cachepc-linux

isp.S (126515B)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MOTOROLA MICROPROCESSOR & MEMORY TECHNOLOGY GROUP
M68000 Hi-Performance Microprocessor Division
M68060 Software Package
Production Release P1.00 -- October 10, 1994

M68060 Software Package Copyright © 1993, 1994 Motorola Inc.  All rights reserved.

THE SOFTWARE is provided on an "AS IS" basis and without warranty.
To the maximum extent permitted by applicable law,
MOTOROLA DISCLAIMS ALL WARRANTIES WHETHER EXPRESS OR IMPLIED,
INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
and any warranty against infringement with regard to the SOFTWARE
(INCLUDING ANY MODIFIED VERSIONS THEREOF) and any accompanying written materials.

To the maximum extent permitted by applicable law,
IN NO EVENT SHALL MOTOROLA BE LIABLE FOR ANY DAMAGES WHATSOEVER
(INCLUDING WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS,
BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR OTHER PECUNIARY LOSS)
ARISING OF THE USE OR INABILITY TO USE THE SOFTWARE.
Motorola assumes no responsibility for the maintenance and support of the SOFTWARE.

You are hereby granted a copyright license to use, modify, and distribute the SOFTWARE
so long as this entire notice is retained without alteration in any modified and/or
redistributed versions, and that such modified versions are clearly identified as such.
No licenses are granted by implication, estoppel or otherwise under any patents
or trademarks of Motorola, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ireal.s:
#	This file is appended to the top of the 060ISP package
# and contains the entry points into the package. The user, in
# effect, branches to one of the branch table entries located
# after _060ISP_TABLE.
#	Also, subroutine stubs exist in this file (_isp_done for
# example) that are referenced by the ISP package itself in order
# to call a given routine. The stub routine actually performs the
# callout. The ISP code does a "bsr" to the stub routine. This
# extra layer of hierarchy adds a slight performance penalty but
# it makes the ISP code easier to read and more mainatinable.
#

set	_off_chk,	0x00
set	_off_divbyzero,	0x04
set	_off_trace,	0x08
set	_off_access,	0x0c
set	_off_done,	0x10

set	_off_cas,	0x14
set	_off_cas2,	0x18
set	_off_lock,	0x1c
set	_off_unlock,	0x20

set	_off_imr,	0x40
set	_off_dmr,	0x44
set	_off_dmw,	0x48
set	_off_irw,	0x4c
set	_off_irl,	0x50
set	_off_drb,	0x54
set	_off_drw,	0x58
set	_off_drl,	0x5c
set	_off_dwb,	0x60
set	_off_dww,	0x64
set	_off_dwl,	0x68

_060ISP_TABLE:

# Here's the table of ENTRY POINTS for those linking the package.
	bra.l		_isp_unimp
	short		0x0000

	bra.l		_isp_cas
	short		0x0000

	bra.l		_isp_cas2
	short		0x0000

	bra.l		_isp_cas_finish
	short		0x0000

	bra.l		_isp_cas2_finish
	short		0x0000

	bra.l		_isp_cas_inrange
	short		0x0000

	bra.l		_isp_cas_terminate
	short		0x0000

	bra.l		_isp_cas_restart
	short		0x0000

	space		64

#############################################################

	global		_real_chk
_real_chk:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_chk,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_real_divbyzero
_real_divbyzero:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_divbyzero,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_real_trace
_real_trace:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_trace,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_real_access
_real_access:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_access,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_isp_done
_isp_done:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_done,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

#######################################

	global		_real_cas
_real_cas:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_cas,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_real_cas2
_real_cas2:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_cas2,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_real_lock_page
_real_lock_page:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_lock,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_real_unlock_page
_real_unlock_page:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_unlock,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

#######################################

	global		_imem_read
_imem_read:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_imr,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_dmem_read
_dmem_read:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_dmr,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_dmem_write
_dmem_write:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_dmw,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_imem_read_word
_imem_read_word:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_irw,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_imem_read_long
_imem_read_long:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_irl,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_dmem_read_byte
_dmem_read_byte:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_drb,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_dmem_read_word
_dmem_read_word:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_drw,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_dmem_read_long
_dmem_read_long:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_drl,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_dmem_write_byte
_dmem_write_byte:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_dwb,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_dmem_write_word
_dmem_write_word:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_dww,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

	global		_dmem_write_long
_dmem_write_long:
	mov.l		%d0,-(%sp)
	mov.l		(_060ISP_TABLE-0x80+_off_dwl,%pc),%d0
	pea.l		(_060ISP_TABLE-0x80,%pc,%d0)
	mov.l		0x4(%sp),%d0
	rtd		&0x4

#
# This file contains a set of define statements for constants
# in oreder to promote readability within the core code itself.
#

set LOCAL_SIZE,		96			# stack frame size(bytes)
set LV,			-LOCAL_SIZE		# stack offset

set EXC_ISR,		0x4			# stack status register
set EXC_IPC,		0x6			# stack pc
set EXC_IVOFF,		0xa			# stacked vector offset

set EXC_AREGS,		LV+64			# offset of all address regs
set EXC_DREGS,		LV+32			# offset of all data regs

set EXC_A7,		EXC_AREGS+(7*4)		# offset of a7
set EXC_A6,		EXC_AREGS+(6*4)		# offset of a6
set EXC_A5,		EXC_AREGS+(5*4)		# offset of a5
set EXC_A4,		EXC_AREGS+(4*4)		# offset of a4
set EXC_A3,		EXC_AREGS+(3*4)		# offset of a3
set EXC_A2,		EXC_AREGS+(2*4)		# offset of a2
set EXC_A1,		EXC_AREGS+(1*4)		# offset of a1
set EXC_A0,		EXC_AREGS+(0*4)		# offset of a0
set EXC_D7,		EXC_DREGS+(7*4)		# offset of d7
set EXC_D6,		EXC_DREGS+(6*4)		# offset of d6
set EXC_D5,		EXC_DREGS+(5*4)		# offset of d5
set EXC_D4,		EXC_DREGS+(4*4)		# offset of d4
set EXC_D3,		EXC_DREGS+(3*4)		# offset of d3
set EXC_D2,		EXC_DREGS+(2*4)		# offset of d2
set EXC_D1,		EXC_DREGS+(1*4)		# offset of d1
set EXC_D0,		EXC_DREGS+(0*4)		# offset of d0

set EXC_TEMP,		LV+16			# offset of temp stack space

set EXC_SAVVAL,		LV+12			# offset of old areg value
set EXC_SAVREG,		LV+11			# offset of old areg index

set SPCOND_FLG,		LV+10			# offset of spc condition flg

set EXC_CC,		LV+8			# offset of cc register
set EXC_EXTWPTR,	LV+4			# offset of current PC
set EXC_EXTWORD,	LV+2			# offset of current ext opword
set EXC_OPWORD,		LV+0			# offset of current opword

###########################
# SPecial CONDition FLaGs #
###########################
set mia7_flg,		0x04			# (a7)+ flag
set mda7_flg,		0x08			# -(a7) flag
set ichk_flg,		0x10			# chk exception flag
set idbyz_flg,		0x20			# divbyzero flag
set restore_flg,	0x40			# restore -(an)+ flag
set immed_flg,		0x80			# immediate data flag

set mia7_bit,		0x2			# (a7)+ bit
set mda7_bit,		0x3			# -(a7) bit
set ichk_bit,		0x4			# chk exception bit
set idbyz_bit,		0x5			# divbyzero bit
set restore_bit,	0x6			# restore -(a7)+ bit
set immed_bit,		0x7			# immediate data bit

#########
# Misc. #
#########
set BYTE,		1			# len(byte) == 1 byte
set WORD,		2			# len(word) == 2 bytes
set LONG,		4			# len(longword) == 4 bytes

#########################################################################
# XDEF ****************************************************************	#
#	_isp_unimp(): 060ISP entry point for Unimplemented Instruction	#
#									#
#	This handler should be the first code executed upon taking the	#
#	"Unimplemented Integer Instruction" exception in an operating	#
#	system.								#
#									#
# XREF ****************************************************************	#
#	_imem_read_{word,long}() - read instruction word/longword	#
#	_mul64() - emulate 64-bit multiply				#
#	_div64() - emulate 64-bit divide				#
#	_moveperipheral() - emulate "movep"				#
#	_compandset() - emulate misaligned "cas"			#
#	_compandset2() - emulate "cas2"					#
#	_chk2_cmp2() - emulate "cmp2" and "chk2"			#
#	_isp_done() - "callout" for normal final exit			#
#	_real_trace() - "callout" for Trace exception			#
#	_real_chk() - "callout" for Chk exception			#
#	_real_divbyzero() - "callout" for DZ exception			#
#	_real_access() - "callout" for access error exception		#
#									#
# INPUT ***************************************************************	#
#	- The system stack contains the Unimp Int Instr stack frame	#
#									#
# OUTPUT **************************************************************	#
#	If Trace exception:						#
#	- The system stack changed to contain Trace exc stack frame	#
#	If Chk exception:						#
#	- The system stack changed to contain Chk exc stack frame	#
#	If DZ exception:						#
#	- The system stack changed to contain DZ exc stack frame	#
#	If access error exception:					#
#	- The system stack changed to contain access err exc stk frame	#
#	Else:								#
#	- Results saved as appropriate					#
#									#
# ALGORITHM ***********************************************************	#
#	This handler fetches the first instruction longword from	#
# memory and decodes it to determine which of the unimplemented		#
# integer instructions caused this exception. This handler then calls	#
# one of _mul64(), _div64(), _moveperipheral(), _compandset(),		#
# _compandset2(), or _chk2_cmp2() as appropriate.			#
#	Some of these instructions, by their nature, may produce other	#
# types of exceptions. "div" can produce a divide-by-zero exception,	#
# and "chk2" can cause a "Chk" exception. In both cases, the current	#
# exception stack frame must be converted to an exception stack frame	#
# of the correct exception type and an exit must be made through	#
# _real_divbyzero() or _real_chk() as appropriate. In addition, all	#
# instructions may be executing while Trace is enabled. If so, then	#
# a Trace exception stack frame must be created and an exit made	#
# through _real_trace().						#
#	Meanwhile, if any read or write to memory using the		#
# _mem_{read,write}() "callout"s returns a failing value, then an	#
# access error frame must be created and an exit made through		#
# _real_access().							#
#	If none of these occur, then a normal exit is made through	#
# _isp_done().								#
#									#
#	This handler, upon entry, saves almost all user-visible		#
# address and data registers to the stack. Although this may seem to	#
# cause excess memory traffic, it was found that due to having to	#
# access these register files for things like data retrieval and <ea>	#
# calculations, it was more efficient to have them on the stack where	#
# they could be accessed by indexing rather than to make subroutine	#
# calls to retrieve a register of a particular index.			#
#									#
#########################################################################

	global		_isp_unimp
_isp_unimp:
	link.w		%a6,&-LOCAL_SIZE	# create room for stack frame

	movm.l		&0x3fff,EXC_DREGS(%a6)	# store d0-d7/a0-a5
	mov.l		(%a6),EXC_A6(%a6)	# store a6

	btst		&0x5,EXC_ISR(%a6)	# from s or u mode?
	bne.b		uieh_s			# supervisor mode
uieh_u:
	mov.l		%usp,%a0		# fetch user stack pointer
	mov.l		%a0,EXC_A7(%a6)		# store a7
	bra.b		uieh_cont
uieh_s:
	lea		0xc(%a6),%a0
	mov.l		%a0,EXC_A7(%a6)		# store corrected sp

###############################################################################

uieh_cont:
	clr.b		SPCOND_FLG(%a6)		# clear "special case" flag

	mov.w		EXC_ISR(%a6),EXC_CC(%a6) # store cc copy on stack
	mov.l		EXC_IPC(%a6),EXC_EXTWPTR(%a6) # store extwptr on stack

#
# fetch the opword and first extension word pointed to by the stacked pc
# and store them to the stack for now
#
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x4,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_long		# fetch opword & extword
	mov.l		%d0,EXC_OPWORD(%a6)	# store extword on stack


#########################################################################
# muls.l	0100 1100 00 |<ea>|	0*** 1100 0000 0***		#
# mulu.l	0100 1100 00 |<ea>|	0*** 0100 0000 0***		#
#									#
# divs.l	0100 1100 01 |<ea>|	0*** 1100 0000 0***		#
# divu.l	0100 1100 01 |<ea>|	0*** 0100 0000 0***		#
#									#
# movep.w m2r	0000 ***1 00 001***	| <displacement>  |		#
# movep.l m2r	0000 ***1 01 001***	| <displacement>  |		#
# movep.w r2m	0000 ***1 10 001***	| <displacement>  |		#
# movep.l r2m	0000 ***1 11 001***	| <displacement>  |		#
#									#
# cas.w		0000 1100 11 |<ea>|	0000 000* **00 0***		#
# cas.l		0000 1110 11 |<ea>|	0000 000* **00 0***		#
#									#
# cas2.w	0000 1100 11 111100	**** 000* **00 0***		#
#					**** 000* **00 0***		#
# cas2.l	0000 1110 11 111100	**** 000* **00 0***		#
#					**** 000* **00 0***		#
#									#
# chk2.b	0000 0000 11 |<ea>|	**** 1000 0000 0000		#
# chk2.w	0000 0010 11 |<ea>|	**** 1000 0000 0000		#
# chk2.l	0000 0100 11 |<ea>|	**** 1000 0000 0000		#
#									#
# cmp2.b	0000 0000 11 |<ea>|	**** 0000 0000 0000		#
# cmp2.w	0000 0010 11 |<ea>|	**** 0000 0000 0000		#
# cmp2.l	0000 0100 11 |<ea>|	**** 0000 0000 0000		#
#########################################################################

#
# using bit 14 of the operation word, separate into 2 groups:
# (group1) mul64, div64
# (group2) movep, chk2, cmp2, cas2, cas
#
	btst		&0x1e,%d0		# group1 or group2
	beq.b		uieh_group2		# go handle group2

#
# now, w/ group1, make mul64's decode the fastest since it will
# most likely be used the most.
#
uieh_group1:
	btst		&0x16,%d0		# test for div64
	bne.b		uieh_div64		# go handle div64

uieh_mul64:
# mul64() may use ()+ addressing and may, therefore, alter a7

	bsr.l		_mul64			# _mul64()

	btst		&0x5,EXC_ISR(%a6)	# supervisor mode?
	beq.w		uieh_done
	btst		&mia7_bit,SPCOND_FLG(%a6) # was a7 changed?
	beq.w		uieh_done		# no
	btst		&0x7,EXC_ISR(%a6)	# is trace enabled?
	bne.w		uieh_trace_a7		# yes
	bra.w		uieh_a7			# no

uieh_div64:
# div64() may use ()+ addressing and may, therefore, alter a7.
# div64() may take a divide by zero exception.

	bsr.l		_div64			# _div64()

# here, we sort out all of the special cases that may have happened.
	btst		&mia7_bit,SPCOND_FLG(%a6) # was a7 changed?
	bne.b		uieh_div64_a7		# yes
uieh_div64_dbyz:
	btst		&idbyz_bit,SPCOND_FLG(%a6) # did divide-by-zero occur?
	bne.w		uieh_divbyzero		# yes
	bra.w		uieh_done		# no
uieh_div64_a7:
	btst		&0x5,EXC_ISR(%a6)	# supervisor mode?
	beq.b		uieh_div64_dbyz		# no
# here, a7 has been incremented by 4 bytes in supervisor mode. we still
# may have the following 3 cases:
#	(i)	(a7)+
#	(ii)	(a7)+; trace
#	(iii)	(a7)+; divide-by-zero
#
	btst		&idbyz_bit,SPCOND_FLG(%a6) # did divide-by-zero occur?
	bne.w		uieh_divbyzero_a7	# yes
	tst.b		EXC_ISR(%a6)		# no; is trace enabled?
	bmi.w		uieh_trace_a7		# yes
	bra.w		uieh_a7			# no

#
# now, w/ group2, make movep's decode the fastest since it will
# most likely be used the most.
#
uieh_group2:
	btst		&0x18,%d0		# test for not movep
	beq.b		uieh_not_movep


	bsr.l		_moveperipheral		# _movep()
	bra.w		uieh_done

uieh_not_movep:
	btst		&0x1b,%d0		# test for chk2,cmp2
	beq.b		uieh_chk2cmp2		# go handle chk2,cmp2

	swap		%d0			# put opword in lo word
	cmpi.b		%d0,&0xfc		# test for cas2
	beq.b		uieh_cas2		# go handle cas2

uieh_cas:

	bsr.l		_compandset		# _cas()

# the cases of "cas Dc,Du,(a7)+" and "cas Dc,Du,-(a7)" used from supervisor
# mode are simply not considered valid and therefore are not handled.

	bra.w		uieh_done

uieh_cas2:

	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word		# read extension word

	tst.l		%d1			# ifetch error?
	bne.w		isp_iacc		# yes

	bsr.l		_compandset2		# _cas2()
	bra.w		uieh_done

uieh_chk2cmp2:
# chk2 may take a chk exception

	bsr.l		_chk2_cmp2		# _chk2_cmp2()

# here we check to see if a chk trap should be taken
	cmpi.b		SPCOND_FLG(%a6),&ichk_flg
	bne.w		uieh_done
	bra.b		uieh_chk_trap

###########################################################################

#
# the required emulation has been completed. now, clean up the necessary stack
# info and prepare for rte
#
uieh_done:
	mov.b		EXC_CC+1(%a6),EXC_ISR+1(%a6) # insert new ccodes

# if exception occurred in user mode, then we have to restore a7 in case it
# changed. we don't have to update a7  for supervisor mose because that case
# doesn't flow through here
	btst		&0x5,EXC_ISR(%a6)	# user or supervisor?
	bne.b		uieh_finish		# supervisor

	mov.l		EXC_A7(%a6),%a0		# fetch user stack pointer
	mov.l		%a0,%usp		# restore it

uieh_finish:
	movm.l		EXC_DREGS(%a6),&0x3fff	# restore d0-d7/a0-a5

	btst		&0x7,EXC_ISR(%a6)	# is trace mode on?
	bne.b		uieh_trace		# yes;go handle trace mode

	mov.l		EXC_EXTWPTR(%a6),EXC_IPC(%a6) # new pc on stack frame
	mov.l		EXC_A6(%a6),(%a6)	# prepare new a6 for unlink
	unlk		%a6			# unlink stack frame
	bra.l		_isp_done

#
# The instruction that was just emulated was also being traced. The trace
# trap for this instruction will be lost unless we jump to the trace handler.
# So, here we create a Trace Exception format number two exception stack
# frame from the Unimplemented Integer Intruction Exception stack frame
# format number zero and jump to the user supplied hook "_real_trace()".
#
#		   UIEH FRAME		   TRACE FRAME
#		*****************	*****************
#		* 0x0 *  0x0f4	*	*    Current	*
#		*****************	*      PC	*
#		*    Current	*	*****************
#		*      PC	*	* 0x2 *  0x024	*
#		*****************	*****************
#		*      SR	*	*     Next	*
#		*****************	*      PC	*
#	      ->*     Old	*	*****************
#  from link -->*      A6	*	*      SR	*
#	        *****************	*****************
#	       /*      A7	*	*      New	* <-- for final unlink
#	      / *		*	*      A6	*
# link frame <  *****************	*****************
#	      \ ~		~	~		~
#	       \*****************	*****************
#
uieh_trace:
	mov.l		EXC_A6(%a6),-0x4(%a6)
	mov.w		EXC_ISR(%a6),0x0(%a6)
	mov.l		EXC_IPC(%a6),0x8(%a6)
	mov.l		EXC_EXTWPTR(%a6),0x2(%a6)
	mov.w		&0x2024,0x6(%a6)
	sub.l		&0x4,%a6
	unlk		%a6
	bra.l		_real_trace

#
#	   UIEH FRAME		    CHK FRAME
#	*****************	*****************
#	* 0x0 *  0x0f4	*	*    Current	*
#	*****************	*      PC	*
#	*    Current	*	*****************
#	*      PC	*	* 0x2 *  0x018	*
#	*****************	*****************
#	*      SR	*	*     Next	*
#	*****************	*      PC	*
#	    (4 words)		*****************
#				*      SR	*
#				*****************
#				    (6 words)
#
# the chk2 instruction should take a chk trap. so, here we must create a
# chk stack frame from an unimplemented integer instruction exception frame
# and jump to the user supplied entry point "_real_chk()".
#
uieh_chk_trap:
	mov.b		EXC_CC+1(%a6),EXC_ISR+1(%a6) # insert new ccodes
	movm.l		EXC_DREGS(%a6),&0x3fff	# restore d0-d7/a0-a5

	mov.w		EXC_ISR(%a6),(%a6)	# put new SR on stack
	mov.l		EXC_IPC(%a6),0x8(%a6)	# put "Current PC" on stack
	mov.l		EXC_EXTWPTR(%a6),0x2(%a6) # put "Next PC" on stack
	mov.w		&0x2018,0x6(%a6)	# put Vector Offset on stack

	mov.l		EXC_A6(%a6),%a6		# restore a6
	add.l		&LOCAL_SIZE,%sp		# clear stack frame

	bra.l		_real_chk

#
#	   UIEH FRAME		 DIVBYZERO FRAME
#	*****************	*****************
#	* 0x0 *  0x0f4	*	*    Current	*
#	*****************	*      PC	*
#	*    Current	*	*****************
#	*      PC	*	* 0x2 *  0x014	*
#	*****************	*****************
#	*      SR	*	*     Next	*
#	*****************	*      PC	*
#	    (4 words)		*****************
#				*      SR	*
#				*****************
#				    (6 words)
#
# the divide instruction should take an integer divide by zero trap. so, here
# we must create a divbyzero stack frame from an unimplemented integer
# instruction exception frame and jump to the user supplied entry point
# "_real_divbyzero()".
#
uieh_divbyzero:
	mov.b		EXC_CC+1(%a6),EXC_ISR+1(%a6) # insert new ccodes
	movm.l		EXC_DREGS(%a6),&0x3fff	# restore d0-d7/a0-a5

	mov.w		EXC_ISR(%a6),(%a6)	# put new SR on stack
	mov.l		EXC_IPC(%a6),0x8(%a6)	# put "Current PC" on stack
	mov.l		EXC_EXTWPTR(%a6),0x2(%a6) # put "Next PC" on stack
	mov.w		&0x2014,0x6(%a6)	# put Vector Offset on stack

	mov.l		EXC_A6(%a6),%a6		# restore a6
	add.l		&LOCAL_SIZE,%sp		# clear stack frame

	bra.l		_real_divbyzero

#
#				 DIVBYZERO FRAME
#				*****************
#				*    Current	*
#	   UIEH FRAME		*      PC	*
#	*****************	*****************
#	* 0x0 *  0x0f4	*	* 0x2 * 0x014	*
#	*****************	*****************
#	*    Current	*	*     Next	*
#	*      PC	*	*      PC	*
#	*****************	*****************
#	*      SR	*	*      SR	*
#	*****************	*****************
#	    (4 words)		    (6 words)
#
# the divide instruction should take an integer divide by zero trap. so, here
# we must create a divbyzero stack frame from an unimplemented integer
# instruction exception frame and jump to the user supplied entry point
# "_real_divbyzero()".
#
# However, we must also deal with the fact that (a7)+ was used from supervisor
# mode, thereby shifting the stack frame up 4 bytes.
#
uieh_divbyzero_a7:
	mov.b		EXC_CC+1(%a6),EXC_ISR+1(%a6) # insert new ccodes
	movm.l		EXC_DREGS(%a6),&0x3fff	# restore d0-d7/a0-a5

	mov.l		EXC_IPC(%a6),0xc(%a6)	# put "Current PC" on stack
	mov.w		&0x2014,0xa(%a6)	# put Vector Offset on stack
	mov.l		EXC_EXTWPTR(%a6),0x6(%a6) # put "Next PC" on stack

	mov.l		EXC_A6(%a6),%a6		# restore a6
	add.l		&4+LOCAL_SIZE,%sp	# clear stack frame

	bra.l		_real_divbyzero

#
#				   TRACE FRAME
#				*****************
#				*    Current	*
#	   UIEH FRAME		*      PC	*
#	*****************	*****************
#	* 0x0 *  0x0f4	*	* 0x2 * 0x024	*
#	*****************	*****************
#	*    Current	*	*     Next	*
#	*      PC	*	*      PC	*
#	*****************	*****************
#	*      SR	*	*      SR	*
#	*****************	*****************
#	    (4 words)		    (6 words)
#
#
# The instruction that was just emulated was also being traced. The trace
# trap for this instruction will be lost unless we jump to the trace handler.
# So, here we create a Trace Exception format number two exception stack
# frame from the Unimplemented Integer Intruction Exception stack frame
# format number zero and jump to the user supplied hook "_real_trace()".
#
# However, we must also deal with the fact that (a7)+ was used from supervisor
# mode, thereby shifting the stack frame up 4 bytes.
#
uieh_trace_a7:
	mov.b		EXC_CC+1(%a6),EXC_ISR+1(%a6) # insert new ccodes
	movm.l		EXC_DREGS(%a6),&0x3fff	# restore d0-d7/a0-a5

	mov.l		EXC_IPC(%a6),0xc(%a6)	# put "Current PC" on stack
	mov.w		&0x2024,0xa(%a6)	# put Vector Offset on stack
	mov.l		EXC_EXTWPTR(%a6),0x6(%a6) # put "Next PC" on stack

	mov.l		EXC_A6(%a6),%a6		# restore a6
	add.l		&4+LOCAL_SIZE,%sp	# clear stack frame

	bra.l		_real_trace

#
#				   UIEH FRAME
#				*****************
#				* 0x0 * 0x0f4	*
#	   UIEH FRAME		*****************
#	*****************	*     Next	*
#	* 0x0 *  0x0f4	*	*      PC	*
#	*****************	*****************
#	*    Current	*	*      SR	*
#	*      PC	*	*****************
#	*****************	    (4 words)
#	*      SR	*
#	*****************
#	    (4 words)
uieh_a7:
	mov.b		EXC_CC+1(%a6),EXC_ISR+1(%a6) # insert new ccodes
	movm.l		EXC_DREGS(%a6),&0x3fff	# restore d0-d7/a0-a5

	mov.w		&0x00f4,0xe(%a6)	# put Vector Offset on stack
	mov.l		EXC_EXTWPTR(%a6),0xa(%a6) # put "Next PC" on stack
	mov.w		EXC_ISR(%a6),0x8(%a6)	# put SR on stack

	mov.l		EXC_A6(%a6),%a6		# restore a6
	add.l		&8+LOCAL_SIZE,%sp	# clear stack frame
	bra.l		_isp_done

##########

# this is the exit point if a data read or write fails.
# a0 = failing address
# d0 = fslw
isp_dacc:
	mov.l		%a0,(%a6)		# save address
	mov.l		%d0,-0x4(%a6)		# save partial fslw

	lea		-64(%a6),%sp
	movm.l		(%sp)+,&0x7fff		# restore d0-d7/a0-a6

	mov.l		0xc(%sp),-(%sp)		# move voff,hi(pc)
	mov.l		0x4(%sp),0x10(%sp)	# store fslw
	mov.l		0xc(%sp),0x4(%sp)	# store sr,lo(pc)
	mov.l		0x8(%sp),0xc(%sp)	# store address
	mov.l		(%sp)+,0x4(%sp)		# store voff,hi(pc)
	mov.w		&0x4008,0x6(%sp)	# store new voff

	bra.b		isp_acc_exit

# this is the exit point if an instruction word read fails.
# FSLW:
#	misaligned = true
#	read = true
#	size = word
#	instruction = true
#	software emulation error = true
isp_iacc:
	movm.l		EXC_DREGS(%a6),&0x3fff	# restore d0-d7/a0-a5
	unlk		%a6			# unlink frame
	sub.w		&0x8,%sp		# make room for acc frame
	mov.l		0x8(%sp),(%sp)		# store sr,lo(pc)
	mov.w		0xc(%sp),0x4(%sp)	# store hi(pc)
	mov.w		&0x4008,0x6(%sp)	# store new voff
	mov.l		0x2(%sp),0x8(%sp)	# store address (=pc)
	mov.l		&0x09428001,0xc(%sp)	# store fslw

isp_acc_exit:
	btst		&0x5,(%sp)		# user or supervisor?
	beq.b		isp_acc_exit2		# user
	bset		&0x2,0xd(%sp)		# set supervisor TM bit
isp_acc_exit2:
	bra.l		_real_access

# if the addressing mode was (an)+ or -(an), the address register must
# be restored to its pre-exception value before entering _real_access.
isp_restore:
	cmpi.b		SPCOND_FLG(%a6),&restore_flg # do we need a restore?
	bne.b		isp_restore_done	# no
	clr.l		%d0
	mov.b		EXC_SAVREG(%a6),%d0	# regno to restore
	mov.l		EXC_SAVVAL(%a6),(EXC_AREGS,%a6,%d0.l*4) # restore value
isp_restore_done:
	rts

#########################################################################
# XDEF ****************************************************************	#
#	_calc_ea(): routine to calculate effective address		#
#									#
# XREF ****************************************************************	#
#	_imem_read_word() - read instruction word			#
#	_imem_read_long() - read instruction longword			#
#	_dmem_read_long() - read data longword (for memory indirect)	#
#	isp_iacc() - handle instruction access error exception		#
#	isp_dacc() - handle data access error exception			#
#									#
# INPUT ***************************************************************	#
#	d0 = number of bytes related to effective address (w,l)		#
#									#
# OUTPUT **************************************************************	#
#	If exiting through isp_dacc...					#
#		a0 = failing address					#
#		d0 = FSLW						#
#	elsif exiting though isp_iacc...				#
#		none							#
#	else								#
#		a0 = effective address					#
#									#
# ALGORITHM ***********************************************************	#
#	The effective address type is decoded from the opword residing	#
# on the stack. A jump table is used to vector to a routine for the	#
# appropriate mode. Since none of the emulated integer instructions	#
# uses byte-sized operands, only handle word and long operations.	#
#									#
#	Dn,An	- shouldn't enter here					#
#	(An)	- fetch An value from stack				#
#	-(An)	- fetch An value from stack; return decr value;		#
#		  place decr value on stack; store old value in case of	#
#		  future access error; if -(a7), set mda7_flg in	#
#		  SPCOND_FLG						#
#	(An)+	- fetch An value from stack; return value;		#
#		  place incr value on stack; store old value in case of	#
#		  future access error; if (a7)+, set mia7_flg in	#
#		  SPCOND_FLG						#
#	(d16,An) - fetch An value from stack; read d16 using		#
#		  _imem_read_word(); fetch may fail -> branch to	#
#		  isp_iacc()						#
#	(xxx).w,(xxx).l - use _imem_read_{word,long}() to fetch		#
#		  address; fetch may fail				#
#	#<data> - return address of immediate value; set immed_flg	#
#		  in SPCOND_FLG						#
#	(d16,PC) - fetch stacked PC value; read d16 using		#
#		  _imem_read_word(); fetch may fail -> branch to	#
#		  isp_iacc()						#
#	everything else - read needed displacements as appropriate w/	#
#		  _imem_read_{word,long}(); read may fail; if memory	#
#		  indirect, read indirect address using			#
#		  _dmem_read_long() which may also fail			#
#									#
#########################################################################

	global		_calc_ea
_calc_ea:
	mov.l		%d0,%a0			# move # bytes to a0

# MODE and REG are taken from the EXC_OPWORD.
	mov.w		EXC_OPWORD(%a6),%d0	# fetch opcode word
	mov.w		%d0,%d1			# make a copy

	andi.w		&0x3f,%d0		# extract mode field
	andi.l		&0x7,%d1		# extract reg  field

# jump to the corresponding function for each {MODE,REG} pair.
	mov.w		(tbl_ea_mode.b,%pc,%d0.w*2), %d0 # fetch jmp distance
	jmp		(tbl_ea_mode.b,%pc,%d0.w*1) # jmp to correct ea mode

	swbeg		&64
tbl_ea_mode:
	short		tbl_ea_mode	-	tbl_ea_mode
	short		tbl_ea_mode	-	tbl_ea_mode
	short		tbl_ea_mode	-	tbl_ea_mode
	short		tbl_ea_mode	-	tbl_ea_mode
	short		tbl_ea_mode	-	tbl_ea_mode
	short		tbl_ea_mode	-	tbl_ea_mode
	short		tbl_ea_mode	-	tbl_ea_mode
	short		tbl_ea_mode	-	tbl_ea_mode

	short		tbl_ea_mode	-	tbl_ea_mode
	short		tbl_ea_mode	-	tbl_ea_mode
	short		tbl_ea_mode	-	tbl_ea_mode
	short		tbl_ea_mode	-	tbl_ea_mode
	short		tbl_ea_mode	-	tbl_ea_mode
	short		tbl_ea_mode	-	tbl_ea_mode
	short		tbl_ea_mode	-	tbl_ea_mode
	short		tbl_ea_mode	-	tbl_ea_mode

	short		addr_ind_a0	-	tbl_ea_mode
	short		addr_ind_a1	-	tbl_ea_mode
	short		addr_ind_a2	-	tbl_ea_mode
	short		addr_ind_a3	-	tbl_ea_mode
	short		addr_ind_a4	-	tbl_ea_mode
	short		addr_ind_a5	-	tbl_ea_mode
	short		addr_ind_a6	-	tbl_ea_mode
	short		addr_ind_a7	-	tbl_ea_mode

	short		addr_ind_p_a0	-	tbl_ea_mode
	short		addr_ind_p_a1	-	tbl_ea_mode
	short		addr_ind_p_a2	-	tbl_ea_mode
	short		addr_ind_p_a3	-	tbl_ea_mode
	short		addr_ind_p_a4	-	tbl_ea_mode
	short		addr_ind_p_a5	-	tbl_ea_mode
	short		addr_ind_p_a6	-	tbl_ea_mode
	short		addr_ind_p_a7	-	tbl_ea_mode

	short		addr_ind_m_a0		-	tbl_ea_mode
	short		addr_ind_m_a1		-	tbl_ea_mode
	short		addr_ind_m_a2		-	tbl_ea_mode
	short		addr_ind_m_a3		-	tbl_ea_mode
	short		addr_ind_m_a4		-	tbl_ea_mode
	short		addr_ind_m_a5		-	tbl_ea_mode
	short		addr_ind_m_a6		-	tbl_ea_mode
	short		addr_ind_m_a7		-	tbl_ea_mode

	short		addr_ind_disp_a0	-	tbl_ea_mode
	short		addr_ind_disp_a1	-	tbl_ea_mode
	short		addr_ind_disp_a2	-	tbl_ea_mode
	short		addr_ind_disp_a3	-	tbl_ea_mode
	short		addr_ind_disp_a4	-	tbl_ea_mode
	short		addr_ind_disp_a5	-	tbl_ea_mode
	short		addr_ind_disp_a6	-	tbl_ea_mode
	short		addr_ind_disp_a7	-	tbl_ea_mode

	short		_addr_ind_ext		-	tbl_ea_mode
	short		_addr_ind_ext		-	tbl_ea_mode
	short		_addr_ind_ext		-	tbl_ea_mode
	short		_addr_ind_ext		-	tbl_ea_mode
	short		_addr_ind_ext		-	tbl_ea_mode
	short		_addr_ind_ext		-	tbl_ea_mode
	short		_addr_ind_ext		-	tbl_ea_mode
	short		_addr_ind_ext		-	tbl_ea_mode

	short		abs_short		-	tbl_ea_mode
	short		abs_long		-	tbl_ea_mode
	short		pc_ind			-	tbl_ea_mode
	short		pc_ind_ext		-	tbl_ea_mode
	short		immediate		-	tbl_ea_mode
	short		tbl_ea_mode		-	tbl_ea_mode
	short		tbl_ea_mode		-	tbl_ea_mode
	short		tbl_ea_mode		-	tbl_ea_mode

###################################
# Address register indirect: (An) #
###################################
addr_ind_a0:
	mov.l		EXC_A0(%a6),%a0		# Get current a0
	rts

addr_ind_a1:
	mov.l		EXC_A1(%a6),%a0		# Get current a1
	rts

addr_ind_a2:
	mov.l		EXC_A2(%a6),%a0		# Get current a2
	rts

addr_ind_a3:
	mov.l		EXC_A3(%a6),%a0		# Get current a3
	rts

addr_ind_a4:
	mov.l		EXC_A4(%a6),%a0		# Get current a4
	rts

addr_ind_a5:
	mov.l		EXC_A5(%a6),%a0		# Get current a5
	rts

addr_ind_a6:
	mov.l		EXC_A6(%a6),%a0		# Get current a6
	rts

addr_ind_a7:
	mov.l		EXC_A7(%a6),%a0		# Get current a7
	rts

#####################################################
# Address register indirect w/ postincrement: (An)+ #
#####################################################
addr_ind_p_a0:
	mov.l		%a0,%d0			# copy no. bytes
	mov.l		EXC_A0(%a6),%a0		# load current value
	add.l		%a0,%d0			# increment
	mov.l		%d0,EXC_A0(%a6)		# save incremented value

	mov.l		%a0,EXC_SAVVAL(%a6)	# save in case of access error
	mov.b		&0x0,EXC_SAVREG(%a6)	# save regno, too
	mov.b		&restore_flg,SPCOND_FLG(%a6) # set flag
	rts

addr_ind_p_a1:
	mov.l		%a0,%d0			# copy no. bytes
	mov.l		EXC_A1(%a6),%a0		# load current value
	add.l		%a0,%d0			# increment
	mov.l		%d0,EXC_A1(%a6)		# save incremented value

	mov.l		%a0,EXC_SAVVAL(%a6)	# save in case of access error
	mov.b		&0x1,EXC_SAVREG(%a6)	# save regno, too
	mov.b		&restore_flg,SPCOND_FLG(%a6) # set flag
	rts

addr_ind_p_a2:
	mov.l		%a0,%d0			# copy no. bytes
	mov.l		EXC_A2(%a6),%a0		# load current value
	add.l		%a0,%d0			# increment
	mov.l		%d0,EXC_A2(%a6)		# save incremented value

	mov.l		%a0,EXC_SAVVAL(%a6)	# save in case of access error
	mov.b		&0x2,EXC_SAVREG(%a6)	# save regno, too
	mov.b		&restore_flg,SPCOND_FLG(%a6) # set flag
	rts

addr_ind_p_a3:
	mov.l		%a0,%d0			# copy no. bytes
	mov.l		EXC_A3(%a6),%a0		# load current value
	add.l		%a0,%d0			# increment
	mov.l		%d0,EXC_A3(%a6)		# save incremented value

	mov.l		%a0,EXC_SAVVAL(%a6)	# save in case of access error
	mov.b		&0x3,EXC_SAVREG(%a6)	# save regno, too
	mov.b		&restore_flg,SPCOND_FLG(%a6) # set flag
	rts

addr_ind_p_a4:
	mov.l		%a0,%d0			# copy no. bytes
	mov.l		EXC_A4(%a6),%a0		# load current value
	add.l		%a0,%d0			# increment
	mov.l		%d0,EXC_A4(%a6)		# save incremented value

	mov.l		%a0,EXC_SAVVAL(%a6)	# save in case of access error
	mov.b		&0x4,EXC_SAVREG(%a6)	# save regno, too
	mov.b		&restore_flg,SPCOND_FLG(%a6) # set flag
	rts

addr_ind_p_a5:
	mov.l		%a0,%d0			# copy no. bytes
	mov.l		EXC_A5(%a6),%a0		# load current value
	add.l		%a0,%d0			# increment
	mov.l		%d0,EXC_A5(%a6)		# save incremented value

	mov.l		%a0,EXC_SAVVAL(%a6)	# save in case of access error
	mov.b		&0x5,EXC_SAVREG(%a6)	# save regno, too
	mov.b		&restore_flg,SPCOND_FLG(%a6) # set flag
	rts

addr_ind_p_a6:
	mov.l		%a0,%d0			# copy no. bytes
	mov.l		EXC_A6(%a6),%a0		# load current value
	add.l		%a0,%d0			# increment
	mov.l		%d0,EXC_A6(%a6)		# save incremented value

	mov.l		%a0,EXC_SAVVAL(%a6)	# save in case of access error
	mov.b		&0x6,EXC_SAVREG(%a6)	# save regno, too
	mov.b		&restore_flg,SPCOND_FLG(%a6) # set flag
	rts

addr_ind_p_a7:
	mov.b		&mia7_flg,SPCOND_FLG(%a6) # set "special case" flag

	mov.l		%a0,%d0			# copy no. bytes
	mov.l		EXC_A7(%a6),%a0		# load current value
	add.l		%a0,%d0			# increment
	mov.l		%d0,EXC_A7(%a6)		# save incremented value
	rts

####################################################
# Address register indirect w/ predecrement: -(An) #
####################################################
addr_ind_m_a0:
	mov.l		EXC_A0(%a6),%d0		# Get current a0
	mov.l		%d0,EXC_SAVVAL(%a6)	# save in case of access error
	sub.l		%a0,%d0			# Decrement
	mov.l		%d0,EXC_A0(%a6)		# Save decr value
	mov.l		%d0,%a0

	mov.b		&0x0,EXC_SAVREG(%a6)	# save regno, too
	mov.b		&restore_flg,SPCOND_FLG(%a6) # set flag
	rts

addr_ind_m_a1:
	mov.l		EXC_A1(%a6),%d0		# Get current a1
	mov.l		%d0,EXC_SAVVAL(%a6)	# save in case of access error
	sub.l		%a0,%d0			# Decrement
	mov.l		%d0,EXC_A1(%a6)		# Save decr value
	mov.l		%d0,%a0

	mov.b		&0x1,EXC_SAVREG(%a6)	# save regno, too
	mov.b		&restore_flg,SPCOND_FLG(%a6) # set flag
	rts

addr_ind_m_a2:
	mov.l		EXC_A2(%a6),%d0		# Get current a2
	mov.l		%d0,EXC_SAVVAL(%a6)	# save in case of access error
	sub.l		%a0,%d0			# Decrement
	mov.l		%d0,EXC_A2(%a6)		# Save decr value
	mov.l		%d0,%a0

	mov.b		&0x2,EXC_SAVREG(%a6)	# save regno, too
	mov.b		&restore_flg,SPCOND_FLG(%a6) # set flag
	rts

addr_ind_m_a3:
	mov.l		EXC_A3(%a6),%d0		# Get current a3
	mov.l		%d0,EXC_SAVVAL(%a6)	# save in case of access error
	sub.l		%a0,%d0			# Decrement
	mov.l		%d0,EXC_A3(%a6)		# Save decr value
	mov.l		%d0,%a0

	mov.b		&0x3,EXC_SAVREG(%a6)	# save regno, too
	mov.b		&restore_flg,SPCOND_FLG(%a6) # set flag
	rts

addr_ind_m_a4:
	mov.l		EXC_A4(%a6),%d0		# Get current a4
	mov.l		%d0,EXC_SAVVAL(%a6)	# save in case of access error
	sub.l		%a0,%d0			# Decrement
	mov.l		%d0,EXC_A4(%a6)		# Save decr value
	mov.l		%d0,%a0

	mov.b		&0x4,EXC_SAVREG(%a6)	# save regno, too
	mov.b		&restore_flg,SPCOND_FLG(%a6) # set flag
	rts

addr_ind_m_a5:
	mov.l		EXC_A5(%a6),%d0		# Get current a5
	mov.l		%d0,EXC_SAVVAL(%a6)	# save in case of access error
	sub.l		%a0,%d0			# Decrement
	mov.l		%d0,EXC_A5(%a6)		# Save decr value
	mov.l		%d0,%a0

	mov.b		&0x5,EXC_SAVREG(%a6)	# save regno, too
	mov.b		&restore_flg,SPCOND_FLG(%a6) # set flag
	rts

addr_ind_m_a6:
	mov.l		EXC_A6(%a6),%d0		# Get current a6
	mov.l		%d0,EXC_SAVVAL(%a6)	# save in case of access error
	sub.l		%a0,%d0			# Decrement
	mov.l		%d0,EXC_A6(%a6)		# Save decr value
	mov.l		%d0,%a0

	mov.b		&0x6,EXC_SAVREG(%a6)	# save regno, too
	mov.b		&restore_flg,SPCOND_FLG(%a6) # set flag
	rts

addr_ind_m_a7:
	mov.b		&mda7_flg,SPCOND_FLG(%a6) # set "special case" flag

	mov.l		EXC_A7(%a6),%d0		# Get current a7
	sub.l		%a0,%d0			# Decrement
	mov.l		%d0,EXC_A7(%a6)		# Save decr value
	mov.l		%d0,%a0
	rts

########################################################
# Address register indirect w/ displacement: (d16, An) #
########################################################
addr_ind_disp_a0:
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.w		%d0,%a0			# sign extend displacement
	add.l		EXC_A0(%a6),%a0		# a0 + d16
	rts

addr_ind_disp_a1:
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.w		%d0,%a0			# sign extend displacement
	add.l		EXC_A1(%a6),%a0		# a1 + d16
	rts

addr_ind_disp_a2:
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.w		%d0,%a0			# sign extend displacement
	add.l		EXC_A2(%a6),%a0		# a2 + d16
	rts

addr_ind_disp_a3:
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.w		%d0,%a0			# sign extend displacement
	add.l		EXC_A3(%a6),%a0		# a3 + d16
	rts

addr_ind_disp_a4:
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.w		%d0,%a0			# sign extend displacement
	add.l		EXC_A4(%a6),%a0		# a4 + d16
	rts

addr_ind_disp_a5:
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.w		%d0,%a0			# sign extend displacement
	add.l		EXC_A5(%a6),%a0		# a5 + d16
	rts

addr_ind_disp_a6:
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.w		%d0,%a0			# sign extend displacement
	add.l		EXC_A6(%a6),%a0		# a6 + d16
	rts

addr_ind_disp_a7:
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.w		%d0,%a0			# sign extend displacement
	add.l		EXC_A7(%a6),%a0		# a7 + d16
	rts

########################################################################
# Address register indirect w/ index(8-bit displacement): (dn, An, Xn) #
#    "       "         "    w/   "  (base displacement): (bd, An, Xn)  #
# Memory indirect postindexed: ([bd, An], Xn, od)		       #
# Memory indirect preindexed: ([bd, An, Xn], od)		       #
########################################################################
_addr_ind_ext:
	mov.l		%d1,-(%sp)

	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word		# fetch extword in d0

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.l		(%sp)+,%d1

	mov.l		(EXC_AREGS,%a6,%d1.w*4),%a0 # put base in a0

	btst		&0x8,%d0
	beq.b		addr_ind_index_8bit	# for ext word or not?

	movm.l		&0x3c00,-(%sp)		# save d2-d5

	mov.l		%d0,%d5			# put extword in d5
	mov.l		%a0,%d3			# put base in d3

	bra.l		calc_mem_ind		# calc memory indirect

addr_ind_index_8bit:
	mov.l		%d2,-(%sp)		# save old d2

	mov.l		%d0,%d1
	rol.w		&0x4,%d1
	andi.w		&0xf,%d1		# extract index regno

	mov.l		(EXC_DREGS,%a6,%d1.w*4),%d1 # fetch index reg value

	btst		&0xb,%d0		# is it word or long?
	bne.b		aii8_long
	ext.l		%d1			# sign extend word index
aii8_long:
	mov.l		%d0,%d2
	rol.w		&0x7,%d2
	andi.l		&0x3,%d2		# extract scale value

	lsl.l		%d2,%d1			# shift index by scale

	extb.l		%d0			# sign extend displacement
	add.l		%d1,%d0			# index + disp
	add.l		%d0,%a0			# An + (index + disp)

	mov.l		(%sp)+,%d2		# restore old d2
	rts

######################
# Immediate: #<data> #
#########################################################################
# word, long: <ea> of the data is the current extension word		#
#	pointer value. new extension word pointer is simply the old	#
#	plus the number of bytes in the data type(2 or 4).		#
#########################################################################
immediate:
	mov.b		&immed_flg,SPCOND_FLG(%a6) # set immediate flag

	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch extension word ptr
	rts

###########################
# Absolute short: (XXX).W #
###########################
abs_short:
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word		# fetch short address

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.w		%d0,%a0			# return <ea> in a0
	rts

##########################
# Absolute long: (XXX).L #
##########################
abs_long:
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x4,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_long		# fetch long address

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.l		%d0,%a0			# return <ea> in a0
	rts

#######################################################
# Program counter indirect w/ displacement: (d16, PC) #
#######################################################
pc_ind:
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word		# fetch word displacement

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.w		%d0,%a0			# sign extend displacement

	add.l		EXC_EXTWPTR(%a6),%a0	# pc + d16

# _imem_read_word() increased the extwptr by 2. need to adjust here.
	subq.l		&0x2,%a0		# adjust <ea>

	rts

##########################################################
# PC indirect w/ index(8-bit displacement): (d8, PC, An) #
# "     "     w/   "  (base displacement): (bd, PC, An)  #
# PC memory indirect postindexed: ([bd, PC], Xn, od)     #
# PC memory indirect preindexed: ([bd, PC, Xn], od)      #
##########################################################
pc_ind_ext:
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word		# fetch ext word

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.l		EXC_EXTWPTR(%a6),%a0	# put base in a0
	subq.l		&0x2,%a0		# adjust base

	btst		&0x8,%d0		# is disp only 8 bits?
	beq.b		pc_ind_index_8bit	# yes

# the indexed addressing mode uses a base displacement of size
# word or long
	movm.l		&0x3c00,-(%sp)		# save d2-d5

	mov.l		%d0,%d5			# put extword in d5
	mov.l		%a0,%d3			# put base in d3

	bra.l		calc_mem_ind		# calc memory indirect

pc_ind_index_8bit:
	mov.l		%d2,-(%sp)		# create a temp register

	mov.l		%d0,%d1			# make extword copy
	rol.w		&0x4,%d1		# rotate reg num into place
	andi.w		&0xf,%d1		# extract register number

	mov.l		(EXC_DREGS,%a6,%d1.w*4),%d1 # fetch index reg value

	btst		&0xb,%d0		# is index word or long?
	bne.b		pii8_long		# long
	ext.l		%d1			# sign extend word index
pii8_long:
	mov.l		%d0,%d2			# make extword copy
	rol.w		&0x7,%d2		# rotate scale value into place
	andi.l		&0x3,%d2		# extract scale value

	lsl.l		%d2,%d1			# shift index by scale

	extb.l		%d0			# sign extend displacement
	add.l		%d1,%d0			# index + disp
	add.l		%d0,%a0			# An + (index + disp)

	mov.l		(%sp)+,%d2		# restore temp register

	rts

# a5 = exc_extwptr	(global to uaeh)
# a4 = exc_opword	(global to uaeh)
# a3 = exc_dregs	(global to uaeh)

# d2 = index		(internal "     "    )
# d3 = base		(internal "     "    )
# d4 = od		(internal "     "    )
# d5 = extword		(internal "     "    )
calc_mem_ind:
	btst		&0x6,%d5		# is the index suppressed?
	beq.b		calc_index
	clr.l		%d2			# yes, so index = 0
	bra.b		base_supp_ck
calc_index:
	bfextu		%d5{&16:&4},%d2
	mov.l		(EXC_DREGS,%a6,%d2.w*4),%d2
	btst		&0xb,%d5		# is index word or long?
	bne.b		no_ext
	ext.l		%d2
no_ext:
	bfextu		%d5{&21:&2},%d0
	lsl.l		%d0,%d2
base_supp_ck:
	btst		&0x7,%d5		# is the bd suppressed?
	beq.b		no_base_sup
	clr.l		%d3
no_base_sup:
	bfextu		%d5{&26:&2},%d0	# get bd size
#	beq.l		_error			# if (size == 0) it's reserved
	cmpi.b		%d0,&2
	blt.b		no_bd
	beq.b		get_word_bd

	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x4,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_long

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	bra.b		chk_ind
get_word_bd:
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	ext.l		%d0			# sign extend bd

chk_ind:
	add.l		%d0,%d3			# base += bd
no_bd:
	bfextu		%d5{&30:&2},%d0		# is od suppressed?
	beq.w		aii_bd
	cmpi.b		%d0,&0x2
	blt.b		null_od
	beq.b		word_od

	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x4,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_long

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	bra.b		add_them

word_od:
	mov.l		EXC_EXTWPTR(%a6),%a0	# fetch instruction addr
	addq.l		&0x2,EXC_EXTWPTR(%a6)	# incr instruction ptr
	bsr.l		_imem_read_word

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	ext.l		%d0			# sign extend od
	bra.b		add_them

null_od:
	clr.l		%d0
add_them:
	mov.l		%d0,%d4
	btst		&0x2,%d5		# pre or post indexing?
	beq.b		pre_indexed

	mov.l		%d3,%a0
	bsr.l		_dmem_read_long

	tst.l		%d1			# dfetch error?
	bne.b		calc_ea_err		# yes

	add.l		%d2,%d0			# <ea> += index
	add.l		%d4,%d0			# <ea> += od
	bra.b		done_ea

pre_indexed:
	add.l		%d2,%d3			# preindexing
	mov.l		%d3,%a0
	bsr.l		_dmem_read_long

	tst.l		%d1			# ifetch error?
	bne.b		calc_ea_err		# yes

	add.l		%d4,%d0			# ea += od
	bra.b		done_ea

aii_bd:
	add.l		%d2,%d3			# ea = (base + bd) + index
	mov.l		%d3,%d0
done_ea:
	mov.l		%d0,%a0

	movm.l		(%sp)+,&0x003c		# restore d2-d5
	rts

# if dmem_read_long() returns a fail message in d1, the package
# must create an access error frame. here, we pass a skeleton fslw
# and the failing address to the routine that creates the new frame.
# FSLW:
#	read = true
#	size = longword
#	TM = data
#	software emulation error = true
calc_ea_err:
	mov.l		%d3,%a0			# pass failing address
	mov.l		&0x01010001,%d0		# pass fslw
	bra.l		isp_dacc

#########################################################################
# XDEF **************************************************************** #
#	_moveperipheral(): routine to emulate movep instruction		#
#									#
# XREF **************************************************************** #
#	_dmem_read_byte() - read byte from memory			#
#	_dmem_write_byte() - write byte to memory			#
#	isp_dacc() - handle data access error exception			#
#									#
# INPUT *************************************************************** #
#	none								#
#									#
# OUTPUT ************************************************************** #
#	If exiting through isp_dacc...					#
#		a0 = failing address					#
#		d0 = FSLW						#
#	else								#
#		none							#
#									#
# ALGORITHM ***********************************************************	#
#	Decode the movep instruction words stored at EXC_OPWORD and	#
# either read or write the required bytes from/to memory. Use the	#
# _dmem_{read,write}_byte() routines. If one of the memory routines	#
# returns a failing value, we must pass the failing address and	a FSLW	#
# to the _isp_dacc() routine.						#
#	Since this instruction is used to access peripherals, make sure	#
# to only access the required bytes.					#
#									#
#########################################################################

###########################
# movep.(w,l)	Dx,(d,Ay) #
# movep.(w,l)	(d,Ay),Dx #
###########################
	global		_moveperipheral
_moveperipheral:
	mov.w		EXC_OPWORD(%a6),%d1	# fetch the opcode word

	mov.b		%d1,%d0
	and.w		&0x7,%d0		# extract Ay from opcode word

	mov.l		(EXC_AREGS,%a6,%d0.w*4),%a0 # fetch ay

	add.w		EXC_EXTWORD(%a6),%a0	# add: an + sgn_ext(disp)

	btst		&0x7,%d1		# (reg 2 mem) or (mem 2 reg)
	beq.w		mem2reg

# reg2mem: fetch dx, then write it to memory
reg2mem:
	mov.w		%d1,%d0
	rol.w		&0x7,%d0
	and.w		&0x7,%d0		# extract Dx from opcode word

	mov.l		(EXC_DREGS,%a6,%d0.w*4), %d0 # fetch dx

	btst		&0x6,%d1		# word or long operation?
	beq.b		r2mwtrans

# a0 = dst addr
# d0 = Dx
r2mltrans:
	mov.l		%d0,%d2			# store data
	mov.l		%a0,%a2			# store addr
	rol.l		&0x8,%d2
	mov.l		%d2,%d0

	bsr.l		_dmem_write_byte	# os  : write hi

	tst.l		%d1			# dfetch error?
	bne.w		movp_write_err		# yes

	add.w		&0x2,%a2		# incr addr
	mov.l		%a2,%a0
	rol.l		&0x8,%d2
	mov.l		%d2,%d0

	bsr.l		_dmem_write_byte	# os  : write lo

	tst.l		%d1			# dfetch error?
	bne.w		movp_write_err		# yes

	add.w		&0x2,%a2		# incr addr
	mov.l		%a2,%a0
	rol.l		&0x8,%d2
	mov.l		%d2,%d0

	bsr.l		_dmem_write_byte	# os  : write lo

	tst.l		%d1			# dfetch error?
	bne.w		movp_write_err		# yes

	add.w		&0x2,%a2		# incr addr
	mov.l		%a2,%a0
	rol.l		&0x8,%d2
	mov.l		%d2,%d0

	bsr.l		_dmem_write_byte	# os  : write lo

	tst.l		%d1			# dfetch error?
	bne.w		movp_write_err		# yes

	rts

# a0 = dst addr
# d0 = Dx
r2mwtrans:
	mov.l		%d0,%d2			# store data
	mov.l		%a0,%a2			# store addr
	lsr.w		&0x8,%d0

	bsr.l		_dmem_write_byte	# os  : write hi

	tst.l		%d1			# dfetch error?
	bne.w		movp_write_err		# yes

	add.w		&0x2,%a2
	mov.l		%a2,%a0
	mov.l		%d2,%d0

	bsr.l		_dmem_write_byte	# os  : write lo

	tst.l		%d1			# dfetch error?
	bne.w		movp_write_err		# yes

	rts

# mem2reg: read bytes from memory.
# determines the dest register, and then writes the bytes into it.
mem2reg:
	btst		&0x6,%d1		# word or long operation?
	beq.b		m2rwtrans

# a0 = dst addr
m2rltrans:
	mov.l		%a0,%a2			# store addr

	bsr.l		_dmem_read_byte		# read first byte

	tst.l		%d1			# dfetch error?
	bne.w		movp_read_err		# yes

	mov.l		%d0,%d2

	add.w		&0x2,%a2		# incr addr by 2 bytes
	mov.l		%a2,%a0

	bsr.l		_dmem_read_byte		# read second byte

	tst.l		%d1			# dfetch error?
	bne.w		movp_read_err		# yes

	lsl.w		&0x8,%d2
	mov.b		%d0,%d2			# append bytes

	add.w		&0x2,%a2		# incr addr by 2 bytes
	mov.l		%a2,%a0

	bsr.l		_dmem_read_byte		# read second byte

	tst.l		%d1			# dfetch error?
	bne.w		movp_read_err		# yes

	lsl.l		&0x8,%d2
	mov.b		%d0,%d2			# append bytes

	add.w		&0x2,%a2		# incr addr by 2 bytes
	mov.l		%a2,%a0

	bsr.l		_dmem_read_byte		# read second byte

	tst.l		%d1			# dfetch error?
	bne.w		movp_read_err		# yes

	lsl.l		&0x8,%d2
	mov.b		%d0,%d2			# append bytes

	mov.b		EXC_OPWORD(%a6),%d1
	lsr.b		&0x1,%d1
	and.w		&0x7,%d1		# extract Dx from opcode word

	mov.l		%d2,(EXC_DREGS,%a6,%d1.w*4) # store dx

	rts

# a0 = dst addr
m2rwtrans:
	mov.l		%a0,%a2			# store addr

	bsr.l		_dmem_read_byte		# read first byte

	tst.l		%d1			# dfetch error?
	bne.w		movp_read_err		# yes

	mov.l		%d0,%d2

	add.w		&0x2,%a2		# incr addr by 2 bytes
	mov.l		%a2,%a0

	bsr.l		_dmem_read_byte		# read second byte

	tst.l		%d1			# dfetch error?
	bne.w		movp_read_err		# yes

	lsl.w		&0x8,%d2
	mov.b		%d0,%d2			# append bytes

	mov.b		EXC_OPWORD(%a6),%d1
	lsr.b		&0x1,%d1
	and.w		&0x7,%d1		# extract Dx from opcode word

	mov.w		%d2,(EXC_DREGS+2,%a6,%d1.w*4) # store dx

	rts

# if dmem_{read,write}_byte() returns a fail message in d1, the package
# must create an access error frame. here, we pass a skeleton fslw
# and the failing address to the routine that creates the new frame.
# FSLW:
#	write = true
#	size = byte
#	TM = data
#	software emulation error = true
movp_write_err:
	mov.l		%a2,%a0			# pass failing address
	mov.l		&0x00a10001,%d0		# pass fslw
	bra.l		isp_dacc

# FSLW:
#	read = true
#	size = byte
#	TM = data
#	software emulation error = true
movp_read_err:
	mov.l		%a2,%a0			# pass failing address
	mov.l		&0x01210001,%d0		# pass fslw
	bra.l		isp_dacc

#########################################################################
# XDEF ****************************************************************	#
#	_chk2_cmp2(): routine to emulate chk2/cmp2 instructions		#
#									#
# XREF ****************************************************************	#
#	_calc_ea(): calculate effective address				#
#	_dmem_read_long(): read operands				#
#	_dmem_read_word(): read operands				#
#	isp_dacc(): handle data access error exception			#
#									#
# INPUT ***************************************************************	#
#	none								#
#									#
# OUTPUT **************************************************************	#
#	If exiting through isp_dacc...					#
#		a0 = failing address					#
#		d0 = FSLW						#
#	else								#
#		none							#
#									#
# ALGORITHM ***********************************************************	#
#	First, calculate the effective address, then fetch the byte,	#
# word, or longword sized operands. Then, in the interest of		#
# simplicity, all operands are converted to longword size whether the	#
# operation is byte, word, or long. The bounds are sign extended	#
# accordingly. If Rn is a data register, Rn is also sign extended. If	#
# Rn is an address register, it need not be sign extended since the	#
# full register is always used.						#
#	The comparisons are made and the condition codes calculated.	#
# If the instruction is chk2 and the Rn value is out-of-bounds, set	#
# the ichk_flg in SPCOND_FLG.						#
#	If the memory fetch returns a failing value, pass the failing	#
# address and FSLW to the isp_dacc() routine.				#
#									#
#########################################################################

	global		_chk2_cmp2
_chk2_cmp2:

# passing size parameter doesn't matter since chk2 & cmp2 can't do
# either predecrement, postincrement, or immediate.
	bsr.l		_calc_ea		# calculate <ea>

	mov.b		EXC_EXTWORD(%a6), %d0	# fetch hi extension word
	rol.b		&0x4, %d0		# rotate reg bits into lo
	and.w		&0xf, %d0		# extract reg bits

	mov.l		(EXC_DREGS,%a6,%d0.w*4), %d2 # get regval

	cmpi.b		EXC_OPWORD(%a6), &0x2	# what size is operation?
	blt.b		chk2_cmp2_byte		# size == byte
	beq.b		chk2_cmp2_word		# size == word

# the bounds are longword size. call routine to read the lower
# bound into d0 and the higher bound into d1.
chk2_cmp2_long:
	mov.l		%a0,%a2			# save copy of <ea>
	bsr.l		_dmem_read_long		# fetch long lower bound

	tst.l		%d1			# dfetch error?
	bne.w		chk2_cmp2_err_l		# yes

	mov.l		%d0,%d3			# save long lower bound
	addq.l		&0x4,%a2
	mov.l		%a2,%a0			# pass <ea> of long upper bound
	bsr.l		_dmem_read_long		# fetch long upper bound

	tst.l		%d1			# dfetch error?
	bne.w		chk2_cmp2_err_l		# yes

	mov.l		%d0,%d1			# long upper bound in d1
	mov.l		%d3,%d0			# long lower bound in d0
	bra.w		chk2_cmp2_compare	# go do the compare emulation

# the bounds are word size. fetch them in one subroutine call by
# reading a longword. sign extend both. if it's a data operation,
# sign extend Rn to long, also.
chk2_cmp2_word:
	mov.l		%a0,%a2
	bsr.l		_dmem_read_long		# fetch 2 word bounds

	tst.l		%d1			# dfetch error?
	bne.w		chk2_cmp2_err_l		# yes

	mov.w		%d0, %d1		# place hi in %d1
	swap		%d0			# place lo in %d0

	ext.l		%d0			# sign extend lo bnd
	ext.l		%d1			# sign extend hi bnd

	btst		&0x7, EXC_EXTWORD(%a6)	# address compare?
	bne.w		chk2_cmp2_compare	# yes; don't sign extend

# operation is a data register compare.
# sign extend word to long so we can do simple longword compares.
	ext.l		%d2			# sign extend data word
	bra.w		chk2_cmp2_compare	# go emulate compare

# the bounds are byte size. fetch them in one subroutine call by
# reading a word. sign extend both. if it's a data operation,
# sign extend Rn to long, also.
chk2_cmp2_byte:
	mov.l		%a0,%a2
	bsr.l		_dmem_read_word		# fetch 2 byte bounds

	tst.l		%d1			# dfetch error?
	bne.w		chk2_cmp2_err_w		# yes

	mov.b		%d0, %d1		# place hi in %d1
	lsr.w		&0x8, %d0		# place lo in %d0

	extb.l		%d0			# sign extend lo bnd
	extb.l		%d1			# sign extend hi bnd

	btst		&0x7, EXC_EXTWORD(%a6)	# address compare?
	bne.b		chk2_cmp2_compare	# yes; don't sign extend

# operation is a data register compare.
# sign extend byte to long so we can do simple longword compares.
	extb.l		%d2			# sign extend data byte

#
# To set the ccodes correctly:
#	(1) save 'Z' bit from (Rn - lo)
#	(2) save 'Z' and 'N' bits from ((hi - lo) - (Rn - hi))
#	(3) keep 'X', 'N', and 'V' from before instruction
#	(4) combine ccodes
#
chk2_cmp2_compare:
	sub.l		%d0, %d2		# (Rn - lo)
	mov.w		%cc, %d3		# fetch resulting ccodes
	andi.b		&0x4, %d3		# keep 'Z' bit
	sub.l		%d0, %d1		# (hi - lo)
	cmp.l		%d1,%d2			# ((hi - lo) - (Rn - hi))

	mov.w		%cc, %d4		# fetch resulting ccodes
	or.b		%d4, %d3		# combine w/ earlier ccodes
	andi.b		&0x5, %d3		# keep 'Z' and 'N'

	mov.w		EXC_CC(%a6), %d4	# fetch old ccodes
	andi.b		&0x1a, %d4		# keep 'X','N','V' bits
	or.b		%d3, %d4		# insert new ccodes
	mov.w		%d4, EXC_CC(%a6)	# save new ccodes

	btst		&0x3, EXC_EXTWORD(%a6)	# separate chk2,cmp2
	bne.b		chk2_finish		# it's a chk2

	rts

# this code handles the only difference between chk2 and cmp2. chk2 would
# have trapped out if the value was out of bounds. we check this by seeing
# if the 'N' bit was set by the operation.
chk2_finish:
	btst		&0x0, %d4		# is 'N' bit set?
	bne.b		chk2_trap		# yes;chk2 should trap
	rts
chk2_trap:
	mov.b		&ichk_flg,SPCOND_FLG(%a6) # set "special case" flag
	rts

# if dmem_read_{long,word}() returns a fail message in d1, the package
# must create an access error frame. here, we pass a skeleton fslw
# and the failing address to the routine that creates the new frame.
# FSLW:
#	read = true
#	size = longword
#	TM = data
#	software emulation error = true
chk2_cmp2_err_l:
	mov.l		%a2,%a0			# pass failing address
	mov.l		&0x01010001,%d0		# pass fslw
	bra.l		isp_dacc

# FSLW:
#	read = true
#	size = word
#	TM = data
#	software emulation error = true
chk2_cmp2_err_w:
	mov.l		%a2,%a0			# pass failing address
	mov.l		&0x01410001,%d0		# pass fslw
	bra.l		isp_dacc

#########################################################################
# XDEF ****************************************************************	#
#	_div64(): routine to emulate div{u,s}.l <ea>,Dr:Dq		#
#							64/32->32r:32q	#
#									#
# XREF ****************************************************************	#
#	_calc_ea() - calculate effective address			#
#	isp_iacc() - handle instruction access error exception		#
#	isp_dacc() - handle data access error exception			#
#	isp_restore() - restore An on access error w/ -() or ()+	#
#									#
# INPUT ***************************************************************	#
#	none								#
#									#
# OUTPUT **************************************************************	#
#	If exiting through isp_dacc...					#
#		a0 = failing address					#
#		d0 = FSLW						#
#	else								#
#		none							#
#									#
# ALGORITHM ***********************************************************	#
#	First, decode the operand location. If it's in Dn, fetch from	#
# the stack. If it's in memory, use _calc_ea() to calculate the		#
# effective address. Use _dmem_read_long() to fetch at that address.	#
# Unless the operand is immediate data. Then use _imem_read_long().	#
# Send failures to isp_dacc() or isp_iacc() as appropriate.		#
#	If the operands are signed, make them unsigned and save	the	#
# sign info for later. Separate out special cases like divide-by-zero	#
# or 32-bit divides if possible. Else, use a special math algorithm	#
# to calculate the result.						#
#	Restore sign info if signed instruction. Set the condition	#
# codes. Set idbyz_flg in SPCOND_FLG if divisor was zero. Store the	#
# quotient and remainder in the appropriate data registers on the stack.#
#									#
#########################################################################

set	NDIVISOR,	EXC_TEMP+0x0
set	NDIVIDEND,	EXC_TEMP+0x1
set	NDRSAVE,	EXC_TEMP+0x2
set	NDQSAVE,	EXC_TEMP+0x4
set	DDSECOND,	EXC_TEMP+0x6
set	DDQUOTIENT,	EXC_TEMP+0x8
set	DDNORMAL,	EXC_TEMP+0xc

	global		_div64
#############
# div(u,s)l #
#############
_div64:
	mov.b		EXC_OPWORD+1(%a6), %d0
	andi.b		&0x38, %d0		# extract src mode

	bne.w		dcontrolmodel_s		# %dn dest or control mode?

	mov.b		EXC_OPWORD+1(%a6), %d0	# extract Dn from opcode
	andi.w		&0x7, %d0
	mov.l		(EXC_DREGS,%a6,%d0.w*4), %d7 # fetch divisor from register

dgotsrcl:
	beq.w		div64eq0		# divisor is = 0!!!

	mov.b		EXC_EXTWORD+1(%a6), %d0	# extract Dr from extword
	mov.b		EXC_EXTWORD(%a6), %d1	# extract Dq from extword
	and.w		&0x7, %d0
	lsr.b		&0x4, %d1
	and.w		&0x7, %d1
	mov.w		%d0, NDRSAVE(%a6)	# save Dr for later
	mov.w		%d1, NDQSAVE(%a6)	# save Dq for later

# fetch %dr and %dq directly off stack since all regs are saved there
	mov.l		(EXC_DREGS,%a6,%d0.w*4), %d5 # get dividend hi
	mov.l		(EXC_DREGS,%a6,%d1.w*4), %d6 # get dividend lo

# separate signed and unsigned divide
	btst		&0x3, EXC_EXTWORD(%a6)	# signed or unsigned?
	beq.b		dspecialcases		# use positive divide

# save the sign of the divisor
# make divisor unsigned if it's negative
	tst.l		%d7			# chk sign of divisor
	slt		NDIVISOR(%a6)		# save sign of divisor
	bpl.b		dsgndividend
	neg.l		%d7			# complement negative divisor

# save the sign of the dividend
# make dividend unsigned if it's negative
dsgndividend:
	tst.l		%d5			# chk sign of hi(dividend)
	slt		NDIVIDEND(%a6)		# save sign of dividend
	bpl.b		dspecialcases

	mov.w		&0x0, %cc		# clear 'X' cc bit
	negx.l		%d6			# complement signed dividend
	negx.l		%d5

# extract some special cases:
#	- is (dividend == 0) ?
#	- is (hi(dividend) == 0 && (divisor <= lo(dividend))) ? (32-bit div)
dspecialcases:
	tst.l		%d5			# is (hi(dividend) == 0)
	bne.b		dnormaldivide		# no, so try it the long way

	tst.l		%d6			# is (lo(dividend) == 0), too
	beq.w		ddone			# yes, so (dividend == 0)

	cmp.l		%d7,%d6			# is (divisor <= lo(dividend))
	bls.b		d32bitdivide		# yes, so use 32 bit divide

	exg		%d5,%d6			# q = 0, r = dividend
	bra.w		divfinish		# can't divide, we're done.

d32bitdivide:
	tdivu.l		%d7, %d5:%d6		# it's only a 32/32 bit div!

	bra.b		divfinish

dnormaldivide:
# last special case:
#	- is hi(dividend) >= divisor ? if yes, then overflow
	cmp.l		%d7,%d5
	bls.b		ddovf			# answer won't fit in 32 bits

# perform the divide algorithm:
	bsr.l		dclassical		# do int divide

# separate into signed and unsigned finishes.
divfinish:
	btst		&0x3, EXC_EXTWORD(%a6)	# do divs, divu separately
	beq.b		ddone			# divu has no processing!!!

# it was a divs.l, so ccode setting is a little more complicated...
	tst.b		NDIVIDEND(%a6)		# remainder has same sign
	beq.b		dcc			# as dividend.
	neg.l		%d5			# sgn(rem) = sgn(dividend)
dcc:
	mov.b		NDIVISOR(%a6), %d0
	eor.b		%d0, NDIVIDEND(%a6)	# chk if quotient is negative
	beq.b		dqpos			# branch to quot positive

# 0x80000000 is the largest number representable as a 32-bit negative
# number. the negative of 0x80000000 is 0x80000000.
	cmpi.l		%d6, &0x80000000	# will (-quot) fit in 32 bits?
	bhi.b		ddovf

	neg.l		%d6			# make (-quot) 2's comp

	bra.b		ddone

dqpos:
	btst		&0x1f, %d6		# will (+quot) fit in 32 bits?
	bne.b		ddovf

ddone:
# at this point, result is normal so ccodes are set based on result.
	mov.w		EXC_CC(%a6), %cc
	tst.l		%d6			# set %ccode bits
	mov.w		%cc, EXC_CC(%a6)

	mov.w		NDRSAVE(%a6), %d0	# get Dr off stack
	mov.w		NDQSAVE(%a6), %d1	# get Dq off stack

# if the register numbers are the same, only the quotient gets saved.
# so, if we always save the quotient second, we save ourselves a cmp&beq
	mov.l		%d5, (EXC_DREGS,%a6,%d0.w*4) # save remainder
	mov.l		%d6, (EXC_DREGS,%a6,%d1.w*4) # save quotient

	rts

ddovf:
	bset		&0x1, EXC_CC+1(%a6)	# 'V' set on overflow
	bclr		&0x0, EXC_CC+1(%a6)	# 'C' cleared on overflow

	rts

div64eq0:
	andi.b		&0x1e, EXC_CC+1(%a6)	# clear 'C' bit on divbyzero
	ori.b		&idbyz_flg,SPCOND_FLG(%a6) # set "special case" flag
	rts

###########################################################################
#########################################################################
# This routine uses the 'classical' Algorithm D from Donald Knuth's	#
# Art of Computer Programming, vol II, Seminumerical Algorithms.	#
# For this implementation b=2**16, and the target is U1U2U3U4/V1V2,	#
# where U,V are words of the quadword dividend and longword divisor,	#
# and U1, V1 are the most significant words.				#
#									#
# The most sig. longword of the 64 bit dividend must be in %d5, least	#
# in %d6. The divisor must be in the variable ddivisor, and the		#
# signed/unsigned flag ddusign must be set (0=unsigned,1=signed).	#
# The quotient is returned in %d6, remainder in %d5, unless the		#
# v (overflow) bit is set in the saved %ccr. If overflow, the dividend	#
# is unchanged.								#
#########################################################################
dclassical:
# if the divisor msw is 0, use simpler algorithm then the full blown
# one at ddknuth:

	cmpi.l		%d7, &0xffff
	bhi.b		ddknuth			# go use D. Knuth algorithm

# Since the divisor is only a word (and larger than the mslw of the dividend),
# a simpler algorithm may be used :
# In the general case, four quotient words would be created by
# dividing the divisor word into each dividend word. In this case,
# the first two quotient words must be zero, or overflow would occur.
# Since we already checked this case above, we can treat the most significant
# longword of the dividend as (0) remainder (see Knuth) and merely complete
# the last two divisions to get a quotient longword and word remainder:

	clr.l		%d1
	swap		%d5			# same as r*b if previous step rqd
	swap		%d6			# get u3 to lsw position
	mov.w		%d6, %d5		# rb + u3

	divu.w		%d7, %d5

	mov.w		%d5, %d1		# first quotient word
	swap		%d6			# get u4
	mov.w		%d6, %d5		# rb + u4

	divu.w		%d7, %d5

	swap		%d1
	mov.w		%d5, %d1		# 2nd quotient 'digit'
	clr.w		%d5
	swap		%d5			# now remainder
	mov.l		%d1, %d6		# and quotient

	rts

ddknuth:
# In this algorithm, the divisor is treated as a 2 digit (word) number
# which is divided into a 3 digit (word) dividend to get one quotient
# digit (word). After subtraction, the dividend is shifted and the
# process repeated. Before beginning, the divisor and quotient are
# 'normalized' so that the process of estimating the quotient digit
# will yield verifiably correct results..

	clr.l		DDNORMAL(%a6)		# count of shifts for normalization
	clr.b		DDSECOND(%a6)		# clear flag for quotient digits
	clr.l		%d1			# %d1 will hold trial quotient
ddnchk:
	btst		&31, %d7		# must we normalize? first word of
	bne.b		ddnormalized		# divisor (V1) must be >= 65536/2
	addq.l		&0x1, DDNORMAL(%a6)	# count normalization shifts
	lsl.l		&0x1, %d7		# shift the divisor
	lsl.l		&0x1, %d6		# shift u4,u3 with overflow to u2
	roxl.l		&0x1, %d5		# shift u1,u2
	bra.w		ddnchk
ddnormalized:

# Now calculate an estimate of the quotient words (msw first, then lsw).
# The comments use subscripts for the first quotient digit determination.
	mov.l		%d7, %d3		# divisor
	mov.l		%d5, %d2		# dividend mslw
	swap		%d2
	swap		%d3
	cmp.w		%d2, %d3		# V1 = U1 ?
	bne.b		ddqcalc1
	mov.w		&0xffff, %d1		# use max trial quotient word
	bra.b		ddadj0
ddqcalc1:
	mov.l		%d5, %d1

	divu.w		%d3, %d1		# use quotient of mslw/msw

	andi.l		&0x0000ffff, %d1	# zero any remainder
ddadj0:

# now test the trial quotient and adjust. This step plus the
# normalization assures (according to Knuth) that the trial
# quotient will be at worst 1 too large.
	mov.l		%d6, -(%sp)
	clr.w		%d6			# word u3 left
	swap		%d6			# in lsw position
ddadj1: mov.l		%d7, %d3
	mov.l		%d1, %d2
	mulu.w		%d7, %d2		# V2q
	swap		%d3
	mulu.w		%d1, %d3		# V1q
	mov.l		%d5, %d4		# U1U2
	sub.l		%d3, %d4		# U1U2 - V1q

	swap		%d4

	mov.w		%d4,%d0
	mov.w		%d6,%d4			# insert lower word (U3)

	tst.w		%d0			# is upper word set?
	bne.w		ddadjd1

#	add.l		%d6, %d4		# (U1U2 - V1q) + U3

	cmp.l		%d2, %d4
	bls.b		ddadjd1			# is V2q > (U1U2-V1q) + U3 ?
	subq.l		&0x1, %d1		# yes, decrement and recheck
	bra.b		ddadj1
ddadjd1:
# now test the word by multiplying it by the divisor (V1V2) and comparing
# the 3 digit (word) result with the current dividend words
	mov.l		%d5, -(%sp)		# save %d5 (%d6 already saved)
	mov.l		%d1, %d6
	swap		%d6			# shift answer to ms 3 words
	mov.l		%d7, %d5
	bsr.l		dmm2
	mov.l		%d5, %d2		# now %d2,%d3 are trial*divisor
	mov.l		%d6, %d3
	mov.l		(%sp)+, %d5		# restore dividend
	mov.l		(%sp)+, %d6
	sub.l		%d3, %d6
	subx.l		%d2, %d5		# subtract double precision
	bcc		dd2nd			# no carry, do next quotient digit
	subq.l		&0x1, %d1		# q is one too large
# need to add back divisor longword to current ms 3 digits of dividend
# - according to Knuth, this is done only 2 out of 65536 times for random
# divisor, dividend selection.
	clr.l		%d2
	mov.l		%d7, %d3
	swap		%d3
	clr.w		%d3			# %d3 now ls word of divisor
	add.l		%d3, %d6		# aligned with 3rd word of dividend
	addx.l		%d2, %d5
	mov.l		%d7, %d3
	clr.w		%d3			# %d3 now ms word of divisor
	swap		%d3			# aligned with 2nd word of dividend
	add.l		%d3, %d5
dd2nd:
	tst.b		DDSECOND(%a6)		# both q words done?
	bne.b		ddremain
# first quotient digit now correct. store digit and shift the
# (subtracted) dividend
	mov.w		%d1, DDQUOTIENT(%a6)
	clr.l		%d1
	swap		%d5
	swap		%d6
	mov.w		%d6, %d5
	clr.w		%d6
	st		DDSECOND(%a6)		# second digit
	bra.w		ddnormalized
ddremain:
# add 2nd word to quotient, get the remainder.
	mov.w		%d1, DDQUOTIENT+2(%a6)
# shift down one word/digit to renormalize remainder.
	mov.w		%d5, %d6
	swap		%d6
	swap		%d5
	mov.l		DDNORMAL(%a6), %d7	# get norm shift count
	beq.b		ddrn
	subq.l		&0x1, %d7		# set for loop count
ddnlp:
	lsr.l		&0x1, %d5		# shift into %d6
	roxr.l		&0x1, %d6
	dbf		%d7, ddnlp
ddrn:
	mov.l		%d6, %d5		# remainder
	mov.l		DDQUOTIENT(%a6), %d6	# quotient

	rts
dmm2:
# factors for the 32X32->64 multiplication are in %d5 and %d6.
# returns 64 bit result in %d5 (hi) %d6(lo).
# destroys %d2,%d3,%d4.

# multiply hi,lo words of each factor to get 4 intermediate products
	mov.l		%d6, %d2
	mov.l		%d6, %d3
	mov.l		%d5, %d4
	swap		%d3
	swap		%d4
	mulu.w		%d5, %d6		# %d6 <- lsw*lsw
	mulu.w		%d3, %d5		# %d5 <- msw-dest*lsw-source
	mulu.w		%d4, %d2		# %d2 <- msw-source*lsw-dest
	mulu.w		%d4, %d3		# %d3 <- msw*msw
# now use swap and addx to consolidate to two longwords
	clr.l		%d4
	swap		%d6
	add.w		%d5, %d6		# add msw of l*l to lsw of m*l product
	addx.w		%d4, %d3		# add any carry to m*m product
	add.w		%d2, %d6		# add in lsw of other m*l product
	addx.w		%d4, %d3		# add any carry to m*m product
	swap		%d6			# %d6 is low 32 bits of final product
	clr.w		%d5
	clr.w		%d2			# lsw of two mixed products used,
	swap		%d5			# now use msws of longwords
	swap		%d2
	add.l		%d2, %d5
	add.l		%d3, %d5		# %d5 now ms 32 bits of final product
	rts

##########
dcontrolmodel_s:
	movq.l		&LONG,%d0
	bsr.l		_calc_ea		# calc <ea>

	cmpi.b		SPCOND_FLG(%a6),&immed_flg # immediate addressing mode?
	beq.b		dimmed			# yes

	mov.l		%a0,%a2
	bsr.l		_dmem_read_long		# fetch divisor from <ea>

	tst.l		%d1			# dfetch error?
	bne.b		div64_err		# yes

	mov.l		%d0, %d7
	bra.w		dgotsrcl

# we have to split out immediate data here because it must be read using
# imem_read() instead of dmem_read(). this becomes especially important
# if the fetch runs into some deadly fault.
dimmed:
	addq.l		&0x4,EXC_EXTWPTR(%a6)
	bsr.l		_imem_read_long		# read immediate value

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.l		%d0,%d7
	bra.w		dgotsrcl

##########

# if dmem_read_long() returns a fail message in d1, the package
# must create an access error frame. here, we pass a skeleton fslw
# and the failing address to the routine that creates the new frame.
# also, we call isp_restore in case the effective addressing mode was
# (an)+ or -(an) in which case the previous "an" value must be restored.
# FSLW:
#	read = true
#	size = longword
#	TM = data
#	software emulation error = true
div64_err:
	bsr.l		isp_restore		# restore addr reg
	mov.l		%a2,%a0			# pass failing address
	mov.l		&0x01010001,%d0		# pass fslw
	bra.l		isp_dacc

#########################################################################
# XDEF ****************************************************************	#
#	_mul64(): routine to emulate mul{u,s}.l <ea>,Dh:Dl 32x32->64	#
#									#
# XREF ****************************************************************	#
#	_calc_ea() - calculate effective address			#
#	isp_iacc() - handle instruction access error exception		#
#	isp_dacc() - handle data access error exception			#
#	isp_restore() - restore An on access error w/ -() or ()+	#
#									#
# INPUT ***************************************************************	#
#	none								#
#									#
# OUTPUT **************************************************************	#
#	If exiting through isp_dacc...					#
#		a0 = failing address					#
#		d0 = FSLW						#
#	else								#
#		none							#
#									#
# ALGORITHM ***********************************************************	#
#	First, decode the operand location. If it's in Dn, fetch from	#
# the stack. If it's in memory, use _calc_ea() to calculate the		#
# effective address. Use _dmem_read_long() to fetch at that address.	#
# Unless the operand is immediate data. Then use _imem_read_long().	#
# Send failures to isp_dacc() or isp_iacc() as appropriate.		#
#	If the operands are signed, make them unsigned and save the	#
# sign info for later. Perform the multiplication using 16x16->32	#
# unsigned multiplies and "add" instructions. Store the high and low	#
# portions of the result in the appropriate data registers on the	#
# stack. Calculate the condition codes, also.				#
#									#
#########################################################################

#############
# mul(u,s)l #
#############
	global		_mul64
_mul64:
	mov.b		EXC_OPWORD+1(%a6), %d0	# extract src {mode,reg}
	cmpi.b		%d0, &0x7		# is src mode Dn or other?
	bgt.w		mul64_memop		# src is in memory

# multiplier operand in the data register file.
# must extract the register number and fetch the operand from the stack.
mul64_regop:
	andi.w		&0x7, %d0		# extract Dn
	mov.l		(EXC_DREGS,%a6,%d0.w*4), %d3 # fetch multiplier

# multiplier is in %d3. now, extract Dl and Dh fields and fetch the
# multiplicand from the data register specified by Dl.
mul64_multiplicand:
	mov.w		EXC_EXTWORD(%a6), %d2	# fetch ext word
	clr.w		%d1			# clear Dh reg
	mov.b		%d2, %d1		# grab Dh
	rol.w		&0x4, %d2		# align Dl byte
	andi.w		&0x7, %d2		# extract Dl

	mov.l		(EXC_DREGS,%a6,%d2.w*4), %d4 # get multiplicand

# check for the case of "zero" result early
	tst.l		%d4			# test multiplicand
	beq.w		mul64_zero		# handle zero separately
	tst.l		%d3			# test multiplier
	beq.w		mul64_zero		# handle zero separately

# multiplier is in %d3 and multiplicand is in %d4.
# if the operation is to be signed, then the operands are converted
# to unsigned and the result sign is saved for the end.
	clr.b		EXC_TEMP(%a6)		# clear temp space
	btst		&0x3, EXC_EXTWORD(%a6)	# signed or unsigned?
	beq.b		mul64_alg		# unsigned; skip sgn calc

	tst.l		%d3			# is multiplier negative?
	bge.b		mul64_chk_md_sgn	# no
	neg.l		%d3			# make multiplier positive
	ori.b		&0x1, EXC_TEMP(%a6)	# save multiplier sgn

# the result sign is the exclusive or of the operand sign bits.
mul64_chk_md_sgn:
	tst.l		%d4			# is multiplicand negative?
	bge.b		mul64_alg		# no
	neg.l		%d4			# make multiplicand positive
	eori.b		&0x1, EXC_TEMP(%a6)	# calculate correct sign

#########################################################################
#	63			   32				0	#
#	----------------------------					#
#	| hi(mplier) * hi(mplicand)|					#
#	----------------------------					#
#		     -----------------------------			#
#		     | hi(mplier) * lo(mplicand) |			#
#		     -----------------------------			#
#		     -----------------------------			#
#		     | lo(mplier) * hi(mplicand) |			#
#		     -----------------------------			#
#	  |			   -----------------------------	#
#	--|--			   | lo(mplier) * lo(mplicand) |	#
#	  |			   -----------------------------	#
#	========================================================	#
#	--------------------------------------------------------	#
#	|	hi(result)	   |	    lo(result)         |	#
#	--------------------------------------------------------	#
#########################################################################
mul64_alg:
# load temp registers with operands
	mov.l		%d3, %d5		# mr in %d5
	mov.l		%d3, %d6		# mr in %d6
	mov.l		%d4, %d7		# md in %d7
	swap		%d6			# hi(mr) in lo %d6
	swap		%d7			# hi(md) in lo %d7

# complete necessary multiplies:
	mulu.w		%d4, %d3		# [1] lo(mr) * lo(md)
	mulu.w		%d6, %d4		# [2] hi(mr) * lo(md)
	mulu.w		%d7, %d5		# [3] lo(mr) * hi(md)
	mulu.w		%d7, %d6		# [4] hi(mr) * hi(md)

# add lo portions of [2],[3] to hi portion of [1].
# add carries produced from these adds to [4].
# lo([1]) is the final lo 16 bits of the result.
	clr.l		%d7			# load %d7 w/ zero value
	swap		%d3			# hi([1]) <==> lo([1])
	add.w		%d4, %d3		# hi([1]) + lo([2])
	addx.l		%d7, %d6		#    [4]  + carry
	add.w		%d5, %d3		# hi([1]) + lo([3])
	addx.l		%d7, %d6		#    [4]  + carry
	swap		%d3			# lo([1]) <==> hi([1])

# lo portions of [2],[3] have been added in to final result.
# now, clear lo, put hi in lo reg, and add to [4]
	clr.w		%d4			# clear lo([2])
	clr.w		%d5			# clear hi([3])
	swap		%d4			# hi([2]) in lo %d4
	swap		%d5			# hi([3]) in lo %d5
	add.l		%d5, %d4		#    [4]  + hi([2])
	add.l		%d6, %d4		#    [4]  + hi([3])

# unsigned result is now in {%d4,%d3}
	tst.b		EXC_TEMP(%a6)		# should result be signed?
	beq.b		mul64_done		# no

# result should be a signed negative number.
# compute 2's complement of the unsigned number:
#   -negate all bits and add 1
mul64_neg:
	not.l		%d3			# negate lo(result) bits
	not.l		%d4			# negate hi(result) bits
	addq.l		&1, %d3			# add 1 to lo(result)
	addx.l		%d7, %d4		# add carry to hi(result)

# the result is saved to the register file.
# for '040 compatibility, if Dl == Dh then only the hi(result) is
# saved. so, saving hi after lo accomplishes this without need to
# check Dl,Dh equality.
mul64_done:
	mov.l		%d3, (EXC_DREGS,%a6,%d2.w*4) # save lo(result)
	mov.w		&0x0, %cc
	mov.l		%d4, (EXC_DREGS,%a6,%d1.w*4) # save hi(result)

# now, grab the condition codes. only one that can be set is 'N'.
# 'N' CAN be set if the operation is unsigned if bit 63 is set.
	mov.w		%cc, %d7		# fetch %ccr to see if 'N' set
	andi.b		&0x8, %d7		# extract 'N' bit

mul64_ccode_set:
	mov.b		EXC_CC+1(%a6), %d6	# fetch previous %ccr
	andi.b		&0x10, %d6		# all but 'X' bit changes

	or.b		%d7, %d6		# group 'X' and 'N'
	mov.b		%d6, EXC_CC+1(%a6)	# save new %ccr

	rts

# one or both of the operands is zero so the result is also zero.
# save the zero result to the register file and set the 'Z' ccode bit.
mul64_zero:
	clr.l		(EXC_DREGS,%a6,%d2.w*4) # save lo(result)
	clr.l		(EXC_DREGS,%a6,%d1.w*4) # save hi(result)

	movq.l		&0x4, %d7		# set 'Z' ccode bit
	bra.b		mul64_ccode_set		# finish ccode set

##########

# multiplier operand is in memory at the effective address.
# must calculate the <ea> and go fetch the 32-bit operand.
mul64_memop:
	movq.l		&LONG, %d0		# pass # of bytes
	bsr.l		_calc_ea		# calculate <ea>

	cmpi.b		SPCOND_FLG(%a6),&immed_flg # immediate addressing mode?
	beq.b		mul64_immed		# yes

	mov.l		%a0,%a2
	bsr.l		_dmem_read_long		# fetch src from addr (%a0)

	tst.l		%d1			# dfetch error?
	bne.w		mul64_err		# yes

	mov.l		%d0, %d3		# store multiplier in %d3

	bra.w		mul64_multiplicand

# we have to split out immediate data here because it must be read using
# imem_read() instead of dmem_read(). this becomes especially important
# if the fetch runs into some deadly fault.
mul64_immed:
	addq.l		&0x4,EXC_EXTWPTR(%a6)
	bsr.l		_imem_read_long		# read immediate value

	tst.l		%d1			# ifetch error?
	bne.l		isp_iacc		# yes

	mov.l		%d0,%d3
	bra.w		mul64_multiplicand

##########

# if dmem_read_long() returns a fail message in d1, the package
# must create an access error frame. here, we pass a skeleton fslw
# and the failing address to the routine that creates the new frame.
# also, we call isp_restore in case the effective addressing mode was
# (an)+ or -(an) in which case the previous "an" value must be restored.
# FSLW:
#	read = true
#	size = longword
#	TM = data
#	software emulation error = true
mul64_err:
	bsr.l		isp_restore		# restore addr reg
	mov.l		%a2,%a0			# pass failing address
	mov.l		&0x01010001,%d0		# pass fslw
	bra.l		isp_dacc

#########################################################################
# XDEF ****************************************************************	#
#	_compandset2(): routine to emulate cas2()			#
#			(internal to package)				#
#									#
#	_isp_cas2_finish(): store ccodes, store compare regs		#
#			    (external to package)			#
#									#
# XREF ****************************************************************	#
#	_real_lock_page() - "callout" to lock op's page from page-outs	#
#	_cas_terminate2() - access error exit				#
#	_real_cas2() - "callout" to core cas2 emulation code		#
#	_real_unlock_page() - "callout" to unlock page			#
#									#
# INPUT ***************************************************************	#
# _compandset2():							#
#	d0 = instruction extension word					#
#									#
# _isp_cas2_finish():							#
#	see cas2 core emulation code					#
#									#
# OUTPUT **************************************************************	#
# _compandset2():							#
#	see cas2 core emulation code					#
#									#
# _isp_cas_finish():							#
#	None (register file or memroy changed as appropriate)		#
#									#
# ALGORITHM ***********************************************************	#
# compandset2():							#
#	Decode the instruction and fetch the appropriate Update and	#
# Compare operands. Then call the "callout" _real_lock_page() for each	#
# memory operand address so that the operating system can keep these	#
# pages from being paged out. If either _real_lock_page() fails, exit	#
# through _cas_terminate2(). Don't forget to unlock the 1st locked page	#
# using _real_unlock_paged() if the 2nd lock-page fails.		#
# Finally, branch to the core cas2 emulation code by calling the	#
# "callout" _real_cas2().						#
#									#
# _isp_cas2_finish():							#
#	Re-perform the comparison so we can determine the condition	#
# codes which were too much trouble to keep around during the locked	#
# emulation. Then unlock each operands page by calling the "callout"	#
# _real_unlock_page().							#
#									#
#########################################################################

set ADDR1,	EXC_TEMP+0xc
set ADDR2,	EXC_TEMP+0x0
set DC2,	EXC_TEMP+0xa
set DC1,	EXC_TEMP+0x8

	global		_compandset2
_compandset2:
	mov.l		%d0,EXC_TEMP+0x4(%a6)		# store for possible restart
	mov.l		%d0,%d1			# extension word in d0

	rol.w		&0x4,%d0
	andi.w		&0xf,%d0		# extract Rn2
	mov.l		(EXC_DREGS,%a6,%d0.w*4),%a1 # fetch ADDR2
	mov.l		%a1,ADDR2(%a6)

	mov.l		%d1,%d0

	lsr.w		&0x6,%d1
	andi.w		&0x7,%d1		# extract Du2
	mov.l		(EXC_DREGS,%a6,%d1.w*4),%d5 # fetch Update2 Op

	andi.w		&0x7,%d0		# extract Dc2
	mov.l		(EXC_DREGS,%a6,%d0.w*4),%d3 # fetch Compare2 Op
	mov.w		%d0,DC2(%a6)

	mov.w		EXC_EXTWORD(%a6),%d0
	mov.l		%d0,%d1

	rol.w		&0x4,%d0
	andi.w		&0xf,%d0		# extract Rn1
	mov.l		(EXC_DREGS,%a6,%d0.w*4),%a0 # fetch ADDR1
	mov.l		%a0,ADDR1(%a6)

	mov.l		%d1,%d0

	lsr.w		&0x6,%d1
	andi.w		&0x7,%d1		# extract Du1
	mov.l		(EXC_DREGS,%a6,%d1.w*4),%d4 # fetch Update1 Op

	andi.w		&0x7,%d0		# extract Dc1
	mov.l		(EXC_DREGS,%a6,%d0.w*4),%d2 # fetch Compare1 Op
	mov.w		%d0,DC1(%a6)

	btst		&0x1,EXC_OPWORD(%a6)	# word or long?
	sne		%d7

	btst		&0x5,EXC_ISR(%a6)	# user or supervisor?
	sne		%d6

	mov.l		%a0,%a2
	mov.l		%a1,%a3

	mov.l		%d7,%d1			# pass size
	mov.l		%d6,%d0			# pass mode
	bsr.l		_real_lock_page		# lock page
	mov.l		%a2,%a0
	tst.l		%d0			# error?
	bne.l		_cas_terminate2		# yes

	mov.l		%d7,%d1			# pass size
	mov.l		%d6,%d0			# pass mode
	mov.l		%a3,%a0			# pass addr
	bsr.l		_real_lock_page		# lock page
	mov.l		%a3,%a0
	tst.l		%d0			# error?
	bne.b		cas_preterm		# yes

	mov.l		%a2,%a0
	mov.l		%a3,%a1

	bra.l		_real_cas2

# if the 2nd lock attempt fails, then we must still unlock the
# first page(s).
cas_preterm:
	mov.l		%d0,-(%sp)		# save FSLW
	mov.l		%d7,%d1			# pass size
	mov.l		%d6,%d0			# pass mode
	mov.l		%a2,%a0			# pass ADDR1
	bsr.l		_real_unlock_page	# unlock first page(s)
	mov.l		(%sp)+,%d0		# restore FSLW
	mov.l		%a3,%a0			# pass failing addr
	bra.l		_cas_terminate2

#############################################################

	global		_isp_cas2_finish
_isp_cas2_finish:
	btst		&0x1,EXC_OPWORD(%a6)
	bne.b		cas2_finish_l

	mov.w		EXC_CC(%a6),%cc		# load old ccodes
	cmp.w		%d0,%d2
	bne.b		cas2_finish_w_save
	cmp.w		%d1,%d3
cas2_finish_w_save:
	mov.w		%cc,EXC_CC(%a6)		# save new ccodes

	tst.b		%d4			# update compare reg?
	bne.b		cas2_finish_w_done	# no

	mov.w		DC2(%a6),%d3		# fetch Dc2
	mov.w		%d1,(2+EXC_DREGS,%a6,%d3.w*4) # store new Compare2 Op

	mov.w		DC1(%a6),%d2		# fetch Dc1
	mov.w		%d0,(2+EXC_DREGS,%a6,%d2.w*4) # store new Compare1 Op

cas2_finish_w_done:
	btst		&0x5,EXC_ISR(%a6)
	sne		%d2
	mov.l		%d2,%d0			# pass mode
	sf		%d1			# pass size
	mov.l		ADDR1(%a6),%a0		# pass ADDR1
	bsr.l		_real_unlock_page	# unlock page

	mov.l		%d2,%d0			# pass mode
	sf		%d1			# pass size
	mov.l		ADDR2(%a6),%a0		# pass ADDR2
	bsr.l		_real_unlock_page	# unlock page
	rts

cas2_finish_l:
	mov.w		EXC_CC(%a6),%cc		# load old ccodes
	cmp.l		%d0,%d2
	bne.b		cas2_finish_l_save
	cmp.l		%d1,%d3
cas2_finish_l_save:
	mov.w		%cc,EXC_CC(%a6)		# save new ccodes

	tst.b		%d4			# update compare reg?
	bne.b		cas2_finish_l_done	# no

	mov.w		DC2(%a6),%d3		# fetch Dc2
	mov.l		%d1,(EXC_DREGS,%a6,%d3.w*4) # store new Compare2 Op

	mov.w		DC1(%a6),%d2		# fetch Dc1
	mov.l		%d0,(EXC_DREGS,%a6,%d2.w*4) # store new Compare1 Op

cas2_finish_l_done:
	btst		&0x5,EXC_ISR(%a6)
	sne		%d2
	mov.l		%d2,%d0			# pass mode
	st		%d1			# pass size
	mov.l		ADDR1(%a6),%a0		# pass ADDR1
	bsr.l		_real_unlock_page	# unlock page

	mov.l		%d2,%d0			# pass mode
	st		%d1			# pass size
	mov.l		ADDR2(%a6),%a0		# pass ADDR2
	bsr.l		_real_unlock_page	# unlock page
	rts

########
	global		cr_cas2
cr_cas2:
	mov.l		EXC_TEMP+0x4(%a6),%d0
	bra.w		_compandset2

#########################################################################
# XDEF ****************************************************************	#
#	_compandset(): routine to emulate cas w/ misaligned <ea>	#
#		       (internal to package)				#
#	_isp_cas_finish(): routine called when cas emulation completes	#
#			   (external and internal to package)		#
#	_isp_cas_restart(): restart cas emulation after a fault		#
#			    (external to package)			#
#	_isp_cas_terminate(): create access error stack frame on fault	#
#			      (external and internal to package)	#
#	_isp_cas_inrange(): checks whether instr addess is within range	#
#			    of core cas/cas2emulation code		#
#			    (external to package)			#
#									#
# XREF ****************************************************************	#
#	_calc_ea(): calculate effective address				#
#									#
# INPUT ***************************************************************	#
# compandset():								#
#	none								#
# _isp_cas_restart():							#
#	d6 = previous sfc/dfc						#
# _isp_cas_finish():							#
# _isp_cas_terminate():							#
#	a0 = failing address						#
#	d0 = FSLW							#
#	d6 = previous sfc/dfc						#
# _isp_cas_inrange():							#
#	a0 = instruction address to be checked				#
#									#
# OUTPUT **************************************************************	#
# compandset():								#
#		none							#
# _isp_cas_restart():							#
#	a0 = effective address						#
#	d7 = word or longword flag					#
# _isp_cas_finish():							#
#	a0 = effective address						#
# _isp_cas_terminate():							#
#	initial register set before emulation exception			#
# _isp_cas_inrange():							#
#	d0 = 0 => in range; -1 => out of range				#
#									#
# ALGORITHM ***********************************************************	#
#									#
# compandset():								#
#	First, calculate the effective address. Then, decode the	#
# instruction word and fetch the "compare" (DC) and "update" (Du)	#
# operands.								#
#	Next, call the external routine _real_lock_page() so that the	#
# operating system can keep this page from being paged out while we're	#
# in this routine. If this call fails, jump to _cas_terminate2().	#
#	The routine then branches to _real_cas(). This external routine	#
# that actually emulates cas can be supplied by the external os or	#
# made to point directly back into the 060ISP which has a routine for	#
# this purpose.								#
#									#
# _isp_cas_finish():							#
#	Either way, after emulation, the package is re-entered at	#
# _isp_cas_finish(). This routine re-compares the operands in order to	#
# set the condition codes. Finally, these routines will call		#
# _real_unlock_page() in order to unlock the pages that were previously	#
# locked.								#
#									#
# _isp_cas_restart():							#
#	This routine can be entered from an access error handler where	#
# the emulation sequence should be re-started from the beginning.	#
#									#
# _isp_cas_terminate():							#
#	This routine can be entered from an access error handler where	#
# an emulation operand access failed and the operating system would	#
# like an access error stack frame created instead of the current	#
# unimplemented integer instruction frame.				#
#	Also, the package enters here if a call to _real_lock_page()	#
# fails.								#
#									#
# _isp_cas_inrange():							#
#	Checks to see whether the instruction address passed to it in	#
# a0 is within the software package cas/cas2 emulation routines. This	#
# can be helpful for an operating system to determine whether an access	#
# error during emulation was due to a cas/cas2 emulation access.	#
#									#
#########################################################################

set DC,		EXC_TEMP+0x8
set ADDR,	EXC_TEMP+0x4

	global		_compandset
_compandset:
	btst		&0x1,EXC_OPWORD(%a6)	# word or long operation?
	bne.b		compandsetl		# long

compandsetw:
	movq.l		&0x2,%d0		# size = 2 bytes
	bsr.l		_calc_ea		# a0 = calculated <ea>
	mov.l		%a0,ADDR(%a6)		# save <ea> for possible restart
	sf		%d7			# clear d7 for word size
	bra.b		compandsetfetch

compandsetl:
	movq.l		&0x4,%d0		# size = 4 bytes
	bsr.l		_calc_ea		# a0 = calculated <ea>
	mov.l		%a0,ADDR(%a6)		# save <ea> for possible restart
	st		%d7			# set d7 for longword size

compandsetfetch:
	mov.w		EXC_EXTWORD(%a6),%d0	# fetch cas extension word
	mov.l		%d0,%d1			# make a copy

	lsr.w		&0x6,%d0
	andi.w		&0x7,%d0		# extract Du
	mov.l		(EXC_DREGS,%a6,%d0.w*4),%d2 # get update operand

	andi.w		&0x7,%d1		# extract Dc
	mov.l		(EXC_DREGS,%a6,%d1.w*4),%d4 # get compare operand
	mov.w		%d1,DC(%a6)		# save Dc

	btst		&0x5,EXC_ISR(%a6)	# which mode for exception?
	sne		%d6			# set on supervisor mode

	mov.l		%a0,%a2			# save temporarily
	mov.l		%d7,%d1			# pass size
	mov.l		%d6,%d0			# pass mode
	bsr.l		_real_lock_page		# lock page
	tst.l		%d0			# did error occur?
	bne.w		_cas_terminate2		# yes, clean up the mess
	mov.l		%a2,%a0			# pass addr in a0

	bra.l		_real_cas

########
	global		_isp_cas_finish
_isp_cas_finish:
	btst		&0x1,EXC_OPWORD(%a6)
	bne.b		cas_finish_l

# just do the compare again since it's faster than saving the ccodes
# from the locked routine...
cas_finish_w:
	mov.w		EXC_CC(%a6),%cc		# restore cc
	cmp.w		%d0,%d4			# do word compare
	mov.w		%cc,EXC_CC(%a6)		# save cc

	tst.b		%d1			# update compare reg?
	bne.b		cas_finish_w_done	# no

	mov.w		DC(%a6),%d3
	mov.w		%d0,(EXC_DREGS+2,%a6,%d3.w*4) # Dc = destination

cas_finish_w_done:
	mov.l		ADDR(%a6),%a0		# pass addr
	sf		%d1			# pass size
	btst		&0x5,EXC_ISR(%a6)
	sne		%d0			# pass mode
	bsr.l		_real_unlock_page	# unlock page
	rts

# just do the compare again since it's faster than saving the ccodes
# from the locked routine...
cas_finish_l:
	mov.w		EXC_CC(%a6),%cc		# restore cc
	cmp.l		%d0,%d4			# do longword compare
	mov.w		%cc,EXC_CC(%a6)		# save cc

	tst.b		%d1			# update compare reg?
	bne.b		cas_finish_l_done	# no

	mov.w		DC(%a6),%d3
	mov.l		%d0,(EXC_DREGS,%a6,%d3.w*4) # Dc = destination

cas_finish_l_done:
	mov.l		ADDR(%a6),%a0		# pass addr
	st		%d1			# pass size
	btst		&0x5,EXC_ISR(%a6)
	sne		%d0			# pass mode
	bsr.l		_real_unlock_page	# unlock page
	rts

########

	global		_isp_cas_restart
_isp_cas_restart:
	mov.l		%d6,%sfc		# restore previous sfc
	mov.l		%d6,%dfc		# restore previous dfc

	cmpi.b		EXC_OPWORD+1(%a6),&0xfc	# cas or cas2?
	beq.l		cr_cas2			# cas2
cr_cas:
	mov.l		ADDR(%a6),%a0		# load <ea>
	btst		&0x1,EXC_OPWORD(%a6)	# word or long operation?
	sne		%d7			# set d7 accordingly
	bra.w		compandsetfetch

########

# At this stage, it would be nice if d0 held the FSLW.
	global		_isp_cas_terminate
_isp_cas_terminate:
	mov.l		%d6,%sfc		# restore previous sfc
	mov.l		%d6,%dfc		# restore previous dfc

	global		_cas_terminate2
_cas_terminate2:
	mov.l		%a0,%a2			# copy failing addr to a2

	mov.l		%d0,-(%sp)
	bsr.l		isp_restore		# restore An (if ()+ or -())
	mov.l		(%sp)+,%d0

	addq.l		&0x4,%sp		# remove sub return addr
	subq.l		&0x8,%sp		# make room for bigger stack
	subq.l		&0x8,%a6		# shift frame ptr down, too
	mov.l		&26,%d1			# want to move 51 longwords
	lea		0x8(%sp),%a0		# get address of old stack
	lea		0x0(%sp),%a1		# get address of new stack
cas_term_cont:
	mov.l		(%a0)+,(%a1)+		# move a longword
	dbra.w		%d1,cas_term_cont	# keep going

	mov.w		&0x4008,EXC_IVOFF(%a6)	# put new stk fmt, voff
	mov.l		%a2,EXC_IVOFF+0x2(%a6)	# put faulting addr on stack
	mov.l		%d0,EXC_IVOFF+0x6(%a6)	# put FSLW on stack
	movm.l		EXC_DREGS(%a6),&0x3fff	# restore user regs
	unlk		%a6			# unlink stack frame
	bra.l		_real_access

########

	global		_isp_cas_inrange
_isp_cas_inrange:
	clr.l		%d0			# clear return result
	lea		_CASHI(%pc),%a1		# load end of CAS core code
	cmp.l		%a1,%a0			# is PC in range?
	blt.b		cin_no			# no
	lea		_CASLO(%pc),%a1		# load begin of CAS core code
	cmp.l		%a0,%a1			# is PC in range?
	blt.b		cin_no			# no
	rts					# yes; return d0 = 0
cin_no:
	mov.l		&-0x1,%d0		# out of range; return d0 = -1
	rts

#################################################################
#################################################################
#################################################################
# This is the start of the cas and cas2 "core" emulation code.	#
# This is the section that may need to be replaced by the host	#
# OS if it is too operating system-specific.			#
# Please refer to the package documentation to see how to	#
# "replace" this section, if necessary.				#
#################################################################
#################################################################
#################################################################

#       ######      ##      ######     ####
#       #	   #  #     #         #    #
#	#	  ######    ######        #
#	#	  #    #         #      #
#       ######    #    #    ######    ######

#########################################################################
# XDEF ****************************************************************	#
#	_isp_cas2(): "core" emulation code for the cas2 instruction	#
#									#
# XREF ****************************************************************	#
#	_isp_cas2_finish() - only exit point for this emulation code;	#
#			     do clean-up; calculate ccodes; store	#
#			     Compare Ops if appropriate.		#
#									#
# INPUT ***************************************************************	#
#	*see chart below*						#
#									#
# OUTPUT **************************************************************	#
#	*see chart below*						#
#									#
# ALGORITHM ***********************************************************	#
#	(1) Make several copies of the effective address.		#
#	(2) Save current SR; Then mask off all maskable interrupts.	#
#	(3) Save current SFC/DFC (ASSUMED TO BE EQUAL!!!); Then set	#
#	    according to whether exception occurred in user or		#
#	    supervisor mode.						#
#	(4) Use "plpaw" instruction to pre-load ATC with effective	#
#	    address pages(s). THIS SHOULD NOT FAULT!!! The relevant	#
#	    page(s) should have already been made resident prior to	#
#	    entering this routine.					#
#	(5) Push the operand lines from the cache w/ "cpushl".		#
#	    In the 68040, this was done within the locked region. In	#
#	    the 68060, it is done outside of the locked region.		#
#	(6) Use "plpar" instruction to do a re-load of ATC entries for	#
#	    ADDR1 since ADDR2 entries may have pushed ADDR1 out of the	#
#	    ATC.							#
#	(7) Pre-fetch the core emulation instructions by executing	#
#	    one branch within each physical line (16 bytes) of the code	#
#	    before actually executing the code.				#
#	(8) Load the BUSCR w/ the bus lock value.			#
#	(9) Fetch the source operands using "moves".			#
#	(10)Do the compares. If both equal, go to step (13).		#
#	(11)Unequal. No update occurs. But, we do write the DST1 op	#
#	    back to itself (as w/ the '040) so we can gracefully unlock	#
#	    the bus (and assert LOCKE*) using BUSCR and the final move.	#
#	(12)Exit.							#
#	(13)Write update operand to the DST locations. Use BUSCR to	#
#	    assert LOCKE* for the final write operation.		#
#	(14)Exit.							#
#									#
#	The algorithm is actually implemented slightly differently	#
# depending on the size of the operation and the misalignment of the	#
# operands. A misaligned operand must be written in aligned chunks or	#
# else the BUSCR register control gets confused.			#
#									#
#########################################################################

#################################################################
# THIS IS THE STATE OF THE INTEGER REGISTER FILE UPON		#
# ENTERING _isp_cas2().						#
#								#
# D0 = xxxxxxxx							#
# D1 = xxxxxxxx							#
# D2 = cmp operand 1						#
# D3 = cmp operand 2						#
# D4 = update oper 1						#
# D5 = update oper 2						#
# D6 = 'xxxxxxff if supervisor mode; 'xxxxxx00 if user mode	#
# D7 = 'xxxxxxff if longword operation; 'xxxxxx00 if word	#
# A0 = ADDR1							#
# A1 = ADDR2							#
# A2 = xxxxxxxx							#
# A3 = xxxxxxxx							#
# A4 = xxxxxxxx							#
# A5 = xxxxxxxx							#
# A6 = frame pointer						#
# A7 = stack pointer						#
#################################################################

#	align		0x1000
# beginning label used by _isp_cas_inrange()
	global		_CASLO
_CASLO:

	global		_isp_cas2
_isp_cas2:
	tst.b		%d6			# user or supervisor mode?
	bne.b		cas2_supervisor		# supervisor
cas2_user:
	movq.l		&0x1,%d0		# load user data fc
	bra.b		cas2_cont
cas2_supervisor:
	movq.l		&0x5,%d0		# load supervisor data fc
cas2_cont:
	tst.b		%d7			# word or longword?
	beq.w		cas2w			# word

####
cas2l:
	mov.l		%a0,%a2			# copy ADDR1
	mov.l		%a1,%a3			# copy ADDR2
	mov.l		%a0,%a4			# copy ADDR1
	mov.l		%a1,%a5			# copy ADDR2

	addq.l		&0x3,%a4		# ADDR1+3
	addq.l		&0x3,%a5		# ADDR2+3
	mov.l		%a2,%d1			# ADDR1

# mask interrupts levels 0-6. save old mask value.
	mov.w		%sr,%d7			# save current SR
	ori.w		&0x0700,%sr		# inhibit interrupts

# load the SFC and DFC with the appropriate mode.
	movc		%sfc,%d6		# save old SFC/DFC
	movc		%d0,%sfc		# store new SFC
	movc		%d0,%dfc		# store new DFC

# pre-load the operand ATC. no page faults should occur here because
# _real_lock_page() should have taken care of this.
	plpaw		(%a2)			# load atc for ADDR1
	plpaw		(%a4)			# load atc for ADDR1+3
	plpaw		(%a3)			# load atc for ADDR2
	plpaw		(%a5)			# load atc for ADDR2+3

# push the operand lines from the cache if they exist.
	cpushl		%dc,(%a2)		# push line for ADDR1
	cpushl		%dc,(%a4)		# push line for ADDR1+3
	cpushl		%dc,(%a3)		# push line for ADDR2
	cpushl		%dc,(%a5)		# push line for ADDR2+2

	mov.l		%d1,%a2			# ADDR1
	addq.l		&0x3,%d1
	mov.l		%d1,%a4			# ADDR1+3
# if ADDR1 was ATC resident before the above "plpaw" and was executed
# and it was the next entry scheduled for replacement and ADDR2
# shares the same set, then the "plpaw" for ADDR2 can push the ADDR1
# entries from the ATC. so, we do a second set of "plpa"s.
	plpar		(%a2)			# load atc for ADDR1
	plpar		(%a4)			# load atc for ADDR1+3

# load the BUSCR values.
	mov.l		&0x80000000,%a2		# assert LOCK* buscr value
	mov.l		&0xa0000000,%a3		# assert LOCKE* buscr value
	mov.l		&0x00000000,%a4		# buscr unlock value

# there are three possible mis-aligned cases for longword cas. they
# are separated because the final write which asserts LOCKE* must
# be aligned.
	mov.l		%a0,%d0			# is ADDR1 misaligned?
	andi.b		&0x3,%d0
	beq.b		CAS2L_ENTER		# no
	cmpi.b		%d0,&0x2
	beq.w		CAS2L2_ENTER		# yes; word misaligned
	bra.w		CAS2L3_ENTER		# yes; byte misaligned

#
# D0 = dst operand 1 <-
# D1 = dst operand 2 <-
# D2 = cmp operand 1
# D3 = cmp operand 2
# D4 = update oper 1
# D5 = update oper 2
# D6 = old SFC/DFC
# D7 = old SR
# A0 = ADDR1
# A1 = ADDR2
# A2 = bus LOCK*  value
# A3 = bus LOCKE* value
# A4 = bus unlock value
# A5 = xxxxxxxx
#
	align		0x10
CAS2L_START:
	movc		%a2,%buscr		# assert LOCK*
	movs.l		(%a1),%d1		# fetch Dest2[31:0]
	movs.l		(%a0),%d0		# fetch Dest1[31:0]
	bra.b		CAS2L_CONT
CAS2L_ENTER:
	bra.b		~+16

CAS2L_CONT:
	cmp.l		%d0,%d2			# Dest1 - Compare1
	bne.b		CAS2L_NOUPDATE
	cmp.l		%d1,%d3			# Dest2 - Compare2
	bne.b		CAS2L_NOUPDATE
	movs.l		%d5,(%a1)		# Update2[31:0] -> DEST2
	bra.b		CAS2L_UPDATE
	bra.b		~+16

CAS2L_UPDATE:
	movc		%a3,%buscr		# assert LOCKE*
	movs.l		%d4,(%a0)		# Update1[31:0] -> DEST1
	movc		%a4,%buscr		# unlock the bus
	bra.b		cas2l_update_done
	bra.b		~+16

CAS2L_NOUPDATE:
	movc		%a3,%buscr		# assert LOCKE*
	movs.l		%d0,(%a0)		# Dest1[31:0] -> DEST1
	movc		%a4,%buscr		# unlock the bus
	bra.b		cas2l_noupdate_done
	bra.b		~+16

CAS2L_FILLER:
	nop
	nop
	nop
	nop
	nop
	nop
	nop
	bra.b		CAS2L_START

####

#################################################################
# THIS MUST BE THE STATE OF THE INTEGER REGISTER FILE UPON	#
# ENTERING _isp_cas2().						#
#								#
# D0 = destination[31:0] operand 1				#
# D1 = destination[31:0] operand 2				#
# D2 = cmp[31:0] operand 1					#
# D3 = cmp[31:0] operand 2					#
# D4 = 'xxxxxx11 -> no reg update; 'xxxxxx00 -> update required	#
# D5 = xxxxxxxx							#
# D6 = xxxxxxxx							#
# D7 = xxxxxxxx							#
# A0 = xxxxxxxx							#
# A1 = xxxxxxxx							#
# A2 = xxxxxxxx							#
# A3 = xxxxxxxx							#
# A4 = xxxxxxxx							#
# A5 = xxxxxxxx							#
# A6 = frame pointer						#
# A7 = stack pointer						#
#################################################################

cas2l_noupdate_done:

# restore previous SFC/DFC value.
	movc		%d6,%sfc		# restore old SFC
	movc		%d6,%dfc		# restore old DFC

# restore previous interrupt mask level.
	mov.w		%d7,%sr			# restore old SR

	sf		%d4			# indicate no update was done
	bra.l		_isp_cas2_finish

cas2l_update_done:

# restore previous SFC/DFC value.
	movc		%d6,%sfc		# restore old SFC
	movc		%d6,%dfc		# restore old DFC

# restore previous interrupt mask level.
	mov.w		%d7,%sr			# restore old SR

	st		%d4			# indicate update was done
	bra.l		_isp_cas2_finish
####

	align		0x10
CAS2L2_START:
	movc		%a2,%buscr		# assert LOCK*
	movs.l		(%a1),%d1		# fetch Dest2[31:0]
	movs.l		(%a0),%d0		# fetch Dest1[31:0]
	bra.b		CAS2L2_CONT
CAS2L2_ENTER:
	bra.b		~+16

CAS2L2_CONT:
	cmp.l		%d0,%d2			# Dest1 - Compare1
	bne.b		CAS2L2_NOUPDATE
	cmp.l		%d1,%d3			# Dest2 - Compare2
	bne.b		CAS2L2_NOUPDATE
	movs.l		%d5,(%a1)		# Update2[31:0] -> Dest2
	bra.b		CAS2L2_UPDATE
	bra.b		~+16

CAS2L2_UPDATE:
	swap		%d4			# get Update1[31:16]
	movs.w		%d4,(%a0)+		# Update1[31:16] -> DEST1
	movc		%a3,%buscr		# assert LOCKE*
	swap		%d4			# get Update1[15:0]
	bra.b		CAS2L2_UPDATE2
	bra.b		~+16

CAS2L2_UPDATE2:
	movs.w		%d4,(%a0)		# Update1[15:0] -> DEST1+0x2
	movc		%a4,%buscr		# unlock the bus
	bra.w		cas2l_update_done
	nop
	bra.b		~+16

CAS2L2_NOUPDATE:
	swap		%d0			# get Dest1[31:16]
	movs.w		%d0,(%a0)+		# Dest1[31:16] -> DEST1
	movc		%a3,%buscr		# assert LOCKE*
	swap		%d0			# get Dest1[15:0]
	bra.b		CAS2L2_NOUPDATE2
	bra.b		~+16

CAS2L2_NOUPDATE2:
	movs.w		%d0,(%a0)		# Dest1[15:0] -> DEST1+0x2
	movc		%a4,%buscr		# unlock the bus
	bra.w		cas2l_noupdate_done
	nop
	bra.b		~+16

CAS2L2_FILLER:
	nop
	nop
	nop
	nop
	nop
	nop
	nop
	bra.b		CAS2L2_START

#################################

	align		0x10
CAS2L3_START:
	movc		%a2,%buscr		# assert LOCK*
	movs.l		(%a1),%d1		# fetch Dest2[31:0]
	movs.l		(%a0),%d0		# fetch Dest1[31:0]
	bra.b		CAS2L3_CONT
CAS2L3_ENTER:
	bra.b		~+16

CAS2L3_CONT:
	cmp.l		%d0,%d2			# Dest1 - Compare1
	bne.b		CAS2L3_NOUPDATE
	cmp.l		%d1,%d3			# Dest2 - Compare2
	bne.b		CAS2L3_NOUPDATE
	movs.l		%d5,(%a1)		# Update2[31:0] -> DEST2
	bra.b		CAS2L3_UPDATE
	bra.b		~+16

CAS2L3_UPDATE:
	rol.l		&0x8,%d4		# get Update1[31:24]
	movs.b		%d4,(%a0)+		# Update1[31:24] -> DEST1
	swap		%d4			# get Update1[23:8]
	movs.w		%d4,(%a0)+		# Update1[23:8] -> DEST1+0x1
	bra.b		CAS2L3_UPDATE2
	bra.b		~+16

CAS2L3_UPDATE2:
	rol.l		&0x8,%d4		# get Update1[7:0]
	movc		%a3,%buscr		# assert LOCKE*
	movs.b		%d4,(%a0)		# Update1[7:0] -> DEST1+0x3
	bra.b		CAS2L3_UPDATE3
	nop
	bra.b		~+16

CAS2L3_UPDATE3:
	movc		%a4,%buscr		# unlock the bus
	bra.w		cas2l_update_done
	nop
	nop
	nop
	bra.b		~+16

CAS2L3_NOUPDATE:
	rol.l		&0x8,%d0		# get Dest1[31:24]
	movs.b		%d0,(%a0)+		# Dest1[31:24] -> DEST1
	swap		%d0			# get Dest1[23:8]
	movs.w		%d0,(%a0)+		# Dest1[23:8] -> DEST1+0x1
	bra.b		CAS2L3_NOUPDATE2
	bra.b		~+16

CAS2L3_NOUPDATE2:
	rol.l		&0x8,%d0		# get Dest1[7:0]
	movc		%a3,%buscr		# assert LOCKE*
	movs.b		%d0,(%a0)		# Update1[7:0] -> DEST1+0x3
	bra.b		CAS2L3_NOUPDATE3
	nop
	bra.b		~+16

CAS2L3_NOUPDATE3:
	movc		%a4,%buscr		# unlock the bus
	bra.w		cas2l_noupdate_done
	nop
	nop
	nop
	bra.b		~+14

CAS2L3_FILLER:
	nop
	nop
	nop
	nop
	nop
	nop
	bra.w		CAS2L3_START

#############################################################
#############################################################

cas2w:
	mov.l		%a0,%a2			# copy ADDR1
	mov.l		%a1,%a3			# copy ADDR2
	mov.l		%a0,%a4			# copy ADDR1
	mov.l		%a1,%a5			# copy ADDR2

	addq.l		&0x1,%a4		# ADDR1+1
	addq.l		&0x1,%a5		# ADDR2+1
	mov.l		%a2,%d1			# ADDR1

# mask interrupt levels 0-6. save old mask value.
	mov.w		%sr,%d7			# save current SR
	ori.w		&0x0700,%sr		# inhibit interrupts

# load the SFC and DFC with the appropriate mode.
	movc		%sfc,%d6		# save old SFC/DFC
	movc		%d0,%sfc		# store new SFC
	movc		%d0,%dfc		# store new DFC

# pre-load the operand ATC. no page faults should occur because
# _real_lock_page() should have taken care of this.
	plpaw		(%a2)			# load atc for ADDR1
	plpaw		(%a4)			# load atc for ADDR1+1
	plpaw		(%a3)			# load atc for ADDR2
	plpaw		(%a5)			# load atc for ADDR2+1

# push the operand cache lines from the cache if they exist.
	cpushl		%dc,(%a2)		# push line for ADDR1
	cpushl		%dc,(%a4)		# push line for ADDR1+1
	cpushl		%dc,(%a3)		# push line for ADDR2
	cpushl		%dc,(%a5)		# push line for ADDR2+1

	mov.l		%d1,%a2			# ADDR1
	addq.l		&0x3,%d1
	mov.l		%d1,%a4			# ADDR1+3
# if ADDR1 was ATC resident before the above "plpaw" and was executed
# and it was the next entry scheduled for replacement and ADDR2
# shares the same set, then the "plpaw" for ADDR2 can push the ADDR1
# entries from the ATC. so, we do a second set of "plpa"s.
	plpar		(%a2)			# load atc for ADDR1
	plpar		(%a4)			# load atc for ADDR1+3

# load the BUSCR values.
	mov.l		&0x80000000,%a2		# assert LOCK* buscr value
	mov.l		&0xa0000000,%a3		# assert LOCKE* buscr value
	mov.l		&0x00000000,%a4		# buscr unlock value

# there are two possible mis-aligned cases for word cas. they
# are separated because the final write which asserts LOCKE* must
# be aligned.
	mov.l		%a0,%d0			# is ADDR1 misaligned?
	btst		&0x0,%d0
	bne.w		CAS2W2_ENTER		# yes
	bra.b		CAS2W_ENTER		# no

#
# D0 = dst operand 1 <-
# D1 = dst operand 2 <-
# D2 = cmp operand 1
# D3 = cmp operand 2
# D4 = update oper 1
# D5 = update oper 2
# D6 = old SFC/DFC
# D7 = old SR
# A0 = ADDR1
# A1 = ADDR2
# A2 = bus LOCK*  value
# A3 = bus LOCKE* value
# A4 = bus unlock value
# A5 = xxxxxxxx
#
	align		0x10
CAS2W_START:
	movc		%a2,%buscr		# assert LOCK*
	movs.w		(%a1),%d1		# fetch Dest2[15:0]
	movs.w		(%a0),%d0		# fetch Dest1[15:0]
	bra.b		CAS2W_CONT2
CAS2W_ENTER:
	bra.b		~+16

CAS2W_CONT2:
	cmp.w		%d0,%d2			# Dest1 - Compare1
	bne.b		CAS2W_NOUPDATE
	cmp.w		%d1,%d3			# Dest2 - Compare2
	bne.b		CAS2W_NOUPDATE
	movs.w		%d5,(%a1)		# Update2[15:0] -> DEST2
	bra.b		CAS2W_UPDATE
	bra.b		~+16

CAS2W_UPDATE:
	movc		%a3,%buscr		# assert LOCKE*
	movs.w		%d4,(%a0)		# Update1[15:0] -> DEST1
	movc		%a4,%buscr		# unlock the bus
	bra.b		cas2w_update_done
	bra.b		~+16

CAS2W_NOUPDATE:
	movc		%a3,%buscr		# assert LOCKE*
	movs.w		%d0,(%a0)		# Dest1[15:0] -> DEST1
	movc		%a4,%buscr		# unlock the bus
	bra.b		cas2w_noupdate_done
	bra.b		~+16

CAS2W_FILLER:
	nop
	nop
	nop
	nop
	nop
	nop
	nop
	bra.b		CAS2W_START

####

#################################################################
# THIS MUST BE THE STATE OF THE INTEGER REGISTER FILE UPON	#
# ENTERING _isp_cas2().						#
#								#
# D0 = destination[15:0] operand 1				#
# D1 = destination[15:0] operand 2				#
# D2 = cmp[15:0] operand 1					#
# D3 = cmp[15:0] operand 2					#
# D4 = 'xxxxxx11 -> no reg update; 'xxxxxx00 -> update required	#
# D5 = xxxxxxxx							#
# D6 = xxxxxxxx							#
# D7 = xxxxxxxx							#
# A0 = xxxxxxxx							#
# A1 = xxxxxxxx							#
# A2 = xxxxxxxx							#
# A3 = xxxxxxxx							#
# A4 = xxxxxxxx							#
# A5 = xxxxxxxx							#
# A6 = frame pointer						#
# A7 = stack pointer						#
#################################################################

cas2w_noupdate_done:

# restore previous SFC/DFC value.
	movc		%d6,%sfc		# restore old SFC
	movc		%d6,%dfc		# restore old DFC

# restore previous interrupt mask level.
	mov.w		%d7,%sr			# restore old SR

	sf		%d4			# indicate no update was done
	bra.l		_isp_cas2_finish

cas2w_update_done:

# restore previous SFC/DFC value.
	movc		%d6,%sfc		# restore old SFC
	movc		%d6,%dfc		# restore old DFC

# restore previous interrupt mask level.
	mov.w		%d7,%sr			# restore old SR

	st		%d4			# indicate update was done
	bra.l		_isp_cas2_finish
####

	align		0x10
CAS2W2_START:
	movc		%a2,%buscr		# assert LOCK*
	movs.w		(%a1),%d1		# fetch Dest2[15:0]
	movs.w		(%a0),%d0		# fetch Dest1[15:0]
	bra.b		CAS2W2_CONT2
CAS2W2_ENTER:
	bra.b		~+16

CAS2W2_CONT2:
	cmp.w		%d0,%d2			# Dest1 - Compare1
	bne.b		CAS2W2_NOUPDATE
	cmp.w		%d1,%d3			# Dest2 - Compare2
	bne.b		CAS2W2_NOUPDATE
	movs.w		%d5,(%a1)		# Update2[15:0] -> DEST2
	bra.b		CAS2W2_UPDATE
	bra.b		~+16

CAS2W2_UPDATE:
	ror.l		&0x8,%d4		# get Update1[15:8]
	movs.b		%d4,(%a0)+		# Update1[15:8] -> DEST1
	movc		%a3,%buscr		# assert LOCKE*
	rol.l		&0x8,%d4		# get Update1[7:0]
	bra.b		CAS2W2_UPDATE2
	bra.b		~+16

CAS2W2_UPDATE2:
	movs.b		%d4,(%a0)		# Update1[7:0] -> DEST1+0x1
	movc		%a4,%buscr		# unlock the bus
	bra.w		cas2w_update_done
	nop
	bra.b		~+16

CAS2W2_NOUPDATE:
	ror.l		&0x8,%d0		# get Dest1[15:8]
	movs.b		%d0,(%a0)+		# Dest1[15:8] -> DEST1
	movc		%a3,%buscr		# assert LOCKE*
	rol.l		&0x8,%d0		# get Dest1[7:0]
	bra.b		CAS2W2_NOUPDATE2
	bra.b		~+16

CAS2W2_NOUPDATE2:
	movs.b		%d0,(%a0)		# Dest1[7:0] -> DEST1+0x1
	movc		%a4,%buscr		# unlock the bus
	bra.w		cas2w_noupdate_done
	nop
	bra.b		~+16

CAS2W2_FILLER:
	nop
	nop
	nop
	nop
	nop
	nop
	nop
	bra.b		CAS2W2_START

#       ######      ##      ######
#       #	   #  #     #
#	#	  ######    ######
#	#	  #    #         #
#       ######    #    #    ######

#########################################################################
# XDEF ****************************************************************	#
#	_isp_cas(): "core" emulation code for the cas instruction	#
#									#
# XREF ****************************************************************	#
#	_isp_cas_finish() - only exit point for this emulation code;	#
#			    do clean-up					#
#									#
# INPUT ***************************************************************	#
#	*see entry chart below*						#
#									#
# OUTPUT **************************************************************	#
#	*see exit chart below*						#
#									#
# ALGORITHM ***********************************************************	#
#	(1) Make several copies of the effective address.		#
#	(2) Save current SR; Then mask off all maskable interrupts.	#
#	(3) Save current DFC/SFC (ASSUMED TO BE EQUAL!!!); Then set	#
#	    SFC/DFC according to whether exception occurred in user or	#
#	    supervisor mode.						#
#	(4) Use "plpaw" instruction to pre-load ATC with effective	#
#	    address page(s). THIS SHOULD NOT FAULT!!! The relevant	#
#	    page(s) should have been made resident prior to entering	#
#	    this routine.						#
#	(5) Push the operand lines from the cache w/ "cpushl".		#
#	    In the 68040, this was done within the locked region. In	#
#	    the 68060, it is done outside of the locked region.		#
#	(6) Pre-fetch the core emulation instructions by executing one	#
#	    branch within each physical line (16 bytes) of the code	#
#	    before actually executing the code.				#
#	(7) Load the BUSCR with the bus lock value.			#
#	(8) Fetch the source operand.					#
#	(9) Do the compare. If equal, go to step (12).			#
#	(10)Unequal. No update occurs. But, we do write the DST op back	#
#	    to itself (as w/ the '040) so we can gracefully unlock	#
#	    the bus (and assert LOCKE*) using BUSCR and the final move.	#
#	(11)Exit.							#
#	(12)Write update operand to the DST location. Use BUSCR to	#
#	    assert LOCKE* for the final write operation.		#
#	(13)Exit.							#
#									#
#	The algorithm is actually implemented slightly differently	#
# depending on the size of the operation and the misalignment of the	#
# operand. A misaligned operand must be written in aligned chunks or	#
# else the BUSCR register control gets confused.			#
#									#
#########################################################################

#########################################################
# THIS IS THE STATE OF THE INTEGER REGISTER FILE UPON	#
# ENTERING _isp_cas().					#
#							#
# D0 = xxxxxxxx						#
# D1 = xxxxxxxx						#
# D2 = update operand					#
# D3 = xxxxxxxx						#
# D4 = compare operand					#
# D5 = xxxxxxxx						#
# D6 = supervisor ('xxxxxxff) or user mode ('xxxxxx00)	#
# D7 = longword ('xxxxxxff) or word size ('xxxxxx00)	#
# A0 = ADDR						#
# A1 = xxxxxxxx						#
# A2 = xxxxxxxx						#
# A3 = xxxxxxxx						#
# A4 = xxxxxxxx						#
# A5 = xxxxxxxx						#
# A6 = frame pointer					#
# A7 = stack pointer					#
#########################################################

	global		_isp_cas
_isp_cas:
	tst.b		%d6			# user or supervisor mode?
	bne.b		cas_super		# supervisor
cas_user:
	movq.l		&0x1,%d0		# load user data fc
	bra.b		cas_cont
cas_super:
	movq.l		&0x5,%d0		# load supervisor data fc

cas_cont:
	tst.b		%d7			# word or longword?
	bne.w		casl			# longword

####
casw:
	mov.l		%a0,%a1			# make copy for plpaw1
	mov.l		%a0,%a2			# make copy for plpaw2
	addq.l		&0x1,%a2		# plpaw2 points to end of word

	mov.l		%d2,%d3			# d3 = update[7:0]
	lsr.w		&0x8,%d2		# d2 = update[15:8]

# mask interrupt levels 0-6. save old mask value.
	mov.w		%sr,%d7			# save current SR
	ori.w		&0x0700,%sr		# inhibit interrupts

# load the SFC and DFC with the appropriate mode.
	movc		%sfc,%d6		# save old SFC/DFC
	movc		%d0,%sfc		# load new sfc
	movc		%d0,%dfc		# load new dfc

# pre-load the operand ATC. no page faults should occur here because
# _real_lock_page() should have taken care of this.
	plpaw		(%a1)			# load atc for ADDR
	plpaw		(%a2)			# load atc for ADDR+1

# push the operand lines from the cache if they exist.
	cpushl		%dc,(%a1)		# push dirty data
	cpushl		%dc,(%a2)		# push dirty data

# load the BUSCR values.
	mov.l		&0x80000000,%a1		# assert LOCK* buscr value
	mov.l		&0xa0000000,%a2		# assert LOCKE* buscr value
	mov.l		&0x00000000,%a3		# buscr unlock value

# pre-load the instruction cache for the following algorithm.
# this will minimize the number of cycles that LOCK* will be asserted.
	bra.b		CASW_ENTER		# start pre-loading icache

#
# D0 = dst operand <-
# D1 = update[15:8] operand
# D2 = update[7:0]  operand
# D3 = xxxxxxxx
# D4 = compare[15:0] operand
# D5 = xxxxxxxx
# D6 = old SFC/DFC
# D7 = old SR
# A0 = ADDR
# A1 = bus LOCK*  value
# A2 = bus LOCKE* value
# A3 = bus unlock value
# A4 = xxxxxxxx
# A5 = xxxxxxxx
#
	align		0x10
CASW_START:
	movc		%a1,%buscr		# assert LOCK*
	movs.w		(%a0),%d0		# fetch Dest[15:0]
	cmp.w		%d0,%d4			# Dest - Compare
	bne.b		CASW_NOUPDATE
	bra.b		CASW_UPDATE
CASW_ENTER:
	bra.b		~+16

CASW_UPDATE:
	movs.b		%d2,(%a0)+		# Update[15:8] -> DEST
	movc		%a2,%buscr		# assert LOCKE*
	movs.b		%d3,(%a0)		# Update[7:0] -> DEST+0x1
	bra.b		CASW_UPDATE2
	bra.b		~+16

CASW_UPDATE2:
	movc		%a3,%buscr		# unlock the bus
	bra.b		casw_update_done
	nop
	nop
	nop
	nop
	bra.b		~+16

CASW_NOUPDATE:
	ror.l		&0x8,%d0		# get Dest[15:8]
	movs.b		%d0,(%a0)+		# Dest[15:8] -> DEST
	movc		%a2,%buscr		# assert LOCKE*
	rol.l		&0x8,%d0		# get Dest[7:0]
	bra.b		CASW_NOUPDATE2
	bra.b		~+16

CASW_NOUPDATE2:
	movs.b		%d0,(%a0)		# Dest[7:0] -> DEST+0x1
	movc		%a3,%buscr		# unlock the bus
	bra.b		casw_noupdate_done
	nop
	nop
	bra.b		~+16

CASW_FILLER:
	nop
	nop
	nop
	nop
	nop
	nop
	nop
	bra.b		CASW_START

#################################################################
# THIS MUST BE THE STATE OF THE INTEGER REGISTER FILE UPON	#
# CALLING _isp_cas_finish().					#
#								#
# D0 = destination[15:0] operand				#
# D1 = 'xxxxxx11 -> no reg update; 'xxxxxx00 -> update required	#
# D2 = xxxxxxxx							#
# D3 = xxxxxxxx							#
# D4 = compare[15:0] operand					#
# D5 = xxxxxxxx							#
# D6 = xxxxxxxx							#
# D7 = xxxxxxxx							#
# A0 = xxxxxxxx							#
# A1 = xxxxxxxx							#
# A2 = xxxxxxxx							#
# A3 = xxxxxxxx							#
# A4 = xxxxxxxx							#
# A5 = xxxxxxxx							#
# A6 = frame pointer						#
# A7 = stack pointer						#
#################################################################

casw_noupdate_done:

# restore previous SFC/DFC value.
	movc		%d6,%sfc		# restore old SFC
	movc		%d6,%dfc		# restore old DFC

# restore previous interrupt mask level.
	mov.w		%d7,%sr			# restore old SR

	sf		%d1			# indicate no update was done
	bra.l		_isp_cas_finish

casw_update_done:

# restore previous SFC/DFC value.
	movc		%d6,%sfc		# restore old SFC
	movc		%d6,%dfc		# restore old DFC

# restore previous interrupt mask level.
	mov.w		%d7,%sr			# restore old SR

	st		%d1			# indicate update was done
	bra.l		_isp_cas_finish

################

# there are two possible mis-aligned cases for longword cas. they
# are separated because the final write which asserts LOCKE* must
# be an aligned write.
casl:
	mov.l		%a0,%a1			# make copy for plpaw1
	mov.l		%a0,%a2			# make copy for plpaw2
	addq.l		&0x3,%a2		# plpaw2 points to end of longword

	mov.l		%a0,%d1			# byte or word misaligned?
	btst		&0x0,%d1
	bne.w		casl2			# byte misaligned

	mov.l		%d2,%d3			# d3 = update[15:0]
	swap		%d2			# d2 = update[31:16]

# mask interrupts levels 0-6. save old mask value.
	mov.w		%sr,%d7			# save current SR
	ori.w		&0x0700,%sr		# inhibit interrupts

# load the SFC and DFC with the appropriate mode.
	movc		%sfc,%d6		# save old SFC/DFC
	movc		%d0,%sfc		# load new sfc
	movc		%d0,%dfc		# load new dfc

# pre-load the operand ATC. no page faults should occur here because
# _real_lock_page() should have taken care of this.
	plpaw		(%a1)			# load atc for ADDR
	plpaw		(%a2)			# load atc for ADDR+3

# push the operand lines from the cache if they exist.
	cpushl		%dc,(%a1)		# push dirty data
	cpushl		%dc,(%a2)		# push dirty data

# load the BUSCR values.
	mov.l		&0x80000000,%a1		# assert LOCK* buscr value
	mov.l		&0xa0000000,%a2		# assert LOCKE* buscr value
	mov.l		&0x00000000,%a3		# buscr unlock value

	bra.b		CASL_ENTER		# start pre-loading icache

#
# D0 = dst operand <-
# D1 = xxxxxxxx
# D2 = update[31:16] operand
# D3 = update[15:0]  operand
# D4 = compare[31:0] operand
# D5 = xxxxxxxx
# D6 = old SFC/DFC
# D7 = old SR
# A0 = ADDR
# A1 = bus LOCK*  value
# A2 = bus LOCKE* value
# A3 = bus unlock value
# A4 = xxxxxxxx
# A5 = xxxxxxxx
#
	align		0x10
CASL_START:
	movc		%a1,%buscr		# assert LOCK*
	movs.l		(%a0),%d0		# fetch Dest[31:0]
	cmp.l		%d0,%d4			# Dest - Compare
	bne.b		CASL_NOUPDATE
	bra.b		CASL_UPDATE
CASL_ENTER:
	bra.b		~+16

CASL_UPDATE:
	movs.w		%d2,(%a0)+		# Update[31:16] -> DEST
	movc		%a2,%buscr		# assert LOCKE*
	movs.w		%d3,(%a0)		# Update[15:0] -> DEST+0x2
	bra.b		CASL_UPDATE2
	bra.b		~+16

CASL_UPDATE2:
	movc		%a3,%buscr		# unlock the bus
	bra.b		casl_update_done
	nop
	nop
	nop
	nop
	bra.b		~+16

CASL_NOUPDATE:
	swap		%d0			# get Dest[31:16]
	movs.w		%d0,(%a0)+		# Dest[31:16] -> DEST
	swap		%d0			# get Dest[15:0]
	movc		%a2,%buscr		# assert LOCKE*
	bra.b		CASL_NOUPDATE2
	bra.b		~+16

CASL_NOUPDATE2:
	movs.w		%d0,(%a0)		# Dest[15:0] -> DEST+0x2
	movc		%a3,%buscr		# unlock the bus
	bra.b		casl_noupdate_done
	nop
	nop
	bra.b		~+16

CASL_FILLER:
	nop
	nop
	nop
	nop
	nop
	nop
	nop
	bra.b		CASL_START

#################################################################
# THIS MUST BE THE STATE OF THE INTEGER REGISTER FILE UPON	#
# CALLING _isp_cas_finish().					#
#								#
# D0 = destination[31:0] operand				#
# D1 = 'xxxxxx11 -> no reg update; 'xxxxxx00 -> update required	#
# D2 = xxxxxxxx							#
# D3 = xxxxxxxx							#
# D4 = compare[31:0] operand					#
# D5 = xxxxxxxx							#
# D6 = xxxxxxxx							#
# D7 = xxxxxxxx							#
# A0 = xxxxxxxx							#
# A1 = xxxxxxxx							#
# A2 = xxxxxxxx							#
# A3 = xxxxxxxx							#
# A4 = xxxxxxxx							#
# A5 = xxxxxxxx							#
# A6 = frame pointer						#
# A7 = stack pointer						#
#################################################################

casl_noupdate_done:

# restore previous SFC/DFC value.
	movc		%d6,%sfc		# restore old SFC
	movc		%d6,%dfc		# restore old DFC

# restore previous interrupt mask level.
	mov.w		%d7,%sr			# restore old SR

	sf		%d1			# indicate no update was done
	bra.l		_isp_cas_finish

casl_update_done:

# restore previous SFC/DFC value.
	movc		%d6,%sfc		# restore old SFC
	movc		%d6,%dfc		# restore old DFC

# restore previous interrupts mask level.
	mov.w		%d7,%sr			# restore old SR

	st		%d1			# indicate update was done
	bra.l		_isp_cas_finish

#######################################
casl2:
	mov.l		%d2,%d5			# d5 = Update[7:0]
	lsr.l		&0x8,%d2
	mov.l		%d2,%d3			# d3 = Update[23:8]
	swap		%d2			# d2 = Update[31:24]

# mask interrupts levels 0-6. save old mask value.
	mov.w		%sr,%d7			# save current SR
	ori.w		&0x0700,%sr		# inhibit interrupts

# load the SFC and DFC with the appropriate mode.
	movc		%sfc,%d6		# save old SFC/DFC
	movc		%d0,%sfc		# load new sfc
	movc		%d0,%dfc		# load new dfc

# pre-load the operand ATC. no page faults should occur here because
# _real_lock_page() should have taken care of this already.
	plpaw		(%a1)			# load atc for ADDR
	plpaw		(%a2)			# load atc for ADDR+3

# puch the operand lines from the cache if they exist.
	cpushl		%dc,(%a1)		# push dirty data
	cpushl		%dc,(%a2)		# push dirty data

# load the BUSCR values.
	mov.l		&0x80000000,%a1		# assert LOCK* buscr value
	mov.l		&0xa0000000,%a2		# assert LOCKE* buscr value
	mov.l		&0x00000000,%a3		# buscr unlock value

# pre-load the instruction cache for the following algorithm.
# this will minimize the number of cycles that LOCK* will be asserted.
	bra.b		CASL2_ENTER		# start pre-loading icache

#
# D0 = dst operand <-
# D1 = xxxxxxxx
# D2 = update[31:24] operand
# D3 = update[23:8]  operand
# D4 = compare[31:0] operand
# D5 = update[7:0]  operand
# D6 = old SFC/DFC
# D7 = old SR
# A0 = ADDR
# A1 = bus LOCK*  value
# A2 = bus LOCKE* value
# A3 = bus unlock value
# A4 = xxxxxxxx
# A5 = xxxxxxxx
#
	align		0x10
CASL2_START:
	movc		%a1,%buscr		# assert LOCK*
	movs.l		(%a0),%d0		# fetch Dest[31:0]
	cmp.l		%d0,%d4			# Dest - Compare
	bne.b		CASL2_NOUPDATE
	bra.b		CASL2_UPDATE
CASL2_ENTER:
	bra.b		~+16

CASL2_UPDATE:
	movs.b		%d2,(%a0)+		# Update[31:24] -> DEST
	movs.w		%d3,(%a0)+		# Update[23:8] -> DEST+0x1
	movc		%a2,%buscr		# assert LOCKE*
	bra.b		CASL2_UPDATE2
	bra.b		~+16

CASL2_UPDATE2:
	movs.b		%d5,(%a0)		# Update[7:0] -> DEST+0x3
	movc		%a3,%buscr		# unlock the bus
	bra.w		casl_update_done
	nop
	bra.b		~+16

CASL2_NOUPDATE:
	rol.l		&0x8,%d0		# get Dest[31:24]
	movs.b		%d0,(%a0)+		# Dest[31:24] -> DEST
	swap		%d0			# get Dest[23:8]
	movs.w		%d0,(%a0)+		# Dest[23:8] -> DEST+0x1
	bra.b		CASL2_NOUPDATE2
	bra.b		~+16

CASL2_NOUPDATE2:
	rol.l		&0x8,%d0		# get Dest[7:0]
	movc		%a2,%buscr		# assert LOCKE*
	movs.b		%d0,(%a0)		# Dest[7:0] -> DEST+0x3
	bra.b		CASL2_NOUPDATE3
	nop
	bra.b		~+16

CASL2_NOUPDATE3:
	movc		%a3,%buscr		# unlock the bus
	bra.w		casl_noupdate_done
	nop
	nop
	nop
	bra.b		~+16

CASL2_FILLER:
	nop
	nop
	nop
	nop
	nop
	nop
	nop
	bra.b		CASL2_START

####
####
# end label used by _isp_cas_inrange()
	global		_CASHI
_CASHI: