* [PATCH v2 00/19] target/i386: decoder changes for 8.2
@ 2023-10-19 10:46 Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 01/19] target/i386: group common checks in the decoding phase Paolo Bonzini
` (20 more replies)
0 siblings, 21 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
This includes:
- implementing SHA and CMPccXADD instruction extensions
- introducing a new mechanism for flags writeback that avoids a
tricky failure
- converting the more orthogonal parts of the one-byte opcode
map, as well as the CMOVcc and SETcc instructions.
Tested by booting several 32-bit and 64-bit guests.
The new decoder produces roughly 2% more ops, but after optimization there
are just 0.5% more and almost all of them come from cmp instructions.
For some reason that I have not investigated, these end up with an extra
mov even after optimization:
sub_i64 tmp0,rax,$0x33
mov_i64 cc_src,$0x33 mov_i64 cc_dst,tmp0
sub_i64 cc_dst,rax,$0x33 mov_i64 cc_src,$0x33
discard cc_src2 discard cc_src2
discard cc_op discard cc_op
It could be easily fixed by not reusing gen_SUB for cmp instructions,
or by debugging what goes on in the optimizer. However, it does not
result in larger assembly.
Paolo
v1->v2: call set_cc_op from the delayed flags writeback
preparation for CC_OP_DYNAMIC
fix INC/DEC to use delayed flags writeback
remove cc_srcT from delayed flags writeback
annotate places that call set_cc_op() from emit functions
rewrite IMUL expansion to avoid nowb and to commonize flags handling
introduce tcg_gen_negsetcondi*
Paolo Bonzini (19):
target/i386: group common checks in the decoding phase
target/i386: validate VEX.W for AVX instructions
target/i386: implement SHA instructions
tests/tcg/i386: initialize more registers in test-avx
tests/tcg/i386: test-avx: add test cases for SHA new instructions
target/i386: accept full MemOp in gen_ext_tl
target/i386: introduce flags writeback mechanism
target/i386: implement CMPccXADD
target/i386: do not clobber A0 in POP translation
target/i386: reintroduce debugging mechanism
target/i386: move 00-5F opcodes to new decoder
target/i386: adjust decoding of J operand
target/i386: split eflags computation out of gen_compute_eflags
tcg: add negsetcondi
target/i386: move 60-BF opcodes to new decoder
target/i386: move operand load and writeback out of gen_cmovcc1
target/i386: move remaining conditional operations to new decoder
target/i386: remove now converted opcodes from old decoder
target/i386: remove gen_op
include/tcg/tcg-op-common.h | 4 +
include/tcg/tcg-op.h | 2 +
target/i386/cpu.c | 4 +-
target/i386/cpu.h | 1 +
target/i386/ops_sse.h | 128 ++++
target/i386/tcg/decode-new.c.inc | 616 ++++++++++++++--
target/i386/tcg/decode-new.h | 43 +-
target/i386/tcg/emit.c.inc | 745 ++++++++++++++++++-
target/i386/tcg/ops_sse_header.h.inc | 14 +
target/i386/tcg/translate.c | 1001 +++-----------------------
tcg/tcg-op.c | 12 +
tests/tcg/i386/Makefile.target | 2 +-
tests/tcg/i386/test-avx.c | 8 +
tests/tcg/i386/test-avx.py | 3 +-
tests/tcg/i386/test-flags.c | 37 +
15 files changed, 1644 insertions(+), 976 deletions(-)
create mode 100644 tests/tcg/i386/test-flags.c
--
2.41.0
^ permalink raw reply [flat|nested] 29+ messages in thread
* [PATCH v2 01/19] target/i386: group common checks in the decoding phase
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
@ 2023-10-19 10:46 ` Paolo Bonzini
2023-10-19 15:45 ` Richard Henderson
2023-10-19 10:46 ` [PATCH v2 02/19] target/i386: validate VEX.W for AVX instructions Paolo Bonzini
` (19 subsequent siblings)
20 siblings, 1 reply; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
In preparation for adding more similar checks, move the VEX.L=0 check
and several X86_SPECIAL_* checks to a new field, where each bit represent
a common check on unused bits, or a restriction on the processor mode.
Likewise, many SVM intercepts can be checked during the decoding phase,
the main exception being the selective CR0 write, MSR and IOIO intercepts.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/decode-new.c.inc | 79 +++++++++++++++++++++++---------
target/i386/tcg/decode-new.h | 25 +++++++---
target/i386/tcg/emit.c.inc | 8 ----
3 files changed, 76 insertions(+), 36 deletions(-)
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index 7d76f152758..790339eaf25 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -90,8 +90,6 @@
X86_OP_ENTRY3(op, None, None, None, None, None, None, ## __VA_ARGS__)
#define cpuid(feat) .cpuid = X86_FEAT_##feat,
-#define i64 .special = X86_SPECIAL_i64,
-#define o64 .special = X86_SPECIAL_o64,
#define xchg .special = X86_SPECIAL_Locked,
#define mmx .special = X86_SPECIAL_MMX,
#define zext0 .special = X86_SPECIAL_ZExtOp0,
@@ -114,6 +112,9 @@
#define vex12 .vex_class = 12,
#define vex13 .vex_class = 13,
+#define chk(a) .check = X86_CHECK_##a,
+#define svm(a) .intercept = SVM_EXIT_##a,
+
#define avx2_256 .vex_special = X86_VEX_AVX2_256,
#define P_00 1
@@ -161,8 +162,8 @@ static void decode_group15(DisasContext *s, CPUX86State *env, X86OpEntry *entry,
};
static const X86OpEntry group15_mem[8] = {
- [2] = X86_OP_ENTRYr(LDMXCSR, E,d, vex5),
- [3] = X86_OP_ENTRYw(STMXCSR, E,d, vex5),
+ [2] = X86_OP_ENTRYr(LDMXCSR, E,d, vex5 chk(VEX128)),
+ [3] = X86_OP_ENTRYw(STMXCSR, E,d, vex5 chk(VEX128)),
};
uint8_t modrm = get_modrm(s, env);
@@ -1579,6 +1580,12 @@ static bool validate_vex(DisasContext *s, X86DecodedInsn *decode)
if (s->flags & HF_EM_MASK) {
goto illegal;
}
+
+ if (e->check & X86_CHECK_VEX128) {
+ if (s->vex_l) {
+ goto illegal;
+ }
+ }
return true;
nm_exception:
@@ -1764,6 +1771,25 @@ static void disas_insn_new(DisasContext *s, CPUState *cpu, int b)
goto illegal_op;
}
+ /* Checks that result in #UD come first. */
+ if (decode.e.check) {
+ if (decode.e.check & X86_CHECK_i64) {
+ if (CODE64(s)) {
+ goto illegal_op;
+ }
+ }
+ if (decode.e.check & X86_CHECK_o64) {
+ if (!CODE64(s)) {
+ goto illegal_op;
+ }
+ }
+ if (decode.e.check & X86_CHECK_prot) {
+ if (!PE(s) || VM86(s)) {
+ goto illegal_op;
+ }
+ }
+ }
+
switch (decode.e.special) {
case X86_SPECIAL_None:
break;
@@ -1774,23 +1800,6 @@ static void disas_insn_new(DisasContext *s, CPUState *cpu, int b)
}
break;
- case X86_SPECIAL_ProtMode:
- if (!PE(s) || VM86(s)) {
- goto illegal_op;
- }
- break;
-
- case X86_SPECIAL_i64:
- if (CODE64(s)) {
- goto illegal_op;
- }
- break;
- case X86_SPECIAL_o64:
- if (!CODE64(s)) {
- goto illegal_op;
- }
- break;
-
case X86_SPECIAL_ZExtOp0:
assert(decode.op[0].unit == X86_OP_INT);
if (!decode.op[0].has_ea) {
@@ -1820,6 +1829,31 @@ static void disas_insn_new(DisasContext *s, CPUState *cpu, int b)
if (!validate_vex(s, &decode)) {
return;
}
+
+ /*
+ * Checks that result in #GP or VMEXIT come second. Intercepts are
+ * generally checked after non-memory exceptions (i.e. before all
+ * exceptions if there is no memory operand). Exceptions are
+ * vm86 checks (INTn, IRET, PUSHF/POPF), RSM and XSETBV (!).
+ *
+ * RSM and XSETBV will be handled in the gen_* functions
+ * instead of using chk().
+ */
+ if (decode.e.check & X86_CHECK_cpl0) {
+ if (CPL(s) != 0) {
+ goto gp_fault;
+ }
+ }
+ if (decode.e.intercept && unlikely(GUEST(s))) {
+ gen_helper_svm_check_intercept(tcg_env,
+ tcg_constant_i32(decode.e.intercept));
+ }
+ if (decode.e.check & X86_CHECK_vm86_iopl) {
+ if (VM86(s) && IOPL(s) < 3) {
+ goto gp_fault;
+ }
+ }
+
if (decode.e.special == X86_SPECIAL_MMX &&
!(s->prefix & (PREFIX_REPZ | PREFIX_REPNZ | PREFIX_DATA))) {
gen_helper_enter_mmx(tcg_env);
@@ -1846,6 +1880,9 @@ static void disas_insn_new(DisasContext *s, CPUState *cpu, int b)
gen_writeback(s, &decode, 0, s->T0);
}
return;
+ gp_fault:
+ gen_exception_gpf(s);
+ return;
illegal_op:
gen_illegal_opcode(s);
return;
diff --git a/target/i386/tcg/decode-new.h b/target/i386/tcg/decode-new.h
index a542ec16813..631d39220bb 100644
--- a/target/i386/tcg/decode-new.h
+++ b/target/i386/tcg/decode-new.h
@@ -130,15 +130,28 @@ typedef enum X86OpUnit {
X86_OP_MMX, /* address in either s->ptrX or s->A0 depending on has_ea */
} X86OpUnit;
+typedef enum X86InsnCheck {
+ /* Illegal or exclusive to 64-bit mode */
+ X86_CHECK_i64 = 1,
+ X86_CHECK_o64 = 2,
+
+ /* Fault outside protected mode */
+ X86_CHECK_prot = 4,
+
+ /* Privileged instruction checks */
+ X86_CHECK_cpl0 = 8,
+ X86_CHECK_vm86_iopl = 16,
+
+ /* Fault if VEX.L=1 */
+ X86_CHECK_VEX128 = 32,
+} X86InsnCheck;
+
typedef enum X86InsnSpecial {
X86_SPECIAL_None,
/* Always locked if it has a memory operand (XCHG) */
X86_SPECIAL_Locked,
- /* Fault outside protected mode */
- X86_SPECIAL_ProtMode,
-
/*
* Register operand 0/2 is zero extended to 32 bits. Rd/Mb or Rd/Mw
* in the manual.
@@ -157,10 +170,6 @@ typedef enum X86InsnSpecial {
* become P/P/Q/N, and size "x" becomes "q".
*/
X86_SPECIAL_MMX,
-
- /* Illegal or exclusive to 64-bit mode */
- X86_SPECIAL_i64,
- X86_SPECIAL_o64,
} X86InsnSpecial;
/*
@@ -224,6 +233,8 @@ struct X86OpEntry {
unsigned vex_class:8;
X86VEXSpecial vex_special:8;
uint16_t valid_prefix:16;
+ uint8_t check:8;
+ uint8_t intercept:8;
bool is_decode:1;
};
diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
index 88793ba988d..7c36cf8a6df 100644
--- a/target/i386/tcg/emit.c.inc
+++ b/target/i386/tcg/emit.c.inc
@@ -1236,10 +1236,6 @@ static void gen_INSERTQ_r(DisasContext *s, CPUX86State *env, X86DecodedInsn *dec
static void gen_LDMXCSR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
- if (s->vex_l) {
- gen_illegal_opcode(s);
- return;
- }
tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T1);
gen_helper_ldmxcsr(tcg_env, s->tmp2_i32);
}
@@ -1832,10 +1828,6 @@ static void gen_VAESKEYGEN(DisasContext *s, CPUX86State *env, X86DecodedInsn *de
static void gen_STMXCSR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
- if (s->vex_l) {
- gen_illegal_opcode(s);
- return;
- }
gen_helper_update_mxcsr(tcg_env);
tcg_gen_ld32u_tl(s->T0, tcg_env, offsetof(CPUX86State, mxcsr));
}
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 02/19] target/i386: validate VEX.W for AVX instructions
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 01/19] target/i386: group common checks in the decoding phase Paolo Bonzini
@ 2023-10-19 10:46 ` Paolo Bonzini
2023-10-19 15:45 ` Richard Henderson
2023-10-19 10:46 ` [PATCH v2 03/19] target/i386: implement SHA instructions Paolo Bonzini
` (18 subsequent siblings)
20 siblings, 1 reply; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
Instructions in VEX exception class 6 generally look at the value of
VEX.W. Note that the manual places some instructions incorrectly in
class 4, for example VPERMQ which has no non-VEX encoding and no legacy
SSE analogue. AMD does a mess of its own, as documented in the comment
that this patch adds.
Most of them are checked for VEX.W=0, and are listed in the manual
(though with an omission) in table 2-16; VPERMQ and VPERMPD check for
VEX.W=1, which is only listed in the instruction description. Others,
such as VPSRLV, VPSLLV and the FMA3 instructions, use VEX.W to switch
between a 32-bit and 64-bit operation.
Fix more of the class 4/class 6 mismatches, and implement the check for
VEX.W in TCG.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/decode-new.c.inc | 133 +++++++++++++++++++++----------
target/i386/tcg/decode-new.h | 6 ++
2 files changed, 99 insertions(+), 40 deletions(-)
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index 790339eaf25..850271e0898 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -43,6 +43,47 @@
* There are a couple cases in which instructions (e.g. MOVD) write the
* whole XMM or MM register but are established incorrectly in the manual
* as "d" or "q". These have to be fixed for the decoder to work correctly.
+ *
+ * Speaking about imprecisions in the manual, the decoder treats all
+ * exception-class 4 instructions as having an optional VEX prefix, and
+ * all exception-class 6 instructions as having a mandatory VEX prefix.
+ * This is true except for a dozen instructions; these are in exception
+ * class 4 but do not ignore the VEX.W bit (which does not even exist
+ * without a VEX prefix). These instructions are mostly listed in Intel's
+ * table 2-16, but with a few exceptions.
+ *
+ * The AMD manual has more precise subclasses for exceptions, and unlike Intel
+ * they list the VEX.W requirements in the exception classes as well (except
+ * when they don't). AMD describes class 6 as "AVX Mixed Memory Argument"
+ * without defining what a mixed memory argument is, but still use 4 as the
+ * primary exception class... except when they don't.
+ *
+ * The summary is:
+ * Intel AMD VEX.W note
+ * -------------------------------------------------------------------
+ * vpblendd 4 4J 0
+ * vpblendvb 4 4E-X 0 (*)
+ * vpbroadcastq 6 6D 0 (+)
+ * vpermd/vpermps 4 4H 0 (§)
+ * vpermq/vpermpd 4 4H-1 1 (§)
+ * vpermilpd/vpermilps 4 6E 0 (^)
+ * vpmaskmovd 6 4K significant (^)
+ * vpsllv 4 4K significant
+ * vpsrav 4 4J 0
+ * vpsrlv 4 4K significant
+ * vtestps/vtestpd 4 4G 0
+ *
+ * (*) AMD lists VPBLENDVB as related to SSE4.1 PBLENDVB, which may
+ * explain why it is considered exception class 4. However,
+ * Intel says that VEX-only instructions should be in class 6...
+ *
+ * (+) Not found in Intel's table 2-16
+ *
+ * (§) 4H and 4H-1 do not mention VEX.W requirements, which are
+ * however present in the description of the instruction
+ *
+ * (^) these are the two cases in which Intel and AMD disagree on the
+ * primary exception class
*/
#define X86_OP_NONE { 0 },
@@ -338,11 +379,11 @@ static const X86OpEntry opcodes_0F38_00toEF[240] = {
[0x07] = X86_OP_ENTRY3(PHSUBSW, V,x, H,x, W,x, vex4 cpuid(SSSE3) mmx avx2_256 p_00_66),
[0x10] = X86_OP_ENTRY2(PBLENDVB, V,x, W,x, vex4 cpuid(SSE41) avx2_256 p_66),
- [0x13] = X86_OP_ENTRY2(VCVTPH2PS, V,x, W,xh, vex11 cpuid(F16C) p_66),
+ [0x13] = X86_OP_ENTRY2(VCVTPH2PS, V,x, W,xh, vex11 chk(W0) cpuid(F16C) p_66),
[0x14] = X86_OP_ENTRY2(BLENDVPS, V,x, W,x, vex4 cpuid(SSE41) p_66),
[0x15] = X86_OP_ENTRY2(BLENDVPD, V,x, W,x, vex4 cpuid(SSE41) p_66),
/* Listed incorrectly as type 4 */
- [0x16] = X86_OP_ENTRY3(VPERMD, V,qq, H,qq, W,qq, vex6 cpuid(AVX2) p_66),
+ [0x16] = X86_OP_ENTRY3(VPERMD, V,qq, H,qq, W,qq, vex6 chk(W0) cpuid(AVX2) p_66), /* vpermps */
[0x17] = X86_OP_ENTRY3(VPTEST, None,None, V,x, W,x, vex4 cpuid(SSE41) p_66),
/*
@@ -363,14 +404,14 @@ static const X86OpEntry opcodes_0F38_00toEF[240] = {
[0x33] = X86_OP_ENTRY3(VPMOVZXWD, V,x, None,None, W,q, vex5 cpuid(SSE41) avx_movx avx2_256 p_66),
[0x34] = X86_OP_ENTRY3(VPMOVZXWQ, V,x, None,None, W,d, vex5 cpuid(SSE41) avx_movx avx2_256 p_66),
[0x35] = X86_OP_ENTRY3(VPMOVZXDQ, V,x, None,None, W,q, vex5 cpuid(SSE41) avx_movx avx2_256 p_66),
- [0x36] = X86_OP_ENTRY3(VPERMD, V,qq, H,qq, W,qq, vex6 cpuid(AVX2) p_66),
+ [0x36] = X86_OP_ENTRY3(VPERMD, V,qq, H,qq, W,qq, vex6 chk(W0) cpuid(AVX2) p_66),
[0x37] = X86_OP_ENTRY3(PCMPGTQ, V,x, H,x, W,x, vex4 cpuid(SSE42) avx2_256 p_66),
[0x40] = X86_OP_ENTRY3(PMULLD, V,x, H,x, W,x, vex4 cpuid(SSE41) avx2_256 p_66),
[0x41] = X86_OP_ENTRY3(VPHMINPOSUW, V,dq, None,None, W,dq, vex4 cpuid(SSE41) p_66),
/* Listed incorrectly as type 4 */
[0x45] = X86_OP_ENTRY3(VPSRLV, V,x, H,x, W,x, vex6 cpuid(AVX2) p_66),
- [0x46] = X86_OP_ENTRY3(VPSRAV, V,x, H,x, W,x, vex6 cpuid(AVX2) p_66),
+ [0x46] = X86_OP_ENTRY3(VPSRAV, V,x, H,x, W,x, vex6 chk(W0) cpuid(AVX2) p_66),
[0x47] = X86_OP_ENTRY3(VPSLLV, V,x, H,x, W,x, vex6 cpuid(AVX2) p_66),
[0x90] = X86_OP_ENTRY3(VPGATHERD, V,x, H,x, M,d, vex12 cpuid(AVX2) p_66), /* vpgatherdd/q */
@@ -392,14 +433,15 @@ static const X86OpEntry opcodes_0F38_00toEF[240] = {
[0x09] = X86_OP_ENTRY3(PSIGNW, V,x, H,x, W,x, vex4 cpuid(SSSE3) mmx avx2_256 p_00_66),
[0x0a] = X86_OP_ENTRY3(PSIGND, V,x, H,x, W,x, vex4 cpuid(SSSE3) mmx avx2_256 p_00_66),
[0x0b] = X86_OP_ENTRY3(PMULHRSW, V,x, H,x, W,x, vex4 cpuid(SSSE3) mmx avx2_256 p_00_66),
- [0x0c] = X86_OP_ENTRY3(VPERMILPS, V,x, H,x, W,x, vex4 cpuid(AVX) p_00_66),
- [0x0d] = X86_OP_ENTRY3(VPERMILPD, V,x, H,x, W,x, vex4 cpuid(AVX) p_66),
- [0x0e] = X86_OP_ENTRY3(VTESTPS, None,None, V,x, W,x, vex4 cpuid(AVX) p_66),
- [0x0f] = X86_OP_ENTRY3(VTESTPD, None,None, V,x, W,x, vex4 cpuid(AVX) p_66),
+ /* Listed incorrectly as type 4 */
+ [0x0c] = X86_OP_ENTRY3(VPERMILPS, V,x, H,x, W,x, vex6 chk(W0) cpuid(AVX) p_00_66),
+ [0x0d] = X86_OP_ENTRY3(VPERMILPD, V,x, H,x, W,x, vex6 chk(W0) cpuid(AVX) p_66),
+ [0x0e] = X86_OP_ENTRY3(VTESTPS, None,None, V,x, W,x, vex6 chk(W0) cpuid(AVX) p_66),
+ [0x0f] = X86_OP_ENTRY3(VTESTPD, None,None, V,x, W,x, vex6 chk(W0) cpuid(AVX) p_66),
- [0x18] = X86_OP_ENTRY3(VPBROADCASTD, V,x, None,None, W,d, vex6 cpuid(AVX) p_66), /* vbroadcastss */
- [0x19] = X86_OP_ENTRY3(VPBROADCASTQ, V,qq, None,None, W,q, vex6 cpuid(AVX) p_66), /* vbroadcastsd */
- [0x1a] = X86_OP_ENTRY3(VBROADCASTx128, V,qq, None,None, WM,dq,vex6 cpuid(AVX) p_66),
+ [0x18] = X86_OP_ENTRY3(VPBROADCASTD, V,x, None,None, W,d, vex6 chk(W0) cpuid(AVX) p_66), /* vbroadcastss */
+ [0x19] = X86_OP_ENTRY3(VPBROADCASTQ, V,qq, None,None, W,q, vex6 chk(W0) cpuid(AVX) p_66), /* vbroadcastsd */
+ [0x1a] = X86_OP_ENTRY3(VBROADCASTx128, V,qq, None,None, WM,dq,vex6 chk(W0) cpuid(AVX) p_66),
[0x1c] = X86_OP_ENTRY3(PABSB, V,x, None,None, W,x, vex4 cpuid(SSSE3) mmx avx2_256 p_00_66),
[0x1d] = X86_OP_ENTRY3(PABSW, V,x, None,None, W,x, vex4 cpuid(SSSE3) mmx avx2_256 p_00_66),
[0x1e] = X86_OP_ENTRY3(PABSD, V,x, None,None, W,x, vex4 cpuid(SSSE3) mmx avx2_256 p_00_66),
@@ -408,11 +450,11 @@ static const X86OpEntry opcodes_0F38_00toEF[240] = {
[0x29] = X86_OP_ENTRY3(PCMPEQQ, V,x, H,x, W,x, vex4 cpuid(SSE41) avx2_256 p_66),
[0x2a] = X86_OP_ENTRY3(MOVDQ, V,x, None,None, WM,x, vex1 cpuid(SSE41) avx2_256 p_66), /* movntdqa */
[0x2b] = X86_OP_ENTRY3(VPACKUSDW, V,x, H,x, W,x, vex4 cpuid(SSE41) avx2_256 p_66),
- [0x2c] = X86_OP_ENTRY3(VMASKMOVPS, V,x, H,x, WM,x, vex6 cpuid(AVX) p_66),
- [0x2d] = X86_OP_ENTRY3(VMASKMOVPD, V,x, H,x, WM,x, vex6 cpuid(AVX) p_66),
+ [0x2c] = X86_OP_ENTRY3(VMASKMOVPS, V,x, H,x, WM,x, vex6 chk(W0) cpuid(AVX) p_66),
+ [0x2d] = X86_OP_ENTRY3(VMASKMOVPD, V,x, H,x, WM,x, vex6 chk(W0) cpuid(AVX) p_66),
/* Incorrectly listed as Mx,Hx,Vx in the manual */
- [0x2e] = X86_OP_ENTRY3(VMASKMOVPS_st, M,x, V,x, H,x, vex6 cpuid(AVX) p_66),
- [0x2f] = X86_OP_ENTRY3(VMASKMOVPD_st, M,x, V,x, H,x, vex6 cpuid(AVX) p_66),
+ [0x2e] = X86_OP_ENTRY3(VMASKMOVPS_st, M,x, V,x, H,x, vex6 chk(W0) cpuid(AVX) p_66),
+ [0x2f] = X86_OP_ENTRY3(VMASKMOVPD_st, M,x, V,x, H,x, vex6 chk(W0) cpuid(AVX) p_66),
[0x38] = X86_OP_ENTRY3(PMINSB, V,x, H,x, W,x, vex4 cpuid(SSE41) avx2_256 p_66),
[0x39] = X86_OP_ENTRY3(PMINSD, V,x, H,x, W,x, vex4 cpuid(SSE41) avx2_256 p_66),
@@ -423,12 +465,13 @@ static const X86OpEntry opcodes_0F38_00toEF[240] = {
[0x3e] = X86_OP_ENTRY3(PMAXUW, V,x, H,x, W,x, vex4 cpuid(SSE41) avx2_256 p_66),
[0x3f] = X86_OP_ENTRY3(PMAXUD, V,x, H,x, W,x, vex4 cpuid(SSE41) avx2_256 p_66),
- [0x58] = X86_OP_ENTRY3(VPBROADCASTD, V,x, None,None, W,d, vex6 cpuid(AVX2) p_66),
- [0x59] = X86_OP_ENTRY3(VPBROADCASTQ, V,x, None,None, W,q, vex6 cpuid(AVX2) p_66),
- [0x5a] = X86_OP_ENTRY3(VBROADCASTx128, V,qq, None,None, WM,dq,vex6 cpuid(AVX2) p_66),
+ /* VPBROADCASTQ not listed as W0 in table 2-16 */
+ [0x58] = X86_OP_ENTRY3(VPBROADCASTD, V,x, None,None, W,d, vex6 chk(W0) cpuid(AVX2) p_66),
+ [0x59] = X86_OP_ENTRY3(VPBROADCASTQ, V,x, None,None, W,q, vex6 chk(W0) cpuid(AVX2) p_66),
+ [0x5a] = X86_OP_ENTRY3(VBROADCASTx128, V,qq, None,None, WM,dq,vex6 chk(W0) cpuid(AVX2) p_66),
- [0x78] = X86_OP_ENTRY3(VPBROADCASTB, V,x, None,None, W,b, vex6 cpuid(AVX2) p_66),
- [0x79] = X86_OP_ENTRY3(VPBROADCASTW, V,x, None,None, W,w, vex6 cpuid(AVX2) p_66),
+ [0x78] = X86_OP_ENTRY3(VPBROADCASTB, V,x, None,None, W,b, vex6 chk(W0) cpuid(AVX2) p_66),
+ [0x79] = X86_OP_ENTRY3(VPBROADCASTW, V,x, None,None, W,w, vex6 chk(W0) cpuid(AVX2) p_66),
[0x8c] = X86_OP_ENTRY3(VPMASKMOV, V,x, H,x, WM,x, vex6 cpuid(AVX2) p_66),
[0x8e] = X86_OP_ENTRY3(VPMASKMOV_st, M,x, V,x, H,x, vex6 cpuid(AVX2) p_66),
@@ -555,18 +598,18 @@ static const X86OpEntry opcodes_0F3A[256] = {
* Also the "qq" instructions are sometimes omitted by Table 2-17, but are VEX256
* only.
*/
- [0x00] = X86_OP_ENTRY3(VPERMQ, V,qq, W,qq, I,b, vex6 cpuid(AVX2) p_66),
- [0x01] = X86_OP_ENTRY3(VPERMQ, V,qq, W,qq, I,b, vex6 cpuid(AVX2) p_66), /* VPERMPD */
- [0x02] = X86_OP_ENTRY4(VBLENDPS, V,x, H,x, W,x, vex6 cpuid(AVX2) p_66), /* VPBLENDD */
- [0x04] = X86_OP_ENTRY3(VPERMILPS_i, V,x, W,x, I,b, vex6 cpuid(AVX) p_66),
- [0x05] = X86_OP_ENTRY3(VPERMILPD_i, V,x, W,x, I,b, vex6 cpuid(AVX) p_66),
- [0x06] = X86_OP_ENTRY4(VPERM2x128, V,qq, H,qq, W,qq, vex6 cpuid(AVX) p_66),
+ [0x00] = X86_OP_ENTRY3(VPERMQ, V,qq, W,qq, I,b, vex6 chk(W1) cpuid(AVX2) p_66),
+ [0x01] = X86_OP_ENTRY3(VPERMQ, V,qq, W,qq, I,b, vex6 chk(W1) cpuid(AVX2) p_66), /* VPERMPD */
+ [0x02] = X86_OP_ENTRY4(VBLENDPS, V,x, H,x, W,x, vex6 chk(W0) cpuid(AVX2) p_66), /* VPBLENDD */
+ [0x04] = X86_OP_ENTRY3(VPERMILPS_i, V,x, W,x, I,b, vex6 chk(W0) cpuid(AVX) p_66),
+ [0x05] = X86_OP_ENTRY3(VPERMILPD_i, V,x, W,x, I,b, vex6 chk(W0) cpuid(AVX) p_66),
+ [0x06] = X86_OP_ENTRY4(VPERM2x128, V,qq, H,qq, W,qq, vex6 chk(W0) cpuid(AVX) p_66),
[0x14] = X86_OP_ENTRY3(PEXTRB, E,b, V,dq, I,b, vex5 cpuid(SSE41) zext0 p_66),
[0x15] = X86_OP_ENTRY3(PEXTRW, E,w, V,dq, I,b, vex5 cpuid(SSE41) zext0 p_66),
[0x16] = X86_OP_ENTRY3(PEXTR, E,y, V,dq, I,b, vex5 cpuid(SSE41) p_66),
[0x17] = X86_OP_ENTRY3(VEXTRACTPS, E,d, V,dq, I,b, vex5 cpuid(SSE41) p_66),
- [0x1d] = X86_OP_ENTRY3(VCVTPS2PH, W,xh, V,x, I,b, vex11 cpuid(F16C) p_66),
+ [0x1d] = X86_OP_ENTRY3(VCVTPS2PH, W,xh, V,x, I,b, vex11 chk(W0) cpuid(F16C) p_66),
[0x20] = X86_OP_ENTRY4(PINSRB, V,dq, H,dq, E,b, vex5 cpuid(SSE41) zext2 p_66),
[0x21] = X86_OP_GROUP0(VINSERTPS),
@@ -576,7 +619,7 @@ static const X86OpEntry opcodes_0F3A[256] = {
[0x41] = X86_OP_ENTRY4(VDDPD, V,dq, H,dq, W,dq, vex2 cpuid(SSE41) p_66),
[0x42] = X86_OP_ENTRY4(VMPSADBW, V,x, H,x, W,x, vex2 cpuid(SSE41) avx2_256 p_66),
[0x44] = X86_OP_ENTRY4(PCLMULQDQ, V,dq, H,dq, W,dq, vex4 cpuid(PCLMULQDQ) p_66),
- [0x46] = X86_OP_ENTRY4(VPERM2x128, V,qq, H,qq, W,qq, vex6 cpuid(AVX2) p_66),
+ [0x46] = X86_OP_ENTRY4(VPERM2x128, V,qq, H,qq, W,qq, vex6 chk(W0) cpuid(AVX2) p_66),
[0x60] = X86_OP_ENTRY4(PCMPESTRM, None,None, V,dq, W,dq, vex4_unal cpuid(SSE42) p_66),
[0x61] = X86_OP_ENTRY4(PCMPESTRI, None,None, V,dq, W,dq, vex4_unal cpuid(SSE42) p_66),
@@ -599,16 +642,16 @@ static const X86OpEntry opcodes_0F3A[256] = {
[0x0e] = X86_OP_ENTRY4(VPBLENDW, V,x, H,x, W,x, vex4 cpuid(SSE41) avx2_256 p_66),
[0x0f] = X86_OP_ENTRY4(PALIGNR, V,x, H,x, W,x, vex4 cpuid(SSSE3) mmx avx2_256 p_00_66),
- [0x18] = X86_OP_ENTRY4(VINSERTx128, V,qq, H,qq, W,qq, vex6 cpuid(AVX) p_66),
- [0x19] = X86_OP_ENTRY3(VEXTRACTx128, W,dq, V,qq, I,b, vex6 cpuid(AVX) p_66),
+ [0x18] = X86_OP_ENTRY4(VINSERTx128, V,qq, H,qq, W,qq, vex6 chk(W0) cpuid(AVX) p_66),
+ [0x19] = X86_OP_ENTRY3(VEXTRACTx128, W,dq, V,qq, I,b, vex6 chk(W0) cpuid(AVX) p_66),
- [0x38] = X86_OP_ENTRY4(VINSERTx128, V,qq, H,qq, W,qq, vex6 cpuid(AVX2) p_66),
- [0x39] = X86_OP_ENTRY3(VEXTRACTx128, W,dq, V,qq, I,b, vex6 cpuid(AVX2) p_66),
+ [0x38] = X86_OP_ENTRY4(VINSERTx128, V,qq, H,qq, W,qq, vex6 chk(W0) cpuid(AVX2) p_66),
+ [0x39] = X86_OP_ENTRY3(VEXTRACTx128, W,dq, V,qq, I,b, vex6 chk(W0) cpuid(AVX2) p_66),
/* Listed incorrectly as type 4 */
- [0x4a] = X86_OP_ENTRY4(VBLENDVPS, V,x, H,x, W,x, vex6 cpuid(AVX) p_66),
- [0x4b] = X86_OP_ENTRY4(VBLENDVPD, V,x, H,x, W,x, vex6 cpuid(AVX) p_66),
- [0x4c] = X86_OP_ENTRY4(VPBLENDVB, V,x, H,x, W,x, vex6 cpuid(AVX) p_66 avx2_256),
+ [0x4a] = X86_OP_ENTRY4(VBLENDVPS, V,x, H,x, W,x, vex6 chk(W0) cpuid(AVX) p_66),
+ [0x4b] = X86_OP_ENTRY4(VBLENDVPD, V,x, H,x, W,x, vex6 chk(W0) cpuid(AVX) p_66),
+ [0x4c] = X86_OP_ENTRY4(VPBLENDVB, V,x, H,x, W,x, vex6 chk(W0) cpuid(AVX) p_66 avx2_256),
[0xdf] = X86_OP_ENTRY3(VAESKEYGEN, V,dq, W,dq, I,b, vex4 cpuid(AES) p_66),
@@ -1494,8 +1537,6 @@ static bool validate_vex(DisasContext *s, X86DecodedInsn *decode)
}
}
- /* TODO: instructions that require VEX.W=0 (Table 2-16) */
-
switch (e->vex_class) {
case 0:
if (s->prefix & PREFIX_VEX) {
@@ -1581,9 +1622,21 @@ static bool validate_vex(DisasContext *s, X86DecodedInsn *decode)
goto illegal;
}
- if (e->check & X86_CHECK_VEX128) {
- if (s->vex_l) {
- goto illegal;
+ if (e->check) {
+ if (e->check & X86_CHECK_VEX128) {
+ if (s->vex_l) {
+ goto illegal;
+ }
+ }
+ if (e->check & X86_CHECK_W0) {
+ if (s->vex_w) {
+ goto illegal;
+ }
+ }
+ if (e->check & X86_CHECK_W1) {
+ if (!s->vex_w) {
+ goto illegal;
+ }
}
}
return true;
diff --git a/target/i386/tcg/decode-new.h b/target/i386/tcg/decode-new.h
index 631d39220bb..ae987dfe0ba 100644
--- a/target/i386/tcg/decode-new.h
+++ b/target/i386/tcg/decode-new.h
@@ -144,6 +144,12 @@ typedef enum X86InsnCheck {
/* Fault if VEX.L=1 */
X86_CHECK_VEX128 = 32,
+
+ /* Fault if VEX.W=1 */
+ X86_CHECK_W0 = 64,
+
+ /* Fault if VEX.W=0 */
+ X86_CHECK_W1 = 128,
} X86InsnCheck;
typedef enum X86InsnSpecial {
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 03/19] target/i386: implement SHA instructions
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 01/19] target/i386: group common checks in the decoding phase Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 02/19] target/i386: validate VEX.W for AVX instructions Paolo Bonzini
@ 2023-10-19 10:46 ` Paolo Bonzini
2023-10-19 10:59 ` Philippe Mathieu-Daudé
2023-10-19 10:46 ` [PATCH v2 04/19] tests/tcg/i386: initialize more registers in test-avx Paolo Bonzini
` (17 subsequent siblings)
20 siblings, 1 reply; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
The implementation was validated with OpenSSL and with the test vectors in
https://github.com/rust-lang/stdarch/blob/master/crates/core_arch/src/x86/sha.rs.
The instructions provide a ~25% improvement on hashing a 64 MiB file:
runtime goes down from 1.8 seconds to 1.4 seconds; instruction count on
the host goes down from 5.8 billion to 4.8 billion with slightly better
IPC too. Good job Intel. ;)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.c | 2 +-
target/i386/ops_sse.h | 128 +++++++++++++++++++++++++++
target/i386/tcg/decode-new.c.inc | 11 +++
target/i386/tcg/decode-new.h | 1 +
target/i386/tcg/emit.c.inc | 54 +++++++++++
| 14 +++
6 files changed, 209 insertions(+), 1 deletion(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index bdca901dfaa..070c02000fe 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -714,7 +714,7 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
CPUID_7_0_EBX_PCOMMIT | CPUID_7_0_EBX_CLFLUSHOPT | \
CPUID_7_0_EBX_CLWB | CPUID_7_0_EBX_MPX | CPUID_7_0_EBX_FSGSBASE | \
CPUID_7_0_EBX_ERMS | CPUID_7_0_EBX_AVX2 | CPUID_7_0_EBX_RDSEED | \
- CPUID_7_0_EBX_KERNEL_FEATURES)
+ CPUID_7_0_EBX_SHA_NI | CPUID_7_0_EBX_KERNEL_FEATURES)
/* missing:
CPUID_7_0_EBX_HLE
CPUID_7_0_EBX_INVPCID, CPUID_7_0_EBX_RTM */
diff --git a/target/i386/ops_sse.h b/target/i386/ops_sse.h
index 33908c0691f..6a465a35fdb 100644
--- a/target/i386/ops_sse.h
+++ b/target/i386/ops_sse.h
@@ -2527,6 +2527,134 @@ SSE_HELPER_FMAP(helper_fma4ps, ZMM_S, 2 << SHIFT, float32_muladd)
SSE_HELPER_FMAP(helper_fma4pd, ZMM_D, 1 << SHIFT, float64_muladd)
#endif
+#if SHIFT == 1
+#define SSE_HELPER_SHA1RNDS4(name, F, K) \
+ void name(Reg *d, Reg *a, Reg *b) \
+ { \
+ uint32_t A, B, C, D, E, t, i; \
+ \
+ A = a->L(3); \
+ B = a->L(2); \
+ C = a->L(1); \
+ D = a->L(0); \
+ E = 0; \
+ \
+ for (i = 0; i <= 3; i++) { \
+ t = F(B, C, D) + rol32(A, 5) + b->L(3 - i) + E + K; \
+ E = D; \
+ D = C; \
+ C = rol32(B, 30); \
+ B = A; \
+ A = t; \
+ } \
+ \
+ d->L(3) = A; \
+ d->L(2) = B; \
+ d->L(1) = C; \
+ d->L(0) = D; \
+ }
+
+#define SHA1_F0(b, c, d) (((b) & (c)) ^ (~(b) & (d)))
+#define SHA1_F1(b, c, d) ((b) ^ (c) ^ (d))
+#define SHA1_F2(b, c, d) (((b) & (c)) ^ ((b) & (d)) ^ ((c) & (d)))
+
+SSE_HELPER_SHA1RNDS4(helper_sha1rnds4_f0, SHA1_F0, 0x5A827999)
+SSE_HELPER_SHA1RNDS4(helper_sha1rnds4_f1, SHA1_F1, 0x6ED9EBA1)
+SSE_HELPER_SHA1RNDS4(helper_sha1rnds4_f2, SHA1_F2, 0x8F1BBCDC)
+SSE_HELPER_SHA1RNDS4(helper_sha1rnds4_f3, SHA1_F1, 0xCA62C1D6)
+
+void helper_sha1nexte(Reg *d, Reg *a, Reg *b)
+{
+ d->L(3) = b->L(3) + rol32(a->L(3), 30);
+ d->L(2) = b->L(2);
+ d->L(1) = b->L(1);
+ d->L(0) = b->L(0);
+}
+
+void helper_sha1msg1(Reg *d, Reg *a, Reg *b)
+{
+ /* These could be overwritten by the first two assignments, save them. */
+ uint32_t b3 = b->L(3);
+ uint32_t b2 = b->L(2);
+
+ d->L(3) = a->L(3) ^ a->L(1);
+ d->L(2) = a->L(2) ^ a->L(0);
+ d->L(1) = a->L(1) ^ b3;
+ d->L(0) = a->L(0) ^ b2;
+}
+
+void helper_sha1msg2(Reg *d, Reg *a, Reg *b)
+{
+ d->L(3) = rol32(a->L(3) ^ b->L(2), 1);
+ d->L(2) = rol32(a->L(2) ^ b->L(1), 1);
+ d->L(1) = rol32(a->L(1) ^ b->L(0), 1);
+ d->L(0) = rol32(a->L(0) ^ d->L(3), 1);
+}
+
+#define SHA256_CH(e, f, g) (((e) & (f)) ^ (~(e) & (g)))
+#define SHA256_MAJ(a, b, c) (((a) & (b)) ^ ((a) & (c)) ^ ((b) & (c)))
+
+#define SHA256_RNDS0(w) (ror32((w), 2) ^ ror32((w), 13) ^ ror32((w), 22))
+#define SHA256_RNDS1(w) (ror32((w), 6) ^ ror32((w), 11) ^ ror32((w), 25))
+#define SHA256_MSGS0(w) (ror32((w), 7) ^ ror32((w), 18) ^ ((w) >> 3))
+#define SHA256_MSGS1(w) (ror32((w), 17) ^ ror32((w), 19) ^ ((w) >> 10))
+
+void helper_sha256rnds2(Reg *d, Reg *a, Reg *b, uint32_t wk0, uint32_t wk1)
+{
+ uint32_t t, AA, EE;
+
+ uint32_t A = b->L(3);
+ uint32_t B = b->L(2);
+ uint32_t C = a->L(3);
+ uint32_t D = a->L(2);
+ uint32_t E = b->L(1);
+ uint32_t F = b->L(0);
+ uint32_t G = a->L(1);
+ uint32_t H = a->L(0);
+
+ /* Even round */
+ t = SHA256_CH(E, F, G) + SHA256_RNDS1(E) + wk0 + H;
+ AA = t + SHA256_MAJ(A, B, C) + SHA256_RNDS0(A);
+ EE = t + D;
+
+ /* These will be B and F at the end of the odd round */
+ d->L(2) = AA;
+ d->L(0) = EE;
+
+ D = C, C = B, B = A, A = AA;
+ H = G, G = F, F = E, E = EE;
+
+ /* Odd round */
+ t = SHA256_CH(E, F, G) + SHA256_RNDS1(E) + wk1 + H;
+ AA = t + SHA256_MAJ(A, B, C) + SHA256_RNDS0(A);
+ EE = t + D;
+
+ d->L(3) = AA;
+ d->L(1) = EE;
+}
+
+void helper_sha256msg1(Reg *d, Reg *a, Reg *b)
+{
+ /* b->L(0) could be overwritten by the first assignment, save it. */
+ uint32_t b0 = b->L(0);
+
+ d->L(0) = a->L(0) + SHA256_MSGS0(a->L(1));
+ d->L(1) = a->L(1) + SHA256_MSGS0(a->L(2));
+ d->L(2) = a->L(2) + SHA256_MSGS0(a->L(3));
+ d->L(3) = a->L(3) + SHA256_MSGS0(b0);
+}
+
+void helper_sha256msg2(Reg *d, Reg *a, Reg *b)
+{
+ /* Earlier assignments cannot overwrite any of the two operands. */
+ d->L(0) = a->L(0) + SHA256_MSGS1(b->L(2));
+ d->L(1) = a->L(1) + SHA256_MSGS1(b->L(3));
+ /* Yes, this reuses the previously computed values. */
+ d->L(2) = a->L(2) + SHA256_MSGS1(d->L(0));
+ d->L(3) = a->L(3) + SHA256_MSGS1(d->L(1));
+}
+#endif
+
#undef SSE_HELPER_S
#undef LANE_WIDTH
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index 850271e0898..eb2400095f8 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -504,6 +504,13 @@ static const X86OpEntry opcodes_0F38_00toEF[240] = {
[0xbe] = X86_OP_ENTRY3(VFNMSUB231Px, V,x, H,x, W,x, vex6 cpuid(FMA) p_66),
[0xbf] = X86_OP_ENTRY3(VFNMSUB231Sx, V,x, H,x, W,x, vex6 cpuid(FMA) p_66),
+ [0xc8] = X86_OP_ENTRY2(SHA1NEXTE, V,dq, W,dq, cpuid(SHA_NI)),
+ [0xc9] = X86_OP_ENTRY2(SHA1MSG1, V,dq, W,dq, cpuid(SHA_NI)),
+ [0xca] = X86_OP_ENTRY2(SHA1MSG2, V,dq, W,dq, cpuid(SHA_NI)),
+ [0xcb] = X86_OP_ENTRY2(SHA256RNDS2, V,dq, W,dq, cpuid(SHA_NI)),
+ [0xcc] = X86_OP_ENTRY2(SHA256MSG1, V,dq, W,dq, cpuid(SHA_NI)),
+ [0xcd] = X86_OP_ENTRY2(SHA256MSG2, V,dq, W,dq, cpuid(SHA_NI)),
+
[0xdb] = X86_OP_ENTRY3(VAESIMC, V,dq, None,None, W,dq, vex4 cpuid(AES) p_66),
[0xdc] = X86_OP_ENTRY3(VAESENC, V,x, H,x, W,x, vex4 cpuid(AES) p_66),
[0xdd] = X86_OP_ENTRY3(VAESENCLAST, V,x, H,x, W,x, vex4 cpuid(AES) p_66),
@@ -653,6 +660,8 @@ static const X86OpEntry opcodes_0F3A[256] = {
[0x4b] = X86_OP_ENTRY4(VBLENDVPD, V,x, H,x, W,x, vex6 chk(W0) cpuid(AVX) p_66),
[0x4c] = X86_OP_ENTRY4(VPBLENDVB, V,x, H,x, W,x, vex6 chk(W0) cpuid(AVX) p_66 avx2_256),
+ [0xcc] = X86_OP_ENTRY3(SHA1RNDS4, V,dq, W,dq, I,b, cpuid(SHA_NI)),
+
[0xdf] = X86_OP_ENTRY3(VAESKEYGEN, V,dq, W,dq, I,b, vex4 cpuid(AES) p_66),
[0xF0] = X86_OP_ENTRY3(RORX, G,y, E,y, I,b, vex13 cpuid(BMI2) p_f2),
@@ -1500,6 +1509,8 @@ static bool has_cpuid_feature(DisasContext *s, X86CPUIDFeature cpuid)
return (s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_BMI2);
case X86_FEAT_AVX2:
return (s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_AVX2);
+ case X86_FEAT_SHA_NI:
+ return (s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SHA_NI);
}
g_assert_not_reached();
}
diff --git a/target/i386/tcg/decode-new.h b/target/i386/tcg/decode-new.h
index ae987dfe0ba..ab21fa6db97 100644
--- a/target/i386/tcg/decode-new.h
+++ b/target/i386/tcg/decode-new.h
@@ -108,6 +108,7 @@ typedef enum X86CPUIDFeature {
X86_FEAT_FMA,
X86_FEAT_MOVBE,
X86_FEAT_PCLMULQDQ,
+ X86_FEAT_SHA_NI,
X86_FEAT_SSE,
X86_FEAT_SSE2,
X86_FEAT_SSE3,
diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
index 7c36cf8a6df..82da5488d47 100644
--- a/target/i386/tcg/emit.c.inc
+++ b/target/i386/tcg/emit.c.inc
@@ -1796,6 +1796,60 @@ static void gen_SARX(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
tcg_gen_sar_tl(s->T0, s->T0, s->T1);
}
+static void gen_SHA1NEXTE(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_helper_sha1nexte(OP_PTR0, OP_PTR1, OP_PTR2);
+}
+
+static void gen_SHA1MSG1(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_helper_sha1msg1(OP_PTR0, OP_PTR1, OP_PTR2);
+}
+
+static void gen_SHA1MSG2(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_helper_sha1msg2(OP_PTR0, OP_PTR1, OP_PTR2);
+}
+
+static void gen_SHA1RNDS4(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ switch(decode->immediate & 3) {
+ case 0:
+ gen_helper_sha1rnds4_f0(OP_PTR0, OP_PTR0, OP_PTR1);
+ break;
+ case 1:
+ gen_helper_sha1rnds4_f1(OP_PTR0, OP_PTR0, OP_PTR1);
+ break;
+ case 2:
+ gen_helper_sha1rnds4_f2(OP_PTR0, OP_PTR0, OP_PTR1);
+ break;
+ case 3:
+ gen_helper_sha1rnds4_f3(OP_PTR0, OP_PTR0, OP_PTR1);
+ break;
+ }
+}
+
+static void gen_SHA256MSG1(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_helper_sha256msg1(OP_PTR0, OP_PTR1, OP_PTR2);
+}
+
+static void gen_SHA256MSG2(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_helper_sha256msg2(OP_PTR0, OP_PTR1, OP_PTR2);
+}
+
+static void gen_SHA256RNDS2(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ TCGv_i32 wk0 = tcg_temp_new_i32();
+ TCGv_i32 wk1 = tcg_temp_new_i32();
+
+ tcg_gen_ld_i32(wk0, tcg_env, ZMM_OFFSET(0) + offsetof(ZMMReg, ZMM_L(0)));
+ tcg_gen_ld_i32(wk1, tcg_env, ZMM_OFFSET(0) + offsetof(ZMMReg, ZMM_L(1)));
+
+ gen_helper_sha256rnds2(OP_PTR0, OP_PTR1, OP_PTR2, wk0, wk1);
+}
+
static void gen_SHLX(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[0].ot;
--git a/target/i386/tcg/ops_sse_header.h.inc b/target/i386/tcg/ops_sse_header.h.inc
index 8a7b2f4e2f6..d92c6faf6d6 100644
--- a/target/i386/tcg/ops_sse_header.h.inc
+++ b/target/i386/tcg/ops_sse_header.h.inc
@@ -399,6 +399,20 @@ DEF_HELPER_3(vpermq_ymm, void, Reg, Reg, i32)
#endif
#endif
+/* SHA helpers */
+#if SHIFT == 1
+DEF_HELPER_3(sha1rnds4_f0, void, Reg, Reg, Reg)
+DEF_HELPER_3(sha1rnds4_f1, void, Reg, Reg, Reg)
+DEF_HELPER_3(sha1rnds4_f2, void, Reg, Reg, Reg)
+DEF_HELPER_3(sha1rnds4_f3, void, Reg, Reg, Reg)
+DEF_HELPER_3(sha1nexte, void, Reg, Reg, Reg)
+DEF_HELPER_3(sha1msg1, void, Reg, Reg, Reg)
+DEF_HELPER_3(sha1msg2, void, Reg, Reg, Reg)
+DEF_HELPER_5(sha256rnds2, void, Reg, Reg, Reg, i32, i32)
+DEF_HELPER_3(sha256msg1, void, Reg, Reg, Reg)
+DEF_HELPER_3(sha256msg2, void, Reg, Reg, Reg)
+#endif
+
#undef SHIFT
#undef Reg
#undef SUFFIX
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 04/19] tests/tcg/i386: initialize more registers in test-avx
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (2 preceding siblings ...)
2023-10-19 10:46 ` [PATCH v2 03/19] target/i386: implement SHA instructions Paolo Bonzini
@ 2023-10-19 10:46 ` Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 05/19] tests/tcg/i386: test-avx: add test cases for SHA new instructions Paolo Bonzini
` (16 subsequent siblings)
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
Some instructions use YMM0 implicitly, or use YMM9 as a read-modify-write
register destination. Initialize those registers as well.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
tests/tcg/i386/test-avx.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/tests/tcg/i386/test-avx.c b/tests/tcg/i386/test-avx.c
index c39c0e5bce8..2a04c1ecf15 100644
--- a/tests/tcg/i386/test-avx.c
+++ b/tests/tcg/i386/test-avx.c
@@ -316,6 +316,8 @@ int main(int argc, char *argv[])
int i;
init_all(&initI);
+ init_intreg(&initI.ymm[0]);
+ init_intreg(&initI.ymm[9]);
init_intreg(&initI.ymm[10]);
init_intreg(&initI.ymm[11]);
init_intreg(&initI.ymm[12]);
@@ -324,6 +326,8 @@ int main(int argc, char *argv[])
dump_regs(&initI);
init_all(&initF16);
+ init_f16reg(&initF16.ymm[0]);
+ init_f16reg(&initF16.ymm[9]);
init_f16reg(&initF16.ymm[10]);
init_f16reg(&initF16.ymm[11]);
init_f16reg(&initF16.ymm[12]);
@@ -333,6 +337,8 @@ int main(int argc, char *argv[])
dump_regs(&initF16);
init_all(&initF32);
+ init_f32reg(&initF32.ymm[0]);
+ init_f32reg(&initF32.ymm[9]);
init_f32reg(&initF32.ymm[10]);
init_f32reg(&initF32.ymm[11]);
init_f32reg(&initF32.ymm[12]);
@@ -342,6 +348,8 @@ int main(int argc, char *argv[])
dump_regs(&initF32);
init_all(&initF64);
+ init_f64reg(&initF64.ymm[0]);
+ init_f64reg(&initF64.ymm[9]);
init_f64reg(&initF64.ymm[10]);
init_f64reg(&initF64.ymm[11]);
init_f64reg(&initF64.ymm[12]);
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 05/19] tests/tcg/i386: test-avx: add test cases for SHA new instructions
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (3 preceding siblings ...)
2023-10-19 10:46 ` [PATCH v2 04/19] tests/tcg/i386: initialize more registers in test-avx Paolo Bonzini
@ 2023-10-19 10:46 ` Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 06/19] target/i386: accept full MemOp in gen_ext_tl Paolo Bonzini
` (15 subsequent siblings)
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
---
tests/tcg/i386/test-avx.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tests/tcg/i386/test-avx.py b/tests/tcg/i386/test-avx.py
index 641a2ef69eb..6063fb2d11d 100755
--- a/tests/tcg/i386/test-avx.py
+++ b/tests/tcg/i386/test-avx.py
@@ -9,7 +9,7 @@
archs = [
"SSE", "SSE2", "SSE3", "SSSE3", "SSE4_1", "SSE4_2",
"AES", "AVX", "AVX2", "AES+AVX", "VAES+AVX",
- "F16C", "FMA",
+ "F16C", "FMA", "SHA",
]
ignore = set(["FISTTP",
@@ -43,6 +43,7 @@
'vPS[LR][AL][WDQ]': 0x3f,
'vPS[RL]LDQ': 0x1f,
'vROUND[PS][SD]': 0x7,
+ 'SHA1RNDS4': 0x03,
'vSHUFPD': 0x0f,
'vSHUFPS': 0xff,
'vAESKEYGENASSIST': 0xff,
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 06/19] target/i386: accept full MemOp in gen_ext_tl
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (4 preceding siblings ...)
2023-10-19 10:46 ` [PATCH v2 05/19] tests/tcg/i386: test-avx: add test cases for SHA new instructions Paolo Bonzini
@ 2023-10-19 10:46 ` Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 07/19] target/i386: introduce flags writeback mechanism Paolo Bonzini
` (14 subsequent siblings)
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
Use MO_SIGN to indicate signed vs. unsigned extension, and filter out
bits other than MO_SIGN and MO_SIZE.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/translate.c | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 4f6f9fa7e52..d7d6c85877d 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -699,18 +699,18 @@ static inline void gen_op_movl_T0_Dshift(DisasContext *s, MemOp ot)
tcg_gen_shli_tl(s->T0, s->T0, ot);
};
-static TCGv gen_ext_tl(TCGv dst, TCGv src, MemOp size, bool sign)
+static TCGv gen_ext_tl(TCGv dst, TCGv src, MemOp ot)
{
- switch (size) {
+ switch (ot & MO_SIZE) {
case MO_8:
- if (sign) {
+ if (ot & MO_SIGN) {
tcg_gen_ext8s_tl(dst, src);
} else {
tcg_gen_ext8u_tl(dst, src);
}
return dst;
case MO_16:
- if (sign) {
+ if (ot & MO_SIGN) {
tcg_gen_ext16s_tl(dst, src);
} else {
tcg_gen_ext16u_tl(dst, src);
@@ -718,7 +718,7 @@ static TCGv gen_ext_tl(TCGv dst, TCGv src, MemOp size, bool sign)
return dst;
#ifdef TARGET_X86_64
case MO_32:
- if (sign) {
+ if (ot & MO_SIGN) {
tcg_gen_ext32s_tl(dst, src);
} else {
tcg_gen_ext32u_tl(dst, src);
@@ -732,12 +732,12 @@ static TCGv gen_ext_tl(TCGv dst, TCGv src, MemOp size, bool sign)
static void gen_extu(MemOp ot, TCGv reg)
{
- gen_ext_tl(reg, reg, ot, false);
+ gen_ext_tl(reg, reg, ot);
}
static void gen_exts(MemOp ot, TCGv reg)
{
- gen_ext_tl(reg, reg, ot, true);
+ gen_ext_tl(reg, reg, ot | MO_SIGN);
}
static void gen_op_j_ecx(DisasContext *s, TCGCond cond, TCGLabel *label1)
@@ -926,7 +926,7 @@ static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv reg)
case CC_OP_SUBB ... CC_OP_SUBQ:
/* (DATA_TYPE)CC_SRCT < (DATA_TYPE)CC_SRC */
size = s->cc_op - CC_OP_SUBB;
- t1 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false);
+ t1 = gen_ext_tl(s->tmp0, cpu_cc_src, size);
/* If no temporary was used, be careful not to alias t1 and t0. */
t0 = t1 == cpu_cc_src ? s->tmp0 : reg;
tcg_gen_mov_tl(t0, s->cc_srcT);
@@ -936,8 +936,8 @@ static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv reg)
case CC_OP_ADDB ... CC_OP_ADDQ:
/* (DATA_TYPE)CC_DST < (DATA_TYPE)CC_SRC */
size = s->cc_op - CC_OP_ADDB;
- t1 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false);
- t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
+ t1 = gen_ext_tl(s->tmp0, cpu_cc_src, size);
+ t0 = gen_ext_tl(reg, cpu_cc_dst, size);
add_sub:
return (CCPrepare) { .cond = TCG_COND_LTU, .reg = t0,
.reg2 = t1, .mask = -1, .use_reg2 = true };
@@ -965,7 +965,7 @@ static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv reg)
case CC_OP_BMILGB ... CC_OP_BMILGQ:
size = s->cc_op - CC_OP_BMILGB;
- t0 = gen_ext_tl(reg, cpu_cc_src, size, false);
+ t0 = gen_ext_tl(reg, cpu_cc_src, size);
return (CCPrepare) { .cond = TCG_COND_EQ, .reg = t0, .mask = -1 };
case CC_OP_ADCX:
@@ -1017,7 +1017,7 @@ static CCPrepare gen_prepare_eflags_s(DisasContext *s, TCGv reg)
default:
{
MemOp size = (s->cc_op - CC_OP_ADDB) & 3;
- TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, true);
+ TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size | MO_SIGN);
return (CCPrepare) { .cond = TCG_COND_LT, .reg = t0, .mask = -1 };
}
}
@@ -1062,7 +1062,7 @@ static CCPrepare gen_prepare_eflags_z(DisasContext *s, TCGv reg)
default:
{
MemOp size = (s->cc_op - CC_OP_ADDB) & 3;
- TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size, false);
+ TCGv t0 = gen_ext_tl(reg, cpu_cc_dst, size);
return (CCPrepare) { .cond = TCG_COND_EQ, .reg = t0, .mask = -1 };
}
}
@@ -1088,7 +1088,7 @@ static CCPrepare gen_prepare_cc(DisasContext *s, int b, TCGv reg)
case JCC_BE:
tcg_gen_mov_tl(s->tmp4, s->cc_srcT);
gen_extu(size, s->tmp4);
- t0 = gen_ext_tl(s->tmp0, cpu_cc_src, size, false);
+ t0 = gen_ext_tl(s->tmp0, cpu_cc_src, size);
cc = (CCPrepare) { .cond = TCG_COND_LEU, .reg = s->tmp4,
.reg2 = t0, .mask = -1, .use_reg2 = true };
break;
@@ -1101,7 +1101,7 @@ static CCPrepare gen_prepare_cc(DisasContext *s, int b, TCGv reg)
fast_jcc_l:
tcg_gen_mov_tl(s->tmp4, s->cc_srcT);
gen_exts(size, s->tmp4);
- t0 = gen_ext_tl(s->tmp0, cpu_cc_src, size, true);
+ t0 = gen_ext_tl(s->tmp0, cpu_cc_src, size | MO_SIGN);
cc = (CCPrepare) { .cond = cond, .reg = s->tmp4,
.reg2 = t0, .mask = -1, .use_reg2 = true };
break;
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 07/19] target/i386: introduce flags writeback mechanism
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (5 preceding siblings ...)
2023-10-19 10:46 ` [PATCH v2 06/19] target/i386: accept full MemOp in gen_ext_tl Paolo Bonzini
@ 2023-10-19 10:46 ` Paolo Bonzini
2023-10-19 17:44 ` Richard Henderson
2023-10-19 10:46 ` [PATCH v2 08/19] target/i386: implement CMPccXADD Paolo Bonzini
` (13 subsequent siblings)
20 siblings, 1 reply; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
ALU instructions can write to both memory and flags. If the CC_SRC*
and CC_DST locations have been written already when a memory access
causes a fault, the value in CC_SRC* and CC_DST might be interpreted
with the wrong CC_OP (the one that is in effect before the instruction.
Besides just using the wrong result for the flags, something like
subtracting -1 can have disastrous effects if the current CC_OP is
CC_OP_EFLAGS: this is because QEMU does not expect bits outside the ALU
flags to be set in CC_SRC, and env->eflags can end up set to all-ones.
In the case of the attached testcase, this sets IOPL to 3 and would
cause an assertion failure if SUB is moved to the new decoder.
This mechanism is not really needed for BMI instructions, which can
only write to a register, but put it to use anyway for cleanliness.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.h | 1 +
target/i386/tcg/decode-new.c.inc | 31 ++++++++++++++++++++++++++
target/i386/tcg/decode-new.h | 4 ++++
target/i386/tcg/emit.c.inc | 19 ++++++++++------
tests/tcg/i386/Makefile.target | 2 +-
tests/tcg/i386/test-flags.c | 37 ++++++++++++++++++++++++++++++++
6 files changed, 87 insertions(+), 7 deletions(-)
create mode 100644 tests/tcg/i386/test-flags.c
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index e1875466b9d..94a5137f068 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1285,6 +1285,7 @@ typedef enum {
CC_OP_NB,
} CCOp;
+QEMU_BUILD_BUG_ON(CC_OP_NB >= 128);
typedef struct SegmentCache {
uint32_t selector;
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index eb2400095f8..0a2aebf2ebb 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -1823,6 +1823,7 @@ static void disas_insn_new(DisasContext *s, CPUState *cpu, int b)
}
memset(&decode, 0, sizeof(decode));
+ decode.cc_op = -1;
decode.b = b;
if (!decode_insn(s, env, decode_func, &decode)) {
goto illegal_op;
@@ -1943,6 +1944,36 @@ static void disas_insn_new(DisasContext *s, CPUState *cpu, int b)
decode.e.gen(s, env, &decode);
gen_writeback(s, &decode, 0, s->T0);
}
+
+ /*
+ * Write back flags after last memory access. Some newer ALU instructions, as
+ * well as SSE instructions, write flags in the gen_* function, but that can
+ * cause incorrect tracking of CC_OP for instructions that write to both memory
+ * and flags.
+ */
+ if (decode.cc_op != -1) {
+ if (decode.cc_dst) {
+ tcg_gen_mov_tl(cpu_cc_dst, decode.cc_dst);
+ }
+ if (decode.cc_src) {
+ tcg_gen_mov_tl(cpu_cc_src, decode.cc_src);
+ }
+ if (decode.cc_src2) {
+ tcg_gen_mov_tl(cpu_cc_src2, decode.cc_src2);
+ }
+ if (decode.cc_op == CC_OP_DYNAMIC) {
+ tcg_gen_mov_i32(cpu_cc_op, decode.cc_op_dynamic);
+ } else {
+ assert(!decode.cc_op_dynamic);
+ }
+ set_cc_op(s, decode.cc_op);
+ } else {
+ assert(!decode.cc_dst);
+ assert(!decode.cc_src);
+ assert(!decode.cc_src2);
+ assert(!decode.cc_op_dynamic);
+ }
+
return;
gp_fault:
gen_exception_gpf(s);
diff --git a/target/i386/tcg/decode-new.h b/target/i386/tcg/decode-new.h
index ab21fa6db97..4258db19899 100644
--- a/target/i386/tcg/decode-new.h
+++ b/target/i386/tcg/decode-new.h
@@ -265,6 +265,10 @@ struct X86DecodedInsn {
target_ulong immediate;
AddressParts mem;
+ TCGv cc_dst, cc_src, cc_src2;
+ TCGv_i32 cc_op_dynamic;
+ int8_t cc_op;
+
uint8_t b;
};
diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
index 82da5488d47..90da1401745 100644
--- a/target/i386/tcg/emit.c.inc
+++ b/target/i386/tcg/emit.c.inc
@@ -323,6 +323,12 @@ static inline int vector_len(DisasContext *s, X86DecodedInsn *decode)
return s->vex_l ? 32 : 16;
}
+static void prepare_update1_cc(X86DecodedInsn *decode, DisasContext *s, CCOp op)
+{
+ decode->cc_dst = s->T0;
+ decode->cc_op = op;
+}
+
static void gen_store_sse(DisasContext *s, X86DecodedInsn *decode, int src_ofs)
{
MemOp ot = decode->op[0].ot;
@@ -1011,6 +1017,7 @@ static void gen_##uname(DisasContext *s, CPUX86State *env, X86DecodedInsn *decod
VSIB_AVX(VPGATHERD, vpgatherd)
VSIB_AVX(VPGATHERQ, vpgatherq)
+/* ADCX/ADOX do not have memory operands and can use set_cc_op. */
static void gen_ADCOX(DisasContext *s, CPUX86State *env, MemOp ot, int cc_op)
{
int opposite_cc_op;
@@ -1073,8 +1080,7 @@ static void gen_ANDN(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
MemOp ot = decode->op[0].ot;
tcg_gen_andc_tl(s->T0, s->T1, s->T0);
- gen_op_update1_cc(s);
- set_cc_op(s, CC_OP_LOGICB + ot);
+ prepare_update1_cc(decode, s, CC_OP_LOGICB + ot);
}
static void gen_BEXTR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
@@ -1105,10 +1111,10 @@ static void gen_BEXTR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
tcg_gen_movcond_tl(TCG_COND_LEU, s->T1, s->A0, bound, s->T1, zero);
tcg_gen_andc_tl(s->T0, s->T0, s->T1);
- gen_op_update1_cc(s);
- set_cc_op(s, CC_OP_LOGICB + ot);
+ prepare_update1_cc(decode, s, CC_OP_LOGICB + ot);
}
+/* BLSI do not have memory operands and can use set_cc_op. */
static void gen_BLSI(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[0].ot;
@@ -1120,6 +1126,7 @@ static void gen_BLSI(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
set_cc_op(s, CC_OP_BMILGB + ot);
}
+/* BLSMSK do not have memory operands and can use set_cc_op. */
static void gen_BLSMSK(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[0].ot;
@@ -1131,6 +1138,7 @@ static void gen_BLSMSK(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode
set_cc_op(s, CC_OP_BMILGB + ot);
}
+/* BLSR do not have memory operands and can use set_cc_op. */
static void gen_BLSR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[0].ot;
@@ -1161,8 +1169,7 @@ static void gen_BZHI(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
tcg_gen_movcond_tl(TCG_COND_LEU, s->A0, s->T1, bound, s->A0, zero);
tcg_gen_andc_tl(s->T0, s->T0, s->A0);
- gen_op_update1_cc(s);
- set_cc_op(s, CC_OP_BMILGB + ot);
+ prepare_update1_cc(decode, s, CC_OP_BMILGB + ot);
}
static void gen_CRC32(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
diff --git a/tests/tcg/i386/Makefile.target b/tests/tcg/i386/Makefile.target
index fdf757c6ce4..ca0f543ef16 100644
--- a/tests/tcg/i386/Makefile.target
+++ b/tests/tcg/i386/Makefile.target
@@ -13,7 +13,7 @@ config-cc.mak: Makefile
I386_SRCS=$(notdir $(wildcard $(I386_SRC)/*.c))
ALL_X86_TESTS=$(I386_SRCS:.c=)
-SKIP_I386_TESTS=test-i386-ssse3 test-avx test-3dnow test-mmx
+SKIP_I386_TESTS=test-i386-ssse3 test-avx test-3dnow test-mmx test-flags
X86_64_TESTS:=$(filter test-i386-adcox test-i386-bmi2 $(SKIP_I386_TESTS), $(ALL_X86_TESTS))
test-i386-sse-exceptions: CFLAGS += -msse4.1 -mfpmath=sse
diff --git a/tests/tcg/i386/test-flags.c b/tests/tcg/i386/test-flags.c
new file mode 100644
index 00000000000..c379e296275
--- /dev/null
+++ b/tests/tcg/i386/test-flags.c
@@ -0,0 +1,37 @@
+#define _GNU_SOURCE
+#include <sys/mman.h>
+#include <signal.h>
+#include <stdio.h>
+#include <assert.h>
+
+volatile unsigned long flags;
+volatile unsigned long flags_after;
+int *addr;
+
+void sigsegv(int sig, siginfo_t *info, ucontext_t *uc)
+{
+ flags = uc->uc_mcontext.gregs[REG_EFL];
+ mprotect(addr, 4096, PROT_READ|PROT_WRITE);
+}
+
+int main()
+{
+ struct sigaction sa = { .sa_handler = (void *)sigsegv, .sa_flags = SA_SIGINFO };
+ sigaction(SIGSEGV, &sa, NULL);
+
+ /* fault in the page then protect it */
+ addr = mmap (NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0);
+ *addr = 0x1234;
+ mprotect(addr, 4096, PROT_READ);
+
+ asm("# set flags to all ones \n"
+ "mov $-1, %%eax \n"
+ "movq addr, %%rdi \n"
+ "sahf \n"
+ "sub %%eax, (%%rdi) \n"
+ "pushf \n"
+ "pop flags_after(%%rip) \n" : : : "eax", "edi", "memory");
+
+ /* OF can have any value before the SUB instruction. */
+ assert((flags & 0xff) == 0xd7 && (flags_after & 0x8ff) == 0x17);
+}
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 08/19] target/i386: implement CMPccXADD
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (6 preceding siblings ...)
2023-10-19 10:46 ` [PATCH v2 07/19] target/i386: introduce flags writeback mechanism Paolo Bonzini
@ 2023-10-19 10:46 ` Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 09/19] target/i386: do not clobber A0 in POP translation Paolo Bonzini
` (12 subsequent siblings)
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
The main difficulty here is that a page fault when writing to the destination
must not overwrite the flags. Therefore, the compute-flags helper must be
called with a temporary destination instead of using gen_jcc1*.
For simplicity, I am using an unconditional cmpxchg operation, that becomes
a NOP if the comparison fails.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.c | 2 +-
target/i386/tcg/decode-new.c.inc | 30 ++++++++++
target/i386/tcg/decode-new.h | 2 +
target/i386/tcg/emit.c.inc | 98 ++++++++++++++++++++++++++++++++
target/i386/tcg/translate.c | 2 +
5 files changed, 133 insertions(+), 1 deletion(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 070c02000fe..15fc9d44e35 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -738,7 +738,7 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
#define TCG_7_0_EDX_FEATURES (CPUID_7_0_EDX_FSRM | CPUID_7_0_EDX_KERNEL_FEATURES)
#define TCG_7_1_EAX_FEATURES (CPUID_7_1_EAX_FZRM | CPUID_7_1_EAX_FSRS | \
- CPUID_7_1_EAX_FSRC)
+ CPUID_7_1_EAX_FSRC | CPUID_7_1_EAX_CMPCCXADD)
#define TCG_7_1_EDX_FEATURES 0
#define TCG_7_2_EDX_FEATURES 0
#define TCG_APM_FEATURES 0
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index 0a2aebf2ebb..57a5014bc8a 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -516,6 +516,28 @@ static const X86OpEntry opcodes_0F38_00toEF[240] = {
[0xdd] = X86_OP_ENTRY3(VAESENCLAST, V,x, H,x, W,x, vex4 cpuid(AES) p_66),
[0xde] = X86_OP_ENTRY3(VAESDEC, V,x, H,x, W,x, vex4 cpuid(AES) p_66),
[0xdf] = X86_OP_ENTRY3(VAESDECLAST, V,x, H,x, W,x, vex4 cpuid(AES) p_66),
+
+ /*
+ * REG selects srcdest2 operand, VEX.vvvv selects src3. VEX class not found
+ * in manual, assumed to be 13 from the VEX.L0 = constraint.
+ */
+ [0xe0] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+ [0xe1] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+ [0xe2] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+ [0xe3] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+ [0xe4] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+ [0xe5] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+ [0xe6] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+ [0xe7] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+
+ [0xe8] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+ [0xe9] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+ [0xea] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+ [0xeb] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+ [0xec] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+ [0xed] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+ [0xee] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
+ [0xef] = X86_OP_ENTRY3(CMPccXADD, EM,y, G,y, B,y, vex13 xchg chk(o64) cpuid(CMPCCXADD) p_66),
};
/* five rows for no prefix, 66, F3, F2, 66+F2 */
@@ -1273,8 +1295,13 @@ static bool decode_op(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode,
case X86_TYPE_WM: /* modrm byte selects an XMM/YMM memory operand */
op->unit = X86_OP_SSE;
+ goto get_modrm_mem;
+
+ case X86_TYPE_EM: /* modrm byte selects an ALU memory operand */
+ op->unit = X86_OP_INT;
/* fall through */
case X86_TYPE_M: /* modrm byte selects a memory operand */
+ get_modrm_mem:
modrm = get_modrm(s, env);
if ((modrm >> 6) == 3) {
return false;
@@ -1511,6 +1538,9 @@ static bool has_cpuid_feature(DisasContext *s, X86CPUIDFeature cpuid)
return (s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_AVX2);
case X86_FEAT_SHA_NI:
return (s->cpuid_7_0_ebx_features & CPUID_7_0_EBX_SHA_NI);
+
+ case X86_FEAT_CMPCCXADD:
+ return (s->cpuid_7_1_eax_features & CPUID_7_1_EAX_CMPCCXADD);
}
g_assert_not_reached();
}
diff --git a/target/i386/tcg/decode-new.h b/target/i386/tcg/decode-new.h
index 4258db19899..15233fad62f 100644
--- a/target/i386/tcg/decode-new.h
+++ b/target/i386/tcg/decode-new.h
@@ -47,6 +47,7 @@ typedef enum X86OpType {
X86_TYPE_Y, /* string destination */
/* Custom */
+ X86_TYPE_EM, /* modrm byte selects an ALU memory operand */
X86_TYPE_WM, /* modrm byte selects an XMM/YMM memory operand */
X86_TYPE_2op, /* 2-operand RMW instruction */
X86_TYPE_LoBits, /* encoded in bits 0-2 of the operand + REX.B */
@@ -104,6 +105,7 @@ typedef enum X86CPUIDFeature {
X86_FEAT_AVX2,
X86_FEAT_BMI1,
X86_FEAT_BMI2,
+ X86_FEAT_CMPCCXADD,
X86_FEAT_F16C,
X86_FEAT_FMA,
X86_FEAT_MOVBE,
diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
index 90da1401745..dd77a8c5511 100644
--- a/target/i386/tcg/emit.c.inc
+++ b/target/i386/tcg/emit.c.inc
@@ -1172,6 +1172,104 @@ static void gen_BZHI(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
prepare_update1_cc(decode, s, CC_OP_BMILGB + ot);
}
+static void gen_CMPccXADD(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ TCGv z_tl = tcg_constant_tl(0);
+ TCGLabel *label_top = gen_new_label();
+ TCGLabel *label_bottom = gen_new_label();
+ TCGv oldv = tcg_temp_new();
+ TCGv newv = tcg_temp_new();
+ TCGv cmpv = tcg_temp_new();
+ TCGv tmp_cc = tcg_temp_new();
+
+ TCGv cmp_lhs, cmp_rhs;
+ MemOp ot, ot_full;
+
+ int jcc_op = (decode->b >> 1) & 7;
+ static const uint8_t cond[16] = {
+ TCG_COND_NE, /* o, just test OF=1 */
+ TCG_COND_EQ, /* no, just test OF=0 */
+ TCG_COND_LTU, /* b */
+ TCG_COND_GEU, /* ae (nb) */
+ TCG_COND_EQ, /* z */
+ TCG_COND_NE, /* nz */
+ TCG_COND_LEU, /* be */
+ TCG_COND_GTU, /* a (nbe) */
+ TCG_COND_LT, /* s, compares result against 0 */
+ TCG_COND_GE, /* ns, compares result against 0 */
+ TCG_COND_NE, /* p, just test PF=1 */
+ TCG_COND_EQ, /* np, just test PF=0 */
+ TCG_COND_LT, /* l */
+ TCG_COND_GE, /* ge (nl) */
+ TCG_COND_LE, /* le */
+ TCG_COND_GT, /* g (nle) */
+ };
+
+ ot = decode->op[0].ot;
+ ot_full = ot | MO_LE;
+ if (jcc_op >= JCC_S) {
+ /*
+ * Sign-extend values before subtracting for S, P (zero/sign extension
+ * does not matter there) L, LE and their inverses.
+ */
+ ot_full |= MO_SIGN;
+ }
+
+ gen_ext_tl(cmpv, cpu_regs[decode->op[1].n], ot_full);
+
+ /*
+ * Cmpxchg loop starts here.
+ * - s->T1: addition operand (from decoder)
+ * - s->A0: dest address (from decoder)
+ * - s->cc_srcT: memory operand (lhs for comparison)
+ * - cmpv: rhs for comparison (will be in cc_src except for o/no/p/np);
+ */
+ gen_set_label(label_top);
+ gen_op_ld_v(s, ot_full, s->cc_srcT, s->A0);
+ tcg_gen_sub_tl(s->T0, s->cc_srcT, cmpv);
+
+ /* Compute comparison result but do not clobber cc_* yet. */
+ switch (jcc_op) {
+ case JCC_O:
+ case JCC_P:
+ gen_helper_cc_compute_all(tmp_cc, s->T0, cmpv, z_tl,
+ tcg_constant_i32(CC_OP_SUBB + ot));
+ decode->cc_src = tmp_cc;
+ decode->cc_op = CC_OP_EFLAGS;
+
+ tcg_gen_andi_tl(s->T0, tmp_cc, (jcc_op == JCC_O ? CC_O : CC_P));
+ cmp_lhs = s->T0, cmp_rhs = z_tl;
+ break;
+
+ case JCC_S:
+ cmp_lhs = s->T0, cmp_rhs = z_tl;
+ goto cc_sub;
+
+ default:
+ cmp_lhs = s->cc_srcT, cmp_rhs = cmpv;
+ cc_sub:
+ decode->cc_dst = s->T0;
+ decode->cc_src = cmpv;
+ decode->cc_op = CC_OP_SUBB + ot;
+ break;
+ }
+
+ /* Compute new value: if condition does not hold, just store back s->cc_srcT */
+ tcg_gen_add_tl(newv, s->cc_srcT, s->T1);
+ tcg_gen_movcond_tl(cond[decode->b & 15], newv, cmp_lhs, cmp_rhs, newv, s->cc_srcT);
+ tcg_gen_atomic_cmpxchg_tl(oldv, s->A0, s->cc_srcT, newv, s->mem_index, ot_full);
+
+ /* Exit unconditionally if cmpxchg succeeded. */
+ tcg_gen_brcond_tl(TCG_COND_EQ, oldv, s->cc_srcT, label_bottom);
+
+ /* Try again if there was actually a store to make. */
+ tcg_gen_brcond_tl(cond[decode->b & 15], cmp_lhs, cmp_rhs, label_top);
+ gen_set_label(label_bottom);
+
+ /* Store old value to registers only after a successful store. */
+ gen_writeback(s, decode, 1, s->cc_srcT);
+}
+
static void gen_CRC32(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[2].ot;
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index d7d6c85877d..038151a8c3e 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -122,6 +122,7 @@ typedef struct DisasContext {
int cpuid_ext3_features;
int cpuid_7_0_ebx_features;
int cpuid_7_0_ecx_features;
+ int cpuid_7_1_eax_features;
int cpuid_xsave_features;
/* TCG local temps */
@@ -6957,6 +6958,7 @@ static void i386_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cpu)
dc->cpuid_ext3_features = env->features[FEAT_8000_0001_ECX];
dc->cpuid_7_0_ebx_features = env->features[FEAT_7_0_EBX];
dc->cpuid_7_0_ecx_features = env->features[FEAT_7_0_ECX];
+ dc->cpuid_7_1_eax_features = env->features[FEAT_7_1_EAX];
dc->cpuid_xsave_features = env->features[FEAT_XSAVE];
dc->jmp_opt = !((cflags & CF_NO_GOTO_TB) ||
(flags & (HF_TF_MASK | HF_INHIBIT_IRQ_MASK)));
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 09/19] target/i386: do not clobber A0 in POP translation
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (7 preceding siblings ...)
2023-10-19 10:46 ` [PATCH v2 08/19] target/i386: implement CMPccXADD Paolo Bonzini
@ 2023-10-19 10:46 ` Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 10/19] target/i386: reintroduce debugging mechanism Paolo Bonzini
` (11 subsequent siblings)
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
The new decoder likes to compute the address in A0 very early, so the
gen_lea_v_seg in gen_pop_T0 would clobber the address of the memory
operand. Instead use T0 since it is already available and will be
overwritten immediately after.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/translate.c | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 038151a8c3e..39b5752e780 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -628,17 +628,17 @@ static TCGv eip_cur_tl(DisasContext *s)
}
}
-/* Compute SEG:REG into A0. SEG is selected from the override segment
+/* Compute SEG:REG into DEST. SEG is selected from the override segment
(OVR_SEG) and the default segment (DEF_SEG). OVR_SEG may be -1 to
indicate no override. */
-static void gen_lea_v_seg(DisasContext *s, MemOp aflag, TCGv a0,
- int def_seg, int ovr_seg)
+static void gen_lea_v_seg_dest(DisasContext *s, MemOp aflag, TCGv dest, TCGv a0,
+ int def_seg, int ovr_seg)
{
switch (aflag) {
#ifdef TARGET_X86_64
case MO_64:
if (ovr_seg < 0) {
- tcg_gen_mov_tl(s->A0, a0);
+ tcg_gen_mov_tl(dest, a0);
return;
}
break;
@@ -649,14 +649,14 @@ static void gen_lea_v_seg(DisasContext *s, MemOp aflag, TCGv a0,
ovr_seg = def_seg;
}
if (ovr_seg < 0) {
- tcg_gen_ext32u_tl(s->A0, a0);
+ tcg_gen_ext32u_tl(dest, a0);
return;
}
break;
case MO_16:
/* 16 bit address */
- tcg_gen_ext16u_tl(s->A0, a0);
- a0 = s->A0;
+ tcg_gen_ext16u_tl(dest, a0);
+ a0 = dest;
if (ovr_seg < 0) {
if (ADDSEG(s)) {
ovr_seg = def_seg;
@@ -673,17 +673,23 @@ static void gen_lea_v_seg(DisasContext *s, MemOp aflag, TCGv a0,
TCGv seg = cpu_seg_base[ovr_seg];
if (aflag == MO_64) {
- tcg_gen_add_tl(s->A0, a0, seg);
+ tcg_gen_add_tl(dest, a0, seg);
} else if (CODE64(s)) {
- tcg_gen_ext32u_tl(s->A0, a0);
- tcg_gen_add_tl(s->A0, s->A0, seg);
+ tcg_gen_ext32u_tl(dest, a0);
+ tcg_gen_add_tl(dest, dest, seg);
} else {
- tcg_gen_add_tl(s->A0, a0, seg);
- tcg_gen_ext32u_tl(s->A0, s->A0);
+ tcg_gen_add_tl(dest, a0, seg);
+ tcg_gen_ext32u_tl(dest, dest);
}
}
}
+static void gen_lea_v_seg(DisasContext *s, MemOp aflag, TCGv a0,
+ int def_seg, int ovr_seg)
+{
+ gen_lea_v_seg_dest(s, aflag, s->A0, a0, def_seg, ovr_seg);
+}
+
static inline void gen_string_movl_A0_ESI(DisasContext *s)
{
gen_lea_v_seg(s, s->aflag, cpu_regs[R_ESI], R_DS, s->override);
@@ -2590,8 +2596,8 @@ static MemOp gen_pop_T0(DisasContext *s)
{
MemOp d_ot = mo_pushpop(s, s->dflag);
- gen_lea_v_seg(s, mo_stacksize(s), cpu_regs[R_ESP], R_SS, -1);
- gen_op_ld_v(s, d_ot, s->T0, s->A0);
+ gen_lea_v_seg_dest(s, mo_stacksize(s), s->T0, cpu_regs[R_ESP], R_SS, -1);
+ gen_op_ld_v(s, d_ot, s->T0, s->T0);
return d_ot;
}
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 10/19] target/i386: reintroduce debugging mechanism
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (8 preceding siblings ...)
2023-10-19 10:46 ` [PATCH v2 09/19] target/i386: do not clobber A0 in POP translation Paolo Bonzini
@ 2023-10-19 10:46 ` Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 11/19] target/i386: move 00-5F opcodes to new decoder Paolo Bonzini
` (10 subsequent siblings)
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/decode-new.c.inc | 3 +++
target/i386/tcg/translate.c | 27 +++++++++++++++++++++++++++
2 files changed, 30 insertions(+)
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index 57a5014bc8a..2f614e2a6f0 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -1701,6 +1701,9 @@ static void disas_insn_new(DisasContext *s, CPUState *cpu, int b)
X86DecodedInsn decode;
X86DecodeFunc decode_func = decode_root;
+#ifdef CONFIG_USER_ONLY
+ if (limit) { --limit; }
+#endif
s->has_modrm = false;
next_byte:
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 39b5752e780..080b56840da 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -2980,6 +2980,9 @@ static void gen_sty_env_A0(DisasContext *s, int offset, bool align)
tcg_gen_qemu_st_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEUQ);
}
+static bool first = true;
+static unsigned long limit;
+
#include "decode-new.h"
#include "emit.c.inc"
#include "decode-new.c.inc"
@@ -3134,15 +3137,39 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
prefixes = 0;
+ if (first) {
+ const char *env = getenv("QEMU_I386_LIMIT");
+ limit = env ? atol(env) : -1;
+ first = false;
+ }
+ bool use_new = true;
+#ifdef CONFIG_USER_ONLY
+ use_new &= limit > 0;
+#endif
+
next_byte:
s->prefix = prefixes;
b = x86_ldub_code(env, s);
/* Collect prefixes. */
switch (b) {
default:
+#ifndef CONFIG_USER_ONLY
+ use_new &= b <= limit;
+#endif
+ if (use_new && 0) {
+ disas_insn_new(s, cpu, b);
+ return true;
+ }
break;
case 0x0f:
b = x86_ldub_code(env, s) + 0x100;
+#ifndef CONFIG_USER_ONLY
+ use_new &= b <= limit;
+#endif
+ if (use_new && 0) {
+ disas_insn_new(s, cpu, b);
+ return true;
+ }
break;
case 0xf3:
prefixes |= PREFIX_REPZ;
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 11/19] target/i386: move 00-5F opcodes to new decoder
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (9 preceding siblings ...)
2023-10-19 10:46 ` [PATCH v2 10/19] target/i386: reintroduce debugging mechanism Paolo Bonzini
@ 2023-10-19 10:46 ` Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 12/19] target/i386: adjust decoding of J operand Paolo Bonzini
` (9 subsequent siblings)
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/decode-new.c.inc | 116 ++++++++++++++++++
target/i386/tcg/decode-new.h | 3 +
target/i386/tcg/emit.c.inc | 203 +++++++++++++++++++++++++++++++
target/i386/tcg/translate.c | 2 +-
4 files changed, 323 insertions(+), 1 deletion(-)
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index 2f614e2a6f0..dc596ba9f7a 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -102,6 +102,8 @@
#define X86_OP_GROUP2(op, op0, s0, op1, s1, ...) \
X86_OP_GROUP3(op, op0, s0, 2op, s0, op1, s1, ## __VA_ARGS__)
+#define X86_OP_GROUPw(op, op0, s0, ...) \
+ X86_OP_GROUP3(op, op0, s0, None, None, None, None, ## __VA_ARGS__)
#define X86_OP_GROUP0(op, ...) \
X86_OP_GROUP3(op, None, None, None, None, None, None, ## __VA_ARGS__)
@@ -127,10 +129,13 @@
X86_OP_ENTRY3(op, op0, s0, None, None, None, None, ## __VA_ARGS__)
#define X86_OP_ENTRYr(op, op0, s0, ...) \
X86_OP_ENTRY3(op, None, None, None, None, op0, s0, ## __VA_ARGS__)
+#define X86_OP_ENTRY1(op, op0, s0, ...) \
+ X86_OP_ENTRY3(op, op0, s0, 2op, s0, None, None, ## __VA_ARGS__)
#define X86_OP_ENTRY0(op, ...) \
X86_OP_ENTRY3(op, None, None, None, None, None, None, ## __VA_ARGS__)
#define cpuid(feat) .cpuid = X86_FEAT_##feat,
+#define nowb .special = X86_SPECIAL_NoWriteback,
#define xchg .special = X86_SPECIAL_Locked,
#define mmx .special = X86_SPECIAL_MMX,
#define zext0 .special = X86_SPECIAL_ZExtOp0,
@@ -1074,7 +1079,114 @@ static void decode_0F(DisasContext *s, CPUX86State *env, X86OpEntry *entry, uint
}
static const X86OpEntry opcodes_root[256] = {
+ [0x00] = X86_OP_ENTRY2(ADD, E,b, G,b),
+ [0x01] = X86_OP_ENTRY2(ADD, E,v, G,v),
+ [0x02] = X86_OP_ENTRY2(ADD, G,b, E,b),
+ [0x03] = X86_OP_ENTRY2(ADD, G,v, E,v),
+ [0x04] = X86_OP_ENTRY2(ADD, 0,b, I,b), /* AL, Ib */
+ [0x05] = X86_OP_ENTRY2(ADD, 0,v, I,z), /* rAX, Iz */
+ [0x06] = X86_OP_ENTRYr(PUSH, ES, w, chk(i64)),
+ [0x07] = X86_OP_ENTRYw(POP, ES, w, chk(i64)),
+
+ [0x10] = X86_OP_ENTRY2(ADC, E,b, G,b),
+ [0x11] = X86_OP_ENTRY2(ADC, E,v, G,v),
+ [0x12] = X86_OP_ENTRY2(ADC, G,b, E,b),
+ [0x13] = X86_OP_ENTRY2(ADC, G,v, E,v),
+ [0x14] = X86_OP_ENTRY2(ADC, 0,b, I,b), /* AL, Ib */
+ [0x15] = X86_OP_ENTRY2(ADC, 0,v, I,z), /* rAX, Iz */
+ [0x16] = X86_OP_ENTRYr(PUSH, SS, w, chk(i64)),
+ [0x17] = X86_OP_ENTRYw(POP, SS, w, chk(i64)),
+
+ [0x20] = X86_OP_ENTRY2(AND, E,b, G,b),
+ [0x21] = X86_OP_ENTRY2(AND, E,v, G,v),
+ [0x22] = X86_OP_ENTRY2(AND, G,b, E,b),
+ [0x23] = X86_OP_ENTRY2(AND, G,v, E,v),
+ [0x24] = X86_OP_ENTRY2(AND, 0,b, I,b), /* AL, Ib */
+ [0x25] = X86_OP_ENTRY2(AND, 0,v, I,z), /* rAX, Iz */
+ [0x26] = {},
+ [0x27] = X86_OP_ENTRY0(DAA, chk(i64)),
+
+ [0x30] = X86_OP_ENTRY2(XOR, E,b, G,b),
+ [0x31] = X86_OP_ENTRY2(XOR, E,v, G,v),
+ [0x32] = X86_OP_ENTRY2(XOR, G,b, E,b),
+ [0x33] = X86_OP_ENTRY2(XOR, G,v, E,v),
+ [0x34] = X86_OP_ENTRY2(XOR, 0,b, I,b), /* AL, Ib */
+ [0x35] = X86_OP_ENTRY2(XOR, 0,v, I,z), /* rAX, Iz */
+ [0x36] = {},
+ [0x37] = X86_OP_ENTRY0(AAA, chk(i64)),
+
+ [0x40] = X86_OP_ENTRY1(INC, 0,v, chk(i64)),
+ [0x41] = X86_OP_ENTRY1(INC, 1,v, chk(i64)),
+ [0x42] = X86_OP_ENTRY1(INC, 2,v, chk(i64)),
+ [0x43] = X86_OP_ENTRY1(INC, 3,v, chk(i64)),
+ [0x44] = X86_OP_ENTRY1(INC, 4,v, chk(i64)),
+ [0x45] = X86_OP_ENTRY1(INC, 5,v, chk(i64)),
+ [0x46] = X86_OP_ENTRY1(INC, 6,v, chk(i64)),
+ [0x47] = X86_OP_ENTRY1(INC, 7,v, chk(i64)),
+
+ [0x50] = X86_OP_ENTRYr(PUSH, LoBits,d64),
+ [0x51] = X86_OP_ENTRYr(PUSH, LoBits,d64),
+ [0x52] = X86_OP_ENTRYr(PUSH, LoBits,d64),
+ [0x53] = X86_OP_ENTRYr(PUSH, LoBits,d64),
+ [0x54] = X86_OP_ENTRYr(PUSH, LoBits,d64),
+ [0x55] = X86_OP_ENTRYr(PUSH, LoBits,d64),
+ [0x56] = X86_OP_ENTRYr(PUSH, LoBits,d64),
+ [0x57] = X86_OP_ENTRYr(PUSH, LoBits,d64),
+
+
+ [0x08] = X86_OP_ENTRY2(OR, E,b, G,b),
+ [0x09] = X86_OP_ENTRY2(OR, E,v, G,v),
+ [0x0A] = X86_OP_ENTRY2(OR, G,b, E,b),
+ [0x0B] = X86_OP_ENTRY2(OR, G,v, E,v),
+ [0x0C] = X86_OP_ENTRY2(OR, 0,b, I,b), /* AL, Ib */
+ [0x0D] = X86_OP_ENTRY2(OR, 0,v, I,z), /* rAX, Iz */
+ [0x0E] = X86_OP_ENTRYr(PUSH, CS, w, chk(i64)),
[0x0F] = X86_OP_GROUP0(0F),
+
+ [0x18] = X86_OP_ENTRY2(SBB, E,b, G,b),
+ [0x19] = X86_OP_ENTRY2(SBB, E,v, G,v),
+ [0x1A] = X86_OP_ENTRY2(SBB, G,b, E,b),
+ [0x1B] = X86_OP_ENTRY2(SBB, G,v, E,v),
+ [0x1C] = X86_OP_ENTRY2(SBB, 0,b, I,b), /* AL, Ib */
+ [0x1D] = X86_OP_ENTRY2(SBB, 0,v, I,z), /* rAX, Iz */
+ [0x1E] = X86_OP_ENTRYr(PUSH, DS, w, chk(i64)),
+ [0x1F] = X86_OP_ENTRYw(POP, DS, w, chk(i64)),
+
+ [0x28] = X86_OP_ENTRY2(SUB, E,b, G,b),
+ [0x29] = X86_OP_ENTRY2(SUB, E,v, G,v),
+ [0x2A] = X86_OP_ENTRY2(SUB, G,b, E,b),
+ [0x2B] = X86_OP_ENTRY2(SUB, G,v, E,v),
+ [0x2C] = X86_OP_ENTRY2(SUB, 0,b, I,b), /* AL, Ib */
+ [0x2D] = X86_OP_ENTRY2(SUB, 0,v, I,z), /* rAX, Iz */
+ [0x2E] = {},
+ [0x2F] = X86_OP_ENTRY0(DAS, chk(i64)),
+
+ [0x38] = X86_OP_ENTRY2(SUB, E,b, G,b, nowb),
+ [0x39] = X86_OP_ENTRY2(SUB, E,v, G,v, nowb),
+ [0x3A] = X86_OP_ENTRY2(SUB, G,b, E,b, nowb),
+ [0x3B] = X86_OP_ENTRY2(SUB, G,v, E,v, nowb),
+ [0x3C] = X86_OP_ENTRY2(SUB, 0,b, I,b, nowb), /* AL, Ib */
+ [0x3D] = X86_OP_ENTRY2(SUB, 0,v, I,z, nowb), /* rAX, Iz */
+ [0x3E] = {},
+ [0x3F] = X86_OP_ENTRY0(AAS, chk(i64)),
+
+ [0x48] = X86_OP_ENTRY1(DEC, 0,v, chk(i64)),
+ [0x49] = X86_OP_ENTRY1(DEC, 1,v, chk(i64)),
+ [0x4A] = X86_OP_ENTRY1(DEC, 2,v, chk(i64)),
+ [0x4B] = X86_OP_ENTRY1(DEC, 3,v, chk(i64)),
+ [0x4C] = X86_OP_ENTRY1(DEC, 4,v, chk(i64)),
+ [0x4D] = X86_OP_ENTRY1(DEC, 5,v, chk(i64)),
+ [0x4E] = X86_OP_ENTRY1(DEC, 6,v, chk(i64)),
+ [0x4F] = X86_OP_ENTRY1(DEC, 7,v, chk(i64)),
+
+ [0x58] = X86_OP_ENTRYw(POP, LoBits,d64),
+ [0x59] = X86_OP_ENTRYw(POP, LoBits,d64),
+ [0x5A] = X86_OP_ENTRYw(POP, LoBits,d64),
+ [0x5B] = X86_OP_ENTRYw(POP, LoBits,d64),
+ [0x5C] = X86_OP_ENTRYw(POP, LoBits,d64),
+ [0x5D] = X86_OP_ENTRYw(POP, LoBits,d64),
+ [0x5E] = X86_OP_ENTRYw(POP, LoBits,d64),
+ [0x5F] = X86_OP_ENTRYw(POP, LoBits,d64),
};
#undef mmx
@@ -1898,6 +2010,10 @@ static void disas_insn_new(DisasContext *s, CPUState *cpu, int b)
}
break;
+ case X86_SPECIAL_NoWriteback:
+ decode.op[0].unit = X86_OP_SKIP;
+ break;
+
case X86_SPECIAL_ZExtOp0:
assert(decode.op[0].unit == X86_OP_INT);
if (!decode.op[0].has_ea) {
diff --git a/target/i386/tcg/decode-new.h b/target/i386/tcg/decode-new.h
index 15233fad62f..a3983794ac5 100644
--- a/target/i386/tcg/decode-new.h
+++ b/target/i386/tcg/decode-new.h
@@ -161,6 +161,9 @@ typedef enum X86InsnSpecial {
/* Always locked if it has a memory operand (XCHG) */
X86_SPECIAL_Locked,
+ /* Writeback not needed or done manually in the callback */
+ X86_SPECIAL_NoWriteback,
+
/*
* Register operand 0/2 is zero extended to 32 bits. Rd/Mb or Rd/Mw
* in the manual.
diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
index dd77a8c5511..6b9f518cc94 100644
--- a/target/i386/tcg/emit.c.inc
+++ b/target/i386/tcg/emit.c.inc
@@ -329,6 +329,27 @@ static void prepare_update1_cc(X86DecodedInsn *decode, DisasContext *s, CCOp op)
decode->cc_op = op;
}
+static void prepare_update2_cc(X86DecodedInsn *decode, DisasContext *s, CCOp op)
+{
+ decode->cc_src = s->T1;
+ decode->cc_dst = s->T0;
+ decode->cc_op = op;
+}
+
+static void prepare_update_cc_incdec(X86DecodedInsn *decode, DisasContext *s, CCOp op)
+{
+ gen_compute_eflags_c(s, s->T1);
+ prepare_update2_cc(decode, s, op);
+}
+
+static void prepare_update3_cc(X86DecodedInsn *decode, DisasContext *s, CCOp op, TCGv reg)
+{
+ decode->cc_src2 = reg;
+ decode->cc_src = s->T1;
+ decode->cc_dst = s->T0;
+ decode->cc_op = op;
+}
+
static void gen_store_sse(DisasContext *s, X86DecodedInsn *decode, int src_ofs)
{
MemOp ot = decode->op[0].ot;
@@ -1017,6 +1038,36 @@ static void gen_##uname(DisasContext *s, CPUX86State *env, X86DecodedInsn *decod
VSIB_AVX(VPGATHERD, vpgatherd)
VSIB_AVX(VPGATHERQ, vpgatherq)
+static void gen_AAA(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_update_cc_op(s);
+ gen_helper_aaa(tcg_env);
+ set_cc_op(s, CC_OP_EFLAGS);
+}
+
+static void gen_AAS(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_update_cc_op(s);
+ gen_helper_aas(tcg_env);
+ set_cc_op(s, CC_OP_EFLAGS);
+}
+
+static void gen_ADC(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+
+ gen_compute_eflags_c(s, s->tmp4);
+ if (s->prefix & PREFIX_LOCK) {
+ tcg_gen_add_tl(s->T0, s->tmp4, s->T1);
+ tcg_gen_atomic_add_fetch_tl(s->T0, s->A0, s->T0,
+ s->mem_index, ot | MO_LE);
+ } else {
+ tcg_gen_add_tl(s->T0, s->T0, s->T1);
+ tcg_gen_add_tl(s->T0, s->T0, s->tmp4);
+ }
+ prepare_update3_cc(decode, s, CC_OP_ADCB + ot, s->tmp4);
+}
+
/* ADCX/ADOX do not have memory operands and can use set_cc_op. */
static void gen_ADCOX(DisasContext *s, CPUX86State *env, MemOp ot, int cc_op)
{
@@ -1070,11 +1121,37 @@ static void gen_ADCX(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
gen_ADCOX(s, env, decode->op[0].ot, CC_OP_ADCX);
}
+static void gen_ADD(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+
+ if (s->prefix & PREFIX_LOCK) {
+ tcg_gen_atomic_add_fetch_tl(s->T0, s->A0, s->T1,
+ s->mem_index, ot | MO_LE);
+ } else {
+ tcg_gen_add_tl(s->T0, s->T0, s->T1);
+ }
+ prepare_update2_cc(decode, s, CC_OP_ADDB + ot);
+}
+
static void gen_ADOX(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
gen_ADCOX(s, env, decode->op[0].ot, CC_OP_ADOX);
}
+static void gen_AND(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+
+ if (s->prefix & PREFIX_LOCK) {
+ tcg_gen_atomic_and_fetch_tl(s->T0, s->A0, s->T1,
+ s->mem_index, ot | MO_LE);
+ } else {
+ tcg_gen_and_tl(s->T0, s->T0, s->T1);
+ }
+ prepare_update1_cc(decode, s, CC_OP_LOGICB + ot);
+}
+
static void gen_ANDN(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[0].ot;
@@ -1308,6 +1385,34 @@ static void gen_CVTTPx2PI(DisasContext *s, CPUX86State *env, X86DecodedInsn *dec
}
}
+static void gen_DAA(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_update_cc_op(s);
+ gen_helper_daa(tcg_env);
+ set_cc_op(s, CC_OP_EFLAGS);
+}
+
+static void gen_DAS(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_update_cc_op(s);
+ gen_helper_das(tcg_env);
+ set_cc_op(s, CC_OP_EFLAGS);
+}
+
+static void gen_DEC(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+
+ tcg_gen_movi_tl(s->T1, -1);
+ if (s->prefix & PREFIX_LOCK) {
+ tcg_gen_atomic_add_fetch_tl(s->T0, s->A0, s->T1,
+ s->mem_index, ot | MO_LE);
+ } else {
+ tcg_gen_add_tl(s->T0, s->T0, s->T1);
+ }
+ prepare_update_cc_incdec(decode, s, CC_OP_DECB + ot);
+}
+
static void gen_EMMS(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
gen_helper_emms(tcg_env);
@@ -1326,6 +1431,20 @@ static void gen_EXTRQ_r(DisasContext *s, CPUX86State *env, X86DecodedInsn *decod
gen_helper_extrq_r(tcg_env, OP_PTR0, OP_PTR2);
}
+static void gen_INC(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+
+ tcg_gen_movi_tl(s->T1, 1);
+ if (s->prefix & PREFIX_LOCK) {
+ tcg_gen_atomic_add_fetch_tl(s->T0, s->A0, s->T1,
+ s->mem_index, ot | MO_LE);
+ } else {
+ tcg_gen_add_tl(s->T0, s->T0, s->T1);
+ }
+ prepare_update_cc_incdec(decode, s, CC_OP_INCB + ot);
+}
+
static void gen_INSERTQ_i(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
TCGv_i32 length = tcg_constant_i32(decode->immediate & 63);
@@ -1477,6 +1596,19 @@ static void gen_MULX(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
}
+static void gen_OR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+
+ if (s->prefix & PREFIX_LOCK) {
+ tcg_gen_atomic_or_fetch_tl(s->T0, s->A0, s->T1,
+ s->mem_index, ot | MO_LE);
+ } else {
+ tcg_gen_or_tl(s->T0, s->T0, s->T1);
+ }
+ prepare_update1_cc(decode, s, CC_OP_LOGICB + ot);
+}
+
static void gen_PALIGNR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
TCGv_i32 imm = tcg_constant8u_i32(decode->immediate);
@@ -1728,6 +1860,18 @@ static void gen_PMOVMSKB(DisasContext *s, CPUX86State *env, X86DecodedInsn *deco
}
}
+static void gen_POP(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = gen_pop_T0(s);
+ if (decode->op[0].has_ea) {
+ /* NOTE: order is important for MMU exceptions */
+ gen_op_st_v(s, ot, s->T0, s->A0);
+ decode->op[0].unit = X86_OP_SKIP;
+ }
+ /* NOTE: writing back registers after update is important for pop %sp */
+ gen_pop_update(s, ot);
+}
+
static void gen_PSHUFW(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
TCGv_i32 imm = tcg_constant8u_i32(decode->immediate);
@@ -1874,6 +2018,11 @@ static void gen_PSLLDQ_i(DisasContext *s, CPUX86State *env, X86DecodedInsn *deco
}
}
+static void gen_PUSH(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_push_v(s, s->T1);
+}
+
static void gen_RORX(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[0].ot;
@@ -1901,6 +2050,23 @@ static void gen_SARX(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
tcg_gen_sar_tl(s->T0, s->T0, s->T1);
}
+static void gen_SBB(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+
+ gen_compute_eflags_c(s, s->tmp4);
+ if (s->prefix & PREFIX_LOCK) {
+ tcg_gen_add_tl(s->T0, s->T1, s->tmp4);
+ tcg_gen_neg_tl(s->T0, s->T0);
+ tcg_gen_atomic_add_fetch_tl(s->T0, s->A0, s->T0,
+ s->mem_index, ot | MO_LE);
+ } else {
+ tcg_gen_sub_tl(s->T0, s->T0, s->T1);
+ tcg_gen_sub_tl(s->T0, s->T0, s->tmp4);
+ }
+ prepare_update3_cc(decode, s, CC_OP_SBBB + ot, s->tmp4);
+}
+
static void gen_SHA1NEXTE(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
gen_helper_sha1nexte(OP_PTR0, OP_PTR1, OP_PTR2);
@@ -1991,6 +2157,22 @@ static void gen_STMXCSR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decod
tcg_gen_ld32u_tl(s->T0, tcg_env, offsetof(CPUX86State, mxcsr));
}
+static void gen_SUB(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+
+ if (s->prefix & PREFIX_LOCK) {
+ tcg_gen_neg_tl(s->T0, s->T1);
+ tcg_gen_atomic_fetch_add_tl(s->cc_srcT, s->A0, s->T0,
+ s->mem_index, ot | MO_LE);
+ tcg_gen_sub_tl(s->T0, s->cc_srcT, s->T1);
+ } else {
+ tcg_gen_mov_tl(s->cc_srcT, s->T0);
+ tcg_gen_sub_tl(s->T0, s->T0, s->T1);
+ }
+ prepare_update2_cc(decode, s, CC_OP_SUBB + ot);
+}
+
static void gen_VAESIMC(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
assert(!s->vex_l);
@@ -2470,3 +2652,24 @@ static void gen_VZEROUPPER(DisasContext *s, CPUX86State *env, X86DecodedInsn *de
tcg_gen_gvec_dup_imm(MO_64, offset, 16, 16, 0);
}
}
+
+static void gen_XOR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ /* special case XOR reg, reg */
+ if (decode->op[1].unit == X86_OP_INT &&
+ decode->op[2].unit == X86_OP_INT &&
+ decode->op[1].n == decode->op[2].n) {
+ tcg_gen_movi_tl(s->T0, 0);
+ set_cc_op(s, CC_OP_CLR);
+ } else {
+ MemOp ot = decode->op[0].ot;
+
+ if (s->prefix & PREFIX_LOCK) {
+ tcg_gen_atomic_xor_fetch_tl(s->T0, s->A0, s->T1,
+ s->mem_index, ot | MO_LE);
+ } else {
+ tcg_gen_xor_tl(s->T0, s->T0, s->T1);
+ }
+ prepare_update1_cc(decode, s, CC_OP_LOGICB + ot);
+ }
+}
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 080b56840da..e13bf7df591 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -3156,7 +3156,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
#ifndef CONFIG_USER_ONLY
use_new &= b <= limit;
#endif
- if (use_new && 0) {
+ if (use_new && b <= 0x5f) {
disas_insn_new(s, cpu, b);
return true;
}
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 12/19] target/i386: adjust decoding of J operand
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (10 preceding siblings ...)
2023-10-19 10:46 ` [PATCH v2 11/19] target/i386: move 00-5F opcodes to new decoder Paolo Bonzini
@ 2023-10-19 10:46 ` Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 13/19] target/i386: split eflags computation out of gen_compute_eflags Paolo Bonzini
` (8 subsequent siblings)
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
gen_jcc() has been changed to accept a relative offset since the
new decoder was written. Adjust the J operand, which is meant
to be used with jump instructions and gen_jcc(), to not
include the program counter and to not truncate the result, as
both operations are now performed by common code.
The result is that J is now the same as the I operand.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/decode-new.c.inc | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index dc596ba9f7a..1ae731459b7 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -1448,19 +1448,9 @@ static bool decode_op(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode,
}
case X86_TYPE_I: /* Immediate */
- op->unit = X86_OP_IMM;
- decode->immediate = insn_get_signed(env, s, op->ot);
- break;
-
case X86_TYPE_J: /* Relative offset for a jump */
op->unit = X86_OP_IMM;
decode->immediate = insn_get_signed(env, s, op->ot);
- decode->immediate += s->pc - s->cs_base;
- if (s->dflag == MO_16) {
- decode->immediate &= 0xffff;
- } else if (!CODE64(s)) {
- decode->immediate &= 0xffffffffu;
- }
break;
case X86_TYPE_L: /* The upper 4 bits of the immediate select a 128-bit register */
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 13/19] target/i386: split eflags computation out of gen_compute_eflags
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (11 preceding siblings ...)
2023-10-19 10:46 ` [PATCH v2 12/19] target/i386: adjust decoding of J operand Paolo Bonzini
@ 2023-10-19 10:46 ` Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 14/19] tcg: add negsetcondi Paolo Bonzini
` (7 subsequent siblings)
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
The new x86 decoder wants to compute EFLAGS before writeback, which
can be an issue for some instructions such as ARPL. Extract code
to compute the EFLAGS without clobbering CC_SRC, in case the ARPL
memory write causes a fault.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/translate.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index e13bf7df591..2da7c357cdc 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -872,18 +872,20 @@ static void gen_op_update_neg_cc(DisasContext *s)
tcg_gen_movi_tl(s->cc_srcT, 0);
}
-/* compute all eflags to cc_src */
-static void gen_compute_eflags(DisasContext *s)
+/* compute all eflags to reg */
+static void gen_mov_eflags(DisasContext *s, TCGv reg)
{
TCGv zero, dst, src1, src2;
int live, dead;
if (s->cc_op == CC_OP_EFLAGS) {
+ if (reg != cpu_cc_src) {
+ tcg_gen_mov_tl(reg, cpu_cc_src);
+ }
return;
}
if (s->cc_op == CC_OP_CLR) {
- tcg_gen_movi_tl(cpu_cc_src, CC_Z | CC_P);
- set_cc_op(s, CC_OP_EFLAGS);
+ tcg_gen_movi_tl(reg, CC_Z | CC_P);
return;
}
@@ -909,7 +911,13 @@ static void gen_compute_eflags(DisasContext *s)
}
gen_update_cc_op(s);
- gen_helper_cc_compute_all(cpu_cc_src, dst, src1, src2, cpu_cc_op);
+ gen_helper_cc_compute_all(reg, dst, src1, src2, cpu_cc_op);
+}
+
+/* compute all eflags to cc_src */
+static void gen_compute_eflags(DisasContext *s)
+{
+ gen_mov_eflags(s, cpu_cc_src);
set_cc_op(s, CC_OP_EFLAGS);
}
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 14/19] tcg: add negsetcondi
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (12 preceding siblings ...)
2023-10-19 10:46 ` [PATCH v2 13/19] target/i386: split eflags computation out of gen_compute_eflags Paolo Bonzini
@ 2023-10-19 10:46 ` Paolo Bonzini
2023-10-19 16:00 ` Richard Henderson
2023-10-19 10:48 ` [PATCH v2 15/19] target/i386: move 60-BF opcodes to new decoder Paolo Bonzini
` (6 subsequent siblings)
20 siblings, 1 reply; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:46 UTC (permalink / raw)
To: qemu-devel
This can be useful to write a shift bit extraction that does not
depend on TARGET_LONG_BITS.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/tcg/tcg-op-common.h | 4 ++++
include/tcg/tcg-op.h | 2 ++
tcg/tcg-op.c | 12 ++++++++++++
3 files changed, 18 insertions(+)
diff --git a/include/tcg/tcg-op-common.h b/include/tcg/tcg-op-common.h
index 2048f92b5e1..2295f2d7085 100644
--- a/include/tcg/tcg-op-common.h
+++ b/include/tcg/tcg-op-common.h
@@ -346,6 +346,8 @@ void tcg_gen_setcondi_i32(TCGCond cond, TCGv_i32 ret,
TCGv_i32 arg1, int32_t arg2);
void tcg_gen_negsetcond_i32(TCGCond cond, TCGv_i32 ret,
TCGv_i32 arg1, TCGv_i32 arg2);
+void tcg_gen_negsetcondi_i32(TCGCond cond, TCGv_i32 ret,
+ TCGv_i32 arg1, int32_t arg2);
void tcg_gen_movcond_i32(TCGCond cond, TCGv_i32 ret, TCGv_i32 c1,
TCGv_i32 c2, TCGv_i32 v1, TCGv_i32 v2);
void tcg_gen_add2_i32(TCGv_i32 rl, TCGv_i32 rh, TCGv_i32 al,
@@ -544,6 +546,8 @@ void tcg_gen_setcondi_i64(TCGCond cond, TCGv_i64 ret,
TCGv_i64 arg1, int64_t arg2);
void tcg_gen_negsetcond_i64(TCGCond cond, TCGv_i64 ret,
TCGv_i64 arg1, TCGv_i64 arg2);
+void tcg_gen_negsetcondi_i64(TCGCond cond, TCGv_i64 ret,
+ TCGv_i64 arg1, int64_t arg2);
void tcg_gen_movcond_i64(TCGCond cond, TCGv_i64 ret, TCGv_i64 c1,
TCGv_i64 c2, TCGv_i64 v1, TCGv_i64 v2);
void tcg_gen_add2_i64(TCGv_i64 rl, TCGv_i64 rh, TCGv_i64 al,
diff --git a/include/tcg/tcg-op.h b/include/tcg/tcg-op.h
index 80cfcf8104b..78e474d83e9 100644
--- a/include/tcg/tcg-op.h
+++ b/include/tcg/tcg-op.h
@@ -201,6 +201,7 @@ DEF_ATOMIC2(tcg_gen_atomic_umax_fetch, i64)
#define tcg_gen_setcond_tl tcg_gen_setcond_i64
#define tcg_gen_setcondi_tl tcg_gen_setcondi_i64
#define tcg_gen_negsetcond_tl tcg_gen_negsetcond_i64
+#define tcg_gen_negsetcondi_tl tcg_gen_negsetcondi_i64
#define tcg_gen_mul_tl tcg_gen_mul_i64
#define tcg_gen_muli_tl tcg_gen_muli_i64
#define tcg_gen_div_tl tcg_gen_div_i64
@@ -319,6 +320,7 @@ DEF_ATOMIC2(tcg_gen_atomic_umax_fetch, i64)
#define tcg_gen_setcond_tl tcg_gen_setcond_i32
#define tcg_gen_setcondi_tl tcg_gen_setcondi_i32
#define tcg_gen_negsetcond_tl tcg_gen_negsetcond_i32
+#define tcg_gen_negsetcondi_tl tcg_gen_negsetcondi_i32
#define tcg_gen_mul_tl tcg_gen_mul_i32
#define tcg_gen_muli_tl tcg_gen_muli_i32
#define tcg_gen_div_tl tcg_gen_div_i32
diff --git a/tcg/tcg-op.c b/tcg/tcg-op.c
index 393dbcd01c3..35dcdd88126 100644
--- a/tcg/tcg-op.c
+++ b/tcg/tcg-op.c
@@ -291,6 +291,12 @@ void tcg_gen_negsetcond_i32(TCGCond cond, TCGv_i32 ret,
}
}
+void tcg_gen_negsetcondi_i32(TCGCond cond, TCGv_i32 ret,
+ TCGv_i32 arg1, int32_t arg2)
+{
+ tcg_gen_negsetcond_i32(cond, ret, arg1, tcg_constant_i32(arg2));
+}
+
void tcg_gen_muli_i32(TCGv_i32 ret, TCGv_i32 arg1, int32_t arg2)
{
if (arg2 == 0) {
@@ -1602,6 +1608,12 @@ void tcg_gen_setcondi_i64(TCGCond cond, TCGv_i64 ret,
}
}
+void tcg_gen_negsetcondi_i64(TCGCond cond, TCGv_i64 ret,
+ TCGv_i64 arg1, int64_t arg2)
+{
+ tcg_gen_negsetcond_i64(cond, ret, arg1, tcg_constant_i64(arg2));
+}
+
void tcg_gen_negsetcond_i64(TCGCond cond, TCGv_i64 ret,
TCGv_i64 arg1, TCGv_i64 arg2)
{
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 15/19] target/i386: move 60-BF opcodes to new decoder
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (13 preceding siblings ...)
2023-10-19 10:46 ` [PATCH v2 14/19] tcg: add negsetcondi Paolo Bonzini
@ 2023-10-19 10:48 ` Paolo Bonzini
2023-10-19 10:48 ` [PATCH v2 16/19] target/i386: move operand load and writeback out of gen_cmovcc1 Paolo Bonzini
` (5 subsequent siblings)
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:48 UTC (permalink / raw)
To: qemu-devel
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/decode-new.c.inc | 157 ++++++++++++++
target/i386/tcg/decode-new.h | 3 +
target/i386/tcg/emit.c.inc | 355 ++++++++++++++++++++++++++++++-
target/i386/tcg/translate.c | 38 ++--
4 files changed, 536 insertions(+), 17 deletions(-)
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index 1ae731459b7..d0baf972208 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -136,6 +136,7 @@
#define cpuid(feat) .cpuid = X86_FEAT_##feat,
#define nowb .special = X86_SPECIAL_NoWriteback,
+#define noseg .special = X86_SPECIAL_NoSeg,
#define xchg .special = X86_SPECIAL_Locked,
#define mmx .special = X86_SPECIAL_MMX,
#define zext0 .special = X86_SPECIAL_ZExtOp0,
@@ -179,6 +180,9 @@
#define p_66_f3_f2 .valid_prefix = P_66 | P_F3 | P_F2,
#define p_00_66_f3_f2 .valid_prefix = P_00 | P_66 | P_F3 | P_F2,
+static X86OpEntry illegal_opcode =
+ X86_OP_ENTRY0(illegal);
+
static uint8_t get_modrm(DisasContext *s, CPUX86State *env)
{
if (!s->has_modrm) {
@@ -1078,6 +1082,46 @@ static void decode_0F(DisasContext *s, CPUX86State *env, X86OpEntry *entry, uint
do_decode_0F(s, env, entry, b);
}
+static void decode_63(DisasContext *s, CPUX86State *env, X86OpEntry *entry, uint8_t *b)
+{
+ static const X86OpEntry arpl = X86_OP_ENTRY2(ARPL, E,w, G,w, chk(prot));
+ static const X86OpEntry mov = X86_OP_ENTRY3(MOV, G,v, E,v, None, None);
+ static const X86OpEntry movsxd = X86_OP_ENTRY3(MOVSXD, G,v, E,d, None, None);
+ if (!CODE64(s)) {
+ *entry = arpl;
+ } else if (REX_W(s)) {
+ *entry = movsxd;
+ } else {
+ *entry = mov;
+ }
+}
+
+static void decode_group1(DisasContext *s, CPUX86State *env, X86OpEntry *entry, uint8_t *b)
+{
+ static const X86GenFunc group1_gen[8] = {
+ gen_ADD, gen_OR, gen_ADC, gen_SBB, gen_AND, gen_SUB, gen_XOR, gen_SUB,
+ };
+ int op = (get_modrm(s, env) >> 3) & 7;
+ entry->gen = group1_gen[op];
+
+ if (op == 7) {
+ /* CMP */
+ entry->special = X86_SPECIAL_NoWriteback;
+ }
+}
+
+static void decode_group1A(DisasContext *s, CPUX86State *env, X86OpEntry *entry, uint8_t *b)
+{
+ int op = (get_modrm(s, env) >> 3) & 7;
+ if (op != 0) {
+ *entry = illegal_opcode;
+ } else {
+ entry->gen = gen_POP;
+ /* The address must use the value of ESP after the pop. */
+ s->popl_esp_hack = 1 << mo_pushpop(s, s->dflag);
+ }
+}
+
static const X86OpEntry opcodes_root[256] = {
[0x00] = X86_OP_ENTRY2(ADD, E,b, G,b),
[0x01] = X86_OP_ENTRY2(ADD, E,v, G,v),
@@ -1133,6 +1177,60 @@ static const X86OpEntry opcodes_root[256] = {
[0x56] = X86_OP_ENTRYr(PUSH, LoBits,d64),
[0x57] = X86_OP_ENTRYr(PUSH, LoBits,d64),
+ [0x60] = X86_OP_ENTRY0(PUSHA, chk(i64)),
+ [0x61] = X86_OP_ENTRY0(POPA, chk(i64)),
+ [0x62] = X86_OP_ENTRY2(BOUND, G,v, M,a, chk(i64)),
+ [0x63] = X86_OP_GROUP0(63),
+ [0x64] = {},
+ [0x65] = {},
+ [0x66] = {},
+ [0x67] = {},
+
+ [0x70] = X86_OP_ENTRYr(Jcc, J,b),
+ [0x71] = X86_OP_ENTRYr(Jcc, J,b),
+ [0x72] = X86_OP_ENTRYr(Jcc, J,b),
+ [0x73] = X86_OP_ENTRYr(Jcc, J,b),
+ [0x74] = X86_OP_ENTRYr(Jcc, J,b),
+ [0x75] = X86_OP_ENTRYr(Jcc, J,b),
+ [0x76] = X86_OP_ENTRYr(Jcc, J,b),
+ [0x77] = X86_OP_ENTRYr(Jcc, J,b),
+
+ [0x80] = X86_OP_GROUP2(group1, E,b, I,b),
+ [0x81] = X86_OP_GROUP2(group1, E,v, I,z),
+ [0x82] = X86_OP_GROUP2(group1, E,b, I,b, chk(i64)),
+ [0x83] = X86_OP_GROUP2(group1, E,v, I,b),
+ [0x84] = X86_OP_ENTRY2(AND, E,b, G,b, nowb),
+ [0x85] = X86_OP_ENTRY2(AND, E,v, G,v, nowb),
+ [0x86] = X86_OP_ENTRY2(XCHG, E,b, G,b, xchg),
+ [0x87] = X86_OP_ENTRY2(XCHG, E,v, G,v, xchg),
+
+ [0x90] = X86_OP_ENTRY2(XCHG, 0,v, LoBits,v),
+ [0x91] = X86_OP_ENTRY2(XCHG, 0,v, LoBits,v),
+ [0x92] = X86_OP_ENTRY2(XCHG, 0,v, LoBits,v),
+ [0x93] = X86_OP_ENTRY2(XCHG, 0,v, LoBits,v),
+ [0x94] = X86_OP_ENTRY2(XCHG, 0,v, LoBits,v),
+ [0x95] = X86_OP_ENTRY2(XCHG, 0,v, LoBits,v),
+ [0x96] = X86_OP_ENTRY2(XCHG, 0,v, LoBits,v),
+ [0x97] = X86_OP_ENTRY2(XCHG, 0,v, LoBits,v),
+
+ [0xA0] = X86_OP_ENTRY3(MOV, 0,b, O,b, None, None), /* AL, Ob */
+ [0xA1] = X86_OP_ENTRY3(MOV, 0,v, O,v, None, None), /* rAX, Ov */
+ [0xA2] = X86_OP_ENTRY3(MOV, O,b, 0,b, None, None), /* Ob, AL */
+ [0xA3] = X86_OP_ENTRY3(MOV, O,v, 0,v, None, None), /* Ov, rAX */
+ [0xA4] = X86_OP_ENTRY2(MOVS, Y,b, X,b, nowb),
+ [0xA5] = X86_OP_ENTRY2(MOVS, Y,v, X,v, nowb),
+ [0xA6] = X86_OP_ENTRY2(CMPS, Y,b, X,b, nowb),
+ [0xA7] = X86_OP_ENTRY2(CMPS, Y,v, X,v, nowb),
+
+ [0xB0] = X86_OP_ENTRY3(MOV, LoBits,b, I,b, None, None),
+ [0xB1] = X86_OP_ENTRY3(MOV, LoBits,b, I,b, None, None),
+ [0xB2] = X86_OP_ENTRY3(MOV, LoBits,b, I,b, None, None),
+ [0xB3] = X86_OP_ENTRY3(MOV, LoBits,b, I,b, None, None),
+ [0xB4] = X86_OP_ENTRY3(MOV, LoBits,b, I,b, None, None),
+ [0xB5] = X86_OP_ENTRY3(MOV, LoBits,b, I,b, None, None),
+ [0xB6] = X86_OP_ENTRY3(MOV, LoBits,b, I,b, None, None),
+ [0xB7] = X86_OP_ENTRY3(MOV, LoBits,b, I,b, None, None),
+
[0x08] = X86_OP_ENTRY2(OR, E,b, G,b),
[0x09] = X86_OP_ENTRY2(OR, E,v, G,v),
@@ -1187,6 +1285,60 @@ static const X86OpEntry opcodes_root[256] = {
[0x5D] = X86_OP_ENTRYw(POP, LoBits,d64),
[0x5E] = X86_OP_ENTRYw(POP, LoBits,d64),
[0x5F] = X86_OP_ENTRYw(POP, LoBits,d64),
+
+ [0x68] = X86_OP_ENTRYr(PUSH, I,z),
+ [0x69] = X86_OP_ENTRY3(IMUL3, G,v, E,v, I,z),
+ [0x6A] = X86_OP_ENTRYr(PUSH, I,b),
+ [0x6B] = X86_OP_ENTRY3(IMUL3, G,v, E,v, I,b),
+ [0x6C] = X86_OP_ENTRY2(INS, Y,b, 2,w, nowb), /* DX */
+ [0x6D] = X86_OP_ENTRY2(INS, Y,z, 2,w, nowb), /* DX */
+ [0x6E] = X86_OP_ENTRY2(OUTS, 2,w, X,b, nowb), /* DX */
+ [0x6F] = X86_OP_ENTRY2(OUTS, 2,w, X,b, nowb), /* DX */
+
+ [0x78] = X86_OP_ENTRYr(Jcc, J,b),
+ [0x79] = X86_OP_ENTRYr(Jcc, J,b),
+ [0x7A] = X86_OP_ENTRYr(Jcc, J,b),
+ [0x7B] = X86_OP_ENTRYr(Jcc, J,b),
+ [0x7C] = X86_OP_ENTRYr(Jcc, J,b),
+ [0x7D] = X86_OP_ENTRYr(Jcc, J,b),
+ [0x7E] = X86_OP_ENTRYr(Jcc, J,b),
+ [0x7F] = X86_OP_ENTRYr(Jcc, J,b),
+
+ [0x88] = X86_OP_ENTRY3(MOV, E,b, G,b, None, None),
+ [0x89] = X86_OP_ENTRY3(MOV, E,v, G,v, None, None),
+ [0x8A] = X86_OP_ENTRY3(MOV, G,b, E,b, None, None),
+ [0x8B] = X86_OP_ENTRY3(MOV, G,v, E,v, None, None),
+ [0x8C] = X86_OP_ENTRY3(MOV, E,v, S,w, None, None),
+ [0x8D] = X86_OP_ENTRY3(LEA, G,v, M,v, None, None, noseg),
+ [0x8E] = X86_OP_ENTRY3(MOV, S,w, E,v, None, None),
+ [0x8F] = X86_OP_GROUPw(group1A, E,v),
+
+ [0x98] = X86_OP_ENTRY1(CBW, 0,v), /* rAX */
+ [0x99] = X86_OP_ENTRY3(CWD, 2,v, 0,v, None, None), /* rDX, rAX */
+ [0x9A] = X86_OP_ENTRYr(CALLF, A,p, chk(i64)),
+ [0x9B] = X86_OP_ENTRY0(WAIT),
+ [0x9C] = X86_OP_ENTRY0(PUSHF, chk(vm86_iopl) svm(PUSHF)),
+ [0x9D] = X86_OP_ENTRY0(POPF, chk(vm86_iopl) svm(POPF)),
+ [0x9E] = X86_OP_ENTRY0(SAHF),
+ [0x9F] = X86_OP_ENTRY0(LAHF),
+
+ [0xA8] = X86_OP_ENTRY2(AND, 0,b, I,b, nowb), /* AL, Ib */
+ [0xA9] = X86_OP_ENTRY2(AND, 0,v, I,z, nowb), /* rAX, Iz */
+ [0xAA] = X86_OP_ENTRY2(STOS, Y,b, 0,b, nowb),
+ [0xAB] = X86_OP_ENTRY2(STOS, Y,v, 0,v, nowb),
+ [0xAC] = X86_OP_ENTRY2(LODS, 0,b, X,b, nowb),
+ [0xAD] = X86_OP_ENTRY2(LODS, 0,v, X,v, nowb),
+ [0xAE] = X86_OP_ENTRY2(SCAS, 0,b, Y,b, nowb),
+ [0xAF] = X86_OP_ENTRY2(SCAS, 0,v, Y,v, nowb),
+
+ [0xB8] = X86_OP_ENTRY3(MOV, LoBits,v, I,v, None, None),
+ [0xB9] = X86_OP_ENTRY3(MOV, LoBits,v, I,v, None, None),
+ [0xBA] = X86_OP_ENTRY3(MOV, LoBits,v, I,v, None, None),
+ [0xBB] = X86_OP_ENTRY3(MOV, LoBits,v, I,v, None, None),
+ [0xBC] = X86_OP_ENTRY3(MOV, LoBits,v, I,v, None, None),
+ [0xBD] = X86_OP_ENTRY3(MOV, LoBits,v, I,v, None, None),
+ [0xBE] = X86_OP_ENTRY3(MOV, LoBits,v, I,v, None, None),
+ [0xBF] = X86_OP_ENTRY3(MOV, LoBits,v, I,v, None, None),
};
#undef mmx
@@ -2028,6 +2180,11 @@ static void disas_insn_new(DisasContext *s, CPUState *cpu, int b)
default:
break;
+
+ case X86_SPECIAL_NoSeg:
+ decode.mem.def_seg = -1;
+ s->override = -1;
+ break;
}
if (!validate_vex(s, &decode)) {
diff --git a/target/i386/tcg/decode-new.h b/target/i386/tcg/decode-new.h
index a3983794ac5..32396630865 100644
--- a/target/i386/tcg/decode-new.h
+++ b/target/i386/tcg/decode-new.h
@@ -164,6 +164,9 @@ typedef enum X86InsnSpecial {
/* Writeback not needed or done manually in the callback */
X86_SPECIAL_NoWriteback,
+ /* Do not apply segment base to effective address */
+ X86_SPECIAL_NoSeg,
+
/*
* Register operand 0/2 is zero extended to 32 bits. Rd/Mb or Rd/Mw
* in the manual.
diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
index 6b9f518cc94..267f4fe383a 100644
--- a/target/i386/tcg/emit.c.inc
+++ b/target/i386/tcg/emit.c.inc
@@ -1160,6 +1160,30 @@ static void gen_ANDN(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
prepare_update1_cc(decode, s, CC_OP_LOGICB + ot);
}
+static void gen_ARPL(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ TCGLabel *label1 = gen_new_label();
+ TCGv rpl_adj = tcg_temp_new();
+
+ gen_mov_eflags(s, s->tmp4);
+ tcg_gen_andi_tl(s->tmp4, s->tmp4, ~CC_Z);
+
+ /* Compute dest[rpl] - src[rpl], adjust if result <0. */
+ tcg_gen_andi_tl(rpl_adj, s->T0, 3);
+ tcg_gen_andi_tl(s->T1, s->T1, 3);
+ tcg_gen_sub_tl(rpl_adj, rpl_adj, s->T1);
+
+ tcg_gen_brcondi_tl(TCG_COND_LT, rpl_adj, 0, label1);
+
+ /* Subtract dest[rpl] - src[rpl] to set dest[rpl] = src[rpl]. */
+ tcg_gen_sub_tl(s->T0, s->T0, rpl_adj);
+ tcg_gen_ori_tl(s->tmp4, s->tmp4, CC_Z);
+ gen_set_label(label1);
+
+ decode->cc_src = s->tmp4;
+ decode->cc_op = CC_OP_EFLAGS;
+}
+
static void gen_BEXTR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[0].ot;
@@ -1227,6 +1251,16 @@ static void gen_BLSR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
set_cc_op(s, CC_OP_BMILGB + ot);
}
+static void gen_BOUND(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
+ if (decode->op[1].ot == MO_16) {
+ gen_helper_boundw(tcg_env, s->A0, s->tmp2_i32);
+ } else {
+ gen_helper_boundl(tcg_env, s->A0, s->tmp2_i32);
+ }
+}
+
static void gen_BZHI(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[0].ot;
@@ -1249,6 +1283,43 @@ static void gen_BZHI(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
prepare_update1_cc(decode, s, CC_OP_BMILGB + ot);
}
+static void gen_CALLF(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[2].ot;
+ unsigned int selector, offset;
+
+ if (CODE64(s)) {
+ gen_illegal_opcode(s);
+ return;
+ }
+
+ assert(ot >= MO_16);
+ offset = insn_get(env, s, ot);
+ selector = insn_get(env, s, MO_16);
+ tcg_gen_movi_tl(s->T0, selector);
+ tcg_gen_movi_tl(s->T1, offset);
+ return gen_far_call(s);
+}
+
+static void gen_CBW(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ switch(decode->op[0].ot) {
+#ifdef TARGET_X86_64
+ case MO_64:
+ tcg_gen_ext32s_tl(s->T0, s->T0);
+ break;
+#endif
+ case MO_32:
+ tcg_gen_ext16s_tl(s->T0, s->T0);
+ break;
+ case MO_16:
+ tcg_gen_ext8s_tl(s->T0, s->T0);
+ break;
+ default:
+ g_assert_not_reached();
+ }
+}
+
static void gen_CMPccXADD(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
TCGv z_tl = tcg_constant_tl(0);
@@ -1347,6 +1418,18 @@ static void gen_CMPccXADD(DisasContext *s, CPUX86State *env, X86DecodedInsn *dec
gen_writeback(s, decode, 1, s->cc_srcT);
}
+static void gen_CMPS(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+ if (s->prefix & PREFIX_REPNZ) {
+ gen_repz_cmps(s, ot, 1);
+ } else if (s->prefix & PREFIX_REPZ) {
+ gen_repz_cmps(s, ot, 0);
+ } else {
+ gen_cmps(s, ot);
+ }
+}
+
static void gen_CRC32(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[2].ot;
@@ -1385,6 +1468,24 @@ static void gen_CVTTPx2PI(DisasContext *s, CPUX86State *env, X86DecodedInsn *dec
}
}
+static void gen_CWD(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ int shift = 8 << decode->op[0].ot;
+ switch (shift) {
+ case 64:
+ break;
+ case 32:
+ tcg_gen_ext32s_tl(s->T0, s->T0);
+ break;
+ case 16:
+ tcg_gen_ext16s_tl(s->T0, s->T0);
+ break;
+ default:
+ g_assert_not_reached();
+ }
+ tcg_gen_sari_tl(s->T0, s->T0, shift - 1);
+}
+
static void gen_DAA(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
gen_update_cc_op(s);
@@ -1431,6 +1532,58 @@ static void gen_EXTRQ_r(DisasContext *s, CPUX86State *env, X86DecodedInsn *decod
gen_helper_extrq_r(tcg_env, OP_PTR0, OP_PTR2);
}
+static void gen_IMUL3(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+ TCGv cc_src_rhs;
+
+ switch (ot) {
+ case MO_16:
+ tcg_gen_ext16s_tl(s->T0, s->T0);
+ tcg_gen_ext16s_tl(s->T1, s->T1);
+ /* XXX: use 32 bit mul which could be faster */
+ tcg_gen_mul_tl(s->T0, s->T0, s->T1);
+ /* Compare the full result to the extension of the truncated result. */
+ tcg_gen_ext16s_tl(s->T1, s->T0);
+ cc_src_rhs = s->T0;
+ break;
+
+ case MO_32:
+#ifdef TARGET_X86_64
+ /*
+ * This could also use the same algorithm as MO_16. It produces fewer
+ * TCG ops and better code if flags are needed, but it requires a 64-bit
+ * multiply even if they are not (and thus the high part of the multiply
+ * is dead).
+ */
+ tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
+ tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1);
+ tcg_gen_muls2_i32(s->tmp2_i32, s->tmp3_i32,
+ s->tmp2_i32, s->tmp3_i32);
+ tcg_gen_extu_i32_tl(s->T0, s->tmp2_i32);
+ tcg_gen_extu_i32_tl(s->tmp0, s->tmp3_i32);
+ /* Compare the high part to the sign bit of the truncated result */
+ tcg_gen_negsetcondi_i32(TCG_COND_LT, s->tmp2_i32, s->tmp2_i32, 0);
+ tcg_gen_extu_i32_tl(s->T1, s->tmp2_i32);
+ cc_src_rhs = s->tmp0;
+ break;
+
+ case MO_64:
+#endif
+ tcg_gen_muls2_tl(s->T0, s->tmp0, s->T0, s->T1);
+ /* Compare the high part to the sign bit of the truncated result */
+ tcg_gen_negsetcondi_tl(TCG_COND_LT, s->T1, s->T0, 0);
+ cc_src_rhs = s->tmp0;
+ break;
+
+ default:
+ g_assert_not_reached();
+ }
+
+ tcg_gen_sub_tl(s->T1, s->T1, cc_src_rhs);
+ prepare_update2_cc(decode, s, CC_OP_MULB + ot);
+}
+
static void gen_INC(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[0].ot;
@@ -1445,6 +1598,25 @@ static void gen_INC(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
prepare_update_cc_incdec(decode, s, CC_OP_INCB + ot);
}
+static void gen_INS(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+
+ tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T1);
+ tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32);
+ if (!gen_check_io(s, ot, s->tmp2_i32,
+ SVM_IOIO_TYPE_MASK | SVM_IOIO_STR_MASK)) {
+ return;
+ }
+
+ translator_io_start(&s->base);
+ if (s->prefix & (PREFIX_REPZ | PREFIX_REPNZ)) {
+ gen_repz_ins(s, ot);
+ } else {
+ gen_ins(s, ot);
+ }
+}
+
static void gen_INSERTQ_i(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
TCGv_i32 length = tcg_constant_i32(decode->immediate & 63);
@@ -1458,12 +1630,50 @@ static void gen_INSERTQ_r(DisasContext *s, CPUX86State *env, X86DecodedInsn *dec
gen_helper_insertq_r(tcg_env, OP_PTR0, OP_PTR2);
}
+static void gen_Jcc(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_bnd_jmp(s);
+ gen_jcc(s, decode->b & 0xf, decode->immediate);
+}
+
+static void gen_LAHF(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM)) {
+ return gen_illegal_opcode(s);
+ }
+ gen_compute_eflags(s);
+ /* Note: gen_compute_eflags() only gives the condition codes */
+ tcg_gen_ori_tl(s->T0, cpu_cc_src, 0x02);
+ tcg_gen_deposit_tl(cpu_regs[R_EAX], cpu_regs[R_EAX], s->T0, 8, 8);
+}
+
static void gen_LDMXCSR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T1);
gen_helper_ldmxcsr(tcg_env, s->tmp2_i32);
}
+static void gen_LEA(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ tcg_gen_mov_tl(s->T0, s->A0);
+}
+
+static void gen_LODS(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+ if (s->prefix & (PREFIX_REPZ | PREFIX_REPNZ)) {
+ gen_repz_lods(s, ot);
+ } else {
+ gen_lods(s, ot);
+ }
+}
+
+static void gen_MOV(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ /* nothing to do! */
+}
+#define gen_NOP gen_MOV
+
static void gen_MASKMOV(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
tcg_gen_mov_tl(s->A0, cpu_regs[R_EDI]);
@@ -1573,6 +1783,21 @@ static void gen_MOVq_dq(DisasContext *s, CPUX86State *env, X86DecodedInsn *decod
return gen_MOVQ(s, env, decode);
}
+static void gen_MOVS(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+ if (s->prefix & (PREFIX_REPZ | PREFIX_REPNZ)) {
+ gen_repz_movs(s, ot);
+ } else {
+ gen_movs(s, ot);
+ }
+}
+
+static void gen_MOVSXD(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ tcg_gen_ext32s_tl(s->T0, s->T0);
+}
+
static void gen_MULX(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[0].ot;
@@ -1609,6 +1834,24 @@ static void gen_OR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
prepare_update1_cc(decode, s, CC_OP_LOGICB + ot);
}
+static void gen_OUTS(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[1].ot;
+
+ tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
+ tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32);
+ if (!gen_check_io(s, ot, s->tmp2_i32, SVM_IOIO_STR_MASK)) {
+ return;
+ }
+
+ translator_io_start(&s->base);
+ if (s->prefix & (PREFIX_REPZ | PREFIX_REPNZ)) {
+ gen_repz_outs(s, ot);
+ } else {
+ gen_outs(s, ot);
+ }
+}
+
static void gen_PALIGNR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
TCGv_i32 imm = tcg_constant8u_i32(decode->immediate);
@@ -1872,6 +2115,33 @@ static void gen_POP(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
gen_pop_update(s, ot);
}
+static void gen_POPA(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_popa(s);
+}
+
+static void gen_POPF(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot;
+ int mask = TF_MASK | AC_MASK | ID_MASK | NT_MASK;
+
+ if (CPL(s) == 0) {
+ mask |= IF_MASK | IOPL_MASK;
+ } else if (CPL(s) <= IOPL(s)) {
+ mask |= IF_MASK;
+ }
+ if (s->dflag == MO_16) {
+ mask &= 0xffff;
+ }
+
+ ot = gen_pop_T0(s);
+ gen_helper_write_eflags(tcg_env, s->T0, tcg_constant_i32(mask));
+ gen_pop_update(s, ot);
+ set_cc_op(s, CC_OP_EFLAGS);
+ /* abort translation because TF/AC flag may change */
+ s->base.is_jmp = DISAS_EOB_NEXT;
+}
+
static void gen_PSHUFW(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
TCGv_i32 imm = tcg_constant8u_i32(decode->immediate);
@@ -2023,6 +2293,18 @@ static void gen_PUSH(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
gen_push_v(s, s->T1);
}
+static void gen_PUSHA(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_pusha(s);
+}
+
+static void gen_PUSHF(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_update_cc_op(s);
+ gen_helper_read_eflags(s->T0, tcg_env);
+ gen_push_v(s, s->T0);
+}
+
static void gen_RORX(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[0].ot;
@@ -2037,6 +2319,18 @@ static void gen_RORX(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
}
}
+static void gen_SAHF(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM)) {
+ return gen_illegal_opcode(s);
+ }
+ tcg_gen_shri_tl(s->T0, cpu_regs[R_EAX], 8);
+ gen_compute_eflags(s);
+ tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, CC_O);
+ tcg_gen_andi_tl(s->T0, s->T0, CC_S | CC_Z | CC_A | CC_P | CC_C);
+ tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, s->T0);
+}
+
static void gen_SARX(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[0].ot;
@@ -2067,6 +2361,18 @@ static void gen_SBB(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
prepare_update3_cc(decode, s, CC_OP_SBBB + ot, s->tmp4);
}
+static void gen_SCAS(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+ if (s->prefix & PREFIX_REPNZ) {
+ gen_repz_scas(s, ot, 1);
+ } else if (s->prefix & PREFIX_REPZ) {
+ gen_repz_scas(s, ot, 0);
+ } else {
+ gen_scas(s, ot);
+ }
+}
+
static void gen_SHA1NEXTE(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
gen_helper_sha1nexte(OP_PTR0, OP_PTR1, OP_PTR2);
@@ -2157,6 +2463,16 @@ static void gen_STMXCSR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decod
tcg_gen_ld32u_tl(s->T0, tcg_env, offsetof(CPUX86State, mxcsr));
}
+static void gen_STOS(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ MemOp ot = decode->op[0].ot;
+ if (s->prefix & (PREFIX_REPZ | PREFIX_REPNZ)) {
+ gen_repz_stos(s, ot);
+ } else {
+ gen_stos(s, ot);
+ }
+}
+
static void gen_SUB(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
MemOp ot = decode->op[0].ot;
@@ -2653,6 +2969,43 @@ static void gen_VZEROUPPER(DisasContext *s, CPUX86State *env, X86DecodedInsn *de
}
}
+static void gen_WAIT(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ if ((s->flags & (HF_MP_MASK | HF_TS_MASK)) == (HF_MP_MASK | HF_TS_MASK)) {
+ gen_NM_exception(s);
+ } else {
+ /* needs to be treated as I/O because of ferr_irq */
+ translator_io_start(&s->base);
+ gen_helper_fwait(tcg_env);
+ }
+}
+
+static void gen_XCHG(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ if (decode->b == 0x90 && !REX_B(s)) {
+ if (s->prefix & PREFIX_REPZ) {
+ gen_update_cc_op(s);
+ gen_update_eip_cur(s);
+ gen_helper_pause(tcg_env, cur_insn_len_i32(s));
+ s->base.is_jmp = DISAS_NORETURN;
+ }
+ /* No writeback. */
+ decode->op[0].unit = X86_OP_SKIP;
+ return;
+ }
+
+ if (s->prefix & PREFIX_LOCK) {
+ tcg_gen_atomic_xchg_tl(s->T0, s->A0, s->T1,
+ s->mem_index, decode->op[0].ot | MO_LE);
+ /* now store old value into register operand */
+ gen_op_mov_reg_v(s, decode->op[2].ot, decode->op[2].n, s->T0);
+ } else {
+ /* move destination value into source operand, source preserved in T1 */
+ gen_op_mov_reg_v(s, decode->op[2].ot, decode->op[2].n, s->T0);
+ tcg_gen_mov_tl(s->T0, s->T1);
+ }
+}
+
static void gen_XOR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
/* special case XOR reg, reg */
@@ -2660,7 +3013,7 @@ static void gen_XOR(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
decode->op[2].unit == X86_OP_INT &&
decode->op[1].n == decode->op[2].n) {
tcg_gen_movi_tl(s->T0, 0);
- set_cc_op(s, CC_OP_CLR);
+ decode->cc_op = CC_OP_CLR;
} else {
MemOp ot = decode->op[0].ot;
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 2da7c357cdc..9c799b5a980 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -2563,6 +2563,23 @@ static void gen_movl_seg_T0(DisasContext *s, X86Seg seg_reg)
}
}
+static void gen_far_call(DisasContext *s)
+{
+ if (PE(s) && !VM86(s)) {
+ tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
+ gen_helper_lcall_protected(tcg_env, s->tmp2_i32, s->T1,
+ tcg_constant_i32(s->dflag - 1),
+ eip_next_tl(s));
+ } else {
+ tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
+ tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1);
+ gen_helper_lcall_real(tcg_env, s->tmp2_i32, s->tmp3_i32,
+ tcg_constant_i32(s->dflag - 1),
+ eip_next_i32(s));
+ }
+ s->base.is_jmp = DISAS_JUMP;
+}
+
static void gen_svm_check_intercept(DisasContext *s, uint32_t type)
{
/* no SVM activated; fast case */
@@ -3108,6 +3125,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
s->pc = s->base.pc_next;
s->override = -1;
+ s->popl_esp_hack = 0;
#ifdef TARGET_X86_64
s->rex_r = 0;
s->rex_x = 0;
@@ -3164,7 +3182,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
#ifndef CONFIG_USER_ONLY
use_new &= b <= limit;
#endif
- if (use_new && b <= 0x5f) {
+ if (use_new && b <= 0xbf) {
disas_insn_new(s, cpu, b);
return true;
}
@@ -3675,20 +3693,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
gen_op_ld_v(s, ot, s->T1, s->A0);
gen_add_A0_im(s, 1 << ot);
gen_op_ld_v(s, MO_16, s->T0, s->A0);
- do_lcall:
- if (PE(s) && !VM86(s)) {
- tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
- gen_helper_lcall_protected(tcg_env, s->tmp2_i32, s->T1,
- tcg_constant_i32(dflag - 1),
- eip_next_tl(s));
- } else {
- tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
- tcg_gen_trunc_tl_i32(s->tmp3_i32, s->T1);
- gen_helper_lcall_real(tcg_env, s->tmp2_i32, s->tmp3_i32,
- tcg_constant_i32(dflag - 1),
- eip_next_i32(s));
- }
- s->base.is_jmp = DISAS_JUMP;
+ gen_far_call(s);
break;
case 4: /* jmp Ev */
if (dflag == MO_16) {
@@ -5200,7 +5205,8 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
tcg_gen_movi_tl(s->T0, selector);
tcg_gen_movi_tl(s->T1, offset);
}
- goto do_lcall;
+ gen_far_call(s);
+ break;
case 0xe9: /* jmp im */
{
int diff = (dflag != MO_16
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 16/19] target/i386: move operand load and writeback out of gen_cmovcc1
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (14 preceding siblings ...)
2023-10-19 10:48 ` [PATCH v2 15/19] target/i386: move 60-BF opcodes to new decoder Paolo Bonzini
@ 2023-10-19 10:48 ` Paolo Bonzini
2023-10-19 10:48 ` [PATCH v2 17/19] target/i386: move remaining conditional operations to new decoder Paolo Bonzini
` (4 subsequent siblings)
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:48 UTC (permalink / raw)
To: qemu-devel
Similar to gen_setcc1, make gen_cmovcc1 receive TCGv. This is more friendly
to simultaneous implementation in the old and the new decoder.
A small wart is that s->T0 of CMOV is currently the *second* argument (which
would ordinarily be in T1). Therefore, the condition as to be inverted in
order to overwrite s->T0 with cpu_regs[reg] if the MOV is not performed.
This only applies to the old decoder, and this code will go away soon.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/translate.c | 20 ++++++++------------
1 file changed, 8 insertions(+), 12 deletions(-)
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 9c799b5a980..2c4e680a69e 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -2503,26 +2503,20 @@ static void gen_jcc(DisasContext *s, int b, int diff)
gen_jmp_rel(s, s->dflag, diff, 0);
}
-static void gen_cmovcc1(CPUX86State *env, DisasContext *s, MemOp ot, int b,
- int modrm, int reg)
+static void gen_cmovcc1(DisasContext *s, int b, TCGv dest, TCGv src)
{
CCPrepare cc;
- gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
-
- cc = gen_prepare_cc(s, b, s->T1);
+ cc = gen_prepare_cc(s, b, s->tmp4);
if (cc.mask != -1) {
- TCGv t0 = tcg_temp_new();
- tcg_gen_andi_tl(t0, cc.reg, cc.mask);
- cc.reg = t0;
+ tcg_gen_andi_tl(s->tmp4, cc.reg, cc.mask);
+ cc.reg = s->tmp4;
}
if (!cc.use_reg2) {
cc.reg2 = tcg_constant_tl(cc.imm);
}
- tcg_gen_movcond_tl(cc.cond, s->T0, cc.reg, cc.reg2,
- s->T0, cpu_regs[reg]);
- gen_op_mov_reg_v(s, ot, reg, s->T0);
+ tcg_gen_movcond_tl(cc.cond, dest, cc.reg, cc.reg2, src, dest);
}
static inline void gen_op_movl_T0_seg(DisasContext *s, X86Seg seg_reg)
@@ -5265,7 +5259,9 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
ot = dflag;
modrm = x86_ldub_code(env, s);
reg = ((modrm >> 3) & 7) | REX_R(s);
- gen_cmovcc1(env, s, ot, b, modrm, reg);
+ gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
+ gen_cmovcc1(s, b ^ 1, s->T0, cpu_regs[reg]);
+ gen_op_mov_reg_v(s, ot, reg, s->T0);
break;
/************************/
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 17/19] target/i386: move remaining conditional operations to new decoder
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (15 preceding siblings ...)
2023-10-19 10:48 ` [PATCH v2 16/19] target/i386: move operand load and writeback out of gen_cmovcc1 Paolo Bonzini
@ 2023-10-19 10:48 ` Paolo Bonzini
2023-10-19 10:48 ` [PATCH v2 18/19] target/i386: remove now converted opcodes from old decoder Paolo Bonzini
` (3 subsequent siblings)
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:48 UTC (permalink / raw)
To: qemu-devel
Move long-displacement Jcc, SETcc and CMOVcc to the new decoder.
While filling in the tables makes the code seem longer, the new
emitters are all just one line of code.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/decode-new.c.inc | 56 ++++++++++++++++++++++++++++++++
target/i386/tcg/decode-new.h | 1 +
target/i386/tcg/emit.c.inc | 10 ++++++
target/i386/tcg/translate.c | 4 ++-
4 files changed, 70 insertions(+), 1 deletion(-)
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index d0baf972208..e68f5ae068e 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -944,6 +944,15 @@ static const X86OpEntry opcodes_0F[256] = {
/* Incorrectly listed as Mq,Vq in the manual */
[0x17] = X86_OP_ENTRY3(VMOVHPx_st, M,q, None,None, V,dq, vex5 p_00_66),
+ [0x40] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+ [0x41] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+ [0x42] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+ [0x43] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+ [0x44] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+ [0x45] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+ [0x46] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+ [0x47] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+
[0x50] = X86_OP_ENTRY3(MOVMSK, G,y, None,None, U,x, vex7 p_00_66),
[0x51] = X86_OP_GROUP3(sse_unary, V,x, H,x, W,x, vex2_rep3 p_00_66_f3_f2), /* sqrtps */
[0x52] = X86_OP_GROUP3(sse_unary, V,x, H,x, W,x, vex4_rep5 p_00_f3), /* rsqrtps */
@@ -971,6 +980,24 @@ static const X86OpEntry opcodes_0F[256] = {
[0x76] = X86_OP_ENTRY3(PCMPEQD, V,x, H,x, W,x, vex4 mmx avx2_256 p_00_66),
[0x77] = X86_OP_GROUP0(0F77),
+ [0x80] = X86_OP_ENTRYr(Jcc, J,z),
+ [0x81] = X86_OP_ENTRYr(Jcc, J,z),
+ [0x82] = X86_OP_ENTRYr(Jcc, J,z),
+ [0x83] = X86_OP_ENTRYr(Jcc, J,z),
+ [0x84] = X86_OP_ENTRYr(Jcc, J,z),
+ [0x85] = X86_OP_ENTRYr(Jcc, J,z),
+ [0x86] = X86_OP_ENTRYr(Jcc, J,z),
+ [0x87] = X86_OP_ENTRYr(Jcc, J,z),
+
+ [0x90] = X86_OP_ENTRYw(SETcc, E,b),
+ [0x91] = X86_OP_ENTRYw(SETcc, E,b),
+ [0x92] = X86_OP_ENTRYw(SETcc, E,b),
+ [0x93] = X86_OP_ENTRYw(SETcc, E,b),
+ [0x94] = X86_OP_ENTRYw(SETcc, E,b),
+ [0x95] = X86_OP_ENTRYw(SETcc, E,b),
+ [0x96] = X86_OP_ENTRYw(SETcc, E,b),
+ [0x97] = X86_OP_ENTRYw(SETcc, E,b),
+
[0x28] = X86_OP_ENTRY3(MOVDQ, V,x, None,None, W,x, vex1 p_00_66), /* MOVAPS */
[0x29] = X86_OP_ENTRY3(MOVDQ, W,x, None,None, V,x, vex1 p_00_66), /* MOVAPS */
[0x2A] = X86_OP_GROUP0(0F2A),
@@ -983,6 +1010,15 @@ static const X86OpEntry opcodes_0F[256] = {
[0x38] = X86_OP_GROUP0(0F38),
[0x3a] = X86_OP_GROUP0(0F3A),
+ [0x48] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+ [0x49] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+ [0x4a] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+ [0x4b] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+ [0x4c] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+ [0x4d] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+ [0x4e] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+ [0x4f] = X86_OP_ENTRY2(CMOVcc, G,v, E,v, cpuid(CMOV)),
+
[0x58] = X86_OP_ENTRY3(VADD, V,x, H,x, W,x, vex2_rep3 p_00_66_f3_f2),
[0x59] = X86_OP_ENTRY3(VMUL, V,x, H,x, W,x, vex2_rep3 p_00_66_f3_f2),
[0x5a] = X86_OP_GROUP0(0F5A),
@@ -1008,6 +1044,24 @@ static const X86OpEntry opcodes_0F[256] = {
[0x7e] = X86_OP_GROUP0(0F7E),
[0x7f] = X86_OP_GROUP0(0F7F),
+ [0x88] = X86_OP_ENTRYr(Jcc, J,z),
+ [0x89] = X86_OP_ENTRYr(Jcc, J,z),
+ [0x8a] = X86_OP_ENTRYr(Jcc, J,z),
+ [0x8b] = X86_OP_ENTRYr(Jcc, J,z),
+ [0x8c] = X86_OP_ENTRYr(Jcc, J,z),
+ [0x8d] = X86_OP_ENTRYr(Jcc, J,z),
+ [0x8e] = X86_OP_ENTRYr(Jcc, J,z),
+ [0x8f] = X86_OP_ENTRYr(Jcc, J,z),
+
+ [0x98] = X86_OP_ENTRYw(SETcc, E,b),
+ [0x99] = X86_OP_ENTRYw(SETcc, E,b),
+ [0x9a] = X86_OP_ENTRYw(SETcc, E,b),
+ [0x9b] = X86_OP_ENTRYw(SETcc, E,b),
+ [0x9c] = X86_OP_ENTRYw(SETcc, E,b),
+ [0x9d] = X86_OP_ENTRYw(SETcc, E,b),
+ [0x9e] = X86_OP_ENTRYw(SETcc, E,b),
+ [0x9f] = X86_OP_ENTRYw(SETcc, E,b),
+
[0xae] = X86_OP_GROUP0(group15),
[0xc2] = X86_OP_ENTRY4(VCMP, V,x, H,x, W,x, vex2_rep3 p_00_66_f3_f2),
@@ -1743,6 +1797,8 @@ static bool has_cpuid_feature(DisasContext *s, X86CPUIDFeature cpuid)
switch (cpuid) {
case X86_FEAT_None:
return true;
+ case X86_FEAT_CMOV:
+ return (s->cpuid_features & CPUID_CMOV);
case X86_FEAT_F16C:
return (s->cpuid_ext_features & CPUID_EXT_F16C);
case X86_FEAT_FMA:
diff --git a/target/i386/tcg/decode-new.h b/target/i386/tcg/decode-new.h
index 32396630865..119de3bf342 100644
--- a/target/i386/tcg/decode-new.h
+++ b/target/i386/tcg/decode-new.h
@@ -105,6 +105,7 @@ typedef enum X86CPUIDFeature {
X86_FEAT_AVX2,
X86_FEAT_BMI1,
X86_FEAT_BMI2,
+ X86_FEAT_CMOV,
X86_FEAT_CMPCCXADD,
X86_FEAT_F16C,
X86_FEAT_FMA,
diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
index 267f4fe383a..05e1fb16844 100644
--- a/target/i386/tcg/emit.c.inc
+++ b/target/i386/tcg/emit.c.inc
@@ -1636,6 +1636,16 @@ static void gen_Jcc(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
gen_jcc(s, decode->b & 0xf, decode->immediate);
}
+static void gen_SETcc(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_setcc1(s, decode->b & 0xf, s->T0);
+}
+
+static void gen_CMOVcc(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
+{
+ gen_cmovcc1(s, decode->b & 0xf, s->T0, s->T1);
+}
+
static void gen_LAHF(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode)
{
if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM)) {
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 2c4e680a69e..1f3cc6361c0 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -3186,7 +3186,9 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
#ifndef CONFIG_USER_ONLY
use_new &= b <= limit;
#endif
- if (use_new && 0) {
+ if (use_new &&
+ ((b >= 0x140 && b <= 0x14f) ||
+ (b >= 0x180 && b <= 0x19f))) {
disas_insn_new(s, cpu, b);
return true;
}
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 18/19] target/i386: remove now converted opcodes from old decoder
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (16 preceding siblings ...)
2023-10-19 10:48 ` [PATCH v2 17/19] target/i386: move remaining conditional operations to new decoder Paolo Bonzini
@ 2023-10-19 10:48 ` Paolo Bonzini
2023-10-19 10:48 ` [PATCH v2 19/19] target/i386: remove gen_op Paolo Bonzini
` (2 subsequent siblings)
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:48 UTC (permalink / raw)
To: qemu-devel
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/translate.c | 705 +-----------------------------------
1 file changed, 4 insertions(+), 701 deletions(-)
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 1f3cc6361c0..6e091fdb7f6 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -3176,7 +3176,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
#ifndef CONFIG_USER_ONLY
use_new &= b <= limit;
#endif
- if (use_new && b <= 0xbf) {
+ if (use_new && 0) {
disas_insn_new(s, cpu, b);
return true;
}
@@ -3186,9 +3186,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
#ifndef CONFIG_USER_ONLY
use_new &= b <= limit;
#endif
- if (use_new &&
- ((b >= 0x140 && b <= 0x14f) ||
- (b >= 0x180 && b <= 0x19f))) {
+ if (use_new && 0) {
disas_insn_new(s, cpu, b);
return true;
}
@@ -3289,119 +3287,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
switch (b) {
/**************************/
/* arith & logic */
- case 0x00 ... 0x05:
- case 0x08 ... 0x0d:
- case 0x10 ... 0x15:
- case 0x18 ... 0x1d:
- case 0x20 ... 0x25:
- case 0x28 ... 0x2d:
- case 0x30 ... 0x35:
- case 0x38 ... 0x3d:
- {
- int f;
- op = (b >> 3) & 7;
- f = (b >> 1) & 3;
-
- ot = mo_b_d(b, dflag);
-
- switch(f) {
- case 0: /* OP Ev, Gv */
- modrm = x86_ldub_code(env, s);
- reg = ((modrm >> 3) & 7) | REX_R(s);
- mod = (modrm >> 6) & 3;
- rm = (modrm & 7) | REX_B(s);
- if (mod != 3) {
- gen_lea_modrm(env, s, modrm);
- opreg = OR_TMP0;
- } else if (op == OP_XORL && rm == reg) {
- xor_zero:
- /* xor reg, reg optimisation */
- set_cc_op(s, CC_OP_CLR);
- tcg_gen_movi_tl(s->T0, 0);
- gen_op_mov_reg_v(s, ot, reg, s->T0);
- break;
- } else {
- opreg = rm;
- }
- gen_op_mov_v_reg(s, ot, s->T1, reg);
- gen_op(s, op, ot, opreg);
- break;
- case 1: /* OP Gv, Ev */
- modrm = x86_ldub_code(env, s);
- mod = (modrm >> 6) & 3;
- reg = ((modrm >> 3) & 7) | REX_R(s);
- rm = (modrm & 7) | REX_B(s);
- if (mod != 3) {
- gen_lea_modrm(env, s, modrm);
- gen_op_ld_v(s, ot, s->T1, s->A0);
- } else if (op == OP_XORL && rm == reg) {
- goto xor_zero;
- } else {
- gen_op_mov_v_reg(s, ot, s->T1, rm);
- }
- gen_op(s, op, ot, reg);
- break;
- case 2: /* OP A, Iv */
- val = insn_get(env, s, ot);
- tcg_gen_movi_tl(s->T1, val);
- gen_op(s, op, ot, OR_EAX);
- break;
- }
- }
- break;
-
- case 0x82:
- if (CODE64(s))
- goto illegal_op;
- /* fall through */
- case 0x80: /* GRP1 */
- case 0x81:
- case 0x83:
- {
- ot = mo_b_d(b, dflag);
-
- modrm = x86_ldub_code(env, s);
- mod = (modrm >> 6) & 3;
- rm = (modrm & 7) | REX_B(s);
- op = (modrm >> 3) & 7;
-
- if (mod != 3) {
- if (b == 0x83)
- s->rip_offset = 1;
- else
- s->rip_offset = insn_const_size(ot);
- gen_lea_modrm(env, s, modrm);
- opreg = OR_TMP0;
- } else {
- opreg = rm;
- }
-
- switch(b) {
- default:
- case 0x80:
- case 0x81:
- case 0x82:
- val = insn_get(env, s, ot);
- break;
- case 0x83:
- val = (int8_t)insn_get(env, s, MO_8);
- break;
- }
- tcg_gen_movi_tl(s->T1, val);
- gen_op(s, op, ot, opreg);
- }
- break;
-
- /**************************/
- /* inc, dec, and other misc arith */
- case 0x40 ... 0x47: /* inc Gv */
- ot = dflag;
- gen_inc(s, ot, OR_EAX + (b & 7), 1);
- break;
- case 0x48 ... 0x4f: /* dec Gv */
- ot = dflag;
- gen_inc(s, ot, OR_EAX + (b & 7), -1);
- break;
case 0xf6: /* GRP3 */
case 0xf7:
ot = mo_b_d(b, dflag);
@@ -3725,81 +3610,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
}
break;
- case 0x84: /* test Ev, Gv */
- case 0x85:
- ot = mo_b_d(b, dflag);
-
- modrm = x86_ldub_code(env, s);
- reg = ((modrm >> 3) & 7) | REX_R(s);
-
- gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
- gen_op_mov_v_reg(s, ot, s->T1, reg);
- gen_op_testl_T0_T1_cc(s);
- set_cc_op(s, CC_OP_LOGICB + ot);
- break;
-
- case 0xa8: /* test eAX, Iv */
- case 0xa9:
- ot = mo_b_d(b, dflag);
- val = insn_get(env, s, ot);
-
- gen_op_mov_v_reg(s, ot, s->T0, OR_EAX);
- tcg_gen_movi_tl(s->T1, val);
- gen_op_testl_T0_T1_cc(s);
- set_cc_op(s, CC_OP_LOGICB + ot);
- break;
-
- case 0x98: /* CWDE/CBW */
- switch (dflag) {
-#ifdef TARGET_X86_64
- case MO_64:
- gen_op_mov_v_reg(s, MO_32, s->T0, R_EAX);
- tcg_gen_ext32s_tl(s->T0, s->T0);
- gen_op_mov_reg_v(s, MO_64, R_EAX, s->T0);
- break;
-#endif
- case MO_32:
- gen_op_mov_v_reg(s, MO_16, s->T0, R_EAX);
- tcg_gen_ext16s_tl(s->T0, s->T0);
- gen_op_mov_reg_v(s, MO_32, R_EAX, s->T0);
- break;
- case MO_16:
- gen_op_mov_v_reg(s, MO_8, s->T0, R_EAX);
- tcg_gen_ext8s_tl(s->T0, s->T0);
- gen_op_mov_reg_v(s, MO_16, R_EAX, s->T0);
- break;
- default:
- g_assert_not_reached();
- }
- break;
- case 0x99: /* CDQ/CWD */
- switch (dflag) {
-#ifdef TARGET_X86_64
- case MO_64:
- gen_op_mov_v_reg(s, MO_64, s->T0, R_EAX);
- tcg_gen_sari_tl(s->T0, s->T0, 63);
- gen_op_mov_reg_v(s, MO_64, R_EDX, s->T0);
- break;
-#endif
- case MO_32:
- gen_op_mov_v_reg(s, MO_32, s->T0, R_EAX);
- tcg_gen_ext32s_tl(s->T0, s->T0);
- tcg_gen_sari_tl(s->T0, s->T0, 31);
- gen_op_mov_reg_v(s, MO_32, R_EDX, s->T0);
- break;
- case MO_16:
- gen_op_mov_v_reg(s, MO_16, s->T0, R_EAX);
- tcg_gen_ext16s_tl(s->T0, s->T0);
- tcg_gen_sari_tl(s->T0, s->T0, 15);
- gen_op_mov_reg_v(s, MO_16, R_EDX, s->T0);
- break;
- default:
- g_assert_not_reached();
- }
- break;
case 0x1af: /* imul Gv, Ev */
- case 0x69: /* imul Gv, Ev, I */
- case 0x6b:
ot = dflag;
modrm = x86_ldub_code(env, s);
reg = ((modrm >> 3) & 7) | REX_R(s);
@@ -4008,53 +3819,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
/**************************/
/* push/pop */
- case 0x50 ... 0x57: /* push */
- gen_op_mov_v_reg(s, MO_32, s->T0, (b & 7) | REX_B(s));
- gen_push_v(s, s->T0);
- break;
- case 0x58 ... 0x5f: /* pop */
- ot = gen_pop_T0(s);
- /* NOTE: order is important for pop %sp */
- gen_pop_update(s, ot);
- gen_op_mov_reg_v(s, ot, (b & 7) | REX_B(s), s->T0);
- break;
- case 0x60: /* pusha */
- if (CODE64(s))
- goto illegal_op;
- gen_pusha(s);
- break;
- case 0x61: /* popa */
- if (CODE64(s))
- goto illegal_op;
- gen_popa(s);
- break;
- case 0x68: /* push Iv */
- case 0x6a:
- ot = mo_pushpop(s, dflag);
- if (b == 0x68)
- val = insn_get(env, s, ot);
- else
- val = (int8_t)insn_get(env, s, MO_8);
- tcg_gen_movi_tl(s->T0, val);
- gen_push_v(s, s->T0);
- break;
- case 0x8f: /* pop Ev */
- modrm = x86_ldub_code(env, s);
- mod = (modrm >> 6) & 3;
- ot = gen_pop_T0(s);
- if (mod == 3) {
- /* NOTE: order is important for pop %sp */
- gen_pop_update(s, ot);
- rm = (modrm & 7) | REX_B(s);
- gen_op_mov_reg_v(s, ot, rm, s->T0);
- } else {
- /* NOTE: order is important too for MMU exceptions */
- s->popl_esp_hack = 1 << ot;
- gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
- s->popl_esp_hack = 0;
- gen_pop_update(s, ot);
- }
- break;
case 0xc8: /* enter */
{
int level;
@@ -4066,30 +3830,11 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
case 0xc9: /* leave */
gen_leave(s);
break;
- case 0x06: /* push es */
- case 0x0e: /* push cs */
- case 0x16: /* push ss */
- case 0x1e: /* push ds */
- if (CODE64(s))
- goto illegal_op;
- gen_op_movl_T0_seg(s, b >> 3);
- gen_push_v(s, s->T0);
- break;
case 0x1a0: /* push fs */
case 0x1a8: /* push gs */
gen_op_movl_T0_seg(s, (b >> 3) & 7);
gen_push_v(s, s->T0);
break;
- case 0x07: /* pop es */
- case 0x17: /* pop ss */
- case 0x1f: /* pop ds */
- if (CODE64(s))
- goto illegal_op;
- reg = b >> 3;
- ot = gen_pop_T0(s);
- gen_movl_seg_T0(s, reg);
- gen_pop_update(s, ot);
- break;
case 0x1a1: /* pop fs */
case 0x1a9: /* pop gs */
ot = gen_pop_T0(s);
@@ -4099,15 +3844,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
/**************************/
/* mov */
- case 0x88:
- case 0x89: /* mov Gv, Ev */
- ot = mo_b_d(b, dflag);
- modrm = x86_ldub_code(env, s);
- reg = ((modrm >> 3) & 7) | REX_R(s);
-
- /* generate a generic store */
- gen_ldst_modrm(env, s, modrm, ot, reg, 1);
- break;
case 0xc6:
case 0xc7: /* mov Ev, Iv */
ot = mo_b_d(b, dflag);
@@ -4125,33 +3861,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
gen_op_mov_reg_v(s, ot, (modrm & 7) | REX_B(s), s->T0);
}
break;
- case 0x8a:
- case 0x8b: /* mov Ev, Gv */
- ot = mo_b_d(b, dflag);
- modrm = x86_ldub_code(env, s);
- reg = ((modrm >> 3) & 7) | REX_R(s);
-
- gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
- gen_op_mov_reg_v(s, ot, reg, s->T0);
- break;
- case 0x8e: /* mov seg, Gv */
- modrm = x86_ldub_code(env, s);
- reg = (modrm >> 3) & 7;
- if (reg >= 6 || reg == R_CS)
- goto illegal_op;
- gen_ldst_modrm(env, s, modrm, MO_16, OR_TMP0, 0);
- gen_movl_seg_T0(s, reg);
- break;
- case 0x8c: /* mov Gv, seg */
- modrm = x86_ldub_code(env, s);
- reg = (modrm >> 3) & 7;
- mod = (modrm >> 6) & 3;
- if (reg >= 6)
- goto illegal_op;
- gen_op_movl_T0_seg(s, reg);
- ot = mod == 3 ? dflag : MO_16;
- gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 1);
- break;
case 0x1b6: /* movzbS Gv, Eb */
case 0x1b7: /* movzwS Gv, Eb */
@@ -4203,40 +3912,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
}
break;
- case 0x8d: /* lea */
- modrm = x86_ldub_code(env, s);
- mod = (modrm >> 6) & 3;
- if (mod == 3)
- goto illegal_op;
- reg = ((modrm >> 3) & 7) | REX_R(s);
- {
- AddressParts a = gen_lea_modrm_0(env, s, modrm);
- TCGv ea = gen_lea_modrm_1(s, a, false);
- gen_lea_v_seg(s, s->aflag, ea, -1, -1);
- gen_op_mov_reg_v(s, dflag, reg, s->A0);
- }
- break;
-
- case 0xa0: /* mov EAX, Ov */
- case 0xa1:
- case 0xa2: /* mov Ov, EAX */
- case 0xa3:
- {
- target_ulong offset_addr;
-
- ot = mo_b_d(b, dflag);
- offset_addr = insn_get_addr(env, s, s->aflag);
- tcg_gen_movi_tl(s->A0, offset_addr);
- gen_add_A0_ds_seg(s);
- if ((b & 2) == 0) {
- gen_op_ld_v(s, ot, s->T0, s->A0);
- gen_op_mov_reg_v(s, ot, R_EAX, s->T0);
- } else {
- gen_op_mov_v_reg(s, ot, s->T0, R_EAX);
- gen_op_st_v(s, ot, s->T0, s->A0);
- }
- }
- break;
case 0xd7: /* xlat */
tcg_gen_mov_tl(s->A0, cpu_regs[R_EBX]);
tcg_gen_ext8u_tl(s->T0, cpu_regs[R_EAX]);
@@ -4246,59 +3921,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
gen_op_ld_v(s, MO_8, s->T0, s->A0);
gen_op_mov_reg_v(s, MO_8, R_EAX, s->T0);
break;
- case 0xb0 ... 0xb7: /* mov R, Ib */
- val = insn_get(env, s, MO_8);
- tcg_gen_movi_tl(s->T0, val);
- gen_op_mov_reg_v(s, MO_8, (b & 7) | REX_B(s), s->T0);
- break;
- case 0xb8 ... 0xbf: /* mov R, Iv */
-#ifdef TARGET_X86_64
- if (dflag == MO_64) {
- uint64_t tmp;
- /* 64 bit case */
- tmp = x86_ldq_code(env, s);
- reg = (b & 7) | REX_B(s);
- tcg_gen_movi_tl(s->T0, tmp);
- gen_op_mov_reg_v(s, MO_64, reg, s->T0);
- } else
-#endif
- {
- ot = dflag;
- val = insn_get(env, s, ot);
- reg = (b & 7) | REX_B(s);
- tcg_gen_movi_tl(s->T0, val);
- gen_op_mov_reg_v(s, ot, reg, s->T0);
- }
- break;
-
- case 0x91 ... 0x97: /* xchg R, EAX */
- do_xchg_reg_eax:
- ot = dflag;
- reg = (b & 7) | REX_B(s);
- rm = R_EAX;
- goto do_xchg_reg;
- case 0x86:
- case 0x87: /* xchg Ev, Gv */
- ot = mo_b_d(b, dflag);
- modrm = x86_ldub_code(env, s);
- reg = ((modrm >> 3) & 7) | REX_R(s);
- mod = (modrm >> 6) & 3;
- if (mod == 3) {
- rm = (modrm & 7) | REX_B(s);
- do_xchg_reg:
- gen_op_mov_v_reg(s, ot, s->T0, reg);
- gen_op_mov_v_reg(s, ot, s->T1, rm);
- gen_op_mov_reg_v(s, ot, rm, s->T0);
- gen_op_mov_reg_v(s, ot, reg, s->T1);
- } else {
- gen_lea_modrm(env, s, modrm);
- gen_op_mov_v_reg(s, ot, s->T0, reg);
- /* for xchg, lock is implicit */
- tcg_gen_atomic_xchg_tl(s->T1, s->A0, s->T0,
- s->mem_index, ot | MO_LE);
- gen_op_mov_reg_v(s, ot, reg, s->T1);
- }
- break;
case 0xc4: /* les Gv */
/* In CODE64 this is VEX3; see above. */
op = R_ES;
@@ -4973,91 +4595,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
}
}
break;
- /************************/
- /* string ops */
-
- case 0xa4: /* movsS */
- case 0xa5:
- ot = mo_b_d(b, dflag);
- if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
- gen_repz_movs(s, ot);
- } else {
- gen_movs(s, ot);
- }
- break;
-
- case 0xaa: /* stosS */
- case 0xab:
- ot = mo_b_d(b, dflag);
- if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
- gen_repz_stos(s, ot);
- } else {
- gen_stos(s, ot);
- }
- break;
- case 0xac: /* lodsS */
- case 0xad:
- ot = mo_b_d(b, dflag);
- if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
- gen_repz_lods(s, ot);
- } else {
- gen_lods(s, ot);
- }
- break;
- case 0xae: /* scasS */
- case 0xaf:
- ot = mo_b_d(b, dflag);
- if (prefixes & PREFIX_REPNZ) {
- gen_repz_scas(s, ot, 1);
- } else if (prefixes & PREFIX_REPZ) {
- gen_repz_scas(s, ot, 0);
- } else {
- gen_scas(s, ot);
- }
- break;
-
- case 0xa6: /* cmpsS */
- case 0xa7:
- ot = mo_b_d(b, dflag);
- if (prefixes & PREFIX_REPNZ) {
- gen_repz_cmps(s, ot, 1);
- } else if (prefixes & PREFIX_REPZ) {
- gen_repz_cmps(s, ot, 0);
- } else {
- gen_cmps(s, ot);
- }
- break;
- case 0x6c: /* insS */
- case 0x6d:
- ot = mo_b_d32(b, dflag);
- tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]);
- tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32);
- if (!gen_check_io(s, ot, s->tmp2_i32,
- SVM_IOIO_TYPE_MASK | SVM_IOIO_STR_MASK)) {
- break;
- }
- translator_io_start(&s->base);
- if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
- gen_repz_ins(s, ot);
- } else {
- gen_ins(s, ot);
- }
- break;
- case 0x6e: /* outsS */
- case 0x6f:
- ot = mo_b_d32(b, dflag);
- tcg_gen_trunc_tl_i32(s->tmp2_i32, cpu_regs[R_EDX]);
- tcg_gen_ext16u_i32(s->tmp2_i32, s->tmp2_i32);
- if (!gen_check_io(s, ot, s->tmp2_i32, SVM_IOIO_STR_MASK)) {
- break;
- }
- translator_io_start(&s->base);
- if (prefixes & (PREFIX_REPZ | PREFIX_REPNZ)) {
- gen_repz_outs(s, ot);
- } else {
- gen_outs(s, ot);
- }
- break;
/************************/
/* port I/O */
@@ -5188,21 +4725,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
gen_jmp_rel(s, dflag, diff, 0);
}
break;
- case 0x9a: /* lcall im */
- {
- unsigned int selector, offset;
-
- if (CODE64(s))
- goto illegal_op;
- ot = dflag;
- offset = insn_get(env, s, ot);
- selector = insn_get(env, s, MO_16);
-
- tcg_gen_movi_tl(s->T0, selector);
- tcg_gen_movi_tl(s->T1, offset);
- }
- gen_far_call(s);
- break;
case 0xe9: /* jmp im */
{
int diff = (dflag != MO_16
@@ -5232,89 +4754,9 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
gen_jmp_rel(s, dflag, diff, 0);
}
break;
- case 0x70 ... 0x7f: /* jcc Jb */
- {
- int diff = (int8_t)insn_get(env, s, MO_8);
- gen_bnd_jmp(s);
- gen_jcc(s, b, diff);
- }
- break;
- case 0x180 ... 0x18f: /* jcc Jv */
- {
- int diff = (dflag != MO_16
- ? (int32_t)insn_get(env, s, MO_32)
- : (int16_t)insn_get(env, s, MO_16));
- gen_bnd_jmp(s);
- gen_jcc(s, b, diff);
- }
- break;
-
- case 0x190 ... 0x19f: /* setcc Gv */
- modrm = x86_ldub_code(env, s);
- gen_setcc1(s, b, s->T0);
- gen_ldst_modrm(env, s, modrm, MO_8, OR_TMP0, 1);
- break;
- case 0x140 ... 0x14f: /* cmov Gv, Ev */
- if (!(s->cpuid_features & CPUID_CMOV)) {
- goto illegal_op;
- }
- ot = dflag;
- modrm = x86_ldub_code(env, s);
- reg = ((modrm >> 3) & 7) | REX_R(s);
- gen_ldst_modrm(env, s, modrm, ot, OR_TMP0, 0);
- gen_cmovcc1(s, b ^ 1, s->T0, cpu_regs[reg]);
- gen_op_mov_reg_v(s, ot, reg, s->T0);
- break;
/************************/
/* flags */
- case 0x9c: /* pushf */
- gen_svm_check_intercept(s, SVM_EXIT_PUSHF);
- if (check_vm86_iopl(s)) {
- gen_update_cc_op(s);
- gen_helper_read_eflags(s->T0, tcg_env);
- gen_push_v(s, s->T0);
- }
- break;
- case 0x9d: /* popf */
- gen_svm_check_intercept(s, SVM_EXIT_POPF);
- if (check_vm86_iopl(s)) {
- int mask = TF_MASK | AC_MASK | ID_MASK | NT_MASK;
-
- if (CPL(s) == 0) {
- mask |= IF_MASK | IOPL_MASK;
- } else if (CPL(s) <= IOPL(s)) {
- mask |= IF_MASK;
- }
- if (dflag == MO_16) {
- mask &= 0xffff;
- }
-
- ot = gen_pop_T0(s);
- gen_helper_write_eflags(tcg_env, s->T0, tcg_constant_i32(mask));
- gen_pop_update(s, ot);
- set_cc_op(s, CC_OP_EFLAGS);
- /* abort translation because TF/AC flag may change */
- s->base.is_jmp = DISAS_EOB_NEXT;
- }
- break;
- case 0x9e: /* sahf */
- if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM))
- goto illegal_op;
- tcg_gen_shri_tl(s->T0, cpu_regs[R_EAX], 8);
- gen_compute_eflags(s);
- tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, CC_O);
- tcg_gen_andi_tl(s->T0, s->T0, CC_S | CC_Z | CC_A | CC_P | CC_C);
- tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, s->T0);
- break;
- case 0x9f: /* lahf */
- if (CODE64(s) && !(s->cpuid_ext3_features & CPUID_EXT3_LAHF_LM))
- goto illegal_op;
- gen_compute_eflags(s);
- /* Note: gen_compute_eflags() only gives the condition codes */
- tcg_gen_ori_tl(s->T0, cpu_cc_src, 0x02);
- tcg_gen_deposit_tl(cpu_regs[R_EAX], cpu_regs[R_EAX], s->T0, 8, 8);
- break;
case 0xf5: /* cmc */
gen_compute_eflags(s);
tcg_gen_xori_tl(cpu_cc_src, cpu_cc_src, CC_C);
@@ -5527,34 +4969,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
break;
/************************/
/* bcd */
- case 0x27: /* daa */
- if (CODE64(s))
- goto illegal_op;
- gen_update_cc_op(s);
- gen_helper_daa(tcg_env);
- set_cc_op(s, CC_OP_EFLAGS);
- break;
- case 0x2f: /* das */
- if (CODE64(s))
- goto illegal_op;
- gen_update_cc_op(s);
- gen_helper_das(tcg_env);
- set_cc_op(s, CC_OP_EFLAGS);
- break;
- case 0x37: /* aaa */
- if (CODE64(s))
- goto illegal_op;
- gen_update_cc_op(s);
- gen_helper_aaa(tcg_env);
- set_cc_op(s, CC_OP_EFLAGS);
- break;
- case 0x3f: /* aas */
- if (CODE64(s))
- goto illegal_op;
- gen_update_cc_op(s);
- gen_helper_aas(tcg_env);
- set_cc_op(s, CC_OP_EFLAGS);
- break;
case 0xd4: /* aam */
if (CODE64(s))
goto illegal_op;
@@ -5575,32 +4989,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
break;
/************************/
/* misc */
- case 0x90: /* nop */
- /* XXX: correct lock test for all insn */
- if (prefixes & PREFIX_LOCK) {
- goto illegal_op;
- }
- /* If REX_B is set, then this is xchg eax, r8d, not a nop. */
- if (REX_B(s)) {
- goto do_xchg_reg_eax;
- }
- if (prefixes & PREFIX_REPZ) {
- gen_update_cc_op(s);
- gen_update_eip_cur(s);
- gen_helper_pause(tcg_env, cur_insn_len_i32(s));
- s->base.is_jmp = DISAS_NORETURN;
- }
- break;
- case 0x9b: /* fwait */
- if ((s->flags & (HF_MP_MASK | HF_TS_MASK)) ==
- (HF_MP_MASK | HF_TS_MASK)) {
- gen_exception(s, EXCP07_PREX);
- } else {
- /* needs to be treated as I/O because of ferr_irq */
- translator_io_start(&s->base);
- gen_helper_fwait(tcg_env);
- }
- break;
case 0xcc: /* int3 */
gen_interrupt(s, EXCP03_INT3);
break;
@@ -5636,24 +5024,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
gen_eob_inhibit_irq(s, true);
}
break;
- case 0x62: /* bound */
- if (CODE64(s))
- goto illegal_op;
- ot = dflag;
- modrm = x86_ldub_code(env, s);
- reg = (modrm >> 3) & 7;
- mod = (modrm >> 6) & 3;
- if (mod == 3)
- goto illegal_op;
- gen_op_mov_v_reg(s, ot, s->T0, reg);
- gen_lea_modrm(env, s, modrm);
- tcg_gen_trunc_tl_i32(s->tmp2_i32, s->T0);
- if (ot == MO_16) {
- gen_helper_boundw(tcg_env, s->A0, s->tmp2_i32);
- } else {
- gen_helper_boundl(tcg_env, s->A0, s->tmp2_i32);
- }
- break;
case 0x1c8 ... 0x1cf: /* bswap reg */
reg = (b & 7) | REX_B(s);
#ifdef TARGET_X86_64
@@ -6205,72 +5575,6 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
/* nothing to do */
}
break;
- case 0x63: /* arpl or movslS (x86_64) */
-#ifdef TARGET_X86_64
- if (CODE64(s)) {
- int d_ot;
- /* d_ot is the size of destination */
- d_ot = dflag;
-
- modrm = x86_ldub_code(env, s);
- reg = ((modrm >> 3) & 7) | REX_R(s);
- mod = (modrm >> 6) & 3;
- rm = (modrm & 7) | REX_B(s);
-
- if (mod == 3) {
- gen_op_mov_v_reg(s, MO_32, s->T0, rm);
- /* sign extend */
- if (d_ot == MO_64) {
- tcg_gen_ext32s_tl(s->T0, s->T0);
- }
- gen_op_mov_reg_v(s, d_ot, reg, s->T0);
- } else {
- gen_lea_modrm(env, s, modrm);
- gen_op_ld_v(s, MO_32 | MO_SIGN, s->T0, s->A0);
- gen_op_mov_reg_v(s, d_ot, reg, s->T0);
- }
- } else
-#endif
- {
- TCGLabel *label1;
- TCGv t0, t1, t2;
-
- if (!PE(s) || VM86(s))
- goto illegal_op;
- t0 = tcg_temp_new();
- t1 = tcg_temp_new();
- t2 = tcg_temp_new();
- ot = MO_16;
- modrm = x86_ldub_code(env, s);
- reg = (modrm >> 3) & 7;
- mod = (modrm >> 6) & 3;
- rm = modrm & 7;
- if (mod != 3) {
- gen_lea_modrm(env, s, modrm);
- gen_op_ld_v(s, ot, t0, s->A0);
- } else {
- gen_op_mov_v_reg(s, ot, t0, rm);
- }
- gen_op_mov_v_reg(s, ot, t1, reg);
- tcg_gen_andi_tl(s->tmp0, t0, 3);
- tcg_gen_andi_tl(t1, t1, 3);
- tcg_gen_movi_tl(t2, 0);
- label1 = gen_new_label();
- tcg_gen_brcond_tl(TCG_COND_GE, s->tmp0, t1, label1);
- tcg_gen_andi_tl(t0, t0, ~3);
- tcg_gen_or_tl(t0, t0, t1);
- tcg_gen_movi_tl(t2, CC_Z);
- gen_set_label(label1);
- if (mod != 3) {
- gen_op_st_v(s, ot, t0, s->A0);
- } else {
- gen_op_mov_reg_v(s, ot, rm, t0);
- }
- gen_compute_eflags(s);
- tcg_gen_andi_tl(cpu_cc_src, cpu_cc_src, ~CC_Z);
- tcg_gen_or_tl(cpu_cc_src, cpu_cc_src, t2);
- }
- break;
case 0x102: /* lar */
case 0x103: /* lsl */
{
@@ -6851,11 +6155,10 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
set_cc_op(s, CC_OP_POPCNT);
break;
+ case 0 ... 0xbf:
case 0x10e ... 0x117:
case 0x128 ... 0x12f:
- case 0x138 ... 0x13a:
- case 0x150 ... 0x179:
- case 0x17c ... 0x17f:
+ case 0x138 ... 0x19f:
case 0x1c2:
case 0x1c4 ... 0x1c6:
case 0x1d0 ... 0x1fe:
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH v2 19/19] target/i386: remove gen_op
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (17 preceding siblings ...)
2023-10-19 10:48 ` [PATCH v2 18/19] target/i386: remove now converted opcodes from old decoder Paolo Bonzini
@ 2023-10-19 10:48 ` Paolo Bonzini
2023-10-19 11:39 ` [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
2023-10-19 15:44 ` Richard Henderson
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 10:48 UTC (permalink / raw)
To: qemu-devel
It is not used anymore by the old decoder, inline the CMP case into CMPS and SCAS.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/translate.c | 145 +++---------------------------------
1 file changed, 12 insertions(+), 133 deletions(-)
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 6e091fdb7f6..3d5cdf4d29a 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -238,21 +238,8 @@ static void gen_eob(DisasContext *s);
static void gen_jr(DisasContext *s);
static void gen_jmp_rel(DisasContext *s, MemOp ot, int diff, int tb_num);
static void gen_jmp_rel_csize(DisasContext *s, int diff, int tb_num);
-static void gen_op(DisasContext *s1, int op, MemOp ot, int d);
static void gen_exception_gpf(DisasContext *s);
-/* i386 arith/logic operations */
-enum {
- OP_ADDL,
- OP_ORL,
- OP_ADCL,
- OP_SBBL,
- OP_ANDL,
- OP_SUBL,
- OP_XORL,
- OP_CMPL,
-};
-
/* i386 shift ops */
enum {
OP_ROL,
@@ -853,13 +840,6 @@ static void gen_op_update2_cc(DisasContext *s)
tcg_gen_mov_tl(cpu_cc_dst, s->T0);
}
-static void gen_op_update3_cc(DisasContext *s, TCGv reg)
-{
- tcg_gen_mov_tl(cpu_cc_src2, reg);
- tcg_gen_mov_tl(cpu_cc_src, s->T1);
- tcg_gen_mov_tl(cpu_cc_dst, s->T0);
-}
-
static inline void gen_op_testl_T0_T1_cc(DisasContext *s)
{
tcg_gen_and_tl(cpu_cc_dst, s->T0, s->T1);
@@ -1288,7 +1268,12 @@ static void gen_scas(DisasContext *s, MemOp ot)
{
gen_string_movl_A0_EDI(s);
gen_op_ld_v(s, ot, s->T1, s->A0);
- gen_op(s, OP_CMPL, ot, R_EAX);
+ gen_op_mov_v_reg(s, ot, s->T0, R_EAX);
+ tcg_gen_mov_tl(cpu_cc_src, s->T1);
+ tcg_gen_mov_tl(s->cc_srcT, s->T0);
+ tcg_gen_sub_tl(cpu_cc_dst, s->T0, s->T1);
+ set_cc_op(s, CC_OP_SUBB + ot);
+
gen_op_movl_T0_Dshift(s, ot);
gen_op_add_reg_T0(s, s->aflag, R_EDI);
}
@@ -1298,7 +1283,12 @@ static void gen_cmps(DisasContext *s, MemOp ot)
gen_string_movl_A0_EDI(s);
gen_op_ld_v(s, ot, s->T1, s->A0);
gen_string_movl_A0_ESI(s);
- gen_op(s, OP_CMPL, ot, OR_TMP0);
+ gen_op_ld_v(s, ot, s->T0, s->A0);
+ tcg_gen_mov_tl(cpu_cc_src, s->T1);
+ tcg_gen_mov_tl(s->cc_srcT, s->T0);
+ tcg_gen_sub_tl(cpu_cc_dst, s->T0, s->T1);
+ set_cc_op(s, CC_OP_SUBB + ot);
+
gen_op_movl_T0_Dshift(s, ot);
gen_op_add_reg_T0(s, s->aflag, R_ESI);
gen_op_add_reg_T0(s, s->aflag, R_EDI);
@@ -1506,117 +1496,6 @@ static bool check_iopl(DisasContext *s)
return false;
}
-/* if d == OR_TMP0, it means memory operand (address in A0) */
-static void gen_op(DisasContext *s1, int op, MemOp ot, int d)
-{
- if (d != OR_TMP0) {
- if (s1->prefix & PREFIX_LOCK) {
- /* Lock prefix when destination is not memory. */
- gen_illegal_opcode(s1);
- return;
- }
- gen_op_mov_v_reg(s1, ot, s1->T0, d);
- } else if (!(s1->prefix & PREFIX_LOCK)) {
- gen_op_ld_v(s1, ot, s1->T0, s1->A0);
- }
- switch(op) {
- case OP_ADCL:
- gen_compute_eflags_c(s1, s1->tmp4);
- if (s1->prefix & PREFIX_LOCK) {
- tcg_gen_add_tl(s1->T0, s1->tmp4, s1->T1);
- tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0,
- s1->mem_index, ot | MO_LE);
- } else {
- tcg_gen_add_tl(s1->T0, s1->T0, s1->T1);
- tcg_gen_add_tl(s1->T0, s1->T0, s1->tmp4);
- gen_op_st_rm_T0_A0(s1, ot, d);
- }
- gen_op_update3_cc(s1, s1->tmp4);
- set_cc_op(s1, CC_OP_ADCB + ot);
- break;
- case OP_SBBL:
- gen_compute_eflags_c(s1, s1->tmp4);
- if (s1->prefix & PREFIX_LOCK) {
- tcg_gen_add_tl(s1->T0, s1->T1, s1->tmp4);
- tcg_gen_neg_tl(s1->T0, s1->T0);
- tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0,
- s1->mem_index, ot | MO_LE);
- } else {
- tcg_gen_sub_tl(s1->T0, s1->T0, s1->T1);
- tcg_gen_sub_tl(s1->T0, s1->T0, s1->tmp4);
- gen_op_st_rm_T0_A0(s1, ot, d);
- }
- gen_op_update3_cc(s1, s1->tmp4);
- set_cc_op(s1, CC_OP_SBBB + ot);
- break;
- case OP_ADDL:
- if (s1->prefix & PREFIX_LOCK) {
- tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T1,
- s1->mem_index, ot | MO_LE);
- } else {
- tcg_gen_add_tl(s1->T0, s1->T0, s1->T1);
- gen_op_st_rm_T0_A0(s1, ot, d);
- }
- gen_op_update2_cc(s1);
- set_cc_op(s1, CC_OP_ADDB + ot);
- break;
- case OP_SUBL:
- if (s1->prefix & PREFIX_LOCK) {
- tcg_gen_neg_tl(s1->T0, s1->T1);
- tcg_gen_atomic_fetch_add_tl(s1->cc_srcT, s1->A0, s1->T0,
- s1->mem_index, ot | MO_LE);
- tcg_gen_sub_tl(s1->T0, s1->cc_srcT, s1->T1);
- } else {
- tcg_gen_mov_tl(s1->cc_srcT, s1->T0);
- tcg_gen_sub_tl(s1->T0, s1->T0, s1->T1);
- gen_op_st_rm_T0_A0(s1, ot, d);
- }
- gen_op_update2_cc(s1);
- set_cc_op(s1, CC_OP_SUBB + ot);
- break;
- default:
- case OP_ANDL:
- if (s1->prefix & PREFIX_LOCK) {
- tcg_gen_atomic_and_fetch_tl(s1->T0, s1->A0, s1->T1,
- s1->mem_index, ot | MO_LE);
- } else {
- tcg_gen_and_tl(s1->T0, s1->T0, s1->T1);
- gen_op_st_rm_T0_A0(s1, ot, d);
- }
- gen_op_update1_cc(s1);
- set_cc_op(s1, CC_OP_LOGICB + ot);
- break;
- case OP_ORL:
- if (s1->prefix & PREFIX_LOCK) {
- tcg_gen_atomic_or_fetch_tl(s1->T0, s1->A0, s1->T1,
- s1->mem_index, ot | MO_LE);
- } else {
- tcg_gen_or_tl(s1->T0, s1->T0, s1->T1);
- gen_op_st_rm_T0_A0(s1, ot, d);
- }
- gen_op_update1_cc(s1);
- set_cc_op(s1, CC_OP_LOGICB + ot);
- break;
- case OP_XORL:
- if (s1->prefix & PREFIX_LOCK) {
- tcg_gen_atomic_xor_fetch_tl(s1->T0, s1->A0, s1->T1,
- s1->mem_index, ot | MO_LE);
- } else {
- tcg_gen_xor_tl(s1->T0, s1->T0, s1->T1);
- gen_op_st_rm_T0_A0(s1, ot, d);
- }
- gen_op_update1_cc(s1);
- set_cc_op(s1, CC_OP_LOGICB + ot);
- break;
- case OP_CMPL:
- tcg_gen_mov_tl(cpu_cc_src, s1->T1);
- tcg_gen_mov_tl(s1->cc_srcT, s1->T0);
- tcg_gen_sub_tl(cpu_cc_dst, s1->T0, s1->T1);
- set_cc_op(s1, CC_OP_SUBB + ot);
- break;
- }
-}
-
/* if d == OR_TMP0, it means memory operand (address in A0) */
static void gen_inc(DisasContext *s1, MemOp ot, int d, int c)
{
--
2.41.0
^ permalink raw reply related [flat|nested] 29+ messages in thread
* Re: [PATCH v2 03/19] target/i386: implement SHA instructions
2023-10-19 10:46 ` [PATCH v2 03/19] target/i386: implement SHA instructions Paolo Bonzini
@ 2023-10-19 10:59 ` Philippe Mathieu-Daudé
2023-10-19 11:42 ` Paolo Bonzini
0 siblings, 1 reply; 29+ messages in thread
From: Philippe Mathieu-Daudé @ 2023-10-19 10:59 UTC (permalink / raw)
To: Paolo Bonzini, qemu-devel, Richard Henderson
Cc: Daniel P. Berrangé, Ard Biesheuvel
Hi Paolo,
On 19/10/23 12:46, Paolo Bonzini wrote:
> The implementation was validated with OpenSSL and with the test vectors in
> https://github.com/rust-lang/stdarch/blob/master/crates/core_arch/src/x86/sha.rs.
>
> The instructions provide a ~25% improvement on hashing a 64 MiB file:
> runtime goes down from 1.8 seconds to 1.4 seconds; instruction count on
> the host goes down from 5.8 billion to 4.8 billion with slightly better
> IPC too. Good job Intel. ;)
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> target/i386/cpu.c | 2 +-
> target/i386/ops_sse.h | 128 +++++++++++++++++++++++++++
> target/i386/tcg/decode-new.c.inc | 11 +++
> target/i386/tcg/decode-new.h | 1 +
> target/i386/tcg/emit.c.inc | 54 +++++++++++
> target/i386/tcg/ops_sse_header.h.inc | 14 +++
> 6 files changed, 209 insertions(+), 1 deletion(-)
> diff --git a/target/i386/ops_sse.h b/target/i386/ops_sse.h
> index 33908c0691f..6a465a35fdb 100644
> --- a/target/i386/ops_sse.h
> +++ b/target/i386/ops_sse.h
> @@ -2527,6 +2527,134 @@ SSE_HELPER_FMAP(helper_fma4ps, ZMM_S, 2 << SHIFT, float32_muladd)
> SSE_HELPER_FMAP(helper_fma4pd, ZMM_D, 1 << SHIFT, float64_muladd)
> #endif
>
> +#if SHIFT == 1
> +#define SSE_HELPER_SHA1RNDS4(name, F, K) \
> + void name(Reg *d, Reg *a, Reg *b) \
> + { \
> + uint32_t A, B, C, D, E, t, i; \
> + \
> + A = a->L(3); \
> + B = a->L(2); \
> + C = a->L(1); \
> + D = a->L(0); \
> + E = 0; \
> + \
> + for (i = 0; i <= 3; i++) { \
> + t = F(B, C, D) + rol32(A, 5) + b->L(3 - i) + E + K; \
> + E = D; \
> + D = C; \
> + C = rol32(B, 30); \
> + B = A; \
> + A = t; \
> + } \
> + \
> + d->L(3) = A; \
> + d->L(2) = B; \
> + d->L(1) = C; \
> + d->L(0) = D; \
> + }
> +
> +#define SHA1_F0(b, c, d) (((b) & (c)) ^ (~(b) & (d)))
> +#define SHA1_F1(b, c, d) ((b) ^ (c) ^ (d))
> +#define SHA1_F2(b, c, d) (((b) & (c)) ^ ((b) & (d)) ^ ((c) & (d)))
> +
> +SSE_HELPER_SHA1RNDS4(helper_sha1rnds4_f0, SHA1_F0, 0x5A827999)
> +SSE_HELPER_SHA1RNDS4(helper_sha1rnds4_f1, SHA1_F1, 0x6ED9EBA1)
> +SSE_HELPER_SHA1RNDS4(helper_sha1rnds4_f2, SHA1_F2, 0x8F1BBCDC)
> +SSE_HELPER_SHA1RNDS4(helper_sha1rnds4_f3, SHA1_F1, 0xCA62C1D6)
> +
> +void helper_sha1nexte(Reg *d, Reg *a, Reg *b)
> +{
> + d->L(3) = b->L(3) + rol32(a->L(3), 30);
> + d->L(2) = b->L(2);
> + d->L(1) = b->L(1);
> + d->L(0) = b->L(0);
> +}
> +
> +void helper_sha1msg1(Reg *d, Reg *a, Reg *b)
> +{
> + /* These could be overwritten by the first two assignments, save them. */
> + uint32_t b3 = b->L(3);
> + uint32_t b2 = b->L(2);
> +
> + d->L(3) = a->L(3) ^ a->L(1);
> + d->L(2) = a->L(2) ^ a->L(0);
> + d->L(1) = a->L(1) ^ b3;
> + d->L(0) = a->L(0) ^ b2;
> +}
> +
> +void helper_sha1msg2(Reg *d, Reg *a, Reg *b)
> +{
> + d->L(3) = rol32(a->L(3) ^ b->L(2), 1);
> + d->L(2) = rol32(a->L(2) ^ b->L(1), 1);
> + d->L(1) = rol32(a->L(1) ^ b->L(0), 1);
> + d->L(0) = rol32(a->L(0) ^ d->L(3), 1);
> +}
> +
> +#define SHA256_CH(e, f, g) (((e) & (f)) ^ (~(e) & (g)))
> +#define SHA256_MAJ(a, b, c) (((a) & (b)) ^ ((a) & (c)) ^ ((b) & (c)))
> +
> +#define SHA256_RNDS0(w) (ror32((w), 2) ^ ror32((w), 13) ^ ror32((w), 22))
> +#define SHA256_RNDS1(w) (ror32((w), 6) ^ ror32((w), 11) ^ ror32((w), 25))
> +#define SHA256_MSGS0(w) (ror32((w), 7) ^ ror32((w), 18) ^ ((w) >> 3))
> +#define SHA256_MSGS1(w) (ror32((w), 17) ^ ror32((w), 19) ^ ((w) >> 10))
> +
> +void helper_sha256rnds2(Reg *d, Reg *a, Reg *b, uint32_t wk0, uint32_t wk1)
> +{
> + uint32_t t, AA, EE;
> +
> + uint32_t A = b->L(3);
> + uint32_t B = b->L(2);
> + uint32_t C = a->L(3);
> + uint32_t D = a->L(2);
> + uint32_t E = b->L(1);
> + uint32_t F = b->L(0);
> + uint32_t G = a->L(1);
> + uint32_t H = a->L(0);
> +
> + /* Even round */
> + t = SHA256_CH(E, F, G) + SHA256_RNDS1(E) + wk0 + H;
> + AA = t + SHA256_MAJ(A, B, C) + SHA256_RNDS0(A);
> + EE = t + D;
> +
> + /* These will be B and F at the end of the odd round */
> + d->L(2) = AA;
> + d->L(0) = EE;
> +
> + D = C, C = B, B = A, A = AA;
> + H = G, G = F, F = E, E = EE;
> +
> + /* Odd round */
> + t = SHA256_CH(E, F, G) + SHA256_RNDS1(E) + wk1 + H;
> + AA = t + SHA256_MAJ(A, B, C) + SHA256_RNDS0(A);
> + EE = t + D;
Better would be to implement that generically, so we can reuse
host crypto accelerators when available. Can be done later...
(See commit range fb250c59aa..ff494c8e2a for example.)
> + d->L(3) = AA;
> + d->L(1) = EE;
> +}
> +
> +void helper_sha256msg1(Reg *d, Reg *a, Reg *b)
> +{
> + /* b->L(0) could be overwritten by the first assignment, save it. */
> + uint32_t b0 = b->L(0);
> +
> + d->L(0) = a->L(0) + SHA256_MSGS0(a->L(1));
> + d->L(1) = a->L(1) + SHA256_MSGS0(a->L(2));
> + d->L(2) = a->L(2) + SHA256_MSGS0(a->L(3));
> + d->L(3) = a->L(3) + SHA256_MSGS0(b0);
> +}
> +
> +void helper_sha256msg2(Reg *d, Reg *a, Reg *b)
> +{
> + /* Earlier assignments cannot overwrite any of the two operands. */
> + d->L(0) = a->L(0) + SHA256_MSGS1(b->L(2));
> + d->L(1) = a->L(1) + SHA256_MSGS1(b->L(3));
> + /* Yes, this reuses the previously computed values. */
> + d->L(2) = a->L(2) + SHA256_MSGS1(d->L(0));
> + d->L(3) = a->L(3) + SHA256_MSGS1(d->L(1));
> +}
> +#endif
^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: [PATCH v2 00/19] target/i386: decoder changes for 8.2
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (18 preceding siblings ...)
2023-10-19 10:48 ` [PATCH v2 19/19] target/i386: remove gen_op Paolo Bonzini
@ 2023-10-19 11:39 ` Paolo Bonzini
2023-10-19 15:44 ` Richard Henderson
20 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 11:39 UTC (permalink / raw)
To: qemu-devel
On 10/19/23 12:46, Paolo Bonzini wrote:
> This includes:
>
> - implementing SHA and CMPccXADD instruction extensions
>
> - introducing a new mechanism for flags writeback that avoids a
> tricky failure
>
> - converting the more orthogonal parts of the one-byte opcode
> map, as well as the CMOVcc and SETcc instructions.
>
> Tested by booting several 32-bit and 64-bit guests.
>
> The new decoder produces roughly 2% more ops, but after optimization there
> are just 0.5% more and almost all of them come from cmp instructions.
> For some reason that I have not investigated, these end up with an extra
> mov even after optimization:
>
> sub_i64 tmp0,rax,$0x33
> mov_i64 cc_src,$0x33 mov_i64 cc_dst,tmp0
> sub_i64 cc_dst,rax,$0x33 mov_i64 cc_src,$0x33
> discard cc_src2 discard cc_src2
> discard cc_op discard cc_op
>
> It could be easily fixed by not reusing gen_SUB for cmp instructions,
> or by debugging what goes on in the optimizer. However, it does not
> result in larger assembly.
Oops, I missed Richard's newer reviews. Will send v3 sometime next week.
Paolo
^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: [PATCH v2 03/19] target/i386: implement SHA instructions
2023-10-19 10:59 ` Philippe Mathieu-Daudé
@ 2023-10-19 11:42 ` Paolo Bonzini
0 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 11:42 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel, Richard Henderson
Cc: Daniel P. Berrangé, Ard Biesheuvel
On 10/19/23 12:59, Philippe Mathieu-Daudé wrote:
>>
>> + /* Even round */
>> + t = SHA256_CH(E, F, G) + SHA256_RNDS1(E) + wk0 + H;
>> + AA = t + SHA256_MAJ(A, B, C) + SHA256_RNDS0(A);
>> + EE = t + D;
>> +
>> + /* These will be B and F at the end of the odd round */
>> + d->L(2) = AA;
>> + d->L(0) = EE;
>> +
>> + D = C, C = B, B = A, A = AA;
>> + H = G, G = F, F = E, E = EE;
>> +
>> + /* Odd round */
>> + t = SHA256_CH(E, F, G) + SHA256_RNDS1(E) + wk1 + H;
>> + AA = t + SHA256_MAJ(A, B, C) + SHA256_RNDS0(A);
>> + EE = t + D;
>
> Better would be to implement that generically, so we can reuse
> host crypto accelerators when available. Can be done later...
> (See commit range fb250c59aa..ff494c8e2a for example.)
ARM extensions are probably too different from x86. ARM does four
rounds per instructions, while x86 does two. And Intel passes ABEF/CDGH
in the arguments, while ARM passes ABCD/EFGH.
Paolo
^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: [PATCH v2 00/19] target/i386: decoder changes for 8.2
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
` (19 preceding siblings ...)
2023-10-19 11:39 ` [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
@ 2023-10-19 15:44 ` Richard Henderson
20 siblings, 0 replies; 29+ messages in thread
From: Richard Henderson @ 2023-10-19 15:44 UTC (permalink / raw)
To: Paolo Bonzini, qemu-devel
On 10/19/23 03:46, Paolo Bonzini wrote:
> This includes:
>
> - implementing SHA and CMPccXADD instruction extensions
>
> - introducing a new mechanism for flags writeback that avoids a
> tricky failure
>
> - converting the more orthogonal parts of the one-byte opcode
> map, as well as the CMOVcc and SETcc instructions.
>
> Tested by booting several 32-bit and 64-bit guests.
>
> The new decoder produces roughly 2% more ops, but after optimization there
> are just 0.5% more and almost all of them come from cmp instructions.
> For some reason that I have not investigated, these end up with an extra
> mov even after optimization:
>
> sub_i64 tmp0,rax,$0x33
> mov_i64 cc_src,$0x33 mov_i64 cc_dst,tmp0
> sub_i64 cc_dst,rax,$0x33 mov_i64 cc_src,$0x33
> discard cc_src2 discard cc_src2
> discard cc_op discard cc_op
>
> It could be easily fixed by not reusing gen_SUB for cmp instructions,
> or by debugging what goes on in the optimizer. However, it does not
> result in larger assembly.
This is expected behaviour out of the tcg optimizer. We don't forward-propagate outputs
at that point. But during register allocation of the "mov cc_dst,tmp0" opcode, we will
see that tmp0 is dead and re-assign the register from tmp0 to cc_dst without emitting an
host instruction.
r~
^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: [PATCH v2 01/19] target/i386: group common checks in the decoding phase
2023-10-19 10:46 ` [PATCH v2 01/19] target/i386: group common checks in the decoding phase Paolo Bonzini
@ 2023-10-19 15:45 ` Richard Henderson
0 siblings, 0 replies; 29+ messages in thread
From: Richard Henderson @ 2023-10-19 15:45 UTC (permalink / raw)
To: Paolo Bonzini, qemu-devel
On 10/19/23 03:46, Paolo Bonzini wrote:
> In preparation for adding more similar checks, move the VEX.L=0 check
> and several X86_SPECIAL_* checks to a new field, where each bit represent
> a common check on unused bits, or a restriction on the processor mode.
>
> Likewise, many SVM intercepts can be checked during the decoding phase,
> the main exception being the selective CR0 write, MSR and IOIO intercepts.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> target/i386/tcg/decode-new.c.inc | 79 +++++++++++++++++++++++---------
> target/i386/tcg/decode-new.h | 25 +++++++---
> target/i386/tcg/emit.c.inc | 8 ----
> 3 files changed, 76 insertions(+), 36 deletions(-)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: [PATCH v2 02/19] target/i386: validate VEX.W for AVX instructions
2023-10-19 10:46 ` [PATCH v2 02/19] target/i386: validate VEX.W for AVX instructions Paolo Bonzini
@ 2023-10-19 15:45 ` Richard Henderson
0 siblings, 0 replies; 29+ messages in thread
From: Richard Henderson @ 2023-10-19 15:45 UTC (permalink / raw)
To: Paolo Bonzini, qemu-devel
On 10/19/23 03:46, Paolo Bonzini wrote:
> Instructions in VEX exception class 6 generally look at the value of
> VEX.W. Note that the manual places some instructions incorrectly in
> class 4, for example VPERMQ which has no non-VEX encoding and no legacy
> SSE analogue. AMD does a mess of its own, as documented in the comment
> that this patch adds.
>
> Most of them are checked for VEX.W=0, and are listed in the manual
> (though with an omission) in table 2-16; VPERMQ and VPERMPD check for
> VEX.W=1, which is only listed in the instruction description. Others,
> such as VPSRLV, VPSLLV and the FMA3 instructions, use VEX.W to switch
> between a 32-bit and 64-bit operation.
>
> Fix more of the class 4/class 6 mismatches, and implement the check for
> VEX.W in TCG.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> target/i386/tcg/decode-new.c.inc | 133 +++++++++++++++++++++----------
> target/i386/tcg/decode-new.h | 6 ++
> 2 files changed, 99 insertions(+), 40 deletions(-)
Acked-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: [PATCH v2 14/19] tcg: add negsetcondi
2023-10-19 10:46 ` [PATCH v2 14/19] tcg: add negsetcondi Paolo Bonzini
@ 2023-10-19 16:00 ` Richard Henderson
0 siblings, 0 replies; 29+ messages in thread
From: Richard Henderson @ 2023-10-19 16:00 UTC (permalink / raw)
To: Paolo Bonzini, qemu-devel
On 10/19/23 03:46, Paolo Bonzini wrote:
> This can be useful to write a shift bit extraction that does not
> depend on TARGET_LONG_BITS.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> include/tcg/tcg-op-common.h | 4 ++++
> include/tcg/tcg-op.h | 2 ++
> tcg/tcg-op.c | 12 ++++++++++++
> 3 files changed, 18 insertions(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
I'll cherry-pick this to tcg-next.
r~
^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: [PATCH v2 07/19] target/i386: introduce flags writeback mechanism
2023-10-19 10:46 ` [PATCH v2 07/19] target/i386: introduce flags writeback mechanism Paolo Bonzini
@ 2023-10-19 17:44 ` Richard Henderson
2023-10-19 19:08 ` Paolo Bonzini
0 siblings, 1 reply; 29+ messages in thread
From: Richard Henderson @ 2023-10-19 17:44 UTC (permalink / raw)
To: Paolo Bonzini, qemu-devel
On 10/19/23 03:46, Paolo Bonzini wrote:
> + /*
> + * Write back flags after last memory access. Some newer ALU instructions, as
> + * well as SSE instructions, write flags in the gen_* function, but that can
> + * cause incorrect tracking of CC_OP for instructions that write to both memory
> + * and flags.
> + */
> + if (decode.cc_op != -1) {
> + if (decode.cc_dst) {
> + tcg_gen_mov_tl(cpu_cc_dst, decode.cc_dst);
> + }
> + if (decode.cc_src) {
> + tcg_gen_mov_tl(cpu_cc_src, decode.cc_src);
> + }
> + if (decode.cc_src2) {
> + tcg_gen_mov_tl(cpu_cc_src2, decode.cc_src2);
> + }
> + if (decode.cc_op == CC_OP_DYNAMIC) {
> + tcg_gen_mov_i32(cpu_cc_op, decode.cc_op_dynamic);
> + } else {
> + assert(!decode.cc_op_dynamic);
> + }
> + set_cc_op(s, decode.cc_op);
> + } else {
> + assert(!decode.cc_dst);
> + assert(!decode.cc_src);
> + assert(!decode.cc_src2);
> + assert(!decode.cc_op_dynamic);
> + }
I suggest you use cc_op_live[] to ensure that each output is present if USES_CC_* is set,
and absent otherwise. Obviously that's not possible for CC_OP_DYNAMIC, but for everything
else...
r~
^ permalink raw reply [flat|nested] 29+ messages in thread
* Re: [PATCH v2 07/19] target/i386: introduce flags writeback mechanism
2023-10-19 17:44 ` Richard Henderson
@ 2023-10-19 19:08 ` Paolo Bonzini
0 siblings, 0 replies; 29+ messages in thread
From: Paolo Bonzini @ 2023-10-19 19:08 UTC (permalink / raw)
To: Richard Henderson; +Cc: qemu-devel
[-- Attachment #1: Type: text/plain, Size: 1586 bytes --]
Il gio 19 ott 2023, 19:44 Richard Henderson <richard.henderson@linaro.org>
ha scritto:
> On 10/19/23 03:46, Paolo Bonzini wrote:
> > + /*
> > + * Write back flags after last memory access. Some newer ALU
> instructions, as
> > + * well as SSE instructions, write flags in the gen_* function, but
> that can
> > + * cause incorrect tracking of CC_OP for instructions that write to
> both memory
> > + * and flags.
> > + */
> > + if (decode.cc_op != -1) {
> > + if (decode.cc_dst) {
> > + tcg_gen_mov_tl(cpu_cc_dst, decode.cc_dst);
> > + }
> > + if (decode.cc_src) {
> > + tcg_gen_mov_tl(cpu_cc_src, decode.cc_src);
> > + }
> > + if (decode.cc_src2) {
> > + tcg_gen_mov_tl(cpu_cc_src2, decode.cc_src2);
> > + }
> > + if (decode.cc_op == CC_OP_DYNAMIC) {
> > + tcg_gen_mov_i32(cpu_cc_op, decode.cc_op_dynamic);
> > + } else {
> > + assert(!decode.cc_op_dynamic);
> > + }
> > + set_cc_op(s, decode.cc_op);
> > + } else {
> > + assert(!decode.cc_dst);
> > + assert(!decode.cc_src);
> > + assert(!decode.cc_src2);
> > + assert(!decode.cc_op_dynamic);
> > + }
>
> I suggest you use cc_op_live[] to ensure that each output is present if
> USES_CC_* is set,
> and absent otherwise. Obviously that's not possible for CC_OP_DYNAMIC, but
> for everything else...
>
I tried but it didn't work very well. I have shuffled things a bit and I
don't remember why :) so I will give it another go.
Paolo
>
> r~
>
>
[-- Attachment #2: Type: text/html, Size: 2464 bytes --]
^ permalink raw reply [flat|nested] 29+ messages in thread
end of thread, other threads:[~2023-10-19 19:10 UTC | newest]
Thread overview: 29+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-10-19 10:46 [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 01/19] target/i386: group common checks in the decoding phase Paolo Bonzini
2023-10-19 15:45 ` Richard Henderson
2023-10-19 10:46 ` [PATCH v2 02/19] target/i386: validate VEX.W for AVX instructions Paolo Bonzini
2023-10-19 15:45 ` Richard Henderson
2023-10-19 10:46 ` [PATCH v2 03/19] target/i386: implement SHA instructions Paolo Bonzini
2023-10-19 10:59 ` Philippe Mathieu-Daudé
2023-10-19 11:42 ` Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 04/19] tests/tcg/i386: initialize more registers in test-avx Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 05/19] tests/tcg/i386: test-avx: add test cases for SHA new instructions Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 06/19] target/i386: accept full MemOp in gen_ext_tl Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 07/19] target/i386: introduce flags writeback mechanism Paolo Bonzini
2023-10-19 17:44 ` Richard Henderson
2023-10-19 19:08 ` Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 08/19] target/i386: implement CMPccXADD Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 09/19] target/i386: do not clobber A0 in POP translation Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 10/19] target/i386: reintroduce debugging mechanism Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 11/19] target/i386: move 00-5F opcodes to new decoder Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 12/19] target/i386: adjust decoding of J operand Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 13/19] target/i386: split eflags computation out of gen_compute_eflags Paolo Bonzini
2023-10-19 10:46 ` [PATCH v2 14/19] tcg: add negsetcondi Paolo Bonzini
2023-10-19 16:00 ` Richard Henderson
2023-10-19 10:48 ` [PATCH v2 15/19] target/i386: move 60-BF opcodes to new decoder Paolo Bonzini
2023-10-19 10:48 ` [PATCH v2 16/19] target/i386: move operand load and writeback out of gen_cmovcc1 Paolo Bonzini
2023-10-19 10:48 ` [PATCH v2 17/19] target/i386: move remaining conditional operations to new decoder Paolo Bonzini
2023-10-19 10:48 ` [PATCH v2 18/19] target/i386: remove now converted opcodes from old decoder Paolo Bonzini
2023-10-19 10:48 ` [PATCH v2 19/19] target/i386: remove gen_op Paolo Bonzini
2023-10-19 11:39 ` [PATCH v2 00/19] target/i386: decoder changes for 8.2 Paolo Bonzini
2023-10-19 15:44 ` Richard Henderson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.