ColdFire target.

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2196 c046a42c-6fe2-441c-8c8c-71466251a162

ColdFire target.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2196 c046a42c-6fe2-441c-8c8c-71466251a162
pbrook
1 parent 223b8a40
Showing 32 changed files with 5227 additions and 12 deletions
Makefile.target
configure
cpu-all.h
cpu-exec.c
disas.c
fpu/softfloat-native.c
fpu/softfloat-native.h
fpu/softfloat.c
fpu/softfloat.h
gdbstub.c
hw/pl110.c
linux-user/elfload.c
linux-user/m68k-semi.c
linux-user/m68k-sim.c
linux-user/m68k/syscall.h
linux-user/m68k/syscall_nr.h
linux-user/m68k/termbits.h
linux-user/main.c
linux-user/mmap.c
linux-user/qemu.h
@@ -197,6 +197,9 @@ OBJS+=nwfpe/fpa11.o nwfpe/fpa11_cpdo.o \
 nwfpe/fpa11_cpdt.o nwfpe/fpa11_cprt.o nwfpe/fpopcode.o nwfpe/single_cpdo.o \
  nwfpe/double_cpdo.o nwfpe/extended_cpdo.o arm-semi.o
 endif
+ifeq ($(TARGET_ARCH), m68k)
+OBJS+= m68k-sim.o m68k-semi.o
+endif
 SRCS:= $(OBJS:.o=.c)
 OBJS+= libqemu.a
  
@@ -241,6 +244,10 @@ ifeq ($(TARGET_BASE_ARCH), sh4)
 LIBOBJS+= op_helper.o helper.o
 endif
  
+ifeq ($(TARGET_BASE_ARCH), m68k)
+LIBOBJS+= helper.o
+endif
+
 # NOTE: the disassembler code is only needed for debugging
 LIBOBJS+=disas.o 
 ifeq ($(findstring i386, $(TARGET_ARCH) $(ARCH)),i386)
@@ -362,7 +362,7 @@ if test -z &quot;$target_list&quot; ; then
     fi
 # the following are Linux specific
     if [ "$user" = "yes" ] ; then
-        target_list="i386-user arm-user armeb-user sparc-user ppc-user mips-user mipsel-user $target_list"
+        target_list="i386-user arm-user armeb-user sparc-user ppc-user mips-user mipsel-user m68k-user $target_list"
     fi
 else
     target_list=`echo "$target_list" | sed -e 's/,/ /g'`
@@ -727,6 +727,7 @@ target_bigendian=&quot;no&quot;
 [ "$target_cpu" = "ppc64" ] && target_bigendian=yes
 [ "$target_cpu" = "mips" ] && target_bigendian=yes
 [ "$target_cpu" = "sh4eb" ] && target_bigendian=yes
+[ "$target_cpu" = "m68k" ] && target_bigendian=yes
 target_softmmu="no"
 if expr $target : '.*-softmmu' > /dev/null ; then
   target_softmmu="yes"
@@ -822,6 +823,11 @@ elif test &quot;$target_cpu&quot; = &quot;sh4&quot; -o &quot;$target_cpu&quot; = &quot;sh4eb&quot; ; then
   echo "#define TARGET_ARCH \"sh4\"" >> $config_h
   echo "#define TARGET_SH4 1" >> $config_h
   bflt="yes"
+elif test "$target_cpu" = "m68k" ; then
+  echo "TARGET_ARCH=m68k" >> $config_mak
+  echo "#define TARGET_ARCH \"m68k\"" >> $config_h
+  echo "#define TARGET_M68K 1" >> $config_h
+  bflt="yes"
 else
   echo "Unsupported target CPU"
   exit 1
@@ -839,7 +845,7 @@ if test &quot;$target_user_only&quot; = &quot;yes&quot; ; then
   echo "#define CONFIG_USER_ONLY 1" >> $config_h
 fi
  
-if test "$target_cpu" = "arm" -o "$target_cpu" = "armeb" -o "$target_cpu" = "sparc" -o "$target_cpu" = "sparc64"; then
+if test "$target_cpu" = "arm" -o "$target_cpu" = "armeb" -o "$target_cpu" = "sparc" -o "$target_cpu" = "sparc64" -o "$target_cpu" = "m68k"; then
   echo "CONFIG_SOFTFLOAT=yes" >> $config_mak
   echo "#define CONFIG_SOFTFLOAT 1" >> $config_h
 fi
@@ -725,6 +725,13 @@ void page_unprotect_range(target_ulong data, target_ulong data_size);
 #define cpu_gen_code cpu_ppc_gen_code
 #define cpu_signal_handler cpu_ppc_signal_handler
  
+#elif defined(TARGET_M68K)
+#define CPUState CPUM68KState
+#define cpu_init cpu_m68k_init
+#define cpu_exec cpu_m68k_exec
+#define cpu_gen_code cpu_m68k_gen_code
+#define cpu_signal_handler cpu_m68k_signal_handler
+
 #elif defined(TARGET_MIPS)
 #define CPUState CPUMIPSState
 #define cpu_init cpu_mips_init
@@ -40,14 +40,14 @@ int tb_invalidated_flag;
 //#define DEBUG_EXEC
 //#define DEBUG_SIGNAL
  
-#if defined(TARGET_ARM) || defined(TARGET_SPARC)
+#if defined(TARGET_ARM) || defined(TARGET_SPARC) || defined(TARGET_M68K)
 /* XXX: unify with i386 target */
 void cpu_loop_exit(void)
 {
     longjmp(env->jmp_env, 1);
 }
 #endif
-#if !(defined(TARGET_SPARC) || defined(TARGET_SH4))
+#if !(defined(TARGET_SPARC) || defined(TARGET_SH4) || defined(TARGET_M68K))
 #define reg_T2
 #endif
  
@@ -194,6 +194,10 @@ static inline TranslationBlock *tb_find_fast(void)
     flags = env->hflags & (MIPS_HFLAG_TMASK | MIPS_HFLAG_BMASK);
     cs_base = 0;
     pc = env->PC;
+#elif defined(TARGET_M68K)
+    flags = env->fpcr & M68K_FPCR_PREC;
+    cs_base = 0;
+    pc = env->pc;
 #elif defined(TARGET_SH4)
     flags = env->sr & (SR_MD | SR_RB);
     cs_base = 0;         /* XXXXX */
@@ -370,6 +374,10 @@ int cpu_exec(CPUState *env1)
     saved_regwptr = REGWPTR;
 #endif
 #elif defined(TARGET_PPC)
+#elif defined(TARGET_M68K)
+    env->cc_op = CC_OP_FLAGS;
+    env->cc_dest = env->sr & 0xf;
+    env->cc_x = (env->sr >> 4) & 1;
 #elif defined(TARGET_MIPS)
 #elif defined(TARGET_SH4)
     /* XXXXX */
@@ -632,6 +640,12 @@ int cpu_exec(CPUState *env1)
                     cpu_dump_state(env, logfile, fprintf, 0);
 #elif defined(TARGET_PPC)
                     cpu_dump_state(env, logfile, fprintf, 0);
+#elif defined(TARGET_M68K)
+                    cpu_m68k_flush_flags(env, env->cc_op);
+                    env->cc_op = CC_OP_FLAGS;
+                    env->sr = (env->sr & 0xffe0)
+                              | env->cc_dest | (env->cc_x << 4);
+                    cpu_dump_state(env, logfile, fprintf, 0);
 #elif defined(TARGET_MIPS)
                     cpu_dump_state(env, logfile, fprintf, 0);
 #elif defined(TARGET_SH4)
@@ -846,6 +860,11 @@ int cpu_exec(CPUState *env1)
     REGWPTR = saved_regwptr;
 #endif
 #elif defined(TARGET_PPC)
+#elif defined(TARGET_M68K)
+    cpu_m68k_flush_flags(env, env->cc_op);
+    env->cc_op = CC_OP_FLAGS;
+    env->sr = (env->sr & 0xffe0)
+              | env->cc_dest | (env->cc_x << 4);
 #elif defined(TARGET_MIPS)
 #elif defined(TARGET_SH4)
     /* XXXXX */
@@ -1103,6 +1122,45 @@ static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
     return 1;
 }
  
+#elif defined(TARGET_M68K)
+static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
+                                    int is_write, sigset_t *old_set,
+                                    void *puc)
+{
+    TranslationBlock *tb;
+    int ret;
+
+    if (cpu_single_env)
+        env = cpu_single_env; /* XXX: find a correct solution for multithread */
+#if defined(DEBUG_SIGNAL)
+    printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n", 
+           pc, address, is_write, *(unsigned long *)old_set);
+#endif
+    /* XXX: locking issue */
+    if (is_write && page_unprotect(address, pc, puc)) {
+        return 1;
+    }
+    /* see if it is an MMU fault */
+    ret = cpu_m68k_handle_mmu_fault(env, address, is_write, 1, 0);
+    if (ret < 0)
+        return 0; /* not an MMU fault */
+    if (ret == 0)
+        return 1; /* the MMU fault was handled without causing real CPU fault */
+    /* now we have a real cpu fault */
+    tb = tb_find_pc(pc);
+    if (tb) {
+        /* the PC is inside the translated code. It means that we have
+           a virtual CPU fault */
+        cpu_restore_state(tb, env, pc, puc);
+    }
+    /* we restore the process signal mask as the sigreturn should
+       do it (XXX: use sigsetjmp) */
+    sigprocmask(SIG_SETMASK, old_set, NULL);
+    cpu_loop_exit();
+    /* never comes here */
+    return 1;
+}
+
 #elif defined (TARGET_MIPS)
 static inline int handle_cpu_signal(unsigned long pc, unsigned long address,
                                     int is_write, sigset_t *old_set,
@@ -186,6 +186,8 @@ void target_disas(FILE *out, target_ulong code, target_ulong size, int flags)
     disasm_info.mach = bfd_mach_ppc;
 #endif
     print_insn = print_insn_ppc;
+#elif defined(TARGET_M68K)
+    print_insn = print_insn_m68k;
 #elif defined(TARGET_MIPS)
 #ifdef TARGET_WORDS_BIGENDIAN
     print_insn = print_insn_big_mips;
@@ -385,6 +387,8 @@ void monitor_disas(CPUState *env,
     disasm_info.mach = bfd_mach_ppc;
 #endif
     print_insn = print_insn_ppc;
+#elif defined(TARGET_M68K)
+    print_insn = print_insn_m68k;
 #elif defined(TARGET_MIPS)
 #ifdef TARGET_WORDS_BIGENDIAN
     print_insn = print_insn_big_mips;
@@ -221,6 +221,11 @@ float128 float64_to_float128( float64 a STATUS_PARAM)
 /*----------------------------------------------------------------------------
 | Software IEC/IEEE double-precision operations.
 *----------------------------------------------------------------------------*/
+float64 float64_trunc_to_int( float64 a STATUS_PARAM )
+{
+    return trunc(a);
+}
+
 float64 float64_round_to_int( float64 a STATUS_PARAM )
 {
 #if defined(__arm__)
@@ -289,6 +294,17 @@ char float64_is_signaling_nan( float64 a1)
  
 }
  
+char float64_is_nan( float64 a1 )
+{
+    float64u u;
+    uint64_t a;
+    u.f = a1;
+    a = u.i;
+
+    return ( LIT64( 0xFFE0000000000000 ) < (bits64) ( a<<1 ) );
+
+}
+
 #ifdef FLOATX80
  
 /*----------------------------------------------------------------------------
@@ -214,6 +214,7 @@ float128 float64_to_float128( float64 STATUS_PARAM );
 | Software IEC/IEEE double-precision operations.
 *----------------------------------------------------------------------------*/
 float64 float64_round_to_int( float64 STATUS_PARAM );
+float64 float64_trunc_to_int( float64 STATUS_PARAM );
 INLINE float64 float64_add( float64 a, float64 b STATUS_PARAM)
 {
     return a + b;
@@ -265,6 +266,7 @@ INLINE char float64_unordered( float64 a, float64 b STATUS_PARAM)
 char float64_compare( float64, float64 STATUS_PARAM );
 char float64_compare_quiet( float64, float64 STATUS_PARAM );
 char float64_is_signaling_nan( float64 );
+flag float64_is_nan( float64 );
  
 INLINE float64 float64_abs(float64 a)
 {
@@ -2483,6 +2483,17 @@ float64 float64_round_to_int( float64 a STATUS_PARAM )
  
 }
  
+float64 float64_trunc_to_int( float64 a STATUS_PARAM)
+{
+    int oldmode;
+    float64 res;
+    oldmode = STATUS(float_rounding_mode);
+    STATUS(float_rounding_mode) = float_round_to_zero;
+    res = float64_round_to_int(a STATUS_VAR);
+    STATUS(float_rounding_mode) = oldmode;
+    return res;
+}
+
 /*----------------------------------------------------------------------------
 | Returns the result of adding the absolute values of the double-precision
 | floating-point values `a' and `b'.  If `zSign' is 1, the sum is negated
@@ -237,6 +237,7 @@ char float32_lt_quiet( float32, float32 STATUS_PARAM );
 char float32_compare( float32, float32 STATUS_PARAM );
 char float32_compare_quiet( float32, float32 STATUS_PARAM );
 char float32_is_signaling_nan( float32 );
+flag float64_is_nan( float64 a );
  
 INLINE float32 float32_abs(float32 a)
 {
@@ -269,6 +270,7 @@ float128 float64_to_float128( float64 STATUS_PARAM );
 | Software IEC/IEEE double-precision operations.
 *----------------------------------------------------------------------------*/
 float64 float64_round_to_int( float64 STATUS_PARAM );
+float64 float64_trunc_to_int( float64 STATUS_PARAM );
 float64 float64_add( float64, float64 STATUS_PARAM );
 float64 float64_sub( float64, float64 STATUS_PARAM );
 float64 float64_mul( float64, float64 STATUS_PARAM );
@@ -434,6 +434,73 @@ static void cpu_gdb_write_registers(CPUState *env, uint8_t *mem_buf, int size)
     ptr += 8 * 12 + 4;
     cpsr_write (env, tswapl(*(uint32_t *)ptr), 0xffffffff);
 }
+#elif defined (TARGET_M68K)
+static int cpu_gdb_read_registers(CPUState *env, uint8_t *mem_buf)
+{
+    int i;
+    uint8_t *ptr;
+    CPU_DoubleU u;
+
+    ptr = mem_buf;
+    /* D0-D7 */
+    for (i = 0; i < 8; i++) {
+        *(uint32_t *)ptr = tswapl(env->dregs[i]);
+        ptr += 4;
+    }
+    /* A0-A7 */
+    for (i = 0; i < 8; i++) {
+        *(uint32_t *)ptr = tswapl(env->aregs[i]);
+        ptr += 4;
+    }
+    *(uint32_t *)ptr = tswapl(env->sr);
+    ptr += 4;
+    *(uint32_t *)ptr = tswapl(env->pc);
+    ptr += 4;
+    /* F0-F7.  The 68881/68040 have 12-bit extended precision registers.
+       ColdFire has 8-bit double precision registers.  */
+    for (i = 0; i < 8; i++) {
+        u.d = env->fregs[i];
+        *(uint32_t *)ptr = tswap32(u.l.upper);
+        *(uint32_t *)ptr = tswap32(u.l.lower);
+    }
+    /* FP control regs (not implemented).  */
+    memset (ptr, 0, 3 * 4);
+    ptr += 3 * 4;
+
+    return ptr - mem_buf;
+}
+
+static void cpu_gdb_write_registers(CPUState *env, uint8_t *mem_buf, int size)
+{
+    int i;
+    uint8_t *ptr;
+    CPU_DoubleU u;
+
+    ptr = mem_buf;
+    /* D0-D7 */
+    for (i = 0; i < 8; i++) {
+        env->dregs[i] = tswapl(*(uint32_t *)ptr);
+        ptr += 4;
+    }
+    /* A0-A7 */
+    for (i = 0; i < 8; i++) {
+        env->aregs[i] = tswapl(*(uint32_t *)ptr);
+        ptr += 4;
+    }
+    env->sr = tswapl(*(uint32_t *)ptr);
+    ptr += 4;
+    env->pc = tswapl(*(uint32_t *)ptr);
+    ptr += 4;
+    /* F0-F7.  The 68881/68040 have 12-bit extended precision registers.
+       ColdFire has 8-bit double precision registers.  */
+    for (i = 0; i < 8; i++) {
+        u.l.upper = tswap32(*(uint32_t *)ptr); 
+        u.l.lower = tswap32(*(uint32_t *)ptr);
+        env->fregs[i] = u.d;
+    }
+    /* FP control regs (not implemented).  */
+    ptr += 3 * 4;
+}
 #elif defined (TARGET_MIPS)
 static int cpu_gdb_read_registers(CPUState *env, uint8_t *mem_buf)
 {
@@ -185,10 +185,11 @@ static void pl110_update_display(void *opaque)
     addr = base;
  
     dirty = cpu_physical_memory_get_dirty(addr, VGA_DIRTY_FLAG);
+    new_dirty = dirty;
     for (i = 0; i < s->rows; i++) {
-        new_dirty = 0;
-        if ((addr & TARGET_PAGE_MASK) + src_width >= TARGET_PAGE_SIZE) {
+        if ((addr & ~TARGET_PAGE_MASK) + src_width >= TARGET_PAGE_SIZE) {
             uint32_t tmp;
+            new_dirty = 0;
             for (tmp = 0; tmp < src_width; tmp += TARGET_PAGE_SIZE) {
                 new_dirty |= cpu_physical_memory_get_dirty(addr + tmp,
                                                            VGA_DIRTY_FLAG);
@@ -288,6 +288,31 @@ static inline void init_thread(struct target_pt_regs *regs, struct image_info *i
  
 #endif
  
+#ifdef TARGET_M68K
+
+#define ELF_START_MMAP 0x80000000
+
+#define elf_check_arch(x) ( (x) == EM_68K )
+
+#define ELF_CLASS	ELFCLASS32
+#define ELF_DATA	ELFDATA2MSB
+#define ELF_ARCH	EM_68K
+
+/* ??? Does this need to do anything?
+#define ELF_PLAT_INIT(_r) */
+
+static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
+{
+    regs->usp = infop->start_stack;
+    regs->sr = 0;
+    regs->pc = infop->entry;
+}
+
+#define USE_ELF_CORE_DUMP
+#define ELF_EXEC_PAGESIZE	8192
+
+#endif
+
 #ifndef ELF_PLATFORM
 #define ELF_PLATFORM (NULL)
 #endif
+/*
+ *  m68k/ColdFire Semihosting ssycall interface
+ * 
+ *  Copyright (c) 2005 CodeSourcery, LLC. Written by Paul Brook.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <time.h>
+
+#include "qemu.h"
+
+#define HOSTED_EXIT  0
+#define HOSTED_PUTCHAR 1 /* Obsolete */
+#define HOSTED_OPEN 2
+#define HOSTED_CLOSE 3
+#define HOSTED_READ 4
+#define HOSTED_WRITE 5
+#define HOSTED_LSEEK 6
+#define HOSTED_RENAME 7
+#define HOSTED_UNLINK 8
+#define HOSTED_STAT 9
+#define HOSTED_FSTAT 10
+#define HOSTED_GETTIMEOFDAY 11
+#define HOSTED_ISATTY 12
+#define HOSTED_SYSTEM 13
+
+typedef uint32_t gdb_mode_t;
+typedef uint32_t gdb_time_t;
+
+struct m68k_gdb_stat {
+  uint32_t    gdb_st_dev;     /* device */
+  uint32_t    gdb_st_ino;     /* inode */
+  gdb_mode_t  gdb_st_mode;    /* protection */
+  uint32_t    gdb_st_nlink;   /* number of hard links */
+  uint32_t    gdb_st_uid;     /* user ID of owner */
+  uint32_t    gdb_st_gid;     /* group ID of owner */
+  uint32_t    gdb_st_rdev;    /* device type (if inode device) */
+  uint64_t    gdb_st_size;    /* total size, in bytes */
+  uint64_t    gdb_st_blksize; /* blocksize for filesystem I/O */
+  uint64_t    gdb_st_blocks;  /* number of blocks allocated */
+  gdb_time_t  gdb_st_atime;   /* time of last access */
+  gdb_time_t  gdb_st_mtime;   /* time of last modification */
+  gdb_time_t  gdb_st_ctime;   /* time of last change */
+};
+
+struct gdb_timeval {
+  gdb_time_t tv_sec;  /* second */
+  uint64_t tv_usec;   /* microsecond */
+};
+
+#define GDB_O_RDONLY   0x0
+#define GDB_O_WRONLY   0x1
+#define GDB_O_RDWR     0x2
+#define GDB_O_APPEND   0x8
+#define GDB_O_CREAT  0x200
+#define GDB_O_TRUNC  0x400
+#define GDB_O_EXCL   0x800
+
+static int translate_openflags(int flags)
+{
+    int hf;
+
+    if (flags & GDB_O_WRONLY)
+        hf = O_WRONLY;
+    else if (flags & GDB_O_RDWR)
+        hf = O_RDWR;
+    else
+        hf = O_RDONLY;
+
+    if (flags & GDB_O_APPEND) hf |= O_APPEND;
+    if (flags & GDB_O_CREAT) hf |= O_CREAT;
+    if (flags & GDB_O_TRUNC) hf |= O_TRUNC;
+    if (flags & GDB_O_EXCL) hf |= O_EXCL;
+
+    return hf;
+}
+
+static void translate_stat(struct m68k_gdb_stat *p, struct stat *s)
+{
+    p->gdb_st_dev = tswap16(s->st_dev);
+    p->gdb_st_ino = tswap16(s->st_ino);
+    p->gdb_st_mode = tswap32(s->st_mode);
+    p->gdb_st_nlink = tswap16(s->st_nlink);
+    p->gdb_st_uid = tswap16(s->st_uid);
+    p->gdb_st_gid = tswap16(s->st_gid);
+    p->gdb_st_rdev = tswap16(s->st_rdev);
+    p->gdb_st_size = tswap32(s->st_size);
+    p->gdb_st_atime = tswap32(s->st_atime);
+    p->gdb_st_mtime = tswap32(s->st_mtime);
+    p->gdb_st_ctime = tswap32(s->st_ctime);
+    p->gdb_st_blksize = tswap32(s->st_blksize);
+    p->gdb_st_blocks = tswap32(s->st_blocks);
+}
+
+static inline uint32_t check_err(CPUM68KState *env, uint32_t code)
+{
+  if (code == (uint32_t)-1) {
+      env->sr |= CCF_C;
+  } else {
+      env->sr &= ~CCF_C;
+      env->dregs[0] = code;
+  }
+  return code;
+}
+
+#define ARG(x) tswap32(args[x])
+void do_m68k_semihosting(CPUM68KState *env, int nr)
+{
+    uint32_t *args;
+
+    args = (uint32_t *)env->dregs[1];
+    switch (nr) {
+    case HOSTED_EXIT:
+        exit(env->dregs[0]);
+    case HOSTED_OPEN:
+        /* Assume name is NULL terminated.  */
+        check_err(env, open((char *)ARG(0), translate_openflags(ARG(2)),
+                            ARG(3)));
+        break;
+    case HOSTED_CLOSE:
+        {
+            /* Ignore attempts to close stdin/out/err.  */
+            int fd = ARG(0);
+            if (fd > 2)
+              check_err(env, close(fd));
+            else
+              check_err(env, 0);
+            break;
+        }
+    case HOSTED_READ:
+        check_err(env, read(ARG(0), (void *)ARG(1), ARG(2)));
+        break;
+    case HOSTED_WRITE:
+        check_err(env, write(ARG(0), (void *)ARG(1), ARG(2)));
+        break;
+    case HOSTED_LSEEK:
+        {
+            uint64_t off;
+            off = (uint32_t)ARG(2) | ((uint64_t)ARG(1) << 32);
+            check_err(env, lseek(ARG(0), off, ARG(3)));
+        }
+        break;
+    case HOSTED_RENAME:
+        /* Assume names are NULL terminated.  */
+        check_err(env, rename((char *)ARG(0), (char *)ARG(2)));
+        break;
+    case HOSTED_UNLINK:
+        /* Assume name is NULL terminated.  */
+        check_err(env, unlink((char *)ARG(0)));
+        break;
+    case HOSTED_STAT:
+        /* Assume name is NULL terminated.  */
+        {
+            struct stat s;
+            int rc;
+            rc = check_err(env, stat((char *)ARG(0), &s));
+            if (rc == 0) {
+                translate_stat((struct m68k_gdb_stat *)ARG(2), &s);
+            }
+        }
+        break;
+    case HOSTED_FSTAT:
+        {
+            struct stat s;
+            int rc;
+            rc = check_err(env, fstat(ARG(0), &s));
+            if (rc == 0) {
+                translate_stat((struct m68k_gdb_stat *)ARG(1), &s);
+            }
+        }
+        break;
+    case HOSTED_GETTIMEOFDAY:
+        {
+            struct timeval tv;
+            struct gdb_timeval *p;
+            int rc;
+            rc = check_err(env, gettimeofday(&tv, NULL));
+            if (rc != 0) {
+                p = (struct gdb_timeval *)ARG(0);
+                p->tv_sec = tswap32(tv.tv_sec);
+                p->tv_usec = tswap64(tv.tv_usec);
+            }
+        }
+        break;
+    case HOSTED_ISATTY:
+        check_err(env, isatty(ARG(0)));
+        break;
+    case HOSTED_SYSTEM:
+        /* Assume name is NULL terminated.  */
+        check_err(env, system((char *)ARG(0)));
+        break;
+    default:
+        cpu_abort(env, "Unsupported semihosting syscall %d\n", nr);
+    }
+}
+/*
+ *  m68k simulator syscall interface
+ * 
+ *  Copyright (c) 2005 CodeSourcery, LLC. Written by Paul Brook.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <time.h>
+
+#include "qemu.h"
+
+#define SYS_EXIT        1
+#define SYS_READ        3
+#define SYS_WRITE       4
+#define SYS_OPEN        5
+#define SYS_CLOSE       6
+#define SYS_BRK         17
+#define SYS_FSTAT       28
+#define SYS_ISATTY      29
+#define SYS_LSEEK       199
+
+struct m86k_sim_stat {
+    uint16_t sim_st_dev;
+    uint16_t sim_st_ino;
+    uint32_t sim_st_mode;
+    uint16_t sim_st_nlink;
+    uint16_t sim_st_uid;
+    uint16_t sim_st_gid;
+    uint16_t sim_st_rdev;
+    uint32_t sim_st_size;
+    uint32_t sim_st_atime;
+    uint32_t sim_st_mtime;
+    uint32_t sim_st_ctime;
+    uint32_t sim_st_blksize;
+    uint32_t sim_st_blocks;
+};
+
+static inline uint32_t check_err(CPUM68KState *env, uint32_t code)
+{
+  env->dregs[0] = code;
+  if (code == (uint32_t)-1) {
+      env->dregs[1] = errno;
+  } else {
+      env->dregs[1] = 0;
+  }
+  return code;
+}
+
+#define SIM_O_APPEND    0x0008
+#define SIM_O_CREAT     0x0200
+#define SIM_O_TRUNC     0x0400
+#define SIM_O_EXCL      0x0800
+#define SIM_O_NONBLOCK  0x4000
+#define SIM_O_NOCTTY    0x8000
+#define SIM_O_SYNC      0x2000
+
+static int translate_openflags(int flags)
+{
+    int hf;
+
+    switch (flags & 3) {
+    case 0: hf = O_RDONLY; break;
+    case 1: hf = O_WRONLY; break;
+    case 2: hf = O_RDWR; break;
+    default: hf = O_RDWR; break;
+    }
+
+    if (flags & SIM_O_APPEND) hf |= O_APPEND;
+    if (flags & SIM_O_CREAT) hf |= O_CREAT;
+    if (flags & SIM_O_TRUNC) hf |= O_TRUNC;
+    if (flags & SIM_O_EXCL) hf |= O_EXCL;
+    if (flags & SIM_O_NONBLOCK) hf |= O_NONBLOCK;
+    if (flags & SIM_O_NOCTTY) hf |= O_NOCTTY;
+    if (flags & SIM_O_SYNC) hf |= O_SYNC;
+
+    return hf;
+}
+
+#define ARG(x) tswap32(args[x])
+void do_m68k_simcall(CPUM68KState *env, int nr)
+{
+    uint32_t *args;
+
+    args = (uint32_t *)(env->aregs[7] + 4);
+    switch (nr) {
+    case SYS_EXIT:
+        exit(ARG(0));
+    case SYS_READ:
+        check_err(env, read(ARG(0), (void *)ARG(1), ARG(2)));
+        break;
+    case SYS_WRITE:
+        check_err(env, write(ARG(0), (void *)ARG(1), ARG(2)));
+        break;
+    case SYS_OPEN:
+        check_err(env, open((char *)ARG(0), translate_openflags(ARG(1)),
+                            ARG(2)));
+        break;
+    case SYS_CLOSE:
+        {
+            /* Ignore attempts to close stdin/out/err.  */
+            int fd = ARG(0);
+            if (fd > 2)
+              check_err(env, close(fd));
+            else
+              check_err(env, 0);
+            break;
+        }
+    case SYS_BRK:
+        {
+            int32_t ret;
+
+            ret = do_brk((void *)ARG(0));
+            if (ret == -ENOMEM)
+                ret = -1;
+            check_err(env, ret);
+        }
+        break;
+    case SYS_FSTAT:
+        {
+            struct stat s;
+            int rc;
+            struct m86k_sim_stat *p;
+            rc = check_err(env, fstat(ARG(0), &s));
+            if (rc == 0) {
+                p = (struct m86k_sim_stat *)ARG(1);
+                p->sim_st_dev = tswap16(s.st_dev);
+                p->sim_st_ino = tswap16(s.st_ino);
+                p->sim_st_mode = tswap32(s.st_mode);
+                p->sim_st_nlink = tswap16(s.st_nlink);
+                p->sim_st_uid = tswap16(s.st_uid);
+                p->sim_st_gid = tswap16(s.st_gid);
+                p->sim_st_rdev = tswap16(s.st_rdev);
+                p->sim_st_size = tswap32(s.st_size);
+                p->sim_st_atime = tswap32(s.st_atime);
+                p->sim_st_mtime = tswap32(s.st_mtime);
+                p->sim_st_ctime = tswap32(s.st_ctime);
+                p->sim_st_blksize = tswap32(s.st_blksize);
+                p->sim_st_blocks = tswap32(s.st_blocks);
+            }
+        }
+        break;
+    case SYS_ISATTY:
+        check_err(env, isatty(ARG(0)));
+        break;
+    case SYS_LSEEK:
+        check_err(env, lseek(ARG(0), (int32_t)ARG(1), ARG(2)));
+        break;
+    default:
+        cpu_abort(env, "Unsupported m68k sim syscall %d\n", nr);
+    }
+}
+
+/* this struct defines the way the registers are stored on the
+   stack during a system call. */
+
+struct target_pt_regs {
+    target_long d1, d2, d3, d4, d5, d6, d7;
+    target_long a0, a1, a2, a3, a4, a5, a6;
+    target_ulong d0;
+    target_ulong usp;
+    target_ulong orig_d0;
+    int16_t stkadj;
+    uint16_t sr;
+    target_ulong pc;
+    uint16_t fntvex;
+    uint16_t __fill;
+};
+
+
+#define UNAME_MACHINE "m68k"
+
+void do_m68k_semihosting(CPUState *, int);
+void do_m68k_simcall(CPUState *, int);
+/*
+ * This file contains the system call numbers.
+ */
+
+#define TARGET_NR_exit                 1
+#define TARGET_NR_fork                 2
+#define TARGET_NR_read                 3
+#define TARGET_NR_write                4
+#define TARGET_NR_open                 5
+#define TARGET_NR_close                6
+#define TARGET_NR_waitpid              7
+#define TARGET_NR_creat                8
+#define TARGET_NR_link                 9
+#define TARGET_NR_unlink              10
+#define TARGET_NR_execve              11
+#define TARGET_NR_chdir               12
+#define TARGET_NR_time                13
+#define TARGET_NR_mknod               14
+#define TARGET_NR_chmod               15
+#define TARGET_NR_chown               16
+#define TARGET_NR_break               17
+#define TARGET_NR_oldstat             18
+#define TARGET_NR_lseek               19
+#define TARGET_NR_getpid              20
+#define TARGET_NR_mount               21
+#define TARGET_NR_umount              22
+#define TARGET_NR_setuid              23
+#define TARGET_NR_getuid              24
+#define TARGET_NR_stime               25
+#define TARGET_NR_ptrace              26
+#define TARGET_NR_alarm               27
+#define TARGET_NR_oldfstat            28
+#define TARGET_NR_pause               29
+#define TARGET_NR_utime               30
+#define TARGET_NR_stty                31
+#define TARGET_NR_gtty                32
+#define TARGET_NR_access              33
+#define TARGET_NR_nice                34
+#define TARGET_NR_ftime               35
+#define TARGET_NR_sync                36
+#define TARGET_NR_kill                37
+#define TARGET_NR_rename              38
+#define TARGET_NR_mkdir               39
+#define TARGET_NR_rmdir               40
+#define TARGET_NR_dup                 41
+#define TARGET_NR_pipe                42
+#define TARGET_NR_times               43
+#define TARGET_NR_prof                44
+#define TARGET_NR_brk                 45
+#define TARGET_NR_setgid              46
+#define TARGET_NR_getgid              47
+#define TARGET_NR_signal              48
+#define TARGET_NR_geteuid             49
+#define TARGET_NR_getegid             50
+#define TARGET_NR_acct                51
+#define TARGET_NR_umount2             52
+#define TARGET_NR_lock                53
+#define TARGET_NR_ioctl               54
+#define TARGET_NR_fcntl               55
+#define TARGET_NR_mpx                 56
+#define TARGET_NR_setpgid             57
+#define TARGET_NR_ulimit              58
+#define TARGET_NR_oldolduname         59
+#define TARGET_NR_umask               60
+#define TARGET_NR_chroot              61
+#define TARGET_NR_ustat               62
+#define TARGET_NR_dup2                63
+#define TARGET_NR_getppid             64
+#define TARGET_NR_getpgrp             65
+#define TARGET_NR_setsid              66
+#define TARGET_NR_sigaction           67
+#define TARGET_NR_sgetmask            68
+#define TARGET_NR_ssetmask            69
+#define TARGET_NR_setreuid            70
+#define TARGET_NR_setregid            71
+#define TARGET_NR_sigsuspend          72
+#define TARGET_NR_sigpending          73
+#define TARGET_NR_sethostname         74
+#define TARGET_NR_setrlimit           75
+#define TARGET_NR_getrlimit           76
+#define TARGET_NR_getrusage           77
+#define TARGET_NR_gettimeofday        78
+#define TARGET_NR_settimeofday        79
+#define TARGET_NR_getgroups           80
+#define TARGET_NR_setgroups           81
+#define TARGET_NR_select              82
+#define TARGET_NR_symlink             83
+#define TARGET_NR_oldlstat            84
+#define TARGET_NR_readlink            85
+#define TARGET_NR_uselib              86
+#define TARGET_NR_swapon              87
+#define TARGET_NR_reboot              88
+#define TARGET_NR_readdir             89
+#define TARGET_NR_mmap                90
+#define TARGET_NR_munmap              91
+#define TARGET_NR_truncate            92
+#define TARGET_NR_ftruncate           93
+#define TARGET_NR_fchmod              94
+#define TARGET_NR_fchown              95
+#define TARGET_NR_getpriority         96
+#define TARGET_NR_setpriority         97
+#define TARGET_NR_profil              98
+#define TARGET_NR_statfs              99
+#define TARGET_NR_fstatfs            100
+#define TARGET_NR_ioperm             101
+#define TARGET_NR_socketcall         102
+#define TARGET_NR_syslog             103
+#define TARGET_NR_setitimer          104
+#define TARGET_NR_getitimer          105
+#define TARGET_NR_stat               106
+#define TARGET_NR_lstat              107
+#define TARGET_NR_fstat              108
+#define TARGET_NR_olduname           109
+//#define TARGET_NR_iopl               /* 110 */ not supported
+#define TARGET_NR_vhangup            111
+//#define TARGET_NR_idle               /* 112 */ Obsolete
+//#define TARGET_NR_vm86               /* 113 */ not supported
+#define TARGET_NR_wait4              114
+#define TARGET_NR_swapoff            115
+#define TARGET_NR_sysinfo            116
+#define TARGET_NR_ipc                117
+#define TARGET_NR_fsync              118
+#define TARGET_NR_sigreturn          119
+#define TARGET_NR_clone              120
+#define TARGET_NR_setdomainname      121
+#define TARGET_NR_uname              122
+#define TARGET_NR_cacheflush         123
+#define TARGET_NR_adjtimex           124
+#define TARGET_NR_mprotect           125
+#define TARGET_NR_sigprocmask        126
+#define TARGET_NR_create_module      127
+#define TARGET_NR_init_module        128
+#define TARGET_NR_delete_module      129
+#define TARGET_NR_get_kernel_syms    130
+#define TARGET_NR_quotactl           131
+#define TARGET_NR_getpgid            132
+#define TARGET_NR_fchdir             133
+#define TARGET_NR_bdflush            134
+#define TARGET_NR_sysfs              135
+#define TARGET_NR_personality        136
+#define TARGET_NR_afs_syscall        137 /* Syscall for Andrew File System */
+#define TARGET_NR_setfsuid           138
+#define TARGET_NR_setfsgid           139
+#define TARGET_NR__llseek            140
+#define TARGET_NR_getdents           141
+#define TARGET_NR__newselect         142
+#define TARGET_NR_flock              143
+#define TARGET_NR_msync              144
+#define TARGET_NR_readv              145
+#define TARGET_NR_writev             146
+#define TARGET_NR_getsid             147
+#define TARGET_NR_fdatasync          148
+#define TARGET_NR__sysctl            149
+#define TARGET_NR_mlock              150
+#define TARGET_NR_munlock            151
+#define TARGET_NR_mlockall           152
+#define TARGET_NR_munlockall         153
+#define TARGET_NR_sched_setparam             154
+#define TARGET_NR_sched_getparam             155
+#define TARGET_NR_sched_setscheduler         156
+#define TARGET_NR_sched_getscheduler         157
+#define TARGET_NR_sched_yield                158
+#define TARGET_NR_sched_get_priority_max     159
+#define TARGET_NR_sched_get_priority_min     160
+#define TARGET_NR_sched_rr_get_interval      161
+#define TARGET_NR_nanosleep          162
+#define TARGET_NR_mremap             163
+#define TARGET_NR_setresuid          164
+#define TARGET_NR_getresuid          165
+#define TARGET_NR_getpagesize        166
+#define TARGET_NR_query_module       167
+#define TARGET_NR_poll               168
+#define TARGET_NR_nfsservctl         169
+#define TARGET_NR_setresgid          170
+#define TARGET_NR_getresgid          171
+#define TARGET_NR_prctl              172
+#define TARGET_NR_rt_sigreturn       173
+#define TARGET_NR_rt_sigaction       174
+#define TARGET_NR_rt_sigprocmask     175
+#define TARGET_NR_rt_sigpending      176
+#define TARGET_NR_rt_sigtimedwait    177
+#define TARGET_NR_rt_sigqueueinfo    178
+#define TARGET_NR_rt_sigsuspend      179
+#define TARGET_NR_pread64            180
+#define TARGET_NR_pwrite64           181
+#define TARGET_NR_lchown             182
+#define TARGET_NR_getcwd             183
+#define TARGET_NR_capget             184
+#define TARGET_NR_capset             185
+#define TARGET_NR_sigaltstack        186
+#define TARGET_NR_sendfile           187
+#define TARGET_NR_getpmsg            188     /* some people actually want streams */
+#define TARGET_NR_putpmsg            189     /* some people actually want streams */
+#define TARGET_NR_vfork              190
+#define TARGET_NR_ugetrlimit         191
+#define TARGET_NR_mmap2              192
+#define TARGET_NR_truncate64         193
+#define TARGET_NR_ftruncate64        194
+#define TARGET_NR_stat64             195
+#define TARGET_NR_lstat64            196
+#define TARGET_NR_fstat64            197
+#define TARGET_NR_chown32            198
+#define TARGET_NR_getuid32           199
+#define TARGET_NR_getgid32           200
+#define TARGET_NR_geteuid32          201
+#define TARGET_NR_getegid32          202
+#define TARGET_NR_setreuid32         203
+#define TARGET_NR_setregid32         204
+#define TARGET_NR_getgroups32        205
+#define TARGET_NR_setgroups32        206
+#define TARGET_NR_fchown32           207
+#define TARGET_NR_setresuid32        208
+#define TARGET_NR_getresuid32        209
+#define TARGET_NR_setresgid32        210
+#define TARGET_NR_getresgid32        211
+#define TARGET_NR_lchown32           212
+#define TARGET_NR_setuid32           213
+#define TARGET_NR_setgid32           214
+#define TARGET_NR_setfsuid32         215
+#define TARGET_NR_setfsgid32         216
+#define TARGET_NR_pivot_root         217
+#define TARGET_NR_getdents64         220
+#define TARGET_NR_gettid             221
+#define TARGET_NR_tkill              222
+#define TARGET_NR_setxattr           223
+#define TARGET_NR_lsetxattr          224
+#define TARGET_NR_fsetxattr          225
+#define TARGET_NR_getxattr           226
+#define TARGET_NR_lgetxattr          227
+#define TARGET_NR_fgetxattr          228
+#define TARGET_NR_listxattr          229
+#define TARGET_NR_llistxattr         230
+#define TARGET_NR_flistxattr         231
+#define TARGET_NR_removexattr        232
+#define TARGET_NR_lremovexattr       233
+#define TARGET_NR_fremovexattr       234
+#define TARGET_NR_futex              235
+#define TARGET_NR_sendfile64         236
+#define TARGET_NR_mincore            237
+#define TARGET_NR_madvise            238
+#define TARGET_NR_fcntl64            239
+#define TARGET_NR_readahead          240
+#define TARGET_NR_io_setup           241
+#define TARGET_NR_io_destroy         242
+#define TARGET_NR_io_getevents       243
+#define TARGET_NR_io_submit          244
+#define TARGET_NR_io_cancel          245
+#define TARGET_NR_fadvise64          246
+#define TARGET_NR_exit_group         247
+#define TARGET_NR_lookup_dcookie     248
+#define TARGET_NR_epoll_create       249
+#define TARGET_NR_epoll_ctl          250
+#define TARGET_NR_epoll_wait         251
+#define TARGET_NR_remap_file_pages   252
+#define TARGET_NR_set_tid_address    253
+#define TARGET_NR_timer_create       254
+#define TARGET_NR_timer_settime      255
+#define TARGET_NR_timer_gettime      256
+#define TARGET_NR_timer_getoverrun   257
+#define TARGET_NR_timer_delete       258
+#define TARGET_NR_clock_settime      259
+#define TARGET_NR_clock_gettime      260
+#define TARGET_NR_clock_getres       261
+#define TARGET_NR_clock_nanosleep    262
+#define TARGET_NR_statfs64           263
+#define TARGET_NR_fstatfs64          264
+#define TARGET_NR_tgkill             265
+#define TARGET_NR_utimes             266
+#define TARGET_NR_fadvise64_64       267
+#define TARGET_NR_mbind              268
+#define TARGET_NR_get_mempolicy      269
+#define TARGET_NR_set_mempolicy      270
+#define TARGET_NR_mq_open            271
+#define TARGET_NR_mq_unlink          272
+#define TARGET_NR_mq_timedsend       273
+#define TARGET_NR_mq_timedreceive    274
+#define TARGET_NR_mq_notify          275
+#define TARGET_NR_mq_getsetattr      276
+#define TARGET_NR_waitid             277
+#define TARGET_NR_vserver            278
+#define TARGET_NR_add_key            279
+#define TARGET_NR_request_key        280
+#define TARGET_NR_keyctl             281
+/* from asm/termbits.h */
+/* NOTE: exactly the same as i386 */
+
+#define TARGET_NCCS 19
+
+struct target_termios {
+    unsigned int c_iflag;               /* input mode flags */
+    unsigned int c_oflag;               /* output mode flags */
+    unsigned int c_cflag;               /* control mode flags */
+    unsigned int c_lflag;               /* local mode flags */
+    unsigned char c_line;                    /* line discipline */
+    unsigned char c_cc[TARGET_NCCS];                /* control characters */
+};
+
+/* c_iflag bits */
+#define TARGET_IGNBRK  0000001
+#define TARGET_BRKINT  0000002
+#define TARGET_IGNPAR  0000004
+#define TARGET_PARMRK  0000010
+#define TARGET_INPCK   0000020
+#define TARGET_ISTRIP  0000040
+#define TARGET_INLCR   0000100
+#define TARGET_IGNCR   0000200
+#define TARGET_ICRNL   0000400
+#define TARGET_IUCLC   0001000
+#define TARGET_IXON    0002000
+#define TARGET_IXANY   0004000
+#define TARGET_IXOFF   0010000
+#define TARGET_IMAXBEL 0020000
+
+/* c_oflag bits */
+#define TARGET_OPOST   0000001
+#define TARGET_OLCUC   0000002
+#define TARGET_ONLCR   0000004
+#define TARGET_OCRNL   0000010
+#define TARGET_ONOCR   0000020
+#define TARGET_ONLRET  0000040
+#define TARGET_OFILL   0000100
+#define TARGET_OFDEL   0000200
+#define TARGET_NLDLY   0000400
+#define   TARGET_NL0   0000000
+#define   TARGET_NL1   0000400
+#define TARGET_CRDLY   0003000
+#define   TARGET_CR0   0000000
+#define   TARGET_CR1   0001000
+#define   TARGET_CR2   0002000
+#define   TARGET_CR3   0003000
+#define TARGET_TABDLY  0014000
+#define   TARGET_TAB0  0000000
+#define   TARGET_TAB1  0004000
+#define   TARGET_TAB2  0010000
+#define   TARGET_TAB3  0014000
+#define   TARGET_XTABS 0014000
+#define TARGET_BSDLY   0020000
+#define   TARGET_BS0   0000000
+#define   TARGET_BS1   0020000
+#define TARGET_VTDLY   0040000
+#define   TARGET_VT0   0000000
+#define   TARGET_VT1   0040000
+#define TARGET_FFDLY   0100000
+#define   TARGET_FF0   0000000
+#define   TARGET_FF1   0100000
+
+/* c_cflag bit meaning */
+#define TARGET_CBAUD   0010017
+#define  TARGET_B0     0000000         /* hang up */
+#define  TARGET_B50    0000001
+#define  TARGET_B75    0000002
+#define  TARGET_B110   0000003
+#define  TARGET_B134   0000004
+#define  TARGET_B150   0000005
+#define  TARGET_B200   0000006
+#define  TARGET_B300   0000007
+#define  TARGET_B600   0000010
+#define  TARGET_B1200  0000011
+#define  TARGET_B1800  0000012
+#define  TARGET_B2400  0000013
+#define  TARGET_B4800  0000014
+#define  TARGET_B9600  0000015
+#define  TARGET_B19200 0000016
+#define  TARGET_B38400 0000017
+#define TARGET_EXTA B19200
+#define TARGET_EXTB B38400
+#define TARGET_CSIZE   0000060
+#define   TARGET_CS5   0000000
+#define   TARGET_CS6   0000020
+#define   TARGET_CS7   0000040
+#define   TARGET_CS8   0000060
+#define TARGET_CSTOPB  0000100
+#define TARGET_CREAD   0000200
+#define TARGET_PARENB  0000400
+#define TARGET_PARODD  0001000
+#define TARGET_HUPCL   0002000
+#define TARGET_CLOCAL  0004000
+#define TARGET_CBAUDEX 0010000
+#define  TARGET_B57600  0010001
+#define  TARGET_B115200 0010002
+#define  TARGET_B230400 0010003
+#define  TARGET_B460800 0010004
+#define TARGET_CIBAUD    002003600000  /* input baud rate (not used) */
+#define TARGET_CRTSCTS   020000000000          /* flow control */
+
+/* c_lflag bits */
+#define TARGET_ISIG    0000001
+#define TARGET_ICANON  0000002
+#define TARGET_XCASE   0000004
+#define TARGET_ECHO    0000010
+#define TARGET_ECHOE   0000020
+#define TARGET_ECHOK   0000040
+#define TARGET_ECHONL  0000100
+#define TARGET_NOFLSH  0000200
+#define TARGET_TOSTOP  0000400
+#define TARGET_ECHOCTL 0001000
+#define TARGET_ECHOPRT 0002000
+#define TARGET_ECHOKE  0004000
+#define TARGET_FLUSHO  0010000
+#define TARGET_PENDIN  0040000
+#define TARGET_IEXTEN  0100000
+
+/* c_cc character offsets */
+#define TARGET_VINTR	0
+#define TARGET_VQUIT	1
+#define TARGET_VERASE	2
+#define TARGET_VKILL	3
+#define TARGET_VEOF	4
+#define TARGET_VTIME	5
+#define TARGET_VMIN	6
+#define TARGET_VSWTC	7
+#define TARGET_VSTART	8
+#define TARGET_VSTOP	9
+#define TARGET_VSUSP	10
+#define TARGET_VEOL	11
+#define TARGET_VREPRINT	12
+#define TARGET_VDISCARD	13
+#define TARGET_VWERASE	14
+#define TARGET_VLNEXT	15
+#define TARGET_VEOL2	16
+
+/* ioctls */
+
+#define TARGET_TCGETS		0x5401
+#define TARGET_TCSETS		0x5402
+#define TARGET_TCSETSW		0x5403
+#define TARGET_TCSETSF		0x5404
+#define TARGET_TCGETA		0x5405
+#define TARGET_TCSETA		0x5406
+#define TARGET_TCSETAW		0x5407
+#define TARGET_TCSETAF		0x5408
+#define TARGET_TCSBRK		0x5409
+#define TARGET_TCXONC		0x540A
+#define TARGET_TCFLSH		0x540B
+
+#define TARGET_TIOCEXCL	0x540C
+#define TARGET_TIOCNXCL	0x540D
+#define TARGET_TIOCSCTTY	0x540E
+#define TARGET_TIOCGPGRP	0x540F
+#define TARGET_TIOCSPGRP	0x5410
+#define TARGET_TIOCOUTQ	0x5411
+#define TARGET_TIOCSTI		0x5412
+#define TARGET_TIOCGWINSZ	0x5413
+#define TARGET_TIOCSWINSZ	0x5414
+#define TARGET_TIOCMGET	0x5415
+#define TARGET_TIOCMBIS	0x5416
+#define TARGET_TIOCMBIC	0x5417
+#define TARGET_TIOCMSET	0x5418
+#define TARGET_TIOCGSOFTCAR	0x5419
+#define TARGET_TIOCSSOFTCAR	0x541A
+#define TARGET_FIONREAD	0x541B
+#define TARGET_TIOCINQ		TARGET_FIONREAD
+#define TARGET_TIOCLINUX	0x541C
+#define TARGET_TIOCCONS	0x541D
+#define TARGET_TIOCGSERIAL	0x541E
+#define TARGET_TIOCSSERIAL	0x541F
+#define TARGET_TIOCPKT		0x5420
+#define TARGET_FIONBIO		0x5421
+#define TARGET_TIOCNOTTY	0x5422
+#define TARGET_TIOCSETD	0x5423
+#define TARGET_TIOCGETD	0x5424
+#define TARGET_TCSBRKP		0x5425	/* Needed for POSIX tcsendbreak() */
+#define TARGET_TIOCTTYGSTRUCT	0x5426  /* For debugging only */
+#define TARGET_TIOCSBRK	0x5427  /* BSD compatibility */
+#define TARGET_TIOCCBRK	0x5428  /* BSD compatibility */
+#define TARGET_TIOCGSID	0x5429  /* Return the session ID of FD */
+#define TARGET_TIOCGPTN	TARGET_IOR('T',0x30, unsigned int) /* Get Pty Number (of pty-mux device) */
+#define TARGET_TIOCSPTLCK	TARGET_IOW('T',0x31, int)  /* Lock/unlock Pty */
+
+#define TARGET_FIONCLEX	0x5450  /* these numbers need to be adjusted. */
+#define TARGET_FIOCLEX		0x5451
+#define TARGET_FIOASYNC	0x5452
+#define TARGET_TIOCSERCONFIG	0x5453
+#define TARGET_TIOCSERGWILD	0x5454
+#define TARGET_TIOCSERSWILD	0x5455
+#define TARGET_TIOCGLCKTRMIOS	0x5456
+#define TARGET_TIOCSLCKTRMIOS	0x5457
+#define TARGET_TIOCSERGSTRUCT	0x5458 /* For debugging only */
+#define TARGET_TIOCSERGETLSR   0x5459 /* Get line status register */
+#define TARGET_TIOCSERGETMULTI 0x545A /* Get multiport config  */
+#define TARGET_TIOCSERSETMULTI 0x545B /* Set multiport config */
+
+#define TARGET_TIOCMIWAIT	0x545C	/* wait for a change on serial input line(s) */
+#define TARGET_TIOCGICOUNT	0x545D	/* read serial port inline interrupt counts */
+#define TARGET_TIOCGHAYESESP   0x545E  /* Get Hayes ESP configuration */
+#define TARGET_TIOCSHAYESESP   0x545F  /* Set Hayes ESP configuration */
+
+/* Used for packet mode */
+#define TARGET_TIOCPKT_DATA		 0
+#define TARGET_TIOCPKT_FLUSHREAD	 1
+#define TARGET_TIOCPKT_FLUSHWRITE	 2
+#define TARGET_TIOCPKT_STOP		 4
+#define TARGET_TIOCPKT_START		 8
+#define TARGET_TIOCPKT_NOSTOP		16
+#define TARGET_TIOCPKT_DOSTOP		32
+
+#define TARGET_TIOCSER_TEMT    0x01	/* Transmitter physically empty */
+
@@ -1412,6 +1412,98 @@ void cpu_loop (CPUState *env)
 }
 #endif
  
+#ifdef TARGET_M68K
+
+void cpu_loop(CPUM68KState *env)
+{
+    int trapnr;
+    unsigned int n;
+    target_siginfo_t info;
+    TaskState *ts = env->opaque;
+    
+    for(;;) {
+        trapnr = cpu_m68k_exec(env);
+        switch(trapnr) {
+        case EXCP_ILLEGAL:
+            {
+                if (ts->sim_syscalls) {
+                    uint16_t nr;
+                    nr = lduw(env->pc + 2);
+                    env->pc += 4;
+                    do_m68k_simcall(env, nr);
+                } else {
+                    goto do_sigill;
+                }
+            }
+            break;
+        case EXCP_HALTED:
+            /* Semihosing syscall.  */
+            env->pc += 2;
+            do_m68k_semihosting(env, env->dregs[0]);
+            break;
+        case EXCP_LINEA:
+        case EXCP_LINEF:
+        case EXCP_UNSUPPORTED:
+        do_sigill:
+            info.si_signo = SIGILL;
+            info.si_errno = 0;
+            info.si_code = TARGET_ILL_ILLOPN;
+            info._sifields._sigfault._addr = env->pc;
+            queue_signal(info.si_signo, &info);
+            break;
+        case EXCP_TRAP0:
+            {
+                ts->sim_syscalls = 0;
+                n = env->dregs[0];
+                env->pc += 2;
+                env->dregs[0] = do_syscall(env, 
+                                          n, 
+                                          env->dregs[1],
+                                          env->dregs[2],
+                                          env->dregs[3],
+                                          env->dregs[4],
+                                          env->dregs[5],
+                                          env->dregs[6]);
+            }
+            break;
+        case EXCP_INTERRUPT:
+            /* just indicate that signals should be handled asap */
+            break;
+        case EXCP_ACCESS:
+            {
+                info.si_signo = SIGSEGV;
+                info.si_errno = 0;
+                /* XXX: check env->error_code */
+                info.si_code = TARGET_SEGV_MAPERR;
+                info._sifields._sigfault._addr = env->mmu.ar;
+                queue_signal(info.si_signo, &info);
+            }
+            break;
+        case EXCP_DEBUG:
+            {
+                int sig;
+
+                sig = gdb_handlesig (env, TARGET_SIGTRAP);
+                if (sig)
+                  {
+                    info.si_signo = sig;
+                    info.si_errno = 0;
+                    info.si_code = TARGET_TRAP_BRKPT;
+                    queue_signal(info.si_signo, &info);
+                  }
+            }
+            break;
+        default:
+            fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n", 
+                    trapnr);
+            cpu_dump_state(env, stderr, fprintf, 0);
+            abort();
+        }
+        process_pending_signals(env);
+    }
+}
+#endif /* TARGET_M68K */
+
 void usage(void)
 {
     printf("qemu-" TARGET_ARCH " version " QEMU_VERSION ", Copyright (c) 2003-2005 Fabrice Bellard\n"
@@ -1685,6 +1777,35 @@ int main(int argc, char **argv)
             env->gpr[i] = regs->gpr[i];
         }
     }
+#elif defined(TARGET_M68K)
+    {
+        m68k_def_t *def;
+        def = m68k_find_by_name("cfv4e");
+        if (def == NULL) {
+            cpu_abort(cpu_single_env,
+                      "Unable to find m68k CPU definition\n");
+        }
+        cpu_m68k_register(cpu_single_env, def);
+        env->pc = regs->pc;
+        env->dregs[0] = regs->d0;
+        env->dregs[1] = regs->d1;
+        env->dregs[2] = regs->d2;
+        env->dregs[3] = regs->d3;
+        env->dregs[4] = regs->d4;
+        env->dregs[5] = regs->d5;
+        env->dregs[6] = regs->d6;
+        env->dregs[7] = regs->d7;
+        env->aregs[0] = regs->a0;
+        env->aregs[1] = regs->a1;
+        env->aregs[2] = regs->a2;
+        env->aregs[3] = regs->a3;
+        env->aregs[4] = regs->a4;
+        env->aregs[5] = regs->a5;
+        env->aregs[6] = regs->a6;
+        env->aregs[7] = regs->usp;
+        env->sr = regs->sr;
+        ts->sim_syscalls = 1;
+    }
 #elif defined(TARGET_MIPS)
     {
         int i;
@@ -209,7 +209,7 @@ long target_mmap(target_ulong start, target_ulong len, int prot,
             last_start += HOST_PAGE_ALIGN(len);
         }
 #endif
-        if (qemu_host_page_size != qemu_real_host_page_size) {
+        if (0 && qemu_host_page_size != qemu_real_host_page_size) {
             /* NOTE: this code is only for debugging with '-p' option */
             /* ??? Can also occur when TARGET_PAGE_SIZE > host page size.  */
             /* reserve a memory area */
@@ -74,6 +74,9 @@ typedef struct TaskState {
     uint32_t v86flags;
     uint32_t v86mask;
 #endif
+#ifdef TARGET_M68K
+    int sim_syscalls;
+#endif
     int used; /* non zero if used */
     struct image_info *info;
     uint8_t stack[0];
@@ -69,7 +69,8 @@
  
 //#define DEBUG
  
-#if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_SPARC)
+#if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_SPARC) \
+    || defined(TARGET_M68K)
 /* 16 bit uid wrappers emulation */
 #define USE_UID16
 #endif
@@ -1645,6 +1646,12 @@ int do_fork(CPUState *env, unsigned int flags, unsigned long newsp)
         new_env->regwptr[0] = 0;
 	/* XXXXX */
         printf ("HELPME: %s:%d\n", __FILE__, __LINE__);
+#elif defined(TARGET_M68K)
+        if (!newsp)
+            newsp = env->aregs[7];
+        new_env->aregs[7] = newsp;
+        new_env->dregs[0] = 0;
+        /* ??? is this sufficient?  */
 #elif defined(TARGET_MIPS)
         printf ("HELPME: %s:%d\n", __FILE__, __LINE__);
 #elif defined(TARGET_PPC)
@@ -2604,7 +2611,7 @@ long do_syscall(void *cpu_env, int num, long arg1, long arg2, long arg3,
     case TARGET_NR_readdir:
         goto unimplemented;
     case TARGET_NR_mmap:
-#if defined(TARGET_I386) || defined(TARGET_ARM)
+#if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_M68K)
         {
             target_ulong *v;
             target_ulong v1, v2, v3, v4, v5, v6;
@@ -48,7 +48,8 @@
 #define TARGET_IOC_NRBITS	8
 #define TARGET_IOC_TYPEBITS	8
  
-#if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_SH4)
+#if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_SH4) \
+    || defined(TARGET_M68K)
  
 #define TARGET_IOC_SIZEBITS	14
 #define TARGET_IOC_DIRBITS	2
@@ -293,7 +294,7 @@ struct target_sigaction;
 int do_sigaction(int sig, const struct target_sigaction *act,
                  struct target_sigaction *oact);
  
-#if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_SPARC) || defined(TARGET_PPC) || defined(TARGET_MIPS) || defined (TARGET_SH4)
+#if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_SPARC) || defined(TARGET_PPC) || defined(TARGET_MIPS) || defined (TARGET_SH4) || defined(TARGET_M68K)
  
 #if defined(TARGET_SPARC)
 #define TARGET_SA_NOCLDSTOP    8u
@@ -1070,6 +1071,68 @@ struct target_stat64 {
         target_ulong    __unused5;
 };
  
+#elif defined(TARGET_M68K)
+
+struct target_stat {
+	unsigned short st_dev;
+	unsigned short __pad1;
+	target_ulong st_ino;
+	unsigned short st_mode;
+	unsigned short st_nlink;
+	unsigned short st_uid;
+	unsigned short st_gid;
+	unsigned short st_rdev;
+	unsigned short __pad2;
+	target_ulong  st_size;
+	target_ulong  st_blksize;
+	target_ulong  st_blocks;
+	target_ulong  target_st_atime;
+	target_ulong  __unused1;
+	target_ulong  target_st_mtime;
+	target_ulong  __unused2;
+	target_ulong  target_st_ctime;
+	target_ulong  __unused3;
+	target_ulong  __unused4;
+	target_ulong  __unused5;
+};
+
+/* This matches struct stat64 in glibc2.1, hence the absolutely
+ * insane amounts of padding around dev_t's.
+ */
+struct target_stat64 {
+	unsigned long long	st_dev;
+	unsigned char	__pad1[2];
+
+#define TARGET_STAT64_HAS_BROKEN_ST_INO	1
+	target_ulong	__st_ino;
+
+	unsigned int	st_mode;
+	unsigned int	st_nlink;
+
+	target_ulong	st_uid;
+	target_ulong	st_gid;
+
+	unsigned long long	st_rdev;
+	unsigned char	__pad3[2];
+
+	long long	st_size;
+	target_ulong	st_blksize;
+
+	target_ulong	__pad4;		/* future possible st_blocks high bits */
+	target_ulong	st_blocks;	/* Number 512-byte blocks allocated. */
+
+	target_ulong	target_st_atime;
+	target_ulong	target_st_atime_nsec;
+
+	target_ulong	target_st_mtime;
+	target_ulong	target_st_mtime_nsec;
+
+	target_ulong	target_st_ctime;
+	target_ulong	target_st_ctime_nsec;
+
+	unsigned long long	st_ino;
+} __attribute__((packed));
+
 #elif defined(TARGET_MIPS)
  
 struct target_stat {
@@ -81,7 +81,7 @@ For system emulation, the following hardware targets are supported:
 @item ARM Versatile baseboard (ARM926E)
 @end itemize
  
-For user emulation, x86, PowerPC, ARM, MIPS, and Sparc32/64 CPUs are supported.
+For user emulation, x86, PowerPC, ARM, MIPS, Sparc32/64 and ColdFire(m68k) CPUs are supported.
  
 @node Installation
 @chapter Installation
@@ -1768,6 +1768,10 @@ Act as if the host page size was &#39;pagesize&#39; bytes
 binaries (as implemented by the arm-elf and arm-eabi Newlib/GDB
 configurations), and arm-uclinux bFLT format binaries.
  
+@command{qemu-m68k} is capable of running semihosted binaries using the BDM
+(m5xxx-ram-hosted.ld) or m68k-sim (sim.ld) syscall interfaces, and
+coldfire uClinux bFLT format binaries.
+
 The binary format is detected automatically.
  
 @node compilation
+/*
+ * m68k virtual CPU header
+ * 
+ *  Copyright (c) 2005-2006 CodeSourcery
+ *  Written by Paul Brook
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+#ifndef CPU_M68K_H
+#define CPU_M68K_H
+
+#define TARGET_LONG_BITS 32
+
+#include "cpu-defs.h"
+
+#include "softfloat.h"
+
+#define MAX_QREGS 32
+
+#define TARGET_HAS_ICE 1
+
+#define EXCP_ACCESS         2   /* Access (MMU) error.  */
+#define EXCP_ADDRESS        3   /* Address error.  */
+#define EXCP_ILLEGAL        4   /* Illegal instruction.  */
+#define EXCP_DIV0           5   /* Divide by zero */
+#define EXCP_PRIVILEGE      8   /* Privilege violation.  */
+#define EXCP_TRACE          9
+#define EXCP_LINEA          10  /* Unimplemented line-A (MAC) opcode.  */
+#define EXCP_LINEF          11  /* Unimplemented line-F (FPU) opcode.  */
+#define EXCP_DEBUGNBP       12  /* Non-breakpoint debug interrupt.  */
+#define EXCP_DEBEGBP        13  /* Breakpoint debug interrupt.  */
+#define EXCP_FORMAT         14  /* RTE format error.  */
+#define EXCP_UNINITIALIZED  15
+#define EXCP_TRAP0          32   /* User trap #0.  */
+#define EXCP_TRAP15         47   /* User trap #15.  */
+#define EXCP_UNSUPPORTED    61
+#define EXCP_ICE            13
+
+typedef struct CPUM68KState {
+    uint32_t dregs[8];
+    uint32_t aregs[8];
+    uint32_t pc;
+    uint32_t sr;
+
+    /* Condition flags.  */
+    uint32_t cc_op;
+    uint32_t cc_dest;
+    uint32_t cc_src;
+    uint32_t cc_x;
+
+    float64 fregs[8];
+    float64 fp_result;
+    uint32_t fpcr;
+    uint32_t fpsr;
+    float_status fp_status;
+
+    /* Temporary storage for DIV helpers.  */
+    uint32_t div1;
+    uint32_t div2;
+    
+    /* MMU status.  */
+    struct {
+        uint32_t ar;
+    } mmu;
+    /* ??? remove this.  */
+    uint32_t t1;
+
+    /* exception/interrupt handling */
+    jmp_buf jmp_env;
+    int exception_index;
+    int interrupt_request;
+    int user_mode_only;
+    uint32_t address;
+
+    uint32_t qregs[MAX_QREGS];
+
+    CPU_COMMON
+} CPUM68KState;
+
+CPUM68KState *cpu_m68k_init(void);
+int cpu_m68k_exec(CPUM68KState *s);
+void cpu_m68k_close(CPUM68KState *s);
+/* you can call this signal handler from your SIGBUS and SIGSEGV
+   signal handlers to inform the virtual CPU of exceptions. non zero
+   is returned if the signal was handled by the virtual CPU.  */
+struct siginfo;
+int cpu_m68k_signal_handler(int host_signum, struct siginfo *info, 
+                           void *puc);
+void cpu_m68k_flush_flags(CPUM68KState *, int);
+
+enum {
+    CC_OP_DYNAMIC, /* Use env->cc_op  */
+    CC_OP_FLAGS, /* CC_DEST = CVZN, CC_SRC = unused */
+    CC_OP_LOGIC, /* CC_DEST = result, CC_SRC = unused */
+    CC_OP_ADD,   /* CC_DEST = result, CC_SRC = source */
+    CC_OP_SUB,   /* CC_DEST = result, CC_SRC = source */
+    CC_OP_CMPB,  /* CC_DEST = result, CC_SRC = source */
+    CC_OP_CMPW,  /* CC_DEST = result, CC_SRC = source */
+    CC_OP_ADDX,  /* CC_DEST = result, CC_SRC = source */
+    CC_OP_SUBX,  /* CC_DEST = result, CC_SRC = source */
+    CC_OP_SHL,   /* CC_DEST = source, CC_SRC = shift */
+    CC_OP_SHR,   /* CC_DEST = source, CC_SRC = shift */
+    CC_OP_SAR,   /* CC_DEST = source, CC_SRC = shift */
+};
+
+#define CCF_C 0x01
+#define CCF_V 0x02
+#define CCF_Z 0x04
+#define CCF_N 0x08
+#define CCF_X 0x01
+
+typedef struct m68k_def_t m68k_def_t;
+
+m68k_def_t *m68k_find_by_name(const char *);
+void cpu_m68k_register(CPUM68KState *, m68k_def_t *);
+
+#define M68K_FPCR_PREC (1 << 6)
+
+#ifdef CONFIG_USER_ONLY
+/* Linux uses 8k pages.  */
+#define TARGET_PAGE_BITS 13
+#else
+/* Smallest TLB entry size is 1k.  */ 
+#define TARGET_PAGE_BITS 10
+#endif
+#include "cpu-all.h"
+
+#endif
+/*
+ *  m68k execution defines
+ * 
+ *  Copyright (c) 2005-2006 CodeSourcery
+ *  Written by Paul Brook
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+#include "dyngen-exec.h"
+
+register struct CPUM68KState *env asm(AREG0);
+/* This is only used for tb lookup.  */
+register uint32_t T0 asm(AREG1);
+/* ??? We don't use T1, but common code expects it to exist  */
+#define T1 env->t1
+
+#include "cpu.h"
+#include "exec-all.h"
+
+static inline void env_to_regs(void)
+{
+}
+
+static inline void regs_to_env(void)
+{
+}
+
+int cpu_m68k_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
+                              int is_user, int is_softmmu);
+
+
+void cpu_m68k_flush_flags(CPUM68KState *env, int cc_op);
+float64 helper_sub_cmpf64(CPUM68KState *env, float64 src0, float64 src1);
+
+void cpu_loop_exit(void);
+/*
+ *  m68k op helpers
+ * 
+ *  Copyright (c) 2006 CodeSourcery
+ *  Written by Paul Brook
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdio.h>
+
+#include "config.h"
+#include "cpu.h"
+#include "exec-all.h"
+
+void cpu_m68k_flush_flags(CPUM68KState *env, int cc_op)
+{
+    int flags;
+    uint32_t src;
+    uint32_t dest;
+    uint32_t tmp;
+
+#define HIGHBIT 0x80000000u
+
+#define SET_NZ(x) do { \
+    if ((x) == 0) \
+        flags |= CCF_Z; \
+    else if ((int32_t)(x) < 0) \
+        flags |= CCF_N; \
+    } while (0)
+
+#define SET_FLAGS_SUB(type, utype) do { \
+    SET_NZ((type)dest); \
+    tmp = dest + src; \
+    if ((utype) tmp < (utype) src) \
+        flags |= CCF_C; \
+    if ((1u << (sizeof(type) * 8 - 1)) & (tmp ^ dest) & (tmp ^ src)) \
+        flags |= CCF_V; \
+    } while (0)
+
+    flags = 0;
+    src = env->cc_src;
+    dest = env->cc_dest;
+    switch (cc_op) {
+    case CC_OP_FLAGS:
+        flags = dest;
+        break;
+    case CC_OP_LOGIC:
+        SET_NZ(dest);
+        break;
+    case CC_OP_ADD:
+        SET_NZ(dest);
+        if (dest < src)
+            flags |= CCF_C;
+        tmp = dest - src;
+        if (HIGHBIT & (src ^ dest) & ~(tmp ^ src))
+            flags |= CCF_V;
+        break;
+    case CC_OP_SUB:
+        SET_FLAGS_SUB(int32_t, uint32_t);
+        break;
+    case CC_OP_CMPB:
+        SET_FLAGS_SUB(int8_t, uint8_t);
+        break;
+    case CC_OP_CMPW:
+        SET_FLAGS_SUB(int16_t, uint16_t);
+        break;
+    case CC_OP_ADDX:
+        SET_NZ(dest);
+        if (dest <= src)
+            flags |= CCF_C;
+        tmp = dest - src - 1;
+        if (HIGHBIT & (src ^ dest) & ~(tmp ^ src))
+            flags |= CCF_V;
+        break;
+    case CC_OP_SUBX:
+        SET_NZ(dest);
+        tmp = dest + src + 1;
+        if (tmp <= src)
+            flags |= CCF_C;
+        if (HIGHBIT & (tmp ^ dest) & (tmp ^ src))
+            flags |= CCF_V;
+        break;
+    case CC_OP_SHL:
+        if (src >= 32) {
+            SET_NZ(0);
+        } else {
+            tmp = dest << src;
+            SET_NZ(tmp);
+        }
+        if (src && src <= 32 && (dest & (1 << (32 - src))))
+            flags |= CCF_C;
+        break;
+    case CC_OP_SHR:
+        if (src >= 32) {
+            SET_NZ(0);
+        } else {
+            tmp = dest >> src;
+            SET_NZ(tmp);
+        }
+        if (src && src <= 32 && ((dest >> (src - 1)) & 1))
+            flags |= CCF_C;
+        break;
+    case CC_OP_SAR:
+        if (src >= 32) {
+            SET_NZ(-1);
+        } else {
+            tmp = (int32_t)dest >> src;
+            SET_NZ(tmp);
+        }
+        if (src && src <= 32 && (((int32_t)dest >> (src - 1)) & 1))
+            flags |= CCF_C;
+        break;
+    default:
+        cpu_abort(env, "Bad CC_OP %d", cc_op);
+    }
+    env->cc_op = CC_OP_FLAGS;
+    env->cc_dest = flags;
+}
+
+float64 helper_sub_cmpf64(CPUM68KState *env, float64 src0, float64 src1)
+{
+    /* ??? This may incorrectly raise exceptions.  */
+    /* ??? Should flush denormals to zero.  */
+    float64 res;
+    res = float64_sub(src0, src1, &env->fp_status);
+    if (float64_is_nan(res)) {
+        /* +/-inf compares equal against itself, but sub returns nan.  */
+        if (!float64_is_nan(src0)
+            && !float64_is_nan(src1)) {
+            res = 0;
+            if (float64_lt_quiet(src0, res, &env->fp_status))
+                res = float64_chs(res);
+        }
+    }
+    return res;
+}
+enum {
+#define DEFO32(name, offset) QREG_##name,
+#define DEFR(name, reg, mode) QREG_##name,
+#define DEFF64(name, offset) QREG_##name,
+    QREG_NULL,
+#include "qregs.def"
+    TARGET_NUM_QREGS = 0x100
+#undef DEFO32
+#undef DEFR
+#undef DEFF64
+};
+
+/* Various hacks to make code written for a dynamic code generator work
+   with regular QEMU.  */
+
+static int free_qreg;
+
+#define QMODE_I32 1
+#define QMODE_F32 1
+#define QMODE_F64 2
+
+static inline int gen_new_qreg(int mode)
+{
+    int qreg;
+
+    qreg = free_qreg;
+    free_qreg += mode;
+    if (free_qreg > MAX_QREGS) {
+        fprintf(stderr, "qreg overflow\n");
+        abort();
+    }
+    return qreg + TARGET_NUM_QREGS;
+}
+
+static inline int gen_im32(uint32_t i)
+{
+    int qreg = gen_new_qreg(QMODE_I32);
+    gen_op_mov32_im(qreg, i);
+    return qreg;
+}
+
+static inline void gen_op_ldf32(int dest, int addr)
+{
+    gen_op_ld32(dest, addr);
+}
+
+static inline void gen_op_stf32(int addr, int dest)
+{
+    gen_op_st32(addr, dest);
+}
+
+static inline void gen_op_pack_32_f32(int dest, int src)
+{
+    gen_op_mov32(dest, src);
+}
+
+static inline void gen_op_pack_f32_32(int dest, int src)
+{
+    gen_op_mov32(dest, src);
+}
+
+static inline void gen_op_flags_set(void)
+{
+    /* Dummy op.  */
+}
+
+static inline void gen_op_shl_im_cc(int val, int shift)
+{
+    gen_op_shl_cc(val, gen_im32(shift));
+}
+
+static inline void gen_op_shr_im_cc(int val, int shift)
+{
+    gen_op_shr_cc(val, gen_im32(shift));
+}
+
+static inline void gen_op_sar_im_cc(int val, int shift)
+{
+    gen_op_sar_cc(val, gen_im32(shift));
+}
+
+#ifdef USE_DIRECT_JUMP
+#define TBPARAM(x)
+#else
+#define TBPARAM(x) (long)(x)
+#endif
+
+static inline void gen_op_goto_tb(int dummy, int n, long tb)
+{
+    if (n == 0) {
+        gen_op_goto_tb0(TBPARAM(tb));
+    } else {
+        gen_op_goto_tb1(TBPARAM(tb));
+    }
+}
+/*
+ *  m68k micro operations
+ * 
+ *  Copyright (c) 2006 CodeSourcery
+ *  Written by Paul Brook
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include "exec.h"
+#include "m68k-qreg.h"
+
+#ifndef offsetof
+#define offsetof(type, field) ((size_t) &((type *)0)->field)
+#endif
+
+static long qreg_offsets[] = {
+#define DEFO32(name, offset) offsetof(CPUState, offset),
+#define DEFR(name, reg, mode) -1,
+#define DEFF64(name, offset) offsetof(CPUState, offset),
+    0,
+#include "qregs.def"
+};
+
+#define CPU_FP_STATUS env->fp_status
+
+#define RAISE_EXCEPTION(n) do { \
+    env->exception_index = n; \
+    cpu_loop_exit(); \
+    } while(0)
+
+#define get_op helper_get_op
+#define set_op helper_set_op
+#define get_opf64 helper_get_opf64
+#define set_opf64 helper_set_opf64
+uint32_t
+get_op(int qreg)
+{
+    if (qreg == QREG_T0) {
+        return T0;
+    } else if (qreg < TARGET_NUM_QREGS) {
+        return *(uint32_t *)(((long)env) + qreg_offsets[qreg]);
+    } else {
+        return env->qregs[qreg - TARGET_NUM_QREGS];
+    }
+}
+
+void set_op(int qreg, uint32_t val)
+{
+    if (qreg == QREG_T0) {
+        T0 = val;
+    } else if (qreg < TARGET_NUM_QREGS) {
+        *(uint32_t *)(((long)env) + qreg_offsets[qreg]) = val;
+    } else {
+        env->qregs[qreg - TARGET_NUM_QREGS] = val;
+    }
+}
+
+float64 get_opf64(int qreg)
+{
+    if (qreg < TARGET_NUM_QREGS) {
+        return *(float64 *)(((long)env) + qreg_offsets[qreg]);
+    } else {
+        return *(float64 *)&env->qregs[qreg - TARGET_NUM_QREGS];
+    }
+}
+
+void set_opf64(int qreg, float64 val)
+{
+    if (qreg < TARGET_NUM_QREGS) {
+        *(float64 *)(((long)env) + qreg_offsets[qreg]) = val;
+    } else {
+        *(float64 *)&env->qregs[qreg - TARGET_NUM_QREGS] = val;
+    }
+}
+
+#define OP(name) void OPPROTO op_##name (void)
+
+OP(mov32)
+{
+    set_op(PARAM1, get_op(PARAM2));
+    FORCE_RET();
+}
+
+OP(mov32_im)
+{
+    set_op(PARAM1, PARAM2);
+    FORCE_RET();
+}
+
+OP(movf64)
+{
+    set_opf64(PARAM1, get_opf64(PARAM2));
+    FORCE_RET();
+}
+
+OP(zerof64)
+{
+    set_opf64(PARAM1, 0);
+    FORCE_RET();
+}
+
+OP(add32)
+{
+    uint32_t op2 = get_op(PARAM2);
+    uint32_t op3 = get_op(PARAM3);
+    set_op(PARAM1, op2 + op3);
+    FORCE_RET();
+}
+
+OP(sub32)
+{
+    uint32_t op2 = get_op(PARAM2);
+    uint32_t op3 = get_op(PARAM3);
+    set_op(PARAM1, op2 - op3);
+    FORCE_RET();
+}
+
+OP(mul32)
+{
+    uint32_t op2 = get_op(PARAM2);
+    uint32_t op3 = get_op(PARAM3);
+    set_op(PARAM1, op2 * op3);
+    FORCE_RET();
+}
+
+OP(not32)
+{
+    uint32_t arg = get_op(PARAM2);
+    set_op(PARAM1, ~arg);
+    FORCE_RET();
+}
+
+OP(neg32)
+{
+    uint32_t arg = get_op(PARAM2);
+    set_op(PARAM1, -arg);
+    FORCE_RET();
+}
+
+OP(bswap32)
+{
+    uint32_t arg = get_op(PARAM2);
+    arg = (arg >> 24) | (arg << 24)
+          | ((arg >> 16) & 0xff00) | ((arg << 16) & 0xff0000);
+    set_op(PARAM1, arg);
+    FORCE_RET();
+}
+
+OP(btest)
+{
+    uint32_t op1 = get_op(PARAM1);
+    uint32_t op2 = get_op(PARAM2);
+    if (op1 & op2)
+        env->cc_dest &= ~CCF_Z;
+    else
+        env->cc_dest |= CCF_Z;
+    FORCE_RET();
+}
+
+OP(addx_cc)
+{
+    uint32_t op1 = get_op(PARAM1);
+    uint32_t op2 = get_op(PARAM2);
+    uint32_t res;
+    if (env->cc_x) {
+        env->cc_x = (op1 <= op2);
+        env->cc_op = CC_OP_SUBX;
+        res = op1 - (op2 + 1);
+    } else {
+        env->cc_x = (op1 < op2);
+        env->cc_op = CC_OP_SUB;
+        res = op1 - op2;
+    }
+    set_op(PARAM1, res);
+    FORCE_RET();
+}
+
+OP(subx_cc)
+{
+    uint32_t op1 = get_op(PARAM1);
+    uint32_t op2 = get_op(PARAM2);
+    uint32_t res;
+    if (env->cc_x) {
+        res = op1 + op2 + 1;
+        env->cc_x = (res <= op2);
+        env->cc_op = CC_OP_ADDX;
+    } else {
+        res = op1 + op2;
+        env->cc_x = (res < op2);
+        env->cc_op = CC_OP_ADD;
+    }
+    set_op(PARAM1, res);
+    FORCE_RET();
+}
+
+/* Logic ops.  */
+
+OP(and32)
+{
+    uint32_t op2 = get_op(PARAM2);
+    uint32_t op3 = get_op(PARAM3);
+    set_op(PARAM1, op2 & op3);
+    FORCE_RET();
+}
+
+OP(or32)
+{
+    uint32_t op2 = get_op(PARAM2);
+    uint32_t op3 = get_op(PARAM3);
+    set_op(PARAM1, op2 | op3);
+    FORCE_RET();
+}
+
+OP(xor32)
+{
+    uint32_t op2 = get_op(PARAM2);
+    uint32_t op3 = get_op(PARAM3);
+    set_op(PARAM1, op2 ^ op3);
+    FORCE_RET();
+}
+
+/* Shifts.  */
+OP(shl32)
+{
+    uint32_t op2 = get_op(PARAM2);
+    uint32_t op3 = get_op(PARAM3);
+    uint32_t result;
+    result = op2 << op3;
+    set_op(PARAM1, result);
+    FORCE_RET();
+}
+
+OP(shl_cc)
+{
+    uint32_t op1 = get_op(PARAM1);
+    uint32_t op2 = get_op(PARAM2);
+    uint32_t result;
+    result = op1 << op2;
+    set_op(PARAM1, result);
+    env->cc_x = (op1 << (op2 - 1)) & 1;
+    FORCE_RET();
+}
+
+OP(shr32)
+{
+    uint32_t op2 = get_op(PARAM2);
+    uint32_t op3 = get_op(PARAM3);
+    uint32_t result;
+    result = op2 >> op3;
+    set_op(PARAM1, result);
+    FORCE_RET();
+}
+
+OP(shr_cc)
+{
+    uint32_t op1 = get_op(PARAM1);
+    uint32_t op2 = get_op(PARAM2);
+    uint32_t result;
+    result = op1 >> op2;
+    set_op(PARAM1, result);
+    env->cc_x = (op1 >> (op2 - 1)) & 1;
+    FORCE_RET();
+}
+
+OP(sar_cc)
+{
+    int32_t op1 = get_op(PARAM1);
+    uint32_t op2 = get_op(PARAM2);
+    uint32_t result;
+    result = op1 >> op2;
+    set_op(PARAM1, result);
+    env->cc_x = (op1 >> (op2 - 1)) & 1;
+    FORCE_RET();
+}
+
+/* Value extend.  */
+
+OP(ext8u32)
+{
+    uint32_t op2 = get_op(PARAM2);
+    set_op(PARAM1, (uint8_t)op2);
+    FORCE_RET();
+}
+
+OP(ext8s32)
+{
+    uint32_t op2 = get_op(PARAM2);
+    set_op(PARAM1, (int8_t)op2);
+    FORCE_RET();
+}
+
+OP(ext16u32)
+{
+    uint32_t op2 = get_op(PARAM2);
+    set_op(PARAM1, (uint16_t)op2);
+    FORCE_RET();
+}
+
+OP(ext16s32)
+{
+    uint32_t op2 = get_op(PARAM2);
+    set_op(PARAM1, (int16_t)op2);
+    FORCE_RET();
+}
+
+/* Load/store ops.  */
+OP(ld8u32)
+{
+    uint32_t addr = get_op(PARAM2);
+    set_op(PARAM1, ldub(addr));
+    FORCE_RET();
+}
+
+OP(ld8s32)
+{
+    uint32_t addr = get_op(PARAM2);
+    set_op(PARAM1, ldsb(addr));
+    FORCE_RET();
+}
+
+OP(ld16u32)
+{
+    uint32_t addr = get_op(PARAM2);
+    set_op(PARAM1, lduw(addr));
+    FORCE_RET();
+}
+
+OP(ld16s32)
+{
+    uint32_t addr = get_op(PARAM2);
+    set_op(PARAM1, ldsw(addr));
+    FORCE_RET();
+}
+
+OP(ld32)
+{
+    uint32_t addr = get_op(PARAM2);
+    set_op(PARAM1, ldl(addr));
+    FORCE_RET();
+}
+
+OP(st8)
+{
+    uint32_t addr = get_op(PARAM1);
+    stb(addr, get_op(PARAM2));
+    FORCE_RET();
+}
+
+OP(st16)
+{
+    uint32_t addr = get_op(PARAM1);
+    stw(addr, get_op(PARAM2));
+    FORCE_RET();
+}
+
+OP(st32)
+{
+    uint32_t addr = get_op(PARAM1);
+    stl(addr, get_op(PARAM2));
+    FORCE_RET();
+}
+
+OP(ldf64)
+{
+    uint32_t addr = get_op(PARAM2);
+    set_opf64(PARAM1, ldfq(addr));
+    FORCE_RET();
+}
+
+OP(stf64)
+{
+    uint32_t addr = get_op(PARAM1);
+    stfq(addr, get_opf64(PARAM2));
+    FORCE_RET();
+}
+
+OP(flush_flags)
+{
+    int cc_op  = PARAM1;
+    if (cc_op == CC_OP_DYNAMIC)
+        cc_op = env->cc_op;
+    cpu_m68k_flush_flags(env, cc_op);
+    FORCE_RET();
+}
+
+OP(divu)
+{
+    uint32_t num;
+    uint32_t den;
+    uint32_t quot;
+    uint32_t rem;
+    uint32_t flags;
+    
+    num = env->div1;
+    den = env->div2;
+    /* ??? This needs to make sure the throwing location is accurate.  */
+    if (den == 0)
+        RAISE_EXCEPTION(EXCP_DIV0);
+    quot = num / den;
+    rem = num % den;
+    flags = 0;
+    if (PARAM1 && quot > 0xffff)
+        flags |= CCF_V;
+    if (quot == 0)
+        flags |= CCF_Z;
+    else if ((int32_t)quot < 0)
+        flags |= CCF_N;
+    env->div1 = quot;
+    env->div2 = rem;
+    env->cc_dest = flags;
+    FORCE_RET();
+}
+
+OP(divs)
+{
+    int32_t num;
+    int32_t den;
+    int32_t quot;
+    int32_t rem;
+    int32_t flags;
+    
+    num = env->div1;
+    den = env->div2;
+    if (den == 0)
+        RAISE_EXCEPTION(EXCP_DIV0);
+    quot = num / den;
+    rem = num % den;
+    flags = 0;
+    if (PARAM1 && quot != (int16_t)quot)
+        flags |= CCF_V;
+    if (quot == 0)
+        flags |= CCF_Z;
+    else if (quot < 0)
+        flags |= CCF_N;
+    env->div1 = quot;
+    env->div2 = rem;
+    env->cc_dest = flags;
+    FORCE_RET();
+}
+
+OP(raise_exception)
+{
+    RAISE_EXCEPTION(PARAM1);
+    FORCE_RET();
+}
+
+/* Floating point comparison sets flags differently to other instructions.  */
+
+OP(sub_cmpf64)
+{
+    float64 src0;
+    float64 src1;
+    src0 = get_opf64(PARAM2);
+    src1 = get_opf64(PARAM3);
+    set_opf64(PARAM1, helper_sub_cmpf64(env, src0, src1));
+    FORCE_RET();
+}
+
+OP(update_xflag_tst)
+{
+    uint32_t op1 = get_op(PARAM1);
+    env->cc_x = op1;
+    FORCE_RET();
+}
+
+OP(update_xflag_lt)
+{
+    uint32_t op1 = get_op(PARAM1);
+    uint32_t op2 = get_op(PARAM2);
+    env->cc_x = (op1 < op2);
+    FORCE_RET();
+}
+
+OP(get_xflag)
+{
+    set_op(PARAM1, env->cc_x);
+    FORCE_RET();
+}
+
+OP(logic_cc)
+{
+    uint32_t op1 = get_op(PARAM1);
+    env->cc_dest = op1;
+    FORCE_RET();
+}
+
+OP(update_cc_add)
+{
+    uint32_t op1 = get_op(PARAM1);
+    uint32_t op2 = get_op(PARAM2);
+    env->cc_dest = op1;
+    env->cc_src = op2;
+    FORCE_RET();
+}
+
+OP(fp_result)
+{
+    env->fp_result = get_opf64(PARAM1);
+    FORCE_RET();
+}
+
+OP(jmp)
+{
+    GOTO_LABEL_PARAM(1);
+}
+
+/* These ops involve a function call, which probably requires a stack frame
+   and breaks things on some hosts.  */
+OP(jmp_z32)
+{
+    uint32_t arg = get_op(PARAM1);
+    if (arg == 0)
+        GOTO_LABEL_PARAM(2);
+    FORCE_RET();
+}
+
+OP(jmp_nz32)
+{
+    uint32_t arg = get_op(PARAM1);
+    if (arg != 0)
+        GOTO_LABEL_PARAM(2);
+    FORCE_RET();
+}
+
+OP(jmp_s32)
+{
+    int32_t arg = get_op(PARAM1);
+    if (arg < 0)
+        GOTO_LABEL_PARAM(2);
+    FORCE_RET();
+}
+
+OP(jmp_ns32)
+{
+    int32_t arg = get_op(PARAM1);
+    if (arg >= 0)
+        GOTO_LABEL_PARAM(2);
+    FORCE_RET();
+}
+
+void OPPROTO op_goto_tb0(void)
+{
+    GOTO_TB(op_goto_tb0, PARAM1, 0);
+}
+
+void OPPROTO op_goto_tb1(void)
+{
+    GOTO_TB(op_goto_tb1, PARAM1, 1);
+}
+
+OP(exit_tb)
+{
+    EXIT_TB();
+}
+
+
+/* Floating point.  */
+OP(f64_to_i32)
+{
+    set_op(PARAM1, float64_to_int32(get_opf64(PARAM2), &CPU_FP_STATUS));
+    FORCE_RET();
+}
+
+OP(f64_to_f32)
+{
+    union {
+        float32 f;
+        uint32_t i;
+    } u;
+    u.f = float64_to_float32(get_opf64(PARAM2), &CPU_FP_STATUS);
+    set_op(PARAM1, u.i);
+    FORCE_RET();
+}
+
+OP(i32_to_f64)
+{
+    set_opf64(PARAM1, int32_to_float64(get_op(PARAM2), &CPU_FP_STATUS));
+    FORCE_RET();
+}
+
+OP(f32_to_f64)
+{
+    union {
+        float32 f;
+        uint32_t i;
+    } u;
+    u.i = get_op(PARAM2);
+    set_opf64(PARAM1, float32_to_float64(u.f, &CPU_FP_STATUS));
+    FORCE_RET();
+}
+
+OP(absf64)
+{
+    float64 op0 = get_opf64(PARAM2);
+    set_opf64(PARAM1, float64_abs(op0));
+    FORCE_RET();
+}
+
+OP(chsf64)
+{
+    float64 op0 = get_opf64(PARAM2);
+    set_opf64(PARAM1, float64_chs(op0));
+    FORCE_RET();
+}
+
+OP(sqrtf64)
+{
+    float64 op0 = get_opf64(PARAM2);
+    set_opf64(PARAM1, float64_sqrt(op0, &CPU_FP_STATUS));
+    FORCE_RET();
+}
+
+OP(addf64)
+{
+    float64 op0 = get_opf64(PARAM2);
+    float64 op1 = get_opf64(PARAM3);
+    set_opf64(PARAM1, float64_add(op0, op1, &CPU_FP_STATUS));
+    FORCE_RET();
+}
+
+OP(subf64)
+{
+    float64 op0 = get_opf64(PARAM2);
+    float64 op1 = get_opf64(PARAM3);
+    set_opf64(PARAM1, float64_sub(op0, op1, &CPU_FP_STATUS));
+    FORCE_RET();
+}
+
+OP(mulf64)
+{
+    float64 op0 = get_opf64(PARAM2);
+    float64 op1 = get_opf64(PARAM3);
+    set_opf64(PARAM1, float64_mul(op0, op1, &CPU_FP_STATUS));
+    FORCE_RET();
+}
+
+OP(divf64)
+{
+    float64 op0 = get_opf64(PARAM2);
+    float64 op1 = get_opf64(PARAM3);
+    set_opf64(PARAM1, float64_div(op0, op1, &CPU_FP_STATUS));
+    FORCE_RET();
+}
+
+OP(iround_f64)
+{
+    float64 op0 = get_opf64(PARAM2);
+    set_opf64(PARAM1, float64_round_to_int(op0, &CPU_FP_STATUS));
+    FORCE_RET();
+}
+
+OP(itrunc_f64)
+{
+    float64 op0 = get_opf64(PARAM2);
+    set_opf64(PARAM1, float64_trunc_to_int(op0, &CPU_FP_STATUS));
+    FORCE_RET();
+}
+
+OP(compare_quietf64)
+{
+    float64 op0 = get_opf64(PARAM2);
+    float64 op1 = get_opf64(PARAM3);
+    set_op(PARAM1, float64_compare_quiet(op0, op1, &CPU_FP_STATUS));
+    FORCE_RET();
+}
+DEFO32(D0, dregs[0])
+DEFO32(D1, dregs[1])
+DEFO32(D2, dregs[2])
+DEFO32(D3, dregs[3])
+DEFO32(D4, dregs[4])
+DEFO32(D5, dregs[5])
+DEFO32(D6, dregs[6])
+DEFO32(D7, dregs[7])
+DEFO32(A0, aregs[0])
+DEFO32(A1, aregs[1])
+DEFO32(A2, aregs[2])
+DEFO32(A3, aregs[3])
+DEFO32(A4, aregs[4])
+DEFO32(A5, aregs[5])
+DEFO32(A6, aregs[6])
+DEFO32(SP, aregs[7]) /* A7 */
+DEFF64(F0, fregs[0])
+DEFF64(F1, fregs[1])
+DEFF64(F2, fregs[2])
+DEFF64(F3, fregs[3])
+DEFF64(F4, fregs[4])
+DEFF64(F5, fregs[5])
+DEFF64(F6, fregs[6])
+DEFF64(F7, fregs[7])
+DEFF64(FP_RESULT, fp_result)
+DEFO32(PC, pc)
+DEFO32(CC_OP, cc_op)
+DEFR(T0, AREG1, QMODE_I32)
+DEFO32(CC_DEST, cc_dest)
+DEFO32(CC_SRC, cc_src)
+DEFO32(CC_X, cc_x)
+DEFO32(DIV1, div1)
+DEFO32(DIV2, div2)
+DEFO32(EXCEPTION, exception_index)
+/*
+ *  m68k translation
+ * 
+ *  Copyright (c) 2005-2006 CodeSourcery
+ *  Written by Paul Brook
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+#include <stdarg.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <inttypes.h>
+
+#include "config.h"
+#include "cpu.h"
+#include "exec-all.h"
+#include "disas.h"
+#include "m68k-qreg.h"
+
+static inline void qemu_assert(int cond, const char *msg)
+{
+    if (!cond) {
+        fprintf (stderr, "badness: %s\n", msg);
+        abort();
+    }
+}
+
+/* internal defines */
+typedef struct DisasContext {
+    target_ulong pc;
+    int is_jmp;
+    int cc_op;
+    uint32_t fpcr;
+    struct TranslationBlock *tb;
+    int singlestep_enabled;
+} DisasContext;
+
+#define DISAS_JUMP_NEXT 4
+
+/* XXX: move that elsewhere */
+/* ??? Fix exceptions.  */
+static void *gen_throws_exception;
+#define gen_last_qop NULL
+
+static uint16_t *gen_opc_ptr;
+static uint32_t *gen_opparam_ptr;
+extern FILE *logfile;
+extern int loglevel;
+
+enum {
+#define DEF(s, n, copy_size) INDEX_op_ ## s,
+#include "opc.h"
+#undef DEF
+    NB_OPS,
+};
+
+#include "gen-op.h"
+#include "op-hacks.h"
+
+#define OS_BYTE 0
+#define OS_WORD 1
+#define OS_LONG 2
+#define OS_SINGLE 4
+#define OS_DOUBLE 5
+
+#define DREG(insn, pos) (((insn >> pos) & 7) + QREG_D0)
+#define AREG(insn, pos) (((insn >> pos) & 7) + QREG_A0)
+#define FREG(insn, pos) (((insn >> pos) & 7) + QREG_F0)
+
+#define M68K_INSN_CF_A    (1 << 0)
+#define M68K_INSN_CF_B    (1 << 1)
+#define M68K_INSN_CF_C    (1 << 2)
+#define M68K_INSN_CF_MAC  (1 << 3)
+#define M68K_INSN_CF_EMAC (1 << 4)
+#define M68K_INSN_CF_FPU  (1 << 5)
+
+struct m68k_def_t {
+    const char * name;
+    uint32_t insns;
+};
+
+static m68k_def_t m68k_cpu_defs[] = {
+    {"m5206", M68K_INSN_CF_A},
+    {"cfv4e", M68K_INSN_CF_A | M68K_INSN_CF_B | M68K_INSN_CF_C
+            | M68K_INSN_CF_MAC | M68K_INSN_CF_EMAC | M68K_INSN_CF_FPU},
+    {NULL, 0}, 
+};
+
+typedef void (*disas_proc)(DisasContext *, uint16_t);
+
+#define DISAS_INSN(name) \
+  static void disas_##name (DisasContext *s, uint16_t insn)
+
+/* Generate a load from the specified address.  Narrow values are
+   sign extended to full register width.  */
+static inline int gen_load(int opsize, int addr, int sign)
+{
+    int tmp;
+    switch(opsize) {
+    case OS_BYTE:
+        tmp = gen_new_qreg(QMODE_I32);
+        if (sign)
+            gen_op_ld8s32(tmp, addr);
+        else
+            gen_op_ld8u32(tmp, addr);
+        break;
+    case OS_WORD:
+        tmp = gen_new_qreg(QMODE_I32);
+        if (sign)
+            gen_op_ld16s32(tmp, addr);
+        else
+            gen_op_ld16u32(tmp, addr);
+        break;
+    case OS_LONG:
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_ld32(tmp, addr);
+        break;
+    case OS_SINGLE:
+        tmp = gen_new_qreg(QMODE_F32);
+        gen_op_ldf32(tmp, addr);
+        break;
+    case OS_DOUBLE:
+        tmp  = gen_new_qreg(QMODE_F64);
+        gen_op_ldf64(tmp, addr);
+        break;
+    default:
+        qemu_assert(0, "bad load size");
+    }
+    gen_throws_exception = gen_last_qop;
+    return tmp;
+}
+
+/* Generate a store.  */
+static inline void gen_store(int opsize, int addr, int val)
+{
+    switch(opsize) {
+    case OS_BYTE:
+        gen_op_st8(addr, val);
+        break;
+    case OS_WORD:
+        gen_op_st16(addr, val);
+        break;
+    case OS_LONG:
+        gen_op_st32(addr, val);
+        break;
+    case OS_SINGLE:
+        gen_op_stf32(addr, val);
+        break;
+    case OS_DOUBLE:
+        gen_op_stf64(addr, val);
+        break;
+    default:
+        qemu_assert(0, "bad store size");
+    }
+    gen_throws_exception = gen_last_qop;
+}
+
+/* Generate an unsigned load if VAL is 0 a signed load if val is -1,
+   otherwise generate a store.  */
+static int gen_ldst(int opsize, int addr, int val)
+{
+    if (val > 0) {
+        gen_store(opsize, addr, val);
+        return 0;
+    } else {
+        return gen_load(opsize, addr, val != 0);
+    }
+}
+
+/* Handle a base + index + displacement effective addresss.  A base of
+   -1 means pc-relative.  */
+static int gen_lea_indexed(DisasContext *s, int opsize, int base)
+{
+    int scale;
+    uint32_t offset;
+    uint16_t ext;
+    int add;
+    int tmp;
+
+    offset = s->pc;
+    ext = lduw(s->pc);
+    s->pc += 2;
+    tmp = ((ext >> 12) & 7) + ((ext & 0x8000) ? QREG_A0 : QREG_D0);
+    /* ??? Check W/L bit.  */
+    scale = (ext >> 9) & 3;
+    if (scale == 0) {
+        add = tmp;
+    } else {
+        add = gen_new_qreg(QMODE_I32);
+        gen_op_shl32(add, tmp, gen_im32(scale));
+    }
+    tmp = gen_new_qreg(QMODE_I32);
+    if (base != -1) {
+        gen_op_add32(tmp, base, gen_im32((int8_t)ext));
+        gen_op_add32(tmp, tmp, add);
+    } else {
+        gen_op_add32(tmp, add, gen_im32(offset + (int8_t)ext));
+    }
+    return tmp;
+}
+
+/* Read a 32-bit immediate constant.  */
+static inline uint32_t read_im32(DisasContext *s)
+{
+    uint32_t im;
+    im = ((uint32_t)lduw(s->pc)) << 16;
+    s->pc += 2;
+    im |= lduw(s->pc);
+    s->pc += 2;
+    return im;
+}
+
+
+/* Update the CPU env CC_OP state.  */
+static inline void gen_flush_cc_op(DisasContext *s)
+{
+    if (s->cc_op != CC_OP_DYNAMIC)
+        gen_op_mov32(QREG_CC_OP, gen_im32(s->cc_op));
+}
+
+/* Evaluate all the CC flags.  */
+static inline void gen_flush_flags(DisasContext *s)
+{
+    if (s->cc_op == CC_OP_FLAGS)
+        return;
+    gen_op_flush_flags(s->cc_op);
+    s->cc_op = CC_OP_FLAGS;
+}
+
+static inline int opsize_bytes(int opsize)
+{
+    switch (opsize) {
+    case OS_BYTE: return 1;
+    case OS_WORD: return 2;
+    case OS_LONG: return 4;
+    case OS_SINGLE: return 4;
+    case OS_DOUBLE: return 8;
+    default:
+        qemu_assert(0, "bad operand size");
+    }
+}
+
+/* Assign value to a register.  If the width is less than the register width
+   only the low part of the register is set.  */
+static void gen_partset_reg(int opsize, int reg, int val)
+{
+    int tmp;
+    switch (opsize) {
+    case OS_BYTE:
+        gen_op_and32(reg, reg, gen_im32(0xffffff00));
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_and32(tmp, val, gen_im32(0xff));
+        gen_op_or32(reg, reg, tmp);
+        break;
+    case OS_WORD:
+        gen_op_and32(reg, reg, gen_im32(0xffff0000));
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_and32(tmp, val, gen_im32(0xffff));
+        gen_op_or32(reg, reg, tmp);
+        break;
+    case OS_LONG:
+        gen_op_mov32(reg, val);
+        break;
+    case OS_SINGLE:
+        gen_op_pack_32_f32(reg, val);
+        break;
+    default:
+        qemu_assert(0, "Bad operand size");
+        break;
+    }
+}
+
+/* Sign or zero extend a value.  */
+static inline int gen_extend(int val, int opsize, int sign)
+{
+    int tmp;
+
+    switch (opsize) {
+    case OS_BYTE:
+        tmp = gen_new_qreg(QMODE_I32);
+        if (sign)
+            gen_op_ext8s32(tmp, val);
+        else
+            gen_op_ext8u32(tmp, val);
+        break;
+    case OS_WORD:
+        tmp = gen_new_qreg(QMODE_I32);
+        if (sign)
+            gen_op_ext16s32(tmp, val);
+        else
+            gen_op_ext16u32(tmp, val);
+        break;
+    case OS_LONG:
+        tmp = val;
+        break;
+    case OS_SINGLE:
+        tmp = gen_new_qreg(QMODE_F32);
+        gen_op_pack_f32_32(tmp, val);
+        break;
+    default:
+        qemu_assert(0, "Bad operand size");
+    }
+    return tmp;
+}
+
+/* Generate code for an "effective address".  Does not adjust the base
+   register for autoincrememnt addressing modes.  */
+static int gen_lea(DisasContext *s, uint16_t insn, int opsize)
+{
+    int reg;
+    int tmp;
+    uint16_t ext;
+    uint32_t offset;
+
+    reg = insn & 7;
+    switch ((insn >> 3) & 7) {
+    case 0: /* Data register direct.  */
+    case 1: /* Address register direct.  */
+        /* ??? generate bad addressing mode fault.  */
+        qemu_assert(0, "invalid addressing mode");
+    case 2: /* Indirect register */
+    case 3: /* Indirect postincrement.  */
+        reg += QREG_A0;
+        return reg;
+    case 4: /* Indirect predecrememnt.  */
+        reg += QREG_A0;
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_sub32(tmp, reg, gen_im32(opsize_bytes(opsize)));
+        return tmp;
+    case 5: /* Indirect displacement.  */
+        reg += QREG_A0;
+        tmp = gen_new_qreg(QMODE_I32);
+        ext = lduw(s->pc);
+        s->pc += 2;
+        gen_op_add32(tmp, reg, gen_im32((int16_t)ext));
+        return tmp;
+    case 6: /* Indirect index + displacement.  */
+        reg += QREG_A0;
+        return gen_lea_indexed(s, opsize, reg);
+    case 7: /* Other */
+        switch (reg) {
+        case 0: /* Absolute short.  */
+            offset = ldsw(s->pc);
+            s->pc += 2;
+            return gen_im32(offset);
+        case 1: /* Absolute long.  */
+            offset = read_im32(s);
+            return gen_im32(offset);
+        case 2: /* pc displacement  */
+            tmp = gen_new_qreg(QMODE_I32);
+            offset = s->pc;
+            offset += ldsw(s->pc);
+            s->pc += 2;
+            return gen_im32(offset);
+        case 3: /* pc index+displacement.  */
+            return gen_lea_indexed(s, opsize, -1);
+        case 4: /* Immediate.  */
+        default:
+            /* ??? generate bad addressing mode fault.  */
+            qemu_assert(0, "invalid addressing mode");
+        }
+    }
+    /* Should never happen.  */
+    return -1;
+}
+
+/* Helper function for gen_ea. Reuse the computed address between the
+   for read/write operands.  */
+static inline int gen_ea_once(DisasContext *s, uint16_t insn, int opsize,
+                              int val, int *addrp)
+{
+    int tmp;
+
+    if (addrp && val > 0) {
+        tmp = *addrp;
+    } else {
+        tmp = gen_lea(s, insn, opsize);
+        if (addrp)
+            *addrp = tmp;
+    }
+    return gen_ldst(opsize, tmp, val);
+}
+
+/* Generate code to load/store a value ito/from an EA.  If VAL > 0 this is
+   a write otherwise it is a read (0 == sign extend, -1 == zero extend).
+   ADDRP is non-null for readwrite operands.  */
+static int gen_ea(DisasContext *s, uint16_t insn, int opsize, int val,
+                  int *addrp)
+{
+    int reg;
+    int result;
+    uint32_t offset;
+
+    reg = insn & 7;
+    switch ((insn >> 3) & 7) {
+    case 0: /* Data register direct.  */
+        reg += QREG_D0;
+        if (val > 0) {
+            gen_partset_reg(opsize, reg, val);
+            return 0;
+        } else {
+            return gen_extend(reg, opsize, val);
+        }
+    case 1: /* Address register direct.  */
+        reg += QREG_A0;
+        if (val > 0) {
+            gen_op_mov32(reg, val);
+            return 0;
+        } else {
+            return gen_extend(reg, opsize, val);
+        }
+    case 2: /* Indirect register */
+        reg += QREG_A0;
+        return gen_ldst(opsize, reg, val);
+    case 3: /* Indirect postincrement.  */
+        reg += QREG_A0;
+        result = gen_ldst(opsize, reg, val);
+        /* ??? This is not exception safe.  The instruction may still
+           fault after this point.  */
+        if (val > 0 || !addrp)
+            gen_op_add32(reg, reg, gen_im32(opsize_bytes(opsize)));
+        return result;
+    case 4: /* Indirect predecrememnt.  */
+        {
+            int tmp;
+            if (addrp && val > 0) {
+                tmp = *addrp;
+            } else {
+                tmp = gen_lea(s, insn, opsize);
+                if (addrp)
+                    *addrp = tmp;
+            }
+            result = gen_ldst(opsize, tmp, val);
+            /* ??? This is not exception safe.  The instruction may still
+               fault after this point.  */
+            if (val > 0 || !addrp) {
+                reg += QREG_A0;
+                gen_op_mov32(reg, tmp);
+            }
+        }
+        return result;
+    case 5: /* Indirect displacement.  */
+    case 6: /* Indirect index + displacement.  */
+        return gen_ea_once(s, insn, opsize, val, addrp);
+    case 7: /* Other */
+        switch (reg) {
+        case 0: /* Absolute short.  */
+        case 1: /* Absolute long.  */
+        case 2: /* pc displacement  */
+        case 3: /* pc index+displacement.  */
+            return gen_ea_once(s, insn, opsize, val, addrp);
+        case 4: /* Immediate.  */
+            /* Sign extend values for consistency.  */
+            switch (opsize) {
+            case OS_BYTE:
+                if (val)
+                    offset = ldsb(s->pc + 1);
+                else
+                    offset = ldub(s->pc + 1);
+                s->pc += 2;
+                break;
+            case OS_WORD:
+                if (val)
+                    offset = ldsw(s->pc);
+                else
+                    offset = lduw(s->pc);
+                s->pc += 2;
+                break;
+            case OS_LONG:
+                offset = read_im32(s);
+                break;
+            default:
+                qemu_assert(0, "Bad immediate operand");
+            }
+            return gen_im32(offset);
+        default:
+            qemu_assert(0, "invalid addressing mode");
+        }
+    }
+    /* Should never happen.  */
+    return -1;
+}
+
+static void gen_logic_cc(DisasContext *s, int val)
+{
+    gen_op_logic_cc(val);
+    s->cc_op = CC_OP_LOGIC;
+}
+
+static void gen_jmpcc(DisasContext *s, int cond, int l1)
+{
+    int tmp;
+
+    gen_flush_flags(s);
+    switch (cond) {
+    case 0: /* T */
+        gen_op_jmp(l1);
+        break;
+    case 1: /* F */
+        break;
+    case 2: /* HI (!C && !Z) */
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_and32(tmp, QREG_CC_DEST, gen_im32(CCF_C | CCF_Z));
+        gen_op_jmp_z32(tmp, l1);
+        break;
+    case 3: /* LS (C || Z) */
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_and32(tmp, QREG_CC_DEST, gen_im32(CCF_C | CCF_Z));
+        gen_op_jmp_nz32(tmp, l1);
+        break;
+    case 4: /* CC (!C) */
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_and32(tmp, QREG_CC_DEST, gen_im32(CCF_C));
+        gen_op_jmp_z32(tmp, l1);
+        break;
+    case 5: /* CS (C) */
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_and32(tmp, QREG_CC_DEST, gen_im32(CCF_C));
+        gen_op_jmp_nz32(tmp, l1);
+        break;
+    case 6: /* NE (!Z) */
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_and32(tmp, QREG_CC_DEST, gen_im32(CCF_Z));
+        gen_op_jmp_z32(tmp, l1);
+        break;
+    case 7: /* EQ (Z) */
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_and32(tmp, QREG_CC_DEST, gen_im32(CCF_Z));
+        gen_op_jmp_nz32(tmp, l1);
+        break;
+    case 8: /* VC (!V) */
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_and32(tmp, QREG_CC_DEST, gen_im32(CCF_V));
+        gen_op_jmp_z32(tmp, l1);
+        break;
+    case 9: /* VS (V) */
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_and32(tmp, QREG_CC_DEST, gen_im32(CCF_V));
+        gen_op_jmp_nz32(tmp, l1);
+        break;
+    case 10: /* PL (!N) */
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_and32(tmp, QREG_CC_DEST, gen_im32(CCF_N));
+        gen_op_jmp_z32(tmp, l1);
+        break;
+    case 11: /* MI (N) */
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_and32(tmp, QREG_CC_DEST, gen_im32(CCF_N));
+        gen_op_jmp_nz32(tmp, l1);
+        break;
+    case 12: /* GE (!(N ^ V)) */
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_shr32(tmp, QREG_CC_DEST, gen_im32(2));
+        gen_op_xor32(tmp, tmp, QREG_CC_DEST);
+        gen_op_and32(tmp, tmp, gen_im32(CCF_V));
+        gen_op_jmp_z32(tmp, l1);
+        break;
+    case 13: /* LT (N ^ V) */
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_shr32(tmp, QREG_CC_DEST, gen_im32(2));
+        gen_op_xor32(tmp, tmp, QREG_CC_DEST);
+        gen_op_and32(tmp, tmp, gen_im32(CCF_V));
+        gen_op_jmp_nz32(tmp, l1);
+        break;
+    case 14: /* GT (!(Z || (N ^ V))) */
+        {
+            int l2;
+            l2 = gen_new_label();
+            tmp = gen_new_qreg(QMODE_I32);
+            gen_op_and32(tmp, QREG_CC_DEST, gen_im32(CCF_Z));
+            gen_op_jmp_nz32(tmp, l2);
+            tmp = gen_new_qreg(QMODE_I32);
+            gen_op_shr32(tmp, QREG_CC_DEST, gen_im32(2));
+            gen_op_xor32(tmp, tmp, QREG_CC_DEST);
+            gen_op_and32(tmp, tmp, gen_im32(CCF_V));
+            gen_op_jmp_nz32(tmp, l2);
+            gen_op_jmp(l1);
+            gen_set_label(l2);
+        }
+        break;
+    case 15: /* LE (Z || (N ^ V)) */
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_and32(tmp, QREG_CC_DEST, gen_im32(CCF_Z));
+        gen_op_jmp_nz32(tmp, l1);
+        tmp = gen_new_qreg(QMODE_I32);
+        gen_op_shr32(tmp, QREG_CC_DEST, gen_im32(2));
+        gen_op_xor32(tmp, tmp, QREG_CC_DEST);
+        gen_op_and32(tmp, tmp, gen_im32(CCF_V));
+        gen_op_jmp_nz32(tmp, l1);
+        break;
+    default:
+        /* Should ever happen.  */
+        abort();
+    }
+}
+
+DISAS_INSN(scc)
+{
+    int l1;
+    int cond;
+    int reg;
+
+    l1 = gen_new_label();
+    cond = (insn >> 8) & 0xf;
+    reg = DREG(insn, 0);
+    gen_op_and32(reg, reg, gen_im32(0xffffff00));
+    gen_jmpcc(s, cond ^ 1, l1);
+    gen_op_or32(reg, reg, gen_im32(0xff));
+    gen_set_label(l1);
+}
+
+/* Generate a jump to to the address in qreg DEST.  */
+static void gen_jmp(DisasContext *s, int dest)
+{
+    gen_flush_cc_op(s);
+    gen_op_mov32(QREG_PC, dest);
+    s->is_jmp = DISAS_JUMP;
+}
+
+static void gen_exception(DisasContext *s, uint32_t where, int nr)
+{
+    gen_flush_cc_op(s);
+    gen_jmp(s, gen_im32(where));
+    gen_op_raise_exception(nr);
+}
+
+/* Generate a jump to an immediate address.  */
+static void gen_jmp_tb(DisasContext *s, int n, uint32_t dest)
+{
+    TranslationBlock *tb;
+
+    tb = s->tb;
+    if (__builtin_expect (s->singlestep_enabled, 0)) {
+        gen_exception(s, dest, EXCP_DEBUG);
+    } else if ((tb->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK) ||
+               (s->pc & TARGET_PAGE_MASK) == (dest & TARGET_PAGE_MASK)) {
+        gen_op_goto_tb(0, n, (long)tb);
+        gen_op_mov32(QREG_PC, gen_im32(dest));
+        gen_op_mov32(QREG_T0, gen_im32((long)tb + n));
+        gen_op_exit_tb();
+    } else {
+        gen_jmp(s, gen_im32(dest));
+        gen_op_mov32(QREG_T0, gen_im32(0));
+        gen_op_exit_tb();
+    }
+    s->is_jmp = DISAS_TB_JUMP;
+}
+
+DISAS_INSN(undef_mac)
+{
+    gen_exception(s, s->pc - 2, EXCP_LINEA);
+}
+
+DISAS_INSN(undef_fpu)
+{
+    gen_exception(s, s->pc - 2, EXCP_LINEF);
+}
+
+DISAS_INSN(undef)
+{
+    gen_exception(s, s->pc - 2, EXCP_UNSUPPORTED);
+    cpu_abort(cpu_single_env, "Illegal instruction: %04x @ %08x",
+              insn, s->pc - 2);
+}
+
+DISAS_INSN(mulw)
+{
+    int reg;
+    int tmp;
+    int src;
+    int sign;
+
+    sign = (insn & 0x100) != 0;
+    reg = DREG(insn, 9);
+    tmp = gen_new_qreg(QMODE_I32);
+    if (sign)
+        gen_op_ext16s32(tmp, reg);
+    else
+        gen_op_ext16u32(tmp, reg);
+    src = gen_ea(s, insn, OS_WORD, sign ? -1 : 0, NULL);
+    gen_op_mul32(tmp, tmp, src);
+    gen_op_mov32(reg, tmp);
+    /* Unlike m68k, coldfire always clears the overflow bit.  */
+    gen_logic_cc(s, tmp);
+}
+
+DISAS_INSN(divw)
+{
+    int reg;
+    int tmp;
+    int src;
+    int sign;
+
+    sign = (insn & 0x100) != 0;
+    reg = DREG(insn, 9);
+    if (sign) {
+        gen_op_ext16s32(QREG_DIV1, reg);
+    } else {
+        gen_op_ext16u32(QREG_DIV1, reg);
+    }
+    src = gen_ea(s, insn, OS_WORD, sign ? -1 : 0, NULL);
+    gen_op_mov32(QREG_DIV2, src);
+    if (sign) {
+        gen_op_divs(1);
+    } else {
+        gen_op_divu(1);
+    }
+
+    tmp = gen_new_qreg(QMODE_I32);
+    src = gen_new_qreg(QMODE_I32);
+    gen_op_ext16u32(tmp, QREG_DIV1);
+    gen_op_shl32(src, QREG_DIV2, gen_im32(16));
+    gen_op_or32(reg, tmp, src);
+    gen_op_flags_set();
+    s->cc_op = CC_OP_FLAGS;
+}
+
+DISAS_INSN(divl)
+{
+    int num;
+    int den;
+    int reg;
+    uint16_t ext;
+
+    ext = lduw(s->pc);
+    s->pc += 2;
+    if (ext & 0x87f8) {
+        gen_exception(s, s->pc - 4, EXCP_UNSUPPORTED);
+        return;
+    }
+    num = DREG(ext, 12);
+    reg = DREG(ext, 0);
+    gen_op_mov32(QREG_DIV1, num);
+    den = gen_ea(s, insn, OS_LONG, 0, NULL);
+    gen_op_mov32(QREG_DIV2, den);
+    if (ext & 0x0800) {
+        gen_op_divs(0);
+    } else {
+        gen_op_divu(0);
+    }
+    if (num == reg) {
+        /* div */
+        gen_op_mov32 (reg, QREG_DIV1);
+    } else {
+        /* rem */
+        gen_op_mov32 (reg, QREG_DIV2);
+    }
+    gen_op_flags_set();
+    s->cc_op = CC_OP_FLAGS;
+}
+
+DISAS_INSN(addsub)
+{
+    int reg;
+    int dest;
+    int src;
+    int tmp;
+    int addr;
+    int add;
+
+    add = (insn & 0x4000) != 0;
+    reg = DREG(insn, 9);
+    dest = gen_new_qreg(QMODE_I32);
+    if (insn & 0x100) {
+        tmp = gen_ea(s, insn, OS_LONG, 0, &addr);
+        src = reg;
+    } else {
+        tmp = reg;
+        src = gen_ea(s, insn, OS_LONG, 0, NULL);
+    }
+    if (add) {
+        gen_op_add32(dest, tmp, src);
+        gen_op_update_xflag_lt(dest, src);
+        s->cc_op = CC_OP_ADD;
+    } else {
+        gen_op_update_xflag_lt(tmp, src);
+        gen_op_sub32(dest, tmp, src);
+        s->cc_op = CC_OP_SUB;
+    }
+    gen_op_update_cc_add(dest, src);
+    if (insn & 0x100) {
+        gen_ea(s, insn, OS_LONG, dest, &addr);
+    } else {
+        gen_op_mov32(reg, dest);
+    }
+}
+
+
+/* Reverse the order of the bits in REG.  */
+DISAS_INSN(bitrev)
+{
+    int val;
+    int tmp1;
+    int tmp2;
+    int reg;
+
+    val = gen_new_qreg(QMODE_I32);
+    tmp1 = gen_new_qreg(QMODE_I32);
+    tmp2 = gen_new_qreg(QMODE_I32);
+    reg = DREG(insn, 0);
+    gen_op_mov32(val, reg);
+    /* Reverse bits within each nibble.  */
+    gen_op_shl32(tmp1, val, gen_im32(3));
+    gen_op_and32(tmp1, tmp1, gen_im32(0x88888888));
+    gen_op_shl32(tmp2, val, gen_im32(1));
+    gen_op_and32(tmp2, tmp2, gen_im32(0x44444444));
+    gen_op_or32(tmp1, tmp1, tmp2);
+    gen_op_shr32(tmp2, val, gen_im32(1));
+    gen_op_and32(tmp2, tmp2, gen_im32(0x22222222));
+    gen_op_or32(tmp1, tmp1, tmp2);
+    gen_op_shr32(tmp2, val, gen_im32(3));
+    gen_op_and32(tmp2, tmp2, gen_im32(0x11111111));
+    gen_op_or32(tmp1, tmp1, tmp2);
+    /* Reverse nibbles withing bytes.  */
+    gen_op_shl32(val, tmp1, gen_im32(4));
+    gen_op_and32(val, val, gen_im32(0xf0f0f0f0));
+    gen_op_shr32(tmp2, tmp1, gen_im32(4));
+    gen_op_and32(tmp2, tmp2, gen_im32(0x0f0f0f0f));
+    gen_op_or32(val, val, tmp2);
+    /* Reverse bytes.  */
+    gen_op_bswap32(reg, val);
+    gen_op_mov32(reg, val);
+}
+
+DISAS_INSN(bitop_reg)
+{
+    int opsize;
+    int op;
+    int src1;
+    int src2;
+    int tmp;
+    int addr;
+    int dest;
+
+    if ((insn & 0x38) != 0)
+        opsize = OS_BYTE;
+    else
+        opsize = OS_LONG;
+    op = (insn >> 6) & 3;
+    src1 = gen_ea(s, insn, opsize, 0, op ? &addr: NULL);
+    src2 = DREG(insn, 9);
+    dest = gen_new_qreg(QMODE_I32);
+
+    gen_flush_flags(s);
+    tmp = gen_new_qreg(QMODE_I32);
+    if (opsize == OS_BYTE)
+        gen_op_and32(tmp, src2, gen_im32(7));
+    else
+        gen_op_and32(tmp, src2, gen_im32(31));
+    src2 = tmp;
+    tmp = gen_new_qreg(QMODE_I32);
+    gen_op_shl32(tmp, gen_im32(1), src2);
+
+    gen_op_btest(src1, tmp);
+    switch (op) {
+    case 1: /* bchg */
+        gen_op_xor32(dest, src1, tmp);
+        break;
+    case 2: /* bclr */
+        gen_op_not32(tmp, tmp);
+        gen_op_and32(dest, src1, tmp);
+        break;
+    case 3: /* bset */
+        gen_op_or32(dest, src1, tmp);
+        break;
+    default: /* btst */
+        break;
+    }
+    if (op)
+        gen_ea(s, insn, opsize, dest, &addr);
+}
+
+DISAS_INSN(sats)
+{
+    int reg;
+    int tmp;
+    int l1;
+
+    reg = DREG(insn, 0);
+    tmp = gen_new_qreg(QMODE_I32);
+    gen_flush_flags(s);
+    gen_op_and32(tmp, QREG_CC_DEST, gen_im32(CCF_V));
+    l1 = gen_new_label();
+    gen_op_jmp_z32(tmp, l1);
+    tmp = gen_new_qreg(QMODE_I32);
+    gen_op_shr32(tmp, reg, gen_im32(31));
+    gen_op_xor32(tmp, tmp, gen_im32(0x80000000));
+    gen_op_mov32(reg, tmp);
+    gen_set_label(l1);
+    gen_logic_cc(s, tmp);
+}
+
+static void gen_push(int val)
+{
+    int tmp;
+
+    tmp = gen_new_qreg(QMODE_I32);
+    gen_op_sub32(tmp, QREG_SP, gen_im32(4));
+    gen_store(OS_LONG, tmp, val);
+    gen_op_mov32(QREG_SP, tmp);
+}
+
+DISAS_INSN(movem)
+{
+    int addr;
+    int i;
+    uint16_t mask;
+    int reg;
+    int tmp;
+    int is_load;
+
+    mask = lduw(s->pc);
+    s->pc += 2;
+    tmp = gen_lea(s, insn, OS_LONG);
+    addr = gen_new_qreg(QMODE_I32);
+    gen_op_mov32(addr, tmp);
+    is_load = ((insn & 0x0400) != 0);
+    for (i = 0; i < 16; i++, mask >>= 1) {
+        if (mask & 1) {
+            if (i < 8)
+                reg = DREG(i, 0);
+            else
+                reg = AREG(i, 0);
+            if (is_load) {
+                tmp = gen_load(OS_LONG, addr, 0);
+                gen_op_mov32(reg, tmp);
+            } else {
+                gen_store(OS_LONG, addr, reg);
+            }
+            if (mask != 1)
+                gen_op_add32(addr, addr, gen_im32(4));
+        }
+    }
+}
+
+DISAS_INSN(bitop_im)
+{
+    int opsize;
+    int op;
+    int src1;
+    uint32_t mask;
+    int bitnum;
+    int tmp;
+    int addr;
+    int dest;
+
+    if ((insn & 0x38) != 0)
+        opsize = OS_BYTE;
+    else
+        opsize = OS_LONG;
+    op = (insn >> 6) & 3;
+
+    bitnum = lduw(s->pc);
+    s->pc += 2;
+    if (bitnum & 0xff00) {
+        disas_undef(s, insn);
+        return;
+    }
+
+    src1 = gen_ea(s, insn, opsize, 0, op ? &addr: NULL);
+
+    gen_flush_flags(s);
+    tmp = gen_new_qreg(QMODE_I32);
+    if (opsize == OS_BYTE)
+        bitnum &= 7;
+    else
+        bitnum &= 31;
+    mask = 1 << bitnum;
+
+    gen_op_btest(src1, gen_im32(mask));
+    if (op)
+        dest = gen_new_qreg(QMODE_I32);
+    else
+        dest = -1;
+
+    switch (op) {
+    case 1: /* bchg */
+        gen_op_xor32(dest, src1, gen_im32(mask));
+        break;
+    case 2: /* bclr */
+        gen_op_and32(dest, src1, gen_im32(~mask));
+        break;
+    case 3: /* bset */
+        gen_op_or32(dest, src1, gen_im32(mask));
+        break;
+    default: /* btst */
+        break;
+    }
+    if (op)
+        gen_ea(s, insn, opsize, dest, &addr);
+}
+
+DISAS_INSN(arith_im)
+{
+    int op;
+    int src1;
+    int dest;
+    int src2;
+    int addr;
+
+    op = (insn >> 9) & 7;
+    src1 = gen_ea(s, insn, OS_LONG, 0, (op == 6) ? NULL : &addr);
+    src2 = gen_im32(read_im32(s));
+    dest = gen_new_qreg(QMODE_I32);
+    switch (op) {
+    case 0: /* ori */
+        gen_op_or32(dest, src1, src2);
+        gen_logic_cc(s, dest);
+        break;
+    case 1: /* andi */
+        gen_op_and32(dest, src1, src2);
+        gen_logic_cc(s, dest);
+        break;
+    case 2: /* subi */
+        gen_op_mov32(dest, src1);
+        gen_op_update_xflag_lt(dest, src2);
+        gen_op_sub32(dest, dest, src2);
+        gen_op_update_cc_add(dest, src2);
+        s->cc_op = CC_OP_SUB;
+        break;
+    case 3: /* addi */
+        gen_op_mov32(dest, src1);
+        gen_op_add32(dest, dest, src2);
+        gen_op_update_cc_add(dest, src2);
+        gen_op_update_xflag_lt(dest, src2);
+        s->cc_op = CC_OP_ADD;
+        break;
+    case 5: /* eori */
+        gen_op_xor32(dest, src1, src2);
+        gen_logic_cc(s, dest);
+        break;
+    case 6: /* cmpi */
+        gen_op_mov32(dest, src1);
+        gen_op_sub32(dest, dest, src2);
+        gen_op_update_cc_add(dest, src2);
+        s->cc_op = CC_OP_SUB;
+        break;
+    default:
+        abort();
+    }
+    if (op != 6) {
+        gen_ea(s, insn, OS_LONG, dest, &addr);
+    }
+}
+
+DISAS_INSN(byterev)
+{
+    int reg;
+
+    reg = DREG(insn, 0);
+    gen_op_bswap32(reg, reg);
+}
+
+DISAS_INSN(move)
+{
+    int src;
+    int dest;
+    int op;
+    int opsize;
+
+    switch (insn >> 12) {
+    case 1: /* move.b */
+        opsize = OS_BYTE;
+        break;
+    case 2: /* move.l */
+        opsize = OS_LONG;
+        break;
+    case 3: /* move.w */
+        opsize = OS_WORD;
+        break;
+    default:
+        abort();
+    }
+    src = gen_ea(s, insn, opsize, -1, NULL);
+    op = (insn >> 6) & 7;
+    if (op == 1) {
+        /* movea */
+        /* The value will already have been sign extended.  */
+        dest = AREG(insn, 9);
+        gen_op_mov32(dest, src);
+    } else {
+        /* normal move */
+        uint16_t dest_ea;
+        dest_ea = ((insn >> 9) & 7) | (op << 3);
+        gen_ea(s, dest_ea, opsize, src, NULL);
+        /* This will be correct because loads sign extend.  */
+        gen_logic_cc(s, src);
+    }
+}
+
+DISAS_INSN(negx)
+{
+    int reg;
+    int dest;
+    int tmp;
+
+    gen_flush_flags(s);
+    reg = DREG(insn, 0);
+    dest = gen_new_qreg(QMODE_I32);
+    gen_op_mov32 (dest, gen_im32(0));
+    gen_op_subx_cc(dest, reg);
+    /* !Z is sticky.  */
+    tmp = gen_new_qreg(QMODE_I32);
+    gen_op_mov32 (tmp, QREG_CC_DEST);
+    gen_op_update_cc_add(dest, reg);
+    gen_op_mov32(reg, dest);
+    s->cc_op = CC_OP_DYNAMIC;
+    gen_flush_flags(s);
+    gen_op_or32(tmp, tmp, gen_im32(~CCF_Z));
+    gen_op_and32(QREG_CC_DEST, QREG_CC_DEST, tmp);
+    s->cc_op = CC_OP_FLAGS;
+}
+
+DISAS_INSN(lea)
+{
+    int reg;
+    int tmp;
+
+    reg = AREG(insn, 9);
+    tmp = gen_lea(s, insn, OS_LONG);
+    gen_op_mov32(reg, tmp);
+}
+
+DISAS_INSN(clr)
+{
+    int opsize;
+
+    switch ((insn >> 6) & 3) {
+    case 0: /* clr.b */
+        opsize = OS_BYTE;
+        break;
+    case 1: /* clr.w */
+        opsize = OS_WORD;
+        break;
+    case 2: /* clr.l */
+        opsize = OS_LONG;
+        break;
+    default:
+        abort();
+    }
+    gen_ea (s, insn, opsize, gen_im32(0), NULL);
+    gen_logic_cc(s, gen_im32(0));
+}
+
+DISAS_INSN(move_from_ccr)
+{
+    int reg;
+    int dest;
+
+    gen_flush_flags(s);
+    dest = gen_new_qreg(QMODE_I32);
+    gen_op_get_xflag(dest);
+    gen_op_shl32(dest, dest, gen_im32(4));
+    gen_op_or32(dest, dest, QREG_CC_DEST);
+    reg = DREG(insn, 0);
+    gen_partset_reg(OS_WORD, reg, dest);
+}
+
+DISAS_INSN(neg)
+{
+    int reg;
+    int src1;
+
+    reg = DREG(insn, 0);
+    src1 = gen_new_qreg(QMODE_I32);
+    gen_op_mov32(src1, reg);
+    gen_op_neg32(reg, src1);
+    s->cc_op = CC_OP_SUB;
+    gen_op_update_cc_add(reg, src1);
+    gen_op_update_xflag_lt(gen_im32(0), src1);
+    s->cc_op = CC_OP_SUB;
+}
+
+DISAS_INSN(move_to_ccr)
+{
+    int src1;
+    int reg;
+
+    s->cc_op = CC_OP_FLAGS;
+    if ((insn & 0x38) == 0)
+      {
+        src1 = gen_new_qreg(QMODE_I32);
+        reg = DREG(insn, 0);
+        gen_op_and32(src1, reg, gen_im32(0xf));
+        gen_op_logic_cc(src1);
+        gen_op_shr32(src1, reg, gen_im32(4));
+        gen_op_and32(src1, src1, gen_im32(1));
+        gen_op_update_xflag_tst(src1);
+      }
+    else if ((insn & 0x3f) != 0x3c)
+      {
+        uint8_t val;
+        val = ldsb(s->pc);
+        s->pc += 2;
+        gen_op_logic_cc(gen_im32(val & 0xf));
+        gen_op_update_xflag_tst(gen_im32((val & 0x10) >> 4));
+      }
+    else
+        disas_undef(s, insn);
+}
+
+DISAS_INSN(not)
+{
+    int reg;
+
+    reg = DREG(insn, 0);
+    gen_op_not32(reg, reg);
+    gen_logic_cc(s, reg);
+}
+
+DISAS_INSN(swap)
+{
+    int dest;
+    int src1;
+    int src2;
+    int reg;
+
+    dest = gen_new_qreg(QMODE_I32);
+    src1 = gen_new_qreg(QMODE_I32);
+    src2 = gen_new_qreg(QMODE_I32);
+    reg = DREG(insn, 0);
+    gen_op_shl32(src1, reg, gen_im32(16));
+    gen_op_shr32(src2, reg, gen_im32(16));
+    gen_op_or32(dest, src1, src2);
+    gen_op_mov32(reg, dest);
+    gen_logic_cc(s, dest);
+}
+
+DISAS_INSN(pea)
+{
+    int tmp;
+
+    tmp = gen_lea(s, insn, OS_LONG);
+    gen_push(tmp);
+}
+
+DISAS_INSN(ext)
+{
+    int reg;
+    int op;
+    int tmp;
+
+    reg = DREG(insn, 0);
+    op = (insn >> 6) & 7;
+    tmp = gen_new_qreg(QMODE_I32);
+    if (op == 3)
+        gen_op_ext16s32(tmp, reg);
+    else
+        gen_op_ext8s32(tmp, reg);
+    if (op == 2)
+        gen_partset_reg(OS_WORD, reg, tmp);
+    else
+      gen_op_mov32(reg, tmp);
+    gen_logic_cc(s, tmp);
+}
+
+DISAS_INSN(tst)
+{
+    int opsize;
+    int tmp;
+
+    switch ((insn >> 6) & 3) {
+    case 0: /* tst.b */
+        opsize = OS_BYTE;
+        break;
+    case 1: /* tst.w */
+        opsize = OS_WORD;
+        break;
+    case 2: /* tst.l */
+        opsize = OS_LONG;
+        break;
+    default:
+        abort();
+    }
+    tmp = gen_ea(s, insn, opsize, -1, NULL);
+    gen_logic_cc(s, tmp);
+}
+
+DISAS_INSN(pulse)
+{
+  /* Implemented as a NOP.  */
+}
+
+DISAS_INSN(illegal)
+{
+    gen_exception(s, s->pc - 2, EXCP_ILLEGAL);
+}
+
+/* ??? This should be atomic.  */
+DISAS_INSN(tas)
+{
+    int dest;
+    int src1;
+    int addr;
+
+    dest = gen_new_qreg(QMODE_I32);
+    src1 = gen_ea(s, insn, OS_BYTE, -1, &addr);
+    gen_logic_cc(s, src1);
+    gen_op_or32(dest, src1, gen_im32(0x80));
+    gen_ea(s, insn, OS_BYTE, dest, &addr);
+}
+
+DISAS_INSN(mull)
+{
+    uint16_t ext;
+    int reg;
+    int src1;
+    int dest;
+
+    /* The upper 32 bits of the product are discarded, so
+       muls.l and mulu.l are functionally equivalent.  */
+    ext = lduw(s->pc);
+    s->pc += 2;
+    if (ext & 0x87ff) {
+        gen_exception(s, s->pc - 4, EXCP_UNSUPPORTED);
+        return;
+    }
+    reg = DREG(ext, 12);
+    src1 = gen_ea(s, insn, OS_LONG, 0, NULL);
+    dest = gen_new_qreg(QMODE_I32);
+    gen_op_mul32(dest, src1, reg);
+    gen_op_mov32(reg, dest);
+    /* Unlike m68k, coldfire always clears the overflow bit.  */
+    gen_logic_cc(s, dest);
+}
+
+DISAS_INSN(link)
+{
+    int16_t offset;
+    int reg;
+    int tmp;
+
+    offset = ldsw(s->pc);
+    s->pc += 2;
+    reg = AREG(insn, 0);
+    tmp = gen_new_qreg(QMODE_I32);
+    gen_op_sub32(tmp, QREG_SP, gen_im32(4));
+    gen_store(OS_LONG, tmp, reg);
+    if (reg != QREG_SP)
+        gen_op_mov32(reg, tmp);
+    gen_op_add32(QREG_SP, tmp, gen_im32(offset));
+}
+
+DISAS_INSN(unlk)
+{
+    int src;
+    int reg;
+    int tmp;
+
+    src = gen_new_qreg(QMODE_I32);
+    reg = AREG(insn, 0);
+    gen_op_mov32(src, reg);
+    tmp = gen_load(OS_LONG, src, 0);
+    gen_op_mov32(reg, tmp);
+    gen_op_add32(QREG_SP, src, gen_im32(4));
+}
+
+DISAS_INSN(nop)
+{
+}
+
+DISAS_INSN(rts)
+{
+    int tmp;
+
+    tmp = gen_load(OS_LONG, QREG_SP, 0);
+    gen_op_add32(QREG_SP, QREG_SP, gen_im32(4));
+    gen_jmp(s, tmp);
+}
+
+DISAS_INSN(jump)
+{
+    int tmp;
+
+    /* Load the target address first to ensure correct exception
+       behavior.  */
+    tmp = gen_lea(s, insn, OS_LONG);
+    if ((insn & 0x40) == 0) {
+        /* jsr */
+        gen_push(gen_im32(s->pc));
+    }
+    gen_jmp(s, tmp);
+}
+
+DISAS_INSN(addsubq)
+{
+    int src1;
+    int src2;
+    int dest;
+    int val;
+    int addr;
+
+    src1 = gen_ea(s, insn, OS_LONG, 0, &addr);
+    val = (insn >> 9) & 7;
+    if (val == 0)
+        val = 8;
+    src2 = gen_im32(val);
+    dest = gen_new_qreg(QMODE_I32);
+    gen_op_mov32(dest, src1);
+    if ((insn & 0x38) == 0x08) {
+        /* Don't update condition codes if the destination is an
+           address register.  */
+        if (insn & 0x0100) {
+            gen_op_sub32(dest, dest, src2);
+        } else {
+            gen_op_add32(dest, dest, src2);
+        }
+    } else {
+        if (insn & 0x0100) {
+            gen_op_update_xflag_lt(dest, src2);
+            gen_op_sub32(dest, dest, src2);
+            s->cc_op = CC_OP_SUB;
+        } else {
+            gen_op_add32(dest, dest, src2);
+            gen_op_update_xflag_lt(dest, src2);
+            s->cc_op = CC_OP_ADD;
+        }
+        gen_op_update_cc_add(dest, src2);
+    }
+    gen_ea(s, insn, OS_LONG, dest, &addr);
+}
+
+DISAS_INSN(tpf)
+{
+    switch (insn & 7) {
+    case 2: /* One extension word.  */
+        s->pc += 2;
+        break;
+    case 3: /* Two extension words.  */
+        s->pc += 4;
+        break;
+    case 4: /* No extension words.  */
+        break;
+    default:
+        disas_undef(s, insn);
+    }
+}
+
+DISAS_INSN(branch)
+{
+    int32_t offset;
+    uint32_t base;
+    int op;
+    int l1;
+    
+    base = s->pc;
+    op = (insn >> 8) & 0xf;
+    offset = (int8_t)insn;
+    if (offset == 0) {
+        offset = ldsw(s->pc);
+        s->pc += 2;
+    } else if (offset == -1) {
+        offset = read_im32(s);
+    }
+    if (op == 1) {
+        /* bsr */
+        gen_push(gen_im32(s->pc));
+    }
+    gen_flush_cc_op(s);
+    if (op > 1) {
+        /* Bcc */
+        l1 = gen_new_label();
+        gen_jmpcc(s, ((insn >> 8) & 0xf) ^ 1, l1);
+        gen_jmp_tb(s, 1, base + offset);
+        gen_set_label(l1);
+        gen_jmp_tb(s, 0, s->pc);
+    } else {
+        /* Unconditional branch.  */
+        gen_jmp_tb(s, 0, base + offset);
+    }
+}
+
+DISAS_INSN(moveq)
+{
+    int tmp;
+
+    tmp = gen_im32((int8_t)insn);
+    gen_op_mov32(DREG(insn, 9), tmp);
+    gen_logic_cc(s, tmp);
+}
+
+DISAS_INSN(mvzs)
+{
+    int opsize;
+    int src;
+    int reg;
+
+    if (insn & 0x40)
+        opsize = OS_WORD;
+    else
+        opsize = OS_BYTE;
+    src = gen_ea(s, insn, opsize, (insn & 0x80) ? 0 : -1, NULL);
+    reg = DREG(insn, 9);
+    gen_op_mov32(reg, src);
+    gen_logic_cc(s, src);
+}
+
+DISAS_INSN(or)
+{
+    int reg;
+    int dest;
+    int src;
+    int addr;
+
+    reg = DREG(insn, 9);
+    dest = gen_new_qreg(QMODE_I32);
+    if (insn & 0x100) {
+        src = gen_ea(s, insn, OS_LONG, 0, &addr);
+        gen_op_or32(dest, src, reg);
+        gen_ea(s, insn, OS_LONG, dest, &addr);
+    } else {
+        src = gen_ea(s, insn, OS_LONG, 0, NULL);
+        gen_op_or32(dest, src, reg);
+        gen_op_mov32(reg, dest);
+    }
+    gen_logic_cc(s, dest);
+}
+
+DISAS_INSN(suba)
+{
+    int src;
+    int reg;
+
+    src = gen_ea(s, insn, OS_LONG, 0, NULL);
+    reg = AREG(insn, 9);
+    gen_op_sub32(reg, reg, src);
+}
+
+DISAS_INSN(subx)
+{
+    int reg;
+    int src;
+    int dest;
+    int tmp;
+
+    gen_flush_flags(s);
+    reg = DREG(insn, 9);
+    src = DREG(insn, 0);
+    dest = gen_new_qreg(QMODE_I32);
+    gen_op_mov32 (dest, reg);
+    gen_op_subx_cc(dest, src);
+    /* !Z is sticky.  */
+    tmp = gen_new_qreg(QMODE_I32);
+    gen_op_mov32 (tmp, QREG_CC_DEST);
+    gen_op_update_cc_add(dest, src);
+    gen_op_mov32(reg, dest);
+    s->cc_op = CC_OP_DYNAMIC;
+    gen_flush_flags(s);
+    gen_op_or32(tmp, tmp, gen_im32(~CCF_Z));
+    gen_op_and32(QREG_CC_DEST, QREG_CC_DEST, tmp);
+    s->cc_op = CC_OP_FLAGS;
+}
+
+DISAS_INSN(mov3q)
+{
+    int src;
+    int val;
+
+    val = (insn >> 9) & 7;
+    if (val == 0)
+        val = -1;
+    src = gen_im32(val);
+    gen_logic_cc(s, src);
+    gen_ea(s, insn, OS_LONG, src, NULL);
+}
+
+DISAS_INSN(cmp)
+{
+    int op;
+    int src;
+    int reg;
+    int dest;
+    int opsize;
+
+    op = (insn >> 6) & 3;
+    switch (op) {
+    case 0: /* cmp.b */
+        opsize = OS_BYTE;
+        s->cc_op = CC_OP_CMPB;
+        break;
+    case 1: /* cmp.w */
+        opsize = OS_WORD;
+        s->cc_op = CC_OP_CMPW;
+        break;
+    case 2: /* cmp.l */
+        opsize = OS_LONG;
+        s->cc_op = CC_OP_SUB;
+        break;
+    default:
+        abort();
+    }
+    src = gen_ea(s, insn, opsize, -1, NULL);
+    reg = DREG(insn, 9);
+    dest = gen_new_qreg(QMODE_I32);
+    gen_op_sub32(dest, reg, src);
+    gen_op_update_cc_add(dest, src);
+}
+
+DISAS_INSN(cmpa)
+{
+    int opsize;
+    int src;
+    int reg;
+    int dest;
+
+    if (insn & 0x100) {
+        opsize = OS_LONG;
+    } else {
+        opsize = OS_WORD;
+    }
+    src = gen_ea(s, insn, opsize, -1, NULL);
+    reg = AREG(insn, 9);
+    dest = gen_new_qreg(QMODE_I32);
+    gen_op_sub32(dest, reg, src);
+    gen_op_update_cc_add(dest, src);
+    s->cc_op = CC_OP_SUB;
+}
+
+DISAS_INSN(eor)
+{
+    int src;
+    int reg;
+    int dest;
+    int addr;
+
+    src = gen_ea(s, insn, OS_LONG, 0, &addr);
+    reg = DREG(insn, 9);
+    dest = gen_new_qreg(QMODE_I32);
+    gen_op_xor32(dest, src, reg);
+    gen_logic_cc(s, dest);
+    gen_ea(s, insn, OS_LONG, dest, &addr);
+}
+
+DISAS_INSN(and)
+{
+    int src;
+    int reg;
+    int dest;
+    int addr;
+
+    reg = DREG(insn, 9);
+    dest = gen_new_qreg(QMODE_I32);
+    if (insn & 0x100) {
+        src = gen_ea(s, insn, OS_LONG, 0, &addr);
+        gen_op_and32(dest, src, reg);
+        gen_ea(s, insn, OS_LONG, dest, &addr);
+    } else {
+        src = gen_ea(s, insn, OS_LONG, 0, NULL);
+        gen_op_and32(dest, src, reg);
+        gen_op_mov32(reg, dest);
+    }
+    gen_logic_cc(s, dest);
+}
+
+DISAS_INSN(adda)
+{
+    int src;
+    int reg;
+
+    src = gen_ea(s, insn, OS_LONG, 0, NULL);
+    reg = AREG(insn, 9);
+    gen_op_add32(reg, reg, src);
+}
+
+DISAS_INSN(addx)
+{
+    int reg;
+    int src;
+    int dest;
+    int tmp;
+
+    gen_flush_flags(s);
+    reg = DREG(insn, 9);
+    src = DREG(insn, 0);
+    dest = gen_new_qreg(QMODE_I32);
+    gen_op_mov32 (dest, reg);
+    gen_op_addx_cc(dest, src);
+    /* !Z is sticky.  */
+    tmp = gen_new_qreg(QMODE_I32);
+    gen_op_mov32 (tmp, QREG_CC_DEST);
+    gen_op_update_cc_add(dest, src);
+    gen_op_mov32(reg, dest);
+    s->cc_op = CC_OP_DYNAMIC;
+    gen_flush_flags(s);
+    gen_op_or32(tmp, tmp, gen_im32(~CCF_Z));
+    gen_op_and32(QREG_CC_DEST, QREG_CC_DEST, tmp);
+    s->cc_op = CC_OP_FLAGS;
+}
+
+DISAS_INSN(shift_im)
+{
+    int reg;
+    int tmp;
+
+    reg = DREG(insn, 0);
+    tmp = (insn >> 9) & 7;
+    if (tmp == 0)
+      tmp = 8;
+    if (insn & 0x100) {
+        gen_op_shl_im_cc(reg, tmp);
+        s->cc_op = CC_OP_SHL;
+    } else {
+        if (insn & 8) {
+            gen_op_shr_im_cc(reg, tmp);
+            s->cc_op = CC_OP_SHR;
+        } else {
+            gen_op_sar_im_cc(reg, tmp);
+            s->cc_op = CC_OP_SAR;
+        }
+    }
+}
+
+DISAS_INSN(shift_reg)
+{
+    int reg;
+    int src;
+    int tmp;
+
+    reg = DREG(insn, 0);
+    src = DREG(insn, 9);
+    tmp = gen_new_qreg(QMODE_I32);
+    gen_op_and32(tmp, src, gen_im32(63));
+    if (insn & 0x100) {
+        gen_op_shl_cc(reg, tmp);
+        s->cc_op = CC_OP_SHL;
+    } else {
+        if (insn & 8) {
+            gen_op_shr_cc(reg, tmp);
+            s->cc_op = CC_OP_SHR;
+        } else {
+            gen_op_sar_cc(reg, tmp);
+            s->cc_op = CC_OP_SAR;
+        }
+    }
+}
+
+DISAS_INSN(ff1)
+{
+    cpu_abort(NULL, "Unimplemented insn: ff1");
+}
+
+DISAS_INSN(strldsr)
+{
+    uint16_t ext;
+    uint32_t addr;
+
+    addr = s->pc - 2;
+    ext = lduw(s->pc);
+    s->pc += 2;
+    if (ext != 0x46FC)
+        gen_exception(s, addr, EXCP_UNSUPPORTED);
+    else
+        gen_exception(s, addr, EXCP_PRIVILEGE);
+}
+
+DISAS_INSN(move_from_sr)
+{
+    gen_exception(s, s->pc - 2, EXCP_PRIVILEGE);
+}
+
+DISAS_INSN(move_to_sr)
+{
+    gen_exception(s, s->pc - 2, EXCP_PRIVILEGE);
+}
+
+DISAS_INSN(move_from_usp)
+{
+    gen_exception(s, s->pc - 2, EXCP_PRIVILEGE);
+}
+
+DISAS_INSN(move_to_usp)
+{
+    gen_exception(s, s->pc - 2, EXCP_PRIVILEGE);
+}
+
+DISAS_INSN(halt)
+{
+    gen_exception(s, s->pc, EXCP_HLT);
+}
+
+DISAS_INSN(stop)
+{
+    gen_exception(s, s->pc - 2, EXCP_PRIVILEGE);
+}
+
+DISAS_INSN(rte)
+{
+    gen_exception(s, s->pc - 2, EXCP_PRIVILEGE);
+}
+
+DISAS_INSN(movec)
+{
+    gen_exception(s, s->pc - 2, EXCP_PRIVILEGE);
+}
+
+DISAS_INSN(intouch)
+{
+    gen_exception(s, s->pc - 2, EXCP_PRIVILEGE);
+}
+
+DISAS_INSN(cpushl)
+{
+    gen_exception(s, s->pc - 2, EXCP_PRIVILEGE);
+}
+
+DISAS_INSN(wddata)
+{
+    gen_exception(s, s->pc - 2, EXCP_PRIVILEGE);
+}
+
+DISAS_INSN(wdebug)
+{
+    gen_exception(s, s->pc - 2, EXCP_PRIVILEGE);
+}
+
+DISAS_INSN(trap)
+{
+    gen_exception(s, s->pc - 2, EXCP_TRAP0 + (insn & 0xf));
+}
+
+/* ??? FP exceptions are not implemented.  Most exceptions are deferred until
+   immediately before the next FP instruction is executed.  */
+DISAS_INSN(fpu)
+{
+    uint16_t ext;
+    int opmode;
+    int src;
+    int dest;
+    int res;
+    int round;
+    int opsize;
+
+    ext = lduw(s->pc);
+    s->pc += 2;
+    opmode = ext & 0x7f;
+    switch ((ext >> 13) & 7) {
+    case 0: case 2:
+        break;
+    case 1:
+        goto undef;
+    case 3: /* fmove out */
+        src = FREG(ext, 7);
+        /* fmove */
+        /* ??? TODO: Proper behavior on overflow.  */
+        switch ((ext >> 10) & 7) {
+        case 0:
+            opsize = OS_LONG;
+            res = gen_new_qreg(QMODE_I32);
+            gen_op_f64_to_i32(res, src);
+            break;
+        case 1:
+            opsize = OS_SINGLE;
+            res = gen_new_qreg(QMODE_F32);
+            gen_op_f64_to_f32(res, src);
+            break;
+        case 4:
+            opsize = OS_WORD;
+            res = gen_new_qreg(QMODE_I32);
+            gen_op_f64_to_i32(res, src);
+            break;
+        case 5:
+            opsize = OS_DOUBLE;
+            res = src;
+            break;
+        case 6:
+            opsize = OS_BYTE;
+            res = gen_new_qreg(QMODE_I32);
+            gen_op_f64_to_i32(res, src);
+            break;
+        default:
+            goto undef;
+        }
+        gen_ea(s, insn, opsize, res, NULL);
+        return;
+    case 4: /* fmove to control register.  */
+        switch ((ext >> 10) & 7) {
+        case 4: /* FPCR */
+            /* Not implemented.  Ignore writes.  */
+            break;
+        case 1: /* FPIAR */
+        case 2: /* FPSR */
+        default:
+            cpu_abort(NULL, "Unimplemented: fmove to control %d",
+                      (ext >> 10) & 7);
+        }
+        break;
+    case 5: /* fmove from control register.  */
+        switch ((ext >> 10) & 7) {
+        case 4: /* FPCR */
+            /* Not implemented.  Always return zero.  */
+            res = gen_im32(0);
+            break;
+        case 1: /* FPIAR */
+        case 2: /* FPSR */
+        default:
+            cpu_abort(NULL, "Unimplemented: fmove from control %d",
+                      (ext >> 10) & 7);
+            goto undef;
+        }
+        gen_ea(s, insn, OS_LONG, res, NULL);
+        break;
+    case 6: /* fmovem */ 
+    case 7:
+        {
+        int addr;
+        uint16_t mask;
+        if ((ext & 0x1f00) != 0x1000 || (ext & 0xff) == 0)
+            goto undef;
+        src = gen_lea(s, insn, OS_LONG);
+        addr = gen_new_qreg(QMODE_I32);
+        gen_op_mov32(addr, src);
+        mask = 0x80;
+        dest = QREG_F0;
+        while (mask) {
+            if (ext & mask) {
+                if (ext & (1 << 13)) {
+                    /* store */
+                    gen_op_stf64(addr, dest);
+                } else {
+                    /* load */
+                    gen_op_ldf64(dest, addr);
+                }
+                if (ext & (mask - 1))
+                    gen_op_add32(addr, addr, gen_im32(8));
+            }
+            mask >>= 1;
+            dest++;
+        }
+        }
+        return;
+    }
+    if (ext & (1 << 14)) {
+        int tmp;
+
+        /* Source effective address.  */
+        switch ((ext >> 10) & 7) {
+        case 0: opsize = OS_LONG; break;
+        case 1: opsize = OS_SINGLE; break;
+        case 4: opsize = OS_WORD; break;
+        case 5: opsize = OS_DOUBLE; break;
+        case 6: opsize = OS_BYTE; break;
+        default:
+            goto undef;
+        }
+        tmp = gen_ea(s, insn, opsize, -1, NULL);
+        if (opsize == OS_DOUBLE) {
+            src = tmp;
+        } else {
+            src = gen_new_qreg(QMODE_F64);
+            switch (opsize) {
+            case OS_LONG:
+            case OS_WORD:
+            case OS_BYTE:
+                gen_op_i32_to_f64(src, tmp);
+                break;
+            case OS_SINGLE:
+                gen_op_f32_to_f64(src, tmp);
+                break;
+            }
+        }
+    } else {
+        /* Source register.  */
+        src = FREG(ext, 10);
+    }
+    dest = FREG(ext, 7);
+    res = gen_new_qreg(QMODE_F64);
+    if (opmode != 0x3a)
+        gen_op_movf64(res, dest);
+    round = 1;
+    switch (opmode) {
+    case 0: case 0x40: case 0x44: /* fmove */
+        gen_op_movf64(res, src);
+        break;
+    case 1: /* fint */
+        gen_op_iround_f64(res, src);
+        round = 0;
+        break;
+    case 3: /* fintrz */
+        gen_op_itrunc_f64(res, src);
+        round = 0;
+        break;
+    case 4: case 0x41: case 0x45: /* fsqrt */
+        gen_op_sqrtf64(res, src);
+        break;
+    case 0x18: case 0x58: case 0x5c: /* fabs */
+        gen_op_absf64(res, src);
+        break;
+    case 0x1a: case 0x5a: case 0x5e: /* fneg */
+        gen_op_chsf64(res, src);
+        break;
+    case 0x20: case 0x60: case 0x64: /* fdiv */
+        gen_op_divf64(res, res, src);
+        break;
+    case 0x22: case 0x62: case 0x66: /* fadd */
+        gen_op_addf64(res, res, src);
+        break;
+    case 0x23: case 0x63: case 0x67: /* fmul */
+        gen_op_mulf64(res, res, src);
+        break;
+    case 0x28: case 0x68: case 0x6c: /* fsub */
+        gen_op_subf64(res, res, src);
+        break;
+    case 0x38: /* fcmp */
+        gen_op_sub_cmpf64(res, res, src);
+        dest = 0;
+        round = 0;
+        break;
+    case 0x3a: /* ftst */
+        gen_op_movf64(res, src);
+        dest = 0;
+        round = 0;
+        break;
+    default:
+        goto undef;
+    }
+    if (round) {
+        if (opmode & 0x40) {
+            if ((opmode & 0x4) != 0)
+                round = 0;
+        } else if ((s->fpcr & M68K_FPCR_PREC) == 0) {
+            round = 0;
+        }
+    }
+    if (round) {
+        int tmp;
+
+        tmp = gen_new_qreg(QMODE_F32);
+        gen_op_f64_to_f32(tmp, res);
+        gen_op_f32_to_f64(res, tmp);
+    } 
+    gen_op_fp_result(res);
+    if (dest) {
+        gen_op_movf64(dest, res);
+    }
+    return;
+undef:
+    s->pc -= 2;
+    disas_undef_fpu(s, insn);
+}
+
+DISAS_INSN(fbcc)
+{
+    uint32_t offset;
+    uint32_t addr;
+    int flag;
+    int zero;
+    int l1;
+
+    addr = s->pc;
+    offset = ldsw(s->pc);
+    s->pc += 2;
+    if (insn & (1 << 6)) {
+        offset = (offset << 16) | lduw(s->pc);
+        s->pc += 2;
+    }
+
+    l1 = gen_new_label();
+    /* TODO: Raise BSUN exception.  */
+    flag = gen_new_qreg(QMODE_I32);
+    zero = gen_new_qreg(QMODE_F64);
+    gen_op_zerof64(zero);
+    gen_op_compare_quietf64(flag, QREG_FP_RESULT, zero);
+    /* Jump to l1 if condition is true.  */
+    switch (insn & 0xf) {
+    case 0: /* f */
+        break;
+    case 1: /* eq (=0) */
+        gen_op_jmp_z32(flag, l1);
+        break;
+    case 2: /* ogt (=1) */
+        gen_op_sub32(flag, flag, gen_im32(1));
+        gen_op_jmp_z32(flag, l1);
+        break;
+    case 3: /* oge (=0 or =1) */
+        gen_op_jmp_z32(flag, l1);
+        gen_op_sub32(flag, flag, gen_im32(1));
+        gen_op_jmp_z32(flag, l1);
+        break;
+    case 4: /* olt (=-1) */
+        gen_op_jmp_s32(flag, l1);
+        break;
+    case 5: /* ole (=-1 or =0) */
+        gen_op_jmp_s32(flag, l1);
+        gen_op_jmp_z32(flag, l1);
+        break;
+    case 6: /* ogl (=-1 or =1) */
+        gen_op_jmp_s32(flag, l1);
+        gen_op_sub32(flag, flag, gen_im32(1));
+        gen_op_jmp_z32(flag, l1);
+        break;
+    case 7: /* or (=2) */
+        gen_op_sub32(flag, flag, gen_im32(2));
+        gen_op_jmp_z32(flag, l1);
+        break;
+    case 8: /* un (<2) */
+        gen_op_sub32(flag, flag, gen_im32(2));
+        gen_op_jmp_s32(flag, l1);
+        break;
+    case 9: /* ueq (=0 or =2) */
+        gen_op_jmp_z32(flag, l1);
+        gen_op_sub32(flag, flag, gen_im32(2));
+        gen_op_jmp_z32(flag, l1);
+        break;
+    case 10: /* ugt (>0) */
+        /* ??? Add jmp_gtu.  */
+        gen_op_sub32(flag, flag, gen_im32(1));
+        gen_op_jmp_ns32(flag, l1);
+        break;
+    case 11: /* uge (>=0) */
+        gen_op_jmp_ns32(flag, l1);
+        break;
+    case 12: /* ult (=-1 or =2) */
+        gen_op_jmp_s32(flag, l1);
+        gen_op_sub32(flag, flag, gen_im32(2));
+        gen_op_jmp_z32(flag, l1);
+        break;
+    case 13: /* ule (!=1) */
+        gen_op_sub32(flag, flag, gen_im32(1));
+        gen_op_jmp_nz32(flag, l1);
+        break;
+    case 14: /* ne (!=0) */
+        gen_op_jmp_nz32(flag, l1);
+        break;
+    case 15: /* t */
+        gen_op_mov32(flag, gen_im32(1));
+        break;
+    }
+    gen_jmp_tb(s, 0, s->pc);
+    gen_set_label(l1);
+    gen_jmp_tb(s, 1, addr + offset);
+}
+
+static disas_proc opcode_table[65536];
+
+static void
+register_opcode (disas_proc proc, uint16_t opcode, uint16_t mask)
+{
+  int i;
+  int from;
+  int to;
+
+  /* Sanity check.  All set bits must be included in the mask.  */
+  if (opcode & ~mask)
+      abort();
+  /* This could probably be cleverer.  For now just optimize the case where
+     the top bits are known.  */
+  /* Find the first zero bit in the mask.  */
+  i = 0x8000;
+  while ((i & mask) != 0)
+      i >>= 1;
+  /* Iterate over all combinations of this and lower bits.  */
+  if (i == 0)
+      i = 1;
+  else
+      i <<= 1;
+  from = opcode & ~(i - 1);
+  to = from + i;
+  for (i = from; i < to; i++)
+    {
+      if ((i & mask) == opcode)
+          opcode_table[i] = proc;
+    }
+}
+
+/* Register m68k opcode handlers.  Order is important.
+   Later insn override earlier ones.  */
+static void
+register_m68k_insns (m68k_def_t *def)
+{
+    uint32_t iflags;
+
+    iflags = def->insns;
+#define INSN(name, opcode, mask, isa) \
+    if (iflags & M68K_INSN_##isa) \
+        register_opcode(disas_##name, 0x##opcode, 0x##mask)
+    INSN(undef,     0000, 0000, CF_A);
+    INSN(arith_im,  0080, fff8, CF_A);
+    INSN(bitrev,    00c0, fff8, CF_C);
+    INSN(bitop_reg, 0100, f1c0, CF_A);
+    INSN(bitop_reg, 0140, f1c0, CF_A);
+    INSN(bitop_reg, 0180, f1c0, CF_A);
+    INSN(bitop_reg, 01c0, f1c0, CF_A);
+    INSN(arith_im,  0280, fff8, CF_A);
+    INSN(byterev,   02c0, fff8, CF_A);
+    INSN(arith_im,  0480, fff8, CF_A);
+    INSN(ff1,       04c0, fff8, CF_C);
+    INSN(arith_im,  0680, fff8, CF_A);
+    INSN(bitop_im,  0800, ffc0, CF_A);
+    INSN(bitop_im,  0840, ffc0, CF_A);
+    INSN(bitop_im,  0880, ffc0, CF_A);
+    INSN(bitop_im,  08c0, ffc0, CF_A);
+    INSN(arith_im,  0a80, fff8, CF_A);
+    INSN(arith_im,  0c00, ff38, CF_A);
+    INSN(move,      1000, f000, CF_A);
+    INSN(move,      2000, f000, CF_A);
+    INSN(move,      3000, f000, CF_A);
+    INSN(strldsr,   40e7, ffff, CF_A);
+    INSN(negx,      4080, fff8, CF_A);
+    INSN(move_from_sr, 40c0, fff8, CF_A);
+    INSN(lea,       41c0, f1c0, CF_A);
+    INSN(clr,       4200, ff00, CF_A);
+    INSN(undef,     42c0, ffc0, CF_A);
+    INSN(move_from_ccr, 42c0, fff8, CF_A);
+    INSN(neg,       4480, fff8, CF_A);
+    INSN(move_to_ccr, 44c0, ffc0, CF_A);
+    INSN(not,       4680, fff8, CF_A);
+    INSN(move_to_sr, 46c0, ffc0, CF_A);
+    INSN(pea,       4840, ffc0, CF_A);
+    INSN(swap,      4840, fff8, CF_A);
+    INSN(movem,     48c0, fbc0, CF_A);
+    INSN(ext,       4880, fff8, CF_A);
+    INSN(ext,       48c0, fff8, CF_A);
+    INSN(ext,       49c0, fff8, CF_A);
+    INSN(tst,       4a00, ff00, CF_A);
+    INSN(tas,       4ac0, ffc0, CF_B);
+    INSN(halt,      4ac8, ffff, CF_A);
+    INSN(pulse,     4acc, ffff, CF_A);
+    INSN(illegal,   4afc, ffff, CF_A);
+    INSN(mull,      4c00, ffc0, CF_A);
+    INSN(divl,      4c40, ffc0, CF_A);
+    INSN(sats,      4c80, fff8, CF_B);
+    INSN(trap,      4e40, fff0, CF_A);
+    INSN(link,      4e50, fff8, CF_A);
+    INSN(unlk,      4e58, fff8, CF_A);
+    INSN(move_to_usp, 4e60, fff8, CF_B);
+    INSN(move_from_usp, 4e68, fff8, CF_B);
+    INSN(nop,       4e71, ffff, CF_A);
+    INSN(stop,      4e72, ffff, CF_A);
+    INSN(rte,       4e73, ffff, CF_A);
+    INSN(rts,       4e75, ffff, CF_A);
+    INSN(movec,     4e7b, ffff, CF_A);
+    INSN(jump,      4e80, ffc0, CF_A);
+    INSN(jump,      4ec0, ffc0, CF_A);
+    INSN(addsubq,   5180, f1c0, CF_A);
+    INSN(scc,       50c0, f0f8, CF_A);
+    INSN(addsubq,   5080, f1c0, CF_A);
+    INSN(tpf,       51f8, fff8, CF_A);
+    INSN(branch,    6000, f000, CF_A);
+    INSN(moveq,     7000, f100, CF_A);
+    INSN(mvzs,      7100, f100, CF_B);
+    INSN(or,        8000, f000, CF_A);
+    INSN(divw,      80c0, f0c0, CF_A);
+    INSN(addsub,    9000, f000, CF_A);
+    INSN(subx,      9180, f1f8, CF_A);
+    INSN(suba,      91c0, f1c0, CF_A);
+    INSN(undef_mac, a000, f000, CF_A);
+    INSN(mov3q,     a140, f1c0, CF_B);
+    INSN(cmp,       b000, f1c0, CF_B); /* cmp.b */
+    INSN(cmp,       b040, f1c0, CF_B); /* cmp.w */
+    INSN(cmpa,      b0c0, f1c0, CF_B); /* cmpa.w */
+    INSN(cmp,       b080, f1c0, CF_A);
+    INSN(cmpa,      b1c0, f1c0, CF_A);
+    INSN(eor,       b180, f1c0, CF_A);
+    INSN(and,       c000, f000, CF_A);
+    INSN(mulw,      c0c0, f0c0, CF_A);
+    INSN(addsub,    d000, f000, CF_A);
+    INSN(addx,      d180, f1f8, CF_A);
+    INSN(adda,      d1c0, f1c0, CF_A);
+    INSN(shift_im,  e080, f0f0, CF_A);
+    INSN(shift_reg, e0a0, f0f0, CF_A);
+    INSN(undef_fpu, f000, f000, CF_A);
+    INSN(fpu,       f200, ffc0, CF_FPU);
+    INSN(fbcc,      f280, ffc0, CF_FPU);
+    INSN(intouch,   f340, ffc0, CF_A);
+    INSN(cpushl,    f428, ff38, CF_A);
+    INSN(wddata,    fb00, ff00, CF_A);
+    INSN(wdebug,    fbc0, ffc0, CF_A);
+#undef INSN
+}
+
+/* ??? Some of this implementation is not exception safe.  We should always
+   write back the result to memory before setting the condition codes.  */
+static void disas_m68k_insn(CPUState * env, DisasContext *s)
+{
+    uint16_t insn;
+
+    insn = lduw(s->pc);
+    s->pc += 2;
+
+    opcode_table[insn](s, insn);
+}
+
+#if 0
+/* Save the result of a floating point operation.  */
+static void expand_op_fp_result(qOP *qop)
+{
+    gen_op_movf64(QREG_FP_RESULT, qop->args[0]);
+}
+
+/* Dummy op to indicate that the flags have been set.  */
+static void expand_op_flags_set(qOP *qop)
+{
+}
+
+/* Convert the confition codes into CC_OP_FLAGS format.  */
+static void expand_op_flush_flags(qOP *qop)
+{
+    int cc_opreg;
+
+    if (qop->args[0] == CC_OP_DYNAMIC)
+        cc_opreg = QREG_CC_OP;
+    else
+        cc_opreg = gen_im32(qop->args[0]);
+    gen_op_helper32(QREG_NULL, cc_opreg, HELPER_flush_flags);
+}
+
+/* Set CC_DEST after a logical or direct flag setting operation.  */
+static void expand_op_logic_cc(qOP *qop)
+{
+    gen_op_mov32(QREG_CC_DEST, qop->args[0]);
+}
+
+/* Set CC_SRC and CC_DEST after an arithmetic operation.  */
+static void expand_op_update_cc_add(qOP *qop)
+{
+    gen_op_mov32(QREG_CC_DEST, qop->args[0]);
+    gen_op_mov32(QREG_CC_SRC, qop->args[1]);
+}
+
+/* Update the X flag.  */
+static void expand_op_update_xflag(qOP *qop)
+{
+    int arg0;
+    int arg1;
+
+    arg0 = qop->args[0];
+    arg1 = qop->args[1];
+    if (arg1 == QREG_NULL) {
+        /* CC_X = arg0.  */
+        gen_op_mov32(QREG_CC_X, arg0);
+    } else {
+        /* CC_X = arg0 < (unsigned)arg1.  */
+        gen_op_set_ltu32(QREG_CC_X, arg0, arg1);
+    }
+}
+
+/* Set arg0 to the contents of the X flag.  */
+static void expand_op_get_xflag(qOP *qop)
+{
+    gen_op_mov32(qop->args[0], QREG_CC_X);
+}
+
+/* Expand a shift by immediate.  The ISA only allows shifts by 1-8, so we
+   already know the shift is within range.  */
+static inline void expand_shift_im(qOP *qop, int right, int arith)
+{
+    int val;
+    int reg;
+    int tmp;
+    int im;
+
+    reg = qop->args[0];
+    im = qop->args[1];
+    tmp = gen_im32(im);
+    val = gen_new_qreg(QMODE_I32);
+    gen_op_mov32(val, reg);
+    gen_op_mov32(QREG_CC_DEST, val);
+    gen_op_mov32(QREG_CC_SRC, tmp);
+    if (right) {
+        if (arith) {
+            gen_op_sar32(reg, val, tmp);
+        } else {
+            gen_op_shr32(reg, val, tmp);
+        }
+        if (im == 1)
+            tmp = QREG_NULL;
+        else
+            tmp = gen_im32(im - 1);
+    } else {
+        gen_op_shl32(reg, val, tmp);
+        tmp = gen_im32(32 - im);
+    }
+    if (tmp != QREG_NULL)
+        gen_op_shr32(val, val, tmp);
+    gen_op_and32(QREG_CC_X, val, gen_im32(1));
+}
+
+static void expand_op_shl_im_cc(qOP *qop)
+{
+    expand_shift_im(qop, 0, 0);
+}
+
+static void expand_op_shr_im_cc(qOP *qop)
+{
+    expand_shift_im(qop, 1, 0);
+}
+
+static void expand_op_sar_im_cc(qOP *qop)
+{
+    expand_shift_im(qop, 1, 1);
+}
+
+/* Expand a shift by register.  */
+/* ??? This gives incorrect answers for shifts by 0 or >= 32 */
+static inline void expand_shift_reg(qOP *qop, int right, int arith)
+{
+    int val;
+    int reg;
+    int shift;
+    int tmp;
+
+    reg = qop->args[0];
+    shift = qop->args[1];
+    val = gen_new_qreg(QMODE_I32);
+    gen_op_mov32(val, reg);
+    gen_op_mov32(QREG_CC_DEST, val);
+    gen_op_mov32(QREG_CC_SRC, shift);
+    tmp = gen_new_qreg(QMODE_I32);
+    if (right) {
+        if (arith) {
+            gen_op_sar32(reg, val, shift);
+        } else {
+            gen_op_shr32(reg, val, shift);
+        }
+        gen_op_sub32(tmp, shift, gen_im32(1));
+    } else {
+        gen_op_shl32(reg, val, shift);
+        gen_op_sub32(tmp, gen_im32(31), shift);
+    }
+    gen_op_shl32(val, val, tmp);
+    gen_op_and32(QREG_CC_X, val, gen_im32(1));
+}
+
+static void expand_op_shl_cc(qOP *qop)
+{
+    expand_shift_reg(qop, 0, 0);
+}
+
+static void expand_op_shr_cc(qOP *qop)
+{
+    expand_shift_reg(qop, 1, 0);
+}
+
+static void expand_op_sar_cc(qOP *qop)
+{
+    expand_shift_reg(qop, 1, 1);
+}
+
+/* Set the Z flag to (arg0 & arg1) == 0.  */
+static void expand_op_btest(qOP *qop)
+{
+    int tmp;
+    int l1;
+
+    l1 = gen_new_label();
+    tmp = gen_new_qreg(QMODE_I32);
+    gen_op_and32(tmp, qop->args[0], qop->args[1]);
+    gen_op_and32(QREG_CC_DEST, QREG_CC_DEST, gen_im32(~(uint32_t)CCF_Z));
+    gen_op_jmp_nz32(tmp, l1);
+    gen_op_or32(QREG_CC_DEST, QREG_CC_DEST, gen_im32(CCF_Z));
+    gen_op_label(l1);
+}
+
+/* arg0 += arg1 + CC_X */
+static void expand_op_addx_cc(qOP *qop)
+{
+    int arg0 = qop->args[0];
+    int arg1 = qop->args[1];
+    int l1, l2;
+    
+    gen_op_add32 (arg0, arg0, arg1);
+    l1 = gen_new_label();
+    l2 = gen_new_label();
+    gen_op_jmp_z32(QREG_CC_X, l1);
+    gen_op_add32(arg0, arg0, gen_im32(1));
+    gen_op_mov32(QREG_CC_OP, gen_im32(CC_OP_ADDX));
+    gen_op_set_leu32(QREG_CC_X, arg0, arg1);
+    gen_op_jmp(l2);
+    gen_set_label(l1);
+    gen_op_mov32(QREG_CC_OP, gen_im32(CC_OP_ADD));
+    gen_op_set_ltu32(QREG_CC_X, arg0, arg1);
+    gen_set_label(l2);
+}
+
+/* arg0 -= arg1 + CC_X */
+static void expand_op_subx_cc(qOP *qop)
+{
+    int arg0 = qop->args[0];
+    int arg1 = qop->args[1];
+    int l1, l2;
+
+    l1 = gen_new_label();
+    l2 = gen_new_label();
+    gen_op_jmp_z32(QREG_CC_X, l1);
+    gen_op_set_leu32(QREG_CC_X, arg0, arg1);
+    gen_op_sub32(arg0, arg0, gen_im32(1));
+    gen_op_mov32(QREG_CC_OP, gen_im32(CC_OP_SUBX));
+    gen_op_jmp(l2);
+    gen_set_label(l1);
+    gen_op_set_ltu32(QREG_CC_X, arg0, arg1);
+    gen_op_mov32(QREG_CC_OP, gen_im32(CC_OP_SUB));
+    gen_set_label(l2);
+    gen_op_sub32 (arg0, arg0, arg1);
+}
+
+/* Expand target specific ops to generic qops.  */
+static void expand_target_qops(void)
+{
+    qOP *qop;
+    qOP *next;
+    int c;
+
+    /* Copy the list of qops, expanding target specific ops as we go.  */
+    qop = gen_first_qop;
+    gen_first_qop = NULL;
+    gen_last_qop = NULL;
+    for (; qop; qop = next) {
+        c = qop->opcode;
+        next = qop->next;
+        if (c < FIRST_TARGET_OP) {
+            qop->prev = gen_last_qop;
+            qop->next = NULL;
+            if (gen_last_qop)
+                gen_last_qop->next = qop;
+            else
+                gen_first_qop = qop;
+            gen_last_qop = qop;
+            continue;
+        }
+        switch (c) {
+#define DEF(name, nargs, barrier) \
+        case INDEX_op_##name: \
+            expand_op_##name(qop); \
+            break;
+#include "qop-target.def"
+#undef DEF
+        default:
+            cpu_abort(NULL, "Unexpanded target qop");
+        }
+    }
+}
+
+/* ??? Implement this.  */
+static void
+optimize_flags(void)
+{
+}
+#endif
+
+/* generate intermediate code for basic block 'tb'.  */
+int gen_intermediate_code_internal(CPUState *env, TranslationBlock *tb,
+                                   int search_pc)
+{
+    DisasContext dc1, *dc = &dc1;
+    uint16_t *gen_opc_end;
+    int j, lj;
+    target_ulong pc_start;
+    int pc_offset;
+    int last_cc_op;
+
+    /* generate intermediate code */
+    pc_start = tb->pc;
+       
+    dc->tb = tb;
+
+    gen_opc_ptr = gen_opc_buf;
+    gen_opc_end = gen_opc_buf + OPC_MAX_SIZE;
+    gen_opparam_ptr = gen_opparam_buf;
+
+    dc->is_jmp = DISAS_NEXT;
+    dc->pc = pc_start;
+    dc->cc_op = CC_OP_DYNAMIC;
+    dc->singlestep_enabled = env->singlestep_enabled;
+    dc->fpcr = env->fpcr;
+    nb_gen_labels = 0;
+    lj = -1;
+    do {
+        free_qreg = 0;
+        pc_offset = dc->pc - pc_start;
+        gen_throws_exception = NULL;
+        if (env->nb_breakpoints > 0) {
+            for(j = 0; j < env->nb_breakpoints; j++) {
+                if (env->breakpoints[j] == dc->pc) {
+                    gen_exception(dc, dc->pc, EXCP_DEBUG);
+                    dc->is_jmp = DISAS_JUMP;
+                    break;
+                }
+            }
+            if (dc->is_jmp)
+                break;
+        }
+        if (search_pc) {
+            j = gen_opc_ptr - gen_opc_buf;
+            if (lj < j) {
+                lj++;
+                while (lj < j)
+                    gen_opc_instr_start[lj++] = 0;
+            }
+            gen_opc_pc[lj] = dc->pc;
+            gen_opc_instr_start[lj] = 1;
+        }
+        last_cc_op = dc->cc_op;
+	disas_m68k_insn(env, dc);
+    } while (!dc->is_jmp && gen_opc_ptr < gen_opc_end &&
+             !env->singlestep_enabled &&
+             (pc_offset) < (TARGET_PAGE_SIZE - 32));
+
+    if (__builtin_expect(env->singlestep_enabled, 0)) {
+        /* Make sure the pc is updated, and raise a debug exception.  */
+        if (!dc->is_jmp) {
+            gen_flush_cc_op(dc);
+            gen_op_mov32(QREG_PC, gen_im32((long)dc->pc));
+        }
+        gen_op_raise_exception(EXCP_DEBUG);
+    } else {
+        switch(dc->is_jmp) {
+        case DISAS_NEXT:
+            gen_flush_cc_op(dc);
+            gen_jmp_tb(dc, 0, dc->pc);
+            break;
+        default:
+        case DISAS_JUMP:
+        case DISAS_UPDATE:
+            gen_flush_cc_op(dc);
+            /* indicate that the hash table must be used to find the next TB */
+            gen_op_mov32(QREG_T0, gen_im32(0));
+            gen_op_exit_tb();
+            break;
+        case DISAS_TB_JUMP:
+            /* nothing more to generate */
+            break;
+        }
+    }
+    *gen_opc_ptr = INDEX_op_end;
+
+#ifdef DEBUG_DISAS
+    if (loglevel & CPU_LOG_TB_IN_ASM) {
+        fprintf(logfile, "----------------\n");
+        fprintf(logfile, "IN: %s\n", lookup_symbol(pc_start));
+        target_disas(logfile, pc_start, dc->pc - pc_start, 0);
+        fprintf(logfile, "\n");
+        if (loglevel & (CPU_LOG_TB_OP)) {
+            fprintf(logfile, "OP:\n");
+            dump_ops(gen_opc_buf, gen_opparam_buf);
+            fprintf(logfile, "\n");
+        }
+    }
+#endif
+    if (search_pc) {
+        j = gen_opc_ptr - gen_opc_buf;
+        lj++;
+        while (lj <= j)
+            gen_opc_instr_start[lj++] = 0;
+        tb->size = 0;
+    } else {
+        tb->size = dc->pc - pc_start;
+    }
+
+    //optimize_flags();
+    //expand_target_qops();
+    return 0;
+}
+
+int gen_intermediate_code(CPUState *env, TranslationBlock *tb)
+{
+    return gen_intermediate_code_internal(env, tb, 0);
+}
+
+int gen_intermediate_code_pc(CPUState *env, TranslationBlock *tb)
+{
+    return gen_intermediate_code_internal(env, tb, 1);
+}
+
+CPUM68KState *cpu_m68k_init(void)
+{
+    CPUM68KState *env;
+
+    env = malloc(sizeof(CPUM68KState));
+    if (!env)
+        return NULL;
+    cpu_exec_init(env);
+
+    memset(env, 0, sizeof(CPUM68KState));
+    /* ??? FP regs should be initialized to NaN.  */
+    cpu_single_env = env;
+    env->cc_op = CC_OP_FLAGS;
+    return env;
+}
+
+void cpu_m68k_close(CPUM68KState *env)
+{
+    free(env);
+}
+
+m68k_def_t *m68k_find_by_name(const char *name)
+{
+    m68k_def_t *def;
+
+    def = m68k_cpu_defs;
+    while (def->name)
+      {
+        if (strcmp(def->name, name) == 0)
+            return def;
+        def++;
+      }
+    return NULL;
+}
+
+void cpu_m68k_register(CPUM68KState *env, m68k_def_t *def)
+{
+    register_m68k_insns(def);
+}
+
+void cpu_dump_state(CPUState *env, FILE *f, 
+                    int (*cpu_fprintf)(FILE *f, const char *fmt, ...),
+                    int flags)
+{
+    int i;
+    uint16_t sr;
+    CPU_DoubleU u;
+    for (i = 0; i < 8; i++)
+      {
+        u.d = env->fregs[i];
+        cpu_fprintf (f, "D%d = %08x   A%d = %08x   F%d = %08x%08x (%12g)\n",
+                     i, env->dregs[i], i, env->aregs[i],
+                     i, u.l.upper, u.l.lower, u.d);
+      }
+    cpu_fprintf (f, "PC = %08x   ", env->pc);
+    sr = env->sr;
+    cpu_fprintf (f, "SR = %04x %c%c%c%c%c ", sr, (sr & 0x10) ? 'X' : '-',
+                 (sr & CCF_N) ? 'N' : '-', (sr & CCF_Z) ? 'Z' : '-',
+                 (sr & CCF_V) ? 'V' : '-', (sr & CCF_C) ? 'C' : '-');
+    cpu_fprintf (f, "FPRESULT = %12g\n", env->fp_result);
+}
+
+/* ??? */
+target_ulong cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
+{
+    return addr;
+}
+
+#if defined(CONFIG_USER_ONLY) 
+
+int cpu_m68k_handle_mmu_fault (CPUState *env, target_ulong address, int rw,
+                               int is_user, int is_softmmu)
+{
+    env->exception_index = EXCP_ACCESS;
+    env->mmu.ar = address;
+    return 1;
+}
+
+#else
+
+#error not implemented
+
+#endif
@@ -302,6 +302,8 @@ int cpu_restore_state(TranslationBlock *tb,
         }
         env->access_type = type;
     }
+#elif defined(TARGET_M68K)
+    env->pc = gen_opc_pc[j];
 #elif defined(TARGET_MIPS)
     env->PC = gen_opc_pc[j];
     env->hflags &= ~MIPS_HFLAG_BMASK;