[{"id":3675528,"web_url":"http://patchwork.ozlabs.org/comment/3675528/","msgid":"<9D54FE2F-DC48-4BAA-BF5E-B5D0E8168E52@unpredictable.fr>","list_archive_url":null,"date":"2026-04-09T22:14:19","subject":"Re: [PATCH v6 1/6] target/arm/emulate: add ISV=0 emulation library\n with load/store immediate","submitter":{"id":91318,"url":"http://patchwork.ozlabs.org/api/people/91318/","name":"Mohamed Mediouni","email":"mohamed@unpredictable.fr"},"content":"> On 10. Apr 2026, at 00:06, Lucas Amaral wrote:\n> \n> Add a shared emulation library for AArch64 load/store instructions that\n> cause ISV=0 data aborts under hardware virtualization (HVF, WHPX).\n> \n> When the Instruction Syndrome Valid bit is clear, the hypervisor cannot\n> determine the faulting instruction's target register or access size from\n> the syndrome alone. This library fetches and decodes the instruction\n> using a decodetree-generated decoder, then emulates it by accessing the\n> vCPU's register file (CPUARMState) and guest memory via get_phys_addr()\n> for MMU translation and address_space_read/write() for physical access.\n> \n> This patch establishes the framework and adds load/store single with\n> immediate addressing — the most common ISV=0 trigger. Subsequent\n> patches add register-offset, pair, exclusive, and atomic instructions.\n> \n> Instruction coverage:\n> - STR/LDR (GPR): unscaled, post-indexed, unprivileged, pre-indexed,\n> unsigned offset — all sizes (8/16/32/64-bit), sign/zero extension\n> - STR/LDR (SIMD/FP): same addressing modes, 8-128 bit elements\n> - PRFM: prefetch treated as NOP\n> - DC cache maintenance (SYS CRn=C7): NOP on MMIO\n> \n> This library uses its own a64-ldst.decode rather than sharing\n> target/arm/tcg/a64.decode. TCG's trans_* functions are a compiler:\n> they emit IR ops into a translation block for later execution. This\n> library's trans_* functions are an interpreter: they execute directly\n> against the vCPU register file and memory. The decodetree-generated\n> dispatcher calls trans_* by name, so both cannot coexist in the same\n> translation unit. Decode patterns are kept consistent with TCG's\n> where possible.\n> \n> Decodetree differences from TCG:\n> - &ldst_imm adds a 'u' flag to distinguish 9-bit signed vs 12-bit\n> unsigned immediate forms. TCG uses %uimm_scaled to pre-scale\n> the unsigned immediate at decode time; here imm:12 is extracted\n> raw and the handler scales it.\n> \n> Signed-off-by: Lucas Amaral \n> ---\n> target/arm/emulate/a64-ldst.decode | 129 +++++++++++++\n> target/arm/emulate/arm_emulate.c | 288 +++++++++++++++++++++++++++++\n> target/arm/emulate/arm_emulate.h | 30 +++\n> target/arm/emulate/meson.build | 8 +\n> target/arm/meson.build | 1 +\n> 5 files changed, 456 insertions(+)\n> create mode 100644 target/arm/emulate/a64-ldst.decode\n> create mode 100644 target/arm/emulate/arm_emulate.c\n> create mode 100644 target/arm/emulate/arm_emulate.h\n> create mode 100644 target/arm/emulate/meson.build\n> \n> diff --git a/target/arm/emulate/a64-ldst.decode b/target/arm/emulate/a64-ldst.decode\n> new file mode 100644\n> index 00000000..c887dcba\n> --- /dev/null\n> +++ b/target/arm/emulate/a64-ldst.decode\n> @@ -0,0 +1,129 @@\n> +# AArch64 load/store instruction patterns for ISV=0 emulation\n> +#\n> +# Copyright (c) 2026 Lucas Amaral \n> +#\n> +# SPDX-License-Identifier: GPL-2.0-or-later\n> +\n> +### Argument sets\n> +\n> +# Load/store immediate (unscaled, pre/post-index, unprivileged, unsigned offset)\n> +# 'u' flag: 0 = 9-bit signed immediate (byte offset), 1 = 12-bit unsigned (needs << sz)\n> +&ldst_imm rt rn imm sz sign w p unpriv ext u\n> +\n> +### Format templates\n> +\n> +# Load/store immediate (9-bit signed)\n> +@ldst_imm .. ... . .. .. . imm:s9 .. rn:5 rt:5 &ldst_imm u=0 unpriv=0 p=0 w=0\n> +@ldst_imm_pre .. ... . .. .. . imm:s9 .. rn:5 rt:5 &ldst_imm u=0 unpriv=0 p=0 w=1\n> +@ldst_imm_post .. ... . .. .. . imm:s9 .. rn:5 rt:5 &ldst_imm u=0 unpriv=0 p=1 w=1\n> +@ldst_imm_user .. ... . .. .. . imm:s9 .. rn:5 rt:5 &ldst_imm u=0 unpriv=1 p=0 w=0\n> +\n> +# Load/store unsigned offset (12-bit, handler scales by << sz)\n> +@ldst_uimm .. ... . .. .. imm:12 rn:5 rt:5 &ldst_imm u=1 unpriv=0 p=0 w=0\n> +\n> +### Load/store register — unscaled immediate (LDUR/STUR)\n> +\n> +# GPR\n> +STR_i sz:2 111 0 00 00 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=0\n> +LDR_i 00 111 0 00 01 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=1 sz=0\n> +LDR_i 01 111 0 00 01 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=1 sz=1\n> +LDR_i 10 111 0 00 01 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=1 sz=2\n> +LDR_i 11 111 0 00 01 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=0 sz=3\n> +LDR_i 00 111 0 00 10 0 ......... 00 ..... ..... @ldst_imm sign=1 ext=0 sz=0\n> +LDR_i 01 111 0 00 10 0 ......... 00 ..... ..... @ldst_imm sign=1 ext=0 sz=1\n> +LDR_i 10 111 0 00 10 0 ......... 00 ..... ..... @ldst_imm sign=1 ext=0 sz=2\n> +LDR_i 00 111 0 00 11 0 ......... 00 ..... ..... @ldst_imm sign=1 ext=1 sz=0\n> +LDR_i 01 111 0 00 11 0 ......... 00 ..... ..... @ldst_imm sign=1 ext=1 sz=1\n> +\n> +# SIMD/FP\n> +STR_v_i sz:2 111 1 00 00 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=0\n> +STR_v_i 00 111 1 00 10 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=0 sz=4\n> +LDR_v_i sz:2 111 1 00 01 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=0\n> +LDR_v_i 00 111 1 00 11 0 ......... 00 ..... ..... @ldst_imm sign=0 ext=0 sz=4\n> +\n> +### Load/store register — post-indexed\n> +\n> +# GPR\n> +STR_i sz:2 111 0 00 00 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=0\n> +LDR_i 00 111 0 00 01 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=1 sz=0\n> +LDR_i 01 111 0 00 01 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=1 sz=1\n> +LDR_i 10 111 0 00 01 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=1 sz=2\n> +LDR_i 11 111 0 00 01 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=0 sz=3\n> +LDR_i 00 111 0 00 10 0 ......... 01 ..... ..... @ldst_imm_post sign=1 ext=0 sz=0\n> +LDR_i 01 111 0 00 10 0 ......... 01 ..... ..... @ldst_imm_post sign=1 ext=0 sz=1\n> +LDR_i 10 111 0 00 10 0 ......... 01 ..... ..... @ldst_imm_post sign=1 ext=0 sz=2\n> +LDR_i 00 111 0 00 11 0 ......... 01 ..... ..... @ldst_imm_post sign=1 ext=1 sz=0\n> +LDR_i 01 111 0 00 11 0 ......... 01 ..... ..... @ldst_imm_post sign=1 ext=1 sz=1\n> +\n> +# SIMD/FP\n> +STR_v_i sz:2 111 1 00 00 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=0\n> +STR_v_i 00 111 1 00 10 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=0 sz=4\n> +LDR_v_i sz:2 111 1 00 01 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=0\n> +LDR_v_i 00 111 1 00 11 0 ......... 01 ..... ..... @ldst_imm_post sign=0 ext=0 sz=4\n> +\n> +### Load/store register — unprivileged\n> +\n> +# GPR only (no SIMD/FP unprivileged forms)\n> +STR_i sz:2 111 0 00 00 0 ......... 10 ..... ..... @ldst_imm_user sign=0 ext=0\n> +LDR_i 00 111 0 00 01 0 ......... 10 ..... ..... @ldst_imm_user sign=0 ext=1 sz=0\n> +LDR_i 01 111 0 00 01 0 ......... 10 ..... ..... @ldst_imm_user sign=0 ext=1 sz=1\n> +LDR_i 10 111 0 00 01 0 ......... 10 ..... ..... @ldst_imm_user sign=0 ext=1 sz=2\n> +LDR_i 11 111 0 00 01 0 ......... 10 ..... ..... @ldst_imm_user sign=0 ext=0 sz=3\n> +LDR_i 00 111 0 00 10 0 ......... 10 ..... ..... @ldst_imm_user sign=1 ext=0 sz=0\n> +LDR_i 01 111 0 00 10 0 ......... 10 ..... ..... @ldst_imm_user sign=1 ext=0 sz=1\n> +LDR_i 10 111 0 00 10 0 ......... 10 ..... ..... @ldst_imm_user sign=1 ext=0 sz=2\n> +LDR_i 00 111 0 00 11 0 ......... 10 ..... ..... @ldst_imm_user sign=1 ext=1 sz=0\n> +LDR_i 01 111 0 00 11 0 ......... 10 ..... ..... @ldst_imm_user sign=1 ext=1 sz=1\n> +\n> +### Load/store register — pre-indexed\n> +\n> +# GPR\n> +STR_i sz:2 111 0 00 00 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0\n> +LDR_i 00 111 0 00 01 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=1 sz=0\n> +LDR_i 01 111 0 00 01 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=1 sz=1\n> +LDR_i 10 111 0 00 01 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=1 sz=2\n> +LDR_i 11 111 0 00 01 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0 sz=3\n> +LDR_i 00 111 0 00 10 0 ......... 11 ..... ..... @ldst_imm_pre sign=1 ext=0 sz=0\n> +LDR_i 01 111 0 00 10 0 ......... 11 ..... ..... @ldst_imm_pre sign=1 ext=0 sz=1\n> +LDR_i 10 111 0 00 10 0 ......... 11 ..... ..... @ldst_imm_pre sign=1 ext=0 sz=2\n> +LDR_i 00 111 0 00 11 0 ......... 11 ..... ..... @ldst_imm_pre sign=1 ext=1 sz=0\n> +LDR_i 01 111 0 00 11 0 ......... 11 ..... ..... @ldst_imm_pre sign=1 ext=1 sz=1\n> +\n> +# SIMD/FP\n> +STR_v_i sz:2 111 1 00 00 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0\n> +STR_v_i 00 111 1 00 10 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0 sz=4\n> +LDR_v_i sz:2 111 1 00 01 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0\n> +LDR_v_i 00 111 1 00 11 0 ......... 11 ..... ..... @ldst_imm_pre sign=0 ext=0 sz=4\n> +\n> +### PRFM — unscaled immediate: prefetch is a NOP\n> +\n> +NOP 11 111 0 00 10 0 --------- 00 ----- -----\n> +\n> +### Load/store register — unsigned offset\n> +\n> +# GPR\n> +STR_i sz:2 111 0 01 00 ............ ..... ..... @ldst_uimm sign=0 ext=0\n> +LDR_i 00 111 0 01 01 ............ ..... ..... @ldst_uimm sign=0 ext=1 sz=0\n> +LDR_i 01 111 0 01 01 ............ ..... ..... @ldst_uimm sign=0 ext=1 sz=1\n> +LDR_i 10 111 0 01 01 ............ ..... ..... @ldst_uimm sign=0 ext=1 sz=2\n> +LDR_i 11 111 0 01 01 ............ ..... ..... @ldst_uimm sign=0 ext=0 sz=3\n> +LDR_i 00 111 0 01 10 ............ ..... ..... @ldst_uimm sign=1 ext=0 sz=0\n> +LDR_i 01 111 0 01 10 ............ ..... ..... @ldst_uimm sign=1 ext=0 sz=1\n> +LDR_i 10 111 0 01 10 ............ ..... ..... @ldst_uimm sign=1 ext=0 sz=2\n> +LDR_i 00 111 0 01 11 ............ ..... ..... @ldst_uimm sign=1 ext=1 sz=0\n> +LDR_i 01 111 0 01 11 ............ ..... ..... @ldst_uimm sign=1 ext=1 sz=1\n> +\n> +# PRFM — unsigned offset\n> +NOP 11 111 0 01 10 ------------ ----- -----\n> +\n> +# SIMD/FP\n> +STR_v_i sz:2 111 1 01 00 ............ ..... ..... @ldst_uimm sign=0 ext=0\n> +STR_v_i 00 111 1 01 10 ............ ..... ..... @ldst_uimm sign=0 ext=0 sz=4\n> +LDR_v_i sz:2 111 1 01 01 ............ ..... ..... @ldst_uimm sign=0 ext=0\n> +LDR_v_i 00 111 1 01 11 ............ ..... ..... @ldst_uimm sign=0 ext=0 sz=4\n> +\n> +### System instructions — DC cache maintenance\n> +\n> +# SYS with CRn=C7 covers all data cache operations (DC CIVAC, CVAC, etc.).\n> +# On MMIO regions, cache maintenance is a harmless no-op.\n> +NOP 1101 0101 0000 1 --- 0111 ---- --- -----\n> diff --git a/target/arm/emulate/arm_emulate.c b/target/arm/emulate/arm_emulate.c\n> new file mode 100644\n> index 00000000..bedbdb3e\n> --- /dev/null\n> +++ b/target/arm/emulate/arm_emulate.c\n> @@ -0,0 +1,288 @@\n> +/*\n> + * AArch64 instruction emulation for ISV=0 data aborts\n> + *\n> + * Copyright (c) 2026 Lucas Amaral \n> + *\n> + * SPDX-License-Identifier: GPL-2.0-or-later\n> + */\n> +\n> +#include \"arm_emulate.h\"\n> +#include \"target/arm/cpu.h\"\n> +#include \"target/arm/internals.h\"\n> +#include \"exec/cpu-common.h\"\n> +#include \"system/memory.h\"\n> +#include \"exec/target_page.h\"\n> +#include \"qemu/bitops.h\"\n> +#include \"qemu/bswap.h\"\n> +\n> +/* Named \"DisasContext\" as required by the decodetree code generator */\n> +typedef struct {\n> + CPUState *cpu;\n> + CPUARMState *env;\n> + ArmEmulResult result;\n> + bool be_data;\n> +} DisasContext;\n> +\n> +#include \"decode-a64-ldst.c.inc\"\n> +\n> +/* GPR data access (Rt, Rs, Rt2) -- register 31 = XZR */\n> +\n> +static uint64_t gpr_read(DisasContext *ctx, int reg)\n> +{\n> + if (reg == 31) {\n> + return 0; /* XZR */\n> + }\n> + return ctx->env->xregs[reg];\n> +}\n> +\n> +static void gpr_write(DisasContext *ctx, int reg, uint64_t val)\n> +{\n> + if (reg == 31) {\n> + return; /* XZR -- discard */\n> + }\n> + ctx->env->xregs[reg] = val;\n> + ctx->cpu->vcpu_dirty = true;\n> +}\n> +\n> +/* Base register access (Rn) -- register 31 = SP */\n> +\n> +static uint64_t base_read(DisasContext *ctx, int rn)\n> +{\n> + return ctx->env->xregs[rn];\n> +}\n> +\n> +static void base_write(DisasContext *ctx, int rn, uint64_t val)\n> +{\n> + ctx->env->xregs[rn] = val;\n> + ctx->cpu->vcpu_dirty = true;\n> +}\n> +\n> +/* SIMD/FP register access */\n> +\n> +static void fpreg_read(DisasContext *ctx, int reg, void *buf, int size)\n> +{\n> + memcpy(buf, &ctx->env->vfp.zregs[reg], size);\n> +}\n> +\n> +static void fpreg_write(DisasContext *ctx, int reg, const void *buf, int size)\n> +{\n> + memset(&ctx->env->vfp.zregs[reg], 0, sizeof(ctx->env->vfp.zregs[reg]));\n> + memcpy(&ctx->env->vfp.zregs[reg], buf, size);\n> + ctx->cpu->vcpu_dirty = true;\n> +}\n> +\n> +/*\n> + * Memory access via guest MMU translation.\n> + *\n> + * Translates the virtual address through the guest page tables using\n> + * get_phys_addr(), then performs the access on the resulting physical\n> + * address via address_space_read/write(). Each page-sized chunk is\n> + * translated independently, so accesses that span a page boundary\n> + * are handled correctly even when the pages map to different physical\n> + * addresses.\n> + */\n> +\nHello,\n\nPerhaps having a common version of this for fetching the instruction\n\nApart from that\n\nReviewed-by: Mohamed Mediouni \n> +static int mem_access(DisasContext *ctx, uint64_t va, void *buf, int size,\n> + MMUAccessType access_type)\n> +{\n> + ARMMMUIdx mmu_idx = arm_mmu_idx(ctx->env);\n> +\n> + while (size > 0) {\n> + int chunk = MIN(size, TARGET_PAGE_SIZE - (va & ~TARGET_PAGE_MASK));\n> + GetPhysAddrResult res = {};\n> + ARMMMUFaultInfo fi = {};\n> +\n> + if (get_phys_addr(ctx->env, va, access_type, 0, mmu_idx,\n> + &res, &fi)) {\n> + ctx->result = ARM_EMUL_ERR_MEM;\n> + return -1;\n> + }\n> +\n> + AddressSpace *as = arm_addressspace(ctx->cpu, res.f.attrs);\n> + MemTxResult txr;\n> +\n> + if (access_type == MMU_DATA_STORE) {\n> + txr = address_space_write(as, res.f.phys_addr, res.f.attrs,\n> + buf, chunk);\n> + } else {\n> + txr = address_space_read(as, res.f.phys_addr, res.f.attrs,\n> + buf, chunk);\n> + }\n> +\n> + if (txr != MEMTX_OK) {\n> + ctx->result = ARM_EMUL_ERR_MEM;\n> + return -1;\n> + }\n> +\n> + va += chunk;\n> + buf += chunk;\n> + size -= chunk;\n> + }\n> + return 0;\n> +}\n> +\n> +static int mem_read(DisasContext *ctx, uint64_t va, void *buf, int size)\n> +{\n> + return mem_access(ctx, va, buf, size, MMU_DATA_LOAD);\n> +}\n> +\n> +static int mem_write(DisasContext *ctx, uint64_t va, const void *buf, int size)\n> +{\n> + return mem_access(ctx, va, (void *)buf, size, MMU_DATA_STORE);\n> +}\n> +\n> +/*\n> + * Endian-aware GPR <-> memory buffer helpers.\n> + *\n> + * mem_read/mem_write transfer raw bytes between guest VA and a host buffer.\n> + * mem_ld/mem_st convert between a uint64_t register value and the guest\n> + * byte order in a memory buffer.\n> + */\n> +\n> +static uint64_t mem_ld(DisasContext *ctx, const void *buf, int size)\n> +{\n> + return ctx->be_data ? ldn_be_p(buf, size) : ldn_le_p(buf, size);\n> +}\n> +\n> +static void mem_st(DisasContext *ctx, void *buf, int size, uint64_t val)\n> +{\n> + if (ctx->be_data) {\n> + stn_be_p(buf, size, val);\n> + } else {\n> + stn_le_p(buf, size, val);\n> + }\n> +}\n> +\n> +/* Apply sign/zero extension */\n> +static uint64_t load_extend(uint64_t val, int sz, int sign, int ext)\n> +{\n> + int data_bits = 8 << sz;\n> +\n> + if (sign) {\n> + val = sextract64(val, 0, data_bits);\n> + if (ext) {\n> + /* Sign-extend to 32 bits (W register) */\n> + val &= 0xFFFFFFFF;\n> + }\n> + } else if (ext) {\n> + /* Zero-extend to 32 bits (W register) */\n> + val &= 0xFFFFFFFF;\n> + }\n> + return val;\n> +}\n> +\n> +/* Load/store single -- immediate (GPR) (DDI 0487 C3.3.8 -- C3.3.13) */\n> +\n> +static bool trans_STR_i(DisasContext *ctx, arg_ldst_imm *a)\n> +{\n> + int esize = (a->sz <= 3) ? (1 << a->sz) : 16;\n> + int64_t offset = a->u ? ((int64_t)(uint64_t)a->imm << a->sz)\n> + : (int64_t)a->imm;\n> + uint64_t base = base_read(ctx, a->rn);\n> + uint64_t va = a->p ? base : base + offset;\n> +\n> + uint8_t buf[16];\n> + uint64_t val = gpr_read(ctx, a->rt);\n> + mem_st(ctx, buf, esize, val);\n> + if (mem_write(ctx, va, buf, esize) != 0) {\n> + return true;\n> + }\n> +\n> + if (a->w) {\n> + base_write(ctx, a->rn, base + offset);\n> + }\n> + return true;\n> +}\n> +\n> +static bool trans_LDR_i(DisasContext *ctx, arg_ldst_imm *a)\n> +{\n> + int esize = (a->sz <= 3) ? (1 << a->sz) : 16;\n> + int64_t offset = a->u ? ((int64_t)(uint64_t)a->imm << a->sz)\n> + : (int64_t)a->imm;\n> + uint64_t base = base_read(ctx, a->rn);\n> + uint64_t va = a->p ? base : base + offset;\n> + uint8_t buf[16];\n> +\n> + if (mem_read(ctx, va, buf, esize) != 0) {\n> + return true;\n> + }\n> +\n> + uint64_t val = mem_ld(ctx, buf, esize);\n> + val = load_extend(val, a->sz, a->sign, a->ext);\n> + gpr_write(ctx, a->rt, val);\n> +\n> + if (a->w) {\n> + base_write(ctx, a->rn, base + offset);\n> + }\n> + return true;\n> +}\n> +\n> +/*\n> + * Load/store single -- immediate (SIMD/FP)\n> + * STR_v_i / LDR_v_i (DDI 0487 C3.3.10)\n> + */\n> +\n> +static bool trans_STR_v_i(DisasContext *ctx, arg_ldst_imm *a)\n> +{\n> + int esize = (a->sz <= 3) ? (1 << a->sz) : 16;\n> + int64_t offset = a->u ? ((int64_t)(uint64_t)a->imm << a->sz)\n> + : (int64_t)a->imm;\n> + uint64_t base = base_read(ctx, a->rn);\n> + uint64_t va = a->p ? base : base + offset;\n> + uint8_t buf[16];\n> +\n> + fpreg_read(ctx, a->rt, buf, esize);\n> + if (mem_write(ctx, va, buf, esize) != 0) {\n> + return true;\n> + }\n> +\n> + if (a->w) {\n> + base_write(ctx, a->rn, base + offset);\n> + }\n> + return true;\n> +}\n> +\n> +static bool trans_LDR_v_i(DisasContext *ctx, arg_ldst_imm *a)\n> +{\n> + int esize = (a->sz <= 3) ? (1 << a->sz) : 16;\n> + int64_t offset = a->u ? ((int64_t)(uint64_t)a->imm << a->sz)\n> + : (int64_t)a->imm;\n> + uint64_t base = base_read(ctx, a->rn);\n> + uint64_t va = a->p ? base : base + offset;\n> + uint8_t buf[16];\n> +\n> + if (mem_read(ctx, va, buf, esize) != 0) {\n> + return true;\n> + }\n> +\n> + fpreg_write(ctx, a->rt, buf, esize);\n> +\n> + if (a->w) {\n> + base_write(ctx, a->rn, base + offset);\n> + }\n> + return true;\n> +}\n> +\n> +/* PRFM, DC cache maintenance -- treated as NOP */\n> +static bool trans_NOP(DisasContext *ctx, arg_NOP *a)\n> +{\n> + return true;\n> +}\n> +\n> +/* Entry point */\n> +\n> +ArmEmulResult arm_emul_insn(CPUArchState *env, uint32_t insn)\n> +{\n> + DisasContext ctx = {\n> + .cpu = env_cpu(env),\n> + .env = env,\n> + .result = ARM_EMUL_OK,\n> + .be_data = arm_cpu_data_is_big_endian(env),\n> + };\n> +\n> + if (!decode_a64_ldst(&ctx, insn)) {\n> + return ARM_EMUL_UNHANDLED;\n> + }\n> +\n> + return ctx.result;\n> +}\n> diff --git a/target/arm/emulate/arm_emulate.h b/target/arm/emulate/arm_emulate.h\n> new file mode 100644\n> index 00000000..7fe29839\n> --- /dev/null\n> +++ b/target/arm/emulate/arm_emulate.h\n> @@ -0,0 +1,30 @@\n> +/*\n> + * AArch64 instruction emulation library\n> + *\n> + * Copyright (c) 2026 Lucas Amaral \n> + *\n> + * SPDX-License-Identifier: GPL-2.0-or-later\n> + */\n> +\n> +#ifndef ARM_EMULATE_H\n> +#define ARM_EMULATE_H\n> +\n> +#include \"qemu/osdep.h\"\n> +\n> +/**\n> + * ArmEmulResult - return status from arm_emul_insn()\n> + */\n> +typedef enum {\n> + ARM_EMUL_OK, /* Instruction emulated successfully */\n> + ARM_EMUL_UNHANDLED, /* Instruction not recognized by decoder */\n> + ARM_EMUL_ERR_MEM, /* Memory access failed */\n> +} ArmEmulResult;\n> +\n> +/**\n> + * arm_emul_insn - decode and emulate one AArch64 instruction\n> + *\n> + * Caller must synchronize CPU state and fetch @insn before calling.\n> + */\n> +ArmEmulResult arm_emul_insn(CPUArchState *env, uint32_t insn);\n> +\n> +#endif /* ARM_EMULATE_H */\n> diff --git a/target/arm/emulate/meson.build b/target/arm/emulate/meson.build\n> new file mode 100644\n> index 00000000..e5455bd2\n> --- /dev/null\n> +++ b/target/arm/emulate/meson.build\n> @@ -0,0 +1,8 @@\n> +# SPDX-License-Identifier: GPL-2.0-or-later\n> +\n> +gen_a64_ldst = decodetree.process('a64-ldst.decode',\n> + extra_args: ['--static-decode=decode_a64_ldst'])\n> +\n> +arm_common_system_ss.add(when: 'TARGET_AARCH64', if_true: [\n> + gen_a64_ldst, files('arm_emulate.c')\n> +])\n> diff --git a/target/arm/meson.build b/target/arm/meson.build\n> index 6e0e504a..a4b2291b 100644\n> --- a/target/arm/meson.build\n> +++ b/target/arm/meson.build\n> @@ -57,6 +57,7 @@ arm_common_system_ss.add(files(\n> 'vfp_fpscr.c',\n> ))\n> \n> +subdir('emulate')\n> subdir('hvf')\n> subdir('whpx')\n> \n> -- \n> 2.52.0\n>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=unpredictable.fr header.i=@unpredictable.fr\n header.a=rsa-sha256 header.s=sig1 header.b=Sv8FXKPH;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fsDkd44BVz1xtJ\n\tfor ; Fri, 10 Apr 2026 08:14:49 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from )\n\tid 1wAxe6-0004cF-QF; Thu, 09 Apr 2026 18:14:42 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wAxe4-0004bb-5y\n for qemu-devel@nongnu.org; Thu, 09 Apr 2026 18:14:40 -0400","from p-east2-cluster6-host2-snip4-9.eps.apple.com ([57.103.76.190]\n helo=outbound.st.icloud.com)\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from )\n id 1wAxe1-0002JO-A7\n for qemu-devel@nongnu.org; Thu, 09 Apr 2026 18:14:39 -0400","from outbound.st.icloud.com (unknown [127.0.0.2])\n by p00-icloudmta-asmtp-us-east-1a-100-percent-10 (Postfix) with ESMTPS id\n 5457B1800312; Thu, 09 Apr 2026 22:14:33 +0000 (UTC)","from smtpclient.apple (unknown [17.42.251.67])\n by p00-icloudmta-asmtp-us-east-1a-100-percent-10 (Postfix) with ESMTPSA id\n 41409180031D; Thu, 09 Apr 2026 22:14:31 +0000 (UTC)"],"Dkim-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=unpredictable.fr;\n s=sig1; t=1775772876; x=1778364876;\n bh=2u2GKWRSqns7S3qYkRyXeQRWvMouqQwgLDJKwfl6qh4=;\n h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To:x-icloud-hme;\n b=Sv8FXKPHOGAFjvupX67huh/3v1xUi8jGe3k3sMqNd3HdWZoRyd+Z/WEwu0P9gnXQ3mMdtVpsYYtfKDHYgmSVzllF0LzUrTJZ4vimL+hizTMjxHmbRiLRaLgsvRWaO6KGwatTNhBwofhjEjkWxj0ZVX8ghRgHlaqGY0Ci4LrOqKlX3rV//se8SifUJTj2RVUBNiKdnxcQqw+oUA3fwA8IEqa7t61XdIGR92zLOhXh64UV6rREL6IbkcK5sOyQARQBGPXGudAKh3itJLY6wh0hrjqyyWhWV2d2X+SWUYem89eD4+pB7DSfGXtA4+VdtWA1Mf4ramq6L8S71G3xtzFX7Q==","mail-alias-created-date":"1752046281608","Content-Type":"text/plain;\n\tcharset=utf-8","Mime-Version":"1.0 (Mac OS X Mail 16.0 \\(3864.500.181\\))","Subject":"Re: [PATCH v6 1/6] target/arm/emulate: add ISV=0 emulation library\n with load/store immediate","From":"Mohamed Mediouni ","In-Reply-To":"<20260409220614.65558-2-lucaaamaral@gmail.com>","Date":"Fri, 10 Apr 2026 00:14:19 +0200","Cc":"qemu-devel@nongnu.org, qemu-arm@nongnu.org, agraf@csgraf.de,\n peter.maydell@linaro.org, alex.bennee@linaro.org,\n richard.henderson@linaro.org","Content-Transfer-Encoding":"quoted-printable","Message-Id":"<9D54FE2F-DC48-4BAA-BF5E-B5D0E8168E52@unpredictable.fr>","References":"<20260409220614.65558-1-lucaaamaral@gmail.com>\n <20260409220614.65558-2-lucaaamaral@gmail.com>","To":"Lucas Amaral ","X-Mailer":"Apple Mail (2.3864.500.181)","X-Authority-Info-Out":"v=2.4 cv=dcSNHHXe c=1 sm=1 tr=0 ts=69d824ca\n cx=c_apl:c_pps:t_out a=YrL12D//S6tul8v/L+6tKg==:117\n a=YrL12D//S6tul8v/L+6tKg==:17 a=IkcTkHD0fZMA:10 a=A5OVakUREuEA:10\n a=VkNPw1HP01LnGYTKEx00:22 a=pGLkceISAAAA:8 a=qT8vexpjeekLdwMrx4kA:9\n a=QEXdDO2ut3YA:10","X-Proofpoint-GUID":"K6lA4lJ7hS6YrmQNsUWKY2RQKRE-AinP","X-Proofpoint-ORIG-GUID":"K6lA4lJ7hS6YrmQNsUWKY2RQKRE-AinP","X-Proofpoint-Spam-Details-Enc":"AW1haW4tMjYwNDA5MDIwNSBTYWx0ZWRfX7BcjutZC/ka0\n 0sPrLHOmuAzyvD05sGAVznbMHMEoBgnE7bdtpwCzYaeFDedUOuil5ALFeRLy0cM8w01pO8VDsEo\n oHkWj9WWpuWc/rrnpbj2SaoRkLWbRYO7bjHYOp/RLJj0LiTbcenFiprPQtI/x8AYibXrFMAwTxX\n +LWpJSRklhCuaWVPcLlzcDVHVpiYuNwmB3qnLCd+WP8fSQQpKVbD0qad8DGDbvTMRo3AEjZrWXm\n PrHU9Fi10YsbHWqZyQll9MlPIpZz/MgwfsrEMmaOcjqCO5FvFQU/FjopUwJ5V2nqV+j44xWEfgz\n 8HS4BcaDjNHN67T1uXTyD41ROsI+dPxdIprW2RrJ+53GO44035stZCHMX2ZEDg=","X-Proofpoint-Virus-Version":"vendor=baseguard\n engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49\n definitions=2026-04-09_04,2026-04-09_02,2025-10-01_01","X-Proofpoint-Spam-Details":"rule=notspam policy=default score=0 spamscore=0\n adultscore=0 suspectscore=0 phishscore=0 mlxscore=0 clxscore=1030\n mlxlogscore=999 malwarescore=0 lowpriorityscore=0 bulkscore=0 classifier=spam\n authscore=0 adjust=0 reason=mlx scancount=1 engine=8.22.0-2601150000\n definitions=main-2604090205","Received-SPF":"pass client-ip=57.103.76.190;\n envelope-from=mohamed@unpredictable.fr; helo=outbound.st.icloud.com","X-Spam_score_int":"-20","X-Spam_score":"-2.1","X-Spam_bar":"--","X-Spam_report":"(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,\n RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"}}]