xref: /openbmc/qemu/target/sh4/translate.c (revision e8d1e0cd)
1 /*
2  *  SH4 translation
3  *
4  *  Copyright (c) 2005 Samuel Tardieu
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #define DEBUG_DISAS
21 
22 #include "qemu/osdep.h"
23 #include "cpu.h"
24 #include "disas/disas.h"
25 #include "exec/exec-all.h"
26 #include "tcg/tcg-op.h"
27 #include "exec/cpu_ldst.h"
28 #include "exec/helper-proto.h"
29 #include "exec/helper-gen.h"
30 #include "exec/translator.h"
31 #include "exec/log.h"
32 #include "qemu/qemu-print.h"
33 
34 
35 typedef struct DisasContext {
36     DisasContextBase base;
37 
38     uint32_t tbflags;  /* should stay unmodified during the TB translation */
39     uint32_t envflags; /* should stay in sync with env->flags using TCG ops */
40     int memidx;
41     int gbank;
42     int fbank;
43     uint32_t delayed_pc;
44     uint32_t features;
45 
46     uint16_t opcode;
47 
48     bool has_movcal;
49 } DisasContext;
50 
51 #if defined(CONFIG_USER_ONLY)
52 #define IS_USER(ctx) 1
53 #define UNALIGN(C)   (ctx->tbflags & TB_FLAG_UNALIGN ? MO_UNALN : MO_ALIGN)
54 #else
55 #define IS_USER(ctx) (!(ctx->tbflags & (1u << SR_MD)))
56 #define UNALIGN(C)   0
57 #endif
58 
59 /* Target-specific values for ctx->base.is_jmp.  */
60 /* We want to exit back to the cpu loop for some reason.
61    Usually this is to recognize interrupts immediately.  */
62 #define DISAS_STOP    DISAS_TARGET_0
63 
64 /* global register indexes */
65 static TCGv cpu_gregs[32];
66 static TCGv cpu_sr, cpu_sr_m, cpu_sr_q, cpu_sr_t;
67 static TCGv cpu_pc, cpu_ssr, cpu_spc, cpu_gbr;
68 static TCGv cpu_vbr, cpu_sgr, cpu_dbr, cpu_mach, cpu_macl;
69 static TCGv cpu_pr, cpu_fpscr, cpu_fpul;
70 static TCGv cpu_lock_addr, cpu_lock_value;
71 static TCGv cpu_fregs[32];
72 
73 /* internal register indexes */
74 static TCGv cpu_flags, cpu_delayed_pc, cpu_delayed_cond;
75 
76 #include "exec/gen-icount.h"
77 
78 void sh4_translate_init(void)
79 {
80     int i;
81     static const char * const gregnames[24] = {
82         "R0_BANK0", "R1_BANK0", "R2_BANK0", "R3_BANK0",
83         "R4_BANK0", "R5_BANK0", "R6_BANK0", "R7_BANK0",
84         "R8", "R9", "R10", "R11", "R12", "R13", "R14", "R15",
85         "R0_BANK1", "R1_BANK1", "R2_BANK1", "R3_BANK1",
86         "R4_BANK1", "R5_BANK1", "R6_BANK1", "R7_BANK1"
87     };
88     static const char * const fregnames[32] = {
89          "FPR0_BANK0",  "FPR1_BANK0",  "FPR2_BANK0",  "FPR3_BANK0",
90          "FPR4_BANK0",  "FPR5_BANK0",  "FPR6_BANK0",  "FPR7_BANK0",
91          "FPR8_BANK0",  "FPR9_BANK0", "FPR10_BANK0", "FPR11_BANK0",
92         "FPR12_BANK0", "FPR13_BANK0", "FPR14_BANK0", "FPR15_BANK0",
93          "FPR0_BANK1",  "FPR1_BANK1",  "FPR2_BANK1",  "FPR3_BANK1",
94          "FPR4_BANK1",  "FPR5_BANK1",  "FPR6_BANK1",  "FPR7_BANK1",
95          "FPR8_BANK1",  "FPR9_BANK1", "FPR10_BANK1", "FPR11_BANK1",
96         "FPR12_BANK1", "FPR13_BANK1", "FPR14_BANK1", "FPR15_BANK1",
97     };
98 
99     for (i = 0; i < 24; i++) {
100         cpu_gregs[i] = tcg_global_mem_new_i32(cpu_env,
101                                               offsetof(CPUSH4State, gregs[i]),
102                                               gregnames[i]);
103     }
104     memcpy(cpu_gregs + 24, cpu_gregs + 8, 8 * sizeof(TCGv));
105 
106     cpu_pc = tcg_global_mem_new_i32(cpu_env,
107                                     offsetof(CPUSH4State, pc), "PC");
108     cpu_sr = tcg_global_mem_new_i32(cpu_env,
109                                     offsetof(CPUSH4State, sr), "SR");
110     cpu_sr_m = tcg_global_mem_new_i32(cpu_env,
111                                       offsetof(CPUSH4State, sr_m), "SR_M");
112     cpu_sr_q = tcg_global_mem_new_i32(cpu_env,
113                                       offsetof(CPUSH4State, sr_q), "SR_Q");
114     cpu_sr_t = tcg_global_mem_new_i32(cpu_env,
115                                       offsetof(CPUSH4State, sr_t), "SR_T");
116     cpu_ssr = tcg_global_mem_new_i32(cpu_env,
117                                      offsetof(CPUSH4State, ssr), "SSR");
118     cpu_spc = tcg_global_mem_new_i32(cpu_env,
119                                      offsetof(CPUSH4State, spc), "SPC");
120     cpu_gbr = tcg_global_mem_new_i32(cpu_env,
121                                      offsetof(CPUSH4State, gbr), "GBR");
122     cpu_vbr = tcg_global_mem_new_i32(cpu_env,
123                                      offsetof(CPUSH4State, vbr), "VBR");
124     cpu_sgr = tcg_global_mem_new_i32(cpu_env,
125                                      offsetof(CPUSH4State, sgr), "SGR");
126     cpu_dbr = tcg_global_mem_new_i32(cpu_env,
127                                      offsetof(CPUSH4State, dbr), "DBR");
128     cpu_mach = tcg_global_mem_new_i32(cpu_env,
129                                       offsetof(CPUSH4State, mach), "MACH");
130     cpu_macl = tcg_global_mem_new_i32(cpu_env,
131                                       offsetof(CPUSH4State, macl), "MACL");
132     cpu_pr = tcg_global_mem_new_i32(cpu_env,
133                                     offsetof(CPUSH4State, pr), "PR");
134     cpu_fpscr = tcg_global_mem_new_i32(cpu_env,
135                                        offsetof(CPUSH4State, fpscr), "FPSCR");
136     cpu_fpul = tcg_global_mem_new_i32(cpu_env,
137                                       offsetof(CPUSH4State, fpul), "FPUL");
138 
139     cpu_flags = tcg_global_mem_new_i32(cpu_env,
140 				       offsetof(CPUSH4State, flags), "_flags_");
141     cpu_delayed_pc = tcg_global_mem_new_i32(cpu_env,
142 					    offsetof(CPUSH4State, delayed_pc),
143 					    "_delayed_pc_");
144     cpu_delayed_cond = tcg_global_mem_new_i32(cpu_env,
145                                               offsetof(CPUSH4State,
146                                                        delayed_cond),
147                                               "_delayed_cond_");
148     cpu_lock_addr = tcg_global_mem_new_i32(cpu_env,
149                                            offsetof(CPUSH4State, lock_addr),
150                                            "_lock_addr_");
151     cpu_lock_value = tcg_global_mem_new_i32(cpu_env,
152                                             offsetof(CPUSH4State, lock_value),
153                                             "_lock_value_");
154 
155     for (i = 0; i < 32; i++)
156         cpu_fregs[i] = tcg_global_mem_new_i32(cpu_env,
157                                               offsetof(CPUSH4State, fregs[i]),
158                                               fregnames[i]);
159 }
160 
161 void superh_cpu_dump_state(CPUState *cs, FILE *f, int flags)
162 {
163     SuperHCPU *cpu = SUPERH_CPU(cs);
164     CPUSH4State *env = &cpu->env;
165     int i;
166 
167     qemu_fprintf(f, "pc=0x%08x sr=0x%08x pr=0x%08x fpscr=0x%08x\n",
168                  env->pc, cpu_read_sr(env), env->pr, env->fpscr);
169     qemu_fprintf(f, "spc=0x%08x ssr=0x%08x gbr=0x%08x vbr=0x%08x\n",
170                  env->spc, env->ssr, env->gbr, env->vbr);
171     qemu_fprintf(f, "sgr=0x%08x dbr=0x%08x delayed_pc=0x%08x fpul=0x%08x\n",
172                  env->sgr, env->dbr, env->delayed_pc, env->fpul);
173     for (i = 0; i < 24; i += 4) {
174         qemu_fprintf(f, "r%d=0x%08x r%d=0x%08x r%d=0x%08x r%d=0x%08x\n",
175                      i, env->gregs[i], i + 1, env->gregs[i + 1],
176                      i + 2, env->gregs[i + 2], i + 3, env->gregs[i + 3]);
177     }
178     if (env->flags & TB_FLAG_DELAY_SLOT) {
179         qemu_fprintf(f, "in delay slot (delayed_pc=0x%08x)\n",
180                      env->delayed_pc);
181     } else if (env->flags & TB_FLAG_DELAY_SLOT_COND) {
182         qemu_fprintf(f, "in conditional delay slot (delayed_pc=0x%08x)\n",
183                      env->delayed_pc);
184     } else if (env->flags & TB_FLAG_DELAY_SLOT_RTE) {
185         qemu_fprintf(f, "in rte delay slot (delayed_pc=0x%08x)\n",
186                      env->delayed_pc);
187     }
188 }
189 
190 static void gen_read_sr(TCGv dst)
191 {
192     TCGv t0 = tcg_temp_new();
193     tcg_gen_shli_i32(t0, cpu_sr_q, SR_Q);
194     tcg_gen_or_i32(dst, dst, t0);
195     tcg_gen_shli_i32(t0, cpu_sr_m, SR_M);
196     tcg_gen_or_i32(dst, dst, t0);
197     tcg_gen_shli_i32(t0, cpu_sr_t, SR_T);
198     tcg_gen_or_i32(dst, cpu_sr, t0);
199 }
200 
201 static void gen_write_sr(TCGv src)
202 {
203     tcg_gen_andi_i32(cpu_sr, src,
204                      ~((1u << SR_Q) | (1u << SR_M) | (1u << SR_T)));
205     tcg_gen_extract_i32(cpu_sr_q, src, SR_Q, 1);
206     tcg_gen_extract_i32(cpu_sr_m, src, SR_M, 1);
207     tcg_gen_extract_i32(cpu_sr_t, src, SR_T, 1);
208 }
209 
210 static inline void gen_save_cpu_state(DisasContext *ctx, bool save_pc)
211 {
212     if (save_pc) {
213         tcg_gen_movi_i32(cpu_pc, ctx->base.pc_next);
214     }
215     if (ctx->delayed_pc != (uint32_t) -1) {
216         tcg_gen_movi_i32(cpu_delayed_pc, ctx->delayed_pc);
217     }
218     if ((ctx->tbflags & TB_FLAG_ENVFLAGS_MASK) != ctx->envflags) {
219         tcg_gen_movi_i32(cpu_flags, ctx->envflags);
220     }
221 }
222 
223 static inline bool use_exit_tb(DisasContext *ctx)
224 {
225     return (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) != 0;
226 }
227 
228 static bool use_goto_tb(DisasContext *ctx, target_ulong dest)
229 {
230     if (use_exit_tb(ctx)) {
231         return false;
232     }
233     return translator_use_goto_tb(&ctx->base, dest);
234 }
235 
236 static void gen_goto_tb(DisasContext *ctx, int n, target_ulong dest)
237 {
238     if (use_goto_tb(ctx, dest)) {
239         tcg_gen_goto_tb(n);
240         tcg_gen_movi_i32(cpu_pc, dest);
241         tcg_gen_exit_tb(ctx->base.tb, n);
242     } else {
243         tcg_gen_movi_i32(cpu_pc, dest);
244         if (use_exit_tb(ctx)) {
245             tcg_gen_exit_tb(NULL, 0);
246         } else {
247             tcg_gen_lookup_and_goto_ptr();
248         }
249     }
250     ctx->base.is_jmp = DISAS_NORETURN;
251 }
252 
253 static void gen_jump(DisasContext * ctx)
254 {
255     if (ctx->delayed_pc == -1) {
256 	/* Target is not statically known, it comes necessarily from a
257 	   delayed jump as immediate jump are conditinal jumps */
258 	tcg_gen_mov_i32(cpu_pc, cpu_delayed_pc);
259         tcg_gen_discard_i32(cpu_delayed_pc);
260         if (use_exit_tb(ctx)) {
261             tcg_gen_exit_tb(NULL, 0);
262         } else {
263             tcg_gen_lookup_and_goto_ptr();
264         }
265         ctx->base.is_jmp = DISAS_NORETURN;
266     } else {
267 	gen_goto_tb(ctx, 0, ctx->delayed_pc);
268     }
269 }
270 
271 /* Immediate conditional jump (bt or bf) */
272 static void gen_conditional_jump(DisasContext *ctx, target_ulong dest,
273                                  bool jump_if_true)
274 {
275     TCGLabel *l1 = gen_new_label();
276     TCGCond cond_not_taken = jump_if_true ? TCG_COND_EQ : TCG_COND_NE;
277 
278     if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
279         /* When in an exclusive region, we must continue to the end.
280            Therefore, exit the region on a taken branch, but otherwise
281            fall through to the next instruction.  */
282         tcg_gen_brcondi_i32(cond_not_taken, cpu_sr_t, 0, l1);
283         tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~TB_FLAG_GUSA_MASK);
284         /* Note that this won't actually use a goto_tb opcode because we
285            disallow it in use_goto_tb, but it handles exit + singlestep.  */
286         gen_goto_tb(ctx, 0, dest);
287         gen_set_label(l1);
288         ctx->base.is_jmp = DISAS_NEXT;
289         return;
290     }
291 
292     gen_save_cpu_state(ctx, false);
293     tcg_gen_brcondi_i32(cond_not_taken, cpu_sr_t, 0, l1);
294     gen_goto_tb(ctx, 0, dest);
295     gen_set_label(l1);
296     gen_goto_tb(ctx, 1, ctx->base.pc_next + 2);
297     ctx->base.is_jmp = DISAS_NORETURN;
298 }
299 
300 /* Delayed conditional jump (bt or bf) */
301 static void gen_delayed_conditional_jump(DisasContext * ctx)
302 {
303     TCGLabel *l1 = gen_new_label();
304     TCGv ds = tcg_temp_new();
305 
306     tcg_gen_mov_i32(ds, cpu_delayed_cond);
307     tcg_gen_discard_i32(cpu_delayed_cond);
308 
309     if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
310         /* When in an exclusive region, we must continue to the end.
311            Therefore, exit the region on a taken branch, but otherwise
312            fall through to the next instruction.  */
313         tcg_gen_brcondi_i32(TCG_COND_EQ, ds, 0, l1);
314 
315         /* Leave the gUSA region.  */
316         tcg_gen_movi_i32(cpu_flags, ctx->envflags & ~TB_FLAG_GUSA_MASK);
317         gen_jump(ctx);
318 
319         gen_set_label(l1);
320         ctx->base.is_jmp = DISAS_NEXT;
321         return;
322     }
323 
324     tcg_gen_brcondi_i32(TCG_COND_NE, ds, 0, l1);
325     gen_goto_tb(ctx, 1, ctx->base.pc_next + 2);
326     gen_set_label(l1);
327     gen_jump(ctx);
328 }
329 
330 static inline void gen_load_fpr64(DisasContext *ctx, TCGv_i64 t, int reg)
331 {
332     /* We have already signaled illegal instruction for odd Dr.  */
333     tcg_debug_assert((reg & 1) == 0);
334     reg ^= ctx->fbank;
335     tcg_gen_concat_i32_i64(t, cpu_fregs[reg + 1], cpu_fregs[reg]);
336 }
337 
338 static inline void gen_store_fpr64(DisasContext *ctx, TCGv_i64 t, int reg)
339 {
340     /* We have already signaled illegal instruction for odd Dr.  */
341     tcg_debug_assert((reg & 1) == 0);
342     reg ^= ctx->fbank;
343     tcg_gen_extr_i64_i32(cpu_fregs[reg + 1], cpu_fregs[reg], t);
344 }
345 
346 #define B3_0 (ctx->opcode & 0xf)
347 #define B6_4 ((ctx->opcode >> 4) & 0x7)
348 #define B7_4 ((ctx->opcode >> 4) & 0xf)
349 #define B7_0 (ctx->opcode & 0xff)
350 #define B7_0s ((int32_t) (int8_t) (ctx->opcode & 0xff))
351 #define B11_0s (ctx->opcode & 0x800 ? 0xfffff000 | (ctx->opcode & 0xfff) : \
352   (ctx->opcode & 0xfff))
353 #define B11_8 ((ctx->opcode >> 8) & 0xf)
354 #define B15_12 ((ctx->opcode >> 12) & 0xf)
355 
356 #define REG(x)     cpu_gregs[(x) ^ ctx->gbank]
357 #define ALTREG(x)  cpu_gregs[(x) ^ ctx->gbank ^ 0x10]
358 #define FREG(x)    cpu_fregs[(x) ^ ctx->fbank]
359 
360 #define XHACK(x) ((((x) & 1 ) << 4) | ((x) & 0xe))
361 
362 #define CHECK_NOT_DELAY_SLOT \
363     if (ctx->envflags & TB_FLAG_DELAY_SLOT_MASK) {  \
364         goto do_illegal_slot;                       \
365     }
366 
367 #define CHECK_PRIVILEGED \
368     if (IS_USER(ctx)) {                     \
369         goto do_illegal;                    \
370     }
371 
372 #define CHECK_FPU_ENABLED \
373     if (ctx->tbflags & (1u << SR_FD)) {     \
374         goto do_fpu_disabled;               \
375     }
376 
377 #define CHECK_FPSCR_PR_0 \
378     if (ctx->tbflags & FPSCR_PR) {          \
379         goto do_illegal;                    \
380     }
381 
382 #define CHECK_FPSCR_PR_1 \
383     if (!(ctx->tbflags & FPSCR_PR)) {       \
384         goto do_illegal;                    \
385     }
386 
387 #define CHECK_SH4A \
388     if (!(ctx->features & SH_FEATURE_SH4A)) { \
389         goto do_illegal;                      \
390     }
391 
392 static void _decode_opc(DisasContext * ctx)
393 {
394     /* This code tries to make movcal emulation sufficiently
395        accurate for Linux purposes.  This instruction writes
396        memory, and prior to that, always allocates a cache line.
397        It is used in two contexts:
398        - in memcpy, where data is copied in blocks, the first write
399        of to a block uses movca.l for performance.
400        - in arch/sh/mm/cache-sh4.c, movcal.l + ocbi combination is used
401        to flush the cache. Here, the data written by movcal.l is never
402        written to memory, and the data written is just bogus.
403 
404        To simulate this, we simulate movcal.l, we store the value to memory,
405        but we also remember the previous content. If we see ocbi, we check
406        if movcal.l for that address was done previously. If so, the write should
407        not have hit the memory, so we restore the previous content.
408        When we see an instruction that is neither movca.l
409        nor ocbi, the previous content is discarded.
410 
411        To optimize, we only try to flush stores when we're at the start of
412        TB, or if we already saw movca.l in this TB and did not flush stores
413        yet.  */
414     if (ctx->has_movcal)
415 	{
416 	  int opcode = ctx->opcode & 0xf0ff;
417 	  if (opcode != 0x0093 /* ocbi */
418 	      && opcode != 0x00c3 /* movca.l */)
419 	      {
420                   gen_helper_discard_movcal_backup(cpu_env);
421 		  ctx->has_movcal = 0;
422 	      }
423 	}
424 
425 #if 0
426     fprintf(stderr, "Translating opcode 0x%04x\n", ctx->opcode);
427 #endif
428 
429     switch (ctx->opcode) {
430     case 0x0019:		/* div0u */
431         tcg_gen_movi_i32(cpu_sr_m, 0);
432         tcg_gen_movi_i32(cpu_sr_q, 0);
433         tcg_gen_movi_i32(cpu_sr_t, 0);
434 	return;
435     case 0x000b:		/* rts */
436 	CHECK_NOT_DELAY_SLOT
437 	tcg_gen_mov_i32(cpu_delayed_pc, cpu_pr);
438         ctx->envflags |= TB_FLAG_DELAY_SLOT;
439 	ctx->delayed_pc = (uint32_t) - 1;
440 	return;
441     case 0x0028:		/* clrmac */
442 	tcg_gen_movi_i32(cpu_mach, 0);
443 	tcg_gen_movi_i32(cpu_macl, 0);
444 	return;
445     case 0x0048:		/* clrs */
446         tcg_gen_andi_i32(cpu_sr, cpu_sr, ~(1u << SR_S));
447 	return;
448     case 0x0008:		/* clrt */
449         tcg_gen_movi_i32(cpu_sr_t, 0);
450 	return;
451     case 0x0038:		/* ldtlb */
452 	CHECK_PRIVILEGED
453         gen_helper_ldtlb(cpu_env);
454 	return;
455     case 0x002b:		/* rte */
456 	CHECK_PRIVILEGED
457 	CHECK_NOT_DELAY_SLOT
458         gen_write_sr(cpu_ssr);
459 	tcg_gen_mov_i32(cpu_delayed_pc, cpu_spc);
460         ctx->envflags |= TB_FLAG_DELAY_SLOT_RTE;
461 	ctx->delayed_pc = (uint32_t) - 1;
462         ctx->base.is_jmp = DISAS_STOP;
463 	return;
464     case 0x0058:		/* sets */
465         tcg_gen_ori_i32(cpu_sr, cpu_sr, (1u << SR_S));
466 	return;
467     case 0x0018:		/* sett */
468         tcg_gen_movi_i32(cpu_sr_t, 1);
469 	return;
470     case 0xfbfd:		/* frchg */
471         CHECK_FPSCR_PR_0
472 	tcg_gen_xori_i32(cpu_fpscr, cpu_fpscr, FPSCR_FR);
473         ctx->base.is_jmp = DISAS_STOP;
474 	return;
475     case 0xf3fd:		/* fschg */
476         CHECK_FPSCR_PR_0
477         tcg_gen_xori_i32(cpu_fpscr, cpu_fpscr, FPSCR_SZ);
478         ctx->base.is_jmp = DISAS_STOP;
479 	return;
480     case 0xf7fd:                /* fpchg */
481         CHECK_SH4A
482         tcg_gen_xori_i32(cpu_fpscr, cpu_fpscr, FPSCR_PR);
483         ctx->base.is_jmp = DISAS_STOP;
484         return;
485     case 0x0009:		/* nop */
486 	return;
487     case 0x001b:		/* sleep */
488 	CHECK_PRIVILEGED
489         tcg_gen_movi_i32(cpu_pc, ctx->base.pc_next + 2);
490         gen_helper_sleep(cpu_env);
491 	return;
492     }
493 
494     switch (ctx->opcode & 0xf000) {
495     case 0x1000:		/* mov.l Rm,@(disp,Rn) */
496 	{
497 	    TCGv addr = tcg_temp_new();
498 	    tcg_gen_addi_i32(addr, REG(B11_8), B3_0 * 4);
499             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
500                                 MO_TEUL | UNALIGN(ctx));
501 	}
502 	return;
503     case 0x5000:		/* mov.l @(disp,Rm),Rn */
504 	{
505 	    TCGv addr = tcg_temp_new();
506 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 4);
507             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx,
508                                 MO_TESL | UNALIGN(ctx));
509 	}
510 	return;
511     case 0xe000:		/* mov #imm,Rn */
512 #ifdef CONFIG_USER_ONLY
513         /*
514          * Detect the start of a gUSA region (mov #-n, r15).
515          * If so, update envflags and end the TB.  This will allow us
516          * to see the end of the region (stored in R0) in the next TB.
517          */
518         if (B11_8 == 15 && B7_0s < 0 &&
519             (tb_cflags(ctx->base.tb) & CF_PARALLEL)) {
520             ctx->envflags =
521                 deposit32(ctx->envflags, TB_FLAG_GUSA_SHIFT, 8, B7_0s);
522             ctx->base.is_jmp = DISAS_STOP;
523         }
524 #endif
525 	tcg_gen_movi_i32(REG(B11_8), B7_0s);
526 	return;
527     case 0x9000:		/* mov.w @(disp,PC),Rn */
528 	{
529             TCGv addr = tcg_constant_i32(ctx->base.pc_next + 4 + B7_0 * 2);
530             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESW);
531 	}
532 	return;
533     case 0xd000:		/* mov.l @(disp,PC),Rn */
534 	{
535             TCGv addr = tcg_constant_i32((ctx->base.pc_next + 4 + B7_0 * 4) & ~3);
536             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_TESL);
537 	}
538 	return;
539     case 0x7000:		/* add #imm,Rn */
540 	tcg_gen_addi_i32(REG(B11_8), REG(B11_8), B7_0s);
541 	return;
542     case 0xa000:		/* bra disp */
543 	CHECK_NOT_DELAY_SLOT
544         ctx->delayed_pc = ctx->base.pc_next + 4 + B11_0s * 2;
545         ctx->envflags |= TB_FLAG_DELAY_SLOT;
546 	return;
547     case 0xb000:		/* bsr disp */
548 	CHECK_NOT_DELAY_SLOT
549         tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
550         ctx->delayed_pc = ctx->base.pc_next + 4 + B11_0s * 2;
551         ctx->envflags |= TB_FLAG_DELAY_SLOT;
552 	return;
553     }
554 
555     switch (ctx->opcode & 0xf00f) {
556     case 0x6003:		/* mov Rm,Rn */
557 	tcg_gen_mov_i32(REG(B11_8), REG(B7_4));
558 	return;
559     case 0x2000:		/* mov.b Rm,@Rn */
560         tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx, MO_UB);
561 	return;
562     case 0x2001:		/* mov.w Rm,@Rn */
563         tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx,
564                             MO_TEUW | UNALIGN(ctx));
565 	return;
566     case 0x2002:		/* mov.l Rm,@Rn */
567         tcg_gen_qemu_st_i32(REG(B7_4), REG(B11_8), ctx->memidx,
568                             MO_TEUL | UNALIGN(ctx));
569 	return;
570     case 0x6000:		/* mov.b @Rm,Rn */
571         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_SB);
572 	return;
573     case 0x6001:		/* mov.w @Rm,Rn */
574         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
575                             MO_TESW | UNALIGN(ctx));
576 	return;
577     case 0x6002:		/* mov.l @Rm,Rn */
578         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
579                             MO_TESL | UNALIGN(ctx));
580 	return;
581     case 0x2004:		/* mov.b Rm,@-Rn */
582 	{
583 	    TCGv addr = tcg_temp_new();
584 	    tcg_gen_subi_i32(addr, REG(B11_8), 1);
585             /* might cause re-execution */
586             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_UB);
587 	    tcg_gen_mov_i32(REG(B11_8), addr);			/* modify register status */
588 	}
589 	return;
590     case 0x2005:		/* mov.w Rm,@-Rn */
591 	{
592 	    TCGv addr = tcg_temp_new();
593 	    tcg_gen_subi_i32(addr, REG(B11_8), 2);
594             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
595                                 MO_TEUW | UNALIGN(ctx));
596 	    tcg_gen_mov_i32(REG(B11_8), addr);
597 	}
598 	return;
599     case 0x2006:		/* mov.l Rm,@-Rn */
600 	{
601 	    TCGv addr = tcg_temp_new();
602 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
603             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
604                                 MO_TEUL | UNALIGN(ctx));
605 	    tcg_gen_mov_i32(REG(B11_8), addr);
606 	}
607 	return;
608     case 0x6004:		/* mov.b @Rm+,Rn */
609         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx, MO_SB);
610 	if ( B11_8 != B7_4 )
611 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 1);
612 	return;
613     case 0x6005:		/* mov.w @Rm+,Rn */
614         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
615                             MO_TESW | UNALIGN(ctx));
616 	if ( B11_8 != B7_4 )
617 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 2);
618 	return;
619     case 0x6006:		/* mov.l @Rm+,Rn */
620         tcg_gen_qemu_ld_i32(REG(B11_8), REG(B7_4), ctx->memidx,
621                             MO_TESL | UNALIGN(ctx));
622 	if ( B11_8 != B7_4 )
623 		tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
624 	return;
625     case 0x0004:		/* mov.b Rm,@(R0,Rn) */
626 	{
627 	    TCGv addr = tcg_temp_new();
628 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
629             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx, MO_UB);
630 	}
631 	return;
632     case 0x0005:		/* mov.w Rm,@(R0,Rn) */
633 	{
634 	    TCGv addr = tcg_temp_new();
635 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
636             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
637                                 MO_TEUW | UNALIGN(ctx));
638 	}
639 	return;
640     case 0x0006:		/* mov.l Rm,@(R0,Rn) */
641 	{
642 	    TCGv addr = tcg_temp_new();
643 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
644             tcg_gen_qemu_st_i32(REG(B7_4), addr, ctx->memidx,
645                                 MO_TEUL | UNALIGN(ctx));
646 	}
647 	return;
648     case 0x000c:		/* mov.b @(R0,Rm),Rn */
649 	{
650 	    TCGv addr = tcg_temp_new();
651 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
652             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx, MO_SB);
653 	}
654 	return;
655     case 0x000d:		/* mov.w @(R0,Rm),Rn */
656 	{
657 	    TCGv addr = tcg_temp_new();
658 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
659             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx,
660                                 MO_TESW | UNALIGN(ctx));
661 	}
662 	return;
663     case 0x000e:		/* mov.l @(R0,Rm),Rn */
664 	{
665 	    TCGv addr = tcg_temp_new();
666 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
667             tcg_gen_qemu_ld_i32(REG(B11_8), addr, ctx->memidx,
668                                 MO_TESL | UNALIGN(ctx));
669 	}
670 	return;
671     case 0x6008:		/* swap.b Rm,Rn */
672 	{
673             TCGv low = tcg_temp_new();
674             tcg_gen_bswap16_i32(low, REG(B7_4), 0);
675             tcg_gen_deposit_i32(REG(B11_8), REG(B7_4), low, 0, 16);
676 	}
677 	return;
678     case 0x6009:		/* swap.w Rm,Rn */
679         tcg_gen_rotli_i32(REG(B11_8), REG(B7_4), 16);
680 	return;
681     case 0x200d:		/* xtrct Rm,Rn */
682 	{
683 	    TCGv high, low;
684 	    high = tcg_temp_new();
685 	    tcg_gen_shli_i32(high, REG(B7_4), 16);
686 	    low = tcg_temp_new();
687 	    tcg_gen_shri_i32(low, REG(B11_8), 16);
688 	    tcg_gen_or_i32(REG(B11_8), high, low);
689 	}
690 	return;
691     case 0x300c:		/* add Rm,Rn */
692 	tcg_gen_add_i32(REG(B11_8), REG(B11_8), REG(B7_4));
693 	return;
694     case 0x300e:		/* addc Rm,Rn */
695         {
696             TCGv t0, t1;
697             t0 = tcg_constant_tl(0);
698             t1 = tcg_temp_new();
699             tcg_gen_add2_i32(t1, cpu_sr_t, cpu_sr_t, t0, REG(B7_4), t0);
700             tcg_gen_add2_i32(REG(B11_8), cpu_sr_t,
701                              REG(B11_8), t0, t1, cpu_sr_t);
702         }
703 	return;
704     case 0x300f:		/* addv Rm,Rn */
705         {
706             TCGv t0, t1, t2;
707             t0 = tcg_temp_new();
708             tcg_gen_add_i32(t0, REG(B7_4), REG(B11_8));
709             t1 = tcg_temp_new();
710             tcg_gen_xor_i32(t1, t0, REG(B11_8));
711             t2 = tcg_temp_new();
712             tcg_gen_xor_i32(t2, REG(B7_4), REG(B11_8));
713             tcg_gen_andc_i32(cpu_sr_t, t1, t2);
714             tcg_gen_shri_i32(cpu_sr_t, cpu_sr_t, 31);
715             tcg_gen_mov_i32(REG(B7_4), t0);
716         }
717 	return;
718     case 0x2009:		/* and Rm,Rn */
719 	tcg_gen_and_i32(REG(B11_8), REG(B11_8), REG(B7_4));
720 	return;
721     case 0x3000:		/* cmp/eq Rm,Rn */
722         tcg_gen_setcond_i32(TCG_COND_EQ, cpu_sr_t, REG(B11_8), REG(B7_4));
723 	return;
724     case 0x3003:		/* cmp/ge Rm,Rn */
725         tcg_gen_setcond_i32(TCG_COND_GE, cpu_sr_t, REG(B11_8), REG(B7_4));
726 	return;
727     case 0x3007:		/* cmp/gt Rm,Rn */
728         tcg_gen_setcond_i32(TCG_COND_GT, cpu_sr_t, REG(B11_8), REG(B7_4));
729 	return;
730     case 0x3006:		/* cmp/hi Rm,Rn */
731         tcg_gen_setcond_i32(TCG_COND_GTU, cpu_sr_t, REG(B11_8), REG(B7_4));
732 	return;
733     case 0x3002:		/* cmp/hs Rm,Rn */
734         tcg_gen_setcond_i32(TCG_COND_GEU, cpu_sr_t, REG(B11_8), REG(B7_4));
735 	return;
736     case 0x200c:		/* cmp/str Rm,Rn */
737 	{
738 	    TCGv cmp1 = tcg_temp_new();
739 	    TCGv cmp2 = tcg_temp_new();
740             tcg_gen_xor_i32(cmp2, REG(B7_4), REG(B11_8));
741             tcg_gen_subi_i32(cmp1, cmp2, 0x01010101);
742             tcg_gen_andc_i32(cmp1, cmp1, cmp2);
743             tcg_gen_andi_i32(cmp1, cmp1, 0x80808080);
744             tcg_gen_setcondi_i32(TCG_COND_NE, cpu_sr_t, cmp1, 0);
745 	}
746 	return;
747     case 0x2007:		/* div0s Rm,Rn */
748         tcg_gen_shri_i32(cpu_sr_q, REG(B11_8), 31);         /* SR_Q */
749         tcg_gen_shri_i32(cpu_sr_m, REG(B7_4), 31);          /* SR_M */
750         tcg_gen_xor_i32(cpu_sr_t, cpu_sr_q, cpu_sr_m);      /* SR_T */
751 	return;
752     case 0x3004:		/* div1 Rm,Rn */
753         {
754             TCGv t0 = tcg_temp_new();
755             TCGv t1 = tcg_temp_new();
756             TCGv t2 = tcg_temp_new();
757             TCGv zero = tcg_constant_i32(0);
758 
759             /* shift left arg1, saving the bit being pushed out and inserting
760                T on the right */
761             tcg_gen_shri_i32(t0, REG(B11_8), 31);
762             tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 1);
763             tcg_gen_or_i32(REG(B11_8), REG(B11_8), cpu_sr_t);
764 
765             /* Add or subtract arg0 from arg1 depending if Q == M. To avoid
766                using 64-bit temps, we compute arg0's high part from q ^ m, so
767                that it is 0x00000000 when adding the value or 0xffffffff when
768                subtracting it. */
769             tcg_gen_xor_i32(t1, cpu_sr_q, cpu_sr_m);
770             tcg_gen_subi_i32(t1, t1, 1);
771             tcg_gen_neg_i32(t2, REG(B7_4));
772             tcg_gen_movcond_i32(TCG_COND_EQ, t2, t1, zero, REG(B7_4), t2);
773             tcg_gen_add2_i32(REG(B11_8), t1, REG(B11_8), zero, t2, t1);
774 
775             /* compute T and Q depending on carry */
776             tcg_gen_andi_i32(t1, t1, 1);
777             tcg_gen_xor_i32(t1, t1, t0);
778             tcg_gen_xori_i32(cpu_sr_t, t1, 1);
779             tcg_gen_xor_i32(cpu_sr_q, cpu_sr_m, t1);
780         }
781 	return;
782     case 0x300d:		/* dmuls.l Rm,Rn */
783         tcg_gen_muls2_i32(cpu_macl, cpu_mach, REG(B7_4), REG(B11_8));
784 	return;
785     case 0x3005:		/* dmulu.l Rm,Rn */
786         tcg_gen_mulu2_i32(cpu_macl, cpu_mach, REG(B7_4), REG(B11_8));
787 	return;
788     case 0x600e:		/* exts.b Rm,Rn */
789 	tcg_gen_ext8s_i32(REG(B11_8), REG(B7_4));
790 	return;
791     case 0x600f:		/* exts.w Rm,Rn */
792 	tcg_gen_ext16s_i32(REG(B11_8), REG(B7_4));
793 	return;
794     case 0x600c:		/* extu.b Rm,Rn */
795 	tcg_gen_ext8u_i32(REG(B11_8), REG(B7_4));
796 	return;
797     case 0x600d:		/* extu.w Rm,Rn */
798 	tcg_gen_ext16u_i32(REG(B11_8), REG(B7_4));
799 	return;
800     case 0x000f:		/* mac.l @Rm+,@Rn+ */
801 	{
802 	    TCGv arg0, arg1;
803 	    arg0 = tcg_temp_new();
804             tcg_gen_qemu_ld_i32(arg0, REG(B7_4), ctx->memidx, MO_TESL);
805 	    arg1 = tcg_temp_new();
806             tcg_gen_qemu_ld_i32(arg1, REG(B11_8), ctx->memidx, MO_TESL);
807             gen_helper_macl(cpu_env, arg0, arg1);
808 	    tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
809 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
810 	}
811 	return;
812     case 0x400f:		/* mac.w @Rm+,@Rn+ */
813 	{
814 	    TCGv arg0, arg1;
815 	    arg0 = tcg_temp_new();
816             tcg_gen_qemu_ld_i32(arg0, REG(B7_4), ctx->memidx, MO_TESL);
817 	    arg1 = tcg_temp_new();
818             tcg_gen_qemu_ld_i32(arg1, REG(B11_8), ctx->memidx, MO_TESL);
819             gen_helper_macw(cpu_env, arg0, arg1);
820 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 2);
821 	    tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 2);
822 	}
823 	return;
824     case 0x0007:		/* mul.l Rm,Rn */
825 	tcg_gen_mul_i32(cpu_macl, REG(B7_4), REG(B11_8));
826 	return;
827     case 0x200f:		/* muls.w Rm,Rn */
828 	{
829 	    TCGv arg0, arg1;
830 	    arg0 = tcg_temp_new();
831 	    tcg_gen_ext16s_i32(arg0, REG(B7_4));
832 	    arg1 = tcg_temp_new();
833 	    tcg_gen_ext16s_i32(arg1, REG(B11_8));
834 	    tcg_gen_mul_i32(cpu_macl, arg0, arg1);
835 	}
836 	return;
837     case 0x200e:		/* mulu.w Rm,Rn */
838 	{
839 	    TCGv arg0, arg1;
840 	    arg0 = tcg_temp_new();
841 	    tcg_gen_ext16u_i32(arg0, REG(B7_4));
842 	    arg1 = tcg_temp_new();
843 	    tcg_gen_ext16u_i32(arg1, REG(B11_8));
844 	    tcg_gen_mul_i32(cpu_macl, arg0, arg1);
845 	}
846 	return;
847     case 0x600b:		/* neg Rm,Rn */
848 	tcg_gen_neg_i32(REG(B11_8), REG(B7_4));
849 	return;
850     case 0x600a:		/* negc Rm,Rn */
851         {
852             TCGv t0 = tcg_constant_i32(0);
853             tcg_gen_add2_i32(REG(B11_8), cpu_sr_t,
854                              REG(B7_4), t0, cpu_sr_t, t0);
855             tcg_gen_sub2_i32(REG(B11_8), cpu_sr_t,
856                              t0, t0, REG(B11_8), cpu_sr_t);
857             tcg_gen_andi_i32(cpu_sr_t, cpu_sr_t, 1);
858         }
859 	return;
860     case 0x6007:		/* not Rm,Rn */
861 	tcg_gen_not_i32(REG(B11_8), REG(B7_4));
862 	return;
863     case 0x200b:		/* or Rm,Rn */
864 	tcg_gen_or_i32(REG(B11_8), REG(B11_8), REG(B7_4));
865 	return;
866     case 0x400c:		/* shad Rm,Rn */
867 	{
868             TCGv t0 = tcg_temp_new();
869             TCGv t1 = tcg_temp_new();
870             TCGv t2 = tcg_temp_new();
871 
872             tcg_gen_andi_i32(t0, REG(B7_4), 0x1f);
873 
874             /* positive case: shift to the left */
875             tcg_gen_shl_i32(t1, REG(B11_8), t0);
876 
877             /* negative case: shift to the right in two steps to
878                correctly handle the -32 case */
879             tcg_gen_xori_i32(t0, t0, 0x1f);
880             tcg_gen_sar_i32(t2, REG(B11_8), t0);
881             tcg_gen_sari_i32(t2, t2, 1);
882 
883             /* select between the two cases */
884             tcg_gen_movi_i32(t0, 0);
885             tcg_gen_movcond_i32(TCG_COND_GE, REG(B11_8), REG(B7_4), t0, t1, t2);
886 	}
887 	return;
888     case 0x400d:		/* shld Rm,Rn */
889 	{
890             TCGv t0 = tcg_temp_new();
891             TCGv t1 = tcg_temp_new();
892             TCGv t2 = tcg_temp_new();
893 
894             tcg_gen_andi_i32(t0, REG(B7_4), 0x1f);
895 
896             /* positive case: shift to the left */
897             tcg_gen_shl_i32(t1, REG(B11_8), t0);
898 
899             /* negative case: shift to the right in two steps to
900                correctly handle the -32 case */
901             tcg_gen_xori_i32(t0, t0, 0x1f);
902             tcg_gen_shr_i32(t2, REG(B11_8), t0);
903             tcg_gen_shri_i32(t2, t2, 1);
904 
905             /* select between the two cases */
906             tcg_gen_movi_i32(t0, 0);
907             tcg_gen_movcond_i32(TCG_COND_GE, REG(B11_8), REG(B7_4), t0, t1, t2);
908 	}
909 	return;
910     case 0x3008:		/* sub Rm,Rn */
911 	tcg_gen_sub_i32(REG(B11_8), REG(B11_8), REG(B7_4));
912 	return;
913     case 0x300a:		/* subc Rm,Rn */
914         {
915             TCGv t0, t1;
916             t0 = tcg_constant_tl(0);
917             t1 = tcg_temp_new();
918             tcg_gen_add2_i32(t1, cpu_sr_t, cpu_sr_t, t0, REG(B7_4), t0);
919             tcg_gen_sub2_i32(REG(B11_8), cpu_sr_t,
920                              REG(B11_8), t0, t1, cpu_sr_t);
921             tcg_gen_andi_i32(cpu_sr_t, cpu_sr_t, 1);
922         }
923 	return;
924     case 0x300b:		/* subv Rm,Rn */
925         {
926             TCGv t0, t1, t2;
927             t0 = tcg_temp_new();
928             tcg_gen_sub_i32(t0, REG(B11_8), REG(B7_4));
929             t1 = tcg_temp_new();
930             tcg_gen_xor_i32(t1, t0, REG(B7_4));
931             t2 = tcg_temp_new();
932             tcg_gen_xor_i32(t2, REG(B11_8), REG(B7_4));
933             tcg_gen_and_i32(t1, t1, t2);
934             tcg_gen_shri_i32(cpu_sr_t, t1, 31);
935             tcg_gen_mov_i32(REG(B11_8), t0);
936         }
937 	return;
938     case 0x2008:		/* tst Rm,Rn */
939 	{
940 	    TCGv val = tcg_temp_new();
941 	    tcg_gen_and_i32(val, REG(B7_4), REG(B11_8));
942             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
943 	}
944 	return;
945     case 0x200a:		/* xor Rm,Rn */
946 	tcg_gen_xor_i32(REG(B11_8), REG(B11_8), REG(B7_4));
947 	return;
948     case 0xf00c: /* fmov {F,D,X}Rm,{F,D,X}Rn - FPSCR: Nothing */
949 	CHECK_FPU_ENABLED
950         if (ctx->tbflags & FPSCR_SZ) {
951             int xsrc = XHACK(B7_4);
952             int xdst = XHACK(B11_8);
953             tcg_gen_mov_i32(FREG(xdst), FREG(xsrc));
954             tcg_gen_mov_i32(FREG(xdst + 1), FREG(xsrc + 1));
955 	} else {
956             tcg_gen_mov_i32(FREG(B11_8), FREG(B7_4));
957 	}
958 	return;
959     case 0xf00a: /* fmov {F,D,X}Rm,@Rn - FPSCR: Nothing */
960 	CHECK_FPU_ENABLED
961         if (ctx->tbflags & FPSCR_SZ) {
962             TCGv_i64 fp = tcg_temp_new_i64();
963             gen_load_fpr64(ctx, fp, XHACK(B7_4));
964             tcg_gen_qemu_st_i64(fp, REG(B11_8), ctx->memidx, MO_TEUQ);
965 	} else {
966             tcg_gen_qemu_st_i32(FREG(B7_4), REG(B11_8), ctx->memidx, MO_TEUL);
967 	}
968 	return;
969     case 0xf008: /* fmov @Rm,{F,D,X}Rn - FPSCR: Nothing */
970 	CHECK_FPU_ENABLED
971         if (ctx->tbflags & FPSCR_SZ) {
972             TCGv_i64 fp = tcg_temp_new_i64();
973             tcg_gen_qemu_ld_i64(fp, REG(B7_4), ctx->memidx, MO_TEUQ);
974             gen_store_fpr64(ctx, fp, XHACK(B11_8));
975 	} else {
976             tcg_gen_qemu_ld_i32(FREG(B11_8), REG(B7_4), ctx->memidx, MO_TEUL);
977 	}
978 	return;
979     case 0xf009: /* fmov @Rm+,{F,D,X}Rn - FPSCR: Nothing */
980 	CHECK_FPU_ENABLED
981         if (ctx->tbflags & FPSCR_SZ) {
982             TCGv_i64 fp = tcg_temp_new_i64();
983             tcg_gen_qemu_ld_i64(fp, REG(B7_4), ctx->memidx, MO_TEUQ);
984             gen_store_fpr64(ctx, fp, XHACK(B11_8));
985             tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 8);
986 	} else {
987             tcg_gen_qemu_ld_i32(FREG(B11_8), REG(B7_4), ctx->memidx, MO_TEUL);
988 	    tcg_gen_addi_i32(REG(B7_4), REG(B7_4), 4);
989 	}
990 	return;
991     case 0xf00b: /* fmov {F,D,X}Rm,@-Rn - FPSCR: Nothing */
992 	CHECK_FPU_ENABLED
993         {
994             TCGv addr = tcg_temp_new_i32();
995             if (ctx->tbflags & FPSCR_SZ) {
996                 TCGv_i64 fp = tcg_temp_new_i64();
997                 gen_load_fpr64(ctx, fp, XHACK(B7_4));
998                 tcg_gen_subi_i32(addr, REG(B11_8), 8);
999                 tcg_gen_qemu_st_i64(fp, addr, ctx->memidx, MO_TEUQ);
1000             } else {
1001                 tcg_gen_subi_i32(addr, REG(B11_8), 4);
1002                 tcg_gen_qemu_st_i32(FREG(B7_4), addr, ctx->memidx, MO_TEUL);
1003             }
1004             tcg_gen_mov_i32(REG(B11_8), addr);
1005         }
1006 	return;
1007     case 0xf006: /* fmov @(R0,Rm),{F,D,X}Rm - FPSCR: Nothing */
1008 	CHECK_FPU_ENABLED
1009 	{
1010 	    TCGv addr = tcg_temp_new_i32();
1011 	    tcg_gen_add_i32(addr, REG(B7_4), REG(0));
1012             if (ctx->tbflags & FPSCR_SZ) {
1013                 TCGv_i64 fp = tcg_temp_new_i64();
1014                 tcg_gen_qemu_ld_i64(fp, addr, ctx->memidx, MO_TEUQ);
1015                 gen_store_fpr64(ctx, fp, XHACK(B11_8));
1016 	    } else {
1017                 tcg_gen_qemu_ld_i32(FREG(B11_8), addr, ctx->memidx, MO_TEUL);
1018 	    }
1019 	}
1020 	return;
1021     case 0xf007: /* fmov {F,D,X}Rn,@(R0,Rn) - FPSCR: Nothing */
1022 	CHECK_FPU_ENABLED
1023 	{
1024 	    TCGv addr = tcg_temp_new();
1025 	    tcg_gen_add_i32(addr, REG(B11_8), REG(0));
1026             if (ctx->tbflags & FPSCR_SZ) {
1027                 TCGv_i64 fp = tcg_temp_new_i64();
1028                 gen_load_fpr64(ctx, fp, XHACK(B7_4));
1029                 tcg_gen_qemu_st_i64(fp, addr, ctx->memidx, MO_TEUQ);
1030 	    } else {
1031                 tcg_gen_qemu_st_i32(FREG(B7_4), addr, ctx->memidx, MO_TEUL);
1032 	    }
1033 	}
1034 	return;
1035     case 0xf000: /* fadd Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1036     case 0xf001: /* fsub Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1037     case 0xf002: /* fmul Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1038     case 0xf003: /* fdiv Rm,Rn - FPSCR: R[PR,Enable.O/U/I]/W[Cause,Flag] */
1039     case 0xf004: /* fcmp/eq Rm,Rn - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
1040     case 0xf005: /* fcmp/gt Rm,Rn - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
1041 	{
1042 	    CHECK_FPU_ENABLED
1043             if (ctx->tbflags & FPSCR_PR) {
1044                 TCGv_i64 fp0, fp1;
1045 
1046                 if (ctx->opcode & 0x0110) {
1047                     goto do_illegal;
1048                 }
1049 		fp0 = tcg_temp_new_i64();
1050 		fp1 = tcg_temp_new_i64();
1051                 gen_load_fpr64(ctx, fp0, B11_8);
1052                 gen_load_fpr64(ctx, fp1, B7_4);
1053                 switch (ctx->opcode & 0xf00f) {
1054                 case 0xf000:		/* fadd Rm,Rn */
1055                     gen_helper_fadd_DT(fp0, cpu_env, fp0, fp1);
1056                     break;
1057                 case 0xf001:		/* fsub Rm,Rn */
1058                     gen_helper_fsub_DT(fp0, cpu_env, fp0, fp1);
1059                     break;
1060                 case 0xf002:		/* fmul Rm,Rn */
1061                     gen_helper_fmul_DT(fp0, cpu_env, fp0, fp1);
1062                     break;
1063                 case 0xf003:		/* fdiv Rm,Rn */
1064                     gen_helper_fdiv_DT(fp0, cpu_env, fp0, fp1);
1065                     break;
1066                 case 0xf004:		/* fcmp/eq Rm,Rn */
1067                     gen_helper_fcmp_eq_DT(cpu_sr_t, cpu_env, fp0, fp1);
1068                     return;
1069                 case 0xf005:		/* fcmp/gt Rm,Rn */
1070                     gen_helper_fcmp_gt_DT(cpu_sr_t, cpu_env, fp0, fp1);
1071                     return;
1072                 }
1073                 gen_store_fpr64(ctx, fp0, B11_8);
1074 	    } else {
1075                 switch (ctx->opcode & 0xf00f) {
1076                 case 0xf000:		/* fadd Rm,Rn */
1077                     gen_helper_fadd_FT(FREG(B11_8), cpu_env,
1078                                        FREG(B11_8), FREG(B7_4));
1079                     break;
1080                 case 0xf001:		/* fsub Rm,Rn */
1081                     gen_helper_fsub_FT(FREG(B11_8), cpu_env,
1082                                        FREG(B11_8), FREG(B7_4));
1083                     break;
1084                 case 0xf002:		/* fmul Rm,Rn */
1085                     gen_helper_fmul_FT(FREG(B11_8), cpu_env,
1086                                        FREG(B11_8), FREG(B7_4));
1087                     break;
1088                 case 0xf003:		/* fdiv Rm,Rn */
1089                     gen_helper_fdiv_FT(FREG(B11_8), cpu_env,
1090                                        FREG(B11_8), FREG(B7_4));
1091                     break;
1092                 case 0xf004:		/* fcmp/eq Rm,Rn */
1093                     gen_helper_fcmp_eq_FT(cpu_sr_t, cpu_env,
1094                                           FREG(B11_8), FREG(B7_4));
1095                     return;
1096                 case 0xf005:		/* fcmp/gt Rm,Rn */
1097                     gen_helper_fcmp_gt_FT(cpu_sr_t, cpu_env,
1098                                           FREG(B11_8), FREG(B7_4));
1099                     return;
1100                 }
1101 	    }
1102 	}
1103 	return;
1104     case 0xf00e: /* fmac FR0,RM,Rn */
1105         CHECK_FPU_ENABLED
1106         CHECK_FPSCR_PR_0
1107         gen_helper_fmac_FT(FREG(B11_8), cpu_env,
1108                            FREG(0), FREG(B7_4), FREG(B11_8));
1109         return;
1110     }
1111 
1112     switch (ctx->opcode & 0xff00) {
1113     case 0xc900:		/* and #imm,R0 */
1114 	tcg_gen_andi_i32(REG(0), REG(0), B7_0);
1115 	return;
1116     case 0xcd00:		/* and.b #imm,@(R0,GBR) */
1117 	{
1118 	    TCGv addr, val;
1119 	    addr = tcg_temp_new();
1120 	    tcg_gen_add_i32(addr, REG(0), cpu_gbr);
1121 	    val = tcg_temp_new();
1122             tcg_gen_qemu_ld_i32(val, addr, ctx->memidx, MO_UB);
1123 	    tcg_gen_andi_i32(val, val, B7_0);
1124             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_UB);
1125 	}
1126 	return;
1127     case 0x8b00:		/* bf label */
1128 	CHECK_NOT_DELAY_SLOT
1129         gen_conditional_jump(ctx, ctx->base.pc_next + 4 + B7_0s * 2, false);
1130 	return;
1131     case 0x8f00:		/* bf/s label */
1132 	CHECK_NOT_DELAY_SLOT
1133         tcg_gen_xori_i32(cpu_delayed_cond, cpu_sr_t, 1);
1134         ctx->delayed_pc = ctx->base.pc_next + 4 + B7_0s * 2;
1135         ctx->envflags |= TB_FLAG_DELAY_SLOT_COND;
1136 	return;
1137     case 0x8900:		/* bt label */
1138 	CHECK_NOT_DELAY_SLOT
1139         gen_conditional_jump(ctx, ctx->base.pc_next + 4 + B7_0s * 2, true);
1140 	return;
1141     case 0x8d00:		/* bt/s label */
1142 	CHECK_NOT_DELAY_SLOT
1143         tcg_gen_mov_i32(cpu_delayed_cond, cpu_sr_t);
1144         ctx->delayed_pc = ctx->base.pc_next + 4 + B7_0s * 2;
1145         ctx->envflags |= TB_FLAG_DELAY_SLOT_COND;
1146 	return;
1147     case 0x8800:		/* cmp/eq #imm,R0 */
1148         tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, REG(0), B7_0s);
1149 	return;
1150     case 0xc400:		/* mov.b @(disp,GBR),R0 */
1151 	{
1152 	    TCGv addr = tcg_temp_new();
1153 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0);
1154             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_SB);
1155 	}
1156 	return;
1157     case 0xc500:		/* mov.w @(disp,GBR),R0 */
1158 	{
1159 	    TCGv addr = tcg_temp_new();
1160 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 2);
1161             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_TESW);
1162 	}
1163 	return;
1164     case 0xc600:		/* mov.l @(disp,GBR),R0 */
1165 	{
1166 	    TCGv addr = tcg_temp_new();
1167 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 4);
1168             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_TESL);
1169 	}
1170 	return;
1171     case 0xc000:		/* mov.b R0,@(disp,GBR) */
1172 	{
1173 	    TCGv addr = tcg_temp_new();
1174 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0);
1175             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_UB);
1176 	}
1177 	return;
1178     case 0xc100:		/* mov.w R0,@(disp,GBR) */
1179 	{
1180 	    TCGv addr = tcg_temp_new();
1181 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 2);
1182             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_TEUW);
1183 	}
1184 	return;
1185     case 0xc200:		/* mov.l R0,@(disp,GBR) */
1186 	{
1187 	    TCGv addr = tcg_temp_new();
1188 	    tcg_gen_addi_i32(addr, cpu_gbr, B7_0 * 4);
1189             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_TEUL);
1190 	}
1191 	return;
1192     case 0x8000:		/* mov.b R0,@(disp,Rn) */
1193 	{
1194 	    TCGv addr = tcg_temp_new();
1195 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0);
1196             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx, MO_UB);
1197 	}
1198 	return;
1199     case 0x8100:		/* mov.w R0,@(disp,Rn) */
1200 	{
1201 	    TCGv addr = tcg_temp_new();
1202 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 2);
1203             tcg_gen_qemu_st_i32(REG(0), addr, ctx->memidx,
1204                                 MO_TEUW | UNALIGN(ctx));
1205 	}
1206 	return;
1207     case 0x8400:		/* mov.b @(disp,Rn),R0 */
1208 	{
1209 	    TCGv addr = tcg_temp_new();
1210 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0);
1211             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx, MO_SB);
1212 	}
1213 	return;
1214     case 0x8500:		/* mov.w @(disp,Rn),R0 */
1215 	{
1216 	    TCGv addr = tcg_temp_new();
1217 	    tcg_gen_addi_i32(addr, REG(B7_4), B3_0 * 2);
1218             tcg_gen_qemu_ld_i32(REG(0), addr, ctx->memidx,
1219                                 MO_TESW | UNALIGN(ctx));
1220 	}
1221 	return;
1222     case 0xc700:		/* mova @(disp,PC),R0 */
1223         tcg_gen_movi_i32(REG(0), ((ctx->base.pc_next & 0xfffffffc) +
1224                                   4 + B7_0 * 4) & ~3);
1225 	return;
1226     case 0xcb00:		/* or #imm,R0 */
1227 	tcg_gen_ori_i32(REG(0), REG(0), B7_0);
1228 	return;
1229     case 0xcf00:		/* or.b #imm,@(R0,GBR) */
1230 	{
1231 	    TCGv addr, val;
1232 	    addr = tcg_temp_new();
1233 	    tcg_gen_add_i32(addr, REG(0), cpu_gbr);
1234 	    val = tcg_temp_new();
1235             tcg_gen_qemu_ld_i32(val, addr, ctx->memidx, MO_UB);
1236 	    tcg_gen_ori_i32(val, val, B7_0);
1237             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_UB);
1238 	}
1239 	return;
1240     case 0xc300:		/* trapa #imm */
1241 	{
1242 	    TCGv imm;
1243 	    CHECK_NOT_DELAY_SLOT
1244             gen_save_cpu_state(ctx, true);
1245 	    imm = tcg_constant_i32(B7_0);
1246             gen_helper_trapa(cpu_env, imm);
1247             ctx->base.is_jmp = DISAS_NORETURN;
1248 	}
1249 	return;
1250     case 0xc800:		/* tst #imm,R0 */
1251 	{
1252 	    TCGv val = tcg_temp_new();
1253 	    tcg_gen_andi_i32(val, REG(0), B7_0);
1254             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
1255 	}
1256 	return;
1257     case 0xcc00:		/* tst.b #imm,@(R0,GBR) */
1258 	{
1259 	    TCGv val = tcg_temp_new();
1260 	    tcg_gen_add_i32(val, REG(0), cpu_gbr);
1261             tcg_gen_qemu_ld_i32(val, val, ctx->memidx, MO_UB);
1262 	    tcg_gen_andi_i32(val, val, B7_0);
1263             tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, val, 0);
1264 	}
1265 	return;
1266     case 0xca00:		/* xor #imm,R0 */
1267 	tcg_gen_xori_i32(REG(0), REG(0), B7_0);
1268 	return;
1269     case 0xce00:		/* xor.b #imm,@(R0,GBR) */
1270 	{
1271 	    TCGv addr, val;
1272 	    addr = tcg_temp_new();
1273 	    tcg_gen_add_i32(addr, REG(0), cpu_gbr);
1274 	    val = tcg_temp_new();
1275             tcg_gen_qemu_ld_i32(val, addr, ctx->memidx, MO_UB);
1276 	    tcg_gen_xori_i32(val, val, B7_0);
1277             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_UB);
1278 	}
1279 	return;
1280     }
1281 
1282     switch (ctx->opcode & 0xf08f) {
1283     case 0x408e:		/* ldc Rm,Rn_BANK */
1284 	CHECK_PRIVILEGED
1285 	tcg_gen_mov_i32(ALTREG(B6_4), REG(B11_8));
1286 	return;
1287     case 0x4087:		/* ldc.l @Rm+,Rn_BANK */
1288 	CHECK_PRIVILEGED
1289         tcg_gen_qemu_ld_i32(ALTREG(B6_4), REG(B11_8), ctx->memidx, MO_TESL);
1290 	tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1291 	return;
1292     case 0x0082:		/* stc Rm_BANK,Rn */
1293 	CHECK_PRIVILEGED
1294 	tcg_gen_mov_i32(REG(B11_8), ALTREG(B6_4));
1295 	return;
1296     case 0x4083:		/* stc.l Rm_BANK,@-Rn */
1297 	CHECK_PRIVILEGED
1298 	{
1299 	    TCGv addr = tcg_temp_new();
1300 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
1301             tcg_gen_qemu_st_i32(ALTREG(B6_4), addr, ctx->memidx, MO_TEUL);
1302 	    tcg_gen_mov_i32(REG(B11_8), addr);
1303 	}
1304 	return;
1305     }
1306 
1307     switch (ctx->opcode & 0xf0ff) {
1308     case 0x0023:		/* braf Rn */
1309 	CHECK_NOT_DELAY_SLOT
1310         tcg_gen_addi_i32(cpu_delayed_pc, REG(B11_8), ctx->base.pc_next + 4);
1311         ctx->envflags |= TB_FLAG_DELAY_SLOT;
1312 	ctx->delayed_pc = (uint32_t) - 1;
1313 	return;
1314     case 0x0003:		/* bsrf Rn */
1315 	CHECK_NOT_DELAY_SLOT
1316         tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
1317 	tcg_gen_add_i32(cpu_delayed_pc, REG(B11_8), cpu_pr);
1318         ctx->envflags |= TB_FLAG_DELAY_SLOT;
1319 	ctx->delayed_pc = (uint32_t) - 1;
1320 	return;
1321     case 0x4015:		/* cmp/pl Rn */
1322         tcg_gen_setcondi_i32(TCG_COND_GT, cpu_sr_t, REG(B11_8), 0);
1323 	return;
1324     case 0x4011:		/* cmp/pz Rn */
1325         tcg_gen_setcondi_i32(TCG_COND_GE, cpu_sr_t, REG(B11_8), 0);
1326 	return;
1327     case 0x4010:		/* dt Rn */
1328 	tcg_gen_subi_i32(REG(B11_8), REG(B11_8), 1);
1329         tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, REG(B11_8), 0);
1330 	return;
1331     case 0x402b:		/* jmp @Rn */
1332 	CHECK_NOT_DELAY_SLOT
1333 	tcg_gen_mov_i32(cpu_delayed_pc, REG(B11_8));
1334         ctx->envflags |= TB_FLAG_DELAY_SLOT;
1335 	ctx->delayed_pc = (uint32_t) - 1;
1336 	return;
1337     case 0x400b:		/* jsr @Rn */
1338 	CHECK_NOT_DELAY_SLOT
1339         tcg_gen_movi_i32(cpu_pr, ctx->base.pc_next + 4);
1340 	tcg_gen_mov_i32(cpu_delayed_pc, REG(B11_8));
1341         ctx->envflags |= TB_FLAG_DELAY_SLOT;
1342 	ctx->delayed_pc = (uint32_t) - 1;
1343 	return;
1344     case 0x400e:		/* ldc Rm,SR */
1345 	CHECK_PRIVILEGED
1346         {
1347             TCGv val = tcg_temp_new();
1348             tcg_gen_andi_i32(val, REG(B11_8), 0x700083f3);
1349             gen_write_sr(val);
1350             ctx->base.is_jmp = DISAS_STOP;
1351         }
1352 	return;
1353     case 0x4007:		/* ldc.l @Rm+,SR */
1354 	CHECK_PRIVILEGED
1355 	{
1356 	    TCGv val = tcg_temp_new();
1357             tcg_gen_qemu_ld_i32(val, REG(B11_8), ctx->memidx, MO_TESL);
1358             tcg_gen_andi_i32(val, val, 0x700083f3);
1359             gen_write_sr(val);
1360 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1361             ctx->base.is_jmp = DISAS_STOP;
1362 	}
1363 	return;
1364     case 0x0002:		/* stc SR,Rn */
1365 	CHECK_PRIVILEGED
1366         gen_read_sr(REG(B11_8));
1367 	return;
1368     case 0x4003:		/* stc SR,@-Rn */
1369 	CHECK_PRIVILEGED
1370 	{
1371 	    TCGv addr = tcg_temp_new();
1372             TCGv val = tcg_temp_new();
1373 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
1374             gen_read_sr(val);
1375             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_TEUL);
1376 	    tcg_gen_mov_i32(REG(B11_8), addr);
1377 	}
1378 	return;
1379 #define LD(reg,ldnum,ldpnum,prechk)		\
1380   case ldnum:							\
1381     prechk    							\
1382     tcg_gen_mov_i32 (cpu_##reg, REG(B11_8));			\
1383     return;							\
1384   case ldpnum:							\
1385     prechk    							\
1386     tcg_gen_qemu_ld_i32(cpu_##reg, REG(B11_8), ctx->memidx, MO_TESL); \
1387     tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);		\
1388     return;
1389 #define ST(reg,stnum,stpnum,prechk)		\
1390   case stnum:							\
1391     prechk    							\
1392     tcg_gen_mov_i32 (REG(B11_8), cpu_##reg);			\
1393     return;							\
1394   case stpnum:							\
1395     prechk    							\
1396     {								\
1397 	TCGv addr = tcg_temp_new();				\
1398 	tcg_gen_subi_i32(addr, REG(B11_8), 4);			\
1399         tcg_gen_qemu_st_i32(cpu_##reg, addr, ctx->memidx, MO_TEUL); \
1400 	tcg_gen_mov_i32(REG(B11_8), addr);			\
1401     }								\
1402     return;
1403 #define LDST(reg,ldnum,ldpnum,stnum,stpnum,prechk)		\
1404 	LD(reg,ldnum,ldpnum,prechk)				\
1405 	ST(reg,stnum,stpnum,prechk)
1406 	LDST(gbr,  0x401e, 0x4017, 0x0012, 0x4013, {})
1407 	LDST(vbr,  0x402e, 0x4027, 0x0022, 0x4023, CHECK_PRIVILEGED)
1408 	LDST(ssr,  0x403e, 0x4037, 0x0032, 0x4033, CHECK_PRIVILEGED)
1409 	LDST(spc,  0x404e, 0x4047, 0x0042, 0x4043, CHECK_PRIVILEGED)
1410 	ST(sgr,  0x003a, 0x4032, CHECK_PRIVILEGED)
1411         LD(sgr,  0x403a, 0x4036, CHECK_PRIVILEGED CHECK_SH4A)
1412 	LDST(dbr,  0x40fa, 0x40f6, 0x00fa, 0x40f2, CHECK_PRIVILEGED)
1413 	LDST(mach, 0x400a, 0x4006, 0x000a, 0x4002, {})
1414 	LDST(macl, 0x401a, 0x4016, 0x001a, 0x4012, {})
1415 	LDST(pr,   0x402a, 0x4026, 0x002a, 0x4022, {})
1416 	LDST(fpul, 0x405a, 0x4056, 0x005a, 0x4052, {CHECK_FPU_ENABLED})
1417     case 0x406a:		/* lds Rm,FPSCR */
1418 	CHECK_FPU_ENABLED
1419         gen_helper_ld_fpscr(cpu_env, REG(B11_8));
1420         ctx->base.is_jmp = DISAS_STOP;
1421 	return;
1422     case 0x4066:		/* lds.l @Rm+,FPSCR */
1423 	CHECK_FPU_ENABLED
1424 	{
1425 	    TCGv addr = tcg_temp_new();
1426             tcg_gen_qemu_ld_i32(addr, REG(B11_8), ctx->memidx, MO_TESL);
1427 	    tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1428             gen_helper_ld_fpscr(cpu_env, addr);
1429             ctx->base.is_jmp = DISAS_STOP;
1430 	}
1431 	return;
1432     case 0x006a:		/* sts FPSCR,Rn */
1433 	CHECK_FPU_ENABLED
1434 	tcg_gen_andi_i32(REG(B11_8), cpu_fpscr, 0x003fffff);
1435 	return;
1436     case 0x4062:		/* sts FPSCR,@-Rn */
1437 	CHECK_FPU_ENABLED
1438 	{
1439 	    TCGv addr, val;
1440 	    val = tcg_temp_new();
1441 	    tcg_gen_andi_i32(val, cpu_fpscr, 0x003fffff);
1442 	    addr = tcg_temp_new();
1443 	    tcg_gen_subi_i32(addr, REG(B11_8), 4);
1444             tcg_gen_qemu_st_i32(val, addr, ctx->memidx, MO_TEUL);
1445 	    tcg_gen_mov_i32(REG(B11_8), addr);
1446 	}
1447 	return;
1448     case 0x00c3:		/* movca.l R0,@Rm */
1449         {
1450             TCGv val = tcg_temp_new();
1451             tcg_gen_qemu_ld_i32(val, REG(B11_8), ctx->memidx, MO_TEUL);
1452             gen_helper_movcal(cpu_env, REG(B11_8), val);
1453             tcg_gen_qemu_st_i32(REG(0), REG(B11_8), ctx->memidx, MO_TEUL);
1454         }
1455         ctx->has_movcal = 1;
1456 	return;
1457     case 0x40a9:                /* movua.l @Rm,R0 */
1458         CHECK_SH4A
1459         /* Load non-boundary-aligned data */
1460         tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx,
1461                             MO_TEUL | MO_UNALN);
1462         return;
1463     case 0x40e9:                /* movua.l @Rm+,R0 */
1464         CHECK_SH4A
1465         /* Load non-boundary-aligned data */
1466         tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx,
1467                             MO_TEUL | MO_UNALN);
1468         tcg_gen_addi_i32(REG(B11_8), REG(B11_8), 4);
1469         return;
1470     case 0x0029:		/* movt Rn */
1471         tcg_gen_mov_i32(REG(B11_8), cpu_sr_t);
1472 	return;
1473     case 0x0073:
1474         /* MOVCO.L
1475          *     LDST -> T
1476          *     If (T == 1) R0 -> (Rn)
1477          *     0 -> LDST
1478          *
1479          * The above description doesn't work in a parallel context.
1480          * Since we currently support no smp boards, this implies user-mode.
1481          * But we can still support the official mechanism while user-mode
1482          * is single-threaded.  */
1483         CHECK_SH4A
1484         {
1485             TCGLabel *fail = gen_new_label();
1486             TCGLabel *done = gen_new_label();
1487 
1488             if ((tb_cflags(ctx->base.tb) & CF_PARALLEL)) {
1489                 TCGv tmp;
1490 
1491                 tcg_gen_brcond_i32(TCG_COND_NE, REG(B11_8),
1492                                    cpu_lock_addr, fail);
1493                 tmp = tcg_temp_new();
1494                 tcg_gen_atomic_cmpxchg_i32(tmp, REG(B11_8), cpu_lock_value,
1495                                            REG(0), ctx->memidx, MO_TEUL);
1496                 tcg_gen_setcond_i32(TCG_COND_EQ, cpu_sr_t, tmp, cpu_lock_value);
1497             } else {
1498                 tcg_gen_brcondi_i32(TCG_COND_EQ, cpu_lock_addr, -1, fail);
1499                 tcg_gen_qemu_st_i32(REG(0), REG(B11_8), ctx->memidx, MO_TEUL);
1500                 tcg_gen_movi_i32(cpu_sr_t, 1);
1501             }
1502             tcg_gen_br(done);
1503 
1504             gen_set_label(fail);
1505             tcg_gen_movi_i32(cpu_sr_t, 0);
1506 
1507             gen_set_label(done);
1508             tcg_gen_movi_i32(cpu_lock_addr, -1);
1509         }
1510         return;
1511     case 0x0063:
1512         /* MOVLI.L @Rm,R0
1513          *     1 -> LDST
1514          *     (Rm) -> R0
1515          *     When interrupt/exception
1516          *     occurred 0 -> LDST
1517          *
1518          * In a parallel context, we must also save the loaded value
1519          * for use with the cmpxchg that we'll use with movco.l.  */
1520         CHECK_SH4A
1521         if ((tb_cflags(ctx->base.tb) & CF_PARALLEL)) {
1522             TCGv tmp = tcg_temp_new();
1523             tcg_gen_mov_i32(tmp, REG(B11_8));
1524             tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx, MO_TESL);
1525             tcg_gen_mov_i32(cpu_lock_value, REG(0));
1526             tcg_gen_mov_i32(cpu_lock_addr, tmp);
1527         } else {
1528             tcg_gen_qemu_ld_i32(REG(0), REG(B11_8), ctx->memidx, MO_TESL);
1529             tcg_gen_movi_i32(cpu_lock_addr, 0);
1530         }
1531         return;
1532     case 0x0093:		/* ocbi @Rn */
1533 	{
1534             gen_helper_ocbi(cpu_env, REG(B11_8));
1535 	}
1536 	return;
1537     case 0x00a3:		/* ocbp @Rn */
1538     case 0x00b3:		/* ocbwb @Rn */
1539         /* These instructions are supposed to do nothing in case of
1540            a cache miss. Given that we only partially emulate caches
1541            it is safe to simply ignore them. */
1542 	return;
1543     case 0x0083:		/* pref @Rn */
1544 	return;
1545     case 0x00d3:		/* prefi @Rn */
1546         CHECK_SH4A
1547         return;
1548     case 0x00e3:		/* icbi @Rn */
1549         CHECK_SH4A
1550         return;
1551     case 0x00ab:		/* synco */
1552         CHECK_SH4A
1553         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
1554         return;
1555     case 0x4024:		/* rotcl Rn */
1556 	{
1557 	    TCGv tmp = tcg_temp_new();
1558             tcg_gen_mov_i32(tmp, cpu_sr_t);
1559             tcg_gen_shri_i32(cpu_sr_t, REG(B11_8), 31);
1560 	    tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 1);
1561             tcg_gen_or_i32(REG(B11_8), REG(B11_8), tmp);
1562 	}
1563 	return;
1564     case 0x4025:		/* rotcr Rn */
1565 	{
1566 	    TCGv tmp = tcg_temp_new();
1567             tcg_gen_shli_i32(tmp, cpu_sr_t, 31);
1568             tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 1);
1569 	    tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 1);
1570             tcg_gen_or_i32(REG(B11_8), REG(B11_8), tmp);
1571 	}
1572 	return;
1573     case 0x4004:		/* rotl Rn */
1574 	tcg_gen_rotli_i32(REG(B11_8), REG(B11_8), 1);
1575         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 0);
1576 	return;
1577     case 0x4005:		/* rotr Rn */
1578         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 0);
1579 	tcg_gen_rotri_i32(REG(B11_8), REG(B11_8), 1);
1580 	return;
1581     case 0x4000:		/* shll Rn */
1582     case 0x4020:		/* shal Rn */
1583         tcg_gen_shri_i32(cpu_sr_t, REG(B11_8), 31);
1584 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 1);
1585 	return;
1586     case 0x4021:		/* shar Rn */
1587         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 1);
1588 	tcg_gen_sari_i32(REG(B11_8), REG(B11_8), 1);
1589 	return;
1590     case 0x4001:		/* shlr Rn */
1591         tcg_gen_andi_i32(cpu_sr_t, REG(B11_8), 1);
1592 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 1);
1593 	return;
1594     case 0x4008:		/* shll2 Rn */
1595 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 2);
1596 	return;
1597     case 0x4018:		/* shll8 Rn */
1598 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 8);
1599 	return;
1600     case 0x4028:		/* shll16 Rn */
1601 	tcg_gen_shli_i32(REG(B11_8), REG(B11_8), 16);
1602 	return;
1603     case 0x4009:		/* shlr2 Rn */
1604 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 2);
1605 	return;
1606     case 0x4019:		/* shlr8 Rn */
1607 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 8);
1608 	return;
1609     case 0x4029:		/* shlr16 Rn */
1610 	tcg_gen_shri_i32(REG(B11_8), REG(B11_8), 16);
1611 	return;
1612     case 0x401b:		/* tas.b @Rn */
1613         tcg_gen_atomic_fetch_or_i32(cpu_sr_t, REG(B11_8),
1614                                     tcg_constant_i32(0x80), ctx->memidx, MO_UB);
1615         tcg_gen_setcondi_i32(TCG_COND_EQ, cpu_sr_t, cpu_sr_t, 0);
1616         return;
1617     case 0xf00d: /* fsts FPUL,FRn - FPSCR: Nothing */
1618 	CHECK_FPU_ENABLED
1619         tcg_gen_mov_i32(FREG(B11_8), cpu_fpul);
1620 	return;
1621     case 0xf01d: /* flds FRm,FPUL - FPSCR: Nothing */
1622 	CHECK_FPU_ENABLED
1623         tcg_gen_mov_i32(cpu_fpul, FREG(B11_8));
1624 	return;
1625     case 0xf02d: /* float FPUL,FRn/DRn - FPSCR: R[PR,Enable.I]/W[Cause,Flag] */
1626 	CHECK_FPU_ENABLED
1627         if (ctx->tbflags & FPSCR_PR) {
1628 	    TCGv_i64 fp;
1629             if (ctx->opcode & 0x0100) {
1630                 goto do_illegal;
1631             }
1632 	    fp = tcg_temp_new_i64();
1633             gen_helper_float_DT(fp, cpu_env, cpu_fpul);
1634             gen_store_fpr64(ctx, fp, B11_8);
1635 	}
1636 	else {
1637             gen_helper_float_FT(FREG(B11_8), cpu_env, cpu_fpul);
1638 	}
1639 	return;
1640     case 0xf03d: /* ftrc FRm/DRm,FPUL - FPSCR: R[PR,Enable.V]/W[Cause,Flag] */
1641 	CHECK_FPU_ENABLED
1642         if (ctx->tbflags & FPSCR_PR) {
1643 	    TCGv_i64 fp;
1644             if (ctx->opcode & 0x0100) {
1645                 goto do_illegal;
1646             }
1647 	    fp = tcg_temp_new_i64();
1648             gen_load_fpr64(ctx, fp, B11_8);
1649             gen_helper_ftrc_DT(cpu_fpul, cpu_env, fp);
1650 	}
1651 	else {
1652             gen_helper_ftrc_FT(cpu_fpul, cpu_env, FREG(B11_8));
1653 	}
1654 	return;
1655     case 0xf04d: /* fneg FRn/DRn - FPSCR: Nothing */
1656 	CHECK_FPU_ENABLED
1657         tcg_gen_xori_i32(FREG(B11_8), FREG(B11_8), 0x80000000);
1658 	return;
1659     case 0xf05d: /* fabs FRn/DRn - FPCSR: Nothing */
1660 	CHECK_FPU_ENABLED
1661         tcg_gen_andi_i32(FREG(B11_8), FREG(B11_8), 0x7fffffff);
1662 	return;
1663     case 0xf06d: /* fsqrt FRn */
1664 	CHECK_FPU_ENABLED
1665         if (ctx->tbflags & FPSCR_PR) {
1666             if (ctx->opcode & 0x0100) {
1667                 goto do_illegal;
1668             }
1669 	    TCGv_i64 fp = tcg_temp_new_i64();
1670             gen_load_fpr64(ctx, fp, B11_8);
1671             gen_helper_fsqrt_DT(fp, cpu_env, fp);
1672             gen_store_fpr64(ctx, fp, B11_8);
1673 	} else {
1674             gen_helper_fsqrt_FT(FREG(B11_8), cpu_env, FREG(B11_8));
1675 	}
1676 	return;
1677     case 0xf07d: /* fsrra FRn */
1678 	CHECK_FPU_ENABLED
1679         CHECK_FPSCR_PR_0
1680         gen_helper_fsrra_FT(FREG(B11_8), cpu_env, FREG(B11_8));
1681 	break;
1682     case 0xf08d: /* fldi0 FRn - FPSCR: R[PR] */
1683 	CHECK_FPU_ENABLED
1684         CHECK_FPSCR_PR_0
1685         tcg_gen_movi_i32(FREG(B11_8), 0);
1686         return;
1687     case 0xf09d: /* fldi1 FRn - FPSCR: R[PR] */
1688 	CHECK_FPU_ENABLED
1689         CHECK_FPSCR_PR_0
1690         tcg_gen_movi_i32(FREG(B11_8), 0x3f800000);
1691         return;
1692     case 0xf0ad: /* fcnvsd FPUL,DRn */
1693 	CHECK_FPU_ENABLED
1694 	{
1695 	    TCGv_i64 fp = tcg_temp_new_i64();
1696             gen_helper_fcnvsd_FT_DT(fp, cpu_env, cpu_fpul);
1697             gen_store_fpr64(ctx, fp, B11_8);
1698 	}
1699 	return;
1700     case 0xf0bd: /* fcnvds DRn,FPUL */
1701 	CHECK_FPU_ENABLED
1702 	{
1703 	    TCGv_i64 fp = tcg_temp_new_i64();
1704             gen_load_fpr64(ctx, fp, B11_8);
1705             gen_helper_fcnvds_DT_FT(cpu_fpul, cpu_env, fp);
1706 	}
1707 	return;
1708     case 0xf0ed: /* fipr FVm,FVn */
1709         CHECK_FPU_ENABLED
1710         CHECK_FPSCR_PR_1
1711         {
1712             TCGv m = tcg_constant_i32((ctx->opcode >> 8) & 3);
1713             TCGv n = tcg_constant_i32((ctx->opcode >> 10) & 3);
1714             gen_helper_fipr(cpu_env, m, n);
1715             return;
1716         }
1717         break;
1718     case 0xf0fd: /* ftrv XMTRX,FVn */
1719         CHECK_FPU_ENABLED
1720         CHECK_FPSCR_PR_1
1721         {
1722             if ((ctx->opcode & 0x0300) != 0x0100) {
1723                 goto do_illegal;
1724             }
1725             TCGv n = tcg_constant_i32((ctx->opcode >> 10) & 3);
1726             gen_helper_ftrv(cpu_env, n);
1727             return;
1728         }
1729         break;
1730     }
1731 #if 0
1732     fprintf(stderr, "unknown instruction 0x%04x at pc 0x%08x\n",
1733             ctx->opcode, ctx->base.pc_next);
1734     fflush(stderr);
1735 #endif
1736  do_illegal:
1737     if (ctx->envflags & TB_FLAG_DELAY_SLOT_MASK) {
1738  do_illegal_slot:
1739         gen_save_cpu_state(ctx, true);
1740         gen_helper_raise_slot_illegal_instruction(cpu_env);
1741     } else {
1742         gen_save_cpu_state(ctx, true);
1743         gen_helper_raise_illegal_instruction(cpu_env);
1744     }
1745     ctx->base.is_jmp = DISAS_NORETURN;
1746     return;
1747 
1748  do_fpu_disabled:
1749     gen_save_cpu_state(ctx, true);
1750     if (ctx->envflags & TB_FLAG_DELAY_SLOT_MASK) {
1751         gen_helper_raise_slot_fpu_disable(cpu_env);
1752     } else {
1753         gen_helper_raise_fpu_disable(cpu_env);
1754     }
1755     ctx->base.is_jmp = DISAS_NORETURN;
1756     return;
1757 }
1758 
1759 static void decode_opc(DisasContext * ctx)
1760 {
1761     uint32_t old_flags = ctx->envflags;
1762 
1763     _decode_opc(ctx);
1764 
1765     if (old_flags & TB_FLAG_DELAY_SLOT_MASK) {
1766         /* go out of the delay slot */
1767         ctx->envflags &= ~TB_FLAG_DELAY_SLOT_MASK;
1768 
1769         /* When in an exclusive region, we must continue to the end
1770            for conditional branches.  */
1771         if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE
1772             && old_flags & TB_FLAG_DELAY_SLOT_COND) {
1773             gen_delayed_conditional_jump(ctx);
1774             return;
1775         }
1776         /* Otherwise this is probably an invalid gUSA region.
1777            Drop the GUSA bits so the next TB doesn't see them.  */
1778         ctx->envflags &= ~TB_FLAG_GUSA_MASK;
1779 
1780         tcg_gen_movi_i32(cpu_flags, ctx->envflags);
1781         if (old_flags & TB_FLAG_DELAY_SLOT_COND) {
1782 	    gen_delayed_conditional_jump(ctx);
1783         } else {
1784             gen_jump(ctx);
1785 	}
1786     }
1787 }
1788 
1789 #ifdef CONFIG_USER_ONLY
1790 /* For uniprocessors, SH4 uses optimistic restartable atomic sequences.
1791    Upon an interrupt, a real kernel would simply notice magic values in
1792    the registers and reset the PC to the start of the sequence.
1793 
1794    For QEMU, we cannot do this in quite the same way.  Instead, we notice
1795    the normal start of such a sequence (mov #-x,r15).  While we can handle
1796    any sequence via cpu_exec_step_atomic, we can recognize the "normal"
1797    sequences and transform them into atomic operations as seen by the host.
1798 */
1799 static void decode_gusa(DisasContext *ctx, CPUSH4State *env)
1800 {
1801     uint16_t insns[5];
1802     int ld_adr, ld_dst, ld_mop;
1803     int op_dst, op_src, op_opc;
1804     int mv_src, mt_dst, st_src, st_mop;
1805     TCGv op_arg;
1806     uint32_t pc = ctx->base.pc_next;
1807     uint32_t pc_end = ctx->base.tb->cs_base;
1808     int max_insns = (pc_end - pc) / 2;
1809     int i;
1810 
1811     /* The state machine below will consume only a few insns.
1812        If there are more than that in a region, fail now.  */
1813     if (max_insns > ARRAY_SIZE(insns)) {
1814         goto fail;
1815     }
1816 
1817     /* Read all of the insns for the region.  */
1818     for (i = 0; i < max_insns; ++i) {
1819         insns[i] = translator_lduw(env, &ctx->base, pc + i * 2);
1820     }
1821 
1822     ld_adr = ld_dst = ld_mop = -1;
1823     mv_src = -1;
1824     op_dst = op_src = op_opc = -1;
1825     mt_dst = -1;
1826     st_src = st_mop = -1;
1827     op_arg = NULL;
1828     i = 0;
1829 
1830 #define NEXT_INSN \
1831     do { if (i >= max_insns) goto fail; ctx->opcode = insns[i++]; } while (0)
1832 
1833     /*
1834      * Expect a load to begin the region.
1835      */
1836     NEXT_INSN;
1837     switch (ctx->opcode & 0xf00f) {
1838     case 0x6000: /* mov.b @Rm,Rn */
1839         ld_mop = MO_SB;
1840         break;
1841     case 0x6001: /* mov.w @Rm,Rn */
1842         ld_mop = MO_TESW;
1843         break;
1844     case 0x6002: /* mov.l @Rm,Rn */
1845         ld_mop = MO_TESL;
1846         break;
1847     default:
1848         goto fail;
1849     }
1850     ld_adr = B7_4;
1851     ld_dst = B11_8;
1852     if (ld_adr == ld_dst) {
1853         goto fail;
1854     }
1855     /* Unless we see a mov, any two-operand operation must use ld_dst.  */
1856     op_dst = ld_dst;
1857 
1858     /*
1859      * Expect an optional register move.
1860      */
1861     NEXT_INSN;
1862     switch (ctx->opcode & 0xf00f) {
1863     case 0x6003: /* mov Rm,Rn */
1864         /*
1865          * Here we want to recognize ld_dst being saved for later consumption,
1866          * or for another input register being copied so that ld_dst need not
1867          * be clobbered during the operation.
1868          */
1869         op_dst = B11_8;
1870         mv_src = B7_4;
1871         if (op_dst == ld_dst) {
1872             /* Overwriting the load output.  */
1873             goto fail;
1874         }
1875         if (mv_src != ld_dst) {
1876             /* Copying a new input; constrain op_src to match the load.  */
1877             op_src = ld_dst;
1878         }
1879         break;
1880 
1881     default:
1882         /* Put back and re-examine as operation.  */
1883         --i;
1884     }
1885 
1886     /*
1887      * Expect the operation.
1888      */
1889     NEXT_INSN;
1890     switch (ctx->opcode & 0xf00f) {
1891     case 0x300c: /* add Rm,Rn */
1892         op_opc = INDEX_op_add_i32;
1893         goto do_reg_op;
1894     case 0x2009: /* and Rm,Rn */
1895         op_opc = INDEX_op_and_i32;
1896         goto do_reg_op;
1897     case 0x200a: /* xor Rm,Rn */
1898         op_opc = INDEX_op_xor_i32;
1899         goto do_reg_op;
1900     case 0x200b: /* or Rm,Rn */
1901         op_opc = INDEX_op_or_i32;
1902     do_reg_op:
1903         /* The operation register should be as expected, and the
1904            other input cannot depend on the load.  */
1905         if (op_dst != B11_8) {
1906             goto fail;
1907         }
1908         if (op_src < 0) {
1909             /* Unconstrainted input.  */
1910             op_src = B7_4;
1911         } else if (op_src == B7_4) {
1912             /* Constrained input matched load.  All operations are
1913                commutative; "swap" them by "moving" the load output
1914                to the (implicit) first argument and the move source
1915                to the (explicit) second argument.  */
1916             op_src = mv_src;
1917         } else {
1918             goto fail;
1919         }
1920         op_arg = REG(op_src);
1921         break;
1922 
1923     case 0x6007: /* not Rm,Rn */
1924         if (ld_dst != B7_4 || mv_src >= 0) {
1925             goto fail;
1926         }
1927         op_dst = B11_8;
1928         op_opc = INDEX_op_xor_i32;
1929         op_arg = tcg_constant_i32(-1);
1930         break;
1931 
1932     case 0x7000 ... 0x700f: /* add #imm,Rn */
1933         if (op_dst != B11_8 || mv_src >= 0) {
1934             goto fail;
1935         }
1936         op_opc = INDEX_op_add_i32;
1937         op_arg = tcg_constant_i32(B7_0s);
1938         break;
1939 
1940     case 0x3000: /* cmp/eq Rm,Rn */
1941         /* Looking for the middle of a compare-and-swap sequence,
1942            beginning with the compare.  Operands can be either order,
1943            but with only one overlapping the load.  */
1944         if ((ld_dst == B11_8) + (ld_dst == B7_4) != 1 || mv_src >= 0) {
1945             goto fail;
1946         }
1947         op_opc = INDEX_op_setcond_i32;  /* placeholder */
1948         op_src = (ld_dst == B11_8 ? B7_4 : B11_8);
1949         op_arg = REG(op_src);
1950 
1951         NEXT_INSN;
1952         switch (ctx->opcode & 0xff00) {
1953         case 0x8b00: /* bf label */
1954         case 0x8f00: /* bf/s label */
1955             if (pc + (i + 1 + B7_0s) * 2 != pc_end) {
1956                 goto fail;
1957             }
1958             if ((ctx->opcode & 0xff00) == 0x8b00) { /* bf label */
1959                 break;
1960             }
1961             /* We're looking to unconditionally modify Rn with the
1962                result of the comparison, within the delay slot of
1963                the branch.  This is used by older gcc.  */
1964             NEXT_INSN;
1965             if ((ctx->opcode & 0xf0ff) == 0x0029) { /* movt Rn */
1966                 mt_dst = B11_8;
1967             } else {
1968                 goto fail;
1969             }
1970             break;
1971 
1972         default:
1973             goto fail;
1974         }
1975         break;
1976 
1977     case 0x2008: /* tst Rm,Rn */
1978         /* Looking for a compare-and-swap against zero.  */
1979         if (ld_dst != B11_8 || ld_dst != B7_4 || mv_src >= 0) {
1980             goto fail;
1981         }
1982         op_opc = INDEX_op_setcond_i32;
1983         op_arg = tcg_constant_i32(0);
1984 
1985         NEXT_INSN;
1986         if ((ctx->opcode & 0xff00) != 0x8900 /* bt label */
1987             || pc + (i + 1 + B7_0s) * 2 != pc_end) {
1988             goto fail;
1989         }
1990         break;
1991 
1992     default:
1993         /* Put back and re-examine as store.  */
1994         --i;
1995     }
1996 
1997     /*
1998      * Expect the store.
1999      */
2000     /* The store must be the last insn.  */
2001     if (i != max_insns - 1) {
2002         goto fail;
2003     }
2004     NEXT_INSN;
2005     switch (ctx->opcode & 0xf00f) {
2006     case 0x2000: /* mov.b Rm,@Rn */
2007         st_mop = MO_UB;
2008         break;
2009     case 0x2001: /* mov.w Rm,@Rn */
2010         st_mop = MO_UW;
2011         break;
2012     case 0x2002: /* mov.l Rm,@Rn */
2013         st_mop = MO_UL;
2014         break;
2015     default:
2016         goto fail;
2017     }
2018     /* The store must match the load.  */
2019     if (ld_adr != B11_8 || st_mop != (ld_mop & MO_SIZE)) {
2020         goto fail;
2021     }
2022     st_src = B7_4;
2023 
2024 #undef NEXT_INSN
2025 
2026     /*
2027      * Emit the operation.
2028      */
2029     switch (op_opc) {
2030     case -1:
2031         /* No operation found.  Look for exchange pattern.  */
2032         if (st_src == ld_dst || mv_src >= 0) {
2033             goto fail;
2034         }
2035         tcg_gen_atomic_xchg_i32(REG(ld_dst), REG(ld_adr), REG(st_src),
2036                                 ctx->memidx, ld_mop);
2037         break;
2038 
2039     case INDEX_op_add_i32:
2040         if (op_dst != st_src) {
2041             goto fail;
2042         }
2043         if (op_dst == ld_dst && st_mop == MO_UL) {
2044             tcg_gen_atomic_add_fetch_i32(REG(ld_dst), REG(ld_adr),
2045                                          op_arg, ctx->memidx, ld_mop);
2046         } else {
2047             tcg_gen_atomic_fetch_add_i32(REG(ld_dst), REG(ld_adr),
2048                                          op_arg, ctx->memidx, ld_mop);
2049             if (op_dst != ld_dst) {
2050                 /* Note that mop sizes < 4 cannot use add_fetch
2051                    because it won't carry into the higher bits.  */
2052                 tcg_gen_add_i32(REG(op_dst), REG(ld_dst), op_arg);
2053             }
2054         }
2055         break;
2056 
2057     case INDEX_op_and_i32:
2058         if (op_dst != st_src) {
2059             goto fail;
2060         }
2061         if (op_dst == ld_dst) {
2062             tcg_gen_atomic_and_fetch_i32(REG(ld_dst), REG(ld_adr),
2063                                          op_arg, ctx->memidx, ld_mop);
2064         } else {
2065             tcg_gen_atomic_fetch_and_i32(REG(ld_dst), REG(ld_adr),
2066                                          op_arg, ctx->memidx, ld_mop);
2067             tcg_gen_and_i32(REG(op_dst), REG(ld_dst), op_arg);
2068         }
2069         break;
2070 
2071     case INDEX_op_or_i32:
2072         if (op_dst != st_src) {
2073             goto fail;
2074         }
2075         if (op_dst == ld_dst) {
2076             tcg_gen_atomic_or_fetch_i32(REG(ld_dst), REG(ld_adr),
2077                                         op_arg, ctx->memidx, ld_mop);
2078         } else {
2079             tcg_gen_atomic_fetch_or_i32(REG(ld_dst), REG(ld_adr),
2080                                         op_arg, ctx->memidx, ld_mop);
2081             tcg_gen_or_i32(REG(op_dst), REG(ld_dst), op_arg);
2082         }
2083         break;
2084 
2085     case INDEX_op_xor_i32:
2086         if (op_dst != st_src) {
2087             goto fail;
2088         }
2089         if (op_dst == ld_dst) {
2090             tcg_gen_atomic_xor_fetch_i32(REG(ld_dst), REG(ld_adr),
2091                                          op_arg, ctx->memidx, ld_mop);
2092         } else {
2093             tcg_gen_atomic_fetch_xor_i32(REG(ld_dst), REG(ld_adr),
2094                                          op_arg, ctx->memidx, ld_mop);
2095             tcg_gen_xor_i32(REG(op_dst), REG(ld_dst), op_arg);
2096         }
2097         break;
2098 
2099     case INDEX_op_setcond_i32:
2100         if (st_src == ld_dst) {
2101             goto fail;
2102         }
2103         tcg_gen_atomic_cmpxchg_i32(REG(ld_dst), REG(ld_adr), op_arg,
2104                                    REG(st_src), ctx->memidx, ld_mop);
2105         tcg_gen_setcond_i32(TCG_COND_EQ, cpu_sr_t, REG(ld_dst), op_arg);
2106         if (mt_dst >= 0) {
2107             tcg_gen_mov_i32(REG(mt_dst), cpu_sr_t);
2108         }
2109         break;
2110 
2111     default:
2112         g_assert_not_reached();
2113     }
2114 
2115     /* The entire region has been translated.  */
2116     ctx->envflags &= ~TB_FLAG_GUSA_MASK;
2117     ctx->base.pc_next = pc_end;
2118     ctx->base.num_insns += max_insns - 1;
2119     return;
2120 
2121  fail:
2122     qemu_log_mask(LOG_UNIMP, "Unrecognized gUSA sequence %08x-%08x\n",
2123                   pc, pc_end);
2124 
2125     /* Restart with the EXCLUSIVE bit set, within a TB run via
2126        cpu_exec_step_atomic holding the exclusive lock.  */
2127     ctx->envflags |= TB_FLAG_GUSA_EXCLUSIVE;
2128     gen_save_cpu_state(ctx, false);
2129     gen_helper_exclusive(cpu_env);
2130     ctx->base.is_jmp = DISAS_NORETURN;
2131 
2132     /* We're not executing an instruction, but we must report one for the
2133        purposes of accounting within the TB.  We might as well report the
2134        entire region consumed via ctx->base.pc_next so that it's immediately
2135        available in the disassembly dump.  */
2136     ctx->base.pc_next = pc_end;
2137     ctx->base.num_insns += max_insns - 1;
2138 }
2139 #endif
2140 
2141 static void sh4_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
2142 {
2143     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2144     CPUSH4State *env = cs->env_ptr;
2145     uint32_t tbflags;
2146     int bound;
2147 
2148     ctx->tbflags = tbflags = ctx->base.tb->flags;
2149     ctx->envflags = tbflags & TB_FLAG_ENVFLAGS_MASK;
2150     ctx->memidx = (tbflags & (1u << SR_MD)) == 0 ? 1 : 0;
2151     /* We don't know if the delayed pc came from a dynamic or static branch,
2152        so assume it is a dynamic branch.  */
2153     ctx->delayed_pc = -1; /* use delayed pc from env pointer */
2154     ctx->features = env->features;
2155     ctx->has_movcal = (tbflags & TB_FLAG_PENDING_MOVCA);
2156     ctx->gbank = ((tbflags & (1 << SR_MD)) &&
2157                   (tbflags & (1 << SR_RB))) * 0x10;
2158     ctx->fbank = tbflags & FPSCR_FR ? 0x10 : 0;
2159 
2160 #ifdef CONFIG_USER_ONLY
2161     if (tbflags & TB_FLAG_GUSA_MASK) {
2162         /* In gUSA exclusive region. */
2163         uint32_t pc = ctx->base.pc_next;
2164         uint32_t pc_end = ctx->base.tb->cs_base;
2165         int backup = sextract32(ctx->tbflags, TB_FLAG_GUSA_SHIFT, 8);
2166         int max_insns = (pc_end - pc) / 2;
2167 
2168         if (pc != pc_end + backup || max_insns < 2) {
2169             /* This is a malformed gUSA region.  Don't do anything special,
2170                since the interpreter is likely to get confused.  */
2171             ctx->envflags &= ~TB_FLAG_GUSA_MASK;
2172         } else if (tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
2173             /* Regardless of single-stepping or the end of the page,
2174                we must complete execution of the gUSA region while
2175                holding the exclusive lock.  */
2176             ctx->base.max_insns = max_insns;
2177             return;
2178         }
2179     }
2180 #endif
2181 
2182     /* Since the ISA is fixed-width, we can bound by the number
2183        of instructions remaining on the page.  */
2184     bound = -(ctx->base.pc_next | TARGET_PAGE_MASK) / 2;
2185     ctx->base.max_insns = MIN(ctx->base.max_insns, bound);
2186 }
2187 
2188 static void sh4_tr_tb_start(DisasContextBase *dcbase, CPUState *cs)
2189 {
2190 }
2191 
2192 static void sh4_tr_insn_start(DisasContextBase *dcbase, CPUState *cs)
2193 {
2194     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2195 
2196     tcg_gen_insn_start(ctx->base.pc_next, ctx->envflags);
2197 }
2198 
2199 static void sh4_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs)
2200 {
2201     CPUSH4State *env = cs->env_ptr;
2202     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2203 
2204 #ifdef CONFIG_USER_ONLY
2205     if (unlikely(ctx->envflags & TB_FLAG_GUSA_MASK)
2206         && !(ctx->envflags & TB_FLAG_GUSA_EXCLUSIVE)) {
2207         /* We're in an gUSA region, and we have not already fallen
2208            back on using an exclusive region.  Attempt to parse the
2209            region into a single supported atomic operation.  Failure
2210            is handled within the parser by raising an exception to
2211            retry using an exclusive region.  */
2212         decode_gusa(ctx, env);
2213         return;
2214     }
2215 #endif
2216 
2217     ctx->opcode = translator_lduw(env, &ctx->base, ctx->base.pc_next);
2218     decode_opc(ctx);
2219     ctx->base.pc_next += 2;
2220 }
2221 
2222 static void sh4_tr_tb_stop(DisasContextBase *dcbase, CPUState *cs)
2223 {
2224     DisasContext *ctx = container_of(dcbase, DisasContext, base);
2225 
2226     if (ctx->tbflags & TB_FLAG_GUSA_EXCLUSIVE) {
2227         /* Ending the region of exclusivity.  Clear the bits.  */
2228         ctx->envflags &= ~TB_FLAG_GUSA_MASK;
2229     }
2230 
2231     switch (ctx->base.is_jmp) {
2232     case DISAS_STOP:
2233         gen_save_cpu_state(ctx, true);
2234         tcg_gen_exit_tb(NULL, 0);
2235         break;
2236     case DISAS_NEXT:
2237     case DISAS_TOO_MANY:
2238         gen_save_cpu_state(ctx, false);
2239         gen_goto_tb(ctx, 0, ctx->base.pc_next);
2240         break;
2241     case DISAS_NORETURN:
2242         break;
2243     default:
2244         g_assert_not_reached();
2245     }
2246 }
2247 
2248 static void sh4_tr_disas_log(const DisasContextBase *dcbase,
2249                              CPUState *cs, FILE *logfile)
2250 {
2251     fprintf(logfile, "IN: %s\n", lookup_symbol(dcbase->pc_first));
2252     target_disas(logfile, cs, dcbase->pc_first, dcbase->tb->size);
2253 }
2254 
2255 static const TranslatorOps sh4_tr_ops = {
2256     .init_disas_context = sh4_tr_init_disas_context,
2257     .tb_start           = sh4_tr_tb_start,
2258     .insn_start         = sh4_tr_insn_start,
2259     .translate_insn     = sh4_tr_translate_insn,
2260     .tb_stop            = sh4_tr_tb_stop,
2261     .disas_log          = sh4_tr_disas_log,
2262 };
2263 
2264 void gen_intermediate_code(CPUState *cs, TranslationBlock *tb, int *max_insns,
2265                            target_ulong pc, void *host_pc)
2266 {
2267     DisasContext ctx;
2268 
2269     translator_loop(cs, tb, max_insns, pc, host_pc, &sh4_tr_ops, &ctx.base);
2270 }
2271