xref: /openbmc/qemu/target/sh4/translate.c (revision c55c9744)
1 /*
2  *  SH4 translation
3  *
4  *  Copyright (c) 2005 Samuel Tardieu
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #define DEBUG_DISAS
21 
22 #include "qemu/osdep.h"
23 #include "cpu.h"
24 #include "disas/disas.h"
25 #include "exec/exec-all.h"
26 #include "tcg-op.h"
27 #include "exec/cpu_ldst.h"
28 #include "exec/helper-proto.h"
29 #include "exec/helper-gen.h"
30 #include "exec/translator.h"
31 #include "trace-tcg.h"
32 #include "exec/log.h"
33 #include "qemu/qemu-print.h"
34 
35 
36 typedef struct DisasContext {
37     DisasContextBase base;
38 
39     uint32_t tbflags;  /* should stay unmodified during the TB translation */
40     uint32_t envflags; /* should stay in sync with env->flags using TCG ops */
41     int memidx;
42     int gbank;
43     int fbank;
44     uint32_t delayed_pc;
45     uint32_t features;
46 
47     uint16_t opcode;
48 
49     bool has_movcal;
50 } DisasContext;
51 
52 #if defined(CONFIG_USER_ONLY)
53 #define IS_USER(ctx) 1
54 #else
55 #define IS_USER(ctx) (!(ctx->tbflags & (1u << SR_MD)))
56 #endif
57 
58 /* Target-specific values for ctx->base.is_jmp.  */
59 /* We want to exit back to the cpu loop for some reason.
60    Usually this is to recognize interrupts immediately.  */
61 #define DISAS_STOP    DISAS_TARGET_0
62 
63 /* global register indexes */
64 static TCGv cpu_gregs[32];
65 static TCGv cpu_sr, cpu_sr_m, cpu_sr_q, cpu_sr_t;
66 static TCGv cpu_pc, cpu_ssr, cpu_spc, cpu_gbr;
67 static TCGv cpu_vbr, cpu_sgr, cpu_dbr, cpu_mach, cpu_macl;
68 static TCGv cpu_pr, cpu_fpscr, cpu_fpul;
69 static TCGv cpu_lock_addr, cpu_lock_value;
70 static TCGv cpu_fregs[32];
71 
72 /* internal register indexes */
73 static TCGv cpu_flags, cpu_delayed_pc, cpu_delayed_cond;
74 
75 #include "exec/gen-icount.h"
76 
77 void sh4_translate_init(void)
78 {
79     int i;
80     static const char * const gregnames[24] = {
81         "R0_BANK0", "R1_BANK0", "R2_BANK0", "R3_BANK0",
82         "R4_BANK0", "R5_BANK0", "R6_BANK0", "R7_BANK0",
83         "R8", "R9", "R10", "R11", "R12", "R13", "R14", "R15",
84         "R0_BANK1", "R1_BANK1", "R2_BANK1", "R3_BANK1",
85         "R4_BANK1", "R5_BANK1", "R6_BANK1", "R7_BANK1"
86     };
87     static const char * const fregnames[32] = {
88          "FPR0_BANK0",  "FPR1_BANK0",  "FPR2_BANK0",  "FPR3_BANK0",
89          "FPR4_BANK0",  "FPR5_BANK0",  "FPR6_BANK0",  "FPR7_BANK0",
90          "FPR8_BANK0",  "FPR9_BANK0", "FPR10_BANK0", "FPR11_BANK0",
91         "FPR12_BANK0", "FPR13_BANK0", "FPR14_BANK0", "FPR15_BANK0",
92          "FPR0_BANK1",  "FPR1_BANK1",  "FPR2_BANK1",  "FPR3_BANK1",
93          "FPR4_BANK1",  "FPR5_BANK1",  "FPR6_BANK1",  "FPR7_BANK1",
94          "FPR8_BANK1",  "FPR9_BANK1", "FPR10_BANK1", "FPR11_BANK1",
95         "FPR12_BANK1", "FPR13_BANK1", "FPR14_BANK1", "FPR15_BANK1",
96     };
97 
98     for (i = 0; i < 24; i++) {
99         cpu_gregs[i] = tcg_global_mem_new_i32(cpu_env,
100                                               offsetof(CPUSH4State, gregs[i]),
101                                               gregnames[i]);
102     }
103     memcpy(cpu_gregs + 24, cpu_gregs + 8, 8 * sizeof(TCGv));
104 
105     cpu_pc = tcg_global_mem_new_i32(cpu_env,
106                                     offsetof(CPUSH4State, pc), "PC");
107     cpu_sr = tcg_global_mem_new_i32(cpu_env,
108                                     offsetof(CPUSH4State, sr), "SR");
109     cpu_sr_m = tcg_global_mem_new_i32(cpu_env,
110                                       offsetof(CPUSH4State, sr_m), "SR_M");
111     cpu_sr_q = tcg_global_mem_new_i32(cpu_env,
112                                       offsetof(CPUSH4State, sr_q), "SR_Q");
113     cpu_sr_t = tcg_global_mem_new_i32(cpu_env,
114                                       offsetof(CPUSH4State, sr_t), "SR_T");
115     cpu_ssr = tcg_global_mem_new_i32(cpu_env,
116                                      offsetof(CPUSH4State, ssr), "SSR");
117     cpu_spc = tcg_global_mem_new_i32(cpu_env,
118                                      offsetof(CPUSH4State, spc), "SPC");
119     cpu_gbr = tcg_global_mem_new_i32(cpu_env,
120                                      offsetof(CPUSH4State, gbr), "GBR");
121     cpu_vbr = tcg_global_mem_new_i32(cpu_env,
122                                      offsetof(CPUSH4State, vbr), "VBR");
123     cpu_sgr = tcg_global_mem_new_i32(cpu_env,
124                                      offsetof(CPUSH4State, sgr), "SGR");
125     cpu_dbr = tcg_global_mem_new_i32(cpu_env,
126                                      offsetof(CPUSH4State, dbr), "DBR");
127     cpu_mach = tcg_global_mem_new_i32(cpu_env,
128                                       offsetof(CPUSH4State, mach), "MACH");
129     cpu_macl = tcg_global_mem_new_i32(cpu_env,
130                                       offsetof(CPUSH4State, macl), "MACL");
131     cpu_pr = tcg_global_mem_new_i32(cpu_env,
132                                     offsetof(CPUSH4State, pr), "PR");
133     cpu_fpscr = tcg_global_mem_new_i32(cpu_env,
134                                        offsetof(CPUSH4State, fpscr), "FPSCR");
135     cpu_fpul = tcg_global_mem_new_i32(cpu_env,
136                                       offsetof(CPUSH4State, fpul), "FPUL");
137 
138     cpu_flags = tcg_global_mem_new_i32(cpu_env,
139 				       offsetof(CPUSH4State, flags), "_flags_");
140     cpu_delayed_pc = tcg_global_mem_new_i32(cpu_env,
141 					    offsetof(CPUSH4State, delayed_pc),
142 					    "_delayed_pc_");
143     cpu_delayed_cond = tcg_global_mem_new_i32(cpu_env,
144                                               offsetof(CPUSH4State,
145                                                        delayed_cond),
146                                               "_delayed_cond_");
147     cpu_lock_addr = tcg_global_mem_new_i32(cpu_env,
148                                            offsetof(CPUSH4State, lock_addr),
149                                            "_lock_addr_");
150     cpu_lock_value = tcg_global_mem_new_i32(cpu_env,
151                                             offsetof(CPUSH4State, lock_value),
152                                             "_lock_value_");
153 
154     for (i = 0; i < 32; i++)
155         cpu_fregs[i] = tcg_global_mem_new_i32(cpu_env,
156                                               offsetof(CPUSH4State, fregs[i]),
157                                               fregnames[i]);
158 }
159 
160 void superh_cpu_dump_state(CPUState *cs, FILE *f, int flags)
161 {
162     SuperHCPU *cpu = SUPERH_CPU(cs);
163     CPUSH4State *env = &cpu->env;
164     int i;
165 
166     qemu_fprintf(f, "pc=0x%08x sr=0x%08x pr=0x%08x fpscr=0x%08x\n",
167                  env->pc, cpu_read_sr(env), env->pr, env->fpscr);
168     qemu_fprintf(f, "spc=0x%08x ssr=0x%08x gbr=0x%08x vbr=0x%08x\n",
169                  env->spc, env->ssr, env->gbr, env->vbr);
170     qemu_fprintf(f, "sgr=0x%08x dbr=0x%08x delayed_pc=0x%08x fpul=0x%08x\n",
171                  env->sgr, env->dbr, env->delayed_pc, env->fpul);
172     for (i = 0; i < 24; i += 4) {
173         qemu_printf("r%d=0x%08x r%d=0x%08x r%d=0x%08x r%d=0x%08x\n",
174 		    i, env->gregs[i], i + 1, env->gregs[i + 1],
175 		    i + 2, env->gregs[i + 2], i + 3, env->gregs[i + 3]);
176     }
177     if (env->flags & DELAY_SLOT) {
178         qemu_printf("in delay slot (delayed_pc=0x%08x)\n",
179 		    env->delayed_pc);
180     } else if (env->flags & DELAY_SLOT_CONDITIONAL) {
181         qemu_printf("in conditional delay slot (delayed_pc=0x%08x)\n",
182 		    env->delayed_pc);
183     } else if (env->flags & DELAY_SLOT_RTE) {
184         qemu_fprintf(f, "in rte delay slot (delayed_pc=0x%08x)\n",
185                      env->delayed_pc);
186     }
187 }
188 
189 static void gen_read_sr(TCGv dst)
190 {
191     TCGv t0 = tcg_temp_new();
192     tcg_gen_shli_i32(t0, cpu_sr_q, SR_Q);
193     tcg_gen_or_i32(dst, dst, t0);
194     tcg_gen_shli_i32(t0, cpu_sr_m, SR_M);
195     tcg_gen_or_i32(dst, dst, t0);
196     tcg_gen_shli_i32(t0, cpu_sr_t, SR_T);
197     tcg_gen_or_i32(dst, cpu_sr, t0);
198     tcg_temp_free_i32(t0);
199 }
200 
201 static void gen_write_sr(TCGv src)
202 {
203     tcg_gen_andi_i32(cpu_sr, src,
204                      ~((1u << SR_Q) | (1u << SR_M) | (1u << SR_T)));
205     tcg_gen_extract_i32(cpu_sr_q, src, SR_Q, 1);
206     tcg_gen_extract_i32(cpu_sr_m, src, SR_M, 1);
207     tcg_gen_extract_i32(cpu_sr_t, src, SR_T, 1);
208 }
209 
210 static inline void gen_save_cpu_state(DisasContext *ctx, bool save_pc)
211 {
212     if (save_pc) {
213         tcg_gen_movi_i32(cpu_pc, ctx->base.pc_next);
214     }
215     if (ctx->delayed_pc != (uint32_t) -1) {
216         tcg_gen_movi_i32(cpu_delayed_pc, ctx->delayed_pc);
217     }
218     if ((ctx->tbflags & TB_FLAG_ENVFLAGS_MASK) != ctx->envflags) {
219         tcg_gen_movi_i32(cpu_flags, ctx->envflags);
220     }
221 }
222 
223 static inline bool use_exit_tb(DisasContext *ctx)
224 {
225     return (ctx->tbflags & GUSA_EXCLUSIVE) != 0;
226 }
227 
228 static inline bool use_goto_tb(DisasContext *ctx, target_ulong dest)
229 {
230     /* Use a direct jump if in same page and singlestep not enabled */
231     if (unlikely(ctx->base.singlestep_enabled || use_exit_tb(ctx))) {
232         return false;
233     }
234 #ifndef CONFIG_USER_ONLY
235     return (ctx->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
236 #else
237     return true;
238 #endif
239 }
240 
241 static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
242 {
243     if (use_goto_tb(ctx, dest)) {
244         tcg_gen_goto_tb(n);
245         tcg_gen_movi_i32(cpu_pc, dest);
246         tcg_gen_exit_tb(ctx->base.tb, n);
247     } else {
248         tcg_gen_movi_i32(cpu_pc, dest);
249         if (ctx->base.singlestep_enabled) {
250             gen_helper_debug(cpu_env);
251         } else if (use_exit_tb(ctx)) {
252             tcg_gen_exit_tb(NULL, 0);
253         } else {
254             tcg_gen_lookup_and_goto_ptr();
255         }
256     }
257     ctx->base.is_jmp = DISAS_NORETURN;
258 }
259 
260 static void gen_jump(DisasContext * ctx)
261 {
262     if (ctx->delayed_pc == -1) {
263 	/* Target is not statically known, it comes necessarily from a
264 	   delayed jump as immediate jump are conditinal jumps */
265 	tcg_gen_mov_i32(cpu_pc, cpu_delayed_pc);
266         tcg_gen_discard_i32(cpu_delayed_pc);
267         if (ctx->base.singlestep_enabled) {
268             gen_helper_debug(cpu_env);
269         } else if (use_exit_tb(ctx)) {
270             tcg_gen_exit_tb(NULL, 0);
271         } else {
272             tcg_gen_lookup_and_goto_ptr();
273         }
274         ctx->base.is_jmp = DISAS_NORETURN;
275     } else {
276 	gen_goto_tb(ctx, 0, ctx->delayed_pc);
277     }
278 }
279 
280 /* Immediate conditional jump (bt or bf) */
281 static void gen_conditional_jump(DisasContext *ctx, target_ulong dest,
282                                  bool jump_if_true)
283 {
284     TCGLabel *l1 = gen_new_label();
285     TCGCond cond_not_taken = jump_if_true ? TCG_COND_EQ : TCG_COND_NE;
286 
287     if (ctx->tbflags & GUSA_EXCLUSIVE) {
288         /* When in an exclusive region, we must continue to the end.
289            Therefore, exit the region on a taken branch, but otherwise
290            fall through to the next instruction.  */
291         tcg_gen_brcondi_i32(cond_not_taken, cpu_sr_t, 0, l1);
292         tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~GUSA_MASK);
293         /* Note that this won't actually use a goto_tb opcode because we
294            disallow it in use_goto_tb, but it handles exit + singlestep.  */
295         gen_goto_tb(ctx, 0, dest);
296         gen_set_label(l1);
297         ctx->base.is_jmp = DISAS_NEXT;
298         return;
299     }
300 
301     gen_save_cpu_state(ctx, false);
302     tcg_gen_brcondi_i32(cond_not_taken, cpu_sr_t, 0, l1);
303     gen_goto_tb(ctx, 0, dest);
304     gen_set_label(l1);
305     gen_goto_tb(ctx, 1, ctx->base.pc_next + 2);
306     ctx->base.is_jmp = DISAS_NORETURN;
307 }
308 
309 /* Delayed conditional jump (bt or bf) */
310 static void gen_delayed_conditional_jump(DisasContext * ctx)
311 {
312     TCGLabel *l1 = gen_new_label();
313     TCGv ds = tcg_temp_new();
314 
315     tcg_gen_mov_i32(ds, cpu_delayed_cond);
316     tcg_gen_discard_i32(cpu_delayed_cond);
317 
318     if (ctx->tbflags & GUSA_EXCLUSIVE) {
319         /* When in an exclusive region, we must continue to the end.
320            Therefore, exit the region on a taken branch, but otherwise
321            fall through to the next instruction.  */
322         tcg_gen_brcondi_i32(TCG_COND_EQ, ds, 0, l1);
323 
324         /* Leave the gUSA region.  */
325         tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~GUSA_MASK);
326         gen_jump(ctx);
327 
328         gen_set_label(l1);
329         ctx->base.is_jmp = DISAS_NEXT;
330         return;
331     }
332 
333     tcg_gen_brcondi_i32(TCG_COND_NE, ds, 0, l1);
334     gen_goto_tb(ctx, 1, ctx->base.pc_next + 2);
335     gen_set_label(l1);
336     gen_jump(ctx);
337 }
338 
339 static inline void gen_load_fpr64(DisasContext *ctx, TCGv_i64 t, int reg)
340 {
341     /* We have already signaled illegal instruction for odd Dr.  */
342     tcg_debug_assert((reg & 1) == 0);
343     reg ^= ctx->fbank;
344     tcg_gen_concat_i32_i64(t, cpu_fregs[reg + 1], cpu_fregs[reg]);
345 }
346 
347 static inline void gen_store_fpr64(DisasContext *ctx, TCGv_i64 t, int reg)
348 {
349     /* We have already signaled illegal instruction for odd Dr.  */
350     tcg_debug_assert((reg & 1) == 0);
351     reg ^= ctx->fbank;
352     tcg_gen_extr_i64_i32(cpu_fregs[reg + 1], cpu_fregs[reg], t);
353 }
354 
355 #define B3_0 (ctx->opcode & 0xf)
356 #define B6_4 ((ctx->opcode >> 4) & 0x7)
357 #define B7_4 ((ctx->opcode >> 4) & 0xf)
358 #define B7_0 (ctx->opcode & 0xff)
359 #define B7_0s ((int32_t) (int8_t) (ctx->opcode & 0xff))
360 #define B11_0s (ctx->opcode & 0x800 ? 0xfffff000 | (ctx->opcode & 0xfff) : \
361   (ctx->opcode & 0xfff))
362 #define B11_8 ((ctx->opcode >> 8) & 0xf)
363 #define B15_12 ((ctx->opcode >> 12) & 0xf)
364 
365 #define REG(x)     cpu_gregs[(x) ^ ctx->gbank]
366 #define ALTREG(x)  cpu_gregs[(x) ^ ctx->gbank ^ 0x10]
367 #define FREG(x)    cpu_fregs[(x) ^ ctx->fbank]
368 
369 #define XHACK(x) ((((x) & 1 ) << 4) | ((x) & 0xe))
370 
371 #define CHECK_NOT_DELAY_SLOT \
372     if (ctx->envflags & DELAY_SLOT_MASK) {  \
373         goto do_illegal_slot;               \
374     }
375 
376 #define CHECK_PRIVILEGED \
377     if (IS_USER(ctx)) {                     \
378         goto do_illegal;                    \
379     }
380 
381 #define CHECK_FPU_ENABLED \
382     if (ctx->tbflags & (1u << SR_FD)) {     \
383         goto do_fpu_disabled;               \
384     }
385 
386 #define CHECK_FPSCR_PR_0 \
387     if (ctx->tbflags & FPSCR_PR) {          \
388         goto do_illegal;                    \
389     }
390 
391 #define CHECK_FPSCR_PR_1 \
392     if (!(ctx->tbflags & FPSCR_PR)) {       \
393         goto do_illegal;                    \
394     }
395 
396 #define CHECK_SH4A \
397     if (!(ctx->features & SH_FEATURE_SH4A)) { \
398         goto do_illegal;                      \
399     }
400 
401 static void _decode_opc(DisasContext * ctx)
402 {
403     /* This code tries to make movcal emulation sufficiently
404        accurate for Linux purposes.  This instruction writes
405        memory, and prior to that, always allocates a cache line.
406        It is used in two contexts:
407        - in memcpy, where data is copied in blocks, the first write
408        of to a block uses movca.l for performance.
409        - in arch/sh/mm/cache-sh4.c, movcal.l + ocbi combination is used
410        to flush the cache. Here, the data written by movcal.l is never
411        written to memory, and the data written is just bogus.
412 
413        To simulate this, we simulate movcal.l, we store the value to memory,
414        but we also remember the previous content. If we see ocbi, we check
415        if movcal.l for that address was done previously. If so, the write should
416        not have hit the memory, so we restore the previous content.
417        When we see an instruction that is neither movca.l
418        nor ocbi, the previous content is discarded.
419 
420        To optimize, we only try to flush stores when we're at the start of
421        TB, or if we already saw movca.l in this TB and did not flush stores
422        yet.  */
423     if (ctx->has_movcal)
424 	{
425 	  int opcode = ctx->opcode & 0xf0ff;
426 	  if (opcode != 0x0093 /* ocbi */
427 	      && opcode != 0x00c3 /* movca.l */)
428 	      {
429                   gen_helper_discard_movcal_backup(cpu_env);
430 		  ctx->has_movcal = 0;
431 	      }
432 	}
433 
434 #if 0
435     fprintf(stderr, "Translating opcode 0x%04x\n", ctx->opcode);
436 #endif
437 
438     switch (ctx->opcode) {
439     case 0x0019:		/* div0u */
440         tcg_gen_movi_i32(cpu_sr_m, 0);
441         tcg_gen_movi_i32(cpu_sr_q, 0);
442         tcg_gen_movi_i32(cpu_sr_t, 0);
443 	return;
444     case 0x000b:		/* rts */
445 	CHECK_NOT_DELAY_SLOT
446 	tcg_gen_mov_i32(cpu_delayed_pc, cpu_pr);
447         ctx->envflags |= DELAY_SLOT;
448 	ctx->delayed_pc = (uint32_t) - 1;
449 	return;
450     case 0x0028:		/* clrmac */
451 	tcg_gen_movi_i32(cpu_mach, 0);
452 	tcg_gen_movi_i32(cpu_macl, 0);
453 	return;
454     case 0x0048:		/* clrs */
455         tcg_gen_andi_i32(cpu_sr, cpu_sr, ~(1u << SR_S));
456 	return;
457     case 0x0008:		/* clrt */
458         tcg_gen_movi_i32(cpu_sr_t, 0);
459 	return;
460     case 0x0038:		/* ldtlb */
461 	CHECK_PRIVILEGED
462         gen_helper_ldtlb(cpu_env);
463 	return;
464     case 0x002b:		/* rte */
465 	CHECK_PRIVILEGED
466 	CHECK_NOT_DELAY_SLOT
467         gen_write_sr(cpu_ssr);
468 	tcg_gen_mov_i32(cpu_delayed_pc, cpu_spc);
469         ctx->envflags |= DELAY_SLOT_RTE;
470 	ctx->delayed_pc = (uint32_t) - 1;
471         ctx->base.is_jmp = DISAS_STOP;
472 	return;
473     case 0x0058:		/* sets */
474         tcg_gen_ori_i32(cpu_sr, cpu_sr, (1u << SR_S));
475 	return;
476     case 0x0018:		/* sett */
477         tcg_gen_movi_i32(cpu_sr_t, 1);
478 	return;
479     case 0xfbfd:		/* frchg */
480         CHECK_FPSCR_PR_0
481 	tcg_gen_xori_i32(cpu_fpscr, cpu_fpscr, FPSCR_FR);
482         ctx->base.is_jmp = DISAS_STOP;
483 	return;
484     case 0xf3fd:		/* fschg */
485         CHECK_FPSCR_PR_0
486         tcg_gen_xori_i32(cpu_fpscr, cpu_fpscr, FPSCR_SZ);
487         ctx->base.is_jmp = DISAS_STOP;
488 	return;
489     case 0xf7fd:                /* fpchg */
490         CHECK_SH4A
491         tcg_gen_xori_i32(cpu_fpscr, cpu_fpscr, FPSCR_PR);
492         ctx->base.is_jmp = DISAS_STOP;
493         return;
494     case 0x0009:		/* nop */
495 	return;
496     case 0x001b:		/* sleep */
497 	CHECK_PRIVILEGED
498         tcg_gen_movi_i32(cpu_pc, ctx->base.pc_next + 2);
499         gen_helper_sleep(cpu_env);
500 	return;
501     }
502 
503     switch (ctx->opcode & 0xf000) {
504     case 0x1000:		/* mov.l Rm,@(disp,Rn) */
505 	{
506 	    TCGv addr = tcg_temp_new();
507 	    tcg_gen_addi_i32(addr, REG(B11_8), B3_0 * 4);
508             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUL);
509 	    tcg_temp_free(addr);
510 	}
511 	return;
512     case 0x5000:		/* mov.l @(disp,Rm),Rn */
513 	{
514 	    TCGv addr = tcg_temp_new();
515 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 4);
516             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESL);
517 	    tcg_temp_free(addr);
518 	}
519 	return;
520     case 0xe000:		/* mov #imm,Rn */
521 #ifdef CONFIG_USER_ONLY
522         /* Detect the start of a gUSA region.  If so, update envflags
523            and end the TB.  This will allow us to see the end of the
524            region (stored in R0) in the next TB.  */
525         if (B11_8 == 15 && B7_0s < 0 &&
526             (tb_cflags(ctx->base.tb) & CF_PARALLEL)) {
527             ctx->envflags = deposit32(ctx->envflags, GUSA_SHIFT, 8, B7_0s);
528             ctx->base.is_jmp = DISAS_STOP;
529         }
530 #endif
531 	tcg_gen_movi_i32(REG(B11_8), B7_0s);
532 	return;
533     case 0x9000:		/* mov.w @(disp,PC),Rn */
534 	{
535             TCGv addr = tcg_const_i32(ctx->base.pc_next + 4 + B7_0 * 2);
536             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESW);
537 	    tcg_temp_free(addr);
538 	}
539 	return;
540     case 0xd000:		/* mov.l @(disp,PC),Rn */
541 	{
542             TCGv addr = tcg_const_i32((ctx->base.pc_next + 4 + B7_0 * 4) & ~3);
543             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESL);
544 	    tcg_temp_free(addr);
545 	}
546 	return;
547     case 0x7000:		/* add #imm,Rn */
548 	tcg_gen_addi_i32(REG(B11_8), REG(B11_8), B7_0s);
549 	return;
550     case 0xa000:		/* bra disp */
551 	CHECK_NOT_DELAY_SLOT
552         ctx->delayed_pc = ctx->base.pc_next + 4 + B11_0s * 2;
553         ctx->envflags |= DELAY_SLOT;
554 	return;
555     case 0xb000:		/* bsr disp */
556 	CHECK_NOT_DELAY_SLOT
557         tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
558         ctx->delayed_pc = ctx->base.pc_next + 4 + B11_0s * 2;
559         ctx->envflags |= DELAY_SLOT;
560 	return;
561     }
562 
563     switch (ctx->opcode & 0xf00f) {
564     case 0x6003:		/* mov Rm,Rn */
565 	tcg_gen_mov_i32(REG(B11_8), REG(B7_4));
566 	return;
567     case 0x2000:		/* mov.b Rm,@Rn */
568         tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx, MO_UB);
569 	return;
570     case 0x2001:		/* mov.w Rm,@Rn */
571         tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx, MO_TEUW);
572 	return;
573     case 0x2002:		/* mov.l Rm,@Rn */
574         tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx, MO_TEUL);
575 	return;
576     case 0x6000:		/* mov.b @Rm,Rn */
577         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_SB);
578 	return;
579     case 0x6001:		/* mov.w @Rm,Rn */
580         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESW);
581 	return;
582     case 0x6002:		/* mov.l @Rm,Rn */
583         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESL);
584 	return;
585     case 0x2004:		/* mov.b Rm,@-Rn */
586 	{
587 	    TCGv addr = tcg_temp_new();
588 	    tcg_gen_subi_i32(addr, REG(B11_8), 1);
589             /* might cause re-execution */
590             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_UB);
591 	    tcg_gen_mov_i32(REG(B11_8), addr);			/* modify register status */
592 	    tcg_temp_free(addr);
593 	}
594 	return;
595     case 0x2005:		/* mov.w Rm,@-Rn */
596 	{
597 	    TCGv addr = tcg_temp_new();
598 	    tcg_gen_subi_i32(addr, REG(B11_8), 2);
599             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUW);
600 	    tcg_gen_mov_i32(REG(B11_8), addr);
601 	    tcg_temp_free(addr);
602 	}
603 	return;
604     case 0x2006:		/* mov.l Rm,@-Rn */
605 	{
606 	    TCGv addr = tcg_temp_new();
607 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
608             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUL);
609 	    tcg_gen_mov_i32(REG(B11_8), addr);
610         tcg_temp_free(addr);
611 	}
612 	return;
613     case 0x6004:		/* mov.b @Rm+,Rn */
614         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_SB);
615 	if ( B11_8 != B7_4 )
616 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 1);
617 	return;
618     case 0x6005:		/* mov.w @Rm+,Rn */
619         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESW);
620 	if ( B11_8 != B7_4 )
621 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 2);
622 	return;
623     case 0x6006:		/* mov.l @Rm+,Rn */
624         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_TESL);
625 	if ( B11_8 != B7_4 )
626 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
627 	return;
628     case 0x0004:		/* mov.b Rm,@(R0,Rn) */
629 	{
630 	    TCGv addr = tcg_temp_new();
631 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
632             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_UB);
633 	    tcg_temp_free(addr);
634 	}
635 	return;
636     case 0x0005:		/* mov.w Rm,@(R0,Rn) */
637 	{
638 	    TCGv addr = tcg_temp_new();
639 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
640             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUW);
641 	    tcg_temp_free(addr);
642 	}
643 	return;
644     case 0x0006:		/* mov.l Rm,@(R0,Rn) */
645 	{
646 	    TCGv addr = tcg_temp_new();
647 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
648             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_TEUL);
649 	    tcg_temp_free(addr);
650 	}
651 	return;
652     case 0x000c:		/* mov.b @(R0,Rm),Rn */
653 	{
654 	    TCGv addr = tcg_temp_new();
655 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
656             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_SB);
657 	    tcg_temp_free(addr);
658 	}
659 	return;
660     case 0x000d:		/* mov.w @(R0,Rm),Rn */
661 	{
662 	    TCGv addr = tcg_temp_new();
663 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
664             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESW);
665 	    tcg_temp_free(addr);
666 	}
667 	return;
668     case 0x000e:		/* mov.l @(R0,Rm),Rn */
669 	{
670 	    TCGv addr = tcg_temp_new();
671 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
672             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESL);
673 	    tcg_temp_free(addr);
674 	}
675 	return;
676     case 0x6008:		/* swap.b Rm,Rn */
677 	{
678             TCGv low = tcg_temp_new();
679 	    tcg_gen_ext16u_i32(low, REG(B7_4));
680 	    tcg_gen_bswap16_i32(low, low);
681             tcg_gen_deposit_i32(REG(B11_8), REG(B7_4), low, 0, 16);
682 	    tcg_temp_free(low);
683 	}
684 	return;
685     case 0x6009:		/* swap.w Rm,Rn */
686         tcg_gen_rotli_i32(REG(B11_8), REG(B7_4), 16);
687 	return;
688     case 0x200d:		/* xtrct Rm,Rn */
689 	{
690 	    TCGv high, low;
691 	    high = tcg_temp_new();
692 	    tcg_gen_shli_i32(high, REG(B7_4), 16);
693 	    low = tcg_temp_new();
694 	    tcg_gen_shri_i32(low, REG(B11_8), 16);
695 	    tcg_gen_or_i32(REG(B11_8), high, low);
696 	    tcg_temp_free(low);
697 	    tcg_temp_free(high);
698 	}
699 	return;
700     case 0x300c:		/* add Rm,Rn */
701 	tcg_gen_add_i32(REG(B11_8), REG(B11_8), REG(B7_4));
702 	return;
703     case 0x300e:		/* addc Rm,Rn */
704         {
705             TCGv t0, t1;
706             t0 = tcg_const_tl(0);
707             t1 = tcg_temp_new();
708             tcg_gen_add2_i32(t1, cpu_sr_t, cpu_sr_t, t0, REG(B7_4), t0);
709             tcg_gen_add2_i32(REG(B11_8), cpu_sr_t,
710                              REG(B11_8), t0, t1, cpu_sr_t);
711             tcg_temp_free(t0);
712             tcg_temp_free(t1);
713         }
714 	return;
715     case 0x300f:		/* addv Rm,Rn */
716         {
717             TCGv t0, t1, t2;
718             t0 = tcg_temp_new();
719             tcg_gen_add_i32(t0, REG(B7_4), REG(B11_8));
720             t1 = tcg_temp_new();
721             tcg_gen_xor_i32(t1, t0, REG(B11_8));
722             t2 = tcg_temp_new();
723             tcg_gen_xor_i32(t2, REG(B7_4), REG(B11_8));
724             tcg_gen_andc_i32(cpu_sr_t, t1, t2);
725             tcg_temp_free(t2);
726             tcg_gen_shri_i32(cpu_sr_t, cpu_sr_t, 31);
727             tcg_temp_free(t1);
728             tcg_gen_mov_i32(REG(B7_4), t0);
729             tcg_temp_free(t0);
730         }
731 	return;
732     case 0x2009:		/* and Rm,Rn */
733 	tcg_gen_and_i32(REG(B11_8), REG(B11_8), REG(B7_4));
734 	return;
735     case 0x3000:		/* cmp/eq Rm,Rn */
736         tcg_gen_setcond_i32(TCG_COND_EQ, cpu_sr_t, REG(B11_8), REG(B7_4));
737 	return;
738     case 0x3003:		/* cmp/ge Rm,Rn */
739         tcg_gen_setcond_i32(TCG_COND_GE, cpu_sr_t, REG(B11_8), REG(B7_4));
740 	return;
741     case 0x3007:		/* cmp/gt Rm,Rn */
742         tcg_gen_setcond_i32(TCG_COND_GT, cpu_sr_t, REG(B11_8), REG(B7_4));
743 	return;
744     case 0x3006:		/* cmp/hi Rm,Rn */
745         tcg_gen_setcond_i32(TCG_COND_GTU, cpu_sr_t, REG(B11_8), REG(B7_4));
746 	return;
747     case 0x3002:		/* cmp/hs Rm,Rn */
748         tcg_gen_setcond_i32(TCG_COND_GEU, cpu_sr_t, REG(B11_8), REG(B7_4));
749 	return;
750     case 0x200c:		/* cmp/str Rm,Rn */
751 	{
752 	    TCGv cmp1 = tcg_temp_new();
753 	    TCGv cmp2 = tcg_temp_new();
754             tcg_gen_xor_i32(cmp2, REG(B7_4), REG(B11_8));
755             tcg_gen_subi_i32(cmp1, cmp2, 0x01010101);
756             tcg_gen_andc_i32(cmp1, cmp1, cmp2);
757             tcg_gen_andi_i32(cmp1, cmp1, 0x80808080);
758             tcg_gen_setcondi_i32(TCG_COND_NE, cpu_sr_t, cmp1, 0);
759 	    tcg_temp_free(cmp2);
760 	    tcg_temp_free(cmp1);
761 	}
762 	return;
763     case 0x2007:		/* div0s Rm,Rn */
764         tcg_gen_shri_i32(cpu_sr_q, REG(B11_8), 31);         /* SR_Q */
765         tcg_gen_shri_i32(cpu_sr_m, REG(B7_4), 31);          /* SR_M */
766         tcg_gen_xor_i32(cpu_sr_t, cpu_sr_q, cpu_sr_m);      /* SR_T */
767 	return;
768     case 0x3004:		/* div1 Rm,Rn */
769         {
770             TCGv t0 = tcg_temp_new();
771             TCGv t1 = tcg_temp_new();
772             TCGv t2 = tcg_temp_new();
773             TCGv zero = tcg_const_i32(0);
774 
775             /* shift left arg1, saving the bit being pushed out and inserting
776                T on the right */
777             tcg_gen_shri_i32(t0, REG(B11_8), 31);
778             tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 1);
779             tcg_gen_or_i32(REG(B11_8), REG(B11_8), cpu_sr_t);
780 
781             /* Add or subtract arg0 from arg1 depending if Q == M. To avoid
782                using 64-bit temps, we compute arg0's high part from q ^ m, so
783                that it is 0x00000000 when adding the value or 0xffffffff when
784                subtracting it. */
785             tcg_gen_xor_i32(t1, cpu_sr_q, cpu_sr_m);
786             tcg_gen_subi_i32(t1, t1, 1);
787             tcg_gen_neg_i32(t2, REG(B7_4));
788             tcg_gen_movcond_i32(TCG_COND_EQ, t2, t1, zero, REG(B7_4), t2);
789             tcg_gen_add2_i32(REG(B11_8), t1, REG(B11_8), zero, t2, t1);
790 
791             /* compute T and Q depending on carry */
792             tcg_gen_andi_i32(t1, t1, 1);
793             tcg_gen_xor_i32(t1, t1, t0);
794             tcg_gen_xori_i32(cpu_sr_t, t1, 1);
795             tcg_gen_xor_i32(cpu_sr_q, cpu_sr_m, t1);
796 
797             tcg_temp_free(zero);
798             tcg_temp_free(t2);
799             tcg_temp_free(t1);
800             tcg_temp_free(t0);
801         }
802 	return;
803     case 0x300d:		/* dmuls.l Rm,Rn */
804         tcg_gen_muls2_i32(cpu_macl, cpu_mach, REG(B7_4), REG(B11_8));
805 	return;
806     case 0x3005:		/* dmulu.l Rm,Rn */
807         tcg_gen_mulu2_i32(cpu_macl, cpu_mach, REG(B7_4), REG(B11_8));
808 	return;
809     case 0x600e:		/* exts.b Rm,Rn */
810 	tcg_gen_ext8s_i32(REG(B11_8), REG(B7_4));
811 	return;
812     case 0x600f:		/* exts.w Rm,Rn */
813 	tcg_gen_ext16s_i32(REG(B11_8), REG(B7_4));
814 	return;
815     case 0x600c:		/* extu.b Rm,Rn */
816 	tcg_gen_ext8u_i32(REG(B11_8), REG(B7_4));
817 	return;
818     case 0x600d:		/* extu.w Rm,Rn */
819 	tcg_gen_ext16u_i32(REG(B11_8), REG(B7_4));
820 	return;
821     case 0x000f:		/* mac.l @Rm+,@Rn+ */
822 	{
823 	    TCGv arg0, arg1;
824 	    arg0 = tcg_temp_new();
825             tcg_gen_qemu_ld_i32(arg0, REG(B7_4), ctx->memidx, MO_TESL);
826 	    arg1 = tcg_temp_new();
827             tcg_gen_qemu_ld_i32(arg1, REG(B11_8), ctx->memidx, MO_TESL);
828             gen_helper_macl(cpu_env, arg0, arg1);
829 	    tcg_temp_free(arg1);
830 	    tcg_temp_free(arg0);
831 	    tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
832 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
833 	}
834 	return;
835     case 0x400f:		/* mac.w @Rm+,@Rn+ */
836 	{
837 	    TCGv arg0, arg1;
838 	    arg0 = tcg_temp_new();
839             tcg_gen_qemu_ld_i32(arg0, REG(B7_4), ctx->memidx, MO_TESL);
840 	    arg1 = tcg_temp_new();
841             tcg_gen_qemu_ld_i32(arg1, REG(B11_8), ctx->memidx, MO_TESL);
842             gen_helper_macw(cpu_env, arg0, arg1);
843 	    tcg_temp_free(arg1);
844 	    tcg_temp_free(arg0);
845 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 2);
846 	    tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 2);
847 	}
848 	return;
849     case 0x0007:		/* mul.l Rm,Rn */
850 	tcg_gen_mul_i32(cpu_macl, REG(B7_4), REG(B11_8));
851 	return;
852     case 0x200f:		/* muls.w Rm,Rn */
853 	{
854 	    TCGv arg0, arg1;
855 	    arg0 = tcg_temp_new();
856 	    tcg_gen_ext16s_i32(arg0, REG(B7_4));
857 	    arg1 = tcg_temp_new();
858 	    tcg_gen_ext16s_i32(arg1, REG(B11_8));
859 	    tcg_gen_mul_i32(cpu_macl, arg0, arg1);
860 	    tcg_temp_free(arg1);
861 	    tcg_temp_free(arg0);
862 	}
863 	return;
864     case 0x200e:		/* mulu.w Rm,Rn */
865 	{
866 	    TCGv arg0, arg1;
867 	    arg0 = tcg_temp_new();
868 	    tcg_gen_ext16u_i32(arg0, REG(B7_4));
869 	    arg1 = tcg_temp_new();
870 	    tcg_gen_ext16u_i32(arg1, REG(B11_8));
871 	    tcg_gen_mul_i32(cpu_macl, arg0, arg1);
872 	    tcg_temp_free(arg1);
873 	    tcg_temp_free(arg0);
874 	}
875 	return;
876     case 0x600b:		/* neg Rm,Rn */
877 	tcg_gen_neg_i32(REG(B11_8), REG(B7_4));
878 	return;
879     case 0x600a:		/* negc Rm,Rn */
880         {
881             TCGv t0 = tcg_const_i32(0);
882             tcg_gen_add2_i32(REG(B11_8), cpu_sr_t,
883                              REG(B7_4), t0, cpu_sr_t, t0);
884             tcg_gen_sub2_i32(REG(B11_8), cpu_sr_t,
885                              t0, t0, REG(B11_8), cpu_sr_t);
886             tcg_gen_andi_i32(cpu_sr_t, cpu_sr_t, 1);
887             tcg_temp_free(t0);
888         }
889 	return;
890     case 0x6007:		/* not Rm,Rn */
891 	tcg_gen_not_i32(REG(B11_8), REG(B7_4));
892 	return;
893     case 0x200b:		/* or Rm,Rn */
894 	tcg_gen_or_i32(REG(B11_8), REG(B11_8), REG(B7_4));
895 	return;
896     case 0x400c:		/* shad Rm,Rn */
897 	{
898             TCGv t0 = tcg_temp_new();
899             TCGv t1 = tcg_temp_new();
900             TCGv t2 = tcg_temp_new();
901 
902             tcg_gen_andi_i32(t0, REG(B7_4), 0x1f);
903 
904             /* positive case: shift to the left */
905             tcg_gen_shl_i32(t1, REG(B11_8), t0);
906 
907             /* negative case: shift to the right in two steps to
908                correctly handle the -32 case */
909             tcg_gen_xori_i32(t0, t0, 0x1f);
910             tcg_gen_sar_i32(t2, REG(B11_8), t0);
911             tcg_gen_sari_i32(t2, t2, 1);
912 
913             /* select between the two cases */
914             tcg_gen_movi_i32(t0, 0);
915             tcg_gen_movcond_i32(TCG_COND_GE, REG(B11_8), REG(B7_4), t0, t1, t2);
916 
917             tcg_temp_free(t0);
918             tcg_temp_free(t1);
919             tcg_temp_free(t2);
920 	}
921 	return;
922     case 0x400d:		/* shld Rm,Rn */
923 	{
924             TCGv t0 = tcg_temp_new();
925             TCGv t1 = tcg_temp_new();
926             TCGv t2 = tcg_temp_new();
927 
928             tcg_gen_andi_i32(t0, REG(B7_4), 0x1f);
929 
930             /* positive case: shift to the left */
931             tcg_gen_shl_i32(t1, REG(B11_8), t0);
932 
933             /* negative case: shift to the right in two steps to
934                correctly handle the -32 case */
935             tcg_gen_xori_i32(t0, t0, 0x1f);
936             tcg_gen_shr_i32(t2, REG(B11_8), t0);
937             tcg_gen_shri_i32(t2, t2, 1);
938 
939             /* select between the two cases */
940             tcg_gen_movi_i32(t0, 0);
941             tcg_gen_movcond_i32(TCG_COND_GE, REG(B11_8), REG(B7_4), t0, t1, t2);
942 
943             tcg_temp_free(t0);
944             tcg_temp_free(t1);
945             tcg_temp_free(t2);
946 	}
947 	return;
948     case 0x3008:		/* sub Rm,Rn */
949 	tcg_gen_sub_i32(REG(B11_8), REG(B11_8), REG(B7_4));
950 	return;
951     case 0x300a:		/* subc Rm,Rn */
952         {
953             TCGv t0, t1;
954             t0 = tcg_const_tl(0);
955             t1 = tcg_temp_new();
956             tcg_gen_add2_i32(t1, cpu_sr_t, cpu_sr_t, t0, REG(B7_4), t0);
957             tcg_gen_sub2_i32(REG(B11_8), cpu_sr_t,
958                              REG(B11_8), t0, t1, cpu_sr_t);
959             tcg_gen_andi_i32(cpu_sr_t, cpu_sr_t, 1);
960             tcg_temp_free(t0);
961             tcg_temp_free(t1);
962         }
963 	return;
964     case 0x300b:		/* subv Rm,Rn */
965         {
966             TCGv t0, t1, t2;
967             t0 = tcg_temp_new();
968             tcg_gen_sub_i32(t0, REG(B11_8), REG(B7_4));
969             t1 = tcg_temp_new();
970             tcg_gen_xor_i32(t1, t0, REG(B7_4));
971             t2 = tcg_temp_new();
972             tcg_gen_xor_i32(t2, REG(B11_8), REG(B7_4));
973             tcg_gen_and_i32(t1, t1, t2);
974             tcg_temp_free(t2);
975             tcg_gen_shri_i32(cpu_sr_t, t1, 31);
976             tcg_temp_free(t1);
977             tcg_gen_mov_i32(REG(B11_8), t0);
978             tcg_temp_free(t0);
979         }
980 	return;
981     case 0x2008:		/* tst Rm,Rn */
982 	{
983 	    TCGv val = tcg_temp_new();
984 	    tcg_gen_and_i32(val, REG(B7_4), REG(B11_8));
985             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
986 	    tcg_temp_free(val);
987 	}
988 	return;
989     case 0x200a:		/* xor Rm,Rn */
990 	tcg_gen_xor_i32(REG(B11_8), REG(B11_8), REG(B7_4));
991 	return;
992     case 0xf00c: /* fmov {F,D,X}Rm,{F,D,X}Rn - FPSCR: Nothing */
993 	CHECK_FPU_ENABLED
994         if (ctx->tbflags & FPSCR_SZ) {
995             int xsrc = XHACK(B7_4);
996             int xdst = XHACK(B11_8);
997             tcg_gen_mov_i32(FREG(xdst), FREG(xsrc));
998             tcg_gen_mov_i32(FREG(xdst + 1), FREG(xsrc + 1));
999 	} else {
1000             tcg_gen_mov_i32(FREG(B11_8), FREG(B7_4));
1001 	}
1002 	return;
1003     case 0xf00a: /* fmov {F,D,X}Rm,@Rn - FPSCR: Nothing */
1004 	CHECK_FPU_ENABLED
1005         if (ctx->tbflags & FPSCR_SZ) {
1006             TCGv_i64 fp = tcg_temp_new_i64();
1007             gen_load_fpr64(ctx, fp, XHACK(B7_4));
1008             tcg_gen_qemu_st_i64(fp, REG(B11_8), ctx->memidx, MO_TEQ);
1009             tcg_temp_free_i64(fp);
1010 	} else {
1011             tcg_gen_qemu_st_i32(FREG(B7_4), REG(B11_8), ctx->memidx, MO_TEUL);
1012 	}
1013 	return;
1014     case 0xf008: /* fmov @Rm,{F,D,X}Rn - FPSCR: Nothing */
1015 	CHECK_FPU_ENABLED
1016         if (ctx->tbflags & FPSCR_SZ) {
1017             TCGv_i64 fp = tcg_temp_new_i64();
1018             tcg_gen_qemu_ld_i64(fp, REG(B7_4), ctx->memidx, MO_TEQ);
1019             gen_store_fpr64(ctx, fp, XHACK(B11_8));
1020             tcg_temp_free_i64(fp);
1021 	} else {
1022             tcg_gen_qemu_ld_i32(FREG(B11_8), REG(B7_4), ctx->memidx, MO_TEUL);
1023 	}
1024 	return;
1025     case 0xf009: /* fmov @Rm+,{F,D,X}Rn - FPSCR: Nothing */
1026 	CHECK_FPU_ENABLED
1027         if (ctx->tbflags & FPSCR_SZ) {
1028             TCGv_i64 fp = tcg_temp_new_i64();
1029             tcg_gen_qemu_ld_i64(fp, REG(B7_4), ctx->memidx, MO_TEQ);
1030             gen_store_fpr64(ctx, fp, XHACK(B11_8));
1031             tcg_temp_free_i64(fp);
1032             tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 8);
1033 	} else {
1034             tcg_gen_qemu_ld_i32(FREG(B11_8), REG(B7_4), ctx->memidx, MO_TEUL);
1035 	    tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
1036 	}
1037 	return;
1038     case 0xf00b: /* fmov {F,D,X}Rm,@-Rn - FPSCR: Nothing */
1039 	CHECK_FPU_ENABLED
1040         {
1041             TCGv addr = tcg_temp_new_i32();
1042             if (ctx->tbflags & FPSCR_SZ) {
1043                 TCGv_i64 fp = tcg_temp_new_i64();
1044                 gen_load_fpr64(ctx, fp, XHACK(B7_4));
1045                 tcg_gen_subi_i32(addr, REG(B11_8), 8);
1046                 tcg_gen_qemu_st_i64(fp, addr, ctx->memidx, MO_TEQ);
1047                 tcg_temp_free_i64(fp);
1048             } else {
1049                 tcg_gen_subi_i32(addr, REG(B11_8), 4);
1050                 tcg_gen_qemu_st_i32(FREG(B7_4), addr, ctx->memidx, MO_TEUL);
1051             }
1052             tcg_gen_mov_i32(REG(B11_8), addr);
1053             tcg_temp_free(addr);
1054         }
1055 	return;
1056     case 0xf006: /* fmov @(R0,Rm),{F,D,X}Rm - FPSCR: Nothing */
1057 	CHECK_FPU_ENABLED
1058 	{
1059 	    TCGv addr = tcg_temp_new_i32();
1060 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
1061             if (ctx->tbflags & FPSCR_SZ) {
1062                 TCGv_i64 fp = tcg_temp_new_i64();
1063                 tcg_gen_qemu_ld_i64(fp, addr, ctx->memidx, MO_TEQ);
1064                 gen_store_fpr64(ctx, fp, XHACK(B11_8));
1065                 tcg_temp_free_i64(fp);
1066 	    } else {
1067                 tcg_gen_qemu_ld_i32(FREG(B11_8), addr, ctx->memidx, MO_TEUL);
1068 	    }
1069 	    tcg_temp_free(addr);
1070 	}
1071 	return;
1072     case 0xf007: /* fmov {F,D,X}Rn,@(R0,Rn) - FPSCR: Nothing */
1073 	CHECK_FPU_ENABLED
1074 	{
1075 	    TCGv addr = tcg_temp_new();
1076 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
1077             if (ctx->tbflags & FPSCR_SZ) {
1078                 TCGv_i64 fp = tcg_temp_new_i64();
1079                 gen_load_fpr64(ctx, fp, XHACK(B7_4));
1080                 tcg_gen_qemu_st_i64(fp, addr, ctx->memidx, MO_TEQ);
1081                 tcg_temp_free_i64(fp);
1082 	    } else {
1083                 tcg_gen_qemu_st_i32(FREG(B7_4), addr, ctx->memidx, MO_TEUL);
1084 	    }
1085 	    tcg_temp_free(addr);
1086 	}
1087 	return;
1088     case 0xf000: /* fadd Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1089     case 0xf001: /* fsub Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1090     case 0xf002: /* fmul Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1091     case 0xf003: /* fdiv Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1092     case 0xf004: /* fcmp/eq Rm,Rn - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
1093     case 0xf005: /* fcmp/gt Rm,Rn - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
1094 	{
1095 	    CHECK_FPU_ENABLED
1096             if (ctx->tbflags & FPSCR_PR) {
1097                 TCGv_i64 fp0, fp1;
1098 
1099                 if (ctx->opcode & 0x0110) {
1100                     goto do_illegal;
1101                 }
1102 		fp0 = tcg_temp_new_i64();
1103 		fp1 = tcg_temp_new_i64();
1104                 gen_load_fpr64(ctx, fp0, B11_8);
1105                 gen_load_fpr64(ctx, fp1, B7_4);
1106                 switch (ctx->opcode & 0xf00f) {
1107                 case 0xf000:		/* fadd Rm,Rn */
1108                     gen_helper_fadd_DT(fp0, cpu_env, fp0, fp1);
1109                     break;
1110                 case 0xf001:		/* fsub Rm,Rn */
1111                     gen_helper_fsub_DT(fp0, cpu_env, fp0, fp1);
1112                     break;
1113                 case 0xf002:		/* fmul Rm,Rn */
1114                     gen_helper_fmul_DT(fp0, cpu_env, fp0, fp1);
1115                     break;
1116                 case 0xf003:		/* fdiv Rm,Rn */
1117                     gen_helper_fdiv_DT(fp0, cpu_env, fp0, fp1);
1118                     break;
1119                 case 0xf004:		/* fcmp/eq Rm,Rn */
1120                     gen_helper_fcmp_eq_DT(cpu_sr_t, cpu_env, fp0, fp1);
1121                     return;
1122                 case 0xf005:		/* fcmp/gt Rm,Rn */
1123                     gen_helper_fcmp_gt_DT(cpu_sr_t, cpu_env, fp0, fp1);
1124                     return;
1125                 }
1126                 gen_store_fpr64(ctx, fp0, B11_8);
1127                 tcg_temp_free_i64(fp0);
1128                 tcg_temp_free_i64(fp1);
1129 	    } else {
1130                 switch (ctx->opcode & 0xf00f) {
1131                 case 0xf000:		/* fadd Rm,Rn */
1132                     gen_helper_fadd_FT(FREG(B11_8), cpu_env,
1133                                        FREG(B11_8), FREG(B7_4));
1134                     break;
1135                 case 0xf001:		/* fsub Rm,Rn */
1136                     gen_helper_fsub_FT(FREG(B11_8), cpu_env,
1137                                        FREG(B11_8), FREG(B7_4));
1138                     break;
1139                 case 0xf002:		/* fmul Rm,Rn */
1140                     gen_helper_fmul_FT(FREG(B11_8), cpu_env,
1141                                        FREG(B11_8), FREG(B7_4));
1142                     break;
1143                 case 0xf003:		/* fdiv Rm,Rn */
1144                     gen_helper_fdiv_FT(FREG(B11_8), cpu_env,
1145                                        FREG(B11_8), FREG(B7_4));
1146                     break;
1147                 case 0xf004:		/* fcmp/eq Rm,Rn */
1148                     gen_helper_fcmp_eq_FT(cpu_sr_t, cpu_env,
1149                                           FREG(B11_8), FREG(B7_4));
1150                     return;
1151                 case 0xf005:		/* fcmp/gt Rm,Rn */
1152                     gen_helper_fcmp_gt_FT(cpu_sr_t, cpu_env,
1153                                           FREG(B11_8), FREG(B7_4));
1154                     return;
1155                 }
1156 	    }
1157 	}
1158 	return;
1159     case 0xf00e: /* fmac FR0,RM,Rn */
1160         CHECK_FPU_ENABLED
1161         CHECK_FPSCR_PR_0
1162         gen_helper_fmac_FT(FREG(B11_8), cpu_env,
1163                            FREG(0), FREG(B7_4), FREG(B11_8));
1164         return;
1165     }
1166 
1167     switch (ctx->opcode & 0xff00) {
1168     case 0xc900:		/* and #imm,R0 */
1169 	tcg_gen_andi_i32(REG(0), REG(0), B7_0);
1170 	return;
1171     case 0xcd00:		/* and.b #imm,@(R0,GBR) */
1172 	{
1173 	    TCGv addr, val;
1174 	    addr = tcg_temp_new();
1175 	    tcg_gen_add_i32(addr, REG(0), cpu_gbr);
1176 	    val = tcg_temp_new();
1177             tcg_gen_qemu_ld_i32(val, addr, ctx->memidx, MO_UB);
1178 	    tcg_gen_andi_i32(val, val, B7_0);
1179             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_UB);
1180 	    tcg_temp_free(val);
1181 	    tcg_temp_free(addr);
1182 	}
1183 	return;
1184     case 0x8b00:		/* bf label */
1185 	CHECK_NOT_DELAY_SLOT
1186         gen_conditional_jump(ctx, ctx->base.pc_next + 4 + B7_0s * 2, false);
1187 	return;
1188     case 0x8f00:		/* bf/s label */
1189 	CHECK_NOT_DELAY_SLOT
1190         tcg_gen_xori_i32(cpu_delayed_cond, cpu_sr_t, 1);
1191         ctx->delayed_pc = ctx->base.pc_next + 4 + B7_0s * 2;
1192         ctx->envflags |= DELAY_SLOT_CONDITIONAL;
1193 	return;
1194     case 0x8900:		/* bt label */
1195 	CHECK_NOT_DELAY_SLOT
1196         gen_conditional_jump(ctx, ctx->base.pc_next + 4 + B7_0s * 2, true);
1197 	return;
1198     case 0x8d00:		/* bt/s label */
1199 	CHECK_NOT_DELAY_SLOT
1200         tcg_gen_mov_i32(cpu_delayed_cond, cpu_sr_t);
1201         ctx->delayed_pc = ctx->base.pc_next + 4 + B7_0s * 2;
1202         ctx->envflags |= DELAY_SLOT_CONDITIONAL;
1203 	return;
1204     case 0x8800:		/* cmp/eq #imm,R0 */
1205         tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, REG(0), B7_0s);
1206 	return;
1207     case 0xc400:		/* mov.b @(disp,GBR),R0 */
1208 	{
1209 	    TCGv addr = tcg_temp_new();
1210 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0);
1211             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_SB);
1212 	    tcg_temp_free(addr);
1213 	}
1214 	return;
1215     case 0xc500:		/* mov.w @(disp,GBR),R0 */
1216 	{
1217 	    TCGv addr = tcg_temp_new();
1218 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 2);
1219             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_TESW);
1220 	    tcg_temp_free(addr);
1221 	}
1222 	return;
1223     case 0xc600:		/* mov.l @(disp,GBR),R0 */
1224 	{
1225 	    TCGv addr = tcg_temp_new();
1226 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 4);
1227             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_TESL);
1228 	    tcg_temp_free(addr);
1229 	}
1230 	return;
1231     case 0xc000:		/* mov.b R0,@(disp,GBR) */
1232 	{
1233 	    TCGv addr = tcg_temp_new();
1234 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0);
1235             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_UB);
1236 	    tcg_temp_free(addr);
1237 	}
1238 	return;
1239     case 0xc100:		/* mov.w R0,@(disp,GBR) */
1240 	{
1241 	    TCGv addr = tcg_temp_new();
1242 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 2);
1243             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_TEUW);
1244 	    tcg_temp_free(addr);
1245 	}
1246 	return;
1247     case 0xc200:		/* mov.l R0,@(disp,GBR) */
1248 	{
1249 	    TCGv addr = tcg_temp_new();
1250 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 4);
1251             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_TEUL);
1252 	    tcg_temp_free(addr);
1253 	}
1254 	return;
1255     case 0x8000:		/* mov.b R0,@(disp,Rn) */
1256 	{
1257 	    TCGv addr = tcg_temp_new();
1258 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0);
1259             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_UB);
1260 	    tcg_temp_free(addr);
1261 	}
1262 	return;
1263     case 0x8100:		/* mov.w R0,@(disp,Rn) */
1264 	{
1265 	    TCGv addr = tcg_temp_new();
1266 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 2);
1267             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_TEUW);
1268 	    tcg_temp_free(addr);
1269 	}
1270 	return;
1271     case 0x8400:		/* mov.b @(disp,Rn),R0 */
1272 	{
1273 	    TCGv addr = tcg_temp_new();
1274 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0);
1275             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_SB);
1276 	    tcg_temp_free(addr);
1277 	}
1278 	return;
1279     case 0x8500:		/* mov.w @(disp,Rn),R0 */
1280 	{
1281 	    TCGv addr = tcg_temp_new();
1282 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 2);
1283             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_TESW);
1284 	    tcg_temp_free(addr);
1285 	}
1286 	return;
1287     case 0xc700:		/* mova @(disp,PC),R0 */
1288         tcg_gen_movi_i32(REG(0), ((ctx->base.pc_next & 0xfffffffc) +
1289                                   4 + B7_0 * 4) & ~3);
1290 	return;
1291     case 0xcb00:		/* or #imm,R0 */
1292 	tcg_gen_ori_i32(REG(0), REG(0), B7_0);
1293 	return;
1294     case 0xcf00:		/* or.b #imm,@(R0,GBR) */
1295 	{
1296 	    TCGv addr, val;
1297 	    addr = tcg_temp_new();
1298 	    tcg_gen_add_i32(addr, REG(0), cpu_gbr);
1299 	    val = tcg_temp_new();
1300             tcg_gen_qemu_ld_i32(val, addr, ctx->memidx, MO_UB);
1301 	    tcg_gen_ori_i32(val, val, B7_0);
1302             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_UB);
1303 	    tcg_temp_free(val);
1304 	    tcg_temp_free(addr);
1305 	}
1306 	return;
1307     case 0xc300:		/* trapa #imm */
1308 	{
1309 	    TCGv imm;
1310 	    CHECK_NOT_DELAY_SLOT
1311             gen_save_cpu_state(ctx, true);
1312 	    imm = tcg_const_i32(B7_0);
1313             gen_helper_trapa(cpu_env, imm);
1314 	    tcg_temp_free(imm);
1315             ctx->base.is_jmp = DISAS_NORETURN;
1316 	}
1317 	return;
1318     case 0xc800:		/* tst #imm,R0 */
1319 	{
1320 	    TCGv val = tcg_temp_new();
1321 	    tcg_gen_andi_i32(val, REG(0), B7_0);
1322             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
1323 	    tcg_temp_free(val);
1324 	}
1325 	return;
1326     case 0xcc00:		/* tst.b #imm,@(R0,GBR) */
1327 	{
1328 	    TCGv val = tcg_temp_new();
1329 	    tcg_gen_add_i32(val, REG(0), cpu_gbr);
1330             tcg_gen_qemu_ld_i32(val, val, ctx->memidx, MO_UB);
1331 	    tcg_gen_andi_i32(val, val, B7_0);
1332             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
1333 	    tcg_temp_free(val);
1334 	}
1335 	return;
1336     case 0xca00:		/* xor #imm,R0 */
1337 	tcg_gen_xori_i32(REG(0), REG(0), B7_0);
1338 	return;
1339     case 0xce00:		/* xor.b #imm,@(R0,GBR) */
1340 	{
1341 	    TCGv addr, val;
1342 	    addr = tcg_temp_new();
1343 	    tcg_gen_add_i32(addr, REG(0), cpu_gbr);
1344 	    val = tcg_temp_new();
1345             tcg_gen_qemu_ld_i32(val, addr, ctx->memidx, MO_UB);
1346 	    tcg_gen_xori_i32(val, val, B7_0);
1347             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_UB);
1348 	    tcg_temp_free(val);
1349 	    tcg_temp_free(addr);
1350 	}
1351 	return;
1352     }
1353 
1354     switch (ctx->opcode & 0xf08f) {
1355     case 0x408e:		/* ldc Rm,Rn_BANK */
1356 	CHECK_PRIVILEGED
1357 	tcg_gen_mov_i32(ALTREG(B6_4), REG(B11_8));
1358 	return;
1359     case 0x4087:		/* ldc.l @Rm+,Rn_BANK */
1360 	CHECK_PRIVILEGED
1361         tcg_gen_qemu_ld_i32(ALTREG(B6_4), REG(B11_8), ctx->memidx, MO_TESL);
1362 	tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1363 	return;
1364     case 0x0082:		/* stc Rm_BANK,Rn */
1365 	CHECK_PRIVILEGED
1366 	tcg_gen_mov_i32(REG(B11_8), ALTREG(B6_4));
1367 	return;
1368     case 0x4083:		/* stc.l Rm_BANK,@-Rn */
1369 	CHECK_PRIVILEGED
1370 	{
1371 	    TCGv addr = tcg_temp_new();
1372 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
1373             tcg_gen_qemu_st_i32(ALTREG(B6_4), addr, ctx->memidx, MO_TEUL);
1374 	    tcg_gen_mov_i32(REG(B11_8), addr);
1375 	    tcg_temp_free(addr);
1376 	}
1377 	return;
1378     }
1379 
1380     switch (ctx->opcode & 0xf0ff) {
1381     case 0x0023:		/* braf Rn */
1382 	CHECK_NOT_DELAY_SLOT
1383         tcg_gen_addi_i32(cpu_delayed_pc, REG(B11_8), ctx->base.pc_next + 4);
1384         ctx->envflags |= DELAY_SLOT;
1385 	ctx->delayed_pc = (uint32_t) - 1;
1386 	return;
1387     case 0x0003:		/* bsrf Rn */
1388 	CHECK_NOT_DELAY_SLOT
1389         tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
1390 	tcg_gen_add_i32(cpu_delayed_pc, REG(B11_8), cpu_pr);
1391         ctx->envflags |= DELAY_SLOT;
1392 	ctx->delayed_pc = (uint32_t) - 1;
1393 	return;
1394     case 0x4015:		/* cmp/pl Rn */
1395         tcg_gen_setcondi_i32(TCG_COND_GT, cpu_sr_t, REG(B11_8), 0);
1396 	return;
1397     case 0x4011:		/* cmp/pz Rn */
1398         tcg_gen_setcondi_i32(TCG_COND_GE, cpu_sr_t, REG(B11_8), 0);
1399 	return;
1400     case 0x4010:		/* dt Rn */
1401 	tcg_gen_subi_i32(REG(B11_8), REG(B11_8), 1);
1402         tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, REG(B11_8), 0);
1403 	return;
1404     case 0x402b:		/* jmp @Rn */
1405 	CHECK_NOT_DELAY_SLOT
1406 	tcg_gen_mov_i32(cpu_delayed_pc, REG(B11_8));
1407         ctx->envflags |= DELAY_SLOT;
1408 	ctx->delayed_pc = (uint32_t) - 1;
1409 	return;
1410     case 0x400b:		/* jsr @Rn */
1411 	CHECK_NOT_DELAY_SLOT
1412         tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
1413 	tcg_gen_mov_i32(cpu_delayed_pc, REG(B11_8));
1414         ctx->envflags |= DELAY_SLOT;
1415 	ctx->delayed_pc = (uint32_t) - 1;
1416 	return;
1417     case 0x400e:		/* ldc Rm,SR */
1418 	CHECK_PRIVILEGED
1419         {
1420             TCGv val = tcg_temp_new();
1421             tcg_gen_andi_i32(val, REG(B11_8), 0x700083f3);
1422             gen_write_sr(val);
1423             tcg_temp_free(val);
1424             ctx->base.is_jmp = DISAS_STOP;
1425         }
1426 	return;
1427     case 0x4007:		/* ldc.l @Rm+,SR */
1428 	CHECK_PRIVILEGED
1429 	{
1430 	    TCGv val = tcg_temp_new();
1431             tcg_gen_qemu_ld_i32(val, REG(B11_8), ctx->memidx, MO_TESL);
1432             tcg_gen_andi_i32(val, val, 0x700083f3);
1433             gen_write_sr(val);
1434 	    tcg_temp_free(val);
1435 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1436             ctx->base.is_jmp = DISAS_STOP;
1437 	}
1438 	return;
1439     case 0x0002:		/* stc SR,Rn */
1440 	CHECK_PRIVILEGED
1441         gen_read_sr(REG(B11_8));
1442 	return;
1443     case 0x4003:		/* stc SR,@-Rn */
1444 	CHECK_PRIVILEGED
1445 	{
1446 	    TCGv addr = tcg_temp_new();
1447             TCGv val = tcg_temp_new();
1448 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
1449             gen_read_sr(val);
1450             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_TEUL);
1451 	    tcg_gen_mov_i32(REG(B11_8), addr);
1452             tcg_temp_free(val);
1453 	    tcg_temp_free(addr);
1454 	}
1455 	return;
1456 #define LD(reg,ldnum,ldpnum,prechk)		\
1457   case ldnum:							\
1458     prechk    							\
1459     tcg_gen_mov_i32 (cpu_##reg, REG(B11_8));			\
1460     return;							\
1461   case ldpnum:							\
1462     prechk    							\
1463     tcg_gen_qemu_ld_i32(cpu_##reg, REG(B11_8), ctx->memidx, MO_TESL); \
1464     tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);		\
1465     return;
1466 #define ST(reg,stnum,stpnum,prechk)		\
1467   case stnum:							\
1468     prechk    							\
1469     tcg_gen_mov_i32 (REG(B11_8), cpu_##reg);			\
1470     return;							\
1471   case stpnum:							\
1472     prechk    							\
1473     {								\
1474 	TCGv addr = tcg_temp_new();				\
1475 	tcg_gen_subi_i32(addr, REG(B11_8), 4);			\
1476         tcg_gen_qemu_st_i32(cpu_##reg, addr, ctx->memidx, MO_TEUL); \
1477 	tcg_gen_mov_i32(REG(B11_8), addr);			\
1478 	tcg_temp_free(addr);					\
1479     }								\
1480     return;
1481 #define LDST(reg,ldnum,ldpnum,stnum,stpnum,prechk)		\
1482 	LD(reg,ldnum,ldpnum,prechk)				\
1483 	ST(reg,stnum,stpnum,prechk)
1484 	LDST(gbr,  0x401e, 0x4017, 0x0012, 0x4013, {})
1485 	LDST(vbr,  0x402e, 0x4027, 0x0022, 0x4023, CHECK_PRIVILEGED)
1486 	LDST(ssr,  0x403e, 0x4037, 0x0032, 0x4033, CHECK_PRIVILEGED)
1487 	LDST(spc,  0x404e, 0x4047, 0x0042, 0x4043, CHECK_PRIVILEGED)
1488 	ST(sgr,  0x003a, 0x4032, CHECK_PRIVILEGED)
1489         LD(sgr,  0x403a, 0x4036, CHECK_PRIVILEGED CHECK_SH4A)
1490 	LDST(dbr,  0x40fa, 0x40f6, 0x00fa, 0x40f2, CHECK_PRIVILEGED)
1491 	LDST(mach, 0x400a, 0x4006, 0x000a, 0x4002, {})
1492 	LDST(macl, 0x401a, 0x4016, 0x001a, 0x4012, {})
1493 	LDST(pr,   0x402a, 0x4026, 0x002a, 0x4022, {})
1494 	LDST(fpul, 0x405a, 0x4056, 0x005a, 0x4052, {CHECK_FPU_ENABLED})
1495     case 0x406a:		/* lds Rm,FPSCR */
1496 	CHECK_FPU_ENABLED
1497         gen_helper_ld_fpscr(cpu_env, REG(B11_8));
1498         ctx->base.is_jmp = DISAS_STOP;
1499 	return;
1500     case 0x4066:		/* lds.l @Rm+,FPSCR */
1501 	CHECK_FPU_ENABLED
1502 	{
1503 	    TCGv addr = tcg_temp_new();
1504             tcg_gen_qemu_ld_i32(addr, REG(B11_8), ctx->memidx, MO_TESL);
1505 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1506             gen_helper_ld_fpscr(cpu_env, addr);
1507 	    tcg_temp_free(addr);
1508             ctx->base.is_jmp = DISAS_STOP;
1509 	}
1510 	return;
1511     case 0x006a:		/* sts FPSCR,Rn */
1512 	CHECK_FPU_ENABLED
1513 	tcg_gen_andi_i32(REG(B11_8), cpu_fpscr, 0x003fffff);
1514 	return;
1515     case 0x4062:		/* sts FPSCR,@-Rn */
1516 	CHECK_FPU_ENABLED
1517 	{
1518 	    TCGv addr, val;
1519 	    val = tcg_temp_new();
1520 	    tcg_gen_andi_i32(val, cpu_fpscr, 0x003fffff);
1521 	    addr = tcg_temp_new();
1522 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
1523             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_TEUL);
1524 	    tcg_gen_mov_i32(REG(B11_8), addr);
1525 	    tcg_temp_free(addr);
1526 	    tcg_temp_free(val);
1527 	}
1528 	return;
1529     case 0x00c3:		/* movca.l R0,@Rm */
1530         {
1531             TCGv val = tcg_temp_new();
1532             tcg_gen_qemu_ld_i32(val, REG(B11_8), ctx->memidx, MO_TEUL);
1533             gen_helper_movcal(cpu_env, REG(B11_8), val);
1534             tcg_gen_qemu_st_i32(REG(0), REG(B11_8), ctx->memidx, MO_TEUL);
1535             tcg_temp_free(val);
1536         }
1537         ctx->has_movcal = 1;
1538 	return;
1539     case 0x40a9:                /* movua.l @Rm,R0 */
1540         CHECK_SH4A
1541         /* Load non-boundary-aligned data */
1542         tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx,
1543                             MO_TEUL | MO_UNALN);
1544         return;
1545         break;
1546     case 0x40e9:                /* movua.l @Rm+,R0 */
1547         CHECK_SH4A
1548         /* Load non-boundary-aligned data */
1549         tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx,
1550                             MO_TEUL | MO_UNALN);
1551         tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1552         return;
1553         break;
1554     case 0x0029:		/* movt Rn */
1555         tcg_gen_mov_i32(REG(B11_8), cpu_sr_t);
1556 	return;
1557     case 0x0073:
1558         /* MOVCO.L
1559          *     LDST -> T
1560          *     If (T == 1) R0 -> (Rn)
1561          *     0 -> LDST
1562          *
1563          * The above description doesn't work in a parallel context.
1564          * Since we currently support no smp boards, this implies user-mode.
1565          * But we can still support the official mechanism while user-mode
1566          * is single-threaded.  */
1567         CHECK_SH4A
1568         {
1569             TCGLabel *fail = gen_new_label();
1570             TCGLabel *done = gen_new_label();
1571 
1572             if ((tb_cflags(ctx->base.tb) & CF_PARALLEL)) {
1573                 TCGv tmp;
1574 
1575                 tcg_gen_brcond_i32(TCG_COND_NE, REG(B11_8),
1576                                    cpu_lock_addr, fail);
1577                 tmp = tcg_temp_new();
1578                 tcg_gen_atomic_cmpxchg_i32(tmp, REG(B11_8), cpu_lock_value,
1579                                            REG(0), ctx->memidx, MO_TEUL);
1580                 tcg_gen_setcond_i32(TCG_COND_EQ, cpu_sr_t, tmp, cpu_lock_value);
1581                 tcg_temp_free(tmp);
1582             } else {
1583                 tcg_gen_brcondi_i32(TCG_COND_EQ, cpu_lock_addr, -1, fail);
1584                 tcg_gen_qemu_st_i32(REG(0), REG(B11_8), ctx->memidx, MO_TEUL);
1585                 tcg_gen_movi_i32(cpu_sr_t, 1);
1586             }
1587             tcg_gen_br(done);
1588 
1589             gen_set_label(fail);
1590             tcg_gen_movi_i32(cpu_sr_t, 0);
1591 
1592             gen_set_label(done);
1593             tcg_gen_movi_i32(cpu_lock_addr, -1);
1594         }
1595         return;
1596     case 0x0063:
1597         /* MOVLI.L @Rm,R0
1598          *     1 -> LDST
1599          *     (Rm) -> R0
1600          *     When interrupt/exception
1601          *     occurred 0 -> LDST
1602          *
1603          * In a parallel context, we must also save the loaded value
1604          * for use with the cmpxchg that we'll use with movco.l.  */
1605         CHECK_SH4A
1606         if ((tb_cflags(ctx->base.tb) & CF_PARALLEL)) {
1607             TCGv tmp = tcg_temp_new();
1608             tcg_gen_mov_i32(tmp, REG(B11_8));
1609             tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx, MO_TESL);
1610             tcg_gen_mov_i32(cpu_lock_value, REG(0));
1611             tcg_gen_mov_i32(cpu_lock_addr, tmp);
1612             tcg_temp_free(tmp);
1613         } else {
1614             tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx, MO_TESL);
1615             tcg_gen_movi_i32(cpu_lock_addr, 0);
1616         }
1617         return;
1618     case 0x0093:		/* ocbi @Rn */
1619 	{
1620             gen_helper_ocbi(cpu_env, REG(B11_8));
1621 	}
1622 	return;
1623     case 0x00a3:		/* ocbp @Rn */
1624     case 0x00b3:		/* ocbwb @Rn */
1625         /* These instructions are supposed to do nothing in case of
1626            a cache miss. Given that we only partially emulate caches
1627            it is safe to simply ignore them. */
1628 	return;
1629     case 0x0083:		/* pref @Rn */
1630 	return;
1631     case 0x00d3:		/* prefi @Rn */
1632         CHECK_SH4A
1633         return;
1634     case 0x00e3:		/* icbi @Rn */
1635         CHECK_SH4A
1636         return;
1637     case 0x00ab:		/* synco */
1638         CHECK_SH4A
1639         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
1640         return;
1641         break;
1642     case 0x4024:		/* rotcl Rn */
1643 	{
1644 	    TCGv tmp = tcg_temp_new();
1645             tcg_gen_mov_i32(tmp, cpu_sr_t);
1646             tcg_gen_shri_i32(cpu_sr_t, REG(B11_8), 31);
1647 	    tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 1);
1648             tcg_gen_or_i32(REG(B11_8), REG(B11_8), tmp);
1649 	    tcg_temp_free(tmp);
1650 	}
1651 	return;
1652     case 0x4025:		/* rotcr Rn */
1653 	{
1654 	    TCGv tmp = tcg_temp_new();
1655             tcg_gen_shli_i32(tmp, cpu_sr_t, 31);
1656             tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 1);
1657 	    tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 1);
1658             tcg_gen_or_i32(REG(B11_8), REG(B11_8), tmp);
1659 	    tcg_temp_free(tmp);
1660 	}
1661 	return;
1662     case 0x4004:		/* rotl Rn */
1663 	tcg_gen_rotli_i32(REG(B11_8), REG(B11_8), 1);
1664         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 0);
1665 	return;
1666     case 0x4005:		/* rotr Rn */
1667         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 0);
1668 	tcg_gen_rotri_i32(REG(B11_8), REG(B11_8), 1);
1669 	return;
1670     case 0x4000:		/* shll Rn */
1671     case 0x4020:		/* shal Rn */
1672         tcg_gen_shri_i32(cpu_sr_t, REG(B11_8), 31);
1673 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 1);
1674 	return;
1675     case 0x4021:		/* shar Rn */
1676         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 1);
1677 	tcg_gen_sari_i32(REG(B11_8), REG(B11_8), 1);
1678 	return;
1679     case 0x4001:		/* shlr Rn */
1680         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 1);
1681 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 1);
1682 	return;
1683     case 0x4008:		/* shll2 Rn */
1684 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 2);
1685 	return;
1686     case 0x4018:		/* shll8 Rn */
1687 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 8);
1688 	return;
1689     case 0x4028:		/* shll16 Rn */
1690 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 16);
1691 	return;
1692     case 0x4009:		/* shlr2 Rn */
1693 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 2);
1694 	return;
1695     case 0x4019:		/* shlr8 Rn */
1696 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 8);
1697 	return;
1698     case 0x4029:		/* shlr16 Rn */
1699 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 16);
1700 	return;
1701     case 0x401b:		/* tas.b @Rn */
1702         {
1703             TCGv val = tcg_const_i32(0x80);
1704             tcg_gen_atomic_fetch_or_i32(val, REG(B11_8), val,
1705                                         ctx->memidx, MO_UB);
1706             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
1707             tcg_temp_free(val);
1708         }
1709         return;
1710     case 0xf00d: /* fsts FPUL,FRn - FPSCR: Nothing */
1711 	CHECK_FPU_ENABLED
1712         tcg_gen_mov_i32(FREG(B11_8), cpu_fpul);
1713 	return;
1714     case 0xf01d: /* flds FRm,FPUL - FPSCR: Nothing */
1715 	CHECK_FPU_ENABLED
1716         tcg_gen_mov_i32(cpu_fpul, FREG(B11_8));
1717 	return;
1718     case 0xf02d: /* float FPUL,FRn/DRn - FPSCR: R[PR,Enable.I]/W[Cause,Flag] */
1719 	CHECK_FPU_ENABLED
1720         if (ctx->tbflags & FPSCR_PR) {
1721 	    TCGv_i64 fp;
1722             if (ctx->opcode & 0x0100) {
1723                 goto do_illegal;
1724             }
1725 	    fp = tcg_temp_new_i64();
1726             gen_helper_float_DT(fp, cpu_env, cpu_fpul);
1727             gen_store_fpr64(ctx, fp, B11_8);
1728 	    tcg_temp_free_i64(fp);
1729 	}
1730 	else {
1731             gen_helper_float_FT(FREG(B11_8), cpu_env, cpu_fpul);
1732 	}
1733 	return;
1734     case 0xf03d: /* ftrc FRm/DRm,FPUL - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
1735 	CHECK_FPU_ENABLED
1736         if (ctx->tbflags & FPSCR_PR) {
1737 	    TCGv_i64 fp;
1738             if (ctx->opcode & 0x0100) {
1739                 goto do_illegal;
1740             }
1741 	    fp = tcg_temp_new_i64();
1742             gen_load_fpr64(ctx, fp, B11_8);
1743             gen_helper_ftrc_DT(cpu_fpul, cpu_env, fp);
1744 	    tcg_temp_free_i64(fp);
1745 	}
1746 	else {
1747             gen_helper_ftrc_FT(cpu_fpul, cpu_env, FREG(B11_8));
1748 	}
1749 	return;
1750     case 0xf04d: /* fneg FRn/DRn - FPSCR: Nothing */
1751 	CHECK_FPU_ENABLED
1752         tcg_gen_xori_i32(FREG(B11_8), FREG(B11_8), 0x80000000);
1753 	return;
1754     case 0xf05d: /* fabs FRn/DRn - FPCSR: Nothing */
1755 	CHECK_FPU_ENABLED
1756         tcg_gen_andi_i32(FREG(B11_8), FREG(B11_8), 0x7fffffff);
1757 	return;
1758     case 0xf06d: /* fsqrt FRn */
1759 	CHECK_FPU_ENABLED
1760         if (ctx->tbflags & FPSCR_PR) {
1761             if (ctx->opcode & 0x0100) {
1762                 goto do_illegal;
1763             }
1764 	    TCGv_i64 fp = tcg_temp_new_i64();
1765             gen_load_fpr64(ctx, fp, B11_8);
1766             gen_helper_fsqrt_DT(fp, cpu_env, fp);
1767             gen_store_fpr64(ctx, fp, B11_8);
1768 	    tcg_temp_free_i64(fp);
1769 	} else {
1770             gen_helper_fsqrt_FT(FREG(B11_8), cpu_env, FREG(B11_8));
1771 	}
1772 	return;
1773     case 0xf07d: /* fsrra FRn */
1774 	CHECK_FPU_ENABLED
1775         CHECK_FPSCR_PR_0
1776         gen_helper_fsrra_FT(FREG(B11_8), cpu_env, FREG(B11_8));
1777 	break;
1778     case 0xf08d: /* fldi0 FRn - FPSCR: R[PR] */
1779 	CHECK_FPU_ENABLED
1780         CHECK_FPSCR_PR_0
1781         tcg_gen_movi_i32(FREG(B11_8), 0);
1782         return;
1783     case 0xf09d: /* fldi1 FRn - FPSCR: R[PR] */
1784 	CHECK_FPU_ENABLED
1785         CHECK_FPSCR_PR_0
1786         tcg_gen_movi_i32(FREG(B11_8), 0x3f800000);
1787         return;
1788     case 0xf0ad: /* fcnvsd FPUL,DRn */
1789 	CHECK_FPU_ENABLED
1790 	{
1791 	    TCGv_i64 fp = tcg_temp_new_i64();
1792             gen_helper_fcnvsd_FT_DT(fp, cpu_env, cpu_fpul);
1793             gen_store_fpr64(ctx, fp, B11_8);
1794 	    tcg_temp_free_i64(fp);
1795 	}
1796 	return;
1797     case 0xf0bd: /* fcnvds DRn,FPUL */
1798 	CHECK_FPU_ENABLED
1799 	{
1800 	    TCGv_i64 fp = tcg_temp_new_i64();
1801             gen_load_fpr64(ctx, fp, B11_8);
1802             gen_helper_fcnvds_DT_FT(cpu_fpul, cpu_env, fp);
1803 	    tcg_temp_free_i64(fp);
1804 	}
1805 	return;
1806     case 0xf0ed: /* fipr FVm,FVn */
1807         CHECK_FPU_ENABLED
1808         CHECK_FPSCR_PR_1
1809         {
1810             TCGv m = tcg_const_i32((ctx->opcode >> 8) & 3);
1811             TCGv n = tcg_const_i32((ctx->opcode >> 10) & 3);
1812             gen_helper_fipr(cpu_env, m, n);
1813             tcg_temp_free(m);
1814             tcg_temp_free(n);
1815             return;
1816         }
1817         break;
1818     case 0xf0fd: /* ftrv XMTRX,FVn */
1819         CHECK_FPU_ENABLED
1820         CHECK_FPSCR_PR_1
1821         {
1822             if ((ctx->opcode & 0x0300) != 0x0100) {
1823                 goto do_illegal;
1824             }
1825             TCGv n = tcg_const_i32((ctx->opcode >> 10) & 3);
1826             gen_helper_ftrv(cpu_env, n);
1827             tcg_temp_free(n);
1828             return;
1829         }
1830         break;
1831     }
1832 #if 0
1833     fprintf(stderr, "unknown instruction 0x%04x at pc 0x%08x\n",
1834             ctx->opcode, ctx->base.pc_next);
1835     fflush(stderr);
1836 #endif
1837  do_illegal:
1838     if (ctx->envflags & DELAY_SLOT_MASK) {
1839  do_illegal_slot:
1840         gen_save_cpu_state(ctx, true);
1841         gen_helper_raise_slot_illegal_instruction(cpu_env);
1842     } else {
1843         gen_save_cpu_state(ctx, true);
1844         gen_helper_raise_illegal_instruction(cpu_env);
1845     }
1846     ctx->base.is_jmp = DISAS_NORETURN;
1847     return;
1848 
1849  do_fpu_disabled:
1850     gen_save_cpu_state(ctx, true);
1851     if (ctx->envflags & DELAY_SLOT_MASK) {
1852         gen_helper_raise_slot_fpu_disable(cpu_env);
1853     } else {
1854         gen_helper_raise_fpu_disable(cpu_env);
1855     }
1856     ctx->base.is_jmp = DISAS_NORETURN;
1857     return;
1858 }
1859 
1860 static void decode_opc(DisasContext * ctx)
1861 {
1862     uint32_t old_flags = ctx->envflags;
1863 
1864     _decode_opc(ctx);
1865 
1866     if (old_flags & DELAY_SLOT_MASK) {
1867         /* go out of the delay slot */
1868         ctx->envflags &= ~DELAY_SLOT_MASK;
1869 
1870         /* When in an exclusive region, we must continue to the end
1871            for conditional branches.  */
1872         if (ctx->tbflags & GUSA_EXCLUSIVE
1873             && old_flags & DELAY_SLOT_CONDITIONAL) {
1874             gen_delayed_conditional_jump(ctx);
1875             return;
1876         }
1877         /* Otherwise this is probably an invalid gUSA region.
1878            Drop the GUSA bits so the next TB doesn't see them.  */
1879         ctx->envflags &= ~GUSA_MASK;
1880 
1881         tcg_gen_movi_i32(cpu_flags, ctx->envflags);
1882         if (old_flags & DELAY_SLOT_CONDITIONAL) {
1883 	    gen_delayed_conditional_jump(ctx);
1884         } else {
1885             gen_jump(ctx);
1886 	}
1887     }
1888 }
1889 
1890 #ifdef CONFIG_USER_ONLY
1891 /* For uniprocessors, SH4 uses optimistic restartable atomic sequences.
1892    Upon an interrupt, a real kernel would simply notice magic values in
1893    the registers and reset the PC to the start of the sequence.
1894 
1895    For QEMU, we cannot do this in quite the same way.  Instead, we notice
1896    the normal start of such a sequence (mov #-x,r15).  While we can handle
1897    any sequence via cpu_exec_step_atomic, we can recognize the "normal"
1898    sequences and transform them into atomic operations as seen by the host.
1899 */
1900 static void decode_gusa(DisasContext *ctx, CPUSH4State *env)
1901 {
1902     uint16_t insns[5];
1903     int ld_adr, ld_dst, ld_mop;
1904     int op_dst, op_src, op_opc;
1905     int mv_src, mt_dst, st_src, st_mop;
1906     TCGv op_arg;
1907     uint32_t pc = ctx->base.pc_next;
1908     uint32_t pc_end = ctx->base.tb->cs_base;
1909     int max_insns = (pc_end - pc) / 2;
1910     int i;
1911 
1912     /* The state machine below will consume only a few insns.
1913        If there are more than that in a region, fail now.  */
1914     if (max_insns > ARRAY_SIZE(insns)) {
1915         goto fail;
1916     }
1917 
1918     /* Read all of the insns for the region.  */
1919     for (i = 0; i < max_insns; ++i) {
1920         insns[i] = translator_lduw(env, pc + i * 2);
1921     }
1922 
1923     ld_adr = ld_dst = ld_mop = -1;
1924     mv_src = -1;
1925     op_dst = op_src = op_opc = -1;
1926     mt_dst = -1;
1927     st_src = st_mop = -1;
1928     op_arg = NULL;
1929     i = 0;
1930 
1931 #define NEXT_INSN \
1932     do { if (i >= max_insns) goto fail; ctx->opcode = insns[i++]; } while (0)
1933 
1934     /*
1935      * Expect a load to begin the region.
1936      */
1937     NEXT_INSN;
1938     switch (ctx->opcode & 0xf00f) {
1939     case 0x6000: /* mov.b @Rm,Rn */
1940         ld_mop = MO_SB;
1941         break;
1942     case 0x6001: /* mov.w @Rm,Rn */
1943         ld_mop = MO_TESW;
1944         break;
1945     case 0x6002: /* mov.l @Rm,Rn */
1946         ld_mop = MO_TESL;
1947         break;
1948     default:
1949         goto fail;
1950     }
1951     ld_adr = B7_4;
1952     ld_dst = B11_8;
1953     if (ld_adr == ld_dst) {
1954         goto fail;
1955     }
1956     /* Unless we see a mov, any two-operand operation must use ld_dst.  */
1957     op_dst = ld_dst;
1958 
1959     /*
1960      * Expect an optional register move.
1961      */
1962     NEXT_INSN;
1963     switch (ctx->opcode & 0xf00f) {
1964     case 0x6003: /* mov Rm,Rn */
1965         /* Here we want to recognize ld_dst being saved for later consumtion,
1966            or for another input register being copied so that ld_dst need not
1967            be clobbered during the operation.  */
1968         op_dst = B11_8;
1969         mv_src = B7_4;
1970         if (op_dst == ld_dst) {
1971             /* Overwriting the load output.  */
1972             goto fail;
1973         }
1974         if (mv_src != ld_dst) {
1975             /* Copying a new input; constrain op_src to match the load.  */
1976             op_src = ld_dst;
1977         }
1978         break;
1979 
1980     default:
1981         /* Put back and re-examine as operation.  */
1982         --i;
1983     }
1984 
1985     /*
1986      * Expect the operation.
1987      */
1988     NEXT_INSN;
1989     switch (ctx->opcode & 0xf00f) {
1990     case 0x300c: /* add Rm,Rn */
1991         op_opc = INDEX_op_add_i32;
1992         goto do_reg_op;
1993     case 0x2009: /* and Rm,Rn */
1994         op_opc = INDEX_op_and_i32;
1995         goto do_reg_op;
1996     case 0x200a: /* xor Rm,Rn */
1997         op_opc = INDEX_op_xor_i32;
1998         goto do_reg_op;
1999     case 0x200b: /* or Rm,Rn */
2000         op_opc = INDEX_op_or_i32;
2001     do_reg_op:
2002         /* The operation register should be as expected, and the
2003            other input cannot depend on the load.  */
2004         if (op_dst != B11_8) {
2005             goto fail;
2006         }
2007         if (op_src < 0) {
2008             /* Unconstrainted input.  */
2009             op_src = B7_4;
2010         } else if (op_src == B7_4) {
2011             /* Constrained input matched load.  All operations are
2012                commutative; "swap" them by "moving" the load output
2013                to the (implicit) first argument and the move source
2014                to the (explicit) second argument.  */
2015             op_src = mv_src;
2016         } else {
2017             goto fail;
2018         }
2019         op_arg = REG(op_src);
2020         break;
2021 
2022     case 0x6007: /* not Rm,Rn */
2023         if (ld_dst != B7_4 || mv_src >= 0) {
2024             goto fail;
2025         }
2026         op_dst = B11_8;
2027         op_opc = INDEX_op_xor_i32;
2028         op_arg = tcg_const_i32(-1);
2029         break;
2030 
2031     case 0x7000 ... 0x700f: /* add #imm,Rn */
2032         if (op_dst != B11_8 || mv_src >= 0) {
2033             goto fail;
2034         }
2035         op_opc = INDEX_op_add_i32;
2036         op_arg = tcg_const_i32(B7_0s);
2037         break;
2038 
2039     case 0x3000: /* cmp/eq Rm,Rn */
2040         /* Looking for the middle of a compare-and-swap sequence,
2041            beginning with the compare.  Operands can be either order,
2042            but with only one overlapping the load.  */
2043         if ((ld_dst == B11_8) + (ld_dst == B7_4) != 1 || mv_src >= 0) {
2044             goto fail;
2045         }
2046         op_opc = INDEX_op_setcond_i32;  /* placeholder */
2047         op_src = (ld_dst == B11_8 ? B7_4 : B11_8);
2048         op_arg = REG(op_src);
2049 
2050         NEXT_INSN;
2051         switch (ctx->opcode & 0xff00) {
2052         case 0x8b00: /* bf label */
2053         case 0x8f00: /* bf/s label */
2054             if (pc + (i + 1 + B7_0s) * 2 != pc_end) {
2055                 goto fail;
2056             }
2057             if ((ctx->opcode & 0xff00) == 0x8b00) { /* bf label */
2058                 break;
2059             }
2060             /* We're looking to unconditionally modify Rn with the
2061                result of the comparison, within the delay slot of
2062                the branch.  This is used by older gcc.  */
2063             NEXT_INSN;
2064             if ((ctx->opcode & 0xf0ff) == 0x0029) { /* movt Rn */
2065                 mt_dst = B11_8;
2066             } else {
2067                 goto fail;
2068             }
2069             break;
2070 
2071         default:
2072             goto fail;
2073         }
2074         break;
2075 
2076     case 0x2008: /* tst Rm,Rn */
2077         /* Looking for a compare-and-swap against zero.  */
2078         if (ld_dst != B11_8 || ld_dst != B7_4 || mv_src >= 0) {
2079             goto fail;
2080         }
2081         op_opc = INDEX_op_setcond_i32;
2082         op_arg = tcg_const_i32(0);
2083 
2084         NEXT_INSN;
2085         if ((ctx->opcode & 0xff00) != 0x8900 /* bt label */
2086             || pc + (i + 1 + B7_0s) * 2 != pc_end) {
2087             goto fail;
2088         }
2089         break;
2090 
2091     default:
2092         /* Put back and re-examine as store.  */
2093         --i;
2094     }
2095 
2096     /*
2097      * Expect the store.
2098      */
2099     /* The store must be the last insn.  */
2100     if (i != max_insns - 1) {
2101         goto fail;
2102     }
2103     NEXT_INSN;
2104     switch (ctx->opcode & 0xf00f) {
2105     case 0x2000: /* mov.b Rm,@Rn */
2106         st_mop = MO_UB;
2107         break;
2108     case 0x2001: /* mov.w Rm,@Rn */
2109         st_mop = MO_UW;
2110         break;
2111     case 0x2002: /* mov.l Rm,@Rn */
2112         st_mop = MO_UL;
2113         break;
2114     default:
2115         goto fail;
2116     }
2117     /* The store must match the load.  */
2118     if (ld_adr != B11_8 || st_mop != (ld_mop & MO_SIZE)) {
2119         goto fail;
2120     }
2121     st_src = B7_4;
2122 
2123 #undef NEXT_INSN
2124 
2125     /*
2126      * Emit the operation.
2127      */
2128     switch (op_opc) {
2129     case -1:
2130         /* No operation found.  Look for exchange pattern.  */
2131         if (st_src == ld_dst || mv_src >= 0) {
2132             goto fail;
2133         }
2134         tcg_gen_atomic_xchg_i32(REG(ld_dst), REG(ld_adr), REG(st_src),
2135                                 ctx->memidx, ld_mop);
2136         break;
2137 
2138     case INDEX_op_add_i32:
2139         if (op_dst != st_src) {
2140             goto fail;
2141         }
2142         if (op_dst == ld_dst && st_mop == MO_UL) {
2143             tcg_gen_atomic_add_fetch_i32(REG(ld_dst), REG(ld_adr),
2144                                          op_arg, ctx->memidx, ld_mop);
2145         } else {
2146             tcg_gen_atomic_fetch_add_i32(REG(ld_dst), REG(ld_adr),
2147                                          op_arg, ctx->memidx, ld_mop);
2148             if (op_dst != ld_dst) {
2149                 /* Note that mop sizes < 4 cannot use add_fetch
2150                    because it won't carry into the higher bits.  */
2151                 tcg_gen_add_i32(REG(op_dst), REG(ld_dst), op_arg);
2152             }
2153         }
2154         break;
2155 
2156     case INDEX_op_and_i32:
2157         if (op_dst != st_src) {
2158             goto fail;
2159         }
2160         if (op_dst == ld_dst) {
2161             tcg_gen_atomic_and_fetch_i32(REG(ld_dst), REG(ld_adr),
2162                                          op_arg, ctx->memidx, ld_mop);
2163         } else {
2164             tcg_gen_atomic_fetch_and_i32(REG(ld_dst), REG(ld_adr),
2165                                          op_arg, ctx->memidx, ld_mop);
2166             tcg_gen_and_i32(REG(op_dst), REG(ld_dst), op_arg);
2167         }
2168         break;
2169 
2170     case INDEX_op_or_i32:
2171         if (op_dst != st_src) {
2172             goto fail;
2173         }
2174         if (op_dst == ld_dst) {
2175             tcg_gen_atomic_or_fetch_i32(REG(ld_dst), REG(ld_adr),
2176                                         op_arg, ctx->memidx, ld_mop);
2177         } else {
2178             tcg_gen_atomic_fetch_or_i32(REG(ld_dst), REG(ld_adr),
2179                                         op_arg, ctx->memidx, ld_mop);
2180             tcg_gen_or_i32(REG(op_dst), REG(ld_dst), op_arg);
2181         }
2182         break;
2183 
2184     case INDEX_op_xor_i32:
2185         if (op_dst != st_src) {
2186             goto fail;
2187         }
2188         if (op_dst == ld_dst) {
2189             tcg_gen_atomic_xor_fetch_i32(REG(ld_dst), REG(ld_adr),
2190                                          op_arg, ctx->memidx, ld_mop);
2191         } else {
2192             tcg_gen_atomic_fetch_xor_i32(REG(ld_dst), REG(ld_adr),
2193                                          op_arg, ctx->memidx, ld_mop);
2194             tcg_gen_xor_i32(REG(op_dst), REG(ld_dst), op_arg);
2195         }
2196         break;
2197 
2198     case INDEX_op_setcond_i32:
2199         if (st_src == ld_dst) {
2200             goto fail;
2201         }
2202         tcg_gen_atomic_cmpxchg_i32(REG(ld_dst), REG(ld_adr), op_arg,
2203                                    REG(st_src), ctx->memidx, ld_mop);
2204         tcg_gen_setcond_i32(TCG_COND_EQ, cpu_sr_t, REG(ld_dst), op_arg);
2205         if (mt_dst >= 0) {
2206             tcg_gen_mov_i32(REG(mt_dst), cpu_sr_t);
2207         }
2208         break;
2209 
2210     default:
2211         g_assert_not_reached();
2212     }
2213 
2214     /* If op_src is not a valid register, then op_arg was a constant.  */
2215     if (op_src < 0 && op_arg) {
2216         tcg_temp_free_i32(op_arg);
2217     }
2218 
2219     /* The entire region has been translated.  */
2220     ctx->envflags &= ~GUSA_MASK;
2221     ctx->base.pc_next = pc_end;
2222     ctx->base.num_insns += max_insns - 1;
2223     return;
2224 
2225  fail:
2226     qemu_log_mask(LOG_UNIMP, "Unrecognized gUSA sequence %08x-%08x\n",
2227                   pc, pc_end);
2228 
2229     /* Restart with the EXCLUSIVE bit set, within a TB run via
2230        cpu_exec_step_atomic holding the exclusive lock.  */
2231     ctx->envflags |= GUSA_EXCLUSIVE;
2232     gen_save_cpu_state(ctx, false);
2233     gen_helper_exclusive(cpu_env);
2234     ctx->base.is_jmp = DISAS_NORETURN;
2235 
2236     /* We're not executing an instruction, but we must report one for the
2237        purposes of accounting within the TB.  We might as well report the
2238        entire region consumed via ctx->base.pc_next so that it's immediately
2239        available in the disassembly dump.  */
2240     ctx->base.pc_next = pc_end;
2241     ctx->base.num_insns += max_insns - 1;
2242 }
2243 #endif
2244 
2245 static void sh4_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
2246 {
2247     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2248     CPUSH4State *env = cs->env_ptr;
2249     uint32_t tbflags;
2250     int bound;
2251 
2252     ctx->tbflags = tbflags = ctx->base.tb->flags;
2253     ctx->envflags = tbflags & TB_FLAG_ENVFLAGS_MASK;
2254     ctx->memidx = (tbflags & (1u << SR_MD)) == 0 ? 1 : 0;
2255     /* We don't know if the delayed pc came from a dynamic or static branch,
2256        so assume it is a dynamic branch.  */
2257     ctx->delayed_pc = -1; /* use delayed pc from env pointer */
2258     ctx->features = env->features;
2259     ctx->has_movcal = (tbflags & TB_FLAG_PENDING_MOVCA);
2260     ctx->gbank = ((tbflags & (1 << SR_MD)) &&
2261                   (tbflags & (1 << SR_RB))) * 0x10;
2262     ctx->fbank = tbflags & FPSCR_FR ? 0x10 : 0;
2263 
2264     if (tbflags & GUSA_MASK) {
2265         uint32_t pc = ctx->base.pc_next;
2266         uint32_t pc_end = ctx->base.tb->cs_base;
2267         int backup = sextract32(ctx->tbflags, GUSA_SHIFT, 8);
2268         int max_insns = (pc_end - pc) / 2;
2269 
2270         if (pc != pc_end + backup || max_insns < 2) {
2271             /* This is a malformed gUSA region.  Don't do anything special,
2272                since the interpreter is likely to get confused.  */
2273             ctx->envflags &= ~GUSA_MASK;
2274         } else if (tbflags & GUSA_EXCLUSIVE) {
2275             /* Regardless of single-stepping or the end of the page,
2276                we must complete execution of the gUSA region while
2277                holding the exclusive lock.  */
2278             ctx->base.max_insns = max_insns;
2279             return;
2280         }
2281     }
2282 
2283     /* Since the ISA is fixed-width, we can bound by the number
2284        of instructions remaining on the page.  */
2285     bound = -(ctx->base.pc_next | TARGET_PAGE_MASK) / 2;
2286     ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
2287 }
2288 
2289 static void sh4_tr_tb_start(DisasContextBase *dcbase, CPUState *cs)
2290 {
2291 }
2292 
2293 static void sh4_tr_insn_start(DisasContextBase *dcbase, CPUState *cs)
2294 {
2295     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2296 
2297     tcg_gen_insn_start(ctx->base.pc_next, ctx->envflags);
2298 }
2299 
2300 static bool sh4_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cs,
2301                                     const CPUBreakpoint *bp)
2302 {
2303     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2304 
2305     /* We have hit a breakpoint - make sure PC is up-to-date */
2306     gen_save_cpu_state(ctx, true);
2307     gen_helper_debug(cpu_env);
2308     ctx->base.is_jmp = DISAS_NORETURN;
2309     /* The address covered by the breakpoint must be included in
2310        [tb->pc, tb->pc + tb->size) in order to for it to be
2311        properly cleared -- thus we increment the PC here so that
2312        the logic setting tb->size below does the right thing.  */
2313     ctx->base.pc_next += 2;
2314     return true;
2315 }
2316 
2317 static void sh4_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs)
2318 {
2319     CPUSH4State *env = cs->env_ptr;
2320     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2321 
2322 #ifdef CONFIG_USER_ONLY
2323     if (unlikely(ctx->envflags & GUSA_MASK)
2324         && !(ctx->envflags & GUSA_EXCLUSIVE)) {
2325         /* We're in an gUSA region, and we have not already fallen
2326            back on using an exclusive region.  Attempt to parse the
2327            region into a single supported atomic operation.  Failure
2328            is handled within the parser by raising an exception to
2329            retry using an exclusive region.  */
2330         decode_gusa(ctx, env);
2331         return;
2332     }
2333 #endif
2334 
2335     ctx->opcode = translator_lduw(env, ctx->base.pc_next);
2336     decode_opc(ctx);
2337     ctx->base.pc_next += 2;
2338 }
2339 
2340 static void sh4_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
2341 {
2342     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2343 
2344     if (ctx->tbflags & GUSA_EXCLUSIVE) {
2345         /* Ending the region of exclusivity.  Clear the bits.  */
2346         ctx->envflags &= ~GUSA_MASK;
2347     }
2348 
2349     switch (ctx->base.is_jmp) {
2350     case DISAS_STOP:
2351         gen_save_cpu_state(ctx, true);
2352         if (ctx->base.singlestep_enabled) {
2353             gen_helper_debug(cpu_env);
2354         } else {
2355             tcg_gen_exit_tb(NULL, 0);
2356         }
2357         break;
2358     case DISAS_NEXT:
2359     case DISAS_TOO_MANY:
2360         gen_save_cpu_state(ctx, false);
2361         gen_goto_tb(ctx, 0, ctx->base.pc_next);
2362         break;
2363     case DISAS_NORETURN:
2364         break;
2365     default:
2366         g_assert_not_reached();
2367     }
2368 }
2369 
2370 static void sh4_tr_disas_log(const DisasContextBase *dcbase, CPUState *cs)
2371 {
2372     qemu_log("IN:\n");  /* , lookup_symbol(dcbase->pc_first)); */
2373     log_target_disas(cs, dcbase->pc_first, dcbase->tb->size);
2374 }
2375 
2376 static const TranslatorOps sh4_tr_ops = {
2377     .init_disas_context = sh4_tr_init_disas_context,
2378     .tb_start           = sh4_tr_tb_start,
2379     .insn_start         = sh4_tr_insn_start,
2380     .breakpoint_check   = sh4_tr_breakpoint_check,
2381     .translate_insn     = sh4_tr_translate_insn,
2382     .tb_stop            = sh4_tr_tb_stop,
2383     .disas_log          = sh4_tr_disas_log,
2384 };
2385 
2386 void gen_intermediate_code(CPUState *cs, TranslationBlock *tb, int max_insns)
2387 {
2388     DisasContext ctx;
2389 
2390     translator_loop(&sh4_tr_ops, &ctx.base, cs, tb, max_insns);
2391 }
2392 
2393 void restore_state_to_opc(CPUSH4State *env, TranslationBlock *tb,
2394                           target_ulong *data)
2395 {
2396     env->pc = data[0];
2397     env->flags = data[1];
2398     /* Theoretically delayed_pc should also be restored. In practice the
2399        branch instruction is re-executed after exception, so the delayed
2400        branch target will be recomputed. */
2401 }
2402