xref: /openbmc/qemu/target/sh4/translate.c (revision 0b1183e3)
1 /*
2  *  SH4 translation
3  *
4  *  Copyright (c) 2005 Samuel Tardieu
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #define DEBUG_DISAS
21 
22 #include "qemu/osdep.h"
23 #include "cpu.h"
24 #include "disas/disas.h"
25 #include "exec/exec-all.h"
26 #include "tcg-op.h"
27 #include "exec/cpu_ldst.h"
28 
29 #include "exec/helper-proto.h"
30 #include "exec/helper-gen.h"
31 
32 #include "trace-tcg.h"
33 #include "exec/log.h"
34 
35 
36 typedef struct DisasContext {
37     struct TranslationBlock *tb;
38     target_ulong pc;
39     uint16_t opcode;
40     uint32_t tbflags;    /* should stay unmodified during the TB translation */
41     uint32_t envflags;   /* should stay in sync with env->flags using TCG ops */
42     int bstate;
43     int memidx;
44     int gbank;
45     int fbank;
46     uint32_t delayed_pc;
47     int singlestep_enabled;
48     uint32_t features;
49     int has_movcal;
50 } DisasContext;
51 
52 #if defined(CONFIG_USER_ONLY)
53 #define IS_USER(ctx) 1
54 #else
55 #define IS_USER(ctx) (!(ctx->tbflags & (1u << SR_MD)))
56 #endif
57 
58 enum {
59     BS_NONE     = 0, /* We go out of the TB without reaching a branch or an
60                       * exception condition
61                       */
62     BS_STOP     = 1, /* We want to stop translation for any reason */
63     BS_BRANCH   = 2, /* We reached a branch condition     */
64     BS_EXCP     = 3, /* We reached an exception condition */
65 };
66 
67 /* global register indexes */
68 static TCGv_env cpu_env;
69 static TCGv cpu_gregs[32];
70 static TCGv cpu_sr, cpu_sr_m, cpu_sr_q, cpu_sr_t;
71 static TCGv cpu_pc, cpu_ssr, cpu_spc, cpu_gbr;
72 static TCGv cpu_vbr, cpu_sgr, cpu_dbr, cpu_mach, cpu_macl;
73 static TCGv cpu_pr, cpu_fpscr, cpu_fpul, cpu_ldst;
74 static TCGv cpu_fregs[32];
75 
76 /* internal register indexes */
77 static TCGv cpu_flags, cpu_delayed_pc, cpu_delayed_cond;
78 
79 #include "exec/gen-icount.h"
80 
81 void sh4_translate_init(void)
82 {
83     int i;
84     static int done_init = 0;
85     static const char * const gregnames[24] = {
86         "R0_BANK0", "R1_BANK0", "R2_BANK0", "R3_BANK0",
87         "R4_BANK0", "R5_BANK0", "R6_BANK0", "R7_BANK0",
88         "R8", "R9", "R10", "R11", "R12", "R13", "R14", "R15",
89         "R0_BANK1", "R1_BANK1", "R2_BANK1", "R3_BANK1",
90         "R4_BANK1", "R5_BANK1", "R6_BANK1", "R7_BANK1"
91     };
92     static const char * const fregnames[32] = {
93          "FPR0_BANK0",  "FPR1_BANK0",  "FPR2_BANK0",  "FPR3_BANK0",
94          "FPR4_BANK0",  "FPR5_BANK0",  "FPR6_BANK0",  "FPR7_BANK0",
95          "FPR8_BANK0",  "FPR9_BANK0", "FPR10_BANK0", "FPR11_BANK0",
96         "FPR12_BANK0", "FPR13_BANK0", "FPR14_BANK0", "FPR15_BANK0",
97          "FPR0_BANK1",  "FPR1_BANK1",  "FPR2_BANK1",  "FPR3_BANK1",
98          "FPR4_BANK1",  "FPR5_BANK1",  "FPR6_BANK1",  "FPR7_BANK1",
99          "FPR8_BANK1",  "FPR9_BANK1", "FPR10_BANK1", "FPR11_BANK1",
100         "FPR12_BANK1", "FPR13_BANK1", "FPR14_BANK1", "FPR15_BANK1",
101     };
102 
103     if (done_init) {
104         return;
105     }
106 
107     cpu_env = tcg_global_reg_new_ptr(TCG_AREG0, "env");
108     tcg_ctx.tcg_env = cpu_env;
109 
110     for (i = 0; i < 24; i++) {
111         cpu_gregs[i] = tcg_global_mem_new_i32(cpu_env,
112                                               offsetof(CPUSH4State, gregs[i]),
113                                               gregnames[i]);
114     }
115     memcpy(cpu_gregs + 24, cpu_gregs + 8, 8 * sizeof(TCGv));
116 
117     cpu_pc = tcg_global_mem_new_i32(cpu_env,
118                                     offsetof(CPUSH4State, pc), "PC");
119     cpu_sr = tcg_global_mem_new_i32(cpu_env,
120                                     offsetof(CPUSH4State, sr), "SR");
121     cpu_sr_m = tcg_global_mem_new_i32(cpu_env,
122                                       offsetof(CPUSH4State, sr_m), "SR_M");
123     cpu_sr_q = tcg_global_mem_new_i32(cpu_env,
124                                       offsetof(CPUSH4State, sr_q), "SR_Q");
125     cpu_sr_t = tcg_global_mem_new_i32(cpu_env,
126                                       offsetof(CPUSH4State, sr_t), "SR_T");
127     cpu_ssr = tcg_global_mem_new_i32(cpu_env,
128                                      offsetof(CPUSH4State, ssr), "SSR");
129     cpu_spc = tcg_global_mem_new_i32(cpu_env,
130                                      offsetof(CPUSH4State, spc), "SPC");
131     cpu_gbr = tcg_global_mem_new_i32(cpu_env,
132                                      offsetof(CPUSH4State, gbr), "GBR");
133     cpu_vbr = tcg_global_mem_new_i32(cpu_env,
134                                      offsetof(CPUSH4State, vbr), "VBR");
135     cpu_sgr = tcg_global_mem_new_i32(cpu_env,
136                                      offsetof(CPUSH4State, sgr), "SGR");
137     cpu_dbr = tcg_global_mem_new_i32(cpu_env,
138                                      offsetof(CPUSH4State, dbr), "DBR");
139     cpu_mach = tcg_global_mem_new_i32(cpu_env,
140                                       offsetof(CPUSH4State, mach), "MACH");
141     cpu_macl = tcg_global_mem_new_i32(cpu_env,
142                                       offsetof(CPUSH4State, macl), "MACL");
143     cpu_pr = tcg_global_mem_new_i32(cpu_env,
144                                     offsetof(CPUSH4State, pr), "PR");
145     cpu_fpscr = tcg_global_mem_new_i32(cpu_env,
146                                        offsetof(CPUSH4State, fpscr), "FPSCR");
147     cpu_fpul = tcg_global_mem_new_i32(cpu_env,
148                                       offsetof(CPUSH4State, fpul), "FPUL");
149 
150     cpu_flags = tcg_global_mem_new_i32(cpu_env,
151 				       offsetof(CPUSH4State, flags), "_flags_");
152     cpu_delayed_pc = tcg_global_mem_new_i32(cpu_env,
153 					    offsetof(CPUSH4State, delayed_pc),
154 					    "_delayed_pc_");
155     cpu_delayed_cond = tcg_global_mem_new_i32(cpu_env,
156                                               offsetof(CPUSH4State,
157                                                        delayed_cond),
158                                               "_delayed_cond_");
159     cpu_ldst = tcg_global_mem_new_i32(cpu_env,
160 				      offsetof(CPUSH4State, ldst), "_ldst_");
161 
162     for (i = 0; i < 32; i++)
163         cpu_fregs[i] = tcg_global_mem_new_i32(cpu_env,
164                                               offsetof(CPUSH4State, fregs[i]),
165                                               fregnames[i]);
166 
167     done_init = 1;
168 }
169 
170 void superh_cpu_dump_state(CPUState *cs, FILE *f,
171                            fprintf_function cpu_fprintf, int flags)
172 {
173     SuperHCPU *cpu = SUPERH_CPU(cs);
174     CPUSH4State *env = &cpu->env;
175     int i;
176     cpu_fprintf(f, "pc=0x%08x sr=0x%08x pr=0x%08x fpscr=0x%08x\n",
177                 env->pc, cpu_read_sr(env), env->pr, env->fpscr);
178     cpu_fprintf(f, "spc=0x%08x ssr=0x%08x gbr=0x%08x vbr=0x%08x\n",
179 		env->spc, env->ssr, env->gbr, env->vbr);
180     cpu_fprintf(f, "sgr=0x%08x dbr=0x%08x delayed_pc=0x%08x fpul=0x%08x\n",
181 		env->sgr, env->dbr, env->delayed_pc, env->fpul);
182     for (i = 0; i < 24; i += 4) {
183 	cpu_fprintf(f, "r%d=0x%08x r%d=0x%08x r%d=0x%08x r%d=0x%08x\n",
184 		    i, env->gregs[i], i + 1, env->gregs[i + 1],
185 		    i + 2, env->gregs[i + 2], i + 3, env->gregs[i + 3]);
186     }
187     if (env->flags & DELAY_SLOT) {
188 	cpu_fprintf(f, "in delay slot (delayed_pc=0x%08x)\n",
189 		    env->delayed_pc);
190     } else if (env->flags & DELAY_SLOT_CONDITIONAL) {
191 	cpu_fprintf(f, "in conditional delay slot (delayed_pc=0x%08x)\n",
192 		    env->delayed_pc);
193     } else if (env->flags & DELAY_SLOT_RTE) {
194         cpu_fprintf(f, "in rte delay slot (delayed_pc=0x%08x)\n",
195                     env->delayed_pc);
196     }
197 }
198 
199 static void gen_read_sr(TCGv dst)
200 {
201     TCGv t0 = tcg_temp_new();
202     tcg_gen_shli_i32(t0, cpu_sr_q, SR_Q);
203     tcg_gen_or_i32(dst, dst, t0);
204     tcg_gen_shli_i32(t0, cpu_sr_m, SR_M);
205     tcg_gen_or_i32(dst, dst, t0);
206     tcg_gen_shli_i32(t0, cpu_sr_t, SR_T);
207     tcg_gen_or_i32(dst, cpu_sr, t0);
208     tcg_temp_free_i32(t0);
209 }
210 
211 static void gen_write_sr(TCGv src)
212 {
213     tcg_gen_andi_i32(cpu_sr, src,
214                      ~((1u << SR_Q) | (1u << SR_M) | (1u << SR_T)));
215     tcg_gen_extract_i32(cpu_sr_q, src, SR_Q, 1);
216     tcg_gen_extract_i32(cpu_sr_m, src, SR_M, 1);
217     tcg_gen_extract_i32(cpu_sr_t, src, SR_T, 1);
218 }
219 
220 static inline void gen_save_cpu_state(DisasContext *ctx, bool save_pc)
221 {
222     if (save_pc) {
223         tcg_gen_movi_i32(cpu_pc, ctx->pc);
224     }
225     if (ctx->delayed_pc != (uint32_t) -1) {
226         tcg_gen_movi_i32(cpu_delayed_pc, ctx->delayed_pc);
227     }
228     if ((ctx->tbflags & TB_FLAG_ENVFLAGS_MASK) != ctx->envflags) {
229         tcg_gen_movi_i32(cpu_flags, ctx->envflags);
230     }
231 }
232 
233 static inline bool use_exit_tb(DisasContext *ctx)
234 {
235     return (ctx->tbflags & GUSA_EXCLUSIVE) != 0;
236 }
237 
238 static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
239 {
240     /* Use a direct jump if in same page and singlestep not enabled */
241     if (unlikely(ctx->singlestep_enabled || use_exit_tb(ctx))) {
242         return false;
243     }
244 #ifndef CONFIG_USER_ONLY
245     return (ctx->tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
246 #else
247     return true;
248 #endif
249 }
250 
251 static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
252 {
253     if (use_goto_tb(ctx, dest)) {
254         tcg_gen_goto_tb(n);
255         tcg_gen_movi_i32(cpu_pc, dest);
256         tcg_gen_exit_tb((uintptr_t)ctx->tb + n);
257     } else {
258         tcg_gen_movi_i32(cpu_pc, dest);
259         if (ctx->singlestep_enabled) {
260             gen_helper_debug(cpu_env);
261         } else if (use_exit_tb(ctx)) {
262             tcg_gen_exit_tb(0);
263         } else {
264             tcg_gen_lookup_and_goto_ptr(cpu_pc);
265         }
266     }
267 }
268 
269 static void gen_jump(DisasContext * ctx)
270 {
271     if (ctx->delayed_pc == -1) {
272 	/* Target is not statically known, it comes necessarily from a
273 	   delayed jump as immediate jump are conditinal jumps */
274 	tcg_gen_mov_i32(cpu_pc, cpu_delayed_pc);
275         tcg_gen_discard_i32(cpu_delayed_pc);
276         if (ctx->singlestep_enabled) {
277             gen_helper_debug(cpu_env);
278         } else if (use_exit_tb(ctx)) {
279             tcg_gen_exit_tb(0);
280         } else {
281             tcg_gen_lookup_and_goto_ptr(cpu_pc);
282         }
283     } else {
284 	gen_goto_tb(ctx, 0, ctx->delayed_pc);
285     }
286 }
287 
288 /* Immediate conditional jump (bt or bf) */
289 static void gen_conditional_jump(DisasContext *ctx, target_ulong dest,
290                                  bool jump_if_true)
291 {
292     TCGLabel *l1 = gen_new_label();
293     TCGCond cond_not_taken = jump_if_true ? TCG_COND_EQ : TCG_COND_NE;
294 
295     if (ctx->tbflags & GUSA_EXCLUSIVE) {
296         /* When in an exclusive region, we must continue to the end.
297            Therefore, exit the region on a taken branch, but otherwise
298            fall through to the next instruction.  */
299         tcg_gen_brcondi_i32(cond_not_taken, cpu_sr_t, 0, l1);
300         tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~GUSA_MASK);
301         /* Note that this won't actually use a goto_tb opcode because we
302            disallow it in use_goto_tb, but it handles exit + singlestep.  */
303         gen_goto_tb(ctx, 0, dest);
304         gen_set_label(l1);
305         return;
306     }
307 
308     gen_save_cpu_state(ctx, false);
309     tcg_gen_brcondi_i32(cond_not_taken, cpu_sr_t, 0, l1);
310     gen_goto_tb(ctx, 0, dest);
311     gen_set_label(l1);
312     gen_goto_tb(ctx, 1, ctx->pc + 2);
313     ctx->bstate = BS_BRANCH;
314 }
315 
316 /* Delayed conditional jump (bt or bf) */
317 static void gen_delayed_conditional_jump(DisasContext * ctx)
318 {
319     TCGLabel *l1 = gen_new_label();
320     TCGv ds = tcg_temp_new();
321 
322     tcg_gen_mov_i32(ds, cpu_delayed_cond);
323     tcg_gen_discard_i32(cpu_delayed_cond);
324 
325     if (ctx->tbflags & GUSA_EXCLUSIVE) {
326         /* When in an exclusive region, we must continue to the end.
327            Therefore, exit the region on a taken branch, but otherwise
328            fall through to the next instruction.  */
329         tcg_gen_brcondi_i32(TCG_COND_EQ, ds, 0, l1);
330 
331         /* Leave the gUSA region.  */
332         tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~GUSA_MASK);
333         gen_jump(ctx);
334 
335         gen_set_label(l1);
336         return;
337     }
338 
339     tcg_gen_brcondi_i32(TCG_COND_NE, ds, 0, l1);
340     gen_goto_tb(ctx, 1, ctx->pc + 2);
341     gen_set_label(l1);
342     gen_jump(ctx);
343 }
344 
345 static inline void gen_load_fpr64(DisasContext *ctx, TCGv_i64 t, int reg)
346 {
347     /* We have already signaled illegal instruction for odd Dr.  */
348     tcg_debug_assert((reg & 1) == 0);
349     reg ^= ctx->fbank;
350     tcg_gen_concat_i32_i64(t, cpu_fregs[reg + 1], cpu_fregs[reg]);
351 }
352 
353 static inline void gen_store_fpr64(DisasContext *ctx, TCGv_i64 t, int reg)
354 {
355     /* We have already signaled illegal instruction for odd Dr.  */
356     tcg_debug_assert((reg & 1) == 0);
357     reg ^= ctx->fbank;
358     tcg_gen_extr_i64_i32(cpu_fregs[reg + 1], cpu_fregs[reg], t);
359 }
360 
361 #define B3_0 (ctx->opcode & 0xf)
362 #define B6_4 ((ctx->opcode >> 4) & 0x7)
363 #define B7_4 ((ctx->opcode >> 4) & 0xf)
364 #define B7_0 (ctx->opcode & 0xff)
365 #define B7_0s ((int32_t) (int8_t) (ctx->opcode & 0xff))
366 #define B11_0s (ctx->opcode & 0x800 ? 0xfffff000 | (ctx->opcode & 0xfff) : \
367   (ctx->opcode & 0xfff))
368 #define B11_8 ((ctx->opcode >> 8) & 0xf)
369 #define B15_12 ((ctx->opcode >> 12) & 0xf)
370 
371 #define REG(x)     cpu_gregs[(x) ^ ctx->gbank]
372 #define ALTREG(x)  cpu_gregs[(x) ^ ctx->gbank ^ 0x10]
373 #define FREG(x)    cpu_fregs[(x) ^ ctx->fbank]
374 
375 #define XHACK(x) ((((x) & 1 ) << 4) | ((x) & 0xe))
376 
377 #define CHECK_NOT_DELAY_SLOT \
378     if (ctx->envflags & DELAY_SLOT_MASK) {  \
379         goto do_illegal_slot;               \
380     }
381 
382 #define CHECK_PRIVILEGED \
383     if (IS_USER(ctx)) {                     \
384         goto do_illegal;                    \
385     }
386 
387 #define CHECK_FPU_ENABLED \
388     if (ctx->tbflags & (1u << SR_FD)) {     \
389         goto do_fpu_disabled;               \
390     }
391 
392 #define CHECK_FPSCR_PR_0 \
393     if (ctx->tbflags & FPSCR_PR) {          \
394         goto do_illegal;                    \
395     }
396 
397 #define CHECK_FPSCR_PR_1 \
398     if (!(ctx->tbflags & FPSCR_PR)) {       \
399         goto do_illegal;                    \
400     }
401 
402 #define CHECK_SH4A \
403     if (!(ctx->features & SH_FEATURE_SH4A)) { \
404         goto do_illegal;                      \
405     }
406 
407 static void _decode_opc(DisasContext * ctx)
408 {
409     /* This code tries to make movcal emulation sufficiently
410        accurate for Linux purposes.  This instruction writes
411        memory, and prior to that, always allocates a cache line.
412        It is used in two contexts:
413        - in memcpy, where data is copied in blocks, the first write
414        of to a block uses movca.l for performance.
415        - in arch/sh/mm/cache-sh4.c, movcal.l + ocbi combination is used
416        to flush the cache. Here, the data written by movcal.l is never
417        written to memory, and the data written is just bogus.
418 
419        To simulate this, we simulate movcal.l, we store the value to memory,
420        but we also remember the previous content. If we see ocbi, we check
421        if movcal.l for that address was done previously. If so, the write should
422        not have hit the memory, so we restore the previous content.
423        When we see an instruction that is neither movca.l
424        nor ocbi, the previous content is discarded.
425 
426        To optimize, we only try to flush stores when we're at the start of
427        TB, or if we already saw movca.l in this TB and did not flush stores
428        yet.  */
429     if (ctx->has_movcal)
430 	{
431 	  int opcode = ctx->opcode & 0xf0ff;
432 	  if (opcode != 0x0093 /* ocbi */
433 	      && opcode != 0x00c3 /* movca.l */)
434 	      {
435                   gen_helper_discard_movcal_backup(cpu_env);
436 		  ctx->has_movcal = 0;
437 	      }
438 	}
439 
440 #if 0
441     fprintf(stderr, "Translating opcode 0x%04x\n", ctx->opcode);
442 #endif
443 
444     switch (ctx->opcode) {
445     case 0x0019:		/* div0u */
446         tcg_gen_movi_i32(cpu_sr_m, 0);
447         tcg_gen_movi_i32(cpu_sr_q, 0);
448         tcg_gen_movi_i32(cpu_sr_t, 0);
449 	return;
450     case 0x000b:		/* rts */
451 	CHECK_NOT_DELAY_SLOT
452 	tcg_gen_mov_i32(cpu_delayed_pc, cpu_pr);
453         ctx->envflags |= DELAY_SLOT;
454 	ctx->delayed_pc = (uint32_t) - 1;
455 	return;
456     case 0x0028:		/* clrmac */
457 	tcg_gen_movi_i32(cpu_mach, 0);
458 	tcg_gen_movi_i32(cpu_macl, 0);
459 	return;
460     case 0x0048:		/* clrs */
461         tcg_gen_andi_i32(cpu_sr, cpu_sr, ~(1u << SR_S));
462 	return;
463     case 0x0008:		/* clrt */
464         tcg_gen_movi_i32(cpu_sr_t, 0);
465 	return;
466     case 0x0038:		/* ldtlb */
467 	CHECK_PRIVILEGED
468         gen_helper_ldtlb(cpu_env);
469 	return;
470     case 0x002b:		/* rte */
471 	CHECK_PRIVILEGED
472 	CHECK_NOT_DELAY_SLOT
473         gen_write_sr(cpu_ssr);
474 	tcg_gen_mov_i32(cpu_delayed_pc, cpu_spc);
475         ctx->envflags |= DELAY_SLOT_RTE;
476 	ctx->delayed_pc = (uint32_t) - 1;
477         ctx->bstate = BS_STOP;
478 	return;
479     case 0x0058:		/* sets */
480         tcg_gen_ori_i32(cpu_sr, cpu_sr, (1u << SR_S));
481 	return;
482     case 0x0018:		/* sett */
483         tcg_gen_movi_i32(cpu_sr_t, 1);
484 	return;
485     case 0xfbfd:		/* frchg */
486         CHECK_FPSCR_PR_0
487 	tcg_gen_xori_i32(cpu_fpscr, cpu_fpscr, FPSCR_FR);
488 	ctx->bstate = BS_STOP;
489 	return;
490     case 0xf3fd:		/* fschg */
491         CHECK_FPSCR_PR_0
492         tcg_gen_xori_i32(cpu_fpscr, cpu_fpscr, FPSCR_SZ);
493 	ctx->bstate = BS_STOP;
494 	return;
495     case 0xf7fd:                /* fpchg */
496         CHECK_SH4A
497         tcg_gen_xori_i32(cpu_fpscr, cpu_fpscr, FPSCR_PR);
498         ctx->bstate = BS_STOP;
499         return;
500     case 0x0009:		/* nop */
501 	return;
502     case 0x001b:		/* sleep */
503 	CHECK_PRIVILEGED
504         tcg_gen_movi_i32(cpu_pc, ctx->pc + 2);
505         gen_helper_sleep(cpu_env);
506 	return;
507     }
508 
509     switch (ctx->opcode & 0xf000) {
510     case 0x1000:		/* mov.l Rm,@(disp,Rn) */
511 	{
512 	    TCGv addr = tcg_temp_new();
513 	    tcg_gen_addi_i32(addr, REG(B11_8), B3_0 * 4);
514             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUL);
515 	    tcg_temp_free(addr);
516 	}
517 	return;
518     case 0x5000:		/* mov.l @(disp,Rm),Rn */
519 	{
520 	    TCGv addr = tcg_temp_new();
521 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 4);
522             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESL);
523 	    tcg_temp_free(addr);
524 	}
525 	return;
526     case 0xe000:		/* mov #imm,Rn */
527 #ifdef CONFIG_USER_ONLY
528         /* Detect the start of a gUSA region.  If so, update envflags
529            and end the TB.  This will allow us to see the end of the
530            region (stored in R0) in the next TB.  */
531         if (B11_8 == 15 && B7_0s < 0 && parallel_cpus) {
532             ctx->envflags = deposit32(ctx->envflags, GUSA_SHIFT, 8, B7_0s);
533             ctx->bstate = BS_STOP;
534         }
535 #endif
536 	tcg_gen_movi_i32(REG(B11_8), B7_0s);
537 	return;
538     case 0x9000:		/* mov.w @(disp,PC),Rn */
539 	{
540 	    TCGv addr = tcg_const_i32(ctx->pc + 4 + B7_0 * 2);
541             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESW);
542 	    tcg_temp_free(addr);
543 	}
544 	return;
545     case 0xd000:		/* mov.l @(disp,PC),Rn */
546 	{
547 	    TCGv addr = tcg_const_i32((ctx->pc + 4 + B7_0 * 4) & ~3);
548             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESL);
549 	    tcg_temp_free(addr);
550 	}
551 	return;
552     case 0x7000:		/* add #imm,Rn */
553 	tcg_gen_addi_i32(REG(B11_8), REG(B11_8), B7_0s);
554 	return;
555     case 0xa000:		/* bra disp */
556 	CHECK_NOT_DELAY_SLOT
557 	ctx->delayed_pc = ctx->pc + 4 + B11_0s * 2;
558         ctx->envflags |= DELAY_SLOT;
559 	return;
560     case 0xb000:		/* bsr disp */
561 	CHECK_NOT_DELAY_SLOT
562 	tcg_gen_movi_i32(cpu_pr, ctx->pc + 4);
563 	ctx->delayed_pc = ctx->pc + 4 + B11_0s * 2;
564         ctx->envflags |= DELAY_SLOT;
565 	return;
566     }
567 
568     switch (ctx->opcode & 0xf00f) {
569     case 0x6003:		/* mov Rm,Rn */
570 	tcg_gen_mov_i32(REG(B11_8), REG(B7_4));
571 	return;
572     case 0x2000:		/* mov.b Rm,@Rn */
573         tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx, MO_UB);
574 	return;
575     case 0x2001:		/* mov.w Rm,@Rn */
576         tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx, MO_TEUW);
577 	return;
578     case 0x2002:		/* mov.l Rm,@Rn */
579         tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx, MO_TEUL);
580 	return;
581     case 0x6000:		/* mov.b @Rm,Rn */
582         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_SB);
583 	return;
584     case 0x6001:		/* mov.w @Rm,Rn */
585         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESW);
586 	return;
587     case 0x6002:		/* mov.l @Rm,Rn */
588         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESL);
589 	return;
590     case 0x2004:		/* mov.b Rm,@-Rn */
591 	{
592 	    TCGv addr = tcg_temp_new();
593 	    tcg_gen_subi_i32(addr, REG(B11_8), 1);
594             /* might cause re-execution */
595             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_UB);
596 	    tcg_gen_mov_i32(REG(B11_8), addr);			/* modify register status */
597 	    tcg_temp_free(addr);
598 	}
599 	return;
600     case 0x2005:		/* mov.w Rm,@-Rn */
601 	{
602 	    TCGv addr = tcg_temp_new();
603 	    tcg_gen_subi_i32(addr, REG(B11_8), 2);
604             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUW);
605 	    tcg_gen_mov_i32(REG(B11_8), addr);
606 	    tcg_temp_free(addr);
607 	}
608 	return;
609     case 0x2006:		/* mov.l Rm,@-Rn */
610 	{
611 	    TCGv addr = tcg_temp_new();
612 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
613             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUL);
614 	    tcg_gen_mov_i32(REG(B11_8), addr);
615 	}
616 	return;
617     case 0x6004:		/* mov.b @Rm+,Rn */
618         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_SB);
619 	if ( B11_8 != B7_4 )
620 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 1);
621 	return;
622     case 0x6005:		/* mov.w @Rm+,Rn */
623         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESW);
624 	if ( B11_8 != B7_4 )
625 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 2);
626 	return;
627     case 0x6006:		/* mov.l @Rm+,Rn */
628         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESL);
629 	if ( B11_8 != B7_4 )
630 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
631 	return;
632     case 0x0004:		/* mov.b Rm,@(R0,Rn) */
633 	{
634 	    TCGv addr = tcg_temp_new();
635 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
636             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_UB);
637 	    tcg_temp_free(addr);
638 	}
639 	return;
640     case 0x0005:		/* mov.w Rm,@(R0,Rn) */
641 	{
642 	    TCGv addr = tcg_temp_new();
643 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
644             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUW);
645 	    tcg_temp_free(addr);
646 	}
647 	return;
648     case 0x0006:		/* mov.l Rm,@(R0,Rn) */
649 	{
650 	    TCGv addr = tcg_temp_new();
651 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
652             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUL);
653 	    tcg_temp_free(addr);
654 	}
655 	return;
656     case 0x000c:		/* mov.b @(R0,Rm),Rn */
657 	{
658 	    TCGv addr = tcg_temp_new();
659 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
660             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_SB);
661 	    tcg_temp_free(addr);
662 	}
663 	return;
664     case 0x000d:		/* mov.w @(R0,Rm),Rn */
665 	{
666 	    TCGv addr = tcg_temp_new();
667 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
668             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESW);
669 	    tcg_temp_free(addr);
670 	}
671 	return;
672     case 0x000e:		/* mov.l @(R0,Rm),Rn */
673 	{
674 	    TCGv addr = tcg_temp_new();
675 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
676             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESL);
677 	    tcg_temp_free(addr);
678 	}
679 	return;
680     case 0x6008:		/* swap.b Rm,Rn */
681 	{
682             TCGv low = tcg_temp_new();;
683 	    tcg_gen_ext16u_i32(low, REG(B7_4));
684 	    tcg_gen_bswap16_i32(low, low);
685             tcg_gen_deposit_i32(REG(B11_8), REG(B7_4), low, 0, 16);
686 	    tcg_temp_free(low);
687 	}
688 	return;
689     case 0x6009:		/* swap.w Rm,Rn */
690         tcg_gen_rotli_i32(REG(B11_8), REG(B7_4), 16);
691 	return;
692     case 0x200d:		/* xtrct Rm,Rn */
693 	{
694 	    TCGv high, low;
695 	    high = tcg_temp_new();
696 	    tcg_gen_shli_i32(high, REG(B7_4), 16);
697 	    low = tcg_temp_new();
698 	    tcg_gen_shri_i32(low, REG(B11_8), 16);
699 	    tcg_gen_or_i32(REG(B11_8), high, low);
700 	    tcg_temp_free(low);
701 	    tcg_temp_free(high);
702 	}
703 	return;
704     case 0x300c:		/* add Rm,Rn */
705 	tcg_gen_add_i32(REG(B11_8), REG(B11_8), REG(B7_4));
706 	return;
707     case 0x300e:		/* addc Rm,Rn */
708         {
709             TCGv t0, t1;
710             t0 = tcg_const_tl(0);
711             t1 = tcg_temp_new();
712             tcg_gen_add2_i32(t1, cpu_sr_t, cpu_sr_t, t0, REG(B7_4), t0);
713             tcg_gen_add2_i32(REG(B11_8), cpu_sr_t,
714                              REG(B11_8), t0, t1, cpu_sr_t);
715             tcg_temp_free(t0);
716             tcg_temp_free(t1);
717         }
718 	return;
719     case 0x300f:		/* addv Rm,Rn */
720         {
721             TCGv t0, t1, t2;
722             t0 = tcg_temp_new();
723             tcg_gen_add_i32(t0, REG(B7_4), REG(B11_8));
724             t1 = tcg_temp_new();
725             tcg_gen_xor_i32(t1, t0, REG(B11_8));
726             t2 = tcg_temp_new();
727             tcg_gen_xor_i32(t2, REG(B7_4), REG(B11_8));
728             tcg_gen_andc_i32(cpu_sr_t, t1, t2);
729             tcg_temp_free(t2);
730             tcg_gen_shri_i32(cpu_sr_t, cpu_sr_t, 31);
731             tcg_temp_free(t1);
732             tcg_gen_mov_i32(REG(B7_4), t0);
733             tcg_temp_free(t0);
734         }
735 	return;
736     case 0x2009:		/* and Rm,Rn */
737 	tcg_gen_and_i32(REG(B11_8), REG(B11_8), REG(B7_4));
738 	return;
739     case 0x3000:		/* cmp/eq Rm,Rn */
740         tcg_gen_setcond_i32(TCG_COND_EQ, cpu_sr_t, REG(B11_8), REG(B7_4));
741 	return;
742     case 0x3003:		/* cmp/ge Rm,Rn */
743         tcg_gen_setcond_i32(TCG_COND_GE, cpu_sr_t, REG(B11_8), REG(B7_4));
744 	return;
745     case 0x3007:		/* cmp/gt Rm,Rn */
746         tcg_gen_setcond_i32(TCG_COND_GT, cpu_sr_t, REG(B11_8), REG(B7_4));
747 	return;
748     case 0x3006:		/* cmp/hi Rm,Rn */
749         tcg_gen_setcond_i32(TCG_COND_GTU, cpu_sr_t, REG(B11_8), REG(B7_4));
750 	return;
751     case 0x3002:		/* cmp/hs Rm,Rn */
752         tcg_gen_setcond_i32(TCG_COND_GEU, cpu_sr_t, REG(B11_8), REG(B7_4));
753 	return;
754     case 0x200c:		/* cmp/str Rm,Rn */
755 	{
756 	    TCGv cmp1 = tcg_temp_new();
757 	    TCGv cmp2 = tcg_temp_new();
758             tcg_gen_xor_i32(cmp2, REG(B7_4), REG(B11_8));
759             tcg_gen_subi_i32(cmp1, cmp2, 0x01010101);
760             tcg_gen_andc_i32(cmp1, cmp1, cmp2);
761             tcg_gen_andi_i32(cmp1, cmp1, 0x80808080);
762             tcg_gen_setcondi_i32(TCG_COND_NE, cpu_sr_t, cmp1, 0);
763 	    tcg_temp_free(cmp2);
764 	    tcg_temp_free(cmp1);
765 	}
766 	return;
767     case 0x2007:		/* div0s Rm,Rn */
768         tcg_gen_shri_i32(cpu_sr_q, REG(B11_8), 31);         /* SR_Q */
769         tcg_gen_shri_i32(cpu_sr_m, REG(B7_4), 31);          /* SR_M */
770         tcg_gen_xor_i32(cpu_sr_t, cpu_sr_q, cpu_sr_m);      /* SR_T */
771 	return;
772     case 0x3004:		/* div1 Rm,Rn */
773         {
774             TCGv t0 = tcg_temp_new();
775             TCGv t1 = tcg_temp_new();
776             TCGv t2 = tcg_temp_new();
777             TCGv zero = tcg_const_i32(0);
778 
779             /* shift left arg1, saving the bit being pushed out and inserting
780                T on the right */
781             tcg_gen_shri_i32(t0, REG(B11_8), 31);
782             tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 1);
783             tcg_gen_or_i32(REG(B11_8), REG(B11_8), cpu_sr_t);
784 
785             /* Add or subtract arg0 from arg1 depending if Q == M. To avoid
786                using 64-bit temps, we compute arg0's high part from q ^ m, so
787                that it is 0x00000000 when adding the value or 0xffffffff when
788                subtracting it. */
789             tcg_gen_xor_i32(t1, cpu_sr_q, cpu_sr_m);
790             tcg_gen_subi_i32(t1, t1, 1);
791             tcg_gen_neg_i32(t2, REG(B7_4));
792             tcg_gen_movcond_i32(TCG_COND_EQ, t2, t1, zero, REG(B7_4), t2);
793             tcg_gen_add2_i32(REG(B11_8), t1, REG(B11_8), zero, t2, t1);
794 
795             /* compute T and Q depending on carry */
796             tcg_gen_andi_i32(t1, t1, 1);
797             tcg_gen_xor_i32(t1, t1, t0);
798             tcg_gen_xori_i32(cpu_sr_t, t1, 1);
799             tcg_gen_xor_i32(cpu_sr_q, cpu_sr_m, t1);
800 
801             tcg_temp_free(zero);
802             tcg_temp_free(t2);
803             tcg_temp_free(t1);
804             tcg_temp_free(t0);
805         }
806 	return;
807     case 0x300d:		/* dmuls.l Rm,Rn */
808         tcg_gen_muls2_i32(cpu_macl, cpu_mach, REG(B7_4), REG(B11_8));
809 	return;
810     case 0x3005:		/* dmulu.l Rm,Rn */
811         tcg_gen_mulu2_i32(cpu_macl, cpu_mach, REG(B7_4), REG(B11_8));
812 	return;
813     case 0x600e:		/* exts.b Rm,Rn */
814 	tcg_gen_ext8s_i32(REG(B11_8), REG(B7_4));
815 	return;
816     case 0x600f:		/* exts.w Rm,Rn */
817 	tcg_gen_ext16s_i32(REG(B11_8), REG(B7_4));
818 	return;
819     case 0x600c:		/* extu.b Rm,Rn */
820 	tcg_gen_ext8u_i32(REG(B11_8), REG(B7_4));
821 	return;
822     case 0x600d:		/* extu.w Rm,Rn */
823 	tcg_gen_ext16u_i32(REG(B11_8), REG(B7_4));
824 	return;
825     case 0x000f:		/* mac.l @Rm+,@Rn+ */
826 	{
827 	    TCGv arg0, arg1;
828 	    arg0 = tcg_temp_new();
829             tcg_gen_qemu_ld_i32(arg0, REG(B7_4), ctx->memidx, MO_TESL);
830 	    arg1 = tcg_temp_new();
831             tcg_gen_qemu_ld_i32(arg1, REG(B11_8), ctx->memidx, MO_TESL);
832             gen_helper_macl(cpu_env, arg0, arg1);
833 	    tcg_temp_free(arg1);
834 	    tcg_temp_free(arg0);
835 	    tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
836 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
837 	}
838 	return;
839     case 0x400f:		/* mac.w @Rm+,@Rn+ */
840 	{
841 	    TCGv arg0, arg1;
842 	    arg0 = tcg_temp_new();
843             tcg_gen_qemu_ld_i32(arg0, REG(B7_4), ctx->memidx, MO_TESL);
844 	    arg1 = tcg_temp_new();
845             tcg_gen_qemu_ld_i32(arg1, REG(B11_8), ctx->memidx, MO_TESL);
846             gen_helper_macw(cpu_env, arg0, arg1);
847 	    tcg_temp_free(arg1);
848 	    tcg_temp_free(arg0);
849 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 2);
850 	    tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 2);
851 	}
852 	return;
853     case 0x0007:		/* mul.l Rm,Rn */
854 	tcg_gen_mul_i32(cpu_macl, REG(B7_4), REG(B11_8));
855 	return;
856     case 0x200f:		/* muls.w Rm,Rn */
857 	{
858 	    TCGv arg0, arg1;
859 	    arg0 = tcg_temp_new();
860 	    tcg_gen_ext16s_i32(arg0, REG(B7_4));
861 	    arg1 = tcg_temp_new();
862 	    tcg_gen_ext16s_i32(arg1, REG(B11_8));
863 	    tcg_gen_mul_i32(cpu_macl, arg0, arg1);
864 	    tcg_temp_free(arg1);
865 	    tcg_temp_free(arg0);
866 	}
867 	return;
868     case 0x200e:		/* mulu.w Rm,Rn */
869 	{
870 	    TCGv arg0, arg1;
871 	    arg0 = tcg_temp_new();
872 	    tcg_gen_ext16u_i32(arg0, REG(B7_4));
873 	    arg1 = tcg_temp_new();
874 	    tcg_gen_ext16u_i32(arg1, REG(B11_8));
875 	    tcg_gen_mul_i32(cpu_macl, arg0, arg1);
876 	    tcg_temp_free(arg1);
877 	    tcg_temp_free(arg0);
878 	}
879 	return;
880     case 0x600b:		/* neg Rm,Rn */
881 	tcg_gen_neg_i32(REG(B11_8), REG(B7_4));
882 	return;
883     case 0x600a:		/* negc Rm,Rn */
884         {
885             TCGv t0 = tcg_const_i32(0);
886             tcg_gen_add2_i32(REG(B11_8), cpu_sr_t,
887                              REG(B7_4), t0, cpu_sr_t, t0);
888             tcg_gen_sub2_i32(REG(B11_8), cpu_sr_t,
889                              t0, t0, REG(B11_8), cpu_sr_t);
890             tcg_gen_andi_i32(cpu_sr_t, cpu_sr_t, 1);
891             tcg_temp_free(t0);
892         }
893 	return;
894     case 0x6007:		/* not Rm,Rn */
895 	tcg_gen_not_i32(REG(B11_8), REG(B7_4));
896 	return;
897     case 0x200b:		/* or Rm,Rn */
898 	tcg_gen_or_i32(REG(B11_8), REG(B11_8), REG(B7_4));
899 	return;
900     case 0x400c:		/* shad Rm,Rn */
901 	{
902             TCGv t0 = tcg_temp_new();
903             TCGv t1 = tcg_temp_new();
904             TCGv t2 = tcg_temp_new();
905 
906             tcg_gen_andi_i32(t0, REG(B7_4), 0x1f);
907 
908             /* positive case: shift to the left */
909             tcg_gen_shl_i32(t1, REG(B11_8), t0);
910 
911             /* negative case: shift to the right in two steps to
912                correctly handle the -32 case */
913             tcg_gen_xori_i32(t0, t0, 0x1f);
914             tcg_gen_sar_i32(t2, REG(B11_8), t0);
915             tcg_gen_sari_i32(t2, t2, 1);
916 
917             /* select between the two cases */
918             tcg_gen_movi_i32(t0, 0);
919             tcg_gen_movcond_i32(TCG_COND_GE, REG(B11_8), REG(B7_4), t0, t1, t2);
920 
921             tcg_temp_free(t0);
922             tcg_temp_free(t1);
923             tcg_temp_free(t2);
924 	}
925 	return;
926     case 0x400d:		/* shld Rm,Rn */
927 	{
928             TCGv t0 = tcg_temp_new();
929             TCGv t1 = tcg_temp_new();
930             TCGv t2 = tcg_temp_new();
931 
932             tcg_gen_andi_i32(t0, REG(B7_4), 0x1f);
933 
934             /* positive case: shift to the left */
935             tcg_gen_shl_i32(t1, REG(B11_8), t0);
936 
937             /* negative case: shift to the right in two steps to
938                correctly handle the -32 case */
939             tcg_gen_xori_i32(t0, t0, 0x1f);
940             tcg_gen_shr_i32(t2, REG(B11_8), t0);
941             tcg_gen_shri_i32(t2, t2, 1);
942 
943             /* select between the two cases */
944             tcg_gen_movi_i32(t0, 0);
945             tcg_gen_movcond_i32(TCG_COND_GE, REG(B11_8), REG(B7_4), t0, t1, t2);
946 
947             tcg_temp_free(t0);
948             tcg_temp_free(t1);
949             tcg_temp_free(t2);
950 	}
951 	return;
952     case 0x3008:		/* sub Rm,Rn */
953 	tcg_gen_sub_i32(REG(B11_8), REG(B11_8), REG(B7_4));
954 	return;
955     case 0x300a:		/* subc Rm,Rn */
956         {
957             TCGv t0, t1;
958             t0 = tcg_const_tl(0);
959             t1 = tcg_temp_new();
960             tcg_gen_add2_i32(t1, cpu_sr_t, cpu_sr_t, t0, REG(B7_4), t0);
961             tcg_gen_sub2_i32(REG(B11_8), cpu_sr_t,
962                              REG(B11_8), t0, t1, cpu_sr_t);
963             tcg_gen_andi_i32(cpu_sr_t, cpu_sr_t, 1);
964             tcg_temp_free(t0);
965             tcg_temp_free(t1);
966         }
967 	return;
968     case 0x300b:		/* subv Rm,Rn */
969         {
970             TCGv t0, t1, t2;
971             t0 = tcg_temp_new();
972             tcg_gen_sub_i32(t0, REG(B11_8), REG(B7_4));
973             t1 = tcg_temp_new();
974             tcg_gen_xor_i32(t1, t0, REG(B7_4));
975             t2 = tcg_temp_new();
976             tcg_gen_xor_i32(t2, REG(B11_8), REG(B7_4));
977             tcg_gen_and_i32(t1, t1, t2);
978             tcg_temp_free(t2);
979             tcg_gen_shri_i32(cpu_sr_t, t1, 31);
980             tcg_temp_free(t1);
981             tcg_gen_mov_i32(REG(B11_8), t0);
982             tcg_temp_free(t0);
983         }
984 	return;
985     case 0x2008:		/* tst Rm,Rn */
986 	{
987 	    TCGv val = tcg_temp_new();
988 	    tcg_gen_and_i32(val, REG(B7_4), REG(B11_8));
989             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
990 	    tcg_temp_free(val);
991 	}
992 	return;
993     case 0x200a:		/* xor Rm,Rn */
994 	tcg_gen_xor_i32(REG(B11_8), REG(B11_8), REG(B7_4));
995 	return;
996     case 0xf00c: /* fmov {F,D,X}Rm,{F,D,X}Rn - FPSCR: Nothing */
997 	CHECK_FPU_ENABLED
998         if (ctx->tbflags & FPSCR_SZ) {
999             int xsrc = XHACK(B7_4);
1000             int xdst = XHACK(B11_8);
1001             tcg_gen_mov_i32(FREG(xdst), FREG(xsrc));
1002             tcg_gen_mov_i32(FREG(xdst + 1), FREG(xsrc + 1));
1003 	} else {
1004             tcg_gen_mov_i32(FREG(B11_8), FREG(B7_4));
1005 	}
1006 	return;
1007     case 0xf00a: /* fmov {F,D,X}Rm,@Rn - FPSCR: Nothing */
1008 	CHECK_FPU_ENABLED
1009         if (ctx->tbflags & FPSCR_SZ) {
1010             TCGv_i64 fp = tcg_temp_new_i64();
1011             gen_load_fpr64(ctx, fp, XHACK(B7_4));
1012             tcg_gen_qemu_st_i64(fp, REG(B11_8), ctx->memidx, MO_TEQ);
1013             tcg_temp_free_i64(fp);
1014 	} else {
1015             tcg_gen_qemu_st_i32(FREG(B7_4), REG(B11_8), ctx->memidx, MO_TEUL);
1016 	}
1017 	return;
1018     case 0xf008: /* fmov @Rm,{F,D,X}Rn - FPSCR: Nothing */
1019 	CHECK_FPU_ENABLED
1020         if (ctx->tbflags & FPSCR_SZ) {
1021             TCGv_i64 fp = tcg_temp_new_i64();
1022             tcg_gen_qemu_ld_i64(fp, REG(B7_4), ctx->memidx, MO_TEQ);
1023             gen_store_fpr64(ctx, fp, XHACK(B11_8));
1024             tcg_temp_free_i64(fp);
1025 	} else {
1026             tcg_gen_qemu_ld_i32(FREG(B11_8), REG(B7_4), ctx->memidx, MO_TEUL);
1027 	}
1028 	return;
1029     case 0xf009: /* fmov @Rm+,{F,D,X}Rn - FPSCR: Nothing */
1030 	CHECK_FPU_ENABLED
1031         if (ctx->tbflags & FPSCR_SZ) {
1032             TCGv_i64 fp = tcg_temp_new_i64();
1033             tcg_gen_qemu_ld_i64(fp, REG(B7_4), ctx->memidx, MO_TEQ);
1034             gen_store_fpr64(ctx, fp, XHACK(B11_8));
1035             tcg_temp_free_i64(fp);
1036             tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 8);
1037 	} else {
1038             tcg_gen_qemu_ld_i32(FREG(B11_8), REG(B7_4), ctx->memidx, MO_TEUL);
1039 	    tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
1040 	}
1041 	return;
1042     case 0xf00b: /* fmov {F,D,X}Rm,@-Rn - FPSCR: Nothing */
1043 	CHECK_FPU_ENABLED
1044         {
1045             TCGv addr = tcg_temp_new_i32();
1046             if (ctx->tbflags & FPSCR_SZ) {
1047                 TCGv_i64 fp = tcg_temp_new_i64();
1048                 gen_load_fpr64(ctx, fp, XHACK(B7_4));
1049                 tcg_gen_subi_i32(addr, REG(B11_8), 8);
1050                 tcg_gen_qemu_st_i64(fp, addr, ctx->memidx, MO_TEQ);
1051                 tcg_temp_free_i64(fp);
1052             } else {
1053                 tcg_gen_subi_i32(addr, REG(B11_8), 4);
1054                 tcg_gen_qemu_st_i32(FREG(B7_4), addr, ctx->memidx, MO_TEUL);
1055             }
1056             tcg_gen_mov_i32(REG(B11_8), addr);
1057             tcg_temp_free(addr);
1058         }
1059 	return;
1060     case 0xf006: /* fmov @(R0,Rm),{F,D,X}Rm - FPSCR: Nothing */
1061 	CHECK_FPU_ENABLED
1062 	{
1063 	    TCGv addr = tcg_temp_new_i32();
1064 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
1065             if (ctx->tbflags & FPSCR_SZ) {
1066                 TCGv_i64 fp = tcg_temp_new_i64();
1067                 tcg_gen_qemu_ld_i64(fp, addr, ctx->memidx, MO_TEQ);
1068                 gen_store_fpr64(ctx, fp, XHACK(B11_8));
1069                 tcg_temp_free_i64(fp);
1070 	    } else {
1071                 tcg_gen_qemu_ld_i32(FREG(B11_8), addr, ctx->memidx, MO_TEUL);
1072 	    }
1073 	    tcg_temp_free(addr);
1074 	}
1075 	return;
1076     case 0xf007: /* fmov {F,D,X}Rn,@(R0,Rn) - FPSCR: Nothing */
1077 	CHECK_FPU_ENABLED
1078 	{
1079 	    TCGv addr = tcg_temp_new();
1080 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
1081             if (ctx->tbflags & FPSCR_SZ) {
1082                 TCGv_i64 fp = tcg_temp_new_i64();
1083                 gen_load_fpr64(ctx, fp, XHACK(B7_4));
1084                 tcg_gen_qemu_st_i64(fp, addr, ctx->memidx, MO_TEQ);
1085                 tcg_temp_free_i64(fp);
1086 	    } else {
1087                 tcg_gen_qemu_st_i32(FREG(B7_4), addr, ctx->memidx, MO_TEUL);
1088 	    }
1089 	    tcg_temp_free(addr);
1090 	}
1091 	return;
1092     case 0xf000: /* fadd Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1093     case 0xf001: /* fsub Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1094     case 0xf002: /* fmul Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1095     case 0xf003: /* fdiv Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1096     case 0xf004: /* fcmp/eq Rm,Rn - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
1097     case 0xf005: /* fcmp/gt Rm,Rn - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
1098 	{
1099 	    CHECK_FPU_ENABLED
1100             if (ctx->tbflags & FPSCR_PR) {
1101                 TCGv_i64 fp0, fp1;
1102 
1103                 if (ctx->opcode & 0x0110) {
1104                     goto do_illegal;
1105                 }
1106 		fp0 = tcg_temp_new_i64();
1107 		fp1 = tcg_temp_new_i64();
1108                 gen_load_fpr64(ctx, fp0, B11_8);
1109                 gen_load_fpr64(ctx, fp1, B7_4);
1110                 switch (ctx->opcode & 0xf00f) {
1111                 case 0xf000:		/* fadd Rm,Rn */
1112                     gen_helper_fadd_DT(fp0, cpu_env, fp0, fp1);
1113                     break;
1114                 case 0xf001:		/* fsub Rm,Rn */
1115                     gen_helper_fsub_DT(fp0, cpu_env, fp0, fp1);
1116                     break;
1117                 case 0xf002:		/* fmul Rm,Rn */
1118                     gen_helper_fmul_DT(fp0, cpu_env, fp0, fp1);
1119                     break;
1120                 case 0xf003:		/* fdiv Rm,Rn */
1121                     gen_helper_fdiv_DT(fp0, cpu_env, fp0, fp1);
1122                     break;
1123                 case 0xf004:		/* fcmp/eq Rm,Rn */
1124                     gen_helper_fcmp_eq_DT(cpu_sr_t, cpu_env, fp0, fp1);
1125                     return;
1126                 case 0xf005:		/* fcmp/gt Rm,Rn */
1127                     gen_helper_fcmp_gt_DT(cpu_sr_t, cpu_env, fp0, fp1);
1128                     return;
1129                 }
1130                 gen_store_fpr64(ctx, fp0, B11_8);
1131                 tcg_temp_free_i64(fp0);
1132                 tcg_temp_free_i64(fp1);
1133 	    } else {
1134                 switch (ctx->opcode & 0xf00f) {
1135                 case 0xf000:		/* fadd Rm,Rn */
1136                     gen_helper_fadd_FT(FREG(B11_8), cpu_env,
1137                                        FREG(B11_8), FREG(B7_4));
1138                     break;
1139                 case 0xf001:		/* fsub Rm,Rn */
1140                     gen_helper_fsub_FT(FREG(B11_8), cpu_env,
1141                                        FREG(B11_8), FREG(B7_4));
1142                     break;
1143                 case 0xf002:		/* fmul Rm,Rn */
1144                     gen_helper_fmul_FT(FREG(B11_8), cpu_env,
1145                                        FREG(B11_8), FREG(B7_4));
1146                     break;
1147                 case 0xf003:		/* fdiv Rm,Rn */
1148                     gen_helper_fdiv_FT(FREG(B11_8), cpu_env,
1149                                        FREG(B11_8), FREG(B7_4));
1150                     break;
1151                 case 0xf004:		/* fcmp/eq Rm,Rn */
1152                     gen_helper_fcmp_eq_FT(cpu_sr_t, cpu_env,
1153                                           FREG(B11_8), FREG(B7_4));
1154                     return;
1155                 case 0xf005:		/* fcmp/gt Rm,Rn */
1156                     gen_helper_fcmp_gt_FT(cpu_sr_t, cpu_env,
1157                                           FREG(B11_8), FREG(B7_4));
1158                     return;
1159                 }
1160 	    }
1161 	}
1162 	return;
1163     case 0xf00e: /* fmac FR0,RM,Rn */
1164         CHECK_FPU_ENABLED
1165         CHECK_FPSCR_PR_0
1166         gen_helper_fmac_FT(FREG(B11_8), cpu_env,
1167                            FREG(0), FREG(B7_4), FREG(B11_8));
1168         return;
1169     }
1170 
1171     switch (ctx->opcode & 0xff00) {
1172     case 0xc900:		/* and #imm,R0 */
1173 	tcg_gen_andi_i32(REG(0), REG(0), B7_0);
1174 	return;
1175     case 0xcd00:		/* and.b #imm,@(R0,GBR) */
1176 	{
1177 	    TCGv addr, val;
1178 	    addr = tcg_temp_new();
1179 	    tcg_gen_add_i32(addr, REG(0), cpu_gbr);
1180 	    val = tcg_temp_new();
1181             tcg_gen_qemu_ld_i32(val, addr, ctx->memidx, MO_UB);
1182 	    tcg_gen_andi_i32(val, val, B7_0);
1183             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_UB);
1184 	    tcg_temp_free(val);
1185 	    tcg_temp_free(addr);
1186 	}
1187 	return;
1188     case 0x8b00:		/* bf label */
1189 	CHECK_NOT_DELAY_SLOT
1190         gen_conditional_jump(ctx, ctx->pc + 4 + B7_0s * 2, false);
1191 	return;
1192     case 0x8f00:		/* bf/s label */
1193 	CHECK_NOT_DELAY_SLOT
1194         tcg_gen_xori_i32(cpu_delayed_cond, cpu_sr_t, 1);
1195         ctx->delayed_pc = ctx->pc + 4 + B7_0s * 2;
1196         ctx->envflags |= DELAY_SLOT_CONDITIONAL;
1197 	return;
1198     case 0x8900:		/* bt label */
1199 	CHECK_NOT_DELAY_SLOT
1200         gen_conditional_jump(ctx, ctx->pc + 4 + B7_0s * 2, true);
1201 	return;
1202     case 0x8d00:		/* bt/s label */
1203 	CHECK_NOT_DELAY_SLOT
1204         tcg_gen_mov_i32(cpu_delayed_cond, cpu_sr_t);
1205         ctx->delayed_pc = ctx->pc + 4 + B7_0s * 2;
1206         ctx->envflags |= DELAY_SLOT_CONDITIONAL;
1207 	return;
1208     case 0x8800:		/* cmp/eq #imm,R0 */
1209         tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, REG(0), B7_0s);
1210 	return;
1211     case 0xc400:		/* mov.b @(disp,GBR),R0 */
1212 	{
1213 	    TCGv addr = tcg_temp_new();
1214 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0);
1215             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_SB);
1216 	    tcg_temp_free(addr);
1217 	}
1218 	return;
1219     case 0xc500:		/* mov.w @(disp,GBR),R0 */
1220 	{
1221 	    TCGv addr = tcg_temp_new();
1222 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 2);
1223             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_TESW);
1224 	    tcg_temp_free(addr);
1225 	}
1226 	return;
1227     case 0xc600:		/* mov.l @(disp,GBR),R0 */
1228 	{
1229 	    TCGv addr = tcg_temp_new();
1230 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 4);
1231             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_TESL);
1232 	    tcg_temp_free(addr);
1233 	}
1234 	return;
1235     case 0xc000:		/* mov.b R0,@(disp,GBR) */
1236 	{
1237 	    TCGv addr = tcg_temp_new();
1238 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0);
1239             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_UB);
1240 	    tcg_temp_free(addr);
1241 	}
1242 	return;
1243     case 0xc100:		/* mov.w R0,@(disp,GBR) */
1244 	{
1245 	    TCGv addr = tcg_temp_new();
1246 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 2);
1247             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_TEUW);
1248 	    tcg_temp_free(addr);
1249 	}
1250 	return;
1251     case 0xc200:		/* mov.l R0,@(disp,GBR) */
1252 	{
1253 	    TCGv addr = tcg_temp_new();
1254 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 4);
1255             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_TEUL);
1256 	    tcg_temp_free(addr);
1257 	}
1258 	return;
1259     case 0x8000:		/* mov.b R0,@(disp,Rn) */
1260 	{
1261 	    TCGv addr = tcg_temp_new();
1262 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0);
1263             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_UB);
1264 	    tcg_temp_free(addr);
1265 	}
1266 	return;
1267     case 0x8100:		/* mov.w R0,@(disp,Rn) */
1268 	{
1269 	    TCGv addr = tcg_temp_new();
1270 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 2);
1271             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_TEUW);
1272 	    tcg_temp_free(addr);
1273 	}
1274 	return;
1275     case 0x8400:		/* mov.b @(disp,Rn),R0 */
1276 	{
1277 	    TCGv addr = tcg_temp_new();
1278 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0);
1279             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_SB);
1280 	    tcg_temp_free(addr);
1281 	}
1282 	return;
1283     case 0x8500:		/* mov.w @(disp,Rn),R0 */
1284 	{
1285 	    TCGv addr = tcg_temp_new();
1286 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 2);
1287             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_TESW);
1288 	    tcg_temp_free(addr);
1289 	}
1290 	return;
1291     case 0xc700:		/* mova @(disp,PC),R0 */
1292 	tcg_gen_movi_i32(REG(0), ((ctx->pc & 0xfffffffc) + 4 + B7_0 * 4) & ~3);
1293 	return;
1294     case 0xcb00:		/* or #imm,R0 */
1295 	tcg_gen_ori_i32(REG(0), REG(0), B7_0);
1296 	return;
1297     case 0xcf00:		/* or.b #imm,@(R0,GBR) */
1298 	{
1299 	    TCGv addr, val;
1300 	    addr = tcg_temp_new();
1301 	    tcg_gen_add_i32(addr, REG(0), cpu_gbr);
1302 	    val = tcg_temp_new();
1303             tcg_gen_qemu_ld_i32(val, addr, ctx->memidx, MO_UB);
1304 	    tcg_gen_ori_i32(val, val, B7_0);
1305             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_UB);
1306 	    tcg_temp_free(val);
1307 	    tcg_temp_free(addr);
1308 	}
1309 	return;
1310     case 0xc300:		/* trapa #imm */
1311 	{
1312 	    TCGv imm;
1313 	    CHECK_NOT_DELAY_SLOT
1314             gen_save_cpu_state(ctx, true);
1315 	    imm = tcg_const_i32(B7_0);
1316             gen_helper_trapa(cpu_env, imm);
1317 	    tcg_temp_free(imm);
1318             ctx->bstate = BS_EXCP;
1319 	}
1320 	return;
1321     case 0xc800:		/* tst #imm,R0 */
1322 	{
1323 	    TCGv val = tcg_temp_new();
1324 	    tcg_gen_andi_i32(val, REG(0), B7_0);
1325             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
1326 	    tcg_temp_free(val);
1327 	}
1328 	return;
1329     case 0xcc00:		/* tst.b #imm,@(R0,GBR) */
1330 	{
1331 	    TCGv val = tcg_temp_new();
1332 	    tcg_gen_add_i32(val, REG(0), cpu_gbr);
1333             tcg_gen_qemu_ld_i32(val, val, ctx->memidx, MO_UB);
1334 	    tcg_gen_andi_i32(val, val, B7_0);
1335             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
1336 	    tcg_temp_free(val);
1337 	}
1338 	return;
1339     case 0xca00:		/* xor #imm,R0 */
1340 	tcg_gen_xori_i32(REG(0), REG(0), B7_0);
1341 	return;
1342     case 0xce00:		/* xor.b #imm,@(R0,GBR) */
1343 	{
1344 	    TCGv addr, val;
1345 	    addr = tcg_temp_new();
1346 	    tcg_gen_add_i32(addr, REG(0), cpu_gbr);
1347 	    val = tcg_temp_new();
1348             tcg_gen_qemu_ld_i32(val, addr, ctx->memidx, MO_UB);
1349 	    tcg_gen_xori_i32(val, val, B7_0);
1350             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_UB);
1351 	    tcg_temp_free(val);
1352 	    tcg_temp_free(addr);
1353 	}
1354 	return;
1355     }
1356 
1357     switch (ctx->opcode & 0xf08f) {
1358     case 0x408e:		/* ldc Rm,Rn_BANK */
1359 	CHECK_PRIVILEGED
1360 	tcg_gen_mov_i32(ALTREG(B6_4), REG(B11_8));
1361 	return;
1362     case 0x4087:		/* ldc.l @Rm+,Rn_BANK */
1363 	CHECK_PRIVILEGED
1364         tcg_gen_qemu_ld_i32(ALTREG(B6_4), REG(B11_8), ctx->memidx, MO_TESL);
1365 	tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1366 	return;
1367     case 0x0082:		/* stc Rm_BANK,Rn */
1368 	CHECK_PRIVILEGED
1369 	tcg_gen_mov_i32(REG(B11_8), ALTREG(B6_4));
1370 	return;
1371     case 0x4083:		/* stc.l Rm_BANK,@-Rn */
1372 	CHECK_PRIVILEGED
1373 	{
1374 	    TCGv addr = tcg_temp_new();
1375 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
1376             tcg_gen_qemu_st_i32(ALTREG(B6_4), addr, ctx->memidx, MO_TEUL);
1377 	    tcg_gen_mov_i32(REG(B11_8), addr);
1378 	    tcg_temp_free(addr);
1379 	}
1380 	return;
1381     }
1382 
1383     switch (ctx->opcode & 0xf0ff) {
1384     case 0x0023:		/* braf Rn */
1385 	CHECK_NOT_DELAY_SLOT
1386 	tcg_gen_addi_i32(cpu_delayed_pc, REG(B11_8), ctx->pc + 4);
1387         ctx->envflags |= DELAY_SLOT;
1388 	ctx->delayed_pc = (uint32_t) - 1;
1389 	return;
1390     case 0x0003:		/* bsrf Rn */
1391 	CHECK_NOT_DELAY_SLOT
1392 	tcg_gen_movi_i32(cpu_pr, ctx->pc + 4);
1393 	tcg_gen_add_i32(cpu_delayed_pc, REG(B11_8), cpu_pr);
1394         ctx->envflags |= DELAY_SLOT;
1395 	ctx->delayed_pc = (uint32_t) - 1;
1396 	return;
1397     case 0x4015:		/* cmp/pl Rn */
1398         tcg_gen_setcondi_i32(TCG_COND_GT, cpu_sr_t, REG(B11_8), 0);
1399 	return;
1400     case 0x4011:		/* cmp/pz Rn */
1401         tcg_gen_setcondi_i32(TCG_COND_GE, cpu_sr_t, REG(B11_8), 0);
1402 	return;
1403     case 0x4010:		/* dt Rn */
1404 	tcg_gen_subi_i32(REG(B11_8), REG(B11_8), 1);
1405         tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, REG(B11_8), 0);
1406 	return;
1407     case 0x402b:		/* jmp @Rn */
1408 	CHECK_NOT_DELAY_SLOT
1409 	tcg_gen_mov_i32(cpu_delayed_pc, REG(B11_8));
1410         ctx->envflags |= DELAY_SLOT;
1411 	ctx->delayed_pc = (uint32_t) - 1;
1412 	return;
1413     case 0x400b:		/* jsr @Rn */
1414 	CHECK_NOT_DELAY_SLOT
1415 	tcg_gen_movi_i32(cpu_pr, ctx->pc + 4);
1416 	tcg_gen_mov_i32(cpu_delayed_pc, REG(B11_8));
1417         ctx->envflags |= DELAY_SLOT;
1418 	ctx->delayed_pc = (uint32_t) - 1;
1419 	return;
1420     case 0x400e:		/* ldc Rm,SR */
1421 	CHECK_PRIVILEGED
1422         {
1423             TCGv val = tcg_temp_new();
1424             tcg_gen_andi_i32(val, REG(B11_8), 0x700083f3);
1425             gen_write_sr(val);
1426             tcg_temp_free(val);
1427             ctx->bstate = BS_STOP;
1428         }
1429 	return;
1430     case 0x4007:		/* ldc.l @Rm+,SR */
1431 	CHECK_PRIVILEGED
1432 	{
1433 	    TCGv val = tcg_temp_new();
1434             tcg_gen_qemu_ld_i32(val, REG(B11_8), ctx->memidx, MO_TESL);
1435             tcg_gen_andi_i32(val, val, 0x700083f3);
1436             gen_write_sr(val);
1437 	    tcg_temp_free(val);
1438 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1439 	    ctx->bstate = BS_STOP;
1440 	}
1441 	return;
1442     case 0x0002:		/* stc SR,Rn */
1443 	CHECK_PRIVILEGED
1444         gen_read_sr(REG(B11_8));
1445 	return;
1446     case 0x4003:		/* stc SR,@-Rn */
1447 	CHECK_PRIVILEGED
1448 	{
1449 	    TCGv addr = tcg_temp_new();
1450             TCGv val = tcg_temp_new();
1451 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
1452             gen_read_sr(val);
1453             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_TEUL);
1454 	    tcg_gen_mov_i32(REG(B11_8), addr);
1455             tcg_temp_free(val);
1456 	    tcg_temp_free(addr);
1457 	}
1458 	return;
1459 #define LD(reg,ldnum,ldpnum,prechk)		\
1460   case ldnum:							\
1461     prechk    							\
1462     tcg_gen_mov_i32 (cpu_##reg, REG(B11_8));			\
1463     return;							\
1464   case ldpnum:							\
1465     prechk    							\
1466     tcg_gen_qemu_ld_i32(cpu_##reg, REG(B11_8), ctx->memidx, MO_TESL); \
1467     tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);		\
1468     return;
1469 #define ST(reg,stnum,stpnum,prechk)		\
1470   case stnum:							\
1471     prechk    							\
1472     tcg_gen_mov_i32 (REG(B11_8), cpu_##reg);			\
1473     return;							\
1474   case stpnum:							\
1475     prechk    							\
1476     {								\
1477 	TCGv addr = tcg_temp_new();				\
1478 	tcg_gen_subi_i32(addr, REG(B11_8), 4);			\
1479         tcg_gen_qemu_st_i32(cpu_##reg, addr, ctx->memidx, MO_TEUL); \
1480 	tcg_gen_mov_i32(REG(B11_8), addr);			\
1481 	tcg_temp_free(addr);					\
1482     }								\
1483     return;
1484 #define LDST(reg,ldnum,ldpnum,stnum,stpnum,prechk)		\
1485 	LD(reg,ldnum,ldpnum,prechk)				\
1486 	ST(reg,stnum,stpnum,prechk)
1487 	LDST(gbr,  0x401e, 0x4017, 0x0012, 0x4013, {})
1488 	LDST(vbr,  0x402e, 0x4027, 0x0022, 0x4023, CHECK_PRIVILEGED)
1489 	LDST(ssr,  0x403e, 0x4037, 0x0032, 0x4033, CHECK_PRIVILEGED)
1490 	LDST(spc,  0x404e, 0x4047, 0x0042, 0x4043, CHECK_PRIVILEGED)
1491 	ST(sgr,  0x003a, 0x4032, CHECK_PRIVILEGED)
1492         LD(sgr,  0x403a, 0x4036, CHECK_PRIVILEGED CHECK_SH4A)
1493 	LDST(dbr,  0x40fa, 0x40f6, 0x00fa, 0x40f2, CHECK_PRIVILEGED)
1494 	LDST(mach, 0x400a, 0x4006, 0x000a, 0x4002, {})
1495 	LDST(macl, 0x401a, 0x4016, 0x001a, 0x4012, {})
1496 	LDST(pr,   0x402a, 0x4026, 0x002a, 0x4022, {})
1497 	LDST(fpul, 0x405a, 0x4056, 0x005a, 0x4052, {CHECK_FPU_ENABLED})
1498     case 0x406a:		/* lds Rm,FPSCR */
1499 	CHECK_FPU_ENABLED
1500         gen_helper_ld_fpscr(cpu_env, REG(B11_8));
1501 	ctx->bstate = BS_STOP;
1502 	return;
1503     case 0x4066:		/* lds.l @Rm+,FPSCR */
1504 	CHECK_FPU_ENABLED
1505 	{
1506 	    TCGv addr = tcg_temp_new();
1507             tcg_gen_qemu_ld_i32(addr, REG(B11_8), ctx->memidx, MO_TESL);
1508 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1509             gen_helper_ld_fpscr(cpu_env, addr);
1510 	    tcg_temp_free(addr);
1511 	    ctx->bstate = BS_STOP;
1512 	}
1513 	return;
1514     case 0x006a:		/* sts FPSCR,Rn */
1515 	CHECK_FPU_ENABLED
1516 	tcg_gen_andi_i32(REG(B11_8), cpu_fpscr, 0x003fffff);
1517 	return;
1518     case 0x4062:		/* sts FPSCR,@-Rn */
1519 	CHECK_FPU_ENABLED
1520 	{
1521 	    TCGv addr, val;
1522 	    val = tcg_temp_new();
1523 	    tcg_gen_andi_i32(val, cpu_fpscr, 0x003fffff);
1524 	    addr = tcg_temp_new();
1525 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
1526             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_TEUL);
1527 	    tcg_gen_mov_i32(REG(B11_8), addr);
1528 	    tcg_temp_free(addr);
1529 	    tcg_temp_free(val);
1530 	}
1531 	return;
1532     case 0x00c3:		/* movca.l R0,@Rm */
1533         {
1534             TCGv val = tcg_temp_new();
1535             tcg_gen_qemu_ld_i32(val, REG(B11_8), ctx->memidx, MO_TEUL);
1536             gen_helper_movcal(cpu_env, REG(B11_8), val);
1537             tcg_gen_qemu_st_i32(REG(0), REG(B11_8), ctx->memidx, MO_TEUL);
1538         }
1539         ctx->has_movcal = 1;
1540 	return;
1541     case 0x40a9:                /* movua.l @Rm,R0 */
1542         CHECK_SH4A
1543         /* Load non-boundary-aligned data */
1544         tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx,
1545                             MO_TEUL | MO_UNALN);
1546         return;
1547         break;
1548     case 0x40e9:                /* movua.l @Rm+,R0 */
1549         CHECK_SH4A
1550         /* Load non-boundary-aligned data */
1551         tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx,
1552                             MO_TEUL | MO_UNALN);
1553         tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1554         return;
1555         break;
1556     case 0x0029:		/* movt Rn */
1557         tcg_gen_mov_i32(REG(B11_8), cpu_sr_t);
1558 	return;
1559     case 0x0073:
1560         /* MOVCO.L
1561 	       LDST -> T
1562                If (T == 1) R0 -> (Rn)
1563                0 -> LDST
1564         */
1565         CHECK_SH4A
1566         {
1567             TCGLabel *label = gen_new_label();
1568             tcg_gen_mov_i32(cpu_sr_t, cpu_ldst);
1569 	    tcg_gen_brcondi_i32(TCG_COND_EQ, cpu_ldst, 0, label);
1570             tcg_gen_qemu_st_i32(REG(0), REG(B11_8), ctx->memidx, MO_TEUL);
1571 	    gen_set_label(label);
1572 	    tcg_gen_movi_i32(cpu_ldst, 0);
1573 	    return;
1574         }
1575     case 0x0063:
1576         /* MOVLI.L @Rm,R0
1577                1 -> LDST
1578                (Rm) -> R0
1579                When interrupt/exception
1580                occurred 0 -> LDST
1581         */
1582         CHECK_SH4A
1583         tcg_gen_movi_i32(cpu_ldst, 0);
1584         tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx, MO_TESL);
1585         tcg_gen_movi_i32(cpu_ldst, 1);
1586         return;
1587     case 0x0093:		/* ocbi @Rn */
1588 	{
1589             gen_helper_ocbi(cpu_env, REG(B11_8));
1590 	}
1591 	return;
1592     case 0x00a3:		/* ocbp @Rn */
1593     case 0x00b3:		/* ocbwb @Rn */
1594         /* These instructions are supposed to do nothing in case of
1595            a cache miss. Given that we only partially emulate caches
1596            it is safe to simply ignore them. */
1597 	return;
1598     case 0x0083:		/* pref @Rn */
1599 	return;
1600     case 0x00d3:		/* prefi @Rn */
1601         CHECK_SH4A
1602         return;
1603     case 0x00e3:		/* icbi @Rn */
1604         CHECK_SH4A
1605         return;
1606     case 0x00ab:		/* synco */
1607         CHECK_SH4A
1608         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
1609         return;
1610         break;
1611     case 0x4024:		/* rotcl Rn */
1612 	{
1613 	    TCGv tmp = tcg_temp_new();
1614             tcg_gen_mov_i32(tmp, cpu_sr_t);
1615             tcg_gen_shri_i32(cpu_sr_t, REG(B11_8), 31);
1616 	    tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 1);
1617             tcg_gen_or_i32(REG(B11_8), REG(B11_8), tmp);
1618 	    tcg_temp_free(tmp);
1619 	}
1620 	return;
1621     case 0x4025:		/* rotcr Rn */
1622 	{
1623 	    TCGv tmp = tcg_temp_new();
1624             tcg_gen_shli_i32(tmp, cpu_sr_t, 31);
1625             tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 1);
1626 	    tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 1);
1627             tcg_gen_or_i32(REG(B11_8), REG(B11_8), tmp);
1628 	    tcg_temp_free(tmp);
1629 	}
1630 	return;
1631     case 0x4004:		/* rotl Rn */
1632 	tcg_gen_rotli_i32(REG(B11_8), REG(B11_8), 1);
1633         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 0);
1634 	return;
1635     case 0x4005:		/* rotr Rn */
1636         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 0);
1637 	tcg_gen_rotri_i32(REG(B11_8), REG(B11_8), 1);
1638 	return;
1639     case 0x4000:		/* shll Rn */
1640     case 0x4020:		/* shal Rn */
1641         tcg_gen_shri_i32(cpu_sr_t, REG(B11_8), 31);
1642 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 1);
1643 	return;
1644     case 0x4021:		/* shar Rn */
1645         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 1);
1646 	tcg_gen_sari_i32(REG(B11_8), REG(B11_8), 1);
1647 	return;
1648     case 0x4001:		/* shlr Rn */
1649         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 1);
1650 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 1);
1651 	return;
1652     case 0x4008:		/* shll2 Rn */
1653 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 2);
1654 	return;
1655     case 0x4018:		/* shll8 Rn */
1656 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 8);
1657 	return;
1658     case 0x4028:		/* shll16 Rn */
1659 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 16);
1660 	return;
1661     case 0x4009:		/* shlr2 Rn */
1662 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 2);
1663 	return;
1664     case 0x4019:		/* shlr8 Rn */
1665 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 8);
1666 	return;
1667     case 0x4029:		/* shlr16 Rn */
1668 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 16);
1669 	return;
1670     case 0x401b:		/* tas.b @Rn */
1671         {
1672             TCGv val = tcg_const_i32(0x80);
1673             tcg_gen_atomic_fetch_or_i32(val, REG(B11_8), val,
1674                                         ctx->memidx, MO_UB);
1675             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
1676             tcg_temp_free(val);
1677         }
1678         return;
1679     case 0xf00d: /* fsts FPUL,FRn - FPSCR: Nothing */
1680 	CHECK_FPU_ENABLED
1681         tcg_gen_mov_i32(FREG(B11_8), cpu_fpul);
1682 	return;
1683     case 0xf01d: /* flds FRm,FPUL - FPSCR: Nothing */
1684 	CHECK_FPU_ENABLED
1685         tcg_gen_mov_i32(cpu_fpul, FREG(B11_8));
1686 	return;
1687     case 0xf02d: /* float FPUL,FRn/DRn - FPSCR: R[PR,Enable.I]/W[Cause,Flag] */
1688 	CHECK_FPU_ENABLED
1689         if (ctx->tbflags & FPSCR_PR) {
1690 	    TCGv_i64 fp;
1691             if (ctx->opcode & 0x0100) {
1692                 goto do_illegal;
1693             }
1694 	    fp = tcg_temp_new_i64();
1695             gen_helper_float_DT(fp, cpu_env, cpu_fpul);
1696             gen_store_fpr64(ctx, fp, B11_8);
1697 	    tcg_temp_free_i64(fp);
1698 	}
1699 	else {
1700             gen_helper_float_FT(FREG(B11_8), cpu_env, cpu_fpul);
1701 	}
1702 	return;
1703     case 0xf03d: /* ftrc FRm/DRm,FPUL - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
1704 	CHECK_FPU_ENABLED
1705         if (ctx->tbflags & FPSCR_PR) {
1706 	    TCGv_i64 fp;
1707             if (ctx->opcode & 0x0100) {
1708                 goto do_illegal;
1709             }
1710 	    fp = tcg_temp_new_i64();
1711             gen_load_fpr64(ctx, fp, B11_8);
1712             gen_helper_ftrc_DT(cpu_fpul, cpu_env, fp);
1713 	    tcg_temp_free_i64(fp);
1714 	}
1715 	else {
1716             gen_helper_ftrc_FT(cpu_fpul, cpu_env, FREG(B11_8));
1717 	}
1718 	return;
1719     case 0xf04d: /* fneg FRn/DRn - FPSCR: Nothing */
1720 	CHECK_FPU_ENABLED
1721         tcg_gen_xori_i32(FREG(B11_8), FREG(B11_8), 0x80000000);
1722 	return;
1723     case 0xf05d: /* fabs FRn/DRn - FPCSR: Nothing */
1724 	CHECK_FPU_ENABLED
1725         tcg_gen_andi_i32(FREG(B11_8), FREG(B11_8), 0x7fffffff);
1726 	return;
1727     case 0xf06d: /* fsqrt FRn */
1728 	CHECK_FPU_ENABLED
1729         if (ctx->tbflags & FPSCR_PR) {
1730             if (ctx->opcode & 0x0100) {
1731                 goto do_illegal;
1732             }
1733 	    TCGv_i64 fp = tcg_temp_new_i64();
1734             gen_load_fpr64(ctx, fp, B11_8);
1735             gen_helper_fsqrt_DT(fp, cpu_env, fp);
1736             gen_store_fpr64(ctx, fp, B11_8);
1737 	    tcg_temp_free_i64(fp);
1738 	} else {
1739             gen_helper_fsqrt_FT(FREG(B11_8), cpu_env, FREG(B11_8));
1740 	}
1741 	return;
1742     case 0xf07d: /* fsrra FRn */
1743 	CHECK_FPU_ENABLED
1744         CHECK_FPSCR_PR_0
1745         gen_helper_fsrra_FT(FREG(B11_8), cpu_env, FREG(B11_8));
1746 	break;
1747     case 0xf08d: /* fldi0 FRn - FPSCR: R[PR] */
1748 	CHECK_FPU_ENABLED
1749         CHECK_FPSCR_PR_0
1750         tcg_gen_movi_i32(FREG(B11_8), 0);
1751         return;
1752     case 0xf09d: /* fldi1 FRn - FPSCR: R[PR] */
1753 	CHECK_FPU_ENABLED
1754         CHECK_FPSCR_PR_0
1755         tcg_gen_movi_i32(FREG(B11_8), 0x3f800000);
1756         return;
1757     case 0xf0ad: /* fcnvsd FPUL,DRn */
1758 	CHECK_FPU_ENABLED
1759 	{
1760 	    TCGv_i64 fp = tcg_temp_new_i64();
1761             gen_helper_fcnvsd_FT_DT(fp, cpu_env, cpu_fpul);
1762             gen_store_fpr64(ctx, fp, B11_8);
1763 	    tcg_temp_free_i64(fp);
1764 	}
1765 	return;
1766     case 0xf0bd: /* fcnvds DRn,FPUL */
1767 	CHECK_FPU_ENABLED
1768 	{
1769 	    TCGv_i64 fp = tcg_temp_new_i64();
1770             gen_load_fpr64(ctx, fp, B11_8);
1771             gen_helper_fcnvds_DT_FT(cpu_fpul, cpu_env, fp);
1772 	    tcg_temp_free_i64(fp);
1773 	}
1774 	return;
1775     case 0xf0ed: /* fipr FVm,FVn */
1776         CHECK_FPU_ENABLED
1777         CHECK_FPSCR_PR_1
1778         {
1779             TCGv m = tcg_const_i32((ctx->opcode >> 8) & 3);
1780             TCGv n = tcg_const_i32((ctx->opcode >> 10) & 3);
1781             gen_helper_fipr(cpu_env, m, n);
1782             tcg_temp_free(m);
1783             tcg_temp_free(n);
1784             return;
1785         }
1786         break;
1787     case 0xf0fd: /* ftrv XMTRX,FVn */
1788         CHECK_FPU_ENABLED
1789         CHECK_FPSCR_PR_1
1790         {
1791             if ((ctx->opcode & 0x0300) != 0x0100) {
1792                 goto do_illegal;
1793             }
1794             TCGv n = tcg_const_i32((ctx->opcode >> 10) & 3);
1795             gen_helper_ftrv(cpu_env, n);
1796             tcg_temp_free(n);
1797             return;
1798         }
1799         break;
1800     }
1801 #if 0
1802     fprintf(stderr, "unknown instruction 0x%04x at pc 0x%08x\n",
1803 	    ctx->opcode, ctx->pc);
1804     fflush(stderr);
1805 #endif
1806  do_illegal:
1807     if (ctx->envflags & DELAY_SLOT_MASK) {
1808  do_illegal_slot:
1809         gen_save_cpu_state(ctx, true);
1810         gen_helper_raise_slot_illegal_instruction(cpu_env);
1811     } else {
1812         gen_save_cpu_state(ctx, true);
1813         gen_helper_raise_illegal_instruction(cpu_env);
1814     }
1815     ctx->bstate = BS_EXCP;
1816     return;
1817 
1818  do_fpu_disabled:
1819     gen_save_cpu_state(ctx, true);
1820     if (ctx->envflags & DELAY_SLOT_MASK) {
1821         gen_helper_raise_slot_fpu_disable(cpu_env);
1822     } else {
1823         gen_helper_raise_fpu_disable(cpu_env);
1824     }
1825     ctx->bstate = BS_EXCP;
1826     return;
1827 }
1828 
1829 static void decode_opc(DisasContext * ctx)
1830 {
1831     uint32_t old_flags = ctx->envflags;
1832 
1833     _decode_opc(ctx);
1834 
1835     if (old_flags & DELAY_SLOT_MASK) {
1836         /* go out of the delay slot */
1837         ctx->envflags &= ~DELAY_SLOT_MASK;
1838 
1839         /* When in an exclusive region, we must continue to the end
1840            for conditional branches.  */
1841         if (ctx->tbflags & GUSA_EXCLUSIVE
1842             && old_flags & DELAY_SLOT_CONDITIONAL) {
1843             gen_delayed_conditional_jump(ctx);
1844             return;
1845         }
1846         /* Otherwise this is probably an invalid gUSA region.
1847            Drop the GUSA bits so the next TB doesn't see them.  */
1848         ctx->envflags &= ~GUSA_MASK;
1849 
1850         tcg_gen_movi_i32(cpu_flags, ctx->envflags);
1851         ctx->bstate = BS_BRANCH;
1852         if (old_flags & DELAY_SLOT_CONDITIONAL) {
1853 	    gen_delayed_conditional_jump(ctx);
1854         } else {
1855             gen_jump(ctx);
1856 	}
1857     }
1858 }
1859 
1860 #ifdef CONFIG_USER_ONLY
1861 /* For uniprocessors, SH4 uses optimistic restartable atomic sequences.
1862    Upon an interrupt, a real kernel would simply notice magic values in
1863    the registers and reset the PC to the start of the sequence.
1864 
1865    For QEMU, we cannot do this in quite the same way.  Instead, we notice
1866    the normal start of such a sequence (mov #-x,r15).  While we can handle
1867    any sequence via cpu_exec_step_atomic, we can recognize the "normal"
1868    sequences and transform them into atomic operations as seen by the host.
1869 */
1870 static int decode_gusa(DisasContext *ctx, CPUSH4State *env, int *pmax_insns)
1871 {
1872     uint16_t insns[5];
1873     int ld_adr, ld_dst, ld_mop;
1874     int op_dst, op_src, op_opc;
1875     int mv_src, mt_dst, st_src, st_mop;
1876     TCGv op_arg;
1877 
1878     uint32_t pc = ctx->pc;
1879     uint32_t pc_end = ctx->tb->cs_base;
1880     int backup = sextract32(ctx->tbflags, GUSA_SHIFT, 8);
1881     int max_insns = (pc_end - pc) / 2;
1882     int i;
1883 
1884     if (pc != pc_end + backup || max_insns < 2) {
1885         /* This is a malformed gUSA region.  Don't do anything special,
1886            since the interpreter is likely to get confused.  */
1887         ctx->envflags &= ~GUSA_MASK;
1888         return 0;
1889     }
1890 
1891     if (ctx->tbflags & GUSA_EXCLUSIVE) {
1892         /* Regardless of single-stepping or the end of the page,
1893            we must complete execution of the gUSA region while
1894            holding the exclusive lock.  */
1895         *pmax_insns = max_insns;
1896         return 0;
1897     }
1898 
1899     /* The state machine below will consume only a few insns.
1900        If there are more than that in a region, fail now.  */
1901     if (max_insns > ARRAY_SIZE(insns)) {
1902         goto fail;
1903     }
1904 
1905     /* Read all of the insns for the region.  */
1906     for (i = 0; i < max_insns; ++i) {
1907         insns[i] = cpu_lduw_code(env, pc + i * 2);
1908     }
1909 
1910     ld_adr = ld_dst = ld_mop = -1;
1911     mv_src = -1;
1912     op_dst = op_src = op_opc = -1;
1913     mt_dst = -1;
1914     st_src = st_mop = -1;
1915     TCGV_UNUSED(op_arg);
1916     i = 0;
1917 
1918 #define NEXT_INSN \
1919     do { if (i >= max_insns) goto fail; ctx->opcode = insns[i++]; } while (0)
1920 
1921     /*
1922      * Expect a load to begin the region.
1923      */
1924     NEXT_INSN;
1925     switch (ctx->opcode & 0xf00f) {
1926     case 0x6000: /* mov.b @Rm,Rn */
1927         ld_mop = MO_SB;
1928         break;
1929     case 0x6001: /* mov.w @Rm,Rn */
1930         ld_mop = MO_TESW;
1931         break;
1932     case 0x6002: /* mov.l @Rm,Rn */
1933         ld_mop = MO_TESL;
1934         break;
1935     default:
1936         goto fail;
1937     }
1938     ld_adr = B7_4;
1939     ld_dst = B11_8;
1940     if (ld_adr == ld_dst) {
1941         goto fail;
1942     }
1943     /* Unless we see a mov, any two-operand operation must use ld_dst.  */
1944     op_dst = ld_dst;
1945 
1946     /*
1947      * Expect an optional register move.
1948      */
1949     NEXT_INSN;
1950     switch (ctx->opcode & 0xf00f) {
1951     case 0x6003: /* mov Rm,Rn */
1952         /* Here we want to recognize ld_dst being saved for later consumtion,
1953            or for another input register being copied so that ld_dst need not
1954            be clobbered during the operation.  */
1955         op_dst = B11_8;
1956         mv_src = B7_4;
1957         if (op_dst == ld_dst) {
1958             /* Overwriting the load output.  */
1959             goto fail;
1960         }
1961         if (mv_src != ld_dst) {
1962             /* Copying a new input; constrain op_src to match the load.  */
1963             op_src = ld_dst;
1964         }
1965         break;
1966 
1967     default:
1968         /* Put back and re-examine as operation.  */
1969         --i;
1970     }
1971 
1972     /*
1973      * Expect the operation.
1974      */
1975     NEXT_INSN;
1976     switch (ctx->opcode & 0xf00f) {
1977     case 0x300c: /* add Rm,Rn */
1978         op_opc = INDEX_op_add_i32;
1979         goto do_reg_op;
1980     case 0x2009: /* and Rm,Rn */
1981         op_opc = INDEX_op_and_i32;
1982         goto do_reg_op;
1983     case 0x200a: /* xor Rm,Rn */
1984         op_opc = INDEX_op_xor_i32;
1985         goto do_reg_op;
1986     case 0x200b: /* or Rm,Rn */
1987         op_opc = INDEX_op_or_i32;
1988     do_reg_op:
1989         /* The operation register should be as expected, and the
1990            other input cannot depend on the load.  */
1991         if (op_dst != B11_8) {
1992             goto fail;
1993         }
1994         if (op_src < 0) {
1995             /* Unconstrainted input.  */
1996             op_src = B7_4;
1997         } else if (op_src == B7_4) {
1998             /* Constrained input matched load.  All operations are
1999                commutative; "swap" them by "moving" the load output
2000                to the (implicit) first argument and the move source
2001                to the (explicit) second argument.  */
2002             op_src = mv_src;
2003         } else {
2004             goto fail;
2005         }
2006         op_arg = REG(op_src);
2007         break;
2008 
2009     case 0x6007: /* not Rm,Rn */
2010         if (ld_dst != B7_4 || mv_src >= 0) {
2011             goto fail;
2012         }
2013         op_dst = B11_8;
2014         op_opc = INDEX_op_xor_i32;
2015         op_arg = tcg_const_i32(-1);
2016         break;
2017 
2018     case 0x7000 ... 0x700f: /* add #imm,Rn */
2019         if (op_dst != B11_8 || mv_src >= 0) {
2020             goto fail;
2021         }
2022         op_opc = INDEX_op_add_i32;
2023         op_arg = tcg_const_i32(B7_0s);
2024         break;
2025 
2026     case 0x3000: /* cmp/eq Rm,Rn */
2027         /* Looking for the middle of a compare-and-swap sequence,
2028            beginning with the compare.  Operands can be either order,
2029            but with only one overlapping the load.  */
2030         if ((ld_dst == B11_8) + (ld_dst == B7_4) != 1 || mv_src >= 0) {
2031             goto fail;
2032         }
2033         op_opc = INDEX_op_setcond_i32;  /* placeholder */
2034         op_src = (ld_dst == B11_8 ? B7_4 : B11_8);
2035         op_arg = REG(op_src);
2036 
2037         NEXT_INSN;
2038         switch (ctx->opcode & 0xff00) {
2039         case 0x8b00: /* bf label */
2040         case 0x8f00: /* bf/s label */
2041             if (pc + (i + 1 + B7_0s) * 2 != pc_end) {
2042                 goto fail;
2043             }
2044             if ((ctx->opcode & 0xff00) == 0x8b00) { /* bf label */
2045                 break;
2046             }
2047             /* We're looking to unconditionally modify Rn with the
2048                result of the comparison, within the delay slot of
2049                the branch.  This is used by older gcc.  */
2050             NEXT_INSN;
2051             if ((ctx->opcode & 0xf0ff) == 0x0029) { /* movt Rn */
2052                 mt_dst = B11_8;
2053             } else {
2054                 goto fail;
2055             }
2056             break;
2057 
2058         default:
2059             goto fail;
2060         }
2061         break;
2062 
2063     case 0x2008: /* tst Rm,Rn */
2064         /* Looking for a compare-and-swap against zero.  */
2065         if (ld_dst != B11_8 || ld_dst != B7_4 || mv_src >= 0) {
2066             goto fail;
2067         }
2068         op_opc = INDEX_op_setcond_i32;
2069         op_arg = tcg_const_i32(0);
2070 
2071         NEXT_INSN;
2072         if ((ctx->opcode & 0xff00) != 0x8900 /* bt label */
2073             || pc + (i + 1 + B7_0s) * 2 != pc_end) {
2074             goto fail;
2075         }
2076         break;
2077 
2078     default:
2079         /* Put back and re-examine as store.  */
2080         --i;
2081     }
2082 
2083     /*
2084      * Expect the store.
2085      */
2086     /* The store must be the last insn.  */
2087     if (i != max_insns - 1) {
2088         goto fail;
2089     }
2090     NEXT_INSN;
2091     switch (ctx->opcode & 0xf00f) {
2092     case 0x2000: /* mov.b Rm,@Rn */
2093         st_mop = MO_UB;
2094         break;
2095     case 0x2001: /* mov.w Rm,@Rn */
2096         st_mop = MO_UW;
2097         break;
2098     case 0x2002: /* mov.l Rm,@Rn */
2099         st_mop = MO_UL;
2100         break;
2101     default:
2102         goto fail;
2103     }
2104     /* The store must match the load.  */
2105     if (ld_adr != B11_8 || st_mop != (ld_mop & MO_SIZE)) {
2106         goto fail;
2107     }
2108     st_src = B7_4;
2109 
2110 #undef NEXT_INSN
2111 
2112     /*
2113      * Emit the operation.
2114      */
2115     tcg_gen_insn_start(pc, ctx->envflags);
2116     switch (op_opc) {
2117     case -1:
2118         /* No operation found.  Look for exchange pattern.  */
2119         if (st_src == ld_dst || mv_src >= 0) {
2120             goto fail;
2121         }
2122         tcg_gen_atomic_xchg_i32(REG(ld_dst), REG(ld_adr), REG(st_src),
2123                                 ctx->memidx, ld_mop);
2124         break;
2125 
2126     case INDEX_op_add_i32:
2127         if (op_dst != st_src) {
2128             goto fail;
2129         }
2130         if (op_dst == ld_dst && st_mop == MO_UL) {
2131             tcg_gen_atomic_add_fetch_i32(REG(ld_dst), REG(ld_adr),
2132                                          op_arg, ctx->memidx, ld_mop);
2133         } else {
2134             tcg_gen_atomic_fetch_add_i32(REG(ld_dst), REG(ld_adr),
2135                                          op_arg, ctx->memidx, ld_mop);
2136             if (op_dst != ld_dst) {
2137                 /* Note that mop sizes < 4 cannot use add_fetch
2138                    because it won't carry into the higher bits.  */
2139                 tcg_gen_add_i32(REG(op_dst), REG(ld_dst), op_arg);
2140             }
2141         }
2142         break;
2143 
2144     case INDEX_op_and_i32:
2145         if (op_dst != st_src) {
2146             goto fail;
2147         }
2148         if (op_dst == ld_dst) {
2149             tcg_gen_atomic_and_fetch_i32(REG(ld_dst), REG(ld_adr),
2150                                          op_arg, ctx->memidx, ld_mop);
2151         } else {
2152             tcg_gen_atomic_fetch_and_i32(REG(ld_dst), REG(ld_adr),
2153                                          op_arg, ctx->memidx, ld_mop);
2154             tcg_gen_and_i32(REG(op_dst), REG(ld_dst), op_arg);
2155         }
2156         break;
2157 
2158     case INDEX_op_or_i32:
2159         if (op_dst != st_src) {
2160             goto fail;
2161         }
2162         if (op_dst == ld_dst) {
2163             tcg_gen_atomic_or_fetch_i32(REG(ld_dst), REG(ld_adr),
2164                                         op_arg, ctx->memidx, ld_mop);
2165         } else {
2166             tcg_gen_atomic_fetch_or_i32(REG(ld_dst), REG(ld_adr),
2167                                         op_arg, ctx->memidx, ld_mop);
2168             tcg_gen_or_i32(REG(op_dst), REG(ld_dst), op_arg);
2169         }
2170         break;
2171 
2172     case INDEX_op_xor_i32:
2173         if (op_dst != st_src) {
2174             goto fail;
2175         }
2176         if (op_dst == ld_dst) {
2177             tcg_gen_atomic_xor_fetch_i32(REG(ld_dst), REG(ld_adr),
2178                                          op_arg, ctx->memidx, ld_mop);
2179         } else {
2180             tcg_gen_atomic_fetch_xor_i32(REG(ld_dst), REG(ld_adr),
2181                                          op_arg, ctx->memidx, ld_mop);
2182             tcg_gen_xor_i32(REG(op_dst), REG(ld_dst), op_arg);
2183         }
2184         break;
2185 
2186     case INDEX_op_setcond_i32:
2187         if (st_src == ld_dst) {
2188             goto fail;
2189         }
2190         tcg_gen_atomic_cmpxchg_i32(REG(ld_dst), REG(ld_adr), op_arg,
2191                                    REG(st_src), ctx->memidx, ld_mop);
2192         tcg_gen_setcond_i32(TCG_COND_EQ, cpu_sr_t, REG(ld_dst), op_arg);
2193         if (mt_dst >= 0) {
2194             tcg_gen_mov_i32(REG(mt_dst), cpu_sr_t);
2195         }
2196         break;
2197 
2198     default:
2199         g_assert_not_reached();
2200     }
2201 
2202     /* If op_src is not a valid register, then op_arg was a constant.  */
2203     if (op_src < 0) {
2204         tcg_temp_free_i32(op_arg);
2205     }
2206 
2207     /* The entire region has been translated.  */
2208     ctx->envflags &= ~GUSA_MASK;
2209     ctx->pc = pc_end;
2210     return max_insns;
2211 
2212  fail:
2213     qemu_log_mask(LOG_UNIMP, "Unrecognized gUSA sequence %08x-%08x\n",
2214                   pc, pc_end);
2215 
2216     /* Restart with the EXCLUSIVE bit set, within a TB run via
2217        cpu_exec_step_atomic holding the exclusive lock.  */
2218     tcg_gen_insn_start(pc, ctx->envflags);
2219     ctx->envflags |= GUSA_EXCLUSIVE;
2220     gen_save_cpu_state(ctx, false);
2221     gen_helper_exclusive(cpu_env);
2222     ctx->bstate = BS_EXCP;
2223 
2224     /* We're not executing an instruction, but we must report one for the
2225        purposes of accounting within the TB.  We might as well report the
2226        entire region consumed via ctx->pc so that it's immediately available
2227        in the disassembly dump.  */
2228     ctx->pc = pc_end;
2229     return 1;
2230 }
2231 #endif
2232 
2233 void gen_intermediate_code(CPUSH4State * env, struct TranslationBlock *tb)
2234 {
2235     SuperHCPU *cpu = sh_env_get_cpu(env);
2236     CPUState *cs = CPU(cpu);
2237     DisasContext ctx;
2238     target_ulong pc_start;
2239     int num_insns;
2240     int max_insns;
2241 
2242     pc_start = tb->pc;
2243     ctx.pc = pc_start;
2244     ctx.tbflags = (uint32_t)tb->flags;
2245     ctx.envflags = tb->flags & TB_FLAG_ENVFLAGS_MASK;
2246     ctx.bstate = BS_NONE;
2247     ctx.memidx = (ctx.tbflags & (1u << SR_MD)) == 0 ? 1 : 0;
2248     /* We don't know if the delayed pc came from a dynamic or static branch,
2249        so assume it is a dynamic branch.  */
2250     ctx.delayed_pc = -1; /* use delayed pc from env pointer */
2251     ctx.tb = tb;
2252     ctx.singlestep_enabled = cs->singlestep_enabled;
2253     ctx.features = env->features;
2254     ctx.has_movcal = (ctx.tbflags & TB_FLAG_PENDING_MOVCA);
2255     ctx.gbank = ((ctx.tbflags & (1 << SR_MD)) &&
2256                  (ctx.tbflags & (1 << SR_RB))) * 0x10;
2257     ctx.fbank = ctx.tbflags & FPSCR_FR ? 0x10 : 0;
2258 
2259     max_insns = tb->cflags & CF_COUNT_MASK;
2260     if (max_insns == 0) {
2261         max_insns = CF_COUNT_MASK;
2262     }
2263     max_insns = MIN(max_insns, TCG_MAX_INSNS);
2264 
2265     /* Since the ISA is fixed-width, we can bound by the number
2266        of instructions remaining on the page.  */
2267     num_insns = -(ctx.pc | TARGET_PAGE_MASK) / 2;
2268     max_insns = MIN(max_insns, num_insns);
2269 
2270     /* Single stepping means just that.  */
2271     if (ctx.singlestep_enabled || singlestep) {
2272         max_insns = 1;
2273     }
2274 
2275     gen_tb_start(tb);
2276     num_insns = 0;
2277 
2278 #ifdef CONFIG_USER_ONLY
2279     if (ctx.tbflags & GUSA_MASK) {
2280         num_insns = decode_gusa(&ctx, env, &max_insns);
2281     }
2282 #endif
2283 
2284     while (ctx.bstate == BS_NONE
2285            && num_insns < max_insns
2286            && !tcg_op_buf_full()) {
2287         tcg_gen_insn_start(ctx.pc, ctx.envflags);
2288         num_insns++;
2289 
2290         if (unlikely(cpu_breakpoint_test(cs, ctx.pc, BP_ANY))) {
2291             /* We have hit a breakpoint - make sure PC is up-to-date */
2292             gen_save_cpu_state(&ctx, true);
2293             gen_helper_debug(cpu_env);
2294             ctx.bstate = BS_EXCP;
2295             /* The address covered by the breakpoint must be included in
2296                [tb->pc, tb->pc + tb->size) in order to for it to be
2297                properly cleared -- thus we increment the PC here so that
2298                the logic setting tb->size below does the right thing.  */
2299             ctx.pc += 2;
2300             break;
2301         }
2302 
2303         if (num_insns == max_insns && (tb->cflags & CF_LAST_IO)) {
2304             gen_io_start();
2305         }
2306 
2307         ctx.opcode = cpu_lduw_code(env, ctx.pc);
2308 	decode_opc(&ctx);
2309 	ctx.pc += 2;
2310     }
2311     if (tb->cflags & CF_LAST_IO) {
2312         gen_io_end();
2313     }
2314 
2315     if (ctx.tbflags & GUSA_EXCLUSIVE) {
2316         /* Ending the region of exclusivity.  Clear the bits.  */
2317         ctx.envflags &= ~GUSA_MASK;
2318     }
2319 
2320     if (cs->singlestep_enabled) {
2321         gen_save_cpu_state(&ctx, true);
2322         gen_helper_debug(cpu_env);
2323     } else {
2324 	switch (ctx.bstate) {
2325         case BS_STOP:
2326             gen_save_cpu_state(&ctx, true);
2327             tcg_gen_exit_tb(0);
2328             break;
2329         case BS_NONE:
2330             gen_save_cpu_state(&ctx, false);
2331             gen_goto_tb(&ctx, 0, ctx.pc);
2332             break;
2333         case BS_EXCP:
2334             /* fall through */
2335         case BS_BRANCH:
2336         default:
2337             break;
2338 	}
2339     }
2340 
2341     gen_tb_end(tb, num_insns);
2342 
2343     tb->size = ctx.pc - pc_start;
2344     tb->icount = num_insns;
2345 
2346 #ifdef DEBUG_DISAS
2347     if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM)
2348         && qemu_log_in_addr_range(pc_start)) {
2349         qemu_log_lock();
2350 	qemu_log("IN:\n");	/* , lookup_symbol(pc_start)); */
2351         log_target_disas(cs, pc_start, ctx.pc - pc_start, 0);
2352 	qemu_log("\n");
2353         qemu_log_unlock();
2354     }
2355 #endif
2356 }
2357 
2358 void restore_state_to_opc(CPUSH4State *env, TranslationBlock *tb,
2359                           target_ulong *data)
2360 {
2361     env->pc = data[0];
2362     env->flags = data[1];
2363     /* Theoretically delayed_pc should also be restored. In practice the
2364        branch instruction is re-executed after exception, so the delayed
2365        branch target will be recomputed. */
2366 }
2367