PowerPC system emulation (Jocelyn Mayer) - modified patch to use new TLB api

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@528 c046a42c-6fe2-441c-8c8c-71466251a162

PowerPC system emulation (Jocelyn Mayer) - modified patch to use new TLB api
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@528 c046a42c-6fe2-441c-8c8c-71466251a162
bellard
1 parent efe160c5
Showing 10 changed files with 4596 additions and 1429 deletions
target-ppc/cpu.h
target-ppc/exec.h
target-ppc/helper.c
target-ppc/hw.c
target-ppc/op.c
target-ppc/op_helper.c
target-ppc/op_helper_mem.h
target-ppc/op_mem.h
target-ppc/op_template.h
target-ppc/translate.c
@@ -25,6 +25,8 @@
 #include "cpu-defs.h"
+//#define USE_OPEN_FIRMWARE
+
 /***                          Sign extend constants                        ***/
 /* 8 to 32 bits */
 static inline int32_t s_ext8 (uint8_t value)
@@ -54,56 +56,28 @@ static inline int32_t s_ext24 (uint32_t value)
 #include "config.h"
 #include <setjmp.h>
-/* Floting point status and control register */
-#define FPSCR_FX     31
-#define FPSCR_FEX    30
-#define FPSCR_VX     29
-#define FPSCR_OX     28
-#define FPSCR_UX     27
-#define FPSCR_ZX     26
-#define FPSCR_XX     25
-#define FPSCR_VXSNAN 24
-#define FPSCR_VXISI  26
-#define FPSCR_VXIDI  25
-#define FPSCR_VXZDZ  21
-#define FPSCR_VXIMZ  20
+/* Instruction types */
+enum {
+    PPC_NONE     = 0x0000,
+    PPC_INTEGER  = 0x0001, /* CPU has integer operations instructions        */
+    PPC_FLOAT    = 0x0002, /* CPU has floating point operations instructions */
+    PPC_FLOW     = 0x0004, /* CPU has flow control instructions              */
+    PPC_MEM      = 0x0008, /* CPU has virtual memory instructions            */
+    PPC_RES      = 0x0010, /* CPU has ld/st with reservation instructions    */
+    PPC_CACHE    = 0x0020, /* CPU has cache control instructions             */
+    PPC_MISC     = 0x0040, /* CPU has spr/msr access instructions            */
+    PPC_EXTERN   = 0x0080, /* CPU has external control instructions          */
+    PPC_SEGMENT  = 0x0100, /* CPU has memory segment instructions            */
+    PPC_CACHE_OPT= 0x0200,
+    PPC_FLOAT_OPT= 0x0400,
+    PPC_MEM_OPT  = 0x0800,
+};
-#define FPSCR_VXVC   18
-#define FPSCR_FR     17
-#define FPSCR_FI     16
-#define FPSCR_FPRF   11
-#define FPSCR_VXSOFT 9
-#define FPSCR_VXSQRT 8
-#define FPSCR_VXCVI  7
-#define FPSCR_OE     6
-#define FPSCR_UE     5
-#define FPSCR_ZE     4
-#define FPSCR_XE     3
-#define FPSCR_NI     2
-#define FPSCR_RN     0
-#define fpscr_fx     env->fpscr[FPSCR_FX]
-#define fpscr_fex    env->fpscr[FPSCR_FEX]
-#define fpscr_vx     env->fpscr[FPSCR_VX]
-#define fpscr_ox     env->fpscr[FPSCR_OX]
-#define fpscr_ux     env->fpscr[FPSCR_UX]
-#define fpscr_zx     env->fpscr[FPSCR_ZX]
-#define fpscr_xx     env->fpscr[FPSCR_XX]
-#define fpscr_vsxnan env->fpscr[FPSCR_VXSNAN]
-#define fpscr_vxisi  env->fpscr[FPSCR_VXISI]
-#define fpscr_vxidi  env->fpscr[FPSCR_VXIDI]
-#define fpscr_vxzdz  env->fpscr[FPSCR_VXZDZ]
-#define fpscr_vximz  env->fpscr[FPSCR_VXIMZ]
-#define fpscr_fr     env->fpscr[FPSCR_FR]
-#define fpscr_fi     env->fpscr[FPSCR_FI]
-#define fpscr_fprf   env->fpscr[FPSCR_FPRF]
-#define fpscr_vxsoft env->fpscr[FPSCR_VXSOFT]
-#define fpscr_vxsqrt env->fpscr[FPSCR_VXSQRT]
-#define fpscr_oe     env->fpscr[FPSCR_OE]
-#define fpscr_ue     env->fpscr[FPSCR_UE]
-#define fpscr_ze     env->fpscr[FPSCR_ZE]
-#define fpscr_xe     env->fpscr[FPSCR_XE]
-#define fpscr_ni     env->fpscr[FPSCR_NI]
-#define fpscr_rn     env->fpscr[FPSCR_RN]
+#define PPC_COMMON  (PPC_INTEGER | PPC_FLOAT | PPC_FLOW | PPC_MEM |           \
+                     PPC_RES | PPC_CACHE | PPC_MISC | PPC_SEGMENT)
+/* PPC 740/745/750/755 (aka G3) has external access instructions */
+#define PPC_750 (PPC_INTEGER | PPC_FLOAT | PPC_FLOW | PPC_MEM |               \
+                 PPC_RES | PPC_CACHE | PPC_MISC | PPC_EXTERN | PPC_SEGMENT)
 /* Supervisor mode registers */
 /* Machine state register */
@@ -139,26 +113,16 @@ static inline int32_t s_ext24 (uint32_t value)
 #define msr_le  env->msr[MSR_LE]
 /* Segment registers */
-typedef struct ppc_sr_t {
-    uint32_t t:1;
-    uint32_t ks:1;
-    uint32_t kp:1;
-    uint32_t n:1;
-    uint32_t res:4;
-    uint32_t vsid:24;
-} ppc_sr_t;
-
 typedef struct CPUPPCState {
     /* general purpose registers */
     uint32_t gpr[32];
     /* floating point registers */
     double fpr[32];
     /* segment registers */
-    ppc_sr_t sr[16];
-    /* special purpose registers */
-    uint32_t spr[1024];
+    uint32_t sdr1;
+    uint32_t sr[16];
     /* XER */
-    uint8_t xer[32];
+    uint8_t xer[4];
     /* Reservation address */
     uint32_t reserve;
     /* machine state register */
@@ -166,11 +130,20 @@ typedef struct CPUPPCState {
     /* condition register */
     uint8_t crf[8];
     /* floating point status and control register */
-    uint8_t fpscr[32];
+    uint8_t fpscr[8];
     uint32_t nip;
-    /* CPU exception code */
-    uint32_t exception;
-
+    /* special purpose registers */
+    uint32_t lr;
+    uint32_t ctr;
+    /* Time base */
+    uint32_t tb[2];
+    /* decrementer */
+    uint32_t decr;
+    /* BATs */
+    uint32_t DBAT[2][8];
+    uint32_t IBAT[2][8];
+    /* all others */
+    uint32_t spr[1024];
     /* qemu dedicated */
      /* temporary float registers */
     double ft0;
@@ -180,9 +153,14 @@ typedef struct CPUPPCState {
     jmp_buf jmp_env;
     int exception_index;
     int error_code;
+    uint32_t exceptions; /* exception queue */
+    uint32_t errors[16];
     int user_mode_only; /* user mode only simulation */
     struct TranslationBlock *current_tb; /* currently executing TB */
-
+    /* soft mmu support */
+    /* 0 = kernel, 1 = user */
+    CPUTLBEntry tlb_read[2][CPU_TLB_SIZE];
+    CPUTLBEntry tlb_write[2][CPU_TLB_SIZE];
     /* user data */
     void *opaque;
 } CPUPPCState;
@@ -198,107 +176,99 @@ int cpu_ppc_signal_handler(int host_signum, struct siginfo *info,
                            void *puc);
 void cpu_ppc_dump_state(CPUPPCState *env, FILE *f, int flags);
+void cpu_loop_exit(void);
+void dump_stack (CPUPPCState *env);
+uint32_t _load_xer (void);
+void _store_xer (uint32_t value);
+uint32_t _load_msr (void);
+void _store_msr (uint32_t value);
+void do_interrupt (CPUPPCState *env);
 #define TARGET_PAGE_BITS 12
 #include "cpu-all.h"
 #define ugpr(n) (env->gpr[n])
-#define fpr(n) (env->fpr[n])
+#define fprd(n) (env->fpr[n])
+#define fprs(n) ((float)env->fpr[n])
+#define fpru(n) ((uint32_t)env->fpr[n])
+#define fpri(n) ((int32_t)env->fpr[n])
 #define SPR_ENCODE(sprn)                               \
 (((sprn) >> 5) | (((sprn) & 0x1F) << 5))
 /* User mode SPR */
 #define spr(n) env->spr[n]
-//#define XER    spr[1]
-#define XER env->xer
 #define XER_SO 31
 #define XER_OV 30
 #define XER_CA 29
 #define XER_BC 0
-#define xer_so env->xer[XER_SO]
-#define xer_ov env->xer[XER_OV]
-#define xer_ca env->xer[XER_CA]
-#define xer_bc env->xer[XER_BC]
+#define xer_so env->xer[3]
+#define xer_ov env->xer[2]
+#define xer_ca env->xer[1]
+#define xer_bc env->xer[0]
-#define LR     spr[SPR_ENCODE(8)]
-#define CTR    spr[SPR_ENCODE(9)]
+#define XER    SPR_ENCODE(1)
+#define LR     SPR_ENCODE(8)
+#define CTR    SPR_ENCODE(9)
 /* VEA mode SPR */
-#define V_TBL  spr[SPR_ENCODE(268)]
-#define V_TBU  spr[SPR_ENCODE(269)]
+#define V_TBL  SPR_ENCODE(268)
+#define V_TBU  SPR_ENCODE(269)
 /* supervisor mode SPR */
-#define DSISR  spr[SPR_ENCODE(18)]
-#define DAR    spr[SPR_ENCODE(19)]
-#define DEC    spr[SPR_ENCODE(22)]
-#define SDR1   spr[SPR_ENCODE(25)]
-typedef struct ppc_sdr1_t {
-    uint32_t htaborg:16;
-    uint32_t res:7;
-    uint32_t htabmask:9;
-} ppc_sdr1_t;
-#define SRR0   spr[SPR_ENCODE(26)]
-#define SRR0_MASK 0xFFFFFFFC
-#define SRR1   spr[SPR_ENCODE(27)]
-#define SPRG0  spr[SPR_ENCODE(272)]
-#define SPRG1  spr[SPR_ENCODE(273)]
-#define SPRG2  spr[SPR_ENCODE(274)]
-#define SPRG3  spr[SPR_ENCODE(275)]
-#define EAR    spr[SPR_ENCODE(282)]
-typedef struct ppc_ear_t {
-    uint32_t e:1;
-    uint32_t res:25;
-    uint32_t rid:6;
-} ppc_ear_t;
-#define TBL    spr[SPR_ENCODE(284)]
-#define TBU    spr[SPR_ENCODE(285)]
-#define PVR    spr[SPR_ENCODE(287)]
-typedef struct ppc_pvr_t {
-    uint32_t version:16;
-    uint32_t revision:16;
-} ppc_pvr_t;
-#define IBAT0U spr[SPR_ENCODE(528)]
-#define IBAT0L spr[SPR_ENCODE(529)]
-#define IBAT1U spr[SPR_ENCODE(530)]
-#define IBAT1L spr[SPR_ENCODE(531)]
-#define IBAT2U spr[SPR_ENCODE(532)]
-#define IBAT2L spr[SPR_ENCODE(533)]
-#define IBAT3U spr[SPR_ENCODE(534)]
-#define IBAT3L spr[SPR_ENCODE(535)]
-#define DBAT0U spr[SPR_ENCODE(536)]
-#define DBAT0L spr[SPR_ENCODE(537)]
-#define DBAT1U spr[SPR_ENCODE(538)]
-#define DBAT1L spr[SPR_ENCODE(539)]
-#define DBAT2U spr[SPR_ENCODE(540)]
-#define DBAT2L spr[SPR_ENCODE(541)]
-#define DBAT3U spr[SPR_ENCODE(542)]
-#define DBAT3L spr[SPR_ENCODE(543)]
-typedef struct ppc_ubat_t {
-    uint32_t bepi:15;
-    uint32_t res:4;
-    uint32_t bl:11;
-    uint32_t vs:1;
-    uint32_t vp:1;
-} ppc_ubat_t;
-typedef struct ppc_lbat_t {
-    uint32_t brpn:15;
-    uint32_t res0:10;
-    uint32_t w:1;
-    uint32_t i:1;
-    uint32_t m:1;
-    uint32_t g:1;
-    uint32_t res1:1;
-    uint32_t pp:2;
-} ppc_lbat_t;
-#define DABR   spr[SPR_ENCODE(1013)]
+#define DSISR  SPR_ENCODE(18)
+#define DAR    SPR_ENCODE(19)
+#define DECR   SPR_ENCODE(22)
+#define SDR1   SPR_ENCODE(25)
+#define SRR0   SPR_ENCODE(26)
+#define SRR1   SPR_ENCODE(27)
+#define SPRG0  SPR_ENCODE(272)
+#define SPRG1  SPR_ENCODE(273)
+#define SPRG2  SPR_ENCODE(274)
+#define SPRG3  SPR_ENCODE(275)
+#define SPRG4  SPR_ENCODE(276)
+#define SPRG5  SPR_ENCODE(277)
+#define SPRG6  SPR_ENCODE(278)
+#define SPRG7  SPR_ENCODE(279)
+#define ASR    SPR_ENCODE(280)
+#define EAR    SPR_ENCODE(282)
+#define O_TBL  SPR_ENCODE(284)
+#define O_TBU  SPR_ENCODE(285)
+#define PVR    SPR_ENCODE(287)
+#define IBAT0U SPR_ENCODE(528)
+#define IBAT0L SPR_ENCODE(529)
+#define IBAT1U SPR_ENCODE(530)
+#define IBAT1L SPR_ENCODE(531)
+#define IBAT2U SPR_ENCODE(532)
+#define IBAT2L SPR_ENCODE(533)
+#define IBAT3U SPR_ENCODE(534)
+#define IBAT3L SPR_ENCODE(535)
+#define DBAT0U SPR_ENCODE(536)
+#define DBAT0L SPR_ENCODE(537)
+#define DBAT1U SPR_ENCODE(538)
+#define DBAT1L SPR_ENCODE(539)
+#define DBAT2U SPR_ENCODE(540)
+#define DBAT2L SPR_ENCODE(541)
+#define DBAT3U SPR_ENCODE(542)
+#define DBAT3L SPR_ENCODE(543)
+#define IBAT4U SPR_ENCODE(560)
+#define IBAT4L SPR_ENCODE(561)
+#define IBAT5U SPR_ENCODE(562)
+#define IBAT5L SPR_ENCODE(563)
+#define IBAT6U SPR_ENCODE(564)
+#define IBAT6L SPR_ENCODE(565)
+#define IBAT7U SPR_ENCODE(566)
+#define IBAT7L SPR_ENCODE(567)
+#define DBAT4U SPR_ENCODE(568)
+#define DBAT4L SPR_ENCODE(569)
+#define DBAT5U SPR_ENCODE(570)
+#define DBAT5L SPR_ENCODE(571)
+#define DBAT6U SPR_ENCODE(572)
+#define DBAT6L SPR_ENCODE(573)
+#define DBAT7U SPR_ENCODE(574)
+#define DBAT7L SPR_ENCODE(575)
+#define DABR   SPR_ENCODE(1013)
 #define DABR_MASK 0xFFFFFFF8
-typedef struct ppc_dabr_t {
-    uint32_t dab:29;
-    uint32_t bt:1;
-    uint32_t dw:1;
-    uint32_t dr:1;
-} ppc_dabr_t;
-#define FPECR  spr[SPR_ENCODE(1022)]
-#define PIR    spr[SPR_ENCODE(1023)]
+#define FPECR  SPR_ENCODE(1022)
+#define PIR    SPR_ENCODE(1023)
 #define TARGET_PAGE_BITS 12
 #include "cpu-all.h"
@@ -307,10 +277,30 @@ CPUPPCState *cpu_ppc_init(void);
 int cpu_ppc_exec(CPUPPCState *s);
 void cpu_ppc_close(CPUPPCState *s);
 void cpu_ppc_dump_state(CPUPPCState *env, FILE *f, int flags);
+void PPC_init_hw (CPUPPCState *env, uint32_t mem_size,
+                  uint32_t kernel_addr, uint32_t kernel_size,
+                  uint32_t stack_addr, int boot_device);
-/* Exeptions */
+/* Memory access type :
+ * may be needed for precise access rights control and precise exceptions.
+ */
 enum {
-    EXCP_NONE          = 0x00,
+    /* 1 bit to define user level / supervisor access */
+    ACCESS_USER  = 0x00,
+    ACCESS_SUPER = 0x01,
+    /* Type of instruction that generated the access */
+    ACCESS_CODE  = 0x10, /* Code fetch access                */
+    ACCESS_INT   = 0x20, /* Integer load/store access        */
+    ACCESS_FLOAT = 0x30, /* floating point load/store access */
+    ACCESS_RES   = 0x40, /* load/store with reservation      */
+    ACCESS_EXT   = 0x50, /* external access                  */
+    ACCESS_CACHE = 0x60, /* Cache manipulation               */
+};
+
+/*****************************************************************************/
+/* Exceptions */
+enum {
+    EXCP_NONE          = -1,
     /* PPC hardware exceptions : exception vector / 0x100 */
     EXCP_RESET         = 0x01, /* System reset                     */
     EXCP_MACHINE_CHECK = 0x02, /* Machine check exception          */
@@ -326,55 +316,80 @@ enum {
     EXCP_SYSCALL       = 0x0C, /* System call                      */
     EXCP_TRACE         = 0x0D, /* Trace exception (optional)       */
     EXCP_FP_ASSIST     = 0x0E, /* Floating-point assist (optional) */
-#if 0
-    /* Exeption subtypes for EXCP_DSI */
-    EXCP_DSI_TRANSLATE = 0x10301, /* Data address can't be translated */
-    EXCP_DSI_NOTSUP    = 0x10302, /* Access type not supported        */
-    EXCP_DSI_PROT      = 0x10303, /* Memory protection violation      */
-    EXCP_DSI_EXTERNAL  = 0x10304, /* External access disabled         */
-    EXCP_DSI_DABR      = 0x10305, /* Data address breakpoint          */
-    /* Exeption subtypes for EXCP_ISI */
-    EXCP_ISI_TRANSLATE = 0x10401, /* Code address can't be translated */
-    EXCP_ISI_NOTSUP    = 0x10402, /* Access type not supported        */
-    EXCP_ISI_PROT      = 0x10403, /* Memory protection violation      */
-    EXCP_ISI_GUARD     = 0x10404, /* Fetch into guarded memory        */
-    /* Exeption subtypes for EXCP_ALIGN */
-    EXCP_ALIGN_FP      = 0x10601, /* FP alignment exception           */
-    EXCP_ALIGN_LST     = 0x10602, /* Unaligned memory load/store      */
-    EXCP_ALIGN_LE      = 0x10603, /* Unaligned little-endian access   */
-    EXCP_ALIGN_PROT    = 0x10604, /* Access cross protection boundary */
-    EXCP_ALIGN_BAT     = 0x10605, /* Access cross a BAT/seg boundary  */
-    EXCP_ALIGN_CACHE   = 0x10606, /* Impossible dcbz access           */
-    /* Exeption subtypes for EXCP_PROGRAM */
+    /* MPC740/745/750 & IBM 750 */
+    EXCP_PERF          = 0x0F,  /* Performance monitor              */
+    EXCP_IABR          = 0x13,  /* Instruction address breakpoint   */
+    EXCP_SMI           = 0x14,  /* System management interrupt      */
+    EXCP_THRM          = 0x15,  /* Thermal management interrupt     */
+    /* MPC755 */
+    EXCP_TLBMISS       = 0x10,  /* Instruction TLB miss             */
+    EXCP_TLBMISS_DL    = 0x11,  /* Data TLB miss for load           */
+    EXCP_TLBMISS_DS    = 0x12,  /* Data TLB miss for store          */
+    EXCP_PPC_MAX       = 0x16,
+    /* Qemu exception */
+    EXCP_OFCALL        = 0x20,  /* Call open-firmware emulator      */
+    EXCP_RTASCALL      = 0x21,  /* Call RTAS emulator               */
+    /* Special cases where we want to stop translation */
+    EXCP_MTMSR         = 0x104, /* mtmsr instruction:               */
+                                /* may change privilege level       */
+    EXCP_BRANCH        = 0x108, /* branch instruction               */
+    EXCP_RFI           = 0x10C, /* return from interrupt            */
+    EXCP_SYSCALL_USER  = 0x110, /* System call in user mode only    */
+};
+/* Error codes */
+enum {
+    /* Exception subtypes for EXCP_DSI                              */
+    EXCP_DSI_TRANSLATE = 0x01,  /* Data address can't be translated */
+    EXCP_DSI_NOTSUP    = 0x02,  /* Access type not supported        */
+    EXCP_DSI_PROT      = 0x03,  /* Memory protection violation      */
+    EXCP_DSI_EXTERNAL  = 0x04,  /* External access disabled         */
+    EXCP_DSI_DABR      = 0x05,  /* Data address breakpoint          */
+    /* flags for EXCP_DSI */
+    EXCP_DSI_DIRECT    = 0x10,
+    EXCP_DSI_STORE     = 0x20,
+    EXCP_ECXW          = 0x40,
+    /* Exception subtypes for EXCP_ISI                              */
+    EXCP_ISI_TRANSLATE = 0x01,  /* Code address can't be translated */
+    EXCP_ISI_NOEXEC    = 0x02,  /* Try to fetch from a data segment */
+    EXCP_ISI_GUARD     = 0x03,  /* Fetch from guarded memory        */
+    EXCP_ISI_PROT      = 0x04,  /* Memory protection violation      */
+    /* Exception subtypes for EXCP_ALIGN                            */
+    EXCP_ALIGN_FP      = 0x01,  /* FP alignment exception           */
+    EXCP_ALIGN_LST     = 0x02,  /* Unaligned mult/extern load/store */
+    EXCP_ALIGN_LE      = 0x03,  /* Multiple little-endian access    */
+    EXCP_ALIGN_PROT    = 0x04,  /* Access cross protection boundary */
+    EXCP_ALIGN_BAT     = 0x05,  /* Access cross a BAT/seg boundary  */
+    EXCP_ALIGN_CACHE   = 0x06,  /* Impossible dcbz access           */
+    /* Exception subtypes for EXCP_PROGRAM                          */
     /* FP exceptions */
-    EXCP_FP_OX         = 0x10701, /* FP overflow                      */
-    EXCP_FP_UX         = 0x10702, /* FP underflow                     */
-    EXCP_FP_ZX         = 0x10703, /* FP divide by zero                */
-    EXCP_FP_XX         = 0x10704, /* FP inexact                       */
-    EXCP_FP_VXNAN      = 0x10705, /* FP invalid SNaN op               */
-    EXCP_FP_VXISI      = 0x10706, /* FP invalid infinite substraction */
-    EXCP_FP_VXIDI      = 0x10707, /* FP invalid infinite divide       */
-    EXCP_FP_VXZDZ      = 0x10708, /* FP invalid zero divide           */
-    EXCP_FP_VXIMZ      = 0x10709, /* FP invalid infinite * zero       */
-    EXCP_FP_VXVC       = 0x1070A, /* FP invalid compare               */
-    EXCP_FP_VXSOFT     = 0x1070B, /* FP invalid operation             */
-    EXCP_FP_VXSQRT     = 0x1070C, /* FP invalid square root           */
-    EXCP_FP_VXCVI      = 0x1070D, /* FP invalid integer conversion    */
+    EXCP_FP            = 0x10,
+    EXCP_FP_OX         = 0x01,  /* FP overflow                      */
+    EXCP_FP_UX         = 0x02,  /* FP underflow                     */
+    EXCP_FP_ZX         = 0x03,  /* FP divide by zero                */
+    EXCP_FP_XX         = 0x04,  /* FP inexact                       */
+    EXCP_FP_VXNAN      = 0x05,  /* FP invalid SNaN op               */
+    EXCP_FP_VXISI      = 0x06,  /* FP invalid infinite substraction */
+    EXCP_FP_VXIDI      = 0x07,  /* FP invalid infinite divide       */
+    EXCP_FP_VXZDZ      = 0x08,  /* FP invalid zero divide           */
+    EXCP_FP_VXIMZ      = 0x09,  /* FP invalid infinite * zero       */
+    EXCP_FP_VXVC       = 0x0A,  /* FP invalid compare               */
+    EXCP_FP_VXSOFT     = 0x0B,  /* FP invalid operation             */
+    EXCP_FP_VXSQRT     = 0x0C,  /* FP invalid square root           */
+    EXCP_FP_VXCVI      = 0x0D,  /* FP invalid integer conversion    */
     /* Invalid instruction */
-    EXCP_INVAL_INVAL   = 0x10711, /* Invalid instruction              */
-    EXCP_INVAL_LSWX    = 0x10712, /* Invalid lswx instruction         */
-    EXCP_INVAL_SPR     = 0x10713, /* Invalid SPR access               */
-    EXCP_INVAL_FP      = 0x10714, /* Unimplemented mandatory fp instr */
-#endif
-    EXCP_INVAL         = 0x70,    /* Invalid instruction              */
+    EXCP_INVAL         = 0x20,
+    EXCP_INVAL_INVAL   = 0x01,  /* Invalid instruction              */
+    EXCP_INVAL_LSWX    = 0x02,  /* Invalid lswx instruction         */
+    EXCP_INVAL_SPR     = 0x03,  /* Invalid SPR access               */
+    EXCP_INVAL_FP      = 0x04,  /* Unimplemented mandatory fp instr */
     /* Privileged instruction */
-    EXCP_PRIV          = 0x71,    /* Privileged instruction           */
+    EXCP_PRIV          = 0x30,
+    EXCP_PRIV_OPC      = 0x01,
+    EXCP_PRIV_REG      = 0x02,
     /* Trap */
-    EXCP_TRAP          = 0x72,    /* Trap                             */
-    /* Special cases where we want to stop translation */
-    EXCP_MTMSR         = 0x103,   /* mtmsr instruction:               */
-                                  /* may change privilege level       */
-    EXCP_BRANCH        = 0x104,   /* branch instruction               */
+    EXCP_TRAP          = 0x40,
 };
+/*****************************************************************************/
+
 #endif /* !defined (__CPU_PPC_H__) */
@@ -41,126 +41,119 @@ register uint32_t T2 asm(AREG3);
 #include "cpu.h"
 #include "exec-all.h"
-static inline uint8_t ld8 (uint32_t EA)
+static inline uint32_t rotl (uint32_t i, int n)
 {
-    return *((uint8_t *)EA);
+    return ((i << n) | (i >> (32 - n)));
 }
-static inline uint16_t ld16 (uint32_t EA)
-{
-    return __be16_to_cpu(*((uint16_t *)EA));
-}
+/* XXX: move that to a generic header */
+#if !defined(CONFIG_USER_ONLY)
-static inline uint16_t ld16r (uint32_t EA)
-{
-    return __le16_to_cpu(*((uint16_t *)EA));
-}
+#define ldul_user ldl_user
+#define ldul_kernel ldl_kernel
-static inline uint32_t ld32 (uint32_t EA)
-{
-    return __be32_to_cpu(*((uint32_t *)EA));
-}
-
-static inline uint32_t ld32r (uint32_t EA)
-{
-    return __le32_to_cpu(*((uint32_t *)EA));
-}
+#define ACCESS_TYPE 0
+#define MEMSUFFIX _kernel
+#define DATA_SIZE 1
+#include "softmmu_header.h"
-static inline uint64_t ld64 (uint32_t EA)
-{
-    return __be64_to_cpu(*((uint64_t *)EA));
-}
+#define DATA_SIZE 2
+#include "softmmu_header.h"
-static inline uint64_t ld64r (uint32_t EA)
-{
-    return __le64_to_cpu(*((uint64_t *)EA));
-}
+#define DATA_SIZE 4
+#include "softmmu_header.h"
-static inline void st8 (uint32_t EA, uint8_t data)
-{
-    *((uint8_t *)EA) = data;
-}
+#define DATA_SIZE 8
+#include "softmmu_header.h"
+#undef ACCESS_TYPE
+#undef MEMSUFFIX
-static inline void st16 (uint32_t EA, uint16_t data)
-{
-    *((uint16_t *)EA) = __cpu_to_be16(data);
-}
+#define ACCESS_TYPE 1
+#define MEMSUFFIX _user
+#define DATA_SIZE 1
+#include "softmmu_header.h"
-static inline void st16r (uint32_t EA, uint16_t data)
-{
-    *((uint16_t *)EA) = __cpu_to_le16(data);
-}
+#define DATA_SIZE 2
+#include "softmmu_header.h"
-static inline void st32 (uint32_t EA, uint32_t data)
-{
-    *((uint32_t *)EA) = __cpu_to_be32(data);
-}
+#define DATA_SIZE 4
+#include "softmmu_header.h"
-static inline void st32r (uint32_t EA, uint32_t data)
-{
-    *((uint32_t *)EA) = __cpu_to_le32(data);
-}
+#define DATA_SIZE 8
+#include "softmmu_header.h"
+#undef ACCESS_TYPE
+#undef MEMSUFFIX
-static inline void st64 (uint32_t EA, uint64_t data)
-{
-    *((uint64_t *)EA) = __cpu_to_be64(data);
-}
+/* these access are slower, they must be as rare as possible */
+#define ACCESS_TYPE 2
+#define MEMSUFFIX _data
+#define DATA_SIZE 1
+#include "softmmu_header.h"
-static inline void st64r (uint32_t EA, uint64_t data)
-{
-    *((uint64_t *)EA) = __cpu_to_le64(data);
-}
+#define DATA_SIZE 2
+#include "softmmu_header.h"
-static inline void set_CRn(int n, uint8_t value)
-{
-    env->crf[n] = value;
-}
+#define DATA_SIZE 4
+#include "softmmu_header.h"
-static inline void set_carry (void)
-{
-    xer_ca = 1;
-}
+#define DATA_SIZE 8
+#include "softmmu_header.h"
+#undef ACCESS_TYPE
+#undef MEMSUFFIX
-static inline void reset_carry (void)
-{
-    xer_ca = 0;
-}
+#define ldub(p) ldub_data(p)
+#define ldsb(p) ldsb_data(p)
+#define lduw(p) lduw_data(p)
+#define ldsw(p) ldsw_data(p)
+#define ldl(p) ldl_data(p)
+#define ldq(p) ldq_data(p)
-static inline void set_overflow (void)
-{
-    xer_so = 1;
-    xer_ov = 1;
-}
+#define stb(p, v) stb_data(p, v)
+#define stw(p, v) stw_data(p, v)
+#define stl(p, v) stl_data(p, v)
+#define stq(p, v) stq_data(p, v)
-static inline void reset_overflow (void)
-{
-    xer_ov = 0;
-}
+#endif /* !defined(CONFIG_USER_ONLY) */
-static inline uint32_t rotl (uint32_t i, int n)
-{
-    return ((i << n) | (i >> (32 - n)));
-}
+int check_exception_state (CPUState *env);
-void raise_exception (int exception_index);
-void raise_exception_err (int exception_index, int error_code);
+void do_queue_exception_err (uint32_t exception, int error_code);
+void do_queue_exception (uint32_t exception);
+void do_process_exceptions (void);
+void do_check_exception_state (void);
-uint32_t do_load_cr (void);
-void do_store_cr (uint32_t crn, uint32_t value);
-uint32_t do_load_xer (void);
-void do_store_xer (uint32_t value);
-uint32_t do_load_msr (void);
-void do_store_msr (uint32_t msr_value);
+void do_load_cr (void);
+void do_store_cr (uint32_t mask);
+void do_load_xer (void);
+void do_store_xer (void);
+void do_load_msr (void);
+void do_store_msr (void);
 void do_load_fpscr (void);
 void do_store_fpscr (uint32_t mask);
-int32_t do_sraw(int32_t Ta, uint32_t Tb);
-void do_lmw (int reg, uint32_t src);
-void do_stmw (int reg, uint32_t dest);
-void do_lsw (uint32_t reg, int count, uint32_t src);
-void do_stsw (uint32_t reg, int count, uint32_t dest);
+void do_sraw(void);
+
+void do_fctiw (void);
+void do_fctiwz (void);
+void do_fsqrt (void);
+void do_fsqrts (void);
+void do_fres (void);
+void do_fsqrte (void);
+void do_fsel (void);
+void do_fcmpu (void);
+void do_fcmpo (void);
+void do_fabs (void);
+void do_fnabs (void);
-void do_dcbz (void);
 void do_icbi (void);
+void do_tlbia (void);
+void do_tlbie (void);
+
+void dump_rfi (void);
+void dump_store_sr (int srnum);
+void dump_store_ibat (int ul, int nr);
+void dump_store_dbat (int ul, int nr);
+void dump_store_tb (int ul);
+void dump_update_tb(uint32_t param);
 #endif /* !defined (__PPC_H__) */
@@ -17,56 +17,642 @@
  * License along with this library; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
+#include <sys/mman.h>
+
 #include "exec.h"
+#if defined (USE_OPEN_FIRMWARE)
+#include "of.h"
+#endif
+
+//#define DEBUG_MMU
+//#define DEBUG_BATS
+//#define DEBUG_EXCEPTIONS
+
+extern FILE *logfile, *stderr;
+void exit (int);
+void abort (void);
-extern FILE *logfile;
+int phys_ram_size;
+int phys_ram_fd;
+uint8_t *phys_ram_base;
 void cpu_loop_exit(void)
 {
     longjmp(env->jmp_env, 1);
 }
-/* shortcuts to generate exceptions */
-void raise_exception_err (int exception_index, int error_code)
+void do_process_exceptions (void)
 {
-    env->exception_index = exception_index;
-    env->error_code = error_code;
-
     cpu_loop_exit();
 }
-void raise_exception (int exception_index)
+int check_exception_state (CPUState *env)
 {
-    env->exception_index = exception_index;
-    env->error_code = 0;
+    int i;
-    cpu_loop_exit();
+    /* Process PPC exceptions */
+    for (i = 1; i  < EXCP_PPC_MAX; i++) {
+        if (env->exceptions & (1 << i)) {
+            switch (i) {
+            case EXCP_EXTERNAL:
+            case EXCP_DECR:
+                if (msr_ee == 0)
+                    return 0;
+                break;
+            case EXCP_PROGRAM:
+                if (env->errors[EXCP_PROGRAM] == EXCP_FP &&
+                    msr_fe0 == 0 && msr_fe1 == 0)
+                    return 0;
+                break;
+            default:
+                break;
+            }
+            env->exception_index = i;
+            env->error_code = env->errors[i];
+            return 1;
+        }
+    }
+
+    return 0;
+}
+
+/*****************************************************************************/
+/* PPC MMU emulation */
+/* Perform BAT hit & translation */
+static int get_bat (CPUState *env, uint32_t *real, int *prot,
+                    uint32_t virtual, int rw, int type)
+{
+    uint32_t *BATlt, *BATut, *BATu, *BATl;
+    uint32_t base, BEPIl, BEPIu, bl;
+    int i;
+    int ret = -1;
+
+#if defined (DEBUG_BATS)
+    if (loglevel > 0) {
+        fprintf(logfile, "%s: %cBAT v 0x%08x\n", __func__,
+               type == ACCESS_CODE ? 'I' : 'D', virtual);
+    }
+    printf("%s: %cBAT v 0x%08x\n", __func__,
+           type == ACCESS_CODE ? 'I' : 'D', virtual);
+#endif
+    switch (type) {
+    case ACCESS_CODE:
+        BATlt = env->IBAT[1];
+        BATut = env->IBAT[0];
+        break;
+    default:
+        BATlt = env->DBAT[1];
+        BATut = env->DBAT[0];
+        break;
+    }
+#if defined (DEBUG_BATS)
+    if (loglevel > 0) {
+        fprintf(logfile, "%s...: %cBAT v 0x%08x\n", __func__,
+               type == ACCESS_CODE ? 'I' : 'D', virtual);
+    }
+    printf("%s...: %cBAT v 0x%08x\n", __func__,
+           type == ACCESS_CODE ? 'I' : 'D', virtual);
+#endif
+    base = virtual & 0xFFFC0000;
+    for (i = 0; i < 4; i++) {
+        BATu = &BATut[i];
+        BATl = &BATlt[i];
+        BEPIu = *BATu & 0xF0000000;
+        BEPIl = *BATu & 0x0FFE0000;
+        bl = (*BATu & 0x00001FFC) << 15;
+#if defined (DEBUG_BATS)
+        if (loglevel > 0) {
+            fprintf(logfile, "%s: %cBAT%d v 0x%08x BATu 0x%08x BATl 0x%08x\n",
+                    __func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual,
+                    *BATu, *BATl);
+        } else {
+            printf("%s: %cBAT%d v 0x%08x BATu 0x%08x BATl 0x%08x\n",
+                   __func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual,
+                   *BATu, *BATl);
+        }
+#endif
+        if ((virtual & 0xF0000000) == BEPIu &&
+            ((virtual & 0x0FFE0000) & ~bl) == BEPIl) {
+            /* BAT matches */
+            if ((msr_pr == 0 && (*BATu & 0x00000002)) ||
+                (msr_pr == 1 && (*BATu & 0x00000001))) {
+                /* Get physical address */
+                *real = (*BATl & 0xF0000000) |
+                    ((virtual & 0x0FFE0000 & bl) | (*BATl & 0x0FFE0000)) |
+                    (virtual & 0x0001FFFF);
+                if (*BATl & 0x00000001)
+                    *prot = PROT_READ;
+                if (*BATl & 0x00000002)
+                    *prot = PROT_WRITE | PROT_READ;
+#if defined (DEBUG_BATS)
+                if (loglevel > 0) {
+                    fprintf(logfile, "BAT %d match: r 0x%08x prot=%c%c\n",
+                            i, *real, *prot & PROT_READ ? 'R' : '-',
+                            *prot & PROT_WRITE ? 'W' : '-');
+                } else {
+                    printf("BAT %d match: 0x%08x => 0x%08x prot=%c%c\n",
+                           i, virtual, *real, *prot & PROT_READ ? 'R' : '-',
+                           *prot & PROT_WRITE ? 'W' : '-');
+                }
+#endif
+                ret = 0;
+                break;
+            }
+        }
+    }
+    if (ret < 0) {
+#if defined (DEBUG_BATS)
+        printf("no BAT match for 0x%08x:\n", virtual);
+        for (i = 0; i < 4; i++) {
+            BATu = &BATut[i];
+            BATl = &BATlt[i];
+            BEPIu = *BATu & 0xF0000000;
+            BEPIl = *BATu & 0x0FFE0000;
+            bl = (*BATu & 0x00001FFC) << 15;
+            printf("%s: %cBAT%d v 0x%08x BATu 0x%08x BATl 0x%08x \n\t"
+                   "0x%08x 0x%08x 0x%08x\n",
+                   __func__, type == ACCESS_CODE ? 'I' : 'D', i, virtual,
+                   *BATu, *BATl, BEPIu, BEPIl, bl);
+        }
+#endif
+        env->spr[DAR] = virtual;
+    }
+    /* No hit */
+    return ret;
+}
+
+/* PTE table lookup */
+static int find_pte (uint32_t *RPN, int *prot, uint32_t base, uint32_t va,
+                     int h, int key, int rw)
+{
+    uint32_t pte0, pte1, keep = 0;
+    int i, good = -1, store = 0;
+    int ret = -1; /* No entry found */
+
+    for (i = 0; i < 8; i++) {
+        pte0 = ldl_raw((void *)((uint32_t)phys_ram_base + base + (i * 8)));
+        pte1 =  ldl_raw((void *)((uint32_t)phys_ram_base + base + (i * 8) + 4));
+#if defined (DEBUG_MMU)
+        printf("Load pte from 0x%08x => 0x%08x 0x%08x\n", base + (i * 8),
+               pte0, pte1);
+#endif
+        /* Check validity and table match */
+        if (pte0 & 0x80000000 && (h == ((pte0 >> 6) & 1))) {
+#if defined (DEBUG_MMU)
+            printf("PTE is valid and table matches... compare 0x%08x:%08x\n",
+                   pte0 & 0x7FFFFFBF, va);
+#endif
+            /* Check vsid & api */
+            if ((pte0 & 0x7FFFFFBF) == va) {
+#if defined (DEBUG_MMU)
+                printf("PTE match !\n");
+#endif
+                if (good == -1) {
+                    good = i;
+                    keep = pte1;
+                } else {
+                    /* All matches should have equal RPN, WIMG & PP */
+                    if ((keep & 0xFFFFF07B) != (pte1 & 0xFFFFF07B)) {
+                        printf("Bad RPN/WIMG/PP\n");
+                        return -1;
+                    }
+                }
+                /* Check access rights */
+                if (key == 0) {
+                    *prot = PROT_READ;
+                    if ((pte1 & 0x00000003) != 0x3)
+                        *prot |= PROT_WRITE;
+                } else {
+                    switch (pte1 & 0x00000003) {
+                    case 0x0:
+                        *prot = 0;
+                        break;
+                    case 0x1:
+                    case 0x3:
+                        *prot = PROT_READ;
+                        break;
+                    case 0x2:
+                        *prot = PROT_READ | PROT_WRITE;
+                        break;
+                    }
+                }
+                if ((rw == 0 && *prot != 0) ||
+                    (rw == 1 && (*prot & PROT_WRITE))) {
+#if defined (DEBUG_MMU)
+                    printf("PTE access granted !\n");
+#endif
+                    good = i;
+                    keep = pte1;
+                    ret = 0;
+                } else if (ret == -1) {
+                    ret = -2; /* Access right violation */
+#if defined (DEBUG_MMU)
+                    printf("PTE access rejected\n");
+#endif
+                }
+            }
+        }
+    }
+    if (good != -1) {
+        *RPN = keep & 0xFFFFF000;
+#if defined (DEBUG_MMU)
+        printf("found PTE at addr 0x%08x prot=0x%01x ret=%d\n",
+               *RPN, *prot, ret);
+#endif
+        /* Update page flags */
+        if (!(keep & 0x00000100)) {
+            keep |= 0x00000100;
+            store = 1;
+        }
+        if (rw) {
+            if (!(keep & 0x00000080)) {
+                keep |= 0x00000080;
+                store = 1;
+            }
+        }
+        if (store)
+            stl_raw((void *)(base + (good * 2) + 1), keep);
+    }
+
+    return ret;
 }
-/* Helpers for "fat" micro operations */
-uint32_t do_load_cr (void)
+static inline uint32_t get_pgaddr (uint32_t sdr1, uint32_t hash, uint32_t mask)
 {
-    return (env->crf[0] << 28) |
-        (env->crf[1] << 24) |
-        (env->crf[2] << 20) |
-        (env->crf[3] << 16) |
-        (env->crf[4] << 12) |
-        (env->crf[5] << 8) |
-        (env->crf[6] << 4) |
-        (env->crf[7] << 0);
+    return (sdr1 & 0xFFFF0000) | (hash & mask);
 }
-void do_store_cr (uint32_t crn, uint32_t value)
+/* Perform segment based translation */
+static int get_segment (CPUState *env, uint32_t *real, int *prot,
+                        uint32_t virtual, int rw, int type)
 {
-    int i, sh;
+    uint32_t pg_addr, sdr, ptem, vsid, pgidx;
+    uint32_t hash, mask;
+    uint32_t sr;
+    int key;
+    int ret = -1, ret2;
-    for (i = 0, sh = 7; i < 8; i++, sh --) {
-        if (crn & (1 << sh))
-            env->crf[i] = (value >> (sh * 4)) & 0xF;
+    sr = env->sr[virtual >> 28];
+#if defined (DEBUG_MMU)
+    printf("Check segment v=0x%08x %d 0x%08x nip=0x%08x lr=0x%08x ir=%d dr=%d "
+           "pr=%d t=%d\n", virtual, virtual >> 28, sr, env->nip,
+           env->lr, msr_ir, msr_dr, msr_pr, type);
+#endif
+    key = ((sr & 0x20000000) && msr_pr == 1) ||
+        ((sr & 0x40000000) && msr_pr == 0) ? 1 : 0;
+    if ((sr & 0x80000000) == 0) {
+#if defined (DEBUG_MMU)
+        printf("pte segment: key=%d n=0x%08x\n", key, sr & 0x10000000);
+#endif
+        /* Check if instruction fetch is allowed, if needed */
+        if (type != ACCESS_CODE || (sr & 0x10000000) == 0) {
+            /* Page address translation */
+            vsid = sr & 0x00FFFFFF;
+            pgidx = (virtual >> 12) & 0xFFFF;
+            sdr = env->spr[SDR1];
+            hash = ((vsid ^ pgidx) & 0x07FFFF) << 6;
+            mask = ((sdr & 0x000001FF) << 16) | 0xFFC0;
+            pg_addr = get_pgaddr(sdr, hash, mask);
+            ptem = (vsid << 7) | (pgidx >> 10);
+#if defined (DEBUG_MMU)
+            printf("0 sdr1=0x%08x vsid=0x%06x api=0x%04x hash=0x%07x "
+                   "pg_addr=0x%08x\n", sdr, vsid, pgidx, hash, pg_addr);
+#endif
+            /* Primary table lookup */
+            ret = find_pte(real, prot, pg_addr, ptem, 0, key, rw);
+            if (ret < 0) {
+                /* Secondary table lookup */
+                hash = (~hash) & 0x01FFFFC0;
+                pg_addr = get_pgaddr(sdr, hash, mask);
+#if defined (DEBUG_MMU)
+                printf("1 sdr1=0x%08x vsid=0x%06x api=0x%04x hash=0x%05x "
+                       "pg_addr=0x%08x\n", sdr, vsid, pgidx, hash, pg_addr);
+#endif
+                ret2 = find_pte(real, prot, pg_addr, ptem, 1, key, rw);
+                if (ret2 != -1)
+                    ret = ret2;
+            }
+            if (ret != -1)
+                *real |= (virtual & 0x00000FFF);
+            if (ret == -2 && type == ACCESS_CODE && (sr & 0x10000000))
+                ret = -3;
+        } else {
+#if defined (DEBUG_MMU)
+            printf("No access allowed\n");
+#endif
+        }
+    } else {
+#if defined (DEBUG_MMU)
+        printf("direct store...\n");
+#endif
+        /* Direct-store segment : absolutely *BUGGY* for now */
+        switch (type) {
+        case ACCESS_INT:
+            /* Integer load/store : only access allowed */
+            break;
+        case ACCESS_CODE:
+            /* No code fetch is allowed in direct-store areas */
+            return -4;
+        case ACCESS_FLOAT:
+            /* Floating point load/store */
+            return -4;
+        case ACCESS_RES:
+            /* lwarx, ldarx or srwcx. */
+            return -4;
+        case ACCESS_CACHE:
+            /* dcba, dcbt, dcbtst, dcbf, dcbi, dcbst, dcbz, or icbi */
+            /* Should make the instruction do no-op.
+             * As it already do no-op, it's quite easy :-)
+             */
+            *real = virtual;
+            return 0;
+        case ACCESS_EXT:
+            /* eciwx or ecowx */
+            return -4;
+        default:
+            if (logfile) {
+                fprintf(logfile, "ERROR: instruction should not need "
+                        "address translation\n");
+            }
+            printf("ERROR: instruction should not need "
+                   "address translation\n");
+            return -4;
+        }
+        if ((rw == 1 || key != 1) && (rw == 0 || key != 0)) {
+            *real = virtual;
+            ret = 2;
+        } else {
+            ret = -2;
+        }
     }
+
+    return ret;
 }
-uint32_t do_load_xer (void)
+int get_physical_address (CPUState *env, uint32_t *physical, int *prot,
+                          uint32_t address, int rw, int access_type)
+{
+    int ret;
+
+    if (loglevel > 0) {
+        fprintf(logfile, "%s\n", __func__);
+    }
+    if ((access_type == ACCESS_CODE && msr_ir == 0) || msr_dr == 0) {
+        /* No address translation */
+        *physical = address;
+        *prot = PROT_READ | PROT_WRITE;
+        ret = 0;
+    } else {
+        /* Try to find a BAT */
+        ret = get_bat(env, physical, prot, address, rw, access_type);
+        if (ret < 0) {
+            /* We didn't match any BAT entry */
+            ret = get_segment(env, physical, prot, address, rw, access_type);
+        }
+    }
+    
+    return ret;
+}
+
+
+#if !defined(CONFIG_USER_ONLY) 
+
+#define MMUSUFFIX _mmu
+#define GETPC() (__builtin_return_address(0))
+
+#define SHIFT 0
+#include "softmmu_template.h"
+
+#define SHIFT 1
+#include "softmmu_template.h"
+
+#define SHIFT 2
+#include "softmmu_template.h"
+
+#define SHIFT 3
+#include "softmmu_template.h"
+
+/* try to fill the TLB and return an exception if error. If retaddr is
+   NULL, it means that the function was called in C code (i.e. not
+   from generated code or from helper.c) */
+/* XXX: fix it to restore all registers */
+void tlb_fill(unsigned long addr, int is_write, int flags, void *retaddr)
+{
+    TranslationBlock *tb;
+    int ret, is_user;
+    unsigned long pc;
+    CPUState *saved_env;
+
+    /* XXX: hack to restore env in all cases, even if not called from
+       generated code */
+    saved_env = env;
+    env = cpu_single_env;
+    is_user = flags & 0x01;
+    {
+        unsigned long tlb_addrr, tlb_addrw;
+        int index;
+        index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+        tlb_addrr = env->tlb_read[is_user][index].address;
+        tlb_addrw = env->tlb_write[is_user][index].address;
+#if 0
+        printf("%s 1 %p %p idx=%d addr=0x%08lx tbl_addr=0x%08lx 0x%08lx "
+               "(0x%08lx 0x%08lx)\n", __func__, env,
+               &env->tlb_read[is_user][index], index, addr,
+               tlb_addrr, tlb_addrw, addr & TARGET_PAGE_MASK,
+               tlb_addrr & (TARGET_PAGE_MASK | TLB_INVALID_MASK));
+#endif
+    }
+    ret = cpu_handle_mmu_fault(env, addr, is_write, flags, 1);
+    if (ret) {
+        if (retaddr) {
+            /* now we have a real cpu fault */
+            pc = (unsigned long)retaddr;
+            tb = tb_find_pc(pc);
+            if (tb) {
+                /* the PC is inside the translated code. It means that we have
+                   a virtual CPU fault */
+                cpu_restore_state(tb, env, pc);
+            }
+        }
+        do_queue_exception_err(env->exception_index, env->error_code);
+        do_process_exceptions();
+    }
+    {
+        unsigned long tlb_addrr, tlb_addrw;
+        int index;
+        index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+        tlb_addrr = env->tlb_read[is_user][index].address;
+        tlb_addrw = env->tlb_write[is_user][index].address;
+#if 0
+        printf("%s 2 %p %p idx=%d addr=0x%08lx tbl_addr=0x%08lx 0x%08lx "
+               "(0x%08lx 0x%08lx)\n", __func__, env,
+               &env->tlb_read[is_user][index], index, addr,
+               tlb_addrr, tlb_addrw, addr & TARGET_PAGE_MASK,
+               tlb_addrr & (TARGET_PAGE_MASK | TLB_INVALID_MASK));
+#endif
+    }
+    env = saved_env;
+}
+
+void cpu_ppc_init_mmu(CPUPPCState *env)
+{
+    /* Nothing to do: all translation are disabled */
+}
+#endif
+
+/* Perform address translation */
+int cpu_ppc_handle_mmu_fault (CPUState *env, uint32_t address, int rw,
+                              int flags, int is_softmmu)
+{
+    uint32_t physical;
+    int prot;
+    int exception = 0, error_code = 0;
+    int is_user, access_type;
+    int ret = 0;
+
+//    printf("%s 0\n", __func__);
+    is_user = flags & 0x01;
+    access_type = flags & ~0x01;
+    if (env->user_mode_only) {
+        /* user mode only emulation */
+        ret = -1;
+        goto do_fault;
+    }
+    ret = get_physical_address(env, &physical, &prot,
+                               address, rw, access_type);
+    if (ret == 0) {
+        ret = tlb_set_page(env, address, physical, prot, is_user, is_softmmu);
+    } else if (ret < 0) {
+    do_fault:
+#if defined (DEBUG_MMU)
+        printf("%s 5\n", __func__);
+        printf("nip=0x%08x LR=0x%08x CTR=0x%08x MSR=0x%08x TBL=0x%08x\n",
+               env->nip, env->lr, env->ctr, /*msr*/0, env->tb[0]);
+        {
+            int  i;
+            for (i = 0; i < 32; i++) {
+                if ((i & 7) == 0)
+                    printf("GPR%02d:", i);
+                printf(" %08x", env->gpr[i]);
+                if ((i & 7) == 7)
+                    printf("\n");
+            }
+            printf("CR: 0x");
+            for (i = 0; i < 8; i++)
+                printf("%01x", env->crf[i]);
+            printf("  [");
+            for (i = 0; i < 8; i++) {
+                char a = '-';
+                if (env->crf[i] & 0x08)
+                    a = 'L';
+                else if (env->crf[i] & 0x04)
+                    a = 'G';
+                else if (env->crf[i] & 0x02)
+                    a = 'E';
+                printf(" %c%c", a, env->crf[i] & 0x01 ? 'O' : ' ');
+            }
+            printf(" ] ");
+        }
+        printf("TB: 0x%08x %08x\n", env->tb[1], env->tb[0]);
+        printf("SRR0 0x%08x SRR1 0x%08x\n", env->spr[SRR0], env->spr[SRR1]);
+#endif
+        if (access_type == ACCESS_CODE) {
+            exception = EXCP_ISI;
+            switch (ret) {
+            case -1:
+                /* No matches in page tables */
+                error_code = EXCP_ISI_TRANSLATE;
+                break;
+            case -2:
+                /* Access rights violation */
+                error_code = EXCP_ISI_PROT;
+                break;
+            case -3:
+                error_code = EXCP_ISI_NOEXEC;
+                break;
+            case -4:
+                /* Direct store exception */
+                /* No code fetch is allowed in direct-store areas */
+                exception = EXCP_ISI;
+                error_code = EXCP_ISI_NOEXEC;
+                break;
+            }
+        } else {
+            exception = EXCP_DSI;
+            switch (ret) {
+            case -1:
+                /* No matches in page tables */
+                error_code = EXCP_DSI_TRANSLATE;
+                break;
+            case -2:
+                /* Access rights violation */
+                error_code = EXCP_DSI_PROT;
+                break;
+            case -4:
+                /* Direct store exception */
+                switch (access_type) {
+                case ACCESS_FLOAT:
+                    /* Floating point load/store */
+                    exception = EXCP_ALIGN;
+                    error_code = EXCP_ALIGN_FP;
+                    break;
+                case ACCESS_RES:
+                    /* lwarx, ldarx or srwcx. */
+                    exception = EXCP_DSI;
+                    error_code = EXCP_DSI_NOTSUP | EXCP_DSI_DIRECT;
+                    if (rw)
+                        error_code |= EXCP_DSI_STORE;
+                    break;
+                case ACCESS_EXT:
+                    /* eciwx or ecowx */
+                    exception = EXCP_DSI;
+                    error_code = EXCP_DSI_NOTSUP | EXCP_DSI_DIRECT | EXCP_ECXW;
+                    break;
+                default:
+                    exception = EXCP_PROGRAM;
+                    error_code = EXCP_INVAL | EXCP_INVAL_INVAL;
+                    break;
+                }
+            }
+            if (rw)
+                error_code |= EXCP_DSI_STORE;
+            /* Should find a better solution:
+             * this will be invalid for some exception if more than one
+             * exception occurs for one instruction
+             */
+            env->spr[DSISR] = 0;
+            if (error_code & EXCP_DSI_DIRECT) {
+                env->spr[DSISR] |= 0x80000000;
+                if (access_type == ACCESS_EXT ||
+                    access_type == ACCESS_RES)
+                    env->spr[DSISR] |= 0x04000000;
+            }
+            if ((error_code & 0xF) == EXCP_DSI_TRANSLATE)
+                env->spr[DSISR] |= 0x40000000;
+            if (error_code & EXCP_DSI_PROT)
+                env->spr[DSISR] |= 0x08000000;
+            if (error_code & EXCP_DSI_STORE)
+                env->spr[DSISR] |= 0x02000000;
+            if ((error_code & 0xF) == EXCP_DSI_DABR)
+                env->spr[DSISR] |= 0x00400000;
+            if (access_type == ACCESS_EXT)
+                env->spr[DSISR] |= 0x00100000;
+        }
+#if 0
+        printf("%s: set exception to %d %02x\n",
+               __func__, exception, error_code);
+#endif
+        env->exception_index = exception;
+        env->error_code = error_code;
+        /* Store fault address */
+        env->spr[DAR] = address;
+        ret = 1;
+    }
+
+    return ret;
+}
+
+uint32_t _load_xer (void)
 {
     return (xer_so << XER_SO) |
         (xer_ov << XER_OV) |
@@ -74,7 +660,7 @@ uint32_t do_load_xer (void)
         (xer_bc << XER_BC);
 }
-void do_store_xer (uint32_t value)
+void _store_xer (uint32_t value)
 {
     xer_so = (value >> XER_SO) & 0x01;
     xer_ov = (value >> XER_OV) & 0x01;
@@ -82,7 +668,7 @@ void do_store_xer (uint32_t value)
     xer_bc = (value >> XER_BC) & 0x1f;
 }
-uint32_t do_load_msr (void)
+uint32_t _load_msr (void)
 {
     return (msr_pow << MSR_POW) |
         (msr_ile << MSR_ILE) |
@@ -101,167 +687,255 @@ uint32_t do_load_msr (void)
         (msr_le << MSR_LE);
 }
-void do_store_msr (uint32_t msr_value)
+void _store_msr (uint32_t value)
 {
-    msr_pow = (msr_value >> MSR_POW) & 0x03;
-    msr_ile = (msr_value >> MSR_ILE) & 0x01;
-    msr_ee = (msr_value >> MSR_EE) & 0x01;
-    msr_pr = (msr_value >> MSR_PR) & 0x01;
-    msr_fp = (msr_value >> MSR_FP) & 0x01;
-    msr_me = (msr_value >> MSR_ME) & 0x01;
-    msr_fe0 = (msr_value >> MSR_FE0) & 0x01;
-    msr_se = (msr_value >> MSR_SE) & 0x01;
-    msr_be = (msr_value >> MSR_BE) & 0x01;
-    msr_fe1 = (msr_value >> MSR_FE1) & 0x01;
-    msr_ip = (msr_value >> MSR_IP) & 0x01;
-    msr_ir = (msr_value >> MSR_IR) & 0x01;
-    msr_dr = (msr_value >> MSR_DR) & 0x01;
-    msr_ri = (msr_value >> MSR_RI) & 0x01;
-    msr_le = (msr_value >> MSR_LE) & 0x01;
+    msr_pow = (value >> MSR_POW) & 0x03;
+    msr_ile = (value >> MSR_ILE) & 0x01;
+    msr_ee = (value >> MSR_EE) & 0x01;
+    msr_pr = (value >> MSR_PR) & 0x01;
+    msr_fp = (value >> MSR_FP) & 0x01;
+    msr_me = (value >> MSR_ME) & 0x01;
+    msr_fe0 = (value >> MSR_FE0) & 0x01;
+    msr_se = (value >> MSR_SE) & 0x01;
+    msr_be = (value >> MSR_BE) & 0x01;
+    msr_fe1 = (value >> MSR_FE1) & 0x01;
+    msr_ip = (value >> MSR_IP) & 0x01;
+    msr_ir = (value >> MSR_IR) & 0x01;
+    msr_dr = (value >> MSR_DR) & 0x01;
+    msr_ri = (value >> MSR_RI) & 0x01;
+    msr_le = (value >> MSR_LE) & 0x01;
 }
-/* The 32 MSB of the target fpr are undefined. They'll be zero... */
-/* Floating point operations helpers */
-void do_load_fpscr (void)
+void do_interrupt (CPUState *env)
 {
-    /* The 32 MSB of the target fpr are undefined.
-     * They'll be zero...
-     */
-    union {
-        double d;
-        struct {
-            uint32_t u[2];
-        } s;
-    } u;
-    int i;
-
-    u.s.u[0] = 0;
-    u.s.u[1] = 0;
-    for (i = 0; i < 8; i++)
-        u.s.u[1] |= env->fpscr[i] << (4 * i);
-    FT0 = u.d;
-}
+#if defined (CONFIG_USER_ONLY)
+    env->exception_index |= 0x100;
+#else
+    uint32_t msr;
+    int excp = env->exception_index;
-void do_store_fpscr (uint32_t mask)
-{
-    /*
-     * We use only the 32 LSB of the incoming fpr
-     */
-    union {
-        double d;
-        struct {
-            uint32_t u[2];
-        } s;
-    } u;
+    /* Dequeue PPC exceptions */
+    if (excp < EXCP_PPC_MAX)
+        env->exceptions &= ~(1 << excp);
+    msr = _load_msr();
+#if defined (DEBUG_EXCEPTIONS)
+    if (excp != EXCP_DECR && excp == EXCP_PROGRAM && excp < EXCP_PPC_MAX) 
+    {
+        if (loglevel > 0) {
+            fprintf(logfile, "Raise exception at 0x%08x => 0x%08x (%02x)\n",
+                    env->nip, excp << 8, env->error_code);
+        } else {
+            printf("Raise exception at 0x%08x => 0x%08x (%02x)\n",
+                   env->nip, excp << 8, env->error_code);
+        }
+        printf("nip=0x%08x LR=0x%08x CTR=0x%08x MSR=0x%08x DECR=0x%08x\n",
+               env->nip, env->lr, env->ctr, msr, env->decr);
+        {
     int i;
-
-    u.d = FT0;
-    if (mask & 0x80)
-        env->fpscr[0] = (env->fpscr[0] & 0x9) | ((u.s.u[1] >> 28) & ~0x9);
-    for (i = 1; i < 7; i++) {
-        if (mask & (1 << (7 - i)))
-            env->fpscr[i] = (u.s.u[1] >> (4 * (7 - i))) & 0xF;
+            for (i = 0; i < 32; i++) {
+                if ((i & 7) == 0)
+                    printf("GPR%02d:", i);
+                printf(" %08x", env->gpr[i]);
+                if ((i & 7) == 7)
+                    printf("\n");
     }
-    /* TODO: update FEX & VX */
-    /* Set rounding mode */
-    switch (env->fpscr[0] & 0x3) {
-    case 0:
-        /* Best approximation (round to nearest) */
-        fesetround(FE_TONEAREST);
-        break;
-    case 1:
-        /* Smaller magnitude (round toward zero) */
-        fesetround(FE_TOWARDZERO);
-        break;
-    case 2:
-        /* Round toward +infinite */
-        fesetround(FE_UPWARD);
-        break;
-    case 3:
-        /* Round toward -infinite */
-        fesetround(FE_DOWNWARD);
-        break;
+            printf("CR: 0x");
+    for (i = 0; i < 8; i++)
+                printf("%01x", env->crf[i]);
+            printf("  [");
+            for (i = 0; i < 8; i++) {
+                char a = '-';
+                if (env->crf[i] & 0x08)
+                    a = 'L';
+                else if (env->crf[i] & 0x04)
+                    a = 'G';
+                else if (env->crf[i] & 0x02)
+                    a = 'E';
+                printf(" %c%c", a, env->crf[i] & 0x01 ? 'O' : ' ');
     }
-}
-
-int32_t do_sraw(int32_t value, uint32_t shift)
-{
-    int32_t ret;
-
-    xer_ca = 0;
-    if (shift & 0x20) {
-        ret = (-1) * ((uint32_t)value >> 31);
-        if (ret < 0)
-            xer_ca = 1;
-    } else {
-        ret = value >> (shift & 0x1f);
-        if (ret < 0 && (value & ((1 << shift) - 1)) != 0)
-            xer_ca = 1;
+            printf(" ] ");
     }
-
-    return ret;
-}
-
-void do_lmw (int reg, uint32_t src)
-{
-    for (; reg <= 31; reg++, src += 4)
-        ugpr(reg) = ld32(src);
-}
-
-void do_stmw (int reg, uint32_t dest)
-{
-    for (; reg <= 31; reg++, dest += 4)
-        st32(dest, ugpr(reg));
-}
-
-void do_lsw (uint32_t reg, int count, uint32_t src)
-{
-    uint32_t tmp;
-    int sh;
-    
-    for (; count > 3; count -= 4, src += 4) {
-        ugpr(reg++) = ld32(src);
-        if (T2 == 32)
-            T2 = 0;
+        printf("TB: 0x%08x %08x\n", env->tb[1], env->tb[0]);
+        printf("XER 0x%08x SRR0 0x%08x SRR1 0x%08x\n",
+               _load_xer(), env->spr[SRR0], env->spr[SRR1]);
     }
-    if (count > 0) {
-                tmp = 0;
-        for (sh = 24; count > 0; count--, src++, sh -= 8) {
-            tmp |= ld8(src) << sh;
+#endif
+    /* Generate informations in save/restore registers */
+    switch (excp) {
+    case EXCP_OFCALL:
+#if defined (USE_OPEN_FIRMWARE)
+        env->gpr[3] = OF_client_entry((void *)env->gpr[3]);
+#endif
+        return;
+    case EXCP_RTASCALL:
+#if defined (USE_OPEN_FIRMWARE)
+        printf("RTAS call !\n");
+        env->gpr[3] = RTAS_entry((void *)env->gpr[3]);
+        printf("RTAS call done\n");
+#endif
+        return;
+    case EXCP_NONE:
+        /* Do nothing */
+#if defined (DEBUG_EXCEPTIONS)
+        printf("%s: escape EXCP_NONE\n", __func__);
+#endif
+        return;
+    case EXCP_RESET:
+        if (msr_ip)
+            excp += 0xFFC00;
+        goto store_next;
+    case EXCP_MACHINE_CHECK:
+        if (msr_me == 0) {
+            printf("Machine check exception while not allowed !\n");
+            if (loglevel) {
+                fprintf(logfile,
+                        "Machine check exception while not allowed !\n");
         }
-        ugpr(reg) = tmp;
+            abort();
     }
-}
-
-void do_stsw (uint32_t reg, int count, uint32_t dest)
-{
-    int sh;
-
-    for (; count > 3; count -= 4, dest += 4) {
-        st32(dest, ugpr(reg++));
-        if (reg == 32)
-            reg = 0;
+        msr_me = 0;
+        break;
+    case EXCP_DSI:
+        /* Store exception cause */
+        /* data location address has been stored
+         * when the fault has been detected
+     */
+        goto store_current;
+    case EXCP_ISI:
+        /* Store exception cause */
+        if (env->error_code == EXCP_ISI_TRANSLATE)
+            msr |= 0x40000000;
+        else if (env->error_code == EXCP_ISI_NOEXEC ||
+            env->error_code == EXCP_ISI_GUARD)
+            msr |= 0x10000000;
+        else
+            msr |= 0x08000000;
+        goto store_next;
+    case EXCP_EXTERNAL:
+        if (msr_ee == 0) {
+#if defined (DEBUG_EXCEPTIONS)
+            if (loglevel > 0) {
+                fprintf(logfile, "Skipping hardware interrupt\n");
+            } else {
+                printf("Skipping hardware interrupt\n");
     }
-    if (count > 0) {
-        for (sh = 24; count > 0; count--, dest++, sh -= 8) {
-            st8(dest, (ugpr(reg) >> sh) & 0xFF);
+#endif
+            return;
             }
+        goto store_next;
+    case EXCP_ALIGN:
+        /* Store exception cause */
+        /* Get rS/rD and rA from faulting opcode */
+        env->spr[DSISR] |=
+            (ldl_code((void *)(env->nip - 4)) & 0x03FF0000) >> 16;
+        /* data location address has been stored
+         * when the fault has been detected
+         */
+        goto store_current;
+    case EXCP_PROGRAM:
+        msr &= ~0xFFFF0000;
+        switch (env->error_code & ~0xF) {
+        case EXCP_FP:
+            if (msr_fe0 == 0 && msr_fe1 == 0) {
+#if defined (DEBUG_EXCEPTIONS)
+                printf("Ignore floating point exception\n");
+#endif
+                return;
         }
-}
-
-void do_dcbz (void)
-{
-    int i;
-
-    /* Assume cache line size is 32 */
-    for (i = 0; i < 8; i++) {
-        st32(T0, 0);
-        T0 += 4;
+            msr |= 0x00100000;
+            /* Set FX */
+            env->fpscr[7] |= 0x8;
+            /* Finally, update FEX */
+            if ((((env->fpscr[7] & 0x3) << 3) | (env->fpscr[6] >> 1)) &
+                ((env->fpscr[1] << 1) | (env->fpscr[0] >> 3)))
+                env->fpscr[7] |= 0x4;
+        break;
+        case EXCP_INVAL:
+            msr |= 0x00080000;
+        break;
+        case EXCP_PRIV:
+            msr |= 0x00040000;
+        break;
+        case EXCP_TRAP:
+            msr |= 0x00020000;
+            break;
+        default:
+            /* Should never occur */
+        break;
     }
-}
-    
-/* Instruction cache invalidation helper */
-void do_icbi (void)
-{
-    //    tb_invalidate_page(T0);
+        msr |= 0x00010000;
+        goto store_current;
+    case EXCP_NO_FP:
+        goto store_current;
+    case EXCP_DECR:
+        if (msr_ee == 0) {
+            /* Requeue it */
+            do_queue_exception(EXCP_DECR);
+            return;
+        }
+        goto store_next;
+    case EXCP_SYSCALL:
+#if defined (DEBUG_EXCEPTIONS)
+        printf("syscall %d 0x%08x 0x%08x 0x%08x 0x%08x\n",
+               env->gpr[0], env->gpr[3], env->gpr[4], env->gpr[5], env->gpr[6]);
+#endif
+        goto store_next;
+    case EXCP_TRACE:
+        goto store_next;
+    case EXCP_FP_ASSIST:
+        goto store_next;
+    case EXCP_MTMSR:
+        /* Nothing to do */
+#if defined (DEBUG_EXCEPTIONS)
+        printf("%s: escape EXCP_MTMSR\n", __func__);
+#endif
+        return;
+    case EXCP_BRANCH:
+        /* Nothing to do */
+#if defined (DEBUG_EXCEPTIONS)
+        printf("%s: escape EXCP_BRANCH\n", __func__);
+#endif
+        return;
+    case EXCP_RFI:
+        /* Restore user-mode state */
+#if defined (DEBUG_EXCEPTIONS)
+        printf("%s: escape EXCP_RFI\n", __func__);
+#endif
+        return;
+    store_current:
+        /* SRR0 is set to current instruction */
+        env->spr[SRR0] = (uint32_t)env->nip - 4;
+        break;
+    store_next:
+        /* SRR0 is set to next instruction */
+        env->spr[SRR0] = (uint32_t)env->nip;
+        break;
+    }
+    env->spr[SRR1] = msr;
+    /* reload MSR with correct bits */
+    msr_pow = 0;
+    msr_ee = 0;
+    msr_pr = 0;
+    msr_fp = 0;
+    msr_fe0 = 0;
+    msr_se = 0;
+    msr_be = 0;
+    msr_fe1 = 0;
+    msr_ir = 0;
+    msr_dr = 0;
+    msr_ri = 0;
+    msr_le = msr_ile;
+    /* Jump to handler */
+    env->nip = excp << 8;
+    env->exception_index = EXCP_NONE;
+    /* Invalidate all TLB as we may have changed translation mode */
+    do_tlbia();
+    /* ensure that no TB jump will be modified as
+       the program flow was changed */
+#ifdef __sparc__
+    tmp_T0 = 0;
+#else
+    T0 = 0;
+#endif
+#endif
 }
+/*
+ * Hardware simulation for PPC target.
+ * For now, this is only a 'minimal' collection of hacks needed to boot Linux.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <inttypes.h>
+#include <unistd.h>
+#include <time.h>
+
+#include "cpu.h"
+#include "vl.h"
+
+//#define HARD_DEBUG_PPC_IO
+#define DEBUG_PPC_IO
+
+extern int loglevel;
+extern FILE *logfile;
+
+#if defined (HARD_DEBUG_PPC_IO) && !defined (DEBUG_PPC_IO)
+#define DEBUG_PPC_IO
+#endif
+
+#if defined (HARD_DEBUG_PPC_IO)
+#define PPC_IO_DPRINTF(fmt, args...)                     \
+do {                                                     \
+    if (loglevel > 0) {                                  \
+        fprintf(logfile, "%s: " fmt, __func__ , ##args); \
+    } else {                                             \
+        printf("%s : " fmt, __func__ , ##args);          \
+    }                                                    \
+} while (0)
+#elif defined (DEBUG_PPC_IO)
+#define PPC_IO_DPRINTF(fmt, args...)                     \
+do {                                                     \
+    if (loglevel > 0) {                                  \
+        fprintf(logfile, "%s: " fmt, __func__ , ##args); \
+    }                                                    \
+} while (0)
+#else
+#define PPC_IO_DPRINTF(fmt, args...) do { } while (0)
+#endif
+
+#if defined (USE_OPEN_FIRMWARE)
+#include "of.h"
+#else
+#define NVRAM_SIZE 0x2000
+#endif
+
+/* IO ports emulation */
+#define PPC_IO_BASE 0x80000000
+
+static void PPC_io_writeb (uint32_t addr, uint32_t value)
+{
+    /* Don't polute serial port output */
+    if ((addr < 0x800003F0 || addr > 0x80000400) &&
+        (addr < 0x80000074 || addr > 0x80000077) &&
+        (addr < 0x80000020 || addr > 0x80000021) &&
+        (addr < 0x800000a0 || addr > 0x800000a1) &&
+        (addr < 0x800001f0 || addr > 0x800001f7) &&
+        (addr < 0x80000170 || addr > 0x80000177)) {
+        PPC_IO_DPRINTF("0x%08x => 0x%02x\n", addr - PPC_IO_BASE, value);
+    }
+    cpu_outb(NULL, addr - PPC_IO_BASE, value);
+}
+
+static uint32_t PPC_io_readb (uint32_t addr)
+{
+    uint32_t ret = cpu_inb(NULL, addr - PPC_IO_BASE);
+
+    if ((addr < 0x800003F0 || addr > 0x80000400) &&
+        (addr < 0x80000074 || addr > 0x80000077) &&
+        (addr < 0x80000020 || addr > 0x80000021) &&
+        (addr < 0x800000a0 || addr > 0x800000a1) &&
+        (addr < 0x800001f0 || addr > 0x800001f7) &&
+        (addr < 0x80000170 || addr > 0x80000177) &&
+        (addr < 0x8000060 || addr > 0x8000064)) {
+//        PPC_IO_DPRINTF("0x%08x <= 0x%02x\n", addr - PPC_IO_BASE, ret);
+    }
+
+    return ret;
+}
+
+static void PPC_io_writew (uint32_t addr, uint32_t value)
+{
+    if ((addr < 0x800001f0 || addr > 0x800001f7) &&
+        (addr < 0x80000170 || addr > 0x80000177)) {
+        PPC_IO_DPRINTF("0x%08x => 0x%04x\n", addr - PPC_IO_BASE, value);
+    }
+    cpu_outw(NULL, addr - PPC_IO_BASE, value);
+}
+
+static uint32_t PPC_io_readw (uint32_t addr)
+{
+    uint32_t ret = cpu_inw(NULL, addr - PPC_IO_BASE);
+
+    if ((addr < 0x800001f0 || addr > 0x800001f7) &&
+        (addr < 0x80000170 || addr > 0x80000177)) {
+        PPC_IO_DPRINTF("0x%08x <= 0x%04x\n", addr - PPC_IO_BASE, ret);
+    }
+
+    return ret;
+}
+
+static void PPC_io_writel (uint32_t addr, uint32_t value)
+{
+    PPC_IO_DPRINTF("0x%08x => 0x%08x\n", addr - PPC_IO_BASE, value);
+    cpu_outl(NULL, addr - PPC_IO_BASE, value);
+}
+
+static uint32_t PPC_io_readl (uint32_t addr)
+{
+    uint32_t ret = cpu_inl(NULL, addr - PPC_IO_BASE);
+
+    PPC_IO_DPRINTF("0x%08x <= 0x%08x\n", addr - PPC_IO_BASE, ret);
+
+    return ret;
+}
+
+static CPUWriteMemoryFunc *PPC_io_write[] = {
+    &PPC_io_writeb,
+    &PPC_io_writew,
+    &PPC_io_writel,
+};
+
+static CPUReadMemoryFunc *PPC_io_read[] = {
+    &PPC_io_readb,
+    &PPC_io_readw,
+    &PPC_io_readl,
+};
+
+uint32_t pic_intack_read(CPUState *env);
+
+/* Read-only register (?) */
+static void _PPC_ioB_write (uint32_t addr, uint32_t value)
+{
+    PPC_IO_DPRINTF("0x%08x => 0x%08x\n", addr, value);
+}
+
+static uint32_t _PPC_ioB_read (uint32_t addr)
+{
+    uint32_t retval = 0;
+
+    if (addr == 0xBFFFFFF0)
+        retval = pic_intack_read(NULL);
+    PPC_IO_DPRINTF("0x%08x <= 0x%08x\n", addr, retval);
+
+    return retval;
+}
+
+static CPUWriteMemoryFunc *PPC_ioB_write[] = {
+    &_PPC_ioB_write,
+    &_PPC_ioB_write,
+    &_PPC_ioB_write,
+};
+
+static CPUReadMemoryFunc *PPC_ioB_read[] = {
+    &_PPC_ioB_read,
+    &_PPC_ioB_read,
+    &_PPC_ioB_read,
+};
+
+#if 0
+static CPUWriteMemoryFunc *PPC_io3_write[] = {
+    &PPC_io3_writeb,
+    &PPC_io3_writew,
+    &PPC_io3_writel,
+};
+
+static CPUReadMemoryFunc *PPC_io3_read[] = {
+    &PPC_io3_readb,
+    &PPC_io3_readw,
+    &PPC_io3_readl,
+};
+#endif
+
+/* Fake super-io ports for PREP platform (Intel 82378ZB) */
+static uint8_t PREP_fake_io[2];
+static uint8_t NVRAM_lock;
+
+static void PREP_io_write (CPUState *env, uint32_t addr, uint32_t val)
+{
+    PREP_fake_io[addr - 0x0398] = val;
+}
+
+static uint32_t PREP_io_read (CPUState *env, uint32_t addr)
+{
+    return PREP_fake_io[addr - 0x0398];
+}
+
+static uint8_t syscontrol;
+
+static void PREP_io_800_writeb (CPUState *env, uint32_t addr, uint32_t val)
+{
+    switch (addr) {
+    case 0x0092:
+        /* Special port 92 */
+        /* Check soft reset asked */
+        if (val & 0x80) {
+            printf("Soft reset asked... Stop emulation\n");
+            abort();
+        }
+        /* Check LE mode */
+        if (val & 0x40) {
+            printf("Little Endian mode isn't supported (yet ?)\n");
+            abort();
+        }
+        break;
+    case 0x0808:
+        /* Hardfile light register: don't care */
+        break;
+    case 0x0810:
+        /* Password protect 1 register */
+        NVRAM_lock ^= 0x01;
+        break;
+    case 0x0812:
+        /* Password protect 2 register */
+        NVRAM_lock ^= 0x02;
+        break;
+    case 0x0814:
+        /* L2 invalidate register: don't care */
+        break;
+    case 0x081C:
+        /* system control register */
+        syscontrol = val;
+        break;
+    case 0x0850:
+        /* I/O map type register */
+        if (val & 0x80) {
+            printf("No support for non-continuous I/O map mode\n");
+            abort();
+        }
+        break;
+    default:
+        break;
+    }
+}
+
+static uint32_t PREP_io_800_readb (CPUState *env, uint32_t addr)
+{
+    uint32_t retval = 0xFF;
+
+    switch (addr) {
+    case 0x0092:
+        /* Special port 92 */
+        retval = 0x40;
+        break;
+    case 0x080C:
+        /* Equipment present register:
+         *  no L2 cache
+         *  no upgrade processor
+         *  no cards in PCI slots
+         *  SCSI fuse is bad
+         */
+        retval = 0xFC;
+        break;
+    case 0x0818:
+        /* Keylock */
+        retval = 0x00;
+        break;
+    case 0x081C:
+        /* system control register
+         * 7 - 6 / 1 - 0: L2 cache enable
+         */
+        retval = syscontrol;
+        break;
+    case 0x0823:
+        /* */
+        retval = 0x03; /* no L2 cache */
+        break;
+    case 0x0850:
+        /* I/O map type register */
+        retval = 0x00;
+        break;
+    default:
+        break;
+    }
+
+    return retval;
+}
+
+/* M48T59 NVRAM/RTC emulation */
+static uint8_t NVRAM[NVRAM_SIZE];
+
+/* RTC */
+static time_t time_offset;
+
+time_t get_time (void)
+{
+    return time(NULL) + time_offset;
+}
+
+void set_time_offset (time_t new_time)
+{
+    time_t now = time(NULL);
+
+    time_offset = new_time - now;
+}
+
+static void NVRAM_init (void)
+{
+    /* NVRAM header */
+    /* 0x00: NVRAM size in kB */
+    NVRAM[0x00] = (NVRAM_SIZE >> 12) & 0xFF;
+    NVRAM[0x01] = (NVRAM_SIZE >> 10) & 0xFF;
+    /* 0x02: NVRAM version */
+    NVRAM[0x02] = 0x01;
+    /* 0x03: NVRAM revision */
+    NVRAM[0x03] = 0x00;
+    /* 0x04: checksum 0 => OS area   */
+    /* 0x06: checksum of config area */
+    /* 0x08: last OS */
+    NVRAM[0x08] = 0x00; /* Unknown */
+    /* 0x09: endian */
+    NVRAM[0x09] = 'B';
+    /* 0x0B: PM mode */
+    NVRAM[0x0B] = 0x00;
+    /* Restart block description record */
+    /* 0x0C: restart block version */
+    NVRAM[0x0C] = 0x00;
+    NVRAM[0x0D] = 0x01;
+    /* 0x0E: restart block revision */
+    NVRAM[0x0E] = 0x00;
+    NVRAM[0x0F] = 0x00;
+    /* 0x1C: checksum of restart block */
+    /* 0x20: restart address */
+    NVRAM[0x20] = 0x00;
+    NVRAM[0x21] = 0x00;
+    NVRAM[0x22] = 0x00;
+    NVRAM[0x23] = 0x00;
+    /* 0x24: save area address */
+    NVRAM[0x24] = 0x00;
+    NVRAM[0x25] = 0x00;
+    NVRAM[0x26] = 0x00;
+    NVRAM[0x27] = 0x00;
+    /* 0x28: save area length */
+    NVRAM[0x28] = 0x00;
+    NVRAM[0x29] = 0x00;
+    NVRAM[0x2A] = 0x00;
+    NVRAM[0x2B] = 0x00;
+    /* Security section */
+    /* Set all to zero */
+    /* 0xC4: pointer to global environment area */
+    NVRAM[0xC4] = 0x00;
+    NVRAM[0xC5] = 0x00;
+    NVRAM[0xC6] = 0x01;
+    NVRAM[0xC7] = 0x00;
+    /* 0xC8: size of global environment area */
+    NVRAM[0xC8] = 0x00;
+    NVRAM[0xC9] = 0x00;
+    NVRAM[0xCA] = 0x07;
+    NVRAM[0xCB] = 0x00;
+    /* 0xD4: pointer to configuration area */
+    NVRAM[0xD4] = 0x00;
+    NVRAM[0xD5] = 0x00;
+    NVRAM[0xD6] = 0x08;
+    NVRAM[0xD7] = 0x00;
+    /* 0xD8: size of configuration area */
+    NVRAM[0xD8] = 0x00;
+    NVRAM[0xD9] = 0x00;
+    NVRAM[0xDA] = 0x08;
+    NVRAM[0xDB] = 0x00;
+    /* 0xE8: pointer to OS specific area */
+    NVRAM[0xE8] = 0x00;
+    NVRAM[0xE9] = 0x00;
+    NVRAM[0xEA] = 0x10;
+    NVRAM[0xEB] = 0x00;
+    /* 0xD8: size of OS specific area */
+    NVRAM[0xEC] = 0x00;
+    NVRAM[0xED] = 0x00;
+    NVRAM[0xEE] = 0x0F;
+    NVRAM[0xEF] = 0xF0;
+    /* CRC */
+    /* RTC init */
+    NVRAM[0x1FFC] = 0x50;
+}
+
+static uint16_t NVRAM_addr;
+
+/* Direct access to NVRAM */
+void NVRAM_write (CPUState *env, uint32_t addr, uint32_t val)
+{
+    switch (addr) {
+    case 0x1FF0:
+        /* flags register */
+        break;
+    case 0x1FF1:
+        /* unused */
+        break;
+    case 0x1FF2:
+        /* alarm seconds */
+        break;
+    case 0x1FF3:
+        /* alarm minutes */
+        break;
+    case 0x1FF4:
+        /* alarm hours */
+        break;
+    case 0x1FF5:
+        /* alarm date */
+        break;
+    case 0x1FF6:
+        /* interrupts */
+        break;
+    case 0x1FF7:
+        /* watchdog */
+        break;
+    case 0x1FF8:
+        /* control */
+        break;
+    case 0x1FF9:
+        /* seconds (BCD) */
+        break;
+    case 0x1FFA:
+        /* minutes (BCD) */
+        break;
+    case 0x1FFB:
+        /* hours (BCD) */
+        break;
+    case 0x1FFC:
+        /* day of the week / century */
+        NVRAM[0x1FFC] = val & 0x50;
+        break;
+    case 0x1FFD:
+        /* date */
+        break;
+    case 0x1FFE:
+        /* month */
+        break;
+    case 0x1FFF:
+        /* year */
+        break;
+    default:
+        if (addr < NVRAM_SIZE)
+            NVRAM[addr] = val & 0xFF;
+        break;
+    }
+}
+
+uint32_t NVRAM_read (CPUState *env, uint32_t addr)
+{
+    struct tm tm;
+    time_t t;
+    uint32_t retval = 0xFF;
+
+    switch (addr) {
+    case 0x1FF0:
+        /* flags register */
+        break;
+    case 0x1FF1:
+        /* unused */
+        break;
+    case 0x1FF2:
+        /* alarm seconds */
+        break;
+    case 0x1FF3:
+        /* alarm minutes */
+        break;
+    case 0x1FF4:
+        /* alarm hours */
+        break;
+    case 0x1FF5:
+        /* alarm date */
+        break;
+    case 0x1FF6:
+        /* interrupts */
+        break;
+    case 0x1FF7:
+        /* watchdog */
+        break;
+    case 0x1FF8:
+        /* control */
+        break;
+    case 0x1FF9:
+        /* seconds (BCD) */
+        t = get_time();
+        localtime_r(&t, &tm);
+        retval = ((tm.tm_sec / 10) << 4) | (tm.tm_sec % 10);
+//            printf("return seconds=%d\n", tm.tm_sec);
+        break;
+    case 0x1FFA:
+        /* minutes (BCD) */
+        t = get_time();
+        localtime_r(&t, &tm);
+        retval = ((tm.tm_min / 10) << 4) | (tm.tm_min % 10);
+        break;
+    case 0x1FFB:
+        /* hours (BCD) */
+        t = get_time();
+        localtime_r(&t, &tm);
+        retval = ((tm.tm_hour / 10) << 4) | (tm.tm_hour % 10);
+        break;
+    case 0x1FFC:
+        /* day of the week / century */
+        t = get_time();
+        localtime_r(&t, &tm);
+        retval = (NVRAM[0x1FFC] & 0x50) | tm.tm_wday;
+        break;
+    case 0x1FFD:
+        /* date */
+        t = get_time();
+        localtime_r(&t, &tm);
+        retval = ((tm.tm_mday / 10) << 4) | (tm.tm_mday % 10);
+        break;
+    case 0x1FFE:
+        /* month */
+        t = get_time();
+        localtime_r(&t, &tm);
+        retval = ((tm.tm_mon / 10) << 4) | (tm.tm_mon % 10);
+        break;
+    case 0x1FFF:
+        /* year */
+        t = get_time();
+        localtime_r(&t, &tm);
+        retval = ((tm.tm_year / 10) << 4) | (tm.tm_year % 10);
+        break;
+    default:
+        if (NVRAM_addr < NVRAM_SIZE)
+            retval = NVRAM[NVRAM_addr];
+        break;
+    }
+
+    return retval;
+}
+
+/* IO access to NVRAM */
+static void NVRAM_writeb (CPUState *env, uint32_t addr, uint32_t val)
+{
+    switch (addr) {
+    case 0x74:
+        NVRAM_addr &= ~0x00FF;
+        NVRAM_addr |= val;
+        break;
+    case 0x75:
+        NVRAM_addr &= ~0xFF00;
+        NVRAM_addr |= val << 8;
+        break;
+    case 0x77:
+        NVRAM_write(env, NVRAM_addr, val);
+        NVRAM_addr = 0x0000;
+        break;
+    default:
+        break;
+    }
+}
+
+static uint32_t NVRAM_readb (CPUState *env, uint32_t addr)
+{
+    if (addr == 0x77)
+        return NVRAM_read(env, NVRAM_addr);
+
+    return 0xFF;
+}
+
+int load_initrd (const char *filename, uint8_t *addr)
+{
+    int fd, size;
+
+    printf("Load initrd\n");
+    fd = open(filename, O_RDONLY);
+    if (fd < 0)
+        return -1;
+    size = read(fd, addr, 16 * 1024 * 1024);
+    if (size < 0)
+        goto fail;
+    close(fd);
+    printf("Load initrd: %d\n", size);
+    return size;
+ fail:
+    close(fd);
+    printf("Load initrd failed\n");
+    return -1;
+}
+
+/* Quick hack for PPC memory infos... */
+static void put_long (void *addr, uint32_t l)
+{
+    char *pos = addr;
+    pos[0] = (l >> 24) & 0xFF;
+    pos[1] = (l >> 16) & 0xFF;
+    pos[2] = (l >> 8) & 0xFF;
+    pos[3] = l & 0xFF;
+}
+
+/* bootloader infos are in the form:
+ * uint32_t TAG
+ * uint32_t TAG_size (from TAG to next TAG).
+ * datas
+ * ....
+ */
+#if !defined (USE_OPEN_FIRMWARE)
+static void *set_bootinfo_tag (void *addr, uint32_t tag, uint32_t size,
+                               void *data)
+{
+    char *pos = addr;
+
+    put_long(pos, tag);
+    pos += 4;
+    put_long(pos, size + 8);
+    pos += 4;
+    memcpy(pos, data, size);
+    pos += size;
+
+    return pos;
+}
+#endif
+
+typedef struct boot_dev_t {
+    const unsigned char *name;
+    int major;
+    int minor;
+} boot_dev_t;
+
+static boot_dev_t boot_devs[] = 
+{
+    { "/dev/fd0", 2, 0, },
+    { "/dev/fd1", 2, 1, },
+    { "/dev/hda1", 3, 1, },
+//    { "/dev/ide/host0/bus0/target0/lun0/part1", 3, 1, },
+    { "/dev/hdc", 22, 0, },
+    { "/dev/ram0 init=/linuxrc", 1, 0, },
+};
+
+/* BATU:
+ * BEPI  : bloc virtual address
+ * BL    : area size bits (128 kB is 0, 256 1, 512 3, ...
+ * Vs/Vp
+ * BATL:
+ * BPRN  : bloc real address align on 4MB boundary
+ * WIMG  : cache access mode : not used
+ * PP    : protection bits
+ */
+static void setup_BAT (CPUPPCState *env, int BAT,
+                       uint32_t virtual, uint32_t physical,
+                       uint32_t size, int Vs, int Vp, int PP)
+{
+    uint32_t sz_bits, tmp_sz, align, tmp;
+    
+    sz_bits = 0;
+    align = 131072;
+    for (tmp_sz = size / 131072; tmp_sz != 1; tmp_sz = tmp_sz >> 1) {
+        sz_bits = (sz_bits << 1) + 1;
+        align = align << 1;
+    }
+    tmp = virtual & ~(align - 1);  /* Align virtual area start */
+    tmp |= sz_bits << 2;           /* Fix BAT size             */
+    tmp |= Vs << 1;                /* Supervisor access        */
+    tmp |= Vp;                     /* User access              */
+    env->DBAT[0][BAT] = tmp;
+    env->IBAT[0][BAT] = tmp;
+    tmp = physical & ~(align - 1); /* Align physical area start */
+    tmp |= 0;                      /* Don't care about WIMG     */
+    tmp |= PP;                     /* Protection                */
+    env->DBAT[1][BAT] = tmp;
+    env->IBAT[1][BAT] = tmp;
+    printf("Set BATU0 to 0x%08x BATL0 to 0x%08x\n",
+           env->DBAT[0][BAT], env->DBAT[1][BAT]);
+}
+
+static void VGA_printf (uint8_t *s)
+{
+    uint16_t *arg_ptr;
+    unsigned int format_width, i;
+    int in_format;
+    uint16_t arg, digit, nibble;
+    uint8_t c;
+
+    arg_ptr = (uint16_t *)(&s);
+    in_format = 0;
+    format_width = 0;
+    while ((c = *s) != '\0') {
+        if (c == '%') {
+            in_format = 1;
+            format_width = 0;
+        } else if (in_format) {
+            if ((c >= '0') && (c <= '9')) {
+                format_width = (format_width * 10) + (c - '0');
+            } else if (c == 'x') {
+                arg_ptr++; // increment to next arg
+                arg = *arg_ptr;
+                if (format_width == 0)
+                    format_width = 4;
+                digit = format_width - 1;
+                for (i = 0; i < format_width; i++) {
+                    nibble = (arg >> (4 * digit)) & 0x000f;
+                    if (nibble <= 9)
+                        PPC_io_writeb(PPC_IO_BASE + 0x500, nibble + '0');
+                    else
+                        PPC_io_writeb(PPC_IO_BASE + 0x500, nibble + 'A');
+                    digit--;
+                }
+                in_format = 0;
+            }
+            //else if (c == 'd') {
+            //  in_format = 0;
+            //  }
+        } else {
+            PPC_io_writeb(PPC_IO_BASE + 0x500, c);
+        }
+        s++;
+    }
+}
+
+static void VGA_init (void)
+{
+    /* Basic VGA init, inspired by plex86 VGAbios */
+    printf("Init VGA...\n");
+    /* switch to color mode and enable CPU access 480 lines */
+    PPC_io_writeb(PPC_IO_BASE + 0x3C2, 0xC3);
+    /* more than 64k 3C4/04 */
+    PPC_io_writeb(PPC_IO_BASE + 0x3C4, 0x04);
+    PPC_io_writeb(PPC_IO_BASE + 0x3C5, 0x02);
+    VGA_printf("PPC VGA BIOS...\n");
+}
+
+void PPC_init_hw (CPUPPCState *env, uint32_t mem_size,
+                  uint32_t kernel_addr, uint32_t kernel_size,
+                  uint32_t stack_addr, int boot_device)
+{
+    char *p;
+#if !defined (USE_OPEN_FIRMWARE)
+    char *tmp;
+    uint32_t tmpi[2];
+#endif
+    int PPC_io_memory;
+    
+#if defined (USE_OPEN_FIRMWARE)
+    setup_memory(env, mem_size);
+#endif
+    /* Register 64 kB of IO space */
+    PPC_io_memory = cpu_register_io_memory(0, PPC_io_read, PPC_io_write);
+    cpu_register_physical_memory(0x80000000, 0x10000, PPC_io_memory);
+    /* Register fake IO ports for PREP */
+    register_ioport_read(0x398, 2, PREP_io_read, 1);
+    register_ioport_write(0x398, 2, PREP_io_write, 1);
+    /* System control ports */
+    register_ioport_write(0x0092, 0x1, PREP_io_800_writeb, 1);
+    register_ioport_read(0x0800, 0x52, PREP_io_800_readb, 1);
+    register_ioport_write(0x0800, 0x52, PREP_io_800_writeb, 1);
+    /* PCI intack location */
+    PPC_io_memory = cpu_register_io_memory(0, PPC_ioB_read, PPC_ioB_write);
+    cpu_register_physical_memory(0xBFFFFFF0, 0x4, PPC_io_memory);
+    /* NVRAM ports */
+    NVRAM_init();
+    register_ioport_read(0x0074, 0x04, NVRAM_readb, 1);
+    register_ioport_write(0x0074, 0x04, NVRAM_writeb, 1);
+
+    /* Fake bootloader */
+    env->nip = kernel_addr + (3 * sizeof(uint32_t));
+    /* Set up msr according to PREP specification */
+    msr_ee = 0;
+    msr_fp = 1;
+    msr_pr = 0; /* Start in supervisor mode */
+    msr_me = 1;
+    msr_fe0 = msr_fe1 = 0;
+    msr_ip = 0;
+    msr_ir = msr_dr = 1;
+//    msr_sf = 0;
+    msr_le = msr_ile = 0;
+    env->gpr[1] = stack_addr; /* Let's have a stack */
+    env->gpr[2] = 0;
+    env->gpr[8] = kernel_addr;
+    /* There is a bug in  2.4 kernels:
+     * if a decrementer exception is pending when it enables msr_ee,
+     * it's not ready to handle it...
+     */
+    env->decr = 0xFFFFFFFF;
+    p = (void *)(phys_ram_base + kernel_addr);
+#if !defined (USE_OPEN_FIRMWARE)
+    /* Let's register the whole memory available only in supervisor mode */
+    setup_BAT(env, 0, 0x00000000, 0x00000000, mem_size, 1, 0, 2);
+    /* Avoid open firmware init call (to get a console)
+     * This will make the kernel think we are a PREP machine...
+     */
+    put_long(p, 0xdeadc0de);
+    /* Build a real stack room */
+    p = (void *)(phys_ram_base + stack_addr);
+    put_long(p, stack_addr);
+    p -= 32;
+    env->gpr[1] -= 32;
+    /* Pretend there are no residual data */
+    env->gpr[3] = 0;
+#if 1
+    {
+        int size;
+        env->gpr[4] = 0x00800000;
+        size = load_initrd("initrd",
+                           (void *)((uint32_t)phys_ram_base + env->gpr[4]));
+        if (size < 0) {
+            /* No initrd */
+            env->gpr[4] = env->gpr[5] = 0;
+        } else {
+            env->gpr[5] = size;
+            boot_device = 'e';
+        }
+        printf("Initrd loaded at 0x%08x (%d)\n", env->gpr[4], env->gpr[5]);
+    }
+#else
+    env->gpr[4] = env->gpr[5] = 0;
+#endif
+    /* We have to put bootinfos after the BSS
+     * The BSS starts after the kernel end.
+     */
+#if 0
+    p = (void *)(((uint32_t)phys_ram_base + kernel_addr +
+                  kernel_size + (1 << 20) - 1) & ~((1 << 20) - 1));
+#else
+    p = (void *)((uint32_t)phys_ram_base + kernel_addr + 0x400000);
+#endif
+    if (loglevel > 0) {
+        fprintf(logfile, "bootinfos: %p 0x%08x\n",
+                p, (uint32_t)p - (uint32_t)phys_ram_base);
+    } else {
+        printf("bootinfos: %p 0x%08x\n",
+               p, (uint32_t)p - (uint32_t)phys_ram_base);
+    }
+    /* Command line: let's put it after bootinfos */
+#if 0
+    sprintf(p + 0x1000, "console=ttyS0,9600 root=%02x%02x mem=%dM",
+            boot_devs[boot_device - 'a'].major,
+            boot_devs[boot_device - 'a'].minor,
+            phys_ram_size >> 20);
+#else
+    sprintf(p + 0x1000, "console=ttyS0,9600 console=tty0 root=%s mem=%dM load_ramdisk=1",
+            boot_devs[boot_device - 'a'].name,
+            phys_ram_size >> 20);
+#endif
+    env->gpr[6] = (uint32_t)p + 0x1000 - (uint32_t)phys_ram_base;
+    env->gpr[7] = env->gpr[6] + strlen(p + 0x1000);
+    if (loglevel > 0) {
+        fprintf(logfile, "cmdline: %p 0x%08x [%s]\n",
+                p + 0x1000, env->gpr[6], p + 0x1000);
+    } else {
+        printf("cmdline: %p 0x%08x [%s]\n",
+               p + 0x1000, env->gpr[6], p + 0x1000);
+    }
+    /* BI_FIRST */
+    p = set_bootinfo_tag(p, 0x1010, 0, 0);
+    /* BI_CMD_LINE */
+    p = set_bootinfo_tag(p, 0x1012, env->gpr[7] - env->gpr[6],
+                         (void *)(env->gpr[6] + (uint32_t)phys_ram_base));
+    /* BI_MEM_SIZE */
+    tmp = (void *)tmpi;
+    tmp[0] = (phys_ram_size >> 24) & 0xFF;
+    tmp[1] = (phys_ram_size >> 16) & 0xFF;
+    tmp[2] = (phys_ram_size >> 8) & 0xFF;
+    tmp[3] = phys_ram_size & 0xFF;
+    p = set_bootinfo_tag(p, 0x1017, 4, tmpi);
+    /* BI_INITRD */
+    tmp[0] = (env->gpr[4] >> 24) & 0xFF;
+    tmp[1] = (env->gpr[4] >> 16) & 0xFF;
+    tmp[2] = (env->gpr[4] >> 8) & 0xFF;
+    tmp[3] = env->gpr[4] & 0xFF;
+    tmp[4] = (env->gpr[5] >> 24) & 0xFF;
+    tmp[5] = (env->gpr[5] >> 16) & 0xFF;
+    tmp[6] = (env->gpr[5] >> 8) & 0xFF;
+    tmp[7] = env->gpr[5] & 0xFF;
+    p = set_bootinfo_tag(p, 0x1014, 8, tmpi);
+    /* BI_LAST */
+    p = set_bootinfo_tag(p, 0x1011, 0, 0);
+#else
+    /* Set up MMU:
+     * kernel is loaded at kernel_addr and wants to be seen at 0x01000000
+     */
+    setup_BAT(env, 0, 0x01000000, kernel_addr, 0x00400000, 1, 0, 2);
+    {
+#if 0
+        uint32_t offset = 
+            *((uint32_t *)((uint32_t)phys_ram_base + kernel_addr));
+#else
+        uint32_t offset = 12;
+#endif
+        env->nip = 0x01000000 | (kernel_addr + offset);
+        printf("Start address: 0x%08x\n", env->nip);
+    }
+    env->gpr[1] = env->nip + (1 << 22);
+    p = (void *)(phys_ram_base + stack_addr);
+    put_long(p - 32, stack_addr);
+    env->gpr[1] -= 32;
+    printf("Kernel starts at 0x%08x stack 0x%08x\n", env->nip, env->gpr[1]);
+    /* We want all lower address not to be translated */
+    setup_BAT(env, 1, 0x00000000, 0x00000000, 0x010000000, 1, 1, 2);
+    /* We also need a BAT to access OF */
+    setup_BAT(env, 2, 0xFFFE0000, mem_size - 131072, 131072, 1, 0, 1);
+    /* Setup OF entry point */
+    {
+        char *p;
+        p = (char *)phys_ram_base + mem_size - 131072;
+        /* Special opcode to call OF */
+        *p++ = 0x18; *p++ = 0x00; *p++ = 0x00; *p++ = 0x02;
+        /* blr */
+        *p++ = 0x4E; *p++ = 0x80; *p++ = 0x00; *p++ = 0x20;
+    }
+    env->gpr[5] = 0xFFFE0000;
+    /* Register translations */
+    {
+        OF_transl_t translations[3] = {
+            { 0x01000000, 0x00400000, kernel_addr, 0x00000002, },
+            { 0x00000000, 0x01000000, 0x00000000, 0x00000002, },
+            { 0xFFFE0000, 0x00020000, mem_size - (128 * 1024),
+              0x00000001, },
+        };
+        OF_register_translations(3, translations);
+    }
+    /* Quite artificial, for now */
+    OF_register_bus("isa", "isa");
+    OF_register_serial("isa", "serial", 4, 0x3f8);
+    OF_register_stdio("serial", "serial");
+    /* Set up RTAS service */
+    RTAS_init();
+    /* Command line: let's put it just over the stack */
+#if 1
+    sprintf(p, "console=ttyS0,9600 root=%02x%02x mem=%dM",
+            boot_devs[boot_device - 'a'].major,
+            boot_devs[boot_device - 'a'].minor,
+            phys_ram_size >> 20);
+#else
+    sprintf(p, "console=ttyS0,9600 root=%s mem=%dM ne2000=0x300,9",
+            boot_devs[boot_device - 'a'].name,
+            phys_ram_size >> 20);
+#endif
+    OF_register_bootargs(p);
+#endif
+}
+
+void PPC_end_init (void)
+{
+    VGA_init();
+}
@@ -21,6 +21,8 @@
 #include "config.h"
 #include "exec.h"
+//#define DEBUG_OP
+
 #define regs (env)
 #define Ts0 (int32_t)T0
 #define Ts1 (int32_t)T1
@@ -34,7 +36,7 @@
 #define FTS1 ((float)env->ft1)
 #define FTS2 ((float)env->ft2)
-#define PPC_OP(name) void op_##name(void)
+#define PPC_OP(name) void glue(op_, name)(void)
 #define REG 0
 #include "op_template.h"
@@ -145,7 +147,7 @@ PPC_OP(set_Rc0)
     } else {
         tmp = 0x02;
     }
-    set_CRn(0, tmp);
+    env->crf[0] = tmp;
     RETURN();
 }
@@ -161,21 +163,21 @@ PPC_OP(set_Rc0_ov)
         tmp = 0x02;
     }
     tmp |= xer_ov;
-    set_CRn(0, tmp);
+    env->crf[0] = tmp;
     RETURN();
 }
 /* reset_Rc0 */
 PPC_OP(reset_Rc0)
 {
-    set_CRn(0, 0x02 | xer_ov);
+    env->crf[0] = 0x02 | xer_ov;
     RETURN();
 }
 /* set_Rc0_1 */
 PPC_OP(set_Rc0_1)
 {
-    set_CRn(0, 0x04 | xer_ov);
+    env->crf[0] = 0x04 | xer_ov;
     RETURN();
 }
@@ -186,6 +188,7 @@ PPC_OP(set_Rc1)
     RETURN();
 }
+/* Constants load */
 PPC_OP(set_T0)
 {
     T0 = PARAM(1);
@@ -204,23 +207,50 @@ PPC_OP(set_T2)
     RETURN();
 }
-/* Update time base */
-PPC_OP(update_tb)
+/* Generate exceptions */
+PPC_OP(queue_exception_err)
 {
-    T0 = regs->spr[SPR_ENCODE(268)];
-    T1 = T0;
-    T0 += PARAM(1);
-    if (T0 < T1) {
-        T1 = regs->spr[SPR_ENCODE(269)] + 1;
-        regs->spr[SPR_ENCODE(269)] = T1;
+    do_queue_exception_err(PARAM(1), PARAM(2));
+}
+
+PPC_OP(queue_exception)
+{
+    do_queue_exception(PARAM(1));
+}
+
+PPC_OP(process_exceptions)
+{
+    if (env->exceptions != 0) {
+        env->nip = PARAM(1);
+        do_check_exception_state();
     }
-    regs->spr[SPR_ENCODE(268)] = T0;
+}
+
+/* Segment registers load and store with immediate index */
+PPC_OP(load_srin)
+{
+    T0 = regs->sr[T1 >> 28];
+    RETURN();
+}
+
+PPC_OP(store_srin)
+{
+#if defined (DEBUG_OP)
+    dump_store_sr(T1 >> 28);
+#endif
+    regs->sr[T1 >> 28] = T0;
+    RETURN();
+}
+
+PPC_OP(load_sdr1)
+{
+    T0 = regs->sdr1;
     RETURN();
 }
-PPC_OP(raise_exception)
+PPC_OP(store_sdr1)
 {
-    raise_exception(PARAM(1));
+    regs->sdr1 = T0;
     RETURN();
 }
@@ -229,15 +259,16 @@ PPC_OP(exit_tb)
     EXIT_TB();
 }
+/* Load/store special registers */
 PPC_OP(load_cr)
 {
-    T0 = do_load_cr();
+    do_load_cr();
     RETURN();
 }
 PPC_OP(store_cr)
 {
-    do_store_cr(PARAM(1), T0);
+    do_store_cr(PARAM(1));
     RETURN();
 }
@@ -257,40 +288,152 @@ PPC_OP(clear_xer_cr)
 PPC_OP(load_xer_bc)
 {
-    T0 = xer_bc;
+    T1 = xer_bc;
     RETURN();
 }
 PPC_OP(load_xer)
 {
-    T0 = do_load_xer();
+    do_load_xer();
     RETURN();
 }
 PPC_OP(store_xer)
 {
-    do_store_xer(T0);
+    do_store_xer();
     RETURN();
 }
 PPC_OP(load_msr)
 {
-    T0 = do_load_msr();
+    do_load_msr();
     RETURN();
 }
 PPC_OP(store_msr)
 {
-    do_store_msr(T0);
+    do_store_msr();
+    RETURN();
+}
+
+/* SPR */
+PPC_OP(load_spr)
+{
+    T0 = regs->spr[PARAM(1)];
+    RETURN();
+}
+
+PPC_OP(store_spr)
+{
+    regs->spr[PARAM(1)] = T0;
     RETURN();
 }
 PPC_OP(load_lr)
 {
-    regs->LR = PARAM(1);
+    T0 = regs->lr;
+    RETURN();
+}
+
+PPC_OP(store_lr)
+{
+    regs->lr = T0;
+    RETURN();
+}
+
+PPC_OP(load_ctr)
+{
+    T0 = regs->ctr;
+    RETURN();
+}
+
+PPC_OP(store_ctr)
+{
+    regs->ctr = T0;
+    RETURN();
+}
+
+/* Update time base */
+PPC_OP(update_tb)
+{
+    T0 = regs->tb[0];
+    T1 = T0;
+    T0 += PARAM(1);
+#if defined (DEBUG_OP)
+    dump_update_tb(PARAM(1));
+#endif
+    if (T0 < T1) {
+        T1 = regs->tb[1] + 1;
+        regs->tb[1] = T1;
+    }
+    regs->tb[0] = T0;
+    RETURN();
+}
+
+PPC_OP(load_tb)
+{
+    T0 = regs->tb[PARAM(1)];
+    RETURN();
+}
+
+PPC_OP(store_tb)
+{
+    regs->tb[PARAM(1)] = T0;
+#if defined (DEBUG_OP)
+    dump_store_tb(PARAM(1));
+#endif
     RETURN();
 }
+/* Update decrementer */
+PPC_OP(update_decr)
+{
+    T0 = regs->decr;
+    T1 = T0;
+    T0 -= PARAM(1);
+    regs->decr = T0;
+    if (PARAM(1) > T1) {
+        do_queue_exception(EXCP_DECR);
+    }
+    RETURN();
+}
+
+PPC_OP(store_decr)
+{
+    T1 = regs->decr;
+    regs->decr = T0;
+    if (Ts0 < 0 && Ts1 > 0) {
+        do_queue_exception(EXCP_DECR);
+    }
+    RETURN();
+}
+
+PPC_OP(load_ibat)
+{
+    T0 = regs->IBAT[PARAM(1)][PARAM(2)];
+}
+
+PPC_OP(store_ibat)
+{
+#if defined (DEBUG_OP)
+    dump_store_ibat(PARAM(1), PARAM(2));
+#endif
+    regs->IBAT[PARAM(1)][PARAM(2)] = T0;
+}
+
+PPC_OP(load_dbat)
+{
+    T0 = regs->DBAT[PARAM(1)][PARAM(2)];
+}
+
+PPC_OP(store_dbat)
+{
+#if defined (DEBUG_OP)
+    dump_store_dbat(PARAM(1), PARAM(2));
+#endif
+    regs->DBAT[PARAM(1)][PARAM(2)] = T0;
+}
+
 /* FPSCR */
 PPC_OP(load_fpscr)
 {
@@ -313,14 +456,7 @@ PPC_OP(reset_scrfx)
 /* Set reservation */
 PPC_OP(set_reservation)
 {
-    regs->reserve = T1 & ~0x03;
-    RETURN();
-}
-
-/* Reset reservation */
-PPC_OP(reset_reservation)
-{
-    regs->reserve = 0;
+    regs->reserve = T0 & ~0x03;
     RETURN();
 }
@@ -344,47 +480,65 @@ PPC_OP(setcrfbit)
 }
 /* Branch */
+#if 0
+#define EIP regs->nip
+#define TB_DO_JUMP(name, tb, n, target) JUMP_TB(name, tb, n, target)
+#else
+#define TB_DO_JUMP(name, tb, n, target) regs->nip = target;
+#endif
+
 #define __PPC_OP_B(name, target)                                              \
 PPC_OP(name)                                                                  \
 {                                                                             \
-    regs->nip = (target);                                                     \
+    TB_DO_JUMP(glue(op_, name), T1, 0, (target));                             \
     RETURN();                                                                 \
 }
-#define __PPC_OP_BL(name, target)                                             \
+#define __PPC_OP_BL(name, target, link)                                       \
 PPC_OP(name)                                                                  \
 {                                                                             \
-    regs->LR = PARAM(1);                                                      \
-    regs->nip = (target);                                                     \
+    regs->lr = (link);                                                        \
+    TB_DO_JUMP(glue(op_, name), T1, 0, (target));                             \
     RETURN();                                                                 \
 }
-#define PPC_OP_B(name, target)                                                \
+#define PPC_OP_B(name, target, link)                                          \
 __PPC_OP_B(name, target);                                                     \
-__PPC_OP_BL(name##l, target)
+__PPC_OP_BL(glue(name, l), target, link)
 #define __PPC_OP_BC(name, cond, target)                                       \
 PPC_OP(name)                                                                  \
 {                                                                             \
     if (cond) {                                                               \
-        T0 = (target);                                                        \
+        TB_DO_JUMP(glue(op_, name), T1, 1, (target));                         \
     } else {                                                                  \
-        T0 = PARAM(1);                                                        \
+        TB_DO_JUMP(glue(op_, name), T1, 0, PARAM(1));                         \
     }                                                                         \
-    regs->nip = T0;                                                           \
     RETURN();                                                                 \
 }
 #define __PPC_OP_BCL(name, cond, target)                                      \
 PPC_OP(name)                                                                  \
 {                                                                             \
+    regs->lr = PARAM(1);                                                      \
     if (cond) {                                                               \
-        T0 = (target);                                                        \
-        regs->LR = PARAM(1);                                                  \
+        TB_DO_JUMP(glue(op_, name), T1, 1, (target));                         \
     } else {                                                                  \
-        T0 = PARAM(1);                                                        \
+        TB_DO_JUMP(glue(op_, name), T1, 0, PARAM(1));                         \
+    }                                                                         \
+    RETURN();                                                                 \
+}
+
+#define __PPC_OP_BCLRL(name, cond, target)                                    \
+PPC_OP(name)                                                                  \
+{                                                                             \
+    T2 = (target);                                                            \
+    regs->lr = PARAM(1);                                                      \
+    if (cond) {                                                               \
+        TB_DO_JUMP(glue(op_, name), T1, 1, T2);                               \
+    } else {                                                                  \
+        TB_DO_JUMP(glue(op_, name), T1, 0, PARAM(1));                         \
     }                                                                         \
-    regs->nip = T0;                                                           \
     RETURN();                                                                 \
 }
@@ -396,48 +550,56 @@ __PPC_OP_BCL(namel, cond, target)
 #define PPC_OP_BC(name, cond)                                                 \
 _PPC_OP_BC(b_##name, bl_##name, cond, PARAM(2))
-PPC_OP_B(b, PARAM(1));
-PPC_OP_BC(ctr,        (regs->CTR != 0));
-PPC_OP_BC(ctr_true,   (regs->CTR != 0 && (T0 & PARAM(3)) != 0));
-PPC_OP_BC(ctr_false,  (regs->CTR != 0 && (T0 & PARAM(3)) == 0));
-PPC_OP_BC(ctrz,       (regs->CTR == 0));
-PPC_OP_BC(ctrz_true,  (regs->CTR == 0 && (T0 & PARAM(3)) != 0));
-PPC_OP_BC(ctrz_false, (regs->CTR == 0 && (T0 & PARAM(3)) == 0));
+PPC_OP_B(b, PARAM(1), PARAM(2));
+PPC_OP_BC(ctr,        (regs->ctr != 0));
+PPC_OP_BC(ctr_true,   (regs->ctr != 0 && (T0 & PARAM(3)) != 0));
+PPC_OP_BC(ctr_false,  (regs->ctr != 0 && (T0 & PARAM(3)) == 0));
+PPC_OP_BC(ctrz,       (regs->ctr == 0));
+PPC_OP_BC(ctrz_true,  (regs->ctr == 0 && (T0 & PARAM(3)) != 0));
+PPC_OP_BC(ctrz_false, (regs->ctr == 0 && (T0 & PARAM(3)) == 0));
 PPC_OP_BC(true,       ((T0 & PARAM(3)) != 0));
 PPC_OP_BC(false,      ((T0 & PARAM(3)) == 0));
 /* Branch to CTR */
 #define PPC_OP_BCCTR(name, cond)                                              \
-_PPC_OP_BC(bctr_##name, bctrl_##name, cond, regs->CTR & ~0x03)
-
-PPC_OP_B(bctr, regs->CTR & ~0x03);
-PPC_OP_BCCTR(ctr,        (regs->CTR != 0));
-PPC_OP_BCCTR(ctr_true,   (regs->CTR != 0 && (T0 & PARAM(2)) != 0));
-PPC_OP_BCCTR(ctr_false,  (regs->CTR != 0 && (T0 & PARAM(2)) == 0));
-PPC_OP_BCCTR(ctrz,       (regs->CTR == 0));
-PPC_OP_BCCTR(ctrz_true,  (regs->CTR == 0 && (T0 & PARAM(2)) != 0));
-PPC_OP_BCCTR(ctrz_false, (regs->CTR == 0 && (T0 & PARAM(2)) == 0));
+_PPC_OP_BC(bctr_##name, bctrl_##name, cond, regs->ctr & ~0x03)
+
+PPC_OP_B(bctr, regs->ctr & ~0x03, PARAM(1));
+PPC_OP_BCCTR(ctr,        (regs->ctr != 0));
+PPC_OP_BCCTR(ctr_true,   (regs->ctr != 0 && (T0 & PARAM(2)) != 0));
+PPC_OP_BCCTR(ctr_false,  (regs->ctr != 0 && (T0 & PARAM(2)) == 0));
+PPC_OP_BCCTR(ctrz,       (regs->ctr == 0));
+PPC_OP_BCCTR(ctrz_true,  (regs->ctr == 0 && (T0 & PARAM(2)) != 0));
+PPC_OP_BCCTR(ctrz_false, (regs->ctr == 0 && (T0 & PARAM(2)) == 0));
 PPC_OP_BCCTR(true,       ((T0 & PARAM(2)) != 0));
 PPC_OP_BCCTR(false,      ((T0 & PARAM(2)) == 0));
 /* Branch to LR */
 #define PPC_OP_BCLR(name, cond)                                               \
-_PPC_OP_BC(blr_##name, blrl_##name, cond, regs->LR & ~0x03)
-
-PPC_OP_B(blr, regs->LR & ~0x03);
-PPC_OP_BCLR(ctr,        (regs->CTR != 0));
-PPC_OP_BCLR(ctr_true,   (regs->CTR != 0 && (T0 & PARAM(2)) != 0));
-PPC_OP_BCLR(ctr_false,  (regs->CTR != 0 && (T0 & PARAM(2)) == 0));
-PPC_OP_BCLR(ctrz,       (regs->CTR == 0));
-PPC_OP_BCLR(ctrz_true,  (regs->CTR == 0 && (T0 & PARAM(2)) != 0));
-PPC_OP_BCLR(ctrz_false, (regs->CTR == 0 && (T0 & PARAM(2)) == 0));
+__PPC_OP_BC(blr_##name, cond, regs->lr & ~0x03);                              \
+__PPC_OP_BCLRL(blrl_##name, cond, regs->lr & ~0x03)
+
+__PPC_OP_B(blr, regs->lr & ~0x03);
+PPC_OP(blrl)
+{
+    T0 = regs->lr & ~0x03;
+    regs->lr = PARAM(1);
+    TB_DO_JUMP(op_blrl, T1, 0, T0);
+    RETURN();
+}
+PPC_OP_BCLR(ctr,        (regs->ctr != 0));
+PPC_OP_BCLR(ctr_true,   (regs->ctr != 0 && (T0 & PARAM(2)) != 0));
+PPC_OP_BCLR(ctr_false,  (regs->ctr != 0 && (T0 & PARAM(2)) == 0));
+PPC_OP_BCLR(ctrz,       (regs->ctr == 0));
+PPC_OP_BCLR(ctrz_true,  (regs->ctr == 0 && (T0 & PARAM(2)) != 0));
+PPC_OP_BCLR(ctrz_false, (regs->ctr == 0 && (T0 & PARAM(2)) == 0));
 PPC_OP_BCLR(true,       ((T0 & PARAM(2)) != 0));
 PPC_OP_BCLR(false,      ((T0 & PARAM(2)) == 0));
 /* CTR maintenance */
 PPC_OP(dec_ctr)
 {
-    regs->CTR--;
+    regs->ctr--;
     RETURN();
 }
@@ -1077,7 +1239,7 @@ PPC_OP(slw)
 /* shift right algebraic word */
 PPC_OP(sraw)
 {
-    Ts0 = do_sraw(Ts0, T1);
+    do_sraw();
     RETURN();
 }
@@ -1106,313 +1268,280 @@ PPC_OP(srw)
 }
 /***                       Floating-Point arithmetic                       ***/
-
-/***                     Floating-Point multiply-and-add                   ***/
-
-/***                     Floating-Point round & convert                    ***/
-
-/***                         Floating-Point compare                        ***/
-
-/***                  Floating-Point status & ctrl register                ***/
-
-/***                             Integer load                              ***/
-#define ld16x(x) s_ext16(ld16(x))
-#define PPC_ILD_OPX(name, op)                                                 \
-PPC_OP(l##name##x_z)                                                          \
-{                                                                             \
-    T1 = op(T0);                                                              \
-    RETURN();                                                                 \
-}                                                                             \
-PPC_OP(l##name##x)                                                            \
-{                                                                             \
-    T0 += T1;                                                                 \
-    T1 = op(T0);                                                              \
-    RETURN();                                                                 \
-}
-
-#define PPC_ILD_OP(name, op)                                                  \
-PPC_OP(l##name##_z)                                                           \
-{                                                                             \
-    T1 = op(SPARAM(1));                                                       \
-    RETURN();                                                                 \
-}                                                                             \
-PPC_OP(l##name)                                                               \
-{                                                                             \
-    T0 += SPARAM(1);                                                          \
-    T1 = op(T0);                                                              \
-    RETURN();                                                                 \
-}                                                                             \
-PPC_ILD_OPX(name, op)
-
-PPC_ILD_OP(bz, ld8);
-PPC_ILD_OP(ha, ld16x);
-PPC_ILD_OP(hz, ld16);
-PPC_ILD_OP(wz, ld32);
-
-/***                              Integer store                            ***/
-#define PPC_IST_OPX(name, op)                                                 \
-PPC_OP(st##name##x_z)                                                         \
-{                                                                             \
-    op(T0, T1);                                                               \
-    RETURN();                                                                 \
-}                                                                             \
-PPC_OP(st##name##x)                                                           \
-{                                                                             \
-    T0 += T1;                                                                 \
-    op(T0, T2);                                                               \
-    RETURN();                                                                 \
-}
-
-#define PPC_IST_OP(name, op)                                                  \
-PPC_OP(st##name##_z)                                                          \
-{                                                                             \
-    op(SPARAM(1), T0);                                                        \
-    RETURN();                                                                 \
-}                                                                             \
-PPC_OP(st##name)                                                              \
-{                                                                             \
-    T0 += SPARAM(1);                                                          \
-    op(T0, T1);                                                               \
-    RETURN();                                                                 \
-}                                                                             \
-PPC_IST_OPX(name, op);
-
-PPC_IST_OP(b, st8);
-PPC_IST_OP(h, st16);
-PPC_IST_OP(w, st32);
-
-/***                Integer load and store with byte reverse               ***/
-PPC_ILD_OPX(hbr, ld16r);
-PPC_ILD_OPX(wbr, ld32r);
-PPC_IST_OPX(hbr, st16r);
-PPC_IST_OPX(wbr, st32r);
-
-/***                    Integer load and store multiple                    ***/
-PPC_OP(lmw)
+/* fadd - fadd. */
+PPC_OP(fadd)
 {
-    do_lmw(PARAM(1), SPARAM(2) + T0);
+    FT0 += FT1;
     RETURN();
 }
-PPC_OP(stmw)
+/* fadds - fadds. */
+PPC_OP(fadds)
 {
-    do_stmw(PARAM(1), SPARAM(2) + T0);
+    FTS0 += FTS1;
     RETURN();
 }
-/***                    Integer load and store strings                     ***/
-PPC_OP(lswi)
+/* fsub - fsub. */
+PPC_OP(fsub)
 {
-    do_lsw(PARAM(1), PARAM(2), T0);
+    FT0 -= FT1;
     RETURN();
 }
-PPC_OP(lswx)
+/* fsubs - fsubs. */
+PPC_OP(fsubs)
 {
-    do_lsw(PARAM(1), T0, T1 + T2);
+    FTS0 -= FTS1;
     RETURN();
 }
-PPC_OP(stswi_z)
+/* fmul - fmul. */
+PPC_OP(fmul)
 {
-    do_stsw(PARAM(1), PARAM(2), 0);
+    FT0 *= FT1;
     RETURN();
 }
-PPC_OP(stswi)
+/* fmuls - fmuls. */
+PPC_OP(fmuls)
 {
-    do_stsw(PARAM(1), PARAM(2), T0);
+    FTS0 *= FTS1;
     RETURN();
 }
-PPC_OP(stswx_z)
+/* fdiv - fdiv. */
+PPC_OP(fdiv)
 {
-    do_stsw(PARAM(1), T0, T1);
+    FT0 /= FT1;
     RETURN();
 }
-PPC_OP(stswx)
+/* fdivs - fdivs. */
+PPC_OP(fdivs)
 {
-    do_stsw(PARAM(1), T0, T1 + T2);
+    FTS0 /= FTS1;
     RETURN();
 }
-/* SPR */
-PPC_OP(load_spr)
+/* fsqrt - fsqrt. */
+PPC_OP(fsqrt)
 {
-    T0 = regs->spr[PARAM(1)];
+    do_fsqrt();
+    RETURN();
 }
-PPC_OP(store_spr)
+/* fsqrts - fsqrts. */
+PPC_OP(fsqrts)
 {
-    regs->spr[PARAM(1)] = T0;
+    do_fsqrts();
+    RETURN();
 }
-/***                         Floating-point store                          ***/
-
-PPC_OP(stfd_z_FT0)
+/* fres - fres. */
+PPC_OP(fres)
 {
-    stfq((void *)SPARAM(1), FT0);
+    do_fres();
+    RETURN();
 }
-PPC_OP(stfd_FT0)
+/* frsqrte  - frsqrte. */
+PPC_OP(frsqrte)
 {
-    T0 += SPARAM(1);
-    stfq((void *)T0, FT0);
+    do_fsqrte();
+    RETURN();
 }
-PPC_OP(stfdx_z_FT0)
+/* fsel - fsel. */
+PPC_OP(fsel)
 {
-    stfq((void *)T0, FT0);
+    do_fsel();
+    RETURN();
 }
-PPC_OP(stfdx_FT0)
+/***                     Floating-Point multiply-and-add                   ***/
+/* fmadd - fmadd. */
+PPC_OP(fmadd)
 {
-    T0 += T1;
-    stfq((void *)T0, FT0);
+    FT0 = (FT0 * FT1) + FT2;
+    RETURN();
 }
-PPC_OP(stfs_z_FT0)
+/* fmadds - fmadds. */
+PPC_OP(fmadds)
 {
-    float tmp = FT0;
-    stfl((void *)SPARAM(1), tmp);
+    FTS0 = (FTS0 * FTS1) + FTS2;
+    RETURN();
 }
-PPC_OP(stfs_FT0)
+/* fmsub - fmsub. */
+PPC_OP(fmsub)
 {
-    float tmp = FT0;
-    T0 += SPARAM(1);
-    stfl((void *)T0, tmp);
+    FT0 = (FT0 * FT1) - FT2;
+    RETURN();
 }
-PPC_OP(stfsx_z_FT0)
+/* fmsubs - fmsubs. */
+PPC_OP(fmsubs)
 {
-    float tmp = FT0;
-    stfl((void *)T0, tmp);
+    FTS0 = (FTS0 * FTS1) - FTS2;
+    RETURN();
 }
-PPC_OP(stfsx_FT0)
+/* fnmadd - fnmadd. - fnmadds - fnmadds. */
+PPC_OP(fnmadd)
 {
-    float tmp = FT0;
-    T0 += T1;
-    stfl((void *)T0, tmp);
+    FT0 = -((FT0 * FT1) + FT2);
+    RETURN();
 }
-/***                         Floating-point load                          ***/
-PPC_OP(lfd_z_FT0)
+/* fnmadds - fnmadds. */
+PPC_OP(fnmadds)
 {
-    FT0 = ldfq((void *)SPARAM(1));
+    FTS0 = -((FTS0 * FTS1) + FTS2);
+    RETURN();
 }
-PPC_OP(lfd_FT0)
+/* fnmsub - fnmsub. */
+PPC_OP(fnmsub)
 {
-    T0 += SPARAM(1);
-    FT0 = ldfq((void *)T0);
+    FT0 = -((FT0 * FT1) - FT2);
+    RETURN();
 }
-PPC_OP(lfdx_z_FT0)
+/* fnmsubs - fnmsubs. */
+PPC_OP(fnmsubs)
 {
-    FT0 = ldfq((void *)T0);
+    FTS0 = -((FTS0 * FTS1) - FTS2);
+    RETURN();
 }
-PPC_OP(lfdx_FT0)
+/***                     Floating-Point round & convert                    ***/
+/* frsp - frsp. */
+PPC_OP(frsp)
 {
-    T0 += T1;
-    FT0 = ldfq((void *)T0);
+    FT0 = FTS0;
+    RETURN();
 }
-PPC_OP(lfs_z_FT0)
+/* fctiw - fctiw. */
+PPC_OP(fctiw)
 {
-    float tmp = ldfl((void *)SPARAM(1));
-    FT0 = tmp;
+    do_fctiw();
+    RETURN();
 }
-PPC_OP(lfs_FT0)
+/* fctiwz - fctiwz. */
+PPC_OP(fctiwz)
 {
-    float tmp;
-    T0 += SPARAM(1);
-    tmp = ldfl((void *)T0);
-    FT0 = tmp;
+    do_fctiwz();
+    RETURN();
 }
-PPC_OP(lfsx_z_FT0)
+
+/***                         Floating-Point compare                        ***/
+/* fcmpu */
+PPC_OP(fcmpu)
 {
-    float tmp;
-    tmp = ldfl((void *)T0);
-    FT0 = tmp;
+    do_fcmpu();
+    RETURN();
 }
-PPC_OP(lfsx_FT0)
+/* fcmpo */
+PPC_OP(fcmpo)
 {
-    float tmp;
-    T0 += T1;
-    tmp = ldfl((void *)T0);
-    FT0 = tmp;
+    do_fcmpo();
+    RETURN();
 }
-PPC_OP(lwarx_z)
+/***                         Floating-point move                           ***/
+/* fabs */
+PPC_OP(fabs)
 {
-    T1 = ld32(T0);
-    regs->reserve = T0;
+    do_fabs();
     RETURN();
 }
-PPC_OP(lwarx)
+/* fnabs */
+PPC_OP(fnabs)
 {
-    T0 += T1;
-    T1 = ld32(T0);
-    regs->reserve = T0;
+    do_fnabs();
     RETURN();
 }
-PPC_OP(stwcx_z)
+/* fneg */
+PPC_OP(fneg)
 {
-    if (regs->reserve != T0) {
-        env->crf[0] = xer_ov;
-    } else {
-        st32(T0, T1);
-        env->crf[0] = xer_ov | 0x02;
-    }
-    regs->reserve = 0;
+    FT0 = -FT0;
     RETURN();
 }
-PPC_OP(stwcx)
+/* Load and store */
+#if defined(CONFIG_USER_ONLY)
+#define MEMSUFFIX _raw
+#include "op_mem.h"
+#else
+#define MEMSUFFIX _user
+#include "op_mem.h"
+
+#define MEMSUFFIX _kernel
+#include "op_mem.h"
+#endif
+
+/* Return from interrupt */
+PPC_OP(rfi)
 {
-    T0 += T1;
-    if (regs->reserve != (T0 & ~0x03)) {
-        env->crf[0] = xer_ov;
-    } else {
-        st32(T0, T2);
-        env->crf[0] = xer_ov | 0x02;
+    T0 = regs->spr[SRR1] & ~0xFFFF0000;
+    do_store_msr();
+    do_tlbia();
+    dump_rfi();
+    regs->nip = regs->spr[SRR0] & ~0x00000003;
+    if (env->exceptions != 0) {
+        do_check_exception_state();
     }
-    regs->reserve = 0;
     RETURN();
 }
-PPC_OP(dcbz_z)
+/* Trap word */
+PPC_OP(tw)
 {
-    do_dcbz();
+    if ((Ts0 < Ts1 && (PARAM(1) & 0x10)) ||
+        (Ts0 > Ts1 && (PARAM(1) & 0x08)) ||
+        (Ts0 == Ts1 && (PARAM(1) & 0x04)) ||
+        (T0 < T1 && (PARAM(1) & 0x02)) ||
+        (T0 > T1 && (PARAM(1) & 0x01)))
+        do_queue_exception_err(EXCP_PROGRAM, EXCP_TRAP);
     RETURN();
 }
-PPC_OP(dcbz)
+PPC_OP(twi)
 {
-    T0 += T1;
-    do_dcbz();
+    if ((Ts0 < SPARAM(1) && (PARAM(2) & 0x10)) ||
+        (Ts0 > SPARAM(1) && (PARAM(2) & 0x08)) ||
+        (Ts0 == SPARAM(1) && (PARAM(2) & 0x04)) ||
+        (T0 < (uint32_t)SPARAM(1) && (PARAM(2) & 0x02)) ||
+        (T0 > (uint32_t)SPARAM(1) && (PARAM(2) & 0x01)))
+        do_queue_exception_err(EXCP_PROGRAM, EXCP_TRAP);
     RETURN();
 }
 /* Instruction cache block invalidate */
-PPC_OP(icbi_z)
+PPC_OP(icbi)
 {
     do_icbi();
     RETURN();
 }
-PPC_OP(icbi)
+/* tlbia */
+PPC_OP(tlbia)
 {
-    T0 += T1;
-    do_icbi();
+    do_tlbia();
+    RETURN();
+}
+
+/* tlbie */
+PPC_OP(tlbie)
+{
+    do_tlbie();
     RETURN();
 }
+/*
+ *  PPC emulation helpers for qemu.
+ * 
+ *  Copyright (c) 2003 Jocelyn Mayer
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+#include <math.h>
+#include "exec.h"
+
+#if defined(CONFIG_USER_ONLY)
+#define MEMSUFFIX _raw
+#include "op_helper_mem.h"
+#else
+#define MEMSUFFIX _user
+#include "op_helper_mem.h"
+#define MEMSUFFIX _kernel
+#include "op_helper_mem.h"
+#endif
+
+/*****************************************************************************/
+/* Exceptions processing helpers */
+void do_queue_exception_err (uint32_t exception, int error_code)
+{
+    /* Queue real PPC exceptions */
+    if (exception < EXCP_PPC_MAX) {
+        env->exceptions |= 1 << exception;
+        env->errors[exception] = error_code;
+    } else {
+        /* Preserve compatibility with qemu core */
+        env->exceptions |= 1;
+        env->exception_index = exception;
+        env->error_code = error_code;
+    }
+}
+
+void do_queue_exception (uint32_t exception)
+{
+    do_queue_exception_err(exception, 0);
+}
+
+void do_check_exception_state (void)
+{
+    if ((env->exceptions & 1) == 1 || check_exception_state(env)) {
+        env->exceptions &= ~1;
+        cpu_loop_exit();
+    }
+}
+
+/*****************************************************************************/
+/* Helpers for "fat" micro operations */
+/* Special registers load and store */
+void do_load_cr (void)
+{
+    T0 = (env->crf[0] << 28) |
+        (env->crf[1] << 24) |
+        (env->crf[2] << 20) |
+        (env->crf[3] << 16) |
+        (env->crf[4] << 12) |
+        (env->crf[5] << 8) |
+        (env->crf[6] << 4) |
+        (env->crf[7] << 0);
+}
+
+void do_store_cr (uint32_t mask)
+{
+    int i, sh;
+
+    for (i = 0, sh = 7; i < 8; i++, sh --) {
+        if (mask & (1 << sh))
+            env->crf[i] = (T0 >> (sh * 4)) & 0xF;
+    }
+}
+
+void do_load_xer (void)
+{
+    T0 = (xer_so << XER_SO) |
+        (xer_ov << XER_OV) |
+        (xer_ca << XER_CA) |
+        (xer_bc << XER_BC);
+}
+
+void do_store_xer (void)
+{
+    xer_so = (T0 >> XER_SO) & 0x01;
+    xer_ov = (T0 >> XER_OV) & 0x01;
+    xer_ca = (T0 >> XER_CA) & 0x01;
+    xer_bc = (T0 >> XER_BC) & 0x1f;
+}
+
+void do_load_msr (void)
+{
+    T0 = (msr_pow << MSR_POW) |
+        (msr_ile << MSR_ILE) |
+        (msr_ee << MSR_EE) |
+        (msr_pr << MSR_PR) |
+        (msr_fp << MSR_FP) |
+        (msr_me << MSR_ME) |
+        (msr_fe0 << MSR_FE0) |
+        (msr_se << MSR_SE) |
+        (msr_be << MSR_BE) |
+        (msr_fe1 << MSR_FE1) |
+        (msr_ip << MSR_IP) |
+        (msr_ir << MSR_IR) |
+        (msr_dr << MSR_DR) |
+        (msr_ri << MSR_RI) |
+        (msr_le << MSR_LE);
+}
+
+void do_store_msr (void)
+{
+    if (((T0 >> MSR_IR) & 0x01) != msr_ir ||
+        ((T0 >> MSR_DR) & 0x01) != msr_dr ||
+        ((T0 >> MSR_PR) & 0x01) != msr_pr) {
+        /* Flush all tlb when changing translation mode or privilege level */
+        do_tlbia();
+    }
+#if 0
+    if ((T0 >> MSR_IP) & 0x01) {
+        printf("Halting CPU. Stop emulation\n");
+        do_queue_exception(EXCP_HLT);
+        cpu_loop_exit();
+    }
+#endif
+    msr_pow = (T0 >> MSR_POW) & 0x03;
+    msr_ile = (T0 >> MSR_ILE) & 0x01;
+    msr_ee = (T0 >> MSR_EE) & 0x01;
+    msr_pr = (T0 >> MSR_PR) & 0x01;
+    msr_fp = (T0 >> MSR_FP) & 0x01;
+    msr_me = (T0 >> MSR_ME) & 0x01;
+    msr_fe0 = (T0 >> MSR_FE0) & 0x01;
+    msr_se = (T0 >> MSR_SE) & 0x01;
+    msr_be = (T0 >> MSR_BE) & 0x01;
+    msr_fe1 = (T0 >> MSR_FE1) & 0x01;
+    msr_ip = (T0 >> MSR_IP) & 0x01;
+    msr_ir = (T0 >> MSR_IR) & 0x01;
+    msr_dr = (T0 >> MSR_DR) & 0x01;
+    msr_ri = (T0 >> MSR_RI) & 0x01;
+    msr_le = (T0 >> MSR_LE) & 0x01;
+}
+
+/* shift right arithmetic helper */
+void do_sraw (void)
+{
+    int32_t ret;
+
+    xer_ca = 0;
+    if (T1 & 0x20) {
+        ret = (-1) * (T0 >> 31);
+        if (ret < 0)
+            xer_ca = 1;
+    } else {
+        ret = (int32_t)T0 >> (T1 & 0x1f);
+        if (ret < 0 && ((int32_t)T0 & ((1 << T1) - 1)) != 0)
+            xer_ca = 1;
+    }
+    (int32_t)T0 = ret;
+}
+
+/* Floating point operations helpers */
+void do_load_fpscr (void)
+{
+    /* The 32 MSB of the target fpr are undefined.
+     * They'll be zero...
+     */
+    union {
+        double d;
+        struct {
+            uint32_t u[2];
+        } s;
+    } u;
+    int i;
+
+    u.s.u[0] = 0;
+    u.s.u[1] = 0;
+    for (i = 0; i < 8; i++)
+        u.s.u[1] |= env->fpscr[i] << (4 * i);
+    FT0 = u.d;
+}
+
+void do_store_fpscr (uint32_t mask)
+{
+    /*
+     * We use only the 32 LSB of the incoming fpr
+     */
+    union {
+        double d;
+        struct {
+            uint32_t u[2];
+        } s;
+    } u;
+    int i;
+
+    u.d = FT0;
+    if (mask & 0x80)
+        env->fpscr[0] = (env->fpscr[0] & 0x9) | ((u.s.u[1] >> 28) & ~0x9);
+    for (i = 1; i < 7; i++) {
+        if (mask & (1 << (7 - i)))
+            env->fpscr[i] = (u.s.u[1] >> (4 * (7 - i))) & 0xF;
+    }
+    /* TODO: update FEX & VX */
+    /* Set rounding mode */
+    switch (env->fpscr[0] & 0x3) {
+    case 0:
+        /* Best approximation (round to nearest) */
+        fesetround(FE_TONEAREST);
+        break;
+    case 1:
+        /* Smaller magnitude (round toward zero) */
+        fesetround(FE_TOWARDZERO);
+        break;
+    case 2:
+        /* Round toward +infinite */
+        fesetround(FE_UPWARD);
+        break;
+    case 3:
+        /* Round toward -infinite */
+        fesetround(FE_DOWNWARD);
+        break;
+    }
+}
+
+void do_fctiw (void)
+{
+    union {
+        double d;
+        uint64_t i;
+    } *p = (void *)&FT1;
+
+    if (FT0 > (double)0x7FFFFFFF)
+        p->i = 0x7FFFFFFFULL << 32;
+    else if (FT0 < -(double)0x80000000)
+        p->i = 0x80000000ULL << 32;
+    else
+        p->i = 0;
+    p->i |= (uint32_t)FT0;
+    FT0 = p->d;
+}
+
+void do_fctiwz (void)
+{
+    union {
+        double d;
+        uint64_t i;
+    } *p = (void *)&FT1;
+    int cround = fegetround();
+
+    fesetround(FE_TOWARDZERO);
+    if (FT0 > (double)0x7FFFFFFF)
+        p->i = 0x7FFFFFFFULL << 32;
+    else if (FT0 < -(double)0x80000000)
+        p->i = 0x80000000ULL << 32;
+    else
+        p->i = 0;
+    p->i |= (uint32_t)FT0;
+    FT0 = p->d;
+    fesetround(cround);
+}
+
+void do_fsqrt (void)
+{
+    FT0 = sqrt(FT0);
+}
+
+void do_fsqrts (void)
+{
+    FT0 = (float)sqrt((float)FT0);
+}
+
+void do_fres (void)
+{
+    FT0 = 1.0 / FT0;
+}
+
+void do_fsqrte (void)
+{
+    FT0 = 1.0 / sqrt(FT0);
+}
+
+void do_fsel (void)
+{
+    if (FT0 >= 0)
+        FT0 = FT2;
+    else
+        FT0 = FT1;
+}
+
+void do_fcmpu (void)
+{
+    env->fpscr[4] &= ~0x1;
+    if (isnan(FT0) || isnan(FT1)) {
+        T0 = 0x01;
+        env->fpscr[4] |= 0x1;
+        env->fpscr[6] |= 0x1;
+    } else if (FT0 < FT1) {
+        T0 = 0x08;
+    } else if (FT0 > FT1) {
+        T0 = 0x04;
+    } else {
+        T0 = 0x02;
+    }
+    env->fpscr[3] |= T0;
+}
+
+void do_fcmpo (void)
+{
+    env->fpscr[4] &= ~0x1;
+    if (isnan(FT0) || isnan(FT1)) {
+        T0 = 0x01;
+        env->fpscr[4] |= 0x1;
+        /* I don't know how to test "quiet" nan... */
+        if (0 /* || ! quiet_nan(...) */) {
+            env->fpscr[6] |= 0x1;
+            if (!(env->fpscr[1] & 0x8))
+                env->fpscr[4] |= 0x8;
+        } else {
+            env->fpscr[4] |= 0x8;
+        }
+    } else if (FT0 < FT1) {
+        T0 = 0x08;
+    } else if (FT0 > FT1) {
+        T0 = 0x04;
+    } else {
+        T0 = 0x02;
+    }
+    env->fpscr[3] |= T0;
+}
+
+void do_fabs (void)
+{
+    FT0 = fabsl(FT0);
+}
+
+void do_fnabs (void)
+{
+    FT0 = -fabsl(FT0);
+}
+
+/* Instruction cache invalidation helper */
+void do_icbi (void)
+{
+    //    tb_invalidate_page(T0);
+}
+
+/* TLB invalidation helpers */
+void do_tlbia (void)
+{
+    tlb_flush(env);
+}
+
+void do_tlbie (void)
+{
+    tlb_flush_page(env, T0);
+}
+
+/*****************************************************************************/
+/* Special helpers for debug */
+void dump_rfi (void)
+{
+#if 0
+    printf("Return from interrupt\n");
+    printf("nip=0x%08x LR=0x%08x CTR=0x%08x MSR=0x%08x\n",
+           env->nip, env->lr, env->ctr,
+           (msr_pow << MSR_POW) | (msr_ile << MSR_ILE) | (msr_ee << MSR_EE) |
+           (msr_pr  << MSR_PR)  | (msr_fp  << MSR_FP)  | (msr_me << MSR_ME) |
+           (msr_fe0 << MSR_FE0) | (msr_se  << MSR_SE)  | (msr_be << MSR_BE) |
+           (msr_fe1 << MSR_FE1) | (msr_ip  << MSR_IP)  | (msr_ir << MSR_IR) |
+           (msr_dr  << MSR_DR)  | (msr_ri  << MSR_RI)  | (msr_le << MSR_LE));
+    {
+        int  i;
+        for (i = 0; i < 32; i++) {
+            if ((i & 7) == 0)
+                printf("GPR%02d:", i);
+            printf(" %08x", env->gpr[i]);
+            if ((i & 7) == 7)
+                printf("\n");
+        }
+        printf("CR: 0x");
+        for (i = 0; i < 8; i++)
+            printf("%01x", env->crf[i]);
+        printf("  [");
+        for (i = 0; i < 8; i++) {
+            char a = '-';
+            if (env->crf[i] & 0x08)
+                a = 'L';
+            else if (env->crf[i] & 0x04)
+                a = 'G';
+            else if (env->crf[i] & 0x02)
+                a = 'E';
+            printf(" %c%c", a, env->crf[i] & 0x01 ? 'O' : ' ');
+        }
+        printf(" ] ");
+    }
+    printf("TB: 0x%08x %08x\n", env->tb[1], env->tb[0]);
+    printf("SRR0 0x%08x SRR1 0x%08x\n", env->spr[SRR0], env->spr[SRR1]);
+#endif
+}
+
+void dump_store_sr (int srnum)
+{
+#if 0
+    printf("%s: reg=%d 0x%08x\n", __func__, srnum, T0);
+#endif
+}
+
+static void _dump_store_bat (char ID, int ul, int nr)
+{
+    printf("Set %cBAT%d%c to 0x%08x (0x%08x)\n",
+           ID, nr, ul == 0 ? 'u' : 'l', T0, env->nip);
+}
+
+void dump_store_ibat (int ul, int nr)
+{
+    _dump_store_bat('I', ul, nr);
+}
+
+void dump_store_dbat (int ul, int nr)
+{
+    _dump_store_bat('D', ul, nr);
+}
+
+void dump_store_tb (int ul)
+{
+    printf("Set TB%c to 0x%08x\n", ul == 0 ? 'L' : 'U', T0);
+}
+
+void dump_update_tb(uint32_t param)
+{
+#if 0
+    printf("Update TB: 0x%08x + %d => 0x%08x\n", T1, param, T0);
+#endif
+}
+
+void glue(do_lsw, MEMSUFFIX) (int dst)
+{
+    uint32_t tmp;
+    int sh;
+
+    if (loglevel > 0) {
+        fprintf(logfile, "%s: addr=0x%08x count=%d reg=%d\n",
+                __func__, T0, T1, dst);
+    }
+    for (; T1 > 3; T1 -= 4, T0 += 4) {
+        ugpr(dst++) = glue(_ldl, MEMSUFFIX)((void *)T0, ACCESS_INT);
+        if (dst == 32)
+            dst = 0;
+    }
+    if (T1 > 0) {
+        tmp = 0;
+        for (sh = 24; T1 > 0; T1--, T0++, sh -= 8) {
+            tmp |= glue(_ldub, MEMSUFFIX)((void *)T0, ACCESS_INT) << sh;
+        }
+        ugpr(dst) = tmp;
+    }
+}
+
+void glue(do_stsw, MEMSUFFIX) (int src)
+{
+    int sh;
+
+    if (loglevel > 0) {
+        fprintf(logfile, "%s: addr=0x%08x count=%d reg=%d\n",
+                __func__, T0, T1, src);
+    }
+    for (; T1 > 3; T1 -= 4, T0 += 4) {
+        glue(_stl, MEMSUFFIX)((void *)T0, ugpr(src++), ACCESS_INT);
+        if (src == 32)
+            src = 0;
+    }
+    if (T1 > 0) {
+        for (sh = 24; T1 > 0; T1--, T0++, sh -= 8)
+            glue(_stb, MEMSUFFIX)((void *)T0, (ugpr(src) >> sh) & 0xFF,
+                                  ACCESS_INT);
+    }
+}
+
+#undef MEMSUFFIX
+/* External helpers */
+void glue(do_lsw, MEMSUFFIX) (int dst);
+void glue(do_stsw, MEMSUFFIX) (int src);
+
+/* Internal helpers for sign extension and byte-reverse */
+static inline uint32_t glue(_ld16x, MEMSUFFIX) (void *EA, int type)
+{
+    return s_ext16(glue(_lduw, MEMSUFFIX)(EA, type));
+}
+
+static inline uint16_t glue(_ld16r, MEMSUFFIX) (void *EA, int type)
+{
+    uint16_t tmp = glue(_lduw, MEMSUFFIX)(EA, type);
+    return ((tmp & 0xFF00) >> 8) | ((tmp & 0x00FF) << 8);
+}
+
+static inline uint32_t glue(_ld32r, MEMSUFFIX) (void *EA, int type)
+{
+    uint32_t tmp = glue(_ldl, MEMSUFFIX)(EA, type);
+    return ((tmp & 0xFF000000) >> 24) | ((tmp & 0x00FF0000) >> 8) |
+        ((tmp & 0x0000FF00) << 8) | ((tmp & 0x000000FF) << 24);
+}
+
+static inline void glue(_st16r, MEMSUFFIX) (void *EA, uint16_t data, int type)
+{
+    uint16_t tmp = ((data & 0xFF00) >> 8) | ((data & 0x00FF) << 8);
+    glue(_stw, MEMSUFFIX)(EA, tmp, type);
+}
+
+static inline void glue(_st32r, MEMSUFFIX) (void *EA, uint32_t data, int type)
+{
+    uint32_t tmp = ((data & 0xFF000000) >> 24) | ((data & 0x00FF0000) >> 8) |
+        ((data & 0x0000FF00) << 8) | ((data & 0x000000FF) << 24);
+    glue(_stl, MEMSUFFIX)(EA, tmp, type);
+}
+
+/***                             Integer load                              ***/
+#define PPC_LD_OP(name, op)                                                   \
+PPC_OP(glue(glue(l, name), MEMSUFFIX))                                        \
+{                                                                             \
+    T1 = glue(op, MEMSUFFIX)((void *)T0, ACCESS_INT);                         \
+    RETURN();                                                                 \
+}
+
+#define PPC_ST_OP(name, op)                                                   \
+PPC_OP(glue(glue(st, name), MEMSUFFIX))                                       \
+{                                                                             \
+    glue(op, MEMSUFFIX)((void *)T0, T1, ACCESS_INT);                          \
+    RETURN();                                                                 \
+}
+
+PPC_LD_OP(bz, _ldub);
+PPC_LD_OP(ha, _ld16x);
+PPC_LD_OP(hz, _lduw);
+PPC_LD_OP(wz, _ldl);
+
+/***                              Integer store                            ***/
+PPC_ST_OP(b, _stb);
+PPC_ST_OP(h, _stw);
+PPC_ST_OP(w, _stl);
+
+/***                Integer load and store with byte reverse               ***/
+PPC_LD_OP(hbr, _ld16r);
+PPC_LD_OP(wbr, _ld32r);
+PPC_ST_OP(hbr, _st16r);
+PPC_ST_OP(wbr, _st32r);
+
+/***                    Integer load and store multiple                    ***/
+PPC_OP(glue(lmw, MEMSUFFIX))
+{
+    int dst = PARAM(1);
+
+    for (; dst < 32; dst++, T0 += 4) {
+        ugpr(dst) = glue(_ldl, MEMSUFFIX)((void *)T0, ACCESS_INT);
+    }
+    RETURN();
+}
+
+PPC_OP(glue(stmw, MEMSUFFIX))
+{
+    int src = PARAM(1);
+
+    for (; src < 32; src++, T0 += 4) {
+        glue(_stl, MEMSUFFIX)((void *)T0, ugpr(src), ACCESS_INT);
+    }
+    RETURN();
+}
+
+/***                    Integer load and store strings                     ***/
+PPC_OP(glue(lswi, MEMSUFFIX))
+{
+    glue(do_lsw, MEMSUFFIX)(PARAM(1));
+    RETURN();
+}
+
+/* PPC32 specification says we must generate an exception if
+ * rA is in the range of registers to be loaded.
+ * In an other hand, IBM says this is valid, but rA won't be loaded.
+ * For now, I'll follow the spec...
+ */
+PPC_OP(glue(lswx, MEMSUFFIX))
+{
+    if (T1 > 0) {
+        if ((PARAM(1) < PARAM(2) && (PARAM(1) + T1) > PARAM(2)) ||
+            (PARAM(1) < PARAM(3) && (PARAM(1) + T1) > PARAM(3))) {
+            do_queue_exception_err(EXCP_PROGRAM, EXCP_INVAL | EXCP_INVAL_LSWX);
+            do_process_exceptions();
+        } else {
+            glue(do_lsw, MEMSUFFIX)(PARAM(1));
+        }
+    }
+    RETURN();
+}
+
+PPC_OP(glue(stsw, MEMSUFFIX))
+{
+    glue(do_stsw, MEMSUFFIX)(PARAM(1));
+    RETURN();
+}
+
+/***                         Floating-point store                          ***/
+#define PPC_STF_OP(name, op)                                                  \
+PPC_OP(glue(glue(st, name), MEMSUFFIX))                                       \
+{                                                                             \
+    glue(op, MEMSUFFIX)((void *)T0, FT1);                                     \
+    RETURN();                                                                 \
+}
+
+PPC_STF_OP(fd, stfq);
+PPC_STF_OP(fs, stfl);
+
+/***                         Floating-point load                           ***/
+#define PPC_LDF_OP(name, op)                                                  \
+PPC_OP(glue(glue(l, name), MEMSUFFIX))                                        \
+{                                                                             \
+    FT1 = glue(op, MEMSUFFIX)((void *)T0);                                    \
+    RETURN();                                                                 \
+}
+
+PPC_LDF_OP(fd, ldfq);
+PPC_LDF_OP(fs, ldfl);
+
+/* Store with reservation */
+PPC_OP(glue(stwcx, MEMSUFFIX))
+{
+    if (T0 & 0x03) {
+        do_queue_exception(EXCP_ALIGN);
+        do_process_exceptions();
+    } else {
+        if (regs->reserve != T0) {
+            env->crf[0] = xer_ov;
+        } else {
+            glue(_stl, MEMSUFFIX)((void *)T0, T1, ACCESS_RES);
+            env->crf[0] = xer_ov | 0x02;
+        }
+    }
+    regs->reserve = 0;
+    RETURN();
+}
+
+PPC_OP(glue(dcbz, MEMSUFFIX))
+{
+    glue(_stl, MEMSUFFIX)((void *)(T0 + 0x00), 0, ACCESS_INT);
+    glue(_stl, MEMSUFFIX)((void *)(T0 + 0x04), 0, ACCESS_INT);
+    glue(_stl, MEMSUFFIX)((void *)(T0 + 0x08), 0, ACCESS_INT);
+    glue(_stl, MEMSUFFIX)((void *)(T0 + 0x0C), 0, ACCESS_INT);
+    glue(_stl, MEMSUFFIX)((void *)(T0 + 0x10), 0, ACCESS_INT);
+    glue(_stl, MEMSUFFIX)((void *)(T0 + 0x14), 0, ACCESS_INT);
+    glue(_stl, MEMSUFFIX)((void *)(T0 + 0x18), 0, ACCESS_INT);
+    glue(_stl, MEMSUFFIX)((void *)(T0 + 0x1C), 0, ACCESS_INT);
+    RETURN();
+}
+
+/* External access */
+PPC_OP(glue(eciwx, MEMSUFFIX))
+{
+    T1 = glue(_ldl, MEMSUFFIX)((void *)T0, ACCESS_EXT);
+    RETURN();
+}
+
+PPC_OP(glue(ecowx, MEMSUFFIX))
+{
+    glue(_stl, MEMSUFFIX)((void *)T0, T1, ACCESS_EXT);
+    RETURN();
+}
+
+#undef MEMSUFFIX
@@ -18,56 +18,67 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
+/* General purpose registers moves */
 void OPPROTO glue(op_load_gpr_T0_gpr, REG)(void)
 {
     T0 = regs->gpr[REG];
+    RETURN();
 }
 void OPPROTO glue(op_load_gpr_T1_gpr, REG)(void)
 {
     T1 = regs->gpr[REG];
+    RETURN();
 }
 void OPPROTO glue(op_load_gpr_T2_gpr, REG)(void)
 {
     T2 = regs->gpr[REG];
+    RETURN();
 }
 void OPPROTO glue(op_store_T0_gpr_gpr, REG)(void)
 {
     regs->gpr[REG] = T0;
+    RETURN();
 }
 void OPPROTO glue(op_store_T1_gpr_gpr, REG)(void)
 {
     regs->gpr[REG] = T1;
+    RETURN();
 }
 void OPPROTO glue(op_store_T2_gpr_gpr, REG)(void)
 {
     regs->gpr[REG] = T2;
+    RETURN();
 }
 #if REG <= 7
-
+/* Condition register moves */
 void OPPROTO glue(op_load_crf_T0_crf, REG)(void)
 {
     T0 = regs->crf[REG];
+    RETURN();
 }
 void OPPROTO glue(op_load_crf_T1_crf, REG)(void)
 {
     T1 = regs->crf[REG];
+    RETURN();
 }
 void OPPROTO glue(op_store_T0_crf_crf, REG)(void)
 {
     regs->crf[REG] = T0;
+    RETURN();
 }
 void OPPROTO glue(op_store_T1_crf_crf, REG)(void)
 {
     regs->crf[REG] = T1;
+    RETURN();
 }
 /* Floating point condition and status register moves */
@@ -117,8 +128,6 @@ void OPPROTO glue(op_clear_fpscr_fpscr, REG)(void)
 #endif /* REG <= 7 */
-/* float moves */
-
 /* floating point registers moves */
 void OPPROTO glue(op_load_fpr_FT0_fpr, REG)(void)
 {
@@ -156,4 +165,22 @@ void OPPROTO glue(op_store_FT2_fpr_fpr, REG)(void)
     RETURN();
 }
+#if REG <= 15
+/* Segment register moves */
+void OPPROTO glue(op_load_sr, REG)(void)
+{
+    T0 = env->sr[REG];
+    RETURN();
+}
+
+void OPPROTO glue(op_store_sr, REG)(void)
+{
+#if defined (DEBUG_OP)
+    dump_store_sr(REG);
+#endif
+    env->sr[REG] = T0;
+    RETURN();
+}
+#endif
+
 #undef REG
@@ -24,6 +24,7 @@
 //#define DO_SINGLE_STEP
 //#define DO_STEP_FLUSH
+//#define DEBUG_DISAS
 enum {
 #define DEF(s, n, copy_size) INDEX_op_ ## s,
@@ -37,41 +38,49 @@ static uint32_t *gen_opparam_ptr;
 #include "gen-op.h"
-typedef void (GenOpFunc)(void);
-typedef void (GenOpFunc1)(long);
-typedef void (GenOpFunc2)(long, long);
-typedef void (GenOpFunc3)(long, long, long);
-
 #define GEN8(func, NAME) \
-static GenOpFunc *NAME ## _table [8] = {\
-NAME ## 0, NAME ## 1, NAME ## 2, NAME ## 3,\
-NAME ## 4, NAME ## 5, NAME ## 6, NAME ## 7,\
-};\
-static inline void func(int n)\
-{\
-    NAME ## _table[n]();\
+static GenOpFunc *NAME ## _table [8] = {                                      \
+NAME ## 0, NAME ## 1, NAME ## 2, NAME ## 3,                                   \
+NAME ## 4, NAME ## 5, NAME ## 6, NAME ## 7,                                   \
+};                                                                            \
+static inline void func(int n)                                                \
+{                                                                             \
+    NAME ## _table[n]();                                                      \
+}
+
+#define GEN16(func, NAME)                                                     \
+static GenOpFunc *NAME ## _table [16] = {                                     \
+NAME ## 0, NAME ## 1, NAME ## 2, NAME ## 3,                                   \
+NAME ## 4, NAME ## 5, NAME ## 6, NAME ## 7,                                   \
+NAME ## 8, NAME ## 9, NAME ## 10, NAME ## 11,                                 \
+NAME ## 12, NAME ## 13, NAME ## 14, NAME ## 15,                               \
+};                                                                            \
+static inline void func(int n)                                                \
+{                                                                             \
+    NAME ## _table[n]();                                                      \
 }
 #define GEN32(func, NAME) \
-static GenOpFunc *NAME ## _table [32] = {\
-NAME ## 0, NAME ## 1, NAME ## 2, NAME ## 3,\
-NAME ## 4, NAME ## 5, NAME ## 6, NAME ## 7,\
-NAME ## 8, NAME ## 9, NAME ## 10, NAME ## 11,\
-NAME ## 12, NAME ## 13, NAME ## 14, NAME ## 15,\
-NAME ## 16, NAME ## 17, NAME ## 18, NAME ## 19,\
-NAME ## 20, NAME ## 21, NAME ## 22, NAME ## 23,\
-NAME ## 24, NAME ## 25, NAME ## 26, NAME ## 27,\
-NAME ## 28, NAME ## 29, NAME ## 30, NAME ## 31,\
-};\
-static inline void func(int n)\
-{\
-    NAME ## _table[n]();\
-}
-
-GEN8(gen_op_load_crf_T0, gen_op_load_crf_T0_crf)
-GEN8(gen_op_load_crf_T1, gen_op_load_crf_T1_crf)
-GEN8(gen_op_store_T0_crf, gen_op_store_T0_crf_crf)
-GEN8(gen_op_store_T1_crf, gen_op_store_T1_crf_crf)
+static GenOpFunc *NAME ## _table [32] = {                                     \
+NAME ## 0, NAME ## 1, NAME ## 2, NAME ## 3,                                   \
+NAME ## 4, NAME ## 5, NAME ## 6, NAME ## 7,                                   \
+NAME ## 8, NAME ## 9, NAME ## 10, NAME ## 11,                                 \
+NAME ## 12, NAME ## 13, NAME ## 14, NAME ## 15,                               \
+NAME ## 16, NAME ## 17, NAME ## 18, NAME ## 19,                               \
+NAME ## 20, NAME ## 21, NAME ## 22, NAME ## 23,                               \
+NAME ## 24, NAME ## 25, NAME ## 26, NAME ## 27,                               \
+NAME ## 28, NAME ## 29, NAME ## 30, NAME ## 31,                               \
+};                                                                            \
+static inline void func(int n)                                                \
+{                                                                             \
+    NAME ## _table[n]();                                                      \
+}
+
+/* Condition register moves */
+GEN8(gen_op_load_crf_T0, gen_op_load_crf_T0_crf);
+GEN8(gen_op_load_crf_T1, gen_op_load_crf_T1_crf);
+GEN8(gen_op_store_T0_crf, gen_op_store_T0_crf_crf);
+GEN8(gen_op_store_T1_crf, gen_op_store_T1_crf_crf);
 /* Floating point condition and status register moves */
 GEN8(gen_op_load_fpscr_T0, gen_op_load_fpscr_T0_fpscr);
@@ -92,13 +101,18 @@ static inline void gen_op_store_T0_fpscri(int n, uint8_t param)
     (*gen_op_store_T0_fpscri_fpscr_table[n])(param);
 }
-GEN32(gen_op_load_gpr_T0, gen_op_load_gpr_T0_gpr)
-GEN32(gen_op_load_gpr_T1, gen_op_load_gpr_T1_gpr)
-GEN32(gen_op_load_gpr_T2, gen_op_load_gpr_T2_gpr)
+/* Segment register moves */
+GEN16(gen_op_load_sr, gen_op_load_sr);
+GEN16(gen_op_store_sr, gen_op_store_sr);
-GEN32(gen_op_store_T0_gpr, gen_op_store_T0_gpr_gpr)
-GEN32(gen_op_store_T1_gpr, gen_op_store_T1_gpr_gpr)
-GEN32(gen_op_store_T2_gpr, gen_op_store_T2_gpr_gpr)
+/* General purpose registers moves */
+GEN32(gen_op_load_gpr_T0, gen_op_load_gpr_T0_gpr);
+GEN32(gen_op_load_gpr_T1, gen_op_load_gpr_T1_gpr);
+GEN32(gen_op_load_gpr_T2, gen_op_load_gpr_T2_gpr);
+
+GEN32(gen_op_store_T0_gpr, gen_op_store_T0_gpr_gpr);
+GEN32(gen_op_store_T1_gpr, gen_op_store_T1_gpr_gpr);
+GEN32(gen_op_store_T2_gpr, gen_op_store_T2_gpr_gpr);
 /* floating point registers moves */
 GEN32(gen_op_load_fpr_FT0, gen_op_load_fpr_FT0_fpr);
@@ -115,53 +129,51 @@ typedef struct DisasContext {
     struct TranslationBlock *tb;
     uint32_t *nip;
     uint32_t opcode;
-    int exception;
-    int retcode;
-    /* Time base */
+    uint32_t exception;
+    /* Time base offset */
     uint32_t tb_offset;
+    /* Decrementer offset */
+    uint32_t decr_offset;
+    /* Execution mode */
+#if !defined(CONFIG_USER_ONLY)
     int supervisor;
+#endif
+    /* Routine used to access memory */
+    int mem_idx;
 } DisasContext;
 typedef struct opc_handler_t {
     /* invalid bits */
     uint32_t inval;
+    /* instruction type */
+    uint32_t type;
     /* handler */
     void (*handler)(DisasContext *ctx);
 } opc_handler_t;
-#define SET_RETVAL(n)                                                         \
+#define RET_EXCP(excp, error)                                                 \
 do {                                                                          \
-    if ((n) != 0) {                                                           \
-        ctx->exception = (n);                                                 \
-    }                                                                         \
+    gen_op_queue_exception_err(excp, error);                                  \
+    ctx->exception = excp;                                                    \
     return;                                                                   \
 } while (0)
-#define GET_RETVAL(func, __opcode)                                            \
-({                                                                            \
-    (func)(&ctx);                                                             \
-    ctx.exception;                                                            \
-})
+#define RET_INVAL()                                                           \
+RET_EXCP(EXCP_PROGRAM, EXCP_INVAL | EXCP_INVAL_INVAL)
+
+#define RET_PRIVOPC()                                                         \
+RET_EXCP(EXCP_PROGRAM, EXCP_INVAL | EXCP_PRIV_OPC)
+
+#define RET_PRIVREG()                                                         \
+RET_EXCP(EXCP_PROGRAM, EXCP_INVAL | EXCP_PRIV_REG)
 #define GEN_HANDLER(name, opc1, opc2, opc3, inval, type)                      \
 static void gen_##name (DisasContext *ctx);                                   \
 GEN_OPCODE(name, opc1, opc2, opc3, inval, type);                              \
 static void gen_##name (DisasContext *ctx)
-/* Instruction types */
-enum {
-    PPC_INTEGER  = 0x0001, /* CPU has integer operations instructions        */
-    PPC_FLOAT    = 0x0002, /* CPU has floating point operations instructions */
-    PPC_FLOW     = 0x0004, /* CPU has flow control instructions              */
-    PPC_MEM      = 0x0008, /* CPU has virtual memory instructions            */
-    PPC_MISC     = 0x0010, /* CPU has spr/msr access instructions            */
-    PPC_EXTERN   = 0x0020, /* CPU has external control instructions          */
-    PPC_SEGMENT  = 0x0040, /* CPU has memory segment instructions            */
-};
-
 typedef struct opcode_t {
     unsigned char opc1, opc2, opc3;
-    uint32_t type;
     opc_handler_t handler;
 } opcode_t;
@@ -169,9 +181,6 @@ typedef struct opcode_t {
 extern FILE *logfile;
 extern int loglevel;
-/* XXX: shouldn't stay all alone here ! */
-static int reserve = 0;
-
 /***                           Instruction decoding                        ***/
 #define EXTRACT_HELPER(name, shift, nb)                                       \
 static inline uint32_t name (uint32_t opcode)                                 \
@@ -272,9 +281,9 @@ static opcode_t opc_##name = {                                                \
     .opc1 = op1,                                                              \
     .opc2 = op2,                                                              \
     .opc3 = op3,                                                              \
-    .type = _typ,                                                             \
     .handler = {                                                              \
         .inval   = invl,                                                      \
+        .type = _typ,                                                         \
         .handler = &gen_##name,                                               \
     },                                                                        \
 }
@@ -285,9 +294,9 @@ static opcode_t opc_##name = {                                                \
     .opc1 = 0xFF,                                                             \
     .opc2 = 0xFF,                                                             \
     .opc3 = 0xFF,                                                             \
-    .type = 0x00,                                                             \
     .handler = {                                                              \
         .inval   = 0x00000000,                                                \
+        .type = 0x00,                                                         \
         .handler = NULL,                                                      \
     },                                                                        \
 }
@@ -296,15 +305,36 @@ static opcode_t opc_##name = {                                                \
 GEN_OPCODE_MARK(start);
 /* Invalid instruction */
-GEN_HANDLER(invalid, 0x00, 0x00, 0x00, 0xFFFFFFFF, 0)
+GEN_HANDLER(invalid, 0x00, 0x00, 0x00, 0xFFFFFFFF, PPC_NONE)
+{
+    RET_INVAL();
+}
+
+/* Special opcode to stop emulation */
+GEN_HANDLER(stop, 0x06, 0x00, 0xFF, 0x03FFFFC1, PPC_COMMON)
 {
-    /* Branch to next instruction to force nip update */
-    gen_op_b((uint32_t)ctx->nip);
-    SET_RETVAL(EXCP_INVAL);
+    gen_op_queue_exception(EXCP_HLT);
+    ctx->exception = EXCP_HLT;
+}
+
+/* Special opcode to call open-firmware */
+GEN_HANDLER(of_enter, 0x06, 0x01, 0xFF, 0x03FFFFC1, PPC_COMMON)
+{
+    gen_op_queue_exception(EXCP_OFCALL);
+    ctx->exception = EXCP_OFCALL;
+}
+
+/* Special opcode to call RTAS */
+GEN_HANDLER(rtas_enter, 0x06, 0x02, 0xFF, 0x03FFFFC1, PPC_COMMON)
+{
+    printf("RTAS entry point !\n");
+    gen_op_queue_exception(EXCP_RTASCALL);
+    ctx->exception = EXCP_RTASCALL;
 }
 static opc_handler_t invalid_handler = {
     .inval   = 0xFFFFFFFF,
+    .type    = PPC_NONE,
     .handler = gen_invalid,
 };
@@ -318,7 +348,6 @@ GEN_HANDLER(name, opc1, opc2, opc3, inval, PPC_INTEGER)                       \
     if (Rc(ctx->opcode) != 0)                                                 \
         gen_op_set_Rc0();                                                     \
     gen_op_store_T0_gpr(rD(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
 #define __GEN_INT_ARITH2_O(name, opc1, opc2, opc3, inval)                     \
@@ -330,7 +359,6 @@ GEN_HANDLER(name, opc1, opc2, opc3, inval, PPC_INTEGER)                       \
     if (Rc(ctx->opcode) != 0)                                                 \
         gen_op_set_Rc0_ov();                                                  \
     gen_op_store_T0_gpr(rD(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
 #define __GEN_INT_ARITH1(name, opc1, opc2, opc3)                              \
@@ -341,7 +369,6 @@ GEN_HANDLER(name, opc1, opc2, opc3, 0x0000F800, PPC_INTEGER)                  \
     if (Rc(ctx->opcode) != 0)                                                 \
         gen_op_set_Rc0();                                                     \
     gen_op_store_T0_gpr(rD(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
 #define __GEN_INT_ARITH1_O(name, opc1, opc2, opc3)                            \
 GEN_HANDLER(name, opc1, opc2, opc3, 0x0000F800, PPC_INTEGER)                  \
@@ -351,7 +378,6 @@ GEN_HANDLER(name, opc1, opc2, opc3, 0x0000F800, PPC_INTEGER)                  \
     if (Rc(ctx->opcode) != 0)                                                 \
         gen_op_set_Rc0_ov();                                                  \
     gen_op_store_T0_gpr(rD(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
 /* Two operands arithmetic functions */
@@ -412,7 +438,6 @@ GEN_HANDLER(addi, 0x0E, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
         gen_op_addi(simm);
     }
     gen_op_store_T0_gpr(rD(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* addic */
 GEN_HANDLER(addic, 0x0C, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
@@ -420,7 +445,6 @@ GEN_HANDLER(addic, 0x0C, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
     gen_op_load_gpr_T0(rA(ctx->opcode));
     gen_op_addic(SIMM(ctx->opcode));
     gen_op_store_T0_gpr(rD(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* addic. */
 GEN_HANDLER(addic_, 0x0D, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
@@ -429,7 +453,6 @@ GEN_HANDLER(addic_, 0x0D, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
     gen_op_addic(SIMM(ctx->opcode));
     gen_op_set_Rc0();
     gen_op_store_T0_gpr(rD(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* addis */
 GEN_HANDLER(addis, 0x0F, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
@@ -443,7 +466,6 @@ GEN_HANDLER(addis, 0x0F, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
         gen_op_addi(simm << 16);
     }
     gen_op_store_T0_gpr(rD(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* mulli */
 GEN_HANDLER(mulli, 0x07, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
@@ -451,7 +473,6 @@ GEN_HANDLER(mulli, 0x07, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
     gen_op_load_gpr_T0(rA(ctx->opcode));
     gen_op_mulli(SIMM(ctx->opcode));
     gen_op_store_T0_gpr(rD(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* subfic */
 GEN_HANDLER(subfic, 0x08, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
@@ -459,7 +480,6 @@ GEN_HANDLER(subfic, 0x08, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
     gen_op_load_gpr_T0(rA(ctx->opcode));
     gen_op_subfic(SIMM(ctx->opcode));
     gen_op_store_T0_gpr(rD(ctx->opcode));
-    SET_RETVAL(0);
 }
 /***                           Integer comparison                          ***/
@@ -470,7 +490,6 @@ GEN_HANDLER(name, 0x1F, 0x00, opc, 0x00400000, PPC_INTEGER)                   \
     gen_op_load_gpr_T1(rB(ctx->opcode));                                      \
     gen_op_##name();                                                          \
     gen_op_store_T0_crf(crfD(ctx->opcode));                                   \
-    SET_RETVAL(0);                                                            \
 }
 /* cmp */
@@ -481,7 +500,6 @@ GEN_HANDLER(cmpi, 0x0B, 0xFF, 0xFF, 0x00400000, PPC_INTEGER)
     gen_op_load_gpr_T0(rA(ctx->opcode));
     gen_op_cmpi(SIMM(ctx->opcode));
     gen_op_store_T0_crf(crfD(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* cmpl */
 GEN_CMP(cmpl, 0x01);
@@ -491,7 +509,6 @@ GEN_HANDLER(cmpli, 0x0A, 0xFF, 0xFF, 0x00400000, PPC_INTEGER)
     gen_op_load_gpr_T0(rA(ctx->opcode));
     gen_op_cmpli(UIMM(ctx->opcode));
     gen_op_store_T0_crf(crfD(ctx->opcode));
-    SET_RETVAL(0);
 }
 /***                            Integer logical                            ***/
@@ -504,7 +521,6 @@ GEN_HANDLER(name, 0x1F, opc2, opc3, 0x00000000, PPC_INTEGER)                  \
     if (Rc(ctx->opcode) != 0)                                                 \
         gen_op_set_Rc0();                                                     \
     gen_op_store_T0_gpr(rA(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
 #define GEN_LOGICAL2(name, opc)                                               \
 __GEN_LOGICAL2(name, 0x1C, opc)
@@ -517,7 +533,6 @@ GEN_HANDLER(name, 0x1F, 0x1A, opc, 0x00000000, PPC_INTEGER)                   \
     if (Rc(ctx->opcode) != 0)                                                 \
         gen_op_set_Rc0();                                                     \
     gen_op_store_T0_gpr(rA(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
 /* and & and. */
@@ -531,7 +546,6 @@ GEN_HANDLER(andi_, 0x1C, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
     gen_op_andi_(UIMM(ctx->opcode));
     gen_op_set_Rc0();
     gen_op_store_T0_gpr(rA(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* andis. */
 GEN_HANDLER(andis_, 0x1D, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
@@ -540,7 +554,6 @@ GEN_HANDLER(andis_, 0x1D, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
     gen_op_andi_(UIMM(ctx->opcode) << 16);
     gen_op_set_Rc0();
     gen_op_store_T0_gpr(rA(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* cntlzw */
@@ -555,68 +568,94 @@ GEN_LOGICAL1(extsh, 0x1C);
 GEN_LOGICAL2(nand, 0x0E);
 /* nor & nor. */
 GEN_LOGICAL2(nor, 0x03);
+
 /* or & or. */
-GEN_LOGICAL2(or, 0x0D);
+GEN_HANDLER(or, 0x1F, 0x1C, 0x0D, 0x00000000, PPC_INTEGER)
+{
+    gen_op_load_gpr_T0(rS(ctx->opcode));
+    /* Optimisation for mr case */
+    if (rS(ctx->opcode) != rB(ctx->opcode)) {
+        gen_op_load_gpr_T1(rB(ctx->opcode));
+        gen_op_or();
+    }
+    if (Rc(ctx->opcode) != 0)
+        gen_op_set_Rc0();
+    gen_op_store_T0_gpr(rA(ctx->opcode));
+}
+
 /* orc & orc. */
 GEN_LOGICAL2(orc, 0x0C);
 /* xor & xor. */
-GEN_LOGICAL2(xor, 0x09);
+GEN_HANDLER(xor, 0x1F, 0x1C, 0x09, 0x00000000, PPC_INTEGER)
+{
+    gen_op_load_gpr_T0(rS(ctx->opcode));
+    /* Optimisation for "set to zero" case */
+    if (rS(ctx->opcode) != rB(ctx->opcode)) {
+        gen_op_load_gpr_T1(rB(ctx->opcode));
+        gen_op_xor();
+    } else {
+        gen_op_set_T0(0);
+    }
+    if (Rc(ctx->opcode) != 0)
+        gen_op_set_Rc0();
+    gen_op_store_T0_gpr(rA(ctx->opcode));
+}
 /* ori */
 GEN_HANDLER(ori, 0x18, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
 {
     uint32_t uimm = UIMM(ctx->opcode);
-#if 0
-    if (uimm == 0) {
-        if (rA(ctx->opcode) != rS(ctx->opcode)) {
-            gen_op_load_gpr_T0(rS(ctx->opcode));
-            gen_op_store_T0_gpr(rA(ctx->opcode));
+    if (rS(ctx->opcode) == rA(ctx->opcode) && uimm == 0) {
+        /* NOP */
+        return;
         }
-    } else
-#endif
-    {
         gen_op_load_gpr_T0(rS(ctx->opcode));
+    if (uimm != 0)
         gen_op_ori(uimm);
         gen_op_store_T0_gpr(rA(ctx->opcode));
-    }
-    SET_RETVAL(0);
 }
 /* oris */
 GEN_HANDLER(oris, 0x19, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
 {
     uint32_t uimm = UIMM(ctx->opcode);
-#if 0
-    if (uimm == 0) {
-        if (rA(ctx->opcode) != rS(ctx->opcode)) {
-            gen_op_load_gpr_T0(rS(ctx->opcode));
-            gen_op_store_T0_gpr(rA(ctx->opcode));
+    if (rS(ctx->opcode) == rA(ctx->opcode) && uimm == 0) {
+        /* NOP */
+        return;
         }
-    } else
-#endif
-    {
         gen_op_load_gpr_T0(rS(ctx->opcode));
+    if (uimm != 0)
         gen_op_ori(uimm << 16);
         gen_op_store_T0_gpr(rA(ctx->opcode));
-    }
-    SET_RETVAL(0);
 }
 /* xori */
 GEN_HANDLER(xori, 0x1A, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
 {
+    uint32_t uimm = UIMM(ctx->opcode);
+
+    if (rS(ctx->opcode) == rA(ctx->opcode) && uimm == 0) {
+        /* NOP */
+        return;
+    }
     gen_op_load_gpr_T0(rS(ctx->opcode));
+    if (uimm != 0)
     gen_op_xori(UIMM(ctx->opcode));
     gen_op_store_T0_gpr(rA(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* xoris */
 GEN_HANDLER(xoris, 0x1B, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
 {
+    uint32_t uimm = UIMM(ctx->opcode);
+
+    if (rS(ctx->opcode) == rA(ctx->opcode) && uimm == 0) {
+        /* NOP */
+        return;
+    }
     gen_op_load_gpr_T0(rS(ctx->opcode));
+    if (uimm != 0)
     gen_op_xori(UIMM(ctx->opcode) << 16);
     gen_op_store_T0_gpr(rA(ctx->opcode));
-    SET_RETVAL(0);
 }
 /***                             Integer rotate                            ***/
@@ -633,7 +672,6 @@ GEN_HANDLER(rlwimi, 0x14, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
     if (Rc(ctx->opcode) != 0)
         gen_op_set_Rc0();
     gen_op_store_T0_gpr(rA(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* rlwinm & rlwinm. */
 GEN_HANDLER(rlwinm, 0x15, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
@@ -644,10 +682,6 @@ GEN_HANDLER(rlwinm, 0x15, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
     mb = MB(ctx->opcode);
     me = ME(ctx->opcode);
     gen_op_load_gpr_T0(rS(ctx->opcode));
-    if (loglevel > 0) {
-        fprintf(logfile, "%s sh=%u mb=%u me=%u MASK=0x%08x\n",
-                __func__, sh, mb, me, MASK(mb, me));
-    }
     if (mb == 0) {
         if (me == 31) {
             gen_op_rotlwi(sh);
@@ -673,7 +707,6 @@ store:
     if (Rc(ctx->opcode) != 0)
         gen_op_set_Rc0();
     gen_op_store_T0_gpr(rA(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* rlwnm & rlwnm. */
 GEN_HANDLER(rlwnm, 0x17, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
@@ -693,7 +726,6 @@ GEN_HANDLER(rlwnm, 0x17, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
     if (Rc(ctx->opcode) != 0)
         gen_op_set_Rc0();
     gen_op_store_T0_gpr(rA(ctx->opcode));
-    SET_RETVAL(0);
 }
 /***                             Integer shift                             ***/
@@ -709,172 +741,169 @@ GEN_HANDLER(srawi, 0x1F, 0x18, 0x19, 0x00000000, PPC_INTEGER)
     if (Rc(ctx->opcode) != 0)
         gen_op_set_Rc0();
     gen_op_store_T0_gpr(rA(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* srw & srw. */
 __GEN_LOGICAL2(srw, 0x18, 0x10);
 /***                       Floating-Point arithmetic                       ***/
-/* fadd */
-GEN_HANDLER(fadd, 0x3F, 0x15, 0xFF, 0x000007C0, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
+#define _GEN_FLOAT_ACB(name, op1, op2)                                        \
+GEN_HANDLER(f##name, op1, op2, 0xFF, 0x00000000, PPC_FLOAT)                   \
+{                                                                             \
+    gen_op_reset_scrfx();                                                     \
+    gen_op_load_fpr_FT0(rA(ctx->opcode));                                     \
+    gen_op_load_fpr_FT1(rC(ctx->opcode));                                     \
+    gen_op_load_fpr_FT2(rB(ctx->opcode));                                     \
+    gen_op_f##name();                                                         \
+    gen_op_store_FT0_fpr(rD(ctx->opcode));                                    \
+    if (Rc(ctx->opcode))                                                      \
+        gen_op_set_Rc1();                                                     \
+}
+
+#define GEN_FLOAT_ACB(name, op2)                                              \
+_GEN_FLOAT_ACB(name, 0x3F, op2);                                              \
+_GEN_FLOAT_ACB(name##s, 0x3B, op2);
+
+#define _GEN_FLOAT_AB(name, op1, op2, inval)                                  \
+GEN_HANDLER(f##name, op1, op2, 0xFF, inval, PPC_FLOAT)                        \
+{                                                                             \
+    gen_op_reset_scrfx();                                                     \
+    gen_op_load_fpr_FT0(rA(ctx->opcode));                                     \
+    gen_op_load_fpr_FT1(rB(ctx->opcode));                                     \
+    gen_op_f##name();                                                         \
+    gen_op_store_FT0_fpr(rD(ctx->opcode));                                    \
+    if (Rc(ctx->opcode))                                                      \
+        gen_op_set_Rc1();                                                     \
+}
+#define GEN_FLOAT_AB(name, op2, inval)                                        \
+_GEN_FLOAT_AB(name, 0x3F, op2, inval);                                        \
+_GEN_FLOAT_AB(name##s, 0x3B, op2, inval);
+
+#define _GEN_FLOAT_AC(name, op1, op2, inval)                                  \
+GEN_HANDLER(f##name, op1, op2, 0xFF, inval, PPC_FLOAT)                        \
+{                                                                             \
+    gen_op_reset_scrfx();                                                     \
+    gen_op_load_fpr_FT0(rA(ctx->opcode));                                     \
+    gen_op_load_fpr_FT1(rC(ctx->opcode));                                     \
+    gen_op_f##name();                                                         \
+    gen_op_store_FT0_fpr(rD(ctx->opcode));                                    \
+    if (Rc(ctx->opcode))                                                      \
+        gen_op_set_Rc1();                                                     \
+}
+#define GEN_FLOAT_AC(name, op2, inval)                                        \
+_GEN_FLOAT_AC(name, 0x3F, op2, inval);                                        \
+_GEN_FLOAT_AC(name##s, 0x3B, op2, inval);
+
+#define GEN_FLOAT_B(name, op2, op3)                                           \
+GEN_HANDLER(f##name, 0x3F, op2, op3, 0x001F0000, PPC_FLOAT)                   \
+{                                                                             \
+    gen_op_reset_scrfx();                                                     \
+    gen_op_load_fpr_FT0(rB(ctx->opcode));                                     \
+    gen_op_f##name();                                                         \
+    gen_op_store_FT0_fpr(rD(ctx->opcode));                                    \
+    if (Rc(ctx->opcode))                                                      \
+        gen_op_set_Rc1();                                                     \
 }
-/* fadds */
-GEN_HANDLER(fadds, 0x3B, 0x15, 0xFF, 0x000007C0, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
+#define GEN_FLOAT_BS(name, op2)                                               \
+GEN_HANDLER(f##name, 0x3F, op2, 0xFF, 0x001F07C0, PPC_FLOAT)                  \
+{                                                                             \
+    gen_op_reset_scrfx();                                                     \
+    gen_op_load_fpr_FT0(rB(ctx->opcode));                                     \
+    gen_op_f##name();                                                         \
+    gen_op_store_FT0_fpr(rD(ctx->opcode));                                    \
+    if (Rc(ctx->opcode))                                                      \
+        gen_op_set_Rc1();                                                     \
 }
+/* fadd - fadds */
+GEN_FLOAT_AB(add, 0x15, 0x000007C0);
 /* fdiv */
-GEN_HANDLER(fdiv, 0x3F, 0x12, 0xFF, 0x000007C0, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
-/* fdivs */
-GEN_HANDLER(fdivs, 0x3B, 0x12, 0xFF, 0x000007C0, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
+GEN_FLOAT_AB(div, 0x12, 0x000007C0);
 /* fmul */
-GEN_HANDLER(fmul, 0x3F, 0x19, 0xFF, 0x0000F800, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
-/* fmuls */
-GEN_HANDLER(fmuls, 0x3B, 0x19, 0xFF, 0x0000F800, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
+GEN_FLOAT_AC(mul, 0x19, 0x0000F800);
 /* fres */
-GEN_HANDLER(fres, 0x3B, 0x18, 0xFF, 0x001807C0, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
+GEN_FLOAT_BS(res, 0x18);
 /* frsqrte */
-GEN_HANDLER(frsqrte, 0x3F, 0x1A, 0xFF, 0x001807C0, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
+GEN_FLOAT_BS(rsqrte, 0x1A);
 /* fsel */
-GEN_HANDLER(fsel, 0x3F, 0x17, 0xFF, 0x00000000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
+_GEN_FLOAT_ACB(sel, 0x3F, 0x17);
 /* fsub */
-GEN_HANDLER(fsub, 0x3F, 0x14, 0xFF, 0x000007C0, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
-/* fsubs */
-GEN_HANDLER(fsubs, 0x3B, 0x14, 0xFF, 0x000007C0, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
+GEN_FLOAT_AB(sub, 0x14, 0x000007C0);
 /* Optional: */
 /* fsqrt */
-GEN_HANDLER(fsqrt, 0x3F, 0x16, 0xFF, 0x001807C0, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
+GEN_FLOAT_BS(sqrt, 0x16);
-/* fsqrts */
-GEN_HANDLER(fsqrts, 0x3B, 0x16, 0xFF, 0x001807C0, PPC_FLOAT)
+GEN_HANDLER(fsqrts, 0x3B, 0x16, 0xFF, 0x001F07C0, PPC_FLOAT_OPT)
 {
-    SET_RETVAL(EXCP_INVAL);
+    gen_op_reset_scrfx();
+    gen_op_load_fpr_FT0(rB(ctx->opcode));
+    gen_op_fsqrts();
+    gen_op_store_FT0_fpr(rD(ctx->opcode));
+    if (Rc(ctx->opcode))
+        gen_op_set_Rc1();
 }
 /***                     Floating-Point multiply-and-add                   ***/
 /* fmadd */
-GEN_HANDLER(fmadd, 0x3F, 0x1D, 0xFF, 0x00000000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
-/* fmadds */
-GEN_HANDLER(fmadds, 0x3B, 0x1D, 0xFF, 0x00000000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
+GEN_FLOAT_ACB(madd, 0x1D);
 /* fmsub */
-GEN_HANDLER(fmsub, 0x3F, 0x1C, 0xFF, 0x00000000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
-/* fmsubs */
-GEN_HANDLER(fmsubs, 0x3B, 0x1C, 0xFF, 0x00000000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
+GEN_FLOAT_ACB(msub, 0x1C);
 /* fnmadd */
-GEN_HANDLER(fnmadd, 0x3F, 0x1F, 0xFF, 0x00000000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
-/* fnmadds */
-GEN_HANDLER(fnmadds, 0x3B, 0x1F, 0xFF, 0x00000000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
+GEN_FLOAT_ACB(nmadd, 0x1F);
 /* fnmsub */
-GEN_HANDLER(fnmsub, 0x3F, 0x1E, 0xFF, 0x00000000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
-/* fnmsubs */
-GEN_HANDLER(fnmsubs, 0x3B, 0x1E, 0xFF, 0x00000000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
+GEN_FLOAT_ACB(nmsub, 0x1E);
 /***                     Floating-Point round & convert                    ***/
 /* fctiw */
-GEN_HANDLER(fctiw, 0x3F, 0x0E, 0xFF, 0x001F0000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
+GEN_FLOAT_B(ctiw, 0x0E, 0x00);
 /* fctiwz */
-GEN_HANDLER(fctiwz, 0x3F, 0x0F, 0xFF, 0x001F0000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
+GEN_FLOAT_B(ctiwz, 0x0F, 0x00);
 /* frsp */
-GEN_HANDLER(frsp, 0x3F, 0x0C, 0xFF, 0x001F0000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
+GEN_FLOAT_B(rsp, 0x0C, 0x00);
 /***                         Floating-Point compare                        ***/
 /* fcmpo */
 GEN_HANDLER(fcmpo, 0x3F, 0x00, 0x00, 0x00600001, PPC_FLOAT)
 {
-    SET_RETVAL(EXCP_INVAL);
+    gen_op_reset_scrfx();
+    gen_op_load_fpr_FT0(rA(ctx->opcode));
+    gen_op_load_fpr_FT1(rB(ctx->opcode));
+    gen_op_fcmpo();
+    gen_op_store_T0_crf(crfD(ctx->opcode));
 }
 /* fcmpu */
 GEN_HANDLER(fcmpu, 0x3F, 0x00, 0x01, 0x00600001, PPC_FLOAT)
 {
-    SET_RETVAL(EXCP_INVAL);
+    gen_op_reset_scrfx();
+    gen_op_load_fpr_FT0(rA(ctx->opcode));
+    gen_op_load_fpr_FT1(rB(ctx->opcode));
+    gen_op_fcmpu();
+    gen_op_store_T0_crf(crfD(ctx->opcode));
 }
+/***                         Floating-point move                           ***/
+/* fabs */
+GEN_FLOAT_B(abs, 0x08, 0x08);
+
+/* fmr  - fmr. */
+GEN_HANDLER(fmr, 0x3F, 0x08, 0x02, 0x001F0000, PPC_FLOAT)
+{
+    gen_op_reset_scrfx();
+    gen_op_load_fpr_FT0(rB(ctx->opcode));
+    gen_op_store_FT0_fpr(rD(ctx->opcode));
+    if (Rc(ctx->opcode))
+        gen_op_set_Rc1();
+}
+
+/* fnabs */
+GEN_FLOAT_B(nabs, 0x08, 0x04);
+/* fneg */
+GEN_FLOAT_B(neg, 0x08, 0x01);
+
 /***                  Floating-Point status & ctrl register                ***/
 /* mcrfs */
 GEN_HANDLER(mcrfs, 0x3F, 0x00, 0x02, 0x0063F801, PPC_FLOAT)
@@ -882,7 +911,6 @@ GEN_HANDLER(mcrfs, 0x3F, 0x00, 0x02, 0x0063F801, PPC_FLOAT)
     gen_op_load_fpscr_T0(crfS(ctx->opcode));
     gen_op_store_T0_crf(crfD(ctx->opcode));
     gen_op_clear_fpscr(crfS(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* mffs */
@@ -892,7 +920,6 @@ GEN_HANDLER(mffs, 0x3F, 0x07, 0x12, 0x001FF800, PPC_FLOAT)
     gen_op_store_FT0_fpr(rD(ctx->opcode));
     if (Rc(ctx->opcode))
         gen_op_set_Rc1();
-    SET_RETVAL(0);
 }
 /* mtfsb0 */
@@ -906,7 +933,6 @@ GEN_HANDLER(mtfsb0, 0x3F, 0x06, 0x02, 0x001FF800, PPC_FLOAT)
     gen_op_store_T0_fpscr(crb);
     if (Rc(ctx->opcode))
         gen_op_set_Rc1();
-    SET_RETVAL(0);
 }
 /* mtfsb1 */
@@ -920,7 +946,6 @@ GEN_HANDLER(mtfsb1, 0x3F, 0x06, 0x01, 0x001FF800, PPC_FLOAT)
     gen_op_store_T0_fpscr(crb);
     if (Rc(ctx->opcode))
         gen_op_set_Rc1();
-    SET_RETVAL(0);
 }
 /* mtfsf */
@@ -930,7 +955,6 @@ GEN_HANDLER(mtfsf, 0x3F, 0x07, 0x16, 0x02010000, PPC_FLOAT)
     gen_op_store_fpscr(FM(ctx->opcode));
     if (Rc(ctx->opcode))
         gen_op_set_Rc1();
-    SET_RETVAL(0);
 }
 /* mtfsfi */
@@ -939,505 +963,541 @@ GEN_HANDLER(mtfsfi, 0x3F, 0x06, 0x04, 0x006f0800, PPC_FLOAT)
     gen_op_store_T0_fpscri(crbD(ctx->opcode) >> 2, FPIMM(ctx->opcode));
     if (Rc(ctx->opcode))
         gen_op_set_Rc1();
-    SET_RETVAL(0);
 }
 /***                             Integer load                              ***/
-#define GEN_ILDZ(width, opc)                                                  \
+#if defined(CONFIG_USER_ONLY)
+#define op_ldst(name)        gen_op_##name##_raw()
+#define OP_LD_TABLE(width)
+#define OP_ST_TABLE(width)
+#else
+#define op_ldst(name)        (*gen_op_##name[ctx->mem_idx])()
+#define OP_LD_TABLE(width)                                                    \
+static GenOpFunc *gen_op_l##width[] = {                                       \
+    &gen_op_l##width##_user,                                                  \
+    &gen_op_l##width##_kernel,                                                \
+}
+#define OP_ST_TABLE(width)                                                    \
+static GenOpFunc *gen_op_st##width[] = {                                      \
+    &gen_op_st##width##_user,                                                 \
+    &gen_op_st##width##_kernel,                                               \
+}
+#endif
+
+#define GEN_LD(width, opc)                                                    \
 GEN_HANDLER(l##width, opc, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)               \
 {                                                                             \
     uint32_t simm = SIMM(ctx->opcode);                                        \
     if (rA(ctx->opcode) == 0) {                                               \
-        gen_op_l##width##_z(simm);                                            \
+        gen_op_set_T0(simm);                                                  \
     } else {                                                                  \
         gen_op_load_gpr_T0(rA(ctx->opcode));                                  \
-        gen_op_l##width (simm);                                               \
+        if (simm != 0)                                                        \
+            gen_op_addi(simm);                                                \
     }                                                                         \
+    op_ldst(l##width);                                                        \
     gen_op_store_T1_gpr(rD(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
-#define GEN_ILDZU(width, opc)                                                 \
+#define GEN_LDU(width, opc)                                                   \
 GEN_HANDLER(l##width##u, opc, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)            \
 {                                                                             \
+    uint32_t simm = SIMM(ctx->opcode);                                        \
     if (rA(ctx->opcode) == 0 ||                                               \
-        rA(ctx->opcode) == rD(ctx->opcode))                                   \
-        SET_RETVAL(EXCP_INVAL);                                               \
+        rA(ctx->opcode) == rD(ctx->opcode)) {                                 \
+        RET_INVAL();                                                          \
+    }                                                                         \
     gen_op_load_gpr_T0(rA(ctx->opcode));                                      \
-    gen_op_l##width(SIMM(ctx->opcode));                                       \
+    if (simm != 0)                                                            \
+        gen_op_addi(simm);                                                    \
+    op_ldst(l##width);                                                        \
     gen_op_store_T1_gpr(rD(ctx->opcode));                                     \
     gen_op_store_T0_gpr(rA(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
-#define GEN_ILDZUX(width, opc)                                                \
+#define GEN_LDUX(width, opc)                                                  \
 GEN_HANDLER(l##width##ux, 0x1F, 0x17, opc, 0x00000001, PPC_INTEGER)           \
 {                                                                             \
     if (rA(ctx->opcode) == 0 ||                                               \
-        rA(ctx->opcode) == rD(ctx->opcode))                                   \
-        SET_RETVAL(EXCP_INVAL);                                               \
+        rA(ctx->opcode) == rD(ctx->opcode)) {                                 \
+        RET_INVAL();                                                          \
+    }                                                                         \
     gen_op_load_gpr_T0(rA(ctx->opcode));                                      \
     gen_op_load_gpr_T1(rB(ctx->opcode));                                      \
-    gen_op_l##width##x();                                                     \
+    gen_op_add();                                                             \
+    op_ldst(l##width);                                                        \
     gen_op_store_T1_gpr(rD(ctx->opcode));                                     \
     gen_op_store_T0_gpr(rA(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
-#define GEN_ILDZX(width, opc2, opc3)                                          \
+#define GEN_LDX(width, opc2, opc3)                                            \
 GEN_HANDLER(l##width##x, 0x1F, opc2, opc3, 0x00000001, PPC_INTEGER)           \
 {                                                                             \
     if (rA(ctx->opcode) == 0) {                                               \
         gen_op_load_gpr_T0(rB(ctx->opcode));                                  \
-        gen_op_l##width##x_z();                                               \
     } else {                                                                  \
         gen_op_load_gpr_T0(rA(ctx->opcode));                                  \
         gen_op_load_gpr_T1(rB(ctx->opcode));                                  \
-        gen_op_l##width##x();                                                 \
+        gen_op_add();                                                         \
     }                                                                         \
+    op_ldst(l##width);                                                        \
     gen_op_store_T1_gpr(rD(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
-#define GEN_ILD(width, op)                                                    \
-GEN_ILDZ(width, op | 0x20)                                                    \
-GEN_ILDZU(width, op | 0x21)                                                   \
-GEN_ILDZUX(width, op | 0x01)                                                  \
-GEN_ILDZX(width, 0x17, op | 0x00)
+#define GEN_LDS(width, op)                                                    \
+OP_LD_TABLE(width);                                                           \
+GEN_LD(width, op | 0x20);                                                     \
+GEN_LDU(width, op | 0x21);                                                    \
+GEN_LDUX(width, op | 0x01);                                                   \
+GEN_LDX(width, 0x17, op | 0x00)
 /* lbz lbzu lbzux lbzx */
-GEN_ILD(bz, 0x02);
+GEN_LDS(bz, 0x02);
 /* lha lhau lhaux lhax */
-GEN_ILD(ha, 0x0A);
+GEN_LDS(ha, 0x0A);
 /* lhz lhzu lhzux lhzx */
-GEN_ILD(hz, 0x08);
+GEN_LDS(hz, 0x08);
 /* lwz lwzu lwzux lwzx */
-GEN_ILD(wz, 0x00);
+GEN_LDS(wz, 0x00);
 /***                              Integer store                            ***/
-#define GEN_IST(width, opc)                                                   \
+#define GEN_ST(width, opc)                                                    \
 GEN_HANDLER(st##width, opc, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)              \
 {                                                                             \
     uint32_t simm = SIMM(ctx->opcode);                                        \
     if (rA(ctx->opcode) == 0) {                                               \
-        gen_op_load_gpr_T0(rS(ctx->opcode));                                  \
-        gen_op_st##width##_z(simm);                                           \
+        gen_op_set_T0(simm);                                                  \
     } else {                                                                  \
         gen_op_load_gpr_T0(rA(ctx->opcode));                                  \
-        gen_op_load_gpr_T1(rS(ctx->opcode));                                  \
-        gen_op_st##width(simm);                                               \
+        if (simm != 0)                                                        \
+            gen_op_addi(simm);                                                \
     }                                                                         \
-    SET_RETVAL(0);                                                            \
+    gen_op_load_gpr_T1(rS(ctx->opcode));                                      \
+    op_ldst(st##width);                                                       \
 }
-#define GEN_ISTU(width, opc)                                                  \
+#define GEN_STU(width, opc)                                                   \
 GEN_HANDLER(st##width##u, opc, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)           \
 {                                                                             \
-    if (rA(ctx->opcode) == 0)                                                 \
-        SET_RETVAL(EXCP_INVAL);                                               \
+    uint32_t simm = SIMM(ctx->opcode);                                        \
+    if (rA(ctx->opcode) == 0) {                                               \
+        RET_INVAL();                                                          \
+    }                                                                         \
     gen_op_load_gpr_T0(rA(ctx->opcode));                                      \
+    if (simm != 0)                                                            \
+        gen_op_addi(simm);                                                    \
     gen_op_load_gpr_T1(rS(ctx->opcode));                                      \
-    gen_op_st##width(SIMM(ctx->opcode));                                      \
+    op_ldst(st##width);                                                       \
     gen_op_store_T0_gpr(rA(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
-#define GEN_ISTUX(width, opc)                                                 \
+#define GEN_STUX(width, opc)                                                  \
 GEN_HANDLER(st##width##ux, 0x1F, 0x17, opc, 0x00000001, PPC_INTEGER)          \
 {                                                                             \
-    if (rA(ctx->opcode) == 0)                                                 \
-        SET_RETVAL(EXCP_INVAL);                                               \
+    if (rA(ctx->opcode) == 0) {                                               \
+        RET_INVAL();                                                          \
+    }                                                                         \
     gen_op_load_gpr_T0(rA(ctx->opcode));                                      \
     gen_op_load_gpr_T1(rB(ctx->opcode));                                      \
-    gen_op_load_gpr_T2(rS(ctx->opcode));                                      \
-    gen_op_st##width##x();                                                    \
+    gen_op_add();                                                             \
+    gen_op_load_gpr_T1(rS(ctx->opcode));                                      \
+    op_ldst(st##width);                                                       \
     gen_op_store_T0_gpr(rA(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
-#define GEN_ISTX(width, opc2, opc3)                                           \
+#define GEN_STX(width, opc2, opc3)                                            \
 GEN_HANDLER(st##width##x, 0x1F, opc2, opc3, 0x00000001, PPC_INTEGER)          \
 {                                                                             \
     if (rA(ctx->opcode) == 0) {                                               \
         gen_op_load_gpr_T0(rB(ctx->opcode));                                  \
-        gen_op_load_gpr_T1(rS(ctx->opcode));                                  \
-        gen_op_st##width##x_z();                                              \
     } else {                                                                  \
         gen_op_load_gpr_T0(rA(ctx->opcode));                                  \
         gen_op_load_gpr_T1(rB(ctx->opcode));                                  \
-        gen_op_load_gpr_T2(rS(ctx->opcode));                                  \
-        gen_op_st##width##x();                                                \
+        gen_op_add();                                                         \
     }                                                                         \
-    SET_RETVAL(0);                                                            \
+    gen_op_load_gpr_T1(rS(ctx->opcode));                                      \
+    op_ldst(st##width);                                                       \
 }
-#define GEN_ISTO(width, opc)                                                  \
-GEN_IST(width, opc | 0x20)                                                    \
-GEN_ISTU(width, opc | 0x21)                                                   \
-GEN_ISTUX(width, opc | 0x01)                                                  \
-GEN_ISTX(width, 0x17, opc | 0x00)
+#define GEN_STS(width, op)                                                    \
+OP_ST_TABLE(width);                                                           \
+GEN_ST(width, op | 0x20);                                                     \
+GEN_STU(width, op | 0x21);                                                    \
+GEN_STUX(width, op | 0x01);                                                   \
+GEN_STX(width, 0x17, op | 0x00)
 /* stb stbu stbux stbx */
-GEN_ISTO(b, 0x06);
+GEN_STS(b, 0x06);
 /* sth sthu sthux sthx */
-GEN_ISTO(h, 0x0C);
+GEN_STS(h, 0x0C);
 /* stw stwu stwux stwx */
-GEN_ISTO(w, 0x04);
+GEN_STS(w, 0x04);
 /***                Integer load and store with byte reverse               ***/
 /* lhbrx */
-GEN_ILDZX(hbr, 0x16, 0x18);
+OP_LD_TABLE(hbr);
+GEN_LDX(hbr, 0x16, 0x18);
 /* lwbrx */
-GEN_ILDZX(wbr, 0x16, 0x10);
+OP_LD_TABLE(wbr);
+GEN_LDX(wbr, 0x16, 0x10);
 /* sthbrx */
-GEN_ISTX(hbr, 0x16, 0x1C);
+OP_ST_TABLE(hbr);
+GEN_STX(hbr, 0x16, 0x1C);
 /* stwbrx */
-GEN_ISTX(wbr, 0x16, 0x14);
+OP_ST_TABLE(wbr);
+GEN_STX(wbr, 0x16, 0x14);
 /***                    Integer load and store multiple                    ***/
+#if defined(CONFIG_USER_ONLY)
+#define op_ldstm(name, reg) gen_op_##name##_raw(reg)
+#else
+#define op_ldstm(name, reg) (*gen_op_##name[ctx->mem_idx])(reg)
+static GenOpFunc1 *gen_op_lmw[] = {
+    &gen_op_lmw_user,
+    &gen_op_lmw_kernel,
+};
+static GenOpFunc1 *gen_op_stmw[] = {
+    &gen_op_stmw_user,
+    &gen_op_stmw_kernel,
+};
+#endif
+
 /* lmw */
 GEN_HANDLER(lmw, 0x2E, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
 {
+    int simm = SIMM(ctx->opcode);
+
     if (rA(ctx->opcode) == 0) {
-        gen_op_set_T0(0);
+        gen_op_set_T0(simm);
     } else {
         gen_op_load_gpr_T0(rA(ctx->opcode));
+        if (simm != 0)
+            gen_op_addi(simm);
     }
-    gen_op_lmw(rD(ctx->opcode), SIMM(ctx->opcode));
-    SET_RETVAL(0);
+    op_ldstm(lmw, rD(ctx->opcode));
 }
 /* stmw */
 GEN_HANDLER(stmw, 0x2F, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)
 {
+    int simm = SIMM(ctx->opcode);
+
     if (rA(ctx->opcode) == 0) {
-        gen_op_set_T0(0);
+        gen_op_set_T0(simm);
     } else {
         gen_op_load_gpr_T0(rA(ctx->opcode));
+        if (simm != 0)
+            gen_op_addi(simm);
     }
-    gen_op_stmw(rS(ctx->opcode), SIMM(ctx->opcode));
-    SET_RETVAL(0);
+    op_ldstm(stmw, rS(ctx->opcode));
 }
 /***                    Integer load and store strings                     ***/
+#if defined(CONFIG_USER_ONLY)
+#define op_ldsts(name, start) gen_op_##name##_raw(start)
+#define op_ldstsx(name, rd, ra, rb) gen_op_##name##_raw(rd, ra, rb)
+#else
+#define op_ldsts(name, start) (*gen_op_##name[ctx->mem_idx])(start)
+#define op_ldstsx(name, rd, ra, rb) (*gen_op_##name[ctx->mem_idx])(rd, ra, rb)
+static GenOpFunc1 *gen_op_lswi[] = {
+    &gen_op_lswi_user,
+    &gen_op_lswi_kernel,
+};
+static GenOpFunc3 *gen_op_lswx[] = {
+    &gen_op_lswx_user,
+    &gen_op_lswx_kernel,
+};
+static GenOpFunc1 *gen_op_stsw[] = {
+    &gen_op_stsw_user,
+    &gen_op_stsw_kernel,
+};
+#endif
+
 /* lswi */
+/* PPC32 specification says we must generate an exception if
+ * rA is in the range of registers to be loaded.
+ * In an other hand, IBM says this is valid, but rA won't be loaded.
+ * For now, I'll follow the spec...
+ */
 GEN_HANDLER(lswi, 0x1F, 0x15, 0x12, 0x00000001, PPC_INTEGER)
 {
     int nb = NB(ctx->opcode);
     int start = rD(ctx->opcode);
+    int ra = rA(ctx->opcode);
     int nr;
     if (nb == 0)
         nb = 32;
     nr = nb / 4;
-    if ((start + nr) > 32) {
-        /* handle wrap around r0 */
-        if (rA(ctx->opcode) == 0) {
-            gen_op_set_T0(0);
-        } else {
-            gen_op_load_gpr_T0(rA(ctx->opcode));
+    if (((start + nr) > 32  && start <= ra && (start + nr - 32) >= ra) ||
+        ((start + nr) <= 32 && start <= ra && (start + nr) >= ra)) {
+        RET_EXCP(EXCP_PROGRAM, EXCP_INVAL | EXCP_INVAL_LSWX);
         }
-        gen_op_lswi(start, 4 * (32 - start));
-        nb -= 4 * (32 - start);
-        start = 0;
-    }
-    if (rA(ctx->opcode) == 0) {
+    if (ra == 0) {
         gen_op_set_T0(0);
     } else {
-        gen_op_load_gpr_T0(rA(ctx->opcode));
+        gen_op_load_gpr_T0(ra);
     }
-    gen_op_lswi(start, nb);
-    SET_RETVAL(0);
+    gen_op_set_T1(nb);
+    op_ldsts(lswi, start);
 }
 /* lswx */
 GEN_HANDLER(lswx, 0x1F, 0x15, 0x10, 0x00000001, PPC_INTEGER)
 {
-    gen_op_load_xer_bc();
-    gen_op_load_gpr_T1(rB(ctx->opcode));
-    if (rA(ctx->opcode) == 0) {
-        gen_op_set_T2(0);
+    int ra = rA(ctx->opcode);
+    int rb = rB(ctx->opcode);
+
+    if (ra == 0) {
+        gen_op_load_gpr_T0(rb);
+        ra = rb;
     } else {
-        gen_op_load_gpr_T2(rA(ctx->opcode));
+        gen_op_load_gpr_T0(ra);
+        gen_op_load_gpr_T1(rb);
+        gen_op_add();
     }
-    gen_op_lswx(rD(ctx->opcode));
-    SET_RETVAL(0);
+    gen_op_load_xer_bc();
+    op_ldstsx(lswx, rD(ctx->opcode), ra, rb);
 }
 /* stswi */
 GEN_HANDLER(stswi, 0x1F, 0x15, 0x16, 0x00000001, PPC_INTEGER)
 {
-    int nb = NB(ctx->opcode);
-    int start = rS(ctx->opcode);
-    int nr;
-
-    if (nb == 0)
-        nb = 32;
-    nr = nb / 4;
-    if ((start + nr) > 32) {
-        /* handle wrap around r0 */
-        if (rA(ctx->opcode) == 0) {
-            gen_op_set_T0(0);
-        } else {
-            gen_op_load_gpr_T0(rA(ctx->opcode));
-        }
-        gen_op_stswi(start, 4 * (32 - start));
-        nb -= 4 * (32 - start);
-        start = 0;
-    }
     if (rA(ctx->opcode) == 0) {
         gen_op_set_T0(0);
     } else {
         gen_op_load_gpr_T0(rA(ctx->opcode));
     }
-    gen_op_stswi(start, nb);
-    SET_RETVAL(0);
+    gen_op_set_T1(NB(ctx->opcode));
+    op_ldsts(stsw, rS(ctx->opcode));
 }
 /* stswx */
 GEN_HANDLER(stswx, 0x1F, 0x15, 0x14, 0x00000001, PPC_INTEGER)
 {
-    gen_op_load_xer_bc();
-    gen_op_load_gpr_T1(rB(ctx->opcode));
-    if (rA(ctx->opcode) == 0) {
-        gen_op_set_T2(0);
+    int ra = rA(ctx->opcode);
+
+    if (ra == 0) {
+        gen_op_load_gpr_T0(rB(ctx->opcode));
+        ra = rB(ctx->opcode);
     } else {
-        gen_op_load_gpr_T2(rA(ctx->opcode));
+        gen_op_load_gpr_T0(ra);
+        gen_op_load_gpr_T1(rB(ctx->opcode));
+        gen_op_add();
     }
-    gen_op_stswx(rS(ctx->opcode));
-    SET_RETVAL(0);
+    gen_op_load_xer_bc();
+    op_ldsts(stsw, rS(ctx->opcode));
 }
 /***                        Memory synchronisation                         ***/
 /* eieio */
 GEN_HANDLER(eieio, 0x1F, 0x16, 0x1A, 0x03FF0801, PPC_MEM)
 {
-    /* Do a branch to next instruction */
-    gen_op_b((uint32_t)ctx->nip);
-    SET_RETVAL(EXCP_BRANCH);
 }
 /* isync */
 GEN_HANDLER(isync, 0x13, 0x16, 0xFF, 0x03FF0801, PPC_MEM)
 {
-    /* Do a branch to next instruction */
-    gen_op_b((uint32_t)ctx->nip);
-    SET_RETVAL(EXCP_BRANCH);
 }
 /* lwarx */
-GEN_HANDLER(lwarx, 0x1F, 0x14, 0xFF, 0x00000001, PPC_MEM)
+#if defined(CONFIG_USER_ONLY)
+#define op_stwcx() gen_op_stwcx_raw()
+#else
+#define op_stwcx() (*gen_op_stwcx[ctx->mem_idx])()
+static GenOpFunc *gen_op_stwcx[] = {
+    &gen_op_stwcx_user,
+    &gen_op_stwcx_kernel,
+};
+#endif
+
+GEN_HANDLER(lwarx, 0x1F, 0x14, 0xFF, 0x00000001, PPC_RES)
 {
-    reserve = 1;
     if (rA(ctx->opcode) == 0) {
         gen_op_load_gpr_T0(rB(ctx->opcode));
-        gen_op_lwarx_z();
     } else {
         gen_op_load_gpr_T0(rA(ctx->opcode));
         gen_op_load_gpr_T1(rB(ctx->opcode));
-        gen_op_lwarx();
+        gen_op_add();
     }
+    op_ldst(lwz);
     gen_op_store_T1_gpr(rD(ctx->opcode));
-    SET_RETVAL(0);
+    gen_op_set_reservation();
 }
 /* stwcx. */
-GEN_HANDLER(stwcx_, 0x1F, 0x16, 0x04, 0x00000000, PPC_MEM)
+GEN_HANDLER(stwcx_, 0x1F, 0x16, 0x04, 0x00000000, PPC_RES)
 {
-    if (reserve == 0) {
-        gen_op_reset_Rc0();
-    } else {
         if (rA(ctx->opcode) == 0) {
             gen_op_load_gpr_T0(rB(ctx->opcode));
-            gen_op_load_gpr_T1(rS(ctx->opcode));
-            gen_op_stwx_z();
         } else {
             gen_op_load_gpr_T0(rA(ctx->opcode));
             gen_op_load_gpr_T1(rB(ctx->opcode));
-            gen_op_load_gpr_T2(rS(ctx->opcode));
-            gen_op_stwx();
+        gen_op_add();
         }
-    }
-    SET_RETVAL(0);
+    gen_op_load_gpr_T1(rS(ctx->opcode));
+    op_stwcx();
 }
 /* sync */
 GEN_HANDLER(sync, 0x1F, 0x16, 0x12, 0x03FF0801, PPC_MEM)
 {
-    /* Do a branch to next instruction */
-    gen_op_b((uint32_t)ctx->nip);
-    SET_RETVAL(EXCP_BRANCH);
 }
 /***                         Floating-point load                           ***/
-#define GEN_LF(width, opc)                                                    \
-GEN_HANDLER(lf##width, opc, 0xFF, 0xFF, 0x00000000, PPC_FLOAT)                \
+#define GEN_LDF(width, opc)                                                   \
+GEN_HANDLER(l##width, opc, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)               \
 {                                                                             \
     uint32_t simm = SIMM(ctx->opcode);                                        \
     if (rA(ctx->opcode) == 0) {                                               \
-        gen_op_lf##width##_z_FT0(simm);                          \
+        gen_op_set_T0(simm);                                                  \
     } else {                                                                  \
         gen_op_load_gpr_T0(rA(ctx->opcode));                                  \
-        gen_op_lf##width##_FT0(simm);                              \
+        if (simm != 0)                                                        \
+            gen_op_addi(simm);                                                \
     }                                                                         \
-    gen_op_store_FT0_fpr(rD(ctx->opcode));\
-    SET_RETVAL(0);                                                            \
+    op_ldst(l##width);                                                        \
+    gen_op_store_FT1_fpr(rD(ctx->opcode));                                    \
 }
-#define GEN_LFU(width, opc)                                                   \
-GEN_HANDLER(lf##width##u, opc, 0xFF, 0xFF, 0x00000000, PPC_FLOAT)             \
+#define GEN_LDUF(width, opc)                                                  \
+GEN_HANDLER(l##width##u, opc, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)            \
 {                                                                             \
+    uint32_t simm = SIMM(ctx->opcode);                                        \
     if (rA(ctx->opcode) == 0 ||                                               \
-        rA(ctx->opcode) == rD(ctx->opcode))                                   \
-        SET_RETVAL(EXCP_INVAL);                                               \
+        rA(ctx->opcode) == rD(ctx->opcode)) {                                 \
+        RET_INVAL();                                                          \
+    }                                                                         \
     gen_op_load_gpr_T0(rA(ctx->opcode));                                      \
-    gen_op_lf##width##_FT0(SIMM(ctx->opcode));                     \
-    gen_op_store_FT0_fpr(rD(ctx->opcode));\
+    if (simm != 0)                                                            \
+        gen_op_addi(simm);                                                    \
+    op_ldst(l##width);                                                        \
+    gen_op_store_FT1_fpr(rD(ctx->opcode));                                    \
     gen_op_store_T0_gpr(rA(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
-#define GEN_LFUX(width, opc)                                                  \
-GEN_HANDLER(lf##width##ux, 0x1F, 0x17, opc, 0x00000001, PPC_FLOAT)            \
+#define GEN_LDUXF(width, opc)                                                 \
+GEN_HANDLER(l##width##ux, 0x1F, 0x17, opc, 0x00000001, PPC_INTEGER)           \
 {                                                                             \
     if (rA(ctx->opcode) == 0 ||                                               \
-        rA(ctx->opcode) == rD(ctx->opcode))                                   \
-        SET_RETVAL(EXCP_INVAL);                                               \
+        rA(ctx->opcode) == rD(ctx->opcode)) {                                 \
+        RET_INVAL();                                                          \
+    }                                                                         \
     gen_op_load_gpr_T0(rA(ctx->opcode));                                      \
     gen_op_load_gpr_T1(rB(ctx->opcode));                                      \
-    gen_op_lf##width##x_FT0();                                     \
-    gen_op_store_FT0_fpr(rD(ctx->opcode));\
+    gen_op_add();                                                             \
+    op_ldst(l##width);                                                        \
+    gen_op_store_FT1_fpr(rD(ctx->opcode));                                    \
     gen_op_store_T0_gpr(rA(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
-#define GEN_LFX(width, opc)                                                   \
-GEN_HANDLER(lf##width##x, 0x1F, 0x17, opc, 0x00000001, PPC_FLOAT)             \
+#define GEN_LDXF(width, opc2, opc3)                                           \
+GEN_HANDLER(l##width##x, 0x1F, opc2, opc3, 0x00000001, PPC_INTEGER)           \
 {                                                                             \
     if (rA(ctx->opcode) == 0) {                                               \
         gen_op_load_gpr_T0(rB(ctx->opcode));                                  \
-        gen_op_lf##width##x_z_FT0();                               \
     } else {                                                                  \
         gen_op_load_gpr_T0(rA(ctx->opcode));                                  \
         gen_op_load_gpr_T1(rB(ctx->opcode));                                  \
-        gen_op_lf##width##x_FT0();                                 \
+        gen_op_add();                                                         \
     }                                                                         \
-    gen_op_store_FT0_fpr(rD(ctx->opcode));\
-    SET_RETVAL(0);                                                            \
+    op_ldst(l##width);                                                        \
+    gen_op_store_FT1_fpr(rD(ctx->opcode));                                    \
 }
-#define GEN_LDF(width, opc)                                                   \
-GEN_LF(width, opc | 0x20)                                                     \
-GEN_LFU(width, opc | 0x21)                                                    \
-GEN_LFUX(width, opc | 0x01)                                                   \
-GEN_LFX(width, opc | 0x00)
+#define GEN_LDFS(width, op)                                                   \
+OP_LD_TABLE(width);                                                           \
+GEN_LDF(width, op | 0x20);                                                    \
+GEN_LDUF(width, op | 0x21);                                                   \
+GEN_LDUXF(width, op | 0x01);                                                  \
+GEN_LDXF(width, 0x17, op | 0x00)
 /* lfd lfdu lfdux lfdx */
-GEN_LDF(d, 0x12);
+GEN_LDFS(fd, 0x12);
 /* lfs lfsu lfsux lfsx */
-GEN_LDF(s, 0x10);
+GEN_LDFS(fs, 0x10);
 /***                         Floating-point store                          ***/
 #define GEN_STF(width, opc)                                                   \
-GEN_HANDLER(stf##width, opc, 0xFF, 0xFF, 0x00000000, PPC_FLOAT)               \
+GEN_HANDLER(st##width, opc, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)              \
 {                                                                             \
     uint32_t simm = SIMM(ctx->opcode);                                        \
-    gen_op_load_fpr_FT0(rS(ctx->opcode));\
     if (rA(ctx->opcode) == 0) {                                               \
-        gen_op_stf##width##_z_FT0(simm);                         \
+        gen_op_set_T0(simm);                                                  \
     } else {                                                                  \
         gen_op_load_gpr_T0(rA(ctx->opcode));                                  \
-        gen_op_stf##width##_FT0(simm);                             \
+        if (simm != 0)                                                        \
+            gen_op_addi(simm);                                                \
     }                                                                         \
-    SET_RETVAL(0);                                                            \
+    gen_op_load_fpr_FT1(rS(ctx->opcode));                                     \
+    op_ldst(st##width);                                                       \
 }
-#define GEN_STFU(width, opc)                                                  \
-GEN_HANDLER(stf##width##u, opc, 0xFF, 0xFF, 0x00000000, PPC_FLOAT)            \
+#define GEN_STUF(width, opc)                                                  \
+GEN_HANDLER(st##width##u, opc, 0xFF, 0xFF, 0x00000000, PPC_INTEGER)           \
 {                                                                             \
-    if (rA(ctx->opcode) == 0)                                                 \
-        SET_RETVAL(EXCP_INVAL);                                               \
+    uint32_t simm = SIMM(ctx->opcode);                                        \
+    if (rA(ctx->opcode) == 0) {                                               \
+        RET_INVAL();                                                          \
+    }                                                                         \
     gen_op_load_gpr_T0(rA(ctx->opcode));                                      \
-    gen_op_load_fpr_FT0(rS(ctx->opcode));\
-    gen_op_stf##width##_FT0(SIMM(ctx->opcode));                    \
+    if (simm != 0)                                                            \
+        gen_op_addi(simm);                                                    \
+    gen_op_load_fpr_FT1(rS(ctx->opcode));                                     \
+    op_ldst(st##width);                                                       \
     gen_op_store_T0_gpr(rA(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
-#define GEN_STFUX(width, opc)                                                 \
-GEN_HANDLER(stf##width##ux, 0x1F, 0x17, opc, 0x00000001, PPC_FLOAT)           \
+#define GEN_STUXF(width, opc)                                                 \
+GEN_HANDLER(st##width##ux, 0x1F, 0x17, opc, 0x00000001, PPC_INTEGER)          \
 {                                                                             \
-    if (rA(ctx->opcode) == 0)                                                 \
-        SET_RETVAL(EXCP_INVAL);                                               \
+    if (rA(ctx->opcode) == 0) {                                               \
+        RET_INVAL();                                                          \
+    }                                                                         \
     gen_op_load_gpr_T0(rA(ctx->opcode));                                      \
     gen_op_load_gpr_T1(rB(ctx->opcode));                                      \
-    gen_op_load_fpr_FT0(rS(ctx->opcode));\
-    gen_op_stf##width##x_FT0();                                    \
+    gen_op_add();                                                             \
+    gen_op_load_fpr_FT1(rS(ctx->opcode));                                     \
+    op_ldst(st##width);                                                       \
     gen_op_store_T0_gpr(rA(ctx->opcode));                                     \
-    SET_RETVAL(0);                                                            \
 }
-#define GEN_STFX(width, opc)                                                  \
-GEN_HANDLER(stf##width##x, 0x1F, 0x17, opc, 0x00000001, PPC_FLOAT)            \
+#define GEN_STXF(width, opc2, opc3)                                           \
+GEN_HANDLER(st##width##x, 0x1F, opc2, opc3, 0x00000001, PPC_INTEGER)          \
 {                                                                             \
-    gen_op_load_fpr_FT0(rS(ctx->opcode));\
     if (rA(ctx->opcode) == 0) {                                               \
         gen_op_load_gpr_T0(rB(ctx->opcode));                                  \
-        gen_op_stf##width##x_z_FT0();                              \
     } else {                                                                  \
         gen_op_load_gpr_T0(rA(ctx->opcode));                                  \
         gen_op_load_gpr_T1(rB(ctx->opcode));                                  \
-        gen_op_stf##width##x_FT0();                                \
+        gen_op_add();                                                         \
     }                                                                         \
-    SET_RETVAL(0);                                                            \
+    gen_op_load_fpr_FT1(rS(ctx->opcode));                                     \
+    op_ldst(st##width);                                                       \
 }
-#define GEN_STOF(width, opc)                                                  \
-GEN_STF(width, opc | 0x20)                                                    \
-GEN_STFU(width, opc | 0x21)                                                   \
-GEN_STFUX(width, opc | 0x01)                                                  \
-GEN_STFX(width, opc | 0x00)
+#define GEN_STFS(width, op)                                                   \
+OP_ST_TABLE(width);                                                           \
+GEN_STF(width, op | 0x20);                                                    \
+GEN_STUF(width, op | 0x21);                                                   \
+GEN_STUXF(width, op | 0x01);                                                  \
+GEN_STXF(width, 0x17, op | 0x00)
 /* stfd stfdu stfdux stfdx */
-GEN_STOF(d, 0x16);
+GEN_STFS(fd, 0x16);
 /* stfs stfsu stfsux stfsx */
-GEN_STOF(s, 0x14);
+GEN_STFS(fs, 0x14);
 /* Optional: */
 /* stfiwx */
 GEN_HANDLER(stfiwx, 0x1F, 0x17, 0x1E, 0x00000001, PPC_FLOAT)
 {
-    SET_RETVAL(EXCP_INVAL);
-}
-
-/***                         Floating-point move                           ***/
-/* fabs */
-GEN_HANDLER(fabs, 0x3F, 0x08, 0x08, 0x001F0000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
-/* fmr */
-GEN_HANDLER(fmr, 0x3F, 0x08, 0x02, 0x001F0000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
-/* fnabs */
-GEN_HANDLER(fnabs, 0x3F, 0x08, 0x04, 0x001F0000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
-}
-
-/* fneg */
-GEN_HANDLER(fneg, 0x3F, 0x08, 0x01, 0x001F0000, PPC_FLOAT)
-{
-    SET_RETVAL(EXCP_INVAL);
+    RET_INVAL();
 }
 /***                                Branch                                 ***/
 #define GEN_BCOND(name, opc1, opc2, opc3, prologue,                           \
-   bl_ctr,       b_ctr,       bl_ctrz,       b_ctrz,       b,                 \
+   bl_ctr,       b_ctr,       bl_ctrz,       b_ctrz,       b,        bl,      \
    bl_ctr_true,  b_ctr_true,  bl_ctrz_true,  b_ctrz_true,  bl_true,  b_true,  \
    bl_ctr_false, b_ctr_false, bl_ctrz_false, b_ctrz_false, bl_false, b_false) \
 GEN_HANDLER(name, opc1, opc2, opc3, 0x00000000, PPC_FLOW)                     \
@@ -1446,7 +1506,11 @@ GEN_HANDLER(name, opc1, opc2, opc3, 0x00000000, PPC_FLOW)                     \
     uint32_t bo = BO(ctx->opcode);                                            \
     uint32_t bi = BI(ctx->opcode);                                            \
     uint32_t mask;                                                            \
+    gen_op_update_tb(ctx->tb_offset);                                         \
+    gen_op_update_decr(ctx->decr_offset);                                     \
+    gen_op_process_exceptions((uint32_t)ctx->nip - 4);                        \
     prologue;                                                                 \
+/*    gen_op_set_T1((uint32_t)ctx->tb);*/                                     \
     if ((bo & 0x4) == 0)                                                      \
         gen_op_dec_ctr();                                                     \
     if (bo & 0x10) {                                                          \
@@ -1468,13 +1532,15 @@ GEN_HANDLER(name, opc1, opc2, opc3, 0x00000000, PPC_FLOW)                     \
             break;                                                            \
         case 4:                                                               \
         case 6:                                                               \
+            if (LK(ctx->opcode)) {                                            \
+                bl;                                                           \
+            } else {                                                          \
             b;                                                                \
-            if (LK(ctx->opcode))                                              \
-                gen_op_load_lr((uint32_t)ctx->nip);                           \
+            }                                                                 \
             break;                                                            \
         default:                                                              \
             printf("ERROR: %s: unhandled ba case (%d)\n", __func__, bo);      \
-            SET_RETVAL(EXCP_INVAL);                                           \
+            RET_INVAL();                                                      \
             break;                                                            \
         }                                                                     \
     } else {                                                                  \
@@ -1506,7 +1572,7 @@ GEN_HANDLER(name, opc1, opc2, opc3, 0x00000000, PPC_FLOW)                     \
                 break;                                                        \
             default:                                                          \
                 printf("ERROR: %s: unhandled b case (%d)\n", __func__, bo);   \
-                SET_RETVAL(EXCP_INVAL);                                       \
+                RET_INVAL();                                                  \
                 break;                                                        \
             }                                                                 \
         } else {                                                              \
@@ -1535,12 +1601,12 @@ GEN_HANDLER(name, opc1, opc2, opc3, 0x00000000, PPC_FLOW)                     \
                 break;                                                        \
             default:                                                          \
                 printf("ERROR: %s: unhandled bn case (%d)\n", __func__, bo);  \
-                SET_RETVAL(EXCP_INVAL);                                       \
+                RET_INVAL();                                                  \
                 break;                                                        \
             }                                                                 \
         }                                                                     \
     }                                                                         \
-    SET_RETVAL(EXCP_BRANCH);                                                  \
+    ctx->exception = EXCP_BRANCH;                                             \
 }
 /* b ba bl bla */
@@ -1548,14 +1614,20 @@ GEN_HANDLER(b, 0x12, 0xFF, 0xFF, 0x00000000, PPC_FLOW)
 {
     uint32_t li = s_ext24(LI(ctx->opcode)), target;
+    gen_op_update_tb(ctx->tb_offset);
+    gen_op_update_decr(ctx->decr_offset);
+    gen_op_process_exceptions((uint32_t)ctx->nip - 4);
     if (AA(ctx->opcode) == 0)
         target = (uint32_t)ctx->nip + li - 4;
     else
-        target = s_ext24(LI(ctx->opcode));
+        target = li;
+//    gen_op_set_T1((uint32_t)ctx->tb);
+    if (LK(ctx->opcode)) {
+        gen_op_bl(target, (uint32_t)ctx->nip);
+    } else {
     gen_op_b(target);
-    if (LK(ctx->opcode))
-        gen_op_load_lr((uint32_t)ctx->nip);
-    SET_RETVAL(EXCP_BRANCH);
+    }
+    ctx->exception = EXCP_BRANCH;
 }
 /* bc bca bcl bcla */
@@ -1573,6 +1645,7 @@ GEN_BCOND(bc, 0x10, 0xFF, 0xFF,
           gen_op_bl_ctrz((uint32_t)ctx->nip, target),
           gen_op_b_ctrz((uint32_t)ctx->nip, target),
           gen_op_b(target),
+          gen_op_bl(target, (uint32_t)ctx->nip),
           gen_op_bl_ctr_true((uint32_t)ctx->nip, target, mask),
           gen_op_b_ctr_true((uint32_t)ctx->nip, target, mask),
           gen_op_bl_ctrz_true((uint32_t)ctx->nip, target, mask),
@@ -1593,6 +1666,7 @@ GEN_BCOND(bcctr, 0x13, 0x10, 0x10, do { } while (0),
           gen_op_bctrl_ctrz((uint32_t)ctx->nip),
           gen_op_bctr_ctrz((uint32_t)ctx->nip),
           gen_op_bctr(),
+          gen_op_bctrl((uint32_t)ctx->nip),
           gen_op_bctrl_ctr_true((uint32_t)ctx->nip, mask),
           gen_op_bctr_ctr_true((uint32_t)ctx->nip, mask),
           gen_op_bctrl_ctrz_true((uint32_t)ctx->nip, mask),
@@ -1613,6 +1687,7 @@ GEN_BCOND(bclr, 0x13, 0x10, 0x00, do { } while (0),
           gen_op_blrl_ctrz((uint32_t)ctx->nip),
           gen_op_blr_ctrz((uint32_t)ctx->nip),
           gen_op_blr(),
+          gen_op_blrl((uint32_t)ctx->nip),
           gen_op_blrl_ctr_true((uint32_t)ctx->nip, mask),
           gen_op_blr_ctr_true((uint32_t)ctx->nip, mask),
           gen_op_blrl_ctrz_true((uint32_t)ctx->nip, mask),
@@ -1639,7 +1714,6 @@ GEN_HANDLER(cr##op, 0x13, 0x01, opc, 0x00000001, PPC_INTEGER)                 \
     gen_op_setcrfbit(~(1 << (3 - (crbD(ctx->opcode) & 0x03))),                \
                      3 - (crbD(ctx->opcode) & 0x03));                         \
     gen_op_store_T1_crf(crbD(ctx->opcode) >> 2);                              \
-    SET_RETVAL(0);                                                            \
 }
 /* crand */
@@ -1663,34 +1737,53 @@ GEN_HANDLER(mcrf, 0x13, 0x00, 0xFF, 0x00000001, PPC_INTEGER)
 {
     gen_op_load_crf_T0(crfS(ctx->opcode));
     gen_op_store_T0_crf(crfD(ctx->opcode));
-    SET_RETVAL(0);
 }
 /***                           System linkage                              ***/
 /* rfi (supervisor only) */
 GEN_HANDLER(rfi, 0x13, 0x12, 0xFF, 0x03FF8001, PPC_FLOW)
 {
-    SET_RETVAL(EXCP_INVAL);
+#if defined(CONFIG_USER_ONLY)
+    RET_PRIVOPC();
+#else
+    /* Restore CPU state */
+    if (!ctx->supervisor) {
+        RET_PRIVOPC();
+    }
+    gen_op_rfi();
+    ctx->exception = EXCP_RFI;
+#endif
 }
 /* sc */
 GEN_HANDLER(sc, 0x11, 0xFF, 0xFF, 0x03FFFFFD, PPC_FLOW)
 {
-    gen_op_b((uint32_t)ctx->nip);
-    SET_RETVAL(EXCP_SYSCALL);
+#if defined(CONFIG_USER_ONLY)
+    gen_op_queue_exception(EXCP_SYSCALL_USER);
+#else
+    gen_op_queue_exception(EXCP_SYSCALL);
+#endif
+    ctx->exception = EXCP_SYSCALL;
 }
 /***                                Trap                                   ***/
 /* tw */
 GEN_HANDLER(tw, 0x1F, 0x04, 0xFF, 0x00000001, PPC_FLOW)
 {
-    SET_RETVAL(EXCP_INVAL);
+    gen_op_load_gpr_T0(rA(ctx->opcode));
+    gen_op_load_gpr_T1(rB(ctx->opcode));
+    gen_op_tw(TO(ctx->opcode));
 }
 /* twi */
 GEN_HANDLER(twi, 0x03, 0xFF, 0xFF, 0x00000000, PPC_FLOW)
 {
-    SET_RETVAL(EXCP_INVAL);
+    gen_op_load_gpr_T0(rA(ctx->opcode));
+#if 0
+    printf("%s: param=0x%04x T0=0x%04x\n", __func__,
+           SIMM(ctx->opcode), TO(ctx->opcode));
+#endif
+    gen_op_twi(SIMM(ctx->opcode), TO(ctx->opcode));
 }
 /***                          Processor control                            ***/
@@ -1698,6 +1791,21 @@ static inline int check_spr_access (int spr, int rw, int supervisor)
 {
     uint32_t rights = spr_access[spr >> 1] >> (4 * (spr & 1));
+#if 0
+    if (spr != LR && spr != CTR) {
+    if (loglevel > 0) {
+        fprintf(logfile, "%s reg=%d s=%d rw=%d r=0x%02x 0x%02x\n", __func__,
+                SPR_ENCODE(spr), supervisor, rw, rights,
+                (rights >> ((2 * supervisor) + rw)) & 1);
+    } else {
+        printf("%s reg=%d s=%d rw=%d r=0x%02x 0x%02x\n", __func__,
+               SPR_ENCODE(spr), supervisor, rw, rights,
+               (rights >> ((2 * supervisor) + rw)) & 1);
+    }
+    }
+#endif
+    if (rights == 0)
+        return -1;
     rights = rights >> (2 * supervisor);
     rights = rights >> rw;
@@ -1710,7 +1818,6 @@ GEN_HANDLER(mcrxr, 0x1F, 0x00, 0x10, 0x007FF801, PPC_MISC)
     gen_op_load_xer_cr();
     gen_op_store_T0_crf(crfD(ctx->opcode));
     gen_op_clear_xer_cr();
-    SET_RETVAL(0);
 }
 /* mfcr */
@@ -1718,17 +1825,20 @@ GEN_HANDLER(mfcr, 0x1F, 0x13, 0x00, 0x001FF801, PPC_MISC)
 {
     gen_op_load_cr();
     gen_op_store_T0_gpr(rD(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* mfmsr */
 GEN_HANDLER(mfmsr, 0x1F, 0x13, 0x02, 0x001FF801, PPC_MISC)
 {
-    if (!ctx->supervisor)
-        SET_RETVAL(EXCP_PRIV);
+#if defined(CONFIG_USER_ONLY)
+    RET_PRIVREG();
+#else
+    if (!ctx->supervisor) {
+        RET_PRIVREG();
+    }
     gen_op_load_msr();
     gen_op_store_T0_gpr(rD(ctx->opcode));
-    SET_RETVAL(0);
+#endif
 }
 /* mfspr */
@@ -1736,31 +1846,150 @@ GEN_HANDLER(mfspr, 0x1F, 0x13, 0x0A, 0x00000001, PPC_MISC)
 {
     uint32_t sprn = SPR(ctx->opcode);
-    if (check_spr_access(sprn, 0, ctx->supervisor) == 0)
-        SET_RETVAL(EXCP_PRIV);
-    /* XXX: make this more generic */
-    switch (sprn) {
-    case SPR_ENCODE(1):
-        if (loglevel > 0) {
-            fprintf(logfile, "LOAD XER at %p\n", ctx->nip - 1);
+#if defined(CONFIG_USER_ONLY)
+    switch (check_spr_access(sprn, 0, 0))
+#else
+    switch (check_spr_access(sprn, 0, ctx->supervisor))
+#endif
+    {
+    case -1:
+        RET_EXCP(EXCP_PROGRAM, EXCP_INVAL | EXCP_INVAL_SPR);
+        break;
+    case 0:
+        RET_PRIVREG();
+        break;
+    default:
+        break;
         }
+    switch (sprn) {
+    case XER:
         gen_op_load_xer();
         break;
-    case SPR_ENCODE(268):
-        /* We need to update the time base before reading it */
+    case LR:
+        gen_op_load_lr();
+        break;
+    case CTR:
+        gen_op_load_ctr();
+        break;
+    case IBAT0U:
+        gen_op_load_ibat(0, 0);
+        break;
+    case IBAT1U:
+        gen_op_load_ibat(0, 1);
+        break;
+    case IBAT2U:
+        gen_op_load_ibat(0, 2);
+        break;
+    case IBAT3U:
+        gen_op_load_ibat(0, 3);
+        break;
+    case IBAT4U:
+        gen_op_load_ibat(0, 4);
+        break;
+    case IBAT5U:
+        gen_op_load_ibat(0, 5);
+        break;
+    case IBAT6U:
+        gen_op_load_ibat(0, 6);
+        break;
+    case IBAT7U:
+        gen_op_load_ibat(0, 7);
+        break;
+    case IBAT0L:
+        gen_op_load_ibat(1, 0);
+        break;
+    case IBAT1L:
+        gen_op_load_ibat(1, 1);
+        break;
+    case IBAT2L:
+        gen_op_load_ibat(1, 2);
+        break;
+    case IBAT3L:
+        gen_op_load_ibat(1, 3);
+        break;
+    case IBAT4L:
+        gen_op_load_ibat(1, 4);
+        break;
+    case IBAT5L:
+        gen_op_load_ibat(1, 5);
+        break;
+    case IBAT6L:
+        gen_op_load_ibat(1, 6);
+        break;
+    case IBAT7L:
+        gen_op_load_ibat(1, 7);
+        break;
+    case DBAT0U:
+        gen_op_load_dbat(0, 0);
+        break;
+    case DBAT1U:
+        gen_op_load_dbat(0, 1);
+        break;
+    case DBAT2U:
+        gen_op_load_dbat(0, 2);
+        break;
+    case DBAT3U:
+        gen_op_load_dbat(0, 3);
+        break;
+    case DBAT4U:
+        gen_op_load_dbat(0, 4);
+        break;
+    case DBAT5U:
+        gen_op_load_dbat(0, 5);
+        break;
+    case DBAT6U:
+        gen_op_load_dbat(0, 6);
+        break;
+    case DBAT7U:
+        gen_op_load_dbat(0, 7);
+        break;
+    case DBAT0L:
+        gen_op_load_dbat(1, 0);
+        break;
+    case DBAT1L:
+        gen_op_load_dbat(1, 1);
+        break;
+    case DBAT2L:
+        gen_op_load_dbat(1, 2);
+        break;
+    case DBAT3L:
+        gen_op_load_dbat(1, 3);
+        break;
+    case DBAT4L:
+        gen_op_load_dbat(1, 4);
+        break;
+    case DBAT5L:
+        gen_op_load_dbat(1, 5);
+        break;
+    case DBAT6L:
+        gen_op_load_dbat(1, 6);
+        break;
+    case DBAT7L:
+        gen_op_load_dbat(1, 7);
+        break;
+    case SDR1:
+        gen_op_load_sdr1();
+        break;
+    case V_TBL:
         gen_op_update_tb(ctx->tb_offset);
         ctx->tb_offset = 0;
+        /* TBL is still in T0 */
         break;
-    case SPR_ENCODE(269):
+    case V_TBU:
         gen_op_update_tb(ctx->tb_offset);
         ctx->tb_offset = 0;
+        gen_op_load_tb(1);
+        break;
+    case DECR:
+        gen_op_update_decr(ctx->decr_offset);
+        ctx->decr_offset = 0;
+        /* decr is still in T0 */
         break;
     default:
         gen_op_load_spr(sprn);
         break;
     }
-    gen_op_store_T0_gpr(rD(ctx->opcode)); //
-    SET_RETVAL(0);
+    gen_op_store_T0_gpr(rD(ctx->opcode));
 }
 /* mftb */
@@ -1768,23 +1997,22 @@ GEN_HANDLER(mftb, 0x1F, 0x13, 0x0B, 0x00000001, PPC_MISC)
 {
     uint32_t sprn = SPR(ctx->opcode);
-    if (check_spr_access(sprn, 0, ctx->supervisor) == 0)
-        SET_RETVAL(EXCP_PRIV);
-    switch (sprn) {
-    case SPR_ENCODE(268):
         /* We need to update the time base before reading it */
+    switch (sprn) {
+    case V_TBL:
         gen_op_update_tb(ctx->tb_offset);
-        ctx->tb_offset = 0;
+        /* TBL is still in T0 */
         break;
-    case SPR_ENCODE(269):
+    case V_TBU:
         gen_op_update_tb(ctx->tb_offset);
-        ctx->tb_offset = 0;
+        gen_op_load_tb(1);
         break;
     default:
-        SET_RETVAL(EXCP_INVAL);
+        RET_INVAL();
         break;
     }
-    SET_RETVAL(0);
+    ctx->tb_offset = 0;
+    gen_op_store_T0_gpr(rD(ctx->opcode));
 }
 /* mtcrf */
@@ -1792,18 +2020,22 @@ GEN_HANDLER(mtcrf, 0x1F, 0x10, 0x04, 0x00100801, PPC_MISC)
 {
     gen_op_load_gpr_T0(rS(ctx->opcode));
     gen_op_store_cr(CRM(ctx->opcode));
-    SET_RETVAL(0);
 }
 /* mtmsr */
 GEN_HANDLER(mtmsr, 0x1F, 0x12, 0x04, 0x001FF801, PPC_MISC)
 {
-    if (!ctx->supervisor)
-        SET_RETVAL(EXCP_PRIV);
+#if defined(CONFIG_USER_ONLY)
+    RET_PRIVREG();
+#else
+    if (!ctx->supervisor) {
+        RET_PRIVREG();
+    }
     gen_op_load_gpr_T0(rS(ctx->opcode));
     gen_op_store_msr();
     /* Must stop the translation as machine state (may have) changed */
-    SET_RETVAL(EXCP_MTMSR);
+    ctx->exception = EXCP_MTMSR;
+#endif
 }
 /* mtspr */
@@ -1811,84 +2043,265 @@ GEN_HANDLER(mtspr, 0x1F, 0x13, 0x0E, 0x00000001, PPC_MISC)
 {
     uint32_t sprn = SPR(ctx->opcode);
-    if (check_spr_access(sprn, 1, ctx->supervisor) == 0)
-        SET_RETVAL(EXCP_PRIV);
+#if 0
+    if (loglevel > 0) {
+        fprintf(logfile, "MTSPR %d src=%d (%d)\n", SPR_ENCODE(sprn),
+                rS(ctx->opcode), sprn);
+    }
+#endif
+#if defined(CONFIG_USER_ONLY)
+    switch (check_spr_access(sprn, 1, 0))
+#else
+    switch (check_spr_access(sprn, 1, ctx->supervisor))
+#endif
+    {
+    case -1:
+        RET_EXCP(EXCP_PROGRAM, EXCP_INVAL | EXCP_INVAL_SPR);
+        break;
+    case 0:
+        RET_PRIVREG();
+        break;
+    default:
+        break;
+    }
     gen_op_load_gpr_T0(rS(ctx->opcode));
-    if (sprn == SPR_ENCODE(1)) {
+    switch (sprn) {
+    case XER:
         gen_op_store_xer();
-    } else {
+        break;
+    case LR:
+        gen_op_andi_(~0x03);
+        gen_op_store_lr();
+        break;
+    case CTR:
+        gen_op_store_ctr();
+        break;
+    case IBAT0U:
+        gen_op_store_ibat(0, 0);
+        gen_op_tlbia();
+        break;
+    case IBAT1U:
+        gen_op_store_ibat(0, 1);
+        gen_op_tlbia();
+        break;
+    case IBAT2U:
+        gen_op_store_ibat(0, 2);
+        gen_op_tlbia();
+        break;
+    case IBAT3U:
+        gen_op_store_ibat(0, 3);
+        gen_op_tlbia();
+        break;
+    case IBAT4U:
+        gen_op_store_ibat(0, 4);
+        gen_op_tlbia();
+        break;
+    case IBAT5U:
+        gen_op_store_ibat(0, 5);
+        gen_op_tlbia();
+        break;
+    case IBAT6U:
+        gen_op_store_ibat(0, 6);
+        gen_op_tlbia();
+        break;
+    case IBAT7U:
+        gen_op_store_ibat(0, 7);
+        gen_op_tlbia();
+        break;
+    case IBAT0L:
+        gen_op_store_ibat(1, 0);
+        gen_op_tlbia();
+        break;
+    case IBAT1L:
+        gen_op_store_ibat(1, 1);
+        gen_op_tlbia();
+        break;
+    case IBAT2L:
+        gen_op_store_ibat(1, 2);
+        gen_op_tlbia();
+        break;
+    case IBAT3L:
+        gen_op_store_ibat(1, 3);
+        gen_op_tlbia();
+        break;
+    case IBAT4L:
+        gen_op_store_ibat(1, 4);
+        gen_op_tlbia();
+        break;
+    case IBAT5L:
+        gen_op_store_ibat(1, 5);
+        gen_op_tlbia();
+        break;
+    case IBAT6L:
+        gen_op_store_ibat(1, 6);
+        gen_op_tlbia();
+        break;
+    case IBAT7L:
+        gen_op_store_ibat(1, 7);
+        gen_op_tlbia();
+        break;
+    case DBAT0U:
+        gen_op_store_dbat(0, 0);
+        gen_op_tlbia();
+        break;
+    case DBAT1U:
+        gen_op_store_dbat(0, 1);
+        gen_op_tlbia();
+        break;
+    case DBAT2U:
+        gen_op_store_dbat(0, 2);
+        gen_op_tlbia();
+        break;
+    case DBAT3U:
+        gen_op_store_dbat(0, 3);
+        gen_op_tlbia();
+        break;
+    case DBAT4U:
+        gen_op_store_dbat(0, 4);
+        gen_op_tlbia();
+        break;
+    case DBAT5U:
+        gen_op_store_dbat(0, 5);
+        gen_op_tlbia();
+        break;
+    case DBAT6U:
+        gen_op_store_dbat(0, 6);
+        gen_op_tlbia();
+        break;
+    case DBAT7U:
+        gen_op_store_dbat(0, 7);
+        gen_op_tlbia();
+        break;
+    case DBAT0L:
+        gen_op_store_dbat(1, 0);
+        gen_op_tlbia();
+        break;
+    case DBAT1L:
+        gen_op_store_dbat(1, 1);
+        gen_op_tlbia();
+        break;
+    case DBAT2L:
+        gen_op_store_dbat(1, 2);
+        gen_op_tlbia();
+        break;
+    case DBAT3L:
+        gen_op_store_dbat(1, 3);
+        gen_op_tlbia();
+        break;
+    case DBAT4L:
+        gen_op_store_dbat(1, 4);
+        gen_op_tlbia();
+        break;
+    case DBAT5L:
+        gen_op_store_dbat(1, 5);
+        gen_op_tlbia();
+        break;
+    case DBAT6L:
+        gen_op_store_dbat(1, 6);
+        gen_op_tlbia();
+        break;
+    case DBAT7L:
+        gen_op_store_dbat(1, 7);
+        gen_op_tlbia();
+        break;
+    case SDR1:
+        gen_op_store_sdr1();
+        gen_op_tlbia();
+        break;
+    case O_TBL:
+        gen_op_store_tb(0);
+        ctx->tb_offset = 0;
+        break;
+    case O_TBU:
+        gen_op_store_tb(1);
+        ctx->tb_offset = 0;
+        break;
+    case DECR:
+        gen_op_store_decr();
+        ctx->decr_offset = 0;
+        break;
+    default:
         gen_op_store_spr(sprn);
+        break;
     }
-    SET_RETVAL(0);
 }
 /***                         Cache management                              ***/
 /* For now, all those will be implemented as nop:
  * this is valid, regarding the PowerPC specs...
+ * We just have to flush tb while invalidating instruction cache lines...
  */
 /* dcbf */
-GEN_HANDLER(dcbf, 0x1F, 0x16, 0x17, 0x03E00001, PPC_MEM)
+GEN_HANDLER(dcbf, 0x1F, 0x16, 0x02, 0x03E00001, PPC_CACHE)
 {
-    SET_RETVAL(0);
 }
 /* dcbi (Supervisor only) */
-GEN_HANDLER(dcbi, 0x1F, 0x16, 0x1F, 0x03E00001, PPC_MEM)
+GEN_HANDLER(dcbi, 0x1F, 0x16, 0x0E, 0x03E00001, PPC_CACHE)
 {
-    SET_RETVAL(0);
+#if !defined(CONFIG_USER_ONLY)
+    if (!ctx->supervisor)
+#endif
+    {
+        RET_PRIVOPC();
+    }
 }
 /* dcdst */
-GEN_HANDLER(dcbst, 0x1F, 0x16, 0x0E, 0x03E00001, PPC_MEM)
+GEN_HANDLER(dcbst, 0x1F, 0x16, 0x01, 0x03E00001, PPC_CACHE)
 {
-    SET_RETVAL(0);
 }
 /* dcbt */
-GEN_HANDLER(dcbt, 0x1F, 0x16, 0x01, 0x03E00001, PPC_MEM)
+GEN_HANDLER(dcbt, 0x1F, 0x16, 0x08, 0x03E00001, PPC_CACHE)
 {
-    SET_RETVAL(0);
 }
 /* dcbtst */
-GEN_HANDLER(dcbtst, 0x1F, 0x16, 0x02, 0x03E00001, PPC_MEM)
+GEN_HANDLER(dcbtst, 0x1F, 0x16, 0x07, 0x03E00001, PPC_CACHE)
 {
-    SET_RETVAL(0);
 }
 /* dcbz */
-GEN_HANDLER(dcbz, 0x1F, 0x16, 0x08, 0x03E00001, PPC_MEM)
+#if defined(CONFIG_USER_ONLY)
+#define op_dcbz() gen_op_dcbz_raw()
+#else
+#define op_dcbz() (*gen_op_dcbz[ctx->mem_idx])()
+static GenOpFunc *gen_op_dcbz[] = {
+    &gen_op_dcbz_user,
+    &gen_op_dcbz_kernel,
+};
+#endif
+
+GEN_HANDLER(dcbz, 0x1F, 0x16, 0x1F, 0x03E00001, PPC_CACHE)
 {
     if (rA(ctx->opcode) == 0) {
         gen_op_load_gpr_T0(rB(ctx->opcode));
-        gen_op_dcbz_z();
     } else {
         gen_op_load_gpr_T0(rA(ctx->opcode));
         gen_op_load_gpr_T1(rB(ctx->opcode));
-        gen_op_dcbz();
+        gen_op_add();
     }
-    SET_RETVAL(0);
+    op_dcbz();
 }
 /* icbi */
-GEN_HANDLER(icbi, 0x1F, 0x16, 0x1E, 0x03E00001, PPC_MEM)
+GEN_HANDLER(icbi, 0x1F, 0x16, 0x1E, 0x03E00001, PPC_CACHE)
 {
     if (rA(ctx->opcode) == 0) {
         gen_op_load_gpr_T0(rB(ctx->opcode));
-        gen_op_icbi_z();
     } else {
         gen_op_load_gpr_T0(rA(ctx->opcode));
         gen_op_load_gpr_T1(rB(ctx->opcode));
-        gen_op_icbi();
+        gen_op_add();
     }
-    SET_RETVAL(0);
+    gen_op_icbi();
 }
 /* Optional: */
 /* dcba */
-GEN_HANDLER(dcba, 0x1F, 0x16, 0x07, 0x03E00001, PPC_MEM)
+GEN_HANDLER(dcba, 0x1F, 0x16, 0x07, 0x03E00001, PPC_CACHE_OPT)
 {
-    SET_RETVAL(0);
 }
 /***                    Segment register manipulation                      ***/
@@ -1896,70 +2309,163 @@ GEN_HANDLER(dcba, 0x1F, 0x16, 0x07, 0x03E00001, PPC_MEM)
 /* mfsr */
 GEN_HANDLER(mfsr, 0x1F, 0x13, 0x12, 0x0010F801, PPC_SEGMENT)
 {
-    SET_RETVAL(EXCP_INVAL);
+#if defined(CONFIG_USER_ONLY)
+    RET_PRIVREG();
+#else
+    if (!ctx->supervisor) {
+        RET_PRIVREG();
+    }
+    gen_op_load_sr(SR(ctx->opcode));
+    gen_op_store_T0_gpr(rD(ctx->opcode));
+#endif
 }
 /* mfsrin */
-GEN_HANDLER(mfsrin, 0x1F, 0x13, 0x14, 0x0010F001, PPC_SEGMENT)
+GEN_HANDLER(mfsrin, 0x1F, 0x13, 0x14, 0x001F0001, PPC_SEGMENT)
 {
-    SET_RETVAL(EXCP_INVAL);
+#if defined(CONFIG_USER_ONLY)
+    RET_PRIVREG();
+#else
+    if (!ctx->supervisor) {
+        RET_PRIVREG();
+    }
+    gen_op_load_gpr_T1(rB(ctx->opcode));
+    gen_op_load_srin();
+    gen_op_store_T0_gpr(rD(ctx->opcode));
+#endif
 }
 /* mtsr */
 GEN_HANDLER(mtsr, 0x1F, 0x12, 0x02, 0x0010F801, PPC_SEGMENT)
 {
-    SET_RETVAL(EXCP_INVAL);
+#if defined(CONFIG_USER_ONLY)
+    RET_PRIVREG();
+#else
+    if (!ctx->supervisor) {
+        RET_PRIVREG();
+    }
+    gen_op_load_gpr_T0(rS(ctx->opcode));
+    gen_op_store_sr(SR(ctx->opcode));
+    gen_op_tlbia();
+#endif
 }
 /* mtsrin */
-GEN_HANDLER(mtsrin, 0x1F, 0x12, 0x07, 0x0010F001, PPC_SEGMENT)
+GEN_HANDLER(mtsrin, 0x1F, 0x12, 0x07, 0x001F0001, PPC_SEGMENT)
 {
-    SET_RETVAL(EXCP_INVAL);
+#if defined(CONFIG_USER_ONLY)
+    RET_PRIVREG();
+#else
+    if (!ctx->supervisor) {
+        RET_PRIVREG();
+    }
+    gen_op_load_gpr_T0(rS(ctx->opcode));
+    gen_op_load_gpr_T1(rB(ctx->opcode));
+    gen_op_store_srin();
+    gen_op_tlbia();
+#endif
 }
 /***                      Lookaside buffer management                      ***/
 /* Optional & supervisor only: */
 /* tlbia */
-GEN_HANDLER(tlbia, 0x1F, 0x12, 0x0B, 0x03FFFC01, PPC_MEM)
+GEN_HANDLER(tlbia, 0x1F, 0x12, 0x0B, 0x03FFFC01, PPC_MEM_OPT)
 {
-    SET_RETVAL(EXCP_INVAL);
+#if defined(CONFIG_USER_ONLY)
+    RET_PRIVOPC();
+#else
+    if (!ctx->supervisor) {
+        RET_PRIVOPC();
+    }
+    gen_op_tlbia();
+#endif
 }
 /* tlbie */
-GEN_HANDLER(tlbie, 0x1F, 0x12, 0x09, 0x03FF8001, PPC_MEM)
+GEN_HANDLER(tlbie, 0x1F, 0x12, 0x09, 0x03FF0001, PPC_MEM)
 {
-    SET_RETVAL(EXCP_INVAL);
+#if defined(CONFIG_USER_ONLY)
+    RET_PRIVOPC();
+#else
+    if (!ctx->supervisor) {
+        RET_PRIVOPC();
+    }
+    gen_op_load_gpr_T0(rB(ctx->opcode));
+    gen_op_tlbie();
+#endif
 }
 /* tlbsync */
 GEN_HANDLER(tlbsync, 0x1F, 0x16, 0x11, 0x03FFFC01, PPC_MEM)
 {
-    SET_RETVAL(EXCP_INVAL);
+#if defined(CONFIG_USER_ONLY)
+    RET_PRIVOPC();
+#else
+    if (!ctx->supervisor) {
+        RET_PRIVOPC();
+    }
+    /* This has no effect: it should ensure that all previous
+     * tlbie have completed
+     */
+#endif
 }
 /***                              External control                         ***/
 /* Optional: */
 /* eciwx */
+#if defined(CONFIG_USER_ONLY)
+#define op_eciwx() gen_op_eciwx_raw()
+#define op_ecowx() gen_op_ecowx_raw()
+#else
+#define op_eciwx() (*gen_op_eciwx[ctx->mem_idx])()
+#define op_ecowx() (*gen_op_ecowx[ctx->mem_idx])()
+static GenOpFunc *gen_op_eciwx[] = {
+    &gen_op_eciwx_user,
+    &gen_op_eciwx_kernel,
+};
+static GenOpFunc *gen_op_ecowx[] = {
+    &gen_op_ecowx_user,
+    &gen_op_ecowx_kernel,
+};
+#endif
+
 GEN_HANDLER(eciwx, 0x1F, 0x16, 0x0D, 0x00000001, PPC_EXTERN)
 {
-    SET_RETVAL(EXCP_INVAL);
+    /* Should check EAR[E] & alignment ! */
+    if (rA(ctx->opcode) == 0) {
+        gen_op_load_gpr_T0(rB(ctx->opcode));
+    } else {
+        gen_op_load_gpr_T0(rA(ctx->opcode));
+        gen_op_load_gpr_T1(rB(ctx->opcode));
+        gen_op_add();
+    }
+    op_eciwx();
+    gen_op_store_T0_gpr(rD(ctx->opcode));
 }
 /* ecowx */
 GEN_HANDLER(ecowx, 0x1F, 0x16, 0x09, 0x00000001, PPC_EXTERN)
 {
-    SET_RETVAL(EXCP_INVAL);
+    /* Should check EAR[E] & alignment ! */
+    if (rA(ctx->opcode) == 0) {
+        gen_op_load_gpr_T0(rB(ctx->opcode));
+    } else {
+        gen_op_load_gpr_T0(rA(ctx->opcode));
+        gen_op_load_gpr_T1(rB(ctx->opcode));
+        gen_op_add();
+    }
+    gen_op_load_gpr_T2(rS(ctx->opcode));
+    op_ecowx();
 }
 /* End opcode list */
 GEN_OPCODE_MARK(end);
 /*****************************************************************************/
-
+#include <stdlib.h>
 #include <string.h>
-extern FILE *stderr;
-void free (void *p);
-int fflush (FILE *f);
+
+int fflush (FILE *stream);
 /* Main ppc opcodes table:
  * at init, all opcodes are invalids
@@ -1982,6 +2488,7 @@ static inline opc_handler_t **ind_table(void *handler)
     return (opc_handler_t **)((unsigned long)handler & ~3);
 }
+/* Instruction table creation */
 /* Opcodes tables creation */
 static void fill_new_table (opc_handler_t **table, int len)
 {
@@ -2014,10 +2521,11 @@ static int insert_in_table (opc_handler_t **table, unsigned char idx,
     return 0;
 }
-static int register_direct_insn (unsigned char idx, opc_handler_t *handler)
+static int register_direct_insn (opc_handler_t **ppc_opcodes,
+                                 unsigned char idx, opc_handler_t *handler)
 {
     if (insert_in_table(ppc_opcodes, idx, handler) < 0) {
-        fprintf(stderr, "*** ERROR: opcode %02x already assigned in main "
+        printf("*** ERROR: opcode %02x already assigned in main "
                 "opcode table\n", idx);
         return -1;
     }
@@ -2031,20 +2539,20 @@ static int register_ind_in_table (opc_handler_t **table,
 {
     if (table[idx1] == &invalid_handler) {
         if (create_new_table(table, idx1) < 0) {
-            fprintf(stderr, "*** ERROR: unable to create indirect table "
+            printf("*** ERROR: unable to create indirect table "
                     "idx=%02x\n", idx1);
             return -1;
         }
     } else {
         if (!is_indirect_opcode(table[idx1])) {
-            fprintf(stderr, "*** ERROR: idx %02x already assigned to a direct "
+            printf("*** ERROR: idx %02x already assigned to a direct "
                     "opcode\n", idx1);
             return -1;
         }
     }
     if (handler != NULL &&
         insert_in_table(ind_table(table[idx1]), idx2, handler) < 0) {
-        fprintf(stderr, "*** ERROR: opcode %02x already assigned in "
+        printf("*** ERROR: opcode %02x already assigned in "
                 "opcode table %02x\n", idx2, idx1);
         return -1;
     }
@@ -2052,7 +2560,8 @@ static int register_ind_in_table (opc_handler_t **table,
     return 0;
 }
-static int register_ind_insn (unsigned char idx1, unsigned char idx2,
+static int register_ind_insn (opc_handler_t **ppc_opcodes,
+                              unsigned char idx1, unsigned char idx2,
                                opc_handler_t *handler)
 {
     int ret;
@@ -2062,17 +2571,18 @@ static int register_ind_insn (unsigned char idx1, unsigned char idx2,
     return ret;
 }
-static int register_dblind_insn (unsigned char idx1, unsigned char idx2,
+static int register_dblind_insn (opc_handler_t **ppc_opcodes, 
+                                 unsigned char idx1, unsigned char idx2,
                                   unsigned char idx3, opc_handler_t *handler)
 {
     if (register_ind_in_table(ppc_opcodes, idx1, idx2, NULL) < 0) {
-        fprintf(stderr, "*** ERROR: unable to join indirect table idx "
+        printf("*** ERROR: unable to join indirect table idx "
                 "[%02x-%02x]\n", idx1, idx2);
         return -1;
     }
     if (register_ind_in_table(ind_table(ppc_opcodes[idx1]), idx2, idx3,
                               handler) < 0) {
-        fprintf(stderr, "*** ERROR: unable to insert opcode "
+        printf("*** ERROR: unable to insert opcode "
                 "[%02x-%02x-%02x]\n", idx1, idx2, idx3);
         return -1;
     }
@@ -2080,19 +2590,20 @@ static int register_dblind_insn (unsigned char idx1, unsigned char idx2,
     return 0;
 }
-static int register_insn (opcode_t *insn)
+static int register_insn (opc_handler_t **ppc_opcodes, opcode_t *insn)
 {
     if (insn->opc2 != 0xFF) {
         if (insn->opc3 != 0xFF) {
-            if (register_dblind_insn(insn->opc1, insn->opc2, insn->opc3,
-                                     &insn->handler) < 0)
+            if (register_dblind_insn(ppc_opcodes, insn->opc1, insn->opc2,
+                                     insn->opc3, &insn->handler) < 0)
                 return -1;
         } else {
-            if (register_ind_insn(insn->opc1, insn->opc2, &insn->handler) < 0)
+            if (register_ind_insn(ppc_opcodes, insn->opc1,
+                                  insn->opc2, &insn->handler) < 0)
                 return -1;
         }
     } else {
-        if (register_direct_insn(insn->opc1, &insn->handler) < 0)
+        if (register_direct_insn(ppc_opcodes, insn->opc1, &insn->handler) < 0)
             return -1;
     }
@@ -2125,13 +2636,13 @@ static int test_opcode_table (opc_handler_t **table, int len)
     return count;
 }
-static void fix_opcode_tables (void)
+static void fix_opcode_tables (opc_handler_t **ppc_opcodes)
 {
     if (test_opcode_table(ppc_opcodes, 0x40) == 0)
-        fprintf(stderr, "*** WARNING: no opcode defined !\n");
+        printf("*** WARNING: no opcode defined !\n");
 }
-#define SPR_RIGHTS(rw, priv) ((2 * (priv)) + (rw))
+#define SPR_RIGHTS(rw, priv) (1 << ((2 * (priv)) + (rw)))
 #define SPR_UR SPR_RIGHTS(0, 0)
 #define SPR_UW SPR_RIGHTS(1, 0)
 #define SPR_SR SPR_RIGHTS(0, 1)
@@ -2142,87 +2653,199 @@ do {                                                           \
     spr_access[(spr) >> 1] |= ((rights) << (4 * ((spr) & 1))); \
 } while (0)
-static void init_spr_rights (void)
+static void init_spr_rights (uint32_t pvr)
 {
     /* XER    (SPR 1) */
-    spr_set_rights(SPR_ENCODE(1), SPR_UR | SPR_UW | SPR_SR | SPR_SW);
+    spr_set_rights(XER,    SPR_UR | SPR_UW | SPR_SR | SPR_SW);
     /* LR     (SPR 8) */
-    spr_set_rights(SPR_ENCODE(8), SPR_UR | SPR_UW | SPR_SR | SPR_SW);
+    spr_set_rights(LR,     SPR_UR | SPR_UW | SPR_SR | SPR_SW);
     /* CTR    (SPR 9) */
-    spr_set_rights(SPR_ENCODE(9), SPR_UR | SPR_UW | SPR_SR | SPR_SW);
+    spr_set_rights(CTR,    SPR_UR | SPR_UW | SPR_SR | SPR_SW);
     /* TBL    (SPR 268) */
-    spr_set_rights(SPR_ENCODE(268), SPR_UR | SPR_SR);
+    spr_set_rights(V_TBL,  SPR_UR | SPR_SR);
     /* TBU    (SPR 269) */
-    spr_set_rights(SPR_ENCODE(269), SPR_UR | SPR_SR);
+    spr_set_rights(V_TBU,  SPR_UR | SPR_SR);
     /* DSISR  (SPR 18) */
-    spr_set_rights(SPR_ENCODE(18), SPR_SR | SPR_SW);
+    spr_set_rights(DSISR,  SPR_SR | SPR_SW);
     /* DAR    (SPR 19) */
-    spr_set_rights(SPR_ENCODE(19), SPR_SR | SPR_SW);
+    spr_set_rights(DAR,    SPR_SR | SPR_SW);
     /* DEC    (SPR 22) */
-    spr_set_rights(SPR_ENCODE(22), SPR_SR | SPR_SW);
+    spr_set_rights(DECR,   SPR_SR | SPR_SW);
     /* SDR1   (SPR 25) */
-    spr_set_rights(SPR_ENCODE(25), SPR_SR | SPR_SW);
+    spr_set_rights(SDR1,   SPR_SR | SPR_SW);
+    /* SRR0   (SPR 26) */
+    spr_set_rights(SRR0,   SPR_SR | SPR_SW);
+    /* SRR1   (SPR 27) */
+    spr_set_rights(SRR1,   SPR_SR | SPR_SW);
     /* SPRG0  (SPR 272) */
-    spr_set_rights(SPR_ENCODE(272), SPR_SR | SPR_SW);
+    spr_set_rights(SPRG0,  SPR_SR | SPR_SW);
     /* SPRG1  (SPR 273) */
-    spr_set_rights(SPR_ENCODE(273), SPR_SR | SPR_SW);
+    spr_set_rights(SPRG1,  SPR_SR | SPR_SW);
     /* SPRG2  (SPR 274) */
-    spr_set_rights(SPR_ENCODE(274), SPR_SR | SPR_SW);
+    spr_set_rights(SPRG2,  SPR_SR | SPR_SW);
     /* SPRG3  (SPR 275) */
-    spr_set_rights(SPR_ENCODE(275), SPR_SR | SPR_SW);
+    spr_set_rights(SPRG3,  SPR_SR | SPR_SW);
     /* ASR    (SPR 280) */
-    spr_set_rights(SPR_ENCODE(281), SPR_SR | SPR_SW);
+    spr_set_rights(ASR,    SPR_SR | SPR_SW);
     /* EAR    (SPR 282) */
-    spr_set_rights(SPR_ENCODE(282), SPR_SR | SPR_SW);
+    spr_set_rights(EAR,    SPR_SR | SPR_SW);
+    /* TBL    (SPR 284) */
+    spr_set_rights(O_TBL,  SPR_SW);
+    /* TBU    (SPR 285) */
+    spr_set_rights(O_TBU,  SPR_SW);
+    /* PVR    (SPR 287) */
+    spr_set_rights(PVR,    SPR_SR);
     /* IBAT0U (SPR 528) */
-    spr_set_rights(SPR_ENCODE(528), SPR_SR | SPR_SW);
+    spr_set_rights(IBAT0U, SPR_SR | SPR_SW);
     /* IBAT0L (SPR 529) */
-    spr_set_rights(SPR_ENCODE(529), SPR_SR | SPR_SW);
+    spr_set_rights(IBAT0L, SPR_SR | SPR_SW);
     /* IBAT1U (SPR 530) */
-    spr_set_rights(SPR_ENCODE(530), SPR_SR | SPR_SW);
+    spr_set_rights(IBAT1U, SPR_SR | SPR_SW);
     /* IBAT1L (SPR 531) */
-    spr_set_rights(SPR_ENCODE(531), SPR_SR | SPR_SW);
+    spr_set_rights(IBAT1L, SPR_SR | SPR_SW);
     /* IBAT2U (SPR 532) */
-    spr_set_rights(SPR_ENCODE(532), SPR_SR | SPR_SW);
+    spr_set_rights(IBAT2U, SPR_SR | SPR_SW);
     /* IBAT2L (SPR 533) */
-    spr_set_rights(SPR_ENCODE(533), SPR_SR | SPR_SW);
+    spr_set_rights(IBAT2L, SPR_SR | SPR_SW);
     /* IBAT3U (SPR 534) */
-    spr_set_rights(SPR_ENCODE(534), SPR_SR | SPR_SW);
+    spr_set_rights(IBAT3U, SPR_SR | SPR_SW);
     /* IBAT3L (SPR 535) */
-    spr_set_rights(SPR_ENCODE(535), SPR_SR | SPR_SW);
+    spr_set_rights(IBAT3L, SPR_SR | SPR_SW);
     /* DBAT0U (SPR 536) */
-    spr_set_rights(SPR_ENCODE(536), SPR_SR | SPR_SW);
+    spr_set_rights(DBAT0U, SPR_SR | SPR_SW);
     /* DBAT0L (SPR 537) */
-    spr_set_rights(SPR_ENCODE(537), SPR_SR | SPR_SW);
+    spr_set_rights(DBAT0L, SPR_SR | SPR_SW);
     /* DBAT1U (SPR 538) */
-    spr_set_rights(SPR_ENCODE(538), SPR_SR | SPR_SW);
+    spr_set_rights(DBAT1U, SPR_SR | SPR_SW);
     /* DBAT1L (SPR 539) */
-    spr_set_rights(SPR_ENCODE(539), SPR_SR | SPR_SW);
+    spr_set_rights(DBAT1L, SPR_SR | SPR_SW);
     /* DBAT2U (SPR 540) */
-    spr_set_rights(SPR_ENCODE(540), SPR_SR | SPR_SW);
+    spr_set_rights(DBAT2U, SPR_SR | SPR_SW);
     /* DBAT2L (SPR 541) */
-    spr_set_rights(SPR_ENCODE(541), SPR_SR | SPR_SW);
+    spr_set_rights(DBAT2L, SPR_SR | SPR_SW);
     /* DBAT3U (SPR 542) */
-    spr_set_rights(SPR_ENCODE(542), SPR_SR | SPR_SW);
+    spr_set_rights(DBAT3U, SPR_SR | SPR_SW);
     /* DBAT3L (SPR 543) */
-    spr_set_rights(SPR_ENCODE(543), SPR_SR | SPR_SW);
+    spr_set_rights(DBAT3L, SPR_SR | SPR_SW);
     /* DABR   (SPR 1013) */
-    spr_set_rights(SPR_ENCODE(1013), SPR_SR | SPR_SW);
+    spr_set_rights(DABR,   SPR_SR | SPR_SW);
     /* FPECR  (SPR 1022) */
-    spr_set_rights(SPR_ENCODE(1022), SPR_SR | SPR_SW);
+    spr_set_rights(FPECR,  SPR_SR | SPR_SW);
     /* PIR    (SPR 1023) */
-    spr_set_rights(SPR_ENCODE(1023), SPR_SR | SPR_SW);
-    /* PVR    (SPR 287) */
-    spr_set_rights(SPR_ENCODE(287), SPR_SR);
-    /* TBL    (SPR 284) */
-    spr_set_rights(SPR_ENCODE(284), SPR_SW);
-    /* TBU    (SPR 285) */
-    spr_set_rights(SPR_ENCODE(285), SPR_SW);
+    spr_set_rights(PIR,    SPR_SR | SPR_SW);
+    /* Special registers for MPC740/745/750/755 (aka G3) & IBM 750 */
+    if ((pvr & 0xFFFF0000) == 0x00080000 ||
+        (pvr & 0xFFFF0000) == 0x70000000) {
+        /* HID0 */
+        spr_set_rights(SPR_ENCODE(1008), SPR_SR | SPR_SW);
+        /* HID1 */
+        spr_set_rights(SPR_ENCODE(1009), SPR_SR | SPR_SW);
+        /* IABR */
+        spr_set_rights(SPR_ENCODE(1010), SPR_SR | SPR_SW);
+        /* ICTC */
+        spr_set_rights(SPR_ENCODE(1019), SPR_SR | SPR_SW);
+        /* L2CR */
+        spr_set_rights(SPR_ENCODE(1017), SPR_SR | SPR_SW);
+        /* MMCR0 */
+        spr_set_rights(SPR_ENCODE(952), SPR_SR | SPR_SW);
+        /* MMCR1 */
+        spr_set_rights(SPR_ENCODE(956), SPR_SR | SPR_SW);
+        /* PMC1 */
+        spr_set_rights(SPR_ENCODE(953), SPR_SR | SPR_SW);
+        /* PMC2 */
+        spr_set_rights(SPR_ENCODE(954), SPR_SR | SPR_SW);
+        /* PMC3 */
+        spr_set_rights(SPR_ENCODE(957), SPR_SR | SPR_SW);
+        /* PMC4 */
+        spr_set_rights(SPR_ENCODE(958), SPR_SR | SPR_SW);
+        /* SIA */
+        spr_set_rights(SPR_ENCODE(955), SPR_SR | SPR_SW);
+        /* THRM1 */
+        spr_set_rights(SPR_ENCODE(1020), SPR_SR | SPR_SW);
+        /* THRM2 */
+        spr_set_rights(SPR_ENCODE(1021), SPR_SR | SPR_SW);
+        /* THRM3 */
+        spr_set_rights(SPR_ENCODE(1022), SPR_SR | SPR_SW);
+        /* UMMCR0 */
+        spr_set_rights(SPR_ENCODE(936), SPR_UR | SPR_UW);
+        /* UMMCR1 */
+        spr_set_rights(SPR_ENCODE(940), SPR_UR | SPR_UW);
+        /* UPMC1 */
+        spr_set_rights(SPR_ENCODE(937), SPR_UR | SPR_UW);
+        /* UPMC2 */
+        spr_set_rights(SPR_ENCODE(938), SPR_UR | SPR_UW);
+        /* UPMC3 */
+        spr_set_rights(SPR_ENCODE(941), SPR_UR | SPR_UW);
+        /* UPMC4 */
+        spr_set_rights(SPR_ENCODE(942), SPR_UR | SPR_UW);
+        /* USIA */
+        spr_set_rights(SPR_ENCODE(939), SPR_UR | SPR_UW);
+    }
+    /* MPC755 has special registers */
+    if (pvr == 0x00083100) {
+        /* SPRG4 */
+        spr_set_rights(SPRG4, SPR_SR | SPR_SW);
+        /* SPRG5 */
+        spr_set_rights(SPRG5, SPR_SR | SPR_SW);
+        /* SPRG6 */
+        spr_set_rights(SPRG6, SPR_SR | SPR_SW);
+        /* SPRG7 */
+        spr_set_rights(SPRG7, SPR_SR | SPR_SW);
+        /* IBAT4U */
+        spr_set_rights(IBAT4U, SPR_SR | SPR_SW);
+        /* IBAT4L */
+        spr_set_rights(IBAT4L, SPR_SR | SPR_SW);
+        /* IBAT5U */
+        spr_set_rights(IBAT5U, SPR_SR | SPR_SW);
+        /* IBAT5L */
+        spr_set_rights(IBAT5L, SPR_SR | SPR_SW);
+        /* IBAT6U */
+        spr_set_rights(IBAT6U, SPR_SR | SPR_SW);
+        /* IBAT6L */
+        spr_set_rights(IBAT6L, SPR_SR | SPR_SW);
+        /* IBAT7U */
+        spr_set_rights(IBAT7U, SPR_SR | SPR_SW);
+        /* IBAT7L */
+        spr_set_rights(IBAT7L, SPR_SR | SPR_SW);
+        /* DBAT4U */
+        spr_set_rights(DBAT4U, SPR_SR | SPR_SW);
+        /* DBAT4L */
+        spr_set_rights(DBAT4L, SPR_SR | SPR_SW);
+        /* DBAT5U */
+        spr_set_rights(DBAT5U, SPR_SR | SPR_SW);
+        /* DBAT5L */
+        spr_set_rights(DBAT5L, SPR_SR | SPR_SW);
+        /* DBAT6U */
+        spr_set_rights(DBAT6U, SPR_SR | SPR_SW);
+        /* DBAT6L */
+        spr_set_rights(DBAT6L, SPR_SR | SPR_SW);
+        /* DBAT7U */
+        spr_set_rights(DBAT7U, SPR_SR | SPR_SW);
+        /* DBAT7L */
+        spr_set_rights(DBAT7L, SPR_SR | SPR_SW);
+        /* DMISS */
+        spr_set_rights(SPR_ENCODE(976), SPR_SR | SPR_SW);
+        /* DCMP */
+        spr_set_rights(SPR_ENCODE(977), SPR_SR | SPR_SW);
+        /* DHASH1 */
+        spr_set_rights(SPR_ENCODE(978), SPR_SR | SPR_SW);
+        /* DHASH2 */
+        spr_set_rights(SPR_ENCODE(979), SPR_SR | SPR_SW);
+        /* IMISS */
+        spr_set_rights(SPR_ENCODE(980), SPR_SR | SPR_SW);
+        /* ICMP */
+        spr_set_rights(SPR_ENCODE(981), SPR_SR | SPR_SW);
+        /* RPA */
+        spr_set_rights(SPR_ENCODE(982), SPR_SR | SPR_SW);
+        /* HID2 */
+        spr_set_rights(SPR_ENCODE(1011), SPR_SR | SPR_SW);
+        /* L2PM */
+        spr_set_rights(SPR_ENCODE(1016), SPR_SR | SPR_SW);
+    }
 }
-/* PPC "main stream" common instructions */
-#define PPC_COMMON  (PPC_INTEGER | PPC_FLOAT | PPC_FLOW | PPC_MEM | \
-                     PPC_MISC | PPC_EXTERN | PPC_SEGMENT)
+/*****************************************************************************/
+/* PPC "main stream" common instructions (no optional ones) */
 typedef struct ppc_proc_t {
     int flags;
@@ -2240,9 +2863,26 @@ static ppc_proc_t ppc_proc_common = {
     .specific = NULL,
 };
+static ppc_proc_t ppc_proc_G3 = {
+    .flags    = PPC_750,
+    .specific = NULL,
+};
+
 static ppc_def_t ppc_defs[] =
 {
-    /* Fallback */
+    /* MPC740/745/750/755 (G3) */
+    {
+        .pvr      = 0x00080000,
+        .pvr_mask = 0xFFFF0000,
+        .proc     = &ppc_proc_G3,
+    },
+    /* IBM 750FX (G3 embedded) */
+    {
+        .pvr      = 0x70000000,
+        .pvr_mask = 0xFFFF0000,
+        .proc     = &ppc_proc_G3,
+    },
+    /* Fallback (generic PPC) */
     {
         .pvr      = 0x00000000,
         .pvr_mask = 0x00000000,
@@ -2250,7 +2890,7 @@ static ppc_def_t ppc_defs[] =
     },
 };
-static int create_ppc_proc (unsigned long pvr)
+static int create_ppc_proc (opc_handler_t **ppc_opcodes, unsigned long pvr)
 {
     opcode_t *opc;
     int i, flags;
@@ -2265,65 +2905,71 @@ static int create_ppc_proc (unsigned long pvr)
     }
     for (opc = &opc_start + 1; opc != &opc_end; opc++) {
-        if ((opc->type & flags) != 0)
-            if (register_insn(opc) < 0) {
-                fprintf(stderr, "*** ERROR initializing PPC instruction "
+        if ((opc->handler.type & flags) != 0)
+            if (register_insn(ppc_opcodes, opc) < 0) {
+                printf("*** ERROR initializing PPC instruction "
                         "0x%02x 0x%02x 0x%02x\n", opc->opc1, opc->opc2,
                         opc->opc3);
                 return -1;
             }
     }
-    fix_opcode_tables();
+    fix_opcode_tables(ppc_opcodes);
     return 0;
 }
+
 /*****************************************************************************/
-uint32_t do_load_xer (void);
+/* Misc PPC helpers */
+FILE *stdout;
 void cpu_ppc_dump_state(CPUPPCState *env, FILE *f, int flags)
 {
     int i;
-    if (loglevel > 0) {
-        fprintf(logfile, "nip=0x%08x LR=0x%08x CTR=0x%08x XER=0x%08x\n",
-                env->nip, env->LR, env->CTR, do_load_xer());
+    fprintf(f, "nip=0x%08x LR=0x%08x CTR=0x%08x XER=0x%08x "
+            "MSR=0x%08x\n", env->nip, env->lr, env->ctr,
+            _load_xer(), _load_msr());
         for (i = 0; i < 32; i++) {
             if ((i & 7) == 0)
-                fprintf(logfile, "GPR%02d:", i);
-            fprintf(logfile, " %08x", env->gpr[i]);
+            fprintf(f, "GPR%02d:", i);
+        fprintf(f, " %08x", env->gpr[i]);
             if ((i & 7) == 7)
-                fprintf(logfile, "\n");
+            fprintf(f, "\n");
         }
-        fprintf(logfile, "CR: 0x");
+    fprintf(f, "CR: 0x");
         for (i = 0; i < 8; i++)
-            fprintf(logfile, "%01x", env->crf[i]);
-        fprintf(logfile, "  [");
+        fprintf(f, "%01x", env->crf[i]);
+    fprintf(f, "  [");
         for (i = 0; i < 8; i++) {
             char a = '-';
-            
             if (env->crf[i] & 0x08)
                 a = 'L';
             else if (env->crf[i] & 0x04)
                 a = 'G';
             else if (env->crf[i] & 0x02)
                 a = 'E';
-            fprintf(logfile, " %c%c", a, env->crf[i] & 0x01 ? 'O' : ' ');
+        fprintf(f, " %c%c", a, env->crf[i] & 0x01 ? 'O' : ' ');
         }
-        fprintf(logfile, " ] ");
-        fprintf(logfile, "TB: 0x%08x %08x\n", env->spr[SPR_ENCODE(269)],
-                env->spr[SPR_ENCODE(268)]);
+    fprintf(f, " ] ");
+    fprintf(f, "TB: 0x%08x %08x\n", env->tb[1], env->tb[0]);
         for (i = 0; i < 16; i++) {
             if ((i & 3) == 0)
-                fprintf(logfile, "FPR%02d:", i);
-            fprintf(logfile, " %016llx", *((uint64_t *)(&env->fpr[i])));
+            fprintf(f, "FPR%02d:", i);
+        fprintf(f, " %016llx", *((uint64_t *)&env->fpr[i]));
             if ((i & 3) == 3)
-                fprintf(logfile, "\n");
-        }
-        fflush(logfile);
+            fprintf(f, "\n");
     }
+    fprintf(f, "SRR0 0x%08x SRR1 0x%08x\n",
+            env->spr[SRR0], env->spr[SRR1]);
+    fprintf(f, "reservation 0x%08x\n", env->reserve);
+    fflush(f);
 }
+#if !defined(CONFIG_USER_ONLY) && defined (USE_OPENFIRMWARE)
+int setup_machine (CPUPPCState *env, uint32_t mid);
+#endif
+
 CPUPPCState *cpu_ppc_init(void)
 {
     CPUPPCState *env;
@@ -2334,10 +2980,26 @@ CPUPPCState *cpu_ppc_init(void)
     if (!env)
         return NULL;
     memset(env, 0, sizeof(CPUPPCState));
-    env->PVR = 0;
-    if (create_ppc_proc(0) < 0)
+#if !defined(CONFIG_USER_ONLY) && defined (USE_OPEN_FIRMWARE)
+    setup_machine(env, 0);
+#else
+//    env->spr[PVR] = 0; /* Basic PPC */
+    env->spr[PVR] = 0x00080100; /* G3 CPU */
+//    env->spr[PVR] = 0x00083100; /* MPC755 (G3 embedded) */
+//    env->spr[PVR] = 0x00070100; /* IBM 750FX */
+#endif
+    env->decr = 0xFFFFFFFF;
+    if (create_ppc_proc(ppc_opcodes, env->spr[PVR]) < 0)
         return NULL;
-    init_spr_rights();
+    init_spr_rights(env->spr[PVR]);
+    tlb_flush(env);
+#if defined (DO_SINGLE_STEP)
+    /* Single step trace mode */
+    msr_se = 1;
+#endif
+#if defined(CONFIG_USER_ONLY)
+    msr_pr = 1;
+#endif
     return env;
 }
@@ -2348,6 +3010,11 @@ void cpu_ppc_close(CPUPPCState *env)
     free(env);
 }
+/*****************************************************************************/
+void raise_exception_err (int exception_index, int error_code);
+int print_insn_powerpc (FILE *out, unsigned long insn, unsigned memaddr,
+                        int dialect);
+
 int gen_intermediate_code_internal (CPUState *env, TranslationBlock *tb,
                                     int search_pc)
 {
@@ -2356,7 +3023,6 @@ int gen_intermediate_code_internal (CPUState *env, TranslationBlock *tb,
     uint32_t pc_start;
     uint16_t *gen_opc_end;
     int j, lj = -1;
-    int ret = 0;
     pc_start = tb->pc;
     gen_opc_ptr = gen_opc_buf;
@@ -2364,11 +3030,21 @@ int gen_intermediate_code_internal (CPUState *env, TranslationBlock *tb,
     gen_opparam_ptr = gen_opparam_buf;
     ctx.nip = (uint32_t *)pc_start;
     ctx.tb_offset = 0;
-    ctx.supervisor = msr_ip;
+    ctx.decr_offset = 0;
     ctx.tb = tb;
-    ctx.exception = 0;
-
-    while (ret == 0 && gen_opc_ptr < gen_opc_end) {
+    ctx.exception = EXCP_NONE;
+#if defined(CONFIG_USER_ONLY)
+    ctx.mem_idx = 0;
+#else
+    ctx.supervisor = 1 - msr_pr;
+    ctx.mem_idx = (1 - msr_pr);
+#endif
+#if defined (DO_SINGLE_STEP)
+    /* Single step trace mode */
+    msr_se = 1;
+#endif
+    /* Set env in case of segfault during code fetch */
+    while (ctx.exception == EXCP_NONE && gen_opc_ptr < gen_opc_end) {
         if (search_pc) {
             if (loglevel > 0)
                 fprintf(logfile, "Search PC...\n");
@@ -2381,15 +3057,26 @@ int gen_intermediate_code_internal (CPUState *env, TranslationBlock *tb,
                 gen_opc_instr_start[lj] = 1;
             }
         }
-        ctx.opcode = __be32_to_cpu(*ctx.nip);
-#ifdef DEBUG_DISAS
+#if defined DEBUG_DISAS
         if (loglevel > 0) {
             fprintf(logfile, "----------------\n");
-            fprintf(logfile, "%p: translate opcode %08x\n",
-                    ctx.nip, ctx.opcode);
+            fprintf(logfile, "nip=%p super=%d ir=%d\n",
+                    ctx.nip, 1 - msr_pr, msr_ir);
+        }
+#endif
+        ctx.opcode = ldl_code(ctx.nip);
+#if defined DEBUG_DISAS
+        if (loglevel > 0) {
+            fprintf(logfile, "translate opcode %08x (%02x %02x %02x)\n",
+                    ctx.opcode, opc1(ctx.opcode), opc2(ctx.opcode),
+                    opc3(ctx.opcode));
         }
 #endif
         ctx.nip++;
+        ctx.tb_offset++;
+        /* Check decrementer exception */
+        if (++ctx.decr_offset == env->decr + 1)
+            ctx.exception = EXCP_DECR;
         table = ppc_opcodes;
         handler = table[opc1(ctx.opcode)];
         if (is_indirect_opcode(handler)) {
@@ -2405,62 +3092,93 @@ int gen_intermediate_code_internal (CPUState *env, TranslationBlock *tb,
             if (loglevel > 0) {
                 if (handler->handler == &gen_invalid) {
                     fprintf(logfile, "invalid/unsupported opcode: "
-                            "%02x -%02x - %02x (%08x)\n", opc1(ctx.opcode),
-                            opc2(ctx.opcode), opc3(ctx.opcode), ctx.opcode);
+                            "%02x -%02x - %02x (%08x) %p\n",
+                            opc1(ctx.opcode), opc2(ctx.opcode),
+                            opc3(ctx.opcode), ctx.opcode, ctx.nip - 1);
                 } else {
                     fprintf(logfile, "invalid bits: %08x for opcode: "
-                            "%02x -%02x - %02x (%p)\n",
+                            "%02x -%02x - %02x (0x%08x) (%p)\n",
                             ctx.opcode & handler->inval, opc1(ctx.opcode),
                             opc2(ctx.opcode), opc3(ctx.opcode),
-                            handler->handler);
+                            ctx.opcode, ctx.nip - 1);
                 }
+            } else {
+                if (handler->handler == &gen_invalid) {
+                    printf("invalid/unsupported opcode: "
+                           "%02x -%02x - %02x (%08x) %p\n",
+                           opc1(ctx.opcode), opc2(ctx.opcode),
+                           opc3(ctx.opcode), ctx.opcode, ctx.nip - 1);
+                } else {
+                    printf("invalid bits: %08x for opcode: "
+                           "%02x -%02x - %02x (0x%08x) (%p)\n",
+                            ctx.opcode & handler->inval, opc1(ctx.opcode),
+                            opc2(ctx.opcode), opc3(ctx.opcode),
+                           ctx.opcode, ctx.nip - 1);
+            }
             }
-            ret = GET_RETVAL(gen_invalid, ctx.opcode);
+            (*gen_invalid)(&ctx);
         } else {
-            ret = GET_RETVAL(*(handler->handler), ctx.opcode);
+            (*(handler->handler))(&ctx);
         }
-        ctx.tb_offset++;
-#if defined (DO_SINGLE_STEP)
-        break;
+        /* Check trace mode exceptions */
+        if ((msr_be && ctx.exception == EXCP_BRANCH) ||
+            /* Check in single step trace mode
+             * we need to stop except if:
+             * - rfi, trap or syscall
+             * - first instruction of an exception handler
+             */
+            (msr_se && ((uint32_t)ctx.nip < 0x100 ||
+                        (uint32_t)ctx.nip > 0xF00 ||
+                        ((uint32_t)ctx.nip & 0xFC) != 0x04) &&
+             ctx.exception != EXCP_SYSCALL && ctx.exception != EXCP_RFI &&
+             ctx.exception != EXCP_TRAP)) {
+#if !defined(CONFIG_USER_ONLY)
+            gen_op_queue_exception(EXCP_TRACE);
 #endif
+            if (ctx.exception == EXCP_NONE) {
+                ctx.exception = EXCP_TRACE;
     }
-#if defined (DO_STEP_FLUSH)
-    tb_flush(env);
-#endif
-    /* We need to update the time base */
-    if (!search_pc)
-        gen_op_update_tb(ctx.tb_offset);
-    /* If we are in step-by-step mode, do a branch to the next instruction
-     * so the nip will be up-to-date
-     */
-#if defined (DO_SINGLE_STEP)
-    if (ret == 0) {
+        }
+        /* if too long translation, stop generation too */
+        if (gen_opc_ptr >= gen_opc_end ||
+            ((uint32_t)ctx.nip - pc_start) >= (TARGET_PAGE_SIZE - 32)) {
+            if (ctx.exception == EXCP_NONE) {
         gen_op_b((uint32_t)ctx.nip);
-        ret = EXCP_BRANCH;
+                ctx.exception = EXCP_BRANCH;
     }
-#endif
-    /* If the exeption isn't a PPC one,
-     * generate it now.
-     */
-    if (ret != EXCP_BRANCH) {
-        gen_op_set_T0(0);
-        if ((ret & 0x2000) == 0)
-            gen_op_raise_exception(ret);
     }
+    }
+    /* In case of branch, this has already been done *BEFORE* the branch */
+    if (ctx.exception != EXCP_BRANCH && ctx.exception != EXCP_RFI) {
+        gen_op_update_tb(ctx.tb_offset);
+        gen_op_update_decr(ctx.decr_offset);
+        gen_op_process_exceptions((uint32_t)ctx.nip);
+    }
+#if 1
     /* TO BE FIXED: T0 hasn't got a proper value, which makes tb_add_jump
      *              do bad business and then qemu crashes !
      */
     gen_op_set_T0(0);
+#endif
     /* Generate the return instruction */
     gen_op_exit_tb();
     *gen_opc_ptr = INDEX_op_end;
-    if (!search_pc)
-        tb->size = (uint32_t)ctx.nip - pc_start;
-    else
+    if (search_pc) {
+        j = gen_opc_ptr - gen_opc_buf;
+        lj++;
+        while (lj <= j)
+            gen_opc_instr_start[lj++] = 0;
         tb->size = 0;
-//    *gen_opc_ptr = INDEX_op_end;
+        if (loglevel > 0) {
+            page_dump(logfile);
+        }
+    } else {
+        tb->size = (uint32_t)ctx.nip - pc_start;
+    }
 #ifdef DEBUG_DISAS
     if (loglevel > 0) {
+        fprintf(logfile, "---------------- excp: %04x\n", ctx.exception);
+        cpu_ppc_dump_state(env, logfile, 0);
         fprintf(logfile, "IN: %s\n", lookup_symbol((void *)pc_start));
 	disas(logfile, (void *)pc_start, (uint32_t)ctx.nip - pc_start, 0, 0);
         fprintf(logfile, "\n");
@@ -2474,12 +3192,12 @@ int gen_intermediate_code_internal (CPUState *env, TranslationBlock *tb,
     return 0;
 }
-int gen_intermediate_code(CPUState *env, struct TranslationBlock *tb)
+int gen_intermediate_code (CPUState *env, struct TranslationBlock *tb)
 {
     return gen_intermediate_code_internal(env, tb, 0);
 }
-int gen_intermediate_code_pc(CPUState *env, struct TranslationBlock *tb)
+int gen_intermediate_code_pc (CPUState *env, struct TranslationBlock *tb)
 {
     return gen_intermediate_code_internal(env, tb, 1);
 }