EVEX is really messy and the exact position of the fields is spread all
over the place. For now store the three data bytes of the prefix in
DisasContext, later the EVEX instruction classes for APX will be added
to extract_evex_params and validate_vex.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/translate.c | 8 +++-
target/i386/tcg/decode-new.c.inc | 80 ++++++++++++++++++++++++++++++--
2 files changed, 81 insertions(+), 7 deletions(-)
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 9bf4a1fd516..a74d9b0436e 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -51,6 +51,7 @@
#define PREFIX_VEX 0x20
#define PREFIX_REX 0x40
#define PREFIX_REX2 0x80
+#define PREFIX_EVEX 0x100
#ifdef TARGET_X86_64
# define ctztl ctz64
@@ -93,8 +94,8 @@ typedef struct DisasContext {
MemOp aflag;
MemOp dflag;
+ uint16_t prefix;
int8_t override; /* -1 if no override, else R_CS, R_DS, etc */
- uint8_t prefix;
bool has_modrm;
uint8_t modrm;
@@ -114,6 +115,9 @@ typedef struct DisasContext {
uint8_t rex_x;
uint8_t rex_b;
#endif
+ uint8_t evex2;
+ uint8_t evex3;
+ uint8_t evex4;
bool vex_w; /* used by AVX even on 32-bit processors */
bool jmp_opt; /* use direct block chaining for direct jumps */
bool cc_op_dirty;
@@ -210,7 +214,7 @@ typedef struct DisasContext {
#endif
#ifdef TARGET_X86_64
-#define REX_PREFIX(S) (((S)->prefix & (PREFIX_REX | PREFIX_REX2 | PREFIX_VEX)) != 0)
+#define REX_PREFIX(S) (((S)->prefix & (PREFIX_REX | PREFIX_REX2 | PREFIX_VEX | PREFIX_EVEX)) != 0)
#define REX_W(S) ((S)->vex_w)
#define REX_R(S) ((S)->rex_r + 0)
#define REX_X(S) ((S)->rex_x + 0)
diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc
index b7988c64f86..c14a07be5ff 100644
--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@@ -2046,6 +2046,11 @@ static void decode_REX2_map1(DisasContext *s, CPUX86State *env, X86OpEntry *entr
};
decode_REX2(s, env, entry, b, opcode_rex2_map1);
}
+
+static void decode_EVEX_map4(DisasContext *s, CPUX86State *env, X86OpEntry *entry, uint8_t *b)
+{
+ *entry = UNKNOWN_OPCODE;
+}
#endif
#undef mmx
@@ -2073,8 +2078,7 @@ static int reg_nb_mask(DisasContext *s, int unit)
case X86_OP_MMX:
return 7;
case X86_OP_SSE:
- return 15;
- break;
+ return s->prefix & PREFIX_EVEX ? 31 : 15;
default:
return 31;
break;
@@ -2592,6 +2596,15 @@ static bool decode_insn(DisasContext *s, CPUX86State *env, X86DecodeFunc decode_
return true;
}
+static bool extract_evex_params(DisasContext *s, X86DecodedInsn *decode)
+{
+ /*
+ * Here, the position of RXB and (for AVX512) displacement multiplier
+ * should be known.
+ */
+ g_assert_not_reached();
+}
+
static bool decode_ops(DisasContext *s, CPUX86State *env, X86DecodeFunc decode_func,
X86DecodedInsn *decode)
{
@@ -2730,6 +2743,9 @@ static bool validate_vex(DisasContext *s, X86DecodedInsn *decode)
s->vex_ndd = true;
}
}
+ if ((s->prefix & PREFIX_EVEX) && !extract_evex_params(s, decode)) {
+ goto illegal;
+ }
switch (e->vex_special) {
case X86_VEX_None:
@@ -2873,6 +2889,10 @@ static inline uint8_t collapse_two_bits(uint8_t value, uint8_t mask)
return value + (value > low ? tweak : 0);
}
+static const int pp_prefix[4] = {
+ 0, PREFIX_DATA, PREFIX_REPZ, PREFIX_REPNZ
+};
+
/*
* Convert one instruction. s->base.is_jmp is set if the translation must
* be stopped.
@@ -2898,6 +2918,9 @@ static void disas_insn(DisasContext *s, CPUState *cpu)
s->vex_v = 0;
s->vex_w = false;
s->vex_ndd = false;
+ s->evex2 = 0;
+ s->evex3 = 0;
+ s->evex4 = 0;
s->has_modrm = false;
s->prefix = 0;
@@ -2973,6 +2996,56 @@ static void disas_insn(DisasContext *s, CPUState *cpu)
}
break;
#endif
+ case 0x62: /* EVEX */
+ if (CODE32(s) && !VM86(s)) {
+ int evex2 = x86_ldub_code(env, s);
+
+ if (!CODE64(s) && (evex2 & 0xc0) != 0xc0) {
+ s->pc--; /* rewind the advance_pc() x86_ldub_code() did */
+ break;
+ }
+ if (s->prefix & (PREFIX_REPZ | PREFIX_REPNZ
+ | PREFIX_LOCK | PREFIX_DATA)) {
+ goto illegal_op;
+ }
+ /*
+ * Store them because the exact correspondence between EVEX
+ * and RXB bits is only known later. It's different for APX,
+ * AVX512 register operands, and AVX512 VSIB index operands.
+ */
+ s->evex2 = evex2;
+ s->evex3 = x86_ldub_code(env, s);
+ s->evex4 = x86_ldub_code(env, s);
+ s->vex_w = (s->evex3 >> 7) & 1;
+ s->vex_l = (s->evex4 >> 5) & 3;
+ s->prefix |= pp_prefix[s->evex3 & 3] | PREFIX_EVEX;
+ switch (evex2 & 7) {
+ case 0x01:
+ /*
+ * Note: actually uses VEX map1, to which AVX512 adds extra
+ * instructions encoded with VEX.L=1. Of these, KMOV*
+ * has an APX extension too.
+ */
+ decode_func = decode_0F;
+ break;
+ case 0x02:
+ decode_func = decode_0F38;
+ break;
+ case 0x03:
+ decode_func = decode_0F3A;
+ break;
+ case 0x04:
+#ifdef TARGET_X86_64
+ decode_func = decode_EVEX_map4;
+ break;
+#else
+ goto illegal_op;
+#endif
+ default: /* Reserved for future use. */
+ goto unknown_op;
+ }
+ }
+ break;
case 0xc5: /* 2-byte VEX */
case 0xc4: /* 3-byte VEX */
/*
@@ -2980,9 +3053,6 @@ static void disas_insn(DisasContext *s, CPUState *cpu)
* Otherwise the instruction is LES or LDS. Not allowed in real mode.
*/
if (PE(s) && !VM86(s)) {
- static const int pp_prefix[4] = {
- 0, PREFIX_DATA, PREFIX_REPZ, PREFIX_REPNZ
- };
int vex3, vex2 = x86_ldub_code(env, s);
if (!CODE64(s) && (vex2 & 0xc0) != 0xc0) {
--
2.52.0