diff --git a/qemu/fpu/softfloat.c b/qemu/fpu/softfloat.c
index 724cea86..2792012b 100644
--- a/qemu/fpu/softfloat.c
+++ b/qemu/fpu/softfloat.c
@@ -183,7 +183,7 @@ static int64 roundAndPackInt64( flag zSign, uint64_t absZ0, uint64_t absZ1 STATU
         absZ0 &= ~ ( ( (uint64_t) ( absZ1<<1 ) == 0 ) & roundNearestEven );
     }
     z = absZ0;
-    if ( zSign ) z = - z;
+    if ( zSign && z != 0x8000000000000000ULL ) z = - z;
     if ( z && ( ( z < 0 ) ^ zSign ) ) {
  overflow:
         float_raise( float_flag_invalid STATUS_VAR);
@@ -1243,7 +1243,7 @@ floatx80 int32_to_floatx80(int32_t a STATUS_PARAM)
 
     if ( a == 0 ) return packFloatx80( 0, 0, 0 );
     zSign = ( a < 0 );
-    absA = zSign ? - a : a;
+    absA = (zSign && a != 0x80000000) ? - a : a;
     shiftCount = countLeadingZeros32( absA ) + 32;
     zSig = absA;
     return packFloatx80( zSign, 0x403E - shiftCount, zSig<<shiftCount );
diff --git a/qemu/target-arm/translate-a64.c b/qemu/target-arm/translate-a64.c
index de10c357..e4ce6029 100644
--- a/qemu/target-arm/translate-a64.c
+++ b/qemu/target-arm/translate-a64.c
@@ -5661,7 +5661,7 @@ static void handle_simd_dupg(DisasContext *s, int is_q, int rd, int rn,
                              int imm5)
 {
     int size = ctz32(imm5);
-    int esize = 8 << size;
+    int esize = 8 << (size & 0x1f);
     int elements = (is_q ? 128 : 64)/esize;
     int i = 0;
 
diff --git a/qemu/target-i386/ops_sse.h b/qemu/target-i386/ops_sse.h
index 2b009c71..ec9e7d2a 100644
--- a/qemu/target-i386/ops_sse.h
+++ b/qemu/target-i386/ops_sse.h
@@ -1489,7 +1489,7 @@ void glue(helper_phsubsw, SUFFIX)(CPUX86State *env, Reg *d, Reg *s)
 
 #define FABSB(_, x) (x > INT8_MAX  ? -(int8_t)x : x)
 #define FABSW(_, x) (x > INT16_MAX ? -(int16_t)x : x)
-#define FABSL(_, x) (x > INT32_MAX ? -(int32_t)x : x)
+#define FABSL(_, x) ((x > INT32_MAX && x != 0x80000000) ? -(int32_t)x : x)
 SSE_HELPER_B(helper_pabsb, FABSB)
 SSE_HELPER_W(helper_pabsw, FABSW)
 SSE_HELPER_L(helper_pabsd, FABSL)
diff --git a/qemu/target-mips/translate.c b/qemu/target-mips/translate.c
index c0c1c1eb..8f54ca55 100644
--- a/qemu/target-mips/translate.c
+++ b/qemu/target-mips/translate.c
@@ -8528,7 +8528,7 @@ static inline void gen_movcf_s (DisasContext *ctx, int fs, int fd, int cc, int t
     else
         cond = TCG_COND_NE;
 
-    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1 << get_fp_bit(cc));
+    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << get_fp_bit(cc));
     tcg_gen_brcondi_i32(tcg_ctx, cond, t0, 0, l1);
     gen_load_fpr32(ctx, t0, fs);
     gen_store_fpr32(ctx, t0, fd);
@@ -8549,7 +8549,7 @@ static inline void gen_movcf_d (DisasContext *ctx, int fs, int fd, int cc, int t
     else
         cond = TCG_COND_NE;
 
-    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1 << get_fp_bit(cc));
+    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << get_fp_bit(cc));
     tcg_gen_brcondi_i32(tcg_ctx, cond, t0, 0, l1);
     tcg_temp_free_i32(tcg_ctx, t0);
     fp0 = tcg_temp_new_i64(tcg_ctx);
@@ -8573,13 +8573,13 @@ static inline void gen_movcf_ps(DisasContext *ctx, int fs, int fd,
     else
         cond = TCG_COND_NE;
 
-    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1 << get_fp_bit(cc));
+    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << get_fp_bit(cc));
     tcg_gen_brcondi_i32(tcg_ctx, cond, t0, 0, l1);
     gen_load_fpr32(ctx, t0, fs);
     gen_store_fpr32(ctx, t0, fd);
     gen_set_label(tcg_ctx, l1);
 
-    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1 << get_fp_bit(cc+1));
+    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << get_fp_bit(cc+1));
     tcg_gen_brcondi_i32(tcg_ctx, cond, t0, 0, l2);
     gen_load_fpr32h(ctx, t0, fs);
     gen_store_fpr32h(ctx, t0, fd);
@@ -18796,7 +18796,7 @@ static void decode_opc (CPUMIPSState *env, DisasContext *ctx, bool *insn_need_pa
          check_insn_opc_removed(ctx, ISA_MIPS32R6);
     case OPC_BEQ:
     case OPC_BNE:
-         gen_compute_branch(ctx, op, 4, rs, rt, imm << 2, 4);
+         gen_compute_branch(ctx, op, 4, rs, rt, (uint16_t)imm << 2, 4);
          break;
     case OPC_LWL: /* Load and stores */
     case OPC_LWR:
diff --git a/qemu/target-sparc/translate.c b/qemu/target-sparc/translate.c
index 9da9ae20..f39a70ea 100644
--- a/qemu/target-sparc/translate.c
+++ b/qemu/target-sparc/translate.c
@@ -2668,7 +2668,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned int insn, bool hook_ins
                     target = GET_FIELD_SP(insn, 0, 13) |
                         (GET_FIELD_SP(insn, 20, 21) << 14);
                     target = sign_extend(target, 16);
-                    target <<= 2;
+                    target = (int32_t)((uint32_t)target << 2);
                     cpu_src1 = get_src1(dc, insn);
                     do_branch_reg(dc, target, insn, cpu_src1);
                     goto jmp_insn;
@@ -2681,7 +2681,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned int insn, bool hook_ins
                     }
                     target = GET_FIELD_SP(insn, 0, 18);
                     target = sign_extend(target, 19);
-                    target <<= 2;
+                    target = (int32_t)((uint32_t)target << 2);
                     do_fbranch(dc, target, insn, cc);
                     goto jmp_insn;
                 }
@@ -2695,7 +2695,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned int insn, bool hook_ins
                 {
                     target = GET_FIELD(insn, 10, 31);
                     target = sign_extend(target, 22);
-                    target <<= 2;
+                    target = (int32_t)((uint32_t)target << 2);
                     do_branch(dc, target, insn, 0);
                     goto jmp_insn;
                 }
@@ -2706,7 +2706,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned int insn, bool hook_ins
                     }
                     target = GET_FIELD(insn, 10, 31);
                     target = sign_extend(target, 22);
-                    target <<= 2;
+                    target = (int32_t)((uint32_t)target << 2);
                     do_fbranch(dc, target, insn, 0);
                     goto jmp_insn;
                 }