gv, seg */ 4083 modrm = x86_ldub_code(env, s); 4084 reg = (modrm >> 3) & 7; 4085 mod = (modrm >> 6) & 3; 4086 if (reg >= 6) 4087 goto illegal_op; 4088 gen_op_movl_T0_seg(s, reg); 4089 ot = mod == 3 ? dflag : MO_16; 4090 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1); 4091 break; 4092 4093 case 0x1b6: /* movzbS Gv, Eb */ 4094 case 0x1b7: /* movzwS Gv, Eb */ 4095 case 0x1be: /* movsbS Gv, Eb */ 4096 case 0x1bf: /* movswS Gv, Eb */ 4097 { 4098 MemOp d_ot; 4099 MemOp s_ot; 4100 4101 /* d_ot is the size of destination */ 4102 d_ot = dflag; 4103 /* ot is the size of source */ 4104 ot = (b & 1) + MO_8; 4105 /* s_ot is the sign+size of source */ 4106 s_ot = b & 8 ? MO_SIGN | ot : ot; 4107 4108 modrm = x86_ldub_code(env, s); 4109 reg = ((modrm >> 3) & 7) | REX_R(s); 4110 mod = (modrm >> 6) & 3; 4111 rm = (modrm & 7) | REX_B(s); 4112 4113 if (mod == 3) { 4114 if (s_ot == MO_SB && byte_reg_is_xH(s, rm)) { 4115 tcg_gen_sextract_tl(s->T0, cpu_regs[rm - 4], 8, 8); 4116 } else { 4117 gen_op_mov_v_reg(s, ot, s->T0, rm); 4118 switch (s_ot) { 4119 case MO_UB: 4120 tcg_gen_ext8u_tl(s->T0, s->T0); 4121 break; 4122 case MO_SB: 4123 tcg_gen_ext8s_tl(s->T0, s->T0); 4124 break; 4125 case MO_UW: 4126 tcg_gen_ext16u_tl(s->T0, s->T0); 4127 break; 4128 default: 4129 case MO_SW: 4130 tcg_gen_ext16s_tl(s->T0, s->T0); 4131 break; 4132 } 4133 } 4134 gen_op_mov_reg_v(s, d_ot, reg, s->T0); 4135 } else { 4136 gen_lea_modrm(env, s, modrm); 4137 gen_op_ld_v(s, s_ot, s->T0, s->A0); 4138 gen_op_mov_reg_v(s, d_ot, reg, s->T0); 4139 } 4140 } 4141 break; 4142 4143 case 0x8d: /* lea */ 4144 modrm = x86_ldub_code(env, s); 4145 mod = (modrm >> 6) & 3; 4146 if (mod == 3) 4147 goto illegal_op; 4148 reg = ((modrm >> 3) & 7) | REX_R(s); 4149 { 4150 AddressParts a = gen_lea_modrm_0(env, s, modrm); 4151 TCGv ea = gen_lea_modrm_1(s, a, false); 4152 gen_lea_v_seg(s, s->aflag, ea, -1, -1); 4153 gen_op_mov_reg_v(s, dflag, reg, s->A0); 4154 } 4155 break; 4156 4157 case 0xa0: /* mov EAX, Ov */ 4158 case 0xa1: 4159 case 0xa2: /* mov Ov, EAX */ 4160 case 0xa3: 4161 { 4162 target_ulong offset_addr; 4163 4164 ot = mo_b_d(b, dflag); 4165 offset_addr = insn_get_addr(env, s, s->aflag); 4166 tcg_gen_movi_tl(s->A0, offset_addr); 4167 gen_add_A0_ds_seg(s); 4168 if ((b & 2) == 0) { 4169 gen_op_ld_v(s, ot, s->T0, s->A0); 4170 gen_op_mov_reg_v(s, ot, R_EAX, s->T0); 4171 } else { 4172 gen_op_mov_v_reg(s, ot, s->T0, R_EAX); 4173 gen_op_st_v(s, ot, s->T0, s->A0); 4174 } 4175 } 4176 break; 4177 case 0xd7: /* xlat */ 4178 tcg_gen_mov_tl(s->A0, cpu_regs[R_EBX]); 4179 tcg_gen_ext8u_tl(s->T0, cpu_regs[R_EAX]); 4180 tcg_gen_add_tl(s->A0, s->A0, s->T0); 4181 gen_extu(s->aflag, s->A0); 4182 gen_add_A0_ds_seg(s); 4183 gen_op_ld_v(s, MO_8, s->T0, s->A0); 4184 gen_op_mov_reg_v(s, MO_8, R_EAX, s->T0); 4185 break; 4186 case 0xb0 ... 0xb7: /* mov R, Ib */ 4187 val = insn_get(env, s, MO_8); 4188 tcg_gen_movi_tl(s->T0, val); 4189 gen_op_mov_reg_v(s, MO_8, (b & 7) | REX_B(s), s->T0); 4190 break; 4191 case 0xb8 ... 0xbf: /* mov R, Iv */ 4192 #ifdef TARGET_X86_64 4193 if (dflag == MO_64) { 4194 uint64_t tmp; 4195 /* 64 bit case */ 4196 tmp = x86_ldq_code(env, s); 4197 reg = (b & 7) | REX_B(s); 4198 tcg_gen_movi_tl(s->T0, tmp); 4199 gen_op_mov_reg_v(s, MO_64, reg, s->T0); 4200 } else 4201 #endif 4202 { 4203 ot = dflag; 4204 val = insn_get(env, s, ot); 4205 reg = (b & 7) | REX_B(s); 4206 tcg_gen_movi_tl(s->T0, val); 4207 gen_op_mov_reg_v(s, ot, reg, s->T0); 4208 } 4209 break; 4210 4211 case 0x91 ... 0x97: /* xchg R, EAX */ 4212 do_xchg_reg_eax: 4213 ot = dflag; 4214 reg = (b & 7) | REX_B(s); 4215 rm = R_EAX; 4216 goto do_xchg_reg; 4217 case 0x86: 4218 case 0x87: /* xchg Ev, Gv */ 4219 ot = mo_b_d(b, dflag); 4220 modrm = x86_ldub_code(env, s); 4221 reg = ((modrm >> 3) & 7) | REX_R(s); 4222 mod = (modrm >> 6) & 3; 4223 if (mod == 3) { 4224 rm = (modrm & 7) | REX_B(s); 4225 do_xchg_reg: 4226 gen_op_mov_v_reg(s, ot, s->T0, reg); 4227 gen_op_mov_v_reg(s, ot, s->T1, rm); 4228 gen_op_mov_reg_v(s, ot, rm, s->T0); 4229 gen_op_mov_reg_v(s, ot, reg, s->T1); 4230 } else { 4231 gen_lea_modrm(env, s, modrm); 4232 gen_op_mov_v_reg(s, ot, s->T0, reg); 4233 /* for xchg, lock is implicit */ 4234 tcg_gen_atomic_xchg_tl(s->T1, s->A0, s->T0, 4235 s->mem_index, ot | MO_LE); 4236 gen_op_mov_reg_v(s, ot, reg, s->T1); 4237 } 4238 break; 4239 case 0xc4: /* les Gv */ 4240 /* In CODE64 this is VEX3; see above. */ 4241 op = R_ES; 4242 goto do_lxx; 4243 case 0xc5: /* lds Gv */ 4244 /* In CODE64 this is VEX2; see above. */ 4245 op = R_DS; 4246 goto do_lxx; 4247 case 0x1b2: /* lss Gv */ 4248 op = R_SS; 4249 goto do_lxx; 4250 case 0x1b4: /* lfs Gv */ 4251 op = R_FS; 4252 goto do_lxx; 4253 case 0x1b5: /* lgs Gv */ 4254 op = R_GS; 4255 do_lxx: 4256 ot = dflag != MO_16 ? MO_32 : MO_16; 4257 modrm = x86_ldub_code(env, s); 4258 reg = ((modrm >> 3) & 7) | REX_R(s); 4259 mod = (modrm >> 6) & 3; 4260 if (mod == 3) 4261 goto illegal_op; 4262 gen_lea_modrm(env, s, modrm); 4263 gen_op_ld_v(s, ot, s->T1, s->A0); 4264 gen_add_A0_im(s, 1 << ot); 4265 /* load the segment first to handle exceptions properly */ 4266 gen_op_ld_v(s, MO_16, s->T0, s->A0); 4267 gen_movl_seg_T0(s, op); 4268 /* then put the data */ 4269 gen_op_mov_reg_v(s, ot, reg, s->T1); 4270 break; 4271 4272 /************************/ 4273 /* shifts */ 4274 case 0xc0: 4275 case 0xc1: 4276 /* shift Ev,Ib */ 4277 shift = 2; 4278 grp2: 4279 { 4280 ot = mo_b_d(b, dflag); 4281 modrm = x86_ldub_code(env, s); 4282 mod = (modrm >> 6) & 3; 4283 op = (modrm >> 3) & 7; 4284 4285 if (mod != 3) { 4286 if (shift == 2) { 4287 s->rip_offset = 1; 4288 } 4289 gen_lea_modrm(env, s, modrm); 4290 opreg = OR_TMP0; 4291 } else { 4292 opreg = (modrm & 7) | REX_B(s); 4293 } 4294 4295 /* simpler op */ 4296 if (shift == 0) { 4297 gen_shift(s, op, ot, opreg, OR_ECX); 4298 } else { 4299 if (shift == 2) { 4300 shift = x86_ldub_code(env, s); 4301 } 4302 gen_shifti(s, op, ot, opreg, shift); 4303 } 4304 } 4305 break; 4306 case 0xd0: 4307 case 0xd1: 4308 /* shift Ev,1 */ 4309 shift = 1; 4310 goto grp2; 4311 case 0xd2: 4312 case 0xd3: 4313 /* shift Ev,cl */ 4314 shift = 0; 4315 goto grp2; 4316 4317 case 0x1a4: /* shld imm */ 4318 op = 0; 4319 shift = 1; 4320 goto do_shiftd; 4321 case 0x1a5: /* shld cl */ 4322 op = 0; 4323 shift = 0; 4324 goto do_shiftd; 4325 case 0x1ac: /* shrd imm */ 4326 op = 1; 4327 shift = 1; 4328 goto do_shiftd; 4329 case 0x1ad: /* shrd cl */ 4330 op = 1; 4331 shift = 0; 4332 do_shiftd: 4333 ot = dflag; 4334 modrm = x86_ldub_code(env, s); 4335 mod = (modrm >> 6) & 3; 4336 rm = (modrm & 7) | REX_B(s); 4337 reg = ((modrm >> 3) & 7) | REX_R(s); 4338 if (mod != 3) { 4339 gen_lea_modrm(env, s, modrm); 4340 opreg = OR_TMP0; 4341 } else { 4342 opreg = rm; 4343 } 4344 gen_op_mov_v_reg(s, ot, s->T1, reg); 4345 4346 if (shift) { 4347 TCGv imm = tcg_constant_tl(x86_ldub_code(env, s)); 4348 gen_shiftd_rm_T1(s, ot, opreg, op, imm); 4349 } else { 4350 gen_shiftd_rm_T1(s, ot, opreg, op, cpu_regs[R_ECX]); 4351 } 4352 break; 4353 4354 /************************/ 4355 /* floats */ 4356 case 0xd8 ... 0xdf: 4357 { 4358 bool update_fip = true; 4359 4360 if (s->flags & (HF_EM_MASK | HF_TS_MASK)) { 4361 /* if CR0.EM or CR0.TS are set, generate an FPU exception */ 4362 /* XXX: what to do if illegal op ? */ 4363 gen_exception(s, EXCP07_PREX); 4364 break; 4365 } 4366 modrm = x86_ldub_code(env, s); 4367 mod = (modrm >> 6) & 3; 4368 rm = modrm & 7; 4369 op = ((b & 7) << 3) | ((modrm >> 3) & 7); 4370 if (mod != 3) { 4371 /* memory op */ 4372 AddressParts a = gen_lea_modrm_0(env, s, modrm); 4373 TCGv ea = gen_lea_modrm_1(s, a, false); 4374 TCGv last_addr = tcg_temp_new(); 4375 bool update_fdp = true; 4376 4377 tcg_gen_mov_tl(last_addr, ea); 4378 gen_lea_v_seg(s, s->aflag, ea, a.def_seg, s->override); 4379 4380 switch (op) { 4381 case 0x00 ... 0x07: /* fxxxs */ 4382 case 0x10 ... 0x17: /* fixxxl */ 4383 case 0x20 ... 0x27: /* fxxxl */ 4384 case 0x30 ... 0x37: /* fixxx */ 4385 { 4386 int op1; 4387 op1 = op & 7; 4388 4389 switch (op >> 4) { 4390 case 0: 4391 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0, 4392 s->mem_index, MO_LEUL); 4393 gen_helper_flds_FT0(cpu_env, s->tmp2_i32); 4394 break; 4395 case 1: 4396 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0, 4397 s->mem_index, MO_LEUL); 4398 gen_helper_fildl_FT0(cpu_env, s->tmp2_i32); 4399 break; 4400 case 2: 4401 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, 4402 s->mem_index, MO_LEUQ); 4403 gen_helper_fldl_FT0(cpu_env, s->tmp1_i64); 4404 break; 4405 case 3: 4406 default: 4407 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0, 4408 s->mem_index, MO_LESW); 4409 gen_helper_fildl_FT0(cpu_env, s->tmp2_i32); 4410 break; 4411 } 4412 4413 gen_helper_fp_arith_ST0_FT0(op1); 4414 if (op1 == 3) { 4415 /* fcomp needs pop */ 4416 gen_helper_fpop(cpu_env); 4417 } 4418 } 4419 break; 4420 case 0x08: /* flds */ 4421 case 0x0a: /* fsts */ 4422 case 0x0b: /* fstps */ 4423 case 0x18 ... 0x1b: /* fildl, fisttpl, fistl, fistpl */ 4424 case 0x28 ... 0x2b: /* fldl, fisttpll, fstl, fstpl */ 4425 case 0x38 ... 0x3b: /* filds, fisttps, fists, fistps */ 4426 switch (op & 7) { 4427 case 0: 4428 switch (op >> 4) { 4429 case 0: 4430 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0, 4431 s->mem_index, MO_LEUL); 4432 gen_helper_flds_ST0(cpu_env, s->tmp2_i32); 4433 break; 4434 case 1: 4435 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0, 4436 s->mem_index, MO_LEUL); 4437 gen_helper_fildl_ST0(cpu_env, s->tmp2_i32); 4438 break; 4439 case 2: 4440 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, 4441 s->mem_index, MO_LEUQ); 4442 gen_helper_fldl_ST0(cpu_env, s->tmp1_i64); 4443 break; 4444 case 3: 4445 default: 4446 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0, 4447 s->mem_index, MO_LESW); 4448 gen_helper_fildl_ST0(cpu_env, s->tmp2_i32); 4449 break; 4450 } 4451 break; 4452 case 1: 4453 /* XXX: the corresponding CPUID bit must be tested ! */ 4454 switch (op >> 4) { 4455 case 1: 4456 gen_helper_fisttl_ST0(s->tmp2_i32, cpu_env); 4457 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0, 4458 s->mem_index, MO_LEUL); 4459 break; 4460 case 2: 4461 gen_helper_fisttll_ST0(s->tmp1_i64, cpu_env); 4462 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0, 4463 s->mem_index, MO_LEUQ); 4464 break; 4465 case 3: 4466 default: 4467 gen_helper_fistt_ST0(s->tmp2_i32, cpu_env); 4468 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0, 4469 s->mem_index, MO_LEUW); 4470 break; 4471 } 4472 gen_helper_fpop(cpu_env); 4473 break; 4474 default: 4475 switch (op >> 4) { 4476 case 0: 4477 gen_helper_fsts_ST0(s->tmp2_i32, cpu_env); 4478 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0, 4479 s->mem_index, MO_LEUL); 4480 break; 4481 case 1: 4482 gen_helper_fistl_ST0(s->tmp2_i32, cpu_env); 4483 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0, 4484 s->mem_index, MO_LEUL); 4485 break; 4486 case 2: 4487 gen_helper_fstl_ST0(s->tmp1_i64, cpu_env); 4488 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0, 4489 s->mem_index, MO_LEUQ); 4490 break; 4491 case 3: 4492 default: 4493 gen_helper_fist_ST0(s->tmp2_i32, cpu_env); 4494 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0, 4495 s->mem_index, MO_LEUW); 4496 break; 4497 } 4498 if ((op & 7) == 3) { 4499 gen_helper_fpop(cpu_env); 4500 } 4501 break; 4502 } 4503 break; 4504 case 0x0c: /* fldenv mem */ 4505 gen_helper_fldenv(cpu_env, s->A0, 4506 tcg_constant_i32(dflag - 1)); 4507 update_fip = update_fdp = false; 4508 break; 4509 case 0x0d: /* fldcw mem */ 4510 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0, 4511 s->mem_index, MO_LEUW); 4512 gen_helper_fldcw(cpu_env, s->tmp2_i32); 4513 update_fip = update_fdp = false; 4514 break; 4515 case 0x0e: /* fnstenv mem */ 4516 gen_helper_fstenv(cpu_env, s->A0, 4517 tcg_constant_i32(dflag - 1)); 4518 update_fip = update_fdp = false; 4519 break; 4520 case 0x0f: /* fnstcw mem */ 4521 gen_helper_fnstcw(s->tmp2_i32, cpu_env); 4522 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0, 4523 s->mem_index, MO_LEUW); 4524 update_fip = update_fdp = false; 4525 break; 4526 case 0x1d: /* fldt mem */ 4527 gen_helper_fldt_ST0(cpu_env, s->A0); 4528 break; 4529 case 0x1f: /* fstpt mem */ 4530 gen_helper_fstt_ST0(cpu_env, s->A0); 4531 gen_helper_fpop(cpu_env); 4532 break; 4533 case 0x2c: /* frstor mem */ 4534 gen_helper_frstor(cpu_env, s->A0, 4535 tcg_constant_i32(dflag - 1)); 4536 update_fip = update_fdp = false; 4537 break; 4538 case 0x2e: /* fnsave mem */ 4539 gen_helper_fsave(cpu_env, s->A0, 4540 tcg_constant_i32(dflag - 1)); 4541 update_fip = update_fdp = false; 4542 break; 4543 case 0x2f: /* fnstsw mem */ 4544 gen_helper_fnstsw(s->tmp2_i32, cpu_env); 4545 tcg_gen_qemu_st_i32(s->tmp2_i32, s->A0, 4546 s->mem_index, MO_LEUW); 4547 update_fip = update_fdp = false; 4548 break; 4549 case 0x3c: /* fbld */ 4550 gen_helper_fbld_ST0(cpu_env, s->A0); 4551 break; 4552 case 0x3e: /* fbstp */ 4553 gen_helper_fbst_ST0(cpu_env, s->A0); 4554 gen_helper_fpop(cpu_env); 4555 break; 4556 case 0x3d: /* fildll */ 4557 tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, 4558 s->mem_index, MO_LEUQ); 4559 gen_helper_fildll_ST0(cpu_env, s->tmp1_i64); 4560 break; 4561 case 0x3f: /* fistpll */ 4562 gen_helper_fistll_ST0(s->tmp1_i64, cpu_env); 4563 tcg_gen_qemu_st_i64(s->tmp1_i64, s->A0, 4564 s->mem_index, MO_LEUQ); 4565 gen_helper_fpop(cpu_env); 4566 break; 4567 default: 4568 goto unknown_op; 4569 } 4570 4571 if (update_fdp) { 4572 int last_seg = s->override >= 0 ? s->override : a.def_seg; 4573 4574 tcg_gen_ld_i32(s->tmp2_i32, cpu_env, 4575 offsetof(CPUX86State, 4576 segs[last_seg].selector)); 4577 tcg_gen_st16_i32(s->tmp2_i32, cpu_env, 4578 offsetof(CPUX86State, fpds)); 4579 tcg_gen_st_tl(last_addr, cpu_env, 4580 offsetof(CPUX86State, fpdp)); 4581 } 4582 } else { 4583 /* register float ops */ 4584 opreg = rm; 4585 4586 switch (op) { 4587 case 0x08: /* fld sti */ 4588 gen_helper_fpush(cpu_env); 4589 gen_helper_fmov_ST0_STN(cpu_env, 4590 tcg_constant_i32((opreg + 1) & 7)); 4591 break; 4592 case 0x09: /* fxchg sti */ 4593 case 0x29: /* fxchg4 sti, undocumented op */ 4594 case 0x39: /* fxchg7 sti, undocumented op */ 4595 gen_helper_fxchg_ST0_STN(cpu_env, tcg_constant_i32(opreg)); 4596 break; 4597 case 0x0a: /* grp d9/2 */ 4598 switch (rm) { 4599 case 0: /* fnop */ 4600 /* check exceptions (FreeBSD FPU probe) */ 4601 gen_helper_fwait(cpu_env); 4602 update_fip = false; 4603 break; 4604 default: 4605 goto unknown_op; 4606 } 4607 break; 4608 case 0x0c: /* grp d9/4 */ 4609 switch (rm) { 4610 case 0: /* fchs */ 4611 gen_helper_fchs_ST0(cpu_env); 4612 break; 4613 case 1: /* fabs */ 4614 gen_helper_fabs_ST0(cpu_env); 4615 break; 4616 case 4: /* ftst */ 4617 gen_helper_fldz_FT0(cpu_env); 4618 gen_helper_fcom_ST0_FT0(cpu_env); 4619 break; 4620 case 5: /* fxam */ 4621 gen_helper_fxam_ST0(cpu_env); 4622 break; 4623 default: 4624 goto unknown_op; 4625 } 4626 break; 4627 case 0x0d: /* grp d9/5 */ 4628 { 4629 switch (rm) { 4630 case 0: 4631 gen_helper_fpush(cpu_env); 4632 gen_helper_fld1_ST0(cpu_env); 4633 break; 4634 case 1: 4635 gen_helper_fpush(cpu_env); 4636 gen_helper_fldl2t_ST0(cpu_env); 4637 break; 4638 case 2: 4639 gen_helper_fpush(cpu_env); 4640 gen_helper_fldl2e_ST0(cpu_env); 4641 break; 4642 case 3: 4643 gen_helper_fpush(cpu_env); 4644 gen_helper_fldpi_ST0(cpu_env); 4645 break; 4646 case 4: 4647 gen_helper_fpush(cpu_env); 4648 gen_helper_fldlg2_ST0(cpu_env); 4649 break; 4650 case 5: 4651 gen_helper_fpush(cpu_env); 4652 gen_helper_fldln2_ST0(cpu_env); 4653 break; 4654 case 6: 4655 gen_helper_fpush(cpu_env); 4656 gen_helper_fldz_ST0(cpu_env); 4657 break; 4658 default: 4659 goto unknown_op; 4660 } 4661 } 4662 break; 4663 case 0x0e: /* grp d9/6 */ 4664 switch (rm) { 4665 case 0: /* f2xm1 */ 4666 gen_helper_f2xm1(cpu_env); 4667 break; 4668 case 1: /* fyl2x */ 4669 gen_helper_fyl2x(cpu_env); 4670 break; 4671 case 2: /* fptan */ 4672 gen_helper_fptan(cpu_env); 4673 break; 4674 case 3: /* fpatan */ 4675 gen_helper_fpatan(cpu_env); 4676 break; 4677 case 4: /* fxtract */ 4678 gen_helper_fxtract(cpu_env); 4679 break; 4680 case 5: /* fprem1 */ 4681 gen_helper_fprem1(cpu_env); 4682 break; 4683 case 6: /* fdecstp */ 4684 gen_helper_fdecstp(cpu_env); 4685 break; 4686 default: 4687 case 7: /* fincstp */ 4688 gen_helper_fincstp(cpu_env); 4689 break; 4690 } 4691 break; 4692 case 0x0f: /* grp d9/7 */ 4693 switch (rm) { 4694 case 0: /* fprem */ 4695 gen_helper_fprem(cpu_env); 4696 break; 4697 case 1: /* fyl2xp1 */ 4698 gen_helper_fyl2xp1(cpu_env); 4699 break; 4700 case 2: /* fsqrt */ 4701 gen_helper_fsqrt(cpu_env); 4702 break; 4703 case 3: /* fsincos */ 4704 gen_helper_fsincos(cpu_env); 4705 break; 4706 case 5: /* fscale */ 4707 gen_helper_fscale(cpu_env); 4708 break; 4709 case 4: /* frndint */ 4710 gen_helper_frndint(cpu_env); 4711 break; 4712 case 6: /* fsin */ 4713 gen_helper_fsin(cpu_env); 4714 break; 4715 default: 4716 case 7: /* fcos */ 4717 gen_helper_fcos(cpu_env); 4718 break; 4719 } 4720 break; 4721 case 0x00: case 0x01: case 0x04 ... 0x07: /* fxxx st, sti */ 4722 case 0x20: case 0x21: case 0x24 ... 0x27: /* fxxx sti, st */ 4723 case 0x30: case 0x31: case 0x34 ... 0x37: /* fxxxp sti, st */ 4724 { 4725 int op1; 4726 4727 op1 = op & 7; 4728 if (op >= 0x20) { 4729 gen_helper_fp_arith_STN_ST0(op1, opreg); 4730 if (op >= 0x30) { 4731 gen_helper_fpop(cpu_env); 4732 } 4733 } else { 4734 gen_helper_fmov_FT0_STN(cpu_env, 4735 tcg_constant_i32(opreg)); 4736 gen_helper_fp_arith_ST0_FT0(op1); 4737 } 4738 } 4739 break; 4740 case 0x02: /* fcom */ 4741 case 0x22: /* fcom2, undocumented op */ 4742 gen_helper_fmov_FT0_STN(cpu_env, tcg_constant_i32(opreg)); 4743 gen_helper_fcom_ST0_FT0(cpu_env); 4744 break; 4745 case 0x03: /* fcomp */ 4746 case 0x23: /* fcomp3, undocumented op */ 4747 case 0x32: /* fcomp5, undocumented op */ 4748 gen_helper_fmov_FT0_STN(cpu_env, tcg_constant_i32(opreg)); 4749 gen_helper_fcom_ST0_FT0(cpu_env); 4750 gen_helper_fpop(cpu_env); 4751 break; 4752 case 0x15: /* da/5 */ 4753 switch (rm) { 4754 case 1: /* fucompp */ 4755 gen_helper_fmov_FT0_STN(cpu_env, tcg_constant_i32(1)); 4756 gen_helper_fucom_ST0_FT0(cpu_env); 4757 gen_helper_fpop(cpu_env); 4758 gen_helper_fpop(cpu_env); 4759 break; 4760 default: 4761 goto unknown_op; 4762 } 4763 break; 4764 case 0x1c: 4765 switch (rm) { 4766 case 0: /* feni (287 only, just do nop here) */ 4767 break; 4768 case 1: /* fdisi (287 only, just do nop here) */ 4769 break; 4770 case 2: /* fclex */ 4771 gen_helper_fclex(cpu_env); 4772 update_fip = false; 4773 break; 4774 case 3: /* fninit */ 4775 gen_helper_fninit(cpu_env); 4776 update_fip = false; 4777 break; 4778 case 4: /* fsetpm (287 only, just do nop here) */ 4779 break; 4780 default: 4781 goto unknown_op; 4782 } 4783 break; 4784 case 0x1d: /* fucomi */ 4785 if (!(s->cpuid_features & CPUID_CMOV)) { 4786 goto illegal_op; 4787 } 4788 gen_update_cc_op(s); 4789 gen_helper_fmov_FT0_STN(cpu_env, tcg_constant_i32(opreg)); 4790 gen_helper_fucomi_ST0_FT0(cpu_env); 4791 set_cc_op(s, CC_OP_EFLAGS); 4792 break; 4793 case 0x1e: /* fcomi */ 4794 if (!(s->cpuid_features & CPUID_CMOV)) { 4795 goto illegal_op; 4796 } 4797 gen_update_cc_op(s); 4798 gen_helper_fmov_FT0_STN(cpu_env, tcg_constant_i32(opreg)); 4799 gen_helper_fcomi_ST0_FT0(cpu_env); 4800 set_cc_op(s, CC_OP_EFLAGS); 4801 break; 4802 case 0x28: /* ffree sti */ 4803 gen_helper_ffree_STN(cpu_env, tcg_constant_i32(opreg)); 4804 break; 4805 case 0x2a: /* fst sti */ 4806 gen_helper_fmov_STN_ST0(cpu_env, tcg_constant_i32(opreg)); 4807 break; 4808 case 0x2b: /* fstp sti */ 4809 case 0x0b: /* fstp1 sti, undocumented op */ 4810 case 0x3a: /* fstp8 sti, undocumented op */ 4811 case 0x3b: /* fstp9 sti, undocumented op */ 4812 gen_helper_fmov_STN_ST0(cpu_env, tcg_constant_i32(opreg)); 4813 gen_helper_fpop(cpu_env); 4814 break; 4815 case 0x2c: /* fucom st(i) */ 4816 gen_helper_fmov_FT0_STN(cpu_env, tcg_constant_i32(opreg)); 4817 gen_helper_fucom_ST0_FT0(cpu_env); 4818 break; 4819 case 0x2d: /* fucomp st(i) */ 4820 gen_helper_fmov_FT0_STN(cpu_env, tcg_constant_i32(opreg)); 4821 gen_helper_fucom_ST0_FT0(cpu_env); 4822 gen_helper_fpop(cpu_env); 4823 break; 4824 case 0x33: /* de/3 */ 4825 switch (rm) { 4826 case 1: /* fcompp */ 4827 gen_helper_fmov_FT0_STN(cpu_env, tcg_constant_i32(1)); 4828 gen_helper_fcom_ST0_FT0(cpu_env); 4829 gen_helper_fpop(cpu_env); 4830 gen_helper_fpop(cpu_env); 4831 break; 4832 default: 4833 goto unknown_op; 4834 } 4835 break; 4836 case 0x38: /* ffreep sti, undocumented op */ 4837 gen_helper_ffree_STN(cpu_env, tcg_constant_i32(opreg)); 4838 gen_helper_fpop(cpu_env); 4839 break; 4840 case 0x3c: /* df/4 */ 4841 switch (rm) { 4842 case 0: 4843 gen_helper_fnstsw(s->tmp2_i32, cpu_env); 4844 tcg_gen_extu_i32_tl(s->T0, s->tmp2_i32); 4845 gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0); 4846 break; 4847 default: 4848 goto unknown_op; 4849 } 4850 break; 4851 case 0x3d: /* fucomip */ 4852 if (!(s->cpuid_features & CPUID_CMOV)) { 4853 goto illegal_op; 4854 } 4855 gen_update_cc_op(s); 4856 gen_helper_fmov_FT0_STN(cpu_env, tcg_constant_i32(opreg)); 4857 gen_helper_fucomi_ST0_FT0(cpu_env); 4858 gen_helper_fpop(cpu_env); 4859 set_cc_op(s, CC_OP_EFLAGS); 4860 break; 4861 case 0x3e: /* fcomip */ 4862 if (!(s->cpuid_features & CPUID_CMOV)) { 4863 goto illegal_op; 4864 } 4865 gen_update_cc_op(s); 4866 gen_helper_fmov_FT0_STN(cpu_env, tcg_constant_i32(opreg)); 4867 gen_helper_fcomi_ST0_FT0(cpu_env); 4868 gen_helper_fpop(cpu_env); 4869 set_cc_op(s, CC_OP_EFLAGS); 4870 break; 4871 case 0x10 ... 0x13: /* fcmovxx */ 4872 case 0x18 ... 0x1b: 4873 { 4874 int op1; 4875 TCGLabel *l1; 4876 static const uint8_t fcmov_cc[8] = { 4877 (JCC_B << 1), 4878 (JCC_Z << 1), 4879 (JCC_BE << 1), 4880 (JCC_P << 1), 4881 }; 4882 4883 if (!(s->cpuid_features & CPUID_CMOV)) { 4884 goto illegal_op; 4885 } 4886 op1 = fcmov_cc[op & 3] | (((op >> 3) & 1) ^ 1); 4887 l1 = gen_new_label(); 4888 gen_jcc1_noeob(s, op1, l1); 4889 gen_helper_fmov_ST0_STN(cpu_env, 4890 tcg_constant_i32(opreg)); 4891 gen_set_label(l1); 4892 } 4893 break; 4894 default: 4895 goto unknown_op; 4896 } 4897 } 4898 4899 if (update_fip) { 4900 tcg_gen_ld_i32(s->tmp2_i32, cpu_env, 4901 offsetof(CPUX86State, segs[R_CS].selector)); 4902 tcg_gen_st16_i32(s->tmp2_i32, cpu_env, 4903 offsetof(CPUX86State, fpcs)); 4904 tcg_gen_st_tl(eip_cur_tl(s), 4905 cpu_env, offsetof(CPUX86State, fpip)); 4906 } 4907 } 4908 break; 4909 /************************/ 4910 /* string ops */ 4911 4912 case 0xa4: /* movsS */ 4913 case 0xa5: 4914 ot = mo_b_d(b, dflag); 4915 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { 4916 gen_repz_movs(s, ot); 4917 } else { 4918 gen_movs(s, ot); 4919 } 4920 break; 4921 4922 case 0xaa: /* stosS */ 4923 case 0xab: 4924 ot = mo_b_d(b, dflag); 4925 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { 4926 gen_repz_stos(s, ot); 4927 } else { 4928 gen_stos(s, ot); 4929 } 4930 break; 4931 case 0xac: /* lodsS */ 4932 case 0xad: 4933 ot = mo_b_d(b, dflag); 4934 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { 4935 gen_repz_lods(s, ot); 4936 } else { 4937 gen_lods(s, ot); 4938 } 4939 break; 4940 case 0xae: /* scasS */ 4941 case 0xaf: 4942 ot = mo_b_d(b, dflag); 4943 if (prefixes & PREFIX_REPNZ) { 4944 gen_repz_scas(s, ot, 1); 4945 } else if (prefixes & PREFIX_REPZ) { 4946 gen_repz_scas(s, ot, 0); 4947 } else { 4948 gen_scas(s, ot); 4949 } 4950 break; 4951 4952 case 0xa6: /* cmpsS */ 4953 case 0xa7: 4954 ot = mo_b_d(b, dflag); 4955 if (prefixes & PREFIX_REPNZ) { 4956 gen_repz_cmps(s, ot, 1); 4957 } else if (prefixes & PREFIX_REPZ) { 4958 gen_repz_cmps(s, ot, 0); 4959 } else { 4960 gen_cmps(s, ot); 4961 } 4962 break; 4963 case 0x6c: /* insS */ 4964 case 0x6d: 4965 ot = mo_b_d32(b, dflag); 4966 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]); 4967 tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32); 4968 if (!gen_check_io(s, ot, s->tmp2_i32, 4969 SVM_IOIO_TYPE_MASK | SVM_IOIO_STR_MASK)) { 4970 break; 4971 } 4972 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { 4973 gen_io_start(); 4974 s->base.is_jmp = DISAS_TOO_MANY; 4975 } 4976 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { 4977 gen_repz_ins(s, ot); 4978 } else { 4979 gen_ins(s, ot); 4980 } 4981 break; 4982 case 0x6e: /* outsS */ 4983 case 0x6f: 4984 ot = mo_b_d32(b, dflag); 4985 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]); 4986 tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32); 4987 if (!gen_check_io(s, ot, s->tmp2_i32, SVM_IOIO_STR_MASK)) { 4988 break; 4989 } 4990 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { 4991 gen_io_start(); 4992 s->base.is_jmp = DISAS_TOO_MANY; 4993 } 4994 if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) { 4995 gen_repz_outs(s, ot); 4996 } else { 4997 gen_outs(s, ot); 4998 } 4999 break; 5000 5001 /************************/ 5002 /* port I/O */ 5003 5004 case 0xe4: 5005 case 0xe5: 5006 ot = mo_b_d32(b, dflag); 5007 val = x86_ldub_code(env, s); 5008 tcg_gen_movi_i32(s->tmp2_i32, val); 5009 if (!gen_check_io(s, ot, s->tmp2_i32, SVM_IOIO_TYPE_MASK)) { 5010 break; 5011 } 5012 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { 5013 gen_io_start(); 5014 s->base.is_jmp = DISAS_TOO_MANY; 5015 } 5016 gen_helper_in_func(ot, s->T1, s->tmp2_i32); 5017 gen_op_mov_reg_v(s, ot, R_EAX, s->T1); 5018 gen_bpt_io(s, s->tmp2_i32, ot); 5019 break; 5020 case 0xe6: 5021 case 0xe7: 5022 ot = mo_b_d32(b, dflag); 5023 val = x86_ldub_code(env, s); 5024 tcg_gen_movi_i32(s->tmp2_i32, val); 5025 if (!gen_check_io(s, ot, s->tmp2_i32, 0)) { 5026 break; 5027 } 5028 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { 5029 gen_io_start(); 5030 s->base.is_jmp = DISAS_TOO_MANY; 5031 } 5032 gen_op_mov_v_reg(s, ot, s->T1, R_EAX); 5033 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1); 5034 gen_helper_out_func(ot, s->tmp2_i32, s->tmp3_i32); 5035 gen_bpt_io(s, s->tmp2_i32, ot); 5036 break; 5037 case 0xec: 5038 case 0xed: 5039 ot = mo_b_d32(b, dflag); 5040 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]); 5041 tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32); 5042 if (!gen_check_io(s, ot, s->tmp2_i32, SVM_IOIO_TYPE_MASK)) { 5043 break; 5044 } 5045 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { 5046 gen_io_start(); 5047 s->base.is_jmp = DISAS_TOO_MANY; 5048 } 5049 gen_helper_in_func(ot, s->T1, s->tmp2_i32); 5050 gen_op_mov_reg_v(s, ot, R_EAX, s->T1); 5051 gen_bpt_io(s, s->tmp2_i32, ot); 5052 break; 5053 case 0xee: 5054 case 0xef: 5055 ot = mo_b_d32(b, dflag); 5056 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]); 5057 tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32); 5058 if (!gen_check_io(s, ot, s->tmp2_i32, 0)) { 5059 break; 5060 } 5061 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { 5062 gen_io_start(); 5063 s->base.is_jmp = DISAS_TOO_MANY; 5064 } 5065 gen_op_mov_v_reg(s, ot, s->T1, R_EAX); 5066 tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1); 5067 gen_helper_out_func(ot, s->tmp2_i32, s->tmp3_i32); 5068 gen_bpt_io(s, s->tmp2_i32, ot); 5069 break; 5070 5071 /************************/ 5072 /* control */ 5073 case 0xc2: /* ret im */ 5074 val = x86_ldsw_code(env, s); 5075 ot = gen_pop_T0(s); 5076 gen_stack_update(s, val + (1 << ot)); 5077 /* Note that gen_pop_T0 uses a zero-extending load. */ 5078 gen_op_jmp_v(s, s->T0); 5079 gen_bnd_jmp(s); 5080 s->base.is_jmp = DISAS_JUMP; 5081 break; 5082 case 0xc3: /* ret */ 5083 ot = gen_pop_T0(s); 5084 gen_pop_update(s, ot); 5085 /* Note that gen_pop_T0 uses a zero-extending load. */ 5086 gen_op_jmp_v(s, s->T0); 5087 gen_bnd_jmp(s); 5088 s->base.is_jmp = DISAS_JUMP; 5089 break; 5090 case 0xca: /* lret im */ 5091 val = x86_ldsw_code(env, s); 5092 do_lret: 5093 if (PE(s) && !VM86(s)) { 5094 gen_update_cc_op(s); 5095 gen_update_eip_cur(s); 5096 gen_helper_lret_protected(cpu_env, tcg_constant_i32(dflag - 1), 5097 tcg_constant_i32(val)); 5098 } else { 5099 gen_stack_A0(s); 5100 /* pop offset */ 5101 gen_op_ld_v(s, dflag, s->T0, s->A0); 5102 /* NOTE: keeping EIP updated is not a problem in case of 5103 exception */ 5104 gen_op_jmp_v(s, s->T0); 5105 /* pop selector */ 5106 gen_add_A0_im(s, 1 << dflag); 5107 gen_op_ld_v(s, dflag, s->T0, s->A0); 5108 gen_op_movl_seg_T0_vm(s, R_CS); 5109 /* add stack offset */ 5110 gen_stack_update(s, val + (2 << dflag)); 5111 } 5112 s->base.is_jmp = DISAS_EOB_ONLY; 5113 break; 5114 case 0xcb: /* lret */ 5115 val = 0; 5116 goto do_lret; 5117 case 0xcf: /* iret */ 5118 gen_svm_check_intercept(s, SVM_EXIT_IRET); 5119 if (!PE(s) || VM86(s)) { 5120 /* real mode or vm86 mode */ 5121 if (!check_vm86_iopl(s)) { 5122 break; 5123 } 5124 gen_helper_iret_real(cpu_env, tcg_constant_i32(dflag - 1)); 5125 } else { 5126 gen_helper_iret_protected(cpu_env, tcg_constant_i32(dflag - 1), 5127 eip_next_i32(s)); 5128 } 5129 set_cc_op(s, CC_OP_EFLAGS); 5130 s->base.is_jmp = DISAS_EOB_ONLY; 5131 break; 5132 case 0xe8: /* call im */ 5133 { 5134 int diff = (dflag != MO_16 5135 ? (int32_t)insn_get(env, s, MO_32) 5136 : (int16_t)insn_get(env, s, MO_16)); 5137 gen_push_v(s, eip_next_tl(s)); 5138 gen_bnd_jmp(s); 5139 gen_jmp_rel(s, dflag, diff, 0); 5140 } 5141 break; 5142 case 0x9a: /* lcall im */ 5143 { 5144 unsigned int selector, offset; 5145 5146 if (CODE64(s)) 5147 goto illegal_op; 5148 ot = dflag; 5149 offset = insn_get(env, s, ot); 5150 selector = insn_get(env, s, MO_16); 5151 5152 tcg_gen_movi_tl(s->T0, selector); 5153 tcg_gen_movi_tl(s->T1, offset); 5154 } 5155 goto do_lcall; 5156 case 0xe9: /* jmp im */ 5157 { 5158 int diff = (dflag != MO_16 5159 ? (int32_t)insn_get(env, s, MO_32) 5160 : (int16_t)insn_get(env, s, MO_16)); 5161 gen_bnd_jmp(s); 5162 gen_jmp_rel(s, dflag, diff, 0); 5163 } 5164 break; 5165 case 0xea: /* ljmp im */ 5166 { 5167 unsigned int selector, offset; 5168 5169 if (CODE64(s)) 5170 goto illegal_op; 5171 ot = dflag; 5172 offset = insn_get(env, s, ot); 5173 selector = insn_get(env, s, MO_16); 5174 5175 tcg_gen_movi_tl(s->T0, selector); 5176 tcg_gen_movi_tl(s->T1, offset); 5177 } 5178 goto do_ljmp; 5179 case 0xeb: /* jmp Jb */ 5180 { 5181 int diff = (int8_t)insn_get(env, s, MO_8); 5182 gen_jmp_rel(s, dflag, diff, 0); 5183 } 5184 break; 5185 case 0x70 ... 0x7f: /* jcc Jb */ 5186 { 5187 int diff = (int8_t)insn_get(env, s, MO_8); 5188 gen_bnd_jmp(s); 5189 gen_jcc(s, b, diff); 5190 } 5191 break; 5192 case 0x180 ... 0x18f: /* jcc Jv */ 5193 { 5194 int diff = (dflag != MO_16 5195 ? (int32_t)insn_get(env, s, MO_32) 5196 : (int16_t)insn_get(env, s, MO_16)); 5197 gen_bnd_jmp(s); 5198 gen_jcc(s, b, diff); 5199 } 5200 break; 5201 5202 case 0x190 ... 0x19f: /* setcc Gv */ 5203 modrm = x86_ldub_code(env, s); 5204 gen_setcc1(s, b, s->T0); 5205 gen_ldst_modrm(env, s, modrm, MO_8, OR_TMP0, 1); 5206 break; 5207 case 0x140 ... 0x14f: /* cmov Gv, Ev */ 5208 if (!(s->cpuid_features & CPUID_CMOV)) { 5209 goto illegal_op; 5210 } 5211 ot = dflag; 5212 modrm = x86_ldub_code(env, s); 5213 reg = ((modrm >> 3) & 7) | REX_R(s); 5214 gen_cmovcc1(env, s, ot, b, modrm, reg); 5215 break; 5216 5217 /************************/ 5218 /* flags */ 5219 case 0x9c: /* pushf */ 5220 gen_svm_check_intercept(s, SVM_EXIT_PUSHF); 5221 if (check_vm86_iopl(s)) { 5222 gen_update_cc_op(s); 5223 gen_helper_read_eflags(s->T0, cpu_env); 5224 gen_push_v(s, s->T0); 5225 } 5226 break; 5227 case 0x9d: /* popf */ 5228 gen_svm_check_intercept(s, SVM_EXIT_POPF); 5229 if (check_vm86_iopl(s)) { 5230 int mask = TF_MASK | AC_MASK | ID_MASK | NT_MASK; 5231 5232 if (CPL(s) == 0) { 5233 mask |= IF_MASK | IOPL_MASK; 5234 } else if (CPL(s) <= IOPL(s)) { 5235 mask |= IF_MASK; 5236 } 5237 if (dflag == MO_16) { 5238 mask &= 0xffff; 5239 } 5240 5241 ot = gen_pop_T0(s); 5242 gen_helper_write_eflags(cpu_env, s->T0, tcg_constant_i32(mask)); 5243 gen_pop_update(s, ot); 5244 set_cc_op(s, CC_OP_EFLAGS); 5245 /* abort translation because TF/AC flag may change */ 5246 s->base.is_jmp = DISAS_EOB_NEXT; 5247 } 5248 break; 5249 case 0x9e: /* sahf */ 5250 if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM)) 5251 goto illegal_op; 5252 tcg_gen_shri_tl(s->T0, cpu_regs[R_EAX], 8); 5253 gen_compute_eflags(s); 5254 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, CC_O); 5255 tcg_gen_andi_tl(s->T0, s->T0, CC_S | CC_Z | CC_A | CC_P | CC_C); 5256 tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, s->T0); 5257 break; 5258 case 0x9f: /* lahf */ 5259 if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM)) 5260 goto illegal_op; 5261 gen_compute_eflags(s); 5262 /* Note: gen_compute_eflags() only gives the condition codes */ 5263 tcg_gen_ori_tl(s->T0, cpu_cc_src, 0x02); 5264 tcg_gen_deposit_tl(cpu_regs[R_EAX], cpu_regs[R_EAX], s->T0, 8, 8); 5265 break; 5266 case 0xf5: /* cmc */ 5267 gen_compute_eflags(s); 5268 tcg_gen_xori_tl(cpu_cc_src, cpu_cc_src, CC_C); 5269 break; 5270 case 0xf8: /* clc */ 5271 gen_compute_eflags(s); 5272 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, ~CC_C); 5273 break; 5274 case 0xf9: /* stc */ 5275 gen_compute_eflags(s); 5276 tcg_gen_ori_tl(cpu_cc_src, cpu_cc_src, CC_C); 5277 break; 5278 case 0xfc: /* cld */ 5279 tcg_gen_movi_i32(s->tmp2_i32, 1); 5280 tcg_gen_st_i32(s->tmp2_i32, cpu_env, offsetof(CPUX86State, df)); 5281 break; 5282 case 0xfd: /* std */ 5283 tcg_gen_movi_i32(s->tmp2_i32, -1); 5284 tcg_gen_st_i32(s->tmp2_i32, cpu_env, offsetof(CPUX86State, df)); 5285 break; 5286 5287 /************************/ 5288 /* bit operations */ 5289 case 0x1ba: /* bt/bts/btr/btc Gv, im */ 5290 ot = dflag; 5291 modrm = x86_ldub_code(env, s); 5292 op = (modrm >> 3) & 7; 5293 mod = (modrm >> 6) & 3; 5294 rm = (modrm & 7) | REX_B(s); 5295 if (mod != 3) { 5296 s->rip_offset = 1; 5297 gen_lea_modrm(env, s, modrm); 5298 if (!(s->prefix & PREFIX_LOCK)) { 5299 gen_op_ld_v(s, ot, s->T0, s->A0); 5300 } 5301 } else { 5302 gen_op_mov_v_reg(s, ot, s->T0, rm); 5303 } 5304 /* load shift */ 5305 val = x86_ldub_code(env, s); 5306 tcg_gen_movi_tl(s->T1, val); 5307 if (op < 4) 5308 goto unknown_op; 5309 op -= 4; 5310 goto bt_op; 5311 case 0x1a3: /* bt Gv, Ev */ 5312 op = 0; 5313 goto do_btx; 5314 case 0x1ab: /* bts */ 5315 op = 1; 5316 goto do_btx; 5317 case 0x1b3: /* btr */ 5318 op = 2; 5319 goto do_btx; 5320 case 0x1bb: /* btc */ 5321 op = 3; 5322 do_btx: 5323 ot = dflag; 5324 modrm = x86_ldub_code(env, s); 5325 reg = ((modrm >> 3) & 7) | REX_R(s); 5326 mod = (modrm >> 6) & 3; 5327 rm = (modrm & 7) | REX_B(s); 5328 gen_op_mov_v_reg(s, MO_32, s->T1, reg); 5329 if (mod != 3) { 5330 AddressParts a = gen_lea_modrm_0(env, s, modrm); 5331 /* specific case: we need to add a displacement */ 5332 gen_exts(ot, s->T1); 5333 tcg_gen_sari_tl(s->tmp0, s->T1, 3 + ot); 5334 tcg_gen_shli_tl(s->tmp0, s->tmp0, ot); 5335 tcg_gen_add_tl(s->A0, gen_lea_modrm_1(s, a, false), s->tmp0); 5336 gen_lea_v_seg(s, s->aflag, s->A0, a.def_seg, s->override); 5337 if (!(s->prefix & PREFIX_LOCK)) { 5338 gen_op_ld_v(s, ot, s->T0, s->A0); 5339 } 5340 } else { 5341 gen_op_mov_v_reg(s, ot, s->T0, rm); 5342 } 5343 bt_op: 5344 tcg_gen_andi_tl(s->T1, s->T1, (1 << (3 + ot)) - 1); 5345 tcg_gen_movi_tl(s->tmp0, 1); 5346 tcg_gen_shl_tl(s->tmp0, s->tmp0, s->T1); 5347 if (s->prefix & PREFIX_LOCK) { 5348 switch (op) { 5349 case 0: /* bt */ 5350 /* Needs no atomic ops; we surpressed the normal 5351 memory load for LOCK above so do it now. */ 5352 gen_op_ld_v(s, ot, s->T0, s->A0); 5353 break; 5354 case 1: /* bts */ 5355 tcg_gen_atomic_fetch_or_tl(s->T0, s->A0, s->tmp0, 5356 s->mem_index, ot | MO_LE); 5357 break; 5358 case 2: /* btr */ 5359 tcg_gen_not_tl(s->tmp0, s->tmp0); 5360 tcg_gen_atomic_fetch_and_tl(s->T0, s->A0, s->tmp0, 5361 s->mem_index, ot | MO_LE); 5362 break; 5363 default: 5364 case 3: /* btc */ 5365 tcg_gen_atomic_fetch_xor_tl(s->T0, s->A0, s->tmp0, 5366 s->mem_index, ot | MO_LE); 5367 break; 5368 } 5369 tcg_gen_shr_tl(s->tmp4, s->T0, s->T1); 5370 } else { 5371 tcg_gen_shr_tl(s->tmp4, s->T0, s->T1); 5372 switch (op) { 5373 case 0: /* bt */ 5374 /* Data already loaded; nothing to do. */ 5375 break; 5376 case 1: /* bts */ 5377 tcg_gen_or_tl(s->T0, s->T0, s->tmp0); 5378 break; 5379 case 2: /* btr */ 5380 tcg_gen_andc_tl(s->T0, s->T0, s->tmp0); 5381 break; 5382 default: 5383 case 3: /* btc */ 5384 tcg_gen_xor_tl(s->T0, s->T0, s->tmp0); 5385 break; 5386 } 5387 if (op != 0) { 5388 if (mod != 3) { 5389 gen_op_st_v(s, ot, s->T0, s->A0); 5390 } else { 5391 gen_op_mov_reg_v(s, ot, rm, s->T0); 5392 } 5393 } 5394 } 5395 5396 /* Delay all CC updates until after the store above. Note that 5397 C is the result of the test, Z is unchanged, and the others 5398 are all undefined. */ 5399 switch (s->cc_op) { 5400 case CC_OP_MULB ... CC_OP_MULQ: 5401 case CC_OP_ADDB ... CC_OP_ADDQ: 5402 case CC_OP_ADCB ... CC_OP_ADCQ: 5403 case CC_OP_SUBB ... CC_OP_SUBQ: 5404 case CC_OP_SBBB ... CC_OP_SBBQ: 5405 case CC_OP_LOGICB ... CC_OP_LOGICQ: 5406 case CC_OP_INCB ... CC_OP_INCQ: 5407 case CC_OP_DECB ... CC_OP_DECQ: 5408 case CC_OP_SHLB ... CC_OP_SHLQ: 5409 case CC_OP_SARB ... CC_OP_SARQ: 5410 case CC_OP_BMILGB ... CC_OP_BMILGQ: 5411 /* Z was going to be computed from the non-zero status of CC_DST. 5412 We can get that same Z value (and the new C value) by leaving 5413 CC_DST alone, setting CC_SRC, and using a CC_OP_SAR of the 5414 same width. */ 5415 tcg_gen_mov_tl(cpu_cc_src, s->tmp4); 5416 set_cc_op(s, ((s->cc_op - CC_OP_MULB) & 3) + CC_OP_SARB); 5417 break; 5418 default: 5419 /* Otherwise, generate EFLAGS and replace the C bit. */ 5420 gen_compute_eflags(s); 5421 tcg_gen_deposit_tl(cpu_cc_src, cpu_cc_src, s->tmp4, 5422 ctz32(CC_C), 1); 5423 break; 5424 } 5425 break; 5426 case 0x1bc: /* bsf / tzcnt */ 5427 case 0x1bd: /* bsr / lzcnt */ 5428 ot = dflag; 5429 modrm = x86_ldub_code(env, s); 5430 reg = ((modrm >> 3) & 7) | REX_R(s); 5431 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0); 5432 gen_extu(ot, s->T0); 5433 5434 /* Note that lzcnt and tzcnt are in different extensions. */ 5435 if ((prefixes & PREFIX_REPZ) 5436 && (b & 1 5437 ? s->cpuid_ext3_features & CPUID_EXT3_ABM 5438 : s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI1)) { 5439 int size = 8 << ot; 5440 /* For lzcnt/tzcnt, C bit is defined related to the input. */ 5441 tcg_gen_mov_tl(cpu_cc_src, s->T0); 5442 if (b & 1) { 5443 /* For lzcnt, reduce the target_ulong result by the 5444 number of zeros that we expect to find at the top. */ 5445 tcg_gen_clzi_tl(s->T0, s->T0, TARGET_LONG_BITS); 5446 tcg_gen_subi_tl(s->T0, s->T0, TARGET_LONG_BITS - size); 5447 } else { 5448 /* For tzcnt, a zero input must return the operand size. */ 5449 tcg_gen_ctzi_tl(s->T0, s->T0, size); 5450 } 5451 /* For lzcnt/tzcnt, Z bit is defined related to the result. */ 5452 gen_op_update1_cc(s); 5453 set_cc_op(s, CC_OP_BMILGB + ot); 5454 } else { 5455 /* For bsr/bsf, only the Z bit is defined and it is related 5456 to the input and not the result. */ 5457 tcg_gen_mov_tl(cpu_cc_dst, s->T0); 5458 set_cc_op(s, CC_OP_LOGICB + ot); 5459 5460 /* ??? The manual says that the output is undefined when the 5461 input is zero, but real hardware leaves it unchanged, and 5462 real programs appear to depend on that. Accomplish this 5463 by passing the output as the value to return upon zero. */ 5464 if (b & 1) { 5465 /* For bsr, return the bit index of the first 1 bit, 5466 not the count of leading zeros. */ 5467 tcg_gen_xori_tl(s->T1, cpu_regs[reg], TARGET_LONG_BITS - 1); 5468 tcg_gen_clz_tl(s->T0, s->T0, s->T1); 5469 tcg_gen_xori_tl(s->T0, s->T0, TARGET_LONG_BITS - 1); 5470 } else { 5471 tcg_gen_ctz_tl(s->T0, s->T0, cpu_regs[reg]); 5472 } 5473 } 5474 gen_op_mov_reg_v(s, ot, reg, s->T0); 5475 break; 5476 /************************/ 5477 /* bcd */ 5478 case 0x27: /* daa */ 5479 if (CODE64(s)) 5480 goto illegal_op; 5481 gen_update_cc_op(s); 5482 gen_helper_daa(cpu_env); 5483 set_cc_op(s, CC_OP_EFLAGS); 5484 break; 5485 case 0x2f: /* das */ 5486 if (CODE64(s)) 5487 goto illegal_op; 5488 gen_update_cc_op(s); 5489 gen_helper_das(cpu_env); 5490 set_cc_op(s, CC_OP_EFLAGS); 5491 break; 5492 case 0x37: /* aaa */ 5493 if (CODE64(s)) 5494 goto illegal_op; 5495 gen_update_cc_op(s); 5496 gen_helper_aaa(cpu_env); 5497 set_cc_op(s, CC_OP_EFLAGS); 5498 break; 5499 case 0x3f: /* aas */ 5500 if (CODE64(s)) 5501 goto illegal_op; 5502 gen_update_cc_op(s); 5503 gen_helper_aas(cpu_env); 5504 set_cc_op(s, CC_OP_EFLAGS); 5505 break; 5506 case 0xd4: /* aam */ 5507 if (CODE64(s)) 5508 goto illegal_op; 5509 val = x86_ldub_code(env, s); 5510 if (val == 0) { 5511 gen_exception(s, EXCP00_DIVZ); 5512 } else { 5513 gen_helper_aam(cpu_env, tcg_constant_i32(val)); 5514 set_cc_op(s, CC_OP_LOGICB); 5515 } 5516 break; 5517 case 0xd5: /* aad */ 5518 if (CODE64(s)) 5519 goto illegal_op; 5520 val = x86_ldub_code(env, s); 5521 gen_helper_aad(cpu_env, tcg_constant_i32(val)); 5522 set_cc_op(s, CC_OP_LOGICB); 5523 break; 5524 /************************/ 5525 /* misc */ 5526 case 0x90: /* nop */ 5527 /* XXX: correct lock test for all insn */ 5528 if (prefixes & PREFIX_LOCK) { 5529 goto illegal_op; 5530 } 5531 /* If REX_B is set, then this is xchg eax, r8d, not a nop. */ 5532 if (REX_B(s)) { 5533 goto do_xchg_reg_eax; 5534 } 5535 if (prefixes & PREFIX_REPZ) { 5536 gen_update_cc_op(s); 5537 gen_update_eip_cur(s); 5538 gen_helper_pause(cpu_env, cur_insn_len_i32(s)); 5539 s->base.is_jmp = DISAS_NORETURN; 5540 } 5541 break; 5542 case 0x9b: /* fwait */ 5543 if ((s->flags & (HF_MP_MASK | HF_TS_MASK)) == 5544 (HF_MP_MASK | HF_TS_MASK)) { 5545 gen_exception(s, EXCP07_PREX); 5546 } else { 5547 gen_helper_fwait(cpu_env); 5548 } 5549 break; 5550 case 0xcc: /* int3 */ 5551 gen_interrupt(s, EXCP03_INT3); 5552 break; 5553 case 0xcd: /* int N */ 5554 val = x86_ldub_code(env, s); 5555 if (check_vm86_iopl(s)) { 5556 gen_interrupt(s, val); 5557 } 5558 break; 5559 case 0xce: /* into */ 5560 if (CODE64(s)) 5561 goto illegal_op; 5562 gen_update_cc_op(s); 5563 gen_update_eip_cur(s); 5564 gen_helper_into(cpu_env, cur_insn_len_i32(s)); 5565 break; 5566 #ifdef WANT_ICEBP 5567 case 0xf1: /* icebp (undocumented, exits to external debugger) */ 5568 gen_svm_check_intercept(s, SVM_EXIT_ICEBP); 5569 gen_debug(s); 5570 break; 5571 #endif 5572 case 0xfa: /* cli */ 5573 if (check_iopl(s)) { 5574 gen_reset_eflags(s, IF_MASK); 5575 } 5576 break; 5577 case 0xfb: /* sti */ 5578 if (check_iopl(s)) { 5579 gen_set_eflags(s, IF_MASK); 5580 /* interruptions are enabled only the first insn after sti */ 5581 gen_update_eip_next(s); 5582 gen_eob_inhibit_irq(s, true); 5583 } 5584 break; 5585 case 0x62: /* bound */ 5586 if (CODE64(s)) 5587 goto illegal_op; 5588 ot = dflag; 5589 modrm = x86_ldub_code(env, s); 5590 reg = (modrm >> 3) & 7; 5591 mod = (modrm >> 6) & 3; 5592 if (mod == 3) 5593 goto illegal_op; 5594 gen_op_mov_v_reg(s, ot, s->T0, reg); 5595 gen_lea_modrm(env, s, modrm); 5596 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); 5597 if (ot == MO_16) { 5598 gen_helper_boundw(cpu_env, s->A0, s->tmp2_i32); 5599 } else { 5600 gen_helper_boundl(cpu_env, s->A0, s->tmp2_i32); 5601 } 5602 break; 5603 case 0x1c8 ... 0x1cf: /* bswap reg */ 5604 reg = (b & 7) | REX_B(s); 5605 #ifdef TARGET_X86_64 5606 if (dflag == MO_64) { 5607 tcg_gen_bswap64_i64(cpu_regs[reg], cpu_regs[reg]); 5608 break; 5609 } 5610 #endif 5611 tcg_gen_bswap32_tl(cpu_regs[reg], cpu_regs[reg], TCG_BSWAP_OZ); 5612 break; 5613 case 0xd6: /* salc */ 5614 if (CODE64(s)) 5615 goto illegal_op; 5616 gen_compute_eflags_c(s, s->T0); 5617 tcg_gen_neg_tl(s->T0, s->T0); 5618 gen_op_mov_reg_v(s, MO_8, R_EAX, s->T0); 5619 break; 5620 case 0xe0: /* loopnz */ 5621 case 0xe1: /* loopz */ 5622 case 0xe2: /* loop */ 5623 case 0xe3: /* jecxz */ 5624 { 5625 TCGLabel *l1, *l2; 5626 int diff = (int8_t)insn_get(env, s, MO_8); 5627 5628 l1 = gen_new_label(); 5629 l2 = gen_new_label(); 5630 gen_update_cc_op(s); 5631 b &= 3; 5632 switch(b) { 5633 case 0: /* loopnz */ 5634 case 1: /* loopz */ 5635 gen_op_add_reg_im(s, s->aflag, R_ECX, -1); 5636 gen_op_jz_ecx(s, l2); 5637 gen_jcc1(s, (JCC_Z << 1) | (b ^ 1), l1); 5638 break; 5639 case 2: /* loop */ 5640 gen_op_add_reg_im(s, s->aflag, R_ECX, -1); 5641 gen_op_jnz_ecx(s, l1); 5642 break; 5643 default: 5644 case 3: /* jcxz */ 5645 gen_op_jz_ecx(s, l1); 5646 break; 5647 } 5648 5649 gen_set_label(l2); 5650 gen_jmp_rel_csize(s, 0, 1); 5651 5652 gen_set_label(l1); 5653 gen_jmp_rel(s, dflag, diff, 0); 5654 } 5655 break; 5656 case 0x130: /* wrmsr */ 5657 case 0x132: /* rdmsr */ 5658 if (check_cpl0(s)) { 5659 gen_update_cc_op(s); 5660 gen_update_eip_cur(s); 5661 if (b & 2) { 5662 gen_helper_rdmsr(cpu_env); 5663 } else { 5664 gen_helper_wrmsr(cpu_env); 5665 s->base.is_jmp = DISAS_EOB_NEXT; 5666 } 5667 } 5668 break; 5669 case 0x131: /* rdtsc */ 5670 gen_update_cc_op(s); 5671 gen_update_eip_cur(s); 5672 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { 5673 gen_io_start(); 5674 s->base.is_jmp = DISAS_TOO_MANY; 5675 } 5676 gen_helper_rdtsc(cpu_env); 5677 break; 5678 case 0x133: /* rdpmc */ 5679 gen_update_cc_op(s); 5680 gen_update_eip_cur(s); 5681 gen_helper_rdpmc(cpu_env); 5682 s->base.is_jmp = DISAS_NORETURN; 5683 break; 5684 case 0x134: /* sysenter */ 5685 /* For Intel SYSENTER is valid on 64-bit */ 5686 if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1) 5687 goto illegal_op; 5688 if (!PE(s)) { 5689 gen_exception_gpf(s); 5690 } else { 5691 gen_helper_sysenter(cpu_env); 5692 s->base.is_jmp = DISAS_EOB_ONLY; 5693 } 5694 break; 5695 case 0x135: /* sysexit */ 5696 /* For Intel SYSEXIT is valid on 64-bit */ 5697 if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1) 5698 goto illegal_op; 5699 if (!PE(s)) { 5700 gen_exception_gpf(s); 5701 } else { 5702 gen_helper_sysexit(cpu_env, tcg_constant_i32(dflag - 1)); 5703 s->base.is_jmp = DISAS_EOB_ONLY; 5704 } 5705 break; 5706 #ifdef TARGET_X86_64 5707 case 0x105: /* syscall */ 5708 /* XXX: is it usable in real mode ? */ 5709 gen_update_cc_op(s); 5710 gen_update_eip_cur(s); 5711 gen_helper_syscall(cpu_env, cur_insn_len_i32(s)); 5712 /* TF handling for the syscall insn is different. The TF bit is checked 5713 after the syscall insn completes. This allows #DB to not be 5714 generated after one has entered CPL0 if TF is set in FMASK. */ 5715 gen_eob_worker(s, false, true); 5716 break; 5717 case 0x107: /* sysret */ 5718 if (!PE(s)) { 5719 gen_exception_gpf(s); 5720 } else { 5721 gen_helper_sysret(cpu_env, tcg_constant_i32(dflag - 1)); 5722 /* condition codes are modified only in long mode */ 5723 if (LMA(s)) { 5724 set_cc_op(s, CC_OP_EFLAGS); 5725 } 5726 /* TF handling for the sysret insn is different. The TF bit is 5727 checked after the sysret insn completes. This allows #DB to be 5728 generated "as if" the syscall insn in userspace has just 5729 completed. */ 5730 gen_eob_worker(s, false, true); 5731 } 5732 break; 5733 #endif 5734 case 0x1a2: /* cpuid */ 5735 gen_update_cc_op(s); 5736 gen_update_eip_cur(s); 5737 gen_helper_cpuid(cpu_env); 5738 break; 5739 case 0xf4: /* hlt */ 5740 if (check_cpl0(s)) { 5741 gen_update_cc_op(s); 5742 gen_update_eip_cur(s); 5743 gen_helper_hlt(cpu_env, cur_insn_len_i32(s)); 5744 s->base.is_jmp = DISAS_NORETURN; 5745 } 5746 break; 5747 case 0x100: 5748 modrm = x86_ldub_code(env, s); 5749 mod = (modrm >> 6) & 3; 5750 op = (modrm >> 3) & 7; 5751 switch(op) { 5752 case 0: /* sldt */ 5753 if (!PE(s) || VM86(s)) 5754 goto illegal_op; 5755 if (s->flags & HF_UMIP_MASK && !check_cpl0(s)) { 5756 break; 5757 } 5758 gen_svm_check_intercept(s, SVM_EXIT_LDTR_READ); 5759 tcg_gen_ld32u_tl(s->T0, cpu_env, 5760 offsetof(CPUX86State, ldt.selector)); 5761 ot = mod == 3 ? dflag : MO_16; 5762 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1); 5763 break; 5764 case 2: /* lldt */ 5765 if (!PE(s) || VM86(s)) 5766 goto illegal_op; 5767 if (check_cpl0(s)) { 5768 gen_svm_check_intercept(s, SVM_EXIT_LDTR_WRITE); 5769 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); 5770 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); 5771 gen_helper_lldt(cpu_env, s->tmp2_i32); 5772 } 5773 break; 5774 case 1: /* str */ 5775 if (!PE(s) || VM86(s)) 5776 goto illegal_op; 5777 if (s->flags & HF_UMIP_MASK && !check_cpl0(s)) { 5778 break; 5779 } 5780 gen_svm_check_intercept(s, SVM_EXIT_TR_READ); 5781 tcg_gen_ld32u_tl(s->T0, cpu_env, 5782 offsetof(CPUX86State, tr.selector)); 5783 ot = mod == 3 ? dflag : MO_16; 5784 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1); 5785 break; 5786 case 3: /* ltr */ 5787 if (!PE(s) || VM86(s)) 5788 goto illegal_op; 5789 if (check_cpl0(s)) { 5790 gen_svm_check_intercept(s, SVM_EXIT_TR_WRITE); 5791 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); 5792 tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0); 5793 gen_helper_ltr(cpu_env, s->tmp2_i32); 5794 } 5795 break; 5796 case 4: /* verr */ 5797 case 5: /* verw */ 5798 if (!PE(s) || VM86(s)) 5799 goto illegal_op; 5800 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); 5801 gen_update_cc_op(s); 5802 if (op == 4) { 5803 gen_helper_verr(cpu_env, s->T0); 5804 } else { 5805 gen_helper_verw(cpu_env, s->T0); 5806 } 5807 set_cc_op(s, CC_OP_EFLAGS); 5808 break; 5809 default: 5810 goto unknown_op; 5811 } 5812 break; 5813 5814 case 0x101: 5815 modrm = x86_ldub_code(env, s); 5816 switch (modrm) { 5817 CASE_MODRM_MEM_OP(0): /* sgdt */ 5818 if (s->flags & HF_UMIP_MASK && !check_cpl0(s)) { 5819 break; 5820 } 5821 gen_svm_check_intercept(s, SVM_EXIT_GDTR_READ); 5822 gen_lea_modrm(env, s, modrm); 5823 tcg_gen_ld32u_tl(s->T0, 5824 cpu_env, offsetof(CPUX86State, gdt.limit)); 5825 gen_op_st_v(s, MO_16, s->T0, s->A0); 5826 gen_add_A0_im(s, 2); 5827 tcg_gen_ld_tl(s->T0, cpu_env, offsetof(CPUX86State, gdt.base)); 5828 if (dflag == MO_16) { 5829 tcg_gen_andi_tl(s->T0, s->T0, 0xffffff); 5830 } 5831 gen_op_st_v(s, CODE64(s) + MO_32, s->T0, s->A0); 5832 break; 5833 5834 case 0xc8: /* monitor */ 5835 if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) || CPL(s) != 0) { 5836 goto illegal_op; 5837 } 5838 gen_update_cc_op(s); 5839 gen_update_eip_cur(s); 5840 tcg_gen_mov_tl(s->A0, cpu_regs[R_EAX]); 5841 gen_extu(s->aflag, s->A0); 5842 gen_add_A0_ds_seg(s); 5843 gen_helper_monitor(cpu_env, s->A0); 5844 break; 5845 5846 case 0xc9: /* mwait */ 5847 if (!(s->cpuid_ext_features & CPUID_EXT_MONITOR) || CPL(s) != 0) { 5848 goto illegal_op; 5849 } 5850 gen_update_cc_op(s); 5851 gen_update_eip_cur(s); 5852 gen_helper_mwait(cpu_env, cur_insn_len_i32(s)); 5853 s->base.is_jmp = DISAS_NORETURN; 5854 break; 5855 5856 case 0xca: /* clac */ 5857 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP) 5858 || CPL(s) != 0) { 5859 goto illegal_op; 5860 } 5861 gen_reset_eflags(s, AC_MASK); 5862 s->base.is_jmp = DISAS_EOB_NEXT; 5863 break; 5864 5865 case 0xcb: /* stac */ 5866 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SMAP) 5867 || CPL(s) != 0) { 5868 goto illegal_op; 5869 } 5870 gen_set_eflags(s, AC_MASK); 5871 s->base.is_jmp = DISAS_EOB_NEXT; 5872 break; 5873 5874 CASE_MODRM_MEM_OP(1): /* sidt */ 5875 if (s->flags & HF_UMIP_MASK && !check_cpl0(s)) { 5876 break; 5877 } 5878 gen_svm_check_intercept(s, SVM_EXIT_IDTR_READ); 5879 gen_lea_modrm(env, s, modrm); 5880 tcg_gen_ld32u_tl(s->T0, cpu_env, offsetof(CPUX86State, idt.limit)); 5881 gen_op_st_v(s, MO_16, s->T0, s->A0); 5882 gen_add_A0_im(s, 2); 5883 tcg_gen_ld_tl(s->T0, cpu_env, offsetof(CPUX86State, idt.base)); 5884 if (dflag == MO_16) { 5885 tcg_gen_andi_tl(s->T0, s->T0, 0xffffff); 5886 } 5887 gen_op_st_v(s, CODE64(s) + MO_32, s->T0, s->A0); 5888 break; 5889 5890 case 0xd0: /* xgetbv */ 5891 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0 5892 || (s->prefix & (PREFIX_LOCK | PREFIX_DATA 5893 | PREFIX_REPZ | PREFIX_REPNZ))) { 5894 goto illegal_op; 5895 } 5896 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]); 5897 gen_helper_xgetbv(s->tmp1_i64, cpu_env, s->tmp2_i32); 5898 tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], s->tmp1_i64); 5899 break; 5900 5901 case 0xd1: /* xsetbv */ 5902 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0 5903 || (s->prefix & (PREFIX_LOCK | PREFIX_DATA 5904 | PREFIX_REPZ | PREFIX_REPNZ))) { 5905 goto illegal_op; 5906 } 5907 if (!check_cpl0(s)) { 5908 break; 5909 } 5910 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX], 5911 cpu_regs[R_EDX]); 5912 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]); 5913 gen_helper_xsetbv(cpu_env, s->tmp2_i32, s->tmp1_i64); 5914 /* End TB because translation flags may change. */ 5915 s->base.is_jmp = DISAS_EOB_NEXT; 5916 break; 5917 5918 case 0xd8: /* VMRUN */ 5919 if (!SVME(s) || !PE(s)) { 5920 goto illegal_op; 5921 } 5922 if (!check_cpl0(s)) { 5923 break; 5924 } 5925 gen_update_cc_op(s); 5926 gen_update_eip_cur(s); 5927 gen_helper_vmrun(cpu_env, tcg_constant_i32(s->aflag - 1), 5928 cur_insn_len_i32(s)); 5929 tcg_gen_exit_tb(NULL, 0); 5930 s->base.is_jmp = DISAS_NORETURN; 5931 break; 5932 5933 case 0xd9: /* VMMCALL */ 5934 if (!SVME(s)) { 5935 goto illegal_op; 5936 } 5937 gen_update_cc_op(s); 5938 gen_update_eip_cur(s); 5939 gen_helper_vmmcall(cpu_env); 5940 break; 5941 5942 case 0xda: /* VMLOAD */ 5943 if (!SVME(s) || !PE(s)) { 5944 goto illegal_op; 5945 } 5946 if (!check_cpl0(s)) { 5947 break; 5948 } 5949 gen_update_cc_op(s); 5950 gen_update_eip_cur(s); 5951 gen_helper_vmload(cpu_env, tcg_constant_i32(s->aflag - 1)); 5952 break; 5953 5954 case 0xdb: /* VMSAVE */ 5955 if (!SVME(s) || !PE(s)) { 5956 goto illegal_op; 5957 } 5958 if (!check_cpl0(s)) { 5959 break; 5960 } 5961 gen_update_cc_op(s); 5962 gen_update_eip_cur(s); 5963 gen_helper_vmsave(cpu_env, tcg_constant_i32(s->aflag - 1)); 5964 break; 5965 5966 case 0xdc: /* STGI */ 5967 if ((!SVME(s) && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT)) 5968 || !PE(s)) { 5969 goto illegal_op; 5970 } 5971 if (!check_cpl0(s)) { 5972 break; 5973 } 5974 gen_update_cc_op(s); 5975 gen_helper_stgi(cpu_env); 5976 s->base.is_jmp = DISAS_EOB_NEXT; 5977 break; 5978 5979 case 0xdd: /* CLGI */ 5980 if (!SVME(s) || !PE(s)) { 5981 goto illegal_op; 5982 } 5983 if (!check_cpl0(s)) { 5984 break; 5985 } 5986 gen_update_cc_op(s); 5987 gen_update_eip_cur(s); 5988 gen_helper_clgi(cpu_env); 5989 break; 5990 5991 case 0xde: /* SKINIT */ 5992 if ((!SVME(s) && !(s->cpuid_ext3_features & CPUID_EXT3_SKINIT)) 5993 || !PE(s)) { 5994 goto illegal_op; 5995 } 5996 gen_svm_check_intercept(s, SVM_EXIT_SKINIT); 5997 /* If not intercepted, not implemented -- raise #UD. */ 5998 goto illegal_op; 5999 6000 case 0xdf: /* INVLPGA */ 6001 if (!SVME(s) || !PE(s)) { 6002 goto illegal_op; 6003 } 6004 if (!check_cpl0(s)) { 6005 break; 6006 } 6007 gen_svm_check_intercept(s, SVM_EXIT_INVLPGA); 6008 if (s->aflag == MO_64) { 6009 tcg_gen_mov_tl(s->A0, cpu_regs[R_EAX]); 6010 } else { 6011 tcg_gen_ext32u_tl(s->A0, cpu_regs[R_EAX]); 6012 } 6013 gen_helper_flush_page(cpu_env, s->A0); 6014 s->base.is_jmp = DISAS_EOB_NEXT; 6015 break; 6016 6017 CASE_MODRM_MEM_OP(2): /* lgdt */ 6018 if (!check_cpl0(s)) { 6019 break; 6020 } 6021 gen_svm_check_intercept(s, SVM_EXIT_GDTR_WRITE); 6022 gen_lea_modrm(env, s, modrm); 6023 gen_op_ld_v(s, MO_16, s->T1, s->A0); 6024 gen_add_A0_im(s, 2); 6025 gen_op_ld_v(s, CODE64(s) + MO_32, s->T0, s->A0); 6026 if (dflag == MO_16) { 6027 tcg_gen_andi_tl(s->T0, s->T0, 0xffffff); 6028 } 6029 tcg_gen_st_tl(s->T0, cpu_env, offsetof(CPUX86State, gdt.base)); 6030 tcg_gen_st32_tl(s->T1, cpu_env, offsetof(CPUX86State, gdt.limit)); 6031 break; 6032 6033 CASE_MODRM_MEM_OP(3): /* lidt */ 6034 if (!check_cpl0(s)) { 6035 break; 6036 } 6037 gen_svm_check_intercept(s, SVM_EXIT_IDTR_WRITE); 6038 gen_lea_modrm(env, s, modrm); 6039 gen_op_ld_v(s, MO_16, s->T1, s->A0); 6040 gen_add_A0_im(s, 2); 6041 gen_op_ld_v(s, CODE64(s) + MO_32, s->T0, s->A0); 6042 if (dflag == MO_16) { 6043 tcg_gen_andi_tl(s->T0, s->T0, 0xffffff); 6044 } 6045 tcg_gen_st_tl(s->T0, cpu_env, offsetof(CPUX86State, idt.base)); 6046 tcg_gen_st32_tl(s->T1, cpu_env, offsetof(CPUX86State, idt.limit)); 6047 break; 6048 6049 CASE_MODRM_OP(4): /* smsw */ 6050 if (s->flags & HF_UMIP_MASK && !check_cpl0(s)) { 6051 break; 6052 } 6053 gen_svm_check_intercept(s, SVM_EXIT_READ_CR0); 6054 tcg_gen_ld_tl(s->T0, cpu_env, offsetof(CPUX86State, cr[0])); 6055 /* 6056 * In 32-bit mode, the higher 16 bits of the destination 6057 * register are undefined. In practice CR0[31:0] is stored 6058 * just like in 64-bit mode. 6059 */ 6060 mod = (modrm >> 6) & 3; 6061 ot = (mod != 3 ? MO_16 : s->dflag); 6062 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1); 6063 break; 6064 case 0xee: /* rdpkru */ 6065 if (prefixes & PREFIX_LOCK) { 6066 goto illegal_op; 6067 } 6068 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]); 6069 gen_helper_rdpkru(s->tmp1_i64, cpu_env, s->tmp2_i32); 6070 tcg_gen_extr_i64_tl(cpu_regs[R_EAX], cpu_regs[R_EDX], s->tmp1_i64); 6071 break; 6072 case 0xef: /* wrpkru */ 6073 if (prefixes & PREFIX_LOCK) { 6074 goto illegal_op; 6075 } 6076 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX], 6077 cpu_regs[R_EDX]); 6078 tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_ECX]); 6079 gen_helper_wrpkru(cpu_env, s->tmp2_i32, s->tmp1_i64); 6080 break; 6081 6082 CASE_MODRM_OP(6): /* lmsw */ 6083 if (!check_cpl0(s)) { 6084 break; 6085 } 6086 gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0); 6087 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); 6088 /* 6089 * Only the 4 lower bits of CR0 are modified. 6090 * PE cannot be set to zero if already set to one. 6091 */ 6092 tcg_gen_ld_tl(s->T1, cpu_env, offsetof(CPUX86State, cr[0])); 6093 tcg_gen_andi_tl(s->T0, s->T0, 0xf); 6094 tcg_gen_andi_tl(s->T1, s->T1, ~0xe); 6095 tcg_gen_or_tl(s->T0, s->T0, s->T1); 6096 gen_helper_write_crN(cpu_env, tcg_constant_i32(0), s->T0); 6097 s->base.is_jmp = DISAS_EOB_NEXT; 6098 break; 6099 6100 CASE_MODRM_MEM_OP(7): /* invlpg */ 6101 if (!check_cpl0(s)) { 6102 break; 6103 } 6104 gen_svm_check_intercept(s, SVM_EXIT_INVLPG); 6105 gen_lea_modrm(env, s, modrm); 6106 gen_helper_flush_page(cpu_env, s->A0); 6107 s->base.is_jmp = DISAS_EOB_NEXT; 6108 break; 6109 6110 case 0xf8: /* swapgs */ 6111 #ifdef TARGET_X86_64 6112 if (CODE64(s)) { 6113 if (check_cpl0(s)) { 6114 tcg_gen_mov_tl(s->T0, cpu_seg_base[R_GS]); 6115 tcg_gen_ld_tl(cpu_seg_base[R_GS], cpu_env, 6116 offsetof(CPUX86State, kernelgsbase)); 6117 tcg_gen_st_tl(s->T0, cpu_env, 6118 offsetof(CPUX86State, kernelgsbase)); 6119 } 6120 break; 6121 } 6122 #endif 6123 goto illegal_op; 6124 6125 case 0xf9: /* rdtscp */ 6126 if (!(s->cpuid_ext2_features & CPUID_EXT2_RDTSCP)) { 6127 goto illegal_op; 6128 } 6129 gen_update_cc_op(s); 6130 gen_update_eip_cur(s); 6131 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { 6132 gen_io_start(); 6133 s->base.is_jmp = DISAS_TOO_MANY; 6134 } 6135 gen_helper_rdtscp(cpu_env); 6136 break; 6137 6138 default: 6139 goto unknown_op; 6140 } 6141 break; 6142 6143 case 0x108: /* invd */ 6144 case 0x109: /* wbinvd */ 6145 if (check_cpl0(s)) { 6146 gen_svm_check_intercept(s, (b & 2) ? SVM_EXIT_INVD : SVM_EXIT_WBINVD); 6147 /* nothing to do */ 6148 } 6149 break; 6150 case 0x63: /* arpl or movslS (x86_64) */ 6151 #ifdef TARGET_X86_64 6152 if (CODE64(s)) { 6153 int d_ot; 6154 /* d_ot is the size of destination */ 6155 d_ot = dflag; 6156 6157 modrm = x86_ldub_code(env, s); 6158 reg = ((modrm >> 3) & 7) | REX_R(s); 6159 mod = (modrm >> 6) & 3; 6160 rm = (modrm & 7) | REX_B(s); 6161 6162 if (mod == 3) { 6163 gen_op_mov_v_reg(s, MO_32, s->T0, rm); 6164 /* sign extend */ 6165 if (d_ot == MO_64) { 6166 tcg_gen_ext32s_tl(s->T0, s->T0); 6167 } 6168 gen_op_mov_reg_v(s, d_ot, reg, s->T0); 6169 } else { 6170 gen_lea_modrm(env, s, modrm); 6171 gen_op_ld_v(s, MO_32 | MO_SIGN, s->T0, s->A0); 6172 gen_op_mov_reg_v(s, d_ot, reg, s->T0); 6173 } 6174 } else 6175 #endif 6176 { 6177 TCGLabel *label1; 6178 TCGv t0, t1, t2; 6179 6180 if (!PE(s) || VM86(s)) 6181 goto illegal_op; 6182 t0 = tcg_temp_new(); 6183 t1 = tcg_temp_new(); 6184 t2 = tcg_temp_new(); 6185 ot = MO_16; 6186 modrm = x86_ldub_code(env, s); 6187 reg = (modrm >> 3) & 7; 6188 mod = (modrm >> 6) & 3; 6189 rm = modrm & 7; 6190 if (mod != 3) { 6191 gen_lea_modrm(env, s, modrm); 6192 gen_op_ld_v(s, ot, t0, s->A0); 6193 } else { 6194 gen_op_mov_v_reg(s, ot, t0, rm); 6195 } 6196 gen_op_mov_v_reg(s, ot, t1, reg); 6197 tcg_gen_andi_tl(s->tmp0, t0, 3); 6198 tcg_gen_andi_tl(t1, t1, 3); 6199 tcg_gen_movi_tl(t2, 0); 6200 label1 = gen_new_label(); 6201 tcg_gen_brcond_tl(TCG_COND_GE, s->tmp0, t1, label1); 6202 tcg_gen_andi_tl(t0, t0, ~3); 6203 tcg_gen_or_tl(t0, t0, t1); 6204 tcg_gen_movi_tl(t2, CC_Z); 6205 gen_set_label(label1); 6206 if (mod != 3) { 6207 gen_op_st_v(s, ot, t0, s->A0); 6208 } else { 6209 gen_op_mov_reg_v(s, ot, rm, t0); 6210 } 6211 gen_compute_eflags(s); 6212 tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, ~CC_Z); 6213 tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, t2); 6214 } 6215 break; 6216 case 0x102: /* lar */ 6217 case 0x103: /* lsl */ 6218 { 6219 TCGLabel *label1; 6220 TCGv t0; 6221 if (!PE(s) || VM86(s)) 6222 goto illegal_op; 6223 ot = dflag != MO_16 ? MO_32 : MO_16; 6224 modrm = x86_ldub_code(env, s); 6225 reg = ((modrm >> 3) & 7) | REX_R(s); 6226 gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0); 6227 t0 = tcg_temp_new(); 6228 gen_update_cc_op(s); 6229 if (b == 0x102) { 6230 gen_helper_lar(t0, cpu_env, s->T0); 6231 } else { 6232 gen_helper_lsl(t0, cpu_env, s->T0); 6233 } 6234 tcg_gen_andi_tl(s->tmp0, cpu_cc_src, CC_Z); 6235 label1 = gen_new_label(); 6236 tcg_gen_brcondi_tl(TCG_COND_EQ, s->tmp0, 0, label1); 6237 gen_op_mov_reg_v(s, ot, reg, t0); 6238 gen_set_label(label1); 6239 set_cc_op(s, CC_OP_EFLAGS); 6240 } 6241 break; 6242 case 0x118: 6243 modrm = x86_ldub_code(env, s); 6244 mod = (modrm >> 6) & 3; 6245 op = (modrm >> 3) & 7; 6246 switch(op) { 6247 case 0: /* prefetchnta */ 6248 case 1: /* prefetchnt0 */ 6249 case 2: /* prefetchnt0 */ 6250 case 3: /* prefetchnt0 */ 6251 if (mod == 3) 6252 goto illegal_op; 6253 gen_nop_modrm(env, s, modrm); 6254 /* nothing more to do */ 6255 break; 6256 default: /* nop (multi byte) */ 6257 gen_nop_modrm(env, s, modrm); 6258 break; 6259 } 6260 break; 6261 case 0x11a: 6262 modrm = x86_ldub_code(env, s); 6263 if (s->flags & HF_MPX_EN_MASK) { 6264 mod = (modrm >> 6) & 3; 6265 reg = ((modrm >> 3) & 7) | REX_R(s); 6266 if (prefixes & PREFIX_REPZ) { 6267 /* bndcl */ 6268 if (reg >= 4 6269 || (prefixes & PREFIX_LOCK) 6270 || s->aflag == MO_16) { 6271 goto illegal_op; 6272 } 6273 gen_bndck(env, s, modrm, TCG_COND_LTU, cpu_bndl[reg]); 6274 } else if (prefixes & PREFIX_REPNZ) { 6275 /* bndcu */ 6276 if (reg >= 4 6277 || (prefixes & PREFIX_LOCK) 6278 || s->aflag == MO_16) { 6279 goto illegal_op; 6280 } 6281 TCGv_i64 notu = tcg_temp_new_i64(); 6282 tcg_gen_not_i64(notu, cpu_bndu[reg]); 6283 gen_bndck(env, s, modrm, TCG_COND_GTU, notu); 6284 } else if (prefixes & PREFIX_DATA) { 6285 /* bndmov -- from reg/mem */ 6286 if (reg >= 4 || s->aflag == MO_16) { 6287 goto illegal_op; 6288 } 6289 if (mod == 3) { 6290 int reg2 = (modrm & 7) | REX_B(s); 6291 if (reg2 >= 4 || (prefixes & PREFIX_LOCK)) { 6292 goto illegal_op; 6293 } 6294 if (s->flags & HF_MPX_IU_MASK) { 6295 tcg_gen_mov_i64(cpu_bndl[reg], cpu_bndl[reg2]); 6296 tcg_gen_mov_i64(cpu_bndu[reg], cpu_bndu[reg2]); 6297 } 6298 } else { 6299 gen_lea_modrm(env, s, modrm); 6300 if (CODE64(s)) { 6301 tcg_gen_qemu_ld_i64(cpu_bndl[reg], s->A0, 6302 s->mem_index, MO_LEUQ); 6303 tcg_gen_addi_tl(s->A0, s->A0, 8); 6304 tcg_gen_qemu_ld_i64(cpu_bndu[reg], s->A0, 6305 s->mem_index, MO_LEUQ); 6306 } else { 6307 tcg_gen_qemu_ld_i64(cpu_bndl[reg], s->A0, 6308 s->mem_index, MO_LEUL); 6309 tcg_gen_addi_tl(s->A0, s->A0, 4); 6310 tcg_gen_qemu_ld_i64(cpu_bndu[reg], s->A0, 6311 s->mem_index, MO_LEUL); 6312 } 6313 /* bnd registers are now in-use */ 6314 gen_set_hflag(s, HF_MPX_IU_MASK); 6315 } 6316 } else if (mod != 3) { 6317 /* bndldx */ 6318 AddressParts a = gen_lea_modrm_0(env, s, modrm); 6319 if (reg >= 4 6320 || (prefixes & PREFIX_LOCK) 6321 || s->aflag == MO_16 6322 || a.base < -1) { 6323 goto illegal_op; 6324 } 6325 if (a.base >= 0) { 6326 tcg_gen_addi_tl(s->A0, cpu_regs[a.base], a.disp); 6327 } else { 6328 tcg_gen_movi_tl(s->A0, 0); 6329 } 6330 gen_lea_v_seg(s, s->aflag, s->A0, a.def_seg, s->override); 6331 if (a.index >= 0) { 6332 tcg_gen_mov_tl(s->T0, cpu_regs[a.index]); 6333 } else { 6334 tcg_gen_movi_tl(s->T0, 0); 6335 } 6336 if (CODE64(s)) { 6337 gen_helper_bndldx64(cpu_bndl[reg], cpu_env, s->A0, s->T0); 6338 tcg_gen_ld_i64(cpu_bndu[reg], cpu_env, 6339 offsetof(CPUX86State, mmx_t0.MMX_Q(0))); 6340 } else { 6341 gen_helper_bndldx32(cpu_bndu[reg], cpu_env, s->A0, s->T0); 6342 tcg_gen_ext32u_i64(cpu_bndl[reg], cpu_bndu[reg]); 6343 tcg_gen_shri_i64(cpu_bndu[reg], cpu_bndu[reg], 32); 6344 } 6345 gen_set_hflag(s, HF_MPX_IU_MASK); 6346 } 6347 } 6348 gen_nop_modrm(env, s, modrm); 6349 break; 6350 case 0x11b: 6351 modrm = x86_ldub_code(env, s); 6352 if (s->flags & HF_MPX_EN_MASK) { 6353 mod = (modrm >> 6) & 3; 6354 reg = ((modrm >> 3) & 7) | REX_R(s); 6355 if (mod != 3 && (prefixes & PREFIX_REPZ)) { 6356 /* bndmk */ 6357 if (reg >= 4 6358 || (prefixes & PREFIX_LOCK) 6359 || s->aflag == MO_16) { 6360 goto illegal_op; 6361 } 6362 AddressParts a = gen_lea_modrm_0(env, s, modrm); 6363 if (a.base >= 0) { 6364 tcg_gen_extu_tl_i64(cpu_bndl[reg], cpu_regs[a.base]); 6365 if (!CODE64(s)) { 6366 tcg_gen_ext32u_i64(cpu_bndl[reg], cpu_bndl[reg]); 6367 } 6368 } else if (a.base == -1) { 6369 /* no base register has lower bound of 0 */ 6370 tcg_gen_movi_i64(cpu_bndl[reg], 0); 6371 } else { 6372 /* rip-relative generates #ud */ 6373 goto illegal_op; 6374 } 6375 tcg_gen_not_tl(s->A0, gen_lea_modrm_1(s, a, false)); 6376 if (!CODE64(s)) { 6377 tcg_gen_ext32u_tl(s->A0, s->A0); 6378 } 6379 tcg_gen_extu_tl_i64(cpu_bndu[reg], s->A0); 6380 /* bnd registers are now in-use */ 6381 gen_set_hflag(s, HF_MPX_IU_MASK); 6382 break; 6383 } else if (prefixes & PREFIX_REPNZ) { 6384 /* bndcn */ 6385 if (reg >= 4 6386 || (prefixes & PREFIX_LOCK) 6387 || s->aflag == MO_16) { 6388 goto illegal_op; 6389 } 6390 gen_bndck(env, s, modrm, TCG_COND_GTU, cpu_bndu[reg]); 6391 } else if (prefixes & PREFIX_DATA) { 6392 /* bndmov -- to reg/mem */ 6393 if (reg >= 4 || s->aflag == MO_16) { 6394 goto illegal_op; 6395 } 6396 if (mod == 3) { 6397 int reg2 = (modrm & 7) | REX_B(s); 6398 if (reg2 >= 4 || (prefixes & PREFIX_LOCK)) { 6399 goto illegal_op; 6400 } 6401 if (s->flags & HF_MPX_IU_MASK) { 6402 tcg_gen_mov_i64(cpu_bndl[reg2], cpu_bndl[reg]); 6403 tcg_gen_mov_i64(cpu_bndu[reg2], cpu_bndu[reg]); 6404 } 6405 } else { 6406 gen_lea_modrm(env, s, modrm); 6407 if (CODE64(s)) { 6408 tcg_gen_qemu_st_i64(cpu_bndl[reg], s->A0, 6409 s->mem_index, MO_LEUQ); 6410 tcg_gen_addi_tl(s->A0, s->A0, 8); 6411 tcg_gen_qemu_st_i64(cpu_bndu[reg], s->A0, 6412 s->mem_index, MO_LEUQ); 6413 } else { 6414 tcg_gen_qemu_st_i64(cpu_bndl[reg], s->A0, 6415 s->mem_index, MO_LEUL); 6416 tcg_gen_addi_tl(s->A0, s->A0, 4); 6417 tcg_gen_qemu_st_i64(cpu_bndu[reg], s->A0, 6418 s->mem_index, MO_LEUL); 6419 } 6420 } 6421 } else if (mod != 3) { 6422 /* bndstx */ 6423 AddressParts a = gen_lea_modrm_0(env, s, modrm); 6424 if (reg >= 4 6425 || (prefixes & PREFIX_LOCK) 6426 || s->aflag == MO_16 6427 || a.base < -1) { 6428 goto illegal_op; 6429 } 6430 if (a.base >= 0) { 6431 tcg_gen_addi_tl(s->A0, cpu_regs[a.base], a.disp); 6432 } else { 6433 tcg_gen_movi_tl(s->A0, 0); 6434 } 6435 gen_lea_v_seg(s, s->aflag, s->A0, a.def_seg, s->override); 6436 if (a.index >= 0) { 6437 tcg_gen_mov_tl(s->T0, cpu_regs[a.index]); 6438 } else { 6439 tcg_gen_movi_tl(s->T0, 0); 6440 } 6441 if (CODE64(s)) { 6442 gen_helper_bndstx64(cpu_env, s->A0, s->T0, 6443 cpu_bndl[reg], cpu_bndu[reg]); 6444 } else { 6445 gen_helper_bndstx32(cpu_env, s->A0, s->T0, 6446 cpu_bndl[reg], cpu_bndu[reg]); 6447 } 6448 } 6449 } 6450 gen_nop_modrm(env, s, modrm); 6451 break; 6452 case 0x119: case 0x11c ... 0x11f: /* nop (multi byte) */ 6453 modrm = x86_ldub_code(env, s); 6454 gen_nop_modrm(env, s, modrm); 6455 break; 6456 6457 case 0x120: /* mov reg, crN */ 6458 case 0x122: /* mov crN, reg */ 6459 if (!check_cpl0(s)) { 6460 break; 6461 } 6462 modrm = x86_ldub_code(env, s); 6463 /* 6464 * Ignore the mod bits (assume (modrm&0xc0)==0xc0). 6465 * AMD documentation (24594.pdf) and testing of Intel 386 and 486 6466 * processors all show that the mod bits are assumed to be 1's, 6467 * regardless of actual values. 6468 */ 6469 rm = (modrm & 7) | REX_B(s); 6470 reg = ((modrm >> 3) & 7) | REX_R(s); 6471 switch (reg) { 6472 case 0: 6473 if ((prefixes & PREFIX_LOCK) && 6474 (s->cpuid_ext3_features & CPUID_EXT3_CR8LEG)) { 6475 reg = 8; 6476 } 6477 break; 6478 case 2: 6479 case 3: 6480 case 4: 6481 case 8: 6482 break; 6483 default: 6484 goto unknown_op; 6485 } 6486 ot = (CODE64(s) ? MO_64 : MO_32); 6487 6488 if (tb_cflags(s->base.tb) & CF_USE_ICOUNT) { 6489 gen_io_start(); 6490 s->base.is_jmp = DISAS_TOO_MANY; 6491 } 6492 if (b & 2) { 6493 gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0 + reg); 6494 gen_op_mov_v_reg(s, ot, s->T0, rm); 6495 gen_helper_write_crN(cpu_env, tcg_constant_i32(reg), s->T0); 6496 s->base.is_jmp = DISAS_EOB_NEXT; 6497 } else { 6498 gen_svm_check_intercept(s, SVM_EXIT_READ_CR0 + reg); 6499 gen_helper_read_crN(s->T0, cpu_env, tcg_constant_i32(reg)); 6500 gen_op_mov_reg_v(s, ot, rm, s->T0); 6501 } 6502 break; 6503 6504 case 0x121: /* mov reg, drN */ 6505 case 0x123: /* mov drN, reg */ 6506 if (check_cpl0(s)) { 6507 modrm = x86_ldub_code(env, s); 6508 /* Ignore the mod bits (assume (modrm&0xc0)==0xc0). 6509 * AMD documentation (24594.pdf) and testing of 6510 * intel 386 and 486 processors all show that the mod bits 6511 * are assumed to be 1's, regardless of actual values. 6512 */ 6513 rm = (modrm & 7) | REX_B(s); 6514 reg = ((modrm >> 3) & 7) | REX_R(s); 6515 if (CODE64(s)) 6516 ot = MO_64; 6517 else 6518 ot = MO_32; 6519 if (reg >= 8) { 6520 goto illegal_op; 6521 } 6522 if (b & 2) { 6523 gen_svm_check_intercept(s, SVM_EXIT_WRITE_DR0 + reg); 6524 gen_op_mov_v_reg(s, ot, s->T0, rm); 6525 tcg_gen_movi_i32(s->tmp2_i32, reg); 6526 gen_helper_set_dr(cpu_env, s->tmp2_i32, s->T0); 6527 s->base.is_jmp = DISAS_EOB_NEXT; 6528 } else { 6529 gen_svm_check_intercept(s, SVM_EXIT_READ_DR0 + reg); 6530 tcg_gen_movi_i32(s->tmp2_i32, reg); 6531 gen_helper_get_dr(s->T0, cpu_env, s->tmp2_i32); 6532 gen_op_mov_reg_v(s, ot, rm, s->T0); 6533 } 6534 } 6535 break; 6536 case 0x106: /* clts */ 6537 if (check_cpl0(s)) { 6538 gen_svm_check_intercept(s, SVM_EXIT_WRITE_CR0); 6539 gen_helper_clts(cpu_env); 6540 /* abort block because static cpu state changed */ 6541 s->base.is_jmp = DISAS_EOB_NEXT; 6542 } 6543 break; 6544 /* MMX/3DNow!/SSE/SSE2/SSE3/SSSE3/SSE4 support */ 6545 case 0x1c3: /* MOVNTI reg, mem */ 6546 if (!(s->cpuid_features & CPUID_SSE2)) 6547 goto illegal_op; 6548 ot = mo_64_32(dflag); 6549 modrm = x86_ldub_code(env, s); 6550 mod = (modrm >> 6) & 3; 6551 if (mod == 3) 6552 goto illegal_op; 6553 reg = ((modrm >> 3) & 7) | REX_R(s); 6554 /* generate a generic store */ 6555 gen_ldst_modrm(env, s, modrm, ot, reg, 1); 6556 break; 6557 case 0x1ae: 6558 modrm = x86_ldub_code(env, s); 6559 switch (modrm) { 6560 CASE_MODRM_MEM_OP(0): /* fxsave */ 6561 if (!(s->cpuid_features & CPUID_FXSR) 6562 || (prefixes & PREFIX_LOCK)) { 6563 goto illegal_op; 6564 } 6565 if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) { 6566 gen_exception(s, EXCP07_PREX); 6567 break; 6568 } 6569 gen_lea_modrm(env, s, modrm); 6570 gen_helper_fxsave(cpu_env, s->A0); 6571 break; 6572 6573 CASE_MODRM_MEM_OP(1): /* fxrstor */ 6574 if (!(s->cpuid_features & CPUID_FXSR) 6575 || (prefixes & PREFIX_LOCK)) { 6576 goto illegal_op; 6577 } 6578 if ((s->flags & HF_EM_MASK) || (s->flags & HF_TS_MASK)) { 6579 gen_exception(s, EXCP07_PREX); 6580 break; 6581 } 6582 gen_lea_modrm(env, s, modrm); 6583 gen_helper_fxrstor(cpu_env, s->A0); 6584 break; 6585 6586 CASE_MODRM_MEM_OP(2): /* ldmxcsr */ 6587 if ((s->flags & HF_EM_MASK) || !(s->flags & HF_OSFXSR_MASK)) { 6588 goto illegal_op; 6589 } 6590 if (s->flags & HF_TS_MASK) { 6591 gen_exception(s, EXCP07_PREX); 6592 break; 6593 } 6594 gen_lea_modrm(env, s, modrm); 6595 tcg_gen_qemu_ld_i32(s->tmp2_i32, s->A0, s->mem_index, MO_LEUL); 6596 gen_helper_ldmxcsr(cpu_env, s->tmp2_i32); 6597 break; 6598 6599 CASE_MODRM_MEM_OP(3): /* stmxcsr */ 6600 if ((s->flags & HF_EM_MASK) || !(s->flags & HF_OSFXSR_MASK)) { 6601 goto illegal_op; 6602 } 6603 if (s->flags & HF_TS_MASK) { 6604 gen_exception(s, EXCP07_PREX); 6605 break; 6606 } 6607 gen_helper_update_mxcsr(cpu_env); 6608 gen_lea_modrm(env, s, modrm); 6609 tcg_gen_ld32u_tl(s->T0, cpu_env, offsetof(CPUX86State, mxcsr)); 6610 gen_op_st_v(s, MO_32, s->T0, s->A0); 6611 break; 6612 6613 CASE_MODRM_MEM_OP(4): /* xsave */ 6614 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0 6615 || (prefixes & (PREFIX_LOCK | PREFIX_DATA 6616 | PREFIX_REPZ | PREFIX_REPNZ))) { 6617 goto illegal_op; 6618 } 6619 gen_lea_modrm(env, s, modrm); 6620 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX], 6621 cpu_regs[R_EDX]); 6622 gen_helper_xsave(cpu_env, s->A0, s->tmp1_i64); 6623 break; 6624 6625 CASE_MODRM_MEM_OP(5): /* xrstor */ 6626 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0 6627 || (prefixes & (PREFIX_LOCK | PREFIX_DATA 6628 | PREFIX_REPZ | PREFIX_REPNZ))) { 6629 goto illegal_op; 6630 } 6631 gen_lea_modrm(env, s, modrm); 6632 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX], 6633 cpu_regs[R_EDX]); 6634 gen_helper_xrstor(cpu_env, s->A0, s->tmp1_i64); 6635 /* XRSTOR is how MPX is enabled, which changes how 6636 we translate. Thus we need to end the TB. */ 6637 s->base.is_jmp = DISAS_EOB_NEXT; 6638 break; 6639 6640 CASE_MODRM_MEM_OP(6): /* xsaveopt / clwb */ 6641 if (prefixes & PREFIX_LOCK) { 6642 goto illegal_op; 6643 } 6644 if (prefixes & PREFIX_DATA) { 6645 /* clwb */ 6646 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_CLWB)) { 6647 goto illegal_op; 6648 } 6649 gen_nop_modrm(env, s, modrm); 6650 } else { 6651 /* xsaveopt */ 6652 if ((s->cpuid_ext_features & CPUID_EXT_XSAVE) == 0 6653 || (s->cpuid_xsave_features & CPUID_XSAVE_XSAVEOPT) == 0 6654 || (prefixes & (PREFIX_REPZ | PREFIX_REPNZ))) { 6655 goto illegal_op; 6656 } 6657 gen_lea_modrm(env, s, modrm); 6658 tcg_gen_concat_tl_i64(s->tmp1_i64, cpu_regs[R_EAX], 6659 cpu_regs[R_EDX]); 6660 gen_helper_xsaveopt(cpu_env, s->A0, s->tmp1_i64); 6661 } 6662 break; 6663 6664 CASE_MODRM_MEM_OP(7): /* clflush / clflushopt */ 6665 if (prefixes & PREFIX_LOCK) { 6666 goto illegal_op; 6667 } 6668 if (prefixes & PREFIX_DATA) { 6669 /* clflushopt */ 6670 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_CLFLUSHOPT)) { 6671 goto illegal_op; 6672 } 6673 } else { 6674 /* clflush */ 6675 if ((s->prefix & (PREFIX_REPZ | PREFIX_REPNZ)) 6676 || !(s->cpuid_features & CPUID_CLFLUSH)) { 6677 goto illegal_op; 6678 } 6679 } 6680 gen_nop_modrm(env, s, modrm); 6681 break; 6682 6683 case 0xc0 ... 0xc7: /* rdfsbase (f3 0f ae /0) */ 6684 case 0xc8 ... 0xcf: /* rdgsbase (f3 0f ae /1) */ 6685 case 0xd0 ... 0xd7: /* wrfsbase (f3 0f ae /2) */ 6686 case 0xd8 ... 0xdf: /* wrgsbase (f3 0f ae /3) */ 6687 if (CODE64(s) 6688 && (prefixes & PREFIX_REPZ) 6689 && !(prefixes & PREFIX_LOCK) 6690 && (s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_FSGSBASE)) { 6691 TCGv base, treg, src, dst; 6692 6693 /* Preserve hflags bits by testing CR4 at runtime. */ 6694 tcg_gen_movi_i32(s->tmp2_i32, CR4_FSGSBASE_MASK); 6695 gen_helper_cr4_testbit(cpu_env, s->tmp2_i32); 6696 6697 base = cpu_seg_base[modrm & 8 ? R_GS : R_FS]; 6698 treg = cpu_regs[(modrm & 7) | REX_B(s)]; 6699 6700 if (modrm & 0x10) { 6701 /* wr*base */ 6702 dst = base, src = treg; 6703 } else { 6704 /* rd*base */ 6705 dst = treg, src = base; 6706 } 6707 6708 if (s->dflag == MO_32) { 6709 tcg_gen_ext32u_tl(dst, src); 6710 } else { 6711 tcg_gen_mov_tl(dst, src); 6712 } 6713 break; 6714 } 6715 goto unknown_op; 6716 6717 case 0xf8: /* sfence / pcommit */ 6718 if (prefixes & PREFIX_DATA) { 6719 /* pcommit */ 6720 if (!(s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_PCOMMIT) 6721 || (prefixes & PREFIX_LOCK)) { 6722 goto illegal_op; 6723 } 6724 break; 6725 } 6726 /* fallthru */ 6727 case 0xf9 ... 0xff: /* sfence */ 6728 if (!(s->cpuid_features & CPUID_SSE) 6729 || (prefixes & PREFIX_LOCK)) { 6730 goto illegal_op; 6731 } 6732 tcg_gen_mb(TCG_MO_ST_ST | TCG_BAR_SC); 6733 break; 6734 case 0xe8 ... 0xef: /* lfence */ 6735 if (!(s->cpuid_features & CPUID_SSE) 6736 || (prefixes & PREFIX_LOCK)) { 6737 goto illegal_op; 6738 } 6739 tcg_gen_mb(TCG_MO_LD_LD | TCG_BAR_SC); 6740 break; 6741 case 0xf0 ... 0xf7: /* mfence */ 6742 if (!(s->cpuid_features & CPUID_SSE2) 6743 || (prefixes & PREFIX_LOCK)) { 6744 goto illegal_op; 6745 } 6746 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC); 6747 break; 6748 6749 default: 6750 goto unknown_op; 6751 } 6752 break; 6753 6754 case 0x10d: /* 3DNow! prefetch(w) */ 6755 modrm = x86_ldub_code(env, s); 6756 mod = (modrm >> 6) & 3; 6757 if (mod == 3) 6758 goto illegal_op; 6759 gen_nop_modrm(env, s, modrm); 6760 break; 6761 case 0x1aa: /* rsm */ 6762 gen_svm_check_intercept(s, SVM_EXIT_RSM); 6763 if (!(s->flags & HF_SMM_MASK)) 6764 goto illegal_op; 6765 #ifdef CONFIG_USER_ONLY 6766 /* we should not be in SMM mode */ 6767 g_assert_not_reached(); 6768 #else 6769 gen_update_cc_op(s); 6770 gen_update_eip_next(s); 6771 gen_helper_rsm(cpu_env); 6772 #endif /* CONFIG_USER_ONLY */ 6773 s->base.is_jmp = DISAS_EOB_ONLY; 6774 break; 6775 case 0x1b8: /* SSE4.2 popcnt */ 6776 if ((prefixes & (PREFIX_REPZ | PREFIX_LOCK | PREFIX_REPNZ)) != 6777 PREFIX_REPZ) 6778 goto illegal_op; 6779 if (!(s->cpuid_ext_features & CPUID_EXT_POPCNT)) 6780 goto illegal_op; 6781 6782 modrm = x86_ldub_code(env, s); 6783 reg = ((modrm >> 3) & 7) | REX_R(s); 6784 6785 if (s->prefix & PREFIX_DATA) { 6786 ot = MO_16; 6787 } else { 6788 ot = mo_64_32(dflag); 6789 } 6790 6791 gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0); 6792 gen_extu(ot, s->T0); 6793 tcg_gen_mov_tl(cpu_cc_src, s->T0); 6794 tcg_gen_ctpop_tl(s->T0, s->T0); 6795 gen_op_mov_reg_v(s, ot, reg, s->T0); 6796 6797 set_cc_op(s, CC_OP_POPCNT); 6798 break; 6799 case 0x10e ... 0x117: 6800 case 0x128 ... 0x12f: 6801 case 0x138 ... 0x13a: 6802 case 0x150 ... 0x179: 6803 case 0x17c ... 0x17f: 6804 case 0x1c2: 6805 case 0x1c4 ... 0x1c6: 6806 case 0x1d0 ... 0x1fe: 6807 disas_insn_new(s, cpu, b); 6808 break; 6809 default: 6810 goto unknown_op; 6811 } 6812 return true; 6813 illegal_op: 6814 gen_illegal_opcode(s); 6815 return true; 6816 unknown_op: 6817 gen_unknown_opcode(env, s); 6818 return true; 6819 } 6820 6821 void tcg_x86_init(void) 6822 { 6823 static const char reg_names[CPU_NB_REGS][4] = { 6824 #ifdef TARGET_X86_64 6825 [R_EAX] = "rax", 6826 [R_EBX] = "rbx", 6827 [R_ECX] = "rcx", 6828 [R_EDX] = "rdx", 6829 [R_ESI] = "rsi", 6830 [R_EDI] = "rdi", 6831 [R_EBP] = "rbp", 6832 [R_ESP] = "rsp", 6833 [8] = "r8", 6834 [9] = "r9", 6835 [10] = "r10", 6836 [11] = "r11", 6837 [12] = "r12", 6838 [13] = "r13", 6839 [14] = "r14", 6840 [15] = "r15", 6841 #else 6842 [R_EAX] = "eax", 6843 [R_EBX] = "ebx", 6844 [R_ECX] = "ecx", 6845 [R_EDX] = "edx", 6846 [R_ESI] = "esi", 6847 [R_EDI] = "edi", 6848 [R_EBP] = "ebp", 6849 [R_ESP] = "esp", 6850 #endif 6851 }; 6852 static const char eip_name[] = { 6853 #ifdef TARGET_X86_64 6854 "rip" 6855 #else 6856 "eip" 6857 #endif 6858 }; 6859 static const char seg_base_names[6][8] = { 6860 [R_CS] = "cs_base", 6861 [R_DS] = "ds_base", 6862 [R_ES] = "es_base", 6863 [R_FS] = "fs_base", 6864 [R_GS] = "gs_base", 6865 [R_SS] = "ss_base", 6866 }; 6867 static const char bnd_regl_names[4][8] = { 6868 "bnd0_lb", "bnd1_lb", "bnd2_lb", "bnd3_lb" 6869 }; 6870 static const char bnd_regu_names[4][8] = { 6871 "bnd0_ub", "bnd1_ub", "bnd2_ub", "bnd3_ub" 6872 }; 6873 int i; 6874 6875 cpu_cc_op = tcg_global_mem_new_i32(cpu_env, 6876 offsetof(CPUX86State, cc_op), "cc_op"); 6877 cpu_cc_dst = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_dst), 6878 "cc_dst"); 6879 cpu_cc_src = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_src), 6880 "cc_src"); 6881 cpu_cc_src2 = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, cc_src2), 6882 "cc_src2"); 6883 cpu_eip = tcg_global_mem_new(cpu_env, offsetof(CPUX86State, eip), eip_name); 6884 6885 for (i = 0; i < CPU_NB_REGS; ++i) { 6886 cpu_regs[i] = tcg_global_mem_new(cpu_env, 6887 offsetof(CPUX86State, regs[i]), 6888 reg_names[i]); 6889 } 6890 6891 for (i = 0; i < 6; ++i) { 6892 cpu_seg_base[i] 6893 = tcg_global_mem_new(cpu_env, 6894 offsetof(CPUX86State, segs[i].base), 6895 seg_base_names[i]); 6896 } 6897 6898 for (i = 0; i < 4; ++i) { 6899 cpu_bndl[i] 6900 = tcg_global_mem_new_i64(cpu_env, 6901 offsetof(CPUX86State, bnd_regs[i].lb), 6902 bnd_regl_names[i]); 6903 cpu_bndu[i] 6904 = tcg_global_mem_new_i64(cpu_env, 6905 offsetof(CPUX86State, bnd_regs[i].ub), 6906 bnd_regu_names[i]); 6907 } 6908 } 6909 6910 static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu) 6911 { 6912 DisasContext *dc = container_of(dcbase, DisasContext, base); 6913 CPUX86State *env = cpu->env_ptr; 6914 uint32_t flags = dc->base.tb->flags; 6915 uint32_t cflags = tb_cflags(dc->base.tb); 6916 int cpl = (flags >> HF_CPL_SHIFT) & 3; 6917 int iopl = (flags >> IOPL_SHIFT) & 3; 6918 6919 dc->cs_base = dc->base.tb->cs_base; 6920 dc->pc_save = dc->base.pc_next; 6921 dc->flags = flags; 6922 #ifndef CONFIG_USER_ONLY 6923 dc->cpl = cpl; 6924 dc->iopl = iopl; 6925 #endif 6926 6927 /* We make some simplifying assumptions; validate they're correct. */ 6928 g_assert(PE(dc) == ((flags & HF_PE_MASK) != 0)); 6929 g_assert(CPL(dc) == cpl); 6930 g_assert(IOPL(dc) == iopl); 6931 g_assert(VM86(dc) == ((flags & HF_VM_MASK) != 0)); 6932 g_assert(CODE32(dc) == ((flags & HF_CS32_MASK) != 0)); 6933 g_assert(CODE64(dc) == ((flags & HF_CS64_MASK) != 0)); 6934 g_assert(SS32(dc) == ((flags & HF_SS32_MASK) != 0)); 6935 g_assert(LMA(dc) == ((flags & HF_LMA_MASK) != 0)); 6936 g_assert(ADDSEG(dc) == ((flags & HF_ADDSEG_MASK) != 0)); 6937 g_assert(SVME(dc) == ((flags & HF_SVME_MASK) != 0)); 6938 g_assert(GUEST(dc) == ((flags & HF_GUEST_MASK) != 0)); 6939 6940 dc->cc_op = CC_OP_DYNAMIC; 6941 dc->cc_op_dirty = false; 6942 dc->popl_esp_hack = 0; 6943 /* select memory access functions */ 6944 dc->mem_index = 0; 6945 #ifdef CONFIG_SOFTMMU 6946 dc->mem_index = cpu_mmu_index(env, false); 6947 #endif 6948 dc->cpuid_features = env->features[FEAT_1_EDX]; 6949 dc->cpuid_ext_features = env->features[FEAT_1_ECX]; 6950 dc->cpuid_ext2_features = env->features[FEAT_8000_0001_EDX]; 6951 dc->cpuid_ext3_features = env->features[FEAT_8000_0001_ECX]; 6952 dc->cpuid_7_0_ebx_features = env->features[FEAT_7_0_EBX]; 6953 dc->cpuid_7_0_ecx_features = env->features[FEAT_7_0_ECX]; 6954 dc->cpuid_xsave_features = env->features[FEAT_XSAVE]; 6955 dc->jmp_opt = !((cflags & CF_NO_GOTO_TB) || 6956 (flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK))); 6957 /* 6958 * If jmp_opt, we want to handle each string instruction individually. 6959 * For icount also disable repz optimization so that each iteration 6960 * is accounted separately. 6961 */ 6962 dc->repz_opt = !dc->jmp_opt && !(cflags & CF_USE_ICOUNT); 6963 6964 dc->T0 = tcg_temp_new(); 6965 dc->T1 = tcg_temp_new(); 6966 dc->A0 = tcg_temp_new(); 6967 6968 dc->tmp0 = tcg_temp_new(); 6969 dc->tmp1_i64 = tcg_temp_new_i64(); 6970 dc->tmp2_i32 = tcg_temp_new_i32(); 6971 dc->tmp3_i32 = tcg_temp_new_i32(); 6972 dc->tmp4 = tcg_temp_new(); 6973 dc->cc_srcT = tcg_temp_new(); 6974 } 6975 6976 static void i386_tr_tb_start(DisasContextBase *db, CPUState *cpu) 6977 { 6978 } 6979 6980 static void i386_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu) 6981 { 6982 DisasContext *dc = container_of(dcbase, DisasContext, base); 6983 target_ulong pc_arg = dc->base.pc_next; 6984 6985 dc->prev_insn_end = tcg_last_op(); 6986 if (tb_cflags(dcbase->tb) & CF_PCREL) { 6987 pc_arg -= dc->cs_base; 6988 pc_arg &= ~TARGET_PAGE_MASK; 6989 } 6990 tcg_gen_insn_start(pc_arg, dc->cc_op); 6991 } 6992 6993 static void i386_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu) 6994 { 6995 DisasContext *dc = container_of(dcbase, DisasContext, base); 6996 6997 #ifdef TARGET_VSYSCALL_PAGE 6998 /* 6999 * Detect entry into the vsyscall page and invoke the syscall. 7000 */ 7001 if ((dc->base.pc_next & TARGET_PAGE_MASK) == TARGET_VSYSCALL_PAGE) { 7002 gen_exception(dc, EXCP_VSYSCALL); 7003 dc->base.pc_next = dc->pc + 1; 7004 return; 7005 } 7006 #endif 7007 7008 if (disas_insn(dc, cpu)) { 7009 target_ulong pc_next = dc->pc; 7010 dc->base.pc_next = pc_next; 7011 7012 if (dc->base.is_jmp == DISAS_NEXT) { 7013 if (dc->flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK)) { 7014 /* 7015 * If single step mode, we generate only one instruction and 7016 * generate an exception. 7017 * If irq were inhibited with HF_INHIBIT_IRQ_MASK, we clear 7018 * the flag and abort the translation to give the irqs a 7019 * chance to happen. 7020 */ 7021 dc->base.is_jmp = DISAS_EOB_NEXT; 7022 } else if (!is_same_page(&dc->base, pc_next)) { 7023 dc->base.is_jmp = DISAS_TOO_MANY; 7024 } 7025 } 7026 } 7027 } 7028 7029 static void i386_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu) 7030 { 7031 DisasContext *dc = container_of(dcbase, DisasContext, base); 7032 7033 switch (dc->base.is_jmp) { 7034 case DISAS_NORETURN: 7035 break; 7036 case DISAS_TOO_MANY: 7037 gen_update_cc_op(dc); 7038 gen_jmp_rel_csize(dc, 0, 0); 7039 break; 7040 case DISAS_EOB_NEXT: 7041 gen_update_cc_op(dc); 7042 gen_update_eip_cur(dc); 7043 /* fall through */ 7044 case DISAS_EOB_ONLY: 7045 gen_eob(dc); 7046 break; 7047 case DISAS_EOB_INHIBIT_IRQ: 7048 gen_update_cc_op(dc); 7049 gen_update_eip_cur(dc); 7050 gen_eob_inhibit_irq(dc, true); 7051 break; 7052 case DISAS_JUMP: 7053 gen_jr(dc); 7054 break; 7055 default: 7056 g_assert_not_reached(); 7057 } 7058 } 7059 7060 static void i386_tr_disas_log(const DisasContextBase *dcbase, 7061 CPUState *cpu, FILE *logfile) 7062 { 7063 DisasContext *dc = container_of(dcbase, DisasContext, base); 7064 7065 fprintf(logfile, "IN: %s\n", lookup_symbol(dc->base.pc_first)); 7066 target_disas(logfile, cpu, dc->base.pc_first, dc->base.tb->size); 7067 } 7068 7069 static const TranslatorOps i386_tr_ops = { 7070 .init_disas_context = i386_tr_init_disas_context, 7071 .tb_start = i386_tr_tb_start, 7072 .insn_start = i386_tr_insn_start, 7073 .translate_insn = i386_tr_translate_insn, 7074 .tb_stop = i386_tr_tb_stop, 7075 .disas_log = i386_tr_disas_log, 7076 }; 7077 7078 /* generate intermediate code for basic block 'tb'. */ 7079 void gen_intermediate_code(CPUState *cpu, TranslationBlock *tb, int *max_insns, 7080 target_ulong pc, void *host_pc) 7081 { 7082 DisasContext dc; 7083 7084 translator_loop(cpu, tb, max_insns, pc, host_pc, &i386_tr_ops, &dc.base); 7085 } 7086