[apple/xnu.git] / osfmk / ppc / Emulate64.s

/*
 * Copyright (c) 2002 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */ 																							

/* Emulate64.s
 *
 * Software emulation of instructions not handled in hw, on 64-bit machines.
 */
 
#include <sys/appleapiopts.h>
#include <cpus.h>
#include <ppc/asm.h>
#include <ppc/proc_reg.h>
#include <ppc/exception.h>
#include <mach/machine/vm_param.h>
#include <ppc/cpu_capabilities.h>
#include <assym.s>

// CR bit set if the instruction is an "update" form (LFDU, STWU, etc):
#define	kUpdate	25

// CR bit set if interrupt occured in trace mode (ie, MSR_SE_BIT):
#define kTrace	8

// CR bit set if notification on alignment interrupts is requested (notifyUnalignbit in spcFlags):
#define	kNotify	9

// CR bit distinguishes between alignment and program exceptions:
#define	kAlignment	10


// *************************************
// * P R O G R A M   I N T E R R U P T *
// *************************************
//
// These are floating pt exceptions, illegal instructions, privileged mode violations,
// and traps.  All we're interested in at this low level is illegal instructions.
// The ones we "emulate" are:
//		DCBA,  which is not implemented in the IBM 970.  The emulation is to ignore it,
//			   as it is just a hint.
//		MCRXR, which is not implemented on the IBM 970, but is in the PPC ISA.
//
// Additionally, to facilitate debugging the alignment handler, we recognize a special
// diagnostic mode that is used to simulate alignment exceptions.  When in this mode,
// if the instruction has opcode==0 and the extended opcode is one of the X-form
// instructions that can take an alignment interrupt, then we change the opcode to
// 31 and pretend it got an alignment interrupt.  This exercises paths that
// are hard to drive or perhaps never driven on this particular CPU.

        .text
        .globl	EXT(Emulate64)
        .align	5
LEXT(Emulate64)
        crclr	kAlignment						// not an alignment exception
        b		a64AlignAssistJoin				// join alignment handler
        
        
// Return from alignment handler with all the regs loaded for opcode emulation.
        
a64HandleProgramInt:
        rlwinm.	r0,r29,0,SRR1_PRG_ILL_INS_BIT,SRR1_PRG_ILL_INS_BIT	// illegal opcode?
        beq		a64PassAlong					// No, must have been trap or priv violation etc
        rlwinm	r3,r20,6,26,31					// right justify opcode field (bits 0-5)
        rlwinm	r4,r20,31,22,31					// right justify extended opcode field (bits 21-30)
        cmpwi	cr0,r3,31						// X-form?
        cmpwi	cr1,r4,758						// DCBA?
        cmpwi	cr4,r4,512						// MCRXR?
        crand	cr1_eq,cr0_eq,cr1_eq			// merge the two tests for DCBA
        crand	cr4_eq,cr0_eq,cr4_eq			// and for MCRXR
        beq++	cr1_eq,a64ExitEm				// was DCBA, so ignore
        bne--	cr4_eq,a64NotEmulated			// skip if not MCRXR
        
// Was MCRXR, so emulate.

        ld		r3,savexer(r13)					// get the XER
        lwz		r4,savecr(r13)					// and the CR
        rlwinm	r5,r20,11,27,29					// get (CR# * 4) from instruction
        rlwinm	r6,r3,0,4,31					// zero XER[32-35] (also XER[0-31])
        sld		r4,r4,r5						// move target CR field to bits 32-35
        rlwimi	r4,r3,0,0,3						// move XER[32-35] into CR field
        stw		r6,savexer+4(r13)				// update XER
        srd		r4,r4,r5						// re-position CR
        stw		r4,savecr(r13)					// update CR
        b		a64ExitEm						// done

// Not an opcode we normally emulate.  If in special diagnostic mode and opcode=0,
// emulate as an alignment exception.  This special case is for test software.

a64NotEmulated:
        lwz		r30,dgFlags(0)					// Get the flags
        rlwinm.	r0,r30,0,enaDiagEMb,enaDiagEMb	// Do we want to try to emulate something?
        beq++	a64PassAlong					// No emulation allowed
        cmpwi	r3,0							// opcode==0 ?
        bne		a64PassAlong					// not the special case
        oris	r20,r20,0x7C00					// change opcode to 31
        crset	kAlignment						// say we took alignment exception
        rlwinm	r5,r4,0,26+1,26-1				// mask Update bit (32) out of extended opcode
        rlwinm	r5,r5,0,0,31					// Clean out leftover junk from rlwinm

        cmpwi	r4,1014							// dcbz/dcbz128 ?
        crmove	cr1_eq,cr0_eq
        cmpwi	r5,21							// ldx/ldux ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r5,599							// lfdx/lfdux ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r5,535							// lfsx/lfsux ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r5,343							// lhax/lhaux ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r4,790							// lhbrx ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r5,279							// lhzx/lhzux ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r4,597							// lswi ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r4,533							// lswx ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r5,341							// lwax/lwaux ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r4,534							// lwbrx ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r5,23							// lwz/lwzx ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r5,149							// stdx/stdux ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r5,727							// stfdx/stfdux ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r4,983							// stfiwx ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r5,663							// stfsx/stfsux ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r4,918							// sthbrx ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r5,407							// sthx/sthux ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r4,725							// stswi ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r4,661							// stswx ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r4,662							// stwbrx ?
        cror	cr1_eq,cr0_eq,cr1_eq
        cmpwi	r5,151							// stwx/stwux ?
        cror	cr1_eq,cr0_eq,cr1_eq
        
        beq++	cr1,a64GotInstruction			// it was one of the X-forms we handle
        crclr	kAlignment						// revert to program interrupt
        b		a64PassAlong					// not recognized extended opcode
        

// *****************************************
// * A L I G N M E N T   I N T E R R U P T *
// *****************************************
//
// We get here in exception context, ie with interrupts disabled, translation off, and
// in 64-bit mode, with:
//		r13 = save-area pointer, with general context already saved in it
//		cr6 = feature flags
// We preserve r13 and cr6.  Other GPRs and CRs, the LR and CTR are used.
//
// Current 64-bit processors (GPUL) handle almost all misaligned operations in hardware,
// so this routine usually isn't called very often.  Only floating pt ops that cross a page
// boundary and are not word aligned, and LMW/STMW can take exceptions to cacheable memory.
// However, in contrast to G3 and G4, any misaligned load/store will get an alignment
// interrupt on uncached memory.
//
// We always emulate scalar ops with a series of byte load/stores.  Doing so is no slower
// than LWZ/STW in cases where a scalar op gets an alignment exception.
//
// This routine supports all legal permutations of alignment interrupts occuring in user or
// supervisor mode, 32 or 64-bit addressing, and translation on or off.  We do not emulate
// instructions that go past the end of an address space, such as "LHZ -1(0)"; we just pass
// along the alignment exception rather than wrap around to byte 0.  (Treatment of address
// space wrap is a moot point in Mac OS X, since we do not map either the last page or
// page 0.)
//
// First, check for a few special cases such as virtual machines, etc.

        .globl	EXT(AlignAssist64)
        .align	5
LEXT(AlignAssist64)
        crset	kAlignment								// mark as alignment interrupt

a64AlignAssistJoin:										// join here from program interrupt handler
        mfsprg	r31,0									// get the per_proc data ptr
        mcrf	cr3,cr6									// save feature flags here...
        lwz		r21,spcFlags(r31)						// grab the special flags
        ld		r29,savesrr1(r13)						// get the MSR etc at the fault
        ld		r28,savesrr0(r13)						// get the EA of faulting instruction
        mfmsr	r26										// save MSR at entry
        rlwinm.	r0,r21,0,runningVMbit,runningVMbit		// Are we running a VM?
        lwz		r19,dgFlags(0)							// Get the diagnostics flags
        bne--	a64PassAlong							// yes, let the virtual machine monitor handle


// Set up the MSR shadow regs.  We turn on FP in this routine, and usually set DR and RI
// when accessing user space (the SLB is still set up with all the user space translations.)
// However, if the interrupt occured in the kernel with DR off, we keep it off while
// accessing the "target" address space.  If we set DR to access the target space, we also
// set RI.  The RI bit tells the exception handlers to clear cr0 beq and return if we get an
// exception accessing the user address space.  We are careful to test cr0 beq after every such
// access.  We keep the following "shadows" of the MSR in global regs across this code:
//		r25 = MSR at entry, plus FP and probably DR and RI (used to access target space)
//		r26 = MSR at entry
//		r27 = free
//		r29 = SRR1 (ie, MSR at interrupt)
// Note that EE and IR are always off, and SF is always on in this code.

		rlwinm	r3,r29,0,MSR_DR_BIT,MSR_DR_BIT			// was translation on at fault?
        rlwimi	r3,r3,32-MSR_RI_BIT+MSR_DR_BIT,MSR_RI_BIT,MSR_RI_BIT	// if DR was set, set RI too
        or		r25,r26,r3								// assemble MSR to use accessing target space
        

// Because the DSISR and DAR are either not set or are not to be trusted on some 64-bit
// processors on an alignment interrupt, we must fetch the faulting instruction ourselves,
// then decode/hash the opcode and reconstruct the EA manually.

        mtmsr	r25					// turn on FP and (if it was on at fault) DR and RI
        isync						// wait for it to happen
		cmpw	r0,r0				// turn on beq so we can check for DSIs
        lwz		r20,0(r28)			// fetch faulting instruction, probably with DR on
        bne--	a64RedriveAsISI		// got a DSI trying to fetch it, pretend it was an ISI
        mtmsr	r26					// turn DR back off
        isync						// wait for it to happen


// Set a few flags while we wait for the faulting instruction to arrive from cache.

        rlwinm.	r0,r29,0,MSR_SE_BIT,MSR_SE_BIT				// Were we single stepping?
		stw		r20,savemisc2(r13)	// Save the instruction image in case we notify
        crnot	kTrace,cr0_eq
        rlwinm.	r0,r19,0,enaNotifyEMb,enaNotifyEMb			// Should we notify?
        crnot	kNotify,cr0_eq        


// Hash the intruction into a 5-bit value "AAAAB" used to index the branch table, and a
// 1-bit kUpdate flag, as follows:
Commit	Line	Data
55e303ae A	1	/*
	2	* Copyright (c) 2002 Apple Computer, Inc. All rights reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
	7	*
	8	* This file contains Original Code and/or Modifications of Original Code
	9	* as defined in and that are subject to the Apple Public Source License
	10	* Version 2.0 (the 'License'). You may not use this file except in
	11	* compliance with the License. Please obtain a copy of the License at
	12	* http://www.opensource.apple.com/apsl/ and read it before using this
	13	* file.
	14	*
	15	* The Original Code and all software distributed under the License are
	16	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	17	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	18	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	19	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	20	* Please see the License for the specific language governing rights and
	21	* limitations under the License.
	22	*
	23	* @APPLE_LICENSE_HEADER_END@
	24	*/
	25
	26	/* Emulate64.s
	27	*
	28	* Software emulation of instructions not handled in hw, on 64-bit machines.
	29	*/
	30
	31	#include <sys/appleapiopts.h>
	32	#include <cpus.h>
	33	#include <ppc/asm.h>
	34	#include <ppc/proc_reg.h>
	35	#include <ppc/exception.h>
	36	#include <mach/machine/vm_param.h>
	37	#include <ppc/cpu_capabilities.h>
	38	#include <assym.s>
	39
	40	// CR bit set if the instruction is an "update" form (LFDU, STWU, etc):
	41	#define kUpdate 25
	42
	43	// CR bit set if interrupt occured in trace mode (ie, MSR_SE_BIT):
	44	#define kTrace 8
	45
	46	// CR bit set if notification on alignment interrupts is requested (notifyUnalignbit in spcFlags):
	47	#define kNotify 9
	48
	49	// CR bit distinguishes between alignment and program exceptions:
	50	#define kAlignment 10
	51
	52
	53
	54	// *************************************
	55	// * P R O G R A M I N T E R R U P T *
	56	// *************************************
	57	//
	58	// These are floating pt exceptions, illegal instructions, privileged mode violations,
	59	// and traps. All we're interested in at this low level is illegal instructions.
	60	// The ones we "emulate" are:
	61	// DCBA, which is not implemented in the IBM 970. The emulation is to ignore it,
	62	// as it is just a hint.
	63	// MCRXR, which is not implemented on the IBM 970, but is in the PPC ISA.
	64	//
65	// Additionally, to facilitate debugging the alignment handler, we recognize a special
66	// diagnostic mode that is used to simulate alignment exceptions. When in this mode,
67	// if the instruction has opcode==0 and the extended opcode is one of the X-form
68	// instructions that can take an alignment interrupt, then we change the opcode to
69	// 31 and pretend it got an alignment interrupt. This exercises paths that
70	// are hard to drive or perhaps never driven on this particular CPU.
71
72	.text
73	.globl EXT(Emulate64)
74	.align 5
75	LEXT(Emulate64)
76	crclr kAlignment // not an alignment exception
77	b a64AlignAssistJoin // join alignment handler
78
79
80	// Return from alignment handler with all the regs loaded for opcode emulation.
81
82	a64HandleProgramInt:
83	rlwinm. r0,r29,0,SRR1_PRG_ILL_INS_BIT,SRR1_PRG_ILL_INS_BIT // illegal opcode?
84	beq a64PassAlong // No, must have been trap or priv violation etc
85	rlwinm r3,r20,6,26,31 // right justify opcode field (bits 0-5)
86	rlwinm r4,r20,31,22,31 // right justify extended opcode field (bits 21-30)
87	cmpwi cr0,r3,31 // X-form?
88	cmpwi cr1,r4,758 // DCBA?
89	cmpwi cr4,r4,512 // MCRXR?
90	crand cr1_eq,cr0_eq,cr1_eq // merge the two tests for DCBA
91	crand cr4_eq,cr0_eq,cr4_eq // and for MCRXR
92	beq++ cr1_eq,a64ExitEm // was DCBA, so ignore
93	bne-- cr4_eq,a64NotEmulated // skip if not MCRXR
94
95	// Was MCRXR, so emulate.
96
97	ld r3,savexer(r13) // get the XER
98	lwz r4,savecr(r13) // and the CR
99	rlwinm r5,r20,11,27,29 // get (CR# * 4) from instruction
100	rlwinm r6,r3,0,4,31 // zero XER[32-35] (also XER[0-31])
101	sld r4,r4,r5 // move target CR field to bits 32-35
102	rlwimi r4,r3,0,0,3 // move XER[32-35] into CR field
103	stw r6,savexer+4(r13) // update XER
104	srd r4,r4,r5 // re-position CR
105	stw r4,savecr(r13) // update CR
106	b a64ExitEm // done
107
108	// Not an opcode we normally emulate. If in special diagnostic mode and opcode=0,
109	// emulate as an alignment exception. This special case is for test software.
110
111	a64NotEmulated:
112	lwz r30,dgFlags(0) // Get the flags
113	rlwinm. r0,r30,0,enaDiagEMb,enaDiagEMb // Do we want to try to emulate something?
114	beq++ a64PassAlong // No emulation allowed
115	cmpwi r3,0 // opcode==0 ?
116	bne a64PassAlong // not the special case
117	oris r20,r20,0x7C00 // change opcode to 31
118	crset kAlignment // say we took alignment exception
119	rlwinm r5,r4,0,26+1,26-1 // mask Update bit (32) out of extended opcode
120	rlwinm r5,r5,0,0,31 // Clean out leftover junk from rlwinm
121
122	cmpwi r4,1014 // dcbz/dcbz128 ?
123	crmove cr1_eq,cr0_eq
124	cmpwi r5,21 // ldx/ldux ?
125	cror cr1_eq,cr0_eq,cr1_eq
126	cmpwi r5,599 // lfdx/lfdux ?
127	cror cr1_eq,cr0_eq,cr1_eq
128	cmpwi r5,535 // lfsx/lfsux ?
129	cror cr1_eq,cr0_eq,cr1_eq
130	cmpwi r5,343 // lhax/lhaux ?
131	cror cr1_eq,cr0_eq,cr1_eq
132	cmpwi r4,790 // lhbrx ?
133	cror cr1_eq,cr0_eq,cr1_eq
134	cmpwi r5,279 // lhzx/lhzux ?
135	cror cr1_eq,cr0_eq,cr1_eq
136	cmpwi r4,597 // lswi ?
137	cror cr1_eq,cr0_eq,cr1_eq
138	cmpwi r4,533 // lswx ?
139	cror cr1_eq,cr0_eq,cr1_eq
140	cmpwi r5,341 // lwax/lwaux ?
141	cror cr1_eq,cr0_eq,cr1_eq
142	cmpwi r4,534 // lwbrx ?
143	cror cr1_eq,cr0_eq,cr1_eq
144	cmpwi r5,23 // lwz/lwzx ?
145	cror cr1_eq,cr0_eq,cr1_eq
146	cmpwi r5,149 // stdx/stdux ?
147	cror cr1_eq,cr0_eq,cr1_eq
148	cmpwi r5,727 // stfdx/stfdux ?
149	cror cr1_eq,cr0_eq,cr1_eq
150	cmpwi r4,983 // stfiwx ?
151	cror cr1_eq,cr0_eq,cr1_eq
152	cmpwi r5,663 // stfsx/stfsux ?
153	cror cr1_eq,cr0_eq,cr1_eq
154	cmpwi r4,918 // sthbrx ?
155	cror cr1_eq,cr0_eq,cr1_eq
156	cmpwi r5,407 // sthx/sthux ?
157	cror cr1_eq,cr0_eq,cr1_eq
158	cmpwi r4,725 // stswi ?
159	cror cr1_eq,cr0_eq,cr1_eq
160	cmpwi r4,661 // stswx ?
161	cror cr1_eq,cr0_eq,cr1_eq
162	cmpwi r4,662 // stwbrx ?
163	cror cr1_eq,cr0_eq,cr1_eq
164	cmpwi r5,151 // stwx/stwux ?
165	cror cr1_eq,cr0_eq,cr1_eq
166
167	beq++ cr1,a64GotInstruction // it was one of the X-forms we handle
168	crclr kAlignment // revert to program interrupt
169	b a64PassAlong // not recognized extended opcode
170
171
172	// *****************************************
173	// * A L I G N M E N T I N T E R R U P T *
174	// *****************************************
175	//
176	// We get here in exception context, ie with interrupts disabled, translation off, and
177	// in 64-bit mode, with:
178	// r13 = save-area pointer, with general context already saved in it
179	// cr6 = feature flags
180	// We preserve r13 and cr6. Other GPRs and CRs, the LR and CTR are used.
181	//
182	// Current 64-bit processors (GPUL) handle almost all misaligned operations in hardware,
183	// so this routine usually isn't called very often. Only floating pt ops that cross a page
184	// boundary and are not word aligned, and LMW/STMW can take exceptions to cacheable memory.
185	// However, in contrast to G3 and G4, any misaligned load/store will get an alignment
186	// interrupt on uncached memory.
187	//
188	// We always emulate scalar ops with a series of byte load/stores. Doing so is no slower
189	// than LWZ/STW in cases where a scalar op gets an alignment exception.
190	//
191	// This routine supports all legal permutations of alignment interrupts occuring in user or
192	// supervisor mode, 32 or 64-bit addressing, and translation on or off. We do not emulate
193	// instructions that go past the end of an address space, such as "LHZ -1(0)"; we just pass
194	// along the alignment exception rather than wrap around to byte 0. (Treatment of address
195	// space wrap is a moot point in Mac OS X, since we do not map either the last page or
196	// page 0.)
197	//
198	// First, check for a few special cases such as virtual machines, etc.
199
200	.globl EXT(AlignAssist64)
201	.align 5
202	LEXT(AlignAssist64)
203	crset kAlignment // mark as alignment interrupt
204
205	a64AlignAssistJoin: // join here from program interrupt handler
206	mfsprg r31,0 // get the per_proc data ptr
207	mcrf cr3,cr6 // save feature flags here...
208	lwz r21,spcFlags(r31) // grab the special flags
209	ld r29,savesrr1(r13) // get the MSR etc at the fault
210	ld r28,savesrr0(r13) // get the EA of faulting instruction
211	mfmsr r26 // save MSR at entry
212	rlwinm. r0,r21,0,runningVMbit,runningVMbit // Are we running a VM?
213	lwz r19,dgFlags(0) // Get the diagnostics flags
214	bne-- a64PassAlong // yes, let the virtual machine monitor handle
215
216
217	// Set up the MSR shadow regs. We turn on FP in this routine, and usually set DR and RI
218	// when accessing user space (the SLB is still set up with all the user space translations.)
219	// However, if the interrupt occured in the kernel with DR off, we keep it off while
220	// accessing the "target" address space. If we set DR to access the target space, we also
221	// set RI. The RI bit tells the exception handlers to clear cr0 beq and return if we get an
222	// exception accessing the user address space. We are careful to test cr0 beq after every such
223	// access. We keep the following "shadows" of the MSR in global regs across this code:
224	// r25 = MSR at entry, plus FP and probably DR and RI (used to access target space)
225	// r26 = MSR at entry
226	// r27 = free
227	// r29 = SRR1 (ie, MSR at interrupt)
228	// Note that EE and IR are always off, and SF is always on in this code.
229
230	rlwinm r3,r29,0,MSR_DR_BIT,MSR_DR_BIT // was translation on at fault?
231	rlwimi r3,r3,32-MSR_RI_BIT+MSR_DR_BIT,MSR_RI_BIT,MSR_RI_BIT // if DR was set, set RI too
232	or r25,r26,r3 // assemble MSR to use accessing target space
233
234
235	// Because the DSISR and DAR are either not set or are not to be trusted on some 64-bit
236	// processors on an alignment interrupt, we must fetch the faulting instruction ourselves,
237	// then decode/hash the opcode and reconstruct the EA manually.
238
239	mtmsr r25 // turn on FP and (if it was on at fault) DR and RI
240	isync // wait for it to happen
241	cmpw r0,r0 // turn on beq so we can check for DSIs
242	lwz r20,0(r28) // fetch faulting instruction, probably with DR on
243	bne-- a64RedriveAsISI // got a DSI trying to fetch it, pretend it was an ISI
244	mtmsr r26 // turn DR back off
245	isync // wait for it to happen
246
247
248	// Set a few flags while we wait for the faulting instruction to arrive from cache.
249
250	rlwinm. r0,r29,0,MSR_SE_BIT,MSR_SE_BIT // Were we single stepping?
251	stw r20,savemisc2(r13) // Save the instruction image in case we notify
252	crnot kTrace,cr0_eq
253	rlwinm. r0,r19,0,enaNotifyEMb,enaNotifyEMb // Should we notify?
254	crnot kNotify,cr0_eq
255
256
257	// Hash the intruction into a 5-bit value "AAAAB" used to index the branch table, and a
258	// 1-bit kUpdate flag, as follows:
259