Series comparison

-[Qemu-devel] [PULL 00/27] target-arm queue
+[Qemu-devel] [PULL 00/29] target-arm queue
-The following changes since commit 0d3e41d5efd638a0c5682f6813b26448c3c51624:
+First arm pullreq of 4.2...
-  Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-pull-request' into staging (2019-02-14 17:42:25 +0000)
+thanks
 -- PMM
 The following changes since commit 27608c7c66bd923eb5e5faab80e795408cbe2b51:
   Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20190814a' into staging (2019-08-16 12:00:18 +0100)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190214
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190816
-for you to fetch changes up to 497bc12b1b374ecd62903bf062229bd93f8924af:
+for you to fetch changes up to 664b7e3b97d6376f3329986c465b3782458b0f8b:
-  gdbstub: Send a reply to the vKill packet. (2019-02-14 18:45:49 +0000)
+  target/arm: Use tcg_gen_extrh_i64_i32 to extract the high word (2019-08-16 14:02:53 +0100)
 ----------------------------------------------------------------
 target-arm queue:
- * gdbstub: Send a reply to the vKill packet
+ * target/arm: generate a custom MIDR for -cpu max
- * Improve codegen for neon min/max and saturating arithmetic
+ * hw/misc/zynq_slcr: refactor to use standard register definition
- * Fix a bug in clearing FPSCR exception status bits
+ * Set ENET_BD_BDU in I.MX FEC controller
- * hw/arm/armsse: Fix miswiring of expansion IRQs
+ * target/arm: Fix routing of singlestep exceptions
- * hw/intc/armv7m_nvic: Allow byte accesses to SHPR1
+ * refactor a32/t32 decoder handling of PC
- * MAINTAINERS: Remove Peter Crosthwaite from various entries
+ * minor optimisations/cleanups of some a32/t32 codegen
- * arm: Allow system registers for KVM guests to be changed by QEMU code
+ * target/arm/cpu64: Ensure kvm really supports aarch64=off
- * linux-user: support HWCAP_CPUID which exposes ID registers to user code
+ * target/arm/cpu: Ensure we can use the pmu with kvm
- * Fix bug in 128-bit cmpxchg for BE Arm guests
+ * target/arm: Minor cleanups preparatory to KVM SVE support
  * Implement (no-op) HACR_EL2
  * Fix CRn to be 14 for PMEVTYPER/PMEVCNTR
 ----------------------------------------------------------------
-Aaron Lindsay OS (1):
+Aaron Hill (1):
-      target/arm: Fix CRn to be 14 for PMEVTYPER/PMEVCNTR
+      Set ENET_BD_BDU in I.MX FEC controller
-Alex Bennée (5):
+Alex Bennée (1):
-      target/arm: relax permission checks for HWCAP_CPUID registers
+      target/arm: generate a custom MIDR for -cpu max
       target/arm: expose CPUID registers to userspace
       target/arm: expose MPIDR_EL1 to userspace
       target/arm: expose remaining CPUID registers as RAZ
       linux-user/elfload: enable HWCAP_CPUID for AArch64
-Catherine Ho (1):
+Andrew Jones (6):
-      target/arm: Fix int128_make128 lo, hi order in paired_cmpxchg64_be
+      target/arm/cpu64: Ensure kvm really supports aarch64=off
       target/arm/cpu: Ensure we can use the pmu with kvm
       target/arm/helper: zcr: Add build bug next to value range assumption
       target/arm/cpu: Use div-round-up to determine predicate register array size
       target/arm/kvm64: Fix error returns
       target/arm/kvm64: Move the get/put of fpsimd registers out
-Peter Maydell (5):
+Damien Hedde (1):
-      target/arm: Implement HACR_EL2
+      hw/misc/zynq_slcr: use standard register definition
       arm: Allow system registers for KVM guests to be changed by QEMU code
       MAINTAINERS: Remove Peter Crosthwaite from various entries
       hw/intc/armv7m_nvic: Allow byte accesses to SHPR1
       hw/arm/armsse: Fix miswiring of expansion IRQs
-Richard Henderson (14):
+Peter Maydell (2):
-      target/arm: Force result size into dp after operation
+      target/arm: Factor out 'generate singlestep exception' function
-      target/arm: Restructure disas_fp_int_conv
+      target/arm: Fix routing of singlestep exceptions
       target/arm: Rely on optimization within tcg_gen_gvec_or
       target/arm: Use vector minmax expanders for aarch64
       target/arm: Use vector minmax expanders for aarch32
       target/arm: Use tcg integer min/max primitives for neon
       target/arm: Remove neon min/max helpers
       target/arm: Fix vfp_gdb_get/set_reg vs FPSCR
       target/arm: Fix arm_cpu_dump_state vs FPSCR
       target/arm: Split out flags setting from vfp compares
       target/arm: Fix set of bits kept in xregs[ARM_VFP_FPSCR]
       target/arm: Split out FPSCR.QC to a vector field
       target/arm: Use vector operations for saturation
       target/arm: Add missing clear_tail calls
-Sandra Loosemore (1):
+Richard Henderson (18):
-      gdbstub: Send a reply to the vKill packet.
+      target/arm: Pass in pc to thumb_insn_is_16bit
       target/arm: Introduce pc_curr
       target/arm: Introduce read_pc
       target/arm: Introduce add_reg_for_lit
       target/arm: Remove redundant s->pc & ~1
       target/arm: Replace s->pc with s->base.pc_next
       target/arm: Replace offset with pc in gen_exception_insn
       target/arm: Replace offset with pc in gen_exception_internal_insn
       target/arm: Remove offset argument to gen_exception_bkpt_insn
       target/arm: Use unallocated_encoding for aarch32
       target/arm: Remove helper_double_saturate
       target/arm: Use tcg_gen_extract_i32 for shifter_out_im
       target/arm: Use tcg_gen_deposit_i32 for PKHBT, PKHTB
       target/arm: Remove redundant shift tests
       target/arm: Use ror32 instead of open-coding the operation
       target/arm: Use tcg_gen_rotri_i32 for gen_swap_half
       target/arm: Simplify SMMLA, SMMLAR, SMMLS, SMMLSR
       target/arm: Use tcg_gen_extrh_i64_i32 to extract the high word
- target/arm/cpu.h           |  50 ++++++++-
+ target/arm/cpu.h               |  13 +-
- target/arm/helper.h        |  45 +++++---
+ target/arm/helper.h            |   1 -
- target/arm/translate.h     |   4 +
+ target/arm/kvm_arm.h           |  28 ++
- gdbstub.c                  |   1 +
+ target/arm/translate-a64.h     |   4 +-
- hw/arm/armsse.c            |   2 +-
+ target/arm/translate.h         |  39 ++-
- hw/intc/armv7m_nvic.c      |   4 +-
+ hw/misc/zynq_slcr.c            | 450 ++++++++++++++++----------------
- linux-user/elfload.c       |   1 +
+ hw/net/imx_fec.c               |   4 +
- target/arm/helper-a64.c    |   4 +-
+ target/arm/cpu.c               |  30 ++-
- target/arm/helper.c        | 228 ++++++++++++++++++++++++++++++++--------
+ target/arm/cpu64.c             |  31 ++-
- target/arm/kvm32.c         |  20 +---
+ target/arm/helper.c            |   7 +
- target/arm/kvm64.c         |   2 +
+ target/arm/kvm.c               |   7 +
- target/arm/machine.c       |   2 +-
+ target/arm/kvm64.c             | 161 +++++++-----
- target/arm/neon_helper.c   |  14 +--
+ target/arm/op_helper.c         |  15 --
- target/arm/translate-a64.c | 171 +++++++++++++++---------------
+ target/arm/translate-a64.c     | 130 ++++------
- target/arm/translate-sve.c |   6 +-
+ target/arm/translate-vfp.inc.c |  45 +---
- target/arm/translate.c     | 251 ++++++++++++++++++++++++++++++++++-----------
+ target/arm/translate.c         | 572 +++++++++++++++++------------------------
- target/arm/vec_helper.c    | 134 +++++++++++++++++++++++-
+files changed, 771 insertions(+), 766 deletions(-)
  MAINTAINERS                |   4 -
 files changed, 687 insertions(+), 256 deletions(-)

-[Qemu-devel] [PULL 09/27] target/arm: expose remaining CPUID registers as RAZ
+[Qemu-devel] [PULL 01/29] target/arm: generate a custom MIDR for -cpu max
 From: Alex Bennée <alex.bennee@linaro.org>
-There are a whole bunch more registers in the CPUID space which are
+While most features are now detected by probing the ID_* registers
-currently not used but are exposed as RAZ. To avoid too much
+kernels can (and do) use MIDR_EL1 for working out of they have to
-duplication we expand ARMCPRegUserSpaceInfo to understand glob
+apply errata. This can trip up warnings in the kernel as it tries to
-patterns so we only need one entry to tweak whole ranges of registers.
+work out if it should apply workarounds to features that don't
 actually exist in the reported CPU type.
 Avoid this problem by synthesising our own MIDR value.
 Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
-Message-id: 20190205190224.2198-5-alex.bennee@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20190726113950.7499-1-alex.bennee@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/cpu.h    |  3 +++
+ target/arm/cpu.h   |  6 ++++++
- target/arm/helper.c | 26 +++++++++++++++++++++++---
+ target/arm/cpu64.c | 19 +++++++++++++++++++
-files changed, 26 insertions(+), 3 deletions(-)
+files changed, 25 insertions(+)
 diff --git a/target/arm/cpu.h b/target/arm/cpu.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu.h
 +++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ typedef struct ARMCPRegUserSpaceInfo {
+@@ -XXX,XX +XXX,XX @@ FIELD(V7M_FPCCR, ASPEN, 31, 1)
-     /* Name of register */
+ /*
-     const char *name;
+  * System register ID fields.
+  */
-+    /* Is the name actually a glob pattern */
++FIELD(MIDR_EL1, REVISION, 0, 4)
-+    bool is_glob;
++FIELD(MIDR_EL1, PARTNUM, 4, 12)
 +FIELD(MIDR_EL1, ARCHITECTURE, 16, 4)
 +FIELD(MIDR_EL1, VARIANT, 20, 4)
 +FIELD(MIDR_EL1, IMPLEMENTER, 24, 8)
 +
-     /* Only some bits are exported to user space */
+ FIELD(ID_ISAR0, SWAP, 0, 4)
-     uint64_t exported_bits;
+ FIELD(ID_ISAR0, BITCOUNT, 4, 4)
+ FIELD(ID_ISAR0, BITFIELD, 8, 4)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
+diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
+--- a/target/arm/cpu64.c
-+++ b/target/arm/helper.c
++++ b/target/arm/cpu64.c
-@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
+@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
-               .fixed_bits    = 0x0000000000000011 },
+         uint32_t u;
-             { .name = "ID_AA64PFR1_EL1",
+         aarch64_a57_initfn(obj);
-               .exported_bits = 0x00000000000000f0 },
-+            { .name = "ID_AA64PFR*_EL1_RESERVED",
++        /*
-+              .is_glob = true                     },
++         * Reset MIDR so the guest doesn't mistake our 'max' CPU type for a real
-             { .name = "ID_AA64ZFR0_EL1"           },
++         * one and try to apply errata workarounds or use impdef features we
-             { .name = "ID_AA64MMFR0_EL1",
++         * don't provide.
-               .fixed_bits    = 0x00000000ff000000 },
++         * An IMPLEMENTER field of 0 means "reserved for software use";
-             { .name = "ID_AA64MMFR1_EL1"          },
++         * ARCHITECTURE must be 0xf indicating "v7 or later, check ID registers
-+            { .name = "ID_AA64MMFR*_EL1_RESERVED",
++         * to see which features are present";
-+              .is_glob = true                     },
++         * the VARIANT, PARTNUM and REVISION fields are all implementation
-             { .name = "ID_AA64DFR0_EL1",
++         * defined and we choose to define PARTNUM just in case guest
-               .fixed_bits    = 0x0000000000000006 },
++         * code needs to distinguish this QEMU CPU from other software
-             { .name = "ID_AA64DFR1_EL1"           },
++         * implementations, though this shouldn't be needed.
--            { .name = "ID_AA64AFR0_EL1"           },
++         */
--            { .name = "ID_AA64AFR1_EL1"           },
++        t = FIELD_DP64(0, MIDR_EL1, IMPLEMENTER, 0);
-+            { .name = "ID_AA64DFR*_EL1_RESERVED",
++        t = FIELD_DP64(t, MIDR_EL1, ARCHITECTURE, 0xf);
-+              .is_glob = true                     },
++        t = FIELD_DP64(t, MIDR_EL1, PARTNUM, 'Q');
-+            { .name = "ID_AA64AFR*",
++        t = FIELD_DP64(t, MIDR_EL1, VARIANT, 0);
-+              .is_glob = true                     },
++        t = FIELD_DP64(t, MIDR_EL1, REVISION, 0);
-             { .name = "ID_AA64ISAR0_EL1",
++        cpu->midr = t;
-               .exported_bits = 0x00fffffff0fffff0 },
++
-             { .name = "ID_AA64ISAR1_EL1",
+         t = cpu->isar.id_aa64isar0;
-               .exported_bits = 0x000000f0ffffffff },
+         t = FIELD_DP64(t, ID_AA64ISAR0, AES, 2); /* AES + PMULL */
-+            { .name = "ID_AA64ISAR*_EL1_RESERVED",
+         t = FIELD_DP64(t, ID_AA64ISAR0, SHA1, 1);
 +              .is_glob = true                     },
              REGUSERINFO_SENTINEL
          };
          modify_arm_cp_regs(v8_idregs, v8_user_idregs);
@@ -XXX,XX +XXX,XX @@ void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods)
      ARMCPRegInfo *r;
      for (m = mods; m->name; m++) {
 +        GPatternSpec *pat = NULL;
 +        if (m->is_glob) {
 +            pat = g_pattern_spec_new(m->name);
 +        }
          for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
 -            if (strcmp(r->name, m->name) == 0) {
 +            if (pat && g_pattern_match_string(pat, r->name)) {
 +                r->type = ARM_CP_CONST;
 +                r->access = PL0U_R;
 +                r->resetvalue = 0;
 +                /* continue */
 +            } else if (strcmp(r->name, m->name) == 0) {
                  r->type = ARM_CP_CONST;
                  r->access = PL0U_R;
                  r->resetvalue &= m->exported_bits;
@@ -XXX,XX +XXX,XX @@ void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods)
                  break;
              }
          }
 +        if (pat) {
 +            g_pattern_spec_free(pat);
 +        }
      }
  }
 --
 .20.1

-[Qemu-devel] [PULL 02/27] target/arm: Implement HACR_EL2
+[Qemu-devel] [PULL 02/29] hw/misc/zynq_slcr: use standard register definition
-HACR_EL2 is a register with IMPDEF behaviour, which allows
+From: Damien Hedde <damien.hedde@greensocs.com>
 implementation specific trapping to EL2. Implement it as RAZ/WI,
 since QEMU's implementation has no extra traps. This also
 matches what h/w implementations like Cortex-A53 and A57 do.
+Replace the zynq_slcr registers enum and macros using the
+hw/registerfields.h macros.
+Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
+Message-id: 20190729145654.14644-30-damien.hedde@greensocs.com
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190205181218.8995-1-peter.maydell@linaro.org
 ---
- target/arm/helper.c | 6 ++++++
+ hw/misc/zynq_slcr.c | 450 ++++++++++++++++++++++----------------------
-file changed, 6 insertions(+)
+file changed, 225 insertions(+), 225 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
+diff --git a/hw/misc/zynq_slcr.c b/hw/misc/zynq_slcr.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
+--- a/hw/misc/zynq_slcr.c
-+++ b/target/arm/helper.c
++++ b/hw/misc/zynq_slcr.c
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
+@@ -XXX,XX +XXX,XX @@
-       .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 0,
+ #include "sysemu/sysemu.h"
-       .access = PL2_RW,
+ #include "qemu/log.h"
-       .type = ARM_CP_CONST, .resetvalue = 0 },
+ #include "qemu/module.h"
-+    { .name = "HACR_EL2", .state = ARM_CP_STATE_BOTH,
++#include "hw/registerfields.h"
-+      .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 7,
-+      .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
+ #ifndef ZYNQ_SLCR_ERR_DEBUG
-     { .name = "ESR_EL2", .state = ARM_CP_STATE_BOTH,
+ #define ZYNQ_SLCR_ERR_DEBUG 0
-       .opc0 = 3, .opc1 = 4, .crn = 5, .crm = 2, .opc2 = 0,
+@@ -XXX,XX +XXX,XX @@
-       .access = PL2_RW,
+ #define XILINX_LOCK_KEY 0x767b
-@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
+ #define XILINX_UNLOCK_KEY 0xdf0d
-       .cp = 15, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 0,
-       .access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.hcr_el2),
+-#define R_PSS_RST_CTRL_SOFT_RST 0x1
-       .writefn = hcr_writelow },
++REG32(SCL, 0x000)
-+    { .name = "HACR_EL2", .state = ARM_CP_STATE_BOTH,
++REG32(LOCK, 0x004)
-+      .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 7,
++REG32(UNLOCK, 0x008)
-+      .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
++REG32(LOCKSTA, 0x00c)
-     { .name = "ELR_EL2", .state = ARM_CP_STATE_AA64,
-       .type = ARM_CP_ALIAS,
+-enum {
-       .opc0 = 3, .opc1 = 4, .crn = 4, .crm = 0, .opc2 = 1,
+-    SCL             = 0x000 / 4,
 -    LOCK,
 -    UNLOCK,
 -    LOCKSTA,
 +REG32(ARM_PLL_CTRL, 0x100)
 +REG32(DDR_PLL_CTRL, 0x104)
 +REG32(IO_PLL_CTRL, 0x108)
 +REG32(PLL_STATUS, 0x10c)
 +REG32(ARM_PLL_CFG, 0x110)
 +REG32(DDR_PLL_CFG, 0x114)
 +REG32(IO_PLL_CFG, 0x118)
 -    ARM_PLL_CTRL    = 0x100 / 4,
 -    DDR_PLL_CTRL,
 -    IO_PLL_CTRL,
 -    PLL_STATUS,
 -    ARM_PLL_CFG,
 -    DDR_PLL_CFG,
 -    IO_PLL_CFG,
 -
 -    ARM_CLK_CTRL    = 0x120 / 4,
 -    DDR_CLK_CTRL,
 -    DCI_CLK_CTRL,
 -    APER_CLK_CTRL,
 -    USB0_CLK_CTRL,
 -    USB1_CLK_CTRL,
 -    GEM0_RCLK_CTRL,
 -    GEM1_RCLK_CTRL,
 -    GEM0_CLK_CTRL,
 -    GEM1_CLK_CTRL,
 -    SMC_CLK_CTRL,
 -    LQSPI_CLK_CTRL,
 -    SDIO_CLK_CTRL,
 -    UART_CLK_CTRL,
 -    SPI_CLK_CTRL,
 -    CAN_CLK_CTRL,
 -    CAN_MIOCLK_CTRL,
 -    DBG_CLK_CTRL,
 -    PCAP_CLK_CTRL,
 -    TOPSW_CLK_CTRL,
 +REG32(ARM_CLK_CTRL, 0x120)
 +REG32(DDR_CLK_CTRL, 0x124)
 +REG32(DCI_CLK_CTRL, 0x128)
 +REG32(APER_CLK_CTRL, 0x12c)
 +REG32(USB0_CLK_CTRL, 0x130)
 +REG32(USB1_CLK_CTRL, 0x134)
 +REG32(GEM0_RCLK_CTRL, 0x138)
 +REG32(GEM1_RCLK_CTRL, 0x13c)
 +REG32(GEM0_CLK_CTRL, 0x140)
 +REG32(GEM1_CLK_CTRL, 0x144)
 +REG32(SMC_CLK_CTRL, 0x148)
 +REG32(LQSPI_CLK_CTRL, 0x14c)
 +REG32(SDIO_CLK_CTRL, 0x150)
 +REG32(UART_CLK_CTRL, 0x154)
 +REG32(SPI_CLK_CTRL, 0x158)
 +REG32(CAN_CLK_CTRL, 0x15c)
 +REG32(CAN_MIOCLK_CTRL, 0x160)
 +REG32(DBG_CLK_CTRL, 0x164)
 +REG32(PCAP_CLK_CTRL, 0x168)
 +REG32(TOPSW_CLK_CTRL, 0x16c)
  #define FPGA_CTRL_REGS(n, start) \
 -    FPGA ## n ## _CLK_CTRL = (start) / 4, \
 -    FPGA ## n ## _THR_CTRL, \
 -    FPGA ## n ## _THR_CNT, \
 -    FPGA ## n ## _THR_STA,
 -    FPGA_CTRL_REGS(0, 0x170)
 -    FPGA_CTRL_REGS(1, 0x180)
 -    FPGA_CTRL_REGS(2, 0x190)
 -    FPGA_CTRL_REGS(3, 0x1a0)
 +    REG32(FPGA ## n ## _CLK_CTRL, (start)) \
 +    REG32(FPGA ## n ## _THR_CTRL, (start) + 0x4)\
 +    REG32(FPGA ## n ## _THR_CNT,  (start) + 0x8)\
 +    REG32(FPGA ## n ## _THR_STA,  (start) + 0xc)
 +FPGA_CTRL_REGS(0, 0x170)
 +FPGA_CTRL_REGS(1, 0x180)
 +FPGA_CTRL_REGS(2, 0x190)
 +FPGA_CTRL_REGS(3, 0x1a0)
 -    BANDGAP_TRIP    = 0x1b8 / 4,
 -    PLL_PREDIVISOR  = 0x1c0 / 4,
 -    CLK_621_TRUE,
 +REG32(BANDGAP_TRIP, 0x1b8)
 +REG32(PLL_PREDIVISOR, 0x1c0)
 +REG32(CLK_621_TRUE, 0x1c4)
 -    PSS_RST_CTRL    = 0x200 / 4,
 -    DDR_RST_CTRL,
 -    TOPSW_RESET_CTRL,
 -    DMAC_RST_CTRL,
 -    USB_RST_CTRL,
 -    GEM_RST_CTRL,
 -    SDIO_RST_CTRL,
 -    SPI_RST_CTRL,
 -    CAN_RST_CTRL,
 -    I2C_RST_CTRL,
 -    UART_RST_CTRL,
 -    GPIO_RST_CTRL,
 -    LQSPI_RST_CTRL,
 -    SMC_RST_CTRL,
 -    OCM_RST_CTRL,
 -    FPGA_RST_CTRL   = 0x240 / 4,
 -    A9_CPU_RST_CTRL,
 +REG32(PSS_RST_CTRL, 0x200)
 +    FIELD(PSS_RST_CTRL, SOFT_RST, 0, 1)
 +REG32(DDR_RST_CTRL, 0x204)
 +REG32(TOPSW_RESET_CTRL, 0x208)
 +REG32(DMAC_RST_CTRL, 0x20c)
 +REG32(USB_RST_CTRL, 0x210)
 +REG32(GEM_RST_CTRL, 0x214)
 +REG32(SDIO_RST_CTRL, 0x218)
 +REG32(SPI_RST_CTRL, 0x21c)
 +REG32(CAN_RST_CTRL, 0x220)
 +REG32(I2C_RST_CTRL, 0x224)
 +REG32(UART_RST_CTRL, 0x228)
 +REG32(GPIO_RST_CTRL, 0x22c)
 +REG32(LQSPI_RST_CTRL, 0x230)
 +REG32(SMC_RST_CTRL, 0x234)
 +REG32(OCM_RST_CTRL, 0x238)
 +REG32(FPGA_RST_CTRL, 0x240)
 +REG32(A9_CPU_RST_CTRL, 0x244)
 -    RS_AWDT_CTRL    = 0x24c / 4,
 -    RST_REASON,
 +REG32(RS_AWDT_CTRL, 0x24c)
 +REG32(RST_REASON, 0x250)
 -    REBOOT_STATUS   = 0x258 / 4,
 -    BOOT_MODE,
 +REG32(REBOOT_STATUS, 0x258)
 +REG32(BOOT_MODE, 0x25c)
 -    APU_CTRL        = 0x300 / 4,
 -    WDT_CLK_SEL,
 +REG32(APU_CTRL, 0x300)
 +REG32(WDT_CLK_SEL, 0x304)
 -    TZ_DMA_NS       = 0x440 / 4,
 -    TZ_DMA_IRQ_NS,
 -    TZ_DMA_PERIPH_NS,
 +REG32(TZ_DMA_NS, 0x440)
 +REG32(TZ_DMA_IRQ_NS, 0x444)
 +REG32(TZ_DMA_PERIPH_NS, 0x448)
 -    PSS_IDCODE      = 0x530 / 4,
 +REG32(PSS_IDCODE, 0x530)
 -    DDR_URGENT      = 0x600 / 4,
 -    DDR_CAL_START   = 0x60c / 4,
 -    DDR_REF_START   = 0x614 / 4,
 -    DDR_CMD_STA,
 -    DDR_URGENT_SEL,
 -    DDR_DFI_STATUS,
 +REG32(DDR_URGENT, 0x600)
 +REG32(DDR_CAL_START, 0x60c)
 +REG32(DDR_REF_START, 0x614)
 +REG32(DDR_CMD_STA, 0x618)
 +REG32(DDR_URGENT_SEL, 0x61c)
 +REG32(DDR_DFI_STATUS, 0x620)
 -    MIO             = 0x700 / 4,
 +REG32(MIO, 0x700)
  #define MIO_LENGTH 54
 -    MIO_LOOPBACK    = 0x804 / 4,
 -    MIO_MST_TRI0,
 -    MIO_MST_TRI1,
 +REG32(MIO_LOOPBACK, 0x804)
 +REG32(MIO_MST_TRI0, 0x808)
 +REG32(MIO_MST_TRI1, 0x80c)
 -    SD0_WP_CD_SEL   = 0x830 / 4,
 -    SD1_WP_CD_SEL,
 +REG32(SD0_WP_CD_SEL, 0x830)
 +REG32(SD1_WP_CD_SEL, 0x834)
 -    LVL_SHFTR_EN    = 0x900 / 4,
 -    OCM_CFG         = 0x910 / 4,
 +REG32(LVL_SHFTR_EN, 0x900)
 +REG32(OCM_CFG, 0x910)
 -    CPU_RAM         = 0xa00 / 4,
 +REG32(CPU_RAM, 0xa00)
 -    IOU             = 0xa30 / 4,
 +REG32(IOU, 0xa30)
 -    DMAC_RAM        = 0xa50 / 4,
 +REG32(DMAC_RAM, 0xa50)
 -    AFI0            = 0xa60 / 4,
 -    AFI1 = AFI0 + 3,
 -    AFI2 = AFI1 + 3,
 -    AFI3 = AFI2 + 3,
 +REG32(AFI0, 0xa60)
 +REG32(AFI1, 0xa6c)
 +REG32(AFI2, 0xa78)
 +REG32(AFI3, 0xa84)
  #define AFI_LENGTH 3
 -    OCM             = 0xa90 / 4,
 +REG32(OCM, 0xa90)
 -    DEVCI_RAM       = 0xaa0 / 4,
 +REG32(DEVCI_RAM, 0xaa0)
 -    CSG_RAM         = 0xab0 / 4,
 +REG32(CSG_RAM, 0xab0)
 -    GPIOB_CTRL      = 0xb00 / 4,
 -    GPIOB_CFG_CMOS18,
 -    GPIOB_CFG_CMOS25,
 -    GPIOB_CFG_CMOS33,
 -    GPIOB_CFG_HSTL  = 0xb14 / 4,
 -    GPIOB_DRVR_BIAS_CTRL,
 +REG32(GPIOB_CTRL, 0xb00)
 +REG32(GPIOB_CFG_CMOS18, 0xb04)
 +REG32(GPIOB_CFG_CMOS25, 0xb08)
 +REG32(GPIOB_CFG_CMOS33, 0xb0c)
 +REG32(GPIOB_CFG_HSTL, 0xb14)
 +REG32(GPIOB_DRVR_BIAS_CTRL, 0xb18)
 -    DDRIOB          = 0xb40 / 4,
 +REG32(DDRIOB, 0xb40)
  #define DDRIOB_LENGTH 14
 -};
  #define ZYNQ_SLCR_MMIO_SIZE     0x1000
  #define ZYNQ_SLCR_NUM_REGS      (ZYNQ_SLCR_MMIO_SIZE / 4)
@@ -XXX,XX +XXX,XX @@ static void zynq_slcr_reset(DeviceState *d)
      DB_PRINT("RESET\n");
 -    s->regs[LOCKSTA] = 1;
 +    s->regs[R_LOCKSTA] = 1;
      /* 0x100 - 0x11C */
 -    s->regs[ARM_PLL_CTRL]   = 0x0001A008;
 -    s->regs[DDR_PLL_CTRL]   = 0x0001A008;
 -    s->regs[IO_PLL_CTRL]    = 0x0001A008;
 -    s->regs[PLL_STATUS]     = 0x0000003F;
 -    s->regs[ARM_PLL_CFG]    = 0x00014000;
 -    s->regs[DDR_PLL_CFG]    = 0x00014000;
 -    s->regs[IO_PLL_CFG]     = 0x00014000;
 +    s->regs[R_ARM_PLL_CTRL]   = 0x0001A008;
 +    s->regs[R_DDR_PLL_CTRL]   = 0x0001A008;
 +    s->regs[R_IO_PLL_CTRL]    = 0x0001A008;
 +    s->regs[R_PLL_STATUS]     = 0x0000003F;
 +    s->regs[R_ARM_PLL_CFG]    = 0x00014000;
 +    s->regs[R_DDR_PLL_CFG]    = 0x00014000;
 +    s->regs[R_IO_PLL_CFG]     = 0x00014000;
      /* 0x120 - 0x16C */
 -    s->regs[ARM_CLK_CTRL]   = 0x1F000400;
 -    s->regs[DDR_CLK_CTRL]   = 0x18400003;
 -    s->regs[DCI_CLK_CTRL]   = 0x01E03201;
 -    s->regs[APER_CLK_CTRL]  = 0x01FFCCCD;
 -    s->regs[USB0_CLK_CTRL]  = s->regs[USB1_CLK_CTRL]    = 0x00101941;
 -    s->regs[GEM0_RCLK_CTRL] = s->regs[GEM1_RCLK_CTRL]   = 0x00000001;
 -    s->regs[GEM0_CLK_CTRL]  = s->regs[GEM1_CLK_CTRL]    = 0x00003C01;
 -    s->regs[SMC_CLK_CTRL]   = 0x00003C01;
 -    s->regs[LQSPI_CLK_CTRL] = 0x00002821;
 -    s->regs[SDIO_CLK_CTRL]  = 0x00001E03;
 -    s->regs[UART_CLK_CTRL]  = 0x00003F03;
 -    s->regs[SPI_CLK_CTRL]   = 0x00003F03;
 -    s->regs[CAN_CLK_CTRL]   = 0x00501903;
 -    s->regs[DBG_CLK_CTRL]   = 0x00000F03;
 -    s->regs[PCAP_CLK_CTRL]  = 0x00000F01;
 +    s->regs[R_ARM_CLK_CTRL]   = 0x1F000400;
 +    s->regs[R_DDR_CLK_CTRL]   = 0x18400003;
 +    s->regs[R_DCI_CLK_CTRL]   = 0x01E03201;
 +    s->regs[R_APER_CLK_CTRL]  = 0x01FFCCCD;
 +    s->regs[R_USB0_CLK_CTRL]  = s->regs[R_USB1_CLK_CTRL]  = 0x00101941;
 +    s->regs[R_GEM0_RCLK_CTRL] = s->regs[R_GEM1_RCLK_CTRL] = 0x00000001;
 +    s->regs[R_GEM0_CLK_CTRL]  = s->regs[R_GEM1_CLK_CTRL]  = 0x00003C01;
 +    s->regs[R_SMC_CLK_CTRL]   = 0x00003C01;
 +    s->regs[R_LQSPI_CLK_CTRL] = 0x00002821;
 +    s->regs[R_SDIO_CLK_CTRL]  = 0x00001E03;
 +    s->regs[R_UART_CLK_CTRL]  = 0x00003F03;
 +    s->regs[R_SPI_CLK_CTRL]   = 0x00003F03;
 +    s->regs[R_CAN_CLK_CTRL]   = 0x00501903;
 +    s->regs[R_DBG_CLK_CTRL]   = 0x00000F03;
 +    s->regs[R_PCAP_CLK_CTRL]  = 0x00000F01;
      /* 0x170 - 0x1AC */
 -    s->regs[FPGA0_CLK_CTRL] = s->regs[FPGA1_CLK_CTRL] = s->regs[FPGA2_CLK_CTRL]
 -                            = s->regs[FPGA3_CLK_CTRL] = 0x00101800;
 -    s->regs[FPGA0_THR_STA] = s->regs[FPGA1_THR_STA] = s->regs[FPGA2_THR_STA]
 -                           = s->regs[FPGA3_THR_STA] = 0x00010000;
 +    s->regs[R_FPGA0_CLK_CTRL] = s->regs[R_FPGA1_CLK_CTRL]
 +                              = s->regs[R_FPGA2_CLK_CTRL]
 +                              = s->regs[R_FPGA3_CLK_CTRL] = 0x00101800;
 +    s->regs[R_FPGA0_THR_STA] = s->regs[R_FPGA1_THR_STA]
 +                             = s->regs[R_FPGA2_THR_STA]
 +                             = s->regs[R_FPGA3_THR_STA] = 0x00010000;
      /* 0x1B0 - 0x1D8 */
 -    s->regs[BANDGAP_TRIP]   = 0x0000001F;
 -    s->regs[PLL_PREDIVISOR] = 0x00000001;
 -    s->regs[CLK_621_TRUE]   = 0x00000001;
 +    s->regs[R_BANDGAP_TRIP]   = 0x0000001F;
 +    s->regs[R_PLL_PREDIVISOR] = 0x00000001;
 +    s->regs[R_CLK_621_TRUE]   = 0x00000001;
      /* 0x200 - 0x25C */
 -    s->regs[FPGA_RST_CTRL]  = 0x01F33F0F;
 -    s->regs[RST_REASON]     = 0x00000040;
 +    s->regs[R_FPGA_RST_CTRL]  = 0x01F33F0F;
 +    s->regs[R_RST_REASON]     = 0x00000040;
 -    s->regs[BOOT_MODE]      = 0x00000001;
 +    s->regs[R_BOOT_MODE]      = 0x00000001;
      /* 0x700 - 0x7D4 */
      for (i = 0; i < 54; i++) {
 -        s->regs[MIO + i] = 0x00001601;
 +        s->regs[R_MIO + i] = 0x00001601;
      }
      for (i = 2; i <= 8; i++) {
 -        s->regs[MIO + i] = 0x00000601;
 +        s->regs[R_MIO + i] = 0x00000601;
      }
 -    s->regs[MIO_MST_TRI0] = s->regs[MIO_MST_TRI1] = 0xFFFFFFFF;
 +    s->regs[R_MIO_MST_TRI0] = s->regs[R_MIO_MST_TRI1] = 0xFFFFFFFF;
 -    s->regs[CPU_RAM + 0] = s->regs[CPU_RAM + 1] = s->regs[CPU_RAM + 3]
 -                         = s->regs[CPU_RAM + 4] = s->regs[CPU_RAM + 7]
 -                         = 0x00010101;
 -    s->regs[CPU_RAM + 2] = s->regs[CPU_RAM + 5] = 0x01010101;
 -    s->regs[CPU_RAM + 6] = 0x00000001;
 +    s->regs[R_CPU_RAM + 0] = s->regs[R_CPU_RAM + 1] = s->regs[R_CPU_RAM + 3]
 +                           = s->regs[R_CPU_RAM + 4] = s->regs[R_CPU_RAM + 7]
 +                           = 0x00010101;
 +    s->regs[R_CPU_RAM + 2] = s->regs[R_CPU_RAM + 5] = 0x01010101;
 +    s->regs[R_CPU_RAM + 6] = 0x00000001;
 -    s->regs[IOU + 0] = s->regs[IOU + 1] = s->regs[IOU + 2] = s->regs[IOU + 3]
 -                     = 0x09090909;
 -    s->regs[IOU + 4] = s->regs[IOU + 5] = 0x00090909;
 -    s->regs[IOU + 6] = 0x00000909;
 +    s->regs[R_IOU + 0] = s->regs[R_IOU + 1] = s->regs[R_IOU + 2]
 +                       = s->regs[R_IOU + 3] = 0x09090909;
 +    s->regs[R_IOU + 4] = s->regs[R_IOU + 5] = 0x00090909;
 +    s->regs[R_IOU + 6] = 0x00000909;
 -    s->regs[DMAC_RAM] = 0x00000009;
 +    s->regs[R_DMAC_RAM] = 0x00000009;
 -    s->regs[AFI0 + 0] = s->regs[AFI0 + 1] = 0x09090909;
 -    s->regs[AFI1 + 0] = s->regs[AFI1 + 1] = 0x09090909;
 -    s->regs[AFI2 + 0] = s->regs[AFI2 + 1] = 0x09090909;
 -    s->regs[AFI3 + 0] = s->regs[AFI3 + 1] = 0x09090909;
 -    s->regs[AFI0 + 2] = s->regs[AFI1 + 2] = s->regs[AFI2 + 2]
 -                      = s->regs[AFI3 + 2] = 0x00000909;
 +    s->regs[R_AFI0 + 0] = s->regs[R_AFI0 + 1] = 0x09090909;
 +    s->regs[R_AFI1 + 0] = s->regs[R_AFI1 + 1] = 0x09090909;
 +    s->regs[R_AFI2 + 0] = s->regs[R_AFI2 + 1] = 0x09090909;
 +    s->regs[R_AFI3 + 0] = s->regs[R_AFI3 + 1] = 0x09090909;
 +    s->regs[R_AFI0 + 2] = s->regs[R_AFI1 + 2] = s->regs[R_AFI2 + 2]
 +                        = s->regs[R_AFI3 + 2] = 0x00000909;
 -    s->regs[OCM + 0]    = 0x01010101;
 -    s->regs[OCM + 1]    = s->regs[OCM + 2] = 0x09090909;
 +    s->regs[R_OCM + 0] = 0x01010101;
 +    s->regs[R_OCM + 1] = s->regs[R_OCM + 2] = 0x09090909;
 -    s->regs[DEVCI_RAM]  = 0x00000909;
 -    s->regs[CSG_RAM]    = 0x00000001;
 +    s->regs[R_DEVCI_RAM] = 0x00000909;
 +    s->regs[R_CSG_RAM]   = 0x00000001;
 -    s->regs[DDRIOB + 0] = s->regs[DDRIOB + 1] = s->regs[DDRIOB + 2]
 -                        = s->regs[DDRIOB + 3] = 0x00000e00;
 -    s->regs[DDRIOB + 4] = s->regs[DDRIOB + 5] = s->regs[DDRIOB + 6]
 -                        = 0x00000e00;
 -    s->regs[DDRIOB + 12] = 0x00000021;
 +    s->regs[R_DDRIOB + 0] = s->regs[R_DDRIOB + 1] = s->regs[R_DDRIOB + 2]
 +                          = s->regs[R_DDRIOB + 3] = 0x00000e00;
 +    s->regs[R_DDRIOB + 4] = s->regs[R_DDRIOB + 5] = s->regs[R_DDRIOB + 6]
 +                          = 0x00000e00;
 +    s->regs[R_DDRIOB + 12] = 0x00000021;
  }
  static bool zynq_slcr_check_offset(hwaddr offset, bool rnw)
  {
      switch (offset) {
 -    case LOCK:
 -    case UNLOCK:
 -    case DDR_CAL_START:
 -    case DDR_REF_START:
 +    case R_LOCK:
 +    case R_UNLOCK:
 +    case R_DDR_CAL_START:
 +    case R_DDR_REF_START:
          return !rnw; /* Write only */
 -    case LOCKSTA:
 -    case FPGA0_THR_STA:
 -    case FPGA1_THR_STA:
 -    case FPGA2_THR_STA:
 -    case FPGA3_THR_STA:
 -    case BOOT_MODE:
 -    case PSS_IDCODE:
 -    case DDR_CMD_STA:
 -    case DDR_DFI_STATUS:
 -    case PLL_STATUS:
 +    case R_LOCKSTA:
 +    case R_FPGA0_THR_STA:
 +    case R_FPGA1_THR_STA:
 +    case R_FPGA2_THR_STA:
 +    case R_FPGA3_THR_STA:
 +    case R_BOOT_MODE:
 +    case R_PSS_IDCODE:
 +    case R_DDR_CMD_STA:
 +    case R_DDR_DFI_STATUS:
 +    case R_PLL_STATUS:
          return rnw;/* read only */
 -    case SCL:
 -    case ARM_PLL_CTRL ... IO_PLL_CTRL:
 -    case ARM_PLL_CFG ... IO_PLL_CFG:
 -    case ARM_CLK_CTRL ... TOPSW_CLK_CTRL:
 -    case FPGA0_CLK_CTRL ... FPGA0_THR_CNT:
 -    case FPGA1_CLK_CTRL ... FPGA1_THR_CNT:
 -    case FPGA2_CLK_CTRL ... FPGA2_THR_CNT:
 -    case FPGA3_CLK_CTRL ... FPGA3_THR_CNT:
 -    case BANDGAP_TRIP:
 -    case PLL_PREDIVISOR:
 -    case CLK_621_TRUE:
 -    case PSS_RST_CTRL ... A9_CPU_RST_CTRL:
 -    case RS_AWDT_CTRL:
 -    case RST_REASON:
 -    case REBOOT_STATUS:
 -    case APU_CTRL:
 -    case WDT_CLK_SEL:
 -    case TZ_DMA_NS ... TZ_DMA_PERIPH_NS:
 -    case DDR_URGENT:
 -    case DDR_URGENT_SEL:
 -    case MIO ... MIO + MIO_LENGTH - 1:
 -    case MIO_LOOPBACK ... MIO_MST_TRI1:
 -    case SD0_WP_CD_SEL:
 -    case SD1_WP_CD_SEL:
 -    case LVL_SHFTR_EN:
 -    case OCM_CFG:
 -    case CPU_RAM:
 -    case IOU:
 -    case DMAC_RAM:
 -    case AFI0 ... AFI3 + AFI_LENGTH - 1:
 -    case OCM:
 -    case DEVCI_RAM:
 -    case CSG_RAM:
 -    case GPIOB_CTRL ... GPIOB_CFG_CMOS33:
 -    case GPIOB_CFG_HSTL:
 -    case GPIOB_DRVR_BIAS_CTRL:
 -    case DDRIOB ... DDRIOB + DDRIOB_LENGTH - 1:
 +    case R_SCL:
 +    case R_ARM_PLL_CTRL ... R_IO_PLL_CTRL:
 +    case R_ARM_PLL_CFG ... R_IO_PLL_CFG:
 +    case R_ARM_CLK_CTRL ... R_TOPSW_CLK_CTRL:
 +    case R_FPGA0_CLK_CTRL ... R_FPGA0_THR_CNT:
 +    case R_FPGA1_CLK_CTRL ... R_FPGA1_THR_CNT:
 +    case R_FPGA2_CLK_CTRL ... R_FPGA2_THR_CNT:
 +    case R_FPGA3_CLK_CTRL ... R_FPGA3_THR_CNT:
 +    case R_BANDGAP_TRIP:
 +    case R_PLL_PREDIVISOR:
 +    case R_CLK_621_TRUE:
 +    case R_PSS_RST_CTRL ... R_A9_CPU_RST_CTRL:
 +    case R_RS_AWDT_CTRL:
 +    case R_RST_REASON:
 +    case R_REBOOT_STATUS:
 +    case R_APU_CTRL:
 +    case R_WDT_CLK_SEL:
 +    case R_TZ_DMA_NS ... R_TZ_DMA_PERIPH_NS:
 +    case R_DDR_URGENT:
 +    case R_DDR_URGENT_SEL:
 +    case R_MIO ... R_MIO + MIO_LENGTH - 1:
 +    case R_MIO_LOOPBACK ... R_MIO_MST_TRI1:
 +    case R_SD0_WP_CD_SEL:
 +    case R_SD1_WP_CD_SEL:
 +    case R_LVL_SHFTR_EN:
 +    case R_OCM_CFG:
 +    case R_CPU_RAM:
 +    case R_IOU:
 +    case R_DMAC_RAM:
 +    case R_AFI0 ... R_AFI3 + AFI_LENGTH - 1:
 +    case R_OCM:
 +    case R_DEVCI_RAM:
 +    case R_CSG_RAM:
 +    case R_GPIOB_CTRL ... R_GPIOB_CFG_CMOS33:
 +    case R_GPIOB_CFG_HSTL:
 +    case R_GPIOB_DRVR_BIAS_CTRL:
 +    case R_DDRIOB ... R_DDRIOB + DDRIOB_LENGTH - 1:
          return true;
      default:
          return false;
@@ -XXX,XX +XXX,XX @@ static void zynq_slcr_write(void *opaque, hwaddr offset,
      }
      switch (offset) {
 -    case SCL:
 -        s->regs[SCL] = val & 0x1;
 +    case R_SCL:
 +        s->regs[R_SCL] = val & 0x1;
          return;
 -    case LOCK:
 +    case R_LOCK:
          if ((val & 0xFFFF) == XILINX_LOCK_KEY) {
              DB_PRINT("XILINX LOCK 0xF8000000 + 0x%x <= 0x%x\n", (int)offset,
                  (unsigned)val & 0xFFFF);
 -            s->regs[LOCKSTA] = 1;
 +            s->regs[R_LOCKSTA] = 1;
          } else {
              DB_PRINT("WRONG XILINX LOCK KEY 0xF8000000 + 0x%x <= 0x%x\n",
                  (int)offset, (unsigned)val & 0xFFFF);
          }
          return;
 -    case UNLOCK:
 +    case R_UNLOCK:
          if ((val & 0xFFFF) == XILINX_UNLOCK_KEY) {
              DB_PRINT("XILINX UNLOCK 0xF8000000 + 0x%x <= 0x%x\n", (int)offset,
                  (unsigned)val & 0xFFFF);
 -            s->regs[LOCKSTA] = 0;
 +            s->regs[R_LOCKSTA] = 0;
          } else {
              DB_PRINT("WRONG XILINX UNLOCK KEY 0xF8000000 + 0x%x <= 0x%x\n",
                  (int)offset, (unsigned)val & 0xFFFF);
@@ -XXX,XX +XXX,XX @@ static void zynq_slcr_write(void *opaque, hwaddr offset,
          return;
      }
 -    if (s->regs[LOCKSTA]) {
 +    if (s->regs[R_LOCKSTA]) {
          qemu_log_mask(LOG_GUEST_ERROR,
                        "SCLR registers are locked. Unlock them first\n");
          return;
@@ -XXX,XX +XXX,XX @@ static void zynq_slcr_write(void *opaque, hwaddr offset,
      s->regs[offset] = val;
      switch (offset) {
 -    case PSS_RST_CTRL:
 -        if (val & R_PSS_RST_CTRL_SOFT_RST) {
 +    case R_PSS_RST_CTRL:
 +        if (FIELD_EX32(val, PSS_RST_CTRL, SOFT_RST)) {
              qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
          }
          break;
 --
 .20.1

-New patch
+[Qemu-devel] [PULL 03/29] Set ENET_BD_BDU in I.MX FEC controller
+From: Aaron Hill <aa1ronham@gmail.com>
+This commit properly sets the ENET_BD_BDU flag once the emulated FEC controller
+has finished processing the last descriptor. This is done for both transmit
+and receive descriptors.
+This allows the QNX 7.0.0 BSP for the Sabrelite board (which can be
+found at http://blackberry.qnx.com/en/developers/bsp) to properly
+control the FEC. Without this patch, the BSP ethernet driver will never
+re-use FEC descriptors, as the unset ENET_BD_BDU flag will cause
+it to believe that the descriptors are still in use by the NIC.
+Note that Linux does not appear to use this field at all, and is
+unaffected by this patch.
+Without this patch, QNX will think that the NIC is still processing its
+transaction descriptors, and won't send any more data over the network.
+For reference:
+On page 1192 of the I.MX 6DQ reference manual revision (Rev. 5, 06/2018),
+which can be found at https://www.nxp.com/products/processors-and-microcontrollers/arm-based-processors-and-mcus/i.mx-applications-processors/i.mx-6-processors/i.mx-6quad-processors-high-performance-3d-graphics-hd-video-arm-cortex-a9-core:i.MX6Q?&tab=Documentation_Tab&linkline=Application-Note
+the 'BDU' field is described as follows for the 'Enhanced transmit
+buffer descriptor':
+'Last buffer descriptor update done. Indicates that the last BD data has been updated by
+uDMA. This field is written by the user (=0) and uDMA (=1).'
+The same description is used for the receive buffer descriptor.
+Signed-off-by: Aaron Hill <aa1ronham@gmail.com>
+Message-id: 20190805142417.10433-1-aaron.hill@alertinnovation.com
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ hw/net/imx_fec.c | 4 ++++
+file changed, 4 insertions(+)
+diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/net/imx_fec.c
++++ b/hw/net/imx_fec.c
+@@ -XXX,XX +XXX,XX @@ static void imx_enet_do_tx(IMXFECState *s, uint32_t index)
+             if (bd.option & ENET_BD_TX_INT) {
+                 s->regs[ENET_EIR] |= int_txf;
+             }
++            /* Indicate that we've updated the last buffer descriptor. */
++            bd.last_buffer = ENET_BD_BDU;
+         }
+         if (bd.option & ENET_BD_TX_INT) {
+             s->regs[ENET_EIR] |= int_txb;
+@@ -XXX,XX +XXX,XX @@ static ssize_t imx_enet_receive(NetClientState *nc, const uint8_t *buf,
+             /* Last buffer in frame.  */
+             bd.flags |= flags | ENET_BD_L;
+             FEC_PRINTF("rx frame flags %04x\n", bd.flags);
++            /* Indicate that we've updated the last buffer descriptor. */
++            bd.last_buffer = ENET_BD_BDU;
+             if (bd.option & ENET_BD_RX_INT) {
+                 s->regs[ENET_EIR] |= ENET_INT_RXF;
+             }
+--
+.20.1

-[Qemu-devel] [PULL 14/27] hw/arm/armsse: Fix miswiring of expansion IRQs
+[Qemu-devel] [PULL 04/29] target/arm: Factor out 'generate singlestep exception' function
-In commit 91c1e9fcbd7548db368 where we added dual-CPU support to
+Factor out code to 'generate a singlestep exception', which is
-the ARMSSE, we set up the wiring of the expansion IRQs via nested
+currently repeated in four places.
 loops: the outer loop on 'i' loops for each CPU, and the inner loop
 on 'j' loops for each interrupt. Fix a typo which meant we were
 wiring every expansion IRQ line to external IRQ 0 on CPU 0 and
 to external IRQ 1 on CPU 1.
-Fixes: 91c1e9fcbd7548db368 ("hw/arm/armsse: Support dual-CPU configuration")
+To do this we need to also pull the identical copies of the
 gen-exception() function out of translate-a64.c and translate.c
 into translate.h.
 (There is a bug in the code: we're taking the exception to the wrong
 target EL.  This will be simpler to fix if there's only one place to
 do it.)
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
+Message-id: 20190805130952.4415-2-peter.maydell@linaro.org
 ---
- hw/arm/armsse.c | 2 +-
+ target/arm/translate.h     | 23 +++++++++++++++++++++++
-file changed, 1 insertion(+), 1 deletion(-)
+ target/arm/translate-a64.c | 19 ++-----------------
  target/arm/translate.c     | 20 ++------------------
 files changed, 27 insertions(+), 35 deletions(-)
-diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c
+diff --git a/target/arm/translate.h b/target/arm/translate.h
 index XXXXXXX..XXXXXXX 100644
---- a/hw/arm/armsse.c
+--- a/target/arm/translate.h
-+++ b/hw/arm/armsse.c
++++ b/target/arm/translate.h
-@@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp)
+@@ -XXX,XX +XXX,XX @@
-         /* Connect EXP_IRQ/EXP_CPUn_IRQ GPIOs to the NVIC's lines 32 and up */
+ #define TARGET_ARM_TRANSLATE_H
-         s->exp_irqs[i] = g_new(qemu_irq, s->exp_numirq);
-         for (j = 0; j < s->exp_numirq; j++) {
+ #include "exec/translator.h"
--            s->exp_irqs[i][j] = qdev_get_gpio_in(cpudev, i + 32);
++#include "internals.h"
-+            s->exp_irqs[i][j] = qdev_get_gpio_in(cpudev, j + 32);
-         }
-         if (i == 0) {
+ /* internal defines */
-             gpioname = g_strdup("EXP_IRQ");
+@@ -XXX,XX +XXX,XX @@ static inline void gen_ss_advance(DisasContext *s)
      }
  }
 +static inline void gen_exception(int excp, uint32_t syndrome,
 +                                 uint32_t target_el)
 +{
 +    TCGv_i32 tcg_excp = tcg_const_i32(excp);
 +    TCGv_i32 tcg_syn = tcg_const_i32(syndrome);
 +    TCGv_i32 tcg_el = tcg_const_i32(target_el);
 +
 +    gen_helper_exception_with_syndrome(cpu_env, tcg_excp,
 +                                       tcg_syn, tcg_el);
 +
 +    tcg_temp_free_i32(tcg_el);
 +    tcg_temp_free_i32(tcg_syn);
 +    tcg_temp_free_i32(tcg_excp);
 +}
 +
 +/* Generate an architectural singlestep exception */
 +static inline void gen_swstep_exception(DisasContext *s, int isv, int ex)
 +{
 +    gen_exception(EXCP_UDEF, syn_swstep(s->ss_same_el, isv, ex),
 +                  default_exception_el(s));
 +}
 +
  /*
   * Given a VFP floating point constant encoded into an 8 bit immediate in an
   * instruction, expand it to the actual constant value of the specified
 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal(int excp)
      tcg_temp_free_i32(tcg_excp);
  }
 -static void gen_exception(int excp, uint32_t syndrome, uint32_t target_el)
 -{
 -    TCGv_i32 tcg_excp = tcg_const_i32(excp);
 -    TCGv_i32 tcg_syn = tcg_const_i32(syndrome);
 -    TCGv_i32 tcg_el = tcg_const_i32(target_el);
 -
 -    gen_helper_exception_with_syndrome(cpu_env, tcg_excp,
 -                                       tcg_syn, tcg_el);
 -    tcg_temp_free_i32(tcg_el);
 -    tcg_temp_free_i32(tcg_syn);
 -    tcg_temp_free_i32(tcg_excp);
 -}
 -
  static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
  {
      gen_a64_set_pc_im(s->pc - offset);
@@ -XXX,XX +XXX,XX @@ static void gen_step_complete_exception(DisasContext *s)
       * of the exception, and our syndrome information is always correct.
       */
      gen_ss_advance(s);
 -    gen_exception(EXCP_UDEF, syn_swstep(s->ss_same_el, 1, s->is_ldex),
 -                  default_exception_el(s));
 +    gen_swstep_exception(s, 1, s->is_ldex);
      s->base.is_jmp = DISAS_NORETURN;
  }
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
           * bits should be zero.
           */
          assert(dc->base.num_insns == 1);
 -        gen_exception(EXCP_UDEF, syn_swstep(dc->ss_same_el, 0, 0),
 -                      default_exception_el(dc));
 +        gen_swstep_exception(dc, 0, 0);
          dc->base.is_jmp = DISAS_NORETURN;
      } else {
          disas_a64_insn(env, dc);
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal(int excp)
      tcg_temp_free_i32(tcg_excp);
  }
 -static void gen_exception(int excp, uint32_t syndrome, uint32_t target_el)
 -{
 -    TCGv_i32 tcg_excp = tcg_const_i32(excp);
 -    TCGv_i32 tcg_syn = tcg_const_i32(syndrome);
 -    TCGv_i32 tcg_el = tcg_const_i32(target_el);
 -
 -    gen_helper_exception_with_syndrome(cpu_env, tcg_excp,
 -                                       tcg_syn, tcg_el);
 -
 -    tcg_temp_free_i32(tcg_el);
 -    tcg_temp_free_i32(tcg_syn);
 -    tcg_temp_free_i32(tcg_excp);
 -}
 -
  static void gen_step_complete_exception(DisasContext *s)
  {
      /* We just completed step of an insn. Move from Active-not-pending
@@ -XXX,XX +XXX,XX @@ static void gen_step_complete_exception(DisasContext *s)
       * of the exception, and our syndrome information is always correct.
       */
      gen_ss_advance(s);
 -    gen_exception(EXCP_UDEF, syn_swstep(s->ss_same_el, 1, s->is_ldex),
 -                  default_exception_el(s));
 +    gen_swstep_exception(s, 1, s->is_ldex);
      s->base.is_jmp = DISAS_NORETURN;
  }
@@ -XXX,XX +XXX,XX @@ static bool arm_pre_translate_insn(DisasContext *dc)
           * bits should be zero.
           */
          assert(dc->base.num_insns == 1);
 -        gen_exception(EXCP_UDEF, syn_swstep(dc->ss_same_el, 0, 0),
 -                      default_exception_el(dc));
 +        gen_swstep_exception(dc, 0, 0);
          dc->base.is_jmp = DISAS_NORETURN;
          return true;
      }
 --
 .20.1

-[Qemu-devel] [PULL 11/27] arm: Allow system registers for KVM guests to be changed by QEMU code
+[Qemu-devel] [PULL 05/29] target/arm: Fix routing of singlestep exceptions
-At the moment the Arm implementations of kvm_arch_{get,put}_registers()
+When generating an architectural single-step exception we were
-don't support having QEMU change the values of system registers
+routing it to the "default exception level", which is to say
-(aka coprocessor registers for AArch32). This is because although
+the same exception level we execute at except that EL0 exceptions
-kvm_arch_get_registers() calls write_list_to_cpustate() to
+go to EL1. This is incorrect because the debug exception level
-update the CPU state struct fields (so QEMU code can read the
+can be configured by the guest for situations such as single
-values in the usual way), kvm_arch_put_registers() does not
+stepping of EL0 and EL1 code by EL2.
 call write_cpustate_to_list(), meaning that any changes to
 the CPU state struct fields will not be passed back to KVM.
-The rationale for this design is documented in a comment in the
+We have to track the target debug exception level in the TB
-AArch32 kvm_arch_put_registers() -- writing the values in the
+flags, because it is dependent on CPU state like HCR_EL2.TGE
-cpregs list into the CPU state struct is "lossy" because the
+and MDCR_EL2.TDE. (That we were previously calling the
-write of a register might not succeed, and so if we blindly
+arm_debug_target_el() function to determine dc->ss_same_el
-copy the CPU state values back again we will incorrectly
+is itself a bug, though one that would only have manifested
-change register values for the guest. The assumption was that
+as incorrect syndrome information.) Since we are out of TB
-no QEMU code would need to write to the registers.
+flag bits unless we want to expand into the cs_base field,
 we share some bits with the M-profile only HANDLER and
 STACKCHECK bits, since only A-profile has this singlestep.
-However, when we implemented debug support for KVM guests, we
+Fixes: https://bugs.launchpad.net/qemu/+bug/1838913
 broke that assumption: the code to handle "set the guest up
 to take a breakpoint exception" does so by updating various
 guest registers including ESR_EL1.
 Support this by making kvm_arch_put_registers() synchronize
 CPU state back into the list. We sync only those registers
 where the initial write succeeds, which should be sufficient.
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
 Tested-by: Alex Bennée <alex.bennee@linaro.org>
-Tested-by: Dongjiu Geng <gengdongjiu@huawei.com>
+Message-id: 20190805130952.4415-3-peter.maydell@linaro.org
 ---
- target/arm/cpu.h     |  9 ++++++++-
+ target/arm/cpu.h           |  5 +++++
- target/arm/helper.c  | 27 +++++++++++++++++++++++++--
+ target/arm/translate.h     | 15 +++++++++++----
- target/arm/kvm32.c   | 20 ++------------------
+ target/arm/helper.c        |  6 ++++++
- target/arm/kvm64.c   |  2 ++
+ target/arm/translate-a64.c |  2 +-
- target/arm/machine.c |  2 +-
+ target/arm/translate.c     |  4 +++-
-files changed, 38 insertions(+), 22 deletions(-)
+files changed, 26 insertions(+), 6 deletions(-)
 diff --git a/target/arm/cpu.h b/target/arm/cpu.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu.h
 +++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ bool write_list_to_cpustate(ARMCPU *cpu);
+@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_ANY, PSTATE_SS, 26, 1)
- /**
+ /* Target EL if we take a floating-point-disabled exception */
-  * write_cpustate_to_list:
+ FIELD(TBFLAG_ANY, FPEXC_EL, 24, 2)
-  * @cpu: ARMCPU
+ FIELD(TBFLAG_ANY, BE_DATA, 23, 1)
-+ * @kvm_sync: true if this is for syncing back to KVM
++/*
-  *
++ * For A-profile only, target EL for debug exceptions.
-  * For each register listed in the ARMCPU cpreg_indexes list, write
++ * Note that this overlaps with the M-profile-only HANDLER and STACKCHECK bits.
-  * its value from the ARMCPUState structure into the cpreg_values list.
++ */
-  * This is used to copy info from TCG's working data structures into
++FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 21, 2)
-  * KVM or for outbound migration.
-  *
+ /* Bit usage when in AArch32 state: */
-+ * @kvm_sync is true if we are doing this in order to sync the
+ FIELD(TBFLAG_A32, THUMB, 0, 1)
-+ * register state back to KVM. In this case we will only update
+diff --git a/target/arm/translate.h b/target/arm/translate.h
-+ * values in the list if the previous list->cpustate sync actually
+index XXXXXXX..XXXXXXX 100644
-+ * successfully wrote the CPU state. Otherwise we will keep the value
+--- a/target/arm/translate.h
-+ * that is in the list.
++++ b/target/arm/translate.h
-+ *
+@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
-  * Returns: true if all register values were read correctly,
+     uint32_t svc_imm;
-  * false if some register was unknown or could not be read.
+     int aarch64;
-  * Note that we do not stop early on failure -- we will attempt
+     int current_el;
-  * reading all registers in the list.
++    /* Debug target exception level for single-step exceptions */
-  */
++    int debug_target_el;
--bool write_cpustate_to_list(ARMCPU *cpu);
+     GHashTable *cp_regs;
-+bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
+     uint64_t features; /* CPU features bits */
+     /* Because unallocated encodings generate different exception syndrome
- #define ARM_CPUID_TI915T      0x54029152
+@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
- #define ARM_CPUID_TI925T      0x54029252
+      * ie A64 LDX*, LDAX*, A32/T32 LDREX*, LDAEX*.
       */
      bool is_ldex;
 -    /* True if a single-step exception will be taken to the current EL */
 -    bool ss_same_el;
      /* True if v8.3-PAuth is active.  */
      bool pauth_active;
      /* True with v8.5-BTI and SCTLR_ELx.BT* set.  */
@@ -XXX,XX +XXX,XX @@ static inline void gen_exception(int excp, uint32_t syndrome,
  /* Generate an architectural singlestep exception */
  static inline void gen_swstep_exception(DisasContext *s, int isv, int ex)
  {
 -    gen_exception(EXCP_UDEF, syn_swstep(s->ss_same_el, isv, ex),
 -                  default_exception_el(s));
 +    bool same_el = (s->debug_target_el == s->current_el);
 +
 +    /*
 +     * If singlestep is targeting a lower EL than the current one,
 +     * then s->ss_active must be false and we can never get here.
 +     */
 +    assert(s->debug_target_el >= s->current_el);
 +
 +    gen_exception(EXCP_UDEF, syn_swstep(same_el, isv, ex), s->debug_target_el);
  }
  /*
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.c
 +++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ static bool raw_accessors_invalid(const ARMCPRegInfo *ri)
+@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
-     return true;
+         }
      }
 +    if (!arm_feature(env, ARM_FEATURE_M)) {
 +        int target_el = arm_debug_target_el(env);
 +
 +        flags = FIELD_DP32(flags, TBFLAG_ANY, DEBUG_TARGET_EL, target_el);
 +    }
 +
      *pflags = flags;
      *cs_base = 0;
  }
+diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 -bool write_cpustate_to_list(ARMCPU *cpu)
 +bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync)
  {
      /* Write the coprocessor state from cpu->env to the (index,value) list. */
      int i;
@@ -XXX,XX +XXX,XX @@ bool write_cpustate_to_list(ARMCPU *cpu)
      for (i = 0; i < cpu->cpreg_array_len; i++) {
          uint32_t regidx = kvm_to_cpreg_id(cpu->cpreg_indexes[i]);
          const ARMCPRegInfo *ri;
 +        uint64_t newval;
          ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
          if (!ri) {
@@ -XXX,XX +XXX,XX @@ bool write_cpustate_to_list(ARMCPU *cpu)
          if (ri->type & ARM_CP_NO_RAW) {
              continue;
          }
 -        cpu->cpreg_values[i] = read_raw_cp_reg(&cpu->env, ri);
 +
 +        newval = read_raw_cp_reg(&cpu->env, ri);
 +        if (kvm_sync) {
 +            /*
 +             * Only sync if the previous list->cpustate sync succeeded.
 +             * Rather than tracking the success/failure state for every
 +             * item in the list, we just recheck "does the raw write we must
 +             * have made in write_list_to_cpustate() read back OK" here.
 +             */
 +            uint64_t oldval = cpu->cpreg_values[i];
 +
 +            if (oldval == newval) {
 +                continue;
 +            }
 +
 +            write_raw_cp_reg(&cpu->env, ri, oldval);
 +            if (read_raw_cp_reg(&cpu->env, ri) != oldval) {
 +                continue;
 +            }
 +
 +            write_raw_cp_reg(&cpu->env, ri, newval);
 +        }
 +        cpu->cpreg_values[i] = newval;
      }
      return ok;
  }
 diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/kvm32.c
+--- a/target/arm/translate-a64.c
-+++ b/target/arm/kvm32.c
++++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ int kvm_arch_put_registers(CPUState *cs, int level)
+@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
-         return ret;
+     dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
-     }
+     dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
+     dc->is_ldex = false;
--    /* Note that we do not call write_cpustate_to_list()
+-    dc->ss_same_el = (arm_debug_target_el(env) == dc->current_el);
--     * here, so we are only writing the tuple list back to
++    dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
--     * KVM. This is safe because nothing can change the
--     * CPUARMState cp15 fields (in particular gdb accesses cannot)
+     /* Bound the number of insns to execute to those left on the page.  */
--     * and so there are no changes to sync. In fact syncing would
+     bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
--     * be wrong at this point: for a constant register where TCG and
+diff --git a/target/arm/translate.c b/target/arm/translate.c
 -     * KVM disagree about its value, the preceding write_list_to_cpustate()
 -     * would not have had any effect on the CPUARMState value (since the
 -     * register is read-only), and a write_cpustate_to_list() here would
 -     * then try to write the TCG value back into KVM -- this would either
 -     * fail or incorrectly change the value the guest sees.
 -     *
 -     * If we ever want to allow the user to modify cp15 registers via
 -     * the gdb stub, we would need to be more clever here (for instance
 -     * tracking the set of registers kvm_arch_get_registers() successfully
 -     * managed to update the CPUARMState with, and only allowing those
 -     * to be written back up into the kernel).
 -     */
 +    write_cpustate_to_list(cpu, true);
 +
      if (!write_list_to_kvmstate(cpu, level)) {
          return EINVAL;
      }
 diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/kvm64.c
+--- a/target/arm/translate.c
-+++ b/target/arm/kvm64.c
++++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ int kvm_arch_put_registers(CPUState *cs, int level)
+@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
-         return ret;
+     dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
-     }
+     dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
+     dc->is_ldex = false;
-+    write_cpustate_to_list(cpu, true);
+-    dc->ss_same_el = false; /* Can't be true since EL_d must be AArch64 */
-+
++    if (!arm_feature(env, ARM_FEATURE_M)) {
-     if (!write_list_to_kvmstate(cpu, level)) {
++        dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
-         return EINVAL;
++    }
-     }
-diff --git a/target/arm/machine.c b/target/arm/machine.c
+     dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
-index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/machine.c
 +++ b/target/arm/machine.c
@@ -XXX,XX +XXX,XX @@ static int cpu_pre_save(void *opaque)
              abort();
          }
      } else {
 -        if (!write_cpustate_to_list(cpu)) {
 +        if (!write_cpustate_to_list(cpu, false)) {
              /* This should never fail. */
              abort();
          }
 --
 .20.1

-[Qemu-devel] [PULL 26/27] target/arm: Add missing clear_tail calls
+[Qemu-devel] [PULL 06/29] target/arm: Pass in pc to thumb_insn_is_16bit
 From: Richard Henderson <richard.henderson@linaro.org>
-Fortunately, the functions affected are so far only called from SVE,
+This function is used in two different contexts, and it will be
-so there is no tail to be cleared.  But as we convert more of AdvSIMD
+clearer if the function is given the address to which it applies.
 to gvec, this will matter.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190209033847.9014-13-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20190807045335.1361-2-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/vec_helper.c | 2 ++
+ target/arm/translate.c | 14 +++++++-------
-file changed, 2 insertions(+)
+file changed, 7 insertions(+), 7 deletions(-)
-diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
+diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/vec_helper.c
+--- a/target/arm/translate.c
-+++ b/target/arm/vec_helper.c
++++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ void HELPER(NAME)(void *vd, void *vn, void *stat, uint32_t desc)  \
+@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
-     for (i = 0; i < oprsz / sizeof(TYPE); i++) {                  \
+     }
          d[i] = FUNC(n[i], stat);                                  \
      }                                                             \
 +    clear_tail(d, oprsz, simd_maxsz(desc));                       \
  }
- DO_2OP(gvec_frecpe_h, helper_recpe_f16, float16)
+-static bool thumb_insn_is_16bit(DisasContext *s, uint32_t insn)
-@@ -XXX,XX +XXX,XX @@ void HELPER(NAME)(void *vd, void *vn, void *vm, void *stat, uint32_t desc) \
++static bool thumb_insn_is_16bit(DisasContext *s, uint32_t pc, uint32_t insn)
-     for (i = 0; i < oprsz / sizeof(TYPE); i++) {                           \
+ {
-         d[i] = FUNC(n[i], m[i], stat);                                     \
+-    /* Return true if this is a 16 bit instruction. We must be precise
-     }                                                                      \
+-     * about this (matching the decode).  We assume that s->pc still
-+    clear_tail(d, oprsz, simd_maxsz(desc));                                \
+-     * points to the first 16 bits of the insn.
 +    /*
 +     * Return true if this is a 16 bit instruction. We must be precise
 +     * about this (matching the decode).
       */
      if ((insn >> 11) < 0x1d) {
          /* Definitely a 16-bit instruction */
@@ -XXX,XX +XXX,XX @@ static bool thumb_insn_is_16bit(DisasContext *s, uint32_t insn)
          return false;
      }
 -    if ((insn >> 11) == 0x1e && s->pc - s->page_start < TARGET_PAGE_SIZE - 3) {
 +    if ((insn >> 11) == 0x1e && pc - s->page_start < TARGET_PAGE_SIZE - 3) {
          /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix, and the suffix
           * is not on the next page; we merge this into a 32-bit
           * insn.
@@ -XXX,XX +XXX,XX @@ static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
       */
      uint16_t insn = arm_lduw_code(env, s->pc, s->sctlr_b);
 -    return !thumb_insn_is_16bit(s, insn);
 +    return !thumb_insn_is_16bit(s, s->pc, insn);
  }
- DO_3OP(gvec_fadd_h, float16_add, float16)
+ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
      }
      insn = arm_lduw_code(env, dc->pc, dc->sctlr_b);
 -    is_16bit = thumb_insn_is_16bit(dc, insn);
 +    is_16bit = thumb_insn_is_16bit(dc, dc->pc, insn);
      dc->pc += 2;
      if (!is_16bit) {
          uint32_t insn2 = arm_lduw_code(env, dc->pc, dc->sctlr_b);
 --
 .20.1

-[Qemu-devel] [PULL 25/27] target/arm: Use vector operations for saturation
+[Qemu-devel] [PULL 07/29] target/arm: Introduce pc_curr
 From: Richard Henderson <richard.henderson@linaro.org>
-For same-sign saturation, we have tcg vector operations.  We can
+Add a new field to retain the address of the instruction currently
-compute the QC bit by comparing the saturated value against the
+being translated.  The 32-bit uses are all within subroutines used
-unsaturated value.
+by a32 and t32.  This will become less obvious when t16 support is
 merged with a32+t32, and having a clear definition will help.
 Convert aarch64 as well for consistency.  Note that there is one
 instance of a pre-assert fprintf that used the wrong value for the
 address of the current instruction.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190209033847.9014-12-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20190807045335.1361-3-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/helper.h        |  33 +++++++
+ target/arm/translate-a64.h |  2 +-
- target/arm/translate.h     |   4 +
+ target/arm/translate.h     |  2 ++
- target/arm/translate-a64.c |  36 ++++----
+ target/arm/translate-a64.c | 21 +++++++++++----------
- target/arm/translate.c     | 172 +++++++++++++++++++++++++++++++------
+ target/arm/translate.c     | 14 ++++++++------
- target/arm/vec_helper.c    | 130 ++++++++++++++++++++++++++++
+files changed, 22 insertions(+), 17 deletions(-)
-files changed, 331 insertions(+), 44 deletions(-)
+diff --git a/target/arm/translate-a64.h b/target/arm/translate-a64.h
-diff --git a/target/arm/helper.h b/target/arm/helper.h
+index XXXXXXX..XXXXXXX 100644
-index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/translate-a64.h
---- a/target/arm/helper.h
++++ b/target/arm/translate-a64.h
-+++ b/target/arm/helper.h
+@@ -XXX,XX +XXX,XX @@ void unallocated_encoding(DisasContext *s);
-@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_6(gvec_fmla_idx_s, TCG_CALL_NO_RWG,
+         qemu_log_mask(LOG_UNIMP,                                         \
- DEF_HELPER_FLAGS_6(gvec_fmla_idx_d, TCG_CALL_NO_RWG,
+                       "%s:%d: unsupported instruction encoding 0x%08x "  \
-                    void, ptr, ptr, ptr, ptr, ptr, i32)
+                       "at pc=%016" PRIx64 "\n",                          \
+-                      __FILE__, __LINE__, insn, s->pc - 4);              \
-+DEF_HELPER_FLAGS_5(gvec_uqadd_b, TCG_CALL_NO_RWG,
++                      __FILE__, __LINE__, insn, s->pc_curr);             \
-+                   void, ptr, ptr, ptr, ptr, i32)
+         unallocated_encoding(s);                                         \
-+DEF_HELPER_FLAGS_5(gvec_uqadd_h, TCG_CALL_NO_RWG,
+     } while (0)
-+                   void, ptr, ptr, ptr, ptr, i32)
 +DEF_HELPER_FLAGS_5(gvec_uqadd_s, TCG_CALL_NO_RWG,
 +                   void, ptr, ptr, ptr, ptr, i32)
 +DEF_HELPER_FLAGS_5(gvec_uqadd_d, TCG_CALL_NO_RWG,
 +                   void, ptr, ptr, ptr, ptr, i32)
 +DEF_HELPER_FLAGS_5(gvec_sqadd_b, TCG_CALL_NO_RWG,
 +                   void, ptr, ptr, ptr, ptr, i32)
 +DEF_HELPER_FLAGS_5(gvec_sqadd_h, TCG_CALL_NO_RWG,
 +                   void, ptr, ptr, ptr, ptr, i32)
 +DEF_HELPER_FLAGS_5(gvec_sqadd_s, TCG_CALL_NO_RWG,
 +                   void, ptr, ptr, ptr, ptr, i32)
 +DEF_HELPER_FLAGS_5(gvec_sqadd_d, TCG_CALL_NO_RWG,
 +                   void, ptr, ptr, ptr, ptr, i32)
 +DEF_HELPER_FLAGS_5(gvec_uqsub_b, TCG_CALL_NO_RWG,
 +                   void, ptr, ptr, ptr, ptr, i32)
 +DEF_HELPER_FLAGS_5(gvec_uqsub_h, TCG_CALL_NO_RWG,
 +                   void, ptr, ptr, ptr, ptr, i32)
 +DEF_HELPER_FLAGS_5(gvec_uqsub_s, TCG_CALL_NO_RWG,
 +                   void, ptr, ptr, ptr, ptr, i32)
 +DEF_HELPER_FLAGS_5(gvec_uqsub_d, TCG_CALL_NO_RWG,
 +                   void, ptr, ptr, ptr, ptr, i32)
 +DEF_HELPER_FLAGS_5(gvec_sqsub_b, TCG_CALL_NO_RWG,
 +                   void, ptr, ptr, ptr, ptr, i32)
 +DEF_HELPER_FLAGS_5(gvec_sqsub_h, TCG_CALL_NO_RWG,
 +                   void, ptr, ptr, ptr, ptr, i32)
 +DEF_HELPER_FLAGS_5(gvec_sqsub_s, TCG_CALL_NO_RWG,
 +                   void, ptr, ptr, ptr, ptr, i32)
 +DEF_HELPER_FLAGS_5(gvec_sqsub_d, TCG_CALL_NO_RWG,
 +                   void, ptr, ptr, ptr, ptr, i32)
 +
  #ifdef TARGET_AARCH64
  #include "helper-a64.h"
  #include "helper-sve.h"
 diff --git a/target/arm/translate.h b/target/arm/translate.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.h
 +++ b/target/arm/translate.h
-@@ -XXX,XX +XXX,XX @@ extern const GVecGen2i ssra_op[4];
+@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
- extern const GVecGen2i usra_op[4];
+     const ARMISARegisters *isar;
- extern const GVecGen2i sri_op[4];
- extern const GVecGen2i sli_op[4];
+     target_ulong pc;
-+extern const GVecGen4 uqadd_op[4];
++    /* The address of the current instruction being translated. */
-+extern const GVecGen4 sqadd_op[4];
++    target_ulong pc_curr;
-+extern const GVecGen4 uqsub_op[4];
+     target_ulong page_start;
-+extern const GVecGen4 sqsub_op[4];
+     uint32_t insn;
- void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b);
+     /* Nonzero if this instruction has been conditionally skipped.  */
  /*
 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
+@@ -XXX,XX +XXX,XX @@ static inline AArch64DecodeFn *lookup_disas_fn(const AArch64DecodeTable *table,
   */
  static void disas_uncond_b_imm(DisasContext *s, uint32_t insn)
  {
 -    uint64_t addr = s->pc + sextract32(insn, 0, 26) * 4 - 4;
 +    uint64_t addr = s->pc_curr + sextract32(insn, 0, 26) * 4;
      if (insn & (1U << 31)) {
          /* BL Branch with link */
@@ -XXX,XX +XXX,XX @@ static void disas_comp_b_imm(DisasContext *s, uint32_t insn)
      sf = extract32(insn, 31, 1);
      op = extract32(insn, 24, 1); /* 0: CBZ; 1: CBNZ */
      rt = extract32(insn, 0, 5);
 -    addr = s->pc + sextract32(insn, 5, 19) * 4 - 4;
 +    addr = s->pc_curr + sextract32(insn, 5, 19) * 4;
      tcg_cmp = read_cpu_reg(s, rt, sf);
      label_match = gen_new_label();
@@ -XXX,XX +XXX,XX @@ static void disas_test_b_imm(DisasContext *s, uint32_t insn)
      bit_pos = (extract32(insn, 31, 1) << 5) | extract32(insn, 19, 5);
      op = extract32(insn, 24, 1); /* 0: TBZ; 1: TBNZ */
 -    addr = s->pc + sextract32(insn, 5, 14) * 4 - 4;
 +    addr = s->pc_curr + sextract32(insn, 5, 14) * 4;
      rt = extract32(insn, 0, 5);
      tcg_cmp = tcg_temp_new_i64();
@@ -XXX,XX +XXX,XX @@ static void disas_cond_b_imm(DisasContext *s, uint32_t insn)
          unallocated_encoding(s);
          return;
      }
+-    addr = s->pc + sextract32(insn, 5, 19) * 4 - 4;
-     switch (opcode) {
++    addr = s->pc_curr + sextract32(insn, 5, 19) * 4;
-+    case 0x01: /* SQADD, UQADD */
+     cond = extract32(insn, 0, 4);
-+        tcg_gen_gvec_4(vec_full_reg_offset(s, rd),
-+                       offsetof(CPUARMState, vfp.qc),
+     reset_btype(s);
-+                       vec_full_reg_offset(s, rn),
+@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
-+                       vec_full_reg_offset(s, rm),
+         TCGv_i32 tcg_syn, tcg_isread;
-+                       is_q ? 16 : 8, vec_full_reg_size(s),
+         uint32_t syndrome;
-+                       (u ? uqadd_op : sqadd_op) + size);
-+        return;
+-        gen_a64_set_pc_im(s->pc - 4);
-+    case 0x05: /* SQSUB, UQSUB */
++        gen_a64_set_pc_im(s->pc_curr);
-+        tcg_gen_gvec_4(vec_full_reg_offset(s, rd),
+         tmpptr = tcg_const_ptr(ri);
-+                       offsetof(CPUARMState, vfp.qc),
+         syndrome = syn_aa64_sysregtrap(op0, op1, op2, crn, crm, rt, isread);
-+                       vec_full_reg_offset(s, rn),
+         tcg_syn = tcg_const_i32(syndrome);
-+                       vec_full_reg_offset(s, rm),
+@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
-+                       is_q ? 16 : 8, vec_full_reg_size(s),
+             /* The pre HVC helper handles cases when HVC gets trapped
-+                       (u ? uqsub_op : sqsub_op) + size);
+              * as an undefined insn by runtime configuration.
-+        return;
+              */
-     case 0x0c: /* SMAX, UMAX */
+-            gen_a64_set_pc_im(s->pc - 4);
-         if (u) {
++            gen_a64_set_pc_im(s->pc_curr);
-             gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_umax, size);
+             gen_helper_pre_hvc(cpu_env);
-@@ -XXX,XX +XXX,XX @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
+             gen_ss_advance(s);
-                 genfn = fns[size][u];
+             gen_exception_insn(s, 0, EXCP_HVC, syn_aa64_hvc(imm16), 2);
@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
                  unallocated_encoding(s);
                  break;
              }
--            case 0x1: /* SQADD, UQADD */
+-            gen_a64_set_pc_im(s->pc - 4);
--            {
++            gen_a64_set_pc_im(s->pc_curr);
--                static NeonGenTwoOpEnvFn * const fns[3][2] = {
+             tmp = tcg_const_i32(syn_aa64_smc(imm16));
--                    { gen_helper_neon_qadd_s8, gen_helper_neon_qadd_u8 },
+             gen_helper_pre_smc(cpu_env, tmp);
--                    { gen_helper_neon_qadd_s16, gen_helper_neon_qadd_u16 },
+             tcg_temp_free_i32(tmp);
--                    { gen_helper_neon_qadd_s32, gen_helper_neon_qadd_u32 },
+@@ -XXX,XX +XXX,XX @@ static void disas_ld_lit(DisasContext *s, uint32_t insn)
--                };
--                genenvfn = fns[size][u];
+     tcg_rt = cpu_reg(s, rt);
--                break;
--            }
+-    clean_addr = tcg_const_i64((s->pc - 4) + imm);
-             case 0x2: /* SRHADD, URHADD */
++    clean_addr = tcg_const_i64(s->pc_curr + imm);
-             {
+     if (is_vector) {
-                 static NeonGenTwoOpFn * const fns[3][2] = {
+         do_fp_ld(s, rt, clean_addr, size);
-@@ -XXX,XX +XXX,XX @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
+     } else {
-                 genfn = fns[size][u];
+@@ -XXX,XX +XXX,XX @@ static void disas_pc_rel_adr(DisasContext *s, uint32_t insn)
      offset = sextract64(insn, 5, 19);
      offset = offset << 2 | extract32(insn, 29, 2);
      rd = extract32(insn, 0, 5);
 -    base = s->pc - 4;
 +    base = s->pc_curr;
      if (page) {
          /* ADRP (page based) */
@@ -XXX,XX +XXX,XX @@ static void disas_simd_three_reg_same_fp16(DisasContext *s, uint32_t insn)
                  break;
+             default:
+                 fprintf(stderr, "%s: insn %#04x, fpop %#2x @ %#" PRIx64 "\n",
+-                        __func__, insn, fpopcode, s->pc);
++                        __func__, insn, fpopcode, s->pc_curr);
+                 g_assert_not_reached();
              }
--            case 0x5: /* SQSUB, UQSUB */
--            {
+@@ -XXX,XX +XXX,XX @@ static void disas_a64_insn(CPUARMState *env, DisasContext *s)
--                static NeonGenTwoOpEnvFn * const fns[3][2] = {
+ {
--                    { gen_helper_neon_qsub_s8, gen_helper_neon_qsub_u8 },
+     uint32_t insn;
--                    { gen_helper_neon_qsub_s16, gen_helper_neon_qsub_u16 },
--                    { gen_helper_neon_qsub_s32, gen_helper_neon_qsub_u32 },
++    s->pc_curr = s->pc;
--                };
+     insn = arm_ldl_code(env, s->pc, s->sctlr_b);
--                genenvfn = fns[size][u];
+     s->insn = insn;
--                break;
+     s->pc += 4;
 -            }
              case 0x8: /* SSHL, USHL */
              {
                  static NeonGenTwoOpFn * const fns[3][2] = {
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ const GVecGen3 cmtst_op[4] = {
+@@ -XXX,XX +XXX,XX @@ static inline void gen_hvc(DisasContext *s, int imm16)
-       .vece = MO_64 },
+      * as an undefined insn by runtime configuration (ie before
- };
+      * the insn really executes).
+      */
-+static void gen_uqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
+-    gen_set_pc_im(s, s->pc - 4);
-+                          TCGv_vec a, TCGv_vec b)
++    gen_set_pc_im(s, s->pc_curr);
-+{
+     gen_helper_pre_hvc(cpu_env);
-+    TCGv_vec x = tcg_temp_new_vec_matching(t);
+     /* Otherwise we will treat this as a real exception which
-+    tcg_gen_add_vec(vece, x, a, b);
+      * happens after execution of the insn. (The distinction matters
-+    tcg_gen_usadd_vec(vece, t, a, b);
+@@ -XXX,XX +XXX,XX @@ static inline void gen_smc(DisasContext *s)
-+    tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
+      */
-+    tcg_gen_or_vec(vece, sat, sat, x);
+     TCGv_i32 tmp;
-+    tcg_temp_free_vec(x);
-+}
+-    gen_set_pc_im(s, s->pc - 4);
-+
++    gen_set_pc_im(s, s->pc_curr);
-+const GVecGen4 uqadd_op[4] = {
+     tmp = tcg_const_i32(syn_aa32_smc());
-+    { .fniv = gen_uqadd_vec,
+     gen_helper_pre_smc(cpu_env, tmp);
-+      .fno = gen_helper_gvec_uqadd_b,
+     tcg_temp_free_i32(tmp);
-+      .opc = INDEX_op_usadd_vec,
+@@ -XXX,XX +XXX,XX @@ static void gen_msr_banked(DisasContext *s, int r, int sysm, int rn)
-+      .write_aofs = true,
-+      .vece = MO_8 },
+     /* Sync state because msr_banked() can raise exceptions */
-+    { .fniv = gen_uqadd_vec,
+     gen_set_condexec(s);
-+      .fno = gen_helper_gvec_uqadd_h,
+-    gen_set_pc_im(s, s->pc - 4);
-+      .opc = INDEX_op_usadd_vec,
++    gen_set_pc_im(s, s->pc_curr);
-+      .write_aofs = true,
+     tcg_reg = load_reg(s, rn);
-+      .vece = MO_16 },
+     tcg_tgtmode = tcg_const_i32(tgtmode);
-+    { .fniv = gen_uqadd_vec,
+     tcg_regno = tcg_const_i32(regno);
-+      .fno = gen_helper_gvec_uqadd_s,
+@@ -XXX,XX +XXX,XX @@ static void gen_mrs_banked(DisasContext *s, int r, int sysm, int rn)
-+      .opc = INDEX_op_usadd_vec,
-+      .write_aofs = true,
+     /* Sync state because mrs_banked() can raise exceptions */
-+      .vece = MO_32 },
+     gen_set_condexec(s);
-+    { .fniv = gen_uqadd_vec,
+-    gen_set_pc_im(s, s->pc - 4);
-+      .fno = gen_helper_gvec_uqadd_d,
++    gen_set_pc_im(s, s->pc_curr);
-+      .opc = INDEX_op_usadd_vec,
+     tcg_reg = tcg_temp_new_i32();
-+      .write_aofs = true,
+     tcg_tgtmode = tcg_const_i32(tgtmode);
-+      .vece = MO_64 },
+     tcg_regno = tcg_const_i32(regno);
-+};
+@@ -XXX,XX +XXX,XX @@ static int disas_coproc_insn(DisasContext *s, uint32_t insn)
 +
 +static void gen_sqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
 +                          TCGv_vec a, TCGv_vec b)
 +{
 +    TCGv_vec x = tcg_temp_new_vec_matching(t);
 +    tcg_gen_add_vec(vece, x, a, b);
 +    tcg_gen_ssadd_vec(vece, t, a, b);
 +    tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
 +    tcg_gen_or_vec(vece, sat, sat, x);
 +    tcg_temp_free_vec(x);
 +}
 +
 +const GVecGen4 sqadd_op[4] = {
 +    { .fniv = gen_sqadd_vec,
 +      .fno = gen_helper_gvec_sqadd_b,
 +      .opc = INDEX_op_ssadd_vec,
 +      .write_aofs = true,
 +      .vece = MO_8 },
 +    { .fniv = gen_sqadd_vec,
 +      .fno = gen_helper_gvec_sqadd_h,
 +      .opc = INDEX_op_ssadd_vec,
 +      .write_aofs = true,
 +      .vece = MO_16 },
 +    { .fniv = gen_sqadd_vec,
 +      .fno = gen_helper_gvec_sqadd_s,
 +      .opc = INDEX_op_ssadd_vec,
 +      .write_aofs = true,
 +      .vece = MO_32 },
 +    { .fniv = gen_sqadd_vec,
 +      .fno = gen_helper_gvec_sqadd_d,
 +      .opc = INDEX_op_ssadd_vec,
 +      .write_aofs = true,
 +      .vece = MO_64 },
 +};
 +
 +static void gen_uqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
 +                          TCGv_vec a, TCGv_vec b)
 +{
 +    TCGv_vec x = tcg_temp_new_vec_matching(t);
 +    tcg_gen_sub_vec(vece, x, a, b);
 +    tcg_gen_ussub_vec(vece, t, a, b);
 +    tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
 +    tcg_gen_or_vec(vece, sat, sat, x);
 +    tcg_temp_free_vec(x);
 +}
 +
 +const GVecGen4 uqsub_op[4] = {
 +    { .fniv = gen_uqsub_vec,
 +      .fno = gen_helper_gvec_uqsub_b,
 +      .opc = INDEX_op_ussub_vec,
 +      .write_aofs = true,
 +      .vece = MO_8 },
 +    { .fniv = gen_uqsub_vec,
 +      .fno = gen_helper_gvec_uqsub_h,
 +      .opc = INDEX_op_ussub_vec,
 +      .write_aofs = true,
 +      .vece = MO_16 },
 +    { .fniv = gen_uqsub_vec,
 +      .fno = gen_helper_gvec_uqsub_s,
 +      .opc = INDEX_op_ussub_vec,
 +      .write_aofs = true,
 +      .vece = MO_32 },
 +    { .fniv = gen_uqsub_vec,
 +      .fno = gen_helper_gvec_uqsub_d,
 +      .opc = INDEX_op_ussub_vec,
 +      .write_aofs = true,
 +      .vece = MO_64 },
 +};
 +
 +static void gen_sqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
 +                          TCGv_vec a, TCGv_vec b)
 +{
 +    TCGv_vec x = tcg_temp_new_vec_matching(t);
 +    tcg_gen_sub_vec(vece, x, a, b);
 +    tcg_gen_sssub_vec(vece, t, a, b);
 +    tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
 +    tcg_gen_or_vec(vece, sat, sat, x);
 +    tcg_temp_free_vec(x);
 +}
 +
 +const GVecGen4 sqsub_op[4] = {
 +    { .fniv = gen_sqsub_vec,
 +      .fno = gen_helper_gvec_sqsub_b,
 +      .opc = INDEX_op_sssub_vec,
 +      .write_aofs = true,
 +      .vece = MO_8 },
 +    { .fniv = gen_sqsub_vec,
 +      .fno = gen_helper_gvec_sqsub_h,
 +      .opc = INDEX_op_sssub_vec,
 +      .write_aofs = true,
 +      .vece = MO_16 },
 +    { .fniv = gen_sqsub_vec,
 +      .fno = gen_helper_gvec_sqsub_s,
 +      .opc = INDEX_op_sssub_vec,
 +      .write_aofs = true,
 +      .vece = MO_32 },
 +    { .fniv = gen_sqsub_vec,
 +      .fno = gen_helper_gvec_sqsub_d,
 +      .opc = INDEX_op_sssub_vec,
 +      .write_aofs = true,
 +      .vece = MO_64 },
 +};
 +
  /* Translate a NEON data processing instruction.  Return nonzero if the
     instruction is invalid.
     We process data in a mixture of 32-bit and 64-bit chunks.
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
              }
-             return 0;
+             gen_set_condexec(s);
-+        case NEON_3R_VQADD:
+-            gen_set_pc_im(s, s->pc - 4);
-+            tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
++            gen_set_pc_im(s, s->pc_curr);
-+                           rn_ofs, rm_ofs, vec_size, vec_size,
+             tmpptr = tcg_const_ptr(ri);
-+                           (u ? uqadd_op : sqadd_op) + size);
+             tcg_syn = tcg_const_i32(syndrome);
-+            break;
+             tcg_isread = tcg_const_i32(isread);
-+
+@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
-+        case NEON_3R_VQSUB:
+     tmp = tcg_const_i32(mode);
-+            tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
+     /* get_r13_banked() will raise an exception if called from System mode */
-+                           rn_ofs, rm_ofs, vec_size, vec_size,
+     gen_set_condexec(s);
-+                           (u ? uqsub_op : sqsub_op) + size);
+-    gen_set_pc_im(s, s->pc - 4);
-+            break;
++    gen_set_pc_im(s, s->pc_curr);
-+
+     gen_helper_get_r13_banked(addr, cpu_env, tmp);
-         case NEON_3R_VMUL: /* VMUL */
+     tcg_temp_free_i32(tmp);
-             if (u) {
+     switch (amode) {
-                 /* Polynomial case allows only P8 and is handled below.  */
+@@ -XXX,XX +XXX,XX @@ static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
-@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
+         return;
-                 neon_load_reg64(cpu_V0, rn + pass);
+     }
-                 neon_load_reg64(cpu_V1, rm + pass);
-                 switch (op) {
++    dc->pc_curr = dc->pc;
--                case NEON_3R_VQADD:
+     insn = arm_ldl_code(env, dc->pc, dc->sctlr_b);
--                    if (u) {
+     dc->insn = insn;
--                        gen_helper_neon_qadd_u64(cpu_V0, cpu_env,
+     dc->pc += 4;
--                                                 cpu_V0, cpu_V1);
+@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
--                    } else {
+         return;
--                        gen_helper_neon_qadd_s64(cpu_V0, cpu_env,
+     }
--                                                 cpu_V0, cpu_V1);
--                    }
++    dc->pc_curr = dc->pc;
--                    break;
+     insn = arm_lduw_code(env, dc->pc, dc->sctlr_b);
--                case NEON_3R_VQSUB:
+     is_16bit = thumb_insn_is_16bit(dc, dc->pc, insn);
--                    if (u) {
+     dc->pc += 2;
 -                        gen_helper_neon_qsub_u64(cpu_V0, cpu_env,
 -                                                 cpu_V0, cpu_V1);
 -                    } else {
 -                        gen_helper_neon_qsub_s64(cpu_V0, cpu_env,
 -                                                 cpu_V0, cpu_V1);
 -                    }
 -                    break;
                  case NEON_3R_VSHL:
                      if (u) {
                          gen_helper_neon_shl_u64(cpu_V0, cpu_V1, cpu_V0);
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
          case NEON_3R_VHADD:
              GEN_NEON_INTEGER_OP(hadd);
              break;
 -        case NEON_3R_VQADD:
 -            GEN_NEON_INTEGER_OP_ENV(qadd);
 -            break;
          case NEON_3R_VRHADD:
              GEN_NEON_INTEGER_OP(rhadd);
              break;
          case NEON_3R_VHSUB:
              GEN_NEON_INTEGER_OP(hsub);
              break;
 -        case NEON_3R_VQSUB:
 -            GEN_NEON_INTEGER_OP_ENV(qsub);
 -            break;
          case NEON_3R_VSHL:
              GEN_NEON_INTEGER_OP(shl);
              break;
 diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/vec_helper.c
 +++ b/target/arm/vec_helper.c
@@ -XXX,XX +XXX,XX @@ DO_FMLA_IDX(gvec_fmla_idx_s, float32, H4)
  DO_FMLA_IDX(gvec_fmla_idx_d, float64, )
  #undef DO_FMLA_IDX
 +
 +#define DO_SAT(NAME, WTYPE, TYPEN, TYPEM, OP, MIN, MAX) \
 +void HELPER(NAME)(void *vd, void *vq, void *vn, void *vm, uint32_t desc)   \
 +{                                                                          \
 +    intptr_t i, oprsz = simd_oprsz(desc);                                  \
 +    TYPEN *d = vd, *n = vn; TYPEM *m = vm;                                 \
 +    bool q = false;                                                        \
 +    for (i = 0; i < oprsz / sizeof(TYPEN); i++) {                          \
 +        WTYPE dd = (WTYPE)n[i] OP m[i];                                    \
 +        if (dd < MIN) {                                                    \
 +            dd = MIN;                                                      \
 +            q = true;                                                      \
 +        } else if (dd > MAX) {                                             \
 +            dd = MAX;                                                      \
 +            q = true;                                                      \
 +        }                                                                  \
 +        d[i] = dd;                                                         \
 +    }                                                                      \
 +    if (q) {                                                               \
 +        uint32_t *qc = vq;                                                 \
 +        qc[0] = 1;                                                         \
 +    }                                                                      \
 +    clear_tail(d, oprsz, simd_maxsz(desc));                                \
 +}
 +
 +DO_SAT(gvec_uqadd_b, int, uint8_t, uint8_t, +, 0, UINT8_MAX)
 +DO_SAT(gvec_uqadd_h, int, uint16_t, uint16_t, +, 0, UINT16_MAX)
 +DO_SAT(gvec_uqadd_s, int64_t, uint32_t, uint32_t, +, 0, UINT32_MAX)
 +
 +DO_SAT(gvec_sqadd_b, int, int8_t, int8_t, +, INT8_MIN, INT8_MAX)
 +DO_SAT(gvec_sqadd_h, int, int16_t, int16_t, +, INT16_MIN, INT16_MAX)
 +DO_SAT(gvec_sqadd_s, int64_t, int32_t, int32_t, +, INT32_MIN, INT32_MAX)
 +
 +DO_SAT(gvec_uqsub_b, int, uint8_t, uint8_t, -, 0, UINT8_MAX)
 +DO_SAT(gvec_uqsub_h, int, uint16_t, uint16_t, -, 0, UINT16_MAX)
 +DO_SAT(gvec_uqsub_s, int64_t, uint32_t, uint32_t, -, 0, UINT32_MAX)
 +
 +DO_SAT(gvec_sqsub_b, int, int8_t, int8_t, -, INT8_MIN, INT8_MAX)
 +DO_SAT(gvec_sqsub_h, int, int16_t, int16_t, -, INT16_MIN, INT16_MAX)
 +DO_SAT(gvec_sqsub_s, int64_t, int32_t, int32_t, -, INT32_MIN, INT32_MAX)
 +
 +#undef DO_SAT
 +
 +void HELPER(gvec_uqadd_d)(void *vd, void *vq, void *vn,
 +                          void *vm, uint32_t desc)
 +{
 +    intptr_t i, oprsz = simd_oprsz(desc);
 +    uint64_t *d = vd, *n = vn, *m = vm;
 +    bool q = false;
 +
 +    for (i = 0; i < oprsz / 8; i++) {
 +        uint64_t nn = n[i], mm = m[i], dd = nn + mm;
 +        if (dd < nn) {
 +            dd = UINT64_MAX;
 +            q = true;
 +        }
 +        d[i] = dd;
 +    }
 +    if (q) {
 +        uint32_t *qc = vq;
 +        qc[0] = 1;
 +    }
 +    clear_tail(d, oprsz, simd_maxsz(desc));
 +}
 +
 +void HELPER(gvec_uqsub_d)(void *vd, void *vq, void *vn,
 +                          void *vm, uint32_t desc)
 +{
 +    intptr_t i, oprsz = simd_oprsz(desc);
 +    uint64_t *d = vd, *n = vn, *m = vm;
 +    bool q = false;
 +
 +    for (i = 0; i < oprsz / 8; i++) {
 +        uint64_t nn = n[i], mm = m[i], dd = nn - mm;
 +        if (nn < mm) {
 +            dd = 0;
 +            q = true;
 +        }
 +        d[i] = dd;
 +    }
 +    if (q) {
 +        uint32_t *qc = vq;
 +        qc[0] = 1;
 +    }
 +    clear_tail(d, oprsz, simd_maxsz(desc));
 +}
 +
 +void HELPER(gvec_sqadd_d)(void *vd, void *vq, void *vn,
 +                          void *vm, uint32_t desc)
 +{
 +    intptr_t i, oprsz = simd_oprsz(desc);
 +    int64_t *d = vd, *n = vn, *m = vm;
 +    bool q = false;
 +
 +    for (i = 0; i < oprsz / 8; i++) {
 +        int64_t nn = n[i], mm = m[i], dd = nn + mm;
 +        if (((dd ^ nn) & ~(nn ^ mm)) & INT64_MIN) {
 +            dd = (nn >> 63) ^ ~INT64_MIN;
 +            q = true;
 +        }
 +        d[i] = dd;
 +    }
 +    if (q) {
 +        uint32_t *qc = vq;
 +        qc[0] = 1;
 +    }
 +    clear_tail(d, oprsz, simd_maxsz(desc));
 +}
 +
 +void HELPER(gvec_sqsub_d)(void *vd, void *vq, void *vn,
 +                          void *vm, uint32_t desc)
 +{
 +    intptr_t i, oprsz = simd_oprsz(desc);
 +    int64_t *d = vd, *n = vn, *m = vm;
 +    bool q = false;
 +
 +    for (i = 0; i < oprsz / 8; i++) {
 +        int64_t nn = n[i], mm = m[i], dd = nn - mm;
 +        if (((dd ^ nn) & (nn ^ mm)) & INT64_MIN) {
 +            dd = (nn >> 63) ^ ~INT64_MIN;
 +            q = true;
 +        }
 +        d[i] = dd;
 +    }
 +    if (q) {
 +        uint32_t *qc = vq;
 +        qc[0] = 1;
 +    }
 +    clear_tail(d, oprsz, simd_maxsz(desc));
 +}
 --
 .20.1

-[Qemu-devel] [PULL 13/27] hw/intc/armv7m_nvic: Allow byte accesses to SHPR1
+[Qemu-devel] [PULL 08/29] target/arm: Introduce read_pc
-The code for handling the NVIC SHPR1 register intends to permit
+From: Richard Henderson <richard.henderson@linaro.org>
-byte and halfword accesses (as the architecture requires). However
-the 'case' line for it only lists the base address of the
+We currently have 3 different ways of computing the architectural
-register, so attempts to access bytes other than the first one
+value of "PC" as seen in the ARM ARM.
-end up in the "bad write" default logic. This bug was added
-accidentally when we split out the SHPR1 logic from SHPR2 and
+The value of s->pc has been incremented past the current insn,
-SHPR3 to support v6M.
+but that is all.  Thus for a32, PC = s->pc + 4; for t32, PC = s->pc;
+for t16, PC = s->pc + 2.  These differing computations make it
-Fixes: 7c9140afd594 ("nvic: Handle ARMv6-M SCS reserved registers")
+impossible at present to unify the various code paths.
 With the newly introduced s->pc_curr, we can compute the correct
 value for all cases, using the formula given in the ARM ARM.
 This changes the behaviour for load_reg() and load_reg_var()
 when called with reg==15 from a 32-bit Thumb instruction:
 previously they would have returned the incorrect value
 of pc_curr + 6, and now they will return the architecturally
 correct value of PC, which is pc_curr + 4. This will not
 affect well-behaved guest software, because all of the places
 we call these functions from T32 code are instructions where
 using r15 is UNPREDICTABLE. Using the architectural PC value
 here is more consistent with the T16 and A32 behaviour.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
 Message-id: 20190807045335.1361-4-richard.henderson@linaro.org
 [PMM: added commit message note about UNPREDICTABLE T32 cases]
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
 ---
-The Zephyr RTOS happens to access SHPR1 byte at a time,
+ target/arm/translate.c | 59 ++++++++++++++++--------------------------
-which is how I spotted this.
+file changed, 23 insertions(+), 36 deletions(-)
----
- hw/intc/armv7m_nvic.c | 4 ++--
+diff --git a/target/arm/translate.c b/target/arm/translate.c
 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
 index XXXXXXX..XXXXXXX 100644
---- a/hw/intc/armv7m_nvic.c
+--- a/target/arm/translate.c
-+++ b/hw/intc/armv7m_nvic.c
++++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,
+@@ -XXX,XX +XXX,XX @@ static inline void store_cpu_offset(TCGv_i32 var, int offset)
  #define store_cpu_field(var, name) \
      store_cpu_offset(var, offsetof(CPUARMState, name))
 +/* The architectural value of PC.  */
 +static uint32_t read_pc(DisasContext *s)
 +{
 +    return s->pc_curr + (s->thumb ? 4 : 8);
 +}
 +
  /* Set a variable to the value of a CPU register.  */
  static void load_reg_var(DisasContext *s, TCGv_i32 var, int reg)
  {
      if (reg == 15) {
 -        uint32_t addr;
 -        /* normally, since we updated PC, we need only to add one insn */
 -        if (s->thumb)
 -            addr = (long)s->pc + 2;
 -        else
 -            addr = (long)s->pc + 4;
 -        tcg_gen_movi_i32(var, addr);
 +        tcg_gen_movi_i32(var, read_pc(s));
      } else {
          tcg_gen_mov_i32(var, cpu_R[reg]);
      }
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
              /* branch link and change to thumb (blx <offset>) */
              int32_t offset;
 -            val = (uint32_t)s->pc;
              tmp = tcg_temp_new_i32();
 -            tcg_gen_movi_i32(tmp, val);
 +            tcg_gen_movi_i32(tmp, s->pc);
              store_reg(s, 14, tmp);
              /* Sign-extend the 24-bit offset */
              offset = (((int32_t)insn) << 8) >> 8;
 +            val = read_pc(s);
              /* offset * 4 + bit24 * 2 + (thumb bit) */
              val += (offset << 2) | ((insn >> 23) & 2) | 1;
 -            /* pipeline offset */
 -            val += 4;
              /* protected by ARCH(5); above, near the start of uncond block */
              gen_bx_im(s, val);
              return;
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                          } else {
                              /* store */
                              if (i == 15) {
 -                                /* special case: r15 = PC + 8 */
 -                                val = (long)s->pc + 4;
                                  tmp = tcg_temp_new_i32();
 -                                tcg_gen_movi_i32(tmp, val);
 +                                tcg_gen_movi_i32(tmp, read_pc(s));
                              } else if (user) {
                                  tmp = tcg_temp_new_i32();
                                  tmp2 = tcg_const_i32(i);
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                  int32_t offset;
                  /* branch (and link) */
 -                val = (int32_t)s->pc;
                  if (insn & (1 << 24)) {
                      tmp = tcg_temp_new_i32();
 -                    tcg_gen_movi_i32(tmp, val);
 +                    tcg_gen_movi_i32(tmp, s->pc);
                      store_reg(s, 14, tmp);
                  }
                  offset = sextract32(insn << 2, 0, 26);
 -                val += offset + 4;
 -                gen_jmp(s, val);
 +                gen_jmp(s, read_pc(s) + offset);
              }
+             break;
+         case 0xc:
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
+                 tcg_temp_free_i32(addr);
+             } else if ((insn & (7 << 5)) == 0) {
+                 /* Table Branch.  */
+-                if (rn == 15) {
+-                    addr = tcg_temp_new_i32();
+-                    tcg_gen_movi_i32(addr, s->pc);
+-                } else {
+-                    addr = load_reg(s, rn);
+-                }
++                addr = load_reg(s, rn);
+                 tmp = load_reg(s, rm);
+                 tcg_gen_add_i32(addr, addr, tmp);
+                 if (insn & (1 << 4)) {
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
+                 }
+                 tcg_temp_free_i32(addr);
+                 tcg_gen_shli_i32(tmp, tmp, 1);
+-                tcg_gen_addi_i32(tmp, tmp, s->pc);
++                tcg_gen_addi_i32(tmp, tmp, read_pc(s));
+                 store_reg(s, 15, tmp);
+             } else {
+                 bool is_lasr = false;
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
+                     tcg_gen_movi_i32(cpu_R[14], s->pc | 1);
+                 }
+-                offset += s->pc;
++                offset += read_pc(s);
+                 if (insn & (1 << 12)) {
+                     /* b/bl */
+                     gen_jmp(s, offset);
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
+                 offset |= (insn & (1 << 11)) << 8;
+                 /* jump to the offset */
+-                gen_jmp(s, s->pc + offset);
++                gen_jmp(s, read_pc(s) + offset);
+             }
+         } else {
+             /*
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
+         if (insn & (1 << 11)) {
+             rd = (insn >> 8) & 7;
+             /* load pc-relative.  Bit 1 of PC is ignored.  */
+-            val = s->pc + 2 + ((insn & 0xff) * 4);
++            val = read_pc(s) + ((insn & 0xff) * 4);
+             val &= ~(uint32_t)2;
+             addr = tcg_temp_new_i32();
+             tcg_gen_movi_i32(addr, val);
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
+         } else {
+             /* PC. bit 1 is ignored.  */
+             tmp = tcg_temp_new_i32();
+-            tcg_gen_movi_i32(tmp, (s->pc + 2) & ~(uint32_t)2);
++            tcg_gen_movi_i32(tmp, read_pc(s) & ~(uint32_t)2);
+         }
+         val = (insn & 0xff) * 4;
+         tcg_gen_addi_i32(tmp, tmp, val);
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
+                 tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, s->condlabel);
+             tcg_temp_free_i32(tmp);
+             offset = ((insn & 0xf8) >> 2) | (insn & 0x200) >> 3;
+-            val = (uint32_t)s->pc + 2;
+-            val += offset;
+-            gen_jmp(s, val);
++            gen_jmp(s, read_pc(s) + offset);
+             break;
+         case 15: /* IT, nop-hint.  */
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
+         arm_skip_unless(s, cond);
+         /* jump to the offset */
+-        val = (uint32_t)s->pc + 2;
++        val = read_pc(s);
+         offset = ((int32_t)insn << 24) >> 24;
+         val += offset << 1;
+         gen_jmp(s, val);
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
+             break;
+         }
+         /* unconditional branch */
+-        val = (uint32_t)s->pc;
++        val = read_pc(s);
+         offset = ((int32_t)insn << 21) >> 21;
+-        val += (offset << 1) + 2;
++        val += offset << 1;
+         gen_jmp(s, val);
+         break;
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
+             /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix */
+             uint32_t uoffset = ((int32_t)insn << 21) >> 9;
+-            tcg_gen_movi_i32(cpu_R[14], s->pc + 2 + uoffset);
++            tcg_gen_movi_i32(cpu_R[14], read_pc(s) + uoffset);
          }
          break;
--    case 0xd18: /* System Handler Priority (SHPR1) */
+     }
 +    case 0xd18 ... 0xd1b: /* System Handler Priority (SHPR1) */
          if (!arm_feature(&s->cpu->env, ARM_FEATURE_M_MAIN)) {
              val = 0;
              break;
@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
          }
          nvic_irq_update(s);
          return MEMTX_OK;
 -    case 0xd18: /* System Handler Priority (SHPR1) */
 +    case 0xd18 ... 0xd1b: /* System Handler Priority (SHPR1) */
          if (!arm_feature(&s->cpu->env, ARM_FEATURE_M_MAIN)) {
              return MEMTX_OK;
          }
 --
 .20.1

-[Qemu-devel] [PULL 23/27] target/arm: Fix set of bits kept in xregs[ARM_VFP_FPSCR]
+[Qemu-devel] [PULL 09/29] target/arm: Introduce add_reg_for_lit
 From: Richard Henderson <richard.henderson@linaro.org>
-Given that we mask bits properly on set, there is no reason
+Provide a common routine for the places that require ALIGN(PC, 4)
-to mask them again on get.  We failed to clear the exception
+as the base address as opposed to plain PC.  The two are always
-status bits, 0x9f, which means that the wrong value would be
+the same for A32, but the difference is meaningful for thumb mode.
 returned on get.  Except in the (probably normal) case in which
 the set clears all of the bits.
 Simplify the code in set to also clear the RES0 bits.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190209033847.9014-10-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20190807045335.1361-5-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/helper.c | 15 ++++++++-------
+ target/arm/translate-vfp.inc.c |  38 ++------
-file changed, 8 insertions(+), 7 deletions(-)
+ target/arm/translate.c         | 166 +++++++++++++++------------------
+files changed, 82 insertions(+), 122 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
 diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
+--- a/target/arm/translate-vfp.inc.c
-+++ b/target/arm/helper.c
++++ b/target/arm/translate-vfp.inc.c
-@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
+@@ -XXX,XX +XXX,XX @@ static bool trans_VLDR_VSTR_sp(DisasContext *s, arg_VLDR_VSTR_sp *a)
-     int i;
+         offset = -offset;
-     uint32_t fpscr;
+     }
--    fpscr = (env->vfp.xregs[ARM_VFP_FPSCR] & 0xffc8ffff)
+-    if (s->thumb && a->rn == 15) {
-+    fpscr = env->vfp.xregs[ARM_VFP_FPSCR]
+-        /* This is actually UNPREDICTABLE */
-             | (env->vfp.vec_len << 16)
+-        addr = tcg_temp_new_i32();
-             | (env->vfp.vec_stride << 20);
+-        tcg_gen_movi_i32(addr, s->pc & ~2);
+-    } else {
-@@ -XXX,XX +XXX,XX @@ static inline int vfp_exceptbits_to_host(int target_bits)
+-        addr = load_reg(s, a->rn);
- void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
+-    }
- {
+-    tcg_gen_addi_i32(addr, addr, offset);
-     int i;
++    /* For thumb, use of PC is UNPREDICTABLE.  */
--    uint32_t changed;
++    addr = add_reg_for_lit(s, a->rn, offset);
-+    uint32_t changed = env->vfp.xregs[ARM_VFP_FPSCR];
+     tmp = tcg_temp_new_i32();
+     if (a->l) {
-     /* When ARMv8.2-FP16 is not supported, FZ16 is RES0.  */
+         gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
-     if (!cpu_isar_feature(aa64_fp16, arm_env_get_cpu(env))) {
+@@ -XXX,XX +XXX,XX @@ static bool trans_VLDR_VSTR_dp(DisasContext *s, arg_VLDR_VSTR_dp *a)
-@@ -XXX,XX +XXX,XX @@ void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
+         offset = -offset;
+     }
-     /*
-      * We don't implement trapped exception handling, so the
+-    if (s->thumb && a->rn == 15) {
--     * trap enable bits are all RAZ/WI (not RES0!)
+-        /* This is actually UNPREDICTABLE */
-+     * trap enable bits, IDE|IXE|UFE|OFE|DZE|IOE are all RAZ/WI (not RES0!)
+-        addr = tcg_temp_new_i32();
-+     *
+-        tcg_gen_movi_i32(addr, s->pc & ~2);
-+     * If we exclude the exception flags, IOC|DZC|OFC|UFC|IXC|IDC
+-    } else {
-+     * (which are stored in fp_status), and the other RES0 bits
+-        addr = load_reg(s, a->rn);
-+     * in between, then we clear all of the low 16 bits.
+-    }
-      */
+-    tcg_gen_addi_i32(addr, addr, offset);
--    val &= ~(FPCR_IDE | FPCR_IXE | FPCR_UFE | FPCR_OFE | FPCR_DZE | FPCR_IOE);
++    /* For thumb, use of PC is UNPREDICTABLE.  */
--
++    addr = add_reg_for_lit(s, a->rn, offset);
--    changed = env->vfp.xregs[ARM_VFP_FPSCR];
+     tmp = tcg_temp_new_i64();
--    env->vfp.xregs[ARM_VFP_FPSCR] = (val & 0xffc8ffff);
+     if (a->l) {
-+    env->vfp.xregs[ARM_VFP_FPSCR] = val & 0xffc80000;
+         gen_aa32_ld64(s, tmp, addr, get_mem_index(s));
-     env->vfp.vec_len = (val >> 16) & 7;
+@@ -XXX,XX +XXX,XX @@ static bool trans_VLDM_VSTM_sp(DisasContext *s, arg_VLDM_VSTM_sp *a)
-     env->vfp.vec_stride = (val >> 20) & 3;
+         return true;
      }
 -    if (s->thumb && a->rn == 15) {
 -        /* This is actually UNPREDICTABLE */
 -        addr = tcg_temp_new_i32();
 -        tcg_gen_movi_i32(addr, s->pc & ~2);
 -    } else {
 -        addr = load_reg(s, a->rn);
 -    }
 +    /* For thumb, use of PC is UNPREDICTABLE.  */
 +    addr = add_reg_for_lit(s, a->rn, 0);
      if (a->p) {
          /* pre-decrement */
          tcg_gen_addi_i32(addr, addr, -(a->imm << 2));
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDM_VSTM_dp(DisasContext *s, arg_VLDM_VSTM_dp *a)
          return true;
      }
 -    if (s->thumb && a->rn == 15) {
 -        /* This is actually UNPREDICTABLE */
 -        addr = tcg_temp_new_i32();
 -        tcg_gen_movi_i32(addr, s->pc & ~2);
 -    } else {
 -        addr = load_reg(s, a->rn);
 -    }
 +    /* For thumb, use of PC is UNPREDICTABLE.  */
 +    addr = add_reg_for_lit(s, a->rn, 0);
      if (a->p) {
          /* pre-decrement */
          tcg_gen_addi_i32(addr, addr, -(a->imm << 2));
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static inline TCGv_i32 load_reg(DisasContext *s, int reg)
      return tmp;
  }
 +/*
 + * Create a new temp, REG + OFS, except PC is ALIGN(PC, 4).
 + * This is used for load/store for which use of PC implies (literal),
 + * or ADD that implies ADR.
 + */
 +static TCGv_i32 add_reg_for_lit(DisasContext *s, int reg, int ofs)
 +{
 +    TCGv_i32 tmp = tcg_temp_new_i32();
 +
 +    if (reg == 15) {
 +        tcg_gen_movi_i32(tmp, (read_pc(s) & ~3) + ofs);
 +    } else {
 +        tcg_gen_addi_i32(tmp, cpu_R[reg], ofs);
 +    }
 +    return tmp;
 +}
 +
  /* Set a CPU register.  The source must be a temporary and will be
     marked as dead.  */
  static void store_reg(DisasContext *s, int reg, TCGv_i32 var)
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                   */
                  bool wback = extract32(insn, 21, 1);
 -                if (rn == 15) {
 -                    if (insn & (1 << 21)) {
 -                        /* UNPREDICTABLE */
 -                        goto illegal_op;
 -                    }
 -                    addr = tcg_temp_new_i32();
 -                    tcg_gen_movi_i32(addr, s->pc & ~3);
 -                } else {
 -                    addr = load_reg(s, rn);
 +                if (rn == 15 && (insn & (1 << 21))) {
 +                    /* UNPREDICTABLE */
 +                    goto illegal_op;
                  }
 +
 +                addr = add_reg_for_lit(s, rn, 0);
                  offset = (insn & 0xff) * 4;
                  if ((insn & (1 << 23)) == 0) {
                      offset = -offset;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                          store_reg(s, rd, tmp);
                      } else {
                          /* Add/sub 12-bit immediate.  */
 -                        if (rn == 15) {
 -                            offset = s->pc & ~(uint32_t)3;
 -                            if (insn & (1 << 23))
 -                                offset -= imm;
 -                            else
 -                                offset += imm;
 -                            tmp = tcg_temp_new_i32();
 -                            tcg_gen_movi_i32(tmp, offset);
 -                            store_reg(s, rd, tmp);
 +                        if (insn & (1 << 23)) {
 +                            imm = -imm;
 +                        }
 +                        tmp = add_reg_for_lit(s, rn, imm);
 +                        if (rn == 13 && rd == 13) {
 +                            /* ADD SP, SP, imm or SUB SP, SP, imm */
 +                            store_sp_checked(s, tmp);
                          } else {
 -                            tmp = load_reg(s, rn);
 -                            if (insn & (1 << 23))
 -                                tcg_gen_subi_i32(tmp, tmp, imm);
 -                            else
 -                                tcg_gen_addi_i32(tmp, tmp, imm);
 -                            if (rn == 13 && rd == 13) {
 -                                /* ADD SP, SP, imm or SUB SP, SP, imm */
 -                                store_sp_checked(s, tmp);
 -                            } else {
 -                                store_reg(s, rd, tmp);
 -                            }
 +                            store_reg(s, rd, tmp);
                          }
                      }
                  }
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
              }
          }
          memidx = get_mem_index(s);
 -        if (rn == 15) {
 -            addr = tcg_temp_new_i32();
 -            /* PC relative.  */
 -            /* s->pc has already been incremented by 4.  */
 -            imm = s->pc & 0xfffffffc;
 -            if (insn & (1 << 23))
 -                imm += insn & 0xfff;
 -            else
 -                imm -= insn & 0xfff;
 -            tcg_gen_movi_i32(addr, imm);
 +        imm = insn & 0xfff;
 +        if (insn & (1 << 23)) {
 +            /* PC relative or Positive offset.  */
 +            addr = add_reg_for_lit(s, rn, imm);
 +        } else if (rn == 15) {
 +            /* PC relative with negative offset.  */
 +            addr = add_reg_for_lit(s, rn, -imm);
          } else {
              addr = load_reg(s, rn);
 -            if (insn & (1 << 23)) {
 -                /* Positive offset.  */
 -                imm = insn & 0xfff;
 -                tcg_gen_addi_i32(addr, addr, imm);
 -            } else {
 -                imm = insn & 0xff;
 -                switch ((insn >> 8) & 0xf) {
 -                case 0x0: /* Shifted Register.  */
 -                    shift = (insn >> 4) & 0xf;
 -                    if (shift > 3) {
 -                        tcg_temp_free_i32(addr);
 -                        goto illegal_op;
 -                    }
 -                    tmp = load_reg(s, rm);
 -                    if (shift)
 -                        tcg_gen_shli_i32(tmp, tmp, shift);
 -                    tcg_gen_add_i32(addr, addr, tmp);
 -                    tcg_temp_free_i32(tmp);
 -                    break;
 -                case 0xc: /* Negative offset.  */
 -                    tcg_gen_addi_i32(addr, addr, -imm);
 -                    break;
 -                case 0xe: /* User privilege.  */
 -                    tcg_gen_addi_i32(addr, addr, imm);
 -                    memidx = get_a32_user_mem_index(s);
 -                    break;
 -                case 0x9: /* Post-decrement.  */
 -                    imm = -imm;
 -                    /* Fall through.  */
 -                case 0xb: /* Post-increment.  */
 -                    postinc = 1;
 -                    writeback = 1;
 -                    break;
 -                case 0xd: /* Pre-decrement.  */
 -                    imm = -imm;
 -                    /* Fall through.  */
 -                case 0xf: /* Pre-increment.  */
 -                    writeback = 1;
 -                    break;
 -                default:
 +            imm = insn & 0xff;
 +            switch ((insn >> 8) & 0xf) {
 +            case 0x0: /* Shifted Register.  */
 +                shift = (insn >> 4) & 0xf;
 +                if (shift > 3) {
                      tcg_temp_free_i32(addr);
                      goto illegal_op;
                  }
 +                tmp = load_reg(s, rm);
 +                if (shift) {
 +                    tcg_gen_shli_i32(tmp, tmp, shift);
 +                }
 +                tcg_gen_add_i32(addr, addr, tmp);
 +                tcg_temp_free_i32(tmp);
 +                break;
 +            case 0xc: /* Negative offset.  */
 +                tcg_gen_addi_i32(addr, addr, -imm);
 +                break;
 +            case 0xe: /* User privilege.  */
 +                tcg_gen_addi_i32(addr, addr, imm);
 +                memidx = get_a32_user_mem_index(s);
 +                break;
 +            case 0x9: /* Post-decrement.  */
 +                imm = -imm;
 +                /* Fall through.  */
 +            case 0xb: /* Post-increment.  */
 +                postinc = 1;
 +                writeback = 1;
 +                break;
 +            case 0xd: /* Pre-decrement.  */
 +                imm = -imm;
 +                /* Fall through.  */
 +            case 0xf: /* Pre-increment.  */
 +                writeback = 1;
 +                break;
 +            default:
 +                tcg_temp_free_i32(addr);
 +                goto illegal_op;
              }
          }
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
          if (insn & (1 << 11)) {
              rd = (insn >> 8) & 7;
              /* load pc-relative.  Bit 1 of PC is ignored.  */
 -            val = read_pc(s) + ((insn & 0xff) * 4);
 -            val &= ~(uint32_t)2;
 -            addr = tcg_temp_new_i32();
 -            tcg_gen_movi_i32(addr, val);
 +            addr = add_reg_for_lit(s, 15, (insn & 0xff) * 4);
              tmp = tcg_temp_new_i32();
              gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
                                 rd | ISSIs16Bit);
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
           *  - Add PC/SP (immediate)
           */
          rd = (insn >> 8) & 7;
 -        if (insn & (1 << 11)) {
 -            /* SP */
 -            tmp = load_reg(s, 13);
 -        } else {
 -            /* PC. bit 1 is ignored.  */
 -            tmp = tcg_temp_new_i32();
 -            tcg_gen_movi_i32(tmp, read_pc(s) & ~(uint32_t)2);
 -        }
          val = (insn & 0xff) * 4;
 -        tcg_gen_addi_i32(tmp, tmp, val);
 +        tmp = add_reg_for_lit(s, insn & (1 << 11) ? 13 : 15, val);
          store_reg(s, rd, tmp);
          break;
 --
 .20.1

-[Qemu-devel] [PULL 17/27] target/arm: Use vector minmax expanders for aarch32
+[Qemu-devel] [PULL 10/29] target/arm: Remove redundant s->pc & ~1
 From: Richard Henderson <richard.henderson@linaro.org>
+The thumb bit has already been removed from s->pc, and is always even.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20190209033847.9014-4-richard.henderson@linaro.org
+Message-id: 20190807045335.1361-6-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate.c | 25 +++++++++++++++++++------
+ target/arm/translate.c | 10 +++++-----
-file changed, 19 insertions(+), 6 deletions(-)
+file changed, 5 insertions(+), 5 deletions(-)
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
+@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, int offset, uint32_t syn)
-             tcg_gen_gvec_cmp(u ? TCG_COND_GEU : TCG_COND_GE, size,
+ /* Force a TB lookup after an instruction that changes the CPU state.  */
-                              rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size);
+ static inline void gen_lookup_tb(DisasContext *s)
-             return 0;
+ {
-+
+-    tcg_gen_movi_i32(cpu_R[15], s->pc & ~1);
-+        case NEON_3R_VMAX:
++    tcg_gen_movi_i32(cpu_R[15], s->pc);
-+            if (u) {
+     s->base.is_jmp = DISAS_EXIT;
-+                tcg_gen_gvec_umax(size, rd_ofs, rn_ofs, rm_ofs,
+ }
-+                                  vec_size, vec_size);
-+            } else {
+@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
-+                tcg_gen_gvec_smax(size, rd_ofs, rn_ofs, rm_ofs,
+                  * self-modifying code correctly and also to take
-+                                  vec_size, vec_size);
+                  * any pending interrupts immediately.
-+            }
+                  */
-+            return 0;
+-                gen_goto_tb(s, 0, s->pc & ~1);
-+        case NEON_3R_VMIN:
++                gen_goto_tb(s, 0, s->pc);
-+            if (u) {
+                 return;
-+                tcg_gen_gvec_umin(size, rd_ofs, rn_ofs, rm_ofs,
+             case 7: /* sb */
-+                                  vec_size, vec_size);
+                 if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
-+            } else {
+@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
-+                tcg_gen_gvec_smin(size, rd_ofs, rn_ofs, rm_ofs,
+                  * for TCG; MB and end the TB instead.
-+                                  vec_size, vec_size);
+                  */
-+            }
+                 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
-+            return 0;
+-                gen_goto_tb(s, 0, s->pc & ~1);
-         }
++                gen_goto_tb(s, 0, s->pc);
+                 return;
-         if (size == 3) {
+             default:
-@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
+                 goto illegal_op;
-         case NEON_3R_VQRSHL:
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
-             GEN_NEON_INTEGER_OP_ENV(qrshl);
+                              * and also to take any pending interrupts
-             break;
+                              * immediately.
--        case NEON_3R_VMAX:
+                              */
--            GEN_NEON_INTEGER_OP(max);
+-                            gen_goto_tb(s, 0, s->pc & ~1);
--            break;
++                            gen_goto_tb(s, 0, s->pc);
--        case NEON_3R_VMIN:
+                             break;
--            GEN_NEON_INTEGER_OP(min);
+                         case 7: /* sb */
--            break;
+                             if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
-         case NEON_3R_VABD:
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
-             GEN_NEON_INTEGER_OP(abd);
+                              * for TCG; MB and end the TB instead.
-             break;
+                              */
                              tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
 -                            gen_goto_tb(s, 0, s->pc & ~1);
 +                            gen_goto_tb(s, 0, s->pc);
                              break;
                          default:
                              goto illegal_op;
 --
 .20.1

-[Qemu-devel] [PULL 12/27] MAINTAINERS: Remove Peter Crosthwaite from various entries
+[Qemu-devel] [PULL 11/29] target/arm: Replace s->pc with s->base.pc_next
-Peter Crosthwaite hasn't had the bandwidth to do code review or
+From: Richard Henderson <richard.henderson@linaro.org>
 other QEMU work for some time now -- remove his email address
 from MAINTAINERS file entries so we don't bombard him with
 patch emails.
+We must update s->base.pc_next when we return from the translate_insn
+hook to the main translator loop.  By incrementing s->base.pc_next
+immediately after reading the insn word, "pc_next" contains the address
+of the next instruction throughout translation.
+All remaining uses of s->pc are referencing the address of the next insn,
+so this is now a simple global replacement.  Remove the "s->pc" field.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20190807045335.1361-7-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-Message-id: 20190207181422.4907-1-peter.maydell@linaro.org
 ---
- MAINTAINERS | 4 ----
+ target/arm/translate.h     |   1 -
-file changed, 4 deletions(-)
+ target/arm/translate-a64.c |  51 +++++++++---------
  target/arm/translate.c     | 103 ++++++++++++++++++-------------------
 files changed, 72 insertions(+), 83 deletions(-)
-diff --git a/MAINTAINERS b/MAINTAINERS
+diff --git a/target/arm/translate.h b/target/arm/translate.h
 index XXXXXXX..XXXXXXX 100644
---- a/MAINTAINERS
+--- a/target/arm/translate.h
-+++ b/MAINTAINERS
++++ b/target/arm/translate.h
-@@ -XXX,XX +XXX,XX @@ Guest CPU cores (TCG):
+@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
- ----------------------
+     DisasContextBase base;
- Overall
+     const ARMISARegisters *isar;
- L: qemu-devel@nongnu.org
--M: Peter Crosthwaite <crosthwaite.peter@gmail.com>
+-    target_ulong pc;
- M: Richard Henderson <rth@twiddle.net>
+     /* The address of the current instruction being translated. */
- R: Paolo Bonzini <pbonzini@redhat.com>
+     target_ulong pc_curr;
- S: Maintained
+     target_ulong page_start;
-@@ -XXX,XX +XXX,XX @@ F: tests/virtio-scsi-test.c
+diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
- T: git https://github.com/bonzini/qemu.git scsi-next
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/translate-a64.c
- SSI
++++ b/target/arm/translate-a64.c
--M: Peter Crosthwaite <crosthwaite.peter@gmail.com>
+@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal(int excp)
- M: Alistair Francis <alistair@alistair23.me>
- S: Maintained
+ static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
- F: hw/ssi/*
+ {
-@@ -XXX,XX +XXX,XX @@ F: tests/m25p80-test.c
+-    gen_a64_set_pc_im(s->pc - offset);
++    gen_a64_set_pc_im(s->base.pc_next - offset);
- Xilinx SPI
+     gen_exception_internal(excp);
- M: Alistair Francis <alistair@alistair23.me>
+     s->base.is_jmp = DISAS_NORETURN;
--M: Peter Crosthwaite <crosthwaite.peter@gmail.com>
+ }
- S: Maintained
+@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
- F: hw/ssi/xilinx_*
+ static void gen_exception_insn(DisasContext *s, int offset, int excp,
+                                uint32_t syndrome, uint32_t target_el)
-@@ -XXX,XX +XXX,XX @@ F: qom/cpu.c
+ {
- F: include/qom/cpu.h
+-    gen_a64_set_pc_im(s->pc - offset);
++    gen_a64_set_pc_im(s->base.pc_next - offset);
- Device Tree
+     gen_exception(excp, syndrome, target_el);
--M: Peter Crosthwaite <crosthwaite.peter@gmail.com>
+     s->base.is_jmp = DISAS_NORETURN;
- M: Alexander Graf <agraf@suse.de>
+ }
- S: Maintained
+@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, int offset,
- F: device_tree.c
+ {
      TCGv_i32 tcg_syn;
 -    gen_a64_set_pc_im(s->pc - offset);
 +    gen_a64_set_pc_im(s->base.pc_next - offset);
      tcg_syn = tcg_const_i32(syndrome);
      gen_helper_exception_bkpt_insn(cpu_env, tcg_syn);
      tcg_temp_free_i32(tcg_syn);
@@ -XXX,XX +XXX,XX @@ static void disas_uncond_b_imm(DisasContext *s, uint32_t insn)
      if (insn & (1U << 31)) {
          /* BL Branch with link */
 -        tcg_gen_movi_i64(cpu_reg(s, 30), s->pc);
 +        tcg_gen_movi_i64(cpu_reg(s, 30), s->base.pc_next);
      }
      /* B Branch / BL Branch with link */
@@ -XXX,XX +XXX,XX @@ static void disas_comp_b_imm(DisasContext *s, uint32_t insn)
      tcg_gen_brcondi_i64(op ? TCG_COND_NE : TCG_COND_EQ,
                          tcg_cmp, 0, label_match);
 -    gen_goto_tb(s, 0, s->pc);
 +    gen_goto_tb(s, 0, s->base.pc_next);
      gen_set_label(label_match);
      gen_goto_tb(s, 1, addr);
  }
@@ -XXX,XX +XXX,XX @@ static void disas_test_b_imm(DisasContext *s, uint32_t insn)
      tcg_gen_brcondi_i64(op ? TCG_COND_NE : TCG_COND_EQ,
                          tcg_cmp, 0, label_match);
      tcg_temp_free_i64(tcg_cmp);
 -    gen_goto_tb(s, 0, s->pc);
 +    gen_goto_tb(s, 0, s->base.pc_next);
      gen_set_label(label_match);
      gen_goto_tb(s, 1, addr);
  }
@@ -XXX,XX +XXX,XX @@ static void disas_cond_b_imm(DisasContext *s, uint32_t insn)
          /* genuinely conditional branches */
          TCGLabel *label_match = gen_new_label();
          arm_gen_test_cc(cond, label_match);
 -        gen_goto_tb(s, 0, s->pc);
 +        gen_goto_tb(s, 0, s->base.pc_next);
          gen_set_label(label_match);
          gen_goto_tb(s, 1, addr);
      } else {
@@ -XXX,XX +XXX,XX @@ static void handle_sync(DisasContext *s, uint32_t insn,
           * any pending interrupts immediately.
           */
          reset_btype(s);
 -        gen_goto_tb(s, 0, s->pc);
 +        gen_goto_tb(s, 0, s->base.pc_next);
          return;
      case 7: /* SB */
@@ -XXX,XX +XXX,XX @@ static void handle_sync(DisasContext *s, uint32_t insn,
           * MB and end the TB instead.
           */
          tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
 -        gen_goto_tb(s, 0, s->pc);
 +        gen_goto_tb(s, 0, s->base.pc_next);
          return;
      default:
@@ -XXX,XX +XXX,XX @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
          gen_a64_set_pc(s, dst);
          /* BLR also needs to load return address */
          if (opc == 1) {
 -            tcg_gen_movi_i64(cpu_reg(s, 30), s->pc);
 +            tcg_gen_movi_i64(cpu_reg(s, 30), s->base.pc_next);
          }
          break;
@@ -XXX,XX +XXX,XX @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
          gen_a64_set_pc(s, dst);
          /* BLRAA also needs to load return address */
          if (opc == 9) {
 -            tcg_gen_movi_i64(cpu_reg(s, 30), s->pc);
 +            tcg_gen_movi_i64(cpu_reg(s, 30), s->base.pc_next);
          }
          break;
@@ -XXX,XX +XXX,XX @@ static void disas_a64_insn(CPUARMState *env, DisasContext *s)
  {
      uint32_t insn;
 -    s->pc_curr = s->pc;
 -    insn = arm_ldl_code(env, s->pc, s->sctlr_b);
 +    s->pc_curr = s->base.pc_next;
 +    insn = arm_ldl_code(env, s->base.pc_next, s->sctlr_b);
      s->insn = insn;
 -    s->pc += 4;
 +    s->base.pc_next += 4;
      s->fp_access_checked = false;
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
      int bound, core_mmu_idx;
      dc->isar = &arm_cpu->isar;
 -    dc->pc = dc->base.pc_first;
      dc->condjmp = 0;
      dc->aarch64 = 1;
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
  {
      DisasContext *dc = container_of(dcbase, DisasContext, base);
 -    tcg_gen_insn_start(dc->pc, 0, 0);
 +    tcg_gen_insn_start(dc->base.pc_next, 0, 0);
      dc->insn_start = tcg_last_op();
  }
@@ -XXX,XX +XXX,XX @@ static bool aarch64_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
      DisasContext *dc = container_of(dcbase, DisasContext, base);
      if (bp->flags & BP_CPU) {
 -        gen_a64_set_pc_im(dc->pc);
 +        gen_a64_set_pc_im(dc->base.pc_next);
          gen_helper_check_breakpoints(cpu_env);
          /* End the TB early; it likely won't be executed */
          dc->base.is_jmp = DISAS_TOO_MANY;
@@ -XXX,XX +XXX,XX @@ static bool aarch64_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
             to for it to be properly cleared -- thus we
             increment the PC here so that the logic setting
             tb->size below does the right thing.  */
 -        dc->pc += 4;
 +        dc->base.pc_next += 4;
          dc->base.is_jmp = DISAS_NORETURN;
      }
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
          disas_a64_insn(env, dc);
      }
 -    dc->base.pc_next = dc->pc;
      translator_loop_temp_check(&dc->base);
  }
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
           */
          switch (dc->base.is_jmp) {
          default:
 -            gen_a64_set_pc_im(dc->pc);
 +            gen_a64_set_pc_im(dc->base.pc_next);
              /* fall through */
          case DISAS_EXIT:
          case DISAS_JUMP:
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
          switch (dc->base.is_jmp) {
          case DISAS_NEXT:
          case DISAS_TOO_MANY:
 -            gen_goto_tb(dc, 1, dc->pc);
 +            gen_goto_tb(dc, 1, dc->base.pc_next);
              break;
          default:
          case DISAS_UPDATE:
 -            gen_a64_set_pc_im(dc->pc);
 +            gen_a64_set_pc_im(dc->base.pc_next);
              /* fall through */
          case DISAS_EXIT:
              tcg_gen_exit_tb(NULL, 0);
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
          case DISAS_SWI:
              break;
          case DISAS_WFE:
 -            gen_a64_set_pc_im(dc->pc);
 +            gen_a64_set_pc_im(dc->base.pc_next);
              gen_helper_wfe(cpu_env);
              break;
          case DISAS_YIELD:
 -            gen_a64_set_pc_im(dc->pc);
 +            gen_a64_set_pc_im(dc->base.pc_next);
              gen_helper_yield(cpu_env);
              break;
          case DISAS_WFI:
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
               */
              TCGv_i32 tmp = tcg_const_i32(4);
 -            gen_a64_set_pc_im(dc->pc);
 +            gen_a64_set_pc_im(dc->base.pc_next);
              gen_helper_wfi(cpu_env, tmp);
              tcg_temp_free_i32(tmp);
              /* The helper doesn't necessarily throw an exception, but we
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
          }
          }
      }
 -
 -    /* Functions above can change dc->pc, so re-align db->pc_next */
 -    dc->base.pc_next = dc->pc;
  }
  static void aarch64_tr_disas_log(const DisasContextBase *dcbase,
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static inline void gen_blxns(DisasContext *s, int rm)
       * We do however need to set the PC, because the blxns helper reads it.
       * The blxns helper may throw an exception.
       */
 -    gen_set_pc_im(s, s->pc);
 +    gen_set_pc_im(s, s->base.pc_next);
      gen_helper_v7m_blxns(cpu_env, var);
      tcg_temp_free_i32(var);
      s->base.is_jmp = DISAS_EXIT;
@@ -XXX,XX +XXX,XX @@ static inline void gen_hvc(DisasContext *s, int imm16)
       * for single stepping.)
       */
      s->svc_imm = imm16;
 -    gen_set_pc_im(s, s->pc);
 +    gen_set_pc_im(s, s->base.pc_next);
      s->base.is_jmp = DISAS_HVC;
  }
@@ -XXX,XX +XXX,XX @@ static inline void gen_smc(DisasContext *s)
      tmp = tcg_const_i32(syn_aa32_smc());
      gen_helper_pre_smc(cpu_env, tmp);
      tcg_temp_free_i32(tmp);
 -    gen_set_pc_im(s, s->pc);
 +    gen_set_pc_im(s, s->base.pc_next);
      s->base.is_jmp = DISAS_SMC;
  }
  static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
  {
      gen_set_condexec(s);
 -    gen_set_pc_im(s, s->pc - offset);
 +    gen_set_pc_im(s, s->base.pc_next - offset);
      gen_exception_internal(excp);
      s->base.is_jmp = DISAS_NORETURN;
  }
@@ -XXX,XX +XXX,XX @@ static void gen_exception_insn(DisasContext *s, int offset, int excp,
                                 int syn, uint32_t target_el)
  {
      gen_set_condexec(s);
 -    gen_set_pc_im(s, s->pc - offset);
 +    gen_set_pc_im(s, s->base.pc_next - offset);
      gen_exception(excp, syn, target_el);
      s->base.is_jmp = DISAS_NORETURN;
  }
@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, int offset, uint32_t syn)
      TCGv_i32 tcg_syn;
      gen_set_condexec(s);
 -    gen_set_pc_im(s, s->pc - offset);
 +    gen_set_pc_im(s, s->base.pc_next - offset);
      tcg_syn = tcg_const_i32(syn);
      gen_helper_exception_bkpt_insn(cpu_env, tcg_syn);
      tcg_temp_free_i32(tcg_syn);
@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, int offset, uint32_t syn)
  /* Force a TB lookup after an instruction that changes the CPU state.  */
  static inline void gen_lookup_tb(DisasContext *s)
  {
 -    tcg_gen_movi_i32(cpu_R[15], s->pc);
 +    tcg_gen_movi_i32(cpu_R[15], s->base.pc_next);
      s->base.is_jmp = DISAS_EXIT;
  }
@@ -XXX,XX +XXX,XX @@ static inline bool use_goto_tb(DisasContext *s, target_ulong dest)
  {
  #ifndef CONFIG_USER_ONLY
      return (s->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
 -           ((s->pc - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
 +           ((s->base.pc_next - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
  #else
      return true;
  #endif
@@ -XXX,XX +XXX,XX @@ static void gen_nop_hint(DisasContext *s, int val)
           */
      case 1: /* yield */
          if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
 -            gen_set_pc_im(s, s->pc);
 +            gen_set_pc_im(s, s->base.pc_next);
              s->base.is_jmp = DISAS_YIELD;
          }
          break;
      case 3: /* wfi */
 -        gen_set_pc_im(s, s->pc);
 +        gen_set_pc_im(s, s->base.pc_next);
          s->base.is_jmp = DISAS_WFI;
          break;
      case 2: /* wfe */
          if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
 -            gen_set_pc_im(s, s->pc);
 +            gen_set_pc_im(s, s->base.pc_next);
              s->base.is_jmp = DISAS_WFE;
          }
          break;
@@ -XXX,XX +XXX,XX @@ static int disas_coproc_insn(DisasContext *s, uint32_t insn)
              if (isread) {
                  return 1;
              }
 -            gen_set_pc_im(s, s->pc);
 +            gen_set_pc_im(s, s->base.pc_next);
              s->base.is_jmp = DISAS_WFI;
              return 0;
          default:
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                   * self-modifying code correctly and also to take
                   * any pending interrupts immediately.
                   */
 -                gen_goto_tb(s, 0, s->pc);
 +                gen_goto_tb(s, 0, s->base.pc_next);
                  return;
              case 7: /* sb */
                  if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                   * for TCG; MB and end the TB instead.
                   */
                  tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
 -                gen_goto_tb(s, 0, s->pc);
 +                gen_goto_tb(s, 0, s->base.pc_next);
                  return;
              default:
                  goto illegal_op;
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
              int32_t offset;
              tmp = tcg_temp_new_i32();
 -            tcg_gen_movi_i32(tmp, s->pc);
 +            tcg_gen_movi_i32(tmp, s->base.pc_next);
              store_reg(s, 14, tmp);
              /* Sign-extend the 24-bit offset */
              offset = (((int32_t)insn) << 8) >> 8;
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
              /* branch link/exchange thumb (blx) */
              tmp = load_reg(s, rm);
              tmp2 = tcg_temp_new_i32();
 -            tcg_gen_movi_i32(tmp2, s->pc);
 +            tcg_gen_movi_i32(tmp2, s->base.pc_next);
              store_reg(s, 14, tmp2);
              gen_bx(s, tmp);
              break;
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                  /* branch (and link) */
                  if (insn & (1 << 24)) {
                      tmp = tcg_temp_new_i32();
 -                    tcg_gen_movi_i32(tmp, s->pc);
 +                    tcg_gen_movi_i32(tmp, s->base.pc_next);
                      store_reg(s, 14, tmp);
                  }
                  offset = sextract32(insn << 2, 0, 26);
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
              break;
          case 0xf:
              /* swi */
 -            gen_set_pc_im(s, s->pc);
 +            gen_set_pc_im(s, s->base.pc_next);
              s->svc_imm = extract32(insn, 0, 24);
              s->base.is_jmp = DISAS_SWI;
              break;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                  if (insn & (1 << 14)) {
                      /* Branch and link.  */
 -                    tcg_gen_movi_i32(cpu_R[14], s->pc | 1);
 +                    tcg_gen_movi_i32(cpu_R[14], s->base.pc_next | 1);
                  }
                  offset += read_pc(s);
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                               * and also to take any pending interrupts
                               * immediately.
                               */
 -                            gen_goto_tb(s, 0, s->pc);
 +                            gen_goto_tb(s, 0, s->base.pc_next);
                              break;
                          case 7: /* sb */
                              if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                               * for TCG; MB and end the TB instead.
                               */
                              tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
 -                            gen_goto_tb(s, 0, s->pc);
 +                            gen_goto_tb(s, 0, s->base.pc_next);
                              break;
                          default:
                              goto illegal_op;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
                  /* BLX/BX */
                  tmp = load_reg(s, rm);
                  if (link) {
 -                    val = (uint32_t)s->pc | 1;
 +                    val = (uint32_t)s->base.pc_next | 1;
                      tmp2 = tcg_temp_new_i32();
                      tcg_gen_movi_i32(tmp2, val);
                      store_reg(s, 14, tmp2);
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
          if (cond == 0xf) {
              /* swi */
 -            gen_set_pc_im(s, s->pc);
 +            gen_set_pc_im(s, s->base.pc_next);
              s->svc_imm = extract32(insn, 0, 8);
              s->base.is_jmp = DISAS_SWI;
              break;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
              tcg_gen_andi_i32(tmp, tmp, 0xfffffffc);
              tmp2 = tcg_temp_new_i32();
 -            tcg_gen_movi_i32(tmp2, s->pc | 1);
 +            tcg_gen_movi_i32(tmp2, s->base.pc_next | 1);
              store_reg(s, 14, tmp2);
              gen_bx(s, tmp);
              break;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
              tcg_gen_addi_i32(tmp, tmp, offset);
              tmp2 = tcg_temp_new_i32();
 -            tcg_gen_movi_i32(tmp2, s->pc | 1);
 +            tcg_gen_movi_i32(tmp2, s->base.pc_next | 1);
              store_reg(s, 14, tmp2);
              gen_bx(s, tmp);
          } else {
@@ -XXX,XX +XXX,XX @@ undef:
  static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
  {
 -    /* Return true if the insn at dc->pc might cross a page boundary.
 +    /* Return true if the insn at dc->base.pc_next might cross a page boundary.
       * (False positives are OK, false negatives are not.)
       * We know this is a Thumb insn, and our caller ensures we are
 -     * only called if dc->pc is less than 4 bytes from the page
 +     * only called if dc->base.pc_next is less than 4 bytes from the page
       * boundary, so we cross the page if the first 16 bits indicate
       * that this is a 32 bit insn.
       */
 -    uint16_t insn = arm_lduw_code(env, s->pc, s->sctlr_b);
 +    uint16_t insn = arm_lduw_code(env, s->base.pc_next, s->sctlr_b);
 -    return !thumb_insn_is_16bit(s, s->pc, insn);
 +    return !thumb_insn_is_16bit(s, s->base.pc_next, insn);
  }
  static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
      uint32_t condexec, core_mmu_idx;
      dc->isar = &cpu->isar;
 -    dc->pc = dc->base.pc_first;
      dc->condjmp = 0;
      dc->aarch64 = 0;
@@ -XXX,XX +XXX,XX @@ static void arm_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
  {
      DisasContext *dc = container_of(dcbase, DisasContext, base);
 -    tcg_gen_insn_start(dc->pc,
 +    tcg_gen_insn_start(dc->base.pc_next,
                         (dc->condexec_cond << 4) | (dc->condexec_mask >> 1),
 );
      dc->insn_start = tcg_last_op();
@@ -XXX,XX +XXX,XX @@ static bool arm_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
      if (bp->flags & BP_CPU) {
          gen_set_condexec(dc);
 -        gen_set_pc_im(dc, dc->pc);
 +        gen_set_pc_im(dc, dc->base.pc_next);
          gen_helper_check_breakpoints(cpu_env);
          /* End the TB early; it's likely not going to be executed */
          dc->base.is_jmp = DISAS_TOO_MANY;
@@ -XXX,XX +XXX,XX @@ static bool arm_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
             tb->size below does the right thing.  */
          /* TODO: Advance PC by correct instruction length to
           * avoid disassembler error messages */
 -        dc->pc += 2;
 +        dc->base.pc_next += 2;
          dc->base.is_jmp = DISAS_NORETURN;
      }
@@ -XXX,XX +XXX,XX @@ static bool arm_pre_translate_insn(DisasContext *dc)
  {
  #ifdef CONFIG_USER_ONLY
      /* Intercept jump to the magic kernel page.  */
 -    if (dc->pc >= 0xffff0000) {
 +    if (dc->base.pc_next >= 0xffff0000) {
          /* We always get here via a jump, so know we are not in a
             conditional execution block.  */
          gen_exception_internal(EXCP_KERNEL_TRAP);
@@ -XXX,XX +XXX,XX @@ static void arm_post_translate_insn(DisasContext *dc)
          gen_set_label(dc->condlabel);
          dc->condjmp = 0;
      }
 -    dc->base.pc_next = dc->pc;
      translator_loop_temp_check(&dc->base);
  }
@@ -XXX,XX +XXX,XX @@ static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
          return;
      }
 -    dc->pc_curr = dc->pc;
 -    insn = arm_ldl_code(env, dc->pc, dc->sctlr_b);
 +    dc->pc_curr = dc->base.pc_next;
 +    insn = arm_ldl_code(env, dc->base.pc_next, dc->sctlr_b);
      dc->insn = insn;
 -    dc->pc += 4;
 +    dc->base.pc_next += 4;
      disas_arm_insn(dc, insn);
      arm_post_translate_insn(dc);
@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
          return;
      }
 -    dc->pc_curr = dc->pc;
 -    insn = arm_lduw_code(env, dc->pc, dc->sctlr_b);
 -    is_16bit = thumb_insn_is_16bit(dc, dc->pc, insn);
 -    dc->pc += 2;
 +    dc->pc_curr = dc->base.pc_next;
 +    insn = arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b);
 +    is_16bit = thumb_insn_is_16bit(dc, dc->base.pc_next, insn);
 +    dc->base.pc_next += 2;
      if (!is_16bit) {
 -        uint32_t insn2 = arm_lduw_code(env, dc->pc, dc->sctlr_b);
 +        uint32_t insn2 = arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b);
          insn = insn << 16 | insn2;
 -        dc->pc += 2;
 +        dc->base.pc_next += 2;
      }
      dc->insn = insn;
@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
       * but isn't very efficient).
       */
      if (dc->base.is_jmp == DISAS_NEXT
 -        && (dc->pc - dc->page_start >= TARGET_PAGE_SIZE
 -            || (dc->pc - dc->page_start >= TARGET_PAGE_SIZE - 3
 +        && (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE
 +            || (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE - 3
                  && insn_crosses_page(env, dc)))) {
          dc->base.is_jmp = DISAS_TOO_MANY;
      }
@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
          case DISAS_NEXT:
          case DISAS_TOO_MANY:
          case DISAS_UPDATE:
 -            gen_set_pc_im(dc, dc->pc);
 +            gen_set_pc_im(dc, dc->base.pc_next);
              /* fall through */
          default:
              /* FIXME: Single stepping a WFI insn will not halt the CPU. */
@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
          switch(dc->base.is_jmp) {
          case DISAS_NEXT:
          case DISAS_TOO_MANY:
 -            gen_goto_tb(dc, 1, dc->pc);
 +            gen_goto_tb(dc, 1, dc->base.pc_next);
              break;
          case DISAS_JUMP:
              gen_goto_ptr();
              break;
          case DISAS_UPDATE:
 -            gen_set_pc_im(dc, dc->pc);
 +            gen_set_pc_im(dc, dc->base.pc_next);
              /* fall through */
          default:
              /* indicate that the hash table must be used to find the next TB */
@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
          gen_set_label(dc->condlabel);
          gen_set_condexec(dc);
          if (unlikely(is_singlestepping(dc))) {
 -            gen_set_pc_im(dc, dc->pc);
 +            gen_set_pc_im(dc, dc->base.pc_next);
              gen_singlestep_exception(dc);
          } else {
 -            gen_goto_tb(dc, 1, dc->pc);
 +            gen_goto_tb(dc, 1, dc->base.pc_next);
          }
      }
 -
 -    /* Functions above can change dc->pc, so re-align db->pc_next */
 -    dc->base.pc_next = dc->pc;
  }
  static void arm_tr_disas_log(const DisasContextBase *dcbase, CPUState *cpu)
 --
 .20.1

-[Qemu-devel] [PULL 05/27] target/arm: Restructure disas_fp_int_conv
+[Qemu-devel] [PULL 12/29] target/arm: Replace offset with pc in gen_exception_insn
 From: Richard Henderson <richard.henderson@linaro.org>
-For opcodes 0-5, move some if conditions into the structure
+The offset is variable depending on the instruction set, whereas
-of a switch statement.  For opcodes 6 & 7, decode everything
+we have stored values for the current pc and the next pc.  Passing
-at once with a second switch.
+in the actual value is clearer in intent.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190206052857.5077-3-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20190807045335.1361-8-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-a64.c | 94 ++++++++++++++++++++------------------
+ target/arm/translate-a64.c     | 25 ++++++++++++++-----------
-file changed, 49 insertions(+), 45 deletions(-)
+ target/arm/translate-vfp.inc.c |  6 +++---
  target/arm/translate.c         | 31 ++++++++++++++++---------------
 files changed, 33 insertions(+), 29 deletions(-)
 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void disas_fp_int_conv(DisasContext *s, uint32_t insn)
+@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
-     int type = extract32(insn, 22, 2);
+     s->base.is_jmp = DISAS_NORETURN;
-     bool sbit = extract32(insn, 29, 1);
+ }
-     bool sf = extract32(insn, 31, 1);
-+    bool itof = false;
+-static void gen_exception_insn(DisasContext *s, int offset, int excp,
++static void gen_exception_insn(DisasContext *s, uint64_t pc, int excp,
-     if (sbit) {
+                                uint32_t syndrome, uint32_t target_el)
--        unallocated_encoding(s);
+ {
--        return;
+-    gen_a64_set_pc_im(s->base.pc_next - offset);
-+        goto do_unallocated;
++    gen_a64_set_pc_im(pc);
-     }
+     gen_exception(excp, syndrome, target_el);
+     s->base.is_jmp = DISAS_NORETURN;
--    if (opcode > 5) {
+ }
--        /* FMOV */
+@@ -XXX,XX +XXX,XX @@ static inline void gen_goto_tb(DisasContext *s, int n, uint64_t dest)
--        bool itof = opcode & 1;
+ void unallocated_encoding(DisasContext *s)
--
+ {
--        if (rmode >= 2) {
+     /* Unallocated and reserved encodings are uncategorized */
--            unallocated_encoding(s);
+-    gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
--            return;
++    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
--        }
+                        default_exception_el(s));
--
+ }
--        switch (sf << 3 | type << 1 | rmode) {
--        case 0x0: /* 32 bit */
+@@ -XXX,XX +XXX,XX @@ static inline bool fp_access_check(DisasContext *s)
--        case 0xa: /* 64 bit */
+         return true;
--        case 0xd: /* 64 bit to top half of quad */
+     }
--            break;
--        case 0x6: /* 16-bit float, 32-bit int */
+-    gen_exception_insn(s, 4, EXCP_UDEF, syn_fp_access_trap(1, 0xe, false),
--        case 0xe: /* 16-bit float, 64-bit int */
+-                       s->fp_excp_el);
--            if (dc_isar_feature(aa64_fp16, s)) {
++    gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
--                break;
++                       syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
--            }
+     return false;
--            /* fallthru */
+ }
--        default:
--            /* all other sf/type/rmode combinations are invalid */
+@@ -XXX,XX +XXX,XX @@ static inline bool fp_access_check(DisasContext *s)
--            unallocated_encoding(s);
+ bool sve_access_check(DisasContext *s)
--            return;
+ {
--        }
+     if (s->sve_excp_el) {
--
+-        gen_exception_insn(s, 4, EXCP_UDEF, syn_sve_access_trap(),
--        if (!fp_access_check(s)) {
++        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_sve_access_trap(),
--            return;
+                            s->sve_excp_el);
--        }
+         return false;
--        handle_fmov(s, rd, rn, type, itof);
+     }
--    } else {
+@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
--        /* actual FP conversions */
+         switch (op2_ll) {
--        bool itof = extract32(opcode, 1, 1);
+         case 1:                                                     /* SVC */
--
+             gen_ss_advance(s);
--        if (rmode != 0 && opcode > 1) {
+-            gen_exception_insn(s, 0, EXCP_SWI, syn_aa64_svc(imm16),
--            unallocated_encoding(s);
+-                               default_exception_el(s));
--            return;
++            gen_exception_insn(s, s->base.pc_next, EXCP_SWI,
-+    switch (opcode) {
++                               syn_aa64_svc(imm16), default_exception_el(s));
-+    case 2: /* SCVTF */
+             break;
-+    case 3: /* UCVTF */
+         case 2:                                                     /* HVC */
-+        itof = true;
+             if (s->current_el == 0) {
-+        /* fallthru */
+@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
-+    case 4: /* FCVTAS */
+             gen_a64_set_pc_im(s->pc_curr);
-+    case 5: /* FCVTAU */
+             gen_helper_pre_hvc(cpu_env);
-+        if (rmode != 0) {
+             gen_ss_advance(s);
-+            goto do_unallocated;
+-            gen_exception_insn(s, 0, EXCP_HVC, syn_aa64_hvc(imm16), 2);
 +            gen_exception_insn(s, s->base.pc_next, EXCP_HVC,
 +                               syn_aa64_hvc(imm16), 2);
              break;
          case 3:                                                     /* SMC */
              if (s->current_el == 0) {
@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
              gen_helper_pre_smc(cpu_env, tmp);
              tcg_temp_free_i32(tmp);
              gen_ss_advance(s);
 -            gen_exception_insn(s, 0, EXCP_SMC, syn_aa64_smc(imm16), 3);
 +            gen_exception_insn(s, s->base.pc_next, EXCP_SMC,
 +                               syn_aa64_smc(imm16), 3);
              break;
          default:
              unallocated_encoding(s);
@@ -XXX,XX +XXX,XX @@ static void disas_a64_insn(CPUARMState *env, DisasContext *s)
              if (s->btype != 0
                  && s->guarded_page
                  && !btype_destination_ok(insn, s->bt, s->btype)) {
 -                gen_exception_insn(s, 4, EXCP_UDEF, syn_btitrap(s->btype),
 +                gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
 +                                   syn_btitrap(s->btype),
                                     default_exception_el(s));
                  return;
              }
 diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-vfp.inc.c
 +++ b/target/arm/translate-vfp.inc.c
@@ -XXX,XX +XXX,XX @@ static bool full_vfp_access_check(DisasContext *s, bool ignore_vfp_enabled)
  {
      if (s->fp_excp_el) {
          if (arm_dc_feature(s, ARM_FEATURE_M)) {
 -            gen_exception_insn(s, 4, EXCP_NOCP, syn_uncategorized(),
 +            gen_exception_insn(s, s->pc_curr, EXCP_NOCP, syn_uncategorized(),
                                 s->fp_excp_el);
          } else {
 -            gen_exception_insn(s, 4, EXCP_UDEF,
 +            gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
                                 syn_fp_access_trap(1, 0xe, false),
                                 s->fp_excp_el);
          }
-+        /* fallthru */
+@@ -XXX,XX +XXX,XX @@ static bool full_vfp_access_check(DisasContext *s, bool ignore_vfp_enabled)
-+    case 0: /* FCVT[NPMZ]S */
-+    case 1: /* FCVT[NPMZ]U */
+     if (!s->vfp_enabled && !ignore_vfp_enabled) {
-         switch (type) {
+         assert(!arm_dc_feature(s, ARM_FEATURE_M));
-         case 0: /* float32 */
+-        gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
-         case 1: /* float64 */
++        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-             break;
+                            default_exception_el(s));
-         case 3: /* float16 */
+         return false;
--            if (dc_isar_feature(aa64_fp16, s)) {
+     }
--                break;
+diff --git a/target/arm/translate.c b/target/arm/translate.c
-+            if (!dc_isar_feature(aa64_fp16, s)) {
+index XXXXXXX..XXXXXXX 100644
-+                goto do_unallocated;
+--- a/target/arm/translate.c
 +++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
      s->base.is_jmp = DISAS_NORETURN;
  }
 -static void gen_exception_insn(DisasContext *s, int offset, int excp,
 +static void gen_exception_insn(DisasContext *s, uint32_t pc, int excp,
                                 int syn, uint32_t target_el)
  {
      gen_set_condexec(s);
 -    gen_set_pc_im(s, s->base.pc_next - offset);
 +    gen_set_pc_im(s, pc);
      gen_exception(excp, syn, target_el);
      s->base.is_jmp = DISAS_NORETURN;
  }
@@ -XXX,XX +XXX,XX @@ static inline void gen_hlt(DisasContext *s, int imm)
          return;
      }
 -    gen_exception_insn(s, s->thumb ? 2 : 4, EXCP_UDEF, syn_uncategorized(),
 +    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
                         default_exception_el(s));
  }
@@ -XXX,XX +XXX,XX @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
  undef:
      /* If we get here then some access check did not pass */
 -    gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(), exc_target);
 +    gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
 +                       syn_uncategorized(), exc_target);
      return false;
  }
@@ -XXX,XX +XXX,XX @@ static int disas_neon_ls_insn(DisasContext *s, uint32_t insn)
       * for attempts to execute invalid vfp/neon encodings with FP disabled.
       */
      if (s->fp_excp_el) {
 -        gen_exception_insn(s, 4, EXCP_UDEF,
 +        gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
                             syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
          return 0;
      }
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
       * for attempts to execute invalid vfp/neon encodings with FP disabled.
       */
      if (s->fp_excp_el) {
 -        gen_exception_insn(s, 4, EXCP_UDEF,
 +        gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
                             syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
          return 0;
      }
@@ -XXX,XX +XXX,XX @@ static int disas_neon_insn_3same_ext(DisasContext *s, uint32_t insn)
      }
      if (s->fp_excp_el) {
 -        gen_exception_insn(s, 4, EXCP_UDEF,
 +        gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
                             syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
          return 0;
      }
@@ -XXX,XX +XXX,XX @@ static int disas_neon_insn_2reg_scalar_ext(DisasContext *s, uint32_t insn)
          off_rm = vfp_reg_offset(0, rm);
      }
      if (s->fp_excp_el) {
 -        gen_exception_insn(s, 4, EXCP_UDEF,
 +        gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
                             syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
          return 0;
      }
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
       * For the UNPREDICTABLE cases we choose to UNDEF.
       */
      if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) {
 -        gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(), 3);
 +        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(), 3);
          return;
      }
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
      }
      if (undef) {
 -        gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
 +        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
                             default_exception_el(s));
          return;
      }
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
       * UsageFault exception.
       */
      if (arm_dc_feature(s, ARM_FEATURE_M)) {
 -        gen_exception_insn(s, 4, EXCP_INVSTATE, syn_uncategorized(),
 +        gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
                             default_exception_el(s));
          return;
      }
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
              break;
          default:
          illegal_op:
 -            gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
 +            gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
                                 default_exception_el(s));
              break;
          }
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
              }
--            /* fallthru */
-+            break;
+             /* All other insns: NOCP */
-         default:
+-            gen_exception_insn(s, 4, EXCP_NOCP, syn_uncategorized(),
--            unallocated_encoding(s);
++            gen_exception_insn(s, s->pc_curr, EXCP_NOCP, syn_uncategorized(),
--            return;
+                                default_exception_el(s));
-+            goto do_unallocated;
+             break;
          }
--
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
-         if (!fp_access_check(s)) {
+     }
-             return;
+     return;
-         }
+ illegal_op:
-         handle_fpfpcvt(s, rd, rn, opcode, itof, rmode, 64, sf, type);
+-    gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
-+        break;
++    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-+
+                        default_exception_el(s));
-+    default:
+ }
-+        switch (sf << 7 | type << 5 | rmode << 3 | opcode) {
-+        case 0b01100110: /* FMOV half <-> 32-bit int */
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
-+        case 0b01100111:
+     return;
-+        case 0b11100110: /* FMOV half <-> 64-bit int */
+ illegal_op:
-+        case 0b11100111:
+ undef:
-+            if (!dc_isar_feature(aa64_fp16, s)) {
+-    gen_exception_insn(s, 2, EXCP_UDEF, syn_uncategorized(),
-+                goto do_unallocated;
++    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-+            }
+                        default_exception_el(s));
-+            /* fallthru */
+ }
 +        case 0b00000110: /* FMOV 32-bit */
 +        case 0b00000111:
 +        case 0b10100110: /* FMOV 64-bit */
 +        case 0b10100111:
 +        case 0b11001110: /* FMOV top half of 128-bit */
 +        case 0b11001111:
 +            if (!fp_access_check(s)) {
 +                return;
 +            }
 +            itof = opcode & 1;
 +            handle_fmov(s, rd, rn, type, itof);
 +            break;
 +
 +        default:
 +        do_unallocated:
 +            unallocated_encoding(s);
 +            return;
 +        }
 +        break;
      }
  }
 --
 .20.1

-[Qemu-devel] [PULL 16/27] target/arm: Use vector minmax expanders for aarch64
+[Qemu-devel] [PULL 13/29] target/arm: Replace offset with pc in gen_exception_internal_insn
 From: Richard Henderson <richard.henderson@linaro.org>
+The offset is variable depending on the instruction set.
+Passing in the actual value is clearer in intent.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Message-id: 20190209033847.9014-3-richard.henderson@linaro.org
+Message-id: 20190807045335.1361-9-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-a64.c | 35 ++++++++++++++---------------------
+ target/arm/translate-a64.c | 8 ++++----
-file changed, 14 insertions(+), 21 deletions(-)
+ target/arm/translate.c     | 8 ++++----
 files changed, 8 insertions(+), 8 deletions(-)
 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
+@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal(int excp)
-     }
+     tcg_temp_free_i32(tcg_excp);
+ }
-     switch (opcode) {
-+    case 0x0c: /* SMAX, UMAX */
+-static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
-+        if (u) {
++static void gen_exception_internal_insn(DisasContext *s, uint64_t pc, int excp)
-+            gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_umax, size);
+ {
-+        } else {
+-    gen_a64_set_pc_im(s->base.pc_next - offset);
-+            gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_smax, size);
++    gen_a64_set_pc_im(pc);
-+        }
+     gen_exception_internal(excp);
-+        return;
+     s->base.is_jmp = DISAS_NORETURN;
-+    case 0x0d: /* SMIN, UMIN */
+ }
-+        if (u) {
+@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
 +            gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_umin, size);
 +        } else {
 +            gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_smin, size);
 +        }
 +        return;
      case 0x10: /* ADD, SUB */
          if (u) {
              gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_sub, size);
@@ -XXX,XX +XXX,XX @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
                  genenvfn = fns[size][u];
                  break;
              }
--            case 0xc: /* SMAX, UMAX */
+ #endif
--            {
+-            gen_exception_internal_insn(s, 0, EXCP_SEMIHOST);
--                static NeonGenTwoOpFn * const fns[3][2] = {
++            gen_exception_internal_insn(s, s->base.pc_next, EXCP_SEMIHOST);
--                    { gen_helper_neon_max_s8, gen_helper_neon_max_u8 },
+         } else {
--                    { gen_helper_neon_max_s16, gen_helper_neon_max_u16 },
+             unsupported_encoding(s, insn);
--                    { tcg_gen_smax_i32, tcg_gen_umax_i32 },
+         }
--                };
+@@ -XXX,XX +XXX,XX @@ static bool aarch64_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
--                genfn = fns[size][u];
+         /* End the TB early; it likely won't be executed */
--                break;
+         dc->base.is_jmp = DISAS_TOO_MANY;
--            }
+     } else {
--
+-        gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
--            case 0xd: /* SMIN, UMIN */
++        gen_exception_internal_insn(dc, dc->base.pc_next, EXCP_DEBUG);
--            {
+         /* The address covered by the breakpoint must be
--                static NeonGenTwoOpFn * const fns[3][2] = {
+            included in [tb->pc, tb->pc + tb->size) in order
--                    { gen_helper_neon_min_s8, gen_helper_neon_min_u8 },
+            to for it to be properly cleared -- thus we
--                    { gen_helper_neon_min_s16, gen_helper_neon_min_u16 },
+diff --git a/target/arm/translate.c b/target/arm/translate.c
--                    { tcg_gen_smin_i32, tcg_gen_umin_i32 },
+index XXXXXXX..XXXXXXX 100644
--                };
+--- a/target/arm/translate.c
--                genfn = fns[size][u];
++++ b/target/arm/translate.c
--                break;
+@@ -XXX,XX +XXX,XX @@ static inline void gen_smc(DisasContext *s)
--            }
+     s->base.is_jmp = DISAS_SMC;
-             case 0xe: /* SABD, UABD */
+ }
-             case 0xf: /* SABA, UABA */
-             {
+-static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
 +static void gen_exception_internal_insn(DisasContext *s, uint32_t pc, int excp)
  {
      gen_set_condexec(s);
 -    gen_set_pc_im(s, s->base.pc_next - offset);
 +    gen_set_pc_im(s, pc);
      gen_exception_internal(excp);
      s->base.is_jmp = DISAS_NORETURN;
  }
@@ -XXX,XX +XXX,XX @@ static inline void gen_hlt(DisasContext *s, int imm)
          s->current_el != 0 &&
  #endif
          (imm == (s->thumb ? 0x3c : 0xf000))) {
 -        gen_exception_internal_insn(s, 0, EXCP_SEMIHOST);
 +        gen_exception_internal_insn(s, s->base.pc_next, EXCP_SEMIHOST);
          return;
      }
@@ -XXX,XX +XXX,XX @@ static bool arm_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
          /* End the TB early; it's likely not going to be executed */
          dc->base.is_jmp = DISAS_TOO_MANY;
      } else {
 -        gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
 +        gen_exception_internal_insn(dc, dc->base.pc_next, EXCP_DEBUG);
          /* The address covered by the breakpoint must be
             included in [tb->pc, tb->pc + tb->size) in order
             to for it to be properly cleared -- thus we
 --
 .20.1

-[Qemu-devel] [PULL 15/27] target/arm: Rely on optimization within tcg_gen_gvec_or
+[Qemu-devel] [PULL 14/29] target/arm: Remove offset argument to gen_exception_bkpt_insn
 From: Richard Henderson <richard.henderson@linaro.org>
-Since we're now handling a == b generically, we no longer need
+Unlike the other more generic gen_exception{,_internal}_insn
-to do it by hand within target/arm/.
+interfaces, breakpoints always refer to the current instruction.
-Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190209033847.9014-2-richard.henderson@linaro.org
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
 Message-id: 20190807045335.1361-10-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate-a64.c |  6 +-----
+ target/arm/translate-a64.c | 7 +++----
- target/arm/translate-sve.c |  6 +-----
+ target/arm/translate.c     | 8 ++++----
- target/arm/translate.c     | 12 +++---------
+files changed, 7 insertions(+), 8 deletions(-)
 files changed, 5 insertions(+), 19 deletions(-)
 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ static void disas_simd_3same_logic(DisasContext *s, uint32_t insn)
+@@ -XXX,XX +XXX,XX @@ static void gen_exception_insn(DisasContext *s, uint64_t pc, int excp,
-         gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_andc, 0);
+     s->base.is_jmp = DISAS_NORETURN;
-         return;
+ }
-     case 2: /* ORR */
--        if (rn == rm) { /* MOV */
+-static void gen_exception_bkpt_insn(DisasContext *s, int offset,
--            gen_gvec_fn2(s, is_q, rd, rn, tcg_gen_gvec_mov, 0);
+-                                    uint32_t syndrome)
--        } else {
++static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syndrome)
 -            gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_or, 0);
 -        }
 +        gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_or, 0);
          return;
      case 3: /* ORN */
          gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_orc, 0);
 diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-sve.c
 +++ b/target/arm/translate-sve.c
@@ -XXX,XX +XXX,XX @@ static bool trans_AND_zzz(DisasContext *s, arg_rrr_esz *a)
  static bool trans_ORR_zzz(DisasContext *s, arg_rrr_esz *a)
  {
--    if (a->rn == a->rm) { /* MOV */
+     TCGv_i32 tcg_syn;
--        return do_mov_z(s, a->rd, a->rn);
--    } else {
+-    gen_a64_set_pc_im(s->base.pc_next - offset);
--        return do_vector3_z(s, tcg_gen_gvec_or, 0, a->rd, a->rn, a->rm);
++    gen_a64_set_pc_im(s->pc_curr);
--    }
+     tcg_syn = tcg_const_i32(syndrome);
-+    return do_vector3_z(s, tcg_gen_gvec_or, 0, a->rd, a->rn, a->rm);
+     gen_helper_exception_bkpt_insn(cpu_env, tcg_syn);
- }
+     tcg_temp_free_i32(tcg_syn);
+@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
- static bool trans_EOR_zzz(DisasContext *s, arg_rrr_esz *a)
+             break;
          }
          /* BRK */
 -        gen_exception_bkpt_insn(s, 4, syn_aa64_bkpt(imm16));
 +        gen_exception_bkpt_insn(s, syn_aa64_bkpt(imm16));
          break;
      case 2:
          if (op2_ll != 0) {
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
+@@ -XXX,XX +XXX,XX @@ static void gen_exception_insn(DisasContext *s, uint32_t pc, int excp,
-                 tcg_gen_gvec_andc(0, rd_ofs, rn_ofs, rm_ofs,
+     s->base.is_jmp = DISAS_NORETURN;
-                                   vec_size, vec_size);
+ }
 -static void gen_exception_bkpt_insn(DisasContext *s, int offset, uint32_t syn)
 +static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
  {
      TCGv_i32 tcg_syn;
      gen_set_condexec(s);
 -    gen_set_pc_im(s, s->base.pc_next - offset);
 +    gen_set_pc_im(s, s->pc_curr);
      tcg_syn = tcg_const_i32(syn);
      gen_helper_exception_bkpt_insn(cpu_env, tcg_syn);
      tcg_temp_free_i32(tcg_syn);
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
              case 1:
                  /* bkpt */
                  ARCH(5);
 -                gen_exception_bkpt_insn(s, 4, syn_aa32_bkpt(imm16, false));
 +                gen_exception_bkpt_insn(s, syn_aa32_bkpt(imm16, false));
                  break;
--            case 2:
+             case 2:
--                if (rn == rm) {
+                 /* Hypervisor call (v7) */
--                    /* VMOV */
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
--                    tcg_gen_gvec_mov(0, rd_ofs, rn_ofs, vec_size, vec_size);
+         {
--                } else {
+             int imm8 = extract32(insn, 0, 8);
--                    /* VORR */
+             ARCH(5);
--                    tcg_gen_gvec_or(0, rd_ofs, rn_ofs, rm_ofs,
+-            gen_exception_bkpt_insn(s, 2, syn_aa32_bkpt(imm8, true));
--                                    vec_size, vec_size);
++            gen_exception_bkpt_insn(s, syn_aa32_bkpt(imm8, true));
--                }
+             break;
-+            case 2: /* VORR */
+         }
-+                tcg_gen_gvec_or(0, rd_ofs, rn_ofs, rm_ofs,
 +                                vec_size, vec_size);
                  break;
              case 3: /* VORN */
                  tcg_gen_gvec_orc(0, rd_ofs, rn_ofs, rm_ofs,
 --
 .20.1

-[Qemu-devel] [PULL 07/27] target/arm: expose CPUID registers to userspace
+[Qemu-devel] [PULL 15/29] target/arm: Use unallocated_encoding for aarch32
-From: Alex Bennée <alex.bennee@linaro.org>
+From: Richard Henderson <richard.henderson@linaro.org>
-A number of CPUID registers are exposed to userspace by modern Linux
+Promote this function from aarch64 to fully general use.
-kernels thanks to the "ARM64 CPU Feature Registers" ABI. For QEMU's
+Use it to unify the code sequences for generating illegal
-user-mode emulation we don't need to emulate the kernels trap but just
+opcode exceptions.
 return the value the trap would have done. To avoid too much #ifdef
 hackery we process ARMCPRegInfo with a new helper (modify_arm_cp_regs)
 before defining the registers. The modify routine is driven by a
 simple data structure which describes which bits are exported and
 which are fixed.
-Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
 Message-id: 20190205190224.2198-3-alex.bennee@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20190807045335.1361-11-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/cpu.h    | 21 ++++++++++++++++
+ target/arm/translate-a64.h     |  2 --
- target/arm/helper.c | 59 +++++++++++++++++++++++++++++++++++++++++++++
+ target/arm/translate.h         |  2 ++
-files changed, 80 insertions(+)
+ target/arm/translate-a64.c     |  7 -------
  target/arm/translate-vfp.inc.c |  3 +--
  target/arm/translate.c         | 22 ++++++++++++----------
 files changed, 15 insertions(+), 21 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+diff --git a/target/arm/translate-a64.h b/target/arm/translate-a64.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
+--- a/target/arm/translate-a64.h
-+++ b/target/arm/cpu.h
++++ b/target/arm/translate-a64.h
-@@ -XXX,XX +XXX,XX @@ static inline void define_one_arm_cp_reg(ARMCPU *cpu, const ARMCPRegInfo *regs)
+@@ -XXX,XX +XXX,XX @@
- }
+ #ifndef TARGET_ARM_TRANSLATE_A64_H
- const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t encoded_cp);
+ #define TARGET_ARM_TRANSLATE_A64_H
-+/*
+-void unallocated_encoding(DisasContext *s);
-+ * Definition of an ARM co-processor register as viewed from
+-
-+ * userspace. This is used for presenting sanitised versions of
+ #define unsupported_encoding(s, insn)                                    \
-+ * registers to userspace when emulating the Linux AArch64 CPU
+     do {                                                                 \
-+ * ID/feature ABI (advertised as HWCAP_CPUID).
+         qemu_log_mask(LOG_UNIMP,                                         \
-+ */
+diff --git a/target/arm/translate.h b/target/arm/translate.h
-+typedef struct ARMCPRegUserSpaceInfo {
+index XXXXXXX..XXXXXXX 100644
-+    /* Name of register */
+--- a/target/arm/translate.h
-+    const char *name;
++++ b/target/arm/translate.h
@@ -XXX,XX +XXX,XX @@ typedef struct DisasCompare {
      bool value_global;
  } DisasCompare;
 +void unallocated_encoding(DisasContext *s);
 +
-+    /* Only some bits are exported to user space */
+ /* Share the TCG temporaries common between 32 and 64 bit modes.  */
-+    uint64_t exported_bits;
+ extern TCGv_i32 cpu_NF, cpu_ZF, cpu_CF, cpu_VF;
-+
+ extern TCGv_i64 cpu_exclusive_addr;
-+    /* Fixed bits are applied after the mask */
+diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 +    uint64_t fixed_bits;
 +} ARMCPRegUserSpaceInfo;
 +
 +#define REGUSERINFO_SENTINEL { .name = NULL }
 +
 +void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods);
 +
  /* CPWriteFn that can be used to implement writes-ignored behaviour */
  void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
                           uint64_t value);
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
+--- a/target/arm/translate-a64.c
-+++ b/target/arm/helper.c
++++ b/target/arm/translate-a64.c
-@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
+@@ -XXX,XX +XXX,XX @@ static inline void gen_goto_tb(DisasContext *s, int n, uint64_t dest)
                .resetvalue = cpu->pmceid1 },
              REGINFO_SENTINEL
          };
 +#ifdef CONFIG_USER_ONLY
 +        ARMCPRegUserSpaceInfo v8_user_idregs[] = {
 +            { .name = "ID_AA64PFR0_EL1",
 +              .exported_bits = 0x000f000f00ff0000,
 +              .fixed_bits    = 0x0000000000000011 },
 +            { .name = "ID_AA64PFR1_EL1",
 +              .exported_bits = 0x00000000000000f0 },
 +            { .name = "ID_AA64ZFR0_EL1"           },
 +            { .name = "ID_AA64MMFR0_EL1",
 +              .fixed_bits    = 0x00000000ff000000 },
 +            { .name = "ID_AA64MMFR1_EL1"          },
 +            { .name = "ID_AA64DFR0_EL1",
 +              .fixed_bits    = 0x0000000000000006 },
 +            { .name = "ID_AA64DFR1_EL1"           },
 +            { .name = "ID_AA64AFR0_EL1"           },
 +            { .name = "ID_AA64AFR1_EL1"           },
 +            { .name = "ID_AA64ISAR0_EL1",
 +              .exported_bits = 0x00fffffff0fffff0 },
 +            { .name = "ID_AA64ISAR1_EL1",
 +              .exported_bits = 0x000000f0ffffffff },
 +            REGUSERINFO_SENTINEL
 +        };
 +        modify_arm_cp_regs(v8_idregs, v8_user_idregs);
 +#endif
          /* RVBAR_EL1 is only implemented if EL1 is the highest EL */
          if (!arm_feature(env, ARM_FEATURE_EL3) &&
              !arm_feature(env, ARM_FEATURE_EL2)) {
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
              .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_W,
              .type = ARM_CP_NOP | ARM_CP_OVERRIDE
          };
 +#ifdef CONFIG_USER_ONLY
 +        ARMCPRegUserSpaceInfo id_v8_user_midr_cp_reginfo[] = {
 +            { .name = "MIDR_EL1",
 +              .exported_bits = 0x00000000ffffffff },
 +            { .name = "REVIDR_EL1"                },
 +            REGUSERINFO_SENTINEL
 +        };
 +        modify_arm_cp_regs(id_v8_midr_cp_reginfo, id_v8_user_midr_cp_reginfo);
 +#endif
          if (arm_feature(env, ARM_FEATURE_OMAPCP) ||
              arm_feature(env, ARM_FEATURE_STRONGARM)) {
              ARMCPRegInfo *r;
@@ -XXX,XX +XXX,XX @@ void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
      }
  }
-+/*
+-void unallocated_encoding(DisasContext *s)
-+ * Modify ARMCPRegInfo for access from userspace.
+-{
-+ *
+-    /* Unallocated and reserved encodings are uncategorized */
-+ * This is a data driven modification directed by
+-    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-+ * ARMCPRegUserSpaceInfo. All registers become ARM_CP_CONST as
+-                       default_exception_el(s));
-+ * user-space cannot alter any values and dynamic values pertaining to
+-}
-+ * execution state are hidden from user space view anyway.
+-
-+ */
+ static void init_tmp_a64_array(DisasContext *s)
-+void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods)
+ {
  #ifdef CONFIG_DEBUG_TCG
 diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate-vfp.inc.c
 +++ b/target/arm/translate-vfp.inc.c
@@ -XXX,XX +XXX,XX @@ static bool full_vfp_access_check(DisasContext *s, bool ignore_vfp_enabled)
      if (!s->vfp_enabled && !ignore_vfp_enabled) {
          assert(!arm_dc_feature(s, ARM_FEATURE_M));
 -        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
 -                           default_exception_el(s));
 +        unallocated_encoding(s);
          return false;
      }
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
      s->base.is_jmp = DISAS_NORETURN;
  }
 +void unallocated_encoding(DisasContext *s)
 +{
-+    const ARMCPRegUserSpaceInfo *m;
++    /* Unallocated and reserved encodings are uncategorized */
-+    ARMCPRegInfo *r;
++    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-+
++                       default_exception_el(s));
 +    for (m = mods; m->name; m++) {
 +        for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
 +            if (strcmp(r->name, m->name) == 0) {
 +                r->type = ARM_CP_CONST;
 +                r->access = PL0U_R;
 +                r->resetvalue &= m->exported_bits;
 +                r->resetvalue |= m->fixed_bits;
 +                break;
 +            }
 +        }
 +    }
 +}
 +
- const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t encoded_cp)
+ /* Force a TB lookup after an instruction that changes the CPU state.  */
  static inline void gen_lookup_tb(DisasContext *s)
  {
-     return g_hash_table_lookup(cpregs, &encoded_cp);
+@@ -XXX,XX +XXX,XX @@ static inline void gen_hlt(DisasContext *s, int imm)
          return;
      }
 -    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
 -                       default_exception_el(s));
 +    unallocated_encoding(s);
  }
  static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
      }
      if (undef) {
 -        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
 -                           default_exception_el(s));
 +        unallocated_encoding(s);
          return;
      }
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
              break;
          default:
          illegal_op:
 -            gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
 -                               default_exception_el(s));
 +            unallocated_encoding(s);
              break;
          }
      }
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
      }
      return;
  illegal_op:
 -    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
 -                       default_exception_el(s));
 +    unallocated_encoding(s);
  }
  static void disas_thumb_insn(DisasContext *s, uint32_t insn)
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
      return;
  illegal_op:
  undef:
 -    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
 -                       default_exception_el(s));
 +    unallocated_encoding(s);
  }
  static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
 --
 .20.1

-[Qemu-devel] [PULL 19/27] target/arm: Remove neon min/max helpers
+[Qemu-devel] [PULL 16/29] target/arm: Remove helper_double_saturate
 From: Richard Henderson <richard.henderson@linaro.org>
-These are now unused.
+Replace x = double_saturate(y) with x = add_saturate(y, y).
 There is no need for a separate more specialized helper.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190209033847.9014-6-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20190807045335.1361-12-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/helper.h      | 12 ------------
+ target/arm/helper.h    |  1 -
- target/arm/neon_helper.c | 12 ------------
+ target/arm/op_helper.c | 15 ---------------
-files changed, 24 deletions(-)
+ target/arm/translate.c |  4 ++--
 files changed, 2 insertions(+), 18 deletions(-)
 diff --git a/target/arm/helper.h b/target/arm/helper.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.h
 +++ b/target/arm/helper.h
-@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(neon_cge_s16, i32, i32, i32)
+@@ -XXX,XX +XXX,XX @@ DEF_HELPER_3(add_saturate, i32, env, i32, i32)
- DEF_HELPER_2(neon_cge_u32, i32, i32, i32)
+ DEF_HELPER_3(sub_saturate, i32, env, i32, i32)
- DEF_HELPER_2(neon_cge_s32, i32, i32, i32)
+ DEF_HELPER_3(add_usaturate, i32, env, i32, i32)
+ DEF_HELPER_3(sub_usaturate, i32, env, i32, i32)
--DEF_HELPER_2(neon_min_u8, i32, i32, i32)
+-DEF_HELPER_2(double_saturate, i32, env, s32)
--DEF_HELPER_2(neon_min_s8, i32, i32, i32)
+ DEF_HELPER_FLAGS_2(sdiv, TCG_CALL_NO_RWG_SE, s32, s32, s32)
--DEF_HELPER_2(neon_min_u16, i32, i32, i32)
+ DEF_HELPER_FLAGS_2(udiv, TCG_CALL_NO_RWG_SE, i32, i32, i32)
--DEF_HELPER_2(neon_min_s16, i32, i32, i32)
+ DEF_HELPER_FLAGS_1(rbit, TCG_CALL_NO_RWG_SE, i32, i32)
--DEF_HELPER_2(neon_min_u32, i32, i32, i32)
+diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
 -DEF_HELPER_2(neon_min_s32, i32, i32, i32)
 -DEF_HELPER_2(neon_max_u8, i32, i32, i32)
 -DEF_HELPER_2(neon_max_s8, i32, i32, i32)
 -DEF_HELPER_2(neon_max_u16, i32, i32, i32)
 -DEF_HELPER_2(neon_max_s16, i32, i32, i32)
 -DEF_HELPER_2(neon_max_u32, i32, i32, i32)
 -DEF_HELPER_2(neon_max_s32, i32, i32, i32)
  DEF_HELPER_2(neon_pmin_u8, i32, i32, i32)
  DEF_HELPER_2(neon_pmin_s8, i32, i32, i32)
  DEF_HELPER_2(neon_pmin_u16, i32, i32, i32)
 diff --git a/target/arm/neon_helper.c b/target/arm/neon_helper.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/neon_helper.c
+--- a/target/arm/op_helper.c
-+++ b/target/arm/neon_helper.c
++++ b/target/arm/op_helper.c
-@@ -XXX,XX +XXX,XX @@ NEON_VOP(cge_u32, neon_u32, 1)
+@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(sub_saturate)(CPUARMState *env, uint32_t a, uint32_t b)
- #undef NEON_FN
+     return res;
+ }
- #define NEON_FN(dest, src1, src2) dest = (src1 < src2) ? src1 : src2
--NEON_VOP(min_s8, neon_s8, 4)
+-uint32_t HELPER(double_saturate)(CPUARMState *env, int32_t val)
--NEON_VOP(min_u8, neon_u8, 4)
+-{
--NEON_VOP(min_s16, neon_s16, 2)
+-    uint32_t res;
--NEON_VOP(min_u16, neon_u16, 2)
+-    if (val >= 0x40000000) {
--NEON_VOP(min_s32, neon_s32, 1)
+-        res = ~SIGNBIT;
--NEON_VOP(min_u32, neon_u32, 1)
+-        env->QF = 1;
- NEON_POP(pmin_s8, neon_s8, 4)
+-    } else if (val <= (int32_t)0xc0000000) {
- NEON_POP(pmin_u8, neon_u8, 4)
+-        res = SIGNBIT;
- NEON_POP(pmin_s16, neon_s16, 2)
+-        env->QF = 1;
-@@ -XXX,XX +XXX,XX @@ NEON_POP(pmin_u16, neon_u16, 2)
+-    } else {
- #undef NEON_FN
+-        res = val << 1;
+-    }
- #define NEON_FN(dest, src1, src2) dest = (src1 > src2) ? src1 : src2
+-    return res;
--NEON_VOP(max_s8, neon_s8, 4)
+-}
--NEON_VOP(max_u8, neon_u8, 4)
+-
--NEON_VOP(max_s16, neon_s16, 2)
+ uint32_t HELPER(add_usaturate)(CPUARMState *env, uint32_t a, uint32_t b)
--NEON_VOP(max_u16, neon_u16, 2)
+ {
--NEON_VOP(max_s32, neon_s32, 1)
+     uint32_t res = a + b;
--NEON_VOP(max_u32, neon_u32, 1)
+diff --git a/target/arm/translate.c b/target/arm/translate.c
- NEON_POP(pmax_s8, neon_s8, 4)
+index XXXXXXX..XXXXXXX 100644
- NEON_POP(pmax_u8, neon_u8, 4)
+--- a/target/arm/translate.c
- NEON_POP(pmax_s16, neon_s16, 2)
++++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
              tmp = load_reg(s, rm);
              tmp2 = load_reg(s, rn);
              if (op1 & 2)
 -                gen_helper_double_saturate(tmp2, cpu_env, tmp2);
 +                gen_helper_add_saturate(tmp2, cpu_env, tmp2, tmp2);
              if (op1 & 1)
                  gen_helper_sub_saturate(tmp, cpu_env, tmp, tmp2);
              else
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                  tmp = load_reg(s, rn);
                  tmp2 = load_reg(s, rm);
                  if (op & 1)
 -                    gen_helper_double_saturate(tmp, cpu_env, tmp);
 +                    gen_helper_add_saturate(tmp, cpu_env, tmp, tmp);
                  if (op & 2)
                      gen_helper_sub_saturate(tmp, cpu_env, tmp2, tmp);
                  else
 --
 .20.1

-New patch
+[Qemu-devel] [PULL 17/29] target/arm/cpu64: Ensure kvm really supports aarch64=off
+From: Andrew Jones <drjones@redhat.com>
+If -cpu <cpu>,aarch64=off is used then KVM must also be used, and it
+and the host must support running the vcpu in 32-bit mode. Also, if
+-cpu <cpu>,aarch64=on is used, then it doesn't matter if kvm is
+enabled or not.
+Signed-off-by: Andrew Jones <drjones@redhat.com>
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+---
+ target/arm/kvm_arm.h | 14 ++++++++++++++
+ target/arm/cpu64.c   | 12 ++++++------
+ target/arm/kvm64.c   |  9 +++++++++
+files changed, 29 insertions(+), 6 deletions(-)
+diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/kvm_arm.h
++++ b/target/arm/kvm_arm.h
+@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf);
+  */
+ void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu);
++/**
++ * kvm_arm_aarch32_supported:
++ * @cs: CPUState
++ *
++ * Returns: true if the KVM VCPU can enable AArch32 mode
++ * and false otherwise.
++ */
++bool kvm_arm_aarch32_supported(CPUState *cs);
++
+ /**
+  * kvm_arm_get_max_vm_ipa_size - Returns the number of bits in the
+  * IPA address space supported by KVM
+@@ -XXX,XX +XXX,XX @@ static inline void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu)
+     cpu->host_cpu_probe_failed = true;
+ }
++static inline bool kvm_arm_aarch32_supported(CPUState *cs)
++{
++    return false;
++}
++
+ static inline int kvm_arm_get_max_vm_ipa_size(MachineState *ms)
+ {
+     return -ENOENT;
+diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/cpu64.c
++++ b/target/arm/cpu64.c
+@@ -XXX,XX +XXX,XX @@ static void aarch64_cpu_set_aarch64(Object *obj, bool value, Error **errp)
+      * restriction allows us to avoid fixing up functionality that assumes a
+      * uniform execution state like do_interrupt.
+      */
+-    if (!kvm_enabled()) {
+-        error_setg(errp, "'aarch64' feature cannot be disabled "
+-                         "unless KVM is enabled");
+-        return;
+-    }
+-
+     if (value == false) {
++        if (!kvm_enabled() || !kvm_arm_aarch32_supported(CPU(cpu))) {
++            error_setg(errp, "'aarch64' feature cannot be disabled "
++                             "unless KVM is enabled and 32-bit EL1 "
++                             "is supported");
++            return;
++        }
+         unset_feature(&cpu->env, ARM_FEATURE_AARCH64);
+     } else {
+         set_feature(&cpu->env, ARM_FEATURE_AARCH64);
+diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/kvm64.c
++++ b/target/arm/kvm64.c
+@@ -XXX,XX +XXX,XX @@
+ #include "exec/gdbstub.h"
+ #include "sysemu/sysemu.h"
+ #include "sysemu/kvm.h"
++#include "sysemu/kvm_int.h"
+ #include "kvm_arm.h"
++#include "hw/boards.h"
+ #include "internals.h"
+ static bool have_guest_debug;
+@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
+     return true;
+ }
++bool kvm_arm_aarch32_supported(CPUState *cpu)
++{
++    KVMState *s = KVM_STATE(current_machine->accelerator);
++
++    return kvm_check_extension(s, KVM_CAP_ARM_EL1_32BIT);
++}
++
+ #define ARM_CPU_ID_MPIDR       3, 0, 0, 0, 5
+ int kvm_arch_init_vcpu(CPUState *cs)
+--
+.20.1

-[Qemu-devel] [PULL 08/27] target/arm: expose MPIDR_EL1 to userspace
+[Qemu-devel] [PULL 18/29] target/arm/cpu: Ensure we can use the pmu with kvm
-From: Alex Bennée <alex.bennee@linaro.org>
+From: Andrew Jones <drjones@redhat.com>
-As this is a single register we could expose it with a simple ifdef
+We first convert the pmu property from a static property to one with
-but we use the existing modify_arm_cp_regs mechanism for consistency.
+its own accessors. Then we use the set accessor to check if the PMU is
 supported when using KVM. Indeed a 32-bit KVM host does not support
 the PMU, so this check will catch an attempt to use it at property-set
 time.
-Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
+Signed-off-by: Andrew Jones <drjones@redhat.com>
-Message-id: 20190205190224.2198-4-alex.bennee@linaro.org
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/helper.c | 21 ++++++++++++++-------
+ target/arm/kvm_arm.h | 14 ++++++++++++++
-file changed, 14 insertions(+), 7 deletions(-)
+ target/arm/cpu.c     | 30 +++++++++++++++++++++++++-----
  target/arm/kvm.c     |  7 +++++++
 files changed, 46 insertions(+), 5 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
+diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
+--- a/target/arm/kvm_arm.h
-+++ b/target/arm/helper.c
++++ b/target/arm/kvm_arm.h
-@@ -XXX,XX +XXX,XX @@ static uint64_t mpidr_read(CPUARMState *env, const ARMCPRegInfo *ri)
+@@ -XXX,XX +XXX,XX @@ void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu);
-     return mpidr_read_val(env);
+  */
  bool kvm_arm_aarch32_supported(CPUState *cs);
 +/**
 + * bool kvm_arm_pmu_supported:
 + * @cs: CPUState
 + *
 + * Returns: true if the KVM VCPU can enable its PMU
 + * and false otherwise.
 + */
 +bool kvm_arm_pmu_supported(CPUState *cs);
 +
  /**
   * kvm_arm_get_max_vm_ipa_size - Returns the number of bits in the
   * IPA address space supported by KVM
@@ -XXX,XX +XXX,XX @@ static inline bool kvm_arm_aarch32_supported(CPUState *cs)
      return false;
  }
--static const ARMCPRegInfo mpidr_cp_reginfo[] = {
++static inline bool kvm_arm_pmu_supported(CPUState *cs)
--    { .name = "MPIDR", .state = ARM_CP_STATE_BOTH,
++{
--      .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
++    return false;
--      .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_RAW },
++}
--    REGINFO_SENTINEL
++
--};
+ static inline int kvm_arm_get_max_vm_ipa_size(MachineState *ms)
  {
      return -ENOENT;
 diff --git a/target/arm/cpu.c b/target/arm/cpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu.c
 +++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ static Property arm_cpu_has_el3_property =
  static Property arm_cpu_cfgend_property =
              DEFINE_PROP_BOOL("cfgend", ARMCPU, cfgend, false);
 -/* use property name "pmu" to match other archs and virt tools */
 -static Property arm_cpu_has_pmu_property =
 -            DEFINE_PROP_BOOL("pmu", ARMCPU, has_pmu, true);
 -
- static const ARMCPRegInfo lpae_cp_reginfo[] = {
+ static Property arm_cpu_has_vfp_property =
-     /* NOP AMAIR0/1 */
+             DEFINE_PROP_BOOL("vfp", ARMCPU, has_vfp, true);
-     { .name = "AMAIR0", .state = ARM_CP_STATE_BOTH,
-@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
+@@ -XXX,XX +XXX,XX @@ static Property arm_cpu_pmsav7_dregion_property =
                                             pmsav7_dregion,
                                             qdev_prop_uint32, uint32_t);
 +static bool arm_get_pmu(Object *obj, Error **errp)
 +{
 +    ARMCPU *cpu = ARM_CPU(obj);
 +
 +    return cpu->has_pmu;
 +}
 +
 +static void arm_set_pmu(Object *obj, bool value, Error **errp)
 +{
 +    ARMCPU *cpu = ARM_CPU(obj);
 +
 +    if (value) {
 +        if (kvm_enabled() && !kvm_arm_pmu_supported(CPU(cpu))) {
 +            error_setg(errp, "'pmu' feature not supported by KVM on this host");
 +            return;
 +        }
 +        set_feature(&cpu->env, ARM_FEATURE_PMU);
 +    } else {
 +        unset_feature(&cpu->env, ARM_FEATURE_PMU);
 +    }
 +    cpu->has_pmu = value;
 +}
 +
  static void arm_get_init_svtor(Object *obj, Visitor *v, const char *name,
                                 void *opaque, Error **errp)
  {
@@ -XXX,XX +XXX,XX @@ void arm_cpu_post_init(Object *obj)
      }
-     if (arm_feature(env, ARM_FEATURE_MPIDR)) {
+     if (arm_feature(&cpu->env, ARM_FEATURE_PMU)) {
-+        ARMCPRegInfo mpidr_cp_reginfo[] = {
+-        qdev_property_add_static(DEVICE(obj), &arm_cpu_has_pmu_property,
-+            { .name = "MPIDR_EL1", .state = ARM_CP_STATE_BOTH,
++        cpu->has_pmu = true;
-+              .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
++        object_property_add_bool(obj, "pmu", arm_get_pmu, arm_set_pmu,
-+              .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_RAW },
+                                  &error_abort);
 +            REGINFO_SENTINEL
 +        };
 +#ifdef CONFIG_USER_ONLY
 +        ARMCPRegUserSpaceInfo mpidr_user_cp_reginfo[] = {
 +            { .name = "MPIDR_EL1",
 +              .fixed_bits = 0x0000000080000000 },
 +            REGUSERINFO_SENTINEL
 +        };
 +        modify_arm_cp_regs(mpidr_cp_reginfo, mpidr_user_cp_reginfo);
 +#endif
          define_arm_cp_regs(cpu, mpidr_cp_reginfo);
      }
+diff --git a/target/arm/kvm.c b/target/arm/kvm.c
+index XXXXXXX..XXXXXXX 100644
+--- a/target/arm/kvm.c
++++ b/target/arm/kvm.c
+@@ -XXX,XX +XXX,XX @@ void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu)
+     env->features = arm_host_cpu_features.features;
+ }
++bool kvm_arm_pmu_supported(CPUState *cpu)
++{
++    KVMState *s = KVM_STATE(current_machine->accelerator);
++
++    return kvm_check_extension(s, KVM_CAP_ARM_PMU_V3);
++}
++
+ int kvm_arm_get_max_vm_ipa_size(MachineState *ms)
+ {
+     KVMState *s = KVM_STATE(ms->accelerator);
 --
 .20.1

-[Qemu-devel] [PULL 01/27] target/arm: Fix CRn to be 14 for PMEVTYPER/PMEVCNTR
+[Qemu-devel] [PULL 19/29] target/arm/helper: zcr: Add build bug next to value range assumption
-From: Aaron Lindsay OS <aaron@os.amperecomputing.com>
+From: Andrew Jones <drjones@redhat.com>
-This bug was introduced in:
+The current implementation of ZCR_ELx matches the architecture, only
-    commit 5ecdd3e47cadae83a62dc92b472f1fe163b56f59
+implementing the lower four bits, with the rest RAZ/WI. This puts
-    target/arm: Finish implementation of PM[X]EVCNTR and PM[X]EVTYPER
+a strict limit on ARM_MAX_VQ of 16. Make sure we don't let ARM_MAX_VQ
 grow without a corresponding update here.
-Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com>
+Suggested-by: Dave Martin <Dave.Martin@arm.com>
-Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
+Signed-off-by: Andrew Jones <drjones@redhat.com>
-Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190205135129.19338-1-aaron@os.amperecomputing.com
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/helper.c | 8 ++++----
+ target/arm/helper.c | 1 +
-file changed, 4 insertions(+), 4 deletions(-)
+file changed, 1 insertion(+)
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.c
 +++ b/target/arm/helper.c
-@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
+@@ -XXX,XX +XXX,XX @@ static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
-             char *pmevtyper_name = g_strdup_printf("PMEVTYPER%d", i);
+     int new_len;
-             char *pmevtyper_el0_name = g_strdup_printf("PMEVTYPER%d_EL0", i);
-             ARMCPRegInfo pmev_regs[] = {
+     /* Bits other than [3:0] are RAZ/WI.  */
--                { .name = pmevcntr_name, .cp = 15, .crn = 15,
++    QEMU_BUILD_BUG_ON(ARM_MAX_VQ > 16);
-+                { .name = pmevcntr_name, .cp = 15, .crn = 14,
+     raw_write(env, ri, value & 0xf);
-                   .crm = 8 | (3 & (i >> 3)), .opc1 = 0, .opc2 = i & 7,
-                   .access = PL0_RW, .type = ARM_CP_IO | ARM_CP_ALIAS,
+     /*
                    .readfn = pmevcntr_readfn, .writefn = pmevcntr_writefn,
                    .accessfn = pmreg_access },
                  { .name = pmevcntr_el0_name, .state = ARM_CP_STATE_AA64,
 -                  .opc0 = 3, .opc1 = 3, .crn = 15, .crm = 8 | (3 & (i >> 3)),
 +                  .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 8 | (3 & (i >> 3)),
                    .opc2 = i & 7, .access = PL0_RW, .accessfn = pmreg_access,
                    .type = ARM_CP_IO,
                    .readfn = pmevcntr_readfn, .writefn = pmevcntr_writefn,
                    .raw_readfn = pmevcntr_rawread,
                    .raw_writefn = pmevcntr_rawwrite },
 -                { .name = pmevtyper_name, .cp = 15, .crn = 15,
 +                { .name = pmevtyper_name, .cp = 15, .crn = 14,
                    .crm = 12 | (3 & (i >> 3)), .opc1 = 0, .opc2 = i & 7,
                    .access = PL0_RW, .type = ARM_CP_IO | ARM_CP_ALIAS,
                    .readfn = pmevtyper_readfn, .writefn = pmevtyper_writefn,
                    .accessfn = pmreg_access },
                  { .name = pmevtyper_el0_name, .state = ARM_CP_STATE_AA64,
 -                  .opc0 = 3, .opc1 = 3, .crn = 15, .crm = 12 | (3 & (i >> 3)),
 +                  .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 12 | (3 & (i >> 3)),
                    .opc2 = i & 7, .access = PL0_RW, .accessfn = pmreg_access,
                    .type = ARM_CP_IO,
                    .readfn = pmevtyper_readfn, .writefn = pmevtyper_writefn,
 --
 .20.1

-[Qemu-devel] [PULL 06/27] target/arm: relax permission checks for HWCAP_CPUID registers
+[Qemu-devel] [PULL 20/29] target/arm/cpu: Use div-round-up to determine predicate register array size
-From: Alex Bennée <alex.bennee@linaro.org>
+From: Andrew Jones <drjones@redhat.com>
-Although technically not visible to userspace the kernel does make
+Unless we're guaranteed to always increase ARM_MAX_VQ by a multiple of
-them visible via a trap and emulate ABI. We provide a new permission
+four, then we should use DIV_ROUND_UP to ensure we get an appropriate
-mask (PL0U_R) which maps to PL0_R for CONFIG_USER builds and adjust
+array size.
 the minimum permission check accordingly.
-Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
+Signed-off-by: Andrew Jones <drjones@redhat.com>
-Message-id: 20190205190224.2198-2-alex.bennee@linaro.org
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/cpu.h    | 12 ++++++++++++
+ target/arm/cpu.h | 2 +-
- target/arm/helper.c |  6 +++++-
+file changed, 1 insertion(+), 1 deletion(-)
 files changed, 17 insertions(+), 1 deletion(-)
 diff --git a/target/arm/cpu.h b/target/arm/cpu.h
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/cpu.h
 +++ b/target/arm/cpu.h
-@@ -XXX,XX +XXX,XX @@ static inline bool cptype_valid(int cptype)
+@@ -XXX,XX +XXX,XX @@ typedef struct ARMVectorReg {
- #define PL0_R (0x02 | PL1_R)
+ #ifdef TARGET_AARCH64
- #define PL0_W (0x01 | PL1_W)
+ /* In AArch32 mode, predicate registers do not exist at all.  */
+ typedef struct ARMPredicateReg {
-+/*
+-    uint64_t p[2 * ARM_MAX_VQ / 8] QEMU_ALIGNED(16);
-+ * For user-mode some registers are accessible to EL0 via a kernel
++    uint64_t p[DIV_ROUND_UP(2 * ARM_MAX_VQ, 8)] QEMU_ALIGNED(16);
-+ * trap-and-emulate ABI. In this case we define the read permissions
+ } ARMPredicateReg;
-+ * as actually being PL0_R. However some bits of any given register
-+ * may still be masked.
+ /* In AArch32 mode, PAC keys do not exist at all.  */
 + */
 +#ifdef CONFIG_USER_ONLY
 +#define PL0U_R PL0_R
 +#else
 +#define PL0U_R PL1_R
 +#endif
 +
  #define PL3_RW (PL3_R | PL3_W)
  #define PL2_RW (PL2_R | PL2_W)
  #define PL1_RW (PL1_R | PL1_W)
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.c
 +++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
      if (r->state != ARM_CP_STATE_AA32) {
          int mask = 0;
          switch (r->opc1) {
 -        case 0: case 1: case 2:
 +        case 0:
 +            /* min_EL EL1, but some accessible to EL0 via kernel ABI */
 +            mask = PL0U_R | PL1_RW;
 +            break;
 +        case 1: case 2:
              /* min_EL EL1 */
              mask = PL1_RW;
              break;
 --
 .20.1

-[Qemu-devel] [PULL 03/27] target/arm: Fix int128_make128 lo, hi order in paired_cmpxchg64_be
+[Qemu-devel] [PULL 21/29] target/arm/kvm64: Fix error returns
-From: Catherine Ho <catherine.hecx@gmail.com>
+From: Andrew Jones <drjones@redhat.com>
-The lo,hi order is different from the comments. And in commit
+A couple return -EINVAL's forgot their '-'s.
 ec182c33379 ("target/arm: Convert to HAVE_CMPXCHG128"), it changes
 the original code logic. So just restore the old code logic before this
 commit:
 do_paired_cmpxchg64_be():
     cmpv = int128_make128(env->exclusive_high, env->exclusive_val);
     newv = int128_make128(new_hi, new_lo);
-This fixes a bug that would only be visible for big-endian
+Signed-off-by: Andrew Jones <drjones@redhat.com>
-AArch64 guest code.
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
 Fixes: 1ec182c33379 ("target/arm: Convert to HAVE_CMPXCHG128")
 Signed-off-by: Catherine Ho <catherine.hecx@gmail.com>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 1548985244-24523-1-git-send-email-catherine.hecx@gmail.com
-[PMM: added note that bug only affects BE guests]
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/helper-a64.c | 4 ++--
+ target/arm/kvm64.c | 4 ++--
 file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
+diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper-a64.c
+--- a/target/arm/kvm64.c
-+++ b/target/arm/helper-a64.c
++++ b/target/arm/kvm64.c
-@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be)(CPUARMState *env, uint64_t addr,
+@@ -XXX,XX +XXX,XX @@ int kvm_arch_put_registers(CPUState *cs, int level)
-      * High and low need to be switched here because this is not actually a
+     write_cpustate_to_list(cpu, true);
-      * 128bit store but two doublewords stored consecutively
-      */
+     if (!write_list_to_kvmstate(cpu, level)) {
--    Int128 cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
+-        return EINVAL;
--    Int128 newv = int128_make128(new_lo, new_hi);
++        return -EINVAL;
-+    Int128 cmpv = int128_make128(env->exclusive_high, env->exclusive_val);
+     }
-+    Int128 newv = int128_make128(new_hi, new_lo);
-     Int128 oldv;
+     kvm_arm_sync_mpstate_to_kvm(cpu);
-     uintptr_t ra = GETPC();
+@@ -XXX,XX +XXX,XX @@ int kvm_arch_get_registers(CPUState *cs)
-     uint64_t o0, o1;
+     }
      if (!write_kvmstate_to_list(cpu)) {
 -        return EINVAL;
 +        return -EINVAL;
      }
      /* Note that it's OK to have registers which aren't in CPUState,
       * so we can ignore a failure return here.
 --
 .20.1

-[Qemu-devel] [PULL 10/27] linux-user/elfload: enable HWCAP_CPUID for AArch64
+[Qemu-devel] [PULL 22/29] target/arm/kvm64: Move the get/put of fpsimd registers out
-From: Alex Bennée <alex.bennee@linaro.org>
+From: Andrew Jones <drjones@redhat.com>
-Userspace programs should (in theory) query the ELF HWCAP before
+Move the getting/putting of the fpsimd registers out of
-probing these registers. Now we have implemented them all make it
+kvm_arch_get/put_registers() into their own helper functions
-public.
+to prepare for alternatively getting/putting SVE registers.
-Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
+No functional change.
 Signed-off-by: Andrew Jones <drjones@redhat.com>
 Reviewed-by: Eric Auger <eric.auger@redhat.com>
 Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190205190224.2198-6-alex.bennee@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- linux-user/elfload.c | 1 +
+ target/arm/kvm64.c | 148 +++++++++++++++++++++++++++------------------
-file changed, 1 insertion(+)
+file changed, 88 insertions(+), 60 deletions(-)
-diff --git a/linux-user/elfload.c b/linux-user/elfload.c
+diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
 index XXXXXXX..XXXXXXX 100644
---- a/linux-user/elfload.c
+--- a/target/arm/kvm64.c
-+++ b/linux-user/elfload.c
++++ b/target/arm/kvm64.c
-@@ -XXX,XX +XXX,XX @@ static uint32_t get_elf_hwcap(void)
+@@ -XXX,XX +XXX,XX @@ int kvm_arm_cpreg_level(uint64_t regidx)
+ #define AARCH64_SIMD_CTRL_REG(x)   (KVM_REG_ARM64 | KVM_REG_SIZE_U32 | \
-     hwcaps |= ARM_HWCAP_A64_FP;
+                  KVM_REG_ARM_CORE | KVM_REG_ARM_CORE_REG(x))
-     hwcaps |= ARM_HWCAP_A64_ASIMD;
-+    hwcaps |= ARM_HWCAP_A64_CPUID;
++static int kvm_arch_put_fpsimd(CPUState *cs)
++{
-     /* probe for the extra features */
++    ARMCPU *cpu = ARM_CPU(cs);
- #define GET_FEATURE_ID(feat, hwcap) \
++    CPUARMState *env = &cpu->env;
 +    struct kvm_one_reg reg;
 +    uint32_t fpr;
 +    int i, ret;
 +
 +    for (i = 0; i < 32; i++) {
 +        uint64_t *q = aa64_vfp_qreg(env, i);
 +#ifdef HOST_WORDS_BIGENDIAN
 +        uint64_t fp_val[2] = { q[1], q[0] };
 +        reg.addr = (uintptr_t)fp_val;
 +#else
 +        reg.addr = (uintptr_t)q;
 +#endif
 +        reg.id = AARCH64_SIMD_CORE_REG(fp_regs.vregs[i]);
 +        ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
 +        if (ret) {
 +            return ret;
 +        }
 +    }
 +
 +    reg.addr = (uintptr_t)(&fpr);
 +    fpr = vfp_get_fpsr(env);
 +    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpsr);
 +    ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
 +    if (ret) {
 +        return ret;
 +    }
 +
 +    reg.addr = (uintptr_t)(&fpr);
 +    fpr = vfp_get_fpcr(env);
 +    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpcr);
 +    ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
 +    if (ret) {
 +        return ret;
 +    }
 +
 +    return 0;
 +}
 +
  int kvm_arch_put_registers(CPUState *cs, int level)
  {
      struct kvm_one_reg reg;
 -    uint32_t fpr;
      uint64_t val;
 -    int i;
 -    int ret;
 +    int i, ret;
      unsigned int el;
      ARMCPU *cpu = ARM_CPU(cs);
@@ -XXX,XX +XXX,XX @@ int kvm_arch_put_registers(CPUState *cs, int level)
          }
      }
 -    /* Advanced SIMD and FP registers. */
 -    for (i = 0; i < 32; i++) {
 -        uint64_t *q = aa64_vfp_qreg(env, i);
 -#ifdef HOST_WORDS_BIGENDIAN
 -        uint64_t fp_val[2] = { q[1], q[0] };
 -        reg.addr = (uintptr_t)fp_val;
 -#else
 -        reg.addr = (uintptr_t)q;
 -#endif
 -        reg.id = AARCH64_SIMD_CORE_REG(fp_regs.vregs[i]);
 -        ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
 -        if (ret) {
 -            return ret;
 -        }
 -    }
 -
 -    reg.addr = (uintptr_t)(&fpr);
 -    fpr = vfp_get_fpsr(env);
 -    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpsr);
 -    ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
 -    if (ret) {
 -        return ret;
 -    }
 -
 -    fpr = vfp_get_fpcr(env);
 -    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpcr);
 -    ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
 +    ret = kvm_arch_put_fpsimd(cs);
      if (ret) {
          return ret;
      }
@@ -XXX,XX +XXX,XX @@ int kvm_arch_put_registers(CPUState *cs, int level)
      return ret;
  }
 +static int kvm_arch_get_fpsimd(CPUState *cs)
 +{
 +    ARMCPU *cpu = ARM_CPU(cs);
 +    CPUARMState *env = &cpu->env;
 +    struct kvm_one_reg reg;
 +    uint32_t fpr;
 +    int i, ret;
 +
 +    for (i = 0; i < 32; i++) {
 +        uint64_t *q = aa64_vfp_qreg(env, i);
 +        reg.id = AARCH64_SIMD_CORE_REG(fp_regs.vregs[i]);
 +        reg.addr = (uintptr_t)q;
 +        ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
 +        if (ret) {
 +            return ret;
 +        } else {
 +#ifdef HOST_WORDS_BIGENDIAN
 +            uint64_t t;
 +            t = q[0], q[0] = q[1], q[1] = t;
 +#endif
 +        }
 +    }
 +
 +    reg.addr = (uintptr_t)(&fpr);
 +    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpsr);
 +    ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
 +    if (ret) {
 +        return ret;
 +    }
 +    vfp_set_fpsr(env, fpr);
 +
 +    reg.addr = (uintptr_t)(&fpr);
 +    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpcr);
 +    ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
 +    if (ret) {
 +        return ret;
 +    }
 +    vfp_set_fpcr(env, fpr);
 +
 +    return 0;
 +}
 +
  int kvm_arch_get_registers(CPUState *cs)
  {
      struct kvm_one_reg reg;
      uint64_t val;
 -    uint32_t fpr;
      unsigned int el;
 -    int i;
 -    int ret;
 +    int i, ret;
      ARMCPU *cpu = ARM_CPU(cs);
      CPUARMState *env = &cpu->env;
@@ -XXX,XX +XXX,XX @@ int kvm_arch_get_registers(CPUState *cs)
          env->spsr = env->banked_spsr[i];
      }
 -    /* Advanced SIMD and FP registers */
 -    for (i = 0; i < 32; i++) {
 -        uint64_t *q = aa64_vfp_qreg(env, i);
 -        reg.id = AARCH64_SIMD_CORE_REG(fp_regs.vregs[i]);
 -        reg.addr = (uintptr_t)q;
 -        ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
 -        if (ret) {
 -            return ret;
 -        } else {
 -#ifdef HOST_WORDS_BIGENDIAN
 -            uint64_t t;
 -            t = q[0], q[0] = q[1], q[1] = t;
 -#endif
 -        }
 -    }
 -
 -    reg.addr = (uintptr_t)(&fpr);
 -    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpsr);
 -    ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
 +    ret = kvm_arch_get_fpsimd(cs);
      if (ret) {
          return ret;
      }
 -    vfp_set_fpsr(env, fpr);
 -
 -    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpcr);
 -    ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
 -    if (ret) {
 -        return ret;
 -    }
 -    vfp_set_fpcr(env, fpr);
      ret = kvm_get_vcpu_events(cpu);
      if (ret) {
 --
 .20.1

-[Qemu-devel] [PULL 24/27] target/arm: Split out FPSCR.QC to a vector field
+[Qemu-devel] [PULL 23/29] target/arm: Use tcg_gen_extract_i32 for shifter_out_im
 From: Richard Henderson <richard.henderson@linaro.org>
-Change the representation of this field such that it is easy
+Extract is a compact combination of shift + and.
 to set from vector code.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190209033847.9014-11-richard.henderson@linaro.org
+Message-id: 20190808202616.13782-2-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/cpu.h         |  5 ++++-
+ target/arm/translate.c | 9 +--------
- target/arm/helper.c      | 19 +++++++++++++++----
+file changed, 1 insertion(+), 8 deletions(-)
  target/arm/neon_helper.c |  2 +-
  target/arm/vec_helper.c  |  2 +-
 files changed, 21 insertions(+), 7 deletions(-)
-diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/cpu.h
+--- a/target/arm/translate.c
-+++ b/target/arm/cpu.h
++++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {
+@@ -XXX,XX +XXX,XX @@ static void gen_sar(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
-         ARMPredicateReg preg_tmp;
- #endif
+ static void shifter_out_im(TCGv_i32 var, int shift)
 -        uint32_t xregs[16];
          /* We store these fpcsr fields separately for convenience.  */
 +        uint32_t qc[4] QEMU_ALIGNED(16);
          int vec_len;
          int vec_stride;
 +        uint32_t xregs[16];
 +
          /* Scratch space for aa32 neon expansion.  */
          uint32_t scratch[8];
@@ -XXX,XX +XXX,XX @@ void vfp_set_fpscr(CPUARMState *env, uint32_t val);
  #define FPCR_FZ16   (1 << 19)   /* ARMv8.2+, FP16 flush-to-zero */
  #define FPCR_FZ     (1 << 24)   /* Flush-to-zero enable bit */
  #define FPCR_DN     (1 << 25)   /* Default NaN enable bit */
 +#define FPCR_QC     (1 << 27)   /* Cumulative saturation bit */
  static inline uint32_t vfp_get_fpsr(CPUARMState *env)
  {
-diff --git a/target/arm/helper.c b/target/arm/helper.c
+-    if (shift == 0) {
-index XXXXXXX..XXXXXXX 100644
+-        tcg_gen_andi_i32(cpu_CF, var, 1);
---- a/target/arm/helper.c
+-    } else {
-+++ b/target/arm/helper.c
+-        tcg_gen_shri_i32(cpu_CF, var, shift);
-@@ -XXX,XX +XXX,XX @@ static inline int vfp_exceptbits_from_host(int host_bits)
+-        if (shift != 31) {
+-            tcg_gen_andi_i32(cpu_CF, cpu_CF, 1);
- uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
+-        }
- {
+-    }
--    int i;
++    tcg_gen_extract_i32(cpu_CF, var, shift, 1);
 -    uint32_t fpscr;
 +    uint32_t i, fpscr;
      fpscr = env->vfp.xregs[ARM_VFP_FPSCR]
              | (env->vfp.vec_len << 16)
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
      /* FZ16 does not generate an input denormal exception.  */
      i |= (get_float_exception_flags(&env->vfp.fp_status_f16)
            & ~float_flag_input_denormal);
 -
      fpscr |= vfp_exceptbits_from_host(i);
 +
 +    i = env->vfp.qc[0] | env->vfp.qc[1] | env->vfp.qc[2] | env->vfp.qc[3];
 +    fpscr |= i ? FPCR_QC : 0;
 +
      return fpscr;
  }
-@@ -XXX,XX +XXX,XX @@ void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
+ /* Shift by immediate.  Includes special handling for shift == 0.  */
       * (which are stored in fp_status), and the other RES0 bits
       * in between, then we clear all of the low 16 bits.
       */
 -    env->vfp.xregs[ARM_VFP_FPSCR] = val & 0xffc80000;
 +    env->vfp.xregs[ARM_VFP_FPSCR] = val & 0xf7c80000;
      env->vfp.vec_len = (val >> 16) & 7;
      env->vfp.vec_stride = (val >> 20) & 3;
 +    /*
 +     * The bit we set within fpscr_q is arbitrary; the register as a
 +     * whole being zero/non-zero is what counts.
 +     */
 +    env->vfp.qc[0] = val & FPCR_QC;
 +    env->vfp.qc[1] = 0;
 +    env->vfp.qc[2] = 0;
 +    env->vfp.qc[3] = 0;
 +
      changed ^= val;
      if (changed & (3 << 22)) {
          i = (val >> 22) & 3;
 diff --git a/target/arm/neon_helper.c b/target/arm/neon_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/neon_helper.c
 +++ b/target/arm/neon_helper.c
@@ -XXX,XX +XXX,XX @@
  #define SIGNBIT (uint32_t)0x80000000
  #define SIGNBIT64 ((uint64_t)1 << 63)
 -#define SET_QC() env->vfp.xregs[ARM_VFP_FPSCR] |= CPSR_Q
 +#define SET_QC() env->vfp.qc[0] = 1
  #define NEON_TYPE1(name, type) \
  typedef struct \
 diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/vec_helper.c
 +++ b/target/arm/vec_helper.c
@@ -XXX,XX +XXX,XX @@
  #define H4(x)  (x)
  #endif
 -#define SET_QC() env->vfp.xregs[ARM_VFP_FPSCR] |= CPSR_Q
 +#define SET_QC() env->vfp.qc[0] = 1
  static void clear_tail(void *vd, uintptr_t opr_sz, uintptr_t max_sz)
  {
 --
 .20.1

-[Qemu-devel] [PULL 27/27] gdbstub: Send a reply to the vKill packet.
+[Qemu-devel] [PULL 24/29] target/arm: Use tcg_gen_deposit_i32 for PKHBT, PKHTB
-From: Sandra Loosemore <sandra@codesourcery.com>
+From: Richard Henderson <richard.henderson@linaro.org>
-Per the GDB remote protocol documentation
+Use deposit as the composit operation to merge the
 bits from the two inputs.
-https://sourceware.org/gdb/current/onlinedocs/gdb/Packets.html#index-vKill-packet
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20190808202616.13782-3-richard.henderson@linaro.org
 the debug stub is expected to send a reply to the 'vKill' packet.  At
 least some versions of GDB crash if the gdb stub simply exits without
 sending a reply.  This patch fixes QEMU's gdb stub to conform to the
 expected behavior.
 Note that QEMU's existing handling of the legacy 'k' packet is
 correct: in that case GDB does not expect a reply, and QEMU does not
 send one.
 Signed-off-by: Sandra Loosemore <sandra@codesourcery.com>
 Message-id: 1550008033-26540-1-git-send-email-sandra@codesourcery.com
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- gdbstub.c | 1 +
+ target/arm/translate.c | 26 ++++++++++----------------
-file changed, 1 insertion(+)
+file changed, 10 insertions(+), 16 deletions(-)
-diff --git a/gdbstub.c b/gdbstub.c
+diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
---- a/gdbstub.c
+--- a/target/arm/translate.c
-+++ b/gdbstub.c
++++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
+@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
-             break;
+                         shift = (insn >> 7) & 0x1f;
-         } else if (strncmp(p, "Kill;", 5) == 0) {
+                         if (insn & (1 << 6)) {
-             /* Kill the target */
+                             /* pkhtb */
-+            put_packet(s, "OK");
+-                            if (shift == 0)
-             error_report("QEMU: Terminated via GDBstub");
++                            if (shift == 0) {
-             exit(0);
+                                 shift = 31;
 +                            }
                              tcg_gen_sari_i32(tmp2, tmp2, shift);
 -                            tcg_gen_andi_i32(tmp, tmp, 0xffff0000);
 -                            tcg_gen_ext16u_i32(tmp2, tmp2);
 +                            tcg_gen_deposit_i32(tmp, tmp, tmp2, 0, 16);
                          } else {
                              /* pkhbt */
 -                            if (shift)
 -                                tcg_gen_shli_i32(tmp2, tmp2, shift);
 -                            tcg_gen_ext16u_i32(tmp, tmp);
 -                            tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
 +                            tcg_gen_shli_i32(tmp2, tmp2, shift);
 +                            tcg_gen_deposit_i32(tmp, tmp2, tmp, 0, 16);
                          }
 -                        tcg_gen_or_i32(tmp, tmp, tmp2);
                          tcg_temp_free_i32(tmp2);
                          store_reg(s, rd, tmp);
                      } else if ((insn & 0x00200020) == 0x00200000) {
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
              shift = ((insn >> 10) & 0x1c) | ((insn >> 6) & 0x3);
              if (insn & (1 << 5)) {
                  /* pkhtb */
 -                if (shift == 0)
 +                if (shift == 0) {
                      shift = 31;
 +                }
                  tcg_gen_sari_i32(tmp2, tmp2, shift);
 -                tcg_gen_andi_i32(tmp, tmp, 0xffff0000);
 -                tcg_gen_ext16u_i32(tmp2, tmp2);
 +                tcg_gen_deposit_i32(tmp, tmp, tmp2, 0, 16);
              } else {
                  /* pkhbt */
 -                if (shift)
 -                    tcg_gen_shli_i32(tmp2, tmp2, shift);
 -                tcg_gen_ext16u_i32(tmp, tmp);
 -                tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
 +                tcg_gen_shli_i32(tmp2, tmp2, shift);
 +                tcg_gen_deposit_i32(tmp, tmp2, tmp, 0, 16);
              }
 -            tcg_gen_or_i32(tmp, tmp, tmp2);
              tcg_temp_free_i32(tmp2);
              store_reg(s, rd, tmp);
          } else {
 --
 .20.1

-[Qemu-devel] [PULL 20/27] target/arm: Fix vfp_gdb_get/set_reg vs FPSCR
+[Qemu-devel] [PULL 25/29] target/arm: Remove redundant shift tests
 From: Richard Henderson <richard.henderson@linaro.org>
-The components of this register is stored in several
+The immediate shift generator functions already test for,
-different locations.
+and eliminate, the case of a shift by zero.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190209033847.9014-7-richard.henderson@linaro.org
+Message-id: 20190808202616.13782-4-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/helper.c | 4 ++--
+ target/arm/translate.c | 19 +++++++------------
-file changed, 2 insertions(+), 2 deletions(-)
+file changed, 7 insertions(+), 12 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
+diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
+--- a/target/arm/translate.c
-+++ b/target/arm/helper.c
++++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
+@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
-     }
+                         shift = (insn >> 10) & 3;
-     switch (reg - nregs) {
+                         /* ??? In many cases it's not necessary to do a
-     case 0: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSID]); return 4;
+                            rotate, a shift is sufficient.  */
--    case 1: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSCR]); return 4;
+-                        if (shift != 0)
-+    case 1: stl_p(buf, vfp_get_fpscr(env)); return 4;
+-                            tcg_gen_rotri_i32(tmp, tmp, shift * 8);
-     case 2: stl_p(buf, env->vfp.xregs[ARM_VFP_FPEXC]); return 4;
++                        tcg_gen_rotri_i32(tmp, tmp, shift * 8);
-     }
+                         op1 = (insn >> 20) & 7;
-     return 0;
+                         switch (op1) {
-@@ -XXX,XX +XXX,XX @@ static int vfp_gdb_set_reg(CPUARMState *env, uint8_t *buf, int reg)
+                         case 0: gen_sxtb16(tmp);  break;
-     }
+@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
-     switch (reg - nregs) {
+             shift = (insn >> 4) & 3;
-     case 0: env->vfp.xregs[ARM_VFP_FPSID] = ldl_p(buf); return 4;
+             /* ??? In many cases it's not necessary to do a
--    case 1: env->vfp.xregs[ARM_VFP_FPSCR] = ldl_p(buf); return 4;
+                rotate, a shift is sufficient.  */
-+    case 1: vfp_set_fpscr(env, ldl_p(buf)); return 4;
+-            if (shift != 0)
-     case 2: env->vfp.xregs[ARM_VFP_FPEXC] = ldl_p(buf) & (1 << 30); return 4;
+-                tcg_gen_rotri_i32(tmp, tmp, shift * 8);
-     }
++            tcg_gen_rotri_i32(tmp, tmp, shift * 8);
-     return 0;
+             op = (insn >> 20) & 7;
              switch (op) {
              case 0: gen_sxth(tmp);   break;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                      case 7:
                          goto illegal_op;
                      default: /* Saturate.  */
 -                        if (shift) {
 -                            if (op & 1)
 -                                tcg_gen_sari_i32(tmp, tmp, shift);
 -                            else
 -                                tcg_gen_shli_i32(tmp, tmp, shift);
 +                        if (op & 1) {
 +                            tcg_gen_sari_i32(tmp, tmp, shift);
 +                        } else {
 +                            tcg_gen_shli_i32(tmp, tmp, shift);
                          }
                          tmp2 = tcg_const_i32(imm);
                          if (op & 4) {
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                      goto illegal_op;
                  }
                  tmp = load_reg(s, rm);
 -                if (shift) {
 -                    tcg_gen_shli_i32(tmp, tmp, shift);
 -                }
 +                tcg_gen_shli_i32(tmp, tmp, shift);
                  tcg_gen_add_i32(addr, addr, tmp);
                  tcg_temp_free_i32(tmp);
                  break;
 --
 .20.1

-[Qemu-devel] [PULL 04/27] target/arm: Force result size into dp after operation
+[Qemu-devel] [PULL 26/29] target/arm: Use ror32 instead of open-coding the operation
 From: Richard Henderson <richard.henderson@linaro.org>
-Rather than a complex set of cases testing for writeback,
+The helper function is more documentary, and also already
-adjust DP after performing the operation.
+handles the case of rotate by zero.
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Message-id: 20190808202616.13782-5-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190206052857.5077-2-richard.henderson@linaro.org
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate.c | 32 ++++++++++++++++----------------
+ target/arm/translate.c | 7 ++-----
-file changed, 16 insertions(+), 16 deletions(-)
+file changed, 2 insertions(+), 5 deletions(-)
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
+@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
-                         tcg_gen_or_i32(tmp, tmp, tmp2);
+                 /* CPSR = immediate */
-                         tcg_temp_free_i32(tmp2);
+                 val = insn & 0xff;
-                         gen_vfp_msr(tmp);
+                 shift = ((insn >> 8) & 0xf) * 2;
-+                        dp = 0; /* always a single precision result */
+-                if (shift)
-                         break;
+-                    val = (val >> shift) | (val << (32 - shift));
-                     }
++                val = ror32(val, shift);
-                     case 7: /* vcvtt.f16.f32, vcvtt.f16.f64 */
+                 i = ((insn & (1 << 22)) != 0);
-@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
+                 if (gen_set_psr_im(s, msr_mask(s, (insn >> 16) & 0xf, i),
-                         tcg_gen_or_i32(tmp, tmp, tmp2);
+                                    i, val)) {
-                         tcg_temp_free_i32(tmp2);
+@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
-                         gen_vfp_msr(tmp);
+             /* immediate operand */
-+                        dp = 0; /* always a single precision result */
+             val = insn & 0xff;
-                         break;
+             shift = ((insn >> 8) & 0xf) * 2;
-                     }
+-            if (shift) {
-                     case 8: /* cmp */
+-                val = (val >> shift) | (val << (32 - shift));
-                         gen_vfp_cmp(dp);
+-            }
-+                        dp = -1; /* no write back */
++            val = ror32(val, shift);
-                         break;
+             tmp2 = tcg_temp_new_i32();
-                     case 9: /* cmpe */
+             tcg_gen_movi_i32(tmp2, val);
-                         gen_vfp_cmpe(dp);
+             if (logic_cc && shift) {
 +                        dp = -1; /* no write back */
                          break;
                      case 10: /* cmpz */
                          gen_vfp_cmp(dp);
 +                        dp = -1; /* no write back */
                          break;
                      case 11: /* cmpez */
                          gen_vfp_F1_ld0(dp);
                          gen_vfp_cmpe(dp);
 +                        dp = -1; /* no write back */
                          break;
                      case 12: /* vrintr */
                      {
@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
                          break;
                      }
                      case 15: /* single<->double conversion */
 -                        if (dp)
 +                        if (dp) {
                              gen_helper_vfp_fcvtsd(cpu_F0s, cpu_F0d, cpu_env);
 -                        else
 +                        } else {
                              gen_helper_vfp_fcvtds(cpu_F0d, cpu_F0s, cpu_env);
 +                        }
 +                        dp = !dp; /* result size is opposite */
                          break;
                      case 16: /* fuito */
                          gen_vfp_uito(dp, 0);
@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
                          break;
                      case 24: /* ftoui */
                          gen_vfp_toui(dp, 0);
 +                        dp = 0; /* always an integer result */
                          break;
                      case 25: /* ftouiz */
                          gen_vfp_touiz(dp, 0);
 +                        dp = 0; /* always an integer result */
                          break;
                      case 26: /* ftosi */
                          gen_vfp_tosi(dp, 0);
 +                        dp = 0; /* always an integer result */
                          break;
                      case 27: /* ftosiz */
                          gen_vfp_tosiz(dp, 0);
 +                        dp = 0; /* always an integer result */
                          break;
                      case 28: /* ftosh */
                          if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
                      return 1;
                  }
 -                /* Write back the result.  */
 -                if (op == 15 && (rn >= 8 && rn <= 11)) {
 -                    /* Comparison, do nothing.  */
 -                } else if (op == 15 && dp && ((rn & 0x1c) == 0x18 ||
 -                                              (rn & 0x1e) == 0x6)) {
 -                    /* VCVT double to int: always integer result.
 -                     * VCVT double to half precision is always a single
 -                     * precision result.
 -                     */
 -                    gen_mov_vreg_F0(0, rd);
 -                } else if (op == 15 && rn == 15) {
 -                    /* conversion */
 -                    gen_mov_vreg_F0(!dp, rd);
 -                } else {
 +                /* Write back the result, if any.  */
 +                if (dp >= 0) {
                      gen_mov_vreg_F0(dp, rd);
                  }
 --
 .20.1

-[Qemu-devel] [PULL 22/27] target/arm: Split out flags setting from vfp compares
+[Qemu-devel] [PULL 27/29] target/arm: Use tcg_gen_rotri_i32 for gen_swap_half
 From: Richard Henderson <richard.henderson@linaro.org>
-Minimize the code within a macro by splitting out a helper function.
+Rotate is the more compact and obvious way to swap 16-bit
-Use deposit32 instead of manual bit manipulation.
+elements of a 32-bit word.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190209033847.9014-9-richard.henderson@linaro.org
+Message-id: 20190808202616.13782-6-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/helper.c | 45 +++++++++++++++++++++++++++------------------
+ target/arm/translate.c | 6 +-----
-file changed, 27 insertions(+), 18 deletions(-)
+file changed, 1 insertion(+), 5 deletions(-)
-diff --git a/target/arm/helper.c b/target/arm/helper.c
+diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/helper.c
+--- a/target/arm/translate.c
-+++ b/target/arm/helper.c
++++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ float64 VFP_HELPER(sqrt, d)(float64 a, CPUARMState *env)
+@@ -XXX,XX +XXX,XX @@ static TCGv_i64 gen_muls_i64_i32(TCGv_i32 a, TCGv_i32 b)
-     return float64_sqrt(a, &env->vfp.fp_status);
+ /* Swap low and high halfwords.  */
  static void gen_swap_half(TCGv_i32 var)
  {
 -    TCGv_i32 tmp = tcg_temp_new_i32();
 -    tcg_gen_shri_i32(tmp, var, 16);
 -    tcg_gen_shli_i32(var, var, 16);
 -    tcg_gen_or_i32(var, var, tmp);
 -    tcg_temp_free_i32(tmp);
 +    tcg_gen_rotri_i32(var, var, 16);
  }
-+static void softfloat_to_vfp_compare(CPUARMState *env, int cmp)
+ /* Dual 16-bit add.  Result placed in t0 and t1 is marked as dead.
 +{
 +    uint32_t flags;
 +    switch (cmp) {
 +    case float_relation_equal:
 +        flags = 0x6;
 +        break;
 +    case float_relation_less:
 +        flags = 0x8;
 +        break;
 +    case float_relation_greater:
 +        flags = 0x2;
 +        break;
 +    case float_relation_unordered:
 +        flags = 0x3;
 +        break;
 +    default:
 +        g_assert_not_reached();
 +    }
 +    env->vfp.xregs[ARM_VFP_FPSCR] =
 +        deposit32(env->vfp.xregs[ARM_VFP_FPSCR], 28, 4, flags);
 +}
 +
  /* XXX: check quiet/signaling case */
  #define DO_VFP_cmp(p, type) \
  void VFP_HELPER(cmp, p)(type a, type b, CPUARMState *env)  \
  { \
 -    uint32_t flags; \
 -    switch(type ## _compare_quiet(a, b, &env->vfp.fp_status)) { \
 -    case 0: flags = 0x6; break; \
 -    case -1: flags = 0x8; break; \
 -    case 1: flags = 0x2; break; \
 -    default: case 2: flags = 0x3; break; \
 -    } \
 -    env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
 -        | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
 +    softfloat_to_vfp_compare(env, \
 +        type ## _compare_quiet(a, b, &env->vfp.fp_status)); \
  } \
  void VFP_HELPER(cmpe, p)(type a, type b, CPUARMState *env) \
  { \
 -    uint32_t flags; \
 -    switch(type ## _compare(a, b, &env->vfp.fp_status)) { \
 -    case 0: flags = 0x6; break; \
 -    case -1: flags = 0x8; break; \
 -    case 1: flags = 0x2; break; \
 -    default: case 2: flags = 0x3; break; \
 -    } \
 -    env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
 -        | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
 +    softfloat_to_vfp_compare(env, \
 +        type ## _compare(a, b, &env->vfp.fp_status)); \
  }
  DO_VFP_cmp(s, float32)
  DO_VFP_cmp(d, float64)
 --
 .20.1

-[Qemu-devel] [PULL 18/27] target/arm: Use tcg integer min/max primitives for neon
+[Qemu-devel] [PULL 28/29] target/arm: Simplify SMMLA, SMMLAR, SMMLS, SMMLSR
 From: Richard Henderson <richard.henderson@linaro.org>
-The 32-bit PMIN/PMAX has been decomposed to scalars,
+All of the inputs to these instructions are 32-bits.  Rather than
-and so can be trivially expanded inline.
+extend each input to 64-bits and then extract the high 32-bits of
 the output, use tcg_gen_muls2_i32 and other 32-bit generator functions.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190209033847.9014-5-richard.henderson@linaro.org
+Message-id: 20190808202616.13782-7-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate.c | 8 ++++----
+ target/arm/translate.c | 72 +++++++++++++++---------------------------
-file changed, 4 insertions(+), 4 deletions(-)
+file changed, 26 insertions(+), 46 deletions(-)
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ static inline void gen_neon_rsb(int size, TCGv_i32 t0, TCGv_i32 t1)
+@@ -XXX,XX +XXX,XX @@ static void gen_revsh(TCGv_i32 var)
      tcg_gen_ext16s_i32(var, var);
  }
- /* 32-bit pairwise ops end up the same as the elementwise versions.  */
+-/* Return (b << 32) + a. Mark inputs as dead */
--#define gen_helper_neon_pmax_s32  gen_helper_neon_max_s32
+-static TCGv_i64 gen_addq_msw(TCGv_i64 a, TCGv_i32 b)
--#define gen_helper_neon_pmax_u32  gen_helper_neon_max_u32
+-{
--#define gen_helper_neon_pmin_s32  gen_helper_neon_min_s32
+-    TCGv_i64 tmp64 = tcg_temp_new_i64();
--#define gen_helper_neon_pmin_u32  gen_helper_neon_min_u32
+-
-+#define gen_helper_neon_pmax_s32  tcg_gen_smax_i32
+-    tcg_gen_extu_i32_i64(tmp64, b);
-+#define gen_helper_neon_pmax_u32  tcg_gen_umax_i32
+-    tcg_temp_free_i32(b);
-+#define gen_helper_neon_pmin_s32  tcg_gen_smin_i32
+-    tcg_gen_shli_i64(tmp64, tmp64, 32);
-+#define gen_helper_neon_pmin_u32  tcg_gen_umin_i32
+-    tcg_gen_add_i64(a, tmp64, a);
+-
- #define GEN_NEON_INTEGER_OP_ENV(name) do { \
+-    tcg_temp_free_i64(tmp64);
-     switch ((size << 1) | u) { \
+-    return a;
 -}
 -
 -/* Return (b << 32) - a. Mark inputs as dead. */
 -static TCGv_i64 gen_subq_msw(TCGv_i64 a, TCGv_i32 b)
 -{
 -    TCGv_i64 tmp64 = tcg_temp_new_i64();
 -
 -    tcg_gen_extu_i32_i64(tmp64, b);
 -    tcg_temp_free_i32(b);
 -    tcg_gen_shli_i64(tmp64, tmp64, 32);
 -    tcg_gen_sub_i64(a, tmp64, a);
 -
 -    tcg_temp_free_i64(tmp64);
 -    return a;
 -}
 -
  /* 32x32->64 multiply.  Marks inputs as dead.  */
  static TCGv_i64 gen_mulu_i64_i32(TCGv_i32 a, TCGv_i32 b)
  {
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                             (SMMUL, SMMLA, SMMLS) */
                          tmp = load_reg(s, rm);
                          tmp2 = load_reg(s, rs);
 -                        tmp64 = gen_muls_i64_i32(tmp, tmp2);
 +                        tcg_gen_muls2_i32(tmp2, tmp, tmp, tmp2);
                          if (rd != 15) {
 -                            tmp = load_reg(s, rd);
 +                            tmp3 = load_reg(s, rd);
                              if (insn & (1 << 6)) {
 -                                tmp64 = gen_subq_msw(tmp64, tmp);
 +                                tcg_gen_sub_i32(tmp, tmp, tmp3);
                              } else {
 -                                tmp64 = gen_addq_msw(tmp64, tmp);
 +                                tcg_gen_add_i32(tmp, tmp, tmp3);
                              }
 +                            tcg_temp_free_i32(tmp3);
                          }
                          if (insn & (1 << 5)) {
 -                            tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
 +                            /*
 +                             * Adding 0x80000000 to the 64-bit quantity
 +                             * means that we have carry in to the high
 +                             * word when the low word has the high bit set.
 +                             */
 +                            tcg_gen_shri_i32(tmp2, tmp2, 31);
 +                            tcg_gen_add_i32(tmp, tmp, tmp2);
                          }
 -                        tcg_gen_shri_i64(tmp64, tmp64, 32);
 -                        tmp = tcg_temp_new_i32();
 -                        tcg_gen_extrl_i64_i32(tmp, tmp64);
 -                        tcg_temp_free_i64(tmp64);
 +                        tcg_temp_free_i32(tmp2);
                          store_reg(s, rn, tmp);
                          break;
                      case 0:
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                    }
                  break;
              case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
 -                tmp64 = gen_muls_i64_i32(tmp, tmp2);
 +                tcg_gen_muls2_i32(tmp2, tmp, tmp, tmp2);
                  if (rs != 15) {
 -                    tmp = load_reg(s, rs);
 +                    tmp3 = load_reg(s, rs);
                      if (insn & (1 << 20)) {
 -                        tmp64 = gen_addq_msw(tmp64, tmp);
 +                        tcg_gen_add_i32(tmp, tmp, tmp3);
                      } else {
 -                        tmp64 = gen_subq_msw(tmp64, tmp);
 +                        tcg_gen_sub_i32(tmp, tmp, tmp3);
                      }
 +                    tcg_temp_free_i32(tmp3);
                  }
                  if (insn & (1 << 4)) {
 -                    tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
 +                    /*
 +                     * Adding 0x80000000 to the 64-bit quantity
 +                     * means that we have carry in to the high
 +                     * word when the low word has the high bit set.
 +                     */
 +                    tcg_gen_shri_i32(tmp2, tmp2, 31);
 +                    tcg_gen_add_i32(tmp, tmp, tmp2);
                  }
 -                tcg_gen_shri_i64(tmp64, tmp64, 32);
 -                tmp = tcg_temp_new_i32();
 -                tcg_gen_extrl_i64_i32(tmp, tmp64);
 -                tcg_temp_free_i64(tmp64);
 +                tcg_temp_free_i32(tmp2);
                  break;
              case 7: /* Unsigned sum of absolute differences.  */
                  gen_helper_usad8(tmp, tmp, tmp2);
 --
 .20.1

-[Qemu-devel] [PULL 21/27] target/arm: Fix arm_cpu_dump_state vs FPSCR
+[Qemu-devel] [PULL 29/29] target/arm: Use tcg_gen_extrh_i64_i32 to extract the high word
 From: Richard Henderson <richard.henderson@linaro.org>
+Separate shift + extract low will result in one extra insn
+for hosts like RISC-V, MIPS, and Sparc.
 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20190209033847.9014-8-richard.henderson@linaro.org
+Message-id: 20190808202616.13782-8-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
 ---
- target/arm/translate.c | 2 +-
+ target/arm/translate.c | 18 ++++++------------
-file changed, 1 insertion(+), 1 deletion(-)
+file changed, 6 insertions(+), 12 deletions(-)
 diff --git a/target/arm/translate.c b/target/arm/translate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/translate.c
 +++ b/target/arm/translate.c
-@@ -XXX,XX +XXX,XX @@ void arm_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
+@@ -XXX,XX +XXX,XX @@ static int disas_iwmmxt_insn(DisasContext *s, uint32_t insn)
-                         i * 2 + 1, (uint32_t)(v >> 32),
+             if (insn & ARM_CP_RW_BIT) {                         /* TMRRC */
-                         i, v);
+                 iwmmxt_load_reg(cpu_V0, wrd);
-         }
+                 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
--        cpu_fprintf(f, "FPSCR: %08x\n", (int)env->vfp.xregs[ARM_VFP_FPSCR]);
+-                tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
-+        cpu_fprintf(f, "FPSCR: %08x\n", vfp_get_fpscr(env));
+-                tcg_gen_extrl_i64_i32(cpu_R[rdhi], cpu_V0);
-     }
++                tcg_gen_extrh_i64_i32(cpu_R[rdhi], cpu_V0);
              } else {                                    /* TMCRR */
                  tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
                  iwmmxt_store_reg(cpu_V0, wrd);
@@ -XXX,XX +XXX,XX @@ static int disas_dsp_insn(DisasContext *s, uint32_t insn)
          if (insn & ARM_CP_RW_BIT) {                     /* MRA */
              iwmmxt_load_reg(cpu_V0, acc);
              tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
 -            tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
 -            tcg_gen_extrl_i64_i32(cpu_R[rdhi], cpu_V0);
 +            tcg_gen_extrh_i64_i32(cpu_R[rdhi], cpu_V0);
              tcg_gen_andi_i32(cpu_R[rdhi], cpu_R[rdhi], (1 << (40 - 32)) - 1);
          } else {                                        /* MAR */
              tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
                                  gen_helper_neon_narrow_high_u16(tmp, cpu_V0);
                                  break;
                              case 2:
 -                                tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
 -                                tcg_gen_extrl_i64_i32(tmp, cpu_V0);
 +                                tcg_gen_extrh_i64_i32(tmp, cpu_V0);
                                  break;
                              default: abort();
                              }
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
                                  break;
                              case 2:
                                  tcg_gen_addi_i64(cpu_V0, cpu_V0, 1u << 31);
 -                                tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
 -                                tcg_gen_extrl_i64_i32(tmp, cpu_V0);
 +                                tcg_gen_extrh_i64_i32(tmp, cpu_V0);
                                  break;
                              default: abort();
                              }
@@ -XXX,XX +XXX,XX @@ static int disas_coproc_insn(DisasContext *s, uint32_t insn)
                  tmp = tcg_temp_new_i32();
                  tcg_gen_extrl_i64_i32(tmp, tmp64);
                  store_reg(s, rt, tmp);
 -                tcg_gen_shri_i64(tmp64, tmp64, 32);
                  tmp = tcg_temp_new_i32();
 -                tcg_gen_extrl_i64_i32(tmp, tmp64);
 +                tcg_gen_extrh_i64_i32(tmp, tmp64);
                  tcg_temp_free_i64(tmp64);
                  store_reg(s, rt2, tmp);
              } else {
@@ -XXX,XX +XXX,XX @@ static void gen_storeq_reg(DisasContext *s, int rlow, int rhigh, TCGv_i64 val)
      tcg_gen_extrl_i64_i32(tmp, val);
      store_reg(s, rlow, tmp);
      tmp = tcg_temp_new_i32();
 -    tcg_gen_shri_i64(val, val, 32);
 -    tcg_gen_extrl_i64_i32(tmp, val);
 +    tcg_gen_extrh_i64_i32(tmp, val);
      store_reg(s, rhigh, tmp);
  }
 --
 .20.1

The following changes since commit 0d3e41d5efd638a0c5682f6813b26448c3c51624:

Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-pull-request' into staging (2019-02-14 17:42:25 +0000)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190214

for you to fetch changes up to 497bc12b1b374ecd62903bf062229bd93f8924af:

gdbstub: Send a reply to the vKill packet. (2019-02-14 18:45:49 +0000)

----------------------------------------------------------------
target-arm queue:
 * gdbstub: Send a reply to the vKill packet
 * Improve codegen for neon min/max and saturating arithmetic
 * Fix a bug in clearing FPSCR exception status bits
 * hw/arm/armsse: Fix miswiring of expansion IRQs
 * hw/intc/armv7m_nvic: Allow byte accesses to SHPR1
 * MAINTAINERS: Remove Peter Crosthwaite from various entries
 * arm: Allow system registers for KVM guests to be changed by QEMU code
 * linux-user: support HWCAP_CPUID which exposes ID registers to user code
 * Fix bug in 128-bit cmpxchg for BE Arm guests
 * Implement (no-op) HACR_EL2
 * Fix CRn to be 14 for PMEVTYPER/PMEVCNTR

----------------------------------------------------------------
Aaron Lindsay OS (1):
      target/arm: Fix CRn to be 14 for PMEVTYPER/PMEVCNTR

Alex Bennée (5):
      target/arm: relax permission checks for HWCAP_CPUID registers
      target/arm: expose CPUID registers to userspace
      target/arm: expose MPIDR_EL1 to userspace
      target/arm: expose remaining CPUID registers as RAZ
      linux-user/elfload: enable HWCAP_CPUID for AArch64

Catherine Ho (1):
      target/arm: Fix int128_make128 lo, hi order in paired_cmpxchg64_be

Peter Maydell (5):
      target/arm: Implement HACR_EL2
      arm: Allow system registers for KVM guests to be changed by QEMU code
      MAINTAINERS: Remove Peter Crosthwaite from various entries
      hw/intc/armv7m_nvic: Allow byte accesses to SHPR1
      hw/arm/armsse: Fix miswiring of expansion IRQs

Richard Henderson (14):
      target/arm: Force result size into dp after operation
      target/arm: Restructure disas_fp_int_conv
      target/arm: Rely on optimization within tcg_gen_gvec_or
      target/arm: Use vector minmax expanders for aarch64
      target/arm: Use vector minmax expanders for aarch32
      target/arm: Use tcg integer min/max primitives for neon
      target/arm: Remove neon min/max helpers
      target/arm: Fix vfp_gdb_get/set_reg vs FPSCR
      target/arm: Fix arm_cpu_dump_state vs FPSCR
      target/arm: Split out flags setting from vfp compares
      target/arm: Fix set of bits kept in xregs[ARM_VFP_FPSCR]
      target/arm: Split out FPSCR.QC to a vector field
      target/arm: Use vector operations for saturation
      target/arm: Add missing clear_tail calls

Sandra Loosemore (1):
      gdbstub: Send a reply to the vKill packet.

From: Aaron Lindsay OS <aaron@os.amperecomputing.com>

This bug was introduced in:
    commit 5ecdd3e47cadae83a62dc92b472f1fe163b56f59
    target/arm: Finish implementation of PM[X]EVCNTR and PM[X]EVTYPER

Signed-off-by: Aaron Lindsay <aaron@os.amperecomputing.com>
Reported-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Reviewed-by: Laurent Desnogues <laurent.desnogues@gmail.com>
Message-id: 20190205135129.19338-1-aaron@os.amperecomputing.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
             char *pmevtyper_name = g_strdup_printf("PMEVTYPER%d", i);
             char *pmevtyper_el0_name = g_strdup_printf("PMEVTYPER%d_EL0", i);
             ARMCPRegInfo pmev_regs[] = {
-                { .name = pmevcntr_name, .cp = 15, .crn = 15,
+                { .name = pmevcntr_name, .cp = 15, .crn = 14,
                   .crm = 8 | (3 & (i >> 3)), .opc1 = 0, .opc2 = i & 7,
                   .access = PL0_RW, .type = ARM_CP_IO | ARM_CP_ALIAS,
                   .readfn = pmevcntr_readfn, .writefn = pmevcntr_writefn,
                   .accessfn = pmreg_access },
                 { .name = pmevcntr_el0_name, .state = ARM_CP_STATE_AA64,
-                  .opc0 = 3, .opc1 = 3, .crn = 15, .crm = 8 | (3 & (i >> 3)),
+                  .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 8 | (3 & (i >> 3)),
                   .opc2 = i & 7, .access = PL0_RW, .accessfn = pmreg_access,
                   .type = ARM_CP_IO,
                   .readfn = pmevcntr_readfn, .writefn = pmevcntr_writefn,
                   .raw_readfn = pmevcntr_rawread,
                   .raw_writefn = pmevcntr_rawwrite },
-                { .name = pmevtyper_name, .cp = 15, .crn = 15,
+                { .name = pmevtyper_name, .cp = 15, .crn = 14,
                   .crm = 12 | (3 & (i >> 3)), .opc1 = 0, .opc2 = i & 7,
                   .access = PL0_RW, .type = ARM_CP_IO | ARM_CP_ALIAS,
                   .readfn = pmevtyper_readfn, .writefn = pmevtyper_writefn,
                   .accessfn = pmreg_access },
                 { .name = pmevtyper_el0_name, .state = ARM_CP_STATE_AA64,
-                  .opc0 = 3, .opc1 = 3, .crn = 15, .crm = 12 | (3 & (i >> 3)),
+                  .opc0 = 3, .opc1 = 3, .crn = 14, .crm = 12 | (3 & (i >> 3)),
                   .opc2 = i & 7, .access = PL0_RW, .accessfn = pmreg_access,
                   .type = ARM_CP_IO,
                   .readfn = pmevtyper_readfn, .writefn = pmevtyper_writefn,
-- 
2.20.1

HACR_EL2 is a register with IMPDEF behaviour, which allows
implementation specific trapping to EL2. Implement it as RAZ/WI,
since QEMU's implementation has no extra traps. This also
matches what h/w implementations like Cortex-A53 and A57 do.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190205181218.8995-1-peter.maydell@linaro.org
---
 target/arm/helper.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el3_no_el2_cp_reginfo[] = {
       .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 0,
       .access = PL2_RW,
       .type = ARM_CP_CONST, .resetvalue = 0 },
+    { .name = "HACR_EL2", .state = ARM_CP_STATE_BOTH,
+      .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 7,
+      .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
     { .name = "ESR_EL2", .state = ARM_CP_STATE_BOTH,
       .opc0 = 3, .opc1 = 4, .crn = 5, .crm = 2, .opc2 = 0,
       .access = PL2_RW,
@@ -XXX,XX +XXX,XX @@ static const ARMCPRegInfo el2_cp_reginfo[] = {
       .cp = 15, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 0,
       .access = PL2_RW, .fieldoffset = offsetof(CPUARMState, cp15.hcr_el2),
       .writefn = hcr_writelow },
+    { .name = "HACR_EL2", .state = ARM_CP_STATE_BOTH,
+      .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 7,
+      .access = PL2_RW, .type = ARM_CP_CONST, .resetvalue = 0 },
     { .name = "ELR_EL2", .state = ARM_CP_STATE_AA64,
       .type = ARM_CP_ALIAS,
       .opc0 = 3, .opc1 = 4, .crn = 4, .crm = 0, .opc2 = 1,
-- 
2.20.1

From: Catherine Ho <catherine.hecx@gmail.com>

The lo,hi order is different from the comments. And in commit
1ec182c33379 ("target/arm: Convert to HAVE_CMPXCHG128"), it changes
the original code logic. So just restore the old code logic before this
commit:
do_paired_cmpxchg64_be():
    cmpv = int128_make128(env->exclusive_high, env->exclusive_val);
    newv = int128_make128(new_hi, new_lo);

This fixes a bug that would only be visible for big-endian
AArch64 guest code.

Fixes: 1ec182c33379 ("target/arm: Convert to HAVE_CMPXCHG128")
Signed-off-by: Catherine Ho <catherine.hecx@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 1548985244-24523-1-git-send-email-catherine.hecx@gmail.com
[PMM: added note that bug only affects BE guests]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper-a64.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper-a64.c b/target/arm/helper-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper-a64.c
+++ b/target/arm/helper-a64.c
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(paired_cmpxchg64_be)(CPUARMState *env, uint64_t addr,
      * High and low need to be switched here because this is not actually a
      * 128bit store but two doublewords stored consecutively
      */
-    Int128 cmpv = int128_make128(env->exclusive_val, env->exclusive_high);
-    Int128 newv = int128_make128(new_lo, new_hi);
+    Int128 cmpv = int128_make128(env->exclusive_high, env->exclusive_val);
+    Int128 newv = int128_make128(new_hi, new_lo);
     Int128 oldv;
     uintptr_t ra = GETPC();
     uint64_t o0, o1;
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Rather than a complex set of cases testing for writeback,
adjust DP after performing the operation.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190206052857.5077-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
                         tcg_gen_or_i32(tmp, tmp, tmp2);
                         tcg_temp_free_i32(tmp2);
                         gen_vfp_msr(tmp);
+                        dp = 0; /* always a single precision result */
                         break;
                     }
                     case 7: /* vcvtt.f16.f32, vcvtt.f16.f64 */
@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
                         tcg_gen_or_i32(tmp, tmp, tmp2);
                         tcg_temp_free_i32(tmp2);
                         gen_vfp_msr(tmp);
+                        dp = 0; /* always a single precision result */
                         break;
                     }
                     case 8: /* cmp */
                         gen_vfp_cmp(dp);
+                        dp = -1; /* no write back */
                         break;
                     case 9: /* cmpe */
                         gen_vfp_cmpe(dp);
+                        dp = -1; /* no write back */
                         break;
                     case 10: /* cmpz */
                         gen_vfp_cmp(dp);
+                        dp = -1; /* no write back */
                         break;
                     case 11: /* cmpez */
                         gen_vfp_F1_ld0(dp);
                         gen_vfp_cmpe(dp);
+                        dp = -1; /* no write back */
                         break;
                     case 12: /* vrintr */
                     {
@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
                         break;
                     }
                     case 15: /* single<->double conversion */
-                        if (dp)
+                        if (dp) {
                             gen_helper_vfp_fcvtsd(cpu_F0s, cpu_F0d, cpu_env);
-                        else
+                        } else {
                             gen_helper_vfp_fcvtds(cpu_F0d, cpu_F0s, cpu_env);
+                        }
+                        dp = !dp; /* result size is opposite */
                         break;
                     case 16: /* fuito */
                         gen_vfp_uito(dp, 0);
@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
                         break;
                     case 24: /* ftoui */
                         gen_vfp_toui(dp, 0);
+                        dp = 0; /* always an integer result */
                         break;
                     case 25: /* ftouiz */
                         gen_vfp_touiz(dp, 0);
+                        dp = 0; /* always an integer result */
                         break;
                     case 26: /* ftosi */
                         gen_vfp_tosi(dp, 0);
+                        dp = 0; /* always an integer result */
                         break;
                     case 27: /* ftosiz */
                         gen_vfp_tosiz(dp, 0);
+                        dp = 0; /* always an integer result */
                         break;
                     case 28: /* ftosh */
                         if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
@@ -XXX,XX +XXX,XX @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
                     return 1;
                 }
 
-                /* Write back the result.  */
-                if (op == 15 && (rn >= 8 && rn <= 11)) {
-                    /* Comparison, do nothing.  */
-                } else if (op == 15 && dp && ((rn & 0x1c) == 0x18 ||
-                                              (rn & 0x1e) == 0x6)) {
-                    /* VCVT double to int: always integer result.
-                     * VCVT double to half precision is always a single
-                     * precision result.
-                     */
-                    gen_mov_vreg_F0(0, rd);
-                } else if (op == 15 && rn == 15) {
-                    /* conversion */
-                    gen_mov_vreg_F0(!dp, rd);
-                } else {
+                /* Write back the result, if any.  */
+                if (dp >= 0) {
                     gen_mov_vreg_F0(dp, rd);
                 }
 
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

For opcodes 0-5, move some if conditions into the structure
of a switch statement.  For opcodes 6 & 7, decode everything
at once with a second switch.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190206052857.5077-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 94 ++++++++++++++++++++------------------
 1 file changed, 49 insertions(+), 45 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void disas_fp_int_conv(DisasContext *s, uint32_t insn)
     int type = extract32(insn, 22, 2);
     bool sbit = extract32(insn, 29, 1);
     bool sf = extract32(insn, 31, 1);
+    bool itof = false;
 
     if (sbit) {
-        unallocated_encoding(s);
-        return;
+        goto do_unallocated;
     }
 
-    if (opcode > 5) {
-        /* FMOV */
-        bool itof = opcode & 1;
-
-        if (rmode >= 2) {
-            unallocated_encoding(s);
-            return;
-        }
-
-        switch (sf << 3 | type << 1 | rmode) {
-        case 0x0: /* 32 bit */
-        case 0xa: /* 64 bit */
-        case 0xd: /* 64 bit to top half of quad */
-            break;
-        case 0x6: /* 16-bit float, 32-bit int */
-        case 0xe: /* 16-bit float, 64-bit int */
-            if (dc_isar_feature(aa64_fp16, s)) {
-                break;
-            }
-            /* fallthru */
-        default:
-            /* all other sf/type/rmode combinations are invalid */
-            unallocated_encoding(s);
-            return;
-        }
-
-        if (!fp_access_check(s)) {
-            return;
-        }
-        handle_fmov(s, rd, rn, type, itof);
-    } else {
-        /* actual FP conversions */
-        bool itof = extract32(opcode, 1, 1);
-
-        if (rmode != 0 && opcode > 1) {
-            unallocated_encoding(s);
-            return;
+    switch (opcode) {
+    case 2: /* SCVTF */
+    case 3: /* UCVTF */
+        itof = true;
+        /* fallthru */
+    case 4: /* FCVTAS */
+    case 5: /* FCVTAU */
+        if (rmode != 0) {
+            goto do_unallocated;
         }
+        /* fallthru */
+    case 0: /* FCVT[NPMZ]S */
+    case 1: /* FCVT[NPMZ]U */
         switch (type) {
         case 0: /* float32 */
         case 1: /* float64 */
             break;
         case 3: /* float16 */
-            if (dc_isar_feature(aa64_fp16, s)) {
-                break;
+            if (!dc_isar_feature(aa64_fp16, s)) {
+                goto do_unallocated;
             }
-            /* fallthru */
+            break;
         default:
-            unallocated_encoding(s);
-            return;
+            goto do_unallocated;
         }
-
         if (!fp_access_check(s)) {
             return;
         }
         handle_fpfpcvt(s, rd, rn, opcode, itof, rmode, 64, sf, type);
+        break;
+
+    default:
+        switch (sf << 7 | type << 5 | rmode << 3 | opcode) {
+        case 0b01100110: /* FMOV half <-> 32-bit int */
+        case 0b01100111:
+        case 0b11100110: /* FMOV half <-> 64-bit int */
+        case 0b11100111:
+            if (!dc_isar_feature(aa64_fp16, s)) {
+                goto do_unallocated;
+            }
+            /* fallthru */
+        case 0b00000110: /* FMOV 32-bit */
+        case 0b00000111:
+        case 0b10100110: /* FMOV 64-bit */
+        case 0b10100111:
+        case 0b11001110: /* FMOV top half of 128-bit */
+        case 0b11001111:
+            if (!fp_access_check(s)) {
+                return;
+            }
+            itof = opcode & 1;
+            handle_fmov(s, rd, rn, type, itof);
+            break;
+
+        default:
+        do_unallocated:
+            unallocated_encoding(s);
+            return;
+        }
+        break;
     }
 }
 
-- 
2.20.1

From: Alex Bennée <alex.bennee@linaro.org>

Although technically not visible to userspace the kernel does make
them visible via a trap and emulate ABI. We provide a new permission
mask (PL0U_R) which maps to PL0_R for CONFIG_USER builds and adjust
the minimum permission check accordingly.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190205190224.2198-2-alex.bennee@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h    | 12 ++++++++++++
 target/arm/helper.c |  6 +++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ static inline bool cptype_valid(int cptype)
 #define PL0_R (0x02 | PL1_R)
 #define PL0_W (0x01 | PL1_W)
 
+/*
+ * For user-mode some registers are accessible to EL0 via a kernel
+ * trap-and-emulate ABI. In this case we define the read permissions
+ * as actually being PL0_R. However some bits of any given register
+ * may still be masked.
+ */
+#ifdef CONFIG_USER_ONLY
+#define PL0U_R PL0_R
+#else
+#define PL0U_R PL1_R
+#endif
+
 #define PL3_RW (PL3_R | PL3_W)
 #define PL2_RW (PL2_R | PL2_W)
 #define PL1_RW (PL1_R | PL1_W)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
     if (r->state != ARM_CP_STATE_AA32) {
         int mask = 0;
         switch (r->opc1) {
-        case 0: case 1: case 2:
+        case 0:
+            /* min_EL EL1, but some accessible to EL0 via kernel ABI */
+            mask = PL0U_R | PL1_RW;
+            break;
+        case 1: case 2:
             /* min_EL EL1 */
             mask = PL1_RW;
             break;
-- 
2.20.1

From: Alex Bennée <alex.bennee@linaro.org>

A number of CPUID registers are exposed to userspace by modern Linux
kernels thanks to the "ARM64 CPU Feature Registers" ABI. For QEMU's
user-mode emulation we don't need to emulate the kernels trap but just
return the value the trap would have done. To avoid too much #ifdef
hackery we process ARMCPRegInfo with a new helper (modify_arm_cp_regs)
before defining the registers. The modify routine is driven by a
simple data structure which describes which bits are exported and
which are fixed.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190205190224.2198-3-alex.bennee@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h    | 21 ++++++++++++++++
 target/arm/helper.c | 59 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 80 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ static inline void define_one_arm_cp_reg(ARMCPU *cpu, const ARMCPRegInfo *regs)
 }
 const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t encoded_cp);
 
+/*
+ * Definition of an ARM co-processor register as viewed from
+ * userspace. This is used for presenting sanitised versions of
+ * registers to userspace when emulating the Linux AArch64 CPU
+ * ID/feature ABI (advertised as HWCAP_CPUID).
+ */
+typedef struct ARMCPRegUserSpaceInfo {
+    /* Name of register */
+    const char *name;
+
+    /* Only some bits are exported to user space */
+    uint64_t exported_bits;
+
+    /* Fixed bits are applied after the mask */
+    uint64_t fixed_bits;
+} ARMCPRegUserSpaceInfo;
+
+#define REGUSERINFO_SENTINEL { .name = NULL }
+
+void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods);
+
 /* CPWriteFn that can be used to implement writes-ignored behaviour */
 void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
                          uint64_t value);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .resetvalue = cpu->pmceid1 },
             REGINFO_SENTINEL
         };
+#ifdef CONFIG_USER_ONLY
+        ARMCPRegUserSpaceInfo v8_user_idregs[] = {
+            { .name = "ID_AA64PFR0_EL1",
+              .exported_bits = 0x000f000f00ff0000,
+              .fixed_bits    = 0x0000000000000011 },
+            { .name = "ID_AA64PFR1_EL1",
+              .exported_bits = 0x00000000000000f0 },
+            { .name = "ID_AA64ZFR0_EL1"           },
+            { .name = "ID_AA64MMFR0_EL1",
+              .fixed_bits    = 0x00000000ff000000 },
+            { .name = "ID_AA64MMFR1_EL1"          },
+            { .name = "ID_AA64DFR0_EL1",
+              .fixed_bits    = 0x0000000000000006 },
+            { .name = "ID_AA64DFR1_EL1"           },
+            { .name = "ID_AA64AFR0_EL1"           },
+            { .name = "ID_AA64AFR1_EL1"           },
+            { .name = "ID_AA64ISAR0_EL1",
+              .exported_bits = 0x00fffffff0fffff0 },
+            { .name = "ID_AA64ISAR1_EL1",
+              .exported_bits = 0x000000f0ffffffff },
+            REGUSERINFO_SENTINEL
+        };
+        modify_arm_cp_regs(v8_idregs, v8_user_idregs);
+#endif
         /* RVBAR_EL1 is only implemented if EL1 is the highest EL */
         if (!arm_feature(env, ARM_FEATURE_EL3) &&
             !arm_feature(env, ARM_FEATURE_EL2)) {
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
             .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_W,
             .type = ARM_CP_NOP | ARM_CP_OVERRIDE
         };
+#ifdef CONFIG_USER_ONLY
+        ARMCPRegUserSpaceInfo id_v8_user_midr_cp_reginfo[] = {
+            { .name = "MIDR_EL1",
+              .exported_bits = 0x00000000ffffffff },
+            { .name = "REVIDR_EL1"                },
+            REGUSERINFO_SENTINEL
+        };
+        modify_arm_cp_regs(id_v8_midr_cp_reginfo, id_v8_user_midr_cp_reginfo);
+#endif
         if (arm_feature(env, ARM_FEATURE_OMAPCP) ||
             arm_feature(env, ARM_FEATURE_STRONGARM)) {
             ARMCPRegInfo *r;
@@ -XXX,XX +XXX,XX @@ void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
     }
 }
 
+/*
+ * Modify ARMCPRegInfo for access from userspace.
+ *
+ * This is a data driven modification directed by
+ * ARMCPRegUserSpaceInfo. All registers become ARM_CP_CONST as
+ * user-space cannot alter any values and dynamic values pertaining to
+ * execution state are hidden from user space view anyway.
+ */
+void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods)
+{
+    const ARMCPRegUserSpaceInfo *m;
+    ARMCPRegInfo *r;
+
+    for (m = mods; m->name; m++) {
+        for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
+            if (strcmp(r->name, m->name) == 0) {
+                r->type = ARM_CP_CONST;
+                r->access = PL0U_R;
+                r->resetvalue &= m->exported_bits;
+                r->resetvalue |= m->fixed_bits;
+                break;
+            }
+        }
+    }
+}
+
 const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t encoded_cp)
 {
     return g_hash_table_lookup(cpregs, &encoded_cp);
-- 
2.20.1

From: Alex Bennée <alex.bennee@linaro.org>

As this is a single register we could expose it with a simple ifdef
but we use the existing modify_arm_cp_regs mechanism for consistency.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190205190224.2198-4-alex.bennee@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static uint64_t mpidr_read(CPUARMState *env, const ARMCPRegInfo *ri)
     return mpidr_read_val(env);
 }
 
-static const ARMCPRegInfo mpidr_cp_reginfo[] = {
-    { .name = "MPIDR", .state = ARM_CP_STATE_BOTH,
-      .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
-      .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_RAW },
-    REGINFO_SENTINEL
-};
-
 static const ARMCPRegInfo lpae_cp_reginfo[] = {
     /* NOP AMAIR0/1 */
     { .name = "AMAIR0", .state = ARM_CP_STATE_BOTH,
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
     }
 
     if (arm_feature(env, ARM_FEATURE_MPIDR)) {
+        ARMCPRegInfo mpidr_cp_reginfo[] = {
+            { .name = "MPIDR_EL1", .state = ARM_CP_STATE_BOTH,
+              .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
+              .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_RAW },
+            REGINFO_SENTINEL
+        };
+#ifdef CONFIG_USER_ONLY
+        ARMCPRegUserSpaceInfo mpidr_user_cp_reginfo[] = {
+            { .name = "MPIDR_EL1",
+              .fixed_bits = 0x0000000080000000 },
+            REGUSERINFO_SENTINEL
+        };
+        modify_arm_cp_regs(mpidr_cp_reginfo, mpidr_user_cp_reginfo);
+#endif
         define_arm_cp_regs(cpu, mpidr_cp_reginfo);
     }
 
-- 
2.20.1

From: Alex Bennée <alex.bennee@linaro.org>

There are a whole bunch more registers in the CPUID space which are
currently not used but are exposed as RAZ. To avoid too much
duplication we expand ARMCPRegUserSpaceInfo to understand glob
patterns so we only need one entry to tweak whole ranges of registers.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190205190224.2198-5-alex.bennee@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h    |  3 +++
 target/arm/helper.c | 26 +++++++++++++++++++++++---
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ typedef struct ARMCPRegUserSpaceInfo {
     /* Name of register */
     const char *name;
 
+    /* Is the name actually a glob pattern */
+    bool is_glob;
+
     /* Only some bits are exported to user space */
     uint64_t exported_bits;
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ void register_cp_regs_for_features(ARMCPU *cpu)
               .fixed_bits    = 0x0000000000000011 },
             { .name = "ID_AA64PFR1_EL1",
               .exported_bits = 0x00000000000000f0 },
+            { .name = "ID_AA64PFR*_EL1_RESERVED",
+              .is_glob = true                     },
             { .name = "ID_AA64ZFR0_EL1"           },
             { .name = "ID_AA64MMFR0_EL1",
               .fixed_bits    = 0x00000000ff000000 },
             { .name = "ID_AA64MMFR1_EL1"          },
+            { .name = "ID_AA64MMFR*_EL1_RESERVED",
+              .is_glob = true                     },
             { .name = "ID_AA64DFR0_EL1",
               .fixed_bits    = 0x0000000000000006 },
             { .name = "ID_AA64DFR1_EL1"           },
-            { .name = "ID_AA64AFR0_EL1"           },
-            { .name = "ID_AA64AFR1_EL1"           },
+            { .name = "ID_AA64DFR*_EL1_RESERVED",
+              .is_glob = true                     },
+            { .name = "ID_AA64AFR*",
+              .is_glob = true                     },
             { .name = "ID_AA64ISAR0_EL1",
               .exported_bits = 0x00fffffff0fffff0 },
             { .name = "ID_AA64ISAR1_EL1",
               .exported_bits = 0x000000f0ffffffff },
+            { .name = "ID_AA64ISAR*_EL1_RESERVED",
+              .is_glob = true                     },
             REGUSERINFO_SENTINEL
         };
         modify_arm_cp_regs(v8_idregs, v8_user_idregs);
@@ -XXX,XX +XXX,XX @@ void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods)
     ARMCPRegInfo *r;
 
     for (m = mods; m->name; m++) {
+        GPatternSpec *pat = NULL;
+        if (m->is_glob) {
+            pat = g_pattern_spec_new(m->name);
+        }
         for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
-            if (strcmp(r->name, m->name) == 0) {
+            if (pat && g_pattern_match_string(pat, r->name)) {
+                r->type = ARM_CP_CONST;
+                r->access = PL0U_R;
+                r->resetvalue = 0;
+                /* continue */
+            } else if (strcmp(r->name, m->name) == 0) {
                 r->type = ARM_CP_CONST;
                 r->access = PL0U_R;
                 r->resetvalue &= m->exported_bits;
@@ -XXX,XX +XXX,XX @@ void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods)
                 break;
             }
         }
+        if (pat) {
+            g_pattern_spec_free(pat);
+        }
     }
 }
 
-- 
2.20.1

At the moment the Arm implementations of kvm_arch_{get,put}_registers()
don't support having QEMU change the values of system registers
(aka coprocessor registers for AArch32). This is because although
kvm_arch_get_registers() calls write_list_to_cpustate() to
update the CPU state struct fields (so QEMU code can read the
values in the usual way), kvm_arch_put_registers() does not
call write_cpustate_to_list(), meaning that any changes to
the CPU state struct fields will not be passed back to KVM.

The rationale for this design is documented in a comment in the
AArch32 kvm_arch_put_registers() -- writing the values in the
cpregs list into the CPU state struct is "lossy" because the
write of a register might not succeed, and so if we blindly
copy the CPU state values back again we will incorrectly
change register values for the guest. The assumption was that
no QEMU code would need to write to the registers.

However, when we implemented debug support for KVM guests, we
broke that assumption: the code to handle "set the guest up
to take a breakpoint exception" does so by updating various
guest registers including ESR_EL1.

Support this by making kvm_arch_put_registers() synchronize
CPU state back into the list. We sync only those registers
where the initial write succeeds, which should be sufficient.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Dongjiu Geng <gengdongjiu@huawei.com>
---
 target/arm/cpu.h     |  9 ++++++++-
 target/arm/helper.c  | 27 +++++++++++++++++++++++++--
 target/arm/kvm32.c   | 20 ++------------------
 target/arm/kvm64.c   |  2 ++
 target/arm/machine.c |  2 +-
 5 files changed, 38 insertions(+), 22 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ bool write_list_to_cpustate(ARMCPU *cpu);
 /**
  * write_cpustate_to_list:
  * @cpu: ARMCPU
+ * @kvm_sync: true if this is for syncing back to KVM
  *
  * For each register listed in the ARMCPU cpreg_indexes list, write
  * its value from the ARMCPUState structure into the cpreg_values list.
  * This is used to copy info from TCG's working data structures into
  * KVM or for outbound migration.
  *
+ * @kvm_sync is true if we are doing this in order to sync the
+ * register state back to KVM. In this case we will only update
+ * values in the list if the previous list->cpustate sync actually
+ * successfully wrote the CPU state. Otherwise we will keep the value
+ * that is in the list.
+ *
  * Returns: true if all register values were read correctly,
  * false if some register was unknown or could not be read.
  * Note that we do not stop early on failure -- we will attempt
  * reading all registers in the list.
  */
-bool write_cpustate_to_list(ARMCPU *cpu);
+bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync);
 
 #define ARM_CPUID_TI915T      0x54029152
 #define ARM_CPUID_TI925T      0x54029252
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static bool raw_accessors_invalid(const ARMCPRegInfo *ri)
     return true;
 }
 
-bool write_cpustate_to_list(ARMCPU *cpu)
+bool write_cpustate_to_list(ARMCPU *cpu, bool kvm_sync)
 {
     /* Write the coprocessor state from cpu->env to the (index,value) list. */
     int i;
@@ -XXX,XX +XXX,XX @@ bool write_cpustate_to_list(ARMCPU *cpu)
     for (i = 0; i < cpu->cpreg_array_len; i++) {
         uint32_t regidx = kvm_to_cpreg_id(cpu->cpreg_indexes[i]);
         const ARMCPRegInfo *ri;
+        uint64_t newval;
 
         ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
         if (!ri) {
@@ -XXX,XX +XXX,XX @@ bool write_cpustate_to_list(ARMCPU *cpu)
         if (ri->type & ARM_CP_NO_RAW) {
             continue;
         }
-        cpu->cpreg_values[i] = read_raw_cp_reg(&cpu->env, ri);
+
+        newval = read_raw_cp_reg(&cpu->env, ri);
+        if (kvm_sync) {
+            /*
+             * Only sync if the previous list->cpustate sync succeeded.
+             * Rather than tracking the success/failure state for every
+             * item in the list, we just recheck "does the raw write we must
+             * have made in write_list_to_cpustate() read back OK" here.
+             */
+            uint64_t oldval = cpu->cpreg_values[i];
+
+            if (oldval == newval) {
+                continue;
+            }
+
+            write_raw_cp_reg(&cpu->env, ri, oldval);
+            if (read_raw_cp_reg(&cpu->env, ri) != oldval) {
+                continue;
+            }
+
+            write_raw_cp_reg(&cpu->env, ri, newval);
+        }
+        cpu->cpreg_values[i] = newval;
     }
     return ok;
 }
diff --git a/target/arm/kvm32.c b/target/arm/kvm32.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm32.c
+++ b/target/arm/kvm32.c
@@ -XXX,XX +XXX,XX @@ int kvm_arch_put_registers(CPUState *cs, int level)
         return ret;
     }
 
-    /* Note that we do not call write_cpustate_to_list()
-     * here, so we are only writing the tuple list back to
-     * KVM. This is safe because nothing can change the
-     * CPUARMState cp15 fields (in particular gdb accesses cannot)
-     * and so there are no changes to sync. In fact syncing would
-     * be wrong at this point: for a constant register where TCG and
-     * KVM disagree about its value, the preceding write_list_to_cpustate()
-     * would not have had any effect on the CPUARMState value (since the
-     * register is read-only), and a write_cpustate_to_list() here would
-     * then try to write the TCG value back into KVM -- this would either
-     * fail or incorrectly change the value the guest sees.
-     *
-     * If we ever want to allow the user to modify cp15 registers via
-     * the gdb stub, we would need to be more clever here (for instance
-     * tracking the set of registers kvm_arch_get_registers() successfully
-     * managed to update the CPUARMState with, and only allowing those
-     * to be written back up into the kernel).
-     */
+    write_cpustate_to_list(cpu, true);
+
     if (!write_list_to_kvmstate(cpu, level)) {
         return EINVAL;
     }
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -XXX,XX +XXX,XX @@ int kvm_arch_put_registers(CPUState *cs, int level)
         return ret;
     }
 
+    write_cpustate_to_list(cpu, true);
+
     if (!write_list_to_kvmstate(cpu, level)) {
         return EINVAL;
     }
diff --git a/target/arm/machine.c b/target/arm/machine.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/machine.c
+++ b/target/arm/machine.c
@@ -XXX,XX +XXX,XX @@ static int cpu_pre_save(void *opaque)
             abort();
         }
     } else {
-        if (!write_cpustate_to_list(cpu)) {
+        if (!write_cpustate_to_list(cpu, false)) {
             /* This should never fail. */
             abort();
         }
-- 
2.20.1

Peter Crosthwaite hasn't had the bandwidth to do code review or
other QEMU work for some time now -- remove his email address
from MAINTAINERS file entries so we don't bombard him with
patch emails.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20190207181422.4907-1-peter.maydell@linaro.org
---
 MAINTAINERS | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ Guest CPU cores (TCG):
 ----------------------
 Overall
 L: qemu-devel@nongnu.org
-M: Peter Crosthwaite <crosthwaite.peter@gmail.com>
 M: Richard Henderson <rth@twiddle.net>
 R: Paolo Bonzini <pbonzini@redhat.com>
 S: Maintained
@@ -XXX,XX +XXX,XX @@ F: tests/virtio-scsi-test.c
 T: git https://github.com/bonzini/qemu.git scsi-next
 
 SSI
-M: Peter Crosthwaite <crosthwaite.peter@gmail.com>
 M: Alistair Francis <alistair@alistair23.me>
 S: Maintained
 F: hw/ssi/*
@@ -XXX,XX +XXX,XX @@ F: tests/m25p80-test.c
 
 Xilinx SPI
 M: Alistair Francis <alistair@alistair23.me>
-M: Peter Crosthwaite <crosthwaite.peter@gmail.com>
 S: Maintained
 F: hw/ssi/xilinx_*
 
@@ -XXX,XX +XXX,XX @@ F: qom/cpu.c
 F: include/qom/cpu.h
 
 Device Tree
-M: Peter Crosthwaite <crosthwaite.peter@gmail.com>
 M: Alexander Graf <agraf@suse.de>
 S: Maintained
 F: device_tree.c
-- 
2.20.1

The code for handling the NVIC SHPR1 register intends to permit
byte and halfword accesses (as the architecture requires). However
the 'case' line for it only lists the base address of the
register, so attempts to access bytes other than the first one
end up in the "bad write" default logic. This bug was added
accidentally when we split out the SHPR1 logic from SHPR2 and
SHPR3 to support v6M.

Fixes: 7c9140afd594 ("nvic: Handle ARMv6-M SCS reserved registers")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
The Zephyr RTOS happens to access SHPR1 byte at a time,
which is how I spotted this.
---
 hw/intc/armv7m_nvic.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr addr,
             }
         }
         break;
-    case 0xd18: /* System Handler Priority (SHPR1) */
+    case 0xd18 ... 0xd1b: /* System Handler Priority (SHPR1) */
         if (!arm_feature(&s->cpu->env, ARM_FEATURE_M_MAIN)) {
             val = 0;
             break;
@@ -XXX,XX +XXX,XX @@ static MemTxResult nvic_sysreg_write(void *opaque, hwaddr addr,
         }
         nvic_irq_update(s);
         return MEMTX_OK;
-    case 0xd18: /* System Handler Priority (SHPR1) */
+    case 0xd18 ... 0xd1b: /* System Handler Priority (SHPR1) */
         if (!arm_feature(&s->cpu->env, ARM_FEATURE_M_MAIN)) {
             return MEMTX_OK;
         }
-- 
2.20.1

In commit 91c1e9fcbd7548db368 where we added dual-CPU support to
the ARMSSE, we set up the wiring of the expansion IRQs via nested
loops: the outer loop on 'i' loops for each CPU, and the inner loop
on 'j' loops for each interrupt. Fix a typo which meant we were
wiring every expansion IRQ line to external IRQ 0 on CPU 0 and
to external IRQ 1 on CPU 1.

Fixes: 91c1e9fcbd7548db368 ("hw/arm/armsse: Support dual-CPU configuration")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 hw/arm/armsse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm/armsse.c b/hw/arm/armsse.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/arm/armsse.c
+++ b/hw/arm/armsse.c
@@ -XXX,XX +XXX,XX @@ static void armsse_realize(DeviceState *dev, Error **errp)
         /* Connect EXP_IRQ/EXP_CPUn_IRQ GPIOs to the NVIC's lines 32 and up */
         s->exp_irqs[i] = g_new(qemu_irq, s->exp_numirq);
         for (j = 0; j < s->exp_numirq; j++) {
-            s->exp_irqs[i][j] = qdev_get_gpio_in(cpudev, i + 32);
+            s->exp_irqs[i][j] = qdev_get_gpio_in(cpudev, j + 32);
         }
         if (i == 0) {
             gpioname = g_strdup("EXP_IRQ");
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Since we're now handling a == b generically, we no longer need
to do it by hand within target/arm/.

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190209033847.9014-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c |  6 +-----
 target/arm/translate-sve.c |  6 +-----
 target/arm/translate.c     | 12 +++---------
 3 files changed, 5 insertions(+), 19 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void disas_simd_3same_logic(DisasContext *s, uint32_t insn)
         gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_andc, 0);
         return;
     case 2: /* ORR */
-        if (rn == rm) { /* MOV */
-            gen_gvec_fn2(s, is_q, rd, rn, tcg_gen_gvec_mov, 0);
-        } else {
-            gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_or, 0);
-        }
+        gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_or, 0);
         return;
     case 3: /* ORN */
         gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_orc, 0);
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -XXX,XX +XXX,XX @@ static bool trans_AND_zzz(DisasContext *s, arg_rrr_esz *a)
 
 static bool trans_ORR_zzz(DisasContext *s, arg_rrr_esz *a)
 {
-    if (a->rn == a->rm) { /* MOV */
-        return do_mov_z(s, a->rd, a->rn);
-    } else {
-        return do_vector3_z(s, tcg_gen_gvec_or, 0, a->rd, a->rn, a->rm);
-    }
+    return do_vector3_z(s, tcg_gen_gvec_or, 0, a->rd, a->rn, a->rm);
 }
 
 static bool trans_EOR_zzz(DisasContext *s, arg_rrr_esz *a)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
                 tcg_gen_gvec_andc(0, rd_ofs, rn_ofs, rm_ofs,
                                   vec_size, vec_size);
                 break;
-            case 2:
-                if (rn == rm) {
-                    /* VMOV */
-                    tcg_gen_gvec_mov(0, rd_ofs, rn_ofs, vec_size, vec_size);
-                } else {
-                    /* VORR */
-                    tcg_gen_gvec_or(0, rd_ofs, rn_ofs, rm_ofs,
-                                    vec_size, vec_size);
-                }
+            case 2: /* VORR */
+                tcg_gen_gvec_or(0, rd_ofs, rn_ofs, rm_ofs,
+                                vec_size, vec_size);
                 break;
             case 3: /* VORN */
                 tcg_gen_gvec_orc(0, rd_ofs, rn_ofs, rm_ofs,
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190209033847.9014-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 35 ++++++++++++++---------------------
 1 file changed, 14 insertions(+), 21 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
     }
 
     switch (opcode) {
+    case 0x0c: /* SMAX, UMAX */
+        if (u) {
+            gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_umax, size);
+        } else {
+            gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_smax, size);
+        }
+        return;
+    case 0x0d: /* SMIN, UMIN */
+        if (u) {
+            gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_umin, size);
+        } else {
+            gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_smin, size);
+        }
+        return;
     case 0x10: /* ADD, SUB */
         if (u) {
             gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_sub, size);
@@ -XXX,XX +XXX,XX @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
                 genenvfn = fns[size][u];
                 break;
             }
-            case 0xc: /* SMAX, UMAX */
-            {
-                static NeonGenTwoOpFn * const fns[3][2] = {
-                    { gen_helper_neon_max_s8, gen_helper_neon_max_u8 },
-                    { gen_helper_neon_max_s16, gen_helper_neon_max_u16 },
-                    { tcg_gen_smax_i32, tcg_gen_umax_i32 },
-                };
-                genfn = fns[size][u];
-                break;
-            }
-
-            case 0xd: /* SMIN, UMIN */
-            {
-                static NeonGenTwoOpFn * const fns[3][2] = {
-                    { gen_helper_neon_min_s8, gen_helper_neon_min_u8 },
-                    { gen_helper_neon_min_s16, gen_helper_neon_min_u16 },
-                    { tcg_gen_smin_i32, tcg_gen_umin_i32 },
-                };
-                genfn = fns[size][u];
-                break;
-            }
             case 0xe: /* SABD, UABD */
             case 0xf: /* SABA, UABA */
             {
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190209033847.9014-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
             tcg_gen_gvec_cmp(u ? TCG_COND_GEU : TCG_COND_GE, size,
                              rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size);
             return 0;
+
+        case NEON_3R_VMAX:
+            if (u) {
+                tcg_gen_gvec_umax(size, rd_ofs, rn_ofs, rm_ofs,
+                                  vec_size, vec_size);
+            } else {
+                tcg_gen_gvec_smax(size, rd_ofs, rn_ofs, rm_ofs,
+                                  vec_size, vec_size);
+            }
+            return 0;
+        case NEON_3R_VMIN:
+            if (u) {
+                tcg_gen_gvec_umin(size, rd_ofs, rn_ofs, rm_ofs,
+                                  vec_size, vec_size);
+            } else {
+                tcg_gen_gvec_smin(size, rd_ofs, rn_ofs, rm_ofs,
+                                  vec_size, vec_size);
+            }
+            return 0;
         }
 
         if (size == 3) {
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
         case NEON_3R_VQRSHL:
             GEN_NEON_INTEGER_OP_ENV(qrshl);
             break;
-        case NEON_3R_VMAX:
-            GEN_NEON_INTEGER_OP(max);
-            break;
-        case NEON_3R_VMIN:
-            GEN_NEON_INTEGER_OP(min);
-            break;
         case NEON_3R_VABD:
             GEN_NEON_INTEGER_OP(abd);
             break;
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

The 32-bit PMIN/PMAX has been decomposed to scalars,
and so can be trivially expanded inline.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190209033847.9014-5-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static inline void gen_neon_rsb(int size, TCGv_i32 t0, TCGv_i32 t1)
 }
 
 /* 32-bit pairwise ops end up the same as the elementwise versions.  */
-#define gen_helper_neon_pmax_s32  gen_helper_neon_max_s32
-#define gen_helper_neon_pmax_u32  gen_helper_neon_max_u32
-#define gen_helper_neon_pmin_s32  gen_helper_neon_min_s32
-#define gen_helper_neon_pmin_u32  gen_helper_neon_min_u32
+#define gen_helper_neon_pmax_s32  tcg_gen_smax_i32
+#define gen_helper_neon_pmax_u32  tcg_gen_umax_i32
+#define gen_helper_neon_pmin_s32  tcg_gen_smin_i32
+#define gen_helper_neon_pmin_u32  tcg_gen_umin_i32
 
 #define GEN_NEON_INTEGER_OP_ENV(name) do { \
     switch ((size << 1) | u) { \
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

These are now unused.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190209033847.9014-6-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.h      | 12 ------------
 target/arm/neon_helper.c | 12 ------------
 2 files changed, 24 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_2(neon_cge_s16, i32, i32, i32)
 DEF_HELPER_2(neon_cge_u32, i32, i32, i32)
 DEF_HELPER_2(neon_cge_s32, i32, i32, i32)
 
-DEF_HELPER_2(neon_min_u8, i32, i32, i32)
-DEF_HELPER_2(neon_min_s8, i32, i32, i32)
-DEF_HELPER_2(neon_min_u16, i32, i32, i32)
-DEF_HELPER_2(neon_min_s16, i32, i32, i32)
-DEF_HELPER_2(neon_min_u32, i32, i32, i32)
-DEF_HELPER_2(neon_min_s32, i32, i32, i32)
-DEF_HELPER_2(neon_max_u8, i32, i32, i32)
-DEF_HELPER_2(neon_max_s8, i32, i32, i32)
-DEF_HELPER_2(neon_max_u16, i32, i32, i32)
-DEF_HELPER_2(neon_max_s16, i32, i32, i32)
-DEF_HELPER_2(neon_max_u32, i32, i32, i32)
-DEF_HELPER_2(neon_max_s32, i32, i32, i32)
 DEF_HELPER_2(neon_pmin_u8, i32, i32, i32)
 DEF_HELPER_2(neon_pmin_s8, i32, i32, i32)
 DEF_HELPER_2(neon_pmin_u16, i32, i32, i32)
diff --git a/target/arm/neon_helper.c b/target/arm/neon_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/neon_helper.c
+++ b/target/arm/neon_helper.c
@@ -XXX,XX +XXX,XX @@ NEON_VOP(cge_u32, neon_u32, 1)
 #undef NEON_FN
 
 #define NEON_FN(dest, src1, src2) dest = (src1 < src2) ? src1 : src2
-NEON_VOP(min_s8, neon_s8, 4)
-NEON_VOP(min_u8, neon_u8, 4)
-NEON_VOP(min_s16, neon_s16, 2)
-NEON_VOP(min_u16, neon_u16, 2)
-NEON_VOP(min_s32, neon_s32, 1)
-NEON_VOP(min_u32, neon_u32, 1)
 NEON_POP(pmin_s8, neon_s8, 4)
 NEON_POP(pmin_u8, neon_u8, 4)
 NEON_POP(pmin_s16, neon_s16, 2)
@@ -XXX,XX +XXX,XX @@ NEON_POP(pmin_u16, neon_u16, 2)
 #undef NEON_FN
 
 #define NEON_FN(dest, src1, src2) dest = (src1 > src2) ? src1 : src2
-NEON_VOP(max_s8, neon_s8, 4)
-NEON_VOP(max_u8, neon_u8, 4)
-NEON_VOP(max_s16, neon_s16, 2)
-NEON_VOP(max_u16, neon_u16, 2)
-NEON_VOP(max_s32, neon_s32, 1)
-NEON_VOP(max_u32, neon_u32, 1)
 NEON_POP(pmax_s8, neon_s8, 4)
 NEON_POP(pmax_u8, neon_u8, 4)
 NEON_POP(pmax_s16, neon_s16, 2)
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

The components of this register is stored in several
different locations.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190209033847.9014-7-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static int vfp_gdb_get_reg(CPUARMState *env, uint8_t *buf, int reg)
     }
     switch (reg - nregs) {
     case 0: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSID]); return 4;
-    case 1: stl_p(buf, env->vfp.xregs[ARM_VFP_FPSCR]); return 4;
+    case 1: stl_p(buf, vfp_get_fpscr(env)); return 4;
     case 2: stl_p(buf, env->vfp.xregs[ARM_VFP_FPEXC]); return 4;
     }
     return 0;
@@ -XXX,XX +XXX,XX @@ static int vfp_gdb_set_reg(CPUARMState *env, uint8_t *buf, int reg)
     }
     switch (reg - nregs) {
     case 0: env->vfp.xregs[ARM_VFP_FPSID] = ldl_p(buf); return 4;
-    case 1: env->vfp.xregs[ARM_VFP_FPSCR] = ldl_p(buf); return 4;
+    case 1: vfp_set_fpscr(env, ldl_p(buf)); return 4;
     case 2: env->vfp.xregs[ARM_VFP_FPEXC] = ldl_p(buf) & (1 << 30); return 4;
     }
     return 0;
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Minimize the code within a macro by splitting out a helper function.
Use deposit32 instead of manual bit manipulation.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190209033847.9014-9-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 45 +++++++++++++++++++++++++++------------------
 1 file changed, 27 insertions(+), 18 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ float64 VFP_HELPER(sqrt, d)(float64 a, CPUARMState *env)
     return float64_sqrt(a, &env->vfp.fp_status);
 }
 
+static void softfloat_to_vfp_compare(CPUARMState *env, int cmp)
+{
+    uint32_t flags;
+    switch (cmp) {
+    case float_relation_equal:
+        flags = 0x6;
+        break;
+    case float_relation_less:
+        flags = 0x8;
+        break;
+    case float_relation_greater:
+        flags = 0x2;
+        break;
+    case float_relation_unordered:
+        flags = 0x3;
+        break;
+    default:
+        g_assert_not_reached();
+    }
+    env->vfp.xregs[ARM_VFP_FPSCR] =
+        deposit32(env->vfp.xregs[ARM_VFP_FPSCR], 28, 4, flags);
+}
+
 /* XXX: check quiet/signaling case */
 #define DO_VFP_cmp(p, type) \
 void VFP_HELPER(cmp, p)(type a, type b, CPUARMState *env)  \
 { \
-    uint32_t flags; \
-    switch(type ## _compare_quiet(a, b, &env->vfp.fp_status)) { \
-    case 0: flags = 0x6; break; \
-    case -1: flags = 0x8; break; \
-    case 1: flags = 0x2; break; \
-    default: case 2: flags = 0x3; break; \
-    } \
-    env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
-        | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
+    softfloat_to_vfp_compare(env, \
+        type ## _compare_quiet(a, b, &env->vfp.fp_status)); \
 } \
 void VFP_HELPER(cmpe, p)(type a, type b, CPUARMState *env) \
 { \
-    uint32_t flags; \
-    switch(type ## _compare(a, b, &env->vfp.fp_status)) { \
-    case 0: flags = 0x6; break; \
-    case -1: flags = 0x8; break; \
-    case 1: flags = 0x2; break; \
-    default: case 2: flags = 0x3; break; \
-    } \
-    env->vfp.xregs[ARM_VFP_FPSCR] = (flags << 28) \
-        | (env->vfp.xregs[ARM_VFP_FPSCR] & 0x0fffffff); \
+    softfloat_to_vfp_compare(env, \
+        type ## _compare(a, b, &env->vfp.fp_status)); \
 }
 DO_VFP_cmp(s, float32)
 DO_VFP_cmp(d, float64)
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Given that we mask bits properly on set, there is no reason
to mask them again on get.  We failed to clear the exception
status bits, 0x9f, which means that the wrong value would be
returned on get.  Except in the (probably normal) case in which
the set clears all of the bits.

Simplify the code in set to also clear the RES0 bits.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190209033847.9014-10-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
     int i;
     uint32_t fpscr;
 
-    fpscr = (env->vfp.xregs[ARM_VFP_FPSCR] & 0xffc8ffff)
+    fpscr = env->vfp.xregs[ARM_VFP_FPSCR]
             | (env->vfp.vec_len << 16)
             | (env->vfp.vec_stride << 20);
 
@@ -XXX,XX +XXX,XX @@ static inline int vfp_exceptbits_to_host(int target_bits)
 void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
 {
     int i;
-    uint32_t changed;
+    uint32_t changed = env->vfp.xregs[ARM_VFP_FPSCR];
 
     /* When ARMv8.2-FP16 is not supported, FZ16 is RES0.  */
     if (!cpu_isar_feature(aa64_fp16, arm_env_get_cpu(env))) {
@@ -XXX,XX +XXX,XX @@ void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
 
     /*
      * We don't implement trapped exception handling, so the
-     * trap enable bits are all RAZ/WI (not RES0!)
+     * trap enable bits, IDE|IXE|UFE|OFE|DZE|IOE are all RAZ/WI (not RES0!)
+     *
+     * If we exclude the exception flags, IOC|DZC|OFC|UFC|IXC|IDC
+     * (which are stored in fp_status), and the other RES0 bits
+     * in between, then we clear all of the low 16 bits.
      */
-    val &= ~(FPCR_IDE | FPCR_IXE | FPCR_UFE | FPCR_OFE | FPCR_DZE | FPCR_IOE);
-
-    changed = env->vfp.xregs[ARM_VFP_FPSCR];
-    env->vfp.xregs[ARM_VFP_FPSCR] = (val & 0xffc8ffff);
+    env->vfp.xregs[ARM_VFP_FPSCR] = val & 0xffc80000;
     env->vfp.vec_len = (val >> 16) & 7;
     env->vfp.vec_stride = (val >> 20) & 3;
 
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Change the representation of this field such that it is easy
to set from vector code.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190209033847.9014-11-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h         |  5 ++++-
 target/arm/helper.c      | 19 +++++++++++++++----
 target/arm/neon_helper.c |  2 +-
 target/arm/vec_helper.c  |  2 +-
 4 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ typedef struct CPUARMState {
         ARMPredicateReg preg_tmp;
 #endif
 
-        uint32_t xregs[16];
         /* We store these fpcsr fields separately for convenience.  */
+        uint32_t qc[4] QEMU_ALIGNED(16);
         int vec_len;
         int vec_stride;
 
+        uint32_t xregs[16];
+
         /* Scratch space for aa32 neon expansion.  */
         uint32_t scratch[8];
 
@@ -XXX,XX +XXX,XX @@ void vfp_set_fpscr(CPUARMState *env, uint32_t val);
 #define FPCR_FZ16   (1 << 19)   /* ARMv8.2+, FP16 flush-to-zero */
 #define FPCR_FZ     (1 << 24)   /* Flush-to-zero enable bit */
 #define FPCR_DN     (1 << 25)   /* Default NaN enable bit */
+#define FPCR_QC     (1 << 27)   /* Cumulative saturation bit */
 
 static inline uint32_t vfp_get_fpsr(CPUARMState *env)
 {
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static inline int vfp_exceptbits_from_host(int host_bits)
 
 uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
 {
-    int i;
-    uint32_t fpscr;
+    uint32_t i, fpscr;
 
     fpscr = env->vfp.xregs[ARM_VFP_FPSCR]
             | (env->vfp.vec_len << 16)
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(vfp_get_fpscr)(CPUARMState *env)
     /* FZ16 does not generate an input denormal exception.  */
     i |= (get_float_exception_flags(&env->vfp.fp_status_f16)
           & ~float_flag_input_denormal);
-
     fpscr |= vfp_exceptbits_from_host(i);
+
+    i = env->vfp.qc[0] | env->vfp.qc[1] | env->vfp.qc[2] | env->vfp.qc[3];
+    fpscr |= i ? FPCR_QC : 0;
+
     return fpscr;
 }
 
@@ -XXX,XX +XXX,XX @@ void HELPER(vfp_set_fpscr)(CPUARMState *env, uint32_t val)
      * (which are stored in fp_status), and the other RES0 bits
      * in between, then we clear all of the low 16 bits.
      */
-    env->vfp.xregs[ARM_VFP_FPSCR] = val & 0xffc80000;
+    env->vfp.xregs[ARM_VFP_FPSCR] = val & 0xf7c80000;
     env->vfp.vec_len = (val >> 16) & 7;
     env->vfp.vec_stride = (val >> 20) & 3;
 
+    /*
+     * The bit we set within fpscr_q is arbitrary; the register as a
+     * whole being zero/non-zero is what counts.
+     */
+    env->vfp.qc[0] = val & FPCR_QC;
+    env->vfp.qc[1] = 0;
+    env->vfp.qc[2] = 0;
+    env->vfp.qc[3] = 0;
+
     changed ^= val;
     if (changed & (3 << 22)) {
         i = (val >> 22) & 3;
diff --git a/target/arm/neon_helper.c b/target/arm/neon_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/neon_helper.c
+++ b/target/arm/neon_helper.c
@@ -XXX,XX +XXX,XX @@
 #define SIGNBIT (uint32_t)0x80000000
 #define SIGNBIT64 ((uint64_t)1 << 63)
 
-#define SET_QC() env->vfp.xregs[ARM_VFP_FPSCR] |= CPSR_Q
+#define SET_QC() env->vfp.qc[0] = 1
 
 #define NEON_TYPE1(name, type) \
 typedef struct \
diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/vec_helper.c
+++ b/target/arm/vec_helper.c
@@ -XXX,XX +XXX,XX @@
 #define H4(x)  (x)
 #endif
 
-#define SET_QC() env->vfp.xregs[ARM_VFP_FPSCR] |= CPSR_Q
+#define SET_QC() env->vfp.qc[0] = 1
 
 static void clear_tail(void *vd, uintptr_t opr_sz, uintptr_t max_sz)
 {
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

For same-sign saturation, we have tcg vector operations.  We can
compute the QC bit by comparing the saturated value against the
unsaturated value.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190209033847.9014-12-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.h        |  33 +++++++
 target/arm/translate.h     |   4 +
 target/arm/translate-a64.c |  36 ++++----
 target/arm/translate.c     | 172 +++++++++++++++++++++++++++++++------
 target/arm/vec_helper.c    | 130 ++++++++++++++++++++++++++++
 5 files changed, 331 insertions(+), 44 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_FLAGS_6(gvec_fmla_idx_s, TCG_CALL_NO_RWG,
 DEF_HELPER_FLAGS_6(gvec_fmla_idx_d, TCG_CALL_NO_RWG,
                    void, ptr, ptr, ptr, ptr, ptr, i32)
 
+DEF_HELPER_FLAGS_5(gvec_uqadd_b, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_uqadd_h, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_uqadd_s, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_uqadd_d, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqadd_b, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqadd_h, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqadd_s, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqadd_d, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_uqsub_b, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_uqsub_h, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_uqsub_s, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_uqsub_d, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqsub_b, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqsub_h, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqsub_s, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+DEF_HELPER_FLAGS_5(gvec_sqsub_d, TCG_CALL_NO_RWG,
+                   void, ptr, ptr, ptr, ptr, i32)
+
 #ifdef TARGET_AARCH64
 #include "helper-a64.h"
 #include "helper-sve.h"
diff --git a/target/arm/translate.h b/target/arm/translate.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -XXX,XX +XXX,XX @@ extern const GVecGen2i ssra_op[4];
 extern const GVecGen2i usra_op[4];
 extern const GVecGen2i sri_op[4];
 extern const GVecGen2i sli_op[4];
+extern const GVecGen4 uqadd_op[4];
+extern const GVecGen4 sqadd_op[4];
+extern const GVecGen4 uqsub_op[4];
+extern const GVecGen4 sqsub_op[4];
 void gen_cmtst_i64(TCGv_i64 d, TCGv_i64 a, TCGv_i64 b);
 
 /*
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
     }
 
     switch (opcode) {
+    case 0x01: /* SQADD, UQADD */
+        tcg_gen_gvec_4(vec_full_reg_offset(s, rd),
+                       offsetof(CPUARMState, vfp.qc),
+                       vec_full_reg_offset(s, rn),
+                       vec_full_reg_offset(s, rm),
+                       is_q ? 16 : 8, vec_full_reg_size(s),
+                       (u ? uqadd_op : sqadd_op) + size);
+        return;
+    case 0x05: /* SQSUB, UQSUB */
+        tcg_gen_gvec_4(vec_full_reg_offset(s, rd),
+                       offsetof(CPUARMState, vfp.qc),
+                       vec_full_reg_offset(s, rn),
+                       vec_full_reg_offset(s, rm),
+                       is_q ? 16 : 8, vec_full_reg_size(s),
+                       (u ? uqsub_op : sqsub_op) + size);
+        return;
     case 0x0c: /* SMAX, UMAX */
         if (u) {
             gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_umax, size);
@@ -XXX,XX +XXX,XX @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
                 genfn = fns[size][u];
                 break;
             }
-            case 0x1: /* SQADD, UQADD */
-            {
-                static NeonGenTwoOpEnvFn * const fns[3][2] = {
-                    { gen_helper_neon_qadd_s8, gen_helper_neon_qadd_u8 },
-                    { gen_helper_neon_qadd_s16, gen_helper_neon_qadd_u16 },
-                    { gen_helper_neon_qadd_s32, gen_helper_neon_qadd_u32 },
-                };
-                genenvfn = fns[size][u];
-                break;
-            }
             case 0x2: /* SRHADD, URHADD */
             {
                 static NeonGenTwoOpFn * const fns[3][2] = {
@@ -XXX,XX +XXX,XX @@ static void disas_simd_3same_int(DisasContext *s, uint32_t insn)
                 genfn = fns[size][u];
                 break;
             }
-            case 0x5: /* SQSUB, UQSUB */
-            {
-                static NeonGenTwoOpEnvFn * const fns[3][2] = {
-                    { gen_helper_neon_qsub_s8, gen_helper_neon_qsub_u8 },
-                    { gen_helper_neon_qsub_s16, gen_helper_neon_qsub_u16 },
-                    { gen_helper_neon_qsub_s32, gen_helper_neon_qsub_u32 },
-                };
-                genenvfn = fns[size][u];
-                break;
-            }
             case 0x8: /* SSHL, USHL */
             {
                 static NeonGenTwoOpFn * const fns[3][2] = {
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ const GVecGen3 cmtst_op[4] = {
       .vece = MO_64 },
 };
 
+static void gen_uqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
+                          TCGv_vec a, TCGv_vec b)
+{
+    TCGv_vec x = tcg_temp_new_vec_matching(t);
+    tcg_gen_add_vec(vece, x, a, b);
+    tcg_gen_usadd_vec(vece, t, a, b);
+    tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
+    tcg_gen_or_vec(vece, sat, sat, x);
+    tcg_temp_free_vec(x);
+}
+
+const GVecGen4 uqadd_op[4] = {
+    { .fniv = gen_uqadd_vec,
+      .fno = gen_helper_gvec_uqadd_b,
+      .opc = INDEX_op_usadd_vec,
+      .write_aofs = true,
+      .vece = MO_8 },
+    { .fniv = gen_uqadd_vec,
+      .fno = gen_helper_gvec_uqadd_h,
+      .opc = INDEX_op_usadd_vec,
+      .write_aofs = true,
+      .vece = MO_16 },
+    { .fniv = gen_uqadd_vec,
+      .fno = gen_helper_gvec_uqadd_s,
+      .opc = INDEX_op_usadd_vec,
+      .write_aofs = true,
+      .vece = MO_32 },
+    { .fniv = gen_uqadd_vec,
+      .fno = gen_helper_gvec_uqadd_d,
+      .opc = INDEX_op_usadd_vec,
+      .write_aofs = true,
+      .vece = MO_64 },
+};
+
+static void gen_sqadd_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
+                          TCGv_vec a, TCGv_vec b)
+{
+    TCGv_vec x = tcg_temp_new_vec_matching(t);
+    tcg_gen_add_vec(vece, x, a, b);
+    tcg_gen_ssadd_vec(vece, t, a, b);
+    tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
+    tcg_gen_or_vec(vece, sat, sat, x);
+    tcg_temp_free_vec(x);
+}
+
+const GVecGen4 sqadd_op[4] = {
+    { .fniv = gen_sqadd_vec,
+      .fno = gen_helper_gvec_sqadd_b,
+      .opc = INDEX_op_ssadd_vec,
+      .write_aofs = true,
+      .vece = MO_8 },
+    { .fniv = gen_sqadd_vec,
+      .fno = gen_helper_gvec_sqadd_h,
+      .opc = INDEX_op_ssadd_vec,
+      .write_aofs = true,
+      .vece = MO_16 },
+    { .fniv = gen_sqadd_vec,
+      .fno = gen_helper_gvec_sqadd_s,
+      .opc = INDEX_op_ssadd_vec,
+      .write_aofs = true,
+      .vece = MO_32 },
+    { .fniv = gen_sqadd_vec,
+      .fno = gen_helper_gvec_sqadd_d,
+      .opc = INDEX_op_ssadd_vec,
+      .write_aofs = true,
+      .vece = MO_64 },
+};
+
+static void gen_uqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
+                          TCGv_vec a, TCGv_vec b)
+{
+    TCGv_vec x = tcg_temp_new_vec_matching(t);
+    tcg_gen_sub_vec(vece, x, a, b);
+    tcg_gen_ussub_vec(vece, t, a, b);
+    tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
+    tcg_gen_or_vec(vece, sat, sat, x);
+    tcg_temp_free_vec(x);
+}
+
+const GVecGen4 uqsub_op[4] = {
+    { .fniv = gen_uqsub_vec,
+      .fno = gen_helper_gvec_uqsub_b,
+      .opc = INDEX_op_ussub_vec,
+      .write_aofs = true,
+      .vece = MO_8 },
+    { .fniv = gen_uqsub_vec,
+      .fno = gen_helper_gvec_uqsub_h,
+      .opc = INDEX_op_ussub_vec,
+      .write_aofs = true,
+      .vece = MO_16 },
+    { .fniv = gen_uqsub_vec,
+      .fno = gen_helper_gvec_uqsub_s,
+      .opc = INDEX_op_ussub_vec,
+      .write_aofs = true,
+      .vece = MO_32 },
+    { .fniv = gen_uqsub_vec,
+      .fno = gen_helper_gvec_uqsub_d,
+      .opc = INDEX_op_ussub_vec,
+      .write_aofs = true,
+      .vece = MO_64 },
+};
+
+static void gen_sqsub_vec(unsigned vece, TCGv_vec t, TCGv_vec sat,
+                          TCGv_vec a, TCGv_vec b)
+{
+    TCGv_vec x = tcg_temp_new_vec_matching(t);
+    tcg_gen_sub_vec(vece, x, a, b);
+    tcg_gen_sssub_vec(vece, t, a, b);
+    tcg_gen_cmp_vec(TCG_COND_NE, vece, x, x, t);
+    tcg_gen_or_vec(vece, sat, sat, x);
+    tcg_temp_free_vec(x);
+}
+
+const GVecGen4 sqsub_op[4] = {
+    { .fniv = gen_sqsub_vec,
+      .fno = gen_helper_gvec_sqsub_b,
+      .opc = INDEX_op_sssub_vec,
+      .write_aofs = true,
+      .vece = MO_8 },
+    { .fniv = gen_sqsub_vec,
+      .fno = gen_helper_gvec_sqsub_h,
+      .opc = INDEX_op_sssub_vec,
+      .write_aofs = true,
+      .vece = MO_16 },
+    { .fniv = gen_sqsub_vec,
+      .fno = gen_helper_gvec_sqsub_s,
+      .opc = INDEX_op_sssub_vec,
+      .write_aofs = true,
+      .vece = MO_32 },
+    { .fniv = gen_sqsub_vec,
+      .fno = gen_helper_gvec_sqsub_d,
+      .opc = INDEX_op_sssub_vec,
+      .write_aofs = true,
+      .vece = MO_64 },
+};
+
 /* Translate a NEON data processing instruction.  Return nonzero if the
    instruction is invalid.
    We process data in a mixture of 32-bit and 64-bit chunks.
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
             }
             return 0;
 
+        case NEON_3R_VQADD:
+            tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
+                           rn_ofs, rm_ofs, vec_size, vec_size,
+                           (u ? uqadd_op : sqadd_op) + size);
+            break;
+
+        case NEON_3R_VQSUB:
+            tcg_gen_gvec_4(rd_ofs, offsetof(CPUARMState, vfp.qc),
+                           rn_ofs, rm_ofs, vec_size, vec_size,
+                           (u ? uqsub_op : sqsub_op) + size);
+            break;
+
         case NEON_3R_VMUL: /* VMUL */
             if (u) {
                 /* Polynomial case allows only P8 and is handled below.  */
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
                 neon_load_reg64(cpu_V0, rn + pass);
                 neon_load_reg64(cpu_V1, rm + pass);
                 switch (op) {
-                case NEON_3R_VQADD:
-                    if (u) {
-                        gen_helper_neon_qadd_u64(cpu_V0, cpu_env,
-                                                 cpu_V0, cpu_V1);
-                    } else {
-                        gen_helper_neon_qadd_s64(cpu_V0, cpu_env,
-                                                 cpu_V0, cpu_V1);
-                    }
-                    break;
-                case NEON_3R_VQSUB:
-                    if (u) {
-                        gen_helper_neon_qsub_u64(cpu_V0, cpu_env,
-                                                 cpu_V0, cpu_V1);
-                    } else {
-                        gen_helper_neon_qsub_s64(cpu_V0, cpu_env,
-                                                 cpu_V0, cpu_V1);
-                    }
-                    break;
                 case NEON_3R_VSHL:
                     if (u) {
                         gen_helper_neon_shl_u64(cpu_V0, cpu_V1, cpu_V0);
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
         case NEON_3R_VHADD:
             GEN_NEON_INTEGER_OP(hadd);
             break;
-        case NEON_3R_VQADD:
-            GEN_NEON_INTEGER_OP_ENV(qadd);
-            break;
         case NEON_3R_VRHADD:
             GEN_NEON_INTEGER_OP(rhadd);
             break;
         case NEON_3R_VHSUB:
             GEN_NEON_INTEGER_OP(hsub);
             break;
-        case NEON_3R_VQSUB:
-            GEN_NEON_INTEGER_OP_ENV(qsub);
-            break;
         case NEON_3R_VSHL:
             GEN_NEON_INTEGER_OP(shl);
             break;
diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/vec_helper.c
+++ b/target/arm/vec_helper.c
@@ -XXX,XX +XXX,XX @@ DO_FMLA_IDX(gvec_fmla_idx_s, float32, H4)
 DO_FMLA_IDX(gvec_fmla_idx_d, float64, )
 
 #undef DO_FMLA_IDX
+
+#define DO_SAT(NAME, WTYPE, TYPEN, TYPEM, OP, MIN, MAX) \
+void HELPER(NAME)(void *vd, void *vq, void *vn, void *vm, uint32_t desc)   \
+{                                                                          \
+    intptr_t i, oprsz = simd_oprsz(desc);                                  \
+    TYPEN *d = vd, *n = vn; TYPEM *m = vm;                                 \
+    bool q = false;                                                        \
+    for (i = 0; i < oprsz / sizeof(TYPEN); i++) {                          \
+        WTYPE dd = (WTYPE)n[i] OP m[i];                                    \
+        if (dd < MIN) {                                                    \
+            dd = MIN;                                                      \
+            q = true;                                                      \
+        } else if (dd > MAX) {                                             \
+            dd = MAX;                                                      \
+            q = true;                                                      \
+        }                                                                  \
+        d[i] = dd;                                                         \
+    }                                                                      \
+    if (q) {                                                               \
+        uint32_t *qc = vq;                                                 \
+        qc[0] = 1;                                                         \
+    }                                                                      \
+    clear_tail(d, oprsz, simd_maxsz(desc));                                \
+}
+
+DO_SAT(gvec_uqadd_b, int, uint8_t, uint8_t, +, 0, UINT8_MAX)
+DO_SAT(gvec_uqadd_h, int, uint16_t, uint16_t, +, 0, UINT16_MAX)
+DO_SAT(gvec_uqadd_s, int64_t, uint32_t, uint32_t, +, 0, UINT32_MAX)
+
+DO_SAT(gvec_sqadd_b, int, int8_t, int8_t, +, INT8_MIN, INT8_MAX)
+DO_SAT(gvec_sqadd_h, int, int16_t, int16_t, +, INT16_MIN, INT16_MAX)
+DO_SAT(gvec_sqadd_s, int64_t, int32_t, int32_t, +, INT32_MIN, INT32_MAX)
+
+DO_SAT(gvec_uqsub_b, int, uint8_t, uint8_t, -, 0, UINT8_MAX)
+DO_SAT(gvec_uqsub_h, int, uint16_t, uint16_t, -, 0, UINT16_MAX)
+DO_SAT(gvec_uqsub_s, int64_t, uint32_t, uint32_t, -, 0, UINT32_MAX)
+
+DO_SAT(gvec_sqsub_b, int, int8_t, int8_t, -, INT8_MIN, INT8_MAX)
+DO_SAT(gvec_sqsub_h, int, int16_t, int16_t, -, INT16_MIN, INT16_MAX)
+DO_SAT(gvec_sqsub_s, int64_t, int32_t, int32_t, -, INT32_MIN, INT32_MAX)
+
+#undef DO_SAT
+
+void HELPER(gvec_uqadd_d)(void *vd, void *vq, void *vn,
+                          void *vm, uint32_t desc)
+{
+    intptr_t i, oprsz = simd_oprsz(desc);
+    uint64_t *d = vd, *n = vn, *m = vm;
+    bool q = false;
+
+    for (i = 0; i < oprsz / 8; i++) {
+        uint64_t nn = n[i], mm = m[i], dd = nn + mm;
+        if (dd < nn) {
+            dd = UINT64_MAX;
+            q = true;
+        }
+        d[i] = dd;
+    }
+    if (q) {
+        uint32_t *qc = vq;
+        qc[0] = 1;
+    }
+    clear_tail(d, oprsz, simd_maxsz(desc));
+}
+
+void HELPER(gvec_uqsub_d)(void *vd, void *vq, void *vn,
+                          void *vm, uint32_t desc)
+{
+    intptr_t i, oprsz = simd_oprsz(desc);
+    uint64_t *d = vd, *n = vn, *m = vm;
+    bool q = false;
+
+    for (i = 0; i < oprsz / 8; i++) {
+        uint64_t nn = n[i], mm = m[i], dd = nn - mm;
+        if (nn < mm) {
+            dd = 0;
+            q = true;
+        }
+        d[i] = dd;
+    }
+    if (q) {
+        uint32_t *qc = vq;
+        qc[0] = 1;
+    }
+    clear_tail(d, oprsz, simd_maxsz(desc));
+}
+
+void HELPER(gvec_sqadd_d)(void *vd, void *vq, void *vn,
+                          void *vm, uint32_t desc)
+{
+    intptr_t i, oprsz = simd_oprsz(desc);
+    int64_t *d = vd, *n = vn, *m = vm;
+    bool q = false;
+
+    for (i = 0; i < oprsz / 8; i++) {
+        int64_t nn = n[i], mm = m[i], dd = nn + mm;
+        if (((dd ^ nn) & ~(nn ^ mm)) & INT64_MIN) {
+            dd = (nn >> 63) ^ ~INT64_MIN;
+            q = true;
+        }
+        d[i] = dd;
+    }
+    if (q) {
+        uint32_t *qc = vq;
+        qc[0] = 1;
+    }
+    clear_tail(d, oprsz, simd_maxsz(desc));
+}
+
+void HELPER(gvec_sqsub_d)(void *vd, void *vq, void *vn,
+                          void *vm, uint32_t desc)
+{
+    intptr_t i, oprsz = simd_oprsz(desc);
+    int64_t *d = vd, *n = vn, *m = vm;
+    bool q = false;
+
+    for (i = 0; i < oprsz / 8; i++) {
+        int64_t nn = n[i], mm = m[i], dd = nn - mm;
+        if (((dd ^ nn) & (nn ^ mm)) & INT64_MIN) {
+            dd = (nn >> 63) ^ ~INT64_MIN;
+            q = true;
+        }
+        d[i] = dd;
+    }
+    if (q) {
+        uint32_t *qc = vq;
+        qc[0] = 1;
+    }
+    clear_tail(d, oprsz, simd_maxsz(desc));
+}
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Fortunately, the functions affected are so far only called from SVE,
so there is no tail to be cleared.  But as we convert more of AdvSIMD
to gvec, this will matter.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190209033847.9014-13-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/vec_helper.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/target/arm/vec_helper.c b/target/arm/vec_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/vec_helper.c
+++ b/target/arm/vec_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(NAME)(void *vd, void *vn, void *stat, uint32_t desc)  \
     for (i = 0; i < oprsz / sizeof(TYPE); i++) {                  \
         d[i] = FUNC(n[i], stat);                                  \
     }                                                             \
+    clear_tail(d, oprsz, simd_maxsz(desc));                       \
 }
 
 DO_2OP(gvec_frecpe_h, helper_recpe_f16, float16)
@@ -XXX,XX +XXX,XX @@ void HELPER(NAME)(void *vd, void *vn, void *vm, void *stat, uint32_t desc) \
     for (i = 0; i < oprsz / sizeof(TYPE); i++) {                           \
         d[i] = FUNC(n[i], m[i], stat);                                     \
     }                                                                      \
+    clear_tail(d, oprsz, simd_maxsz(desc));                                \
 }
 
 DO_3OP(gvec_fadd_h, float16_add, float16)
-- 
2.20.1

From: Sandra Loosemore <sandra@codesourcery.com>

Per the GDB remote protocol documentation

https://sourceware.org/gdb/current/onlinedocs/gdb/Packets.html#index-vKill-packet

the debug stub is expected to send a reply to the 'vKill' packet.  At
least some versions of GDB crash if the gdb stub simply exits without
sending a reply.  This patch fixes QEMU's gdb stub to conform to the
expected behavior.

Note that QEMU's existing handling of the legacy 'k' packet is
correct: in that case GDB does not expect a reply, and QEMU does not
send one.

Signed-off-by: Sandra Loosemore <sandra@codesourcery.com>
Message-id: 1550008033-26540-1-git-send-email-sandra@codesourcery.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 gdbstub.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gdbstub.c b/gdbstub.c
index XXXXXXX..XXXXXXX 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -XXX,XX +XXX,XX @@ static int gdb_handle_packet(GDBState *s, const char *line_buf)
             break;
         } else if (strncmp(p, "Kill;", 5) == 0) {
             /* Kill the target */
+            put_packet(s, "OK");
             error_report("QEMU: Terminated via GDBstub");
             exit(0);
         } else {
-- 
2.20.1

First arm pullreq of 4.2...

thanks
-- PMM

The following changes since commit 27608c7c66bd923eb5e5faab80e795408cbe2b51:

Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20190814a' into staging (2019-08-16 12:00:18 +0100)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20190816

for you to fetch changes up to 664b7e3b97d6376f3329986c465b3782458b0f8b:

target/arm: Use tcg_gen_extrh_i64_i32 to extract the high word (2019-08-16 14:02:53 +0100)

----------------------------------------------------------------
target-arm queue:
 * target/arm: generate a custom MIDR for -cpu max
 * hw/misc/zynq_slcr: refactor to use standard register definition
 * Set ENET_BD_BDU in I.MX FEC controller
 * target/arm: Fix routing of singlestep exceptions
 * refactor a32/t32 decoder handling of PC
 * minor optimisations/cleanups of some a32/t32 codegen
 * target/arm/cpu64: Ensure kvm really supports aarch64=off
 * target/arm/cpu: Ensure we can use the pmu with kvm
 * target/arm: Minor cleanups preparatory to KVM SVE support

----------------------------------------------------------------
Aaron Hill (1):
      Set ENET_BD_BDU in I.MX FEC controller

Alex Bennée (1):
      target/arm: generate a custom MIDR for -cpu max

Andrew Jones (6):
      target/arm/cpu64: Ensure kvm really supports aarch64=off
      target/arm/cpu: Ensure we can use the pmu with kvm
      target/arm/helper: zcr: Add build bug next to value range assumption
      target/arm/cpu: Use div-round-up to determine predicate register array size
      target/arm/kvm64: Fix error returns
      target/arm/kvm64: Move the get/put of fpsimd registers out

Damien Hedde (1):
      hw/misc/zynq_slcr: use standard register definition

Peter Maydell (2):
      target/arm: Factor out 'generate singlestep exception' function
      target/arm: Fix routing of singlestep exceptions

Richard Henderson (18):
      target/arm: Pass in pc to thumb_insn_is_16bit
      target/arm: Introduce pc_curr
      target/arm: Introduce read_pc
      target/arm: Introduce add_reg_for_lit
      target/arm: Remove redundant s->pc & ~1
      target/arm: Replace s->pc with s->base.pc_next
      target/arm: Replace offset with pc in gen_exception_insn
      target/arm: Replace offset with pc in gen_exception_internal_insn
      target/arm: Remove offset argument to gen_exception_bkpt_insn
      target/arm: Use unallocated_encoding for aarch32
      target/arm: Remove helper_double_saturate
      target/arm: Use tcg_gen_extract_i32 for shifter_out_im
      target/arm: Use tcg_gen_deposit_i32 for PKHBT, PKHTB
      target/arm: Remove redundant shift tests
      target/arm: Use ror32 instead of open-coding the operation
      target/arm: Use tcg_gen_rotri_i32 for gen_swap_half
      target/arm: Simplify SMMLA, SMMLAR, SMMLS, SMMLSR
      target/arm: Use tcg_gen_extrh_i64_i32 to extract the high word

From: Alex Bennée <alex.bennee@linaro.org>

While most features are now detected by probing the ID_* registers
kernels can (and do) use MIDR_EL1 for working out of they have to
apply errata. This can trip up warnings in the kernel as it tries to
work out if it should apply workarounds to features that don't
actually exist in the reported CPU type.

Avoid this problem by synthesising our own MIDR value.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190726113950.7499-1-alex.bennee@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/cpu.h   |  6 ++++++
 target/arm/cpu64.c | 19 +++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ FIELD(V7M_FPCCR, ASPEN, 31, 1)
 /*
  * System register ID fields.
  */
+FIELD(MIDR_EL1, REVISION, 0, 4)
+FIELD(MIDR_EL1, PARTNUM, 4, 12)
+FIELD(MIDR_EL1, ARCHITECTURE, 16, 4)
+FIELD(MIDR_EL1, VARIANT, 20, 4)
+FIELD(MIDR_EL1, IMPLEMENTER, 24, 8)
+
 FIELD(ID_ISAR0, SWAP, 0, 4)
 FIELD(ID_ISAR0, BITCOUNT, 4, 4)
 FIELD(ID_ISAR0, BITFIELD, 8, 4)
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -XXX,XX +XXX,XX @@ static void aarch64_max_initfn(Object *obj)
         uint32_t u;
         aarch64_a57_initfn(obj);
 
+        /*
+         * Reset MIDR so the guest doesn't mistake our 'max' CPU type for a real
+         * one and try to apply errata workarounds or use impdef features we
+         * don't provide.
+         * An IMPLEMENTER field of 0 means "reserved for software use";
+         * ARCHITECTURE must be 0xf indicating "v7 or later, check ID registers
+         * to see which features are present";
+         * the VARIANT, PARTNUM and REVISION fields are all implementation
+         * defined and we choose to define PARTNUM just in case guest
+         * code needs to distinguish this QEMU CPU from other software
+         * implementations, though this shouldn't be needed.
+         */
+        t = FIELD_DP64(0, MIDR_EL1, IMPLEMENTER, 0);
+        t = FIELD_DP64(t, MIDR_EL1, ARCHITECTURE, 0xf);
+        t = FIELD_DP64(t, MIDR_EL1, PARTNUM, 'Q');
+        t = FIELD_DP64(t, MIDR_EL1, VARIANT, 0);
+        t = FIELD_DP64(t, MIDR_EL1, REVISION, 0);
+        cpu->midr = t;
+
         t = cpu->isar.id_aa64isar0;
         t = FIELD_DP64(t, ID_AA64ISAR0, AES, 2); /* AES + PMULL */
         t = FIELD_DP64(t, ID_AA64ISAR0, SHA1, 1);
-- 
2.20.1

From: Damien Hedde <damien.hedde@greensocs.com>

Replace the zynq_slcr registers enum and macros using the
hw/registerfields.h macros.

Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20190729145654.14644-30-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/misc/zynq_slcr.c | 450 ++++++++++++++++++++++----------------------
 1 file changed, 225 insertions(+), 225 deletions(-)

diff --git a/hw/misc/zynq_slcr.c b/hw/misc/zynq_slcr.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/misc/zynq_slcr.c
+++ b/hw/misc/zynq_slcr.c
@@ -XXX,XX +XXX,XX @@
 #include "sysemu/sysemu.h"
 #include "qemu/log.h"
 #include "qemu/module.h"
+#include "hw/registerfields.h"
 
 #ifndef ZYNQ_SLCR_ERR_DEBUG
 #define ZYNQ_SLCR_ERR_DEBUG 0
@@ -XXX,XX +XXX,XX @@
 #define XILINX_LOCK_KEY 0x767b
 #define XILINX_UNLOCK_KEY 0xdf0d
 
-#define R_PSS_RST_CTRL_SOFT_RST 0x1
+REG32(SCL, 0x000)
+REG32(LOCK, 0x004)
+REG32(UNLOCK, 0x008)
+REG32(LOCKSTA, 0x00c)
 
-enum {
-    SCL             = 0x000 / 4,
-    LOCK,
-    UNLOCK,
-    LOCKSTA,
+REG32(ARM_PLL_CTRL, 0x100)
+REG32(DDR_PLL_CTRL, 0x104)
+REG32(IO_PLL_CTRL, 0x108)
+REG32(PLL_STATUS, 0x10c)
+REG32(ARM_PLL_CFG, 0x110)
+REG32(DDR_PLL_CFG, 0x114)
+REG32(IO_PLL_CFG, 0x118)
 
-    ARM_PLL_CTRL    = 0x100 / 4,
-    DDR_PLL_CTRL,
-    IO_PLL_CTRL,
-    PLL_STATUS,
-    ARM_PLL_CFG,
-    DDR_PLL_CFG,
-    IO_PLL_CFG,
-
-    ARM_CLK_CTRL    = 0x120 / 4,
-    DDR_CLK_CTRL,
-    DCI_CLK_CTRL,
-    APER_CLK_CTRL,
-    USB0_CLK_CTRL,
-    USB1_CLK_CTRL,
-    GEM0_RCLK_CTRL,
-    GEM1_RCLK_CTRL,
-    GEM0_CLK_CTRL,
-    GEM1_CLK_CTRL,
-    SMC_CLK_CTRL,
-    LQSPI_CLK_CTRL,
-    SDIO_CLK_CTRL,
-    UART_CLK_CTRL,
-    SPI_CLK_CTRL,
-    CAN_CLK_CTRL,
-    CAN_MIOCLK_CTRL,
-    DBG_CLK_CTRL,
-    PCAP_CLK_CTRL,
-    TOPSW_CLK_CTRL,
+REG32(ARM_CLK_CTRL, 0x120)
+REG32(DDR_CLK_CTRL, 0x124)
+REG32(DCI_CLK_CTRL, 0x128)
+REG32(APER_CLK_CTRL, 0x12c)
+REG32(USB0_CLK_CTRL, 0x130)
+REG32(USB1_CLK_CTRL, 0x134)
+REG32(GEM0_RCLK_CTRL, 0x138)
+REG32(GEM1_RCLK_CTRL, 0x13c)
+REG32(GEM0_CLK_CTRL, 0x140)
+REG32(GEM1_CLK_CTRL, 0x144)
+REG32(SMC_CLK_CTRL, 0x148)
+REG32(LQSPI_CLK_CTRL, 0x14c)
+REG32(SDIO_CLK_CTRL, 0x150)
+REG32(UART_CLK_CTRL, 0x154)
+REG32(SPI_CLK_CTRL, 0x158)
+REG32(CAN_CLK_CTRL, 0x15c)
+REG32(CAN_MIOCLK_CTRL, 0x160)
+REG32(DBG_CLK_CTRL, 0x164)
+REG32(PCAP_CLK_CTRL, 0x168)
+REG32(TOPSW_CLK_CTRL, 0x16c)
 
 #define FPGA_CTRL_REGS(n, start) \
-    FPGA ## n ## _CLK_CTRL = (start) / 4, \
-    FPGA ## n ## _THR_CTRL, \
-    FPGA ## n ## _THR_CNT, \
-    FPGA ## n ## _THR_STA,
-    FPGA_CTRL_REGS(0, 0x170)
-    FPGA_CTRL_REGS(1, 0x180)
-    FPGA_CTRL_REGS(2, 0x190)
-    FPGA_CTRL_REGS(3, 0x1a0)
+    REG32(FPGA ## n ## _CLK_CTRL, (start)) \
+    REG32(FPGA ## n ## _THR_CTRL, (start) + 0x4)\
+    REG32(FPGA ## n ## _THR_CNT,  (start) + 0x8)\
+    REG32(FPGA ## n ## _THR_STA,  (start) + 0xc)
+FPGA_CTRL_REGS(0, 0x170)
+FPGA_CTRL_REGS(1, 0x180)
+FPGA_CTRL_REGS(2, 0x190)
+FPGA_CTRL_REGS(3, 0x1a0)
 
-    BANDGAP_TRIP    = 0x1b8 / 4,
-    PLL_PREDIVISOR  = 0x1c0 / 4,
-    CLK_621_TRUE,
+REG32(BANDGAP_TRIP, 0x1b8)
+REG32(PLL_PREDIVISOR, 0x1c0)
+REG32(CLK_621_TRUE, 0x1c4)
 
-    PSS_RST_CTRL    = 0x200 / 4,
-    DDR_RST_CTRL,
-    TOPSW_RESET_CTRL,
-    DMAC_RST_CTRL,
-    USB_RST_CTRL,
-    GEM_RST_CTRL,
-    SDIO_RST_CTRL,
-    SPI_RST_CTRL,
-    CAN_RST_CTRL,
-    I2C_RST_CTRL,
-    UART_RST_CTRL,
-    GPIO_RST_CTRL,
-    LQSPI_RST_CTRL,
-    SMC_RST_CTRL,
-    OCM_RST_CTRL,
-    FPGA_RST_CTRL   = 0x240 / 4,
-    A9_CPU_RST_CTRL,
+REG32(PSS_RST_CTRL, 0x200)
+    FIELD(PSS_RST_CTRL, SOFT_RST, 0, 1)
+REG32(DDR_RST_CTRL, 0x204)
+REG32(TOPSW_RESET_CTRL, 0x208)
+REG32(DMAC_RST_CTRL, 0x20c)
+REG32(USB_RST_CTRL, 0x210)
+REG32(GEM_RST_CTRL, 0x214)
+REG32(SDIO_RST_CTRL, 0x218)
+REG32(SPI_RST_CTRL, 0x21c)
+REG32(CAN_RST_CTRL, 0x220)
+REG32(I2C_RST_CTRL, 0x224)
+REG32(UART_RST_CTRL, 0x228)
+REG32(GPIO_RST_CTRL, 0x22c)
+REG32(LQSPI_RST_CTRL, 0x230)
+REG32(SMC_RST_CTRL, 0x234)
+REG32(OCM_RST_CTRL, 0x238)
+REG32(FPGA_RST_CTRL, 0x240)
+REG32(A9_CPU_RST_CTRL, 0x244)
 
-    RS_AWDT_CTRL    = 0x24c / 4,
-    RST_REASON,
+REG32(RS_AWDT_CTRL, 0x24c)
+REG32(RST_REASON, 0x250)
 
-    REBOOT_STATUS   = 0x258 / 4,
-    BOOT_MODE,
+REG32(REBOOT_STATUS, 0x258)
+REG32(BOOT_MODE, 0x25c)
 
-    APU_CTRL        = 0x300 / 4,
-    WDT_CLK_SEL,
+REG32(APU_CTRL, 0x300)
+REG32(WDT_CLK_SEL, 0x304)
 
-    TZ_DMA_NS       = 0x440 / 4,
-    TZ_DMA_IRQ_NS,
-    TZ_DMA_PERIPH_NS,
+REG32(TZ_DMA_NS, 0x440)
+REG32(TZ_DMA_IRQ_NS, 0x444)
+REG32(TZ_DMA_PERIPH_NS, 0x448)
 
-    PSS_IDCODE      = 0x530 / 4,
+REG32(PSS_IDCODE, 0x530)
 
-    DDR_URGENT      = 0x600 / 4,
-    DDR_CAL_START   = 0x60c / 4,
-    DDR_REF_START   = 0x614 / 4,
-    DDR_CMD_STA,
-    DDR_URGENT_SEL,
-    DDR_DFI_STATUS,
+REG32(DDR_URGENT, 0x600)
+REG32(DDR_CAL_START, 0x60c)
+REG32(DDR_REF_START, 0x614)
+REG32(DDR_CMD_STA, 0x618)
+REG32(DDR_URGENT_SEL, 0x61c)
+REG32(DDR_DFI_STATUS, 0x620)
 
-    MIO             = 0x700 / 4,
+REG32(MIO, 0x700)
 #define MIO_LENGTH 54
 
-    MIO_LOOPBACK    = 0x804 / 4,
-    MIO_MST_TRI0,
-    MIO_MST_TRI1,
+REG32(MIO_LOOPBACK, 0x804)
+REG32(MIO_MST_TRI0, 0x808)
+REG32(MIO_MST_TRI1, 0x80c)
 
-    SD0_WP_CD_SEL   = 0x830 / 4,
-    SD1_WP_CD_SEL,
+REG32(SD0_WP_CD_SEL, 0x830)
+REG32(SD1_WP_CD_SEL, 0x834)
 
-    LVL_SHFTR_EN    = 0x900 / 4,
-    OCM_CFG         = 0x910 / 4,
+REG32(LVL_SHFTR_EN, 0x900)
+REG32(OCM_CFG, 0x910)
 
-    CPU_RAM         = 0xa00 / 4,
+REG32(CPU_RAM, 0xa00)
 
-    IOU             = 0xa30 / 4,
+REG32(IOU, 0xa30)
 
-    DMAC_RAM        = 0xa50 / 4,
+REG32(DMAC_RAM, 0xa50)
 
-    AFI0            = 0xa60 / 4,
-    AFI1 = AFI0 + 3,
-    AFI2 = AFI1 + 3,
-    AFI3 = AFI2 + 3,
+REG32(AFI0, 0xa60)
+REG32(AFI1, 0xa6c)
+REG32(AFI2, 0xa78)
+REG32(AFI3, 0xa84)
 #define AFI_LENGTH 3
 
-    OCM             = 0xa90 / 4,
+REG32(OCM, 0xa90)
 
-    DEVCI_RAM       = 0xaa0 / 4,
+REG32(DEVCI_RAM, 0xaa0)
 
-    CSG_RAM         = 0xab0 / 4,
+REG32(CSG_RAM, 0xab0)
 
-    GPIOB_CTRL      = 0xb00 / 4,
-    GPIOB_CFG_CMOS18,
-    GPIOB_CFG_CMOS25,
-    GPIOB_CFG_CMOS33,
-    GPIOB_CFG_HSTL  = 0xb14 / 4,
-    GPIOB_DRVR_BIAS_CTRL,
+REG32(GPIOB_CTRL, 0xb00)
+REG32(GPIOB_CFG_CMOS18, 0xb04)
+REG32(GPIOB_CFG_CMOS25, 0xb08)
+REG32(GPIOB_CFG_CMOS33, 0xb0c)
+REG32(GPIOB_CFG_HSTL, 0xb14)
+REG32(GPIOB_DRVR_BIAS_CTRL, 0xb18)
 
-    DDRIOB          = 0xb40 / 4,
+REG32(DDRIOB, 0xb40)
 #define DDRIOB_LENGTH 14
-};
 
 #define ZYNQ_SLCR_MMIO_SIZE     0x1000
 #define ZYNQ_SLCR_NUM_REGS      (ZYNQ_SLCR_MMIO_SIZE / 4)
@@ -XXX,XX +XXX,XX @@ static void zynq_slcr_reset(DeviceState *d)
 
     DB_PRINT("RESET\n");
 
-    s->regs[LOCKSTA] = 1;
+    s->regs[R_LOCKSTA] = 1;
     /* 0x100 - 0x11C */
-    s->regs[ARM_PLL_CTRL]   = 0x0001A008;
-    s->regs[DDR_PLL_CTRL]   = 0x0001A008;
-    s->regs[IO_PLL_CTRL]    = 0x0001A008;
-    s->regs[PLL_STATUS]     = 0x0000003F;
-    s->regs[ARM_PLL_CFG]    = 0x00014000;
-    s->regs[DDR_PLL_CFG]    = 0x00014000;
-    s->regs[IO_PLL_CFG]     = 0x00014000;
+    s->regs[R_ARM_PLL_CTRL]   = 0x0001A008;
+    s->regs[R_DDR_PLL_CTRL]   = 0x0001A008;
+    s->regs[R_IO_PLL_CTRL]    = 0x0001A008;
+    s->regs[R_PLL_STATUS]     = 0x0000003F;
+    s->regs[R_ARM_PLL_CFG]    = 0x00014000;
+    s->regs[R_DDR_PLL_CFG]    = 0x00014000;
+    s->regs[R_IO_PLL_CFG]     = 0x00014000;
 
     /* 0x120 - 0x16C */
-    s->regs[ARM_CLK_CTRL]   = 0x1F000400;
-    s->regs[DDR_CLK_CTRL]   = 0x18400003;
-    s->regs[DCI_CLK_CTRL]   = 0x01E03201;
-    s->regs[APER_CLK_CTRL]  = 0x01FFCCCD;
-    s->regs[USB0_CLK_CTRL]  = s->regs[USB1_CLK_CTRL]    = 0x00101941;
-    s->regs[GEM0_RCLK_CTRL] = s->regs[GEM1_RCLK_CTRL]   = 0x00000001;
-    s->regs[GEM0_CLK_CTRL]  = s->regs[GEM1_CLK_CTRL]    = 0x00003C01;
-    s->regs[SMC_CLK_CTRL]   = 0x00003C01;
-    s->regs[LQSPI_CLK_CTRL] = 0x00002821;
-    s->regs[SDIO_CLK_CTRL]  = 0x00001E03;
-    s->regs[UART_CLK_CTRL]  = 0x00003F03;
-    s->regs[SPI_CLK_CTRL]   = 0x00003F03;
-    s->regs[CAN_CLK_CTRL]   = 0x00501903;
-    s->regs[DBG_CLK_CTRL]   = 0x00000F03;
-    s->regs[PCAP_CLK_CTRL]  = 0x00000F01;
+    s->regs[R_ARM_CLK_CTRL]   = 0x1F000400;
+    s->regs[R_DDR_CLK_CTRL]   = 0x18400003;
+    s->regs[R_DCI_CLK_CTRL]   = 0x01E03201;
+    s->regs[R_APER_CLK_CTRL]  = 0x01FFCCCD;
+    s->regs[R_USB0_CLK_CTRL]  = s->regs[R_USB1_CLK_CTRL]  = 0x00101941;
+    s->regs[R_GEM0_RCLK_CTRL] = s->regs[R_GEM1_RCLK_CTRL] = 0x00000001;
+    s->regs[R_GEM0_CLK_CTRL]  = s->regs[R_GEM1_CLK_CTRL]  = 0x00003C01;
+    s->regs[R_SMC_CLK_CTRL]   = 0x00003C01;
+    s->regs[R_LQSPI_CLK_CTRL] = 0x00002821;
+    s->regs[R_SDIO_CLK_CTRL]  = 0x00001E03;
+    s->regs[R_UART_CLK_CTRL]  = 0x00003F03;
+    s->regs[R_SPI_CLK_CTRL]   = 0x00003F03;
+    s->regs[R_CAN_CLK_CTRL]   = 0x00501903;
+    s->regs[R_DBG_CLK_CTRL]   = 0x00000F03;
+    s->regs[R_PCAP_CLK_CTRL]  = 0x00000F01;
 
     /* 0x170 - 0x1AC */
-    s->regs[FPGA0_CLK_CTRL] = s->regs[FPGA1_CLK_CTRL] = s->regs[FPGA2_CLK_CTRL]
-                            = s->regs[FPGA3_CLK_CTRL] = 0x00101800;
-    s->regs[FPGA0_THR_STA] = s->regs[FPGA1_THR_STA] = s->regs[FPGA2_THR_STA]
-                           = s->regs[FPGA3_THR_STA] = 0x00010000;
+    s->regs[R_FPGA0_CLK_CTRL] = s->regs[R_FPGA1_CLK_CTRL]
+                              = s->regs[R_FPGA2_CLK_CTRL]
+                              = s->regs[R_FPGA3_CLK_CTRL] = 0x00101800;
+    s->regs[R_FPGA0_THR_STA] = s->regs[R_FPGA1_THR_STA]
+                             = s->regs[R_FPGA2_THR_STA]
+                             = s->regs[R_FPGA3_THR_STA] = 0x00010000;
 
     /* 0x1B0 - 0x1D8 */
-    s->regs[BANDGAP_TRIP]   = 0x0000001F;
-    s->regs[PLL_PREDIVISOR] = 0x00000001;
-    s->regs[CLK_621_TRUE]   = 0x00000001;
+    s->regs[R_BANDGAP_TRIP]   = 0x0000001F;
+    s->regs[R_PLL_PREDIVISOR] = 0x00000001;
+    s->regs[R_CLK_621_TRUE]   = 0x00000001;
 
     /* 0x200 - 0x25C */
-    s->regs[FPGA_RST_CTRL]  = 0x01F33F0F;
-    s->regs[RST_REASON]     = 0x00000040;
+    s->regs[R_FPGA_RST_CTRL]  = 0x01F33F0F;
+    s->regs[R_RST_REASON]     = 0x00000040;
 
-    s->regs[BOOT_MODE]      = 0x00000001;
+    s->regs[R_BOOT_MODE]      = 0x00000001;
 
     /* 0x700 - 0x7D4 */
     for (i = 0; i < 54; i++) {
-        s->regs[MIO + i] = 0x00001601;
+        s->regs[R_MIO + i] = 0x00001601;
     }
     for (i = 2; i <= 8; i++) {
-        s->regs[MIO + i] = 0x00000601;
+        s->regs[R_MIO + i] = 0x00000601;
     }
 
-    s->regs[MIO_MST_TRI0] = s->regs[MIO_MST_TRI1] = 0xFFFFFFFF;
+    s->regs[R_MIO_MST_TRI0] = s->regs[R_MIO_MST_TRI1] = 0xFFFFFFFF;
 
-    s->regs[CPU_RAM + 0] = s->regs[CPU_RAM + 1] = s->regs[CPU_RAM + 3]
-                         = s->regs[CPU_RAM + 4] = s->regs[CPU_RAM + 7]
-                         = 0x00010101;
-    s->regs[CPU_RAM + 2] = s->regs[CPU_RAM + 5] = 0x01010101;
-    s->regs[CPU_RAM + 6] = 0x00000001;
+    s->regs[R_CPU_RAM + 0] = s->regs[R_CPU_RAM + 1] = s->regs[R_CPU_RAM + 3]
+                           = s->regs[R_CPU_RAM + 4] = s->regs[R_CPU_RAM + 7]
+                           = 0x00010101;
+    s->regs[R_CPU_RAM + 2] = s->regs[R_CPU_RAM + 5] = 0x01010101;
+    s->regs[R_CPU_RAM + 6] = 0x00000001;
 
-    s->regs[IOU + 0] = s->regs[IOU + 1] = s->regs[IOU + 2] = s->regs[IOU + 3]
-                     = 0x09090909;
-    s->regs[IOU + 4] = s->regs[IOU + 5] = 0x00090909;
-    s->regs[IOU + 6] = 0x00000909;
+    s->regs[R_IOU + 0] = s->regs[R_IOU + 1] = s->regs[R_IOU + 2]
+                       = s->regs[R_IOU + 3] = 0x09090909;
+    s->regs[R_IOU + 4] = s->regs[R_IOU + 5] = 0x00090909;
+    s->regs[R_IOU + 6] = 0x00000909;
 
-    s->regs[DMAC_RAM] = 0x00000009;
+    s->regs[R_DMAC_RAM] = 0x00000009;
 
-    s->regs[AFI0 + 0] = s->regs[AFI0 + 1] = 0x09090909;
-    s->regs[AFI1 + 0] = s->regs[AFI1 + 1] = 0x09090909;
-    s->regs[AFI2 + 0] = s->regs[AFI2 + 1] = 0x09090909;
-    s->regs[AFI3 + 0] = s->regs[AFI3 + 1] = 0x09090909;
-    s->regs[AFI0 + 2] = s->regs[AFI1 + 2] = s->regs[AFI2 + 2]
-                      = s->regs[AFI3 + 2] = 0x00000909;
+    s->regs[R_AFI0 + 0] = s->regs[R_AFI0 + 1] = 0x09090909;
+    s->regs[R_AFI1 + 0] = s->regs[R_AFI1 + 1] = 0x09090909;
+    s->regs[R_AFI2 + 0] = s->regs[R_AFI2 + 1] = 0x09090909;
+    s->regs[R_AFI3 + 0] = s->regs[R_AFI3 + 1] = 0x09090909;
+    s->regs[R_AFI0 + 2] = s->regs[R_AFI1 + 2] = s->regs[R_AFI2 + 2]
+                        = s->regs[R_AFI3 + 2] = 0x00000909;
 
-    s->regs[OCM + 0]    = 0x01010101;
-    s->regs[OCM + 1]    = s->regs[OCM + 2] = 0x09090909;
+    s->regs[R_OCM + 0] = 0x01010101;
+    s->regs[R_OCM + 1] = s->regs[R_OCM + 2] = 0x09090909;
 
-    s->regs[DEVCI_RAM]  = 0x00000909;
-    s->regs[CSG_RAM]    = 0x00000001;
+    s->regs[R_DEVCI_RAM] = 0x00000909;
+    s->regs[R_CSG_RAM]   = 0x00000001;
 
-    s->regs[DDRIOB + 0] = s->regs[DDRIOB + 1] = s->regs[DDRIOB + 2]
-                        = s->regs[DDRIOB + 3] = 0x00000e00;
-    s->regs[DDRIOB + 4] = s->regs[DDRIOB + 5] = s->regs[DDRIOB + 6]
-                        = 0x00000e00;
-    s->regs[DDRIOB + 12] = 0x00000021;
+    s->regs[R_DDRIOB + 0] = s->regs[R_DDRIOB + 1] = s->regs[R_DDRIOB + 2]
+                          = s->regs[R_DDRIOB + 3] = 0x00000e00;
+    s->regs[R_DDRIOB + 4] = s->regs[R_DDRIOB + 5] = s->regs[R_DDRIOB + 6]
+                          = 0x00000e00;
+    s->regs[R_DDRIOB + 12] = 0x00000021;
 }
 
 
 static bool zynq_slcr_check_offset(hwaddr offset, bool rnw)
 {
     switch (offset) {
-    case LOCK:
-    case UNLOCK:
-    case DDR_CAL_START:
-    case DDR_REF_START:
+    case R_LOCK:
+    case R_UNLOCK:
+    case R_DDR_CAL_START:
+    case R_DDR_REF_START:
         return !rnw; /* Write only */
-    case LOCKSTA:
-    case FPGA0_THR_STA:
-    case FPGA1_THR_STA:
-    case FPGA2_THR_STA:
-    case FPGA3_THR_STA:
-    case BOOT_MODE:
-    case PSS_IDCODE:
-    case DDR_CMD_STA:
-    case DDR_DFI_STATUS:
-    case PLL_STATUS:
+    case R_LOCKSTA:
+    case R_FPGA0_THR_STA:
+    case R_FPGA1_THR_STA:
+    case R_FPGA2_THR_STA:
+    case R_FPGA3_THR_STA:
+    case R_BOOT_MODE:
+    case R_PSS_IDCODE:
+    case R_DDR_CMD_STA:
+    case R_DDR_DFI_STATUS:
+    case R_PLL_STATUS:
         return rnw;/* read only */
-    case SCL:
-    case ARM_PLL_CTRL ... IO_PLL_CTRL:
-    case ARM_PLL_CFG ... IO_PLL_CFG:
-    case ARM_CLK_CTRL ... TOPSW_CLK_CTRL:
-    case FPGA0_CLK_CTRL ... FPGA0_THR_CNT:
-    case FPGA1_CLK_CTRL ... FPGA1_THR_CNT:
-    case FPGA2_CLK_CTRL ... FPGA2_THR_CNT:
-    case FPGA3_CLK_CTRL ... FPGA3_THR_CNT:
-    case BANDGAP_TRIP:
-    case PLL_PREDIVISOR:
-    case CLK_621_TRUE:
-    case PSS_RST_CTRL ... A9_CPU_RST_CTRL:
-    case RS_AWDT_CTRL:
-    case RST_REASON:
-    case REBOOT_STATUS:
-    case APU_CTRL:
-    case WDT_CLK_SEL:
-    case TZ_DMA_NS ... TZ_DMA_PERIPH_NS:
-    case DDR_URGENT:
-    case DDR_URGENT_SEL:
-    case MIO ... MIO + MIO_LENGTH - 1:
-    case MIO_LOOPBACK ... MIO_MST_TRI1:
-    case SD0_WP_CD_SEL:
-    case SD1_WP_CD_SEL:
-    case LVL_SHFTR_EN:
-    case OCM_CFG:
-    case CPU_RAM:
-    case IOU:
-    case DMAC_RAM:
-    case AFI0 ... AFI3 + AFI_LENGTH - 1:
-    case OCM:
-    case DEVCI_RAM:
-    case CSG_RAM:
-    case GPIOB_CTRL ... GPIOB_CFG_CMOS33:
-    case GPIOB_CFG_HSTL:
-    case GPIOB_DRVR_BIAS_CTRL:
-    case DDRIOB ... DDRIOB + DDRIOB_LENGTH - 1:
+    case R_SCL:
+    case R_ARM_PLL_CTRL ... R_IO_PLL_CTRL:
+    case R_ARM_PLL_CFG ... R_IO_PLL_CFG:
+    case R_ARM_CLK_CTRL ... R_TOPSW_CLK_CTRL:
+    case R_FPGA0_CLK_CTRL ... R_FPGA0_THR_CNT:
+    case R_FPGA1_CLK_CTRL ... R_FPGA1_THR_CNT:
+    case R_FPGA2_CLK_CTRL ... R_FPGA2_THR_CNT:
+    case R_FPGA3_CLK_CTRL ... R_FPGA3_THR_CNT:
+    case R_BANDGAP_TRIP:
+    case R_PLL_PREDIVISOR:
+    case R_CLK_621_TRUE:
+    case R_PSS_RST_CTRL ... R_A9_CPU_RST_CTRL:
+    case R_RS_AWDT_CTRL:
+    case R_RST_REASON:
+    case R_REBOOT_STATUS:
+    case R_APU_CTRL:
+    case R_WDT_CLK_SEL:
+    case R_TZ_DMA_NS ... R_TZ_DMA_PERIPH_NS:
+    case R_DDR_URGENT:
+    case R_DDR_URGENT_SEL:
+    case R_MIO ... R_MIO + MIO_LENGTH - 1:
+    case R_MIO_LOOPBACK ... R_MIO_MST_TRI1:
+    case R_SD0_WP_CD_SEL:
+    case R_SD1_WP_CD_SEL:
+    case R_LVL_SHFTR_EN:
+    case R_OCM_CFG:
+    case R_CPU_RAM:
+    case R_IOU:
+    case R_DMAC_RAM:
+    case R_AFI0 ... R_AFI3 + AFI_LENGTH - 1:
+    case R_OCM:
+    case R_DEVCI_RAM:
+    case R_CSG_RAM:
+    case R_GPIOB_CTRL ... R_GPIOB_CFG_CMOS33:
+    case R_GPIOB_CFG_HSTL:
+    case R_GPIOB_DRVR_BIAS_CTRL:
+    case R_DDRIOB ... R_DDRIOB + DDRIOB_LENGTH - 1:
         return true;
     default:
         return false;
@@ -XXX,XX +XXX,XX @@ static void zynq_slcr_write(void *opaque, hwaddr offset,
     }
 
     switch (offset) {
-    case SCL:
-        s->regs[SCL] = val & 0x1;
+    case R_SCL:
+        s->regs[R_SCL] = val & 0x1;
         return;
-    case LOCK:
+    case R_LOCK:
         if ((val & 0xFFFF) == XILINX_LOCK_KEY) {
             DB_PRINT("XILINX LOCK 0xF8000000 + 0x%x <= 0x%x\n", (int)offset,
                 (unsigned)val & 0xFFFF);
-            s->regs[LOCKSTA] = 1;
+            s->regs[R_LOCKSTA] = 1;
         } else {
             DB_PRINT("WRONG XILINX LOCK KEY 0xF8000000 + 0x%x <= 0x%x\n",
                 (int)offset, (unsigned)val & 0xFFFF);
         }
         return;
-    case UNLOCK:
+    case R_UNLOCK:
         if ((val & 0xFFFF) == XILINX_UNLOCK_KEY) {
             DB_PRINT("XILINX UNLOCK 0xF8000000 + 0x%x <= 0x%x\n", (int)offset,
                 (unsigned)val & 0xFFFF);
-            s->regs[LOCKSTA] = 0;
+            s->regs[R_LOCKSTA] = 0;
         } else {
             DB_PRINT("WRONG XILINX UNLOCK KEY 0xF8000000 + 0x%x <= 0x%x\n",
                 (int)offset, (unsigned)val & 0xFFFF);
@@ -XXX,XX +XXX,XX @@ static void zynq_slcr_write(void *opaque, hwaddr offset,
         return;
     }
 
-    if (s->regs[LOCKSTA]) {
+    if (s->regs[R_LOCKSTA]) {
         qemu_log_mask(LOG_GUEST_ERROR,
                       "SCLR registers are locked. Unlock them first\n");
         return;
@@ -XXX,XX +XXX,XX @@ static void zynq_slcr_write(void *opaque, hwaddr offset,
     s->regs[offset] = val;
 
     switch (offset) {
-    case PSS_RST_CTRL:
-        if (val & R_PSS_RST_CTRL_SOFT_RST) {
+    case R_PSS_RST_CTRL:
+        if (FIELD_EX32(val, PSS_RST_CTRL, SOFT_RST)) {
             qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
         }
         break;
-- 
2.20.1

From: Aaron Hill <aa1ronham@gmail.com>

This commit properly sets the ENET_BD_BDU flag once the emulated FEC controller
has finished processing the last descriptor. This is done for both transmit
and receive descriptors.

This allows the QNX 7.0.0 BSP for the Sabrelite board (which can be
found at http://blackberry.qnx.com/en/developers/bsp) to properly
control the FEC. Without this patch, the BSP ethernet driver will never
re-use FEC descriptors, as the unset ENET_BD_BDU flag will cause
it to believe that the descriptors are still in use by the NIC.

Note that Linux does not appear to use this field at all, and is
unaffected by this patch.

Without this patch, QNX will think that the NIC is still processing its
transaction descriptors, and won't send any more data over the network.

For reference:

On page 1192 of the I.MX 6DQ reference manual revision (Rev. 5, 06/2018),
which can be found at https://www.nxp.com/products/processors-and-microcontrollers/arm-based-processors-and-mcus/i.mx-applications-processors/i.mx-6-processors/i.mx-6quad-processors-high-performance-3d-graphics-hd-video-arm-cortex-a9-core:i.MX6Q?&tab=Documentation_Tab&linkline=Application-Note

the 'BDU' field is described as follows for the 'Enhanced transmit
buffer descriptor':

'Last buffer descriptor update done. Indicates that the last BD data has been updated by
uDMA. This field is written by the user (=0) and uDMA (=1).'

The same description is used for the receive buffer descriptor.

Signed-off-by: Aaron Hill <aa1ronham@gmail.com>
Message-id: 20190805142417.10433-1-aaron.hill@alertinnovation.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/net/imx_fec.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -XXX,XX +XXX,XX @@ static void imx_enet_do_tx(IMXFECState *s, uint32_t index)
             if (bd.option & ENET_BD_TX_INT) {
                 s->regs[ENET_EIR] |= int_txf;
             }
+            /* Indicate that we've updated the last buffer descriptor. */
+            bd.last_buffer = ENET_BD_BDU;
         }
         if (bd.option & ENET_BD_TX_INT) {
             s->regs[ENET_EIR] |= int_txb;
@@ -XXX,XX +XXX,XX @@ static ssize_t imx_enet_receive(NetClientState *nc, const uint8_t *buf,
             /* Last buffer in frame.  */
             bd.flags |= flags | ENET_BD_L;
             FEC_PRINTF("rx frame flags %04x\n", bd.flags);
+            /* Indicate that we've updated the last buffer descriptor. */
+            bd.last_buffer = ENET_BD_BDU;
             if (bd.option & ENET_BD_RX_INT) {
                 s->regs[ENET_EIR] |= ENET_INT_RXF;
             }
-- 
2.20.1

Factor out code to 'generate a singlestep exception', which is
currently repeated in four places.

To do this we need to also pull the identical copies of the
gen-exception() function out of translate-a64.c and translate.c
into translate.h.

(There is a bug in the code: we're taking the exception to the wrong
target EL.  This will be simpler to fix if there's only one place to
do it.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190805130952.4415-2-peter.maydell@linaro.org
---
 target/arm/translate.h     | 23 +++++++++++++++++++++++
 target/arm/translate-a64.c | 19 ++-----------------
 target/arm/translate.c     | 20 ++------------------
 3 files changed, 27 insertions(+), 35 deletions(-)

diff --git a/target/arm/translate.h b/target/arm/translate.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -XXX,XX +XXX,XX @@
 #define TARGET_ARM_TRANSLATE_H
 
 #include "exec/translator.h"
+#include "internals.h"
 
 
 /* internal defines */
@@ -XXX,XX +XXX,XX @@ static inline void gen_ss_advance(DisasContext *s)
     }
 }
 
+static inline void gen_exception(int excp, uint32_t syndrome,
+                                 uint32_t target_el)
+{
+    TCGv_i32 tcg_excp = tcg_const_i32(excp);
+    TCGv_i32 tcg_syn = tcg_const_i32(syndrome);
+    TCGv_i32 tcg_el = tcg_const_i32(target_el);
+
+    gen_helper_exception_with_syndrome(cpu_env, tcg_excp,
+                                       tcg_syn, tcg_el);
+
+    tcg_temp_free_i32(tcg_el);
+    tcg_temp_free_i32(tcg_syn);
+    tcg_temp_free_i32(tcg_excp);
+}
+
+/* Generate an architectural singlestep exception */
+static inline void gen_swstep_exception(DisasContext *s, int isv, int ex)
+{
+    gen_exception(EXCP_UDEF, syn_swstep(s->ss_same_el, isv, ex),
+                  default_exception_el(s));
+}
+
 /*
  * Given a VFP floating point constant encoded into an 8 bit immediate in an
  * instruction, expand it to the actual constant value of the specified
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal(int excp)
     tcg_temp_free_i32(tcg_excp);
 }
 
-static void gen_exception(int excp, uint32_t syndrome, uint32_t target_el)
-{
-    TCGv_i32 tcg_excp = tcg_const_i32(excp);
-    TCGv_i32 tcg_syn = tcg_const_i32(syndrome);
-    TCGv_i32 tcg_el = tcg_const_i32(target_el);
-
-    gen_helper_exception_with_syndrome(cpu_env, tcg_excp,
-                                       tcg_syn, tcg_el);
-    tcg_temp_free_i32(tcg_el);
-    tcg_temp_free_i32(tcg_syn);
-    tcg_temp_free_i32(tcg_excp);
-}
-
 static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
 {
     gen_a64_set_pc_im(s->pc - offset);
@@ -XXX,XX +XXX,XX @@ static void gen_step_complete_exception(DisasContext *s)
      * of the exception, and our syndrome information is always correct.
      */
     gen_ss_advance(s);
-    gen_exception(EXCP_UDEF, syn_swstep(s->ss_same_el, 1, s->is_ldex),
-                  default_exception_el(s));
+    gen_swstep_exception(s, 1, s->is_ldex);
     s->base.is_jmp = DISAS_NORETURN;
 }
 
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
          * bits should be zero.
          */
         assert(dc->base.num_insns == 1);
-        gen_exception(EXCP_UDEF, syn_swstep(dc->ss_same_el, 0, 0),
-                      default_exception_el(dc));
+        gen_swstep_exception(dc, 0, 0);
         dc->base.is_jmp = DISAS_NORETURN;
     } else {
         disas_a64_insn(env, dc);
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal(int excp)
     tcg_temp_free_i32(tcg_excp);
 }
 
-static void gen_exception(int excp, uint32_t syndrome, uint32_t target_el)
-{
-    TCGv_i32 tcg_excp = tcg_const_i32(excp);
-    TCGv_i32 tcg_syn = tcg_const_i32(syndrome);
-    TCGv_i32 tcg_el = tcg_const_i32(target_el);
-
-    gen_helper_exception_with_syndrome(cpu_env, tcg_excp,
-                                       tcg_syn, tcg_el);
-
-    tcg_temp_free_i32(tcg_el);
-    tcg_temp_free_i32(tcg_syn);
-    tcg_temp_free_i32(tcg_excp);
-}
-
 static void gen_step_complete_exception(DisasContext *s)
 {
     /* We just completed step of an insn. Move from Active-not-pending
@@ -XXX,XX +XXX,XX @@ static void gen_step_complete_exception(DisasContext *s)
      * of the exception, and our syndrome information is always correct.
      */
     gen_ss_advance(s);
-    gen_exception(EXCP_UDEF, syn_swstep(s->ss_same_el, 1, s->is_ldex),
-                  default_exception_el(s));
+    gen_swstep_exception(s, 1, s->is_ldex);
     s->base.is_jmp = DISAS_NORETURN;
 }
 
@@ -XXX,XX +XXX,XX @@ static bool arm_pre_translate_insn(DisasContext *dc)
          * bits should be zero.
          */
         assert(dc->base.num_insns == 1);
-        gen_exception(EXCP_UDEF, syn_swstep(dc->ss_same_el, 0, 0),
-                      default_exception_el(dc));
+        gen_swstep_exception(dc, 0, 0);
         dc->base.is_jmp = DISAS_NORETURN;
         return true;
     }
-- 
2.20.1

When generating an architectural single-step exception we were
routing it to the "default exception level", which is to say
the same exception level we execute at except that EL0 exceptions
go to EL1. This is incorrect because the debug exception level
can be configured by the guest for situations such as single
stepping of EL0 and EL1 code by EL2.

We have to track the target debug exception level in the TB
flags, because it is dependent on CPU state like HCR_EL2.TGE
and MDCR_EL2.TDE. (That we were previously calling the
arm_debug_target_el() function to determine dc->ss_same_el
is itself a bug, though one that would only have manifested
as incorrect syndrome information.) Since we are out of TB
flag bits unless we want to expand into the cs_base field,
we share some bits with the M-profile only HANDLER and
STACKCHECK bits, since only A-profile has this singlestep.

Fixes: https://bugs.launchpad.net/qemu/+bug/1838913
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20190805130952.4415-3-peter.maydell@linaro.org
---
 target/arm/cpu.h           |  5 +++++
 target/arm/translate.h     | 15 +++++++++++----
 target/arm/helper.c        |  6 ++++++
 target/arm/translate-a64.c |  2 +-
 target/arm/translate.c     |  4 +++-
 5 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -XXX,XX +XXX,XX @@ FIELD(TBFLAG_ANY, PSTATE_SS, 26, 1)
 /* Target EL if we take a floating-point-disabled exception */
 FIELD(TBFLAG_ANY, FPEXC_EL, 24, 2)
 FIELD(TBFLAG_ANY, BE_DATA, 23, 1)
+/*
+ * For A-profile only, target EL for debug exceptions.
+ * Note that this overlaps with the M-profile-only HANDLER and STACKCHECK bits.
+ */
+FIELD(TBFLAG_ANY, DEBUG_TARGET_EL, 21, 2)
 
 /* Bit usage when in AArch32 state: */
 FIELD(TBFLAG_A32, THUMB, 0, 1)
diff --git a/target/arm/translate.h b/target/arm/translate.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
     uint32_t svc_imm;
     int aarch64;
     int current_el;
+    /* Debug target exception level for single-step exceptions */
+    int debug_target_el;
     GHashTable *cp_regs;
     uint64_t features; /* CPU features bits */
     /* Because unallocated encodings generate different exception syndrome
@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
      * ie A64 LDX*, LDAX*, A32/T32 LDREX*, LDAEX*.
      */
     bool is_ldex;
-    /* True if a single-step exception will be taken to the current EL */
-    bool ss_same_el;
     /* True if v8.3-PAuth is active.  */
     bool pauth_active;
     /* True with v8.5-BTI and SCTLR_ELx.BT* set.  */
@@ -XXX,XX +XXX,XX @@ static inline void gen_exception(int excp, uint32_t syndrome,
 /* Generate an architectural singlestep exception */
 static inline void gen_swstep_exception(DisasContext *s, int isv, int ex)
 {
-    gen_exception(EXCP_UDEF, syn_swstep(s->ss_same_el, isv, ex),
-                  default_exception_el(s));
+    bool same_el = (s->debug_target_el == s->current_el);
+
+    /*
+     * If singlestep is targeting a lower EL than the current one,
+     * then s->ss_active must be false and we can never get here.
+     */
+    assert(s->debug_target_el >= s->current_el);
+
+    gen_exception(EXCP_UDEF, syn_swstep(same_el, isv, ex), s->debug_target_el);
 }
 
 /*
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ void cpu_get_tb_cpu_state(CPUARMState *env, target_ulong *pc,
         }
     }
 
+    if (!arm_feature(env, ARM_FEATURE_M)) {
+        int target_el = arm_debug_target_el(env);
+
+        flags = FIELD_DP32(flags, TBFLAG_ANY, DEBUG_TARGET_EL, target_el);
+    }
+
     *pflags = flags;
     *cs_base = 0;
 }
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
     dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
     dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
     dc->is_ldex = false;
-    dc->ss_same_el = (arm_debug_target_el(env) == dc->current_el);
+    dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
 
     /* Bound the number of insns to execute to those left on the page.  */
     bound = -(dc->base.pc_first | TARGET_PAGE_MASK) / 4;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
     dc->ss_active = FIELD_EX32(tb_flags, TBFLAG_ANY, SS_ACTIVE);
     dc->pstate_ss = FIELD_EX32(tb_flags, TBFLAG_ANY, PSTATE_SS);
     dc->is_ldex = false;
-    dc->ss_same_el = false; /* Can't be true since EL_d must be AArch64 */
+    if (!arm_feature(env, ARM_FEATURE_M)) {
+        dc->debug_target_el = FIELD_EX32(tb_flags, TBFLAG_ANY, DEBUG_TARGET_EL);
+    }
 
     dc->page_start = dc->base.pc_first & TARGET_PAGE_MASK;
 
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

This function is used in two different contexts, and it will be
clearer if the function is given the address to which it applies.

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
     }
 }
 
-static bool thumb_insn_is_16bit(DisasContext *s, uint32_t insn)
+static bool thumb_insn_is_16bit(DisasContext *s, uint32_t pc, uint32_t insn)
 {
-    /* Return true if this is a 16 bit instruction. We must be precise
-     * about this (matching the decode).  We assume that s->pc still
-     * points to the first 16 bits of the insn.
+    /*
+     * Return true if this is a 16 bit instruction. We must be precise
+     * about this (matching the decode).
      */
     if ((insn >> 11) < 0x1d) {
         /* Definitely a 16-bit instruction */
@@ -XXX,XX +XXX,XX @@ static bool thumb_insn_is_16bit(DisasContext *s, uint32_t insn)
         return false;
     }
 
-    if ((insn >> 11) == 0x1e && s->pc - s->page_start < TARGET_PAGE_SIZE - 3) {
+    if ((insn >> 11) == 0x1e && pc - s->page_start < TARGET_PAGE_SIZE - 3) {
         /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix, and the suffix
          * is not on the next page; we merge this into a 32-bit
          * insn.
@@ -XXX,XX +XXX,XX @@ static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
      */
     uint16_t insn = arm_lduw_code(env, s->pc, s->sctlr_b);
 
-    return !thumb_insn_is_16bit(s, insn);
+    return !thumb_insn_is_16bit(s, s->pc, insn);
 }
 
 static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
     }
 
     insn = arm_lduw_code(env, dc->pc, dc->sctlr_b);
-    is_16bit = thumb_insn_is_16bit(dc, insn);
+    is_16bit = thumb_insn_is_16bit(dc, dc->pc, insn);
     dc->pc += 2;
     if (!is_16bit) {
         uint32_t insn2 = arm_lduw_code(env, dc->pc, dc->sctlr_b);
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Add a new field to retain the address of the instruction currently
being translated.  The 32-bit uses are all within subroutines used
by a32 and t32.  This will become less obvious when t16 support is
merged with a32+t32, and having a clear definition will help.

Convert aarch64 as well for consistency.  Note that there is one
instance of a pre-assert fprintf that used the wrong value for the
address of the current instruction.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190807045335.1361-3-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.h |  2 +-
 target/arm/translate.h     |  2 ++
 target/arm/translate-a64.c | 21 +++++++++++----------
 target/arm/translate.c     | 14 ++++++++------
 4 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/target/arm/translate-a64.h b/target/arm/translate-a64.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.h
+++ b/target/arm/translate-a64.h
@@ -XXX,XX +XXX,XX @@ void unallocated_encoding(DisasContext *s);
         qemu_log_mask(LOG_UNIMP,                                         \
                       "%s:%d: unsupported instruction encoding 0x%08x "  \
                       "at pc=%016" PRIx64 "\n",                          \
-                      __FILE__, __LINE__, insn, s->pc - 4);              \
+                      __FILE__, __LINE__, insn, s->pc_curr);             \
         unallocated_encoding(s);                                         \
     } while (0)
 
diff --git a/target/arm/translate.h b/target/arm/translate.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
     const ARMISARegisters *isar;
 
     target_ulong pc;
+    /* The address of the current instruction being translated. */
+    target_ulong pc_curr;
     target_ulong page_start;
     uint32_t insn;
     /* Nonzero if this instruction has been conditionally skipped.  */
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static inline AArch64DecodeFn *lookup_disas_fn(const AArch64DecodeTable *table,
  */
 static void disas_uncond_b_imm(DisasContext *s, uint32_t insn)
 {
-    uint64_t addr = s->pc + sextract32(insn, 0, 26) * 4 - 4;
+    uint64_t addr = s->pc_curr + sextract32(insn, 0, 26) * 4;
 
     if (insn & (1U << 31)) {
         /* BL Branch with link */
@@ -XXX,XX +XXX,XX @@ static void disas_comp_b_imm(DisasContext *s, uint32_t insn)
     sf = extract32(insn, 31, 1);
     op = extract32(insn, 24, 1); /* 0: CBZ; 1: CBNZ */
     rt = extract32(insn, 0, 5);
-    addr = s->pc + sextract32(insn, 5, 19) * 4 - 4;
+    addr = s->pc_curr + sextract32(insn, 5, 19) * 4;
 
     tcg_cmp = read_cpu_reg(s, rt, sf);
     label_match = gen_new_label();
@@ -XXX,XX +XXX,XX @@ static void disas_test_b_imm(DisasContext *s, uint32_t insn)
 
     bit_pos = (extract32(insn, 31, 1) << 5) | extract32(insn, 19, 5);
     op = extract32(insn, 24, 1); /* 0: TBZ; 1: TBNZ */
-    addr = s->pc + sextract32(insn, 5, 14) * 4 - 4;
+    addr = s->pc_curr + sextract32(insn, 5, 14) * 4;
     rt = extract32(insn, 0, 5);
 
     tcg_cmp = tcg_temp_new_i64();
@@ -XXX,XX +XXX,XX @@ static void disas_cond_b_imm(DisasContext *s, uint32_t insn)
         unallocated_encoding(s);
         return;
     }
-    addr = s->pc + sextract32(insn, 5, 19) * 4 - 4;
+    addr = s->pc_curr + sextract32(insn, 5, 19) * 4;
     cond = extract32(insn, 0, 4);
 
     reset_btype(s);
@@ -XXX,XX +XXX,XX @@ static void handle_sys(DisasContext *s, uint32_t insn, bool isread,
         TCGv_i32 tcg_syn, tcg_isread;
         uint32_t syndrome;
 
-        gen_a64_set_pc_im(s->pc - 4);
+        gen_a64_set_pc_im(s->pc_curr);
         tmpptr = tcg_const_ptr(ri);
         syndrome = syn_aa64_sysregtrap(op0, op1, op2, crn, crm, rt, isread);
         tcg_syn = tcg_const_i32(syndrome);
@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
             /* The pre HVC helper handles cases when HVC gets trapped
              * as an undefined insn by runtime configuration.
              */
-            gen_a64_set_pc_im(s->pc - 4);
+            gen_a64_set_pc_im(s->pc_curr);
             gen_helper_pre_hvc(cpu_env);
             gen_ss_advance(s);
             gen_exception_insn(s, 0, EXCP_HVC, syn_aa64_hvc(imm16), 2);
@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
                 unallocated_encoding(s);
                 break;
             }
-            gen_a64_set_pc_im(s->pc - 4);
+            gen_a64_set_pc_im(s->pc_curr);
             tmp = tcg_const_i32(syn_aa64_smc(imm16));
             gen_helper_pre_smc(cpu_env, tmp);
             tcg_temp_free_i32(tmp);
@@ -XXX,XX +XXX,XX @@ static void disas_ld_lit(DisasContext *s, uint32_t insn)
 
     tcg_rt = cpu_reg(s, rt);
 
-    clean_addr = tcg_const_i64((s->pc - 4) + imm);
+    clean_addr = tcg_const_i64(s->pc_curr + imm);
     if (is_vector) {
         do_fp_ld(s, rt, clean_addr, size);
     } else {
@@ -XXX,XX +XXX,XX @@ static void disas_pc_rel_adr(DisasContext *s, uint32_t insn)
     offset = sextract64(insn, 5, 19);
     offset = offset << 2 | extract32(insn, 29, 2);
     rd = extract32(insn, 0, 5);
-    base = s->pc - 4;
+    base = s->pc_curr;
 
     if (page) {
         /* ADRP (page based) */
@@ -XXX,XX +XXX,XX @@ static void disas_simd_three_reg_same_fp16(DisasContext *s, uint32_t insn)
                 break;
             default:
                 fprintf(stderr, "%s: insn %#04x, fpop %#2x @ %#" PRIx64 "\n",
-                        __func__, insn, fpopcode, s->pc);
+                        __func__, insn, fpopcode, s->pc_curr);
                 g_assert_not_reached();
             }
 
@@ -XXX,XX +XXX,XX @@ static void disas_a64_insn(CPUARMState *env, DisasContext *s)
 {
     uint32_t insn;
 
+    s->pc_curr = s->pc;
     insn = arm_ldl_code(env, s->pc, s->sctlr_b);
     s->insn = insn;
     s->pc += 4;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static inline void gen_hvc(DisasContext *s, int imm16)
      * as an undefined insn by runtime configuration (ie before
      * the insn really executes).
      */
-    gen_set_pc_im(s, s->pc - 4);
+    gen_set_pc_im(s, s->pc_curr);
     gen_helper_pre_hvc(cpu_env);
     /* Otherwise we will treat this as a real exception which
      * happens after execution of the insn. (The distinction matters
@@ -XXX,XX +XXX,XX @@ static inline void gen_smc(DisasContext *s)
      */
     TCGv_i32 tmp;
 
-    gen_set_pc_im(s, s->pc - 4);
+    gen_set_pc_im(s, s->pc_curr);
     tmp = tcg_const_i32(syn_aa32_smc());
     gen_helper_pre_smc(cpu_env, tmp);
     tcg_temp_free_i32(tmp);
@@ -XXX,XX +XXX,XX @@ static void gen_msr_banked(DisasContext *s, int r, int sysm, int rn)
 
     /* Sync state because msr_banked() can raise exceptions */
     gen_set_condexec(s);
-    gen_set_pc_im(s, s->pc - 4);
+    gen_set_pc_im(s, s->pc_curr);
     tcg_reg = load_reg(s, rn);
     tcg_tgtmode = tcg_const_i32(tgtmode);
     tcg_regno = tcg_const_i32(regno);
@@ -XXX,XX +XXX,XX @@ static void gen_mrs_banked(DisasContext *s, int r, int sysm, int rn)
 
     /* Sync state because mrs_banked() can raise exceptions */
     gen_set_condexec(s);
-    gen_set_pc_im(s, s->pc - 4);
+    gen_set_pc_im(s, s->pc_curr);
     tcg_reg = tcg_temp_new_i32();
     tcg_tgtmode = tcg_const_i32(tgtmode);
     tcg_regno = tcg_const_i32(regno);
@@ -XXX,XX +XXX,XX @@ static int disas_coproc_insn(DisasContext *s, uint32_t insn)
             }
 
             gen_set_condexec(s);
-            gen_set_pc_im(s, s->pc - 4);
+            gen_set_pc_im(s, s->pc_curr);
             tmpptr = tcg_const_ptr(ri);
             tcg_syn = tcg_const_i32(syndrome);
             tcg_isread = tcg_const_i32(isread);
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
     tmp = tcg_const_i32(mode);
     /* get_r13_banked() will raise an exception if called from System mode */
     gen_set_condexec(s);
-    gen_set_pc_im(s, s->pc - 4);
+    gen_set_pc_im(s, s->pc_curr);
     gen_helper_get_r13_banked(addr, cpu_env, tmp);
     tcg_temp_free_i32(tmp);
     switch (amode) {
@@ -XXX,XX +XXX,XX @@ static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
         return;
     }
 
+    dc->pc_curr = dc->pc;
     insn = arm_ldl_code(env, dc->pc, dc->sctlr_b);
     dc->insn = insn;
     dc->pc += 4;
@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
         return;
     }
 
+    dc->pc_curr = dc->pc;
     insn = arm_lduw_code(env, dc->pc, dc->sctlr_b);
     is_16bit = thumb_insn_is_16bit(dc, dc->pc, insn);
     dc->pc += 2;
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

We currently have 3 different ways of computing the architectural
value of "PC" as seen in the ARM ARM.

The value of s->pc has been incremented past the current insn,
but that is all.  Thus for a32, PC = s->pc + 4; for t32, PC = s->pc;
for t16, PC = s->pc + 2.  These differing computations make it
impossible at present to unify the various code paths.

With the newly introduced s->pc_curr, we can compute the correct
value for all cases, using the formula given in the ARM ARM.

This changes the behaviour for load_reg() and load_reg_var()
when called with reg==15 from a 32-bit Thumb instruction:
previously they would have returned the incorrect value
of pc_curr + 6, and now they will return the architecturally
correct value of PC, which is pc_curr + 4. This will not
affect well-behaved guest software, because all of the places
we call these functions from T32 code are instructions where
using r15 is UNPREDICTABLE. Using the architectural PC value
here is more consistent with the T16 and A32 behaviour.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190807045335.1361-4-richard.henderson@linaro.org
[PMM: added commit message note about UNPREDICTABLE T32 cases]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 59 ++++++++++++++++--------------------------
 1 file changed, 23 insertions(+), 36 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static inline void store_cpu_offset(TCGv_i32 var, int offset)
 #define store_cpu_field(var, name) \
     store_cpu_offset(var, offsetof(CPUARMState, name))
 
+/* The architectural value of PC.  */
+static uint32_t read_pc(DisasContext *s)
+{
+    return s->pc_curr + (s->thumb ? 4 : 8);
+}
+
 /* Set a variable to the value of a CPU register.  */
 static void load_reg_var(DisasContext *s, TCGv_i32 var, int reg)
 {
     if (reg == 15) {
-        uint32_t addr;
-        /* normally, since we updated PC, we need only to add one insn */
-        if (s->thumb)
-            addr = (long)s->pc + 2;
-        else
-            addr = (long)s->pc + 4;
-        tcg_gen_movi_i32(var, addr);
+        tcg_gen_movi_i32(var, read_pc(s));
     } else {
         tcg_gen_mov_i32(var, cpu_R[reg]);
     }
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
             /* branch link and change to thumb (blx <offset>) */
             int32_t offset;
 
-            val = (uint32_t)s->pc;
             tmp = tcg_temp_new_i32();
-            tcg_gen_movi_i32(tmp, val);
+            tcg_gen_movi_i32(tmp, s->pc);
             store_reg(s, 14, tmp);
             /* Sign-extend the 24-bit offset */
             offset = (((int32_t)insn) << 8) >> 8;
+            val = read_pc(s);
             /* offset * 4 + bit24 * 2 + (thumb bit) */
             val += (offset << 2) | ((insn >> 23) & 2) | 1;
-            /* pipeline offset */
-            val += 4;
             /* protected by ARCH(5); above, near the start of uncond block */
             gen_bx_im(s, val);
             return;
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                         } else {
                             /* store */
                             if (i == 15) {
-                                /* special case: r15 = PC + 8 */
-                                val = (long)s->pc + 4;
                                 tmp = tcg_temp_new_i32();
-                                tcg_gen_movi_i32(tmp, val);
+                                tcg_gen_movi_i32(tmp, read_pc(s));
                             } else if (user) {
                                 tmp = tcg_temp_new_i32();
                                 tmp2 = tcg_const_i32(i);
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                 int32_t offset;
 
                 /* branch (and link) */
-                val = (int32_t)s->pc;
                 if (insn & (1 << 24)) {
                     tmp = tcg_temp_new_i32();
-                    tcg_gen_movi_i32(tmp, val);
+                    tcg_gen_movi_i32(tmp, s->pc);
                     store_reg(s, 14, tmp);
                 }
                 offset = sextract32(insn << 2, 0, 26);
-                val += offset + 4;
-                gen_jmp(s, val);
+                gen_jmp(s, read_pc(s) + offset);
             }
             break;
         case 0xc:
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                 tcg_temp_free_i32(addr);
             } else if ((insn & (7 << 5)) == 0) {
                 /* Table Branch.  */
-                if (rn == 15) {
-                    addr = tcg_temp_new_i32();
-                    tcg_gen_movi_i32(addr, s->pc);
-                } else {
-                    addr = load_reg(s, rn);
-                }
+                addr = load_reg(s, rn);
                 tmp = load_reg(s, rm);
                 tcg_gen_add_i32(addr, addr, tmp);
                 if (insn & (1 << 4)) {
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                 }
                 tcg_temp_free_i32(addr);
                 tcg_gen_shli_i32(tmp, tmp, 1);
-                tcg_gen_addi_i32(tmp, tmp, s->pc);
+                tcg_gen_addi_i32(tmp, tmp, read_pc(s));
                 store_reg(s, 15, tmp);
             } else {
                 bool is_lasr = false;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                     tcg_gen_movi_i32(cpu_R[14], s->pc | 1);
                 }
 
-                offset += s->pc;
+                offset += read_pc(s);
                 if (insn & (1 << 12)) {
                     /* b/bl */
                     gen_jmp(s, offset);
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                 offset |= (insn & (1 << 11)) << 8;
 
                 /* jump to the offset */
-                gen_jmp(s, s->pc + offset);
+                gen_jmp(s, read_pc(s) + offset);
             }
         } else {
             /*
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
         if (insn & (1 << 11)) {
             rd = (insn >> 8) & 7;
             /* load pc-relative.  Bit 1 of PC is ignored.  */
-            val = s->pc + 2 + ((insn & 0xff) * 4);
+            val = read_pc(s) + ((insn & 0xff) * 4);
             val &= ~(uint32_t)2;
             addr = tcg_temp_new_i32();
             tcg_gen_movi_i32(addr, val);
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
         } else {
             /* PC. bit 1 is ignored.  */
             tmp = tcg_temp_new_i32();
-            tcg_gen_movi_i32(tmp, (s->pc + 2) & ~(uint32_t)2);
+            tcg_gen_movi_i32(tmp, read_pc(s) & ~(uint32_t)2);
         }
         val = (insn & 0xff) * 4;
         tcg_gen_addi_i32(tmp, tmp, val);
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
                 tcg_gen_brcondi_i32(TCG_COND_NE, tmp, 0, s->condlabel);
             tcg_temp_free_i32(tmp);
             offset = ((insn & 0xf8) >> 2) | (insn & 0x200) >> 3;
-            val = (uint32_t)s->pc + 2;
-            val += offset;
-            gen_jmp(s, val);
+            gen_jmp(s, read_pc(s) + offset);
             break;
 
         case 15: /* IT, nop-hint.  */
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
         arm_skip_unless(s, cond);
 
         /* jump to the offset */
-        val = (uint32_t)s->pc + 2;
+        val = read_pc(s);
         offset = ((int32_t)insn << 24) >> 24;
         val += offset << 1;
         gen_jmp(s, val);
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
             break;
         }
         /* unconditional branch */
-        val = (uint32_t)s->pc;
+        val = read_pc(s);
         offset = ((int32_t)insn << 21) >> 21;
-        val += (offset << 1) + 2;
+        val += offset << 1;
         gen_jmp(s, val);
         break;
 
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
             /* 0b1111_0xxx_xxxx_xxxx : BL/BLX prefix */
             uint32_t uoffset = ((int32_t)insn << 21) >> 9;
 
-            tcg_gen_movi_i32(cpu_R[14], s->pc + 2 + uoffset);
+            tcg_gen_movi_i32(cpu_R[14], read_pc(s) + uoffset);
         }
         break;
     }
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Provide a common routine for the places that require ALIGN(PC, 4)
as the base address as opposed to plain PC.  The two are always
the same for A32, but the difference is meaningful for thumb mode.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190807045335.1361-5-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-vfp.inc.c |  38 ++------
 target/arm/translate.c         | 166 +++++++++++++++------------------
 2 files changed, 82 insertions(+), 122 deletions(-)

diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-vfp.inc.c
+++ b/target/arm/translate-vfp.inc.c
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDR_VSTR_sp(DisasContext *s, arg_VLDR_VSTR_sp *a)
         offset = -offset;
     }
 
-    if (s->thumb && a->rn == 15) {
-        /* This is actually UNPREDICTABLE */
-        addr = tcg_temp_new_i32();
-        tcg_gen_movi_i32(addr, s->pc & ~2);
-    } else {
-        addr = load_reg(s, a->rn);
-    }
-    tcg_gen_addi_i32(addr, addr, offset);
+    /* For thumb, use of PC is UNPREDICTABLE.  */
+    addr = add_reg_for_lit(s, a->rn, offset);
     tmp = tcg_temp_new_i32();
     if (a->l) {
         gen_aa32_ld32u(s, tmp, addr, get_mem_index(s));
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDR_VSTR_dp(DisasContext *s, arg_VLDR_VSTR_dp *a)
         offset = -offset;
     }
 
-    if (s->thumb && a->rn == 15) {
-        /* This is actually UNPREDICTABLE */
-        addr = tcg_temp_new_i32();
-        tcg_gen_movi_i32(addr, s->pc & ~2);
-    } else {
-        addr = load_reg(s, a->rn);
-    }
-    tcg_gen_addi_i32(addr, addr, offset);
+    /* For thumb, use of PC is UNPREDICTABLE.  */
+    addr = add_reg_for_lit(s, a->rn, offset);
     tmp = tcg_temp_new_i64();
     if (a->l) {
         gen_aa32_ld64(s, tmp, addr, get_mem_index(s));
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDM_VSTM_sp(DisasContext *s, arg_VLDM_VSTM_sp *a)
         return true;
     }
 
-    if (s->thumb && a->rn == 15) {
-        /* This is actually UNPREDICTABLE */
-        addr = tcg_temp_new_i32();
-        tcg_gen_movi_i32(addr, s->pc & ~2);
-    } else {
-        addr = load_reg(s, a->rn);
-    }
+    /* For thumb, use of PC is UNPREDICTABLE.  */
+    addr = add_reg_for_lit(s, a->rn, 0);
     if (a->p) {
         /* pre-decrement */
         tcg_gen_addi_i32(addr, addr, -(a->imm << 2));
@@ -XXX,XX +XXX,XX @@ static bool trans_VLDM_VSTM_dp(DisasContext *s, arg_VLDM_VSTM_dp *a)
         return true;
     }
 
-    if (s->thumb && a->rn == 15) {
-        /* This is actually UNPREDICTABLE */
-        addr = tcg_temp_new_i32();
-        tcg_gen_movi_i32(addr, s->pc & ~2);
-    } else {
-        addr = load_reg(s, a->rn);
-    }
+    /* For thumb, use of PC is UNPREDICTABLE.  */
+    addr = add_reg_for_lit(s, a->rn, 0);
     if (a->p) {
         /* pre-decrement */
         tcg_gen_addi_i32(addr, addr, -(a->imm << 2));
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static inline TCGv_i32 load_reg(DisasContext *s, int reg)
     return tmp;
 }
 
+/*
+ * Create a new temp, REG + OFS, except PC is ALIGN(PC, 4).
+ * This is used for load/store for which use of PC implies (literal),
+ * or ADD that implies ADR.
+ */
+static TCGv_i32 add_reg_for_lit(DisasContext *s, int reg, int ofs)
+{
+    TCGv_i32 tmp = tcg_temp_new_i32();
+
+    if (reg == 15) {
+        tcg_gen_movi_i32(tmp, (read_pc(s) & ~3) + ofs);
+    } else {
+        tcg_gen_addi_i32(tmp, cpu_R[reg], ofs);
+    }
+    return tmp;
+}
+
 /* Set a CPU register.  The source must be a temporary and will be
    marked as dead.  */
 static void store_reg(DisasContext *s, int reg, TCGv_i32 var)
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                  */
                 bool wback = extract32(insn, 21, 1);
 
-                if (rn == 15) {
-                    if (insn & (1 << 21)) {
-                        /* UNPREDICTABLE */
-                        goto illegal_op;
-                    }
-                    addr = tcg_temp_new_i32();
-                    tcg_gen_movi_i32(addr, s->pc & ~3);
-                } else {
-                    addr = load_reg(s, rn);
+                if (rn == 15 && (insn & (1 << 21))) {
+                    /* UNPREDICTABLE */
+                    goto illegal_op;
                 }
+
+                addr = add_reg_for_lit(s, rn, 0);
                 offset = (insn & 0xff) * 4;
                 if ((insn & (1 << 23)) == 0) {
                     offset = -offset;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                         store_reg(s, rd, tmp);
                     } else {
                         /* Add/sub 12-bit immediate.  */
-                        if (rn == 15) {
-                            offset = s->pc & ~(uint32_t)3;
-                            if (insn & (1 << 23))
-                                offset -= imm;
-                            else
-                                offset += imm;
-                            tmp = tcg_temp_new_i32();
-                            tcg_gen_movi_i32(tmp, offset);
-                            store_reg(s, rd, tmp);
+                        if (insn & (1 << 23)) {
+                            imm = -imm;
+                        }
+                        tmp = add_reg_for_lit(s, rn, imm);
+                        if (rn == 13 && rd == 13) {
+                            /* ADD SP, SP, imm or SUB SP, SP, imm */
+                            store_sp_checked(s, tmp);
                         } else {
-                            tmp = load_reg(s, rn);
-                            if (insn & (1 << 23))
-                                tcg_gen_subi_i32(tmp, tmp, imm);
-                            else
-                                tcg_gen_addi_i32(tmp, tmp, imm);
-                            if (rn == 13 && rd == 13) {
-                                /* ADD SP, SP, imm or SUB SP, SP, imm */
-                                store_sp_checked(s, tmp);
-                            } else {
-                                store_reg(s, rd, tmp);
-                            }
+                            store_reg(s, rd, tmp);
                         }
                     }
                 }
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
             }
         }
         memidx = get_mem_index(s);
-        if (rn == 15) {
-            addr = tcg_temp_new_i32();
-            /* PC relative.  */
-            /* s->pc has already been incremented by 4.  */
-            imm = s->pc & 0xfffffffc;
-            if (insn & (1 << 23))
-                imm += insn & 0xfff;
-            else
-                imm -= insn & 0xfff;
-            tcg_gen_movi_i32(addr, imm);
+        imm = insn & 0xfff;
+        if (insn & (1 << 23)) {
+            /* PC relative or Positive offset.  */
+            addr = add_reg_for_lit(s, rn, imm);
+        } else if (rn == 15) {
+            /* PC relative with negative offset.  */
+            addr = add_reg_for_lit(s, rn, -imm);
         } else {
             addr = load_reg(s, rn);
-            if (insn & (1 << 23)) {
-                /* Positive offset.  */
-                imm = insn & 0xfff;
-                tcg_gen_addi_i32(addr, addr, imm);
-            } else {
-                imm = insn & 0xff;
-                switch ((insn >> 8) & 0xf) {
-                case 0x0: /* Shifted Register.  */
-                    shift = (insn >> 4) & 0xf;
-                    if (shift > 3) {
-                        tcg_temp_free_i32(addr);
-                        goto illegal_op;
-                    }
-                    tmp = load_reg(s, rm);
-                    if (shift)
-                        tcg_gen_shli_i32(tmp, tmp, shift);
-                    tcg_gen_add_i32(addr, addr, tmp);
-                    tcg_temp_free_i32(tmp);
-                    break;
-                case 0xc: /* Negative offset.  */
-                    tcg_gen_addi_i32(addr, addr, -imm);
-                    break;
-                case 0xe: /* User privilege.  */
-                    tcg_gen_addi_i32(addr, addr, imm);
-                    memidx = get_a32_user_mem_index(s);
-                    break;
-                case 0x9: /* Post-decrement.  */
-                    imm = -imm;
-                    /* Fall through.  */
-                case 0xb: /* Post-increment.  */
-                    postinc = 1;
-                    writeback = 1;
-                    break;
-                case 0xd: /* Pre-decrement.  */
-                    imm = -imm;
-                    /* Fall through.  */
-                case 0xf: /* Pre-increment.  */
-                    writeback = 1;
-                    break;
-                default:
+            imm = insn & 0xff;
+            switch ((insn >> 8) & 0xf) {
+            case 0x0: /* Shifted Register.  */
+                shift = (insn >> 4) & 0xf;
+                if (shift > 3) {
                     tcg_temp_free_i32(addr);
                     goto illegal_op;
                 }
+                tmp = load_reg(s, rm);
+                if (shift) {
+                    tcg_gen_shli_i32(tmp, tmp, shift);
+                }
+                tcg_gen_add_i32(addr, addr, tmp);
+                tcg_temp_free_i32(tmp);
+                break;
+            case 0xc: /* Negative offset.  */
+                tcg_gen_addi_i32(addr, addr, -imm);
+                break;
+            case 0xe: /* User privilege.  */
+                tcg_gen_addi_i32(addr, addr, imm);
+                memidx = get_a32_user_mem_index(s);
+                break;
+            case 0x9: /* Post-decrement.  */
+                imm = -imm;
+                /* Fall through.  */
+            case 0xb: /* Post-increment.  */
+                postinc = 1;
+                writeback = 1;
+                break;
+            case 0xd: /* Pre-decrement.  */
+                imm = -imm;
+                /* Fall through.  */
+            case 0xf: /* Pre-increment.  */
+                writeback = 1;
+                break;
+            default:
+                tcg_temp_free_i32(addr);
+                goto illegal_op;
             }
         }
 
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
         if (insn & (1 << 11)) {
             rd = (insn >> 8) & 7;
             /* load pc-relative.  Bit 1 of PC is ignored.  */
-            val = read_pc(s) + ((insn & 0xff) * 4);
-            val &= ~(uint32_t)2;
-            addr = tcg_temp_new_i32();
-            tcg_gen_movi_i32(addr, val);
+            addr = add_reg_for_lit(s, 15, (insn & 0xff) * 4);
             tmp = tcg_temp_new_i32();
             gen_aa32_ld32u_iss(s, tmp, addr, get_mem_index(s),
                                rd | ISSIs16Bit);
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
          *  - Add PC/SP (immediate)
          */
         rd = (insn >> 8) & 7;
-        if (insn & (1 << 11)) {
-            /* SP */
-            tmp = load_reg(s, 13);
-        } else {
-            /* PC. bit 1 is ignored.  */
-            tmp = tcg_temp_new_i32();
-            tcg_gen_movi_i32(tmp, read_pc(s) & ~(uint32_t)2);
-        }
         val = (insn & 0xff) * 4;
-        tcg_gen_addi_i32(tmp, tmp, val);
+        tmp = add_reg_for_lit(s, insn & (1 << 11) ? 13 : 15, val);
         store_reg(s, rd, tmp);
         break;
 
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

The thumb bit has already been removed from s->pc, and is always even.

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, int offset, uint32_t syn)
 /* Force a TB lookup after an instruction that changes the CPU state.  */
 static inline void gen_lookup_tb(DisasContext *s)
 {
-    tcg_gen_movi_i32(cpu_R[15], s->pc & ~1);
+    tcg_gen_movi_i32(cpu_R[15], s->pc);
     s->base.is_jmp = DISAS_EXIT;
 }
 
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                  * self-modifying code correctly and also to take
                  * any pending interrupts immediately.
                  */
-                gen_goto_tb(s, 0, s->pc & ~1);
+                gen_goto_tb(s, 0, s->pc);
                 return;
             case 7: /* sb */
                 if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                  * for TCG; MB and end the TB instead.
                  */
                 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
-                gen_goto_tb(s, 0, s->pc & ~1);
+                gen_goto_tb(s, 0, s->pc);
                 return;
             default:
                 goto illegal_op;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                              * and also to take any pending interrupts
                              * immediately.
                              */
-                            gen_goto_tb(s, 0, s->pc & ~1);
+                            gen_goto_tb(s, 0, s->pc);
                             break;
                         case 7: /* sb */
                             if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                              * for TCG; MB and end the TB instead.
                              */
                             tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
-                            gen_goto_tb(s, 0, s->pc & ~1);
+                            gen_goto_tb(s, 0, s->pc);
                             break;
                         default:
                             goto illegal_op;
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

We must update s->base.pc_next when we return from the translate_insn
hook to the main translator loop.  By incrementing s->base.pc_next
immediately after reading the insn word, "pc_next" contains the address
of the next instruction throughout translation.

All remaining uses of s->pc are referencing the address of the next insn,
so this is now a simple global replacement.  Remove the "s->pc" field.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190807045335.1361-7-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.h     |   1 -
 target/arm/translate-a64.c |  51 +++++++++---------
 target/arm/translate.c     | 103 ++++++++++++++++++-------------------
 3 files changed, 72 insertions(+), 83 deletions(-)

diff --git a/target/arm/translate.h b/target/arm/translate.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -XXX,XX +XXX,XX @@ typedef struct DisasContext {
     DisasContextBase base;
     const ARMISARegisters *isar;
 
-    target_ulong pc;
     /* The address of the current instruction being translated. */
     target_ulong pc_curr;
     target_ulong page_start;
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal(int excp)
 
 static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
 {
-    gen_a64_set_pc_im(s->pc - offset);
+    gen_a64_set_pc_im(s->base.pc_next - offset);
     gen_exception_internal(excp);
     s->base.is_jmp = DISAS_NORETURN;
 }
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
 static void gen_exception_insn(DisasContext *s, int offset, int excp,
                                uint32_t syndrome, uint32_t target_el)
 {
-    gen_a64_set_pc_im(s->pc - offset);
+    gen_a64_set_pc_im(s->base.pc_next - offset);
     gen_exception(excp, syndrome, target_el);
     s->base.is_jmp = DISAS_NORETURN;
 }
@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, int offset,
 {
     TCGv_i32 tcg_syn;
 
-    gen_a64_set_pc_im(s->pc - offset);
+    gen_a64_set_pc_im(s->base.pc_next - offset);
     tcg_syn = tcg_const_i32(syndrome);
     gen_helper_exception_bkpt_insn(cpu_env, tcg_syn);
     tcg_temp_free_i32(tcg_syn);
@@ -XXX,XX +XXX,XX @@ static void disas_uncond_b_imm(DisasContext *s, uint32_t insn)
 
     if (insn & (1U << 31)) {
         /* BL Branch with link */
-        tcg_gen_movi_i64(cpu_reg(s, 30), s->pc);
+        tcg_gen_movi_i64(cpu_reg(s, 30), s->base.pc_next);
     }
 
     /* B Branch / BL Branch with link */
@@ -XXX,XX +XXX,XX @@ static void disas_comp_b_imm(DisasContext *s, uint32_t insn)
     tcg_gen_brcondi_i64(op ? TCG_COND_NE : TCG_COND_EQ,
                         tcg_cmp, 0, label_match);
 
-    gen_goto_tb(s, 0, s->pc);
+    gen_goto_tb(s, 0, s->base.pc_next);
     gen_set_label(label_match);
     gen_goto_tb(s, 1, addr);
 }
@@ -XXX,XX +XXX,XX @@ static void disas_test_b_imm(DisasContext *s, uint32_t insn)
     tcg_gen_brcondi_i64(op ? TCG_COND_NE : TCG_COND_EQ,
                         tcg_cmp, 0, label_match);
     tcg_temp_free_i64(tcg_cmp);
-    gen_goto_tb(s, 0, s->pc);
+    gen_goto_tb(s, 0, s->base.pc_next);
     gen_set_label(label_match);
     gen_goto_tb(s, 1, addr);
 }
@@ -XXX,XX +XXX,XX @@ static void disas_cond_b_imm(DisasContext *s, uint32_t insn)
         /* genuinely conditional branches */
         TCGLabel *label_match = gen_new_label();
         arm_gen_test_cc(cond, label_match);
-        gen_goto_tb(s, 0, s->pc);
+        gen_goto_tb(s, 0, s->base.pc_next);
         gen_set_label(label_match);
         gen_goto_tb(s, 1, addr);
     } else {
@@ -XXX,XX +XXX,XX @@ static void handle_sync(DisasContext *s, uint32_t insn,
          * any pending interrupts immediately.
          */
         reset_btype(s);
-        gen_goto_tb(s, 0, s->pc);
+        gen_goto_tb(s, 0, s->base.pc_next);
         return;
 
     case 7: /* SB */
@@ -XXX,XX +XXX,XX @@ static void handle_sync(DisasContext *s, uint32_t insn,
          * MB and end the TB instead.
          */
         tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
-        gen_goto_tb(s, 0, s->pc);
+        gen_goto_tb(s, 0, s->base.pc_next);
         return;
 
     default:
@@ -XXX,XX +XXX,XX @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
         gen_a64_set_pc(s, dst);
         /* BLR also needs to load return address */
         if (opc == 1) {
-            tcg_gen_movi_i64(cpu_reg(s, 30), s->pc);
+            tcg_gen_movi_i64(cpu_reg(s, 30), s->base.pc_next);
         }
         break;
 
@@ -XXX,XX +XXX,XX @@ static void disas_uncond_b_reg(DisasContext *s, uint32_t insn)
         gen_a64_set_pc(s, dst);
         /* BLRAA also needs to load return address */
         if (opc == 9) {
-            tcg_gen_movi_i64(cpu_reg(s, 30), s->pc);
+            tcg_gen_movi_i64(cpu_reg(s, 30), s->base.pc_next);
         }
         break;
 
@@ -XXX,XX +XXX,XX @@ static void disas_a64_insn(CPUARMState *env, DisasContext *s)
 {
     uint32_t insn;
 
-    s->pc_curr = s->pc;
-    insn = arm_ldl_code(env, s->pc, s->sctlr_b);
+    s->pc_curr = s->base.pc_next;
+    insn = arm_ldl_code(env, s->base.pc_next, s->sctlr_b);
     s->insn = insn;
-    s->pc += 4;
+    s->base.pc_next += 4;
 
     s->fp_access_checked = false;
 
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_init_disas_context(DisasContextBase *dcbase,
     int bound, core_mmu_idx;
 
     dc->isar = &arm_cpu->isar;
-    dc->pc = dc->base.pc_first;
     dc->condjmp = 0;
 
     dc->aarch64 = 1;
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
 {
     DisasContext *dc = container_of(dcbase, DisasContext, base);
 
-    tcg_gen_insn_start(dc->pc, 0, 0);
+    tcg_gen_insn_start(dc->base.pc_next, 0, 0);
     dc->insn_start = tcg_last_op();
 }
 
@@ -XXX,XX +XXX,XX @@ static bool aarch64_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
     DisasContext *dc = container_of(dcbase, DisasContext, base);
 
     if (bp->flags & BP_CPU) {
-        gen_a64_set_pc_im(dc->pc);
+        gen_a64_set_pc_im(dc->base.pc_next);
         gen_helper_check_breakpoints(cpu_env);
         /* End the TB early; it likely won't be executed */
         dc->base.is_jmp = DISAS_TOO_MANY;
@@ -XXX,XX +XXX,XX @@ static bool aarch64_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
            to for it to be properly cleared -- thus we
            increment the PC here so that the logic setting
            tb->size below does the right thing.  */
-        dc->pc += 4;
+        dc->base.pc_next += 4;
         dc->base.is_jmp = DISAS_NORETURN;
     }
 
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
         disas_a64_insn(env, dc);
     }
 
-    dc->base.pc_next = dc->pc;
     translator_loop_temp_check(&dc->base);
 }
 
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
          */
         switch (dc->base.is_jmp) {
         default:
-            gen_a64_set_pc_im(dc->pc);
+            gen_a64_set_pc_im(dc->base.pc_next);
             /* fall through */
         case DISAS_EXIT:
         case DISAS_JUMP:
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
         switch (dc->base.is_jmp) {
         case DISAS_NEXT:
         case DISAS_TOO_MANY:
-            gen_goto_tb(dc, 1, dc->pc);
+            gen_goto_tb(dc, 1, dc->base.pc_next);
             break;
         default:
         case DISAS_UPDATE:
-            gen_a64_set_pc_im(dc->pc);
+            gen_a64_set_pc_im(dc->base.pc_next);
             /* fall through */
         case DISAS_EXIT:
             tcg_gen_exit_tb(NULL, 0);
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
         case DISAS_SWI:
             break;
         case DISAS_WFE:
-            gen_a64_set_pc_im(dc->pc);
+            gen_a64_set_pc_im(dc->base.pc_next);
             gen_helper_wfe(cpu_env);
             break;
         case DISAS_YIELD:
-            gen_a64_set_pc_im(dc->pc);
+            gen_a64_set_pc_im(dc->base.pc_next);
             gen_helper_yield(cpu_env);
             break;
         case DISAS_WFI:
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
              */
             TCGv_i32 tmp = tcg_const_i32(4);
 
-            gen_a64_set_pc_im(dc->pc);
+            gen_a64_set_pc_im(dc->base.pc_next);
             gen_helper_wfi(cpu_env, tmp);
             tcg_temp_free_i32(tmp);
             /* The helper doesn't necessarily throw an exception, but we
@@ -XXX,XX +XXX,XX @@ static void aarch64_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
         }
         }
     }
-
-    /* Functions above can change dc->pc, so re-align db->pc_next */
-    dc->base.pc_next = dc->pc;
 }
 
 static void aarch64_tr_disas_log(const DisasContextBase *dcbase,
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static inline void gen_blxns(DisasContext *s, int rm)
      * We do however need to set the PC, because the blxns helper reads it.
      * The blxns helper may throw an exception.
      */
-    gen_set_pc_im(s, s->pc);
+    gen_set_pc_im(s, s->base.pc_next);
     gen_helper_v7m_blxns(cpu_env, var);
     tcg_temp_free_i32(var);
     s->base.is_jmp = DISAS_EXIT;
@@ -XXX,XX +XXX,XX @@ static inline void gen_hvc(DisasContext *s, int imm16)
      * for single stepping.)
      */
     s->svc_imm = imm16;
-    gen_set_pc_im(s, s->pc);
+    gen_set_pc_im(s, s->base.pc_next);
     s->base.is_jmp = DISAS_HVC;
 }
 
@@ -XXX,XX +XXX,XX @@ static inline void gen_smc(DisasContext *s)
     tmp = tcg_const_i32(syn_aa32_smc());
     gen_helper_pre_smc(cpu_env, tmp);
     tcg_temp_free_i32(tmp);
-    gen_set_pc_im(s, s->pc);
+    gen_set_pc_im(s, s->base.pc_next);
     s->base.is_jmp = DISAS_SMC;
 }
 
 static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
 {
     gen_set_condexec(s);
-    gen_set_pc_im(s, s->pc - offset);
+    gen_set_pc_im(s, s->base.pc_next - offset);
     gen_exception_internal(excp);
     s->base.is_jmp = DISAS_NORETURN;
 }
@@ -XXX,XX +XXX,XX @@ static void gen_exception_insn(DisasContext *s, int offset, int excp,
                                int syn, uint32_t target_el)
 {
     gen_set_condexec(s);
-    gen_set_pc_im(s, s->pc - offset);
+    gen_set_pc_im(s, s->base.pc_next - offset);
     gen_exception(excp, syn, target_el);
     s->base.is_jmp = DISAS_NORETURN;
 }
@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, int offset, uint32_t syn)
     TCGv_i32 tcg_syn;
 
     gen_set_condexec(s);
-    gen_set_pc_im(s, s->pc - offset);
+    gen_set_pc_im(s, s->base.pc_next - offset);
     tcg_syn = tcg_const_i32(syn);
     gen_helper_exception_bkpt_insn(cpu_env, tcg_syn);
     tcg_temp_free_i32(tcg_syn);
@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, int offset, uint32_t syn)
 /* Force a TB lookup after an instruction that changes the CPU state.  */
 static inline void gen_lookup_tb(DisasContext *s)
 {
-    tcg_gen_movi_i32(cpu_R[15], s->pc);
+    tcg_gen_movi_i32(cpu_R[15], s->base.pc_next);
     s->base.is_jmp = DISAS_EXIT;
 }
 
@@ -XXX,XX +XXX,XX @@ static inline bool use_goto_tb(DisasContext *s, target_ulong dest)
 {
 #ifndef CONFIG_USER_ONLY
     return (s->base.tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
-           ((s->pc - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
+           ((s->base.pc_next - 1) & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK);
 #else
     return true;
 #endif
@@ -XXX,XX +XXX,XX @@ static void gen_nop_hint(DisasContext *s, int val)
          */
     case 1: /* yield */
         if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
-            gen_set_pc_im(s, s->pc);
+            gen_set_pc_im(s, s->base.pc_next);
             s->base.is_jmp = DISAS_YIELD;
         }
         break;
     case 3: /* wfi */
-        gen_set_pc_im(s, s->pc);
+        gen_set_pc_im(s, s->base.pc_next);
         s->base.is_jmp = DISAS_WFI;
         break;
     case 2: /* wfe */
         if (!(tb_cflags(s->base.tb) & CF_PARALLEL)) {
-            gen_set_pc_im(s, s->pc);
+            gen_set_pc_im(s, s->base.pc_next);
             s->base.is_jmp = DISAS_WFE;
         }
         break;
@@ -XXX,XX +XXX,XX @@ static int disas_coproc_insn(DisasContext *s, uint32_t insn)
             if (isread) {
                 return 1;
             }
-            gen_set_pc_im(s, s->pc);
+            gen_set_pc_im(s, s->base.pc_next);
             s->base.is_jmp = DISAS_WFI;
             return 0;
         default:
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                  * self-modifying code correctly and also to take
                  * any pending interrupts immediately.
                  */
-                gen_goto_tb(s, 0, s->pc);
+                gen_goto_tb(s, 0, s->base.pc_next);
                 return;
             case 7: /* sb */
                 if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                  * for TCG; MB and end the TB instead.
                  */
                 tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
-                gen_goto_tb(s, 0, s->pc);
+                gen_goto_tb(s, 0, s->base.pc_next);
                 return;
             default:
                 goto illegal_op;
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
             int32_t offset;
 
             tmp = tcg_temp_new_i32();
-            tcg_gen_movi_i32(tmp, s->pc);
+            tcg_gen_movi_i32(tmp, s->base.pc_next);
             store_reg(s, 14, tmp);
             /* Sign-extend the 24-bit offset */
             offset = (((int32_t)insn) << 8) >> 8;
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
             /* branch link/exchange thumb (blx) */
             tmp = load_reg(s, rm);
             tmp2 = tcg_temp_new_i32();
-            tcg_gen_movi_i32(tmp2, s->pc);
+            tcg_gen_movi_i32(tmp2, s->base.pc_next);
             store_reg(s, 14, tmp2);
             gen_bx(s, tmp);
             break;
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                 /* branch (and link) */
                 if (insn & (1 << 24)) {
                     tmp = tcg_temp_new_i32();
-                    tcg_gen_movi_i32(tmp, s->pc);
+                    tcg_gen_movi_i32(tmp, s->base.pc_next);
                     store_reg(s, 14, tmp);
                 }
                 offset = sextract32(insn << 2, 0, 26);
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
             break;
         case 0xf:
             /* swi */
-            gen_set_pc_im(s, s->pc);
+            gen_set_pc_im(s, s->base.pc_next);
             s->svc_imm = extract32(insn, 0, 24);
             s->base.is_jmp = DISAS_SWI;
             break;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
 
                 if (insn & (1 << 14)) {
                     /* Branch and link.  */
-                    tcg_gen_movi_i32(cpu_R[14], s->pc | 1);
+                    tcg_gen_movi_i32(cpu_R[14], s->base.pc_next | 1);
                 }
 
                 offset += read_pc(s);
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                              * and also to take any pending interrupts
                              * immediately.
                              */
-                            gen_goto_tb(s, 0, s->pc);
+                            gen_goto_tb(s, 0, s->base.pc_next);
                             break;
                         case 7: /* sb */
                             if ((insn & 0xf) || !dc_isar_feature(aa32_sb, s)) {
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                              * for TCG; MB and end the TB instead.
                              */
                             tcg_gen_mb(TCG_MO_ALL | TCG_BAR_SC);
-                            gen_goto_tb(s, 0, s->pc);
+                            gen_goto_tb(s, 0, s->base.pc_next);
                             break;
                         default:
                             goto illegal_op;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
                 /* BLX/BX */
                 tmp = load_reg(s, rm);
                 if (link) {
-                    val = (uint32_t)s->pc | 1;
+                    val = (uint32_t)s->base.pc_next | 1;
                     tmp2 = tcg_temp_new_i32();
                     tcg_gen_movi_i32(tmp2, val);
                     store_reg(s, 14, tmp2);
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
 
         if (cond == 0xf) {
             /* swi */
-            gen_set_pc_im(s, s->pc);
+            gen_set_pc_im(s, s->base.pc_next);
             s->svc_imm = extract32(insn, 0, 8);
             s->base.is_jmp = DISAS_SWI;
             break;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
             tcg_gen_andi_i32(tmp, tmp, 0xfffffffc);
 
             tmp2 = tcg_temp_new_i32();
-            tcg_gen_movi_i32(tmp2, s->pc | 1);
+            tcg_gen_movi_i32(tmp2, s->base.pc_next | 1);
             store_reg(s, 14, tmp2);
             gen_bx(s, tmp);
             break;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
             tcg_gen_addi_i32(tmp, tmp, offset);
 
             tmp2 = tcg_temp_new_i32();
-            tcg_gen_movi_i32(tmp2, s->pc | 1);
+            tcg_gen_movi_i32(tmp2, s->base.pc_next | 1);
             store_reg(s, 14, tmp2);
             gen_bx(s, tmp);
         } else {
@@ -XXX,XX +XXX,XX @@ undef:
 
 static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
 {
-    /* Return true if the insn at dc->pc might cross a page boundary.
+    /* Return true if the insn at dc->base.pc_next might cross a page boundary.
      * (False positives are OK, false negatives are not.)
      * We know this is a Thumb insn, and our caller ensures we are
-     * only called if dc->pc is less than 4 bytes from the page
+     * only called if dc->base.pc_next is less than 4 bytes from the page
      * boundary, so we cross the page if the first 16 bits indicate
      * that this is a 32 bit insn.
      */
-    uint16_t insn = arm_lduw_code(env, s->pc, s->sctlr_b);
+    uint16_t insn = arm_lduw_code(env, s->base.pc_next, s->sctlr_b);
 
-    return !thumb_insn_is_16bit(s, s->pc, insn);
+    return !thumb_insn_is_16bit(s, s->base.pc_next, insn);
 }
 
 static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
@@ -XXX,XX +XXX,XX @@ static void arm_tr_init_disas_context(DisasContextBase *dcbase, CPUState *cs)
     uint32_t condexec, core_mmu_idx;
 
     dc->isar = &cpu->isar;
-    dc->pc = dc->base.pc_first;
     dc->condjmp = 0;
 
     dc->aarch64 = 0;
@@ -XXX,XX +XXX,XX @@ static void arm_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
 {
     DisasContext *dc = container_of(dcbase, DisasContext, base);
 
-    tcg_gen_insn_start(dc->pc,
+    tcg_gen_insn_start(dc->base.pc_next,
                        (dc->condexec_cond << 4) | (dc->condexec_mask >> 1),
                        0);
     dc->insn_start = tcg_last_op();
@@ -XXX,XX +XXX,XX @@ static bool arm_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
 
     if (bp->flags & BP_CPU) {
         gen_set_condexec(dc);
-        gen_set_pc_im(dc, dc->pc);
+        gen_set_pc_im(dc, dc->base.pc_next);
         gen_helper_check_breakpoints(cpu_env);
         /* End the TB early; it's likely not going to be executed */
         dc->base.is_jmp = DISAS_TOO_MANY;
@@ -XXX,XX +XXX,XX @@ static bool arm_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
            tb->size below does the right thing.  */
         /* TODO: Advance PC by correct instruction length to
          * avoid disassembler error messages */
-        dc->pc += 2;
+        dc->base.pc_next += 2;
         dc->base.is_jmp = DISAS_NORETURN;
     }
 
@@ -XXX,XX +XXX,XX @@ static bool arm_pre_translate_insn(DisasContext *dc)
 {
 #ifdef CONFIG_USER_ONLY
     /* Intercept jump to the magic kernel page.  */
-    if (dc->pc >= 0xffff0000) {
+    if (dc->base.pc_next >= 0xffff0000) {
         /* We always get here via a jump, so know we are not in a
            conditional execution block.  */
         gen_exception_internal(EXCP_KERNEL_TRAP);
@@ -XXX,XX +XXX,XX @@ static void arm_post_translate_insn(DisasContext *dc)
         gen_set_label(dc->condlabel);
         dc->condjmp = 0;
     }
-    dc->base.pc_next = dc->pc;
     translator_loop_temp_check(&dc->base);
 }
 
@@ -XXX,XX +XXX,XX @@ static void arm_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
         return;
     }
 
-    dc->pc_curr = dc->pc;
-    insn = arm_ldl_code(env, dc->pc, dc->sctlr_b);
+    dc->pc_curr = dc->base.pc_next;
+    insn = arm_ldl_code(env, dc->base.pc_next, dc->sctlr_b);
     dc->insn = insn;
-    dc->pc += 4;
+    dc->base.pc_next += 4;
     disas_arm_insn(dc, insn);
 
     arm_post_translate_insn(dc);
@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
         return;
     }
 
-    dc->pc_curr = dc->pc;
-    insn = arm_lduw_code(env, dc->pc, dc->sctlr_b);
-    is_16bit = thumb_insn_is_16bit(dc, dc->pc, insn);
-    dc->pc += 2;
+    dc->pc_curr = dc->base.pc_next;
+    insn = arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b);
+    is_16bit = thumb_insn_is_16bit(dc, dc->base.pc_next, insn);
+    dc->base.pc_next += 2;
     if (!is_16bit) {
-        uint32_t insn2 = arm_lduw_code(env, dc->pc, dc->sctlr_b);
+        uint32_t insn2 = arm_lduw_code(env, dc->base.pc_next, dc->sctlr_b);
 
         insn = insn << 16 | insn2;
-        dc->pc += 2;
+        dc->base.pc_next += 2;
     }
     dc->insn = insn;
 
@@ -XXX,XX +XXX,XX @@ static void thumb_tr_translate_insn(DisasContextBase *dcbase, CPUState *cpu)
      * but isn't very efficient).
      */
     if (dc->base.is_jmp == DISAS_NEXT
-        && (dc->pc - dc->page_start >= TARGET_PAGE_SIZE
-            || (dc->pc - dc->page_start >= TARGET_PAGE_SIZE - 3
+        && (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE
+            || (dc->base.pc_next - dc->page_start >= TARGET_PAGE_SIZE - 3
                 && insn_crosses_page(env, dc)))) {
         dc->base.is_jmp = DISAS_TOO_MANY;
     }
@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
         case DISAS_NEXT:
         case DISAS_TOO_MANY:
         case DISAS_UPDATE:
-            gen_set_pc_im(dc, dc->pc);
+            gen_set_pc_im(dc, dc->base.pc_next);
             /* fall through */
         default:
             /* FIXME: Single stepping a WFI insn will not halt the CPU. */
@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
         switch(dc->base.is_jmp) {
         case DISAS_NEXT:
         case DISAS_TOO_MANY:
-            gen_goto_tb(dc, 1, dc->pc);
+            gen_goto_tb(dc, 1, dc->base.pc_next);
             break;
         case DISAS_JUMP:
             gen_goto_ptr();
             break;
         case DISAS_UPDATE:
-            gen_set_pc_im(dc, dc->pc);
+            gen_set_pc_im(dc, dc->base.pc_next);
             /* fall through */
         default:
             /* indicate that the hash table must be used to find the next TB */
@@ -XXX,XX +XXX,XX @@ static void arm_tr_tb_stop(DisasContextBase *dcbase, CPUState *cpu)
         gen_set_label(dc->condlabel);
         gen_set_condexec(dc);
         if (unlikely(is_singlestepping(dc))) {
-            gen_set_pc_im(dc, dc->pc);
+            gen_set_pc_im(dc, dc->base.pc_next);
             gen_singlestep_exception(dc);
         } else {
-            gen_goto_tb(dc, 1, dc->pc);
+            gen_goto_tb(dc, 1, dc->base.pc_next);
         }
     }
-
-    /* Functions above can change dc->pc, so re-align db->pc_next */
-    dc->base.pc_next = dc->pc;
 }
 
 static void arm_tr_disas_log(const DisasContextBase *dcbase, CPUState *cpu)
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

The offset is variable depending on the instruction set, whereas
we have stored values for the current pc and the next pc.  Passing
in the actual value is clearer in intent.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190807045335.1361-8-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c     | 25 ++++++++++++++-----------
 target/arm/translate-vfp.inc.c |  6 +++---
 target/arm/translate.c         | 31 ++++++++++++++++---------------
 3 files changed, 33 insertions(+), 29 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
     s->base.is_jmp = DISAS_NORETURN;
 }
 
-static void gen_exception_insn(DisasContext *s, int offset, int excp,
+static void gen_exception_insn(DisasContext *s, uint64_t pc, int excp,
                                uint32_t syndrome, uint32_t target_el)
 {
-    gen_a64_set_pc_im(s->base.pc_next - offset);
+    gen_a64_set_pc_im(pc);
     gen_exception(excp, syndrome, target_el);
     s->base.is_jmp = DISAS_NORETURN;
 }
@@ -XXX,XX +XXX,XX @@ static inline void gen_goto_tb(DisasContext *s, int n, uint64_t dest)
 void unallocated_encoding(DisasContext *s)
 {
     /* Unallocated and reserved encodings are uncategorized */
-    gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
+    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
                        default_exception_el(s));
 }
 
@@ -XXX,XX +XXX,XX @@ static inline bool fp_access_check(DisasContext *s)
         return true;
     }
 
-    gen_exception_insn(s, 4, EXCP_UDEF, syn_fp_access_trap(1, 0xe, false),
-                       s->fp_excp_el);
+    gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
+                       syn_fp_access_trap(1, 0xe, false), s->fp_excp_el);
     return false;
 }
 
@@ -XXX,XX +XXX,XX @@ static inline bool fp_access_check(DisasContext *s)
 bool sve_access_check(DisasContext *s)
 {
     if (s->sve_excp_el) {
-        gen_exception_insn(s, 4, EXCP_UDEF, syn_sve_access_trap(),
+        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_sve_access_trap(),
                            s->sve_excp_el);
         return false;
     }
@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
         switch (op2_ll) {
         case 1:                                                     /* SVC */
             gen_ss_advance(s);
-            gen_exception_insn(s, 0, EXCP_SWI, syn_aa64_svc(imm16),
-                               default_exception_el(s));
+            gen_exception_insn(s, s->base.pc_next, EXCP_SWI,
+                               syn_aa64_svc(imm16), default_exception_el(s));
             break;
         case 2:                                                     /* HVC */
             if (s->current_el == 0) {
@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
             gen_a64_set_pc_im(s->pc_curr);
             gen_helper_pre_hvc(cpu_env);
             gen_ss_advance(s);
-            gen_exception_insn(s, 0, EXCP_HVC, syn_aa64_hvc(imm16), 2);
+            gen_exception_insn(s, s->base.pc_next, EXCP_HVC,
+                               syn_aa64_hvc(imm16), 2);
             break;
         case 3:                                                     /* SMC */
             if (s->current_el == 0) {
@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
             gen_helper_pre_smc(cpu_env, tmp);
             tcg_temp_free_i32(tmp);
             gen_ss_advance(s);
-            gen_exception_insn(s, 0, EXCP_SMC, syn_aa64_smc(imm16), 3);
+            gen_exception_insn(s, s->base.pc_next, EXCP_SMC,
+                               syn_aa64_smc(imm16), 3);
             break;
         default:
             unallocated_encoding(s);
@@ -XXX,XX +XXX,XX @@ static void disas_a64_insn(CPUARMState *env, DisasContext *s)
             if (s->btype != 0
                 && s->guarded_page
                 && !btype_destination_ok(insn, s->bt, s->btype)) {
-                gen_exception_insn(s, 4, EXCP_UDEF, syn_btitrap(s->btype),
+                gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
+                                   syn_btitrap(s->btype),
                                    default_exception_el(s));
                 return;
             }
diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-vfp.inc.c
+++ b/target/arm/translate-vfp.inc.c
@@ -XXX,XX +XXX,XX @@ static bool full_vfp_access_check(DisasContext *s, bool ignore_vfp_enabled)
 {
     if (s->fp_excp_el) {
         if (arm_dc_feature(s, ARM_FEATURE_M)) {
-            gen_exception_insn(s, 4, EXCP_NOCP, syn_uncategorized(),
+            gen_exception_insn(s, s->pc_curr, EXCP_NOCP, syn_uncategorized(),
                                s->fp_excp_el);
         } else {
-            gen_exception_insn(s, 4, EXCP_UDEF,
+            gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
                                syn_fp_access_trap(1, 0xe, false),
                                s->fp_excp_el);
         }
@@ -XXX,XX +XXX,XX @@ static bool full_vfp_access_check(DisasContext *s, bool ignore_vfp_enabled)
 
     if (!s->vfp_enabled && !ignore_vfp_enabled) {
         assert(!arm_dc_feature(s, ARM_FEATURE_M));
-        gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
+        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
                            default_exception_el(s));
         return false;
     }
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
     s->base.is_jmp = DISAS_NORETURN;
 }
 
-static void gen_exception_insn(DisasContext *s, int offset, int excp,
+static void gen_exception_insn(DisasContext *s, uint32_t pc, int excp,
                                int syn, uint32_t target_el)
 {
     gen_set_condexec(s);
-    gen_set_pc_im(s, s->base.pc_next - offset);
+    gen_set_pc_im(s, pc);
     gen_exception(excp, syn, target_el);
     s->base.is_jmp = DISAS_NORETURN;
 }
@@ -XXX,XX +XXX,XX @@ static inline void gen_hlt(DisasContext *s, int imm)
         return;
     }
 
-    gen_exception_insn(s, s->thumb ? 2 : 4, EXCP_UDEF, syn_uncategorized(),
+    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
                        default_exception_el(s));
 }
 
@@ -XXX,XX +XXX,XX @@ static bool msr_banked_access_decode(DisasContext *s, int r, int sysm, int rn,
 
 undef:
     /* If we get here then some access check did not pass */
-    gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(), exc_target);
+    gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
+                       syn_uncategorized(), exc_target);
     return false;
 }
 
@@ -XXX,XX +XXX,XX @@ static int disas_neon_ls_insn(DisasContext *s, uint32_t insn)
      * for attempts to execute invalid vfp/neon encodings with FP disabled.
      */
     if (s->fp_excp_el) {
-        gen_exception_insn(s, 4, EXCP_UDEF,
+        gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
                            syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
         return 0;
     }
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
      * for attempts to execute invalid vfp/neon encodings with FP disabled.
      */
     if (s->fp_excp_el) {
-        gen_exception_insn(s, 4, EXCP_UDEF,
+        gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
                            syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
         return 0;
     }
@@ -XXX,XX +XXX,XX @@ static int disas_neon_insn_3same_ext(DisasContext *s, uint32_t insn)
     }
 
     if (s->fp_excp_el) {
-        gen_exception_insn(s, 4, EXCP_UDEF,
+        gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
                            syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
         return 0;
     }
@@ -XXX,XX +XXX,XX @@ static int disas_neon_insn_2reg_scalar_ext(DisasContext *s, uint32_t insn)
         off_rm = vfp_reg_offset(0, rm);
     }
     if (s->fp_excp_el) {
-        gen_exception_insn(s, 4, EXCP_UDEF,
+        gen_exception_insn(s, s->pc_curr, EXCP_UDEF,
                            syn_simd_access_trap(1, 0xe, false), s->fp_excp_el);
         return 0;
     }
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
      * For the UNPREDICTABLE cases we choose to UNDEF.
      */
     if (s->current_el == 1 && !s->ns && mode == ARM_CPU_MODE_MON) {
-        gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(), 3);
+        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(), 3);
         return;
     }
 
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
     }
 
     if (undef) {
-        gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
+        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
                            default_exception_el(s));
         return;
     }
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
      * UsageFault exception.
      */
     if (arm_dc_feature(s, ARM_FEATURE_M)) {
-        gen_exception_insn(s, 4, EXCP_INVSTATE, syn_uncategorized(),
+        gen_exception_insn(s, s->pc_curr, EXCP_INVSTATE, syn_uncategorized(),
                            default_exception_el(s));
         return;
     }
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
             break;
         default:
         illegal_op:
-            gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
+            gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
                                default_exception_el(s));
             break;
         }
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
             }
 
             /* All other insns: NOCP */
-            gen_exception_insn(s, 4, EXCP_NOCP, syn_uncategorized(),
+            gen_exception_insn(s, s->pc_curr, EXCP_NOCP, syn_uncategorized(),
                                default_exception_el(s));
             break;
         }
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
     }
     return;
 illegal_op:
-    gen_exception_insn(s, 4, EXCP_UDEF, syn_uncategorized(),
+    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
                        default_exception_el(s));
 }
 
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
     return;
 illegal_op:
 undef:
-    gen_exception_insn(s, 2, EXCP_UDEF, syn_uncategorized(),
+    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
                        default_exception_el(s));
 }
 
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

The offset is variable depending on the instruction set.
Passing in the actual value is clearer in intent.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190807045335.1361-9-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 8 ++++----
 target/arm/translate.c     | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_internal(int excp)
     tcg_temp_free_i32(tcg_excp);
 }
 
-static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
+static void gen_exception_internal_insn(DisasContext *s, uint64_t pc, int excp)
 {
-    gen_a64_set_pc_im(s->base.pc_next - offset);
+    gen_a64_set_pc_im(pc);
     gen_exception_internal(excp);
     s->base.is_jmp = DISAS_NORETURN;
 }
@@ -XXX,XX +XXX,XX @@ static void disas_exc(DisasContext *s, uint32_t insn)
                 break;
             }
 #endif
-            gen_exception_internal_insn(s, 0, EXCP_SEMIHOST);
+            gen_exception_internal_insn(s, s->base.pc_next, EXCP_SEMIHOST);
         } else {
             unsupported_encoding(s, insn);
         }
@@ -XXX,XX +XXX,XX @@ static bool aarch64_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
         /* End the TB early; it likely won't be executed */
         dc->base.is_jmp = DISAS_TOO_MANY;
     } else {
-        gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
+        gen_exception_internal_insn(dc, dc->base.pc_next, EXCP_DEBUG);
         /* The address covered by the breakpoint must be
            included in [tb->pc, tb->pc + tb->size) in order
            to for it to be properly cleared -- thus we
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static inline void gen_smc(DisasContext *s)
     s->base.is_jmp = DISAS_SMC;
 }
 
-static void gen_exception_internal_insn(DisasContext *s, int offset, int excp)
+static void gen_exception_internal_insn(DisasContext *s, uint32_t pc, int excp)
 {
     gen_set_condexec(s);
-    gen_set_pc_im(s, s->base.pc_next - offset);
+    gen_set_pc_im(s, pc);
     gen_exception_internal(excp);
     s->base.is_jmp = DISAS_NORETURN;
 }
@@ -XXX,XX +XXX,XX @@ static inline void gen_hlt(DisasContext *s, int imm)
         s->current_el != 0 &&
 #endif
         (imm == (s->thumb ? 0x3c : 0xf000))) {
-        gen_exception_internal_insn(s, 0, EXCP_SEMIHOST);
+        gen_exception_internal_insn(s, s->base.pc_next, EXCP_SEMIHOST);
         return;
     }
 
@@ -XXX,XX +XXX,XX @@ static bool arm_tr_breakpoint_check(DisasContextBase *dcbase, CPUState *cpu,
         /* End the TB early; it's likely not going to be executed */
         dc->base.is_jmp = DISAS_TOO_MANY;
     } else {
-        gen_exception_internal_insn(dc, 0, EXCP_DEBUG);
+        gen_exception_internal_insn(dc, dc->base.pc_next, EXCP_DEBUG);
         /* The address covered by the breakpoint must be
            included in [tb->pc, tb->pc + tb->size) in order
            to for it to be properly cleared -- thus we
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Unlike the other more generic gen_exception{,_internal}_insn
interfaces, breakpoints always refer to the current instruction.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190807045335.1361-10-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.c | 7 +++----
 target/arm/translate.c     | 8 ++++----
 2 files changed, 7 insertions(+), 8 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

Promote this function from aarch64 to fully general use.
Use it to unify the code sequences for generating illegal
opcode exceptions.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190807045335.1361-11-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate-a64.h     |  2 --
 target/arm/translate.h         |  2 ++
 target/arm/translate-a64.c     |  7 -------
 target/arm/translate-vfp.inc.c |  3 +--
 target/arm/translate.c         | 22 ++++++++++++----------
 5 files changed, 15 insertions(+), 21 deletions(-)

diff --git a/target/arm/translate-a64.h b/target/arm/translate-a64.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.h
+++ b/target/arm/translate-a64.h
@@ -XXX,XX +XXX,XX @@
 #ifndef TARGET_ARM_TRANSLATE_A64_H
 #define TARGET_ARM_TRANSLATE_A64_H
 
-void unallocated_encoding(DisasContext *s);
-
 #define unsupported_encoding(s, insn)                                    \
     do {                                                                 \
         qemu_log_mask(LOG_UNIMP,                                         \
diff --git a/target/arm/translate.h b/target/arm/translate.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.h
+++ b/target/arm/translate.h
@@ -XXX,XX +XXX,XX @@ typedef struct DisasCompare {
     bool value_global;
 } DisasCompare;
 
+void unallocated_encoding(DisasContext *s);
+
 /* Share the TCG temporaries common between 32 and 64 bit modes.  */
 extern TCGv_i32 cpu_NF, cpu_ZF, cpu_CF, cpu_VF;
 extern TCGv_i64 cpu_exclusive_addr;
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -XXX,XX +XXX,XX @@ static inline void gen_goto_tb(DisasContext *s, int n, uint64_t dest)
     }
 }
 
-void unallocated_encoding(DisasContext *s)
-{
-    /* Unallocated and reserved encodings are uncategorized */
-    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-                       default_exception_el(s));
-}
-
 static void init_tmp_a64_array(DisasContext *s)
 {
 #ifdef CONFIG_DEBUG_TCG
diff --git a/target/arm/translate-vfp.inc.c b/target/arm/translate-vfp.inc.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate-vfp.inc.c
+++ b/target/arm/translate-vfp.inc.c
@@ -XXX,XX +XXX,XX @@ static bool full_vfp_access_check(DisasContext *s, bool ignore_vfp_enabled)
 
     if (!s->vfp_enabled && !ignore_vfp_enabled) {
         assert(!arm_dc_feature(s, ARM_FEATURE_M));
-        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-                           default_exception_el(s));
+        unallocated_encoding(s);
         return false;
     }
 
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_exception_bkpt_insn(DisasContext *s, uint32_t syn)
     s->base.is_jmp = DISAS_NORETURN;
 }
 
+void unallocated_encoding(DisasContext *s)
+{
+    /* Unallocated and reserved encodings are uncategorized */
+    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
+                       default_exception_el(s));
+}
+
 /* Force a TB lookup after an instruction that changes the CPU state.  */
 static inline void gen_lookup_tb(DisasContext *s)
 {
@@ -XXX,XX +XXX,XX @@ static inline void gen_hlt(DisasContext *s, int imm)
         return;
     }
 
-    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-                       default_exception_el(s));
+    unallocated_encoding(s);
 }
 
 static inline void gen_add_data_offset(DisasContext *s, unsigned int insn,
@@ -XXX,XX +XXX,XX @@ static void gen_srs(DisasContext *s,
     }
 
     if (undef) {
-        gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-                           default_exception_el(s));
+        unallocated_encoding(s);
         return;
     }
 
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
             break;
         default:
         illegal_op:
-            gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-                               default_exception_el(s));
+            unallocated_encoding(s);
             break;
         }
     }
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
     }
     return;
 illegal_op:
-    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-                       default_exception_el(s));
+    unallocated_encoding(s);
 }
 
 static void disas_thumb_insn(DisasContext *s, uint32_t insn)
@@ -XXX,XX +XXX,XX @@ static void disas_thumb_insn(DisasContext *s, uint32_t insn)
     return;
 illegal_op:
 undef:
-    gen_exception_insn(s, s->pc_curr, EXCP_UDEF, syn_uncategorized(),
-                       default_exception_el(s));
+    unallocated_encoding(s);
 }
 
 static bool insn_crosses_page(CPUARMState *env, DisasContext *s)
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Replace x = double_saturate(y) with x = add_saturate(y, y).
There is no need for a separate more specialized helper.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190807045335.1361-12-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.h    |  1 -
 target/arm/op_helper.c | 15 ---------------
 target/arm/translate.c |  4 ++--
 3 files changed, 2 insertions(+), 18 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -XXX,XX +XXX,XX @@ DEF_HELPER_3(add_saturate, i32, env, i32, i32)
 DEF_HELPER_3(sub_saturate, i32, env, i32, i32)
 DEF_HELPER_3(add_usaturate, i32, env, i32, i32)
 DEF_HELPER_3(sub_usaturate, i32, env, i32, i32)
-DEF_HELPER_2(double_saturate, i32, env, s32)
 DEF_HELPER_FLAGS_2(sdiv, TCG_CALL_NO_RWG_SE, s32, s32, s32)
 DEF_HELPER_FLAGS_2(udiv, TCG_CALL_NO_RWG_SE, i32, i32, i32)
 DEF_HELPER_FLAGS_1(rbit, TCG_CALL_NO_RWG_SE, i32, i32)
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(sub_saturate)(CPUARMState *env, uint32_t a, uint32_t b)
     return res;
 }
 
-uint32_t HELPER(double_saturate)(CPUARMState *env, int32_t val)
-{
-    uint32_t res;
-    if (val >= 0x40000000) {
-        res = ~SIGNBIT;
-        env->QF = 1;
-    } else if (val <= (int32_t)0xc0000000) {
-        res = SIGNBIT;
-        env->QF = 1;
-    } else {
-        res = val << 1;
-    }
-    return res;
-}
-
 uint32_t HELPER(add_usaturate)(CPUARMState *env, uint32_t a, uint32_t b)
 {
     uint32_t res = a + b;
diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
             tmp = load_reg(s, rm);
             tmp2 = load_reg(s, rn);
             if (op1 & 2)
-                gen_helper_double_saturate(tmp2, cpu_env, tmp2);
+                gen_helper_add_saturate(tmp2, cpu_env, tmp2, tmp2);
             if (op1 & 1)
                 gen_helper_sub_saturate(tmp, cpu_env, tmp, tmp2);
             else
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                 tmp = load_reg(s, rn);
                 tmp2 = load_reg(s, rm);
                 if (op & 1)
-                    gen_helper_double_saturate(tmp, cpu_env, tmp);
+                    gen_helper_add_saturate(tmp, cpu_env, tmp, tmp);
                 if (op & 2)
                     gen_helper_sub_saturate(tmp, cpu_env, tmp2, tmp);
                 else
-- 
2.20.1

From: Andrew Jones <drjones@redhat.com>

If -cpu <cpu>,aarch64=off is used then KVM must also be used, and it
and the host must support running the vcpu in 32-bit mode. Also, if
-cpu <cpu>,aarch64=on is used, then it doesn't matter if kvm is
enabled or not.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/kvm_arm.h | 14 ++++++++++++++
 target/arm/cpu64.c   | 12 ++++++------
 target/arm/kvm64.c   |  9 +++++++++
 3 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm_arm.h
+++ b/target/arm/kvm_arm.h
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf);
  */
 void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu);
 
+/**
+ * kvm_arm_aarch32_supported:
+ * @cs: CPUState
+ *
+ * Returns: true if the KVM VCPU can enable AArch32 mode
+ * and false otherwise.
+ */
+bool kvm_arm_aarch32_supported(CPUState *cs);
+
 /**
  * kvm_arm_get_max_vm_ipa_size - Returns the number of bits in the
  * IPA address space supported by KVM
@@ -XXX,XX +XXX,XX @@ static inline void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu)
     cpu->host_cpu_probe_failed = true;
 }
 
+static inline bool kvm_arm_aarch32_supported(CPUState *cs)
+{
+    return false;
+}
+
 static inline int kvm_arm_get_max_vm_ipa_size(MachineState *ms)
 {
     return -ENOENT;
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -XXX,XX +XXX,XX @@ static void aarch64_cpu_set_aarch64(Object *obj, bool value, Error **errp)
      * restriction allows us to avoid fixing up functionality that assumes a
      * uniform execution state like do_interrupt.
      */
-    if (!kvm_enabled()) {
-        error_setg(errp, "'aarch64' feature cannot be disabled "
-                         "unless KVM is enabled");
-        return;
-    }
-
     if (value == false) {
+        if (!kvm_enabled() || !kvm_arm_aarch32_supported(CPU(cpu))) {
+            error_setg(errp, "'aarch64' feature cannot be disabled "
+                             "unless KVM is enabled and 32-bit EL1 "
+                             "is supported");
+            return;
+        }
         unset_feature(&cpu->env, ARM_FEATURE_AARCH64);
     } else {
         set_feature(&cpu->env, ARM_FEATURE_AARCH64);
diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/gdbstub.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/kvm.h"
+#include "sysemu/kvm_int.h"
 #include "kvm_arm.h"
+#include "hw/boards.h"
 #include "internals.h"
 
 static bool have_guest_debug;
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
     return true;
 }
 
+bool kvm_arm_aarch32_supported(CPUState *cpu)
+{
+    KVMState *s = KVM_STATE(current_machine->accelerator);
+
+    return kvm_check_extension(s, KVM_CAP_ARM_EL1_32BIT);
+}
+
 #define ARM_CPU_ID_MPIDR       3, 0, 0, 0, 5
 
 int kvm_arch_init_vcpu(CPUState *cs)
-- 
2.20.1

From: Andrew Jones <drjones@redhat.com>

We first convert the pmu property from a static property to one with
its own accessors. Then we use the set accessor to check if the PMU is
supported when using KVM. Indeed a 32-bit KVM host does not support
the PMU, so this check will catch an attempt to use it at property-set
time.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/kvm_arm.h | 14 ++++++++++++++
 target/arm/cpu.c     | 30 +++++++++++++++++++++++++-----
 target/arm/kvm.c     |  7 +++++++
 3 files changed, 46 insertions(+), 5 deletions(-)

diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm_arm.h
+++ b/target/arm/kvm_arm.h
@@ -XXX,XX +XXX,XX @@ void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu);
  */
 bool kvm_arm_aarch32_supported(CPUState *cs);
 
+/**
+ * bool kvm_arm_pmu_supported:
+ * @cs: CPUState
+ *
+ * Returns: true if the KVM VCPU can enable its PMU
+ * and false otherwise.
+ */
+bool kvm_arm_pmu_supported(CPUState *cs);
+
 /**
  * kvm_arm_get_max_vm_ipa_size - Returns the number of bits in the
  * IPA address space supported by KVM
@@ -XXX,XX +XXX,XX @@ static inline bool kvm_arm_aarch32_supported(CPUState *cs)
     return false;
 }
 
+static inline bool kvm_arm_pmu_supported(CPUState *cs)
+{
+    return false;
+}
+
 static inline int kvm_arm_get_max_vm_ipa_size(MachineState *ms)
 {
     return -ENOENT;
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -XXX,XX +XXX,XX @@ static Property arm_cpu_has_el3_property =
 static Property arm_cpu_cfgend_property =
             DEFINE_PROP_BOOL("cfgend", ARMCPU, cfgend, false);
 
-/* use property name "pmu" to match other archs and virt tools */
-static Property arm_cpu_has_pmu_property =
-            DEFINE_PROP_BOOL("pmu", ARMCPU, has_pmu, true);
-
 static Property arm_cpu_has_vfp_property =
             DEFINE_PROP_BOOL("vfp", ARMCPU, has_vfp, true);
 
@@ -XXX,XX +XXX,XX @@ static Property arm_cpu_pmsav7_dregion_property =
                                            pmsav7_dregion,
                                            qdev_prop_uint32, uint32_t);
 
+static bool arm_get_pmu(Object *obj, Error **errp)
+{
+    ARMCPU *cpu = ARM_CPU(obj);
+
+    return cpu->has_pmu;
+}
+
+static void arm_set_pmu(Object *obj, bool value, Error **errp)
+{
+    ARMCPU *cpu = ARM_CPU(obj);
+
+    if (value) {
+        if (kvm_enabled() && !kvm_arm_pmu_supported(CPU(cpu))) {
+            error_setg(errp, "'pmu' feature not supported by KVM on this host");
+            return;
+        }
+        set_feature(&cpu->env, ARM_FEATURE_PMU);
+    } else {
+        unset_feature(&cpu->env, ARM_FEATURE_PMU);
+    }
+    cpu->has_pmu = value;
+}
+
 static void arm_get_init_svtor(Object *obj, Visitor *v, const char *name,
                                void *opaque, Error **errp)
 {
@@ -XXX,XX +XXX,XX @@ void arm_cpu_post_init(Object *obj)
     }
 
     if (arm_feature(&cpu->env, ARM_FEATURE_PMU)) {
-        qdev_property_add_static(DEVICE(obj), &arm_cpu_has_pmu_property,
+        cpu->has_pmu = true;
+        object_property_add_bool(obj, "pmu", arm_get_pmu, arm_set_pmu,
                                  &error_abort);
     }
 
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -XXX,XX +XXX,XX @@ void kvm_arm_set_cpu_features_from_host(ARMCPU *cpu)
     env->features = arm_host_cpu_features.features;
 }
 
+bool kvm_arm_pmu_supported(CPUState *cpu)
+{
+    KVMState *s = KVM_STATE(current_machine->accelerator);
+
+    return kvm_check_extension(s, KVM_CAP_ARM_PMU_V3);
+}
+
 int kvm_arm_get_max_vm_ipa_size(MachineState *ms)
 {
     KVMState *s = KVM_STATE(ms->accelerator);
-- 
2.20.1

From: Andrew Jones <drjones@redhat.com>

The current implementation of ZCR_ELx matches the architecture, only
implementing the lower four bits, with the rest RAZ/WI. This puts
a strict limit on ARM_MAX_VQ of 16. Make sure we don't let ARM_MAX_VQ
grow without a corresponding update here.

Suggested-by: Dave Martin <Dave.Martin@arm.com>
Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/helper.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
     int new_len;
 
     /* Bits other than [3:0] are RAZ/WI.  */
+    QEMU_BUILD_BUG_ON(ARM_MAX_VQ > 16);
     raw_write(env, ri, value & 0xf);
 
     /*
-- 
2.20.1

From: Andrew Jones <drjones@redhat.com>

A couple return -EINVAL's forgot their '-'s.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/kvm64.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -XXX,XX +XXX,XX @@ int kvm_arch_put_registers(CPUState *cs, int level)
     write_cpustate_to_list(cpu, true);
 
     if (!write_list_to_kvmstate(cpu, level)) {
-        return EINVAL;
+        return -EINVAL;
     }
 
     kvm_arm_sync_mpstate_to_kvm(cpu);
@@ -XXX,XX +XXX,XX @@ int kvm_arch_get_registers(CPUState *cs)
     }
 
     if (!write_kvmstate_to_list(cpu)) {
-        return EINVAL;
+        return -EINVAL;
     }
     /* Note that it's OK to have registers which aren't in CPUState,
      * so we can ignore a failure return here.
-- 
2.20.1

From: Andrew Jones <drjones@redhat.com>

Move the getting/putting of the fpsimd registers out of
kvm_arch_get/put_registers() into their own helper functions
to prepare for alternatively getting/putting SVE registers.

No functional change.

Signed-off-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/kvm64.c | 148 +++++++++++++++++++++++++++------------------
 1 file changed, 88 insertions(+), 60 deletions(-)

diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -XXX,XX +XXX,XX @@ int kvm_arm_cpreg_level(uint64_t regidx)
 #define AARCH64_SIMD_CTRL_REG(x)   (KVM_REG_ARM64 | KVM_REG_SIZE_U32 | \
                  KVM_REG_ARM_CORE | KVM_REG_ARM_CORE_REG(x))
 
+static int kvm_arch_put_fpsimd(CPUState *cs)
+{
+    ARMCPU *cpu = ARM_CPU(cs);
+    CPUARMState *env = &cpu->env;
+    struct kvm_one_reg reg;
+    uint32_t fpr;
+    int i, ret;
+
+    for (i = 0; i < 32; i++) {
+        uint64_t *q = aa64_vfp_qreg(env, i);
+#ifdef HOST_WORDS_BIGENDIAN
+        uint64_t fp_val[2] = { q[1], q[0] };
+        reg.addr = (uintptr_t)fp_val;
+#else
+        reg.addr = (uintptr_t)q;
+#endif
+        reg.id = AARCH64_SIMD_CORE_REG(fp_regs.vregs[i]);
+        ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
+        if (ret) {
+            return ret;
+        }
+    }
+
+    reg.addr = (uintptr_t)(&fpr);
+    fpr = vfp_get_fpsr(env);
+    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpsr);
+    ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
+    if (ret) {
+        return ret;
+    }
+
+    reg.addr = (uintptr_t)(&fpr);
+    fpr = vfp_get_fpcr(env);
+    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpcr);
+    ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
+    if (ret) {
+        return ret;
+    }
+
+    return 0;
+}
+
 int kvm_arch_put_registers(CPUState *cs, int level)
 {
     struct kvm_one_reg reg;
-    uint32_t fpr;
     uint64_t val;
-    int i;
-    int ret;
+    int i, ret;
     unsigned int el;
 
     ARMCPU *cpu = ARM_CPU(cs);
@@ -XXX,XX +XXX,XX @@ int kvm_arch_put_registers(CPUState *cs, int level)
         }
     }
 
-    /* Advanced SIMD and FP registers. */
-    for (i = 0; i < 32; i++) {
-        uint64_t *q = aa64_vfp_qreg(env, i);
-#ifdef HOST_WORDS_BIGENDIAN
-        uint64_t fp_val[2] = { q[1], q[0] };
-        reg.addr = (uintptr_t)fp_val;
-#else
-        reg.addr = (uintptr_t)q;
-#endif
-        reg.id = AARCH64_SIMD_CORE_REG(fp_regs.vregs[i]);
-        ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
-        if (ret) {
-            return ret;
-        }
-    }
-
-    reg.addr = (uintptr_t)(&fpr);
-    fpr = vfp_get_fpsr(env);
-    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpsr);
-    ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
-    if (ret) {
-        return ret;
-    }
-
-    fpr = vfp_get_fpcr(env);
-    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpcr);
-    ret = kvm_vcpu_ioctl(cs, KVM_SET_ONE_REG, &reg);
+    ret = kvm_arch_put_fpsimd(cs);
     if (ret) {
         return ret;
     }
@@ -XXX,XX +XXX,XX @@ int kvm_arch_put_registers(CPUState *cs, int level)
     return ret;
 }
 
+static int kvm_arch_get_fpsimd(CPUState *cs)
+{
+    ARMCPU *cpu = ARM_CPU(cs);
+    CPUARMState *env = &cpu->env;
+    struct kvm_one_reg reg;
+    uint32_t fpr;
+    int i, ret;
+
+    for (i = 0; i < 32; i++) {
+        uint64_t *q = aa64_vfp_qreg(env, i);
+        reg.id = AARCH64_SIMD_CORE_REG(fp_regs.vregs[i]);
+        reg.addr = (uintptr_t)q;
+        ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
+        if (ret) {
+            return ret;
+        } else {
+#ifdef HOST_WORDS_BIGENDIAN
+            uint64_t t;
+            t = q[0], q[0] = q[1], q[1] = t;
+#endif
+        }
+    }
+
+    reg.addr = (uintptr_t)(&fpr);
+    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpsr);
+    ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
+    if (ret) {
+        return ret;
+    }
+    vfp_set_fpsr(env, fpr);
+
+    reg.addr = (uintptr_t)(&fpr);
+    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpcr);
+    ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
+    if (ret) {
+        return ret;
+    }
+    vfp_set_fpcr(env, fpr);
+
+    return 0;
+}
+
 int kvm_arch_get_registers(CPUState *cs)
 {
     struct kvm_one_reg reg;
     uint64_t val;
-    uint32_t fpr;
     unsigned int el;
-    int i;
-    int ret;
+    int i, ret;
 
     ARMCPU *cpu = ARM_CPU(cs);
     CPUARMState *env = &cpu->env;
@@ -XXX,XX +XXX,XX @@ int kvm_arch_get_registers(CPUState *cs)
         env->spsr = env->banked_spsr[i];
     }
 
-    /* Advanced SIMD and FP registers */
-    for (i = 0; i < 32; i++) {
-        uint64_t *q = aa64_vfp_qreg(env, i);
-        reg.id = AARCH64_SIMD_CORE_REG(fp_regs.vregs[i]);
-        reg.addr = (uintptr_t)q;
-        ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
-        if (ret) {
-            return ret;
-        } else {
-#ifdef HOST_WORDS_BIGENDIAN
-            uint64_t t;
-            t = q[0], q[0] = q[1], q[1] = t;
-#endif
-        }
-    }
-
-    reg.addr = (uintptr_t)(&fpr);
-    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpsr);
-    ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
+    ret = kvm_arch_get_fpsimd(cs);
     if (ret) {
         return ret;
     }
-    vfp_set_fpsr(env, fpr);
-
-    reg.id = AARCH64_SIMD_CTRL_REG(fp_regs.fpcr);
-    ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, &reg);
-    if (ret) {
-        return ret;
-    }
-    vfp_set_fpcr(env, fpr);
 
     ret = kvm_get_vcpu_events(cpu);
     if (ret) {
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Extract is a compact combination of shift + and.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190808202616.13782-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_sar(TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 
 static void shifter_out_im(TCGv_i32 var, int shift)
 {
-    if (shift == 0) {
-        tcg_gen_andi_i32(cpu_CF, var, 1);
-    } else {
-        tcg_gen_shri_i32(cpu_CF, var, shift);
-        if (shift != 31) {
-            tcg_gen_andi_i32(cpu_CF, cpu_CF, 1);
-        }
-    }
+    tcg_gen_extract_i32(cpu_CF, var, shift, 1);
 }
 
 /* Shift by immediate.  Includes special handling for shift == 0.  */
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Use deposit as the composit operation to merge the
bits from the two inputs.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190808202616.13782-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 26 ++++++++++----------------
 1 file changed, 10 insertions(+), 16 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                         shift = (insn >> 7) & 0x1f;
                         if (insn & (1 << 6)) {
                             /* pkhtb */
-                            if (shift == 0)
+                            if (shift == 0) {
                                 shift = 31;
+                            }
                             tcg_gen_sari_i32(tmp2, tmp2, shift);
-                            tcg_gen_andi_i32(tmp, tmp, 0xffff0000);
-                            tcg_gen_ext16u_i32(tmp2, tmp2);
+                            tcg_gen_deposit_i32(tmp, tmp, tmp2, 0, 16);
                         } else {
                             /* pkhbt */
-                            if (shift)
-                                tcg_gen_shli_i32(tmp2, tmp2, shift);
-                            tcg_gen_ext16u_i32(tmp, tmp);
-                            tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
+                            tcg_gen_shli_i32(tmp2, tmp2, shift);
+                            tcg_gen_deposit_i32(tmp, tmp2, tmp, 0, 16);
                         }
-                        tcg_gen_or_i32(tmp, tmp, tmp2);
                         tcg_temp_free_i32(tmp2);
                         store_reg(s, rd, tmp);
                     } else if ((insn & 0x00200020) == 0x00200000) {
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
             shift = ((insn >> 10) & 0x1c) | ((insn >> 6) & 0x3);
             if (insn & (1 << 5)) {
                 /* pkhtb */
-                if (shift == 0)
+                if (shift == 0) {
                     shift = 31;
+                }
                 tcg_gen_sari_i32(tmp2, tmp2, shift);
-                tcg_gen_andi_i32(tmp, tmp, 0xffff0000);
-                tcg_gen_ext16u_i32(tmp2, tmp2);
+                tcg_gen_deposit_i32(tmp, tmp, tmp2, 0, 16);
             } else {
                 /* pkhbt */
-                if (shift)
-                    tcg_gen_shli_i32(tmp2, tmp2, shift);
-                tcg_gen_ext16u_i32(tmp, tmp);
-                tcg_gen_andi_i32(tmp2, tmp2, 0xffff0000);
+                tcg_gen_shli_i32(tmp2, tmp2, shift);
+                tcg_gen_deposit_i32(tmp, tmp2, tmp, 0, 16);
             }
-            tcg_gen_or_i32(tmp, tmp, tmp2);
             tcg_temp_free_i32(tmp2);
             store_reg(s, rd, tmp);
         } else {
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

The immediate shift generator functions already test for,
and eliminate, the case of a shift by zero.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190808202616.13782-4-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                         shift = (insn >> 10) & 3;
                         /* ??? In many cases it's not necessary to do a
                            rotate, a shift is sufficient.  */
-                        if (shift != 0)
-                            tcg_gen_rotri_i32(tmp, tmp, shift * 8);
+                        tcg_gen_rotri_i32(tmp, tmp, shift * 8);
                         op1 = (insn >> 20) & 7;
                         switch (op1) {
                         case 0: gen_sxtb16(tmp);  break;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
             shift = (insn >> 4) & 3;
             /* ??? In many cases it's not necessary to do a
                rotate, a shift is sufficient.  */
-            if (shift != 0)
-                tcg_gen_rotri_i32(tmp, tmp, shift * 8);
+            tcg_gen_rotri_i32(tmp, tmp, shift * 8);
             op = (insn >> 20) & 7;
             switch (op) {
             case 0: gen_sxth(tmp);   break;
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                     case 7:
                         goto illegal_op;
                     default: /* Saturate.  */
-                        if (shift) {
-                            if (op & 1)
-                                tcg_gen_sari_i32(tmp, tmp, shift);
-                            else
-                                tcg_gen_shli_i32(tmp, tmp, shift);
+                        if (op & 1) {
+                            tcg_gen_sari_i32(tmp, tmp, shift);
+                        } else {
+                            tcg_gen_shli_i32(tmp, tmp, shift);
                         }
                         tmp2 = tcg_const_i32(imm);
                         if (op & 4) {
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                     goto illegal_op;
                 }
                 tmp = load_reg(s, rm);
-                if (shift) {
-                    tcg_gen_shli_i32(tmp, tmp, shift);
-                }
+                tcg_gen_shli_i32(tmp, tmp, shift);
                 tcg_gen_add_i32(addr, addr, tmp);
                 tcg_temp_free_i32(tmp);
                 break;
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

The helper function is more documentary, and also already
handles the case of rotate by zero.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190808202616.13782-5-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                 /* CPSR = immediate */
                 val = insn & 0xff;
                 shift = ((insn >> 8) & 0xf) * 2;
-                if (shift)
-                    val = (val >> shift) | (val << (32 - shift));
+                val = ror32(val, shift);
                 i = ((insn & (1 << 22)) != 0);
                 if (gen_set_psr_im(s, msr_mask(s, (insn >> 16) & 0xf, i),
                                    i, val)) {
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
             /* immediate operand */
             val = insn & 0xff;
             shift = ((insn >> 8) & 0xf) * 2;
-            if (shift) {
-                val = (val >> shift) | (val << (32 - shift));
-            }
+            val = ror32(val, shift);
             tmp2 = tcg_temp_new_i32();
             tcg_gen_movi_i32(tmp2, val);
             if (logic_cc && shift) {
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Rotate is the more compact and obvious way to swap 16-bit
elements of a 32-bit word.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190808202616.13782-6-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static TCGv_i64 gen_muls_i64_i32(TCGv_i32 a, TCGv_i32 b)
 /* Swap low and high halfwords.  */
 static void gen_swap_half(TCGv_i32 var)
 {
-    TCGv_i32 tmp = tcg_temp_new_i32();
-    tcg_gen_shri_i32(tmp, var, 16);
-    tcg_gen_shli_i32(var, var, 16);
-    tcg_gen_or_i32(var, var, tmp);
-    tcg_temp_free_i32(tmp);
+    tcg_gen_rotri_i32(var, var, 16);
 }
 
 /* Dual 16-bit add.  Result placed in t0 and t1 is marked as dead.
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

All of the inputs to these instructions are 32-bits.  Rather than
extend each input to 64-bits and then extract the high 32-bits of
the output, use tcg_gen_muls2_i32 and other 32-bit generator functions.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190808202616.13782-7-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 72 +++++++++++++++---------------------------
 1 file changed, 26 insertions(+), 46 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static void gen_revsh(TCGv_i32 var)
     tcg_gen_ext16s_i32(var, var);
 }
 
-/* Return (b << 32) + a. Mark inputs as dead */
-static TCGv_i64 gen_addq_msw(TCGv_i64 a, TCGv_i32 b)
-{
-    TCGv_i64 tmp64 = tcg_temp_new_i64();
-
-    tcg_gen_extu_i32_i64(tmp64, b);
-    tcg_temp_free_i32(b);
-    tcg_gen_shli_i64(tmp64, tmp64, 32);
-    tcg_gen_add_i64(a, tmp64, a);
-
-    tcg_temp_free_i64(tmp64);
-    return a;
-}
-
-/* Return (b << 32) - a. Mark inputs as dead. */
-static TCGv_i64 gen_subq_msw(TCGv_i64 a, TCGv_i32 b)
-{
-    TCGv_i64 tmp64 = tcg_temp_new_i64();
-
-    tcg_gen_extu_i32_i64(tmp64, b);
-    tcg_temp_free_i32(b);
-    tcg_gen_shli_i64(tmp64, tmp64, 32);
-    tcg_gen_sub_i64(a, tmp64, a);
-
-    tcg_temp_free_i64(tmp64);
-    return a;
-}
-
 /* 32x32->64 multiply.  Marks inputs as dead.  */
 static TCGv_i64 gen_mulu_i64_i32(TCGv_i32 a, TCGv_i32 b)
 {
@@ -XXX,XX +XXX,XX @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)
                            (SMMUL, SMMLA, SMMLS) */
                         tmp = load_reg(s, rm);
                         tmp2 = load_reg(s, rs);
-                        tmp64 = gen_muls_i64_i32(tmp, tmp2);
+                        tcg_gen_muls2_i32(tmp2, tmp, tmp, tmp2);
 
                         if (rd != 15) {
-                            tmp = load_reg(s, rd);
+                            tmp3 = load_reg(s, rd);
                             if (insn & (1 << 6)) {
-                                tmp64 = gen_subq_msw(tmp64, tmp);
+                                tcg_gen_sub_i32(tmp, tmp, tmp3);
                             } else {
-                                tmp64 = gen_addq_msw(tmp64, tmp);
+                                tcg_gen_add_i32(tmp, tmp, tmp3);
                             }
+                            tcg_temp_free_i32(tmp3);
                         }
                         if (insn & (1 << 5)) {
-                            tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
+                            /*
+                             * Adding 0x80000000 to the 64-bit quantity
+                             * means that we have carry in to the high
+                             * word when the low word has the high bit set.
+                             */
+                            tcg_gen_shri_i32(tmp2, tmp2, 31);
+                            tcg_gen_add_i32(tmp, tmp, tmp2);
                         }
-                        tcg_gen_shri_i64(tmp64, tmp64, 32);
-                        tmp = tcg_temp_new_i32();
-                        tcg_gen_extrl_i64_i32(tmp, tmp64);
-                        tcg_temp_free_i64(tmp64);
+                        tcg_temp_free_i32(tmp2);
                         store_reg(s, rn, tmp);
                         break;
                     case 0:
@@ -XXX,XX +XXX,XX @@ static void disas_thumb2_insn(DisasContext *s, uint32_t insn)
                   }
                 break;
             case 5: case 6: /* 32 * 32 -> 32msb (SMMUL, SMMLA, SMMLS) */
-                tmp64 = gen_muls_i64_i32(tmp, tmp2);
+                tcg_gen_muls2_i32(tmp2, tmp, tmp, tmp2);
                 if (rs != 15) {
-                    tmp = load_reg(s, rs);
+                    tmp3 = load_reg(s, rs);
                     if (insn & (1 << 20)) {
-                        tmp64 = gen_addq_msw(tmp64, tmp);
+                        tcg_gen_add_i32(tmp, tmp, tmp3);
                     } else {
-                        tmp64 = gen_subq_msw(tmp64, tmp);
+                        tcg_gen_sub_i32(tmp, tmp, tmp3);
                     }
+                    tcg_temp_free_i32(tmp3);
                 }
                 if (insn & (1 << 4)) {
-                    tcg_gen_addi_i64(tmp64, tmp64, 0x80000000u);
+                    /*
+                     * Adding 0x80000000 to the 64-bit quantity
+                     * means that we have carry in to the high
+                     * word when the low word has the high bit set.
+                     */
+                    tcg_gen_shri_i32(tmp2, tmp2, 31);
+                    tcg_gen_add_i32(tmp, tmp, tmp2);
                 }
-                tcg_gen_shri_i64(tmp64, tmp64, 32);
-                tmp = tcg_temp_new_i32();
-                tcg_gen_extrl_i64_i32(tmp, tmp64);
-                tcg_temp_free_i64(tmp64);
+                tcg_temp_free_i32(tmp2);
                 break;
             case 7: /* Unsigned sum of absolute differences.  */
                 gen_helper_usad8(tmp, tmp, tmp2);
-- 
2.20.1

From: Richard Henderson <richard.henderson@linaro.org>

Separate shift + extract low will result in one extra insn
for hosts like RISC-V, MIPS, and Sparc.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20190808202616.13782-8-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/translate.c | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -XXX,XX +XXX,XX @@ static int disas_iwmmxt_insn(DisasContext *s, uint32_t insn)
             if (insn & ARM_CP_RW_BIT) {                         /* TMRRC */
                 iwmmxt_load_reg(cpu_V0, wrd);
                 tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
-                tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
-                tcg_gen_extrl_i64_i32(cpu_R[rdhi], cpu_V0);
+                tcg_gen_extrh_i64_i32(cpu_R[rdhi], cpu_V0);
             } else {                                    /* TMCRR */
                 tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
                 iwmmxt_store_reg(cpu_V0, wrd);
@@ -XXX,XX +XXX,XX @@ static int disas_dsp_insn(DisasContext *s, uint32_t insn)
         if (insn & ARM_CP_RW_BIT) {                     /* MRA */
             iwmmxt_load_reg(cpu_V0, acc);
             tcg_gen_extrl_i64_i32(cpu_R[rdlo], cpu_V0);
-            tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
-            tcg_gen_extrl_i64_i32(cpu_R[rdhi], cpu_V0);
+            tcg_gen_extrh_i64_i32(cpu_R[rdhi], cpu_V0);
             tcg_gen_andi_i32(cpu_R[rdhi], cpu_R[rdhi], (1 << (40 - 32)) - 1);
         } else {                                        /* MAR */
             tcg_gen_concat_i32_i64(cpu_V0, cpu_R[rdlo], cpu_R[rdhi]);
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
                                 gen_helper_neon_narrow_high_u16(tmp, cpu_V0);
                                 break;
                             case 2:
-                                tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
-                                tcg_gen_extrl_i64_i32(tmp, cpu_V0);
+                                tcg_gen_extrh_i64_i32(tmp, cpu_V0);
                                 break;
                             default: abort();
                             }
@@ -XXX,XX +XXX,XX @@ static int disas_neon_data_insn(DisasContext *s, uint32_t insn)
                                 break;
                             case 2:
                                 tcg_gen_addi_i64(cpu_V0, cpu_V0, 1u << 31);
-                                tcg_gen_shri_i64(cpu_V0, cpu_V0, 32);
-                                tcg_gen_extrl_i64_i32(tmp, cpu_V0);
+                                tcg_gen_extrh_i64_i32(tmp, cpu_V0);
                                 break;
                             default: abort();
                             }
@@ -XXX,XX +XXX,XX @@ static int disas_coproc_insn(DisasContext *s, uint32_t insn)
                 tmp = tcg_temp_new_i32();
                 tcg_gen_extrl_i64_i32(tmp, tmp64);
                 store_reg(s, rt, tmp);
-                tcg_gen_shri_i64(tmp64, tmp64, 32);
                 tmp = tcg_temp_new_i32();
-                tcg_gen_extrl_i64_i32(tmp, tmp64);
+                tcg_gen_extrh_i64_i32(tmp, tmp64);
                 tcg_temp_free_i64(tmp64);
                 store_reg(s, rt2, tmp);
             } else {
@@ -XXX,XX +XXX,XX @@ static void gen_storeq_reg(DisasContext *s, int rlow, int rhigh, TCGv_i64 val)
     tcg_gen_extrl_i64_i32(tmp, val);
     store_reg(s, rlow, tmp);
     tmp = tcg_temp_new_i32();
-    tcg_gen_shri_i64(val, val, 32);
-    tcg_gen_extrl_i64_i32(tmp, val);
+    tcg_gen_extrh_i64_i32(tmp, val);
     store_reg(s, rhigh, tmp);
 }
 
-- 
2.20.1