/**

 * $Id$

 * 

 * SH4 => x86 translation. This version does no real optimization, it just

 * outputs straight-line x86 code - it mainly exists to provide a baseline

 * to test the optimizing versions against.

 *

 * Copyright (c) 2007 Nathan Keynes.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 2 of the License, or

 * (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 */

#include <assert.h>

#include <math.h>

#ifndef NDEBUG

#define DEBUG_JUMPS 1

#endif

#include "sh4/xltcache.h"

#include "sh4/sh4core.h"

#include "sh4/sh4trans.h"

#include "sh4/sh4mmio.h"

#include "sh4/x86op.h"

#include "clock.h"

#define DEFAULT_BACKPATCH_SIZE 4096

struct backpatch_record {

    uint32_t *fixup_addr;

    uint32_t fixup_icount;

    int32_t exc_code;

};

#define MAX_RECOVERY_SIZE 2048

#define DELAY_NONE 0

#define DELAY_PC 1

#define DELAY_PC_PR 2

/** 

 * Struct to manage internal translation state. This state is not saved -

 * it is only valid between calls to sh4_translate_begin_block() and

 * sh4_translate_end_block()

 */

struct sh4_x86_state {

    int in_delay_slot;

    gboolean priv_checked; /* true if we've already checked the cpu mode. */

    gboolean fpuen_checked; /* true if we've already checked fpu enabled. */

    gboolean branch_taken; /* true if we branched unconditionally */

    uint32_t block_start_pc;

    uint32_t stack_posn;   /* Trace stack height for alignment purposes */

    int tstate;

    /* mode flags */

    gboolean tlb_on; /* True if tlb translation is active */

    /* Allocated memory for the (block-wide) back-patch list */

    struct backpatch_record *backpatch_list;

    uint32_t backpatch_posn;

    uint32_t backpatch_size;

};

#define TSTATE_NONE -1

#define TSTATE_O    0

#define TSTATE_C    2

#define TSTATE_E    4

#define TSTATE_NE   5

#define TSTATE_G    0xF

#define TSTATE_GE   0xD

#define TSTATE_A    7

#define TSTATE_AE   3

/** Branch if T is set (either in the current cflags, or in sh4r.t) */

#define JT_rel8(rel8,label) if( sh4_x86.tstate == TSTATE_NONE ) { \

	CMP_imm8s_sh4r( 1, R_T ); sh4_x86.tstate = TSTATE_E; } \

    OP(0x70+sh4_x86.tstate); OP(rel8); \

    MARK_JMP(rel8,label)

/** Branch if T is clear (either in the current cflags or in sh4r.t) */

#define JF_rel8(rel8,label) if( sh4_x86.tstate == TSTATE_NONE ) { \

	CMP_imm8s_sh4r( 1, R_T ); sh4_x86.tstate = TSTATE_E; } \

    OP(0x70+ (sh4_x86.tstate^1)); OP(rel8); \

    MARK_JMP(rel8, label)

static struct sh4_x86_state sh4_x86;

static uint32_t max_int = 0x7FFFFFFF;

static uint32_t min_int = 0x80000000;

static uint32_t save_fcw; /* save value for fpu control word */

static uint32_t trunc_fcw = 0x0F7F; /* fcw value for truncation mode */

void sh4_x86_init()

{

    sh4_x86.backpatch_list = malloc(DEFAULT_BACKPATCH_SIZE);

    sh4_x86.backpatch_size = DEFAULT_BACKPATCH_SIZE / sizeof(struct backpatch_record);

}

static void sh4_x86_add_backpatch( uint8_t *fixup_addr, uint32_t fixup_pc, uint32_t exc_code )

{

    if( sh4_x86.backpatch_posn == sh4_x86.backpatch_size ) {

	sh4_x86.backpatch_size <<= 1;

	sh4_x86.backpatch_list = realloc( sh4_x86.backpatch_list, 

					  sh4_x86.backpatch_size * sizeof(struct backpatch_record));

	assert( sh4_x86.backpatch_list != NULL );

    }

    if( sh4_x86.in_delay_slot ) {

	fixup_pc -= 2;

    }

    sh4_x86.backpatch_list[sh4_x86.backpatch_posn].fixup_addr = (uint32_t *)fixup_addr;

    sh4_x86.backpatch_list[sh4_x86.backpatch_posn].fixup_icount = (fixup_pc - sh4_x86.block_start_pc)>>1;

    sh4_x86.backpatch_list[sh4_x86.backpatch_posn].exc_code = exc_code;

    sh4_x86.backpatch_posn++;

}

/**

 * Emit an instruction to load an SH4 reg into a real register

 */

static inline void load_reg( int x86reg, int sh4reg ) 

{

    /* mov [bp+n], reg */

    OP(0x8B);

    OP(0x45 + (x86reg<<3));

    OP(REG_OFFSET(r[sh4reg]));

}

static inline void load_reg16s( int x86reg, int sh4reg )

{

    OP(0x0F);

    OP(0xBF);

    MODRM_r32_sh4r(x86reg, REG_OFFSET(r[sh4reg]));

}

static inline void load_reg16u( int x86reg, int sh4reg )

{

    OP(0x0F);

    OP(0xB7);

    MODRM_r32_sh4r(x86reg, REG_OFFSET(r[sh4reg]));

}

#define load_spreg( x86reg, regoff ) MOV_sh4r_r32( regoff, x86reg )

#define store_spreg( x86reg, regoff ) MOV_r32_sh4r( x86reg, regoff )

/**

 * Emit an instruction to load an immediate value into a register

 */

static inline void load_imm32( int x86reg, uint32_t value ) {

    /* mov #value, reg */

    OP(0xB8 + x86reg);

    OP32(value);

}

/**

 * Load an immediate 64-bit quantity (note: x86-64 only)

 */

static inline void load_imm64( int x86reg, uint32_t value ) {

    /* mov #value, reg */

    REXW();

    OP(0xB8 + x86reg);

    OP64(value);

}

/**

 * Emit an instruction to store an SH4 reg (RN)

 */

void static inline store_reg( int x86reg, int sh4reg ) {

    /* mov reg, [bp+n] */

    OP(0x89);

    OP(0x45 + (x86reg<<3));

    OP(REG_OFFSET(r[sh4reg]));

}

#define load_fr_bank(bankreg) load_spreg( bankreg, REG_OFFSET(fr_bank))

/**

 * Load an FR register (single-precision floating point) into an integer x86

 * register (eg for register-to-register moves)

 */

void static inline load_fr( int bankreg, int x86reg, int frm )

{

    OP(0x8B); OP(0x40+bankreg+(x86reg<<3)); OP((frm^1)<<2);

}

/**

 * Store an FR register (single-precision floating point) into an integer x86

 * register (eg for register-to-register moves)

 */

void static inline store_fr( int bankreg, int x86reg, int frn )

{

    OP(0x89);  OP(0x40+bankreg+(x86reg<<3)); OP((frn^1)<<2);

}

/**

 * Load a pointer to the back fp back into the specified x86 register. The

 * bankreg must have been previously loaded with FPSCR.

 * NB: 12 bytes

 */

static inline void load_xf_bank( int bankreg )

{

    NOT_r32( bankreg );

    SHR_imm8_r32( (21 - 6), bankreg ); // Extract bit 21 then *64 for bank size

    AND_imm8s_r32( 0x40, bankreg );    // Complete extraction

    OP(0x8D); OP(0x44+(bankreg<<3)); OP(0x28+bankreg); OP(REG_OFFSET(fr)); // LEA [ebp+bankreg+disp], bankreg

}

/**

 * Update the fr_bank pointer based on the current fpscr value.

 */

static inline void update_fr_bank( int fpscrreg )

{

    SHR_imm8_r32( (21 - 6), fpscrreg ); // Extract bit 21 then *64 for bank size

    AND_imm8s_r32( 0x40, fpscrreg );    // Complete extraction

    OP(0x8D); OP(0x44+(fpscrreg<<3)); OP(0x28+fpscrreg); OP(REG_OFFSET(fr)); // LEA [ebp+fpscrreg+disp], fpscrreg

    store_spreg( fpscrreg, REG_OFFSET(fr_bank) );

}

/**

 * Push FPUL (as a 32-bit float) onto the FPU stack

 */

static inline void push_fpul( )

{

    OP(0xD9); OP(0x45); OP(R_FPUL);

}

/**

 * Pop FPUL (as a 32-bit float) from the FPU stack

 */

static inline void pop_fpul( )

{

    OP(0xD9); OP(0x5D); OP(R_FPUL);

}

/**

 * Push a 32-bit float onto the FPU stack, with bankreg previously loaded

 * with the location of the current fp bank.

 */

static inline void push_fr( int bankreg, int frm ) 

{

    OP(0xD9); OP(0x40 + bankreg); OP((frm^1)<<2);  // FLD.S [bankreg + frm^1*4]

}

/**

 * Pop a 32-bit float from the FPU stack and store it back into the fp bank, 

 * with bankreg previously loaded with the location of the current fp bank.

 */

static inline void pop_fr( int bankreg, int frm )

{

    OP(0xD9); OP(0x58 + bankreg); OP((frm^1)<<2); // FST.S [bankreg + frm^1*4]

}

/**

 * Push a 64-bit double onto the FPU stack, with bankreg previously loaded

 * with the location of the current fp bank.

 */

static inline void push_dr( int bankreg, int frm )

{

    OP(0xDD); OP(0x40 + bankreg); OP(frm<<2); // FLD.D [bankreg + frm*4]

}

static inline void pop_dr( int bankreg, int frm )

{

    OP(0xDD); OP(0x58 + bankreg); OP(frm<<2); // FST.D [bankreg + frm*4]

}

/* Exception checks - Note that all exception checks will clobber EAX */

#define check_priv( ) \

    if( !sh4_x86.priv_checked ) { \

	sh4_x86.priv_checked = TRUE;\

	load_spreg( R_EAX, R_SR );\

	AND_imm32_r32( SR_MD, R_EAX );\

	if( sh4_x86.in_delay_slot ) {\

	    JE_exc( EXC_SLOT_ILLEGAL );\

	} else {\

	    JE_exc( EXC_ILLEGAL );\

	}\

    }\

#define check_fpuen( ) \

    if( !sh4_x86.fpuen_checked ) {\

	sh4_x86.fpuen_checked = TRUE;\

	load_spreg( R_EAX, R_SR );\

	AND_imm32_r32( SR_FD, R_EAX );\

	if( sh4_x86.in_delay_slot ) {\

	    JNE_exc(EXC_SLOT_FPU_DISABLED);\

	} else {\

	    JNE_exc(EXC_FPU_DISABLED);\

	}\

    }

#define check_ralign16( x86reg ) \

    TEST_imm32_r32( 0x00000001, x86reg ); \

    JNE_exc(EXC_DATA_ADDR_READ)

#define check_walign16( x86reg ) \

    TEST_imm32_r32( 0x00000001, x86reg ); \

    JNE_exc(EXC_DATA_ADDR_WRITE);

#define check_ralign32( x86reg ) \

    TEST_imm32_r32( 0x00000003, x86reg ); \

    JNE_exc(EXC_DATA_ADDR_READ)

#define check_walign32( x86reg ) \

    TEST_imm32_r32( 0x00000003, x86reg ); \

    JNE_exc(EXC_DATA_ADDR_WRITE);

#define UNDEF()

#define MEM_RESULT(value_reg) if(value_reg != R_EAX) { MOV_r32_r32(R_EAX,value_reg); }

#define MEM_READ_BYTE( addr_reg, value_reg ) call_func1(sh4_read_byte, addr_reg ); MEM_RESULT(value_reg)

#define MEM_READ_WORD( addr_reg, value_reg ) call_func1(sh4_read_word, addr_reg ); MEM_RESULT(value_reg)

#define MEM_READ_LONG( addr_reg, value_reg ) call_func1(sh4_read_long, addr_reg ); MEM_RESULT(value_reg)

#define MEM_WRITE_BYTE( addr_reg, value_reg ) call_func2(sh4_write_byte, addr_reg, value_reg)

#define MEM_WRITE_WORD( addr_reg, value_reg ) call_func2(sh4_write_word, addr_reg, value_reg)

#define MEM_WRITE_LONG( addr_reg, value_reg ) call_func2(sh4_write_long, addr_reg, value_reg)

/**

 * Perform MMU translation on the address in addr_reg for a read operation, iff the TLB is turned 

 * on, otherwise do nothing. Clobbers EAX, ECX and EDX. May raise a TLB exception or address error.

 */

#define MMU_TRANSLATE_READ( addr_reg ) if( sh4_x86.tlb_on ) { call_func1(mmu_vma_to_phys_read, addr_reg); CMP_imm32_r32(MMU_VMA_ERROR, R_EAX); JE_exc(-1); MEM_RESULT(addr_reg); }

#define MMU_TRANSLATE_READ_EXC( addr_reg, exc_code ) if( sh4_x86.tlb_on ) { call_func1(mmu_vma_to_phys_read, addr_reg); CMP_imm32_r32(MMU_VMA_ERROR, R_EAX); JE_exc(exc_code); MEM_RESULT(addr_reg) }

/**

 * Perform MMU translation on the address in addr_reg for a write operation, iff the TLB is turned 

 * on, otherwise do nothing. Clobbers EAX, ECX and EDX. May raise a TLB exception or address error.

 */

#define MMU_TRANSLATE_WRITE( addr_reg ) if( sh4_x86.tlb_on ) { call_func1(mmu_vma_to_phys_write, addr_reg); CMP_imm32_r32(MMU_VMA_ERROR, R_EAX); JE_exc(-1); MEM_RESULT(addr_reg); }

#define MEM_READ_SIZE (CALL_FUNC1_SIZE)

#define MEM_WRITE_SIZE (CALL_FUNC2_SIZE)

#define MMU_TRANSLATE_SIZE (sh4_x86.tlb_on ? (CALL_FUNC1_SIZE + 12) : 0 )

#define SLOTILLEGAL() JMP_exc(EXC_SLOT_ILLEGAL); sh4_x86.in_delay_slot = DELAY_NONE; return 1;

/****** Import appropriate calling conventions ******/

#if SH4_TRANSLATOR == TARGET_X86_64

#include "sh4/ia64abi.h"

#else /* SH4_TRANSLATOR == TARGET_X86 */

#ifdef APPLE_BUILD

#include "sh4/ia32mac.h"

#else

#include "sh4/ia32abi.h"

#endif

#endif

uint32_t sh4_translate_end_block_size()

{

    if( sh4_x86.backpatch_posn <= 3 ) {

	return EPILOGUE_SIZE + (sh4_x86.backpatch_posn*12);

    } else {

	return EPILOGUE_SIZE + 48 + (sh4_x86.backpatch_posn-3)*15;

    }

}

/**

 * Embed a breakpoint into the generated code

 */

void sh4_translate_emit_breakpoint( sh4vma_t pc )

{

    load_imm32( R_EAX, pc );

    call_func1( sh4_translate_breakpoint_hit, R_EAX );

}

#define UNTRANSLATABLE(pc) !IS_IN_ICACHE(pc)

/**

 * Embed a call to sh4_execute_instruction for situations that we

 * can't translate (just page-crossing delay slots at the moment).

 * Caller is responsible for setting new_pc before calling this function.

 *

 * Performs:

 *   Set PC = endpc

 *   Set sh4r.in_delay_slot = sh4_x86.in_delay_slot

 *   Update slice_cycle for endpc+2 (single step doesn't update slice_cycle)

 *   Call sh4_execute_instruction

 *   Call xlat_get_code_by_vma / xlat_get_code as for normal exit

 */

void exit_block_emu( sh4vma_t endpc )

{

    load_imm32( R_ECX, endpc - sh4_x86.block_start_pc );   // 5

    ADD_r32_sh4r( R_ECX, R_PC );

    load_imm32( R_ECX, (((endpc - sh4_x86.block_start_pc)>>1)+1)*sh4_cpu_period ); // 5

    ADD_r32_sh4r( R_ECX, REG_OFFSET(slice_cycle) );     // 6

    load_imm32( R_ECX, sh4_x86.in_delay_slot ? 1 : 0 );

    store_spreg( R_ECX, REG_OFFSET(in_delay_slot) );

    call_func0( sh4_execute_instruction );    

    load_spreg( R_EAX, R_PC );

    if( sh4_x86.tlb_on ) {

	call_func1(xlat_get_code_by_vma,R_EAX);

    } else {

	call_func1(xlat_get_code,R_EAX);

    }

    AND_imm8s_rptr( 0xFC, R_EAX );

    POP_r32(R_EBP);

    RET();

} 

/**

 * Translate a single instruction. Delayed branches are handled specially

 * by translating both branch and delayed instruction as a single unit (as

 * 

 * The instruction MUST be in the icache (assert check)

 *

 * @return true if the instruction marks the end of a basic block

 * (eg a branch or 

 */

uint32_t sh4_translate_instruction( sh4vma_t pc )

{

    uint32_t ir;

    /* Read instruction from icache */

    assert( IS_IN_ICACHE(pc) );

    ir = *(uint16_t *)GET_ICACHE_PTR(pc);

	/* PC is not in the current icache - this usually means we're running

	 * with MMU on, and we've gone past the end of the page. And since 

	 * sh4_translate_block is pretty careful about this, it means we're

	 * almost certainly in a delay slot.

	 *

	 * Since we can't assume the page is present (and we can't fault it in

	 * at this point, inline a call to sh4_execute_instruction (with a few

	 * small repairs to cope with the different environment).

	 */

    if( !sh4_x86.in_delay_slot ) {

	sh4_translate_add_recovery( (pc - sh4_x86.block_start_pc)>>1 );

    }

%%

/* ALU operations */

ADD Rm, Rn {:

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    ADD_r32_r32( R_EAX, R_ECX );

    store_reg( R_ECX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

ADD #imm, Rn {:  

    load_reg( R_EAX, Rn );

    ADD_imm8s_r32( imm, R_EAX );

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

ADDC Rm, Rn {:

    if( sh4_x86.tstate != TSTATE_C ) {

	LDC_t();

    }

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    ADC_r32_r32( R_EAX, R_ECX );

    store_reg( R_ECX, Rn );

    SETC_t();

    sh4_x86.tstate = TSTATE_C;

:}

ADDV Rm, Rn {:

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    ADD_r32_r32( R_EAX, R_ECX );

    store_reg( R_ECX, Rn );

    SETO_t();

    sh4_x86.tstate = TSTATE_O;

:}

AND Rm, Rn {:

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    AND_r32_r32( R_EAX, R_ECX );

    store_reg( R_ECX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

AND #imm, R0 {:  

    load_reg( R_EAX, 0 );

    AND_imm32_r32(imm, R_EAX); 

    store_reg( R_EAX, 0 );

    sh4_x86.tstate = TSTATE_NONE;

:}

AND.B #imm, @(R0, GBR) {: 

    load_reg( R_EAX, 0 );

    load_spreg( R_ECX, R_GBR );

    ADD_r32_r32( R_ECX, R_EAX );

    MMU_TRANSLATE_WRITE( R_EAX );

    PUSH_realigned_r32(R_EAX);

    MEM_READ_BYTE( R_EAX, R_EAX );

    POP_realigned_r32(R_ECX);

    AND_imm32_r32(imm, R_EAX );

    MEM_WRITE_BYTE( R_ECX, R_EAX );

    sh4_x86.tstate = TSTATE_NONE;

:}

CMP/EQ Rm, Rn {:  

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    CMP_r32_r32( R_EAX, R_ECX );

    SETE_t();

    sh4_x86.tstate = TSTATE_E;

:}

CMP/EQ #imm, R0 {:  

    load_reg( R_EAX, 0 );

    CMP_imm8s_r32(imm, R_EAX);

    SETE_t();

    sh4_x86.tstate = TSTATE_E;

:}

CMP/GE Rm, Rn {:  

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    CMP_r32_r32( R_EAX, R_ECX );

    SETGE_t();

    sh4_x86.tstate = TSTATE_GE;

:}

CMP/GT Rm, Rn {: 

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    CMP_r32_r32( R_EAX, R_ECX );

    SETG_t();

    sh4_x86.tstate = TSTATE_G;

:}

CMP/HI Rm, Rn {:  

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    CMP_r32_r32( R_EAX, R_ECX );

    SETA_t();

    sh4_x86.tstate = TSTATE_A;

:}

CMP/HS Rm, Rn {: 

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    CMP_r32_r32( R_EAX, R_ECX );

    SETAE_t();

    sh4_x86.tstate = TSTATE_AE;

 :}

CMP/PL Rn {: 

    load_reg( R_EAX, Rn );

    CMP_imm8s_r32( 0, R_EAX );

    SETG_t();

    sh4_x86.tstate = TSTATE_G;

:}

CMP/PZ Rn {:  

    load_reg( R_EAX, Rn );

    CMP_imm8s_r32( 0, R_EAX );

    SETGE_t();

    sh4_x86.tstate = TSTATE_GE;

:}

CMP/STR Rm, Rn {:  

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    XOR_r32_r32( R_ECX, R_EAX );

    TEST_r8_r8( R_AL, R_AL );

    JE_rel8(13, target1);

    TEST_r8_r8( R_AH, R_AH ); // 2

    JE_rel8(9, target2);

    SHR_imm8_r32( 16, R_EAX ); // 3

    TEST_r8_r8( R_AL, R_AL ); // 2

    JE_rel8(2, target3);

    TEST_r8_r8( R_AH, R_AH ); // 2

    JMP_TARGET(target1);

    JMP_TARGET(target2);

    JMP_TARGET(target3);

    SETE_t();

    sh4_x86.tstate = TSTATE_E;

:}

DIV0S Rm, Rn {:

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    SHR_imm8_r32( 31, R_EAX );

    SHR_imm8_r32( 31, R_ECX );

    store_spreg( R_EAX, R_M );

    store_spreg( R_ECX, R_Q );

    CMP_r32_r32( R_EAX, R_ECX );

    SETNE_t();

    sh4_x86.tstate = TSTATE_NE;

:}

DIV0U {:  

    XOR_r32_r32( R_EAX, R_EAX );

    store_spreg( R_EAX, R_Q );

    store_spreg( R_EAX, R_M );

    store_spreg( R_EAX, R_T );

    sh4_x86.tstate = TSTATE_C; // works for DIV1

:}

DIV1 Rm, Rn {:

    load_spreg( R_ECX, R_M );

    load_reg( R_EAX, Rn );

    if( sh4_x86.tstate != TSTATE_C ) {

	LDC_t();

    }

    RCL1_r32( R_EAX );

    SETC_r8( R_DL ); // Q'

    CMP_sh4r_r32( R_Q, R_ECX );

    JE_rel8(5, mqequal);

    ADD_sh4r_r32( REG_OFFSET(r[Rm]), R_EAX );

    JMP_rel8(3, end);

    JMP_TARGET(mqequal);

    SUB_sh4r_r32( REG_OFFSET(r[Rm]), R_EAX );

    JMP_TARGET(end);

    store_reg( R_EAX, Rn ); // Done with Rn now

    SETC_r8(R_AL); // tmp1

    XOR_r8_r8( R_DL, R_AL ); // Q' = Q ^ tmp1

    XOR_r8_r8( R_AL, R_CL ); // Q'' = Q' ^ M

    store_spreg( R_ECX, R_Q );

    XOR_imm8s_r32( 1, R_AL );   // T = !Q'

    MOVZX_r8_r32( R_AL, R_EAX );

    store_spreg( R_EAX, R_T );

    sh4_x86.tstate = TSTATE_NONE;

:}

DMULS.L Rm, Rn {:  

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    IMUL_r32(R_ECX);

    store_spreg( R_EDX, R_MACH );

    store_spreg( R_EAX, R_MACL );

    sh4_x86.tstate = TSTATE_NONE;

:}

DMULU.L Rm, Rn {:  

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    MUL_r32(R_ECX);

    store_spreg( R_EDX, R_MACH );

    store_spreg( R_EAX, R_MACL );    

    sh4_x86.tstate = TSTATE_NONE;

:}

DT Rn {:  

    load_reg( R_EAX, Rn );

    ADD_imm8s_r32( -1, R_EAX );

    store_reg( R_EAX, Rn );

    SETE_t();

    sh4_x86.tstate = TSTATE_E;

:}

EXTS.B Rm, Rn {:  

    load_reg( R_EAX, Rm );

    MOVSX_r8_r32( R_EAX, R_EAX );

    store_reg( R_EAX, Rn );

:}

EXTS.W Rm, Rn {:  

    load_reg( R_EAX, Rm );

    MOVSX_r16_r32( R_EAX, R_EAX );

    store_reg( R_EAX, Rn );

:}

EXTU.B Rm, Rn {:  

    load_reg( R_EAX, Rm );

    MOVZX_r8_r32( R_EAX, R_EAX );

    store_reg( R_EAX, Rn );

:}

EXTU.W Rm, Rn {:  

    load_reg( R_EAX, Rm );

    MOVZX_r16_r32( R_EAX, R_EAX );

    store_reg( R_EAX, Rn );

:}

MAC.L @Rm+, @Rn+ {:

    if( Rm == Rn ) {

	load_reg( R_EAX, Rm );

	check_ralign32( R_EAX );

	MMU_TRANSLATE_READ( R_EAX );

	PUSH_realigned_r32( R_EAX );

	load_reg( R_EAX, Rn );

	ADD_imm8s_r32( 4, R_EAX );

	MMU_TRANSLATE_READ_EXC( R_EAX, -5 );

	ADD_imm8s_sh4r( 8, REG_OFFSET(r[Rn]) );

	// Note translate twice in case of page boundaries. Maybe worth

	// adding a page-boundary check to skip the second translation

    } else {

	load_reg( R_EAX, Rm );

	check_ralign32( R_EAX );

	MMU_TRANSLATE_READ( R_EAX );

	load_reg( R_ECX, Rn );

	check_ralign32( R_ECX );

	PUSH_realigned_r32( R_EAX );

	MMU_TRANSLATE_READ_EXC( R_ECX, -5 );

	MOV_r32_r32( R_ECX, R_EAX );

	ADD_imm8s_sh4r( 4, REG_OFFSET(r[Rn]) );

	ADD_imm8s_sh4r( 4, REG_OFFSET(r[Rm]) );

    }

    MEM_READ_LONG( R_EAX, R_EAX );

    POP_r32( R_ECX );

    PUSH_r32( R_EAX );

    MEM_READ_LONG( R_ECX, R_EAX );

    POP_realigned_r32( R_ECX );

    IMUL_r32( R_ECX );

    ADD_r32_sh4r( R_EAX, R_MACL );

    ADC_r32_sh4r( R_EDX, R_MACH );

    load_spreg( R_ECX, R_S );

    TEST_r32_r32(R_ECX, R_ECX);

    JE_rel8( CALL_FUNC0_SIZE, nosat );

    call_func0( signsat48 );

    JMP_TARGET( nosat );

    sh4_x86.tstate = TSTATE_NONE;

:}

MAC.W @Rm+, @Rn+ {:  

    if( Rm == Rn ) {

	load_reg( R_EAX, Rm );

	check_ralign16( R_EAX );

	MMU_TRANSLATE_READ( R_EAX );

	PUSH_realigned_r32( R_EAX );

	load_reg( R_EAX, Rn );

	ADD_imm8s_r32( 2, R_EAX );

	MMU_TRANSLATE_READ_EXC( R_EAX, -5 );

	ADD_imm8s_sh4r( 4, REG_OFFSET(r[Rn]) );

	// Note translate twice in case of page boundaries. Maybe worth

	// adding a page-boundary check to skip the second translation

    } else {

	load_reg( R_EAX, Rm );

	check_ralign16( R_EAX );

	MMU_TRANSLATE_READ( R_EAX );

	load_reg( R_ECX, Rn );

	check_ralign16( R_ECX );

	PUSH_realigned_r32( R_EAX );

	MMU_TRANSLATE_READ_EXC( R_ECX, -5 );

	MOV_r32_r32( R_ECX, R_EAX );

	ADD_imm8s_sh4r( 2, REG_OFFSET(r[Rn]) );

	ADD_imm8s_sh4r( 2, REG_OFFSET(r[Rm]) );

    }

    MEM_READ_WORD( R_EAX, R_EAX );

    POP_r32( R_ECX );

    PUSH_r32( R_EAX );

    MEM_READ_WORD( R_ECX, R_EAX );

    POP_realigned_r32( R_ECX );

    IMUL_r32( R_ECX );

    load_spreg( R_ECX, R_S );

    TEST_r32_r32( R_ECX, R_ECX );

    JE_rel8( 47, nosat );

    ADD_r32_sh4r( R_EAX, R_MACL );  // 6

    JNO_rel8( 51, end );            // 2

    load_imm32( R_EDX, 1 );         // 5

    store_spreg( R_EDX, R_MACH );   // 6

    JS_rel8( 13, positive );        // 2

    load_imm32( R_EAX, 0x80000000 );// 5

    store_spreg( R_EAX, R_MACL );   // 6

    JMP_rel8( 25, end2 );           // 2

    JMP_TARGET(positive);

    load_imm32( R_EAX, 0x7FFFFFFF );// 5

    store_spreg( R_EAX, R_MACL );   // 6

    JMP_rel8( 12, end3);            // 2

    JMP_TARGET(nosat);

    ADD_r32_sh4r( R_EAX, R_MACL );  // 6

    ADC_r32_sh4r( R_EDX, R_MACH );  // 6

    JMP_TARGET(end);

    JMP_TARGET(end2);

    JMP_TARGET(end3);

    sh4_x86.tstate = TSTATE_NONE;

:}

MOVT Rn {:  

    load_spreg( R_EAX, R_T );

    store_reg( R_EAX, Rn );

:}

MUL.L Rm, Rn {:  

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    MUL_r32( R_ECX );

    store_spreg( R_EAX, R_MACL );

    sh4_x86.tstate = TSTATE_NONE;

:}

MULS.W Rm, Rn {:

    load_reg16s( R_EAX, Rm );

    load_reg16s( R_ECX, Rn );

    MUL_r32( R_ECX );

    store_spreg( R_EAX, R_MACL );

    sh4_x86.tstate = TSTATE_NONE;

:}

MULU.W Rm, Rn {:  

    load_reg16u( R_EAX, Rm );

    load_reg16u( R_ECX, Rn );

    MUL_r32( R_ECX );

    store_spreg( R_EAX, R_MACL );

    sh4_x86.tstate = TSTATE_NONE;

:}

NEG Rm, Rn {:

    load_reg( R_EAX, Rm );

    NEG_r32( R_EAX );

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

NEGC Rm, Rn {:  

    load_reg( R_EAX, Rm );

    XOR_r32_r32( R_ECX, R_ECX );

    LDC_t();

    SBB_r32_r32( R_EAX, R_ECX );

    store_reg( R_ECX, Rn );

    SETC_t();

    sh4_x86.tstate = TSTATE_C;

:}

NOT Rm, Rn {:  

    load_reg( R_EAX, Rm );

    NOT_r32( R_EAX );

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

OR Rm, Rn {:  

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    OR_r32_r32( R_EAX, R_ECX );

    store_reg( R_ECX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

OR #imm, R0 {:

    load_reg( R_EAX, 0 );

    OR_imm32_r32(imm, R_EAX);

    store_reg( R_EAX, 0 );

    sh4_x86.tstate = TSTATE_NONE;

:}

OR.B #imm, @(R0, GBR) {:  

    load_reg( R_EAX, 0 );

    load_spreg( R_ECX, R_GBR );

    ADD_r32_r32( R_ECX, R_EAX );

    MMU_TRANSLATE_WRITE( R_EAX );

    PUSH_realigned_r32(R_EAX);

    MEM_READ_BYTE( R_EAX, R_EAX );

    POP_realigned_r32(R_ECX);

    OR_imm32_r32(imm, R_EAX );

    MEM_WRITE_BYTE( R_ECX, R_EAX );

    sh4_x86.tstate = TSTATE_NONE;

:}

ROTCL Rn {:

    load_reg( R_EAX, Rn );

    if( sh4_x86.tstate != TSTATE_C ) {

	LDC_t();

    }

    RCL1_r32( R_EAX );

    store_reg( R_EAX, Rn );

    SETC_t();

    sh4_x86.tstate = TSTATE_C;

:}

ROTCR Rn {:  

    load_reg( R_EAX, Rn );

    if( sh4_x86.tstate != TSTATE_C ) {

	LDC_t();

    }

    RCR1_r32( R_EAX );

    store_reg( R_EAX, Rn );

    SETC_t();

    sh4_x86.tstate = TSTATE_C;

:}

ROTL Rn {:  

    load_reg( R_EAX, Rn );

    ROL1_r32( R_EAX );

    store_reg( R_EAX, Rn );

    SETC_t();

    sh4_x86.tstate = TSTATE_C;

:}

ROTR Rn {:  

    load_reg( R_EAX, Rn );

    ROR1_r32( R_EAX );

    store_reg( R_EAX, Rn );

    SETC_t();

    sh4_x86.tstate = TSTATE_C;

:}

SHAD Rm, Rn {:

    /* Annoyingly enough, not directly convertible */

    load_reg( R_EAX, Rn );

    load_reg( R_ECX, Rm );

    CMP_imm32_r32( 0, R_ECX );

    JGE_rel8(16, doshl);

    NEG_r32( R_ECX );      // 2

    AND_imm8_r8( 0x1F, R_CL ); // 3

    JE_rel8( 4, emptysar);     // 2

    SAR_r32_CL( R_EAX );       // 2

    JMP_rel8(10, end);          // 2

    JMP_TARGET(emptysar);

    SAR_imm8_r32(31, R_EAX );  // 3

    JMP_rel8(5, end2);

    JMP_TARGET(doshl);

    AND_imm8_r8( 0x1F, R_CL ); // 3

    SHL_r32_CL( R_EAX );       // 2

    JMP_TARGET(end);

    JMP_TARGET(end2);

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

SHLD Rm, Rn {:  

    load_reg( R_EAX, Rn );

    load_reg( R_ECX, Rm );

    CMP_imm32_r32( 0, R_ECX );

    JGE_rel8(15, doshl);

    NEG_r32( R_ECX );      // 2

    AND_imm8_r8( 0x1F, R_CL ); // 3

    JE_rel8( 4, emptyshr );

    SHR_r32_CL( R_EAX );       // 2

    JMP_rel8(9, end);          // 2

    JMP_TARGET(emptyshr);

    XOR_r32_r32( R_EAX, R_EAX );

    JMP_rel8(5, end2);

    JMP_TARGET(doshl);

    AND_imm8_r8( 0x1F, R_CL ); // 3

    SHL_r32_CL( R_EAX );       // 2

    JMP_TARGET(end);

    JMP_TARGET(end2);

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

SHAL Rn {: 

    load_reg( R_EAX, Rn );

    SHL1_r32( R_EAX );

    SETC_t();

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_C;

:}

SHAR Rn {:  

    load_reg( R_EAX, Rn );

    SAR1_r32( R_EAX );

    SETC_t();

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_C;

:}

SHLL Rn {:  

    load_reg( R_EAX, Rn );

    SHL1_r32( R_EAX );

    SETC_t();

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_C;

:}

SHLL2 Rn {:

    load_reg( R_EAX, Rn );

    SHL_imm8_r32( 2, R_EAX );

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

SHLL8 Rn {:  

    load_reg( R_EAX, Rn );

    SHL_imm8_r32( 8, R_EAX );

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

SHLL16 Rn {:  

    load_reg( R_EAX, Rn );

    SHL_imm8_r32( 16, R_EAX );

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

SHLR Rn {:  

    load_reg( R_EAX, Rn );

    SHR1_r32( R_EAX );

    SETC_t();

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_C;

:}

SHLR2 Rn {:  

    load_reg( R_EAX, Rn );

    SHR_imm8_r32( 2, R_EAX );

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

SHLR8 Rn {:  

    load_reg( R_EAX, Rn );

    SHR_imm8_r32( 8, R_EAX );

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

SHLR16 Rn {:  

    load_reg( R_EAX, Rn );

    SHR_imm8_r32( 16, R_EAX );

    store_reg( R_EAX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

SUB Rm, Rn {:  

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    SUB_r32_r32( R_EAX, R_ECX );

    store_reg( R_ECX, Rn );

    sh4_x86.tstate = TSTATE_NONE;

:}

SUBC Rm, Rn {:  

    load_reg( R_EAX, Rm );

    load_reg( R_ECX, Rn );

    if( sh4_x86.tstate != TSTATE_C ) {

	LDC_t();

    }

    SBB_r32_r32( R_EAX, R_ECX );

    store_reg( R_ECX, Rn );