search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Adjust ppc set_AV_CR6 computation to help Memcheck instrumentation.
[valgrind.git] / VEX / priv / guest_amd64_toIR.c
blob2cabf80c9fe9244b56b88d7f3ef395b6a26b2f68
1
2 /*--------------------------------------------------------------------*/
3 /*--- begin guest_amd64_toIR.c ---*/
4 /*--------------------------------------------------------------------*/
5
6 /*
7 This file is part of Valgrind, a dynamic binary instrumentation
8 framework.
9
10 Copyright (C) 2004-2017 OpenWorks LLP
11 info@open-works.net
12
13 This program is free software; you can redistribute it and/or
14 modify it under the terms of the GNU General Public License as
15 published by the Free Software Foundation; either version 2 of the
16 License, or (at your option) any later version.
17
18 This program is distributed in the hope that it will be useful, but
19 WITHOUT ANY WARRANTY; without even the implied warranty of
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 General Public License for more details.
22
23 You should have received a copy of the GNU General Public License
24 along with this program; if not, write to the Free Software
25 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26 02110-1301, USA.
27
28 The GNU General Public License is contained in the file COPYING.
29
30 Neither the names of the U.S. Department of Energy nor the
31 University of California nor the names of its contributors may be
32 used to endorse or promote products derived from this software
33 without prior written permission.
34 */
35
36 /* Translates AMD64 code to IR. */
37
38 /* TODO:
39
40 All Puts to CC_OP/CC_DEP1/CC_DEP2/CC_NDEP should really be checked
41 to ensure a 64-bit value is being written.
42
43 x87 FP Limitations:
44
45 * all arithmetic done at 64 bits
46
47 * no FP exceptions, except for handling stack over/underflow
48
49 * FP rounding mode observed only for float->int conversions and
50 int->float conversions which could lose accuracy, and for
51 float-to-float rounding. For all other operations,
52 round-to-nearest is used, regardless.
53
54 * some of the FCOM cases could do with testing -- not convinced
55 that the args are the right way round.
56
57 * FSAVE does not re-initialise the FPU; it should do
58
59 * FINIT not only initialises the FPU environment, it also zeroes
60 all the FP registers. It should leave the registers unchanged.
61
62 SAHF should cause eflags[1] == 1, and in fact it produces 0. As
63 per Intel docs this bit has no meaning anyway. Since PUSHF is the
64 only way to observe eflags[1], a proper fix would be to make that
65 bit be set by PUSHF.
66
67 This module uses global variables and so is not MT-safe (if that
68 should ever become relevant).
69 */
70
71 /* Notes re address size overrides (0x67).
72
73 According to the AMD documentation (24594 Rev 3.09, Sept 2003,
74 "AMD64 Architecture Programmer's Manual Volume 3: General-Purpose
75 and System Instructions"), Section 1.2.3 ("Address-Size Override
76 Prefix"):
77
78 0x67 applies to all explicit memory references, causing the top
79 32 bits of the effective address to become zero.
80
81 0x67 has no effect on stack references (push/pop); these always
82 use a 64-bit address.
83
84 0x67 changes the interpretation of instructions which implicitly
85 reference RCX/RSI/RDI, so that in fact ECX/ESI/EDI are used
86 instead. These are:
87
88 cmp{s,sb,sw,sd,sq}
89 in{s,sb,sw,sd}
90 jcxz, jecxz, jrcxz
91 lod{s,sb,sw,sd,sq}
92 loop{,e,bz,be,z}
93 mov{s,sb,sw,sd,sq}
94 out{s,sb,sw,sd}
95 rep{,e,ne,nz}
96 sca{s,sb,sw,sd,sq}
97 sto{s,sb,sw,sd,sq}
98 xlat{,b} */
99
100 /* "Special" instructions.
101
102 This instruction decoder can decode three special instructions
103 which mean nothing natively (are no-ops as far as regs/mem are
104 concerned) but have meaning for supporting Valgrind. A special
105 instruction is flagged by the 16-byte preamble 48C1C703 48C1C70D
106 48C1C73D 48C1C733 (in the standard interpretation, that means: rolq
107 $3, %rdi; rolq $13, %rdi; rolq $61, %rdi; rolq $51, %rdi).
108 Following that, one of the following 3 are allowed (standard
109 interpretation in parentheses):
110
111 4887DB (xchgq %rbx,%rbx) %RDX = client_request ( %RAX )
112 4887C9 (xchgq %rcx,%rcx) %RAX = guest_NRADDR
113 4887D2 (xchgq %rdx,%rdx) call-noredir *%RAX
114 4887F6 (xchgq %rdi,%rdi) IR injection
115
116 Any other bytes following the 16-byte preamble are illegal and
117 constitute a failure in instruction decoding. This all assumes
118 that the preamble will never occur except in specific code
119 fragments designed for Valgrind to catch.
120
121 No prefixes may precede a "Special" instruction.
122 */
123
124 /* casLE (implementation of lock-prefixed insns) and rep-prefixed
125 insns: the side-exit back to the start of the insn is done with
126 Ijk_Boring. This is quite wrong, it should be done with
127 Ijk_NoRedir, since otherwise the side exit, which is intended to
128 restart the instruction for whatever reason, could go somewhere
129 entirely else. Doing it right (with Ijk_NoRedir jumps) would make
130 no-redir jumps performance critical, at least for rep-prefixed
131 instructions, since all iterations thereof would involve such a
132 jump. It's not such a big deal with casLE since the side exit is
133 only taken if the CAS fails, that is, the location is contended,
134 which is relatively unlikely.
135
136 Note also, the test for CAS success vs failure is done using
137 Iop_CasCmp{EQ,NE}{8,16,32,64} rather than the ordinary
138 Iop_Cmp{EQ,NE} equivalents. This is so as to tell Memcheck that it
139 shouldn't definedness-check these comparisons. See
140 COMMENT_ON_CasCmpEQ in memcheck/mc_translate.c for
141 background/rationale.
142 */
143
144 /* LOCK prefixed instructions. These are translated using IR-level
145 CAS statements (IRCAS) and are believed to preserve atomicity, even
146 from the point of view of some other process racing against a
147 simulated one (presumably they communicate via a shared memory
148 segment).
149
150 Handlers which are aware of LOCK prefixes are:
151 dis_op2_G_E (add, or, adc, sbb, and, sub, xor)
152 dis_cmpxchg_G_E (cmpxchg)
153 dis_Grp1 (add, or, adc, sbb, and, sub, xor)
154 dis_Grp3 (not, neg)
155 dis_Grp4 (inc, dec)
156 dis_Grp5 (inc, dec)
157 dis_Grp8_Imm (bts, btc, btr)
158 dis_bt_G_E (bts, btc, btr)
159 dis_xadd_G_E (xadd)
160 */
161
162
163 #include "libvex_basictypes.h"
164 #include "libvex_ir.h"
165 #include "libvex.h"
166 #include "libvex_guest_amd64.h"
167
168 #include "main_util.h"
169 #include "main_globals.h"
170 #include "guest_generic_bb_to_IR.h"
171 #include "guest_generic_x87.h"
172 #include "guest_amd64_defs.h"
173
174
175 /*------------------------------------------------------------*/
176 /*--- Globals ---*/
177 /*------------------------------------------------------------*/
178
179 /* These are set at the start of the translation of an insn, right
180 down in disInstr_AMD64, so that we don't have to pass them around
181 endlessly. They are all constant during the translation of any
182 given insn. */
183
184 /* These are set at the start of the translation of a BB, so
185 that we don't have to pass them around endlessly. */
186
187 /* We need to know this to do sub-register accesses correctly. */
188 static VexEndness host_endness;
189
190 /* Pointer to the guest code area (points to start of BB, not to the
191 insn being processed). */
192 static const UChar* guest_code;
193
194 /* The guest address corresponding to guest_code[0]. */
195 static Addr64 guest_RIP_bbstart;
196
197 /* The guest address for the instruction currently being
198 translated. */
199 static Addr64 guest_RIP_curr_instr;
200
201 /* The IRSB* into which we're generating code. */
202 static IRSB* irsb;
203
204 /* For ensuring that %rip-relative addressing is done right. A read
205 of %rip generates the address of the next instruction. It may be
206 that we don't conveniently know that inside disAMode(). For sanity
207 checking, if the next insn %rip is needed, we make a guess at what
208 it is, record that guess here, and set the accompanying Bool to
209 indicate that -- after this insn's decode is finished -- that guess
210 needs to be checked. */
211
212 /* At the start of each insn decode, is set to (0, False).
213 After the decode, if _mustcheck is now True, _assumed is
214 checked. */
215
216 static Addr64 guest_RIP_next_assumed;
217 static Bool guest_RIP_next_mustcheck;
218
219
220 /*------------------------------------------------------------*/
221 /*--- Helpers for constructing IR. ---*/
222 /*------------------------------------------------------------*/
223
224 /* Generate a new temporary of the given type. */
225 static IRTemp newTemp ( IRType ty )
226 {
227 vassert(isPlausibleIRType(ty));
228 return newIRTemp( irsb->tyenv, ty );
229 }
230
231 /* Add a statement to the list held by "irsb". */
232 static void stmt ( IRStmt* st )
233 {
234 addStmtToIRSB( irsb, st );
235 }
236
237 /* Generate a statement "dst := e". */
238 static void assign ( IRTemp dst, IRExpr* e )
239 {
240 stmt( IRStmt_WrTmp(dst, e) );
241 }
242
243 static IRExpr* unop ( IROp op, IRExpr* a )
244 {
245 return IRExpr_Unop(op, a);
246 }
247
248 static IRExpr* binop ( IROp op, IRExpr* a1, IRExpr* a2 )
249 {
250 return IRExpr_Binop(op, a1, a2);
251 }
252
253 static IRExpr* triop ( IROp op, IRExpr* a1, IRExpr* a2, IRExpr* a3 )
254 {
255 return IRExpr_Triop(op, a1, a2, a3);
256 }
257
258 static IRExpr* mkexpr ( IRTemp tmp )
259 {
260 return IRExpr_RdTmp(tmp);
261 }
262
263 static IRExpr* mkU8 ( ULong i )
264 {
265 vassert(i < 256);
266 return IRExpr_Const(IRConst_U8( (UChar)i ));
267 }
268
269 static IRExpr* mkU16 ( ULong i )
270 {
271 vassert(i < 0x10000ULL);
272 return IRExpr_Const(IRConst_U16( (UShort)i ));
273 }
274
275 static IRExpr* mkU32 ( ULong i )
276 {
277 vassert(i < 0x100000000ULL);
278 return IRExpr_Const(IRConst_U32( (UInt)i ));
279 }
280
281 static IRExpr* mkU64 ( ULong i )
282 {
283 return IRExpr_Const(IRConst_U64(i));
284 }
285
286 static IRExpr* mkU ( IRType ty, ULong i )
287 {
288 switch (ty) {
289 case Ity_I8: return mkU8(i);
290 case Ity_I16: return mkU16(i);
291 case Ity_I32: return mkU32(i);
292 case Ity_I64: return mkU64(i);
293 default: vpanic("mkU(amd64)");
294 }
295 }
296
297 static void storeLE ( IRExpr* addr, IRExpr* data )
298 {
299 stmt( IRStmt_Store(Iend_LE, addr, data) );
300 }
301
302 static IRExpr* loadLE ( IRType ty, IRExpr* addr )
303 {
304 return IRExpr_Load(Iend_LE, ty, addr);
305 }
306
307 static IROp mkSizedOp ( IRType ty, IROp op8 )
308 {
309 vassert(op8 == Iop_Add8 || op8 == Iop_Sub8
310 || op8 == Iop_Mul8
311 || op8 == Iop_Or8 || op8 == Iop_And8 || op8 == Iop_Xor8
312 || op8 == Iop_Shl8 || op8 == Iop_Shr8 || op8 == Iop_Sar8
313 || op8 == Iop_CmpEQ8 || op8 == Iop_CmpNE8
314 || op8 == Iop_CasCmpNE8
315 || op8 == Iop_Not8 );
316 switch (ty) {
317 case Ity_I8: return 0 +op8;
318 case Ity_I16: return 1 +op8;
319 case Ity_I32: return 2 +op8;
320 case Ity_I64: return 3 +op8;
321 default: vpanic("mkSizedOp(amd64)");
322 }
323 }
324
325 static
326 IRExpr* doScalarWidening ( Int szSmall, Int szBig, Bool signd, IRExpr* src )
327 {
328 if (szSmall == 1 && szBig == 4) {
329 return unop(signd ? Iop_8Sto32 : Iop_8Uto32, src);
330 }
331 if (szSmall == 1 && szBig == 2) {
332 return unop(signd ? Iop_8Sto16 : Iop_8Uto16, src);
333 }
334 if (szSmall == 2 && szBig == 4) {
335 return unop(signd ? Iop_16Sto32 : Iop_16Uto32, src);
336 }
337 if (szSmall == 1 && szBig == 8 && !signd) {
338 return unop(Iop_8Uto64, src);
339 }
340 if (szSmall == 1 && szBig == 8 && signd) {
341 return unop(Iop_8Sto64, src);
342 }
343 if (szSmall == 2 && szBig == 8 && !signd) {
344 return unop(Iop_16Uto64, src);
345 }
346 if (szSmall == 2 && szBig == 8 && signd) {
347 return unop(Iop_16Sto64, src);
348 }
349 vpanic("doScalarWidening(amd64)");
350 }
351
352 static
353 void putGuarded ( Int gstOffB, IRExpr* guard, IRExpr* value )
354 {
355 IRType ty = typeOfIRExpr(irsb->tyenv, value);
356 stmt( IRStmt_Put(gstOffB,
357 IRExpr_ITE(guard, value, IRExpr_Get(gstOffB, ty))) );
358 }
359
360
361 /*------------------------------------------------------------*/
362 /*--- Debugging output ---*/
363 /*------------------------------------------------------------*/
364
365 /* Bomb out if we can't handle something. */
366 __attribute__ ((noreturn))
367 static void unimplemented ( const HChar* str )
368 {
369 vex_printf("amd64toIR: unimplemented feature\n");
370 vpanic(str);
371 }
372
373 #define DIP(format, args...) \
374 if (vex_traceflags & VEX_TRACE_FE) \
375 vex_printf(format, ## args)
376
377 #define DIS(buf, format, args...) \
378 if (vex_traceflags & VEX_TRACE_FE) \
379 vex_sprintf(buf, format, ## args)
380
381
382 /*------------------------------------------------------------*/
383 /*--- Offsets of various parts of the amd64 guest state. ---*/
384 /*------------------------------------------------------------*/
385
386 #define OFFB_RAX offsetof(VexGuestAMD64State,guest_RAX)
387 #define OFFB_RBX offsetof(VexGuestAMD64State,guest_RBX)
388 #define OFFB_RCX offsetof(VexGuestAMD64State,guest_RCX)
389 #define OFFB_RDX offsetof(VexGuestAMD64State,guest_RDX)
390 #define OFFB_RSP offsetof(VexGuestAMD64State,guest_RSP)
391 #define OFFB_RBP offsetof(VexGuestAMD64State,guest_RBP)
392 #define OFFB_RSI offsetof(VexGuestAMD64State,guest_RSI)
393 #define OFFB_RDI offsetof(VexGuestAMD64State,guest_RDI)
394 #define OFFB_R8 offsetof(VexGuestAMD64State,guest_R8)
395 #define OFFB_R9 offsetof(VexGuestAMD64State,guest_R9)
396 #define OFFB_R10 offsetof(VexGuestAMD64State,guest_R10)
397 #define OFFB_R11 offsetof(VexGuestAMD64State,guest_R11)
398 #define OFFB_R12 offsetof(VexGuestAMD64State,guest_R12)
399 #define OFFB_R13 offsetof(VexGuestAMD64State,guest_R13)
400 #define OFFB_R14 offsetof(VexGuestAMD64State,guest_R14)
401 #define OFFB_R15 offsetof(VexGuestAMD64State,guest_R15)
402
403 #define OFFB_RIP offsetof(VexGuestAMD64State,guest_RIP)
404
405 #define OFFB_FS_CONST offsetof(VexGuestAMD64State,guest_FS_CONST)
406 #define OFFB_GS_CONST offsetof(VexGuestAMD64State,guest_GS_CONST)
407
408 #define OFFB_CC_OP offsetof(VexGuestAMD64State,guest_CC_OP)
409 #define OFFB_CC_DEP1 offsetof(VexGuestAMD64State,guest_CC_DEP1)
410 #define OFFB_CC_DEP2 offsetof(VexGuestAMD64State,guest_CC_DEP2)
411 #define OFFB_CC_NDEP offsetof(VexGuestAMD64State,guest_CC_NDEP)
412
413 #define OFFB_FPREGS offsetof(VexGuestAMD64State,guest_FPREG[0])
414 #define OFFB_FPTAGS offsetof(VexGuestAMD64State,guest_FPTAG[0])
415 #define OFFB_DFLAG offsetof(VexGuestAMD64State,guest_DFLAG)
416 #define OFFB_ACFLAG offsetof(VexGuestAMD64State,guest_ACFLAG)
417 #define OFFB_IDFLAG offsetof(VexGuestAMD64State,guest_IDFLAG)
418 #define OFFB_FTOP offsetof(VexGuestAMD64State,guest_FTOP)
419 #define OFFB_FC3210 offsetof(VexGuestAMD64State,guest_FC3210)
420 #define OFFB_FPROUND offsetof(VexGuestAMD64State,guest_FPROUND)
421
422 #define OFFB_SSEROUND offsetof(VexGuestAMD64State,guest_SSEROUND)
423 #define OFFB_YMM0 offsetof(VexGuestAMD64State,guest_YMM0)
424 #define OFFB_YMM1 offsetof(VexGuestAMD64State,guest_YMM1)
425 #define OFFB_YMM2 offsetof(VexGuestAMD64State,guest_YMM2)
426 #define OFFB_YMM3 offsetof(VexGuestAMD64State,guest_YMM3)
427 #define OFFB_YMM4 offsetof(VexGuestAMD64State,guest_YMM4)
428 #define OFFB_YMM5 offsetof(VexGuestAMD64State,guest_YMM5)
429 #define OFFB_YMM6 offsetof(VexGuestAMD64State,guest_YMM6)
430 #define OFFB_YMM7 offsetof(VexGuestAMD64State,guest_YMM7)
431 #define OFFB_YMM8 offsetof(VexGuestAMD64State,guest_YMM8)
432 #define OFFB_YMM9 offsetof(VexGuestAMD64State,guest_YMM9)
433 #define OFFB_YMM10 offsetof(VexGuestAMD64State,guest_YMM10)
434 #define OFFB_YMM11 offsetof(VexGuestAMD64State,guest_YMM11)
435 #define OFFB_YMM12 offsetof(VexGuestAMD64State,guest_YMM12)
436 #define OFFB_YMM13 offsetof(VexGuestAMD64State,guest_YMM13)
437 #define OFFB_YMM14 offsetof(VexGuestAMD64State,guest_YMM14)
438 #define OFFB_YMM15 offsetof(VexGuestAMD64State,guest_YMM15)
439 #define OFFB_YMM16 offsetof(VexGuestAMD64State,guest_YMM16)
440
441 #define OFFB_EMNOTE offsetof(VexGuestAMD64State,guest_EMNOTE)
442 #define OFFB_CMSTART offsetof(VexGuestAMD64State,guest_CMSTART)
443 #define OFFB_CMLEN offsetof(VexGuestAMD64State,guest_CMLEN)
444
445 #define OFFB_NRADDR offsetof(VexGuestAMD64State,guest_NRADDR)
446
447
448 /*------------------------------------------------------------*/
449 /*--- Helper bits and pieces for deconstructing the ---*/
450 /*--- amd64 insn stream. ---*/
451 /*------------------------------------------------------------*/
452
453 /* This is the AMD64 register encoding -- integer regs. */
454 #define R_RAX 0
455 #define R_RCX 1
456 #define R_RDX 2
457 #define R_RBX 3
458 #define R_RSP 4
459 #define R_RBP 5
460 #define R_RSI 6
461 #define R_RDI 7
462 #define R_R8 8
463 #define R_R9 9
464 #define R_R10 10
465 #define R_R11 11
466 #define R_R12 12
467 #define R_R13 13
468 #define R_R14 14
469 #define R_R15 15
470
471 /* This is the Intel register encoding -- segment regs. */
472 #define R_ES 0
473 #define R_CS 1
474 #define R_SS 2
475 #define R_DS 3
476 #define R_FS 4
477 #define R_GS 5
478
479
480 /* Various simple conversions */
481
482 static ULong extend_s_8to64 ( UChar x )
483 {
484 return (ULong)((Long)(((ULong)x) << 56) >> 56);
485 }
486
487 static ULong extend_s_16to64 ( UShort x )
488 {
489 return (ULong)((Long)(((ULong)x) << 48) >> 48);
490 }
491
492 static ULong extend_s_32to64 ( UInt x )
493 {
494 return (ULong)((Long)(((ULong)x) << 32) >> 32);
495 }
496
497 /* Figure out whether the mod and rm parts of a modRM byte refer to a
498 register or memory. If so, the byte will have the form 11XXXYYY,
499 where YYY is the register number. */
500 inline
501 static Bool epartIsReg ( UChar mod_reg_rm )
502 {
503 return toBool(0xC0 == (mod_reg_rm & 0xC0));
504 }
505
506 /* Extract the 'g' field from a modRM byte. This only produces 3
507 bits, which is not a complete register number. You should avoid
508 this function if at all possible. */
509 inline
510 static Int gregLO3ofRM ( UChar mod_reg_rm )
511 {
512 return (Int)( (mod_reg_rm >> 3) & 7 );
513 }
514
515 /* Ditto the 'e' field of a modRM byte. */
516 inline
517 static Int eregLO3ofRM ( UChar mod_reg_rm )
518 {
519 return (Int)(mod_reg_rm & 0x7);
520 }
521
522 /* Get a 8/16/32-bit unsigned value out of the insn stream. */
523
524 static inline UChar getUChar ( Long delta )
525 {
526 UChar v = guest_code[delta+0];
527 return v;
528 }
529
530 static UInt getUDisp16 ( Long delta )
531 {
532 UInt v = guest_code[delta+1]; v <<= 8;
533 v |= guest_code[delta+0];
534 return v & 0xFFFF;
535 }
536
537 //.. static UInt getUDisp ( Int size, Long delta )
538 //.. {
539 //.. switch (size) {
540 //.. case 4: return getUDisp32(delta);
541 //.. case 2: return getUDisp16(delta);
542 //.. case 1: return getUChar(delta);
543 //.. default: vpanic("getUDisp(x86)");
544 //.. }
545 //.. return 0; /*notreached*/
546 //.. }
547
548
549 /* Get a byte value out of the insn stream and sign-extend to 64
550 bits. */
551 static Long getSDisp8 ( Long delta )
552 {
553 return extend_s_8to64( guest_code[delta] );
554 }
555
556 /* Get a 16-bit value out of the insn stream and sign-extend to 64
557 bits. */
558 static Long getSDisp16 ( Long delta )
559 {
560 UInt v = guest_code[delta+1]; v <<= 8;
561 v |= guest_code[delta+0];
562 return extend_s_16to64( (UShort)v );
563 }
564
565 /* Get a 32-bit value out of the insn stream and sign-extend to 64
566 bits. */
567 static Long getSDisp32 ( Long delta )
568 {
569 UInt v = guest_code[delta+3]; v <<= 8;
570 v |= guest_code[delta+2]; v <<= 8;
571 v |= guest_code[delta+1]; v <<= 8;
572 v |= guest_code[delta+0];
573 return extend_s_32to64( v );
574 }
575
576 /* Get a 64-bit value out of the insn stream. */
577 static Long getDisp64 ( Long delta )
578 {
579 ULong v = 0;
580 v |= guest_code[delta+7]; v <<= 8;
581 v |= guest_code[delta+6]; v <<= 8;
582 v |= guest_code[delta+5]; v <<= 8;
583 v |= guest_code[delta+4]; v <<= 8;
584 v |= guest_code[delta+3]; v <<= 8;
585 v |= guest_code[delta+2]; v <<= 8;
586 v |= guest_code[delta+1]; v <<= 8;
587 v |= guest_code[delta+0];
588 return v;
589 }
590
591 /* Note: because AMD64 doesn't allow 64-bit literals, it is an error
592 if this is called with size==8. Should not happen. */
593 static Long getSDisp ( Int size, Long delta )
594 {
595 switch (size) {
596 case 4: return getSDisp32(delta);
597 case 2: return getSDisp16(delta);
598 case 1: return getSDisp8(delta);
599 default: vpanic("getSDisp(amd64)");
600 }
601 }
602
603 static ULong mkSizeMask ( Int sz )
604 {
605 switch (sz) {
606 case 1: return 0x00000000000000FFULL;
607 case 2: return 0x000000000000FFFFULL;
608 case 4: return 0x00000000FFFFFFFFULL;
609 case 8: return 0xFFFFFFFFFFFFFFFFULL;
610 default: vpanic("mkSzMask(amd64)");
611 }
612 }
613
614 static Int imin ( Int a, Int b )
615 {
616 return (a < b) ? a : b;
617 }
618
619 static IRType szToITy ( Int n )
620 {
621 switch (n) {
622 case 1: return Ity_I8;
623 case 2: return Ity_I16;
624 case 4: return Ity_I32;
625 case 8: return Ity_I64;
626 default: vex_printf("\nszToITy(%d)\n", n);
627 vpanic("szToITy(amd64)");
628 }
629 }
630
631
632 /*------------------------------------------------------------*/
633 /*--- For dealing with prefixes. ---*/
634 /*------------------------------------------------------------*/
635
636 /* The idea is to pass around an int holding a bitmask summarising
637 info from the prefixes seen on the current instruction, including
638 info from the REX byte. This info is used in various places, but
639 most especially when making sense of register fields in
640 instructions.
641
642 The top 8 bits of the prefix are 0x55, just as a hacky way to
643 ensure it really is a valid prefix.
644
645 Things you can safely assume about a well-formed prefix:
646 * at most one segment-override bit (CS,DS,ES,FS,GS,SS) is set.
647 * if REX is not present then REXW,REXR,REXX,REXB will read
648 as zero.
649 * F2 and F3 will not both be 1.
650 */
651
652 typedef UInt Prefix;
653
654 #define PFX_ASO (1<<0) /* address-size override present (0x67) */
655 #define PFX_66 (1<<1) /* operand-size override-to-16 present (0x66) */
656 #define PFX_REX (1<<2) /* REX byte present (0x40 to 0x4F) */
657 #define PFX_REXW (1<<3) /* REX W bit, if REX present, else 0 */
658 #define PFX_REXR (1<<4) /* REX R bit, if REX present, else 0 */
659 #define PFX_REXX (1<<5) /* REX X bit, if REX present, else 0 */
660 #define PFX_REXB (1<<6) /* REX B bit, if REX present, else 0 */
661 #define PFX_LOCK (1<<7) /* bus LOCK prefix present (0xF0) */
662 #define PFX_F2 (1<<8) /* REP/REPE/REPZ prefix present (0xF2) */
663 #define PFX_F3 (1<<9) /* REPNE/REPNZ prefix present (0xF3) */
664 #define PFX_CS (1<<10) /* CS segment prefix present (0x2E) */
665 #define PFX_DS (1<<11) /* DS segment prefix present (0x3E) */
666 #define PFX_ES (1<<12) /* ES segment prefix present (0x26) */
667 #define PFX_FS (1<<13) /* FS segment prefix present (0x64) */
668 #define PFX_GS (1<<14) /* GS segment prefix present (0x65) */
669 #define PFX_SS (1<<15) /* SS segment prefix present (0x36) */
670 #define PFX_VEX (1<<16) /* VEX prefix present (0xC4 or 0xC5) */
671 #define PFX_VEXL (1<<17) /* VEX L bit, if VEX present, else 0 */
672 /* The extra register field VEX.vvvv is encoded (after not-ing it) as
673 PFX_VEXnV3 .. PFX_VEXnV0, so these must occupy adjacent bit
674 positions. */
675 #define PFX_VEXnV0 (1<<18) /* ~VEX vvvv[0], if VEX present, else 0 */
676 #define PFX_VEXnV1 (1<<19) /* ~VEX vvvv[1], if VEX present, else 0 */
677 #define PFX_VEXnV2 (1<<20) /* ~VEX vvvv[2], if VEX present, else 0 */
678 #define PFX_VEXnV3 (1<<21) /* ~VEX vvvv[3], if VEX present, else 0 */
679
680
681 #define PFX_EMPTY 0x55000000
682
683 static Bool IS_VALID_PFX ( Prefix pfx ) {
684 return toBool((pfx & 0xFF000000) == PFX_EMPTY);
685 }
686
687 static Bool haveREX ( Prefix pfx ) {
688 return toBool(pfx & PFX_REX);
689 }
690
691 static Int getRexW ( Prefix pfx ) {
692 return (pfx & PFX_REXW) ? 1 : 0;
693 }
694 static Int getRexR ( Prefix pfx ) {
695 return (pfx & PFX_REXR) ? 1 : 0;
696 }
697 static Int getRexX ( Prefix pfx ) {
698 return (pfx & PFX_REXX) ? 1 : 0;
699 }
700 static Int getRexB ( Prefix pfx ) {
701 return (pfx & PFX_REXB) ? 1 : 0;
702 }
703
704 /* Check a prefix doesn't have F2 or F3 set in it, since usually that
705 completely changes what instruction it really is. */
706 static Bool haveF2orF3 ( Prefix pfx ) {
707 return toBool((pfx & (PFX_F2|PFX_F3)) > 0);
708 }
709 static Bool haveF2andF3 ( Prefix pfx ) {
710 return toBool((pfx & (PFX_F2|PFX_F3)) == (PFX_F2|PFX_F3));
711 }
712 static Bool haveF2 ( Prefix pfx ) {
713 return toBool((pfx & PFX_F2) > 0);
714 }
715 static Bool haveF3 ( Prefix pfx ) {
716 return toBool((pfx & PFX_F3) > 0);
717 }
718
719 static Bool have66 ( Prefix pfx ) {
720 return toBool((pfx & PFX_66) > 0);
721 }
722 static Bool haveASO ( Prefix pfx ) {
723 return toBool((pfx & PFX_ASO) > 0);
724 }
725 static Bool haveLOCK ( Prefix pfx ) {
726 return toBool((pfx & PFX_LOCK) > 0);
727 }
728
729 /* Return True iff pfx has 66 set and F2 and F3 clear */
730 static Bool have66noF2noF3 ( Prefix pfx )
731 {
732 return
733 toBool((pfx & (PFX_66|PFX_F2|PFX_F3)) == PFX_66);
734 }
735
736 /* Return True iff pfx has F2 set and 66 and F3 clear */
737 static Bool haveF2no66noF3 ( Prefix pfx )
738 {
739 return
740 toBool((pfx & (PFX_66|PFX_F2|PFX_F3)) == PFX_F2);
741 }
742
743 /* Return True iff pfx has F3 set and 66 and F2 clear */
744 static Bool haveF3no66noF2 ( Prefix pfx )
745 {
746 return
747 toBool((pfx & (PFX_66|PFX_F2|PFX_F3)) == PFX_F3);
748 }
749
750 /* Return True iff pfx has F3 set and F2 clear */
751 static Bool haveF3noF2 ( Prefix pfx )
752 {
753 return
754 toBool((pfx & (PFX_F2|PFX_F3)) == PFX_F3);
755 }
756
757 /* Return True iff pfx has F2 set and F3 clear */
758 static Bool haveF2noF3 ( Prefix pfx )
759 {
760 return
761 toBool((pfx & (PFX_F2|PFX_F3)) == PFX_F2);
762 }
763
764 /* Return True iff pfx has 66, F2 and F3 clear */
765 static Bool haveNo66noF2noF3 ( Prefix pfx )
766 {
767 return
768 toBool((pfx & (PFX_66|PFX_F2|PFX_F3)) == 0);
769 }
770
771 /* Return True iff pfx has any of 66, F2 and F3 set */
772 static Bool have66orF2orF3 ( Prefix pfx )
773 {
774 return toBool( ! haveNo66noF2noF3(pfx) );
775 }
776
777 /* Return True iff pfx has 66 or F3 set */
778 static Bool have66orF3 ( Prefix pfx )
779 {
780 return toBool((pfx & (PFX_66|PFX_F3)) > 0);
781 }
782
783 /* Clear all the segment-override bits in a prefix. */
784 static Prefix clearSegBits ( Prefix p )
785 {
786 return
787 p & ~(PFX_CS | PFX_DS | PFX_ES | PFX_FS | PFX_GS | PFX_SS);
788 }
789
790 /* Get the (inverted, hence back to "normal") VEX.vvvv field. */
791 static UInt getVexNvvvv ( Prefix pfx ) {
792 UInt r = (UInt)pfx;
793 r /= (UInt)PFX_VEXnV0; /* pray this turns into a shift */
794 return r & 0xF;
795 }
796
797 static Bool haveVEX ( Prefix pfx ) {
798 return toBool(pfx & PFX_VEX);
799 }
800
801 static Int getVexL ( Prefix pfx ) {
802 return (pfx & PFX_VEXL) ? 1 : 0;
803 }
804
805
806 /*------------------------------------------------------------*/
807 /*--- For dealing with escapes ---*/
808 /*------------------------------------------------------------*/
809
810
811 /* Escapes come after the prefixes, but before the primary opcode
812 byte. They escape the primary opcode byte into a bigger space.
813 The 0xF0000000 isn't significant, except so as to make it not
814 overlap valid Prefix values, for sanity checking.
815 */
816
817 typedef
818 enum {
819 ESC_NONE=0xF0000000, // none
820 ESC_0F, // 0F
821 ESC_0F38, // 0F 38
822 ESC_0F3A // 0F 3A
823 }
824 Escape;
825
826
827 /*------------------------------------------------------------*/
828 /*--- For dealing with integer registers ---*/
829 /*------------------------------------------------------------*/
830
831 /* This is somewhat complex. The rules are:
832
833 For 64, 32 and 16 bit register references, the e or g fields in the
834 modrm bytes supply the low 3 bits of the register number. The
835 fourth (most-significant) bit of the register number is supplied by
836 the REX byte, if it is present; else that bit is taken to be zero.
837
838 The REX.R bit supplies the high bit corresponding to the g register
839 field, and the REX.B bit supplies the high bit corresponding to the
840 e register field (when the mod part of modrm indicates that modrm's
841 e component refers to a register and not to memory).
842
843 The REX.X bit supplies a high register bit for certain registers
844 in SIB address modes, and is generally rarely used.
845
846 For 8 bit register references, the presence of the REX byte itself
847 has significance. If there is no REX present, then the 3-bit
848 number extracted from the modrm e or g field is treated as an index
849 into the sequence %al %cl %dl %bl %ah %ch %dh %bh -- that is, the
850 old x86 encoding scheme.
851
852 But if there is a REX present, the register reference is
853 interpreted in the same way as for 64/32/16-bit references: a high
854 bit is extracted from REX, giving a 4-bit number, and the denoted
855 register is the lowest 8 bits of the 16 integer registers denoted
856 by the number. In particular, values 3 through 7 of this sequence
857 do not refer to %ah %ch %dh %bh but instead to the lowest 8 bits of
858 %rsp %rbp %rsi %rdi.
859
860 The REX.W bit has no bearing at all on register numbers. Instead
861 its presence indicates that the operand size is to be overridden
862 from its default value (32 bits) to 64 bits instead. This is in
863 the same fashion that an 0x66 prefix indicates the operand size is
864 to be overridden from 32 bits down to 16 bits. When both REX.W and
865 0x66 are present there is a conflict, and REX.W takes precedence.
866
867 Rather than try to handle this complexity using a single huge
868 function, several smaller ones are provided. The aim is to make it
869 as difficult as possible to screw up register decoding in a subtle
870 and hard-to-track-down way.
871
872 Because these routines fish around in the host's memory (that is,
873 in the guest state area) for sub-parts of guest registers, their
874 correctness depends on the host's endianness. So far these
875 routines only work for little-endian hosts. Those for which
876 endianness is important have assertions to ensure sanity.
877 */
878
879
880 /* About the simplest question you can ask: where do the 64-bit
881 integer registers live (in the guest state) ? */
882
883 static Int integerGuestReg64Offset ( UInt reg )
884 {
885 switch (reg) {
886 case R_RAX: return OFFB_RAX;
887 case R_RCX: return OFFB_RCX;
888 case R_RDX: return OFFB_RDX;
889 case R_RBX: return OFFB_RBX;
890 case R_RSP: return OFFB_RSP;
891 case R_RBP: return OFFB_RBP;
892 case R_RSI: return OFFB_RSI;
893 case R_RDI: return OFFB_RDI;
894 case R_R8: return OFFB_R8;
895 case R_R9: return OFFB_R9;
896 case R_R10: return OFFB_R10;
897 case R_R11: return OFFB_R11;
898 case R_R12: return OFFB_R12;
899 case R_R13: return OFFB_R13;
900 case R_R14: return OFFB_R14;
901 case R_R15: return OFFB_R15;
902 default: vpanic("integerGuestReg64Offset(amd64)");
903 }
904 }
905
906
907 /* Produce the name of an integer register, for printing purposes.
908 reg is a number in the range 0 .. 15 that has been generated from a
909 3-bit reg-field number and a REX extension bit. irregular denotes
910 the case where sz==1 and no REX byte is present. */
911
912 static
913 const HChar* nameIReg ( Int sz, UInt reg, Bool irregular )
914 {
915 static const HChar* ireg64_names[16]
916 = { "%rax", "%rcx", "%rdx", "%rbx", "%rsp", "%rbp", "%rsi", "%rdi",
917 "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14", "%r15" };
918 static const HChar* ireg32_names[16]
919 = { "%eax", "%ecx", "%edx", "%ebx", "%esp", "%ebp", "%esi", "%edi",
920 "%r8d", "%r9d", "%r10d","%r11d","%r12d","%r13d","%r14d","%r15d" };
921 static const HChar* ireg16_names[16]
922 = { "%ax", "%cx", "%dx", "%bx", "%sp", "%bp", "%si", "%di",
923 "%r8w", "%r9w", "%r10w","%r11w","%r12w","%r13w","%r14w","%r15w" };
924 static const HChar* ireg8_names[16]
925 = { "%al", "%cl", "%dl", "%bl", "%spl", "%bpl", "%sil", "%dil",
926 "%r8b", "%r9b", "%r10b","%r11b","%r12b","%r13b","%r14b","%r15b" };
927 static const HChar* ireg8_irregular[8]
928 = { "%al", "%cl", "%dl", "%bl", "%ah", "%ch", "%dh", "%bh" };
929
930 vassert(reg < 16);
931 if (sz == 1) {
932 if (irregular)
933 vassert(reg < 8);
934 } else {
935 vassert(irregular == False);
936 }
937
938 switch (sz) {
939 case 8: return ireg64_names[reg];
940 case 4: return ireg32_names[reg];
941 case 2: return ireg16_names[reg];
942 case 1: if (irregular) {
943 return ireg8_irregular[reg];
944 } else {
945 return ireg8_names[reg];
946 }
947 default: vpanic("nameIReg(amd64)");
948 }
949 }
950
951 /* Using the same argument conventions as nameIReg, produce the
952 guest state offset of an integer register. */
953
954 static
955 Int offsetIReg ( Int sz, UInt reg, Bool irregular )
956 {
957 vassert(reg < 16);
958 if (sz == 1) {
959 if (irregular)
960 vassert(reg < 8);
961 } else {
962 vassert(irregular == False);
963 }
964
965 /* Deal with irregular case -- sz==1 and no REX present */
966 if (sz == 1 && irregular) {
967 switch (reg) {
968 case R_RSP: return 1+ OFFB_RAX;
969 case R_RBP: return 1+ OFFB_RCX;
970 case R_RSI: return 1+ OFFB_RDX;
971 case R_RDI: return 1+ OFFB_RBX;
972 default: break; /* use the normal case */
973 }
974 }
975
976 /* Normal case */
977 return integerGuestReg64Offset(reg);
978 }
979
980
981 /* Read the %CL register :: Ity_I8, for shift/rotate operations. */
982
983 static IRExpr* getIRegCL ( void )
984 {
985 vassert(host_endness == VexEndnessLE);
986 return IRExpr_Get( OFFB_RCX, Ity_I8 );
987 }
988
989
990 /* Write to the %AH register. */
991
992 static void putIRegAH ( IRExpr* e )
993 {
994 vassert(host_endness == VexEndnessLE);
995 vassert(typeOfIRExpr(irsb->tyenv, e) == Ity_I8);
996 stmt( IRStmt_Put( OFFB_RAX+1, e ) );
997 }
998
999
1000 /* Read/write various widths of %RAX, as it has various
1001 special-purpose uses. */
1002
1003 static const HChar* nameIRegRAX ( Int sz )
1004 {
1005 switch (sz) {
1006 case 1: return "%al";
1007 case 2: return "%ax";
1008 case 4: return "%eax";
1009 case 8: return "%rax";
1010 default: vpanic("nameIRegRAX(amd64)");
1011 }
1012 }
1013
1014 static IRExpr* getIRegRAX ( Int sz )
1015 {
1016 vassert(host_endness == VexEndnessLE);
1017 switch (sz) {
1018 case 1: return IRExpr_Get( OFFB_RAX, Ity_I8 );
1019 case 2: return IRExpr_Get( OFFB_RAX, Ity_I16 );
1020 case 4: return unop(Iop_64to32, IRExpr_Get( OFFB_RAX, Ity_I64 ));
1021 case 8: return IRExpr_Get( OFFB_RAX, Ity_I64 );
1022 default: vpanic("getIRegRAX(amd64)");
1023 }
1024 }
1025
1026 static void putIRegRAX ( Int sz, IRExpr* e )
1027 {
1028 IRType ty = typeOfIRExpr(irsb->tyenv, e);
1029 vassert(host_endness == VexEndnessLE);
1030 switch (sz) {
1031 case 8: vassert(ty == Ity_I64);
1032 stmt( IRStmt_Put( OFFB_RAX, e ));
1033 break;
1034 case 4: vassert(ty == Ity_I32);
1035 stmt( IRStmt_Put( OFFB_RAX, unop(Iop_32Uto64,e) ));
1036 break;
1037 case 2: vassert(ty == Ity_I16);
1038 stmt( IRStmt_Put( OFFB_RAX, e ));
1039 break;
1040 case 1: vassert(ty == Ity_I8);
1041 stmt( IRStmt_Put( OFFB_RAX, e ));
1042 break;
1043 default: vpanic("putIRegRAX(amd64)");
1044 }
1045 }
1046
1047
1048 /* Read/write various widths of %RDX, as it has various
1049 special-purpose uses. */
1050
1051 static const HChar* nameIRegRDX ( Int sz )
1052 {
1053 switch (sz) {
1054 case 1: return "%dl";
1055 case 2: return "%dx";
1056 case 4: return "%edx";
1057 case 8: return "%rdx";
1058 default: vpanic("nameIRegRDX(amd64)");
1059 }
1060 }
1061
1062 static IRExpr* getIRegRDX ( Int sz )
1063 {
1064 vassert(host_endness == VexEndnessLE);
1065 switch (sz) {
1066 case 1: return IRExpr_Get( OFFB_RDX, Ity_I8 );
1067 case 2: return IRExpr_Get( OFFB_RDX, Ity_I16 );
1068 case 4: return unop(Iop_64to32, IRExpr_Get( OFFB_RDX, Ity_I64 ));
1069 case 8: return IRExpr_Get( OFFB_RDX, Ity_I64 );
1070 default: vpanic("getIRegRDX(amd64)");
1071 }
1072 }
1073
1074 static void putIRegRDX ( Int sz, IRExpr* e )
1075 {
1076 vassert(host_endness == VexEndnessLE);
1077 vassert(typeOfIRExpr(irsb->tyenv, e) == szToITy(sz));
1078 switch (sz) {
1079 case 8: stmt( IRStmt_Put( OFFB_RDX, e ));
1080 break;
1081 case 4: stmt( IRStmt_Put( OFFB_RDX, unop(Iop_32Uto64,e) ));
1082 break;
1083 case 2: stmt( IRStmt_Put( OFFB_RDX, e ));
1084 break;
1085 case 1: stmt( IRStmt_Put( OFFB_RDX, e ));
1086 break;
1087 default: vpanic("putIRegRDX(amd64)");
1088 }
1089 }
1090
1091
1092 /* Simplistic functions to deal with the integer registers as a
1093 straightforward bank of 16 64-bit regs. */
1094
1095 static IRExpr* getIReg64 ( UInt regno )
1096 {
1097 return IRExpr_Get( integerGuestReg64Offset(regno),
1098 Ity_I64 );
1099 }
1100
1101 static void putIReg64 ( UInt regno, IRExpr* e )
1102 {
1103 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_I64);
1104 stmt( IRStmt_Put( integerGuestReg64Offset(regno), e ) );
1105 }
1106
1107 static const HChar* nameIReg64 ( UInt regno )
1108 {
1109 return nameIReg( 8, regno, False );
1110 }
1111
1112
1113 /* Simplistic functions to deal with the lower halves of integer
1114 registers as a straightforward bank of 16 32-bit regs. */
1115
1116 static IRExpr* getIReg32 ( UInt regno )
1117 {
1118 vassert(host_endness == VexEndnessLE);
1119 return unop(Iop_64to32,
1120 IRExpr_Get( integerGuestReg64Offset(regno),
1121 Ity_I64 ));
1122 }
1123
1124 static void putIReg32 ( UInt regno, IRExpr* e )
1125 {
1126 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_I32);
1127 stmt( IRStmt_Put( integerGuestReg64Offset(regno),
1128 unop(Iop_32Uto64,e) ) );
1129 }
1130
1131 static const HChar* nameIReg32 ( UInt regno )
1132 {
1133 return nameIReg( 4, regno, False );
1134 }
1135
1136
1137 /* Simplistic functions to deal with the lower quarters of integer
1138 registers as a straightforward bank of 16 16-bit regs. */
1139
1140 static IRExpr* getIReg16 ( UInt regno )
1141 {
1142 vassert(host_endness == VexEndnessLE);
1143 return IRExpr_Get( integerGuestReg64Offset(regno),
1144 Ity_I16 );
1145 }
1146
1147 static void putIReg16 ( UInt regno, IRExpr* e )
1148 {
1149 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_I16);
1150 stmt( IRStmt_Put( integerGuestReg64Offset(regno),
1151 unop(Iop_16Uto64,e) ) );
1152 }
1153
1154 static const HChar* nameIReg16 ( UInt regno )
1155 {
1156 return nameIReg( 2, regno, False );
1157 }
1158
1159
1160 /* Sometimes what we know is a 3-bit register number, a REX byte, and
1161 which field of the REX byte is to be used to extend to a 4-bit
1162 number. These functions cater for that situation.
1163 */
1164 static IRExpr* getIReg64rexX ( Prefix pfx, UInt lo3bits )
1165 {
1166 vassert(lo3bits < 8);
1167 vassert(IS_VALID_PFX(pfx));
1168 return getIReg64( lo3bits | (getRexX(pfx) << 3) );
1169 }
1170
1171 static const HChar* nameIReg64rexX ( Prefix pfx, UInt lo3bits )
1172 {
1173 vassert(lo3bits < 8);
1174 vassert(IS_VALID_PFX(pfx));
1175 return nameIReg( 8, lo3bits | (getRexX(pfx) << 3), False );
1176 }
1177
1178 static const HChar* nameIRegRexB ( Int sz, Prefix pfx, UInt lo3bits )
1179 {
1180 vassert(lo3bits < 8);
1181 vassert(IS_VALID_PFX(pfx));
1182 vassert(sz == 8 || sz == 4 || sz == 2 || sz == 1);
1183 return nameIReg( sz, lo3bits | (getRexB(pfx) << 3),
1184 toBool(sz==1 && !haveREX(pfx)) );
1185 }
1186
1187 static IRExpr* getIRegRexB ( Int sz, Prefix pfx, UInt lo3bits )
1188 {
1189 vassert(lo3bits < 8);
1190 vassert(IS_VALID_PFX(pfx));
1191 vassert(sz == 8 || sz == 4 || sz == 2 || sz == 1);
1192 if (sz == 4) {
1193 sz = 8;
1194 return unop(Iop_64to32,
1195 IRExpr_Get(
1196 offsetIReg( sz, lo3bits | (getRexB(pfx) << 3),
1197 False/*!irregular*/ ),
1198 szToITy(sz)
1199 )
1200 );
1201 } else {
1202 return IRExpr_Get(
1203 offsetIReg( sz, lo3bits | (getRexB(pfx) << 3),
1204 toBool(sz==1 && !haveREX(pfx)) ),
1205 szToITy(sz)
1206 );
1207 }
1208 }
1209
1210 static void putIRegRexB ( Int sz, Prefix pfx, UInt lo3bits, IRExpr* e )
1211 {
1212 vassert(lo3bits < 8);
1213 vassert(IS_VALID_PFX(pfx));
1214 vassert(sz == 8 || sz == 4 || sz == 2 || sz == 1);
1215 vassert(typeOfIRExpr(irsb->tyenv, e) == szToITy(sz));
1216 stmt( IRStmt_Put(
1217 offsetIReg( sz, lo3bits | (getRexB(pfx) << 3),
1218 toBool(sz==1 && !haveREX(pfx)) ),
1219 sz==4 ? unop(Iop_32Uto64,e) : e
1220 ));
1221 }
1222
1223
1224 /* Functions for getting register numbers from modrm bytes and REX
1225 when we don't have to consider the complexities of integer subreg
1226 accesses.
1227 */
1228 /* Extract the g reg field from a modRM byte, and augment it using the
1229 REX.R bit from the supplied REX byte. The R bit usually is
1230 associated with the g register field.
1231 */
1232 static UInt gregOfRexRM ( Prefix pfx, UChar mod_reg_rm )
1233 {
1234 Int reg = (Int)( (mod_reg_rm >> 3) & 7 );
1235 reg += (pfx & PFX_REXR) ? 8 : 0;
1236 return reg;
1237 }
1238
1239 /* Extract the e reg field from a modRM byte, and augment it using the
1240 REX.B bit from the supplied REX byte. The B bit usually is
1241 associated with the e register field (when modrm indicates e is a
1242 register, that is).
1243 */
1244 static UInt eregOfRexRM ( Prefix pfx, UChar mod_reg_rm )
1245 {
1246 Int rm;
1247 vassert(epartIsReg(mod_reg_rm));
1248 rm = (Int)(mod_reg_rm & 0x7);
1249 rm += (pfx & PFX_REXB) ? 8 : 0;
1250 return rm;
1251 }
1252
1253
1254 /* General functions for dealing with integer register access. */
1255
1256 /* Produce the guest state offset for a reference to the 'g' register
1257 field in a modrm byte, taking into account REX (or its absence),
1258 and the size of the access.
1259 */
1260 static UInt offsetIRegG ( Int sz, Prefix pfx, UChar mod_reg_rm )
1261 {
1262 UInt reg;
1263 vassert(host_endness == VexEndnessLE);
1264 vassert(IS_VALID_PFX(pfx));
1265 vassert(sz == 8 || sz == 4 || sz == 2 || sz == 1);
1266 reg = gregOfRexRM( pfx, mod_reg_rm );
1267 return offsetIReg( sz, reg, toBool(sz == 1 && !haveREX(pfx)) );
1268 }
1269
1270 static
1271 IRExpr* getIRegG ( Int sz, Prefix pfx, UChar mod_reg_rm )
1272 {
1273 if (sz == 4) {
1274 sz = 8;
1275 return unop(Iop_64to32,
1276 IRExpr_Get( offsetIRegG( sz, pfx, mod_reg_rm ),
1277 szToITy(sz) ));
1278 } else {
1279 return IRExpr_Get( offsetIRegG( sz, pfx, mod_reg_rm ),
1280 szToITy(sz) );
1281 }
1282 }
1283
1284 static
1285 void putIRegG ( Int sz, Prefix pfx, UChar mod_reg_rm, IRExpr* e )
1286 {
1287 vassert(typeOfIRExpr(irsb->tyenv,e) == szToITy(sz));
1288 if (sz == 4) {
1289 e = unop(Iop_32Uto64,e);
1290 }
1291 stmt( IRStmt_Put( offsetIRegG( sz, pfx, mod_reg_rm ), e ) );
1292 }
1293
1294 static
1295 const HChar* nameIRegG ( Int sz, Prefix pfx, UChar mod_reg_rm )
1296 {
1297 return nameIReg( sz, gregOfRexRM(pfx,mod_reg_rm),
1298 toBool(sz==1 && !haveREX(pfx)) );
1299 }
1300
1301
1302 static
1303 IRExpr* getIRegV ( Int sz, Prefix pfx )
1304 {
1305 if (sz == 4) {
1306 sz = 8;
1307 return unop(Iop_64to32,
1308 IRExpr_Get( offsetIReg( sz, getVexNvvvv(pfx), False ),
1309 szToITy(sz) ));
1310 } else {
1311 return IRExpr_Get( offsetIReg( sz, getVexNvvvv(pfx), False ),
1312 szToITy(sz) );
1313 }
1314 }
1315
1316 static
1317 void putIRegV ( Int sz, Prefix pfx, IRExpr* e )
1318 {
1319 vassert(typeOfIRExpr(irsb->tyenv,e) == szToITy(sz));
1320 if (sz == 4) {
1321 e = unop(Iop_32Uto64,e);
1322 }
1323 stmt( IRStmt_Put( offsetIReg( sz, getVexNvvvv(pfx), False ), e ) );
1324 }
1325
1326 static
1327 const HChar* nameIRegV ( Int sz, Prefix pfx )
1328 {
1329 return nameIReg( sz, getVexNvvvv(pfx), False );
1330 }
1331
1332
1333
1334 /* Produce the guest state offset for a reference to the 'e' register
1335 field in a modrm byte, taking into account REX (or its absence),
1336 and the size of the access. eregOfRexRM will assert if mod_reg_rm
1337 denotes a memory access rather than a register access.
1338 */
1339 static UInt offsetIRegE ( Int sz, Prefix pfx, UChar mod_reg_rm )
1340 {
1341 UInt reg;
1342 vassert(host_endness == VexEndnessLE);
1343 vassert(IS_VALID_PFX(pfx));
1344 vassert(sz == 8 || sz == 4 || sz == 2 || sz == 1);
1345 reg = eregOfRexRM( pfx, mod_reg_rm );
1346 return offsetIReg( sz, reg, toBool(sz == 1 && !haveREX(pfx)) );
1347 }
1348
1349 static
1350 IRExpr* getIRegE ( Int sz, Prefix pfx, UChar mod_reg_rm )
1351 {
1352 if (sz == 4) {
1353 sz = 8;
1354 return unop(Iop_64to32,
1355 IRExpr_Get( offsetIRegE( sz, pfx, mod_reg_rm ),
1356 szToITy(sz) ));
1357 } else {
1358 return IRExpr_Get( offsetIRegE( sz, pfx, mod_reg_rm ),
1359 szToITy(sz) );
1360 }
1361 }
1362
1363 static
1364 void putIRegE ( Int sz, Prefix pfx, UChar mod_reg_rm, IRExpr* e )
1365 {
1366 vassert(typeOfIRExpr(irsb->tyenv,e) == szToITy(sz));
1367 if (sz == 4) {
1368 e = unop(Iop_32Uto64,e);
1369 }
1370 stmt( IRStmt_Put( offsetIRegE( sz, pfx, mod_reg_rm ), e ) );
1371 }
1372
1373 static
1374 const HChar* nameIRegE ( Int sz, Prefix pfx, UChar mod_reg_rm )
1375 {
1376 return nameIReg( sz, eregOfRexRM(pfx,mod_reg_rm),
1377 toBool(sz==1 && !haveREX(pfx)) );
1378 }
1379
1380
1381 /*------------------------------------------------------------*/
1382 /*--- For dealing with XMM registers ---*/
1383 /*------------------------------------------------------------*/
1384
1385 static Int ymmGuestRegOffset ( UInt ymmreg )
1386 {
1387 switch (ymmreg) {
1388 case 0: return OFFB_YMM0;
1389 case 1: return OFFB_YMM1;
1390 case 2: return OFFB_YMM2;
1391 case 3: return OFFB_YMM3;
1392 case 4: return OFFB_YMM4;
1393 case 5: return OFFB_YMM5;
1394 case 6: return OFFB_YMM6;
1395 case 7: return OFFB_YMM7;
1396 case 8: return OFFB_YMM8;
1397 case 9: return OFFB_YMM9;
1398 case 10: return OFFB_YMM10;
1399 case 11: return OFFB_YMM11;
1400 case 12: return OFFB_YMM12;
1401 case 13: return OFFB_YMM13;
1402 case 14: return OFFB_YMM14;
1403 case 15: return OFFB_YMM15;
1404 default: vpanic("ymmGuestRegOffset(amd64)");
1405 }
1406 }
1407
1408 static Int xmmGuestRegOffset ( UInt xmmreg )
1409 {
1410 /* Correct for little-endian host only. */
1411 vassert(host_endness == VexEndnessLE);
1412 return ymmGuestRegOffset( xmmreg );
1413 }
1414
1415 /* Lanes of vector registers are always numbered from zero being the
1416 least significant lane (rightmost in the register). */
1417
1418 static Int xmmGuestRegLane16offset ( UInt xmmreg, Int laneno )
1419 {
1420 /* Correct for little-endian host only. */
1421 vassert(host_endness == VexEndnessLE);
1422 vassert(laneno >= 0 && laneno < 8);
1423 return xmmGuestRegOffset( xmmreg ) + 2 * laneno;
1424 }
1425
1426 static Int xmmGuestRegLane32offset ( UInt xmmreg, Int laneno )
1427 {
1428 /* Correct for little-endian host only. */
1429 vassert(host_endness == VexEndnessLE);
1430 vassert(laneno >= 0 && laneno < 4);
1431 return xmmGuestRegOffset( xmmreg ) + 4 * laneno;
1432 }
1433
1434 static Int xmmGuestRegLane64offset ( UInt xmmreg, Int laneno )
1435 {
1436 /* Correct for little-endian host only. */
1437 vassert(host_endness == VexEndnessLE);
1438 vassert(laneno >= 0 && laneno < 2);
1439 return xmmGuestRegOffset( xmmreg ) + 8 * laneno;
1440 }
1441
1442 static Int ymmGuestRegLane128offset ( UInt ymmreg, Int laneno )
1443 {
1444 /* Correct for little-endian host only. */
1445 vassert(host_endness == VexEndnessLE);
1446 vassert(laneno >= 0 && laneno < 2);
1447 return ymmGuestRegOffset( ymmreg ) + 16 * laneno;
1448 }
1449
1450 static Int ymmGuestRegLane64offset ( UInt ymmreg, Int laneno )
1451 {
1452 /* Correct for little-endian host only. */
1453 vassert(host_endness == VexEndnessLE);
1454 vassert(laneno >= 0 && laneno < 4);
1455 return ymmGuestRegOffset( ymmreg ) + 8 * laneno;
1456 }
1457
1458 static Int ymmGuestRegLane32offset ( UInt ymmreg, Int laneno )
1459 {
1460 /* Correct for little-endian host only. */
1461 vassert(host_endness == VexEndnessLE);
1462 vassert(laneno >= 0 && laneno < 8);
1463 return ymmGuestRegOffset( ymmreg ) + 4 * laneno;
1464 }
1465
1466 static IRExpr* getXMMReg ( UInt xmmreg )
1467 {
1468 return IRExpr_Get( xmmGuestRegOffset(xmmreg), Ity_V128 );
1469 }
1470
1471 static IRExpr* getXMMRegLane64 ( UInt xmmreg, Int laneno )
1472 {
1473 return IRExpr_Get( xmmGuestRegLane64offset(xmmreg,laneno), Ity_I64 );
1474 }
1475
1476 static IRExpr* getXMMRegLane64F ( UInt xmmreg, Int laneno )
1477 {
1478 return IRExpr_Get( xmmGuestRegLane64offset(xmmreg,laneno), Ity_F64 );
1479 }
1480
1481 static IRExpr* getXMMRegLane32 ( UInt xmmreg, Int laneno )
1482 {
1483 return IRExpr_Get( xmmGuestRegLane32offset(xmmreg,laneno), Ity_I32 );
1484 }
1485
1486 static IRExpr* getXMMRegLane32F ( UInt xmmreg, Int laneno )
1487 {
1488 return IRExpr_Get( xmmGuestRegLane32offset(xmmreg,laneno), Ity_F32 );
1489 }
1490
1491 static IRExpr* getXMMRegLane16 ( UInt xmmreg, Int laneno )
1492 {
1493 return IRExpr_Get( xmmGuestRegLane16offset(xmmreg,laneno), Ity_I16 );
1494 }
1495
1496 static void putXMMReg ( UInt xmmreg, IRExpr* e )
1497 {
1498 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_V128);
1499 stmt( IRStmt_Put( xmmGuestRegOffset(xmmreg), e ) );
1500 }
1501
1502 static void putXMMRegLane64 ( UInt xmmreg, Int laneno, IRExpr* e )
1503 {
1504 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_I64);
1505 stmt( IRStmt_Put( xmmGuestRegLane64offset(xmmreg,laneno), e ) );
1506 }
1507
1508 static void putXMMRegLane64F ( UInt xmmreg, Int laneno, IRExpr* e )
1509 {
1510 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_F64);
1511 stmt( IRStmt_Put( xmmGuestRegLane64offset(xmmreg,laneno), e ) );
1512 }
1513
1514 static void putXMMRegLane32F ( UInt xmmreg, Int laneno, IRExpr* e )
1515 {
1516 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_F32);
1517 stmt( IRStmt_Put( xmmGuestRegLane32offset(xmmreg,laneno), e ) );
1518 }
1519
1520 static void putXMMRegLane32 ( UInt xmmreg, Int laneno, IRExpr* e )
1521 {
1522 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_I32);
1523 stmt( IRStmt_Put( xmmGuestRegLane32offset(xmmreg,laneno), e ) );
1524 }
1525
1526 static IRExpr* getYMMReg ( UInt xmmreg )
1527 {
1528 return IRExpr_Get( ymmGuestRegOffset(xmmreg), Ity_V256 );
1529 }
1530
1531 static IRExpr* getYMMRegLane128 ( UInt ymmreg, Int laneno )
1532 {
1533 return IRExpr_Get( ymmGuestRegLane128offset(ymmreg,laneno), Ity_V128 );
1534 }
1535
1536 static IRExpr* getYMMRegLane64F ( UInt ymmreg, Int laneno )
1537 {
1538 return IRExpr_Get( ymmGuestRegLane64offset(ymmreg,laneno), Ity_F64 );
1539 }
1540
1541 static IRExpr* getYMMRegLane64 ( UInt ymmreg, Int laneno )
1542 {
1543 return IRExpr_Get( ymmGuestRegLane64offset(ymmreg,laneno), Ity_I64 );
1544 }
1545
1546 static IRExpr* getYMMRegLane32F ( UInt ymmreg, Int laneno )
1547 {
1548 return IRExpr_Get( ymmGuestRegLane32offset(ymmreg,laneno), Ity_F32 );
1549 }
1550
1551 static IRExpr* getYMMRegLane32 ( UInt ymmreg, Int laneno )
1552 {
1553 return IRExpr_Get( ymmGuestRegLane32offset(ymmreg,laneno), Ity_I32 );
1554 }
1555
1556 static void putYMMReg ( UInt ymmreg, IRExpr* e )
1557 {
1558 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_V256);
1559 stmt( IRStmt_Put( ymmGuestRegOffset(ymmreg), e ) );
1560 }
1561
1562 static void putYMMRegLane128 ( UInt ymmreg, Int laneno, IRExpr* e )
1563 {
1564 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_V128);
1565 stmt( IRStmt_Put( ymmGuestRegLane128offset(ymmreg,laneno), e ) );
1566 }
1567
1568 static void putYMMRegLane64F ( UInt ymmreg, Int laneno, IRExpr* e )
1569 {
1570 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_F64);
1571 stmt( IRStmt_Put( ymmGuestRegLane64offset(ymmreg,laneno), e ) );
1572 }
1573
1574 static void putYMMRegLane64 ( UInt ymmreg, Int laneno, IRExpr* e )
1575 {
1576 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_I64);
1577 stmt( IRStmt_Put( ymmGuestRegLane64offset(ymmreg,laneno), e ) );
1578 }
1579
1580 static void putYMMRegLane32F ( UInt ymmreg, Int laneno, IRExpr* e )
1581 {
1582 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_F32);
1583 stmt( IRStmt_Put( ymmGuestRegLane32offset(ymmreg,laneno), e ) );
1584 }
1585
1586 static void putYMMRegLane32 ( UInt ymmreg, Int laneno, IRExpr* e )
1587 {
1588 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_I32);
1589 stmt( IRStmt_Put( ymmGuestRegLane32offset(ymmreg,laneno), e ) );
1590 }
1591
1592 static IRExpr* mkV128 ( UShort mask )
1593 {
1594 return IRExpr_Const(IRConst_V128(mask));
1595 }
1596
1597 /* Write the low half of a YMM reg and zero out the upper half. */
1598 static void putYMMRegLoAndZU ( UInt ymmreg, IRExpr* e )
1599 {
1600 putYMMRegLane128( ymmreg, 0, e );
1601 putYMMRegLane128( ymmreg, 1, mkV128(0) );
1602 }
1603
1604 static IRExpr* mkAnd1 ( IRExpr* x, IRExpr* y )
1605 {
1606 vassert(typeOfIRExpr(irsb->tyenv,x) == Ity_I1);
1607 vassert(typeOfIRExpr(irsb->tyenv,y) == Ity_I1);
1608 return unop(Iop_64to1,
1609 binop(Iop_And64,
1610 unop(Iop_1Uto64,x),
1611 unop(Iop_1Uto64,y)));
1612 }
1613
1614 /* Generate a compare-and-swap operation, operating on memory at
1615 'addr'. The expected value is 'expVal' and the new value is
1616 'newVal'. If the operation fails, then transfer control (with a
1617 no-redir jump (XXX no -- see comment at top of this file)) to
1618 'restart_point', which is presumably the address of the guest
1619 instruction again -- retrying, essentially. */
1620 static void casLE ( IRExpr* addr, IRExpr* expVal, IRExpr* newVal,
1621 Addr64 restart_point )
1622 {
1623 IRCAS* cas;
1624 IRType tyE = typeOfIRExpr(irsb->tyenv, expVal);
1625 IRType tyN = typeOfIRExpr(irsb->tyenv, newVal);
1626 IRTemp oldTmp = newTemp(tyE);
1627 IRTemp expTmp = newTemp(tyE);
1628 vassert(tyE == tyN);
1629 vassert(tyE == Ity_I64 || tyE == Ity_I32
1630 || tyE == Ity_I16 || tyE == Ity_I8);
1631 assign(expTmp, expVal);
1632 cas = mkIRCAS( IRTemp_INVALID, oldTmp, Iend_LE, addr,
1633 NULL, mkexpr(expTmp), NULL, newVal );
1634 stmt( IRStmt_CAS(cas) );
1635 stmt( IRStmt_Exit(
1636 binop( mkSizedOp(tyE,Iop_CasCmpNE8),
1637 mkexpr(oldTmp), mkexpr(expTmp) ),
1638 Ijk_Boring, /*Ijk_NoRedir*/
1639 IRConst_U64( restart_point ),
1640 OFFB_RIP
1641 ));
1642 }
1643
1644
1645 /*------------------------------------------------------------*/
1646 /*--- Helpers for %rflags. ---*/
1647 /*------------------------------------------------------------*/
1648
1649 /* -------------- Evaluating the flags-thunk. -------------- */
1650
1651 /* Build IR to calculate all the eflags from stored
1652 CC_OP/CC_DEP1/CC_DEP2/CC_NDEP. Returns an expression ::
1653 Ity_I64. */
1654 static IRExpr* mk_amd64g_calculate_rflags_all ( void )
1655 {
1656 IRExpr** args
1657 = mkIRExprVec_4( IRExpr_Get(OFFB_CC_OP, Ity_I64),
1658 IRExpr_Get(OFFB_CC_DEP1, Ity_I64),
1659 IRExpr_Get(OFFB_CC_DEP2, Ity_I64),
1660 IRExpr_Get(OFFB_CC_NDEP, Ity_I64) );
1661 IRExpr* call
1662 = mkIRExprCCall(
1663 Ity_I64,
1664 0/*regparm*/,
1665 "amd64g_calculate_rflags_all", &amd64g_calculate_rflags_all,
1666 args
1667 );
1668 /* Exclude OP and NDEP from definedness checking. We're only
1669 interested in DEP1 and DEP2. */
1670 call->Iex.CCall.cee->mcx_mask = (1<<0) | (1<<3);
1671 return call;
1672 }
1673
1674 /* Build IR to calculate some particular condition from stored
1675 CC_OP/CC_DEP1/CC_DEP2/CC_NDEP. Returns an expression ::
1676 Ity_Bit. */
1677 static IRExpr* mk_amd64g_calculate_condition ( AMD64Condcode cond )
1678 {
1679 IRExpr** args
1680 = mkIRExprVec_5( mkU64(cond),
1681 IRExpr_Get(OFFB_CC_OP, Ity_I64),
1682 IRExpr_Get(OFFB_CC_DEP1, Ity_I64),
1683 IRExpr_Get(OFFB_CC_DEP2, Ity_I64),
1684 IRExpr_Get(OFFB_CC_NDEP, Ity_I64) );
1685 IRExpr* call
1686 = mkIRExprCCall(
1687 Ity_I64,
1688 0/*regparm*/,
1689 "amd64g_calculate_condition", &amd64g_calculate_condition,
1690 args
1691 );
1692 /* Exclude the requested condition, OP and NDEP from definedness
1693 checking. We're only interested in DEP1 and DEP2. */
1694 call->Iex.CCall.cee->mcx_mask = (1<<0) | (1<<1) | (1<<4);
1695 return unop(Iop_64to1, call);
1696 }
1697
1698 /* Build IR to calculate just the carry flag from stored
1699 CC_OP/CC_DEP1/CC_DEP2/CC_NDEP. Returns an expression :: Ity_I64. */
1700 static IRExpr* mk_amd64g_calculate_rflags_c ( void )
1701 {
1702 IRExpr** args
1703 = mkIRExprVec_4( IRExpr_Get(OFFB_CC_OP, Ity_I64),
1704 IRExpr_Get(OFFB_CC_DEP1, Ity_I64),
1705 IRExpr_Get(OFFB_CC_DEP2, Ity_I64),
1706 IRExpr_Get(OFFB_CC_NDEP, Ity_I64) );
1707 IRExpr* call
1708 = mkIRExprCCall(
1709 Ity_I64,
1710 0/*regparm*/,
1711 "amd64g_calculate_rflags_c", &amd64g_calculate_rflags_c,
1712 args
1713 );
1714 /* Exclude OP and NDEP from definedness checking. We're only
1715 interested in DEP1 and DEP2. */
1716 call->Iex.CCall.cee->mcx_mask = (1<<0) | (1<<3);
1717 return call;
1718 }
1719
1720
1721 /* -------------- Building the flags-thunk. -------------- */
1722
1723 /* The machinery in this section builds the flag-thunk following a
1724 flag-setting operation. Hence the various setFlags_* functions.
1725 */
1726
1727 static Bool isAddSub ( IROp op8 )
1728 {
1729 return toBool(op8 == Iop_Add8 || op8 == Iop_Sub8);
1730 }
1731
1732 static Bool isLogic ( IROp op8 )
1733 {
1734 return toBool(op8 == Iop_And8 || op8 == Iop_Or8 || op8 == Iop_Xor8);
1735 }
1736
1737 /* U-widen 1/8/16/32/64 bit int expr to 64. */
1738 static IRExpr* widenUto64 ( IRExpr* e )
1739 {
1740 switch (typeOfIRExpr(irsb->tyenv,e)) {
1741 case Ity_I64: return e;
1742 case Ity_I32: return unop(Iop_32Uto64, e);
1743 case Ity_I16: return unop(Iop_16Uto64, e);
1744 case Ity_I8: return unop(Iop_8Uto64, e);
1745 case Ity_I1: return unop(Iop_1Uto64, e);
1746 default: vpanic("widenUto64");
1747 }
1748 }
1749
1750 /* S-widen 8/16/32/64 bit int expr to 32. */
1751 static IRExpr* widenSto64 ( IRExpr* e )
1752 {
1753 switch (typeOfIRExpr(irsb->tyenv,e)) {
1754 case Ity_I64: return e;
1755 case Ity_I32: return unop(Iop_32Sto64, e);
1756 case Ity_I16: return unop(Iop_16Sto64, e);
1757 case Ity_I8: return unop(Iop_8Sto64, e);
1758 default: vpanic("widenSto64");
1759 }
1760 }
1761
1762 /* Narrow 8/16/32/64 bit int expr to 8/16/32/64. Clearly only some
1763 of these combinations make sense. */
1764 static IRExpr* narrowTo ( IRType dst_ty, IRExpr* e )
1765 {
1766 IRType src_ty = typeOfIRExpr(irsb->tyenv,e);
1767 if (src_ty == dst_ty)
1768 return e;
1769 if (src_ty == Ity_I32 && dst_ty == Ity_I16)
1770 return unop(Iop_32to16, e);
1771 if (src_ty == Ity_I32 && dst_ty == Ity_I8)
1772 return unop(Iop_32to8, e);
1773 if (src_ty == Ity_I64 && dst_ty == Ity_I32)
1774 return unop(Iop_64to32, e);
1775 if (src_ty == Ity_I64 && dst_ty == Ity_I16)
1776 return unop(Iop_64to16, e);
1777 if (src_ty == Ity_I64 && dst_ty == Ity_I8)
1778 return unop(Iop_64to8, e);
1779
1780 vex_printf("\nsrc, dst tys are: ");
1781 ppIRType(src_ty);
1782 vex_printf(", ");
1783 ppIRType(dst_ty);
1784 vex_printf("\n");
1785 vpanic("narrowTo(amd64)");
1786 }
1787
1788
1789 /* Set the flags thunk OP, DEP1 and DEP2 fields. The supplied op is
1790 auto-sized up to the real op. */
1791
1792 static
1793 void setFlags_DEP1_DEP2 ( IROp op8, IRTemp dep1, IRTemp dep2, IRType ty )
1794 {
1795 Int ccOp = 0;
1796 switch (ty) {
1797 case Ity_I8: ccOp = 0; break;
1798 case Ity_I16: ccOp = 1; break;
1799 case Ity_I32: ccOp = 2; break;
1800 case Ity_I64: ccOp = 3; break;
1801 default: vassert(0);
1802 }
1803 switch (op8) {
1804 case Iop_Add8: ccOp += AMD64G_CC_OP_ADDB; break;
1805 case Iop_Sub8: ccOp += AMD64G_CC_OP_SUBB; break;
1806 default: ppIROp(op8);
1807 vpanic("setFlags_DEP1_DEP2(amd64)");
1808 }
1809 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(ccOp)) );
1810 stmt( IRStmt_Put( OFFB_CC_DEP1, widenUto64(mkexpr(dep1))) );
1811 stmt( IRStmt_Put( OFFB_CC_DEP2, widenUto64(mkexpr(dep2))) );
1812 }
1813
1814
1815 /* Set the OP and DEP1 fields only, and write zero to DEP2. */
1816
1817 static
1818 void setFlags_DEP1 ( IROp op8, IRTemp dep1, IRType ty )
1819 {
1820 Int ccOp = 0;
1821 switch (ty) {
1822 case Ity_I8: ccOp = 0; break;
1823 case Ity_I16: ccOp = 1; break;
1824 case Ity_I32: ccOp = 2; break;
1825 case Ity_I64: ccOp = 3; break;
1826 default: vassert(0);
1827 }
1828 switch (op8) {
1829 case Iop_Or8:
1830 case Iop_And8:
1831 case Iop_Xor8: ccOp += AMD64G_CC_OP_LOGICB; break;
1832 default: ppIROp(op8);
1833 vpanic("setFlags_DEP1(amd64)");
1834 }
1835 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(ccOp)) );
1836 stmt( IRStmt_Put( OFFB_CC_DEP1, widenUto64(mkexpr(dep1))) );
1837 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0)) );
1838 }
1839
1840
1841 /* For shift operations, we put in the result and the undershifted
1842 result. Except if the shift amount is zero, the thunk is left
1843 unchanged. */
1844
1845 static void setFlags_DEP1_DEP2_shift ( IROp op64,
1846 IRTemp res,
1847 IRTemp resUS,
1848 IRType ty,
1849 IRTemp guard )
1850 {
1851 Int ccOp = 0;
1852 switch (ty) {
1853 case Ity_I8: ccOp = 0; break;
1854 case Ity_I16: ccOp = 1; break;
1855 case Ity_I32: ccOp = 2; break;
1856 case Ity_I64: ccOp = 3; break;
1857 default: vassert(0);
1858 }
1859
1860 vassert(guard);
1861
1862 /* Both kinds of right shifts are handled by the same thunk
1863 operation. */
1864 switch (op64) {
1865 case Iop_Shr64:
1866 case Iop_Sar64: ccOp += AMD64G_CC_OP_SHRB; break;
1867 case Iop_Shl64: ccOp += AMD64G_CC_OP_SHLB; break;
1868 default: ppIROp(op64);
1869 vpanic("setFlags_DEP1_DEP2_shift(amd64)");
1870 }
1871
1872 /* guard :: Ity_I8. We need to convert it to I1. */
1873 IRTemp guardB = newTemp(Ity_I1);
1874 assign( guardB, binop(Iop_CmpNE8, mkexpr(guard), mkU8(0)) );
1875
1876 /* DEP1 contains the result, DEP2 contains the undershifted value. */
1877 stmt( IRStmt_Put( OFFB_CC_OP,
1878 IRExpr_ITE( mkexpr(guardB),
1879 mkU64(ccOp),
1880 IRExpr_Get(OFFB_CC_OP,Ity_I64) ) ));
1881 stmt( IRStmt_Put( OFFB_CC_DEP1,
1882 IRExpr_ITE( mkexpr(guardB),
1883 widenUto64(mkexpr(res)),
1884 IRExpr_Get(OFFB_CC_DEP1,Ity_I64) ) ));
1885 stmt( IRStmt_Put( OFFB_CC_DEP2,
1886 IRExpr_ITE( mkexpr(guardB),
1887 widenUto64(mkexpr(resUS)),
1888 IRExpr_Get(OFFB_CC_DEP2,Ity_I64) ) ));
1889 }
1890
1891
1892 /* For the inc/dec case, we store in DEP1 the result value and in NDEP
1893 the former value of the carry flag, which unfortunately we have to
1894 compute. */
1895
1896 static void setFlags_INC_DEC ( Bool inc, IRTemp res, IRType ty )
1897 {
1898 Int ccOp = inc ? AMD64G_CC_OP_INCB : AMD64G_CC_OP_DECB;
1899
1900 switch (ty) {
1901 case Ity_I8: ccOp += 0; break;
1902 case Ity_I16: ccOp += 1; break;
1903 case Ity_I32: ccOp += 2; break;
1904 case Ity_I64: ccOp += 3; break;
1905 default: vassert(0);
1906 }
1907
1908 /* This has to come first, because calculating the C flag
1909 may require reading all four thunk fields. */
1910 stmt( IRStmt_Put( OFFB_CC_NDEP, mk_amd64g_calculate_rflags_c()) );
1911 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(ccOp)) );
1912 stmt( IRStmt_Put( OFFB_CC_DEP1, widenUto64(mkexpr(res))) );
1913 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0)) );
1914 }
1915
1916
1917 /* Multiplies are pretty much like add and sub: DEP1 and DEP2 hold the
1918 two arguments. */
1919
1920 static
1921 void setFlags_MUL ( IRType ty, IRTemp arg1, IRTemp arg2, ULong base_op )
1922 {
1923 switch (ty) {
1924 case Ity_I8:
1925 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(base_op+0) ) );
1926 break;
1927 case Ity_I16:
1928 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(base_op+1) ) );
1929 break;
1930 case Ity_I32:
1931 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(base_op+2) ) );
1932 break;
1933 case Ity_I64:
1934 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(base_op+3) ) );
1935 break;
1936 default:
1937 vpanic("setFlags_MUL(amd64)");
1938 }
1939 stmt( IRStmt_Put( OFFB_CC_DEP1, widenUto64(mkexpr(arg1)) ));
1940 stmt( IRStmt_Put( OFFB_CC_DEP2, widenUto64(mkexpr(arg2)) ));
1941 }
1942
1943
1944 /* -------------- Condition codes. -------------- */
1945
1946 /* Condition codes, using the AMD encoding. */
1947
1948 static const HChar* name_AMD64Condcode ( AMD64Condcode cond )
1949 {
1950 switch (cond) {
1951 case AMD64CondO: return "o";
1952 case AMD64CondNO: return "no";
1953 case AMD64CondB: return "b";
1954 case AMD64CondNB: return "ae"; /*"nb";*/
1955 case AMD64CondZ: return "e"; /*"z";*/
1956 case AMD64CondNZ: return "ne"; /*"nz";*/
1957 case AMD64CondBE: return "be";
1958 case AMD64CondNBE: return "a"; /*"nbe";*/
1959 case AMD64CondS: return "s";
1960 case AMD64CondNS: return "ns";
1961 case AMD64CondP: return "p";
1962 case AMD64CondNP: return "np";
1963 case AMD64CondL: return "l";
1964 case AMD64CondNL: return "ge"; /*"nl";*/
1965 case AMD64CondLE: return "le";
1966 case AMD64CondNLE: return "g"; /*"nle";*/
1967 case AMD64CondAlways: return "ALWAYS";
1968 default: vpanic("name_AMD64Condcode");
1969 }
1970 }
1971
1972 static
1973 AMD64Condcode positiveIse_AMD64Condcode ( AMD64Condcode cond,
1974 /*OUT*/Bool* needInvert )
1975 {
1976 vassert(cond >= AMD64CondO && cond <= AMD64CondNLE);
1977 if (cond & 1) {
1978 *needInvert = True;
1979 return cond-1;
1980 } else {
1981 *needInvert = False;
1982 return cond;
1983 }
1984 }
1985
1986
1987 /* -------------- Helpers for ADD/SUB with carry. -------------- */
1988
1989 /* Given ta1, ta2 and tres, compute tres = ADC(ta1,ta2) and set flags
1990 appropriately.
1991
1992 Optionally, generate a store for the 'tres' value. This can either
1993 be a normal store, or it can be a cas-with-possible-failure style
1994 store:
1995
1996 if taddr is IRTemp_INVALID, then no store is generated.
1997
1998 if taddr is not IRTemp_INVALID, then a store (using taddr as
1999 the address) is generated:
2000
2001 if texpVal is IRTemp_INVALID then a normal store is
2002 generated, and restart_point must be zero (it is irrelevant).
2003
2004 if texpVal is not IRTemp_INVALID then a cas-style store is
2005 generated. texpVal is the expected value, restart_point
2006 is the restart point if the store fails, and texpVal must
2007 have the same type as tres.
2008
2009 */
2010 static void helper_ADC ( Int sz,
2011 IRTemp tres, IRTemp ta1, IRTemp ta2,
2012 /* info about optional store: */
2013 IRTemp taddr, IRTemp texpVal, Addr64 restart_point )
2014 {
2015 UInt thunkOp;
2016 IRType ty = szToITy(sz);
2017 IRTemp oldc = newTemp(Ity_I64);
2018 IRTemp oldcn = newTemp(ty);
2019 IROp plus = mkSizedOp(ty, Iop_Add8);
2020 IROp xor = mkSizedOp(ty, Iop_Xor8);
2021
2022 vassert(typeOfIRTemp(irsb->tyenv, tres) == ty);
2023
2024 switch (sz) {
2025 case 8: thunkOp = AMD64G_CC_OP_ADCQ; break;
2026 case 4: thunkOp = AMD64G_CC_OP_ADCL; break;
2027 case 2: thunkOp = AMD64G_CC_OP_ADCW; break;
2028 case 1: thunkOp = AMD64G_CC_OP_ADCB; break;
2029 default: vassert(0);
2030 }
2031
2032 /* oldc = old carry flag, 0 or 1 */
2033 assign( oldc, binop(Iop_And64,
2034 mk_amd64g_calculate_rflags_c(),
2035 mkU64(1)) );
2036
2037 assign( oldcn, narrowTo(ty, mkexpr(oldc)) );
2038
2039 assign( tres, binop(plus,
2040 binop(plus,mkexpr(ta1),mkexpr(ta2)),
2041 mkexpr(oldcn)) );
2042
2043 /* Possibly generate a store of 'tres' to 'taddr'. See comment at
2044 start of this function. */
2045 if (taddr != IRTemp_INVALID) {
2046 if (texpVal == IRTemp_INVALID) {
2047 vassert(restart_point == 0);
2048 storeLE( mkexpr(taddr), mkexpr(tres) );
2049 } else {
2050 vassert(typeOfIRTemp(irsb->tyenv, texpVal) == ty);
2051 /* .. and hence 'texpVal' has the same type as 'tres'. */
2052 casLE( mkexpr(taddr),
2053 mkexpr(texpVal), mkexpr(tres), restart_point );
2054 }
2055 }
2056
2057 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(thunkOp) ) );
2058 stmt( IRStmt_Put( OFFB_CC_DEP1, widenUto64(mkexpr(ta1)) ));
2059 stmt( IRStmt_Put( OFFB_CC_DEP2, widenUto64(binop(xor, mkexpr(ta2),
2060 mkexpr(oldcn)) )) );
2061 stmt( IRStmt_Put( OFFB_CC_NDEP, mkexpr(oldc) ) );
2062 }
2063
2064
2065 /* Given ta1, ta2 and tres, compute tres = SBB(ta1,ta2) and set flags
2066 appropriately. As with helper_ADC, possibly generate a store of
2067 the result -- see comments on helper_ADC for details.
2068 */
2069 static void helper_SBB ( Int sz,
2070 IRTemp tres, IRTemp ta1, IRTemp ta2,
2071 /* info about optional store: */
2072 IRTemp taddr, IRTemp texpVal, Addr64 restart_point )
2073 {
2074 UInt thunkOp;
2075 IRType ty = szToITy(sz);
2076 IRTemp oldc = newTemp(Ity_I64);
2077 IRTemp oldcn = newTemp(ty);
2078 IROp minus = mkSizedOp(ty, Iop_Sub8);
2079 IROp xor = mkSizedOp(ty, Iop_Xor8);
2080
2081 vassert(typeOfIRTemp(irsb->tyenv, tres) == ty);
2082
2083 switch (sz) {
2084 case 8: thunkOp = AMD64G_CC_OP_SBBQ; break;
2085 case 4: thunkOp = AMD64G_CC_OP_SBBL; break;
2086 case 2: thunkOp = AMD64G_CC_OP_SBBW; break;
2087 case 1: thunkOp = AMD64G_CC_OP_SBBB; break;
2088 default: vassert(0);
2089 }
2090
2091 /* oldc = old carry flag, 0 or 1 */
2092 assign( oldc, binop(Iop_And64,
2093 mk_amd64g_calculate_rflags_c(),
2094 mkU64(1)) );
2095
2096 assign( oldcn, narrowTo(ty, mkexpr(oldc)) );
2097
2098 assign( tres, binop(minus,
2099 binop(minus,mkexpr(ta1),mkexpr(ta2)),
2100 mkexpr(oldcn)) );
2101
2102 /* Possibly generate a store of 'tres' to 'taddr'. See comment at
2103 start of this function. */
2104 if (taddr != IRTemp_INVALID) {
2105 if (texpVal == IRTemp_INVALID) {
2106 vassert(restart_point == 0);
2107 storeLE( mkexpr(taddr), mkexpr(tres) );
2108 } else {
2109 vassert(typeOfIRTemp(irsb->tyenv, texpVal) == ty);
2110 /* .. and hence 'texpVal' has the same type as 'tres'. */
2111 casLE( mkexpr(taddr),
2112 mkexpr(texpVal), mkexpr(tres), restart_point );
2113 }
2114 }
2115
2116 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(thunkOp) ) );
2117 stmt( IRStmt_Put( OFFB_CC_DEP1, widenUto64(mkexpr(ta1) )) );
2118 stmt( IRStmt_Put( OFFB_CC_DEP2, widenUto64(binop(xor, mkexpr(ta2),
2119 mkexpr(oldcn)) )) );
2120 stmt( IRStmt_Put( OFFB_CC_NDEP, mkexpr(oldc) ) );
2121 }
2122
2123
2124 /* Given ta1, ta2 and tres, compute tres = ADCX(ta1,ta2) or tres = ADOX(ta1,ta2)
2125 and set flags appropriately.
2126 */
2127 static void helper_ADCX_ADOX ( Bool isADCX, Int sz,
2128 IRTemp tres, IRTemp ta1, IRTemp ta2 )
2129 {
2130 UInt thunkOp;
2131 IRType ty = szToITy(sz);
2132 IRTemp oldflags = newTemp(Ity_I64);
2133 IRTemp oldOC = newTemp(Ity_I64); // old O or C flag
2134 IRTemp oldOCn = newTemp(ty); // old O or C flag, narrowed
2135 IROp plus = mkSizedOp(ty, Iop_Add8);
2136 IROp xor = mkSizedOp(ty, Iop_Xor8);
2137
2138 vassert(typeOfIRTemp(irsb->tyenv, tres) == ty);
2139
2140 switch (sz) {
2141 case 8: thunkOp = isADCX ? AMD64G_CC_OP_ADCX64
2142 : AMD64G_CC_OP_ADOX64; break;
2143 case 4: thunkOp = isADCX ? AMD64G_CC_OP_ADCX32
2144 : AMD64G_CC_OP_ADOX32; break;
2145 default: vassert(0);
2146 }
2147
2148 assign( oldflags, mk_amd64g_calculate_rflags_all() );
2149
2150 /* oldOC = old overflow/carry flag, 0 or 1 */
2151 assign( oldOC, binop(Iop_And64,
2152 binop(Iop_Shr64,
2153 mkexpr(oldflags),
2154 mkU8(isADCX ? AMD64G_CC_SHIFT_C
2155 : AMD64G_CC_SHIFT_O)),
2156 mkU64(1)) );
2157
2158 assign( oldOCn, narrowTo(ty, mkexpr(oldOC)) );
2159
2160 assign( tres, binop(plus,
2161 binop(plus,mkexpr(ta1),mkexpr(ta2)),
2162 mkexpr(oldOCn)) );
2163
2164 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(thunkOp) ) );
2165 stmt( IRStmt_Put( OFFB_CC_DEP1, widenUto64(mkexpr(ta1)) ));
2166 stmt( IRStmt_Put( OFFB_CC_DEP2, widenUto64(binop(xor, mkexpr(ta2),
2167 mkexpr(oldOCn)) )) );
2168 stmt( IRStmt_Put( OFFB_CC_NDEP, mkexpr(oldflags) ) );
2169 }
2170
2171
2172 /* -------------- Helpers for disassembly printing. -------------- */
2173
2174 static const HChar* nameGrp1 ( Int opc_aux )
2175 {
2176 static const HChar* grp1_names[8]
2177 = { "add", "or", "adc", "sbb", "and", "sub", "xor", "cmp" };
2178 if (opc_aux < 0 || opc_aux > 7) vpanic("nameGrp1(amd64)");
2179 return grp1_names[opc_aux];
2180 }
2181
2182 static const HChar* nameGrp2 ( Int opc_aux )
2183 {
2184 static const HChar* grp2_names[8]
2185 = { "rol", "ror", "rcl", "rcr", "shl", "shr", "shl", "sar" };
2186 if (opc_aux < 0 || opc_aux > 7) vpanic("nameGrp2(amd64)");
2187 return grp2_names[opc_aux];
2188 }
2189
2190 static const HChar* nameGrp4 ( Int opc_aux )
2191 {
2192 static const HChar* grp4_names[8]
2193 = { "inc", "dec", "???", "???", "???", "???", "???", "???" };
2194 if (opc_aux < 0 || opc_aux > 1) vpanic("nameGrp4(amd64)");
2195 return grp4_names[opc_aux];
2196 }
2197
2198 static const HChar* nameGrp5 ( Int opc_aux )
2199 {
2200 static const HChar* grp5_names[8]
2201 = { "inc", "dec", "call*", "call*", "jmp*", "jmp*", "push", "???" };
2202 if (opc_aux < 0 || opc_aux > 6) vpanic("nameGrp5(amd64)");
2203 return grp5_names[opc_aux];
2204 }
2205
2206 static const HChar* nameGrp8 ( Int opc_aux )
2207 {
2208 static const HChar* grp8_names[8]
2209 = { "???", "???", "???", "???", "bt", "bts", "btr", "btc" };
2210 if (opc_aux < 4 || opc_aux > 7) vpanic("nameGrp8(amd64)");
2211 return grp8_names[opc_aux];
2212 }
2213
2214 static const HChar* nameSReg ( UInt sreg )
2215 {
2216 switch (sreg) {
2217 case R_ES: return "%es";
2218 case R_CS: return "%cs";
2219 case R_SS: return "%ss";
2220 case R_DS: return "%ds";
2221 case R_FS: return "%fs";
2222 case R_GS: return "%gs";
2223 default: vpanic("nameSReg(amd64)");
2224 }
2225 }
2226
2227 static const HChar* nameMMXReg ( Int mmxreg )
2228 {
2229 static const HChar* mmx_names[8]
2230 = { "%mm0", "%mm1", "%mm2", "%mm3", "%mm4", "%mm5", "%mm6", "%mm7" };
2231 if (mmxreg < 0 || mmxreg > 7) vpanic("nameMMXReg(amd64,guest)");
2232 return mmx_names[mmxreg];
2233 }
2234
2235 static const HChar* nameXMMReg ( Int xmmreg )
2236 {
2237 static const HChar* xmm_names[16]
2238 = { "%xmm0", "%xmm1", "%xmm2", "%xmm3",
2239 "%xmm4", "%xmm5", "%xmm6", "%xmm7",
2240 "%xmm8", "%xmm9", "%xmm10", "%xmm11",
2241 "%xmm12", "%xmm13", "%xmm14", "%xmm15" };
2242 if (xmmreg < 0 || xmmreg > 15) vpanic("nameXMMReg(amd64)");
2243 return xmm_names[xmmreg];
2244 }
2245
2246 static const HChar* nameMMXGran ( Int gran )
2247 {
2248 switch (gran) {
2249 case 0: return "b";
2250 case 1: return "w";
2251 case 2: return "d";
2252 case 3: return "q";
2253 default: vpanic("nameMMXGran(amd64,guest)");
2254 }
2255 }
2256
2257 static HChar nameISize ( Int size )
2258 {
2259 switch (size) {
2260 case 8: return 'q';
2261 case 4: return 'l';
2262 case 2: return 'w';
2263 case 1: return 'b';
2264 default: vpanic("nameISize(amd64)");
2265 }
2266 }
2267
2268 static const HChar* nameYMMReg ( Int ymmreg )
2269 {
2270 static const HChar* ymm_names[16]
2271 = { "%ymm0", "%ymm1", "%ymm2", "%ymm3",
2272 "%ymm4", "%ymm5", "%ymm6", "%ymm7",
2273 "%ymm8", "%ymm9", "%ymm10", "%ymm11",
2274 "%ymm12", "%ymm13", "%ymm14", "%ymm15" };
2275 if (ymmreg < 0 || ymmreg > 15) vpanic("nameYMMReg(amd64)");
2276 return ymm_names[ymmreg];
2277 }
2278
2279
2280 /*------------------------------------------------------------*/
2281 /*--- JMP helpers ---*/
2282 /*------------------------------------------------------------*/
2283
2284 static void jmp_lit( /*MOD*/DisResult* dres,
2285 IRJumpKind kind, Addr64 d64 )
2286 {
2287 vassert(dres->whatNext == Dis_Continue);
2288 vassert(dres->len == 0);
2289 vassert(dres->continueAt == 0);
2290 vassert(dres->jk_StopHere == Ijk_INVALID);
2291 dres->whatNext = Dis_StopHere;
2292 dres->jk_StopHere = kind;
2293 stmt( IRStmt_Put( OFFB_RIP, mkU64(d64) ) );
2294 }
2295
2296 static void jmp_treg( /*MOD*/DisResult* dres,
2297 IRJumpKind kind, IRTemp t )
2298 {
2299 vassert(dres->whatNext == Dis_Continue);
2300 vassert(dres->len == 0);
2301 vassert(dres->continueAt == 0);
2302 vassert(dres->jk_StopHere == Ijk_INVALID);
2303 dres->whatNext = Dis_StopHere;
2304 dres->jk_StopHere = kind;
2305 stmt( IRStmt_Put( OFFB_RIP, mkexpr(t) ) );
2306 }
2307
2308 static
2309 void jcc_01 ( /*MOD*/DisResult* dres,
2310 AMD64Condcode cond, Addr64 d64_false, Addr64 d64_true )
2311 {
2312 Bool invert;
2313 AMD64Condcode condPos;
2314 vassert(dres->whatNext == Dis_Continue);
2315 vassert(dres->len == 0);
2316 vassert(dres->continueAt == 0);
2317 vassert(dres->jk_StopHere == Ijk_INVALID);
2318 dres->whatNext = Dis_StopHere;
2319 dres->jk_StopHere = Ijk_Boring;
2320 condPos = positiveIse_AMD64Condcode ( cond, &invert );
2321 if (invert) {
2322 stmt( IRStmt_Exit( mk_amd64g_calculate_condition(condPos),
2323 Ijk_Boring,
2324 IRConst_U64(d64_false),
2325 OFFB_RIP ) );
2326 stmt( IRStmt_Put( OFFB_RIP, mkU64(d64_true) ) );
2327 } else {
2328 stmt( IRStmt_Exit( mk_amd64g_calculate_condition(condPos),
2329 Ijk_Boring,
2330 IRConst_U64(d64_true),
2331 OFFB_RIP ) );
2332 stmt( IRStmt_Put( OFFB_RIP, mkU64(d64_false) ) );
2333 }
2334 }
2335
2336 /* Let new_rsp be the %rsp value after a call/return. Let nia be the
2337 guest address of the next instruction to be executed.
2338
2339 This function generates an AbiHint to say that -128(%rsp)
2340 .. -1(%rsp) should now be regarded as uninitialised.
2341 */
2342 static
2343 void make_redzone_AbiHint ( const VexAbiInfo* vbi,
2344 IRTemp new_rsp, IRTemp nia, const HChar* who )
2345 {
2346 Int szB = vbi->guest_stack_redzone_size;
2347 vassert(szB >= 0);
2348
2349 /* A bit of a kludge. Currently the only AbI we've guested AMD64
2350 for is ELF. So just check it's the expected 128 value
2351 (paranoia). */
2352 vassert(szB == 128);
2353
2354 if (0) vex_printf("AbiHint: %s\n", who);
2355 vassert(typeOfIRTemp(irsb->tyenv, new_rsp) == Ity_I64);
2356 vassert(typeOfIRTemp(irsb->tyenv, nia) == Ity_I64);
2357 if (szB > 0)
2358 stmt( IRStmt_AbiHint(
2359 binop(Iop_Sub64, mkexpr(new_rsp), mkU64(szB)),
2360 szB,
2361 mkexpr(nia)
2362 ));
2363 }
2364
2365
2366 /*------------------------------------------------------------*/
2367 /*--- Disassembling addressing modes ---*/
2368 /*------------------------------------------------------------*/
2369
2370 static
2371 const HChar* segRegTxt ( Prefix pfx )
2372 {
2373 if (pfx & PFX_CS) return "%cs:";
2374 if (pfx & PFX_DS) return "%ds:";
2375 if (pfx & PFX_ES) return "%es:";
2376 if (pfx & PFX_FS) return "%fs:";
2377 if (pfx & PFX_GS) return "%gs:";
2378 if (pfx & PFX_SS) return "%ss:";
2379 return ""; /* no override */
2380 }
2381
2382
2383 /* 'virtual' is an IRExpr* holding a virtual address. Convert it to a
2384 linear address by adding any required segment override as indicated
2385 by sorb, and also dealing with any address size override
2386 present. */
2387 static
2388 IRExpr* handleAddrOverrides ( const VexAbiInfo* vbi,
2389 Prefix pfx, IRExpr* virtual )
2390 {
2391 /* --- address size override --- */
2392 if (haveASO(pfx))
2393 virtual = unop(Iop_32Uto64, unop(Iop_64to32, virtual));
2394
2395 /* Note that the below are hacks that relies on the assumption
2396 that %fs or %gs are constant.
2397 Typically, %fs is always 0x63 on linux (in the main thread, it
2398 stays at value 0), %gs always 0x60 on Darwin, ... */
2399 /* --- segment overrides --- */
2400 if (pfx & PFX_FS) {
2401 if (vbi->guest_amd64_assume_fs_is_const) {
2402 /* return virtual + guest_FS_CONST. */
2403 virtual = binop(Iop_Add64, virtual,
2404 IRExpr_Get(OFFB_FS_CONST, Ity_I64));
2405 } else {
2406 unimplemented("amd64 %fs segment override");
2407 }
2408 }
2409
2410 if (pfx & PFX_GS) {
2411 if (vbi->guest_amd64_assume_gs_is_const) {
2412 /* return virtual + guest_GS_CONST. */
2413 virtual = binop(Iop_Add64, virtual,
2414 IRExpr_Get(OFFB_GS_CONST, Ity_I64));
2415 } else {
2416 unimplemented("amd64 %gs segment override");
2417 }
2418 }
2419
2420 /* cs, ds, es and ss are simply ignored in 64-bit mode. */
2421
2422 return virtual;
2423 }
2424
2425 //.. {
2426 //.. Int sreg;
2427 //.. IRType hWordTy;
2428 //.. IRTemp ldt_ptr, gdt_ptr, seg_selector, r64;
2429 //..
2430 //.. if (sorb == 0)
2431 //.. /* the common case - no override */
2432 //.. return virtual;
2433 //..
2434 //.. switch (sorb) {
2435 //.. case 0x3E: sreg = R_DS; break;
2436 //.. case 0x26: sreg = R_ES; break;
2437 //.. case 0x64: sreg = R_FS; break;
2438 //.. case 0x65: sreg = R_GS; break;
2439 //.. default: vpanic("handleAddrOverrides(x86,guest)");
2440 //.. }
2441 //..
2442 //.. hWordTy = sizeof(HWord)==4 ? Ity_I32 : Ity_I64;
2443 //..
2444 //.. seg_selector = newTemp(Ity_I32);
2445 //.. ldt_ptr = newTemp(hWordTy);
2446 //.. gdt_ptr = newTemp(hWordTy);
2447 //.. r64 = newTemp(Ity_I64);
2448 //..
2449 //.. assign( seg_selector, unop(Iop_16Uto32, getSReg(sreg)) );
2450 //.. assign( ldt_ptr, IRExpr_Get( OFFB_LDT, hWordTy ));
2451 //.. assign( gdt_ptr, IRExpr_Get( OFFB_GDT, hWordTy ));
2452 //..
2453 //.. /*
2454 //.. Call this to do the translation and limit checks:
2455 //.. ULong x86g_use_seg_selector ( HWord ldt, HWord gdt,
2456 //.. UInt seg_selector, UInt virtual_addr )
2457 //.. */
2458 //.. assign(
2459 //.. r64,
2460 //.. mkIRExprCCall(
2461 //.. Ity_I64,
2462 //.. 0/*regparms*/,
2463 //.. "x86g_use_seg_selector",
2464 //.. &x86g_use_seg_selector,
2465 //.. mkIRExprVec_4( mkexpr(ldt_ptr), mkexpr(gdt_ptr),
2466 //.. mkexpr(seg_selector), virtual)
2467 //.. )
2468 //.. );
2469 //..
2470 //.. /* If the high 32 of the result are non-zero, there was a
2471 //.. failure in address translation. In which case, make a
2472 //.. quick exit.
2473 //.. */
2474 //.. stmt(
2475 //.. IRStmt_Exit(
2476 //.. binop(Iop_CmpNE32, unop(Iop_64HIto32, mkexpr(r64)), mkU32(0)),
2477 //.. Ijk_MapFail,
2478 //.. IRConst_U32( guest_eip_curr_instr )
2479 //.. )
2480 //.. );
2481 //..
2482 //.. /* otherwise, here's the translated result. */
2483 //.. return unop(Iop_64to32, mkexpr(r64));
2484 //.. }
2485
2486
2487 /* Generate IR to calculate an address indicated by a ModRM and
2488 following SIB bytes. The expression, and the number of bytes in
2489 the address mode, are returned (the latter in *len). Note that
2490 this fn should not be called if the R/M part of the address denotes
2491 a register instead of memory. If print_codegen is true, text of
2492 the addressing mode is placed in buf.
2493
2494 The computed address is stored in a new tempreg, and the
2495 identity of the tempreg is returned.
2496
2497 extra_bytes holds the number of bytes after the amode, as supplied
2498 by the caller. This is needed to make sense of %rip-relative
2499 addresses. Note that the value that *len is set to is only the
2500 length of the amode itself and does not include the value supplied
2501 in extra_bytes.
2502 */
2503
2504 static IRTemp disAMode_copy2tmp ( IRExpr* addr64 )
2505 {
2506 IRTemp tmp = newTemp(Ity_I64);
2507 assign( tmp, addr64 );
2508 return tmp;
2509 }
2510
2511 static
2512 IRTemp disAMode ( /*OUT*/Int* len,
2513 const VexAbiInfo* vbi, Prefix pfx, Long delta,
2514 /*OUT*/HChar* buf, Int extra_bytes )
2515 {
2516 UChar mod_reg_rm = getUChar(delta);
2517 delta++;
2518
2519 buf[0] = (UChar)0;
2520 vassert(extra_bytes >= 0 && extra_bytes < 10);
2521
2522 /* squeeze out the reg field from mod_reg_rm, since a 256-entry
2523 jump table seems a bit excessive.
2524 */
2525 mod_reg_rm &= 0xC7; /* is now XX000YYY */
2526 mod_reg_rm = toUChar(mod_reg_rm | (mod_reg_rm >> 3));
2527 /* is now XX0XXYYY */
2528 mod_reg_rm &= 0x1F; /* is now 000XXYYY */
2529 switch (mod_reg_rm) {
2530
2531 /* REX.B==0: (%rax) .. (%rdi), not including (%rsp) or (%rbp).
2532 REX.B==1: (%r8) .. (%r15), not including (%r12) or (%r13).
2533 */
2534 case 0x00: case 0x01: case 0x02: case 0x03:
2535 /* ! 04 */ /* ! 05 */ case 0x06: case 0x07:
2536 { UChar rm = toUChar(mod_reg_rm & 7);
2537 DIS(buf, "%s(%s)", segRegTxt(pfx), nameIRegRexB(8,pfx,rm));
2538 *len = 1;
2539 return disAMode_copy2tmp(
2540 handleAddrOverrides(vbi, pfx, getIRegRexB(8,pfx,rm)));
2541 }
2542
2543 /* REX.B==0: d8(%rax) ... d8(%rdi), not including d8(%rsp)
2544 REX.B==1: d8(%r8) ... d8(%r15), not including d8(%r12)
2545 */
2546 case 0x08: case 0x09: case 0x0A: case 0x0B:
2547 /* ! 0C */ case 0x0D: case 0x0E: case 0x0F:
2548 { UChar rm = toUChar(mod_reg_rm & 7);
2549 Long d = getSDisp8(delta);
2550 if (d == 0) {
2551 DIS(buf, "%s(%s)", segRegTxt(pfx), nameIRegRexB(8,pfx,rm));
2552 } else {
2553 DIS(buf, "%s%lld(%s)", segRegTxt(pfx), d, nameIRegRexB(8,pfx,rm));
2554 }
2555 *len = 2;
2556 return disAMode_copy2tmp(
2557 handleAddrOverrides(vbi, pfx,
2558 binop(Iop_Add64,getIRegRexB(8,pfx,rm),mkU64(d))));
2559 }
2560
2561 /* REX.B==0: d32(%rax) ... d32(%rdi), not including d32(%rsp)
2562 REX.B==1: d32(%r8) ... d32(%r15), not including d32(%r12)
2563 */
2564 case 0x10: case 0x11: case 0x12: case 0x13:
2565 /* ! 14 */ case 0x15: case 0x16: case 0x17:
2566 { UChar rm = toUChar(mod_reg_rm & 7);
2567 Long d = getSDisp32(delta);
2568 DIS(buf, "%s%lld(%s)", segRegTxt(pfx), d, nameIRegRexB(8,pfx,rm));
2569 *len = 5;
2570 return disAMode_copy2tmp(
2571 handleAddrOverrides(vbi, pfx,
2572 binop(Iop_Add64,getIRegRexB(8,pfx,rm),mkU64(d))));
2573 }
2574
2575 /* REX.B==0: a register, %rax .. %rdi. This shouldn't happen. */
2576 /* REX.B==1: a register, %r8 .. %r16. This shouldn't happen. */
2577 case 0x18: case 0x19: case 0x1A: case 0x1B:
2578 case 0x1C: case 0x1D: case 0x1E: case 0x1F:
2579 vpanic("disAMode(amd64): not an addr!");
2580
2581 /* RIP + disp32. This assumes that guest_RIP_curr_instr is set
2582 correctly at the start of handling each instruction. */
2583 case 0x05:
2584 { Long d = getSDisp32(delta);
2585 *len = 5;
2586 DIS(buf, "%s%lld(%%rip)", segRegTxt(pfx), d);
2587 /* We need to know the next instruction's start address.
2588 Try and figure out what it is, record the guess, and ask
2589 the top-level driver logic (bbToIR_AMD64) to check we
2590 guessed right, after the instruction is completely
2591 decoded. */
2592 guest_RIP_next_mustcheck = True;
2593 guest_RIP_next_assumed = guest_RIP_bbstart
2594 + delta+4 + extra_bytes;
2595 return disAMode_copy2tmp(
2596 handleAddrOverrides(vbi, pfx,
2597 binop(Iop_Add64, mkU64(guest_RIP_next_assumed),
2598 mkU64(d))));
2599 }
2600
2601 case 0x04: {
2602 /* SIB, with no displacement. Special cases:
2603 -- %rsp cannot act as an index value.
2604 If index_r indicates %rsp, zero is used for the index.
2605 -- when mod is zero and base indicates RBP or R13, base is
2606 instead a 32-bit sign-extended literal.
2607 It's all madness, I tell you. Extract %index, %base and
2608 scale from the SIB byte. The value denoted is then:
2609 | %index == %RSP && (%base == %RBP || %base == %R13)
2610 = d32 following SIB byte
2611 | %index == %RSP && !(%base == %RBP || %base == %R13)
2612 = %base
2613 | %index != %RSP && (%base == %RBP || %base == %R13)
2614 = d32 following SIB byte + (%index << scale)
2615 | %index != %RSP && !(%base == %RBP || %base == %R13)
2616 = %base + (%index << scale)
2617 */
2618 UChar sib = getUChar(delta);
2619 UChar scale = toUChar((sib >> 6) & 3);
2620 UChar index_r = toUChar((sib >> 3) & 7);
2621 UChar base_r = toUChar(sib & 7);
2622 /* correct since #(R13) == 8 + #(RBP) */
2623 Bool base_is_BPor13 = toBool(base_r == R_RBP);
2624 Bool index_is_SP = toBool(index_r == R_RSP && 0==getRexX(pfx));
2625 delta++;
2626
2627 if ((!index_is_SP) && (!base_is_BPor13)) {
2628 if (scale == 0) {
2629 DIS(buf, "%s(%s,%s)", segRegTxt(pfx),
2630 nameIRegRexB(8,pfx,base_r),
2631 nameIReg64rexX(pfx,index_r));
2632 } else {
2633 DIS(buf, "%s(%s,%s,%d)", segRegTxt(pfx),
2634 nameIRegRexB(8,pfx,base_r),
2635 nameIReg64rexX(pfx,index_r), 1<<scale);
2636 }
2637 *len = 2;
2638 return
2639 disAMode_copy2tmp(
2640 handleAddrOverrides(vbi, pfx,
2641 binop(Iop_Add64,
2642 getIRegRexB(8,pfx,base_r),
2643 binop(Iop_Shl64, getIReg64rexX(pfx,index_r),
2644 mkU8(scale)))));
2645 }
2646
2647 if ((!index_is_SP) && base_is_BPor13) {
2648 Long d = getSDisp32(delta);
2649 DIS(buf, "%s%lld(,%s,%d)", segRegTxt(pfx), d,
2650 nameIReg64rexX(pfx,index_r), 1<<scale);
2651 *len = 6;
2652 return
2653 disAMode_copy2tmp(
2654 handleAddrOverrides(vbi, pfx,
2655 binop(Iop_Add64,
2656 binop(Iop_Shl64, getIReg64rexX(pfx,index_r),
2657 mkU8(scale)),
2658 mkU64(d))));
2659 }
2660
2661 if (index_is_SP && (!base_is_BPor13)) {
2662 DIS(buf, "%s(%s)", segRegTxt(pfx), nameIRegRexB(8,pfx,base_r));
2663 *len = 2;
2664 return disAMode_copy2tmp(
2665 handleAddrOverrides(vbi, pfx, getIRegRexB(8,pfx,base_r)));
2666 }
2667
2668 if (index_is_SP && base_is_BPor13) {
2669 Long d = getSDisp32(delta);
2670 DIS(buf, "%s%lld", segRegTxt(pfx), d);
2671 *len = 6;
2672 return disAMode_copy2tmp(
2673 handleAddrOverrides(vbi, pfx, mkU64(d)));
2674 }
2675
2676 vassert(0);
2677 }
2678
2679 /* SIB, with 8-bit displacement. Special cases:
2680 -- %esp cannot act as an index value.
2681 If index_r indicates %esp, zero is used for the index.
2682 Denoted value is:
2683 | %index == %ESP
2684 = d8 + %base
2685 | %index != %ESP
2686 = d8 + %base + (%index << scale)
2687 */
2688 case 0x0C: {
2689 UChar sib = getUChar(delta);
2690 UChar scale = toUChar((sib >> 6) & 3);
2691 UChar index_r = toUChar((sib >> 3) & 7);
2692 UChar base_r = toUChar(sib & 7);
2693 Long d = getSDisp8(delta+1);
2694
2695 if (index_r == R_RSP && 0==getRexX(pfx)) {
2696 DIS(buf, "%s%lld(%s)", segRegTxt(pfx),
2697 d, nameIRegRexB(8,pfx,base_r));
2698 *len = 3;
2699 return disAMode_copy2tmp(
2700 handleAddrOverrides(vbi, pfx,
2701 binop(Iop_Add64, getIRegRexB(8,pfx,base_r), mkU64(d)) ));
2702 } else {
2703 if (scale == 0) {
2704 DIS(buf, "%s%lld(%s,%s)", segRegTxt(pfx), d,
2705 nameIRegRexB(8,pfx,base_r),
2706 nameIReg64rexX(pfx,index_r));
2707 } else {
2708 DIS(buf, "%s%lld(%s,%s,%d)", segRegTxt(pfx), d,
2709 nameIRegRexB(8,pfx,base_r),
2710 nameIReg64rexX(pfx,index_r), 1<<scale);
2711 }
2712 *len = 3;
2713 return
2714 disAMode_copy2tmp(
2715 handleAddrOverrides(vbi, pfx,
2716 binop(Iop_Add64,
2717 binop(Iop_Add64,
2718 getIRegRexB(8,pfx,base_r),
2719 binop(Iop_Shl64,
2720 getIReg64rexX(pfx,index_r), mkU8(scale))),
2721 mkU64(d))));
2722 }
2723 vassert(0); /*NOTREACHED*/
2724 }
2725
2726 /* SIB, with 32-bit displacement. Special cases:
2727 -- %rsp cannot act as an index value.
2728 If index_r indicates %rsp, zero is used for the index.
2729 Denoted value is:
2730 | %index == %RSP
2731 = d32 + %base
2732 | %index != %RSP
2733 = d32 + %base + (%index << scale)
2734 */
2735 case 0x14: {
2736 UChar sib = getUChar(delta);
2737 UChar scale = toUChar((sib >> 6) & 3);
2738 UChar index_r = toUChar((sib >> 3) & 7);
2739 UChar base_r = toUChar(sib & 7);
2740 Long d = getSDisp32(delta+1);
2741
2742 if (index_r == R_RSP && 0==getRexX(pfx)) {
2743 DIS(buf, "%s%lld(%s)", segRegTxt(pfx),
2744 d, nameIRegRexB(8,pfx,base_r));
2745 *len = 6;
2746 return disAMode_copy2tmp(
2747 handleAddrOverrides(vbi, pfx,
2748 binop(Iop_Add64, getIRegRexB(8,pfx,base_r), mkU64(d)) ));
2749 } else {
2750 if (scale == 0) {
2751 DIS(buf, "%s%lld(%s,%s)", segRegTxt(pfx), d,
2752 nameIRegRexB(8,pfx,base_r),
2753 nameIReg64rexX(pfx,index_r));
2754 } else {
2755 DIS(buf, "%s%lld(%s,%s,%d)", segRegTxt(pfx), d,
2756 nameIRegRexB(8,pfx,base_r),
2757 nameIReg64rexX(pfx,index_r), 1<<scale);
2758 }
2759 *len = 6;
2760 return
2761 disAMode_copy2tmp(
2762 handleAddrOverrides(vbi, pfx,
2763 binop(Iop_Add64,
2764 binop(Iop_Add64,
2765 getIRegRexB(8,pfx,base_r),
2766 binop(Iop_Shl64,
2767 getIReg64rexX(pfx,index_r), mkU8(scale))),
2768 mkU64(d))));
2769 }
2770 vassert(0); /*NOTREACHED*/
2771 }
2772
2773 default:
2774 vpanic("disAMode(amd64)");
2775 return 0; /*notreached*/
2776 }
2777 }
2778
2779
2780 /* Similarly for VSIB addressing. This returns just the addend,
2781 and fills in *rI and *vscale with the register number of the vector
2782 index and its multiplicand. */
2783 static
2784 IRTemp disAVSIBMode ( /*OUT*/Int* len,
2785 const VexAbiInfo* vbi, Prefix pfx, Long delta,
2786 /*OUT*/HChar* buf, /*OUT*/UInt* rI,
2787 IRType ty, /*OUT*/Int* vscale )
2788 {
2789 UChar mod_reg_rm = getUChar(delta);
2790 const HChar *vindex;
2791
2792 *len = 0;
2793 *rI = 0;
2794 *vscale = 0;
2795 buf[0] = (UChar)0;
2796 if ((mod_reg_rm & 7) != 4 || epartIsReg(mod_reg_rm))
2797 return IRTemp_INVALID;
2798
2799 UChar sib = getUChar(delta+1);
2800 UChar scale = toUChar((sib >> 6) & 3);
2801 UChar index_r = toUChar((sib >> 3) & 7);
2802 UChar base_r = toUChar(sib & 7);
2803 Long d = 0;
2804 /* correct since #(R13) == 8 + #(RBP) */
2805 Bool base_is_BPor13 = toBool(base_r == R_RBP);
2806 delta += 2;
2807 *len = 2;
2808
2809 *rI = index_r | (getRexX(pfx) << 3);
2810 if (ty == Ity_V128)
2811 vindex = nameXMMReg(*rI);
2812 else
2813 vindex = nameYMMReg(*rI);
2814 *vscale = 1<<scale;
2815
2816 switch (mod_reg_rm >> 6) {
2817 case 0:
2818 if (base_is_BPor13) {
2819 d = getSDisp32(delta);
2820 *len += 4;
2821 if (scale == 0) {
2822 DIS(buf, "%s%lld(,%s)", segRegTxt(pfx), d, vindex);
2823 } else {
2824 DIS(buf, "%s%lld(,%s,%d)", segRegTxt(pfx), d, vindex, 1<<scale);
2825 }
2826 return disAMode_copy2tmp( mkU64(d) );
2827 } else {
2828 if (scale == 0) {
2829 DIS(buf, "%s(%s,%s)", segRegTxt(pfx),
2830 nameIRegRexB(8,pfx,base_r), vindex);
2831 } else {
2832 DIS(buf, "%s(%s,%s,%d)", segRegTxt(pfx),
2833 nameIRegRexB(8,pfx,base_r), vindex, 1<<scale);
2834 }
2835 }
2836 break;
2837 case 1:
2838 d = getSDisp8(delta);
2839 *len += 1;
2840 goto have_disp;
2841 case 2:
2842 d = getSDisp32(delta);
2843 *len += 4;
2844 have_disp:
2845 if (scale == 0) {
2846 DIS(buf, "%s%lld(%s,%s)", segRegTxt(pfx), d,
2847 nameIRegRexB(8,pfx,base_r), vindex);
2848 } else {
2849 DIS(buf, "%s%lld(%s,%s,%d)", segRegTxt(pfx), d,
2850 nameIRegRexB(8,pfx,base_r), vindex, 1<<scale);
2851 }
2852 break;
2853 }
2854
2855 if (!d)
2856 return disAMode_copy2tmp( getIRegRexB(8,pfx,base_r) );
2857 return disAMode_copy2tmp( binop(Iop_Add64, getIRegRexB(8,pfx,base_r),
2858 mkU64(d)) );
2859 }
2860
2861
2862 /* Figure out the number of (insn-stream) bytes constituting the amode
2863 beginning at delta. Is useful for getting hold of literals beyond
2864 the end of the amode before it has been disassembled. */
2865
2866 static UInt lengthAMode ( Prefix pfx, Long delta )
2867 {
2868 UChar mod_reg_rm = getUChar(delta);
2869 delta++;
2870
2871 /* squeeze out the reg field from mod_reg_rm, since a 256-entry
2872 jump table seems a bit excessive.
2873 */
2874 mod_reg_rm &= 0xC7; /* is now XX000YYY */
2875 mod_reg_rm = toUChar(mod_reg_rm | (mod_reg_rm >> 3));
2876 /* is now XX0XXYYY */
2877 mod_reg_rm &= 0x1F; /* is now 000XXYYY */
2878 switch (mod_reg_rm) {
2879
2880 /* REX.B==0: (%rax) .. (%rdi), not including (%rsp) or (%rbp).
2881 REX.B==1: (%r8) .. (%r15), not including (%r12) or (%r13).
2882 */
2883 case 0x00: case 0x01: case 0x02: case 0x03:
2884 /* ! 04 */ /* ! 05 */ case 0x06: case 0x07:
2885 return 1;
2886
2887 /* REX.B==0: d8(%rax) ... d8(%rdi), not including d8(%rsp)
2888 REX.B==1: d8(%r8) ... d8(%r15), not including d8(%r12)
2889 */
2890 case 0x08: case 0x09: case 0x0A: case 0x0B:
2891 /* ! 0C */ case 0x0D: case 0x0E: case 0x0F:
2892 return 2;
2893
2894 /* REX.B==0: d32(%rax) ... d32(%rdi), not including d32(%rsp)
2895 REX.B==1: d32(%r8) ... d32(%r15), not including d32(%r12)
2896 */
2897 case 0x10: case 0x11: case 0x12: case 0x13:
2898 /* ! 14 */ case 0x15: case 0x16: case 0x17:
2899 return 5;
2900
2901 /* REX.B==0: a register, %rax .. %rdi. This shouldn't happen. */
2902 /* REX.B==1: a register, %r8 .. %r16. This shouldn't happen. */
2903 /* Not an address, but still handled. */
2904 case 0x18: case 0x19: case 0x1A: case 0x1B:
2905 case 0x1C: case 0x1D: case 0x1E: case 0x1F:
2906 return 1;
2907
2908 /* RIP + disp32. */
2909 case 0x05:
2910 return 5;
2911
2912 case 0x04: {
2913 /* SIB, with no displacement. */
2914 UChar sib = getUChar(delta);
2915 UChar base_r = toUChar(sib & 7);
2916 /* correct since #(R13) == 8 + #(RBP) */
2917 Bool base_is_BPor13 = toBool(base_r == R_RBP);
2918
2919 if (base_is_BPor13) {
2920 return 6;
2921 } else {
2922 return 2;
2923 }
2924 }
2925
2926 /* SIB, with 8-bit displacement. */
2927 case 0x0C:
2928 return 3;
2929
2930 /* SIB, with 32-bit displacement. */
2931 case 0x14:
2932 return 6;
2933
2934 default:
2935 vpanic("lengthAMode(amd64)");
2936 return 0; /*notreached*/
2937 }
2938 }
2939
2940
2941 /*------------------------------------------------------------*/
2942 /*--- Disassembling common idioms ---*/
2943 /*------------------------------------------------------------*/
2944
2945 typedef
2946 enum { WithFlagNone=2, WithFlagCarry, WithFlagCarryX, WithFlagOverX }
2947 WithFlag;
2948
2949 /* Handle binary integer instructions of the form
2950 op E, G meaning
2951 op reg-or-mem, reg
2952 Is passed the a ptr to the modRM byte, the actual operation, and the
2953 data size. Returns the address advanced completely over this
2954 instruction.
2955
2956 E(src) is reg-or-mem
2957 G(dst) is reg.
2958
2959 If E is reg, --> GET %G, tmp
2960 OP %E, tmp
2961 PUT tmp, %G
2962
2963 If E is mem and OP is not reversible,
2964 --> (getAddr E) -> tmpa
2965 LD (tmpa), tmpa
2966 GET %G, tmp2
2967 OP tmpa, tmp2
2968 PUT tmp2, %G
2969
2970 If E is mem and OP is reversible
2971 --> (getAddr E) -> tmpa
2972 LD (tmpa), tmpa
2973 OP %G, tmpa
2974 PUT tmpa, %G
2975 */
2976 static
2977 ULong dis_op2_E_G ( const VexAbiInfo* vbi,
2978 Prefix pfx,
2979 IROp op8,
2980 WithFlag flag,
2981 Bool keep,
2982 Int size,
2983 Long delta0,
2984 const HChar* t_amd64opc )
2985 {
2986 HChar dis_buf[50];
2987 Int len;
2988 IRType ty = szToITy(size);
2989 IRTemp dst1 = newTemp(ty);
2990 IRTemp src = newTemp(ty);
2991 IRTemp dst0 = newTemp(ty);
2992 UChar rm = getUChar(delta0);
2993 IRTemp addr = IRTemp_INVALID;
2994
2995 /* Stay sane -- check for valid (op8, flag, keep) combinations. */
2996 switch (op8) {
2997 case Iop_Add8:
2998 switch (flag) {
2999 case WithFlagNone: case WithFlagCarry:
3000 case WithFlagCarryX: case WithFlagOverX:
3001 vassert(keep);
3002 break;
3003 default:
3004 vassert(0);
3005 }
3006 break;
3007 case Iop_Sub8:
3008 vassert(flag == WithFlagNone || flag == WithFlagCarry);
3009 if (flag == WithFlagCarry) vassert(keep);
3010 break;
3011 case Iop_And8:
3012 vassert(flag == WithFlagNone);
3013 break;
3014 case Iop_Or8: case Iop_Xor8:
3015 vassert(flag == WithFlagNone);
3016 vassert(keep);
3017 break;
3018 default:
3019 vassert(0);
3020 }
3021
3022 if (epartIsReg(rm)) {
3023 /* Specially handle XOR reg,reg, because that doesn't really
3024 depend on reg, and doing the obvious thing potentially
3025 generates a spurious value check failure due to the bogus
3026 dependency. Ditto SUB/SBB reg,reg. */
3027 if ((op8 == Iop_Xor8 || ((op8 == Iop_Sub8) && keep))
3028 && offsetIRegG(size,pfx,rm) == offsetIRegE(size,pfx,rm)) {
3029 putIRegG(size,pfx,rm, mkU(ty,0));
3030 }
3031
3032 assign( dst0, getIRegG(size,pfx,rm) );
3033 assign( src, getIRegE(size,pfx,rm) );
3034
3035 if (op8 == Iop_Add8 && flag == WithFlagCarry) {
3036 helper_ADC( size, dst1, dst0, src,
3037 /*no store*/IRTemp_INVALID, IRTemp_INVALID, 0 );
3038 putIRegG(size, pfx, rm, mkexpr(dst1));
3039 } else
3040 if (op8 == Iop_Sub8 && flag == WithFlagCarry) {
3041 helper_SBB( size, dst1, dst0, src,
3042 /*no store*/IRTemp_INVALID, IRTemp_INVALID, 0 );
3043 putIRegG(size, pfx, rm, mkexpr(dst1));
3044 } else
3045 if (op8 == Iop_Add8 && flag == WithFlagCarryX) {
3046 helper_ADCX_ADOX( True/*isADCX*/, size, dst1, dst0, src );
3047 putIRegG(size, pfx, rm, mkexpr(dst1));
3048 } else
3049 if (op8 == Iop_Add8 && flag == WithFlagOverX) {
3050 helper_ADCX_ADOX( False/*!isADCX*/, size, dst1, dst0, src );
3051 putIRegG(size, pfx, rm, mkexpr(dst1));
3052 } else {
3053 assign( dst1, binop(mkSizedOp(ty,op8), mkexpr(dst0), mkexpr(src)) );
3054 if (isAddSub(op8))
3055 setFlags_DEP1_DEP2(op8, dst0, src, ty);
3056 else
3057 setFlags_DEP1(op8, dst1, ty);
3058 if (keep)
3059 putIRegG(size, pfx, rm, mkexpr(dst1));
3060 }
3061
3062 DIP("%s%c %s,%s\n", t_amd64opc, nameISize(size),
3063 nameIRegE(size,pfx,rm),
3064 nameIRegG(size,pfx,rm));
3065 return 1+delta0;
3066 } else {
3067 /* E refers to memory */
3068 addr = disAMode ( &len, vbi, pfx, delta0, dis_buf, 0 );
3069 assign( dst0, getIRegG(size,pfx,rm) );
3070 assign( src, loadLE(szToITy(size), mkexpr(addr)) );
3071
3072 if (op8 == Iop_Add8 && flag == WithFlagCarry) {
3073 helper_ADC( size, dst1, dst0, src,
3074 /*no store*/IRTemp_INVALID, IRTemp_INVALID, 0 );
3075 putIRegG(size, pfx, rm, mkexpr(dst1));
3076 } else
3077 if (op8 == Iop_Sub8 && flag == WithFlagCarry) {
3078 helper_SBB( size, dst1, dst0, src,
3079 /*no store*/IRTemp_INVALID, IRTemp_INVALID, 0 );
3080 putIRegG(size, pfx, rm, mkexpr(dst1));
3081 } else
3082 if (op8 == Iop_Add8 && flag == WithFlagCarryX) {
3083 helper_ADCX_ADOX( True/*isADCX*/, size, dst1, dst0, src );
3084 putIRegG(size, pfx, rm, mkexpr(dst1));
3085 } else
3086 if (op8 == Iop_Add8 && flag == WithFlagOverX) {
3087 helper_ADCX_ADOX( False/*!isADCX*/, size, dst1, dst0, src );
3088 putIRegG(size, pfx, rm, mkexpr(dst1));
3089 } else {
3090 assign( dst1, binop(mkSizedOp(ty,op8), mkexpr(dst0), mkexpr(src)) );
3091 if (isAddSub(op8))
3092 setFlags_DEP1_DEP2(op8, dst0, src, ty);
3093 else
3094 setFlags_DEP1(op8, dst1, ty);
3095 if (keep)
3096 putIRegG(size, pfx, rm, mkexpr(dst1));
3097 }
3098
3099 DIP("%s%c %s,%s\n", t_amd64opc, nameISize(size),
3100 dis_buf, nameIRegG(size, pfx, rm));
3101 return len+delta0;
3102 }
3103 }
3104
3105
3106
3107 /* Handle binary integer instructions of the form
3108 op G, E meaning
3109 op reg, reg-or-mem
3110 Is passed the a ptr to the modRM byte, the actual operation, and the
3111 data size. Returns the address advanced completely over this
3112 instruction.
3113
3114 G(src) is reg.
3115 E(dst) is reg-or-mem
3116
3117 If E is reg, --> GET %E, tmp
3118 OP %G, tmp
3119 PUT tmp, %E
3120
3121 If E is mem, --> (getAddr E) -> tmpa
3122 LD (tmpa), tmpv
3123 OP %G, tmpv
3124 ST tmpv, (tmpa)
3125 */
3126 static
3127 ULong dis_op2_G_E ( const VexAbiInfo* vbi,
3128 Prefix pfx,
3129 IROp op8,
3130 WithFlag flag,
3131 Bool keep,
3132 Int size,
3133 Long delta0,
3134 const HChar* t_amd64opc )
3135 {
3136 HChar dis_buf[50];
3137 Int len;
3138 IRType ty = szToITy(size);
3139 IRTemp dst1 = newTemp(ty);
3140 IRTemp src = newTemp(ty);
3141 IRTemp dst0 = newTemp(ty);
3142 UChar rm = getUChar(delta0);
3143 IRTemp addr = IRTemp_INVALID;
3144
3145 /* Stay sane -- check for valid (op8, flag, keep) combinations. */
3146 switch (op8) {
3147 case Iop_Add8:
3148 vassert(flag == WithFlagNone || flag == WithFlagCarry);
3149 vassert(keep);
3150 break;
3151 case Iop_Sub8:
3152 vassert(flag == WithFlagNone || flag == WithFlagCarry);
3153 if (flag == WithFlagCarry) vassert(keep);
3154 break;
3155 case Iop_And8: case Iop_Or8: case Iop_Xor8:
3156 vassert(flag == WithFlagNone);
3157 vassert(keep);
3158 break;
3159 default:
3160 vassert(0);
3161 }
3162
3163 /* flag != WithFlagNone is only allowed for Add and Sub and indicates the
3164 intended operation is add-with-carry or subtract-with-borrow. */
3165
3166 if (epartIsReg(rm)) {
3167 /* Specially handle XOR reg,reg, because that doesn't really
3168 depend on reg, and doing the obvious thing potentially
3169 generates a spurious value check failure due to the bogus
3170 dependency. Ditto SUB/SBB reg,reg. */
3171 if ((op8 == Iop_Xor8 || ((op8 == Iop_Sub8) && keep))
3172 && offsetIRegG(size,pfx,rm) == offsetIRegE(size,pfx,rm)) {
3173 putIRegE(size,pfx,rm, mkU(ty,0));
3174 }
3175
3176 assign(dst0, getIRegE(size,pfx,rm));
3177 assign(src, getIRegG(size,pfx,rm));
3178
3179 if (op8 == Iop_Add8 && flag == WithFlagCarry) {
3180 helper_ADC( size, dst1, dst0, src,
3181 /*no store*/IRTemp_INVALID, IRTemp_INVALID, 0 );
3182 putIRegE(size, pfx, rm, mkexpr(dst1));
3183 } else
3184 if (op8 == Iop_Sub8 && flag == WithFlagCarry) {
3185 helper_SBB( size, dst1, dst0, src,
3186 /*no store*/IRTemp_INVALID, IRTemp_INVALID, 0 );
3187 putIRegE(size, pfx, rm, mkexpr(dst1));
3188 } else {
3189 assign(dst1, binop(mkSizedOp(ty,op8), mkexpr(dst0), mkexpr(src)));
3190 if (isAddSub(op8))
3191 setFlags_DEP1_DEP2(op8, dst0, src, ty);
3192 else
3193 setFlags_DEP1(op8, dst1, ty);
3194 if (keep)
3195 putIRegE(size, pfx, rm, mkexpr(dst1));
3196 }
3197
3198 DIP("%s%c %s,%s\n", t_amd64opc, nameISize(size),
3199 nameIRegG(size,pfx,rm),
3200 nameIRegE(size,pfx,rm));
3201 return 1+delta0;
3202 }
3203
3204 /* E refers to memory */
3205 {
3206 addr = disAMode ( &len, vbi, pfx, delta0, dis_buf, 0 );
3207 assign(dst0, loadLE(ty,mkexpr(addr)));
3208 assign(src, getIRegG(size,pfx,rm));
3209
3210 if (op8 == Iop_Add8 && flag == WithFlagCarry) {
3211 if (haveLOCK(pfx)) {
3212 /* cas-style store */
3213 helper_ADC( size, dst1, dst0, src,
3214 /*store*/addr, dst0/*expVal*/, guest_RIP_curr_instr );
3215 } else {
3216 /* normal store */
3217 helper_ADC( size, dst1, dst0, src,
3218 /*store*/addr, IRTemp_INVALID, 0 );
3219 }
3220 } else
3221 if (op8 == Iop_Sub8 && flag == WithFlagCarry) {
3222 if (haveLOCK(pfx)) {
3223 /* cas-style store */
3224 helper_SBB( size, dst1, dst0, src,
3225 /*store*/addr, dst0/*expVal*/, guest_RIP_curr_instr );
3226 } else {
3227 /* normal store */
3228 helper_SBB( size, dst1, dst0, src,
3229 /*store*/addr, IRTemp_INVALID, 0 );
3230 }
3231 } else {
3232 assign(dst1, binop(mkSizedOp(ty,op8), mkexpr(dst0), mkexpr(src)));
3233 if (keep) {
3234 if (haveLOCK(pfx)) {
3235 if (0) vex_printf("locked case\n" );
3236 casLE( mkexpr(addr),
3237 mkexpr(dst0)/*expval*/,
3238 mkexpr(dst1)/*newval*/, guest_RIP_curr_instr );
3239 } else {
3240 if (0) vex_printf("nonlocked case\n");
3241 storeLE(mkexpr(addr), mkexpr(dst1));
3242 }
3243 }
3244 if (isAddSub(op8))
3245 setFlags_DEP1_DEP2(op8, dst0, src, ty);
3246 else
3247 setFlags_DEP1(op8, dst1, ty);
3248 }
3249
3250 DIP("%s%c %s,%s\n", t_amd64opc, nameISize(size),
3251 nameIRegG(size,pfx,rm), dis_buf);
3252 return len+delta0;
3253 }
3254 }
3255
3256
3257 /* Handle move instructions of the form
3258 mov E, G meaning
3259 mov reg-or-mem, reg
3260 Is passed the a ptr to the modRM byte, and the data size. Returns
3261 the address advanced completely over this instruction.
3262
3263 E(src) is reg-or-mem
3264 G(dst) is reg.
3265
3266 If E is reg, --> GET %E, tmpv
3267 PUT tmpv, %G
3268
3269 If E is mem --> (getAddr E) -> tmpa
3270 LD (tmpa), tmpb
3271 PUT tmpb, %G
3272 */
3273 static
3274 ULong dis_mov_E_G ( const VexAbiInfo* vbi,
3275 Prefix pfx,
3276 Int size,
3277 Long delta0 )
3278 {
3279 Int len;
3280 UChar rm = getUChar(delta0);
3281 HChar dis_buf[50];
3282
3283 if (epartIsReg(rm)) {
3284 putIRegG(size, pfx, rm, getIRegE(size, pfx, rm));
3285 DIP("mov%c %s,%s\n", nameISize(size),
3286 nameIRegE(size,pfx,rm),
3287 nameIRegG(size,pfx,rm));
3288 return 1+delta0;
3289 }
3290
3291 /* E refers to memory */
3292 {
3293 IRTemp addr = disAMode ( &len, vbi, pfx, delta0, dis_buf, 0 );
3294 putIRegG(size, pfx, rm, loadLE(szToITy(size), mkexpr(addr)));
3295 DIP("mov%c %s,%s\n", nameISize(size),
3296 dis_buf,
3297 nameIRegG(size,pfx,rm));
3298 return delta0+len;
3299 }
3300 }
3301
3302
3303 /* Handle move instructions of the form
3304 mov G, E meaning
3305 mov reg, reg-or-mem
3306 Is passed the a ptr to the modRM byte, and the data size. Returns
3307 the address advanced completely over this instruction.
3308 We have to decide here whether F2 or F3 are acceptable. F2 never is.
3309
3310 G(src) is reg.
3311 E(dst) is reg-or-mem
3312
3313 If E is reg, --> GET %G, tmp
3314 PUT tmp, %E
3315
3316 If E is mem, --> (getAddr E) -> tmpa
3317 GET %G, tmpv
3318 ST tmpv, (tmpa)
3319 */
3320 static
3321 ULong dis_mov_G_E ( const VexAbiInfo* vbi,
3322 Prefix pfx,
3323 Int size,
3324 Long delta0,
3325 /*OUT*/Bool* ok )
3326 {
3327 Int len;
3328 UChar rm = getUChar(delta0);
3329 HChar dis_buf[50];
3330
3331 *ok = True;
3332
3333 if (epartIsReg(rm)) {
3334 if (haveF2orF3(pfx)) { *ok = False; return delta0; }
3335 putIRegE(size, pfx, rm, getIRegG(size, pfx, rm));
3336 DIP("mov%c %s,%s\n", nameISize(size),
3337 nameIRegG(size,pfx,rm),
3338 nameIRegE(size,pfx,rm));
3339 return 1+delta0;
3340 }
3341
3342 /* E refers to memory */
3343 {
3344 if (haveF2(pfx)) { *ok = False; return delta0; }
3345 /* F3(XRELEASE) is acceptable, though. */
3346 IRTemp addr = disAMode ( &len, vbi, pfx, delta0, dis_buf, 0 );
3347 storeLE( mkexpr(addr), getIRegG(size, pfx, rm) );
3348 DIP("mov%c %s,%s\n", nameISize(size),
3349 nameIRegG(size,pfx,rm),
3350 dis_buf);
3351 return len+delta0;
3352 }
3353 }
3354
3355
3356 /* op $immediate, AL/AX/EAX/RAX. */
3357 static
3358 ULong dis_op_imm_A ( Int size,
3359 Bool carrying,
3360 IROp op8,
3361 Bool keep,
3362 Long delta,
3363 const HChar* t_amd64opc )
3364 {
3365 Int size4 = imin(size,4);
3366 IRType ty = szToITy(size);
3367 IRTemp dst0 = newTemp(ty);
3368 IRTemp src = newTemp(ty);
3369 IRTemp dst1 = newTemp(ty);
3370 Long lit = getSDisp(size4,delta);
3371 assign(dst0, getIRegRAX(size));
3372 assign(src, mkU(ty,lit & mkSizeMask(size)));
3373
3374 if (isAddSub(op8) && !carrying) {
3375 assign(dst1, binop(mkSizedOp(ty,op8), mkexpr(dst0), mkexpr(src)) );
3376 setFlags_DEP1_DEP2(op8, dst0, src, ty);
3377 }
3378 else
3379 if (isLogic(op8)) {
3380 vassert(!carrying);
3381 assign(dst1, binop(mkSizedOp(ty,op8), mkexpr(dst0), mkexpr(src)) );
3382 setFlags_DEP1(op8, dst1, ty);
3383 }
3384 else
3385 if (op8 == Iop_Add8 && carrying) {
3386 helper_ADC( size, dst1, dst0, src,
3387 /*no store*/IRTemp_INVALID, IRTemp_INVALID, 0 );
3388 }
3389 else
3390 if (op8 == Iop_Sub8 && carrying) {
3391 helper_SBB( size, dst1, dst0, src,
3392 /*no store*/IRTemp_INVALID, IRTemp_INVALID, 0 );
3393 }
3394 else
3395 vpanic("dis_op_imm_A(amd64,guest)");
3396
3397 if (keep)
3398 putIRegRAX(size, mkexpr(dst1));
3399
3400 DIP("%s%c $%lld, %s\n", t_amd64opc, nameISize(size),
3401 lit, nameIRegRAX(size));
3402 return delta+size4;
3403 }
3404
3405
3406 /* Sign- and Zero-extending moves. */
3407 static
3408 ULong dis_movx_E_G ( const VexAbiInfo* vbi,
3409 Prefix pfx,
3410 Long delta, Int szs, Int szd, Bool sign_extend )
3411 {
3412 UChar rm = getUChar(delta);
3413 if (epartIsReg(rm)) {
3414 putIRegG(szd, pfx, rm,
3415 doScalarWidening(
3416 szs,szd,sign_extend,
3417 getIRegE(szs,pfx,rm)));
3418 DIP("mov%c%c%c %s,%s\n", sign_extend ? 's' : 'z',
3419 nameISize(szs),
3420 nameISize(szd),
3421 nameIRegE(szs,pfx,rm),
3422 nameIRegG(szd,pfx,rm));
3423 return 1+delta;
3424 }
3425
3426 /* E refers to memory */
3427 {
3428 Int len;
3429 HChar dis_buf[50];
3430 IRTemp addr = disAMode ( &len, vbi, pfx, delta, dis_buf, 0 );
3431 putIRegG(szd, pfx, rm,
3432 doScalarWidening(
3433 szs,szd,sign_extend,
3434 loadLE(szToITy(szs),mkexpr(addr))));
3435 DIP("mov%c%c%c %s,%s\n", sign_extend ? 's' : 'z',
3436 nameISize(szs),
3437 nameISize(szd),
3438 dis_buf,
3439 nameIRegG(szd,pfx,rm));
3440 return len+delta;
3441 }
3442 }
3443
3444
3445 /* Generate code to divide ArchRegs RDX:RAX / EDX:EAX / DX:AX / AX by
3446 the 64 / 32 / 16 / 8 bit quantity in the given IRTemp. */
3447 static
3448 void codegen_div ( Int sz, IRTemp t, Bool signed_divide )
3449 {
3450 /* special-case the 64-bit case */
3451 if (sz == 8) {
3452 IROp op = signed_divide ? Iop_DivModS128to64
3453 : Iop_DivModU128to64;
3454 IRTemp src128 = newTemp(Ity_I128);
3455 IRTemp dst128 = newTemp(Ity_I128);
3456 assign( src128, binop(Iop_64HLto128,
3457 getIReg64(R_RDX),
3458 getIReg64(R_RAX)) );
3459 assign( dst128, binop(op, mkexpr(src128), mkexpr(t)) );
3460 putIReg64( R_RAX, unop(Iop_128to64,mkexpr(dst128)) );
3461 putIReg64( R_RDX, unop(Iop_128HIto64,mkexpr(dst128)) );
3462 } else {
3463 IROp op = signed_divide ? Iop_DivModS64to32
3464 : Iop_DivModU64to32;
3465 IRTemp src64 = newTemp(Ity_I64);
3466 IRTemp dst64 = newTemp(Ity_I64);
3467 switch (sz) {
3468 case 4:
3469 assign( src64,
3470 binop(Iop_32HLto64, getIRegRDX(4), getIRegRAX(4)) );
3471 assign( dst64,
3472 binop(op, mkexpr(src64), mkexpr(t)) );
3473 putIRegRAX( 4, unop(Iop_64to32,mkexpr(dst64)) );
3474 putIRegRDX( 4, unop(Iop_64HIto32,mkexpr(dst64)) );
3475 break;
3476 case 2: {
3477 IROp widen3264 = signed_divide ? Iop_32Sto64 : Iop_32Uto64;
3478 IROp widen1632 = signed_divide ? Iop_16Sto32 : Iop_16Uto32;
3479 assign( src64, unop(widen3264,
3480 binop(Iop_16HLto32,
3481 getIRegRDX(2),
3482 getIRegRAX(2))) );
3483 assign( dst64, binop(op, mkexpr(src64), unop(widen1632,mkexpr(t))) );
3484 putIRegRAX( 2, unop(Iop_32to16,unop(Iop_64to32,mkexpr(dst64))) );
3485 putIRegRDX( 2, unop(Iop_32to16,unop(Iop_64HIto32,mkexpr(dst64))) );
3486 break;
3487 }
3488 case 1: {
3489 IROp widen3264 = signed_divide ? Iop_32Sto64 : Iop_32Uto64;
3490 IROp widen1632 = signed_divide ? Iop_16Sto32 : Iop_16Uto32;
3491 IROp widen816 = signed_divide ? Iop_8Sto16 : Iop_8Uto16;
3492 assign( src64, unop(widen3264,
3493 unop(widen1632, getIRegRAX(2))) );
3494 assign( dst64,
3495 binop(op, mkexpr(src64),
3496 unop(widen1632, unop(widen816, mkexpr(t)))) );
3497 putIRegRAX( 1, unop(Iop_16to8,
3498 unop(Iop_32to16,
3499 unop(Iop_64to32,mkexpr(dst64)))) );
3500 putIRegAH( unop(Iop_16to8,
3501 unop(Iop_32to16,
3502 unop(Iop_64HIto32,mkexpr(dst64)))) );
3503 break;
3504 }
3505 default:
3506 vpanic("codegen_div(amd64)");
3507 }
3508 }
3509 }
3510
3511 static
3512 ULong dis_Grp1 ( const VexAbiInfo* vbi,
3513 Prefix pfx,
3514 Long delta, UChar modrm,
3515 Int am_sz, Int d_sz, Int sz, Long d64 )
3516 {
3517 Int len;
3518 HChar dis_buf[50];
3519 IRType ty = szToITy(sz);
3520 IRTemp dst1 = newTemp(ty);
3521 IRTemp src = newTemp(ty);
3522 IRTemp dst0 = newTemp(ty);
3523 IRTemp addr = IRTemp_INVALID;
3524 IROp op8 = Iop_INVALID;
3525 ULong mask = mkSizeMask(sz);
3526
3527 switch (gregLO3ofRM(modrm)) {
3528 case 0: op8 = Iop_Add8; break; case 1: op8 = Iop_Or8; break;
3529 case 2: break; // ADC
3530 case 3: break; // SBB
3531 case 4: op8 = Iop_And8; break; case 5: op8 = Iop_Sub8; break;
3532 case 6: op8 = Iop_Xor8; break; case 7: op8 = Iop_Sub8; break;
3533 /*NOTREACHED*/
3534 default: vpanic("dis_Grp1(amd64): unhandled case");
3535 }
3536
3537 if (epartIsReg(modrm)) {
3538 vassert(am_sz == 1);
3539
3540 assign(dst0, getIRegE(sz,pfx,modrm));
3541 assign(src, mkU(ty,d64 & mask));
3542
3543 if (gregLO3ofRM(modrm) == 2 /* ADC */) {
3544 helper_ADC( sz, dst1, dst0, src,
3545 /*no store*/IRTemp_INVALID, IRTemp_INVALID, 0 );
3546 } else
3547 if (gregLO3ofRM(modrm) == 3 /* SBB */) {
3548 helper_SBB( sz, dst1, dst0, src,
3549 /*no store*/IRTemp_INVALID, IRTemp_INVALID, 0 );
3550 } else {
3551 assign(dst1, binop(mkSizedOp(ty,op8), mkexpr(dst0), mkexpr(src)));
3552 if (isAddSub(op8))
3553 setFlags_DEP1_DEP2(op8, dst0, src, ty);
3554 else
3555 setFlags_DEP1(op8, dst1, ty);
3556 }
3557
3558 if (gregLO3ofRM(modrm) < 7)
3559 putIRegE(sz, pfx, modrm, mkexpr(dst1));
3560
3561 delta += (am_sz + d_sz);
3562 DIP("%s%c $%lld, %s\n",
3563 nameGrp1(gregLO3ofRM(modrm)), nameISize(sz), d64,
3564 nameIRegE(sz,pfx,modrm));
3565 } else {
3566 addr = disAMode ( &len, vbi, pfx, delta, dis_buf, /*xtra*/d_sz );
3567
3568 assign(dst0, loadLE(ty,mkexpr(addr)));
3569 assign(src, mkU(ty,d64 & mask));
3570
3571 if (gregLO3ofRM(modrm) == 2 /* ADC */) {
3572 if (haveLOCK(pfx)) {
3573 /* cas-style store */
3574 helper_ADC( sz, dst1, dst0, src,
3575 /*store*/addr, dst0/*expVal*/, guest_RIP_curr_instr );
3576 } else {
3577 /* normal store */
3578 helper_ADC( sz, dst1, dst0, src,
3579 /*store*/addr, IRTemp_INVALID, 0 );
3580 }
3581 } else
3582 if (gregLO3ofRM(modrm) == 3 /* SBB */) {
3583 if (haveLOCK(pfx)) {
3584 /* cas-style store */
3585 helper_SBB( sz, dst1, dst0, src,
3586 /*store*/addr, dst0/*expVal*/, guest_RIP_curr_instr );
3587 } else {
3588 /* normal store */
3589 helper_SBB( sz, dst1, dst0, src,
3590 /*store*/addr, IRTemp_INVALID, 0 );
3591 }
3592 } else {
3593 assign(dst1, binop(mkSizedOp(ty,op8), mkexpr(dst0), mkexpr(src)));
3594 if (gregLO3ofRM(modrm) < 7) {
3595 if (haveLOCK(pfx)) {
3596 casLE( mkexpr(addr), mkexpr(dst0)/*expVal*/,
3597 mkexpr(dst1)/*newVal*/,
3598 guest_RIP_curr_instr );
3599 } else {
3600 storeLE(mkexpr(addr), mkexpr(dst1));
3601 }
3602 }
3603 if (isAddSub(op8))
3604 setFlags_DEP1_DEP2(op8, dst0, src, ty);
3605 else
3606 setFlags_DEP1(op8, dst1, ty);
3607 }
3608
3609 delta += (len+d_sz);
3610 DIP("%s%c $%lld, %s\n",
3611 nameGrp1(gregLO3ofRM(modrm)), nameISize(sz),
3612 d64, dis_buf);
3613 }
3614 return delta;
3615 }
3616
3617
3618 /* Group 2 extended opcodes. shift_expr must be an 8-bit typed
3619 expression. */
3620
3621 static
3622 ULong dis_Grp2 ( const VexAbiInfo* vbi,
3623 Prefix pfx,
3624 Long delta, UChar modrm,
3625 Int am_sz, Int d_sz, Int sz, IRExpr* shift_expr,
3626 const HChar* shift_expr_txt, Bool* decode_OK )
3627 {
3628 /* delta on entry points at the modrm byte. */
3629 HChar dis_buf[50];
3630 Int len;
3631 Bool isShift, isRotate, isRotateC;
3632 IRType ty = szToITy(sz);
3633 IRTemp dst0 = newTemp(ty);
3634 IRTemp dst1 = newTemp(ty);
3635 IRTemp addr = IRTemp_INVALID;
3636
3637 *decode_OK = True;
3638
3639 vassert(sz == 1 || sz == 2 || sz == 4 || sz == 8);
3640
3641 /* Put value to shift/rotate in dst0. */
3642 if (epartIsReg(modrm)) {
3643 assign(dst0, getIRegE(sz, pfx, modrm));
3644 delta += (am_sz + d_sz);
3645 } else {
3646 addr = disAMode ( &len, vbi, pfx, delta, dis_buf, /*xtra*/d_sz );
3647 assign(dst0, loadLE(ty,mkexpr(addr)));
3648 delta += len + d_sz;
3649 }
3650
3651 isShift = False;
3652 switch (gregLO3ofRM(modrm)) { case 4: case 5: case 6: case 7: isShift = True; }
3653
3654 isRotate = False;
3655 switch (gregLO3ofRM(modrm)) { case 0: case 1: isRotate = True; }
3656
3657 isRotateC = False;
3658 switch (gregLO3ofRM(modrm)) { case 2: case 3: isRotateC = True; }
3659
3660 if (!isShift && !isRotate && !isRotateC) {
3661 /*NOTREACHED*/
3662 vpanic("dis_Grp2(Reg): unhandled case(amd64)");
3663 }
3664
3665 if (isRotateC) {
3666 /* Call a helper; this insn is so ridiculous it does not deserve
3667 better. One problem is, the helper has to calculate both the
3668 new value and the new flags. This is more than 64 bits, and
3669 there is no way to return more than 64 bits from the helper.
3670 Hence the crude and obvious solution is to call it twice,
3671 using the sign of the sz field to indicate whether it is the
3672 value or rflags result we want.
3673 */
3674 Bool left = toBool(gregLO3ofRM(modrm) == 2);
3675 IRExpr** argsVALUE;
3676 IRExpr** argsRFLAGS;
3677
3678 IRTemp new_value = newTemp(Ity_I64);
3679 IRTemp new_rflags = newTemp(Ity_I64);
3680 IRTemp old_rflags = newTemp(Ity_I64);
3681
3682 assign( old_rflags, widenUto64(mk_amd64g_calculate_rflags_all()) );
3683
3684 argsVALUE
3685 = mkIRExprVec_4( widenUto64(mkexpr(dst0)), /* thing to rotate */
3686 widenUto64(shift_expr), /* rotate amount */
3687 mkexpr(old_rflags),
3688 mkU64(sz) );
3689 assign( new_value,
3690 mkIRExprCCall(
3691 Ity_I64,
3692 0/*regparm*/,
3693 left ? "amd64g_calculate_RCL" : "amd64g_calculate_RCR",
3694 left ? &amd64g_calculate_RCL : &amd64g_calculate_RCR,
3695 argsVALUE
3696 )
3697 );
3698
3699 argsRFLAGS
3700 = mkIRExprVec_4( widenUto64(mkexpr(dst0)), /* thing to rotate */
3701 widenUto64(shift_expr), /* rotate amount */
3702 mkexpr(old_rflags),
3703 mkU64(-sz) );
3704 assign( new_rflags,
3705 mkIRExprCCall(
3706 Ity_I64,
3707 0/*regparm*/,
3708 left ? "amd64g_calculate_RCL" : "amd64g_calculate_RCR",
3709 left ? &amd64g_calculate_RCL : &amd64g_calculate_RCR,
3710 argsRFLAGS
3711 )
3712 );
3713
3714 assign( dst1, narrowTo(ty, mkexpr(new_value)) );
3715 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
3716 stmt( IRStmt_Put( OFFB_CC_DEP1, mkexpr(new_rflags) ));
3717 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
3718 stmt( IRStmt_Put( OFFB_CC_NDEP, mkU64(0) ));
3719 }
3720
3721 else
3722 if (isShift) {
3723
3724 IRTemp pre64 = newTemp(Ity_I64);
3725 IRTemp res64 = newTemp(Ity_I64);
3726 IRTemp res64ss = newTemp(Ity_I64);
3727 IRTemp shift_amt = newTemp(Ity_I8);
3728 UChar mask = toUChar(sz==8 ? 63 : 31);
3729 IROp op64;
3730
3731 switch (gregLO3ofRM(modrm)) {
3732 case 4: op64 = Iop_Shl64; break;
3733 case 5: op64 = Iop_Shr64; break;
3734 case 6: op64 = Iop_Shl64; break;
3735 case 7: op64 = Iop_Sar64; break;
3736 /*NOTREACHED*/
3737 default: vpanic("dis_Grp2:shift"); break;
3738 }
3739
3740 /* Widen the value to be shifted to 64 bits, do the shift, and
3741 narrow back down. This seems surprisingly long-winded, but
3742 unfortunately the AMD semantics requires that 8/16/32-bit
3743 shifts give defined results for shift values all the way up
3744 to 32, and this seems the simplest way to do it. It has the
3745 advantage that the only IR level shifts generated are of 64
3746 bit values, and the shift amount is guaranteed to be in the
3747 range 0 .. 63, thereby observing the IR semantics requiring
3748 all shift values to be in the range 0 .. 2^word_size-1.
3749
3750 Therefore the shift amount is masked with 63 for 64-bit shifts
3751 and 31 for all others.
3752 */
3753 /* shift_amt = shift_expr & MASK, regardless of operation size */
3754 assign( shift_amt, binop(Iop_And8, shift_expr, mkU8(mask)) );
3755
3756 /* suitably widen the value to be shifted to 64 bits. */
3757 assign( pre64, op64==Iop_Sar64 ? widenSto64(mkexpr(dst0))
3758 : widenUto64(mkexpr(dst0)) );
3759
3760 /* res64 = pre64 `shift` shift_amt */
3761 assign( res64, binop(op64, mkexpr(pre64), mkexpr(shift_amt)) );
3762
3763 /* res64ss = pre64 `shift` ((shift_amt - 1) & MASK) */
3764 assign( res64ss,
3765 binop(op64,
3766 mkexpr(pre64),
3767 binop(Iop_And8,
3768 binop(Iop_Sub8,
3769 mkexpr(shift_amt), mkU8(1)),
3770 mkU8(mask))) );
3771
3772 /* Build the flags thunk. */
3773 setFlags_DEP1_DEP2_shift(op64, res64, res64ss, ty, shift_amt);
3774
3775 /* Narrow the result back down. */
3776 assign( dst1, narrowTo(ty, mkexpr(res64)) );
3777
3778 } /* if (isShift) */
3779
3780 else
3781 if (isRotate) {
3782 Int ccOp = ty==Ity_I8 ? 0 : (ty==Ity_I16 ? 1
3783 : (ty==Ity_I32 ? 2 : 3));
3784 Bool left = toBool(gregLO3ofRM(modrm) == 0);
3785 IRTemp rot_amt = newTemp(Ity_I8);
3786 IRTemp rot_amt64 = newTemp(Ity_I8);
3787 IRTemp oldFlags = newTemp(Ity_I64);
3788 UChar mask = toUChar(sz==8 ? 63 : 31);
3789
3790 /* rot_amt = shift_expr & mask */
3791 /* By masking the rotate amount thusly, the IR-level Shl/Shr
3792 expressions never shift beyond the word size and thus remain
3793 well defined. */
3794 assign(rot_amt64, binop(Iop_And8, shift_expr, mkU8(mask)));
3795
3796 if (ty == Ity_I64)
3797 assign(rot_amt, mkexpr(rot_amt64));
3798 else
3799 assign(rot_amt, binop(Iop_And8, mkexpr(rot_amt64), mkU8(8*sz-1)));
3800
3801 if (left) {
3802
3803 /* dst1 = (dst0 << rot_amt) | (dst0 >>u (wordsize-rot_amt)) */
3804 assign(dst1,
3805 binop( mkSizedOp(ty,Iop_Or8),
3806 binop( mkSizedOp(ty,Iop_Shl8),
3807 mkexpr(dst0),
3808 mkexpr(rot_amt)
3809 ),
3810 binop( mkSizedOp(ty,Iop_Shr8),
3811 mkexpr(dst0),
3812 binop(Iop_Sub8,mkU8(8*sz), mkexpr(rot_amt))
3813 )
3814 )
3815 );
3816 ccOp += AMD64G_CC_OP_ROLB;
3817
3818 } else { /* right */
3819
3820 /* dst1 = (dst0 >>u rot_amt) | (dst0 << (wordsize-rot_amt)) */
3821 assign(dst1,
3822 binop( mkSizedOp(ty,Iop_Or8),
3823 binop( mkSizedOp(ty,Iop_Shr8),
3824 mkexpr(dst0),
3825 mkexpr(rot_amt)
3826 ),
3827 binop( mkSizedOp(ty,Iop_Shl8),
3828 mkexpr(dst0),
3829 binop(Iop_Sub8,mkU8(8*sz), mkexpr(rot_amt))
3830 )
3831 )
3832 );
3833 ccOp += AMD64G_CC_OP_RORB;
3834
3835 }
3836
3837 /* dst1 now holds the rotated value. Build flag thunk. We
3838 need the resulting value for this, and the previous flags.
3839 Except don't set it if the rotate count is zero. */
3840
3841 assign(oldFlags, mk_amd64g_calculate_rflags_all());
3842
3843 /* rot_amt64 :: Ity_I8. We need to convert it to I1. */
3844 IRTemp rot_amt64b = newTemp(Ity_I1);
3845 assign(rot_amt64b, binop(Iop_CmpNE8, mkexpr(rot_amt64), mkU8(0)) );
3846
3847 /* CC_DEP1 is the rotated value. CC_NDEP is flags before. */
3848 stmt( IRStmt_Put( OFFB_CC_OP,
3849 IRExpr_ITE( mkexpr(rot_amt64b),
3850 mkU64(ccOp),
3851 IRExpr_Get(OFFB_CC_OP,Ity_I64) ) ));
3852 stmt( IRStmt_Put( OFFB_CC_DEP1,
3853 IRExpr_ITE( mkexpr(rot_amt64b),
3854 widenUto64(mkexpr(dst1)),
3855 IRExpr_Get(OFFB_CC_DEP1,Ity_I64) ) ));
3856 stmt( IRStmt_Put( OFFB_CC_DEP2,
3857 IRExpr_ITE( mkexpr(rot_amt64b),
3858 mkU64(0),
3859 IRExpr_Get(OFFB_CC_DEP2,Ity_I64) ) ));
3860 stmt( IRStmt_Put( OFFB_CC_NDEP,
3861 IRExpr_ITE( mkexpr(rot_amt64b),
3862 mkexpr(oldFlags),
3863 IRExpr_Get(OFFB_CC_NDEP,Ity_I64) ) ));
3864 } /* if (isRotate) */
3865
3866 /* Save result, and finish up. */
3867 if (epartIsReg(modrm)) {
3868 putIRegE(sz, pfx, modrm, mkexpr(dst1));
3869 if (vex_traceflags & VEX_TRACE_FE) {
3870 vex_printf("%s%c ",
3871 nameGrp2(gregLO3ofRM(modrm)), nameISize(sz) );
3872 if (shift_expr_txt)
3873 vex_printf("%s", shift_expr_txt);
3874 else
3875 ppIRExpr(shift_expr);
3876 vex_printf(", %s\n", nameIRegE(sz,pfx,modrm));
3877 }
3878 } else {
3879 storeLE(mkexpr(addr), mkexpr(dst1));
3880 if (vex_traceflags & VEX_TRACE_FE) {
3881 vex_printf("%s%c ",
3882 nameGrp2(gregLO3ofRM(modrm)), nameISize(sz) );
3883 if (shift_expr_txt)
3884 vex_printf("%s", shift_expr_txt);
3885 else
3886 ppIRExpr(shift_expr);
3887 vex_printf(", %s\n", dis_buf);
3888 }
3889 }
3890 return delta;
3891 }
3892
3893
3894 /* Group 8 extended opcodes (but BT/BTS/BTC/BTR only). */
3895 static
3896 ULong dis_Grp8_Imm ( const VexAbiInfo* vbi,
3897 Prefix pfx,
3898 Long delta, UChar modrm,
3899 Int am_sz, Int sz, ULong src_val,
3900 Bool* decode_OK )
3901 {
3902 /* src_val denotes a d8.
3903 And delta on entry points at the modrm byte. */
3904
3905 IRType ty = szToITy(sz);
3906 IRTemp t2 = newTemp(Ity_I64);
3907 IRTemp t2m = newTemp(Ity_I64);
3908 IRTemp t_addr = IRTemp_INVALID;
3909 HChar dis_buf[50];
3910 ULong mask;
3911
3912 /* we're optimists :-) */
3913 *decode_OK = True;
3914
3915 /* Check whether F2 or F3 are acceptable. */
3916 if (epartIsReg(modrm)) {
3917 /* F2 or F3 are not allowed in the register case. */
3918 if (haveF2orF3(pfx)) {
3919 *decode_OK = False;
3920 return delta;
3921 }
3922 } else {
3923 /* F2 or F3 (but not both) are allowable provided LOCK is also
3924 present. */
3925 if (haveF2orF3(pfx)) {
3926 if (haveF2andF3(pfx) || !haveLOCK(pfx)) {
3927 *decode_OK = False;
3928 return delta;
3929 }
3930 }
3931 }
3932
3933 /* Limit src_val -- the bit offset -- to something within a word.
3934 The Intel docs say that literal offsets larger than a word are
3935 masked in this way. */
3936 switch (sz) {
3937 case 2: src_val &= 15; break;
3938 case 4: src_val &= 31; break;
3939 case 8: src_val &= 63; break;
3940 default: *decode_OK = False; return delta;
3941 }
3942
3943 /* Invent a mask suitable for the operation. */
3944 switch (gregLO3ofRM(modrm)) {
3945 case 4: /* BT */ mask = 0; break;
3946 case 5: /* BTS */ mask = 1ULL << src_val; break;
3947 case 6: /* BTR */ mask = ~(1ULL << src_val); break;
3948 case 7: /* BTC */ mask = 1ULL << src_val; break;
3949 /* If this needs to be extended, probably simplest to make a
3950 new function to handle the other cases (0 .. 3). The
3951 Intel docs do however not indicate any use for 0 .. 3, so
3952 we don't expect this to happen. */
3953 default: *decode_OK = False; return delta;
3954 }
3955
3956 /* Fetch the value to be tested and modified into t2, which is
3957 64-bits wide regardless of sz. */
3958 if (epartIsReg(modrm)) {
3959 vassert(am_sz == 1);
3960 assign( t2, widenUto64(getIRegE(sz, pfx, modrm)) );
3961 delta += (am_sz + 1);
3962 DIP("%s%c $0x%llx, %s\n", nameGrp8(gregLO3ofRM(modrm)),
3963 nameISize(sz),
3964 src_val, nameIRegE(sz,pfx,modrm));
3965 } else {
3966 Int len;
3967 t_addr = disAMode ( &len, vbi, pfx, delta, dis_buf, 1 );
3968 delta += (len+1);
3969 assign( t2, widenUto64(loadLE(ty, mkexpr(t_addr))) );
3970 DIP("%s%c $0x%llx, %s\n", nameGrp8(gregLO3ofRM(modrm)),
3971 nameISize(sz),
3972 src_val, dis_buf);
3973 }
3974
3975 /* Compute the new value into t2m, if non-BT. */
3976 switch (gregLO3ofRM(modrm)) {
3977 case 4: /* BT */
3978 break;
3979 case 5: /* BTS */
3980 assign( t2m, binop(Iop_Or64, mkU64(mask), mkexpr(t2)) );
3981 break;
3982 case 6: /* BTR */
3983 assign( t2m, binop(Iop_And64, mkU64(mask), mkexpr(t2)) );
3984 break;
3985 case 7: /* BTC */
3986 assign( t2m, binop(Iop_Xor64, mkU64(mask), mkexpr(t2)) );
3987 break;
3988 default:
3989 /*NOTREACHED*/ /*the previous switch guards this*/
3990 vassert(0);
3991 }
3992
3993 /* Write the result back, if non-BT. */
3994 if (gregLO3ofRM(modrm) != 4 /* BT */) {
3995 if (epartIsReg(modrm)) {
3996 putIRegE(sz, pfx, modrm, narrowTo(ty, mkexpr(t2m)));
3997 } else {
3998 if (haveLOCK(pfx)) {
3999 casLE( mkexpr(t_addr),
4000 narrowTo(ty, mkexpr(t2))/*expd*/,
4001 narrowTo(ty, mkexpr(t2m))/*new*/,
4002 guest_RIP_curr_instr );
4003 } else {
4004 storeLE(mkexpr(t_addr), narrowTo(ty, mkexpr(t2m)));
4005 }
4006 }
4007 }
4008
4009 /* Copy relevant bit from t2 into the carry flag. */
4010 /* Flags: C=selected bit, O,S,Z,A,P undefined, so are set to zero. */
4011 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
4012 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
4013 stmt( IRStmt_Put(
4014 OFFB_CC_DEP1,
4015 binop(Iop_And64,
4016 binop(Iop_Shr64, mkexpr(t2), mkU8(src_val)),
4017 mkU64(1))
4018 ));
4019 /* Set NDEP even though it isn't used. This makes redundant-PUT
4020 elimination of previous stores to this field work better. */
4021 stmt( IRStmt_Put( OFFB_CC_NDEP, mkU64(0) ));
4022
4023 return delta;
4024 }
4025
4026
4027 /* Signed/unsigned widening multiply. Generate IR to multiply the
4028 value in RAX/EAX/AX/AL by the given IRTemp, and park the result in
4029 RDX:RAX/EDX:EAX/DX:AX/AX.
4030 */
4031 static void codegen_mulL_A_D ( Int sz, Bool syned,
4032 IRTemp tmp, const HChar* tmp_txt )
4033 {
4034 IRType ty = szToITy(sz);
4035 IRTemp t1 = newTemp(ty);
4036
4037 assign( t1, getIRegRAX(sz) );
4038
4039 switch (ty) {
4040 case Ity_I64: {
4041 IRTemp res128 = newTemp(Ity_I128);
4042 IRTemp resHi = newTemp(Ity_I64);
4043 IRTemp resLo = newTemp(Ity_I64);
4044 IROp mulOp = syned ? Iop_MullS64 : Iop_MullU64;
4045 UInt tBaseOp = syned ? AMD64G_CC_OP_SMULB : AMD64G_CC_OP_UMULB;
4046 setFlags_MUL ( Ity_I64, t1, tmp, tBaseOp );
4047 assign( res128, binop(mulOp, mkexpr(t1), mkexpr(tmp)) );
4048 assign( resHi, unop(Iop_128HIto64,mkexpr(res128)));
4049 assign( resLo, unop(Iop_128to64,mkexpr(res128)));
4050 putIReg64(R_RDX, mkexpr(resHi));
4051 putIReg64(R_RAX, mkexpr(resLo));
4052 break;
4053 }
4054 case Ity_I32: {
4055 IRTemp res64 = newTemp(Ity_I64);
4056 IRTemp resHi = newTemp(Ity_I32);
4057 IRTemp resLo = newTemp(Ity_I32);
4058 IROp mulOp = syned ? Iop_MullS32 : Iop_MullU32;
4059 UInt tBaseOp = syned ? AMD64G_CC_OP_SMULB : AMD64G_CC_OP_UMULB;
4060 setFlags_MUL ( Ity_I32, t1, tmp, tBaseOp );
4061 assign( res64, binop(mulOp, mkexpr(t1), mkexpr(tmp)) );
4062 assign( resHi, unop(Iop_64HIto32,mkexpr(res64)));
4063 assign( resLo, unop(Iop_64to32,mkexpr(res64)));
4064 putIRegRDX(4, mkexpr(resHi));
4065 putIRegRAX(4, mkexpr(resLo));
4066 break;
4067 }
4068 case Ity_I16: {
4069 IRTemp res32 = newTemp(Ity_I32);
4070 IRTemp resHi = newTemp(Ity_I16);
4071 IRTemp resLo = newTemp(Ity_I16);
4072 IROp mulOp = syned ? Iop_MullS16 : Iop_MullU16;
4073 UInt tBaseOp = syned ? AMD64G_CC_OP_SMULB : AMD64G_CC_OP_UMULB;
4074 setFlags_MUL ( Ity_I16, t1, tmp, tBaseOp );
4075 assign( res32, binop(mulOp, mkexpr(t1), mkexpr(tmp)) );
4076 assign( resHi, unop(Iop_32HIto16,mkexpr(res32)));
4077 assign( resLo, unop(Iop_32to16,mkexpr(res32)));
4078 putIRegRDX(2, mkexpr(resHi));
4079 putIRegRAX(2, mkexpr(resLo));
4080 break;
4081 }
4082 case Ity_I8: {
4083 IRTemp res16 = newTemp(Ity_I16);
4084 IRTemp resHi = newTemp(Ity_I8);
4085 IRTemp resLo = newTemp(Ity_I8);
4086 IROp mulOp = syned ? Iop_MullS8 : Iop_MullU8;
4087 UInt tBaseOp = syned ? AMD64G_CC_OP_SMULB : AMD64G_CC_OP_UMULB;
4088 setFlags_MUL ( Ity_I8, t1, tmp, tBaseOp );
4089 assign( res16, binop(mulOp, mkexpr(t1), mkexpr(tmp)) );
4090 assign( resHi, unop(Iop_16HIto8,mkexpr(res16)));
4091 assign( resLo, unop(Iop_16to8,mkexpr(res16)));
4092 putIRegRAX(2, mkexpr(res16));
4093 break;
4094 }
4095 default:
4096 ppIRType(ty);
4097 vpanic("codegen_mulL_A_D(amd64)");
4098 }
4099 DIP("%s%c %s\n", syned ? "imul" : "mul", nameISize(sz), tmp_txt);
4100 }
4101
4102
4103 /* Group 3 extended opcodes. We have to decide here whether F2 and F3
4104 might be valid.*/
4105 static
4106 ULong dis_Grp3 ( const VexAbiInfo* vbi,
4107 Prefix pfx, Int sz, Long delta, Bool* decode_OK )
4108 {
4109 Long d64;
4110 UChar modrm;
4111 HChar dis_buf[50];
4112 Int len;
4113 IRTemp addr;
4114 IRType ty = szToITy(sz);
4115 IRTemp t1 = newTemp(ty);
4116 IRTemp dst1, src, dst0;
4117 *decode_OK = True;
4118 modrm = getUChar(delta);
4119 if (epartIsReg(modrm)) {
4120 /* F2/XACQ and F3/XREL are always invalid in the non-mem case. */
4121 if (haveF2orF3(pfx)) goto unhandled;
4122 switch (gregLO3ofRM(modrm)) {
4123 case 0: { /* TEST */
4124 delta++;
4125 d64 = getSDisp(imin(4,sz), delta);
4126 delta += imin(4,sz);
4127 dst1 = newTemp(ty);
4128 assign(dst1, binop(mkSizedOp(ty,Iop_And8),
4129 getIRegE(sz,pfx,modrm),
4130 mkU(ty, d64 & mkSizeMask(sz))));
4131 setFlags_DEP1( Iop_And8, dst1, ty );
4132 DIP("test%c $%lld, %s\n",
4133 nameISize(sz), d64,
4134 nameIRegE(sz, pfx, modrm));
4135 break;
4136 }
4137 case 1:
4138 *decode_OK = False;
4139 return delta;
4140 case 2: /* NOT */
4141 delta++;
4142 putIRegE(sz, pfx, modrm,
4143 unop(mkSizedOp(ty,Iop_Not8),
4144 getIRegE(sz, pfx, modrm)));
4145 DIP("not%c %s\n", nameISize(sz),
4146 nameIRegE(sz, pfx, modrm));
4147 break;
4148 case 3: /* NEG */
4149 delta++;
4150 dst0 = newTemp(ty);
4151 src = newTemp(ty);
4152 dst1 = newTemp(ty);
4153 assign(dst0, mkU(ty,0));
4154 assign(src, getIRegE(sz, pfx, modrm));
4155 assign(dst1, binop(mkSizedOp(ty,Iop_Sub8), mkexpr(dst0),
4156 mkexpr(src)));
4157 setFlags_DEP1_DEP2(Iop_Sub8, dst0, src, ty);
4158 putIRegE(sz, pfx, modrm, mkexpr(dst1));
4159 DIP("neg%c %s\n", nameISize(sz), nameIRegE(sz, pfx, modrm));
4160 break;
4161 case 4: /* MUL (unsigned widening) */
4162 delta++;
4163 src = newTemp(ty);
4164 assign(src, getIRegE(sz,pfx,modrm));
4165 codegen_mulL_A_D ( sz, False, src,
4166 nameIRegE(sz,pfx,modrm) );
4167 break;
4168 case 5: /* IMUL (signed widening) */
4169 delta++;
4170 src = newTemp(ty);
4171 assign(src, getIRegE(sz,pfx,modrm));
4172 codegen_mulL_A_D ( sz, True, src,
4173 nameIRegE(sz,pfx,modrm) );
4174 break;
4175 case 6: /* DIV */
4176 delta++;
4177 assign( t1, getIRegE(sz, pfx, modrm) );
4178 codegen_div ( sz, t1, False );
4179 DIP("div%c %s\n", nameISize(sz),
4180 nameIRegE(sz, pfx, modrm));
4181 break;
4182 case 7: /* IDIV */
4183 delta++;
4184 assign( t1, getIRegE(sz, pfx, modrm) );
4185 codegen_div ( sz, t1, True );
4186 DIP("idiv%c %s\n", nameISize(sz),
4187 nameIRegE(sz, pfx, modrm));
4188 break;
4189 default:
4190 /*NOTREACHED*/
4191 vpanic("Grp3(amd64,R)");
4192 }
4193 } else {
4194 /* Decide if F2/XACQ or F3/XREL might be valid. */
4195 Bool validF2orF3 = haveF2orF3(pfx) ? False : True;
4196 if ((gregLO3ofRM(modrm) == 3/*NEG*/ || gregLO3ofRM(modrm) == 2/*NOT*/)
4197 && haveF2orF3(pfx) && !haveF2andF3(pfx) && haveLOCK(pfx)) {
4198 validF2orF3 = True;
4199 }
4200 if (!validF2orF3) goto unhandled;
4201 /* */
4202 addr = disAMode ( &len, vbi, pfx, delta, dis_buf,
4203 /* we have to inform disAMode of any immediate
4204 bytes used */
4205 gregLO3ofRM(modrm)==0/*TEST*/
4206 ? imin(4,sz)
4207 : 0
4208 );
4209 t1 = newTemp(ty);
4210 delta += len;
4211 assign(t1, loadLE(ty,mkexpr(addr)));
4212 switch (gregLO3ofRM(modrm)) {
4213 case 0: { /* TEST */
4214 d64 = getSDisp(imin(4,sz), delta);
4215 delta += imin(4,sz);
4216 dst1 = newTemp(ty);
4217 assign(dst1, binop(mkSizedOp(ty,Iop_And8),
4218 mkexpr(t1),
4219 mkU(ty, d64 & mkSizeMask(sz))));
4220 setFlags_DEP1( Iop_And8, dst1, ty );
4221 DIP("test%c $%lld, %s\n", nameISize(sz), d64, dis_buf);
4222 break;
4223 }
4224 case 1:
4225 *decode_OK = False;
4226 return delta;
4227 case 2: /* NOT */
4228 dst1 = newTemp(ty);
4229 assign(dst1, unop(mkSizedOp(ty,Iop_Not8), mkexpr(t1)));
4230 if (haveLOCK(pfx)) {
4231 casLE( mkexpr(addr), mkexpr(t1)/*expd*/, mkexpr(dst1)/*new*/,
4232 guest_RIP_curr_instr );
4233 } else {
4234 storeLE( mkexpr(addr), mkexpr(dst1) );
4235 }
4236 DIP("not%c %s\n", nameISize(sz), dis_buf);
4237 break;
4238 case 3: /* NEG */
4239 dst0 = newTemp(ty);
4240 src = newTemp(ty);
4241 dst1 = newTemp(ty);
4242 assign(dst0, mkU(ty,0));
4243 assign(src, mkexpr(t1));
4244 assign(dst1, binop(mkSizedOp(ty,Iop_Sub8), mkexpr(dst0),
4245 mkexpr(src)));
4246 if (haveLOCK(pfx)) {
4247 casLE( mkexpr(addr), mkexpr(t1)/*expd*/, mkexpr(dst1)/*new*/,
4248 guest_RIP_curr_instr );
4249 } else {
4250 storeLE( mkexpr(addr), mkexpr(dst1) );
4251 }
4252 setFlags_DEP1_DEP2(Iop_Sub8, dst0, src, ty);
4253 DIP("neg%c %s\n", nameISize(sz), dis_buf);
4254 break;
4255 case 4: /* MUL (unsigned widening) */
4256 codegen_mulL_A_D ( sz, False, t1, dis_buf );
4257 break;
4258 case 5: /* IMUL */
4259 codegen_mulL_A_D ( sz, True, t1, dis_buf );
4260 break;
4261 case 6: /* DIV */
4262 codegen_div ( sz, t1, False );
4263 DIP("div%c %s\n", nameISize(sz), dis_buf);
4264 break;
4265 case 7: /* IDIV */
4266 codegen_div ( sz, t1, True );
4267 DIP("idiv%c %s\n", nameISize(sz), dis_buf);
4268 break;
4269 default:
4270 /*NOTREACHED*/
4271 vpanic("Grp3(amd64,M)");
4272 }
4273 }
4274 return delta;
4275 unhandled:
4276 *decode_OK = False;
4277 return delta;
4278 }
4279
4280
4281 /* Group 4 extended opcodes. We have to decide here whether F2 and F3
4282 might be valid. */
4283 static
4284 ULong dis_Grp4 ( const VexAbiInfo* vbi,
4285 Prefix pfx, Long delta, Bool* decode_OK )
4286 {
4287 Int alen;
4288 UChar modrm;
4289 HChar dis_buf[50];
4290 IRType ty = Ity_I8;
4291 IRTemp t1 = newTemp(ty);
4292 IRTemp t2 = newTemp(ty);
4293
4294 *decode_OK = True;
4295
4296 modrm = getUChar(delta);
4297 if (epartIsReg(modrm)) {
4298 /* F2/XACQ and F3/XREL are always invalid in the non-mem case. */
4299 if (haveF2orF3(pfx)) goto unhandled;
4300 assign(t1, getIRegE(1, pfx, modrm));
4301 switch (gregLO3ofRM(modrm)) {
4302 case 0: /* INC */
4303 assign(t2, binop(Iop_Add8, mkexpr(t1), mkU8(1)));
4304 putIRegE(1, pfx, modrm, mkexpr(t2));
4305 setFlags_INC_DEC( True, t2, ty );
4306 break;
4307 case 1: /* DEC */
4308 assign(t2, binop(Iop_Sub8, mkexpr(t1), mkU8(1)));
4309 putIRegE(1, pfx, modrm, mkexpr(t2));
4310 setFlags_INC_DEC( False, t2, ty );
4311 break;
4312 default:
4313 *decode_OK = False;
4314 return delta;
4315 }
4316 delta++;
4317 DIP("%sb %s\n", nameGrp4(gregLO3ofRM(modrm)),
4318 nameIRegE(1, pfx, modrm));
4319 } else {
4320 /* Decide if F2/XACQ or F3/XREL might be valid. */
4321 Bool validF2orF3 = haveF2orF3(pfx) ? False : True;
4322 if ((gregLO3ofRM(modrm) == 0/*INC*/ || gregLO3ofRM(modrm) == 1/*DEC*/)
4323 && haveF2orF3(pfx) && !haveF2andF3(pfx) && haveLOCK(pfx)) {
4324 validF2orF3 = True;
4325 }
4326 if (!validF2orF3) goto unhandled;
4327 /* */
4328 IRTemp addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
4329 assign( t1, loadLE(ty, mkexpr(addr)) );
4330 switch (gregLO3ofRM(modrm)) {
4331 case 0: /* INC */
4332 assign(t2, binop(Iop_Add8, mkexpr(t1), mkU8(1)));
4333 if (haveLOCK(pfx)) {
4334 casLE( mkexpr(addr), mkexpr(t1)/*expd*/, mkexpr(t2)/*new*/,
4335 guest_RIP_curr_instr );
4336 } else {
4337 storeLE( mkexpr(addr), mkexpr(t2) );
4338 }
4339 setFlags_INC_DEC( True, t2, ty );
4340 break;
4341 case 1: /* DEC */
4342 assign(t2, binop(Iop_Sub8, mkexpr(t1), mkU8(1)));
4343 if (haveLOCK(pfx)) {
4344 casLE( mkexpr(addr), mkexpr(t1)/*expd*/, mkexpr(t2)/*new*/,
4345 guest_RIP_curr_instr );
4346 } else {
4347 storeLE( mkexpr(addr), mkexpr(t2) );
4348 }
4349 setFlags_INC_DEC( False, t2, ty );
4350 break;
4351 default:
4352 *decode_OK = False;
4353 return delta;
4354 }
4355 delta += alen;
4356 DIP("%sb %s\n", nameGrp4(gregLO3ofRM(modrm)), dis_buf);
4357 }
4358 return delta;
4359 unhandled:
4360 *decode_OK = False;
4361 return delta;
4362 }
4363
4364
4365 /* Group 5 extended opcodes. We have to decide here whether F2 and F3
4366 might be valid. */
4367 static
4368 ULong dis_Grp5 ( const VexAbiInfo* vbi,
4369 Prefix pfx, Int sz, Long delta,
4370 /*MOD*/DisResult* dres, /*OUT*/Bool* decode_OK )
4371 {
4372 Int len;
4373 UChar modrm;
4374 HChar dis_buf[50];
4375 IRTemp addr = IRTemp_INVALID;
4376 IRType ty = szToITy(sz);
4377 IRTemp t1 = newTemp(ty);
4378 IRTemp t2 = IRTemp_INVALID;
4379 IRTemp t3 = IRTemp_INVALID;
4380 Bool showSz = True;
4381
4382 *decode_OK = True;
4383
4384 modrm = getUChar(delta);
4385 if (epartIsReg(modrm)) {
4386 /* F2/XACQ and F3/XREL are always invalid in the non-mem case.
4387 F2/CALL and F2/JMP may have bnd prefix. */
4388 if (haveF2orF3(pfx)
4389 && ! (haveF2(pfx)
4390 && (gregLO3ofRM(modrm) == 2 || gregLO3ofRM(modrm) == 4)))
4391 goto unhandledR;
4392 assign(t1, getIRegE(sz,pfx,modrm));
4393 switch (gregLO3ofRM(modrm)) {
4394 case 0: /* INC */
4395 t2 = newTemp(ty);
4396 assign(t2, binop(mkSizedOp(ty,Iop_Add8),
4397 mkexpr(t1), mkU(ty,1)));
4398 setFlags_INC_DEC( True, t2, ty );
4399 putIRegE(sz,pfx,modrm, mkexpr(t2));
4400 break;
4401 case 1: /* DEC */
4402 t2 = newTemp(ty);
4403 assign(t2, binop(mkSizedOp(ty,Iop_Sub8),
4404 mkexpr(t1), mkU(ty,1)));
4405 setFlags_INC_DEC( False, t2, ty );
4406 putIRegE(sz,pfx,modrm, mkexpr(t2));
4407 break;
4408 case 2: /* call Ev */
4409 /* Ignore any sz value and operate as if sz==8. */
4410 if (!(sz == 4 || sz == 8)) goto unhandledR;
4411 if (haveF2(pfx)) DIP("bnd ; "); /* MPX bnd prefix. */
4412 sz = 8;
4413 t3 = newTemp(Ity_I64);
4414 assign(t3, getIRegE(sz,pfx,modrm));
4415 t2 = newTemp(Ity_I64);
4416 assign(t2, binop(Iop_Sub64, getIReg64(R_RSP), mkU64(8)));
4417 putIReg64(R_RSP, mkexpr(t2));
4418 storeLE( mkexpr(t2), mkU64(guest_RIP_bbstart+delta+1));
4419 make_redzone_AbiHint(vbi, t2, t3/*nia*/, "call-Ev(reg)");
4420 jmp_treg(dres, Ijk_Call, t3);
4421 vassert(dres->whatNext == Dis_StopHere);
4422 showSz = False;
4423 break;
4424 case 4: /* jmp Ev */
4425 /* Ignore any sz value and operate as if sz==8. */
4426 if (!(sz == 4 || sz == 8)) goto unhandledR;
4427 if (haveF2(pfx)) DIP("bnd ; "); /* MPX bnd prefix. */
4428 sz = 8;
4429 t3 = newTemp(Ity_I64);
4430 assign(t3, getIRegE(sz,pfx,modrm));
4431 jmp_treg(dres, Ijk_Boring, t3);
4432 vassert(dres->whatNext == Dis_StopHere);
4433 showSz = False;
4434 break;
4435 case 6: /* PUSH Ev */
4436 /* There is no encoding for 32-bit operand size; hence ... */
4437 if (sz == 4) sz = 8;
4438 if (sz == 8 || sz == 2) {
4439 ty = szToITy(sz); /* redo it, since sz might have changed */
4440 t3 = newTemp(ty);
4441 assign(t3, getIRegE(sz,pfx,modrm));
4442 t2 = newTemp(Ity_I64);
4443 assign( t2, binop(Iop_Sub64,getIReg64(R_RSP),mkU64(sz)) );
4444 putIReg64(R_RSP, mkexpr(t2) );
4445 storeLE( mkexpr(t2), mkexpr(t3) );
4446 break;
4447 } else {
4448 goto unhandledR; /* awaiting test case */
4449 }
4450 default:
4451 unhandledR:
4452 *decode_OK = False;
4453 return delta;
4454 }
4455 delta++;
4456 DIP("%s%c %s\n", nameGrp5(gregLO3ofRM(modrm)),
4457 showSz ? nameISize(sz) : ' ',
4458 nameIRegE(sz, pfx, modrm));
4459 } else {
4460 /* Decide if F2/XACQ, F3/XREL, F2/CALL or F2/JMP might be valid. */
4461 Bool validF2orF3 = haveF2orF3(pfx) ? False : True;
4462 if ((gregLO3ofRM(modrm) == 0/*INC*/ || gregLO3ofRM(modrm) == 1/*DEC*/)
4463 && haveF2orF3(pfx) && !haveF2andF3(pfx) && haveLOCK(pfx)) {
4464 validF2orF3 = True;
4465 } else if ((gregLO3ofRM(modrm) == 2 || gregLO3ofRM(modrm) == 4)
4466 && (haveF2(pfx) && !haveF3(pfx))) {
4467 validF2orF3 = True;
4468 }
4469 if (!validF2orF3) goto unhandledM;
4470 /* */
4471 addr = disAMode ( &len, vbi, pfx, delta, dis_buf, 0 );
4472 if (gregLO3ofRM(modrm) != 2 && gregLO3ofRM(modrm) != 4
4473 && gregLO3ofRM(modrm) != 6) {
4474 assign(t1, loadLE(ty,mkexpr(addr)));
4475 }
4476 switch (gregLO3ofRM(modrm)) {
4477 case 0: /* INC */
4478 t2 = newTemp(ty);
4479 assign(t2, binop(mkSizedOp(ty,Iop_Add8),
4480 mkexpr(t1), mkU(ty,1)));
4481 if (haveLOCK(pfx)) {
4482 casLE( mkexpr(addr),
4483 mkexpr(t1), mkexpr(t2), guest_RIP_curr_instr );
4484 } else {
4485 storeLE(mkexpr(addr),mkexpr(t2));
4486 }
4487 setFlags_INC_DEC( True, t2, ty );
4488 break;
4489 case 1: /* DEC */
4490 t2 = newTemp(ty);
4491 assign(t2, binop(mkSizedOp(ty,Iop_Sub8),
4492 mkexpr(t1), mkU(ty,1)));
4493 if (haveLOCK(pfx)) {
4494 casLE( mkexpr(addr),
4495 mkexpr(t1), mkexpr(t2), guest_RIP_curr_instr );
4496 } else {
4497 storeLE(mkexpr(addr),mkexpr(t2));
4498 }
4499 setFlags_INC_DEC( False, t2, ty );
4500 break;
4501 case 2: /* call Ev */
4502 /* Ignore any sz value and operate as if sz==8. */
4503 if (!(sz == 4 || sz == 8)) goto unhandledM;
4504 if (haveF2(pfx)) DIP("bnd ; "); /* MPX bnd prefix. */
4505 sz = 8;
4506 t3 = newTemp(Ity_I64);
4507 assign(t3, loadLE(Ity_I64,mkexpr(addr)));
4508 t2 = newTemp(Ity_I64);
4509 assign(t2, binop(Iop_Sub64, getIReg64(R_RSP), mkU64(8)));
4510 putIReg64(R_RSP, mkexpr(t2));
4511 storeLE( mkexpr(t2), mkU64(guest_RIP_bbstart+delta+len));
4512 make_redzone_AbiHint(vbi, t2, t3/*nia*/, "call-Ev(mem)");
4513 jmp_treg(dres, Ijk_Call, t3);
4514 vassert(dres->whatNext == Dis_StopHere);
4515 showSz = False;
4516 break;
4517 case 4: /* JMP Ev */
4518 /* Ignore any sz value and operate as if sz==8. */
4519 if (!(sz == 4 || sz == 8)) goto unhandledM;
4520 if (haveF2(pfx)) DIP("bnd ; "); /* MPX bnd prefix. */
4521 sz = 8;
4522 t3 = newTemp(Ity_I64);
4523 assign(t3, loadLE(Ity_I64,mkexpr(addr)));
4524 jmp_treg(dres, Ijk_Boring, t3);
4525 vassert(dres->whatNext == Dis_StopHere);
4526 showSz = False;
4527 break;
4528 case 6: /* PUSH Ev */
4529 /* There is no encoding for 32-bit operand size; hence ... */
4530 if (sz == 4) sz = 8;
4531 if (sz == 8 || sz == 2) {
4532 ty = szToITy(sz); /* redo it, since sz might have changed */
4533 t3 = newTemp(ty);
4534 assign(t3, loadLE(ty,mkexpr(addr)));
4535 t2 = newTemp(Ity_I64);
4536 assign( t2, binop(Iop_Sub64,getIReg64(R_RSP),mkU64(sz)) );
4537 putIReg64(R_RSP, mkexpr(t2) );
4538 storeLE( mkexpr(t2), mkexpr(t3) );
4539 break;
4540 } else {
4541 goto unhandledM; /* awaiting test case */
4542 }
4543 default:
4544 unhandledM:
4545 *decode_OK = False;
4546 return delta;
4547 }
4548 delta += len;
4549 DIP("%s%c %s\n", nameGrp5(gregLO3ofRM(modrm)),
4550 showSz ? nameISize(sz) : ' ',
4551 dis_buf);
4552 }
4553 return delta;
4554 }
4555
4556
4557 /*------------------------------------------------------------*/
4558 /*--- Disassembling string ops (including REP prefixes) ---*/
4559 /*------------------------------------------------------------*/
4560
4561 /* Code shared by all the string ops */
4562 static
4563 void dis_string_op_increment ( Int sz, IRTemp t_inc )
4564 {
4565 UChar logSz;
4566 if (sz == 8 || sz == 4 || sz == 2) {
4567 logSz = 1;
4568 if (sz == 4) logSz = 2;
4569 if (sz == 8) logSz = 3;
4570 assign( t_inc,
4571 binop(Iop_Shl64, IRExpr_Get( OFFB_DFLAG, Ity_I64 ),
4572 mkU8(logSz) ) );
4573 } else {
4574 assign( t_inc,
4575 IRExpr_Get( OFFB_DFLAG, Ity_I64 ) );
4576 }
4577 }
4578
4579 static
4580 void dis_string_op( void (*dis_OP)( Int, IRTemp, Prefix pfx ),
4581 Int sz, const HChar* name, Prefix pfx )
4582 {
4583 IRTemp t_inc = newTemp(Ity_I64);
4584 /* Really we ought to inspect the override prefixes, but we don't.
4585 The following assertion catches any resulting sillyness. */
4586 vassert(pfx == clearSegBits(pfx));
4587 dis_string_op_increment(sz, t_inc);
4588 dis_OP( sz, t_inc, pfx );
4589 DIP("%s%c\n", name, nameISize(sz));
4590 }
4591
4592 static
4593 void dis_MOVS ( Int sz, IRTemp t_inc, Prefix pfx )
4594 {
4595 IRType ty = szToITy(sz);
4596 IRTemp td = newTemp(Ity_I64); /* RDI */
4597 IRTemp ts = newTemp(Ity_I64); /* RSI */
4598 IRExpr *incd, *incs;
4599
4600 if (haveASO(pfx)) {
4601 assign( td, unop(Iop_32Uto64, getIReg32(R_RDI)) );
4602 assign( ts, unop(Iop_32Uto64, getIReg32(R_RSI)) );
4603 } else {
4604 assign( td, getIReg64(R_RDI) );
4605 assign( ts, getIReg64(R_RSI) );
4606 }
4607
4608 storeLE( mkexpr(td), loadLE(ty,mkexpr(ts)) );
4609
4610 incd = binop(Iop_Add64, mkexpr(td), mkexpr(t_inc));
4611 incs = binop(Iop_Add64, mkexpr(ts), mkexpr(t_inc));
4612 if (haveASO(pfx)) {
4613 incd = unop(Iop_32Uto64, unop(Iop_64to32, incd));
4614 incs = unop(Iop_32Uto64, unop(Iop_64to32, incs));
4615 }
4616 putIReg64( R_RDI, incd );
4617 putIReg64( R_RSI, incs );
4618 }
4619
4620 static
4621 void dis_LODS ( Int sz, IRTemp t_inc, Prefix pfx )
4622 {
4623 IRType ty = szToITy(sz);
4624 IRTemp ts = newTemp(Ity_I64); /* RSI */
4625 IRExpr *incs;
4626
4627 if (haveASO(pfx))
4628 assign( ts, unop(Iop_32Uto64, getIReg32(R_RSI)) );
4629 else
4630 assign( ts, getIReg64(R_RSI) );
4631
4632 putIRegRAX ( sz, loadLE(ty, mkexpr(ts)) );
4633
4634 incs = binop(Iop_Add64, mkexpr(ts), mkexpr(t_inc));
4635 if (haveASO(pfx))
4636 incs = unop(Iop_32Uto64, unop(Iop_64to32, incs));
4637 putIReg64( R_RSI, incs );
4638 }
4639
4640 static
4641 void dis_STOS ( Int sz, IRTemp t_inc, Prefix pfx )
4642 {
4643 IRType ty = szToITy(sz);
4644 IRTemp ta = newTemp(ty); /* rAX */
4645 IRTemp td = newTemp(Ity_I64); /* RDI */
4646 IRExpr *incd;
4647
4648 assign( ta, getIRegRAX(sz) );
4649
4650 if (haveASO(pfx))
4651 assign( td, unop(Iop_32Uto64, getIReg32(R_RDI)) );
4652 else
4653 assign( td, getIReg64(R_RDI) );
4654
4655 storeLE( mkexpr(td), mkexpr(ta) );
4656
4657 incd = binop(Iop_Add64, mkexpr(td), mkexpr(t_inc));
4658 if (haveASO(pfx))
4659 incd = unop(Iop_32Uto64, unop(Iop_64to32, incd));
4660 putIReg64( R_RDI, incd );
4661 }
4662
4663 static
4664 void dis_CMPS ( Int sz, IRTemp t_inc, Prefix pfx )
4665 {
4666 IRType ty = szToITy(sz);
4667 IRTemp tdv = newTemp(ty); /* (RDI) */
4668 IRTemp tsv = newTemp(ty); /* (RSI) */
4669 IRTemp td = newTemp(Ity_I64); /* RDI */
4670 IRTemp ts = newTemp(Ity_I64); /* RSI */
4671 IRExpr *incd, *incs;
4672
4673 if (haveASO(pfx)) {
4674 assign( td, unop(Iop_32Uto64, getIReg32(R_RDI)) );
4675 assign( ts, unop(Iop_32Uto64, getIReg32(R_RSI)) );
4676 } else {
4677 assign( td, getIReg64(R_RDI) );
4678 assign( ts, getIReg64(R_RSI) );
4679 }
4680
4681 assign( tdv, loadLE(ty,mkexpr(td)) );
4682
4683 assign( tsv, loadLE(ty,mkexpr(ts)) );
4684
4685 setFlags_DEP1_DEP2 ( Iop_Sub8, tsv, tdv, ty );
4686
4687 incd = binop(Iop_Add64, mkexpr(td), mkexpr(t_inc));
4688 incs = binop(Iop_Add64, mkexpr(ts), mkexpr(t_inc));
4689 if (haveASO(pfx)) {
4690 incd = unop(Iop_32Uto64, unop(Iop_64to32, incd));
4691 incs = unop(Iop_32Uto64, unop(Iop_64to32, incs));
4692 }
4693 putIReg64( R_RDI, incd );
4694 putIReg64( R_RSI, incs );
4695 }
4696
4697 static
4698 void dis_SCAS ( Int sz, IRTemp t_inc, Prefix pfx )
4699 {
4700 IRType ty = szToITy(sz);
4701 IRTemp ta = newTemp(ty); /* rAX */
4702 IRTemp td = newTemp(Ity_I64); /* RDI */
4703 IRTemp tdv = newTemp(ty); /* (RDI) */
4704 IRExpr *incd;
4705
4706 assign( ta, getIRegRAX(sz) );
4707
4708 if (haveASO(pfx))
4709 assign( td, unop(Iop_32Uto64, getIReg32(R_RDI)) );
4710 else
4711 assign( td, getIReg64(R_RDI) );
4712
4713 assign( tdv, loadLE(ty,mkexpr(td)) );
4714
4715 setFlags_DEP1_DEP2 ( Iop_Sub8, ta, tdv, ty );
4716
4717 incd = binop(Iop_Add64, mkexpr(td), mkexpr(t_inc));
4718 if (haveASO(pfx))
4719 incd = unop(Iop_32Uto64, unop(Iop_64to32, incd));
4720 putIReg64( R_RDI, incd );
4721 }
4722
4723
4724 /* Wrap the appropriate string op inside a REP/REPE/REPNE. We assume
4725 the insn is the last one in the basic block, and so emit a jump to
4726 the next insn, rather than just falling through. */
4727 static
4728 void dis_REP_op ( /*MOD*/DisResult* dres,
4729 AMD64Condcode cond,
4730 void (*dis_OP)(Int, IRTemp, Prefix),
4731 Int sz, Addr64 rip, Addr64 rip_next, const HChar* name,
4732 Prefix pfx )
4733 {
4734 IRTemp t_inc = newTemp(Ity_I64);
4735 IRTemp tc;
4736 IRExpr* cmp;
4737
4738 /* Really we ought to inspect the override prefixes, but we don't.
4739 The following assertion catches any resulting sillyness. */
4740 vassert(pfx == clearSegBits(pfx));
4741
4742 if (haveASO(pfx)) {
4743 tc = newTemp(Ity_I32); /* ECX */
4744 assign( tc, getIReg32(R_RCX) );
4745 cmp = binop(Iop_CmpEQ32, mkexpr(tc), mkU32(0));
4746 } else {
4747 tc = newTemp(Ity_I64); /* RCX */
4748 assign( tc, getIReg64(R_RCX) );
4749 cmp = binop(Iop_CmpEQ64, mkexpr(tc), mkU64(0));
4750 }
4751
4752 stmt( IRStmt_Exit( cmp, Ijk_Boring,
4753 IRConst_U64(rip_next), OFFB_RIP ) );
4754
4755 if (haveASO(pfx))
4756 putIReg32(R_RCX, binop(Iop_Sub32, mkexpr(tc), mkU32(1)) );
4757 else
4758 putIReg64(R_RCX, binop(Iop_Sub64, mkexpr(tc), mkU64(1)) );
4759
4760 dis_string_op_increment(sz, t_inc);
4761 dis_OP (sz, t_inc, pfx);
4762
4763 if (cond == AMD64CondAlways) {
4764 jmp_lit(dres, Ijk_Boring, rip);
4765 vassert(dres->whatNext == Dis_StopHere);
4766 } else {
4767 stmt( IRStmt_Exit( mk_amd64g_calculate_condition(cond),
4768 Ijk_Boring,
4769 IRConst_U64(rip),
4770 OFFB_RIP ) );
4771 jmp_lit(dres, Ijk_Boring, rip_next);
4772 vassert(dres->whatNext == Dis_StopHere);
4773 }
4774 DIP("%s%c\n", name, nameISize(sz));
4775 }
4776
4777
4778 /*------------------------------------------------------------*/
4779 /*--- Arithmetic, etc. ---*/
4780 /*------------------------------------------------------------*/
4781
4782 /* IMUL E, G. Supplied eip points to the modR/M byte. */
4783 static
4784 ULong dis_mul_E_G ( const VexAbiInfo* vbi,
4785 Prefix pfx,
4786 Int size,
4787 Long delta0 )
4788 {
4789 Int alen;
4790 HChar dis_buf[50];
4791 UChar rm = getUChar(delta0);
4792 IRType ty = szToITy(size);
4793 IRTemp te = newTemp(ty);
4794 IRTemp tg = newTemp(ty);
4795 IRTemp resLo = newTemp(ty);
4796
4797 assign( tg, getIRegG(size, pfx, rm) );
4798 if (epartIsReg(rm)) {
4799 assign( te, getIRegE(size, pfx, rm) );
4800 } else {
4801 IRTemp addr = disAMode( &alen, vbi, pfx, delta0, dis_buf, 0 );
4802 assign( te, loadLE(ty,mkexpr(addr)) );
4803 }
4804
4805 setFlags_MUL ( ty, te, tg, AMD64G_CC_OP_SMULB );
4806
4807 assign( resLo, binop( mkSizedOp(ty, Iop_Mul8), mkexpr(te), mkexpr(tg) ) );
4808
4809 putIRegG(size, pfx, rm, mkexpr(resLo) );
4810
4811 if (epartIsReg(rm)) {
4812 DIP("imul%c %s, %s\n", nameISize(size),
4813 nameIRegE(size,pfx,rm),
4814 nameIRegG(size,pfx,rm));
4815 return 1+delta0;
4816 } else {
4817 DIP("imul%c %s, %s\n", nameISize(size),
4818 dis_buf,
4819 nameIRegG(size,pfx,rm));
4820 return alen+delta0;
4821 }
4822 }
4823
4824
4825 /* IMUL I * E -> G. Supplied rip points to the modR/M byte. */
4826 static
4827 ULong dis_imul_I_E_G ( const VexAbiInfo* vbi,
4828 Prefix pfx,
4829 Int size,
4830 Long delta,
4831 Int litsize )
4832 {
4833 Long d64;
4834 Int alen;
4835 HChar dis_buf[50];
4836 UChar rm = getUChar(delta);
4837 IRType ty = szToITy(size);
4838 IRTemp te = newTemp(ty);
4839 IRTemp tl = newTemp(ty);
4840 IRTemp resLo = newTemp(ty);
4841
4842 vassert(/*size == 1 ||*/ size == 2 || size == 4 || size == 8);
4843
4844 if (epartIsReg(rm)) {
4845 assign(te, getIRegE(size, pfx, rm));
4846 delta++;
4847 } else {
4848 IRTemp addr = disAMode( &alen, vbi, pfx, delta, dis_buf,
4849 imin(4,litsize) );
4850 assign(te, loadLE(ty, mkexpr(addr)));
4851 delta += alen;
4852 }
4853 d64 = getSDisp(imin(4,litsize),delta);
4854 delta += imin(4,litsize);
4855
4856 d64 &= mkSizeMask(size);
4857 assign(tl, mkU(ty,d64));
4858
4859 assign( resLo, binop( mkSizedOp(ty, Iop_Mul8), mkexpr(te), mkexpr(tl) ));
4860
4861 setFlags_MUL ( ty, te, tl, AMD64G_CC_OP_SMULB );
4862
4863 putIRegG(size, pfx, rm, mkexpr(resLo));
4864
4865 DIP("imul%c $%lld, %s, %s\n",
4866 nameISize(size), d64,
4867 ( epartIsReg(rm) ? nameIRegE(size,pfx,rm) : dis_buf ),
4868 nameIRegG(size,pfx,rm) );
4869 return delta;
4870 }
4871
4872
4873 /* Generate an IR sequence to do a popcount operation on the supplied
4874 IRTemp, and return a new IRTemp holding the result. 'ty' may be
4875 Ity_I16, Ity_I32 or Ity_I64 only. */
4876 static IRTemp gen_POPCOUNT ( IRType ty, IRTemp src )
4877 {
4878 Int i;
4879 if (ty == Ity_I16) {
4880 IRTemp old = IRTemp_INVALID;
4881 IRTemp nyu = IRTemp_INVALID;
4882 IRTemp mask[4], shift[4];
4883 for (i = 0; i < 4; i++) {
4884 mask[i] = newTemp(ty);
4885 shift[i] = 1 << i;
4886 }
4887 assign(mask[0], mkU16(0x5555));
4888 assign(mask[1], mkU16(0x3333));
4889 assign(mask[2], mkU16(0x0F0F));
4890 assign(mask[3], mkU16(0x00FF));
4891 old = src;
4892 for (i = 0; i < 4; i++) {
4893 nyu = newTemp(ty);
4894 assign(nyu,
4895 binop(Iop_Add16,
4896 binop(Iop_And16,
4897 mkexpr(old),
4898 mkexpr(mask[i])),
4899 binop(Iop_And16,
4900 binop(Iop_Shr16, mkexpr(old), mkU8(shift[i])),
4901 mkexpr(mask[i]))));
4902 old = nyu;
4903 }
4904 return nyu;
4905 }
4906 if (ty == Ity_I32) {
4907 IRTemp old = IRTemp_INVALID;
4908 IRTemp nyu = IRTemp_INVALID;
4909 IRTemp mask[5], shift[5];
4910 for (i = 0; i < 5; i++) {
4911 mask[i] = newTemp(ty);
4912 shift[i] = 1 << i;
4913 }
4914 assign(mask[0], mkU32(0x55555555));
4915 assign(mask[1], mkU32(0x33333333));
4916 assign(mask[2], mkU32(0x0F0F0F0F));
4917 assign(mask[3], mkU32(0x00FF00FF));
4918 assign(mask[4], mkU32(0x0000FFFF));
4919 old = src;
4920 for (i = 0; i < 5; i++) {
4921 nyu = newTemp(ty);
4922 assign(nyu,
4923 binop(Iop_Add32,
4924 binop(Iop_And32,
4925 mkexpr(old),
4926 mkexpr(mask[i])),
4927 binop(Iop_And32,
4928 binop(Iop_Shr32, mkexpr(old), mkU8(shift[i])),
4929 mkexpr(mask[i]))));
4930 old = nyu;
4931 }
4932 return nyu;
4933 }
4934 if (ty == Ity_I64) {
4935 IRTemp old = IRTemp_INVALID;
4936 IRTemp nyu = IRTemp_INVALID;
4937 IRTemp mask[6], shift[6];
4938 for (i = 0; i < 6; i++) {
4939 mask[i] = newTemp(ty);
4940 shift[i] = 1 << i;
4941 }
4942 assign(mask[0], mkU64(0x5555555555555555ULL));
4943 assign(mask[1], mkU64(0x3333333333333333ULL));
4944 assign(mask[2], mkU64(0x0F0F0F0F0F0F0F0FULL));
4945 assign(mask[3], mkU64(0x00FF00FF00FF00FFULL));
4946 assign(mask[4], mkU64(0x0000FFFF0000FFFFULL));
4947 assign(mask[5], mkU64(0x00000000FFFFFFFFULL));
4948 old = src;
4949 for (i = 0; i < 6; i++) {
4950 nyu = newTemp(ty);
4951 assign(nyu,
4952 binop(Iop_Add64,
4953 binop(Iop_And64,
4954 mkexpr(old),
4955 mkexpr(mask[i])),
4956 binop(Iop_And64,
4957 binop(Iop_Shr64, mkexpr(old), mkU8(shift[i])),
4958 mkexpr(mask[i]))));
4959 old = nyu;
4960 }
4961 return nyu;
4962 }
4963 /*NOTREACHED*/
4964 vassert(0);
4965 }
4966
4967
4968 /* Generate an IR sequence to do a count-leading-zeroes operation on
4969 the supplied IRTemp, and return a new IRTemp holding the result.
4970 'ty' may be Ity_I16, Ity_I32 or Ity_I64 only. In the case where
4971 the argument is zero, return the number of bits in the word (the
4972 natural semantics). */
4973 static IRTemp gen_LZCNT ( IRType ty, IRTemp src )
4974 {
4975 vassert(ty == Ity_I64 || ty == Ity_I32 || ty == Ity_I16);
4976
4977 IRTemp src64 = newTemp(Ity_I64);
4978 assign(src64, widenUto64( mkexpr(src) ));
4979
4980 IRTemp src64x = newTemp(Ity_I64);
4981 assign(src64x,
4982 binop(Iop_Shl64, mkexpr(src64),
4983 mkU8(64 - 8 * sizeofIRType(ty))));
4984
4985 // Clz64 has undefined semantics when its input is zero, so
4986 // special-case around that.
4987 IRTemp res64 = newTemp(Ity_I64);
4988 assign(res64,
4989 IRExpr_ITE(
4990 binop(Iop_CmpEQ64, mkexpr(src64x), mkU64(0)),
4991 mkU64(8 * sizeofIRType(ty)),
4992 unop(Iop_Clz64, mkexpr(src64x))
4993 ));
4994
4995 IRTemp res = newTemp(ty);
4996 assign(res, narrowTo(ty, mkexpr(res64)));
4997 return res;
4998 }
4999
5000
5001 /* Generate an IR sequence to do a count-trailing-zeroes operation on
5002 the supplied IRTemp, and return a new IRTemp holding the result.
5003 'ty' may be Ity_I16, Ity_I32 or Ity_I64 only. In the case where
5004 the argument is zero, return the number of bits in the word (the
5005 natural semantics). */
5006 static IRTemp gen_TZCNT ( IRType ty, IRTemp src )
5007 {
5008 vassert(ty == Ity_I64 || ty == Ity_I32 || ty == Ity_I16);
5009
5010 IRTemp src64 = newTemp(Ity_I64);
5011 assign(src64, widenUto64( mkexpr(src) ));
5012
5013 // Ctz64 has undefined semantics when its input is zero, so
5014 // special-case around that.
5015 IRTemp res64 = newTemp(Ity_I64);
5016 assign(res64,
5017 IRExpr_ITE(
5018 binop(Iop_CmpEQ64, mkexpr(src64), mkU64(0)),
5019 mkU64(8 * sizeofIRType(ty)),
5020 unop(Iop_Ctz64, mkexpr(src64))
5021 ));
5022
5023 IRTemp res = newTemp(ty);
5024 assign(res, narrowTo(ty, mkexpr(res64)));
5025 return res;
5026 }
5027
5028
5029 /*------------------------------------------------------------*/
5030 /*--- ---*/
5031 /*--- x87 FLOATING POINT INSTRUCTIONS ---*/
5032 /*--- ---*/
5033 /*------------------------------------------------------------*/
5034
5035 /* --- Helper functions for dealing with the register stack. --- */
5036
5037 /* --- Set the emulation-warning pseudo-register. --- */
5038
5039 static void put_emwarn ( IRExpr* e /* :: Ity_I32 */ )
5040 {
5041 vassert(typeOfIRExpr(irsb->tyenv, e) == Ity_I32);
5042 stmt( IRStmt_Put( OFFB_EMNOTE, e ) );
5043 }
5044
5045 /* --- Produce an IRExpr* denoting a 64-bit QNaN. --- */
5046
5047 static IRExpr* mkQNaN64 ( void )
5048 {
5049 /* QNaN is 0 2047 1 0(51times)
5050 == 0b 11111111111b 1 0(51times)
5051 == 0x7FF8 0000 0000 0000
5052 */
5053 return IRExpr_Const(IRConst_F64i(0x7FF8000000000000ULL));
5054 }
5055
5056 /* --------- Get/put the top-of-stack pointer :: Ity_I32 --------- */
5057
5058 static IRExpr* get_ftop ( void )
5059 {
5060 return IRExpr_Get( OFFB_FTOP, Ity_I32 );
5061 }
5062
5063 static void put_ftop ( IRExpr* e )
5064 {
5065 vassert(typeOfIRExpr(irsb->tyenv, e) == Ity_I32);
5066 stmt( IRStmt_Put( OFFB_FTOP, e ) );
5067 }
5068
5069 /* --------- Get/put the C3210 bits. --------- */
5070
5071 static IRExpr* /* :: Ity_I64 */ get_C3210 ( void )
5072 {
5073 return IRExpr_Get( OFFB_FC3210, Ity_I64 );
5074 }
5075
5076 static void put_C3210 ( IRExpr* e /* :: Ity_I64 */ )
5077 {
5078 vassert(typeOfIRExpr(irsb->tyenv, e) == Ity_I64);
5079 stmt( IRStmt_Put( OFFB_FC3210, e ) );
5080 }
5081
5082 /* --------- Get/put the FPU rounding mode. --------- */
5083 static IRExpr* /* :: Ity_I32 */ get_fpround ( void )
5084 {
5085 return unop(Iop_64to32, IRExpr_Get( OFFB_FPROUND, Ity_I64 ));
5086 }
5087
5088 static void put_fpround ( IRExpr* /* :: Ity_I32 */ e )
5089 {
5090 vassert(typeOfIRExpr(irsb->tyenv, e) == Ity_I32);
5091 stmt( IRStmt_Put( OFFB_FPROUND, unop(Iop_32Uto64,e) ) );
5092 }
5093
5094
5095 /* --------- Synthesise a 2-bit FPU rounding mode. --------- */
5096 /* Produces a value in 0 .. 3, which is encoded as per the type
5097 IRRoundingMode. Since the guest_FPROUND value is also encoded as
5098 per IRRoundingMode, we merely need to get it and mask it for
5099 safety.
5100 */
5101 static IRExpr* /* :: Ity_I32 */ get_roundingmode ( void )
5102 {
5103 return binop( Iop_And32, get_fpround(), mkU32(3) );
5104 }
5105
5106 static IRExpr* /* :: Ity_I32 */ get_FAKE_roundingmode ( void )
5107 {
5108 return mkU32(Irrm_NEAREST);
5109 }
5110
5111
5112 /* --------- Get/set FP register tag bytes. --------- */
5113
5114 /* Given i, and some expression e, generate 'ST_TAG(i) = e'. */
5115
5116 static void put_ST_TAG ( Int i, IRExpr* value )
5117 {
5118 IRRegArray* descr;
5119 vassert(typeOfIRExpr(irsb->tyenv, value) == Ity_I8);
5120 descr = mkIRRegArray( OFFB_FPTAGS, Ity_I8, 8 );
5121 stmt( IRStmt_PutI( mkIRPutI(descr, get_ftop(), i, value) ) );
5122 }
5123
5124 /* Given i, generate an expression yielding 'ST_TAG(i)'. This will be
5125 zero to indicate "Empty" and nonzero to indicate "NonEmpty". */
5126
5127 static IRExpr* get_ST_TAG ( Int i )
5128 {
5129 IRRegArray* descr = mkIRRegArray( OFFB_FPTAGS, Ity_I8, 8 );
5130 return IRExpr_GetI( descr, get_ftop(), i );
5131 }
5132
5133
5134 /* --------- Get/set FP registers. --------- */
5135
5136 /* Given i, and some expression e, emit 'ST(i) = e' and set the
5137 register's tag to indicate the register is full. The previous
5138 state of the register is not checked. */
5139
5140 static void put_ST_UNCHECKED ( Int i, IRExpr* value )
5141 {
5142 IRRegArray* descr;
5143 vassert(typeOfIRExpr(irsb->tyenv, value) == Ity_F64);
5144 descr = mkIRRegArray( OFFB_FPREGS, Ity_F64, 8 );
5145 stmt( IRStmt_PutI( mkIRPutI(descr, get_ftop(), i, value) ) );
5146 /* Mark the register as in-use. */
5147 put_ST_TAG(i, mkU8(1));
5148 }
5149
5150 /* Given i, and some expression e, emit
5151 ST(i) = is_full(i) ? NaN : e
5152 and set the tag accordingly.
5153 */
5154
5155 static void put_ST ( Int i, IRExpr* value )
5156 {
5157 put_ST_UNCHECKED(
5158 i,
5159 IRExpr_ITE( binop(Iop_CmpNE8, get_ST_TAG(i), mkU8(0)),
5160 /* non-0 means full */
5161 mkQNaN64(),
5162 /* 0 means empty */
5163 value
5164 )
5165 );
5166 }
5167
5168
5169 /* Given i, generate an expression yielding 'ST(i)'. */
5170
5171 static IRExpr* get_ST_UNCHECKED ( Int i )
5172 {
5173 IRRegArray* descr = mkIRRegArray( OFFB_FPREGS, Ity_F64, 8 );
5174 return IRExpr_GetI( descr, get_ftop(), i );
5175 }
5176
5177
5178 /* Given i, generate an expression yielding
5179 is_full(i) ? ST(i) : NaN
5180 */
5181
5182 static IRExpr* get_ST ( Int i )
5183 {
5184 return
5185 IRExpr_ITE( binop(Iop_CmpNE8, get_ST_TAG(i), mkU8(0)),
5186 /* non-0 means full */
5187 get_ST_UNCHECKED(i),
5188 /* 0 means empty */
5189 mkQNaN64());
5190 }
5191
5192
5193 /* Given i, and some expression e, and a condition cond, generate IR
5194 which has the same effect as put_ST(i,e) when cond is true and has
5195 no effect when cond is false. Given the lack of proper
5196 if-then-else in the IR, this is pretty tricky.
5197 */
5198
5199 static void maybe_put_ST ( IRTemp cond, Int i, IRExpr* value )
5200 {
5201 // new_tag = if cond then FULL else old_tag
5202 // new_val = if cond then (if old_tag==FULL then NaN else val)
5203 // else old_val
5204
5205 IRTemp old_tag = newTemp(Ity_I8);
5206 assign(old_tag, get_ST_TAG(i));
5207 IRTemp new_tag = newTemp(Ity_I8);
5208 assign(new_tag,
5209 IRExpr_ITE(mkexpr(cond), mkU8(1)/*FULL*/, mkexpr(old_tag)));
5210
5211 IRTemp old_val = newTemp(Ity_F64);
5212 assign(old_val, get_ST_UNCHECKED(i));
5213 IRTemp new_val = newTemp(Ity_F64);
5214 assign(new_val,
5215 IRExpr_ITE(mkexpr(cond),
5216 IRExpr_ITE(binop(Iop_CmpNE8, mkexpr(old_tag), mkU8(0)),
5217 /* non-0 means full */
5218 mkQNaN64(),
5219 /* 0 means empty */
5220 value),
5221 mkexpr(old_val)));
5222
5223 put_ST_UNCHECKED(i, mkexpr(new_val));
5224 // put_ST_UNCHECKED incorrectly sets tag(i) to always be FULL. So
5225 // now set it to new_tag instead.
5226 put_ST_TAG(i, mkexpr(new_tag));
5227 }
5228
5229 /* Adjust FTOP downwards by one register. */
5230
5231 static void fp_push ( void )
5232 {
5233 put_ftop( binop(Iop_Sub32, get_ftop(), mkU32(1)) );
5234 }
5235
5236 /* Adjust FTOP downwards by one register when COND is 1:I1. Else
5237 don't change it. */
5238
5239 static void maybe_fp_push ( IRTemp cond )
5240 {
5241 put_ftop( binop(Iop_Sub32, get_ftop(), unop(Iop_1Uto32,mkexpr(cond))) );
5242 }
5243
5244 /* Adjust FTOP upwards by one register, and mark the vacated register
5245 as empty. */
5246
5247 static void fp_pop ( void )
5248 {
5249 put_ST_TAG(0, mkU8(0));
5250 put_ftop( binop(Iop_Add32, get_ftop(), mkU32(1)) );
5251 }
5252
5253 /* Set the C2 bit of the FPU status register to e[0]. Assumes that
5254 e[31:1] == 0.
5255 */
5256 static void set_C2 ( IRExpr* e )
5257 {
5258 IRExpr* cleared = binop(Iop_And64, get_C3210(), mkU64(~AMD64G_FC_MASK_C2));
5259 put_C3210( binop(Iop_Or64,
5260 cleared,
5261 binop(Iop_Shl64, e, mkU8(AMD64G_FC_SHIFT_C2))) );
5262 }
5263
5264 /* Generate code to check that abs(d64) < 2^63 and is finite. This is
5265 used to do the range checks for FSIN, FCOS, FSINCOS and FPTAN. The
5266 test is simple, but the derivation of it is not so simple.
5267
5268 The exponent field for an IEEE754 double is 11 bits. That means it
5269 can take values 0 through 0x7FF. If the exponent has value 0x7FF,
5270 the number is either a NaN or an Infinity and so is not finite.
5271 Furthermore, a finite value of exactly 2^63 is the smallest value
5272 that has exponent value 0x43E. Hence, what we need to do is
5273 extract the exponent, ignoring the sign bit and mantissa, and check
5274 it is < 0x43E, or <= 0x43D.
5275
5276 To make this easily applicable to 32- and 64-bit targets, a
5277 roundabout approach is used. First the number is converted to I64,
5278 then the top 32 bits are taken. Shifting them right by 20 bits
5279 places the sign bit and exponent in the bottom 12 bits. Anding
5280 with 0x7FF gets rid of the sign bit, leaving just the exponent
5281 available for comparison.
5282 */
5283 static IRTemp math_IS_TRIG_ARG_FINITE_AND_IN_RANGE ( IRTemp d64 )
5284 {
5285 IRTemp i64 = newTemp(Ity_I64);
5286 assign(i64, unop(Iop_ReinterpF64asI64, mkexpr(d64)) );
5287 IRTemp exponent = newTemp(Ity_I32);
5288 assign(exponent,
5289 binop(Iop_And32,
5290 binop(Iop_Shr32, unop(Iop_64HIto32, mkexpr(i64)), mkU8(20)),
5291 mkU32(0x7FF)));
5292 IRTemp in_range_and_finite = newTemp(Ity_I1);
5293 assign(in_range_and_finite,
5294 binop(Iop_CmpLE32U, mkexpr(exponent), mkU32(0x43D)));
5295 return in_range_and_finite;
5296 }
5297
5298 /* Invent a plausible-looking FPU status word value:
5299 ((ftop & 7) << 11) | (c3210 & 0x4700)
5300 */
5301 static IRExpr* get_FPU_sw ( void )
5302 {
5303 return
5304 unop(Iop_32to16,
5305 binop(Iop_Or32,
5306 binop(Iop_Shl32,
5307 binop(Iop_And32, get_ftop(), mkU32(7)),
5308 mkU8(11)),
5309 binop(Iop_And32, unop(Iop_64to32, get_C3210()),
5310 mkU32(0x4700))
5311 ));
5312 }
5313
5314
5315 /* Generate a dirty helper call that initialises the x87 state a la
5316 FINIT. If |guard| is NULL, it is done unconditionally. Otherwise
5317 |guard| is used as a guarding condition.
5318 */
5319 static void gen_FINIT_SEQUENCE ( IRExpr* guard )
5320 {
5321 /* Uses dirty helper:
5322 void amd64g_do_FINIT ( VexGuestAMD64State* ) */
5323 IRDirty* d = unsafeIRDirty_0_N (
5324 0/*regparms*/,
5325 "amd64g_dirtyhelper_FINIT",
5326 &amd64g_dirtyhelper_FINIT,
5327 mkIRExprVec_1( IRExpr_GSPTR() )
5328 );
5329
5330 /* declare we're writing guest state */
5331 d->nFxState = 5;
5332 vex_bzero(&d->fxState, sizeof(d->fxState));
5333
5334 d->fxState[0].fx = Ifx_Write;
5335 d->fxState[0].offset = OFFB_FTOP;
5336 d->fxState[0].size = sizeof(UInt);
5337
5338 d->fxState[1].fx = Ifx_Write;
5339 d->fxState[1].offset = OFFB_FPREGS;
5340 d->fxState[1].size = 8 * sizeof(ULong);
5341
5342 d->fxState[2].fx = Ifx_Write;
5343 d->fxState[2].offset = OFFB_FPTAGS;
5344 d->fxState[2].size = 8 * sizeof(UChar);
5345
5346 d->fxState[3].fx = Ifx_Write;
5347 d->fxState[3].offset = OFFB_FPROUND;
5348 d->fxState[3].size = sizeof(ULong);
5349
5350 d->fxState[4].fx = Ifx_Write;
5351 d->fxState[4].offset = OFFB_FC3210;
5352 d->fxState[4].size = sizeof(ULong);
5353
5354 if (guard)
5355 d->guard = guard;
5356
5357 stmt( IRStmt_Dirty(d) );
5358 }
5359
5360
5361 /* ------------------------------------------------------- */
5362 /* Given all that stack-mangling junk, we can now go ahead
5363 and describe FP instructions.
5364 */
5365
5366 /* ST(0) = ST(0) `op` mem64/32(addr)
5367 Need to check ST(0)'s tag on read, but not on write.
5368 */
5369 static
5370 void fp_do_op_mem_ST_0 ( IRTemp addr, const HChar* op_txt, HChar* dis_buf,
5371 IROp op, Bool dbl )
5372 {
5373 DIP("f%s%c %s\n", op_txt, dbl?'l':'s', dis_buf);
5374 if (dbl) {
5375 put_ST_UNCHECKED(0,
5376 triop( op,
5377 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
5378 get_ST(0),
5379 loadLE(Ity_F64,mkexpr(addr))
5380 ));
5381 } else {
5382 put_ST_UNCHECKED(0,
5383 triop( op,
5384 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
5385 get_ST(0),
5386 unop(Iop_F32toF64, loadLE(Ity_F32,mkexpr(addr)))
5387 ));
5388 }
5389 }
5390
5391
5392 /* ST(0) = mem64/32(addr) `op` ST(0)
5393 Need to check ST(0)'s tag on read, but not on write.
5394 */
5395 static
5396 void fp_do_oprev_mem_ST_0 ( IRTemp addr, const HChar* op_txt, HChar* dis_buf,
5397 IROp op, Bool dbl )
5398 {
5399 DIP("f%s%c %s\n", op_txt, dbl?'l':'s', dis_buf);
5400 if (dbl) {
5401 put_ST_UNCHECKED(0,
5402 triop( op,
5403 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
5404 loadLE(Ity_F64,mkexpr(addr)),
5405 get_ST(0)
5406 ));
5407 } else {
5408 put_ST_UNCHECKED(0,
5409 triop( op,
5410 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
5411 unop(Iop_F32toF64, loadLE(Ity_F32,mkexpr(addr))),
5412 get_ST(0)
5413 ));
5414 }
5415 }
5416
5417
5418 /* ST(dst) = ST(dst) `op` ST(src).
5419 Check dst and src tags when reading but not on write.
5420 */
5421 static
5422 void fp_do_op_ST_ST ( const HChar* op_txt, IROp op, UInt st_src, UInt st_dst,
5423 Bool pop_after )
5424 {
5425 DIP("f%s%s st(%u), st(%u)\n", op_txt, pop_after?"p":"", st_src, st_dst );
5426 put_ST_UNCHECKED(
5427 st_dst,
5428 triop( op,
5429 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
5430 get_ST(st_dst),
5431 get_ST(st_src) )
5432 );
5433 if (pop_after)
5434 fp_pop();
5435 }
5436
5437 /* ST(dst) = ST(src) `op` ST(dst).
5438 Check dst and src tags when reading but not on write.
5439 */
5440 static
5441 void fp_do_oprev_ST_ST ( const HChar* op_txt, IROp op, UInt st_src, UInt st_dst,
5442 Bool pop_after )
5443 {
5444 DIP("f%s%s st(%u), st(%u)\n", op_txt, pop_after?"p":"", st_src, st_dst );
5445 put_ST_UNCHECKED(
5446 st_dst,
5447 triop( op,
5448 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
5449 get_ST(st_src),
5450 get_ST(st_dst) )
5451 );
5452 if (pop_after)
5453 fp_pop();
5454 }
5455
5456 /* %rflags(Z,P,C) = UCOMI( st(0), st(i) ) */
5457 static void fp_do_ucomi_ST0_STi ( UInt i, Bool pop_after )
5458 {
5459 DIP("fucomi%s %%st(0),%%st(%u)\n", pop_after ? "p" : "", i);
5460 /* This is a bit of a hack (and isn't really right). It sets
5461 Z,P,C,O correctly, but forces A and S to zero, whereas the Intel
5462 documentation implies A and S are unchanged.
5463 */
5464 /* It's also fishy in that it is used both for COMIP and
5465 UCOMIP, and they aren't the same (although similar). */
5466 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
5467 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
5468 stmt( IRStmt_Put(
5469 OFFB_CC_DEP1,
5470 binop( Iop_And64,
5471 unop( Iop_32Uto64,
5472 binop(Iop_CmpF64, get_ST(0), get_ST(i))),
5473 mkU64(0x45)
5474 )));
5475 if (pop_after)
5476 fp_pop();
5477 }
5478
5479
5480 /* returns
5481 32to16( if e32 <s -32768 || e32 >s 32767 then -32768 else e32 )
5482 */
5483 static IRExpr* x87ishly_qnarrow_32_to_16 ( IRExpr* e32 )
5484 {
5485 IRTemp t32 = newTemp(Ity_I32);
5486 assign( t32, e32 );
5487 return
5488 IRExpr_ITE(
5489 binop(Iop_CmpLT64U,
5490 unop(Iop_32Uto64,
5491 binop(Iop_Add32, mkexpr(t32), mkU32(32768))),
5492 mkU64(65536)),
5493 unop(Iop_32to16, mkexpr(t32)),
5494 mkU16( 0x8000 ) );
5495 }
5496
5497
5498 static
5499 ULong dis_FPU ( /*OUT*/Bool* decode_ok,
5500 const VexAbiInfo* vbi, Prefix pfx, Long delta )
5501 {
5502 Int len;
5503 UInt r_src, r_dst;
5504 HChar dis_buf[50];
5505 IRTemp t1, t2;
5506
5507 /* On entry, delta points at the second byte of the insn (the modrm
5508 byte).*/
5509 UChar first_opcode = getUChar(delta-1);
5510 UChar modrm = getUChar(delta+0);
5511
5512 /* -+-+-+-+-+-+-+-+-+-+-+-+ 0xD8 opcodes +-+-+-+-+-+-+-+ */
5513
5514 if (first_opcode == 0xD8) {
5515 if (modrm < 0xC0) {
5516
5517 /* bits 5,4,3 are an opcode extension, and the modRM also
5518 specifies an address. */
5519 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
5520 delta += len;
5521
5522 switch (gregLO3ofRM(modrm)) {
5523
5524 case 0: /* FADD single-real */
5525 fp_do_op_mem_ST_0 ( addr, "add", dis_buf, Iop_AddF64, False );
5526 break;
5527
5528 case 1: /* FMUL single-real */
5529 fp_do_op_mem_ST_0 ( addr, "mul", dis_buf, Iop_MulF64, False );
5530 break;
5531
5532 case 2: /* FCOM single-real */
5533 DIP("fcoms %s\n", dis_buf);
5534 /* This forces C1 to zero, which isn't right. */
5535 /* The AMD documentation suggests that forcing C1 to
5536 zero is correct (Eliot Moss) */
5537 put_C3210(
5538 unop( Iop_32Uto64,
5539 binop( Iop_And32,
5540 binop(Iop_Shl32,
5541 binop(Iop_CmpF64,
5542 get_ST(0),
5543 unop(Iop_F32toF64,
5544 loadLE(Ity_F32,mkexpr(addr)))),
5545 mkU8(8)),
5546 mkU32(0x4500)
5547 )));
5548 break;
5549
5550 case 3: /* FCOMP single-real */
5551 /* The AMD documentation suggests that forcing C1 to
5552 zero is correct (Eliot Moss) */
5553 DIP("fcomps %s\n", dis_buf);
5554 /* This forces C1 to zero, which isn't right. */
5555 put_C3210(
5556 unop( Iop_32Uto64,
5557 binop( Iop_And32,
5558 binop(Iop_Shl32,
5559 binop(Iop_CmpF64,
5560 get_ST(0),
5561 unop(Iop_F32toF64,
5562 loadLE(Ity_F32,mkexpr(addr)))),
5563 mkU8(8)),
5564 mkU32(0x4500)
5565 )));
5566 fp_pop();
5567 break;
5568
5569 case 4: /* FSUB single-real */
5570 fp_do_op_mem_ST_0 ( addr, "sub", dis_buf, Iop_SubF64, False );
5571 break;
5572
5573 case 5: /* FSUBR single-real */
5574 fp_do_oprev_mem_ST_0 ( addr, "subr", dis_buf, Iop_SubF64, False );
5575 break;
5576
5577 case 6: /* FDIV single-real */
5578 fp_do_op_mem_ST_0 ( addr, "div", dis_buf, Iop_DivF64, False );
5579 break;
5580
5581 case 7: /* FDIVR single-real */
5582 fp_do_oprev_mem_ST_0 ( addr, "divr", dis_buf, Iop_DivF64, False );
5583 break;
5584
5585 default:
5586 vex_printf("unhandled opc_aux = 0x%2x\n",
5587 (UInt)gregLO3ofRM(modrm));
5588 vex_printf("first_opcode == 0xD8\n");
5589 goto decode_fail;
5590 }
5591 } else {
5592 delta++;
5593 switch (modrm) {
5594
5595 case 0xC0 ... 0xC7: /* FADD %st(?),%st(0) */
5596 fp_do_op_ST_ST ( "add", Iop_AddF64, modrm - 0xC0, 0, False );
5597 break;
5598
5599 case 0xC8 ... 0xCF: /* FMUL %st(?),%st(0) */
5600 fp_do_op_ST_ST ( "mul", Iop_MulF64, modrm - 0xC8, 0, False );
5601 break;
5602
5603 /* Dunno if this is right */
5604 case 0xD0 ... 0xD7: /* FCOM %st(?),%st(0) */
5605 r_dst = (UInt)modrm - 0xD0;
5606 DIP("fcom %%st(0),%%st(%u)\n", r_dst);
5607 /* This forces C1 to zero, which isn't right. */
5608 put_C3210(
5609 unop(Iop_32Uto64,
5610 binop( Iop_And32,
5611 binop(Iop_Shl32,
5612 binop(Iop_CmpF64, get_ST(0), get_ST(r_dst)),
5613 mkU8(8)),
5614 mkU32(0x4500)
5615 )));
5616 break;
5617
5618 /* Dunno if this is right */
5619 case 0xD8 ... 0xDF: /* FCOMP %st(?),%st(0) */
5620 r_dst = (UInt)modrm - 0xD8;
5621 DIP("fcomp %%st(0),%%st(%u)\n", r_dst);
5622 /* This forces C1 to zero, which isn't right. */
5623 put_C3210(
5624 unop(Iop_32Uto64,
5625 binop( Iop_And32,
5626 binop(Iop_Shl32,
5627 binop(Iop_CmpF64, get_ST(0), get_ST(r_dst)),
5628 mkU8(8)),
5629 mkU32(0x4500)
5630 )));
5631 fp_pop();
5632 break;
5633
5634 case 0xE0 ... 0xE7: /* FSUB %st(?),%st(0) */
5635 fp_do_op_ST_ST ( "sub", Iop_SubF64, modrm - 0xE0, 0, False );
5636 break;
5637
5638 case 0xE8 ... 0xEF: /* FSUBR %st(?),%st(0) */
5639 fp_do_oprev_ST_ST ( "subr", Iop_SubF64, modrm - 0xE8, 0, False );
5640 break;
5641
5642 case 0xF0 ... 0xF7: /* FDIV %st(?),%st(0) */
5643 fp_do_op_ST_ST ( "div", Iop_DivF64, modrm - 0xF0, 0, False );
5644 break;
5645
5646 case 0xF8 ... 0xFF: /* FDIVR %st(?),%st(0) */
5647 fp_do_oprev_ST_ST ( "divr", Iop_DivF64, modrm - 0xF8, 0, False );
5648 break;
5649
5650 default:
5651 goto decode_fail;
5652 }
5653 }
5654 }
5655
5656 /* -+-+-+-+-+-+-+-+-+-+-+-+ 0xD9 opcodes +-+-+-+-+-+-+-+ */
5657 else
5658 if (first_opcode == 0xD9) {
5659 if (modrm < 0xC0) {
5660
5661 /* bits 5,4,3 are an opcode extension, and the modRM also
5662 specifies an address. */
5663 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
5664 delta += len;
5665
5666 switch (gregLO3ofRM(modrm)) {
5667
5668 case 0: /* FLD single-real */
5669 DIP("flds %s\n", dis_buf);
5670 fp_push();
5671 put_ST(0, unop(Iop_F32toF64,
5672 loadLE(Ity_F32, mkexpr(addr))));
5673 break;
5674
5675 case 2: /* FST single-real */
5676 DIP("fsts %s\n", dis_buf);
5677 storeLE(mkexpr(addr),
5678 binop(Iop_F64toF32, get_roundingmode(), get_ST(0)));
5679 break;
5680
5681 case 3: /* FSTP single-real */
5682 DIP("fstps %s\n", dis_buf);
5683 storeLE(mkexpr(addr),
5684 binop(Iop_F64toF32, get_roundingmode(), get_ST(0)));
5685 fp_pop();
5686 break;
5687
5688 case 4: { /* FLDENV m28 */
5689 /* Uses dirty helper:
5690 VexEmNote amd64g_do_FLDENV ( VexGuestX86State*, HWord ) */
5691 IRTemp ew = newTemp(Ity_I32);
5692 IRTemp w64 = newTemp(Ity_I64);
5693 IRDirty* d = unsafeIRDirty_0_N (
5694 0/*regparms*/,
5695 "amd64g_dirtyhelper_FLDENV",
5696 &amd64g_dirtyhelper_FLDENV,
5697 mkIRExprVec_2( IRExpr_GSPTR(), mkexpr(addr) )
5698 );
5699 d->tmp = w64;
5700 /* declare we're reading memory */
5701 d->mFx = Ifx_Read;
5702 d->mAddr = mkexpr(addr);
5703 d->mSize = 28;
5704
5705 /* declare we're writing guest state */
5706 d->nFxState = 4;
5707 vex_bzero(&d->fxState, sizeof(d->fxState));
5708
5709 d->fxState[0].fx = Ifx_Write;
5710 d->fxState[0].offset = OFFB_FTOP;
5711 d->fxState[0].size = sizeof(UInt);
5712
5713 d->fxState[1].fx = Ifx_Write;
5714 d->fxState[1].offset = OFFB_FPTAGS;
5715 d->fxState[1].size = 8 * sizeof(UChar);
5716
5717 d->fxState[2].fx = Ifx_Write;
5718 d->fxState[2].offset = OFFB_FPROUND;
5719 d->fxState[2].size = sizeof(ULong);
5720
5721 d->fxState[3].fx = Ifx_Write;
5722 d->fxState[3].offset = OFFB_FC3210;
5723 d->fxState[3].size = sizeof(ULong);
5724
5725 stmt( IRStmt_Dirty(d) );
5726
5727 /* ew contains any emulation warning we may need to
5728 issue. If needed, side-exit to the next insn,
5729 reporting the warning, so that Valgrind's dispatcher
5730 sees the warning. */
5731 assign(ew, unop(Iop_64to32,mkexpr(w64)) );
5732 put_emwarn( mkexpr(ew) );
5733 stmt(
5734 IRStmt_Exit(
5735 binop(Iop_CmpNE32, mkexpr(ew), mkU32(0)),
5736 Ijk_EmWarn,
5737 IRConst_U64( guest_RIP_bbstart+delta ),
5738 OFFB_RIP
5739 )
5740 );
5741
5742 DIP("fldenv %s\n", dis_buf);
5743 break;
5744 }
5745
5746 case 5: {/* FLDCW */
5747 /* The only thing we observe in the control word is the
5748 rounding mode. Therefore, pass the 16-bit value
5749 (x87 native-format control word) to a clean helper,
5750 getting back a 64-bit value, the lower half of which
5751 is the FPROUND value to store, and the upper half of
5752 which is the emulation-warning token which may be
5753 generated.
5754 */
5755 /* ULong amd64h_check_fldcw ( ULong ); */
5756 IRTemp t64 = newTemp(Ity_I64);
5757 IRTemp ew = newTemp(Ity_I32);
5758 DIP("fldcw %s\n", dis_buf);
5759 assign( t64, mkIRExprCCall(
5760 Ity_I64, 0/*regparms*/,
5761 "amd64g_check_fldcw",
5762 &amd64g_check_fldcw,
5763 mkIRExprVec_1(
5764 unop( Iop_16Uto64,
5765 loadLE(Ity_I16, mkexpr(addr)))
5766 )
5767 )
5768 );
5769
5770 put_fpround( unop(Iop_64to32, mkexpr(t64)) );
5771 assign( ew, unop(Iop_64HIto32, mkexpr(t64) ) );
5772 put_emwarn( mkexpr(ew) );
5773 /* Finally, if an emulation warning was reported,
5774 side-exit to the next insn, reporting the warning,
5775 so that Valgrind's dispatcher sees the warning. */
5776 stmt(
5777 IRStmt_Exit(
5778 binop(Iop_CmpNE32, mkexpr(ew), mkU32(0)),
5779 Ijk_EmWarn,
5780 IRConst_U64( guest_RIP_bbstart+delta ),
5781 OFFB_RIP
5782 )
5783 );
5784 break;
5785 }
5786
5787 case 6: { /* FNSTENV m28 */
5788 /* Uses dirty helper:
5789 void amd64g_do_FSTENV ( VexGuestAMD64State*, HWord ) */
5790 IRDirty* d = unsafeIRDirty_0_N (
5791 0/*regparms*/,
5792 "amd64g_dirtyhelper_FSTENV",
5793 &amd64g_dirtyhelper_FSTENV,
5794 mkIRExprVec_2( IRExpr_GSPTR(), mkexpr(addr) )
5795 );
5796 /* declare we're writing memory */
5797 d->mFx = Ifx_Write;
5798 d->mAddr = mkexpr(addr);
5799 d->mSize = 28;
5800
5801 /* declare we're reading guest state */
5802 d->nFxState = 4;
5803 vex_bzero(&d->fxState, sizeof(d->fxState));
5804
5805 d->fxState[0].fx = Ifx_Read;
5806 d->fxState[0].offset = OFFB_FTOP;
5807 d->fxState[0].size = sizeof(UInt);
5808
5809 d->fxState[1].fx = Ifx_Read;
5810 d->fxState[1].offset = OFFB_FPTAGS;
5811 d->fxState[1].size = 8 * sizeof(UChar);
5812
5813 d->fxState[2].fx = Ifx_Read;
5814 d->fxState[2].offset = OFFB_FPROUND;
5815 d->fxState[2].size = sizeof(ULong);
5816
5817 d->fxState[3].fx = Ifx_Read;
5818 d->fxState[3].offset = OFFB_FC3210;
5819 d->fxState[3].size = sizeof(ULong);
5820
5821 stmt( IRStmt_Dirty(d) );
5822
5823 DIP("fnstenv %s\n", dis_buf);
5824 break;
5825 }
5826
5827 case 7: /* FNSTCW */
5828 /* Fake up a native x87 FPU control word. The only
5829 thing it depends on is FPROUND[1:0], so call a clean
5830 helper to cook it up. */
5831 /* ULong amd64g_create_fpucw ( ULong fpround ) */
5832 DIP("fnstcw %s\n", dis_buf);
5833 storeLE(
5834 mkexpr(addr),
5835 unop( Iop_64to16,
5836 mkIRExprCCall(
5837 Ity_I64, 0/*regp*/,
5838 "amd64g_create_fpucw", &amd64g_create_fpucw,
5839 mkIRExprVec_1( unop(Iop_32Uto64, get_fpround()) )
5840 )
5841 )
5842 );
5843 break;
5844
5845 default:
5846 vex_printf("unhandled opc_aux = 0x%2x\n",
5847 (UInt)gregLO3ofRM(modrm));
5848 vex_printf("first_opcode == 0xD9\n");
5849 goto decode_fail;
5850 }
5851
5852 } else {
5853 delta++;
5854 switch (modrm) {
5855
5856 case 0xC0 ... 0xC7: /* FLD %st(?) */
5857 r_src = (UInt)modrm - 0xC0;
5858 DIP("fld %%st(%u)\n", r_src);
5859 t1 = newTemp(Ity_F64);
5860 assign(t1, get_ST(r_src));
5861 fp_push();
5862 put_ST(0, mkexpr(t1));
5863 break;
5864
5865 case 0xC8 ... 0xCF: /* FXCH %st(?) */
5866 r_src = (UInt)modrm - 0xC8;
5867 DIP("fxch %%st(%u)\n", r_src);
5868 t1 = newTemp(Ity_F64);
5869 t2 = newTemp(Ity_F64);
5870 assign(t1, get_ST(0));
5871 assign(t2, get_ST(r_src));
5872 put_ST_UNCHECKED(0, mkexpr(t2));
5873 put_ST_UNCHECKED(r_src, mkexpr(t1));
5874 break;
5875
5876 case 0xE0: /* FCHS */
5877 DIP("fchs\n");
5878 put_ST_UNCHECKED(0, unop(Iop_NegF64, get_ST(0)));
5879 break;
5880
5881 case 0xE1: /* FABS */
5882 DIP("fabs\n");
5883 put_ST_UNCHECKED(0, unop(Iop_AbsF64, get_ST(0)));
5884 break;
5885
5886 case 0xE5: { /* FXAM */
5887 /* This is an interesting one. It examines %st(0),
5888 regardless of whether the tag says it's empty or not.
5889 Here, just pass both the tag (in our format) and the
5890 value (as a double, actually a ULong) to a helper
5891 function. */
5892 IRExpr** args
5893 = mkIRExprVec_2( unop(Iop_8Uto64, get_ST_TAG(0)),
5894 unop(Iop_ReinterpF64asI64,
5895 get_ST_UNCHECKED(0)) );
5896 put_C3210(mkIRExprCCall(
5897 Ity_I64,
5898 0/*regparm*/,
5899 "amd64g_calculate_FXAM", &amd64g_calculate_FXAM,
5900 args
5901 ));
5902 DIP("fxam\n");
5903 break;
5904 }
5905
5906 case 0xE8: /* FLD1 */
5907 DIP("fld1\n");
5908 fp_push();
5909 /* put_ST(0, IRExpr_Const(IRConst_F64(1.0))); */
5910 put_ST(0, IRExpr_Const(IRConst_F64i(0x3ff0000000000000ULL)));
5911 break;
5912
5913 case 0xE9: /* FLDL2T */
5914 DIP("fldl2t\n");
5915 fp_push();
5916 /* put_ST(0, IRExpr_Const(IRConst_F64(3.32192809488736234781))); */
5917 put_ST(0, IRExpr_Const(IRConst_F64i(0x400a934f0979a371ULL)));
5918 break;
5919
5920 case 0xEA: /* FLDL2E */
5921 DIP("fldl2e\n");
5922 fp_push();
5923 /* put_ST(0, IRExpr_Const(IRConst_F64(1.44269504088896340739))); */
5924 put_ST(0, IRExpr_Const(IRConst_F64i(0x3ff71547652b82feULL)));
5925 break;
5926
5927 case 0xEB: /* FLDPI */
5928 DIP("fldpi\n");
5929 fp_push();
5930 /* put_ST(0, IRExpr_Const(IRConst_F64(3.14159265358979323851))); */
5931 put_ST(0, IRExpr_Const(IRConst_F64i(0x400921fb54442d18ULL)));
5932 break;
5933
5934 case 0xEC: /* FLDLG2 */
5935 DIP("fldlg2\n");
5936 fp_push();
5937 /* put_ST(0, IRExpr_Const(IRConst_F64(0.301029995663981143))); */
5938 put_ST(0, IRExpr_Const(IRConst_F64i(0x3fd34413509f79ffULL)));
5939 break;
5940
5941 case 0xED: /* FLDLN2 */
5942 DIP("fldln2\n");
5943 fp_push();
5944 /* put_ST(0, IRExpr_Const(IRConst_F64(0.69314718055994530942))); */
5945 put_ST(0, IRExpr_Const(IRConst_F64i(0x3fe62e42fefa39efULL)));
5946 break;
5947
5948 case 0xEE: /* FLDZ */
5949 DIP("fldz\n");
5950 fp_push();
5951 /* put_ST(0, IRExpr_Const(IRConst_F64(0.0))); */
5952 put_ST(0, IRExpr_Const(IRConst_F64i(0x0000000000000000ULL)));
5953 break;
5954
5955 case 0xF0: /* F2XM1 */
5956 DIP("f2xm1\n");
5957 put_ST_UNCHECKED(0,
5958 binop(Iop_2xm1F64,
5959 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
5960 get_ST(0)));
5961 break;
5962
5963 case 0xF1: /* FYL2X */
5964 DIP("fyl2x\n");
5965 put_ST_UNCHECKED(1,
5966 triop(Iop_Yl2xF64,
5967 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
5968 get_ST(1),
5969 get_ST(0)));
5970 fp_pop();
5971 break;
5972
5973 case 0xF2: { /* FPTAN */
5974 DIP("fptan\n");
5975 IRTemp argD = newTemp(Ity_F64);
5976 assign(argD, get_ST(0));
5977 IRTemp argOK = math_IS_TRIG_ARG_FINITE_AND_IN_RANGE(argD);
5978 IRTemp resD = newTemp(Ity_F64);
5979 assign(resD,
5980 IRExpr_ITE(
5981 mkexpr(argOK),
5982 binop(Iop_TanF64,
5983 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
5984 mkexpr(argD)),
5985 mkexpr(argD))
5986 );
5987 put_ST_UNCHECKED(0, mkexpr(resD));
5988 /* Conditionally push 1.0 on the stack, if the arg is
5989 in range */
5990 maybe_fp_push(argOK);
5991 maybe_put_ST(argOK, 0,
5992 IRExpr_Const(IRConst_F64(1.0)));
5993 set_C2( binop(Iop_Xor64,
5994 unop(Iop_1Uto64, mkexpr(argOK)),
5995 mkU64(1)) );
5996 break;
5997 }
5998
5999 case 0xF3: /* FPATAN */
6000 DIP("fpatan\n");
6001 put_ST_UNCHECKED(1,
6002 triop(Iop_AtanF64,
6003 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6004 get_ST(1),
6005 get_ST(0)));
6006 fp_pop();
6007 break;
6008
6009 case 0xF4: { /* FXTRACT */
6010 IRTemp argF = newTemp(Ity_F64);
6011 IRTemp sigF = newTemp(Ity_F64);
6012 IRTemp expF = newTemp(Ity_F64);
6013 IRTemp argI = newTemp(Ity_I64);
6014 IRTemp sigI = newTemp(Ity_I64);
6015 IRTemp expI = newTemp(Ity_I64);
6016 DIP("fxtract\n");
6017 assign( argF, get_ST(0) );
6018 assign( argI, unop(Iop_ReinterpF64asI64, mkexpr(argF)));
6019 assign( sigI,
6020 mkIRExprCCall(
6021 Ity_I64, 0/*regparms*/,
6022 "x86amd64g_calculate_FXTRACT",
6023 &x86amd64g_calculate_FXTRACT,
6024 mkIRExprVec_2( mkexpr(argI),
6025 mkIRExpr_HWord(0)/*sig*/ ))
6026 );
6027 assign( expI,
6028 mkIRExprCCall(
6029 Ity_I64, 0/*regparms*/,
6030 "x86amd64g_calculate_FXTRACT",
6031 &x86amd64g_calculate_FXTRACT,
6032 mkIRExprVec_2( mkexpr(argI),
6033 mkIRExpr_HWord(1)/*exp*/ ))
6034 );
6035 assign( sigF, unop(Iop_ReinterpI64asF64, mkexpr(sigI)) );
6036 assign( expF, unop(Iop_ReinterpI64asF64, mkexpr(expI)) );
6037 /* exponent */
6038 put_ST_UNCHECKED(0, mkexpr(expF) );
6039 fp_push();
6040 /* significand */
6041 put_ST(0, mkexpr(sigF) );
6042 break;
6043 }
6044
6045 case 0xF5: { /* FPREM1 -- IEEE compliant */
6046 IRTemp a1 = newTemp(Ity_F64);
6047 IRTemp a2 = newTemp(Ity_F64);
6048 DIP("fprem1\n");
6049 /* Do FPREM1 twice, once to get the remainder, and once
6050 to get the C3210 flag values. */
6051 assign( a1, get_ST(0) );
6052 assign( a2, get_ST(1) );
6053 put_ST_UNCHECKED(0,
6054 triop(Iop_PRem1F64,
6055 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6056 mkexpr(a1),
6057 mkexpr(a2)));
6058 put_C3210(
6059 unop(Iop_32Uto64,
6060 triop(Iop_PRem1C3210F64,
6061 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6062 mkexpr(a1),
6063 mkexpr(a2)) ));
6064 break;
6065 }
6066
6067 case 0xF7: /* FINCSTP */
6068 DIP("fincstp\n");
6069 put_ftop( binop(Iop_Add32, get_ftop(), mkU32(1)) );
6070 break;
6071
6072 case 0xF8: { /* FPREM -- not IEEE compliant */
6073 IRTemp a1 = newTemp(Ity_F64);
6074 IRTemp a2 = newTemp(Ity_F64);
6075 DIP("fprem\n");
6076 /* Do FPREM twice, once to get the remainder, and once
6077 to get the C3210 flag values. */
6078 assign( a1, get_ST(0) );
6079 assign( a2, get_ST(1) );
6080 put_ST_UNCHECKED(0,
6081 triop(Iop_PRemF64,
6082 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6083 mkexpr(a1),
6084 mkexpr(a2)));
6085 put_C3210(
6086 unop(Iop_32Uto64,
6087 triop(Iop_PRemC3210F64,
6088 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6089 mkexpr(a1),
6090 mkexpr(a2)) ));
6091 break;
6092 }
6093
6094 case 0xF9: /* FYL2XP1 */
6095 DIP("fyl2xp1\n");
6096 put_ST_UNCHECKED(1,
6097 triop(Iop_Yl2xp1F64,
6098 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6099 get_ST(1),
6100 get_ST(0)));
6101 fp_pop();
6102 break;
6103
6104 case 0xFA: /* FSQRT */
6105 DIP("fsqrt\n");
6106 put_ST_UNCHECKED(0,
6107 binop(Iop_SqrtF64,
6108 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6109 get_ST(0)));
6110 break;
6111
6112 case 0xFB: { /* FSINCOS */
6113 DIP("fsincos\n");
6114 IRTemp argD = newTemp(Ity_F64);
6115 assign(argD, get_ST(0));
6116 IRTemp argOK = math_IS_TRIG_ARG_FINITE_AND_IN_RANGE(argD);
6117 IRTemp resD = newTemp(Ity_F64);
6118 assign(resD,
6119 IRExpr_ITE(
6120 mkexpr(argOK),
6121 binop(Iop_SinF64,
6122 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6123 mkexpr(argD)),
6124 mkexpr(argD))
6125 );
6126 put_ST_UNCHECKED(0, mkexpr(resD));
6127 /* Conditionally push the cos value on the stack, if
6128 the arg is in range */
6129 maybe_fp_push(argOK);
6130 maybe_put_ST(argOK, 0,
6131 binop(Iop_CosF64,
6132 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6133 mkexpr(argD)));
6134 set_C2( binop(Iop_Xor64,
6135 unop(Iop_1Uto64, mkexpr(argOK)),
6136 mkU64(1)) );
6137 break;
6138 }
6139
6140 case 0xFC: /* FRNDINT */
6141 DIP("frndint\n");
6142 put_ST_UNCHECKED(0,
6143 binop(Iop_RoundF64toInt, get_roundingmode(), get_ST(0)) );
6144 break;
6145
6146 case 0xFD: /* FSCALE */
6147 DIP("fscale\n");
6148 put_ST_UNCHECKED(0,
6149 triop(Iop_ScaleF64,
6150 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6151 get_ST(0),
6152 get_ST(1)));
6153 break;
6154
6155 case 0xFE: /* FSIN */
6156 case 0xFF: { /* FCOS */
6157 Bool isSIN = modrm == 0xFE;
6158 DIP("%s\n", isSIN ? "fsin" : "fcos");
6159 IRTemp argD = newTemp(Ity_F64);
6160 assign(argD, get_ST(0));
6161 IRTemp argOK = math_IS_TRIG_ARG_FINITE_AND_IN_RANGE(argD);
6162 IRTemp resD = newTemp(Ity_F64);
6163 assign(resD,
6164 IRExpr_ITE(
6165 mkexpr(argOK),
6166 binop(isSIN ? Iop_SinF64 : Iop_CosF64,
6167 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6168 mkexpr(argD)),
6169 mkexpr(argD))
6170 );
6171 put_ST_UNCHECKED(0, mkexpr(resD));
6172 set_C2( binop(Iop_Xor64,
6173 unop(Iop_1Uto64, mkexpr(argOK)),
6174 mkU64(1)) );
6175 break;
6176 }
6177
6178 default:
6179 goto decode_fail;
6180 }
6181 }
6182 }
6183
6184 /* -+-+-+-+-+-+-+-+-+-+-+-+ 0xDA opcodes +-+-+-+-+-+-+-+ */
6185 else
6186 if (first_opcode == 0xDA) {
6187
6188 if (modrm < 0xC0) {
6189
6190 /* bits 5,4,3 are an opcode extension, and the modRM also
6191 specifies an address. */
6192 IROp fop;
6193 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
6194 delta += len;
6195 switch (gregLO3ofRM(modrm)) {
6196
6197 case 0: /* FIADD m32int */ /* ST(0) += m32int */
6198 DIP("fiaddl %s\n", dis_buf);
6199 fop = Iop_AddF64;
6200 goto do_fop_m32;
6201
6202 case 1: /* FIMUL m32int */ /* ST(0) *= m32int */
6203 DIP("fimull %s\n", dis_buf);
6204 fop = Iop_MulF64;
6205 goto do_fop_m32;
6206
6207 case 4: /* FISUB m32int */ /* ST(0) -= m32int */
6208 DIP("fisubl %s\n", dis_buf);
6209 fop = Iop_SubF64;
6210 goto do_fop_m32;
6211
6212 case 5: /* FISUBR m32int */ /* ST(0) = m32int - ST(0) */
6213 DIP("fisubrl %s\n", dis_buf);
6214 fop = Iop_SubF64;
6215 goto do_foprev_m32;
6216
6217 case 6: /* FIDIV m32int */ /* ST(0) /= m32int */
6218 DIP("fisubl %s\n", dis_buf);
6219 fop = Iop_DivF64;
6220 goto do_fop_m32;
6221
6222 case 7: /* FIDIVR m32int */ /* ST(0) = m32int / ST(0) */
6223 DIP("fidivrl %s\n", dis_buf);
6224 fop = Iop_DivF64;
6225 goto do_foprev_m32;
6226
6227 do_fop_m32:
6228 put_ST_UNCHECKED(0,
6229 triop(fop,
6230 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6231 get_ST(0),
6232 unop(Iop_I32StoF64,
6233 loadLE(Ity_I32, mkexpr(addr)))));
6234 break;
6235
6236 do_foprev_m32:
6237 put_ST_UNCHECKED(0,
6238 triop(fop,
6239 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6240 unop(Iop_I32StoF64,
6241 loadLE(Ity_I32, mkexpr(addr))),
6242 get_ST(0)));
6243 break;
6244
6245 default:
6246 vex_printf("unhandled opc_aux = 0x%2x\n",
6247 (UInt)gregLO3ofRM(modrm));
6248 vex_printf("first_opcode == 0xDA\n");
6249 goto decode_fail;
6250 }
6251
6252 } else {
6253
6254 delta++;
6255 switch (modrm) {
6256
6257 case 0xC0 ... 0xC7: /* FCMOVB ST(i), ST(0) */
6258 r_src = (UInt)modrm - 0xC0;
6259 DIP("fcmovb %%st(%u), %%st(0)\n", r_src);
6260 put_ST_UNCHECKED(0,
6261 IRExpr_ITE(
6262 mk_amd64g_calculate_condition(AMD64CondB),
6263 get_ST(r_src), get_ST(0)) );
6264 break;
6265
6266 case 0xC8 ... 0xCF: /* FCMOVE(Z) ST(i), ST(0) */
6267 r_src = (UInt)modrm - 0xC8;
6268 DIP("fcmovz %%st(%u), %%st(0)\n", r_src);
6269 put_ST_UNCHECKED(0,
6270 IRExpr_ITE(
6271 mk_amd64g_calculate_condition(AMD64CondZ),
6272 get_ST(r_src), get_ST(0)) );
6273 break;
6274
6275 case 0xD0 ... 0xD7: /* FCMOVBE ST(i), ST(0) */
6276 r_src = (UInt)modrm - 0xD0;
6277 DIP("fcmovbe %%st(%u), %%st(0)\n", r_src);
6278 put_ST_UNCHECKED(0,
6279 IRExpr_ITE(
6280 mk_amd64g_calculate_condition(AMD64CondBE),
6281 get_ST(r_src), get_ST(0)) );
6282 break;
6283
6284 case 0xD8 ... 0xDF: /* FCMOVU ST(i), ST(0) */
6285 r_src = (UInt)modrm - 0xD8;
6286 DIP("fcmovu %%st(%u), %%st(0)\n", r_src);
6287 put_ST_UNCHECKED(0,
6288 IRExpr_ITE(
6289 mk_amd64g_calculate_condition(AMD64CondP),
6290 get_ST(r_src), get_ST(0)) );
6291 break;
6292
6293 case 0xE9: /* FUCOMPP %st(0),%st(1) */
6294 DIP("fucompp %%st(0),%%st(1)\n");
6295 /* This forces C1 to zero, which isn't right. */
6296 put_C3210(
6297 unop(Iop_32Uto64,
6298 binop( Iop_And32,
6299 binop(Iop_Shl32,
6300 binop(Iop_CmpF64, get_ST(0), get_ST(1)),
6301 mkU8(8)),
6302 mkU32(0x4500)
6303 )));
6304 fp_pop();
6305 fp_pop();
6306 break;
6307
6308 default:
6309 goto decode_fail;
6310 }
6311
6312 }
6313 }
6314
6315 /* -+-+-+-+-+-+-+-+-+-+-+-+ 0xDB opcodes +-+-+-+-+-+-+-+ */
6316 else
6317 if (first_opcode == 0xDB) {
6318 if (modrm < 0xC0) {
6319
6320 /* bits 5,4,3 are an opcode extension, and the modRM also
6321 specifies an address. */
6322 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
6323 delta += len;
6324
6325 switch (gregLO3ofRM(modrm)) {
6326
6327 case 0: /* FILD m32int */
6328 DIP("fildl %s\n", dis_buf);
6329 fp_push();
6330 put_ST(0, unop(Iop_I32StoF64,
6331 loadLE(Ity_I32, mkexpr(addr))));
6332 break;
6333
6334 case 1: /* FISTTPL m32 (SSE3) */
6335 DIP("fisttpl %s\n", dis_buf);
6336 storeLE( mkexpr(addr),
6337 binop(Iop_F64toI32S, mkU32(Irrm_ZERO), get_ST(0)) );
6338 fp_pop();
6339 break;
6340
6341 case 2: /* FIST m32 */
6342 DIP("fistl %s\n", dis_buf);
6343 storeLE( mkexpr(addr),
6344 binop(Iop_F64toI32S, get_roundingmode(), get_ST(0)) );
6345 break;
6346
6347 case 3: /* FISTP m32 */
6348 DIP("fistpl %s\n", dis_buf);
6349 storeLE( mkexpr(addr),
6350 binop(Iop_F64toI32S, get_roundingmode(), get_ST(0)) );
6351 fp_pop();
6352 break;
6353
6354 case 5: { /* FLD extended-real */
6355 /* Uses dirty helper:
6356 ULong amd64g_loadF80le ( ULong )
6357 addr holds the address. First, do a dirty call to
6358 get hold of the data. */
6359 IRTemp val = newTemp(Ity_I64);
6360 IRExpr** args = mkIRExprVec_1 ( mkexpr(addr) );
6361
6362 IRDirty* d = unsafeIRDirty_1_N (
6363 val,
6364 0/*regparms*/,
6365 "amd64g_dirtyhelper_loadF80le",
6366 &amd64g_dirtyhelper_loadF80le,
6367 args
6368 );
6369 /* declare that we're reading memory */
6370 d->mFx = Ifx_Read;
6371 d->mAddr = mkexpr(addr);
6372 d->mSize = 10;
6373
6374 /* execute the dirty call, dumping the result in val. */
6375 stmt( IRStmt_Dirty(d) );
6376 fp_push();
6377 put_ST(0, unop(Iop_ReinterpI64asF64, mkexpr(val)));
6378
6379 DIP("fldt %s\n", dis_buf);
6380 break;
6381 }
6382
6383 case 7: { /* FSTP extended-real */
6384 /* Uses dirty helper:
6385 void amd64g_storeF80le ( ULong addr, ULong data )
6386 */
6387 IRExpr** args
6388 = mkIRExprVec_2( mkexpr(addr),
6389 unop(Iop_ReinterpF64asI64, get_ST(0)) );
6390
6391 IRDirty* d = unsafeIRDirty_0_N (
6392 0/*regparms*/,
6393 "amd64g_dirtyhelper_storeF80le",
6394 &amd64g_dirtyhelper_storeF80le,
6395 args
6396 );
6397 /* declare we're writing memory */
6398 d->mFx = Ifx_Write;
6399 d->mAddr = mkexpr(addr);
6400 d->mSize = 10;
6401
6402 /* execute the dirty call. */
6403 stmt( IRStmt_Dirty(d) );
6404 fp_pop();
6405
6406 DIP("fstpt\n %s", dis_buf);
6407 break;
6408 }
6409
6410 default:
6411 vex_printf("unhandled opc_aux = 0x%2x\n",
6412 (UInt)gregLO3ofRM(modrm));
6413 vex_printf("first_opcode == 0xDB\n");
6414 goto decode_fail;
6415 }
6416
6417 } else {
6418
6419 delta++;
6420 switch (modrm) {
6421
6422 case 0xC0 ... 0xC7: /* FCMOVNB ST(i), ST(0) */
6423 r_src = (UInt)modrm - 0xC0;
6424 DIP("fcmovnb %%st(%u), %%st(0)\n", r_src);
6425 put_ST_UNCHECKED(0,
6426 IRExpr_ITE(
6427 mk_amd64g_calculate_condition(AMD64CondNB),
6428 get_ST(r_src), get_ST(0)) );
6429 break;
6430
6431 case 0xC8 ... 0xCF: /* FCMOVNE(NZ) ST(i), ST(0) */
6432 r_src = (UInt)modrm - 0xC8;
6433 DIP("fcmovnz %%st(%u), %%st(0)\n", r_src);
6434 put_ST_UNCHECKED(
6435 0,
6436 IRExpr_ITE(
6437 mk_amd64g_calculate_condition(AMD64CondNZ),
6438 get_ST(r_src),
6439 get_ST(0)
6440 )
6441 );
6442 break;
6443
6444 case 0xD0 ... 0xD7: /* FCMOVNBE ST(i), ST(0) */
6445 r_src = (UInt)modrm - 0xD0;
6446 DIP("fcmovnbe %%st(%u), %%st(0)\n", r_src);
6447 put_ST_UNCHECKED(
6448 0,
6449 IRExpr_ITE(
6450 mk_amd64g_calculate_condition(AMD64CondNBE),
6451 get_ST(r_src),
6452 get_ST(0)
6453 )
6454 );
6455 break;
6456
6457 case 0xD8 ... 0xDF: /* FCMOVNU ST(i), ST(0) */
6458 r_src = (UInt)modrm - 0xD8;
6459 DIP("fcmovnu %%st(%u), %%st(0)\n", r_src);
6460 put_ST_UNCHECKED(
6461 0,
6462 IRExpr_ITE(
6463 mk_amd64g_calculate_condition(AMD64CondNP),
6464 get_ST(r_src),
6465 get_ST(0)
6466 )
6467 );
6468 break;
6469
6470 case 0xE2:
6471 DIP("fnclex\n");
6472 break;
6473
6474 case 0xE3: {
6475 gen_FINIT_SEQUENCE(NULL/*no guarding condition*/);
6476 DIP("fninit\n");
6477 break;
6478 }
6479
6480 case 0xE8 ... 0xEF: /* FUCOMI %st(0),%st(?) */
6481 fp_do_ucomi_ST0_STi( (UInt)modrm - 0xE8, False );
6482 break;
6483
6484 case 0xF0 ... 0xF7: /* FCOMI %st(0),%st(?) */
6485 fp_do_ucomi_ST0_STi( (UInt)modrm - 0xF0, False );
6486 break;
6487
6488 default:
6489 goto decode_fail;
6490 }
6491 }
6492 }
6493
6494 /* -+-+-+-+-+-+-+-+-+-+-+-+ 0xDC opcodes +-+-+-+-+-+-+-+ */
6495 else
6496 if (first_opcode == 0xDC) {
6497 if (modrm < 0xC0) {
6498
6499 /* bits 5,4,3 are an opcode extension, and the modRM also
6500 specifies an address. */
6501 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
6502 delta += len;
6503
6504 switch (gregLO3ofRM(modrm)) {
6505
6506 case 0: /* FADD double-real */
6507 fp_do_op_mem_ST_0 ( addr, "add", dis_buf, Iop_AddF64, True );
6508 break;
6509
6510 case 1: /* FMUL double-real */
6511 fp_do_op_mem_ST_0 ( addr, "mul", dis_buf, Iop_MulF64, True );
6512 break;
6513
6514 case 2: /* FCOM double-real */
6515 DIP("fcoml %s\n", dis_buf);
6516 /* This forces C1 to zero, which isn't right. */
6517 put_C3210(
6518 unop(Iop_32Uto64,
6519 binop( Iop_And32,
6520 binop(Iop_Shl32,
6521 binop(Iop_CmpF64,
6522 get_ST(0),
6523 loadLE(Ity_F64,mkexpr(addr))),
6524 mkU8(8)),
6525 mkU32(0x4500)
6526 )));
6527 break;
6528
6529 case 3: /* FCOMP double-real */
6530 DIP("fcompl %s\n", dis_buf);
6531 /* This forces C1 to zero, which isn't right. */
6532 put_C3210(
6533 unop(Iop_32Uto64,
6534 binop( Iop_And32,
6535 binop(Iop_Shl32,
6536 binop(Iop_CmpF64,
6537 get_ST(0),
6538 loadLE(Ity_F64,mkexpr(addr))),
6539 mkU8(8)),
6540 mkU32(0x4500)
6541 )));
6542 fp_pop();
6543 break;
6544
6545 case 4: /* FSUB double-real */
6546 fp_do_op_mem_ST_0 ( addr, "sub", dis_buf, Iop_SubF64, True );
6547 break;
6548
6549 case 5: /* FSUBR double-real */
6550 fp_do_oprev_mem_ST_0 ( addr, "subr", dis_buf, Iop_SubF64, True );
6551 break;
6552
6553 case 6: /* FDIV double-real */
6554 fp_do_op_mem_ST_0 ( addr, "div", dis_buf, Iop_DivF64, True );
6555 break;
6556
6557 case 7: /* FDIVR double-real */
6558 fp_do_oprev_mem_ST_0 ( addr, "divr", dis_buf, Iop_DivF64, True );
6559 break;
6560
6561 default:
6562 vex_printf("unhandled opc_aux = 0x%2x\n",
6563 (UInt)gregLO3ofRM(modrm));
6564 vex_printf("first_opcode == 0xDC\n");
6565 goto decode_fail;
6566 }
6567
6568 } else {
6569
6570 delta++;
6571 switch (modrm) {
6572
6573 case 0xC0 ... 0xC7: /* FADD %st(0),%st(?) */
6574 fp_do_op_ST_ST ( "add", Iop_AddF64, 0, modrm - 0xC0, False );
6575 break;
6576
6577 case 0xC8 ... 0xCF: /* FMUL %st(0),%st(?) */
6578 fp_do_op_ST_ST ( "mul", Iop_MulF64, 0, modrm - 0xC8, False );
6579 break;
6580
6581 case 0xE0 ... 0xE7: /* FSUBR %st(0),%st(?) */
6582 fp_do_oprev_ST_ST ( "subr", Iop_SubF64, 0, modrm - 0xE0, False );
6583 break;
6584
6585 case 0xE8 ... 0xEF: /* FSUB %st(0),%st(?) */
6586 fp_do_op_ST_ST ( "sub", Iop_SubF64, 0, modrm - 0xE8, False );
6587 break;
6588
6589 case 0xF0 ... 0xF7: /* FDIVR %st(0),%st(?) */
6590 fp_do_oprev_ST_ST ( "divr", Iop_DivF64, 0, modrm - 0xF0, False );
6591 break;
6592
6593 case 0xF8 ... 0xFF: /* FDIV %st(0),%st(?) */
6594 fp_do_op_ST_ST ( "div", Iop_DivF64, 0, modrm - 0xF8, False );
6595 break;
6596
6597 default:
6598 goto decode_fail;
6599 }
6600
6601 }
6602 }
6603
6604 /* -+-+-+-+-+-+-+-+-+-+-+-+ 0xDD opcodes +-+-+-+-+-+-+-+ */
6605 else
6606 if (first_opcode == 0xDD) {
6607
6608 if (modrm < 0xC0) {
6609
6610 /* bits 5,4,3 are an opcode extension, and the modRM also
6611 specifies an address. */
6612 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
6613 delta += len;
6614
6615 switch (gregLO3ofRM(modrm)) {
6616
6617 case 0: /* FLD double-real */
6618 DIP("fldl %s\n", dis_buf);
6619 fp_push();
6620 put_ST(0, loadLE(Ity_F64, mkexpr(addr)));
6621 break;
6622
6623 case 1: /* FISTTPQ m64 (SSE3) */
6624 DIP("fistppll %s\n", dis_buf);
6625 storeLE( mkexpr(addr),
6626 binop(Iop_F64toI64S, mkU32(Irrm_ZERO), get_ST(0)) );
6627 fp_pop();
6628 break;
6629
6630 case 2: /* FST double-real */
6631 DIP("fstl %s\n", dis_buf);
6632 storeLE(mkexpr(addr), get_ST(0));
6633 break;
6634
6635 case 3: /* FSTP double-real */
6636 DIP("fstpl %s\n", dis_buf);
6637 storeLE(mkexpr(addr), get_ST(0));
6638 fp_pop();
6639 break;
6640
6641 case 4: { /* FRSTOR m94/m108 */
6642 IRTemp ew = newTemp(Ity_I32);
6643 IRTemp w64 = newTemp(Ity_I64);
6644 IRDirty* d;
6645 if ( have66(pfx) ) {
6646 /* Uses dirty helper:
6647 VexEmNote amd64g_dirtyhelper_FRSTORS
6648 ( VexGuestAMD64State*, HWord ) */
6649 d = unsafeIRDirty_0_N (
6650 0/*regparms*/,
6651 "amd64g_dirtyhelper_FRSTORS",
6652 &amd64g_dirtyhelper_FRSTORS,
6653 mkIRExprVec_1( mkexpr(addr) )
6654 );
6655 d->mSize = 94;
6656 } else {
6657 /* Uses dirty helper:
6658 VexEmNote amd64g_dirtyhelper_FRSTOR
6659 ( VexGuestAMD64State*, HWord ) */
6660 d = unsafeIRDirty_0_N (
6661 0/*regparms*/,
6662 "amd64g_dirtyhelper_FRSTOR",
6663 &amd64g_dirtyhelper_FRSTOR,
6664 mkIRExprVec_2( IRExpr_GSPTR(), mkexpr(addr) )
6665 );
6666 d->mSize = 108;
6667 }
6668
6669 d->tmp = w64;
6670 /* declare we're reading memory */
6671 d->mFx = Ifx_Read;
6672 d->mAddr = mkexpr(addr);
6673 /* d->mSize set above */
6674
6675 /* declare we're writing guest state */
6676 d->nFxState = 5;
6677 vex_bzero(&d->fxState, sizeof(d->fxState));
6678
6679 d->fxState[0].fx = Ifx_Write;
6680 d->fxState[0].offset = OFFB_FTOP;
6681 d->fxState[0].size = sizeof(UInt);
6682
6683 d->fxState[1].fx = Ifx_Write;
6684 d->fxState[1].offset = OFFB_FPREGS;
6685 d->fxState[1].size = 8 * sizeof(ULong);
6686
6687 d->fxState[2].fx = Ifx_Write;
6688 d->fxState[2].offset = OFFB_FPTAGS;
6689 d->fxState[2].size = 8 * sizeof(UChar);
6690
6691 d->fxState[3].fx = Ifx_Write;
6692 d->fxState[3].offset = OFFB_FPROUND;
6693 d->fxState[3].size = sizeof(ULong);
6694
6695 d->fxState[4].fx = Ifx_Write;
6696 d->fxState[4].offset = OFFB_FC3210;
6697 d->fxState[4].size = sizeof(ULong);
6698
6699 stmt( IRStmt_Dirty(d) );
6700
6701 /* ew contains any emulation warning we may need to
6702 issue. If needed, side-exit to the next insn,
6703 reporting the warning, so that Valgrind's dispatcher
6704 sees the warning. */
6705 assign(ew, unop(Iop_64to32,mkexpr(w64)) );
6706 put_emwarn( mkexpr(ew) );
6707 stmt(
6708 IRStmt_Exit(
6709 binop(Iop_CmpNE32, mkexpr(ew), mkU32(0)),
6710 Ijk_EmWarn,
6711 IRConst_U64( guest_RIP_bbstart+delta ),
6712 OFFB_RIP
6713 )
6714 );
6715
6716 if ( have66(pfx) ) {
6717 DIP("frstors %s\n", dis_buf);
6718 } else {
6719 DIP("frstor %s\n", dis_buf);
6720 }
6721 break;
6722 }
6723
6724 case 6: { /* FNSAVE m94/m108 */
6725 IRDirty *d;
6726 if ( have66(pfx) ) {
6727 /* Uses dirty helper:
6728 void amd64g_dirtyhelper_FNSAVES ( VexGuestAMD64State*,
6729 HWord ) */
6730 d = unsafeIRDirty_0_N (
6731 0/*regparms*/,
6732 "amd64g_dirtyhelper_FNSAVES",
6733 &amd64g_dirtyhelper_FNSAVES,
6734 mkIRExprVec_1( mkexpr(addr) )
6735 );
6736 d->mSize = 94;
6737 } else {
6738 /* Uses dirty helper:
6739 void amd64g_dirtyhelper_FNSAVE ( VexGuestAMD64State*,
6740 HWord ) */
6741 d = unsafeIRDirty_0_N (
6742 0/*regparms*/,
6743 "amd64g_dirtyhelper_FNSAVE",
6744 &amd64g_dirtyhelper_FNSAVE,
6745 mkIRExprVec_2( IRExpr_GSPTR(), mkexpr(addr) )
6746 );
6747 d->mSize = 108;
6748 }
6749
6750 /* declare we're writing memory */
6751 d->mFx = Ifx_Write;
6752 d->mAddr = mkexpr(addr);
6753 /* d->mSize set above */
6754
6755 /* declare we're reading guest state */
6756 d->nFxState = 5;
6757 vex_bzero(&d->fxState, sizeof(d->fxState));
6758
6759 d->fxState[0].fx = Ifx_Read;
6760 d->fxState[0].offset = OFFB_FTOP;
6761 d->fxState[0].size = sizeof(UInt);
6762
6763 d->fxState[1].fx = Ifx_Read;
6764 d->fxState[1].offset = OFFB_FPREGS;
6765 d->fxState[1].size = 8 * sizeof(ULong);
6766
6767 d->fxState[2].fx = Ifx_Read;
6768 d->fxState[2].offset = OFFB_FPTAGS;
6769 d->fxState[2].size = 8 * sizeof(UChar);
6770
6771 d->fxState[3].fx = Ifx_Read;
6772 d->fxState[3].offset = OFFB_FPROUND;
6773 d->fxState[3].size = sizeof(ULong);
6774
6775 d->fxState[4].fx = Ifx_Read;
6776 d->fxState[4].offset = OFFB_FC3210;
6777 d->fxState[4].size = sizeof(ULong);
6778
6779 stmt( IRStmt_Dirty(d) );
6780
6781 if ( have66(pfx) ) {
6782 DIP("fnsaves %s\n", dis_buf);
6783 } else {
6784 DIP("fnsave %s\n", dis_buf);
6785 }
6786 break;
6787 }
6788
6789 case 7: { /* FNSTSW m16 */
6790 IRExpr* sw = get_FPU_sw();
6791 vassert(typeOfIRExpr(irsb->tyenv, sw) == Ity_I16);
6792 storeLE( mkexpr(addr), sw );
6793 DIP("fnstsw %s\n", dis_buf);
6794 break;
6795 }
6796
6797 default:
6798 vex_printf("unhandled opc_aux = 0x%2x\n",
6799 (UInt)gregLO3ofRM(modrm));
6800 vex_printf("first_opcode == 0xDD\n");
6801 goto decode_fail;
6802 }
6803 } else {
6804 delta++;
6805 switch (modrm) {
6806
6807 case 0xC0 ... 0xC7: /* FFREE %st(?) */
6808 r_dst = (UInt)modrm - 0xC0;
6809 DIP("ffree %%st(%u)\n", r_dst);
6810 put_ST_TAG ( r_dst, mkU8(0) );
6811 break;
6812
6813 case 0xD0 ... 0xD7: /* FST %st(0),%st(?) */
6814 r_dst = (UInt)modrm - 0xD0;
6815 DIP("fst %%st(0),%%st(%u)\n", r_dst);
6816 /* P4 manual says: "If the destination operand is a
6817 non-empty register, the invalid-operation exception
6818 is not generated. Hence put_ST_UNCHECKED. */
6819 put_ST_UNCHECKED(r_dst, get_ST(0));
6820 break;
6821
6822 case 0xD8 ... 0xDF: /* FSTP %st(0),%st(?) */
6823 r_dst = (UInt)modrm - 0xD8;
6824 DIP("fstp %%st(0),%%st(%u)\n", r_dst);
6825 /* P4 manual says: "If the destination operand is a
6826 non-empty register, the invalid-operation exception
6827 is not generated. Hence put_ST_UNCHECKED. */
6828 put_ST_UNCHECKED(r_dst, get_ST(0));
6829 fp_pop();
6830 break;
6831
6832 case 0xE0 ... 0xE7: /* FUCOM %st(0),%st(?) */
6833 r_dst = (UInt)modrm - 0xE0;
6834 DIP("fucom %%st(0),%%st(%u)\n", r_dst);
6835 /* This forces C1 to zero, which isn't right. */
6836 put_C3210(
6837 unop(Iop_32Uto64,
6838 binop( Iop_And32,
6839 binop(Iop_Shl32,
6840 binop(Iop_CmpF64, get_ST(0), get_ST(r_dst)),
6841 mkU8(8)),
6842 mkU32(0x4500)
6843 )));
6844 break;
6845
6846 case 0xE8 ... 0xEF: /* FUCOMP %st(0),%st(?) */
6847 r_dst = (UInt)modrm - 0xE8;
6848 DIP("fucomp %%st(0),%%st(%u)\n", r_dst);
6849 /* This forces C1 to zero, which isn't right. */
6850 put_C3210(
6851 unop(Iop_32Uto64,
6852 binop( Iop_And32,
6853 binop(Iop_Shl32,
6854 binop(Iop_CmpF64, get_ST(0), get_ST(r_dst)),
6855 mkU8(8)),
6856 mkU32(0x4500)
6857 )));
6858 fp_pop();
6859 break;
6860
6861 default:
6862 goto decode_fail;
6863 }
6864 }
6865 }
6866
6867 /* -+-+-+-+-+-+-+-+-+-+-+-+ 0xDE opcodes +-+-+-+-+-+-+-+ */
6868 else
6869 if (first_opcode == 0xDE) {
6870
6871 if (modrm < 0xC0) {
6872
6873 /* bits 5,4,3 are an opcode extension, and the modRM also
6874 specifies an address. */
6875 IROp fop;
6876 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
6877 delta += len;
6878
6879 switch (gregLO3ofRM(modrm)) {
6880
6881 case 0: /* FIADD m16int */ /* ST(0) += m16int */
6882 DIP("fiaddw %s\n", dis_buf);
6883 fop = Iop_AddF64;
6884 goto do_fop_m16;
6885
6886 case 1: /* FIMUL m16int */ /* ST(0) *= m16int */
6887 DIP("fimulw %s\n", dis_buf);
6888 fop = Iop_MulF64;
6889 goto do_fop_m16;
6890
6891 case 4: /* FISUB m16int */ /* ST(0) -= m16int */
6892 DIP("fisubw %s\n", dis_buf);
6893 fop = Iop_SubF64;
6894 goto do_fop_m16;
6895
6896 case 5: /* FISUBR m16int */ /* ST(0) = m16int - ST(0) */
6897 DIP("fisubrw %s\n", dis_buf);
6898 fop = Iop_SubF64;
6899 goto do_foprev_m16;
6900
6901 case 6: /* FIDIV m16int */ /* ST(0) /= m16int */
6902 DIP("fisubw %s\n", dis_buf);
6903 fop = Iop_DivF64;
6904 goto do_fop_m16;
6905
6906 case 7: /* FIDIVR m16int */ /* ST(0) = m16int / ST(0) */
6907 DIP("fidivrw %s\n", dis_buf);
6908 fop = Iop_DivF64;
6909 goto do_foprev_m16;
6910
6911 do_fop_m16:
6912 put_ST_UNCHECKED(0,
6913 triop(fop,
6914 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6915 get_ST(0),
6916 unop(Iop_I32StoF64,
6917 unop(Iop_16Sto32,
6918 loadLE(Ity_I16, mkexpr(addr))))));
6919 break;
6920
6921 do_foprev_m16:
6922 put_ST_UNCHECKED(0,
6923 triop(fop,
6924 get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
6925 unop(Iop_I32StoF64,
6926 unop(Iop_16Sto32,
6927 loadLE(Ity_I16, mkexpr(addr)))),
6928 get_ST(0)));
6929 break;
6930
6931 default:
6932 vex_printf("unhandled opc_aux = 0x%2x\n",
6933 (UInt)gregLO3ofRM(modrm));
6934 vex_printf("first_opcode == 0xDE\n");
6935 goto decode_fail;
6936 }
6937
6938 } else {
6939
6940 delta++;
6941 switch (modrm) {
6942
6943 case 0xC0 ... 0xC7: /* FADDP %st(0),%st(?) */
6944 fp_do_op_ST_ST ( "add", Iop_AddF64, 0, modrm - 0xC0, True );
6945 break;
6946
6947 case 0xC8 ... 0xCF: /* FMULP %st(0),%st(?) */
6948 fp_do_op_ST_ST ( "mul", Iop_MulF64, 0, modrm - 0xC8, True );
6949 break;
6950
6951 case 0xD9: /* FCOMPP %st(0),%st(1) */
6952 DIP("fcompp %%st(0),%%st(1)\n");
6953 /* This forces C1 to zero, which isn't right. */
6954 put_C3210(
6955 unop(Iop_32Uto64,
6956 binop( Iop_And32,
6957 binop(Iop_Shl32,
6958 binop(Iop_CmpF64, get_ST(0), get_ST(1)),
6959 mkU8(8)),
6960 mkU32(0x4500)
6961 )));
6962 fp_pop();
6963 fp_pop();
6964 break;
6965
6966 case 0xE0 ... 0xE7: /* FSUBRP %st(0),%st(?) */
6967 fp_do_oprev_ST_ST ( "subr", Iop_SubF64, 0, modrm - 0xE0, True );
6968 break;
6969
6970 case 0xE8 ... 0xEF: /* FSUBP %st(0),%st(?) */
6971 fp_do_op_ST_ST ( "sub", Iop_SubF64, 0, modrm - 0xE8, True );
6972 break;
6973
6974 case 0xF0 ... 0xF7: /* FDIVRP %st(0),%st(?) */
6975 fp_do_oprev_ST_ST ( "divr", Iop_DivF64, 0, modrm - 0xF0, True );
6976 break;
6977
6978 case 0xF8 ... 0xFF: /* FDIVP %st(0),%st(?) */
6979 fp_do_op_ST_ST ( "div", Iop_DivF64, 0, modrm - 0xF8, True );
6980 break;
6981
6982 default:
6983 goto decode_fail;
6984 }
6985
6986 }
6987 }
6988
6989 /* -+-+-+-+-+-+-+-+-+-+-+-+ 0xDF opcodes +-+-+-+-+-+-+-+ */
6990 else
6991 if (first_opcode == 0xDF) {
6992
6993 if (modrm < 0xC0) {
6994
6995 /* bits 5,4,3 are an opcode extension, and the modRM also
6996 specifies an address. */
6997 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
6998 delta += len;
6999
7000 switch (gregLO3ofRM(modrm)) {
7001
7002 case 0: /* FILD m16int */
7003 DIP("fildw %s\n", dis_buf);
7004 fp_push();
7005 put_ST(0, unop(Iop_I32StoF64,
7006 unop(Iop_16Sto32,
7007 loadLE(Ity_I16, mkexpr(addr)))));
7008 break;
7009
7010 case 1: /* FISTTPS m16 (SSE3) */
7011 DIP("fisttps %s\n", dis_buf);
7012 storeLE( mkexpr(addr),
7013 x87ishly_qnarrow_32_to_16(
7014 binop(Iop_F64toI32S, mkU32(Irrm_ZERO), get_ST(0)) ));
7015 fp_pop();
7016 break;
7017
7018 case 2: /* FIST m16 */
7019 DIP("fists %s\n", dis_buf);
7020 storeLE( mkexpr(addr),
7021 x87ishly_qnarrow_32_to_16(
7022 binop(Iop_F64toI32S, get_roundingmode(), get_ST(0)) ));
7023 break;
7024
7025 case 3: /* FISTP m16 */
7026 DIP("fistps %s\n", dis_buf);
7027 storeLE( mkexpr(addr),
7028 x87ishly_qnarrow_32_to_16(
7029 binop(Iop_F64toI32S, get_roundingmode(), get_ST(0)) ));
7030 fp_pop();
7031 break;
7032
7033 case 5: /* FILD m64 */
7034 DIP("fildll %s\n", dis_buf);
7035 fp_push();
7036 put_ST(0, binop(Iop_I64StoF64,
7037 get_roundingmode(),
7038 loadLE(Ity_I64, mkexpr(addr))));
7039 break;
7040
7041 case 7: /* FISTP m64 */
7042 DIP("fistpll %s\n", dis_buf);
7043 storeLE( mkexpr(addr),
7044 binop(Iop_F64toI64S, get_roundingmode(), get_ST(0)) );
7045 fp_pop();
7046 break;
7047
7048 default:
7049 vex_printf("unhandled opc_aux = 0x%2x\n",
7050 (UInt)gregLO3ofRM(modrm));
7051 vex_printf("first_opcode == 0xDF\n");
7052 goto decode_fail;
7053 }
7054
7055 } else {
7056
7057 delta++;
7058 switch (modrm) {
7059
7060 case 0xC0: /* FFREEP %st(0) */
7061 DIP("ffreep %%st(%d)\n", 0);
7062 put_ST_TAG ( 0, mkU8(0) );
7063 fp_pop();
7064 break;
7065
7066 case 0xE0: /* FNSTSW %ax */
7067 DIP("fnstsw %%ax\n");
7068 /* Invent a plausible-looking FPU status word value and
7069 dump it in %AX:
7070 ((ftop & 7) << 11) | (c3210 & 0x4700)
7071 */
7072 putIRegRAX(
7073 2,
7074 unop(Iop_32to16,
7075 binop(Iop_Or32,
7076 binop(Iop_Shl32,
7077 binop(Iop_And32, get_ftop(), mkU32(7)),
7078 mkU8(11)),
7079 binop(Iop_And32,
7080 unop(Iop_64to32, get_C3210()),
7081 mkU32(0x4700))
7082 )));
7083 break;
7084
7085 case 0xE8 ... 0xEF: /* FUCOMIP %st(0),%st(?) */
7086 fp_do_ucomi_ST0_STi( (UInt)modrm - 0xE8, True );
7087 break;
7088
7089 case 0xF0 ... 0xF7: /* FCOMIP %st(0),%st(?) */
7090 /* not really right since COMIP != UCOMIP */
7091 fp_do_ucomi_ST0_STi( (UInt)modrm - 0xF0, True );
7092 break;
7093
7094 default:
7095 goto decode_fail;
7096 }
7097 }
7098
7099 }
7100
7101 else
7102 goto decode_fail;
7103
7104 *decode_ok = True;
7105 return delta;
7106
7107 decode_fail:
7108 *decode_ok = False;
7109 return delta;
7110 }
7111
7112
7113 /*------------------------------------------------------------*/
7114 /*--- ---*/
7115 /*--- MMX INSTRUCTIONS ---*/
7116 /*--- ---*/
7117 /*------------------------------------------------------------*/
7118
7119 /* Effect of MMX insns on x87 FPU state (table 11-2 of
7120 IA32 arch manual, volume 3):
7121
7122 Read from, or write to MMX register (viz, any insn except EMMS):
7123 * All tags set to Valid (non-empty) -- FPTAGS[i] := nonzero
7124 * FP stack pointer set to zero
7125
7126 EMMS:
7127 * All tags set to Invalid (empty) -- FPTAGS[i] := zero
7128 * FP stack pointer set to zero
7129 */
7130
7131 static void do_MMX_preamble ( void )
7132 {
7133 Int i;
7134 IRRegArray* descr = mkIRRegArray( OFFB_FPTAGS, Ity_I8, 8 );
7135 IRExpr* zero = mkU32(0);
7136 IRExpr* tag1 = mkU8(1);
7137 put_ftop(zero);
7138 for (i = 0; i < 8; i++)
7139 stmt( IRStmt_PutI( mkIRPutI(descr, zero, i, tag1) ) );
7140 }
7141
7142 static void do_EMMS_preamble ( void )
7143 {
7144 Int i;
7145 IRRegArray* descr = mkIRRegArray( OFFB_FPTAGS, Ity_I8, 8 );
7146 IRExpr* zero = mkU32(0);
7147 IRExpr* tag0 = mkU8(0);
7148 put_ftop(zero);
7149 for (i = 0; i < 8; i++)
7150 stmt( IRStmt_PutI( mkIRPutI(descr, zero, i, tag0) ) );
7151 }
7152
7153
7154 static IRExpr* getMMXReg ( UInt archreg )
7155 {
7156 vassert(archreg < 8);
7157 return IRExpr_Get( OFFB_FPREGS + 8 * archreg, Ity_I64 );
7158 }
7159
7160
7161 static void putMMXReg ( UInt archreg, IRExpr* e )
7162 {
7163 vassert(archreg < 8);
7164 vassert(typeOfIRExpr(irsb->tyenv,e) == Ity_I64);
7165 stmt( IRStmt_Put( OFFB_FPREGS + 8 * archreg, e ) );
7166 }
7167
7168
7169 /* Helper for non-shift MMX insns. Note this is incomplete in the
7170 sense that it does not first call do_MMX_preamble() -- that is the
7171 responsibility of its caller. */
7172
7173 static
7174 ULong dis_MMXop_regmem_to_reg ( const VexAbiInfo* vbi,
7175 Prefix pfx,
7176 Long delta,
7177 UChar opc,
7178 const HChar* name,
7179 Bool show_granularity )
7180 {
7181 HChar dis_buf[50];
7182 UChar modrm = getUChar(delta);
7183 Bool isReg = epartIsReg(modrm);
7184 IRExpr* argL = NULL;
7185 IRExpr* argR = NULL;
7186 IRExpr* argG = NULL;
7187 IRExpr* argE = NULL;
7188 IRTemp res = newTemp(Ity_I64);
7189
7190 Bool invG = False;
7191 IROp op = Iop_INVALID;
7192 void* hAddr = NULL;
7193 const HChar* hName = NULL;
7194 Bool eLeft = False;
7195
7196 # define XXX(_name) do { hAddr = &_name; hName = #_name; } while (0)
7197
7198 switch (opc) {
7199 /* Original MMX ones */
7200 case 0xFC: op = Iop_Add8x8; break;
7201 case 0xFD: op = Iop_Add16x4; break;
7202 case 0xFE: op = Iop_Add32x2; break;
7203
7204 case 0xEC: op = Iop_QAdd8Sx8; break;
7205 case 0xED: op = Iop_QAdd16Sx4; break;
7206
7207 case 0xDC: op = Iop_QAdd8Ux8; break;
7208 case 0xDD: op = Iop_QAdd16Ux4; break;
7209
7210 case 0xF8: op = Iop_Sub8x8; break;
7211 case 0xF9: op = Iop_Sub16x4; break;
7212 case 0xFA: op = Iop_Sub32x2; break;
7213
7214 case 0xE8: op = Iop_QSub8Sx8; break;
7215 case 0xE9: op = Iop_QSub16Sx4; break;
7216
7217 case 0xD8: op = Iop_QSub8Ux8; break;
7218 case 0xD9: op = Iop_QSub16Ux4; break;
7219
7220 case 0xE5: op = Iop_MulHi16Sx4; break;
7221 case 0xD5: op = Iop_Mul16x4; break;
7222 case 0xF5: XXX(amd64g_calculate_mmx_pmaddwd); break;
7223
7224 case 0x74: op = Iop_CmpEQ8x8; break;
7225 case 0x75: op = Iop_CmpEQ16x4; break;
7226 case 0x76: op = Iop_CmpEQ32x2; break;
7227
7228 case 0x64: op = Iop_CmpGT8Sx8; break;
7229 case 0x65: op = Iop_CmpGT16Sx4; break;
7230 case 0x66: op = Iop_CmpGT32Sx2; break;
7231
7232 case 0x6B: op = Iop_QNarrowBin32Sto16Sx4; eLeft = True; break;
7233 case 0x63: op = Iop_QNarrowBin16Sto8Sx8; eLeft = True; break;
7234 case 0x67: op = Iop_QNarrowBin16Sto8Ux8; eLeft = True; break;
7235
7236 case 0x68: op = Iop_InterleaveHI8x8; eLeft = True; break;
7237 case 0x69: op = Iop_InterleaveHI16x4; eLeft = True; break;
7238 case 0x6A: op = Iop_InterleaveHI32x2; eLeft = True; break;
7239
7240 case 0x60: op = Iop_InterleaveLO8x8; eLeft = True; break;
7241 case 0x61: op = Iop_InterleaveLO16x4; eLeft = True; break;
7242 case 0x62: op = Iop_InterleaveLO32x2; eLeft = True; break;
7243
7244 case 0xDB: op = Iop_And64; break;
7245 case 0xDF: op = Iop_And64; invG = True; break;
7246 case 0xEB: op = Iop_Or64; break;
7247 case 0xEF: /* Possibly do better here if argL and argR are the
7248 same reg */
7249 op = Iop_Xor64; break;
7250
7251 /* Introduced in SSE1 */
7252 case 0xE0: op = Iop_Avg8Ux8; break;
7253 case 0xE3: op = Iop_Avg16Ux4; break;
7254 case 0xEE: op = Iop_Max16Sx4; break;
7255 case 0xDE: op = Iop_Max8Ux8; break;
7256 case 0xEA: op = Iop_Min16Sx4; break;
7257 case 0xDA: op = Iop_Min8Ux8; break;
7258 case 0xE4: op = Iop_MulHi16Ux4; break;
7259 case 0xF6: XXX(amd64g_calculate_mmx_psadbw); break;
7260
7261 /* Introduced in SSE2 */
7262 case 0xD4: op = Iop_Add64; break;
7263 case 0xFB: op = Iop_Sub64; break;
7264
7265 default:
7266 vex_printf("\n0x%x\n", (UInt)opc);
7267 vpanic("dis_MMXop_regmem_to_reg");
7268 }
7269
7270 # undef XXX
7271
7272 argG = getMMXReg(gregLO3ofRM(modrm));
7273 if (invG)
7274 argG = unop(Iop_Not64, argG);
7275
7276 if (isReg) {
7277 delta++;
7278 argE = getMMXReg(eregLO3ofRM(modrm));
7279 } else {
7280 Int len;
7281 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
7282 delta += len;
7283 argE = loadLE(Ity_I64, mkexpr(addr));
7284 }
7285
7286 if (eLeft) {
7287 argL = argE;
7288 argR = argG;
7289 } else {
7290 argL = argG;
7291 argR = argE;
7292 }
7293
7294 if (op != Iop_INVALID) {
7295 vassert(hName == NULL);
7296 vassert(hAddr == NULL);
7297 assign(res, binop(op, argL, argR));
7298 } else {
7299 vassert(hName != NULL);
7300 vassert(hAddr != NULL);
7301 assign( res,
7302 mkIRExprCCall(
7303 Ity_I64,
7304 0/*regparms*/, hName, hAddr,
7305 mkIRExprVec_2( argL, argR )
7306 )
7307 );
7308 }
7309
7310 putMMXReg( gregLO3ofRM(modrm), mkexpr(res) );
7311
7312 DIP("%s%s %s, %s\n",
7313 name, show_granularity ? nameMMXGran(opc & 3) : "",
7314 ( isReg ? nameMMXReg(eregLO3ofRM(modrm)) : dis_buf ),
7315 nameMMXReg(gregLO3ofRM(modrm)) );
7316
7317 return delta;
7318 }
7319
7320
7321 /* Vector by scalar shift of G by the amount specified at the bottom
7322 of E. This is a straight copy of dis_SSE_shiftG_byE. */
7323
7324 static ULong dis_MMX_shiftG_byE ( const VexAbiInfo* vbi,
7325 Prefix pfx, Long delta,
7326 const HChar* opname, IROp op )
7327 {
7328 HChar dis_buf[50];
7329 Int alen, size;
7330 IRTemp addr;
7331 Bool shl, shr, sar;
7332 UChar rm = getUChar(delta);
7333 IRTemp g0 = newTemp(Ity_I64);
7334 IRTemp g1 = newTemp(Ity_I64);
7335 IRTemp amt = newTemp(Ity_I64);
7336 IRTemp amt8 = newTemp(Ity_I8);
7337
7338 if (epartIsReg(rm)) {
7339 assign( amt, getMMXReg(eregLO3ofRM(rm)) );
7340 DIP("%s %s,%s\n", opname,
7341 nameMMXReg(eregLO3ofRM(rm)),
7342 nameMMXReg(gregLO3ofRM(rm)) );
7343 delta++;
7344 } else {
7345 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
7346 assign( amt, loadLE(Ity_I64, mkexpr(addr)) );
7347 DIP("%s %s,%s\n", opname,
7348 dis_buf,
7349 nameMMXReg(gregLO3ofRM(rm)) );
7350 delta += alen;
7351 }
7352 assign( g0, getMMXReg(gregLO3ofRM(rm)) );
7353 assign( amt8, unop(Iop_64to8, mkexpr(amt)) );
7354
7355 shl = shr = sar = False;
7356 size = 0;
7357 switch (op) {
7358 case Iop_ShlN16x4: shl = True; size = 32; break;
7359 case Iop_ShlN32x2: shl = True; size = 32; break;
7360 case Iop_Shl64: shl = True; size = 64; break;
7361 case Iop_ShrN16x4: shr = True; size = 16; break;
7362 case Iop_ShrN32x2: shr = True; size = 32; break;
7363 case Iop_Shr64: shr = True; size = 64; break;
7364 case Iop_SarN16x4: sar = True; size = 16; break;
7365 case Iop_SarN32x2: sar = True; size = 32; break;
7366 default: vassert(0);
7367 }
7368
7369 if (shl || shr) {
7370 assign(
7371 g1,
7372 IRExpr_ITE(
7373 binop(Iop_CmpLT64U,mkexpr(amt),mkU64(size)),
7374 binop(op, mkexpr(g0), mkexpr(amt8)),
7375 mkU64(0)
7376 )
7377 );
7378 } else
7379 if (sar) {
7380 assign(
7381 g1,
7382 IRExpr_ITE(
7383 binop(Iop_CmpLT64U,mkexpr(amt),mkU64(size)),
7384 binop(op, mkexpr(g0), mkexpr(amt8)),
7385 binop(op, mkexpr(g0), mkU8(size-1))
7386 )
7387 );
7388 } else {
7389 vassert(0);
7390 }
7391
7392 putMMXReg( gregLO3ofRM(rm), mkexpr(g1) );
7393 return delta;
7394 }
7395
7396
7397 /* Vector by scalar shift of E by an immediate byte. This is a
7398 straight copy of dis_SSE_shiftE_imm. */
7399
7400 static
7401 ULong dis_MMX_shiftE_imm ( Long delta, const HChar* opname, IROp op )
7402 {
7403 Bool shl, shr, sar;
7404 UChar rm = getUChar(delta);
7405 IRTemp e0 = newTemp(Ity_I64);
7406 IRTemp e1 = newTemp(Ity_I64);
7407 UChar amt, size;
7408 vassert(epartIsReg(rm));
7409 vassert(gregLO3ofRM(rm) == 2
7410 || gregLO3ofRM(rm) == 4 || gregLO3ofRM(rm) == 6);
7411 amt = getUChar(delta+1);
7412 delta += 2;
7413 DIP("%s $%d,%s\n", opname,
7414 (Int)amt,
7415 nameMMXReg(eregLO3ofRM(rm)) );
7416
7417 assign( e0, getMMXReg(eregLO3ofRM(rm)) );
7418
7419 shl = shr = sar = False;
7420 size = 0;
7421 switch (op) {
7422 case Iop_ShlN16x4: shl = True; size = 16; break;
7423 case Iop_ShlN32x2: shl = True; size = 32; break;
7424 case Iop_Shl64: shl = True; size = 64; break;
7425 case Iop_SarN16x4: sar = True; size = 16; break;
7426 case Iop_SarN32x2: sar = True; size = 32; break;
7427 case Iop_ShrN16x4: shr = True; size = 16; break;
7428 case Iop_ShrN32x2: shr = True; size = 32; break;
7429 case Iop_Shr64: shr = True; size = 64; break;
7430 default: vassert(0);
7431 }
7432
7433 if (shl || shr) {
7434 assign( e1, amt >= size
7435 ? mkU64(0)
7436 : binop(op, mkexpr(e0), mkU8(amt))
7437 );
7438 } else
7439 if (sar) {
7440 assign( e1, amt >= size
7441 ? binop(op, mkexpr(e0), mkU8(size-1))
7442 : binop(op, mkexpr(e0), mkU8(amt))
7443 );
7444 } else {
7445 vassert(0);
7446 }
7447
7448 putMMXReg( eregLO3ofRM(rm), mkexpr(e1) );
7449 return delta;
7450 }
7451
7452
7453 /* Completely handle all MMX instructions except emms. */
7454
7455 static
7456 ULong dis_MMX ( Bool* decode_ok,
7457 const VexAbiInfo* vbi, Prefix pfx, Int sz, Long delta )
7458 {
7459 Int len;
7460 UChar modrm;
7461 HChar dis_buf[50];
7462 UChar opc = getUChar(delta);
7463 delta++;
7464
7465 /* dis_MMX handles all insns except emms. */
7466 do_MMX_preamble();
7467
7468 switch (opc) {
7469
7470 case 0x6E:
7471 if (sz == 4) {
7472 /* MOVD (src)ireg32-or-mem32 (E), (dst)mmxreg (G)*/
7473 modrm = getUChar(delta);
7474 if (epartIsReg(modrm)) {
7475 delta++;
7476 putMMXReg(
7477 gregLO3ofRM(modrm),
7478 binop( Iop_32HLto64,
7479 mkU32(0),
7480 getIReg32(eregOfRexRM(pfx,modrm)) ) );
7481 DIP("movd %s, %s\n",
7482 nameIReg32(eregOfRexRM(pfx,modrm)),
7483 nameMMXReg(gregLO3ofRM(modrm)));
7484 } else {
7485 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
7486 delta += len;
7487 putMMXReg(
7488 gregLO3ofRM(modrm),
7489 binop( Iop_32HLto64,
7490 mkU32(0),
7491 loadLE(Ity_I32, mkexpr(addr)) ) );
7492 DIP("movd %s, %s\n", dis_buf, nameMMXReg(gregLO3ofRM(modrm)));
7493 }
7494 }
7495 else
7496 if (sz == 8) {
7497 /* MOVD (src)ireg64-or-mem64 (E), (dst)mmxreg (G)*/
7498 modrm = getUChar(delta);
7499 if (epartIsReg(modrm)) {
7500 delta++;
7501 putMMXReg( gregLO3ofRM(modrm),
7502 getIReg64(eregOfRexRM(pfx,modrm)) );
7503 DIP("movd %s, %s\n",
7504 nameIReg64(eregOfRexRM(pfx,modrm)),
7505 nameMMXReg(gregLO3ofRM(modrm)));
7506 } else {
7507 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
7508 delta += len;
7509 putMMXReg( gregLO3ofRM(modrm),
7510 loadLE(Ity_I64, mkexpr(addr)) );
7511 DIP("movd{64} %s, %s\n", dis_buf, nameMMXReg(gregLO3ofRM(modrm)));
7512 }
7513 }
7514 else {
7515 goto mmx_decode_failure;
7516 }
7517 break;
7518
7519 case 0x7E:
7520 if (sz == 4) {
7521 /* MOVD (src)mmxreg (G), (dst)ireg32-or-mem32 (E) */
7522 modrm = getUChar(delta);
7523 if (epartIsReg(modrm)) {
7524 delta++;
7525 putIReg32( eregOfRexRM(pfx,modrm),
7526 unop(Iop_64to32, getMMXReg(gregLO3ofRM(modrm)) ) );
7527 DIP("movd %s, %s\n",
7528 nameMMXReg(gregLO3ofRM(modrm)),
7529 nameIReg32(eregOfRexRM(pfx,modrm)));
7530 } else {
7531 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
7532 delta += len;
7533 storeLE( mkexpr(addr),
7534 unop(Iop_64to32, getMMXReg(gregLO3ofRM(modrm)) ) );
7535 DIP("movd %s, %s\n", nameMMXReg(gregLO3ofRM(modrm)), dis_buf);
7536 }
7537 }
7538 else
7539 if (sz == 8) {
7540 /* MOVD (src)mmxreg (G), (dst)ireg64-or-mem64 (E) */
7541 modrm = getUChar(delta);
7542 if (epartIsReg(modrm)) {
7543 delta++;
7544 putIReg64( eregOfRexRM(pfx,modrm),
7545 getMMXReg(gregLO3ofRM(modrm)) );
7546 DIP("movd %s, %s\n",
7547 nameMMXReg(gregLO3ofRM(modrm)),
7548 nameIReg64(eregOfRexRM(pfx,modrm)));
7549 } else {
7550 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
7551 delta += len;
7552 storeLE( mkexpr(addr),
7553 getMMXReg(gregLO3ofRM(modrm)) );
7554 DIP("movd{64} %s, %s\n", nameMMXReg(gregLO3ofRM(modrm)), dis_buf);
7555 }
7556 } else {
7557 goto mmx_decode_failure;
7558 }
7559 break;
7560
7561 case 0x6F:
7562 /* MOVQ (src)mmxreg-or-mem, (dst)mmxreg */
7563 if (sz != 4
7564 && /*ignore redundant REX.W*/!(sz==8 && haveNo66noF2noF3(pfx)))
7565 goto mmx_decode_failure;
7566 modrm = getUChar(delta);
7567 if (epartIsReg(modrm)) {
7568 delta++;
7569 putMMXReg( gregLO3ofRM(modrm), getMMXReg(eregLO3ofRM(modrm)) );
7570 DIP("movq %s, %s\n",
7571 nameMMXReg(eregLO3ofRM(modrm)),
7572 nameMMXReg(gregLO3ofRM(modrm)));
7573 } else {
7574 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
7575 delta += len;
7576 putMMXReg( gregLO3ofRM(modrm), loadLE(Ity_I64, mkexpr(addr)) );
7577 DIP("movq %s, %s\n",
7578 dis_buf, nameMMXReg(gregLO3ofRM(modrm)));
7579 }
7580 break;
7581
7582 case 0x7F:
7583 /* MOVQ (src)mmxreg, (dst)mmxreg-or-mem */
7584 if (sz != 4
7585 && /*ignore redundant REX.W*/!(sz==8 && haveNo66noF2noF3(pfx)))
7586 goto mmx_decode_failure;
7587 modrm = getUChar(delta);
7588 if (epartIsReg(modrm)) {
7589 delta++;
7590 putMMXReg( eregLO3ofRM(modrm), getMMXReg(gregLO3ofRM(modrm)) );
7591 DIP("movq %s, %s\n",
7592 nameMMXReg(gregLO3ofRM(modrm)),
7593 nameMMXReg(eregLO3ofRM(modrm)));
7594 } else {
7595 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
7596 delta += len;
7597 storeLE( mkexpr(addr), getMMXReg(gregLO3ofRM(modrm)) );
7598 DIP("mov(nt)q %s, %s\n",
7599 nameMMXReg(gregLO3ofRM(modrm)), dis_buf);
7600 }
7601 break;
7602
7603 case 0xFC:
7604 case 0xFD:
7605 case 0xFE: /* PADDgg (src)mmxreg-or-mem, (dst)mmxreg */
7606 if (sz != 4)
7607 goto mmx_decode_failure;
7608 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "padd", True );
7609 break;
7610
7611 case 0xEC:
7612 case 0xED: /* PADDSgg (src)mmxreg-or-mem, (dst)mmxreg */
7613 if (sz != 4
7614 && /*ignore redundant REX.W*/!(sz==8 && haveNo66noF2noF3(pfx)))
7615 goto mmx_decode_failure;
7616 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "padds", True );
7617 break;
7618
7619 case 0xDC:
7620 case 0xDD: /* PADDUSgg (src)mmxreg-or-mem, (dst)mmxreg */
7621 if (sz != 4)
7622 goto mmx_decode_failure;
7623 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "paddus", True );
7624 break;
7625
7626 case 0xF8:
7627 case 0xF9:
7628 case 0xFA: /* PSUBgg (src)mmxreg-or-mem, (dst)mmxreg */
7629 if (sz != 4)
7630 goto mmx_decode_failure;
7631 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "psub", True );
7632 break;
7633
7634 case 0xE8:
7635 case 0xE9: /* PSUBSgg (src)mmxreg-or-mem, (dst)mmxreg */
7636 if (sz != 4)
7637 goto mmx_decode_failure;
7638 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "psubs", True );
7639 break;
7640
7641 case 0xD8:
7642 case 0xD9: /* PSUBUSgg (src)mmxreg-or-mem, (dst)mmxreg */
7643 if (sz != 4)
7644 goto mmx_decode_failure;
7645 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "psubus", True );
7646 break;
7647
7648 case 0xE5: /* PMULHW (src)mmxreg-or-mem, (dst)mmxreg */
7649 if (sz != 4)
7650 goto mmx_decode_failure;
7651 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "pmulhw", False );
7652 break;
7653
7654 case 0xD5: /* PMULLW (src)mmxreg-or-mem, (dst)mmxreg */
7655 if (sz != 4)
7656 goto mmx_decode_failure;
7657 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "pmullw", False );
7658 break;
7659
7660 case 0xF5: /* PMADDWD (src)mmxreg-or-mem, (dst)mmxreg */
7661 vassert(sz == 4);
7662 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "pmaddwd", False );
7663 break;
7664
7665 case 0x74:
7666 case 0x75:
7667 case 0x76: /* PCMPEQgg (src)mmxreg-or-mem, (dst)mmxreg */
7668 if (sz != 4)
7669 goto mmx_decode_failure;
7670 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "pcmpeq", True );
7671 break;
7672
7673 case 0x64:
7674 case 0x65:
7675 case 0x66: /* PCMPGTgg (src)mmxreg-or-mem, (dst)mmxreg */
7676 if (sz != 4)
7677 goto mmx_decode_failure;
7678 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "pcmpgt", True );
7679 break;
7680
7681 case 0x6B: /* PACKSSDW (src)mmxreg-or-mem, (dst)mmxreg */
7682 if (sz != 4)
7683 goto mmx_decode_failure;
7684 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "packssdw", False );
7685 break;
7686
7687 case 0x63: /* PACKSSWB (src)mmxreg-or-mem, (dst)mmxreg */
7688 if (sz != 4)
7689 goto mmx_decode_failure;
7690 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "packsswb", False );
7691 break;
7692
7693 case 0x67: /* PACKUSWB (src)mmxreg-or-mem, (dst)mmxreg */
7694 if (sz != 4)
7695 goto mmx_decode_failure;
7696 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "packuswb", False );
7697 break;
7698
7699 case 0x68:
7700 case 0x69:
7701 case 0x6A: /* PUNPCKHgg (src)mmxreg-or-mem, (dst)mmxreg */
7702 if (sz != 4
7703 && /*ignore redundant REX.W*/!(sz==8 && haveNo66noF2noF3(pfx)))
7704 goto mmx_decode_failure;
7705 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "punpckh", True );
7706 break;
7707
7708 case 0x60:
7709 case 0x61:
7710 case 0x62: /* PUNPCKLgg (src)mmxreg-or-mem, (dst)mmxreg */
7711 if (sz != 4
7712 && /*ignore redundant REX.W*/!(sz==8 && haveNo66noF2noF3(pfx)))
7713 goto mmx_decode_failure;
7714 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "punpckl", True );
7715 break;
7716
7717 case 0xDB: /* PAND (src)mmxreg-or-mem, (dst)mmxreg */
7718 if (sz != 4)
7719 goto mmx_decode_failure;
7720 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "pand", False );
7721 break;
7722
7723 case 0xDF: /* PANDN (src)mmxreg-or-mem, (dst)mmxreg */
7724 if (sz != 4)
7725 goto mmx_decode_failure;
7726 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "pandn", False );
7727 break;
7728
7729 case 0xEB: /* POR (src)mmxreg-or-mem, (dst)mmxreg */
7730 if (sz != 4)
7731 goto mmx_decode_failure;
7732 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "por", False );
7733 break;
7734
7735 case 0xEF: /* PXOR (src)mmxreg-or-mem, (dst)mmxreg */
7736 if (sz != 4)
7737 goto mmx_decode_failure;
7738 delta = dis_MMXop_regmem_to_reg ( vbi, pfx, delta, opc, "pxor", False );
7739 break;
7740
7741 # define SHIFT_BY_REG(_name,_op) \
7742 delta = dis_MMX_shiftG_byE(vbi, pfx, delta, _name, _op); \
7743 break;
7744
7745 /* PSLLgg (src)mmxreg-or-mem, (dst)mmxreg */
7746 case 0xF1: SHIFT_BY_REG("psllw", Iop_ShlN16x4);
7747 case 0xF2: SHIFT_BY_REG("pslld", Iop_ShlN32x2);
7748 case 0xF3: SHIFT_BY_REG("psllq", Iop_Shl64);
7749
7750 /* PSRLgg (src)mmxreg-or-mem, (dst)mmxreg */
7751 case 0xD1: SHIFT_BY_REG("psrlw", Iop_ShrN16x4);
7752 case 0xD2: SHIFT_BY_REG("psrld", Iop_ShrN32x2);
7753 case 0xD3: SHIFT_BY_REG("psrlq", Iop_Shr64);
7754
7755 /* PSRAgg (src)mmxreg-or-mem, (dst)mmxreg */
7756 case 0xE1: SHIFT_BY_REG("psraw", Iop_SarN16x4);
7757 case 0xE2: SHIFT_BY_REG("psrad", Iop_SarN32x2);
7758
7759 # undef SHIFT_BY_REG
7760
7761 case 0x71:
7762 case 0x72:
7763 case 0x73: {
7764 /* (sz==4): PSLLgg/PSRAgg/PSRLgg mmxreg by imm8 */
7765 UChar byte2, subopc;
7766 if (sz != 4)
7767 goto mmx_decode_failure;
7768 byte2 = getUChar(delta); /* amode / sub-opcode */
7769 subopc = toUChar( (byte2 >> 3) & 7 );
7770
7771 # define SHIFT_BY_IMM(_name,_op) \
7772 do { delta = dis_MMX_shiftE_imm(delta,_name,_op); \
7773 } while (0)
7774
7775 if (subopc == 2 /*SRL*/ && opc == 0x71)
7776 SHIFT_BY_IMM("psrlw", Iop_ShrN16x4);
7777 else if (subopc == 2 /*SRL*/ && opc == 0x72)
7778 SHIFT_BY_IMM("psrld", Iop_ShrN32x2);
7779 else if (subopc == 2 /*SRL*/ && opc == 0x73)
7780 SHIFT_BY_IMM("psrlq", Iop_Shr64);
7781
7782 else if (subopc == 4 /*SAR*/ && opc == 0x71)
7783 SHIFT_BY_IMM("psraw", Iop_SarN16x4);
7784 else if (subopc == 4 /*SAR*/ && opc == 0x72)
7785 SHIFT_BY_IMM("psrad", Iop_SarN32x2);
7786
7787 else if (subopc == 6 /*SHL*/ && opc == 0x71)
7788 SHIFT_BY_IMM("psllw", Iop_ShlN16x4);
7789 else if (subopc == 6 /*SHL*/ && opc == 0x72)
7790 SHIFT_BY_IMM("pslld", Iop_ShlN32x2);
7791 else if (subopc == 6 /*SHL*/ && opc == 0x73)
7792 SHIFT_BY_IMM("psllq", Iop_Shl64);
7793
7794 else goto mmx_decode_failure;
7795
7796 # undef SHIFT_BY_IMM
7797 break;
7798 }
7799
7800 case 0xF7: {
7801 IRTemp addr = newTemp(Ity_I64);
7802 IRTemp regD = newTemp(Ity_I64);
7803 IRTemp regM = newTemp(Ity_I64);
7804 IRTemp mask = newTemp(Ity_I64);
7805 IRTemp olddata = newTemp(Ity_I64);
7806 IRTemp newdata = newTemp(Ity_I64);
7807
7808 modrm = getUChar(delta);
7809 if (sz != 4 || (!epartIsReg(modrm)))
7810 goto mmx_decode_failure;
7811 delta++;
7812
7813 assign( addr, handleAddrOverrides( vbi, pfx, getIReg64(R_RDI) ));
7814 assign( regM, getMMXReg( eregLO3ofRM(modrm) ));
7815 assign( regD, getMMXReg( gregLO3ofRM(modrm) ));
7816 assign( mask, binop(Iop_SarN8x8, mkexpr(regM), mkU8(7)) );
7817 assign( olddata, loadLE( Ity_I64, mkexpr(addr) ));
7818 assign( newdata,
7819 binop(Iop_Or64,
7820 binop(Iop_And64,
7821 mkexpr(regD),
7822 mkexpr(mask) ),
7823 binop(Iop_And64,
7824 mkexpr(olddata),
7825 unop(Iop_Not64, mkexpr(mask)))) );
7826 storeLE( mkexpr(addr), mkexpr(newdata) );
7827 DIP("maskmovq %s,%s\n", nameMMXReg( eregLO3ofRM(modrm) ),
7828 nameMMXReg( gregLO3ofRM(modrm) ) );
7829 break;
7830 }
7831
7832 /* --- MMX decode failure --- */
7833 default:
7834 mmx_decode_failure:
7835 *decode_ok = False;
7836 return delta; /* ignored */
7837
7838 }
7839
7840 *decode_ok = True;
7841 return delta;
7842 }
7843
7844
7845 /*------------------------------------------------------------*/
7846 /*--- More misc arithmetic and other obscure insns. ---*/
7847 /*------------------------------------------------------------*/
7848
7849 /* Generate base << amt with vacated places filled with stuff
7850 from xtra. amt guaranteed in 0 .. 63. */
7851 static
7852 IRExpr* shiftL64_with_extras ( IRTemp base, IRTemp xtra, IRTemp amt )
7853 {
7854 /* if amt == 0
7855 then base
7856 else (base << amt) | (xtra >>u (64-amt))
7857 */
7858 return
7859 IRExpr_ITE(
7860 binop(Iop_CmpNE8, mkexpr(amt), mkU8(0)),
7861 binop(Iop_Or64,
7862 binop(Iop_Shl64, mkexpr(base), mkexpr(amt)),
7863 binop(Iop_Shr64, mkexpr(xtra),
7864 binop(Iop_Sub8, mkU8(64), mkexpr(amt)))
7865 ),
7866 mkexpr(base)
7867 );
7868 }
7869
7870 /* Generate base >>u amt with vacated places filled with stuff
7871 from xtra. amt guaranteed in 0 .. 63. */
7872 static
7873 IRExpr* shiftR64_with_extras ( IRTemp xtra, IRTemp base, IRTemp amt )
7874 {
7875 /* if amt == 0
7876 then base
7877 else (base >>u amt) | (xtra << (64-amt))
7878 */
7879 return
7880 IRExpr_ITE(
7881 binop(Iop_CmpNE8, mkexpr(amt), mkU8(0)),
7882 binop(Iop_Or64,
7883 binop(Iop_Shr64, mkexpr(base), mkexpr(amt)),
7884 binop(Iop_Shl64, mkexpr(xtra),
7885 binop(Iop_Sub8, mkU8(64), mkexpr(amt)))
7886 ),
7887 mkexpr(base)
7888 );
7889 }
7890
7891 /* Double length left and right shifts. Apparently only required in
7892 v-size (no b- variant). */
7893 static
7894 ULong dis_SHLRD_Gv_Ev ( const VexAbiInfo* vbi,
7895 Prefix pfx,
7896 Long delta, UChar modrm,
7897 Int sz,
7898 IRExpr* shift_amt,
7899 Bool amt_is_literal,
7900 const HChar* shift_amt_txt,
7901 Bool left_shift )
7902 {
7903 /* shift_amt :: Ity_I8 is the amount to shift. shift_amt_txt is used
7904 for printing it. And eip on entry points at the modrm byte. */
7905 Int len;
7906 HChar dis_buf[50];
7907
7908 IRType ty = szToITy(sz);
7909 IRTemp gsrc = newTemp(ty);
7910 IRTemp esrc = newTemp(ty);
7911 IRTemp addr = IRTemp_INVALID;
7912 IRTemp tmpSH = newTemp(Ity_I8);
7913 IRTemp tmpSS = newTemp(Ity_I8);
7914 IRTemp tmp64 = IRTemp_INVALID;
7915 IRTemp res64 = IRTemp_INVALID;
7916 IRTemp rss64 = IRTemp_INVALID;
7917 IRTemp resTy = IRTemp_INVALID;
7918 IRTemp rssTy = IRTemp_INVALID;
7919 Int mask = sz==8 ? 63 : 31;
7920
7921 vassert(sz == 2 || sz == 4 || sz == 8);
7922
7923 /* The E-part is the destination; this is shifted. The G-part
7924 supplies bits to be shifted into the E-part, but is not
7925 changed.
7926
7927 If shifting left, form a double-length word with E at the top
7928 and G at the bottom, and shift this left. The result is then in
7929 the high part.
7930
7931 If shifting right, form a double-length word with G at the top
7932 and E at the bottom, and shift this right. The result is then
7933 at the bottom. */
7934
7935 /* Fetch the operands. */
7936
7937 assign( gsrc, getIRegG(sz, pfx, modrm) );
7938
7939 if (epartIsReg(modrm)) {
7940 delta++;
7941 assign( esrc, getIRegE(sz, pfx, modrm) );
7942 DIP("sh%cd%c %s, %s, %s\n",
7943 ( left_shift ? 'l' : 'r' ), nameISize(sz),
7944 shift_amt_txt,
7945 nameIRegG(sz, pfx, modrm), nameIRegE(sz, pfx, modrm));
7946 } else {
7947 addr = disAMode ( &len, vbi, pfx, delta, dis_buf,
7948 /* # bytes following amode */
7949 amt_is_literal ? 1 : 0 );
7950 delta += len;
7951 assign( esrc, loadLE(ty, mkexpr(addr)) );
7952 DIP("sh%cd%c %s, %s, %s\n",
7953 ( left_shift ? 'l' : 'r' ), nameISize(sz),
7954 shift_amt_txt,
7955 nameIRegG(sz, pfx, modrm), dis_buf);
7956 }
7957
7958 /* Calculate the masked shift amount (tmpSH), the masked subshift
7959 amount (tmpSS), the shifted value (res64) and the subshifted
7960 value (rss64). */
7961
7962 assign( tmpSH, binop(Iop_And8, shift_amt, mkU8(mask)) );
7963 assign( tmpSS, binop(Iop_And8,
7964 binop(Iop_Sub8, mkexpr(tmpSH), mkU8(1) ),
7965 mkU8(mask)));
7966
7967 tmp64 = newTemp(Ity_I64);
7968 res64 = newTemp(Ity_I64);
7969 rss64 = newTemp(Ity_I64);
7970
7971 if (sz == 2 || sz == 4) {
7972
7973 /* G is xtra; E is data */
7974 /* what a freaking nightmare: */
7975 if (sz == 4 && left_shift) {
7976 assign( tmp64, binop(Iop_32HLto64, mkexpr(esrc), mkexpr(gsrc)) );
7977 assign( res64,
7978 binop(Iop_Shr64,
7979 binop(Iop_Shl64, mkexpr(tmp64), mkexpr(tmpSH)),
7980 mkU8(32)) );
7981 assign( rss64,
7982 binop(Iop_Shr64,
7983 binop(Iop_Shl64, mkexpr(tmp64), mkexpr(tmpSS)),
7984 mkU8(32)) );
7985 }
7986 else
7987 if (sz == 4 && !left_shift) {
7988 assign( tmp64, binop(Iop_32HLto64, mkexpr(gsrc), mkexpr(esrc)) );
7989 assign( res64, binop(Iop_Shr64, mkexpr(tmp64), mkexpr(tmpSH)) );
7990 assign( rss64, binop(Iop_Shr64, mkexpr(tmp64), mkexpr(tmpSS)) );
7991 }
7992 else
7993 if (sz == 2 && left_shift) {
7994 assign( tmp64,
7995 binop(Iop_32HLto64,
7996 binop(Iop_16HLto32, mkexpr(esrc), mkexpr(gsrc)),
7997 binop(Iop_16HLto32, mkexpr(gsrc), mkexpr(gsrc))
7998 ));
7999 /* result formed by shifting [esrc'gsrc'gsrc'gsrc] */
8000 assign( res64,
8001 binop(Iop_Shr64,
8002 binop(Iop_Shl64, mkexpr(tmp64), mkexpr(tmpSH)),
8003 mkU8(48)) );
8004 /* subshift formed by shifting [esrc'0000'0000'0000] */
8005 assign( rss64,
8006 binop(Iop_Shr64,
8007 binop(Iop_Shl64,
8008 binop(Iop_Shl64, unop(Iop_16Uto64, mkexpr(esrc)),
8009 mkU8(48)),
8010 mkexpr(tmpSS)),
8011 mkU8(48)) );
8012 }
8013 else
8014 if (sz == 2 && !left_shift) {
8015 assign( tmp64,
8016 binop(Iop_32HLto64,
8017 binop(Iop_16HLto32, mkexpr(gsrc), mkexpr(gsrc)),
8018 binop(Iop_16HLto32, mkexpr(gsrc), mkexpr(esrc))
8019 ));
8020 /* result formed by shifting [gsrc'gsrc'gsrc'esrc] */
8021 assign( res64, binop(Iop_Shr64, mkexpr(tmp64), mkexpr(tmpSH)) );
8022 /* subshift formed by shifting [0000'0000'0000'esrc] */
8023 assign( rss64, binop(Iop_Shr64,
8024 unop(Iop_16Uto64, mkexpr(esrc)),
8025 mkexpr(tmpSS)) );
8026 }
8027
8028 } else {
8029
8030 vassert(sz == 8);
8031 if (left_shift) {
8032 assign( res64, shiftL64_with_extras( esrc, gsrc, tmpSH ));
8033 assign( rss64, shiftL64_with_extras( esrc, gsrc, tmpSS ));
8034 } else {
8035 assign( res64, shiftR64_with_extras( gsrc, esrc, tmpSH ));
8036 assign( rss64, shiftR64_with_extras( gsrc, esrc, tmpSS ));
8037 }
8038
8039 }
8040
8041 resTy = newTemp(ty);
8042 rssTy = newTemp(ty);
8043 assign( resTy, narrowTo(ty, mkexpr(res64)) );
8044 assign( rssTy, narrowTo(ty, mkexpr(rss64)) );
8045
8046 /* Put result back and write the flags thunk. */
8047 setFlags_DEP1_DEP2_shift ( left_shift ? Iop_Shl64 : Iop_Sar64,
8048 resTy, rssTy, ty, tmpSH );
8049
8050 if (epartIsReg(modrm)) {
8051 putIRegE(sz, pfx, modrm, mkexpr(resTy));
8052 } else {
8053 storeLE( mkexpr(addr), mkexpr(resTy) );
8054 }
8055
8056 if (amt_is_literal) delta++;
8057 return delta;
8058 }
8059
8060
8061 /* Handle BT/BTS/BTR/BTC Gv, Ev. Apparently b-size is not
8062 required. */
8063
8064 typedef enum { BtOpNone, BtOpSet, BtOpReset, BtOpComp } BtOp;
8065
8066 static const HChar* nameBtOp ( BtOp op )
8067 {
8068 switch (op) {
8069 case BtOpNone: return "";
8070 case BtOpSet: return "s";
8071 case BtOpReset: return "r";
8072 case BtOpComp: return "c";
8073 default: vpanic("nameBtOp(amd64)");
8074 }
8075 }
8076
8077
8078 static
8079 ULong dis_bt_G_E ( const VexAbiInfo* vbi,
8080 Prefix pfx, Int sz, Long delta, BtOp op,
8081 /*OUT*/Bool* decode_OK )
8082 {
8083 HChar dis_buf[50];
8084 UChar modrm;
8085 Int len;
8086 IRTemp t_fetched, t_bitno0, t_bitno1, t_bitno2, t_addr0,
8087 t_addr1, t_rsp, t_mask, t_new;
8088
8089 vassert(sz == 2 || sz == 4 || sz == 8);
8090
8091 t_fetched = t_bitno0 = t_bitno1 = t_bitno2
8092 = t_addr0 = t_addr1 = t_rsp
8093 = t_mask = t_new = IRTemp_INVALID;
8094
8095 t_fetched = newTemp(Ity_I8);
8096 t_new = newTemp(Ity_I8);
8097 t_bitno0 = newTemp(Ity_I64);
8098 t_bitno1 = newTemp(Ity_I64);
8099 t_bitno2 = newTemp(Ity_I8);
8100 t_addr1 = newTemp(Ity_I64);
8101 modrm = getUChar(delta);
8102
8103 *decode_OK = True;
8104 if (epartIsReg(modrm)) {
8105 /* F2 and F3 are never acceptable. */
8106 if (haveF2orF3(pfx)) {
8107 *decode_OK = False;
8108 return delta;
8109 }
8110 } else {
8111 /* F2 or F3 (but not both) are allowed, provided LOCK is also
8112 present, and only for the BTC/BTS/BTR cases (not BT). */
8113 if (haveF2orF3(pfx)) {
8114 if (haveF2andF3(pfx) || !haveLOCK(pfx) || op == BtOpNone) {
8115 *decode_OK = False;
8116 return delta;
8117 }
8118 }
8119 }
8120
8121 assign( t_bitno0, widenSto64(getIRegG(sz, pfx, modrm)) );
8122
8123 if (epartIsReg(modrm)) {
8124 delta++;
8125 /* Get it onto the client's stack. Oh, this is a horrible
8126 kludge. See https://bugs.kde.org/show_bug.cgi?id=245925.
8127 Because of the ELF ABI stack redzone, there may be live data
8128 up to 128 bytes below %RSP. So we can't just push it on the
8129 stack, else we may wind up trashing live data, and causing
8130 impossible-to-find simulation errors. (Yes, this did
8131 happen.) So we need to drop RSP before at least 128 before
8132 pushing it. That unfortunately means hitting Memcheck's
8133 fast-case painting code. Ideally we should drop more than
8134 128, to reduce the chances of breaking buggy programs that
8135 have live data below -128(%RSP). Memcheck fast-cases moves
8136 of 288 bytes due to the need to handle ppc64-linux quickly,
8137 so let's use 288. Of course the real fix is to get rid of
8138 this kludge entirely. */
8139 t_rsp = newTemp(Ity_I64);
8140 t_addr0 = newTemp(Ity_I64);
8141
8142 vassert(vbi->guest_stack_redzone_size == 128);
8143 assign( t_rsp, binop(Iop_Sub64, getIReg64(R_RSP), mkU64(288)) );
8144 putIReg64(R_RSP, mkexpr(t_rsp));
8145
8146 storeLE( mkexpr(t_rsp), getIRegE(sz, pfx, modrm) );
8147
8148 /* Make t_addr0 point at it. */
8149 assign( t_addr0, mkexpr(t_rsp) );
8150
8151 /* Mask out upper bits of the shift amount, since we're doing a
8152 reg. */
8153 assign( t_bitno1, binop(Iop_And64,
8154 mkexpr(t_bitno0),
8155 mkU64(sz == 8 ? 63 : sz == 4 ? 31 : 15)) );
8156
8157 } else {
8158 t_addr0 = disAMode ( &len, vbi, pfx, delta, dis_buf, 0 );
8159 delta += len;
8160 assign( t_bitno1, mkexpr(t_bitno0) );
8161 }
8162
8163 /* At this point: t_addr0 is the address being operated on. If it
8164 was a reg, we will have pushed it onto the client's stack.
8165 t_bitno1 is the bit number, suitably masked in the case of a
8166 reg. */
8167
8168 /* Now the main sequence. */
8169 assign( t_addr1,
8170 binop(Iop_Add64,
8171 mkexpr(t_addr0),
8172 binop(Iop_Sar64, mkexpr(t_bitno1), mkU8(3))) );
8173
8174 /* t_addr1 now holds effective address */
8175
8176 assign( t_bitno2,
8177 unop(Iop_64to8,
8178 binop(Iop_And64, mkexpr(t_bitno1), mkU64(7))) );
8179
8180 /* t_bitno2 contains offset of bit within byte */
8181
8182 if (op != BtOpNone) {
8183 t_mask = newTemp(Ity_I8);
8184 assign( t_mask, binop(Iop_Shl8, mkU8(1), mkexpr(t_bitno2)) );
8185 }
8186
8187 /* t_mask is now a suitable byte mask */
8188
8189 assign( t_fetched, loadLE(Ity_I8, mkexpr(t_addr1)) );
8190
8191 if (op != BtOpNone) {
8192 switch (op) {
8193 case BtOpSet:
8194 assign( t_new,
8195 binop(Iop_Or8, mkexpr(t_fetched), mkexpr(t_mask)) );
8196 break;
8197 case BtOpComp:
8198 assign( t_new,
8199 binop(Iop_Xor8, mkexpr(t_fetched), mkexpr(t_mask)) );
8200 break;
8201 case BtOpReset:
8202 assign( t_new,
8203 binop(Iop_And8, mkexpr(t_fetched),
8204 unop(Iop_Not8, mkexpr(t_mask))) );
8205 break;
8206 default:
8207 vpanic("dis_bt_G_E(amd64)");
8208 }
8209 if ((haveLOCK(pfx)) && !epartIsReg(modrm)) {
8210 casLE( mkexpr(t_addr1), mkexpr(t_fetched)/*expd*/,
8211 mkexpr(t_new)/*new*/,
8212 guest_RIP_curr_instr );
8213 } else {
8214 storeLE( mkexpr(t_addr1), mkexpr(t_new) );
8215 }
8216 }
8217
8218 /* Side effect done; now get selected bit into Carry flag. The Intel docs
8219 (as of 2015, at least) say that C holds the result, Z is unchanged, and
8220 O,S,A and P are undefined. However, on Skylake it appears that O,S,A,P
8221 are also unchanged, so let's do that. */
8222 const ULong maskC = AMD64G_CC_MASK_C;
8223 const ULong maskOSZAP = AMD64G_CC_MASK_O | AMD64G_CC_MASK_S
8224 | AMD64G_CC_MASK_Z | AMD64G_CC_MASK_A
8225 | AMD64G_CC_MASK_P;
8226
8227 IRTemp old_rflags = newTemp(Ity_I64);
8228 assign(old_rflags, mk_amd64g_calculate_rflags_all());
8229
8230 IRTemp new_rflags = newTemp(Ity_I64);
8231 assign(new_rflags,
8232 binop(Iop_Or64,
8233 binop(Iop_And64, mkexpr(old_rflags), mkU64(maskOSZAP)),
8234 binop(Iop_And64,
8235 binop(Iop_Shr64,
8236 unop(Iop_8Uto64, mkexpr(t_fetched)),
8237 mkexpr(t_bitno2)),
8238 mkU64(maskC))));
8239
8240 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
8241 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
8242 stmt( IRStmt_Put( OFFB_CC_DEP1, mkexpr(new_rflags) ));
8243 /* Set NDEP even though it isn't used. This makes redundant-PUT
8244 elimination of previous stores to this field work better. */
8245 stmt( IRStmt_Put( OFFB_CC_NDEP, mkU64(0) ));
8246
8247 /* Move reg operand from stack back to reg */
8248 if (epartIsReg(modrm)) {
8249 /* t_rsp still points at it. */
8250 /* only write the reg if actually modifying it; doing otherwise
8251 zeroes the top half erroneously when doing btl due to
8252 standard zero-extend rule */
8253 if (op != BtOpNone)
8254 putIRegE(sz, pfx, modrm, loadLE(szToITy(sz), mkexpr(t_rsp)) );
8255 putIReg64(R_RSP, binop(Iop_Add64, mkexpr(t_rsp), mkU64(288)) );
8256 }
8257
8258 DIP("bt%s%c %s, %s\n",
8259 nameBtOp(op), nameISize(sz), nameIRegG(sz, pfx, modrm),
8260 ( epartIsReg(modrm) ? nameIRegE(sz, pfx, modrm) : dis_buf ) );
8261
8262 return delta;
8263 }
8264
8265
8266
8267 /* Handle BSF/BSR. Only v-size seems necessary. */
8268 static
8269 ULong dis_bs_E_G ( const VexAbiInfo* vbi,
8270 Prefix pfx, Int sz, Long delta, Bool fwds )
8271 {
8272 Bool isReg;
8273 UChar modrm;
8274 HChar dis_buf[50];
8275
8276 IRType ty = szToITy(sz);
8277 IRTemp src = newTemp(ty);
8278 IRTemp dst = newTemp(ty);
8279 IRTemp src64 = newTemp(Ity_I64);
8280 IRTemp dst64 = newTemp(Ity_I64);
8281 IRTemp srcB = newTemp(Ity_I1);
8282
8283 vassert(sz == 8 || sz == 4 || sz == 2);
8284
8285 modrm = getUChar(delta);
8286 isReg = epartIsReg(modrm);
8287 if (isReg) {
8288 delta++;
8289 assign( src, getIRegE(sz, pfx, modrm) );
8290 } else {
8291 Int len;
8292 IRTemp addr = disAMode( &len, vbi, pfx, delta, dis_buf, 0 );
8293 delta += len;
8294 assign( src, loadLE(ty, mkexpr(addr)) );
8295 }
8296
8297 DIP("bs%c%c %s, %s\n",
8298 fwds ? 'f' : 'r', nameISize(sz),
8299 ( isReg ? nameIRegE(sz, pfx, modrm) : dis_buf ),
8300 nameIRegG(sz, pfx, modrm));
8301
8302 /* First, widen src to 64 bits if it is not already. */
8303 assign( src64, widenUto64(mkexpr(src)) );
8304
8305 /* Generate a bool expression which is zero iff the original is
8306 zero, and nonzero otherwise. Ask for a CmpNE version which, if
8307 instrumented by Memcheck, is instrumented expensively, since
8308 this may be used on the output of a preceding movmskb insn,
8309 which has been known to be partially defined, and in need of
8310 careful handling. */
8311 assign( srcB, binop(Iop_ExpCmpNE64, mkexpr(src64), mkU64(0)) );
8312
8313 /* Flags: Z is 1 iff source value is zero. All others
8314 are undefined -- we force them to zero. */
8315 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
8316 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
8317 stmt( IRStmt_Put(
8318 OFFB_CC_DEP1,
8319 IRExpr_ITE( mkexpr(srcB),
8320 /* src!=0 */
8321 mkU64(0),
8322 /* src==0 */
8323 mkU64(AMD64G_CC_MASK_Z)
8324 )
8325 ));
8326 /* Set NDEP even though it isn't used. This makes redundant-PUT
8327 elimination of previous stores to this field work better. */
8328 stmt( IRStmt_Put( OFFB_CC_NDEP, mkU64(0) ));
8329
8330 /* Result: iff source value is zero, we can't use
8331 Iop_Clz64/Iop_Ctz64 as they have no defined result in that case.
8332 But anyway, amd64 semantics say the result is undefined in
8333 such situations. Hence handle the zero case specially. */
8334
8335 /* Bleh. What we compute:
8336
8337 bsf64: if src == 0 then {dst is unchanged}
8338 else Ctz64(src)
8339
8340 bsr64: if src == 0 then {dst is unchanged}
8341 else 63 - Clz64(src)
8342
8343 bsf32: if src == 0 then {dst is unchanged}
8344 else Ctz64(32Uto64(src))
8345
8346 bsr32: if src == 0 then {dst is unchanged}
8347 else 63 - Clz64(32Uto64(src))
8348
8349 bsf16: if src == 0 then {dst is unchanged}
8350 else Ctz64(32Uto64(16Uto32(src)))
8351
8352 bsr16: if src == 0 then {dst is unchanged}
8353 else 63 - Clz64(32Uto64(16Uto32(src)))
8354 */
8355
8356 /* The main computation, guarding against zero. */
8357 assign( dst64,
8358 IRExpr_ITE(
8359 mkexpr(srcB),
8360 /* src != 0 */
8361 fwds ? unop(Iop_Ctz64, mkexpr(src64))
8362 : binop(Iop_Sub64,
8363 mkU64(63),
8364 unop(Iop_Clz64, mkexpr(src64))),
8365 /* src == 0 -- leave dst unchanged */
8366 widenUto64( getIRegG( sz, pfx, modrm ) )
8367 )
8368 );
8369
8370 if (sz == 2)
8371 assign( dst, unop(Iop_64to16, mkexpr(dst64)) );
8372 else
8373 if (sz == 4)
8374 assign( dst, unop(Iop_64to32, mkexpr(dst64)) );
8375 else
8376 assign( dst, mkexpr(dst64) );
8377
8378 /* dump result back */
8379 putIRegG( sz, pfx, modrm, mkexpr(dst) );
8380
8381 return delta;
8382 }
8383
8384
8385 /* swap rAX with the reg specified by reg and REX.B */
8386 static
8387 void codegen_xchg_rAX_Reg ( Prefix pfx, Int sz, UInt regLo3 )
8388 {
8389 IRType ty = szToITy(sz);
8390 IRTemp t1 = newTemp(ty);
8391 IRTemp t2 = newTemp(ty);
8392 vassert(sz == 2 || sz == 4 || sz == 8);
8393 vassert(regLo3 < 8);
8394 if (sz == 8) {
8395 assign( t1, getIReg64(R_RAX) );
8396 assign( t2, getIRegRexB(8, pfx, regLo3) );
8397 putIReg64( R_RAX, mkexpr(t2) );
8398 putIRegRexB(8, pfx, regLo3, mkexpr(t1) );
8399 } else if (sz == 4) {
8400 assign( t1, getIReg32(R_RAX) );
8401 assign( t2, getIRegRexB(4, pfx, regLo3) );
8402 putIReg32( R_RAX, mkexpr(t2) );
8403 putIRegRexB(4, pfx, regLo3, mkexpr(t1) );
8404 } else {
8405 assign( t1, getIReg16(R_RAX) );
8406 assign( t2, getIRegRexB(2, pfx, regLo3) );
8407 putIReg16( R_RAX, mkexpr(t2) );
8408 putIRegRexB(2, pfx, regLo3, mkexpr(t1) );
8409 }
8410 DIP("xchg%c %s, %s\n",
8411 nameISize(sz), nameIRegRAX(sz),
8412 nameIRegRexB(sz,pfx, regLo3));
8413 }
8414
8415
8416 static
8417 void codegen_SAHF ( void )
8418 {
8419 /* Set the flags to:
8420 (amd64g_calculate_flags_all() & AMD64G_CC_MASK_O)
8421 -- retain the old O flag
8422 | (%AH & (AMD64G_CC_MASK_S|AMD64G_CC_MASK_Z|AMD64G_CC_MASK_A
8423 |AMD64G_CC_MASK_P|AMD64G_CC_MASK_C)
8424 */
8425 ULong mask_SZACP = AMD64G_CC_MASK_S|AMD64G_CC_MASK_Z|AMD64G_CC_MASK_A
8426 |AMD64G_CC_MASK_C|AMD64G_CC_MASK_P;
8427 IRTemp oldflags = newTemp(Ity_I64);
8428 assign( oldflags, mk_amd64g_calculate_rflags_all() );
8429 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
8430 stmt( IRStmt_Put( OFFB_CC_NDEP, mkU64(0) ));
8431 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
8432 stmt( IRStmt_Put( OFFB_CC_DEP1,
8433 binop(Iop_Or64,
8434 binop(Iop_And64, mkexpr(oldflags), mkU64(AMD64G_CC_MASK_O)),
8435 binop(Iop_And64,
8436 binop(Iop_Shr64, getIReg64(R_RAX), mkU8(8)),
8437 mkU64(mask_SZACP))
8438 )
8439 ));
8440 }
8441
8442
8443 static
8444 void codegen_LAHF ( void )
8445 {
8446 /* AH <- EFLAGS(SF:ZF:0:AF:0:PF:1:CF) */
8447 IRExpr* rax_with_hole;
8448 IRExpr* new_byte;
8449 IRExpr* new_rax;
8450 ULong mask_SZACP = AMD64G_CC_MASK_S|AMD64G_CC_MASK_Z|AMD64G_CC_MASK_A
8451 |AMD64G_CC_MASK_C|AMD64G_CC_MASK_P;
8452
8453 IRTemp flags = newTemp(Ity_I64);
8454 assign( flags, mk_amd64g_calculate_rflags_all() );
8455
8456 rax_with_hole
8457 = binop(Iop_And64, getIReg64(R_RAX), mkU64(~0xFF00ULL));
8458 new_byte
8459 = binop(Iop_Or64, binop(Iop_And64, mkexpr(flags), mkU64(mask_SZACP)),
8460 mkU64(1<<1));
8461 new_rax
8462 = binop(Iop_Or64, rax_with_hole,
8463 binop(Iop_Shl64, new_byte, mkU8(8)));
8464 putIReg64(R_RAX, new_rax);
8465 }
8466
8467
8468 static
8469 ULong dis_cmpxchg_G_E ( /*OUT*/Bool* ok,
8470 const VexAbiInfo* vbi,
8471 Prefix pfx,
8472 Int size,
8473 Long delta0 )
8474 {
8475 HChar dis_buf[50];
8476 Int len;
8477
8478 IRType ty = szToITy(size);
8479 IRTemp acc = newTemp(ty);
8480 IRTemp src = newTemp(ty);
8481 IRTemp dest = newTemp(ty);
8482 IRTemp dest2 = newTemp(ty);
8483 IRTemp acc2 = newTemp(ty);
8484 IRTemp cond = newTemp(Ity_I1);
8485 IRTemp addr = IRTemp_INVALID;
8486 UChar rm = getUChar(delta0);
8487
8488 /* There are 3 cases to consider:
8489
8490 reg-reg: ignore any lock prefix, generate sequence based
8491 on ITE
8492
8493 reg-mem, not locked: ignore any lock prefix, generate sequence
8494 based on ITE
8495
8496 reg-mem, locked: use IRCAS
8497 */
8498
8499 /* Decide whether F2 or F3 are acceptable. Never for register
8500 case, but for the memory case, one or the other is OK provided
8501 LOCK is also present. */
8502 if (epartIsReg(rm)) {
8503 if (haveF2orF3(pfx)) {
8504 *ok = False;
8505 return delta0;
8506 }
8507 } else {
8508 if (haveF2orF3(pfx)) {
8509 if (haveF2andF3(pfx) || !haveLOCK(pfx)) {
8510 *ok = False;
8511 return delta0;
8512 }
8513 }
8514 }
8515
8516 if (epartIsReg(rm)) {
8517 /* case 1 */
8518 assign( dest, getIRegE(size, pfx, rm) );
8519 delta0++;
8520 assign( src, getIRegG(size, pfx, rm) );
8521 assign( acc, getIRegRAX(size) );
8522 setFlags_DEP1_DEP2(Iop_Sub8, acc, dest, ty);
8523 assign( cond, mk_amd64g_calculate_condition(AMD64CondZ) );
8524 assign( dest2, IRExpr_ITE(mkexpr(cond), mkexpr(src), mkexpr(dest)) );
8525 assign( acc2, IRExpr_ITE(mkexpr(cond), mkexpr(acc), mkexpr(dest)) );
8526 putIRegRAX(size, mkexpr(acc2));
8527 putIRegE(size, pfx, rm, mkexpr(dest2));
8528 DIP("cmpxchg%c %s,%s\n", nameISize(size),
8529 nameIRegG(size,pfx,rm),
8530 nameIRegE(size,pfx,rm) );
8531 }
8532 else if (!epartIsReg(rm) && !haveLOCK(pfx)) {
8533 /* case 2 */
8534 addr = disAMode ( &len, vbi, pfx, delta0, dis_buf, 0 );
8535 assign( dest, loadLE(ty, mkexpr(addr)) );
8536 delta0 += len;
8537 assign( src, getIRegG(size, pfx, rm) );
8538 assign( acc, getIRegRAX(size) );
8539 setFlags_DEP1_DEP2(Iop_Sub8, acc, dest, ty);
8540 assign( cond, mk_amd64g_calculate_condition(AMD64CondZ) );
8541 assign( dest2, IRExpr_ITE(mkexpr(cond), mkexpr(src), mkexpr(dest)) );
8542 assign( acc2, IRExpr_ITE(mkexpr(cond), mkexpr(acc), mkexpr(dest)) );
8543 putIRegRAX(size, mkexpr(acc2));
8544 storeLE( mkexpr(addr), mkexpr(dest2) );
8545 DIP("cmpxchg%c %s,%s\n", nameISize(size),
8546 nameIRegG(size,pfx,rm), dis_buf);
8547 }
8548 else if (!epartIsReg(rm) && haveLOCK(pfx)) {
8549 /* case 3 */
8550 /* src is new value. acc is expected value. dest is old value.
8551 Compute success from the output of the IRCAS, and steer the
8552 new value for RAX accordingly: in case of success, RAX is
8553 unchanged. */
8554 addr = disAMode ( &len, vbi, pfx, delta0, dis_buf, 0 );
8555 delta0 += len;
8556 assign( src, getIRegG(size, pfx, rm) );
8557 assign( acc, getIRegRAX(size) );
8558 stmt( IRStmt_CAS(
8559 mkIRCAS( IRTemp_INVALID, dest, Iend_LE, mkexpr(addr),
8560 NULL, mkexpr(acc), NULL, mkexpr(src) )
8561 ));
8562 setFlags_DEP1_DEP2(Iop_Sub8, acc, dest, ty);
8563 assign( cond, mk_amd64g_calculate_condition(AMD64CondZ) );
8564 assign( acc2, IRExpr_ITE(mkexpr(cond), mkexpr(acc), mkexpr(dest)) );
8565 putIRegRAX(size, mkexpr(acc2));
8566 DIP("cmpxchg%c %s,%s\n", nameISize(size),
8567 nameIRegG(size,pfx,rm), dis_buf);
8568 }
8569 else vassert(0);
8570
8571 *ok = True;
8572 return delta0;
8573 }
8574
8575
8576 /* Handle conditional move instructions of the form
8577 cmovcc E(reg-or-mem), G(reg)
8578
8579 E(src) is reg-or-mem
8580 G(dst) is reg.
8581
8582 If E is reg, --> GET %E, tmps
8583 GET %G, tmpd
8584 CMOVcc tmps, tmpd
8585 PUT tmpd, %G
8586
8587 If E is mem --> (getAddr E) -> tmpa
8588 LD (tmpa), tmps
8589 GET %G, tmpd
8590 CMOVcc tmps, tmpd
8591 PUT tmpd, %G
8592 */
8593 static
8594 ULong dis_cmov_E_G ( const VexAbiInfo* vbi,
8595 Prefix pfx,
8596 Int sz,
8597 AMD64Condcode cond,
8598 Long delta0 )
8599 {
8600 UChar rm = getUChar(delta0);
8601 HChar dis_buf[50];
8602 Int len;
8603
8604 IRType ty = szToITy(sz);
8605 IRTemp tmps = newTemp(ty);
8606 IRTemp tmpd = newTemp(ty);
8607
8608 if (epartIsReg(rm)) {
8609 assign( tmps, getIRegE(sz, pfx, rm) );
8610 assign( tmpd, getIRegG(sz, pfx, rm) );
8611
8612 putIRegG( sz, pfx, rm,
8613 IRExpr_ITE( mk_amd64g_calculate_condition(cond),
8614 mkexpr(tmps),
8615 mkexpr(tmpd) )
8616 );
8617 DIP("cmov%s %s,%s\n", name_AMD64Condcode(cond),
8618 nameIRegE(sz,pfx,rm),
8619 nameIRegG(sz,pfx,rm));
8620 return 1+delta0;
8621 }
8622
8623 /* E refers to memory */
8624 {
8625 IRTemp addr = disAMode ( &len, vbi, pfx, delta0, dis_buf, 0 );
8626 assign( tmps, loadLE(ty, mkexpr(addr)) );
8627 assign( tmpd, getIRegG(sz, pfx, rm) );
8628
8629 putIRegG( sz, pfx, rm,
8630 IRExpr_ITE( mk_amd64g_calculate_condition(cond),
8631 mkexpr(tmps),
8632 mkexpr(tmpd) )
8633 );
8634
8635 DIP("cmov%s %s,%s\n", name_AMD64Condcode(cond),
8636 dis_buf,
8637 nameIRegG(sz,pfx,rm));
8638 return len+delta0;
8639 }
8640 }
8641
8642
8643 static
8644 ULong dis_xadd_G_E ( /*OUT*/Bool* decode_ok,
8645 const VexAbiInfo* vbi,
8646 Prefix pfx, Int sz, Long delta0 )
8647 {
8648 Int len;
8649 UChar rm = getUChar(delta0);
8650 HChar dis_buf[50];
8651
8652 IRType ty = szToITy(sz);
8653 IRTemp tmpd = newTemp(ty);
8654 IRTemp tmpt0 = newTemp(ty);
8655 IRTemp tmpt1 = newTemp(ty);
8656
8657 /* There are 3 cases to consider:
8658
8659 reg-reg: ignore any lock prefix,
8660 generate 'naive' (non-atomic) sequence
8661
8662 reg-mem, not locked: ignore any lock prefix, generate 'naive'
8663 (non-atomic) sequence
8664
8665 reg-mem, locked: use IRCAS
8666 */
8667
8668 if (epartIsReg(rm)) {
8669 /* case 1 */
8670 assign( tmpd, getIRegE(sz, pfx, rm) );
8671 assign( tmpt0, getIRegG(sz, pfx, rm) );
8672 assign( tmpt1, binop(mkSizedOp(ty,Iop_Add8),
8673 mkexpr(tmpd), mkexpr(tmpt0)) );
8674 setFlags_DEP1_DEP2( Iop_Add8, tmpd, tmpt0, ty );
8675 putIRegG(sz, pfx, rm, mkexpr(tmpd));
8676 putIRegE(sz, pfx, rm, mkexpr(tmpt1));
8677 DIP("xadd%c %s, %s\n",
8678 nameISize(sz), nameIRegG(sz,pfx,rm), nameIRegE(sz,pfx,rm));
8679 *decode_ok = True;
8680 return 1+delta0;
8681 }
8682 else if (!epartIsReg(rm) && !haveLOCK(pfx)) {
8683 /* case 2 */
8684 IRTemp addr = disAMode ( &len, vbi, pfx, delta0, dis_buf, 0 );
8685 assign( tmpd, loadLE(ty, mkexpr(addr)) );
8686 assign( tmpt0, getIRegG(sz, pfx, rm) );
8687 assign( tmpt1, binop(mkSizedOp(ty,Iop_Add8),
8688 mkexpr(tmpd), mkexpr(tmpt0)) );
8689 setFlags_DEP1_DEP2( Iop_Add8, tmpd, tmpt0, ty );
8690 storeLE( mkexpr(addr), mkexpr(tmpt1) );
8691 putIRegG(sz, pfx, rm, mkexpr(tmpd));
8692 DIP("xadd%c %s, %s\n",
8693 nameISize(sz), nameIRegG(sz,pfx,rm), dis_buf);
8694 *decode_ok = True;
8695 return len+delta0;
8696 }
8697 else if (!epartIsReg(rm) && haveLOCK(pfx)) {
8698 /* case 3 */
8699 IRTemp addr = disAMode ( &len, vbi, pfx, delta0, dis_buf, 0 );
8700 assign( tmpd, loadLE(ty, mkexpr(addr)) );
8701 assign( tmpt0, getIRegG(sz, pfx, rm) );
8702 assign( tmpt1, binop(mkSizedOp(ty,Iop_Add8),
8703 mkexpr(tmpd), mkexpr(tmpt0)) );
8704 casLE( mkexpr(addr), mkexpr(tmpd)/*expVal*/,
8705 mkexpr(tmpt1)/*newVal*/, guest_RIP_curr_instr );
8706 setFlags_DEP1_DEP2( Iop_Add8, tmpd, tmpt0, ty );
8707 putIRegG(sz, pfx, rm, mkexpr(tmpd));
8708 DIP("xadd%c %s, %s\n",
8709 nameISize(sz), nameIRegG(sz,pfx,rm), dis_buf);
8710 *decode_ok = True;
8711 return len+delta0;
8712 }
8713 /*UNREACHED*/
8714 vassert(0);
8715 }
8716
8717 //.. /* Move 16 bits from Ew (ireg or mem) to G (a segment register). */
8718 //..
8719 //.. static
8720 //.. UInt dis_mov_Ew_Sw ( UChar sorb, Long delta0 )
8721 //.. {
8722 //.. Int len;
8723 //.. IRTemp addr;
8724 //.. UChar rm = getUChar(delta0);
8725 //.. HChar dis_buf[50];
8726 //..
8727 //.. if (epartIsReg(rm)) {
8728 //.. putSReg( gregOfRM(rm), getIReg(2, eregOfRM(rm)) );
8729 //.. DIP("movw %s,%s\n", nameIReg(2,eregOfRM(rm)), nameSReg(gregOfRM(rm)));
8730 //.. return 1+delta0;
8731 //.. } else {
8732 //.. addr = disAMode ( &len, sorb, delta0, dis_buf );
8733 //.. putSReg( gregOfRM(rm), loadLE(Ity_I16, mkexpr(addr)) );
8734 //.. DIP("movw %s,%s\n", dis_buf, nameSReg(gregOfRM(rm)));
8735 //.. return len+delta0;
8736 //.. }
8737 //.. }
8738 //..
8739 //.. /* Move 16 bits from G (a segment register) to Ew (ireg or mem). If
8740 //.. dst is ireg and sz==4, zero out top half of it. */
8741 //..
8742 //.. static
8743 //.. UInt dis_mov_Sw_Ew ( UChar sorb,
8744 //.. Int sz,
8745 //.. UInt delta0 )
8746 //.. {
8747 //.. Int len;
8748 //.. IRTemp addr;
8749 //.. UChar rm = getUChar(delta0);
8750 //.. HChar dis_buf[50];
8751 //..
8752 //.. vassert(sz == 2 || sz == 4);
8753 //..
8754 //.. if (epartIsReg(rm)) {
8755 //.. if (sz == 4)
8756 //.. putIReg(4, eregOfRM(rm), unop(Iop_16Uto32, getSReg(gregOfRM(rm))));
8757 //.. else
8758 //.. putIReg(2, eregOfRM(rm), getSReg(gregOfRM(rm)));
8759 //..
8760 //.. DIP("mov %s,%s\n", nameSReg(gregOfRM(rm)), nameIReg(sz,eregOfRM(rm)));
8761 //.. return 1+delta0;
8762 //.. } else {
8763 //.. addr = disAMode ( &len, sorb, delta0, dis_buf );
8764 //.. storeLE( mkexpr(addr), getSReg(gregOfRM(rm)) );
8765 //.. DIP("mov %s,%s\n", nameSReg(gregOfRM(rm)), dis_buf);
8766 //.. return len+delta0;
8767 //.. }
8768 //.. }
8769
8770 /* Handle move instructions of the form
8771 mov S, E meaning
8772 mov sreg, reg-or-mem
8773 Is passed the a ptr to the modRM byte, and the data size. Returns
8774 the address advanced completely over this instruction.
8775
8776 VEX does not currently simulate segment registers on AMD64 which means that
8777 instead of moving a value of a segment register, zero is moved to the
8778 destination. The zero value represents a null (unused) selector. This is
8779 not correct (especially for the %cs, %fs and %gs registers) but it seems to
8780 provide a sufficient simulation for currently seen programs that use this
8781 instruction. If some program actually decides to use the obtained segment
8782 selector for something meaningful then the zero value should be a clear
8783 indicator that there is some problem.
8784
8785 S(src) is sreg.
8786 E(dst) is reg-or-mem
8787
8788 If E is reg, --> PUT $0, %E
8789
8790 If E is mem, --> (getAddr E) -> tmpa
8791 ST $0, (tmpa)
8792 */
8793 static
8794 ULong dis_mov_S_E ( const VexAbiInfo* vbi,
8795 Prefix pfx,
8796 Int size,
8797 Long delta0 )
8798 {
8799 Int len;
8800 UChar rm = getUChar(delta0);
8801 HChar dis_buf[50];
8802
8803 if (epartIsReg(rm)) {
8804 putIRegE(size, pfx, rm, mkU(szToITy(size), 0));
8805 DIP("mov %s,%s\n", nameSReg(gregOfRexRM(pfx, rm)),
8806 nameIRegE(size, pfx, rm));
8807 return 1+delta0;
8808 }
8809
8810 /* E refers to memory */
8811 {
8812 IRTemp addr = disAMode(&len, vbi, pfx, delta0, dis_buf, 0);
8813 storeLE(mkexpr(addr), mkU16(0));
8814 DIP("mov %s,%s\n", nameSReg(gregOfRexRM(pfx, rm)),
8815 dis_buf);
8816 return len+delta0;
8817 }
8818 }
8819
8820 //.. static
8821 //.. void dis_push_segreg ( UInt sreg, Int sz )
8822 //.. {
8823 //.. IRTemp t1 = newTemp(Ity_I16);
8824 //.. IRTemp ta = newTemp(Ity_I32);
8825 //.. vassert(sz == 2 || sz == 4);
8826 //..
8827 //.. assign( t1, getSReg(sreg) );
8828 //.. assign( ta, binop(Iop_Sub32, getIReg(4, R_ESP), mkU32(sz)) );
8829 //.. putIReg(4, R_ESP, mkexpr(ta));
8830 //.. storeLE( mkexpr(ta), mkexpr(t1) );
8831 //..
8832 //.. DIP("pushw %s\n", nameSReg(sreg));
8833 //.. }
8834 //..
8835 //.. static
8836 //.. void dis_pop_segreg ( UInt sreg, Int sz )
8837 //.. {
8838 //.. IRTemp t1 = newTemp(Ity_I16);
8839 //.. IRTemp ta = newTemp(Ity_I32);
8840 //.. vassert(sz == 2 || sz == 4);
8841 //..
8842 //.. assign( ta, getIReg(4, R_ESP) );
8843 //.. assign( t1, loadLE(Ity_I16, mkexpr(ta)) );
8844 //..
8845 //.. putIReg(4, R_ESP, binop(Iop_Add32, mkexpr(ta), mkU32(sz)) );
8846 //.. putSReg( sreg, mkexpr(t1) );
8847 //.. DIP("pop %s\n", nameSReg(sreg));
8848 //.. }
8849
8850 static
8851 void dis_ret ( /*MOD*/DisResult* dres, const VexAbiInfo* vbi, ULong d64 )
8852 {
8853 IRTemp t1 = newTemp(Ity_I64);
8854 IRTemp t2 = newTemp(Ity_I64);
8855 IRTemp t3 = newTemp(Ity_I64);
8856 assign(t1, getIReg64(R_RSP));
8857 assign(t2, loadLE(Ity_I64,mkexpr(t1)));
8858 assign(t3, binop(Iop_Add64, mkexpr(t1), mkU64(8+d64)));
8859 putIReg64(R_RSP, mkexpr(t3));
8860 make_redzone_AbiHint(vbi, t3, t2/*nia*/, "ret");
8861 jmp_treg(dres, Ijk_Ret, t2);
8862 vassert(dres->whatNext == Dis_StopHere);
8863 }
8864
8865
8866 /*------------------------------------------------------------*/
8867 /*--- SSE/SSE2/SSE3 helpers ---*/
8868 /*------------------------------------------------------------*/
8869
8870 /* Indicates whether the op requires a rounding-mode argument. Note
8871 that this covers only vector floating point arithmetic ops, and
8872 omits the scalar ones that need rounding modes. Note also that
8873 inconsistencies here will get picked up later by the IR sanity
8874 checker, so this isn't correctness-critical. */
8875 static Bool requiresRMode ( IROp op )
8876 {
8877 switch (op) {
8878 /* 128 bit ops */
8879 case Iop_Add32Fx4: case Iop_Sub32Fx4:
8880 case Iop_Mul32Fx4: case Iop_Div32Fx4:
8881 case Iop_Add64Fx2: case Iop_Sub64Fx2:
8882 case Iop_Mul64Fx2: case Iop_Div64Fx2:
8883 /* 256 bit ops */
8884 case Iop_Add32Fx8: case Iop_Sub32Fx8:
8885 case Iop_Mul32Fx8: case Iop_Div32Fx8:
8886 case Iop_Add64Fx4: case Iop_Sub64Fx4:
8887 case Iop_Mul64Fx4: case Iop_Div64Fx4:
8888 return True;
8889 default:
8890 break;
8891 }
8892 return False;
8893 }
8894
8895
8896 /* Worker function; do not call directly.
8897 Handles full width G = G `op` E and G = (not G) `op` E.
8898 */
8899
8900 static ULong dis_SSE_E_to_G_all_wrk (
8901 const VexAbiInfo* vbi,
8902 Prefix pfx, Long delta,
8903 const HChar* opname, IROp op,
8904 Bool invertG
8905 )
8906 {
8907 HChar dis_buf[50];
8908 Int alen;
8909 IRTemp addr;
8910 UChar rm = getUChar(delta);
8911 Bool needsRMode = requiresRMode(op);
8912 IRExpr* gpart
8913 = invertG ? unop(Iop_NotV128, getXMMReg(gregOfRexRM(pfx,rm)))
8914 : getXMMReg(gregOfRexRM(pfx,rm));
8915 if (epartIsReg(rm)) {
8916 putXMMReg(
8917 gregOfRexRM(pfx,rm),
8918 needsRMode
8919 ? triop(op, get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
8920 gpart,
8921 getXMMReg(eregOfRexRM(pfx,rm)))
8922 : binop(op, gpart,
8923 getXMMReg(eregOfRexRM(pfx,rm)))
8924 );
8925 DIP("%s %s,%s\n", opname,
8926 nameXMMReg(eregOfRexRM(pfx,rm)),
8927 nameXMMReg(gregOfRexRM(pfx,rm)) );
8928 return delta+1;
8929 } else {
8930 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
8931 putXMMReg(
8932 gregOfRexRM(pfx,rm),
8933 needsRMode
8934 ? triop(op, get_FAKE_roundingmode(), /* XXXROUNDINGFIXME */
8935 gpart,
8936 loadLE(Ity_V128, mkexpr(addr)))
8937 : binop(op, gpart,
8938 loadLE(Ity_V128, mkexpr(addr)))
8939 );
8940 DIP("%s %s,%s\n", opname,
8941 dis_buf,
8942 nameXMMReg(gregOfRexRM(pfx,rm)) );
8943 return delta+alen;
8944 }
8945 }
8946
8947
8948 /* All lanes SSE binary operation, G = G `op` E. */
8949
8950 static
8951 ULong dis_SSE_E_to_G_all ( const VexAbiInfo* vbi,
8952 Prefix pfx, Long delta,
8953 const HChar* opname, IROp op )
8954 {
8955 return dis_SSE_E_to_G_all_wrk( vbi, pfx, delta, opname, op, False );
8956 }
8957
8958 /* All lanes SSE binary operation, G = (not G) `op` E. */
8959
8960 static
8961 ULong dis_SSE_E_to_G_all_invG ( const VexAbiInfo* vbi,
8962 Prefix pfx, Long delta,
8963 const HChar* opname, IROp op )
8964 {
8965 return dis_SSE_E_to_G_all_wrk( vbi, pfx, delta, opname, op, True );
8966 }
8967
8968
8969 /* Lowest 32-bit lane only SSE binary operation, G = G `op` E. */
8970
8971 static ULong dis_SSE_E_to_G_lo32 ( const VexAbiInfo* vbi,
8972 Prefix pfx, Long delta,
8973 const HChar* opname, IROp op )
8974 {
8975 HChar dis_buf[50];
8976 Int alen;
8977 IRTemp addr;
8978 UChar rm = getUChar(delta);
8979 IRExpr* gpart = getXMMReg(gregOfRexRM(pfx,rm));
8980 if (epartIsReg(rm)) {
8981 putXMMReg( gregOfRexRM(pfx,rm),
8982 binop(op, gpart,
8983 getXMMReg(eregOfRexRM(pfx,rm))) );
8984 DIP("%s %s,%s\n", opname,
8985 nameXMMReg(eregOfRexRM(pfx,rm)),
8986 nameXMMReg(gregOfRexRM(pfx,rm)) );
8987 return delta+1;
8988 } else {
8989 /* We can only do a 32-bit memory read, so the upper 3/4 of the
8990 E operand needs to be made simply of zeroes. */
8991 IRTemp epart = newTemp(Ity_V128);
8992 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
8993 assign( epart, unop( Iop_32UtoV128,
8994 loadLE(Ity_I32, mkexpr(addr))) );
8995 putXMMReg( gregOfRexRM(pfx,rm),
8996 binop(op, gpart, mkexpr(epart)) );
8997 DIP("%s %s,%s\n", opname,
8998 dis_buf,
8999 nameXMMReg(gregOfRexRM(pfx,rm)) );
9000 return delta+alen;
9001 }
9002 }
9003
9004
9005 /* Lower 64-bit lane only SSE binary operation, G = G `op` E. */
9006
9007 static ULong dis_SSE_E_to_G_lo64 ( const VexAbiInfo* vbi,
9008 Prefix pfx, Long delta,
9009 const HChar* opname, IROp op )
9010 {
9011 HChar dis_buf[50];
9012 Int alen;
9013 IRTemp addr;
9014 UChar rm = getUChar(delta);
9015 IRExpr* gpart = getXMMReg(gregOfRexRM(pfx,rm));
9016 if (epartIsReg(rm)) {
9017 putXMMReg( gregOfRexRM(pfx,rm),
9018 binop(op, gpart,
9019 getXMMReg(eregOfRexRM(pfx,rm))) );
9020 DIP("%s %s,%s\n", opname,
9021 nameXMMReg(eregOfRexRM(pfx,rm)),
9022 nameXMMReg(gregOfRexRM(pfx,rm)) );
9023 return delta+1;
9024 } else {
9025 /* We can only do a 64-bit memory read, so the upper half of the
9026 E operand needs to be made simply of zeroes. */
9027 IRTemp epart = newTemp(Ity_V128);
9028 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
9029 assign( epart, unop( Iop_64UtoV128,
9030 loadLE(Ity_I64, mkexpr(addr))) );
9031 putXMMReg( gregOfRexRM(pfx,rm),
9032 binop(op, gpart, mkexpr(epart)) );
9033 DIP("%s %s,%s\n", opname,
9034 dis_buf,
9035 nameXMMReg(gregOfRexRM(pfx,rm)) );
9036 return delta+alen;
9037 }
9038 }
9039
9040
9041 /* All lanes unary SSE operation, G = op(E). */
9042
9043 static ULong dis_SSE_E_to_G_unary_all (
9044 const VexAbiInfo* vbi,
9045 Prefix pfx, Long delta,
9046 const HChar* opname, IROp op
9047 )
9048 {
9049 HChar dis_buf[50];
9050 Int alen;
9051 IRTemp addr;
9052 UChar rm = getUChar(delta);
9053 // Sqrt32Fx4 and Sqrt64Fx2 take a rounding mode, which is faked
9054 // up in the usual way.
9055 Bool needsIRRM = op == Iop_Sqrt32Fx4 || op == Iop_Sqrt64Fx2;
9056 if (epartIsReg(rm)) {
9057 IRExpr* src = getXMMReg(eregOfRexRM(pfx,rm));
9058 /* XXXROUNDINGFIXME */
9059 IRExpr* res = needsIRRM ? binop(op, get_FAKE_roundingmode(), src)
9060 : unop(op, src);
9061 putXMMReg( gregOfRexRM(pfx,rm), res );
9062 DIP("%s %s,%s\n", opname,
9063 nameXMMReg(eregOfRexRM(pfx,rm)),
9064 nameXMMReg(gregOfRexRM(pfx,rm)) );
9065 return delta+1;
9066 } else {
9067 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
9068 IRExpr* src = loadLE(Ity_V128, mkexpr(addr));
9069 /* XXXROUNDINGFIXME */
9070 IRExpr* res = needsIRRM ? binop(op, get_FAKE_roundingmode(), src)
9071 : unop(op, src);
9072 putXMMReg( gregOfRexRM(pfx,rm), res );
9073 DIP("%s %s,%s\n", opname,
9074 dis_buf,
9075 nameXMMReg(gregOfRexRM(pfx,rm)) );
9076 return delta+alen;
9077 }
9078 }
9079
9080
9081 /* Lowest 32-bit lane only unary SSE operation, G = op(E). */
9082
9083 static ULong dis_SSE_E_to_G_unary_lo32 (
9084 const VexAbiInfo* vbi,
9085 Prefix pfx, Long delta,
9086 const HChar* opname, IROp op
9087 )
9088 {
9089 /* First we need to get the old G value and patch the low 32 bits
9090 of the E operand into it. Then apply op and write back to G. */
9091 HChar dis_buf[50];
9092 Int alen;
9093 IRTemp addr;
9094 UChar rm = getUChar(delta);
9095 IRTemp oldG0 = newTemp(Ity_V128);
9096 IRTemp oldG1 = newTemp(Ity_V128);
9097
9098 assign( oldG0, getXMMReg(gregOfRexRM(pfx,rm)) );
9099
9100 if (epartIsReg(rm)) {
9101 assign( oldG1,
9102 binop( Iop_SetV128lo32,
9103 mkexpr(oldG0),
9104 getXMMRegLane32(eregOfRexRM(pfx,rm), 0)) );
9105 putXMMReg( gregOfRexRM(pfx,rm), unop(op, mkexpr(oldG1)) );
9106 DIP("%s %s,%s\n", opname,
9107 nameXMMReg(eregOfRexRM(pfx,rm)),
9108 nameXMMReg(gregOfRexRM(pfx,rm)) );
9109 return delta+1;
9110 } else {
9111 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
9112 assign( oldG1,
9113 binop( Iop_SetV128lo32,
9114 mkexpr(oldG0),
9115 loadLE(Ity_I32, mkexpr(addr)) ));
9116 putXMMReg( gregOfRexRM(pfx,rm), unop(op, mkexpr(oldG1)) );
9117 DIP("%s %s,%s\n", opname,
9118 dis_buf,
9119 nameXMMReg(gregOfRexRM(pfx,rm)) );
9120 return delta+alen;
9121 }
9122 }
9123
9124
9125 /* Lowest 64-bit lane only unary SSE operation, G = op(E). */
9126
9127 static ULong dis_SSE_E_to_G_unary_lo64 (
9128 const VexAbiInfo* vbi,
9129 Prefix pfx, Long delta,
9130 const HChar* opname, IROp op
9131 )
9132 {
9133 /* First we need to get the old G value and patch the low 64 bits
9134 of the E operand into it. Then apply op and write back to G. */
9135 HChar dis_buf[50];
9136 Int alen;
9137 IRTemp addr;
9138 UChar rm = getUChar(delta);
9139 IRTemp oldG0 = newTemp(Ity_V128);
9140 IRTemp oldG1 = newTemp(Ity_V128);
9141
9142 assign( oldG0, getXMMReg(gregOfRexRM(pfx,rm)) );
9143
9144 if (epartIsReg(rm)) {
9145 assign( oldG1,
9146 binop( Iop_SetV128lo64,
9147 mkexpr(oldG0),
9148 getXMMRegLane64(eregOfRexRM(pfx,rm), 0)) );
9149 putXMMReg( gregOfRexRM(pfx,rm), unop(op, mkexpr(oldG1)) );
9150 DIP("%s %s,%s\n", opname,
9151 nameXMMReg(eregOfRexRM(pfx,rm)),
9152 nameXMMReg(gregOfRexRM(pfx,rm)) );
9153 return delta+1;
9154 } else {
9155 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
9156 assign( oldG1,
9157 binop( Iop_SetV128lo64,
9158 mkexpr(oldG0),
9159 loadLE(Ity_I64, mkexpr(addr)) ));
9160 putXMMReg( gregOfRexRM(pfx,rm), unop(op, mkexpr(oldG1)) );
9161 DIP("%s %s,%s\n", opname,
9162 dis_buf,
9163 nameXMMReg(gregOfRexRM(pfx,rm)) );
9164 return delta+alen;
9165 }
9166 }
9167
9168
9169 /* SSE integer binary operation:
9170 G = G `op` E (eLeft == False)
9171 G = E `op` G (eLeft == True)
9172 */
9173 static ULong dis_SSEint_E_to_G(
9174 const VexAbiInfo* vbi,
9175 Prefix pfx, Long delta,
9176 const HChar* opname, IROp op,
9177 Bool eLeft
9178 )
9179 {
9180 HChar dis_buf[50];
9181 Int alen;
9182 IRTemp addr;
9183 UChar rm = getUChar(delta);
9184 IRExpr* gpart = getXMMReg(gregOfRexRM(pfx,rm));
9185 IRExpr* epart = NULL;
9186 if (epartIsReg(rm)) {
9187 epart = getXMMReg(eregOfRexRM(pfx,rm));
9188 DIP("%s %s,%s\n", opname,
9189 nameXMMReg(eregOfRexRM(pfx,rm)),
9190 nameXMMReg(gregOfRexRM(pfx,rm)) );
9191 delta += 1;
9192 } else {
9193 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
9194 epart = loadLE(Ity_V128, mkexpr(addr));
9195 DIP("%s %s,%s\n", opname,
9196 dis_buf,
9197 nameXMMReg(gregOfRexRM(pfx,rm)) );
9198 delta += alen;
9199 }
9200 putXMMReg( gregOfRexRM(pfx,rm),
9201 eLeft ? binop(op, epart, gpart)
9202 : binop(op, gpart, epart) );
9203 return delta;
9204 }
9205
9206
9207 /* Helper for doing SSE FP comparisons. False return ==> unhandled.
9208 This is all a bit of a kludge in that it ignores the subtleties of
9209 ordered-vs-unordered and signalling-vs-nonsignalling in the Intel
9210 spec. */
9211 static Bool findSSECmpOp ( /*OUT*/Bool* preSwapP,
9212 /*OUT*/IROp* opP,
9213 /*OUT*/Bool* postNotP,
9214 UInt imm8, Bool all_lanes, Int sz )
9215 {
9216 if (imm8 >= 32) return False;
9217
9218 /* First, compute a (preSwap, op, postNot) triple from
9219 the supplied imm8. */
9220 Bool pre = False;
9221 IROp op = Iop_INVALID;
9222 Bool not = False;
9223
9224 # define XXX(_pre, _op, _not) { pre = _pre; op = _op; not = _not; }
9225 // If you add a case here, add a corresponding test for both VCMPSD_128
9226 // and VCMPSS_128 in avx-1.c.
9227 // Cases 0xA and above are
9228 // "Enhanced Comparison Predicate[s] for VEX-Encoded [insns]"
9229 switch (imm8) {
9230 // "O" = ordered, "U" = unordered
9231 // "Q" = non-signalling (quiet), "S" = signalling
9232 //
9233 // swap operands?
9234 // |
9235 // | cmp op invert after?
9236 // | | |
9237 // v v v
9238 case 0x0: XXX(False, Iop_CmpEQ32Fx4, False); break; // EQ_OQ
9239 case 0x8: XXX(False, Iop_CmpEQ32Fx4, False); break; // EQ_UQ
9240 case 0x10: XXX(False, Iop_CmpEQ32Fx4, False); break; // EQ_OS
9241 case 0x18: XXX(False, Iop_CmpEQ32Fx4, False); break; // EQ_US
9242 //
9243 case 0x1: XXX(False, Iop_CmpLT32Fx4, False); break; // LT_OS
9244 case 0x11: XXX(False, Iop_CmpLT32Fx4, False); break; // LT_OQ
9245 //
9246 case 0x2: XXX(False, Iop_CmpLE32Fx4, False); break; // LE_OS
9247 case 0x12: XXX(False, Iop_CmpLE32Fx4, False); break; // LE_OQ
9248 //
9249 case 0x3: XXX(False, Iop_CmpUN32Fx4, False); break; // UNORD_Q
9250 case 0x13: XXX(False, Iop_CmpUN32Fx4, False); break; // UNORD_S
9251 //
9252 // 0xC: this isn't really right because it returns all-1s when
9253 // either operand is a NaN, and it should return all-0s.
9254 case 0x4: XXX(False, Iop_CmpEQ32Fx4, True); break; // NEQ_UQ
9255 case 0xC: XXX(False, Iop_CmpEQ32Fx4, True); break; // NEQ_OQ
9256 case 0x14: XXX(False, Iop_CmpEQ32Fx4, True); break; // NEQ_US
9257 case 0x1C: XXX(False, Iop_CmpEQ32Fx4, True); break; // NEQ_OS
9258 //
9259 case 0x5: XXX(False, Iop_CmpLT32Fx4, True); break; // NLT_US
9260 case 0x15: XXX(False, Iop_CmpLT32Fx4, True); break; // NLT_UQ
9261 //
9262 case 0x6: XXX(False, Iop_CmpLE32Fx4, True); break; // NLE_US
9263 case 0x16: XXX(False, Iop_CmpLE32Fx4, True); break; // NLE_UQ
9264 //
9265 case 0x7: XXX(False, Iop_CmpUN32Fx4, True); break; // ORD_Q
9266 case 0x17: XXX(False, Iop_CmpUN32Fx4, True); break; // ORD_S
9267 //
9268 case 0x9: XXX(True, Iop_CmpLE32Fx4, True); break; // NGE_US
9269 case 0x19: XXX(True, Iop_CmpLE32Fx4, True); break; // NGE_UQ
9270 //
9271 case 0xA: XXX(True, Iop_CmpLT32Fx4, True); break; // NGT_US
9272 case 0x1A: XXX(True, Iop_CmpLT32Fx4, True); break; // NGT_UQ
9273 //
9274 case 0xD: XXX(True, Iop_CmpLE32Fx4, False); break; // GE_OS
9275 case 0x1D: XXX(True, Iop_CmpLE32Fx4, False); break; // GE_OQ
9276 //
9277 case 0xE: XXX(True, Iop_CmpLT32Fx4, False); break; // GT_OS
9278 case 0x1E: XXX(True, Iop_CmpLT32Fx4, False); break; // GT_OQ
9279 // Unhandled:
9280 // 0xB FALSE_OQ
9281 // 0xF TRUE_UQ
9282 // 0x1B FALSE_OS
9283 // 0x1F TRUE_US
9284 /* Don't forget to add test cases to VCMPSS_128_<imm8> in
9285 avx-1.c if new cases turn up. */
9286 default: break;
9287 }
9288 # undef XXX
9289 if (op == Iop_INVALID) return False;
9290
9291 /* Now convert the op into one with the same arithmetic but that is
9292 correct for the width and laneage requirements. */
9293
9294 /**/ if (sz == 4 && all_lanes) {
9295 switch (op) {
9296 case Iop_CmpEQ32Fx4: op = Iop_CmpEQ32Fx4; break;
9297 case Iop_CmpLT32Fx4: op = Iop_CmpLT32Fx4; break;
9298 case Iop_CmpLE32Fx4: op = Iop_CmpLE32Fx4; break;
9299 case Iop_CmpUN32Fx4: op = Iop_CmpUN32Fx4; break;
9300 default: vassert(0);
9301 }
9302 }
9303 else if (sz == 4 && !all_lanes) {
9304 switch (op) {
9305 case Iop_CmpEQ32Fx4: op = Iop_CmpEQ32F0x4; break;
9306 case Iop_CmpLT32Fx4: op = Iop_CmpLT32F0x4; break;
9307 case Iop_CmpLE32Fx4: op = Iop_CmpLE32F0x4; break;
9308 case Iop_CmpUN32Fx4: op = Iop_CmpUN32F0x4; break;
9309 default: vassert(0);
9310 }
9311 }
9312 else if (sz == 8 && all_lanes) {
9313 switch (op) {
9314 case Iop_CmpEQ32Fx4: op = Iop_CmpEQ64Fx2; break;
9315 case Iop_CmpLT32Fx4: op = Iop_CmpLT64Fx2; break;
9316 case Iop_CmpLE32Fx4: op = Iop_CmpLE64Fx2; break;
9317 case Iop_CmpUN32Fx4: op = Iop_CmpUN64Fx2; break;
9318 default: vassert(0);
9319 }
9320 }
9321 else if (sz == 8 && !all_lanes) {
9322 switch (op) {
9323 case Iop_CmpEQ32Fx4: op = Iop_CmpEQ64F0x2; break;
9324 case Iop_CmpLT32Fx4: op = Iop_CmpLT64F0x2; break;
9325 case Iop_CmpLE32Fx4: op = Iop_CmpLE64F0x2; break;
9326 case Iop_CmpUN32Fx4: op = Iop_CmpUN64F0x2; break;
9327 default: vassert(0);
9328 }
9329 }
9330 else {
9331 vpanic("findSSECmpOp(amd64,guest)");
9332 }
9333
9334 *preSwapP = pre; *opP = op; *postNotP = not;
9335 return True;
9336 }
9337
9338
9339 /* Handles SSE 32F/64F comparisons. It can fail, in which case it
9340 returns the original delta to indicate failure. */
9341
9342 static Long dis_SSE_cmp_E_to_G ( const VexAbiInfo* vbi,
9343 Prefix pfx, Long delta,
9344 const HChar* opname, Bool all_lanes, Int sz )
9345 {
9346 Long delta0 = delta;
9347 HChar dis_buf[50];
9348 Int alen;
9349 UInt imm8;
9350 IRTemp addr;
9351 Bool preSwap = False;
9352 IROp op = Iop_INVALID;
9353 Bool postNot = False;
9354 IRTemp plain = newTemp(Ity_V128);
9355 UChar rm = getUChar(delta);
9356 UShort mask = 0;
9357 vassert(sz == 4 || sz == 8);
9358 if (epartIsReg(rm)) {
9359 imm8 = getUChar(delta+1);
9360 if (imm8 >= 8) return delta0; /* FAIL */
9361 Bool ok = findSSECmpOp(&preSwap, &op, &postNot, imm8, all_lanes, sz);
9362 if (!ok) return delta0; /* FAIL */
9363 vassert(!preSwap); /* never needed for imm8 < 8 */
9364 assign( plain, binop(op, getXMMReg(gregOfRexRM(pfx,rm)),
9365 getXMMReg(eregOfRexRM(pfx,rm))) );
9366 delta += 2;
9367 DIP("%s $%u,%s,%s\n", opname,
9368 imm8,
9369 nameXMMReg(eregOfRexRM(pfx,rm)),
9370 nameXMMReg(gregOfRexRM(pfx,rm)) );
9371 } else {
9372 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 1 );
9373 imm8 = getUChar(delta+alen);
9374 if (imm8 >= 8) return delta0; /* FAIL */
9375 Bool ok = findSSECmpOp(&preSwap, &op, &postNot, imm8, all_lanes, sz);
9376 if (!ok) return delta0; /* FAIL */
9377 vassert(!preSwap); /* never needed for imm8 < 8 */
9378 assign( plain,
9379 binop(
9380 op,
9381 getXMMReg(gregOfRexRM(pfx,rm)),
9382 all_lanes
9383 ? loadLE(Ity_V128, mkexpr(addr))
9384 : sz == 8
9385 ? unop( Iop_64UtoV128, loadLE(Ity_I64, mkexpr(addr)))
9386 : /*sz==4*/
9387 unop( Iop_32UtoV128, loadLE(Ity_I32, mkexpr(addr)))
9388 )
9389 );
9390 delta += alen+1;
9391 DIP("%s $%u,%s,%s\n", opname,
9392 imm8,
9393 dis_buf,
9394 nameXMMReg(gregOfRexRM(pfx,rm)) );
9395 }
9396
9397 if (postNot && all_lanes) {
9398 putXMMReg( gregOfRexRM(pfx,rm),
9399 unop(Iop_NotV128, mkexpr(plain)) );
9400 }
9401 else
9402 if (postNot && !all_lanes) {
9403 mask = toUShort(sz==4 ? 0x000F : 0x00FF);
9404 putXMMReg( gregOfRexRM(pfx,rm),
9405 binop(Iop_XorV128, mkexpr(plain), mkV128(mask)) );
9406 }
9407 else {
9408 putXMMReg( gregOfRexRM(pfx,rm), mkexpr(plain) );
9409 }
9410
9411 return delta;
9412 }
9413
9414
9415 /* Vector by scalar shift of G by the amount specified at the bottom
9416 of E. */
9417
9418 static ULong dis_SSE_shiftG_byE ( const VexAbiInfo* vbi,
9419 Prefix pfx, Long delta,
9420 const HChar* opname, IROp op )
9421 {
9422 HChar dis_buf[50];
9423 Int alen, size;
9424 IRTemp addr;
9425 Bool shl, shr, sar;
9426 UChar rm = getUChar(delta);
9427 IRTemp g0 = newTemp(Ity_V128);
9428 IRTemp g1 = newTemp(Ity_V128);
9429 IRTemp amt = newTemp(Ity_I64);
9430 IRTemp amt8 = newTemp(Ity_I8);
9431 if (epartIsReg(rm)) {
9432 assign( amt, getXMMRegLane64(eregOfRexRM(pfx,rm), 0) );
9433 DIP("%s %s,%s\n", opname,
9434 nameXMMReg(eregOfRexRM(pfx,rm)),
9435 nameXMMReg(gregOfRexRM(pfx,rm)) );
9436 delta++;
9437 } else {
9438 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
9439 assign( amt, loadLE(Ity_I64, mkexpr(addr)) );
9440 DIP("%s %s,%s\n", opname,
9441 dis_buf,
9442 nameXMMReg(gregOfRexRM(pfx,rm)) );
9443 delta += alen;
9444 }
9445 assign( g0, getXMMReg(gregOfRexRM(pfx,rm)) );
9446 assign( amt8, unop(Iop_64to8, mkexpr(amt)) );
9447
9448 shl = shr = sar = False;
9449 size = 0;
9450 switch (op) {
9451 case Iop_ShlN16x8: shl = True; size = 32; break;
9452 case Iop_ShlN32x4: shl = True; size = 32; break;
9453 case Iop_ShlN64x2: shl = True; size = 64; break;
9454 case Iop_SarN16x8: sar = True; size = 16; break;
9455 case Iop_SarN32x4: sar = True; size = 32; break;
9456 case Iop_ShrN16x8: shr = True; size = 16; break;
9457 case Iop_ShrN32x4: shr = True; size = 32; break;
9458 case Iop_ShrN64x2: shr = True; size = 64; break;
9459 default: vassert(0);
9460 }
9461
9462 if (shl || shr) {
9463 assign(
9464 g1,
9465 IRExpr_ITE(
9466 binop(Iop_CmpLT64U, mkexpr(amt), mkU64(size)),
9467 binop(op, mkexpr(g0), mkexpr(amt8)),
9468 mkV128(0x0000)
9469 )
9470 );
9471 } else
9472 if (sar) {
9473 assign(
9474 g1,
9475 IRExpr_ITE(
9476 binop(Iop_CmpLT64U, mkexpr(amt), mkU64(size)),
9477 binop(op, mkexpr(g0), mkexpr(amt8)),
9478 binop(op, mkexpr(g0), mkU8(size-1))
9479 )
9480 );
9481 } else {
9482 vassert(0);
9483 }
9484
9485 putXMMReg( gregOfRexRM(pfx,rm), mkexpr(g1) );
9486 return delta;
9487 }
9488
9489
9490 /* Vector by scalar shift of E by an immediate byte. */
9491
9492 static
9493 ULong dis_SSE_shiftE_imm ( Prefix pfx,
9494 Long delta, const HChar* opname, IROp op )
9495 {
9496 Bool shl, shr, sar;
9497 UChar rm = getUChar(delta);
9498 IRTemp e0 = newTemp(Ity_V128);
9499 IRTemp e1 = newTemp(Ity_V128);
9500 UChar amt, size;
9501 vassert(epartIsReg(rm));
9502 vassert(gregLO3ofRM(rm) == 2
9503 || gregLO3ofRM(rm) == 4 || gregLO3ofRM(rm) == 6);
9504 amt = getUChar(delta+1);
9505 delta += 2;
9506 DIP("%s $%d,%s\n", opname,
9507 (Int)amt,
9508 nameXMMReg(eregOfRexRM(pfx,rm)) );
9509 assign( e0, getXMMReg(eregOfRexRM(pfx,rm)) );
9510
9511 shl = shr = sar = False;
9512 size = 0;
9513 switch (op) {
9514 case Iop_ShlN16x8: shl = True; size = 16; break;
9515 case Iop_ShlN32x4: shl = True; size = 32; break;
9516 case Iop_ShlN64x2: shl = True; size = 64; break;
9517 case Iop_SarN16x8: sar = True; size = 16; break;
9518 case Iop_SarN32x4: sar = True; size = 32; break;
9519 case Iop_ShrN16x8: shr = True; size = 16; break;
9520 case Iop_ShrN32x4: shr = True; size = 32; break;
9521 case Iop_ShrN64x2: shr = True; size = 64; break;
9522 default: vassert(0);
9523 }
9524
9525 if (shl || shr) {
9526 assign( e1, amt >= size
9527 ? mkV128(0x0000)
9528 : binop(op, mkexpr(e0), mkU8(amt))
9529 );
9530 } else
9531 if (sar) {
9532 assign( e1, amt >= size
9533 ? binop(op, mkexpr(e0), mkU8(size-1))
9534 : binop(op, mkexpr(e0), mkU8(amt))
9535 );
9536 } else {
9537 vassert(0);
9538 }
9539
9540 putXMMReg( eregOfRexRM(pfx,rm), mkexpr(e1) );
9541 return delta;
9542 }
9543
9544
9545 /* Get the current SSE rounding mode. */
9546
9547 static IRExpr* /* :: Ity_I32 */ get_sse_roundingmode ( void )
9548 {
9549 return
9550 unop( Iop_64to32,
9551 binop( Iop_And64,
9552 IRExpr_Get( OFFB_SSEROUND, Ity_I64 ),
9553 mkU64(3) ));
9554 }
9555
9556 static void put_sse_roundingmode ( IRExpr* sseround )
9557 {
9558 vassert(typeOfIRExpr(irsb->tyenv, sseround) == Ity_I32);
9559 stmt( IRStmt_Put( OFFB_SSEROUND,
9560 unop(Iop_32Uto64,sseround) ) );
9561 }
9562
9563 /* Break a V128-bit value up into four 32-bit ints. */
9564
9565 static void breakupV128to32s ( IRTemp t128,
9566 /*OUTs*/
9567 IRTemp* t3, IRTemp* t2,
9568 IRTemp* t1, IRTemp* t0 )
9569 {
9570 IRTemp hi64 = newTemp(Ity_I64);
9571 IRTemp lo64 = newTemp(Ity_I64);
9572 assign( hi64, unop(Iop_V128HIto64, mkexpr(t128)) );
9573 assign( lo64, unop(Iop_V128to64, mkexpr(t128)) );
9574
9575 vassert(t0 && *t0 == IRTemp_INVALID);
9576 vassert(t1 && *t1 == IRTemp_INVALID);
9577 vassert(t2 && *t2 == IRTemp_INVALID);
9578 vassert(t3 && *t3 == IRTemp_INVALID);
9579
9580 *t0 = newTemp(Ity_I32);
9581 *t1 = newTemp(Ity_I32);
9582 *t2 = newTemp(Ity_I32);
9583 *t3 = newTemp(Ity_I32);
9584 assign( *t0, unop(Iop_64to32, mkexpr(lo64)) );
9585 assign( *t1, unop(Iop_64HIto32, mkexpr(lo64)) );
9586 assign( *t2, unop(Iop_64to32, mkexpr(hi64)) );
9587 assign( *t3, unop(Iop_64HIto32, mkexpr(hi64)) );
9588 }
9589
9590 /* Construct a V128-bit value from four 32-bit ints. */
9591
9592 static IRExpr* mkV128from32s ( IRTemp t3, IRTemp t2,
9593 IRTemp t1, IRTemp t0 )
9594 {
9595 return
9596 binop( Iop_64HLtoV128,
9597 binop(Iop_32HLto64, mkexpr(t3), mkexpr(t2)),
9598 binop(Iop_32HLto64, mkexpr(t1), mkexpr(t0))
9599 );
9600 }
9601
9602 /* Break a 64-bit value up into four 16-bit ints. */
9603
9604 static void breakup64to16s ( IRTemp t64,
9605 /*OUTs*/
9606 IRTemp* t3, IRTemp* t2,
9607 IRTemp* t1, IRTemp* t0 )
9608 {
9609 IRTemp hi32 = newTemp(Ity_I32);
9610 IRTemp lo32 = newTemp(Ity_I32);
9611 assign( hi32, unop(Iop_64HIto32, mkexpr(t64)) );
9612 assign( lo32, unop(Iop_64to32, mkexpr(t64)) );
9613
9614 vassert(t0 && *t0 == IRTemp_INVALID);
9615 vassert(t1 && *t1 == IRTemp_INVALID);
9616 vassert(t2 && *t2 == IRTemp_INVALID);
9617 vassert(t3 && *t3 == IRTemp_INVALID);
9618
9619 *t0 = newTemp(Ity_I16);
9620 *t1 = newTemp(Ity_I16);
9621 *t2 = newTemp(Ity_I16);
9622 *t3 = newTemp(Ity_I16);
9623 assign( *t0, unop(Iop_32to16, mkexpr(lo32)) );
9624 assign( *t1, unop(Iop_32HIto16, mkexpr(lo32)) );
9625 assign( *t2, unop(Iop_32to16, mkexpr(hi32)) );
9626 assign( *t3, unop(Iop_32HIto16, mkexpr(hi32)) );
9627 }
9628
9629 /* Construct a 64-bit value from four 16-bit ints. */
9630
9631 static IRExpr* mk64from16s ( IRTemp t3, IRTemp t2,
9632 IRTemp t1, IRTemp t0 )
9633 {
9634 return
9635 binop( Iop_32HLto64,
9636 binop(Iop_16HLto32, mkexpr(t3), mkexpr(t2)),
9637 binop(Iop_16HLto32, mkexpr(t1), mkexpr(t0))
9638 );
9639 }
9640
9641 /* Break a V256-bit value up into four 64-bit ints. */
9642
9643 static void breakupV256to64s ( IRTemp t256,
9644 /*OUTs*/
9645 IRTemp* t3, IRTemp* t2,
9646 IRTemp* t1, IRTemp* t0 )
9647 {
9648 vassert(t0 && *t0 == IRTemp_INVALID);
9649 vassert(t1 && *t1 == IRTemp_INVALID);
9650 vassert(t2 && *t2 == IRTemp_INVALID);
9651 vassert(t3 && *t3 == IRTemp_INVALID);
9652 *t0 = newTemp(Ity_I64);
9653 *t1 = newTemp(Ity_I64);
9654 *t2 = newTemp(Ity_I64);
9655 *t3 = newTemp(Ity_I64);
9656 assign( *t0, unop(Iop_V256to64_0, mkexpr(t256)) );
9657 assign( *t1, unop(Iop_V256to64_1, mkexpr(t256)) );
9658 assign( *t2, unop(Iop_V256to64_2, mkexpr(t256)) );
9659 assign( *t3, unop(Iop_V256to64_3, mkexpr(t256)) );
9660 }
9661
9662 /* Break a V256-bit value up into two V128s. */
9663
9664 static void breakupV256toV128s ( IRTemp t256,
9665 /*OUTs*/
9666 IRTemp* t1, IRTemp* t0 )
9667 {
9668 vassert(t0 && *t0 == IRTemp_INVALID);
9669 vassert(t1 && *t1 == IRTemp_INVALID);
9670 *t0 = newTemp(Ity_V128);
9671 *t1 = newTemp(Ity_V128);
9672 assign(*t1, unop(Iop_V256toV128_1, mkexpr(t256)));
9673 assign(*t0, unop(Iop_V256toV128_0, mkexpr(t256)));
9674 }
9675
9676 /* Break a V256-bit value up into eight 32-bit ints. */
9677
9678 static void breakupV256to32s ( IRTemp t256,
9679 /*OUTs*/
9680 IRTemp* t7, IRTemp* t6,
9681 IRTemp* t5, IRTemp* t4,
9682 IRTemp* t3, IRTemp* t2,
9683 IRTemp* t1, IRTemp* t0 )
9684 {
9685 IRTemp t128_1 = IRTemp_INVALID;
9686 IRTemp t128_0 = IRTemp_INVALID;
9687 breakupV256toV128s( t256, &t128_1, &t128_0 );
9688 breakupV128to32s( t128_1, t7, t6, t5, t4 );
9689 breakupV128to32s( t128_0, t3, t2, t1, t0 );
9690 }
9691
9692 /* Break a V128-bit value up into two 64-bit ints. */
9693
9694 static void breakupV128to64s ( IRTemp t128,
9695 /*OUTs*/
9696 IRTemp* t1, IRTemp* t0 )
9697 {
9698 vassert(t0 && *t0 == IRTemp_INVALID);
9699 vassert(t1 && *t1 == IRTemp_INVALID);
9700 *t0 = newTemp(Ity_I64);
9701 *t1 = newTemp(Ity_I64);
9702 assign( *t0, unop(Iop_V128to64, mkexpr(t128)) );
9703 assign( *t1, unop(Iop_V128HIto64, mkexpr(t128)) );
9704 }
9705
9706 /* Construct a V256-bit value from eight 32-bit ints. */
9707
9708 static IRExpr* mkV256from32s ( IRTemp t7, IRTemp t6,
9709 IRTemp t5, IRTemp t4,
9710 IRTemp t3, IRTemp t2,
9711 IRTemp t1, IRTemp t0 )
9712 {
9713 return
9714 binop( Iop_V128HLtoV256,
9715 binop( Iop_64HLtoV128,
9716 binop(Iop_32HLto64, mkexpr(t7), mkexpr(t6)),
9717 binop(Iop_32HLto64, mkexpr(t5), mkexpr(t4)) ),
9718 binop( Iop_64HLtoV128,
9719 binop(Iop_32HLto64, mkexpr(t3), mkexpr(t2)),
9720 binop(Iop_32HLto64, mkexpr(t1), mkexpr(t0)) )
9721 );
9722 }
9723
9724 /* Construct a V256-bit value from four 64-bit ints. */
9725
9726 static IRExpr* mkV256from64s ( IRTemp t3, IRTemp t2,
9727 IRTemp t1, IRTemp t0 )
9728 {
9729 return
9730 binop( Iop_V128HLtoV256,
9731 binop(Iop_64HLtoV128, mkexpr(t3), mkexpr(t2)),
9732 binop(Iop_64HLtoV128, mkexpr(t1), mkexpr(t0))
9733 );
9734 }
9735
9736 /* Helper for the SSSE3 (not SSE3) PMULHRSW insns. Given two 64-bit
9737 values (aa,bb), computes, for each of the 4 16-bit lanes:
9738
9739 (((aa_lane *s32 bb_lane) >>u 14) + 1) >>u 1
9740 */
9741 static IRExpr* dis_PMULHRSW_helper ( IRExpr* aax, IRExpr* bbx )
9742 {
9743 IRTemp aa = newTemp(Ity_I64);
9744 IRTemp bb = newTemp(Ity_I64);
9745 IRTemp aahi32s = newTemp(Ity_I64);
9746 IRTemp aalo32s = newTemp(Ity_I64);
9747 IRTemp bbhi32s = newTemp(Ity_I64);
9748 IRTemp bblo32s = newTemp(Ity_I64);
9749 IRTemp rHi = newTemp(Ity_I64);
9750 IRTemp rLo = newTemp(Ity_I64);
9751 IRTemp one32x2 = newTemp(Ity_I64);
9752 assign(aa, aax);
9753 assign(bb, bbx);
9754 assign( aahi32s,
9755 binop(Iop_SarN32x2,
9756 binop(Iop_InterleaveHI16x4, mkexpr(aa), mkexpr(aa)),
9757 mkU8(16) ));
9758 assign( aalo32s,
9759 binop(Iop_SarN32x2,
9760 binop(Iop_InterleaveLO16x4, mkexpr(aa), mkexpr(aa)),
9761 mkU8(16) ));
9762 assign( bbhi32s,
9763 binop(Iop_SarN32x2,
9764 binop(Iop_InterleaveHI16x4, mkexpr(bb), mkexpr(bb)),
9765 mkU8(16) ));
9766 assign( bblo32s,
9767 binop(Iop_SarN32x2,
9768 binop(Iop_InterleaveLO16x4, mkexpr(bb), mkexpr(bb)),
9769 mkU8(16) ));
9770 assign(one32x2, mkU64( (1ULL << 32) + 1 ));
9771 assign(
9772 rHi,
9773 binop(
9774 Iop_ShrN32x2,
9775 binop(
9776 Iop_Add32x2,
9777 binop(
9778 Iop_ShrN32x2,
9779 binop(Iop_Mul32x2, mkexpr(aahi32s), mkexpr(bbhi32s)),
9780 mkU8(14)
9781 ),
9782 mkexpr(one32x2)
9783 ),
9784 mkU8(1)
9785 )
9786 );
9787 assign(
9788 rLo,
9789 binop(
9790 Iop_ShrN32x2,
9791 binop(
9792 Iop_Add32x2,
9793 binop(
9794 Iop_ShrN32x2,
9795 binop(Iop_Mul32x2, mkexpr(aalo32s), mkexpr(bblo32s)),
9796 mkU8(14)
9797 ),
9798 mkexpr(one32x2)
9799 ),
9800 mkU8(1)
9801 )
9802 );
9803 return
9804 binop(Iop_CatEvenLanes16x4, mkexpr(rHi), mkexpr(rLo));
9805 }
9806
9807 /* Helper for the SSSE3 (not SSE3) PSIGN{B,W,D} insns. Given two 64-bit
9808 values (aa,bb), computes, for each lane:
9809
9810 if aa_lane < 0 then - bb_lane
9811 else if aa_lane > 0 then bb_lane
9812 else 0
9813 */
9814 static IRExpr* dis_PSIGN_helper ( IRExpr* aax, IRExpr* bbx, Int laneszB )
9815 {
9816 IRTemp aa = newTemp(Ity_I64);
9817 IRTemp bb = newTemp(Ity_I64);
9818 IRTemp zero = newTemp(Ity_I64);
9819 IRTemp bbNeg = newTemp(Ity_I64);
9820 IRTemp negMask = newTemp(Ity_I64);
9821 IRTemp posMask = newTemp(Ity_I64);
9822 IROp opSub = Iop_INVALID;
9823 IROp opCmpGTS = Iop_INVALID;
9824
9825 switch (laneszB) {
9826 case 1: opSub = Iop_Sub8x8; opCmpGTS = Iop_CmpGT8Sx8; break;
9827 case 2: opSub = Iop_Sub16x4; opCmpGTS = Iop_CmpGT16Sx4; break;
9828 case 4: opSub = Iop_Sub32x2; opCmpGTS = Iop_CmpGT32Sx2; break;
9829 default: vassert(0);
9830 }
9831
9832 assign( aa, aax );
9833 assign( bb, bbx );
9834 assign( zero, mkU64(0) );
9835 assign( bbNeg, binop(opSub, mkexpr(zero), mkexpr(bb)) );
9836 assign( negMask, binop(opCmpGTS, mkexpr(zero), mkexpr(aa)) );
9837 assign( posMask, binop(opCmpGTS, mkexpr(aa), mkexpr(zero)) );
9838
9839 return
9840 binop(Iop_Or64,
9841 binop(Iop_And64, mkexpr(bb), mkexpr(posMask)),
9842 binop(Iop_And64, mkexpr(bbNeg), mkexpr(negMask)) );
9843
9844 }
9845
9846
9847 /* Helper for the SSSE3 (not SSE3) PABS{B,W,D} insns. Given a 64-bit
9848 value aa, computes, for each lane
9849
9850 if aa < 0 then -aa else aa
9851
9852 Note that the result is interpreted as unsigned, so that the
9853 absolute value of the most negative signed input can be
9854 represented.
9855 */
9856 static IRTemp math_PABS_MMX ( IRTemp aa, Int laneszB )
9857 {
9858 IRTemp res = newTemp(Ity_I64);
9859 IRTemp zero = newTemp(Ity_I64);
9860 IRTemp aaNeg = newTemp(Ity_I64);
9861 IRTemp negMask = newTemp(Ity_I64);
9862 IRTemp posMask = newTemp(Ity_I64);
9863 IROp opSub = Iop_INVALID;
9864 IROp opSarN = Iop_INVALID;
9865
9866 switch (laneszB) {
9867 case 1: opSub = Iop_Sub8x8; opSarN = Iop_SarN8x8; break;
9868 case 2: opSub = Iop_Sub16x4; opSarN = Iop_SarN16x4; break;
9869 case 4: opSub = Iop_Sub32x2; opSarN = Iop_SarN32x2; break;
9870 default: vassert(0);
9871 }
9872
9873 assign( negMask, binop(opSarN, mkexpr(aa), mkU8(8*laneszB-1)) );
9874 assign( posMask, unop(Iop_Not64, mkexpr(negMask)) );
9875 assign( zero, mkU64(0) );
9876 assign( aaNeg, binop(opSub, mkexpr(zero), mkexpr(aa)) );
9877 assign( res,
9878 binop(Iop_Or64,
9879 binop(Iop_And64, mkexpr(aa), mkexpr(posMask)),
9880 binop(Iop_And64, mkexpr(aaNeg), mkexpr(negMask)) ));
9881 return res;
9882 }
9883
9884 /* XMM version of math_PABS_MMX. */
9885 static IRTemp math_PABS_XMM ( IRTemp aa, Int laneszB )
9886 {
9887 IRTemp res = newTemp(Ity_V128);
9888 IRTemp aaHi = newTemp(Ity_I64);
9889 IRTemp aaLo = newTemp(Ity_I64);
9890 assign(aaHi, unop(Iop_V128HIto64, mkexpr(aa)));
9891 assign(aaLo, unop(Iop_V128to64, mkexpr(aa)));
9892 assign(res, binop(Iop_64HLtoV128,
9893 mkexpr(math_PABS_MMX(aaHi, laneszB)),
9894 mkexpr(math_PABS_MMX(aaLo, laneszB))));
9895 return res;
9896 }
9897
9898 /* Specialisations of math_PABS_XMM, since there's no easy way to do
9899 partial applications in C :-( */
9900 static IRTemp math_PABS_XMM_pap4 ( IRTemp aa ) {
9901 return math_PABS_XMM(aa, 4);
9902 }
9903
9904 static IRTemp math_PABS_XMM_pap2 ( IRTemp aa ) {
9905 return math_PABS_XMM(aa, 2);
9906 }
9907
9908 static IRTemp math_PABS_XMM_pap1 ( IRTemp aa ) {
9909 return math_PABS_XMM(aa, 1);
9910 }
9911
9912 /* YMM version of math_PABS_XMM. */
9913 static IRTemp math_PABS_YMM ( IRTemp aa, Int laneszB )
9914 {
9915 IRTemp res = newTemp(Ity_V256);
9916 IRTemp aaHi = IRTemp_INVALID;
9917 IRTemp aaLo = IRTemp_INVALID;
9918 breakupV256toV128s(aa, &aaHi, &aaLo);
9919 assign(res, binop(Iop_V128HLtoV256,
9920 mkexpr(math_PABS_XMM(aaHi, laneszB)),
9921 mkexpr(math_PABS_XMM(aaLo, laneszB))));
9922 return res;
9923 }
9924
9925 static IRTemp math_PABS_YMM_pap4 ( IRTemp aa ) {
9926 return math_PABS_YMM(aa, 4);
9927 }
9928
9929 static IRTemp math_PABS_YMM_pap2 ( IRTemp aa ) {
9930 return math_PABS_YMM(aa, 2);
9931 }
9932
9933 static IRTemp math_PABS_YMM_pap1 ( IRTemp aa ) {
9934 return math_PABS_YMM(aa, 1);
9935 }
9936
9937 static IRExpr* dis_PALIGNR_XMM_helper ( IRTemp hi64,
9938 IRTemp lo64, Long byteShift )
9939 {
9940 vassert(byteShift >= 1 && byteShift <= 7);
9941 return
9942 binop(Iop_Or64,
9943 binop(Iop_Shl64, mkexpr(hi64), mkU8(8*(8-byteShift))),
9944 binop(Iop_Shr64, mkexpr(lo64), mkU8(8*byteShift))
9945 );
9946 }
9947
9948 static IRTemp math_PALIGNR_XMM ( IRTemp sV, IRTemp dV, UInt imm8 )
9949 {
9950 IRTemp res = newTemp(Ity_V128);
9951 IRTemp sHi = newTemp(Ity_I64);
9952 IRTemp sLo = newTemp(Ity_I64);
9953 IRTemp dHi = newTemp(Ity_I64);
9954 IRTemp dLo = newTemp(Ity_I64);
9955 IRTemp rHi = newTemp(Ity_I64);
9956 IRTemp rLo = newTemp(Ity_I64);
9957
9958 assign( dHi, unop(Iop_V128HIto64, mkexpr(dV)) );
9959 assign( dLo, unop(Iop_V128to64, mkexpr(dV)) );
9960 assign( sHi, unop(Iop_V128HIto64, mkexpr(sV)) );
9961 assign( sLo, unop(Iop_V128to64, mkexpr(sV)) );
9962
9963 if (imm8 == 0) {
9964 assign( rHi, mkexpr(sHi) );
9965 assign( rLo, mkexpr(sLo) );
9966 }
9967 else if (imm8 >= 1 && imm8 <= 7) {
9968 assign( rHi, dis_PALIGNR_XMM_helper(dLo, sHi, imm8) );
9969 assign( rLo, dis_PALIGNR_XMM_helper(sHi, sLo, imm8) );
9970 }
9971 else if (imm8 == 8) {
9972 assign( rHi, mkexpr(dLo) );
9973 assign( rLo, mkexpr(sHi) );
9974 }
9975 else if (imm8 >= 9 && imm8 <= 15) {
9976 assign( rHi, dis_PALIGNR_XMM_helper(dHi, dLo, imm8-8) );
9977 assign( rLo, dis_PALIGNR_XMM_helper(dLo, sHi, imm8-8) );
9978 }
9979 else if (imm8 == 16) {
9980 assign( rHi, mkexpr(dHi) );
9981 assign( rLo, mkexpr(dLo) );
9982 }
9983 else if (imm8 >= 17 && imm8 <= 23) {
9984 assign( rHi, binop(Iop_Shr64, mkexpr(dHi), mkU8(8*(imm8-16))) );
9985 assign( rLo, dis_PALIGNR_XMM_helper(dHi, dLo, imm8-16) );
9986 }
9987 else if (imm8 == 24) {
9988 assign( rHi, mkU64(0) );
9989 assign( rLo, mkexpr(dHi) );
9990 }
9991 else if (imm8 >= 25 && imm8 <= 31) {
9992 assign( rHi, mkU64(0) );
9993 assign( rLo, binop(Iop_Shr64, mkexpr(dHi), mkU8(8*(imm8-24))) );
9994 }
9995 else if (imm8 >= 32 && imm8 <= 255) {
9996 assign( rHi, mkU64(0) );
9997 assign( rLo, mkU64(0) );
9998 }
9999 else
10000 vassert(0);
10001
10002 assign( res, binop(Iop_64HLtoV128, mkexpr(rHi), mkexpr(rLo)));
10003 return res;
10004 }
10005
10006
10007 /* Generate a SIGSEGV followed by a restart of the current instruction
10008 if effective_addr is not 16-aligned. This is required behaviour
10009 for some SSE3 instructions and all 128-bit SSSE3 instructions.
10010 This assumes that guest_RIP_curr_instr is set correctly! */
10011 static
10012 void gen_SEGV_if_not_XX_aligned ( IRTemp effective_addr, ULong mask )
10013 {
10014 stmt(
10015 IRStmt_Exit(
10016 binop(Iop_CmpNE64,
10017 binop(Iop_And64,mkexpr(effective_addr),mkU64(mask)),
10018 mkU64(0)),
10019 Ijk_SigSEGV,
10020 IRConst_U64(guest_RIP_curr_instr),
10021 OFFB_RIP
10022 )
10023 );
10024 }
10025
10026 static void gen_SEGV_if_not_16_aligned ( IRTemp effective_addr ) {
10027 gen_SEGV_if_not_XX_aligned(effective_addr, 16-1);
10028 }
10029
10030 static void gen_SEGV_if_not_32_aligned ( IRTemp effective_addr ) {
10031 gen_SEGV_if_not_XX_aligned(effective_addr, 32-1);
10032 }
10033
10034 static void gen_SEGV_if_not_64_aligned ( IRTemp effective_addr ) {
10035 gen_SEGV_if_not_XX_aligned(effective_addr, 64-1);
10036 }
10037
10038 /* Helper for deciding whether a given insn (starting at the opcode
10039 byte) may validly be used with a LOCK prefix. The following insns
10040 may be used with LOCK when their destination operand is in memory.
10041 AFAICS this is exactly the same for both 32-bit and 64-bit mode.
10042
10043 ADD 80 /0, 81 /0, 82 /0, 83 /0, 00, 01
10044 OR 80 /1, 81 /1, 82 /x, 83 /1, 08, 09
10045 ADC 80 /2, 81 /2, 82 /2, 83 /2, 10, 11
10046 SBB 81 /3, 81 /3, 82 /x, 83 /3, 18, 19
10047 AND 80 /4, 81 /4, 82 /x, 83 /4, 20, 21
10048 SUB 80 /5, 81 /5, 82 /x, 83 /5, 28, 29
10049 XOR 80 /6, 81 /6, 82 /x, 83 /6, 30, 31
10050
10051 DEC FE /1, FF /1
10052 INC FE /0, FF /0
10053
10054 NEG F6 /3, F7 /3
10055 NOT F6 /2, F7 /2
10056
10057 XCHG 86, 87
10058
10059 BTC 0F BB, 0F BA /7
10060 BTR 0F B3, 0F BA /6
10061 BTS 0F AB, 0F BA /5
10062
10063 CMPXCHG 0F B0, 0F B1
10064 CMPXCHG8B 0F C7 /1
10065
10066 XADD 0F C0, 0F C1
10067
10068 ------------------------------
10069
10070 80 /0 = addb $imm8, rm8
10071 81 /0 = addl $imm32, rm32 and addw $imm16, rm16
10072 82 /0 = addb $imm8, rm8
10073 83 /0 = addl $simm8, rm32 and addw $simm8, rm16
10074
10075 00 = addb r8, rm8
10076 01 = addl r32, rm32 and addw r16, rm16
10077
10078 Same for ADD OR ADC SBB AND SUB XOR
10079
10080 FE /1 = dec rm8
10081 FF /1 = dec rm32 and dec rm16
10082
10083 FE /0 = inc rm8
10084 FF /0 = inc rm32 and inc rm16
10085
10086 F6 /3 = neg rm8
10087 F7 /3 = neg rm32 and neg rm16
10088
10089 F6 /2 = not rm8
10090 F7 /2 = not rm32 and not rm16
10091
10092 0F BB = btcw r16, rm16 and btcl r32, rm32
10093 OF BA /7 = btcw $imm8, rm16 and btcw $imm8, rm32
10094
10095 Same for BTS, BTR
10096 */
10097 static Bool can_be_used_with_LOCK_prefix ( const UChar* opc )
10098 {
10099 switch (opc[0]) {
10100 case 0x00: case 0x01: case 0x08: case 0x09:
10101 case 0x10: case 0x11: case 0x18: case 0x19:
10102 case 0x20: case 0x21: case 0x28: case 0x29:
10103 case 0x30: case 0x31:
10104 if (!epartIsReg(opc[1]))
10105 return True;
10106 break;
10107
10108 case 0x80: case 0x81: case 0x82: case 0x83:
10109 if (gregLO3ofRM(opc[1]) >= 0 && gregLO3ofRM(opc[1]) <= 6
10110 && !epartIsReg(opc[1]))
10111 return True;
10112 break;
10113
10114 case 0xFE: case 0xFF:
10115 if (gregLO3ofRM(opc[1]) >= 0 && gregLO3ofRM(opc[1]) <= 1
10116 && !epartIsReg(opc[1]))
10117 return True;
10118 break;
10119
10120 case 0xF6: case 0xF7:
10121 if (gregLO3ofRM(opc[1]) >= 2 && gregLO3ofRM(opc[1]) <= 3
10122 && !epartIsReg(opc[1]))
10123 return True;
10124 break;
10125
10126 case 0x86: case 0x87:
10127 if (!epartIsReg(opc[1]))
10128 return True;
10129 break;
10130
10131 case 0x0F: {
10132 switch (opc[1]) {
10133 case 0xBB: case 0xB3: case 0xAB:
10134 if (!epartIsReg(opc[2]))
10135 return True;
10136 break;
10137 case 0xBA:
10138 if (gregLO3ofRM(opc[2]) >= 5 && gregLO3ofRM(opc[2]) <= 7
10139 && !epartIsReg(opc[2]))
10140 return True;
10141 break;
10142 case 0xB0: case 0xB1:
10143 if (!epartIsReg(opc[2]))
10144 return True;
10145 break;
10146 case 0xC7:
10147 if (gregLO3ofRM(opc[2]) == 1 && !epartIsReg(opc[2]) )
10148 return True;
10149 break;
10150 case 0xC0: case 0xC1:
10151 if (!epartIsReg(opc[2]))
10152 return True;
10153 break;
10154 default:
10155 break;
10156 } /* switch (opc[1]) */
10157 break;
10158 }
10159
10160 default:
10161 break;
10162 } /* switch (opc[0]) */
10163
10164 return False;
10165 }
10166
10167
10168 /*------------------------------------------------------------*/
10169 /*--- ---*/
10170 /*--- Top-level SSE/SSE2: dis_ESC_0F__SSE2 ---*/
10171 /*--- ---*/
10172 /*------------------------------------------------------------*/
10173
10174 static Long dis_COMISD ( const VexAbiInfo* vbi, Prefix pfx,
10175 Long delta, Bool isAvx, UChar opc )
10176 {
10177 vassert(opc == 0x2F/*COMISD*/ || opc == 0x2E/*UCOMISD*/);
10178 Int alen = 0;
10179 HChar dis_buf[50];
10180 IRTemp argL = newTemp(Ity_F64);
10181 IRTemp argR = newTemp(Ity_F64);
10182 UChar modrm = getUChar(delta);
10183 IRTemp addr = IRTemp_INVALID;
10184 if (epartIsReg(modrm)) {
10185 assign( argR, getXMMRegLane64F( eregOfRexRM(pfx,modrm),
10186 0/*lowest lane*/ ) );
10187 delta += 1;
10188 DIP("%s%scomisd %s,%s\n", isAvx ? "v" : "",
10189 opc==0x2E ? "u" : "",
10190 nameXMMReg(eregOfRexRM(pfx,modrm)),
10191 nameXMMReg(gregOfRexRM(pfx,modrm)) );
10192 } else {
10193 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
10194 assign( argR, loadLE(Ity_F64, mkexpr(addr)) );
10195 delta += alen;
10196 DIP("%s%scomisd %s,%s\n", isAvx ? "v" : "",
10197 opc==0x2E ? "u" : "",
10198 dis_buf,
10199 nameXMMReg(gregOfRexRM(pfx,modrm)) );
10200 }
10201 assign( argL, getXMMRegLane64F( gregOfRexRM(pfx,modrm),
10202 0/*lowest lane*/ ) );
10203
10204 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
10205 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
10206 stmt( IRStmt_Put(
10207 OFFB_CC_DEP1,
10208 binop( Iop_And64,
10209 unop( Iop_32Uto64,
10210 binop(Iop_CmpF64, mkexpr(argL), mkexpr(argR)) ),
10211 mkU64(0x45)
10212 )));
10213 return delta;
10214 }
10215
10216
10217 static Long dis_COMISS ( const VexAbiInfo* vbi, Prefix pfx,
10218 Long delta, Bool isAvx, UChar opc )
10219 {
10220 vassert(opc == 0x2F/*COMISS*/ || opc == 0x2E/*UCOMISS*/);
10221 Int alen = 0;
10222 HChar dis_buf[50];
10223 IRTemp argL = newTemp(Ity_F32);
10224 IRTemp argR = newTemp(Ity_F32);
10225 UChar modrm = getUChar(delta);
10226 IRTemp addr = IRTemp_INVALID;
10227 if (epartIsReg(modrm)) {
10228 assign( argR, getXMMRegLane32F( eregOfRexRM(pfx,modrm),
10229 0/*lowest lane*/ ) );
10230 delta += 1;
10231 DIP("%s%scomiss %s,%s\n", isAvx ? "v" : "",
10232 opc==0x2E ? "u" : "",
10233 nameXMMReg(eregOfRexRM(pfx,modrm)),
10234 nameXMMReg(gregOfRexRM(pfx,modrm)) );
10235 } else {
10236 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
10237 assign( argR, loadLE(Ity_F32, mkexpr(addr)) );
10238 delta += alen;
10239 DIP("%s%scomiss %s,%s\n", isAvx ? "v" : "",
10240 opc==0x2E ? "u" : "",
10241 dis_buf,
10242 nameXMMReg(gregOfRexRM(pfx,modrm)) );
10243 }
10244 assign( argL, getXMMRegLane32F( gregOfRexRM(pfx,modrm),
10245 0/*lowest lane*/ ) );
10246
10247 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
10248 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
10249 stmt( IRStmt_Put(
10250 OFFB_CC_DEP1,
10251 binop( Iop_And64,
10252 unop( Iop_32Uto64,
10253 binop(Iop_CmpF64,
10254 unop(Iop_F32toF64,mkexpr(argL)),
10255 unop(Iop_F32toF64,mkexpr(argR)))),
10256 mkU64(0x45)
10257 )));
10258 return delta;
10259 }
10260
10261
10262 static Long dis_PSHUFD_32x4 ( const VexAbiInfo* vbi, Prefix pfx,
10263 Long delta, Bool writesYmm )
10264 {
10265 Int order;
10266 Int alen = 0;
10267 HChar dis_buf[50];
10268 IRTemp sV = newTemp(Ity_V128);
10269 UChar modrm = getUChar(delta);
10270 const HChar* strV = writesYmm ? "v" : "";
10271 IRTemp addr = IRTemp_INVALID;
10272 if (epartIsReg(modrm)) {
10273 assign( sV, getXMMReg(eregOfRexRM(pfx,modrm)) );
10274 order = (Int)getUChar(delta+1);
10275 delta += 1+1;
10276 DIP("%spshufd $%d,%s,%s\n", strV, order,
10277 nameXMMReg(eregOfRexRM(pfx,modrm)),
10278 nameXMMReg(gregOfRexRM(pfx,modrm)));
10279 } else {
10280 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf,
10281 1/*byte after the amode*/ );
10282 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
10283 order = (Int)getUChar(delta+alen);
10284 delta += alen+1;
10285 DIP("%spshufd $%d,%s,%s\n", strV, order,
10286 dis_buf,
10287 nameXMMReg(gregOfRexRM(pfx,modrm)));
10288 }
10289
10290 IRTemp s3, s2, s1, s0;
10291 s3 = s2 = s1 = s0 = IRTemp_INVALID;
10292 breakupV128to32s( sV, &s3, &s2, &s1, &s0 );
10293
10294 # define SEL(n) ((n)==0 ? s0 : ((n)==1 ? s1 : ((n)==2 ? s2 : s3)))
10295 IRTemp dV = newTemp(Ity_V128);
10296 assign(dV,
10297 mkV128from32s( SEL((order>>6)&3), SEL((order>>4)&3),
10298 SEL((order>>2)&3), SEL((order>>0)&3) )
10299 );
10300 # undef SEL
10301
10302 (writesYmm ? putYMMRegLoAndZU : putXMMReg)
10303 (gregOfRexRM(pfx,modrm), mkexpr(dV));
10304 return delta;
10305 }
10306
10307
10308 static Long dis_PSHUFD_32x8 ( const VexAbiInfo* vbi, Prefix pfx, Long delta )
10309 {
10310 Int order;
10311 Int alen = 0;
10312 HChar dis_buf[50];
10313 IRTemp sV = newTemp(Ity_V256);
10314 UChar modrm = getUChar(delta);
10315 IRTemp addr = IRTemp_INVALID;
10316 UInt rG = gregOfRexRM(pfx,modrm);
10317 if (epartIsReg(modrm)) {
10318 UInt rE = eregOfRexRM(pfx,modrm);
10319 assign( sV, getYMMReg(rE) );
10320 order = (Int)getUChar(delta+1);
10321 delta += 1+1;
10322 DIP("vpshufd $%d,%s,%s\n", order, nameYMMReg(rE), nameYMMReg(rG));
10323 } else {
10324 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf,
10325 1/*byte after the amode*/ );
10326 assign( sV, loadLE(Ity_V256, mkexpr(addr)) );
10327 order = (Int)getUChar(delta+alen);
10328 delta += alen+1;
10329 DIP("vpshufd $%d,%s,%s\n", order, dis_buf, nameYMMReg(rG));
10330 }
10331
10332 IRTemp s[8];
10333 s[7] = s[6] = s[5] = s[4] = s[3] = s[2] = s[1] = s[0] = IRTemp_INVALID;
10334 breakupV256to32s( sV, &s[7], &s[6], &s[5], &s[4],
10335 &s[3], &s[2], &s[1], &s[0] );
10336
10337 putYMMReg( rG, mkV256from32s( s[4 + ((order>>6)&3)],
10338 s[4 + ((order>>4)&3)],
10339 s[4 + ((order>>2)&3)],
10340 s[4 + ((order>>0)&3)],
10341 s[0 + ((order>>6)&3)],
10342 s[0 + ((order>>4)&3)],
10343 s[0 + ((order>>2)&3)],
10344 s[0 + ((order>>0)&3)] ) );
10345 return delta;
10346 }
10347
10348
10349 static IRTemp math_PSRLDQ ( IRTemp sV, Int imm )
10350 {
10351 IRTemp dV = newTemp(Ity_V128);
10352 IRTemp hi64 = newTemp(Ity_I64);
10353 IRTemp lo64 = newTemp(Ity_I64);
10354 IRTemp hi64r = newTemp(Ity_I64);
10355 IRTemp lo64r = newTemp(Ity_I64);
10356
10357 vassert(imm >= 0 && imm <= 255);
10358 if (imm >= 16) {
10359 assign(dV, mkV128(0x0000));
10360 return dV;
10361 }
10362
10363 assign( hi64, unop(Iop_V128HIto64, mkexpr(sV)) );
10364 assign( lo64, unop(Iop_V128to64, mkexpr(sV)) );
10365
10366 if (imm == 0) {
10367 assign( lo64r, mkexpr(lo64) );
10368 assign( hi64r, mkexpr(hi64) );
10369 }
10370 else
10371 if (imm == 8) {
10372 assign( hi64r, mkU64(0) );
10373 assign( lo64r, mkexpr(hi64) );
10374 }
10375 else
10376 if (imm > 8) {
10377 assign( hi64r, mkU64(0) );
10378 assign( lo64r, binop( Iop_Shr64, mkexpr(hi64), mkU8( 8*(imm-8) ) ));
10379 } else {
10380 assign( hi64r, binop( Iop_Shr64, mkexpr(hi64), mkU8(8 * imm) ));
10381 assign( lo64r,
10382 binop( Iop_Or64,
10383 binop(Iop_Shr64, mkexpr(lo64),
10384 mkU8(8 * imm)),
10385 binop(Iop_Shl64, mkexpr(hi64),
10386 mkU8(8 * (8 - imm)) )
10387 )
10388 );
10389 }
10390
10391 assign( dV, binop(Iop_64HLtoV128, mkexpr(hi64r), mkexpr(lo64r)) );
10392 return dV;
10393 }
10394
10395
10396 static IRTemp math_PSLLDQ ( IRTemp sV, Int imm )
10397 {
10398 IRTemp dV = newTemp(Ity_V128);
10399 IRTemp hi64 = newTemp(Ity_I64);
10400 IRTemp lo64 = newTemp(Ity_I64);
10401 IRTemp hi64r = newTemp(Ity_I64);
10402 IRTemp lo64r = newTemp(Ity_I64);
10403
10404 vassert(imm >= 0 && imm <= 255);
10405 if (imm >= 16) {
10406 assign(dV, mkV128(0x0000));
10407 return dV;
10408 }
10409
10410 assign( hi64, unop(Iop_V128HIto64, mkexpr(sV)) );
10411 assign( lo64, unop(Iop_V128to64, mkexpr(sV)) );
10412
10413 if (imm == 0) {
10414 assign( lo64r, mkexpr(lo64) );
10415 assign( hi64r, mkexpr(hi64) );
10416 }
10417 else
10418 if (imm == 8) {
10419 assign( lo64r, mkU64(0) );
10420 assign( hi64r, mkexpr(lo64) );
10421 }
10422 else
10423 if (imm > 8) {
10424 assign( lo64r, mkU64(0) );
10425 assign( hi64r, binop( Iop_Shl64, mkexpr(lo64), mkU8( 8*(imm-8) ) ));
10426 } else {
10427 assign( lo64r, binop( Iop_Shl64, mkexpr(lo64), mkU8(8 * imm) ));
10428 assign( hi64r,
10429 binop( Iop_Or64,
10430 binop(Iop_Shl64, mkexpr(hi64),
10431 mkU8(8 * imm)),
10432 binop(Iop_Shr64, mkexpr(lo64),
10433 mkU8(8 * (8 - imm)) )
10434 )
10435 );
10436 }
10437
10438 assign( dV, binop(Iop_64HLtoV128, mkexpr(hi64r), mkexpr(lo64r)) );
10439 return dV;
10440 }
10441
10442
10443 static Long dis_CVTxSD2SI ( const VexAbiInfo* vbi, Prefix pfx,
10444 Long delta, Bool isAvx, UChar opc, Int sz )
10445 {
10446 vassert(opc == 0x2D/*CVTSD2SI*/ || opc == 0x2C/*CVTTSD2SI*/);
10447 HChar dis_buf[50];
10448 Int alen = 0;
10449 UChar modrm = getUChar(delta);
10450 IRTemp addr = IRTemp_INVALID;
10451 IRTemp rmode = newTemp(Ity_I32);
10452 IRTemp f64lo = newTemp(Ity_F64);
10453 Bool r2zero = toBool(opc == 0x2C);
10454
10455 if (epartIsReg(modrm)) {
10456 delta += 1;
10457 assign(f64lo, getXMMRegLane64F(eregOfRexRM(pfx,modrm), 0));
10458 DIP("%scvt%ssd2si %s,%s\n", isAvx ? "v" : "", r2zero ? "t" : "",
10459 nameXMMReg(eregOfRexRM(pfx,modrm)),
10460 nameIReg(sz, gregOfRexRM(pfx,modrm),
10461 False));
10462 } else {
10463 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
10464 assign(f64lo, loadLE(Ity_F64, mkexpr(addr)));
10465 delta += alen;
10466 DIP("%scvt%ssd2si %s,%s\n", isAvx ? "v" : "", r2zero ? "t" : "",
10467 dis_buf,
10468 nameIReg(sz, gregOfRexRM(pfx,modrm),
10469 False));
10470 }
10471
10472 if (r2zero) {
10473 assign( rmode, mkU32((UInt)Irrm_ZERO) );
10474 } else {
10475 assign( rmode, get_sse_roundingmode() );
10476 }
10477
10478 if (sz == 4) {
10479 putIReg32( gregOfRexRM(pfx,modrm),
10480 binop( Iop_F64toI32S, mkexpr(rmode), mkexpr(f64lo)) );
10481 } else {
10482 vassert(sz == 8);
10483 putIReg64( gregOfRexRM(pfx,modrm),
10484 binop( Iop_F64toI64S, mkexpr(rmode), mkexpr(f64lo)) );
10485 }
10486
10487 return delta;
10488 }
10489
10490
10491 static Long dis_CVTxSS2SI ( const VexAbiInfo* vbi, Prefix pfx,
10492 Long delta, Bool isAvx, UChar opc, Int sz )
10493 {
10494 vassert(opc == 0x2D/*CVTSS2SI*/ || opc == 0x2C/*CVTTSS2SI*/);
10495 HChar dis_buf[50];
10496 Int alen = 0;
10497 UChar modrm = getUChar(delta);
10498 IRTemp addr = IRTemp_INVALID;
10499 IRTemp rmode = newTemp(Ity_I32);
10500 IRTemp f32lo = newTemp(Ity_F32);
10501 Bool r2zero = toBool(opc == 0x2C);
10502
10503 if (epartIsReg(modrm)) {
10504 delta += 1;
10505 assign(f32lo, getXMMRegLane32F(eregOfRexRM(pfx,modrm), 0));
10506 DIP("%scvt%sss2si %s,%s\n", isAvx ? "v" : "", r2zero ? "t" : "",
10507 nameXMMReg(eregOfRexRM(pfx,modrm)),
10508 nameIReg(sz, gregOfRexRM(pfx,modrm),
10509 False));
10510 } else {
10511 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
10512 assign(f32lo, loadLE(Ity_F32, mkexpr(addr)));
10513 delta += alen;
10514 DIP("%scvt%sss2si %s,%s\n", isAvx ? "v" : "", r2zero ? "t" : "",
10515 dis_buf,
10516 nameIReg(sz, gregOfRexRM(pfx,modrm),
10517 False));
10518 }
10519
10520 if (r2zero) {
10521 assign( rmode, mkU32((UInt)Irrm_ZERO) );
10522 } else {
10523 assign( rmode, get_sse_roundingmode() );
10524 }
10525
10526 if (sz == 4) {
10527 putIReg32( gregOfRexRM(pfx,modrm),
10528 binop( Iop_F64toI32S,
10529 mkexpr(rmode),
10530 unop(Iop_F32toF64, mkexpr(f32lo))) );
10531 } else {
10532 vassert(sz == 8);
10533 putIReg64( gregOfRexRM(pfx,modrm),
10534 binop( Iop_F64toI64S,
10535 mkexpr(rmode),
10536 unop(Iop_F32toF64, mkexpr(f32lo))) );
10537 }
10538
10539 return delta;
10540 }
10541
10542
10543 static Long dis_CVTPS2PD_128 ( const VexAbiInfo* vbi, Prefix pfx,
10544 Long delta, Bool isAvx )
10545 {
10546 IRTemp addr = IRTemp_INVALID;
10547 Int alen = 0;
10548 HChar dis_buf[50];
10549 IRTemp f32lo = newTemp(Ity_F32);
10550 IRTemp f32hi = newTemp(Ity_F32);
10551 UChar modrm = getUChar(delta);
10552 UInt rG = gregOfRexRM(pfx,modrm);
10553 if (epartIsReg(modrm)) {
10554 UInt rE = eregOfRexRM(pfx,modrm);
10555 assign( f32lo, getXMMRegLane32F(rE, 0) );
10556 assign( f32hi, getXMMRegLane32F(rE, 1) );
10557 delta += 1;
10558 DIP("%scvtps2pd %s,%s\n",
10559 isAvx ? "v" : "", nameXMMReg(rE), nameXMMReg(rG));
10560 } else {
10561 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
10562 assign( f32lo, loadLE(Ity_F32, mkexpr(addr)) );
10563 assign( f32hi, loadLE(Ity_F32,
10564 binop(Iop_Add64,mkexpr(addr),mkU64(4))) );
10565 delta += alen;
10566 DIP("%scvtps2pd %s,%s\n",
10567 isAvx ? "v" : "", dis_buf, nameXMMReg(rG));
10568 }
10569
10570 putXMMRegLane64F( rG, 1, unop(Iop_F32toF64, mkexpr(f32hi)) );
10571 putXMMRegLane64F( rG, 0, unop(Iop_F32toF64, mkexpr(f32lo)) );
10572 if (isAvx)
10573 putYMMRegLane128( rG, 1, mkV128(0));
10574 return delta;
10575 }
10576
10577
10578 static Long dis_CVTPS2PD_256 ( const VexAbiInfo* vbi, Prefix pfx,
10579 Long delta )
10580 {
10581 IRTemp addr = IRTemp_INVALID;
10582 Int alen = 0;
10583 HChar dis_buf[50];
10584 IRTemp f32_0 = newTemp(Ity_F32);
10585 IRTemp f32_1 = newTemp(Ity_F32);
10586 IRTemp f32_2 = newTemp(Ity_F32);
10587 IRTemp f32_3 = newTemp(Ity_F32);
10588 UChar modrm = getUChar(delta);
10589 UInt rG = gregOfRexRM(pfx,modrm);
10590 if (epartIsReg(modrm)) {
10591 UInt rE = eregOfRexRM(pfx,modrm);
10592 assign( f32_0, getXMMRegLane32F(rE, 0) );
10593 assign( f32_1, getXMMRegLane32F(rE, 1) );
10594 assign( f32_2, getXMMRegLane32F(rE, 2) );
10595 assign( f32_3, getXMMRegLane32F(rE, 3) );
10596 delta += 1;
10597 DIP("vcvtps2pd %s,%s\n", nameXMMReg(rE), nameYMMReg(rG));
10598 } else {
10599 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
10600 assign( f32_0, loadLE(Ity_F32, mkexpr(addr)) );
10601 assign( f32_1, loadLE(Ity_F32,
10602 binop(Iop_Add64,mkexpr(addr),mkU64(4))) );
10603 assign( f32_2, loadLE(Ity_F32,
10604 binop(Iop_Add64,mkexpr(addr),mkU64(8))) );
10605 assign( f32_3, loadLE(Ity_F32,
10606 binop(Iop_Add64,mkexpr(addr),mkU64(12))) );
10607 delta += alen;
10608 DIP("vcvtps2pd %s,%s\n", dis_buf, nameYMMReg(rG));
10609 }
10610
10611 putYMMRegLane64F( rG, 3, unop(Iop_F32toF64, mkexpr(f32_3)) );
10612 putYMMRegLane64F( rG, 2, unop(Iop_F32toF64, mkexpr(f32_2)) );
10613 putYMMRegLane64F( rG, 1, unop(Iop_F32toF64, mkexpr(f32_1)) );
10614 putYMMRegLane64F( rG, 0, unop(Iop_F32toF64, mkexpr(f32_0)) );
10615 return delta;
10616 }
10617
10618
10619 static Long dis_CVTPD2PS_128 ( const VexAbiInfo* vbi, Prefix pfx,
10620 Long delta, Bool isAvx )
10621 {
10622 IRTemp addr = IRTemp_INVALID;
10623 Int alen = 0;
10624 HChar dis_buf[50];
10625 UChar modrm = getUChar(delta);
10626 UInt rG = gregOfRexRM(pfx,modrm);
10627 IRTemp argV = newTemp(Ity_V128);
10628 IRTemp rmode = newTemp(Ity_I32);
10629 if (epartIsReg(modrm)) {
10630 UInt rE = eregOfRexRM(pfx,modrm);
10631 assign( argV, getXMMReg(rE) );
10632 delta += 1;
10633 DIP("%scvtpd2ps %s,%s\n", isAvx ? "v" : "",
10634 nameXMMReg(rE), nameXMMReg(rG));
10635 } else {
10636 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
10637 assign( argV, loadLE(Ity_V128, mkexpr(addr)) );
10638 delta += alen;
10639 DIP("%scvtpd2ps %s,%s\n", isAvx ? "v" : "",
10640 dis_buf, nameXMMReg(rG) );
10641 }
10642
10643 assign( rmode, get_sse_roundingmode() );
10644 IRTemp t0 = newTemp(Ity_F64);
10645 IRTemp t1 = newTemp(Ity_F64);
10646 assign( t0, unop(Iop_ReinterpI64asF64,
10647 unop(Iop_V128to64, mkexpr(argV))) );
10648 assign( t1, unop(Iop_ReinterpI64asF64,
10649 unop(Iop_V128HIto64, mkexpr(argV))) );
10650
10651 # define CVT(_t) binop( Iop_F64toF32, mkexpr(rmode), mkexpr(_t) )
10652 putXMMRegLane32( rG, 3, mkU32(0) );
10653 putXMMRegLane32( rG, 2, mkU32(0) );
10654 putXMMRegLane32F( rG, 1, CVT(t1) );
10655 putXMMRegLane32F( rG, 0, CVT(t0) );
10656 # undef CVT
10657 if (isAvx)
10658 putYMMRegLane128( rG, 1, mkV128(0) );
10659
10660 return delta;
10661 }
10662
10663
10664 static Long dis_CVTxPS2DQ_128 ( const VexAbiInfo* vbi, Prefix pfx,
10665 Long delta, Bool isAvx, Bool r2zero )
10666 {
10667 IRTemp addr = IRTemp_INVALID;
10668 Int alen = 0;
10669 HChar dis_buf[50];
10670 UChar modrm = getUChar(delta);
10671 IRTemp argV = newTemp(Ity_V128);
10672 IRTemp rmode = newTemp(Ity_I32);
10673 UInt rG = gregOfRexRM(pfx,modrm);
10674 IRTemp t0, t1, t2, t3;
10675
10676 if (epartIsReg(modrm)) {
10677 UInt rE = eregOfRexRM(pfx,modrm);
10678 assign( argV, getXMMReg(rE) );
10679 delta += 1;
10680 DIP("%scvt%sps2dq %s,%s\n",
10681 isAvx ? "v" : "", r2zero ? "t" : "", nameXMMReg(rE), nameXMMReg(rG));
10682 } else {
10683 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
10684 assign( argV, loadLE(Ity_V128, mkexpr(addr)) );
10685 delta += alen;
10686 DIP("%scvt%sps2dq %s,%s\n",
10687 isAvx ? "v" : "", r2zero ? "t" : "", dis_buf, nameXMMReg(rG) );
10688 }
10689
10690 assign( rmode, r2zero ? mkU32((UInt)Irrm_ZERO)
10691 : get_sse_roundingmode() );
10692 t0 = t1 = t2 = t3 = IRTemp_INVALID;
10693 breakupV128to32s( argV, &t3, &t2, &t1, &t0 );
10694 /* This is less than ideal. If it turns out to be a performance
10695 bottleneck it can be improved. */
10696 # define CVT(_t) \
10697 binop( Iop_F64toI32S, \
10698 mkexpr(rmode), \
10699 unop( Iop_F32toF64, \
10700 unop( Iop_ReinterpI32asF32, mkexpr(_t))) )
10701
10702 putXMMRegLane32( rG, 3, CVT(t3) );
10703 putXMMRegLane32( rG, 2, CVT(t2) );
10704 putXMMRegLane32( rG, 1, CVT(t1) );
10705 putXMMRegLane32( rG, 0, CVT(t0) );
10706 # undef CVT
10707 if (isAvx)
10708 putYMMRegLane128( rG, 1, mkV128(0) );
10709
10710 return delta;
10711 }
10712
10713
10714 static Long dis_CVTxPS2DQ_256 ( const VexAbiInfo* vbi, Prefix pfx,
10715 Long delta, Bool r2zero )
10716 {
10717 IRTemp addr = IRTemp_INVALID;
10718 Int alen = 0;
10719 HChar dis_buf[50];
10720 UChar modrm = getUChar(delta);
10721 IRTemp argV = newTemp(Ity_V256);
10722 IRTemp rmode = newTemp(Ity_I32);
10723 UInt rG = gregOfRexRM(pfx,modrm);
10724 IRTemp t0, t1, t2, t3, t4, t5, t6, t7;
10725
10726 if (epartIsReg(modrm)) {
10727 UInt rE = eregOfRexRM(pfx,modrm);
10728 assign( argV, getYMMReg(rE) );
10729 delta += 1;
10730 DIP("vcvt%sps2dq %s,%s\n",
10731 r2zero ? "t" : "", nameYMMReg(rE), nameYMMReg(rG));
10732 } else {
10733 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
10734 assign( argV, loadLE(Ity_V256, mkexpr(addr)) );
10735 delta += alen;
10736 DIP("vcvt%sps2dq %s,%s\n",
10737 r2zero ? "t" : "", dis_buf, nameYMMReg(rG) );
10738 }
10739
10740 assign( rmode, r2zero ? mkU32((UInt)Irrm_ZERO)
10741 : get_sse_roundingmode() );
10742 t0 = t1 = t2 = t3 = t4 = t5 = t6 = t7 = IRTemp_INVALID;
10743 breakupV256to32s( argV, &t7, &t6, &t5, &t4, &t3, &t2, &t1, &t0 );
10744 /* This is less than ideal. If it turns out to be a performance
10745 bottleneck it can be improved. */
10746 # define CVT(_t) \
10747 binop( Iop_F64toI32S, \
10748 mkexpr(rmode), \
10749 unop( Iop_F32toF64, \
10750 unop( Iop_ReinterpI32asF32, mkexpr(_t))) )
10751
10752 putYMMRegLane32( rG, 7, CVT(t7) );
10753 putYMMRegLane32( rG, 6, CVT(t6) );
10754 putYMMRegLane32( rG, 5, CVT(t5) );
10755 putYMMRegLane32( rG, 4, CVT(t4) );
10756 putYMMRegLane32( rG, 3, CVT(t3) );
10757 putYMMRegLane32( rG, 2, CVT(t2) );
10758 putYMMRegLane32( rG, 1, CVT(t1) );
10759 putYMMRegLane32( rG, 0, CVT(t0) );
10760 # undef CVT
10761
10762 return delta;
10763 }
10764
10765
10766 static Long dis_CVTxPD2DQ_128 ( const VexAbiInfo* vbi, Prefix pfx,
10767 Long delta, Bool isAvx, Bool r2zero )
10768 {
10769 IRTemp addr = IRTemp_INVALID;
10770 Int alen = 0;
10771 HChar dis_buf[50];
10772 UChar modrm = getUChar(delta);
10773 IRTemp argV = newTemp(Ity_V128);
10774 IRTemp rmode = newTemp(Ity_I32);
10775 UInt rG = gregOfRexRM(pfx,modrm);
10776 IRTemp t0, t1;
10777
10778 if (epartIsReg(modrm)) {
10779 UInt rE = eregOfRexRM(pfx,modrm);
10780 assign( argV, getXMMReg(rE) );
10781 delta += 1;
10782 DIP("%scvt%spd2dq %s,%s\n",
10783 isAvx ? "v" : "", r2zero ? "t" : "", nameXMMReg(rE), nameXMMReg(rG));
10784 } else {
10785 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
10786 assign( argV, loadLE(Ity_V128, mkexpr(addr)) );
10787 delta += alen;
10788 DIP("%scvt%spd2dqx %s,%s\n",
10789 isAvx ? "v" : "", r2zero ? "t" : "", dis_buf, nameXMMReg(rG) );
10790 }
10791
10792 if (r2zero) {
10793 assign(rmode, mkU32((UInt)Irrm_ZERO) );
10794 } else {
10795 assign( rmode, get_sse_roundingmode() );
10796 }
10797
10798 t0 = newTemp(Ity_F64);
10799 t1 = newTemp(Ity_F64);
10800 assign( t0, unop(Iop_ReinterpI64asF64,
10801 unop(Iop_V128to64, mkexpr(argV))) );
10802 assign( t1, unop(Iop_ReinterpI64asF64,
10803 unop(Iop_V128HIto64, mkexpr(argV))) );
10804
10805 # define CVT(_t) binop( Iop_F64toI32S, \
10806 mkexpr(rmode), \
10807 mkexpr(_t) )
10808
10809 putXMMRegLane32( rG, 3, mkU32(0) );
10810 putXMMRegLane32( rG, 2, mkU32(0) );
10811 putXMMRegLane32( rG, 1, CVT(t1) );
10812 putXMMRegLane32( rG, 0, CVT(t0) );
10813 # undef CVT
10814 if (isAvx)
10815 putYMMRegLane128( rG, 1, mkV128(0) );
10816
10817 return delta;
10818 }
10819
10820
10821 static Long dis_CVTxPD2DQ_256 ( const VexAbiInfo* vbi, Prefix pfx,
10822 Long delta, Bool r2zero )
10823 {
10824 IRTemp addr = IRTemp_INVALID;
10825 Int alen = 0;
10826 HChar dis_buf[50];
10827 UChar modrm = getUChar(delta);
10828 IRTemp argV = newTemp(Ity_V256);
10829 IRTemp rmode = newTemp(Ity_I32);
10830 UInt rG = gregOfRexRM(pfx,modrm);
10831 IRTemp t0, t1, t2, t3;
10832
10833 if (epartIsReg(modrm)) {
10834 UInt rE = eregOfRexRM(pfx,modrm);
10835 assign( argV, getYMMReg(rE) );
10836 delta += 1;
10837 DIP("vcvt%spd2dq %s,%s\n",
10838 r2zero ? "t" : "", nameYMMReg(rE), nameXMMReg(rG));
10839 } else {
10840 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
10841 assign( argV, loadLE(Ity_V256, mkexpr(addr)) );
10842 delta += alen;
10843 DIP("vcvt%spd2dqy %s,%s\n",
10844 r2zero ? "t" : "", dis_buf, nameXMMReg(rG) );
10845 }
10846
10847 if (r2zero) {
10848 assign(rmode, mkU32((UInt)Irrm_ZERO) );
10849 } else {
10850 assign( rmode, get_sse_roundingmode() );
10851 }
10852
10853 t0 = IRTemp_INVALID;
10854 t1 = IRTemp_INVALID;
10855 t2 = IRTemp_INVALID;
10856 t3 = IRTemp_INVALID;
10857 breakupV256to64s( argV, &t3, &t2, &t1, &t0 );
10858
10859 # define CVT(_t) binop( Iop_F64toI32S, \
10860 mkexpr(rmode), \
10861 unop( Iop_ReinterpI64asF64, \
10862 mkexpr(_t) ) )
10863
10864 putXMMRegLane32( rG, 3, CVT(t3) );
10865 putXMMRegLane32( rG, 2, CVT(t2) );
10866 putXMMRegLane32( rG, 1, CVT(t1) );
10867 putXMMRegLane32( rG, 0, CVT(t0) );
10868 # undef CVT
10869 putYMMRegLane128( rG, 1, mkV128(0) );
10870
10871 return delta;
10872 }
10873
10874
10875 static Long dis_CVTDQ2PS_128 ( const VexAbiInfo* vbi, Prefix pfx,
10876 Long delta, Bool isAvx )
10877 {
10878 IRTemp addr = IRTemp_INVALID;
10879 Int alen = 0;
10880 HChar dis_buf[50];
10881 UChar modrm = getUChar(delta);
10882 IRTemp argV = newTemp(Ity_V128);
10883 IRTemp rmode = newTemp(Ity_I32);
10884 UInt rG = gregOfRexRM(pfx,modrm);
10885 IRTemp t0, t1, t2, t3;
10886
10887 if (epartIsReg(modrm)) {
10888 UInt rE = eregOfRexRM(pfx,modrm);
10889 assign( argV, getXMMReg(rE) );
10890 delta += 1;
10891 DIP("%scvtdq2ps %s,%s\n",
10892 isAvx ? "v" : "", nameXMMReg(rE), nameXMMReg(rG));
10893 } else {
10894 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
10895 assign( argV, loadLE(Ity_V128, mkexpr(addr)) );
10896 delta += alen;
10897 DIP("%scvtdq2ps %s,%s\n",
10898 isAvx ? "v" : "", dis_buf, nameXMMReg(rG) );
10899 }
10900
10901 assign( rmode, get_sse_roundingmode() );
10902 t0 = IRTemp_INVALID;
10903 t1 = IRTemp_INVALID;
10904 t2 = IRTemp_INVALID;
10905 t3 = IRTemp_INVALID;
10906 breakupV128to32s( argV, &t3, &t2, &t1, &t0 );
10907
10908 # define CVT(_t) binop( Iop_F64toF32, \
10909 mkexpr(rmode), \
10910 unop(Iop_I32StoF64,mkexpr(_t)))
10911
10912 putXMMRegLane32F( rG, 3, CVT(t3) );
10913 putXMMRegLane32F( rG, 2, CVT(t2) );
10914 putXMMRegLane32F( rG, 1, CVT(t1) );
10915 putXMMRegLane32F( rG, 0, CVT(t0) );
10916 # undef CVT
10917 if (isAvx)
10918 putYMMRegLane128( rG, 1, mkV128(0) );
10919
10920 return delta;
10921 }
10922
10923 static Long dis_CVTDQ2PS_256 ( const VexAbiInfo* vbi, Prefix pfx,
10924 Long delta )
10925 {
10926 IRTemp addr = IRTemp_INVALID;
10927 Int alen = 0;
10928 HChar dis_buf[50];
10929 UChar modrm = getUChar(delta);
10930 IRTemp argV = newTemp(Ity_V256);
10931 IRTemp rmode = newTemp(Ity_I32);
10932 UInt rG = gregOfRexRM(pfx,modrm);
10933 IRTemp t0, t1, t2, t3, t4, t5, t6, t7;
10934
10935 if (epartIsReg(modrm)) {
10936 UInt rE = eregOfRexRM(pfx,modrm);
10937 assign( argV, getYMMReg(rE) );
10938 delta += 1;
10939 DIP("vcvtdq2ps %s,%s\n", nameYMMReg(rE), nameYMMReg(rG));
10940 } else {
10941 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
10942 assign( argV, loadLE(Ity_V256, mkexpr(addr)) );
10943 delta += alen;
10944 DIP("vcvtdq2ps %s,%s\n", dis_buf, nameYMMReg(rG) );
10945 }
10946
10947 assign( rmode, get_sse_roundingmode() );
10948 t0 = IRTemp_INVALID;
10949 t1 = IRTemp_INVALID;
10950 t2 = IRTemp_INVALID;
10951 t3 = IRTemp_INVALID;
10952 t4 = IRTemp_INVALID;
10953 t5 = IRTemp_INVALID;
10954 t6 = IRTemp_INVALID;
10955 t7 = IRTemp_INVALID;
10956 breakupV256to32s( argV, &t7, &t6, &t5, &t4, &t3, &t2, &t1, &t0 );
10957
10958 # define CVT(_t) binop( Iop_F64toF32, \
10959 mkexpr(rmode), \
10960 unop(Iop_I32StoF64,mkexpr(_t)))
10961
10962 putYMMRegLane32F( rG, 7, CVT(t7) );
10963 putYMMRegLane32F( rG, 6, CVT(t6) );
10964 putYMMRegLane32F( rG, 5, CVT(t5) );
10965 putYMMRegLane32F( rG, 4, CVT(t4) );
10966 putYMMRegLane32F( rG, 3, CVT(t3) );
10967 putYMMRegLane32F( rG, 2, CVT(t2) );
10968 putYMMRegLane32F( rG, 1, CVT(t1) );
10969 putYMMRegLane32F( rG, 0, CVT(t0) );
10970 # undef CVT
10971
10972 return delta;
10973 }
10974
10975
10976 static Long dis_PMOVMSKB_128 ( const VexAbiInfo* vbi, Prefix pfx,
10977 Long delta, Bool isAvx )
10978 {
10979 UChar modrm = getUChar(delta);
10980 vassert(epartIsReg(modrm)); /* ensured by caller */
10981 UInt rE = eregOfRexRM(pfx,modrm);
10982 UInt rG = gregOfRexRM(pfx,modrm);
10983 IRTemp t0 = newTemp(Ity_V128);
10984 IRTemp t1 = newTemp(Ity_I32);
10985 assign(t0, getXMMReg(rE));
10986 assign(t1, unop(Iop_16Uto32, unop(Iop_GetMSBs8x16, mkexpr(t0))));
10987 putIReg32(rG, mkexpr(t1));
10988 DIP("%spmovmskb %s,%s\n", isAvx ? "v" : "", nameXMMReg(rE),
10989 nameIReg32(rG));
10990 delta += 1;
10991 return delta;
10992 }
10993
10994
10995 static Long dis_PMOVMSKB_256 ( const VexAbiInfo* vbi, Prefix pfx,
10996 Long delta )
10997 {
10998 UChar modrm = getUChar(delta);
10999 vassert(epartIsReg(modrm)); /* ensured by caller */
11000 UInt rE = eregOfRexRM(pfx,modrm);
11001 UInt rG = gregOfRexRM(pfx,modrm);
11002 IRTemp t0 = newTemp(Ity_V128);
11003 IRTemp t1 = newTemp(Ity_V128);
11004 IRTemp t2 = newTemp(Ity_I16);
11005 IRTemp t3 = newTemp(Ity_I16);
11006 assign(t0, getYMMRegLane128(rE, 0));
11007 assign(t1, getYMMRegLane128(rE, 1));
11008 assign(t2, unop(Iop_GetMSBs8x16, mkexpr(t0)));
11009 assign(t3, unop(Iop_GetMSBs8x16, mkexpr(t1)));
11010 putIReg32(rG, binop(Iop_16HLto32, mkexpr(t3), mkexpr(t2)));
11011 DIP("vpmovmskb %s,%s\n", nameYMMReg(rE), nameIReg32(rG));
11012 delta += 1;
11013 return delta;
11014 }
11015
11016
11017 /* FIXME: why not just use InterleaveLO / InterleaveHI? I think the
11018 relevant ops are "xIsH ? InterleaveHI32x4 : InterleaveLO32x4". */
11019 /* Does the maths for 128 bit versions of UNPCKLPS and UNPCKHPS */
11020 static IRTemp math_UNPCKxPS_128 ( IRTemp sV, IRTemp dV, Bool xIsH )
11021 {
11022 IRTemp s3, s2, s1, s0, d3, d2, d1, d0;
11023 s3 = s2 = s1 = s0 = d3 = d2 = d1 = d0 = IRTemp_INVALID;
11024 breakupV128to32s( dV, &d3, &d2, &d1, &d0 );
11025 breakupV128to32s( sV, &s3, &s2, &s1, &s0 );
11026 IRTemp res = newTemp(Ity_V128);
11027 assign(res, xIsH ? mkV128from32s( s3, d3, s2, d2 )
11028 : mkV128from32s( s1, d1, s0, d0 ));
11029 return res;
11030 }
11031
11032
11033 /* FIXME: why not just use InterleaveLO / InterleaveHI ?? */
11034 /* Does the maths for 128 bit versions of UNPCKLPD and UNPCKHPD */
11035 static IRTemp math_UNPCKxPD_128 ( IRTemp sV, IRTemp dV, Bool xIsH )
11036 {
11037 IRTemp s1 = newTemp(Ity_I64);
11038 IRTemp s0 = newTemp(Ity_I64);
11039 IRTemp d1 = newTemp(Ity_I64);
11040 IRTemp d0 = newTemp(Ity_I64);
11041 assign( d1, unop(Iop_V128HIto64, mkexpr(dV)) );
11042 assign( d0, unop(Iop_V128to64, mkexpr(dV)) );
11043 assign( s1, unop(Iop_V128HIto64, mkexpr(sV)) );
11044 assign( s0, unop(Iop_V128to64, mkexpr(sV)) );
11045 IRTemp res = newTemp(Ity_V128);
11046 assign(res, xIsH ? binop(Iop_64HLtoV128, mkexpr(s1), mkexpr(d1))
11047 : binop(Iop_64HLtoV128, mkexpr(s0), mkexpr(d0)));
11048 return res;
11049 }
11050
11051
11052 /* Does the maths for 256 bit versions of UNPCKLPD and UNPCKHPD.
11053 Doesn't seem like this fits in either of the Iop_Interleave{LO,HI}
11054 or the Iop_Cat{Odd,Even}Lanes idioms, hence just do it the stupid
11055 way. */
11056 static IRTemp math_UNPCKxPD_256 ( IRTemp sV, IRTemp dV, Bool xIsH )
11057 {
11058 IRTemp s3, s2, s1, s0, d3, d2, d1, d0;
11059 s3 = s2 = s1 = s0 = d3 = d2 = d1 = d0 = IRTemp_INVALID;
11060 breakupV256to64s( dV, &d3, &d2, &d1, &d0 );
11061 breakupV256to64s( sV, &s3, &s2, &s1, &s0 );
11062 IRTemp res = newTemp(Ity_V256);
11063 assign(res, xIsH
11064 ? IRExpr_Qop(Iop_64x4toV256, mkexpr(s3), mkexpr(d3),
11065 mkexpr(s1), mkexpr(d1))
11066 : IRExpr_Qop(Iop_64x4toV256, mkexpr(s2), mkexpr(d2),
11067 mkexpr(s0), mkexpr(d0)));
11068 return res;
11069 }
11070
11071
11072 /* FIXME: this is really bad. Surely can do something better here?
11073 One observation is that the steering in the upper and lower 128 bit
11074 halves is the same as with math_UNPCKxPS_128, so we simply split
11075 into two halves, and use that. Consequently any improvement in
11076 math_UNPCKxPS_128 (probably, to use interleave-style primops)
11077 benefits this too. */
11078 static IRTemp math_UNPCKxPS_256 ( IRTemp sV, IRTemp dV, Bool xIsH )
11079 {
11080 IRTemp sVhi = IRTemp_INVALID, sVlo = IRTemp_INVALID;
11081 IRTemp dVhi = IRTemp_INVALID, dVlo = IRTemp_INVALID;
11082 breakupV256toV128s( sV, &sVhi, &sVlo );
11083 breakupV256toV128s( dV, &dVhi, &dVlo );
11084 IRTemp rVhi = math_UNPCKxPS_128(sVhi, dVhi, xIsH);
11085 IRTemp rVlo = math_UNPCKxPS_128(sVlo, dVlo, xIsH);
11086 IRTemp rV = newTemp(Ity_V256);
11087 assign(rV, binop(Iop_V128HLtoV256, mkexpr(rVhi), mkexpr(rVlo)));
11088 return rV;
11089 }
11090
11091
11092 static IRTemp math_SHUFPS_128 ( IRTemp sV, IRTemp dV, UInt imm8 )
11093 {
11094 IRTemp s3, s2, s1, s0, d3, d2, d1, d0;
11095 s3 = s2 = s1 = s0 = d3 = d2 = d1 = d0 = IRTemp_INVALID;
11096 vassert(imm8 < 256);
11097
11098 breakupV128to32s( dV, &d3, &d2, &d1, &d0 );
11099 breakupV128to32s( sV, &s3, &s2, &s1, &s0 );
11100
11101 # define SELD(n) ((n)==0 ? d0 : ((n)==1 ? d1 : ((n)==2 ? d2 : d3)))
11102 # define SELS(n) ((n)==0 ? s0 : ((n)==1 ? s1 : ((n)==2 ? s2 : s3)))
11103 IRTemp res = newTemp(Ity_V128);
11104 assign(res,
11105 mkV128from32s( SELS((imm8>>6)&3), SELS((imm8>>4)&3),
11106 SELD((imm8>>2)&3), SELD((imm8>>0)&3) ) );
11107 # undef SELD
11108 # undef SELS
11109 return res;
11110 }
11111
11112
11113 /* 256-bit SHUFPS appears to steer each of the 128-bit halves
11114 identically. Hence do the clueless thing and use math_SHUFPS_128
11115 twice. */
11116 static IRTemp math_SHUFPS_256 ( IRTemp sV, IRTemp dV, UInt imm8 )
11117 {
11118 IRTemp sVhi = IRTemp_INVALID, sVlo = IRTemp_INVALID;
11119 IRTemp dVhi = IRTemp_INVALID, dVlo = IRTemp_INVALID;
11120 breakupV256toV128s( sV, &sVhi, &sVlo );
11121 breakupV256toV128s( dV, &dVhi, &dVlo );
11122 IRTemp rVhi = math_SHUFPS_128(sVhi, dVhi, imm8);
11123 IRTemp rVlo = math_SHUFPS_128(sVlo, dVlo, imm8);
11124 IRTemp rV = newTemp(Ity_V256);
11125 assign(rV, binop(Iop_V128HLtoV256, mkexpr(rVhi), mkexpr(rVlo)));
11126 return rV;
11127 }
11128
11129
11130 static IRTemp math_SHUFPD_128 ( IRTemp sV, IRTemp dV, UInt imm8 )
11131 {
11132 IRTemp s1 = newTemp(Ity_I64);
11133 IRTemp s0 = newTemp(Ity_I64);
11134 IRTemp d1 = newTemp(Ity_I64);
11135 IRTemp d0 = newTemp(Ity_I64);
11136
11137 assign( d1, unop(Iop_V128HIto64, mkexpr(dV)) );
11138 assign( d0, unop(Iop_V128to64, mkexpr(dV)) );
11139 assign( s1, unop(Iop_V128HIto64, mkexpr(sV)) );
11140 assign( s0, unop(Iop_V128to64, mkexpr(sV)) );
11141
11142 # define SELD(n) mkexpr((n)==0 ? d0 : d1)
11143 # define SELS(n) mkexpr((n)==0 ? s0 : s1)
11144
11145 IRTemp res = newTemp(Ity_V128);
11146 assign(res, binop( Iop_64HLtoV128,
11147 SELS((imm8>>1)&1), SELD((imm8>>0)&1) ) );
11148
11149 # undef SELD
11150 # undef SELS
11151 return res;
11152 }
11153
11154
11155 static IRTemp math_SHUFPD_256 ( IRTemp sV, IRTemp dV, UInt imm8 )
11156 {
11157 IRTemp sVhi = IRTemp_INVALID, sVlo = IRTemp_INVALID;
11158 IRTemp dVhi = IRTemp_INVALID, dVlo = IRTemp_INVALID;
11159 breakupV256toV128s( sV, &sVhi, &sVlo );
11160 breakupV256toV128s( dV, &dVhi, &dVlo );
11161 IRTemp rVhi = math_SHUFPD_128(sVhi, dVhi, (imm8 >> 2) & 3);
11162 IRTemp rVlo = math_SHUFPD_128(sVlo, dVlo, imm8 & 3);
11163 IRTemp rV = newTemp(Ity_V256);
11164 assign(rV, binop(Iop_V128HLtoV256, mkexpr(rVhi), mkexpr(rVlo)));
11165 return rV;
11166 }
11167
11168
11169 static IRTemp math_BLENDPD_128 ( IRTemp sV, IRTemp dV, UInt imm8 )
11170 {
11171 UShort imm8_mask_16;
11172 IRTemp imm8_mask = newTemp(Ity_V128);
11173
11174 switch( imm8 & 3 ) {
11175 case 0: imm8_mask_16 = 0x0000; break;
11176 case 1: imm8_mask_16 = 0x00FF; break;
11177 case 2: imm8_mask_16 = 0xFF00; break;
11178 case 3: imm8_mask_16 = 0xFFFF; break;
11179 default: vassert(0); break;
11180 }
11181 assign( imm8_mask, mkV128( imm8_mask_16 ) );
11182
11183 IRTemp res = newTemp(Ity_V128);
11184 assign ( res, binop( Iop_OrV128,
11185 binop( Iop_AndV128, mkexpr(sV),
11186 mkexpr(imm8_mask) ),
11187 binop( Iop_AndV128, mkexpr(dV),
11188 unop( Iop_NotV128, mkexpr(imm8_mask) ) ) ) );
11189 return res;
11190 }
11191
11192
11193 static IRTemp math_BLENDPD_256 ( IRTemp sV, IRTemp dV, UInt imm8 )
11194 {
11195 IRTemp sVhi = IRTemp_INVALID, sVlo = IRTemp_INVALID;
11196 IRTemp dVhi = IRTemp_INVALID, dVlo = IRTemp_INVALID;
11197 breakupV256toV128s( sV, &sVhi, &sVlo );
11198 breakupV256toV128s( dV, &dVhi, &dVlo );
11199 IRTemp rVhi = math_BLENDPD_128(sVhi, dVhi, (imm8 >> 2) & 3);
11200 IRTemp rVlo = math_BLENDPD_128(sVlo, dVlo, imm8 & 3);
11201 IRTemp rV = newTemp(Ity_V256);
11202 assign(rV, binop(Iop_V128HLtoV256, mkexpr(rVhi), mkexpr(rVlo)));
11203 return rV;
11204 }
11205
11206
11207 static IRTemp math_BLENDPS_128 ( IRTemp sV, IRTemp dV, UInt imm8 )
11208 {
11209 UShort imm8_perms[16] = { 0x0000, 0x000F, 0x00F0, 0x00FF, 0x0F00,
11210 0x0F0F, 0x0FF0, 0x0FFF, 0xF000, 0xF00F,
11211 0xF0F0, 0xF0FF, 0xFF00, 0xFF0F, 0xFFF0,
11212 0xFFFF };
11213 IRTemp imm8_mask = newTemp(Ity_V128);
11214 assign( imm8_mask, mkV128( imm8_perms[ (imm8 & 15) ] ) );
11215
11216 IRTemp res = newTemp(Ity_V128);
11217 assign ( res, binop( Iop_OrV128,
11218 binop( Iop_AndV128, mkexpr(sV),
11219 mkexpr(imm8_mask) ),
11220 binop( Iop_AndV128, mkexpr(dV),
11221 unop( Iop_NotV128, mkexpr(imm8_mask) ) ) ) );
11222 return res;
11223 }
11224
11225
11226 static IRTemp math_BLENDPS_256 ( IRTemp sV, IRTemp dV, UInt imm8 )
11227 {
11228 IRTemp sVhi = IRTemp_INVALID, sVlo = IRTemp_INVALID;
11229 IRTemp dVhi = IRTemp_INVALID, dVlo = IRTemp_INVALID;
11230 breakupV256toV128s( sV, &sVhi, &sVlo );
11231 breakupV256toV128s( dV, &dVhi, &dVlo );
11232 IRTemp rVhi = math_BLENDPS_128(sVhi, dVhi, (imm8 >> 4) & 15);
11233 IRTemp rVlo = math_BLENDPS_128(sVlo, dVlo, imm8 & 15);
11234 IRTemp rV = newTemp(Ity_V256);
11235 assign(rV, binop(Iop_V128HLtoV256, mkexpr(rVhi), mkexpr(rVlo)));
11236 return rV;
11237 }
11238
11239
11240 static IRTemp math_PBLENDW_128 ( IRTemp sV, IRTemp dV, UInt imm8 )
11241 {
11242 /* Make w be a 16-bit version of imm8, formed by duplicating each
11243 bit in imm8. */
11244 Int i;
11245 UShort imm16 = 0;
11246 for (i = 0; i < 8; i++) {
11247 if (imm8 & (1 << i))
11248 imm16 |= (3 << (2*i));
11249 }
11250 IRTemp imm16_mask = newTemp(Ity_V128);
11251 assign( imm16_mask, mkV128( imm16 ));
11252
11253 IRTemp res = newTemp(Ity_V128);
11254 assign ( res, binop( Iop_OrV128,
11255 binop( Iop_AndV128, mkexpr(sV),
11256 mkexpr(imm16_mask) ),
11257 binop( Iop_AndV128, mkexpr(dV),
11258 unop( Iop_NotV128, mkexpr(imm16_mask) ) ) ) );
11259 return res;
11260 }
11261
11262
11263 static IRTemp math_PMULUDQ_128 ( IRTemp sV, IRTemp dV )
11264 {
11265 /* This is a really poor translation -- could be improved if
11266 performance critical */
11267 IRTemp s3, s2, s1, s0, d3, d2, d1, d0;
11268 s3 = s2 = s1 = s0 = d3 = d2 = d1 = d0 = IRTemp_INVALID;
11269 breakupV128to32s( dV, &d3, &d2, &d1, &d0 );
11270 breakupV128to32s( sV, &s3, &s2, &s1, &s0 );
11271 IRTemp res = newTemp(Ity_V128);
11272 assign(res, binop(Iop_64HLtoV128,
11273 binop( Iop_MullU32, mkexpr(d2), mkexpr(s2)),
11274 binop( Iop_MullU32, mkexpr(d0), mkexpr(s0)) ));
11275 return res;
11276 }
11277
11278
11279 static IRTemp math_PMULUDQ_256 ( IRTemp sV, IRTemp dV )
11280 {
11281 /* This is a really poor translation -- could be improved if
11282 performance critical */
11283 IRTemp sHi, sLo, dHi, dLo;
11284 sHi = sLo = dHi = dLo = IRTemp_INVALID;
11285 breakupV256toV128s( dV, &dHi, &dLo);
11286 breakupV256toV128s( sV, &sHi, &sLo);
11287 IRTemp res = newTemp(Ity_V256);
11288 assign(res, binop(Iop_V128HLtoV256,
11289 mkexpr(math_PMULUDQ_128(sHi, dHi)),
11290 mkexpr(math_PMULUDQ_128(sLo, dLo))));
11291 return res;
11292 }
11293
11294
11295 static IRTemp math_PMULDQ_128 ( IRTemp dV, IRTemp sV )
11296 {
11297 /* This is a really poor translation -- could be improved if
11298 performance critical */
11299 IRTemp s3, s2, s1, s0, d3, d2, d1, d0;
11300 s3 = s2 = s1 = s0 = d3 = d2 = d1 = d0 = IRTemp_INVALID;
11301 breakupV128to32s( dV, &d3, &d2, &d1, &d0 );
11302 breakupV128to32s( sV, &s3, &s2, &s1, &s0 );
11303 IRTemp res = newTemp(Ity_V128);
11304 assign(res, binop(Iop_64HLtoV128,
11305 binop( Iop_MullS32, mkexpr(d2), mkexpr(s2)),
11306 binop( Iop_MullS32, mkexpr(d0), mkexpr(s0)) ));
11307 return res;
11308 }
11309
11310
11311 static IRTemp math_PMULDQ_256 ( IRTemp sV, IRTemp dV )
11312 {
11313 /* This is a really poor translation -- could be improved if
11314 performance critical */
11315 IRTemp sHi, sLo, dHi, dLo;
11316 sHi = sLo = dHi = dLo = IRTemp_INVALID;
11317 breakupV256toV128s( dV, &dHi, &dLo);
11318 breakupV256toV128s( sV, &sHi, &sLo);
11319 IRTemp res = newTemp(Ity_V256);
11320 assign(res, binop(Iop_V128HLtoV256,
11321 mkexpr(math_PMULDQ_128(sHi, dHi)),
11322 mkexpr(math_PMULDQ_128(sLo, dLo))));
11323 return res;
11324 }
11325
11326
11327 static IRTemp math_PMADDWD_128 ( IRTemp dV, IRTemp sV )
11328 {
11329 IRTemp sVhi, sVlo, dVhi, dVlo;
11330 IRTemp resHi = newTemp(Ity_I64);
11331 IRTemp resLo = newTemp(Ity_I64);
11332 sVhi = sVlo = dVhi = dVlo = IRTemp_INVALID;
11333 breakupV128to64s( sV, &sVhi, &sVlo );
11334 breakupV128to64s( dV, &dVhi, &dVlo );
11335 assign( resHi, mkIRExprCCall(Ity_I64, 0/*regparms*/,
11336 "amd64g_calculate_mmx_pmaddwd",
11337 &amd64g_calculate_mmx_pmaddwd,
11338 mkIRExprVec_2( mkexpr(sVhi), mkexpr(dVhi))));
11339 assign( resLo, mkIRExprCCall(Ity_I64, 0/*regparms*/,
11340 "amd64g_calculate_mmx_pmaddwd",
11341 &amd64g_calculate_mmx_pmaddwd,
11342 mkIRExprVec_2( mkexpr(sVlo), mkexpr(dVlo))));
11343 IRTemp res = newTemp(Ity_V128);
11344 assign( res, binop(Iop_64HLtoV128, mkexpr(resHi), mkexpr(resLo))) ;
11345 return res;
11346 }
11347
11348
11349 static IRTemp math_PMADDWD_256 ( IRTemp dV, IRTemp sV )
11350 {
11351 IRTemp sHi, sLo, dHi, dLo;
11352 sHi = sLo = dHi = dLo = IRTemp_INVALID;
11353 breakupV256toV128s( dV, &dHi, &dLo);
11354 breakupV256toV128s( sV, &sHi, &sLo);
11355 IRTemp res = newTemp(Ity_V256);
11356 assign(res, binop(Iop_V128HLtoV256,
11357 mkexpr(math_PMADDWD_128(dHi, sHi)),
11358 mkexpr(math_PMADDWD_128(dLo, sLo))));
11359 return res;
11360 }
11361
11362
11363 static IRTemp math_ADDSUBPD_128 ( IRTemp dV, IRTemp sV )
11364 {
11365 IRTemp addV = newTemp(Ity_V128);
11366 IRTemp subV = newTemp(Ity_V128);
11367 IRTemp a1 = newTemp(Ity_I64);
11368 IRTemp s0 = newTemp(Ity_I64);
11369 IRTemp rm = newTemp(Ity_I32);
11370
11371 assign( rm, get_FAKE_roundingmode() ); /* XXXROUNDINGFIXME */
11372 assign( addV, triop(Iop_Add64Fx2, mkexpr(rm), mkexpr(dV), mkexpr(sV)) );
11373 assign( subV, triop(Iop_Sub64Fx2, mkexpr(rm), mkexpr(dV), mkexpr(sV)) );
11374
11375 assign( a1, unop(Iop_V128HIto64, mkexpr(addV) ));
11376 assign( s0, unop(Iop_V128to64, mkexpr(subV) ));
11377
11378 IRTemp res = newTemp(Ity_V128);
11379 assign( res, binop(Iop_64HLtoV128, mkexpr(a1), mkexpr(s0)) );
11380 return res;
11381 }
11382
11383
11384 static IRTemp math_ADDSUBPD_256 ( IRTemp dV, IRTemp sV )
11385 {
11386 IRTemp a3, a2, a1, a0, s3, s2, s1, s0;
11387 IRTemp addV = newTemp(Ity_V256);
11388 IRTemp subV = newTemp(Ity_V256);
11389 IRTemp rm = newTemp(Ity_I32);
11390 a3 = a2 = a1 = a0 = s3 = s2 = s1 = s0 = IRTemp_INVALID;
11391
11392 assign( rm, get_FAKE_roundingmode() ); /* XXXROUNDINGFIXME */
11393 assign( addV, triop(Iop_Add64Fx4, mkexpr(rm), mkexpr(dV), mkexpr(sV)) );
11394 assign( subV, triop(Iop_Sub64Fx4, mkexpr(rm), mkexpr(dV), mkexpr(sV)) );
11395
11396 breakupV256to64s( addV, &a3, &a2, &a1, &a0 );
11397 breakupV256to64s( subV, &s3, &s2, &s1, &s0 );
11398
11399 IRTemp res = newTemp(Ity_V256);
11400 assign( res, mkV256from64s( a3, s2, a1, s0 ) );
11401 return res;
11402 }
11403
11404
11405 static IRTemp math_ADDSUBPS_128 ( IRTemp dV, IRTemp sV )
11406 {
11407 IRTemp a3, a2, a1, a0, s3, s2, s1, s0;
11408 IRTemp addV = newTemp(Ity_V128);
11409 IRTemp subV = newTemp(Ity_V128);
11410 IRTemp rm = newTemp(Ity_I32);
11411 a3 = a2 = a1 = a0 = s3 = s2 = s1 = s0 = IRTemp_INVALID;
11412
11413 assign( rm, get_FAKE_roundingmode() ); /* XXXROUNDINGFIXME */
11414 assign( addV, triop(Iop_Add32Fx4, mkexpr(rm), mkexpr(dV), mkexpr(sV)) );
11415 assign( subV, triop(Iop_Sub32Fx4, mkexpr(rm), mkexpr(dV), mkexpr(sV)) );
11416
11417 breakupV128to32s( addV, &a3, &a2, &a1, &a0 );
11418 breakupV128to32s( subV, &s3, &s2, &s1, &s0 );
11419
11420 IRTemp res = newTemp(Ity_V128);
11421 assign( res, mkV128from32s( a3, s2, a1, s0 ) );
11422 return res;
11423 }
11424
11425
11426 static IRTemp math_ADDSUBPS_256 ( IRTemp dV, IRTemp sV )
11427 {
11428 IRTemp a7, a6, a5, a4, a3, a2, a1, a0;
11429 IRTemp s7, s6, s5, s4, s3, s2, s1, s0;
11430 IRTemp addV = newTemp(Ity_V256);
11431 IRTemp subV = newTemp(Ity_V256);
11432 IRTemp rm = newTemp(Ity_I32);
11433 a7 = a6 = a5 = a4 = a3 = a2 = a1 = a0 = IRTemp_INVALID;
11434 s7 = s6 = s5 = s4 = s3 = s2 = s1 = s0 = IRTemp_INVALID;
11435
11436 assign( rm, get_FAKE_roundingmode() ); /* XXXROUNDINGFIXME */
11437 assign( addV, triop(Iop_Add32Fx8, mkexpr(rm), mkexpr(dV), mkexpr(sV)) );
11438 assign( subV, triop(Iop_Sub32Fx8, mkexpr(rm), mkexpr(dV), mkexpr(sV)) );
11439
11440 breakupV256to32s( addV, &a7, &a6, &a5, &a4, &a3, &a2, &a1, &a0 );
11441 breakupV256to32s( subV, &s7, &s6, &s5, &s4, &s3, &s2, &s1, &s0 );
11442
11443 IRTemp res = newTemp(Ity_V256);
11444 assign( res, mkV256from32s( a7, s6, a5, s4, a3, s2, a1, s0 ) );
11445 return res;
11446 }
11447
11448
11449 /* Handle 128 bit PSHUFLW and PSHUFHW. */
11450 static Long dis_PSHUFxW_128 ( const VexAbiInfo* vbi, Prefix pfx,
11451 Long delta, Bool isAvx, Bool xIsH )
11452 {
11453 IRTemp addr = IRTemp_INVALID;
11454 Int alen = 0;
11455 HChar dis_buf[50];
11456 UChar modrm = getUChar(delta);
11457 UInt rG = gregOfRexRM(pfx,modrm);
11458 UInt imm8;
11459 IRTemp sVmut, dVmut, sVcon, sV, dV, s3, s2, s1, s0;
11460 s3 = s2 = s1 = s0 = IRTemp_INVALID;
11461 sV = newTemp(Ity_V128);
11462 dV = newTemp(Ity_V128);
11463 sVmut = newTemp(Ity_I64);
11464 dVmut = newTemp(Ity_I64);
11465 sVcon = newTemp(Ity_I64);
11466 if (epartIsReg(modrm)) {
11467 UInt rE = eregOfRexRM(pfx,modrm);
11468 assign( sV, getXMMReg(rE) );
11469 imm8 = (UInt)getUChar(delta+1);
11470 delta += 1+1;
11471 DIP("%spshuf%cw $%u,%s,%s\n",
11472 isAvx ? "v" : "", xIsH ? 'h' : 'l',
11473 imm8, nameXMMReg(rE), nameXMMReg(rG));
11474 } else {
11475 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 1 );
11476 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
11477 imm8 = (UInt)getUChar(delta+alen);
11478 delta += alen+1;
11479 DIP("%spshuf%cw $%u,%s,%s\n",
11480 isAvx ? "v" : "", xIsH ? 'h' : 'l',
11481 imm8, dis_buf, nameXMMReg(rG));
11482 }
11483
11484 /* Get the to-be-changed (mut) and unchanging (con) bits of the
11485 source. */
11486 assign( sVmut, unop(xIsH ? Iop_V128HIto64 : Iop_V128to64, mkexpr(sV)) );
11487 assign( sVcon, unop(xIsH ? Iop_V128to64 : Iop_V128HIto64, mkexpr(sV)) );
11488
11489 breakup64to16s( sVmut, &s3, &s2, &s1, &s0 );
11490 # define SEL(n) \
11491 ((n)==0 ? s0 : ((n)==1 ? s1 : ((n)==2 ? s2 : s3)))
11492 assign(dVmut, mk64from16s( SEL((imm8>>6)&3), SEL((imm8>>4)&3),
11493 SEL((imm8>>2)&3), SEL((imm8>>0)&3) ));
11494 # undef SEL
11495
11496 assign(dV, xIsH ? binop(Iop_64HLtoV128, mkexpr(dVmut), mkexpr(sVcon))
11497 : binop(Iop_64HLtoV128, mkexpr(sVcon), mkexpr(dVmut)) );
11498
11499 (isAvx ? putYMMRegLoAndZU : putXMMReg)(rG, mkexpr(dV));
11500 return delta;
11501 }
11502
11503
11504 /* Handle 256 bit PSHUFLW and PSHUFHW. */
11505 static Long dis_PSHUFxW_256 ( const VexAbiInfo* vbi, Prefix pfx,
11506 Long delta, Bool xIsH )
11507 {
11508 IRTemp addr = IRTemp_INVALID;
11509 Int alen = 0;
11510 HChar dis_buf[50];
11511 UChar modrm = getUChar(delta);
11512 UInt rG = gregOfRexRM(pfx,modrm);
11513 UInt imm8;
11514 IRTemp sV, s[8], sV64[4], dVhi, dVlo;
11515 sV64[3] = sV64[2] = sV64[1] = sV64[0] = IRTemp_INVALID;
11516 s[7] = s[6] = s[5] = s[4] = s[3] = s[2] = s[1] = s[0] = IRTemp_INVALID;
11517 sV = newTemp(Ity_V256);
11518 dVhi = newTemp(Ity_I64);
11519 dVlo = newTemp(Ity_I64);
11520 if (epartIsReg(modrm)) {
11521 UInt rE = eregOfRexRM(pfx,modrm);
11522 assign( sV, getYMMReg(rE) );
11523 imm8 = (UInt)getUChar(delta+1);
11524 delta += 1+1;
11525 DIP("vpshuf%cw $%u,%s,%s\n", xIsH ? 'h' : 'l',
11526 imm8, nameYMMReg(rE), nameYMMReg(rG));
11527 } else {
11528 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 1 );
11529 assign( sV, loadLE(Ity_V256, mkexpr(addr)) );
11530 imm8 = (UInt)getUChar(delta+alen);
11531 delta += alen+1;
11532 DIP("vpshuf%cw $%u,%s,%s\n", xIsH ? 'h' : 'l',
11533 imm8, dis_buf, nameYMMReg(rG));
11534 }
11535
11536 breakupV256to64s( sV, &sV64[3], &sV64[2], &sV64[1], &sV64[0] );
11537 breakup64to16s( sV64[xIsH ? 3 : 2], &s[7], &s[6], &s[5], &s[4] );
11538 breakup64to16s( sV64[xIsH ? 1 : 0], &s[3], &s[2], &s[1], &s[0] );
11539
11540 assign( dVhi, mk64from16s( s[4 + ((imm8>>6)&3)], s[4 + ((imm8>>4)&3)],
11541 s[4 + ((imm8>>2)&3)], s[4 + ((imm8>>0)&3)] ) );
11542 assign( dVlo, mk64from16s( s[0 + ((imm8>>6)&3)], s[0 + ((imm8>>4)&3)],
11543 s[0 + ((imm8>>2)&3)], s[0 + ((imm8>>0)&3)] ) );
11544 putYMMReg( rG, mkV256from64s( xIsH ? dVhi : sV64[3],
11545 xIsH ? sV64[2] : dVhi,
11546 xIsH ? dVlo : sV64[1],
11547 xIsH ? sV64[0] : dVlo ) );
11548 return delta;
11549 }
11550
11551
11552 static Long dis_PEXTRW_128_EregOnly_toG ( const VexAbiInfo* vbi, Prefix pfx,
11553 Long delta, Bool isAvx )
11554 {
11555 Long deltaIN = delta;
11556 UChar modrm = getUChar(delta);
11557 UInt rG = gregOfRexRM(pfx,modrm);
11558 IRTemp sV = newTemp(Ity_V128);
11559 IRTemp d16 = newTemp(Ity_I16);
11560 UInt imm8;
11561 IRTemp s0, s1, s2, s3;
11562 if (epartIsReg(modrm)) {
11563 UInt rE = eregOfRexRM(pfx,modrm);
11564 assign(sV, getXMMReg(rE));
11565 imm8 = getUChar(delta+1) & 7;
11566 delta += 1+1;
11567 DIP("%spextrw $%u,%s,%s\n", isAvx ? "v" : "",
11568 imm8, nameXMMReg(rE), nameIReg32(rG));
11569 } else {
11570 /* The memory case is disallowed, apparently. */
11571 return deltaIN; /* FAIL */
11572 }
11573 s3 = s2 = s1 = s0 = IRTemp_INVALID;
11574 breakupV128to32s( sV, &s3, &s2, &s1, &s0 );
11575 switch (imm8) {
11576 case 0: assign(d16, unop(Iop_32to16, mkexpr(s0))); break;
11577 case 1: assign(d16, unop(Iop_32HIto16, mkexpr(s0))); break;
11578 case 2: assign(d16, unop(Iop_32to16, mkexpr(s1))); break;
11579 case 3: assign(d16, unop(Iop_32HIto16, mkexpr(s1))); break;
11580 case 4: assign(d16, unop(Iop_32to16, mkexpr(s2))); break;
11581 case 5: assign(d16, unop(Iop_32HIto16, mkexpr(s2))); break;
11582 case 6: assign(d16, unop(Iop_32to16, mkexpr(s3))); break;
11583 case 7: assign(d16, unop(Iop_32HIto16, mkexpr(s3))); break;
11584 default: vassert(0);
11585 }
11586 putIReg32(rG, unop(Iop_16Uto32, mkexpr(d16)));
11587 return delta;
11588 }
11589
11590
11591 static Long dis_CVTDQ2PD_128 ( const VexAbiInfo* vbi, Prefix pfx,
11592 Long delta, Bool isAvx )
11593 {
11594 IRTemp addr = IRTemp_INVALID;
11595 Int alen = 0;
11596 HChar dis_buf[50];
11597 UChar modrm = getUChar(delta);
11598 IRTemp arg64 = newTemp(Ity_I64);
11599 UInt rG = gregOfRexRM(pfx,modrm);
11600 const HChar* mbV = isAvx ? "v" : "";
11601 if (epartIsReg(modrm)) {
11602 UInt rE = eregOfRexRM(pfx,modrm);
11603 assign( arg64, getXMMRegLane64(rE, 0) );
11604 delta += 1;
11605 DIP("%scvtdq2pd %s,%s\n", mbV, nameXMMReg(rE), nameXMMReg(rG));
11606 } else {
11607 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
11608 assign( arg64, loadLE(Ity_I64, mkexpr(addr)) );
11609 delta += alen;
11610 DIP("%scvtdq2pd %s,%s\n", mbV, dis_buf, nameXMMReg(rG) );
11611 }
11612 putXMMRegLane64F(
11613 rG, 0,
11614 unop(Iop_I32StoF64, unop(Iop_64to32, mkexpr(arg64)))
11615 );
11616 putXMMRegLane64F(
11617 rG, 1,
11618 unop(Iop_I32StoF64, unop(Iop_64HIto32, mkexpr(arg64)))
11619 );
11620 if (isAvx)
11621 putYMMRegLane128(rG, 1, mkV128(0));
11622 return delta;
11623 }
11624
11625
11626 static Long dis_STMXCSR ( const VexAbiInfo* vbi, Prefix pfx,
11627 Long delta, Bool isAvx )
11628 {
11629 IRTemp addr = IRTemp_INVALID;
11630 Int alen = 0;
11631 HChar dis_buf[50];
11632 UChar modrm = getUChar(delta);
11633 vassert(!epartIsReg(modrm)); /* ensured by caller */
11634 vassert(gregOfRexRM(pfx,modrm) == 3); /* ditto */
11635
11636 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
11637 delta += alen;
11638
11639 /* Fake up a native SSE mxcsr word. The only thing it depends on
11640 is SSEROUND[1:0], so call a clean helper to cook it up.
11641 */
11642 /* ULong amd64h_create_mxcsr ( ULong sseround ) */
11643 DIP("%sstmxcsr %s\n", isAvx ? "v" : "", dis_buf);
11644 storeLE(
11645 mkexpr(addr),
11646 unop(Iop_64to32,
11647 mkIRExprCCall(
11648 Ity_I64, 0/*regp*/,
11649 "amd64g_create_mxcsr", &amd64g_create_mxcsr,
11650 mkIRExprVec_1( unop(Iop_32Uto64,get_sse_roundingmode()) )
11651 )
11652 )
11653 );
11654 return delta;
11655 }
11656
11657
11658 static Long dis_LDMXCSR ( const VexAbiInfo* vbi, Prefix pfx,
11659 Long delta, Bool isAvx )
11660 {
11661 IRTemp addr = IRTemp_INVALID;
11662 Int alen = 0;
11663 HChar dis_buf[50];
11664 UChar modrm = getUChar(delta);
11665 vassert(!epartIsReg(modrm)); /* ensured by caller */
11666 vassert(gregOfRexRM(pfx,modrm) == 2); /* ditto */
11667
11668 IRTemp t64 = newTemp(Ity_I64);
11669 IRTemp ew = newTemp(Ity_I32);
11670
11671 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
11672 delta += alen;
11673 DIP("%sldmxcsr %s\n", isAvx ? "v" : "", dis_buf);
11674
11675 /* The only thing we observe in %mxcsr is the rounding mode.
11676 Therefore, pass the 32-bit value (SSE native-format control
11677 word) to a clean helper, getting back a 64-bit value, the
11678 lower half of which is the SSEROUND value to store, and the
11679 upper half of which is the emulation-warning token which may
11680 be generated.
11681 */
11682 /* ULong amd64h_check_ldmxcsr ( ULong ); */
11683 assign( t64, mkIRExprCCall(
11684 Ity_I64, 0/*regparms*/,
11685 "amd64g_check_ldmxcsr",
11686 &amd64g_check_ldmxcsr,
11687 mkIRExprVec_1(
11688 unop(Iop_32Uto64,
11689 loadLE(Ity_I32, mkexpr(addr))
11690 )
11691 )
11692 )
11693 );
11694
11695 put_sse_roundingmode( unop(Iop_64to32, mkexpr(t64)) );
11696 assign( ew, unop(Iop_64HIto32, mkexpr(t64) ) );
11697 put_emwarn( mkexpr(ew) );
11698 /* Finally, if an emulation warning was reported, side-exit to
11699 the next insn, reporting the warning, so that Valgrind's
11700 dispatcher sees the warning. */
11701 stmt(
11702 IRStmt_Exit(
11703 binop(Iop_CmpNE64, unop(Iop_32Uto64,mkexpr(ew)), mkU64(0)),
11704 Ijk_EmWarn,
11705 IRConst_U64(guest_RIP_bbstart+delta),
11706 OFFB_RIP
11707 )
11708 );
11709 return delta;
11710 }
11711
11712
11713 static void gen_XSAVE_SEQUENCE ( IRTemp addr, IRTemp rfbm )
11714 {
11715 /* ------ rfbm[0] gates the x87 state ------ */
11716
11717 /* Uses dirty helper:
11718 void amd64g_do_XSAVE_COMPONENT_0 ( VexGuestAMD64State*, ULong )
11719 */
11720 IRDirty* d0 = unsafeIRDirty_0_N (
11721 0/*regparms*/,
11722 "amd64g_dirtyhelper_XSAVE_COMPONENT_0",
11723 &amd64g_dirtyhelper_XSAVE_COMPONENT_0,
11724 mkIRExprVec_2( IRExpr_GSPTR(), mkexpr(addr) )
11725 );
11726 d0->guard = binop(Iop_CmpEQ64, binop(Iop_And64, mkexpr(rfbm), mkU64(1)),
11727 mkU64(1));
11728
11729 /* Declare we're writing memory. Really, bytes 24 through 31
11730 (MXCSR and MXCSR_MASK) aren't written, but we can't express more
11731 than 1 memory area here, so just mark the whole thing as
11732 written. */
11733 d0->mFx = Ifx_Write;
11734 d0->mAddr = mkexpr(addr);
11735 d0->mSize = 160;
11736
11737 /* declare we're reading guest state */
11738 d0->nFxState = 5;
11739 vex_bzero(&d0->fxState, sizeof(d0->fxState));
11740
11741 d0->fxState[0].fx = Ifx_Read;
11742 d0->fxState[0].offset = OFFB_FTOP;
11743 d0->fxState[0].size = sizeof(UInt);
11744
11745 d0->fxState[1].fx = Ifx_Read;
11746 d0->fxState[1].offset = OFFB_FPREGS;
11747 d0->fxState[1].size = 8 * sizeof(ULong);
11748
11749 d0->fxState[2].fx = Ifx_Read;
11750 d0->fxState[2].offset = OFFB_FPTAGS;
11751 d0->fxState[2].size = 8 * sizeof(UChar);
11752
11753 d0->fxState[3].fx = Ifx_Read;
11754 d0->fxState[3].offset = OFFB_FPROUND;
11755 d0->fxState[3].size = sizeof(ULong);
11756
11757 d0->fxState[4].fx = Ifx_Read;
11758 d0->fxState[4].offset = OFFB_FC3210;
11759 d0->fxState[4].size = sizeof(ULong);
11760
11761 stmt( IRStmt_Dirty(d0) );
11762
11763 /* ------ rfbm[1] gates the SSE state ------ */
11764
11765 IRTemp rfbm_1 = newTemp(Ity_I64);
11766 IRTemp rfbm_1or2 = newTemp(Ity_I64);
11767 assign(rfbm_1, binop(Iop_And64, mkexpr(rfbm), mkU64(2)));
11768 assign(rfbm_1or2, binop(Iop_And64, mkexpr(rfbm), mkU64(6)));
11769
11770 IRExpr* guard_1 = binop(Iop_CmpEQ64, mkexpr(rfbm_1), mkU64(2));
11771 IRExpr* guard_1or2 = binop(Iop_CmpNE64, mkexpr(rfbm_1or2), mkU64(0));
11772
11773 /* Uses dirty helper:
11774 void amd64g_do_XSAVE_COMPONENT_1_EXCLUDING_XMMREGS
11775 ( VexGuestAMD64State*, ULong )
11776 This creates only MXCSR and MXCSR_MASK. We need to do this if
11777 either components 1 (SSE) or 2 (AVX) are requested. Hence the
11778 guard condition is a bit more complex.
11779 */
11780 IRDirty* d1 = unsafeIRDirty_0_N (
11781 0/*regparms*/,
11782 "amd64g_dirtyhelper_XSAVE_COMPONENT_1_EXCLUDING_XMMREGS",
11783 &amd64g_dirtyhelper_XSAVE_COMPONENT_1_EXCLUDING_XMMREGS,
11784 mkIRExprVec_2( IRExpr_GSPTR(), mkexpr(addr) )
11785 );
11786 d1->guard = guard_1or2;
11787
11788 /* Declare we're writing memory: MXCSR and MXCSR_MASK. Note that
11789 the code for rbfm[0] just above claims a write of 0 .. 159, so
11790 this duplicates it. But at least correctly connects 24 .. 31 to
11791 the MXCSR guest state representation (SSEROUND field). */
11792 d1->mFx = Ifx_Write;
11793 d1->mAddr = binop(Iop_Add64, mkexpr(addr), mkU64(24));
11794 d1->mSize = 8;
11795
11796 /* declare we're reading guest state */
11797 d1->nFxState = 1;
11798 vex_bzero(&d1->fxState, sizeof(d1->fxState));
11799
11800 d1->fxState[0].fx = Ifx_Read;
11801 d1->fxState[0].offset = OFFB_SSEROUND;
11802 d1->fxState[0].size = sizeof(ULong);
11803
11804 /* Call the helper. This creates MXCSR and MXCSR_MASK but nothing
11805 else. We do the actual register array, XMM[0..15], separately,
11806 in order that any undefinedness in the XMM registers is tracked
11807 separately by Memcheck and does not "infect" the in-memory
11808 shadow for the other parts of the image. */
11809 stmt( IRStmt_Dirty(d1) );
11810
11811 /* And now the XMMs themselves. */
11812 UInt reg;
11813 for (reg = 0; reg < 16; reg++) {
11814 stmt( IRStmt_StoreG(
11815 Iend_LE,
11816 binop(Iop_Add64, mkexpr(addr), mkU64(160 + reg * 16)),
11817 getXMMReg(reg),
11818 guard_1
11819 ));
11820 }
11821
11822 /* ------ rfbm[2] gates the AVX state ------ */
11823 /* Component 2 is just a bunch of register saves, so we'll do it
11824 inline, just to be simple and to be Memcheck friendly. */
11825
11826 IRTemp rfbm_2 = newTemp(Ity_I64);
11827 assign(rfbm_2, binop(Iop_And64, mkexpr(rfbm), mkU64(4)));
11828
11829 IRExpr* guard_2 = binop(Iop_CmpEQ64, mkexpr(rfbm_2), mkU64(4));
11830
11831 for (reg = 0; reg < 16; reg++) {
11832 stmt( IRStmt_StoreG(
11833 Iend_LE,
11834 binop(Iop_Add64, mkexpr(addr), mkU64(576 + reg * 16)),
11835 getYMMRegLane128(reg,1),
11836 guard_2
11837 ));
11838 }
11839 }
11840
11841
11842 static Long dis_XSAVE ( const VexAbiInfo* vbi,
11843 Prefix pfx, Long delta, Int sz )
11844 {
11845 /* Note that the presence or absence of REX.W (indicated here by
11846 |sz|) slightly affects the written format: whether the saved FPU
11847 IP and DP pointers are 64 or 32 bits. But the helper function
11848 we call simply writes zero bits in the relevant fields, which
11849 are 64 bits regardless of what REX.W is, and so it's good enough
11850 (iow, equally broken) in both cases. */
11851 IRTemp addr = IRTemp_INVALID;
11852 Int alen = 0;
11853 HChar dis_buf[50];
11854 UChar modrm = getUChar(delta);
11855 vassert(!epartIsReg(modrm)); /* ensured by caller */
11856 vassert(sz == 4 || sz == 8); /* ditto */
11857
11858 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
11859 delta += alen;
11860 gen_SEGV_if_not_64_aligned(addr);
11861
11862 DIP("%sxsave %s\n", sz==8 ? "rex64/" : "", dis_buf);
11863
11864 /* VEX's caller is assumed to have checked this. */
11865 const ULong aSSUMED_XCR0_VALUE = 7;
11866
11867 IRTemp rfbm = newTemp(Ity_I64);
11868 assign(rfbm,
11869 binop(Iop_And64,
11870 binop(Iop_Or64,
11871 binop(Iop_Shl64,
11872 unop(Iop_32Uto64, getIRegRDX(4)), mkU8(32)),
11873 unop(Iop_32Uto64, getIRegRAX(4))),
11874 mkU64(aSSUMED_XCR0_VALUE)));
11875
11876 gen_XSAVE_SEQUENCE(addr, rfbm);
11877
11878 /* Finally, we need to update XSTATE_BV in the XSAVE header area, by
11879 OR-ing the RFBM value into it. */
11880 IRTemp addr_plus_512 = newTemp(Ity_I64);
11881 assign(addr_plus_512, binop(Iop_Add64, mkexpr(addr), mkU64(512)));
11882 storeLE( mkexpr(addr_plus_512),
11883 binop(Iop_Or8,
11884 unop(Iop_64to8, mkexpr(rfbm)),
11885 loadLE(Ity_I8, mkexpr(addr_plus_512))) );
11886
11887 return delta;
11888 }
11889
11890
11891 static Long dis_FXSAVE ( const VexAbiInfo* vbi,
11892 Prefix pfx, Long delta, Int sz )
11893 {
11894 /* See comment in dis_XSAVE about the significance of REX.W. */
11895 IRTemp addr = IRTemp_INVALID;
11896 Int alen = 0;
11897 HChar dis_buf[50];
11898 UChar modrm = getUChar(delta);
11899 vassert(!epartIsReg(modrm)); /* ensured by caller */
11900 vassert(sz == 4 || sz == 8); /* ditto */
11901
11902 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
11903 delta += alen;
11904 gen_SEGV_if_not_16_aligned(addr);
11905
11906 DIP("%sfxsave %s\n", sz==8 ? "rex64/" : "", dis_buf);
11907
11908 /* FXSAVE is just XSAVE with components 0 and 1 selected. Set rfbm
11909 to 0b011, generate the XSAVE sequence accordingly, and let iropt
11910 fold out the unused (AVX) parts accordingly. */
11911 IRTemp rfbm = newTemp(Ity_I64);
11912 assign(rfbm, mkU64(3));
11913 gen_XSAVE_SEQUENCE(addr, rfbm);
11914
11915 return delta;
11916 }
11917
11918
11919 static void gen_XRSTOR_SEQUENCE ( IRTemp addr, IRTemp xstate_bv, IRTemp rfbm )
11920 {
11921 /* ------ rfbm[0] gates the x87 state ------ */
11922
11923 /* If rfbm[0] == 1, we have to write the x87 state. If
11924 xstate_bv[0] == 1, we will read it from the memory image, else
11925 we'll set it to initial values. Doing this with a helper
11926 function and getting the definedness flow annotations correct is
11927 too difficult, so generate stupid but simple code: first set the
11928 registers to initial values, regardless of xstate_bv[0]. Then,
11929 conditionally restore from the memory image. */
11930
11931 IRTemp rfbm_0 = newTemp(Ity_I64);
11932 IRTemp xstate_bv_0 = newTemp(Ity_I64);
11933 IRTemp restore_0 = newTemp(Ity_I64);
11934 assign(rfbm_0, binop(Iop_And64, mkexpr(rfbm), mkU64(1)));
11935 assign(xstate_bv_0, binop(Iop_And64, mkexpr(xstate_bv), mkU64(1)));
11936 assign(restore_0, binop(Iop_And64, mkexpr(rfbm_0), mkexpr(xstate_bv_0)));
11937
11938 gen_FINIT_SEQUENCE( binop(Iop_CmpNE64, mkexpr(rfbm_0), mkU64(0)) );
11939
11940 /* Uses dirty helper:
11941 void amd64g_do_XRSTOR_COMPONENT_0 ( VexGuestAMD64State*, ULong )
11942 */
11943 IRDirty* d0 = unsafeIRDirty_0_N (
11944 0/*regparms*/,
11945 "amd64g_dirtyhelper_XRSTOR_COMPONENT_0",
11946 &amd64g_dirtyhelper_XRSTOR_COMPONENT_0,
11947 mkIRExprVec_2( IRExpr_GSPTR(), mkexpr(addr) )
11948 );
11949 d0->guard = binop(Iop_CmpNE64, mkexpr(restore_0), mkU64(0));
11950
11951 /* Declare we're reading memory. Really, bytes 24 through 31
11952 (MXCSR and MXCSR_MASK) aren't read, but we can't express more
11953 than 1 memory area here, so just mark the whole thing as
11954 read. */
11955 d0->mFx = Ifx_Read;
11956 d0->mAddr = mkexpr(addr);
11957 d0->mSize = 160;
11958
11959 /* declare we're writing guest state */
11960 d0->nFxState = 5;
11961 vex_bzero(&d0->fxState, sizeof(d0->fxState));
11962
11963 d0->fxState[0].fx = Ifx_Write;
11964 d0->fxState[0].offset = OFFB_FTOP;
11965 d0->fxState[0].size = sizeof(UInt);
11966
11967 d0->fxState[1].fx = Ifx_Write;
11968 d0->fxState[1].offset = OFFB_FPREGS;
11969 d0->fxState[1].size = 8 * sizeof(ULong);
11970
11971 d0->fxState[2].fx = Ifx_Write;
11972 d0->fxState[2].offset = OFFB_FPTAGS;
11973 d0->fxState[2].size = 8 * sizeof(UChar);
11974
11975 d0->fxState[3].fx = Ifx_Write;
11976 d0->fxState[3].offset = OFFB_FPROUND;
11977 d0->fxState[3].size = sizeof(ULong);
11978
11979 d0->fxState[4].fx = Ifx_Write;
11980 d0->fxState[4].offset = OFFB_FC3210;
11981 d0->fxState[4].size = sizeof(ULong);
11982
11983 stmt( IRStmt_Dirty(d0) );
11984
11985 /* ------ rfbm[1] gates the SSE state ------ */
11986
11987 /* Same scheme as component 0: first zero it out, and then possibly
11988 restore from the memory area. */
11989 IRTemp rfbm_1 = newTemp(Ity_I64);
11990 IRTemp xstate_bv_1 = newTemp(Ity_I64);
11991 IRTemp restore_1 = newTemp(Ity_I64);
11992 assign(rfbm_1, binop(Iop_And64, mkexpr(rfbm), mkU64(2)));
11993 assign(xstate_bv_1, binop(Iop_And64, mkexpr(xstate_bv), mkU64(2)));
11994 assign(restore_1, binop(Iop_And64, mkexpr(rfbm_1), mkexpr(xstate_bv_1)));
11995 IRExpr* rfbm_1e = binop(Iop_CmpNE64, mkexpr(rfbm_1), mkU64(0));
11996 IRExpr* restore_1e = binop(Iop_CmpNE64, mkexpr(restore_1), mkU64(0));
11997
11998 IRTemp rfbm_1or2 = newTemp(Ity_I64);
11999 IRTemp xstate_bv_1or2 = newTemp(Ity_I64);
12000 IRTemp restore_1or2 = newTemp(Ity_I64);
12001 assign(rfbm_1or2, binop(Iop_And64, mkexpr(rfbm), mkU64(6)));
12002 assign(xstate_bv_1or2, binop(Iop_And64, mkexpr(xstate_bv), mkU64(6)));
12003 assign(restore_1or2, binop(Iop_And64, mkexpr(rfbm_1or2),
12004 mkexpr(xstate_bv_1or2)));
12005 IRExpr* rfbm_1or2e = binop(Iop_CmpNE64, mkexpr(rfbm_1or2), mkU64(0));
12006 IRExpr* restore_1or2e = binop(Iop_CmpNE64, mkexpr(restore_1or2), mkU64(0));
12007
12008 /* The areas in question are: SSEROUND, and the XMM register array. */
12009 putGuarded(OFFB_SSEROUND, rfbm_1or2e, mkU64(Irrm_NEAREST));
12010
12011 UInt reg;
12012 for (reg = 0; reg < 16; reg++) {
12013 putGuarded(xmmGuestRegOffset(reg), rfbm_1e, mkV128(0));
12014 }
12015
12016 /* And now possibly restore from MXCSR/MXCSR_MASK */
12017 /* Uses dirty helper:
12018 void amd64g_do_XRSTOR_COMPONENT_1_EXCLUDING_XMMREGS
12019 ( VexGuestAMD64State*, ULong )
12020 This restores from only MXCSR and MXCSR_MASK. We need to do
12021 this if either components 1 (SSE) or 2 (AVX) are requested.
12022 Hence the guard condition is a bit more complex.
12023 */
12024 IRDirty* d1 = unsafeIRDirty_0_N (
12025 0/*regparms*/,
12026 "amd64g_dirtyhelper_XRSTOR_COMPONENT_1_EXCLUDING_XMMREGS",
12027 &amd64g_dirtyhelper_XRSTOR_COMPONENT_1_EXCLUDING_XMMREGS,
12028 mkIRExprVec_2( IRExpr_GSPTR(), mkexpr(addr) )
12029 ) ;
12030 d1->guard = restore_1or2e;
12031
12032 /* Declare we're reading memory: MXCSR and MXCSR_MASK. Note that
12033 the code for rbfm[0] just above claims a read of 0 .. 159, so
12034 this duplicates it. But at least correctly connects 24 .. 31 to
12035 the MXCSR guest state representation (SSEROUND field). */
12036 d1->mFx = Ifx_Read;
12037 d1->mAddr = binop(Iop_Add64, mkexpr(addr), mkU64(24));
12038 d1->mSize = 8;
12039
12040 /* declare we're writing guest state */
12041 d1->nFxState = 1;
12042 vex_bzero(&d1->fxState, sizeof(d1->fxState));
12043
12044 d1->fxState[0].fx = Ifx_Write;
12045 d1->fxState[0].offset = OFFB_SSEROUND;
12046 d1->fxState[0].size = sizeof(ULong);
12047
12048 /* Call the helper. This creates SSEROUND but nothing
12049 else. We do the actual register array, XMM[0..15], separately,
12050 in order that any undefinedness in the XMM registers is tracked
12051 separately by Memcheck and is not "infected" by the in-memory
12052 shadow for the other parts of the image. */
12053 stmt( IRStmt_Dirty(d1) );
12054
12055 /* And now the XMMs themselves. For each register, we PUT either
12056 its old value, or the value loaded from memory. One convenient
12057 way to do that is with a conditional load that has its the
12058 default value, the old value of the register. */
12059 for (reg = 0; reg < 16; reg++) {
12060 IRExpr* ea = binop(Iop_Add64, mkexpr(addr), mkU64(160 + reg * 16));
12061 IRExpr* alt = getXMMReg(reg);
12062 IRTemp loadedValue = newTemp(Ity_V128);
12063 stmt( IRStmt_LoadG(Iend_LE,
12064 ILGop_IdentV128,
12065 loadedValue, ea, alt, restore_1e) );
12066 putXMMReg(reg, mkexpr(loadedValue));
12067 }
12068
12069 /* ------ rfbm[2] gates the AVX state ------ */
12070 /* Component 2 is just a bunch of register loads, so we'll do it
12071 inline, just to be simple and to be Memcheck friendly. */
12072
12073 /* Same scheme as component 0: first zero it out, and then possibly
12074 restore from the memory area. */
12075 IRTemp rfbm_2 = newTemp(Ity_I64);
12076 IRTemp xstate_bv_2 = newTemp(Ity_I64);
12077 IRTemp restore_2 = newTemp(Ity_I64);
12078 assign(rfbm_2, binop(Iop_And64, mkexpr(rfbm), mkU64(4)));
12079 assign(xstate_bv_2, binop(Iop_And64, mkexpr(xstate_bv), mkU64(4)));
12080 assign(restore_2, binop(Iop_And64, mkexpr(rfbm_2), mkexpr(xstate_bv_2)));
12081
12082 IRExpr* rfbm_2e = binop(Iop_CmpNE64, mkexpr(rfbm_2), mkU64(0));
12083 IRExpr* restore_2e = binop(Iop_CmpNE64, mkexpr(restore_2), mkU64(0));
12084
12085 for (reg = 0; reg < 16; reg++) {
12086 putGuarded(ymmGuestRegLane128offset(reg, 1), rfbm_2e, mkV128(0));
12087 }
12088
12089 for (reg = 0; reg < 16; reg++) {
12090 IRExpr* ea = binop(Iop_Add64, mkexpr(addr), mkU64(576 + reg * 16));
12091 IRExpr* alt = getYMMRegLane128(reg, 1);
12092 IRTemp loadedValue = newTemp(Ity_V128);
12093 stmt( IRStmt_LoadG(Iend_LE,
12094 ILGop_IdentV128,
12095 loadedValue, ea, alt, restore_2e) );
12096 putYMMRegLane128(reg, 1, mkexpr(loadedValue));
12097 }
12098 }
12099
12100
12101 static Long dis_XRSTOR ( const VexAbiInfo* vbi,
12102 Prefix pfx, Long delta, Int sz )
12103 {
12104 /* As with XRSTOR above we ignore the value of REX.W since we're
12105 not bothering with the FPU DP and IP fields. */
12106 IRTemp addr = IRTemp_INVALID;
12107 Int alen = 0;
12108 HChar dis_buf[50];
12109 UChar modrm = getUChar(delta);
12110 vassert(!epartIsReg(modrm)); /* ensured by caller */
12111 vassert(sz == 4 || sz == 8); /* ditto */
12112
12113 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12114 delta += alen;
12115 gen_SEGV_if_not_64_aligned(addr);
12116
12117 DIP("%sxrstor %s\n", sz==8 ? "rex64/" : "", dis_buf);
12118
12119 /* VEX's caller is assumed to have checked this. */
12120 const ULong aSSUMED_XCR0_VALUE = 7;
12121
12122 IRTemp rfbm = newTemp(Ity_I64);
12123 assign(rfbm,
12124 binop(Iop_And64,
12125 binop(Iop_Or64,
12126 binop(Iop_Shl64,
12127 unop(Iop_32Uto64, getIRegRDX(4)), mkU8(32)),
12128 unop(Iop_32Uto64, getIRegRAX(4))),
12129 mkU64(aSSUMED_XCR0_VALUE)));
12130
12131 IRTemp xstate_bv = newTemp(Ity_I64);
12132 assign(xstate_bv, loadLE(Ity_I64,
12133 binop(Iop_Add64, mkexpr(addr), mkU64(512+0))));
12134
12135 IRTemp xcomp_bv = newTemp(Ity_I64);
12136 assign(xcomp_bv, loadLE(Ity_I64,
12137 binop(Iop_Add64, mkexpr(addr), mkU64(512+8))));
12138
12139 IRTemp xsavehdr_23_16 = newTemp(Ity_I64);
12140 assign( xsavehdr_23_16,
12141 loadLE(Ity_I64,
12142 binop(Iop_Add64, mkexpr(addr), mkU64(512+16))));
12143
12144 /* We must fault if
12145 * xcomp_bv[63] == 1, since this simulated CPU does not support
12146 the compaction extension.
12147 * xstate_bv sets a bit outside of XCR0 (which we assume to be 7).
12148 * any of the xsave header bytes 23 .. 8 are nonzero. This seems to
12149 imply that xcomp_bv must be zero.
12150 xcomp_bv is header bytes 15 .. 8 and xstate_bv is header bytes 7 .. 0
12151 */
12152 IRTemp fault_if_nonzero = newTemp(Ity_I64);
12153 assign(fault_if_nonzero,
12154 binop(Iop_Or64,
12155 binop(Iop_And64, mkexpr(xstate_bv), mkU64(~aSSUMED_XCR0_VALUE)),
12156 binop(Iop_Or64, mkexpr(xcomp_bv), mkexpr(xsavehdr_23_16))));
12157 stmt( IRStmt_Exit(binop(Iop_CmpNE64, mkexpr(fault_if_nonzero), mkU64(0)),
12158 Ijk_SigSEGV,
12159 IRConst_U64(guest_RIP_curr_instr),
12160 OFFB_RIP
12161 ));
12162
12163 /* We are guaranteed now that both xstate_bv and rfbm are in the
12164 range 0 .. 7. Generate the restore sequence proper. */
12165 gen_XRSTOR_SEQUENCE(addr, xstate_bv, rfbm);
12166
12167 return delta;
12168 }
12169
12170
12171 static Long dis_FXRSTOR ( const VexAbiInfo* vbi,
12172 Prefix pfx, Long delta, Int sz )
12173 {
12174 /* As with FXSAVE above we ignore the value of REX.W since we're
12175 not bothering with the FPU DP and IP fields. */
12176 IRTemp addr = IRTemp_INVALID;
12177 Int alen = 0;
12178 HChar dis_buf[50];
12179 UChar modrm = getUChar(delta);
12180 vassert(!epartIsReg(modrm)); /* ensured by caller */
12181 vassert(sz == 4 || sz == 8); /* ditto */
12182
12183 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12184 delta += alen;
12185 gen_SEGV_if_not_16_aligned(addr);
12186
12187 DIP("%sfxrstor %s\n", sz==8 ? "rex64/" : "", dis_buf);
12188
12189 /* FXRSTOR is just XRSTOR with components 0 and 1 selected and also
12190 as if components 0 and 1 are set as present in XSTATE_BV in the
12191 XSAVE header. Set both rfbm and xstate_bv to 0b011 therefore,
12192 generate the XRSTOR sequence accordingly, and let iropt fold out
12193 the unused (AVX) parts accordingly. */
12194 IRTemp three = newTemp(Ity_I64);
12195 assign(three, mkU64(3));
12196 gen_XRSTOR_SEQUENCE(addr, three/*xstate_bv*/, three/*rfbm*/);
12197
12198 return delta;
12199 }
12200
12201
12202 static IRTemp math_PINSRW_128 ( IRTemp v128, IRTemp u16, UInt imm8 )
12203 {
12204 vassert(imm8 >= 0 && imm8 <= 7);
12205
12206 // Create a V128 value which has the selected word in the
12207 // specified lane, and zeroes everywhere else.
12208 IRTemp tmp128 = newTemp(Ity_V128);
12209 IRTemp halfshift = newTemp(Ity_I64);
12210 assign(halfshift, binop(Iop_Shl64,
12211 unop(Iop_16Uto64, mkexpr(u16)),
12212 mkU8(16 * (imm8 & 3))));
12213 if (imm8 < 4) {
12214 assign(tmp128, binop(Iop_64HLtoV128, mkU64(0), mkexpr(halfshift)));
12215 } else {
12216 assign(tmp128, binop(Iop_64HLtoV128, mkexpr(halfshift), mkU64(0)));
12217 }
12218
12219 UShort mask = ~(3 << (imm8 * 2));
12220 IRTemp res = newTemp(Ity_V128);
12221 assign( res, binop(Iop_OrV128,
12222 mkexpr(tmp128),
12223 binop(Iop_AndV128, mkexpr(v128), mkV128(mask))) );
12224 return res;
12225 }
12226
12227
12228 static IRTemp math_PSADBW_128 ( IRTemp dV, IRTemp sV )
12229 {
12230 IRTemp s1, s0, d1, d0;
12231 s1 = s0 = d1 = d0 = IRTemp_INVALID;
12232
12233 breakupV128to64s( sV, &s1, &s0 );
12234 breakupV128to64s( dV, &d1, &d0 );
12235
12236 IRTemp res = newTemp(Ity_V128);
12237 assign( res,
12238 binop(Iop_64HLtoV128,
12239 mkIRExprCCall(Ity_I64, 0/*regparms*/,
12240 "amd64g_calculate_mmx_psadbw",
12241 &amd64g_calculate_mmx_psadbw,
12242 mkIRExprVec_2( mkexpr(s1), mkexpr(d1))),
12243 mkIRExprCCall(Ity_I64, 0/*regparms*/,
12244 "amd64g_calculate_mmx_psadbw",
12245 &amd64g_calculate_mmx_psadbw,
12246 mkIRExprVec_2( mkexpr(s0), mkexpr(d0)))) );
12247 return res;
12248 }
12249
12250
12251 static IRTemp math_PSADBW_256 ( IRTemp dV, IRTemp sV )
12252 {
12253 IRTemp sHi, sLo, dHi, dLo;
12254 sHi = sLo = dHi = dLo = IRTemp_INVALID;
12255 breakupV256toV128s( dV, &dHi, &dLo);
12256 breakupV256toV128s( sV, &sHi, &sLo);
12257 IRTemp res = newTemp(Ity_V256);
12258 assign(res, binop(Iop_V128HLtoV256,
12259 mkexpr(math_PSADBW_128(dHi, sHi)),
12260 mkexpr(math_PSADBW_128(dLo, sLo))));
12261 return res;
12262 }
12263
12264
12265 static Long dis_MASKMOVDQU ( const VexAbiInfo* vbi, Prefix pfx,
12266 Long delta, Bool isAvx )
12267 {
12268 IRTemp regD = newTemp(Ity_V128);
12269 IRTemp mask = newTemp(Ity_V128);
12270 IRTemp olddata = newTemp(Ity_V128);
12271 IRTemp newdata = newTemp(Ity_V128);
12272 IRTemp addr = newTemp(Ity_I64);
12273 UChar modrm = getUChar(delta);
12274 UInt rG = gregOfRexRM(pfx,modrm);
12275 UInt rE = eregOfRexRM(pfx,modrm);
12276
12277 assign( addr, handleAddrOverrides( vbi, pfx, getIReg64(R_RDI) ));
12278 assign( regD, getXMMReg( rG ));
12279
12280 /* Unfortunately can't do the obvious thing with SarN8x16
12281 here since that can't be re-emitted as SSE2 code - no such
12282 insn. */
12283 assign( mask,
12284 binop(Iop_64HLtoV128,
12285 binop(Iop_SarN8x8,
12286 getXMMRegLane64( eregOfRexRM(pfx,modrm), 1 ),
12287 mkU8(7) ),
12288 binop(Iop_SarN8x8,
12289 getXMMRegLane64( eregOfRexRM(pfx,modrm), 0 ),
12290 mkU8(7) ) ));
12291 assign( olddata, loadLE( Ity_V128, mkexpr(addr) ));
12292 assign( newdata, binop(Iop_OrV128,
12293 binop(Iop_AndV128,
12294 mkexpr(regD),
12295 mkexpr(mask) ),
12296 binop(Iop_AndV128,
12297 mkexpr(olddata),
12298 unop(Iop_NotV128, mkexpr(mask)))) );
12299 storeLE( mkexpr(addr), mkexpr(newdata) );
12300
12301 delta += 1;
12302 DIP("%smaskmovdqu %s,%s\n", isAvx ? "v" : "",
12303 nameXMMReg(rE), nameXMMReg(rG) );
12304 return delta;
12305 }
12306
12307
12308 static Long dis_MOVMSKPS_128 ( const VexAbiInfo* vbi, Prefix pfx,
12309 Long delta, Bool isAvx )
12310 {
12311 UChar modrm = getUChar(delta);
12312 UInt rG = gregOfRexRM(pfx,modrm);
12313 UInt rE = eregOfRexRM(pfx,modrm);
12314 IRTemp t0 = newTemp(Ity_I32);
12315 IRTemp t1 = newTemp(Ity_I32);
12316 IRTemp t2 = newTemp(Ity_I32);
12317 IRTemp t3 = newTemp(Ity_I32);
12318 delta += 1;
12319 assign( t0, binop( Iop_And32,
12320 binop(Iop_Shr32, getXMMRegLane32(rE,0), mkU8(31)),
12321 mkU32(1) ));
12322 assign( t1, binop( Iop_And32,
12323 binop(Iop_Shr32, getXMMRegLane32(rE,1), mkU8(30)),
12324 mkU32(2) ));
12325 assign( t2, binop( Iop_And32,
12326 binop(Iop_Shr32, getXMMRegLane32(rE,2), mkU8(29)),
12327 mkU32(4) ));
12328 assign( t3, binop( Iop_And32,
12329 binop(Iop_Shr32, getXMMRegLane32(rE,3), mkU8(28)),
12330 mkU32(8) ));
12331 putIReg32( rG, binop(Iop_Or32,
12332 binop(Iop_Or32, mkexpr(t0), mkexpr(t1)),
12333 binop(Iop_Or32, mkexpr(t2), mkexpr(t3)) ) );
12334 DIP("%smovmskps %s,%s\n", isAvx ? "v" : "",
12335 nameXMMReg(rE), nameIReg32(rG));
12336 return delta;
12337 }
12338
12339
12340 static Long dis_MOVMSKPS_256 ( const VexAbiInfo* vbi, Prefix pfx, Long delta )
12341 {
12342 UChar modrm = getUChar(delta);
12343 UInt rG = gregOfRexRM(pfx,modrm);
12344 UInt rE = eregOfRexRM(pfx,modrm);
12345 IRTemp t0 = newTemp(Ity_I32);
12346 IRTemp t1 = newTemp(Ity_I32);
12347 IRTemp t2 = newTemp(Ity_I32);
12348 IRTemp t3 = newTemp(Ity_I32);
12349 IRTemp t4 = newTemp(Ity_I32);
12350 IRTemp t5 = newTemp(Ity_I32);
12351 IRTemp t6 = newTemp(Ity_I32);
12352 IRTemp t7 = newTemp(Ity_I32);
12353 delta += 1;
12354 assign( t0, binop( Iop_And32,
12355 binop(Iop_Shr32, getYMMRegLane32(rE,0), mkU8(31)),
12356 mkU32(1) ));
12357 assign( t1, binop( Iop_And32,
12358 binop(Iop_Shr32, getYMMRegLane32(rE,1), mkU8(30)),
12359 mkU32(2) ));
12360 assign( t2, binop( Iop_And32,
12361 binop(Iop_Shr32, getYMMRegLane32(rE,2), mkU8(29)),
12362 mkU32(4) ));
12363 assign( t3, binop( Iop_And32,
12364 binop(Iop_Shr32, getYMMRegLane32(rE,3), mkU8(28)),
12365 mkU32(8) ));
12366 assign( t4, binop( Iop_And32,
12367 binop(Iop_Shr32, getYMMRegLane32(rE,4), mkU8(27)),
12368 mkU32(16) ));
12369 assign( t5, binop( Iop_And32,
12370 binop(Iop_Shr32, getYMMRegLane32(rE,5), mkU8(26)),
12371 mkU32(32) ));
12372 assign( t6, binop( Iop_And32,
12373 binop(Iop_Shr32, getYMMRegLane32(rE,6), mkU8(25)),
12374 mkU32(64) ));
12375 assign( t7, binop( Iop_And32,
12376 binop(Iop_Shr32, getYMMRegLane32(rE,7), mkU8(24)),
12377 mkU32(128) ));
12378 putIReg32( rG, binop(Iop_Or32,
12379 binop(Iop_Or32,
12380 binop(Iop_Or32, mkexpr(t0), mkexpr(t1)),
12381 binop(Iop_Or32, mkexpr(t2), mkexpr(t3)) ),
12382 binop(Iop_Or32,
12383 binop(Iop_Or32, mkexpr(t4), mkexpr(t5)),
12384 binop(Iop_Or32, mkexpr(t6), mkexpr(t7)) ) ) );
12385 DIP("vmovmskps %s,%s\n", nameYMMReg(rE), nameIReg32(rG));
12386 return delta;
12387 }
12388
12389
12390 static Long dis_MOVMSKPD_128 ( const VexAbiInfo* vbi, Prefix pfx,
12391 Long delta, Bool isAvx )
12392 {
12393 UChar modrm = getUChar(delta);
12394 UInt rG = gregOfRexRM(pfx,modrm);
12395 UInt rE = eregOfRexRM(pfx,modrm);
12396 IRTemp t0 = newTemp(Ity_I32);
12397 IRTemp t1 = newTemp(Ity_I32);
12398 delta += 1;
12399 assign( t0, binop( Iop_And32,
12400 binop(Iop_Shr32, getXMMRegLane32(rE,1), mkU8(31)),
12401 mkU32(1) ));
12402 assign( t1, binop( Iop_And32,
12403 binop(Iop_Shr32, getXMMRegLane32(rE,3), mkU8(30)),
12404 mkU32(2) ));
12405 putIReg32( rG, binop(Iop_Or32, mkexpr(t0), mkexpr(t1) ) );
12406 DIP("%smovmskpd %s,%s\n", isAvx ? "v" : "",
12407 nameXMMReg(rE), nameIReg32(rG));
12408 return delta;
12409 }
12410
12411
12412 static Long dis_MOVMSKPD_256 ( const VexAbiInfo* vbi, Prefix pfx, Long delta )
12413 {
12414 UChar modrm = getUChar(delta);
12415 UInt rG = gregOfRexRM(pfx,modrm);
12416 UInt rE = eregOfRexRM(pfx,modrm);
12417 IRTemp t0 = newTemp(Ity_I32);
12418 IRTemp t1 = newTemp(Ity_I32);
12419 IRTemp t2 = newTemp(Ity_I32);
12420 IRTemp t3 = newTemp(Ity_I32);
12421 delta += 1;
12422 assign( t0, binop( Iop_And32,
12423 binop(Iop_Shr32, getYMMRegLane32(rE,1), mkU8(31)),
12424 mkU32(1) ));
12425 assign( t1, binop( Iop_And32,
12426 binop(Iop_Shr32, getYMMRegLane32(rE,3), mkU8(30)),
12427 mkU32(2) ));
12428 assign( t2, binop( Iop_And32,
12429 binop(Iop_Shr32, getYMMRegLane32(rE,5), mkU8(29)),
12430 mkU32(4) ));
12431 assign( t3, binop( Iop_And32,
12432 binop(Iop_Shr32, getYMMRegLane32(rE,7), mkU8(28)),
12433 mkU32(8) ));
12434 putIReg32( rG, binop(Iop_Or32,
12435 binop(Iop_Or32, mkexpr(t0), mkexpr(t1)),
12436 binop(Iop_Or32, mkexpr(t2), mkexpr(t3)) ) );
12437 DIP("vmovmskps %s,%s\n", nameYMMReg(rE), nameIReg32(rG));
12438 return delta;
12439 }
12440
12441
12442 /* Note, this also handles SSE(1) insns. */
12443 __attribute__((noinline))
12444 static
12445 Long dis_ESC_0F__SSE2 ( Bool* decode_OK,
12446 const VexArchInfo* archinfo,
12447 const VexAbiInfo* vbi,
12448 Prefix pfx, Int sz, Long deltaIN,
12449 DisResult* dres )
12450 {
12451 IRTemp addr = IRTemp_INVALID;
12452 IRTemp t0 = IRTemp_INVALID;
12453 IRTemp t1 = IRTemp_INVALID;
12454 IRTemp t2 = IRTemp_INVALID;
12455 IRTemp t3 = IRTemp_INVALID;
12456 IRTemp t4 = IRTemp_INVALID;
12457 IRTemp t5 = IRTemp_INVALID;
12458 IRTemp t6 = IRTemp_INVALID;
12459 UChar modrm = 0;
12460 Int alen = 0;
12461 HChar dis_buf[50];
12462
12463 *decode_OK = False;
12464
12465 Long delta = deltaIN;
12466 UChar opc = getUChar(delta);
12467 delta++;
12468 switch (opc) {
12469
12470 case 0x10:
12471 if (have66noF2noF3(pfx)
12472 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
12473 /* 66 0F 10 = MOVUPD -- move from E (mem or xmm) to G (xmm). */
12474 modrm = getUChar(delta);
12475 if (epartIsReg(modrm)) {
12476 putXMMReg( gregOfRexRM(pfx,modrm),
12477 getXMMReg( eregOfRexRM(pfx,modrm) ));
12478 DIP("movupd %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
12479 nameXMMReg(gregOfRexRM(pfx,modrm)));
12480 delta += 1;
12481 } else {
12482 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12483 putXMMReg( gregOfRexRM(pfx,modrm),
12484 loadLE(Ity_V128, mkexpr(addr)) );
12485 DIP("movupd %s,%s\n", dis_buf,
12486 nameXMMReg(gregOfRexRM(pfx,modrm)));
12487 delta += alen;
12488 }
12489 goto decode_success;
12490 }
12491 /* F2 0F 10 = MOVSD -- move 64 bits from E (mem or lo half xmm) to
12492 G (lo half xmm). If E is mem, upper half of G is zeroed out.
12493 If E is reg, upper half of G is unchanged. */
12494 if (haveF2no66noF3(pfx)
12495 && (sz == 4 || /* ignore redundant REX.W */ sz == 8) ) {
12496 modrm = getUChar(delta);
12497 if (epartIsReg(modrm)) {
12498 putXMMRegLane64( gregOfRexRM(pfx,modrm), 0,
12499 getXMMRegLane64( eregOfRexRM(pfx,modrm), 0 ));
12500 DIP("movsd %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
12501 nameXMMReg(gregOfRexRM(pfx,modrm)));
12502 delta += 1;
12503 } else {
12504 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12505 putXMMReg( gregOfRexRM(pfx,modrm), mkV128(0) );
12506 putXMMRegLane64( gregOfRexRM(pfx,modrm), 0,
12507 loadLE(Ity_I64, mkexpr(addr)) );
12508 DIP("movsd %s,%s\n", dis_buf,
12509 nameXMMReg(gregOfRexRM(pfx,modrm)));
12510 delta += alen;
12511 }
12512 goto decode_success;
12513 }
12514 /* F3 0F 10 = MOVSS -- move 32 bits from E (mem or lo 1/4 xmm) to G
12515 (lo 1/4 xmm). If E is mem, upper 3/4 of G is zeroed out. */
12516 if (haveF3no66noF2(pfx)
12517 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
12518 modrm = getUChar(delta);
12519 if (epartIsReg(modrm)) {
12520 putXMMRegLane32( gregOfRexRM(pfx,modrm), 0,
12521 getXMMRegLane32( eregOfRexRM(pfx,modrm), 0 ));
12522 DIP("movss %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
12523 nameXMMReg(gregOfRexRM(pfx,modrm)));
12524 delta += 1;
12525 } else {
12526 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12527 putXMMReg( gregOfRexRM(pfx,modrm), mkV128(0) );
12528 putXMMRegLane32( gregOfRexRM(pfx,modrm), 0,
12529 loadLE(Ity_I32, mkexpr(addr)) );
12530 DIP("movss %s,%s\n", dis_buf,
12531 nameXMMReg(gregOfRexRM(pfx,modrm)));
12532 delta += alen;
12533 }
12534 goto decode_success;
12535 }
12536 /* 0F 10 = MOVUPS -- move from E (mem or xmm) to G (xmm). */
12537 if (haveNo66noF2noF3(pfx)
12538 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
12539 modrm = getUChar(delta);
12540 if (epartIsReg(modrm)) {
12541 putXMMReg( gregOfRexRM(pfx,modrm),
12542 getXMMReg( eregOfRexRM(pfx,modrm) ));
12543 DIP("movups %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
12544 nameXMMReg(gregOfRexRM(pfx,modrm)));
12545 delta += 1;
12546 } else {
12547 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12548 putXMMReg( gregOfRexRM(pfx,modrm),
12549 loadLE(Ity_V128, mkexpr(addr)) );
12550 DIP("movups %s,%s\n", dis_buf,
12551 nameXMMReg(gregOfRexRM(pfx,modrm)));
12552 delta += alen;
12553 }
12554 goto decode_success;
12555 }
12556 break;
12557
12558 case 0x11:
12559 /* F2 0F 11 = MOVSD -- move 64 bits from G (lo half xmm) to E (mem
12560 or lo half xmm). */
12561 if (haveF2no66noF3(pfx)
12562 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
12563 modrm = getUChar(delta);
12564 if (epartIsReg(modrm)) {
12565 putXMMRegLane64( eregOfRexRM(pfx,modrm), 0,
12566 getXMMRegLane64( gregOfRexRM(pfx,modrm), 0 ));
12567 DIP("movsd %s,%s\n", nameXMMReg(gregOfRexRM(pfx,modrm)),
12568 nameXMMReg(eregOfRexRM(pfx,modrm)));
12569 delta += 1;
12570 } else {
12571 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12572 storeLE( mkexpr(addr),
12573 getXMMRegLane64(gregOfRexRM(pfx,modrm), 0) );
12574 DIP("movsd %s,%s\n", nameXMMReg(gregOfRexRM(pfx,modrm)),
12575 dis_buf);
12576 delta += alen;
12577 }
12578 goto decode_success;
12579 }
12580 /* F3 0F 11 = MOVSS -- move 32 bits from G (lo 1/4 xmm) to E (mem
12581 or lo 1/4 xmm). */
12582 if (haveF3no66noF2(pfx) && sz == 4) {
12583 modrm = getUChar(delta);
12584 if (epartIsReg(modrm)) {
12585 /* fall through, we don't yet have a test case */
12586 } else {
12587 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12588 storeLE( mkexpr(addr),
12589 getXMMRegLane32(gregOfRexRM(pfx,modrm), 0) );
12590 DIP("movss %s,%s\n", nameXMMReg(gregOfRexRM(pfx,modrm)),
12591 dis_buf);
12592 delta += alen;
12593 goto decode_success;
12594 }
12595 }
12596 /* 66 0F 11 = MOVUPD -- move from G (xmm) to E (mem or xmm). */
12597 if (have66noF2noF3(pfx)
12598 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
12599 modrm = getUChar(delta);
12600 if (epartIsReg(modrm)) {
12601 putXMMReg( eregOfRexRM(pfx,modrm),
12602 getXMMReg( gregOfRexRM(pfx,modrm) ) );
12603 DIP("movupd %s,%s\n", nameXMMReg(gregOfRexRM(pfx,modrm)),
12604 nameXMMReg(eregOfRexRM(pfx,modrm)));
12605 delta += 1;
12606 } else {
12607 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12608 storeLE( mkexpr(addr), getXMMReg(gregOfRexRM(pfx,modrm)) );
12609 DIP("movupd %s,%s\n", nameXMMReg(gregOfRexRM(pfx,modrm)),
12610 dis_buf );
12611 delta += alen;
12612 }
12613 goto decode_success;
12614 }
12615 /* 0F 11 = MOVUPS -- move from G (xmm) to E (mem or xmm). */
12616 if (haveNo66noF2noF3(pfx)
12617 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
12618 modrm = getUChar(delta);
12619 if (epartIsReg(modrm)) {
12620 /* fall through; awaiting test case */
12621 } else {
12622 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12623 storeLE( mkexpr(addr), getXMMReg(gregOfRexRM(pfx,modrm)) );
12624 DIP("movups %s,%s\n", nameXMMReg(gregOfRexRM(pfx,modrm)),
12625 dis_buf );
12626 delta += alen;
12627 goto decode_success;
12628 }
12629 }
12630 break;
12631
12632 case 0x12:
12633 /* 66 0F 12 = MOVLPD -- move from mem to low half of XMM. */
12634 /* Identical to MOVLPS ? */
12635 if (have66noF2noF3(pfx)
12636 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
12637 modrm = getUChar(delta);
12638 if (epartIsReg(modrm)) {
12639 /* fall through; apparently reg-reg is not possible */
12640 } else {
12641 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12642 delta += alen;
12643 putXMMRegLane64( gregOfRexRM(pfx,modrm),
12644 0/*lower lane*/,
12645 loadLE(Ity_I64, mkexpr(addr)) );
12646 DIP("movlpd %s, %s\n",
12647 dis_buf, nameXMMReg( gregOfRexRM(pfx,modrm) ));
12648 goto decode_success;
12649 }
12650 }
12651 /* 0F 12 = MOVLPS -- move from mem to low half of XMM. */
12652 /* OF 12 = MOVHLPS -- from from hi half to lo half of XMM. */
12653 if (haveNo66noF2noF3(pfx)
12654 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
12655 modrm = getUChar(delta);
12656 if (epartIsReg(modrm)) {
12657 delta += 1;
12658 putXMMRegLane64( gregOfRexRM(pfx,modrm),
12659 0/*lower lane*/,
12660 getXMMRegLane64( eregOfRexRM(pfx,modrm), 1 ));
12661 DIP("movhlps %s, %s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
12662 nameXMMReg(gregOfRexRM(pfx,modrm)));
12663 } else {
12664 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12665 delta += alen;
12666 putXMMRegLane64( gregOfRexRM(pfx,modrm), 0/*lower lane*/,
12667 loadLE(Ity_I64, mkexpr(addr)) );
12668 DIP("movlps %s, %s\n",
12669 dis_buf, nameXMMReg( gregOfRexRM(pfx,modrm) ));
12670 }
12671 goto decode_success;
12672 }
12673 break;
12674
12675 case 0x13:
12676 /* 0F 13 = MOVLPS -- move from low half of XMM to mem. */
12677 if (haveNo66noF2noF3(pfx)
12678 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
12679 modrm = getUChar(delta);
12680 if (!epartIsReg(modrm)) {
12681 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12682 delta += alen;
12683 storeLE( mkexpr(addr),
12684 getXMMRegLane64( gregOfRexRM(pfx,modrm),
12685 0/*lower lane*/ ) );
12686 DIP("movlps %s, %s\n", nameXMMReg( gregOfRexRM(pfx,modrm) ),
12687 dis_buf);
12688 goto decode_success;
12689 }
12690 /* else fall through */
12691 }
12692 /* 66 0F 13 = MOVLPD -- move from low half of XMM to mem. */
12693 /* Identical to MOVLPS ? */
12694 if (have66noF2noF3(pfx)
12695 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
12696 modrm = getUChar(delta);
12697 if (!epartIsReg(modrm)) {
12698 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12699 delta += alen;
12700 storeLE( mkexpr(addr),
12701 getXMMRegLane64( gregOfRexRM(pfx,modrm),
12702 0/*lower lane*/ ) );
12703 DIP("movlpd %s, %s\n", nameXMMReg( gregOfRexRM(pfx,modrm) ),
12704 dis_buf);
12705 goto decode_success;
12706 }
12707 /* else fall through */
12708 }
12709 break;
12710
12711 case 0x14:
12712 case 0x15:
12713 /* 0F 14 = UNPCKLPS -- unpack and interleave low part F32s */
12714 /* 0F 15 = UNPCKHPS -- unpack and interleave high part F32s */
12715 /* These just appear to be special cases of SHUFPS */
12716 if (haveNo66noF2noF3(pfx) && sz == 4) {
12717 Bool hi = toBool(opc == 0x15);
12718 IRTemp sV = newTemp(Ity_V128);
12719 IRTemp dV = newTemp(Ity_V128);
12720 modrm = getUChar(delta);
12721 UInt rG = gregOfRexRM(pfx,modrm);
12722 assign( dV, getXMMReg(rG) );
12723 if (epartIsReg(modrm)) {
12724 UInt rE = eregOfRexRM(pfx,modrm);
12725 assign( sV, getXMMReg(rE) );
12726 delta += 1;
12727 DIP("unpck%sps %s,%s\n", hi ? "h" : "l",
12728 nameXMMReg(rE), nameXMMReg(rG));
12729 } else {
12730 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12731 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
12732 delta += alen;
12733 DIP("unpck%sps %s,%s\n", hi ? "h" : "l",
12734 dis_buf, nameXMMReg(rG));
12735 }
12736 IRTemp res = math_UNPCKxPS_128( sV, dV, hi );
12737 putXMMReg( rG, mkexpr(res) );
12738 goto decode_success;
12739 }
12740 /* 66 0F 15 = UNPCKHPD -- unpack and interleave high part F64s */
12741 /* 66 0F 14 = UNPCKLPD -- unpack and interleave low part F64s */
12742 /* These just appear to be special cases of SHUFPS */
12743 if (have66noF2noF3(pfx)
12744 && sz == 2 /* could be 8 if rex also present */) {
12745 Bool hi = toBool(opc == 0x15);
12746 IRTemp sV = newTemp(Ity_V128);
12747 IRTemp dV = newTemp(Ity_V128);
12748 modrm = getUChar(delta);
12749 UInt rG = gregOfRexRM(pfx,modrm);
12750 assign( dV, getXMMReg(rG) );
12751 if (epartIsReg(modrm)) {
12752 UInt rE = eregOfRexRM(pfx,modrm);
12753 assign( sV, getXMMReg(rE) );
12754 delta += 1;
12755 DIP("unpck%sps %s,%s\n", hi ? "h" : "l",
12756 nameXMMReg(rE), nameXMMReg(rG));
12757 } else {
12758 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12759 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
12760 delta += alen;
12761 DIP("unpck%sps %s,%s\n", hi ? "h" : "l",
12762 dis_buf, nameXMMReg(rG));
12763 }
12764 IRTemp res = math_UNPCKxPD_128( sV, dV, hi );
12765 putXMMReg( rG, mkexpr(res) );
12766 goto decode_success;
12767 }
12768 break;
12769
12770 case 0x16:
12771 /* 66 0F 16 = MOVHPD -- move from mem to high half of XMM. */
12772 /* These seems identical to MOVHPS. This instruction encoding is
12773 completely crazy. */
12774 if (have66noF2noF3(pfx)
12775 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
12776 modrm = getUChar(delta);
12777 if (epartIsReg(modrm)) {
12778 /* fall through; apparently reg-reg is not possible */
12779 } else {
12780 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12781 delta += alen;
12782 putXMMRegLane64( gregOfRexRM(pfx,modrm), 1/*upper lane*/,
12783 loadLE(Ity_I64, mkexpr(addr)) );
12784 DIP("movhpd %s,%s\n", dis_buf,
12785 nameXMMReg( gregOfRexRM(pfx,modrm) ));
12786 goto decode_success;
12787 }
12788 }
12789 /* 0F 16 = MOVHPS -- move from mem to high half of XMM. */
12790 /* 0F 16 = MOVLHPS -- move from lo half to hi half of XMM. */
12791 if (haveNo66noF2noF3(pfx)
12792 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
12793 modrm = getUChar(delta);
12794 if (epartIsReg(modrm)) {
12795 delta += 1;
12796 putXMMRegLane64( gregOfRexRM(pfx,modrm), 1/*upper lane*/,
12797 getXMMRegLane64( eregOfRexRM(pfx,modrm), 0 ) );
12798 DIP("movhps %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
12799 nameXMMReg(gregOfRexRM(pfx,modrm)));
12800 } else {
12801 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12802 delta += alen;
12803 putXMMRegLane64( gregOfRexRM(pfx,modrm), 1/*upper lane*/,
12804 loadLE(Ity_I64, mkexpr(addr)) );
12805 DIP("movhps %s,%s\n", dis_buf,
12806 nameXMMReg( gregOfRexRM(pfx,modrm) ));
12807 }
12808 goto decode_success;
12809 }
12810 break;
12811
12812 case 0x17:
12813 /* 0F 17 = MOVHPS -- move from high half of XMM to mem. */
12814 if (haveNo66noF2noF3(pfx)
12815 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
12816 modrm = getUChar(delta);
12817 if (!epartIsReg(modrm)) {
12818 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12819 delta += alen;
12820 storeLE( mkexpr(addr),
12821 getXMMRegLane64( gregOfRexRM(pfx,modrm),
12822 1/*upper lane*/ ) );
12823 DIP("movhps %s,%s\n", nameXMMReg( gregOfRexRM(pfx,modrm) ),
12824 dis_buf);
12825 goto decode_success;
12826 }
12827 /* else fall through */
12828 }
12829 /* 66 0F 17 = MOVHPD -- move from high half of XMM to mem. */
12830 /* Again, this seems identical to MOVHPS. */
12831 if (have66noF2noF3(pfx)
12832 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
12833 modrm = getUChar(delta);
12834 if (!epartIsReg(modrm)) {
12835 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12836 delta += alen;
12837 storeLE( mkexpr(addr),
12838 getXMMRegLane64( gregOfRexRM(pfx,modrm),
12839 1/*upper lane*/ ) );
12840 DIP("movhpd %s,%s\n", nameXMMReg( gregOfRexRM(pfx,modrm) ),
12841 dis_buf);
12842 goto decode_success;
12843 }
12844 /* else fall through */
12845 }
12846 break;
12847
12848 case 0x18:
12849 /* 0F 18 /0 = PREFETCHNTA -- prefetch into caches, */
12850 /* 0F 18 /1 = PREFETCH0 -- with various different hints */
12851 /* 0F 18 /2 = PREFETCH1 */
12852 /* 0F 18 /3 = PREFETCH2 */
12853 if (haveNo66noF2noF3(pfx)
12854 && !epartIsReg(getUChar(delta))
12855 && gregLO3ofRM(getUChar(delta)) >= 0
12856 && gregLO3ofRM(getUChar(delta)) <= 3) {
12857 const HChar* hintstr = "??";
12858
12859 modrm = getUChar(delta);
12860 vassert(!epartIsReg(modrm));
12861
12862 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12863 delta += alen;
12864
12865 switch (gregLO3ofRM(modrm)) {
12866 case 0: hintstr = "nta"; break;
12867 case 1: hintstr = "t0"; break;
12868 case 2: hintstr = "t1"; break;
12869 case 3: hintstr = "t2"; break;
12870 default: vassert(0);
12871 }
12872
12873 DIP("prefetch%s %s\n", hintstr, dis_buf);
12874 goto decode_success;
12875 }
12876 break;
12877
12878 case 0x28:
12879 /* 66 0F 28 = MOVAPD -- move from E (mem or xmm) to G (xmm). */
12880 if (have66noF2noF3(pfx)
12881 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
12882 modrm = getUChar(delta);
12883 if (epartIsReg(modrm)) {
12884 putXMMReg( gregOfRexRM(pfx,modrm),
12885 getXMMReg( eregOfRexRM(pfx,modrm) ));
12886 DIP("movapd %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
12887 nameXMMReg(gregOfRexRM(pfx,modrm)));
12888 delta += 1;
12889 } else {
12890 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12891 gen_SEGV_if_not_16_aligned( addr );
12892 putXMMReg( gregOfRexRM(pfx,modrm),
12893 loadLE(Ity_V128, mkexpr(addr)) );
12894 DIP("movapd %s,%s\n", dis_buf,
12895 nameXMMReg(gregOfRexRM(pfx,modrm)));
12896 delta += alen;
12897 }
12898 goto decode_success;
12899 }
12900 /* 0F 28 = MOVAPS -- move from E (mem or xmm) to G (xmm). */
12901 if (haveNo66noF2noF3(pfx)
12902 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
12903 modrm = getUChar(delta);
12904 if (epartIsReg(modrm)) {
12905 putXMMReg( gregOfRexRM(pfx,modrm),
12906 getXMMReg( eregOfRexRM(pfx,modrm) ));
12907 DIP("movaps %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
12908 nameXMMReg(gregOfRexRM(pfx,modrm)));
12909 delta += 1;
12910 } else {
12911 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12912 gen_SEGV_if_not_16_aligned( addr );
12913 putXMMReg( gregOfRexRM(pfx,modrm),
12914 loadLE(Ity_V128, mkexpr(addr)) );
12915 DIP("movaps %s,%s\n", dis_buf,
12916 nameXMMReg(gregOfRexRM(pfx,modrm)));
12917 delta += alen;
12918 }
12919 goto decode_success;
12920 }
12921 break;
12922
12923 case 0x29:
12924 /* 0F 29 = MOVAPS -- move from G (xmm) to E (mem or xmm). */
12925 if (haveNo66noF2noF3(pfx)
12926 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
12927 modrm = getUChar(delta);
12928 if (epartIsReg(modrm)) {
12929 putXMMReg( eregOfRexRM(pfx,modrm),
12930 getXMMReg( gregOfRexRM(pfx,modrm) ));
12931 DIP("movaps %s,%s\n", nameXMMReg(gregOfRexRM(pfx,modrm)),
12932 nameXMMReg(eregOfRexRM(pfx,modrm)));
12933 delta += 1;
12934 } else {
12935 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12936 gen_SEGV_if_not_16_aligned( addr );
12937 storeLE( mkexpr(addr), getXMMReg(gregOfRexRM(pfx,modrm)) );
12938 DIP("movaps %s,%s\n", nameXMMReg(gregOfRexRM(pfx,modrm)),
12939 dis_buf );
12940 delta += alen;
12941 }
12942 goto decode_success;
12943 }
12944 /* 66 0F 29 = MOVAPD -- move from G (xmm) to E (mem or xmm). */
12945 if (have66noF2noF3(pfx)
12946 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
12947 modrm = getUChar(delta);
12948 if (epartIsReg(modrm)) {
12949 putXMMReg( eregOfRexRM(pfx,modrm),
12950 getXMMReg( gregOfRexRM(pfx,modrm) ) );
12951 DIP("movapd %s,%s\n", nameXMMReg(gregOfRexRM(pfx,modrm)),
12952 nameXMMReg(eregOfRexRM(pfx,modrm)));
12953 delta += 1;
12954 } else {
12955 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12956 gen_SEGV_if_not_16_aligned( addr );
12957 storeLE( mkexpr(addr), getXMMReg(gregOfRexRM(pfx,modrm)) );
12958 DIP("movapd %s,%s\n", nameXMMReg(gregOfRexRM(pfx,modrm)),
12959 dis_buf );
12960 delta += alen;
12961 }
12962 goto decode_success;
12963 }
12964 break;
12965
12966 case 0x2A:
12967 /* 0F 2A = CVTPI2PS -- convert 2 x I32 in mem/mmx to 2 x F32 in low
12968 half xmm */
12969 if (haveNo66noF2noF3(pfx) && sz == 4) {
12970 IRTemp arg64 = newTemp(Ity_I64);
12971 IRTemp rmode = newTemp(Ity_I32);
12972
12973 modrm = getUChar(delta);
12974 if (epartIsReg(modrm)) {
12975 /* Only switch to MMX mode if the source is a MMX register.
12976 See comments on CVTPI2PD for details. Fixes #357059. */
12977 do_MMX_preamble();
12978 assign( arg64, getMMXReg(eregLO3ofRM(modrm)) );
12979 delta += 1;
12980 DIP("cvtpi2ps %s,%s\n", nameMMXReg(eregLO3ofRM(modrm)),
12981 nameXMMReg(gregOfRexRM(pfx,modrm)));
12982 } else {
12983 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
12984 assign( arg64, loadLE(Ity_I64, mkexpr(addr)) );
12985 delta += alen;
12986 DIP("cvtpi2ps %s,%s\n", dis_buf,
12987 nameXMMReg(gregOfRexRM(pfx,modrm)) );
12988 }
12989
12990 assign( rmode, get_sse_roundingmode() );
12991
12992 putXMMRegLane32F(
12993 gregOfRexRM(pfx,modrm), 0,
12994 binop(Iop_F64toF32,
12995 mkexpr(rmode),
12996 unop(Iop_I32StoF64,
12997 unop(Iop_64to32, mkexpr(arg64)) )) );
12998
12999 putXMMRegLane32F(
13000 gregOfRexRM(pfx,modrm), 1,
13001 binop(Iop_F64toF32,
13002 mkexpr(rmode),
13003 unop(Iop_I32StoF64,
13004 unop(Iop_64HIto32, mkexpr(arg64)) )) );
13005
13006 goto decode_success;
13007 }
13008 /* F3 0F 2A = CVTSI2SS
13009 -- sz==4: convert I32 in mem/ireg to F32 in low quarter xmm
13010 -- sz==8: convert I64 in mem/ireg to F32 in low quarter xmm */
13011 if (haveF3no66noF2(pfx) && (sz == 4 || sz == 8)) {
13012 IRTemp rmode = newTemp(Ity_I32);
13013 assign( rmode, get_sse_roundingmode() );
13014 modrm = getUChar(delta);
13015 if (sz == 4) {
13016 IRTemp arg32 = newTemp(Ity_I32);
13017 if (epartIsReg(modrm)) {
13018 assign( arg32, getIReg32(eregOfRexRM(pfx,modrm)) );
13019 delta += 1;
13020 DIP("cvtsi2ss %s,%s\n", nameIReg32(eregOfRexRM(pfx,modrm)),
13021 nameXMMReg(gregOfRexRM(pfx,modrm)));
13022 } else {
13023 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
13024 assign( arg32, loadLE(Ity_I32, mkexpr(addr)) );
13025 delta += alen;
13026 DIP("cvtsi2ss %s,%s\n", dis_buf,
13027 nameXMMReg(gregOfRexRM(pfx,modrm)) );
13028 }
13029 putXMMRegLane32F(
13030 gregOfRexRM(pfx,modrm), 0,
13031 binop(Iop_F64toF32,
13032 mkexpr(rmode),
13033 unop(Iop_I32StoF64, mkexpr(arg32)) ) );
13034 } else {
13035 /* sz == 8 */
13036 IRTemp arg64 = newTemp(Ity_I64);
13037 if (epartIsReg(modrm)) {
13038 assign( arg64, getIReg64(eregOfRexRM(pfx,modrm)) );
13039 delta += 1;
13040 DIP("cvtsi2ssq %s,%s\n", nameIReg64(eregOfRexRM(pfx,modrm)),
13041 nameXMMReg(gregOfRexRM(pfx,modrm)));
13042 } else {
13043 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
13044 assign( arg64, loadLE(Ity_I64, mkexpr(addr)) );
13045 delta += alen;
13046 DIP("cvtsi2ssq %s,%s\n", dis_buf,
13047 nameXMMReg(gregOfRexRM(pfx,modrm)) );
13048 }
13049 putXMMRegLane32F(
13050 gregOfRexRM(pfx,modrm), 0,
13051 binop(Iop_F64toF32,
13052 mkexpr(rmode),
13053 binop(Iop_I64StoF64, mkexpr(rmode), mkexpr(arg64)) ) );
13054 }
13055 goto decode_success;
13056 }
13057 /* F2 0F 2A = CVTSI2SD
13058 when sz==4 -- convert I32 in mem/ireg to F64 in low half xmm
13059 when sz==8 -- convert I64 in mem/ireg to F64 in low half xmm
13060 */
13061 if (haveF2no66noF3(pfx) && (sz == 4 || sz == 8)) {
13062 modrm = getUChar(delta);
13063 if (sz == 4) {
13064 IRTemp arg32 = newTemp(Ity_I32);
13065 if (epartIsReg(modrm)) {
13066 assign( arg32, getIReg32(eregOfRexRM(pfx,modrm)) );
13067 delta += 1;
13068 DIP("cvtsi2sdl %s,%s\n", nameIReg32(eregOfRexRM(pfx,modrm)),
13069 nameXMMReg(gregOfRexRM(pfx,modrm)));
13070 } else {
13071 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
13072 assign( arg32, loadLE(Ity_I32, mkexpr(addr)) );
13073 delta += alen;
13074 DIP("cvtsi2sdl %s,%s\n", dis_buf,
13075 nameXMMReg(gregOfRexRM(pfx,modrm)) );
13076 }
13077 putXMMRegLane64F( gregOfRexRM(pfx,modrm), 0,
13078 unop(Iop_I32StoF64, mkexpr(arg32))
13079 );
13080 } else {
13081 /* sz == 8 */
13082 IRTemp arg64 = newTemp(Ity_I64);
13083 if (epartIsReg(modrm)) {
13084 assign( arg64, getIReg64(eregOfRexRM(pfx,modrm)) );
13085 delta += 1;
13086 DIP("cvtsi2sdq %s,%s\n", nameIReg64(eregOfRexRM(pfx,modrm)),
13087 nameXMMReg(gregOfRexRM(pfx,modrm)));
13088 } else {
13089 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
13090 assign( arg64, loadLE(Ity_I64, mkexpr(addr)) );
13091 delta += alen;
13092 DIP("cvtsi2sdq %s,%s\n", dis_buf,
13093 nameXMMReg(gregOfRexRM(pfx,modrm)) );
13094 }
13095 putXMMRegLane64F(
13096 gregOfRexRM(pfx,modrm),
13097 0,
13098 binop( Iop_I64StoF64,
13099 get_sse_roundingmode(),
13100 mkexpr(arg64)
13101 )
13102 );
13103 }
13104 goto decode_success;
13105 }
13106 /* 66 0F 2A = CVTPI2PD -- convert 2 x I32 in mem/mmx to 2 x F64 in
13107 xmm(G) */
13108 if (have66noF2noF3(pfx) && sz == 2) {
13109 IRTemp arg64 = newTemp(Ity_I64);
13110
13111 modrm = getUChar(delta);
13112 if (epartIsReg(modrm)) {
13113 /* Only switch to MMX mode if the source is a MMX register.
13114 This is inconsistent with all other instructions which
13115 convert between XMM and (M64 or MMX), which always switch
13116 to MMX mode even if 64-bit operand is M64 and not MMX. At
13117 least, that's what the Intel docs seem to me to say.
13118 Fixes #210264. */
13119 do_MMX_preamble();
13120 assign( arg64, getMMXReg(eregLO3ofRM(modrm)) );
13121 delta += 1;
13122 DIP("cvtpi2pd %s,%s\n", nameMMXReg(eregLO3ofRM(modrm)),
13123 nameXMMReg(gregOfRexRM(pfx,modrm)));
13124 } else {
13125 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
13126 assign( arg64, loadLE(Ity_I64, mkexpr(addr)) );
13127 delta += alen;
13128 DIP("cvtpi2pd %s,%s\n", dis_buf,
13129 nameXMMReg(gregOfRexRM(pfx,modrm)) );
13130 }
13131
13132 putXMMRegLane64F(
13133 gregOfRexRM(pfx,modrm), 0,
13134 unop(Iop_I32StoF64, unop(Iop_64to32, mkexpr(arg64)) )
13135 );
13136
13137 putXMMRegLane64F(
13138 gregOfRexRM(pfx,modrm), 1,
13139 unop(Iop_I32StoF64, unop(Iop_64HIto32, mkexpr(arg64)) )
13140 );
13141
13142 goto decode_success;
13143 }
13144 break;
13145
13146 case 0x2B:
13147 /* 66 0F 2B = MOVNTPD -- for us, just a plain SSE store. */
13148 /* 0F 2B = MOVNTPS -- for us, just a plain SSE store. */
13149 if ( (haveNo66noF2noF3(pfx) && sz == 4)
13150 || (have66noF2noF3(pfx) && sz == 2) ) {
13151 modrm = getUChar(delta);
13152 if (!epartIsReg(modrm)) {
13153 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
13154 gen_SEGV_if_not_16_aligned( addr );
13155 storeLE( mkexpr(addr), getXMMReg(gregOfRexRM(pfx,modrm)) );
13156 DIP("movntp%s %s,%s\n", sz==2 ? "d" : "s",
13157 dis_buf,
13158 nameXMMReg(gregOfRexRM(pfx,modrm)));
13159 delta += alen;
13160 goto decode_success;
13161 }
13162 /* else fall through */
13163 }
13164 break;
13165
13166 case 0x2C:
13167 case 0x2D:
13168 /* 0F 2D = CVTPS2PI -- convert 2 x F32 in mem/low half xmm to 2 x
13169 I32 in mmx, according to prevailing SSE rounding mode */
13170 /* 0F 2C = CVTTPS2PI -- convert 2 x F32 in mem/low half xmm to 2 x
13171 I32 in mmx, rounding towards zero */
13172 if (haveNo66noF2noF3(pfx) && sz == 4) {
13173 IRTemp dst64 = newTemp(Ity_I64);
13174 IRTemp rmode = newTemp(Ity_I32);
13175 IRTemp f32lo = newTemp(Ity_F32);
13176 IRTemp f32hi = newTemp(Ity_F32);
13177 Bool r2zero = toBool(opc == 0x2C);
13178
13179 do_MMX_preamble();
13180 modrm = getUChar(delta);
13181
13182 if (epartIsReg(modrm)) {
13183 delta += 1;
13184 assign(f32lo, getXMMRegLane32F(eregOfRexRM(pfx,modrm), 0));
13185 assign(f32hi, getXMMRegLane32F(eregOfRexRM(pfx,modrm), 1));
13186 DIP("cvt%sps2pi %s,%s\n", r2zero ? "t" : "",
13187 nameXMMReg(eregOfRexRM(pfx,modrm)),
13188 nameMMXReg(gregLO3ofRM(modrm)));
13189 } else {
13190 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
13191 assign(f32lo, loadLE(Ity_F32, mkexpr(addr)));
13192 assign(f32hi, loadLE(Ity_F32, binop( Iop_Add64,
13193 mkexpr(addr),
13194 mkU64(4) )));
13195 delta += alen;
13196 DIP("cvt%sps2pi %s,%s\n", r2zero ? "t" : "",
13197 dis_buf,
13198 nameMMXReg(gregLO3ofRM(modrm)));
13199 }
13200
13201 if (r2zero) {
13202 assign(rmode, mkU32((UInt)Irrm_ZERO) );
13203 } else {
13204 assign( rmode, get_sse_roundingmode() );
13205 }
13206
13207 assign(
13208 dst64,
13209 binop( Iop_32HLto64,
13210 binop( Iop_F64toI32S,
13211 mkexpr(rmode),
13212 unop( Iop_F32toF64, mkexpr(f32hi) ) ),
13213 binop( Iop_F64toI32S,
13214 mkexpr(rmode),
13215 unop( Iop_F32toF64, mkexpr(f32lo) ) )
13216 )
13217 );
13218
13219 putMMXReg(gregLO3ofRM(modrm), mkexpr(dst64));
13220 goto decode_success;
13221 }
13222 /* F3 0F 2D = CVTSS2SI
13223 when sz==4 -- convert F32 in mem/low quarter xmm to I32 in ireg,
13224 according to prevailing SSE rounding mode
13225 when sz==8 -- convert F32 in mem/low quarter xmm to I64 in ireg,
13226 according to prevailing SSE rounding mode
13227 */
13228 /* F3 0F 2C = CVTTSS2SI
13229 when sz==4 -- convert F32 in mem/low quarter xmm to I32 in ireg,
13230 truncating towards zero
13231 when sz==8 -- convert F32 in mem/low quarter xmm to I64 in ireg,
13232 truncating towards zero
13233 */
13234 if (haveF3no66noF2(pfx) && (sz == 4 || sz == 8)) {
13235 delta = dis_CVTxSS2SI( vbi, pfx, delta, False/*!isAvx*/, opc, sz);
13236 goto decode_success;
13237 }
13238 /* F2 0F 2D = CVTSD2SI
13239 when sz==4 -- convert F64 in mem/low half xmm to I32 in ireg,
13240 according to prevailing SSE rounding mode
13241 when sz==8 -- convert F64 in mem/low half xmm to I64 in ireg,
13242 according to prevailing SSE rounding mode
13243 */
13244 /* F2 0F 2C = CVTTSD2SI
13245 when sz==4 -- convert F64 in mem/low half xmm to I32 in ireg,
13246 truncating towards zero
13247 when sz==8 -- convert F64 in mem/low half xmm to I64 in ireg,
13248 truncating towards zero
13249 */
13250 if (haveF2no66noF3(pfx) && (sz == 4 || sz == 8)) {
13251 delta = dis_CVTxSD2SI( vbi, pfx, delta, False/*!isAvx*/, opc, sz);
13252 goto decode_success;
13253 }
13254 /* 66 0F 2D = CVTPD2PI -- convert 2 x F64 in mem/xmm to 2 x
13255 I32 in mmx, according to prevailing SSE rounding mode */
13256 /* 66 0F 2C = CVTTPD2PI -- convert 2 x F64 in mem/xmm to 2 x
13257 I32 in mmx, rounding towards zero */
13258 if (have66noF2noF3(pfx) && sz == 2) {
13259 IRTemp dst64 = newTemp(Ity_I64);
13260 IRTemp rmode = newTemp(Ity_I32);
13261 IRTemp f64lo = newTemp(Ity_F64);
13262 IRTemp f64hi = newTemp(Ity_F64);
13263 Bool r2zero = toBool(opc == 0x2C);
13264
13265 do_MMX_preamble();
13266 modrm = getUChar(delta);
13267
13268 if (epartIsReg(modrm)) {
13269 delta += 1;
13270 assign(f64lo, getXMMRegLane64F(eregOfRexRM(pfx,modrm), 0));
13271 assign(f64hi, getXMMRegLane64F(eregOfRexRM(pfx,modrm), 1));
13272 DIP("cvt%spd2pi %s,%s\n", r2zero ? "t" : "",
13273 nameXMMReg(eregOfRexRM(pfx,modrm)),
13274 nameMMXReg(gregLO3ofRM(modrm)));
13275 } else {
13276 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
13277 assign(f64lo, loadLE(Ity_F64, mkexpr(addr)));
13278 assign(f64hi, loadLE(Ity_F64, binop( Iop_Add64,
13279 mkexpr(addr),
13280 mkU64(8) )));
13281 delta += alen;
13282 DIP("cvt%spf2pi %s,%s\n", r2zero ? "t" : "",
13283 dis_buf,
13284 nameMMXReg(gregLO3ofRM(modrm)));
13285 }
13286
13287 if (r2zero) {
13288 assign(rmode, mkU32((UInt)Irrm_ZERO) );
13289 } else {
13290 assign( rmode, get_sse_roundingmode() );
13291 }
13292
13293 assign(
13294 dst64,
13295 binop( Iop_32HLto64,
13296 binop( Iop_F64toI32S, mkexpr(rmode), mkexpr(f64hi) ),
13297 binop( Iop_F64toI32S, mkexpr(rmode), mkexpr(f64lo) )
13298 )
13299 );
13300
13301 putMMXReg(gregLO3ofRM(modrm), mkexpr(dst64));
13302 goto decode_success;
13303 }
13304 break;
13305
13306 case 0x2E:
13307 case 0x2F:
13308 /* 66 0F 2E = UCOMISD -- 64F0x2 comparison G,E, and set ZCP */
13309 /* 66 0F 2F = COMISD -- 64F0x2 comparison G,E, and set ZCP */
13310 if (have66noF2noF3(pfx) && sz == 2) {
13311 delta = dis_COMISD( vbi, pfx, delta, False/*!isAvx*/, opc );
13312 goto decode_success;
13313 }
13314 /* 0F 2E = UCOMISS -- 32F0x4 comparison G,E, and set ZCP */
13315 /* 0F 2F = COMISS -- 32F0x4 comparison G,E, and set ZCP */
13316 if (haveNo66noF2noF3(pfx) && sz == 4) {
13317 delta = dis_COMISS( vbi, pfx, delta, False/*!isAvx*/, opc );
13318 goto decode_success;
13319 }
13320 break;
13321
13322 case 0x50:
13323 /* 0F 50 = MOVMSKPS - move 4 sign bits from 4 x F32 in xmm(E)
13324 to 4 lowest bits of ireg(G) */
13325 if (haveNo66noF2noF3(pfx) && (sz == 4 || sz == 8)
13326 && epartIsReg(getUChar(delta))) {
13327 /* sz == 8 is a kludge to handle insns with REX.W redundantly
13328 set to 1, which has been known to happen:
13329
13330 4c 0f 50 d9 rex64X movmskps %xmm1,%r11d
13331
13332 20071106: Intel docs say that REX.W isn't redundant: when
13333 present, a 64-bit register is written; when not present, only
13334 the 32-bit half is written. However, testing on a Core2
13335 machine suggests the entire 64 bit register is written
13336 irrespective of the status of REX.W. That could be because
13337 of the default rule that says "if the lower half of a 32-bit
13338 register is written, the upper half is zeroed". By using
13339 putIReg32 here we inadvertantly produce the same behaviour as
13340 the Core2, for the same reason -- putIReg32 implements said
13341 rule.
13342
13343 AMD docs give no indication that REX.W is even valid for this
13344 insn. */
13345 delta = dis_MOVMSKPS_128( vbi, pfx, delta, False/*!isAvx*/ );
13346 goto decode_success;
13347 }
13348 /* 66 0F 50 = MOVMSKPD - move 2 sign bits from 2 x F64 in xmm(E) to
13349 2 lowest bits of ireg(G) */
13350 if (have66noF2noF3(pfx) && (sz == 2 || sz == 8)) {
13351 /* sz == 8 is a kludge to handle insns with REX.W redundantly
13352 set to 1, which has been known to happen:
13353 66 4c 0f 50 d9 rex64X movmskpd %xmm1,%r11d
13354 20071106: see further comments on MOVMSKPS implementation above.
13355 */
13356 delta = dis_MOVMSKPD_128( vbi, pfx, delta, False/*!isAvx*/ );
13357 goto decode_success;
13358 }
13359 break;
13360
13361 case 0x51:
13362 /* F3 0F 51 = SQRTSS -- approx sqrt 32F0x4 from R/M to R */
13363 if (haveF3no66noF2(pfx) && sz == 4) {
13364 delta = dis_SSE_E_to_G_unary_lo32( vbi, pfx, delta,
13365 "sqrtss", Iop_Sqrt32F0x4 );
13366 goto decode_success;
13367 }
13368 /* 0F 51 = SQRTPS -- approx sqrt 32Fx4 from R/M to R */
13369 if (haveNo66noF2noF3(pfx) && sz == 4) {
13370 delta = dis_SSE_E_to_G_unary_all( vbi, pfx, delta,
13371 "sqrtps", Iop_Sqrt32Fx4 );
13372 goto decode_success;
13373 }
13374 /* F2 0F 51 = SQRTSD -- approx sqrt 64F0x2 from R/M to R */
13375 if (haveF2no66noF3(pfx) && sz == 4) {
13376 delta = dis_SSE_E_to_G_unary_lo64( vbi, pfx, delta,
13377 "sqrtsd", Iop_Sqrt64F0x2 );
13378 goto decode_success;
13379 }
13380 /* 66 0F 51 = SQRTPD -- approx sqrt 64Fx2 from R/M to R */
13381 if (have66noF2noF3(pfx) && sz == 2) {
13382 delta = dis_SSE_E_to_G_unary_all( vbi, pfx, delta,
13383 "sqrtpd", Iop_Sqrt64Fx2 );
13384 goto decode_success;
13385 }
13386 break;
13387
13388 case 0x52:
13389 /* F3 0F 52 = RSQRTSS -- approx reciprocal sqrt 32F0x4 from R/M to R */
13390 if (haveF3no66noF2(pfx) && sz == 4) {
13391 delta = dis_SSE_E_to_G_unary_lo32( vbi, pfx, delta,
13392 "rsqrtss", Iop_RSqrtEst32F0x4 );
13393 goto decode_success;
13394 }
13395 /* 0F 52 = RSQRTPS -- approx reciprocal sqrt 32Fx4 from R/M to R */
13396 if (haveNo66noF2noF3(pfx) && sz == 4) {
13397 delta = dis_SSE_E_to_G_unary_all( vbi, pfx, delta,
13398 "rsqrtps", Iop_RSqrtEst32Fx4 );
13399 goto decode_success;
13400 }
13401 break;
13402
13403 case 0x53:
13404 /* F3 0F 53 = RCPSS -- approx reciprocal 32F0x4 from R/M to R */
13405 if (haveF3no66noF2(pfx) && sz == 4) {
13406 delta = dis_SSE_E_to_G_unary_lo32( vbi, pfx, delta,
13407 "rcpss", Iop_RecipEst32F0x4 );
13408 goto decode_success;
13409 }
13410 /* 0F 53 = RCPPS -- approx reciprocal 32Fx4 from R/M to R */
13411 if (haveNo66noF2noF3(pfx) && sz == 4) {
13412 delta = dis_SSE_E_to_G_unary_all( vbi, pfx, delta,
13413 "rcpps", Iop_RecipEst32Fx4 );
13414 goto decode_success;
13415 }
13416 break;
13417
13418 case 0x54:
13419 /* 0F 54 = ANDPS -- G = G and E */
13420 if (haveNo66noF2noF3(pfx) && sz == 4) {
13421 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "andps", Iop_AndV128 );
13422 goto decode_success;
13423 }
13424 /* 66 0F 54 = ANDPD -- G = G and E */
13425 if (have66noF2noF3(pfx) && sz == 2) {
13426 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "andpd", Iop_AndV128 );
13427 goto decode_success;
13428 }
13429 break;
13430
13431 case 0x55:
13432 /* 0F 55 = ANDNPS -- G = (not G) and E */
13433 if (haveNo66noF2noF3(pfx) && sz == 4) {
13434 delta = dis_SSE_E_to_G_all_invG( vbi, pfx, delta, "andnps",
13435 Iop_AndV128 );
13436 goto decode_success;
13437 }
13438 /* 66 0F 55 = ANDNPD -- G = (not G) and E */
13439 if (have66noF2noF3(pfx) && sz == 2) {
13440 delta = dis_SSE_E_to_G_all_invG( vbi, pfx, delta, "andnpd",
13441 Iop_AndV128 );
13442 goto decode_success;
13443 }
13444 break;
13445
13446 case 0x56:
13447 /* 0F 56 = ORPS -- G = G and E */
13448 if (haveNo66noF2noF3(pfx) && sz == 4) {
13449 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "orps", Iop_OrV128 );
13450 goto decode_success;
13451 }
13452 /* 66 0F 56 = ORPD -- G = G and E */
13453 if (have66noF2noF3(pfx) && sz == 2) {
13454 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "orpd", Iop_OrV128 );
13455 goto decode_success;
13456 }
13457 break;
13458
13459 case 0x57:
13460 /* 66 0F 57 = XORPD -- G = G xor E */
13461 if (have66noF2noF3(pfx) && sz == 2) {
13462 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "xorpd", Iop_XorV128 );
13463 goto decode_success;
13464 }
13465 /* 0F 57 = XORPS -- G = G xor E */
13466 if (haveNo66noF2noF3(pfx) && sz == 4) {
13467 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "xorps", Iop_XorV128 );
13468 goto decode_success;
13469 }
13470 break;
13471
13472 case 0x58:
13473 /* 0F 58 = ADDPS -- add 32Fx4 from R/M to R */
13474 if (haveNo66noF2noF3(pfx) && sz == 4) {
13475 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "addps", Iop_Add32Fx4 );
13476 goto decode_success;
13477 }
13478 /* F3 0F 58 = ADDSS -- add 32F0x4 from R/M to R */
13479 if (haveF3no66noF2(pfx) && sz == 4) {
13480 delta = dis_SSE_E_to_G_lo32( vbi, pfx, delta, "addss", Iop_Add32F0x4 );
13481 goto decode_success;
13482 }
13483 /* F2 0F 58 = ADDSD -- add 64F0x2 from R/M to R */
13484 if (haveF2no66noF3(pfx)
13485 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
13486 delta = dis_SSE_E_to_G_lo64( vbi, pfx, delta, "addsd", Iop_Add64F0x2 );
13487 goto decode_success;
13488 }
13489 /* 66 0F 58 = ADDPD -- add 32Fx4 from R/M to R */
13490 if (have66noF2noF3(pfx)
13491 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
13492 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "addpd", Iop_Add64Fx2 );
13493 goto decode_success;
13494 }
13495 break;
13496
13497 case 0x59:
13498 /* F2 0F 59 = MULSD -- mul 64F0x2 from R/M to R */
13499 if (haveF2no66noF3(pfx)
13500 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
13501 delta = dis_SSE_E_to_G_lo64( vbi, pfx, delta, "mulsd", Iop_Mul64F0x2 );
13502 goto decode_success;
13503 }
13504 /* F3 0F 59 = MULSS -- mul 32F0x4 from R/M to R */
13505 if (haveF3no66noF2(pfx) && sz == 4) {
13506 delta = dis_SSE_E_to_G_lo32( vbi, pfx, delta, "mulss", Iop_Mul32F0x4 );
13507 goto decode_success;
13508 }
13509 /* 0F 59 = MULPS -- mul 32Fx4 from R/M to R */
13510 if (haveNo66noF2noF3(pfx) && sz == 4) {
13511 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "mulps", Iop_Mul32Fx4 );
13512 goto decode_success;
13513 }
13514 /* 66 0F 59 = MULPD -- mul 64Fx2 from R/M to R */
13515 if (have66noF2noF3(pfx)
13516 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
13517 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "mulpd", Iop_Mul64Fx2 );
13518 goto decode_success;
13519 }
13520 break;
13521
13522 case 0x5A:
13523 /* 0F 5A = CVTPS2PD -- convert 2 x F32 in low half mem/xmm to 2 x
13524 F64 in xmm(G). */
13525 if (haveNo66noF2noF3(pfx)
13526 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
13527 delta = dis_CVTPS2PD_128( vbi, pfx, delta, False/*!isAvx*/ );
13528 goto decode_success;
13529 }
13530 /* F3 0F 5A = CVTSS2SD -- convert F32 in mem/low 1/4 xmm to F64 in
13531 low half xmm(G) */
13532 if (haveF3no66noF2(pfx) && sz == 4) {
13533 IRTemp f32lo = newTemp(Ity_F32);
13534
13535 modrm = getUChar(delta);
13536 if (epartIsReg(modrm)) {
13537 delta += 1;
13538 assign(f32lo, getXMMRegLane32F(eregOfRexRM(pfx,modrm), 0));
13539 DIP("cvtss2sd %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
13540 nameXMMReg(gregOfRexRM(pfx,modrm)));
13541 } else {
13542 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
13543 assign(f32lo, loadLE(Ity_F32, mkexpr(addr)));
13544 delta += alen;
13545 DIP("cvtss2sd %s,%s\n", dis_buf,
13546 nameXMMReg(gregOfRexRM(pfx,modrm)));
13547 }
13548
13549 putXMMRegLane64F( gregOfRexRM(pfx,modrm), 0,
13550 unop( Iop_F32toF64, mkexpr(f32lo) ) );
13551
13552 goto decode_success;
13553 }
13554 /* F2 0F 5A = CVTSD2SS -- convert F64 in mem/low half xmm to F32 in
13555 low 1/4 xmm(G), according to prevailing SSE rounding mode */
13556 if (haveF2no66noF3(pfx) && sz == 4) {
13557 IRTemp rmode = newTemp(Ity_I32);
13558 IRTemp f64lo = newTemp(Ity_F64);
13559
13560 modrm = getUChar(delta);
13561 if (epartIsReg(modrm)) {
13562 delta += 1;
13563 assign(f64lo, getXMMRegLane64F(eregOfRexRM(pfx,modrm), 0));
13564 DIP("cvtsd2ss %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
13565 nameXMMReg(gregOfRexRM(pfx,modrm)));
13566 } else {
13567 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
13568 assign(f64lo, loadLE(Ity_F64, mkexpr(addr)));
13569 delta += alen;
13570 DIP("cvtsd2ss %s,%s\n", dis_buf,
13571 nameXMMReg(gregOfRexRM(pfx,modrm)));
13572 }
13573
13574 assign( rmode, get_sse_roundingmode() );
13575 putXMMRegLane32F(
13576 gregOfRexRM(pfx,modrm), 0,
13577 binop( Iop_F64toF32, mkexpr(rmode), mkexpr(f64lo) )
13578 );
13579
13580 goto decode_success;
13581 }
13582 /* 66 0F 5A = CVTPD2PS -- convert 2 x F64 in mem/xmm to 2 x F32 in
13583 lo half xmm(G), rounding according to prevailing SSE rounding
13584 mode, and zero upper half */
13585 /* Note, this is practically identical to CVTPD2DQ. It would have
13586 be nice to merge them together. */
13587 if (have66noF2noF3(pfx) && sz == 2) {
13588 delta = dis_CVTPD2PS_128( vbi, pfx, delta, False/*!isAvx*/ );
13589 goto decode_success;
13590 }
13591 break;
13592
13593 case 0x5B:
13594 /* F3 0F 5B = CVTTPS2DQ -- convert 4 x F32 in mem/xmm to 4 x I32 in
13595 xmm(G), rounding towards zero */
13596 /* 66 0F 5B = CVTPS2DQ -- convert 4 x F32 in mem/xmm to 4 x I32 in
13597 xmm(G), as per the prevailing rounding mode */
13598 if ( (have66noF2noF3(pfx) && sz == 2)
13599 || (haveF3no66noF2(pfx) && sz == 4) ) {
13600 Bool r2zero = toBool(sz == 4); // FIXME -- unreliable (???)
13601 delta = dis_CVTxPS2DQ_128( vbi, pfx, delta, False/*!isAvx*/, r2zero );
13602 goto decode_success;
13603 }
13604 /* 0F 5B = CVTDQ2PS -- convert 4 x I32 in mem/xmm to 4 x F32 in
13605 xmm(G) */
13606 if (haveNo66noF2noF3(pfx) && sz == 4) {
13607 delta = dis_CVTDQ2PS_128( vbi, pfx, delta, False/*!isAvx*/ );
13608 goto decode_success;
13609 }
13610 break;
13611
13612 case 0x5C:
13613 /* F3 0F 5C = SUBSS -- sub 32F0x4 from R/M to R */
13614 if (haveF3no66noF2(pfx) && sz == 4) {
13615 delta = dis_SSE_E_to_G_lo32( vbi, pfx, delta, "subss", Iop_Sub32F0x4 );
13616 goto decode_success;
13617 }
13618 /* F2 0F 5C = SUBSD -- sub 64F0x2 from R/M to R */
13619 if (haveF2no66noF3(pfx)
13620 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
13621 delta = dis_SSE_E_to_G_lo64( vbi, pfx, delta, "subsd", Iop_Sub64F0x2 );
13622 goto decode_success;
13623 }
13624 /* 0F 5C = SUBPS -- sub 32Fx4 from R/M to R */
13625 if (haveNo66noF2noF3(pfx) && sz == 4) {
13626 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "subps", Iop_Sub32Fx4 );
13627 goto decode_success;
13628 }
13629 /* 66 0F 5C = SUBPD -- sub 64Fx2 from R/M to R */
13630 if (have66noF2noF3(pfx) && sz == 2) {
13631 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "subpd", Iop_Sub64Fx2 );
13632 goto decode_success;
13633 }
13634 break;
13635
13636 case 0x5D:
13637 /* 0F 5D = MINPS -- min 32Fx4 from R/M to R */
13638 if (haveNo66noF2noF3(pfx) && sz == 4) {
13639 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "minps", Iop_Min32Fx4 );
13640 goto decode_success;
13641 }
13642 /* F3 0F 5D = MINSS -- min 32F0x4 from R/M to R */
13643 if (haveF3no66noF2(pfx) && sz == 4) {
13644 delta = dis_SSE_E_to_G_lo32( vbi, pfx, delta, "minss", Iop_Min32F0x4 );
13645 goto decode_success;
13646 }
13647 /* F2 0F 5D = MINSD -- min 64F0x2 from R/M to R */
13648 if (haveF2no66noF3(pfx)
13649 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
13650 delta = dis_SSE_E_to_G_lo64( vbi, pfx, delta, "minsd", Iop_Min64F0x2 );
13651 goto decode_success;
13652 }
13653 /* 66 0F 5D = MINPD -- min 64Fx2 from R/M to R */
13654 if (have66noF2noF3(pfx) && sz == 2) {
13655 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "minpd", Iop_Min64Fx2 );
13656 goto decode_success;
13657 }
13658 break;
13659
13660 case 0x5E:
13661 /* F2 0F 5E = DIVSD -- div 64F0x2 from R/M to R */
13662 if (haveF2no66noF3(pfx) && sz == 4) {
13663 delta = dis_SSE_E_to_G_lo64( vbi, pfx, delta, "divsd", Iop_Div64F0x2 );
13664 goto decode_success;
13665 }
13666 /* 0F 5E = DIVPS -- div 32Fx4 from R/M to R */
13667 if (haveNo66noF2noF3(pfx) && sz == 4) {
13668 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "divps", Iop_Div32Fx4 );
13669 goto decode_success;
13670 }
13671 /* F3 0F 5E = DIVSS -- div 32F0x4 from R/M to R */
13672 if (haveF3no66noF2(pfx) && sz == 4) {
13673 delta = dis_SSE_E_to_G_lo32( vbi, pfx, delta, "divss", Iop_Div32F0x4 );
13674 goto decode_success;
13675 }
13676 /* 66 0F 5E = DIVPD -- div 64Fx2 from R/M to R */
13677 if (have66noF2noF3(pfx) && sz == 2) {
13678 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "divpd", Iop_Div64Fx2 );
13679 goto decode_success;
13680 }
13681 break;
13682
13683 case 0x5F:
13684 /* 0F 5F = MAXPS -- max 32Fx4 from R/M to R */
13685 if (haveNo66noF2noF3(pfx) && sz == 4) {
13686 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "maxps", Iop_Max32Fx4 );
13687 goto decode_success;
13688 }
13689 /* F3 0F 5F = MAXSS -- max 32F0x4 from R/M to R */
13690 if (haveF3no66noF2(pfx) && sz == 4) {
13691 delta = dis_SSE_E_to_G_lo32( vbi, pfx, delta, "maxss", Iop_Max32F0x4 );
13692 goto decode_success;
13693 }
13694 /* F2 0F 5F = MAXSD -- max 64F0x2 from R/M to R */
13695 if (haveF2no66noF3(pfx)
13696 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
13697 delta = dis_SSE_E_to_G_lo64( vbi, pfx, delta, "maxsd", Iop_Max64F0x2 );
13698 goto decode_success;
13699 }
13700 /* 66 0F 5F = MAXPD -- max 64Fx2 from R/M to R */
13701 if (have66noF2noF3(pfx) && sz == 2) {
13702 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "maxpd", Iop_Max64Fx2 );
13703 goto decode_success;
13704 }
13705 break;
13706
13707 case 0x60:
13708 /* 66 0F 60 = PUNPCKLBW */
13709 if (have66noF2noF3(pfx) && sz == 2) {
13710 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
13711 "punpcklbw",
13712 Iop_InterleaveLO8x16, True );
13713 goto decode_success;
13714 }
13715 break;
13716
13717 case 0x61:
13718 /* 66 0F 61 = PUNPCKLWD */
13719 if (have66noF2noF3(pfx) && sz == 2) {
13720 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
13721 "punpcklwd",
13722 Iop_InterleaveLO16x8, True );
13723 goto decode_success;
13724 }
13725 break;
13726
13727 case 0x62:
13728 /* 66 0F 62 = PUNPCKLDQ */
13729 if (have66noF2noF3(pfx) && sz == 2) {
13730 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
13731 "punpckldq",
13732 Iop_InterleaveLO32x4, True );
13733 goto decode_success;
13734 }
13735 break;
13736
13737 case 0x63:
13738 /* 66 0F 63 = PACKSSWB */
13739 if (have66noF2noF3(pfx) && sz == 2) {
13740 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
13741 "packsswb",
13742 Iop_QNarrowBin16Sto8Sx16, True );
13743 goto decode_success;
13744 }
13745 break;
13746
13747 case 0x64:
13748 /* 66 0F 64 = PCMPGTB */
13749 if (have66noF2noF3(pfx) && sz == 2) {
13750 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
13751 "pcmpgtb", Iop_CmpGT8Sx16, False );
13752 goto decode_success;
13753 }
13754 break;
13755
13756 case 0x65:
13757 /* 66 0F 65 = PCMPGTW */
13758 if (have66noF2noF3(pfx) && sz == 2) {
13759 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
13760 "pcmpgtw", Iop_CmpGT16Sx8, False );
13761 goto decode_success;
13762 }
13763 break;
13764
13765 case 0x66:
13766 /* 66 0F 66 = PCMPGTD */
13767 if (have66noF2noF3(pfx) && sz == 2) {
13768 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
13769 "pcmpgtd", Iop_CmpGT32Sx4, False );
13770 goto decode_success;
13771 }
13772 break;
13773
13774 case 0x67:
13775 /* 66 0F 67 = PACKUSWB */
13776 if (have66noF2noF3(pfx) && sz == 2) {
13777 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
13778 "packuswb",
13779 Iop_QNarrowBin16Sto8Ux16, True );
13780 goto decode_success;
13781 }
13782 break;
13783
13784 case 0x68:
13785 /* 66 0F 68 = PUNPCKHBW */
13786 if (have66noF2noF3(pfx) && sz == 2) {
13787 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
13788 "punpckhbw",
13789 Iop_InterleaveHI8x16, True );
13790 goto decode_success;
13791 }
13792 break;
13793
13794 case 0x69:
13795 /* 66 0F 69 = PUNPCKHWD */
13796 if (have66noF2noF3(pfx) && sz == 2) {
13797 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
13798 "punpckhwd",
13799 Iop_InterleaveHI16x8, True );
13800 goto decode_success;
13801 }
13802 break;
13803
13804 case 0x6A:
13805 /* 66 0F 6A = PUNPCKHDQ */
13806 if (have66noF2noF3(pfx) && sz == 2) {
13807 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
13808 "punpckhdq",
13809 Iop_InterleaveHI32x4, True );
13810 goto decode_success;
13811 }
13812 break;
13813
13814 case 0x6B:
13815 /* 66 0F 6B = PACKSSDW */
13816 if (have66noF2noF3(pfx) && sz == 2) {
13817 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
13818 "packssdw",
13819 Iop_QNarrowBin32Sto16Sx8, True );
13820 goto decode_success;
13821 }
13822 break;
13823
13824 case 0x6C:
13825 /* 66 0F 6C = PUNPCKLQDQ */
13826 if (have66noF2noF3(pfx) && sz == 2) {
13827 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
13828 "punpcklqdq",
13829 Iop_InterleaveLO64x2, True );
13830 goto decode_success;
13831 }
13832 break;
13833
13834 case 0x6D:
13835 /* 66 0F 6D = PUNPCKHQDQ */
13836 if (have66noF2noF3(pfx) && sz == 2) {
13837 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
13838 "punpckhqdq",
13839 Iop_InterleaveHI64x2, True );
13840 goto decode_success;
13841 }
13842 break;
13843
13844 case 0x6E:
13845 /* 66 0F 6E = MOVD from ireg32/m32 to xmm lo 1/4,
13846 zeroing high 3/4 of xmm. */
13847 /* or from ireg64/m64 to xmm lo 1/2,
13848 zeroing high 1/2 of xmm. */
13849 if (have66noF2noF3(pfx)) {
13850 vassert(sz == 2 || sz == 8);
13851 if (sz == 2) sz = 4;
13852 modrm = getUChar(delta);
13853 if (epartIsReg(modrm)) {
13854 delta += 1;
13855 if (sz == 4) {
13856 putXMMReg(
13857 gregOfRexRM(pfx,modrm),
13858 unop( Iop_32UtoV128, getIReg32(eregOfRexRM(pfx,modrm)) )
13859 );
13860 DIP("movd %s, %s\n", nameIReg32(eregOfRexRM(pfx,modrm)),
13861 nameXMMReg(gregOfRexRM(pfx,modrm)));
13862 } else {
13863 putXMMReg(
13864 gregOfRexRM(pfx,modrm),
13865 unop( Iop_64UtoV128, getIReg64(eregOfRexRM(pfx,modrm)) )
13866 );
13867 DIP("movq %s, %s\n", nameIReg64(eregOfRexRM(pfx,modrm)),
13868 nameXMMReg(gregOfRexRM(pfx,modrm)));
13869 }
13870 } else {
13871 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
13872 delta += alen;
13873 putXMMReg(
13874 gregOfRexRM(pfx,modrm),
13875 sz == 4
13876 ? unop( Iop_32UtoV128,loadLE(Ity_I32, mkexpr(addr)) )
13877 : unop( Iop_64UtoV128,loadLE(Ity_I64, mkexpr(addr)) )
13878 );
13879 DIP("mov%c %s, %s\n", sz == 4 ? 'd' : 'q', dis_buf,
13880 nameXMMReg(gregOfRexRM(pfx,modrm)));
13881 }
13882 goto decode_success;
13883 }
13884 break;
13885
13886 case 0x6F:
13887 if (have66noF2noF3(pfx)
13888 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
13889 /* 66 0F 6F = MOVDQA -- move from E (mem or xmm) to G (xmm). */
13890 modrm = getUChar(delta);
13891 if (epartIsReg(modrm)) {
13892 putXMMReg( gregOfRexRM(pfx,modrm),
13893 getXMMReg( eregOfRexRM(pfx,modrm) ));
13894 DIP("movdqa %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
13895 nameXMMReg(gregOfRexRM(pfx,modrm)));
13896 delta += 1;
13897 } else {
13898 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
13899 gen_SEGV_if_not_16_aligned( addr );
13900 putXMMReg( gregOfRexRM(pfx,modrm),
13901 loadLE(Ity_V128, mkexpr(addr)) );
13902 DIP("movdqa %s,%s\n", dis_buf,
13903 nameXMMReg(gregOfRexRM(pfx,modrm)));
13904 delta += alen;
13905 }
13906 goto decode_success;
13907 }
13908 if (haveF3no66noF2(pfx) && sz == 4) {
13909 /* F3 0F 6F = MOVDQU -- move from E (mem or xmm) to G (xmm). */
13910 modrm = getUChar(delta);
13911 if (epartIsReg(modrm)) {
13912 putXMMReg( gregOfRexRM(pfx,modrm),
13913 getXMMReg( eregOfRexRM(pfx,modrm) ));
13914 DIP("movdqu %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
13915 nameXMMReg(gregOfRexRM(pfx,modrm)));
13916 delta += 1;
13917 } else {
13918 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
13919 putXMMReg( gregOfRexRM(pfx,modrm),
13920 loadLE(Ity_V128, mkexpr(addr)) );
13921 DIP("movdqu %s,%s\n", dis_buf,
13922 nameXMMReg(gregOfRexRM(pfx,modrm)));
13923 delta += alen;
13924 }
13925 goto decode_success;
13926 }
13927 break;
13928
13929 case 0x70:
13930 /* 66 0F 70 = PSHUFD -- rearrange 4x32 from E(xmm or mem) to G(xmm) */
13931 if (have66noF2noF3(pfx) && sz == 2) {
13932 delta = dis_PSHUFD_32x4( vbi, pfx, delta, False/*!writesYmm*/);
13933 goto decode_success;
13934 }
13935 /* ***--- this is an MMX class insn introduced in SSE1 ---*** */
13936 /* 0F 70 = PSHUFW -- rearrange 4x16 from E(mmx or mem) to G(mmx) */
13937 if (haveNo66noF2noF3(pfx) && sz == 4) {
13938 Int order;
13939 IRTemp sV, dV, s3, s2, s1, s0;
13940 s3 = s2 = s1 = s0 = IRTemp_INVALID;
13941 sV = newTemp(Ity_I64);
13942 dV = newTemp(Ity_I64);
13943 do_MMX_preamble();
13944 modrm = getUChar(delta);
13945 if (epartIsReg(modrm)) {
13946 assign( sV, getMMXReg(eregLO3ofRM(modrm)) );
13947 order = (Int)getUChar(delta+1);
13948 delta += 1+1;
13949 DIP("pshufw $%d,%s,%s\n", order,
13950 nameMMXReg(eregLO3ofRM(modrm)),
13951 nameMMXReg(gregLO3ofRM(modrm)));
13952 } else {
13953 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf,
13954 1/*extra byte after amode*/ );
13955 assign( sV, loadLE(Ity_I64, mkexpr(addr)) );
13956 order = (Int)getUChar(delta+alen);
13957 delta += 1+alen;
13958 DIP("pshufw $%d,%s,%s\n", order,
13959 dis_buf,
13960 nameMMXReg(gregLO3ofRM(modrm)));
13961 }
13962 breakup64to16s( sV, &s3, &s2, &s1, &s0 );
13963 # define SEL(n) \
13964 ((n)==0 ? s0 : ((n)==1 ? s1 : ((n)==2 ? s2 : s3)))
13965 assign(dV,
13966 mk64from16s( SEL((order>>6)&3), SEL((order>>4)&3),
13967 SEL((order>>2)&3), SEL((order>>0)&3) )
13968 );
13969 putMMXReg(gregLO3ofRM(modrm), mkexpr(dV));
13970 # undef SEL
13971 goto decode_success;
13972 }
13973 /* F2 0F 70 = PSHUFLW -- rearrange lower half 4x16 from E(xmm or
13974 mem) to G(xmm), and copy upper half */
13975 if (haveF2no66noF3(pfx) && sz == 4) {
13976 delta = dis_PSHUFxW_128( vbi, pfx, delta,
13977 False/*!isAvx*/, False/*!xIsH*/ );
13978 goto decode_success;
13979 }
13980 /* F3 0F 70 = PSHUFHW -- rearrange upper half 4x16 from E(xmm or
13981 mem) to G(xmm), and copy lower half */
13982 if (haveF3no66noF2(pfx) && sz == 4) {
13983 delta = dis_PSHUFxW_128( vbi, pfx, delta,
13984 False/*!isAvx*/, True/*xIsH*/ );
13985 goto decode_success;
13986 }
13987 break;
13988
13989 case 0x71:
13990 /* 66 0F 71 /2 ib = PSRLW by immediate */
13991 if (have66noF2noF3(pfx) && sz == 2
13992 && epartIsReg(getUChar(delta))
13993 && gregLO3ofRM(getUChar(delta)) == 2) {
13994 delta = dis_SSE_shiftE_imm( pfx, delta, "psrlw", Iop_ShrN16x8 );
13995 goto decode_success;
13996 }
13997 /* 66 0F 71 /4 ib = PSRAW by immediate */
13998 if (have66noF2noF3(pfx) && sz == 2
13999 && epartIsReg(getUChar(delta))
14000 && gregLO3ofRM(getUChar(delta)) == 4) {
14001 delta = dis_SSE_shiftE_imm( pfx, delta, "psraw", Iop_SarN16x8 );
14002 goto decode_success;
14003 }
14004 /* 66 0F 71 /6 ib = PSLLW by immediate */
14005 if (have66noF2noF3(pfx) && sz == 2
14006 && epartIsReg(getUChar(delta))
14007 && gregLO3ofRM(getUChar(delta)) == 6) {
14008 delta = dis_SSE_shiftE_imm( pfx, delta, "psllw", Iop_ShlN16x8 );
14009 goto decode_success;
14010 }
14011 break;
14012
14013 case 0x72:
14014 /* 66 0F 72 /2 ib = PSRLD by immediate */
14015 if (have66noF2noF3(pfx) && sz == 2
14016 && epartIsReg(getUChar(delta))
14017 && gregLO3ofRM(getUChar(delta)) == 2) {
14018 delta = dis_SSE_shiftE_imm( pfx, delta, "psrld", Iop_ShrN32x4 );
14019 goto decode_success;
14020 }
14021 /* 66 0F 72 /4 ib = PSRAD by immediate */
14022 if (have66noF2noF3(pfx) && sz == 2
14023 && epartIsReg(getUChar(delta))
14024 && gregLO3ofRM(getUChar(delta)) == 4) {
14025 delta = dis_SSE_shiftE_imm( pfx, delta, "psrad", Iop_SarN32x4 );
14026 goto decode_success;
14027 }
14028 /* 66 0F 72 /6 ib = PSLLD by immediate */
14029 if (have66noF2noF3(pfx) && sz == 2
14030 && epartIsReg(getUChar(delta))
14031 && gregLO3ofRM(getUChar(delta)) == 6) {
14032 delta = dis_SSE_shiftE_imm( pfx, delta, "pslld", Iop_ShlN32x4 );
14033 goto decode_success;
14034 }
14035 break;
14036
14037 case 0x73:
14038 /* 66 0F 73 /3 ib = PSRLDQ by immediate */
14039 /* note, if mem case ever filled in, 1 byte after amode */
14040 if (have66noF2noF3(pfx) && sz == 2
14041 && epartIsReg(getUChar(delta))
14042 && gregLO3ofRM(getUChar(delta)) == 3) {
14043 Int imm = (Int)getUChar(delta+1);
14044 Int reg = eregOfRexRM(pfx,getUChar(delta));
14045 DIP("psrldq $%d,%s\n", imm, nameXMMReg(reg));
14046 delta += 2;
14047 IRTemp sV = newTemp(Ity_V128);
14048 assign( sV, getXMMReg(reg) );
14049 putXMMReg(reg, mkexpr(math_PSRLDQ( sV, imm )));
14050 goto decode_success;
14051 }
14052 /* 66 0F 73 /7 ib = PSLLDQ by immediate */
14053 /* note, if mem case ever filled in, 1 byte after amode */
14054 if (have66noF2noF3(pfx) && sz == 2
14055 && epartIsReg(getUChar(delta))
14056 && gregLO3ofRM(getUChar(delta)) == 7) {
14057 Int imm = (Int)getUChar(delta+1);
14058 Int reg = eregOfRexRM(pfx,getUChar(delta));
14059 DIP("pslldq $%d,%s\n", imm, nameXMMReg(reg));
14060 vassert(imm >= 0 && imm <= 255);
14061 delta += 2;
14062 IRTemp sV = newTemp(Ity_V128);
14063 assign( sV, getXMMReg(reg) );
14064 putXMMReg(reg, mkexpr(math_PSLLDQ( sV, imm )));
14065 goto decode_success;
14066 }
14067 /* 66 0F 73 /2 ib = PSRLQ by immediate */
14068 if (have66noF2noF3(pfx) && sz == 2
14069 && epartIsReg(getUChar(delta))
14070 && gregLO3ofRM(getUChar(delta)) == 2) {
14071 delta = dis_SSE_shiftE_imm( pfx, delta, "psrlq", Iop_ShrN64x2 );
14072 goto decode_success;
14073 }
14074 /* 66 0F 73 /6 ib = PSLLQ by immediate */
14075 if (have66noF2noF3(pfx) && sz == 2
14076 && epartIsReg(getUChar(delta))
14077 && gregLO3ofRM(getUChar(delta)) == 6) {
14078 delta = dis_SSE_shiftE_imm( pfx, delta, "psllq", Iop_ShlN64x2 );
14079 goto decode_success;
14080 }
14081 break;
14082
14083 case 0x74:
14084 /* 66 0F 74 = PCMPEQB */
14085 if (have66noF2noF3(pfx) && sz == 2) {
14086 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14087 "pcmpeqb", Iop_CmpEQ8x16, False );
14088 goto decode_success;
14089 }
14090 break;
14091
14092 case 0x75:
14093 /* 66 0F 75 = PCMPEQW */
14094 if (have66noF2noF3(pfx) && sz == 2) {
14095 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14096 "pcmpeqw", Iop_CmpEQ16x8, False );
14097 goto decode_success;
14098 }
14099 break;
14100
14101 case 0x76:
14102 /* 66 0F 76 = PCMPEQD */
14103 if (have66noF2noF3(pfx) && sz == 2) {
14104 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14105 "pcmpeqd", Iop_CmpEQ32x4, False );
14106 goto decode_success;
14107 }
14108 break;
14109
14110 case 0x7E:
14111 /* F3 0F 7E = MOVQ -- move 64 bits from E (mem or lo half xmm) to
14112 G (lo half xmm). Upper half of G is zeroed out. */
14113 if (haveF3no66noF2(pfx)
14114 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
14115 modrm = getUChar(delta);
14116 if (epartIsReg(modrm)) {
14117 putXMMRegLane64( gregOfRexRM(pfx,modrm), 0,
14118 getXMMRegLane64( eregOfRexRM(pfx,modrm), 0 ));
14119 /* zero bits 127:64 */
14120 putXMMRegLane64( gregOfRexRM(pfx,modrm), 1, mkU64(0) );
14121 DIP("movsd %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
14122 nameXMMReg(gregOfRexRM(pfx,modrm)));
14123 delta += 1;
14124 } else {
14125 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
14126 putXMMReg( gregOfRexRM(pfx,modrm), mkV128(0) );
14127 putXMMRegLane64( gregOfRexRM(pfx,modrm), 0,
14128 loadLE(Ity_I64, mkexpr(addr)) );
14129 DIP("movsd %s,%s\n", dis_buf,
14130 nameXMMReg(gregOfRexRM(pfx,modrm)));
14131 delta += alen;
14132 }
14133 goto decode_success;
14134 }
14135 /* 66 0F 7E = MOVD from xmm low 1/4 to ireg32 or m32. */
14136 /* or from xmm low 1/2 to ireg64 or m64. */
14137 if (have66noF2noF3(pfx) && (sz == 2 || sz == 8)) {
14138 if (sz == 2) sz = 4;
14139 modrm = getUChar(delta);
14140 if (epartIsReg(modrm)) {
14141 delta += 1;
14142 if (sz == 4) {
14143 putIReg32( eregOfRexRM(pfx,modrm),
14144 getXMMRegLane32(gregOfRexRM(pfx,modrm), 0) );
14145 DIP("movd %s, %s\n", nameXMMReg(gregOfRexRM(pfx,modrm)),
14146 nameIReg32(eregOfRexRM(pfx,modrm)));
14147 } else {
14148 putIReg64( eregOfRexRM(pfx,modrm),
14149 getXMMRegLane64(gregOfRexRM(pfx,modrm), 0) );
14150 DIP("movq %s, %s\n", nameXMMReg(gregOfRexRM(pfx,modrm)),
14151 nameIReg64(eregOfRexRM(pfx,modrm)));
14152 }
14153 } else {
14154 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
14155 delta += alen;
14156 storeLE( mkexpr(addr),
14157 sz == 4
14158 ? getXMMRegLane32(gregOfRexRM(pfx,modrm),0)
14159 : getXMMRegLane64(gregOfRexRM(pfx,modrm),0) );
14160 DIP("mov%c %s, %s\n", sz == 4 ? 'd' : 'q',
14161 nameXMMReg(gregOfRexRM(pfx,modrm)), dis_buf);
14162 }
14163 goto decode_success;
14164 }
14165 break;
14166
14167 case 0x7F:
14168 /* F3 0F 7F = MOVDQU -- move from G (xmm) to E (mem or xmm). */
14169 if (haveF3no66noF2(pfx) && sz == 4) {
14170 modrm = getUChar(delta);
14171 if (epartIsReg(modrm)) {
14172 goto decode_failure; /* awaiting test case */
14173 delta += 1;
14174 putXMMReg( eregOfRexRM(pfx,modrm),
14175 getXMMReg(gregOfRexRM(pfx,modrm)) );
14176 DIP("movdqu %s, %s\n", nameXMMReg(gregOfRexRM(pfx,modrm)),
14177 nameXMMReg(eregOfRexRM(pfx,modrm)));
14178 } else {
14179 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
14180 delta += alen;
14181 storeLE( mkexpr(addr), getXMMReg(gregOfRexRM(pfx,modrm)) );
14182 DIP("movdqu %s, %s\n", nameXMMReg(gregOfRexRM(pfx,modrm)), dis_buf);
14183 }
14184 goto decode_success;
14185 }
14186 /* 66 0F 7F = MOVDQA -- move from G (xmm) to E (mem or xmm). */
14187 if (have66noF2noF3(pfx) && sz == 2) {
14188 modrm = getUChar(delta);
14189 if (epartIsReg(modrm)) {
14190 delta += 1;
14191 putXMMReg( eregOfRexRM(pfx,modrm),
14192 getXMMReg(gregOfRexRM(pfx,modrm)) );
14193 DIP("movdqa %s, %s\n", nameXMMReg(gregOfRexRM(pfx,modrm)),
14194 nameXMMReg(eregOfRexRM(pfx,modrm)));
14195 } else {
14196 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
14197 gen_SEGV_if_not_16_aligned( addr );
14198 delta += alen;
14199 storeLE( mkexpr(addr), getXMMReg(gregOfRexRM(pfx,modrm)) );
14200 DIP("movdqa %s, %s\n", nameXMMReg(gregOfRexRM(pfx,modrm)), dis_buf);
14201 }
14202 goto decode_success;
14203 }
14204 break;
14205
14206 case 0xAE:
14207 /* 0F AE /7 = SFENCE -- flush pending operations to memory */
14208 if (haveNo66noF2noF3(pfx)
14209 && epartIsReg(getUChar(delta)) && gregLO3ofRM(getUChar(delta)) == 7
14210 && sz == 4) {
14211 delta += 1;
14212 /* Insert a memory fence. It's sometimes important that these
14213 are carried through to the generated code. */
14214 stmt( IRStmt_MBE(Imbe_Fence) );
14215 DIP("sfence\n");
14216 goto decode_success;
14217 }
14218 /* mindless duplication follows .. */
14219 /* 0F AE /5 = LFENCE -- flush pending operations to memory */
14220 /* 0F AE /6 = MFENCE -- flush pending operations to memory */
14221 if (haveNo66noF2noF3(pfx)
14222 && epartIsReg(getUChar(delta))
14223 && (gregLO3ofRM(getUChar(delta)) == 5
14224 || gregLO3ofRM(getUChar(delta)) == 6)
14225 && sz == 4) {
14226 delta += 1;
14227 /* Insert a memory fence. It's sometimes important that these
14228 are carried through to the generated code. */
14229 stmt( IRStmt_MBE(Imbe_Fence) );
14230 DIP("%sfence\n", gregLO3ofRM(getUChar(delta-1))==5 ? "l" : "m");
14231 goto decode_success;
14232 }
14233
14234 /* 0F AE /7 = CLFLUSH -- flush cache line */
14235 if (haveNo66noF2noF3(pfx)
14236 && !epartIsReg(getUChar(delta)) && gregLO3ofRM(getUChar(delta)) == 7
14237 && sz == 4) {
14238
14239 /* This is something of a hack. We need to know the size of
14240 the cache line containing addr. Since we don't (easily),
14241 assume 256 on the basis that no real cache would have a
14242 line that big. It's safe to invalidate more stuff than we
14243 need, just inefficient. */
14244 ULong lineszB = 256ULL;
14245
14246 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
14247 delta += alen;
14248
14249 /* Round addr down to the start of the containing block. */
14250 stmt( IRStmt_Put(
14251 OFFB_CMSTART,
14252 binop( Iop_And64,
14253 mkexpr(addr),
14254 mkU64( ~(lineszB-1) ))) );
14255
14256 stmt( IRStmt_Put(OFFB_CMLEN, mkU64(lineszB) ) );
14257
14258 jmp_lit(dres, Ijk_InvalICache, (Addr64)(guest_RIP_bbstart+delta));
14259
14260 DIP("clflush %s\n", dis_buf);
14261 goto decode_success;
14262 }
14263
14264 /* 0F AE /3 = STMXCSR m32 -- store %mxcsr */
14265 if (haveNo66noF2noF3(pfx)
14266 && !epartIsReg(getUChar(delta)) && gregLO3ofRM(getUChar(delta)) == 3
14267 && sz == 4) {
14268 delta = dis_STMXCSR(vbi, pfx, delta, False/*!isAvx*/);
14269 goto decode_success;
14270 }
14271 /* 0F AE /2 = LDMXCSR m32 -- load %mxcsr */
14272 if (haveNo66noF2noF3(pfx)
14273 && !epartIsReg(getUChar(delta)) && gregLO3ofRM(getUChar(delta)) == 2
14274 && sz == 4) {
14275 delta = dis_LDMXCSR(vbi, pfx, delta, False/*!isAvx*/);
14276 goto decode_success;
14277 }
14278 /* 0F AE /0 = FXSAVE m512 -- write x87 and SSE state to memory */
14279 if (haveNo66noF2noF3(pfx) && (sz == 4 || sz == 8)
14280 && !epartIsReg(getUChar(delta))
14281 && gregOfRexRM(pfx,getUChar(delta)) == 0) {
14282 delta = dis_FXSAVE(vbi, pfx, delta, sz);
14283 goto decode_success;
14284 }
14285 /* 0F AE /1 = FXRSTOR m512 -- read x87 and SSE state from memory */
14286 if (haveNo66noF2noF3(pfx) && (sz == 4 || sz == 8)
14287 && !epartIsReg(getUChar(delta))
14288 && gregOfRexRM(pfx,getUChar(delta)) == 1) {
14289 delta = dis_FXRSTOR(vbi, pfx, delta, sz);
14290 goto decode_success;
14291 }
14292 /* 0F AE /4 = XSAVE mem -- write x87, SSE, AVX state to memory */
14293 if (haveNo66noF2noF3(pfx) && (sz == 4 || sz == 8)
14294 && !epartIsReg(getUChar(delta))
14295 && gregOfRexRM(pfx,getUChar(delta)) == 4
14296 && (archinfo->hwcaps & VEX_HWCAPS_AMD64_AVX)) {
14297 delta = dis_XSAVE(vbi, pfx, delta, sz);
14298 goto decode_success;
14299 }
14300 /* 0F AE /5 = XRSTOR mem -- read x87, SSE, AVX state from memory */
14301 if (haveNo66noF2noF3(pfx) && (sz == 4 || sz == 8)
14302 && !epartIsReg(getUChar(delta))
14303 && gregOfRexRM(pfx,getUChar(delta)) == 5
14304 && (archinfo->hwcaps & VEX_HWCAPS_AMD64_AVX)) {
14305 delta = dis_XRSTOR(vbi, pfx, delta, sz);
14306 goto decode_success;
14307 }
14308 break;
14309
14310 case 0xC2:
14311 /* 0F C2 = CMPPS -- 32Fx4 comparison from R/M to R */
14312 if (haveNo66noF2noF3(pfx) && sz == 4) {
14313 Long delta0 = delta;
14314 delta = dis_SSE_cmp_E_to_G( vbi, pfx, delta, "cmpps", True, 4 );
14315 if (delta > delta0) goto decode_success;
14316 }
14317 /* F3 0F C2 = CMPSS -- 32F0x4 comparison from R/M to R */
14318 if (haveF3no66noF2(pfx) && sz == 4) {
14319 Long delta0 = delta;
14320 delta = dis_SSE_cmp_E_to_G( vbi, pfx, delta, "cmpss", False, 4 );
14321 if (delta > delta0) goto decode_success;
14322 }
14323 /* F2 0F C2 = CMPSD -- 64F0x2 comparison from R/M to R */
14324 if (haveF2no66noF3(pfx) && sz == 4) {
14325 Long delta0 = delta;
14326 delta = dis_SSE_cmp_E_to_G( vbi, pfx, delta, "cmpsd", False, 8 );
14327 if (delta > delta0) goto decode_success;
14328 }
14329 /* 66 0F C2 = CMPPD -- 64Fx2 comparison from R/M to R */
14330 if (have66noF2noF3(pfx) && sz == 2) {
14331 Long delta0 = delta;
14332 delta = dis_SSE_cmp_E_to_G( vbi, pfx, delta, "cmppd", True, 8 );
14333 if (delta > delta0) goto decode_success;
14334 }
14335 break;
14336
14337 case 0xC3:
14338 /* 0F C3 = MOVNTI -- for us, just a plain ireg store. */
14339 if (haveNo66noF2noF3(pfx) && (sz == 4 || sz == 8)) {
14340 modrm = getUChar(delta);
14341 if (!epartIsReg(modrm)) {
14342 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
14343 storeLE( mkexpr(addr), getIRegG(sz, pfx, modrm) );
14344 DIP("movnti %s,%s\n", dis_buf,
14345 nameIRegG(sz, pfx, modrm));
14346 delta += alen;
14347 goto decode_success;
14348 }
14349 /* else fall through */
14350 }
14351 break;
14352
14353 case 0xC4:
14354 /* ***--- this is an MMX class insn introduced in SSE1 ---*** */
14355 /* 0F C4 = PINSRW -- get 16 bits from E(mem or low half ireg) and
14356 put it into the specified lane of mmx(G). */
14357 if (haveNo66noF2noF3(pfx)
14358 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
14359 /* Use t0 .. t3 to hold the 4 original 16-bit lanes of the
14360 mmx reg. t4 is the new lane value. t5 is the original
14361 mmx value. t6 is the new mmx value. */
14362 Int lane;
14363 t4 = newTemp(Ity_I16);
14364 t5 = newTemp(Ity_I64);
14365 t6 = newTemp(Ity_I64);
14366 modrm = getUChar(delta);
14367 do_MMX_preamble();
14368
14369 assign(t5, getMMXReg(gregLO3ofRM(modrm)));
14370 breakup64to16s( t5, &t3, &t2, &t1, &t0 );
14371
14372 if (epartIsReg(modrm)) {
14373 assign(t4, getIReg16(eregOfRexRM(pfx,modrm)));
14374 delta += 1+1;
14375 lane = getUChar(delta-1);
14376 DIP("pinsrw $%d,%s,%s\n", lane,
14377 nameIReg16(eregOfRexRM(pfx,modrm)),
14378 nameMMXReg(gregLO3ofRM(modrm)));
14379 } else {
14380 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 1 );
14381 delta += 1+alen;
14382 lane = getUChar(delta-1);
14383 assign(t4, loadLE(Ity_I16, mkexpr(addr)));
14384 DIP("pinsrw $%d,%s,%s\n", lane,
14385 dis_buf,
14386 nameMMXReg(gregLO3ofRM(modrm)));
14387 }
14388
14389 switch (lane & 3) {
14390 case 0: assign(t6, mk64from16s(t3,t2,t1,t4)); break;
14391 case 1: assign(t6, mk64from16s(t3,t2,t4,t0)); break;
14392 case 2: assign(t6, mk64from16s(t3,t4,t1,t0)); break;
14393 case 3: assign(t6, mk64from16s(t4,t2,t1,t0)); break;
14394 default: vassert(0);
14395 }
14396 putMMXReg(gregLO3ofRM(modrm), mkexpr(t6));
14397 goto decode_success;
14398 }
14399 /* 66 0F C4 = PINSRW -- get 16 bits from E(mem or low half ireg) and
14400 put it into the specified lane of xmm(G). */
14401 if (have66noF2noF3(pfx)
14402 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
14403 Int lane;
14404 t4 = newTemp(Ity_I16);
14405 modrm = getUChar(delta);
14406 UInt rG = gregOfRexRM(pfx,modrm);
14407 if (epartIsReg(modrm)) {
14408 UInt rE = eregOfRexRM(pfx,modrm);
14409 assign(t4, getIReg16(rE));
14410 delta += 1+1;
14411 lane = getUChar(delta-1);
14412 DIP("pinsrw $%d,%s,%s\n",
14413 lane, nameIReg16(rE), nameXMMReg(rG));
14414 } else {
14415 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf,
14416 1/*byte after the amode*/ );
14417 delta += 1+alen;
14418 lane = getUChar(delta-1);
14419 assign(t4, loadLE(Ity_I16, mkexpr(addr)));
14420 DIP("pinsrw $%d,%s,%s\n",
14421 lane, dis_buf, nameXMMReg(rG));
14422 }
14423 IRTemp src_vec = newTemp(Ity_V128);
14424 assign(src_vec, getXMMReg(rG));
14425 IRTemp res_vec = math_PINSRW_128( src_vec, t4, lane & 7);
14426 putXMMReg(rG, mkexpr(res_vec));
14427 goto decode_success;
14428 }
14429 break;
14430
14431 case 0xC5:
14432 /* ***--- this is an MMX class insn introduced in SSE1 ---*** */
14433 /* 0F C5 = PEXTRW -- extract 16-bit field from mmx(E) and put
14434 zero-extend of it in ireg(G). */
14435 if (haveNo66noF2noF3(pfx) && (sz == 4 || sz == 8)) {
14436 modrm = getUChar(delta);
14437 if (epartIsReg(modrm)) {
14438 IRTemp sV = newTemp(Ity_I64);
14439 t5 = newTemp(Ity_I16);
14440 do_MMX_preamble();
14441 assign(sV, getMMXReg(eregLO3ofRM(modrm)));
14442 breakup64to16s( sV, &t3, &t2, &t1, &t0 );
14443 switch (getUChar(delta+1) & 3) {
14444 case 0: assign(t5, mkexpr(t0)); break;
14445 case 1: assign(t5, mkexpr(t1)); break;
14446 case 2: assign(t5, mkexpr(t2)); break;
14447 case 3: assign(t5, mkexpr(t3)); break;
14448 default: vassert(0);
14449 }
14450 if (sz == 8)
14451 putIReg64(gregOfRexRM(pfx,modrm), unop(Iop_16Uto64, mkexpr(t5)));
14452 else
14453 putIReg32(gregOfRexRM(pfx,modrm), unop(Iop_16Uto32, mkexpr(t5)));
14454 DIP("pextrw $%d,%s,%s\n",
14455 (Int)getUChar(delta+1),
14456 nameMMXReg(eregLO3ofRM(modrm)),
14457 sz==8 ? nameIReg64(gregOfRexRM(pfx,modrm))
14458 : nameIReg32(gregOfRexRM(pfx,modrm))
14459 );
14460 delta += 2;
14461 goto decode_success;
14462 }
14463 /* else fall through */
14464 /* note, for anyone filling in the mem case: this insn has one
14465 byte after the amode and therefore you must pass 1 as the
14466 last arg to disAMode */
14467 }
14468 /* 66 0F C5 = PEXTRW -- extract 16-bit field from xmm(E) and put
14469 zero-extend of it in ireg(G). */
14470 if (have66noF2noF3(pfx)
14471 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
14472 Long delta0 = delta;
14473 delta = dis_PEXTRW_128_EregOnly_toG( vbi, pfx, delta,
14474 False/*!isAvx*/ );
14475 if (delta > delta0) goto decode_success;
14476 /* else fall through -- decoding has failed */
14477 }
14478 break;
14479
14480 case 0xC6:
14481 /* 0F C6 /r ib = SHUFPS -- shuffle packed F32s */
14482 if (haveNo66noF2noF3(pfx) && sz == 4) {
14483 Int imm8 = 0;
14484 IRTemp sV = newTemp(Ity_V128);
14485 IRTemp dV = newTemp(Ity_V128);
14486 modrm = getUChar(delta);
14487 UInt rG = gregOfRexRM(pfx,modrm);
14488 assign( dV, getXMMReg(rG) );
14489 if (epartIsReg(modrm)) {
14490 UInt rE = eregOfRexRM(pfx,modrm);
14491 assign( sV, getXMMReg(rE) );
14492 imm8 = (Int)getUChar(delta+1);
14493 delta += 1+1;
14494 DIP("shufps $%d,%s,%s\n", imm8, nameXMMReg(rE), nameXMMReg(rG));
14495 } else {
14496 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 1 );
14497 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
14498 imm8 = (Int)getUChar(delta+alen);
14499 delta += 1+alen;
14500 DIP("shufps $%d,%s,%s\n", imm8, dis_buf, nameXMMReg(rG));
14501 }
14502 IRTemp res = math_SHUFPS_128( sV, dV, imm8 );
14503 putXMMReg( gregOfRexRM(pfx,modrm), mkexpr(res) );
14504 goto decode_success;
14505 }
14506 /* 66 0F C6 /r ib = SHUFPD -- shuffle packed F64s */
14507 if (have66noF2noF3(pfx) && sz == 2) {
14508 Int select;
14509 IRTemp sV = newTemp(Ity_V128);
14510 IRTemp dV = newTemp(Ity_V128);
14511
14512 modrm = getUChar(delta);
14513 assign( dV, getXMMReg(gregOfRexRM(pfx,modrm)) );
14514
14515 if (epartIsReg(modrm)) {
14516 assign( sV, getXMMReg(eregOfRexRM(pfx,modrm)) );
14517 select = (Int)getUChar(delta+1);
14518 delta += 1+1;
14519 DIP("shufpd $%d,%s,%s\n", select,
14520 nameXMMReg(eregOfRexRM(pfx,modrm)),
14521 nameXMMReg(gregOfRexRM(pfx,modrm)));
14522 } else {
14523 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 1 );
14524 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
14525 select = getUChar(delta+alen);
14526 delta += 1+alen;
14527 DIP("shufpd $%d,%s,%s\n", select,
14528 dis_buf,
14529 nameXMMReg(gregOfRexRM(pfx,modrm)));
14530 }
14531
14532 IRTemp res = math_SHUFPD_128( sV, dV, select );
14533 putXMMReg( gregOfRexRM(pfx,modrm), mkexpr(res) );
14534 goto decode_success;
14535 }
14536 break;
14537
14538 case 0xD1:
14539 /* 66 0F D1 = PSRLW by E */
14540 if (have66noF2noF3(pfx) && sz == 2) {
14541 delta = dis_SSE_shiftG_byE( vbi, pfx, delta, "psrlw", Iop_ShrN16x8 );
14542 goto decode_success;
14543 }
14544 break;
14545
14546 case 0xD2:
14547 /* 66 0F D2 = PSRLD by E */
14548 if (have66noF2noF3(pfx) && sz == 2) {
14549 delta = dis_SSE_shiftG_byE( vbi, pfx, delta, "psrld", Iop_ShrN32x4 );
14550 goto decode_success;
14551 }
14552 break;
14553
14554 case 0xD3:
14555 /* 66 0F D3 = PSRLQ by E */
14556 if (have66noF2noF3(pfx) && sz == 2) {
14557 delta = dis_SSE_shiftG_byE( vbi, pfx, delta, "psrlq", Iop_ShrN64x2 );
14558 goto decode_success;
14559 }
14560 break;
14561
14562 case 0xD4:
14563 /* 66 0F D4 = PADDQ */
14564 if (have66noF2noF3(pfx) && sz == 2) {
14565 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14566 "paddq", Iop_Add64x2, False );
14567 goto decode_success;
14568 }
14569 /* ***--- this is an MMX class insn introduced in SSE2 ---*** */
14570 /* 0F D4 = PADDQ -- add 64x1 */
14571 if (haveNo66noF2noF3(pfx) && sz == 4) {
14572 do_MMX_preamble();
14573 delta = dis_MMXop_regmem_to_reg (
14574 vbi, pfx, delta, opc, "paddq", False );
14575 goto decode_success;
14576 }
14577 break;
14578
14579 case 0xD5:
14580 /* 66 0F D5 = PMULLW -- 16x8 multiply */
14581 if (have66noF2noF3(pfx) && sz == 2) {
14582 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14583 "pmullw", Iop_Mul16x8, False );
14584 goto decode_success;
14585 }
14586 break;
14587
14588 case 0xD6:
14589 /* F3 0F D6 = MOVQ2DQ -- move from E (mmx) to G (lo half xmm, zero
14590 hi half). */
14591 if (haveF3no66noF2(pfx) && sz == 4) {
14592 modrm = getUChar(delta);
14593 if (epartIsReg(modrm)) {
14594 do_MMX_preamble();
14595 putXMMReg( gregOfRexRM(pfx,modrm),
14596 unop(Iop_64UtoV128, getMMXReg( eregLO3ofRM(modrm) )) );
14597 DIP("movq2dq %s,%s\n", nameMMXReg(eregLO3ofRM(modrm)),
14598 nameXMMReg(gregOfRexRM(pfx,modrm)));
14599 delta += 1;
14600 goto decode_success;
14601 }
14602 /* apparently no mem case for this insn */
14603 }
14604 /* 66 0F D6 = MOVQ -- move 64 bits from G (lo half xmm) to E (mem
14605 or lo half xmm). */
14606 if (have66noF2noF3(pfx)
14607 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
14608 modrm = getUChar(delta);
14609 if (epartIsReg(modrm)) {
14610 /* fall through, awaiting test case */
14611 /* dst: lo half copied, hi half zeroed */
14612 } else {
14613 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
14614 storeLE( mkexpr(addr),
14615 getXMMRegLane64( gregOfRexRM(pfx,modrm), 0 ));
14616 DIP("movq %s,%s\n", nameXMMReg(gregOfRexRM(pfx,modrm)), dis_buf );
14617 delta += alen;
14618 goto decode_success;
14619 }
14620 }
14621 /* F2 0F D6 = MOVDQ2Q -- move from E (lo half xmm, not mem) to G (mmx). */
14622 if (haveF2no66noF3(pfx) && sz == 4) {
14623 modrm = getUChar(delta);
14624 if (epartIsReg(modrm)) {
14625 do_MMX_preamble();
14626 putMMXReg( gregLO3ofRM(modrm),
14627 getXMMRegLane64( eregOfRexRM(pfx,modrm), 0 ));
14628 DIP("movdq2q %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
14629 nameMMXReg(gregLO3ofRM(modrm)));
14630 delta += 1;
14631 goto decode_success;
14632 }
14633 /* apparently no mem case for this insn */
14634 }
14635 break;
14636
14637 case 0xD7:
14638 /* 66 0F D7 = PMOVMSKB -- extract sign bits from each of 16
14639 lanes in xmm(E), turn them into a byte, and put
14640 zero-extend of it in ireg(G). Doing this directly is just
14641 too cumbersome; give up therefore and call a helper. */
14642 if (have66noF2noF3(pfx)
14643 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)
14644 && epartIsReg(getUChar(delta))) { /* no memory case, it seems */
14645 delta = dis_PMOVMSKB_128( vbi, pfx, delta, False/*!isAvx*/ );
14646 goto decode_success;
14647 }
14648 /* ***--- this is an MMX class insn introduced in SSE1 ---*** */
14649 /* 0F D7 = PMOVMSKB -- extract sign bits from each of 8 lanes in
14650 mmx(E), turn them into a byte, and put zero-extend of it in
14651 ireg(G). */
14652 if (haveNo66noF2noF3(pfx)
14653 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
14654 modrm = getUChar(delta);
14655 if (epartIsReg(modrm)) {
14656 do_MMX_preamble();
14657 t0 = newTemp(Ity_I64);
14658 t1 = newTemp(Ity_I32);
14659 assign(t0, getMMXReg(eregLO3ofRM(modrm)));
14660 assign(t1, unop(Iop_8Uto32, unop(Iop_GetMSBs8x8, mkexpr(t0))));
14661 putIReg32(gregOfRexRM(pfx,modrm), mkexpr(t1));
14662 DIP("pmovmskb %s,%s\n", nameMMXReg(eregLO3ofRM(modrm)),
14663 nameIReg32(gregOfRexRM(pfx,modrm)));
14664 delta += 1;
14665 goto decode_success;
14666 }
14667 /* else fall through */
14668 }
14669 break;
14670
14671 case 0xD8:
14672 /* 66 0F D8 = PSUBUSB */
14673 if (have66noF2noF3(pfx) && sz == 2) {
14674 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14675 "psubusb", Iop_QSub8Ux16, False );
14676 goto decode_success;
14677 }
14678 break;
14679
14680 case 0xD9:
14681 /* 66 0F D9 = PSUBUSW */
14682 if (have66noF2noF3(pfx) && sz == 2) {
14683 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14684 "psubusw", Iop_QSub16Ux8, False );
14685 goto decode_success;
14686 }
14687 break;
14688
14689 case 0xDA:
14690 /* ***--- this is an MMX class insn introduced in SSE1 ---*** */
14691 /* 0F DA = PMINUB -- 8x8 unsigned min */
14692 if (haveNo66noF2noF3(pfx) && sz == 4) {
14693 do_MMX_preamble();
14694 delta = dis_MMXop_regmem_to_reg (
14695 vbi, pfx, delta, opc, "pminub", False );
14696 goto decode_success;
14697 }
14698 /* 66 0F DA = PMINUB -- 8x16 unsigned min */
14699 if (have66noF2noF3(pfx) && sz == 2) {
14700 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14701 "pminub", Iop_Min8Ux16, False );
14702 goto decode_success;
14703 }
14704 break;
14705
14706 case 0xDB:
14707 /* 66 0F DB = PAND */
14708 if (have66noF2noF3(pfx) && sz == 2) {
14709 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "pand", Iop_AndV128 );
14710 goto decode_success;
14711 }
14712 break;
14713
14714 case 0xDC:
14715 /* 66 0F DC = PADDUSB */
14716 if (have66noF2noF3(pfx) && sz == 2) {
14717 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14718 "paddusb", Iop_QAdd8Ux16, False );
14719 goto decode_success;
14720 }
14721 break;
14722
14723 case 0xDD:
14724 /* 66 0F DD = PADDUSW */
14725 if (have66noF2noF3(pfx) && sz == 2) {
14726 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14727 "paddusw", Iop_QAdd16Ux8, False );
14728 goto decode_success;
14729 }
14730 break;
14731
14732 case 0xDE:
14733 /* ***--- this is an MMX class insn introduced in SSE1 ---*** */
14734 /* 0F DE = PMAXUB -- 8x8 unsigned max */
14735 if (haveNo66noF2noF3(pfx) && sz == 4) {
14736 do_MMX_preamble();
14737 delta = dis_MMXop_regmem_to_reg (
14738 vbi, pfx, delta, opc, "pmaxub", False );
14739 goto decode_success;
14740 }
14741 /* 66 0F DE = PMAXUB -- 8x16 unsigned max */
14742 if (have66noF2noF3(pfx) && sz == 2) {
14743 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14744 "pmaxub", Iop_Max8Ux16, False );
14745 goto decode_success;
14746 }
14747 break;
14748
14749 case 0xDF:
14750 /* 66 0F DF = PANDN */
14751 if (have66noF2noF3(pfx) && sz == 2) {
14752 delta = dis_SSE_E_to_G_all_invG( vbi, pfx, delta, "pandn", Iop_AndV128 );
14753 goto decode_success;
14754 }
14755 break;
14756
14757 case 0xE0:
14758 /* ***--- this is an MMX class insn introduced in SSE1 ---*** */
14759 /* 0F E0 = PAVGB -- 8x8 unsigned Packed Average, with rounding */
14760 if (haveNo66noF2noF3(pfx) && sz == 4) {
14761 do_MMX_preamble();
14762 delta = dis_MMXop_regmem_to_reg (
14763 vbi, pfx, delta, opc, "pavgb", False );
14764 goto decode_success;
14765 }
14766 /* 66 0F E0 = PAVGB */
14767 if (have66noF2noF3(pfx) && sz == 2) {
14768 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14769 "pavgb", Iop_Avg8Ux16, False );
14770 goto decode_success;
14771 }
14772 break;
14773
14774 case 0xE1:
14775 /* 66 0F E1 = PSRAW by E */
14776 if (have66noF2noF3(pfx) && sz == 2) {
14777 delta = dis_SSE_shiftG_byE( vbi, pfx, delta, "psraw", Iop_SarN16x8 );
14778 goto decode_success;
14779 }
14780 break;
14781
14782 case 0xE2:
14783 /* 66 0F E2 = PSRAD by E */
14784 if (have66noF2noF3(pfx) && sz == 2) {
14785 delta = dis_SSE_shiftG_byE( vbi, pfx, delta, "psrad", Iop_SarN32x4 );
14786 goto decode_success;
14787 }
14788 break;
14789
14790 case 0xE3:
14791 /* ***--- this is an MMX class insn introduced in SSE1 ---*** */
14792 /* 0F E3 = PAVGW -- 16x4 unsigned Packed Average, with rounding */
14793 if (haveNo66noF2noF3(pfx) && sz == 4) {
14794 do_MMX_preamble();
14795 delta = dis_MMXop_regmem_to_reg (
14796 vbi, pfx, delta, opc, "pavgw", False );
14797 goto decode_success;
14798 }
14799 /* 66 0F E3 = PAVGW */
14800 if (have66noF2noF3(pfx) && sz == 2) {
14801 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14802 "pavgw", Iop_Avg16Ux8, False );
14803 goto decode_success;
14804 }
14805 break;
14806
14807 case 0xE4:
14808 /* ***--- this is an MMX class insn introduced in SSE1 ---*** */
14809 /* 0F E4 = PMULUH -- 16x4 hi-half of unsigned widening multiply */
14810 if (haveNo66noF2noF3(pfx) && sz == 4) {
14811 do_MMX_preamble();
14812 delta = dis_MMXop_regmem_to_reg (
14813 vbi, pfx, delta, opc, "pmuluh", False );
14814 goto decode_success;
14815 }
14816 /* 66 0F E4 = PMULHUW -- 16x8 hi-half of unsigned widening multiply */
14817 if (have66noF2noF3(pfx) && sz == 2) {
14818 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14819 "pmulhuw", Iop_MulHi16Ux8, False );
14820 goto decode_success;
14821 }
14822 break;
14823
14824 case 0xE5:
14825 /* 66 0F E5 = PMULHW -- 16x8 hi-half of signed widening multiply */
14826 if (have66noF2noF3(pfx) && sz == 2) {
14827 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14828 "pmulhw", Iop_MulHi16Sx8, False );
14829 goto decode_success;
14830 }
14831 break;
14832
14833 case 0xE6:
14834 /* 66 0F E6 = CVTTPD2DQ -- convert 2 x F64 in mem/xmm to 2 x I32 in
14835 lo half xmm(G), and zero upper half, rounding towards zero */
14836 /* F2 0F E6 = CVTPD2DQ -- convert 2 x F64 in mem/xmm to 2 x I32 in
14837 lo half xmm(G), according to prevailing rounding mode, and zero
14838 upper half */
14839 if ( (haveF2no66noF3(pfx) && sz == 4)
14840 || (have66noF2noF3(pfx) && sz == 2) ) {
14841 delta = dis_CVTxPD2DQ_128( vbi, pfx, delta, False/*!isAvx*/,
14842 toBool(sz == 2)/*r2zero*/);
14843 goto decode_success;
14844 }
14845 /* F3 0F E6 = CVTDQ2PD -- convert 2 x I32 in mem/lo half xmm to 2 x
14846 F64 in xmm(G) */
14847 if (haveF3no66noF2(pfx) && sz == 4) {
14848 delta = dis_CVTDQ2PD_128(vbi, pfx, delta, False/*!isAvx*/);
14849 goto decode_success;
14850 }
14851 break;
14852
14853 case 0xE7:
14854 /* ***--- this is an MMX class insn introduced in SSE1 ---*** */
14855 /* 0F E7 = MOVNTQ -- for us, just a plain MMX store. Note, the
14856 Intel manual does not say anything about the usual business of
14857 the FP reg tags getting trashed whenever an MMX insn happens.
14858 So we just leave them alone.
14859 */
14860 if (haveNo66noF2noF3(pfx) && sz == 4) {
14861 modrm = getUChar(delta);
14862 if (!epartIsReg(modrm)) {
14863 /* do_MMX_preamble(); Intel docs don't specify this */
14864 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
14865 storeLE( mkexpr(addr), getMMXReg(gregLO3ofRM(modrm)) );
14866 DIP("movntq %s,%s\n", dis_buf,
14867 nameMMXReg(gregLO3ofRM(modrm)));
14868 delta += alen;
14869 goto decode_success;
14870 }
14871 /* else fall through */
14872 }
14873 /* 66 0F E7 = MOVNTDQ -- for us, just a plain SSE store. */
14874 if (have66noF2noF3(pfx) && sz == 2) {
14875 modrm = getUChar(delta);
14876 if (!epartIsReg(modrm)) {
14877 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
14878 gen_SEGV_if_not_16_aligned( addr );
14879 storeLE( mkexpr(addr), getXMMReg(gregOfRexRM(pfx,modrm)) );
14880 DIP("movntdq %s,%s\n", dis_buf,
14881 nameXMMReg(gregOfRexRM(pfx,modrm)));
14882 delta += alen;
14883 goto decode_success;
14884 }
14885 /* else fall through */
14886 }
14887 break;
14888
14889 case 0xE8:
14890 /* 66 0F E8 = PSUBSB */
14891 if (have66noF2noF3(pfx) && sz == 2) {
14892 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14893 "psubsb", Iop_QSub8Sx16, False );
14894 goto decode_success;
14895 }
14896 break;
14897
14898 case 0xE9:
14899 /* 66 0F E9 = PSUBSW */
14900 if (have66noF2noF3(pfx) && sz == 2) {
14901 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14902 "psubsw", Iop_QSub16Sx8, False );
14903 goto decode_success;
14904 }
14905 break;
14906
14907 case 0xEA:
14908 /* ***--- this is an MMX class insn introduced in SSE1 ---*** */
14909 /* 0F EA = PMINSW -- 16x4 signed min */
14910 if (haveNo66noF2noF3(pfx) && sz == 4) {
14911 do_MMX_preamble();
14912 delta = dis_MMXop_regmem_to_reg (
14913 vbi, pfx, delta, opc, "pminsw", False );
14914 goto decode_success;
14915 }
14916 /* 66 0F EA = PMINSW -- 16x8 signed min */
14917 if (have66noF2noF3(pfx) && sz == 2) {
14918 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14919 "pminsw", Iop_Min16Sx8, False );
14920 goto decode_success;
14921 }
14922 break;
14923
14924 case 0xEB:
14925 /* 66 0F EB = POR */
14926 if (have66noF2noF3(pfx) && sz == 2) {
14927 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "por", Iop_OrV128 );
14928 goto decode_success;
14929 }
14930 break;
14931
14932 case 0xEC:
14933 /* 66 0F EC = PADDSB */
14934 if (have66noF2noF3(pfx) && sz == 2) {
14935 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14936 "paddsb", Iop_QAdd8Sx16, False );
14937 goto decode_success;
14938 }
14939 break;
14940
14941 case 0xED:
14942 /* 66 0F ED = PADDSW */
14943 if (have66noF2noF3(pfx) && sz == 2) {
14944 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14945 "paddsw", Iop_QAdd16Sx8, False );
14946 goto decode_success;
14947 }
14948 break;
14949
14950 case 0xEE:
14951 /* ***--- this is an MMX class insn introduced in SSE1 ---*** */
14952 /* 0F EE = PMAXSW -- 16x4 signed max */
14953 if (haveNo66noF2noF3(pfx) && sz == 4) {
14954 do_MMX_preamble();
14955 delta = dis_MMXop_regmem_to_reg (
14956 vbi, pfx, delta, opc, "pmaxsw", False );
14957 goto decode_success;
14958 }
14959 /* 66 0F EE = PMAXSW -- 16x8 signed max */
14960 if (have66noF2noF3(pfx) && sz == 2) {
14961 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
14962 "pmaxsw", Iop_Max16Sx8, False );
14963 goto decode_success;
14964 }
14965 break;
14966
14967 case 0xEF:
14968 /* 66 0F EF = PXOR */
14969 if (have66noF2noF3(pfx) && sz == 2) {
14970 delta = dis_SSE_E_to_G_all( vbi, pfx, delta, "pxor", Iop_XorV128 );
14971 goto decode_success;
14972 }
14973 break;
14974
14975 case 0xF1:
14976 /* 66 0F F1 = PSLLW by E */
14977 if (have66noF2noF3(pfx) && sz == 2) {
14978 delta = dis_SSE_shiftG_byE( vbi, pfx, delta, "psllw", Iop_ShlN16x8 );
14979 goto decode_success;
14980 }
14981 break;
14982
14983 case 0xF2:
14984 /* 66 0F F2 = PSLLD by E */
14985 if (have66noF2noF3(pfx) && sz == 2) {
14986 delta = dis_SSE_shiftG_byE( vbi, pfx, delta, "pslld", Iop_ShlN32x4 );
14987 goto decode_success;
14988 }
14989 break;
14990
14991 case 0xF3:
14992 /* 66 0F F3 = PSLLQ by E */
14993 if (have66noF2noF3(pfx) && sz == 2) {
14994 delta = dis_SSE_shiftG_byE( vbi, pfx, delta, "psllq", Iop_ShlN64x2 );
14995 goto decode_success;
14996 }
14997 break;
14998
14999 case 0xF4:
15000 /* 66 0F F4 = PMULUDQ -- unsigned widening multiply of 32-lanes 0 x
15001 0 to form lower 64-bit half and lanes 2 x 2 to form upper 64-bit
15002 half */
15003 if (have66noF2noF3(pfx) && sz == 2) {
15004 IRTemp sV = newTemp(Ity_V128);
15005 IRTemp dV = newTemp(Ity_V128);
15006 modrm = getUChar(delta);
15007 UInt rG = gregOfRexRM(pfx,modrm);
15008 assign( dV, getXMMReg(rG) );
15009 if (epartIsReg(modrm)) {
15010 UInt rE = eregOfRexRM(pfx,modrm);
15011 assign( sV, getXMMReg(rE) );
15012 delta += 1;
15013 DIP("pmuludq %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
15014 } else {
15015 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15016 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
15017 delta += alen;
15018 DIP("pmuludq %s,%s\n", dis_buf, nameXMMReg(rG));
15019 }
15020 putXMMReg( rG, mkexpr(math_PMULUDQ_128( sV, dV )) );
15021 goto decode_success;
15022 }
15023 /* ***--- this is an MMX class insn introduced in SSE2 ---*** */
15024 /* 0F F4 = PMULUDQ -- unsigned widening multiply of 32-lanes 0 x
15025 0 to form 64-bit result */
15026 if (haveNo66noF2noF3(pfx) && sz == 4) {
15027 IRTemp sV = newTemp(Ity_I64);
15028 IRTemp dV = newTemp(Ity_I64);
15029 t1 = newTemp(Ity_I32);
15030 t0 = newTemp(Ity_I32);
15031 modrm = getUChar(delta);
15032
15033 do_MMX_preamble();
15034 assign( dV, getMMXReg(gregLO3ofRM(modrm)) );
15035
15036 if (epartIsReg(modrm)) {
15037 assign( sV, getMMXReg(eregLO3ofRM(modrm)) );
15038 delta += 1;
15039 DIP("pmuludq %s,%s\n", nameMMXReg(eregLO3ofRM(modrm)),
15040 nameMMXReg(gregLO3ofRM(modrm)));
15041 } else {
15042 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15043 assign( sV, loadLE(Ity_I64, mkexpr(addr)) );
15044 delta += alen;
15045 DIP("pmuludq %s,%s\n", dis_buf,
15046 nameMMXReg(gregLO3ofRM(modrm)));
15047 }
15048
15049 assign( t0, unop(Iop_64to32, mkexpr(dV)) );
15050 assign( t1, unop(Iop_64to32, mkexpr(sV)) );
15051 putMMXReg( gregLO3ofRM(modrm),
15052 binop( Iop_MullU32, mkexpr(t0), mkexpr(t1) ) );
15053 goto decode_success;
15054 }
15055 break;
15056
15057 case 0xF5:
15058 /* 66 0F F5 = PMADDWD -- Multiply and add packed integers from
15059 E(xmm or mem) to G(xmm) */
15060 if (have66noF2noF3(pfx) && sz == 2) {
15061 IRTemp sV = newTemp(Ity_V128);
15062 IRTemp dV = newTemp(Ity_V128);
15063 modrm = getUChar(delta);
15064 UInt rG = gregOfRexRM(pfx,modrm);
15065 if (epartIsReg(modrm)) {
15066 UInt rE = eregOfRexRM(pfx,modrm);
15067 assign( sV, getXMMReg(rE) );
15068 delta += 1;
15069 DIP("pmaddwd %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
15070 } else {
15071 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15072 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
15073 delta += alen;
15074 DIP("pmaddwd %s,%s\n", dis_buf, nameXMMReg(rG));
15075 }
15076 assign( dV, getXMMReg(rG) );
15077 putXMMReg( rG, mkexpr(math_PMADDWD_128(dV, sV)) );
15078 goto decode_success;
15079 }
15080 break;
15081
15082 case 0xF6:
15083 /* ***--- this is an MMX class insn introduced in SSE1 ---*** */
15084 /* 0F F6 = PSADBW -- sum of 8Ux8 absolute differences */
15085 if (haveNo66noF2noF3(pfx) && sz == 4) {
15086 do_MMX_preamble();
15087 delta = dis_MMXop_regmem_to_reg (
15088 vbi, pfx, delta, opc, "psadbw", False );
15089 goto decode_success;
15090 }
15091 /* 66 0F F6 = PSADBW -- 2 x (8x8 -> 48 zeroes ++ u16) Sum Abs Diffs
15092 from E(xmm or mem) to G(xmm) */
15093 if (have66noF2noF3(pfx) && sz == 2) {
15094 IRTemp sV = newTemp(Ity_V128);
15095 IRTemp dV = newTemp(Ity_V128);
15096 modrm = getUChar(delta);
15097 UInt rG = gregOfRexRM(pfx,modrm);
15098 if (epartIsReg(modrm)) {
15099 UInt rE = eregOfRexRM(pfx,modrm);
15100 assign( sV, getXMMReg(rE) );
15101 delta += 1;
15102 DIP("psadbw %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
15103 } else {
15104 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15105 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
15106 delta += alen;
15107 DIP("psadbw %s,%s\n", dis_buf, nameXMMReg(rG));
15108 }
15109 assign( dV, getXMMReg(rG) );
15110 putXMMReg( rG, mkexpr( math_PSADBW_128 ( dV, sV ) ) );
15111
15112 goto decode_success;
15113 }
15114 break;
15115
15116 case 0xF7:
15117 /* ***--- this is an MMX class insn introduced in SSE1 ---*** */
15118 /* 0F F7 = MASKMOVQ -- 8x8 masked store */
15119 if (haveNo66noF2noF3(pfx) && sz == 4) {
15120 Bool ok = False;
15121 delta = dis_MMX( &ok, vbi, pfx, sz, delta-1 );
15122 if (ok) goto decode_success;
15123 }
15124 /* 66 0F F7 = MASKMOVDQU -- store selected bytes of double quadword */
15125 if (have66noF2noF3(pfx) && sz == 2 && epartIsReg(getUChar(delta))) {
15126 delta = dis_MASKMOVDQU( vbi, pfx, delta, False/*!isAvx*/ );
15127 goto decode_success;
15128 }
15129 break;
15130
15131 case 0xF8:
15132 /* 66 0F F8 = PSUBB */
15133 if (have66noF2noF3(pfx) && sz == 2) {
15134 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
15135 "psubb", Iop_Sub8x16, False );
15136 goto decode_success;
15137 }
15138 break;
15139
15140 case 0xF9:
15141 /* 66 0F F9 = PSUBW */
15142 if (have66noF2noF3(pfx) && sz == 2) {
15143 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
15144 "psubw", Iop_Sub16x8, False );
15145 goto decode_success;
15146 }
15147 break;
15148
15149 case 0xFA:
15150 /* 66 0F FA = PSUBD */
15151 if (have66noF2noF3(pfx) && sz == 2) {
15152 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
15153 "psubd", Iop_Sub32x4, False );
15154 goto decode_success;
15155 }
15156 break;
15157
15158 case 0xFB:
15159 /* 66 0F FB = PSUBQ */
15160 if (have66noF2noF3(pfx) && sz == 2) {
15161 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
15162 "psubq", Iop_Sub64x2, False );
15163 goto decode_success;
15164 }
15165 /* ***--- this is an MMX class insn introduced in SSE2 ---*** */
15166 /* 0F FB = PSUBQ -- sub 64x1 */
15167 if (haveNo66noF2noF3(pfx) && sz == 4) {
15168 do_MMX_preamble();
15169 delta = dis_MMXop_regmem_to_reg (
15170 vbi, pfx, delta, opc, "psubq", False );
15171 goto decode_success;
15172 }
15173 break;
15174
15175 case 0xFC:
15176 /* 66 0F FC = PADDB */
15177 if (have66noF2noF3(pfx) && sz == 2) {
15178 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
15179 "paddb", Iop_Add8x16, False );
15180 goto decode_success;
15181 }
15182 break;
15183
15184 case 0xFD:
15185 /* 66 0F FD = PADDW */
15186 if (have66noF2noF3(pfx) && sz == 2) {
15187 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
15188 "paddw", Iop_Add16x8, False );
15189 goto decode_success;
15190 }
15191 break;
15192
15193 case 0xFE:
15194 /* 66 0F FE = PADDD */
15195 if (have66noF2noF3(pfx) && sz == 2) {
15196 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
15197 "paddd", Iop_Add32x4, False );
15198 goto decode_success;
15199 }
15200 break;
15201
15202 default:
15203 goto decode_failure;
15204
15205 }
15206
15207 decode_failure:
15208 *decode_OK = False;
15209 return deltaIN;
15210
15211 decode_success:
15212 *decode_OK = True;
15213 return delta;
15214 }
15215
15216
15217 /*------------------------------------------------------------*/
15218 /*--- ---*/
15219 /*--- Top-level SSE3 (not SupSSE3): dis_ESC_0F__SSE3 ---*/
15220 /*--- ---*/
15221 /*------------------------------------------------------------*/
15222
15223 static Long dis_MOVDDUP_128 ( const VexAbiInfo* vbi, Prefix pfx,
15224 Long delta, Bool isAvx )
15225 {
15226 IRTemp addr = IRTemp_INVALID;
15227 Int alen = 0;
15228 HChar dis_buf[50];
15229 IRTemp sV = newTemp(Ity_V128);
15230 IRTemp d0 = newTemp(Ity_I64);
15231 UChar modrm = getUChar(delta);
15232 UInt rG = gregOfRexRM(pfx,modrm);
15233 if (epartIsReg(modrm)) {
15234 UInt rE = eregOfRexRM(pfx,modrm);
15235 assign( sV, getXMMReg(rE) );
15236 DIP("%smovddup %s,%s\n",
15237 isAvx ? "v" : "", nameXMMReg(rE), nameXMMReg(rG));
15238 delta += 1;
15239 assign ( d0, unop(Iop_V128to64, mkexpr(sV)) );
15240 } else {
15241 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15242 assign( d0, loadLE(Ity_I64, mkexpr(addr)) );
15243 DIP("%smovddup %s,%s\n",
15244 isAvx ? "v" : "", dis_buf, nameXMMReg(rG));
15245 delta += alen;
15246 }
15247 (isAvx ? putYMMRegLoAndZU : putXMMReg)
15248 ( rG, binop(Iop_64HLtoV128,mkexpr(d0),mkexpr(d0)) );
15249 return delta;
15250 }
15251
15252
15253 static Long dis_MOVDDUP_256 ( const VexAbiInfo* vbi, Prefix pfx,
15254 Long delta )
15255 {
15256 IRTemp addr = IRTemp_INVALID;
15257 Int alen = 0;
15258 HChar dis_buf[50];
15259 IRTemp d0 = newTemp(Ity_I64);
15260 IRTemp d1 = newTemp(Ity_I64);
15261 UChar modrm = getUChar(delta);
15262 UInt rG = gregOfRexRM(pfx,modrm);
15263 if (epartIsReg(modrm)) {
15264 UInt rE = eregOfRexRM(pfx,modrm);
15265 DIP("vmovddup %s,%s\n", nameYMMReg(rE), nameYMMReg(rG));
15266 delta += 1;
15267 assign ( d0, getYMMRegLane64(rE, 0) );
15268 assign ( d1, getYMMRegLane64(rE, 2) );
15269 } else {
15270 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15271 assign( d0, loadLE(Ity_I64, mkexpr(addr)) );
15272 assign( d1, loadLE(Ity_I64, binop(Iop_Add64,
15273 mkexpr(addr), mkU64(16))) );
15274 DIP("vmovddup %s,%s\n", dis_buf, nameYMMReg(rG));
15275 delta += alen;
15276 }
15277 putYMMRegLane64( rG, 0, mkexpr(d0) );
15278 putYMMRegLane64( rG, 1, mkexpr(d0) );
15279 putYMMRegLane64( rG, 2, mkexpr(d1) );
15280 putYMMRegLane64( rG, 3, mkexpr(d1) );
15281 return delta;
15282 }
15283
15284
15285 static Long dis_MOVSxDUP_128 ( const VexAbiInfo* vbi, Prefix pfx,
15286 Long delta, Bool isAvx, Bool isL )
15287 {
15288 IRTemp addr = IRTemp_INVALID;
15289 Int alen = 0;
15290 HChar dis_buf[50];
15291 IRTemp sV = newTemp(Ity_V128);
15292 UChar modrm = getUChar(delta);
15293 UInt rG = gregOfRexRM(pfx,modrm);
15294 IRTemp s3, s2, s1, s0;
15295 s3 = s2 = s1 = s0 = IRTemp_INVALID;
15296 if (epartIsReg(modrm)) {
15297 UInt rE = eregOfRexRM(pfx,modrm);
15298 assign( sV, getXMMReg(rE) );
15299 DIP("%smovs%cdup %s,%s\n",
15300 isAvx ? "v" : "", isL ? 'l' : 'h', nameXMMReg(rE), nameXMMReg(rG));
15301 delta += 1;
15302 } else {
15303 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15304 if (!isAvx)
15305 gen_SEGV_if_not_16_aligned( addr );
15306 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
15307 DIP("%smovs%cdup %s,%s\n",
15308 isAvx ? "v" : "", isL ? 'l' : 'h', dis_buf, nameXMMReg(rG));
15309 delta += alen;
15310 }
15311 breakupV128to32s( sV, &s3, &s2, &s1, &s0 );
15312 (isAvx ? putYMMRegLoAndZU : putXMMReg)
15313 ( rG, isL ? mkV128from32s( s2, s2, s0, s0 )
15314 : mkV128from32s( s3, s3, s1, s1 ) );
15315 return delta;
15316 }
15317
15318
15319 static Long dis_MOVSxDUP_256 ( const VexAbiInfo* vbi, Prefix pfx,
15320 Long delta, Bool isL )
15321 {
15322 IRTemp addr = IRTemp_INVALID;
15323 Int alen = 0;
15324 HChar dis_buf[50];
15325 IRTemp sV = newTemp(Ity_V256);
15326 UChar modrm = getUChar(delta);
15327 UInt rG = gregOfRexRM(pfx,modrm);
15328 IRTemp s7, s6, s5, s4, s3, s2, s1, s0;
15329 s7 = s6 = s5 = s4 = s3 = s2 = s1 = s0 = IRTemp_INVALID;
15330 if (epartIsReg(modrm)) {
15331 UInt rE = eregOfRexRM(pfx,modrm);
15332 assign( sV, getYMMReg(rE) );
15333 DIP("vmovs%cdup %s,%s\n",
15334 isL ? 'l' : 'h', nameYMMReg(rE), nameYMMReg(rG));
15335 delta += 1;
15336 } else {
15337 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15338 assign( sV, loadLE(Ity_V256, mkexpr(addr)) );
15339 DIP("vmovs%cdup %s,%s\n",
15340 isL ? 'l' : 'h', dis_buf, nameYMMReg(rG));
15341 delta += alen;
15342 }
15343 breakupV256to32s( sV, &s7, &s6, &s5, &s4, &s3, &s2, &s1, &s0 );
15344 putYMMRegLane128( rG, 1, isL ? mkV128from32s( s6, s6, s4, s4 )
15345 : mkV128from32s( s7, s7, s5, s5 ) );
15346 putYMMRegLane128( rG, 0, isL ? mkV128from32s( s2, s2, s0, s0 )
15347 : mkV128from32s( s3, s3, s1, s1 ) );
15348 return delta;
15349 }
15350
15351
15352 static IRTemp math_HADDPS_128 ( IRTemp dV, IRTemp sV, Bool isAdd )
15353 {
15354 IRTemp s3, s2, s1, s0, d3, d2, d1, d0;
15355 IRTemp leftV = newTemp(Ity_V128);
15356 IRTemp rightV = newTemp(Ity_V128);
15357 IRTemp rm = newTemp(Ity_I32);
15358 s3 = s2 = s1 = s0 = d3 = d2 = d1 = d0 = IRTemp_INVALID;
15359
15360 breakupV128to32s( sV, &s3, &s2, &s1, &s0 );
15361 breakupV128to32s( dV, &d3, &d2, &d1, &d0 );
15362
15363 assign( leftV, mkV128from32s( s2, s0, d2, d0 ) );
15364 assign( rightV, mkV128from32s( s3, s1, d3, d1 ) );
15365
15366 IRTemp res = newTemp(Ity_V128);
15367 assign( rm, get_FAKE_roundingmode() ); /* XXXROUNDINGFIXME */
15368 assign( res, triop(isAdd ? Iop_Add32Fx4 : Iop_Sub32Fx4,
15369 mkexpr(rm), mkexpr(leftV), mkexpr(rightV) ) );
15370 return res;
15371 }
15372
15373
15374 static IRTemp math_HADDPD_128 ( IRTemp dV, IRTemp sV, Bool isAdd )
15375 {
15376 IRTemp s1, s0, d1, d0;
15377 IRTemp leftV = newTemp(Ity_V128);
15378 IRTemp rightV = newTemp(Ity_V128);
15379 IRTemp rm = newTemp(Ity_I32);
15380 s1 = s0 = d1 = d0 = IRTemp_INVALID;
15381
15382 breakupV128to64s( sV, &s1, &s0 );
15383 breakupV128to64s( dV, &d1, &d0 );
15384
15385 assign( leftV, binop(Iop_64HLtoV128, mkexpr(s0), mkexpr(d0)) );
15386 assign( rightV, binop(Iop_64HLtoV128, mkexpr(s1), mkexpr(d1)) );
15387
15388 IRTemp res = newTemp(Ity_V128);
15389 assign( rm, get_FAKE_roundingmode() ); /* XXXROUNDINGFIXME */
15390 assign( res, triop(isAdd ? Iop_Add64Fx2 : Iop_Sub64Fx2,
15391 mkexpr(rm), mkexpr(leftV), mkexpr(rightV) ) );
15392 return res;
15393 }
15394
15395
15396 __attribute__((noinline))
15397 static
15398 Long dis_ESC_0F__SSE3 ( Bool* decode_OK,
15399 const VexAbiInfo* vbi,
15400 Prefix pfx, Int sz, Long deltaIN )
15401 {
15402 IRTemp addr = IRTemp_INVALID;
15403 UChar modrm = 0;
15404 Int alen = 0;
15405 HChar dis_buf[50];
15406
15407 *decode_OK = False;
15408
15409 Long delta = deltaIN;
15410 UChar opc = getUChar(delta);
15411 delta++;
15412 switch (opc) {
15413
15414 case 0x12:
15415 /* F3 0F 12 = MOVSLDUP -- move from E (mem or xmm) to G (xmm),
15416 duplicating some lanes (2:2:0:0). */
15417 if (haveF3no66noF2(pfx) && sz == 4) {
15418 delta = dis_MOVSxDUP_128( vbi, pfx, delta, False/*!isAvx*/,
15419 True/*isL*/ );
15420 goto decode_success;
15421 }
15422 /* F2 0F 12 = MOVDDUP -- move from E (mem or xmm) to G (xmm),
15423 duplicating some lanes (0:1:0:1). */
15424 if (haveF2no66noF3(pfx)
15425 && (sz == 4 || /* ignore redundant REX.W */ sz == 8)) {
15426 delta = dis_MOVDDUP_128( vbi, pfx, delta, False/*!isAvx*/ );
15427 goto decode_success;
15428 }
15429 break;
15430
15431 case 0x16:
15432 /* F3 0F 16 = MOVSHDUP -- move from E (mem or xmm) to G (xmm),
15433 duplicating some lanes (3:3:1:1). */
15434 if (haveF3no66noF2(pfx) && sz == 4) {
15435 delta = dis_MOVSxDUP_128( vbi, pfx, delta, False/*!isAvx*/,
15436 False/*!isL*/ );
15437 goto decode_success;
15438 }
15439 break;
15440
15441 case 0x7C:
15442 case 0x7D:
15443 /* F2 0F 7C = HADDPS -- 32x4 add across from E (mem or xmm) to G (xmm). */
15444 /* F2 0F 7D = HSUBPS -- 32x4 sub across from E (mem or xmm) to G (xmm). */
15445 if (haveF2no66noF3(pfx) && sz == 4) {
15446 IRTemp eV = newTemp(Ity_V128);
15447 IRTemp gV = newTemp(Ity_V128);
15448 Bool isAdd = opc == 0x7C;
15449 const HChar* str = isAdd ? "add" : "sub";
15450 modrm = getUChar(delta);
15451 UInt rG = gregOfRexRM(pfx,modrm);
15452 if (epartIsReg(modrm)) {
15453 UInt rE = eregOfRexRM(pfx,modrm);
15454 assign( eV, getXMMReg(rE) );
15455 DIP("h%sps %s,%s\n", str, nameXMMReg(rE), nameXMMReg(rG));
15456 delta += 1;
15457 } else {
15458 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15459 assign( eV, loadLE(Ity_V128, mkexpr(addr)) );
15460 DIP("h%sps %s,%s\n", str, dis_buf, nameXMMReg(rG));
15461 delta += alen;
15462 }
15463
15464 assign( gV, getXMMReg(rG) );
15465 putXMMReg( rG, mkexpr( math_HADDPS_128 ( gV, eV, isAdd ) ) );
15466 goto decode_success;
15467 }
15468 /* 66 0F 7C = HADDPD -- 64x2 add across from E (mem or xmm) to G (xmm). */
15469 /* 66 0F 7D = HSUBPD -- 64x2 sub across from E (mem or xmm) to G (xmm). */
15470 if (have66noF2noF3(pfx) && sz == 2) {
15471 IRTemp eV = newTemp(Ity_V128);
15472 IRTemp gV = newTemp(Ity_V128);
15473 Bool isAdd = opc == 0x7C;
15474 const HChar* str = isAdd ? "add" : "sub";
15475 modrm = getUChar(delta);
15476 UInt rG = gregOfRexRM(pfx,modrm);
15477 if (epartIsReg(modrm)) {
15478 UInt rE = eregOfRexRM(pfx,modrm);
15479 assign( eV, getXMMReg(rE) );
15480 DIP("h%spd %s,%s\n", str, nameXMMReg(rE), nameXMMReg(rG));
15481 delta += 1;
15482 } else {
15483 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15484 assign( eV, loadLE(Ity_V128, mkexpr(addr)) );
15485 DIP("h%spd %s,%s\n", str, dis_buf, nameXMMReg(rG));
15486 delta += alen;
15487 }
15488
15489 assign( gV, getXMMReg(rG) );
15490 putXMMReg( rG, mkexpr( math_HADDPD_128 ( gV, eV, isAdd ) ) );
15491 goto decode_success;
15492 }
15493 break;
15494
15495 case 0xD0:
15496 /* 66 0F D0 = ADDSUBPD -- 64x4 +/- from E (mem or xmm) to G (xmm). */
15497 if (have66noF2noF3(pfx) && sz == 2) {
15498 IRTemp eV = newTemp(Ity_V128);
15499 IRTemp gV = newTemp(Ity_V128);
15500 modrm = getUChar(delta);
15501 UInt rG = gregOfRexRM(pfx,modrm);
15502 if (epartIsReg(modrm)) {
15503 UInt rE = eregOfRexRM(pfx,modrm);
15504 assign( eV, getXMMReg(rE) );
15505 DIP("addsubpd %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
15506 delta += 1;
15507 } else {
15508 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15509 assign( eV, loadLE(Ity_V128, mkexpr(addr)) );
15510 DIP("addsubpd %s,%s\n", dis_buf, nameXMMReg(rG));
15511 delta += alen;
15512 }
15513
15514 assign( gV, getXMMReg(rG) );
15515 putXMMReg( rG, mkexpr( math_ADDSUBPD_128 ( gV, eV ) ) );
15516 goto decode_success;
15517 }
15518 /* F2 0F D0 = ADDSUBPS -- 32x4 +/-/+/- from E (mem or xmm) to G (xmm). */
15519 if (haveF2no66noF3(pfx) && sz == 4) {
15520 IRTemp eV = newTemp(Ity_V128);
15521 IRTemp gV = newTemp(Ity_V128);
15522 modrm = getUChar(delta);
15523 UInt rG = gregOfRexRM(pfx,modrm);
15524
15525 modrm = getUChar(delta);
15526 if (epartIsReg(modrm)) {
15527 UInt rE = eregOfRexRM(pfx,modrm);
15528 assign( eV, getXMMReg(rE) );
15529 DIP("addsubps %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
15530 delta += 1;
15531 } else {
15532 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15533 assign( eV, loadLE(Ity_V128, mkexpr(addr)) );
15534 DIP("addsubps %s,%s\n", dis_buf, nameXMMReg(rG));
15535 delta += alen;
15536 }
15537
15538 assign( gV, getXMMReg(rG) );
15539 putXMMReg( rG, mkexpr( math_ADDSUBPS_128 ( gV, eV ) ) );
15540 goto decode_success;
15541 }
15542 break;
15543
15544 case 0xF0:
15545 /* F2 0F F0 = LDDQU -- move from E (mem or xmm) to G (xmm). */
15546 if (haveF2no66noF3(pfx) && sz == 4) {
15547 modrm = getUChar(delta);
15548 if (epartIsReg(modrm)) {
15549 goto decode_failure;
15550 } else {
15551 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15552 putXMMReg( gregOfRexRM(pfx,modrm),
15553 loadLE(Ity_V128, mkexpr(addr)) );
15554 DIP("lddqu %s,%s\n", dis_buf,
15555 nameXMMReg(gregOfRexRM(pfx,modrm)));
15556 delta += alen;
15557 }
15558 goto decode_success;
15559 }
15560 break;
15561
15562 default:
15563 goto decode_failure;
15564
15565 }
15566
15567 decode_failure:
15568 *decode_OK = False;
15569 return deltaIN;
15570
15571 decode_success:
15572 *decode_OK = True;
15573 return delta;
15574 }
15575
15576
15577 /*------------------------------------------------------------*/
15578 /*--- ---*/
15579 /*--- Top-level SSSE3: dis_ESC_0F38__SupSSE3 ---*/
15580 /*--- ---*/
15581 /*------------------------------------------------------------*/
15582
15583 static
15584 IRTemp math_PSHUFB_XMM ( IRTemp dV/*data to perm*/, IRTemp sV/*perm*/ )
15585 {
15586 IRTemp sHi = newTemp(Ity_I64);
15587 IRTemp sLo = newTemp(Ity_I64);
15588 IRTemp dHi = newTemp(Ity_I64);
15589 IRTemp dLo = newTemp(Ity_I64);
15590 IRTemp rHi = newTemp(Ity_I64);
15591 IRTemp rLo = newTemp(Ity_I64);
15592 IRTemp sevens = newTemp(Ity_I64);
15593 IRTemp mask0x80hi = newTemp(Ity_I64);
15594 IRTemp mask0x80lo = newTemp(Ity_I64);
15595 IRTemp maskBit3hi = newTemp(Ity_I64);
15596 IRTemp maskBit3lo = newTemp(Ity_I64);
15597 IRTemp sAnd7hi = newTemp(Ity_I64);
15598 IRTemp sAnd7lo = newTemp(Ity_I64);
15599 IRTemp permdHi = newTemp(Ity_I64);
15600 IRTemp permdLo = newTemp(Ity_I64);
15601 IRTemp res = newTemp(Ity_V128);
15602
15603 assign( dHi, unop(Iop_V128HIto64, mkexpr(dV)) );
15604 assign( dLo, unop(Iop_V128to64, mkexpr(dV)) );
15605 assign( sHi, unop(Iop_V128HIto64, mkexpr(sV)) );
15606 assign( sLo, unop(Iop_V128to64, mkexpr(sV)) );
15607
15608 assign( sevens, mkU64(0x0707070707070707ULL) );
15609
15610 /* mask0x80hi = Not(SarN8x8(sHi,7))
15611 maskBit3hi = SarN8x8(ShlN8x8(sHi,4),7)
15612 sAnd7hi = And(sHi,sevens)
15613 permdHi = Or( And(Perm8x8(dHi,sAnd7hi),maskBit3hi),
15614 And(Perm8x8(dLo,sAnd7hi),Not(maskBit3hi)) )
15615 rHi = And(permdHi,mask0x80hi)
15616 */
15617 assign(
15618 mask0x80hi,
15619 unop(Iop_Not64, binop(Iop_SarN8x8,mkexpr(sHi),mkU8(7))));
15620
15621 assign(
15622 maskBit3hi,
15623 binop(Iop_SarN8x8,
15624 binop(Iop_ShlN8x8,mkexpr(sHi),mkU8(4)),
15625 mkU8(7)));
15626
15627 assign(sAnd7hi, binop(Iop_And64,mkexpr(sHi),mkexpr(sevens)));
15628
15629 assign(
15630 permdHi,
15631 binop(
15632 Iop_Or64,
15633 binop(Iop_And64,
15634 binop(Iop_Perm8x8,mkexpr(dHi),mkexpr(sAnd7hi)),
15635 mkexpr(maskBit3hi)),
15636 binop(Iop_And64,
15637 binop(Iop_Perm8x8,mkexpr(dLo),mkexpr(sAnd7hi)),
15638 unop(Iop_Not64,mkexpr(maskBit3hi))) ));
15639
15640 assign(rHi, binop(Iop_And64,mkexpr(permdHi),mkexpr(mask0x80hi)) );
15641
15642 /* And the same for the lower half of the result. What fun. */
15643
15644 assign(
15645 mask0x80lo,
15646 unop(Iop_Not64, binop(Iop_SarN8x8,mkexpr(sLo),mkU8(7))));
15647
15648 assign(
15649 maskBit3lo,
15650 binop(Iop_SarN8x8,
15651 binop(Iop_ShlN8x8,mkexpr(sLo),mkU8(4)),
15652 mkU8(7)));
15653
15654 assign(sAnd7lo, binop(Iop_And64,mkexpr(sLo),mkexpr(sevens)));
15655
15656 assign(
15657 permdLo,
15658 binop(
15659 Iop_Or64,
15660 binop(Iop_And64,
15661 binop(Iop_Perm8x8,mkexpr(dHi),mkexpr(sAnd7lo)),
15662 mkexpr(maskBit3lo)),
15663 binop(Iop_And64,
15664 binop(Iop_Perm8x8,mkexpr(dLo),mkexpr(sAnd7lo)),
15665 unop(Iop_Not64,mkexpr(maskBit3lo))) ));
15666
15667 assign(rLo, binop(Iop_And64,mkexpr(permdLo),mkexpr(mask0x80lo)) );
15668
15669 assign(res, binop(Iop_64HLtoV128, mkexpr(rHi), mkexpr(rLo)));
15670 return res;
15671 }
15672
15673
15674 static
15675 IRTemp math_PSHUFB_YMM ( IRTemp dV/*data to perm*/, IRTemp sV/*perm*/ )
15676 {
15677 IRTemp sHi, sLo, dHi, dLo;
15678 sHi = sLo = dHi = dLo = IRTemp_INVALID;
15679 breakupV256toV128s( dV, &dHi, &dLo);
15680 breakupV256toV128s( sV, &sHi, &sLo);
15681 IRTemp res = newTemp(Ity_V256);
15682 assign(res, binop(Iop_V128HLtoV256,
15683 mkexpr(math_PSHUFB_XMM(dHi, sHi)),
15684 mkexpr(math_PSHUFB_XMM(dLo, sLo))));
15685 return res;
15686 }
15687
15688
15689 static Long dis_PHADD_128 ( const VexAbiInfo* vbi, Prefix pfx, Long delta,
15690 Bool isAvx, UChar opc )
15691 {
15692 IRTemp addr = IRTemp_INVALID;
15693 Int alen = 0;
15694 HChar dis_buf[50];
15695 const HChar* str = "???";
15696 IROp opV64 = Iop_INVALID;
15697 IROp opCatO = Iop_CatOddLanes16x4;
15698 IROp opCatE = Iop_CatEvenLanes16x4;
15699 IRTemp sV = newTemp(Ity_V128);
15700 IRTemp dV = newTemp(Ity_V128);
15701 IRTemp sHi = newTemp(Ity_I64);
15702 IRTemp sLo = newTemp(Ity_I64);
15703 IRTemp dHi = newTemp(Ity_I64);
15704 IRTemp dLo = newTemp(Ity_I64);
15705 UChar modrm = getUChar(delta);
15706 UInt rG = gregOfRexRM(pfx,modrm);
15707 UInt rV = isAvx ? getVexNvvvv(pfx) : rG;
15708
15709 switch (opc) {
15710 case 0x01: opV64 = Iop_Add16x4; str = "addw"; break;
15711 case 0x02: opV64 = Iop_Add32x2; str = "addd"; break;
15712 case 0x03: opV64 = Iop_QAdd16Sx4; str = "addsw"; break;
15713 case 0x05: opV64 = Iop_Sub16x4; str = "subw"; break;
15714 case 0x06: opV64 = Iop_Sub32x2; str = "subd"; break;
15715 case 0x07: opV64 = Iop_QSub16Sx4; str = "subsw"; break;
15716 default: vassert(0);
15717 }
15718 if (opc == 0x02 || opc == 0x06) {
15719 opCatO = Iop_InterleaveHI32x2;
15720 opCatE = Iop_InterleaveLO32x2;
15721 }
15722
15723 assign( dV, getXMMReg(rV) );
15724
15725 if (epartIsReg(modrm)) {
15726 UInt rE = eregOfRexRM(pfx,modrm);
15727 assign( sV, getXMMReg(rE) );
15728 DIP("%sph%s %s,%s\n", isAvx ? "v" : "", str,
15729 nameXMMReg(rE), nameXMMReg(rG));
15730 delta += 1;
15731 } else {
15732 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15733 if (!isAvx)
15734 gen_SEGV_if_not_16_aligned( addr );
15735 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
15736 DIP("%sph%s %s,%s\n", isAvx ? "v" : "", str,
15737 dis_buf, nameXMMReg(rG));
15738 delta += alen;
15739 }
15740
15741 assign( dHi, unop(Iop_V128HIto64, mkexpr(dV)) );
15742 assign( dLo, unop(Iop_V128to64, mkexpr(dV)) );
15743 assign( sHi, unop(Iop_V128HIto64, mkexpr(sV)) );
15744 assign( sLo, unop(Iop_V128to64, mkexpr(sV)) );
15745
15746 /* This isn't a particularly efficient way to compute the
15747 result, but at least it avoids a proliferation of IROps,
15748 hence avoids complication all the backends. */
15749
15750 (isAvx ? putYMMRegLoAndZU : putXMMReg)
15751 ( rG,
15752 binop(Iop_64HLtoV128,
15753 binop(opV64,
15754 binop(opCatE,mkexpr(sHi),mkexpr(sLo)),
15755 binop(opCatO,mkexpr(sHi),mkexpr(sLo)) ),
15756 binop(opV64,
15757 binop(opCatE,mkexpr(dHi),mkexpr(dLo)),
15758 binop(opCatO,mkexpr(dHi),mkexpr(dLo)) ) ) );
15759 return delta;
15760 }
15761
15762
15763 static Long dis_PHADD_256 ( const VexAbiInfo* vbi, Prefix pfx, Long delta,
15764 UChar opc )
15765 {
15766 IRTemp addr = IRTemp_INVALID;
15767 Int alen = 0;
15768 HChar dis_buf[50];
15769 const HChar* str = "???";
15770 IROp opV64 = Iop_INVALID;
15771 IROp opCatO = Iop_CatOddLanes16x4;
15772 IROp opCatE = Iop_CatEvenLanes16x4;
15773 IRTemp sV = newTemp(Ity_V256);
15774 IRTemp dV = newTemp(Ity_V256);
15775 IRTemp s3, s2, s1, s0, d3, d2, d1, d0;
15776 s3 = s2 = s1 = s0 = d3 = d2 = d1 = d0 = IRTemp_INVALID;
15777 UChar modrm = getUChar(delta);
15778 UInt rG = gregOfRexRM(pfx,modrm);
15779 UInt rV = getVexNvvvv(pfx);
15780
15781 switch (opc) {
15782 case 0x01: opV64 = Iop_Add16x4; str = "addw"; break;
15783 case 0x02: opV64 = Iop_Add32x2; str = "addd"; break;
15784 case 0x03: opV64 = Iop_QAdd16Sx4; str = "addsw"; break;
15785 case 0x05: opV64 = Iop_Sub16x4; str = "subw"; break;
15786 case 0x06: opV64 = Iop_Sub32x2; str = "subd"; break;
15787 case 0x07: opV64 = Iop_QSub16Sx4; str = "subsw"; break;
15788 default: vassert(0);
15789 }
15790 if (opc == 0x02 || opc == 0x06) {
15791 opCatO = Iop_InterleaveHI32x2;
15792 opCatE = Iop_InterleaveLO32x2;
15793 }
15794
15795 assign( dV, getYMMReg(rV) );
15796
15797 if (epartIsReg(modrm)) {
15798 UInt rE = eregOfRexRM(pfx,modrm);
15799 assign( sV, getYMMReg(rE) );
15800 DIP("vph%s %s,%s\n", str, nameYMMReg(rE), nameYMMReg(rG));
15801 delta += 1;
15802 } else {
15803 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15804 assign( sV, loadLE(Ity_V256, mkexpr(addr)) );
15805 DIP("vph%s %s,%s\n", str, dis_buf, nameYMMReg(rG));
15806 delta += alen;
15807 }
15808
15809 breakupV256to64s( dV, &d3, &d2, &d1, &d0 );
15810 breakupV256to64s( sV, &s3, &s2, &s1, &s0 );
15811
15812 /* This isn't a particularly efficient way to compute the
15813 result, but at least it avoids a proliferation of IROps,
15814 hence avoids complication all the backends. */
15815
15816 putYMMReg( rG,
15817 binop(Iop_V128HLtoV256,
15818 binop(Iop_64HLtoV128,
15819 binop(opV64,
15820 binop(opCatE,mkexpr(s3),mkexpr(s2)),
15821 binop(opCatO,mkexpr(s3),mkexpr(s2)) ),
15822 binop(opV64,
15823 binop(opCatE,mkexpr(d3),mkexpr(d2)),
15824 binop(opCatO,mkexpr(d3),mkexpr(d2)) ) ),
15825 binop(Iop_64HLtoV128,
15826 binop(opV64,
15827 binop(opCatE,mkexpr(s1),mkexpr(s0)),
15828 binop(opCatO,mkexpr(s1),mkexpr(s0)) ),
15829 binop(opV64,
15830 binop(opCatE,mkexpr(d1),mkexpr(d0)),
15831 binop(opCatO,mkexpr(d1),mkexpr(d0)) ) ) ) );
15832 return delta;
15833 }
15834
15835
15836 static IRTemp math_PMADDUBSW_128 ( IRTemp dV, IRTemp sV )
15837 {
15838 IRTemp sVoddsSX = newTemp(Ity_V128);
15839 IRTemp sVevensSX = newTemp(Ity_V128);
15840 IRTemp dVoddsZX = newTemp(Ity_V128);
15841 IRTemp dVevensZX = newTemp(Ity_V128);
15842 /* compute dV unsigned x sV signed */
15843 assign( sVoddsSX, binop(Iop_SarN16x8, mkexpr(sV), mkU8(8)) );
15844 assign( sVevensSX, binop(Iop_SarN16x8,
15845 binop(Iop_ShlN16x8, mkexpr(sV), mkU8(8)),
15846 mkU8(8)) );
15847 assign( dVoddsZX, binop(Iop_ShrN16x8, mkexpr(dV), mkU8(8)) );
15848 assign( dVevensZX, binop(Iop_ShrN16x8,
15849 binop(Iop_ShlN16x8, mkexpr(dV), mkU8(8)),
15850 mkU8(8)) );
15851
15852 IRTemp res = newTemp(Ity_V128);
15853 assign( res, binop(Iop_QAdd16Sx8,
15854 binop(Iop_Mul16x8, mkexpr(sVoddsSX), mkexpr(dVoddsZX)),
15855 binop(Iop_Mul16x8, mkexpr(sVevensSX), mkexpr(dVevensZX))
15856 )
15857 );
15858 return res;
15859 }
15860
15861
15862 static
15863 IRTemp math_PMADDUBSW_256 ( IRTemp dV, IRTemp sV )
15864 {
15865 IRTemp sHi, sLo, dHi, dLo;
15866 sHi = sLo = dHi = dLo = IRTemp_INVALID;
15867 breakupV256toV128s( dV, &dHi, &dLo);
15868 breakupV256toV128s( sV, &sHi, &sLo);
15869 IRTemp res = newTemp(Ity_V256);
15870 assign(res, binop(Iop_V128HLtoV256,
15871 mkexpr(math_PMADDUBSW_128(dHi, sHi)),
15872 mkexpr(math_PMADDUBSW_128(dLo, sLo))));
15873 return res;
15874 }
15875
15876
15877 __attribute__((noinline))
15878 static
15879 Long dis_ESC_0F38__SupSSE3 ( Bool* decode_OK,
15880 const VexAbiInfo* vbi,
15881 Prefix pfx, Int sz, Long deltaIN )
15882 {
15883 IRTemp addr = IRTemp_INVALID;
15884 UChar modrm = 0;
15885 Int alen = 0;
15886 HChar dis_buf[50];
15887
15888 *decode_OK = False;
15889
15890 Long delta = deltaIN;
15891 UChar opc = getUChar(delta);
15892 delta++;
15893 switch (opc) {
15894
15895 case 0x00:
15896 /* 66 0F 38 00 = PSHUFB -- Packed Shuffle Bytes 8x16 (XMM) */
15897 if (have66noF2noF3(pfx)
15898 && (sz == 2 || /*redundant REX.W*/ sz == 8)) {
15899 IRTemp sV = newTemp(Ity_V128);
15900 IRTemp dV = newTemp(Ity_V128);
15901
15902 modrm = getUChar(delta);
15903 assign( dV, getXMMReg(gregOfRexRM(pfx,modrm)) );
15904
15905 if (epartIsReg(modrm)) {
15906 assign( sV, getXMMReg(eregOfRexRM(pfx,modrm)) );
15907 delta += 1;
15908 DIP("pshufb %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
15909 nameXMMReg(gregOfRexRM(pfx,modrm)));
15910 } else {
15911 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15912 gen_SEGV_if_not_16_aligned( addr );
15913 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
15914 delta += alen;
15915 DIP("pshufb %s,%s\n", dis_buf,
15916 nameXMMReg(gregOfRexRM(pfx,modrm)));
15917 }
15918
15919 IRTemp res = math_PSHUFB_XMM( dV, sV );
15920 putXMMReg(gregOfRexRM(pfx,modrm), mkexpr(res));
15921 goto decode_success;
15922 }
15923 /* 0F 38 00 = PSHUFB -- Packed Shuffle Bytes 8x8 (MMX) */
15924 if (haveNo66noF2noF3(pfx) && sz == 4) {
15925 IRTemp sV = newTemp(Ity_I64);
15926 IRTemp dV = newTemp(Ity_I64);
15927
15928 modrm = getUChar(delta);
15929 do_MMX_preamble();
15930 assign( dV, getMMXReg(gregLO3ofRM(modrm)) );
15931
15932 if (epartIsReg(modrm)) {
15933 assign( sV, getMMXReg(eregLO3ofRM(modrm)) );
15934 delta += 1;
15935 DIP("pshufb %s,%s\n", nameMMXReg(eregLO3ofRM(modrm)),
15936 nameMMXReg(gregLO3ofRM(modrm)));
15937 } else {
15938 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
15939 assign( sV, loadLE(Ity_I64, mkexpr(addr)) );
15940 delta += alen;
15941 DIP("pshufb %s,%s\n", dis_buf,
15942 nameMMXReg(gregLO3ofRM(modrm)));
15943 }
15944
15945 putMMXReg(
15946 gregLO3ofRM(modrm),
15947 binop(
15948 Iop_And64,
15949 /* permute the lanes */
15950 binop(
15951 Iop_Perm8x8,
15952 mkexpr(dV),
15953 binop(Iop_And64, mkexpr(sV), mkU64(0x0707070707070707ULL))
15954 ),
15955 /* mask off lanes which have (index & 0x80) == 0x80 */
15956 unop(Iop_Not64, binop(Iop_SarN8x8, mkexpr(sV), mkU8(7)))
15957 )
15958 );
15959 goto decode_success;
15960 }
15961 break;
15962
15963 case 0x01:
15964 case 0x02:
15965 case 0x03:
15966 case 0x05:
15967 case 0x06:
15968 case 0x07:
15969 /* 66 0F 38 01 = PHADDW -- 16x8 add across from E (mem or xmm) and
15970 G to G (xmm). */
15971 /* 66 0F 38 02 = PHADDD -- 32x4 add across from E (mem or xmm) and
15972 G to G (xmm). */
15973 /* 66 0F 38 03 = PHADDSW -- 16x8 signed qadd across from E (mem or
15974 xmm) and G to G (xmm). */
15975 /* 66 0F 38 05 = PHSUBW -- 16x8 sub across from E (mem or xmm) and
15976 G to G (xmm). */
15977 /* 66 0F 38 06 = PHSUBD -- 32x4 sub across from E (mem or xmm) and
15978 G to G (xmm). */
15979 /* 66 0F 38 07 = PHSUBSW -- 16x8 signed qsub across from E (mem or
15980 xmm) and G to G (xmm). */
15981 if (have66noF2noF3(pfx)
15982 && (sz == 2 || /*redundant REX.W*/ sz == 8)) {
15983 delta = dis_PHADD_128( vbi, pfx, delta, False/*isAvx*/, opc );
15984 goto decode_success;
15985 }
15986 /* ***--- these are MMX class insns introduced in SSSE3 ---*** */
15987 /* 0F 38 01 = PHADDW -- 16x4 add across from E (mem or mmx) and G
15988 to G (mmx). */
15989 /* 0F 38 02 = PHADDD -- 32x2 add across from E (mem or mmx) and G
15990 to G (mmx). */
15991 /* 0F 38 03 = PHADDSW -- 16x4 signed qadd across from E (mem or
15992 mmx) and G to G (mmx). */
15993 /* 0F 38 05 = PHSUBW -- 16x4 sub across from E (mem or mmx) and G
15994 to G (mmx). */
15995 /* 0F 38 06 = PHSUBD -- 32x2 sub across from E (mem or mmx) and G
15996 to G (mmx). */
15997 /* 0F 38 07 = PHSUBSW -- 16x4 signed qsub across from E (mem or
15998 mmx) and G to G (mmx). */
15999 if (haveNo66noF2noF3(pfx) && sz == 4) {
16000 const HChar* str = "???";
16001 IROp opV64 = Iop_INVALID;
16002 IROp opCatO = Iop_CatOddLanes16x4;
16003 IROp opCatE = Iop_CatEvenLanes16x4;
16004 IRTemp sV = newTemp(Ity_I64);
16005 IRTemp dV = newTemp(Ity_I64);
16006
16007 modrm = getUChar(delta);
16008
16009 switch (opc) {
16010 case 0x01: opV64 = Iop_Add16x4; str = "addw"; break;
16011 case 0x02: opV64 = Iop_Add32x2; str = "addd"; break;
16012 case 0x03: opV64 = Iop_QAdd16Sx4; str = "addsw"; break;
16013 case 0x05: opV64 = Iop_Sub16x4; str = "subw"; break;
16014 case 0x06: opV64 = Iop_Sub32x2; str = "subd"; break;
16015 case 0x07: opV64 = Iop_QSub16Sx4; str = "subsw"; break;
16016 default: vassert(0);
16017 }
16018 if (opc == 0x02 || opc == 0x06) {
16019 opCatO = Iop_InterleaveHI32x2;
16020 opCatE = Iop_InterleaveLO32x2;
16021 }
16022
16023 do_MMX_preamble();
16024 assign( dV, getMMXReg(gregLO3ofRM(modrm)) );
16025
16026 if (epartIsReg(modrm)) {
16027 assign( sV, getMMXReg(eregLO3ofRM(modrm)) );
16028 delta += 1;
16029 DIP("ph%s %s,%s\n", str, nameMMXReg(eregLO3ofRM(modrm)),
16030 nameMMXReg(gregLO3ofRM(modrm)));
16031 } else {
16032 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
16033 assign( sV, loadLE(Ity_I64, mkexpr(addr)) );
16034 delta += alen;
16035 DIP("ph%s %s,%s\n", str, dis_buf,
16036 nameMMXReg(gregLO3ofRM(modrm)));
16037 }
16038
16039 putMMXReg(
16040 gregLO3ofRM(modrm),
16041 binop(opV64,
16042 binop(opCatE,mkexpr(sV),mkexpr(dV)),
16043 binop(opCatO,mkexpr(sV),mkexpr(dV))
16044 )
16045 );
16046 goto decode_success;
16047 }
16048 break;
16049
16050 case 0x04:
16051 /* 66 0F 38 04 = PMADDUBSW -- Multiply and Add Packed Signed and
16052 Unsigned Bytes (XMM) */
16053 if (have66noF2noF3(pfx)
16054 && (sz == 2 || /*redundant REX.W*/ sz == 8)) {
16055 IRTemp sV = newTemp(Ity_V128);
16056 IRTemp dV = newTemp(Ity_V128);
16057 modrm = getUChar(delta);
16058 UInt rG = gregOfRexRM(pfx,modrm);
16059
16060 assign( dV, getXMMReg(rG) );
16061
16062 if (epartIsReg(modrm)) {
16063 UInt rE = eregOfRexRM(pfx,modrm);
16064 assign( sV, getXMMReg(rE) );
16065 delta += 1;
16066 DIP("pmaddubsw %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
16067 } else {
16068 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
16069 gen_SEGV_if_not_16_aligned( addr );
16070 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
16071 delta += alen;
16072 DIP("pmaddubsw %s,%s\n", dis_buf, nameXMMReg(rG));
16073 }
16074
16075 putXMMReg( rG, mkexpr( math_PMADDUBSW_128( dV, sV ) ) );
16076 goto decode_success;
16077 }
16078 /* 0F 38 04 = PMADDUBSW -- Multiply and Add Packed Signed and
16079 Unsigned Bytes (MMX) */
16080 if (haveNo66noF2noF3(pfx) && sz == 4) {
16081 IRTemp sV = newTemp(Ity_I64);
16082 IRTemp dV = newTemp(Ity_I64);
16083 IRTemp sVoddsSX = newTemp(Ity_I64);
16084 IRTemp sVevensSX = newTemp(Ity_I64);
16085 IRTemp dVoddsZX = newTemp(Ity_I64);
16086 IRTemp dVevensZX = newTemp(Ity_I64);
16087
16088 modrm = getUChar(delta);
16089 do_MMX_preamble();
16090 assign( dV, getMMXReg(gregLO3ofRM(modrm)) );
16091
16092 if (epartIsReg(modrm)) {
16093 assign( sV, getMMXReg(eregLO3ofRM(modrm)) );
16094 delta += 1;
16095 DIP("pmaddubsw %s,%s\n", nameMMXReg(eregLO3ofRM(modrm)),
16096 nameMMXReg(gregLO3ofRM(modrm)));
16097 } else {
16098 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
16099 assign( sV, loadLE(Ity_I64, mkexpr(addr)) );
16100 delta += alen;
16101 DIP("pmaddubsw %s,%s\n", dis_buf,
16102 nameMMXReg(gregLO3ofRM(modrm)));
16103 }
16104
16105 /* compute dV unsigned x sV signed */
16106 assign( sVoddsSX,
16107 binop(Iop_SarN16x4, mkexpr(sV), mkU8(8)) );
16108 assign( sVevensSX,
16109 binop(Iop_SarN16x4,
16110 binop(Iop_ShlN16x4, mkexpr(sV), mkU8(8)),
16111 mkU8(8)) );
16112 assign( dVoddsZX,
16113 binop(Iop_ShrN16x4, mkexpr(dV), mkU8(8)) );
16114 assign( dVevensZX,
16115 binop(Iop_ShrN16x4,
16116 binop(Iop_ShlN16x4, mkexpr(dV), mkU8(8)),
16117 mkU8(8)) );
16118
16119 putMMXReg(
16120 gregLO3ofRM(modrm),
16121 binop(Iop_QAdd16Sx4,
16122 binop(Iop_Mul16x4, mkexpr(sVoddsSX), mkexpr(dVoddsZX)),
16123 binop(Iop_Mul16x4, mkexpr(sVevensSX), mkexpr(dVevensZX))
16124 )
16125 );
16126 goto decode_success;
16127 }
16128 break;
16129
16130 case 0x08:
16131 case 0x09:
16132 case 0x0A:
16133 /* 66 0F 38 08 = PSIGNB -- Packed Sign 8x16 (XMM) */
16134 /* 66 0F 38 09 = PSIGNW -- Packed Sign 16x8 (XMM) */
16135 /* 66 0F 38 0A = PSIGND -- Packed Sign 32x4 (XMM) */
16136 if (have66noF2noF3(pfx)
16137 && (sz == 2 || /*redundant REX.W*/ sz == 8)) {
16138 IRTemp sV = newTemp(Ity_V128);
16139 IRTemp dV = newTemp(Ity_V128);
16140 IRTemp sHi = newTemp(Ity_I64);
16141 IRTemp sLo = newTemp(Ity_I64);
16142 IRTemp dHi = newTemp(Ity_I64);
16143 IRTemp dLo = newTemp(Ity_I64);
16144 const HChar* str = "???";
16145 Int laneszB = 0;
16146
16147 switch (opc) {
16148 case 0x08: laneszB = 1; str = "b"; break;
16149 case 0x09: laneszB = 2; str = "w"; break;
16150 case 0x0A: laneszB = 4; str = "d"; break;
16151 default: vassert(0);
16152 }
16153
16154 modrm = getUChar(delta);
16155 assign( dV, getXMMReg(gregOfRexRM(pfx,modrm)) );
16156
16157 if (epartIsReg(modrm)) {
16158 assign( sV, getXMMReg(eregOfRexRM(pfx,modrm)) );
16159 delta += 1;
16160 DIP("psign%s %s,%s\n", str, nameXMMReg(eregOfRexRM(pfx,modrm)),
16161 nameXMMReg(gregOfRexRM(pfx,modrm)));
16162 } else {
16163 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
16164 gen_SEGV_if_not_16_aligned( addr );
16165 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
16166 delta += alen;
16167 DIP("psign%s %s,%s\n", str, dis_buf,
16168 nameXMMReg(gregOfRexRM(pfx,modrm)));
16169 }
16170
16171 assign( dHi, unop(Iop_V128HIto64, mkexpr(dV)) );
16172 assign( dLo, unop(Iop_V128to64, mkexpr(dV)) );
16173 assign( sHi, unop(Iop_V128HIto64, mkexpr(sV)) );
16174 assign( sLo, unop(Iop_V128to64, mkexpr(sV)) );
16175
16176 putXMMReg(
16177 gregOfRexRM(pfx,modrm),
16178 binop(Iop_64HLtoV128,
16179 dis_PSIGN_helper( mkexpr(sHi), mkexpr(dHi), laneszB ),
16180 dis_PSIGN_helper( mkexpr(sLo), mkexpr(dLo), laneszB )
16181 )
16182 );
16183 goto decode_success;
16184 }
16185 /* 0F 38 08 = PSIGNB -- Packed Sign 8x8 (MMX) */
16186 /* 0F 38 09 = PSIGNW -- Packed Sign 16x4 (MMX) */
16187 /* 0F 38 0A = PSIGND -- Packed Sign 32x2 (MMX) */
16188 if (haveNo66noF2noF3(pfx) && sz == 4) {
16189 IRTemp sV = newTemp(Ity_I64);
16190 IRTemp dV = newTemp(Ity_I64);
16191 const HChar* str = "???";
16192 Int laneszB = 0;
16193
16194 switch (opc) {
16195 case 0x08: laneszB = 1; str = "b"; break;
16196 case 0x09: laneszB = 2; str = "w"; break;
16197 case 0x0A: laneszB = 4; str = "d"; break;
16198 default: vassert(0);
16199 }
16200
16201 modrm = getUChar(delta);
16202 do_MMX_preamble();
16203 assign( dV, getMMXReg(gregLO3ofRM(modrm)) );
16204
16205 if (epartIsReg(modrm)) {
16206 assign( sV, getMMXReg(eregLO3ofRM(modrm)) );
16207 delta += 1;
16208 DIP("psign%s %s,%s\n", str, nameMMXReg(eregLO3ofRM(modrm)),
16209 nameMMXReg(gregLO3ofRM(modrm)));
16210 } else {
16211 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
16212 assign( sV, loadLE(Ity_I64, mkexpr(addr)) );
16213 delta += alen;
16214 DIP("psign%s %s,%s\n", str, dis_buf,
16215 nameMMXReg(gregLO3ofRM(modrm)));
16216 }
16217
16218 putMMXReg(
16219 gregLO3ofRM(modrm),
16220 dis_PSIGN_helper( mkexpr(sV), mkexpr(dV), laneszB )
16221 );
16222 goto decode_success;
16223 }
16224 break;
16225
16226 case 0x0B:
16227 /* 66 0F 38 0B = PMULHRSW -- Packed Multiply High with Round and
16228 Scale (XMM) */
16229 if (have66noF2noF3(pfx)
16230 && (sz == 2 || /*redundant REX.W*/ sz == 8)) {
16231 IRTemp sV = newTemp(Ity_V128);
16232 IRTemp dV = newTemp(Ity_V128);
16233 IRTemp sHi = newTemp(Ity_I64);
16234 IRTemp sLo = newTemp(Ity_I64);
16235 IRTemp dHi = newTemp(Ity_I64);
16236 IRTemp dLo = newTemp(Ity_I64);
16237
16238 modrm = getUChar(delta);
16239 assign( dV, getXMMReg(gregOfRexRM(pfx,modrm)) );
16240
16241 if (epartIsReg(modrm)) {
16242 assign( sV, getXMMReg(eregOfRexRM(pfx,modrm)) );
16243 delta += 1;
16244 DIP("pmulhrsw %s,%s\n", nameXMMReg(eregOfRexRM(pfx,modrm)),
16245 nameXMMReg(gregOfRexRM(pfx,modrm)));
16246 } else {
16247 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
16248 gen_SEGV_if_not_16_aligned( addr );
16249 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
16250 delta += alen;
16251 DIP("pmulhrsw %s,%s\n", dis_buf,
16252 nameXMMReg(gregOfRexRM(pfx,modrm)));
16253 }
16254
16255 assign( dHi, unop(Iop_V128HIto64, mkexpr(dV)) );
16256 assign( dLo, unop(Iop_V128to64, mkexpr(dV)) );
16257 assign( sHi, unop(Iop_V128HIto64, mkexpr(sV)) );
16258 assign( sLo, unop(Iop_V128to64, mkexpr(sV)) );
16259
16260 putXMMReg(
16261 gregOfRexRM(pfx,modrm),
16262 binop(Iop_64HLtoV128,
16263 dis_PMULHRSW_helper( mkexpr(sHi), mkexpr(dHi) ),
16264 dis_PMULHRSW_helper( mkexpr(sLo), mkexpr(dLo) )
16265 )
16266 );
16267 goto decode_success;
16268 }
16269 /* 0F 38 0B = PMULHRSW -- Packed Multiply High with Round and Scale
16270 (MMX) */
16271 if (haveNo66noF2noF3(pfx) && sz == 4) {
16272 IRTemp sV = newTemp(Ity_I64);
16273 IRTemp dV = newTemp(Ity_I64);
16274
16275 modrm = getUChar(delta);
16276 do_MMX_preamble();
16277 assign( dV, getMMXReg(gregLO3ofRM(modrm)) );
16278
16279 if (epartIsReg(modrm)) {
16280 assign( sV, getMMXReg(eregLO3ofRM(modrm)) );
16281 delta += 1;
16282 DIP("pmulhrsw %s,%s\n", nameMMXReg(eregLO3ofRM(modrm)),
16283 nameMMXReg(gregLO3ofRM(modrm)));
16284 } else {
16285 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
16286 assign( sV, loadLE(Ity_I64, mkexpr(addr)) );
16287 delta += alen;
16288 DIP("pmulhrsw %s,%s\n", dis_buf,
16289 nameMMXReg(gregLO3ofRM(modrm)));
16290 }
16291
16292 putMMXReg(
16293 gregLO3ofRM(modrm),
16294 dis_PMULHRSW_helper( mkexpr(sV), mkexpr(dV) )
16295 );
16296 goto decode_success;
16297 }
16298 break;
16299
16300 case 0x1C:
16301 case 0x1D:
16302 case 0x1E:
16303 /* 66 0F 38 1C = PABSB -- Packed Absolute Value 8x16 (XMM) */
16304 /* 66 0F 38 1D = PABSW -- Packed Absolute Value 16x8 (XMM) */
16305 /* 66 0F 38 1E = PABSD -- Packed Absolute Value 32x4 (XMM) */
16306 if (have66noF2noF3(pfx)
16307 && (sz == 2 || /*redundant REX.W*/ sz == 8)) {
16308 IRTemp sV = newTemp(Ity_V128);
16309 const HChar* str = "???";
16310 Int laneszB = 0;
16311
16312 switch (opc) {
16313 case 0x1C: laneszB = 1; str = "b"; break;
16314 case 0x1D: laneszB = 2; str = "w"; break;
16315 case 0x1E: laneszB = 4; str = "d"; break;
16316 default: vassert(0);
16317 }
16318
16319 modrm = getUChar(delta);
16320 if (epartIsReg(modrm)) {
16321 assign( sV, getXMMReg(eregOfRexRM(pfx,modrm)) );
16322 delta += 1;
16323 DIP("pabs%s %s,%s\n", str, nameXMMReg(eregOfRexRM(pfx,modrm)),
16324 nameXMMReg(gregOfRexRM(pfx,modrm)));
16325 } else {
16326 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
16327 gen_SEGV_if_not_16_aligned( addr );
16328 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
16329 delta += alen;
16330 DIP("pabs%s %s,%s\n", str, dis_buf,
16331 nameXMMReg(gregOfRexRM(pfx,modrm)));
16332 }
16333
16334 putXMMReg( gregOfRexRM(pfx,modrm),
16335 mkexpr(math_PABS_XMM(sV, laneszB)) );
16336 goto decode_success;
16337 }
16338 /* 0F 38 1C = PABSB -- Packed Absolute Value 8x8 (MMX) */
16339 /* 0F 38 1D = PABSW -- Packed Absolute Value 16x4 (MMX) */
16340 /* 0F 38 1E = PABSD -- Packed Absolute Value 32x2 (MMX) */
16341 if (haveNo66noF2noF3(pfx) && sz == 4) {
16342 IRTemp sV = newTemp(Ity_I64);
16343 const HChar* str = "???";
16344 Int laneszB = 0;
16345
16346 switch (opc) {
16347 case 0x1C: laneszB = 1; str = "b"; break;
16348 case 0x1D: laneszB = 2; str = "w"; break;
16349 case 0x1E: laneszB = 4; str = "d"; break;
16350 default: vassert(0);
16351 }
16352
16353 modrm = getUChar(delta);
16354 do_MMX_preamble();
16355
16356 if (epartIsReg(modrm)) {
16357 assign( sV, getMMXReg(eregLO3ofRM(modrm)) );
16358 delta += 1;
16359 DIP("pabs%s %s,%s\n", str, nameMMXReg(eregLO3ofRM(modrm)),
16360 nameMMXReg(gregLO3ofRM(modrm)));
16361 } else {
16362 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
16363 assign( sV, loadLE(Ity_I64, mkexpr(addr)) );
16364 delta += alen;
16365 DIP("pabs%s %s,%s\n", str, dis_buf,
16366 nameMMXReg(gregLO3ofRM(modrm)));
16367 }
16368
16369 putMMXReg( gregLO3ofRM(modrm),
16370 mkexpr(math_PABS_MMX( sV, laneszB )) );
16371 goto decode_success;
16372 }
16373 break;
16374
16375 default:
16376 break;
16377
16378 }
16379
16380 //decode_failure:
16381 *decode_OK = False;
16382 return deltaIN;
16383
16384 decode_success:
16385 *decode_OK = True;
16386 return delta;
16387 }
16388
16389
16390 /*------------------------------------------------------------*/
16391 /*--- ---*/
16392 /*--- Top-level SSSE3: dis_ESC_0F3A__SupSSE3 ---*/
16393 /*--- ---*/
16394 /*------------------------------------------------------------*/
16395
16396 __attribute__((noinline))
16397 static
16398 Long dis_ESC_0F3A__SupSSE3 ( Bool* decode_OK,
16399 const VexAbiInfo* vbi,
16400 Prefix pfx, Int sz, Long deltaIN )
16401 {
16402 Long d64 = 0;
16403 IRTemp addr = IRTemp_INVALID;
16404 UChar modrm = 0;
16405 Int alen = 0;
16406 HChar dis_buf[50];
16407
16408 *decode_OK = False;
16409
16410 Long delta = deltaIN;
16411 UChar opc = getUChar(delta);
16412 delta++;
16413 switch (opc) {
16414
16415 case 0x0F:
16416 /* 66 0F 3A 0F = PALIGNR -- Packed Align Right (XMM) */
16417 if (have66noF2noF3(pfx)
16418 && (sz == 2 || /*redundant REX.W*/ sz == 8)) {
16419 IRTemp sV = newTemp(Ity_V128);
16420 IRTemp dV = newTemp(Ity_V128);
16421
16422 modrm = getUChar(delta);
16423 assign( dV, getXMMReg(gregOfRexRM(pfx,modrm)) );
16424
16425 if (epartIsReg(modrm)) {
16426 assign( sV, getXMMReg(eregOfRexRM(pfx,modrm)) );
16427 d64 = (Long)getUChar(delta+1);
16428 delta += 1+1;
16429 DIP("palignr $%lld,%s,%s\n", d64,
16430 nameXMMReg(eregOfRexRM(pfx,modrm)),
16431 nameXMMReg(gregOfRexRM(pfx,modrm)));
16432 } else {
16433 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 1 );
16434 gen_SEGV_if_not_16_aligned( addr );
16435 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
16436 d64 = (Long)getUChar(delta+alen);
16437 delta += alen+1;
16438 DIP("palignr $%lld,%s,%s\n", d64,
16439 dis_buf,
16440 nameXMMReg(gregOfRexRM(pfx,modrm)));
16441 }
16442
16443 IRTemp res = math_PALIGNR_XMM( sV, dV, d64 );
16444 putXMMReg( gregOfRexRM(pfx,modrm), mkexpr(res) );
16445 goto decode_success;
16446 }
16447 /* 0F 3A 0F = PALIGNR -- Packed Align Right (MMX) */
16448 if (haveNo66noF2noF3(pfx) && sz == 4) {
16449 IRTemp sV = newTemp(Ity_I64);
16450 IRTemp dV = newTemp(Ity_I64);
16451 IRTemp res = newTemp(Ity_I64);
16452
16453 modrm = getUChar(delta);
16454 do_MMX_preamble();
16455 assign( dV, getMMXReg(gregLO3ofRM(modrm)) );
16456
16457 if (epartIsReg(modrm)) {
16458 assign( sV, getMMXReg(eregLO3ofRM(modrm)) );
16459 d64 = (Long)getUChar(delta+1);
16460 delta += 1+1;
16461 DIP("palignr $%lld,%s,%s\n", d64,
16462 nameMMXReg(eregLO3ofRM(modrm)),
16463 nameMMXReg(gregLO3ofRM(modrm)));
16464 } else {
16465 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 1 );
16466 assign( sV, loadLE(Ity_I64, mkexpr(addr)) );
16467 d64 = (Long)getUChar(delta+alen);
16468 delta += alen+1;
16469 DIP("palignr $%lld%s,%s\n", d64,
16470 dis_buf,
16471 nameMMXReg(gregLO3ofRM(modrm)));
16472 }
16473
16474 if (d64 == 0) {
16475 assign( res, mkexpr(sV) );
16476 }
16477 else if (d64 >= 1 && d64 <= 7) {
16478 assign(res,
16479 binop(Iop_Or64,
16480 binop(Iop_Shr64, mkexpr(sV), mkU8(8*d64)),
16481 binop(Iop_Shl64, mkexpr(dV), mkU8(8*(8-d64))
16482 )));
16483 }
16484 else if (d64 == 8) {
16485 assign( res, mkexpr(dV) );
16486 }
16487 else if (d64 >= 9 && d64 <= 15) {
16488 assign( res, binop(Iop_Shr64, mkexpr(dV), mkU8(8*(d64-8))) );
16489 }
16490 else if (d64 >= 16 && d64 <= 255) {
16491 assign( res, mkU64(0) );
16492 }
16493 else
16494 vassert(0);
16495
16496 putMMXReg( gregLO3ofRM(modrm), mkexpr(res) );
16497 goto decode_success;
16498 }
16499 break;
16500
16501 default:
16502 break;
16503
16504 }
16505
16506 //decode_failure:
16507 *decode_OK = False;
16508 return deltaIN;
16509
16510 decode_success:
16511 *decode_OK = True;
16512 return delta;
16513 }
16514
16515
16516 /*------------------------------------------------------------*/
16517 /*--- ---*/
16518 /*--- Top-level SSE4: dis_ESC_0F__SSE4 ---*/
16519 /*--- ---*/
16520 /*------------------------------------------------------------*/
16521
16522 __attribute__((noinline))
16523 static
16524 Long dis_ESC_0F__SSE4 ( Bool* decode_OK,
16525 const VexArchInfo* archinfo,
16526 const VexAbiInfo* vbi,
16527 Prefix pfx, Int sz, Long deltaIN )
16528 {
16529 IRTemp addr = IRTemp_INVALID;
16530 IRType ty = Ity_INVALID;
16531 UChar modrm = 0;
16532 Int alen = 0;
16533 HChar dis_buf[50];
16534
16535 *decode_OK = False;
16536
16537 Long delta = deltaIN;
16538 UChar opc = getUChar(delta);
16539 delta++;
16540 switch (opc) {
16541
16542 case 0xB8:
16543 /* F3 0F B8 = POPCNT{W,L,Q}
16544 Count the number of 1 bits in a register
16545 */
16546 if (haveF3noF2(pfx) /* so both 66 and REX.W are possibilities */
16547 && (sz == 2 || sz == 4 || sz == 8)) {
16548 /*IRType*/ ty = szToITy(sz);
16549 IRTemp src = newTemp(ty);
16550 modrm = getUChar(delta);
16551 if (epartIsReg(modrm)) {
16552 assign(src, getIRegE(sz, pfx, modrm));
16553 delta += 1;
16554 DIP("popcnt%c %s, %s\n", nameISize(sz), nameIRegE(sz, pfx, modrm),
16555 nameIRegG(sz, pfx, modrm));
16556 } else {
16557 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0);
16558 assign(src, loadLE(ty, mkexpr(addr)));
16559 delta += alen;
16560 DIP("popcnt%c %s, %s\n", nameISize(sz), dis_buf,
16561 nameIRegG(sz, pfx, modrm));
16562 }
16563
16564 IRTemp result = gen_POPCOUNT(ty, src);
16565 putIRegG(sz, pfx, modrm, mkexpr(result));
16566
16567 // Update flags. This is pretty lame .. perhaps can do better
16568 // if this turns out to be performance critical.
16569 // O S A C P are cleared. Z is set if SRC == 0.
16570 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
16571 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
16572 stmt( IRStmt_Put( OFFB_CC_NDEP, mkU64(0) ));
16573 stmt( IRStmt_Put( OFFB_CC_DEP1,
16574 binop(Iop_Shl64,
16575 unop(Iop_1Uto64,
16576 binop(Iop_CmpEQ64,
16577 widenUto64(mkexpr(src)),
16578 mkU64(0))),
16579 mkU8(AMD64G_CC_SHIFT_Z))));
16580
16581 goto decode_success;
16582 }
16583 break;
16584
16585 case 0xBC:
16586 /* F3 0F BC -- TZCNT (count trailing zeroes. A BMI extension,
16587 which we can only decode if we're sure this is a BMI1 capable cpu
16588 that supports TZCNT, since otherwise it's BSF, which behaves
16589 differently on zero source. */
16590 if (haveF3noF2(pfx) /* so both 66 and 48 are possibilities */
16591 && (sz == 2 || sz == 4 || sz == 8)
16592 && 0 != (archinfo->hwcaps & VEX_HWCAPS_AMD64_BMI)) {
16593 /*IRType*/ ty = szToITy(sz);
16594 IRTemp src = newTemp(ty);
16595 modrm = getUChar(delta);
16596 if (epartIsReg(modrm)) {
16597 assign(src, getIRegE(sz, pfx, modrm));
16598 delta += 1;
16599 DIP("tzcnt%c %s, %s\n", nameISize(sz), nameIRegE(sz, pfx, modrm),
16600 nameIRegG(sz, pfx, modrm));
16601 } else {
16602 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0);
16603 assign(src, loadLE(ty, mkexpr(addr)));
16604 delta += alen;
16605 DIP("tzcnt%c %s, %s\n", nameISize(sz), dis_buf,
16606 nameIRegG(sz, pfx, modrm));
16607 }
16608
16609 IRTemp res = gen_TZCNT(ty, src);
16610 putIRegG(sz, pfx, modrm, mkexpr(res));
16611
16612 // Update flags. This is pretty lame .. perhaps can do better
16613 // if this turns out to be performance critical.
16614 // O S A P are cleared. Z is set if RESULT == 0.
16615 // C is set if SRC is zero.
16616 IRTemp src64 = newTemp(Ity_I64);
16617 IRTemp res64 = newTemp(Ity_I64);
16618 assign(src64, widenUto64(mkexpr(src)));
16619 assign(res64, widenUto64(mkexpr(res)));
16620
16621 IRTemp oszacp = newTemp(Ity_I64);
16622 assign(
16623 oszacp,
16624 binop(Iop_Or64,
16625 binop(Iop_Shl64,
16626 unop(Iop_1Uto64,
16627 binop(Iop_CmpEQ64, mkexpr(res64), mkU64(0))),
16628 mkU8(AMD64G_CC_SHIFT_Z)),
16629 binop(Iop_Shl64,
16630 unop(Iop_1Uto64,
16631 binop(Iop_CmpEQ64, mkexpr(src64), mkU64(0))),
16632 mkU8(AMD64G_CC_SHIFT_C))
16633 )
16634 );
16635
16636 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
16637 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
16638 stmt( IRStmt_Put( OFFB_CC_NDEP, mkU64(0) ));
16639 stmt( IRStmt_Put( OFFB_CC_DEP1, mkexpr(oszacp) ));
16640
16641 goto decode_success;
16642 }
16643 break;
16644
16645 case 0xBD:
16646 /* F3 0F BD -- LZCNT (count leading zeroes. An AMD extension,
16647 which we can only decode if we're sure this is an AMD cpu
16648 that supports LZCNT, since otherwise it's BSR, which behaves
16649 differently. Bizarrely, my Sandy Bridge also accepts these
16650 instructions but produces different results. */
16651 if (haveF3noF2(pfx) /* so both 66 and 48 are possibilities */
16652 && (sz == 2 || sz == 4 || sz == 8)
16653 && 0 != (archinfo->hwcaps & VEX_HWCAPS_AMD64_LZCNT)) {
16654 /*IRType*/ ty = szToITy(sz);
16655 IRTemp src = newTemp(ty);
16656 modrm = getUChar(delta);
16657 if (epartIsReg(modrm)) {
16658 assign(src, getIRegE(sz, pfx, modrm));
16659 delta += 1;
16660 DIP("lzcnt%c %s, %s\n", nameISize(sz), nameIRegE(sz, pfx, modrm),
16661 nameIRegG(sz, pfx, modrm));
16662 } else {
16663 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0);
16664 assign(src, loadLE(ty, mkexpr(addr)));
16665 delta += alen;
16666 DIP("lzcnt%c %s, %s\n", nameISize(sz), dis_buf,
16667 nameIRegG(sz, pfx, modrm));
16668 }
16669
16670 IRTemp res = gen_LZCNT(ty, src);
16671 putIRegG(sz, pfx, modrm, mkexpr(res));
16672
16673 // Update flags. This is pretty lame .. perhaps can do better
16674 // if this turns out to be performance critical.
16675 // O S A P are cleared. Z is set if RESULT == 0.
16676 // C is set if SRC is zero.
16677 IRTemp src64 = newTemp(Ity_I64);
16678 IRTemp res64 = newTemp(Ity_I64);
16679 assign(src64, widenUto64(mkexpr(src)));
16680 assign(res64, widenUto64(mkexpr(res)));
16681
16682 IRTemp oszacp = newTemp(Ity_I64);
16683 assign(
16684 oszacp,
16685 binop(Iop_Or64,
16686 binop(Iop_Shl64,
16687 unop(Iop_1Uto64,
16688 binop(Iop_CmpEQ64, mkexpr(res64), mkU64(0))),
16689 mkU8(AMD64G_CC_SHIFT_Z)),
16690 binop(Iop_Shl64,
16691 unop(Iop_1Uto64,
16692 binop(Iop_CmpEQ64, mkexpr(src64), mkU64(0))),
16693 mkU8(AMD64G_CC_SHIFT_C))
16694 )
16695 );
16696
16697 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
16698 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
16699 stmt( IRStmt_Put( OFFB_CC_NDEP, mkU64(0) ));
16700 stmt( IRStmt_Put( OFFB_CC_DEP1, mkexpr(oszacp) ));
16701
16702 goto decode_success;
16703 }
16704 break;
16705
16706 default:
16707 break;
16708
16709 }
16710
16711 //decode_failure:
16712 *decode_OK = False;
16713 return deltaIN;
16714
16715 decode_success:
16716 *decode_OK = True;
16717 return delta;
16718 }
16719
16720
16721 /*------------------------------------------------------------*/
16722 /*--- ---*/
16723 /*--- Top-level SSE4: dis_ESC_0F38__SSE4 ---*/
16724 /*--- ---*/
16725 /*------------------------------------------------------------*/
16726
16727 static IRTemp math_PBLENDVB_128 ( IRTemp vecE, IRTemp vecG,
16728 IRTemp vec0/*controlling mask*/,
16729 UInt gran, IROp opSAR )
16730 {
16731 /* The tricky bit is to convert vec0 into a suitable mask, by
16732 copying the most significant bit of each lane into all positions
16733 in the lane. */
16734 IRTemp sh = newTemp(Ity_I8);
16735 assign(sh, mkU8(8 * gran - 1));
16736
16737 IRTemp mask = newTemp(Ity_V128);
16738 assign(mask, binop(opSAR, mkexpr(vec0), mkexpr(sh)));
16739
16740 IRTemp notmask = newTemp(Ity_V128);
16741 assign(notmask, unop(Iop_NotV128, mkexpr(mask)));
16742
16743 IRTemp res = newTemp(Ity_V128);
16744 assign(res, binop(Iop_OrV128,
16745 binop(Iop_AndV128, mkexpr(vecE), mkexpr(mask)),
16746 binop(Iop_AndV128, mkexpr(vecG), mkexpr(notmask))));
16747 return res;
16748 }
16749
16750 static IRTemp math_PBLENDVB_256 ( IRTemp vecE, IRTemp vecG,
16751 IRTemp vec0/*controlling mask*/,
16752 UInt gran, IROp opSAR128 )
16753 {
16754 /* The tricky bit is to convert vec0 into a suitable mask, by
16755 copying the most significant bit of each lane into all positions
16756 in the lane. */
16757 IRTemp sh = newTemp(Ity_I8);
16758 assign(sh, mkU8(8 * gran - 1));
16759
16760 IRTemp vec0Hi = IRTemp_INVALID;
16761 IRTemp vec0Lo = IRTemp_INVALID;
16762 breakupV256toV128s( vec0, &vec0Hi, &vec0Lo );
16763
16764 IRTemp mask = newTemp(Ity_V256);
16765 assign(mask, binop(Iop_V128HLtoV256,
16766 binop(opSAR128, mkexpr(vec0Hi), mkexpr(sh)),
16767 binop(opSAR128, mkexpr(vec0Lo), mkexpr(sh))));
16768
16769 IRTemp notmask = newTemp(Ity_V256);
16770 assign(notmask, unop(Iop_NotV256, mkexpr(mask)));
16771
16772 IRTemp res = newTemp(Ity_V256);
16773 assign(res, binop(Iop_OrV256,
16774 binop(Iop_AndV256, mkexpr(vecE), mkexpr(mask)),
16775 binop(Iop_AndV256, mkexpr(vecG), mkexpr(notmask))));
16776 return res;
16777 }
16778
16779 static Long dis_VBLENDV_128 ( const VexAbiInfo* vbi, Prefix pfx, Long delta,
16780 const HChar *name, UInt gran, IROp opSAR )
16781 {
16782 IRTemp addr = IRTemp_INVALID;
16783 Int alen = 0;
16784 HChar dis_buf[50];
16785 UChar modrm = getUChar(delta);
16786 UInt rG = gregOfRexRM(pfx, modrm);
16787 UInt rV = getVexNvvvv(pfx);
16788 UInt rIS4 = 0xFF; /* invalid */
16789 IRTemp vecE = newTemp(Ity_V128);
16790 IRTemp vecV = newTemp(Ity_V128);
16791 IRTemp vecIS4 = newTemp(Ity_V128);
16792 if (epartIsReg(modrm)) {
16793 delta++;
16794 UInt rE = eregOfRexRM(pfx, modrm);
16795 assign(vecE, getXMMReg(rE));
16796 UChar ib = getUChar(delta);
16797 rIS4 = (ib >> 4) & 0xF;
16798 DIP("%s %s,%s,%s,%s\n",
16799 name, nameXMMReg(rIS4), nameXMMReg(rE),
16800 nameXMMReg(rV), nameXMMReg(rG));
16801 } else {
16802 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
16803 delta += alen;
16804 assign(vecE, loadLE(Ity_V128, mkexpr(addr)));
16805 UChar ib = getUChar(delta);
16806 rIS4 = (ib >> 4) & 0xF;
16807 DIP("%s %s,%s,%s,%s\n",
16808 name, nameXMMReg(rIS4), dis_buf, nameXMMReg(rV), nameXMMReg(rG));
16809 }
16810 delta++;
16811 assign(vecV, getXMMReg(rV));
16812 assign(vecIS4, getXMMReg(rIS4));
16813 IRTemp res = math_PBLENDVB_128( vecE, vecV, vecIS4, gran, opSAR );
16814 putYMMRegLoAndZU( rG, mkexpr(res) );
16815 return delta;
16816 }
16817
16818 static Long dis_VBLENDV_256 ( const VexAbiInfo* vbi, Prefix pfx, Long delta,
16819 const HChar *name, UInt gran, IROp opSAR128 )
16820 {
16821 IRTemp addr = IRTemp_INVALID;
16822 Int alen = 0;
16823 HChar dis_buf[50];
16824 UChar modrm = getUChar(delta);
16825 UInt rG = gregOfRexRM(pfx, modrm);
16826 UInt rV = getVexNvvvv(pfx);
16827 UInt rIS4 = 0xFF; /* invalid */
16828 IRTemp vecE = newTemp(Ity_V256);
16829 IRTemp vecV = newTemp(Ity_V256);
16830 IRTemp vecIS4 = newTemp(Ity_V256);
16831 if (epartIsReg(modrm)) {
16832 delta++;
16833 UInt rE = eregOfRexRM(pfx, modrm);
16834 assign(vecE, getYMMReg(rE));
16835 UChar ib = getUChar(delta);
16836 rIS4 = (ib >> 4) & 0xF;
16837 DIP("%s %s,%s,%s,%s\n",
16838 name, nameYMMReg(rIS4), nameYMMReg(rE),
16839 nameYMMReg(rV), nameYMMReg(rG));
16840 } else {
16841 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
16842 delta += alen;
16843 assign(vecE, loadLE(Ity_V256, mkexpr(addr)));
16844 UChar ib = getUChar(delta);
16845 rIS4 = (ib >> 4) & 0xF;
16846 DIP("%s %s,%s,%s,%s\n",
16847 name, nameYMMReg(rIS4), dis_buf, nameYMMReg(rV), nameYMMReg(rG));
16848 }
16849 delta++;
16850 assign(vecV, getYMMReg(rV));
16851 assign(vecIS4, getYMMReg(rIS4));
16852 IRTemp res = math_PBLENDVB_256( vecE, vecV, vecIS4, gran, opSAR128 );
16853 putYMMReg( rG, mkexpr(res) );
16854 return delta;
16855 }
16856
16857 static void finish_xTESTy ( IRTemp andV, IRTemp andnV, Int sign )
16858 {
16859 /* Set Z=1 iff (vecE & vecG) == 0
16860 Set C=1 iff (vecE & not vecG) == 0
16861 */
16862
16863 /* andV, andnV: vecE & vecG, vecE and not(vecG) */
16864
16865 /* andV resp. andnV, reduced to 64-bit values, by or-ing the top
16866 and bottom 64-bits together. It relies on this trick:
16867
16868 InterleaveLO64x2([a,b],[c,d]) == [b,d] hence
16869
16870 InterleaveLO64x2([a,b],[a,b]) == [b,b] and similarly
16871 InterleaveHI64x2([a,b],[a,b]) == [a,a]
16872
16873 and so the OR of the above 2 exprs produces
16874 [a OR b, a OR b], from which we simply take the lower half.
16875 */
16876 IRTemp and64 = newTemp(Ity_I64);
16877 IRTemp andn64 = newTemp(Ity_I64);
16878
16879 assign(and64,
16880 unop(Iop_V128to64,
16881 binop(Iop_OrV128,
16882 binop(Iop_InterleaveLO64x2,
16883 mkexpr(andV), mkexpr(andV)),
16884 binop(Iop_InterleaveHI64x2,
16885 mkexpr(andV), mkexpr(andV)))));
16886
16887 assign(andn64,
16888 unop(Iop_V128to64,
16889 binop(Iop_OrV128,
16890 binop(Iop_InterleaveLO64x2,
16891 mkexpr(andnV), mkexpr(andnV)),
16892 binop(Iop_InterleaveHI64x2,
16893 mkexpr(andnV), mkexpr(andnV)))));
16894
16895 IRTemp z64 = newTemp(Ity_I64);
16896 IRTemp c64 = newTemp(Ity_I64);
16897 if (sign == 64) {
16898 /* When only interested in the most significant bit, just shift
16899 arithmetically right and negate. */
16900 assign(z64,
16901 unop(Iop_Not64,
16902 binop(Iop_Sar64, mkexpr(and64), mkU8(63))));
16903
16904 assign(c64,
16905 unop(Iop_Not64,
16906 binop(Iop_Sar64, mkexpr(andn64), mkU8(63))));
16907 } else {
16908 if (sign == 32) {
16909 /* When interested in bit 31 and bit 63, mask those bits and
16910 fallthrough into the PTEST handling. */
16911 IRTemp t0 = newTemp(Ity_I64);
16912 IRTemp t1 = newTemp(Ity_I64);
16913 IRTemp t2 = newTemp(Ity_I64);
16914 assign(t0, mkU64(0x8000000080000000ULL));
16915 assign(t1, binop(Iop_And64, mkexpr(and64), mkexpr(t0)));
16916 assign(t2, binop(Iop_And64, mkexpr(andn64), mkexpr(t0)));
16917 and64 = t1;
16918 andn64 = t2;
16919 }
16920 /* Now convert and64, andn64 to all-zeroes or all-1s, so we can
16921 slice out the Z and C bits conveniently. We use the standard
16922 trick all-zeroes -> all-zeroes, anything-else -> all-ones
16923 done by "(x | -x) >>s (word-size - 1)".
16924 */
16925 assign(z64,
16926 unop(Iop_Not64,
16927 binop(Iop_Sar64,
16928 binop(Iop_Or64,
16929 binop(Iop_Sub64, mkU64(0), mkexpr(and64)),
16930 mkexpr(and64)), mkU8(63))));
16931
16932 assign(c64,
16933 unop(Iop_Not64,
16934 binop(Iop_Sar64,
16935 binop(Iop_Or64,
16936 binop(Iop_Sub64, mkU64(0), mkexpr(andn64)),
16937 mkexpr(andn64)), mkU8(63))));
16938 }
16939
16940 /* And finally, slice out the Z and C flags and set the flags
16941 thunk to COPY for them. OSAP are set to zero. */
16942 IRTemp newOSZACP = newTemp(Ity_I64);
16943 assign(newOSZACP,
16944 binop(Iop_Or64,
16945 binop(Iop_And64, mkexpr(z64), mkU64(AMD64G_CC_MASK_Z)),
16946 binop(Iop_And64, mkexpr(c64), mkU64(AMD64G_CC_MASK_C))));
16947
16948 stmt( IRStmt_Put( OFFB_CC_DEP1, mkexpr(newOSZACP)));
16949 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
16950 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
16951 stmt( IRStmt_Put( OFFB_CC_NDEP, mkU64(0) ));
16952 }
16953
16954
16955 /* Handles 128 bit versions of PTEST, VTESTPS or VTESTPD.
16956 sign is 0 for PTEST insn, 32 for VTESTPS and 64 for VTESTPD. */
16957 static Long dis_xTESTy_128 ( const VexAbiInfo* vbi, Prefix pfx,
16958 Long delta, Bool isAvx, Int sign )
16959 {
16960 IRTemp addr = IRTemp_INVALID;
16961 Int alen = 0;
16962 HChar dis_buf[50];
16963 UChar modrm = getUChar(delta);
16964 UInt rG = gregOfRexRM(pfx, modrm);
16965 IRTemp vecE = newTemp(Ity_V128);
16966 IRTemp vecG = newTemp(Ity_V128);
16967
16968 if ( epartIsReg(modrm) ) {
16969 UInt rE = eregOfRexRM(pfx, modrm);
16970 assign(vecE, getXMMReg(rE));
16971 delta += 1;
16972 DIP( "%s%stest%s %s,%s\n",
16973 isAvx ? "v" : "", sign == 0 ? "p" : "",
16974 sign == 0 ? "" : sign == 32 ? "ps" : "pd",
16975 nameXMMReg(rE), nameXMMReg(rG) );
16976 } else {
16977 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
16978 if (!isAvx)
16979 gen_SEGV_if_not_16_aligned( addr );
16980 assign(vecE, loadLE( Ity_V128, mkexpr(addr) ));
16981 delta += alen;
16982 DIP( "%s%stest%s %s,%s\n",
16983 isAvx ? "v" : "", sign == 0 ? "p" : "",
16984 sign == 0 ? "" : sign == 32 ? "ps" : "pd",
16985 dis_buf, nameXMMReg(rG) );
16986 }
16987
16988 assign(vecG, getXMMReg(rG));
16989
16990 /* Set Z=1 iff (vecE & vecG) == 0
16991 Set C=1 iff (vecE & not vecG) == 0
16992 */
16993
16994 /* andV, andnV: vecE & vecG, vecE and not(vecG) */
16995 IRTemp andV = newTemp(Ity_V128);
16996 IRTemp andnV = newTemp(Ity_V128);
16997 assign(andV, binop(Iop_AndV128, mkexpr(vecE), mkexpr(vecG)));
16998 assign(andnV, binop(Iop_AndV128,
16999 mkexpr(vecE),
17000 binop(Iop_XorV128, mkexpr(vecG),
17001 mkV128(0xFFFF))));
17002
17003 finish_xTESTy ( andV, andnV, sign );
17004 return delta;
17005 }
17006
17007
17008 /* Handles 256 bit versions of PTEST, VTESTPS or VTESTPD.
17009 sign is 0 for PTEST insn, 32 for VTESTPS and 64 for VTESTPD. */
17010 static Long dis_xTESTy_256 ( const VexAbiInfo* vbi, Prefix pfx,
17011 Long delta, Int sign )
17012 {
17013 IRTemp addr = IRTemp_INVALID;
17014 Int alen = 0;
17015 HChar dis_buf[50];
17016 UChar modrm = getUChar(delta);
17017 UInt rG = gregOfRexRM(pfx, modrm);
17018 IRTemp vecE = newTemp(Ity_V256);
17019 IRTemp vecG = newTemp(Ity_V256);
17020
17021 if ( epartIsReg(modrm) ) {
17022 UInt rE = eregOfRexRM(pfx, modrm);
17023 assign(vecE, getYMMReg(rE));
17024 delta += 1;
17025 DIP( "v%stest%s %s,%s\n", sign == 0 ? "p" : "",
17026 sign == 0 ? "" : sign == 32 ? "ps" : "pd",
17027 nameYMMReg(rE), nameYMMReg(rG) );
17028 } else {
17029 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17030 assign(vecE, loadLE( Ity_V256, mkexpr(addr) ));
17031 delta += alen;
17032 DIP( "v%stest%s %s,%s\n", sign == 0 ? "p" : "",
17033 sign == 0 ? "" : sign == 32 ? "ps" : "pd",
17034 dis_buf, nameYMMReg(rG) );
17035 }
17036
17037 assign(vecG, getYMMReg(rG));
17038
17039 /* Set Z=1 iff (vecE & vecG) == 0
17040 Set C=1 iff (vecE & not vecG) == 0
17041 */
17042
17043 /* andV, andnV: vecE & vecG, vecE and not(vecG) */
17044 IRTemp andV = newTemp(Ity_V256);
17045 IRTemp andnV = newTemp(Ity_V256);
17046 assign(andV, binop(Iop_AndV256, mkexpr(vecE), mkexpr(vecG)));
17047 assign(andnV, binop(Iop_AndV256,
17048 mkexpr(vecE), unop(Iop_NotV256, mkexpr(vecG))));
17049
17050 IRTemp andVhi = IRTemp_INVALID;
17051 IRTemp andVlo = IRTemp_INVALID;
17052 IRTemp andnVhi = IRTemp_INVALID;
17053 IRTemp andnVlo = IRTemp_INVALID;
17054 breakupV256toV128s( andV, &andVhi, &andVlo );
17055 breakupV256toV128s( andnV, &andnVhi, &andnVlo );
17056
17057 IRTemp andV128 = newTemp(Ity_V128);
17058 IRTemp andnV128 = newTemp(Ity_V128);
17059 assign( andV128, binop( Iop_OrV128, mkexpr(andVhi), mkexpr(andVlo) ) );
17060 assign( andnV128, binop( Iop_OrV128, mkexpr(andnVhi), mkexpr(andnVlo) ) );
17061
17062 finish_xTESTy ( andV128, andnV128, sign );
17063 return delta;
17064 }
17065
17066
17067 /* Handles 128 bit versions of PMOVZXBW and PMOVSXBW. */
17068 static Long dis_PMOVxXBW_128 ( const VexAbiInfo* vbi, Prefix pfx,
17069 Long delta, Bool isAvx, Bool xIsZ )
17070 {
17071 IRTemp addr = IRTemp_INVALID;
17072 Int alen = 0;
17073 HChar dis_buf[50];
17074 IRTemp srcVec = newTemp(Ity_V128);
17075 UChar modrm = getUChar(delta);
17076 const HChar* mbV = isAvx ? "v" : "";
17077 const HChar how = xIsZ ? 'z' : 's';
17078 UInt rG = gregOfRexRM(pfx, modrm);
17079 if ( epartIsReg(modrm) ) {
17080 UInt rE = eregOfRexRM(pfx, modrm);
17081 assign( srcVec, getXMMReg(rE) );
17082 delta += 1;
17083 DIP( "%spmov%cxbw %s,%s\n", mbV, how, nameXMMReg(rE), nameXMMReg(rG) );
17084 } else {
17085 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17086 assign( srcVec,
17087 unop( Iop_64UtoV128, loadLE( Ity_I64, mkexpr(addr) ) ) );
17088 delta += alen;
17089 DIP( "%spmov%cxbw %s,%s\n", mbV, how, dis_buf, nameXMMReg(rG) );
17090 }
17091
17092 IRExpr* res
17093 = xIsZ /* do math for either zero or sign extend */
17094 ? binop( Iop_InterleaveLO8x16,
17095 IRExpr_Const( IRConst_V128(0) ), mkexpr(srcVec) )
17096 : binop( Iop_SarN16x8,
17097 binop( Iop_ShlN16x8,
17098 binop( Iop_InterleaveLO8x16,
17099 IRExpr_Const( IRConst_V128(0) ),
17100 mkexpr(srcVec) ),
17101 mkU8(8) ),
17102 mkU8(8) );
17103
17104 (isAvx ? putYMMRegLoAndZU : putXMMReg) ( rG, res );
17105
17106 return delta;
17107 }
17108
17109
17110 /* Handles 256 bit versions of PMOVZXBW and PMOVSXBW. */
17111 static Long dis_PMOVxXBW_256 ( const VexAbiInfo* vbi, Prefix pfx,
17112 Long delta, Bool xIsZ )
17113 {
17114 IRTemp addr = IRTemp_INVALID;
17115 Int alen = 0;
17116 HChar dis_buf[50];
17117 IRTemp srcVec = newTemp(Ity_V128);
17118 UChar modrm = getUChar(delta);
17119 UChar how = xIsZ ? 'z' : 's';
17120 UInt rG = gregOfRexRM(pfx, modrm);
17121 if ( epartIsReg(modrm) ) {
17122 UInt rE = eregOfRexRM(pfx, modrm);
17123 assign( srcVec, getXMMReg(rE) );
17124 delta += 1;
17125 DIP( "vpmov%cxbw %s,%s\n", how, nameXMMReg(rE), nameYMMReg(rG) );
17126 } else {
17127 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17128 assign( srcVec, loadLE( Ity_V128, mkexpr(addr) ) );
17129 delta += alen;
17130 DIP( "vpmov%cxbw %s,%s\n", how, dis_buf, nameYMMReg(rG) );
17131 }
17132
17133 /* First do zero extend. */
17134 IRExpr* res
17135 = binop( Iop_V128HLtoV256,
17136 binop( Iop_InterleaveHI8x16,
17137 IRExpr_Const( IRConst_V128(0) ), mkexpr(srcVec) ),
17138 binop( Iop_InterleaveLO8x16,
17139 IRExpr_Const( IRConst_V128(0) ), mkexpr(srcVec) ) );
17140 /* And if needed sign extension as well. */
17141 if (!xIsZ)
17142 res = binop( Iop_SarN16x16,
17143 binop( Iop_ShlN16x16, res, mkU8(8) ), mkU8(8) );
17144
17145 putYMMReg ( rG, res );
17146
17147 return delta;
17148 }
17149
17150
17151 static Long dis_PMOVxXWD_128 ( const VexAbiInfo* vbi, Prefix pfx,
17152 Long delta, Bool isAvx, Bool xIsZ )
17153 {
17154 IRTemp addr = IRTemp_INVALID;
17155 Int alen = 0;
17156 HChar dis_buf[50];
17157 IRTemp srcVec = newTemp(Ity_V128);
17158 UChar modrm = getUChar(delta);
17159 const HChar* mbV = isAvx ? "v" : "";
17160 const HChar how = xIsZ ? 'z' : 's';
17161 UInt rG = gregOfRexRM(pfx, modrm);
17162
17163 if ( epartIsReg(modrm) ) {
17164 UInt rE = eregOfRexRM(pfx, modrm);
17165 assign( srcVec, getXMMReg(rE) );
17166 delta += 1;
17167 DIP( "%spmov%cxwd %s,%s\n", mbV, how, nameXMMReg(rE), nameXMMReg(rG) );
17168 } else {
17169 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17170 assign( srcVec,
17171 unop( Iop_64UtoV128, loadLE( Ity_I64, mkexpr(addr) ) ) );
17172 delta += alen;
17173 DIP( "%spmov%cxwd %s,%s\n", mbV, how, dis_buf, nameXMMReg(rG) );
17174 }
17175
17176 IRExpr* res
17177 = binop( Iop_InterleaveLO16x8,
17178 IRExpr_Const( IRConst_V128(0) ), mkexpr(srcVec) );
17179 if (!xIsZ)
17180 res = binop(Iop_SarN32x4,
17181 binop(Iop_ShlN32x4, res, mkU8(16)), mkU8(16));
17182
17183 (isAvx ? putYMMRegLoAndZU : putXMMReg)
17184 ( gregOfRexRM(pfx, modrm), res );
17185
17186 return delta;
17187 }
17188
17189
17190 static Long dis_PMOVxXWD_256 ( const VexAbiInfo* vbi, Prefix pfx,
17191 Long delta, Bool xIsZ )
17192 {
17193 IRTemp addr = IRTemp_INVALID;
17194 Int alen = 0;
17195 HChar dis_buf[50];
17196 IRTemp srcVec = newTemp(Ity_V128);
17197 UChar modrm = getUChar(delta);
17198 UChar how = xIsZ ? 'z' : 's';
17199 UInt rG = gregOfRexRM(pfx, modrm);
17200
17201 if ( epartIsReg(modrm) ) {
17202 UInt rE = eregOfRexRM(pfx, modrm);
17203 assign( srcVec, getXMMReg(rE) );
17204 delta += 1;
17205 DIP( "vpmov%cxwd %s,%s\n", how, nameXMMReg(rE), nameYMMReg(rG) );
17206 } else {
17207 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17208 assign( srcVec, loadLE( Ity_V128, mkexpr(addr) ) );
17209 delta += alen;
17210 DIP( "vpmov%cxwd %s,%s\n", how, dis_buf, nameYMMReg(rG) );
17211 }
17212
17213 IRExpr* res
17214 = binop( Iop_V128HLtoV256,
17215 binop( Iop_InterleaveHI16x8,
17216 IRExpr_Const( IRConst_V128(0) ), mkexpr(srcVec) ),
17217 binop( Iop_InterleaveLO16x8,
17218 IRExpr_Const( IRConst_V128(0) ), mkexpr(srcVec) ) );
17219 if (!xIsZ)
17220 res = binop(Iop_SarN32x8,
17221 binop(Iop_ShlN32x8, res, mkU8(16)), mkU8(16));
17222
17223 putYMMReg ( rG, res );
17224
17225 return delta;
17226 }
17227
17228
17229 static Long dis_PMOVSXWQ_128 ( const VexAbiInfo* vbi, Prefix pfx,
17230 Long delta, Bool isAvx )
17231 {
17232 IRTemp addr = IRTemp_INVALID;
17233 Int alen = 0;
17234 HChar dis_buf[50];
17235 IRTemp srcBytes = newTemp(Ity_I32);
17236 UChar modrm = getUChar(delta);
17237 const HChar* mbV = isAvx ? "v" : "";
17238 UInt rG = gregOfRexRM(pfx, modrm);
17239
17240 if ( epartIsReg( modrm ) ) {
17241 UInt rE = eregOfRexRM(pfx, modrm);
17242 assign( srcBytes, getXMMRegLane32( rE, 0 ) );
17243 delta += 1;
17244 DIP( "%spmovsxwq %s,%s\n", mbV, nameXMMReg(rE), nameXMMReg(rG) );
17245 } else {
17246 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17247 assign( srcBytes, loadLE( Ity_I32, mkexpr(addr) ) );
17248 delta += alen;
17249 DIP( "%spmovsxwq %s,%s\n", mbV, dis_buf, nameXMMReg(rG) );
17250 }
17251
17252 (isAvx ? putYMMRegLoAndZU : putXMMReg)
17253 ( rG, binop( Iop_64HLtoV128,
17254 unop( Iop_16Sto64,
17255 unop( Iop_32HIto16, mkexpr(srcBytes) ) ),
17256 unop( Iop_16Sto64,
17257 unop( Iop_32to16, mkexpr(srcBytes) ) ) ) );
17258 return delta;
17259 }
17260
17261
17262 static Long dis_PMOVSXWQ_256 ( const VexAbiInfo* vbi, Prefix pfx, Long delta )
17263 {
17264 IRTemp addr = IRTemp_INVALID;
17265 Int alen = 0;
17266 HChar dis_buf[50];
17267 IRTemp srcBytes = newTemp(Ity_I64);
17268 UChar modrm = getUChar(delta);
17269 UInt rG = gregOfRexRM(pfx, modrm);
17270 IRTemp s3, s2, s1, s0;
17271 s3 = s2 = s1 = s0 = IRTemp_INVALID;
17272
17273 if ( epartIsReg( modrm ) ) {
17274 UInt rE = eregOfRexRM(pfx, modrm);
17275 assign( srcBytes, getXMMRegLane64( rE, 0 ) );
17276 delta += 1;
17277 DIP( "vpmovsxwq %s,%s\n", nameXMMReg(rE), nameYMMReg(rG) );
17278 } else {
17279 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17280 assign( srcBytes, loadLE( Ity_I64, mkexpr(addr) ) );
17281 delta += alen;
17282 DIP( "vpmovsxwq %s,%s\n", dis_buf, nameYMMReg(rG) );
17283 }
17284
17285 breakup64to16s( srcBytes, &s3, &s2, &s1, &s0 );
17286 putYMMReg( rG, binop( Iop_V128HLtoV256,
17287 binop( Iop_64HLtoV128,
17288 unop( Iop_16Sto64, mkexpr(s3) ),
17289 unop( Iop_16Sto64, mkexpr(s2) ) ),
17290 binop( Iop_64HLtoV128,
17291 unop( Iop_16Sto64, mkexpr(s1) ),
17292 unop( Iop_16Sto64, mkexpr(s0) ) ) ) );
17293 return delta;
17294 }
17295
17296
17297 static Long dis_PMOVZXWQ_128 ( const VexAbiInfo* vbi, Prefix pfx,
17298 Long delta, Bool isAvx )
17299 {
17300 IRTemp addr = IRTemp_INVALID;
17301 Int alen = 0;
17302 HChar dis_buf[50];
17303 IRTemp srcVec = newTemp(Ity_V128);
17304 UChar modrm = getUChar(delta);
17305 const HChar* mbV = isAvx ? "v" : "";
17306 UInt rG = gregOfRexRM(pfx, modrm);
17307
17308 if ( epartIsReg( modrm ) ) {
17309 UInt rE = eregOfRexRM(pfx, modrm);
17310 assign( srcVec, getXMMReg(rE) );
17311 delta += 1;
17312 DIP( "%spmovzxwq %s,%s\n", mbV, nameXMMReg(rE), nameXMMReg(rG) );
17313 } else {
17314 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17315 assign( srcVec,
17316 unop( Iop_32UtoV128, loadLE( Ity_I32, mkexpr(addr) ) ) );
17317 delta += alen;
17318 DIP( "%spmovzxwq %s,%s\n", mbV, dis_buf, nameXMMReg(rG) );
17319 }
17320
17321 IRTemp zeroVec = newTemp( Ity_V128 );
17322 assign( zeroVec, IRExpr_Const( IRConst_V128(0) ) );
17323
17324 (isAvx ? putYMMRegLoAndZU : putXMMReg)
17325 ( rG, binop( Iop_InterleaveLO16x8,
17326 mkexpr(zeroVec),
17327 binop( Iop_InterleaveLO16x8,
17328 mkexpr(zeroVec), mkexpr(srcVec) ) ) );
17329 return delta;
17330 }
17331
17332
17333 static Long dis_PMOVZXWQ_256 ( const VexAbiInfo* vbi, Prefix pfx,
17334 Long delta )
17335 {
17336 IRTemp addr = IRTemp_INVALID;
17337 Int alen = 0;
17338 HChar dis_buf[50];
17339 IRTemp srcVec = newTemp(Ity_V128);
17340 UChar modrm = getUChar(delta);
17341 UInt rG = gregOfRexRM(pfx, modrm);
17342
17343 if ( epartIsReg( modrm ) ) {
17344 UInt rE = eregOfRexRM(pfx, modrm);
17345 assign( srcVec, getXMMReg(rE) );
17346 delta += 1;
17347 DIP( "vpmovzxwq %s,%s\n", nameXMMReg(rE), nameYMMReg(rG) );
17348 } else {
17349 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17350 assign( srcVec,
17351 unop( Iop_64UtoV128, loadLE( Ity_I64, mkexpr(addr) ) ) );
17352 delta += alen;
17353 DIP( "vpmovzxwq %s,%s\n", dis_buf, nameYMMReg(rG) );
17354 }
17355
17356 IRTemp zeroVec = newTemp( Ity_V128 );
17357 assign( zeroVec, IRExpr_Const( IRConst_V128(0) ) );
17358
17359 putYMMReg( rG, binop( Iop_V128HLtoV256,
17360 binop( Iop_InterleaveHI16x8,
17361 mkexpr(zeroVec),
17362 binop( Iop_InterleaveLO16x8,
17363 mkexpr(zeroVec), mkexpr(srcVec) ) ),
17364 binop( Iop_InterleaveLO16x8,
17365 mkexpr(zeroVec),
17366 binop( Iop_InterleaveLO16x8,
17367 mkexpr(zeroVec), mkexpr(srcVec) ) ) ) );
17368 return delta;
17369 }
17370
17371
17372 /* Handles 128 bit versions of PMOVZXDQ and PMOVSXDQ. */
17373 static Long dis_PMOVxXDQ_128 ( const VexAbiInfo* vbi, Prefix pfx,
17374 Long delta, Bool isAvx, Bool xIsZ )
17375 {
17376 IRTemp addr = IRTemp_INVALID;
17377 Int alen = 0;
17378 HChar dis_buf[50];
17379 IRTemp srcI64 = newTemp(Ity_I64);
17380 IRTemp srcVec = newTemp(Ity_V128);
17381 UChar modrm = getUChar(delta);
17382 const HChar* mbV = isAvx ? "v" : "";
17383 const HChar how = xIsZ ? 'z' : 's';
17384 UInt rG = gregOfRexRM(pfx, modrm);
17385 /* Compute both srcI64 -- the value to expand -- and srcVec -- same
17386 thing in a V128, with arbitrary junk in the top 64 bits. Use
17387 one or both of them and let iropt clean up afterwards (as
17388 usual). */
17389 if ( epartIsReg(modrm) ) {
17390 UInt rE = eregOfRexRM(pfx, modrm);
17391 assign( srcVec, getXMMReg(rE) );
17392 assign( srcI64, unop(Iop_V128to64, mkexpr(srcVec)) );
17393 delta += 1;
17394 DIP( "%spmov%cxdq %s,%s\n", mbV, how, nameXMMReg(rE), nameXMMReg(rG) );
17395 } else {
17396 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17397 assign( srcI64, loadLE(Ity_I64, mkexpr(addr)) );
17398 assign( srcVec, unop( Iop_64UtoV128, mkexpr(srcI64)) );
17399 delta += alen;
17400 DIP( "%spmov%cxdq %s,%s\n", mbV, how, dis_buf, nameXMMReg(rG) );
17401 }
17402
17403 IRExpr* res
17404 = xIsZ /* do math for either zero or sign extend */
17405 ? binop( Iop_InterleaveLO32x4,
17406 IRExpr_Const( IRConst_V128(0) ), mkexpr(srcVec) )
17407 : binop( Iop_64HLtoV128,
17408 unop( Iop_32Sto64,
17409 unop( Iop_64HIto32, mkexpr(srcI64) ) ),
17410 unop( Iop_32Sto64,
17411 unop( Iop_64to32, mkexpr(srcI64) ) ) );
17412
17413 (isAvx ? putYMMRegLoAndZU : putXMMReg) ( rG, res );
17414
17415 return delta;
17416 }
17417
17418
17419 /* Handles 256 bit versions of PMOVZXDQ and PMOVSXDQ. */
17420 static Long dis_PMOVxXDQ_256 ( const VexAbiInfo* vbi, Prefix pfx,
17421 Long delta, Bool xIsZ )
17422 {
17423 IRTemp addr = IRTemp_INVALID;
17424 Int alen = 0;
17425 HChar dis_buf[50];
17426 IRTemp srcVec = newTemp(Ity_V128);
17427 UChar modrm = getUChar(delta);
17428 UChar how = xIsZ ? 'z' : 's';
17429 UInt rG = gregOfRexRM(pfx, modrm);
17430 /* Compute both srcI64 -- the value to expand -- and srcVec -- same
17431 thing in a V128, with arbitrary junk in the top 64 bits. Use
17432 one or both of them and let iropt clean up afterwards (as
17433 usual). */
17434 if ( epartIsReg(modrm) ) {
17435 UInt rE = eregOfRexRM(pfx, modrm);
17436 assign( srcVec, getXMMReg(rE) );
17437 delta += 1;
17438 DIP( "vpmov%cxdq %s,%s\n", how, nameXMMReg(rE), nameYMMReg(rG) );
17439 } else {
17440 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17441 assign( srcVec, loadLE(Ity_V128, mkexpr(addr)) );
17442 delta += alen;
17443 DIP( "vpmov%cxdq %s,%s\n", how, dis_buf, nameYMMReg(rG) );
17444 }
17445
17446 IRExpr* res;
17447 if (xIsZ)
17448 res = binop( Iop_V128HLtoV256,
17449 binop( Iop_InterleaveHI32x4,
17450 IRExpr_Const( IRConst_V128(0) ), mkexpr(srcVec) ),
17451 binop( Iop_InterleaveLO32x4,
17452 IRExpr_Const( IRConst_V128(0) ), mkexpr(srcVec) ) );
17453 else {
17454 IRTemp s3, s2, s1, s0;
17455 s3 = s2 = s1 = s0 = IRTemp_INVALID;
17456 breakupV128to32s( srcVec, &s3, &s2, &s1, &s0 );
17457 res = binop( Iop_V128HLtoV256,
17458 binop( Iop_64HLtoV128,
17459 unop( Iop_32Sto64, mkexpr(s3) ),
17460 unop( Iop_32Sto64, mkexpr(s2) ) ),
17461 binop( Iop_64HLtoV128,
17462 unop( Iop_32Sto64, mkexpr(s1) ),
17463 unop( Iop_32Sto64, mkexpr(s0) ) ) );
17464 }
17465
17466 putYMMReg ( rG, res );
17467
17468 return delta;
17469 }
17470
17471
17472 /* Handles 128 bit versions of PMOVZXBD and PMOVSXBD. */
17473 static Long dis_PMOVxXBD_128 ( const VexAbiInfo* vbi, Prefix pfx,
17474 Long delta, Bool isAvx, Bool xIsZ )
17475 {
17476 IRTemp addr = IRTemp_INVALID;
17477 Int alen = 0;
17478 HChar dis_buf[50];
17479 IRTemp srcVec = newTemp(Ity_V128);
17480 UChar modrm = getUChar(delta);
17481 const HChar* mbV = isAvx ? "v" : "";
17482 const HChar how = xIsZ ? 'z' : 's';
17483 UInt rG = gregOfRexRM(pfx, modrm);
17484 if ( epartIsReg(modrm) ) {
17485 UInt rE = eregOfRexRM(pfx, modrm);
17486 assign( srcVec, getXMMReg(rE) );
17487 delta += 1;
17488 DIP( "%spmov%cxbd %s,%s\n", mbV, how, nameXMMReg(rE), nameXMMReg(rG) );
17489 } else {
17490 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17491 assign( srcVec,
17492 unop( Iop_32UtoV128, loadLE( Ity_I32, mkexpr(addr) ) ) );
17493 delta += alen;
17494 DIP( "%spmov%cxbd %s,%s\n", mbV, how, dis_buf, nameXMMReg(rG) );
17495 }
17496
17497 IRTemp zeroVec = newTemp(Ity_V128);
17498 assign( zeroVec, IRExpr_Const( IRConst_V128(0) ) );
17499
17500 IRExpr* res
17501 = binop(Iop_InterleaveLO8x16,
17502 mkexpr(zeroVec),
17503 binop(Iop_InterleaveLO8x16,
17504 mkexpr(zeroVec), mkexpr(srcVec)));
17505 if (!xIsZ)
17506 res = binop(Iop_SarN32x4,
17507 binop(Iop_ShlN32x4, res, mkU8(24)), mkU8(24));
17508
17509 (isAvx ? putYMMRegLoAndZU : putXMMReg) ( rG, res );
17510
17511 return delta;
17512 }
17513
17514
17515 /* Handles 256 bit versions of PMOVZXBD and PMOVSXBD. */
17516 static Long dis_PMOVxXBD_256 ( const VexAbiInfo* vbi, Prefix pfx,
17517 Long delta, Bool xIsZ )
17518 {
17519 IRTemp addr = IRTemp_INVALID;
17520 Int alen = 0;
17521 HChar dis_buf[50];
17522 IRTemp srcVec = newTemp(Ity_V128);
17523 UChar modrm = getUChar(delta);
17524 UChar how = xIsZ ? 'z' : 's';
17525 UInt rG = gregOfRexRM(pfx, modrm);
17526 if ( epartIsReg(modrm) ) {
17527 UInt rE = eregOfRexRM(pfx, modrm);
17528 assign( srcVec, getXMMReg(rE) );
17529 delta += 1;
17530 DIP( "vpmov%cxbd %s,%s\n", how, nameXMMReg(rE), nameYMMReg(rG) );
17531 } else {
17532 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17533 assign( srcVec,
17534 unop( Iop_64UtoV128, loadLE( Ity_I64, mkexpr(addr) ) ) );
17535 delta += alen;
17536 DIP( "vpmov%cxbd %s,%s\n", how, dis_buf, nameYMMReg(rG) );
17537 }
17538
17539 IRTemp zeroVec = newTemp(Ity_V128);
17540 assign( zeroVec, IRExpr_Const( IRConst_V128(0) ) );
17541
17542 IRExpr* res
17543 = binop( Iop_V128HLtoV256,
17544 binop(Iop_InterleaveHI8x16,
17545 mkexpr(zeroVec),
17546 binop(Iop_InterleaveLO8x16,
17547 mkexpr(zeroVec), mkexpr(srcVec)) ),
17548 binop(Iop_InterleaveLO8x16,
17549 mkexpr(zeroVec),
17550 binop(Iop_InterleaveLO8x16,
17551 mkexpr(zeroVec), mkexpr(srcVec)) ) );
17552 if (!xIsZ)
17553 res = binop(Iop_SarN32x8,
17554 binop(Iop_ShlN32x8, res, mkU8(24)), mkU8(24));
17555
17556 putYMMReg ( rG, res );
17557
17558 return delta;
17559 }
17560
17561
17562 /* Handles 128 bit versions of PMOVSXBQ. */
17563 static Long dis_PMOVSXBQ_128 ( const VexAbiInfo* vbi, Prefix pfx,
17564 Long delta, Bool isAvx )
17565 {
17566 IRTemp addr = IRTemp_INVALID;
17567 Int alen = 0;
17568 HChar dis_buf[50];
17569 IRTemp srcBytes = newTemp(Ity_I16);
17570 UChar modrm = getUChar(delta);
17571 const HChar* mbV = isAvx ? "v" : "";
17572 UInt rG = gregOfRexRM(pfx, modrm);
17573 if ( epartIsReg(modrm) ) {
17574 UInt rE = eregOfRexRM(pfx, modrm);
17575 assign( srcBytes, getXMMRegLane16( rE, 0 ) );
17576 delta += 1;
17577 DIP( "%spmovsxbq %s,%s\n", mbV, nameXMMReg(rE), nameXMMReg(rG) );
17578 } else {
17579 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17580 assign( srcBytes, loadLE( Ity_I16, mkexpr(addr) ) );
17581 delta += alen;
17582 DIP( "%spmovsxbq %s,%s\n", mbV, dis_buf, nameXMMReg(rG) );
17583 }
17584
17585 (isAvx ? putYMMRegLoAndZU : putXMMReg)
17586 ( rG, binop( Iop_64HLtoV128,
17587 unop( Iop_8Sto64,
17588 unop( Iop_16HIto8, mkexpr(srcBytes) ) ),
17589 unop( Iop_8Sto64,
17590 unop( Iop_16to8, mkexpr(srcBytes) ) ) ) );
17591 return delta;
17592 }
17593
17594
17595 /* Handles 256 bit versions of PMOVSXBQ. */
17596 static Long dis_PMOVSXBQ_256 ( const VexAbiInfo* vbi, Prefix pfx,
17597 Long delta )
17598 {
17599 IRTemp addr = IRTemp_INVALID;
17600 Int alen = 0;
17601 HChar dis_buf[50];
17602 IRTemp srcBytes = newTemp(Ity_I32);
17603 UChar modrm = getUChar(delta);
17604 UInt rG = gregOfRexRM(pfx, modrm);
17605 if ( epartIsReg(modrm) ) {
17606 UInt rE = eregOfRexRM(pfx, modrm);
17607 assign( srcBytes, getXMMRegLane32( rE, 0 ) );
17608 delta += 1;
17609 DIP( "vpmovsxbq %s,%s\n", nameXMMReg(rE), nameYMMReg(rG) );
17610 } else {
17611 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17612 assign( srcBytes, loadLE( Ity_I32, mkexpr(addr) ) );
17613 delta += alen;
17614 DIP( "vpmovsxbq %s,%s\n", dis_buf, nameYMMReg(rG) );
17615 }
17616
17617 putYMMReg
17618 ( rG, binop( Iop_V128HLtoV256,
17619 binop( Iop_64HLtoV128,
17620 unop( Iop_8Sto64,
17621 unop( Iop_16HIto8,
17622 unop( Iop_32HIto16,
17623 mkexpr(srcBytes) ) ) ),
17624 unop( Iop_8Sto64,
17625 unop( Iop_16to8,
17626 unop( Iop_32HIto16,
17627 mkexpr(srcBytes) ) ) ) ),
17628 binop( Iop_64HLtoV128,
17629 unop( Iop_8Sto64,
17630 unop( Iop_16HIto8,
17631 unop( Iop_32to16,
17632 mkexpr(srcBytes) ) ) ),
17633 unop( Iop_8Sto64,
17634 unop( Iop_16to8,
17635 unop( Iop_32to16,
17636 mkexpr(srcBytes) ) ) ) ) ) );
17637 return delta;
17638 }
17639
17640
17641 /* Handles 128 bit versions of PMOVZXBQ. */
17642 static Long dis_PMOVZXBQ_128 ( const VexAbiInfo* vbi, Prefix pfx,
17643 Long delta, Bool isAvx )
17644 {
17645 IRTemp addr = IRTemp_INVALID;
17646 Int alen = 0;
17647 HChar dis_buf[50];
17648 IRTemp srcVec = newTemp(Ity_V128);
17649 UChar modrm = getUChar(delta);
17650 const HChar* mbV = isAvx ? "v" : "";
17651 UInt rG = gregOfRexRM(pfx, modrm);
17652 if ( epartIsReg(modrm) ) {
17653 UInt rE = eregOfRexRM(pfx, modrm);
17654 assign( srcVec, getXMMReg(rE) );
17655 delta += 1;
17656 DIP( "%spmovzxbq %s,%s\n", mbV, nameXMMReg(rE), nameXMMReg(rG) );
17657 } else {
17658 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17659 assign( srcVec,
17660 unop( Iop_32UtoV128,
17661 unop( Iop_16Uto32, loadLE( Ity_I16, mkexpr(addr) ))));
17662 delta += alen;
17663 DIP( "%spmovzxbq %s,%s\n", mbV, dis_buf, nameXMMReg(rG) );
17664 }
17665
17666 IRTemp zeroVec = newTemp(Ity_V128);
17667 assign( zeroVec, IRExpr_Const( IRConst_V128(0) ) );
17668
17669 (isAvx ? putYMMRegLoAndZU : putXMMReg)
17670 ( rG, binop( Iop_InterleaveLO8x16,
17671 mkexpr(zeroVec),
17672 binop( Iop_InterleaveLO8x16,
17673 mkexpr(zeroVec),
17674 binop( Iop_InterleaveLO8x16,
17675 mkexpr(zeroVec), mkexpr(srcVec) ) ) ) );
17676 return delta;
17677 }
17678
17679
17680 /* Handles 256 bit versions of PMOVZXBQ. */
17681 static Long dis_PMOVZXBQ_256 ( const VexAbiInfo* vbi, Prefix pfx,
17682 Long delta )
17683 {
17684 IRTemp addr = IRTemp_INVALID;
17685 Int alen = 0;
17686 HChar dis_buf[50];
17687 IRTemp srcVec = newTemp(Ity_V128);
17688 UChar modrm = getUChar(delta);
17689 UInt rG = gregOfRexRM(pfx, modrm);
17690 if ( epartIsReg(modrm) ) {
17691 UInt rE = eregOfRexRM(pfx, modrm);
17692 assign( srcVec, getXMMReg(rE) );
17693 delta += 1;
17694 DIP( "vpmovzxbq %s,%s\n", nameXMMReg(rE), nameYMMReg(rG) );
17695 } else {
17696 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17697 assign( srcVec,
17698 unop( Iop_32UtoV128, loadLE( Ity_I32, mkexpr(addr) )));
17699 delta += alen;
17700 DIP( "vpmovzxbq %s,%s\n", dis_buf, nameYMMReg(rG) );
17701 }
17702
17703 IRTemp zeroVec = newTemp(Ity_V128);
17704 assign( zeroVec, IRExpr_Const( IRConst_V128(0) ) );
17705
17706 putYMMReg
17707 ( rG, binop( Iop_V128HLtoV256,
17708 binop( Iop_InterleaveHI8x16,
17709 mkexpr(zeroVec),
17710 binop( Iop_InterleaveLO8x16,
17711 mkexpr(zeroVec),
17712 binop( Iop_InterleaveLO8x16,
17713 mkexpr(zeroVec), mkexpr(srcVec) ) ) ),
17714 binop( Iop_InterleaveLO8x16,
17715 mkexpr(zeroVec),
17716 binop( Iop_InterleaveLO8x16,
17717 mkexpr(zeroVec),
17718 binop( Iop_InterleaveLO8x16,
17719 mkexpr(zeroVec), mkexpr(srcVec) ) ) )
17720 ) );
17721 return delta;
17722 }
17723
17724
17725 static Long dis_PHMINPOSUW_128 ( const VexAbiInfo* vbi, Prefix pfx,
17726 Long delta, Bool isAvx )
17727 {
17728 IRTemp addr = IRTemp_INVALID;
17729 Int alen = 0;
17730 HChar dis_buf[50];
17731 UChar modrm = getUChar(delta);
17732 const HChar* mbV = isAvx ? "v" : "";
17733 IRTemp sV = newTemp(Ity_V128);
17734 IRTemp sHi = newTemp(Ity_I64);
17735 IRTemp sLo = newTemp(Ity_I64);
17736 IRTemp dLo = newTemp(Ity_I64);
17737 UInt rG = gregOfRexRM(pfx,modrm);
17738 if (epartIsReg(modrm)) {
17739 UInt rE = eregOfRexRM(pfx,modrm);
17740 assign( sV, getXMMReg(rE) );
17741 delta += 1;
17742 DIP("%sphminposuw %s,%s\n", mbV, nameXMMReg(rE), nameXMMReg(rG));
17743 } else {
17744 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
17745 if (!isAvx)
17746 gen_SEGV_if_not_16_aligned(addr);
17747 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
17748 delta += alen;
17749 DIP("%sphminposuw %s,%s\n", mbV, dis_buf, nameXMMReg(rG));
17750 }
17751 assign( sHi, unop(Iop_V128HIto64, mkexpr(sV)) );
17752 assign( sLo, unop(Iop_V128to64, mkexpr(sV)) );
17753 assign( dLo, mkIRExprCCall(
17754 Ity_I64, 0/*regparms*/,
17755 "amd64g_calculate_sse_phminposuw",
17756 &amd64g_calculate_sse_phminposuw,
17757 mkIRExprVec_2( mkexpr(sLo), mkexpr(sHi) )
17758 ));
17759 (isAvx ? putYMMRegLoAndZU : putXMMReg)
17760 (rG, unop(Iop_64UtoV128, mkexpr(dLo)));
17761 return delta;
17762 }
17763
17764
17765 static Long dis_AESx ( const VexAbiInfo* vbi, Prefix pfx,
17766 Long delta, Bool isAvx, UChar opc )
17767 {
17768 IRTemp addr = IRTemp_INVALID;
17769 Int alen = 0;
17770 HChar dis_buf[50];
17771 UChar modrm = getUChar(delta);
17772 UInt rG = gregOfRexRM(pfx, modrm);
17773 UInt regNoL = 0;
17774 UInt regNoR = (isAvx && opc != 0xDB) ? getVexNvvvv(pfx) : rG;
17775
17776 /* This is a nasty kludge. We need to pass 2 x V128 to the
17777 helper. Since we can't do that, use a dirty
17778 helper to compute the results directly from the XMM regs in
17779 the guest state. That means for the memory case, we need to
17780 move the left operand into a pseudo-register (XMM16, let's
17781 call it). */
17782 if (epartIsReg(modrm)) {
17783 regNoL = eregOfRexRM(pfx, modrm);
17784 delta += 1;
17785 } else {
17786 regNoL = 16; /* use XMM16 as an intermediary */
17787 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17788 /* alignment check needed ???? */
17789 stmt( IRStmt_Put( OFFB_YMM16, loadLE(Ity_V128, mkexpr(addr)) ));
17790 delta += alen;
17791 }
17792
17793 void* fn = &amd64g_dirtyhelper_AES;
17794 const HChar* nm = "amd64g_dirtyhelper_AES";
17795
17796 /* Round up the arguments. Note that this is a kludge -- the
17797 use of mkU64 rather than mkIRExpr_HWord implies the
17798 assumption that the host's word size is 64-bit. */
17799 UInt gstOffD = ymmGuestRegOffset(rG);
17800 UInt gstOffL = regNoL == 16 ? OFFB_YMM16 : ymmGuestRegOffset(regNoL);
17801 UInt gstOffR = ymmGuestRegOffset(regNoR);
17802 IRExpr* opc4 = mkU64(opc);
17803 IRExpr* gstOffDe = mkU64(gstOffD);
17804 IRExpr* gstOffLe = mkU64(gstOffL);
17805 IRExpr* gstOffRe = mkU64(gstOffR);
17806 IRExpr** args
17807 = mkIRExprVec_5( IRExpr_GSPTR(), opc4, gstOffDe, gstOffLe, gstOffRe );
17808
17809 IRDirty* d = unsafeIRDirty_0_N( 0/*regparms*/, nm, fn, args );
17810 /* It's not really a dirty call, but we can't use the clean helper
17811 mechanism here for the very lame reason that we can't pass 2 x
17812 V128s by value to a helper. Hence this roundabout scheme. */
17813 d->nFxState = 2;
17814 vex_bzero(&d->fxState, sizeof(d->fxState));
17815 /* AES{ENC,ENCLAST,DEC,DECLAST} read both registers, and writes
17816 the second for !isAvx or the third for isAvx.
17817 AESIMC (0xDB) reads the first register, and writes the second. */
17818 d->fxState[0].fx = Ifx_Read;
17819 d->fxState[0].offset = gstOffL;
17820 d->fxState[0].size = sizeof(U128);
17821 d->fxState[1].offset = gstOffR;
17822 d->fxState[1].size = sizeof(U128);
17823 if (opc == 0xDB)
17824 d->fxState[1].fx = Ifx_Write;
17825 else if (!isAvx || rG == regNoR)
17826 d->fxState[1].fx = Ifx_Modify;
17827 else {
17828 d->fxState[1].fx = Ifx_Read;
17829 d->nFxState++;
17830 d->fxState[2].fx = Ifx_Write;
17831 d->fxState[2].offset = gstOffD;
17832 d->fxState[2].size = sizeof(U128);
17833 }
17834
17835 stmt( IRStmt_Dirty(d) );
17836 {
17837 const HChar* opsuf;
17838 switch (opc) {
17839 case 0xDC: opsuf = "enc"; break;
17840 case 0XDD: opsuf = "enclast"; break;
17841 case 0xDE: opsuf = "dec"; break;
17842 case 0xDF: opsuf = "declast"; break;
17843 case 0xDB: opsuf = "imc"; break;
17844 default: vassert(0);
17845 }
17846 DIP("%saes%s %s,%s%s%s\n", isAvx ? "v" : "", opsuf,
17847 (regNoL == 16 ? dis_buf : nameXMMReg(regNoL)),
17848 nameXMMReg(regNoR),
17849 (isAvx && opc != 0xDB) ? "," : "",
17850 (isAvx && opc != 0xDB) ? nameXMMReg(rG) : "");
17851 }
17852 if (isAvx)
17853 putYMMRegLane128( rG, 1, mkV128(0) );
17854 return delta;
17855 }
17856
17857 static Long dis_AESKEYGENASSIST ( const VexAbiInfo* vbi, Prefix pfx,
17858 Long delta, Bool isAvx )
17859 {
17860 IRTemp addr = IRTemp_INVALID;
17861 Int alen = 0;
17862 HChar dis_buf[50];
17863 UChar modrm = getUChar(delta);
17864 UInt regNoL = 0;
17865 UInt regNoR = gregOfRexRM(pfx, modrm);
17866 UChar imm = 0;
17867
17868 /* This is a nasty kludge. See AESENC et al. instructions. */
17869 modrm = getUChar(delta);
17870 if (epartIsReg(modrm)) {
17871 regNoL = eregOfRexRM(pfx, modrm);
17872 imm = getUChar(delta+1);
17873 delta += 1+1;
17874 } else {
17875 regNoL = 16; /* use XMM16 as an intermediary */
17876 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
17877 /* alignment check ???? . */
17878 stmt( IRStmt_Put( OFFB_YMM16, loadLE(Ity_V128, mkexpr(addr)) ));
17879 imm = getUChar(delta+alen);
17880 delta += alen+1;
17881 }
17882
17883 /* Who ya gonna call? Presumably not Ghostbusters. */
17884 void* fn = &amd64g_dirtyhelper_AESKEYGENASSIST;
17885 const HChar* nm = "amd64g_dirtyhelper_AESKEYGENASSIST";
17886
17887 /* Round up the arguments. Note that this is a kludge -- the
17888 use of mkU64 rather than mkIRExpr_HWord implies the
17889 assumption that the host's word size is 64-bit. */
17890 UInt gstOffL = regNoL == 16 ? OFFB_YMM16 : ymmGuestRegOffset(regNoL);
17891 UInt gstOffR = ymmGuestRegOffset(regNoR);
17892
17893 IRExpr* imme = mkU64(imm & 0xFF);
17894 IRExpr* gstOffLe = mkU64(gstOffL);
17895 IRExpr* gstOffRe = mkU64(gstOffR);
17896 IRExpr** args
17897 = mkIRExprVec_4( IRExpr_GSPTR(), imme, gstOffLe, gstOffRe );
17898
17899 IRDirty* d = unsafeIRDirty_0_N( 0/*regparms*/, nm, fn, args );
17900 /* It's not really a dirty call, but we can't use the clean helper
17901 mechanism here for the very lame reason that we can't pass 2 x
17902 V128s by value to a helper. Hence this roundabout scheme. */
17903 d->nFxState = 2;
17904 vex_bzero(&d->fxState, sizeof(d->fxState));
17905 d->fxState[0].fx = Ifx_Read;
17906 d->fxState[0].offset = gstOffL;
17907 d->fxState[0].size = sizeof(U128);
17908 d->fxState[1].fx = Ifx_Write;
17909 d->fxState[1].offset = gstOffR;
17910 d->fxState[1].size = sizeof(U128);
17911 stmt( IRStmt_Dirty(d) );
17912
17913 DIP("%saeskeygenassist $%x,%s,%s\n", isAvx ? "v" : "", (UInt)imm,
17914 (regNoL == 16 ? dis_buf : nameXMMReg(regNoL)),
17915 nameXMMReg(regNoR));
17916 if (isAvx)
17917 putYMMRegLane128( regNoR, 1, mkV128(0) );
17918 return delta;
17919 }
17920
17921
17922 __attribute__((noinline))
17923 static
17924 Long dis_ESC_0F38__SSE4 ( Bool* decode_OK,
17925 const VexAbiInfo* vbi,
17926 Prefix pfx, Int sz, Long deltaIN )
17927 {
17928 IRTemp addr = IRTemp_INVALID;
17929 UChar modrm = 0;
17930 Int alen = 0;
17931 HChar dis_buf[50];
17932
17933 *decode_OK = False;
17934
17935 Long delta = deltaIN;
17936 UChar opc = getUChar(delta);
17937 delta++;
17938 switch (opc) {
17939
17940 case 0x10:
17941 case 0x14:
17942 case 0x15:
17943 /* 66 0F 38 10 /r = PBLENDVB xmm1, xmm2/m128 (byte gran)
17944 66 0F 38 14 /r = BLENDVPS xmm1, xmm2/m128 (float gran)
17945 66 0F 38 15 /r = BLENDVPD xmm1, xmm2/m128 (double gran)
17946 Blend at various granularities, with XMM0 (implicit operand)
17947 providing the controlling mask.
17948 */
17949 if (have66noF2noF3(pfx) && sz == 2) {
17950 modrm = getUChar(delta);
17951
17952 const HChar* nm = NULL;
17953 UInt gran = 0;
17954 IROp opSAR = Iop_INVALID;
17955 switch (opc) {
17956 case 0x10:
17957 nm = "pblendvb"; gran = 1; opSAR = Iop_SarN8x16;
17958 break;
17959 case 0x14:
17960 nm = "blendvps"; gran = 4; opSAR = Iop_SarN32x4;
17961 break;
17962 case 0x15:
17963 nm = "blendvpd"; gran = 8; opSAR = Iop_SarN64x2;
17964 break;
17965 }
17966 vassert(nm);
17967
17968 IRTemp vecE = newTemp(Ity_V128);
17969 IRTemp vecG = newTemp(Ity_V128);
17970 IRTemp vec0 = newTemp(Ity_V128);
17971
17972 if ( epartIsReg(modrm) ) {
17973 assign(vecE, getXMMReg(eregOfRexRM(pfx, modrm)));
17974 delta += 1;
17975 DIP( "%s %s,%s\n", nm,
17976 nameXMMReg( eregOfRexRM(pfx, modrm) ),
17977 nameXMMReg( gregOfRexRM(pfx, modrm) ) );
17978 } else {
17979 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
17980 gen_SEGV_if_not_16_aligned( addr );
17981 assign(vecE, loadLE( Ity_V128, mkexpr(addr) ));
17982 delta += alen;
17983 DIP( "%s %s,%s\n", nm,
17984 dis_buf, nameXMMReg( gregOfRexRM(pfx, modrm) ) );
17985 }
17986
17987 assign(vecG, getXMMReg(gregOfRexRM(pfx, modrm)));
17988 assign(vec0, getXMMReg(0));
17989
17990 IRTemp res = math_PBLENDVB_128( vecE, vecG, vec0, gran, opSAR );
17991 putXMMReg(gregOfRexRM(pfx, modrm), mkexpr(res));
17992
17993 goto decode_success;
17994 }
17995 break;
17996
17997 case 0x17:
17998 /* 66 0F 38 17 /r = PTEST xmm1, xmm2/m128
17999 Logical compare (set ZF and CF from AND/ANDN of the operands) */
18000 if (have66noF2noF3(pfx)
18001 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
18002 delta = dis_xTESTy_128( vbi, pfx, delta, False/*!isAvx*/, 0 );
18003 goto decode_success;
18004 }
18005 break;
18006
18007 case 0x20:
18008 /* 66 0F 38 20 /r = PMOVSXBW xmm1, xmm2/m64
18009 Packed Move with Sign Extend from Byte to Word (XMM) */
18010 if (have66noF2noF3(pfx) && sz == 2) {
18011 delta = dis_PMOVxXBW_128( vbi, pfx, delta,
18012 False/*!isAvx*/, False/*!xIsZ*/ );
18013 goto decode_success;
18014 }
18015 break;
18016
18017 case 0x21:
18018 /* 66 0F 38 21 /r = PMOVSXBD xmm1, xmm2/m32
18019 Packed Move with Sign Extend from Byte to DWord (XMM) */
18020 if (have66noF2noF3(pfx) && sz == 2) {
18021 delta = dis_PMOVxXBD_128( vbi, pfx, delta,
18022 False/*!isAvx*/, False/*!xIsZ*/ );
18023 goto decode_success;
18024 }
18025 break;
18026
18027 case 0x22:
18028 /* 66 0F 38 22 /r = PMOVSXBQ xmm1, xmm2/m16
18029 Packed Move with Sign Extend from Byte to QWord (XMM) */
18030 if (have66noF2noF3(pfx) && sz == 2) {
18031 delta = dis_PMOVSXBQ_128( vbi, pfx, delta, False/*!isAvx*/ );
18032 goto decode_success;
18033 }
18034 break;
18035
18036 case 0x23:
18037 /* 66 0F 38 23 /r = PMOVSXWD xmm1, xmm2/m64
18038 Packed Move with Sign Extend from Word to DWord (XMM) */
18039 if (have66noF2noF3(pfx) && sz == 2) {
18040 delta = dis_PMOVxXWD_128(vbi, pfx, delta,
18041 False/*!isAvx*/, False/*!xIsZ*/);
18042 goto decode_success;
18043 }
18044 break;
18045
18046 case 0x24:
18047 /* 66 0F 38 24 /r = PMOVSXWQ xmm1, xmm2/m32
18048 Packed Move with Sign Extend from Word to QWord (XMM) */
18049 if (have66noF2noF3(pfx) && sz == 2) {
18050 delta = dis_PMOVSXWQ_128( vbi, pfx, delta, False/*!isAvx*/ );
18051 goto decode_success;
18052 }
18053 break;
18054
18055 case 0x25:
18056 /* 66 0F 38 25 /r = PMOVSXDQ xmm1, xmm2/m64
18057 Packed Move with Sign Extend from Double Word to Quad Word (XMM) */
18058 if (have66noF2noF3(pfx) && sz == 2) {
18059 delta = dis_PMOVxXDQ_128( vbi, pfx, delta,
18060 False/*!isAvx*/, False/*!xIsZ*/ );
18061 goto decode_success;
18062 }
18063 break;
18064
18065 case 0x28:
18066 /* 66 0F 38 28 = PMULDQ -- signed widening multiply of 32-lanes
18067 0 x 0 to form lower 64-bit half and lanes 2 x 2 to form upper
18068 64-bit half */
18069 /* This is a really poor translation -- could be improved if
18070 performance critical. It's a copy-paste of PMULUDQ, too. */
18071 if (have66noF2noF3(pfx) && sz == 2) {
18072 IRTemp sV = newTemp(Ity_V128);
18073 IRTemp dV = newTemp(Ity_V128);
18074 modrm = getUChar(delta);
18075 UInt rG = gregOfRexRM(pfx,modrm);
18076 assign( dV, getXMMReg(rG) );
18077 if (epartIsReg(modrm)) {
18078 UInt rE = eregOfRexRM(pfx,modrm);
18079 assign( sV, getXMMReg(rE) );
18080 delta += 1;
18081 DIP("pmuldq %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
18082 } else {
18083 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
18084 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
18085 delta += alen;
18086 DIP("pmuldq %s,%s\n", dis_buf, nameXMMReg(rG));
18087 }
18088
18089 putXMMReg( rG, mkexpr(math_PMULDQ_128( dV, sV )) );
18090 goto decode_success;
18091 }
18092 break;
18093
18094 case 0x29:
18095 /* 66 0F 38 29 = PCMPEQQ
18096 64x2 equality comparison */
18097 if (have66noF2noF3(pfx) && sz == 2) {
18098 /* FIXME: this needs an alignment check */
18099 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
18100 "pcmpeqq", Iop_CmpEQ64x2, False );
18101 goto decode_success;
18102 }
18103 break;
18104
18105 case 0x2A:
18106 /* 66 0F 38 2A = MOVNTDQA
18107 "non-temporal" "streaming" load
18108 Handle like MOVDQA but only memory operand is allowed */
18109 if (have66noF2noF3(pfx) && sz == 2) {
18110 modrm = getUChar(delta);
18111 if (!epartIsReg(modrm)) {
18112 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
18113 gen_SEGV_if_not_16_aligned( addr );
18114 putXMMReg( gregOfRexRM(pfx,modrm),
18115 loadLE(Ity_V128, mkexpr(addr)) );
18116 DIP("movntdqa %s,%s\n", dis_buf,
18117 nameXMMReg(gregOfRexRM(pfx,modrm)));
18118 delta += alen;
18119 goto decode_success;
18120 }
18121 }
18122 break;
18123
18124 case 0x2B:
18125 /* 66 0f 38 2B /r = PACKUSDW xmm1, xmm2/m128
18126 2x 32x4 S->U saturating narrow from xmm2/m128 to xmm1 */
18127 if (have66noF2noF3(pfx) && sz == 2) {
18128
18129 modrm = getUChar(delta);
18130
18131 IRTemp argL = newTemp(Ity_V128);
18132 IRTemp argR = newTemp(Ity_V128);
18133
18134 if ( epartIsReg(modrm) ) {
18135 assign( argL, getXMMReg( eregOfRexRM(pfx, modrm) ) );
18136 delta += 1;
18137 DIP( "packusdw %s,%s\n",
18138 nameXMMReg( eregOfRexRM(pfx, modrm) ),
18139 nameXMMReg( gregOfRexRM(pfx, modrm) ) );
18140 } else {
18141 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
18142 gen_SEGV_if_not_16_aligned( addr );
18143 assign( argL, loadLE( Ity_V128, mkexpr(addr) ));
18144 delta += alen;
18145 DIP( "packusdw %s,%s\n",
18146 dis_buf, nameXMMReg( gregOfRexRM(pfx, modrm) ) );
18147 }
18148
18149 assign(argR, getXMMReg( gregOfRexRM(pfx, modrm) ));
18150
18151 putXMMReg( gregOfRexRM(pfx, modrm),
18152 binop( Iop_QNarrowBin32Sto16Ux8,
18153 mkexpr(argL), mkexpr(argR)) );
18154
18155 goto decode_success;
18156 }
18157 break;
18158
18159 case 0x30:
18160 /* 66 0F 38 30 /r = PMOVZXBW xmm1, xmm2/m64
18161 Packed Move with Zero Extend from Byte to Word (XMM) */
18162 if (have66noF2noF3(pfx) && sz == 2) {
18163 delta = dis_PMOVxXBW_128( vbi, pfx, delta,
18164 False/*!isAvx*/, True/*xIsZ*/ );
18165 goto decode_success;
18166 }
18167 break;
18168
18169 case 0x31:
18170 /* 66 0F 38 31 /r = PMOVZXBD xmm1, xmm2/m32
18171 Packed Move with Zero Extend from Byte to DWord (XMM) */
18172 if (have66noF2noF3(pfx) && sz == 2) {
18173 delta = dis_PMOVxXBD_128( vbi, pfx, delta,
18174 False/*!isAvx*/, True/*xIsZ*/ );
18175 goto decode_success;
18176 }
18177 break;
18178
18179 case 0x32:
18180 /* 66 0F 38 32 /r = PMOVZXBQ xmm1, xmm2/m16
18181 Packed Move with Zero Extend from Byte to QWord (XMM) */
18182 if (have66noF2noF3(pfx) && sz == 2) {
18183 delta = dis_PMOVZXBQ_128( vbi, pfx, delta, False/*!isAvx*/ );
18184 goto decode_success;
18185 }
18186 break;
18187
18188 case 0x33:
18189 /* 66 0F 38 33 /r = PMOVZXWD xmm1, xmm2/m64
18190 Packed Move with Zero Extend from Word to DWord (XMM) */
18191 if (have66noF2noF3(pfx) && sz == 2) {
18192 delta = dis_PMOVxXWD_128( vbi, pfx, delta,
18193 False/*!isAvx*/, True/*xIsZ*/ );
18194 goto decode_success;
18195 }
18196 break;
18197
18198 case 0x34:
18199 /* 66 0F 38 34 /r = PMOVZXWQ xmm1, xmm2/m32
18200 Packed Move with Zero Extend from Word to QWord (XMM) */
18201 if (have66noF2noF3(pfx) && sz == 2) {
18202 delta = dis_PMOVZXWQ_128( vbi, pfx, delta, False/*!isAvx*/ );
18203 goto decode_success;
18204 }
18205 break;
18206
18207 case 0x35:
18208 /* 66 0F 38 35 /r = PMOVZXDQ xmm1, xmm2/m64
18209 Packed Move with Zero Extend from DWord to QWord (XMM) */
18210 if (have66noF2noF3(pfx) && sz == 2) {
18211 delta = dis_PMOVxXDQ_128( vbi, pfx, delta,
18212 False/*!isAvx*/, True/*xIsZ*/ );
18213 goto decode_success;
18214 }
18215 break;
18216
18217 case 0x37:
18218 /* 66 0F 38 37 = PCMPGTQ
18219 64x2 comparison (signed, presumably; the Intel docs don't say :-)
18220 */
18221 if (have66noF2noF3(pfx) && sz == 2) {
18222 /* FIXME: this needs an alignment check */
18223 delta = dis_SSEint_E_to_G( vbi, pfx, delta,
18224 "pcmpgtq", Iop_CmpGT64Sx2, False );
18225 goto decode_success;
18226 }
18227 break;
18228
18229 case 0x38:
18230 case 0x3C:
18231 /* 66 0F 38 38 /r = PMINSB xmm1, xmm2/m128 8Sx16 (signed) min
18232 66 0F 38 3C /r = PMAXSB xmm1, xmm2/m128 8Sx16 (signed) max
18233 */
18234 if (have66noF2noF3(pfx) && sz == 2) {
18235 /* FIXME: this needs an alignment check */
18236 Bool isMAX = opc == 0x3C;
18237 delta = dis_SSEint_E_to_G(
18238 vbi, pfx, delta,
18239 isMAX ? "pmaxsb" : "pminsb",
18240 isMAX ? Iop_Max8Sx16 : Iop_Min8Sx16,
18241 False
18242 );
18243 goto decode_success;
18244 }
18245 break;
18246
18247 case 0x39:
18248 case 0x3D:
18249 /* 66 0F 38 39 /r = PMINSD xmm1, xmm2/m128
18250 Minimum of Packed Signed Double Word Integers (XMM)
18251 66 0F 38 3D /r = PMAXSD xmm1, xmm2/m128
18252 Maximum of Packed Signed Double Word Integers (XMM)
18253 */
18254 if (have66noF2noF3(pfx) && sz == 2) {
18255 /* FIXME: this needs an alignment check */
18256 Bool isMAX = opc == 0x3D;
18257 delta = dis_SSEint_E_to_G(
18258 vbi, pfx, delta,
18259 isMAX ? "pmaxsd" : "pminsd",
18260 isMAX ? Iop_Max32Sx4 : Iop_Min32Sx4,
18261 False
18262 );
18263 goto decode_success;
18264 }
18265 break;
18266
18267 case 0x3A:
18268 case 0x3E:
18269 /* 66 0F 38 3A /r = PMINUW xmm1, xmm2/m128
18270 Minimum of Packed Unsigned Word Integers (XMM)
18271 66 0F 38 3E /r = PMAXUW xmm1, xmm2/m128
18272 Maximum of Packed Unsigned Word Integers (XMM)
18273 */
18274 if (have66noF2noF3(pfx) && sz == 2) {
18275 /* FIXME: this needs an alignment check */
18276 Bool isMAX = opc == 0x3E;
18277 delta = dis_SSEint_E_to_G(
18278 vbi, pfx, delta,
18279 isMAX ? "pmaxuw" : "pminuw",
18280 isMAX ? Iop_Max16Ux8 : Iop_Min16Ux8,
18281 False
18282 );
18283 goto decode_success;
18284 }
18285 break;
18286
18287 case 0x3B:
18288 case 0x3F:
18289 /* 66 0F 38 3B /r = PMINUD xmm1, xmm2/m128
18290 Minimum of Packed Unsigned Doubleword Integers (XMM)
18291 66 0F 38 3F /r = PMAXUD xmm1, xmm2/m128
18292 Maximum of Packed Unsigned Doubleword Integers (XMM)
18293 */
18294 if (have66noF2noF3(pfx) && sz == 2) {
18295 /* FIXME: this needs an alignment check */
18296 Bool isMAX = opc == 0x3F;
18297 delta = dis_SSEint_E_to_G(
18298 vbi, pfx, delta,
18299 isMAX ? "pmaxud" : "pminud",
18300 isMAX ? Iop_Max32Ux4 : Iop_Min32Ux4,
18301 False
18302 );
18303 goto decode_success;
18304 }
18305 break;
18306
18307 case 0x40:
18308 /* 66 0F 38 40 /r = PMULLD xmm1, xmm2/m128
18309 32x4 integer multiply from xmm2/m128 to xmm1 */
18310 if (have66noF2noF3(pfx) && sz == 2) {
18311
18312 modrm = getUChar(delta);
18313
18314 IRTemp argL = newTemp(Ity_V128);
18315 IRTemp argR = newTemp(Ity_V128);
18316
18317 if ( epartIsReg(modrm) ) {
18318 assign( argL, getXMMReg( eregOfRexRM(pfx, modrm) ) );
18319 delta += 1;
18320 DIP( "pmulld %s,%s\n",
18321 nameXMMReg( eregOfRexRM(pfx, modrm) ),
18322 nameXMMReg( gregOfRexRM(pfx, modrm) ) );
18323 } else {
18324 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
18325 gen_SEGV_if_not_16_aligned( addr );
18326 assign( argL, loadLE( Ity_V128, mkexpr(addr) ));
18327 delta += alen;
18328 DIP( "pmulld %s,%s\n",
18329 dis_buf, nameXMMReg( gregOfRexRM(pfx, modrm) ) );
18330 }
18331
18332 assign(argR, getXMMReg( gregOfRexRM(pfx, modrm) ));
18333
18334 putXMMReg( gregOfRexRM(pfx, modrm),
18335 binop( Iop_Mul32x4, mkexpr(argL), mkexpr(argR)) );
18336
18337 goto decode_success;
18338 }
18339 break;
18340
18341 case 0x41:
18342 /* 66 0F 38 41 /r = PHMINPOSUW xmm1, xmm2/m128
18343 Packed Horizontal Word Minimum from xmm2/m128 to xmm1 */
18344 if (have66noF2noF3(pfx) && sz == 2) {
18345 delta = dis_PHMINPOSUW_128( vbi, pfx, delta, False/*!isAvx*/ );
18346 goto decode_success;
18347 }
18348 break;
18349
18350 case 0xDC:
18351 case 0xDD:
18352 case 0xDE:
18353 case 0xDF:
18354 case 0xDB:
18355 /* 66 0F 38 DC /r = AESENC xmm1, xmm2/m128
18356 DD /r = AESENCLAST xmm1, xmm2/m128
18357 DE /r = AESDEC xmm1, xmm2/m128
18358 DF /r = AESDECLAST xmm1, xmm2/m128
18359
18360 DB /r = AESIMC xmm1, xmm2/m128 */
18361 if (have66noF2noF3(pfx) && sz == 2) {
18362 delta = dis_AESx( vbi, pfx, delta, False/*!isAvx*/, opc );
18363 goto decode_success;
18364 }
18365 break;
18366
18367 case 0xF0:
18368 case 0xF1:
18369 /* F2 0F 38 F0 /r = CRC32 r/m8, r32 (REX.W ok, 66 not ok)
18370 F2 0F 38 F1 /r = CRC32 r/m{16,32,64}, r32
18371 The decoding on this is a bit unusual.
18372 */
18373 if (haveF2noF3(pfx)
18374 && (opc == 0xF1 || (opc == 0xF0 && !have66(pfx)))) {
18375 modrm = getUChar(delta);
18376
18377 if (opc == 0xF0)
18378 sz = 1;
18379 else
18380 vassert(sz == 2 || sz == 4 || sz == 8);
18381
18382 IRType tyE = szToITy(sz);
18383 IRTemp valE = newTemp(tyE);
18384
18385 if (epartIsReg(modrm)) {
18386 assign(valE, getIRegE(sz, pfx, modrm));
18387 delta += 1;
18388 DIP("crc32b %s,%s\n", nameIRegE(sz, pfx, modrm),
18389 nameIRegG(1==getRexW(pfx) ? 8 : 4, pfx, modrm));
18390 } else {
18391 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
18392 assign(valE, loadLE(tyE, mkexpr(addr)));
18393 delta += alen;
18394 DIP("crc32b %s,%s\n", dis_buf,
18395 nameIRegG(1==getRexW(pfx) ? 8 : 4, pfx, modrm));
18396 }
18397
18398 /* Somewhat funny getting/putting of the crc32 value, in order
18399 to ensure that it turns into 64-bit gets and puts. However,
18400 mask off the upper 32 bits so as to not get memcheck false
18401 +ves around the helper call. */
18402 IRTemp valG0 = newTemp(Ity_I64);
18403 assign(valG0, binop(Iop_And64, getIRegG(8, pfx, modrm),
18404 mkU64(0xFFFFFFFF)));
18405
18406 const HChar* nm = NULL;
18407 void* fn = NULL;
18408 switch (sz) {
18409 case 1: nm = "amd64g_calc_crc32b";
18410 fn = &amd64g_calc_crc32b; break;
18411 case 2: nm = "amd64g_calc_crc32w";
18412 fn = &amd64g_calc_crc32w; break;
18413 case 4: nm = "amd64g_calc_crc32l";
18414 fn = &amd64g_calc_crc32l; break;
18415 case 8: nm = "amd64g_calc_crc32q";
18416 fn = &amd64g_calc_crc32q; break;
18417 }
18418 vassert(nm && fn);
18419 IRTemp valG1 = newTemp(Ity_I64);
18420 assign(valG1,
18421 mkIRExprCCall(Ity_I64, 0/*regparm*/, nm, fn,
18422 mkIRExprVec_2(mkexpr(valG0),
18423 widenUto64(mkexpr(valE)))));
18424
18425 putIRegG(4, pfx, modrm, unop(Iop_64to32, mkexpr(valG1)));
18426 goto decode_success;
18427 }
18428 break;
18429
18430 default:
18431 break;
18432
18433 }
18434
18435 //decode_failure:
18436 *decode_OK = False;
18437 return deltaIN;
18438
18439 decode_success:
18440 *decode_OK = True;
18441 return delta;
18442 }
18443
18444
18445 /*------------------------------------------------------------*/
18446 /*--- ---*/
18447 /*--- Top-level SSE4: dis_ESC_0F3A__SSE4 ---*/
18448 /*--- ---*/
18449 /*------------------------------------------------------------*/
18450
18451 static Long dis_PEXTRW ( const VexAbiInfo* vbi, Prefix pfx,
18452 Long delta, Bool isAvx )
18453 {
18454 IRTemp addr = IRTemp_INVALID;
18455 IRTemp t0 = IRTemp_INVALID;
18456 IRTemp t1 = IRTemp_INVALID;
18457 IRTemp t2 = IRTemp_INVALID;
18458 IRTemp t3 = IRTemp_INVALID;
18459 UChar modrm = getUChar(delta);
18460 Int alen = 0;
18461 HChar dis_buf[50];
18462 UInt rG = gregOfRexRM(pfx,modrm);
18463 Int imm8_20;
18464 IRTemp xmm_vec = newTemp(Ity_V128);
18465 IRTemp d16 = newTemp(Ity_I16);
18466 const HChar* mbV = isAvx ? "v" : "";
18467
18468 vassert(0==getRexW(pfx)); /* ensured by caller */
18469 assign( xmm_vec, getXMMReg(rG) );
18470 breakupV128to32s( xmm_vec, &t3, &t2, &t1, &t0 );
18471
18472 if ( epartIsReg( modrm ) ) {
18473 imm8_20 = (Int)(getUChar(delta+1) & 7);
18474 } else {
18475 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
18476 imm8_20 = (Int)(getUChar(delta+alen) & 7);
18477 }
18478
18479 switch (imm8_20) {
18480 case 0: assign(d16, unop(Iop_32to16, mkexpr(t0))); break;
18481 case 1: assign(d16, unop(Iop_32HIto16, mkexpr(t0))); break;
18482 case 2: assign(d16, unop(Iop_32to16, mkexpr(t1))); break;
18483 case 3: assign(d16, unop(Iop_32HIto16, mkexpr(t1))); break;
18484 case 4: assign(d16, unop(Iop_32to16, mkexpr(t2))); break;
18485 case 5: assign(d16, unop(Iop_32HIto16, mkexpr(t2))); break;
18486 case 6: assign(d16, unop(Iop_32to16, mkexpr(t3))); break;
18487 case 7: assign(d16, unop(Iop_32HIto16, mkexpr(t3))); break;
18488 default: vassert(0);
18489 }
18490
18491 if ( epartIsReg( modrm ) ) {
18492 UInt rE = eregOfRexRM(pfx,modrm);
18493 putIReg32( rE, unop(Iop_16Uto32, mkexpr(d16)) );
18494 delta += 1+1;
18495 DIP( "%spextrw $%d, %s,%s\n", mbV, imm8_20,
18496 nameXMMReg( rG ), nameIReg32( rE ) );
18497 } else {
18498 storeLE( mkexpr(addr), mkexpr(d16) );
18499 delta += alen+1;
18500 DIP( "%spextrw $%d, %s,%s\n", mbV, imm8_20, nameXMMReg( rG ), dis_buf );
18501 }
18502 return delta;
18503 }
18504
18505
18506 static Long dis_PEXTRD ( const VexAbiInfo* vbi, Prefix pfx,
18507 Long delta, Bool isAvx )
18508 {
18509 IRTemp addr = IRTemp_INVALID;
18510 IRTemp t0 = IRTemp_INVALID;
18511 IRTemp t1 = IRTemp_INVALID;
18512 IRTemp t2 = IRTemp_INVALID;
18513 IRTemp t3 = IRTemp_INVALID;
18514 UChar modrm = 0;
18515 Int alen = 0;
18516 HChar dis_buf[50];
18517
18518 Int imm8_10;
18519 IRTemp xmm_vec = newTemp(Ity_V128);
18520 IRTemp src_dword = newTemp(Ity_I32);
18521 const HChar* mbV = isAvx ? "v" : "";
18522
18523 vassert(0==getRexW(pfx)); /* ensured by caller */
18524 modrm = getUChar(delta);
18525 assign( xmm_vec, getXMMReg( gregOfRexRM(pfx,modrm) ) );
18526 breakupV128to32s( xmm_vec, &t3, &t2, &t1, &t0 );
18527
18528 if ( epartIsReg( modrm ) ) {
18529 imm8_10 = (Int)(getUChar(delta+1) & 3);
18530 } else {
18531 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
18532 imm8_10 = (Int)(getUChar(delta+alen) & 3);
18533 }
18534
18535 switch ( imm8_10 ) {
18536 case 0: assign( src_dword, mkexpr(t0) ); break;
18537 case 1: assign( src_dword, mkexpr(t1) ); break;
18538 case 2: assign( src_dword, mkexpr(t2) ); break;
18539 case 3: assign( src_dword, mkexpr(t3) ); break;
18540 default: vassert(0);
18541 }
18542
18543 if ( epartIsReg( modrm ) ) {
18544 putIReg32( eregOfRexRM(pfx,modrm), mkexpr(src_dword) );
18545 delta += 1+1;
18546 DIP( "%spextrd $%d, %s,%s\n", mbV, imm8_10,
18547 nameXMMReg( gregOfRexRM(pfx, modrm) ),
18548 nameIReg32( eregOfRexRM(pfx, modrm) ) );
18549 } else {
18550 storeLE( mkexpr(addr), mkexpr(src_dword) );
18551 delta += alen+1;
18552 DIP( "%spextrd $%d, %s,%s\n", mbV,
18553 imm8_10, nameXMMReg( gregOfRexRM(pfx, modrm) ), dis_buf );
18554 }
18555 return delta;
18556 }
18557
18558
18559 static Long dis_PEXTRQ ( const VexAbiInfo* vbi, Prefix pfx,
18560 Long delta, Bool isAvx )
18561 {
18562 IRTemp addr = IRTemp_INVALID;
18563 UChar modrm = 0;
18564 Int alen = 0;
18565 HChar dis_buf[50];
18566
18567 Int imm8_0;
18568 IRTemp xmm_vec = newTemp(Ity_V128);
18569 IRTemp src_qword = newTemp(Ity_I64);
18570 const HChar* mbV = isAvx ? "v" : "";
18571
18572 vassert(1==getRexW(pfx)); /* ensured by caller */
18573 modrm = getUChar(delta);
18574 assign( xmm_vec, getXMMReg( gregOfRexRM(pfx,modrm) ) );
18575
18576 if ( epartIsReg( modrm ) ) {
18577 imm8_0 = (Int)(getUChar(delta+1) & 1);
18578 } else {
18579 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
18580 imm8_0 = (Int)(getUChar(delta+alen) & 1);
18581 }
18582
18583 switch ( imm8_0 ) {
18584 case 0: assign( src_qword, unop(Iop_V128to64, mkexpr(xmm_vec)) );
18585 break;
18586 case 1: assign( src_qword, unop(Iop_V128HIto64, mkexpr(xmm_vec)) );
18587 break;
18588 default: vassert(0);
18589 }
18590
18591 if ( epartIsReg( modrm ) ) {
18592 putIReg64( eregOfRexRM(pfx,modrm), mkexpr(src_qword) );
18593 delta += 1+1;
18594 DIP( "%spextrq $%d, %s,%s\n", mbV, imm8_0,
18595 nameXMMReg( gregOfRexRM(pfx, modrm) ),
18596 nameIReg64( eregOfRexRM(pfx, modrm) ) );
18597 } else {
18598 storeLE( mkexpr(addr), mkexpr(src_qword) );
18599 delta += alen+1;
18600 DIP( "%spextrq $%d, %s,%s\n", mbV,
18601 imm8_0, nameXMMReg( gregOfRexRM(pfx, modrm) ), dis_buf );
18602 }
18603 return delta;
18604 }
18605
18606 static IRExpr* math_CTZ32(IRExpr *exp)
18607 {
18608 /* Iop_Ctz32 isn't implemented by the amd64 back end, so use Iop_Ctz64. */
18609 return unop(Iop_64to32, unop(Iop_Ctz64, unop(Iop_32Uto64, exp)));
18610 }
18611
18612 static Long dis_PCMPISTRI_3A ( UChar modrm, UInt regNoL, UInt regNoR,
18613 Long delta, UChar opc, UChar imm,
18614 HChar dis_buf[])
18615 {
18616 /* We only handle PCMPISTRI for now */
18617 vassert((opc & 0x03) == 0x03);
18618 /* And only an immediate byte of 0x38 or 0x3A */
18619 vassert((imm & ~0x02) == 0x38);
18620
18621 /* FIXME: Is this correct when RegNoL == 16 ? */
18622 IRTemp argL = newTemp(Ity_V128);
18623 assign(argL, getXMMReg(regNoL));
18624 IRTemp argR = newTemp(Ity_V128);
18625 assign(argR, getXMMReg(regNoR));
18626
18627 IRTemp zmaskL = newTemp(Ity_I32);
18628 assign(zmaskL, unop(Iop_16Uto32,
18629 unop(Iop_GetMSBs8x16,
18630 binop(Iop_CmpEQ8x16, mkexpr(argL), mkV128(0)))));
18631 IRTemp zmaskR = newTemp(Ity_I32);
18632 assign(zmaskR, unop(Iop_16Uto32,
18633 unop(Iop_GetMSBs8x16,
18634 binop(Iop_CmpEQ8x16, mkexpr(argR), mkV128(0)))));
18635
18636 /* We want validL = ~(zmaskL | -zmaskL)
18637
18638 But this formulation kills memcheck's validity tracking when any
18639 bits above the first "1" are invalid. So reformulate as:
18640
18641 validL = (zmaskL ? (1 << ctz(zmaskL)) : 0) - 1
18642 */
18643
18644 IRExpr *ctzL = unop(Iop_32to8, math_CTZ32(mkexpr(zmaskL)));
18645
18646 /* Generate a bool expression which is zero iff the original is
18647 zero. Do this carefully so memcheck can propagate validity bits
18648 correctly.
18649 */
18650 IRTemp zmaskL_zero = newTemp(Ity_I1);
18651 assign(zmaskL_zero, binop(Iop_ExpCmpNE32, mkexpr(zmaskL), mkU32(0)));
18652
18653 IRTemp validL = newTemp(Ity_I32);
18654 assign(validL, binop(Iop_Sub32,
18655 IRExpr_ITE(mkexpr(zmaskL_zero),
18656 binop(Iop_Shl32, mkU32(1), ctzL),
18657 mkU32(0)),
18658 mkU32(1)));
18659
18660 /* And similarly for validR. */
18661 IRExpr *ctzR = unop(Iop_32to8, math_CTZ32(mkexpr(zmaskR)));
18662 IRTemp zmaskR_zero = newTemp(Ity_I1);
18663 assign(zmaskR_zero, binop(Iop_ExpCmpNE32, mkexpr(zmaskR), mkU32(0)));
18664 IRTemp validR = newTemp(Ity_I32);
18665 assign(validR, binop(Iop_Sub32,
18666 IRExpr_ITE(mkexpr(zmaskR_zero),
18667 binop(Iop_Shl32, mkU32(1), ctzR),
18668 mkU32(0)),
18669 mkU32(1)));
18670
18671 /* Do the actual comparison. */
18672 IRExpr *boolResII = unop(Iop_16Uto32,
18673 unop(Iop_GetMSBs8x16,
18674 binop(Iop_CmpEQ8x16, mkexpr(argL),
18675 mkexpr(argR))));
18676
18677 /* Compute boolresII & validL & validR (i.e., if both valid, use
18678 comparison result) */
18679 IRExpr *intRes1_a = binop(Iop_And32, boolResII,
18680 binop(Iop_And32,
18681 mkexpr(validL), mkexpr(validR)));
18682
18683 /* Compute ~(validL | validR); i.e., if both invalid, force 1. */
18684 IRExpr *intRes1_b = unop(Iop_Not32, binop(Iop_Or32,
18685 mkexpr(validL), mkexpr(validR)));
18686 /* Otherwise, zero. */
18687 IRExpr *intRes1 = binop(Iop_And32, mkU32(0xFFFF),
18688 binop(Iop_Or32, intRes1_a, intRes1_b));
18689
18690 /* The "0x30" in imm=0x3A means "polarity=3" means XOR validL with
18691 result. */
18692 IRTemp intRes2 = newTemp(Ity_I32);
18693 assign(intRes2, binop(Iop_And32, mkU32(0xFFFF),
18694 binop(Iop_Xor32, intRes1, mkexpr(validL))));
18695
18696 /* If the 0x40 bit were set in imm=0x3A, we would return the index
18697 of the msb. Since it is clear, we return the index of the
18698 lsb. */
18699 IRExpr *newECX = math_CTZ32(binop(Iop_Or32,
18700 mkexpr(intRes2), mkU32(0x10000)));
18701
18702 /* And thats our rcx. */
18703 putIReg32(R_RCX, newECX);
18704
18705 /* Now for the condition codes... */
18706
18707 /* C == 0 iff intRes2 == 0 */
18708 IRExpr *c_bit = IRExpr_ITE( binop(Iop_ExpCmpNE32, mkexpr(intRes2),
18709 mkU32(0)),
18710 mkU32(1 << AMD64G_CC_SHIFT_C),
18711 mkU32(0));
18712 /* Z == 1 iff any in argL is 0 */
18713 IRExpr *z_bit = IRExpr_ITE( mkexpr(zmaskL_zero),
18714 mkU32(1 << AMD64G_CC_SHIFT_Z),
18715 mkU32(0));
18716 /* S == 1 iff any in argR is 0 */
18717 IRExpr *s_bit = IRExpr_ITE( mkexpr(zmaskR_zero),
18718 mkU32(1 << AMD64G_CC_SHIFT_S),
18719 mkU32(0));
18720 /* O == IntRes2[0] */
18721 IRExpr *o_bit = binop(Iop_Shl32, binop(Iop_And32, mkexpr(intRes2),
18722 mkU32(0x01)),
18723 mkU8(AMD64G_CC_SHIFT_O));
18724
18725 /* Put them all together */
18726 IRTemp cc = newTemp(Ity_I64);
18727 assign(cc, widenUto64(binop(Iop_Or32,
18728 binop(Iop_Or32, c_bit, z_bit),
18729 binop(Iop_Or32, s_bit, o_bit))));
18730 stmt(IRStmt_Put(OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY)));
18731 stmt(IRStmt_Put(OFFB_CC_DEP1, mkexpr(cc)));
18732 stmt(IRStmt_Put(OFFB_CC_DEP2, mkU64(0)));
18733 stmt(IRStmt_Put(OFFB_CC_NDEP, mkU64(0)));
18734
18735 return delta;
18736 }
18737
18738 /* This can fail, in which case it returns the original (unchanged)
18739 delta. */
18740 static Long dis_PCMPxSTRx ( const VexAbiInfo* vbi, Prefix pfx,
18741 Long delta, Bool isAvx, UChar opc )
18742 {
18743 Long delta0 = delta;
18744 UInt isISTRx = opc & 2;
18745 UInt isxSTRM = (opc & 1) ^ 1;
18746 UInt regNoL = 0;
18747 UInt regNoR = 0;
18748 UChar imm = 0;
18749 IRTemp addr = IRTemp_INVALID;
18750 Int alen = 0;
18751 HChar dis_buf[50];
18752
18753 /* This is a nasty kludge. We need to pass 2 x V128 to the helper
18754 (which is clean). Since we can't do that, use a dirty helper to
18755 compute the results directly from the XMM regs in the guest
18756 state. That means for the memory case, we need to move the left
18757 operand into a pseudo-register (XMM16, let's call it). */
18758 UChar modrm = getUChar(delta);
18759 if (epartIsReg(modrm)) {
18760 regNoL = eregOfRexRM(pfx, modrm);
18761 regNoR = gregOfRexRM(pfx, modrm);
18762 imm = getUChar(delta+1);
18763 delta += 1+1;
18764 } else {
18765 regNoL = 16; /* use XMM16 as an intermediary */
18766 regNoR = gregOfRexRM(pfx, modrm);
18767 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
18768 /* No alignment check; I guess that makes sense, given that
18769 these insns are for dealing with C style strings. */
18770 stmt( IRStmt_Put( OFFB_YMM16, loadLE(Ity_V128, mkexpr(addr)) ));
18771 imm = getUChar(delta+alen);
18772 delta += alen+1;
18773 }
18774
18775 /* Print the insn here, since dis_PCMPISTRI_3A doesn't do so
18776 itself. */
18777 if (regNoL == 16) {
18778 DIP("%spcmp%cstr%c $%x,%s,%s\n",
18779 isAvx ? "v" : "", isISTRx ? 'i' : 'e', isxSTRM ? 'm' : 'i',
18780 (UInt)imm, dis_buf, nameXMMReg(regNoR));
18781 } else {
18782 DIP("%spcmp%cstr%c $%x,%s,%s\n",
18783 isAvx ? "v" : "", isISTRx ? 'i' : 'e', isxSTRM ? 'm' : 'i',
18784 (UInt)imm, nameXMMReg(regNoL), nameXMMReg(regNoR));
18785 }
18786
18787 /* Handle special case(s). */
18788 if (imm == 0x3A && isISTRx && !isxSTRM) {
18789 return dis_PCMPISTRI_3A ( modrm, regNoL, regNoR, delta,
18790 opc, imm, dis_buf);
18791 }
18792
18793 /* Now we know the XMM reg numbers for the operands, and the
18794 immediate byte. Is it one we can actually handle? Throw out any
18795 cases for which the helper function has not been verified. */
18796 switch (imm) {
18797 case 0x00: case 0x02:
18798 case 0x08: case 0x0A: case 0x0C: case 0x0E:
18799 case 0x10: case 0x12: case 0x14:
18800 case 0x18: case 0x1A:
18801 case 0x30: case 0x34:
18802 case 0x38: case 0x3A:
18803 case 0x40: case 0x42: case 0x44: case 0x46:
18804 case 0x4A:
18805 case 0x62:
18806 case 0x70: case 0x72:
18807 break;
18808 // the 16-bit character versions of the above
18809 case 0x01: case 0x03:
18810 case 0x09: case 0x0B: case 0x0D:
18811 case 0x13:
18812 case 0x19: case 0x1B:
18813 case 0x39: case 0x3B:
18814 case 0x41: case 0x45:
18815 case 0x4B:
18816 break;
18817 default:
18818 return delta0; /*FAIL*/
18819 }
18820
18821 /* Who ya gonna call? Presumably not Ghostbusters. */
18822 void* fn = &amd64g_dirtyhelper_PCMPxSTRx;
18823 const HChar* nm = "amd64g_dirtyhelper_PCMPxSTRx";
18824
18825 /* Round up the arguments. Note that this is a kludge -- the use
18826 of mkU64 rather than mkIRExpr_HWord implies the assumption that
18827 the host's word size is 64-bit. */
18828 UInt gstOffL = regNoL == 16 ? OFFB_YMM16 : ymmGuestRegOffset(regNoL);
18829 UInt gstOffR = ymmGuestRegOffset(regNoR);
18830
18831 IRExpr* opc4_and_imm = mkU64((opc << 8) | (imm & 0xFF));
18832 IRExpr* gstOffLe = mkU64(gstOffL);
18833 IRExpr* gstOffRe = mkU64(gstOffR);
18834 IRExpr* edxIN = isISTRx ? mkU64(0) : getIRegRDX(8);
18835 IRExpr* eaxIN = isISTRx ? mkU64(0) : getIRegRAX(8);
18836 IRExpr** args
18837 = mkIRExprVec_6( IRExpr_GSPTR(),
18838 opc4_and_imm, gstOffLe, gstOffRe, edxIN, eaxIN );
18839
18840 IRTemp resT = newTemp(Ity_I64);
18841 IRDirty* d = unsafeIRDirty_1_N( resT, 0/*regparms*/, nm, fn, args );
18842 /* It's not really a dirty call, but we can't use the clean helper
18843 mechanism here for the very lame reason that we can't pass 2 x
18844 V128s by value to a helper. Hence this roundabout scheme. */
18845 d->nFxState = 2;
18846 vex_bzero(&d->fxState, sizeof(d->fxState));
18847 d->fxState[0].fx = Ifx_Read;
18848 d->fxState[0].offset = gstOffL;
18849 d->fxState[0].size = sizeof(U128);
18850 d->fxState[1].fx = Ifx_Read;
18851 d->fxState[1].offset = gstOffR;
18852 d->fxState[1].size = sizeof(U128);
18853 if (isxSTRM) {
18854 /* Declare that the helper writes XMM0. */
18855 d->nFxState = 3;
18856 d->fxState[2].fx = Ifx_Write;
18857 d->fxState[2].offset = ymmGuestRegOffset(0);
18858 d->fxState[2].size = sizeof(U128);
18859 }
18860
18861 stmt( IRStmt_Dirty(d) );
18862
18863 /* Now resT[15:0] holds the new OSZACP values, so the condition
18864 codes must be updated. And for a xSTRI case, resT[31:16] holds
18865 the new ECX value, so stash that too. */
18866 if (!isxSTRM) {
18867 putIReg64(R_RCX, binop(Iop_And64,
18868 binop(Iop_Shr64, mkexpr(resT), mkU8(16)),
18869 mkU64(0xFFFF)));
18870 }
18871
18872 /* Zap the upper half of the dest reg as per AVX conventions. */
18873 if (isxSTRM && isAvx)
18874 putYMMRegLane128(/*YMM*/0, 1, mkV128(0));
18875
18876 stmt( IRStmt_Put(
18877 OFFB_CC_DEP1,
18878 binop(Iop_And64, mkexpr(resT), mkU64(0xFFFF))
18879 ));
18880 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
18881 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
18882 stmt( IRStmt_Put( OFFB_CC_NDEP, mkU64(0) ));
18883
18884 return delta;
18885 }
18886
18887
18888 static IRTemp math_PINSRB_128 ( IRTemp v128, IRTemp u8, UInt imm8 )
18889 {
18890 vassert(imm8 >= 0 && imm8 <= 15);
18891
18892 // Create a V128 value which has the selected byte in the
18893 // specified lane, and zeroes everywhere else.
18894 IRTemp tmp128 = newTemp(Ity_V128);
18895 IRTemp halfshift = newTemp(Ity_I64);
18896 assign(halfshift, binop(Iop_Shl64,
18897 unop(Iop_8Uto64, mkexpr(u8)),
18898 mkU8(8 * (imm8 & 7))));
18899 if (imm8 < 8) {
18900 assign(tmp128, binop(Iop_64HLtoV128, mkU64(0), mkexpr(halfshift)));
18901 } else {
18902 assign(tmp128, binop(Iop_64HLtoV128, mkexpr(halfshift), mkU64(0)));
18903 }
18904
18905 UShort mask = ~(1 << imm8);
18906 IRTemp res = newTemp(Ity_V128);
18907 assign( res, binop(Iop_OrV128,
18908 mkexpr(tmp128),
18909 binop(Iop_AndV128, mkexpr(v128), mkV128(mask))) );
18910 return res;
18911 }
18912
18913
18914 static IRTemp math_PINSRD_128 ( IRTemp v128, IRTemp u32, UInt imm8 )
18915 {
18916 IRTemp z32 = newTemp(Ity_I32);
18917 assign(z32, mkU32(0));
18918
18919 /* Surround u32 with zeroes as per imm, giving us something we can
18920 OR into a suitably masked-out v128.*/
18921 IRTemp withZs = newTemp(Ity_V128);
18922 UShort mask = 0;
18923 switch (imm8) {
18924 case 3: mask = 0x0FFF;
18925 assign(withZs, mkV128from32s(u32, z32, z32, z32));
18926 break;
18927 case 2: mask = 0xF0FF;
18928 assign(withZs, mkV128from32s(z32, u32, z32, z32));
18929 break;
18930 case 1: mask = 0xFF0F;
18931 assign(withZs, mkV128from32s(z32, z32, u32, z32));
18932 break;
18933 case 0: mask = 0xFFF0;
18934 assign(withZs, mkV128from32s(z32, z32, z32, u32));
18935 break;
18936 default: vassert(0);
18937 }
18938
18939 IRTemp res = newTemp(Ity_V128);
18940 assign(res, binop( Iop_OrV128,
18941 mkexpr(withZs),
18942 binop( Iop_AndV128, mkexpr(v128), mkV128(mask) ) ) );
18943 return res;
18944 }
18945
18946
18947 static IRTemp math_PINSRQ_128 ( IRTemp v128, IRTemp u64, UInt imm8 )
18948 {
18949 /* Surround u64 with zeroes as per imm, giving us something we can
18950 OR into a suitably masked-out v128.*/
18951 IRTemp withZs = newTemp(Ity_V128);
18952 UShort mask = 0;
18953 if (imm8 == 0) {
18954 mask = 0xFF00;
18955 assign(withZs, binop(Iop_64HLtoV128, mkU64(0), mkexpr(u64)));
18956 } else {
18957 vassert(imm8 == 1);
18958 mask = 0x00FF;
18959 assign( withZs, binop(Iop_64HLtoV128, mkexpr(u64), mkU64(0)));
18960 }
18961
18962 IRTemp res = newTemp(Ity_V128);
18963 assign( res, binop( Iop_OrV128,
18964 mkexpr(withZs),
18965 binop( Iop_AndV128, mkexpr(v128), mkV128(mask) ) ) );
18966 return res;
18967 }
18968
18969
18970 static IRTemp math_INSERTPS ( IRTemp dstV, IRTemp toInsertD, UInt imm8 )
18971 {
18972 const IRTemp inval = IRTemp_INVALID;
18973 IRTemp dstDs[4] = { inval, inval, inval, inval };
18974 breakupV128to32s( dstV, &dstDs[3], &dstDs[2], &dstDs[1], &dstDs[0] );
18975
18976 vassert(imm8 <= 255);
18977 dstDs[(imm8 >> 4) & 3] = toInsertD; /* "imm8_count_d" */
18978
18979 UInt imm8_zmask = (imm8 & 15);
18980 IRTemp zero_32 = newTemp(Ity_I32);
18981 assign( zero_32, mkU32(0) );
18982 IRTemp resV = newTemp(Ity_V128);
18983 assign( resV, mkV128from32s(
18984 ((imm8_zmask & 8) == 8) ? zero_32 : dstDs[3],
18985 ((imm8_zmask & 4) == 4) ? zero_32 : dstDs[2],
18986 ((imm8_zmask & 2) == 2) ? zero_32 : dstDs[1],
18987 ((imm8_zmask & 1) == 1) ? zero_32 : dstDs[0]) );
18988 return resV;
18989 }
18990
18991
18992 static Long dis_PEXTRB_128_GtoE ( const VexAbiInfo* vbi, Prefix pfx,
18993 Long delta, Bool isAvx )
18994 {
18995 IRTemp addr = IRTemp_INVALID;
18996 Int alen = 0;
18997 HChar dis_buf[50];
18998 IRTemp xmm_vec = newTemp(Ity_V128);
18999 IRTemp sel_lane = newTemp(Ity_I32);
19000 IRTemp shr_lane = newTemp(Ity_I32);
19001 const HChar* mbV = isAvx ? "v" : "";
19002 UChar modrm = getUChar(delta);
19003 IRTemp t3, t2, t1, t0;
19004 Int imm8;
19005 assign( xmm_vec, getXMMReg( gregOfRexRM(pfx,modrm) ) );
19006 t3 = t2 = t1 = t0 = IRTemp_INVALID;
19007 breakupV128to32s( xmm_vec, &t3, &t2, &t1, &t0 );
19008
19009 if ( epartIsReg( modrm ) ) {
19010 imm8 = (Int)getUChar(delta+1);
19011 } else {
19012 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
19013 imm8 = (Int)getUChar(delta+alen);
19014 }
19015 switch ( (imm8 >> 2) & 3 ) {
19016 case 0: assign( sel_lane, mkexpr(t0) ); break;
19017 case 1: assign( sel_lane, mkexpr(t1) ); break;
19018 case 2: assign( sel_lane, mkexpr(t2) ); break;
19019 case 3: assign( sel_lane, mkexpr(t3) ); break;
19020 default: vassert(0);
19021 }
19022 assign( shr_lane,
19023 binop( Iop_Shr32, mkexpr(sel_lane), mkU8(((imm8 & 3)*8)) ) );
19024
19025 if ( epartIsReg( modrm ) ) {
19026 putIReg64( eregOfRexRM(pfx,modrm),
19027 unop( Iop_32Uto64,
19028 binop(Iop_And32, mkexpr(shr_lane), mkU32(255)) ) );
19029 delta += 1+1;
19030 DIP( "%spextrb $%d, %s,%s\n", mbV, imm8,
19031 nameXMMReg( gregOfRexRM(pfx, modrm) ),
19032 nameIReg64( eregOfRexRM(pfx, modrm) ) );
19033 } else {
19034 storeLE( mkexpr(addr), unop(Iop_32to8, mkexpr(shr_lane) ) );
19035 delta += alen+1;
19036 DIP( "%spextrb $%d,%s,%s\n", mbV,
19037 imm8, nameXMMReg( gregOfRexRM(pfx, modrm) ), dis_buf );
19038 }
19039
19040 return delta;
19041 }
19042
19043
19044 static IRTemp math_DPPD_128 ( IRTemp src_vec, IRTemp dst_vec, UInt imm8 )
19045 {
19046 vassert(imm8 < 256);
19047 UShort imm8_perms[4] = { 0x0000, 0x00FF, 0xFF00, 0xFFFF };
19048 IRTemp and_vec = newTemp(Ity_V128);
19049 IRTemp sum_vec = newTemp(Ity_V128);
19050 IRTemp rm = newTemp(Ity_I32);
19051 assign( rm, get_FAKE_roundingmode() ); /* XXXROUNDINGFIXME */
19052 assign( and_vec, binop( Iop_AndV128,
19053 triop( Iop_Mul64Fx2,
19054 mkexpr(rm),
19055 mkexpr(dst_vec), mkexpr(src_vec) ),
19056 mkV128( imm8_perms[ ((imm8 >> 4) & 3) ] ) ) );
19057
19058 assign( sum_vec, binop( Iop_Add64F0x2,
19059 binop( Iop_InterleaveHI64x2,
19060 mkexpr(and_vec), mkexpr(and_vec) ),
19061 binop( Iop_InterleaveLO64x2,
19062 mkexpr(and_vec), mkexpr(and_vec) ) ) );
19063 IRTemp res = newTemp(Ity_V128);
19064 assign(res, binop( Iop_AndV128,
19065 binop( Iop_InterleaveLO64x2,
19066 mkexpr(sum_vec), mkexpr(sum_vec) ),
19067 mkV128( imm8_perms[ (imm8 & 3) ] ) ) );
19068 return res;
19069 }
19070
19071
19072 static IRTemp math_DPPS_128 ( IRTemp src_vec, IRTemp dst_vec, UInt imm8 )
19073 {
19074 vassert(imm8 < 256);
19075 IRTemp tmp_prod_vec = newTemp(Ity_V128);
19076 IRTemp prod_vec = newTemp(Ity_V128);
19077 IRTemp sum_vec = newTemp(Ity_V128);
19078 IRTemp rm = newTemp(Ity_I32);
19079 IRTemp v3, v2, v1, v0;
19080 v3 = v2 = v1 = v0 = IRTemp_INVALID;
19081 UShort imm8_perms[16] = { 0x0000, 0x000F, 0x00F0, 0x00FF, 0x0F00,
19082 0x0F0F, 0x0FF0, 0x0FFF, 0xF000, 0xF00F,
19083 0xF0F0, 0xF0FF, 0xFF00, 0xFF0F, 0xFFF0,
19084 0xFFFF };
19085
19086 assign( rm, get_FAKE_roundingmode() ); /* XXXROUNDINGFIXME */
19087 assign( tmp_prod_vec,
19088 binop( Iop_AndV128,
19089 triop( Iop_Mul32Fx4,
19090 mkexpr(rm), mkexpr(dst_vec), mkexpr(src_vec) ),
19091 mkV128( imm8_perms[((imm8 >> 4)& 15)] ) ) );
19092 breakupV128to32s( tmp_prod_vec, &v3, &v2, &v1, &v0 );
19093 assign( prod_vec, mkV128from32s( v3, v1, v2, v0 ) );
19094
19095 assign( sum_vec, triop( Iop_Add32Fx4,
19096 mkexpr(rm),
19097 binop( Iop_InterleaveHI32x4,
19098 mkexpr(prod_vec), mkexpr(prod_vec) ),
19099 binop( Iop_InterleaveLO32x4,
19100 mkexpr(prod_vec), mkexpr(prod_vec) ) ) );
19101
19102 IRTemp res = newTemp(Ity_V128);
19103 assign( res, binop( Iop_AndV128,
19104 triop( Iop_Add32Fx4,
19105 mkexpr(rm),
19106 binop( Iop_InterleaveHI32x4,
19107 mkexpr(sum_vec), mkexpr(sum_vec) ),
19108 binop( Iop_InterleaveLO32x4,
19109 mkexpr(sum_vec), mkexpr(sum_vec) ) ),
19110 mkV128( imm8_perms[ (imm8 & 15) ] ) ) );
19111 return res;
19112 }
19113
19114
19115 static IRTemp math_MPSADBW_128 ( IRTemp dst_vec, IRTemp src_vec, UInt imm8 )
19116 {
19117 /* Mask out bits of the operands we don't need. This isn't
19118 strictly necessary, but it does ensure Memcheck doesn't
19119 give us any false uninitialised value errors as a
19120 result. */
19121 UShort src_mask[4] = { 0x000F, 0x00F0, 0x0F00, 0xF000 };
19122 UShort dst_mask[2] = { 0x07FF, 0x7FF0 };
19123
19124 IRTemp src_maskV = newTemp(Ity_V128);
19125 IRTemp dst_maskV = newTemp(Ity_V128);
19126 assign(src_maskV, mkV128( src_mask[ imm8 & 3 ] ));
19127 assign(dst_maskV, mkV128( dst_mask[ (imm8 >> 2) & 1 ] ));
19128
19129 IRTemp src_masked = newTemp(Ity_V128);
19130 IRTemp dst_masked = newTemp(Ity_V128);
19131 assign(src_masked, binop(Iop_AndV128, mkexpr(src_vec), mkexpr(src_maskV)));
19132 assign(dst_masked, binop(Iop_AndV128, mkexpr(dst_vec), mkexpr(dst_maskV)));
19133
19134 /* Generate 4 64 bit values that we can hand to a clean helper */
19135 IRTemp sHi = newTemp(Ity_I64);
19136 IRTemp sLo = newTemp(Ity_I64);
19137 assign( sHi, unop(Iop_V128HIto64, mkexpr(src_masked)) );
19138 assign( sLo, unop(Iop_V128to64, mkexpr(src_masked)) );
19139
19140 IRTemp dHi = newTemp(Ity_I64);
19141 IRTemp dLo = newTemp(Ity_I64);
19142 assign( dHi, unop(Iop_V128HIto64, mkexpr(dst_masked)) );
19143 assign( dLo, unop(Iop_V128to64, mkexpr(dst_masked)) );
19144
19145 /* Compute halves of the result separately */
19146 IRTemp resHi = newTemp(Ity_I64);
19147 IRTemp resLo = newTemp(Ity_I64);
19148
19149 IRExpr** argsHi
19150 = mkIRExprVec_5( mkexpr(sHi), mkexpr(sLo), mkexpr(dHi), mkexpr(dLo),
19151 mkU64( 0x80 | (imm8 & 7) ));
19152 IRExpr** argsLo
19153 = mkIRExprVec_5( mkexpr(sHi), mkexpr(sLo), mkexpr(dHi), mkexpr(dLo),
19154 mkU64( 0x00 | (imm8 & 7) ));
19155
19156 assign(resHi, mkIRExprCCall( Ity_I64, 0/*regparm*/,
19157 "amd64g_calc_mpsadbw",
19158 &amd64g_calc_mpsadbw, argsHi ));
19159 assign(resLo, mkIRExprCCall( Ity_I64, 0/*regparm*/,
19160 "amd64g_calc_mpsadbw",
19161 &amd64g_calc_mpsadbw, argsLo ));
19162
19163 IRTemp res = newTemp(Ity_V128);
19164 assign(res, binop(Iop_64HLtoV128, mkexpr(resHi), mkexpr(resLo)));
19165 return res;
19166 }
19167
19168 static Long dis_EXTRACTPS ( const VexAbiInfo* vbi, Prefix pfx,
19169 Long delta, Bool isAvx )
19170 {
19171 IRTemp addr = IRTemp_INVALID;
19172 Int alen = 0;
19173 HChar dis_buf[50];
19174 UChar modrm = getUChar(delta);
19175 Int imm8_10;
19176 IRTemp xmm_vec = newTemp(Ity_V128);
19177 IRTemp src_dword = newTemp(Ity_I32);
19178 UInt rG = gregOfRexRM(pfx,modrm);
19179 IRTemp t3, t2, t1, t0;
19180 t3 = t2 = t1 = t0 = IRTemp_INVALID;
19181
19182 assign( xmm_vec, getXMMReg( rG ) );
19183 breakupV128to32s( xmm_vec, &t3, &t2, &t1, &t0 );
19184
19185 if ( epartIsReg( modrm ) ) {
19186 imm8_10 = (Int)(getUChar(delta+1) & 3);
19187 } else {
19188 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
19189 imm8_10 = (Int)(getUChar(delta+alen) & 3);
19190 }
19191
19192 switch ( imm8_10 ) {
19193 case 0: assign( src_dword, mkexpr(t0) ); break;
19194 case 1: assign( src_dword, mkexpr(t1) ); break;
19195 case 2: assign( src_dword, mkexpr(t2) ); break;
19196 case 3: assign( src_dword, mkexpr(t3) ); break;
19197 default: vassert(0);
19198 }
19199
19200 if ( epartIsReg( modrm ) ) {
19201 UInt rE = eregOfRexRM(pfx,modrm);
19202 putIReg32( rE, mkexpr(src_dword) );
19203 delta += 1+1;
19204 DIP( "%sextractps $%d, %s,%s\n", isAvx ? "v" : "", imm8_10,
19205 nameXMMReg( rG ), nameIReg32( rE ) );
19206 } else {
19207 storeLE( mkexpr(addr), mkexpr(src_dword) );
19208 delta += alen+1;
19209 DIP( "%sextractps $%d, %s,%s\n", isAvx ? "v" : "", imm8_10,
19210 nameXMMReg( rG ), dis_buf );
19211 }
19212
19213 return delta;
19214 }
19215
19216
19217 static IRTemp math_PCLMULQDQ( IRTemp dV, IRTemp sV, UInt imm8 )
19218 {
19219 IRTemp t0 = newTemp(Ity_I64);
19220 IRTemp t1 = newTemp(Ity_I64);
19221 assign(t0, unop((imm8&1)? Iop_V128HIto64 : Iop_V128to64,
19222 mkexpr(dV)));
19223 assign(t1, unop((imm8&16) ? Iop_V128HIto64 : Iop_V128to64,
19224 mkexpr(sV)));
19225
19226 IRTemp t2 = newTemp(Ity_I64);
19227 IRTemp t3 = newTemp(Ity_I64);
19228
19229 IRExpr** args;
19230
19231 args = mkIRExprVec_3(mkexpr(t0), mkexpr(t1), mkU64(0));
19232 assign(t2, mkIRExprCCall(Ity_I64,0, "amd64g_calculate_pclmul",
19233 &amd64g_calculate_pclmul, args));
19234 args = mkIRExprVec_3(mkexpr(t0), mkexpr(t1), mkU64(1));
19235 assign(t3, mkIRExprCCall(Ity_I64,0, "amd64g_calculate_pclmul",
19236 &amd64g_calculate_pclmul, args));
19237
19238 IRTemp res = newTemp(Ity_V128);
19239 assign(res, binop(Iop_64HLtoV128, mkexpr(t3), mkexpr(t2)));
19240 return res;
19241 }
19242
19243
19244 __attribute__((noinline))
19245 static
19246 Long dis_ESC_0F3A__SSE4 ( Bool* decode_OK,
19247 const VexAbiInfo* vbi,
19248 Prefix pfx, Int sz, Long deltaIN )
19249 {
19250 IRTemp addr = IRTemp_INVALID;
19251 UChar modrm = 0;
19252 Int alen = 0;
19253 HChar dis_buf[50];
19254
19255 *decode_OK = False;
19256
19257 Long delta = deltaIN;
19258 UChar opc = getUChar(delta);
19259 delta++;
19260 switch (opc) {
19261
19262 case 0x08:
19263 /* 66 0F 3A 08 /r ib = ROUNDPS imm8, xmm2/m128, xmm1 */
19264 if (have66noF2noF3(pfx) && sz == 2) {
19265
19266 IRTemp src0 = newTemp(Ity_F32);
19267 IRTemp src1 = newTemp(Ity_F32);
19268 IRTemp src2 = newTemp(Ity_F32);
19269 IRTemp src3 = newTemp(Ity_F32);
19270 IRTemp res0 = newTemp(Ity_F32);
19271 IRTemp res1 = newTemp(Ity_F32);
19272 IRTemp res2 = newTemp(Ity_F32);
19273 IRTemp res3 = newTemp(Ity_F32);
19274 IRTemp rm = newTemp(Ity_I32);
19275 Int imm = 0;
19276
19277 modrm = getUChar(delta);
19278
19279 if (epartIsReg(modrm)) {
19280 assign( src0,
19281 getXMMRegLane32F( eregOfRexRM(pfx, modrm), 0 ) );
19282 assign( src1,
19283 getXMMRegLane32F( eregOfRexRM(pfx, modrm), 1 ) );
19284 assign( src2,
19285 getXMMRegLane32F( eregOfRexRM(pfx, modrm), 2 ) );
19286 assign( src3,
19287 getXMMRegLane32F( eregOfRexRM(pfx, modrm), 3 ) );
19288 imm = getUChar(delta+1);
19289 if (imm & ~15) goto decode_failure;
19290 delta += 1+1;
19291 DIP( "roundps $%d,%s,%s\n",
19292 imm, nameXMMReg( eregOfRexRM(pfx, modrm) ),
19293 nameXMMReg( gregOfRexRM(pfx, modrm) ) );
19294 } else {
19295 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
19296 gen_SEGV_if_not_16_aligned(addr);
19297 assign( src0, loadLE(Ity_F32,
19298 binop(Iop_Add64, mkexpr(addr), mkU64(0) )));
19299 assign( src1, loadLE(Ity_F32,
19300 binop(Iop_Add64, mkexpr(addr), mkU64(4) )));
19301 assign( src2, loadLE(Ity_F32,
19302 binop(Iop_Add64, mkexpr(addr), mkU64(8) )));
19303 assign( src3, loadLE(Ity_F32,
19304 binop(Iop_Add64, mkexpr(addr), mkU64(12) )));
19305 imm = getUChar(delta+alen);
19306 if (imm & ~15) goto decode_failure;
19307 delta += alen+1;
19308 DIP( "roundps $%d,%s,%s\n",
19309 imm, dis_buf, nameXMMReg( gregOfRexRM(pfx, modrm) ) );
19310 }
19311
19312 /* (imm & 3) contains an Intel-encoded rounding mode. Because
19313 that encoding is the same as the encoding for IRRoundingMode,
19314 we can use that value directly in the IR as a rounding
19315 mode. */
19316 assign(rm, (imm & 4) ? get_sse_roundingmode() : mkU32(imm & 3));
19317
19318 assign(res0, binop(Iop_RoundF32toInt, mkexpr(rm), mkexpr(src0)) );
19319 assign(res1, binop(Iop_RoundF32toInt, mkexpr(rm), mkexpr(src1)) );
19320 assign(res2, binop(Iop_RoundF32toInt, mkexpr(rm), mkexpr(src2)) );
19321 assign(res3, binop(Iop_RoundF32toInt, mkexpr(rm), mkexpr(src3)) );
19322
19323 putXMMRegLane32F( gregOfRexRM(pfx, modrm), 0, mkexpr(res0) );
19324 putXMMRegLane32F( gregOfRexRM(pfx, modrm), 1, mkexpr(res1) );
19325 putXMMRegLane32F( gregOfRexRM(pfx, modrm), 2, mkexpr(res2) );
19326 putXMMRegLane32F( gregOfRexRM(pfx, modrm), 3, mkexpr(res3) );
19327
19328 goto decode_success;
19329 }
19330 break;
19331
19332 case 0x09:
19333 /* 66 0F 3A 09 /r ib = ROUNDPD imm8, xmm2/m128, xmm1 */
19334 if (have66noF2noF3(pfx) && sz == 2) {
19335
19336 IRTemp src0 = newTemp(Ity_F64);
19337 IRTemp src1 = newTemp(Ity_F64);
19338 IRTemp res0 = newTemp(Ity_F64);
19339 IRTemp res1 = newTemp(Ity_F64);
19340 IRTemp rm = newTemp(Ity_I32);
19341 Int imm = 0;
19342
19343 modrm = getUChar(delta);
19344
19345 if (epartIsReg(modrm)) {
19346 assign( src0,
19347 getXMMRegLane64F( eregOfRexRM(pfx, modrm), 0 ) );
19348 assign( src1,
19349 getXMMRegLane64F( eregOfRexRM(pfx, modrm), 1 ) );
19350 imm = getUChar(delta+1);
19351 if (imm & ~15) goto decode_failure;
19352 delta += 1+1;
19353 DIP( "roundpd $%d,%s,%s\n",
19354 imm, nameXMMReg( eregOfRexRM(pfx, modrm) ),
19355 nameXMMReg( gregOfRexRM(pfx, modrm) ) );
19356 } else {
19357 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
19358 gen_SEGV_if_not_16_aligned(addr);
19359 assign( src0, loadLE(Ity_F64,
19360 binop(Iop_Add64, mkexpr(addr), mkU64(0) )));
19361 assign( src1, loadLE(Ity_F64,
19362 binop(Iop_Add64, mkexpr(addr), mkU64(8) )));
19363 imm = getUChar(delta+alen);
19364 if (imm & ~15) goto decode_failure;
19365 delta += alen+1;
19366 DIP( "roundpd $%d,%s,%s\n",
19367 imm, dis_buf, nameXMMReg( gregOfRexRM(pfx, modrm) ) );
19368 }
19369
19370 /* (imm & 3) contains an Intel-encoded rounding mode. Because
19371 that encoding is the same as the encoding for IRRoundingMode,
19372 we can use that value directly in the IR as a rounding
19373 mode. */
19374 assign(rm, (imm & 4) ? get_sse_roundingmode() : mkU32(imm & 3));
19375
19376 assign(res0, binop(Iop_RoundF64toInt, mkexpr(rm), mkexpr(src0)) );
19377 assign(res1, binop(Iop_RoundF64toInt, mkexpr(rm), mkexpr(src1)) );
19378
19379 putXMMRegLane64F( gregOfRexRM(pfx, modrm), 0, mkexpr(res0) );
19380 putXMMRegLane64F( gregOfRexRM(pfx, modrm), 1, mkexpr(res1) );
19381
19382 goto decode_success;
19383 }
19384 break;
19385
19386 case 0x0A:
19387 case 0x0B:
19388 /* 66 0F 3A 0A /r ib = ROUNDSS imm8, xmm2/m32, xmm1
19389 66 0F 3A 0B /r ib = ROUNDSD imm8, xmm2/m64, xmm1
19390 */
19391 if (have66noF2noF3(pfx) && sz == 2) {
19392
19393 Bool isD = opc == 0x0B;
19394 IRTemp src = newTemp(isD ? Ity_F64 : Ity_F32);
19395 IRTemp res = newTemp(isD ? Ity_F64 : Ity_F32);
19396 Int imm = 0;
19397
19398 modrm = getUChar(delta);
19399
19400 if (epartIsReg(modrm)) {
19401 assign( src,
19402 isD ? getXMMRegLane64F( eregOfRexRM(pfx, modrm), 0 )
19403 : getXMMRegLane32F( eregOfRexRM(pfx, modrm), 0 ) );
19404 imm = getUChar(delta+1);
19405 if (imm & ~15) goto decode_failure;
19406 delta += 1+1;
19407 DIP( "rounds%c $%d,%s,%s\n",
19408 isD ? 'd' : 's',
19409 imm, nameXMMReg( eregOfRexRM(pfx, modrm) ),
19410 nameXMMReg( gregOfRexRM(pfx, modrm) ) );
19411 } else {
19412 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
19413 assign( src, loadLE( isD ? Ity_F64 : Ity_F32, mkexpr(addr) ));
19414 imm = getUChar(delta+alen);
19415 if (imm & ~15) goto decode_failure;
19416 delta += alen+1;
19417 DIP( "rounds%c $%d,%s,%s\n",
19418 isD ? 'd' : 's',
19419 imm, dis_buf, nameXMMReg( gregOfRexRM(pfx, modrm) ) );
19420 }
19421
19422 /* (imm & 3) contains an Intel-encoded rounding mode. Because
19423 that encoding is the same as the encoding for IRRoundingMode,
19424 we can use that value directly in the IR as a rounding
19425 mode. */
19426 assign(res, binop(isD ? Iop_RoundF64toInt : Iop_RoundF32toInt,
19427 (imm & 4) ? get_sse_roundingmode()
19428 : mkU32(imm & 3),
19429 mkexpr(src)) );
19430
19431 if (isD)
19432 putXMMRegLane64F( gregOfRexRM(pfx, modrm), 0, mkexpr(res) );
19433 else
19434 putXMMRegLane32F( gregOfRexRM(pfx, modrm), 0, mkexpr(res) );
19435
19436 goto decode_success;
19437 }
19438 break;
19439
19440 case 0x0C:
19441 /* 66 0F 3A 0C /r ib = BLENDPS xmm1, xmm2/m128, imm8
19442 Blend Packed Single Precision Floating-Point Values (XMM) */
19443 if (have66noF2noF3(pfx) && sz == 2) {
19444
19445 Int imm8;
19446 IRTemp dst_vec = newTemp(Ity_V128);
19447 IRTemp src_vec = newTemp(Ity_V128);
19448
19449 modrm = getUChar(delta);
19450
19451 assign( dst_vec, getXMMReg( gregOfRexRM(pfx, modrm) ) );
19452
19453 if ( epartIsReg( modrm ) ) {
19454 imm8 = (Int)getUChar(delta+1);
19455 assign( src_vec, getXMMReg( eregOfRexRM(pfx, modrm) ) );
19456 delta += 1+1;
19457 DIP( "blendps $%d, %s,%s\n", imm8,
19458 nameXMMReg( eregOfRexRM(pfx, modrm) ),
19459 nameXMMReg( gregOfRexRM(pfx, modrm) ) );
19460 } else {
19461 addr = disAMode( &alen, vbi, pfx, delta, dis_buf,
19462 1/* imm8 is 1 byte after the amode */ );
19463 gen_SEGV_if_not_16_aligned( addr );
19464 assign( src_vec, loadLE( Ity_V128, mkexpr(addr) ) );
19465 imm8 = (Int)getUChar(delta+alen);
19466 delta += alen+1;
19467 DIP( "blendpd $%d, %s,%s\n",
19468 imm8, dis_buf, nameXMMReg( gregOfRexRM(pfx, modrm) ) );
19469 }
19470
19471 putXMMReg( gregOfRexRM(pfx, modrm),
19472 mkexpr( math_BLENDPS_128( src_vec, dst_vec, imm8) ) );
19473 goto decode_success;
19474 }
19475 break;
19476
19477 case 0x0D:
19478 /* 66 0F 3A 0D /r ib = BLENDPD xmm1, xmm2/m128, imm8
19479 Blend Packed Double Precision Floating-Point Values (XMM) */
19480 if (have66noF2noF3(pfx) && sz == 2) {
19481
19482 Int imm8;
19483 IRTemp dst_vec = newTemp(Ity_V128);
19484 IRTemp src_vec = newTemp(Ity_V128);
19485
19486 modrm = getUChar(delta);
19487 assign( dst_vec, getXMMReg( gregOfRexRM(pfx, modrm) ) );
19488
19489 if ( epartIsReg( modrm ) ) {
19490 imm8 = (Int)getUChar(delta+1);
19491 assign( src_vec, getXMMReg( eregOfRexRM(pfx, modrm) ) );
19492 delta += 1+1;
19493 DIP( "blendpd $%d, %s,%s\n", imm8,
19494 nameXMMReg( eregOfRexRM(pfx, modrm) ),
19495 nameXMMReg( gregOfRexRM(pfx, modrm) ) );
19496 } else {
19497 addr = disAMode( &alen, vbi, pfx, delta, dis_buf,
19498 1/* imm8 is 1 byte after the amode */ );
19499 gen_SEGV_if_not_16_aligned( addr );
19500 assign( src_vec, loadLE( Ity_V128, mkexpr(addr) ) );
19501 imm8 = (Int)getUChar(delta+alen);
19502 delta += alen+1;
19503 DIP( "blendpd $%d, %s,%s\n",
19504 imm8, dis_buf, nameXMMReg( gregOfRexRM(pfx, modrm) ) );
19505 }
19506
19507 putXMMReg( gregOfRexRM(pfx, modrm),
19508 mkexpr( math_BLENDPD_128( src_vec, dst_vec, imm8) ) );
19509 goto decode_success;
19510 }
19511 break;
19512
19513 case 0x0E:
19514 /* 66 0F 3A 0E /r ib = PBLENDW xmm1, xmm2/m128, imm8
19515 Blend Packed Words (XMM) */
19516 if (have66noF2noF3(pfx) && sz == 2) {
19517
19518 Int imm8;
19519 IRTemp dst_vec = newTemp(Ity_V128);
19520 IRTemp src_vec = newTemp(Ity_V128);
19521
19522 modrm = getUChar(delta);
19523
19524 assign( dst_vec, getXMMReg( gregOfRexRM(pfx, modrm) ) );
19525
19526 if ( epartIsReg( modrm ) ) {
19527 imm8 = (Int)getUChar(delta+1);
19528 assign( src_vec, getXMMReg( eregOfRexRM(pfx, modrm) ) );
19529 delta += 1+1;
19530 DIP( "pblendw $%d, %s,%s\n", imm8,
19531 nameXMMReg( eregOfRexRM(pfx, modrm) ),
19532 nameXMMReg( gregOfRexRM(pfx, modrm) ) );
19533 } else {
19534 addr = disAMode( &alen, vbi, pfx, delta, dis_buf,
19535 1/* imm8 is 1 byte after the amode */ );
19536 gen_SEGV_if_not_16_aligned( addr );
19537 assign( src_vec, loadLE( Ity_V128, mkexpr(addr) ) );
19538 imm8 = (Int)getUChar(delta+alen);
19539 delta += alen+1;
19540 DIP( "pblendw $%d, %s,%s\n",
19541 imm8, dis_buf, nameXMMReg( gregOfRexRM(pfx, modrm) ) );
19542 }
19543
19544 putXMMReg( gregOfRexRM(pfx, modrm),
19545 mkexpr( math_PBLENDW_128( src_vec, dst_vec, imm8) ) );
19546 goto decode_success;
19547 }
19548 break;
19549
19550 case 0x14:
19551 /* 66 0F 3A 14 /r ib = PEXTRB r/m16, xmm, imm8
19552 Extract Byte from xmm, store in mem or zero-extend + store in gen.reg.
19553 (XMM) */
19554 if (have66noF2noF3(pfx) && sz == 2) {
19555 delta = dis_PEXTRB_128_GtoE( vbi, pfx, delta, False/*!isAvx*/ );
19556 goto decode_success;
19557 }
19558 break;
19559
19560 case 0x15:
19561 /* 66 0F 3A 15 /r ib = PEXTRW r/m16, xmm, imm8
19562 Extract Word from xmm, store in mem or zero-extend + store in gen.reg.
19563 (XMM) */
19564 if (have66noF2noF3(pfx) && sz == 2) {
19565 delta = dis_PEXTRW( vbi, pfx, delta, False/*!isAvx*/ );
19566 goto decode_success;
19567 }
19568 break;
19569
19570 case 0x16:
19571 /* 66 no-REX.W 0F 3A 16 /r ib = PEXTRD reg/mem32, xmm2, imm8
19572 Extract Doubleword int from xmm reg and store in gen.reg or mem. (XMM)
19573 Note that this insn has the same opcodes as PEXTRQ, but
19574 here the REX.W bit is _not_ present */
19575 if (have66noF2noF3(pfx)
19576 && sz == 2 /* REX.W is _not_ present */) {
19577 delta = dis_PEXTRD( vbi, pfx, delta, False/*!isAvx*/ );
19578 goto decode_success;
19579 }
19580 /* 66 REX.W 0F 3A 16 /r ib = PEXTRQ reg/mem64, xmm2, imm8
19581 Extract Quadword int from xmm reg and store in gen.reg or mem. (XMM)
19582 Note that this insn has the same opcodes as PEXTRD, but
19583 here the REX.W bit is present */
19584 if (have66noF2noF3(pfx)
19585 && sz == 8 /* REX.W is present */) {
19586 delta = dis_PEXTRQ( vbi, pfx, delta, False/*!isAvx*/);
19587 goto decode_success;
19588 }
19589 break;
19590
19591 case 0x17:
19592 /* 66 0F 3A 17 /r ib = EXTRACTPS reg/mem32, xmm2, imm8 Extract
19593 float from xmm reg and store in gen.reg or mem. This is
19594 identical to PEXTRD, except that REX.W appears to be ignored.
19595 */
19596 if (have66noF2noF3(pfx)
19597 && (sz == 2 || /* ignore redundant REX.W */ sz == 8)) {
19598 delta = dis_EXTRACTPS( vbi, pfx, delta, False/*!isAvx*/ );
19599 goto decode_success;
19600 }
19601 break;
19602
19603 case 0x20:
19604 /* 66 0F 3A 20 /r ib = PINSRB xmm1, r32/m8, imm8
19605 Extract byte from r32/m8 and insert into xmm1 */
19606 if (have66noF2noF3(pfx) && sz == 2) {
19607 Int imm8;
19608 IRTemp new8 = newTemp(Ity_I8);
19609 modrm = getUChar(delta);
19610 UInt rG = gregOfRexRM(pfx, modrm);
19611 if ( epartIsReg( modrm ) ) {
19612 UInt rE = eregOfRexRM(pfx,modrm);
19613 imm8 = (Int)(getUChar(delta+1) & 0xF);
19614 assign( new8, unop(Iop_32to8, getIReg32(rE)) );
19615 delta += 1+1;
19616 DIP( "pinsrb $%d,%s,%s\n", imm8,
19617 nameIReg32(rE), nameXMMReg(rG) );
19618 } else {
19619 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
19620 imm8 = (Int)(getUChar(delta+alen) & 0xF);
19621 assign( new8, loadLE( Ity_I8, mkexpr(addr) ) );
19622 delta += alen+1;
19623 DIP( "pinsrb $%d,%s,%s\n",
19624 imm8, dis_buf, nameXMMReg(rG) );
19625 }
19626 IRTemp src_vec = newTemp(Ity_V128);
19627 assign(src_vec, getXMMReg( gregOfRexRM(pfx, modrm) ));
19628 IRTemp res = math_PINSRB_128( src_vec, new8, imm8 );
19629 putXMMReg( rG, mkexpr(res) );
19630 goto decode_success;
19631 }
19632 break;
19633
19634 case 0x21:
19635 /* 66 0F 3A 21 /r ib = INSERTPS imm8, xmm2/m32, xmm1
19636 Insert Packed Single Precision Floating-Point Value (XMM) */
19637 if (have66noF2noF3(pfx) && sz == 2) {
19638 UInt imm8;
19639 IRTemp d2ins = newTemp(Ity_I32); /* comes from the E part */
19640 const IRTemp inval = IRTemp_INVALID;
19641
19642 modrm = getUChar(delta);
19643 UInt rG = gregOfRexRM(pfx, modrm);
19644
19645 if ( epartIsReg( modrm ) ) {
19646 UInt rE = eregOfRexRM(pfx, modrm);
19647 IRTemp vE = newTemp(Ity_V128);
19648 assign( vE, getXMMReg(rE) );
19649 IRTemp dsE[4] = { inval, inval, inval, inval };
19650 breakupV128to32s( vE, &dsE[3], &dsE[2], &dsE[1], &dsE[0] );
19651 imm8 = getUChar(delta+1);
19652 d2ins = dsE[(imm8 >> 6) & 3]; /* "imm8_count_s" */
19653 delta += 1+1;
19654 DIP( "insertps $%u, %s,%s\n",
19655 imm8, nameXMMReg(rE), nameXMMReg(rG) );
19656 } else {
19657 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
19658 assign( d2ins, loadLE( Ity_I32, mkexpr(addr) ) );
19659 imm8 = getUChar(delta+alen);
19660 delta += alen+1;
19661 DIP( "insertps $%u, %s,%s\n",
19662 imm8, dis_buf, nameXMMReg(rG) );
19663 }
19664
19665 IRTemp vG = newTemp(Ity_V128);
19666 assign( vG, getXMMReg(rG) );
19667
19668 putXMMReg( rG, mkexpr(math_INSERTPS( vG, d2ins, imm8 )) );
19669 goto decode_success;
19670 }
19671 break;
19672
19673 case 0x22:
19674 /* 66 no-REX.W 0F 3A 22 /r ib = PINSRD xmm1, r/m32, imm8
19675 Extract Doubleword int from gen.reg/mem32 and insert into xmm1 */
19676 if (have66noF2noF3(pfx)
19677 && sz == 2 /* REX.W is NOT present */) {
19678 Int imm8_10;
19679 IRTemp src_u32 = newTemp(Ity_I32);
19680 modrm = getUChar(delta);
19681 UInt rG = gregOfRexRM(pfx, modrm);
19682
19683 if ( epartIsReg( modrm ) ) {
19684 UInt rE = eregOfRexRM(pfx,modrm);
19685 imm8_10 = (Int)(getUChar(delta+1) & 3);
19686 assign( src_u32, getIReg32( rE ) );
19687 delta += 1+1;
19688 DIP( "pinsrd $%d, %s,%s\n",
19689 imm8_10, nameIReg32(rE), nameXMMReg(rG) );
19690 } else {
19691 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
19692 imm8_10 = (Int)(getUChar(delta+alen) & 3);
19693 assign( src_u32, loadLE( Ity_I32, mkexpr(addr) ) );
19694 delta += alen+1;
19695 DIP( "pinsrd $%d, %s,%s\n",
19696 imm8_10, dis_buf, nameXMMReg(rG) );
19697 }
19698
19699 IRTemp src_vec = newTemp(Ity_V128);
19700 assign(src_vec, getXMMReg( rG ));
19701 IRTemp res_vec = math_PINSRD_128( src_vec, src_u32, imm8_10 );
19702 putXMMReg( rG, mkexpr(res_vec) );
19703 goto decode_success;
19704 }
19705 /* 66 REX.W 0F 3A 22 /r ib = PINSRQ xmm1, r/m64, imm8
19706 Extract Quadword int from gen.reg/mem64 and insert into xmm1 */
19707 if (have66noF2noF3(pfx)
19708 && sz == 8 /* REX.W is present */) {
19709 Int imm8_0;
19710 IRTemp src_u64 = newTemp(Ity_I64);
19711 modrm = getUChar(delta);
19712 UInt rG = gregOfRexRM(pfx, modrm);
19713
19714 if ( epartIsReg( modrm ) ) {
19715 UInt rE = eregOfRexRM(pfx,modrm);
19716 imm8_0 = (Int)(getUChar(delta+1) & 1);
19717 assign( src_u64, getIReg64( rE ) );
19718 delta += 1+1;
19719 DIP( "pinsrq $%d, %s,%s\n",
19720 imm8_0, nameIReg64(rE), nameXMMReg(rG) );
19721 } else {
19722 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
19723 imm8_0 = (Int)(getUChar(delta+alen) & 1);
19724 assign( src_u64, loadLE( Ity_I64, mkexpr(addr) ) );
19725 delta += alen+1;
19726 DIP( "pinsrq $%d, %s,%s\n",
19727 imm8_0, dis_buf, nameXMMReg(rG) );
19728 }
19729
19730 IRTemp src_vec = newTemp(Ity_V128);
19731 assign(src_vec, getXMMReg( rG ));
19732 IRTemp res_vec = math_PINSRQ_128( src_vec, src_u64, imm8_0 );
19733 putXMMReg( rG, mkexpr(res_vec) );
19734 goto decode_success;
19735 }
19736 break;
19737
19738 case 0x40:
19739 /* 66 0F 3A 40 /r ib = DPPS xmm1, xmm2/m128, imm8
19740 Dot Product of Packed Single Precision Floating-Point Values (XMM) */
19741 if (have66noF2noF3(pfx) && sz == 2) {
19742 modrm = getUChar(delta);
19743 Int imm8;
19744 IRTemp src_vec = newTemp(Ity_V128);
19745 IRTemp dst_vec = newTemp(Ity_V128);
19746 UInt rG = gregOfRexRM(pfx, modrm);
19747 assign( dst_vec, getXMMReg( rG ) );
19748 if ( epartIsReg( modrm ) ) {
19749 UInt rE = eregOfRexRM(pfx, modrm);
19750 imm8 = (Int)getUChar(delta+1);
19751 assign( src_vec, getXMMReg(rE) );
19752 delta += 1+1;
19753 DIP( "dpps $%d, %s,%s\n",
19754 imm8, nameXMMReg(rE), nameXMMReg(rG) );
19755 } else {
19756 addr = disAMode( &alen, vbi, pfx, delta, dis_buf,
19757 1/* imm8 is 1 byte after the amode */ );
19758 gen_SEGV_if_not_16_aligned( addr );
19759 assign( src_vec, loadLE( Ity_V128, mkexpr(addr) ) );
19760 imm8 = (Int)getUChar(delta+alen);
19761 delta += alen+1;
19762 DIP( "dpps $%d, %s,%s\n",
19763 imm8, dis_buf, nameXMMReg(rG) );
19764 }
19765 IRTemp res = math_DPPS_128( src_vec, dst_vec, imm8 );
19766 putXMMReg( rG, mkexpr(res) );
19767 goto decode_success;
19768 }
19769 break;
19770
19771 case 0x41:
19772 /* 66 0F 3A 41 /r ib = DPPD xmm1, xmm2/m128, imm8
19773 Dot Product of Packed Double Precision Floating-Point Values (XMM) */
19774 if (have66noF2noF3(pfx) && sz == 2) {
19775 modrm = getUChar(delta);
19776 Int imm8;
19777 IRTemp src_vec = newTemp(Ity_V128);
19778 IRTemp dst_vec = newTemp(Ity_V128);
19779 UInt rG = gregOfRexRM(pfx, modrm);
19780 assign( dst_vec, getXMMReg( rG ) );
19781 if ( epartIsReg( modrm ) ) {
19782 UInt rE = eregOfRexRM(pfx, modrm);
19783 imm8 = (Int)getUChar(delta+1);
19784 assign( src_vec, getXMMReg(rE) );
19785 delta += 1+1;
19786 DIP( "dppd $%d, %s,%s\n",
19787 imm8, nameXMMReg(rE), nameXMMReg(rG) );
19788 } else {
19789 addr = disAMode( &alen, vbi, pfx, delta, dis_buf,
19790 1/* imm8 is 1 byte after the amode */ );
19791 gen_SEGV_if_not_16_aligned( addr );
19792 assign( src_vec, loadLE( Ity_V128, mkexpr(addr) ) );
19793 imm8 = (Int)getUChar(delta+alen);
19794 delta += alen+1;
19795 DIP( "dppd $%d, %s,%s\n",
19796 imm8, dis_buf, nameXMMReg(rG) );
19797 }
19798 IRTemp res = math_DPPD_128( src_vec, dst_vec, imm8 );
19799 putXMMReg( rG, mkexpr(res) );
19800 goto decode_success;
19801 }
19802 break;
19803
19804 case 0x42:
19805 /* 66 0F 3A 42 /r ib = MPSADBW xmm1, xmm2/m128, imm8
19806 Multiple Packed Sums of Absolule Difference (XMM) */
19807 if (have66noF2noF3(pfx) && sz == 2) {
19808 Int imm8;
19809 IRTemp src_vec = newTemp(Ity_V128);
19810 IRTemp dst_vec = newTemp(Ity_V128);
19811 modrm = getUChar(delta);
19812 UInt rG = gregOfRexRM(pfx, modrm);
19813
19814 assign( dst_vec, getXMMReg(rG) );
19815
19816 if ( epartIsReg( modrm ) ) {
19817 UInt rE = eregOfRexRM(pfx, modrm);
19818
19819 imm8 = (Int)getUChar(delta+1);
19820 assign( src_vec, getXMMReg(rE) );
19821 delta += 1+1;
19822 DIP( "mpsadbw $%d, %s,%s\n", imm8,
19823 nameXMMReg(rE), nameXMMReg(rG) );
19824 } else {
19825 addr = disAMode( &alen, vbi, pfx, delta, dis_buf,
19826 1/* imm8 is 1 byte after the amode */ );
19827 gen_SEGV_if_not_16_aligned( addr );
19828 assign( src_vec, loadLE( Ity_V128, mkexpr(addr) ) );
19829 imm8 = (Int)getUChar(delta+alen);
19830 delta += alen+1;
19831 DIP( "mpsadbw $%d, %s,%s\n", imm8, dis_buf, nameXMMReg(rG) );
19832 }
19833
19834 putXMMReg( rG, mkexpr( math_MPSADBW_128(dst_vec, src_vec, imm8) ) );
19835 goto decode_success;
19836 }
19837 break;
19838
19839 case 0x44:
19840 /* 66 0F 3A 44 /r ib = PCLMULQDQ xmm1, xmm2/m128, imm8
19841 * Carry-less multiplication of selected XMM quadwords into XMM
19842 * registers (a.k.a multiplication of polynomials over GF(2))
19843 */
19844 if (have66noF2noF3(pfx) && sz == 2) {
19845
19846 Int imm8;
19847 IRTemp svec = newTemp(Ity_V128);
19848 IRTemp dvec = newTemp(Ity_V128);
19849 modrm = getUChar(delta);
19850 UInt rG = gregOfRexRM(pfx, modrm);
19851
19852 assign( dvec, getXMMReg(rG) );
19853
19854 if ( epartIsReg( modrm ) ) {
19855 UInt rE = eregOfRexRM(pfx, modrm);
19856 imm8 = (Int)getUChar(delta+1);
19857 assign( svec, getXMMReg(rE) );
19858 delta += 1+1;
19859 DIP( "pclmulqdq $%d, %s,%s\n", imm8,
19860 nameXMMReg(rE), nameXMMReg(rG) );
19861 } else {
19862 addr = disAMode( &alen, vbi, pfx, delta, dis_buf,
19863 1/* imm8 is 1 byte after the amode */ );
19864 gen_SEGV_if_not_16_aligned( addr );
19865 assign( svec, loadLE( Ity_V128, mkexpr(addr) ) );
19866 imm8 = (Int)getUChar(delta+alen);
19867 delta += alen+1;
19868 DIP( "pclmulqdq $%d, %s,%s\n",
19869 imm8, dis_buf, nameXMMReg(rG) );
19870 }
19871
19872 putXMMReg( rG, mkexpr( math_PCLMULQDQ(dvec, svec, imm8) ) );
19873 goto decode_success;
19874 }
19875 break;
19876
19877 case 0x60:
19878 case 0x61:
19879 case 0x62:
19880 case 0x63:
19881 /* 66 0F 3A 63 /r ib = PCMPISTRI imm8, xmm2/m128, xmm1
19882 66 0F 3A 62 /r ib = PCMPISTRM imm8, xmm2/m128, xmm1
19883 66 0F 3A 61 /r ib = PCMPESTRI imm8, xmm2/m128, xmm1
19884 66 0F 3A 60 /r ib = PCMPESTRM imm8, xmm2/m128, xmm1
19885 (selected special cases that actually occur in glibc,
19886 not by any means a complete implementation.)
19887 */
19888 if (have66noF2noF3(pfx) && sz == 2) {
19889 Long delta0 = delta;
19890 delta = dis_PCMPxSTRx( vbi, pfx, delta, False/*!isAvx*/, opc );
19891 if (delta > delta0) goto decode_success;
19892 /* else fall though; dis_PCMPxSTRx failed to decode it */
19893 }
19894 break;
19895
19896 case 0xDF:
19897 /* 66 0F 3A DF /r ib = AESKEYGENASSIST imm8, xmm2/m128, xmm1 */
19898 if (have66noF2noF3(pfx) && sz == 2) {
19899 delta = dis_AESKEYGENASSIST( vbi, pfx, delta, False/*!isAvx*/ );
19900 goto decode_success;
19901 }
19902 break;
19903
19904 default:
19905 break;
19906
19907 }
19908
19909 decode_failure:
19910 *decode_OK = False;
19911 return deltaIN;
19912
19913 decode_success:
19914 *decode_OK = True;
19915 return delta;
19916 }
19917
19918
19919 /*------------------------------------------------------------*/
19920 /*--- ---*/
19921 /*--- Top-level post-escape decoders: dis_ESC_NONE ---*/
19922 /*--- ---*/
19923 /*------------------------------------------------------------*/
19924
19925 __attribute__((noinline))
19926 static
19927 Long dis_ESC_NONE (
19928 /*MB_OUT*/DisResult* dres,
19929 /*MB_OUT*/Bool* expect_CAS,
19930 Bool (*resteerOkFn) ( /*opaque*/void*, Addr ),
19931 Bool resteerCisOk,
19932 void* callback_opaque,
19933 const VexArchInfo* archinfo,
19934 const VexAbiInfo* vbi,
19935 Prefix pfx, Int sz, Long deltaIN
19936 )
19937 {
19938 Long d64 = 0;
19939 UChar abyte = 0;
19940 IRTemp addr = IRTemp_INVALID;
19941 IRTemp t1 = IRTemp_INVALID;
19942 IRTemp t2 = IRTemp_INVALID;
19943 IRTemp t3 = IRTemp_INVALID;
19944 IRTemp t4 = IRTemp_INVALID;
19945 IRTemp t5 = IRTemp_INVALID;
19946 IRType ty = Ity_INVALID;
19947 UChar modrm = 0;
19948 Int am_sz = 0;
19949 Int d_sz = 0;
19950 Int alen = 0;
19951 HChar dis_buf[50];
19952
19953 Long delta = deltaIN;
19954 UChar opc = getUChar(delta); delta++;
19955
19956 /* delta now points at the modrm byte. In most of the cases that
19957 follow, neither the F2 nor F3 prefixes are allowed. However,
19958 for some basic arithmetic operations we have to allow F2/XACQ or
19959 F3/XREL in the case where the destination is memory and the LOCK
19960 prefix is also present. Do this check by looking at the modrm
19961 byte but not advancing delta over it. */
19962 /* By default, F2 and F3 are not allowed, so let's start off with
19963 that setting. */
19964 Bool validF2orF3 = haveF2orF3(pfx) ? False : True;
19965 { UChar tmp_modrm = getUChar(delta);
19966 switch (opc) {
19967 case 0x00: /* ADD Gb,Eb */ case 0x01: /* ADD Gv,Ev */
19968 case 0x08: /* OR Gb,Eb */ case 0x09: /* OR Gv,Ev */
19969 case 0x10: /* ADC Gb,Eb */ case 0x11: /* ADC Gv,Ev */
19970 case 0x18: /* SBB Gb,Eb */ case 0x19: /* SBB Gv,Ev */
19971 case 0x20: /* AND Gb,Eb */ case 0x21: /* AND Gv,Ev */
19972 case 0x28: /* SUB Gb,Eb */ case 0x29: /* SUB Gv,Ev */
19973 case 0x30: /* XOR Gb,Eb */ case 0x31: /* XOR Gv,Ev */
19974 if (!epartIsReg(tmp_modrm)
19975 && haveF2orF3(pfx) && !haveF2andF3(pfx) && haveLOCK(pfx)) {
19976 /* dst is mem, and we have F2 or F3 but not both */
19977 validF2orF3 = True;
19978 }
19979 break;
19980 default:
19981 break;
19982 }
19983 }
19984
19985 /* Now, in the switch below, for the opc values examined by the
19986 switch above, use validF2orF3 rather than looking at pfx
19987 directly. */
19988 switch (opc) {
19989
19990 case 0x00: /* ADD Gb,Eb */
19991 if (!validF2orF3) goto decode_failure;
19992 delta = dis_op2_G_E ( vbi, pfx, Iop_Add8, WithFlagNone, True, 1, delta, "add" );
19993 return delta;
19994 case 0x01: /* ADD Gv,Ev */
19995 if (!validF2orF3) goto decode_failure;
19996 delta = dis_op2_G_E ( vbi, pfx, Iop_Add8, WithFlagNone, True, sz, delta, "add" );
19997 return delta;
19998
19999 case 0x02: /* ADD Eb,Gb */
20000 if (haveF2orF3(pfx)) goto decode_failure;
20001 delta = dis_op2_E_G ( vbi, pfx, Iop_Add8, WithFlagNone, True, 1, delta, "add" );
20002 return delta;
20003 case 0x03: /* ADD Ev,Gv */
20004 if (haveF2orF3(pfx)) goto decode_failure;
20005 delta = dis_op2_E_G ( vbi, pfx, Iop_Add8, WithFlagNone, True, sz, delta, "add" );
20006 return delta;
20007
20008 case 0x04: /* ADD Ib, AL */
20009 if (haveF2orF3(pfx)) goto decode_failure;
20010 delta = dis_op_imm_A( 1, False, Iop_Add8, True, delta, "add" );
20011 return delta;
20012 case 0x05: /* ADD Iv, eAX */
20013 if (haveF2orF3(pfx)) goto decode_failure;
20014 delta = dis_op_imm_A(sz, False, Iop_Add8, True, delta, "add" );
20015 return delta;
20016
20017 case 0x08: /* OR Gb,Eb */
20018 if (!validF2orF3) goto decode_failure;
20019 delta = dis_op2_G_E ( vbi, pfx, Iop_Or8, WithFlagNone, True, 1, delta, "or" );
20020 return delta;
20021 case 0x09: /* OR Gv,Ev */
20022 if (!validF2orF3) goto decode_failure;
20023 delta = dis_op2_G_E ( vbi, pfx, Iop_Or8, WithFlagNone, True, sz, delta, "or" );
20024 return delta;
20025
20026 case 0x0A: /* OR Eb,Gb */
20027 if (haveF2orF3(pfx)) goto decode_failure;
20028 delta = dis_op2_E_G ( vbi, pfx, Iop_Or8, WithFlagNone, True, 1, delta, "or" );
20029 return delta;
20030 case 0x0B: /* OR Ev,Gv */
20031 if (haveF2orF3(pfx)) goto decode_failure;
20032 delta = dis_op2_E_G ( vbi, pfx, Iop_Or8, WithFlagNone, True, sz, delta, "or" );
20033 return delta;
20034
20035 case 0x0C: /* OR Ib, AL */
20036 if (haveF2orF3(pfx)) goto decode_failure;
20037 delta = dis_op_imm_A( 1, False, Iop_Or8, True, delta, "or" );
20038 return delta;
20039 case 0x0D: /* OR Iv, eAX */
20040 if (haveF2orF3(pfx)) goto decode_failure;
20041 delta = dis_op_imm_A( sz, False, Iop_Or8, True, delta, "or" );
20042 return delta;
20043
20044 case 0x10: /* ADC Gb,Eb */
20045 if (!validF2orF3) goto decode_failure;
20046 delta = dis_op2_G_E ( vbi, pfx, Iop_Add8, WithFlagCarry, True, 1, delta, "adc" );
20047 return delta;
20048 case 0x11: /* ADC Gv,Ev */
20049 if (!validF2orF3) goto decode_failure;
20050 delta = dis_op2_G_E ( vbi, pfx, Iop_Add8, WithFlagCarry, True, sz, delta, "adc" );
20051 return delta;
20052
20053 case 0x12: /* ADC Eb,Gb */
20054 if (haveF2orF3(pfx)) goto decode_failure;
20055 delta = dis_op2_E_G ( vbi, pfx, Iop_Add8, WithFlagCarry, True, 1, delta, "adc" );
20056 return delta;
20057 case 0x13: /* ADC Ev,Gv */
20058 if (haveF2orF3(pfx)) goto decode_failure;
20059 delta = dis_op2_E_G ( vbi, pfx, Iop_Add8, WithFlagCarry, True, sz, delta, "adc" );
20060 return delta;
20061
20062 case 0x14: /* ADC Ib, AL */
20063 if (haveF2orF3(pfx)) goto decode_failure;
20064 delta = dis_op_imm_A( 1, True, Iop_Add8, True, delta, "adc" );
20065 return delta;
20066 case 0x15: /* ADC Iv, eAX */
20067 if (haveF2orF3(pfx)) goto decode_failure;
20068 delta = dis_op_imm_A( sz, True, Iop_Add8, True, delta, "adc" );
20069 return delta;
20070
20071 case 0x18: /* SBB Gb,Eb */
20072 if (!validF2orF3) goto decode_failure;
20073 delta = dis_op2_G_E ( vbi, pfx, Iop_Sub8, WithFlagCarry, True, 1, delta, "sbb" );
20074 return delta;
20075 case 0x19: /* SBB Gv,Ev */
20076 if (!validF2orF3) goto decode_failure;
20077 delta = dis_op2_G_E ( vbi, pfx, Iop_Sub8, WithFlagCarry, True, sz, delta, "sbb" );
20078 return delta;
20079
20080 case 0x1A: /* SBB Eb,Gb */
20081 if (haveF2orF3(pfx)) goto decode_failure;
20082 delta = dis_op2_E_G ( vbi, pfx, Iop_Sub8, WithFlagCarry, True, 1, delta, "sbb" );
20083 return delta;
20084 case 0x1B: /* SBB Ev,Gv */
20085 if (haveF2orF3(pfx)) goto decode_failure;
20086 delta = dis_op2_E_G ( vbi, pfx, Iop_Sub8, WithFlagCarry, True, sz, delta, "sbb" );
20087 return delta;
20088
20089 case 0x1C: /* SBB Ib, AL */
20090 if (haveF2orF3(pfx)) goto decode_failure;
20091 delta = dis_op_imm_A( 1, True, Iop_Sub8, True, delta, "sbb" );
20092 return delta;
20093 case 0x1D: /* SBB Iv, eAX */
20094 if (haveF2orF3(pfx)) goto decode_failure;
20095 delta = dis_op_imm_A( sz, True, Iop_Sub8, True, delta, "sbb" );
20096 return delta;
20097
20098 case 0x20: /* AND Gb,Eb */
20099 if (!validF2orF3) goto decode_failure;
20100 delta = dis_op2_G_E ( vbi, pfx, Iop_And8, WithFlagNone, True, 1, delta, "and" );
20101 return delta;
20102 case 0x21: /* AND Gv,Ev */
20103 if (!validF2orF3) goto decode_failure;
20104 delta = dis_op2_G_E ( vbi, pfx, Iop_And8, WithFlagNone, True, sz, delta, "and" );
20105 return delta;
20106
20107 case 0x22: /* AND Eb,Gb */
20108 if (haveF2orF3(pfx)) goto decode_failure;
20109 delta = dis_op2_E_G ( vbi, pfx, Iop_And8, WithFlagNone, True, 1, delta, "and" );
20110 return delta;
20111 case 0x23: /* AND Ev,Gv */
20112 if (haveF2orF3(pfx)) goto decode_failure;
20113 delta = dis_op2_E_G ( vbi, pfx, Iop_And8, WithFlagNone, True, sz, delta, "and" );
20114 return delta;
20115
20116 case 0x24: /* AND Ib, AL */
20117 if (haveF2orF3(pfx)) goto decode_failure;
20118 delta = dis_op_imm_A( 1, False, Iop_And8, True, delta, "and" );
20119 return delta;
20120 case 0x25: /* AND Iv, eAX */
20121 if (haveF2orF3(pfx)) goto decode_failure;
20122 delta = dis_op_imm_A( sz, False, Iop_And8, True, delta, "and" );
20123 return delta;
20124
20125 case 0x28: /* SUB Gb,Eb */
20126 if (!validF2orF3) goto decode_failure;
20127 delta = dis_op2_G_E ( vbi, pfx, Iop_Sub8, WithFlagNone, True, 1, delta, "sub" );
20128 return delta;
20129 case 0x29: /* SUB Gv,Ev */
20130 if (!validF2orF3) goto decode_failure;
20131 delta = dis_op2_G_E ( vbi, pfx, Iop_Sub8, WithFlagNone, True, sz, delta, "sub" );
20132 return delta;
20133
20134 case 0x2A: /* SUB Eb,Gb */
20135 if (haveF2orF3(pfx)) goto decode_failure;
20136 delta = dis_op2_E_G ( vbi, pfx, Iop_Sub8, WithFlagNone, True, 1, delta, "sub" );
20137 return delta;
20138 case 0x2B: /* SUB Ev,Gv */
20139 if (haveF2orF3(pfx)) goto decode_failure;
20140 delta = dis_op2_E_G ( vbi, pfx, Iop_Sub8, WithFlagNone, True, sz, delta, "sub" );
20141 return delta;
20142
20143 case 0x2C: /* SUB Ib, AL */
20144 if (haveF2orF3(pfx)) goto decode_failure;
20145 delta = dis_op_imm_A(1, False, Iop_Sub8, True, delta, "sub" );
20146 return delta;
20147 case 0x2D: /* SUB Iv, eAX */
20148 if (haveF2orF3(pfx)) goto decode_failure;
20149 delta = dis_op_imm_A( sz, False, Iop_Sub8, True, delta, "sub" );
20150 return delta;
20151
20152 case 0x30: /* XOR Gb,Eb */
20153 if (!validF2orF3) goto decode_failure;
20154 delta = dis_op2_G_E ( vbi, pfx, Iop_Xor8, WithFlagNone, True, 1, delta, "xor" );
20155 return delta;
20156 case 0x31: /* XOR Gv,Ev */
20157 if (!validF2orF3) goto decode_failure;
20158 delta = dis_op2_G_E ( vbi, pfx, Iop_Xor8, WithFlagNone, True, sz, delta, "xor" );
20159 return delta;
20160
20161 case 0x32: /* XOR Eb,Gb */
20162 if (haveF2orF3(pfx)) goto decode_failure;
20163 delta = dis_op2_E_G ( vbi, pfx, Iop_Xor8, WithFlagNone, True, 1, delta, "xor" );
20164 return delta;
20165 case 0x33: /* XOR Ev,Gv */
20166 if (haveF2orF3(pfx)) goto decode_failure;
20167 delta = dis_op2_E_G ( vbi, pfx, Iop_Xor8, WithFlagNone, True, sz, delta, "xor" );
20168 return delta;
20169
20170 case 0x34: /* XOR Ib, AL */
20171 if (haveF2orF3(pfx)) goto decode_failure;
20172 delta = dis_op_imm_A( 1, False, Iop_Xor8, True, delta, "xor" );
20173 return delta;
20174 case 0x35: /* XOR Iv, eAX */
20175 if (haveF2orF3(pfx)) goto decode_failure;
20176 delta = dis_op_imm_A( sz, False, Iop_Xor8, True, delta, "xor" );
20177 return delta;
20178
20179 case 0x38: /* CMP Gb,Eb */
20180 if (haveF2orF3(pfx)) goto decode_failure;
20181 delta = dis_op2_G_E ( vbi, pfx, Iop_Sub8, WithFlagNone, False, 1, delta, "cmp" );
20182 return delta;
20183 case 0x39: /* CMP Gv,Ev */
20184 if (haveF2orF3(pfx)) goto decode_failure;
20185 delta = dis_op2_G_E ( vbi, pfx, Iop_Sub8, WithFlagNone, False, sz, delta, "cmp" );
20186 return delta;
20187
20188 case 0x3A: /* CMP Eb,Gb */
20189 if (haveF2orF3(pfx)) goto decode_failure;
20190 delta = dis_op2_E_G ( vbi, pfx, Iop_Sub8, WithFlagNone, False, 1, delta, "cmp" );
20191 return delta;
20192 case 0x3B: /* CMP Ev,Gv */
20193 if (haveF2orF3(pfx)) goto decode_failure;
20194 delta = dis_op2_E_G ( vbi, pfx, Iop_Sub8, WithFlagNone, False, sz, delta, "cmp" );
20195 return delta;
20196
20197 case 0x3C: /* CMP Ib, AL */
20198 if (haveF2orF3(pfx)) goto decode_failure;
20199 delta = dis_op_imm_A( 1, False, Iop_Sub8, False, delta, "cmp" );
20200 return delta;
20201 case 0x3D: /* CMP Iv, eAX */
20202 if (haveF2orF3(pfx)) goto decode_failure;
20203 delta = dis_op_imm_A( sz, False, Iop_Sub8, False, delta, "cmp" );
20204 return delta;
20205
20206 case 0x50: /* PUSH eAX */
20207 case 0x51: /* PUSH eCX */
20208 case 0x52: /* PUSH eDX */
20209 case 0x53: /* PUSH eBX */
20210 case 0x55: /* PUSH eBP */
20211 case 0x56: /* PUSH eSI */
20212 case 0x57: /* PUSH eDI */
20213 case 0x54: /* PUSH eSP */
20214 /* This is the Right Way, in that the value to be pushed is
20215 established before %rsp is changed, so that pushq %rsp
20216 correctly pushes the old value. */
20217 if (haveF2orF3(pfx)) goto decode_failure;
20218 vassert(sz == 2 || sz == 4 || sz == 8);
20219 if (sz == 4)
20220 sz = 8; /* there is no encoding for 32-bit push in 64-bit mode */
20221 ty = sz==2 ? Ity_I16 : Ity_I64;
20222 t1 = newTemp(ty);
20223 t2 = newTemp(Ity_I64);
20224 assign(t1, getIRegRexB(sz, pfx, opc-0x50));
20225 assign(t2, binop(Iop_Sub64, getIReg64(R_RSP), mkU64(sz)));
20226 putIReg64(R_RSP, mkexpr(t2) );
20227 storeLE(mkexpr(t2),mkexpr(t1));
20228 DIP("push%c %s\n", nameISize(sz), nameIRegRexB(sz,pfx,opc-0x50));
20229 return delta;
20230
20231 case 0x58: /* POP eAX */
20232 case 0x59: /* POP eCX */
20233 case 0x5A: /* POP eDX */
20234 case 0x5B: /* POP eBX */
20235 case 0x5D: /* POP eBP */
20236 case 0x5E: /* POP eSI */
20237 case 0x5F: /* POP eDI */
20238 case 0x5C: /* POP eSP */
20239 if (haveF2orF3(pfx)) goto decode_failure;
20240 vassert(sz == 2 || sz == 4 || sz == 8);
20241 if (sz == 4)
20242 sz = 8; /* there is no encoding for 32-bit pop in 64-bit mode */
20243 t1 = newTemp(szToITy(sz));
20244 t2 = newTemp(Ity_I64);
20245 assign(t2, getIReg64(R_RSP));
20246 assign(t1, loadLE(szToITy(sz),mkexpr(t2)));
20247 putIReg64(R_RSP, binop(Iop_Add64, mkexpr(t2), mkU64(sz)));
20248 putIRegRexB(sz, pfx, opc-0x58, mkexpr(t1));
20249 DIP("pop%c %s\n", nameISize(sz), nameIRegRexB(sz,pfx,opc-0x58));
20250 return delta;
20251
20252 case 0x63: /* MOVSX */
20253 if (haveF2orF3(pfx)) goto decode_failure;
20254 if (haveREX(pfx) && 1==getRexW(pfx)) {
20255 vassert(sz == 8);
20256 /* movsx r/m32 to r64 */
20257 modrm = getUChar(delta);
20258 if (epartIsReg(modrm)) {
20259 delta++;
20260 putIRegG(8, pfx, modrm,
20261 unop(Iop_32Sto64,
20262 getIRegE(4, pfx, modrm)));
20263 DIP("movslq %s,%s\n",
20264 nameIRegE(4, pfx, modrm),
20265 nameIRegG(8, pfx, modrm));
20266 return delta;
20267 } else {
20268 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
20269 delta += alen;
20270 putIRegG(8, pfx, modrm,
20271 unop(Iop_32Sto64,
20272 loadLE(Ity_I32, mkexpr(addr))));
20273 DIP("movslq %s,%s\n", dis_buf,
20274 nameIRegG(8, pfx, modrm));
20275 return delta;
20276 }
20277 } else {
20278 goto decode_failure;
20279 }
20280
20281 case 0x68: /* PUSH Iv */
20282 if (haveF2orF3(pfx)) goto decode_failure;
20283 /* Note, sz==4 is not possible in 64-bit mode. Hence ... */
20284 if (sz == 4) sz = 8;
20285 d64 = getSDisp(imin(4,sz),delta);
20286 delta += imin(4,sz);
20287 goto do_push_I;
20288
20289 case 0x69: /* IMUL Iv, Ev, Gv */
20290 if (haveF2orF3(pfx)) goto decode_failure;
20291 delta = dis_imul_I_E_G ( vbi, pfx, sz, delta, sz );
20292 return delta;
20293
20294 case 0x6A: /* PUSH Ib, sign-extended to sz */
20295 if (haveF2orF3(pfx)) goto decode_failure;
20296 /* Note, sz==4 is not possible in 64-bit mode. Hence ... */
20297 if (sz == 4) sz = 8;
20298 d64 = getSDisp8(delta); delta += 1;
20299 goto do_push_I;
20300 do_push_I:
20301 ty = szToITy(sz);
20302 t1 = newTemp(Ity_I64);
20303 t2 = newTemp(ty);
20304 assign( t1, binop(Iop_Sub64,getIReg64(R_RSP),mkU64(sz)) );
20305 putIReg64(R_RSP, mkexpr(t1) );
20306 /* stop mkU16 asserting if d32 is a negative 16-bit number
20307 (bug #132813) */
20308 if (ty == Ity_I16)
20309 d64 &= 0xFFFF;
20310 storeLE( mkexpr(t1), mkU(ty,d64) );
20311 DIP("push%c $%lld\n", nameISize(sz), (Long)d64);
20312 return delta;
20313
20314 case 0x6B: /* IMUL Ib, Ev, Gv */
20315 delta = dis_imul_I_E_G ( vbi, pfx, sz, delta, 1 );
20316 return delta;
20317
20318 case 0x70:
20319 case 0x71:
20320 case 0x72: /* JBb/JNAEb (jump below) */
20321 case 0x73: /* JNBb/JAEb (jump not below) */
20322 case 0x74: /* JZb/JEb (jump zero) */
20323 case 0x75: /* JNZb/JNEb (jump not zero) */
20324 case 0x76: /* JBEb/JNAb (jump below or equal) */
20325 case 0x77: /* JNBEb/JAb (jump not below or equal) */
20326 case 0x78: /* JSb (jump negative) */
20327 case 0x79: /* JSb (jump not negative) */
20328 case 0x7A: /* JP (jump parity even) */
20329 case 0x7B: /* JNP/JPO (jump parity odd) */
20330 case 0x7C: /* JLb/JNGEb (jump less) */
20331 case 0x7D: /* JGEb/JNLb (jump greater or equal) */
20332 case 0x7E: /* JLEb/JNGb (jump less or equal) */
20333 case 0x7F: { /* JGb/JNLEb (jump greater) */
20334 Long jmpDelta;
20335 const HChar* comment = "";
20336 if (haveF3(pfx)) goto decode_failure;
20337 if (haveF2(pfx)) DIP("bnd ; "); /* MPX bnd prefix. */
20338 jmpDelta = getSDisp8(delta);
20339 vassert(-128 <= jmpDelta && jmpDelta < 128);
20340 d64 = (guest_RIP_bbstart+delta+1) + jmpDelta;
20341 delta++;
20342 if (resteerCisOk
20343 && vex_control.guest_chase_cond
20344 && (Addr64)d64 != (Addr64)guest_RIP_bbstart
20345 && jmpDelta < 0
20346 && resteerOkFn( callback_opaque, (Addr64)d64) ) {
20347 /* Speculation: assume this backward branch is taken. So we
20348 need to emit a side-exit to the insn following this one,
20349 on the negation of the condition, and continue at the
20350 branch target address (d64). If we wind up back at the
20351 first instruction of the trace, just stop; it's better to
20352 let the IR loop unroller handle that case. */
20353 stmt( IRStmt_Exit(
20354 mk_amd64g_calculate_condition(
20355 (AMD64Condcode)(1 ^ (opc - 0x70))),
20356 Ijk_Boring,
20357 IRConst_U64(guest_RIP_bbstart+delta),
20358 OFFB_RIP ) );
20359 dres->whatNext = Dis_ResteerC;
20360 dres->continueAt = d64;
20361 comment = "(assumed taken)";
20362 }
20363 else
20364 if (resteerCisOk
20365 && vex_control.guest_chase_cond
20366 && (Addr64)d64 != (Addr64)guest_RIP_bbstart
20367 && jmpDelta >= 0
20368 && resteerOkFn( callback_opaque, guest_RIP_bbstart+delta ) ) {
20369 /* Speculation: assume this forward branch is not taken. So
20370 we need to emit a side-exit to d64 (the dest) and continue
20371 disassembling at the insn immediately following this
20372 one. */
20373 stmt( IRStmt_Exit(
20374 mk_amd64g_calculate_condition((AMD64Condcode)(opc - 0x70)),
20375 Ijk_Boring,
20376 IRConst_U64(d64),
20377 OFFB_RIP ) );
20378 dres->whatNext = Dis_ResteerC;
20379 dres->continueAt = guest_RIP_bbstart+delta;
20380 comment = "(assumed not taken)";
20381 }
20382 else {
20383 /* Conservative default translation - end the block at this
20384 point. */
20385 jcc_01( dres, (AMD64Condcode)(opc - 0x70),
20386 guest_RIP_bbstart+delta, d64 );
20387 vassert(dres->whatNext == Dis_StopHere);
20388 }
20389 DIP("j%s-8 0x%llx %s\n", name_AMD64Condcode(opc - 0x70), (ULong)d64,
20390 comment);
20391 return delta;
20392 }
20393
20394 case 0x80: /* Grp1 Ib,Eb */
20395 modrm = getUChar(delta);
20396 /* Disallow F2/XACQ and F3/XREL for the non-mem case. Allow
20397 just one for the mem case and also require LOCK in this case.
20398 Note that this erroneously allows XACQ/XREL on CMP since we
20399 don't check the subopcode here. No big deal. */
20400 if (epartIsReg(modrm) && haveF2orF3(pfx))
20401 goto decode_failure;
20402 if (!epartIsReg(modrm) && haveF2andF3(pfx))
20403 goto decode_failure;
20404 if (!epartIsReg(modrm) && haveF2orF3(pfx) && !haveLOCK(pfx))
20405 goto decode_failure;
20406 am_sz = lengthAMode(pfx,delta);
20407 sz = 1;
20408 d_sz = 1;
20409 d64 = getSDisp8(delta + am_sz);
20410 delta = dis_Grp1 ( vbi, pfx, delta, modrm, am_sz, d_sz, sz, d64 );
20411 return delta;
20412
20413 case 0x81: /* Grp1 Iv,Ev */
20414 modrm = getUChar(delta);
20415 /* Same comment as for case 0x80 just above. */
20416 if (epartIsReg(modrm) && haveF2orF3(pfx))
20417 goto decode_failure;
20418 if (!epartIsReg(modrm) && haveF2andF3(pfx))
20419 goto decode_failure;
20420 if (!epartIsReg(modrm) && haveF2orF3(pfx) && !haveLOCK(pfx))
20421 goto decode_failure;
20422 am_sz = lengthAMode(pfx,delta);
20423 d_sz = imin(sz,4);
20424 d64 = getSDisp(d_sz, delta + am_sz);
20425 delta = dis_Grp1 ( vbi, pfx, delta, modrm, am_sz, d_sz, sz, d64 );
20426 return delta;
20427
20428 case 0x83: /* Grp1 Ib,Ev */
20429 if (haveF2orF3(pfx)) goto decode_failure;
20430 modrm = getUChar(delta);
20431 am_sz = lengthAMode(pfx,delta);
20432 d_sz = 1;
20433 d64 = getSDisp8(delta + am_sz);
20434 delta = dis_Grp1 ( vbi, pfx, delta, modrm, am_sz, d_sz, sz, d64 );
20435 return delta;
20436
20437 case 0x84: /* TEST Eb,Gb */
20438 if (haveF2orF3(pfx)) goto decode_failure;
20439 delta = dis_op2_E_G ( vbi, pfx, Iop_And8, WithFlagNone, False,
20440 1, delta, "test" );
20441 return delta;
20442
20443 case 0x85: /* TEST Ev,Gv */
20444 if (haveF2orF3(pfx)) goto decode_failure;
20445 delta = dis_op2_E_G ( vbi, pfx, Iop_And8, WithFlagNone, False,
20446 sz, delta, "test" );
20447 return delta;
20448
20449 /* XCHG reg,mem automatically asserts LOCK# even without a LOCK
20450 prefix. Therefore, generate CAS regardless of the presence or
20451 otherwise of a LOCK prefix. */
20452 case 0x86: /* XCHG Gb,Eb */
20453 sz = 1;
20454 /* Fall through ... */
20455 case 0x87: /* XCHG Gv,Ev */
20456 modrm = getUChar(delta);
20457 /* Check whether F2 or F3 are allowable. For the mem case, one
20458 or the othter but not both are. We don't care about the
20459 presence of LOCK in this case -- XCHG is unusual in this
20460 respect. */
20461 if (haveF2orF3(pfx)) {
20462 if (epartIsReg(modrm)) {
20463 goto decode_failure;
20464 } else {
20465 if (haveF2andF3(pfx))
20466 goto decode_failure;
20467 }
20468 }
20469 ty = szToITy(sz);
20470 t1 = newTemp(ty); t2 = newTemp(ty);
20471 if (epartIsReg(modrm)) {
20472 assign(t1, getIRegE(sz, pfx, modrm));
20473 assign(t2, getIRegG(sz, pfx, modrm));
20474 putIRegG(sz, pfx, modrm, mkexpr(t1));
20475 putIRegE(sz, pfx, modrm, mkexpr(t2));
20476 delta++;
20477 DIP("xchg%c %s, %s\n",
20478 nameISize(sz), nameIRegG(sz, pfx, modrm),
20479 nameIRegE(sz, pfx, modrm));
20480 } else {
20481 *expect_CAS = True;
20482 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
20483 assign( t1, loadLE(ty, mkexpr(addr)) );
20484 assign( t2, getIRegG(sz, pfx, modrm) );
20485 casLE( mkexpr(addr),
20486 mkexpr(t1), mkexpr(t2), guest_RIP_curr_instr );
20487 putIRegG( sz, pfx, modrm, mkexpr(t1) );
20488 delta += alen;
20489 DIP("xchg%c %s, %s\n", nameISize(sz),
20490 nameIRegG(sz, pfx, modrm), dis_buf);
20491 }
20492 return delta;
20493
20494 case 0x88: { /* MOV Gb,Eb */
20495 /* We let dis_mov_G_E decide whether F3(XRELEASE) is allowable. */
20496 Bool ok = True;
20497 delta = dis_mov_G_E(vbi, pfx, 1, delta, &ok);
20498 if (!ok) goto decode_failure;
20499 return delta;
20500 }
20501
20502 case 0x89: { /* MOV Gv,Ev */
20503 /* We let dis_mov_G_E decide whether F3(XRELEASE) is allowable. */
20504 Bool ok = True;
20505 delta = dis_mov_G_E(vbi, pfx, sz, delta, &ok);
20506 if (!ok) goto decode_failure;
20507 return delta;
20508 }
20509
20510 case 0x8A: /* MOV Eb,Gb */
20511 if (haveF2orF3(pfx)) goto decode_failure;
20512 delta = dis_mov_E_G(vbi, pfx, 1, delta);
20513 return delta;
20514
20515 case 0x8B: /* MOV Ev,Gv */
20516 if (haveF2orF3(pfx)) goto decode_failure;
20517 delta = dis_mov_E_G(vbi, pfx, sz, delta);
20518 return delta;
20519
20520 case 0x8C: /* MOV S,E -- MOV from a SEGMENT REGISTER */
20521 if (haveF2orF3(pfx)) goto decode_failure;
20522 delta = dis_mov_S_E(vbi, pfx, sz, delta);
20523 return delta;
20524
20525 case 0x8D: /* LEA M,Gv */
20526 if (haveF2orF3(pfx)) goto decode_failure;
20527 if (sz != 4 && sz != 8)
20528 goto decode_failure;
20529 modrm = getUChar(delta);
20530 if (epartIsReg(modrm))
20531 goto decode_failure;
20532 /* NOTE! this is the one place where a segment override prefix
20533 has no effect on the address calculation. Therefore we clear
20534 any segment override bits in pfx. */
20535 addr = disAMode ( &alen, vbi, clearSegBits(pfx), delta, dis_buf, 0 );
20536 delta += alen;
20537 /* This is a hack. But it isn't clear that really doing the
20538 calculation at 32 bits is really worth it. Hence for leal,
20539 do the full 64-bit calculation and then truncate it. */
20540 putIRegG( sz, pfx, modrm,
20541 sz == 4
20542 ? unop(Iop_64to32, mkexpr(addr))
20543 : mkexpr(addr)
20544 );
20545 DIP("lea%c %s, %s\n", nameISize(sz), dis_buf,
20546 nameIRegG(sz,pfx,modrm));
20547 return delta;
20548
20549 case 0x8F: { /* POPQ m64 / POPW m16 */
20550 Int len;
20551 UChar rm;
20552 /* There is no encoding for 32-bit pop in 64-bit mode.
20553 So sz==4 actually means sz==8. */
20554 if (haveF2orF3(pfx)) goto decode_failure;
20555 vassert(sz == 2 || sz == 4
20556 || /* tolerate redundant REX.W, see #210481 */ sz == 8);
20557 if (sz == 4) sz = 8;
20558 if (sz != 8) goto decode_failure; // until we know a sz==2 test case exists
20559
20560 rm = getUChar(delta);
20561
20562 /* make sure this instruction is correct POP */
20563 if (epartIsReg(rm) || gregLO3ofRM(rm) != 0)
20564 goto decode_failure;
20565 /* and has correct size */
20566 vassert(sz == 8);
20567
20568 t1 = newTemp(Ity_I64);
20569 t3 = newTemp(Ity_I64);
20570 assign( t1, getIReg64(R_RSP) );
20571 assign( t3, loadLE(Ity_I64, mkexpr(t1)) );
20572
20573 /* Increase RSP; must be done before the STORE. Intel manual
20574 says: If the RSP register is used as a base register for
20575 addressing a destination operand in memory, the POP
20576 instruction computes the effective address of the operand
20577 after it increments the RSP register. */
20578 putIReg64(R_RSP, binop(Iop_Add64, mkexpr(t1), mkU64(sz)) );
20579
20580 addr = disAMode ( &len, vbi, pfx, delta, dis_buf, 0 );
20581 storeLE( mkexpr(addr), mkexpr(t3) );
20582
20583 DIP("popl %s\n", dis_buf);
20584
20585 delta += len;
20586 return delta;
20587 }
20588
20589 case 0x90: /* XCHG eAX,eAX */
20590 /* detect and handle F3 90 (rep nop) specially */
20591 if (!have66(pfx) && !haveF2(pfx) && haveF3(pfx)) {
20592 DIP("rep nop (P4 pause)\n");
20593 /* "observe" the hint. The Vex client needs to be careful not
20594 to cause very long delays as a result, though. */
20595 jmp_lit(dres, Ijk_Yield, guest_RIP_bbstart+delta);
20596 vassert(dres->whatNext == Dis_StopHere);
20597 return delta;
20598 }
20599 /* detect and handle NOPs specially */
20600 if (/* F2/F3 probably change meaning completely */
20601 !haveF2orF3(pfx)
20602 /* If REX.B is 1, we're not exchanging rAX with itself */
20603 && getRexB(pfx)==0 ) {
20604 DIP("nop\n");
20605 return delta;
20606 }
20607 /* else fall through to normal case. */
20608 case 0x91: /* XCHG rAX,rCX */
20609 case 0x92: /* XCHG rAX,rDX */
20610 case 0x93: /* XCHG rAX,rBX */
20611 case 0x94: /* XCHG rAX,rSP */
20612 case 0x95: /* XCHG rAX,rBP */
20613 case 0x96: /* XCHG rAX,rSI */
20614 case 0x97: /* XCHG rAX,rDI */
20615 /* guard against mutancy */
20616 if (haveF2orF3(pfx)) goto decode_failure;
20617 codegen_xchg_rAX_Reg ( pfx, sz, opc - 0x90 );
20618 return delta;
20619
20620 case 0x98: /* CBW */
20621 if (haveF2orF3(pfx)) goto decode_failure;
20622 if (sz == 8) {
20623 putIRegRAX( 8, unop(Iop_32Sto64, getIRegRAX(4)) );
20624 DIP(/*"cdqe\n"*/"cltq");
20625 return delta;
20626 }
20627 if (sz == 4) {
20628 putIRegRAX( 4, unop(Iop_16Sto32, getIRegRAX(2)) );
20629 DIP("cwtl\n");
20630 return delta;
20631 }
20632 if (sz == 2) {
20633 putIRegRAX( 2, unop(Iop_8Sto16, getIRegRAX(1)) );
20634 DIP("cbw\n");
20635 return delta;
20636 }
20637 goto decode_failure;
20638
20639 case 0x99: /* CWD/CDQ/CQO */
20640 if (haveF2orF3(pfx)) goto decode_failure;
20641 vassert(sz == 2 || sz == 4 || sz == 8);
20642 ty = szToITy(sz);
20643 putIRegRDX( sz,
20644 binop(mkSizedOp(ty,Iop_Sar8),
20645 getIRegRAX(sz),
20646 mkU8(sz == 2 ? 15 : (sz == 4 ? 31 : 63))) );
20647 DIP(sz == 2 ? "cwd\n"
20648 : (sz == 4 ? /*"cdq\n"*/ "cltd\n"
20649 : "cqo\n"));
20650 return delta;
20651
20652 case 0x9B: /* FWAIT (X87 insn) */
20653 /* ignore? */
20654 DIP("fwait\n");
20655 return delta;
20656
20657 case 0x9C: /* PUSHF */ {
20658 /* Note. There is no encoding for a 32-bit pushf in 64-bit
20659 mode. So sz==4 actually means sz==8. */
20660 /* 24 July 06: has also been seen with a redundant REX prefix,
20661 so must also allow sz==8. */
20662 if (haveF2orF3(pfx)) goto decode_failure;
20663 vassert(sz == 2 || sz == 4 || sz == 8);
20664 if (sz == 4) sz = 8;
20665 if (sz != 8) goto decode_failure; // until we know a sz==2 test case exists
20666
20667 t1 = newTemp(Ity_I64);
20668 assign( t1, binop(Iop_Sub64,getIReg64(R_RSP),mkU64(sz)) );
20669 putIReg64(R_RSP, mkexpr(t1) );
20670
20671 t2 = newTemp(Ity_I64);
20672 assign( t2, mk_amd64g_calculate_rflags_all() );
20673
20674 /* Patch in the D flag. This can simply be a copy of bit 10 of
20675 baseBlock[OFFB_DFLAG]. */
20676 t3 = newTemp(Ity_I64);
20677 assign( t3, binop(Iop_Or64,
20678 mkexpr(t2),
20679 binop(Iop_And64,
20680 IRExpr_Get(OFFB_DFLAG,Ity_I64),
20681 mkU64(1<<10)))
20682 );
20683
20684 /* And patch in the ID flag. */
20685 t4 = newTemp(Ity_I64);
20686 assign( t4, binop(Iop_Or64,
20687 mkexpr(t3),
20688 binop(Iop_And64,
20689 binop(Iop_Shl64, IRExpr_Get(OFFB_IDFLAG,Ity_I64),
20690 mkU8(21)),
20691 mkU64(1<<21)))
20692 );
20693
20694 /* And patch in the AC flag too. */
20695 t5 = newTemp(Ity_I64);
20696 assign( t5, binop(Iop_Or64,
20697 mkexpr(t4),
20698 binop(Iop_And64,
20699 binop(Iop_Shl64, IRExpr_Get(OFFB_ACFLAG,Ity_I64),
20700 mkU8(18)),
20701 mkU64(1<<18)))
20702 );
20703
20704 /* if sz==2, the stored value needs to be narrowed. */
20705 if (sz == 2)
20706 storeLE( mkexpr(t1), unop(Iop_32to16,
20707 unop(Iop_64to32,mkexpr(t5))) );
20708 else
20709 storeLE( mkexpr(t1), mkexpr(t5) );
20710
20711 DIP("pushf%c\n", nameISize(sz));
20712 return delta;
20713 }
20714
20715 case 0x9D: /* POPF */
20716 /* Note. There is no encoding for a 32-bit popf in 64-bit mode.
20717 So sz==4 actually means sz==8. */
20718 if (haveF2orF3(pfx)) goto decode_failure;
20719 vassert(sz == 2 || sz == 4);
20720 if (sz == 4) sz = 8;
20721 if (sz != 8) goto decode_failure; // until we know a sz==2 test case exists
20722 t1 = newTemp(Ity_I64); t2 = newTemp(Ity_I64);
20723 assign(t2, getIReg64(R_RSP));
20724 assign(t1, widenUto64(loadLE(szToITy(sz),mkexpr(t2))));
20725 putIReg64(R_RSP, binop(Iop_Add64, mkexpr(t2), mkU64(sz)));
20726 /* t1 is the flag word. Mask out everything except OSZACP and
20727 set the flags thunk to AMD64G_CC_OP_COPY. */
20728 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
20729 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
20730 stmt( IRStmt_Put( OFFB_CC_DEP1,
20731 binop(Iop_And64,
20732 mkexpr(t1),
20733 mkU64( AMD64G_CC_MASK_C | AMD64G_CC_MASK_P
20734 | AMD64G_CC_MASK_A | AMD64G_CC_MASK_Z
20735 | AMD64G_CC_MASK_S| AMD64G_CC_MASK_O )
20736 )
20737 )
20738 );
20739
20740 /* Also need to set the D flag, which is held in bit 10 of t1.
20741 If zero, put 1 in OFFB_DFLAG, else -1 in OFFB_DFLAG. */
20742 stmt( IRStmt_Put(
20743 OFFB_DFLAG,
20744 IRExpr_ITE(
20745 unop(Iop_64to1,
20746 binop(Iop_And64,
20747 binop(Iop_Shr64, mkexpr(t1), mkU8(10)),
20748 mkU64(1))),
20749 mkU64(0xFFFFFFFFFFFFFFFFULL),
20750 mkU64(1)))
20751 );
20752
20753 /* And set the ID flag */
20754 stmt( IRStmt_Put(
20755 OFFB_IDFLAG,
20756 IRExpr_ITE(
20757 unop(Iop_64to1,
20758 binop(Iop_And64,
20759 binop(Iop_Shr64, mkexpr(t1), mkU8(21)),
20760 mkU64(1))),
20761 mkU64(1),
20762 mkU64(0)))
20763 );
20764
20765 /* And set the AC flag too */
20766 stmt( IRStmt_Put(
20767 OFFB_ACFLAG,
20768 IRExpr_ITE(
20769 unop(Iop_64to1,
20770 binop(Iop_And64,
20771 binop(Iop_Shr64, mkexpr(t1), mkU8(18)),
20772 mkU64(1))),
20773 mkU64(1),
20774 mkU64(0)))
20775 );
20776
20777 DIP("popf%c\n", nameISize(sz));
20778 return delta;
20779
20780 case 0x9E: /* SAHF */
20781 codegen_SAHF();
20782 DIP("sahf\n");
20783 return delta;
20784
20785 case 0x9F: /* LAHF */
20786 codegen_LAHF();
20787 DIP("lahf\n");
20788 return delta;
20789
20790 case 0xA0: /* MOV Ob,AL */
20791 if (have66orF2orF3(pfx)) goto decode_failure;
20792 sz = 1;
20793 /* Fall through ... */
20794 case 0xA1: /* MOV Ov,eAX */
20795 if (sz != 8 && sz != 4 && sz != 2 && sz != 1)
20796 goto decode_failure;
20797 d64 = getDisp64(delta);
20798 delta += 8;
20799 ty = szToITy(sz);
20800 addr = newTemp(Ity_I64);
20801 assign( addr, handleAddrOverrides(vbi, pfx, mkU64(d64)) );
20802 putIRegRAX(sz, loadLE( ty, mkexpr(addr) ));
20803 DIP("mov%c %s0x%llx, %s\n", nameISize(sz),
20804 segRegTxt(pfx), (ULong)d64,
20805 nameIRegRAX(sz));
20806 return delta;
20807
20808 case 0xA2: /* MOV AL,Ob */
20809 if (have66orF2orF3(pfx)) goto decode_failure;
20810 sz = 1;
20811 /* Fall through ... */
20812 case 0xA3: /* MOV eAX,Ov */
20813 if (sz != 8 && sz != 4 && sz != 2 && sz != 1)
20814 goto decode_failure;
20815 d64 = getDisp64(delta);
20816 delta += 8;
20817 ty = szToITy(sz);
20818 addr = newTemp(Ity_I64);
20819 assign( addr, handleAddrOverrides(vbi, pfx, mkU64(d64)) );
20820 storeLE( mkexpr(addr), getIRegRAX(sz) );
20821 DIP("mov%c %s, %s0x%llx\n", nameISize(sz), nameIRegRAX(sz),
20822 segRegTxt(pfx), (ULong)d64);
20823 return delta;
20824
20825 case 0xA4:
20826 case 0xA5:
20827 /* F3 A4: rep movsb */
20828 if (haveF3(pfx) && !haveF2(pfx)) {
20829 if (opc == 0xA4)
20830 sz = 1;
20831 dis_REP_op ( dres, AMD64CondAlways, dis_MOVS, sz,
20832 guest_RIP_curr_instr,
20833 guest_RIP_bbstart+delta, "rep movs", pfx );
20834 dres->whatNext = Dis_StopHere;
20835 return delta;
20836 }
20837 /* A4: movsb */
20838 if (!haveF3(pfx) && !haveF2(pfx)) {
20839 if (opc == 0xA4)
20840 sz = 1;
20841 dis_string_op( dis_MOVS, sz, "movs", pfx );
20842 return delta;
20843 }
20844 goto decode_failure;
20845
20846 case 0xA6:
20847 case 0xA7:
20848 /* F3 A6/A7: repe cmps/rep cmps{w,l,q} */
20849 if (haveF3(pfx) && !haveF2(pfx)) {
20850 if (opc == 0xA6)
20851 sz = 1;
20852 dis_REP_op ( dres, AMD64CondZ, dis_CMPS, sz,
20853 guest_RIP_curr_instr,
20854 guest_RIP_bbstart+delta, "repe cmps", pfx );
20855 dres->whatNext = Dis_StopHere;
20856 return delta;
20857 }
20858 goto decode_failure;
20859
20860 case 0xAA:
20861 case 0xAB:
20862 /* F3 AA/AB: rep stosb/rep stos{w,l,q} */
20863 if (haveF3(pfx) && !haveF2(pfx)) {
20864 if (opc == 0xAA)
20865 sz = 1;
20866 dis_REP_op ( dres, AMD64CondAlways, dis_STOS, sz,
20867 guest_RIP_curr_instr,
20868 guest_RIP_bbstart+delta, "rep stos", pfx );
20869 vassert(dres->whatNext == Dis_StopHere);
20870 return delta;
20871 }
20872 /* AA/AB: stosb/stos{w,l,q} */
20873 if (!haveF3(pfx) && !haveF2(pfx)) {
20874 if (opc == 0xAA)
20875 sz = 1;
20876 dis_string_op( dis_STOS, sz, "stos", pfx );
20877 return delta;
20878 }
20879 goto decode_failure;
20880
20881 case 0xA8: /* TEST Ib, AL */
20882 if (haveF2orF3(pfx)) goto decode_failure;
20883 delta = dis_op_imm_A( 1, False, Iop_And8, False, delta, "test" );
20884 return delta;
20885 case 0xA9: /* TEST Iv, eAX */
20886 if (haveF2orF3(pfx)) goto decode_failure;
20887 delta = dis_op_imm_A( sz, False, Iop_And8, False, delta, "test" );
20888 return delta;
20889
20890 case 0xAC: /* LODS, no REP prefix */
20891 case 0xAD:
20892 dis_string_op( dis_LODS, ( opc == 0xAC ? 1 : sz ), "lods", pfx );
20893 return delta;
20894
20895 case 0xAE:
20896 case 0xAF:
20897 /* F2 AE/AF: repne scasb/repne scas{w,l,q} */
20898 if (haveF2(pfx) && !haveF3(pfx)) {
20899 if (opc == 0xAE)
20900 sz = 1;
20901 dis_REP_op ( dres, AMD64CondNZ, dis_SCAS, sz,
20902 guest_RIP_curr_instr,
20903 guest_RIP_bbstart+delta, "repne scas", pfx );
20904 vassert(dres->whatNext == Dis_StopHere);
20905 return delta;
20906 }
20907 /* F3 AE/AF: repe scasb/repe scas{w,l,q} */
20908 if (!haveF2(pfx) && haveF3(pfx)) {
20909 if (opc == 0xAE)
20910 sz = 1;
20911 dis_REP_op ( dres, AMD64CondZ, dis_SCAS, sz,
20912 guest_RIP_curr_instr,
20913 guest_RIP_bbstart+delta, "repe scas", pfx );
20914 vassert(dres->whatNext == Dis_StopHere);
20915 return delta;
20916 }
20917 /* AE/AF: scasb/scas{w,l,q} */
20918 if (!haveF2(pfx) && !haveF3(pfx)) {
20919 if (opc == 0xAE)
20920 sz = 1;
20921 dis_string_op( dis_SCAS, sz, "scas", pfx );
20922 return delta;
20923 }
20924 goto decode_failure;
20925
20926 /* XXXX be careful here with moves to AH/BH/CH/DH */
20927 case 0xB0: /* MOV imm,AL */
20928 case 0xB1: /* MOV imm,CL */
20929 case 0xB2: /* MOV imm,DL */
20930 case 0xB3: /* MOV imm,BL */
20931 case 0xB4: /* MOV imm,AH */
20932 case 0xB5: /* MOV imm,CH */
20933 case 0xB6: /* MOV imm,DH */
20934 case 0xB7: /* MOV imm,BH */
20935 if (haveF2orF3(pfx)) goto decode_failure;
20936 d64 = getUChar(delta);
20937 delta += 1;
20938 putIRegRexB(1, pfx, opc-0xB0, mkU8(d64));
20939 DIP("movb $%lld,%s\n", d64, nameIRegRexB(1,pfx,opc-0xB0));
20940 return delta;
20941
20942 case 0xB8: /* MOV imm,eAX */
20943 case 0xB9: /* MOV imm,eCX */
20944 case 0xBA: /* MOV imm,eDX */
20945 case 0xBB: /* MOV imm,eBX */
20946 case 0xBC: /* MOV imm,eSP */
20947 case 0xBD: /* MOV imm,eBP */
20948 case 0xBE: /* MOV imm,eSI */
20949 case 0xBF: /* MOV imm,eDI */
20950 /* This is the one-and-only place where 64-bit literals are
20951 allowed in the instruction stream. */
20952 if (haveF2orF3(pfx)) goto decode_failure;
20953 if (sz == 8) {
20954 d64 = getDisp64(delta);
20955 delta += 8;
20956 putIRegRexB(8, pfx, opc-0xB8, mkU64(d64));
20957 DIP("movabsq $%lld,%s\n", (Long)d64,
20958 nameIRegRexB(8,pfx,opc-0xB8));
20959 } else {
20960 d64 = getSDisp(imin(4,sz),delta);
20961 delta += imin(4,sz);
20962 putIRegRexB(sz, pfx, opc-0xB8,
20963 mkU(szToITy(sz), d64 & mkSizeMask(sz)));
20964 DIP("mov%c $%lld,%s\n", nameISize(sz),
20965 (Long)d64,
20966 nameIRegRexB(sz,pfx,opc-0xB8));
20967 }
20968 return delta;
20969
20970 case 0xC0: { /* Grp2 Ib,Eb */
20971 Bool decode_OK = True;
20972 if (haveF2orF3(pfx)) goto decode_failure;
20973 modrm = getUChar(delta);
20974 am_sz = lengthAMode(pfx,delta);
20975 d_sz = 1;
20976 d64 = getUChar(delta + am_sz);
20977 sz = 1;
20978 delta = dis_Grp2 ( vbi, pfx, delta, modrm, am_sz, d_sz, sz,
20979 mkU8(d64 & 0xFF), NULL, &decode_OK );
20980 if (!decode_OK) goto decode_failure;
20981 return delta;
20982 }
20983
20984 case 0xC1: { /* Grp2 Ib,Ev */
20985 Bool decode_OK = True;
20986 if (haveF2orF3(pfx)) goto decode_failure;
20987 modrm = getUChar(delta);
20988 am_sz = lengthAMode(pfx,delta);
20989 d_sz = 1;
20990 d64 = getUChar(delta + am_sz);
20991 delta = dis_Grp2 ( vbi, pfx, delta, modrm, am_sz, d_sz, sz,
20992 mkU8(d64 & 0xFF), NULL, &decode_OK );
20993 if (!decode_OK) goto decode_failure;
20994 return delta;
20995 }
20996
20997 case 0xC2: /* RET imm16 */
20998 if (have66orF3(pfx)) goto decode_failure;
20999 if (haveF2(pfx)) DIP("bnd ; "); /* MPX bnd prefix. */
21000 d64 = getUDisp16(delta);
21001 delta += 2;
21002 dis_ret(dres, vbi, d64);
21003 DIP("ret $%lld\n", d64);
21004 return delta;
21005
21006 case 0xC3: /* RET */
21007 if (have66(pfx)) goto decode_failure;
21008 /* F3 is acceptable on AMD. */
21009 if (haveF2(pfx)) DIP("bnd ; "); /* MPX bnd prefix. */
21010 dis_ret(dres, vbi, 0);
21011 DIP(haveF3(pfx) ? "rep ; ret\n" : "ret\n");
21012 return delta;
21013
21014 case 0xC6: /* C6 /0 = MOV Ib,Eb */
21015 sz = 1;
21016 goto maybe_do_Mov_I_E;
21017 case 0xC7: /* C7 /0 = MOV Iv,Ev */
21018 goto maybe_do_Mov_I_E;
21019 maybe_do_Mov_I_E:
21020 modrm = getUChar(delta);
21021 if (gregLO3ofRM(modrm) == 0) {
21022 if (epartIsReg(modrm)) {
21023 /* Neither F2 nor F3 are allowable. */
21024 if (haveF2orF3(pfx)) goto decode_failure;
21025 delta++; /* mod/rm byte */
21026 d64 = getSDisp(imin(4,sz),delta);
21027 delta += imin(4,sz);
21028 putIRegE(sz, pfx, modrm,
21029 mkU(szToITy(sz), d64 & mkSizeMask(sz)));
21030 DIP("mov%c $%lld, %s\n", nameISize(sz),
21031 (Long)d64,
21032 nameIRegE(sz,pfx,modrm));
21033 } else {
21034 if (haveF2(pfx)) goto decode_failure;
21035 /* F3(XRELEASE) is allowable here */
21036 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf,
21037 /*xtra*/imin(4,sz) );
21038 delta += alen;
21039 d64 = getSDisp(imin(4,sz),delta);
21040 delta += imin(4,sz);
21041 storeLE(mkexpr(addr),
21042 mkU(szToITy(sz), d64 & mkSizeMask(sz)));
21043 DIP("mov%c $%lld, %s\n", nameISize(sz), (Long)d64, dis_buf);
21044 }
21045 return delta;
21046 }
21047 /* BEGIN HACKY SUPPORT FOR xbegin */
21048 if (opc == 0xC7 && modrm == 0xF8 && !have66orF2orF3(pfx) && sz == 4
21049 && (archinfo->hwcaps & VEX_HWCAPS_AMD64_AVX)) {
21050 delta++; /* mod/rm byte */
21051 d64 = getSDisp(4,delta);
21052 delta += 4;
21053 guest_RIP_next_mustcheck = True;
21054 guest_RIP_next_assumed = guest_RIP_bbstart + delta;
21055 Addr64 failAddr = guest_RIP_bbstart + delta + d64;
21056 /* EAX contains the failure status code. Bit 3 is "Set if an
21057 internal buffer overflowed", which seems like the
21058 least-bogus choice we can make here. */
21059 putIRegRAX(4, mkU32(1<<3));
21060 /* And jump to the fail address. */
21061 jmp_lit(dres, Ijk_Boring, failAddr);
21062 vassert(dres->whatNext == Dis_StopHere);
21063 DIP("xbeginq 0x%llx\n", failAddr);
21064 return delta;
21065 }
21066 /* END HACKY SUPPORT FOR xbegin */
21067 /* BEGIN HACKY SUPPORT FOR xabort */
21068 if (opc == 0xC6 && modrm == 0xF8 && !have66orF2orF3(pfx) && sz == 1
21069 && (archinfo->hwcaps & VEX_HWCAPS_AMD64_AVX)) {
21070 delta++; /* mod/rm byte */
21071 abyte = getUChar(delta); delta++;
21072 /* There is never a real transaction in progress, so do nothing. */
21073 DIP("xabort $%d", (Int)abyte);
21074 return delta;
21075 }
21076 /* END HACKY SUPPORT FOR xabort */
21077 goto decode_failure;
21078
21079 case 0xC8: /* ENTER */
21080 /* Same comments re operand size as for LEAVE below apply.
21081 Also, only handles the case "enter $imm16, $0"; other cases
21082 for the second operand (nesting depth) are not handled. */
21083 if (sz != 4)
21084 goto decode_failure;
21085 d64 = getUDisp16(delta);
21086 delta += 2;
21087 vassert(d64 >= 0 && d64 <= 0xFFFF);
21088 if (getUChar(delta) != 0)
21089 goto decode_failure;
21090 delta++;
21091 /* Intel docs seem to suggest:
21092 push rbp
21093 temp = rsp
21094 rbp = temp
21095 rsp = rsp - imm16
21096 */
21097 t1 = newTemp(Ity_I64);
21098 assign(t1, getIReg64(R_RBP));
21099 t2 = newTemp(Ity_I64);
21100 assign(t2, binop(Iop_Sub64, getIReg64(R_RSP), mkU64(8)));
21101 putIReg64(R_RSP, mkexpr(t2));
21102 storeLE(mkexpr(t2), mkexpr(t1));
21103 putIReg64(R_RBP, mkexpr(t2));
21104 if (d64 > 0) {
21105 putIReg64(R_RSP, binop(Iop_Sub64, mkexpr(t2), mkU64(d64)));
21106 }
21107 DIP("enter $%u, $0\n", (UInt)d64);
21108 return delta;
21109
21110 case 0xC9: /* LEAVE */
21111 /* In 64-bit mode this defaults to a 64-bit operand size. There
21112 is no way to encode a 32-bit variant. Hence sz==4 but we do
21113 it as if sz=8. */
21114 if (sz != 4)
21115 goto decode_failure;
21116 t1 = newTemp(Ity_I64);
21117 t2 = newTemp(Ity_I64);
21118 assign(t1, getIReg64(R_RBP));
21119 /* First PUT RSP looks redundant, but need it because RSP must
21120 always be up-to-date for Memcheck to work... */
21121 putIReg64(R_RSP, mkexpr(t1));
21122 assign(t2, loadLE(Ity_I64,mkexpr(t1)));
21123 putIReg64(R_RBP, mkexpr(t2));
21124 putIReg64(R_RSP, binop(Iop_Add64, mkexpr(t1), mkU64(8)) );
21125 DIP("leave\n");
21126 return delta;
21127
21128 case 0xCC: /* INT 3 */
21129 jmp_lit(dres, Ijk_SigTRAP, guest_RIP_bbstart + delta);
21130 vassert(dres->whatNext == Dis_StopHere);
21131 DIP("int $0x3\n");
21132 return delta;
21133
21134 case 0xCD: /* INT imm8 */
21135 d64 = getUChar(delta); delta++;
21136
21137 /* Handle int $0xD2 (Solaris fasttrap syscalls). */
21138 if (d64 == 0xD2) {
21139 jmp_lit(dres, Ijk_Sys_int210, guest_RIP_bbstart + delta);
21140 vassert(dres->whatNext == Dis_StopHere);
21141 DIP("int $0xD2\n");
21142 return delta;
21143 }
21144 goto decode_failure;
21145
21146 case 0xD0: { /* Grp2 1,Eb */
21147 Bool decode_OK = True;
21148 if (haveF2orF3(pfx)) goto decode_failure;
21149 modrm = getUChar(delta);
21150 am_sz = lengthAMode(pfx,delta);
21151 d_sz = 0;
21152 d64 = 1;
21153 sz = 1;
21154 delta = dis_Grp2 ( vbi, pfx, delta, modrm, am_sz, d_sz, sz,
21155 mkU8(d64), NULL, &decode_OK );
21156 if (!decode_OK) goto decode_failure;
21157 return delta;
21158 }
21159
21160 case 0xD1: { /* Grp2 1,Ev */
21161 Bool decode_OK = True;
21162 if (haveF2orF3(pfx)) goto decode_failure;
21163 modrm = getUChar(delta);
21164 am_sz = lengthAMode(pfx,delta);
21165 d_sz = 0;
21166 d64 = 1;
21167 delta = dis_Grp2 ( vbi, pfx, delta, modrm, am_sz, d_sz, sz,
21168 mkU8(d64), NULL, &decode_OK );
21169 if (!decode_OK) goto decode_failure;
21170 return delta;
21171 }
21172
21173 case 0xD2: { /* Grp2 CL,Eb */
21174 Bool decode_OK = True;
21175 if (haveF2orF3(pfx)) goto decode_failure;
21176 modrm = getUChar(delta);
21177 am_sz = lengthAMode(pfx,delta);
21178 d_sz = 0;
21179 sz = 1;
21180 delta = dis_Grp2 ( vbi, pfx, delta, modrm, am_sz, d_sz, sz,
21181 getIRegCL(), "%cl", &decode_OK );
21182 if (!decode_OK) goto decode_failure;
21183 return delta;
21184 }
21185
21186 case 0xD3: { /* Grp2 CL,Ev */
21187 Bool decode_OK = True;
21188 if (haveF2orF3(pfx)) goto decode_failure;
21189 modrm = getUChar(delta);
21190 am_sz = lengthAMode(pfx,delta);
21191 d_sz = 0;
21192 delta = dis_Grp2 ( vbi, pfx, delta, modrm, am_sz, d_sz, sz,
21193 getIRegCL(), "%cl", &decode_OK );
21194 if (!decode_OK) goto decode_failure;
21195 return delta;
21196 }
21197
21198 case 0xD8: /* X87 instructions */
21199 case 0xD9:
21200 case 0xDA:
21201 case 0xDB:
21202 case 0xDC:
21203 case 0xDD:
21204 case 0xDE:
21205 case 0xDF: {
21206 Bool redundantREXWok = False;
21207
21208 if (haveF2orF3(pfx))
21209 goto decode_failure;
21210
21211 /* kludge to tolerate redundant rex.w prefixes (should do this
21212 properly one day) */
21213 /* mono 1.1.18.1 produces 48 D9 FA, which is rex.w fsqrt */
21214 if ( (opc == 0xD9 && getUChar(delta+0) == 0xFA)/*fsqrt*/ )
21215 redundantREXWok = True;
21216
21217 Bool size_OK = False;
21218 if ( sz == 4 )
21219 size_OK = True;
21220 else if ( sz == 8 )
21221 size_OK = redundantREXWok;
21222 else if ( sz == 2 ) {
21223 int mod_rm = getUChar(delta+0);
21224 int reg = gregLO3ofRM(mod_rm);
21225 /* The HotSpot JVM uses these */
21226 if ( (opc == 0xDD) && (reg == 0 /* FLDL */ ||
21227 reg == 4 /* FNSAVE */ ||
21228 reg == 6 /* FRSTOR */ ) )
21229 size_OK = True;
21230 }
21231 /* AMD manual says 0x66 size override is ignored, except where
21232 it is meaningful */
21233 if (!size_OK)
21234 goto decode_failure;
21235
21236 Bool decode_OK = False;
21237 delta = dis_FPU ( &decode_OK, vbi, pfx, delta );
21238 if (!decode_OK)
21239 goto decode_failure;
21240
21241 return delta;
21242 }
21243
21244 case 0xE0: /* LOOPNE disp8: decrement count, jump if count != 0 && ZF==0 */
21245 case 0xE1: /* LOOPE disp8: decrement count, jump if count != 0 && ZF==1 */
21246 case 0xE2: /* LOOP disp8: decrement count, jump if count != 0 */
21247 { /* The docs say this uses rCX as a count depending on the
21248 address size override, not the operand one. */
21249 IRExpr* zbit = NULL;
21250 IRExpr* count = NULL;
21251 IRExpr* cond = NULL;
21252 const HChar* xtra = NULL;
21253
21254 if (have66orF2orF3(pfx) || 1==getRexW(pfx)) goto decode_failure;
21255 /* So at this point we've rejected any variants which appear to
21256 be governed by the usual operand-size modifiers. Hence only
21257 the address size prefix can have an effect. It changes the
21258 size from 64 (default) to 32. */
21259 d64 = guest_RIP_bbstart+delta+1 + getSDisp8(delta);
21260 delta++;
21261 if (haveASO(pfx)) {
21262 /* 64to32 of 64-bit get is merely a get-put improvement
21263 trick. */
21264 putIReg32(R_RCX, binop(Iop_Sub32,
21265 unop(Iop_64to32, getIReg64(R_RCX)),
21266 mkU32(1)));
21267 } else {
21268 putIReg64(R_RCX, binop(Iop_Sub64, getIReg64(R_RCX), mkU64(1)));
21269 }
21270
21271 /* This is correct, both for 32- and 64-bit versions. If we're
21272 doing a 32-bit dec and the result is zero then the default
21273 zero extension rule will cause the upper 32 bits to be zero
21274 too. Hence a 64-bit check against zero is OK. */
21275 count = getIReg64(R_RCX);
21276 cond = binop(Iop_CmpNE64, count, mkU64(0));
21277 switch (opc) {
21278 case 0xE2:
21279 xtra = "";
21280 break;
21281 case 0xE1:
21282 xtra = "e";
21283 zbit = mk_amd64g_calculate_condition( AMD64CondZ );
21284 cond = mkAnd1(cond, zbit);
21285 break;
21286 case 0xE0:
21287 xtra = "ne";
21288 zbit = mk_amd64g_calculate_condition( AMD64CondNZ );
21289 cond = mkAnd1(cond, zbit);
21290 break;
21291 default:
21292 vassert(0);
21293 }
21294 stmt( IRStmt_Exit(cond, Ijk_Boring, IRConst_U64(d64), OFFB_RIP) );
21295
21296 DIP("loop%s%s 0x%llx\n", xtra, haveASO(pfx) ? "l" : "", (ULong)d64);
21297 return delta;
21298 }
21299
21300 case 0xE3:
21301 /* JRCXZ or JECXZ, depending address size override. */
21302 if (have66orF2orF3(pfx)) goto decode_failure;
21303 d64 = (guest_RIP_bbstart+delta+1) + getSDisp8(delta);
21304 delta++;
21305 if (haveASO(pfx)) {
21306 /* 32-bit */
21307 stmt( IRStmt_Exit( binop(Iop_CmpEQ64,
21308 unop(Iop_32Uto64, getIReg32(R_RCX)),
21309 mkU64(0)),
21310 Ijk_Boring,
21311 IRConst_U64(d64),
21312 OFFB_RIP
21313 ));
21314 DIP("jecxz 0x%llx\n", (ULong)d64);
21315 } else {
21316 /* 64-bit */
21317 stmt( IRStmt_Exit( binop(Iop_CmpEQ64,
21318 getIReg64(R_RCX),
21319 mkU64(0)),
21320 Ijk_Boring,
21321 IRConst_U64(d64),
21322 OFFB_RIP
21323 ));
21324 DIP("jrcxz 0x%llx\n", (ULong)d64);
21325 }
21326 return delta;
21327
21328 case 0xE4: /* IN imm8, AL */
21329 sz = 1;
21330 t1 = newTemp(Ity_I64);
21331 abyte = getUChar(delta); delta++;
21332 assign(t1, mkU64( abyte & 0xFF ));
21333 DIP("in%c $%d,%s\n", nameISize(sz), (Int)abyte, nameIRegRAX(sz));
21334 goto do_IN;
21335 case 0xE5: /* IN imm8, eAX */
21336 if (!(sz == 2 || sz == 4)) goto decode_failure;
21337 t1 = newTemp(Ity_I64);
21338 abyte = getUChar(delta); delta++;
21339 assign(t1, mkU64( abyte & 0xFF ));
21340 DIP("in%c $%d,%s\n", nameISize(sz), (Int)abyte, nameIRegRAX(sz));
21341 goto do_IN;
21342 case 0xEC: /* IN %DX, AL */
21343 sz = 1;
21344 t1 = newTemp(Ity_I64);
21345 assign(t1, unop(Iop_16Uto64, getIRegRDX(2)));
21346 DIP("in%c %s,%s\n", nameISize(sz), nameIRegRDX(2),
21347 nameIRegRAX(sz));
21348 goto do_IN;
21349 case 0xED: /* IN %DX, eAX */
21350 if (!(sz == 2 || sz == 4)) goto decode_failure;
21351 t1 = newTemp(Ity_I64);
21352 assign(t1, unop(Iop_16Uto64, getIRegRDX(2)));
21353 DIP("in%c %s,%s\n", nameISize(sz), nameIRegRDX(2),
21354 nameIRegRAX(sz));
21355 goto do_IN;
21356 do_IN: {
21357 /* At this point, sz indicates the width, and t1 is a 64-bit
21358 value giving port number. */
21359 IRDirty* d;
21360 if (haveF2orF3(pfx)) goto decode_failure;
21361 vassert(sz == 1 || sz == 2 || sz == 4);
21362 ty = szToITy(sz);
21363 t2 = newTemp(Ity_I64);
21364 d = unsafeIRDirty_1_N(
21365 t2,
21366 0/*regparms*/,
21367 "amd64g_dirtyhelper_IN",
21368 &amd64g_dirtyhelper_IN,
21369 mkIRExprVec_2( mkexpr(t1), mkU64(sz) )
21370 );
21371 /* do the call, dumping the result in t2. */
21372 stmt( IRStmt_Dirty(d) );
21373 putIRegRAX(sz, narrowTo( ty, mkexpr(t2) ) );
21374 return delta;
21375 }
21376
21377 case 0xE6: /* OUT AL, imm8 */
21378 sz = 1;
21379 t1 = newTemp(Ity_I64);
21380 abyte = getUChar(delta); delta++;
21381 assign( t1, mkU64( abyte & 0xFF ) );
21382 DIP("out%c %s,$%d\n", nameISize(sz), nameIRegRAX(sz), (Int)abyte);
21383 goto do_OUT;
21384 case 0xE7: /* OUT eAX, imm8 */
21385 if (!(sz == 2 || sz == 4)) goto decode_failure;
21386 t1 = newTemp(Ity_I64);
21387 abyte = getUChar(delta); delta++;
21388 assign( t1, mkU64( abyte & 0xFF ) );
21389 DIP("out%c %s,$%d\n", nameISize(sz), nameIRegRAX(sz), (Int)abyte);
21390 goto do_OUT;
21391 case 0xEE: /* OUT AL, %DX */
21392 sz = 1;
21393 t1 = newTemp(Ity_I64);
21394 assign( t1, unop(Iop_16Uto64, getIRegRDX(2)) );
21395 DIP("out%c %s,%s\n", nameISize(sz), nameIRegRAX(sz),
21396 nameIRegRDX(2));
21397 goto do_OUT;
21398 case 0xEF: /* OUT eAX, %DX */
21399 if (!(sz == 2 || sz == 4)) goto decode_failure;
21400 t1 = newTemp(Ity_I64);
21401 assign( t1, unop(Iop_16Uto64, getIRegRDX(2)) );
21402 DIP("out%c %s,%s\n", nameISize(sz), nameIRegRAX(sz),
21403 nameIRegRDX(2));
21404 goto do_OUT;
21405 do_OUT: {
21406 /* At this point, sz indicates the width, and t1 is a 64-bit
21407 value giving port number. */
21408 IRDirty* d;
21409 if (haveF2orF3(pfx)) goto decode_failure;
21410 vassert(sz == 1 || sz == 2 || sz == 4);
21411 ty = szToITy(sz);
21412 d = unsafeIRDirty_0_N(
21413 0/*regparms*/,
21414 "amd64g_dirtyhelper_OUT",
21415 &amd64g_dirtyhelper_OUT,
21416 mkIRExprVec_3( mkexpr(t1),
21417 widenUto64( getIRegRAX(sz) ),
21418 mkU64(sz) )
21419 );
21420 stmt( IRStmt_Dirty(d) );
21421 return delta;
21422 }
21423
21424 case 0xE8: /* CALL J4 */
21425 if (haveF3(pfx)) goto decode_failure;
21426 if (haveF2(pfx)) DIP("bnd ; "); /* MPX bnd prefix. */
21427 d64 = getSDisp32(delta); delta += 4;
21428 d64 += (guest_RIP_bbstart+delta);
21429 /* (guest_RIP_bbstart+delta) == return-to addr, d64 == call-to addr */
21430 t1 = newTemp(Ity_I64);
21431 assign(t1, binop(Iop_Sub64, getIReg64(R_RSP), mkU64(8)));
21432 putIReg64(R_RSP, mkexpr(t1));
21433 storeLE( mkexpr(t1), mkU64(guest_RIP_bbstart+delta));
21434 t2 = newTemp(Ity_I64);
21435 assign(t2, mkU64((Addr64)d64));
21436 make_redzone_AbiHint(vbi, t1, t2/*nia*/, "call-d32");
21437 if (resteerOkFn( callback_opaque, (Addr64)d64) ) {
21438 /* follow into the call target. */
21439 dres->whatNext = Dis_ResteerU;
21440 dres->continueAt = d64;
21441 } else {
21442 jmp_lit(dres, Ijk_Call, d64);
21443 vassert(dres->whatNext == Dis_StopHere);
21444 }
21445 DIP("call 0x%llx\n", (ULong)d64);
21446 return delta;
21447
21448 case 0xE9: /* Jv (jump, 16/32 offset) */
21449 if (haveF3(pfx)) goto decode_failure;
21450 if (sz != 4)
21451 goto decode_failure; /* JRS added 2004 July 11 */
21452 if (haveF2(pfx)) DIP("bnd ; "); /* MPX bnd prefix. */
21453 d64 = (guest_RIP_bbstart+delta+sz) + getSDisp(sz,delta);
21454 delta += sz;
21455 if (resteerOkFn(callback_opaque, (Addr64)d64)) {
21456 dres->whatNext = Dis_ResteerU;
21457 dres->continueAt = d64;
21458 } else {
21459 jmp_lit(dres, Ijk_Boring, d64);
21460 vassert(dres->whatNext == Dis_StopHere);
21461 }
21462 DIP("jmp 0x%llx\n", (ULong)d64);
21463 return delta;
21464
21465 case 0xEB: /* Jb (jump, byte offset) */
21466 if (haveF3(pfx)) goto decode_failure;
21467 if (sz != 4)
21468 goto decode_failure; /* JRS added 2004 July 11 */
21469 if (haveF2(pfx)) DIP("bnd ; "); /* MPX bnd prefix. */
21470 d64 = (guest_RIP_bbstart+delta+1) + getSDisp8(delta);
21471 delta++;
21472 if (resteerOkFn(callback_opaque, (Addr64)d64)) {
21473 dres->whatNext = Dis_ResteerU;
21474 dres->continueAt = d64;
21475 } else {
21476 jmp_lit(dres, Ijk_Boring, d64);
21477 vassert(dres->whatNext == Dis_StopHere);
21478 }
21479 DIP("jmp-8 0x%llx\n", (ULong)d64);
21480 return delta;
21481
21482 case 0xF5: /* CMC */
21483 case 0xF8: /* CLC */
21484 case 0xF9: /* STC */
21485 t1 = newTemp(Ity_I64);
21486 t2 = newTemp(Ity_I64);
21487 assign( t1, mk_amd64g_calculate_rflags_all() );
21488 switch (opc) {
21489 case 0xF5:
21490 assign( t2, binop(Iop_Xor64, mkexpr(t1),
21491 mkU64(AMD64G_CC_MASK_C)));
21492 DIP("cmc\n");
21493 break;
21494 case 0xF8:
21495 assign( t2, binop(Iop_And64, mkexpr(t1),
21496 mkU64(~AMD64G_CC_MASK_C)));
21497 DIP("clc\n");
21498 break;
21499 case 0xF9:
21500 assign( t2, binop(Iop_Or64, mkexpr(t1),
21501 mkU64(AMD64G_CC_MASK_C)));
21502 DIP("stc\n");
21503 break;
21504 default:
21505 vpanic("disInstr(x64)(cmc/clc/stc)");
21506 }
21507 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
21508 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
21509 stmt( IRStmt_Put( OFFB_CC_DEP1, mkexpr(t2) ));
21510 /* Set NDEP even though it isn't used. This makes redundant-PUT
21511 elimination of previous stores to this field work better. */
21512 stmt( IRStmt_Put( OFFB_CC_NDEP, mkU64(0) ));
21513 return delta;
21514
21515 case 0xF6: { /* Grp3 Eb */
21516 Bool decode_OK = True;
21517 /* RM'd: if (haveF2orF3(pfx)) goto decode_failure; */
21518 /* We now let dis_Grp3 itself decide if F2 and/or F3 are valid */
21519 delta = dis_Grp3 ( vbi, pfx, 1, delta, &decode_OK );
21520 if (!decode_OK) goto decode_failure;
21521 return delta;
21522 }
21523
21524 case 0xF7: { /* Grp3 Ev */
21525 Bool decode_OK = True;
21526 /* RM'd: if (haveF2orF3(pfx)) goto decode_failure; */
21527 /* We now let dis_Grp3 itself decide if F2 and/or F3 are valid */
21528 delta = dis_Grp3 ( vbi, pfx, sz, delta, &decode_OK );
21529 if (!decode_OK) goto decode_failure;
21530 return delta;
21531 }
21532
21533 case 0xFC: /* CLD */
21534 if (haveF2orF3(pfx)) goto decode_failure;
21535 stmt( IRStmt_Put( OFFB_DFLAG, mkU64(1)) );
21536 DIP("cld\n");
21537 return delta;
21538
21539 case 0xFD: /* STD */
21540 if (haveF2orF3(pfx)) goto decode_failure;
21541 stmt( IRStmt_Put( OFFB_DFLAG, mkU64(-1ULL)) );
21542 DIP("std\n");
21543 return delta;
21544
21545 case 0xFE: { /* Grp4 Eb */
21546 Bool decode_OK = True;
21547 /* RM'd: if (haveF2orF3(pfx)) goto decode_failure; */
21548 /* We now let dis_Grp4 itself decide if F2 and/or F3 are valid */
21549 delta = dis_Grp4 ( vbi, pfx, delta, &decode_OK );
21550 if (!decode_OK) goto decode_failure;
21551 return delta;
21552 }
21553
21554 case 0xFF: { /* Grp5 Ev */
21555 Bool decode_OK = True;
21556 /* RM'd: if (haveF2orF3(pfx)) goto decode_failure; */
21557 /* We now let dis_Grp5 itself decide if F2 and/or F3 are valid */
21558 delta = dis_Grp5 ( vbi, pfx, sz, delta, dres, &decode_OK );
21559 if (!decode_OK) goto decode_failure;
21560 return delta;
21561 }
21562
21563 default:
21564 break;
21565
21566 }
21567
21568 decode_failure:
21569 return deltaIN; /* fail */
21570 }
21571
21572
21573 /*------------------------------------------------------------*/
21574 /*--- ---*/
21575 /*--- Top-level post-escape decoders: dis_ESC_0F ---*/
21576 /*--- ---*/
21577 /*------------------------------------------------------------*/
21578
21579 static IRTemp math_BSWAP ( IRTemp t1, IRType ty )
21580 {
21581 IRTemp t2 = newTemp(ty);
21582 if (ty == Ity_I64) {
21583 IRTemp m8 = newTemp(Ity_I64);
21584 IRTemp s8 = newTemp(Ity_I64);
21585 IRTemp m16 = newTemp(Ity_I64);
21586 IRTemp s16 = newTemp(Ity_I64);
21587 IRTemp m32 = newTemp(Ity_I64);
21588 assign( m8, mkU64(0xFF00FF00FF00FF00ULL) );
21589 assign( s8,
21590 binop(Iop_Or64,
21591 binop(Iop_Shr64,
21592 binop(Iop_And64,mkexpr(t1),mkexpr(m8)),
21593 mkU8(8)),
21594 binop(Iop_And64,
21595 binop(Iop_Shl64,mkexpr(t1),mkU8(8)),
21596 mkexpr(m8))
21597 )
21598 );
21599
21600 assign( m16, mkU64(0xFFFF0000FFFF0000ULL) );
21601 assign( s16,
21602 binop(Iop_Or64,
21603 binop(Iop_Shr64,
21604 binop(Iop_And64,mkexpr(s8),mkexpr(m16)),
21605 mkU8(16)),
21606 binop(Iop_And64,
21607 binop(Iop_Shl64,mkexpr(s8),mkU8(16)),
21608 mkexpr(m16))
21609 )
21610 );
21611
21612 assign( m32, mkU64(0xFFFFFFFF00000000ULL) );
21613 assign( t2,
21614 binop(Iop_Or64,
21615 binop(Iop_Shr64,
21616 binop(Iop_And64,mkexpr(s16),mkexpr(m32)),
21617 mkU8(32)),
21618 binop(Iop_And64,
21619 binop(Iop_Shl64,mkexpr(s16),mkU8(32)),
21620 mkexpr(m32))
21621 )
21622 );
21623 return t2;
21624 }
21625 if (ty == Ity_I32) {
21626 assign( t2,
21627 binop(
21628 Iop_Or32,
21629 binop(Iop_Shl32, mkexpr(t1), mkU8(24)),
21630 binop(
21631 Iop_Or32,
21632 binop(Iop_And32, binop(Iop_Shl32, mkexpr(t1), mkU8(8)),
21633 mkU32(0x00FF0000)),
21634 binop(Iop_Or32,
21635 binop(Iop_And32, binop(Iop_Shr32, mkexpr(t1), mkU8(8)),
21636 mkU32(0x0000FF00)),
21637 binop(Iop_And32, binop(Iop_Shr32, mkexpr(t1), mkU8(24)),
21638 mkU32(0x000000FF) )
21639 )))
21640 );
21641 return t2;
21642 }
21643 if (ty == Ity_I16) {
21644 assign(t2,
21645 binop(Iop_Or16,
21646 binop(Iop_Shl16, mkexpr(t1), mkU8(8)),
21647 binop(Iop_Shr16, mkexpr(t1), mkU8(8)) ));
21648 return t2;
21649 }
21650 vassert(0);
21651 /*NOTREACHED*/
21652 return IRTemp_INVALID;
21653 }
21654
21655
21656 __attribute__((noinline))
21657 static
21658 Long dis_ESC_0F (
21659 /*MB_OUT*/DisResult* dres,
21660 /*MB_OUT*/Bool* expect_CAS,
21661 Bool (*resteerOkFn) ( /*opaque*/void*, Addr ),
21662 Bool resteerCisOk,
21663 void* callback_opaque,
21664 const VexArchInfo* archinfo,
21665 const VexAbiInfo* vbi,
21666 Prefix pfx, Int sz, Long deltaIN
21667 )
21668 {
21669 Long d64 = 0;
21670 IRTemp addr = IRTemp_INVALID;
21671 IRTemp t1 = IRTemp_INVALID;
21672 IRTemp t2 = IRTemp_INVALID;
21673 UChar modrm = 0;
21674 Int am_sz = 0;
21675 Int alen = 0;
21676 HChar dis_buf[50];
21677
21678 /* In the first switch, look for ordinary integer insns. */
21679 Long delta = deltaIN;
21680 UChar opc = getUChar(delta);
21681 delta++;
21682 switch (opc) { /* first switch */
21683
21684 case 0x01:
21685 {
21686 modrm = getUChar(delta);
21687 /* 0F 01 /0 -- SGDT */
21688 /* 0F 01 /1 -- SIDT */
21689 if (!epartIsReg(modrm)
21690 && (gregLO3ofRM(modrm) == 0 || gregLO3ofRM(modrm) == 1)) {
21691 /* This is really revolting, but ... since each processor
21692 (core) only has one IDT and one GDT, just let the guest
21693 see it (pass-through semantics). I can't see any way to
21694 construct a faked-up value, so don't bother to try. */
21695 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
21696 delta += alen;
21697 switch (gregLO3ofRM(modrm)) {
21698 case 0: DIP("sgdt %s\n", dis_buf); break;
21699 case 1: DIP("sidt %s\n", dis_buf); break;
21700 default: vassert(0); /*NOTREACHED*/
21701 }
21702 IRDirty* d = unsafeIRDirty_0_N (
21703 0/*regparms*/,
21704 "amd64g_dirtyhelper_SxDT",
21705 &amd64g_dirtyhelper_SxDT,
21706 mkIRExprVec_2( mkexpr(addr),
21707 mkU64(gregLO3ofRM(modrm)) )
21708 );
21709 /* declare we're writing memory */
21710 d->mFx = Ifx_Write;
21711 d->mAddr = mkexpr(addr);
21712 d->mSize = 6;
21713 stmt( IRStmt_Dirty(d) );
21714 return delta;
21715 }
21716 /* 0F 01 D0 = XGETBV */
21717 if (modrm == 0xD0 && (archinfo->hwcaps & VEX_HWCAPS_AMD64_AVX)) {
21718 delta += 1;
21719 DIP("xgetbv\n");
21720 /* Fault (SEGV) if ECX isn't zero. Intel docs say #GP and I
21721 am not sure if that translates in to SEGV or to something
21722 else, in user space. */
21723 t1 = newTemp(Ity_I32);
21724 assign( t1, getIReg32(R_RCX) );
21725 stmt( IRStmt_Exit(binop(Iop_CmpNE32, mkexpr(t1), mkU32(0)),
21726 Ijk_SigSEGV,
21727 IRConst_U64(guest_RIP_curr_instr),
21728 OFFB_RIP
21729 ));
21730 putIRegRAX(4, mkU32(7));
21731 putIRegRDX(4, mkU32(0));
21732 return delta;
21733 }
21734 /* BEGIN HACKY SUPPORT FOR xend */
21735 /* 0F 01 D5 = XEND */
21736 if (modrm == 0xD5 && (archinfo->hwcaps & VEX_HWCAPS_AMD64_AVX)) {
21737 /* We are never in an transaction (xbegin immediately aborts).
21738 So this just always generates a General Protection Fault. */
21739 delta += 1;
21740 jmp_lit(dres, Ijk_SigSEGV, guest_RIP_bbstart + delta);
21741 vassert(dres->whatNext == Dis_StopHere);
21742 DIP("xend\n");
21743 return delta;
21744 }
21745 /* END HACKY SUPPORT FOR xend */
21746 /* BEGIN HACKY SUPPORT FOR xtest */
21747 /* 0F 01 D6 = XTEST */
21748 if (modrm == 0xD6 && (archinfo->hwcaps & VEX_HWCAPS_AMD64_AVX)) {
21749 /* Sets ZF because there never is a transaction, and all
21750 CF, OF, SF, PF and AF are always cleared by xtest. */
21751 delta += 1;
21752 DIP("xtest\n");
21753 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
21754 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
21755 stmt( IRStmt_Put( OFFB_CC_DEP1, mkU64(AMD64G_CC_MASK_Z) ));
21756 /* Set NDEP even though it isn't used. This makes redundant-PUT
21757 elimination of previous stores to this field work better. */
21758 stmt( IRStmt_Put( OFFB_CC_NDEP, mkU64(0) ));
21759 return delta;
21760 }
21761 /* END HACKY SUPPORT FOR xtest */
21762 /* 0F 01 F9 = RDTSCP */
21763 if (modrm == 0xF9 && (archinfo->hwcaps & VEX_HWCAPS_AMD64_RDTSCP)) {
21764 delta += 1;
21765 /* Uses dirty helper:
21766 void amd64g_dirtyhelper_RDTSCP ( VexGuestAMD64State* )
21767 declared to wr rax, rcx, rdx
21768 */
21769 const HChar* fName = "amd64g_dirtyhelper_RDTSCP";
21770 void* fAddr = &amd64g_dirtyhelper_RDTSCP;
21771 IRDirty* d
21772 = unsafeIRDirty_0_N ( 0/*regparms*/,
21773 fName, fAddr, mkIRExprVec_1(IRExpr_GSPTR()) );
21774 /* declare guest state effects */
21775 d->nFxState = 3;
21776 vex_bzero(&d->fxState, sizeof(d->fxState));
21777 d->fxState[0].fx = Ifx_Write;
21778 d->fxState[0].offset = OFFB_RAX;
21779 d->fxState[0].size = 8;
21780 d->fxState[1].fx = Ifx_Write;
21781 d->fxState[1].offset = OFFB_RCX;
21782 d->fxState[1].size = 8;
21783 d->fxState[2].fx = Ifx_Write;
21784 d->fxState[2].offset = OFFB_RDX;
21785 d->fxState[2].size = 8;
21786 /* execute the dirty call, side-effecting guest state */
21787 stmt( IRStmt_Dirty(d) );
21788 /* RDTSCP is a serialising insn. So, just in case someone is
21789 using it as a memory fence ... */
21790 stmt( IRStmt_MBE(Imbe_Fence) );
21791 DIP("rdtscp\n");
21792 return delta;
21793 }
21794 /* else decode failed */
21795 break;
21796 }
21797
21798 case 0x05: /* SYSCALL */
21799 guest_RIP_next_mustcheck = True;
21800 guest_RIP_next_assumed = guest_RIP_bbstart + delta;
21801 putIReg64( R_RCX, mkU64(guest_RIP_next_assumed) );
21802 /* It's important that all guest state is up-to-date
21803 at this point. So we declare an end-of-block here, which
21804 forces any cached guest state to be flushed. */
21805 jmp_lit(dres, Ijk_Sys_syscall, guest_RIP_next_assumed);
21806 vassert(dres->whatNext == Dis_StopHere);
21807 DIP("syscall\n");
21808 return delta;
21809
21810 case 0x0B: /* UD2 */
21811 stmt( IRStmt_Put( OFFB_RIP, mkU64(guest_RIP_curr_instr) ) );
21812 jmp_lit(dres, Ijk_NoDecode, guest_RIP_curr_instr);
21813 vassert(dres->whatNext == Dis_StopHere);
21814 DIP("ud2\n");
21815 return delta;
21816
21817 case 0x0D: /* 0F 0D /0 -- prefetch mem8 */
21818 /* 0F 0D /1 -- prefetchw mem8 */
21819 if (have66orF2orF3(pfx)) goto decode_failure;
21820 modrm = getUChar(delta);
21821 if (epartIsReg(modrm)) goto decode_failure;
21822 if (gregLO3ofRM(modrm) != 0 && gregLO3ofRM(modrm) != 1)
21823 goto decode_failure;
21824 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
21825 delta += alen;
21826 switch (gregLO3ofRM(modrm)) {
21827 case 0: DIP("prefetch %s\n", dis_buf); break;
21828 case 1: DIP("prefetchw %s\n", dis_buf); break;
21829 default: vassert(0); /*NOTREACHED*/
21830 }
21831 return delta;
21832
21833 case 0x19:
21834 case 0x1C:
21835 case 0x1D:
21836 case 0x1E:
21837 case 0x1F:
21838 // Intel CET instructions can have any prefixes before NOPs
21839 // and can use any ModRM, SIB and disp
21840 modrm = getUChar(delta);
21841 if (epartIsReg(modrm)) {
21842 delta += 1;
21843 DIP("nop%c\n", nameISize(sz));
21844 } else {
21845 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
21846 delta += alen;
21847 DIP("nop%c %s\n", nameISize(sz), dis_buf);
21848 }
21849 return delta;
21850
21851 case 0x31: { /* RDTSC */
21852 IRTemp val = newTemp(Ity_I64);
21853 IRExpr** args = mkIRExprVec_0();
21854 IRDirty* d = unsafeIRDirty_1_N (
21855 val,
21856 0/*regparms*/,
21857 "amd64g_dirtyhelper_RDTSC",
21858 &amd64g_dirtyhelper_RDTSC,
21859 args
21860 );
21861 if (have66orF2orF3(pfx)) goto decode_failure;
21862 /* execute the dirty call, dumping the result in val. */
21863 stmt( IRStmt_Dirty(d) );
21864 putIRegRDX(4, unop(Iop_64HIto32, mkexpr(val)));
21865 putIRegRAX(4, unop(Iop_64to32, mkexpr(val)));
21866 DIP("rdtsc\n");
21867 return delta;
21868 }
21869
21870 case 0x40:
21871 case 0x41:
21872 case 0x42: /* CMOVBb/CMOVNAEb (cmov below) */
21873 case 0x43: /* CMOVNBb/CMOVAEb (cmov not below) */
21874 case 0x44: /* CMOVZb/CMOVEb (cmov zero) */
21875 case 0x45: /* CMOVNZb/CMOVNEb (cmov not zero) */
21876 case 0x46: /* CMOVBEb/CMOVNAb (cmov below or equal) */
21877 case 0x47: /* CMOVNBEb/CMOVAb (cmov not below or equal) */
21878 case 0x48: /* CMOVSb (cmov negative) */
21879 case 0x49: /* CMOVSb (cmov not negative) */
21880 case 0x4A: /* CMOVP (cmov parity even) */
21881 case 0x4B: /* CMOVNP (cmov parity odd) */
21882 case 0x4C: /* CMOVLb/CMOVNGEb (cmov less) */
21883 case 0x4D: /* CMOVGEb/CMOVNLb (cmov greater or equal) */
21884 case 0x4E: /* CMOVLEb/CMOVNGb (cmov less or equal) */
21885 case 0x4F: /* CMOVGb/CMOVNLEb (cmov greater) */
21886 if (haveF2orF3(pfx)) goto decode_failure;
21887 delta = dis_cmov_E_G(vbi, pfx, sz, (AMD64Condcode)(opc - 0x40), delta);
21888 return delta;
21889
21890 case 0x80:
21891 case 0x81:
21892 case 0x82: /* JBb/JNAEb (jump below) */
21893 case 0x83: /* JNBb/JAEb (jump not below) */
21894 case 0x84: /* JZb/JEb (jump zero) */
21895 case 0x85: /* JNZb/JNEb (jump not zero) */
21896 case 0x86: /* JBEb/JNAb (jump below or equal) */
21897 case 0x87: /* JNBEb/JAb (jump not below or equal) */
21898 case 0x88: /* JSb (jump negative) */
21899 case 0x89: /* JSb (jump not negative) */
21900 case 0x8A: /* JP (jump parity even) */
21901 case 0x8B: /* JNP/JPO (jump parity odd) */
21902 case 0x8C: /* JLb/JNGEb (jump less) */
21903 case 0x8D: /* JGEb/JNLb (jump greater or equal) */
21904 case 0x8E: /* JLEb/JNGb (jump less or equal) */
21905 case 0x8F: { /* JGb/JNLEb (jump greater) */
21906 Long jmpDelta;
21907 const HChar* comment = "";
21908 if (haveF3(pfx)) goto decode_failure;
21909 if (haveF2(pfx)) DIP("bnd ; "); /* MPX bnd prefix. */
21910 jmpDelta = getSDisp32(delta);
21911 d64 = (guest_RIP_bbstart+delta+4) + jmpDelta;
21912 delta += 4;
21913 if (resteerCisOk
21914 && vex_control.guest_chase_cond
21915 && (Addr64)d64 != (Addr64)guest_RIP_bbstart
21916 && jmpDelta < 0
21917 && resteerOkFn( callback_opaque, (Addr64)d64) ) {
21918 /* Speculation: assume this backward branch is taken. So
21919 we need to emit a side-exit to the insn following this
21920 one, on the negation of the condition, and continue at
21921 the branch target address (d64). If we wind up back at
21922 the first instruction of the trace, just stop; it's
21923 better to let the IR loop unroller handle that case. */
21924 stmt( IRStmt_Exit(
21925 mk_amd64g_calculate_condition(
21926 (AMD64Condcode)(1 ^ (opc - 0x80))),
21927 Ijk_Boring,
21928 IRConst_U64(guest_RIP_bbstart+delta),
21929 OFFB_RIP
21930 ));
21931 dres->whatNext = Dis_ResteerC;
21932 dres->continueAt = d64;
21933 comment = "(assumed taken)";
21934 }
21935 else
21936 if (resteerCisOk
21937 && vex_control.guest_chase_cond
21938 && (Addr64)d64 != (Addr64)guest_RIP_bbstart
21939 && jmpDelta >= 0
21940 && resteerOkFn( callback_opaque, guest_RIP_bbstart+delta ) ) {
21941 /* Speculation: assume this forward branch is not taken.
21942 So we need to emit a side-exit to d64 (the dest) and
21943 continue disassembling at the insn immediately
21944 following this one. */
21945 stmt( IRStmt_Exit(
21946 mk_amd64g_calculate_condition((AMD64Condcode)
21947 (opc - 0x80)),
21948 Ijk_Boring,
21949 IRConst_U64(d64),
21950 OFFB_RIP
21951 ));
21952 dres->whatNext = Dis_ResteerC;
21953 dres->continueAt = guest_RIP_bbstart+delta;
21954 comment = "(assumed not taken)";
21955 }
21956 else {
21957 /* Conservative default translation - end the block at
21958 this point. */
21959 jcc_01( dres, (AMD64Condcode)(opc - 0x80),
21960 guest_RIP_bbstart+delta, d64 );
21961 vassert(dres->whatNext == Dis_StopHere);
21962 }
21963 DIP("j%s-32 0x%llx %s\n", name_AMD64Condcode(opc - 0x80), (ULong)d64,
21964 comment);
21965 return delta;
21966 }
21967
21968 case 0x90:
21969 case 0x91:
21970 case 0x92: /* set-Bb/set-NAEb (set if below) */
21971 case 0x93: /* set-NBb/set-AEb (set if not below) */
21972 case 0x94: /* set-Zb/set-Eb (set if zero) */
21973 case 0x95: /* set-NZb/set-NEb (set if not zero) */
21974 case 0x96: /* set-BEb/set-NAb (set if below or equal) */
21975 case 0x97: /* set-NBEb/set-Ab (set if not below or equal) */
21976 case 0x98: /* set-Sb (set if negative) */
21977 case 0x99: /* set-Sb (set if not negative) */
21978 case 0x9A: /* set-P (set if parity even) */
21979 case 0x9B: /* set-NP (set if parity odd) */
21980 case 0x9C: /* set-Lb/set-NGEb (set if less) */
21981 case 0x9D: /* set-GEb/set-NLb (set if greater or equal) */
21982 case 0x9E: /* set-LEb/set-NGb (set if less or equal) */
21983 case 0x9F: /* set-Gb/set-NLEb (set if greater) */
21984 if (haveF2orF3(pfx)) goto decode_failure;
21985 t1 = newTemp(Ity_I8);
21986 assign( t1, unop(Iop_1Uto8,mk_amd64g_calculate_condition(opc-0x90)) );
21987 modrm = getUChar(delta);
21988 if (epartIsReg(modrm)) {
21989 delta++;
21990 putIRegE(1, pfx, modrm, mkexpr(t1));
21991 DIP("set%s %s\n", name_AMD64Condcode(opc-0x90),
21992 nameIRegE(1,pfx,modrm));
21993 } else {
21994 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
21995 delta += alen;
21996 storeLE( mkexpr(addr), mkexpr(t1) );
21997 DIP("set%s %s\n", name_AMD64Condcode(opc-0x90), dis_buf);
21998 }
21999 return delta;
22000
22001 case 0x1A:
22002 case 0x1B: { /* Future MPX instructions, currently NOPs.
22003 BNDMK b, m F3 0F 1B
22004 BNDCL b, r/m F3 0F 1A
22005 BNDCU b, r/m F2 0F 1A
22006 BNDCN b, r/m F2 0F 1B
22007 BNDMOV b, b/m 66 0F 1A
22008 BNDMOV b/m, b 66 0F 1B
22009 BNDLDX b, mib 0F 1A
22010 BNDSTX mib, b 0F 1B */
22011
22012 /* All instructions have two operands. One operand is always the
22013 bnd register number (bnd0-bnd3, other register numbers are
22014 ignored when MPX isn't enabled, but should generate an
22015 exception if MPX is enabled) given by gregOfRexRM. The other
22016 operand is either a ModRM:reg, ModRM:r/m or a SIB encoded
22017 address, all of which can be decoded by using either
22018 eregOfRexRM or disAMode. */
22019
22020 modrm = getUChar(delta);
22021 int bnd = gregOfRexRM(pfx,modrm);
22022 const HChar *oper;
22023 if (epartIsReg(modrm)) {
22024 oper = nameIReg64 (eregOfRexRM(pfx,modrm));
22025 delta += 1;
22026 } else {
22027 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
22028 delta += alen;
22029 oper = dis_buf;
22030 }
22031
22032 if (haveF3no66noF2 (pfx)) {
22033 if (opc == 0x1B) {
22034 DIP ("bndmk %s, %%bnd%d\n", oper, bnd);
22035 } else /* opc == 0x1A */ {
22036 DIP ("bndcl %s, %%bnd%d\n", oper, bnd);
22037 }
22038 } else if (haveF2no66noF3 (pfx)) {
22039 if (opc == 0x1A) {
22040 DIP ("bndcu %s, %%bnd%d\n", oper, bnd);
22041 } else /* opc == 0x1B */ {
22042 DIP ("bndcn %s, %%bnd%d\n", oper, bnd);
22043 }
22044 } else if (have66noF2noF3 (pfx)) {
22045 if (opc == 0x1A) {
22046 DIP ("bndmov %s, %%bnd%d\n", oper, bnd);
22047 } else /* opc == 0x1B */ {
22048 DIP ("bndmov %%bnd%d, %s\n", bnd, oper);
22049 }
22050 } else if (haveNo66noF2noF3 (pfx)) {
22051 if (opc == 0x1A) {
22052 DIP ("bndldx %s, %%bnd%d\n", oper, bnd);
22053 } else /* opc == 0x1B */ {
22054 DIP ("bndstx %%bnd%d, %s\n", bnd, oper);
22055 }
22056 } else goto decode_failure;
22057
22058 return delta;
22059 }
22060
22061 case 0xA2: { /* CPUID */
22062 /* Uses dirty helper:
22063 void amd64g_dirtyhelper_CPUID ( VexGuestAMD64State* )
22064 declared to mod rax, wr rbx, rcx, rdx
22065 */
22066 IRDirty* d = NULL;
22067 const HChar* fName = NULL;
22068 void* fAddr = NULL;
22069
22070 if (haveF2orF3(pfx)) goto decode_failure;
22071
22072 /* This isn't entirely correct, CPUID should depend on the VEX
22073 capabilities, not on the underlying CPU. See bug #324882. */
22074 if ((archinfo->hwcaps & VEX_HWCAPS_AMD64_SSE3) &&
22075 (archinfo->hwcaps & VEX_HWCAPS_AMD64_CX16) &&
22076 (archinfo->hwcaps & VEX_HWCAPS_AMD64_AVX2)) {
22077 fName = "amd64g_dirtyhelper_CPUID_avx2";
22078 fAddr = &amd64g_dirtyhelper_CPUID_avx2;
22079 /* This is a Core-i7-4910-like machine */
22080 }
22081 else if ((archinfo->hwcaps & VEX_HWCAPS_AMD64_SSE3) &&
22082 (archinfo->hwcaps & VEX_HWCAPS_AMD64_CX16) &&
22083 (archinfo->hwcaps & VEX_HWCAPS_AMD64_AVX)) {
22084 fName = "amd64g_dirtyhelper_CPUID_avx_and_cx16";
22085 fAddr = &amd64g_dirtyhelper_CPUID_avx_and_cx16;
22086 /* This is a Core-i5-2300-like machine */
22087 }
22088 else if ((archinfo->hwcaps & VEX_HWCAPS_AMD64_SSE3) &&
22089 (archinfo->hwcaps & VEX_HWCAPS_AMD64_CX16)) {
22090 fName = "amd64g_dirtyhelper_CPUID_sse42_and_cx16";
22091 fAddr = &amd64g_dirtyhelper_CPUID_sse42_and_cx16;
22092 /* This is a Core-i5-670-like machine */
22093 }
22094 else {
22095 /* Give a CPUID for at least a baseline machine, SSE2
22096 only, and no CX16 */
22097 fName = "amd64g_dirtyhelper_CPUID_baseline";
22098 fAddr = &amd64g_dirtyhelper_CPUID_baseline;
22099 }
22100
22101 vassert(fName); vassert(fAddr);
22102 d = unsafeIRDirty_0_N ( 0/*regparms*/,
22103 fName, fAddr, mkIRExprVec_1(IRExpr_GSPTR()) );
22104 /* declare guest state effects */
22105 d->nFxState = 4;
22106 vex_bzero(&d->fxState, sizeof(d->fxState));
22107 d->fxState[0].fx = Ifx_Modify;
22108 d->fxState[0].offset = OFFB_RAX;
22109 d->fxState[0].size = 8;
22110 d->fxState[1].fx = Ifx_Write;
22111 d->fxState[1].offset = OFFB_RBX;
22112 d->fxState[1].size = 8;
22113 d->fxState[2].fx = Ifx_Modify;
22114 d->fxState[2].offset = OFFB_RCX;
22115 d->fxState[2].size = 8;
22116 d->fxState[3].fx = Ifx_Write;
22117 d->fxState[3].offset = OFFB_RDX;
22118 d->fxState[3].size = 8;
22119 /* execute the dirty call, side-effecting guest state */
22120 stmt( IRStmt_Dirty(d) );
22121 /* CPUID is a serialising insn. So, just in case someone is
22122 using it as a memory fence ... */
22123 stmt( IRStmt_MBE(Imbe_Fence) );
22124 DIP("cpuid\n");
22125 return delta;
22126 }
22127
22128 case 0xA3: { /* BT Gv,Ev */
22129 /* We let dis_bt_G_E decide whether F2 or F3 are allowable. */
22130 Bool ok = True;
22131 if (sz != 8 && sz != 4 && sz != 2) goto decode_failure;
22132 delta = dis_bt_G_E ( vbi, pfx, sz, delta, BtOpNone, &ok );
22133 if (!ok) goto decode_failure;
22134 return delta;
22135 }
22136
22137 case 0xA4: /* SHLDv imm8,Gv,Ev */
22138 modrm = getUChar(delta);
22139 d64 = delta + lengthAMode(pfx, delta);
22140 vex_sprintf(dis_buf, "$%d", (Int)getUChar(d64));
22141 delta = dis_SHLRD_Gv_Ev (
22142 vbi, pfx, delta, modrm, sz,
22143 mkU8(getUChar(d64)), True, /* literal */
22144 dis_buf, True /* left */ );
22145 return delta;
22146
22147 case 0xA5: /* SHLDv %cl,Gv,Ev */
22148 modrm = getUChar(delta);
22149 delta = dis_SHLRD_Gv_Ev (
22150 vbi, pfx, delta, modrm, sz,
22151 getIRegCL(), False, /* not literal */
22152 "%cl", True /* left */ );
22153 return delta;
22154
22155 case 0xAB: { /* BTS Gv,Ev */
22156 /* We let dis_bt_G_E decide whether F2 or F3 are allowable. */
22157 Bool ok = True;
22158 if (sz != 8 && sz != 4 && sz != 2) goto decode_failure;
22159 delta = dis_bt_G_E ( vbi, pfx, sz, delta, BtOpSet, &ok );
22160 if (!ok) goto decode_failure;
22161 return delta;
22162 }
22163
22164 case 0xAC: /* SHRDv imm8,Gv,Ev */
22165 modrm = getUChar(delta);
22166 d64 = delta + lengthAMode(pfx, delta);
22167 vex_sprintf(dis_buf, "$%d", (Int)getUChar(d64));
22168 delta = dis_SHLRD_Gv_Ev (
22169 vbi, pfx, delta, modrm, sz,
22170 mkU8(getUChar(d64)), True, /* literal */
22171 dis_buf, False /* right */ );
22172 return delta;
22173
22174 case 0xAD: /* SHRDv %cl,Gv,Ev */
22175 modrm = getUChar(delta);
22176 delta = dis_SHLRD_Gv_Ev (
22177 vbi, pfx, delta, modrm, sz,
22178 getIRegCL(), False, /* not literal */
22179 "%cl", False /* right */);
22180 return delta;
22181
22182 case 0xAF: /* IMUL Ev, Gv */
22183 if (haveF2orF3(pfx)) goto decode_failure;
22184 delta = dis_mul_E_G ( vbi, pfx, sz, delta );
22185 return delta;
22186
22187 case 0xB0: { /* CMPXCHG Gb,Eb */
22188 Bool ok = True;
22189 /* We let dis_cmpxchg_G_E decide whether F2 or F3 are allowable. */
22190 delta = dis_cmpxchg_G_E ( &ok, vbi, pfx, 1, delta );
22191 if (!ok) goto decode_failure;
22192 return delta;
22193 }
22194
22195 case 0xB1: { /* CMPXCHG Gv,Ev (allowed in 16,32,64 bit) */
22196 Bool ok = True;
22197 /* We let dis_cmpxchg_G_E decide whether F2 or F3 are allowable. */
22198 if (sz != 2 && sz != 4 && sz != 8) goto decode_failure;
22199 delta = dis_cmpxchg_G_E ( &ok, vbi, pfx, sz, delta );
22200 if (!ok) goto decode_failure;
22201 return delta;
22202 }
22203
22204 case 0xB3: { /* BTR Gv,Ev */
22205 /* We let dis_bt_G_E decide whether F2 or F3 are allowable. */
22206 Bool ok = True;
22207 if (sz != 8 && sz != 4 && sz != 2) goto decode_failure;
22208 delta = dis_bt_G_E ( vbi, pfx, sz, delta, BtOpReset, &ok );
22209 if (!ok) goto decode_failure;
22210 return delta;
22211 }
22212
22213 case 0xB6: /* MOVZXb Eb,Gv */
22214 if (haveF2orF3(pfx)) goto decode_failure;
22215 if (sz != 2 && sz != 4 && sz != 8)
22216 goto decode_failure;
22217 delta = dis_movx_E_G ( vbi, pfx, delta, 1, sz, False );
22218 return delta;
22219
22220 case 0xB7: /* MOVZXw Ew,Gv */
22221 if (haveF2orF3(pfx)) goto decode_failure;
22222 if (sz != 4 && sz != 8)
22223 goto decode_failure;
22224 delta = dis_movx_E_G ( vbi, pfx, delta, 2, sz, False );
22225 return delta;
22226
22227 case 0xBA: { /* Grp8 Ib,Ev */
22228 /* We let dis_Grp8_Imm decide whether F2 or F3 are allowable. */
22229 Bool decode_OK = False;
22230 modrm = getUChar(delta);
22231 am_sz = lengthAMode(pfx,delta);
22232 d64 = getSDisp8(delta + am_sz);
22233 delta = dis_Grp8_Imm ( vbi, pfx, delta, modrm, am_sz, sz, d64,
22234 &decode_OK );
22235 if (!decode_OK)
22236 goto decode_failure;
22237 return delta;
22238 }
22239
22240 case 0xBB: { /* BTC Gv,Ev */
22241 /* We let dis_bt_G_E decide whether F2 or F3 are allowable. */
22242 Bool ok = False;
22243 if (sz != 8 && sz != 4 && sz != 2) goto decode_failure;
22244 delta = dis_bt_G_E ( vbi, pfx, sz, delta, BtOpComp, &ok );
22245 if (!ok) goto decode_failure;
22246 return delta;
22247 }
22248
22249 case 0xBC: /* BSF Gv,Ev */
22250 if (!haveF2orF3(pfx)
22251 || (haveF3noF2(pfx)
22252 && 0 == (archinfo->hwcaps & VEX_HWCAPS_AMD64_BMI))) {
22253 /* no-F2 no-F3 0F BC = BSF
22254 or F3 0F BC = REP; BSF on older CPUs. */
22255 delta = dis_bs_E_G ( vbi, pfx, sz, delta, True );
22256 return delta;
22257 }
22258 /* Fall through, since F3 0F BC is TZCNT, and needs to
22259 be handled by dis_ESC_0F__SSE4. */
22260 break;
22261
22262 case 0xBD: /* BSR Gv,Ev */
22263 if (!haveF2orF3(pfx)
22264 || (haveF3noF2(pfx)
22265 && 0 == (archinfo->hwcaps & VEX_HWCAPS_AMD64_LZCNT))) {
22266 /* no-F2 no-F3 0F BD = BSR
22267 or F3 0F BD = REP; BSR on older CPUs. */
22268 delta = dis_bs_E_G ( vbi, pfx, sz, delta, False );
22269 return delta;
22270 }
22271 /* Fall through, since F3 0F BD is LZCNT, and needs to
22272 be handled by dis_ESC_0F__SSE4. */
22273 break;
22274
22275 case 0xBE: /* MOVSXb Eb,Gv */
22276 if (haveF2orF3(pfx)) goto decode_failure;
22277 if (sz != 2 && sz != 4 && sz != 8)
22278 goto decode_failure;
22279 delta = dis_movx_E_G ( vbi, pfx, delta, 1, sz, True );
22280 return delta;
22281
22282 case 0xBF: /* MOVSXw Ew,Gv */
22283 if (haveF2orF3(pfx)) goto decode_failure;
22284 if (sz != 4 && sz != 8)
22285 goto decode_failure;
22286 delta = dis_movx_E_G ( vbi, pfx, delta, 2, sz, True );
22287 return delta;
22288
22289 case 0xC0: { /* XADD Gb,Eb */
22290 Bool decode_OK = False;
22291 delta = dis_xadd_G_E ( &decode_OK, vbi, pfx, 1, delta );
22292 if (!decode_OK)
22293 goto decode_failure;
22294 return delta;
22295 }
22296
22297 case 0xC1: { /* XADD Gv,Ev */
22298 Bool decode_OK = False;
22299 delta = dis_xadd_G_E ( &decode_OK, vbi, pfx, sz, delta );
22300 if (!decode_OK)
22301 goto decode_failure;
22302 return delta;
22303 }
22304
22305 case 0xC7: { /* CMPXCHG8B Ev, CMPXCHG16B Ev */
22306 IRType elemTy = sz==4 ? Ity_I32 : Ity_I64;
22307 IRTemp expdHi = newTemp(elemTy);
22308 IRTemp expdLo = newTemp(elemTy);
22309 IRTemp dataHi = newTemp(elemTy);
22310 IRTemp dataLo = newTemp(elemTy);
22311 IRTemp oldHi = newTemp(elemTy);
22312 IRTemp oldLo = newTemp(elemTy);
22313 IRTemp flags_old = newTemp(Ity_I64);
22314 IRTemp flags_new = newTemp(Ity_I64);
22315 IRTemp success = newTemp(Ity_I1);
22316 IROp opOR = sz==4 ? Iop_Or32 : Iop_Or64;
22317 IROp opXOR = sz==4 ? Iop_Xor32 : Iop_Xor64;
22318 IROp opCasCmpEQ = sz==4 ? Iop_CasCmpEQ32 : Iop_CasCmpEQ64;
22319 IRExpr* zero = sz==4 ? mkU32(0) : mkU64(0);
22320 IRTemp expdHi64 = newTemp(Ity_I64);
22321 IRTemp expdLo64 = newTemp(Ity_I64);
22322
22323 /* Translate this using a DCAS, even if there is no LOCK
22324 prefix. Life is too short to bother with generating two
22325 different translations for the with/without-LOCK-prefix
22326 cases. */
22327 *expect_CAS = True;
22328
22329 /* Decode, and generate address. */
22330 if (have66(pfx)) goto decode_failure;
22331 if (sz != 4 && sz != 8) goto decode_failure;
22332 if (sz == 8 && !(archinfo->hwcaps & VEX_HWCAPS_AMD64_CX16))
22333 goto decode_failure;
22334 modrm = getUChar(delta);
22335 if (epartIsReg(modrm)) goto decode_failure;
22336 if (gregLO3ofRM(modrm) != 1) goto decode_failure;
22337 if (haveF2orF3(pfx)) {
22338 /* Since the e-part is memory only, F2 or F3 (one or the
22339 other) is acceptable if LOCK is also present. But only
22340 for cmpxchg8b. */
22341 if (sz == 8) goto decode_failure;
22342 if (haveF2andF3(pfx) || !haveLOCK(pfx)) goto decode_failure;
22343 }
22344
22345 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
22346 delta += alen;
22347
22348 /* cmpxchg16b requires an alignment check. */
22349 if (sz == 8)
22350 gen_SEGV_if_not_16_aligned( addr );
22351
22352 /* Get the expected and new values. */
22353 assign( expdHi64, getIReg64(R_RDX) );
22354 assign( expdLo64, getIReg64(R_RAX) );
22355
22356 /* These are the correctly-sized expected and new values.
22357 However, we also get expdHi64/expdLo64 above as 64-bits
22358 regardless, because we will need them later in the 32-bit
22359 case (paradoxically). */
22360 assign( expdHi, sz==4 ? unop(Iop_64to32, mkexpr(expdHi64))
22361 : mkexpr(expdHi64) );
22362 assign( expdLo, sz==4 ? unop(Iop_64to32, mkexpr(expdLo64))
22363 : mkexpr(expdLo64) );
22364 assign( dataHi, sz==4 ? getIReg32(R_RCX) : getIReg64(R_RCX) );
22365 assign( dataLo, sz==4 ? getIReg32(R_RBX) : getIReg64(R_RBX) );
22366
22367 /* Do the DCAS */
22368 stmt( IRStmt_CAS(
22369 mkIRCAS( oldHi, oldLo,
22370 Iend_LE, mkexpr(addr),
22371 mkexpr(expdHi), mkexpr(expdLo),
22372 mkexpr(dataHi), mkexpr(dataLo)
22373 )));
22374
22375 /* success when oldHi:oldLo == expdHi:expdLo */
22376 assign( success,
22377 binop(opCasCmpEQ,
22378 binop(opOR,
22379 binop(opXOR, mkexpr(oldHi), mkexpr(expdHi)),
22380 binop(opXOR, mkexpr(oldLo), mkexpr(expdLo))
22381 ),
22382 zero
22383 ));
22384
22385 /* If the DCAS is successful, that is to say oldHi:oldLo ==
22386 expdHi:expdLo, then put expdHi:expdLo back in RDX:RAX,
22387 which is where they came from originally. Both the actual
22388 contents of these two regs, and any shadow values, are
22389 unchanged. If the DCAS fails then we're putting into
22390 RDX:RAX the value seen in memory. */
22391 /* Now of course there's a complication in the 32-bit case
22392 (bah!): if the DCAS succeeds, we need to leave RDX:RAX
22393 unchanged; but if we use the same scheme as in the 64-bit
22394 case, we get hit by the standard rule that a write to the
22395 bottom 32 bits of an integer register zeros the upper 32
22396 bits. And so the upper halves of RDX and RAX mysteriously
22397 become zero. So we have to stuff back in the original
22398 64-bit values which we previously stashed in
22399 expdHi64:expdLo64, even if we're doing a cmpxchg8b. */
22400 /* It's just _so_ much fun ... */
22401 putIRegRDX( 8,
22402 IRExpr_ITE( mkexpr(success),
22403 mkexpr(expdHi64),
22404 sz == 4 ? unop(Iop_32Uto64, mkexpr(oldHi))
22405 : mkexpr(oldHi)
22406 ));
22407 putIRegRAX( 8,
22408 IRExpr_ITE( mkexpr(success),
22409 mkexpr(expdLo64),
22410 sz == 4 ? unop(Iop_32Uto64, mkexpr(oldLo))
22411 : mkexpr(oldLo)
22412 ));
22413
22414 /* Copy the success bit into the Z flag and leave the others
22415 unchanged */
22416 assign( flags_old, widenUto64(mk_amd64g_calculate_rflags_all()));
22417 assign(
22418 flags_new,
22419 binop(Iop_Or64,
22420 binop(Iop_And64, mkexpr(flags_old),
22421 mkU64(~AMD64G_CC_MASK_Z)),
22422 binop(Iop_Shl64,
22423 binop(Iop_And64,
22424 unop(Iop_1Uto64, mkexpr(success)), mkU64(1)),
22425 mkU8(AMD64G_CC_SHIFT_Z)) ));
22426
22427 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(AMD64G_CC_OP_COPY) ));
22428 stmt( IRStmt_Put( OFFB_CC_DEP1, mkexpr(flags_new) ));
22429 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0) ));
22430 /* Set NDEP even though it isn't used. This makes
22431 redundant-PUT elimination of previous stores to this field
22432 work better. */
22433 stmt( IRStmt_Put( OFFB_CC_NDEP, mkU64(0) ));
22434
22435 /* Sheesh. Aren't you glad it was me and not you that had to
22436 write and validate all this grunge? */
22437
22438 DIP("cmpxchg8b %s\n", dis_buf);
22439 return delta;
22440 }
22441
22442 case 0xC8: /* BSWAP %eax */
22443 case 0xC9:
22444 case 0xCA:
22445 case 0xCB:
22446 case 0xCC:
22447 case 0xCD:
22448 case 0xCE:
22449 case 0xCF: /* BSWAP %edi */
22450 if (haveF2orF3(pfx)) goto decode_failure;
22451 /* According to the AMD64 docs, this insn can have size 4 or
22452 8. */
22453 if (sz == 4) {
22454 t1 = newTemp(Ity_I32);
22455 assign( t1, getIRegRexB(4, pfx, opc-0xC8) );
22456 t2 = math_BSWAP( t1, Ity_I32 );
22457 putIRegRexB(4, pfx, opc-0xC8, mkexpr(t2));
22458 DIP("bswapl %s\n", nameIRegRexB(4, pfx, opc-0xC8));
22459 return delta;
22460 }
22461 if (sz == 8) {
22462 t1 = newTemp(Ity_I64);
22463 t2 = newTemp(Ity_I64);
22464 assign( t1, getIRegRexB(8, pfx, opc-0xC8) );
22465 t2 = math_BSWAP( t1, Ity_I64 );
22466 putIRegRexB(8, pfx, opc-0xC8, mkexpr(t2));
22467 DIP("bswapq %s\n", nameIRegRexB(8, pfx, opc-0xC8));
22468 return delta;
22469 }
22470 goto decode_failure;
22471
22472 default:
22473 break;
22474
22475 } /* first switch */
22476
22477
22478 /* =-=-=-=-=-=-=-=-= MMXery =-=-=-=-=-=-=-=-= */
22479 /* In the second switch, pick off MMX insns. */
22480
22481 if (!have66orF2orF3(pfx)) {
22482 /* So there's no SIMD prefix. */
22483
22484 vassert(sz == 4 || sz == 8);
22485
22486 switch (opc) { /* second switch */
22487
22488 case 0x71:
22489 case 0x72:
22490 case 0x73: /* PSLLgg/PSRAgg/PSRLgg mmxreg by imm8 */
22491
22492 case 0x6E: /* MOVD (src)ireg-or-mem, (dst)mmxreg */
22493 case 0x7E: /* MOVD (src)mmxreg, (dst)ireg-or-mem */
22494 case 0x7F: /* MOVQ (src)mmxreg, (dst)mmxreg-or-mem */
22495 case 0x6F: /* MOVQ (src)mmxreg-or-mem, (dst)mmxreg */
22496
22497 case 0xFC:
22498 case 0xFD:
22499 case 0xFE: /* PADDgg (src)mmxreg-or-mem, (dst)mmxreg */
22500
22501 case 0xEC:
22502 case 0xED: /* PADDSgg (src)mmxreg-or-mem, (dst)mmxreg */
22503
22504 case 0xDC:
22505 case 0xDD: /* PADDUSgg (src)mmxreg-or-mem, (dst)mmxreg */
22506
22507 case 0xF8:
22508 case 0xF9:
22509 case 0xFA: /* PSUBgg (src)mmxreg-or-mem, (dst)mmxreg */
22510
22511 case 0xE8:
22512 case 0xE9: /* PSUBSgg (src)mmxreg-or-mem, (dst)mmxreg */
22513
22514 case 0xD8:
22515 case 0xD9: /* PSUBUSgg (src)mmxreg-or-mem, (dst)mmxreg */
22516
22517 case 0xE5: /* PMULHW (src)mmxreg-or-mem, (dst)mmxreg */
22518 case 0xD5: /* PMULLW (src)mmxreg-or-mem, (dst)mmxreg */
22519
22520 case 0xF5: /* PMADDWD (src)mmxreg-or-mem, (dst)mmxreg */
22521
22522 case 0x74:
22523 case 0x75:
22524 case 0x76: /* PCMPEQgg (src)mmxreg-or-mem, (dst)mmxreg */
22525
22526 case 0x64:
22527 case 0x65:
22528 case 0x66: /* PCMPGTgg (src)mmxreg-or-mem, (dst)mmxreg */
22529
22530 case 0x6B: /* PACKSSDW (src)mmxreg-or-mem, (dst)mmxreg */
22531 case 0x63: /* PACKSSWB (src)mmxreg-or-mem, (dst)mmxreg */
22532 case 0x67: /* PACKUSWB (src)mmxreg-or-mem, (dst)mmxreg */
22533
22534 case 0x68:
22535 case 0x69:
22536 case 0x6A: /* PUNPCKHgg (src)mmxreg-or-mem, (dst)mmxreg */
22537
22538 case 0x60:
22539 case 0x61:
22540 case 0x62: /* PUNPCKLgg (src)mmxreg-or-mem, (dst)mmxreg */
22541
22542 case 0xDB: /* PAND (src)mmxreg-or-mem, (dst)mmxreg */
22543 case 0xDF: /* PANDN (src)mmxreg-or-mem, (dst)mmxreg */
22544 case 0xEB: /* POR (src)mmxreg-or-mem, (dst)mmxreg */
22545 case 0xEF: /* PXOR (src)mmxreg-or-mem, (dst)mmxreg */
22546
22547 case 0xF1: /* PSLLgg (src)mmxreg-or-mem, (dst)mmxreg */
22548 case 0xF2:
22549 case 0xF3:
22550
22551 case 0xD1: /* PSRLgg (src)mmxreg-or-mem, (dst)mmxreg */
22552 case 0xD2:
22553 case 0xD3:
22554
22555 case 0xE1: /* PSRAgg (src)mmxreg-or-mem, (dst)mmxreg */
22556 case 0xE2: {
22557 Bool decode_OK = False;
22558 delta = dis_MMX ( &decode_OK, vbi, pfx, sz, deltaIN );
22559 if (decode_OK)
22560 return delta;
22561 goto decode_failure;
22562 }
22563
22564 default:
22565 break;
22566 } /* second switch */
22567
22568 }
22569
22570 /* A couple of MMX corner cases */
22571 if (opc == 0x0E/* FEMMS */ || opc == 0x77/* EMMS */) {
22572 if (sz != 4)
22573 goto decode_failure;
22574 do_EMMS_preamble();
22575 DIP("{f}emms\n");
22576 return delta;
22577 }
22578
22579 /* =-=-=-=-=-=-=-=-= SSE2ery =-=-=-=-=-=-=-=-= */
22580 /* Perhaps it's an SSE or SSE2 instruction. We can try this
22581 without checking the guest hwcaps because SSE2 is a baseline
22582 facility in 64 bit mode. */
22583 {
22584 Bool decode_OK = False;
22585 delta = dis_ESC_0F__SSE2 ( &decode_OK,
22586 archinfo, vbi, pfx, sz, deltaIN, dres );
22587 if (decode_OK)
22588 return delta;
22589 }
22590
22591 /* =-=-=-=-=-=-=-=-= SSE3ery =-=-=-=-=-=-=-=-= */
22592 /* Perhaps it's a SSE3 instruction. FIXME: check guest hwcaps
22593 first. */
22594 {
22595 Bool decode_OK = False;
22596 delta = dis_ESC_0F__SSE3 ( &decode_OK, vbi, pfx, sz, deltaIN );
22597 if (decode_OK)
22598 return delta;
22599 }
22600
22601 /* =-=-=-=-=-=-=-=-= SSE4ery =-=-=-=-=-=-=-=-= */
22602 /* Perhaps it's a SSE4 instruction. FIXME: check guest hwcaps
22603 first. */
22604 {
22605 Bool decode_OK = False;
22606 delta = dis_ESC_0F__SSE4 ( &decode_OK,
22607 archinfo, vbi, pfx, sz, deltaIN );
22608 if (decode_OK)
22609 return delta;
22610 }
22611
22612 decode_failure:
22613 return deltaIN; /* fail */
22614 }
22615
22616
22617 /*------------------------------------------------------------*/
22618 /*--- ---*/
22619 /*--- Top-level post-escape decoders: dis_ESC_0F38 ---*/
22620 /*--- ---*/
22621 /*------------------------------------------------------------*/
22622
22623 __attribute__((noinline))
22624 static
22625 Long dis_ESC_0F38 (
22626 /*MB_OUT*/DisResult* dres,
22627 Bool (*resteerOkFn) ( /*opaque*/void*, Addr ),
22628 Bool resteerCisOk,
22629 void* callback_opaque,
22630 const VexArchInfo* archinfo,
22631 const VexAbiInfo* vbi,
22632 Prefix pfx, Int sz, Long deltaIN
22633 )
22634 {
22635 Long delta = deltaIN;
22636 UChar opc = getUChar(delta);
22637 delta++;
22638 switch (opc) {
22639
22640 case 0xF0: /* 0F 38 F0 = MOVBE m16/32/64(E), r16/32/64(G) */
22641 case 0xF1: { /* 0F 38 F1 = MOVBE r16/32/64(G), m16/32/64(E) */
22642 if (!haveF2orF3(pfx) && !haveVEX(pfx)
22643 && (sz == 2 || sz == 4 || sz == 8)) {
22644 IRTemp addr = IRTemp_INVALID;
22645 UChar modrm = 0;
22646 Int alen = 0;
22647 HChar dis_buf[50];
22648 modrm = getUChar(delta);
22649 if (epartIsReg(modrm)) break;
22650 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
22651 delta += alen;
22652 IRType ty = szToITy(sz);
22653 IRTemp src = newTemp(ty);
22654 if (opc == 0xF0) { /* LOAD */
22655 assign(src, loadLE(ty, mkexpr(addr)));
22656 IRTemp dst = math_BSWAP(src, ty);
22657 putIRegG(sz, pfx, modrm, mkexpr(dst));
22658 DIP("movbe %s,%s\n", dis_buf, nameIRegG(sz, pfx, modrm));
22659 } else { /* STORE */
22660 assign(src, getIRegG(sz, pfx, modrm));
22661 IRTemp dst = math_BSWAP(src, ty);
22662 storeLE(mkexpr(addr), mkexpr(dst));
22663 DIP("movbe %s,%s\n", nameIRegG(sz, pfx, modrm), dis_buf);
22664 }
22665 return delta;
22666 }
22667 /* else fall through; maybe one of the decoders below knows what
22668 it is. */
22669 break;
22670 }
22671
22672 default:
22673 break;
22674 }
22675
22676 /* =-=-=-=-=-=-=-=-= SSSE3ery =-=-=-=-=-=-=-=-= */
22677 /* Perhaps it's an SSSE3 instruction. FIXME: consult guest hwcaps
22678 rather than proceeding indiscriminately. */
22679 {
22680 Bool decode_OK = False;
22681 delta = dis_ESC_0F38__SupSSE3 ( &decode_OK, vbi, pfx, sz, deltaIN );
22682 if (decode_OK)
22683 return delta;
22684 }
22685
22686 /* =-=-=-=-=-=-=-=-= SSE4ery =-=-=-=-=-=-=-=-= */
22687 /* Perhaps it's an SSE4 instruction. FIXME: consult guest hwcaps
22688 rather than proceeding indiscriminately. */
22689 {
22690 Bool decode_OK = False;
22691 delta = dis_ESC_0F38__SSE4 ( &decode_OK, vbi, pfx, sz, deltaIN );
22692 if (decode_OK)
22693 return delta;
22694 }
22695
22696 /* Ignore previous decode attempts and restart from the beginning of
22697 the instruction. */
22698 delta = deltaIN;
22699 opc = getUChar(delta);
22700 delta++;
22701
22702 switch (opc) {
22703
22704 case 0xF6: {
22705 /* 66 0F 38 F6 = ADCX r32/64(G), m32/64(E) */
22706 /* F3 0F 38 F6 = ADOX r32/64(G), m32/64(E) */
22707 /* These were introduced in Broadwell. Gate them on AVX so as to at
22708 least reject them on earlier guests. Has no host requirements. */
22709 if (have66noF2noF3(pfx) && (archinfo->hwcaps & VEX_HWCAPS_AMD64_AVX)) {
22710 if (sz == 2) {
22711 sz = 4; /* 66 prefix but operand size is 4/8 */
22712 }
22713 delta = dis_op2_E_G ( vbi, pfx, Iop_Add8, WithFlagCarryX, True,
22714 sz, delta, "adcx" );
22715 return delta;
22716 }
22717 if (haveF3no66noF2(pfx) && (archinfo->hwcaps & VEX_HWCAPS_AMD64_AVX)) {
22718 delta = dis_op2_E_G ( vbi, pfx, Iop_Add8, WithFlagOverX, True,
22719 sz, delta, "adox" );
22720 return delta;
22721 }
22722 /* else fall through */
22723 break;
22724 }
22725
22726 default:
22727 break;
22728 }
22729
22730 /*decode_failure:*/
22731 return deltaIN; /* fail */
22732 }
22733
22734
22735 /*------------------------------------------------------------*/
22736 /*--- ---*/
22737 /*--- Top-level post-escape decoders: dis_ESC_0F3A ---*/
22738 /*--- ---*/
22739 /*------------------------------------------------------------*/
22740
22741 __attribute__((noinline))
22742 static
22743 Long dis_ESC_0F3A (
22744 /*MB_OUT*/DisResult* dres,
22745 Bool (*resteerOkFn) ( /*opaque*/void*, Addr ),
22746 Bool resteerCisOk,
22747 void* callback_opaque,
22748 const VexArchInfo* archinfo,
22749 const VexAbiInfo* vbi,
22750 Prefix pfx, Int sz, Long deltaIN
22751 )
22752 {
22753 Long delta = deltaIN;
22754 UChar opc = getUChar(delta);
22755 delta++;
22756 switch (opc) {
22757
22758 default:
22759 break;
22760
22761 }
22762
22763 /* =-=-=-=-=-=-=-=-= SSSE3ery =-=-=-=-=-=-=-=-= */
22764 /* Perhaps it's an SSSE3 instruction. FIXME: consult guest hwcaps
22765 rather than proceeding indiscriminately. */
22766 {
22767 Bool decode_OK = False;
22768 delta = dis_ESC_0F3A__SupSSE3 ( &decode_OK, vbi, pfx, sz, deltaIN );
22769 if (decode_OK)
22770 return delta;
22771 }
22772
22773 /* =-=-=-=-=-=-=-=-= SSE4ery =-=-=-=-=-=-=-=-= */
22774 /* Perhaps it's an SSE4 instruction. FIXME: consult guest hwcaps
22775 rather than proceeding indiscriminately. */
22776 {
22777 Bool decode_OK = False;
22778 delta = dis_ESC_0F3A__SSE4 ( &decode_OK, vbi, pfx, sz, deltaIN );
22779 if (decode_OK)
22780 return delta;
22781 }
22782
22783 return deltaIN; /* fail */
22784 }
22785
22786
22787 /*------------------------------------------------------------*/
22788 /*--- ---*/
22789 /*--- Top-level post-escape decoders: dis_ESC_0F__VEX ---*/
22790 /*--- ---*/
22791 /*------------------------------------------------------------*/
22792
22793 /* FIXME: common up with the _256_ version below? */
22794 static
22795 Long dis_VEX_NDS_128_AnySimdPfx_0F_WIG (
22796 /*OUT*/Bool* uses_vvvv, const VexAbiInfo* vbi,
22797 Prefix pfx, Long delta, const HChar* name,
22798 /* The actual operation. Use either 'op' or 'opfn',
22799 but not both. */
22800 IROp op, IRTemp(*opFn)(IRTemp,IRTemp),
22801 Bool invertLeftArg,
22802 Bool swapArgs
22803 )
22804 {
22805 UChar modrm = getUChar(delta);
22806 UInt rD = gregOfRexRM(pfx, modrm);
22807 UInt rSL = getVexNvvvv(pfx);
22808 IRTemp tSL = newTemp(Ity_V128);
22809 IRTemp tSR = newTemp(Ity_V128);
22810 IRTemp addr = IRTemp_INVALID;
22811 HChar dis_buf[50];
22812 Int alen = 0;
22813 vassert(0==getVexL(pfx)/*128*/ && 0==getRexW(pfx)/*WIG?*/);
22814
22815 assign(tSL, invertLeftArg ? unop(Iop_NotV128, getXMMReg(rSL))
22816 : getXMMReg(rSL));
22817
22818 if (epartIsReg(modrm)) {
22819 UInt rSR = eregOfRexRM(pfx, modrm);
22820 delta += 1;
22821 assign(tSR, getXMMReg(rSR));
22822 DIP("%s %s,%s,%s\n",
22823 name, nameXMMReg(rSR), nameXMMReg(rSL), nameXMMReg(rD));
22824 } else {
22825 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
22826 delta += alen;
22827 assign(tSR, loadLE(Ity_V128, mkexpr(addr)));
22828 DIP("%s %s,%s,%s\n",
22829 name, dis_buf, nameXMMReg(rSL), nameXMMReg(rD));
22830 }
22831
22832 IRTemp res = IRTemp_INVALID;
22833 if (op != Iop_INVALID) {
22834 vassert(opFn == NULL);
22835 res = newTemp(Ity_V128);
22836 if (requiresRMode(op)) {
22837 IRTemp rm = newTemp(Ity_I32);
22838 assign(rm, get_FAKE_roundingmode()); /* XXXROUNDINGFIXME */
22839 assign(res, swapArgs
22840 ? triop(op, mkexpr(rm), mkexpr(tSR), mkexpr(tSL))
22841 : triop(op, mkexpr(rm), mkexpr(tSL), mkexpr(tSR)));
22842 } else {
22843 assign(res, swapArgs
22844 ? binop(op, mkexpr(tSR), mkexpr(tSL))
22845 : binop(op, mkexpr(tSL), mkexpr(tSR)));
22846 }
22847 } else {
22848 vassert(opFn != NULL);
22849 res = swapArgs ? opFn(tSR, tSL) : opFn(tSL, tSR);
22850 }
22851
22852 putYMMRegLoAndZU(rD, mkexpr(res));
22853
22854 *uses_vvvv = True;
22855 return delta;
22856 }
22857
22858
22859 /* Handle a VEX_NDS_128_66_0F_WIG (3-addr) insn, with a simple IROp
22860 for the operation, no inversion of the left arg, and no swapping of
22861 args. */
22862 static
22863 Long dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple (
22864 /*OUT*/Bool* uses_vvvv, const VexAbiInfo* vbi,
22865 Prefix pfx, Long delta, const HChar* name,
22866 IROp op
22867 )
22868 {
22869 return dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
22870 uses_vvvv, vbi, pfx, delta, name, op, NULL, False, False);
22871 }
22872
22873
22874 /* Handle a VEX_NDS_128_66_0F_WIG (3-addr) insn, using the given IR
22875 generator to compute the result, no inversion of the left
22876 arg, and no swapping of args. */
22877 static
22878 Long dis_VEX_NDS_128_AnySimdPfx_0F_WIG_complex (
22879 /*OUT*/Bool* uses_vvvv, const VexAbiInfo* vbi,
22880 Prefix pfx, Long delta, const HChar* name,
22881 IRTemp(*opFn)(IRTemp,IRTemp)
22882 )
22883 {
22884 return dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
22885 uses_vvvv, vbi, pfx, delta, name,
22886 Iop_INVALID, opFn, False, False );
22887 }
22888
22889
22890 /* Vector by scalar shift of V by the amount specified at the bottom
22891 of E. */
22892 static ULong dis_AVX128_shiftV_byE ( const VexAbiInfo* vbi,
22893 Prefix pfx, Long delta,
22894 const HChar* opname, IROp op )
22895 {
22896 HChar dis_buf[50];
22897 Int alen, size;
22898 IRTemp addr;
22899 Bool shl, shr, sar;
22900 UChar modrm = getUChar(delta);
22901 UInt rG = gregOfRexRM(pfx,modrm);
22902 UInt rV = getVexNvvvv(pfx);;
22903 IRTemp g0 = newTemp(Ity_V128);
22904 IRTemp g1 = newTemp(Ity_V128);
22905 IRTemp amt = newTemp(Ity_I64);
22906 IRTemp amt8 = newTemp(Ity_I8);
22907 if (epartIsReg(modrm)) {
22908 UInt rE = eregOfRexRM(pfx,modrm);
22909 assign( amt, getXMMRegLane64(rE, 0) );
22910 DIP("%s %s,%s,%s\n", opname, nameXMMReg(rE),
22911 nameXMMReg(rV), nameXMMReg(rG) );
22912 delta++;
22913 } else {
22914 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
22915 assign( amt, loadLE(Ity_I64, mkexpr(addr)) );
22916 DIP("%s %s,%s,%s\n", opname, dis_buf, nameXMMReg(rV), nameXMMReg(rG) );
22917 delta += alen;
22918 }
22919 assign( g0, getXMMReg(rV) );
22920 assign( amt8, unop(Iop_64to8, mkexpr(amt)) );
22921
22922 shl = shr = sar = False;
22923 size = 0;
22924 switch (op) {
22925 case Iop_ShlN16x8: shl = True; size = 32; break;
22926 case Iop_ShlN32x4: shl = True; size = 32; break;
22927 case Iop_ShlN64x2: shl = True; size = 64; break;
22928 case Iop_SarN16x8: sar = True; size = 16; break;
22929 case Iop_SarN32x4: sar = True; size = 32; break;
22930 case Iop_ShrN16x8: shr = True; size = 16; break;
22931 case Iop_ShrN32x4: shr = True; size = 32; break;
22932 case Iop_ShrN64x2: shr = True; size = 64; break;
22933 default: vassert(0);
22934 }
22935
22936 if (shl || shr) {
22937 assign(
22938 g1,
22939 IRExpr_ITE(
22940 binop(Iop_CmpLT64U, mkexpr(amt), mkU64(size)),
22941 binop(op, mkexpr(g0), mkexpr(amt8)),
22942 mkV128(0x0000)
22943 )
22944 );
22945 } else
22946 if (sar) {
22947 assign(
22948 g1,
22949 IRExpr_ITE(
22950 binop(Iop_CmpLT64U, mkexpr(amt), mkU64(size)),
22951 binop(op, mkexpr(g0), mkexpr(amt8)),
22952 binop(op, mkexpr(g0), mkU8(size-1))
22953 )
22954 );
22955 } else {
22956 vassert(0);
22957 }
22958
22959 putYMMRegLoAndZU( rG, mkexpr(g1) );
22960 return delta;
22961 }
22962
22963
22964 /* Vector by scalar shift of V by the amount specified at the bottom
22965 of E. */
22966 static ULong dis_AVX256_shiftV_byE ( const VexAbiInfo* vbi,
22967 Prefix pfx, Long delta,
22968 const HChar* opname, IROp op )
22969 {
22970 HChar dis_buf[50];
22971 Int alen, size;
22972 IRTemp addr;
22973 Bool shl, shr, sar;
22974 UChar modrm = getUChar(delta);
22975 UInt rG = gregOfRexRM(pfx,modrm);
22976 UInt rV = getVexNvvvv(pfx);;
22977 IRTemp g0 = newTemp(Ity_V256);
22978 IRTemp g1 = newTemp(Ity_V256);
22979 IRTemp amt = newTemp(Ity_I64);
22980 IRTemp amt8 = newTemp(Ity_I8);
22981 if (epartIsReg(modrm)) {
22982 UInt rE = eregOfRexRM(pfx,modrm);
22983 assign( amt, getXMMRegLane64(rE, 0) );
22984 DIP("%s %s,%s,%s\n", opname, nameXMMReg(rE),
22985 nameYMMReg(rV), nameYMMReg(rG) );
22986 delta++;
22987 } else {
22988 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
22989 assign( amt, loadLE(Ity_I64, mkexpr(addr)) );
22990 DIP("%s %s,%s,%s\n", opname, dis_buf, nameYMMReg(rV), nameYMMReg(rG) );
22991 delta += alen;
22992 }
22993 assign( g0, getYMMReg(rV) );
22994 assign( amt8, unop(Iop_64to8, mkexpr(amt)) );
22995
22996 shl = shr = sar = False;
22997 size = 0;
22998 switch (op) {
22999 case Iop_ShlN16x16: shl = True; size = 32; break;
23000 case Iop_ShlN32x8: shl = True; size = 32; break;
23001 case Iop_ShlN64x4: shl = True; size = 64; break;
23002 case Iop_SarN16x16: sar = True; size = 16; break;
23003 case Iop_SarN32x8: sar = True; size = 32; break;
23004 case Iop_ShrN16x16: shr = True; size = 16; break;
23005 case Iop_ShrN32x8: shr = True; size = 32; break;
23006 case Iop_ShrN64x4: shr = True; size = 64; break;
23007 default: vassert(0);
23008 }
23009
23010 if (shl || shr) {
23011 assign(
23012 g1,
23013 IRExpr_ITE(
23014 binop(Iop_CmpLT64U, mkexpr(amt), mkU64(size)),
23015 binop(op, mkexpr(g0), mkexpr(amt8)),
23016 binop(Iop_V128HLtoV256, mkV128(0), mkV128(0))
23017 )
23018 );
23019 } else
23020 if (sar) {
23021 assign(
23022 g1,
23023 IRExpr_ITE(
23024 binop(Iop_CmpLT64U, mkexpr(amt), mkU64(size)),
23025 binop(op, mkexpr(g0), mkexpr(amt8)),
23026 binop(op, mkexpr(g0), mkU8(size-1))
23027 )
23028 );
23029 } else {
23030 vassert(0);
23031 }
23032
23033 putYMMReg( rG, mkexpr(g1) );
23034 return delta;
23035 }
23036
23037
23038 /* Vector by vector shift of V by the amount specified at the bottom
23039 of E. Vector by vector shifts are defined for all shift amounts,
23040 so not using Iop_S*x* here (and SSE2 doesn't support variable shifts
23041 anyway). */
23042 static ULong dis_AVX_var_shiftV_byE ( const VexAbiInfo* vbi,
23043 Prefix pfx, Long delta,
23044 const HChar* opname, IROp op, Bool isYMM )
23045 {
23046 HChar dis_buf[50];
23047 Int alen, size, i;
23048 IRTemp addr;
23049 UChar modrm = getUChar(delta);
23050 UInt rG = gregOfRexRM(pfx,modrm);
23051 UInt rV = getVexNvvvv(pfx);;
23052 IRTemp sV = isYMM ? newTemp(Ity_V256) : newTemp(Ity_V128);
23053 IRTemp amt = isYMM ? newTemp(Ity_V256) : newTemp(Ity_V128);
23054 IRTemp amts[8], sVs[8], res[8];
23055 if (epartIsReg(modrm)) {
23056 UInt rE = eregOfRexRM(pfx,modrm);
23057 assign( amt, isYMM ? getYMMReg(rE) : getXMMReg(rE) );
23058 if (isYMM) {
23059 DIP("%s %s,%s,%s\n", opname, nameYMMReg(rE),
23060 nameYMMReg(rV), nameYMMReg(rG) );
23061 } else {
23062 DIP("%s %s,%s,%s\n", opname, nameXMMReg(rE),
23063 nameXMMReg(rV), nameXMMReg(rG) );
23064 }
23065 delta++;
23066 } else {
23067 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
23068 assign( amt, loadLE(isYMM ? Ity_V256 : Ity_V128, mkexpr(addr)) );
23069 if (isYMM) {
23070 DIP("%s %s,%s,%s\n", opname, dis_buf, nameYMMReg(rV),
23071 nameYMMReg(rG) );
23072 } else {
23073 DIP("%s %s,%s,%s\n", opname, dis_buf, nameXMMReg(rV),
23074 nameXMMReg(rG) );
23075 }
23076 delta += alen;
23077 }
23078 assign( sV, isYMM ? getYMMReg(rV) : getXMMReg(rV) );
23079
23080 size = 0;
23081 switch (op) {
23082 case Iop_Shl32: size = 32; break;
23083 case Iop_Shl64: size = 64; break;
23084 case Iop_Sar32: size = 32; break;
23085 case Iop_Shr32: size = 32; break;
23086 case Iop_Shr64: size = 64; break;
23087 default: vassert(0);
23088 }
23089
23090 for (i = 0; i < 8; i++) {
23091 sVs[i] = IRTemp_INVALID;
23092 amts[i] = IRTemp_INVALID;
23093 }
23094 switch (size) {
23095 case 32:
23096 if (isYMM) {
23097 breakupV256to32s( sV, &sVs[7], &sVs[6], &sVs[5], &sVs[4],
23098 &sVs[3], &sVs[2], &sVs[1], &sVs[0] );
23099 breakupV256to32s( amt, &amts[7], &amts[6], &amts[5], &amts[4],
23100 &amts[3], &amts[2], &amts[1], &amts[0] );
23101 } else {
23102 breakupV128to32s( sV, &sVs[3], &sVs[2], &sVs[1], &sVs[0] );
23103 breakupV128to32s( amt, &amts[3], &amts[2], &amts[1], &amts[0] );
23104 }
23105 break;
23106 case 64:
23107 if (isYMM) {
23108 breakupV256to64s( sV, &sVs[3], &sVs[2], &sVs[1], &sVs[0] );
23109 breakupV256to64s( amt, &amts[3], &amts[2], &amts[1], &amts[0] );
23110 } else {
23111 breakupV128to64s( sV, &sVs[1], &sVs[0] );
23112 breakupV128to64s( amt, &amts[1], &amts[0] );
23113 }
23114 break;
23115 default: vassert(0);
23116 }
23117 for (i = 0; i < 8; i++)
23118 if (sVs[i] != IRTemp_INVALID) {
23119 res[i] = size == 32 ? newTemp(Ity_I32) : newTemp(Ity_I64);
23120 assign( res[i],
23121 IRExpr_ITE(
23122 binop(size == 32 ? Iop_CmpLT32U : Iop_CmpLT64U,
23123 mkexpr(amts[i]),
23124 size == 32 ? mkU32(size) : mkU64(size)),
23125 binop(op, mkexpr(sVs[i]),
23126 unop(size == 32 ? Iop_32to8 : Iop_64to8,
23127 mkexpr(amts[i]))),
23128 op == Iop_Sar32 ? binop(op, mkexpr(sVs[i]), mkU8(size-1))
23129 : size == 32 ? mkU32(0) : mkU64(0)
23130 ));
23131 }
23132 switch (size) {
23133 case 32:
23134 for (i = 0; i < 8; i++)
23135 putYMMRegLane32( rG, i, (i < 4 || isYMM)
23136 ? mkexpr(res[i]) : mkU32(0) );
23137 break;
23138 case 64:
23139 for (i = 0; i < 4; i++)
23140 putYMMRegLane64( rG, i, (i < 2 || isYMM)
23141 ? mkexpr(res[i]) : mkU64(0) );
23142 break;
23143 default: vassert(0);
23144 }
23145
23146 return delta;
23147 }
23148
23149
23150 /* Vector by scalar shift of E into V, by an immediate byte. Modified
23151 version of dis_SSE_shiftE_imm. */
23152 static
23153 Long dis_AVX128_shiftE_to_V_imm( Prefix pfx,
23154 Long delta, const HChar* opname, IROp op )
23155 {
23156 Bool shl, shr, sar;
23157 UChar rm = getUChar(delta);
23158 IRTemp e0 = newTemp(Ity_V128);
23159 IRTemp e1 = newTemp(Ity_V128);
23160 UInt rD = getVexNvvvv(pfx);
23161 UChar amt, size;
23162 vassert(epartIsReg(rm));
23163 vassert(gregLO3ofRM(rm) == 2
23164 || gregLO3ofRM(rm) == 4 || gregLO3ofRM(rm) == 6);
23165 amt = getUChar(delta+1);
23166 delta += 2;
23167 DIP("%s $%d,%s,%s\n", opname,
23168 (Int)amt,
23169 nameXMMReg(eregOfRexRM(pfx,rm)),
23170 nameXMMReg(rD));
23171 assign( e0, getXMMReg(eregOfRexRM(pfx,rm)) );
23172
23173 shl = shr = sar = False;
23174 size = 0;
23175 switch (op) {
23176 case Iop_ShlN16x8: shl = True; size = 16; break;
23177 case Iop_ShlN32x4: shl = True; size = 32; break;
23178 case Iop_ShlN64x2: shl = True; size = 64; break;
23179 case Iop_SarN16x8: sar = True; size = 16; break;
23180 case Iop_SarN32x4: sar = True; size = 32; break;
23181 case Iop_ShrN16x8: shr = True; size = 16; break;
23182 case Iop_ShrN32x4: shr = True; size = 32; break;
23183 case Iop_ShrN64x2: shr = True; size = 64; break;
23184 default: vassert(0);
23185 }
23186
23187 if (shl || shr) {
23188 assign( e1, amt >= size
23189 ? mkV128(0x0000)
23190 : binop(op, mkexpr(e0), mkU8(amt))
23191 );
23192 } else
23193 if (sar) {
23194 assign( e1, amt >= size
23195 ? binop(op, mkexpr(e0), mkU8(size-1))
23196 : binop(op, mkexpr(e0), mkU8(amt))
23197 );
23198 } else {
23199 vassert(0);
23200 }
23201
23202 putYMMRegLoAndZU( rD, mkexpr(e1) );
23203 return delta;
23204 }
23205
23206
23207 /* Vector by scalar shift of E into V, by an immediate byte. Modified
23208 version of dis_AVX128_shiftE_to_V_imm. */
23209 static
23210 Long dis_AVX256_shiftE_to_V_imm( Prefix pfx,
23211 Long delta, const HChar* opname, IROp op )
23212 {
23213 Bool shl, shr, sar;
23214 UChar rm = getUChar(delta);
23215 IRTemp e0 = newTemp(Ity_V256);
23216 IRTemp e1 = newTemp(Ity_V256);
23217 UInt rD = getVexNvvvv(pfx);
23218 UChar amt, size;
23219 vassert(epartIsReg(rm));
23220 vassert(gregLO3ofRM(rm) == 2
23221 || gregLO3ofRM(rm) == 4 || gregLO3ofRM(rm) == 6);
23222 amt = getUChar(delta+1);
23223 delta += 2;
23224 DIP("%s $%d,%s,%s\n", opname,
23225 (Int)amt,
23226 nameYMMReg(eregOfRexRM(pfx,rm)),
23227 nameYMMReg(rD));
23228 assign( e0, getYMMReg(eregOfRexRM(pfx,rm)) );
23229
23230 shl = shr = sar = False;
23231 size = 0;
23232 switch (op) {
23233 case Iop_ShlN16x16: shl = True; size = 16; break;
23234 case Iop_ShlN32x8: shl = True; size = 32; break;
23235 case Iop_ShlN64x4: shl = True; size = 64; break;
23236 case Iop_SarN16x16: sar = True; size = 16; break;
23237 case Iop_SarN32x8: sar = True; size = 32; break;
23238 case Iop_ShrN16x16: shr = True; size = 16; break;
23239 case Iop_ShrN32x8: shr = True; size = 32; break;
23240 case Iop_ShrN64x4: shr = True; size = 64; break;
23241 default: vassert(0);
23242 }
23243
23244
23245 if (shl || shr) {
23246 assign( e1, amt >= size
23247 ? binop(Iop_V128HLtoV256, mkV128(0), mkV128(0))
23248 : binop(op, mkexpr(e0), mkU8(amt))
23249 );
23250 } else
23251 if (sar) {
23252 assign( e1, amt >= size
23253 ? binop(op, mkexpr(e0), mkU8(size-1))
23254 : binop(op, mkexpr(e0), mkU8(amt))
23255 );
23256 } else {
23257 vassert(0);
23258 }
23259
23260 putYMMReg( rD, mkexpr(e1) );
23261 return delta;
23262 }
23263
23264
23265 /* Lower 64-bit lane only AVX128 binary operation:
23266 G[63:0] = V[63:0] `op` E[63:0]
23267 G[127:64] = V[127:64]
23268 G[255:128] = 0.
23269 The specified op must be of the 64F0x2 kind, so that it
23270 copies the upper half of the left operand to the result.
23271 */
23272 static Long dis_AVX128_E_V_to_G_lo64 ( /*OUT*/Bool* uses_vvvv,
23273 const VexAbiInfo* vbi,
23274 Prefix pfx, Long delta,
23275 const HChar* opname, IROp op )
23276 {
23277 HChar dis_buf[50];
23278 Int alen;
23279 IRTemp addr;
23280 UChar rm = getUChar(delta);
23281 UInt rG = gregOfRexRM(pfx,rm);
23282 UInt rV = getVexNvvvv(pfx);
23283 IRExpr* vpart = getXMMReg(rV);
23284 if (epartIsReg(rm)) {
23285 UInt rE = eregOfRexRM(pfx,rm);
23286 putXMMReg( rG, binop(op, vpart, getXMMReg(rE)) );
23287 DIP("%s %s,%s,%s\n", opname,
23288 nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
23289 delta = delta+1;
23290 } else {
23291 /* We can only do a 64-bit memory read, so the upper half of the
23292 E operand needs to be made simply of zeroes. */
23293 IRTemp epart = newTemp(Ity_V128);
23294 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
23295 assign( epart, unop( Iop_64UtoV128,
23296 loadLE(Ity_I64, mkexpr(addr))) );
23297 putXMMReg( rG, binop(op, vpart, mkexpr(epart)) );
23298 DIP("%s %s,%s,%s\n", opname,
23299 dis_buf, nameXMMReg(rV), nameXMMReg(rG));
23300 delta = delta+alen;
23301 }
23302 putYMMRegLane128( rG, 1, mkV128(0) );
23303 *uses_vvvv = True;
23304 return delta;
23305 }
23306
23307
23308 /* Lower 64-bit lane only AVX128 unary operation:
23309 G[63:0] = op(E[63:0])
23310 G[127:64] = V[127:64]
23311 G[255:128] = 0
23312 The specified op must be of the 64F0x2 kind, so that it
23313 copies the upper half of the operand to the result.
23314 */
23315 static Long dis_AVX128_E_V_to_G_lo64_unary ( /*OUT*/Bool* uses_vvvv,
23316 const VexAbiInfo* vbi,
23317 Prefix pfx, Long delta,
23318 const HChar* opname, IROp op )
23319 {
23320 HChar dis_buf[50];
23321 Int alen;
23322 IRTemp addr;
23323 UChar rm = getUChar(delta);
23324 UInt rG = gregOfRexRM(pfx,rm);
23325 UInt rV = getVexNvvvv(pfx);
23326 IRTemp e64 = newTemp(Ity_I64);
23327
23328 /* Fetch E[63:0] */
23329 if (epartIsReg(rm)) {
23330 UInt rE = eregOfRexRM(pfx,rm);
23331 assign(e64, getXMMRegLane64(rE, 0));
23332 DIP("%s %s,%s,%s\n", opname,
23333 nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
23334 delta += 1;
23335 } else {
23336 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
23337 assign(e64, loadLE(Ity_I64, mkexpr(addr)));
23338 DIP("%s %s,%s,%s\n", opname,
23339 dis_buf, nameXMMReg(rV), nameXMMReg(rG));
23340 delta += alen;
23341 }
23342
23343 /* Create a value 'arg' as V[127:64]++E[63:0] */
23344 IRTemp arg = newTemp(Ity_V128);
23345 assign(arg,
23346 binop(Iop_SetV128lo64,
23347 getXMMReg(rV), mkexpr(e64)));
23348 /* and apply op to it */
23349 putYMMRegLoAndZU( rG, unop(op, mkexpr(arg)) );
23350 *uses_vvvv = True;
23351 return delta;
23352 }
23353
23354
23355 /* Lower 32-bit lane only AVX128 unary operation:
23356 G[31:0] = op(E[31:0])
23357 G[127:32] = V[127:32]
23358 G[255:128] = 0
23359 The specified op must be of the 32F0x4 kind, so that it
23360 copies the upper 3/4 of the operand to the result.
23361 */
23362 static Long dis_AVX128_E_V_to_G_lo32_unary ( /*OUT*/Bool* uses_vvvv,
23363 const VexAbiInfo* vbi,
23364 Prefix pfx, Long delta,
23365 const HChar* opname, IROp op )
23366 {
23367 HChar dis_buf[50];
23368 Int alen;
23369 IRTemp addr;
23370 UChar rm = getUChar(delta);
23371 UInt rG = gregOfRexRM(pfx,rm);
23372 UInt rV = getVexNvvvv(pfx);
23373 IRTemp e32 = newTemp(Ity_I32);
23374
23375 /* Fetch E[31:0] */
23376 if (epartIsReg(rm)) {
23377 UInt rE = eregOfRexRM(pfx,rm);
23378 assign(e32, getXMMRegLane32(rE, 0));
23379 DIP("%s %s,%s,%s\n", opname,
23380 nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
23381 delta += 1;
23382 } else {
23383 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
23384 assign(e32, loadLE(Ity_I32, mkexpr(addr)));
23385 DIP("%s %s,%s,%s\n", opname,
23386 dis_buf, nameXMMReg(rV), nameXMMReg(rG));
23387 delta += alen;
23388 }
23389
23390 /* Create a value 'arg' as V[127:32]++E[31:0] */
23391 IRTemp arg = newTemp(Ity_V128);
23392 assign(arg,
23393 binop(Iop_SetV128lo32,
23394 getXMMReg(rV), mkexpr(e32)));
23395 /* and apply op to it */
23396 putYMMRegLoAndZU( rG, unop(op, mkexpr(arg)) );
23397 *uses_vvvv = True;
23398 return delta;
23399 }
23400
23401
23402 /* Lower 32-bit lane only AVX128 binary operation:
23403 G[31:0] = V[31:0] `op` E[31:0]
23404 G[127:32] = V[127:32]
23405 G[255:128] = 0.
23406 The specified op must be of the 32F0x4 kind, so that it
23407 copies the upper 3/4 of the left operand to the result.
23408 */
23409 static Long dis_AVX128_E_V_to_G_lo32 ( /*OUT*/Bool* uses_vvvv,
23410 const VexAbiInfo* vbi,
23411 Prefix pfx, Long delta,
23412 const HChar* opname, IROp op )
23413 {
23414 HChar dis_buf[50];
23415 Int alen;
23416 IRTemp addr;
23417 UChar rm = getUChar(delta);
23418 UInt rG = gregOfRexRM(pfx,rm);
23419 UInt rV = getVexNvvvv(pfx);
23420 IRExpr* vpart = getXMMReg(rV);
23421 if (epartIsReg(rm)) {
23422 UInt rE = eregOfRexRM(pfx,rm);
23423 putXMMReg( rG, binop(op, vpart, getXMMReg(rE)) );
23424 DIP("%s %s,%s,%s\n", opname,
23425 nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
23426 delta = delta+1;
23427 } else {
23428 /* We can only do a 32-bit memory read, so the upper 3/4 of the
23429 E operand needs to be made simply of zeroes. */
23430 IRTemp epart = newTemp(Ity_V128);
23431 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
23432 assign( epart, unop( Iop_32UtoV128,
23433 loadLE(Ity_I32, mkexpr(addr))) );
23434 putXMMReg( rG, binop(op, vpart, mkexpr(epart)) );
23435 DIP("%s %s,%s,%s\n", opname,
23436 dis_buf, nameXMMReg(rV), nameXMMReg(rG));
23437 delta = delta+alen;
23438 }
23439 putYMMRegLane128( rG, 1, mkV128(0) );
23440 *uses_vvvv = True;
23441 return delta;
23442 }
23443
23444
23445 /* All-lanes AVX128 binary operation:
23446 G[127:0] = V[127:0] `op` E[127:0]
23447 G[255:128] = 0.
23448 */
23449 static Long dis_AVX128_E_V_to_G ( /*OUT*/Bool* uses_vvvv,
23450 const VexAbiInfo* vbi,
23451 Prefix pfx, Long delta,
23452 const HChar* opname, IROp op )
23453 {
23454 return dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
23455 uses_vvvv, vbi, pfx, delta, opname, op,
23456 NULL, False/*!invertLeftArg*/, False/*!swapArgs*/
23457 );
23458 }
23459
23460
23461 /* Handles AVX128 32F/64F comparisons. A derivative of
23462 dis_SSEcmp_E_to_G. It can fail, in which case it returns the
23463 original delta to indicate failure. */
23464 static
23465 Long dis_AVX128_cmp_V_E_to_G ( /*OUT*/Bool* uses_vvvv,
23466 const VexAbiInfo* vbi,
23467 Prefix pfx, Long delta,
23468 const HChar* opname, Bool all_lanes, Int sz )
23469 {
23470 vassert(sz == 4 || sz == 8);
23471 Long deltaIN = delta;
23472 HChar dis_buf[50];
23473 Int alen;
23474 UInt imm8;
23475 IRTemp addr;
23476 Bool preSwap = False;
23477 IROp op = Iop_INVALID;
23478 Bool postNot = False;
23479 IRTemp plain = newTemp(Ity_V128);
23480 UChar rm = getUChar(delta);
23481 UInt rG = gregOfRexRM(pfx, rm);
23482 UInt rV = getVexNvvvv(pfx);
23483 IRTemp argL = newTemp(Ity_V128);
23484 IRTemp argR = newTemp(Ity_V128);
23485
23486 assign(argL, getXMMReg(rV));
23487 if (epartIsReg(rm)) {
23488 imm8 = getUChar(delta+1);
23489 Bool ok = findSSECmpOp(&preSwap, &op, &postNot, imm8, all_lanes, sz);
23490 if (!ok) return deltaIN; /* FAIL */
23491 UInt rE = eregOfRexRM(pfx,rm);
23492 assign(argR, getXMMReg(rE));
23493 delta += 1+1;
23494 DIP("%s $%u,%s,%s,%s\n",
23495 opname, imm8,
23496 nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
23497 } else {
23498 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 1 );
23499 imm8 = getUChar(delta+alen);
23500 Bool ok = findSSECmpOp(&preSwap, &op, &postNot, imm8, all_lanes, sz);
23501 if (!ok) return deltaIN; /* FAIL */
23502 assign(argR,
23503 all_lanes ? loadLE(Ity_V128, mkexpr(addr))
23504 : sz == 8 ? unop( Iop_64UtoV128, loadLE(Ity_I64, mkexpr(addr)))
23505 : /*sz==4*/ unop( Iop_32UtoV128, loadLE(Ity_I32, mkexpr(addr))));
23506 delta += alen+1;
23507 DIP("%s $%u,%s,%s,%s\n",
23508 opname, imm8, dis_buf, nameXMMReg(rV), nameXMMReg(rG));
23509 }
23510
23511 assign(plain, preSwap ? binop(op, mkexpr(argR), mkexpr(argL))
23512 : binop(op, mkexpr(argL), mkexpr(argR)));
23513
23514 if (all_lanes) {
23515 /* This is simple: just invert the result, if necessary, and
23516 have done. */
23517 if (postNot) {
23518 putYMMRegLoAndZU( rG, unop(Iop_NotV128, mkexpr(plain)) );
23519 } else {
23520 putYMMRegLoAndZU( rG, mkexpr(plain) );
23521 }
23522 }
23523 else
23524 if (!preSwap) {
23525 /* More complex. It's a one-lane-only, hence need to possibly
23526 invert only that one lane. But at least the other lanes are
23527 correctly "in" the result, having been copied from the left
23528 operand (argL). */
23529 if (postNot) {
23530 IRExpr* mask = mkV128(sz==4 ? 0x000F : 0x00FF);
23531 putYMMRegLoAndZU( rG, binop(Iop_XorV128, mkexpr(plain),
23532 mask) );
23533 } else {
23534 putYMMRegLoAndZU( rG, mkexpr(plain) );
23535 }
23536 }
23537 else {
23538 /* This is the most complex case. One-lane-only, but the args
23539 were swapped. So we have to possibly invert the bottom lane,
23540 and (definitely) we have to copy the upper lane(s) from argL
23541 since, due to the swapping, what's currently there is from
23542 argR, which is not correct. */
23543 IRTemp res = newTemp(Ity_V128);
23544 IRTemp mask = newTemp(Ity_V128);
23545 IRTemp notMask = newTemp(Ity_V128);
23546 assign(mask, mkV128(sz==4 ? 0x000F : 0x00FF));
23547 assign(notMask, mkV128(sz==4 ? 0xFFF0 : 0xFF00));
23548 if (postNot) {
23549 assign(res,
23550 binop(Iop_OrV128,
23551 binop(Iop_AndV128,
23552 unop(Iop_NotV128, mkexpr(plain)),
23553 mkexpr(mask)),
23554 binop(Iop_AndV128, mkexpr(argL), mkexpr(notMask))));
23555 } else {
23556 assign(res,
23557 binop(Iop_OrV128,
23558 binop(Iop_AndV128,
23559 mkexpr(plain),
23560 mkexpr(mask)),
23561 binop(Iop_AndV128, mkexpr(argL), mkexpr(notMask))));
23562 }
23563 putYMMRegLoAndZU( rG, mkexpr(res) );
23564 }
23565
23566 *uses_vvvv = True;
23567 return delta;
23568 }
23569
23570
23571 /* Handles AVX256 32F/64F comparisons. A derivative of
23572 dis_SSEcmp_E_to_G. It can fail, in which case it returns the
23573 original delta to indicate failure. */
23574 static
23575 Long dis_AVX256_cmp_V_E_to_G ( /*OUT*/Bool* uses_vvvv,
23576 const VexAbiInfo* vbi,
23577 Prefix pfx, Long delta,
23578 const HChar* opname, Int sz )
23579 {
23580 vassert(sz == 4 || sz == 8);
23581 Long deltaIN = delta;
23582 HChar dis_buf[50];
23583 Int alen;
23584 UInt imm8;
23585 IRTemp addr;
23586 Bool preSwap = False;
23587 IROp op = Iop_INVALID;
23588 Bool postNot = False;
23589 IRTemp plain = newTemp(Ity_V256);
23590 UChar rm = getUChar(delta);
23591 UInt rG = gregOfRexRM(pfx, rm);
23592 UInt rV = getVexNvvvv(pfx);
23593 IRTemp argL = newTemp(Ity_V256);
23594 IRTemp argR = newTemp(Ity_V256);
23595 IRTemp argLhi = IRTemp_INVALID;
23596 IRTemp argLlo = IRTemp_INVALID;
23597 IRTemp argRhi = IRTemp_INVALID;
23598 IRTemp argRlo = IRTemp_INVALID;
23599
23600 assign(argL, getYMMReg(rV));
23601 if (epartIsReg(rm)) {
23602 imm8 = getUChar(delta+1);
23603 Bool ok = findSSECmpOp(&preSwap, &op, &postNot, imm8,
23604 True/*all_lanes*/, sz);
23605 if (!ok) return deltaIN; /* FAIL */
23606 UInt rE = eregOfRexRM(pfx,rm);
23607 assign(argR, getYMMReg(rE));
23608 delta += 1+1;
23609 DIP("%s $%u,%s,%s,%s\n",
23610 opname, imm8,
23611 nameYMMReg(rE), nameYMMReg(rV), nameYMMReg(rG));
23612 } else {
23613 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 1 );
23614 imm8 = getUChar(delta+alen);
23615 Bool ok = findSSECmpOp(&preSwap, &op, &postNot, imm8,
23616 True/*all_lanes*/, sz);
23617 if (!ok) return deltaIN; /* FAIL */
23618 assign(argR, loadLE(Ity_V256, mkexpr(addr)) );
23619 delta += alen+1;
23620 DIP("%s $%u,%s,%s,%s\n",
23621 opname, imm8, dis_buf, nameYMMReg(rV), nameYMMReg(rG));
23622 }
23623
23624 breakupV256toV128s( preSwap ? argR : argL, &argLhi, &argLlo );
23625 breakupV256toV128s( preSwap ? argL : argR, &argRhi, &argRlo );
23626 assign(plain, binop( Iop_V128HLtoV256,
23627 binop(op, mkexpr(argLhi), mkexpr(argRhi)),
23628 binop(op, mkexpr(argLlo), mkexpr(argRlo)) ) );
23629
23630 /* This is simple: just invert the result, if necessary, and
23631 have done. */
23632 if (postNot) {
23633 putYMMReg( rG, unop(Iop_NotV256, mkexpr(plain)) );
23634 } else {
23635 putYMMReg( rG, mkexpr(plain) );
23636 }
23637
23638 *uses_vvvv = True;
23639 return delta;
23640 }
23641
23642
23643 /* Handles AVX128 unary E-to-G all-lanes operations. */
23644 static
23645 Long dis_AVX128_E_to_G_unary ( /*OUT*/Bool* uses_vvvv,
23646 const VexAbiInfo* vbi,
23647 Prefix pfx, Long delta,
23648 const HChar* opname,
23649 IRTemp (*opFn)(IRTemp) )
23650 {
23651 HChar dis_buf[50];
23652 Int alen;
23653 IRTemp addr;
23654 IRTemp res = newTemp(Ity_V128);
23655 IRTemp arg = newTemp(Ity_V128);
23656 UChar rm = getUChar(delta);
23657 UInt rG = gregOfRexRM(pfx, rm);
23658 if (epartIsReg(rm)) {
23659 UInt rE = eregOfRexRM(pfx,rm);
23660 assign(arg, getXMMReg(rE));
23661 delta += 1;
23662 DIP("%s %s,%s\n", opname, nameXMMReg(rE), nameXMMReg(rG));
23663 } else {
23664 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
23665 assign(arg, loadLE(Ity_V128, mkexpr(addr)));
23666 delta += alen;
23667 DIP("%s %s,%s\n", opname, dis_buf, nameXMMReg(rG));
23668 }
23669 res = opFn(arg);
23670 putYMMRegLoAndZU( rG, mkexpr(res) );
23671 *uses_vvvv = False;
23672 return delta;
23673 }
23674
23675
23676 /* Handles AVX128 unary E-to-G all-lanes operations. */
23677 static
23678 Long dis_AVX128_E_to_G_unary_all ( /*OUT*/Bool* uses_vvvv,
23679 const VexAbiInfo* vbi,
23680 Prefix pfx, Long delta,
23681 const HChar* opname, IROp op )
23682 {
23683 HChar dis_buf[50];
23684 Int alen;
23685 IRTemp addr;
23686 IRTemp arg = newTemp(Ity_V128);
23687 UChar rm = getUChar(delta);
23688 UInt rG = gregOfRexRM(pfx, rm);
23689 if (epartIsReg(rm)) {
23690 UInt rE = eregOfRexRM(pfx,rm);
23691 assign(arg, getXMMReg(rE));
23692 delta += 1;
23693 DIP("%s %s,%s\n", opname, nameXMMReg(rE), nameXMMReg(rG));
23694 } else {
23695 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
23696 assign(arg, loadLE(Ity_V128, mkexpr(addr)));
23697 delta += alen;
23698 DIP("%s %s,%s\n", opname, dis_buf, nameXMMReg(rG));
23699 }
23700 // Sqrt32Fx4 and Sqrt64Fx2 take a rounding mode, which is faked
23701 // up in the usual way.
23702 Bool needsIRRM = op == Iop_Sqrt32Fx4 || op == Iop_Sqrt64Fx2;
23703 /* XXXROUNDINGFIXME */
23704 IRExpr* res = needsIRRM ? binop(op, get_FAKE_roundingmode(), mkexpr(arg))
23705 : unop(op, mkexpr(arg));
23706 putYMMRegLoAndZU( rG, res );
23707 *uses_vvvv = False;
23708 return delta;
23709 }
23710
23711
23712 /* FIXME: common up with the _128_ version above? */
23713 static
23714 Long dis_VEX_NDS_256_AnySimdPfx_0F_WIG (
23715 /*OUT*/Bool* uses_vvvv, const VexAbiInfo* vbi,
23716 Prefix pfx, Long delta, const HChar* name,
23717 /* The actual operation. Use either 'op' or 'opfn',
23718 but not both. */
23719 IROp op, IRTemp(*opFn)(IRTemp,IRTemp),
23720 Bool invertLeftArg,
23721 Bool swapArgs
23722 )
23723 {
23724 UChar modrm = getUChar(delta);
23725 UInt rD = gregOfRexRM(pfx, modrm);
23726 UInt rSL = getVexNvvvv(pfx);
23727 IRTemp tSL = newTemp(Ity_V256);
23728 IRTemp tSR = newTemp(Ity_V256);
23729 IRTemp addr = IRTemp_INVALID;
23730 HChar dis_buf[50];
23731 Int alen = 0;
23732 vassert(1==getVexL(pfx)/*256*/ && 0==getRexW(pfx)/*WIG?*/);
23733
23734 assign(tSL, invertLeftArg ? unop(Iop_NotV256, getYMMReg(rSL))
23735 : getYMMReg(rSL));
23736
23737 if (epartIsReg(modrm)) {
23738 UInt rSR = eregOfRexRM(pfx, modrm);
23739 delta += 1;
23740 assign(tSR, getYMMReg(rSR));
23741 DIP("%s %s,%s,%s\n",
23742 name, nameYMMReg(rSR), nameYMMReg(rSL), nameYMMReg(rD));
23743 } else {
23744 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
23745 delta += alen;
23746 assign(tSR, loadLE(Ity_V256, mkexpr(addr)));
23747 DIP("%s %s,%s,%s\n",
23748 name, dis_buf, nameYMMReg(rSL), nameYMMReg(rD));
23749 }
23750
23751 IRTemp res = IRTemp_INVALID;
23752 if (op != Iop_INVALID) {
23753 vassert(opFn == NULL);
23754 res = newTemp(Ity_V256);
23755 if (requiresRMode(op)) {
23756 IRTemp rm = newTemp(Ity_I32);
23757 assign(rm, get_FAKE_roundingmode()); /* XXXROUNDINGFIXME */
23758 assign(res, swapArgs
23759 ? triop(op, mkexpr(rm), mkexpr(tSR), mkexpr(tSL))
23760 : triop(op, mkexpr(rm), mkexpr(tSL), mkexpr(tSR)));
23761 } else {
23762 assign(res, swapArgs
23763 ? binop(op, mkexpr(tSR), mkexpr(tSL))
23764 : binop(op, mkexpr(tSL), mkexpr(tSR)));
23765 }
23766 } else {
23767 vassert(opFn != NULL);
23768 res = swapArgs ? opFn(tSR, tSL) : opFn(tSL, tSR);
23769 }
23770
23771 putYMMReg(rD, mkexpr(res));
23772
23773 *uses_vvvv = True;
23774 return delta;
23775 }
23776
23777
23778 /* All-lanes AVX256 binary operation:
23779 G[255:0] = V[255:0] `op` E[255:0]
23780 */
23781 static Long dis_AVX256_E_V_to_G ( /*OUT*/Bool* uses_vvvv,
23782 const VexAbiInfo* vbi,
23783 Prefix pfx, Long delta,
23784 const HChar* opname, IROp op )
23785 {
23786 return dis_VEX_NDS_256_AnySimdPfx_0F_WIG(
23787 uses_vvvv, vbi, pfx, delta, opname, op,
23788 NULL, False/*!invertLeftArg*/, False/*!swapArgs*/
23789 );
23790 }
23791
23792
23793 /* Handle a VEX_NDS_256_66_0F_WIG (3-addr) insn, with a simple IROp
23794 for the operation, no inversion of the left arg, and no swapping of
23795 args. */
23796 static
23797 Long dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple (
23798 /*OUT*/Bool* uses_vvvv, const VexAbiInfo* vbi,
23799 Prefix pfx, Long delta, const HChar* name,
23800 IROp op
23801 )
23802 {
23803 return dis_VEX_NDS_256_AnySimdPfx_0F_WIG(
23804 uses_vvvv, vbi, pfx, delta, name, op, NULL, False, False);
23805 }
23806
23807
23808 /* Handle a VEX_NDS_256_66_0F_WIG (3-addr) insn, using the given IR
23809 generator to compute the result, no inversion of the left
23810 arg, and no swapping of args. */
23811 static
23812 Long dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex (
23813 /*OUT*/Bool* uses_vvvv, const VexAbiInfo* vbi,
23814 Prefix pfx, Long delta, const HChar* name,
23815 IRTemp(*opFn)(IRTemp,IRTemp)
23816 )
23817 {
23818 return dis_VEX_NDS_256_AnySimdPfx_0F_WIG(
23819 uses_vvvv, vbi, pfx, delta, name,
23820 Iop_INVALID, opFn, False, False );
23821 }
23822
23823
23824 /* Handles AVX256 unary E-to-G all-lanes operations. */
23825 static
23826 Long dis_AVX256_E_to_G_unary ( /*OUT*/Bool* uses_vvvv,
23827 const VexAbiInfo* vbi,
23828 Prefix pfx, Long delta,
23829 const HChar* opname,
23830 IRTemp (*opFn)(IRTemp) )
23831 {
23832 HChar dis_buf[50];
23833 Int alen;
23834 IRTemp addr;
23835 IRTemp res = newTemp(Ity_V256);
23836 IRTemp arg = newTemp(Ity_V256);
23837 UChar rm = getUChar(delta);
23838 UInt rG = gregOfRexRM(pfx, rm);
23839 if (epartIsReg(rm)) {
23840 UInt rE = eregOfRexRM(pfx,rm);
23841 assign(arg, getYMMReg(rE));
23842 delta += 1;
23843 DIP("%s %s,%s\n", opname, nameYMMReg(rE), nameYMMReg(rG));
23844 } else {
23845 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
23846 assign(arg, loadLE(Ity_V256, mkexpr(addr)));
23847 delta += alen;
23848 DIP("%s %s,%s\n", opname, dis_buf, nameYMMReg(rG));
23849 }
23850 res = opFn(arg);
23851 putYMMReg( rG, mkexpr(res) );
23852 *uses_vvvv = False;
23853 return delta;
23854 }
23855
23856
23857 /* Handles AVX256 unary E-to-G all-lanes operations. */
23858 static
23859 Long dis_AVX256_E_to_G_unary_all ( /*OUT*/Bool* uses_vvvv,
23860 const VexAbiInfo* vbi,
23861 Prefix pfx, Long delta,
23862 const HChar* opname, IROp op )
23863 {
23864 HChar dis_buf[50];
23865 Int alen;
23866 IRTemp addr;
23867 IRTemp arg = newTemp(Ity_V256);
23868 UChar rm = getUChar(delta);
23869 UInt rG = gregOfRexRM(pfx, rm);
23870 if (epartIsReg(rm)) {
23871 UInt rE = eregOfRexRM(pfx,rm);
23872 assign(arg, getYMMReg(rE));
23873 delta += 1;
23874 DIP("%s %s,%s\n", opname, nameYMMReg(rE), nameYMMReg(rG));
23875 } else {
23876 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
23877 assign(arg, loadLE(Ity_V256, mkexpr(addr)));
23878 delta += alen;
23879 DIP("%s %s,%s\n", opname, dis_buf, nameYMMReg(rG));
23880 }
23881 putYMMReg( rG, unop(op, mkexpr(arg)) );
23882 *uses_vvvv = False;
23883 return delta;
23884 }
23885
23886
23887 /* The use of ReinterpF64asI64 is ugly. Surely could do better if we
23888 had a variant of Iop_64x4toV256 that took F64s as args instead. */
23889 static Long dis_CVTDQ2PD_256 ( const VexAbiInfo* vbi, Prefix pfx,
23890 Long delta )
23891 {
23892 IRTemp addr = IRTemp_INVALID;
23893 Int alen = 0;
23894 HChar dis_buf[50];
23895 UChar modrm = getUChar(delta);
23896 IRTemp sV = newTemp(Ity_V128);
23897 UInt rG = gregOfRexRM(pfx,modrm);
23898 if (epartIsReg(modrm)) {
23899 UInt rE = eregOfRexRM(pfx,modrm);
23900 assign( sV, getXMMReg(rE) );
23901 delta += 1;
23902 DIP("vcvtdq2pd %s,%s\n", nameXMMReg(rE), nameYMMReg(rG));
23903 } else {
23904 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
23905 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
23906 delta += alen;
23907 DIP("vcvtdq2pd %s,%s\n", dis_buf, nameYMMReg(rG) );
23908 }
23909 IRTemp s3, s2, s1, s0;
23910 s3 = s2 = s1 = s0 = IRTemp_INVALID;
23911 breakupV128to32s( sV, &s3, &s2, &s1, &s0 );
23912 IRExpr* res
23913 = IRExpr_Qop(
23914 Iop_64x4toV256,
23915 unop(Iop_ReinterpF64asI64, unop(Iop_I32StoF64, mkexpr(s3))),
23916 unop(Iop_ReinterpF64asI64, unop(Iop_I32StoF64, mkexpr(s2))),
23917 unop(Iop_ReinterpF64asI64, unop(Iop_I32StoF64, mkexpr(s1))),
23918 unop(Iop_ReinterpF64asI64, unop(Iop_I32StoF64, mkexpr(s0)))
23919 );
23920 putYMMReg(rG, res);
23921 return delta;
23922 }
23923
23924
23925 static Long dis_CVTPD2PS_256 ( const VexAbiInfo* vbi, Prefix pfx,
23926 Long delta )
23927 {
23928 IRTemp addr = IRTemp_INVALID;
23929 Int alen = 0;
23930 HChar dis_buf[50];
23931 UChar modrm = getUChar(delta);
23932 UInt rG = gregOfRexRM(pfx,modrm);
23933 IRTemp argV = newTemp(Ity_V256);
23934 IRTemp rmode = newTemp(Ity_I32);
23935 if (epartIsReg(modrm)) {
23936 UInt rE = eregOfRexRM(pfx,modrm);
23937 assign( argV, getYMMReg(rE) );
23938 delta += 1;
23939 DIP("vcvtpd2psy %s,%s\n", nameYMMReg(rE), nameXMMReg(rG));
23940 } else {
23941 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
23942 assign( argV, loadLE(Ity_V256, mkexpr(addr)) );
23943 delta += alen;
23944 DIP("vcvtpd2psy %s,%s\n", dis_buf, nameXMMReg(rG) );
23945 }
23946
23947 assign( rmode, get_sse_roundingmode() );
23948 IRTemp t3, t2, t1, t0;
23949 t3 = t2 = t1 = t0 = IRTemp_INVALID;
23950 breakupV256to64s( argV, &t3, &t2, &t1, &t0 );
23951 # define CVT(_t) binop( Iop_F64toF32, mkexpr(rmode), \
23952 unop(Iop_ReinterpI64asF64, mkexpr(_t)) )
23953 putXMMRegLane32F( rG, 3, CVT(t3) );
23954 putXMMRegLane32F( rG, 2, CVT(t2) );
23955 putXMMRegLane32F( rG, 1, CVT(t1) );
23956 putXMMRegLane32F( rG, 0, CVT(t0) );
23957 # undef CVT
23958 putYMMRegLane128( rG, 1, mkV128(0) );
23959 return delta;
23960 }
23961
23962
23963 static IRTemp math_VPUNPCK_YMM ( IRTemp tL, IRType tR, IROp op )
23964 {
23965 IRTemp tLhi, tLlo, tRhi, tRlo;
23966 tLhi = tLlo = tRhi = tRlo = IRTemp_INVALID;
23967 IRTemp res = newTemp(Ity_V256);
23968 breakupV256toV128s( tL, &tLhi, &tLlo );
23969 breakupV256toV128s( tR, &tRhi, &tRlo );
23970 assign( res, binop( Iop_V128HLtoV256,
23971 binop( op, mkexpr(tRhi), mkexpr(tLhi) ),
23972 binop( op, mkexpr(tRlo), mkexpr(tLlo) ) ) );
23973 return res;
23974 }
23975
23976
23977 static IRTemp math_VPUNPCKLBW_YMM ( IRTemp tL, IRTemp tR )
23978 {
23979 return math_VPUNPCK_YMM( tL, tR, Iop_InterleaveLO8x16 );
23980 }
23981
23982
23983 static IRTemp math_VPUNPCKLWD_YMM ( IRTemp tL, IRTemp tR )
23984 {
23985 return math_VPUNPCK_YMM( tL, tR, Iop_InterleaveLO16x8 );
23986 }
23987
23988
23989 static IRTemp math_VPUNPCKLDQ_YMM ( IRTemp tL, IRTemp tR )
23990 {
23991 return math_VPUNPCK_YMM( tL, tR, Iop_InterleaveLO32x4 );
23992 }
23993
23994
23995 static IRTemp math_VPUNPCKLQDQ_YMM ( IRTemp tL, IRTemp tR )
23996 {
23997 return math_VPUNPCK_YMM( tL, tR, Iop_InterleaveLO64x2 );
23998 }
23999
24000
24001 static IRTemp math_VPUNPCKHBW_YMM ( IRTemp tL, IRTemp tR )
24002 {
24003 return math_VPUNPCK_YMM( tL, tR, Iop_InterleaveHI8x16 );
24004 }
24005
24006
24007 static IRTemp math_VPUNPCKHWD_YMM ( IRTemp tL, IRTemp tR )
24008 {
24009 return math_VPUNPCK_YMM( tL, tR, Iop_InterleaveHI16x8 );
24010 }
24011
24012
24013 static IRTemp math_VPUNPCKHDQ_YMM ( IRTemp tL, IRTemp tR )
24014 {
24015 return math_VPUNPCK_YMM( tL, tR, Iop_InterleaveHI32x4 );
24016 }
24017
24018
24019 static IRTemp math_VPUNPCKHQDQ_YMM ( IRTemp tL, IRTemp tR )
24020 {
24021 return math_VPUNPCK_YMM( tL, tR, Iop_InterleaveHI64x2 );
24022 }
24023
24024
24025 static IRTemp math_VPACKSSWB_YMM ( IRTemp tL, IRTemp tR )
24026 {
24027 return math_VPUNPCK_YMM( tL, tR, Iop_QNarrowBin16Sto8Sx16 );
24028 }
24029
24030
24031 static IRTemp math_VPACKUSWB_YMM ( IRTemp tL, IRTemp tR )
24032 {
24033 return math_VPUNPCK_YMM( tL, tR, Iop_QNarrowBin16Sto8Ux16 );
24034 }
24035
24036
24037 static IRTemp math_VPACKSSDW_YMM ( IRTemp tL, IRTemp tR )
24038 {
24039 return math_VPUNPCK_YMM( tL, tR, Iop_QNarrowBin32Sto16Sx8 );
24040 }
24041
24042
24043 static IRTemp math_VPACKUSDW_YMM ( IRTemp tL, IRTemp tR )
24044 {
24045 return math_VPUNPCK_YMM( tL, tR, Iop_QNarrowBin32Sto16Ux8 );
24046 }
24047
24048
24049 __attribute__((noinline))
24050 static
24051 Long dis_ESC_0F__VEX (
24052 /*MB_OUT*/DisResult* dres,
24053 /*OUT*/ Bool* uses_vvvv,
24054 Bool (*resteerOkFn) ( /*opaque*/void*, Addr ),
24055 Bool resteerCisOk,
24056 void* callback_opaque,
24057 const VexArchInfo* archinfo,
24058 const VexAbiInfo* vbi,
24059 Prefix pfx, Int sz, Long deltaIN
24060 )
24061 {
24062 IRTemp addr = IRTemp_INVALID;
24063 Int alen = 0;
24064 HChar dis_buf[50];
24065 Long delta = deltaIN;
24066 UChar opc = getUChar(delta);
24067 delta++;
24068 *uses_vvvv = False;
24069
24070 switch (opc) {
24071
24072 case 0x10:
24073 /* VMOVSD m64, xmm1 = VEX.LIG.F2.0F.WIG 10 /r */
24074 /* Move 64 bits from E (mem only) to G (lo half xmm).
24075 Bits 255-64 of the dest are zeroed out. */
24076 if (haveF2no66noF3(pfx) && !epartIsReg(getUChar(delta))) {
24077 UChar modrm = getUChar(delta);
24078 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24079 UInt rG = gregOfRexRM(pfx,modrm);
24080 IRTemp z128 = newTemp(Ity_V128);
24081 assign(z128, mkV128(0));
24082 putXMMReg( rG, mkexpr(z128) );
24083 /* FIXME: ALIGNMENT CHECK? */
24084 putXMMRegLane64( rG, 0, loadLE(Ity_I64, mkexpr(addr)) );
24085 putYMMRegLane128( rG, 1, mkexpr(z128) );
24086 DIP("vmovsd %s,%s\n", dis_buf, nameXMMReg(rG));
24087 delta += alen;
24088 goto decode_success;
24089 }
24090 /* VMOVSD xmm3, xmm2, xmm1 = VEX.LIG.F2.0F.WIG 10 /r */
24091 /* Reg form. */
24092 if (haveF2no66noF3(pfx) && epartIsReg(getUChar(delta))) {
24093 UChar modrm = getUChar(delta);
24094 UInt rG = gregOfRexRM(pfx, modrm);
24095 UInt rE = eregOfRexRM(pfx, modrm);
24096 UInt rV = getVexNvvvv(pfx);
24097 delta++;
24098 DIP("vmovsd %s,%s,%s\n",
24099 nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
24100 IRTemp res = newTemp(Ity_V128);
24101 assign(res, binop(Iop_64HLtoV128,
24102 getXMMRegLane64(rV, 1),
24103 getXMMRegLane64(rE, 0)));
24104 putYMMRegLoAndZU(rG, mkexpr(res));
24105 *uses_vvvv = True;
24106 goto decode_success;
24107 }
24108 /* VMOVSS m32, xmm1 = VEX.LIG.F3.0F.WIG 10 /r */
24109 /* Move 32 bits from E (mem only) to G (lo half xmm).
24110 Bits 255-32 of the dest are zeroed out. */
24111 if (haveF3no66noF2(pfx) && !epartIsReg(getUChar(delta))) {
24112 UChar modrm = getUChar(delta);
24113 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24114 UInt rG = gregOfRexRM(pfx,modrm);
24115 IRTemp z128 = newTemp(Ity_V128);
24116 assign(z128, mkV128(0));
24117 putXMMReg( rG, mkexpr(z128) );
24118 /* FIXME: ALIGNMENT CHECK? */
24119 putXMMRegLane32( rG, 0, loadLE(Ity_I32, mkexpr(addr)) );
24120 putYMMRegLane128( rG, 1, mkexpr(z128) );
24121 DIP("vmovss %s,%s\n", dis_buf, nameXMMReg(rG));
24122 delta += alen;
24123 goto decode_success;
24124 }
24125 /* VMOVSS xmm3, xmm2, xmm1 = VEX.LIG.F3.0F.WIG 10 /r */
24126 /* Reg form. */
24127 if (haveF3no66noF2(pfx) && epartIsReg(getUChar(delta))) {
24128 UChar modrm = getUChar(delta);
24129 UInt rG = gregOfRexRM(pfx, modrm);
24130 UInt rE = eregOfRexRM(pfx, modrm);
24131 UInt rV = getVexNvvvv(pfx);
24132 delta++;
24133 DIP("vmovss %s,%s,%s\n",
24134 nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
24135 IRTemp res = newTemp(Ity_V128);
24136 assign( res, binop( Iop_64HLtoV128,
24137 getXMMRegLane64(rV, 1),
24138 binop(Iop_32HLto64,
24139 getXMMRegLane32(rV, 1),
24140 getXMMRegLane32(rE, 0)) ) );
24141 putYMMRegLoAndZU(rG, mkexpr(res));
24142 *uses_vvvv = True;
24143 goto decode_success;
24144 }
24145 /* VMOVUPD xmm2/m128, xmm1 = VEX.128.66.0F.WIG 10 /r */
24146 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
24147 UChar modrm = getUChar(delta);
24148 UInt rG = gregOfRexRM(pfx, modrm);
24149 if (epartIsReg(modrm)) {
24150 UInt rE = eregOfRexRM(pfx,modrm);
24151 putYMMRegLoAndZU( rG, getXMMReg( rE ));
24152 DIP("vmovupd %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
24153 delta += 1;
24154 } else {
24155 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24156 putYMMRegLoAndZU( rG, loadLE(Ity_V128, mkexpr(addr)) );
24157 DIP("vmovupd %s,%s\n", dis_buf, nameXMMReg(rG));
24158 delta += alen;
24159 }
24160 goto decode_success;
24161 }
24162 /* VMOVUPD ymm2/m256, ymm1 = VEX.256.66.0F.WIG 10 /r */
24163 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
24164 UChar modrm = getUChar(delta);
24165 UInt rG = gregOfRexRM(pfx, modrm);
24166 if (epartIsReg(modrm)) {
24167 UInt rE = eregOfRexRM(pfx,modrm);
24168 putYMMReg( rG, getYMMReg( rE ));
24169 DIP("vmovupd %s,%s\n", nameYMMReg(rE), nameYMMReg(rG));
24170 delta += 1;
24171 } else {
24172 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24173 putYMMReg( rG, loadLE(Ity_V256, mkexpr(addr)) );
24174 DIP("vmovupd %s,%s\n", dis_buf, nameYMMReg(rG));
24175 delta += alen;
24176 }
24177 goto decode_success;
24178 }
24179 /* VMOVUPS xmm2/m128, xmm1 = VEX.128.0F.WIG 10 /r */
24180 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
24181 UChar modrm = getUChar(delta);
24182 UInt rG = gregOfRexRM(pfx, modrm);
24183 if (epartIsReg(modrm)) {
24184 UInt rE = eregOfRexRM(pfx,modrm);
24185 putYMMRegLoAndZU( rG, getXMMReg( rE ));
24186 DIP("vmovups %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
24187 delta += 1;
24188 } else {
24189 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24190 putYMMRegLoAndZU( rG, loadLE(Ity_V128, mkexpr(addr)) );
24191 DIP("vmovups %s,%s\n", dis_buf, nameXMMReg(rG));
24192 delta += alen;
24193 }
24194 goto decode_success;
24195 }
24196 /* VMOVUPS ymm2/m256, ymm1 = VEX.256.0F.WIG 10 /r */
24197 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
24198 UChar modrm = getUChar(delta);
24199 UInt rG = gregOfRexRM(pfx, modrm);
24200 if (epartIsReg(modrm)) {
24201 UInt rE = eregOfRexRM(pfx,modrm);
24202 putYMMReg( rG, getYMMReg( rE ));
24203 DIP("vmovups %s,%s\n", nameYMMReg(rE), nameYMMReg(rG));
24204 delta += 1;
24205 } else {
24206 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24207 putYMMReg( rG, loadLE(Ity_V256, mkexpr(addr)) );
24208 DIP("vmovups %s,%s\n", dis_buf, nameYMMReg(rG));
24209 delta += alen;
24210 }
24211 goto decode_success;
24212 }
24213 break;
24214
24215 case 0x11:
24216 /* VMOVSD xmm1, m64 = VEX.LIG.F2.0F.WIG 11 /r */
24217 /* Move 64 bits from G (low half xmm) to mem only. */
24218 if (haveF2no66noF3(pfx) && !epartIsReg(getUChar(delta))) {
24219 UChar modrm = getUChar(delta);
24220 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24221 UInt rG = gregOfRexRM(pfx,modrm);
24222 /* FIXME: ALIGNMENT CHECK? */
24223 storeLE( mkexpr(addr), getXMMRegLane64(rG, 0));
24224 DIP("vmovsd %s,%s\n", nameXMMReg(rG), dis_buf);
24225 delta += alen;
24226 goto decode_success;
24227 }
24228 /* VMOVSD xmm3, xmm2, xmm1 = VEX.LIG.F2.0F.WIG 11 /r */
24229 /* Reg form. */
24230 if (haveF2no66noF3(pfx) && epartIsReg(getUChar(delta))) {
24231 UChar modrm = getUChar(delta);
24232 UInt rG = gregOfRexRM(pfx, modrm);
24233 UInt rE = eregOfRexRM(pfx, modrm);
24234 UInt rV = getVexNvvvv(pfx);
24235 delta++;
24236 DIP("vmovsd %s,%s,%s\n",
24237 nameXMMReg(rG), nameXMMReg(rV), nameXMMReg(rE));
24238 IRTemp res = newTemp(Ity_V128);
24239 assign(res, binop(Iop_64HLtoV128,
24240 getXMMRegLane64(rV, 1),
24241 getXMMRegLane64(rG, 0)));
24242 putYMMRegLoAndZU(rE, mkexpr(res));
24243 *uses_vvvv = True;
24244 goto decode_success;
24245 }
24246 /* VMOVSS xmm1, m64 = VEX.LIG.F3.0F.WIG 11 /r */
24247 /* Move 32 bits from G (low 1/4 xmm) to mem only. */
24248 if (haveF3no66noF2(pfx) && !epartIsReg(getUChar(delta))) {
24249 UChar modrm = getUChar(delta);
24250 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24251 UInt rG = gregOfRexRM(pfx,modrm);
24252 /* FIXME: ALIGNMENT CHECK? */
24253 storeLE( mkexpr(addr), getXMMRegLane32(rG, 0));
24254 DIP("vmovss %s,%s\n", nameXMMReg(rG), dis_buf);
24255 delta += alen;
24256 goto decode_success;
24257 }
24258 /* VMOVSS xmm3, xmm2, xmm1 = VEX.LIG.F3.0F.WIG 11 /r */
24259 /* Reg form. */
24260 if (haveF3no66noF2(pfx) && epartIsReg(getUChar(delta))) {
24261 UChar modrm = getUChar(delta);
24262 UInt rG = gregOfRexRM(pfx, modrm);
24263 UInt rE = eregOfRexRM(pfx, modrm);
24264 UInt rV = getVexNvvvv(pfx);
24265 delta++;
24266 DIP("vmovss %s,%s,%s\n",
24267 nameXMMReg(rG), nameXMMReg(rV), nameXMMReg(rE));
24268 IRTemp res = newTemp(Ity_V128);
24269 assign( res, binop( Iop_64HLtoV128,
24270 getXMMRegLane64(rV, 1),
24271 binop(Iop_32HLto64,
24272 getXMMRegLane32(rV, 1),
24273 getXMMRegLane32(rG, 0)) ) );
24274 putYMMRegLoAndZU(rE, mkexpr(res));
24275 *uses_vvvv = True;
24276 goto decode_success;
24277 }
24278 /* VMOVUPD xmm1, xmm2/m128 = VEX.128.66.0F.WIG 11 /r */
24279 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
24280 UChar modrm = getUChar(delta);
24281 UInt rG = gregOfRexRM(pfx,modrm);
24282 if (epartIsReg(modrm)) {
24283 UInt rE = eregOfRexRM(pfx,modrm);
24284 putYMMRegLoAndZU( rE, getXMMReg(rG) );
24285 DIP("vmovupd %s,%s\n", nameXMMReg(rG), nameXMMReg(rE));
24286 delta += 1;
24287 } else {
24288 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24289 storeLE( mkexpr(addr), getXMMReg(rG) );
24290 DIP("vmovupd %s,%s\n", nameXMMReg(rG), dis_buf);
24291 delta += alen;
24292 }
24293 goto decode_success;
24294 }
24295 /* VMOVUPD ymm1, ymm2/m256 = VEX.256.66.0F.WIG 11 /r */
24296 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
24297 UChar modrm = getUChar(delta);
24298 UInt rG = gregOfRexRM(pfx,modrm);
24299 if (epartIsReg(modrm)) {
24300 UInt rE = eregOfRexRM(pfx,modrm);
24301 putYMMReg( rE, getYMMReg(rG) );
24302 DIP("vmovupd %s,%s\n", nameYMMReg(rG), nameYMMReg(rE));
24303 delta += 1;
24304 } else {
24305 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24306 storeLE( mkexpr(addr), getYMMReg(rG) );
24307 DIP("vmovupd %s,%s\n", nameYMMReg(rG), dis_buf);
24308 delta += alen;
24309 }
24310 goto decode_success;
24311 }
24312 /* VMOVUPS xmm1, xmm2/m128 = VEX.128.0F.WIG 11 /r */
24313 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
24314 UChar modrm = getUChar(delta);
24315 UInt rG = gregOfRexRM(pfx,modrm);
24316 if (epartIsReg(modrm)) {
24317 UInt rE = eregOfRexRM(pfx,modrm);
24318 putYMMRegLoAndZU( rE, getXMMReg(rG) );
24319 DIP("vmovups %s,%s\n", nameXMMReg(rG), nameXMMReg(rE));
24320 delta += 1;
24321 } else {
24322 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24323 storeLE( mkexpr(addr), getXMMReg(rG) );
24324 DIP("vmovups %s,%s\n", nameXMMReg(rG), dis_buf);
24325 delta += alen;
24326 }
24327 goto decode_success;
24328 }
24329 /* VMOVUPS ymm1, ymm2/m256 = VEX.256.0F.WIG 11 /r */
24330 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
24331 UChar modrm = getUChar(delta);
24332 UInt rG = gregOfRexRM(pfx,modrm);
24333 if (epartIsReg(modrm)) {
24334 UInt rE = eregOfRexRM(pfx,modrm);
24335 putYMMReg( rE, getYMMReg(rG) );
24336 DIP("vmovups %s,%s\n", nameYMMReg(rG), nameYMMReg(rE));
24337 delta += 1;
24338 } else {
24339 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24340 storeLE( mkexpr(addr), getYMMReg(rG) );
24341 DIP("vmovups %s,%s\n", nameYMMReg(rG), dis_buf);
24342 delta += alen;
24343 }
24344 goto decode_success;
24345 }
24346 break;
24347
24348 case 0x12:
24349 /* VMOVDDUP xmm2/m64, xmm1 = VEX.128.F2.0F.WIG /12 r */
24350 if (haveF2no66noF3(pfx) && 0==getVexL(pfx)/*128*/) {
24351 delta = dis_MOVDDUP_128( vbi, pfx, delta, True/*isAvx*/ );
24352 goto decode_success;
24353 }
24354 /* VMOVDDUP ymm2/m256, ymm1 = VEX.256.F2.0F.WIG /12 r */
24355 if (haveF2no66noF3(pfx) && 1==getVexL(pfx)/*256*/) {
24356 delta = dis_MOVDDUP_256( vbi, pfx, delta );
24357 goto decode_success;
24358 }
24359 /* VMOVHLPS xmm3, xmm2, xmm1 = VEX.NDS.128.0F.WIG 12 /r */
24360 /* Insn only exists in reg form */
24361 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
24362 && epartIsReg(getUChar(delta))) {
24363 UChar modrm = getUChar(delta);
24364 UInt rG = gregOfRexRM(pfx, modrm);
24365 UInt rE = eregOfRexRM(pfx, modrm);
24366 UInt rV = getVexNvvvv(pfx);
24367 delta++;
24368 DIP("vmovhlps %s,%s,%s\n",
24369 nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
24370 IRTemp res = newTemp(Ity_V128);
24371 assign(res, binop(Iop_64HLtoV128,
24372 getXMMRegLane64(rV, 1),
24373 getXMMRegLane64(rE, 1)));
24374 putYMMRegLoAndZU(rG, mkexpr(res));
24375 *uses_vvvv = True;
24376 goto decode_success;
24377 }
24378 /* VMOVLPS m64, xmm1, xmm2 = VEX.NDS.128.0F.WIG 12 /r */
24379 /* Insn exists only in mem form, it appears. */
24380 /* VMOVLPD m64, xmm1, xmm2 = VEX.NDS.128.66.0F.WIG 12 /r */
24381 /* Insn exists only in mem form, it appears. */
24382 if ((have66noF2noF3(pfx) || haveNo66noF2noF3(pfx))
24383 && 0==getVexL(pfx)/*128*/ && !epartIsReg(getUChar(delta))) {
24384 UChar modrm = getUChar(delta);
24385 UInt rG = gregOfRexRM(pfx, modrm);
24386 UInt rV = getVexNvvvv(pfx);
24387 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24388 delta += alen;
24389 DIP("vmovlpd %s,%s,%s\n",
24390 dis_buf, nameXMMReg(rV), nameXMMReg(rG));
24391 IRTemp res = newTemp(Ity_V128);
24392 assign(res, binop(Iop_64HLtoV128,
24393 getXMMRegLane64(rV, 1),
24394 loadLE(Ity_I64, mkexpr(addr))));
24395 putYMMRegLoAndZU(rG, mkexpr(res));
24396 *uses_vvvv = True;
24397 goto decode_success;
24398 }
24399 /* VMOVSLDUP xmm2/m128, xmm1 = VEX.NDS.128.F3.0F.WIG 12 /r */
24400 if (haveF3no66noF2(pfx) && 0==getVexL(pfx)/*128*/) {
24401 delta = dis_MOVSxDUP_128( vbi, pfx, delta, True/*isAvx*/,
24402 True/*isL*/ );
24403 goto decode_success;
24404 }
24405 /* VMOVSLDUP ymm2/m256, ymm1 = VEX.NDS.256.F3.0F.WIG 12 /r */
24406 if (haveF3no66noF2(pfx) && 1==getVexL(pfx)/*256*/) {
24407 delta = dis_MOVSxDUP_256( vbi, pfx, delta, True/*isL*/ );
24408 goto decode_success;
24409 }
24410 break;
24411
24412 case 0x13:
24413 /* VMOVLPS xmm1, m64 = VEX.128.0F.WIG 13 /r */
24414 /* Insn exists only in mem form, it appears. */
24415 /* VMOVLPD xmm1, m64 = VEX.128.66.0F.WIG 13 /r */
24416 /* Insn exists only in mem form, it appears. */
24417 if ((have66noF2noF3(pfx) || haveNo66noF2noF3(pfx))
24418 && 0==getVexL(pfx)/*128*/ && !epartIsReg(getUChar(delta))) {
24419 UChar modrm = getUChar(delta);
24420 UInt rG = gregOfRexRM(pfx, modrm);
24421 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24422 delta += alen;
24423 storeLE( mkexpr(addr), getXMMRegLane64( rG, 0));
24424 DIP("vmovlpd %s,%s\n", nameXMMReg(rG), dis_buf);
24425 goto decode_success;
24426 }
24427 break;
24428
24429 case 0x14:
24430 case 0x15:
24431 /* VUNPCKLPS xmm3/m128, xmm2, xmm1 = VEX.NDS.128.0F.WIG 14 /r */
24432 /* VUNPCKHPS xmm3/m128, xmm2, xmm1 = VEX.NDS.128.0F.WIG 15 /r */
24433 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
24434 Bool hi = opc == 0x15;
24435 UChar modrm = getUChar(delta);
24436 UInt rG = gregOfRexRM(pfx,modrm);
24437 UInt rV = getVexNvvvv(pfx);
24438 IRTemp eV = newTemp(Ity_V128);
24439 IRTemp vV = newTemp(Ity_V128);
24440 assign( vV, getXMMReg(rV) );
24441 if (epartIsReg(modrm)) {
24442 UInt rE = eregOfRexRM(pfx,modrm);
24443 assign( eV, getXMMReg(rE) );
24444 delta += 1;
24445 DIP("vunpck%sps %s,%s\n", hi ? "h" : "l",
24446 nameXMMReg(rE), nameXMMReg(rG));
24447 } else {
24448 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24449 assign( eV, loadLE(Ity_V128, mkexpr(addr)) );
24450 delta += alen;
24451 DIP("vunpck%sps %s,%s\n", hi ? "h" : "l",
24452 dis_buf, nameXMMReg(rG));
24453 }
24454 IRTemp res = math_UNPCKxPS_128( eV, vV, hi );
24455 putYMMRegLoAndZU( rG, mkexpr(res) );
24456 *uses_vvvv = True;
24457 goto decode_success;
24458 }
24459 /* VUNPCKLPS ymm3/m256, ymm2, ymm1 = VEX.NDS.256.0F.WIG 14 /r */
24460 /* VUNPCKHPS ymm3/m256, ymm2, ymm1 = VEX.NDS.256.0F.WIG 15 /r */
24461 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
24462 Bool hi = opc == 0x15;
24463 UChar modrm = getUChar(delta);
24464 UInt rG = gregOfRexRM(pfx,modrm);
24465 UInt rV = getVexNvvvv(pfx);
24466 IRTemp eV = newTemp(Ity_V256);
24467 IRTemp vV = newTemp(Ity_V256);
24468 assign( vV, getYMMReg(rV) );
24469 if (epartIsReg(modrm)) {
24470 UInt rE = eregOfRexRM(pfx,modrm);
24471 assign( eV, getYMMReg(rE) );
24472 delta += 1;
24473 DIP("vunpck%sps %s,%s\n", hi ? "h" : "l",
24474 nameYMMReg(rE), nameYMMReg(rG));
24475 } else {
24476 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24477 assign( eV, loadLE(Ity_V256, mkexpr(addr)) );
24478 delta += alen;
24479 DIP("vunpck%sps %s,%s\n", hi ? "h" : "l",
24480 dis_buf, nameYMMReg(rG));
24481 }
24482 IRTemp res = math_UNPCKxPS_256( eV, vV, hi );
24483 putYMMReg( rG, mkexpr(res) );
24484 *uses_vvvv = True;
24485 goto decode_success;
24486 }
24487 /* VUNPCKLPD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG 14 /r */
24488 /* VUNPCKHPD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG 15 /r */
24489 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
24490 Bool hi = opc == 0x15;
24491 UChar modrm = getUChar(delta);
24492 UInt rG = gregOfRexRM(pfx,modrm);
24493 UInt rV = getVexNvvvv(pfx);
24494 IRTemp eV = newTemp(Ity_V128);
24495 IRTemp vV = newTemp(Ity_V128);
24496 assign( vV, getXMMReg(rV) );
24497 if (epartIsReg(modrm)) {
24498 UInt rE = eregOfRexRM(pfx,modrm);
24499 assign( eV, getXMMReg(rE) );
24500 delta += 1;
24501 DIP("vunpck%spd %s,%s\n", hi ? "h" : "l",
24502 nameXMMReg(rE), nameXMMReg(rG));
24503 } else {
24504 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24505 assign( eV, loadLE(Ity_V128, mkexpr(addr)) );
24506 delta += alen;
24507 DIP("vunpck%spd %s,%s\n", hi ? "h" : "l",
24508 dis_buf, nameXMMReg(rG));
24509 }
24510 IRTemp res = math_UNPCKxPD_128( eV, vV, hi );
24511 putYMMRegLoAndZU( rG, mkexpr(res) );
24512 *uses_vvvv = True;
24513 goto decode_success;
24514 }
24515 /* VUNPCKLPD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG 14 /r */
24516 /* VUNPCKHPD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG 15 /r */
24517 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
24518 Bool hi = opc == 0x15;
24519 UChar modrm = getUChar(delta);
24520 UInt rG = gregOfRexRM(pfx,modrm);
24521 UInt rV = getVexNvvvv(pfx);
24522 IRTemp eV = newTemp(Ity_V256);
24523 IRTemp vV = newTemp(Ity_V256);
24524 assign( vV, getYMMReg(rV) );
24525 if (epartIsReg(modrm)) {
24526 UInt rE = eregOfRexRM(pfx,modrm);
24527 assign( eV, getYMMReg(rE) );
24528 delta += 1;
24529 DIP("vunpck%spd %s,%s\n", hi ? "h" : "l",
24530 nameYMMReg(rE), nameYMMReg(rG));
24531 } else {
24532 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24533 assign( eV, loadLE(Ity_V256, mkexpr(addr)) );
24534 delta += alen;
24535 DIP("vunpck%spd %s,%s\n", hi ? "h" : "l",
24536 dis_buf, nameYMMReg(rG));
24537 }
24538 IRTemp res = math_UNPCKxPD_256( eV, vV, hi );
24539 putYMMReg( rG, mkexpr(res) );
24540 *uses_vvvv = True;
24541 goto decode_success;
24542 }
24543 break;
24544
24545 case 0x16:
24546 /* VMOVLHPS xmm3, xmm2, xmm1 = VEX.NDS.128.0F.WIG 16 /r */
24547 /* Insn only exists in reg form */
24548 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
24549 && epartIsReg(getUChar(delta))) {
24550 UChar modrm = getUChar(delta);
24551 UInt rG = gregOfRexRM(pfx, modrm);
24552 UInt rE = eregOfRexRM(pfx, modrm);
24553 UInt rV = getVexNvvvv(pfx);
24554 delta++;
24555 DIP("vmovlhps %s,%s,%s\n",
24556 nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
24557 IRTemp res = newTemp(Ity_V128);
24558 assign(res, binop(Iop_64HLtoV128,
24559 getXMMRegLane64(rE, 0),
24560 getXMMRegLane64(rV, 0)));
24561 putYMMRegLoAndZU(rG, mkexpr(res));
24562 *uses_vvvv = True;
24563 goto decode_success;
24564 }
24565 /* VMOVHPS m64, xmm1, xmm2 = VEX.NDS.128.0F.WIG 16 /r */
24566 /* Insn exists only in mem form, it appears. */
24567 /* VMOVHPD m64, xmm1, xmm2 = VEX.NDS.128.66.0F.WIG 16 /r */
24568 /* Insn exists only in mem form, it appears. */
24569 if ((have66noF2noF3(pfx) || haveNo66noF2noF3(pfx))
24570 && 0==getVexL(pfx)/*128*/ && !epartIsReg(getUChar(delta))) {
24571 UChar modrm = getUChar(delta);
24572 UInt rG = gregOfRexRM(pfx, modrm);
24573 UInt rV = getVexNvvvv(pfx);
24574 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24575 delta += alen;
24576 DIP("vmovhp%c %s,%s,%s\n", have66(pfx) ? 'd' : 's',
24577 dis_buf, nameXMMReg(rV), nameXMMReg(rG));
24578 IRTemp res = newTemp(Ity_V128);
24579 assign(res, binop(Iop_64HLtoV128,
24580 loadLE(Ity_I64, mkexpr(addr)),
24581 getXMMRegLane64(rV, 0)));
24582 putYMMRegLoAndZU(rG, mkexpr(res));
24583 *uses_vvvv = True;
24584 goto decode_success;
24585 }
24586 /* VMOVSHDUP xmm2/m128, xmm1 = VEX.NDS.128.F3.0F.WIG 16 /r */
24587 if (haveF3no66noF2(pfx) && 0==getVexL(pfx)/*128*/) {
24588 delta = dis_MOVSxDUP_128( vbi, pfx, delta, True/*isAvx*/,
24589 False/*!isL*/ );
24590 goto decode_success;
24591 }
24592 /* VMOVSHDUP ymm2/m256, ymm1 = VEX.NDS.256.F3.0F.WIG 16 /r */
24593 if (haveF3no66noF2(pfx) && 1==getVexL(pfx)/*256*/) {
24594 delta = dis_MOVSxDUP_256( vbi, pfx, delta, False/*!isL*/ );
24595 goto decode_success;
24596 }
24597 break;
24598
24599 case 0x17:
24600 /* VMOVHPS xmm1, m64 = VEX.128.0F.WIG 17 /r */
24601 /* Insn exists only in mem form, it appears. */
24602 /* VMOVHPD xmm1, m64 = VEX.128.66.0F.WIG 17 /r */
24603 /* Insn exists only in mem form, it appears. */
24604 if ((have66noF2noF3(pfx) || haveNo66noF2noF3(pfx))
24605 && 0==getVexL(pfx)/*128*/ && !epartIsReg(getUChar(delta))) {
24606 UChar modrm = getUChar(delta);
24607 UInt rG = gregOfRexRM(pfx, modrm);
24608 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24609 delta += alen;
24610 storeLE( mkexpr(addr), getXMMRegLane64( rG, 1));
24611 DIP("vmovhp%c %s,%s\n", have66(pfx) ? 'd' : 's',
24612 nameXMMReg(rG), dis_buf);
24613 goto decode_success;
24614 }
24615 break;
24616
24617 case 0x28:
24618 /* VMOVAPD xmm2/m128, xmm1 = VEX.128.66.0F.WIG 28 /r */
24619 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
24620 UChar modrm = getUChar(delta);
24621 UInt rG = gregOfRexRM(pfx, modrm);
24622 if (epartIsReg(modrm)) {
24623 UInt rE = eregOfRexRM(pfx,modrm);
24624 putYMMRegLoAndZU( rG, getXMMReg( rE ));
24625 DIP("vmovapd %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
24626 delta += 1;
24627 } else {
24628 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24629 gen_SEGV_if_not_16_aligned( addr );
24630 putYMMRegLoAndZU( rG, loadLE(Ity_V128, mkexpr(addr)) );
24631 DIP("vmovapd %s,%s\n", dis_buf, nameXMMReg(rG));
24632 delta += alen;
24633 }
24634 goto decode_success;
24635 }
24636 /* VMOVAPD ymm2/m256, ymm1 = VEX.256.66.0F.WIG 28 /r */
24637 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
24638 UChar modrm = getUChar(delta);
24639 UInt rG = gregOfRexRM(pfx, modrm);
24640 if (epartIsReg(modrm)) {
24641 UInt rE = eregOfRexRM(pfx,modrm);
24642 putYMMReg( rG, getYMMReg( rE ));
24643 DIP("vmovapd %s,%s\n", nameYMMReg(rE), nameYMMReg(rG));
24644 delta += 1;
24645 } else {
24646 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24647 gen_SEGV_if_not_32_aligned( addr );
24648 putYMMReg( rG, loadLE(Ity_V256, mkexpr(addr)) );
24649 DIP("vmovapd %s,%s\n", dis_buf, nameYMMReg(rG));
24650 delta += alen;
24651 }
24652 goto decode_success;
24653 }
24654 /* VMOVAPS xmm2/m128, xmm1 = VEX.128.0F.WIG 28 /r */
24655 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
24656 UChar modrm = getUChar(delta);
24657 UInt rG = gregOfRexRM(pfx, modrm);
24658 if (epartIsReg(modrm)) {
24659 UInt rE = eregOfRexRM(pfx,modrm);
24660 putYMMRegLoAndZU( rG, getXMMReg( rE ));
24661 DIP("vmovaps %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
24662 delta += 1;
24663 } else {
24664 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24665 gen_SEGV_if_not_16_aligned( addr );
24666 putYMMRegLoAndZU( rG, loadLE(Ity_V128, mkexpr(addr)) );
24667 DIP("vmovaps %s,%s\n", dis_buf, nameXMMReg(rG));
24668 delta += alen;
24669 }
24670 goto decode_success;
24671 }
24672 /* VMOVAPS ymm2/m256, ymm1 = VEX.256.0F.WIG 28 /r */
24673 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
24674 UChar modrm = getUChar(delta);
24675 UInt rG = gregOfRexRM(pfx, modrm);
24676 if (epartIsReg(modrm)) {
24677 UInt rE = eregOfRexRM(pfx,modrm);
24678 putYMMReg( rG, getYMMReg( rE ));
24679 DIP("vmovaps %s,%s\n", nameYMMReg(rE), nameYMMReg(rG));
24680 delta += 1;
24681 } else {
24682 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24683 gen_SEGV_if_not_32_aligned( addr );
24684 putYMMReg( rG, loadLE(Ity_V256, mkexpr(addr)) );
24685 DIP("vmovaps %s,%s\n", dis_buf, nameYMMReg(rG));
24686 delta += alen;
24687 }
24688 goto decode_success;
24689 }
24690 break;
24691
24692 case 0x29:
24693 /* VMOVAPD xmm1, xmm2/m128 = VEX.128.66.0F.WIG 29 /r */
24694 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
24695 UChar modrm = getUChar(delta);
24696 UInt rG = gregOfRexRM(pfx,modrm);
24697 if (epartIsReg(modrm)) {
24698 UInt rE = eregOfRexRM(pfx,modrm);
24699 putYMMRegLoAndZU( rE, getXMMReg(rG) );
24700 DIP("vmovapd %s,%s\n", nameXMMReg(rG), nameXMMReg(rE));
24701 delta += 1;
24702 } else {
24703 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24704 gen_SEGV_if_not_16_aligned( addr );
24705 storeLE( mkexpr(addr), getXMMReg(rG) );
24706 DIP("vmovapd %s,%s\n", nameXMMReg(rG), dis_buf );
24707 delta += alen;
24708 }
24709 goto decode_success;
24710 }
24711 /* VMOVAPD ymm1, ymm2/m256 = VEX.256.66.0F.WIG 29 /r */
24712 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
24713 UChar modrm = getUChar(delta);
24714 UInt rG = gregOfRexRM(pfx,modrm);
24715 if (epartIsReg(modrm)) {
24716 UInt rE = eregOfRexRM(pfx,modrm);
24717 putYMMReg( rE, getYMMReg(rG) );
24718 DIP("vmovapd %s,%s\n", nameYMMReg(rG), nameYMMReg(rE));
24719 delta += 1;
24720 } else {
24721 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24722 gen_SEGV_if_not_32_aligned( addr );
24723 storeLE( mkexpr(addr), getYMMReg(rG) );
24724 DIP("vmovapd %s,%s\n", nameYMMReg(rG), dis_buf );
24725 delta += alen;
24726 }
24727 goto decode_success;
24728 }
24729 /* VMOVAPS xmm1, xmm2/m128 = VEX.128.0F.WIG 29 /r */
24730 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
24731 UChar modrm = getUChar(delta);
24732 UInt rG = gregOfRexRM(pfx,modrm);
24733 if (epartIsReg(modrm)) {
24734 UInt rE = eregOfRexRM(pfx,modrm);
24735 putYMMRegLoAndZU( rE, getXMMReg(rG) );
24736 DIP("vmovaps %s,%s\n", nameXMMReg(rG), nameXMMReg(rE));
24737 delta += 1;
24738 goto decode_success;
24739 } else {
24740 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24741 gen_SEGV_if_not_16_aligned( addr );
24742 storeLE( mkexpr(addr), getXMMReg(rG) );
24743 DIP("vmovaps %s,%s\n", nameXMMReg(rG), dis_buf );
24744 delta += alen;
24745 goto decode_success;
24746 }
24747 }
24748 /* VMOVAPS ymm1, ymm2/m256 = VEX.256.0F.WIG 29 /r */
24749 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
24750 UChar modrm = getUChar(delta);
24751 UInt rG = gregOfRexRM(pfx,modrm);
24752 if (epartIsReg(modrm)) {
24753 UInt rE = eregOfRexRM(pfx,modrm);
24754 putYMMReg( rE, getYMMReg(rG) );
24755 DIP("vmovaps %s,%s\n", nameYMMReg(rG), nameYMMReg(rE));
24756 delta += 1;
24757 goto decode_success;
24758 } else {
24759 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24760 gen_SEGV_if_not_32_aligned( addr );
24761 storeLE( mkexpr(addr), getYMMReg(rG) );
24762 DIP("vmovaps %s,%s\n", nameYMMReg(rG), dis_buf );
24763 delta += alen;
24764 goto decode_success;
24765 }
24766 }
24767 break;
24768
24769 case 0x2A: {
24770 IRTemp rmode = newTemp(Ity_I32);
24771 assign( rmode, get_sse_roundingmode() );
24772 /* VCVTSI2SD r/m32, xmm2, xmm1 = VEX.NDS.LIG.F2.0F.W0 2A /r */
24773 if (haveF2no66noF3(pfx) && 0==getRexW(pfx)/*W0*/) {
24774 UChar modrm = getUChar(delta);
24775 UInt rV = getVexNvvvv(pfx);
24776 UInt rD = gregOfRexRM(pfx, modrm);
24777 IRTemp arg32 = newTemp(Ity_I32);
24778 if (epartIsReg(modrm)) {
24779 UInt rS = eregOfRexRM(pfx,modrm);
24780 assign( arg32, getIReg32(rS) );
24781 delta += 1;
24782 DIP("vcvtsi2sdl %s,%s,%s\n",
24783 nameIReg32(rS), nameXMMReg(rV), nameXMMReg(rD));
24784 } else {
24785 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24786 assign( arg32, loadLE(Ity_I32, mkexpr(addr)) );
24787 delta += alen;
24788 DIP("vcvtsi2sdl %s,%s,%s\n",
24789 dis_buf, nameXMMReg(rV), nameXMMReg(rD));
24790 }
24791 putXMMRegLane64F( rD, 0,
24792 unop(Iop_I32StoF64, mkexpr(arg32)));
24793 putXMMRegLane64( rD, 1, getXMMRegLane64( rV, 1 ));
24794 putYMMRegLane128( rD, 1, mkV128(0) );
24795 *uses_vvvv = True;
24796 goto decode_success;
24797 }
24798 /* VCVTSI2SD r/m64, xmm2, xmm1 = VEX.NDS.LIG.F2.0F.W1 2A /r */
24799 if (haveF2no66noF3(pfx) && 1==getRexW(pfx)/*W1*/) {
24800 UChar modrm = getUChar(delta);
24801 UInt rV = getVexNvvvv(pfx);
24802 UInt rD = gregOfRexRM(pfx, modrm);
24803 IRTemp arg64 = newTemp(Ity_I64);
24804 if (epartIsReg(modrm)) {
24805 UInt rS = eregOfRexRM(pfx,modrm);
24806 assign( arg64, getIReg64(rS) );
24807 delta += 1;
24808 DIP("vcvtsi2sdq %s,%s,%s\n",
24809 nameIReg64(rS), nameXMMReg(rV), nameXMMReg(rD));
24810 } else {
24811 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24812 assign( arg64, loadLE(Ity_I64, mkexpr(addr)) );
24813 delta += alen;
24814 DIP("vcvtsi2sdq %s,%s,%s\n",
24815 dis_buf, nameXMMReg(rV), nameXMMReg(rD));
24816 }
24817 putXMMRegLane64F( rD, 0,
24818 binop( Iop_I64StoF64,
24819 get_sse_roundingmode(),
24820 mkexpr(arg64)) );
24821 putXMMRegLane64( rD, 1, getXMMRegLane64( rV, 1 ));
24822 putYMMRegLane128( rD, 1, mkV128(0) );
24823 *uses_vvvv = True;
24824 goto decode_success;
24825 }
24826 /* VCVTSI2SS r/m64, xmm2, xmm1 = VEX.NDS.LIG.F3.0F.W1 2A /r */
24827 if (haveF3no66noF2(pfx) && 1==getRexW(pfx)/*W1*/) {
24828 UChar modrm = getUChar(delta);
24829 UInt rV = getVexNvvvv(pfx);
24830 UInt rD = gregOfRexRM(pfx, modrm);
24831 IRTemp arg64 = newTemp(Ity_I64);
24832 if (epartIsReg(modrm)) {
24833 UInt rS = eregOfRexRM(pfx,modrm);
24834 assign( arg64, getIReg64(rS) );
24835 delta += 1;
24836 DIP("vcvtsi2ssq %s,%s,%s\n",
24837 nameIReg64(rS), nameXMMReg(rV), nameXMMReg(rD));
24838 } else {
24839 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24840 assign( arg64, loadLE(Ity_I64, mkexpr(addr)) );
24841 delta += alen;
24842 DIP("vcvtsi2ssq %s,%s,%s\n",
24843 dis_buf, nameXMMReg(rV), nameXMMReg(rD));
24844 }
24845 putXMMRegLane32F( rD, 0,
24846 binop(Iop_F64toF32,
24847 mkexpr(rmode),
24848 binop(Iop_I64StoF64, mkexpr(rmode),
24849 mkexpr(arg64)) ) );
24850 putXMMRegLane32( rD, 1, getXMMRegLane32( rV, 1 ));
24851 putXMMRegLane64( rD, 1, getXMMRegLane64( rV, 1 ));
24852 putYMMRegLane128( rD, 1, mkV128(0) );
24853 *uses_vvvv = True;
24854 goto decode_success;
24855 }
24856 /* VCVTSI2SS r/m32, xmm2, xmm1 = VEX.NDS.LIG.F3.0F.W0 2A /r */
24857 if (haveF3no66noF2(pfx) && 0==getRexW(pfx)/*W0*/) {
24858 UChar modrm = getUChar(delta);
24859 UInt rV = getVexNvvvv(pfx);
24860 UInt rD = gregOfRexRM(pfx, modrm);
24861 IRTemp arg32 = newTemp(Ity_I32);
24862 if (epartIsReg(modrm)) {
24863 UInt rS = eregOfRexRM(pfx,modrm);
24864 assign( arg32, getIReg32(rS) );
24865 delta += 1;
24866 DIP("vcvtsi2ssl %s,%s,%s\n",
24867 nameIReg32(rS), nameXMMReg(rV), nameXMMReg(rD));
24868 } else {
24869 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
24870 assign( arg32, loadLE(Ity_I32, mkexpr(addr)) );
24871 delta += alen;
24872 DIP("vcvtsi2ssl %s,%s,%s\n",
24873 dis_buf, nameXMMReg(rV), nameXMMReg(rD));
24874 }
24875 putXMMRegLane32F( rD, 0,
24876 binop(Iop_F64toF32,
24877 mkexpr(rmode),
24878 unop(Iop_I32StoF64, mkexpr(arg32)) ) );
24879 putXMMRegLane32( rD, 1, getXMMRegLane32( rV, 1 ));
24880 putXMMRegLane64( rD, 1, getXMMRegLane64( rV, 1 ));
24881 putYMMRegLane128( rD, 1, mkV128(0) );
24882 *uses_vvvv = True;
24883 goto decode_success;
24884 }
24885 break;
24886 }
24887
24888 case 0x2B:
24889 /* VMOVNTPD xmm1, m128 = VEX.128.66.0F.WIG 2B /r */
24890 /* VMOVNTPS xmm1, m128 = VEX.128.0F.WIG 2B /r */
24891 if ((have66noF2noF3(pfx) || haveNo66noF2noF3(pfx))
24892 && 0==getVexL(pfx)/*128*/ && !epartIsReg(getUChar(delta))) {
24893 UChar modrm = getUChar(delta);
24894 UInt rS = gregOfRexRM(pfx, modrm);
24895 IRTemp tS = newTemp(Ity_V128);
24896 assign(tS, getXMMReg(rS));
24897 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
24898 delta += alen;
24899 gen_SEGV_if_not_16_aligned(addr);
24900 storeLE(mkexpr(addr), mkexpr(tS));
24901 DIP("vmovntp%c %s,%s\n", have66(pfx) ? 'd' : 's',
24902 nameXMMReg(rS), dis_buf);
24903 goto decode_success;
24904 }
24905 /* VMOVNTPD ymm1, m256 = VEX.256.66.0F.WIG 2B /r */
24906 /* VMOVNTPS ymm1, m256 = VEX.256.0F.WIG 2B /r */
24907 if ((have66noF2noF3(pfx) || haveNo66noF2noF3(pfx))
24908 && 1==getVexL(pfx)/*256*/ && !epartIsReg(getUChar(delta))) {
24909 UChar modrm = getUChar(delta);
24910 UInt rS = gregOfRexRM(pfx, modrm);
24911 IRTemp tS = newTemp(Ity_V256);
24912 assign(tS, getYMMReg(rS));
24913 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
24914 delta += alen;
24915 gen_SEGV_if_not_32_aligned(addr);
24916 storeLE(mkexpr(addr), mkexpr(tS));
24917 DIP("vmovntp%c %s,%s\n", have66(pfx) ? 'd' : 's',
24918 nameYMMReg(rS), dis_buf);
24919 goto decode_success;
24920 }
24921 break;
24922
24923 case 0x2C:
24924 /* VCVTTSD2SI xmm1/m32, r32 = VEX.LIG.F2.0F.W0 2C /r */
24925 if (haveF2no66noF3(pfx) && 0==getRexW(pfx)/*W0*/) {
24926 delta = dis_CVTxSD2SI( vbi, pfx, delta, True/*isAvx*/, opc, 4);
24927 goto decode_success;
24928 }
24929 /* VCVTTSD2SI xmm1/m64, r64 = VEX.LIG.F2.0F.W1 2C /r */
24930 if (haveF2no66noF3(pfx) && 1==getRexW(pfx)/*W1*/) {
24931 delta = dis_CVTxSD2SI( vbi, pfx, delta, True/*isAvx*/, opc, 8);
24932 goto decode_success;
24933 }
24934 /* VCVTTSS2SI xmm1/m32, r32 = VEX.LIG.F3.0F.W0 2C /r */
24935 if (haveF3no66noF2(pfx) && 0==getRexW(pfx)/*W0*/) {
24936 delta = dis_CVTxSS2SI( vbi, pfx, delta, True/*isAvx*/, opc, 4);
24937 goto decode_success;
24938 }
24939 /* VCVTTSS2SI xmm1/m64, r64 = VEX.LIG.F3.0F.W1 2C /r */
24940 if (haveF3no66noF2(pfx) && 1==getRexW(pfx)/*W1*/) {
24941 delta = dis_CVTxSS2SI( vbi, pfx, delta, True/*isAvx*/, opc, 8);
24942 goto decode_success;
24943 }
24944 break;
24945
24946 case 0x2D:
24947 /* VCVTSD2SI xmm1/m32, r32 = VEX.LIG.F2.0F.W0 2D /r */
24948 if (haveF2no66noF3(pfx) && 0==getRexW(pfx)/*W0*/) {
24949 delta = dis_CVTxSD2SI( vbi, pfx, delta, True/*isAvx*/, opc, 4);
24950 goto decode_success;
24951 }
24952 /* VCVTSD2SI xmm1/m64, r64 = VEX.LIG.F2.0F.W1 2D /r */
24953 if (haveF2no66noF3(pfx) && 1==getRexW(pfx)/*W1*/) {
24954 delta = dis_CVTxSD2SI( vbi, pfx, delta, True/*isAvx*/, opc, 8);
24955 goto decode_success;
24956 }
24957 /* VCVTSS2SI xmm1/m32, r32 = VEX.LIG.F3.0F.W0 2D /r */
24958 if (haveF3no66noF2(pfx) && 0==getRexW(pfx)/*W0*/) {
24959 delta = dis_CVTxSS2SI( vbi, pfx, delta, True/*isAvx*/, opc, 4);
24960 goto decode_success;
24961 }
24962 /* VCVTSS2SI xmm1/m64, r64 = VEX.LIG.F3.0F.W1 2D /r */
24963 if (haveF3no66noF2(pfx) && 1==getRexW(pfx)/*W1*/) {
24964 delta = dis_CVTxSS2SI( vbi, pfx, delta, True/*isAvx*/, opc, 8);
24965 goto decode_success;
24966 }
24967 break;
24968
24969 case 0x2E:
24970 case 0x2F:
24971 /* VUCOMISD xmm2/m64, xmm1 = VEX.LIG.66.0F.WIG 2E /r */
24972 /* VCOMISD xmm2/m64, xmm1 = VEX.LIG.66.0F.WIG 2F /r */
24973 if (have66noF2noF3(pfx)) {
24974 delta = dis_COMISD( vbi, pfx, delta, True/*isAvx*/, opc );
24975 goto decode_success;
24976 }
24977 /* VUCOMISS xmm2/m32, xmm1 = VEX.LIG.0F.WIG 2E /r */
24978 /* VCOMISS xmm2/m32, xmm1 = VEX.LIG.0F.WIG 2F /r */
24979 if (haveNo66noF2noF3(pfx)) {
24980 delta = dis_COMISS( vbi, pfx, delta, True/*isAvx*/, opc );
24981 goto decode_success;
24982 }
24983 break;
24984
24985 case 0x50:
24986 /* VMOVMSKPD xmm2, r32 = VEX.128.66.0F.WIG 50 /r */
24987 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
24988 delta = dis_MOVMSKPD_128( vbi, pfx, delta, True/*isAvx*/ );
24989 goto decode_success;
24990 }
24991 /* VMOVMSKPD ymm2, r32 = VEX.256.66.0F.WIG 50 /r */
24992 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
24993 delta = dis_MOVMSKPD_256( vbi, pfx, delta );
24994 goto decode_success;
24995 }
24996 /* VMOVMSKPS xmm2, r32 = VEX.128.0F.WIG 50 /r */
24997 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
24998 delta = dis_MOVMSKPS_128( vbi, pfx, delta, True/*isAvx*/ );
24999 goto decode_success;
25000 }
25001 /* VMOVMSKPS ymm2, r32 = VEX.256.0F.WIG 50 /r */
25002 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25003 delta = dis_MOVMSKPS_256( vbi, pfx, delta );
25004 goto decode_success;
25005 }
25006 break;
25007
25008 case 0x51:
25009 /* VSQRTSS xmm3/m64(E), xmm2(V), xmm1(G) = VEX.NDS.LIG.F3.0F.WIG 51 /r */
25010 if (haveF3no66noF2(pfx)) {
25011 delta = dis_AVX128_E_V_to_G_lo32_unary(
25012 uses_vvvv, vbi, pfx, delta, "vsqrtss", Iop_Sqrt32F0x4 );
25013 goto decode_success;
25014 }
25015 /* VSQRTPS xmm2/m128(E), xmm1(G) = VEX.NDS.128.0F.WIG 51 /r */
25016 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25017 delta = dis_AVX128_E_to_G_unary_all(
25018 uses_vvvv, vbi, pfx, delta, "vsqrtps", Iop_Sqrt32Fx4 );
25019 goto decode_success;
25020 }
25021 /* VSQRTPS ymm2/m256(E), ymm1(G) = VEX.NDS.256.0F.WIG 51 /r */
25022 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25023 delta = dis_AVX256_E_to_G_unary_all(
25024 uses_vvvv, vbi, pfx, delta, "vsqrtps", Iop_Sqrt32Fx8 );
25025 goto decode_success;
25026 }
25027 /* VSQRTSD xmm3/m64(E), xmm2(V), xmm1(G) = VEX.NDS.LIG.F2.0F.WIG 51 /r */
25028 if (haveF2no66noF3(pfx)) {
25029 delta = dis_AVX128_E_V_to_G_lo64_unary(
25030 uses_vvvv, vbi, pfx, delta, "vsqrtsd", Iop_Sqrt64F0x2 );
25031 goto decode_success;
25032 }
25033 /* VSQRTPD xmm2/m128(E), xmm1(G) = VEX.NDS.128.66.0F.WIG 51 /r */
25034 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25035 delta = dis_AVX128_E_to_G_unary_all(
25036 uses_vvvv, vbi, pfx, delta, "vsqrtpd", Iop_Sqrt64Fx2 );
25037 goto decode_success;
25038 }
25039 /* VSQRTPD ymm2/m256(E), ymm1(G) = VEX.NDS.256.66.0F.WIG 51 /r */
25040 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25041 delta = dis_AVX256_E_to_G_unary_all(
25042 uses_vvvv, vbi, pfx, delta, "vsqrtpd", Iop_Sqrt64Fx4 );
25043 goto decode_success;
25044 }
25045 break;
25046
25047 case 0x52:
25048 /* VRSQRTSS xmm3/m64(E), xmm2(V), xmm1(G) = VEX.NDS.LIG.F3.0F.WIG 52 /r */
25049 if (haveF3no66noF2(pfx)) {
25050 delta = dis_AVX128_E_V_to_G_lo32_unary(
25051 uses_vvvv, vbi, pfx, delta, "vrsqrtss",
25052 Iop_RSqrtEst32F0x4 );
25053 goto decode_success;
25054 }
25055 /* VRSQRTPS xmm2/m128(E), xmm1(G) = VEX.NDS.128.0F.WIG 52 /r */
25056 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25057 delta = dis_AVX128_E_to_G_unary_all(
25058 uses_vvvv, vbi, pfx, delta, "vrsqrtps", Iop_RSqrtEst32Fx4 );
25059 goto decode_success;
25060 }
25061 /* VRSQRTPS ymm2/m256(E), ymm1(G) = VEX.NDS.256.0F.WIG 52 /r */
25062 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25063 delta = dis_AVX256_E_to_G_unary_all(
25064 uses_vvvv, vbi, pfx, delta, "vrsqrtps", Iop_RSqrtEst32Fx8 );
25065 goto decode_success;
25066 }
25067 break;
25068
25069 case 0x53:
25070 /* VRCPSS xmm3/m64(E), xmm2(V), xmm1(G) = VEX.NDS.LIG.F3.0F.WIG 53 /r */
25071 if (haveF3no66noF2(pfx)) {
25072 delta = dis_AVX128_E_V_to_G_lo32_unary(
25073 uses_vvvv, vbi, pfx, delta, "vrcpss", Iop_RecipEst32F0x4 );
25074 goto decode_success;
25075 }
25076 /* VRCPPS xmm2/m128(E), xmm1(G) = VEX.NDS.128.0F.WIG 53 /r */
25077 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25078 delta = dis_AVX128_E_to_G_unary_all(
25079 uses_vvvv, vbi, pfx, delta, "vrcpps", Iop_RecipEst32Fx4 );
25080 goto decode_success;
25081 }
25082 /* VRCPPS ymm2/m256(E), ymm1(G) = VEX.NDS.256.0F.WIG 53 /r */
25083 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25084 delta = dis_AVX256_E_to_G_unary_all(
25085 uses_vvvv, vbi, pfx, delta, "vrcpps", Iop_RecipEst32Fx8 );
25086 goto decode_success;
25087 }
25088 break;
25089
25090 case 0x54:
25091 /* VANDPD r/m, rV, r ::: r = rV & r/m */
25092 /* VANDPD = VEX.NDS.128.66.0F.WIG 54 /r */
25093 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25094 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
25095 uses_vvvv, vbi, pfx, delta, "vandpd", Iop_AndV128 );
25096 goto decode_success;
25097 }
25098 /* VANDPD r/m, rV, r ::: r = rV & r/m */
25099 /* VANDPD = VEX.NDS.256.66.0F.WIG 54 /r */
25100 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25101 delta = dis_AVX256_E_V_to_G(
25102 uses_vvvv, vbi, pfx, delta, "vandpd", Iop_AndV256 );
25103 goto decode_success;
25104 }
25105 /* VANDPS = VEX.NDS.128.0F.WIG 54 /r */
25106 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25107 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
25108 uses_vvvv, vbi, pfx, delta, "vandps", Iop_AndV128 );
25109 goto decode_success;
25110 }
25111 /* VANDPS = VEX.NDS.256.0F.WIG 54 /r */
25112 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25113 delta = dis_AVX256_E_V_to_G(
25114 uses_vvvv, vbi, pfx, delta, "vandps", Iop_AndV256 );
25115 goto decode_success;
25116 }
25117 break;
25118
25119 case 0x55:
25120 /* VANDNPD r/m, rV, r ::: r = (not rV) & r/m */
25121 /* VANDNPD = VEX.NDS.128.66.0F.WIG 55 /r */
25122 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25123 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
25124 uses_vvvv, vbi, pfx, delta, "vandpd", Iop_AndV128,
25125 NULL, True/*invertLeftArg*/, False/*swapArgs*/ );
25126 goto decode_success;
25127 }
25128 /* VANDNPD = VEX.NDS.256.66.0F.WIG 55 /r */
25129 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25130 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG(
25131 uses_vvvv, vbi, pfx, delta, "vandpd", Iop_AndV256,
25132 NULL, True/*invertLeftArg*/, False/*swapArgs*/ );
25133 goto decode_success;
25134 }
25135 /* VANDNPS = VEX.NDS.128.0F.WIG 55 /r */
25136 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25137 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
25138 uses_vvvv, vbi, pfx, delta, "vandps", Iop_AndV128,
25139 NULL, True/*invertLeftArg*/, False/*swapArgs*/ );
25140 goto decode_success;
25141 }
25142 /* VANDNPS = VEX.NDS.256.0F.WIG 55 /r */
25143 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25144 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG(
25145 uses_vvvv, vbi, pfx, delta, "vandps", Iop_AndV256,
25146 NULL, True/*invertLeftArg*/, False/*swapArgs*/ );
25147 goto decode_success;
25148 }
25149 break;
25150
25151 case 0x56:
25152 /* VORPD r/m, rV, r ::: r = rV | r/m */
25153 /* VORPD = VEX.NDS.128.66.0F.WIG 56 /r */
25154 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25155 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
25156 uses_vvvv, vbi, pfx, delta, "vorpd", Iop_OrV128 );
25157 goto decode_success;
25158 }
25159 /* VORPD r/m, rV, r ::: r = rV | r/m */
25160 /* VORPD = VEX.NDS.256.66.0F.WIG 56 /r */
25161 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25162 delta = dis_AVX256_E_V_to_G(
25163 uses_vvvv, vbi, pfx, delta, "vorpd", Iop_OrV256 );
25164 goto decode_success;
25165 }
25166 /* VORPS r/m, rV, r ::: r = rV | r/m */
25167 /* VORPS = VEX.NDS.128.0F.WIG 56 /r */
25168 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25169 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
25170 uses_vvvv, vbi, pfx, delta, "vorps", Iop_OrV128 );
25171 goto decode_success;
25172 }
25173 /* VORPS r/m, rV, r ::: r = rV | r/m */
25174 /* VORPS = VEX.NDS.256.0F.WIG 56 /r */
25175 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25176 delta = dis_AVX256_E_V_to_G(
25177 uses_vvvv, vbi, pfx, delta, "vorps", Iop_OrV256 );
25178 goto decode_success;
25179 }
25180 break;
25181
25182 case 0x57:
25183 /* VXORPD r/m, rV, r ::: r = rV ^ r/m */
25184 /* VXORPD = VEX.NDS.128.66.0F.WIG 57 /r */
25185 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25186 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
25187 uses_vvvv, vbi, pfx, delta, "vxorpd", Iop_XorV128 );
25188 goto decode_success;
25189 }
25190 /* VXORPD r/m, rV, r ::: r = rV ^ r/m */
25191 /* VXORPD = VEX.NDS.256.66.0F.WIG 57 /r */
25192 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25193 delta = dis_AVX256_E_V_to_G(
25194 uses_vvvv, vbi, pfx, delta, "vxorpd", Iop_XorV256 );
25195 goto decode_success;
25196 }
25197 /* VXORPS r/m, rV, r ::: r = rV ^ r/m */
25198 /* VXORPS = VEX.NDS.128.0F.WIG 57 /r */
25199 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25200 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
25201 uses_vvvv, vbi, pfx, delta, "vxorps", Iop_XorV128 );
25202 goto decode_success;
25203 }
25204 /* VXORPS r/m, rV, r ::: r = rV ^ r/m */
25205 /* VXORPS = VEX.NDS.256.0F.WIG 57 /r */
25206 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25207 delta = dis_AVX256_E_V_to_G(
25208 uses_vvvv, vbi, pfx, delta, "vxorps", Iop_XorV256 );
25209 goto decode_success;
25210 }
25211 break;
25212
25213 case 0x58:
25214 /* VADDSD xmm3/m64, xmm2, xmm1 = VEX.NDS.LIG.F2.0F.WIG 58 /r */
25215 if (haveF2no66noF3(pfx)) {
25216 delta = dis_AVX128_E_V_to_G_lo64(
25217 uses_vvvv, vbi, pfx, delta, "vaddsd", Iop_Add64F0x2 );
25218 goto decode_success;
25219 }
25220 /* VADDSS xmm3/m32, xmm2, xmm1 = VEX.NDS.LIG.F3.0F.WIG 58 /r */
25221 if (haveF3no66noF2(pfx)) {
25222 delta = dis_AVX128_E_V_to_G_lo32(
25223 uses_vvvv, vbi, pfx, delta, "vaddss", Iop_Add32F0x4 );
25224 goto decode_success;
25225 }
25226 /* VADDPS xmm3/m128, xmm2, xmm1 = VEX.NDS.128.0F.WIG 58 /r */
25227 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25228 delta = dis_AVX128_E_V_to_G(
25229 uses_vvvv, vbi, pfx, delta, "vaddps", Iop_Add32Fx4 );
25230 goto decode_success;
25231 }
25232 /* VADDPS ymm3/m256, ymm2, ymm1 = VEX.NDS.256.0F.WIG 58 /r */
25233 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25234 delta = dis_AVX256_E_V_to_G(
25235 uses_vvvv, vbi, pfx, delta, "vaddps", Iop_Add32Fx8 );
25236 goto decode_success;
25237 }
25238 /* VADDPD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG 58 /r */
25239 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25240 delta = dis_AVX128_E_V_to_G(
25241 uses_vvvv, vbi, pfx, delta, "vaddpd", Iop_Add64Fx2 );
25242 goto decode_success;
25243 }
25244 /* VADDPD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG 58 /r */
25245 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25246 delta = dis_AVX256_E_V_to_G(
25247 uses_vvvv, vbi, pfx, delta, "vaddpd", Iop_Add64Fx4 );
25248 goto decode_success;
25249 }
25250 break;
25251
25252 case 0x59:
25253 /* VMULSD xmm3/m64, xmm2, xmm1 = VEX.NDS.LIG.F2.0F.WIG 59 /r */
25254 if (haveF2no66noF3(pfx)) {
25255 delta = dis_AVX128_E_V_to_G_lo64(
25256 uses_vvvv, vbi, pfx, delta, "vmulsd", Iop_Mul64F0x2 );
25257 goto decode_success;
25258 }
25259 /* VMULSS xmm3/m32, xmm2, xmm1 = VEX.NDS.LIG.F3.0F.WIG 59 /r */
25260 if (haveF3no66noF2(pfx)) {
25261 delta = dis_AVX128_E_V_to_G_lo32(
25262 uses_vvvv, vbi, pfx, delta, "vmulss", Iop_Mul32F0x4 );
25263 goto decode_success;
25264 }
25265 /* VMULPS xmm3/m128, xmm2, xmm1 = VEX.NDS.128.0F.WIG 59 /r */
25266 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25267 delta = dis_AVX128_E_V_to_G(
25268 uses_vvvv, vbi, pfx, delta, "vmulps", Iop_Mul32Fx4 );
25269 goto decode_success;
25270 }
25271 /* VMULPS ymm3/m256, ymm2, ymm1 = VEX.NDS.256.0F.WIG 59 /r */
25272 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25273 delta = dis_AVX256_E_V_to_G(
25274 uses_vvvv, vbi, pfx, delta, "vmulps", Iop_Mul32Fx8 );
25275 goto decode_success;
25276 }
25277 /* VMULPD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG 59 /r */
25278 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25279 delta = dis_AVX128_E_V_to_G(
25280 uses_vvvv, vbi, pfx, delta, "vmulpd", Iop_Mul64Fx2 );
25281 goto decode_success;
25282 }
25283 /* VMULPD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG 59 /r */
25284 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25285 delta = dis_AVX256_E_V_to_G(
25286 uses_vvvv, vbi, pfx, delta, "vmulpd", Iop_Mul64Fx4 );
25287 goto decode_success;
25288 }
25289 break;
25290
25291 case 0x5A:
25292 /* VCVTPS2PD xmm2/m64, xmm1 = VEX.128.0F.WIG 5A /r */
25293 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25294 delta = dis_CVTPS2PD_128( vbi, pfx, delta, True/*isAvx*/ );
25295 goto decode_success;
25296 }
25297 /* VCVTPS2PD xmm2/m128, ymm1 = VEX.256.0F.WIG 5A /r */
25298 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25299 delta = dis_CVTPS2PD_256( vbi, pfx, delta );
25300 goto decode_success;
25301 }
25302 /* VCVTPD2PS xmm2/m128, xmm1 = VEX.128.66.0F.WIG 5A /r */
25303 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25304 delta = dis_CVTPD2PS_128( vbi, pfx, delta, True/*isAvx*/ );
25305 goto decode_success;
25306 }
25307 /* VCVTPD2PS ymm2/m256, xmm1 = VEX.256.66.0F.WIG 5A /r */
25308 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25309 delta = dis_CVTPD2PS_256( vbi, pfx, delta );
25310 goto decode_success;
25311 }
25312 /* VCVTSD2SS xmm3/m64, xmm2, xmm1 = VEX.NDS.LIG.F2.0F.WIG 5A /r */
25313 if (haveF2no66noF3(pfx)) {
25314 UChar modrm = getUChar(delta);
25315 UInt rV = getVexNvvvv(pfx);
25316 UInt rD = gregOfRexRM(pfx, modrm);
25317 IRTemp f64lo = newTemp(Ity_F64);
25318 IRTemp rmode = newTemp(Ity_I32);
25319 assign( rmode, get_sse_roundingmode() );
25320 if (epartIsReg(modrm)) {
25321 UInt rS = eregOfRexRM(pfx,modrm);
25322 assign(f64lo, getXMMRegLane64F(rS, 0));
25323 delta += 1;
25324 DIP("vcvtsd2ss %s,%s,%s\n",
25325 nameXMMReg(rS), nameXMMReg(rV), nameXMMReg(rD));
25326 } else {
25327 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
25328 assign(f64lo, loadLE(Ity_F64, mkexpr(addr)) );
25329 delta += alen;
25330 DIP("vcvtsd2ss %s,%s,%s\n",
25331 dis_buf, nameXMMReg(rV), nameXMMReg(rD));
25332 }
25333 putXMMRegLane32F( rD, 0,
25334 binop( Iop_F64toF32, mkexpr(rmode),
25335 mkexpr(f64lo)) );
25336 putXMMRegLane32( rD, 1, getXMMRegLane32( rV, 1 ));
25337 putXMMRegLane64( rD, 1, getXMMRegLane64( rV, 1 ));
25338 putYMMRegLane128( rD, 1, mkV128(0) );
25339 *uses_vvvv = True;
25340 goto decode_success;
25341 }
25342 /* VCVTSS2SD xmm3/m32, xmm2, xmm1 = VEX.NDS.LIG.F3.0F.WIG 5A /r */
25343 if (haveF3no66noF2(pfx)) {
25344 UChar modrm = getUChar(delta);
25345 UInt rV = getVexNvvvv(pfx);
25346 UInt rD = gregOfRexRM(pfx, modrm);
25347 IRTemp f32lo = newTemp(Ity_F32);
25348 if (epartIsReg(modrm)) {
25349 UInt rS = eregOfRexRM(pfx,modrm);
25350 assign(f32lo, getXMMRegLane32F(rS, 0));
25351 delta += 1;
25352 DIP("vcvtss2sd %s,%s,%s\n",
25353 nameXMMReg(rS), nameXMMReg(rV), nameXMMReg(rD));
25354 } else {
25355 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
25356 assign(f32lo, loadLE(Ity_F32, mkexpr(addr)) );
25357 delta += alen;
25358 DIP("vcvtss2sd %s,%s,%s\n",
25359 dis_buf, nameXMMReg(rV), nameXMMReg(rD));
25360 }
25361 putXMMRegLane64F( rD, 0,
25362 unop( Iop_F32toF64, mkexpr(f32lo)) );
25363 putXMMRegLane64( rD, 1, getXMMRegLane64( rV, 1 ));
25364 putYMMRegLane128( rD, 1, mkV128(0) );
25365 *uses_vvvv = True;
25366 goto decode_success;
25367 }
25368 break;
25369
25370 case 0x5B:
25371 /* VCVTPS2DQ xmm2/m128, xmm1 = VEX.128.66.0F.WIG 5B /r */
25372 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25373 delta = dis_CVTxPS2DQ_128( vbi, pfx, delta,
25374 True/*isAvx*/, False/*!r2zero*/ );
25375 goto decode_success;
25376 }
25377 /* VCVTPS2DQ ymm2/m256, ymm1 = VEX.256.66.0F.WIG 5B /r */
25378 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25379 delta = dis_CVTxPS2DQ_256( vbi, pfx, delta,
25380 False/*!r2zero*/ );
25381 goto decode_success;
25382 }
25383 /* VCVTTPS2DQ xmm2/m128, xmm1 = VEX.128.F3.0F.WIG 5B /r */
25384 if (haveF3no66noF2(pfx) && 0==getVexL(pfx)/*128*/) {
25385 delta = dis_CVTxPS2DQ_128( vbi, pfx, delta,
25386 True/*isAvx*/, True/*r2zero*/ );
25387 goto decode_success;
25388 }
25389 /* VCVTTPS2DQ ymm2/m256, ymm1 = VEX.256.F3.0F.WIG 5B /r */
25390 if (haveF3no66noF2(pfx) && 1==getVexL(pfx)/*256*/) {
25391 delta = dis_CVTxPS2DQ_256( vbi, pfx, delta,
25392 True/*r2zero*/ );
25393 goto decode_success;
25394 }
25395 /* VCVTDQ2PS xmm2/m128, xmm1 = VEX.128.0F.WIG 5B /r */
25396 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25397 delta = dis_CVTDQ2PS_128 ( vbi, pfx, delta, True/*isAvx*/ );
25398 goto decode_success;
25399 }
25400 /* VCVTDQ2PS ymm2/m256, ymm1 = VEX.256.0F.WIG 5B /r */
25401 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25402 delta = dis_CVTDQ2PS_256 ( vbi, pfx, delta );
25403 goto decode_success;
25404 }
25405 break;
25406
25407 case 0x5C:
25408 /* VSUBSD xmm3/m64, xmm2, xmm1 = VEX.NDS.LIG.F2.0F.WIG 5C /r */
25409 if (haveF2no66noF3(pfx)) {
25410 delta = dis_AVX128_E_V_to_G_lo64(
25411 uses_vvvv, vbi, pfx, delta, "vsubsd", Iop_Sub64F0x2 );
25412 goto decode_success;
25413 }
25414 /* VSUBSS xmm3/m32, xmm2, xmm1 = VEX.NDS.LIG.F3.0F.WIG 5C /r */
25415 if (haveF3no66noF2(pfx)) {
25416 delta = dis_AVX128_E_V_to_G_lo32(
25417 uses_vvvv, vbi, pfx, delta, "vsubss", Iop_Sub32F0x4 );
25418 goto decode_success;
25419 }
25420 /* VSUBPS xmm3/m128, xmm2, xmm1 = VEX.NDS.128.0F.WIG 5C /r */
25421 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25422 delta = dis_AVX128_E_V_to_G(
25423 uses_vvvv, vbi, pfx, delta, "vsubps", Iop_Sub32Fx4 );
25424 goto decode_success;
25425 }
25426 /* VSUBPS ymm3/m256, ymm2, ymm1 = VEX.NDS.256.0F.WIG 5C /r */
25427 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25428 delta = dis_AVX256_E_V_to_G(
25429 uses_vvvv, vbi, pfx, delta, "vsubps", Iop_Sub32Fx8 );
25430 goto decode_success;
25431 }
25432 /* VSUBPD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG 5C /r */
25433 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25434 delta = dis_AVX128_E_V_to_G(
25435 uses_vvvv, vbi, pfx, delta, "vsubpd", Iop_Sub64Fx2 );
25436 goto decode_success;
25437 }
25438 /* VSUBPD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG 5C /r */
25439 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25440 delta = dis_AVX256_E_V_to_G(
25441 uses_vvvv, vbi, pfx, delta, "vsubpd", Iop_Sub64Fx4 );
25442 goto decode_success;
25443 }
25444 break;
25445
25446 case 0x5D:
25447 /* VMINSD xmm3/m64, xmm2, xmm1 = VEX.NDS.LIG.F2.0F.WIG 5D /r */
25448 if (haveF2no66noF3(pfx)) {
25449 delta = dis_AVX128_E_V_to_G_lo64(
25450 uses_vvvv, vbi, pfx, delta, "vminsd", Iop_Min64F0x2 );
25451 goto decode_success;
25452 }
25453 /* VMINSS xmm3/m32, xmm2, xmm1 = VEX.NDS.LIG.F3.0F.WIG 5D /r */
25454 if (haveF3no66noF2(pfx)) {
25455 delta = dis_AVX128_E_V_to_G_lo32(
25456 uses_vvvv, vbi, pfx, delta, "vminss", Iop_Min32F0x4 );
25457 goto decode_success;
25458 }
25459 /* VMINPS xmm3/m128, xmm2, xmm1 = VEX.NDS.128.0F.WIG 5D /r */
25460 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25461 delta = dis_AVX128_E_V_to_G(
25462 uses_vvvv, vbi, pfx, delta, "vminps", Iop_Min32Fx4 );
25463 goto decode_success;
25464 }
25465 /* VMINPS ymm3/m256, ymm2, ymm1 = VEX.NDS.256.0F.WIG 5D /r */
25466 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25467 delta = dis_AVX256_E_V_to_G(
25468 uses_vvvv, vbi, pfx, delta, "vminps", Iop_Min32Fx8 );
25469 goto decode_success;
25470 }
25471 /* VMINPD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG 5D /r */
25472 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25473 delta = dis_AVX128_E_V_to_G(
25474 uses_vvvv, vbi, pfx, delta, "vminpd", Iop_Min64Fx2 );
25475 goto decode_success;
25476 }
25477 /* VMINPD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG 5D /r */
25478 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25479 delta = dis_AVX256_E_V_to_G(
25480 uses_vvvv, vbi, pfx, delta, "vminpd", Iop_Min64Fx4 );
25481 goto decode_success;
25482 }
25483 break;
25484
25485 case 0x5E:
25486 /* VDIVSD xmm3/m64, xmm2, xmm1 = VEX.NDS.LIG.F2.0F.WIG 5E /r */
25487 if (haveF2no66noF3(pfx)) {
25488 delta = dis_AVX128_E_V_to_G_lo64(
25489 uses_vvvv, vbi, pfx, delta, "vdivsd", Iop_Div64F0x2 );
25490 goto decode_success;
25491 }
25492 /* VDIVSS xmm3/m32, xmm2, xmm1 = VEX.NDS.LIG.F3.0F.WIG 5E /r */
25493 if (haveF3no66noF2(pfx)) {
25494 delta = dis_AVX128_E_V_to_G_lo32(
25495 uses_vvvv, vbi, pfx, delta, "vdivss", Iop_Div32F0x4 );
25496 goto decode_success;
25497 }
25498 /* VDIVPS xmm3/m128, xmm2, xmm1 = VEX.NDS.128.0F.WIG 5E /r */
25499 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25500 delta = dis_AVX128_E_V_to_G(
25501 uses_vvvv, vbi, pfx, delta, "vdivps", Iop_Div32Fx4 );
25502 goto decode_success;
25503 }
25504 /* VDIVPS ymm3/m256, ymm2, ymm1 = VEX.NDS.256.0F.WIG 5E /r */
25505 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25506 delta = dis_AVX256_E_V_to_G(
25507 uses_vvvv, vbi, pfx, delta, "vdivps", Iop_Div32Fx8 );
25508 goto decode_success;
25509 }
25510 /* VDIVPD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG 5E /r */
25511 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25512 delta = dis_AVX128_E_V_to_G(
25513 uses_vvvv, vbi, pfx, delta, "vdivpd", Iop_Div64Fx2 );
25514 goto decode_success;
25515 }
25516 /* VDIVPD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG 5E /r */
25517 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25518 delta = dis_AVX256_E_V_to_G(
25519 uses_vvvv, vbi, pfx, delta, "vdivpd", Iop_Div64Fx4 );
25520 goto decode_success;
25521 }
25522 break;
25523
25524 case 0x5F:
25525 /* VMAXSD xmm3/m64, xmm2, xmm1 = VEX.NDS.LIG.F2.0F.WIG 5F /r */
25526 if (haveF2no66noF3(pfx)) {
25527 delta = dis_AVX128_E_V_to_G_lo64(
25528 uses_vvvv, vbi, pfx, delta, "vmaxsd", Iop_Max64F0x2 );
25529 goto decode_success;
25530 }
25531 /* VMAXSS xmm3/m32, xmm2, xmm1 = VEX.NDS.LIG.F3.0F.WIG 5F /r */
25532 if (haveF3no66noF2(pfx)) {
25533 delta = dis_AVX128_E_V_to_G_lo32(
25534 uses_vvvv, vbi, pfx, delta, "vmaxss", Iop_Max32F0x4 );
25535 goto decode_success;
25536 }
25537 /* VMAXPS xmm3/m128, xmm2, xmm1 = VEX.NDS.128.0F.WIG 5F /r */
25538 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25539 delta = dis_AVX128_E_V_to_G(
25540 uses_vvvv, vbi, pfx, delta, "vmaxps", Iop_Max32Fx4 );
25541 goto decode_success;
25542 }
25543 /* VMAXPS ymm3/m256, ymm2, ymm1 = VEX.NDS.256.0F.WIG 5F /r */
25544 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25545 delta = dis_AVX256_E_V_to_G(
25546 uses_vvvv, vbi, pfx, delta, "vmaxps", Iop_Max32Fx8 );
25547 goto decode_success;
25548 }
25549 /* VMAXPD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG 5F /r */
25550 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25551 delta = dis_AVX128_E_V_to_G(
25552 uses_vvvv, vbi, pfx, delta, "vmaxpd", Iop_Max64Fx2 );
25553 goto decode_success;
25554 }
25555 /* VMAXPD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG 5F /r */
25556 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25557 delta = dis_AVX256_E_V_to_G(
25558 uses_vvvv, vbi, pfx, delta, "vmaxpd", Iop_Max64Fx4 );
25559 goto decode_success;
25560 }
25561 break;
25562
25563 case 0x60:
25564 /* VPUNPCKLBW r/m, rV, r ::: r = interleave-lo-bytes(rV, r/m) */
25565 /* VPUNPCKLBW = VEX.NDS.128.66.0F.WIG 60 /r */
25566 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25567 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
25568 uses_vvvv, vbi, pfx, delta, "vpunpcklbw",
25569 Iop_InterleaveLO8x16, NULL,
25570 False/*!invertLeftArg*/, True/*swapArgs*/ );
25571 goto decode_success;
25572 }
25573 /* VPUNPCKLBW r/m, rV, r ::: r = interleave-lo-bytes(rV, r/m) */
25574 /* VPUNPCKLBW = VEX.NDS.256.66.0F.WIG 60 /r */
25575 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25576 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
25577 uses_vvvv, vbi, pfx, delta, "vpunpcklbw",
25578 math_VPUNPCKLBW_YMM );
25579 goto decode_success;
25580 }
25581 break;
25582
25583 case 0x61:
25584 /* VPUNPCKLWD r/m, rV, r ::: r = interleave-lo-words(rV, r/m) */
25585 /* VPUNPCKLWD = VEX.NDS.128.66.0F.WIG 61 /r */
25586 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25587 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
25588 uses_vvvv, vbi, pfx, delta, "vpunpcklwd",
25589 Iop_InterleaveLO16x8, NULL,
25590 False/*!invertLeftArg*/, True/*swapArgs*/ );
25591 goto decode_success;
25592 }
25593 /* VPUNPCKLWD r/m, rV, r ::: r = interleave-lo-words(rV, r/m) */
25594 /* VPUNPCKLWD = VEX.NDS.256.66.0F.WIG 61 /r */
25595 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25596 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
25597 uses_vvvv, vbi, pfx, delta, "vpunpcklwd",
25598 math_VPUNPCKLWD_YMM );
25599 goto decode_success;
25600 }
25601 break;
25602
25603 case 0x62:
25604 /* VPUNPCKLDQ r/m, rV, r ::: r = interleave-lo-dwords(rV, r/m) */
25605 /* VPUNPCKLDQ = VEX.NDS.128.66.0F.WIG 62 /r */
25606 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25607 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
25608 uses_vvvv, vbi, pfx, delta, "vpunpckldq",
25609 Iop_InterleaveLO32x4, NULL,
25610 False/*!invertLeftArg*/, True/*swapArgs*/ );
25611 goto decode_success;
25612 }
25613 /* VPUNPCKLDQ r/m, rV, r ::: r = interleave-lo-dwords(rV, r/m) */
25614 /* VPUNPCKLDQ = VEX.NDS.256.66.0F.WIG 62 /r */
25615 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25616 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
25617 uses_vvvv, vbi, pfx, delta, "vpunpckldq",
25618 math_VPUNPCKLDQ_YMM );
25619 goto decode_success;
25620 }
25621 break;
25622
25623 case 0x63:
25624 /* VPACKSSWB r/m, rV, r ::: r = QNarrowBin16Sto8Sx16(rV, r/m) */
25625 /* VPACKSSWB = VEX.NDS.128.66.0F.WIG 63 /r */
25626 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25627 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
25628 uses_vvvv, vbi, pfx, delta, "vpacksswb",
25629 Iop_QNarrowBin16Sto8Sx16, NULL,
25630 False/*!invertLeftArg*/, True/*swapArgs*/ );
25631 goto decode_success;
25632 }
25633 /* VPACKSSWB r/m, rV, r ::: r = QNarrowBin16Sto8Sx16(rV, r/m) */
25634 /* VPACKSSWB = VEX.NDS.256.66.0F.WIG 63 /r */
25635 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25636 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
25637 uses_vvvv, vbi, pfx, delta, "vpacksswb",
25638 math_VPACKSSWB_YMM );
25639 goto decode_success;
25640 }
25641 break;
25642
25643 case 0x64:
25644 /* VPCMPGTB r/m, rV, r ::: r = rV `>s-by-8s` r/m */
25645 /* VPCMPGTB = VEX.NDS.128.66.0F.WIG 64 /r */
25646 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25647 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
25648 uses_vvvv, vbi, pfx, delta, "vpcmpgtb", Iop_CmpGT8Sx16 );
25649 goto decode_success;
25650 }
25651 /* VPCMPGTB r/m, rV, r ::: r = rV `>s-by-8s` r/m */
25652 /* VPCMPGTB = VEX.NDS.256.66.0F.WIG 64 /r */
25653 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25654 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
25655 uses_vvvv, vbi, pfx, delta, "vpcmpgtb", Iop_CmpGT8Sx32 );
25656 goto decode_success;
25657 }
25658 break;
25659
25660 case 0x65:
25661 /* VPCMPGTW r/m, rV, r ::: r = rV `>s-by-16s` r/m */
25662 /* VPCMPGTW = VEX.NDS.128.66.0F.WIG 65 /r */
25663 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25664 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
25665 uses_vvvv, vbi, pfx, delta, "vpcmpgtw", Iop_CmpGT16Sx8 );
25666 goto decode_success;
25667 }
25668 /* VPCMPGTW r/m, rV, r ::: r = rV `>s-by-16s` r/m */
25669 /* VPCMPGTW = VEX.NDS.256.66.0F.WIG 65 /r */
25670 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25671 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
25672 uses_vvvv, vbi, pfx, delta, "vpcmpgtw", Iop_CmpGT16Sx16 );
25673 goto decode_success;
25674 }
25675 break;
25676
25677 case 0x66:
25678 /* VPCMPGTD r/m, rV, r ::: r = rV `>s-by-32s` r/m */
25679 /* VPCMPGTD = VEX.NDS.128.66.0F.WIG 66 /r */
25680 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25681 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
25682 uses_vvvv, vbi, pfx, delta, "vpcmpgtd", Iop_CmpGT32Sx4 );
25683 goto decode_success;
25684 }
25685 /* VPCMPGTD r/m, rV, r ::: r = rV `>s-by-32s` r/m */
25686 /* VPCMPGTD = VEX.NDS.256.66.0F.WIG 66 /r */
25687 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25688 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
25689 uses_vvvv, vbi, pfx, delta, "vpcmpgtd", Iop_CmpGT32Sx8 );
25690 goto decode_success;
25691 }
25692 break;
25693
25694 case 0x67:
25695 /* VPACKUSWB r/m, rV, r ::: r = QNarrowBin16Sto8Ux16(rV, r/m) */
25696 /* VPACKUSWB = VEX.NDS.128.66.0F.WIG 67 /r */
25697 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25698 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
25699 uses_vvvv, vbi, pfx, delta, "vpackuswb",
25700 Iop_QNarrowBin16Sto8Ux16, NULL,
25701 False/*!invertLeftArg*/, True/*swapArgs*/ );
25702 goto decode_success;
25703 }
25704 /* VPACKUSWB r/m, rV, r ::: r = QNarrowBin16Sto8Ux16(rV, r/m) */
25705 /* VPACKUSWB = VEX.NDS.256.66.0F.WIG 67 /r */
25706 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25707 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
25708 uses_vvvv, vbi, pfx, delta, "vpackuswb",
25709 math_VPACKUSWB_YMM );
25710 goto decode_success;
25711 }
25712 break;
25713
25714 case 0x68:
25715 /* VPUNPCKHBW r/m, rV, r ::: r = interleave-hi-bytes(rV, r/m) */
25716 /* VPUNPCKHBW = VEX.NDS.128.0F.WIG 68 /r */
25717 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25718 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
25719 uses_vvvv, vbi, pfx, delta, "vpunpckhbw",
25720 Iop_InterleaveHI8x16, NULL,
25721 False/*!invertLeftArg*/, True/*swapArgs*/ );
25722 goto decode_success;
25723 }
25724 /* VPUNPCKHBW r/m, rV, r ::: r = interleave-hi-bytes(rV, r/m) */
25725 /* VPUNPCKHBW = VEX.NDS.256.0F.WIG 68 /r */
25726 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25727 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
25728 uses_vvvv, vbi, pfx, delta, "vpunpckhbw",
25729 math_VPUNPCKHBW_YMM );
25730 goto decode_success;
25731 }
25732 break;
25733
25734 case 0x69:
25735 /* VPUNPCKHWD r/m, rV, r ::: r = interleave-hi-words(rV, r/m) */
25736 /* VPUNPCKHWD = VEX.NDS.128.0F.WIG 69 /r */
25737 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25738 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
25739 uses_vvvv, vbi, pfx, delta, "vpunpckhwd",
25740 Iop_InterleaveHI16x8, NULL,
25741 False/*!invertLeftArg*/, True/*swapArgs*/ );
25742 goto decode_success;
25743 }
25744 /* VPUNPCKHWD r/m, rV, r ::: r = interleave-hi-words(rV, r/m) */
25745 /* VPUNPCKHWD = VEX.NDS.256.0F.WIG 69 /r */
25746 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25747 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
25748 uses_vvvv, vbi, pfx, delta, "vpunpckhwd",
25749 math_VPUNPCKHWD_YMM );
25750 goto decode_success;
25751 }
25752 break;
25753
25754 case 0x6A:
25755 /* VPUNPCKHDQ r/m, rV, r ::: r = interleave-hi-dwords(rV, r/m) */
25756 /* VPUNPCKHDQ = VEX.NDS.128.66.0F.WIG 6A /r */
25757 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25758 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
25759 uses_vvvv, vbi, pfx, delta, "vpunpckhdq",
25760 Iop_InterleaveHI32x4, NULL,
25761 False/*!invertLeftArg*/, True/*swapArgs*/ );
25762 goto decode_success;
25763 }
25764 /* VPUNPCKHDQ r/m, rV, r ::: r = interleave-hi-dwords(rV, r/m) */
25765 /* VPUNPCKHDQ = VEX.NDS.256.66.0F.WIG 6A /r */
25766 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25767 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
25768 uses_vvvv, vbi, pfx, delta, "vpunpckhdq",
25769 math_VPUNPCKHDQ_YMM );
25770 goto decode_success;
25771 }
25772 break;
25773
25774 case 0x6B:
25775 /* VPACKSSDW r/m, rV, r ::: r = QNarrowBin32Sto16Sx8(rV, r/m) */
25776 /* VPACKSSDW = VEX.NDS.128.66.0F.WIG 6B /r */
25777 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25778 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
25779 uses_vvvv, vbi, pfx, delta, "vpackssdw",
25780 Iop_QNarrowBin32Sto16Sx8, NULL,
25781 False/*!invertLeftArg*/, True/*swapArgs*/ );
25782 goto decode_success;
25783 }
25784 /* VPACKSSDW r/m, rV, r ::: r = QNarrowBin32Sto16Sx8(rV, r/m) */
25785 /* VPACKSSDW = VEX.NDS.256.66.0F.WIG 6B /r */
25786 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25787 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
25788 uses_vvvv, vbi, pfx, delta, "vpackssdw",
25789 math_VPACKSSDW_YMM );
25790 goto decode_success;
25791 }
25792 break;
25793
25794 case 0x6C:
25795 /* VPUNPCKLQDQ r/m, rV, r ::: r = interleave-lo-64bitses(rV, r/m) */
25796 /* VPUNPCKLQDQ = VEX.NDS.128.0F.WIG 6C /r */
25797 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25798 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
25799 uses_vvvv, vbi, pfx, delta, "vpunpcklqdq",
25800 Iop_InterleaveLO64x2, NULL,
25801 False/*!invertLeftArg*/, True/*swapArgs*/ );
25802 goto decode_success;
25803 }
25804 /* VPUNPCKLQDQ r/m, rV, r ::: r = interleave-lo-64bitses(rV, r/m) */
25805 /* VPUNPCKLQDQ = VEX.NDS.256.0F.WIG 6C /r */
25806 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25807 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
25808 uses_vvvv, vbi, pfx, delta, "vpunpcklqdq",
25809 math_VPUNPCKLQDQ_YMM );
25810 goto decode_success;
25811 }
25812 break;
25813
25814 case 0x6D:
25815 /* VPUNPCKHQDQ r/m, rV, r ::: r = interleave-hi-64bitses(rV, r/m) */
25816 /* VPUNPCKHQDQ = VEX.NDS.128.0F.WIG 6D /r */
25817 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25818 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
25819 uses_vvvv, vbi, pfx, delta, "vpunpckhqdq",
25820 Iop_InterleaveHI64x2, NULL,
25821 False/*!invertLeftArg*/, True/*swapArgs*/ );
25822 goto decode_success;
25823 }
25824 /* VPUNPCKHQDQ r/m, rV, r ::: r = interleave-hi-64bitses(rV, r/m) */
25825 /* VPUNPCKHQDQ = VEX.NDS.256.0F.WIG 6D /r */
25826 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25827 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
25828 uses_vvvv, vbi, pfx, delta, "vpunpckhqdq",
25829 math_VPUNPCKHQDQ_YMM );
25830 goto decode_success;
25831 }
25832 break;
25833
25834 case 0x6E:
25835 /* VMOVD r32/m32, xmm1 = VEX.128.66.0F.W0 6E */
25836 if (have66noF2noF3(pfx)
25837 && 0==getVexL(pfx)/*128*/ && 0==getRexW(pfx)/*W0*/) {
25838 vassert(sz == 2); /* even tho we are transferring 4, not 2. */
25839 UChar modrm = getUChar(delta);
25840 if (epartIsReg(modrm)) {
25841 delta += 1;
25842 putYMMRegLoAndZU(
25843 gregOfRexRM(pfx,modrm),
25844 unop( Iop_32UtoV128, getIReg32(eregOfRexRM(pfx,modrm)) )
25845 );
25846 DIP("vmovd %s, %s\n", nameIReg32(eregOfRexRM(pfx,modrm)),
25847 nameXMMReg(gregOfRexRM(pfx,modrm)));
25848 } else {
25849 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
25850 delta += alen;
25851 putYMMRegLoAndZU(
25852 gregOfRexRM(pfx,modrm),
25853 unop( Iop_32UtoV128,loadLE(Ity_I32, mkexpr(addr)))
25854 );
25855 DIP("vmovd %s, %s\n", dis_buf,
25856 nameXMMReg(gregOfRexRM(pfx,modrm)));
25857 }
25858 goto decode_success;
25859 }
25860 /* VMOVQ r64/m64, xmm1 = VEX.128.66.0F.W1 6E */
25861 if (have66noF2noF3(pfx)
25862 && 0==getVexL(pfx)/*128*/ && 1==getRexW(pfx)/*W1*/) {
25863 vassert(sz == 2); /* even tho we are transferring 8, not 2. */
25864 UChar modrm = getUChar(delta);
25865 if (epartIsReg(modrm)) {
25866 delta += 1;
25867 putYMMRegLoAndZU(
25868 gregOfRexRM(pfx,modrm),
25869 unop( Iop_64UtoV128, getIReg64(eregOfRexRM(pfx,modrm)) )
25870 );
25871 DIP("vmovq %s, %s\n", nameIReg64(eregOfRexRM(pfx,modrm)),
25872 nameXMMReg(gregOfRexRM(pfx,modrm)));
25873 } else {
25874 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
25875 delta += alen;
25876 putYMMRegLoAndZU(
25877 gregOfRexRM(pfx,modrm),
25878 unop( Iop_64UtoV128,loadLE(Ity_I64, mkexpr(addr)))
25879 );
25880 DIP("vmovq %s, %s\n", dis_buf,
25881 nameXMMReg(gregOfRexRM(pfx,modrm)));
25882 }
25883 goto decode_success;
25884 }
25885 break;
25886
25887 case 0x6F:
25888 /* VMOVDQA ymm2/m256, ymm1 = VEX.256.66.0F.WIG 6F */
25889 /* VMOVDQU ymm2/m256, ymm1 = VEX.256.F3.0F.WIG 6F */
25890 if ((have66noF2noF3(pfx) || haveF3no66noF2(pfx))
25891 && 1==getVexL(pfx)/*256*/) {
25892 UChar modrm = getUChar(delta);
25893 UInt rD = gregOfRexRM(pfx, modrm);
25894 IRTemp tD = newTemp(Ity_V256);
25895 Bool isA = have66noF2noF3(pfx);
25896 HChar ch = isA ? 'a' : 'u';
25897 if (epartIsReg(modrm)) {
25898 UInt rS = eregOfRexRM(pfx, modrm);
25899 delta += 1;
25900 assign(tD, getYMMReg(rS));
25901 DIP("vmovdq%c %s,%s\n", ch, nameYMMReg(rS), nameYMMReg(rD));
25902 } else {
25903 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
25904 delta += alen;
25905 if (isA)
25906 gen_SEGV_if_not_32_aligned(addr);
25907 assign(tD, loadLE(Ity_V256, mkexpr(addr)));
25908 DIP("vmovdq%c %s,%s\n", ch, dis_buf, nameYMMReg(rD));
25909 }
25910 putYMMReg(rD, mkexpr(tD));
25911 goto decode_success;
25912 }
25913 /* VMOVDQA xmm2/m128, xmm1 = VEX.128.66.0F.WIG 6F */
25914 /* VMOVDQU xmm2/m128, xmm1 = VEX.128.F3.0F.WIG 6F */
25915 if ((have66noF2noF3(pfx) || haveF3no66noF2(pfx))
25916 && 0==getVexL(pfx)/*128*/) {
25917 UChar modrm = getUChar(delta);
25918 UInt rD = gregOfRexRM(pfx, modrm);
25919 IRTemp tD = newTemp(Ity_V128);
25920 Bool isA = have66noF2noF3(pfx);
25921 HChar ch = isA ? 'a' : 'u';
25922 if (epartIsReg(modrm)) {
25923 UInt rS = eregOfRexRM(pfx, modrm);
25924 delta += 1;
25925 assign(tD, getXMMReg(rS));
25926 DIP("vmovdq%c %s,%s\n", ch, nameXMMReg(rS), nameXMMReg(rD));
25927 } else {
25928 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
25929 delta += alen;
25930 if (isA)
25931 gen_SEGV_if_not_16_aligned(addr);
25932 assign(tD, loadLE(Ity_V128, mkexpr(addr)));
25933 DIP("vmovdq%c %s,%s\n", ch, dis_buf, nameXMMReg(rD));
25934 }
25935 putYMMRegLoAndZU(rD, mkexpr(tD));
25936 goto decode_success;
25937 }
25938 break;
25939
25940 case 0x70:
25941 /* VPSHUFD imm8, xmm2/m128, xmm1 = VEX.128.66.0F.WIG 70 /r ib */
25942 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25943 delta = dis_PSHUFD_32x4( vbi, pfx, delta, True/*writesYmm*/);
25944 goto decode_success;
25945 }
25946 /* VPSHUFD imm8, ymm2/m256, ymm1 = VEX.256.66.0F.WIG 70 /r ib */
25947 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25948 delta = dis_PSHUFD_32x8( vbi, pfx, delta);
25949 goto decode_success;
25950 }
25951 /* VPSHUFLW imm8, xmm2/m128, xmm1 = VEX.128.F2.0F.WIG 70 /r ib */
25952 if (haveF2no66noF3(pfx) && 0==getVexL(pfx)/*128*/) {
25953 delta = dis_PSHUFxW_128( vbi, pfx, delta,
25954 True/*isAvx*/, False/*!xIsH*/ );
25955 goto decode_success;
25956 }
25957 /* VPSHUFLW imm8, ymm2/m256, ymm1 = VEX.256.F2.0F.WIG 70 /r ib */
25958 if (haveF2no66noF3(pfx) && 1==getVexL(pfx)/*256*/) {
25959 delta = dis_PSHUFxW_256( vbi, pfx, delta, False/*!xIsH*/ );
25960 goto decode_success;
25961 }
25962 /* VPSHUFHW imm8, xmm2/m128, xmm1 = VEX.128.F3.0F.WIG 70 /r ib */
25963 if (haveF3no66noF2(pfx) && 0==getVexL(pfx)/*128*/) {
25964 delta = dis_PSHUFxW_128( vbi, pfx, delta,
25965 True/*isAvx*/, True/*xIsH*/ );
25966 goto decode_success;
25967 }
25968 /* VPSHUFHW imm8, ymm2/m256, ymm1 = VEX.256.F3.0F.WIG 70 /r ib */
25969 if (haveF3no66noF2(pfx) && 1==getVexL(pfx)/*256*/) {
25970 delta = dis_PSHUFxW_256( vbi, pfx, delta, True/*xIsH*/ );
25971 goto decode_success;
25972 }
25973 break;
25974
25975 case 0x71:
25976 /* VPSRLW imm8, xmm2, xmm1 = VEX.NDD.128.66.0F.WIG 71 /2 ib */
25977 /* VPSRAW imm8, xmm2, xmm1 = VEX.NDD.128.66.0F.WIG 71 /4 ib */
25978 /* VPSLLW imm8, xmm2, xmm1 = VEX.NDD.128.66.0F.WIG 71 /6 ib */
25979 if (have66noF2noF3(pfx)
25980 && 0==getVexL(pfx)/*128*/
25981 && epartIsReg(getUChar(delta))) {
25982 if (gregLO3ofRM(getUChar(delta)) == 2/*SRL*/) {
25983 delta = dis_AVX128_shiftE_to_V_imm( pfx, delta,
25984 "vpsrlw", Iop_ShrN16x8 );
25985 *uses_vvvv = True;
25986 goto decode_success;
25987 }
25988 if (gregLO3ofRM(getUChar(delta)) == 4/*SRA*/) {
25989 delta = dis_AVX128_shiftE_to_V_imm( pfx, delta,
25990 "vpsraw", Iop_SarN16x8 );
25991 *uses_vvvv = True;
25992 goto decode_success;
25993 }
25994 if (gregLO3ofRM(getUChar(delta)) == 6/*SLL*/) {
25995 delta = dis_AVX128_shiftE_to_V_imm( pfx, delta,
25996 "vpsllw", Iop_ShlN16x8 );
25997 *uses_vvvv = True;
25998 goto decode_success;
25999 }
26000 /* else fall through */
26001 }
26002 /* VPSRLW imm8, ymm2, ymm1 = VEX.NDD.256.66.0F.WIG 71 /2 ib */
26003 /* VPSRAW imm8, ymm2, ymm1 = VEX.NDD.256.66.0F.WIG 71 /4 ib */
26004 /* VPSLLW imm8, ymm2, ymm1 = VEX.NDD.256.66.0F.WIG 71 /6 ib */
26005 if (have66noF2noF3(pfx)
26006 && 1==getVexL(pfx)/*256*/
26007 && epartIsReg(getUChar(delta))) {
26008 if (gregLO3ofRM(getUChar(delta)) == 2/*SRL*/) {
26009 delta = dis_AVX256_shiftE_to_V_imm( pfx, delta,
26010 "vpsrlw", Iop_ShrN16x16 );
26011 *uses_vvvv = True;
26012 goto decode_success;
26013 }
26014 if (gregLO3ofRM(getUChar(delta)) == 4/*SRA*/) {
26015 delta = dis_AVX256_shiftE_to_V_imm( pfx, delta,
26016 "vpsraw", Iop_SarN16x16 );
26017 *uses_vvvv = True;
26018 goto decode_success;
26019 }
26020 if (gregLO3ofRM(getUChar(delta)) == 6/*SLL*/) {
26021 delta = dis_AVX256_shiftE_to_V_imm( pfx, delta,
26022 "vpsllw", Iop_ShlN16x16 );
26023 *uses_vvvv = True;
26024 goto decode_success;
26025 }
26026 /* else fall through */
26027 }
26028 break;
26029
26030 case 0x72:
26031 /* VPSRLD imm8, xmm2, xmm1 = VEX.NDD.128.66.0F.WIG 72 /2 ib */
26032 /* VPSRAD imm8, xmm2, xmm1 = VEX.NDD.128.66.0F.WIG 72 /4 ib */
26033 /* VPSLLD imm8, xmm2, xmm1 = VEX.NDD.128.66.0F.WIG 72 /6 ib */
26034 if (have66noF2noF3(pfx)
26035 && 0==getVexL(pfx)/*128*/
26036 && epartIsReg(getUChar(delta))) {
26037 if (gregLO3ofRM(getUChar(delta)) == 2/*SRL*/) {
26038 delta = dis_AVX128_shiftE_to_V_imm( pfx, delta,
26039 "vpsrld", Iop_ShrN32x4 );
26040 *uses_vvvv = True;
26041 goto decode_success;
26042 }
26043 if (gregLO3ofRM(getUChar(delta)) == 4/*SRA*/) {
26044 delta = dis_AVX128_shiftE_to_V_imm( pfx, delta,
26045 "vpsrad", Iop_SarN32x4 );
26046 *uses_vvvv = True;
26047 goto decode_success;
26048 }
26049 if (gregLO3ofRM(getUChar(delta)) == 6/*SLL*/) {
26050 delta = dis_AVX128_shiftE_to_V_imm( pfx, delta,
26051 "vpslld", Iop_ShlN32x4 );
26052 *uses_vvvv = True;
26053 goto decode_success;
26054 }
26055 /* else fall through */
26056 }
26057 /* VPSRLD imm8, ymm2, ymm1 = VEX.NDD.256.66.0F.WIG 72 /2 ib */
26058 /* VPSRAD imm8, ymm2, ymm1 = VEX.NDD.256.66.0F.WIG 72 /4 ib */
26059 /* VPSLLD imm8, ymm2, ymm1 = VEX.NDD.256.66.0F.WIG 72 /6 ib */
26060 if (have66noF2noF3(pfx)
26061 && 1==getVexL(pfx)/*256*/
26062 && epartIsReg(getUChar(delta))) {
26063 if (gregLO3ofRM(getUChar(delta)) == 2/*SRL*/) {
26064 delta = dis_AVX256_shiftE_to_V_imm( pfx, delta,
26065 "vpsrld", Iop_ShrN32x8 );
26066 *uses_vvvv = True;
26067 goto decode_success;
26068 }
26069 if (gregLO3ofRM(getUChar(delta)) == 4/*SRA*/) {
26070 delta = dis_AVX256_shiftE_to_V_imm( pfx, delta,
26071 "vpsrad", Iop_SarN32x8 );
26072 *uses_vvvv = True;
26073 goto decode_success;
26074 }
26075 if (gregLO3ofRM(getUChar(delta)) == 6/*SLL*/) {
26076 delta = dis_AVX256_shiftE_to_V_imm( pfx, delta,
26077 "vpslld", Iop_ShlN32x8 );
26078 *uses_vvvv = True;
26079 goto decode_success;
26080 }
26081 /* else fall through */
26082 }
26083 break;
26084
26085 case 0x73:
26086 /* VPSRLDQ imm8, xmm2, xmm1 = VEX.NDD.128.66.0F.WIG 73 /3 ib */
26087 /* VPSLLDQ imm8, xmm2, xmm1 = VEX.NDD.128.66.0F.WIG 73 /7 ib */
26088 /* VPSRLQ imm8, xmm2, xmm1 = VEX.NDD.128.66.0F.WIG 73 /2 ib */
26089 /* VPSLLQ imm8, xmm2, xmm1 = VEX.NDD.128.66.0F.WIG 73 /6 ib */
26090 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
26091 && epartIsReg(getUChar(delta))) {
26092 Int rS = eregOfRexRM(pfx,getUChar(delta));
26093 Int rD = getVexNvvvv(pfx);
26094 IRTemp vecS = newTemp(Ity_V128);
26095 if (gregLO3ofRM(getUChar(delta)) == 3) {
26096 Int imm = (Int)getUChar(delta+1);
26097 DIP("vpsrldq $%d,%s,%s\n", imm, nameXMMReg(rS), nameXMMReg(rD));
26098 delta += 2;
26099 assign( vecS, getXMMReg(rS) );
26100 putYMMRegLoAndZU(rD, mkexpr(math_PSRLDQ( vecS, imm )));
26101 *uses_vvvv = True;
26102 goto decode_success;
26103 }
26104 if (gregLO3ofRM(getUChar(delta)) == 7) {
26105 Int imm = (Int)getUChar(delta+1);
26106 DIP("vpslldq $%d,%s,%s\n", imm, nameXMMReg(rS), nameXMMReg(rD));
26107 delta += 2;
26108 assign( vecS, getXMMReg(rS) );
26109 putYMMRegLoAndZU(rD, mkexpr(math_PSLLDQ( vecS, imm )));
26110 *uses_vvvv = True;
26111 goto decode_success;
26112 }
26113 if (gregLO3ofRM(getUChar(delta)) == 2) {
26114 delta = dis_AVX128_shiftE_to_V_imm( pfx, delta,
26115 "vpsrlq", Iop_ShrN64x2 );
26116 *uses_vvvv = True;
26117 goto decode_success;
26118 }
26119 if (gregLO3ofRM(getUChar(delta)) == 6) {
26120 delta = dis_AVX128_shiftE_to_V_imm( pfx, delta,
26121 "vpsllq", Iop_ShlN64x2 );
26122 *uses_vvvv = True;
26123 goto decode_success;
26124 }
26125 /* else fall through */
26126 }
26127 /* VPSRLDQ imm8, ymm2, ymm1 = VEX.NDD.256.66.0F.WIG 73 /3 ib */
26128 /* VPSLLDQ imm8, ymm2, ymm1 = VEX.NDD.256.66.0F.WIG 73 /7 ib */
26129 /* VPSRLQ imm8, ymm2, ymm1 = VEX.NDD.256.66.0F.WIG 73 /2 ib */
26130 /* VPSLLQ imm8, ymm2, ymm1 = VEX.NDD.256.66.0F.WIG 73 /6 ib */
26131 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
26132 && epartIsReg(getUChar(delta))) {
26133 Int rS = eregOfRexRM(pfx,getUChar(delta));
26134 Int rD = getVexNvvvv(pfx);
26135 if (gregLO3ofRM(getUChar(delta)) == 3) {
26136 IRTemp vecS0 = newTemp(Ity_V128);
26137 IRTemp vecS1 = newTemp(Ity_V128);
26138 Int imm = (Int)getUChar(delta+1);
26139 DIP("vpsrldq $%d,%s,%s\n", imm, nameYMMReg(rS), nameYMMReg(rD));
26140 delta += 2;
26141 assign( vecS0, getYMMRegLane128(rS, 0));
26142 assign( vecS1, getYMMRegLane128(rS, 1));
26143 putYMMRegLane128(rD, 0, mkexpr(math_PSRLDQ( vecS0, imm )));
26144 putYMMRegLane128(rD, 1, mkexpr(math_PSRLDQ( vecS1, imm )));
26145 *uses_vvvv = True;
26146 goto decode_success;
26147 }
26148 if (gregLO3ofRM(getUChar(delta)) == 7) {
26149 IRTemp vecS0 = newTemp(Ity_V128);
26150 IRTemp vecS1 = newTemp(Ity_V128);
26151 Int imm = (Int)getUChar(delta+1);
26152 DIP("vpslldq $%d,%s,%s\n", imm, nameYMMReg(rS), nameYMMReg(rD));
26153 delta += 2;
26154 assign( vecS0, getYMMRegLane128(rS, 0));
26155 assign( vecS1, getYMMRegLane128(rS, 1));
26156 putYMMRegLane128(rD, 0, mkexpr(math_PSLLDQ( vecS0, imm )));
26157 putYMMRegLane128(rD, 1, mkexpr(math_PSLLDQ( vecS1, imm )));
26158 *uses_vvvv = True;
26159 goto decode_success;
26160 }
26161 if (gregLO3ofRM(getUChar(delta)) == 2) {
26162 delta = dis_AVX256_shiftE_to_V_imm( pfx, delta,
26163 "vpsrlq", Iop_ShrN64x4 );
26164 *uses_vvvv = True;
26165 goto decode_success;
26166 }
26167 if (gregLO3ofRM(getUChar(delta)) == 6) {
26168 delta = dis_AVX256_shiftE_to_V_imm( pfx, delta,
26169 "vpsllq", Iop_ShlN64x4 );
26170 *uses_vvvv = True;
26171 goto decode_success;
26172 }
26173 /* else fall through */
26174 }
26175 break;
26176
26177 case 0x74:
26178 /* VPCMPEQB r/m, rV, r ::: r = rV `eq-by-8s` r/m */
26179 /* VPCMPEQB = VEX.NDS.128.66.0F.WIG 74 /r */
26180 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26181 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
26182 uses_vvvv, vbi, pfx, delta, "vpcmpeqb", Iop_CmpEQ8x16 );
26183 goto decode_success;
26184 }
26185 /* VPCMPEQB r/m, rV, r ::: r = rV `eq-by-8s` r/m */
26186 /* VPCMPEQB = VEX.NDS.256.66.0F.WIG 74 /r */
26187 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26188 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
26189 uses_vvvv, vbi, pfx, delta, "vpcmpeqb", Iop_CmpEQ8x32 );
26190 goto decode_success;
26191 }
26192 break;
26193
26194 case 0x75:
26195 /* VPCMPEQW r/m, rV, r ::: r = rV `eq-by-16s` r/m */
26196 /* VPCMPEQW = VEX.NDS.128.66.0F.WIG 75 /r */
26197 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26198 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
26199 uses_vvvv, vbi, pfx, delta, "vpcmpeqw", Iop_CmpEQ16x8 );
26200 goto decode_success;
26201 }
26202 /* VPCMPEQW r/m, rV, r ::: r = rV `eq-by-16s` r/m */
26203 /* VPCMPEQW = VEX.NDS.256.66.0F.WIG 75 /r */
26204 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26205 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
26206 uses_vvvv, vbi, pfx, delta, "vpcmpeqw", Iop_CmpEQ16x16 );
26207 goto decode_success;
26208 }
26209 break;
26210
26211 case 0x76:
26212 /* VPCMPEQD r/m, rV, r ::: r = rV `eq-by-32s` r/m */
26213 /* VPCMPEQD = VEX.NDS.128.66.0F.WIG 76 /r */
26214 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26215 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
26216 uses_vvvv, vbi, pfx, delta, "vpcmpeqd", Iop_CmpEQ32x4 );
26217 goto decode_success;
26218 }
26219 /* VPCMPEQD r/m, rV, r ::: r = rV `eq-by-32s` r/m */
26220 /* VPCMPEQD = VEX.NDS.256.66.0F.WIG 76 /r */
26221 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26222 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
26223 uses_vvvv, vbi, pfx, delta, "vpcmpeqd", Iop_CmpEQ32x8 );
26224 goto decode_success;
26225 }
26226 break;
26227
26228 case 0x77:
26229 /* VZEROUPPER = VEX.128.0F.WIG 77 */
26230 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26231 Int i;
26232 IRTemp zero128 = newTemp(Ity_V128);
26233 assign(zero128, mkV128(0));
26234 for (i = 0; i < 16; i++) {
26235 putYMMRegLane128(i, 1, mkexpr(zero128));
26236 }
26237 DIP("vzeroupper\n");
26238 goto decode_success;
26239 }
26240 /* VZEROALL = VEX.256.0F.WIG 77 */
26241 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26242 Int i;
26243 IRTemp zero128 = newTemp(Ity_V128);
26244 assign(zero128, mkV128(0));
26245 for (i = 0; i < 16; i++) {
26246 putYMMRegLoAndZU(i, mkexpr(zero128));
26247 }
26248 DIP("vzeroall\n");
26249 goto decode_success;
26250 }
26251 break;
26252
26253 case 0x7C:
26254 case 0x7D:
26255 /* VHADDPS xmm3/m128, xmm2, xmm1 = VEX.NDS.128.F2.0F.WIG 7C /r */
26256 /* VHSUBPS xmm3/m128, xmm2, xmm1 = VEX.NDS.128.F2.0F.WIG 7D /r */
26257 if (haveF2no66noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26258 IRTemp sV = newTemp(Ity_V128);
26259 IRTemp dV = newTemp(Ity_V128);
26260 Bool isAdd = opc == 0x7C;
26261 const HChar* str = isAdd ? "add" : "sub";
26262 UChar modrm = getUChar(delta);
26263 UInt rG = gregOfRexRM(pfx,modrm);
26264 UInt rV = getVexNvvvv(pfx);
26265 if (epartIsReg(modrm)) {
26266 UInt rE = eregOfRexRM(pfx,modrm);
26267 assign( sV, getXMMReg(rE) );
26268 DIP("vh%spd %s,%s,%s\n", str, nameXMMReg(rE),
26269 nameXMMReg(rV), nameXMMReg(rG));
26270 delta += 1;
26271 } else {
26272 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
26273 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
26274 DIP("vh%spd %s,%s,%s\n", str, dis_buf,
26275 nameXMMReg(rV), nameXMMReg(rG));
26276 delta += alen;
26277 }
26278 assign( dV, getXMMReg(rV) );
26279 putYMMRegLoAndZU( rG, mkexpr( math_HADDPS_128 ( dV, sV, isAdd ) ) );
26280 *uses_vvvv = True;
26281 goto decode_success;
26282 }
26283 /* VHADDPS ymm3/m256, ymm2, ymm1 = VEX.NDS.256.F2.0F.WIG 7C /r */
26284 /* VHSUBPS ymm3/m256, ymm2, ymm1 = VEX.NDS.256.F2.0F.WIG 7D /r */
26285 if (haveF2no66noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26286 IRTemp sV = newTemp(Ity_V256);
26287 IRTemp dV = newTemp(Ity_V256);
26288 IRTemp s1, s0, d1, d0;
26289 Bool isAdd = opc == 0x7C;
26290 const HChar* str = isAdd ? "add" : "sub";
26291 UChar modrm = getUChar(delta);
26292 UInt rG = gregOfRexRM(pfx,modrm);
26293 UInt rV = getVexNvvvv(pfx);
26294 s1 = s0 = d1 = d0 = IRTemp_INVALID;
26295 if (epartIsReg(modrm)) {
26296 UInt rE = eregOfRexRM(pfx,modrm);
26297 assign( sV, getYMMReg(rE) );
26298 DIP("vh%spd %s,%s,%s\n", str, nameYMMReg(rE),
26299 nameYMMReg(rV), nameYMMReg(rG));
26300 delta += 1;
26301 } else {
26302 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
26303 assign( sV, loadLE(Ity_V256, mkexpr(addr)) );
26304 DIP("vh%spd %s,%s,%s\n", str, dis_buf,
26305 nameYMMReg(rV), nameYMMReg(rG));
26306 delta += alen;
26307 }
26308 assign( dV, getYMMReg(rV) );
26309 breakupV256toV128s( dV, &d1, &d0 );
26310 breakupV256toV128s( sV, &s1, &s0 );
26311 putYMMReg( rG, binop(Iop_V128HLtoV256,
26312 mkexpr( math_HADDPS_128 ( d1, s1, isAdd ) ),
26313 mkexpr( math_HADDPS_128 ( d0, s0, isAdd ) ) ) );
26314 *uses_vvvv = True;
26315 goto decode_success;
26316 }
26317 /* VHADDPD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG 7C /r */
26318 /* VHSUBPD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG 7D /r */
26319 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26320 IRTemp sV = newTemp(Ity_V128);
26321 IRTemp dV = newTemp(Ity_V128);
26322 Bool isAdd = opc == 0x7C;
26323 const HChar* str = isAdd ? "add" : "sub";
26324 UChar modrm = getUChar(delta);
26325 UInt rG = gregOfRexRM(pfx,modrm);
26326 UInt rV = getVexNvvvv(pfx);
26327 if (epartIsReg(modrm)) {
26328 UInt rE = eregOfRexRM(pfx,modrm);
26329 assign( sV, getXMMReg(rE) );
26330 DIP("vh%spd %s,%s,%s\n", str, nameXMMReg(rE),
26331 nameXMMReg(rV), nameXMMReg(rG));
26332 delta += 1;
26333 } else {
26334 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
26335 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
26336 DIP("vh%spd %s,%s,%s\n", str, dis_buf,
26337 nameXMMReg(rV), nameXMMReg(rG));
26338 delta += alen;
26339 }
26340 assign( dV, getXMMReg(rV) );
26341 putYMMRegLoAndZU( rG, mkexpr( math_HADDPD_128 ( dV, sV, isAdd ) ) );
26342 *uses_vvvv = True;
26343 goto decode_success;
26344 }
26345 /* VHADDPD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG 7C /r */
26346 /* VHSUBPD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG 7D /r */
26347 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26348 IRTemp sV = newTemp(Ity_V256);
26349 IRTemp dV = newTemp(Ity_V256);
26350 IRTemp s1, s0, d1, d0;
26351 Bool isAdd = opc == 0x7C;
26352 const HChar* str = isAdd ? "add" : "sub";
26353 UChar modrm = getUChar(delta);
26354 UInt rG = gregOfRexRM(pfx,modrm);
26355 UInt rV = getVexNvvvv(pfx);
26356 s1 = s0 = d1 = d0 = IRTemp_INVALID;
26357 if (epartIsReg(modrm)) {
26358 UInt rE = eregOfRexRM(pfx,modrm);
26359 assign( sV, getYMMReg(rE) );
26360 DIP("vh%spd %s,%s,%s\n", str, nameYMMReg(rE),
26361 nameYMMReg(rV), nameYMMReg(rG));
26362 delta += 1;
26363 } else {
26364 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
26365 assign( sV, loadLE(Ity_V256, mkexpr(addr)) );
26366 DIP("vh%spd %s,%s,%s\n", str, dis_buf,
26367 nameYMMReg(rV), nameYMMReg(rG));
26368 delta += alen;
26369 }
26370 assign( dV, getYMMReg(rV) );
26371 breakupV256toV128s( dV, &d1, &d0 );
26372 breakupV256toV128s( sV, &s1, &s0 );
26373 putYMMReg( rG, binop(Iop_V128HLtoV256,
26374 mkexpr( math_HADDPD_128 ( d1, s1, isAdd ) ),
26375 mkexpr( math_HADDPD_128 ( d0, s0, isAdd ) ) ) );
26376 *uses_vvvv = True;
26377 goto decode_success;
26378 }
26379 break;
26380
26381 case 0x7E:
26382 /* Note the Intel docs don't make sense for this. I think they
26383 are wrong. They seem to imply it is a store when in fact I
26384 think it is a load. Also it's unclear whether this is W0, W1
26385 or WIG. */
26386 /* VMOVQ xmm2/m64, xmm1 = VEX.128.F3.0F.W0 7E /r */
26387 if (haveF3no66noF2(pfx)
26388 && 0==getVexL(pfx)/*128*/ && 0==getRexW(pfx)/*W0*/) {
26389 vassert(sz == 4); /* even tho we are transferring 8, not 4. */
26390 UChar modrm = getUChar(delta);
26391 UInt rG = gregOfRexRM(pfx,modrm);
26392 if (epartIsReg(modrm)) {
26393 UInt rE = eregOfRexRM(pfx,modrm);
26394 putXMMRegLane64( rG, 0, getXMMRegLane64( rE, 0 ));
26395 DIP("vmovq %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
26396 delta += 1;
26397 } else {
26398 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
26399 putXMMRegLane64( rG, 0, loadLE(Ity_I64, mkexpr(addr)) );
26400 DIP("vmovq %s,%s\n", dis_buf, nameXMMReg(rG));
26401 delta += alen;
26402 }
26403 /* zero bits 255:64 */
26404 putXMMRegLane64( rG, 1, mkU64(0) );
26405 putYMMRegLane128( rG, 1, mkV128(0) );
26406 goto decode_success;
26407 }
26408 /* VMOVQ xmm1, r64 = VEX.128.66.0F.W1 7E /r (reg case only) */
26409 /* Moves from G to E, so is a store-form insn */
26410 /* Intel docs list this in the VMOVD entry for some reason. */
26411 if (have66noF2noF3(pfx)
26412 && 0==getVexL(pfx)/*128*/ && 1==getRexW(pfx)/*W1*/) {
26413 UChar modrm = getUChar(delta);
26414 UInt rG = gregOfRexRM(pfx,modrm);
26415 if (epartIsReg(modrm)) {
26416 UInt rE = eregOfRexRM(pfx,modrm);
26417 DIP("vmovq %s,%s\n", nameXMMReg(rG), nameIReg64(rE));
26418 putIReg64(rE, getXMMRegLane64(rG, 0));
26419 delta += 1;
26420 } else {
26421 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
26422 storeLE( mkexpr(addr), getXMMRegLane64(rG, 0) );
26423 DIP("vmovq %s,%s\n", dis_buf, nameXMMReg(rG));
26424 delta += alen;
26425 }
26426 goto decode_success;
26427 }
26428 /* VMOVD xmm1, m32/r32 = VEX.128.66.0F.W0 7E /r (reg case only) */
26429 /* Moves from G to E, so is a store-form insn */
26430 if (have66noF2noF3(pfx)
26431 && 0==getVexL(pfx)/*128*/ && 0==getRexW(pfx)/*W0*/) {
26432 UChar modrm = getUChar(delta);
26433 UInt rG = gregOfRexRM(pfx,modrm);
26434 if (epartIsReg(modrm)) {
26435 UInt rE = eregOfRexRM(pfx,modrm);
26436 DIP("vmovd %s,%s\n", nameXMMReg(rG), nameIReg32(rE));
26437 putIReg32(rE, getXMMRegLane32(rG, 0));
26438 delta += 1;
26439 } else {
26440 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
26441 storeLE( mkexpr(addr), getXMMRegLane32(rG, 0) );
26442 DIP("vmovd %s,%s\n", dis_buf, nameXMMReg(rG));
26443 delta += alen;
26444 }
26445 goto decode_success;
26446 }
26447 break;
26448
26449 case 0x7F:
26450 /* VMOVDQA ymm1, ymm2/m256 = VEX.256.66.0F.WIG 7F */
26451 /* VMOVDQU ymm1, ymm2/m256 = VEX.256.F3.0F.WIG 7F */
26452 if ((have66noF2noF3(pfx) || haveF3no66noF2(pfx))
26453 && 1==getVexL(pfx)/*256*/) {
26454 UChar modrm = getUChar(delta);
26455 UInt rS = gregOfRexRM(pfx, modrm);
26456 IRTemp tS = newTemp(Ity_V256);
26457 Bool isA = have66noF2noF3(pfx);
26458 HChar ch = isA ? 'a' : 'u';
26459 assign(tS, getYMMReg(rS));
26460 if (epartIsReg(modrm)) {
26461 UInt rD = eregOfRexRM(pfx, modrm);
26462 delta += 1;
26463 putYMMReg(rD, mkexpr(tS));
26464 DIP("vmovdq%c %s,%s\n", ch, nameYMMReg(rS), nameYMMReg(rD));
26465 } else {
26466 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
26467 delta += alen;
26468 if (isA)
26469 gen_SEGV_if_not_32_aligned(addr);
26470 storeLE(mkexpr(addr), mkexpr(tS));
26471 DIP("vmovdq%c %s,%s\n", ch, nameYMMReg(rS), dis_buf);
26472 }
26473 goto decode_success;
26474 }
26475 /* VMOVDQA xmm1, xmm2/m128 = VEX.128.66.0F.WIG 7F */
26476 /* VMOVDQU xmm1, xmm2/m128 = VEX.128.F3.0F.WIG 7F */
26477 if ((have66noF2noF3(pfx) || haveF3no66noF2(pfx))
26478 && 0==getVexL(pfx)/*128*/) {
26479 UChar modrm = getUChar(delta);
26480 UInt rS = gregOfRexRM(pfx, modrm);
26481 IRTemp tS = newTemp(Ity_V128);
26482 Bool isA = have66noF2noF3(pfx);
26483 HChar ch = isA ? 'a' : 'u';
26484 assign(tS, getXMMReg(rS));
26485 if (epartIsReg(modrm)) {
26486 UInt rD = eregOfRexRM(pfx, modrm);
26487 delta += 1;
26488 putYMMRegLoAndZU(rD, mkexpr(tS));
26489 DIP("vmovdq%c %s,%s\n", ch, nameXMMReg(rS), nameXMMReg(rD));
26490 } else {
26491 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
26492 delta += alen;
26493 if (isA)
26494 gen_SEGV_if_not_16_aligned(addr);
26495 storeLE(mkexpr(addr), mkexpr(tS));
26496 DIP("vmovdq%c %s,%s\n", ch, nameXMMReg(rS), dis_buf);
26497 }
26498 goto decode_success;
26499 }
26500 break;
26501
26502 case 0xAE:
26503 /* VSTMXCSR m32 = VEX.LZ.0F.WIG AE /3 */
26504 if (haveNo66noF2noF3(pfx)
26505 && 0==getVexL(pfx)/*LZ*/
26506 && 0==getRexW(pfx) /* be paranoid -- Intel docs don't require this */
26507 && !epartIsReg(getUChar(delta)) && gregLO3ofRM(getUChar(delta)) == 3
26508 && sz == 4) {
26509 delta = dis_STMXCSR(vbi, pfx, delta, True/*isAvx*/);
26510 goto decode_success;
26511 }
26512 /* VLDMXCSR m32 = VEX.LZ.0F.WIG AE /2 */
26513 if (haveNo66noF2noF3(pfx)
26514 && 0==getVexL(pfx)/*LZ*/
26515 && 0==getRexW(pfx) /* be paranoid -- Intel docs don't require this */
26516 && !epartIsReg(getUChar(delta)) && gregLO3ofRM(getUChar(delta)) == 2
26517 && sz == 4) {
26518 delta = dis_LDMXCSR(vbi, pfx, delta, True/*isAvx*/);
26519 goto decode_success;
26520 }
26521 break;
26522
26523 case 0xC2:
26524 /* VCMPSD xmm3/m64(E=argL), xmm2(V=argR), xmm1(G) */
26525 /* = VEX.NDS.LIG.F2.0F.WIG C2 /r ib */
26526 if (haveF2no66noF3(pfx)) {
26527 Long delta0 = delta;
26528 delta = dis_AVX128_cmp_V_E_to_G( uses_vvvv, vbi, pfx, delta,
26529 "vcmpsd", False/*!all_lanes*/,
26530 8/*sz*/);
26531 if (delta > delta0) goto decode_success;
26532 /* else fall through -- decoding has failed */
26533 }
26534 /* VCMPSS xmm3/m32(E=argL), xmm2(V=argR), xmm1(G) */
26535 /* = VEX.NDS.LIG.F3.0F.WIG C2 /r ib */
26536 if (haveF3no66noF2(pfx)) {
26537 Long delta0 = delta;
26538 delta = dis_AVX128_cmp_V_E_to_G( uses_vvvv, vbi, pfx, delta,
26539 "vcmpss", False/*!all_lanes*/,
26540 4/*sz*/);
26541 if (delta > delta0) goto decode_success;
26542 /* else fall through -- decoding has failed */
26543 }
26544 /* VCMPPD xmm3/m128(E=argL), xmm2(V=argR), xmm1(G) */
26545 /* = VEX.NDS.128.66.0F.WIG C2 /r ib */
26546 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26547 Long delta0 = delta;
26548 delta = dis_AVX128_cmp_V_E_to_G( uses_vvvv, vbi, pfx, delta,
26549 "vcmppd", True/*all_lanes*/,
26550 8/*sz*/);
26551 if (delta > delta0) goto decode_success;
26552 /* else fall through -- decoding has failed */
26553 }
26554 /* VCMPPD ymm3/m256(E=argL), ymm2(V=argR), ymm1(G) */
26555 /* = VEX.NDS.256.66.0F.WIG C2 /r ib */
26556 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26557 Long delta0 = delta;
26558 delta = dis_AVX256_cmp_V_E_to_G( uses_vvvv, vbi, pfx, delta,
26559 "vcmppd", 8/*sz*/);
26560 if (delta > delta0) goto decode_success;
26561 /* else fall through -- decoding has failed */
26562 }
26563 /* VCMPPS xmm3/m128(E=argL), xmm2(V=argR), xmm1(G) */
26564 /* = VEX.NDS.128.0F.WIG C2 /r ib */
26565 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26566 Long delta0 = delta;
26567 delta = dis_AVX128_cmp_V_E_to_G( uses_vvvv, vbi, pfx, delta,
26568 "vcmpps", True/*all_lanes*/,
26569 4/*sz*/);
26570 if (delta > delta0) goto decode_success;
26571 /* else fall through -- decoding has failed */
26572 }
26573 /* VCMPPS ymm3/m256(E=argL), ymm2(V=argR), ymm1(G) */
26574 /* = VEX.NDS.256.0F.WIG C2 /r ib */
26575 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26576 Long delta0 = delta;
26577 delta = dis_AVX256_cmp_V_E_to_G( uses_vvvv, vbi, pfx, delta,
26578 "vcmpps", 4/*sz*/);
26579 if (delta > delta0) goto decode_success;
26580 /* else fall through -- decoding has failed */
26581 }
26582 break;
26583
26584 case 0xC4:
26585 /* VPINSRW r32/m16, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG C4 /r ib */
26586 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26587 UChar modrm = getUChar(delta);
26588 UInt rG = gregOfRexRM(pfx, modrm);
26589 UInt rV = getVexNvvvv(pfx);
26590 Int imm8;
26591 IRTemp new16 = newTemp(Ity_I16);
26592
26593 if ( epartIsReg( modrm ) ) {
26594 imm8 = (Int)(getUChar(delta+1) & 7);
26595 assign( new16, unop(Iop_32to16,
26596 getIReg32(eregOfRexRM(pfx,modrm))) );
26597 delta += 1+1;
26598 DIP( "vpinsrw $%d,%s,%s\n", imm8,
26599 nameIReg32( eregOfRexRM(pfx, modrm) ), nameXMMReg(rG) );
26600 } else {
26601 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
26602 imm8 = (Int)(getUChar(delta+alen) & 7);
26603 assign( new16, loadLE( Ity_I16, mkexpr(addr) ));
26604 delta += alen+1;
26605 DIP( "vpinsrw $%d,%s,%s\n",
26606 imm8, dis_buf, nameXMMReg(rG) );
26607 }
26608
26609 IRTemp src_vec = newTemp(Ity_V128);
26610 assign(src_vec, getXMMReg( rV ));
26611 IRTemp res_vec = math_PINSRW_128( src_vec, new16, imm8 );
26612 putYMMRegLoAndZU( rG, mkexpr(res_vec) );
26613 *uses_vvvv = True;
26614 goto decode_success;
26615 }
26616 break;
26617
26618 case 0xC5:
26619 /* VPEXTRW imm8, xmm1, reg32 = VEX.128.66.0F.W0 C5 /r ib */
26620 if (have66noF2noF3(pfx)
26621 && 0==getVexL(pfx)/*128*/ && 0==getRexW(pfx)/*W0*/) {
26622 Long delta0 = delta;
26623 delta = dis_PEXTRW_128_EregOnly_toG( vbi, pfx, delta,
26624 True/*isAvx*/ );
26625 if (delta > delta0) goto decode_success;
26626 /* else fall through -- decoding has failed */
26627 }
26628 break;
26629
26630 case 0xC6:
26631 /* VSHUFPS imm8, xmm3/m128, xmm2, xmm1, xmm2 */
26632 /* = VEX.NDS.128.0F.WIG C6 /r ib */
26633 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26634 Int imm8 = 0;
26635 IRTemp eV = newTemp(Ity_V128);
26636 IRTemp vV = newTemp(Ity_V128);
26637 UInt modrm = getUChar(delta);
26638 UInt rG = gregOfRexRM(pfx,modrm);
26639 UInt rV = getVexNvvvv(pfx);
26640 assign( vV, getXMMReg(rV) );
26641 if (epartIsReg(modrm)) {
26642 UInt rE = eregOfRexRM(pfx,modrm);
26643 assign( eV, getXMMReg(rE) );
26644 imm8 = (Int)getUChar(delta+1);
26645 delta += 1+1;
26646 DIP("vshufps $%d,%s,%s,%s\n",
26647 imm8, nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
26648 } else {
26649 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 1 );
26650 assign( eV, loadLE(Ity_V128, mkexpr(addr)) );
26651 imm8 = (Int)getUChar(delta+alen);
26652 delta += 1+alen;
26653 DIP("vshufps $%d,%s,%s,%s\n",
26654 imm8, dis_buf, nameXMMReg(rV), nameXMMReg(rG));
26655 }
26656 IRTemp res = math_SHUFPS_128( eV, vV, imm8 );
26657 putYMMRegLoAndZU( rG, mkexpr(res) );
26658 *uses_vvvv = True;
26659 goto decode_success;
26660 }
26661 /* VSHUFPS imm8, ymm3/m256, ymm2, ymm1, ymm2 */
26662 /* = VEX.NDS.256.0F.WIG C6 /r ib */
26663 if (haveNo66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26664 Int imm8 = 0;
26665 IRTemp eV = newTemp(Ity_V256);
26666 IRTemp vV = newTemp(Ity_V256);
26667 UInt modrm = getUChar(delta);
26668 UInt rG = gregOfRexRM(pfx,modrm);
26669 UInt rV = getVexNvvvv(pfx);
26670 assign( vV, getYMMReg(rV) );
26671 if (epartIsReg(modrm)) {
26672 UInt rE = eregOfRexRM(pfx,modrm);
26673 assign( eV, getYMMReg(rE) );
26674 imm8 = (Int)getUChar(delta+1);
26675 delta += 1+1;
26676 DIP("vshufps $%d,%s,%s,%s\n",
26677 imm8, nameYMMReg(rE), nameYMMReg(rV), nameYMMReg(rG));
26678 } else {
26679 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 1 );
26680 assign( eV, loadLE(Ity_V256, mkexpr(addr)) );
26681 imm8 = (Int)getUChar(delta+alen);
26682 delta += 1+alen;
26683 DIP("vshufps $%d,%s,%s,%s\n",
26684 imm8, dis_buf, nameYMMReg(rV), nameYMMReg(rG));
26685 }
26686 IRTemp res = math_SHUFPS_256( eV, vV, imm8 );
26687 putYMMReg( rG, mkexpr(res) );
26688 *uses_vvvv = True;
26689 goto decode_success;
26690 }
26691 /* VSHUFPD imm8, xmm3/m128, xmm2, xmm1, xmm2 */
26692 /* = VEX.NDS.128.66.0F.WIG C6 /r ib */
26693 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26694 Int imm8 = 0;
26695 IRTemp eV = newTemp(Ity_V128);
26696 IRTemp vV = newTemp(Ity_V128);
26697 UInt modrm = getUChar(delta);
26698 UInt rG = gregOfRexRM(pfx,modrm);
26699 UInt rV = getVexNvvvv(pfx);
26700 assign( vV, getXMMReg(rV) );
26701 if (epartIsReg(modrm)) {
26702 UInt rE = eregOfRexRM(pfx,modrm);
26703 assign( eV, getXMMReg(rE) );
26704 imm8 = (Int)getUChar(delta+1);
26705 delta += 1+1;
26706 DIP("vshufpd $%d,%s,%s,%s\n",
26707 imm8, nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
26708 } else {
26709 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 1 );
26710 assign( eV, loadLE(Ity_V128, mkexpr(addr)) );
26711 imm8 = (Int)getUChar(delta+alen);
26712 delta += 1+alen;
26713 DIP("vshufpd $%d,%s,%s,%s\n",
26714 imm8, dis_buf, nameXMMReg(rV), nameXMMReg(rG));
26715 }
26716 IRTemp res = math_SHUFPD_128( eV, vV, imm8 );
26717 putYMMRegLoAndZU( rG, mkexpr(res) );
26718 *uses_vvvv = True;
26719 goto decode_success;
26720 }
26721 /* VSHUFPD imm8, ymm3/m256, ymm2, ymm1, ymm2 */
26722 /* = VEX.NDS.256.66.0F.WIG C6 /r ib */
26723 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26724 Int imm8 = 0;
26725 IRTemp eV = newTemp(Ity_V256);
26726 IRTemp vV = newTemp(Ity_V256);
26727 UInt modrm = getUChar(delta);
26728 UInt rG = gregOfRexRM(pfx,modrm);
26729 UInt rV = getVexNvvvv(pfx);
26730 assign( vV, getYMMReg(rV) );
26731 if (epartIsReg(modrm)) {
26732 UInt rE = eregOfRexRM(pfx,modrm);
26733 assign( eV, getYMMReg(rE) );
26734 imm8 = (Int)getUChar(delta+1);
26735 delta += 1+1;
26736 DIP("vshufpd $%d,%s,%s,%s\n",
26737 imm8, nameYMMReg(rE), nameYMMReg(rV), nameYMMReg(rG));
26738 } else {
26739 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 1 );
26740 assign( eV, loadLE(Ity_V256, mkexpr(addr)) );
26741 imm8 = (Int)getUChar(delta+alen);
26742 delta += 1+alen;
26743 DIP("vshufpd $%d,%s,%s,%s\n",
26744 imm8, dis_buf, nameYMMReg(rV), nameYMMReg(rG));
26745 }
26746 IRTemp res = math_SHUFPD_256( eV, vV, imm8 );
26747 putYMMReg( rG, mkexpr(res) );
26748 *uses_vvvv = True;
26749 goto decode_success;
26750 }
26751 break;
26752
26753 case 0xD0:
26754 /* VADDSUBPD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG D0 /r */
26755 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26756 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_complex(
26757 uses_vvvv, vbi, pfx, delta,
26758 "vaddsubpd", math_ADDSUBPD_128 );
26759 goto decode_success;
26760 }
26761 /* VADDSUBPD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG D0 /r */
26762 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26763 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
26764 uses_vvvv, vbi, pfx, delta,
26765 "vaddsubpd", math_ADDSUBPD_256 );
26766 goto decode_success;
26767 }
26768 /* VADDSUBPS xmm3/m128, xmm2, xmm1 = VEX.NDS.128.F2.0F.WIG D0 /r */
26769 if (haveF2no66noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26770 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_complex(
26771 uses_vvvv, vbi, pfx, delta,
26772 "vaddsubps", math_ADDSUBPS_128 );
26773 goto decode_success;
26774 }
26775 /* VADDSUBPS ymm3/m256, ymm2, ymm1 = VEX.NDS.256.F2.0F.WIG D0 /r */
26776 if (haveF2no66noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26777 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
26778 uses_vvvv, vbi, pfx, delta,
26779 "vaddsubps", math_ADDSUBPS_256 );
26780 goto decode_success;
26781 }
26782 break;
26783
26784 case 0xD1:
26785 /* VPSRLW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG D1 /r */
26786 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26787 delta = dis_AVX128_shiftV_byE( vbi, pfx, delta,
26788 "vpsrlw", Iop_ShrN16x8 );
26789 *uses_vvvv = True;
26790 goto decode_success;
26791
26792 }
26793 /* VPSRLW xmm3/m128, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG D1 /r */
26794 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26795 delta = dis_AVX256_shiftV_byE( vbi, pfx, delta,
26796 "vpsrlw", Iop_ShrN16x16 );
26797 *uses_vvvv = True;
26798 goto decode_success;
26799
26800 }
26801 break;
26802
26803 case 0xD2:
26804 /* VPSRLD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG D2 /r */
26805 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26806 delta = dis_AVX128_shiftV_byE( vbi, pfx, delta,
26807 "vpsrld", Iop_ShrN32x4 );
26808 *uses_vvvv = True;
26809 goto decode_success;
26810 }
26811 /* VPSRLD xmm3/m128, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG D2 /r */
26812 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26813 delta = dis_AVX256_shiftV_byE( vbi, pfx, delta,
26814 "vpsrld", Iop_ShrN32x8 );
26815 *uses_vvvv = True;
26816 goto decode_success;
26817 }
26818 break;
26819
26820 case 0xD3:
26821 /* VPSRLQ xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG D3 /r */
26822 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26823 delta = dis_AVX128_shiftV_byE( vbi, pfx, delta,
26824 "vpsrlq", Iop_ShrN64x2 );
26825 *uses_vvvv = True;
26826 goto decode_success;
26827 }
26828 /* VPSRLQ xmm3/m128, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG D3 /r */
26829 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26830 delta = dis_AVX256_shiftV_byE( vbi, pfx, delta,
26831 "vpsrlq", Iop_ShrN64x4 );
26832 *uses_vvvv = True;
26833 goto decode_success;
26834 }
26835 break;
26836
26837 case 0xD4:
26838 /* VPADDQ r/m, rV, r ::: r = rV + r/m */
26839 /* VPADDQ = VEX.NDS.128.66.0F.WIG D4 /r */
26840 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26841 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
26842 uses_vvvv, vbi, pfx, delta, "vpaddq", Iop_Add64x2 );
26843 goto decode_success;
26844 }
26845 /* VPADDQ r/m, rV, r ::: r = rV + r/m */
26846 /* VPADDQ = VEX.NDS.256.66.0F.WIG D4 /r */
26847 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26848 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
26849 uses_vvvv, vbi, pfx, delta, "vpaddq", Iop_Add64x4 );
26850 goto decode_success;
26851 }
26852 break;
26853
26854 case 0xD5:
26855 /* VPMULLW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG D5 /r */
26856 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26857 delta = dis_AVX128_E_V_to_G(
26858 uses_vvvv, vbi, pfx, delta, "vpmullw", Iop_Mul16x8 );
26859 goto decode_success;
26860 }
26861 /* VPMULLW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG D5 /r */
26862 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26863 delta = dis_AVX256_E_V_to_G(
26864 uses_vvvv, vbi, pfx, delta, "vpmullw", Iop_Mul16x16 );
26865 goto decode_success;
26866 }
26867 break;
26868
26869 case 0xD6:
26870 /* I can't even find any Intel docs for this one. */
26871 /* Basically: 66 0F D6 = MOVQ -- move 64 bits from G (lo half
26872 xmm) to E (mem or lo half xmm). Looks like L==0(128), W==0
26873 (WIG, maybe?) */
26874 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
26875 && 0==getRexW(pfx)/*this might be redundant, dunno*/) {
26876 UChar modrm = getUChar(delta);
26877 UInt rG = gregOfRexRM(pfx,modrm);
26878 if (epartIsReg(modrm)) {
26879 /* fall through, awaiting test case */
26880 /* dst: lo half copied, hi half zeroed */
26881 } else {
26882 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
26883 storeLE( mkexpr(addr), getXMMRegLane64( rG, 0 ));
26884 DIP("vmovq %s,%s\n", nameXMMReg(rG), dis_buf );
26885 delta += alen;
26886 goto decode_success;
26887 }
26888 }
26889 break;
26890
26891 case 0xD7:
26892 /* VEX.128.66.0F.WIG D7 /r = VPMOVMSKB xmm1, r32 */
26893 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26894 delta = dis_PMOVMSKB_128( vbi, pfx, delta, True/*isAvx*/ );
26895 goto decode_success;
26896 }
26897 /* VEX.128.66.0F.WIG D7 /r = VPMOVMSKB ymm1, r32 */
26898 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26899 delta = dis_PMOVMSKB_256( vbi, pfx, delta );
26900 goto decode_success;
26901 }
26902 break;
26903
26904 case 0xD8:
26905 /* VPSUBUSB xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG D8 /r */
26906 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26907 delta = dis_AVX128_E_V_to_G(
26908 uses_vvvv, vbi, pfx, delta, "vpsubusb", Iop_QSub8Ux16 );
26909 goto decode_success;
26910 }
26911 /* VPSUBUSB ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG D8 /r */
26912 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26913 delta = dis_AVX256_E_V_to_G(
26914 uses_vvvv, vbi, pfx, delta, "vpsubusb", Iop_QSub8Ux32 );
26915 goto decode_success;
26916 }
26917 break;
26918
26919 case 0xD9:
26920 /* VPSUBUSW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG D9 /r */
26921 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26922 delta = dis_AVX128_E_V_to_G(
26923 uses_vvvv, vbi, pfx, delta, "vpsubusw", Iop_QSub16Ux8 );
26924 goto decode_success;
26925 }
26926 /* VPSUBUSW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG D9 /r */
26927 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26928 delta = dis_AVX256_E_V_to_G(
26929 uses_vvvv, vbi, pfx, delta, "vpsubusw", Iop_QSub16Ux16 );
26930 goto decode_success;
26931 }
26932 break;
26933
26934 case 0xDA:
26935 /* VPMINUB xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG DA /r */
26936 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26937 delta = dis_AVX128_E_V_to_G(
26938 uses_vvvv, vbi, pfx, delta, "vpminub", Iop_Min8Ux16 );
26939 goto decode_success;
26940 }
26941 /* VPMINUB ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG DA /r */
26942 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26943 delta = dis_AVX256_E_V_to_G(
26944 uses_vvvv, vbi, pfx, delta, "vpminub", Iop_Min8Ux32 );
26945 goto decode_success;
26946 }
26947 break;
26948
26949 case 0xDB:
26950 /* VPAND r/m, rV, r ::: r = rV & r/m */
26951 /* VEX.NDS.128.66.0F.WIG DB /r = VPAND xmm3/m128, xmm2, xmm1 */
26952 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26953 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
26954 uses_vvvv, vbi, pfx, delta, "vpand", Iop_AndV128 );
26955 goto decode_success;
26956 }
26957 /* VPAND r/m, rV, r ::: r = rV & r/m */
26958 /* VEX.NDS.256.66.0F.WIG DB /r = VPAND ymm3/m256, ymm2, ymm1 */
26959 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26960 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
26961 uses_vvvv, vbi, pfx, delta, "vpand", Iop_AndV256 );
26962 goto decode_success;
26963 }
26964 break;
26965
26966 case 0xDC:
26967 /* VPADDUSB xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG DC /r */
26968 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26969 delta = dis_AVX128_E_V_to_G(
26970 uses_vvvv, vbi, pfx, delta, "vpaddusb", Iop_QAdd8Ux16 );
26971 goto decode_success;
26972 }
26973 /* VPADDUSB ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG DC /r */
26974 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26975 delta = dis_AVX256_E_V_to_G(
26976 uses_vvvv, vbi, pfx, delta, "vpaddusb", Iop_QAdd8Ux32 );
26977 goto decode_success;
26978 }
26979 break;
26980
26981 case 0xDD:
26982 /* VPADDUSW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG DD /r */
26983 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26984 delta = dis_AVX128_E_V_to_G(
26985 uses_vvvv, vbi, pfx, delta, "vpaddusw", Iop_QAdd16Ux8 );
26986 goto decode_success;
26987 }
26988 /* VPADDUSW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG DD /r */
26989 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
26990 delta = dis_AVX256_E_V_to_G(
26991 uses_vvvv, vbi, pfx, delta, "vpaddusw", Iop_QAdd16Ux16 );
26992 goto decode_success;
26993 }
26994 break;
26995
26996 case 0xDE:
26997 /* VPMAXUB xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG DE /r */
26998 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
26999 delta = dis_AVX128_E_V_to_G(
27000 uses_vvvv, vbi, pfx, delta, "vpmaxub", Iop_Max8Ux16 );
27001 goto decode_success;
27002 }
27003 /* VPMAXUB ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG DE /r */
27004 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27005 delta = dis_AVX256_E_V_to_G(
27006 uses_vvvv, vbi, pfx, delta, "vpmaxub", Iop_Max8Ux32 );
27007 goto decode_success;
27008 }
27009 break;
27010
27011 case 0xDF:
27012 /* VPANDN r/m, rV, r ::: r = rV & ~r/m (is that correct, re the ~ ?) */
27013 /* VEX.NDS.128.66.0F.WIG DF /r = VPANDN xmm3/m128, xmm2, xmm1 */
27014 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27015 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
27016 uses_vvvv, vbi, pfx, delta, "vpandn", Iop_AndV128,
27017 NULL, True/*invertLeftArg*/, False/*swapArgs*/ );
27018 goto decode_success;
27019 }
27020 /* VPANDN r/m, rV, r ::: r = rV & ~r/m (is that correct, re the ~ ?) */
27021 /* VEX.NDS.256.66.0F.WIG DF /r = VPANDN ymm3/m256, ymm2, ymm1 */
27022 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27023 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG(
27024 uses_vvvv, vbi, pfx, delta, "vpandn", Iop_AndV256,
27025 NULL, True/*invertLeftArg*/, False/*swapArgs*/ );
27026 goto decode_success;
27027 }
27028 break;
27029
27030 case 0xE0:
27031 /* VPAVGB xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG E0 /r */
27032 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27033 delta = dis_AVX128_E_V_to_G(
27034 uses_vvvv, vbi, pfx, delta, "vpavgb", Iop_Avg8Ux16 );
27035 goto decode_success;
27036 }
27037 /* VPAVGB ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG E0 /r */
27038 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27039 delta = dis_AVX256_E_V_to_G(
27040 uses_vvvv, vbi, pfx, delta, "vpavgb", Iop_Avg8Ux32 );
27041 goto decode_success;
27042 }
27043 break;
27044
27045 case 0xE1:
27046 /* VPSRAW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG E1 /r */
27047 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27048 delta = dis_AVX128_shiftV_byE( vbi, pfx, delta,
27049 "vpsraw", Iop_SarN16x8 );
27050 *uses_vvvv = True;
27051 goto decode_success;
27052 }
27053 /* VPSRAW xmm3/m128, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG E1 /r */
27054 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27055 delta = dis_AVX256_shiftV_byE( vbi, pfx, delta,
27056 "vpsraw", Iop_SarN16x16 );
27057 *uses_vvvv = True;
27058 goto decode_success;
27059 }
27060 break;
27061
27062 case 0xE2:
27063 /* VPSRAD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG E2 /r */
27064 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27065 delta = dis_AVX128_shiftV_byE( vbi, pfx, delta,
27066 "vpsrad", Iop_SarN32x4 );
27067 *uses_vvvv = True;
27068 goto decode_success;
27069 }
27070 /* VPSRAD xmm3/m128, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG E2 /r */
27071 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27072 delta = dis_AVX256_shiftV_byE( vbi, pfx, delta,
27073 "vpsrad", Iop_SarN32x8 );
27074 *uses_vvvv = True;
27075 goto decode_success;
27076 }
27077 break;
27078
27079 case 0xE3:
27080 /* VPAVGW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG E3 /r */
27081 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27082 delta = dis_AVX128_E_V_to_G(
27083 uses_vvvv, vbi, pfx, delta, "vpavgw", Iop_Avg16Ux8 );
27084 goto decode_success;
27085 }
27086 /* VPAVGW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG E3 /r */
27087 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27088 delta = dis_AVX256_E_V_to_G(
27089 uses_vvvv, vbi, pfx, delta, "vpavgw", Iop_Avg16Ux16 );
27090 goto decode_success;
27091 }
27092 break;
27093
27094 case 0xE4:
27095 /* VPMULHUW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG E4 /r */
27096 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27097 delta = dis_AVX128_E_V_to_G(
27098 uses_vvvv, vbi, pfx, delta, "vpmulhuw", Iop_MulHi16Ux8 );
27099 goto decode_success;
27100 }
27101 /* VPMULHUW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG E4 /r */
27102 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27103 delta = dis_AVX256_E_V_to_G(
27104 uses_vvvv, vbi, pfx, delta, "vpmulhuw", Iop_MulHi16Ux16 );
27105 goto decode_success;
27106 }
27107 break;
27108
27109 case 0xE5:
27110 /* VPMULHW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG E5 /r */
27111 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27112 delta = dis_AVX128_E_V_to_G(
27113 uses_vvvv, vbi, pfx, delta, "vpmulhw", Iop_MulHi16Sx8 );
27114 goto decode_success;
27115 }
27116 /* VPMULHW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG E5 /r */
27117 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27118 delta = dis_AVX256_E_V_to_G(
27119 uses_vvvv, vbi, pfx, delta, "vpmulhw", Iop_MulHi16Sx16 );
27120 goto decode_success;
27121 }
27122 break;
27123
27124 case 0xE6:
27125 /* VCVTDQ2PD xmm2/m64, xmm1 = VEX.128.F3.0F.WIG E6 /r */
27126 if (haveF3no66noF2(pfx) && 0==getVexL(pfx)/*128*/) {
27127 delta = dis_CVTDQ2PD_128(vbi, pfx, delta, True/*isAvx*/);
27128 goto decode_success;
27129 }
27130 /* VCVTDQ2PD xmm2/m128, ymm1 = VEX.256.F3.0F.WIG E6 /r */
27131 if (haveF3no66noF2(pfx) && 1==getVexL(pfx)/*256*/) {
27132 delta = dis_CVTDQ2PD_256(vbi, pfx, delta);
27133 goto decode_success;
27134 }
27135 /* VCVTTPD2DQ xmm2/m128, xmm1 = VEX.128.66.0F.WIG E6 /r */
27136 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27137 delta = dis_CVTxPD2DQ_128(vbi, pfx, delta, True/*isAvx*/,
27138 True/*r2zero*/);
27139 goto decode_success;
27140 }
27141 /* VCVTTPD2DQ ymm2/m256, xmm1 = VEX.256.66.0F.WIG E6 /r */
27142 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27143 delta = dis_CVTxPD2DQ_256(vbi, pfx, delta, True/*r2zero*/);
27144 goto decode_success;
27145 }
27146 /* VCVTPD2DQ xmm2/m128, xmm1 = VEX.128.F2.0F.WIG E6 /r */
27147 if (haveF2no66noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27148 delta = dis_CVTxPD2DQ_128(vbi, pfx, delta, True/*isAvx*/,
27149 False/*!r2zero*/);
27150 goto decode_success;
27151 }
27152 /* VCVTPD2DQ ymm2/m256, xmm1 = VEX.256.F2.0F.WIG E6 /r */
27153 if (haveF2no66noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27154 delta = dis_CVTxPD2DQ_256(vbi, pfx, delta, False/*!r2zero*/);
27155 goto decode_success;
27156 }
27157 break;
27158
27159 case 0xE7:
27160 /* VMOVNTDQ xmm1, m128 = VEX.128.66.0F.WIG E7 /r */
27161 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27162 UChar modrm = getUChar(delta);
27163 UInt rG = gregOfRexRM(pfx,modrm);
27164 if (!epartIsReg(modrm)) {
27165 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
27166 gen_SEGV_if_not_16_aligned( addr );
27167 storeLE( mkexpr(addr), getXMMReg(rG) );
27168 DIP("vmovntdq %s,%s\n", dis_buf, nameXMMReg(rG));
27169 delta += alen;
27170 goto decode_success;
27171 }
27172 /* else fall through */
27173 }
27174 /* VMOVNTDQ ymm1, m256 = VEX.256.66.0F.WIG E7 /r */
27175 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27176 UChar modrm = getUChar(delta);
27177 UInt rG = gregOfRexRM(pfx,modrm);
27178 if (!epartIsReg(modrm)) {
27179 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
27180 gen_SEGV_if_not_32_aligned( addr );
27181 storeLE( mkexpr(addr), getYMMReg(rG) );
27182 DIP("vmovntdq %s,%s\n", dis_buf, nameYMMReg(rG));
27183 delta += alen;
27184 goto decode_success;
27185 }
27186 /* else fall through */
27187 }
27188 break;
27189
27190 case 0xE8:
27191 /* VPSUBSB xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG E8 /r */
27192 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27193 delta = dis_AVX128_E_V_to_G(
27194 uses_vvvv, vbi, pfx, delta, "vpsubsb", Iop_QSub8Sx16 );
27195 goto decode_success;
27196 }
27197 /* VPSUBSB ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG E8 /r */
27198 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27199 delta = dis_AVX256_E_V_to_G(
27200 uses_vvvv, vbi, pfx, delta, "vpsubsb", Iop_QSub8Sx32 );
27201 goto decode_success;
27202 }
27203 break;
27204
27205 case 0xE9:
27206 /* VPSUBSW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG E9 /r */
27207 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27208 delta = dis_AVX128_E_V_to_G(
27209 uses_vvvv, vbi, pfx, delta, "vpsubsw", Iop_QSub16Sx8 );
27210 goto decode_success;
27211 }
27212 /* VPSUBSW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG E9 /r */
27213 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27214 delta = dis_AVX256_E_V_to_G(
27215 uses_vvvv, vbi, pfx, delta, "vpsubsw", Iop_QSub16Sx16 );
27216 goto decode_success;
27217 }
27218 break;
27219
27220 case 0xEA:
27221 /* VPMINSW r/m, rV, r ::: r = min-signed16s(rV, r/m) */
27222 /* VPMINSW = VEX.NDS.128.66.0F.WIG EA /r */
27223 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27224 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
27225 uses_vvvv, vbi, pfx, delta, "vpminsw", Iop_Min16Sx8 );
27226 goto decode_success;
27227 }
27228 /* VPMINSW r/m, rV, r ::: r = min-signed16s(rV, r/m) */
27229 /* VPMINSW = VEX.NDS.256.66.0F.WIG EA /r */
27230 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27231 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
27232 uses_vvvv, vbi, pfx, delta, "vpminsw", Iop_Min16Sx16 );
27233 goto decode_success;
27234 }
27235 break;
27236
27237 case 0xEB:
27238 /* VPOR r/m, rV, r ::: r = rV | r/m */
27239 /* VPOR = VEX.NDS.128.66.0F.WIG EB /r */
27240 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27241 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
27242 uses_vvvv, vbi, pfx, delta, "vpor", Iop_OrV128 );
27243 goto decode_success;
27244 }
27245 /* VPOR r/m, rV, r ::: r = rV | r/m */
27246 /* VPOR = VEX.NDS.256.66.0F.WIG EB /r */
27247 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27248 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
27249 uses_vvvv, vbi, pfx, delta, "vpor", Iop_OrV256 );
27250 goto decode_success;
27251 }
27252 break;
27253
27254 case 0xEC:
27255 /* VPADDSB xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG EC /r */
27256 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27257 delta = dis_AVX128_E_V_to_G(
27258 uses_vvvv, vbi, pfx, delta, "vpaddsb", Iop_QAdd8Sx16 );
27259 goto decode_success;
27260 }
27261 /* VPADDSB ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG EC /r */
27262 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27263 delta = dis_AVX256_E_V_to_G(
27264 uses_vvvv, vbi, pfx, delta, "vpaddsb", Iop_QAdd8Sx32 );
27265 goto decode_success;
27266 }
27267 break;
27268
27269 case 0xED:
27270 /* VPADDSW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG ED /r */
27271 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27272 delta = dis_AVX128_E_V_to_G(
27273 uses_vvvv, vbi, pfx, delta, "vpaddsw", Iop_QAdd16Sx8 );
27274 goto decode_success;
27275 }
27276 /* VPADDSW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG ED /r */
27277 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27278 delta = dis_AVX256_E_V_to_G(
27279 uses_vvvv, vbi, pfx, delta, "vpaddsw", Iop_QAdd16Sx16 );
27280 goto decode_success;
27281 }
27282 break;
27283
27284 case 0xEE:
27285 /* VPMAXSW r/m, rV, r ::: r = max-signed16s(rV, r/m) */
27286 /* VPMAXSW = VEX.NDS.128.66.0F.WIG EE /r */
27287 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27288 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
27289 uses_vvvv, vbi, pfx, delta, "vpmaxsw", Iop_Max16Sx8 );
27290 goto decode_success;
27291 }
27292 /* VPMAXSW r/m, rV, r ::: r = max-signed16s(rV, r/m) */
27293 /* VPMAXSW = VEX.NDS.256.66.0F.WIG EE /r */
27294 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27295 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
27296 uses_vvvv, vbi, pfx, delta, "vpmaxsw", Iop_Max16Sx16 );
27297 goto decode_success;
27298 }
27299 break;
27300
27301 case 0xEF:
27302 /* VPXOR r/m, rV, r ::: r = rV ^ r/m */
27303 /* VPXOR = VEX.NDS.128.66.0F.WIG EF /r */
27304 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27305 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
27306 uses_vvvv, vbi, pfx, delta, "vpxor", Iop_XorV128 );
27307 goto decode_success;
27308 }
27309 /* VPXOR r/m, rV, r ::: r = rV ^ r/m */
27310 /* VPXOR = VEX.NDS.256.66.0F.WIG EF /r */
27311 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27312 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
27313 uses_vvvv, vbi, pfx, delta, "vpxor", Iop_XorV256 );
27314 goto decode_success;
27315 }
27316 break;
27317
27318 case 0xF0:
27319 /* VLDDQU m256, ymm1 = VEX.256.F2.0F.WIG F0 /r */
27320 if (haveF2no66noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27321 UChar modrm = getUChar(delta);
27322 UInt rD = gregOfRexRM(pfx, modrm);
27323 IRTemp tD = newTemp(Ity_V256);
27324 if (epartIsReg(modrm)) break;
27325 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
27326 delta += alen;
27327 assign(tD, loadLE(Ity_V256, mkexpr(addr)));
27328 DIP("vlddqu %s,%s\n", dis_buf, nameYMMReg(rD));
27329 putYMMReg(rD, mkexpr(tD));
27330 goto decode_success;
27331 }
27332 /* VLDDQU m128, xmm1 = VEX.128.F2.0F.WIG F0 /r */
27333 if (haveF2no66noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27334 UChar modrm = getUChar(delta);
27335 UInt rD = gregOfRexRM(pfx, modrm);
27336 IRTemp tD = newTemp(Ity_V128);
27337 if (epartIsReg(modrm)) break;
27338 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
27339 delta += alen;
27340 assign(tD, loadLE(Ity_V128, mkexpr(addr)));
27341 DIP("vlddqu %s,%s\n", dis_buf, nameXMMReg(rD));
27342 putYMMRegLoAndZU(rD, mkexpr(tD));
27343 goto decode_success;
27344 }
27345 break;
27346
27347 case 0xF1:
27348 /* VPSLLW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG F1 /r */
27349 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27350 delta = dis_AVX128_shiftV_byE( vbi, pfx, delta,
27351 "vpsllw", Iop_ShlN16x8 );
27352 *uses_vvvv = True;
27353 goto decode_success;
27354
27355 }
27356 /* VPSLLW xmm3/m128, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG F1 /r */
27357 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27358 delta = dis_AVX256_shiftV_byE( vbi, pfx, delta,
27359 "vpsllw", Iop_ShlN16x16 );
27360 *uses_vvvv = True;
27361 goto decode_success;
27362
27363 }
27364 break;
27365
27366 case 0xF2:
27367 /* VPSLLD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG F2 /r */
27368 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27369 delta = dis_AVX128_shiftV_byE( vbi, pfx, delta,
27370 "vpslld", Iop_ShlN32x4 );
27371 *uses_vvvv = True;
27372 goto decode_success;
27373 }
27374 /* VPSLLD xmm3/m128, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG F2 /r */
27375 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27376 delta = dis_AVX256_shiftV_byE( vbi, pfx, delta,
27377 "vpslld", Iop_ShlN32x8 );
27378 *uses_vvvv = True;
27379 goto decode_success;
27380 }
27381 break;
27382
27383 case 0xF3:
27384 /* VPSLLQ xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG F3 /r */
27385 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27386 delta = dis_AVX128_shiftV_byE( vbi, pfx, delta,
27387 "vpsllq", Iop_ShlN64x2 );
27388 *uses_vvvv = True;
27389 goto decode_success;
27390 }
27391 /* VPSLLQ xmm3/m128, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG F3 /r */
27392 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27393 delta = dis_AVX256_shiftV_byE( vbi, pfx, delta,
27394 "vpsllq", Iop_ShlN64x4 );
27395 *uses_vvvv = True;
27396 goto decode_success;
27397 }
27398 break;
27399
27400 case 0xF4:
27401 /* VPMULUDQ xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG F4 /r */
27402 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27403 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_complex(
27404 uses_vvvv, vbi, pfx, delta,
27405 "vpmuludq", math_PMULUDQ_128 );
27406 goto decode_success;
27407 }
27408 /* VPMULUDQ ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG F4 /r */
27409 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27410 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
27411 uses_vvvv, vbi, pfx, delta,
27412 "vpmuludq", math_PMULUDQ_256 );
27413 goto decode_success;
27414 }
27415 break;
27416
27417 case 0xF5:
27418 /* VPMADDWD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG F5 /r */
27419 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27420 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_complex(
27421 uses_vvvv, vbi, pfx, delta,
27422 "vpmaddwd", math_PMADDWD_128 );
27423 goto decode_success;
27424 }
27425 /* VPMADDWD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG F5 /r */
27426 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27427 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
27428 uses_vvvv, vbi, pfx, delta,
27429 "vpmaddwd", math_PMADDWD_256 );
27430 goto decode_success;
27431 }
27432 break;
27433
27434 case 0xF6:
27435 /* VPSADBW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F.WIG F6 /r */
27436 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27437 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_complex(
27438 uses_vvvv, vbi, pfx, delta,
27439 "vpsadbw", math_PSADBW_128 );
27440 goto decode_success;
27441 }
27442 /* VPSADBW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F.WIG F6 /r */
27443 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27444 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
27445 uses_vvvv, vbi, pfx, delta,
27446 "vpsadbw", math_PSADBW_256 );
27447 goto decode_success;
27448 }
27449 break;
27450
27451 case 0xF7:
27452 /* VMASKMOVDQU xmm2, xmm1 = VEX.128.66.0F.WIG F7 /r */
27453 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
27454 && epartIsReg(getUChar(delta))) {
27455 delta = dis_MASKMOVDQU( vbi, pfx, delta, True/*isAvx*/ );
27456 goto decode_success;
27457 }
27458 break;
27459
27460 case 0xF8:
27461 /* VPSUBB r/m, rV, r ::: r = rV - r/m */
27462 /* VPSUBB = VEX.NDS.128.66.0F.WIG F8 /r */
27463 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27464 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
27465 uses_vvvv, vbi, pfx, delta, "vpsubb", Iop_Sub8x16 );
27466 goto decode_success;
27467 }
27468 /* VPSUBB r/m, rV, r ::: r = rV - r/m */
27469 /* VPSUBB = VEX.NDS.256.66.0F.WIG F8 /r */
27470 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27471 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
27472 uses_vvvv, vbi, pfx, delta, "vpsubb", Iop_Sub8x32 );
27473 goto decode_success;
27474 }
27475 break;
27476
27477 case 0xF9:
27478 /* VPSUBW r/m, rV, r ::: r = rV - r/m */
27479 /* VPSUBW = VEX.NDS.128.66.0F.WIG F9 /r */
27480 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27481 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
27482 uses_vvvv, vbi, pfx, delta, "vpsubw", Iop_Sub16x8 );
27483 goto decode_success;
27484 }
27485 /* VPSUBW r/m, rV, r ::: r = rV - r/m */
27486 /* VPSUBW = VEX.NDS.256.66.0F.WIG F9 /r */
27487 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27488 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
27489 uses_vvvv, vbi, pfx, delta, "vpsubw", Iop_Sub16x16 );
27490 goto decode_success;
27491 }
27492 break;
27493
27494 case 0xFA:
27495 /* VPSUBD r/m, rV, r ::: r = rV - r/m */
27496 /* VPSUBD = VEX.NDS.128.66.0F.WIG FA /r */
27497 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27498 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
27499 uses_vvvv, vbi, pfx, delta, "vpsubd", Iop_Sub32x4 );
27500 goto decode_success;
27501 }
27502 /* VPSUBD r/m, rV, r ::: r = rV - r/m */
27503 /* VPSUBD = VEX.NDS.256.66.0F.WIG FA /r */
27504 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27505 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
27506 uses_vvvv, vbi, pfx, delta, "vpsubd", Iop_Sub32x8 );
27507 goto decode_success;
27508 }
27509 break;
27510
27511 case 0xFB:
27512 /* VPSUBQ r/m, rV, r ::: r = rV - r/m */
27513 /* VPSUBQ = VEX.NDS.128.66.0F.WIG FB /r */
27514 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27515 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
27516 uses_vvvv, vbi, pfx, delta, "vpsubq", Iop_Sub64x2 );
27517 goto decode_success;
27518 }
27519 /* VPSUBQ r/m, rV, r ::: r = rV - r/m */
27520 /* VPSUBQ = VEX.NDS.256.66.0F.WIG FB /r */
27521 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27522 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
27523 uses_vvvv, vbi, pfx, delta, "vpsubq", Iop_Sub64x4 );
27524 goto decode_success;
27525 }
27526 break;
27527
27528 case 0xFC:
27529 /* VPADDB r/m, rV, r ::: r = rV + r/m */
27530 /* VPADDB = VEX.NDS.128.66.0F.WIG FC /r */
27531 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27532 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
27533 uses_vvvv, vbi, pfx, delta, "vpaddb", Iop_Add8x16 );
27534 goto decode_success;
27535 }
27536 /* VPADDB r/m, rV, r ::: r = rV + r/m */
27537 /* VPADDB = VEX.NDS.256.66.0F.WIG FC /r */
27538 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27539 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
27540 uses_vvvv, vbi, pfx, delta, "vpaddb", Iop_Add8x32 );
27541 goto decode_success;
27542 }
27543 break;
27544
27545 case 0xFD:
27546 /* VPADDW r/m, rV, r ::: r = rV + r/m */
27547 /* VPADDW = VEX.NDS.128.66.0F.WIG FD /r */
27548 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27549 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
27550 uses_vvvv, vbi, pfx, delta, "vpaddw", Iop_Add16x8 );
27551 goto decode_success;
27552 }
27553 /* VPADDW r/m, rV, r ::: r = rV + r/m */
27554 /* VPADDW = VEX.NDS.256.66.0F.WIG FD /r */
27555 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27556 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
27557 uses_vvvv, vbi, pfx, delta, "vpaddw", Iop_Add16x16 );
27558 goto decode_success;
27559 }
27560 break;
27561
27562 case 0xFE:
27563 /* VPADDD r/m, rV, r ::: r = rV + r/m */
27564 /* VPADDD = VEX.NDS.128.66.0F.WIG FE /r */
27565 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
27566 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
27567 uses_vvvv, vbi, pfx, delta, "vpaddd", Iop_Add32x4 );
27568 goto decode_success;
27569 }
27570 /* VPADDD r/m, rV, r ::: r = rV + r/m */
27571 /* VPADDD = VEX.NDS.256.66.0F.WIG FE /r */
27572 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
27573 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
27574 uses_vvvv, vbi, pfx, delta, "vpaddd", Iop_Add32x8 );
27575 goto decode_success;
27576 }
27577 break;
27578
27579 default:
27580 break;
27581
27582 }
27583
27584 //decode_failure:
27585 return deltaIN;
27586
27587 decode_success:
27588 return delta;
27589 }
27590
27591
27592 /*------------------------------------------------------------*/
27593 /*--- ---*/
27594 /*--- Top-level post-escape decoders: dis_ESC_0F38__VEX ---*/
27595 /*--- ---*/
27596 /*------------------------------------------------------------*/
27597
27598 static IRTemp math_PERMILPS_VAR_128 ( IRTemp dataV, IRTemp ctrlV )
27599 {
27600 /* In the control vector, zero out all but the bottom two bits of
27601 each 32-bit lane. */
27602 IRExpr* cv1 = binop(Iop_ShrN32x4,
27603 binop(Iop_ShlN32x4, mkexpr(ctrlV), mkU8(30)),
27604 mkU8(30));
27605 /* And use the resulting cleaned-up control vector as steering
27606 in a Perm operation. */
27607 IRTemp res = newTemp(Ity_V128);
27608 assign(res, binop(Iop_Perm32x4, mkexpr(dataV), cv1));
27609 return res;
27610 }
27611
27612 static IRTemp math_PERMILPS_VAR_256 ( IRTemp dataV, IRTemp ctrlV )
27613 {
27614 IRTemp dHi, dLo, cHi, cLo;
27615 dHi = dLo = cHi = cLo = IRTemp_INVALID;
27616 breakupV256toV128s( dataV, &dHi, &dLo );
27617 breakupV256toV128s( ctrlV, &cHi, &cLo );
27618 IRTemp rHi = math_PERMILPS_VAR_128( dHi, cHi );
27619 IRTemp rLo = math_PERMILPS_VAR_128( dLo, cLo );
27620 IRTemp res = newTemp(Ity_V256);
27621 assign(res, binop(Iop_V128HLtoV256, mkexpr(rHi), mkexpr(rLo)));
27622 return res;
27623 }
27624
27625 static IRTemp math_PERMILPD_VAR_128 ( IRTemp dataV, IRTemp ctrlV )
27626 {
27627 /* No cleverness here .. */
27628 IRTemp dHi, dLo, cHi, cLo;
27629 dHi = dLo = cHi = cLo = IRTemp_INVALID;
27630 breakupV128to64s( dataV, &dHi, &dLo );
27631 breakupV128to64s( ctrlV, &cHi, &cLo );
27632 IRExpr* rHi
27633 = IRExpr_ITE( unop(Iop_64to1,
27634 binop(Iop_Shr64, mkexpr(cHi), mkU8(1))),
27635 mkexpr(dHi), mkexpr(dLo) );
27636 IRExpr* rLo
27637 = IRExpr_ITE( unop(Iop_64to1,
27638 binop(Iop_Shr64, mkexpr(cLo), mkU8(1))),
27639 mkexpr(dHi), mkexpr(dLo) );
27640 IRTemp res = newTemp(Ity_V128);
27641 assign(res, binop(Iop_64HLtoV128, rHi, rLo));
27642 return res;
27643 }
27644
27645 static IRTemp math_PERMILPD_VAR_256 ( IRTemp dataV, IRTemp ctrlV )
27646 {
27647 IRTemp dHi, dLo, cHi, cLo;
27648 dHi = dLo = cHi = cLo = IRTemp_INVALID;
27649 breakupV256toV128s( dataV, &dHi, &dLo );
27650 breakupV256toV128s( ctrlV, &cHi, &cLo );
27651 IRTemp rHi = math_PERMILPD_VAR_128( dHi, cHi );
27652 IRTemp rLo = math_PERMILPD_VAR_128( dLo, cLo );
27653 IRTemp res = newTemp(Ity_V256);
27654 assign(res, binop(Iop_V128HLtoV256, mkexpr(rHi), mkexpr(rLo)));
27655 return res;
27656 }
27657
27658 static IRTemp math_VPERMD ( IRTemp ctrlV, IRTemp dataV )
27659 {
27660 /* In the control vector, zero out all but the bottom three bits of
27661 each 32-bit lane. */
27662 IRExpr* cv1 = binop(Iop_ShrN32x8,
27663 binop(Iop_ShlN32x8, mkexpr(ctrlV), mkU8(29)),
27664 mkU8(29));
27665 /* And use the resulting cleaned-up control vector as steering
27666 in a Perm operation. */
27667 IRTemp res = newTemp(Ity_V256);
27668 assign(res, binop(Iop_Perm32x8, mkexpr(dataV), cv1));
27669 return res;
27670 }
27671
27672 static Long dis_SHIFTX ( /*OUT*/Bool* uses_vvvv,
27673 const VexAbiInfo* vbi, Prefix pfx, Long delta,
27674 const HChar* opname, IROp op8 )
27675 {
27676 HChar dis_buf[50];
27677 Int alen;
27678 Int size = getRexW(pfx) ? 8 : 4;
27679 IRType ty = szToITy(size);
27680 IRTemp src = newTemp(ty);
27681 IRTemp amt = newTemp(ty);
27682 UChar rm = getUChar(delta);
27683
27684 assign( amt, getIRegV(size,pfx) );
27685 if (epartIsReg(rm)) {
27686 assign( src, getIRegE(size,pfx,rm) );
27687 DIP("%s %s,%s,%s\n", opname, nameIRegV(size,pfx),
27688 nameIRegE(size,pfx,rm), nameIRegG(size,pfx,rm));
27689 delta++;
27690 } else {
27691 IRTemp addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
27692 assign( src, loadLE(ty, mkexpr(addr)) );
27693 DIP("%s %s,%s,%s\n", opname, nameIRegV(size,pfx), dis_buf,
27694 nameIRegG(size,pfx,rm));
27695 delta += alen;
27696 }
27697
27698 putIRegG( size, pfx, rm,
27699 binop(mkSizedOp(ty,op8), mkexpr(src),
27700 narrowTo(Ity_I8, binop(mkSizedOp(ty,Iop_And8), mkexpr(amt),
27701 mkU(ty,8*size-1)))) );
27702 /* Flags aren't modified. */
27703 *uses_vvvv = True;
27704 return delta;
27705 }
27706
27707
27708 static Long dis_FMA ( const VexAbiInfo* vbi, Prefix pfx, Long delta, UChar opc )
27709 {
27710 UChar modrm = getUChar(delta);
27711 UInt rG = gregOfRexRM(pfx, modrm);
27712 UInt rV = getVexNvvvv(pfx);
27713 Bool scalar = (opc & 0xF) > 7 && (opc & 1);
27714 IRType ty = getRexW(pfx) ? Ity_F64 : Ity_F32;
27715 IRType vty = scalar ? ty : (getVexL(pfx) ? Ity_V256 : Ity_V128);
27716 IRTemp addr = IRTemp_INVALID;
27717 HChar dis_buf[50];
27718 Int alen = 0;
27719 const HChar *name;
27720 const HChar *suffix;
27721 const HChar *order;
27722 Bool negateRes = False;
27723 Bool negateZeven = False;
27724 Bool negateZodd = False;
27725 UInt count = 0;
27726
27727 switch (opc & 0xF) {
27728 case 0x6: name = "addsub"; negateZeven = True; break;
27729 case 0x7: name = "subadd"; negateZodd = True; break;
27730 case 0x8:
27731 case 0x9: name = "add"; break;
27732 case 0xA:
27733 case 0xB: name = "sub"; negateZeven = True; negateZodd = True;
27734 break;
27735 case 0xC:
27736 case 0xD: name = "add"; negateRes = True; negateZeven = True;
27737 negateZodd = True; break;
27738 case 0xE:
27739 case 0xF: name = "sub"; negateRes = True; break;
27740 default: vpanic("dis_FMA(amd64)"); break;
27741 }
27742 switch (opc & 0xF0) {
27743 case 0x90: order = "132"; break;
27744 case 0xA0: order = "213"; break;
27745 case 0xB0: order = "231"; break;
27746 default: vpanic("dis_FMA(amd64)"); break;
27747 }
27748 if (scalar) {
27749 suffix = ty == Ity_F64 ? "sd" : "ss";
27750 } else {
27751 suffix = ty == Ity_F64 ? "pd" : "ps";
27752 }
27753
27754 // Figure out |count| (the number of elements) by considering |vty| and |ty|.
27755 count = sizeofIRType(vty) / sizeofIRType(ty);
27756 vassert(count == 1 || count == 2 || count == 4 || count == 8);
27757
27758 // Fetch operands into the first |count| elements of |sX|, |sY| and |sZ|.
27759 UInt i;
27760 IRExpr *sX[8], *sY[8], *sZ[8], *res[8];
27761 for (i = 0; i < 8; i++) sX[i] = sY[i] = sZ[i] = res[i] = NULL;
27762
27763 IRExpr* (*getYMMRegLane)(UInt,Int)
27764 = ty == Ity_F32 ? getYMMRegLane32F : getYMMRegLane64F;
27765 void (*putYMMRegLane)(UInt,Int,IRExpr*)
27766 = ty == Ity_F32 ? putYMMRegLane32F : putYMMRegLane64F;
27767
27768 for (i = 0; i < count; i++) {
27769 sX[i] = getYMMRegLane(rG, i);
27770 sZ[i] = getYMMRegLane(rV, i);
27771 }
27772
27773 if (epartIsReg(modrm)) {
27774 UInt rE = eregOfRexRM(pfx, modrm);
27775 delta += 1;
27776 for (i = 0; i < count; i++) {
27777 sY[i] = getYMMRegLane(rE, i);
27778 }
27779 if (vty == Ity_V256) {
27780 DIP("vf%sm%s%s%s %s,%s,%s\n", negateRes ? "n" : "",
27781 name, order, suffix, nameYMMReg(rE), nameYMMReg(rV),
27782 nameYMMReg(rG));
27783 } else {
27784 DIP("vf%sm%s%s%s %s,%s,%s\n", negateRes ? "n" : "",
27785 name, order, suffix, nameXMMReg(rE), nameXMMReg(rV),
27786 nameXMMReg(rG));
27787 }
27788 } else {
27789 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
27790 delta += alen;
27791 for (i = 0; i < count; i++) {
27792 sY[i] = loadLE(ty, binop(Iop_Add64, mkexpr(addr),
27793 mkU64(i * sizeofIRType(ty))));
27794 }
27795 if (vty == Ity_V256) {
27796 DIP("vf%sm%s%s%s %s,%s,%s\n", negateRes ? "n" : "",
27797 name, order, suffix, dis_buf, nameYMMReg(rV),
27798 nameYMMReg(rG));
27799 } else {
27800 DIP("vf%sm%s%s%s %s,%s,%s\n", negateRes ? "n" : "",
27801 name, order, suffix, dis_buf, nameXMMReg(rV),
27802 nameXMMReg(rG));
27803 }
27804 }
27805
27806 /* vX/vY/vZ are now in 132 order. If the instruction requires a different
27807 order, swap them around. */
27808
27809 # define COPY_ARR(_dst, _src) \
27810 do { for (int j = 0; j < 8; j++) { _dst[j] = _src[j]; } } while (0)
27811
27812 if ((opc & 0xF0) != 0x90) {
27813 IRExpr* temp[8];
27814 COPY_ARR(temp, sX);
27815 if ((opc & 0xF0) == 0xA0) {
27816 COPY_ARR(sX, sZ);
27817 COPY_ARR(sZ, sY);
27818 COPY_ARR(sY, temp);
27819 } else {
27820 COPY_ARR(sX, sZ);
27821 COPY_ARR(sZ, temp);
27822 }
27823 }
27824
27825 # undef COPY_ARR
27826
27827 for (i = 0; i < count; i++) {
27828 IROp opNEG = ty == Ity_F64 ? Iop_NegF64 : Iop_NegF32;
27829 if ((i & 1) ? negateZodd : negateZeven) {
27830 sZ[i] = unop(opNEG, sZ[i]);
27831 }
27832 res[i] = IRExpr_Qop(ty == Ity_F64 ? Iop_MAddF64 : Iop_MAddF32,
27833 get_FAKE_roundingmode(), sX[i], sY[i], sZ[i]);
27834 if (negateRes) {
27835 res[i] = unop(opNEG, res[i]);
27836 }
27837 }
27838
27839 for (i = 0; i < count; i++) {
27840 putYMMRegLane(rG, i, res[i]);
27841 }
27842
27843 switch (vty) {
27844 case Ity_F32: putYMMRegLane32(rG, 1, mkU32(0)); /*fallthru*/
27845 case Ity_F64: putYMMRegLane64(rG, 1, mkU64(0)); /*fallthru*/
27846 case Ity_V128: putYMMRegLane128(rG, 1, mkV128(0)); /*fallthru*/
27847 case Ity_V256: break;
27848 default: vassert(0);
27849 }
27850
27851 return delta;
27852 }
27853
27854
27855 /* Masked load or masked store. */
27856 static ULong dis_VMASKMOV ( Bool *uses_vvvv, const VexAbiInfo* vbi,
27857 Prefix pfx, Long delta,
27858 const HChar* opname, Bool isYMM, IRType ty,
27859 Bool isLoad )
27860 {
27861 HChar dis_buf[50];
27862 Int alen, i;
27863 IRTemp addr;
27864 UChar modrm = getUChar(delta);
27865 UInt rG = gregOfRexRM(pfx,modrm);
27866 UInt rV = getVexNvvvv(pfx);
27867
27868 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
27869 delta += alen;
27870
27871 /**/ if (isLoad && isYMM) {
27872 DIP("%s %s,%s,%s\n", opname, dis_buf, nameYMMReg(rV), nameYMMReg(rG) );
27873 }
27874 else if (isLoad && !isYMM) {
27875 DIP("%s %s,%s,%s\n", opname, dis_buf, nameXMMReg(rV), nameXMMReg(rG) );
27876 }
27877
27878 else if (!isLoad && isYMM) {
27879 DIP("%s %s,%s,%s\n", opname, nameYMMReg(rG), nameYMMReg(rV), dis_buf );
27880 }
27881 else {
27882 vassert(!isLoad && !isYMM);
27883 DIP("%s %s,%s,%s\n", opname, nameXMMReg(rG), nameXMMReg(rV), dis_buf );
27884 }
27885
27886 vassert(ty == Ity_I32 || ty == Ity_I64);
27887 Bool laneIs32 = ty == Ity_I32;
27888
27889 Int nLanes = (isYMM ? 2 : 1) * (laneIs32 ? 4 : 2);
27890
27891 for (i = 0; i < nLanes; i++) {
27892 IRExpr* shAmt = laneIs32 ? mkU8(31) : mkU8(63);
27893 IRExpr* one = laneIs32 ? mkU32(1) : mkU64(1);
27894 IROp opSHR = laneIs32 ? Iop_Shr32 : Iop_Shr64;
27895 IROp opEQ = laneIs32 ? Iop_CmpEQ32 : Iop_CmpEQ64;
27896 IRExpr* lane = (laneIs32 ? getYMMRegLane32 : getYMMRegLane64)( rV, i );
27897
27898 IRTemp cond = newTemp(Ity_I1);
27899 assign(cond, binop(opEQ, binop(opSHR, lane, shAmt), one));
27900
27901 IRTemp data = newTemp(ty);
27902 IRExpr* ea = binop(Iop_Add64, mkexpr(addr),
27903 mkU64(i * (laneIs32 ? 4 : 8)));
27904 if (isLoad) {
27905 stmt(
27906 IRStmt_LoadG(
27907 Iend_LE, laneIs32 ? ILGop_Ident32 : ILGop_Ident64,
27908 data, ea, laneIs32 ? mkU32(0) : mkU64(0), mkexpr(cond)
27909 ));
27910 (laneIs32 ? putYMMRegLane32 : putYMMRegLane64)( rG, i, mkexpr(data) );
27911 } else {
27912 assign(data, (laneIs32 ? getYMMRegLane32 : getYMMRegLane64)( rG, i ));
27913 stmt( IRStmt_StoreG(Iend_LE, ea, mkexpr(data), mkexpr(cond)) );
27914 }
27915 }
27916
27917 if (isLoad && !isYMM)
27918 putYMMRegLane128( rG, 1, mkV128(0) );
27919
27920 *uses_vvvv = True;
27921 return delta;
27922 }
27923
27924
27925 /* Gather. */
27926 static ULong dis_VGATHER ( Bool *uses_vvvv, const VexAbiInfo* vbi,
27927 Prefix pfx, Long delta,
27928 const HChar* opname, Bool isYMM,
27929 Bool isVM64x, IRType ty )
27930 {
27931 HChar dis_buf[50];
27932 Int alen, i, vscale, count1, count2;
27933 IRTemp addr;
27934 UChar modrm = getUChar(delta);
27935 UInt rG = gregOfRexRM(pfx,modrm);
27936 UInt rV = getVexNvvvv(pfx);
27937 UInt rI;
27938 IRType dstTy = (isYMM && (ty == Ity_I64 || !isVM64x)) ? Ity_V256 : Ity_V128;
27939 IRType idxTy = (isYMM && (ty == Ity_I32 || isVM64x)) ? Ity_V256 : Ity_V128;
27940 IRTemp cond;
27941 addr = disAVSIBMode ( &alen, vbi, pfx, delta, dis_buf, &rI,
27942 idxTy, &vscale );
27943 if (addr == IRTemp_INVALID || rI == rG || rI == rV || rG == rV)
27944 return delta;
27945 if (dstTy == Ity_V256) {
27946 DIP("%s %s,%s,%s\n", opname, nameYMMReg(rV), dis_buf, nameYMMReg(rG) );
27947 } else {
27948 DIP("%s %s,%s,%s\n", opname, nameXMMReg(rV), dis_buf, nameXMMReg(rG) );
27949 }
27950 delta += alen;
27951
27952 if (ty == Ity_I32) {
27953 count1 = isYMM ? 8 : 4;
27954 count2 = isVM64x ? count1 / 2 : count1;
27955 } else {
27956 count1 = count2 = isYMM ? 4 : 2;
27957 }
27958
27959 /* First update the mask register to copies of the sign bit. */
27960 if (ty == Ity_I32) {
27961 if (isYMM)
27962 putYMMReg( rV, binop(Iop_SarN32x8, getYMMReg( rV ), mkU8(31)) );
27963 else
27964 putYMMRegLoAndZU( rV, binop(Iop_SarN32x4, getXMMReg( rV ), mkU8(31)) );
27965 } else {
27966 for (i = 0; i < count1; i++) {
27967 putYMMRegLane64( rV, i, binop(Iop_Sar64, getYMMRegLane64( rV, i ),
27968 mkU8(63)) );
27969 }
27970 }
27971
27972 /* Next gather the individual elements. If any fault occurs, the
27973 corresponding mask element will be set and the loop stops. */
27974 for (i = 0; i < count2; i++) {
27975 IRExpr *expr, *addr_expr;
27976 cond = newTemp(Ity_I1);
27977 assign( cond,
27978 binop(ty == Ity_I32 ? Iop_CmpLT32S : Iop_CmpLT64S,
27979 ty == Ity_I32 ? getYMMRegLane32( rV, i )
27980 : getYMMRegLane64( rV, i ),
27981 mkU(ty, 0)) );
27982 expr = ty == Ity_I32 ? getYMMRegLane32( rG, i )
27983 : getYMMRegLane64( rG, i );
27984 addr_expr = isVM64x ? getYMMRegLane64( rI, i )
27985 : unop(Iop_32Sto64, getYMMRegLane32( rI, i ));
27986 switch (vscale) {
27987 case 2: addr_expr = binop(Iop_Shl64, addr_expr, mkU8(1)); break;
27988 case 4: addr_expr = binop(Iop_Shl64, addr_expr, mkU8(2)); break;
27989 case 8: addr_expr = binop(Iop_Shl64, addr_expr, mkU8(3)); break;
27990 default: break;
27991 }
27992 addr_expr = binop(Iop_Add64, mkexpr(addr), addr_expr);
27993 addr_expr = handleAddrOverrides(vbi, pfx, addr_expr);
27994 addr_expr = IRExpr_ITE(mkexpr(cond), addr_expr, getIReg64(R_RSP));
27995 expr = IRExpr_ITE(mkexpr(cond), loadLE(ty, addr_expr), expr);
27996 if (ty == Ity_I32) {
27997 putYMMRegLane32( rG, i, expr );
27998 putYMMRegLane32( rV, i, mkU32(0) );
27999 } else {
28000 putYMMRegLane64( rG, i, expr);
28001 putYMMRegLane64( rV, i, mkU64(0) );
28002 }
28003 }
28004
28005 if (!isYMM || (ty == Ity_I32 && isVM64x)) {
28006 if (ty == Ity_I64 || isYMM)
28007 putYMMRegLane128( rV, 1, mkV128(0) );
28008 else if (ty == Ity_I32 && count2 == 2) {
28009 putYMMRegLane64( rV, 1, mkU64(0) );
28010 putYMMRegLane64( rG, 1, mkU64(0) );
28011 }
28012 putYMMRegLane128( rG, 1, mkV128(0) );
28013 }
28014
28015 *uses_vvvv = True;
28016 return delta;
28017 }
28018
28019
28020 __attribute__((noinline))
28021 static
28022 Long dis_ESC_0F38__VEX (
28023 /*MB_OUT*/DisResult* dres,
28024 /*OUT*/ Bool* uses_vvvv,
28025 Bool (*resteerOkFn) ( /*opaque*/void*, Addr ),
28026 Bool resteerCisOk,
28027 void* callback_opaque,
28028 const VexArchInfo* archinfo,
28029 const VexAbiInfo* vbi,
28030 Prefix pfx, Int sz, Long deltaIN
28031 )
28032 {
28033 IRTemp addr = IRTemp_INVALID;
28034 Int alen = 0;
28035 HChar dis_buf[50];
28036 Long delta = deltaIN;
28037 UChar opc = getUChar(delta);
28038 delta++;
28039 *uses_vvvv = False;
28040
28041 switch (opc) {
28042
28043 case 0x00:
28044 /* VPSHUFB r/m, rV, r ::: r = shuf(rV, r/m) */
28045 /* VPSHUFB = VEX.NDS.128.66.0F38.WIG 00 /r */
28046 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28047 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_complex(
28048 uses_vvvv, vbi, pfx, delta, "vpshufb", math_PSHUFB_XMM );
28049 goto decode_success;
28050 }
28051 /* VPSHUFB r/m, rV, r ::: r = shuf(rV, r/m) */
28052 /* VPSHUFB = VEX.NDS.256.66.0F38.WIG 00 /r */
28053 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28054 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
28055 uses_vvvv, vbi, pfx, delta, "vpshufb", math_PSHUFB_YMM );
28056 goto decode_success;
28057 }
28058 break;
28059
28060 case 0x01:
28061 case 0x02:
28062 case 0x03:
28063 /* VPHADDW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.WIG 01 /r */
28064 /* VPHADDD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.WIG 02 /r */
28065 /* VPHADDSW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.WIG 03 /r */
28066 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28067 delta = dis_PHADD_128( vbi, pfx, delta, True/*isAvx*/, opc );
28068 *uses_vvvv = True;
28069 goto decode_success;
28070 }
28071 /* VPHADDW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.WIG 01 /r */
28072 /* VPHADDD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.WIG 02 /r */
28073 /* VPHADDSW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.WIG 03 /r */
28074 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28075 delta = dis_PHADD_256( vbi, pfx, delta, opc );
28076 *uses_vvvv = True;
28077 goto decode_success;
28078 }
28079 break;
28080
28081 case 0x04:
28082 /* VPMADDUBSW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.WIG 04 /r */
28083 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28084 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_complex(
28085 uses_vvvv, vbi, pfx, delta, "vpmaddubsw",
28086 math_PMADDUBSW_128 );
28087 goto decode_success;
28088 }
28089 /* VPMADDUBSW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.WIG 04 /r */
28090 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28091 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
28092 uses_vvvv, vbi, pfx, delta, "vpmaddubsw",
28093 math_PMADDUBSW_256 );
28094 goto decode_success;
28095 }
28096 break;
28097
28098 case 0x05:
28099 case 0x06:
28100 case 0x07:
28101 /* VPHSUBW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.WIG 05 /r */
28102 /* VPHSUBD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.WIG 06 /r */
28103 /* VPHSUBSW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.WIG 07 /r */
28104 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28105 delta = dis_PHADD_128( vbi, pfx, delta, True/*isAvx*/, opc );
28106 *uses_vvvv = True;
28107 goto decode_success;
28108 }
28109 /* VPHSUBW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.WIG 05 /r */
28110 /* VPHSUBD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.WIG 06 /r */
28111 /* VPHSUBSW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.WIG 07 /r */
28112 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28113 delta = dis_PHADD_256( vbi, pfx, delta, opc );
28114 *uses_vvvv = True;
28115 goto decode_success;
28116 }
28117 break;
28118
28119 case 0x08:
28120 case 0x09:
28121 case 0x0A:
28122 /* VPSIGNB xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.WIG 08 /r */
28123 /* VPSIGNW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.WIG 09 /r */
28124 /* VPSIGND xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.WIG 0A /r */
28125 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28126 IRTemp sV = newTemp(Ity_V128);
28127 IRTemp dV = newTemp(Ity_V128);
28128 IRTemp sHi, sLo, dHi, dLo;
28129 sHi = sLo = dHi = dLo = IRTemp_INVALID;
28130 HChar ch = '?';
28131 Int laneszB = 0;
28132 UChar modrm = getUChar(delta);
28133 UInt rG = gregOfRexRM(pfx,modrm);
28134 UInt rV = getVexNvvvv(pfx);
28135
28136 switch (opc) {
28137 case 0x08: laneszB = 1; ch = 'b'; break;
28138 case 0x09: laneszB = 2; ch = 'w'; break;
28139 case 0x0A: laneszB = 4; ch = 'd'; break;
28140 default: vassert(0);
28141 }
28142
28143 assign( dV, getXMMReg(rV) );
28144
28145 if (epartIsReg(modrm)) {
28146 UInt rE = eregOfRexRM(pfx,modrm);
28147 assign( sV, getXMMReg(rE) );
28148 delta += 1;
28149 DIP("vpsign%c %s,%s,%s\n", ch, nameXMMReg(rE),
28150 nameXMMReg(rV), nameXMMReg(rG));
28151 } else {
28152 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
28153 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
28154 delta += alen;
28155 DIP("vpsign%c %s,%s,%s\n", ch, dis_buf,
28156 nameXMMReg(rV), nameXMMReg(rG));
28157 }
28158
28159 breakupV128to64s( dV, &dHi, &dLo );
28160 breakupV128to64s( sV, &sHi, &sLo );
28161
28162 putYMMRegLoAndZU(
28163 rG,
28164 binop(Iop_64HLtoV128,
28165 dis_PSIGN_helper( mkexpr(sHi), mkexpr(dHi), laneszB ),
28166 dis_PSIGN_helper( mkexpr(sLo), mkexpr(dLo), laneszB )
28167 )
28168 );
28169 *uses_vvvv = True;
28170 goto decode_success;
28171 }
28172 /* VPSIGNB ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.WIG 08 /r */
28173 /* VPSIGNW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.WIG 09 /r */
28174 /* VPSIGND ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.WIG 0A /r */
28175 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28176 IRTemp sV = newTemp(Ity_V256);
28177 IRTemp dV = newTemp(Ity_V256);
28178 IRTemp s3, s2, s1, s0, d3, d2, d1, d0;
28179 s3 = s2 = s1 = s0 = IRTemp_INVALID;
28180 d3 = d2 = d1 = d0 = IRTemp_INVALID;
28181 UChar ch = '?';
28182 Int laneszB = 0;
28183 UChar modrm = getUChar(delta);
28184 UInt rG = gregOfRexRM(pfx,modrm);
28185 UInt rV = getVexNvvvv(pfx);
28186
28187 switch (opc) {
28188 case 0x08: laneszB = 1; ch = 'b'; break;
28189 case 0x09: laneszB = 2; ch = 'w'; break;
28190 case 0x0A: laneszB = 4; ch = 'd'; break;
28191 default: vassert(0);
28192 }
28193
28194 assign( dV, getYMMReg(rV) );
28195
28196 if (epartIsReg(modrm)) {
28197 UInt rE = eregOfRexRM(pfx,modrm);
28198 assign( sV, getYMMReg(rE) );
28199 delta += 1;
28200 DIP("vpsign%c %s,%s,%s\n", ch, nameYMMReg(rE),
28201 nameYMMReg(rV), nameYMMReg(rG));
28202 } else {
28203 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
28204 assign( sV, loadLE(Ity_V256, mkexpr(addr)) );
28205 delta += alen;
28206 DIP("vpsign%c %s,%s,%s\n", ch, dis_buf,
28207 nameYMMReg(rV), nameYMMReg(rG));
28208 }
28209
28210 breakupV256to64s( dV, &d3, &d2, &d1, &d0 );
28211 breakupV256to64s( sV, &s3, &s2, &s1, &s0 );
28212
28213 putYMMReg(
28214 rG,
28215 binop( Iop_V128HLtoV256,
28216 binop(Iop_64HLtoV128,
28217 dis_PSIGN_helper( mkexpr(s3), mkexpr(d3), laneszB ),
28218 dis_PSIGN_helper( mkexpr(s2), mkexpr(d2), laneszB )
28219 ),
28220 binop(Iop_64HLtoV128,
28221 dis_PSIGN_helper( mkexpr(s1), mkexpr(d1), laneszB ),
28222 dis_PSIGN_helper( mkexpr(s0), mkexpr(d0), laneszB )
28223 )
28224 )
28225 );
28226 *uses_vvvv = True;
28227 goto decode_success;
28228 }
28229 break;
28230
28231 case 0x0B:
28232 /* VPMULHRSW xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.WIG 0B /r */
28233 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28234 IRTemp sV = newTemp(Ity_V128);
28235 IRTemp dV = newTemp(Ity_V128);
28236 IRTemp sHi, sLo, dHi, dLo;
28237 sHi = sLo = dHi = dLo = IRTemp_INVALID;
28238 UChar modrm = getUChar(delta);
28239 UInt rG = gregOfRexRM(pfx,modrm);
28240 UInt rV = getVexNvvvv(pfx);
28241
28242 assign( dV, getXMMReg(rV) );
28243
28244 if (epartIsReg(modrm)) {
28245 UInt rE = eregOfRexRM(pfx,modrm);
28246 assign( sV, getXMMReg(rE) );
28247 delta += 1;
28248 DIP("vpmulhrsw %s,%s,%s\n", nameXMMReg(rE),
28249 nameXMMReg(rV), nameXMMReg(rG));
28250 } else {
28251 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
28252 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
28253 delta += alen;
28254 DIP("vpmulhrsw %s,%s,%s\n", dis_buf,
28255 nameXMMReg(rV), nameXMMReg(rG));
28256 }
28257
28258 breakupV128to64s( dV, &dHi, &dLo );
28259 breakupV128to64s( sV, &sHi, &sLo );
28260
28261 putYMMRegLoAndZU(
28262 rG,
28263 binop(Iop_64HLtoV128,
28264 dis_PMULHRSW_helper( mkexpr(sHi), mkexpr(dHi) ),
28265 dis_PMULHRSW_helper( mkexpr(sLo), mkexpr(dLo) )
28266 )
28267 );
28268 *uses_vvvv = True;
28269 goto decode_success;
28270 }
28271 /* VPMULHRSW ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.WIG 0B /r */
28272 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28273 IRTemp sV = newTemp(Ity_V256);
28274 IRTemp dV = newTemp(Ity_V256);
28275 IRTemp s3, s2, s1, s0, d3, d2, d1, d0;
28276 s3 = s2 = s1 = s0 = d3 = d2 = d1 = d0 = IRTemp_INVALID;
28277 UChar modrm = getUChar(delta);
28278 UInt rG = gregOfRexRM(pfx,modrm);
28279 UInt rV = getVexNvvvv(pfx);
28280
28281 assign( dV, getYMMReg(rV) );
28282
28283 if (epartIsReg(modrm)) {
28284 UInt rE = eregOfRexRM(pfx,modrm);
28285 assign( sV, getYMMReg(rE) );
28286 delta += 1;
28287 DIP("vpmulhrsw %s,%s,%s\n", nameYMMReg(rE),
28288 nameYMMReg(rV), nameYMMReg(rG));
28289 } else {
28290 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
28291 assign( sV, loadLE(Ity_V256, mkexpr(addr)) );
28292 delta += alen;
28293 DIP("vpmulhrsw %s,%s,%s\n", dis_buf,
28294 nameYMMReg(rV), nameYMMReg(rG));
28295 }
28296
28297 breakupV256to64s( dV, &d3, &d2, &d1, &d0 );
28298 breakupV256to64s( sV, &s3, &s2, &s1, &s0 );
28299
28300 putYMMReg(
28301 rG,
28302 binop(Iop_V128HLtoV256,
28303 binop(Iop_64HLtoV128,
28304 dis_PMULHRSW_helper( mkexpr(s3), mkexpr(d3) ),
28305 dis_PMULHRSW_helper( mkexpr(s2), mkexpr(d2) ) ),
28306 binop(Iop_64HLtoV128,
28307 dis_PMULHRSW_helper( mkexpr(s1), mkexpr(d1) ),
28308 dis_PMULHRSW_helper( mkexpr(s0), mkexpr(d0) ) )
28309 )
28310 );
28311 *uses_vvvv = True;
28312 dres->hint = Dis_HintVerbose;
28313 goto decode_success;
28314 }
28315 break;
28316
28317 case 0x0C:
28318 /* VPERMILPS xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.W0 0C /r */
28319 if (have66noF2noF3(pfx)
28320 && 0==getVexL(pfx)/*128*/ && 0==getRexW(pfx)/*W0*/) {
28321 UChar modrm = getUChar(delta);
28322 UInt rG = gregOfRexRM(pfx, modrm);
28323 UInt rV = getVexNvvvv(pfx);
28324 IRTemp ctrlV = newTemp(Ity_V128);
28325 if (epartIsReg(modrm)) {
28326 UInt rE = eregOfRexRM(pfx, modrm);
28327 delta += 1;
28328 DIP("vpermilps %s,%s,%s\n",
28329 nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
28330 assign(ctrlV, getXMMReg(rE));
28331 } else {
28332 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
28333 delta += alen;
28334 DIP("vpermilps %s,%s,%s\n",
28335 dis_buf, nameXMMReg(rV), nameXMMReg(rG));
28336 assign(ctrlV, loadLE(Ity_V128, mkexpr(addr)));
28337 }
28338 IRTemp dataV = newTemp(Ity_V128);
28339 assign(dataV, getXMMReg(rV));
28340 IRTemp resV = math_PERMILPS_VAR_128(dataV, ctrlV);
28341 putYMMRegLoAndZU(rG, mkexpr(resV));
28342 *uses_vvvv = True;
28343 goto decode_success;
28344 }
28345 /* VPERMILPS ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.W0 0C /r */
28346 if (have66noF2noF3(pfx)
28347 && 1==getVexL(pfx)/*256*/ && 0==getRexW(pfx)/*W0*/) {
28348 UChar modrm = getUChar(delta);
28349 UInt rG = gregOfRexRM(pfx, modrm);
28350 UInt rV = getVexNvvvv(pfx);
28351 IRTemp ctrlV = newTemp(Ity_V256);
28352 if (epartIsReg(modrm)) {
28353 UInt rE = eregOfRexRM(pfx, modrm);
28354 delta += 1;
28355 DIP("vpermilps %s,%s,%s\n",
28356 nameYMMReg(rE), nameYMMReg(rV), nameYMMReg(rG));
28357 assign(ctrlV, getYMMReg(rE));
28358 } else {
28359 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
28360 delta += alen;
28361 DIP("vpermilps %s,%s,%s\n",
28362 dis_buf, nameYMMReg(rV), nameYMMReg(rG));
28363 assign(ctrlV, loadLE(Ity_V256, mkexpr(addr)));
28364 }
28365 IRTemp dataV = newTemp(Ity_V256);
28366 assign(dataV, getYMMReg(rV));
28367 IRTemp resV = math_PERMILPS_VAR_256(dataV, ctrlV);
28368 putYMMReg(rG, mkexpr(resV));
28369 *uses_vvvv = True;
28370 goto decode_success;
28371 }
28372 break;
28373
28374 case 0x0D:
28375 /* VPERMILPD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.W0 0D /r */
28376 if (have66noF2noF3(pfx)
28377 && 0==getVexL(pfx)/*128*/ && 0==getRexW(pfx)/*W0*/) {
28378 UChar modrm = getUChar(delta);
28379 UInt rG = gregOfRexRM(pfx, modrm);
28380 UInt rV = getVexNvvvv(pfx);
28381 IRTemp ctrlV = newTemp(Ity_V128);
28382 if (epartIsReg(modrm)) {
28383 UInt rE = eregOfRexRM(pfx, modrm);
28384 delta += 1;
28385 DIP("vpermilpd %s,%s,%s\n",
28386 nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
28387 assign(ctrlV, getXMMReg(rE));
28388 } else {
28389 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
28390 delta += alen;
28391 DIP("vpermilpd %s,%s,%s\n",
28392 dis_buf, nameXMMReg(rV), nameXMMReg(rG));
28393 assign(ctrlV, loadLE(Ity_V128, mkexpr(addr)));
28394 }
28395 IRTemp dataV = newTemp(Ity_V128);
28396 assign(dataV, getXMMReg(rV));
28397 IRTemp resV = math_PERMILPD_VAR_128(dataV, ctrlV);
28398 putYMMRegLoAndZU(rG, mkexpr(resV));
28399 *uses_vvvv = True;
28400 goto decode_success;
28401 }
28402 /* VPERMILPD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.W0 0D /r */
28403 if (have66noF2noF3(pfx)
28404 && 1==getVexL(pfx)/*256*/ && 0==getRexW(pfx)/*W0*/) {
28405 UChar modrm = getUChar(delta);
28406 UInt rG = gregOfRexRM(pfx, modrm);
28407 UInt rV = getVexNvvvv(pfx);
28408 IRTemp ctrlV = newTemp(Ity_V256);
28409 if (epartIsReg(modrm)) {
28410 UInt rE = eregOfRexRM(pfx, modrm);
28411 delta += 1;
28412 DIP("vpermilpd %s,%s,%s\n",
28413 nameYMMReg(rE), nameYMMReg(rV), nameYMMReg(rG));
28414 assign(ctrlV, getYMMReg(rE));
28415 } else {
28416 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
28417 delta += alen;
28418 DIP("vpermilpd %s,%s,%s\n",
28419 dis_buf, nameYMMReg(rV), nameYMMReg(rG));
28420 assign(ctrlV, loadLE(Ity_V256, mkexpr(addr)));
28421 }
28422 IRTemp dataV = newTemp(Ity_V256);
28423 assign(dataV, getYMMReg(rV));
28424 IRTemp resV = math_PERMILPD_VAR_256(dataV, ctrlV);
28425 putYMMReg(rG, mkexpr(resV));
28426 *uses_vvvv = True;
28427 goto decode_success;
28428 }
28429 break;
28430
28431 case 0x0E:
28432 /* VTESTPS xmm2/m128, xmm1 = VEX.128.66.0F38.WIG 0E /r */
28433 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28434 delta = dis_xTESTy_128( vbi, pfx, delta, True/*isAvx*/, 32 );
28435 goto decode_success;
28436 }
28437 /* VTESTPS ymm2/m256, ymm1 = VEX.256.66.0F38.WIG 0E /r */
28438 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28439 delta = dis_xTESTy_256( vbi, pfx, delta, 32 );
28440 goto decode_success;
28441 }
28442 break;
28443
28444 case 0x0F:
28445 /* VTESTPD xmm2/m128, xmm1 = VEX.128.66.0F38.WIG 0F /r */
28446 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28447 delta = dis_xTESTy_128( vbi, pfx, delta, True/*isAvx*/, 64 );
28448 goto decode_success;
28449 }
28450 /* VTESTPD ymm2/m256, ymm1 = VEX.256.66.0F38.WIG 0F /r */
28451 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28452 delta = dis_xTESTy_256( vbi, pfx, delta, 64 );
28453 goto decode_success;
28454 }
28455 break;
28456
28457 case 0x16:
28458 /* VPERMPS ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.W0 16 /r */
28459 if (have66noF2noF3(pfx)
28460 && 1==getVexL(pfx)/*256*/ && 0==getRexW(pfx)/*W0*/) {
28461 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
28462 uses_vvvv, vbi, pfx, delta, "vpermps", math_VPERMD );
28463 goto decode_success;
28464 }
28465 break;
28466
28467 case 0x17:
28468 /* VPTEST xmm2/m128, xmm1 = VEX.128.66.0F38.WIG 17 /r */
28469 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28470 delta = dis_xTESTy_128( vbi, pfx, delta, True/*isAvx*/, 0 );
28471 goto decode_success;
28472 }
28473 /* VPTEST ymm2/m256, ymm1 = VEX.256.66.0F38.WIG 17 /r */
28474 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28475 delta = dis_xTESTy_256( vbi, pfx, delta, 0 );
28476 goto decode_success;
28477 }
28478 break;
28479
28480 case 0x18:
28481 /* VBROADCASTSS m32, xmm1 = VEX.128.66.0F38.WIG 18 /r */
28482 if (have66noF2noF3(pfx)
28483 && 0==getVexL(pfx)/*128*/
28484 && !epartIsReg(getUChar(delta))) {
28485 UChar modrm = getUChar(delta);
28486 UInt rG = gregOfRexRM(pfx, modrm);
28487 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
28488 delta += alen;
28489 DIP("vbroadcastss %s,%s\n", dis_buf, nameXMMReg(rG));
28490 IRTemp t32 = newTemp(Ity_I32);
28491 assign(t32, loadLE(Ity_I32, mkexpr(addr)));
28492 IRTemp t64 = newTemp(Ity_I64);
28493 assign(t64, binop(Iop_32HLto64, mkexpr(t32), mkexpr(t32)));
28494 IRExpr* res = binop(Iop_64HLtoV128, mkexpr(t64), mkexpr(t64));
28495 putYMMRegLoAndZU(rG, res);
28496 goto decode_success;
28497 }
28498 /* VBROADCASTSS m32, ymm1 = VEX.256.66.0F38.WIG 18 /r */
28499 if (have66noF2noF3(pfx)
28500 && 1==getVexL(pfx)/*256*/
28501 && !epartIsReg(getUChar(delta))) {
28502 UChar modrm = getUChar(delta);
28503 UInt rG = gregOfRexRM(pfx, modrm);
28504 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
28505 delta += alen;
28506 DIP("vbroadcastss %s,%s\n", dis_buf, nameYMMReg(rG));
28507 IRTemp t32 = newTemp(Ity_I32);
28508 assign(t32, loadLE(Ity_I32, mkexpr(addr)));
28509 IRTemp t64 = newTemp(Ity_I64);
28510 assign(t64, binop(Iop_32HLto64, mkexpr(t32), mkexpr(t32)));
28511 IRExpr* res = IRExpr_Qop(Iop_64x4toV256, mkexpr(t64), mkexpr(t64),
28512 mkexpr(t64), mkexpr(t64));
28513 putYMMReg(rG, res);
28514 goto decode_success;
28515 }
28516 /* VBROADCASTSS xmm2, xmm1 = VEX.128.66.0F38.WIG 18 /r */
28517 if (have66noF2noF3(pfx)
28518 && 0==getVexL(pfx)/*128*/
28519 && epartIsReg(getUChar(delta))) {
28520 UChar modrm = getUChar(delta);
28521 UInt rG = gregOfRexRM(pfx, modrm);
28522 UInt rE = eregOfRexRM(pfx, modrm);
28523 DIP("vbroadcastss %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
28524 IRTemp t32 = newTemp(Ity_I32);
28525 assign(t32, getXMMRegLane32(rE, 0));
28526 IRTemp t64 = newTemp(Ity_I64);
28527 assign(t64, binop(Iop_32HLto64, mkexpr(t32), mkexpr(t32)));
28528 IRExpr* res = binop(Iop_64HLtoV128, mkexpr(t64), mkexpr(t64));
28529 putYMMRegLoAndZU(rG, res);
28530 delta++;
28531 goto decode_success;
28532 }
28533 /* VBROADCASTSS xmm2, ymm1 = VEX.256.66.0F38.WIG 18 /r */
28534 if (have66noF2noF3(pfx)
28535 && 1==getVexL(pfx)/*256*/
28536 && epartIsReg(getUChar(delta))) {
28537 UChar modrm = getUChar(delta);
28538 UInt rG = gregOfRexRM(pfx, modrm);
28539 UInt rE = eregOfRexRM(pfx, modrm);
28540 DIP("vbroadcastss %s,%s\n", nameXMMReg(rE), nameYMMReg(rG));
28541 IRTemp t32 = newTemp(Ity_I32);
28542 assign(t32, getXMMRegLane32(rE, 0));
28543 IRTemp t64 = newTemp(Ity_I64);
28544 assign(t64, binop(Iop_32HLto64, mkexpr(t32), mkexpr(t32)));
28545 IRExpr* res = IRExpr_Qop(Iop_64x4toV256, mkexpr(t64), mkexpr(t64),
28546 mkexpr(t64), mkexpr(t64));
28547 putYMMReg(rG, res);
28548 delta++;
28549 goto decode_success;
28550 }
28551 break;
28552
28553 case 0x19:
28554 /* VBROADCASTSD m64, ymm1 = VEX.256.66.0F38.WIG 19 /r */
28555 if (have66noF2noF3(pfx)
28556 && 1==getVexL(pfx)/*256*/
28557 && !epartIsReg(getUChar(delta))) {
28558 UChar modrm = getUChar(delta);
28559 UInt rG = gregOfRexRM(pfx, modrm);
28560 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
28561 delta += alen;
28562 DIP("vbroadcastsd %s,%s\n", dis_buf, nameYMMReg(rG));
28563 IRTemp t64 = newTemp(Ity_I64);
28564 assign(t64, loadLE(Ity_I64, mkexpr(addr)));
28565 IRExpr* res = IRExpr_Qop(Iop_64x4toV256, mkexpr(t64), mkexpr(t64),
28566 mkexpr(t64), mkexpr(t64));
28567 putYMMReg(rG, res);
28568 goto decode_success;
28569 }
28570 /* VBROADCASTSD xmm2, ymm1 = VEX.256.66.0F38.WIG 19 /r */
28571 if (have66noF2noF3(pfx)
28572 && 1==getVexL(pfx)/*256*/
28573 && epartIsReg(getUChar(delta))) {
28574 UChar modrm = getUChar(delta);
28575 UInt rG = gregOfRexRM(pfx, modrm);
28576 UInt rE = eregOfRexRM(pfx, modrm);
28577 DIP("vbroadcastsd %s,%s\n", nameXMMReg(rE), nameYMMReg(rG));
28578 IRTemp t64 = newTemp(Ity_I64);
28579 assign(t64, getXMMRegLane64(rE, 0));
28580 IRExpr* res = IRExpr_Qop(Iop_64x4toV256, mkexpr(t64), mkexpr(t64),
28581 mkexpr(t64), mkexpr(t64));
28582 putYMMReg(rG, res);
28583 delta++;
28584 goto decode_success;
28585 }
28586 break;
28587
28588 case 0x1A:
28589 /* VBROADCASTF128 m128, ymm1 = VEX.256.66.0F38.WIG 1A /r */
28590 if (have66noF2noF3(pfx)
28591 && 1==getVexL(pfx)/*256*/
28592 && !epartIsReg(getUChar(delta))) {
28593 UChar modrm = getUChar(delta);
28594 UInt rG = gregOfRexRM(pfx, modrm);
28595 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
28596 delta += alen;
28597 DIP("vbroadcastf128 %s,%s\n", dis_buf, nameYMMReg(rG));
28598 IRTemp t128 = newTemp(Ity_V128);
28599 assign(t128, loadLE(Ity_V128, mkexpr(addr)));
28600 putYMMReg( rG, binop(Iop_V128HLtoV256, mkexpr(t128), mkexpr(t128)) );
28601 goto decode_success;
28602 }
28603 break;
28604
28605 case 0x1C:
28606 /* VPABSB xmm2/m128, xmm1 = VEX.128.66.0F38.WIG 1C /r */
28607 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28608 delta = dis_AVX128_E_to_G_unary(
28609 uses_vvvv, vbi, pfx, delta,
28610 "vpabsb", math_PABS_XMM_pap1 );
28611 goto decode_success;
28612 }
28613 /* VPABSB ymm2/m256, ymm1 = VEX.256.66.0F38.WIG 1C /r */
28614 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28615 delta = dis_AVX256_E_to_G_unary(
28616 uses_vvvv, vbi, pfx, delta,
28617 "vpabsb", math_PABS_YMM_pap1 );
28618 goto decode_success;
28619 }
28620 break;
28621
28622 case 0x1D:
28623 /* VPABSW xmm2/m128, xmm1 = VEX.128.66.0F38.WIG 1D /r */
28624 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28625 delta = dis_AVX128_E_to_G_unary(
28626 uses_vvvv, vbi, pfx, delta,
28627 "vpabsw", math_PABS_XMM_pap2 );
28628 goto decode_success;
28629 }
28630 /* VPABSW ymm2/m256, ymm1 = VEX.256.66.0F38.WIG 1D /r */
28631 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28632 delta = dis_AVX256_E_to_G_unary(
28633 uses_vvvv, vbi, pfx, delta,
28634 "vpabsw", math_PABS_YMM_pap2 );
28635 goto decode_success;
28636 }
28637 break;
28638
28639 case 0x1E:
28640 /* VPABSD xmm2/m128, xmm1 = VEX.128.66.0F38.WIG 1E /r */
28641 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28642 delta = dis_AVX128_E_to_G_unary(
28643 uses_vvvv, vbi, pfx, delta,
28644 "vpabsd", math_PABS_XMM_pap4 );
28645 goto decode_success;
28646 }
28647 /* VPABSD ymm2/m256, ymm1 = VEX.256.66.0F38.WIG 1E /r */
28648 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28649 delta = dis_AVX256_E_to_G_unary(
28650 uses_vvvv, vbi, pfx, delta,
28651 "vpabsd", math_PABS_YMM_pap4 );
28652 goto decode_success;
28653 }
28654 break;
28655
28656 case 0x20:
28657 /* VPMOVSXBW xmm2/m64, xmm1 */
28658 /* VPMOVSXBW = VEX.128.66.0F38.WIG 20 /r */
28659 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28660 delta = dis_PMOVxXBW_128( vbi, pfx, delta,
28661 True/*isAvx*/, False/*!xIsZ*/ );
28662 goto decode_success;
28663 }
28664 /* VPMOVSXBW xmm2/m128, ymm1 */
28665 /* VPMOVSXBW = VEX.256.66.0F38.WIG 20 /r */
28666 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28667 delta = dis_PMOVxXBW_256( vbi, pfx, delta, False/*!xIsZ*/ );
28668 goto decode_success;
28669 }
28670 break;
28671
28672 case 0x21:
28673 /* VPMOVSXBD xmm2/m32, xmm1 */
28674 /* VPMOVSXBD = VEX.128.66.0F38.WIG 21 /r */
28675 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28676 delta = dis_PMOVxXBD_128( vbi, pfx, delta,
28677 True/*isAvx*/, False/*!xIsZ*/ );
28678 goto decode_success;
28679 }
28680 /* VPMOVSXBD xmm2/m64, ymm1 */
28681 /* VPMOVSXBD = VEX.256.66.0F38.WIG 21 /r */
28682 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28683 delta = dis_PMOVxXBD_256( vbi, pfx, delta, False/*!xIsZ*/ );
28684 goto decode_success;
28685 }
28686 break;
28687
28688 case 0x22:
28689 /* VPMOVSXBQ xmm2/m16, xmm1 */
28690 /* VPMOVSXBQ = VEX.128.66.0F38.WIG 22 /r */
28691 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28692 delta = dis_PMOVSXBQ_128( vbi, pfx, delta, True/*isAvx*/ );
28693 goto decode_success;
28694 }
28695 /* VPMOVSXBQ xmm2/m32, ymm1 */
28696 /* VPMOVSXBQ = VEX.256.66.0F38.WIG 22 /r */
28697 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28698 delta = dis_PMOVSXBQ_256( vbi, pfx, delta );
28699 goto decode_success;
28700 }
28701 break;
28702
28703 case 0x23:
28704 /* VPMOVSXWD xmm2/m64, xmm1 = VEX.128.66.0F38.WIG 23 /r */
28705 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28706 delta = dis_PMOVxXWD_128( vbi, pfx, delta,
28707 True/*isAvx*/, False/*!xIsZ*/ );
28708 goto decode_success;
28709 }
28710 /* VPMOVSXWD xmm2/m128, ymm1 = VEX.256.66.0F38.WIG 23 /r */
28711 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28712 delta = dis_PMOVxXWD_256( vbi, pfx, delta, False/*!xIsZ*/ );
28713 goto decode_success;
28714 }
28715 break;
28716
28717 case 0x24:
28718 /* VPMOVSXWQ xmm2/m32, xmm1 = VEX.128.66.0F38.WIG 24 /r */
28719 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28720 delta = dis_PMOVSXWQ_128( vbi, pfx, delta, True/*isAvx*/ );
28721 goto decode_success;
28722 }
28723 /* VPMOVSXWQ xmm2/m64, ymm1 = VEX.256.66.0F38.WIG 24 /r */
28724 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28725 delta = dis_PMOVSXWQ_256( vbi, pfx, delta );
28726 goto decode_success;
28727 }
28728 break;
28729
28730 case 0x25:
28731 /* VPMOVSXDQ xmm2/m64, xmm1 = VEX.128.66.0F38.WIG 25 /r */
28732 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28733 delta = dis_PMOVxXDQ_128( vbi, pfx, delta,
28734 True/*isAvx*/, False/*!xIsZ*/ );
28735 goto decode_success;
28736 }
28737 /* VPMOVSXDQ xmm2/m128, ymm1 = VEX.256.66.0F38.WIG 25 /r */
28738 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28739 delta = dis_PMOVxXDQ_256( vbi, pfx, delta, False/*!xIsZ*/ );
28740 goto decode_success;
28741 }
28742 break;
28743
28744 case 0x28:
28745 /* VPMULDQ xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.WIG 28 /r */
28746 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28747 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_complex(
28748 uses_vvvv, vbi, pfx, delta,
28749 "vpmuldq", math_PMULDQ_128 );
28750 goto decode_success;
28751 }
28752 /* VPMULDQ ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.WIG 28 /r */
28753 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28754 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
28755 uses_vvvv, vbi, pfx, delta,
28756 "vpmuldq", math_PMULDQ_256 );
28757 goto decode_success;
28758 }
28759 break;
28760
28761 case 0x29:
28762 /* VPCMPEQQ r/m, rV, r ::: r = rV `eq-by-64s` r/m */
28763 /* VPCMPEQQ = VEX.NDS.128.66.0F38.WIG 29 /r */
28764 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28765 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
28766 uses_vvvv, vbi, pfx, delta, "vpcmpeqq", Iop_CmpEQ64x2 );
28767 goto decode_success;
28768 }
28769 /* VPCMPEQQ r/m, rV, r ::: r = rV `eq-by-64s` r/m */
28770 /* VPCMPEQQ = VEX.NDS.256.66.0F38.WIG 29 /r */
28771 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28772 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
28773 uses_vvvv, vbi, pfx, delta, "vpcmpeqq", Iop_CmpEQ64x4 );
28774 goto decode_success;
28775 }
28776 break;
28777
28778 case 0x2A:
28779 /* VMOVNTDQA m128, xmm1 = VEX.128.66.0F38.WIG 2A /r */
28780 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
28781 && !epartIsReg(getUChar(delta))) {
28782 UChar modrm = getUChar(delta);
28783 UInt rD = gregOfRexRM(pfx, modrm);
28784 IRTemp tD = newTemp(Ity_V128);
28785 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
28786 delta += alen;
28787 gen_SEGV_if_not_16_aligned(addr);
28788 assign(tD, loadLE(Ity_V128, mkexpr(addr)));
28789 DIP("vmovntdqa %s,%s\n", dis_buf, nameXMMReg(rD));
28790 putYMMRegLoAndZU(rD, mkexpr(tD));
28791 goto decode_success;
28792 }
28793 /* VMOVNTDQA m256, ymm1 = VEX.256.66.0F38.WIG 2A /r */
28794 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
28795 && !epartIsReg(getUChar(delta))) {
28796 UChar modrm = getUChar(delta);
28797 UInt rD = gregOfRexRM(pfx, modrm);
28798 IRTemp tD = newTemp(Ity_V256);
28799 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
28800 delta += alen;
28801 gen_SEGV_if_not_32_aligned(addr);
28802 assign(tD, loadLE(Ity_V256, mkexpr(addr)));
28803 DIP("vmovntdqa %s,%s\n", dis_buf, nameYMMReg(rD));
28804 putYMMReg(rD, mkexpr(tD));
28805 goto decode_success;
28806 }
28807 break;
28808
28809 case 0x2B:
28810 /* VPACKUSDW r/m, rV, r ::: r = QNarrowBin32Sto16Ux8(rV, r/m) */
28811 /* VPACKUSDW = VEX.NDS.128.66.0F38.WIG 2B /r */
28812 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28813 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG(
28814 uses_vvvv, vbi, pfx, delta, "vpackusdw",
28815 Iop_QNarrowBin32Sto16Ux8, NULL,
28816 False/*!invertLeftArg*/, True/*swapArgs*/ );
28817 goto decode_success;
28818 }
28819 /* VPACKUSDW r/m, rV, r ::: r = QNarrowBin32Sto16Ux8(rV, r/m) */
28820 /* VPACKUSDW = VEX.NDS.256.66.0F38.WIG 2B /r */
28821 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28822 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
28823 uses_vvvv, vbi, pfx, delta, "vpackusdw",
28824 math_VPACKUSDW_YMM );
28825 goto decode_success;
28826 }
28827 break;
28828
28829 case 0x2C:
28830 /* VMASKMOVPS m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.W0 2C /r */
28831 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
28832 && 0==getRexW(pfx)/*W0*/
28833 && !epartIsReg(getUChar(delta))) {
28834 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vmaskmovps",
28835 /*!isYMM*/False, Ity_I32, /*isLoad*/True );
28836 goto decode_success;
28837 }
28838 /* VMASKMOVPS m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.W0 2C /r */
28839 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
28840 && 0==getRexW(pfx)/*W0*/
28841 && !epartIsReg(getUChar(delta))) {
28842 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vmaskmovps",
28843 /*isYMM*/True, Ity_I32, /*isLoad*/True );
28844 goto decode_success;
28845 }
28846 break;
28847
28848 case 0x2D:
28849 /* VMASKMOVPD m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.W0 2D /r */
28850 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
28851 && 0==getRexW(pfx)/*W0*/
28852 && !epartIsReg(getUChar(delta))) {
28853 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vmaskmovpd",
28854 /*!isYMM*/False, Ity_I64, /*isLoad*/True );
28855 goto decode_success;
28856 }
28857 /* VMASKMOVPD m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.W0 2D /r */
28858 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
28859 && 0==getRexW(pfx)/*W0*/
28860 && !epartIsReg(getUChar(delta))) {
28861 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vmaskmovpd",
28862 /*isYMM*/True, Ity_I64, /*isLoad*/True );
28863 goto decode_success;
28864 }
28865 break;
28866
28867 case 0x2E:
28868 /* VMASKMOVPS xmm1, xmm2, m128 = VEX.NDS.128.66.0F38.W0 2E /r */
28869 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
28870 && 0==getRexW(pfx)/*W0*/
28871 && !epartIsReg(getUChar(delta))) {
28872 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vmaskmovps",
28873 /*!isYMM*/False, Ity_I32, /*!isLoad*/False );
28874 goto decode_success;
28875 }
28876 /* VMASKMOVPS ymm1, ymm2, m256 = VEX.NDS.256.66.0F38.W0 2E /r */
28877 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
28878 && 0==getRexW(pfx)/*W0*/
28879 && !epartIsReg(getUChar(delta))) {
28880 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vmaskmovps",
28881 /*isYMM*/True, Ity_I32, /*!isLoad*/False );
28882 goto decode_success;
28883 }
28884 break;
28885
28886 case 0x2F:
28887 /* VMASKMOVPD xmm1, xmm2, m128 = VEX.NDS.128.66.0F38.W0 2F /r */
28888 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
28889 && 0==getRexW(pfx)/*W0*/
28890 && !epartIsReg(getUChar(delta))) {
28891 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vmaskmovpd",
28892 /*!isYMM*/False, Ity_I64, /*!isLoad*/False );
28893 goto decode_success;
28894 }
28895 /* VMASKMOVPD ymm1, ymm2, m256 = VEX.NDS.256.66.0F38.W0 2F /r */
28896 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
28897 && 0==getRexW(pfx)/*W0*/
28898 && !epartIsReg(getUChar(delta))) {
28899 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vmaskmovpd",
28900 /*isYMM*/True, Ity_I64, /*!isLoad*/False );
28901 goto decode_success;
28902 }
28903 break;
28904
28905 case 0x30:
28906 /* VPMOVZXBW xmm2/m64, xmm1 */
28907 /* VPMOVZXBW = VEX.128.66.0F38.WIG 30 /r */
28908 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28909 delta = dis_PMOVxXBW_128( vbi, pfx, delta,
28910 True/*isAvx*/, True/*xIsZ*/ );
28911 goto decode_success;
28912 }
28913 /* VPMOVZXBW xmm2/m128, ymm1 */
28914 /* VPMOVZXBW = VEX.256.66.0F38.WIG 30 /r */
28915 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28916 delta = dis_PMOVxXBW_256( vbi, pfx, delta, True/*xIsZ*/ );
28917 goto decode_success;
28918 }
28919 break;
28920
28921 case 0x31:
28922 /* VPMOVZXBD xmm2/m32, xmm1 */
28923 /* VPMOVZXBD = VEX.128.66.0F38.WIG 31 /r */
28924 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28925 delta = dis_PMOVxXBD_128( vbi, pfx, delta,
28926 True/*isAvx*/, True/*xIsZ*/ );
28927 goto decode_success;
28928 }
28929 /* VPMOVZXBD xmm2/m64, ymm1 */
28930 /* VPMOVZXBD = VEX.256.66.0F38.WIG 31 /r */
28931 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28932 delta = dis_PMOVxXBD_256( vbi, pfx, delta, True/*xIsZ*/ );
28933 goto decode_success;
28934 }
28935 break;
28936
28937 case 0x32:
28938 /* VPMOVZXBQ xmm2/m16, xmm1 */
28939 /* VPMOVZXBQ = VEX.128.66.0F38.WIG 32 /r */
28940 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28941 delta = dis_PMOVZXBQ_128( vbi, pfx, delta, True/*isAvx*/ );
28942 goto decode_success;
28943 }
28944 /* VPMOVZXBQ xmm2/m32, ymm1 */
28945 /* VPMOVZXBQ = VEX.256.66.0F38.WIG 32 /r */
28946 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28947 delta = dis_PMOVZXBQ_256( vbi, pfx, delta );
28948 goto decode_success;
28949 }
28950 break;
28951
28952 case 0x33:
28953 /* VPMOVZXWD xmm2/m64, xmm1 */
28954 /* VPMOVZXWD = VEX.128.66.0F38.WIG 33 /r */
28955 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28956 delta = dis_PMOVxXWD_128( vbi, pfx, delta,
28957 True/*isAvx*/, True/*xIsZ*/ );
28958 goto decode_success;
28959 }
28960 /* VPMOVZXWD xmm2/m128, ymm1 */
28961 /* VPMOVZXWD = VEX.256.66.0F38.WIG 33 /r */
28962 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28963 delta = dis_PMOVxXWD_256( vbi, pfx, delta, True/*xIsZ*/ );
28964 goto decode_success;
28965 }
28966 break;
28967
28968 case 0x34:
28969 /* VPMOVZXWQ xmm2/m32, xmm1 = VEX.128.66.0F38.WIG 34 /r */
28970 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28971 delta = dis_PMOVZXWQ_128( vbi, pfx, delta, True/*isAvx*/ );
28972 goto decode_success;
28973 }
28974 /* VPMOVZXWQ xmm2/m64, ymm1 = VEX.256.66.0F38.WIG 34 /r */
28975 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28976 delta = dis_PMOVZXWQ_256( vbi, pfx, delta );
28977 goto decode_success;
28978 }
28979 break;
28980
28981 case 0x35:
28982 /* VPMOVZXDQ xmm2/m64, xmm1 = VEX.128.66.0F38.WIG 35 /r */
28983 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
28984 delta = dis_PMOVxXDQ_128( vbi, pfx, delta,
28985 True/*isAvx*/, True/*xIsZ*/ );
28986 goto decode_success;
28987 }
28988 /* VPMOVZXDQ xmm2/m128, ymm1 = VEX.256.66.0F38.WIG 35 /r */
28989 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
28990 delta = dis_PMOVxXDQ_256( vbi, pfx, delta, True/*xIsZ*/ );
28991 goto decode_success;
28992 }
28993 break;
28994
28995 case 0x36:
28996 /* VPERMD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.W0 36 /r */
28997 if (have66noF2noF3(pfx)
28998 && 1==getVexL(pfx)/*256*/ && 0==getRexW(pfx)/*W0*/) {
28999 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_complex(
29000 uses_vvvv, vbi, pfx, delta, "vpermd", math_VPERMD );
29001 goto decode_success;
29002 }
29003 break;
29004
29005 case 0x37:
29006 /* VPCMPGTQ r/m, rV, r ::: r = rV `>s-by-64s` r/m */
29007 /* VPCMPGTQ = VEX.NDS.128.66.0F38.WIG 37 /r */
29008 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
29009 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
29010 uses_vvvv, vbi, pfx, delta, "vpcmpgtq", Iop_CmpGT64Sx2 );
29011 goto decode_success;
29012 }
29013 /* VPCMPGTQ r/m, rV, r ::: r = rV `>s-by-64s` r/m */
29014 /* VPCMPGTQ = VEX.NDS.256.66.0F38.WIG 37 /r */
29015 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
29016 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
29017 uses_vvvv, vbi, pfx, delta, "vpcmpgtq", Iop_CmpGT64Sx4 );
29018 goto decode_success;
29019 }
29020 break;
29021
29022 case 0x38:
29023 /* VPMINSB r/m, rV, r ::: r = min-signed-8s(rV, r/m) */
29024 /* VPMINSB = VEX.NDS.128.66.0F38.WIG 38 /r */
29025 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
29026 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
29027 uses_vvvv, vbi, pfx, delta, "vpminsb", Iop_Min8Sx16 );
29028 goto decode_success;
29029 }
29030 /* VPMINSB r/m, rV, r ::: r = min-signed-8s(rV, r/m) */
29031 /* VPMINSB = VEX.NDS.256.66.0F38.WIG 38 /r */
29032 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
29033 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
29034 uses_vvvv, vbi, pfx, delta, "vpminsb", Iop_Min8Sx32 );
29035 goto decode_success;
29036 }
29037 break;
29038
29039 case 0x39:
29040 /* VPMINSD r/m, rV, r ::: r = min-signed-32s(rV, r/m) */
29041 /* VPMINSD = VEX.NDS.128.66.0F38.WIG 39 /r */
29042 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
29043 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
29044 uses_vvvv, vbi, pfx, delta, "vpminsd", Iop_Min32Sx4 );
29045 goto decode_success;
29046 }
29047 /* VPMINSD r/m, rV, r ::: r = min-signed-32s(rV, r/m) */
29048 /* VPMINSD = VEX.NDS.256.66.0F38.WIG 39 /r */
29049 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
29050 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
29051 uses_vvvv, vbi, pfx, delta, "vpminsd", Iop_Min32Sx8 );
29052 goto decode_success;
29053 }
29054 break;
29055
29056 case 0x3A:
29057 /* VPMINUW r/m, rV, r ::: r = min-unsigned-16s(rV, r/m) */
29058 /* VPMINUW = VEX.NDS.128.66.0F38.WIG 3A /r */
29059 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
29060 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
29061 uses_vvvv, vbi, pfx, delta, "vpminuw", Iop_Min16Ux8 );
29062 goto decode_success;
29063 }
29064 /* VPMINUW r/m, rV, r ::: r = min-unsigned-16s(rV, r/m) */
29065 /* VPMINUW = VEX.NDS.256.66.0F38.WIG 3A /r */
29066 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
29067 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
29068 uses_vvvv, vbi, pfx, delta, "vpminuw", Iop_Min16Ux16 );
29069 goto decode_success;
29070 }
29071 break;
29072
29073 case 0x3B:
29074 /* VPMINUD r/m, rV, r ::: r = min-unsigned-32s(rV, r/m) */
29075 /* VPMINUD = VEX.NDS.128.66.0F38.WIG 3B /r */
29076 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
29077 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
29078 uses_vvvv, vbi, pfx, delta, "vpminud", Iop_Min32Ux4 );
29079 goto decode_success;
29080 }
29081 /* VPMINUD r/m, rV, r ::: r = min-unsigned-32s(rV, r/m) */
29082 /* VPMINUD = VEX.NDS.256.66.0F38.WIG 3B /r */
29083 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
29084 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
29085 uses_vvvv, vbi, pfx, delta, "vpminud", Iop_Min32Ux8 );
29086 goto decode_success;
29087 }
29088 break;
29089
29090 case 0x3C:
29091 /* VPMAXSB r/m, rV, r ::: r = max-signed-8s(rV, r/m) */
29092 /* VPMAXSB = VEX.NDS.128.66.0F38.WIG 3C /r */
29093 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
29094 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
29095 uses_vvvv, vbi, pfx, delta, "vpmaxsb", Iop_Max8Sx16 );
29096 goto decode_success;
29097 }
29098 /* VPMAXSB r/m, rV, r ::: r = max-signed-8s(rV, r/m) */
29099 /* VPMAXSB = VEX.NDS.256.66.0F38.WIG 3C /r */
29100 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
29101 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
29102 uses_vvvv, vbi, pfx, delta, "vpmaxsb", Iop_Max8Sx32 );
29103 goto decode_success;
29104 }
29105 break;
29106
29107 case 0x3D:
29108 /* VPMAXSD r/m, rV, r ::: r = max-signed-32s(rV, r/m) */
29109 /* VPMAXSD = VEX.NDS.128.66.0F38.WIG 3D /r */
29110 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
29111 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
29112 uses_vvvv, vbi, pfx, delta, "vpmaxsd", Iop_Max32Sx4 );
29113 goto decode_success;
29114 }
29115 /* VPMAXSD r/m, rV, r ::: r = max-signed-32s(rV, r/m) */
29116 /* VPMAXSD = VEX.NDS.256.66.0F38.WIG 3D /r */
29117 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
29118 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
29119 uses_vvvv, vbi, pfx, delta, "vpmaxsd", Iop_Max32Sx8 );
29120 goto decode_success;
29121 }
29122 break;
29123
29124 case 0x3E:
29125 /* VPMAXUW r/m, rV, r ::: r = max-unsigned-16s(rV, r/m) */
29126 /* VPMAXUW = VEX.NDS.128.66.0F38.WIG 3E /r */
29127 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
29128 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
29129 uses_vvvv, vbi, pfx, delta, "vpmaxuw", Iop_Max16Ux8 );
29130 goto decode_success;
29131 }
29132 /* VPMAXUW r/m, rV, r ::: r = max-unsigned-16s(rV, r/m) */
29133 /* VPMAXUW = VEX.NDS.256.66.0F38.WIG 3E /r */
29134 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
29135 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
29136 uses_vvvv, vbi, pfx, delta, "vpmaxuw", Iop_Max16Ux16 );
29137 goto decode_success;
29138 }
29139 break;
29140
29141 case 0x3F:
29142 /* VPMAXUD r/m, rV, r ::: r = max-unsigned-32s(rV, r/m) */
29143 /* VPMAXUD = VEX.NDS.128.66.0F38.WIG 3F /r */
29144 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
29145 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
29146 uses_vvvv, vbi, pfx, delta, "vpmaxud", Iop_Max32Ux4 );
29147 goto decode_success;
29148 }
29149 /* VPMAXUD r/m, rV, r ::: r = max-unsigned-32s(rV, r/m) */
29150 /* VPMAXUD = VEX.NDS.256.66.0F38.WIG 3F /r */
29151 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
29152 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
29153 uses_vvvv, vbi, pfx, delta, "vpmaxud", Iop_Max32Ux8 );
29154 goto decode_success;
29155 }
29156 break;
29157
29158 case 0x40:
29159 /* VPMULLD r/m, rV, r ::: r = mul-32s(rV, r/m) */
29160 /* VPMULLD = VEX.NDS.128.66.0F38.WIG 40 /r */
29161 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
29162 delta = dis_VEX_NDS_128_AnySimdPfx_0F_WIG_simple(
29163 uses_vvvv, vbi, pfx, delta, "vpmulld", Iop_Mul32x4 );
29164 goto decode_success;
29165 }
29166 /* VPMULLD r/m, rV, r ::: r = mul-32s(rV, r/m) */
29167 /* VPMULLD = VEX.NDS.256.66.0F38.WIG 40 /r */
29168 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
29169 delta = dis_VEX_NDS_256_AnySimdPfx_0F_WIG_simple(
29170 uses_vvvv, vbi, pfx, delta, "vpmulld", Iop_Mul32x8 );
29171 goto decode_success;
29172 }
29173 break;
29174
29175 case 0x41:
29176 /* VPHMINPOSUW xmm2/m128, xmm1 = VEX.128.66.0F38.WIG 41 /r */
29177 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
29178 delta = dis_PHMINPOSUW_128( vbi, pfx, delta, True/*isAvx*/ );
29179 goto decode_success;
29180 }
29181 break;
29182
29183 case 0x45:
29184 /* VPSRLVD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.W0 45 /r */
29185 /* VPSRLVD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.W0 45 /r */
29186 if (have66noF2noF3(pfx) && 0==getRexW(pfx)/*W0*/) {
29187 delta = dis_AVX_var_shiftV_byE( vbi, pfx, delta, "vpsrlvd",
29188 Iop_Shr32, 1==getVexL(pfx) );
29189 *uses_vvvv = True;
29190 goto decode_success;
29191 }
29192 /* VPSRLVQ xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.W1 45 /r */
29193 /* VPSRLVQ ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.W1 45 /r */
29194 if (have66noF2noF3(pfx) && 1==getRexW(pfx)/*W1*/) {
29195 delta = dis_AVX_var_shiftV_byE( vbi, pfx, delta, "vpsrlvq",
29196 Iop_Shr64, 1==getVexL(pfx) );
29197 *uses_vvvv = True;
29198 goto decode_success;
29199 }
29200 break;
29201
29202 case 0x46:
29203 /* VPSRAVD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.W0 46 /r */
29204 /* VPSRAVD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.W0 46 /r */
29205 if (have66noF2noF3(pfx) && 0==getRexW(pfx)/*W0*/) {
29206 delta = dis_AVX_var_shiftV_byE( vbi, pfx, delta, "vpsravd",
29207 Iop_Sar32, 1==getVexL(pfx) );
29208 *uses_vvvv = True;
29209 goto decode_success;
29210 }
29211 break;
29212
29213 case 0x47:
29214 /* VPSLLVD xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.W0 47 /r */
29215 /* VPSLLVD ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.W0 47 /r */
29216 if (have66noF2noF3(pfx) && 0==getRexW(pfx)/*W0*/) {
29217 delta = dis_AVX_var_shiftV_byE( vbi, pfx, delta, "vpsllvd",
29218 Iop_Shl32, 1==getVexL(pfx) );
29219 *uses_vvvv = True;
29220 goto decode_success;
29221 }
29222 /* VPSLLVQ xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.W1 47 /r */
29223 /* VPSLLVQ ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.W1 47 /r */
29224 if (have66noF2noF3(pfx) && 1==getRexW(pfx)/*W1*/) {
29225 delta = dis_AVX_var_shiftV_byE( vbi, pfx, delta, "vpsllvq",
29226 Iop_Shl64, 1==getVexL(pfx) );
29227 *uses_vvvv = True;
29228 goto decode_success;
29229 }
29230 break;
29231
29232 case 0x58:
29233 /* VPBROADCASTD xmm2/m32, xmm1 = VEX.128.66.0F38.W0 58 /r */
29234 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29235 && 0==getRexW(pfx)/*W0*/) {
29236 UChar modrm = getUChar(delta);
29237 UInt rG = gregOfRexRM(pfx, modrm);
29238 IRTemp t32 = newTemp(Ity_I32);
29239 if (epartIsReg(modrm)) {
29240 UInt rE = eregOfRexRM(pfx, modrm);
29241 delta++;
29242 DIP("vpbroadcastd %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
29243 assign(t32, getXMMRegLane32(rE, 0));
29244 } else {
29245 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
29246 delta += alen;
29247 DIP("vpbroadcastd %s,%s\n", dis_buf, nameXMMReg(rG));
29248 assign(t32, loadLE(Ity_I32, mkexpr(addr)));
29249 }
29250 IRTemp t64 = newTemp(Ity_I64);
29251 assign(t64, binop(Iop_32HLto64, mkexpr(t32), mkexpr(t32)));
29252 IRExpr* res = binop(Iop_64HLtoV128, mkexpr(t64), mkexpr(t64));
29253 putYMMRegLoAndZU(rG, res);
29254 goto decode_success;
29255 }
29256 /* VPBROADCASTD xmm2/m32, ymm1 = VEX.256.66.0F38.W0 58 /r */
29257 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29258 && 0==getRexW(pfx)/*W0*/) {
29259 UChar modrm = getUChar(delta);
29260 UInt rG = gregOfRexRM(pfx, modrm);
29261 IRTemp t32 = newTemp(Ity_I32);
29262 if (epartIsReg(modrm)) {
29263 UInt rE = eregOfRexRM(pfx, modrm);
29264 delta++;
29265 DIP("vpbroadcastd %s,%s\n", nameXMMReg(rE), nameYMMReg(rG));
29266 assign(t32, getXMMRegLane32(rE, 0));
29267 } else {
29268 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
29269 delta += alen;
29270 DIP("vpbroadcastd %s,%s\n", dis_buf, nameYMMReg(rG));
29271 assign(t32, loadLE(Ity_I32, mkexpr(addr)));
29272 }
29273 IRTemp t64 = newTemp(Ity_I64);
29274 assign(t64, binop(Iop_32HLto64, mkexpr(t32), mkexpr(t32)));
29275 IRExpr* res = IRExpr_Qop(Iop_64x4toV256, mkexpr(t64), mkexpr(t64),
29276 mkexpr(t64), mkexpr(t64));
29277 putYMMReg(rG, res);
29278 goto decode_success;
29279 }
29280 break;
29281
29282 case 0x59:
29283 /* VPBROADCASTQ xmm2/m64, xmm1 = VEX.128.66.0F38.W0 59 /r */
29284 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29285 && 0==getRexW(pfx)/*W0*/) {
29286 UChar modrm = getUChar(delta);
29287 UInt rG = gregOfRexRM(pfx, modrm);
29288 IRTemp t64 = newTemp(Ity_I64);
29289 if (epartIsReg(modrm)) {
29290 UInt rE = eregOfRexRM(pfx, modrm);
29291 delta++;
29292 DIP("vpbroadcastq %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
29293 assign(t64, getXMMRegLane64(rE, 0));
29294 } else {
29295 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
29296 delta += alen;
29297 DIP("vpbroadcastq %s,%s\n", dis_buf, nameXMMReg(rG));
29298 assign(t64, loadLE(Ity_I64, mkexpr(addr)));
29299 }
29300 IRExpr* res = binop(Iop_64HLtoV128, mkexpr(t64), mkexpr(t64));
29301 putYMMRegLoAndZU(rG, res);
29302 goto decode_success;
29303 }
29304 /* VPBROADCASTQ xmm2/m64, ymm1 = VEX.256.66.0F38.W0 59 /r */
29305 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29306 && 0==getRexW(pfx)/*W0*/) {
29307 UChar modrm = getUChar(delta);
29308 UInt rG = gregOfRexRM(pfx, modrm);
29309 IRTemp t64 = newTemp(Ity_I64);
29310 if (epartIsReg(modrm)) {
29311 UInt rE = eregOfRexRM(pfx, modrm);
29312 delta++;
29313 DIP("vpbroadcastq %s,%s\n", nameXMMReg(rE), nameYMMReg(rG));
29314 assign(t64, getXMMRegLane64(rE, 0));
29315 } else {
29316 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
29317 delta += alen;
29318 DIP("vpbroadcastq %s,%s\n", dis_buf, nameYMMReg(rG));
29319 assign(t64, loadLE(Ity_I64, mkexpr(addr)));
29320 }
29321 IRExpr* res = IRExpr_Qop(Iop_64x4toV256, mkexpr(t64), mkexpr(t64),
29322 mkexpr(t64), mkexpr(t64));
29323 putYMMReg(rG, res);
29324 goto decode_success;
29325 }
29326 break;
29327
29328 case 0x5A:
29329 /* VBROADCASTI128 m128, ymm1 = VEX.256.66.0F38.WIG 5A /r */
29330 if (have66noF2noF3(pfx)
29331 && 1==getVexL(pfx)/*256*/
29332 && !epartIsReg(getUChar(delta))) {
29333 UChar modrm = getUChar(delta);
29334 UInt rG = gregOfRexRM(pfx, modrm);
29335 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
29336 delta += alen;
29337 DIP("vbroadcasti128 %s,%s\n", dis_buf, nameYMMReg(rG));
29338 IRTemp t128 = newTemp(Ity_V128);
29339 assign(t128, loadLE(Ity_V128, mkexpr(addr)));
29340 putYMMReg( rG, binop(Iop_V128HLtoV256, mkexpr(t128), mkexpr(t128)) );
29341 goto decode_success;
29342 }
29343 break;
29344
29345 case 0x78:
29346 /* VPBROADCASTB xmm2/m8, xmm1 = VEX.128.66.0F38.W0 78 /r */
29347 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29348 && 0==getRexW(pfx)/*W0*/) {
29349 UChar modrm = getUChar(delta);
29350 UInt rG = gregOfRexRM(pfx, modrm);
29351 IRTemp t8 = newTemp(Ity_I8);
29352 if (epartIsReg(modrm)) {
29353 UInt rE = eregOfRexRM(pfx, modrm);
29354 delta++;
29355 DIP("vpbroadcastb %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
29356 assign(t8, unop(Iop_32to8, getXMMRegLane32(rE, 0)));
29357 } else {
29358 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
29359 delta += alen;
29360 DIP("vpbroadcastb %s,%s\n", dis_buf, nameXMMReg(rG));
29361 assign(t8, loadLE(Ity_I8, mkexpr(addr)));
29362 }
29363 IRTemp t16 = newTemp(Ity_I16);
29364 assign(t16, binop(Iop_8HLto16, mkexpr(t8), mkexpr(t8)));
29365 IRTemp t32 = newTemp(Ity_I32);
29366 assign(t32, binop(Iop_16HLto32, mkexpr(t16), mkexpr(t16)));
29367 IRTemp t64 = newTemp(Ity_I64);
29368 assign(t64, binop(Iop_32HLto64, mkexpr(t32), mkexpr(t32)));
29369 IRExpr* res = binop(Iop_64HLtoV128, mkexpr(t64), mkexpr(t64));
29370 putYMMRegLoAndZU(rG, res);
29371 goto decode_success;
29372 }
29373 /* VPBROADCASTB xmm2/m8, ymm1 = VEX.256.66.0F38.W0 78 /r */
29374 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29375 && 0==getRexW(pfx)/*W0*/) {
29376 UChar modrm = getUChar(delta);
29377 UInt rG = gregOfRexRM(pfx, modrm);
29378 IRTemp t8 = newTemp(Ity_I8);
29379 if (epartIsReg(modrm)) {
29380 UInt rE = eregOfRexRM(pfx, modrm);
29381 delta++;
29382 DIP("vpbroadcastb %s,%s\n", nameXMMReg(rE), nameYMMReg(rG));
29383 assign(t8, unop(Iop_32to8, getXMMRegLane32(rE, 0)));
29384 } else {
29385 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
29386 delta += alen;
29387 DIP("vpbroadcastb %s,%s\n", dis_buf, nameYMMReg(rG));
29388 assign(t8, loadLE(Ity_I8, mkexpr(addr)));
29389 }
29390 IRTemp t16 = newTemp(Ity_I16);
29391 assign(t16, binop(Iop_8HLto16, mkexpr(t8), mkexpr(t8)));
29392 IRTemp t32 = newTemp(Ity_I32);
29393 assign(t32, binop(Iop_16HLto32, mkexpr(t16), mkexpr(t16)));
29394 IRTemp t64 = newTemp(Ity_I64);
29395 assign(t64, binop(Iop_32HLto64, mkexpr(t32), mkexpr(t32)));
29396 IRExpr* res = IRExpr_Qop(Iop_64x4toV256, mkexpr(t64), mkexpr(t64),
29397 mkexpr(t64), mkexpr(t64));
29398 putYMMReg(rG, res);
29399 goto decode_success;
29400 }
29401 break;
29402
29403 case 0x79:
29404 /* VPBROADCASTW xmm2/m16, xmm1 = VEX.128.66.0F38.W0 79 /r */
29405 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29406 && 0==getRexW(pfx)/*W0*/) {
29407 UChar modrm = getUChar(delta);
29408 UInt rG = gregOfRexRM(pfx, modrm);
29409 IRTemp t16 = newTemp(Ity_I16);
29410 if (epartIsReg(modrm)) {
29411 UInt rE = eregOfRexRM(pfx, modrm);
29412 delta++;
29413 DIP("vpbroadcastw %s,%s\n", nameXMMReg(rE), nameXMMReg(rG));
29414 assign(t16, unop(Iop_32to16, getXMMRegLane32(rE, 0)));
29415 } else {
29416 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
29417 delta += alen;
29418 DIP("vpbroadcastw %s,%s\n", dis_buf, nameXMMReg(rG));
29419 assign(t16, loadLE(Ity_I16, mkexpr(addr)));
29420 }
29421 IRTemp t32 = newTemp(Ity_I32);
29422 assign(t32, binop(Iop_16HLto32, mkexpr(t16), mkexpr(t16)));
29423 IRTemp t64 = newTemp(Ity_I64);
29424 assign(t64, binop(Iop_32HLto64, mkexpr(t32), mkexpr(t32)));
29425 IRExpr* res = binop(Iop_64HLtoV128, mkexpr(t64), mkexpr(t64));
29426 putYMMRegLoAndZU(rG, res);
29427 goto decode_success;
29428 }
29429 /* VPBROADCASTW xmm2/m16, ymm1 = VEX.256.66.0F38.W0 79 /r */
29430 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29431 && 0==getRexW(pfx)/*W0*/) {
29432 UChar modrm = getUChar(delta);
29433 UInt rG = gregOfRexRM(pfx, modrm);
29434 IRTemp t16 = newTemp(Ity_I16);
29435 if (epartIsReg(modrm)) {
29436 UInt rE = eregOfRexRM(pfx, modrm);
29437 delta++;
29438 DIP("vpbroadcastw %s,%s\n", nameXMMReg(rE), nameYMMReg(rG));
29439 assign(t16, unop(Iop_32to16, getXMMRegLane32(rE, 0)));
29440 } else {
29441 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 0 );
29442 delta += alen;
29443 DIP("vpbroadcastw %s,%s\n", dis_buf, nameYMMReg(rG));
29444 assign(t16, loadLE(Ity_I16, mkexpr(addr)));
29445 }
29446 IRTemp t32 = newTemp(Ity_I32);
29447 assign(t32, binop(Iop_16HLto32, mkexpr(t16), mkexpr(t16)));
29448 IRTemp t64 = newTemp(Ity_I64);
29449 assign(t64, binop(Iop_32HLto64, mkexpr(t32), mkexpr(t32)));
29450 IRExpr* res = IRExpr_Qop(Iop_64x4toV256, mkexpr(t64), mkexpr(t64),
29451 mkexpr(t64), mkexpr(t64));
29452 putYMMReg(rG, res);
29453 goto decode_success;
29454 }
29455 break;
29456
29457 case 0x8C:
29458 /* VPMASKMOVD m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.W0 8C /r */
29459 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29460 && 0==getRexW(pfx)/*W0*/ && !epartIsReg(getUChar(delta))) {
29461 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vpmaskmovd",
29462 /*!isYMM*/False, Ity_I32, /*isLoad*/True );
29463 goto decode_success;
29464 }
29465 /* VPMASKMOVD m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.W0 8C /r */
29466 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29467 && 0==getRexW(pfx)/*W0*/ && !epartIsReg(getUChar(delta))) {
29468 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vpmaskmovd",
29469 /*isYMM*/True, Ity_I32, /*isLoad*/True );
29470 goto decode_success;
29471 }
29472 /* VPMASKMOVQ m128, xmm2, xmm1 = VEX.NDS.128.66.0F38.W1 8C /r */
29473 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29474 && 1==getRexW(pfx)/*W1*/ && !epartIsReg(getUChar(delta))) {
29475 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vpmaskmovq",
29476 /*!isYMM*/False, Ity_I64, /*isLoad*/True );
29477 goto decode_success;
29478 }
29479 /* VPMASKMOVQ m256, ymm2, ymm1 = VEX.NDS.256.66.0F38.W1 8C /r */
29480 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29481 && 1==getRexW(pfx)/*W1*/ && !epartIsReg(getUChar(delta))) {
29482 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vpmaskmovq",
29483 /*isYMM*/True, Ity_I64, /*isLoad*/True );
29484 goto decode_success;
29485 }
29486 break;
29487
29488 case 0x8E:
29489 /* VPMASKMOVD xmm1, xmm2, m128 = VEX.NDS.128.66.0F38.W0 8E /r */
29490 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29491 && 0==getRexW(pfx)/*W0*/ && !epartIsReg(getUChar(delta))) {
29492 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vpmaskmovd",
29493 /*!isYMM*/False, Ity_I32, /*!isLoad*/False );
29494 goto decode_success;
29495 }
29496 /* VPMASKMOVD ymm1, ymm2, m256 = VEX.NDS.256.66.0F38.W0 8E /r */
29497 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29498 && 0==getRexW(pfx)/*W0*/ && !epartIsReg(getUChar(delta))) {
29499 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vpmaskmovd",
29500 /*isYMM*/True, Ity_I32, /*!isLoad*/False );
29501 goto decode_success;
29502 }
29503 /* VPMASKMOVQ xmm1, xmm2, m128 = VEX.NDS.128.66.0F38.W1 8E /r */
29504 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29505 && 1==getRexW(pfx)/*W1*/ && !epartIsReg(getUChar(delta))) {
29506 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vpmaskmovq",
29507 /*!isYMM*/False, Ity_I64, /*!isLoad*/False );
29508 goto decode_success;
29509 }
29510 /* VPMASKMOVQ ymm1, ymm2, m256 = VEX.NDS.256.66.0F38.W1 8E /r */
29511 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29512 && 1==getRexW(pfx)/*W1*/ && !epartIsReg(getUChar(delta))) {
29513 delta = dis_VMASKMOV( uses_vvvv, vbi, pfx, delta, "vpmaskmovq",
29514 /*isYMM*/True, Ity_I64, /*!isLoad*/False );
29515 goto decode_success;
29516 }
29517 break;
29518
29519 case 0x90:
29520 /* VPGATHERDD xmm2, vm32x, xmm1 = VEX.DDS.128.66.0F38.W0 90 /r */
29521 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29522 && 0 == getRexW(pfx)/*W0*/ && !epartIsReg(getUChar(delta))) {
29523 Long delta0 = delta;
29524 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vpgatherdd",
29525 /*!isYMM*/False, /*!isVM64x*/False, Ity_I32 );
29526 if (delta != delta0)
29527 goto decode_success;
29528 }
29529 /* VPGATHERDD ymm2, vm32y, ymm1 = VEX.DDS.256.66.0F38.W0 90 /r */
29530 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29531 && 0 == getRexW(pfx)/*W0*/ && !epartIsReg(getUChar(delta))) {
29532 Long delta0 = delta;
29533 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vpgatherdd",
29534 /*isYMM*/True, /*!isVM64x*/False, Ity_I32 );
29535 if (delta != delta0)
29536 goto decode_success;
29537 }
29538 /* VPGATHERDQ xmm2, vm32x, xmm1 = VEX.DDS.128.66.0F38.W1 90 /r */
29539 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29540 && 1 == getRexW(pfx)/*W1*/ && !epartIsReg(getUChar(delta))) {
29541 Long delta0 = delta;
29542 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vpgatherdq",
29543 /*!isYMM*/False, /*!isVM64x*/False, Ity_I64 );
29544 if (delta != delta0)
29545 goto decode_success;
29546 }
29547 /* VPGATHERDQ ymm2, vm32x, ymm1 = VEX.DDS.256.66.0F38.W1 90 /r */
29548 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29549 && 1 == getRexW(pfx)/*W1*/ && !epartIsReg(getUChar(delta))) {
29550 Long delta0 = delta;
29551 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vpgatherdq",
29552 /*isYMM*/True, /*!isVM64x*/False, Ity_I64 );
29553 if (delta != delta0)
29554 goto decode_success;
29555 }
29556 break;
29557
29558 case 0x91:
29559 /* VPGATHERQD xmm2, vm64x, xmm1 = VEX.DDS.128.66.0F38.W0 91 /r */
29560 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29561 && 0 == getRexW(pfx)/*W0*/ && !epartIsReg(getUChar(delta))) {
29562 Long delta0 = delta;
29563 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vpgatherqd",
29564 /*!isYMM*/False, /*isVM64x*/True, Ity_I32 );
29565 if (delta != delta0)
29566 goto decode_success;
29567 }
29568 /* VPGATHERQD xmm2, vm64y, xmm1 = VEX.DDS.256.66.0F38.W0 91 /r */
29569 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29570 && 0 == getRexW(pfx)/*W0*/ && !epartIsReg(getUChar(delta))) {
29571 Long delta0 = delta;
29572 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vpgatherqd",
29573 /*isYMM*/True, /*isVM64x*/True, Ity_I32 );
29574 if (delta != delta0)
29575 goto decode_success;
29576 }
29577 /* VPGATHERQQ xmm2, vm64x, xmm1 = VEX.DDS.128.66.0F38.W1 91 /r */
29578 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29579 && 1 == getRexW(pfx)/*W1*/ && !epartIsReg(getUChar(delta))) {
29580 Long delta0 = delta;
29581 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vpgatherqq",
29582 /*!isYMM*/False, /*isVM64x*/True, Ity_I64 );
29583 if (delta != delta0)
29584 goto decode_success;
29585 }
29586 /* VPGATHERQQ ymm2, vm64y, ymm1 = VEX.DDS.256.66.0F38.W1 91 /r */
29587 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29588 && 1 == getRexW(pfx)/*W1*/ && !epartIsReg(getUChar(delta))) {
29589 Long delta0 = delta;
29590 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vpgatherqq",
29591 /*isYMM*/True, /*isVM64x*/True, Ity_I64 );
29592 if (delta != delta0)
29593 goto decode_success;
29594 }
29595 break;
29596
29597 case 0x92:
29598 /* VGATHERDPS xmm2, vm32x, xmm1 = VEX.DDS.128.66.0F38.W0 92 /r */
29599 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29600 && 0 == getRexW(pfx)/*W0*/ && !epartIsReg(getUChar(delta))) {
29601 Long delta0 = delta;
29602 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vgatherdps",
29603 /*!isYMM*/False, /*!isVM64x*/False, Ity_I32 );
29604 if (delta != delta0)
29605 goto decode_success;
29606 }
29607 /* VGATHERDPS ymm2, vm32y, ymm1 = VEX.DDS.256.66.0F38.W0 92 /r */
29608 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29609 && 0 == getRexW(pfx)/*W0*/ && !epartIsReg(getUChar(delta))) {
29610 Long delta0 = delta;
29611 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vgatherdps",
29612 /*isYMM*/True, /*!isVM64x*/False, Ity_I32 );
29613 if (delta != delta0)
29614 goto decode_success;
29615 }
29616 /* VGATHERDPD xmm2, vm32x, xmm1 = VEX.DDS.128.66.0F38.W1 92 /r */
29617 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29618 && 1 == getRexW(pfx)/*W1*/ && !epartIsReg(getUChar(delta))) {
29619 Long delta0 = delta;
29620 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vgatherdpd",
29621 /*!isYMM*/False, /*!isVM64x*/False, Ity_I64 );
29622 if (delta != delta0)
29623 goto decode_success;
29624 }
29625 /* VGATHERDPD ymm2, vm32x, ymm1 = VEX.DDS.256.66.0F38.W1 92 /r */
29626 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29627 && 1 == getRexW(pfx)/*W1*/ && !epartIsReg(getUChar(delta))) {
29628 Long delta0 = delta;
29629 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vgatherdpd",
29630 /*isYMM*/True, /*!isVM64x*/False, Ity_I64 );
29631 if (delta != delta0)
29632 goto decode_success;
29633 }
29634 break;
29635
29636 case 0x93:
29637 /* VGATHERQPS xmm2, vm64x, xmm1 = VEX.DDS.128.66.0F38.W0 93 /r */
29638 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29639 && 0 == getRexW(pfx)/*W0*/ && !epartIsReg(getUChar(delta))) {
29640 Long delta0 = delta;
29641 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vgatherqps",
29642 /*!isYMM*/False, /*isVM64x*/True, Ity_I32 );
29643 if (delta != delta0)
29644 goto decode_success;
29645 }
29646 /* VGATHERQPS xmm2, vm64y, xmm1 = VEX.DDS.256.66.0F38.W0 93 /r */
29647 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29648 && 0 == getRexW(pfx)/*W0*/ && !epartIsReg(getUChar(delta))) {
29649 Long delta0 = delta;
29650 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vgatherqps",
29651 /*isYMM*/True, /*isVM64x*/True, Ity_I32 );
29652 if (delta != delta0)
29653 goto decode_success;
29654 }
29655 /* VGATHERQPD xmm2, vm64x, xmm1 = VEX.DDS.128.66.0F38.W1 93 /r */
29656 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/
29657 && 1 == getRexW(pfx)/*W1*/ && !epartIsReg(getUChar(delta))) {
29658 Long delta0 = delta;
29659 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vgatherqpd",
29660 /*!isYMM*/False, /*isVM64x*/True, Ity_I64 );
29661 if (delta != delta0)
29662 goto decode_success;
29663 }
29664 /* VGATHERQPD ymm2, vm64y, ymm1 = VEX.DDS.256.66.0F38.W1 93 /r */
29665 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
29666 && 1 == getRexW(pfx)/*W1*/ && !epartIsReg(getUChar(delta))) {
29667 Long delta0 = delta;
29668 delta = dis_VGATHER( uses_vvvv, vbi, pfx, delta, "vgatherqpd",
29669 /*isYMM*/True, /*isVM64x*/True, Ity_I64 );
29670 if (delta != delta0)
29671 goto decode_success;
29672 }
29673 break;
29674
29675 case 0x96 ... 0x9F:
29676 case 0xA6 ... 0xAF:
29677 case 0xB6 ... 0xBF:
29678 /* VFMADDSUB132PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 96 /r */
29679 /* VFMADDSUB132PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 96 /r */
29680 /* VFMADDSUB132PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 96 /r */
29681 /* VFMADDSUB132PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 96 /r */
29682 /* VFMSUBADD132PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 97 /r */
29683 /* VFMSUBADD132PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 97 /r */
29684 /* VFMSUBADD132PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 97 /r */
29685 /* VFMSUBADD132PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 97 /r */
29686 /* VFMADD132PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 98 /r */
29687 /* VFMADD132PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 98 /r */
29688 /* VFMADD132PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 98 /r */
29689 /* VFMADD132PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 98 /r */
29690 /* VFMADD132SS xmm3/m32, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W0 99 /r */
29691 /* VFMADD132SD xmm3/m64, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W1 99 /r */
29692 /* VFMSUB132PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 9A /r */
29693 /* VFMSUB132PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 9A /r */
29694 /* VFMSUB132PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 9A /r */
29695 /* VFMSUB132PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 9A /r */
29696 /* VFMSUB132SS xmm3/m32, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W0 9B /r */
29697 /* VFMSUB132SD xmm3/m64, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W1 9B /r */
29698 /* VFNMADD132PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 9C /r */
29699 /* VFNMADD132PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 9C /r */
29700 /* VFNMADD132PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 9C /r */
29701 /* VFNMADD132PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 9C /r */
29702 /* VFNMADD132SS xmm3/m32, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W0 9D /r */
29703 /* VFNMADD132SD xmm3/m64, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W1 9D /r */
29704 /* VFNMSUB132PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 9E /r */
29705 /* VFNMSUB132PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 9E /r */
29706 /* VFNMSUB132PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 9E /r */
29707 /* VFNMSUB132PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 9E /r */
29708 /* VFNMSUB132SS xmm3/m32, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W0 9F /r */
29709 /* VFNMSUB132SD xmm3/m64, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W1 9F /r */
29710 /* VFMADDSUB213PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 A6 /r */
29711 /* VFMADDSUB213PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 A6 /r */
29712 /* VFMADDSUB213PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 A6 /r */
29713 /* VFMADDSUB213PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 A6 /r */
29714 /* VFMSUBADD213PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 A7 /r */
29715 /* VFMSUBADD213PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 A7 /r */
29716 /* VFMSUBADD213PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 A7 /r */
29717 /* VFMSUBADD213PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 A7 /r */
29718 /* VFMADD213PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 A8 /r */
29719 /* VFMADD213PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 A8 /r */
29720 /* VFMADD213PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 A8 /r */
29721 /* VFMADD213PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 A8 /r */
29722 /* VFMADD213SS xmm3/m32, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W0 A9 /r */
29723 /* VFMADD213SD xmm3/m64, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W1 A9 /r */
29724 /* VFMSUB213PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 AA /r */
29725 /* VFMSUB213PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 AA /r */
29726 /* VFMSUB213PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 AA /r */
29727 /* VFMSUB213PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 AA /r */
29728 /* VFMSUB213SS xmm3/m32, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W0 AB /r */
29729 /* VFMSUB213SD xmm3/m64, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W1 AB /r */
29730 /* VFNMADD213PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 AC /r */
29731 /* VFNMADD213PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 AC /r */
29732 /* VFNMADD213PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 AC /r */
29733 /* VFNMADD213PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 AC /r */
29734 /* VFNMADD213SS xmm3/m32, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W0 AD /r */
29735 /* VFNMADD213SD xmm3/m64, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W1 AD /r */
29736 /* VFNMSUB213PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 AE /r */
29737 /* VFNMSUB213PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 AE /r */
29738 /* VFNMSUB213PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 AE /r */
29739 /* VFNMSUB213PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 AE /r */
29740 /* VFNMSUB213SS xmm3/m32, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W0 AF /r */
29741 /* VFNMSUB213SD xmm3/m64, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W1 AF /r */
29742 /* VFMADDSUB231PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 B6 /r */
29743 /* VFMADDSUB231PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 B6 /r */
29744 /* VFMADDSUB231PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 B6 /r */
29745 /* VFMADDSUB231PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 B6 /r */
29746 /* VFMSUBADD231PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 B7 /r */
29747 /* VFMSUBADD231PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 B7 /r */
29748 /* VFMSUBADD231PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 B7 /r */
29749 /* VFMSUBADD231PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 B7 /r */
29750 /* VFMADD231PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 B8 /r */
29751 /* VFMADD231PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 B8 /r */
29752 /* VFMADD231PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 B8 /r */
29753 /* VFMADD231PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 B8 /r */
29754 /* VFMADD231SS xmm3/m32, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W0 B9 /r */
29755 /* VFMADD231SD xmm3/m64, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W1 B9 /r */
29756 /* VFMSUB231PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 BA /r */
29757 /* VFMSUB231PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 BA /r */
29758 /* VFMSUB231PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 BA /r */
29759 /* VFMSUB231PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 BA /r */
29760 /* VFMSUB231SS xmm3/m32, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W0 BB /r */
29761 /* VFMSUB231SD xmm3/m64, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W1 BB /r */
29762 /* VFNMADD231PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 BC /r */
29763 /* VFNMADD231PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 BC /r */
29764 /* VFNMADD231PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 BC /r */
29765 /* VFNMADD231PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 BC /r */
29766 /* VFNMADD231SS xmm3/m32, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W0 BD /r */
29767 /* VFNMADD231SD xmm3/m64, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W1 BD /r */
29768 /* VFNMSUB231PS xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W0 BE /r */
29769 /* VFNMSUB231PS ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W0 BE /r */
29770 /* VFNMSUB231PD xmm3/m128, xmm2, xmm1 = VEX.DDS.128.66.0F38.W1 BE /r */
29771 /* VFNMSUB231PD ymm3/m256, ymm2, ymm1 = VEX.DDS.256.66.0F38.W1 BE /r */
29772 /* VFNMSUB231SS xmm3/m32, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W0 BF /r */
29773 /* VFNMSUB231SD xmm3/m64, xmm2, xmm1 = VEX.DDS.LIG.66.0F38.W1 BF /r */
29774 if (have66noF2noF3(pfx)) {
29775 delta = dis_FMA( vbi, pfx, delta, opc );
29776 *uses_vvvv = True;
29777 dres->hint = Dis_HintVerbose;
29778 goto decode_success;
29779 }
29780 break;
29781
29782 case 0xDB:
29783 case 0xDC:
29784 case 0xDD:
29785 case 0xDE:
29786 case 0xDF:
29787 /* VAESIMC xmm2/m128, xmm1 = VEX.128.66.0F38.WIG DB /r */
29788 /* VAESENC xmm3/m128, xmm2, xmm1 = VEX.128.66.0F38.WIG DC /r */
29789 /* VAESENCLAST xmm3/m128, xmm2, xmm1 = VEX.128.66.0F38.WIG DD /r */
29790 /* VAESDEC xmm3/m128, xmm2, xmm1 = VEX.128.66.0F38.WIG DE /r */
29791 /* VAESDECLAST xmm3/m128, xmm2, xmm1 = VEX.128.66.0F38.WIG DF /r */
29792 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
29793 delta = dis_AESx( vbi, pfx, delta, True/*!isAvx*/, opc );
29794 if (opc != 0xDB) *uses_vvvv = True;
29795 goto decode_success;
29796 }
29797 break;
29798
29799 case 0xF2:
29800 /* ANDN r/m32, r32b, r32a = VEX.NDS.LZ.0F38.W0 F2 /r */
29801 /* ANDN r/m64, r64b, r64a = VEX.NDS.LZ.0F38.W1 F2 /r */
29802 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*LZ*/ && !haveREX(pfx)) {
29803 Int size = getRexW(pfx) ? 8 : 4;
29804 IRType ty = szToITy(size);
29805 IRTemp dst = newTemp(ty);
29806 IRTemp src1 = newTemp(ty);
29807 IRTemp src2 = newTemp(ty);
29808 UChar rm = getUChar(delta);
29809
29810 assign( src1, getIRegV(size,pfx) );
29811 if (epartIsReg(rm)) {
29812 assign( src2, getIRegE(size,pfx,rm) );
29813 DIP("andn %s,%s,%s\n", nameIRegE(size,pfx,rm),
29814 nameIRegV(size,pfx), nameIRegG(size,pfx,rm));
29815 delta++;
29816 } else {
29817 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
29818 assign( src2, loadLE(ty, mkexpr(addr)) );
29819 DIP("andn %s,%s,%s\n", dis_buf, nameIRegV(size,pfx),
29820 nameIRegG(size,pfx,rm));
29821 delta += alen;
29822 }
29823
29824 assign( dst, binop( mkSizedOp(ty,Iop_And8),
29825 unop( mkSizedOp(ty,Iop_Not8), mkexpr(src1) ),
29826 mkexpr(src2) ) );
29827 putIRegG( size, pfx, rm, mkexpr(dst) );
29828 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(size == 8
29829 ? AMD64G_CC_OP_ANDN64
29830 : AMD64G_CC_OP_ANDN32)) );
29831 stmt( IRStmt_Put( OFFB_CC_DEP1, widenUto64(mkexpr(dst))) );
29832 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0)) );
29833 *uses_vvvv = True;
29834 goto decode_success;
29835 }
29836 break;
29837
29838 case 0xF3:
29839 /* BLSI r/m32, r32 = VEX.NDD.LZ.0F38.W0 F3 /3 */
29840 /* BLSI r/m64, r64 = VEX.NDD.LZ.0F38.W1 F3 /3 */
29841 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*LZ*/
29842 && !haveREX(pfx) && gregLO3ofRM(getUChar(delta)) == 3) {
29843 Int size = getRexW(pfx) ? 8 : 4;
29844 IRType ty = szToITy(size);
29845 IRTemp src = newTemp(ty);
29846 IRTemp dst = newTemp(ty);
29847 UChar rm = getUChar(delta);
29848
29849 if (epartIsReg(rm)) {
29850 assign( src, getIRegE(size,pfx,rm) );
29851 DIP("blsi %s,%s\n", nameIRegE(size,pfx,rm),
29852 nameIRegV(size,pfx));
29853 delta++;
29854 } else {
29855 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
29856 assign( src, loadLE(ty, mkexpr(addr)) );
29857 DIP("blsi %s,%s\n", dis_buf, nameIRegV(size,pfx));
29858 delta += alen;
29859 }
29860
29861 assign( dst, binop(mkSizedOp(ty,Iop_And8),
29862 binop(mkSizedOp(ty,Iop_Sub8), mkU(ty, 0),
29863 mkexpr(src)), mkexpr(src)) );
29864 putIRegV( size, pfx, mkexpr(dst) );
29865 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(size == 8
29866 ? AMD64G_CC_OP_BLSI64
29867 : AMD64G_CC_OP_BLSI32)) );
29868 stmt( IRStmt_Put( OFFB_CC_DEP1, widenUto64(mkexpr(dst))) );
29869 stmt( IRStmt_Put( OFFB_CC_DEP2, widenUto64(mkexpr(src))) );
29870 *uses_vvvv = True;
29871 goto decode_success;
29872 }
29873 /* BLSMSK r/m32, r32 = VEX.NDD.LZ.0F38.W0 F3 /2 */
29874 /* BLSMSK r/m64, r64 = VEX.NDD.LZ.0F38.W1 F3 /2 */
29875 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*LZ*/
29876 && !haveREX(pfx) && gregLO3ofRM(getUChar(delta)) == 2) {
29877 Int size = getRexW(pfx) ? 8 : 4;
29878 IRType ty = szToITy(size);
29879 IRTemp src = newTemp(ty);
29880 IRTemp dst = newTemp(ty);
29881 UChar rm = getUChar(delta);
29882
29883 if (epartIsReg(rm)) {
29884 assign( src, getIRegE(size,pfx,rm) );
29885 DIP("blsmsk %s,%s\n", nameIRegE(size,pfx,rm),
29886 nameIRegV(size,pfx));
29887 delta++;
29888 } else {
29889 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
29890 assign( src, loadLE(ty, mkexpr(addr)) );
29891 DIP("blsmsk %s,%s\n", dis_buf, nameIRegV(size,pfx));
29892 delta += alen;
29893 }
29894
29895 assign( dst, binop(mkSizedOp(ty,Iop_Xor8),
29896 binop(mkSizedOp(ty,Iop_Sub8), mkexpr(src),
29897 mkU(ty, 1)), mkexpr(src)) );
29898 putIRegV( size, pfx, mkexpr(dst) );
29899 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(size == 8
29900 ? AMD64G_CC_OP_BLSMSK64
29901 : AMD64G_CC_OP_BLSMSK32)) );
29902 stmt( IRStmt_Put( OFFB_CC_DEP1, widenUto64(mkexpr(dst))) );
29903 stmt( IRStmt_Put( OFFB_CC_DEP2, widenUto64(mkexpr(src))) );
29904 *uses_vvvv = True;
29905 goto decode_success;
29906 }
29907 /* BLSR r/m32, r32 = VEX.NDD.LZ.0F38.W0 F3 /1 */
29908 /* BLSR r/m64, r64 = VEX.NDD.LZ.0F38.W1 F3 /1 */
29909 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*LZ*/
29910 && !haveREX(pfx) && gregLO3ofRM(getUChar(delta)) == 1) {
29911 Int size = getRexW(pfx) ? 8 : 4;
29912 IRType ty = szToITy(size);
29913 IRTemp src = newTemp(ty);
29914 IRTemp dst = newTemp(ty);
29915 UChar rm = getUChar(delta);
29916
29917 if (epartIsReg(rm)) {
29918 assign( src, getIRegE(size,pfx,rm) );
29919 DIP("blsr %s,%s\n", nameIRegE(size,pfx,rm),
29920 nameIRegV(size,pfx));
29921 delta++;
29922 } else {
29923 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
29924 assign( src, loadLE(ty, mkexpr(addr)) );
29925 DIP("blsr %s,%s\n", dis_buf, nameIRegV(size,pfx));
29926 delta += alen;
29927 }
29928
29929 assign( dst, binop(mkSizedOp(ty,Iop_And8),
29930 binop(mkSizedOp(ty,Iop_Sub8), mkexpr(src),
29931 mkU(ty, 1)), mkexpr(src)) );
29932 putIRegV( size, pfx, mkexpr(dst) );
29933 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(size == 8
29934 ? AMD64G_CC_OP_BLSR64
29935 : AMD64G_CC_OP_BLSR32)) );
29936 stmt( IRStmt_Put( OFFB_CC_DEP1, widenUto64(mkexpr(dst))) );
29937 stmt( IRStmt_Put( OFFB_CC_DEP2, widenUto64(mkexpr(src))) );
29938 *uses_vvvv = True;
29939 goto decode_success;
29940 }
29941 break;
29942
29943 case 0xF5:
29944 /* BZHI r32b, r/m32, r32a = VEX.NDS.LZ.0F38.W0 F5 /r */
29945 /* BZHI r64b, r/m64, r64a = VEX.NDS.LZ.0F38.W1 F5 /r */
29946 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*LZ*/ && !haveREX(pfx)) {
29947 Int size = getRexW(pfx) ? 8 : 4;
29948 IRType ty = szToITy(size);
29949 IRTemp dst = newTemp(ty);
29950 IRTemp src1 = newTemp(ty);
29951 IRTemp src2 = newTemp(ty);
29952 IRTemp start = newTemp(Ity_I8);
29953 IRTemp cond = newTemp(Ity_I1);
29954 UChar rm = getUChar(delta);
29955
29956 assign( src2, getIRegV(size,pfx) );
29957 if (epartIsReg(rm)) {
29958 assign( src1, getIRegE(size,pfx,rm) );
29959 DIP("bzhi %s,%s,%s\n", nameIRegV(size,pfx),
29960 nameIRegE(size,pfx,rm), nameIRegG(size,pfx,rm));
29961 delta++;
29962 } else {
29963 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
29964 assign( src1, loadLE(ty, mkexpr(addr)) );
29965 DIP("bzhi %s,%s,%s\n", nameIRegV(size,pfx), dis_buf,
29966 nameIRegG(size,pfx,rm));
29967 delta += alen;
29968 }
29969
29970 assign( start, narrowTo( Ity_I8, mkexpr(src2) ) );
29971 assign( cond, binop(Iop_CmpLT32U,
29972 unop(Iop_8Uto32, mkexpr(start)),
29973 mkU32(8*size)) );
29974 /* if (start < opsize) {
29975 if (start == 0)
29976 dst = 0;
29977 else
29978 dst = (src1 << (opsize-start)) u>> (opsize-start);
29979 } else {
29980 dst = src1;
29981 } */
29982 assign( dst,
29983 IRExpr_ITE(
29984 mkexpr(cond),
29985 IRExpr_ITE(
29986 binop(Iop_CmpEQ8, mkexpr(start), mkU8(0)),
29987 mkU(ty, 0),
29988 binop(
29989 mkSizedOp(ty,Iop_Shr8),
29990 binop(
29991 mkSizedOp(ty,Iop_Shl8),
29992 mkexpr(src1),
29993 binop(Iop_Sub8, mkU8(8*size), mkexpr(start))
29994 ),
29995 binop(Iop_Sub8, mkU8(8*size), mkexpr(start))
29996 )
29997 ),
29998 mkexpr(src1)
29999 )
30000 );
30001 putIRegG( size, pfx, rm, mkexpr(dst) );
30002 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(size == 8
30003 ? AMD64G_CC_OP_BLSR64
30004 : AMD64G_CC_OP_BLSR32)) );
30005 stmt( IRStmt_Put( OFFB_CC_DEP1, widenUto64(mkexpr(dst))) );
30006 stmt( IRStmt_Put( OFFB_CC_DEP2, widenUto64(mkexpr(cond))) );
30007 *uses_vvvv = True;
30008 goto decode_success;
30009 }
30010 /* PDEP r/m32, r32b, r32a = VEX.NDS.LZ.F2.0F38.W0 F5 /r */
30011 /* PDEP r/m64, r64b, r64a = VEX.NDS.LZ.F2.0F38.W1 F5 /r */
30012 if (haveF2no66noF3(pfx) && 0==getVexL(pfx)/*LZ*/ && !haveREX(pfx)) {
30013 Int size = getRexW(pfx) ? 8 : 4;
30014 IRType ty = szToITy(size);
30015 IRTemp src = newTemp(ty);
30016 IRTemp mask = newTemp(ty);
30017 UChar rm = getUChar(delta);
30018
30019 assign( src, getIRegV(size,pfx) );
30020 if (epartIsReg(rm)) {
30021 assign( mask, getIRegE(size,pfx,rm) );
30022 DIP("pdep %s,%s,%s\n", nameIRegE(size,pfx,rm),
30023 nameIRegV(size,pfx), nameIRegG(size,pfx,rm));
30024 delta++;
30025 } else {
30026 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
30027 assign( mask, loadLE(ty, mkexpr(addr)) );
30028 DIP("pdep %s,%s,%s\n", dis_buf, nameIRegV(size,pfx),
30029 nameIRegG(size,pfx,rm));
30030 delta += alen;
30031 }
30032
30033 IRExpr** args = mkIRExprVec_2( widenUto64(mkexpr(src)),
30034 widenUto64(mkexpr(mask)) );
30035 putIRegG( size, pfx, rm,
30036 narrowTo(ty, mkIRExprCCall(Ity_I64, 0/*regparms*/,
30037 "amd64g_calculate_pdep",
30038 &amd64g_calculate_pdep, args)) );
30039 *uses_vvvv = True;
30040 /* Flags aren't modified. */
30041 goto decode_success;
30042 }
30043 /* PEXT r/m32, r32b, r32a = VEX.NDS.LZ.F3.0F38.W0 F5 /r */
30044 /* PEXT r/m64, r64b, r64a = VEX.NDS.LZ.F3.0F38.W1 F5 /r */
30045 if (haveF3no66noF2(pfx) && 0==getVexL(pfx)/*LZ*/ && !haveREX(pfx)) {
30046 Int size = getRexW(pfx) ? 8 : 4;
30047 IRType ty = szToITy(size);
30048 IRTemp src = newTemp(ty);
30049 IRTemp mask = newTemp(ty);
30050 UChar rm = getUChar(delta);
30051
30052 assign( src, getIRegV(size,pfx) );
30053 if (epartIsReg(rm)) {
30054 assign( mask, getIRegE(size,pfx,rm) );
30055 DIP("pext %s,%s,%s\n", nameIRegE(size,pfx,rm),
30056 nameIRegV(size,pfx), nameIRegG(size,pfx,rm));
30057 delta++;
30058 } else {
30059 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
30060 assign( mask, loadLE(ty, mkexpr(addr)) );
30061 DIP("pext %s,%s,%s\n", dis_buf, nameIRegV(size,pfx),
30062 nameIRegG(size,pfx,rm));
30063 delta += alen;
30064 }
30065
30066 /* First mask off bits not set in mask, they are ignored
30067 and it should be fine if they contain undefined values. */
30068 IRExpr* masked = binop(mkSizedOp(ty,Iop_And8),
30069 mkexpr(src), mkexpr(mask));
30070 IRExpr** args = mkIRExprVec_2( widenUto64(masked),
30071 widenUto64(mkexpr(mask)) );
30072 putIRegG( size, pfx, rm,
30073 narrowTo(ty, mkIRExprCCall(Ity_I64, 0/*regparms*/,
30074 "amd64g_calculate_pext",
30075 &amd64g_calculate_pext, args)) );
30076 *uses_vvvv = True;
30077 /* Flags aren't modified. */
30078 goto decode_success;
30079 }
30080 break;
30081
30082 case 0xF6:
30083 /* MULX r/m32, r32b, r32a = VEX.NDD.LZ.F2.0F38.W0 F6 /r */
30084 /* MULX r/m64, r64b, r64a = VEX.NDD.LZ.F2.0F38.W1 F6 /r */
30085 if (haveF2no66noF3(pfx) && 0==getVexL(pfx)/*LZ*/ && !haveREX(pfx)) {
30086 Int size = getRexW(pfx) ? 8 : 4;
30087 IRType ty = szToITy(size);
30088 IRTemp src1 = newTemp(ty);
30089 IRTemp src2 = newTemp(ty);
30090 IRTemp res = newTemp(size == 8 ? Ity_I128 : Ity_I64);
30091 UChar rm = getUChar(delta);
30092
30093 assign( src1, getIRegRDX(size) );
30094 if (epartIsReg(rm)) {
30095 assign( src2, getIRegE(size,pfx,rm) );
30096 DIP("mulx %s,%s,%s\n", nameIRegE(size,pfx,rm),
30097 nameIRegV(size,pfx), nameIRegG(size,pfx,rm));
30098 delta++;
30099 } else {
30100 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
30101 assign( src2, loadLE(ty, mkexpr(addr)) );
30102 DIP("mulx %s,%s,%s\n", dis_buf, nameIRegV(size,pfx),
30103 nameIRegG(size,pfx,rm));
30104 delta += alen;
30105 }
30106
30107 assign( res, binop(size == 8 ? Iop_MullU64 : Iop_MullU32,
30108 mkexpr(src1), mkexpr(src2)) );
30109 putIRegV( size, pfx,
30110 unop(size == 8 ? Iop_128to64 : Iop_64to32, mkexpr(res)) );
30111 putIRegG( size, pfx, rm,
30112 unop(size == 8 ? Iop_128HIto64 : Iop_64HIto32,
30113 mkexpr(res)) );
30114 *uses_vvvv = True;
30115 /* Flags aren't modified. */
30116 goto decode_success;
30117 }
30118 break;
30119
30120 case 0xF7:
30121 /* SARX r32b, r/m32, r32a = VEX.NDS.LZ.F3.0F38.W0 F7 /r */
30122 /* SARX r64b, r/m64, r64a = VEX.NDS.LZ.F3.0F38.W1 F7 /r */
30123 if (haveF3no66noF2(pfx) && 0==getVexL(pfx)/*LZ*/ && !haveREX(pfx)) {
30124 delta = dis_SHIFTX( uses_vvvv, vbi, pfx, delta, "sarx", Iop_Sar8 );
30125 goto decode_success;
30126 }
30127 /* SHLX r32b, r/m32, r32a = VEX.NDS.LZ.66.0F38.W0 F7 /r */
30128 /* SHLX r64b, r/m64, r64a = VEX.NDS.LZ.66.0F38.W1 F7 /r */
30129 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*LZ*/ && !haveREX(pfx)) {
30130 delta = dis_SHIFTX( uses_vvvv, vbi, pfx, delta, "shlx", Iop_Shl8 );
30131 goto decode_success;
30132 }
30133 /* SHRX r32b, r/m32, r32a = VEX.NDS.LZ.F2.0F38.W0 F7 /r */
30134 /* SHRX r64b, r/m64, r64a = VEX.NDS.LZ.F2.0F38.W1 F7 /r */
30135 if (haveF2no66noF3(pfx) && 0==getVexL(pfx)/*LZ*/ && !haveREX(pfx)) {
30136 delta = dis_SHIFTX( uses_vvvv, vbi, pfx, delta, "shrx", Iop_Shr8 );
30137 goto decode_success;
30138 }
30139 /* BEXTR r32b, r/m32, r32a = VEX.NDS.LZ.0F38.W0 F7 /r */
30140 /* BEXTR r64b, r/m64, r64a = VEX.NDS.LZ.0F38.W1 F7 /r */
30141 if (haveNo66noF2noF3(pfx) && 0==getVexL(pfx)/*LZ*/ && !haveREX(pfx)) {
30142 Int size = getRexW(pfx) ? 8 : 4;
30143 IRType ty = szToITy(size);
30144 IRTemp dst = newTemp(ty);
30145 IRTemp src1 = newTemp(ty);
30146 IRTemp src2 = newTemp(ty);
30147 IRTemp stle = newTemp(Ity_I16);
30148 IRTemp start = newTemp(Ity_I8);
30149 IRTemp len = newTemp(Ity_I8);
30150 UChar rm = getUChar(delta);
30151
30152 assign( src2, getIRegV(size,pfx) );
30153 if (epartIsReg(rm)) {
30154 assign( src1, getIRegE(size,pfx,rm) );
30155 DIP("bextr %s,%s,%s\n", nameIRegV(size,pfx),
30156 nameIRegE(size,pfx,rm), nameIRegG(size,pfx,rm));
30157 delta++;
30158 } else {
30159 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
30160 assign( src1, loadLE(ty, mkexpr(addr)) );
30161 DIP("bextr %s,%s,%s\n", nameIRegV(size,pfx), dis_buf,
30162 nameIRegG(size,pfx,rm));
30163 delta += alen;
30164 }
30165
30166 assign( stle, narrowTo( Ity_I16, mkexpr(src2) ) );
30167 assign( start, unop( Iop_16to8, mkexpr(stle) ) );
30168 assign( len, unop( Iop_16HIto8, mkexpr(stle) ) );
30169 /* if (start+len < opsize) {
30170 if (len != 0)
30171 dst = (src1 << (opsize-start-len)) u>> (opsize-len);
30172 else
30173 dst = 0;
30174 } else {
30175 if (start < opsize)
30176 dst = src1 u>> start;
30177 else
30178 dst = 0;
30179 } */
30180 assign( dst,
30181 IRExpr_ITE(
30182 binop(Iop_CmpLT32U,
30183 binop(Iop_Add32,
30184 unop(Iop_8Uto32, mkexpr(start)),
30185 unop(Iop_8Uto32, mkexpr(len))),
30186 mkU32(8*size)),
30187 IRExpr_ITE(
30188 binop(Iop_CmpEQ8, mkexpr(len), mkU8(0)),
30189 mkU(ty, 0),
30190 binop(mkSizedOp(ty,Iop_Shr8),
30191 binop(mkSizedOp(ty,Iop_Shl8), mkexpr(src1),
30192 binop(Iop_Sub8,
30193 binop(Iop_Sub8, mkU8(8*size),
30194 mkexpr(start)),
30195 mkexpr(len))),
30196 binop(Iop_Sub8, mkU8(8*size),
30197 mkexpr(len)))
30198 ),
30199 IRExpr_ITE(
30200 binop(Iop_CmpLT32U,
30201 unop(Iop_8Uto32, mkexpr(start)),
30202 mkU32(8*size)),
30203 binop(mkSizedOp(ty,Iop_Shr8), mkexpr(src1),
30204 mkexpr(start)),
30205 mkU(ty, 0)
30206 )
30207 )
30208 );
30209 putIRegG( size, pfx, rm, mkexpr(dst) );
30210 stmt( IRStmt_Put( OFFB_CC_OP, mkU64(size == 8
30211 ? AMD64G_CC_OP_ANDN64
30212 : AMD64G_CC_OP_ANDN32)) );
30213 stmt( IRStmt_Put( OFFB_CC_DEP1, widenUto64(mkexpr(dst))) );
30214 stmt( IRStmt_Put( OFFB_CC_DEP2, mkU64(0)) );
30215 *uses_vvvv = True;
30216 goto decode_success;
30217 }
30218 break;
30219
30220 default:
30221 break;
30222
30223 }
30224
30225 //decode_failure:
30226 return deltaIN;
30227
30228 decode_success:
30229 return delta;
30230 }
30231
30232 /* operand format:
30233 * [0] = dst
30234 * [n] = srcn
30235 */
30236 static Long decode_vregW(Int count, Long delta, UChar modrm, Prefix pfx,
30237 const VexAbiInfo* vbi, IRTemp *v, UInt *dst, Int swap)
30238 {
30239 v[0] = newTemp(Ity_V128);
30240 v[1] = newTemp(Ity_V128);
30241 v[2] = newTemp(Ity_V128);
30242 v[3] = newTemp(Ity_V128);
30243 IRTemp addr = IRTemp_INVALID;
30244 Int alen = 0;
30245 HChar dis_buf[50];
30246
30247 *dst = gregOfRexRM(pfx, modrm);
30248 assign( v[0], getXMMReg(*dst) );
30249
30250 if ( epartIsReg( modrm ) ) {
30251 UInt ereg = eregOfRexRM(pfx, modrm);
30252 assign(swap ? v[count-1] : v[count-2], getXMMReg(ereg) );
30253 DIS(dis_buf, "%s", nameXMMReg(ereg));
30254 } else {
30255 Bool extra_byte = (getUChar(delta - 3) & 0xF) != 9;
30256 addr = disAMode(&alen, vbi, pfx, delta, dis_buf, extra_byte);
30257 assign(swap ? v[count-1] : v[count-2], loadLE(Ity_V128, mkexpr(addr)));
30258 delta += alen - 1;
30259 }
30260
30261 UInt vvvv = getVexNvvvv(pfx);
30262 switch(count) {
30263 case 2:
30264 DIP( "%s,%s", nameXMMReg(*dst), dis_buf );
30265 break;
30266 case 3:
30267 assign( swap ? v[1] : v[2], getXMMReg(vvvv) );
30268 DIP( "%s,%s,%s", nameXMMReg(*dst), nameXMMReg(vvvv), dis_buf );
30269 break;
30270 case 4:
30271 {
30272 assign( v[1], getXMMReg(vvvv) );
30273 UInt src2 = getUChar(delta + 1) >> 4;
30274 assign( swap ? v[2] : v[3], getXMMReg(src2) );
30275 DIP( "%s,%s,%s,%s", nameXMMReg(*dst), nameXMMReg(vvvv),
30276 nameXMMReg(src2), dis_buf );
30277 }
30278 break;
30279 }
30280 return delta + 1;
30281 }
30282
30283 static Long dis_FMA4 (Prefix pfx, Long delta, UChar opc,
30284 Bool* uses_vvvv, const VexAbiInfo* vbi )
30285 {
30286 UInt dst;
30287 *uses_vvvv = True;
30288
30289 UChar modrm = getUChar(delta);
30290
30291 Bool zero_64F = False;
30292 Bool zero_96F = False;
30293 UInt is_F32 = ((opc & 0x01) == 0x00) ? 1 : 0;
30294 Bool neg = (opc & 0xF0) == 0x70;
30295 Bool alt = (opc & 0xF0) == 0x50;
30296 Bool sub = alt ? (opc & 0x0E) != 0x0E : (opc & 0x0C) == 0x0C;
30297
30298 IRTemp operand[4];
30299 switch(opc & 0xF) {
30300 case 0x0A: zero_96F = (opc >> 4) != 0x05; break;
30301 case 0x0B: zero_64F = (opc >> 4) != 0x05; break;
30302 case 0x0E: zero_96F = (opc >> 4) != 0x05; break;
30303 case 0x0F: zero_64F = (opc >> 4) != 0x05; break;
30304 default: break;
30305 }
30306 DIP("vfm%s", neg ? "n" : "");
30307 if(alt) DIP("%s", sub ? "add" : "sub");
30308 DIP("%s", sub ? "sub" : "add");
30309 DIP("%c ", (zero_64F || zero_96F) ? 's' : 'p');
30310 DIP("%c ", is_F32 ? 's' : 'd');
30311 delta = decode_vregW(4, delta, modrm, pfx, vbi, operand, &dst, getRexW(pfx));
30312 DIP("\n");
30313 IRExpr *src[3];
30314
30315 void (*putXMM[2])(UInt,Int,IRExpr*) = {&putXMMRegLane64F, &putXMMRegLane32F};
30316
30317 IROp size_op[] = {Iop_V128to64, Iop_V128HIto64, Iop_64to32, Iop_64HIto32};
30318 IROp neg_op[] = {Iop_NegF64, Iop_NegF32};
30319 int i, j;
30320 for(i = 0; i < is_F32 * 2 + 2; i++) {
30321 for(j = 0; j < 3; j++) {
30322 if(is_F32) {
30323 src[j] = unop(Iop_ReinterpI32asF32,
30324 unop(size_op[i%2+2],
30325 unop(size_op[i/2],
30326 mkexpr(operand[j + 1])
30327 )
30328 ));
30329 } else {
30330 src[j] = unop(Iop_ReinterpI64asF64,
30331 unop(size_op[i%2],
30332 mkexpr(operand[j + 1])
30333 ));
30334 }
30335 }
30336 putXMM[is_F32](dst, i, IRExpr_Qop(is_F32 ? Iop_MAddF32 : Iop_MAddF64,
30337 get_FAKE_roundingmode(),
30338 neg ? unop(neg_op[is_F32], src[0])
30339 : src[0],
30340 src[1],
30341 sub ? unop(neg_op[is_F32], src[2])
30342 : src[2]
30343 ));
30344 if(alt) {
30345 sub = !sub;
30346 }
30347 }
30348
30349 /* Zero out top bits of ymm/xmm register. */
30350 putYMMRegLane128( dst, 1, mkV128(0) );
30351
30352 if(zero_64F || zero_96F) {
30353 putXMMRegLane64( dst, 1, IRExpr_Const(IRConst_U64(0)));
30354 }
30355
30356 if(zero_96F) {
30357 putXMMRegLane32( dst, 1, IRExpr_Const(IRConst_U32(0)));
30358 }
30359
30360 return delta+1;
30361 }
30362
30363 /*------------------------------------------------------------*/
30364 /*--- ---*/
30365 /*--- Top-level post-escape decoders: dis_ESC_0F3A__VEX ---*/
30366 /*--- ---*/
30367 /*------------------------------------------------------------*/
30368
30369 static IRTemp math_VPERMILPS_128 ( IRTemp sV, UInt imm8 )
30370 {
30371 vassert(imm8 < 256);
30372 IRTemp s3, s2, s1, s0;
30373 s3 = s2 = s1 = s0 = IRTemp_INVALID;
30374 breakupV128to32s( sV, &s3, &s2, &s1, &s0 );
30375 # define SEL(_nn) (((_nn)==0) ? s0 : ((_nn)==1) ? s1 \
30376 : ((_nn)==2) ? s2 : s3)
30377 IRTemp res = newTemp(Ity_V128);
30378 assign(res, mkV128from32s( SEL((imm8 >> 6) & 3),
30379 SEL((imm8 >> 4) & 3),
30380 SEL((imm8 >> 2) & 3),
30381 SEL((imm8 >> 0) & 3) ));
30382 # undef SEL
30383 return res;
30384 }
30385
30386 __attribute__((noinline))
30387 static
30388 Long dis_ESC_0F3A__VEX (
30389 /*MB_OUT*/DisResult* dres,
30390 /*OUT*/ Bool* uses_vvvv,
30391 Bool (*resteerOkFn) ( /*opaque*/void*, Addr ),
30392 Bool resteerCisOk,
30393 void* callback_opaque,
30394 const VexArchInfo* archinfo,
30395 const VexAbiInfo* vbi,
30396 Prefix pfx, Int sz, Long deltaIN
30397 )
30398 {
30399 IRTemp addr = IRTemp_INVALID;
30400 Int alen = 0;
30401 HChar dis_buf[50];
30402 Long delta = deltaIN;
30403 UChar opc = getUChar(delta);
30404 delta++;
30405 *uses_vvvv = False;
30406
30407 switch (opc) {
30408
30409 case 0x00:
30410 case 0x01:
30411 /* VPERMQ imm8, ymm2/m256, ymm1 = VEX.256.66.0F3A.W1 00 /r ib */
30412 /* VPERMPD imm8, ymm2/m256, ymm1 = VEX.256.66.0F3A.W1 01 /r ib */
30413 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/
30414 && 1==getRexW(pfx)/*W1*/) {
30415 UChar modrm = getUChar(delta);
30416 UInt imm8 = 0;
30417 UInt rG = gregOfRexRM(pfx, modrm);
30418 IRTemp sV = newTemp(Ity_V256);
30419 const HChar *name = opc == 0 ? "vpermq" : "vpermpd";
30420 if (epartIsReg(modrm)) {
30421 UInt rE = eregOfRexRM(pfx, modrm);
30422 delta += 1;
30423 imm8 = getUChar(delta);
30424 DIP("%s $%u,%s,%s\n",
30425 name, imm8, nameYMMReg(rE), nameYMMReg(rG));
30426 assign(sV, getYMMReg(rE));
30427 } else {
30428 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
30429 delta += alen;
30430 imm8 = getUChar(delta);
30431 DIP("%s $%u,%s,%s\n",
30432 name, imm8, dis_buf, nameYMMReg(rG));
30433 assign(sV, loadLE(Ity_V256, mkexpr(addr)));
30434 }
30435 delta++;
30436 IRTemp s[4];
30437 s[3] = s[2] = s[1] = s[0] = IRTemp_INVALID;
30438 breakupV256to64s(sV, &s[3], &s[2], &s[1], &s[0]);
30439 IRTemp dV = newTemp(Ity_V256);
30440 assign(dV, IRExpr_Qop(Iop_64x4toV256,
30441 mkexpr(s[(imm8 >> 6) & 3]),
30442 mkexpr(s[(imm8 >> 4) & 3]),
30443 mkexpr(s[(imm8 >> 2) & 3]),
30444 mkexpr(s[(imm8 >> 0) & 3])));
30445 putYMMReg(rG, mkexpr(dV));
30446 goto decode_success;
30447 }
30448 break;
30449
30450 case 0x02:
30451 /* VPBLENDD imm8, xmm3/m128, xmm2, xmm1 = VEX.NDS.128.66.0F3A.W0 02 /r ib */
30452 if (have66noF2noF3(pfx)
30453 && 0==getVexL(pfx)/*128*/ && 0==getRexW(pfx)/*W0*/) {
30454 UChar modrm = getUChar(delta);
30455 UInt imm8 = 0;
30456 UInt rG = gregOfRexRM(pfx, modrm);
30457 UInt rV = getVexNvvvv(pfx);
30458 IRTemp sV = newTemp(Ity_V128);
30459 IRTemp dV = newTemp(Ity_V128);
30460 UInt i;
30461 IRTemp s[4], d[4];
30462 assign(sV, getXMMReg(rV));
30463 if (epartIsReg(modrm)) {
30464 UInt rE = eregOfRexRM(pfx, modrm);
30465 delta += 1;
30466 imm8 = getUChar(delta);
30467 DIP("vpblendd $%u,%s,%s,%s\n",
30468 imm8, nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
30469 assign(dV, getXMMReg(rE));
30470 } else {
30471 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
30472 delta += alen;
30473 imm8 = getUChar(delta);
30474 DIP("vpblendd $%u,%s,%s,%s\n",
30475 imm8, dis_buf, nameXMMReg(rV), nameXMMReg(rG));
30476 assign(dV, loadLE(Ity_V128, mkexpr(addr)));
30477 }
30478 delta++;
30479 for (i = 0; i < 4; i++) {
30480 s[i] = IRTemp_INVALID;
30481 d[i] = IRTemp_INVALID;
30482 }
30483 breakupV128to32s( sV, &s[3], &s[2], &s[1], &s[0] );
30484 breakupV128to32s( dV, &d[3], &d[2], &d[1], &d[0] );
30485 for (i = 0; i < 4; i++)
30486 putYMMRegLane32(rG, i, mkexpr((imm8 & (1<<i)) ? d[i] : s[i]));
30487 putYMMRegLane128(rG, 1, mkV128(0));
30488 *uses_vvvv = True;
30489 goto decode_success;
30490 }
30491 /* VPBLENDD imm8, ymm3/m256, ymm2, ymm1 = VEX.NDS.256.66.0F3A.W0 02 /r ib */
30492 if (have66noF2noF3(pfx)
30493 && 1==getVexL(pfx)/*256*/ && 0==getRexW(pfx)/*W0*/) {
30494 UChar modrm = getUChar(delta);
30495 UInt imm8 = 0;
30496 UInt rG = gregOfRexRM(pfx, modrm);
30497 UInt rV = getVexNvvvv(pfx);
30498 IRTemp sV = newTemp(Ity_V256);
30499 IRTemp dV = newTemp(Ity_V256);
30500 UInt i;
30501 IRTemp s[8], d[8];
30502 assign(sV, getYMMReg(rV));
30503 if (epartIsReg(modrm)) {
30504 UInt rE = eregOfRexRM(pfx, modrm);
30505 delta += 1;
30506 imm8 = getUChar(delta);
30507 DIP("vpblendd $%u,%s,%s,%s\n",
30508 imm8, nameYMMReg(rE), nameYMMReg(rV), nameYMMReg(rG));
30509 assign(dV, getYMMReg(rE));
30510 } else {
30511 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
30512 delta += alen;
30513 imm8 = getUChar(delta);
30514 DIP("vpblendd $%u,%s,%s,%s\n",
30515 imm8, dis_buf, nameYMMReg(rV), nameYMMReg(rG));
30516 assign(dV, loadLE(Ity_V256, mkexpr(addr)));
30517 }
30518 delta++;
30519 for (i = 0; i < 8; i++) {
30520 s[i] = IRTemp_INVALID;
30521 d[i] = IRTemp_INVALID;
30522 }
30523 breakupV256to32s( sV, &s[7], &s[6], &s[5], &s[4],
30524 &s[3], &s[2], &s[1], &s[0] );
30525 breakupV256to32s( dV, &d[7], &d[6], &d[5], &d[4],
30526 &d[3], &d[2], &d[1], &d[0] );
30527 for (i = 0; i < 8; i++)
30528 putYMMRegLane32(rG, i, mkexpr((imm8 & (1<<i)) ? d[i] : s[i]));
30529 *uses_vvvv = True;
30530 goto decode_success;
30531 }
30532 break;
30533
30534 case 0x04:
30535 /* VPERMILPS imm8, ymm2/m256, ymm1 = VEX.256.66.0F3A.WIG 04 /r ib */
30536 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
30537 UChar modrm = getUChar(delta);
30538 UInt imm8 = 0;
30539 UInt rG = gregOfRexRM(pfx, modrm);
30540 IRTemp sV = newTemp(Ity_V256);
30541 if (epartIsReg(modrm)) {
30542 UInt rE = eregOfRexRM(pfx, modrm);
30543 delta += 1;
30544 imm8 = getUChar(delta);
30545 DIP("vpermilps $%u,%s,%s\n",
30546 imm8, nameYMMReg(rE), nameYMMReg(rG));
30547 assign(sV, getYMMReg(rE));
30548 } else {
30549 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
30550 delta += alen;
30551 imm8 = getUChar(delta);
30552 DIP("vpermilps $%u,%s,%s\n",
30553 imm8, dis_buf, nameYMMReg(rG));
30554 assign(sV, loadLE(Ity_V256, mkexpr(addr)));
30555 }
30556 delta++;
30557 IRTemp sVhi = IRTemp_INVALID, sVlo = IRTemp_INVALID;
30558 breakupV256toV128s( sV, &sVhi, &sVlo );
30559 IRTemp dVhi = math_VPERMILPS_128( sVhi, imm8 );
30560 IRTemp dVlo = math_VPERMILPS_128( sVlo, imm8 );
30561 IRExpr* res = binop(Iop_V128HLtoV256, mkexpr(dVhi), mkexpr(dVlo));
30562 putYMMReg(rG, res);
30563 goto decode_success;
30564 }
30565 /* VPERMILPS imm8, xmm2/m128, xmm1 = VEX.128.66.0F3A.WIG 04 /r ib */
30566 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
30567 UChar modrm = getUChar(delta);
30568 UInt imm8 = 0;
30569 UInt rG = gregOfRexRM(pfx, modrm);
30570 IRTemp sV = newTemp(Ity_V128);
30571 if (epartIsReg(modrm)) {
30572 UInt rE = eregOfRexRM(pfx, modrm);
30573 delta += 1;
30574 imm8 = getUChar(delta);
30575 DIP("vpermilps $%u,%s,%s\n",
30576 imm8, nameXMMReg(rE), nameXMMReg(rG));
30577 assign(sV, getXMMReg(rE));
30578 } else {
30579 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
30580 delta += alen;
30581 imm8 = getUChar(delta);
30582 DIP("vpermilps $%u,%s,%s\n",
30583 imm8, dis_buf, nameXMMReg(rG));
30584 assign(sV, loadLE(Ity_V128, mkexpr(addr)));
30585 }
30586 delta++;
30587 putYMMRegLoAndZU(rG, mkexpr ( math_VPERMILPS_128 ( sV, imm8 ) ) );
30588 goto decode_success;
30589 }
30590 break;
30591
30592 case 0x05:
30593 /* VPERMILPD imm8, xmm2/m128, xmm1 = VEX.128.66.0F3A.WIG 05 /r ib */
30594 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
30595 UChar modrm = getUChar(delta);
30596 UInt imm8 = 0;
30597 UInt rG = gregOfRexRM(pfx, modrm);
30598 IRTemp sV = newTemp(Ity_V128);
30599 if (epartIsReg(modrm)) {
30600 UInt rE = eregOfRexRM(pfx, modrm);
30601 delta += 1;
30602 imm8 = getUChar(delta);
30603 DIP("vpermilpd $%u,%s,%s\n",
30604 imm8, nameXMMReg(rE), nameXMMReg(rG));
30605 assign(sV, getXMMReg(rE));
30606 } else {
30607 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
30608 delta += alen;
30609 imm8 = getUChar(delta);
30610 DIP("vpermilpd $%u,%s,%s\n",
30611 imm8, dis_buf, nameXMMReg(rG));
30612 assign(sV, loadLE(Ity_V128, mkexpr(addr)));
30613 }
30614 delta++;
30615 IRTemp s1 = newTemp(Ity_I64);
30616 IRTemp s0 = newTemp(Ity_I64);
30617 assign(s1, unop(Iop_V128HIto64, mkexpr(sV)));
30618 assign(s0, unop(Iop_V128to64, mkexpr(sV)));
30619 IRTemp dV = newTemp(Ity_V128);
30620 assign(dV, binop(Iop_64HLtoV128,
30621 mkexpr((imm8 & (1<<1)) ? s1 : s0),
30622 mkexpr((imm8 & (1<<0)) ? s1 : s0)));
30623 putYMMRegLoAndZU(rG, mkexpr(dV));
30624 goto decode_success;
30625 }
30626 /* VPERMILPD imm8, ymm2/m256, ymm1 = VEX.256.66.0F3A.WIG 05 /r ib */
30627 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
30628 UChar modrm = getUChar(delta);
30629 UInt imm8 = 0;
30630 UInt rG = gregOfRexRM(pfx, modrm);
30631 IRTemp sV = newTemp(Ity_V256);
30632 if (epartIsReg(modrm)) {
30633 UInt rE = eregOfRexRM(pfx, modrm);
30634 delta += 1;
30635 imm8 = getUChar(delta);
30636 DIP("vpermilpd $%u,%s,%s\n",
30637 imm8, nameYMMReg(rE), nameYMMReg(rG));
30638 assign(sV, getYMMReg(rE));
30639 } else {
30640 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
30641 delta += alen;
30642 imm8 = getUChar(delta);
30643 DIP("vpermilpd $%u,%s,%s\n",
30644 imm8, dis_buf, nameYMMReg(rG));
30645 assign(sV, loadLE(Ity_V256, mkexpr(addr)));
30646 }
30647 delta++;
30648 IRTemp s3, s2, s1, s0;
30649 s3 = s2 = s1 = s0 = IRTemp_INVALID;
30650 breakupV256to64s(sV, &s3, &s2, &s1, &s0);
30651 IRTemp dV = newTemp(Ity_V256);
30652 assign(dV, IRExpr_Qop(Iop_64x4toV256,
30653 mkexpr((imm8 & (1<<3)) ? s3 : s2),
30654 mkexpr((imm8 & (1<<2)) ? s3 : s2),
30655 mkexpr((imm8 & (1<<1)) ? s1 : s0),
30656 mkexpr((imm8 & (1<<0)) ? s1 : s0)));
30657 putYMMReg(rG, mkexpr(dV));
30658 goto decode_success;
30659 }
30660 break;
30661
30662 case 0x06:
30663 /* VPERM2F128 imm8, ymm3/m256, ymm2, ymm1 = VEX.NDS.66.0F3A.W0 06 /r ib */
30664 if (have66noF2noF3(pfx)
30665 && 1==getVexL(pfx)/*256*/ && 0==getRexW(pfx)/*W0*/) {
30666 UChar modrm = getUChar(delta);
30667 UInt imm8 = 0;
30668 UInt rG = gregOfRexRM(pfx, modrm);
30669 UInt rV = getVexNvvvv(pfx);
30670 IRTemp s00 = newTemp(Ity_V128);
30671 IRTemp s01 = newTemp(Ity_V128);
30672 IRTemp s10 = newTemp(Ity_V128);
30673 IRTemp s11 = newTemp(Ity_V128);
30674 assign(s00, getYMMRegLane128(rV, 0));
30675 assign(s01, getYMMRegLane128(rV, 1));
30676 if (epartIsReg(modrm)) {
30677 UInt rE = eregOfRexRM(pfx, modrm);
30678 delta += 1;
30679 imm8 = getUChar(delta);
30680 DIP("vperm2f128 $%u,%s,%s,%s\n",
30681 imm8, nameYMMReg(rE), nameYMMReg(rV), nameYMMReg(rG));
30682 assign(s10, getYMMRegLane128(rE, 0));
30683 assign(s11, getYMMRegLane128(rE, 1));
30684 } else {
30685 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
30686 delta += alen;
30687 imm8 = getUChar(delta);
30688 DIP("vperm2f128 $%u,%s,%s,%s\n",
30689 imm8, dis_buf, nameYMMReg(rV), nameYMMReg(rG));
30690 assign(s10, loadLE(Ity_V128, binop(Iop_Add64,
30691 mkexpr(addr), mkU64(0))));
30692 assign(s11, loadLE(Ity_V128, binop(Iop_Add64,
30693 mkexpr(addr), mkU64(16))));
30694 }
30695 delta++;
30696 # define SEL(_nn) (((_nn)==0) ? s00 : ((_nn)==1) ? s01 \
30697 : ((_nn)==2) ? s10 : s11)
30698 putYMMRegLane128(rG, 0, mkexpr(SEL((imm8 >> 0) & 3)));
30699 putYMMRegLane128(rG, 1, mkexpr(SEL((imm8 >> 4) & 3)));
30700 # undef SEL
30701 if (imm8 & (1<<3)) putYMMRegLane128(rG, 0, mkV128(0));
30702 if (imm8 & (1<<7)) putYMMRegLane128(rG, 1, mkV128(0));
30703 *uses_vvvv = True;
30704 goto decode_success;
30705 }
30706 break;
30707
30708 case 0x08:
30709 /* VROUNDPS imm8, xmm2/m128, xmm1 */
30710 /* VROUNDPS = VEX.NDS.128.66.0F3A.WIG 08 ib */
30711 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
30712 UChar modrm = getUChar(delta);
30713 UInt rG = gregOfRexRM(pfx, modrm);
30714 IRTemp src = newTemp(Ity_V128);
30715 IRTemp s0 = IRTemp_INVALID;
30716 IRTemp s1 = IRTemp_INVALID;
30717 IRTemp s2 = IRTemp_INVALID;
30718 IRTemp s3 = IRTemp_INVALID;
30719 IRTemp rm = newTemp(Ity_I32);
30720 Int imm = 0;
30721
30722 modrm = getUChar(delta);
30723
30724 if (epartIsReg(modrm)) {
30725 UInt rE = eregOfRexRM(pfx, modrm);
30726 assign( src, getXMMReg( rE ) );
30727 imm = getUChar(delta+1);
30728 if (imm & ~15) break;
30729 delta += 1+1;
30730 DIP( "vroundps $%d,%s,%s\n", imm, nameXMMReg(rE), nameXMMReg(rG) );
30731 } else {
30732 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
30733 assign( src, loadLE(Ity_V128, mkexpr(addr) ) );
30734 imm = getUChar(delta+alen);
30735 if (imm & ~15) break;
30736 delta += alen+1;
30737 DIP( "vroundps $%d,%s,%s\n", imm, dis_buf, nameXMMReg(rG) );
30738 }
30739
30740 /* (imm & 3) contains an Intel-encoded rounding mode. Because
30741 that encoding is the same as the encoding for IRRoundingMode,
30742 we can use that value directly in the IR as a rounding
30743 mode. */
30744 assign(rm, (imm & 4) ? get_sse_roundingmode() : mkU32(imm & 3));
30745
30746 breakupV128to32s( src, &s3, &s2, &s1, &s0 );
30747 putYMMRegLane128( rG, 1, mkV128(0) );
30748 # define CVT(s) binop(Iop_RoundF32toInt, mkexpr(rm), \
30749 unop(Iop_ReinterpI32asF32, mkexpr(s)))
30750 putYMMRegLane32F( rG, 3, CVT(s3) );
30751 putYMMRegLane32F( rG, 2, CVT(s2) );
30752 putYMMRegLane32F( rG, 1, CVT(s1) );
30753 putYMMRegLane32F( rG, 0, CVT(s0) );
30754 # undef CVT
30755 goto decode_success;
30756 }
30757 /* VROUNDPS imm8, ymm2/m256, ymm1 */
30758 /* VROUNDPS = VEX.NDS.256.66.0F3A.WIG 08 ib */
30759 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
30760 UChar modrm = getUChar(delta);
30761 UInt rG = gregOfRexRM(pfx, modrm);
30762 IRTemp src = newTemp(Ity_V256);
30763 IRTemp s0 = IRTemp_INVALID;
30764 IRTemp s1 = IRTemp_INVALID;
30765 IRTemp s2 = IRTemp_INVALID;
30766 IRTemp s3 = IRTemp_INVALID;
30767 IRTemp s4 = IRTemp_INVALID;
30768 IRTemp s5 = IRTemp_INVALID;
30769 IRTemp s6 = IRTemp_INVALID;
30770 IRTemp s7 = IRTemp_INVALID;
30771 IRTemp rm = newTemp(Ity_I32);
30772 Int imm = 0;
30773
30774 modrm = getUChar(delta);
30775
30776 if (epartIsReg(modrm)) {
30777 UInt rE = eregOfRexRM(pfx, modrm);
30778 assign( src, getYMMReg( rE ) );
30779 imm = getUChar(delta+1);
30780 if (imm & ~15) break;
30781 delta += 1+1;
30782 DIP( "vroundps $%d,%s,%s\n", imm, nameYMMReg(rE), nameYMMReg(rG) );
30783 } else {
30784 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
30785 assign( src, loadLE(Ity_V256, mkexpr(addr) ) );
30786 imm = getUChar(delta+alen);
30787 if (imm & ~15) break;
30788 delta += alen+1;
30789 DIP( "vroundps $%d,%s,%s\n", imm, dis_buf, nameYMMReg(rG) );
30790 }
30791
30792 /* (imm & 3) contains an Intel-encoded rounding mode. Because
30793 that encoding is the same as the encoding for IRRoundingMode,
30794 we can use that value directly in the IR as a rounding
30795 mode. */
30796 assign(rm, (imm & 4) ? get_sse_roundingmode() : mkU32(imm & 3));
30797
30798 breakupV256to32s( src, &s7, &s6, &s5, &s4, &s3, &s2, &s1, &s0 );
30799 # define CVT(s) binop(Iop_RoundF32toInt, mkexpr(rm), \
30800 unop(Iop_ReinterpI32asF32, mkexpr(s)))
30801 putYMMRegLane32F( rG, 7, CVT(s7) );
30802 putYMMRegLane32F( rG, 6, CVT(s6) );
30803 putYMMRegLane32F( rG, 5, CVT(s5) );
30804 putYMMRegLane32F( rG, 4, CVT(s4) );
30805 putYMMRegLane32F( rG, 3, CVT(s3) );
30806 putYMMRegLane32F( rG, 2, CVT(s2) );
30807 putYMMRegLane32F( rG, 1, CVT(s1) );
30808 putYMMRegLane32F( rG, 0, CVT(s0) );
30809 # undef CVT
30810 goto decode_success;
30811 }
30812
30813 case 0x09:
30814 /* VROUNDPD imm8, xmm2/m128, xmm1 */
30815 /* VROUNDPD = VEX.NDS.128.66.0F3A.WIG 09 ib */
30816 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
30817 UChar modrm = getUChar(delta);
30818 UInt rG = gregOfRexRM(pfx, modrm);
30819 IRTemp src = newTemp(Ity_V128);
30820 IRTemp s0 = IRTemp_INVALID;
30821 IRTemp s1 = IRTemp_INVALID;
30822 IRTemp rm = newTemp(Ity_I32);
30823 Int imm = 0;
30824
30825 modrm = getUChar(delta);
30826
30827 if (epartIsReg(modrm)) {
30828 UInt rE = eregOfRexRM(pfx, modrm);
30829 assign( src, getXMMReg( rE ) );
30830 imm = getUChar(delta+1);
30831 if (imm & ~15) break;
30832 delta += 1+1;
30833 DIP( "vroundpd $%d,%s,%s\n", imm, nameXMMReg(rE), nameXMMReg(rG) );
30834 } else {
30835 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
30836 assign( src, loadLE(Ity_V128, mkexpr(addr) ) );
30837 imm = getUChar(delta+alen);
30838 if (imm & ~15) break;
30839 delta += alen+1;
30840 DIP( "vroundpd $%d,%s,%s\n", imm, dis_buf, nameXMMReg(rG) );
30841 }
30842
30843 /* (imm & 3) contains an Intel-encoded rounding mode. Because
30844 that encoding is the same as the encoding for IRRoundingMode,
30845 we can use that value directly in the IR as a rounding
30846 mode. */
30847 assign(rm, (imm & 4) ? get_sse_roundingmode() : mkU32(imm & 3));
30848
30849 breakupV128to64s( src, &s1, &s0 );
30850 putYMMRegLane128( rG, 1, mkV128(0) );
30851 # define CVT(s) binop(Iop_RoundF64toInt, mkexpr(rm), \
30852 unop(Iop_ReinterpI64asF64, mkexpr(s)))
30853 putYMMRegLane64F( rG, 1, CVT(s1) );
30854 putYMMRegLane64F( rG, 0, CVT(s0) );
30855 # undef CVT
30856 goto decode_success;
30857 }
30858 /* VROUNDPD imm8, ymm2/m256, ymm1 */
30859 /* VROUNDPD = VEX.NDS.256.66.0F3A.WIG 09 ib */
30860 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
30861 UChar modrm = getUChar(delta);
30862 UInt rG = gregOfRexRM(pfx, modrm);
30863 IRTemp src = newTemp(Ity_V256);
30864 IRTemp s0 = IRTemp_INVALID;
30865 IRTemp s1 = IRTemp_INVALID;
30866 IRTemp s2 = IRTemp_INVALID;
30867 IRTemp s3 = IRTemp_INVALID;
30868 IRTemp rm = newTemp(Ity_I32);
30869 Int imm = 0;
30870
30871 modrm = getUChar(delta);
30872
30873 if (epartIsReg(modrm)) {
30874 UInt rE = eregOfRexRM(pfx, modrm);
30875 assign( src, getYMMReg( rE ) );
30876 imm = getUChar(delta+1);
30877 if (imm & ~15) break;
30878 delta += 1+1;
30879 DIP( "vroundpd $%d,%s,%s\n", imm, nameYMMReg(rE), nameYMMReg(rG) );
30880 } else {
30881 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
30882 assign( src, loadLE(Ity_V256, mkexpr(addr) ) );
30883 imm = getUChar(delta+alen);
30884 if (imm & ~15) break;
30885 delta += alen+1;
30886 DIP( "vroundps $%d,%s,%s\n", imm, dis_buf, nameYMMReg(rG) );
30887 }
30888
30889 /* (imm & 3) contains an Intel-encoded rounding mode. Because
30890 that encoding is the same as the encoding for IRRoundingMode,
30891 we can use that value directly in the IR as a rounding
30892 mode. */
30893 assign(rm, (imm & 4) ? get_sse_roundingmode() : mkU32(imm & 3));
30894
30895 breakupV256to64s( src, &s3, &s2, &s1, &s0 );
30896 # define CVT(s) binop(Iop_RoundF64toInt, mkexpr(rm), \
30897 unop(Iop_ReinterpI64asF64, mkexpr(s)))
30898 putYMMRegLane64F( rG, 3, CVT(s3) );
30899 putYMMRegLane64F( rG, 2, CVT(s2) );
30900 putYMMRegLane64F( rG, 1, CVT(s1) );
30901 putYMMRegLane64F( rG, 0, CVT(s0) );
30902 # undef CVT
30903 goto decode_success;
30904 }
30905
30906 case 0x0A:
30907 case 0x0B:
30908 /* VROUNDSS imm8, xmm3/m32, xmm2, xmm1 */
30909 /* VROUNDSS = VEX.NDS.128.66.0F3A.WIG 0A ib */
30910 /* VROUNDSD imm8, xmm3/m64, xmm2, xmm1 */
30911 /* VROUNDSD = VEX.NDS.128.66.0F3A.WIG 0B ib */
30912 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
30913 UChar modrm = getUChar(delta);
30914 UInt rG = gregOfRexRM(pfx, modrm);
30915 UInt rV = getVexNvvvv(pfx);
30916 Bool isD = opc == 0x0B;
30917 IRTemp src = newTemp(isD ? Ity_F64 : Ity_F32);
30918 IRTemp res = newTemp(isD ? Ity_F64 : Ity_F32);
30919 Int imm = 0;
30920
30921 if (epartIsReg(modrm)) {
30922 UInt rE = eregOfRexRM(pfx, modrm);
30923 assign( src,
30924 isD ? getXMMRegLane64F(rE, 0) : getXMMRegLane32F(rE, 0) );
30925 imm = getUChar(delta+1);
30926 if (imm & ~15) break;
30927 delta += 1+1;
30928 DIP( "vrounds%c $%d,%s,%s,%s\n",
30929 isD ? 'd' : 's',
30930 imm, nameXMMReg( rE ), nameXMMReg( rV ), nameXMMReg( rG ) );
30931 } else {
30932 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
30933 assign( src, loadLE( isD ? Ity_F64 : Ity_F32, mkexpr(addr) ));
30934 imm = getUChar(delta+alen);
30935 if (imm & ~15) break;
30936 delta += alen+1;
30937 DIP( "vrounds%c $%d,%s,%s,%s\n",
30938 isD ? 'd' : 's',
30939 imm, dis_buf, nameXMMReg( rV ), nameXMMReg( rG ) );
30940 }
30941
30942 /* (imm & 3) contains an Intel-encoded rounding mode. Because
30943 that encoding is the same as the encoding for IRRoundingMode,
30944 we can use that value directly in the IR as a rounding
30945 mode. */
30946 assign(res, binop(isD ? Iop_RoundF64toInt : Iop_RoundF32toInt,
30947 (imm & 4) ? get_sse_roundingmode()
30948 : mkU32(imm & 3),
30949 mkexpr(src)) );
30950
30951 if (isD)
30952 putXMMRegLane64F( rG, 0, mkexpr(res) );
30953 else {
30954 putXMMRegLane32F( rG, 0, mkexpr(res) );
30955 putXMMRegLane32F( rG, 1, getXMMRegLane32F( rV, 1 ) );
30956 }
30957 putXMMRegLane64F( rG, 1, getXMMRegLane64F( rV, 1 ) );
30958 putYMMRegLane128( rG, 1, mkV128(0) );
30959 *uses_vvvv = True;
30960 goto decode_success;
30961 }
30962 break;
30963
30964 case 0x0C:
30965 /* VBLENDPS imm8, ymm3/m256, ymm2, ymm1 */
30966 /* VBLENDPS = VEX.NDS.256.66.0F3A.WIG 0C /r ib */
30967 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
30968 UChar modrm = getUChar(delta);
30969 UInt imm8;
30970 UInt rG = gregOfRexRM(pfx, modrm);
30971 UInt rV = getVexNvvvv(pfx);
30972 IRTemp sV = newTemp(Ity_V256);
30973 IRTemp sE = newTemp(Ity_V256);
30974 assign ( sV, getYMMReg(rV) );
30975 if (epartIsReg(modrm)) {
30976 UInt rE = eregOfRexRM(pfx, modrm);
30977 delta += 1;
30978 imm8 = getUChar(delta);
30979 DIP("vblendps $%u,%s,%s,%s\n",
30980 imm8, nameYMMReg(rE), nameYMMReg(rV), nameYMMReg(rG));
30981 assign(sE, getYMMReg(rE));
30982 } else {
30983 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
30984 delta += alen;
30985 imm8 = getUChar(delta);
30986 DIP("vblendps $%u,%s,%s,%s\n",
30987 imm8, dis_buf, nameYMMReg(rV), nameYMMReg(rG));
30988 assign(sE, loadLE(Ity_V256, mkexpr(addr)));
30989 }
30990 delta++;
30991 putYMMReg( rG,
30992 mkexpr( math_BLENDPS_256( sE, sV, imm8) ) );
30993 *uses_vvvv = True;
30994 goto decode_success;
30995 }
30996 /* VBLENDPS imm8, xmm3/m128, xmm2, xmm1 */
30997 /* VBLENDPS = VEX.NDS.128.66.0F3A.WIG 0C /r ib */
30998 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
30999 UChar modrm = getUChar(delta);
31000 UInt imm8;
31001 UInt rG = gregOfRexRM(pfx, modrm);
31002 UInt rV = getVexNvvvv(pfx);
31003 IRTemp sV = newTemp(Ity_V128);
31004 IRTemp sE = newTemp(Ity_V128);
31005 assign ( sV, getXMMReg(rV) );
31006 if (epartIsReg(modrm)) {
31007 UInt rE = eregOfRexRM(pfx, modrm);
31008 delta += 1;
31009 imm8 = getUChar(delta);
31010 DIP("vblendps $%u,%s,%s,%s\n",
31011 imm8, nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
31012 assign(sE, getXMMReg(rE));
31013 } else {
31014 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31015 delta += alen;
31016 imm8 = getUChar(delta);
31017 DIP("vblendps $%u,%s,%s,%s\n",
31018 imm8, dis_buf, nameXMMReg(rV), nameXMMReg(rG));
31019 assign(sE, loadLE(Ity_V128, mkexpr(addr)));
31020 }
31021 delta++;
31022 putYMMRegLoAndZU( rG,
31023 mkexpr( math_BLENDPS_128( sE, sV, imm8) ) );
31024 *uses_vvvv = True;
31025 goto decode_success;
31026 }
31027 break;
31028
31029 case 0x0D:
31030 /* VBLENDPD imm8, ymm3/m256, ymm2, ymm1 */
31031 /* VBLENDPD = VEX.NDS.256.66.0F3A.WIG 0D /r ib */
31032 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
31033 UChar modrm = getUChar(delta);
31034 UInt imm8;
31035 UInt rG = gregOfRexRM(pfx, modrm);
31036 UInt rV = getVexNvvvv(pfx);
31037 IRTemp sV = newTemp(Ity_V256);
31038 IRTemp sE = newTemp(Ity_V256);
31039 assign ( sV, getYMMReg(rV) );
31040 if (epartIsReg(modrm)) {
31041 UInt rE = eregOfRexRM(pfx, modrm);
31042 delta += 1;
31043 imm8 = getUChar(delta);
31044 DIP("vblendpd $%u,%s,%s,%s\n",
31045 imm8, nameYMMReg(rE), nameYMMReg(rV), nameYMMReg(rG));
31046 assign(sE, getYMMReg(rE));
31047 } else {
31048 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31049 delta += alen;
31050 imm8 = getUChar(delta);
31051 DIP("vblendpd $%u,%s,%s,%s\n",
31052 imm8, dis_buf, nameYMMReg(rV), nameYMMReg(rG));
31053 assign(sE, loadLE(Ity_V256, mkexpr(addr)));
31054 }
31055 delta++;
31056 putYMMReg( rG,
31057 mkexpr( math_BLENDPD_256( sE, sV, imm8) ) );
31058 *uses_vvvv = True;
31059 goto decode_success;
31060 }
31061 /* VBLENDPD imm8, xmm3/m128, xmm2, xmm1 */
31062 /* VBLENDPD = VEX.NDS.128.66.0F3A.WIG 0D /r ib */
31063 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31064 UChar modrm = getUChar(delta);
31065 UInt imm8;
31066 UInt rG = gregOfRexRM(pfx, modrm);
31067 UInt rV = getVexNvvvv(pfx);
31068 IRTemp sV = newTemp(Ity_V128);
31069 IRTemp sE = newTemp(Ity_V128);
31070 assign ( sV, getXMMReg(rV) );
31071 if (epartIsReg(modrm)) {
31072 UInt rE = eregOfRexRM(pfx, modrm);
31073 delta += 1;
31074 imm8 = getUChar(delta);
31075 DIP("vblendpd $%u,%s,%s,%s\n",
31076 imm8, nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
31077 assign(sE, getXMMReg(rE));
31078 } else {
31079 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31080 delta += alen;
31081 imm8 = getUChar(delta);
31082 DIP("vblendpd $%u,%s,%s,%s\n",
31083 imm8, dis_buf, nameXMMReg(rV), nameXMMReg(rG));
31084 assign(sE, loadLE(Ity_V128, mkexpr(addr)));
31085 }
31086 delta++;
31087 putYMMRegLoAndZU( rG,
31088 mkexpr( math_BLENDPD_128( sE, sV, imm8) ) );
31089 *uses_vvvv = True;
31090 goto decode_success;
31091 }
31092 break;
31093
31094 case 0x0E:
31095 /* VPBLENDW imm8, xmm3/m128, xmm2, xmm1 */
31096 /* VPBLENDW = VEX.NDS.128.66.0F3A.WIG 0E /r ib */
31097 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31098 UChar modrm = getUChar(delta);
31099 UInt imm8;
31100 UInt rG = gregOfRexRM(pfx, modrm);
31101 UInt rV = getVexNvvvv(pfx);
31102 IRTemp sV = newTemp(Ity_V128);
31103 IRTemp sE = newTemp(Ity_V128);
31104 assign ( sV, getXMMReg(rV) );
31105 if (epartIsReg(modrm)) {
31106 UInt rE = eregOfRexRM(pfx, modrm);
31107 delta += 1;
31108 imm8 = getUChar(delta);
31109 DIP("vpblendw $%u,%s,%s,%s\n",
31110 imm8, nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG));
31111 assign(sE, getXMMReg(rE));
31112 } else {
31113 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31114 delta += alen;
31115 imm8 = getUChar(delta);
31116 DIP("vpblendw $%u,%s,%s,%s\n",
31117 imm8, dis_buf, nameXMMReg(rV), nameXMMReg(rG));
31118 assign(sE, loadLE(Ity_V128, mkexpr(addr)));
31119 }
31120 delta++;
31121 putYMMRegLoAndZU( rG,
31122 mkexpr( math_PBLENDW_128( sE, sV, imm8) ) );
31123 *uses_vvvv = True;
31124 goto decode_success;
31125 }
31126 /* VPBLENDW imm8, ymm3/m256, ymm2, ymm1 */
31127 /* VPBLENDW = VEX.NDS.256.66.0F3A.WIG 0E /r ib */
31128 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
31129 UChar modrm = getUChar(delta);
31130 UInt imm8;
31131 UInt rG = gregOfRexRM(pfx, modrm);
31132 UInt rV = getVexNvvvv(pfx);
31133 IRTemp sV = newTemp(Ity_V256);
31134 IRTemp sE = newTemp(Ity_V256);
31135 IRTemp sVhi, sVlo, sEhi, sElo;
31136 sVhi = sVlo = sEhi = sElo = IRTemp_INVALID;
31137 assign ( sV, getYMMReg(rV) );
31138 if (epartIsReg(modrm)) {
31139 UInt rE = eregOfRexRM(pfx, modrm);
31140 delta += 1;
31141 imm8 = getUChar(delta);
31142 DIP("vpblendw $%u,%s,%s,%s\n",
31143 imm8, nameYMMReg(rE), nameYMMReg(rV), nameYMMReg(rG));
31144 assign(sE, getYMMReg(rE));
31145 } else {
31146 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31147 delta += alen;
31148 imm8 = getUChar(delta);
31149 DIP("vpblendw $%u,%s,%s,%s\n",
31150 imm8, dis_buf, nameYMMReg(rV), nameYMMReg(rG));
31151 assign(sE, loadLE(Ity_V256, mkexpr(addr)));
31152 }
31153 delta++;
31154 breakupV256toV128s( sV, &sVhi, &sVlo );
31155 breakupV256toV128s( sE, &sEhi, &sElo );
31156 putYMMReg( rG, binop( Iop_V128HLtoV256,
31157 mkexpr( math_PBLENDW_128( sEhi, sVhi, imm8) ),
31158 mkexpr( math_PBLENDW_128( sElo, sVlo, imm8) ) ) );
31159 *uses_vvvv = True;
31160 goto decode_success;
31161 }
31162 break;
31163
31164 case 0x0F:
31165 /* VPALIGNR imm8, xmm3/m128, xmm2, xmm1 */
31166 /* VPALIGNR = VEX.NDS.128.66.0F3A.WIG 0F /r ib */
31167 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31168 UChar modrm = getUChar(delta);
31169 UInt rG = gregOfRexRM(pfx, modrm);
31170 UInt rV = getVexNvvvv(pfx);
31171 IRTemp sV = newTemp(Ity_V128);
31172 IRTemp dV = newTemp(Ity_V128);
31173 UInt imm8;
31174
31175 assign( dV, getXMMReg(rV) );
31176
31177 if ( epartIsReg( modrm ) ) {
31178 UInt rE = eregOfRexRM(pfx, modrm);
31179 assign( sV, getXMMReg(rE) );
31180 imm8 = getUChar(delta+1);
31181 delta += 1+1;
31182 DIP("vpalignr $%u,%s,%s,%s\n", imm8, nameXMMReg(rE),
31183 nameXMMReg(rV), nameXMMReg(rG));
31184 } else {
31185 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31186 assign( sV, loadLE(Ity_V128, mkexpr(addr)) );
31187 imm8 = getUChar(delta+alen);
31188 delta += alen+1;
31189 DIP("vpalignr $%u,%s,%s,%s\n", imm8, dis_buf,
31190 nameXMMReg(rV), nameXMMReg(rG));
31191 }
31192
31193 IRTemp res = math_PALIGNR_XMM( sV, dV, imm8 );
31194 putYMMRegLoAndZU( rG, mkexpr(res) );
31195 *uses_vvvv = True;
31196 goto decode_success;
31197 }
31198 /* VPALIGNR imm8, ymm3/m256, ymm2, ymm1 */
31199 /* VPALIGNR = VEX.NDS.256.66.0F3A.WIG 0F /r ib */
31200 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
31201 UChar modrm = getUChar(delta);
31202 UInt rG = gregOfRexRM(pfx, modrm);
31203 UInt rV = getVexNvvvv(pfx);
31204 IRTemp sV = newTemp(Ity_V256);
31205 IRTemp dV = newTemp(Ity_V256);
31206 IRTemp sHi, sLo, dHi, dLo;
31207 sHi = sLo = dHi = dLo = IRTemp_INVALID;
31208 UInt imm8;
31209
31210 assign( dV, getYMMReg(rV) );
31211
31212 if ( epartIsReg( modrm ) ) {
31213 UInt rE = eregOfRexRM(pfx, modrm);
31214 assign( sV, getYMMReg(rE) );
31215 imm8 = getUChar(delta+1);
31216 delta += 1+1;
31217 DIP("vpalignr $%u,%s,%s,%s\n", imm8, nameYMMReg(rE),
31218 nameYMMReg(rV), nameYMMReg(rG));
31219 } else {
31220 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31221 assign( sV, loadLE(Ity_V256, mkexpr(addr)) );
31222 imm8 = getUChar(delta+alen);
31223 delta += alen+1;
31224 DIP("vpalignr $%u,%s,%s,%s\n", imm8, dis_buf,
31225 nameYMMReg(rV), nameYMMReg(rG));
31226 }
31227
31228 breakupV256toV128s( dV, &dHi, &dLo );
31229 breakupV256toV128s( sV, &sHi, &sLo );
31230 putYMMReg( rG, binop( Iop_V128HLtoV256,
31231 mkexpr( math_PALIGNR_XMM( sHi, dHi, imm8 ) ),
31232 mkexpr( math_PALIGNR_XMM( sLo, dLo, imm8 ) ) )
31233 );
31234 *uses_vvvv = True;
31235 goto decode_success;
31236 }
31237 break;
31238
31239 case 0x14:
31240 /* VPEXTRB imm8, xmm2, reg/m8 = VEX.128.66.0F3A.W0 14 /r ib */
31241 if (have66noF2noF3(pfx)
31242 && 0==getVexL(pfx)/*128*/ && 0==getRexW(pfx)/*W0*/) {
31243 delta = dis_PEXTRB_128_GtoE( vbi, pfx, delta, False/*!isAvx*/ );
31244 goto decode_success;
31245 }
31246 break;
31247
31248 case 0x15:
31249 /* VPEXTRW imm8, reg/m16, xmm2 */
31250 /* VPEXTRW = VEX.128.66.0F3A.W0 15 /r ib */
31251 if (have66noF2noF3(pfx)
31252 && 0==getVexL(pfx)/*128*/ && 0==getRexW(pfx)/*W0*/) {
31253 delta = dis_PEXTRW( vbi, pfx, delta, True/*isAvx*/ );
31254 goto decode_success;
31255 }
31256 break;
31257
31258 case 0x16:
31259 /* VPEXTRD imm8, r32/m32, xmm2 */
31260 /* VPEXTRD = VEX.128.66.0F3A.W0 16 /r ib */
31261 if (have66noF2noF3(pfx)
31262 && 0==getVexL(pfx)/*128*/ && 0==getRexW(pfx)/*W0*/) {
31263 delta = dis_PEXTRD( vbi, pfx, delta, True/*isAvx*/ );
31264 goto decode_success;
31265 }
31266 /* VPEXTRQ = VEX.128.66.0F3A.W1 16 /r ib */
31267 if (have66noF2noF3(pfx)
31268 && 0==getVexL(pfx)/*128*/ && 1==getRexW(pfx)/*W1*/) {
31269 delta = dis_PEXTRQ( vbi, pfx, delta, True/*isAvx*/ );
31270 goto decode_success;
31271 }
31272 break;
31273
31274 case 0x17:
31275 /* VEXTRACTPS imm8, xmm1, r32/m32 = VEX.128.66.0F3A.WIG 17 /r ib */
31276 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31277 delta = dis_EXTRACTPS( vbi, pfx, delta, True/*isAvx*/ );
31278 goto decode_success;
31279 }
31280 break;
31281
31282 case 0x18:
31283 /* VINSERTF128 r/m, rV, rD
31284 ::: rD = insertinto(a lane in rV, 128 bits from r/m) */
31285 /* VINSERTF128 = VEX.NDS.256.66.0F3A.W0 18 /r ib */
31286 if (have66noF2noF3(pfx)
31287 && 1==getVexL(pfx)/*256*/ && 0==getRexW(pfx)/*W0*/) {
31288 UChar modrm = getUChar(delta);
31289 UInt ib = 0;
31290 UInt rG = gregOfRexRM(pfx, modrm);
31291 UInt rV = getVexNvvvv(pfx);
31292 IRTemp t128 = newTemp(Ity_V128);
31293 if (epartIsReg(modrm)) {
31294 UInt rE = eregOfRexRM(pfx, modrm);
31295 delta += 1;
31296 assign(t128, getXMMReg(rE));
31297 ib = getUChar(delta);
31298 DIP("vinsertf128 $%u,%s,%s,%s\n",
31299 ib, nameXMMReg(rE), nameYMMReg(rV), nameYMMReg(rG));
31300 } else {
31301 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31302 assign(t128, loadLE(Ity_V128, mkexpr(addr)));
31303 delta += alen;
31304 ib = getUChar(delta);
31305 DIP("vinsertf128 $%u,%s,%s,%s\n",
31306 ib, dis_buf, nameYMMReg(rV), nameYMMReg(rG));
31307 }
31308 delta++;
31309 putYMMRegLane128(rG, 0, getYMMRegLane128(rV, 0));
31310 putYMMRegLane128(rG, 1, getYMMRegLane128(rV, 1));
31311 putYMMRegLane128(rG, ib & 1, mkexpr(t128));
31312 *uses_vvvv = True;
31313 goto decode_success;
31314 }
31315 break;
31316
31317 case 0x19:
31318 /* VEXTRACTF128 $lane_no, rS, r/m
31319 ::: r/m:V128 = a lane of rS:V256 (RM format) */
31320 /* VEXTRACTF128 = VEX.256.66.0F3A.W0 19 /r ib */
31321 if (have66noF2noF3(pfx)
31322 && 1==getVexL(pfx)/*256*/ && 0==getRexW(pfx)/*W0*/) {
31323 UChar modrm = getUChar(delta);
31324 UInt ib = 0;
31325 UInt rS = gregOfRexRM(pfx, modrm);
31326 IRTemp t128 = newTemp(Ity_V128);
31327 if (epartIsReg(modrm)) {
31328 UInt rD = eregOfRexRM(pfx, modrm);
31329 delta += 1;
31330 ib = getUChar(delta);
31331 assign(t128, getYMMRegLane128(rS, ib & 1));
31332 putYMMRegLoAndZU(rD, mkexpr(t128));
31333 DIP("vextractf128 $%u,%s,%s\n",
31334 ib, nameXMMReg(rS), nameYMMReg(rD));
31335 } else {
31336 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31337 delta += alen;
31338 ib = getUChar(delta);
31339 assign(t128, getYMMRegLane128(rS, ib & 1));
31340 storeLE(mkexpr(addr), mkexpr(t128));
31341 DIP("vextractf128 $%u,%s,%s\n",
31342 ib, nameYMMReg(rS), dis_buf);
31343 }
31344 delta++;
31345 /* doesn't use vvvv */
31346 goto decode_success;
31347 }
31348 break;
31349
31350 case 0x20:
31351 /* VPINSRB r32/m8, xmm2, xmm1 = VEX.NDS.128.66.0F3A.W0 20 /r ib */
31352 if (have66noF2noF3(pfx)
31353 && 0==getVexL(pfx)/*128*/ && 0==getRexW(pfx)/*W0*/) {
31354 UChar modrm = getUChar(delta);
31355 UInt rG = gregOfRexRM(pfx, modrm);
31356 UInt rV = getVexNvvvv(pfx);
31357 Int imm8;
31358 IRTemp src_u8 = newTemp(Ity_I8);
31359
31360 if ( epartIsReg( modrm ) ) {
31361 UInt rE = eregOfRexRM(pfx,modrm);
31362 imm8 = (Int)(getUChar(delta+1) & 15);
31363 assign( src_u8, unop(Iop_32to8, getIReg32( rE )) );
31364 delta += 1+1;
31365 DIP( "vpinsrb $%d,%s,%s,%s\n",
31366 imm8, nameIReg32(rE), nameXMMReg(rV), nameXMMReg(rG) );
31367 } else {
31368 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31369 imm8 = (Int)(getUChar(delta+alen) & 15);
31370 assign( src_u8, loadLE( Ity_I8, mkexpr(addr) ) );
31371 delta += alen+1;
31372 DIP( "vpinsrb $%d,%s,%s,%s\n",
31373 imm8, dis_buf, nameXMMReg(rV), nameXMMReg(rG) );
31374 }
31375
31376 IRTemp src_vec = newTemp(Ity_V128);
31377 assign(src_vec, getXMMReg( rV ));
31378 IRTemp res_vec = math_PINSRB_128( src_vec, src_u8, imm8 );
31379 putYMMRegLoAndZU( rG, mkexpr(res_vec) );
31380 *uses_vvvv = True;
31381 goto decode_success;
31382 }
31383 break;
31384
31385 case 0x21:
31386 /* VINSERTPS imm8, xmm3/m32, xmm2, xmm1
31387 = VEX.NDS.128.66.0F3A.WIG 21 /r ib */
31388 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31389 UChar modrm = getUChar(delta);
31390 UInt rG = gregOfRexRM(pfx, modrm);
31391 UInt rV = getVexNvvvv(pfx);
31392 UInt imm8;
31393 IRTemp d2ins = newTemp(Ity_I32); /* comes from the E part */
31394 const IRTemp inval = IRTemp_INVALID;
31395
31396 if ( epartIsReg( modrm ) ) {
31397 UInt rE = eregOfRexRM(pfx, modrm);
31398 IRTemp vE = newTemp(Ity_V128);
31399 assign( vE, getXMMReg(rE) );
31400 IRTemp dsE[4] = { inval, inval, inval, inval };
31401 breakupV128to32s( vE, &dsE[3], &dsE[2], &dsE[1], &dsE[0] );
31402 imm8 = getUChar(delta+1);
31403 d2ins = dsE[(imm8 >> 6) & 3]; /* "imm8_count_s" */
31404 delta += 1+1;
31405 DIP( "insertps $%u, %s,%s\n",
31406 imm8, nameXMMReg(rE), nameXMMReg(rG) );
31407 } else {
31408 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31409 assign( d2ins, loadLE( Ity_I32, mkexpr(addr) ) );
31410 imm8 = getUChar(delta+alen);
31411 delta += alen+1;
31412 DIP( "insertps $%u, %s,%s\n",
31413 imm8, dis_buf, nameXMMReg(rG) );
31414 }
31415
31416 IRTemp vV = newTemp(Ity_V128);
31417 assign( vV, getXMMReg(rV) );
31418
31419 putYMMRegLoAndZU( rG, mkexpr(math_INSERTPS( vV, d2ins, imm8 )) );
31420 *uses_vvvv = True;
31421 goto decode_success;
31422 }
31423 break;
31424
31425 case 0x22:
31426 /* VPINSRD r32/m32, xmm2, xmm1 = VEX.NDS.128.66.0F3A.W0 22 /r ib */
31427 if (have66noF2noF3(pfx)
31428 && 0==getVexL(pfx)/*128*/ && 0==getRexW(pfx)/*W0*/) {
31429 UChar modrm = getUChar(delta);
31430 UInt rG = gregOfRexRM(pfx, modrm);
31431 UInt rV = getVexNvvvv(pfx);
31432 Int imm8_10;
31433 IRTemp src_u32 = newTemp(Ity_I32);
31434
31435 if ( epartIsReg( modrm ) ) {
31436 UInt rE = eregOfRexRM(pfx,modrm);
31437 imm8_10 = (Int)(getUChar(delta+1) & 3);
31438 assign( src_u32, getIReg32( rE ) );
31439 delta += 1+1;
31440 DIP( "vpinsrd $%d,%s,%s,%s\n",
31441 imm8_10, nameIReg32(rE), nameXMMReg(rV), nameXMMReg(rG) );
31442 } else {
31443 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31444 imm8_10 = (Int)(getUChar(delta+alen) & 3);
31445 assign( src_u32, loadLE( Ity_I32, mkexpr(addr) ) );
31446 delta += alen+1;
31447 DIP( "vpinsrd $%d,%s,%s,%s\n",
31448 imm8_10, dis_buf, nameXMMReg(rV), nameXMMReg(rG) );
31449 }
31450
31451 IRTemp src_vec = newTemp(Ity_V128);
31452 assign(src_vec, getXMMReg( rV ));
31453 IRTemp res_vec = math_PINSRD_128( src_vec, src_u32, imm8_10 );
31454 putYMMRegLoAndZU( rG, mkexpr(res_vec) );
31455 *uses_vvvv = True;
31456 goto decode_success;
31457 }
31458 /* VPINSRQ r64/m64, xmm2, xmm1 = VEX.NDS.128.66.0F3A.W1 22 /r ib */
31459 if (have66noF2noF3(pfx)
31460 && 0==getVexL(pfx)/*128*/ && 1==getRexW(pfx)/*W1*/) {
31461 UChar modrm = getUChar(delta);
31462 UInt rG = gregOfRexRM(pfx, modrm);
31463 UInt rV = getVexNvvvv(pfx);
31464 Int imm8_0;
31465 IRTemp src_u64 = newTemp(Ity_I64);
31466
31467 if ( epartIsReg( modrm ) ) {
31468 UInt rE = eregOfRexRM(pfx,modrm);
31469 imm8_0 = (Int)(getUChar(delta+1) & 1);
31470 assign( src_u64, getIReg64( rE ) );
31471 delta += 1+1;
31472 DIP( "vpinsrq $%d,%s,%s,%s\n",
31473 imm8_0, nameIReg64(rE), nameXMMReg(rV), nameXMMReg(rG) );
31474 } else {
31475 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31476 imm8_0 = (Int)(getUChar(delta+alen) & 1);
31477 assign( src_u64, loadLE( Ity_I64, mkexpr(addr) ) );
31478 delta += alen+1;
31479 DIP( "vpinsrd $%d,%s,%s,%s\n",
31480 imm8_0, dis_buf, nameXMMReg(rV), nameXMMReg(rG) );
31481 }
31482
31483 IRTemp src_vec = newTemp(Ity_V128);
31484 assign(src_vec, getXMMReg( rV ));
31485 IRTemp res_vec = math_PINSRQ_128( src_vec, src_u64, imm8_0 );
31486 putYMMRegLoAndZU( rG, mkexpr(res_vec) );
31487 *uses_vvvv = True;
31488 goto decode_success;
31489 }
31490 break;
31491
31492 case 0x38:
31493 /* VINSERTI128 r/m, rV, rD
31494 ::: rD = insertinto(a lane in rV, 128 bits from r/m) */
31495 /* VINSERTI128 = VEX.NDS.256.66.0F3A.W0 38 /r ib */
31496 if (have66noF2noF3(pfx)
31497 && 1==getVexL(pfx)/*256*/ && 0==getRexW(pfx)/*W0*/) {
31498 UChar modrm = getUChar(delta);
31499 UInt ib = 0;
31500 UInt rG = gregOfRexRM(pfx, modrm);
31501 UInt rV = getVexNvvvv(pfx);
31502 IRTemp t128 = newTemp(Ity_V128);
31503 if (epartIsReg(modrm)) {
31504 UInt rE = eregOfRexRM(pfx, modrm);
31505 delta += 1;
31506 assign(t128, getXMMReg(rE));
31507 ib = getUChar(delta);
31508 DIP("vinserti128 $%u,%s,%s,%s\n",
31509 ib, nameXMMReg(rE), nameYMMReg(rV), nameYMMReg(rG));
31510 } else {
31511 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31512 assign(t128, loadLE(Ity_V128, mkexpr(addr)));
31513 delta += alen;
31514 ib = getUChar(delta);
31515 DIP("vinserti128 $%u,%s,%s,%s\n",
31516 ib, dis_buf, nameYMMReg(rV), nameYMMReg(rG));
31517 }
31518 delta++;
31519 putYMMRegLane128(rG, 0, getYMMRegLane128(rV, 0));
31520 putYMMRegLane128(rG, 1, getYMMRegLane128(rV, 1));
31521 putYMMRegLane128(rG, ib & 1, mkexpr(t128));
31522 *uses_vvvv = True;
31523 goto decode_success;
31524 }
31525 break;
31526
31527 case 0x39:
31528 /* VEXTRACTI128 $lane_no, rS, r/m
31529 ::: r/m:V128 = a lane of rS:V256 (RM format) */
31530 /* VEXTRACTI128 = VEX.256.66.0F3A.W0 39 /r ib */
31531 if (have66noF2noF3(pfx)
31532 && 1==getVexL(pfx)/*256*/ && 0==getRexW(pfx)/*W0*/) {
31533 UChar modrm = getUChar(delta);
31534 UInt ib = 0;
31535 UInt rS = gregOfRexRM(pfx, modrm);
31536 IRTemp t128 = newTemp(Ity_V128);
31537 if (epartIsReg(modrm)) {
31538 UInt rD = eregOfRexRM(pfx, modrm);
31539 delta += 1;
31540 ib = getUChar(delta);
31541 assign(t128, getYMMRegLane128(rS, ib & 1));
31542 putYMMRegLoAndZU(rD, mkexpr(t128));
31543 DIP("vextracti128 $%u,%s,%s\n",
31544 ib, nameXMMReg(rS), nameYMMReg(rD));
31545 } else {
31546 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31547 delta += alen;
31548 ib = getUChar(delta);
31549 assign(t128, getYMMRegLane128(rS, ib & 1));
31550 storeLE(mkexpr(addr), mkexpr(t128));
31551 DIP("vextracti128 $%u,%s,%s\n",
31552 ib, nameYMMReg(rS), dis_buf);
31553 }
31554 delta++;
31555 /* doesn't use vvvv */
31556 goto decode_success;
31557 }
31558 break;
31559
31560 case 0x40:
31561 /* VDPPS imm8, xmm3/m128,xmm2,xmm1 = VEX.NDS.128.66.0F3A.WIG 40 /r ib */
31562 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31563 UChar modrm = getUChar(delta);
31564 UInt rG = gregOfRexRM(pfx, modrm);
31565 UInt rV = getVexNvvvv(pfx);
31566 IRTemp dst_vec = newTemp(Ity_V128);
31567 Int imm8;
31568 if (epartIsReg( modrm )) {
31569 UInt rE = eregOfRexRM(pfx,modrm);
31570 imm8 = (Int)getUChar(delta+1);
31571 assign( dst_vec, getXMMReg( rE ) );
31572 delta += 1+1;
31573 DIP( "vdpps $%d,%s,%s,%s\n",
31574 imm8, nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG) );
31575 } else {
31576 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31577 imm8 = (Int)getUChar(delta+alen);
31578 assign( dst_vec, loadLE( Ity_V128, mkexpr(addr) ) );
31579 delta += alen+1;
31580 DIP( "vdpps $%d,%s,%s,%s\n",
31581 imm8, dis_buf, nameXMMReg(rV), nameXMMReg(rG) );
31582 }
31583
31584 IRTemp src_vec = newTemp(Ity_V128);
31585 assign(src_vec, getXMMReg( rV ));
31586 IRTemp res_vec = math_DPPS_128( src_vec, dst_vec, imm8 );
31587 putYMMRegLoAndZU( rG, mkexpr(res_vec) );
31588 *uses_vvvv = True;
31589 goto decode_success;
31590 }
31591 /* VDPPS imm8, ymm3/m128,ymm2,ymm1 = VEX.NDS.256.66.0F3A.WIG 40 /r ib */
31592 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
31593 UChar modrm = getUChar(delta);
31594 UInt rG = gregOfRexRM(pfx, modrm);
31595 UInt rV = getVexNvvvv(pfx);
31596 IRTemp dst_vec = newTemp(Ity_V256);
31597 Int imm8;
31598 if (epartIsReg( modrm )) {
31599 UInt rE = eregOfRexRM(pfx,modrm);
31600 imm8 = (Int)getUChar(delta+1);
31601 assign( dst_vec, getYMMReg( rE ) );
31602 delta += 1+1;
31603 DIP( "vdpps $%d,%s,%s,%s\n",
31604 imm8, nameYMMReg(rE), nameYMMReg(rV), nameYMMReg(rG) );
31605 } else {
31606 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31607 imm8 = (Int)getUChar(delta+alen);
31608 assign( dst_vec, loadLE( Ity_V256, mkexpr(addr) ) );
31609 delta += alen+1;
31610 DIP( "vdpps $%d,%s,%s,%s\n",
31611 imm8, dis_buf, nameYMMReg(rV), nameYMMReg(rG) );
31612 }
31613
31614 IRTemp src_vec = newTemp(Ity_V256);
31615 assign(src_vec, getYMMReg( rV ));
31616 IRTemp s0, s1, d0, d1;
31617 s0 = s1 = d0 = d1 = IRTemp_INVALID;
31618 breakupV256toV128s( dst_vec, &d1, &d0 );
31619 breakupV256toV128s( src_vec, &s1, &s0 );
31620 putYMMReg( rG, binop( Iop_V128HLtoV256,
31621 mkexpr( math_DPPS_128(s1, d1, imm8) ),
31622 mkexpr( math_DPPS_128(s0, d0, imm8) ) ) );
31623 *uses_vvvv = True;
31624 goto decode_success;
31625 }
31626 break;
31627
31628 case 0x41:
31629 /* VDPPD imm8, xmm3/m128,xmm2,xmm1 = VEX.NDS.128.66.0F3A.WIG 41 /r ib */
31630 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31631 UChar modrm = getUChar(delta);
31632 UInt rG = gregOfRexRM(pfx, modrm);
31633 UInt rV = getVexNvvvv(pfx);
31634 IRTemp dst_vec = newTemp(Ity_V128);
31635 Int imm8;
31636 if (epartIsReg( modrm )) {
31637 UInt rE = eregOfRexRM(pfx,modrm);
31638 imm8 = (Int)getUChar(delta+1);
31639 assign( dst_vec, getXMMReg( rE ) );
31640 delta += 1+1;
31641 DIP( "vdppd $%d,%s,%s,%s\n",
31642 imm8, nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG) );
31643 } else {
31644 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31645 imm8 = (Int)getUChar(delta+alen);
31646 assign( dst_vec, loadLE( Ity_V128, mkexpr(addr) ) );
31647 delta += alen+1;
31648 DIP( "vdppd $%d,%s,%s,%s\n",
31649 imm8, dis_buf, nameXMMReg(rV), nameXMMReg(rG) );
31650 }
31651
31652 IRTemp src_vec = newTemp(Ity_V128);
31653 assign(src_vec, getXMMReg( rV ));
31654 IRTemp res_vec = math_DPPD_128( src_vec, dst_vec, imm8 );
31655 putYMMRegLoAndZU( rG, mkexpr(res_vec) );
31656 *uses_vvvv = True;
31657 goto decode_success;
31658 }
31659 break;
31660
31661 case 0x42:
31662 /* VMPSADBW imm8, xmm3/m128,xmm2,xmm1 */
31663 /* VMPSADBW = VEX.NDS.128.66.0F3A.WIG 42 /r ib */
31664 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31665 UChar modrm = getUChar(delta);
31666 Int imm8;
31667 IRTemp src_vec = newTemp(Ity_V128);
31668 IRTemp dst_vec = newTemp(Ity_V128);
31669 UInt rG = gregOfRexRM(pfx, modrm);
31670 UInt rV = getVexNvvvv(pfx);
31671
31672 assign( dst_vec, getXMMReg(rV) );
31673
31674 if ( epartIsReg( modrm ) ) {
31675 UInt rE = eregOfRexRM(pfx, modrm);
31676
31677 imm8 = (Int)getUChar(delta+1);
31678 assign( src_vec, getXMMReg(rE) );
31679 delta += 1+1;
31680 DIP( "vmpsadbw $%d, %s,%s,%s\n", imm8,
31681 nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG) );
31682 } else {
31683 addr = disAMode( &alen, vbi, pfx, delta, dis_buf,
31684 1/* imm8 is 1 byte after the amode */ );
31685 assign( src_vec, loadLE( Ity_V128, mkexpr(addr) ) );
31686 imm8 = (Int)getUChar(delta+alen);
31687 delta += alen+1;
31688 DIP( "vmpsadbw $%d, %s,%s,%s\n", imm8,
31689 dis_buf, nameXMMReg(rV), nameXMMReg(rG) );
31690 }
31691
31692 putYMMRegLoAndZU( rG, mkexpr( math_MPSADBW_128(dst_vec,
31693 src_vec, imm8) ) );
31694 *uses_vvvv = True;
31695 goto decode_success;
31696 }
31697 /* VMPSADBW imm8, ymm3/m256,ymm2,ymm1 */
31698 /* VMPSADBW = VEX.NDS.256.66.0F3A.WIG 42 /r ib */
31699 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
31700 UChar modrm = getUChar(delta);
31701 Int imm8;
31702 IRTemp src_vec = newTemp(Ity_V256);
31703 IRTemp dst_vec = newTemp(Ity_V256);
31704 UInt rG = gregOfRexRM(pfx, modrm);
31705 UInt rV = getVexNvvvv(pfx);
31706 IRTemp sHi, sLo, dHi, dLo;
31707 sHi = sLo = dHi = dLo = IRTemp_INVALID;
31708
31709 assign( dst_vec, getYMMReg(rV) );
31710
31711 if ( epartIsReg( modrm ) ) {
31712 UInt rE = eregOfRexRM(pfx, modrm);
31713
31714 imm8 = (Int)getUChar(delta+1);
31715 assign( src_vec, getYMMReg(rE) );
31716 delta += 1+1;
31717 DIP( "vmpsadbw $%d, %s,%s,%s\n", imm8,
31718 nameYMMReg(rE), nameYMMReg(rV), nameYMMReg(rG) );
31719 } else {
31720 addr = disAMode( &alen, vbi, pfx, delta, dis_buf,
31721 1/* imm8 is 1 byte after the amode */ );
31722 assign( src_vec, loadLE( Ity_V256, mkexpr(addr) ) );
31723 imm8 = (Int)getUChar(delta+alen);
31724 delta += alen+1;
31725 DIP( "vmpsadbw $%d, %s,%s,%s\n", imm8,
31726 dis_buf, nameYMMReg(rV), nameYMMReg(rG) );
31727 }
31728
31729 breakupV256toV128s( dst_vec, &dHi, &dLo );
31730 breakupV256toV128s( src_vec, &sHi, &sLo );
31731 putYMMReg( rG, binop( Iop_V128HLtoV256,
31732 mkexpr( math_MPSADBW_128(dHi, sHi, imm8 >> 3) ),
31733 mkexpr( math_MPSADBW_128(dLo, sLo, imm8) ) ) );
31734 *uses_vvvv = True;
31735 goto decode_success;
31736 }
31737 break;
31738
31739 case 0x44:
31740 /* VPCLMULQDQ imm8, xmm3/m128,xmm2,xmm1 */
31741 /* VPCLMULQDQ = VEX.NDS.128.66.0F3A.WIG 44 /r ib */
31742 /* 66 0F 3A 44 /r ib = PCLMULQDQ xmm1, xmm2/m128, imm8
31743 * Carry-less multiplication of selected XMM quadwords into XMM
31744 * registers (a.k.a multiplication of polynomials over GF(2))
31745 */
31746 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31747 UChar modrm = getUChar(delta);
31748 Int imm8;
31749 IRTemp sV = newTemp(Ity_V128);
31750 IRTemp dV = newTemp(Ity_V128);
31751 UInt rG = gregOfRexRM(pfx, modrm);
31752 UInt rV = getVexNvvvv(pfx);
31753
31754 assign( dV, getXMMReg(rV) );
31755
31756 if ( epartIsReg( modrm ) ) {
31757 UInt rE = eregOfRexRM(pfx, modrm);
31758 imm8 = (Int)getUChar(delta+1);
31759 assign( sV, getXMMReg(rE) );
31760 delta += 1+1;
31761 DIP( "vpclmulqdq $%d, %s,%s,%s\n", imm8,
31762 nameXMMReg(rE), nameXMMReg(rV), nameXMMReg(rG) );
31763 } else {
31764 addr = disAMode( &alen, vbi, pfx, delta, dis_buf,
31765 1/* imm8 is 1 byte after the amode */ );
31766 assign( sV, loadLE( Ity_V128, mkexpr(addr) ) );
31767 imm8 = (Int)getUChar(delta+alen);
31768 delta += alen+1;
31769 DIP( "vpclmulqdq $%d, %s,%s,%s\n",
31770 imm8, dis_buf, nameXMMReg(rV), nameXMMReg(rG) );
31771 }
31772
31773 putYMMRegLoAndZU( rG, mkexpr( math_PCLMULQDQ(dV, sV, imm8) ) );
31774 *uses_vvvv = True;
31775 goto decode_success;
31776 }
31777 break;
31778
31779 case 0x46:
31780 /* VPERM2I128 imm8, ymm3/m256, ymm2, ymm1 = VEX.NDS.66.0F3A.W0 46 /r ib */
31781 if (have66noF2noF3(pfx)
31782 && 1==getVexL(pfx)/*256*/ && 0==getRexW(pfx)/*W0*/) {
31783 UChar modrm = getUChar(delta);
31784 UInt imm8 = 0;
31785 UInt rG = gregOfRexRM(pfx, modrm);
31786 UInt rV = getVexNvvvv(pfx);
31787 IRTemp s00 = newTemp(Ity_V128);
31788 IRTemp s01 = newTemp(Ity_V128);
31789 IRTemp s10 = newTemp(Ity_V128);
31790 IRTemp s11 = newTemp(Ity_V128);
31791 assign(s00, getYMMRegLane128(rV, 0));
31792 assign(s01, getYMMRegLane128(rV, 1));
31793 if (epartIsReg(modrm)) {
31794 UInt rE = eregOfRexRM(pfx, modrm);
31795 delta += 1;
31796 imm8 = getUChar(delta);
31797 DIP("vperm2i128 $%u,%s,%s,%s\n",
31798 imm8, nameYMMReg(rE), nameYMMReg(rV), nameYMMReg(rG));
31799 assign(s10, getYMMRegLane128(rE, 0));
31800 assign(s11, getYMMRegLane128(rE, 1));
31801 } else {
31802 addr = disAMode( &alen, vbi, pfx, delta, dis_buf, 1 );
31803 delta += alen;
31804 imm8 = getUChar(delta);
31805 DIP("vperm2i128 $%u,%s,%s,%s\n",
31806 imm8, dis_buf, nameYMMReg(rV), nameYMMReg(rG));
31807 assign(s10, loadLE(Ity_V128, binop(Iop_Add64,
31808 mkexpr(addr), mkU64(0))));
31809 assign(s11, loadLE(Ity_V128, binop(Iop_Add64,
31810 mkexpr(addr), mkU64(16))));
31811 }
31812 delta++;
31813 # define SEL(_nn) (((_nn)==0) ? s00 : ((_nn)==1) ? s01 \
31814 : ((_nn)==2) ? s10 : s11)
31815 putYMMRegLane128(rG, 0, mkexpr(SEL((imm8 >> 0) & 3)));
31816 putYMMRegLane128(rG, 1, mkexpr(SEL((imm8 >> 4) & 3)));
31817 # undef SEL
31818 if (imm8 & (1<<3)) putYMMRegLane128(rG, 0, mkV128(0));
31819 if (imm8 & (1<<7)) putYMMRegLane128(rG, 1, mkV128(0));
31820 *uses_vvvv = True;
31821 goto decode_success;
31822 }
31823 break;
31824
31825 case 0x4A:
31826 /* VBLENDVPS xmmG, xmmE/memE, xmmV, xmmIS4
31827 ::: xmmG:V128 = PBLEND(xmmE, xmmV, xmmIS4) (RMVR) */
31828 /* VBLENDVPS = VEX.NDS.128.66.0F3A.WIG 4A /r /is4 */
31829 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31830 delta = dis_VBLENDV_128 ( vbi, pfx, delta,
31831 "vblendvps", 4, Iop_SarN32x4 );
31832 *uses_vvvv = True;
31833 goto decode_success;
31834 }
31835 /* VBLENDVPS ymmG, ymmE/memE, ymmV, ymmIS4
31836 ::: ymmG:V256 = PBLEND(ymmE, ymmV, ymmIS4) (RMVR) */
31837 /* VBLENDVPS = VEX.NDS.256.66.0F3A.WIG 4A /r /is4 */
31838 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
31839 delta = dis_VBLENDV_256 ( vbi, pfx, delta,
31840 "vblendvps", 4, Iop_SarN32x4 );
31841 *uses_vvvv = True;
31842 goto decode_success;
31843 }
31844 break;
31845
31846 case 0x4B:
31847 /* VBLENDVPD xmmG, xmmE/memE, xmmV, xmmIS4
31848 ::: xmmG:V128 = PBLEND(xmmE, xmmV, xmmIS4) (RMVR) */
31849 /* VBLENDVPD = VEX.NDS.128.66.0F3A.WIG 4B /r /is4 */
31850 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31851 delta = dis_VBLENDV_128 ( vbi, pfx, delta,
31852 "vblendvpd", 8, Iop_SarN64x2 );
31853 *uses_vvvv = True;
31854 goto decode_success;
31855 }
31856 /* VBLENDVPD ymmG, ymmE/memE, ymmV, ymmIS4
31857 ::: ymmG:V256 = PBLEND(ymmE, ymmV, ymmIS4) (RMVR) */
31858 /* VBLENDVPD = VEX.NDS.256.66.0F3A.WIG 4B /r /is4 */
31859 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
31860 delta = dis_VBLENDV_256 ( vbi, pfx, delta,
31861 "vblendvpd", 8, Iop_SarN64x2 );
31862 *uses_vvvv = True;
31863 goto decode_success;
31864 }
31865 break;
31866
31867 case 0x4C:
31868 /* VPBLENDVB xmmG, xmmE/memE, xmmV, xmmIS4
31869 ::: xmmG:V128 = PBLEND(xmmE, xmmV, xmmIS4) (RMVR) */
31870 /* VPBLENDVB = VEX.NDS.128.66.0F3A.WIG 4C /r /is4 */
31871 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31872 delta = dis_VBLENDV_128 ( vbi, pfx, delta,
31873 "vpblendvb", 1, Iop_SarN8x16 );
31874 *uses_vvvv = True;
31875 goto decode_success;
31876 }
31877 /* VPBLENDVB ymmG, ymmE/memE, ymmV, ymmIS4
31878 ::: ymmG:V256 = PBLEND(ymmE, ymmV, ymmIS4) (RMVR) */
31879 /* VPBLENDVB = VEX.NDS.256.66.0F3A.WIG 4C /r /is4 */
31880 if (have66noF2noF3(pfx) && 1==getVexL(pfx)/*256*/) {
31881 delta = dis_VBLENDV_256 ( vbi, pfx, delta,
31882 "vpblendvb", 1, Iop_SarN8x16 );
31883 *uses_vvvv = True;
31884 goto decode_success;
31885 }
31886 break;
31887
31888 case 0x60:
31889 case 0x61:
31890 case 0x62:
31891 case 0x63:
31892 /* VEX.128.66.0F3A.WIG 63 /r ib = VPCMPISTRI imm8, xmm2/m128, xmm1
31893 VEX.128.66.0F3A.WIG 62 /r ib = VPCMPISTRM imm8, xmm2/m128, xmm1
31894 VEX.128.66.0F3A.WIG 61 /r ib = VPCMPESTRI imm8, xmm2/m128, xmm1
31895 VEX.128.66.0F3A.WIG 60 /r ib = VPCMPESTRM imm8, xmm2/m128, xmm1
31896 (selected special cases that actually occur in glibc,
31897 not by any means a complete implementation.)
31898 */
31899 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31900 Long delta0 = delta;
31901 delta = dis_PCMPxSTRx( vbi, pfx, delta, True/*isAvx*/, opc );
31902 if (delta > delta0) goto decode_success;
31903 /* else fall though; dis_PCMPxSTRx failed to decode it */
31904 }
31905 break;
31906
31907 case 0x5C ... 0x5F:
31908 case 0x68 ... 0x6F:
31909 case 0x78 ... 0x7F:
31910 /* FIXME: list the instructions decoded here */
31911 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31912 Long delta0 = delta;
31913 delta = dis_FMA4( pfx, delta, opc, uses_vvvv, vbi );
31914 if (delta > delta0) {
31915 dres->hint = Dis_HintVerbose;
31916 goto decode_success;
31917 }
31918 /* else fall though; dis_FMA4 failed to decode it */
31919 }
31920 break;
31921
31922 case 0xDF:
31923 /* VAESKEYGENASSIST imm8, xmm2/m128, xmm1 = VEX.128.66.0F3A.WIG DF /r */
31924 if (have66noF2noF3(pfx) && 0==getVexL(pfx)/*128*/) {
31925 delta = dis_AESKEYGENASSIST( vbi, pfx, delta, True/*!isAvx*/ );
31926 goto decode_success;
31927 }
31928 break;
31929
31930 case 0xF0:
31931 /* RORX imm8, r/m32, r32a = VEX.LZ.F2.0F3A.W0 F0 /r /i */
31932 /* RORX imm8, r/m64, r64a = VEX.LZ.F2.0F3A.W1 F0 /r /i */
31933 if (haveF2no66noF3(pfx) && 0==getVexL(pfx)/*LZ*/ && !haveREX(pfx)) {
31934 Int size = getRexW(pfx) ? 8 : 4;
31935 IRType ty = szToITy(size);
31936 IRTemp src = newTemp(ty);
31937 UChar rm = getUChar(delta);
31938 UChar imm8;
31939
31940 if (epartIsReg(rm)) {
31941 imm8 = getUChar(delta+1);
31942 assign( src, getIRegE(size,pfx,rm) );
31943 DIP("rorx %d,%s,%s\n", imm8, nameIRegE(size,pfx,rm),
31944 nameIRegG(size,pfx,rm));
31945 delta += 2;
31946 } else {
31947 addr = disAMode ( &alen, vbi, pfx, delta, dis_buf, 0 );
31948 imm8 = getUChar(delta+alen);
31949 assign( src, loadLE(ty, mkexpr(addr)) );
31950 DIP("rorx %d,%s,%s\n", imm8, dis_buf, nameIRegG(size,pfx,rm));
31951 delta += alen + 1;
31952 }
31953 imm8 &= 8*size-1;
31954
31955 /* dst = (src >>u imm8) | (src << (size-imm8)) */
31956 putIRegG( size, pfx, rm,
31957 imm8 == 0 ? mkexpr(src)
31958 : binop( mkSizedOp(ty,Iop_Or8),
31959 binop( mkSizedOp(ty,Iop_Shr8), mkexpr(src),
31960 mkU8(imm8) ),
31961 binop( mkSizedOp(ty,Iop_Shl8), mkexpr(src),
31962 mkU8(8*size-imm8) ) ) );
31963 /* Flags aren't modified. */
31964 goto decode_success;
31965 }
31966 break;
31967
31968 default:
31969 break;
31970
31971 }
31972
31973 //decode_failure:
31974 return deltaIN;
31975
31976 decode_success:
31977 return delta;
31978 }
31979
31980
31981 /*------------------------------------------------------------*/
31982 /*--- ---*/
31983 /*--- Disassemble a single instruction ---*/
31984 /*--- ---*/
31985 /*------------------------------------------------------------*/
31986
31987 /* Disassemble a single instruction into IR. The instruction is
31988 located in host memory at &guest_code[delta]. */
31989
31990 static
31991 DisResult disInstr_AMD64_WRK (
31992 /*OUT*/Bool* expect_CAS,
31993 Bool (*resteerOkFn) ( /*opaque*/void*, Addr ),
31994 Bool resteerCisOk,
31995 void* callback_opaque,
31996 Long delta64,
31997 const VexArchInfo* archinfo,
31998 const VexAbiInfo* vbi,
31999 Bool sigill_diag
32000 )
32001 {
32002 IRTemp t1, t2;
32003 UChar pre;
32004 Int n, n_prefixes;
32005 DisResult dres;
32006
32007 /* The running delta */
32008 Long delta = delta64;
32009
32010 /* Holds eip at the start of the insn, so that we can print
32011 consistent error messages for unimplemented insns. */
32012 Long delta_start = delta;
32013
32014 /* sz denotes the nominal data-op size of the insn; we change it to
32015 2 if an 0x66 prefix is seen and 8 if REX.W is 1. In case of
32016 conflict REX.W takes precedence. */
32017 Int sz = 4;
32018
32019 /* pfx holds the summary of prefixes. */
32020 Prefix pfx = PFX_EMPTY;
32021
32022 /* Holds the computed opcode-escape indication. */
32023 Escape esc = ESC_NONE;
32024
32025 /* Set result defaults. */
32026 dres.whatNext = Dis_Continue;
32027 dres.len = 0;
32028 dres.continueAt = 0;
32029 dres.jk_StopHere = Ijk_INVALID;
32030 dres.hint = Dis_HintNone;
32031 *expect_CAS = False;
32032
32033 vassert(guest_RIP_next_assumed == 0);
32034 vassert(guest_RIP_next_mustcheck == False);
32035
32036 t1 = t2 = IRTemp_INVALID;
32037
32038 DIP("\t0x%llx: ", guest_RIP_bbstart+delta);
32039
32040 /* Spot "Special" instructions (see comment at top of file). */
32041 {
32042 const UChar* code = guest_code + delta;
32043 /* Spot the 16-byte preamble:
32044 48C1C703 rolq $3, %rdi
32045 48C1C70D rolq $13, %rdi
32046 48C1C73D rolq $61, %rdi
32047 48C1C733 rolq $51, %rdi
32048 */
32049 if (code[ 0] == 0x48 && code[ 1] == 0xC1 && code[ 2] == 0xC7
32050 && code[ 3] == 0x03 &&
32051 code[ 4] == 0x48 && code[ 5] == 0xC1 && code[ 6] == 0xC7
32052 && code[ 7] == 0x0D &&
32053 code[ 8] == 0x48 && code[ 9] == 0xC1 && code[10] == 0xC7
32054 && code[11] == 0x3D &&
32055 code[12] == 0x48 && code[13] == 0xC1 && code[14] == 0xC7
32056 && code[15] == 0x33) {
32057 /* Got a "Special" instruction preamble. Which one is it? */
32058 if (code[16] == 0x48 && code[17] == 0x87
32059 && code[18] == 0xDB /* xchgq %rbx,%rbx */) {
32060 /* %RDX = client_request ( %RAX ) */
32061 DIP("%%rdx = client_request ( %%rax )\n");
32062 delta += 19;
32063 jmp_lit(&dres, Ijk_ClientReq, guest_RIP_bbstart+delta);
32064 vassert(dres.whatNext == Dis_StopHere);
32065 goto decode_success;
32066 }
32067 else
32068 if (code[16] == 0x48 && code[17] == 0x87
32069 && code[18] == 0xC9 /* xchgq %rcx,%rcx */) {
32070 /* %RAX = guest_NRADDR */
32071 DIP("%%rax = guest_NRADDR\n");
32072 delta += 19;
32073 putIRegRAX(8, IRExpr_Get( OFFB_NRADDR, Ity_I64 ));
32074 goto decode_success;
32075 }
32076 else
32077 if (code[16] == 0x48 && code[17] == 0x87
32078 && code[18] == 0xD2 /* xchgq %rdx,%rdx */) {
32079 /* call-noredir *%RAX */
32080 DIP("call-noredir *%%rax\n");
32081 delta += 19;
32082 t1 = newTemp(Ity_I64);
32083 assign(t1, getIRegRAX(8));
32084 t2 = newTemp(Ity_I64);
32085 assign(t2, binop(Iop_Sub64, getIReg64(R_RSP), mkU64(8)));
32086 putIReg64(R_RSP, mkexpr(t2));
32087 storeLE( mkexpr(t2), mkU64(guest_RIP_bbstart+delta));
32088 jmp_treg(&dres, Ijk_NoRedir, t1);
32089 vassert(dres.whatNext == Dis_StopHere);
32090 goto decode_success;
32091 }
32092 else
32093 if (code[16] == 0x48 && code[17] == 0x87
32094 && code[18] == 0xff /* xchgq %rdi,%rdi */) {
32095 /* IR injection */
32096 DIP("IR injection\n");
32097 vex_inject_ir(irsb, Iend_LE);
32098
32099 // Invalidate the current insn. The reason is that the IRop we're
32100 // injecting here can change. In which case the translation has to
32101 // be redone. For ease of handling, we simply invalidate all the
32102 // time.
32103 stmt(IRStmt_Put(OFFB_CMSTART, mkU64(guest_RIP_curr_instr)));
32104 stmt(IRStmt_Put(OFFB_CMLEN, mkU64(19)));
32105
32106 delta += 19;
32107
32108 stmt( IRStmt_Put( OFFB_RIP, mkU64(guest_RIP_bbstart + delta) ) );
32109 dres.whatNext = Dis_StopHere;
32110 dres.jk_StopHere = Ijk_InvalICache;
32111 goto decode_success;
32112 }
32113 /* We don't know what it is. */
32114 goto decode_failure;
32115 /*NOTREACHED*/
32116 }
32117 }
32118
32119 /* Eat prefixes, summarising the result in pfx and sz, and rejecting
32120 as many invalid combinations as possible. */
32121 n_prefixes = 0;
32122 while (True) {
32123 if (n_prefixes > 7) goto decode_failure;
32124 pre = getUChar(delta);
32125 switch (pre) {
32126 case 0x66: pfx |= PFX_66; break;
32127 case 0x67: pfx |= PFX_ASO; break;
32128 case 0xF2: pfx |= PFX_F2; break;
32129 case 0xF3: pfx |= PFX_F3; break;
32130 case 0xF0: pfx |= PFX_LOCK; *expect_CAS = True; break;
32131 case 0x2E: pfx |= PFX_CS; break;
32132 case 0x3E: pfx |= PFX_DS; break;
32133 case 0x26: pfx |= PFX_ES; break;
32134 case 0x64: pfx |= PFX_FS; break;
32135 case 0x65: pfx |= PFX_GS; break;
32136 case 0x36: pfx |= PFX_SS; break;
32137 case 0x40 ... 0x4F:
32138 pfx |= PFX_REX;
32139 if (pre & (1<<3)) pfx |= PFX_REXW;
32140 if (pre & (1<<2)) pfx |= PFX_REXR;
32141 if (pre & (1<<1)) pfx |= PFX_REXX;
32142 if (pre & (1<<0)) pfx |= PFX_REXB;
32143 break;
32144 default:
32145 goto not_a_legacy_prefix;
32146 }
32147 n_prefixes++;
32148 delta++;
32149 }
32150
32151 not_a_legacy_prefix:
32152 /* We've used up all the non-VEX prefixes. Parse and validate a
32153 VEX prefix if that's appropriate. */
32154 if (archinfo->hwcaps & VEX_HWCAPS_AMD64_AVX) {
32155 /* Used temporarily for holding VEX prefixes. */
32156 UChar vex0 = getUChar(delta);
32157 if (vex0 == 0xC4) {
32158 /* 3-byte VEX */
32159 UChar vex1 = getUChar(delta+1);
32160 UChar vex2 = getUChar(delta+2);
32161 delta += 3;
32162 pfx |= PFX_VEX;
32163 /* Snarf contents of byte 1 */
32164 /* R */ pfx |= (vex1 & (1<<7)) ? 0 : PFX_REXR;
32165 /* X */ pfx |= (vex1 & (1<<6)) ? 0 : PFX_REXX;
32166 /* B */ pfx |= (vex1 & (1<<5)) ? 0 : PFX_REXB;
32167 /* m-mmmm */
32168 switch (vex1 & 0x1F) {
32169 case 1: esc = ESC_0F; break;
32170 case 2: esc = ESC_0F38; break;
32171 case 3: esc = ESC_0F3A; break;
32172 /* Any other m-mmmm field will #UD */
32173 default: goto decode_failure;
32174 }
32175 /* Snarf contents of byte 2 */
32176 /* W */ pfx |= (vex2 & (1<<7)) ? PFX_REXW : 0;
32177 /* ~v3 */ pfx |= (vex2 & (1<<6)) ? 0 : PFX_VEXnV3;
32178 /* ~v2 */ pfx |= (vex2 & (1<<5)) ? 0 : PFX_VEXnV2;
32179 /* ~v1 */ pfx |= (vex2 & (1<<4)) ? 0 : PFX_VEXnV1;
32180 /* ~v0 */ pfx |= (vex2 & (1<<3)) ? 0 : PFX_VEXnV0;
32181 /* L */ pfx |= (vex2 & (1<<2)) ? PFX_VEXL : 0;
32182 /* pp */
32183 switch (vex2 & 3) {
32184 case 0: break;
32185 case 1: pfx |= PFX_66; break;
32186 case 2: pfx |= PFX_F3; break;
32187 case 3: pfx |= PFX_F2; break;
32188 default: vassert(0);
32189 }
32190 }
32191 else if (vex0 == 0xC5) {
32192 /* 2-byte VEX */
32193 UChar vex1 = getUChar(delta+1);
32194 delta += 2;
32195 pfx |= PFX_VEX;
32196 /* Snarf contents of byte 1 */
32197 /* R */ pfx |= (vex1 & (1<<7)) ? 0 : PFX_REXR;
32198 /* ~v3 */ pfx |= (vex1 & (1<<6)) ? 0 : PFX_VEXnV3;
32199 /* ~v2 */ pfx |= (vex1 & (1<<5)) ? 0 : PFX_VEXnV2;
32200 /* ~v1 */ pfx |= (vex1 & (1<<4)) ? 0 : PFX_VEXnV1;
32201 /* ~v0 */ pfx |= (vex1 & (1<<3)) ? 0 : PFX_VEXnV0;
32202 /* L */ pfx |= (vex1 & (1<<2)) ? PFX_VEXL : 0;
32203 /* pp */
32204 switch (vex1 & 3) {
32205 case 0: break;
32206 case 1: pfx |= PFX_66; break;
32207 case 2: pfx |= PFX_F3; break;
32208 case 3: pfx |= PFX_F2; break;
32209 default: vassert(0);
32210 }
32211 /* implied: */
32212 esc = ESC_0F;
32213 }
32214 /* Can't have both VEX and REX */
32215 if ((pfx & PFX_VEX) && (pfx & PFX_REX))
32216 goto decode_failure; /* can't have both */
32217 }
32218
32219 /* Dump invalid combinations */
32220 n = 0;
32221 if (pfx & PFX_F2) n++;
32222 if (pfx & PFX_F3) n++;
32223 if (n > 1)
32224 goto decode_failure; /* can't have both */
32225
32226 n = 0;
32227 if (pfx & PFX_CS) n++;
32228 if (pfx & PFX_DS) n++;
32229 if (pfx & PFX_ES) n++;
32230 if (pfx & PFX_FS) n++;
32231 if (pfx & PFX_GS) n++;
32232 if (pfx & PFX_SS) n++;
32233 if (n > 1)
32234 goto decode_failure; /* multiple seg overrides == illegal */
32235
32236 /* We have a %fs prefix. Reject it if there's no evidence in 'vbi'
32237 that we should accept it. */
32238 if ((pfx & PFX_FS) && !vbi->guest_amd64_assume_fs_is_const)
32239 goto decode_failure;
32240
32241 /* Ditto for %gs prefixes. */
32242 if ((pfx & PFX_GS) && !vbi->guest_amd64_assume_gs_is_const)
32243 goto decode_failure;
32244
32245 /* Set up sz. */
32246 sz = 4;
32247 if (pfx & PFX_66) sz = 2;
32248 if ((pfx & PFX_REX) && (pfx & PFX_REXW)) sz = 8;
32249
32250 /* Now we should be looking at the primary opcode byte or the
32251 leading escapes. Check that any LOCK prefix is actually
32252 allowed. */
32253 if (haveLOCK(pfx)) {
32254 if (can_be_used_with_LOCK_prefix( &guest_code[delta] )) {
32255 DIP("lock ");
32256 } else {
32257 *expect_CAS = False;
32258 goto decode_failure;
32259 }
32260 }
32261
32262 /* Eat up opcode escape bytes, until we're really looking at the
32263 primary opcode byte. But only if there's no VEX present. */
32264 if (!(pfx & PFX_VEX)) {
32265 vassert(esc == ESC_NONE);
32266 pre = getUChar(delta);
32267 if (pre == 0x0F) {
32268 delta++;
32269 pre = getUChar(delta);
32270 switch (pre) {
32271 case 0x38: esc = ESC_0F38; delta++; break;
32272 case 0x3A: esc = ESC_0F3A; delta++; break;
32273 default: esc = ESC_0F; break;
32274 }
32275 }
32276 }
32277
32278 /* So now we're really really looking at the primary opcode
32279 byte. */
32280 Long delta_at_primary_opcode = delta;
32281
32282 if (!(pfx & PFX_VEX)) {
32283 /* Handle non-VEX prefixed instructions. "Legacy" (non-VEX) SSE
32284 instructions preserve the upper 128 bits of YMM registers;
32285 iow we can simply ignore the presence of the upper halves of
32286 these registers. */
32287 switch (esc) {
32288 case ESC_NONE:
32289 delta = dis_ESC_NONE( &dres, expect_CAS,
32290 resteerOkFn, resteerCisOk, callback_opaque,
32291 archinfo, vbi, pfx, sz, delta );
32292 break;
32293 case ESC_0F:
32294 delta = dis_ESC_0F ( &dres, expect_CAS,
32295 resteerOkFn, resteerCisOk, callback_opaque,
32296 archinfo, vbi, pfx, sz, delta );
32297 break;
32298 case ESC_0F38:
32299 delta = dis_ESC_0F38( &dres,
32300 resteerOkFn, resteerCisOk, callback_opaque,
32301 archinfo, vbi, pfx, sz, delta );
32302 break;
32303 case ESC_0F3A:
32304 delta = dis_ESC_0F3A( &dres,
32305 resteerOkFn, resteerCisOk, callback_opaque,
32306 archinfo, vbi, pfx, sz, delta );
32307 break;
32308 default:
32309 vassert(0);
32310 }
32311 } else {
32312 /* VEX prefixed instruction */
32313 /* Sloppy Intel wording: "An instruction encoded with a VEX.128
32314 prefix that loads a YMM register operand ..." zeroes out bits
32315 128 and above of the register. */
32316 Bool uses_vvvv = False;
32317 switch (esc) {
32318 case ESC_0F:
32319 delta = dis_ESC_0F__VEX ( &dres, &uses_vvvv,
32320 resteerOkFn, resteerCisOk,
32321 callback_opaque,
32322 archinfo, vbi, pfx, sz, delta );
32323 break;
32324 case ESC_0F38:
32325 delta = dis_ESC_0F38__VEX ( &dres, &uses_vvvv,
32326 resteerOkFn, resteerCisOk,
32327 callback_opaque,
32328 archinfo, vbi, pfx, sz, delta );
32329 break;
32330 case ESC_0F3A:
32331 delta = dis_ESC_0F3A__VEX ( &dres, &uses_vvvv,
32332 resteerOkFn, resteerCisOk,
32333 callback_opaque,
32334 archinfo, vbi, pfx, sz, delta );
32335 break;
32336 case ESC_NONE:
32337 /* The presence of a VEX prefix, by Intel definition,
32338 always implies at least an 0F escape. */
32339 goto decode_failure;
32340 default:
32341 vassert(0);
32342 }
32343 /* If the insn doesn't use VEX.vvvv then it must be all ones.
32344 Check this. */
32345 if (!uses_vvvv) {
32346 if (getVexNvvvv(pfx) != 0)
32347 goto decode_failure;
32348 }
32349 }
32350
32351 vassert(delta - delta_at_primary_opcode >= 0);
32352 vassert(delta - delta_at_primary_opcode < 16/*let's say*/);
32353
32354 /* Use delta == delta_at_primary_opcode to denote decode failure.
32355 This implies that any successful decode must use at least one
32356 byte up. */
32357 if (delta == delta_at_primary_opcode)
32358 goto decode_failure;
32359 else
32360 goto decode_success; /* \o/ */
32361
32362
32363 decode_failure:
32364 /* All decode failures end up here. */
32365 if (sigill_diag) {
32366 vex_printf("vex amd64->IR: unhandled instruction bytes: "
32367 "0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x 0x%x\n",
32368 getUChar(delta_start+0),
32369 getUChar(delta_start+1),
32370 getUChar(delta_start+2),
32371 getUChar(delta_start+3),
32372 getUChar(delta_start+4),
32373 getUChar(delta_start+5),
32374 getUChar(delta_start+6),
32375 getUChar(delta_start+7),
32376 getUChar(delta_start+8),
32377 getUChar(delta_start+9) );
32378 vex_printf("vex amd64->IR: REX=%d REX.W=%d REX.R=%d REX.X=%d REX.B=%d\n",
32379 haveREX(pfx) ? 1 : 0, getRexW(pfx), getRexR(pfx),
32380 getRexX(pfx), getRexB(pfx));
32381 vex_printf("vex amd64->IR: VEX=%d VEX.L=%d VEX.nVVVV=0x%x ESC=%s\n",
32382 haveVEX(pfx) ? 1 : 0, getVexL(pfx),
32383 getVexNvvvv(pfx),
32384 esc==ESC_NONE ? "NONE" :
32385 esc==ESC_0F ? "0F" :
32386 esc==ESC_0F38 ? "0F38" :
32387 esc==ESC_0F3A ? "0F3A" : "???");
32388 vex_printf("vex amd64->IR: PFX.66=%d PFX.F2=%d PFX.F3=%d\n",
32389 have66(pfx) ? 1 : 0, haveF2(pfx) ? 1 : 0,
32390 haveF3(pfx) ? 1 : 0);
32391 }
32392
32393 /* Tell the dispatcher that this insn cannot be decoded, and so has
32394 not been executed, and (is currently) the next to be executed.
32395 RIP should be up-to-date since it made so at the start of each
32396 insn, but nevertheless be paranoid and update it again right
32397 now. */
32398 stmt( IRStmt_Put( OFFB_RIP, mkU64(guest_RIP_curr_instr) ) );
32399 jmp_lit(&dres, Ijk_NoDecode, guest_RIP_curr_instr);
32400 vassert(dres.whatNext == Dis_StopHere);
32401 dres.len = 0;
32402 /* We also need to say that a CAS is not expected now, regardless
32403 of what it might have been set to at the start of the function,
32404 since the IR that we've emitted just above (to synthesis a
32405 SIGILL) does not involve any CAS, and presumably no other IR has
32406 been emitted for this (non-decoded) insn. */
32407 *expect_CAS = False;
32408 return dres;
32409
32410
32411 decode_success:
32412 /* All decode successes end up here. */
32413 switch (dres.whatNext) {
32414 case Dis_Continue:
32415 stmt( IRStmt_Put( OFFB_RIP, mkU64(guest_RIP_bbstart + delta) ) );
32416 break;
32417 case Dis_ResteerU:
32418 case Dis_ResteerC:
32419 stmt( IRStmt_Put( OFFB_RIP, mkU64(dres.continueAt) ) );
32420 break;
32421 case Dis_StopHere:
32422 break;
32423 default:
32424 vassert(0);
32425 }
32426
32427 DIP("\n");
32428 dres.len = toUInt(delta - delta_start);
32429 return dres;
32430 }
32431
32432 #undef DIP
32433 #undef DIS
32434
32435
32436 /*------------------------------------------------------------*/
32437 /*--- Top-level fn ---*/
32438 /*------------------------------------------------------------*/
32439
32440 /* Disassemble a single instruction into IR. The instruction
32441 is located in host memory at &guest_code[delta]. */
32442
32443 DisResult disInstr_AMD64 ( IRSB* irsb_IN,
32444 Bool (*resteerOkFn) ( void*, Addr ),
32445 Bool resteerCisOk,
32446 void* callback_opaque,
32447 const UChar* guest_code_IN,
32448 Long delta,
32449 Addr guest_IP,
32450 VexArch guest_arch,
32451 const VexArchInfo* archinfo,
32452 const VexAbiInfo* abiinfo,
32453 VexEndness host_endness_IN,
32454 Bool sigill_diag_IN )
32455 {
32456 Int i, x1, x2;
32457 Bool expect_CAS, has_CAS;
32458 DisResult dres;
32459
32460 /* Set globals (see top of this file) */
32461 vassert(guest_arch == VexArchAMD64);
32462 guest_code = guest_code_IN;
32463 irsb = irsb_IN;
32464 host_endness = host_endness_IN;
32465 guest_RIP_curr_instr = guest_IP;
32466 guest_RIP_bbstart = guest_IP - delta;
32467
32468 /* We'll consult these after doing disInstr_AMD64_WRK. */
32469 guest_RIP_next_assumed = 0;
32470 guest_RIP_next_mustcheck = False;
32471
32472 x1 = irsb_IN->stmts_used;
32473 expect_CAS = False;
32474 dres = disInstr_AMD64_WRK ( &expect_CAS, resteerOkFn,
32475 resteerCisOk,
32476 callback_opaque,
32477 delta, archinfo, abiinfo, sigill_diag_IN );
32478 x2 = irsb_IN->stmts_used;
32479 vassert(x2 >= x1);
32480
32481 /* If disInstr_AMD64_WRK tried to figure out the next rip, check it
32482 got it right. Failure of this assertion is serious and denotes
32483 a bug in disInstr. */
32484 if (guest_RIP_next_mustcheck
32485 && guest_RIP_next_assumed != guest_RIP_curr_instr + dres.len) {
32486 vex_printf("\n");
32487 vex_printf("assumed next %%rip = 0x%llx\n",
32488 guest_RIP_next_assumed );
32489 vex_printf(" actual next %%rip = 0x%llx\n",
32490 guest_RIP_curr_instr + dres.len );
32491 vpanic("disInstr_AMD64: disInstr miscalculated next %rip");
32492 }
32493
32494 /* See comment at the top of disInstr_AMD64_WRK for meaning of
32495 expect_CAS. Here, we (sanity-)check for the presence/absence of
32496 IRCAS as directed by the returned expect_CAS value. */
32497 has_CAS = False;
32498 for (i = x1; i < x2; i++) {
32499 if (irsb_IN->stmts[i]->tag == Ist_CAS)
32500 has_CAS = True;
32501 }
32502
32503 if (expect_CAS != has_CAS) {
32504 /* inconsistency detected. re-disassemble the instruction so as
32505 to generate a useful error message; then assert. */
32506 vex_traceflags |= VEX_TRACE_FE;
32507 dres = disInstr_AMD64_WRK ( &expect_CAS, resteerOkFn,
32508 resteerCisOk,
32509 callback_opaque,
32510 delta, archinfo, abiinfo, sigill_diag_IN );
32511 for (i = x1; i < x2; i++) {
32512 vex_printf("\t\t");
32513 ppIRStmt(irsb_IN->stmts[i]);
32514 vex_printf("\n");
32515 }
32516 /* Failure of this assertion is serious and denotes a bug in
32517 disInstr. */
32518 vpanic("disInstr_AMD64: inconsistency in LOCK prefix handling");
32519 }
32520
32521 return dres;
32522 }
32523
32524
32525 /*------------------------------------------------------------*/
32526 /*--- Unused stuff ---*/
32527 /*------------------------------------------------------------*/
32528
32529 // A potentially more Memcheck-friendly version of gen_LZCNT, if
32530 // this should ever be needed.
32531 //
32532 //static IRTemp gen_LZCNT ( IRType ty, IRTemp src )
32533 //{
32534 // /* Scheme is simple: propagate the most significant 1-bit into all
32535 // lower positions in the word. This gives a word of the form
32536 // 0---01---1. Now invert it, giving a word of the form
32537 // 1---10---0, then do a population-count idiom (to count the 1s,
32538 // which is the number of leading zeroes, or the word size if the
32539 // original word was 0.
32540 // */
32541 // Int i;
32542 // IRTemp t[7];
32543 // for (i = 0; i < 7; i++) {
32544 // t[i] = newTemp(ty);
32545 // }
32546 // if (ty == Ity_I64) {
32547 // assign(t[0], binop(Iop_Or64, mkexpr(src),
32548 // binop(Iop_Shr64, mkexpr(src), mkU8(1))));
32549 // assign(t[1], binop(Iop_Or64, mkexpr(t[0]),
32550 // binop(Iop_Shr64, mkexpr(t[0]), mkU8(2))));
32551 // assign(t[2], binop(Iop_Or64, mkexpr(t[1]),
32552 // binop(Iop_Shr64, mkexpr(t[1]), mkU8(4))));
32553 // assign(t[3], binop(Iop_Or64, mkexpr(t[2]),
32554 // binop(Iop_Shr64, mkexpr(t[2]), mkU8(8))));
32555 // assign(t[4], binop(Iop_Or64, mkexpr(t[3]),
32556 // binop(Iop_Shr64, mkexpr(t[3]), mkU8(16))));
32557 // assign(t[5], binop(Iop_Or64, mkexpr(t[4]),
32558 // binop(Iop_Shr64, mkexpr(t[4]), mkU8(32))));
32559 // assign(t[6], unop(Iop_Not64, mkexpr(t[5])));
32560 // return gen_POPCOUNT(ty, t[6]);
32561 // }
32562 // if (ty == Ity_I32) {
32563 // assign(t[0], binop(Iop_Or32, mkexpr(src),
32564 // binop(Iop_Shr32, mkexpr(src), mkU8(1))));
32565 // assign(t[1], binop(Iop_Or32, mkexpr(t[0]),
32566 // binop(Iop_Shr32, mkexpr(t[0]), mkU8(2))));
32567 // assign(t[2], binop(Iop_Or32, mkexpr(t[1]),
32568 // binop(Iop_Shr32, mkexpr(t[1]), mkU8(4))));
32569 // assign(t[3], binop(Iop_Or32, mkexpr(t[2]),
32570 // binop(Iop_Shr32, mkexpr(t[2]), mkU8(8))));
32571 // assign(t[4], binop(Iop_Or32, mkexpr(t[3]),
32572 // binop(Iop_Shr32, mkexpr(t[3]), mkU8(16))));
32573 // assign(t[5], unop(Iop_Not32, mkexpr(t[4])));
32574 // return gen_POPCOUNT(ty, t[5]);
32575 // }
32576 // if (ty == Ity_I16) {
32577 // assign(t[0], binop(Iop_Or16, mkexpr(src),
32578 // binop(Iop_Shr16, mkexpr(src), mkU8(1))));
32579 // assign(t[1], binop(Iop_Or16, mkexpr(t[0]),
32580 // binop(Iop_Shr16, mkexpr(t[0]), mkU8(2))));
32581 // assign(t[2], binop(Iop_Or16, mkexpr(t[1]),
32582 // binop(Iop_Shr16, mkexpr(t[1]), mkU8(4))));
32583 // assign(t[3], binop(Iop_Or16, mkexpr(t[2]),
32584 // binop(Iop_Shr16, mkexpr(t[2]), mkU8(8))));
32585 // assign(t[4], unop(Iop_Not16, mkexpr(t[3])));
32586 // return gen_POPCOUNT(ty, t[4]);
32587 // }
32588 // vassert(0);
32589 //}
32590
32591
32592 /*--------------------------------------------------------------------*/
32593 /*--- end guest_amd64_toIR.c ---*/
32594 /*--------------------------------------------------------------------*/
Instrumentation framework for detecting many memory management and threading bugs, and profile your programs in detail.