xref: /openbmc/qemu/target/sh4/translate.c (revision a95570e3)
1 /*
2  *  SH4 translation
3  *
4  *  Copyright (c) 2005 Samuel Tardieu
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #define DEBUG_DISAS
21 
22 #include "qemu/osdep.h"
23 #include "cpu.h"
24 #include "disas/disas.h"
25 #include "exec/exec-all.h"
26 #include "tcg/tcg-op.h"
27 #include "exec/cpu_ldst.h"
28 #include "exec/helper-proto.h"
29 #include "exec/helper-gen.h"
30 #include "exec/translator.h"
31 #include "exec/log.h"
32 #include "qemu/qemu-print.h"
33 
34 
35 typedef struct DisasContext {
36     DisasContextBase base;
37 
38     uint32_t tbflags;  /* should stay unmodified during the TB translation */
39     uint32_t envflags; /* should stay in sync with env->flags using TCG ops */
40     int memidx;
41     int gbank;
42     int fbank;
43     uint32_t delayed_pc;
44     uint32_t features;
45 
46     uint16_t opcode;
47 
48     bool has_movcal;
49 } DisasContext;
50 
51 #if defined(CONFIG_USER_ONLY)
52 #define IS_USER(ctx) 1
53 #define UNALIGN(C)   (ctx->tbflags & TB_FLAG_UNALIGN ? MO_UNALN : MO_ALIGN)
54 #else
55 #define IS_USER(ctx) (!(ctx->tbflags & (1u << SR_MD)))
56 #define UNALIGN(C)   0
57 #endif
58 
59 /* Target-specific values for ctx->base.is_jmp.  */
60 /* We want to exit back to the cpu loop for some reason.
61    Usually this is to recognize interrupts immediately.  */
62 #define DISAS_STOP    DISAS_TARGET_0
63 
64 /* global register indexes */
65 static TCGv cpu_gregs[32];
66 static TCGv cpu_sr, cpu_sr_m, cpu_sr_q, cpu_sr_t;
67 static TCGv cpu_pc, cpu_ssr, cpu_spc, cpu_gbr;
68 static TCGv cpu_vbr, cpu_sgr, cpu_dbr, cpu_mach, cpu_macl;
69 static TCGv cpu_pr, cpu_fpscr, cpu_fpul;
70 static TCGv cpu_lock_addr, cpu_lock_value;
71 static TCGv cpu_fregs[32];
72 
73 /* internal register indexes */
74 static TCGv cpu_flags, cpu_delayed_pc, cpu_delayed_cond;
75 
76 #include "exec/gen-icount.h"
77 
78 void sh4_translate_init(void)
79 {
80     int i;
81     static const char * const gregnames[24] = {
82         "R0_BANK0", "R1_BANK0", "R2_BANK0", "R3_BANK0",
83         "R4_BANK0", "R5_BANK0", "R6_BANK0", "R7_BANK0",
84         "R8", "R9", "R10", "R11", "R12", "R13", "R14", "R15",
85         "R0_BANK1", "R1_BANK1", "R2_BANK1", "R3_BANK1",
86         "R4_BANK1", "R5_BANK1", "R6_BANK1", "R7_BANK1"
87     };
88     static const char * const fregnames[32] = {
89          "FPR0_BANK0",  "FPR1_BANK0",  "FPR2_BANK0",  "FPR3_BANK0",
90          "FPR4_BANK0",  "FPR5_BANK0",  "FPR6_BANK0",  "FPR7_BANK0",
91          "FPR8_BANK0",  "FPR9_BANK0", "FPR10_BANK0", "FPR11_BANK0",
92         "FPR12_BANK0", "FPR13_BANK0", "FPR14_BANK0", "FPR15_BANK0",
93          "FPR0_BANK1",  "FPR1_BANK1",  "FPR2_BANK1",  "FPR3_BANK1",
94          "FPR4_BANK1",  "FPR5_BANK1",  "FPR6_BANK1",  "FPR7_BANK1",
95          "FPR8_BANK1",  "FPR9_BANK1", "FPR10_BANK1", "FPR11_BANK1",
96         "FPR12_BANK1", "FPR13_BANK1", "FPR14_BANK1", "FPR15_BANK1",
97     };
98 
99     for (i = 0; i < 24; i++) {
100         cpu_gregs[i] = tcg_global_mem_new_i32(cpu_env,
101                                               offsetof(CPUSH4State, gregs[i]),
102                                               gregnames[i]);
103     }
104     memcpy(cpu_gregs + 24, cpu_gregs + 8, 8 * sizeof(TCGv));
105 
106     cpu_pc = tcg_global_mem_new_i32(cpu_env,
107                                     offsetof(CPUSH4State, pc), "PC");
108     cpu_sr = tcg_global_mem_new_i32(cpu_env,
109                                     offsetof(CPUSH4State, sr), "SR");
110     cpu_sr_m = tcg_global_mem_new_i32(cpu_env,
111                                       offsetof(CPUSH4State, sr_m), "SR_M");
112     cpu_sr_q = tcg_global_mem_new_i32(cpu_env,
113                                       offsetof(CPUSH4State, sr_q), "SR_Q");
114     cpu_sr_t = tcg_global_mem_new_i32(cpu_env,
115                                       offsetof(CPUSH4State, sr_t), "SR_T");
116     cpu_ssr = tcg_global_mem_new_i32(cpu_env,
117                                      offsetof(CPUSH4State, ssr), "SSR");
118     cpu_spc = tcg_global_mem_new_i32(cpu_env,
119                                      offsetof(CPUSH4State, spc), "SPC");
120     cpu_gbr = tcg_global_mem_new_i32(cpu_env,
121                                      offsetof(CPUSH4State, gbr), "GBR");
122     cpu_vbr = tcg_global_mem_new_i32(cpu_env,
123                                      offsetof(CPUSH4State, vbr), "VBR");
124     cpu_sgr = tcg_global_mem_new_i32(cpu_env,
125                                      offsetof(CPUSH4State, sgr), "SGR");
126     cpu_dbr = tcg_global_mem_new_i32(cpu_env,
127                                      offsetof(CPUSH4State, dbr), "DBR");
128     cpu_mach = tcg_global_mem_new_i32(cpu_env,
129                                       offsetof(CPUSH4State, mach), "MACH");
130     cpu_macl = tcg_global_mem_new_i32(cpu_env,
131                                       offsetof(CPUSH4State, macl), "MACL");
132     cpu_pr = tcg_global_mem_new_i32(cpu_env,
133                                     offsetof(CPUSH4State, pr), "PR");
134     cpu_fpscr = tcg_global_mem_new_i32(cpu_env,
135                                        offsetof(CPUSH4State, fpscr), "FPSCR");
136     cpu_fpul = tcg_global_mem_new_i32(cpu_env,
137                                       offsetof(CPUSH4State, fpul), "FPUL");
138 
139     cpu_flags = tcg_global_mem_new_i32(cpu_env,
140 				       offsetof(CPUSH4State, flags), "_flags_");
141     cpu_delayed_pc = tcg_global_mem_new_i32(cpu_env,
142 					    offsetof(CPUSH4State, delayed_pc),
143 					    "_delayed_pc_");
144     cpu_delayed_cond = tcg_global_mem_new_i32(cpu_env,
145                                               offsetof(CPUSH4State,
146                                                        delayed_cond),
147                                               "_delayed_cond_");
148     cpu_lock_addr = tcg_global_mem_new_i32(cpu_env,
149                                            offsetof(CPUSH4State, lock_addr),
150                                            "_lock_addr_");
151     cpu_lock_value = tcg_global_mem_new_i32(cpu_env,
152                                             offsetof(CPUSH4State, lock_value),
153                                             "_lock_value_");
154 
155     for (i = 0; i < 32; i++)
156         cpu_fregs[i] = tcg_global_mem_new_i32(cpu_env,
157                                               offsetof(CPUSH4State, fregs[i]),
158                                               fregnames[i]);
159 }
160 
161 void superh_cpu_dump_state(CPUState *cs, FILE *f, int flags)
162 {
163     SuperHCPU *cpu = SUPERH_CPU(cs);
164     CPUSH4State *env = &cpu->env;
165     int i;
166 
167     qemu_fprintf(f, "pc=0x%08x sr=0x%08x pr=0x%08x fpscr=0x%08x\n",
168                  env->pc, cpu_read_sr(env), env->pr, env->fpscr);
169     qemu_fprintf(f, "spc=0x%08x ssr=0x%08x gbr=0x%08x vbr=0x%08x\n",
170                  env->spc, env->ssr, env->gbr, env->vbr);
171     qemu_fprintf(f, "sgr=0x%08x dbr=0x%08x delayed_pc=0x%08x fpul=0x%08x\n",
172                  env->sgr, env->dbr, env->delayed_pc, env->fpul);
173     for (i = 0; i < 24; i += 4) {
174         qemu_printf("r%d=0x%08x r%d=0x%08x r%d=0x%08x r%d=0x%08x\n",
175 		    i, env->gregs[i], i + 1, env->gregs[i + 1],
176 		    i + 2, env->gregs[i + 2], i + 3, env->gregs[i + 3]);
177     }
178     if (env->flags & TB_FLAG_DELAY_SLOT) {
179         qemu_printf("in delay slot (delayed_pc=0x%08x)\n",
180 		    env->delayed_pc);
181     } else if (env->flags & TB_FLAG_DELAY_SLOT_COND) {
182         qemu_printf("in conditional delay slot (delayed_pc=0x%08x)\n",
183 		    env->delayed_pc);
184     } else if (env->flags & TB_FLAG_DELAY_SLOT_RTE) {
185         qemu_fprintf(f, "in rte delay slot (delayed_pc=0x%08x)\n",
186                      env->delayed_pc);
187     }
188 }
189 
190 static void gen_read_sr(TCGv dst)
191 {
192     TCGv t0 = tcg_temp_new();
193     tcg_gen_shli_i32(t0, cpu_sr_q, SR_Q);
194     tcg_gen_or_i32(dst, dst, t0);
195     tcg_gen_shli_i32(t0, cpu_sr_m, SR_M);
196     tcg_gen_or_i32(dst, dst, t0);
197     tcg_gen_shli_i32(t0, cpu_sr_t, SR_T);
198     tcg_gen_or_i32(dst, cpu_sr, t0);
199     tcg_temp_free_i32(t0);
200 }
201 
202 static void gen_write_sr(TCGv src)
203 {
204     tcg_gen_andi_i32(cpu_sr, src,
205                      ~((1u << SR_Q) | (1u << SR_M) | (1u << SR_T)));
206     tcg_gen_extract_i32(cpu_sr_q, src, SR_Q, 1);
207     tcg_gen_extract_i32(cpu_sr_m, src, SR_M, 1);
208     tcg_gen_extract_i32(cpu_sr_t, src, SR_T, 1);
209 }
210 
211 static inline void gen_save_cpu_state(DisasContext *ctx, bool save_pc)
212 {
213     if (save_pc) {
214         tcg_gen_movi_i32(cpu_pc, ctx->base.pc_next);
215     }
216     if (ctx->delayed_pc != (uint32_t) -1) {
217         tcg_gen_movi_i32(cpu_delayed_pc, ctx->delayed_pc);
218     }
219     if ((ctx->tbflags & TB_FLAG_ENVFLAGS_MASK) != ctx->envflags) {
220         tcg_gen_movi_i32(cpu_flags, ctx->envflags);
221     }
222 }
223 
224 static inline bool use_exit_tb(DisasContext *ctx)
225 {
226     return (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) != 0;
227 }
228 
229 static bool use_goto_tb(DisasContext *ctx, target_ulong dest)
230 {
231     if (use_exit_tb(ctx)) {
232         return false;
233     }
234     return translator_use_goto_tb(&ctx->base, dest);
235 }
236 
237 static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
238 {
239     if (use_goto_tb(ctx, dest)) {
240         tcg_gen_goto_tb(n);
241         tcg_gen_movi_i32(cpu_pc, dest);
242         tcg_gen_exit_tb(ctx->base.tb, n);
243     } else {
244         tcg_gen_movi_i32(cpu_pc, dest);
245         if (use_exit_tb(ctx)) {
246             tcg_gen_exit_tb(NULL, 0);
247         } else {
248             tcg_gen_lookup_and_goto_ptr();
249         }
250     }
251     ctx->base.is_jmp = DISAS_NORETURN;
252 }
253 
254 static void gen_jump(DisasContext * ctx)
255 {
256     if (ctx->delayed_pc == -1) {
257 	/* Target is not statically known, it comes necessarily from a
258 	   delayed jump as immediate jump are conditinal jumps */
259 	tcg_gen_mov_i32(cpu_pc, cpu_delayed_pc);
260         tcg_gen_discard_i32(cpu_delayed_pc);
261         if (use_exit_tb(ctx)) {
262             tcg_gen_exit_tb(NULL, 0);
263         } else {
264             tcg_gen_lookup_and_goto_ptr();
265         }
266         ctx->base.is_jmp = DISAS_NORETURN;
267     } else {
268 	gen_goto_tb(ctx, 0, ctx->delayed_pc);
269     }
270 }
271 
272 /* Immediate conditional jump (bt or bf) */
273 static void gen_conditional_jump(DisasContext *ctx, target_ulong dest,
274                                  bool jump_if_true)
275 {
276     TCGLabel *l1 = gen_new_label();
277     TCGCond cond_not_taken = jump_if_true ? TCG_COND_EQ : TCG_COND_NE;
278 
279     if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
280         /* When in an exclusive region, we must continue to the end.
281            Therefore, exit the region on a taken branch, but otherwise
282            fall through to the next instruction.  */
283         tcg_gen_brcondi_i32(cond_not_taken, cpu_sr_t, 0, l1);
284         tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~TB_FLAG_GUSA_MASK);
285         /* Note that this won't actually use a goto_tb opcode because we
286            disallow it in use_goto_tb, but it handles exit + singlestep.  */
287         gen_goto_tb(ctx, 0, dest);
288         gen_set_label(l1);
289         ctx->base.is_jmp = DISAS_NEXT;
290         return;
291     }
292 
293     gen_save_cpu_state(ctx, false);
294     tcg_gen_brcondi_i32(cond_not_taken, cpu_sr_t, 0, l1);
295     gen_goto_tb(ctx, 0, dest);
296     gen_set_label(l1);
297     gen_goto_tb(ctx, 1, ctx->base.pc_next + 2);
298     ctx->base.is_jmp = DISAS_NORETURN;
299 }
300 
301 /* Delayed conditional jump (bt or bf) */
302 static void gen_delayed_conditional_jump(DisasContext * ctx)
303 {
304     TCGLabel *l1 = gen_new_label();
305     TCGv ds = tcg_temp_new();
306 
307     tcg_gen_mov_i32(ds, cpu_delayed_cond);
308     tcg_gen_discard_i32(cpu_delayed_cond);
309 
310     if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
311         /* When in an exclusive region, we must continue to the end.
312            Therefore, exit the region on a taken branch, but otherwise
313            fall through to the next instruction.  */
314         tcg_gen_brcondi_i32(TCG_COND_EQ, ds, 0, l1);
315 
316         /* Leave the gUSA region.  */
317         tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~TB_FLAG_GUSA_MASK);
318         gen_jump(ctx);
319 
320         gen_set_label(l1);
321         ctx->base.is_jmp = DISAS_NEXT;
322         return;
323     }
324 
325     tcg_gen_brcondi_i32(TCG_COND_NE, ds, 0, l1);
326     gen_goto_tb(ctx, 1, ctx->base.pc_next + 2);
327     gen_set_label(l1);
328     gen_jump(ctx);
329 }
330 
331 static inline void gen_load_fpr64(DisasContext *ctx, TCGv_i64 t, int reg)
332 {
333     /* We have already signaled illegal instruction for odd Dr.  */
334     tcg_debug_assert((reg & 1) == 0);
335     reg ^= ctx->fbank;
336     tcg_gen_concat_i32_i64(t, cpu_fregs[reg + 1], cpu_fregs[reg]);
337 }
338 
339 static inline void gen_store_fpr64(DisasContext *ctx, TCGv_i64 t, int reg)
340 {
341     /* We have already signaled illegal instruction for odd Dr.  */
342     tcg_debug_assert((reg & 1) == 0);
343     reg ^= ctx->fbank;
344     tcg_gen_extr_i64_i32(cpu_fregs[reg + 1], cpu_fregs[reg], t);
345 }
346 
347 #define B3_0 (ctx->opcode & 0xf)
348 #define B6_4 ((ctx->opcode >> 4) & 0x7)
349 #define B7_4 ((ctx->opcode >> 4) & 0xf)
350 #define B7_0 (ctx->opcode & 0xff)
351 #define B7_0s ((int32_t) (int8_t) (ctx->opcode & 0xff))
352 #define B11_0s (ctx->opcode & 0x800 ? 0xfffff000 | (ctx->opcode & 0xfff) : \
353   (ctx->opcode & 0xfff))
354 #define B11_8 ((ctx->opcode >> 8) & 0xf)
355 #define B15_12 ((ctx->opcode >> 12) & 0xf)
356 
357 #define REG(x)     cpu_gregs[(x) ^ ctx->gbank]
358 #define ALTREG(x)  cpu_gregs[(x) ^ ctx->gbank ^ 0x10]
359 #define FREG(x)    cpu_fregs[(x) ^ ctx->fbank]
360 
361 #define XHACK(x) ((((x) & 1 ) << 4) | ((x) & 0xe))
362 
363 #define CHECK_NOT_DELAY_SLOT \
364     if (ctx->envflags & TB_FLAG_DELAY_SLOT_MASK) {  \
365         goto do_illegal_slot;                       \
366     }
367 
368 #define CHECK_PRIVILEGED \
369     if (IS_USER(ctx)) {                     \
370         goto do_illegal;                    \
371     }
372 
373 #define CHECK_FPU_ENABLED \
374     if (ctx->tbflags & (1u << SR_FD)) {     \
375         goto do_fpu_disabled;               \
376     }
377 
378 #define CHECK_FPSCR_PR_0 \
379     if (ctx->tbflags & FPSCR_PR) {          \
380         goto do_illegal;                    \
381     }
382 
383 #define CHECK_FPSCR_PR_1 \
384     if (!(ctx->tbflags & FPSCR_PR)) {       \
385         goto do_illegal;                    \
386     }
387 
388 #define CHECK_SH4A \
389     if (!(ctx->features & SH_FEATURE_SH4A)) { \
390         goto do_illegal;                      \
391     }
392 
393 static void _decode_opc(DisasContext * ctx)
394 {
395     /* This code tries to make movcal emulation sufficiently
396        accurate for Linux purposes.  This instruction writes
397        memory, and prior to that, always allocates a cache line.
398        It is used in two contexts:
399        - in memcpy, where data is copied in blocks, the first write
400        of to a block uses movca.l for performance.
401        - in arch/sh/mm/cache-sh4.c, movcal.l + ocbi combination is used
402        to flush the cache. Here, the data written by movcal.l is never
403        written to memory, and the data written is just bogus.
404 
405        To simulate this, we simulate movcal.l, we store the value to memory,
406        but we also remember the previous content. If we see ocbi, we check
407        if movcal.l for that address was done previously. If so, the write should
408        not have hit the memory, so we restore the previous content.
409        When we see an instruction that is neither movca.l
410        nor ocbi, the previous content is discarded.
411 
412        To optimize, we only try to flush stores when we're at the start of
413        TB, or if we already saw movca.l in this TB and did not flush stores
414        yet.  */
415     if (ctx->has_movcal)
416 	{
417 	  int opcode = ctx->opcode & 0xf0ff;
418 	  if (opcode != 0x0093 /* ocbi */
419 	      && opcode != 0x00c3 /* movca.l */)
420 	      {
421                   gen_helper_discard_movcal_backup(cpu_env);
422 		  ctx->has_movcal = 0;
423 	      }
424 	}
425 
426 #if 0
427     fprintf(stderr, "Translating opcode 0x%04x\n", ctx->opcode);
428 #endif
429 
430     switch (ctx->opcode) {
431     case 0x0019:		/* div0u */
432         tcg_gen_movi_i32(cpu_sr_m, 0);
433         tcg_gen_movi_i32(cpu_sr_q, 0);
434         tcg_gen_movi_i32(cpu_sr_t, 0);
435 	return;
436     case 0x000b:		/* rts */
437 	CHECK_NOT_DELAY_SLOT
438 	tcg_gen_mov_i32(cpu_delayed_pc, cpu_pr);
439         ctx->envflags |= TB_FLAG_DELAY_SLOT;
440 	ctx->delayed_pc = (uint32_t) - 1;
441 	return;
442     case 0x0028:		/* clrmac */
443 	tcg_gen_movi_i32(cpu_mach, 0);
444 	tcg_gen_movi_i32(cpu_macl, 0);
445 	return;
446     case 0x0048:		/* clrs */
447         tcg_gen_andi_i32(cpu_sr, cpu_sr, ~(1u << SR_S));
448 	return;
449     case 0x0008:		/* clrt */
450         tcg_gen_movi_i32(cpu_sr_t, 0);
451 	return;
452     case 0x0038:		/* ldtlb */
453 	CHECK_PRIVILEGED
454         gen_helper_ldtlb(cpu_env);
455 	return;
456     case 0x002b:		/* rte */
457 	CHECK_PRIVILEGED
458 	CHECK_NOT_DELAY_SLOT
459         gen_write_sr(cpu_ssr);
460 	tcg_gen_mov_i32(cpu_delayed_pc, cpu_spc);
461         ctx->envflags |= TB_FLAG_DELAY_SLOT_RTE;
462 	ctx->delayed_pc = (uint32_t) - 1;
463         ctx->base.is_jmp = DISAS_STOP;
464 	return;
465     case 0x0058:		/* sets */
466         tcg_gen_ori_i32(cpu_sr, cpu_sr, (1u << SR_S));
467 	return;
468     case 0x0018:		/* sett */
469         tcg_gen_movi_i32(cpu_sr_t, 1);
470 	return;
471     case 0xfbfd:		/* frchg */
472         CHECK_FPSCR_PR_0
473 	tcg_gen_xori_i32(cpu_fpscr, cpu_fpscr, FPSCR_FR);
474         ctx->base.is_jmp = DISAS_STOP;
475 	return;
476     case 0xf3fd:		/* fschg */
477         CHECK_FPSCR_PR_0
478         tcg_gen_xori_i32(cpu_fpscr, cpu_fpscr, FPSCR_SZ);
479         ctx->base.is_jmp = DISAS_STOP;
480 	return;
481     case 0xf7fd:                /* fpchg */
482         CHECK_SH4A
483         tcg_gen_xori_i32(cpu_fpscr, cpu_fpscr, FPSCR_PR);
484         ctx->base.is_jmp = DISAS_STOP;
485         return;
486     case 0x0009:		/* nop */
487 	return;
488     case 0x001b:		/* sleep */
489 	CHECK_PRIVILEGED
490         tcg_gen_movi_i32(cpu_pc, ctx->base.pc_next + 2);
491         gen_helper_sleep(cpu_env);
492 	return;
493     }
494 
495     switch (ctx->opcode & 0xf000) {
496     case 0x1000:		/* mov.l Rm,@(disp,Rn) */
497 	{
498 	    TCGv addr = tcg_temp_new();
499 	    tcg_gen_addi_i32(addr, REG(B11_8), B3_0 * 4);
500             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
501                                 MO_TEUL | UNALIGN(ctx));
502 	    tcg_temp_free(addr);
503 	}
504 	return;
505     case 0x5000:		/* mov.l @(disp,Rm),Rn */
506 	{
507 	    TCGv addr = tcg_temp_new();
508 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 4);
509             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx,
510                                 MO_TESL | UNALIGN(ctx));
511 	    tcg_temp_free(addr);
512 	}
513 	return;
514     case 0xe000:		/* mov #imm,Rn */
515 #ifdef CONFIG_USER_ONLY
516         /*
517          * Detect the start of a gUSA region (mov #-n, r15).
518          * If so, update envflags and end the TB.  This will allow us
519          * to see the end of the region (stored in R0) in the next TB.
520          */
521         if (B11_8 == 15 && B7_0s < 0 &&
522             (tb_cflags(ctx->base.tb) & CF_PARALLEL)) {
523             ctx->envflags =
524                 deposit32(ctx->envflags, TB_FLAG_GUSA_SHIFT, 8, B7_0s);
525             ctx->base.is_jmp = DISAS_STOP;
526         }
527 #endif
528 	tcg_gen_movi_i32(REG(B11_8), B7_0s);
529 	return;
530     case 0x9000:		/* mov.w @(disp,PC),Rn */
531 	{
532             TCGv addr = tcg_const_i32(ctx->base.pc_next + 4 + B7_0 * 2);
533             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESW);
534 	    tcg_temp_free(addr);
535 	}
536 	return;
537     case 0xd000:		/* mov.l @(disp,PC),Rn */
538 	{
539             TCGv addr = tcg_const_i32((ctx->base.pc_next + 4 + B7_0 * 4) & ~3);
540             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESL);
541 	    tcg_temp_free(addr);
542 	}
543 	return;
544     case 0x7000:		/* add #imm,Rn */
545 	tcg_gen_addi_i32(REG(B11_8), REG(B11_8), B7_0s);
546 	return;
547     case 0xa000:		/* bra disp */
548 	CHECK_NOT_DELAY_SLOT
549         ctx->delayed_pc = ctx->base.pc_next + 4 + B11_0s * 2;
550         ctx->envflags |= TB_FLAG_DELAY_SLOT;
551 	return;
552     case 0xb000:		/* bsr disp */
553 	CHECK_NOT_DELAY_SLOT
554         tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
555         ctx->delayed_pc = ctx->base.pc_next + 4 + B11_0s * 2;
556         ctx->envflags |= TB_FLAG_DELAY_SLOT;
557 	return;
558     }
559 
560     switch (ctx->opcode & 0xf00f) {
561     case 0x6003:		/* mov Rm,Rn */
562 	tcg_gen_mov_i32(REG(B11_8), REG(B7_4));
563 	return;
564     case 0x2000:		/* mov.b Rm,@Rn */
565         tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx, MO_UB);
566 	return;
567     case 0x2001:		/* mov.w Rm,@Rn */
568         tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx,
569                             MO_TEUW | UNALIGN(ctx));
570 	return;
571     case 0x2002:		/* mov.l Rm,@Rn */
572         tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx,
573                             MO_TEUL | UNALIGN(ctx));
574 	return;
575     case 0x6000:		/* mov.b @Rm,Rn */
576         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_SB);
577 	return;
578     case 0x6001:		/* mov.w @Rm,Rn */
579         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
580                             MO_TESW | UNALIGN(ctx));
581 	return;
582     case 0x6002:		/* mov.l @Rm,Rn */
583         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
584                             MO_TESL | UNALIGN(ctx));
585 	return;
586     case 0x2004:		/* mov.b Rm,@-Rn */
587 	{
588 	    TCGv addr = tcg_temp_new();
589 	    tcg_gen_subi_i32(addr, REG(B11_8), 1);
590             /* might cause re-execution */
591             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_UB);
592 	    tcg_gen_mov_i32(REG(B11_8), addr);			/* modify register status */
593 	    tcg_temp_free(addr);
594 	}
595 	return;
596     case 0x2005:		/* mov.w Rm,@-Rn */
597 	{
598 	    TCGv addr = tcg_temp_new();
599 	    tcg_gen_subi_i32(addr, REG(B11_8), 2);
600             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
601                                 MO_TEUW | UNALIGN(ctx));
602 	    tcg_gen_mov_i32(REG(B11_8), addr);
603 	    tcg_temp_free(addr);
604 	}
605 	return;
606     case 0x2006:		/* mov.l Rm,@-Rn */
607 	{
608 	    TCGv addr = tcg_temp_new();
609 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
610             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
611                                 MO_TEUL | UNALIGN(ctx));
612 	    tcg_gen_mov_i32(REG(B11_8), addr);
613         tcg_temp_free(addr);
614 	}
615 	return;
616     case 0x6004:		/* mov.b @Rm+,Rn */
617         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_SB);
618 	if ( B11_8 != B7_4 )
619 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 1);
620 	return;
621     case 0x6005:		/* mov.w @Rm+,Rn */
622         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
623                             MO_TESW | UNALIGN(ctx));
624 	if ( B11_8 != B7_4 )
625 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 2);
626 	return;
627     case 0x6006:		/* mov.l @Rm+,Rn */
628         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
629                             MO_TESL | UNALIGN(ctx));
630 	if ( B11_8 != B7_4 )
631 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
632 	return;
633     case 0x0004:		/* mov.b Rm,@(R0,Rn) */
634 	{
635 	    TCGv addr = tcg_temp_new();
636 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
637             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_UB);
638 	    tcg_temp_free(addr);
639 	}
640 	return;
641     case 0x0005:		/* mov.w Rm,@(R0,Rn) */
642 	{
643 	    TCGv addr = tcg_temp_new();
644 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
645             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
646                                 MO_TEUW | UNALIGN(ctx));
647 	    tcg_temp_free(addr);
648 	}
649 	return;
650     case 0x0006:		/* mov.l Rm,@(R0,Rn) */
651 	{
652 	    TCGv addr = tcg_temp_new();
653 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
654             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
655                                 MO_TEUL | UNALIGN(ctx));
656 	    tcg_temp_free(addr);
657 	}
658 	return;
659     case 0x000c:		/* mov.b @(R0,Rm),Rn */
660 	{
661 	    TCGv addr = tcg_temp_new();
662 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
663             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_SB);
664 	    tcg_temp_free(addr);
665 	}
666 	return;
667     case 0x000d:		/* mov.w @(R0,Rm),Rn */
668 	{
669 	    TCGv addr = tcg_temp_new();
670 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
671             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx,
672                                 MO_TESW | UNALIGN(ctx));
673 	    tcg_temp_free(addr);
674 	}
675 	return;
676     case 0x000e:		/* mov.l @(R0,Rm),Rn */
677 	{
678 	    TCGv addr = tcg_temp_new();
679 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
680             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx,
681                                 MO_TESL | UNALIGN(ctx));
682 	    tcg_temp_free(addr);
683 	}
684 	return;
685     case 0x6008:		/* swap.b Rm,Rn */
686 	{
687             TCGv low = tcg_temp_new();
688             tcg_gen_bswap16_i32(low, REG(B7_4), 0);
689             tcg_gen_deposit_i32(REG(B11_8), REG(B7_4), low, 0, 16);
690 	    tcg_temp_free(low);
691 	}
692 	return;
693     case 0x6009:		/* swap.w Rm,Rn */
694         tcg_gen_rotli_i32(REG(B11_8), REG(B7_4), 16);
695 	return;
696     case 0x200d:		/* xtrct Rm,Rn */
697 	{
698 	    TCGv high, low;
699 	    high = tcg_temp_new();
700 	    tcg_gen_shli_i32(high, REG(B7_4), 16);
701 	    low = tcg_temp_new();
702 	    tcg_gen_shri_i32(low, REG(B11_8), 16);
703 	    tcg_gen_or_i32(REG(B11_8), high, low);
704 	    tcg_temp_free(low);
705 	    tcg_temp_free(high);
706 	}
707 	return;
708     case 0x300c:		/* add Rm,Rn */
709 	tcg_gen_add_i32(REG(B11_8), REG(B11_8), REG(B7_4));
710 	return;
711     case 0x300e:		/* addc Rm,Rn */
712         {
713             TCGv t0, t1;
714             t0 = tcg_const_tl(0);
715             t1 = tcg_temp_new();
716             tcg_gen_add2_i32(t1, cpu_sr_t, cpu_sr_t, t0, REG(B7_4), t0);
717             tcg_gen_add2_i32(REG(B11_8), cpu_sr_t,
718                              REG(B11_8), t0, t1, cpu_sr_t);
719             tcg_temp_free(t0);
720             tcg_temp_free(t1);
721         }
722 	return;
723     case 0x300f:		/* addv Rm,Rn */
724         {
725             TCGv t0, t1, t2;
726             t0 = tcg_temp_new();
727             tcg_gen_add_i32(t0, REG(B7_4), REG(B11_8));
728             t1 = tcg_temp_new();
729             tcg_gen_xor_i32(t1, t0, REG(B11_8));
730             t2 = tcg_temp_new();
731             tcg_gen_xor_i32(t2, REG(B7_4), REG(B11_8));
732             tcg_gen_andc_i32(cpu_sr_t, t1, t2);
733             tcg_temp_free(t2);
734             tcg_gen_shri_i32(cpu_sr_t, cpu_sr_t, 31);
735             tcg_temp_free(t1);
736             tcg_gen_mov_i32(REG(B7_4), t0);
737             tcg_temp_free(t0);
738         }
739 	return;
740     case 0x2009:		/* and Rm,Rn */
741 	tcg_gen_and_i32(REG(B11_8), REG(B11_8), REG(B7_4));
742 	return;
743     case 0x3000:		/* cmp/eq Rm,Rn */
744         tcg_gen_setcond_i32(TCG_COND_EQ, cpu_sr_t, REG(B11_8), REG(B7_4));
745 	return;
746     case 0x3003:		/* cmp/ge Rm,Rn */
747         tcg_gen_setcond_i32(TCG_COND_GE, cpu_sr_t, REG(B11_8), REG(B7_4));
748 	return;
749     case 0x3007:		/* cmp/gt Rm,Rn */
750         tcg_gen_setcond_i32(TCG_COND_GT, cpu_sr_t, REG(B11_8), REG(B7_4));
751 	return;
752     case 0x3006:		/* cmp/hi Rm,Rn */
753         tcg_gen_setcond_i32(TCG_COND_GTU, cpu_sr_t, REG(B11_8), REG(B7_4));
754 	return;
755     case 0x3002:		/* cmp/hs Rm,Rn */
756         tcg_gen_setcond_i32(TCG_COND_GEU, cpu_sr_t, REG(B11_8), REG(B7_4));
757 	return;
758     case 0x200c:		/* cmp/str Rm,Rn */
759 	{
760 	    TCGv cmp1 = tcg_temp_new();
761 	    TCGv cmp2 = tcg_temp_new();
762             tcg_gen_xor_i32(cmp2, REG(B7_4), REG(B11_8));
763             tcg_gen_subi_i32(cmp1, cmp2, 0x01010101);
764             tcg_gen_andc_i32(cmp1, cmp1, cmp2);
765             tcg_gen_andi_i32(cmp1, cmp1, 0x80808080);
766             tcg_gen_setcondi_i32(TCG_COND_NE, cpu_sr_t, cmp1, 0);
767 	    tcg_temp_free(cmp2);
768 	    tcg_temp_free(cmp1);
769 	}
770 	return;
771     case 0x2007:		/* div0s Rm,Rn */
772         tcg_gen_shri_i32(cpu_sr_q, REG(B11_8), 31);         /* SR_Q */
773         tcg_gen_shri_i32(cpu_sr_m, REG(B7_4), 31);          /* SR_M */
774         tcg_gen_xor_i32(cpu_sr_t, cpu_sr_q, cpu_sr_m);      /* SR_T */
775 	return;
776     case 0x3004:		/* div1 Rm,Rn */
777         {
778             TCGv t0 = tcg_temp_new();
779             TCGv t1 = tcg_temp_new();
780             TCGv t2 = tcg_temp_new();
781             TCGv zero = tcg_const_i32(0);
782 
783             /* shift left arg1, saving the bit being pushed out and inserting
784                T on the right */
785             tcg_gen_shri_i32(t0, REG(B11_8), 31);
786             tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 1);
787             tcg_gen_or_i32(REG(B11_8), REG(B11_8), cpu_sr_t);
788 
789             /* Add or subtract arg0 from arg1 depending if Q == M. To avoid
790                using 64-bit temps, we compute arg0's high part from q ^ m, so
791                that it is 0x00000000 when adding the value or 0xffffffff when
792                subtracting it. */
793             tcg_gen_xor_i32(t1, cpu_sr_q, cpu_sr_m);
794             tcg_gen_subi_i32(t1, t1, 1);
795             tcg_gen_neg_i32(t2, REG(B7_4));
796             tcg_gen_movcond_i32(TCG_COND_EQ, t2, t1, zero, REG(B7_4), t2);
797             tcg_gen_add2_i32(REG(B11_8), t1, REG(B11_8), zero, t2, t1);
798 
799             /* compute T and Q depending on carry */
800             tcg_gen_andi_i32(t1, t1, 1);
801             tcg_gen_xor_i32(t1, t1, t0);
802             tcg_gen_xori_i32(cpu_sr_t, t1, 1);
803             tcg_gen_xor_i32(cpu_sr_q, cpu_sr_m, t1);
804 
805             tcg_temp_free(zero);
806             tcg_temp_free(t2);
807             tcg_temp_free(t1);
808             tcg_temp_free(t0);
809         }
810 	return;
811     case 0x300d:		/* dmuls.l Rm,Rn */
812         tcg_gen_muls2_i32(cpu_macl, cpu_mach, REG(B7_4), REG(B11_8));
813 	return;
814     case 0x3005:		/* dmulu.l Rm,Rn */
815         tcg_gen_mulu2_i32(cpu_macl, cpu_mach, REG(B7_4), REG(B11_8));
816 	return;
817     case 0x600e:		/* exts.b Rm,Rn */
818 	tcg_gen_ext8s_i32(REG(B11_8), REG(B7_4));
819 	return;
820     case 0x600f:		/* exts.w Rm,Rn */
821 	tcg_gen_ext16s_i32(REG(B11_8), REG(B7_4));
822 	return;
823     case 0x600c:		/* extu.b Rm,Rn */
824 	tcg_gen_ext8u_i32(REG(B11_8), REG(B7_4));
825 	return;
826     case 0x600d:		/* extu.w Rm,Rn */
827 	tcg_gen_ext16u_i32(REG(B11_8), REG(B7_4));
828 	return;
829     case 0x000f:		/* mac.l @Rm+,@Rn+ */
830 	{
831 	    TCGv arg0, arg1;
832 	    arg0 = tcg_temp_new();
833             tcg_gen_qemu_ld_i32(arg0, REG(B7_4), ctx->memidx, MO_TESL);
834 	    arg1 = tcg_temp_new();
835             tcg_gen_qemu_ld_i32(arg1, REG(B11_8), ctx->memidx, MO_TESL);
836             gen_helper_macl(cpu_env, arg0, arg1);
837 	    tcg_temp_free(arg1);
838 	    tcg_temp_free(arg0);
839 	    tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
840 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
841 	}
842 	return;
843     case 0x400f:		/* mac.w @Rm+,@Rn+ */
844 	{
845 	    TCGv arg0, arg1;
846 	    arg0 = tcg_temp_new();
847             tcg_gen_qemu_ld_i32(arg0, REG(B7_4), ctx->memidx, MO_TESL);
848 	    arg1 = tcg_temp_new();
849             tcg_gen_qemu_ld_i32(arg1, REG(B11_8), ctx->memidx, MO_TESL);
850             gen_helper_macw(cpu_env, arg0, arg1);
851 	    tcg_temp_free(arg1);
852 	    tcg_temp_free(arg0);
853 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 2);
854 	    tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 2);
855 	}
856 	return;
857     case 0x0007:		/* mul.l Rm,Rn */
858 	tcg_gen_mul_i32(cpu_macl, REG(B7_4), REG(B11_8));
859 	return;
860     case 0x200f:		/* muls.w Rm,Rn */
861 	{
862 	    TCGv arg0, arg1;
863 	    arg0 = tcg_temp_new();
864 	    tcg_gen_ext16s_i32(arg0, REG(B7_4));
865 	    arg1 = tcg_temp_new();
866 	    tcg_gen_ext16s_i32(arg1, REG(B11_8));
867 	    tcg_gen_mul_i32(cpu_macl, arg0, arg1);
868 	    tcg_temp_free(arg1);
869 	    tcg_temp_free(arg0);
870 	}
871 	return;
872     case 0x200e:		/* mulu.w Rm,Rn */
873 	{
874 	    TCGv arg0, arg1;
875 	    arg0 = tcg_temp_new();
876 	    tcg_gen_ext16u_i32(arg0, REG(B7_4));
877 	    arg1 = tcg_temp_new();
878 	    tcg_gen_ext16u_i32(arg1, REG(B11_8));
879 	    tcg_gen_mul_i32(cpu_macl, arg0, arg1);
880 	    tcg_temp_free(arg1);
881 	    tcg_temp_free(arg0);
882 	}
883 	return;
884     case 0x600b:		/* neg Rm,Rn */
885 	tcg_gen_neg_i32(REG(B11_8), REG(B7_4));
886 	return;
887     case 0x600a:		/* negc Rm,Rn */
888         {
889             TCGv t0 = tcg_const_i32(0);
890             tcg_gen_add2_i32(REG(B11_8), cpu_sr_t,
891                              REG(B7_4), t0, cpu_sr_t, t0);
892             tcg_gen_sub2_i32(REG(B11_8), cpu_sr_t,
893                              t0, t0, REG(B11_8), cpu_sr_t);
894             tcg_gen_andi_i32(cpu_sr_t, cpu_sr_t, 1);
895             tcg_temp_free(t0);
896         }
897 	return;
898     case 0x6007:		/* not Rm,Rn */
899 	tcg_gen_not_i32(REG(B11_8), REG(B7_4));
900 	return;
901     case 0x200b:		/* or Rm,Rn */
902 	tcg_gen_or_i32(REG(B11_8), REG(B11_8), REG(B7_4));
903 	return;
904     case 0x400c:		/* shad Rm,Rn */
905 	{
906             TCGv t0 = tcg_temp_new();
907             TCGv t1 = tcg_temp_new();
908             TCGv t2 = tcg_temp_new();
909 
910             tcg_gen_andi_i32(t0, REG(B7_4), 0x1f);
911 
912             /* positive case: shift to the left */
913             tcg_gen_shl_i32(t1, REG(B11_8), t0);
914 
915             /* negative case: shift to the right in two steps to
916                correctly handle the -32 case */
917             tcg_gen_xori_i32(t0, t0, 0x1f);
918             tcg_gen_sar_i32(t2, REG(B11_8), t0);
919             tcg_gen_sari_i32(t2, t2, 1);
920 
921             /* select between the two cases */
922             tcg_gen_movi_i32(t0, 0);
923             tcg_gen_movcond_i32(TCG_COND_GE, REG(B11_8), REG(B7_4), t0, t1, t2);
924 
925             tcg_temp_free(t0);
926             tcg_temp_free(t1);
927             tcg_temp_free(t2);
928 	}
929 	return;
930     case 0x400d:		/* shld Rm,Rn */
931 	{
932             TCGv t0 = tcg_temp_new();
933             TCGv t1 = tcg_temp_new();
934             TCGv t2 = tcg_temp_new();
935 
936             tcg_gen_andi_i32(t0, REG(B7_4), 0x1f);
937 
938             /* positive case: shift to the left */
939             tcg_gen_shl_i32(t1, REG(B11_8), t0);
940 
941             /* negative case: shift to the right in two steps to
942                correctly handle the -32 case */
943             tcg_gen_xori_i32(t0, t0, 0x1f);
944             tcg_gen_shr_i32(t2, REG(B11_8), t0);
945             tcg_gen_shri_i32(t2, t2, 1);
946 
947             /* select between the two cases */
948             tcg_gen_movi_i32(t0, 0);
949             tcg_gen_movcond_i32(TCG_COND_GE, REG(B11_8), REG(B7_4), t0, t1, t2);
950 
951             tcg_temp_free(t0);
952             tcg_temp_free(t1);
953             tcg_temp_free(t2);
954 	}
955 	return;
956     case 0x3008:		/* sub Rm,Rn */
957 	tcg_gen_sub_i32(REG(B11_8), REG(B11_8), REG(B7_4));
958 	return;
959     case 0x300a:		/* subc Rm,Rn */
960         {
961             TCGv t0, t1;
962             t0 = tcg_const_tl(0);
963             t1 = tcg_temp_new();
964             tcg_gen_add2_i32(t1, cpu_sr_t, cpu_sr_t, t0, REG(B7_4), t0);
965             tcg_gen_sub2_i32(REG(B11_8), cpu_sr_t,
966                              REG(B11_8), t0, t1, cpu_sr_t);
967             tcg_gen_andi_i32(cpu_sr_t, cpu_sr_t, 1);
968             tcg_temp_free(t0);
969             tcg_temp_free(t1);
970         }
971 	return;
972     case 0x300b:		/* subv Rm,Rn */
973         {
974             TCGv t0, t1, t2;
975             t0 = tcg_temp_new();
976             tcg_gen_sub_i32(t0, REG(B11_8), REG(B7_4));
977             t1 = tcg_temp_new();
978             tcg_gen_xor_i32(t1, t0, REG(B7_4));
979             t2 = tcg_temp_new();
980             tcg_gen_xor_i32(t2, REG(B11_8), REG(B7_4));
981             tcg_gen_and_i32(t1, t1, t2);
982             tcg_temp_free(t2);
983             tcg_gen_shri_i32(cpu_sr_t, t1, 31);
984             tcg_temp_free(t1);
985             tcg_gen_mov_i32(REG(B11_8), t0);
986             tcg_temp_free(t0);
987         }
988 	return;
989     case 0x2008:		/* tst Rm,Rn */
990 	{
991 	    TCGv val = tcg_temp_new();
992 	    tcg_gen_and_i32(val, REG(B7_4), REG(B11_8));
993             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
994 	    tcg_temp_free(val);
995 	}
996 	return;
997     case 0x200a:		/* xor Rm,Rn */
998 	tcg_gen_xor_i32(REG(B11_8), REG(B11_8), REG(B7_4));
999 	return;
1000     case 0xf00c: /* fmov {F,D,X}Rm,{F,D,X}Rn - FPSCR: Nothing */
1001 	CHECK_FPU_ENABLED
1002         if (ctx->tbflags & FPSCR_SZ) {
1003             int xsrc = XHACK(B7_4);
1004             int xdst = XHACK(B11_8);
1005             tcg_gen_mov_i32(FREG(xdst), FREG(xsrc));
1006             tcg_gen_mov_i32(FREG(xdst + 1), FREG(xsrc + 1));
1007 	} else {
1008             tcg_gen_mov_i32(FREG(B11_8), FREG(B7_4));
1009 	}
1010 	return;
1011     case 0xf00a: /* fmov {F,D,X}Rm,@Rn - FPSCR: Nothing */
1012 	CHECK_FPU_ENABLED
1013         if (ctx->tbflags & FPSCR_SZ) {
1014             TCGv_i64 fp = tcg_temp_new_i64();
1015             gen_load_fpr64(ctx, fp, XHACK(B7_4));
1016             tcg_gen_qemu_st_i64(fp, REG(B11_8), ctx->memidx, MO_TEUQ);
1017             tcg_temp_free_i64(fp);
1018 	} else {
1019             tcg_gen_qemu_st_i32(FREG(B7_4), REG(B11_8), ctx->memidx, MO_TEUL);
1020 	}
1021 	return;
1022     case 0xf008: /* fmov @Rm,{F,D,X}Rn - FPSCR: Nothing */
1023 	CHECK_FPU_ENABLED
1024         if (ctx->tbflags & FPSCR_SZ) {
1025             TCGv_i64 fp = tcg_temp_new_i64();
1026             tcg_gen_qemu_ld_i64(fp, REG(B7_4), ctx->memidx, MO_TEUQ);
1027             gen_store_fpr64(ctx, fp, XHACK(B11_8));
1028             tcg_temp_free_i64(fp);
1029 	} else {
1030             tcg_gen_qemu_ld_i32(FREG(B11_8), REG(B7_4), ctx->memidx, MO_TEUL);
1031 	}
1032 	return;
1033     case 0xf009: /* fmov @Rm+,{F,D,X}Rn - FPSCR: Nothing */
1034 	CHECK_FPU_ENABLED
1035         if (ctx->tbflags & FPSCR_SZ) {
1036             TCGv_i64 fp = tcg_temp_new_i64();
1037             tcg_gen_qemu_ld_i64(fp, REG(B7_4), ctx->memidx, MO_TEUQ);
1038             gen_store_fpr64(ctx, fp, XHACK(B11_8));
1039             tcg_temp_free_i64(fp);
1040             tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 8);
1041 	} else {
1042             tcg_gen_qemu_ld_i32(FREG(B11_8), REG(B7_4), ctx->memidx, MO_TEUL);
1043 	    tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
1044 	}
1045 	return;
1046     case 0xf00b: /* fmov {F,D,X}Rm,@-Rn - FPSCR: Nothing */
1047 	CHECK_FPU_ENABLED
1048         {
1049             TCGv addr = tcg_temp_new_i32();
1050             if (ctx->tbflags & FPSCR_SZ) {
1051                 TCGv_i64 fp = tcg_temp_new_i64();
1052                 gen_load_fpr64(ctx, fp, XHACK(B7_4));
1053                 tcg_gen_subi_i32(addr, REG(B11_8), 8);
1054                 tcg_gen_qemu_st_i64(fp, addr, ctx->memidx, MO_TEUQ);
1055                 tcg_temp_free_i64(fp);
1056             } else {
1057                 tcg_gen_subi_i32(addr, REG(B11_8), 4);
1058                 tcg_gen_qemu_st_i32(FREG(B7_4), addr, ctx->memidx, MO_TEUL);
1059             }
1060             tcg_gen_mov_i32(REG(B11_8), addr);
1061             tcg_temp_free(addr);
1062         }
1063 	return;
1064     case 0xf006: /* fmov @(R0,Rm),{F,D,X}Rm - FPSCR: Nothing */
1065 	CHECK_FPU_ENABLED
1066 	{
1067 	    TCGv addr = tcg_temp_new_i32();
1068 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
1069             if (ctx->tbflags & FPSCR_SZ) {
1070                 TCGv_i64 fp = tcg_temp_new_i64();
1071                 tcg_gen_qemu_ld_i64(fp, addr, ctx->memidx, MO_TEUQ);
1072                 gen_store_fpr64(ctx, fp, XHACK(B11_8));
1073                 tcg_temp_free_i64(fp);
1074 	    } else {
1075                 tcg_gen_qemu_ld_i32(FREG(B11_8), addr, ctx->memidx, MO_TEUL);
1076 	    }
1077 	    tcg_temp_free(addr);
1078 	}
1079 	return;
1080     case 0xf007: /* fmov {F,D,X}Rn,@(R0,Rn) - FPSCR: Nothing */
1081 	CHECK_FPU_ENABLED
1082 	{
1083 	    TCGv addr = tcg_temp_new();
1084 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
1085             if (ctx->tbflags & FPSCR_SZ) {
1086                 TCGv_i64 fp = tcg_temp_new_i64();
1087                 gen_load_fpr64(ctx, fp, XHACK(B7_4));
1088                 tcg_gen_qemu_st_i64(fp, addr, ctx->memidx, MO_TEUQ);
1089                 tcg_temp_free_i64(fp);
1090 	    } else {
1091                 tcg_gen_qemu_st_i32(FREG(B7_4), addr, ctx->memidx, MO_TEUL);
1092 	    }
1093 	    tcg_temp_free(addr);
1094 	}
1095 	return;
1096     case 0xf000: /* fadd Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1097     case 0xf001: /* fsub Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1098     case 0xf002: /* fmul Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1099     case 0xf003: /* fdiv Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1100     case 0xf004: /* fcmp/eq Rm,Rn - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
1101     case 0xf005: /* fcmp/gt Rm,Rn - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
1102 	{
1103 	    CHECK_FPU_ENABLED
1104             if (ctx->tbflags & FPSCR_PR) {
1105                 TCGv_i64 fp0, fp1;
1106 
1107                 if (ctx->opcode & 0x0110) {
1108                     goto do_illegal;
1109                 }
1110 		fp0 = tcg_temp_new_i64();
1111 		fp1 = tcg_temp_new_i64();
1112                 gen_load_fpr64(ctx, fp0, B11_8);
1113                 gen_load_fpr64(ctx, fp1, B7_4);
1114                 switch (ctx->opcode & 0xf00f) {
1115                 case 0xf000:		/* fadd Rm,Rn */
1116                     gen_helper_fadd_DT(fp0, cpu_env, fp0, fp1);
1117                     break;
1118                 case 0xf001:		/* fsub Rm,Rn */
1119                     gen_helper_fsub_DT(fp0, cpu_env, fp0, fp1);
1120                     break;
1121                 case 0xf002:		/* fmul Rm,Rn */
1122                     gen_helper_fmul_DT(fp0, cpu_env, fp0, fp1);
1123                     break;
1124                 case 0xf003:		/* fdiv Rm,Rn */
1125                     gen_helper_fdiv_DT(fp0, cpu_env, fp0, fp1);
1126                     break;
1127                 case 0xf004:		/* fcmp/eq Rm,Rn */
1128                     gen_helper_fcmp_eq_DT(cpu_sr_t, cpu_env, fp0, fp1);
1129                     return;
1130                 case 0xf005:		/* fcmp/gt Rm,Rn */
1131                     gen_helper_fcmp_gt_DT(cpu_sr_t, cpu_env, fp0, fp1);
1132                     return;
1133                 }
1134                 gen_store_fpr64(ctx, fp0, B11_8);
1135                 tcg_temp_free_i64(fp0);
1136                 tcg_temp_free_i64(fp1);
1137 	    } else {
1138                 switch (ctx->opcode & 0xf00f) {
1139                 case 0xf000:		/* fadd Rm,Rn */
1140                     gen_helper_fadd_FT(FREG(B11_8), cpu_env,
1141                                        FREG(B11_8), FREG(B7_4));
1142                     break;
1143                 case 0xf001:		/* fsub Rm,Rn */
1144                     gen_helper_fsub_FT(FREG(B11_8), cpu_env,
1145                                        FREG(B11_8), FREG(B7_4));
1146                     break;
1147                 case 0xf002:		/* fmul Rm,Rn */
1148                     gen_helper_fmul_FT(FREG(B11_8), cpu_env,
1149                                        FREG(B11_8), FREG(B7_4));
1150                     break;
1151                 case 0xf003:		/* fdiv Rm,Rn */
1152                     gen_helper_fdiv_FT(FREG(B11_8), cpu_env,
1153                                        FREG(B11_8), FREG(B7_4));
1154                     break;
1155                 case 0xf004:		/* fcmp/eq Rm,Rn */
1156                     gen_helper_fcmp_eq_FT(cpu_sr_t, cpu_env,
1157                                           FREG(B11_8), FREG(B7_4));
1158                     return;
1159                 case 0xf005:		/* fcmp/gt Rm,Rn */
1160                     gen_helper_fcmp_gt_FT(cpu_sr_t, cpu_env,
1161                                           FREG(B11_8), FREG(B7_4));
1162                     return;
1163                 }
1164 	    }
1165 	}
1166 	return;
1167     case 0xf00e: /* fmac FR0,RM,Rn */
1168         CHECK_FPU_ENABLED
1169         CHECK_FPSCR_PR_0
1170         gen_helper_fmac_FT(FREG(B11_8), cpu_env,
1171                            FREG(0), FREG(B7_4), FREG(B11_8));
1172         return;
1173     }
1174 
1175     switch (ctx->opcode & 0xff00) {
1176     case 0xc900:		/* and #imm,R0 */
1177 	tcg_gen_andi_i32(REG(0), REG(0), B7_0);
1178 	return;
1179     case 0xcd00:		/* and.b #imm,@(R0,GBR) */
1180 	{
1181 	    TCGv addr, val;
1182 	    addr = tcg_temp_new();
1183 	    tcg_gen_add_i32(addr, REG(0), cpu_gbr);
1184 	    val = tcg_temp_new();
1185             tcg_gen_qemu_ld_i32(val, addr, ctx->memidx, MO_UB);
1186 	    tcg_gen_andi_i32(val, val, B7_0);
1187             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_UB);
1188 	    tcg_temp_free(val);
1189 	    tcg_temp_free(addr);
1190 	}
1191 	return;
1192     case 0x8b00:		/* bf label */
1193 	CHECK_NOT_DELAY_SLOT
1194         gen_conditional_jump(ctx, ctx->base.pc_next + 4 + B7_0s * 2, false);
1195 	return;
1196     case 0x8f00:		/* bf/s label */
1197 	CHECK_NOT_DELAY_SLOT
1198         tcg_gen_xori_i32(cpu_delayed_cond, cpu_sr_t, 1);
1199         ctx->delayed_pc = ctx->base.pc_next + 4 + B7_0s * 2;
1200         ctx->envflags |= TB_FLAG_DELAY_SLOT_COND;
1201 	return;
1202     case 0x8900:		/* bt label */
1203 	CHECK_NOT_DELAY_SLOT
1204         gen_conditional_jump(ctx, ctx->base.pc_next + 4 + B7_0s * 2, true);
1205 	return;
1206     case 0x8d00:		/* bt/s label */
1207 	CHECK_NOT_DELAY_SLOT
1208         tcg_gen_mov_i32(cpu_delayed_cond, cpu_sr_t);
1209         ctx->delayed_pc = ctx->base.pc_next + 4 + B7_0s * 2;
1210         ctx->envflags |= TB_FLAG_DELAY_SLOT_COND;
1211 	return;
1212     case 0x8800:		/* cmp/eq #imm,R0 */
1213         tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, REG(0), B7_0s);
1214 	return;
1215     case 0xc400:		/* mov.b @(disp,GBR),R0 */
1216 	{
1217 	    TCGv addr = tcg_temp_new();
1218 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0);
1219             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_SB);
1220 	    tcg_temp_free(addr);
1221 	}
1222 	return;
1223     case 0xc500:		/* mov.w @(disp,GBR),R0 */
1224 	{
1225 	    TCGv addr = tcg_temp_new();
1226 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 2);
1227             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_TESW);
1228 	    tcg_temp_free(addr);
1229 	}
1230 	return;
1231     case 0xc600:		/* mov.l @(disp,GBR),R0 */
1232 	{
1233 	    TCGv addr = tcg_temp_new();
1234 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 4);
1235             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_TESL);
1236 	    tcg_temp_free(addr);
1237 	}
1238 	return;
1239     case 0xc000:		/* mov.b R0,@(disp,GBR) */
1240 	{
1241 	    TCGv addr = tcg_temp_new();
1242 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0);
1243             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_UB);
1244 	    tcg_temp_free(addr);
1245 	}
1246 	return;
1247     case 0xc100:		/* mov.w R0,@(disp,GBR) */
1248 	{
1249 	    TCGv addr = tcg_temp_new();
1250 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 2);
1251             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_TEUW);
1252 	    tcg_temp_free(addr);
1253 	}
1254 	return;
1255     case 0xc200:		/* mov.l R0,@(disp,GBR) */
1256 	{
1257 	    TCGv addr = tcg_temp_new();
1258 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 4);
1259             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_TEUL);
1260 	    tcg_temp_free(addr);
1261 	}
1262 	return;
1263     case 0x8000:		/* mov.b R0,@(disp,Rn) */
1264 	{
1265 	    TCGv addr = tcg_temp_new();
1266 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0);
1267             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_UB);
1268 	    tcg_temp_free(addr);
1269 	}
1270 	return;
1271     case 0x8100:		/* mov.w R0,@(disp,Rn) */
1272 	{
1273 	    TCGv addr = tcg_temp_new();
1274 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 2);
1275             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx,
1276                                 MO_TEUW | UNALIGN(ctx));
1277 	    tcg_temp_free(addr);
1278 	}
1279 	return;
1280     case 0x8400:		/* mov.b @(disp,Rn),R0 */
1281 	{
1282 	    TCGv addr = tcg_temp_new();
1283 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0);
1284             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_SB);
1285 	    tcg_temp_free(addr);
1286 	}
1287 	return;
1288     case 0x8500:		/* mov.w @(disp,Rn),R0 */
1289 	{
1290 	    TCGv addr = tcg_temp_new();
1291 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 2);
1292             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx,
1293                                 MO_TESW | UNALIGN(ctx));
1294 	    tcg_temp_free(addr);
1295 	}
1296 	return;
1297     case 0xc700:		/* mova @(disp,PC),R0 */
1298         tcg_gen_movi_i32(REG(0), ((ctx->base.pc_next & 0xfffffffc) +
1299                                   4 + B7_0 * 4) & ~3);
1300 	return;
1301     case 0xcb00:		/* or #imm,R0 */
1302 	tcg_gen_ori_i32(REG(0), REG(0), B7_0);
1303 	return;
1304     case 0xcf00:		/* or.b #imm,@(R0,GBR) */
1305 	{
1306 	    TCGv addr, val;
1307 	    addr = tcg_temp_new();
1308 	    tcg_gen_add_i32(addr, REG(0), cpu_gbr);
1309 	    val = tcg_temp_new();
1310             tcg_gen_qemu_ld_i32(val, addr, ctx->memidx, MO_UB);
1311 	    tcg_gen_ori_i32(val, val, B7_0);
1312             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_UB);
1313 	    tcg_temp_free(val);
1314 	    tcg_temp_free(addr);
1315 	}
1316 	return;
1317     case 0xc300:		/* trapa #imm */
1318 	{
1319 	    TCGv imm;
1320 	    CHECK_NOT_DELAY_SLOT
1321             gen_save_cpu_state(ctx, true);
1322 	    imm = tcg_const_i32(B7_0);
1323             gen_helper_trapa(cpu_env, imm);
1324 	    tcg_temp_free(imm);
1325             ctx->base.is_jmp = DISAS_NORETURN;
1326 	}
1327 	return;
1328     case 0xc800:		/* tst #imm,R0 */
1329 	{
1330 	    TCGv val = tcg_temp_new();
1331 	    tcg_gen_andi_i32(val, REG(0), B7_0);
1332             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
1333 	    tcg_temp_free(val);
1334 	}
1335 	return;
1336     case 0xcc00:		/* tst.b #imm,@(R0,GBR) */
1337 	{
1338 	    TCGv val = tcg_temp_new();
1339 	    tcg_gen_add_i32(val, REG(0), cpu_gbr);
1340             tcg_gen_qemu_ld_i32(val, val, ctx->memidx, MO_UB);
1341 	    tcg_gen_andi_i32(val, val, B7_0);
1342             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
1343 	    tcg_temp_free(val);
1344 	}
1345 	return;
1346     case 0xca00:		/* xor #imm,R0 */
1347 	tcg_gen_xori_i32(REG(0), REG(0), B7_0);
1348 	return;
1349     case 0xce00:		/* xor.b #imm,@(R0,GBR) */
1350 	{
1351 	    TCGv addr, val;
1352 	    addr = tcg_temp_new();
1353 	    tcg_gen_add_i32(addr, REG(0), cpu_gbr);
1354 	    val = tcg_temp_new();
1355             tcg_gen_qemu_ld_i32(val, addr, ctx->memidx, MO_UB);
1356 	    tcg_gen_xori_i32(val, val, B7_0);
1357             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_UB);
1358 	    tcg_temp_free(val);
1359 	    tcg_temp_free(addr);
1360 	}
1361 	return;
1362     }
1363 
1364     switch (ctx->opcode & 0xf08f) {
1365     case 0x408e:		/* ldc Rm,Rn_BANK */
1366 	CHECK_PRIVILEGED
1367 	tcg_gen_mov_i32(ALTREG(B6_4), REG(B11_8));
1368 	return;
1369     case 0x4087:		/* ldc.l @Rm+,Rn_BANK */
1370 	CHECK_PRIVILEGED
1371         tcg_gen_qemu_ld_i32(ALTREG(B6_4), REG(B11_8), ctx->memidx, MO_TESL);
1372 	tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1373 	return;
1374     case 0x0082:		/* stc Rm_BANK,Rn */
1375 	CHECK_PRIVILEGED
1376 	tcg_gen_mov_i32(REG(B11_8), ALTREG(B6_4));
1377 	return;
1378     case 0x4083:		/* stc.l Rm_BANK,@-Rn */
1379 	CHECK_PRIVILEGED
1380 	{
1381 	    TCGv addr = tcg_temp_new();
1382 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
1383             tcg_gen_qemu_st_i32(ALTREG(B6_4), addr, ctx->memidx, MO_TEUL);
1384 	    tcg_gen_mov_i32(REG(B11_8), addr);
1385 	    tcg_temp_free(addr);
1386 	}
1387 	return;
1388     }
1389 
1390     switch (ctx->opcode & 0xf0ff) {
1391     case 0x0023:		/* braf Rn */
1392 	CHECK_NOT_DELAY_SLOT
1393         tcg_gen_addi_i32(cpu_delayed_pc, REG(B11_8), ctx->base.pc_next + 4);
1394         ctx->envflags |= TB_FLAG_DELAY_SLOT;
1395 	ctx->delayed_pc = (uint32_t) - 1;
1396 	return;
1397     case 0x0003:		/* bsrf Rn */
1398 	CHECK_NOT_DELAY_SLOT
1399         tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
1400 	tcg_gen_add_i32(cpu_delayed_pc, REG(B11_8), cpu_pr);
1401         ctx->envflags |= TB_FLAG_DELAY_SLOT;
1402 	ctx->delayed_pc = (uint32_t) - 1;
1403 	return;
1404     case 0x4015:		/* cmp/pl Rn */
1405         tcg_gen_setcondi_i32(TCG_COND_GT, cpu_sr_t, REG(B11_8), 0);
1406 	return;
1407     case 0x4011:		/* cmp/pz Rn */
1408         tcg_gen_setcondi_i32(TCG_COND_GE, cpu_sr_t, REG(B11_8), 0);
1409 	return;
1410     case 0x4010:		/* dt Rn */
1411 	tcg_gen_subi_i32(REG(B11_8), REG(B11_8), 1);
1412         tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, REG(B11_8), 0);
1413 	return;
1414     case 0x402b:		/* jmp @Rn */
1415 	CHECK_NOT_DELAY_SLOT
1416 	tcg_gen_mov_i32(cpu_delayed_pc, REG(B11_8));
1417         ctx->envflags |= TB_FLAG_DELAY_SLOT;
1418 	ctx->delayed_pc = (uint32_t) - 1;
1419 	return;
1420     case 0x400b:		/* jsr @Rn */
1421 	CHECK_NOT_DELAY_SLOT
1422         tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
1423 	tcg_gen_mov_i32(cpu_delayed_pc, REG(B11_8));
1424         ctx->envflags |= TB_FLAG_DELAY_SLOT;
1425 	ctx->delayed_pc = (uint32_t) - 1;
1426 	return;
1427     case 0x400e:		/* ldc Rm,SR */
1428 	CHECK_PRIVILEGED
1429         {
1430             TCGv val = tcg_temp_new();
1431             tcg_gen_andi_i32(val, REG(B11_8), 0x700083f3);
1432             gen_write_sr(val);
1433             tcg_temp_free(val);
1434             ctx->base.is_jmp = DISAS_STOP;
1435         }
1436 	return;
1437     case 0x4007:		/* ldc.l @Rm+,SR */
1438 	CHECK_PRIVILEGED
1439 	{
1440 	    TCGv val = tcg_temp_new();
1441             tcg_gen_qemu_ld_i32(val, REG(B11_8), ctx->memidx, MO_TESL);
1442             tcg_gen_andi_i32(val, val, 0x700083f3);
1443             gen_write_sr(val);
1444 	    tcg_temp_free(val);
1445 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1446             ctx->base.is_jmp = DISAS_STOP;
1447 	}
1448 	return;
1449     case 0x0002:		/* stc SR,Rn */
1450 	CHECK_PRIVILEGED
1451         gen_read_sr(REG(B11_8));
1452 	return;
1453     case 0x4003:		/* stc SR,@-Rn */
1454 	CHECK_PRIVILEGED
1455 	{
1456 	    TCGv addr = tcg_temp_new();
1457             TCGv val = tcg_temp_new();
1458 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
1459             gen_read_sr(val);
1460             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_TEUL);
1461 	    tcg_gen_mov_i32(REG(B11_8), addr);
1462             tcg_temp_free(val);
1463 	    tcg_temp_free(addr);
1464 	}
1465 	return;
1466 #define LD(reg,ldnum,ldpnum,prechk)		\
1467   case ldnum:							\
1468     prechk    							\
1469     tcg_gen_mov_i32 (cpu_##reg, REG(B11_8));			\
1470     return;							\
1471   case ldpnum:							\
1472     prechk    							\
1473     tcg_gen_qemu_ld_i32(cpu_##reg, REG(B11_8), ctx->memidx, MO_TESL); \
1474     tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);		\
1475     return;
1476 #define ST(reg,stnum,stpnum,prechk)		\
1477   case stnum:							\
1478     prechk    							\
1479     tcg_gen_mov_i32 (REG(B11_8), cpu_##reg);			\
1480     return;							\
1481   case stpnum:							\
1482     prechk    							\
1483     {								\
1484 	TCGv addr = tcg_temp_new();				\
1485 	tcg_gen_subi_i32(addr, REG(B11_8), 4);			\
1486         tcg_gen_qemu_st_i32(cpu_##reg, addr, ctx->memidx, MO_TEUL); \
1487 	tcg_gen_mov_i32(REG(B11_8), addr);			\
1488 	tcg_temp_free(addr);					\
1489     }								\
1490     return;
1491 #define LDST(reg,ldnum,ldpnum,stnum,stpnum,prechk)		\
1492 	LD(reg,ldnum,ldpnum,prechk)				\
1493 	ST(reg,stnum,stpnum,prechk)
1494 	LDST(gbr,  0x401e, 0x4017, 0x0012, 0x4013, {})
1495 	LDST(vbr,  0x402e, 0x4027, 0x0022, 0x4023, CHECK_PRIVILEGED)
1496 	LDST(ssr,  0x403e, 0x4037, 0x0032, 0x4033, CHECK_PRIVILEGED)
1497 	LDST(spc,  0x404e, 0x4047, 0x0042, 0x4043, CHECK_PRIVILEGED)
1498 	ST(sgr,  0x003a, 0x4032, CHECK_PRIVILEGED)
1499         LD(sgr,  0x403a, 0x4036, CHECK_PRIVILEGED CHECK_SH4A)
1500 	LDST(dbr,  0x40fa, 0x40f6, 0x00fa, 0x40f2, CHECK_PRIVILEGED)
1501 	LDST(mach, 0x400a, 0x4006, 0x000a, 0x4002, {})
1502 	LDST(macl, 0x401a, 0x4016, 0x001a, 0x4012, {})
1503 	LDST(pr,   0x402a, 0x4026, 0x002a, 0x4022, {})
1504 	LDST(fpul, 0x405a, 0x4056, 0x005a, 0x4052, {CHECK_FPU_ENABLED})
1505     case 0x406a:		/* lds Rm,FPSCR */
1506 	CHECK_FPU_ENABLED
1507         gen_helper_ld_fpscr(cpu_env, REG(B11_8));
1508         ctx->base.is_jmp = DISAS_STOP;
1509 	return;
1510     case 0x4066:		/* lds.l @Rm+,FPSCR */
1511 	CHECK_FPU_ENABLED
1512 	{
1513 	    TCGv addr = tcg_temp_new();
1514             tcg_gen_qemu_ld_i32(addr, REG(B11_8), ctx->memidx, MO_TESL);
1515 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1516             gen_helper_ld_fpscr(cpu_env, addr);
1517 	    tcg_temp_free(addr);
1518             ctx->base.is_jmp = DISAS_STOP;
1519 	}
1520 	return;
1521     case 0x006a:		/* sts FPSCR,Rn */
1522 	CHECK_FPU_ENABLED
1523 	tcg_gen_andi_i32(REG(B11_8), cpu_fpscr, 0x003fffff);
1524 	return;
1525     case 0x4062:		/* sts FPSCR,@-Rn */
1526 	CHECK_FPU_ENABLED
1527 	{
1528 	    TCGv addr, val;
1529 	    val = tcg_temp_new();
1530 	    tcg_gen_andi_i32(val, cpu_fpscr, 0x003fffff);
1531 	    addr = tcg_temp_new();
1532 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
1533             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_TEUL);
1534 	    tcg_gen_mov_i32(REG(B11_8), addr);
1535 	    tcg_temp_free(addr);
1536 	    tcg_temp_free(val);
1537 	}
1538 	return;
1539     case 0x00c3:		/* movca.l R0,@Rm */
1540         {
1541             TCGv val = tcg_temp_new();
1542             tcg_gen_qemu_ld_i32(val, REG(B11_8), ctx->memidx, MO_TEUL);
1543             gen_helper_movcal(cpu_env, REG(B11_8), val);
1544             tcg_gen_qemu_st_i32(REG(0), REG(B11_8), ctx->memidx, MO_TEUL);
1545             tcg_temp_free(val);
1546         }
1547         ctx->has_movcal = 1;
1548 	return;
1549     case 0x40a9:                /* movua.l @Rm,R0 */
1550         CHECK_SH4A
1551         /* Load non-boundary-aligned data */
1552         tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx,
1553                             MO_TEUL | MO_UNALN);
1554         return;
1555     case 0x40e9:                /* movua.l @Rm+,R0 */
1556         CHECK_SH4A
1557         /* Load non-boundary-aligned data */
1558         tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx,
1559                             MO_TEUL | MO_UNALN);
1560         tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1561         return;
1562     case 0x0029:		/* movt Rn */
1563         tcg_gen_mov_i32(REG(B11_8), cpu_sr_t);
1564 	return;
1565     case 0x0073:
1566         /* MOVCO.L
1567          *     LDST -> T
1568          *     If (T == 1) R0 -> (Rn)
1569          *     0 -> LDST
1570          *
1571          * The above description doesn't work in a parallel context.
1572          * Since we currently support no smp boards, this implies user-mode.
1573          * But we can still support the official mechanism while user-mode
1574          * is single-threaded.  */
1575         CHECK_SH4A
1576         {
1577             TCGLabel *fail = gen_new_label();
1578             TCGLabel *done = gen_new_label();
1579 
1580             if ((tb_cflags(ctx->base.tb) & CF_PARALLEL)) {
1581                 TCGv tmp;
1582 
1583                 tcg_gen_brcond_i32(TCG_COND_NE, REG(B11_8),
1584                                    cpu_lock_addr, fail);
1585                 tmp = tcg_temp_new();
1586                 tcg_gen_atomic_cmpxchg_i32(tmp, REG(B11_8), cpu_lock_value,
1587                                            REG(0), ctx->memidx, MO_TEUL);
1588                 tcg_gen_setcond_i32(TCG_COND_EQ, cpu_sr_t, tmp, cpu_lock_value);
1589                 tcg_temp_free(tmp);
1590             } else {
1591                 tcg_gen_brcondi_i32(TCG_COND_EQ, cpu_lock_addr, -1, fail);
1592                 tcg_gen_qemu_st_i32(REG(0), REG(B11_8), ctx->memidx, MO_TEUL);
1593                 tcg_gen_movi_i32(cpu_sr_t, 1);
1594             }
1595             tcg_gen_br(done);
1596 
1597             gen_set_label(fail);
1598             tcg_gen_movi_i32(cpu_sr_t, 0);
1599 
1600             gen_set_label(done);
1601             tcg_gen_movi_i32(cpu_lock_addr, -1);
1602         }
1603         return;
1604     case 0x0063:
1605         /* MOVLI.L @Rm,R0
1606          *     1 -> LDST
1607          *     (Rm) -> R0
1608          *     When interrupt/exception
1609          *     occurred 0 -> LDST
1610          *
1611          * In a parallel context, we must also save the loaded value
1612          * for use with the cmpxchg that we'll use with movco.l.  */
1613         CHECK_SH4A
1614         if ((tb_cflags(ctx->base.tb) & CF_PARALLEL)) {
1615             TCGv tmp = tcg_temp_new();
1616             tcg_gen_mov_i32(tmp, REG(B11_8));
1617             tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx, MO_TESL);
1618             tcg_gen_mov_i32(cpu_lock_value, REG(0));
1619             tcg_gen_mov_i32(cpu_lock_addr, tmp);
1620             tcg_temp_free(tmp);
1621         } else {
1622             tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx, MO_TESL);
1623             tcg_gen_movi_i32(cpu_lock_addr, 0);
1624         }
1625         return;
1626     case 0x0093:		/* ocbi @Rn */
1627 	{
1628             gen_helper_ocbi(cpu_env, REG(B11_8));
1629 	}
1630 	return;
1631     case 0x00a3:		/* ocbp @Rn */
1632     case 0x00b3:		/* ocbwb @Rn */
1633         /* These instructions are supposed to do nothing in case of
1634            a cache miss. Given that we only partially emulate caches
1635            it is safe to simply ignore them. */
1636 	return;
1637     case 0x0083:		/* pref @Rn */
1638 	return;
1639     case 0x00d3:		/* prefi @Rn */
1640         CHECK_SH4A
1641         return;
1642     case 0x00e3:		/* icbi @Rn */
1643         CHECK_SH4A
1644         return;
1645     case 0x00ab:		/* synco */
1646         CHECK_SH4A
1647         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
1648         return;
1649     case 0x4024:		/* rotcl Rn */
1650 	{
1651 	    TCGv tmp = tcg_temp_new();
1652             tcg_gen_mov_i32(tmp, cpu_sr_t);
1653             tcg_gen_shri_i32(cpu_sr_t, REG(B11_8), 31);
1654 	    tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 1);
1655             tcg_gen_or_i32(REG(B11_8), REG(B11_8), tmp);
1656 	    tcg_temp_free(tmp);
1657 	}
1658 	return;
1659     case 0x4025:		/* rotcr Rn */
1660 	{
1661 	    TCGv tmp = tcg_temp_new();
1662             tcg_gen_shli_i32(tmp, cpu_sr_t, 31);
1663             tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 1);
1664 	    tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 1);
1665             tcg_gen_or_i32(REG(B11_8), REG(B11_8), tmp);
1666 	    tcg_temp_free(tmp);
1667 	}
1668 	return;
1669     case 0x4004:		/* rotl Rn */
1670 	tcg_gen_rotli_i32(REG(B11_8), REG(B11_8), 1);
1671         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 0);
1672 	return;
1673     case 0x4005:		/* rotr Rn */
1674         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 0);
1675 	tcg_gen_rotri_i32(REG(B11_8), REG(B11_8), 1);
1676 	return;
1677     case 0x4000:		/* shll Rn */
1678     case 0x4020:		/* shal Rn */
1679         tcg_gen_shri_i32(cpu_sr_t, REG(B11_8), 31);
1680 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 1);
1681 	return;
1682     case 0x4021:		/* shar Rn */
1683         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 1);
1684 	tcg_gen_sari_i32(REG(B11_8), REG(B11_8), 1);
1685 	return;
1686     case 0x4001:		/* shlr Rn */
1687         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 1);
1688 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 1);
1689 	return;
1690     case 0x4008:		/* shll2 Rn */
1691 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 2);
1692 	return;
1693     case 0x4018:		/* shll8 Rn */
1694 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 8);
1695 	return;
1696     case 0x4028:		/* shll16 Rn */
1697 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 16);
1698 	return;
1699     case 0x4009:		/* shlr2 Rn */
1700 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 2);
1701 	return;
1702     case 0x4019:		/* shlr8 Rn */
1703 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 8);
1704 	return;
1705     case 0x4029:		/* shlr16 Rn */
1706 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 16);
1707 	return;
1708     case 0x401b:		/* tas.b @Rn */
1709         {
1710             TCGv val = tcg_const_i32(0x80);
1711             tcg_gen_atomic_fetch_or_i32(val, REG(B11_8), val,
1712                                         ctx->memidx, MO_UB);
1713             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
1714             tcg_temp_free(val);
1715         }
1716         return;
1717     case 0xf00d: /* fsts FPUL,FRn - FPSCR: Nothing */
1718 	CHECK_FPU_ENABLED
1719         tcg_gen_mov_i32(FREG(B11_8), cpu_fpul);
1720 	return;
1721     case 0xf01d: /* flds FRm,FPUL - FPSCR: Nothing */
1722 	CHECK_FPU_ENABLED
1723         tcg_gen_mov_i32(cpu_fpul, FREG(B11_8));
1724 	return;
1725     case 0xf02d: /* float FPUL,FRn/DRn - FPSCR: R[PR,Enable.I]/W[Cause,Flag] */
1726 	CHECK_FPU_ENABLED
1727         if (ctx->tbflags & FPSCR_PR) {
1728 	    TCGv_i64 fp;
1729             if (ctx->opcode & 0x0100) {
1730                 goto do_illegal;
1731             }
1732 	    fp = tcg_temp_new_i64();
1733             gen_helper_float_DT(fp, cpu_env, cpu_fpul);
1734             gen_store_fpr64(ctx, fp, B11_8);
1735 	    tcg_temp_free_i64(fp);
1736 	}
1737 	else {
1738             gen_helper_float_FT(FREG(B11_8), cpu_env, cpu_fpul);
1739 	}
1740 	return;
1741     case 0xf03d: /* ftrc FRm/DRm,FPUL - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
1742 	CHECK_FPU_ENABLED
1743         if (ctx->tbflags & FPSCR_PR) {
1744 	    TCGv_i64 fp;
1745             if (ctx->opcode & 0x0100) {
1746                 goto do_illegal;
1747             }
1748 	    fp = tcg_temp_new_i64();
1749             gen_load_fpr64(ctx, fp, B11_8);
1750             gen_helper_ftrc_DT(cpu_fpul, cpu_env, fp);
1751 	    tcg_temp_free_i64(fp);
1752 	}
1753 	else {
1754             gen_helper_ftrc_FT(cpu_fpul, cpu_env, FREG(B11_8));
1755 	}
1756 	return;
1757     case 0xf04d: /* fneg FRn/DRn - FPSCR: Nothing */
1758 	CHECK_FPU_ENABLED
1759         tcg_gen_xori_i32(FREG(B11_8), FREG(B11_8), 0x80000000);
1760 	return;
1761     case 0xf05d: /* fabs FRn/DRn - FPCSR: Nothing */
1762 	CHECK_FPU_ENABLED
1763         tcg_gen_andi_i32(FREG(B11_8), FREG(B11_8), 0x7fffffff);
1764 	return;
1765     case 0xf06d: /* fsqrt FRn */
1766 	CHECK_FPU_ENABLED
1767         if (ctx->tbflags & FPSCR_PR) {
1768             if (ctx->opcode & 0x0100) {
1769                 goto do_illegal;
1770             }
1771 	    TCGv_i64 fp = tcg_temp_new_i64();
1772             gen_load_fpr64(ctx, fp, B11_8);
1773             gen_helper_fsqrt_DT(fp, cpu_env, fp);
1774             gen_store_fpr64(ctx, fp, B11_8);
1775 	    tcg_temp_free_i64(fp);
1776 	} else {
1777             gen_helper_fsqrt_FT(FREG(B11_8), cpu_env, FREG(B11_8));
1778 	}
1779 	return;
1780     case 0xf07d: /* fsrra FRn */
1781 	CHECK_FPU_ENABLED
1782         CHECK_FPSCR_PR_0
1783         gen_helper_fsrra_FT(FREG(B11_8), cpu_env, FREG(B11_8));
1784 	break;
1785     case 0xf08d: /* fldi0 FRn - FPSCR: R[PR] */
1786 	CHECK_FPU_ENABLED
1787         CHECK_FPSCR_PR_0
1788         tcg_gen_movi_i32(FREG(B11_8), 0);
1789         return;
1790     case 0xf09d: /* fldi1 FRn - FPSCR: R[PR] */
1791 	CHECK_FPU_ENABLED
1792         CHECK_FPSCR_PR_0
1793         tcg_gen_movi_i32(FREG(B11_8), 0x3f800000);
1794         return;
1795     case 0xf0ad: /* fcnvsd FPUL,DRn */
1796 	CHECK_FPU_ENABLED
1797 	{
1798 	    TCGv_i64 fp = tcg_temp_new_i64();
1799             gen_helper_fcnvsd_FT_DT(fp, cpu_env, cpu_fpul);
1800             gen_store_fpr64(ctx, fp, B11_8);
1801 	    tcg_temp_free_i64(fp);
1802 	}
1803 	return;
1804     case 0xf0bd: /* fcnvds DRn,FPUL */
1805 	CHECK_FPU_ENABLED
1806 	{
1807 	    TCGv_i64 fp = tcg_temp_new_i64();
1808             gen_load_fpr64(ctx, fp, B11_8);
1809             gen_helper_fcnvds_DT_FT(cpu_fpul, cpu_env, fp);
1810 	    tcg_temp_free_i64(fp);
1811 	}
1812 	return;
1813     case 0xf0ed: /* fipr FVm,FVn */
1814         CHECK_FPU_ENABLED
1815         CHECK_FPSCR_PR_1
1816         {
1817             TCGv m = tcg_const_i32((ctx->opcode >> 8) & 3);
1818             TCGv n = tcg_const_i32((ctx->opcode >> 10) & 3);
1819             gen_helper_fipr(cpu_env, m, n);
1820             tcg_temp_free(m);
1821             tcg_temp_free(n);
1822             return;
1823         }
1824         break;
1825     case 0xf0fd: /* ftrv XMTRX,FVn */
1826         CHECK_FPU_ENABLED
1827         CHECK_FPSCR_PR_1
1828         {
1829             if ((ctx->opcode & 0x0300) != 0x0100) {
1830                 goto do_illegal;
1831             }
1832             TCGv n = tcg_const_i32((ctx->opcode >> 10) & 3);
1833             gen_helper_ftrv(cpu_env, n);
1834             tcg_temp_free(n);
1835             return;
1836         }
1837         break;
1838     }
1839 #if 0
1840     fprintf(stderr, "unknown instruction 0x%04x at pc 0x%08x\n",
1841             ctx->opcode, ctx->base.pc_next);
1842     fflush(stderr);
1843 #endif
1844  do_illegal:
1845     if (ctx->envflags & TB_FLAG_DELAY_SLOT_MASK) {
1846  do_illegal_slot:
1847         gen_save_cpu_state(ctx, true);
1848         gen_helper_raise_slot_illegal_instruction(cpu_env);
1849     } else {
1850         gen_save_cpu_state(ctx, true);
1851         gen_helper_raise_illegal_instruction(cpu_env);
1852     }
1853     ctx->base.is_jmp = DISAS_NORETURN;
1854     return;
1855 
1856  do_fpu_disabled:
1857     gen_save_cpu_state(ctx, true);
1858     if (ctx->envflags & TB_FLAG_DELAY_SLOT_MASK) {
1859         gen_helper_raise_slot_fpu_disable(cpu_env);
1860     } else {
1861         gen_helper_raise_fpu_disable(cpu_env);
1862     }
1863     ctx->base.is_jmp = DISAS_NORETURN;
1864     return;
1865 }
1866 
1867 static void decode_opc(DisasContext * ctx)
1868 {
1869     uint32_t old_flags = ctx->envflags;
1870 
1871     _decode_opc(ctx);
1872 
1873     if (old_flags & TB_FLAG_DELAY_SLOT_MASK) {
1874         /* go out of the delay slot */
1875         ctx->envflags &= ~TB_FLAG_DELAY_SLOT_MASK;
1876 
1877         /* When in an exclusive region, we must continue to the end
1878            for conditional branches.  */
1879         if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE
1880             && old_flags & TB_FLAG_DELAY_SLOT_COND) {
1881             gen_delayed_conditional_jump(ctx);
1882             return;
1883         }
1884         /* Otherwise this is probably an invalid gUSA region.
1885            Drop the GUSA bits so the next TB doesn't see them.  */
1886         ctx->envflags &= ~TB_FLAG_GUSA_MASK;
1887 
1888         tcg_gen_movi_i32(cpu_flags, ctx->envflags);
1889         if (old_flags & TB_FLAG_DELAY_SLOT_COND) {
1890 	    gen_delayed_conditional_jump(ctx);
1891         } else {
1892             gen_jump(ctx);
1893 	}
1894     }
1895 }
1896 
1897 #ifdef CONFIG_USER_ONLY
1898 /* For uniprocessors, SH4 uses optimistic restartable atomic sequences.
1899    Upon an interrupt, a real kernel would simply notice magic values in
1900    the registers and reset the PC to the start of the sequence.
1901 
1902    For QEMU, we cannot do this in quite the same way.  Instead, we notice
1903    the normal start of such a sequence (mov #-x,r15).  While we can handle
1904    any sequence via cpu_exec_step_atomic, we can recognize the "normal"
1905    sequences and transform them into atomic operations as seen by the host.
1906 */
1907 static void decode_gusa(DisasContext *ctx, CPUSH4State *env)
1908 {
1909     uint16_t insns[5];
1910     int ld_adr, ld_dst, ld_mop;
1911     int op_dst, op_src, op_opc;
1912     int mv_src, mt_dst, st_src, st_mop;
1913     TCGv op_arg;
1914     uint32_t pc = ctx->base.pc_next;
1915     uint32_t pc_end = ctx->base.tb->cs_base;
1916     int max_insns = (pc_end - pc) / 2;
1917     int i;
1918 
1919     /* The state machine below will consume only a few insns.
1920        If there are more than that in a region, fail now.  */
1921     if (max_insns > ARRAY_SIZE(insns)) {
1922         goto fail;
1923     }
1924 
1925     /* Read all of the insns for the region.  */
1926     for (i = 0; i < max_insns; ++i) {
1927         insns[i] = translator_lduw(env, &ctx->base, pc + i * 2);
1928     }
1929 
1930     ld_adr = ld_dst = ld_mop = -1;
1931     mv_src = -1;
1932     op_dst = op_src = op_opc = -1;
1933     mt_dst = -1;
1934     st_src = st_mop = -1;
1935     op_arg = NULL;
1936     i = 0;
1937 
1938 #define NEXT_INSN \
1939     do { if (i >= max_insns) goto fail; ctx->opcode = insns[i++]; } while (0)
1940 
1941     /*
1942      * Expect a load to begin the region.
1943      */
1944     NEXT_INSN;
1945     switch (ctx->opcode & 0xf00f) {
1946     case 0x6000: /* mov.b @Rm,Rn */
1947         ld_mop = MO_SB;
1948         break;
1949     case 0x6001: /* mov.w @Rm,Rn */
1950         ld_mop = MO_TESW;
1951         break;
1952     case 0x6002: /* mov.l @Rm,Rn */
1953         ld_mop = MO_TESL;
1954         break;
1955     default:
1956         goto fail;
1957     }
1958     ld_adr = B7_4;
1959     ld_dst = B11_8;
1960     if (ld_adr == ld_dst) {
1961         goto fail;
1962     }
1963     /* Unless we see a mov, any two-operand operation must use ld_dst.  */
1964     op_dst = ld_dst;
1965 
1966     /*
1967      * Expect an optional register move.
1968      */
1969     NEXT_INSN;
1970     switch (ctx->opcode & 0xf00f) {
1971     case 0x6003: /* mov Rm,Rn */
1972         /*
1973          * Here we want to recognize ld_dst being saved for later consumption,
1974          * or for another input register being copied so that ld_dst need not
1975          * be clobbered during the operation.
1976          */
1977         op_dst = B11_8;
1978         mv_src = B7_4;
1979         if (op_dst == ld_dst) {
1980             /* Overwriting the load output.  */
1981             goto fail;
1982         }
1983         if (mv_src != ld_dst) {
1984             /* Copying a new input; constrain op_src to match the load.  */
1985             op_src = ld_dst;
1986         }
1987         break;
1988 
1989     default:
1990         /* Put back and re-examine as operation.  */
1991         --i;
1992     }
1993 
1994     /*
1995      * Expect the operation.
1996      */
1997     NEXT_INSN;
1998     switch (ctx->opcode & 0xf00f) {
1999     case 0x300c: /* add Rm,Rn */
2000         op_opc = INDEX_op_add_i32;
2001         goto do_reg_op;
2002     case 0x2009: /* and Rm,Rn */
2003         op_opc = INDEX_op_and_i32;
2004         goto do_reg_op;
2005     case 0x200a: /* xor Rm,Rn */
2006         op_opc = INDEX_op_xor_i32;
2007         goto do_reg_op;
2008     case 0x200b: /* or Rm,Rn */
2009         op_opc = INDEX_op_or_i32;
2010     do_reg_op:
2011         /* The operation register should be as expected, and the
2012            other input cannot depend on the load.  */
2013         if (op_dst != B11_8) {
2014             goto fail;
2015         }
2016         if (op_src < 0) {
2017             /* Unconstrainted input.  */
2018             op_src = B7_4;
2019         } else if (op_src == B7_4) {
2020             /* Constrained input matched load.  All operations are
2021                commutative; "swap" them by "moving" the load output
2022                to the (implicit) first argument and the move source
2023                to the (explicit) second argument.  */
2024             op_src = mv_src;
2025         } else {
2026             goto fail;
2027         }
2028         op_arg = REG(op_src);
2029         break;
2030 
2031     case 0x6007: /* not Rm,Rn */
2032         if (ld_dst != B7_4 || mv_src >= 0) {
2033             goto fail;
2034         }
2035         op_dst = B11_8;
2036         op_opc = INDEX_op_xor_i32;
2037         op_arg = tcg_const_i32(-1);
2038         break;
2039 
2040     case 0x7000 ... 0x700f: /* add #imm,Rn */
2041         if (op_dst != B11_8 || mv_src >= 0) {
2042             goto fail;
2043         }
2044         op_opc = INDEX_op_add_i32;
2045         op_arg = tcg_const_i32(B7_0s);
2046         break;
2047 
2048     case 0x3000: /* cmp/eq Rm,Rn */
2049         /* Looking for the middle of a compare-and-swap sequence,
2050            beginning with the compare.  Operands can be either order,
2051            but with only one overlapping the load.  */
2052         if ((ld_dst == B11_8) + (ld_dst == B7_4) != 1 || mv_src >= 0) {
2053             goto fail;
2054         }
2055         op_opc = INDEX_op_setcond_i32;  /* placeholder */
2056         op_src = (ld_dst == B11_8 ? B7_4 : B11_8);
2057         op_arg = REG(op_src);
2058 
2059         NEXT_INSN;
2060         switch (ctx->opcode & 0xff00) {
2061         case 0x8b00: /* bf label */
2062         case 0x8f00: /* bf/s label */
2063             if (pc + (i + 1 + B7_0s) * 2 != pc_end) {
2064                 goto fail;
2065             }
2066             if ((ctx->opcode & 0xff00) == 0x8b00) { /* bf label */
2067                 break;
2068             }
2069             /* We're looking to unconditionally modify Rn with the
2070                result of the comparison, within the delay slot of
2071                the branch.  This is used by older gcc.  */
2072             NEXT_INSN;
2073             if ((ctx->opcode & 0xf0ff) == 0x0029) { /* movt Rn */
2074                 mt_dst = B11_8;
2075             } else {
2076                 goto fail;
2077             }
2078             break;
2079 
2080         default:
2081             goto fail;
2082         }
2083         break;
2084 
2085     case 0x2008: /* tst Rm,Rn */
2086         /* Looking for a compare-and-swap against zero.  */
2087         if (ld_dst != B11_8 || ld_dst != B7_4 || mv_src >= 0) {
2088             goto fail;
2089         }
2090         op_opc = INDEX_op_setcond_i32;
2091         op_arg = tcg_const_i32(0);
2092 
2093         NEXT_INSN;
2094         if ((ctx->opcode & 0xff00) != 0x8900 /* bt label */
2095             || pc + (i + 1 + B7_0s) * 2 != pc_end) {
2096             goto fail;
2097         }
2098         break;
2099 
2100     default:
2101         /* Put back and re-examine as store.  */
2102         --i;
2103     }
2104 
2105     /*
2106      * Expect the store.
2107      */
2108     /* The store must be the last insn.  */
2109     if (i != max_insns - 1) {
2110         goto fail;
2111     }
2112     NEXT_INSN;
2113     switch (ctx->opcode & 0xf00f) {
2114     case 0x2000: /* mov.b Rm,@Rn */
2115         st_mop = MO_UB;
2116         break;
2117     case 0x2001: /* mov.w Rm,@Rn */
2118         st_mop = MO_UW;
2119         break;
2120     case 0x2002: /* mov.l Rm,@Rn */
2121         st_mop = MO_UL;
2122         break;
2123     default:
2124         goto fail;
2125     }
2126     /* The store must match the load.  */
2127     if (ld_adr != B11_8 || st_mop != (ld_mop & MO_SIZE)) {
2128         goto fail;
2129     }
2130     st_src = B7_4;
2131 
2132 #undef NEXT_INSN
2133 
2134     /*
2135      * Emit the operation.
2136      */
2137     switch (op_opc) {
2138     case -1:
2139         /* No operation found.  Look for exchange pattern.  */
2140         if (st_src == ld_dst || mv_src >= 0) {
2141             goto fail;
2142         }
2143         tcg_gen_atomic_xchg_i32(REG(ld_dst), REG(ld_adr), REG(st_src),
2144                                 ctx->memidx, ld_mop);
2145         break;
2146 
2147     case INDEX_op_add_i32:
2148         if (op_dst != st_src) {
2149             goto fail;
2150         }
2151         if (op_dst == ld_dst && st_mop == MO_UL) {
2152             tcg_gen_atomic_add_fetch_i32(REG(ld_dst), REG(ld_adr),
2153                                          op_arg, ctx->memidx, ld_mop);
2154         } else {
2155             tcg_gen_atomic_fetch_add_i32(REG(ld_dst), REG(ld_adr),
2156                                          op_arg, ctx->memidx, ld_mop);
2157             if (op_dst != ld_dst) {
2158                 /* Note that mop sizes < 4 cannot use add_fetch
2159                    because it won't carry into the higher bits.  */
2160                 tcg_gen_add_i32(REG(op_dst), REG(ld_dst), op_arg);
2161             }
2162         }
2163         break;
2164 
2165     case INDEX_op_and_i32:
2166         if (op_dst != st_src) {
2167             goto fail;
2168         }
2169         if (op_dst == ld_dst) {
2170             tcg_gen_atomic_and_fetch_i32(REG(ld_dst), REG(ld_adr),
2171                                          op_arg, ctx->memidx, ld_mop);
2172         } else {
2173             tcg_gen_atomic_fetch_and_i32(REG(ld_dst), REG(ld_adr),
2174                                          op_arg, ctx->memidx, ld_mop);
2175             tcg_gen_and_i32(REG(op_dst), REG(ld_dst), op_arg);
2176         }
2177         break;
2178 
2179     case INDEX_op_or_i32:
2180         if (op_dst != st_src) {
2181             goto fail;
2182         }
2183         if (op_dst == ld_dst) {
2184             tcg_gen_atomic_or_fetch_i32(REG(ld_dst), REG(ld_adr),
2185                                         op_arg, ctx->memidx, ld_mop);
2186         } else {
2187             tcg_gen_atomic_fetch_or_i32(REG(ld_dst), REG(ld_adr),
2188                                         op_arg, ctx->memidx, ld_mop);
2189             tcg_gen_or_i32(REG(op_dst), REG(ld_dst), op_arg);
2190         }
2191         break;
2192 
2193     case INDEX_op_xor_i32:
2194         if (op_dst != st_src) {
2195             goto fail;
2196         }
2197         if (op_dst == ld_dst) {
2198             tcg_gen_atomic_xor_fetch_i32(REG(ld_dst), REG(ld_adr),
2199                                          op_arg, ctx->memidx, ld_mop);
2200         } else {
2201             tcg_gen_atomic_fetch_xor_i32(REG(ld_dst), REG(ld_adr),
2202                                          op_arg, ctx->memidx, ld_mop);
2203             tcg_gen_xor_i32(REG(op_dst), REG(ld_dst), op_arg);
2204         }
2205         break;
2206 
2207     case INDEX_op_setcond_i32:
2208         if (st_src == ld_dst) {
2209             goto fail;
2210         }
2211         tcg_gen_atomic_cmpxchg_i32(REG(ld_dst), REG(ld_adr), op_arg,
2212                                    REG(st_src), ctx->memidx, ld_mop);
2213         tcg_gen_setcond_i32(TCG_COND_EQ, cpu_sr_t, REG(ld_dst), op_arg);
2214         if (mt_dst >= 0) {
2215             tcg_gen_mov_i32(REG(mt_dst), cpu_sr_t);
2216         }
2217         break;
2218 
2219     default:
2220         g_assert_not_reached();
2221     }
2222 
2223     /* If op_src is not a valid register, then op_arg was a constant.  */
2224     if (op_src < 0 && op_arg) {
2225         tcg_temp_free_i32(op_arg);
2226     }
2227 
2228     /* The entire region has been translated.  */
2229     ctx->envflags &= ~TB_FLAG_GUSA_MASK;
2230     ctx->base.pc_next = pc_end;
2231     ctx->base.num_insns += max_insns - 1;
2232     return;
2233 
2234  fail:
2235     qemu_log_mask(LOG_UNIMP, "Unrecognized gUSA sequence %08x-%08x\n",
2236                   pc, pc_end);
2237 
2238     /* Restart with the EXCLUSIVE bit set, within a TB run via
2239        cpu_exec_step_atomic holding the exclusive lock.  */
2240     ctx->envflags |= TB_FLAG_GUSA_EXCLUSIVE;
2241     gen_save_cpu_state(ctx, false);
2242     gen_helper_exclusive(cpu_env);
2243     ctx->base.is_jmp = DISAS_NORETURN;
2244 
2245     /* We're not executing an instruction, but we must report one for the
2246        purposes of accounting within the TB.  We might as well report the
2247        entire region consumed via ctx->base.pc_next so that it's immediately
2248        available in the disassembly dump.  */
2249     ctx->base.pc_next = pc_end;
2250     ctx->base.num_insns += max_insns - 1;
2251 }
2252 #endif
2253 
2254 static void sh4_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
2255 {
2256     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2257     CPUSH4State *env = cs->env_ptr;
2258     uint32_t tbflags;
2259     int bound;
2260 
2261     ctx->tbflags = tbflags = ctx->base.tb->flags;
2262     ctx->envflags = tbflags & TB_FLAG_ENVFLAGS_MASK;
2263     ctx->memidx = (tbflags & (1u << SR_MD)) == 0 ? 1 : 0;
2264     /* We don't know if the delayed pc came from a dynamic or static branch,
2265        so assume it is a dynamic branch.  */
2266     ctx->delayed_pc = -1; /* use delayed pc from env pointer */
2267     ctx->features = env->features;
2268     ctx->has_movcal = (tbflags & TB_FLAG_PENDING_MOVCA);
2269     ctx->gbank = ((tbflags & (1 << SR_MD)) &&
2270                   (tbflags & (1 << SR_RB))) * 0x10;
2271     ctx->fbank = tbflags & FPSCR_FR ? 0x10 : 0;
2272 
2273 #ifdef CONFIG_USER_ONLY
2274     if (tbflags & TB_FLAG_GUSA_MASK) {
2275         /* In gUSA exclusive region. */
2276         uint32_t pc = ctx->base.pc_next;
2277         uint32_t pc_end = ctx->base.tb->cs_base;
2278         int backup = sextract32(ctx->tbflags, TB_FLAG_GUSA_SHIFT, 8);
2279         int max_insns = (pc_end - pc) / 2;
2280 
2281         if (pc != pc_end + backup || max_insns < 2) {
2282             /* This is a malformed gUSA region.  Don't do anything special,
2283                since the interpreter is likely to get confused.  */
2284             ctx->envflags &= ~TB_FLAG_GUSA_MASK;
2285         } else if (tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
2286             /* Regardless of single-stepping or the end of the page,
2287                we must complete execution of the gUSA region while
2288                holding the exclusive lock.  */
2289             ctx->base.max_insns = max_insns;
2290             return;
2291         }
2292     }
2293 #endif
2294 
2295     /* Since the ISA is fixed-width, we can bound by the number
2296        of instructions remaining on the page.  */
2297     bound = -(ctx->base.pc_next | TARGET_PAGE_MASK) / 2;
2298     ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
2299 }
2300 
2301 static void sh4_tr_tb_start(DisasContextBase *dcbase, CPUState *cs)
2302 {
2303 }
2304 
2305 static void sh4_tr_insn_start(DisasContextBase *dcbase, CPUState *cs)
2306 {
2307     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2308 
2309     tcg_gen_insn_start(ctx->base.pc_next, ctx->envflags);
2310 }
2311 
2312 static void sh4_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs)
2313 {
2314     CPUSH4State *env = cs->env_ptr;
2315     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2316 
2317 #ifdef CONFIG_USER_ONLY
2318     if (unlikely(ctx->envflags & TB_FLAG_GUSA_MASK)
2319         && !(ctx->envflags & TB_FLAG_GUSA_EXCLUSIVE)) {
2320         /* We're in an gUSA region, and we have not already fallen
2321            back on using an exclusive region.  Attempt to parse the
2322            region into a single supported atomic operation.  Failure
2323            is handled within the parser by raising an exception to
2324            retry using an exclusive region.  */
2325         decode_gusa(ctx, env);
2326         return;
2327     }
2328 #endif
2329 
2330     ctx->opcode = translator_lduw(env, &ctx->base, ctx->base.pc_next);
2331     decode_opc(ctx);
2332     ctx->base.pc_next += 2;
2333 }
2334 
2335 static void sh4_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
2336 {
2337     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2338 
2339     if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
2340         /* Ending the region of exclusivity.  Clear the bits.  */
2341         ctx->envflags &= ~TB_FLAG_GUSA_MASK;
2342     }
2343 
2344     switch (ctx->base.is_jmp) {
2345     case DISAS_STOP:
2346         gen_save_cpu_state(ctx, true);
2347         tcg_gen_exit_tb(NULL, 0);
2348         break;
2349     case DISAS_NEXT:
2350     case DISAS_TOO_MANY:
2351         gen_save_cpu_state(ctx, false);
2352         gen_goto_tb(ctx, 0, ctx->base.pc_next);
2353         break;
2354     case DISAS_NORETURN:
2355         break;
2356     default:
2357         g_assert_not_reached();
2358     }
2359 }
2360 
2361 static void sh4_tr_disas_log(const DisasContextBase *dcbase,
2362                              CPUState *cs, FILE *logfile)
2363 {
2364     fprintf(logfile, "IN: %s\n", lookup_symbol(dcbase->pc_first));
2365     target_disas(logfile, cs, dcbase->pc_first, dcbase->tb->size);
2366 }
2367 
2368 static const TranslatorOps sh4_tr_ops = {
2369     .init_disas_context = sh4_tr_init_disas_context,
2370     .tb_start           = sh4_tr_tb_start,
2371     .insn_start         = sh4_tr_insn_start,
2372     .translate_insn     = sh4_tr_translate_insn,
2373     .tb_stop            = sh4_tr_tb_stop,
2374     .disas_log          = sh4_tr_disas_log,
2375 };
2376 
2377 void gen_intermediate_code(CPUState *cs, TranslationBlock *tb, int max_insns,
2378                            target_ulong pc, void *host_pc)
2379 {
2380     DisasContext ctx;
2381 
2382     translator_loop(cs, tb, max_insns, pc, host_pc, &sh4_tr_ops, &ctx.base);
2383 }
2384 
2385 void restore_state_to_opc(CPUSH4State *env, TranslationBlock *tb,
2386                           target_ulong *data)
2387 {
2388     env->pc = data[0];
2389     env->flags = data[1];
2390     /* Theoretically delayed_pc should also be restored. In practice the
2391        branch instruction is re-executed after exception, so the delayed
2392        branch target will be recomputed. */
2393 }
2394