18 files changed, 2375 insertions, 281 deletions
diff --git a/src/jit/bc.lua b/src/jit/bc.lua
index 4b384012..f1a63b9c 100644
--- a/src/jit/bc.lua
+++ b/src/jit/bc.lua
@@ -178,13 +178,12 @@ local function bcliston(outfile)
 end
 -- Public module functions.
-module(...)
+return {
+  line = bcline,
-line = bcline
+  dump = bcdump,
-dump = bcdump
+  targets = bctargets,
-targets = bctargets
+  on = bcliston,
+  off = bclistoff,
-on = bcliston
+  start = bcliston -- For -j command line option.
-off = bclistoff
+}
-start = bcliston -- For -j command line option.
diff --git a/src/jit/bcsave.lua b/src/jit/bcsave.lua
index 55fae993..390d297c 100644
--- a/src/jit/bcsave.lua
+++ b/src/jit/bcsave.lua
@@ -11,12 +11,16 @@
 ------------------------------------------------------------------------------
 local jit = require("jit")
-assert(jit.version_num == 20099, "LuaJIT core/library version mismatch")
+assert(jit.version_num == 20199, "LuaJIT core/library version mismatch")
 local bit = require("bit")
 -- Symbol name prefix for LuaJIT bytecode.
 local LJBC_PREFIX = "luaJIT_BC_"
+local type, assert = type, assert
+local format = string.format
+local tremove, tconcat = table.remove, table.concat
 ------------------------------------------------------------------------------
 local function usage()
@@ -29,11 +33,12 @@ Save LuaJIT bytecode: luajit -b[options] input output
  -t type   Set output file type (default: auto-detect from output name).
  -a arch   Override architecture for object files (default: native).
  -o os     Override OS for object files (default: native).
+  -F name   Override filename (default: input filename).
  -e chunk  Use chunk string as input.
  --        Stop handling options.
  -         Use stdin as input and/or stdout as output.
-File types: c h obj o raw (default)
+File types: c cc h obj o raw (default)
 ]]
  os.exit(1)
 end
@@ -45,10 +50,22 @@ local function check(ok, ...)
  os.exit(1)
 end
-local function readfile(input)
+local function readfile(ctx, input)
  if type(input) == "function" then return input end
-  if input == "-" then input = nil end
+  if ctx.filename then
-  return check(loadfile(input))
+    local data
+    if input == "-" then
+      data = io.stdin:read("*a")
+    else
+      local fp = assert(io.open(input, "rb"))
+      data = assert(fp:read("*a"))
+      assert(fp:close())
+    end
+    return check(load(data, ctx.filename))
+  else
+    if input == "-" then input = nil end
+    return check(loadfile(input))
+  end
 end
 local function savefile(name, mode)
@@ -56,15 +73,30 @@ local function savefile(name, mode)
  return check(io.open(name, mode))
 end
+local function set_stdout_binary(ffi)
+  ffi.cdef[[int _setmode(int fd, int mode);]]
+  ffi.C._setmode(1, 0x8000)
+end
 ------------------------------------------------------------------------------
 local map_type = {
-  raw = "raw", c = "c", h = "h", o = "obj", obj = "obj",
+  raw = "raw", c = "c", cc = "c", h = "h", o = "obj", obj = "obj",
 }
 local map_arch = {
-  x86 = true, x64 = true, arm = true, ppc = true, ppcspe = true,
+  x86 =         { e = "le", b = 32, m = 3, p = 0x14c, },
-  mips = true, mipsel = true,
+  x64 =         { e = "le", b = 64, m = 62, p = 0x8664, },
+  arm =         { e = "le", b = 32, m = 40, p = 0x1c0, },
+  arm64 =       { e = "le", b = 64, m = 183, p = 0xaa64, },
+  arm64be =     { e = "be", b = 64, m = 183, },
+  ppc =         { e = "be", b = 32, m = 20, },
+  mips =        { e = "be", b = 32, m = 8, f = 0x50001006, },
+  mipsel =      { e = "le", b = 32, m = 8, f = 0x50001006, },
+  mips64 =      { e = "be", b = 64, m = 8, f = 0x80000007, },
+  mips64el =    { e = "le", b = 64, m = 8, f = 0x80000007, },
+  mips64r6 =    { e = "be", b = 64, m = 8, f = 0xa0000407, },
+  mips64r6el =  { e = "le", b = 64, m = 8, f = 0xa0000407, },
 }
 local map_os = {
@@ -73,33 +105,33 @@ local map_os = {
 }
 local function checkarg(str, map, err)
-  str = string.lower(str)
+  str = str:lower()
  local s = check(map[str], "unknown ", err)
-  return s == true and str or s
+  return type(s) == "string" and s or str
 end
 local function detecttype(str)
-  local ext = string.match(string.lower(str), "%.(%a+)$")
+  local ext = str:lower():match("%.(%a+)$")
  return map_type[ext] or "raw"
 end
 local function checkmodname(str)
-  check(string.match(str, "^[%w_.%-]+$"), "bad module name")
+  check(str:match("^[%w_.%-]+$"), "bad module name")
-  return string.gsub(str, "[%.%-]", "_")
+  return str:gsub("[%.%-]", "_")
 end
 local function detectmodname(str)
  if type(str) == "string" then
-    local tail = string.match(str, "[^/\\]+$")
+    local tail = str:match("[^/\\]+$")
    if tail then str = tail end
-    local head = string.match(str, "^(.*)%.[^.]*$")
+    local head = str:match("^(.*)%.[^.]*$")
    if head then str = head end
-    str = string.match(str, "^[%w_.%-]+")
+    str = str:match("^[%w_.%-]+")
  else
    str = nil
  end
  check(str, "cannot derive module name, use -n name")
-  return string.gsub(str, "[%.%-]", "_")
+  return str:gsub("[%.%-]", "_")
 end
 ------------------------------------------------------------------------------
@@ -111,6 +143,11 @@ local function bcsave_tail(fp, output, s)
 end
 local function bcsave_raw(output, s)
+  if output == "-" and jit.os == "Windows" then
+    local ok, ffi = pcall(require, "ffi")
+    check(ok, "FFI library required to write binary file to stdout")
+    set_stdout_binary(ffi)
+  end
  local fp = savefile(output, "wb")
  bcsave_tail(fp, output, s)
 end
@@ -118,19 +155,19 @@ end
 local function bcsave_c(ctx, output, s)
  local fp = savefile(output, "w")
  if ctx.type == "c" then
-    fp:write(string.format([[
+    fp:write(format([[
 #ifdef __cplusplus
 extern "C"
 #endif
 #ifdef _WIN32
 __declspec(dllexport)
 #endif
-const char %s%s[] = {
+const unsigned char %s%s[] = {
 ]], LJBC_PREFIX, ctx.modname))
  else
-    fp:write(string.format([[
+    fp:write(format([[
 #define %s%s_SIZE %d
-static const char %s%s[] = {
+static const unsigned char %s%s[] = {
 ]], LJBC_PREFIX, ctx.modname, #s, LJBC_PREFIX, ctx.modname))
  end
  local t, n, m = {}, 0, 0
@@ -138,13 +175,13 @@ static const char %s%s[] = {
    local b = tostring(string.byte(s, i))
    m = m + #b + 1
    if m > 78 then
-      fp:write(table.concat(t, ",", 1, n), ",\n")
+      fp:write(tconcat(t, ",", 1, n), ",\n")
      n, m = 0, #b + 1
    end
    n = n + 1
    t[n] = b
  end
-  bcsave_tail(fp, output, table.concat(t, ",", 1, n).."\n};\n")
+  bcsave_tail(fp, output, tconcat(t, ",", 1, n).."\n};\n")
 end
 local function bcsave_elfobj(ctx, output, s, ffi)
@@ -199,12 +236,8 @@ typedef struct {
 } ELF64obj;
 ]]
  local symname = LJBC_PREFIX..ctx.modname
-  local is64, isbe = false, false
+  local ai = assert(map_arch[ctx.arch])
-  if ctx.arch == "x64" then
+  local is64, isbe = ai.b == 64, ai.e == "be"
-    is64 = true
-  elseif ctx.arch == "ppc" or ctx.arch == "ppcspe" or ctx.arch == "mips" then
-    isbe = true
-  end
  -- Handle different host/target endianess.
  local function f32(x) return x end
@@ -237,10 +270,8 @@ typedef struct {
  hdr.eendian = isbe and 2 or 1
  hdr.eversion = 1
  hdr.type = f16(1)
-  hdr.machine = f16(({ x86=3, x64=62, arm=40, ppc=20, ppcspe=20, mips=8, mipsel=8 })[ctx.arch])
+  hdr.machine = f16(ai.m)
-  if ctx.arch == "mips" or ctx.arch == "mipsel" then
+  hdr.flags = f32(ai.f or 0)
-    hdr.flags = f32(0x50001006)
-  end
  hdr.version = f32(1)
  hdr.shofs = fofs(ffi.offsetof(o, "sect"))
  hdr.ehsize = f16(ffi.sizeof(hdr))
@@ -336,12 +367,8 @@ typedef struct {
 } PEobj;
 ]]
  local symname = LJBC_PREFIX..ctx.modname
-  local is64 = false
+  local ai = assert(map_arch[ctx.arch])
-  if ctx.arch == "x86" then
+  local is64 = ai.b == 64
-    symname = "_"..symname
-  elseif ctx.arch == "x64" then
-    is64 = true
-  end
  local symexport = "   /EXPORT:"..symname..",DATA "
  -- The file format is always little-endian. Swap if the host is big-endian.
@@ -355,7 +382,7 @@ typedef struct {
  -- Create PE object and fill in header.
  local o = ffi.new("PEobj")
  local hdr = o.hdr
-  hdr.arch = f16(({ x86=0x14c, x64=0x8664, arm=0x1c0, ppc=0x1f2, mips=0x366, mipsel=0x366 })[ctx.arch])
+  hdr.arch = f16(assert(ai.p))
  hdr.nsects = f16(2)
  hdr.symtabofs = f32(ffi.offsetof(o, "sym0"))
  hdr.nsyms = f32(6)
@@ -442,18 +469,18 @@ typedef struct {
  uint32_t value;
 } mach_nlist;
 typedef struct {
-  uint32_t strx;
+  int32_t strx;
  uint8_t type, sect;
  uint16_t desc;
  uint64_t value;
 } mach_nlist_64;
 typedef struct
 {
-  uint32_t magic, nfat_arch;
+  int32_t magic, nfat_arch;
 } mach_fat_header;
 typedef struct
 {
-  uint32_t cputype, cpusubtype, offset, size, align;
+  int32_t cputype, cpusubtype, offset, size, align;
 } mach_fat_arch;
 typedef struct {
  struct {
@@ -477,16 +504,28 @@ typedef struct {
 } mach_obj_64;
 typedef struct {
  mach_fat_header fat;
-  mach_fat_arch fat_arch[4];
+  mach_fat_arch fat_arch[2];
  struct {
    mach_header hdr;
    mach_segment_command seg;
    mach_section sec;
    mach_symtab_command sym;
-  } arch[4];
+  } arch[2];
  mach_nlist sym_entry;
  uint8_t space[4096];
 } mach_fat_obj;
+typedef struct {
+  mach_fat_header fat;
+  mach_fat_arch fat_arch[2];
+  struct {
+    mach_header_64 hdr;
+    mach_segment_command_64 seg;
+    mach_section_64 sec;
+    mach_symtab_command sym;
+  } arch[2];
+  mach_nlist_64 sym_entry;
+  uint8_t space[4096];
+} mach_fat_obj_64;
 ]]
  local symname = '_'..LJBC_PREFIX..ctx.modname
  local isfat, is64, align, mobj = false, false, 4, "mach_obj"
@@ -494,6 +533,8 @@ typedef struct {
    is64, align, mobj = true, 8, "mach_obj_64"
  elseif ctx.arch == "arm" then
    isfat, mobj = true, "mach_fat_obj"
+  elseif ctx.arch == "arm64" then
+    is64, align, isfat, mobj = true, 8, true, "mach_fat_obj_64"
  else
    check(ctx.arch == "x86", "unsupported architecture for OSX")
  end
@@ -503,8 +544,8 @@ typedef struct {
  -- Create Mach-O object and fill in header.
  local o = ffi.new(mobj)
  local mach_size = aligned(ffi.offsetof(o, "space")+#symname+2, align)
-  local cputype = ({ x86={7}, x64={0x01000007}, arm={7,12,12,12} })[ctx.arch]
+  local cputype = ({ x86={7}, x64={0x01000007}, arm={7,12}, arm64={0x01000007,0x0100000c} })[ctx.arch]
-  local cpusubtype = ({ x86={3}, x64={3}, arm={3,6,9,11} })[ctx.arch]
+  local cpusubtype = ({ x86={3}, x64={3}, arm={3,9}, arm64={3,0} })[ctx.arch]
  if isfat then
    o.fat.magic = be32(0xcafebabe)
    o.fat.nfat_arch = be32(#cpusubtype)
@@ -562,6 +603,9 @@ end
 local function bcsave_obj(ctx, output, s)
  local ok, ffi = pcall(require, "ffi")
  check(ok, "FFI library required to write this file type")
+  if output == "-" and jit.os == "Windows" then
+    set_stdout_binary(ffi)
+  end
  if ctx.os == "windows" then
    return bcsave_peobj(ctx, output, s, ffi)
  elseif ctx.os == "osx" then
@@ -573,13 +617,13 @@ end
 ------------------------------------------------------------------------------
-local function bclist(input, output)
+local function bclist(ctx, input, output)
-  local f = readfile(input)
+  local f = readfile(ctx, input)
  require("jit.bc").dump(f, savefile(output, "w"), true)
 end
 local function bcsave(ctx, input, output)
-  local f = readfile(input)
+  local f = readfile(ctx, input)
  local s = string.dump(f, ctx.strip)
  local t = ctx.type
  if not t then
@@ -603,16 +647,16 @@ local function docmd(...)
  local n = 1
  local list = false
  local ctx = {
-    strip = true, arch = jit.arch, os = string.lower(jit.os),
+    strip = true, arch = jit.arch, os = jit.os:lower(),
    type = false, modname = false,
  }
  while n <= #arg do
    local a = arg[n]
-    if type(a) == "string" and string.sub(a, 1, 1) == "-" and a ~= "-" then
+    if type(a) == "string" and a:sub(1, 1) == "-" and a ~= "-" then
-      table.remove(arg, n)
+      tremove(arg, n)
      if a == "--" then break end
      for m=2,#a do
-        local opt = string.sub(a, m, m)
+        local opt = a:sub(m, m)
        if opt == "l" then
          list = true
        elseif opt == "s" then
@@ -625,13 +669,15 @@ local function docmd(...)
            if n ~= 1 then usage() end
            arg[1] = check(loadstring(arg[1]))
          elseif opt == "n" then
-            ctx.modname = checkmodname(table.remove(arg, n))
+            ctx.modname = checkmodname(tremove(arg, n))
          elseif opt == "t" then
-            ctx.type = checkarg(table.remove(arg, n), map_type, "file type")
+            ctx.type = checkarg(tremove(arg, n), map_type, "file type")
          elseif opt == "a" then
-            ctx.arch = checkarg(table.remove(arg, n), map_arch, "architecture")
+            ctx.arch = checkarg(tremove(arg, n), map_arch, "architecture")
          elseif opt == "o" then
-            ctx.os = checkarg(table.remove(arg, n), map_os, "OS name")
+            ctx.os = checkarg(tremove(arg, n), map_os, "OS name")
+          elseif opt == "F" then
+            ctx.filename = "@"..tremove(arg, n)
          else
            usage()
          end
@@ -643,7 +689,7 @@ local function docmd(...)
  end
  if list then
    if #arg == 0 or #arg > 2 then usage() end
-    bclist(arg[1], arg[2] or "-")
+    bclist(ctx, arg[1], arg[2] or "-")
  else
    if #arg ~= 2 then usage() end
    bcsave(ctx, arg[1], arg[2])
@@ -653,7 +699,7 @@ end
 ------------------------------------------------------------------------------
 -- Public module functions.
-module(...)
+return {
+  start = docmd -- Process -b command line option.
-start = docmd -- Process -b command line option.
+}
diff --git a/src/jit/dis_arm.lua b/src/jit/dis_arm.lua
index 4db85306..a7546a45 100644
--- a/src/jit/dis_arm.lua
+++ b/src/jit/dis_arm.lua
@@ -658,7 +658,7 @@ local function disass_block(ctx, ofs, len)
 end
 -- Extended API: create a disassembler context. Then call ctx:disass(ofs, len).
-local function create_(code, addr, out)
+local function create(code, addr, out)
  local ctx = {}
  ctx.code = code
  ctx.addr = addr or 0
@@ -670,20 +670,20 @@ local function create_(code, addr, out)
 end
 -- Simple API: disassemble code (a string) at address and output via out.
-local function disass_(code, addr, out)
+local function disass(code, addr, out)
-  create_(code, addr, out):disass()
+  create(code, addr, out):disass()
 end
 -- Return register name for RID.
-local function regname_(r)
+local function regname(r)
  if r < 16 then return map_gpr[r] end
  return "d"..(r-16)
 end
 -- Public module functions.
-module(...)
+return {
+  create = create,
-create = create_
+  disass = disass,
-disass = disass_
+  regname = regname
-regname = regname_
+}
diff --git a/src/jit/dis_arm64.lua b/src/jit/dis_arm64.lua
new file mode 100644
index 00000000..84677666
--- /dev/null
+++ b/src/jit/dis_arm64.lua
@@ -0,0 +1,1207 @@
+----------------------------------------------------------------------------
+-- LuaJIT ARM64 disassembler module.
+--
+-- Copyright (C) 2005-2023 Mike Pall. All rights reserved.
+-- Released under the MIT license. See Copyright Notice in luajit.h
+--
+-- Contributed by Djordje Kovacevic and Stefan Pejic from RT-RK.com.
+-- Sponsored by Cisco Systems, Inc.
+----------------------------------------------------------------------------
+-- This is a helper module used by the LuaJIT machine code dumper module.
+--
+-- It disassembles most user-mode AArch64 instructions.
+-- NYI: Advanced SIMD and VFP instructions.
+------------------------------------------------------------------------------
+local type = type
+local sub, byte, format = string.sub, string.byte, string.format
+local match, gmatch, gsub = string.match, string.gmatch, string.gsub
+local concat = table.concat
+local bit = require("bit")
+local band, bor, bxor, tohex = bit.band, bit.bor, bit.bxor, bit.tohex
+local lshift, rshift, arshift = bit.lshift, bit.rshift, bit.arshift
+local ror = bit.ror
+------------------------------------------------------------------------------
+-- Opcode maps
+------------------------------------------------------------------------------
+local map_adr = { -- PC-relative addressing.
+  shift = 31, mask = 1,
+  [0] = "adrDBx", "adrpDBx"
+}
+local map_addsubi = { -- Add/subtract immediate.
+  shift = 29, mask = 3,
+  [0] = "add|movDNIg", "adds|cmnD0NIg", "subDNIg", "subs|cmpD0NIg",
+}
+local map_logi = { -- Logical immediate.
+  shift = 31, mask = 1,
+  [0] = {
+    shift = 22, mask = 1,
+    [0] = {
+      shift = 29, mask = 3,
+      [0] = "andDNig", "orr|movDN0ig", "eorDNig", "ands|tstD0Nig"
+    },
+    false -- unallocated
+  },
+  {
+    shift = 29, mask = 3,
+    [0] = "andDNig", "orr|movDN0ig", "eorDNig", "ands|tstD0Nig"
+  }
+}
+local map_movwi = { -- Move wide immediate.
+  shift = 31, mask = 1,
+  [0] = {
+    shift = 22, mask = 1,
+    [0] = {
+      shift = 29, mask = 3,
+      [0] = "movnDWRg", false, "movz|movDYRg", "movkDWRg"
+    }, false -- unallocated
+  },
+  {
+    shift = 29, mask = 3,
+    [0] = "movnDWRg", false, "movz|movDYRg", "movkDWRg"
+  },
+}
+local map_bitf = { -- Bitfield.
+  shift = 31, mask = 1,
+  [0] = {
+    shift = 22, mask = 1,
+    [0] = {
+      shift = 29, mask = 3,
+      [0] = "sbfm|sbfiz|sbfx|asr|sxtw|sxth|sxtbDN12w",
+      "bfm|bfi|bfxilDN13w",
+      "ubfm|ubfiz|ubfx|lsr|lsl|uxth|uxtbDN12w"
+    }
+  },
+  {
+    shift = 22, mask = 1,
+    {
+      shift = 29, mask = 3,
+      [0] = "sbfm|sbfiz|sbfx|asr|sxtw|sxth|sxtbDN12x",
+      "bfm|bfi|bfxilDN13x",
+      "ubfm|ubfiz|ubfx|lsr|lsl|uxth|uxtbDN12x"
+    }
+  }
+}
+local map_datai = { -- Data processing - immediate.
+  shift = 23, mask = 7,
+  [0] = map_adr, map_adr, map_addsubi, false,
+  map_logi, map_movwi, map_bitf,
+  {
+    shift = 15, mask = 0x1c0c1,
+    [0] = "extr|rorDNM4w", [0x10080] = "extr|rorDNM4x",
+    [0x10081] = "extr|rorDNM4x"
+  }
+}
+local map_logsr = { -- Logical, shifted register.
+  shift = 31, mask = 1,
+  [0] = {
+    shift = 15, mask = 1,
+    [0] = {
+      shift = 29, mask = 3,
+      [0] = {
+        shift = 21, mask = 1,
+        [0] = "andDNMSg", "bicDNMSg"
+      },
+      {
+        shift = 21, mask = 1,
+        [0] = "orr|movDN0MSg", "orn|mvnDN0MSg"
+      },
+      {
+        shift = 21, mask = 1,
+        [0] = "eorDNMSg", "eonDNMSg"
+      },
+      {
+        shift = 21, mask = 1,
+        [0] = "ands|tstD0NMSg", "bicsDNMSg"
+      }
+    },
+    false -- unallocated
+  },
+  {
+    shift = 29, mask = 3,
+    [0] = {
+      shift = 21, mask = 1,
+      [0] = "andDNMSg", "bicDNMSg"
+    },
+    {
+      shift = 21, mask = 1,
+      [0] = "orr|movDN0MSg", "orn|mvnDN0MSg"
+    },
+    {
+      shift = 21, mask = 1,
+      [0] = "eorDNMSg", "eonDNMSg"
+    },
+    {
+      shift = 21, mask = 1,
+      [0] = "ands|tstD0NMSg", "bicsDNMSg"
+    }
+  }
+}
+local map_assh = {
+  shift = 31, mask = 1,
+  [0] = {
+    shift = 15, mask = 1,
+    [0] = {
+      shift = 29, mask = 3,
+      [0] = {
+        shift = 22, mask = 3,
+        [0] = "addDNMSg", "addDNMSg", "addDNMSg", "addDNMg"
+      },
+      {
+        shift = 22, mask = 3,
+        [0] = "adds|cmnD0NMSg", "adds|cmnD0NMSg",
+              "adds|cmnD0NMSg", "adds|cmnD0NMg"
+      },
+      {
+        shift = 22, mask = 3,
+        [0] = "sub|negDN0MSg", "sub|negDN0MSg", "sub|negDN0MSg", "sub|negDN0Mg"
+      },
+      {
+        shift = 22, mask = 3,
+        [0] = "subs|cmp|negsD0N0MzSg", "subs|cmp|negsD0N0MzSg",
+              "subs|cmp|negsD0N0MzSg", "subs|cmp|negsD0N0Mzg"
+      },
+    },
+    false -- unallocated
+  },
+  {
+    shift = 29, mask = 3,
+    [0] = {
+      shift = 22, mask = 3,
+      [0] = "addDNMSg", "addDNMSg", "addDNMSg", "addDNMg"
+    },
+    {
+      shift = 22, mask = 3,
+      [0] = "adds|cmnD0NMSg", "adds|cmnD0NMSg", "adds|cmnD0NMSg",
+            "adds|cmnD0NMg"
+    },
+    {
+      shift = 22, mask = 3,
+      [0] = "sub|negDN0MSg", "sub|negDN0MSg", "sub|negDN0MSg", "sub|negDN0Mg"
+    },
+    {
+      shift = 22, mask = 3,
+      [0] = "subs|cmp|negsD0N0MzSg", "subs|cmp|negsD0N0MzSg",
+            "subs|cmp|negsD0N0MzSg", "subs|cmp|negsD0N0Mzg"
+    }
+  }
+}
+local map_addsubsh = { -- Add/subtract, shifted register.
+  shift = 22, mask = 3,
+  [0] = map_assh, map_assh, map_assh
+}
+local map_addsubex = { -- Add/subtract, extended register.
+  shift = 22, mask = 3,
+  [0] = {
+    shift = 29, mask = 3,
+    [0] = "addDNMXg", "adds|cmnD0NMXg", "subDNMXg", "subs|cmpD0NMzXg",
+  }
+}
+local map_addsubc = { -- Add/subtract, with carry.
+  shift = 10, mask = 63,
+  [0] = {
+    shift = 29, mask = 3,
+    [0] = "adcDNMg", "adcsDNMg", "sbc|ngcDN0Mg", "sbcs|ngcsDN0Mg",
+  }
+}
+local map_ccomp = {
+  shift = 4, mask = 1,
+  [0] = {
+    shift = 10, mask = 3,
+    [0] = { -- Conditional compare register.
+      shift = 29, mask = 3,
+      "ccmnNMVCg", false, "ccmpNMVCg",
+    },
+    [2] = {  -- Conditional compare immediate.
+      shift = 29, mask = 3,
+      "ccmnN5VCg", false, "ccmpN5VCg",
+    }
+  }
+}
+local map_csel = { -- Conditional select.
+  shift = 11, mask = 1,
+  [0] = {
+    shift = 10, mask = 1,
+    [0] = {
+      shift = 29, mask = 3,
+      [0] = "cselDNMzCg", false, "csinv|cinv|csetmDNMcg", false,
+    },
+    {
+      shift = 29, mask = 3,
+      [0] = "csinc|cinc|csetDNMcg", false, "csneg|cnegDNMcg", false,
+    }
+  }
+}
+local map_data1s = { -- Data processing, 1 source.
+  shift = 29, mask = 1,
+  [0] = {
+    shift = 31, mask = 1,
+    [0] = {
+      shift = 10, mask = 0x7ff,
+      [0] = "rbitDNg", "rev16DNg", "revDNw", false, "clzDNg", "clsDNg"
+    },
+    {
+      shift = 10, mask = 0x7ff,
+      [0] = "rbitDNg", "rev16DNg", "rev32DNx", "revDNx", "clzDNg", "clsDNg"
+    }
+  }
+}
+local map_data2s = { -- Data processing, 2 sources.
+  shift = 29, mask = 1,
+  [0] = {
+    shift = 10, mask = 63,
+    false, "udivDNMg", "sdivDNMg", false, false, false, false, "lslDNMg",
+    "lsrDNMg", "asrDNMg", "rorDNMg"
+  }
+}
+local map_data3s = { -- Data processing, 3 sources.
+  shift = 29, mask = 7,
+  [0] = {
+    shift = 21, mask = 7,
+    [0] = {
+      shift = 15, mask = 1,
+      [0] = "madd|mulDNMA0g", "msub|mnegDNMA0g"
+    }
+  }, false, false, false,
+  {
+    shift = 15, mask = 1,
+    [0] = {
+      shift = 21, mask = 7,
+      [0] = "madd|mulDNMA0g", "smaddl|smullDxNMwA0x", "smulhDNMx", false,
+      false, "umaddl|umullDxNMwA0x", "umulhDNMx"
+    },
+    {
+      shift = 21, mask = 7,
+      [0] = "msub|mnegDNMA0g", "smsubl|smneglDxNMwA0x", false, false,
+      false, "umsubl|umneglDxNMwA0x"
+    }
+  }
+}
+local map_datar = { -- Data processing, register.
+  shift = 28, mask = 1,
+  [0] = {
+    shift = 24, mask = 1,
+    [0] = map_logsr,
+    {
+      shift = 21, mask = 1,
+      [0] = map_addsubsh, map_addsubex
+    }
+  },
+  {
+    shift = 21, mask = 15,
+    [0] = map_addsubc, false, map_ccomp, false, map_csel, false,
+    {
+      shift = 30, mask = 1,
+      [0] = map_data2s, map_data1s
+    },
+    false, map_data3s, map_data3s, map_data3s, map_data3s, map_data3s,
+    map_data3s, map_data3s, map_data3s
+  }
+}
+local map_lrl = { -- Load register, literal.
+  shift = 26, mask = 1,
+  [0] = {
+    shift = 30, mask = 3,
+    [0] = "ldrDwB", "ldrDxB", "ldrswDxB"
+  },
+  {
+    shift = 30, mask = 3,
+    [0] = "ldrDsB", "ldrDdB"
+  }
+}
+local map_lsriind = { -- Load/store register, immediate pre/post-indexed.
+  shift = 30, mask = 3,
+  [0] = {
+    shift = 26, mask = 1,
+    [0] = {
+      shift = 22, mask = 3,
+      [0] = "strbDwzL", "ldrbDwzL", "ldrsbDxzL", "ldrsbDwzL"
+    }
+  },
+  {
+    shift = 26, mask = 1,
+    [0] = {
+      shift = 22, mask = 3,
+      [0] = "strhDwzL", "ldrhDwzL", "ldrshDxzL", "ldrshDwzL"
+    }
+  },
+  {
+    shift = 26, mask = 1,
+    [0] = {
+      shift = 22, mask = 3,
+      [0] = "strDwzL", "ldrDwzL", "ldrswDxzL"
+    },
+    {
+      shift = 22, mask = 3,
+      [0] = "strDszL", "ldrDszL"
+    }
+  },
+  {
+    shift = 26, mask = 1,
+    [0] = {
+      shift = 22, mask = 3,
+      [0] = "strDxzL", "ldrDxzL"
+    },
+    {
+      shift = 22, mask = 3,
+      [0] = "strDdzL", "ldrDdzL"
+    }
+  }
+}
+local map_lsriro = {
+  shift = 21, mask = 1,
+  [0] = {  -- Load/store register immediate.
+    shift = 10, mask = 3,
+    [0] = { -- Unscaled immediate.
+      shift = 26, mask = 1,
+      [0] = {
+        shift = 30, mask = 3,
+        [0] = {
+          shift = 22, mask = 3,
+          [0] = "sturbDwK", "ldurbDwK"
+        },
+        {
+          shift = 22, mask = 3,
+          [0] = "sturhDwK", "ldurhDwK"
+        },
+        {
+          shift = 22, mask = 3,
+          [0] = "sturDwK", "ldurDwK"
+        },
+        {
+          shift = 22, mask = 3,
+          [0] = "sturDxK", "ldurDxK"
+        }
+      }
+    }, map_lsriind, false, map_lsriind
+  },
+  {  -- Load/store register, register offset.
+    shift = 10, mask = 3,
+    [2] = {
+      shift = 26, mask = 1,
+      [0] = {
+        shift = 30, mask = 3,
+        [0] = {
+          shift = 22, mask = 3,
+          [0] = "strbDwO", "ldrbDwO", "ldrsbDxO", "ldrsbDwO"
+        },
+        {
+          shift = 22, mask = 3,
+          [0] = "strhDwO", "ldrhDwO", "ldrshDxO", "ldrshDwO"
+        },
+        {
+          shift = 22, mask = 3,
+          [0] = "strDwO", "ldrDwO", "ldrswDxO"
+        },
+        {
+          shift = 22, mask = 3,
+          [0] = "strDxO", "ldrDxO"
+        }
+      },
+      {
+        shift = 30, mask = 3,
+        [2] = {
+          shift = 22, mask = 3,
+          [0] = "strDsO", "ldrDsO"
+        },
+        [3] = {
+          shift = 22, mask = 3,
+          [0] = "strDdO", "ldrDdO"
+        }
+      }
+    }
+  }
+}
+local map_lsp = { -- Load/store register pair, offset.
+  shift = 22, mask = 1,
+  [0] = {
+    shift = 30, mask = 3,
+    [0] = {
+      shift = 26, mask = 1,
+      [0] = "stpDzAzwP", "stpDzAzsP",
+    },
+    {
+      shift = 26, mask = 1,
+      "stpDzAzdP"
+    },
+    {
+      shift = 26, mask = 1,
+      [0] = "stpDzAzxP"
+    }
+  },
+  {
+    shift = 30, mask = 3,
+    [0] = {
+      shift = 26, mask = 1,
+      [0] = "ldpDzAzwP", "ldpDzAzsP",
+    },
+    {
+      shift = 26, mask = 1,
+      [0] = "ldpswDAxP", "ldpDzAzdP"
+    },
+    {
+      shift = 26, mask = 1,
+      [0] = "ldpDzAzxP"
+    }
+  }
+}
+local map_ls = { -- Loads and stores.
+  shift = 24, mask = 0x31,
+  [0x10] = map_lrl, [0x30] = map_lsriro,
+  [0x20] = {
+    shift = 23, mask = 3,
+    map_lsp, map_lsp, map_lsp
+  },
+  [0x21] = {
+    shift = 23, mask = 3,
+    map_lsp, map_lsp, map_lsp
+  },
+  [0x31] = {
+    shift = 26, mask = 1,
+    [0] = {
+      shift = 30, mask = 3,
+      [0] = {
+        shift = 22, mask = 3,
+        [0] = "strbDwzU", "ldrbDwzU"
+      },
+      {
+        shift = 22, mask = 3,
+        [0] = "strhDwzU", "ldrhDwzU"
+      },
+      {
+        shift = 22, mask = 3,
+        [0] = "strDwzU", "ldrDwzU"
+      },
+      {
+        shift = 22, mask = 3,
+        [0] = "strDxzU", "ldrDxzU"
+      }
+    },
+    {
+      shift = 30, mask = 3,
+      [2] = {
+        shift = 22, mask = 3,
+        [0] = "strDszU", "ldrDszU"
+      },
+      [3] = {
+        shift = 22, mask = 3,
+        [0] = "strDdzU", "ldrDdzU"
+      }
+    }
+  },
+}
+local map_datafp = { -- Data processing, SIMD and FP.
+  shift = 28, mask = 7,
+  { -- 001
+    shift = 24, mask = 1,
+    [0] = {
+      shift = 21, mask = 1,
+      {
+        shift = 10, mask = 3,
+        [0] = {
+          shift = 12, mask = 1,
+          [0] = {
+            shift = 13, mask = 1,
+            [0] = {
+              shift = 14, mask = 1,
+              [0] = {
+                shift = 15, mask = 1,
+                [0] = { -- FP/int conversion.
+                  shift = 31, mask = 1,
+                  [0] = {
+                    shift = 16, mask = 0xff,
+                    [0x20] = "fcvtnsDwNs", [0x21] = "fcvtnuDwNs",
+                    [0x22] = "scvtfDsNw", [0x23] = "ucvtfDsNw",
+                    [0x24] = "fcvtasDwNs", [0x25] = "fcvtauDwNs",
+                    [0x26] = "fmovDwNs", [0x27] = "fmovDsNw",
+                    [0x28] = "fcvtpsDwNs", [0x29] = "fcvtpuDwNs",
+                    [0x30] = "fcvtmsDwNs", [0x31] = "fcvtmuDwNs",
+                    [0x38] = "fcvtzsDwNs", [0x39] = "fcvtzuDwNs",
+                    [0x60] = "fcvtnsDwNd", [0x61] = "fcvtnuDwNd",
+                    [0x62] = "scvtfDdNw", [0x63] = "ucvtfDdNw",
+                    [0x64] = "fcvtasDwNd", [0x65] = "fcvtauDwNd",
+                    [0x68] = "fcvtpsDwNd", [0x69] = "fcvtpuDwNd",
+                    [0x70] = "fcvtmsDwNd", [0x71] = "fcvtmuDwNd",
+                    [0x78] = "fcvtzsDwNd", [0x79] = "fcvtzuDwNd"
+                  },
+                  {
+                    shift = 16, mask = 0xff,
+                    [0x20] = "fcvtnsDxNs", [0x21] = "fcvtnuDxNs",
+                    [0x22] = "scvtfDsNx", [0x23] = "ucvtfDsNx",
+                    [0x24] = "fcvtasDxNs", [0x25] = "fcvtauDxNs",
+                    [0x28] = "fcvtpsDxNs", [0x29] = "fcvtpuDxNs",
+                    [0x30] = "fcvtmsDxNs", [0x31] = "fcvtmuDxNs",
+                    [0x38] = "fcvtzsDxNs", [0x39] = "fcvtzuDxNs",
+                    [0x60] = "fcvtnsDxNd", [0x61] = "fcvtnuDxNd",
+                    [0x62] = "scvtfDdNx", [0x63] = "ucvtfDdNx",
+                    [0x64] = "fcvtasDxNd", [0x65] = "fcvtauDxNd",
+                    [0x66] = "fmovDxNd", [0x67] = "fmovDdNx",
+                    [0x68] = "fcvtpsDxNd", [0x69] = "fcvtpuDxNd",
+                    [0x70] = "fcvtmsDxNd", [0x71] = "fcvtmuDxNd",
+                    [0x78] = "fcvtzsDxNd", [0x79] = "fcvtzuDxNd"
+                  }
+                }
+              },
+              { -- FP data-processing, 1 source.
+                shift = 31, mask = 1,
+                [0] = {
+                  shift = 22, mask = 3,
+                  [0] = {
+                    shift = 15, mask = 63,
+                    [0] = "fmovDNf", "fabsDNf", "fnegDNf",
+                    "fsqrtDNf", false, "fcvtDdNs", false, false,
+                    "frintnDNf", "frintpDNf", "frintmDNf", "frintzDNf",
+                    "frintaDNf", false, "frintxDNf", "frintiDNf",
+                  },
+                  {
+                    shift = 15, mask = 63,
+                    [0] = "fmovDNf", "fabsDNf", "fnegDNf",
+                    "fsqrtDNf", "fcvtDsNd", false, false, false,
+                    "frintnDNf", "frintpDNf", "frintmDNf", "frintzDNf",
+                    "frintaDNf", false, "frintxDNf", "frintiDNf",
+                  }
+                }
+              }
+            },
+            { -- FP compare.
+              shift = 31, mask = 1,
+              [0] = {
+                shift = 14, mask = 3,
+                [0] = {
+                  shift = 23, mask = 1,
+                  [0] = {
+                    shift = 0, mask = 31,
+                    [0] = "fcmpNMf", [8] = "fcmpNZf",
+                    [16] = "fcmpeNMf", [24] = "fcmpeNZf",
+                  }
+                }
+              }
+            }
+          },
+          { -- FP immediate.
+            shift = 31, mask = 1,
+            [0] = {
+              shift = 5, mask = 31,
+              [0] = {
+                shift = 23, mask = 1,
+                [0] = "fmovDFf"
+              }
+            }
+          }
+        },
+        { -- FP conditional compare.
+          shift = 31, mask = 1,
+          [0] = {
+            shift = 23, mask = 1,
+            [0] = {
+              shift = 4, mask = 1,
+              [0] = "fccmpNMVCf", "fccmpeNMVCf"
+            }
+          }
+        },
+        { -- FP data-processing, 2 sources.
+          shift = 31, mask = 1,
+          [0] = {
+            shift = 23, mask = 1,
+            [0] = {
+              shift = 12, mask = 15,
+              [0] = "fmulDNMf", "fdivDNMf", "faddDNMf", "fsubDNMf",
+              "fmaxDNMf", "fminDNMf", "fmaxnmDNMf", "fminnmDNMf",
+              "fnmulDNMf"
+            }
+          }
+        },
+        { -- FP conditional select.
+          shift = 31, mask = 1,
+          [0] = {
+            shift = 23, mask = 1,
+            [0] = "fcselDNMCf"
+          }
+        }
+      }
+    },
+    { -- FP data-processing, 3 sources.
+      shift = 31, mask = 1,
+      [0] = {
+        shift = 15, mask = 1,
+        [0] = {
+          shift = 21, mask = 5,
+          [0] = "fmaddDNMAf", "fnmaddDNMAf"
+        },
+        {
+          shift = 21, mask = 5,
+          [0] = "fmsubDNMAf", "fnmsubDNMAf"
+        }
+      }
+    }
+  }
+}
+local map_br = { -- Branches, exception generating and system instructions.
+  shift = 29, mask = 7,
+  [0] = "bB",
+  { -- Compare & branch, immediate.
+    shift = 24, mask = 3,
+    [0] = "cbzDBg", "cbnzDBg", "tbzDTBw", "tbnzDTBw"
+  },
+  { -- Conditional branch, immediate.
+    shift = 24, mask = 3,
+    [0] = {
+      shift = 4, mask = 1,
+      [0] = {
+        shift = 0, mask = 15,
+        [0] = "beqB", "bneB", "bhsB", "bloB", "bmiB", "bplB", "bvsB", "bvcB",
+        "bhiB", "blsB", "bgeB", "bltB", "bgtB", "bleB", "balB"
+      }
+    }
+  }, false, "blB",
+  { -- Compare & branch, immediate.
+    shift = 24, mask = 3,
+    [0] = "cbzDBg", "cbnzDBg", "tbzDTBx", "tbnzDTBx"
+  },
+  {
+    shift = 24, mask = 3,
+    [0] = { -- Exception generation.
+      shift = 0, mask = 0xe0001f,
+      [0x200000] = "brkW"
+    },
+    { -- System instructions.
+      shift = 0, mask = 0x3fffff,
+      [0x03201f] = "nop"
+    },
+    { -- Unconditional branch, register.
+      shift = 0, mask = 0xfffc1f,
+      [0x1f0000] = "brNx", [0x3f0000] = "blrNx",
+      [0x5f0000] = "retNx"
+    },
+  }
+}
+local map_init = {
+  shift = 25, mask = 15,
+  [0] = false, false, false, false, map_ls, map_datar, map_ls, map_datafp,
+  map_datai, map_datai, map_br, map_br, map_ls, map_datar, map_ls, map_datafp
+}
+------------------------------------------------------------------------------
+local map_regs = { x = {}, w = {}, d = {}, s = {} }
+for i=0,30 do
+  map_regs.x[i] = "x"..i
+  map_regs.w[i] = "w"..i
+  map_regs.d[i] = "d"..i
+  map_regs.s[i] = "s"..i
+end
+map_regs.x[31] = "sp"
+map_regs.w[31] = "wsp"
+map_regs.d[31] = "d31"
+map_regs.s[31] = "s31"
+local map_cond = {
+  [0] = "eq", "ne", "cs", "cc", "mi", "pl", "vs", "vc",
+  "hi", "ls", "ge", "lt", "gt", "le", "al",
+}
+local map_shift = { [0] = "lsl", "lsr", "asr", "ror"}
+local map_extend = {
+  [0] = "uxtb", "uxth", "uxtw", "uxtx", "sxtb", "sxth", "sxtw", "sxtx",
+}
+------------------------------------------------------------------------------
+-- Output a nicely formatted line with an opcode and operands.
+local function putop(ctx, text, operands)
+  local pos = ctx.pos
+  local extra = ""
+  if ctx.rel then
+    local sym = ctx.symtab[ctx.rel]
+    if sym then
+      extra = "\t->"..sym
+    end
+  end
+  if ctx.hexdump > 0 then
+    ctx.out(format("%08x  %s  %-5s %s%s\n",
+      ctx.addr+pos, tohex(ctx.op), text, concat(operands, ", "), extra))
+  else
+    ctx.out(format("%08x  %-5s %s%s\n",
+      ctx.addr+pos, text, concat(operands, ", "), extra))
+  end
+  ctx.pos = pos + 4
+end
+-- Fallback for unknown opcodes.
+local function unknown(ctx)
+  return putop(ctx, ".long", { "0x"..tohex(ctx.op) })
+end
+local function match_reg(p, pat, regnum)
+  return map_regs[match(pat, p.."%w-([xwds])")][regnum]
+end
+local function fmt_hex32(x)
+  if x < 0 then
+    return tohex(x)
+  else
+    return format("%x", x)
+  end
+end
+local imm13_rep = { 0x55555555, 0x11111111, 0x01010101, 0x00010001, 0x00000001 }
+local function decode_imm13(op)
+  local imms = band(rshift(op, 10), 63)
+  local immr = band(rshift(op, 16), 63)
+  if band(op, 0x00400000) == 0 then
+    local len = 5
+    if imms >= 56 then
+      if imms >= 60 then len = 1 else len = 2 end
+    elseif imms >= 48 then len = 3 elseif imms >= 32 then len = 4 end
+    local l = lshift(1, len)-1
+    local s = band(imms, l)
+    local r = band(immr, l)
+    local imm = ror(rshift(-1, 31-s), r)
+    if len ~= 5 then imm = band(imm, lshift(1, l)-1) + rshift(imm, 31-l) end
+    imm = imm * imm13_rep[len]
+    local ix = fmt_hex32(imm)
+    if rshift(op, 31) ~= 0 then
+      return ix..tohex(imm)
+    else
+      return ix
+    end
+  else
+    local lo, hi = -1, 0
+    if imms < 32 then lo = rshift(-1, 31-imms) else hi = rshift(-1, 63-imms) end
+    if immr ~= 0 then
+      lo, hi = ror(lo, immr), ror(hi, immr)
+      local x = immr == 32 and 0 or band(bxor(lo, hi), lshift(-1, 32-immr))
+      lo, hi = bxor(lo, x), bxor(hi, x)
+      if immr >= 32 then lo, hi = hi, lo end
+    end
+    if hi ~= 0 then
+      return fmt_hex32(hi)..tohex(lo)
+    else
+      return fmt_hex32(lo)
+    end
+  end
+end
+local function parse_immpc(op, name)
+  if name == "b" or name == "bl" then
+    return arshift(lshift(op, 6), 4)
+  elseif name == "adr" or name == "adrp" then
+    local immlo = band(rshift(op, 29), 3)
+    local immhi = lshift(arshift(lshift(op, 8), 13), 2)
+    return bor(immhi, immlo)
+  elseif name == "tbz" or name == "tbnz" then
+    return lshift(arshift(lshift(op, 13), 18), 2)
+  else
+    return lshift(arshift(lshift(op, 8), 13), 2)
+  end
+end
+local function parse_fpimm8(op)
+  local sign = band(op, 0x100000) == 0 and 1 or -1
+  local exp = bxor(rshift(arshift(lshift(op, 12), 5), 24), 0x80) - 131
+  local frac = 16+band(rshift(op, 13), 15)
+  return sign * frac * 2^exp
+end
+local function prefer_bfx(sf, uns, imms, immr)
+  if imms < immr or imms == 31 or imms == 63 then
+    return false
+  end
+  if immr == 0 then
+    if sf == 0 and (imms == 7 or imms == 15) then
+      return false
+    end
+    if sf ~= 0 and uns == 0 and (imms == 7 or imms == 15 or imms == 31) then
+      return false
+    end
+  end
+  return true
+end
+-- Disassemble a single instruction.
+local function disass_ins(ctx)
+  local pos = ctx.pos
+  local b0, b1, b2, b3 = byte(ctx.code, pos+1, pos+4)
+  local op = bor(lshift(b3, 24), lshift(b2, 16), lshift(b1, 8), b0)
+  local operands = {}
+  local suffix = ""
+  local last, name, pat
+  local map_reg
+  ctx.op = op
+  ctx.rel = nil
+  last = nil
+  local opat
+  opat = map_init[band(rshift(op, 25), 15)]
+  while type(opat) ~= "string" do
+    if not opat then return unknown(ctx) end
+    opat = opat[band(rshift(op, opat.shift), opat.mask)] or opat._
+  end
+  name, pat = match(opat, "^([a-z0-9]*)(.*)")
+  local altname, pat2 = match(pat, "|([a-z0-9_.|]*)(.*)")
+  if altname then pat = pat2 end
+  if sub(pat, 1, 1) == "." then
+    local s2, p2 = match(pat, "^([a-z0-9.]*)(.*)")
+    suffix = suffix..s2
+    pat = p2
+  end
+  local rt = match(pat, "[gf]")
+  if rt then
+    if rt == "g" then
+      map_reg = band(op, 0x80000000) ~= 0 and map_regs.x or map_regs.w
+    else
+      map_reg = band(op, 0x400000) ~= 0 and map_regs.d or map_regs.s
+    end
+  end
+  local second0, immr
+  for p in gmatch(pat, ".") do
+    local x = nil
+    if p == "D" then
+      local regnum = band(op, 31)
+      x = rt and map_reg[regnum] or match_reg(p, pat, regnum)
+    elseif p == "N" then
+      local regnum = band(rshift(op, 5), 31)
+      x = rt and map_reg[regnum] or match_reg(p, pat, regnum)
+    elseif p == "M" then
+      local regnum = band(rshift(op, 16), 31)
+      x = rt and map_reg[regnum] or match_reg(p, pat, regnum)
+    elseif p == "A" then
+      local regnum = band(rshift(op, 10), 31)
+      x = rt and map_reg[regnum] or match_reg(p, pat, regnum)
+    elseif p == "B" then
+      local addr = ctx.addr + pos + parse_immpc(op, name)
+      ctx.rel = addr
+      x = "0x"..tohex(addr)
+    elseif p == "T" then
+      x = bor(band(rshift(op, 26), 32), band(rshift(op, 19), 31))
+    elseif p == "V" then
+      x = band(op, 15)
+    elseif p == "C" then
+      x = map_cond[band(rshift(op, 12), 15)]
+    elseif p == "c" then
+      local rn = band(rshift(op, 5), 31)
+      local rm = band(rshift(op, 16), 31)
+      local cond = band(rshift(op, 12), 15)
+      local invc = bxor(cond, 1)
+      x = map_cond[cond]
+      if altname and cond ~= 14 and cond ~= 15 then
+        local a1, a2 = match(altname, "([^|]*)|(.*)")
+        if rn == rm then
+          local n = #operands
+          operands[n] = nil
+          x = map_cond[invc]
+          if rn ~= 31 then
+            if a1 then name = a1 else name = altname end
+          else
+            operands[n-1] = nil
+            name = a2
+          end
+        end
+      end
+    elseif p == "W" then
+      x = band(rshift(op, 5), 0xffff)
+    elseif p == "Y" then
+      x = band(rshift(op, 5), 0xffff)
+      local hw = band(rshift(op, 21), 3)
+      if altname and (hw == 0 or x ~= 0) then
+        name = altname
+      end
+    elseif p == "L" then
+      local rn = map_regs.x[band(rshift(op, 5), 31)]
+      local imm9 = arshift(lshift(op, 11), 23)
+      if band(op, 0x800) ~= 0 then
+        x = "["..rn..", #"..imm9.."]!"
+      else
+        x = "["..rn.."], #"..imm9
+      end
+    elseif p == "U" then
+      local rn = map_regs.x[band(rshift(op, 5), 31)]
+      local sz = band(rshift(op, 30), 3)
+      local imm12 = lshift(rshift(lshift(op, 10), 20), sz)
+      if imm12 ~= 0 then
+        x = "["..rn..", #"..imm12.."]"
+      else
+        x = "["..rn.."]"
+      end
+    elseif p == "K" then
+      local rn = map_regs.x[band(rshift(op, 5), 31)]
+      local imm9 = arshift(lshift(op, 11), 23)
+      if imm9 ~= 0 then
+        x = "["..rn..", #"..imm9.."]"
+      else
+        x = "["..rn.."]"
+      end
+    elseif p == "O" then
+      local rn, rm = map_regs.x[band(rshift(op, 5), 31)]
+      local m = band(rshift(op, 13), 1)
+      if m == 0 then
+        rm = map_regs.w[band(rshift(op, 16), 31)]
+      else
+        rm = map_regs.x[band(rshift(op, 16), 31)]
+      end
+      x = "["..rn..", "..rm
+      local opt = band(rshift(op, 13), 7)
+      local s = band(rshift(op, 12), 1)
+      local sz = band(rshift(op, 30), 3)
+      -- extension to be applied
+      if opt == 3 then
+       if s == 0 then x = x.."]"
+       else x = x..", lsl #"..sz.."]" end
+      elseif opt == 2 or opt == 6 or opt == 7 then
+        if s == 0 then x = x..", "..map_extend[opt].."]"
+        else x = x..", "..map_extend[opt].." #"..sz.."]" end
+      else
+        x = x.."]"
+      end
+    elseif p == "P" then
+      local sh = 2 + rshift(op, 31 - band(rshift(op, 26), 1))
+      local imm7 = lshift(arshift(lshift(op, 10), 25), sh)
+      local rn = map_regs.x[band(rshift(op, 5), 31)]
+      local ind = band(rshift(op, 23), 3)
+      if ind == 1 then
+        x = "["..rn.."], #"..imm7
+      elseif ind == 2 then
+        if imm7 == 0 then
+          x = "["..rn.."]"
+        else
+          x = "["..rn..", #"..imm7.."]"
+        end
+      elseif ind == 3 then
+        x = "["..rn..", #"..imm7.."]!"
+      end
+    elseif p == "I" then
+      local shf = band(rshift(op, 22), 3)
+      local imm12 = band(rshift(op, 10), 0x0fff)
+      local rn, rd = band(rshift(op, 5), 31), band(op, 31)
+      if altname == "mov" and shf == 0 and imm12 == 0 and (rn == 31 or rd == 31) then
+        name = altname
+        x = nil
+      elseif shf == 0 then
+        x = imm12
+      elseif shf == 1 then
+        x = imm12..", lsl #12"
+      end
+    elseif p == "i" then
+      x = "#0x"..decode_imm13(op)
+    elseif p == "1" then
+      immr = band(rshift(op, 16), 63)
+      x = immr
+    elseif p == "2" then
+      x = band(rshift(op, 10), 63)
+      if altname then
+        local a1, a2, a3, a4, a5, a6 =
+          match(altname, "([^|]*)|([^|]*)|([^|]*)|([^|]*)|([^|]*)|(.*)")
+        local sf = band(rshift(op, 26), 32)
+        local uns = band(rshift(op, 30), 1)
+        if prefer_bfx(sf, uns, x, immr) then
+          name = a2
+          x = x - immr + 1
+        elseif immr == 0 and x == 7 then
+          local n = #operands
+          operands[n] = nil
+          if sf ~= 0 then
+            operands[n-1] = gsub(operands[n-1], "x", "w")
+          end
+          last = operands[n-1]
+          name = a6
+          x = nil
+        elseif immr == 0 and x == 15 then
+          local n = #operands
+          operands[n] = nil
+          if sf ~= 0 then
+            operands[n-1] = gsub(operands[n-1], "x", "w")
+          end
+          last = operands[n-1]
+          name = a5
+          x = nil
+        elseif x == 31 or x == 63 then
+          if x == 31 and immr == 0 and name == "sbfm" then
+            name = a4
+            local n = #operands
+            operands[n] = nil
+            if sf ~= 0 then
+              operands[n-1] = gsub(operands[n-1], "x", "w")
+            end
+            last = operands[n-1]
+          else
+            name = a3
+          end
+          x = nil
+        elseif band(x, 31) ~= 31 and immr == x+1 and name == "ubfm" then
+          name = a4
+          last = "#"..(sf+32 - immr)
+          operands[#operands] = last
+          x = nil
+        elseif x < immr then
+          name = a1
+          last = "#"..(sf+32 - immr)
+          operands[#operands] = last
+          x = x + 1
+        end
+      end
+    elseif p == "3" then
+      x = band(rshift(op, 10), 63)
+      if altname then
+        local a1, a2 = match(altname, "([^|]*)|(.*)")
+        if x < immr then
+          name = a1
+          local sf = band(rshift(op, 26), 32)
+          last = "#"..(sf+32 - immr)
+          operands[#operands] = last
+          x = x + 1
+        else
+          name = a2
+          x = x - immr + 1
+        end
+      end
+    elseif p == "4" then
+      x = band(rshift(op, 10), 63)
+      local rn = band(rshift(op, 5), 31)
+      local rm = band(rshift(op, 16), 31)
+      if altname and rn == rm then
+        local n = #operands
+        operands[n] = nil
+        last = operands[n-1]
+        name = altname
+      end
+    elseif p == "5" then
+      x = band(rshift(op, 16), 31)
+    elseif p == "S" then
+      x = band(rshift(op, 10), 63)
+      if x == 0 then x = nil
+      else x = map_shift[band(rshift(op, 22), 3)].." #"..x end
+    elseif p == "X" then
+      local opt = band(rshift(op, 13), 7)
+      -- Width specifier <R>.
+      if opt ~= 3 and opt ~= 7 then
+        last = map_regs.w[band(rshift(op, 16), 31)]
+        operands[#operands] = last
+      end
+      x = band(rshift(op, 10), 7)
+      -- Extension.
+      if opt == 2 + band(rshift(op, 31), 1) and
+         band(rshift(op, second0 and 5 or 0), 31) == 31 then
+        if x == 0 then x = nil
+        else x = "lsl #"..x end
+      else
+        if x == 0 then x = map_extend[band(rshift(op, 13), 7)]
+        else x = map_extend[band(rshift(op, 13), 7)].." #"..x end
+      end
+    elseif p == "R" then
+      x = band(rshift(op,21), 3)
+      if x == 0 then x = nil
+      else x = "lsl #"..x*16 end
+    elseif p == "z" then
+      local n = #operands
+      if operands[n] == "sp" then operands[n] = "xzr"
+      elseif operands[n] == "wsp" then operands[n] = "wzr"
+      end
+    elseif p == "Z" then
+      x = 0
+    elseif p == "F" then
+      x = parse_fpimm8(op)
+    elseif p == "g" or p == "f" or p == "x" or p == "w" or
+           p == "d" or p == "s" then
+      -- These are handled in D/N/M/A.
+    elseif p == "0" then
+      if last == "sp" or last == "wsp" then
+        local n = #operands
+        operands[n] = nil
+        last = operands[n-1]
+        if altname then
+          local a1, a2 = match(altname, "([^|]*)|(.*)")
+          if not a1 then
+            name = altname
+          elseif second0 then
+            name, altname = a2, a1
+          else
+            name, altname = a1, a2
+          end
+        end
+      end
+      second0 = true
+    else
+      assert(false)
+    end
+    if x then
+      last = x
+      if type(x) == "number" then x = "#"..x end
+      operands[#operands+1] = x
+    end
+  end
+  return putop(ctx, name..suffix, operands)
+end
+------------------------------------------------------------------------------
+-- Disassemble a block of code.
+local function disass_block(ctx, ofs, len)
+  if not ofs then ofs = 0 end
+  local stop = len and ofs+len or #ctx.code
+  ctx.pos = ofs
+  ctx.rel = nil
+  while ctx.pos < stop do disass_ins(ctx) end
+end
+-- Extended API: create a disassembler context. Then call ctx:disass(ofs, len).
+local function create(code, addr, out)
+  local ctx = {}
+  ctx.code = code
+  ctx.addr = addr or 0
+  ctx.out = out or io.write
+  ctx.symtab = {}
+  ctx.disass = disass_block
+  ctx.hexdump = 8
+  return ctx
+end
+-- Simple API: disassemble code (a string) at address and output via out.
+local function disass(code, addr, out)
+  create(code, addr, out):disass()
+end
+-- Return register name for RID.
+local function regname(r)
+  if r < 32 then return map_regs.x[r] end
+  return map_regs.d[r-32]
+end
+-- Public module functions.
+return {
+  create = create,
+  disass = disass,
+  regname = regname
+}
diff --git a/src/jit/dis_arm64be.lua b/src/jit/dis_arm64be.lua
new file mode 100644
index 00000000..f7a56352
--- /dev/null
+++ b/src/jit/dis_arm64be.lua
@@ -0,0 +1,12 @@
+----------------------------------------------------------------------------
+-- LuaJIT ARM64BE disassembler wrapper module.
+--
+-- Copyright (C) 2005-2023 Mike Pall. All rights reserved.
+-- Released under the MIT license. See Copyright Notice in luajit.h
+----------------------------------------------------------------------------
+-- ARM64 instructions are always little-endian. So just forward to the
+-- common ARM64 disassembler module. All the interesting stuff is there.
+------------------------------------------------------------------------------
+return require((string.match(..., ".*%.") or "").."dis_arm64")
diff --git a/src/jit/dis_mips.lua b/src/jit/dis_mips.lua
index ebfed56a..b0e99df4 100644
--- a/src/jit/dis_mips.lua
+++ b/src/jit/dis_mips.lua
@@ -19,13 +19,34 @@ local band, bor, tohex = bit.band, bit.bor, bit.tohex
 local lshift, rshift, arshift = bit.lshift, bit.rshift, bit.arshift
 ------------------------------------------------------------------------------
-- Primary and extended opcode maps
+-- Extended opcode maps common to all MIPS releases
 ------------------------------------------------------------------------------
-local map_movci = { shift = 16, mask = 1, [0] = "movfDSC", "movtDSC", }
 local map_srl = { shift = 21, mask = 1, [0] = "srlDTA", "rotrDTA", }
 local map_srlv = { shift = 6, mask = 1, [0] = "srlvDTS", "rotrvDTS", }
+local map_cop0 = {
+  shift = 25, mask = 1,
+  [0] = {
+    shift = 21, mask = 15,
+    [0] = "mfc0TDW", [4] = "mtc0TDW",
+    [10] = "rdpgprDT",
+    [11] = { shift = 5, mask = 1, [0] = "diT0", "eiT0", },
+    [14] = "wrpgprDT",
+  }, {
+    shift = 0, mask = 63,
+    [1] = "tlbr", [2] = "tlbwi", [6] = "tlbwr", [8] = "tlbp",
+    [24] = "eret", [31] = "deret",
+    [32] = "wait",
+  },
+}
+------------------------------------------------------------------------------
+-- Primary and extended opcode maps for MIPS R1-R5
+------------------------------------------------------------------------------
+local map_movci = { shift = 16, mask = 1, [0] = "movfDSC", "movtDSC", }
 local map_special = {
  shift = 0, mask = 63,
  [0] = { shift = 0, mask = -1, [0] = "nop", _ = "sllDTA" },
@@ -34,15 +55,17 @@ local map_special = {
  "jrS",        "jalrD1S",      "movzDST",      "movnDST",
  "syscallY",   "breakY",       false,          "sync",
  "mfhiD",      "mthiS",        "mfloD",        "mtloS",
-  false,        false,          false,          false,
+  "dsllvDST",   false,          "dsrlvDST",     "dsravDST",
  "multST",     "multuST",      "divST",        "divuST",
-  false,        false,          false,          false,
+  "dmultST",    "dmultuST",     "ddivST",       "ddivuST",
  "addDST",     "addu|moveDST0", "subDST",      "subu|neguDS0T",
-  "andDST",     "orDST",        "xorDST",       "nor|notDST0",
+  "andDST",     "or|moveDST0",  "xorDST",       "nor|notDST0",
  false,        false,          "sltDST",       "sltuDST",
-  false,        false,          false,          false,
+  "daddDST",    "dadduDST",     "dsubDST",      "dsubuDST",
  "tgeSTZ",     "tgeuSTZ",      "tltSTZ",       "tltuSTZ",
-  "teqSTZ",     false,          "tneSTZ",
+  "teqSTZ",     false,          "tneSTZ",       false,
+  "dsllDTA",    false,          "dsrlDTA",      "dsraDTA",
+  "dsll32DTA",  false,          "dsrl32DTA",    "dsra32DTA",
 }
 local map_special2 = {
@@ -60,11 +83,17 @@ local map_bshfl = {
  [24] = "sehDT",
 }
+local map_dbshfl = {
+  shift = 6, mask = 31,
+  [2] = "dsbhDT",
+  [5] = "dshdDT",
+}
 local map_special3 = {
  shift = 0, mask = 63,
-  [0] = "extTSAK", [4] = "insTSAL",
+  [0]  = "extTSAK", [1]  = "dextmTSAP", [3]  = "dextTSAK",
-  [32] = map_bshfl,
+  [4]  = "insTSAL", [6]  = "dinsuTSEQ", [7]  = "dinsTSAL",
-  [59] = "rdhwrTD",
+  [32] = map_bshfl, [36] = map_dbshfl,  [59] = "rdhwrTD",
 }
 local map_regimm = {
@@ -79,22 +108,6 @@ local map_regimm = {
  false,        false,          false,          "synciSO",
 }
-local map_cop0 = {
-  shift = 25, mask = 1,
-  [0] = {
-    shift = 21, mask = 15,
-    [0] = "mfc0TDW", [4] = "mtc0TDW",
-    [10] = "rdpgprDT",
-    [11] = { shift = 5, mask = 1, [0] = "diT0", "eiT0", },
-    [14] = "wrpgprDT",
-  }, {
-    shift = 0, mask = 63,
-    [1] = "tlbr", [2] = "tlbwi", [6] = "tlbwr", [8] = "tlbp",
-    [24] = "eret", [31] = "deret",
-    [32] = "wait",
-  },
-}
 local map_cop1s = {
  shift = 0, mask = 63,
  [0] = "add.sFGH",     "sub.sFGH",     "mul.sFGH",     "div.sFGH",
@@ -178,8 +191,8 @@ local map_cop1bc = {
 local map_cop1 = {
  shift = 21, mask = 31,
-  [0] = "mfc1TG", false,        "cfc1TG",       "mfhc1TG",
+  [0] = "mfc1TG", "dmfc1TG",    "cfc1TG",       "mfhc1TG",
-  "mtc1TG",     false,          "ctc1TG",       "mthc1TG",
+  "mtc1TG",     "dmtc1TG",      "ctc1TG",       "mthc1TG",
  map_cop1bc,   false,          false,          false,
  false,        false,          false,          false,
  map_cop1s,    map_cop1d,      false,          false,
@@ -213,16 +226,218 @@ local map_pri = {
  "andiTSU",    "ori|liTS0U",   "xoriTSU",      "luiTU",
  map_cop0,     map_cop1,       false,          map_cop1x,
  "beql|beqzlST0B",     "bnel|bnezlST0B",       "blezlSB",      "bgtzlSB",
-  false,        false,          false,          false,
+  "daddiTSI",   "daddiuTSI",    false,          false,
-  map_special2, false,          false,          map_special3,
+  map_special2, "jalxJ",        false,          map_special3,
  "lbTSO",      "lhTSO",        "lwlTSO",       "lwTSO",
  "lbuTSO",     "lhuTSO",       "lwrTSO",       false,
  "sbTSO",      "shTSO",        "swlTSO",       "swTSO",
  false,        false,          "swrTSO",       "cacheNSO",
  "llTSO",      "lwc1HSO",      "lwc2TSO",      "prefNSO",
-  false,        "ldc1HSO",      "ldc2TSO",      false,
+  false,        "ldc1HSO",      "ldc2TSO",      "ldTSO",
  "scTSO",      "swc1HSO",      "swc2TSO",      false,
-  false,        "sdc1HSO",      "sdc2TSO",      false,
+  false,        "sdc1HSO",      "sdc2TSO",      "sdTSO",
+}
+------------------------------------------------------------------------------
+-- Primary and extended opcode maps for MIPS R6
+------------------------------------------------------------------------------
+local map_mul_r6 =   { shift = 6, mask = 3, [2] = "mulDST",   [3] = "muhDST" }
+local map_mulu_r6 =  { shift = 6, mask = 3, [2] = "muluDST",  [3] = "muhuDST" }
+local map_div_r6 =   { shift = 6, mask = 3, [2] = "divDST",   [3] = "modDST" }
+local map_divu_r6 =  { shift = 6, mask = 3, [2] = "divuDST",  [3] = "moduDST" }
+local map_dmul_r6 =  { shift = 6, mask = 3, [2] = "dmulDST",  [3] = "dmuhDST" }
+local map_dmulu_r6 = { shift = 6, mask = 3, [2] = "dmuluDST", [3] = "dmuhuDST" }
+local map_ddiv_r6 =  { shift = 6, mask = 3, [2] = "ddivDST",  [3] = "dmodDST" }
+local map_ddivu_r6 = { shift = 6, mask = 3, [2] = "ddivuDST", [3] = "dmoduDST" }
+local map_special_r6 = {
+  shift = 0, mask = 63,
+  [0] = { shift = 0, mask = -1, [0] = "nop", _ = "sllDTA" },
+  false,        map_srl,        "sraDTA",
+  "sllvDTS",    false,          map_srlv,       "sravDTS",
+  "jrS",        "jalrD1S",      false,          false,
+  "syscallY",   "breakY",       false,          "sync",
+  "clzDS",      "cloDS",        "dclzDS",       "dcloDS",
+  "dsllvDST",   "dlsaDSTA",     "dsrlvDST",     "dsravDST",
+  map_mul_r6,   map_mulu_r6,    map_div_r6,     map_divu_r6,
+  map_dmul_r6,  map_dmulu_r6,   map_ddiv_r6,    map_ddivu_r6,
+  "addDST",     "addu|moveDST0", "subDST",      "subu|neguDS0T",
+  "andDST",     "or|moveDST0",  "xorDST",       "nor|notDST0",
+  false,        false,          "sltDST",       "sltuDST",
+  "daddDST",    "dadduDST",     "dsubDST",      "dsubuDST",
+  "tgeSTZ",     "tgeuSTZ",      "tltSTZ",       "tltuSTZ",
+  "teqSTZ",     "seleqzDST",    "tneSTZ",       "selnezDST",
+  "dsllDTA",    false,          "dsrlDTA",      "dsraDTA",
+  "dsll32DTA",  false,          "dsrl32DTA",    "dsra32DTA",
+}
+local map_bshfl_r6 = {
+  shift = 9, mask = 3,
+  [1] = "alignDSTa",
+  _ = {
+    shift = 6, mask = 31,
+    [0] = "bitswapDT",
+    [2] = "wsbhDT",
+    [16] = "sebDT",
+    [24] = "sehDT",
+  }
+}
+local map_dbshfl_r6 = {
+  shift = 9, mask = 3,
+  [1] = "dalignDSTa",
+  _ = {
+    shift = 6, mask = 31,
+    [0] = "dbitswapDT",
+    [2] = "dsbhDT",
+    [5] = "dshdDT",
+  }
+}
+local map_special3_r6 = {
+  shift = 0, mask = 63,
+  [0]  = "extTSAK", [1]  = "dextmTSAP", [3]  = "dextTSAK",
+  [4]  = "insTSAL", [6]  = "dinsuTSEQ", [7]  = "dinsTSAL",
+  [32] = map_bshfl_r6, [36] = map_dbshfl_r6,  [59] = "rdhwrTD",
+}
+local map_regimm_r6 = {
+  shift = 16, mask = 31,
+  [0] = "bltzSB", [1] = "bgezSB",
+  [6] = "dahiSI", [30] = "datiSI",
+  [23] = "sigrieI", [31] = "synciSO",
+}
+local map_pcrel_r6 = {
+  shift = 19, mask = 3,
+  [0] = "addiupcS2", "lwpcS2", "lwupcS2", {
+    shift = 18, mask = 1,
+    [0] = "ldpcS3", { shift = 16, mask = 3, [2] = "auipcSI", [3] = "aluipcSI" }
+  }
+}
+local map_cop1s_r6 = {
+  shift = 0, mask = 63,
+  [0] = "add.sFGH",     "sub.sFGH",     "mul.sFGH",     "div.sFGH",
+  "sqrt.sFG",           "abs.sFG",      "mov.sFG",      "neg.sFG",
+  "round.l.sFG",        "trunc.l.sFG",  "ceil.l.sFG",   "floor.l.sFG",
+  "round.w.sFG",        "trunc.w.sFG",  "ceil.w.sFG",   "floor.w.sFG",
+  "sel.sFGH",           false,          false,          false,
+  "seleqz.sFGH",        "recip.sFG",    "rsqrt.sFG",    "selnez.sFGH",
+  "maddf.sFGH",         "msubf.sFGH",   "rint.sFG",     "class.sFG",
+  "min.sFGH",           "mina.sFGH",    "max.sFGH",     "maxa.sFGH",
+  false,                "cvt.d.sFG",    false,          false,
+  "cvt.w.sFG",          "cvt.l.sFG",
+}
+local map_cop1d_r6 = {
+  shift = 0, mask = 63,
+  [0] = "add.dFGH",     "sub.dFGH",     "mul.dFGH",     "div.dFGH",
+  "sqrt.dFG",           "abs.dFG",      "mov.dFG",      "neg.dFG",
+  "round.l.dFG",        "trunc.l.dFG",  "ceil.l.dFG",   "floor.l.dFG",
+  "round.w.dFG",        "trunc.w.dFG",  "ceil.w.dFG",   "floor.w.dFG",
+  "sel.dFGH",           false,          false,          false,
+  "seleqz.dFGH",        "recip.dFG",    "rsqrt.dFG",    "selnez.dFGH",
+  "maddf.dFGH",         "msubf.dFGH",   "rint.dFG",     "class.dFG",
+  "min.dFGH",           "mina.dFGH",    "max.dFGH",     "maxa.dFGH",
+  "cvt.s.dFG",          false,          false,          false,
+  "cvt.w.dFG",          "cvt.l.dFG",
+}
+local map_cop1w_r6 = {
+  shift = 0, mask = 63,
+  [0] = "cmp.af.sFGH",  "cmp.un.sFGH",  "cmp.eq.sFGH",  "cmp.ueq.sFGH",
+  "cmp.lt.sFGH",        "cmp.ult.sFGH", "cmp.le.sFGH",  "cmp.ule.sFGH",
+  "cmp.saf.sFGH",       "cmp.sun.sFGH", "cmp.seq.sFGH", "cmp.sueq.sFGH",
+  "cmp.slt.sFGH",       "cmp.sult.sFGH",        "cmp.sle.sFGH", "cmp.sule.sFGH",
+  false,                "cmp.or.sFGH",  "cmp.une.sFGH", "cmp.ne.sFGH",
+  false,                false,          false,          false,
+  false,                "cmp.sor.sFGH", "cmp.sune.sFGH",        "cmp.sne.sFGH",
+  false,                false,          false,          false,
+  "cvt.s.wFG", "cvt.d.wFG",
+}
+local map_cop1l_r6 = {
+  shift = 0, mask = 63,
+  [0] = "cmp.af.dFGH",  "cmp.un.dFGH",  "cmp.eq.dFGH",  "cmp.ueq.dFGH",
+  "cmp.lt.dFGH",        "cmp.ult.dFGH", "cmp.le.dFGH",  "cmp.ule.dFGH",
+  "cmp.saf.dFGH",       "cmp.sun.dFGH", "cmp.seq.dFGH", "cmp.sueq.dFGH",
+  "cmp.slt.dFGH",       "cmp.sult.dFGH",        "cmp.sle.dFGH", "cmp.sule.dFGH",
+  false,                "cmp.or.dFGH",  "cmp.une.dFGH", "cmp.ne.dFGH",
+  false,                false,          false,          false,
+  false,                "cmp.sor.dFGH", "cmp.sune.dFGH",        "cmp.sne.dFGH",
+  false,                false,          false,          false,
+  "cvt.s.lFG", "cvt.d.lFG",
+}
+local map_cop1_r6 = {
+  shift = 21, mask = 31,
+  [0] = "mfc1TG", "dmfc1TG",    "cfc1TG",       "mfhc1TG",
+  "mtc1TG",     "dmtc1TG",      "ctc1TG",       "mthc1TG",
+  false,        "bc1eqzHB",     false,          false,
+  false,        "bc1nezHB",     false,          false,
+  map_cop1s_r6, map_cop1d_r6,   false,          false,
+  map_cop1w_r6, map_cop1l_r6,
+}
+local function maprs_popTS(rs, rt)
+  if rt == 0 then return 0 elseif rs == 0 then return 1
+  elseif rs == rt then return 2 else return 3 end
+end
+local map_pop06_r6 = {
+  maprs = maprs_popTS, [0] = "blezSB", "blezalcTB", "bgezalcTB", "bgeucSTB"
+}
+local map_pop07_r6 = {
+  maprs = maprs_popTS, [0] = "bgtzSB", "bgtzalcTB", "bltzalcTB", "bltucSTB"
+}
+local map_pop26_r6 = {
+  maprs = maprs_popTS, "blezcTB", "bgezcTB", "bgecSTB"
+}
+local map_pop27_r6 = {
+  maprs = maprs_popTS, "bgtzcTB", "bltzcTB", "bltcSTB"
+}
+local function maprs_popS(rs, rt)
+  if rs == 0 then return 0 else return 1 end
+end
+local map_pop66_r6 = {
+  maprs = maprs_popS, [0] = "jicTI", "beqzcSb"
+}
+local map_pop76_r6 = {
+  maprs = maprs_popS, [0] = "jialcTI", "bnezcSb"
+}
+local function maprs_popST(rs, rt)
+  if rs >= rt then return 0 elseif rs == 0 then return 1 else return 2 end
+end
+local map_pop10_r6 = {
+  maprs = maprs_popST, [0] = "bovcSTB", "beqzalcTB", "beqcSTB"
+}
+local map_pop30_r6 = {
+  maprs = maprs_popST, [0] = "bnvcSTB", "bnezalcTB", "bnecSTB"
+}
+local map_pri_r6 = {
+  [0] = map_special_r6, map_regimm_r6,  "jJ",   "jalJ",
+  "beq|beqz|bST00B",    "bne|bnezST0B",         map_pop06_r6,   map_pop07_r6,
+  map_pop10_r6, "addiu|liTS0I", "sltiTSI",      "sltiuTSI",
+  "andiTSU",    "ori|liTS0U",   "xoriTSU",      "aui|luiTS0U",
+  map_cop0,     map_cop1_r6,    false,          false,
+  false,        false,          map_pop26_r6,   map_pop27_r6,
+  map_pop30_r6, "daddiuTSI",    false,          false,
+  false,        "dauiTSI",      false,          map_special3_r6,
+  "lbTSO",      "lhTSO",        false,          "lwTSO",
+  "lbuTSO",     "lhuTSO",       false,          false,
+  "sbTSO",      "shTSO",        false,          "swTSO",
+  false,        false,          false,          false,
+  false,        "lwc1HSO",      "bc#",          false,
+  false,        "ldc1HSO",      map_pop66_r6,   "ldTSO",
+  false,        "swc1HSO",      "balc#",        map_pcrel_r6,
+  false,        "sdc1HSO",      map_pop76_r6,   "sdTSO",
 }
 ------------------------------------------------------------------------------
@@ -279,10 +494,14 @@ local function disass_ins(ctx)
  ctx.op = op
  ctx.rel = nil
-  local opat = map_pri[rshift(op, 26)]
+  local opat = ctx.map_pri[rshift(op, 26)]
  while type(opat) ~= "string" do
    if not opat then return unknown(ctx) end
-    opat = opat[band(rshift(op, opat.shift), opat.mask)] or opat._
+    if opat.maprs then
+      opat = opat[opat.maprs(band(rshift(op,21),31), band(rshift(op,16),31))]
+    else
+      opat = opat[band(rshift(op, opat.shift), opat.mask)] or opat._
+    end
  end
  local name, pat = match(opat, "^([a-z0-9_.]*)(.*)")
  local altname, pat2 = match(pat, "|([a-z0-9_.|]*)(.*)")
@@ -306,6 +525,10 @@ local function disass_ins(ctx)
      x = "f"..band(rshift(op, 21), 31)
    elseif p == "A" then
      x = band(rshift(op, 6), 31)
+    elseif p == "a" then
+      x = band(rshift(op, 6), 7)
+    elseif p == "E" then
+      x = band(rshift(op, 6), 31) + 32
    elseif p == "M" then
      x = band(rshift(op, 11), 31)
    elseif p == "N" then
@@ -315,10 +538,18 @@ local function disass_ins(ctx)
      if x == 0 then x = nil end
    elseif p == "K" then
      x = band(rshift(op, 11), 31) + 1
+    elseif p == "P" then
+      x = band(rshift(op, 11), 31) + 33
    elseif p == "L" then
      x = band(rshift(op, 11), 31) - last + 1
+    elseif p == "Q" then
+      x = band(rshift(op, 11), 31) - last + 33
    elseif p == "I" then
      x = arshift(lshift(op, 16), 16)
+    elseif p == "2" then
+      x = arshift(lshift(op, 13), 11)
+    elseif p == "3" then
+      x = arshift(lshift(op, 14), 11)
    elseif p == "U" then
      x = band(op, 0xffff)
    elseif p == "O" then
@@ -328,13 +559,22 @@ local function disass_ins(ctx)
      local index = map_gpr[band(rshift(op, 16), 31)]
      operands[#operands] = format("%s(%s)", index, last)
    elseif p == "B" then
-      x = ctx.addr + ctx.pos + arshift(lshift(op, 16), 16)*4 + 4
+      x = ctx.addr + ctx.pos + arshift(lshift(op, 16), 14) + 4
+      ctx.rel = x
+      x = format("0x%08x", x)
+    elseif p == "b" then
+      x = ctx.addr + ctx.pos + arshift(lshift(op, 11), 9) + 4
      ctx.rel = x
-      x = "0x"..tohex(x)
+      x = format("0x%08x", x)
+    elseif p == "#" then
+      x = ctx.addr + ctx.pos + arshift(lshift(op, 6), 4) + 4
+      ctx.rel = x
+      x = format("0x%08x", x)
    elseif p == "J" then
-      x = band(ctx.addr + ctx.pos, 0xf0000000) + band(op, 0x03ffffff)*4
+      local a = ctx.addr + ctx.pos
+      x = a - band(a, 0x0fffffff) + band(op, 0x03ffffff)*4
      ctx.rel = x
-      x = "0x"..tohex(x)
+      x = format("0x%08x", x)
    elseif p == "V" then
      x = band(rshift(op, 8), 7)
      if x == 0 then x = nil end
@@ -384,7 +624,7 @@ local function disass_block(ctx, ofs, len)
 end
 -- Extended API: create a disassembler context. Then call ctx:disass(ofs, len).
-local function create_(code, addr, out)
+local function create(code, addr, out)
  local ctx = {}
  ctx.code = code
  ctx.addr = addr or 0
@@ -393,36 +633,62 @@ local function create_(code, addr, out)
  ctx.disass = disass_block
  ctx.hexdump = 8
  ctx.get = get_be
+  ctx.map_pri = map_pri
+  return ctx
+end
+local function create_el(code, addr, out)
+  local ctx = create(code, addr, out)
+  ctx.get = get_le
+  return ctx
+end
+local function create_r6(code, addr, out)
+  local ctx = create(code, addr, out)
+  ctx.map_pri = map_pri_r6
  return ctx
 end
-local function create_el_(code, addr, out)
+local function create_r6_el(code, addr, out)
-  local ctx = create_(code, addr, out)
+  local ctx = create(code, addr, out)
  ctx.get = get_le
+  ctx.map_pri = map_pri_r6
  return ctx
 end
 -- Simple API: disassemble code (a string) at address and output via out.
-local function disass_(code, addr, out)
+local function disass(code, addr, out)
-  create_(code, addr, out):disass()
+  create(code, addr, out):disass()
+end
+local function disass_el(code, addr, out)
+  create_el(code, addr, out):disass()
 end
-local function disass_el_(code, addr, out)
+local function disass_r6(code, addr, out)
-  create_el_(code, addr, out):disass()
+  create_r6(code, addr, out):disass()
+end
+local function disass_r6_el(code, addr, out)
+  create_r6_el(code, addr, out):disass()
 end
 -- Return register name for RID.
-local function regname_(r)
+local function regname(r)
  if r < 32 then return map_gpr[r] end
  return "f"..(r-32)
 end
 -- Public module functions.
-module(...)
+return {
+  create = create,
-create = create_
+  create_el = create_el,
-create_el = create_el_
+  create_r6 = create_r6,
-disass = disass_
+  create_r6_el = create_r6_el,
-disass_el = disass_el_
+  disass = disass,
-regname = regname_
+  disass_el = disass_el,
+  disass_r6 = disass_r6,
+  disass_r6_el = disass_r6_el,
+  regname = regname
+}
diff --git a/src/jit/dis_mips64.lua b/src/jit/dis_mips64.lua
new file mode 100644
index 00000000..5f3a4dab
--- /dev/null
+++ b/src/jit/dis_mips64.lua
@@ -0,0 +1,17 @@
+----------------------------------------------------------------------------
+-- LuaJIT MIPS64 disassembler wrapper module.
+--
+-- Copyright (C) 2005-2023 Mike Pall. All rights reserved.
+-- Released under the MIT license. See Copyright Notice in luajit.h
+----------------------------------------------------------------------------
+-- This module just exports the big-endian functions from the
+-- MIPS disassembler module. All the interesting stuff is there.
+------------------------------------------------------------------------------
+local dis_mips = require((string.match(..., ".*%.") or "").."dis_mips")
+return {
+  create = dis_mips.create,
+  disass = dis_mips.disass,
+  regname = dis_mips.regname
+}
diff --git a/src/jit/dis_mips64el.lua b/src/jit/dis_mips64el.lua
new file mode 100644
index 00000000..ea513649
--- /dev/null
+++ b/src/jit/dis_mips64el.lua
@@ -0,0 +1,17 @@
+----------------------------------------------------------------------------
+-- LuaJIT MIPS64EL disassembler wrapper module.
+--
+-- Copyright (C) 2005-2023 Mike Pall. All rights reserved.
+-- Released under the MIT license. See Copyright Notice in luajit.h
+----------------------------------------------------------------------------
+-- This module just exports the little-endian functions from the
+-- MIPS disassembler module. All the interesting stuff is there.
+------------------------------------------------------------------------------
+local dis_mips = require((string.match(..., ".*%.") or "").."dis_mips")
+return {
+  create = dis_mips.create_el,
+  disass = dis_mips.disass_el,
+  regname = dis_mips.regname
+}
diff --git a/src/jit/dis_mips64r6.lua b/src/jit/dis_mips64r6.lua
new file mode 100644
index 00000000..1d948411
--- /dev/null
+++ b/src/jit/dis_mips64r6.lua
@@ -0,0 +1,17 @@
+----------------------------------------------------------------------------
+-- LuaJIT MIPS64R6 disassembler wrapper module.
+--
+-- Copyright (C) 2005-2023 Mike Pall. All rights reserved.
+-- Released under the MIT license. See Copyright Notice in luajit.h
+----------------------------------------------------------------------------
+-- This module just exports the r6 big-endian functions from the
+-- MIPS disassembler module. All the interesting stuff is there.
+------------------------------------------------------------------------------
+local dis_mips = require((string.match(..., ".*%.") or "").."dis_mips")
+return {
+  create = dis_mips.create_r6,
+  disass = dis_mips.disass_r6,
+  regname = dis_mips.regname
+}
diff --git a/src/jit/dis_mips64r6el.lua b/src/jit/dis_mips64r6el.lua
new file mode 100644
index 00000000..26592e17
--- /dev/null
+++ b/src/jit/dis_mips64r6el.lua
@@ -0,0 +1,17 @@
+----------------------------------------------------------------------------
+-- LuaJIT MIPS64R6EL disassembler wrapper module.
+--
+-- Copyright (C) 2005-2023 Mike Pall. All rights reserved.
+-- Released under the MIT license. See Copyright Notice in luajit.h
+----------------------------------------------------------------------------
+-- This module just exports the r6 little-endian functions from the
+-- MIPS disassembler module. All the interesting stuff is there.
+------------------------------------------------------------------------------
+local dis_mips = require((string.match(..., ".*%.") or "").."dis_mips")
+return {
+  create = dis_mips.create_r6_el,
+  disass = dis_mips.disass_r6_el,
+  regname = dis_mips.regname
+}
diff --git a/src/jit/dis_mipsel.lua b/src/jit/dis_mipsel.lua
index 6c14800e..6906a779 100644
--- a/src/jit/dis_mipsel.lua
+++ b/src/jit/dis_mipsel.lua
@@ -8,13 +8,10 @@
 -- MIPS disassembler module. All the interesting stuff is there.
 ------------------------------------------------------------------------------
-local require = require
+local dis_mips = require((string.match(..., ".*%.") or "").."dis_mips")
+return {
-module(...)
+  create = dis_mips.create_el,
+  disass = dis_mips.disass_el,
-local dis_mips = require(_PACKAGE.."dis_mips")
+  regname = dis_mips.regname
+}
-create = dis_mips.create_el
-disass = dis_mips.disass_el
-regname = dis_mips.regname
diff --git a/src/jit/dis_ppc.lua b/src/jit/dis_ppc.lua
index 26a6b343..95c3da84 100644
--- a/src/jit/dis_ppc.lua
+++ b/src/jit/dis_ppc.lua
@@ -560,7 +560,7 @@ local function disass_block(ctx, ofs, len)
 end
 -- Extended API: create a disassembler context. Then call ctx:disass(ofs, len).
-local function create_(code, addr, out)
+local function create(code, addr, out)
  local ctx = {}
  ctx.code = code
  ctx.addr = addr or 0
@@ -572,20 +572,20 @@ local function create_(code, addr, out)
 end
 -- Simple API: disassemble code (a string) at address and output via out.
-local function disass_(code, addr, out)
+local function disass(code, addr, out)
-  create_(code, addr, out):disass()
+  create(code, addr, out):disass()
 end
 -- Return register name for RID.
-local function regname_(r)
+local function regname(r)
  if r < 32 then return map_gpr[r] end
  return "f"..(r-32)
 end
 -- Public module functions.
-module(...)
+return {
+  create = create,
-create = create_
+  disass = disass,
-disass = disass_
+  regname = regname
-regname = regname_
+}
diff --git a/src/jit/dis_x64.lua b/src/jit/dis_x64.lua
index 3ffd67e2..eb21f044 100644
--- a/src/jit/dis_x64.lua
+++ b/src/jit/dis_x64.lua
@@ -8,13 +8,10 @@
 -- x86/x64 disassembler module. All the interesting stuff is there.
 ------------------------------------------------------------------------------
-local require = require
+local dis_x86 = require((string.match(..., ".*%.") or "").."dis_x86")
+return {
-module(...)
+  create = dis_x86.create64,
+  disass = dis_x86.disass64,
-local dis_x86 = require(_PACKAGE.."dis_x86")
+  regname = dis_x86.regname64
+}
-create = dis_x86.create64
-disass = dis_x86.disass64
-regname = dis_x86.regname64
diff --git a/src/jit/dis_x86.lua b/src/jit/dis_x86.lua
index 77702b89..40b8218e 100644
--- a/src/jit/dis_x86.lua
+++ b/src/jit/dis_x86.lua
@@ -15,19 +15,20 @@
 -- Intel and AMD manuals. The supported instruction set is quite extensive
 -- and reflects what a current generation Intel or AMD CPU implements in
 -- 32 bit and 64 bit mode. Yes, this includes MMX, SSE, SSE2, SSE3, SSSE3,
-- SSE4.1, SSE4.2, SSE4a and even privileged and hypervisor (VMX/SVM)
+-- SSE4.1, SSE4.2, SSE4a, AVX, AVX2 and even privileged and hypervisor
-- instructions.
+-- (VMX/SVM) instructions.
 --
 -- Notes:
 -- * The (useless) a16 prefix, 3DNow and pre-586 opcodes are unsupported.
 -- * No attempt at optimization has been made -- it's fast enough for my needs.
-- * The public API may change when more architectures are added.
 ------------------------------------------------------------------------------
 local type = type
 local sub, byte, format = string.sub, string.byte, string.format
 local match, gmatch, gsub = string.match, string.gmatch, string.gsub
 local lower, rep = string.lower, string.rep
+local bit = require("bit")
+local tohex = bit.tohex
 -- Map for 1st opcode byte in 32 bit mode. Ugly? Well ... read on.
 local map_opc1_32 = {
@@ -76,7 +77,7 @@ local map_opc1_32 = {
 "movBRi","movBRi","movBRi","movBRi","movBRi","movBRi","movBRi","movBRi",
 "movVRI","movVRI","movVRI","movVRI","movVRI","movVRI","movVRI","movVRI",
 --Cx
-"shift!Bmu","shift!Vmu","retBw","ret","$lesVrm","$ldsVrm","movBmi","movVmi",
+"shift!Bmu","shift!Vmu","retBw","ret","vex*3$lesVrm","vex*2$ldsVrm","movBmi","movVmi",
 "enterBwu","leave","retfBw","retf","int3","intBu","into","iretVS",
 --Dx
 "shift!Bm1","shift!Vm1","shift!Bmc","shift!Vmc","aamBu","aadBu","salc","xlatb",
@@ -101,7 +102,7 @@ local map_opc1_64 = setmetatable({
  [0x44]="rex*r",  [0x45]="rex*rb",  [0x46]="rex*rx",  [0x47]="rex*rxb",
  [0x48]="rex*w",  [0x49]="rex*wb",  [0x4a]="rex*wx",  [0x4b]="rex*wxb",
  [0x4c]="rex*wr", [0x4d]="rex*wrb", [0x4e]="rex*wrx", [0x4f]="rex*wrxb",
-  [0x82]=false, [0x9a]=false, [0xc4]=false, [0xc5]=false, [0xce]=false,
+  [0x82]=false, [0x9a]=false, [0xc4]="vex*3", [0xc5]="vex*2", [0xce]=false,
  [0xd4]=false, [0xd5]=false, [0xd6]=false, [0xea]=false,
 }, { __index = map_opc1_32 })
@@ -112,12 +113,12 @@ local map_opc2 = {
 [0]="sldt!Dmp","sgdt!Ump","larVrm","lslVrm",nil,"syscall","clts","sysret",
 "invd","wbinvd",nil,"ud1",nil,"$prefetch!Bm","femms","3dnowMrmu",
 --1x
-"movupsXrm|movssXrm|movupdXrm|movsdXrm",
+"movupsXrm|movssXrvm|movupdXrm|movsdXrvm",
-"movupsXmr|movssXmr|movupdXmr|movsdXmr",
+"movupsXmr|movssXmvr|movupdXmr|movsdXmvr",
 "movhlpsXrm$movlpsXrm|movsldupXrm|movlpdXrm|movddupXrm",
 "movlpsXmr||movlpdXmr",
-"unpcklpsXrm||unpcklpdXrm",
+"unpcklpsXrvm||unpcklpdXrvm",
-"unpckhpsXrm||unpckhpdXrm",
+"unpckhpsXrvm||unpckhpdXrvm",
 "movlhpsXrm$movhpsXrm|movshdupXrm|movhpdXrm",
 "movhpsXmr||movhpdXmr",
 "$prefetcht!Bm","hintnopVm","hintnopVm","hintnopVm",
@@ -126,7 +127,7 @@ local map_opc2 = {
 "movUmx$","movUmy$","movUxm$","movUym$","movUmz$",nil,"movUzm$",nil,
 "movapsXrm||movapdXrm",
 "movapsXmr||movapdXmr",
-"cvtpi2psXrMm|cvtsi2ssXrVmt|cvtpi2pdXrMm|cvtsi2sdXrVmt",
+"cvtpi2psXrMm|cvtsi2ssXrvVmt|cvtpi2pdXrMm|cvtsi2sdXrvVmt",
 "movntpsXmr|movntssXmr|movntpdXmr|movntsdXmr",
 "cvttps2piMrXm|cvttss2siVrXm|cvttpd2piMrXm|cvttsd2siVrXm",
 "cvtps2piMrXm|cvtss2siVrXm|cvtpd2piMrXm|cvtsd2siVrXm",
@@ -142,27 +143,27 @@ local map_opc2 = {
 "cmovlVrm","cmovgeVrm","cmovleVrm","cmovgVrm",
 --5x
 "movmskpsVrXm$||movmskpdVrXm$","sqrtpsXrm|sqrtssXrm|sqrtpdXrm|sqrtsdXrm",
-"rsqrtpsXrm|rsqrtssXrm","rcppsXrm|rcpssXrm",
+"rsqrtpsXrm|rsqrtssXrvm","rcppsXrm|rcpssXrvm",
-"andpsXrm||andpdXrm","andnpsXrm||andnpdXrm",
+"andpsXrvm||andpdXrvm","andnpsXrvm||andnpdXrvm",
-"orpsXrm||orpdXrm","xorpsXrm||xorpdXrm",
+"orpsXrvm||orpdXrvm","xorpsXrvm||xorpdXrvm",
-"addpsXrm|addssXrm|addpdXrm|addsdXrm","mulpsXrm|mulssXrm|mulpdXrm|mulsdXrm",
+"addpsXrvm|addssXrvm|addpdXrvm|addsdXrvm","mulpsXrvm|mulssXrvm|mulpdXrvm|mulsdXrvm",
-"cvtps2pdXrm|cvtss2sdXrm|cvtpd2psXrm|cvtsd2ssXrm",
+"cvtps2pdXrm|cvtss2sdXrvm|cvtpd2psXrm|cvtsd2ssXrvm",
 "cvtdq2psXrm|cvttps2dqXrm|cvtps2dqXrm",
-"subpsXrm|subssXrm|subpdXrm|subsdXrm","minpsXrm|minssXrm|minpdXrm|minsdXrm",
+"subpsXrvm|subssXrvm|subpdXrvm|subsdXrvm","minpsXrvm|minssXrvm|minpdXrvm|minsdXrvm",
-"divpsXrm|divssXrm|divpdXrm|divsdXrm","maxpsXrm|maxssXrm|maxpdXrm|maxsdXrm",
+"divpsXrvm|divssXrvm|divpdXrvm|divsdXrvm","maxpsXrvm|maxssXrvm|maxpdXrvm|maxsdXrvm",
 --6x
-"punpcklbwPrm","punpcklwdPrm","punpckldqPrm","packsswbPrm",
+"punpcklbwPrvm","punpcklwdPrvm","punpckldqPrvm","packsswbPrvm",
-"pcmpgtbPrm","pcmpgtwPrm","pcmpgtdPrm","packuswbPrm",
+"pcmpgtbPrvm","pcmpgtwPrvm","pcmpgtdPrvm","packuswbPrvm",
-"punpckhbwPrm","punpckhwdPrm","punpckhdqPrm","packssdwPrm",
+"punpckhbwPrvm","punpckhwdPrvm","punpckhdqPrvm","packssdwPrvm",
-"||punpcklqdqXrm","||punpckhqdqXrm",
+"||punpcklqdqXrvm","||punpckhqdqXrvm",
 "movPrVSm","movqMrm|movdquXrm|movdqaXrm",
 --7x
-"pshufwMrmu|pshufhwXrmu|pshufdXrmu|pshuflwXrmu","pshiftw!Pmu",
+"pshufwMrmu|pshufhwXrmu|pshufdXrmu|pshuflwXrmu","pshiftw!Pvmu",
-"pshiftd!Pmu","pshiftq!Mmu||pshiftdq!Xmu",
+"pshiftd!Pvmu","pshiftq!Mvmu||pshiftdq!Xvmu",
-"pcmpeqbPrm","pcmpeqwPrm","pcmpeqdPrm","emms|",
+"pcmpeqbPrvm","pcmpeqwPrvm","pcmpeqdPrvm","emms*|",
 "vmreadUmr||extrqXmuu$|insertqXrmuu$","vmwriteUrm||extrqXrm$|insertqXrm$",
 nil,nil,
-"||haddpdXrm|haddpsXrm","||hsubpdXrm|hsubpsXrm",
+"||haddpdXrvm|haddpsXrvm","||hsubpdXrvm|hsubpsXrvm",
 "movVSmMr|movqXrm|movVSmXr","movqMmr|movdquXmr|movdqaXmr",
 --8x
 "joVj","jnoVj","jbVj","jnbVj","jzVj","jnzVj","jbeVj","jaVj",
@@ -180,27 +181,27 @@ nil,nil,
 "bsfVrm","bsrVrm|lzcntVrm|bsrWrm","movsxVrBmt","movsxVrWmt",
 --Cx
 "xaddBmr","xaddVmr",
-"cmppsXrmu|cmpssXrmu|cmppdXrmu|cmpsdXrmu","$movntiVmr|",
+"cmppsXrvmu|cmpssXrvmu|cmppdXrvmu|cmpsdXrvmu","$movntiVmr|",
-"pinsrwPrWmu","pextrwDrPmu",
+"pinsrwPrvWmu","pextrwDrPmu",
-"shufpsXrmu||shufpdXrmu","$cmpxchg!Qmp",
+"shufpsXrvmu||shufpdXrvmu","$cmpxchg!Qmp",
 "bswapVR","bswapVR","bswapVR","bswapVR","bswapVR","bswapVR","bswapVR","bswapVR",
 --Dx
-"||addsubpdXrm|addsubpsXrm","psrlwPrm","psrldPrm","psrlqPrm",
+"||addsubpdXrvm|addsubpsXrvm","psrlwPrvm","psrldPrvm","psrlqPrvm",
-"paddqPrm","pmullwPrm",
+"paddqPrvm","pmullwPrvm",
 "|movq2dqXrMm|movqXmr|movdq2qMrXm$","pmovmskbVrMm||pmovmskbVrXm",
-"psubusbPrm","psubuswPrm","pminubPrm","pandPrm",
+"psubusbPrvm","psubuswPrvm","pminubPrvm","pandPrvm",
-"paddusbPrm","padduswPrm","pmaxubPrm","pandnPrm",
+"paddusbPrvm","padduswPrvm","pmaxubPrvm","pandnPrvm",
 --Ex
-"pavgbPrm","psrawPrm","psradPrm","pavgwPrm",
+"pavgbPrvm","psrawPrvm","psradPrvm","pavgwPrvm",
-"pmulhuwPrm","pmulhwPrm",
+"pmulhuwPrvm","pmulhwPrvm",
 "|cvtdq2pdXrm|cvttpd2dqXrm|cvtpd2dqXrm","$movntqMmr||$movntdqXmr",
-"psubsbPrm","psubswPrm","pminswPrm","porPrm",
+"psubsbPrvm","psubswPrvm","pminswPrvm","porPrvm",
-"paddsbPrm","paddswPrm","pmaxswPrm","pxorPrm",
+"paddsbPrvm","paddswPrvm","pmaxswPrvm","pxorPrvm",
 --Fx
-"|||lddquXrm","psllwPrm","pslldPrm","psllqPrm",
+"|||lddquXrm","psllwPrvm","pslldPrvm","psllqPrvm",
-"pmuludqPrm","pmaddwdPrm","psadbwPrm","maskmovqMrm||maskmovdquXrm$",
+"pmuludqPrvm","pmaddwdPrvm","psadbwPrvm","maskmovqMrm||maskmovdquXrm$",
-"psubbPrm","psubwPrm","psubdPrm","psubqPrm",
+"psubbPrvm","psubwPrvm","psubdPrvm","psubqPrvm",
-"paddbPrm","paddwPrm","padddPrm","ud",
+"paddbPrvm","paddwPrvm","padddPrvm","ud",
 }
 assert(map_opc2[255] == "ud")
@@ -208,49 +209,91 @@ assert(map_opc2[255] == "ud")
 local map_opc3 = {
 ["38"] = { -- [66] 0f 38 xx
 --0x
-[0]="pshufbPrm","phaddwPrm","phadddPrm","phaddswPrm",
+[0]="pshufbPrvm","phaddwPrvm","phadddPrvm","phaddswPrvm",
-"pmaddubswPrm","phsubwPrm","phsubdPrm","phsubswPrm",
+"pmaddubswPrvm","phsubwPrvm","phsubdPrvm","phsubswPrvm",
-"psignbPrm","psignwPrm","psigndPrm","pmulhrswPrm",
+"psignbPrvm","psignwPrvm","psigndPrvm","pmulhrswPrvm",
-nil,nil,nil,nil,
+"||permilpsXrvm","||permilpdXrvm",nil,nil,
 --1x
 "||pblendvbXrma",nil,nil,nil,
-"||blendvpsXrma","||blendvpdXrma",nil,"||ptestXrm",
+"||blendvpsXrma","||blendvpdXrma","||permpsXrvm","||ptestXrm",
-nil,nil,nil,nil,
+"||broadcastssXrm","||broadcastsdXrm","||broadcastf128XrlXm",nil,
 "pabsbPrm","pabswPrm","pabsdPrm",nil,
 --2x
 "||pmovsxbwXrm","||pmovsxbdXrm","||pmovsxbqXrm","||pmovsxwdXrm",
 "||pmovsxwqXrm","||pmovsxdqXrm",nil,nil,
-"||pmuldqXrm","||pcmpeqqXrm","||$movntdqaXrm","||packusdwXrm",
+"||pmuldqXrvm","||pcmpeqqXrvm","||$movntdqaXrm","||packusdwXrvm",
-nil,nil,nil,nil,
+"||maskmovpsXrvm","||maskmovpdXrvm","||maskmovpsXmvr","||maskmovpdXmvr",
 --3x
 "||pmovzxbwXrm","||pmovzxbdXrm","||pmovzxbqXrm","||pmovzxwdXrm",
-"||pmovzxwqXrm","||pmovzxdqXrm",nil,"||pcmpgtqXrm",
+"||pmovzxwqXrm","||pmovzxdqXrm","||permdXrvm","||pcmpgtqXrvm",
-"||pminsbXrm","||pminsdXrm","||pminuwXrm","||pminudXrm",
+"||pminsbXrvm","||pminsdXrvm","||pminuwXrvm","||pminudXrvm",
-"||pmaxsbXrm","||pmaxsdXrm","||pmaxuwXrm","||pmaxudXrm",
+"||pmaxsbXrvm","||pmaxsdXrvm","||pmaxuwXrvm","||pmaxudXrvm",
 --4x
-"||pmulddXrm","||phminposuwXrm",
+"||pmulddXrvm","||phminposuwXrm",nil,nil,
+nil,"||psrlvVSXrvm","||psravdXrvm","||psllvVSXrvm",
+--5x
+[0x58] = "||pbroadcastdXrlXm",[0x59] = "||pbroadcastqXrlXm",
+[0x5a] = "||broadcasti128XrlXm",
+--7x
+[0x78] = "||pbroadcastbXrlXm",[0x79] = "||pbroadcastwXrlXm",
+--8x
+[0x8c] = "||pmaskmovXrvVSm",
+[0x8e] = "||pmaskmovVSmXvr",
+--9x
+[0x96] = "||fmaddsub132pHXrvm",[0x97] = "||fmsubadd132pHXrvm",
+[0x98] = "||fmadd132pHXrvm",[0x99] = "||fmadd132sHXrvm",
+[0x9a] = "||fmsub132pHXrvm",[0x9b] = "||fmsub132sHXrvm",
+[0x9c] = "||fnmadd132pHXrvm",[0x9d] = "||fnmadd132sHXrvm",
+[0x9e] = "||fnmsub132pHXrvm",[0x9f] = "||fnmsub132sHXrvm",
+--Ax
+[0xa6] = "||fmaddsub213pHXrvm",[0xa7] = "||fmsubadd213pHXrvm",
+[0xa8] = "||fmadd213pHXrvm",[0xa9] = "||fmadd213sHXrvm",
+[0xaa] = "||fmsub213pHXrvm",[0xab] = "||fmsub213sHXrvm",
+[0xac] = "||fnmadd213pHXrvm",[0xad] = "||fnmadd213sHXrvm",
+[0xae] = "||fnmsub213pHXrvm",[0xaf] = "||fnmsub213sHXrvm",
+--Bx
+[0xb6] = "||fmaddsub231pHXrvm",[0xb7] = "||fmsubadd231pHXrvm",
+[0xb8] = "||fmadd231pHXrvm",[0xb9] = "||fmadd231sHXrvm",
+[0xba] = "||fmsub231pHXrvm",[0xbb] = "||fmsub231sHXrvm",
+[0xbc] = "||fnmadd231pHXrvm",[0xbd] = "||fnmadd231sHXrvm",
+[0xbe] = "||fnmsub231pHXrvm",[0xbf] = "||fnmsub231sHXrvm",
+--Dx
+[0xdc] = "||aesencXrvm", [0xdd] = "||aesenclastXrvm",
+[0xde] = "||aesdecXrvm", [0xdf] = "||aesdeclastXrvm",
 --Fx
 [0xf0] = "|||crc32TrBmt",[0xf1] = "|||crc32TrVmt",
+[0xf7] = "| sarxVrmv| shlxVrmv| shrxVrmv",
 },
 ["3a"] = { -- [66] 0f 3a xx
 --0x
-[0x00]=nil,nil,nil,nil,nil,nil,nil,nil,
+[0x00]="||permqXrmu","||permpdXrmu","||pblenddXrvmu",nil,
-"||roundpsXrmu","||roundpdXrmu","||roundssXrmu","||roundsdXrmu",
+"||permilpsXrmu","||permilpdXrmu","||perm2f128Xrvmu",nil,
-"||blendpsXrmu","||blendpdXrmu","||pblendwXrmu","palignrPrmu",
+"||roundpsXrmu","||roundpdXrmu","||roundssXrvmu","||roundsdXrvmu",
+"||blendpsXrvmu","||blendpdXrvmu","||pblendwXrvmu","palignrPrvmu",
 --1x
 nil,nil,nil,nil,
 "||pextrbVmXru","||pextrwVmXru","||pextrVmSXru","||extractpsVmXru",
-nil,nil,nil,nil,nil,nil,nil,nil,
+"||insertf128XrvlXmu","||extractf128XlXmYru",nil,nil,
+nil,nil,nil,nil,
 --2x
-"||pinsrbXrVmu","||insertpsXrmu","||pinsrXrVmuS",nil,
+"||pinsrbXrvVmu","||insertpsXrvmu","||pinsrXrvVmuS",nil,
+--3x
+[0x38] = "||inserti128Xrvmu",[0x39] = "||extracti128XlXmYru",
 --4x
-[0x40] = "||dppsXrmu",
+[0x40] = "||dppsXrvmu",
-[0x41] = "||dppdXrmu",
+[0x41] = "||dppdXrvmu",
-[0x42] = "||mpsadbwXrmu",
+[0x42] = "||mpsadbwXrvmu",
+[0x44] = "||pclmulqdqXrvmu",
+[0x46] = "||perm2i128Xrvmu",
+[0x4a] = "||blendvpsXrvmb",[0x4b] = "||blendvpdXrvmb",
+[0x4c] = "||pblendvbXrvmb",
 --6x
 [0x60] = "||pcmpestrmXrmu",[0x61] = "||pcmpestriXrmu",
 [0x62] = "||pcmpistrmXrmu",[0x63] = "||pcmpistriXrmu",
+[0xdf] = "||aeskeygenassistXrmu",
+--Fx
+[0xf0] = "||| rorxVrmu",
 },
 }
@@ -354,17 +397,19 @@ local map_regs = {
        "mm0", "mm1", "mm2", "mm3", "mm4", "mm5", "mm6", "mm7" }, -- No x64 ext!
  X = { "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5", "xmm6", "xmm7",
        "xmm8", "xmm9", "xmm10", "xmm11", "xmm12", "xmm13", "xmm14", "xmm15" },
+  Y = { "ymm0", "ymm1", "ymm2", "ymm3", "ymm4", "ymm5", "ymm6", "ymm7",
+        "ymm8", "ymm9", "ymm10", "ymm11", "ymm12", "ymm13", "ymm14", "ymm15" },
 }
 local map_segregs = { "es", "cs", "ss", "ds", "fs", "gs", "segr6", "segr7" }
 -- Maps for size names.
 local map_sz2n = {
-  B = 1, W = 2, D = 4, Q = 8, M = 8, X = 16,
+  B = 1, W = 2, D = 4, Q = 8, M = 8, X = 16, Y = 32,
 }
 local map_sz2prefix = {
  B = "byte", W = "word", D = "dword",
  Q = "qword",
-  M = "qword", X = "xword",
+  M = "qword", X = "xword", Y = "yword",
  F = "dword", G = "qword", -- No need for sizes/register names for these two.
 }
@@ -387,10 +432,13 @@ local function putop(ctx, text, operands)
  if ctx.rep then text = ctx.rep.." "..text; ctx.rep = false end
  if ctx.rex then
    local t = (ctx.rexw and "w" or "")..(ctx.rexr and "r" or "")..
-              (ctx.rexx and "x" or "")..(ctx.rexb and "b" or "")
+              (ctx.rexx and "x" or "")..(ctx.rexb and "b" or "")..
-    if t ~= "" then text = "rex."..t.." "..text end
+              (ctx.vexl and "l" or "")
+    if ctx.vexv and ctx.vexv ~= 0 then t = t.."v"..ctx.vexv end
+    if t ~= "" then text = ctx.rex.."."..t.." "..gsub(text, "^ ", "")
+    elseif ctx.rex == "vex" then text = gsub("v"..text, "^v ", "") end
    ctx.rexw = false; ctx.rexr = false; ctx.rexx = false; ctx.rexb = false
-    ctx.rex = false
+    ctx.rex = false; ctx.vexl = false; ctx.vexv = false
  end
  if ctx.seg then
    local text2, n = gsub(text, "%[", "["..ctx.seg..":")
@@ -405,6 +453,7 @@ local function putop(ctx, text, operands)
  end
  ctx.out(format("%08x  %s%s\n", ctx.addr+ctx.start, hex, text))
  ctx.mrm = false
+  ctx.vexv = false
  ctx.start = pos
  ctx.imm = nil
 end
@@ -413,7 +462,7 @@ end
 local function clearprefixes(ctx)
  ctx.o16 = false; ctx.seg = false; ctx.lock = false; ctx.rep = false
  ctx.rexw = false; ctx.rexr = false; ctx.rexx = false; ctx.rexb = false
-  ctx.rex = false; ctx.a32 = false
+  ctx.rex = false; ctx.a32 = false; ctx.vexl = false
 end
 -- Fallback for incomplete opcodes at the end.
@@ -450,9 +499,9 @@ end
 -- Process pattern string and generate the operands.
 local function putpat(ctx, name, pat)
  local operands, regs, sz, mode, sp, rm, sc, rx, sdisp
-  local code, pos, stop = ctx.code, ctx.pos, ctx.stop
+  local code, pos, stop, vexl = ctx.code, ctx.pos, ctx.stop, ctx.vexl
-  -- Chars used: 1DFGIMPQRSTUVWXacdfgijmoprstuwxyz
+  -- Chars used: 1DFGHIMPQRSTUVWXYabcdfgijlmoprstuvwxyz
  for p in gmatch(pat, ".") do
    local x = nil
    if p == "V" or p == "U" then
@@ -467,12 +516,17 @@ local function putpat(ctx, name, pat)
    elseif p == "B" then
      sz = "B"
      regs = ctx.rex and map_regs.B64 or map_regs.B
-    elseif match(p, "[WDQMXFG]") then
+    elseif match(p, "[WDQMXYFG]") then
      sz = p
+      if sz == "X" and vexl then sz = "Y"; ctx.vexl = false end
      regs = map_regs[sz]
    elseif p == "P" then
      sz = ctx.o16 and "X" or "M"; ctx.o16 = false
+      if sz == "X" and vexl then sz = "Y"; ctx.vexl = false end
      regs = map_regs[sz]
+    elseif p == "H" then
+      name = name..(ctx.rexw and "d" or "s")
+      ctx.rexw = false
    elseif p == "S" then
      name = name..lower(sz)
    elseif p == "s" then
@@ -484,6 +538,10 @@ local function putpat(ctx, name, pat)
      local imm = getimm(ctx, pos, 1); if not imm then return end
      x = format("0x%02x", imm)
      pos = pos+1
+    elseif p == "b" then
+      local imm = getimm(ctx, pos, 1); if not imm then return end
+      x = regs[imm/16+1]
+      pos = pos+1
    elseif p == "w" then
      local imm = getimm(ctx, pos, 2); if not imm then return end
      x = format("0x%x", imm)
@@ -532,7 +590,7 @@ local function putpat(ctx, name, pat)
        local lo = imm % 0x1000000
        x = format("0x%02x%06x", (imm-lo) / 0x1000000, lo)
      else
-        x = format("0x%08x", imm)
+        x = "0x"..tohex(imm)
      end
    elseif p == "R" then
      local r = byte(code, pos-1, pos-1)%8
@@ -616,8 +674,13 @@ local function putpat(ctx, name, pat)
        else
          x = "CR"..sp
        end
+      elseif p == "v" then
+        if ctx.vexv then
+          x = regs[ctx.vexv+1]; ctx.vexv = false
+        end
      elseif p == "y" then x = "DR"..sp
      elseif p == "z" then x = "TR"..sp
+      elseif p == "l" then vexl = false
      elseif p == "t" then
      else
        error("bad pattern `"..pat.."'")
@@ -692,7 +755,8 @@ map_act = {
  B = putpat, W = putpat, D = putpat, Q = putpat,
  V = putpat, U = putpat, T = putpat,
  M = putpat, X = putpat, P = putpat,
-  F = putpat, G = putpat,
+  F = putpat, G = putpat, Y = putpat,
+  H = putpat,
  -- Collect prefixes.
  [":"] = function(ctx, name, pat)
@@ -753,15 +817,68 @@ map_act = {
  -- REX prefix.
  rex = function(ctx, name, pat)
-    if ctx.rex then return unknown(ctx) end -- Only 1 REX prefix allowed.
+    if ctx.rex then return unknown(ctx) end -- Only 1 REX or VEX prefix allowed.
    for p in gmatch(pat, ".") do ctx["rex"..p] = true end
-    ctx.rex = true
+    ctx.rex = "rex"
+  end,
+  -- VEX prefix.
+  vex = function(ctx, name, pat)
+    if ctx.rex then return unknown(ctx) end -- Only 1 REX or VEX prefix allowed.
+    ctx.rex = "vex"
+    local pos = ctx.pos
+    if ctx.mrm then
+      ctx.mrm = nil
+      pos = pos-1
+    end
+    local b = byte(ctx.code, pos, pos)
+    if not b then return incomplete(ctx) end
+    pos = pos+1
+    if b < 128 then ctx.rexr = true end
+    local m = 1
+    if pat == "3" then
+      m = b%32; b = (b-m)/32
+      local nb = b%2; b = (b-nb)/2
+      if nb == 0 then ctx.rexb = true end
+      local nx = b%2
+      if nx == 0 then ctx.rexx = true end
+      b = byte(ctx.code, pos, pos)
+      if not b then return incomplete(ctx) end
+      pos = pos+1
+      if b >= 128 then ctx.rexw = true end
+    end
+    ctx.pos = pos
+    local map
+    if m == 1 then map = map_opc2
+    elseif m == 2 then map = map_opc3["38"]
+    elseif m == 3 then map = map_opc3["3a"]
+    else return unknown(ctx) end
+    local p = b%4; b = (b-p)/4
+    if p == 1 then ctx.o16 = "o16"
+    elseif p == 2 then ctx.rep = "rep"
+    elseif p == 3 then ctx.rep = "repne" end
+    local l = b%2; b = (b-l)/2
+    if l ~= 0 then ctx.vexl = true end
+    ctx.vexv = (-1-b)%16
+    return dispatchmap(ctx, map)
  end,
  -- Special case for nop with REX prefix.
  nop = function(ctx, name, pat)
    return dispatch(ctx, ctx.rex and pat or "nop")
  end,
+  -- Special case for 0F 77.
+  emms = function(ctx, name, pat)
+    if ctx.rex ~= "vex" then
+      return putop(ctx, "emms")
+    elseif ctx.vexl then
+      ctx.vexl = false
+      return putop(ctx, "zeroall")
+    else
+      return putop(ctx, "zeroupper")
+    end
+  end,
 }
 ------------------------------------------------------------------------------
@@ -782,7 +899,7 @@ local function disass_block(ctx, ofs, len)
 end
 -- Extended API: create a disassembler context. Then call ctx:disass(ofs, len).
-local function create_(code, addr, out)
+local function create(code, addr, out)
  local ctx = {}
  ctx.code = code
  ctx.addr = (addr or 0) - 1
@@ -796,8 +913,8 @@ local function create_(code, addr, out)
  return ctx
 end
-local function create64_(code, addr, out)
+local function create64(code, addr, out)
-  local ctx = create_(code, addr, out)
+  local ctx = create(code, addr, out)
  ctx.x64 = true
  ctx.map1 = map_opc1_64
  ctx.aregs = map_regs.Q
@@ -805,32 +922,32 @@ local function create64_(code, addr, out)
 end
 -- Simple API: disassemble code (a string) at address and output via out.
-local function disass_(code, addr, out)
+local function disass(code, addr, out)
-  create_(code, addr, out):disass()
+  create(code, addr, out):disass()
 end
-local function disass64_(code, addr, out)
+local function disass64(code, addr, out)
-  create64_(code, addr, out):disass()
+  create64(code, addr, out):disass()
 end
 -- Return register name for RID.
-local function regname_(r)
+local function regname(r)
  if r < 8 then return map_regs.D[r+1] end
  return map_regs.X[r-7]
 end
-local function regname64_(r)
+local function regname64(r)
  if r < 16 then return map_regs.Q[r+1] end
  return map_regs.X[r-15]
 end
 -- Public module functions.
-module(...)
+return {
+  create = create,
-create = create_
+  create64 = create64,
-create64 = create64_
+  disass = disass,
-disass = disass_
+  disass64 = disass64,
-disass64 = disass64_
+  regname = regname,
-regname = regname_
+  regname64 = regname64
-regname64 = regname64_
+}
diff --git a/src/jit/dump.lua b/src/jit/dump.lua
index 86f11e26..746732f9 100644
--- a/src/jit/dump.lua
+++ b/src/jit/dump.lua
@@ -62,7 +62,7 @@ local traceinfo, traceir, tracek = jutil.traceinfo, jutil.traceir, jutil.tracek
 local tracemc, tracesnap = jutil.tracemc, jutil.tracesnap
 local traceexitstub, ircalladdr = jutil.traceexitstub, jutil.ircalladdr
 local bit = require("bit")
-local band, shr = bit.band, bit.rshift
+local band, shr, tohex = bit.band, bit.rshift, bit.tohex
 local sub, gsub, format = string.sub, string.gsub, string.format
 local byte, rep = string.byte, string.rep
 local type, tostring = type, tostring
@@ -84,12 +84,13 @@ local nexitsym = 0
 local function fillsymtab_tr(tr, nexit)
  local t = {}
  symtabmt.__index = t
-  if jit.arch == "mips" or jit.arch == "mipsel" then
+  if jit.arch:sub(1, 4) == "mips" then
    t[traceexitstub(tr, 0)] = "exit"
    return
  end
  for i=0,nexit-1 do
    local addr = traceexitstub(tr, i)
+    if addr < 0 then addr = addr + 2^32 end
    t[addr] = tostring(i)
  end
  local addr = traceexitstub(tr, nexit)
@@ -100,10 +101,15 @@ end
 local function fillsymtab(tr, nexit)
  local t = symtab
  if nexitsym == 0 then
+    local maskaddr = jit.arch == "arm" and -2
    local ircall = vmdef.ircall
    for i=0,#ircall do
      local addr = ircalladdr(i)
-      if addr ~= 0 then t[addr] = ircall[i] end
+      if addr ~= 0 then
+        if maskaddr then addr = band(addr, maskaddr) end
+        if addr < 0 then addr = addr + 2^32 end
+        t[addr] = ircall[i]
+      end
    end
  end
  if nexitsym == 1000000 then -- Per-trace exit stubs.
@@ -117,6 +123,7 @@ local function fillsymtab(tr, nexit)
        nexit = 1000000
        break
      end
+      if addr < 0 then addr = addr + 2^32 end
      t[addr] = tostring(i)
    end
    nexitsym = nexit
@@ -135,6 +142,7 @@ local function dump_mcode(tr)
  local mcode, addr, loop = tracemc(tr)
  if not mcode then return end
  if not disass then disass = require("jit.dis_"..jit.arch) end
+  if addr < 0 then addr = addr + 2^32 end
  out:write("---- TRACE ", tr, " mcode ", #mcode, "\n")
  local ctx = disass.create(mcode, addr, dumpwrite)
  ctx.hexdump = 0
@@ -210,8 +218,10 @@ local function colorize_text(s)
  return s
 end
-local function colorize_ansi(s, t)
+local function colorize_ansi(s, t, extra)
-  return format(colortype_ansi[t], s)
+  local out = format(colortype_ansi[t], s)
+  if extra then out = "\027[3m"..out end
+  return out
 end
 local irtype_ansi = setmetatable({},
@@ -220,9 +230,10 @@ local irtype_ansi = setmetatable({},
 local html_escape = { ["<"] = "&lt;", [">"] = "&gt;", ["&"] = "&amp;", }
-local function colorize_html(s, t)
+local function colorize_html(s, t, extra)
  s = gsub(s, "[<>&]", html_escape)
-  return format('<span class="irt_%s">%s</span>', irtype_text[t], s)
+  return format('<span class="irt_%s%s">%s</span>',
+                irtype_text[t], extra and " irt_extra" or "", s)
 end
 local irtype_html = setmetatable({},
@@ -247,6 +258,7 @@ span.irt_tab { color: #c00000; }
 span.irt_udt, span.irt_lud { color: #00c0c0; }
 span.irt_num { color: #4040c0; }
 span.irt_int, span.irt_i8, span.irt_u8, span.irt_i16, span.irt_u16 { color: #b040b0; }
+span.irt_extra { font-style: italic; }
 </style>
 ]]
@@ -262,6 +274,7 @@ local litname = {
    if band(mode, 8) ~= 0 then s = s.."C" end
    if band(mode, 16) ~= 0 then s = s.."R" end
    if band(mode, 32) ~= 0 then s = s.."I" end
+    if band(mode, 64) ~= 0 then s = s.."K" end
    t[mode] = s
    return s
  end}),
@@ -269,16 +282,20 @@ local litname = {
  ["CONV  "] = setmetatable({}, { __index = function(t, mode)
    local s = irtype[band(mode, 31)]
    s = irtype[band(shr(mode, 5), 31)].."."..s
-    if band(mode, 0x400) ~= 0 then s = s.." trunc"
+    if band(mode, 0x800) ~= 0 then s = s.." sext" end
-    elseif band(mode, 0x800) ~= 0 then s = s.." sext" end
    local c = shr(mode, 12)
-    if c == 2 then s = s.." index" elseif c == 3 then s = s.." check" end
+    if c == 1 then s = s.." none"
+    elseif c == 2 then s = s.." index"
+    elseif c == 3 then s = s.." check" end
    t[mode] = s
    return s
  end}),
  ["FLOAD "] = vmdef.irfield,
  ["FREF  "] = vmdef.irfield,
  ["FPMATH"] = vmdef.irfpm,
+  ["TMPREF"] = { [0] = "", "IN", "OUT", "INOUT", "", "", "OUT2", "INOUT2" },
+  ["BUFHDR"] = { [0] = "RESET", "APPEND", "WRITE" },
+  ["TOSTR "] = { [0] = "INT", "NUM", "CHAR" },
 }
 local function ctlsub(c)
@@ -302,15 +319,19 @@ local function fmtfunc(func, pc)
  end
 end
-local function formatk(tr, idx)
+local function formatk(tr, idx, sn)
  local k, t, slot = tracek(tr, idx)
  local tn = type(k)
  local s
  if tn == "number" then
-    if k == 2^52+2^51 then
+    if t < 12 then
+      s = k == 0 and "NULL" or format("[0x%08x]", k)
+    elseif band(sn or 0, 0x30000) ~= 0 then
+      s = band(sn, 0x20000) ~= 0 and "contpc" or "ftsz"
+    elseif k == 2^52+2^51 then
      s = "bias"
    else
-      s = format("%+.14g", k)
+      s = format(0 < k and k < 0x1p-1026 and "%+a" or "%+.14g", k)
    end
  elseif tn == "string" then
    s = format(#k > 20 and '"%.20s"~' or '"%s"', gsub(k, "%c", ctlsub))
@@ -328,10 +349,12 @@ local function formatk(tr, idx)
  elseif t == 21 then -- int64_t
    s = sub(tostring(k), 1, -3)
    if sub(s, 1, 1) ~= "-" then s = "+"..s end
+  elseif sn == 0x1057fff then -- SNAP(1, SNAP_FRAME | SNAP_NORESTORE, REF_NIL)
+    return "----" -- Special case for LJ_FR2 slot 1.
  else
    s = tostring(k) -- For primitives.
  end
-  s = colorize(format("%-4s", s), t)
+  s = colorize(format("%-4s", s), t, band(sn or 0, 0x100000) ~= 0)
  if slot then
    s = format("%s @%d", s, slot)
  end
@@ -346,12 +369,12 @@ local function printsnap(tr, snap)
      n = n + 1
      local ref = band(sn, 0xffff) - 0x8000 -- REF_BIAS
      if ref < 0 then
-        out:write(formatk(tr, ref))
+        out:write(formatk(tr, ref, sn))
      elseif band(sn, 0x80000) ~= 0 then -- SNAP_SOFTFPNUM
        out:write(colorize(format("%04d/%04d", ref, ref+1), 14))
      else
        local m, ot, op1, op2 = traceir(tr, ref)
-        out:write(colorize(format("%04d", ref), band(ot, 31)))
+        out:write(colorize(format("%04d", ref), band(ot, 31), band(sn, 0x100000) ~= 0))
      end
      out:write(band(sn, 0x10000) == 0 and " " or "|") -- SNAP_FRAME
    else
@@ -544,7 +567,7 @@ local function dump_trace(what, tr, func, pc, otr, oex)
  if what == "start" then
    if dumpmode.H then out:write('<pre class="ljdump">\n') end
    out:write("---- TRACE ", tr, " ", what)
-    if otr then out:write(" ", otr, "/", oex) end
+    if otr then out:write(" ", otr, "/", oex == -1 and "stitch" or oex) end
    out:write(" ", fmtfunc(func, pc), "\n")
  elseif what == "stop" or what == "abort" then
    out:write("---- TRACE ", tr, " ", what)
@@ -594,23 +617,26 @@ end
 ------------------------------------------------------------------------------
+local gpr64 = jit.arch:match("64")
+local fprmips32 = jit.arch == "mips" or jit.arch == "mipsel"
 -- Dump taken trace exits.
 local function dump_texit(tr, ex, ngpr, nfpr, ...)
  out:write("---- TRACE ", tr, " exit ", ex, "\n")
  if dumpmode.X then
    local regs = {...}
-    if jit.arch == "x64" then
+    if gpr64 then
      for i=1,ngpr do
        out:write(format(" %016x", regs[i]))
        if i % 4 == 0 then out:write("\n") end
      end
    else
      for i=1,ngpr do
-        out:write(format(" %08x", regs[i]))
+        out:write(" ", tohex(regs[i]))
        if i % 8 == 0 then out:write("\n") end
      end
    end
-    if jit.arch == "mips" or jit.arch == "mipsel" then
+    if fprmips32 then
      for i=1,nfpr,2 do
        out:write(format(" %+17.14g", regs[ngpr+i]))
        if i % 8 == 7 then out:write("\n") end
@@ -691,9 +717,9 @@ local function dumpon(opt, outfile)
 end
 -- Public module functions.
-module(...)
+return {
+  on = dumpon,
-on = dumpon
+  off = dumpoff,
-off = dumpoff
+  start = dumpon -- For -j command line option.
-start = dumpon -- For -j command line option.
+}
diff --git a/src/jit/p.lua b/src/jit/p.lua
new file mode 100644
index 00000000..36f836c5
--- /dev/null
+++ b/src/jit/p.lua
@@ -0,0 +1,311 @@
+----------------------------------------------------------------------------
+-- LuaJIT profiler.
+--
+-- Copyright (C) 2005-2023 Mike Pall. All rights reserved.
+-- Released under the MIT license. See Copyright Notice in luajit.h
+----------------------------------------------------------------------------
+--
+-- This module is a simple command line interface to the built-in
+-- low-overhead profiler of LuaJIT.
+--
+-- The lower-level API of the profiler is accessible via the "jit.profile"
+-- module or the luaJIT_profile_* C API.
+--
+-- Example usage:
+--
+--   luajit -jp myapp.lua
+--   luajit -jp=s myapp.lua
+--   luajit -jp=-s myapp.lua
+--   luajit -jp=vl myapp.lua
+--   luajit -jp=G,profile.txt myapp.lua
+--
+-- The following dump features are available:
+--
+--   f  Stack dump: function name, otherwise module:line. Default mode.
+--   F  Stack dump: ditto, but always prepend module.
+--   l  Stack dump: module:line.
+--   <number> stack dump depth (callee < caller). Default: 1.
+--   -<number> Inverse stack dump depth (caller > callee).
+--   s  Split stack dump after first stack level. Implies abs(depth) >= 2.
+--   p  Show full path for module names.
+--   v  Show VM states. Can be combined with stack dumps, e.g. vf or fv.
+--   z  Show zones. Can be combined with stack dumps, e.g. zf or fz.
+--   r  Show raw sample counts. Default: show percentages.
+--   a  Annotate excerpts from source code files.
+--   A  Annotate complete source code files.
+--   G  Produce raw output suitable for graphical tools (e.g. flame graphs).
+--   m<number> Minimum sample percentage to be shown. Default: 3.
+--   i<number> Sampling interval in milliseconds. Default: 10.
+--
+----------------------------------------------------------------------------
+-- Cache some library functions and objects.
+local jit = require("jit")
+local profile = require("jit.profile")
+local vmdef = require("jit.vmdef")
+local math = math
+local pairs, ipairs, tonumber, floor = pairs, ipairs, tonumber, math.floor
+local sort, format = table.sort, string.format
+local stdout = io.stdout
+local zone -- Load jit.zone module on demand.
+-- Output file handle.
+local out
+------------------------------------------------------------------------------
+local prof_ud
+local prof_states, prof_split, prof_min, prof_raw, prof_fmt, prof_depth
+local prof_ann, prof_count1, prof_count2, prof_samples
+local map_vmmode = {
+  N = "Compiled",
+  I = "Interpreted",
+  C = "C code",
+  G = "Garbage Collector",
+  J = "JIT Compiler",
+}
+-- Profiler callback.
+local function prof_cb(th, samples, vmmode)
+  prof_samples = prof_samples + samples
+  local key_stack, key_stack2, key_state
+  -- Collect keys for sample.
+  if prof_states then
+    if prof_states == "v" then
+      key_state = map_vmmode[vmmode] or vmmode
+    else
+      key_state = zone:get() or "(none)"
+    end
+  end
+  if prof_fmt then
+    key_stack = profile.dumpstack(th, prof_fmt, prof_depth)
+    key_stack = key_stack:gsub("%[builtin#(%d+)%]", function(x)
+      return vmdef.ffnames[tonumber(x)]
+    end)
+    if prof_split == 2 then
+      local k1, k2 = key_stack:match("(.-) [<>] (.*)")
+      if k2 then key_stack, key_stack2 = k1, k2 end
+    elseif prof_split == 3 then
+      key_stack2 = profile.dumpstack(th, "l", 1)
+    end
+  end
+  -- Order keys.
+  local k1, k2
+  if prof_split == 1 then
+    if key_state then
+      k1 = key_state
+      if key_stack then k2 = key_stack end
+    end
+  elseif key_stack then
+    k1 = key_stack
+    if key_stack2 then k2 = key_stack2 elseif key_state then k2 = key_state end
+  end
+  -- Coalesce samples in one or two levels.
+  if k1 then
+    local t1 = prof_count1
+    t1[k1] = (t1[k1] or 0) + samples
+    if k2 then
+      local t2 = prof_count2
+      local t3 = t2[k1]
+      if not t3 then t3 = {}; t2[k1] = t3 end
+      t3[k2] = (t3[k2] or 0) + samples
+    end
+  end
+end
+------------------------------------------------------------------------------
+-- Show top N list.
+local function prof_top(count1, count2, samples, indent)
+  local t, n = {}, 0
+  for k in pairs(count1) do
+    n = n + 1
+    t[n] = k
+  end
+  sort(t, function(a, b) return count1[a] > count1[b] end)
+  for i=1,n do
+    local k = t[i]
+    local v = count1[k]
+    local pct = floor(v*100/samples + 0.5)
+    if pct < prof_min then break end
+    if not prof_raw then
+      out:write(format("%s%2d%%  %s\n", indent, pct, k))
+    elseif prof_raw == "r" then
+      out:write(format("%s%5d  %s\n", indent, v, k))
+    else
+      out:write(format("%s %d\n", k, v))
+    end
+    if count2 then
+      local r = count2[k]
+      if r then
+        prof_top(r, nil, v, (prof_split == 3 or prof_split == 1) and "  -- " or
+                            (prof_depth < 0 and "  -> " or "  <- "))
+      end
+    end
+  end
+end
+-- Annotate source code
+local function prof_annotate(count1, samples)
+  local files = {}
+  local ms = 0
+  for k, v in pairs(count1) do
+    local pct = floor(v*100/samples + 0.5)
+    ms = math.max(ms, v)
+    if pct >= prof_min then
+      local file, line = k:match("^(.*):(%d+)$")
+      if not file then file = k; line = 0 end
+      local fl = files[file]
+      if not fl then fl = {}; files[file] = fl; files[#files+1] = file end
+      line = tonumber(line)
+      fl[line] = prof_raw and v or pct
+    end
+  end
+  sort(files)
+  local fmtv, fmtn = " %3d%% | %s\n", "      | %s\n"
+  if prof_raw then
+    local n = math.max(5, math.ceil(math.log10(ms)))
+    fmtv = "%"..n.."d | %s\n"
+    fmtn = (" "):rep(n).." | %s\n"
+  end
+  local ann = prof_ann
+  for _, file in ipairs(files) do
+    local f0 = file:byte()
+    if f0 == 40 or f0 == 91 then
+      out:write(format("\n====== %s ======\n[Cannot annotate non-file]\n", file))
+      break
+    end
+    local fp, err = io.open(file)
+    if not fp then
+      out:write(format("====== ERROR: %s: %s\n", file, err))
+      break
+    end
+    out:write(format("\n====== %s ======\n", file))
+    local fl = files[file]
+    local n, show = 1, false
+    if ann ~= 0 then
+      for i=1,ann do
+        if fl[i] then show = true; out:write("@@ 1 @@\n"); break end
+      end
+    end
+    for line in fp:lines() do
+      if line:byte() == 27 then
+        out:write("[Cannot annotate bytecode file]\n")
+        break
+      end
+      local v = fl[n]
+      if ann ~= 0 then
+        local v2 = fl[n+ann]
+        if show then
+          if v2 then show = n+ann elseif v then show = n
+          elseif show+ann < n then show = false end
+        elseif v2 then
+          show = n+ann
+          out:write(format("@@ %d @@\n", n))
+        end
+        if not show then goto next end
+      end
+      if v then
+        out:write(format(fmtv, v, line))
+      else
+        out:write(format(fmtn, line))
+      end
+    ::next::
+      n = n + 1
+    end
+    fp:close()
+  end
+end
+------------------------------------------------------------------------------
+-- Finish profiling and dump result.
+local function prof_finish()
+  if prof_ud then
+    profile.stop()
+    local samples = prof_samples
+    if samples == 0 then
+      if prof_raw ~= true then out:write("[No samples collected]\n") end
+      return
+    end
+    if prof_ann then
+      prof_annotate(prof_count1, samples)
+    else
+      prof_top(prof_count1, prof_count2, samples, "")
+    end
+    prof_count1 = nil
+    prof_count2 = nil
+    prof_ud = nil
+    if out ~= stdout then out:close() end
+  end
+end
+-- Start profiling.
+local function prof_start(mode)
+  local interval = ""
+  mode = mode:gsub("i%d*", function(s) interval = s; return "" end)
+  prof_min = 3
+  mode = mode:gsub("m(%d+)", function(s) prof_min = tonumber(s); return "" end)
+  prof_depth = 1
+  mode = mode:gsub("%-?%d+", function(s) prof_depth = tonumber(s); return "" end)
+  local m = {}
+  for c in mode:gmatch(".") do m[c] = c end
+  prof_states = m.z or m.v
+  if prof_states == "z" then zone = require("jit.zone") end
+  local scope = m.l or m.f or m.F or (prof_states and "" or "f")
+  local flags = (m.p or "")
+  prof_raw = m.r
+  if m.s then
+    prof_split = 2
+    if prof_depth == -1 or m["-"] then prof_depth = -2
+    elseif prof_depth == 1 then prof_depth = 2 end
+  elseif mode:find("[fF].*l") then
+    scope = "l"
+    prof_split = 3
+  else
+    prof_split = (scope == "" or mode:find("[zv].*[lfF]")) and 1 or 0
+  end
+  prof_ann = m.A and 0 or (m.a and 3)
+  if prof_ann then
+    scope = "l"
+    prof_fmt = "pl"
+    prof_split = 0
+    prof_depth = 1
+  elseif m.G and scope ~= "" then
+    prof_fmt = flags..scope.."Z;"
+    prof_depth = -100
+    prof_raw = true
+    prof_min = 0
+  elseif scope == "" then
+    prof_fmt = false
+  else
+    local sc = prof_split == 3 and m.f or m.F or scope
+    prof_fmt = flags..sc..(prof_depth >= 0 and "Z < " or "Z > ")
+  end
+  prof_count1 = {}
+  prof_count2 = {}
+  prof_samples = 0
+  profile.start(scope:lower()..interval, prof_cb)
+  prof_ud = newproxy(true)
+  getmetatable(prof_ud).__gc = prof_finish
+end
+------------------------------------------------------------------------------
+local function start(mode, outfile)
+  if not outfile then outfile = os.getenv("LUAJIT_PROFILEFILE") end
+  if outfile then
+    out = outfile == "-" and stdout or assert(io.open(outfile, "w"))
+  else
+    out = stdout
+  end
+  prof_start(mode or "f")
+end
+-- Public module functions.
+return {
+  start = start, -- For -j command line option.
+  stop = prof_finish
+}
diff --git a/src/jit/v.lua b/src/jit/v.lua
index 29edcf2b..8e91f494 100644
--- a/src/jit/v.lua
+++ b/src/jit/v.lua
@@ -98,7 +98,7 @@ end
 local function dump_trace(what, tr, func, pc, otr, oex)
  if what == "start" then
    startloc = fmtfunc(func, pc)
-    startex = otr and "("..otr.."/"..oex..") " or ""
+    startex = otr and "("..otr.."/"..(oex == -1 and "stitch" or oex)..") " or ""
  else
    if what == "abort" then
      local loc = fmtfunc(func, pc)
@@ -115,6 +115,9 @@ local function dump_trace(what, tr, func, pc, otr, oex)
      if ltype == "interpreter" then
        out:write(format("[TRACE %3s %s%s -- fallback to interpreter]\n",
          tr, startex, startloc))
+      elseif ltype == "stitch" then
+        out:write(format("[TRACE %3s %s%s %s %s]\n",
+          tr, startex, startloc, ltype, fmtfunc(func, pc)))
      elseif link == tr or link == 0 then
        out:write(format("[TRACE %3s %s%s %s]\n",
          tr, startex, startloc, ltype))
@@ -158,9 +161,9 @@ local function dumpon(outfile)
 end
 -- Public module functions.
-module(...)
+return {
+  on = dumpon,
-on = dumpon
+  off = dumpoff,
-off = dumpoff
+  start = dumpon -- For -j command line option.
-start = dumpon -- For -j command line option.
+}
diff --git a/src/jit/zone.lua b/src/jit/zone.lua
new file mode 100644
index 00000000..55dc76d3
--- /dev/null
+++ b/src/jit/zone.lua
@@ -0,0 +1,45 @@
+----------------------------------------------------------------------------
+-- LuaJIT profiler zones.
+--
+-- Copyright (C) 2005-2023 Mike Pall. All rights reserved.
+-- Released under the MIT license. See Copyright Notice in luajit.h
+----------------------------------------------------------------------------
+--
+-- This module implements a simple hierarchical zone model.
+--
+-- Example usage:
+--
+--   local zone = require("jit.zone")
+--   zone("AI")
+--   ...
+--     zone("A*")
+--     ...
+--     print(zone:get()) --> "A*"
+--     ...
+--     zone()
+--   ...
+--   print(zone:get()) --> "AI"
+--   ...
+--   zone()
+--
+----------------------------------------------------------------------------
+local remove = table.remove
+return setmetatable({
+  flush = function(t)
+    for i=#t,1,-1 do t[i] = nil end
+  end,
+  get = function(t)
+    return t[#t]
+  end
+}, {
+  __call = function(t, zone)
+    if zone then
+      t[#t+1] = zone
+    else
+      return (assert(remove(t), "empty zone stack"))
+    end
+  end
+})