Changeset 100694 in vbox

Timestamp:

Jul 25, 2023 10:34:22 AM (20 months ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

158538

Message:

IEM/VMM: Deal with opcode checking cross page boundraries and tentativiely for branches. bugref:10369

Location:

trunk

Files:

: 7 edited
: 1 copied

include/VBox/err.h (modified) (1 diff)
src/VBox/VMM/Makefile.kmk (modified) (1 diff)
src/VBox/VMM/VMMAll/IEMAll.cpp (modified) (5 diffs)
src/VBox/VMM/VMMAll/IEMAllThreadedFunctions.cpp (modified) (1 diff)
src/VBox/VMM/VMMAll/IEMAllThreadedFunctionsBltIn.cpp (copied) (copied from trunk/src/VBox/VMM/VMMAll/IEMAllThreadedFunctions.cpp ) (5 diffs)
src/VBox/VMM/VMMAll/IEMAllThreadedPython.py (modified) (3 diffs)
src/VBox/VMM/VMMAll/IEMAllThreadedRecompiler.cpp (modified) (17 diffs)
src/VBox/VMM/include/IEMInternal.h (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/include/VBox/err.h

-              r100566
+              r100694
 /** Recompiled execution: Stop execution TB - Mode (fExec) changed. */
 #define VINF_IEM_REEXEC_MODE_CHANGED                (5310)
+/** Recompilation: End translation block. */
+#define VINF_IEM_RECOMPILE_END_TB                   (5311)
 /** Restart the current instruction. For testing only. */
 #define VERR_IEM_RESTART_INSTRUCTION                (-5389)

trunk/src/VBox/VMM/Makefile.kmk

-              r100672
+              r100694
  VBoxVMM_SOURCES += \
         VMMAll/IEMAllThreadedRecompiler.cpp \
+        VMMAll/IEMAllThreadedFunctions.cpp
+        VMMAll/IEMAllThreadedFunctions.cpp \
+        VMMAll/IEMAllThreadedFunctionsBltIn.cpp
 endif

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

-              r100672
+              r100694
+                {
                     Log(("iemOpcodeFetchMoreBytes: %04x:%08RX64 LB %#x + %#zx -> #GP(0)\n",
                          pVCpu->cpum.GstCtx.cs, pVCpu->cpum.GstCtx.rip, cbInstr, cbDst));
+                         pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, cbInstr, cbDst));
                     iemRaiseGeneralProtectionFault0Jmp(pVCpu);
+                }
 …
                 pVCpu->iem.s.GCPhysInstrBuf   = pTlbe->GCPhys;
                 pVCpu->iem.s.pbInstrBuf       = pTlbe->pbMappingR3;
+                pVCpu->iem.s.fTbCrossedPage  |= offPg == 0;
                 memcpy(pvDst, &pTlbe->pbMappingR3[offPg], cbDst);
                 return;
 …
+            {
                 Log(("iemOpcodeFetchMoreBytes: %04x:%08RX64 LB %#x + %#zx -> #GP(0) [slow]\n",
                      pVCpu->cpum.GstCtx.cs, pVCpu->cpum.GstCtx.rip, cbInstr, cbDst));
+                     pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, cbInstr, cbDst));
                 iemRaiseGeneralProtectionFault0Jmp(pVCpu);
+            }
 …
             pVCpu->iem.s.uInstrBufPc      = GCPtrFirst & ~(RTGCPTR)X86_PAGE_OFFSET_MASK;
             pVCpu->iem.s.pbInstrBuf       = NULL;
+            pVCpu->iem.s.fTbCrossedPage  |= offPg == 0;
             if (cbToRead == cbDst)
                 return;
 …
+    {
         Log(("iemOpcodeFetchMoreBytes: %04x:%08RX64 LB %#x + %#zx -> #GP(0)\n",
              pVCpu->cpum.GstCtx.cs, pVCpu->cpum.GstCtx.rip, offOpcode, cbMin));
+             pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, offOpcode, cbMin));
         return iemRaiseGeneralProtectionFault0(pVCpu);
+    }

trunk/src/VBox/VMM/VMMAll/IEMAllThreadedFunctions.cpp

-              r100326
+              r100694
-/**
- * Built-in function that compares the fExec mask against uParam0.
- */
-static IEM_DECL_IMPL_DEF(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckMode,
-                         (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2))
+{
-    uint32_t const fExpectedExec = (uint32_t)uParam0;
-    if (pVCpu->iem.s.fExec == fExpectedExec)
-        return VINF_SUCCESS;
-    Log12(("Mode changed at %04x:%08RX64: %#x -> %#x (xor: %#x)\n", pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
-           fExpectedExec, pVCpu->iem.s.fExec, fExpectedExec ^ pVCpu->iem.s.fExec));
-    RT_NOREF(uParam1, uParam2);
-    return VINF_IEM_REEXEC_MODE_CHANGED;
+}
-/**
- * Built-in function that checks the EIP/IP + uParam0 is within CS.LIM,
- * raising a \#GP(0) if this isn't the case.
- */
-static IEM_DECL_IMPL_DEF(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckCsLim,
-                         (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2))
+{
-    uint32_t const cbInstr = (uint32_t)uParam0;
-    if (pVCpu->cpum.GstCtx.eip - pVCpu->cpum.GstCtx.cs.u32Limit >= cbInstr)
-        return VINF_SUCCESS;
-    Log(("EIP out of bounds at %04x:%08RX32 LB %u - CS.LIM=%#RX32\n",
-         pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.eip, cbInstr, pVCpu->cpum.GstCtx.cs.u32Limit));
-    RT_NOREF(uParam1, uParam2);
-    return iemRaiseGeneralProtectionFault0(pVCpu);
+}
 /*
  * The threaded functions.

trunk/src/VBox/VMM/VMMAll/IEMAllThreadedFunctionsBltIn.cpp

-              r100670
+              r100694
 /* $Id$ */
 /** @file
+ * IEM - Instruction Decoding and Emulation, Threaded Functions.
+ * IEM - Instruction Decoding and Emulation, Built-in Threaded Functions.
+ *
+ * This is separate from IEMThreadedFunctions.cpp because it doesn't work
+ * with IEM_WITH_OPAQUE_DECODER_STATE defined.
  */
 …
 *   Header Files                                                                                                                 *
 *********************************************************************************************************************************/
+#ifndef LOG_GROUP /* defined when included by tstIEMCheckMc.cpp */
+# define LOG_GROUP LOG_GROUP_IEM
+#endif
+#define LOG_GROUP LOG_GROUP_IEM_RE_THREADED
 #define VMCPU_INCL_CPUM_GST_CTX
-#define IEM_WITH_OPAQUE_DECODER_STATE
 #include <VBox/vmm/iem.h>
 #include <VBox/vmm/cpum.h>
 …
 #include "IEMInline.h"
+#include "IEMMc.h"
+#include "IEMThreadedFunctions.h"
+/*********************************************************************************************************************************
+*   Defined Constants And Macros                                                                                                 *
+*********************************************************************************************************************************/
+/** Variant of IEM_MC_ADVANCE_RIP_AND_FINISH with instruction length as param
+ *  and only used when we're in 16-bit code on a pre-386 CPU. */
+#define IEM_MC_ADVANCE_RIP_AND_FINISH_THREADED_PC16(a_cbInstr) \
+    return iemRegAddToIp16AndFinishingClearingRF(pVCpu, a_cbInstr)
+/** Variant of IEM_MC_ADVANCE_RIP_AND_FINISH with instruction length as param
+ *  and used for 16-bit and 32-bit code on 386 and later CPUs. */
+#define IEM_MC_ADVANCE_RIP_AND_FINISH_THREADED_PC32(a_cbInstr) \
+    return iemRegAddToEip32AndFinishingClearingRF(pVCpu, a_cbInstr)
+/** Variant of IEM_MC_ADVANCE_RIP_AND_FINISH with instruction length as param
+ *  and only used when we're in 64-bit code. */
+#define IEM_MC_ADVANCE_RIP_AND_FINISH_THREADED_PC64(a_cbInstr) \
+    return iemRegAddToRip64AndFinishingClearingRF(pVCpu, a_cbInstr)
+#undef  IEM_MC_ADVANCE_RIP_AND_FINISH
+/** Variant of IEM_MC_REL_JMP_S8_AND_FINISH with instruction length as extra
+ *  parameter, for use in 16-bit code on a pre-386 CPU. */
+#define IEM_MC_REL_JMP_S8_AND_FINISH_THREADED_PC16(a_i8, a_cbInstr) \
+    return iemRegIp16RelativeJumpS8AndFinishClearingRF(pVCpu, a_cbInstr, (a_i8))
+/** Variant of IEM_MC_REL_JMP_S8_AND_FINISH with instruction length and operand
+ * size as extra parameters, for use in 16-bit and 32-bit code on 386 and
+ * later CPUs. */
+#define IEM_MC_REL_JMP_S8_AND_FINISH_THREADED_PC32(a_i8, a_cbInstr, a_enmEffOpSize) \
+    return iemRegEip32RelativeJumpS8AndFinishClearingRF(pVCpu, a_cbInstr, (a_i8), a_enmEffOpSize)
+/** Variant of IEM_MC_REL_JMP_S8_AND_FINISH with instruction length and operand
+ * size as extra parameters, for use in 64-bit code. */
+#define IEM_MC_REL_JMP_S8_AND_FINISH_THREADED_PC64(a_i8, a_cbInstr, a_enmEffOpSize) \
+    return iemRegRip64RelativeJumpS8AndFinishClearingRF(pVCpu, a_cbInstr, (a_i8), a_enmEffOpSize)
+#undef  IEM_MC_REL_JMP_S8_AND_FINISH
+/** Variant of IEM_MC_REL_JMP_S16_AND_FINISH with instruction length as
+ *  param, for use in 16-bit code on a pre-386 CPU. */
+#define IEM_MC_REL_JMP_S16_AND_FINISH_THREADED_PC16(a_i16, a_cbInstr) \
+    return iemRegEip32RelativeJumpS16AndFinishClearingRF(pVCpu, a_cbInstr, (a_i16))
+/** Variant of IEM_MC_REL_JMP_S16_AND_FINISH with instruction length as
+ *  param, for use in 16-bit and 32-bit code on 386 and later CPUs. */
+#define IEM_MC_REL_JMP_S16_AND_FINISH_THREADED_PC32(a_i16, a_cbInstr) \
+    return iemRegEip32RelativeJumpS16AndFinishClearingRF(pVCpu, a_cbInstr, (a_i16))
+/** Variant of IEM_MC_REL_JMP_S16_AND_FINISH with instruction length as
+ *  param, for use in 64-bit code. */
+#define IEM_MC_REL_JMP_S16_AND_FINISH_THREADED_PC64(a_i16, a_cbInstr) \
+    return iemRegRip64RelativeJumpS16AndFinishClearingRF(pVCpu, a_cbInstr, (a_i16))
+#undef  IEM_MC_REL_JMP_S16_AND_FINISH
+/** Variant of IEM_MC_REL_JMP_S32_AND_FINISH with instruction length as
+ *  an extra parameter - dummy for pre-386 variations not eliminated by the
+ *  python script. */
+#define IEM_MC_REL_JMP_S32_AND_FINISH_THREADED_PC16(a_i32, a_cbInstr) \
+    do { RT_NOREF(pVCpu, a_i32, a_cbInstr); AssertFailedReturn(VERR_IEM_IPE_9); } while (0)
+/** Variant of IEM_MC_REL_JMP_S32_AND_FINISH with instruction length as
+ *  an extra parameter, for use in 16-bit and 32-bit code on 386+. */
+#define IEM_MC_REL_JMP_S32_AND_FINISH_THREADED_PC32(a_i32, a_cbInstr) \
+    return iemRegEip32RelativeJumpS32AndFinishClearingRF(pVCpu, a_cbInstr, (a_i32))
+/** Variant of IEM_MC_REL_JMP_S32_AND_FINISH with instruction length as
+ *  an extra parameter, for use in 64-bit code. */
+#define IEM_MC_REL_JMP_S32_AND_FINISH_THREADED_PC64(a_i32, a_cbInstr) \
+    return iemRegRip64RelativeJumpS32AndFinishClearingRF(pVCpu, a_cbInstr, (a_i32))
+#undef  IEM_MC_REL_JMP_S32_AND_FINISH
+/** Variant of IEM_MC_CALC_RM_EFF_ADDR with additional parameters, 16-bit. */
+#define IEM_MC_CALC_RM_EFF_ADDR_THREADED_16(a_GCPtrEff, a_bRm, a_u16Disp) \
+    (a_GCPtrEff) = iemOpHlpCalcRmEffAddrThreadedAddr16(pVCpu, a_bRm, a_u16Disp)
+/** Variant of IEM_MC_CALC_RM_EFF_ADDR with additional parameters, pre-386 16-bit. */
+#define IEM_MC_CALC_RM_EFF_ADDR_THREADED_16_PRE386(a_GCPtrEff, a_bRm, a_u16Disp) \
+    IEM_MC_CALC_RM_EFF_ADDR_THREADED_16(a_GCPtrEff, a_bRm, a_u16Disp)
+/** Variant of IEM_MC_CALC_RM_EFF_ADDR with additional parameters, 32-bit with address prefix. */
+#define IEM_MC_CALC_RM_EFF_ADDR_THREADED_32_ADDR16(a_GCPtrEff, a_bRm, a_u16Disp) \
+    IEM_MC_CALC_RM_EFF_ADDR_THREADED_16(a_GCPtrEff, a_bRm, a_u16Disp)
+/** Variant of IEM_MC_CALC_RM_EFF_ADDR with additional parameters, 32-bit. */
+#define IEM_MC_CALC_RM_EFF_ADDR_THREADED_32(a_GCPtrEff, a_bRm, a_uSibAndRspOffset, a_u32Disp) \
+    (a_GCPtrEff) = iemOpHlpCalcRmEffAddrThreadedAddr32(pVCpu, a_bRm, a_uSibAndRspOffset, a_u32Disp)
+/** Variant of IEM_MC_CALC_RM_EFF_ADDR with additional parameters, 32-bit flat. */
+#define IEM_MC_CALC_RM_EFF_ADDR_THREADED_32_FLAT(a_GCPtrEff, a_bRm, a_uSibAndRspOffset, a_u32Disp) \
+    (a_GCPtrEff) = iemOpHlpCalcRmEffAddrThreadedAddr32(pVCpu, a_bRm, a_uSibAndRspOffset, a_u32Disp)
+/** Variant of IEM_MC_CALC_RM_EFF_ADDR with additional parameters, 16-bit with address prefix. */
+#define IEM_MC_CALC_RM_EFF_ADDR_THREADED_16_ADDR32(a_GCPtrEff, a_bRm, a_uSibAndRspOffset, a_u32Disp) \
+    (a_GCPtrEff) = iemOpHlpCalcRmEffAddrThreadedAddr32(pVCpu, a_bRm, a_uSibAndRspOffset, a_u32Disp)
+/** Variant of IEM_MC_CALC_RM_EFF_ADDR with additional parameters. */
+#define IEM_MC_CALC_RM_EFF_ADDR_THREADED_64(a_GCPtrEff, a_bRmEx, a_uSibAndRspOffset, a_u32Disp, a_cbImm) \
+    (a_GCPtrEff) = iemOpHlpCalcRmEffAddrThreadedAddr64(pVCpu, a_bRmEx, a_uSibAndRspOffset, a_u32Disp, a_cbImm)
+/** Variant of IEM_MC_CALC_RM_EFF_ADDR with additional parameters.
+ * @todo How did that address prefix thing work for 64-bit code again? */
+#define IEM_MC_CALC_RM_EFF_ADDR_THREADED_64_ADDR32(a_GCPtrEff, a_bRmEx, a_uSibAndRspOffset, a_u32Disp, a_cbImm) \
+    (a_GCPtrEff) = (uint32_t)iemOpHlpCalcRmEffAddrThreadedAddr64(pVCpu, a_bRmEx, a_uSibAndRspOffset, a_u32Disp, a_cbImm)
+#undef  IEM_MC_CALC_RM_EFF_ADDR
+/** Variant of IEM_MC_CALL_CIMPL_1 with explicit instruction length parameter. */
+#define IEM_MC_CALL_CIMPL_1_THREADED(a_cbInstr, a_fFlags, a_pfnCImpl, a0) \
+    return (a_pfnCImpl)(pVCpu, (a_cbInstr), a0)
+#undef  IEM_MC_CALL_CIMPL_1
+/** Variant of IEM_MC_CALL_CIMPL_2 with explicit instruction length parameter. */
+#define IEM_MC_CALL_CIMPL_2_THREADED(a_cbInstr, a_fFlags, a_pfnCImpl, a0, a1) \
+    return (a_pfnCImpl)(pVCpu, (a_cbInstr), a0, a1)
+#undef  IEM_MC_CALL_CIMPL_2
+/** Variant of IEM_MC_CALL_CIMPL_3 with explicit instruction length parameter. */
+#define IEM_MC_CALL_CIMPL_3_THREADED(a_cbInstr, a_fFlags, a_pfnCImpl, a0, a1, a2) \
+    return (a_pfnCImpl)(pVCpu, (a_cbInstr), a0, a1, a2)
+#undef  IEM_MC_CALL_CIMPL_3
+/** Variant of IEM_MC_CALL_CIMPL_4 with explicit instruction length parameter. */
+#define IEM_MC_CALL_CIMPL_4_THREADED(a_cbInstr, a_fFlags, a_pfnCImpl, a0, a1, a2, a3) \
+    return (a_pfnCImpl)(pVCpu, (a_cbInstr), a0, a1, a2, a3)
+#undef  IEM_MC_CALL_CIMPL_4
+/** Variant of IEM_MC_CALL_CIMPL_5 with explicit instruction length parameter. */
+#define IEM_MC_CALL_CIMPL_5_THREADED(a_cbInstr, a_fFlags, a_pfnCImpl, a0, a1, a2, a3, a4) \
+    return (a_pfnCImpl)(pVCpu, (a_cbInstr), a0, a1, a2, a3, a4)
+#undef  IEM_MC_CALL_CIMPL_5
+/** Variant of IEM_MC_DEFER_TO_CIMPL_0_RET with explicit instruction
+ * length parameter. */
+#define IEM_MC_DEFER_TO_CIMPL_0_RET_THREADED(a_cbInstr, a_fFlags, a_pfnCImpl) \
+    return (a_pfnCImpl)(pVCpu, (a_cbInstr))
+#undef  IEM_MC_DEFER_TO_CIMPL_0_RET
+/** Variant of IEM_MC_DEFER_TO_CIMPL_1_RET with explicit instruction
+ * length parameter. */
+#define IEM_MC_DEFER_TO_CIMPL_1_RET_THREADED(a_cbInstr, a_fFlags, a_pfnCImpl, a0) \
+    return (a_pfnCImpl)(pVCpu, (a_cbInstr), a0)
+#undef  IEM_MC_DEFER_TO_CIMPL_1_RET
+/** Variant of IEM_MC_CALL_CIMPL_2 with explicit instruction length parameter. */
+#define IEM_MC_DEFER_TO_CIMPL_2_RET_THREADED(a_cbInstr, a_fFlags, a_pfnCImpl, a0, a1) \
+    return (a_pfnCImpl)(pVCpu, (a_cbInstr), a0, a1)
+#undef  IEM_MC_DEFER_TO_CIMPL_2_RET
+/** Variant of IEM_MC_DEFER_TO_CIMPL_3 with explicit instruction length
+ *  parameter. */
+#define IEM_MC_DEFER_TO_CIMPL_3_RET_THREADED(a_cbInstr, a_fFlags, a_pfnCImpl, a0, a1, a2) \
+    return (a_pfnCImpl)(pVCpu, (a_cbInstr), a0, a1, a2)
+#undef  IEM_MC_DEFER_TO_CIMPL_3_RET
+/** Variant of IEM_MC_DEFER_TO_CIMPL_4 with explicit instruction length
+ *  parameter. */
+#define IEM_MC_DEFER_TO_CIMPL_4_RET_THREADED(a_cbInstr, a_fFlags, a_pfnCImpl, a0, a1, a2, a3) \
+    return (a_pfnCImpl)(pVCpu, (a_cbInstr), a0, a1, a2, a3)
+#undef  IEM_MC_DEFER_TO_CIMPL_4_RET
+/** Variant of IEM_MC_DEFER_TO_CIMPL_5 with explicit instruction length
+ *  parameter. */
+#define IEM_MC_DEFER_TO_CIMPL_5_RET_THREADED(a_cbInstr, a_fFlags, a_pfnCImpl, a0, a1, a2, a3, a4) \
+    return (a_pfnCImpl)(pVCpu, (a_cbInstr), a0, a1, a2, a3, a4)
+#undef  IEM_MC_DEFER_TO_CIMPL_5_RET
+/** Variant of IEM_MC_FETCH_GREG_U8 with extended (20) register index. */
+#define IEM_MC_FETCH_GREG_U8_THREADED(a_u8Dst, a_iGRegEx) \
+    (a_u8Dst) = iemGRegFetchU8Ex(pVCpu, (a_iGRegEx))
+/** Variant of IEM_MC_FETCH_GREG_U8_ZX_U16 with extended (20) register index. */
+#define IEM_MC_FETCH_GREG_U8_ZX_U16_THREADED(a_u16Dst, a_iGRegEx) \
+    (a_u16Dst) = iemGRegFetchU8Ex(pVCpu, (a_iGRegEx))
+/** Variant of IEM_MC_FETCH_GREG_U8_ZX_U32 with extended (20) register index. */
+#define IEM_MC_FETCH_GREG_U8_ZX_U32_THREADED(a_u32Dst, a_iGRegEx) \
+    (a_u32Dst) = iemGRegFetchU8Ex(pVCpu, (a_iGRegEx))
+/** Variant of IEM_MC_FETCH_GREG_U8_ZX_U64 with extended (20) register index. */
+#define IEM_MC_FETCH_GREG_U8_ZX_U64_THREADED(a_u64Dst, a_iGRegEx) \
+    (a_u64Dst) = iemGRegFetchU8Ex(pVCpu, (a_iGRegEx))
+/** Variant of IEM_MC_FETCH_GREG_U8_SX_U16 with extended (20) register index. */
+#define IEM_MC_FETCH_GREG_U8_SX_U16_THREADED(a_u16Dst, a_iGRegEx) \
+    (a_u16Dst) = (int8_t)iemGRegFetchU8Ex(pVCpu, (a_iGRegEx))
+/** Variant of IEM_MC_FETCH_GREG_U8_SX_U32 with extended (20) register index. */
+#define IEM_MC_FETCH_GREG_U8_SX_U32_THREADED(a_u32Dst, a_iGRegEx) \
+    (a_u32Dst) = (int8_t)iemGRegFetchU8Ex(pVCpu, (a_iGRegEx))
+#undef IEM_MC_FETCH_GREG_U8_SX_U32
+/** Variant of IEM_MC_FETCH_GREG_U8_SX_U64 with extended (20) register index. */
+#define IEM_MC_FETCH_GREG_U8_SX_U64_THREADED(a_u64Dst, a_iGRegEx) \
+    (a_u64Dst) = (int8_t)iemGRegFetchU8Ex(pVCpu, (a_iGRegEx))
+#undef IEM_MC_FETCH_GREG_U8_SX_U64
+/** Variant of IEM_MC_STORE_GREG_U8 with extended (20) register index. */
+#define IEM_MC_STORE_GREG_U8_THREADED(a_iGRegEx, a_u8Value) \
+    *iemGRegRefU8Ex(pVCpu, (a_iGRegEx)) = (a_u8Value)
+#undef IEM_MC_STORE_GREG_U8
+/** Variant of IEM_MC_STORE_GREG_U8 with extended (20) register index. */
+#define IEM_MC_STORE_GREG_U8_CONST_THREADED(a_iGRegEx, a_u8Value) \
+    *iemGRegRefU8Ex(pVCpu, (a_iGRegEx)) = (a_u8Value)
+#undef IEM_MC_STORE_GREG_U8
+/** Variant of IEM_MC_REF_GREG_U8 with extended (20) register index. */
+#define IEM_MC_REF_GREG_U8_THREADED(a_pu8Dst, a_iGRegEx) \
+    (a_pu8Dst) = iemGRegRefU8Ex(pVCpu, (a_iGRegEx))
+#undef IEM_MC_REF_GREG_U8
+/** Variant of IEM_MC_ADD_GREG_U8 with extended (20) register index. */
+#define IEM_MC_ADD_GREG_U8_THREADED(a_iGRegEx, a_u8Value) \
+    *iemGRegRefU8Ex(pVCpu, (a_iGRegEx)) += (a_u8Value)
+#undef IEM_MC_ADD_GREG_U8
+/** Variant of IEM_MC_SUB_GREG_U8 with extended (20) register index. */
+#define IEM_MC_SUB_GREG_U8_THREADED(a_iGRegEx,  a_u8Value) \
+    *iemGRegRefU8Ex(pVCpu, (a_iGRegEx)) -= (a_u8Value)
+#undef IEM_MC_SUB_GREG_U8
+/** Variant of IEM_MC_ADD_GREG_U8_TO_LOCAL with extended (20) register index. */
+#define IEM_MC_ADD_GREG_U8_TO_LOCAL_THREADED(a_u8Value, a_iGRegEx) \
+    do { (a_u8Value) += iemGRegFetchU8Ex(pVCpu, (a_iGRegEx)); } while (0)
+#undef IEM_MC_ADD_GREG_U8_TO_LOCAL
+/** Variant of IEM_MC_AND_GREG_U8 with extended (20) register index. */
+#define IEM_MC_AND_GREG_U8_THREADED(a_iGRegEx, a_u8Value) \
+    *iemGRegRefU8Ex(pVCpu, (a_iGRegEx)) &= (a_u8Value)
+#undef IEM_MC_AND_GREG_U8
+/** Variant of IEM_MC_OR_GREG_U8 with extended (20) register index. */
+#define IEM_MC_OR_GREG_U8_THREADED(a_iGRegEx, a_u8Value) \
+    *iemGRegRefU8Ex(pVCpu, (a_iGRegEx)) |= (a_u8Value)
+#undef IEM_MC_OR_GREG_U8
+/**
+ * Calculates the effective address of a ModR/M memory operand, 16-bit
+ * addressing variant.
+ *
+ * Meant to be used via IEM_MC_CALC_RM_EFF_ADDR_THREADED_ADDR16.
+ *
+ * @returns The effective address.
+ * @param   pVCpu               The cross context virtual CPU structure of the calling thread.
+ * @param   bRm                 The ModRM byte.
+ * @param   u16Disp             The displacement byte/word, if any.
+ *                              RIP relative addressing.
+ */
+static RTGCPTR iemOpHlpCalcRmEffAddrThreadedAddr16(PVMCPUCC pVCpu, uint8_t bRm, uint16_t u16Disp) RT_NOEXCEPT
+{
+    Log5(("iemOpHlpCalcRmEffAddrThreadedAddr16: bRm=%#x u16Disp=%#x\n", bRm, u16Disp));
+    Assert(!IEM_IS_64BIT_CODE(pVCpu));
+    /* Handle the disp16 form with no registers first. */
+    if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 6)
+    {
+        Log5(("iemOpHlpCalcRmEffAddrThreadedAddr16: EffAddr=%#010RGv\n", (RTGCPTR)u16Disp));
+        return u16Disp;
+    }
+    /* Get the displacment. */
+    /** @todo we can eliminate this step by making u16Disp have this value
+     *        already! */
+    uint16_t u16EffAddr;
+    switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
+    {
+        case 0:  u16EffAddr = 0;                        break;
+        case 1:  u16EffAddr = (int16_t)(int8_t)u16Disp; break;
+        case 2:  u16EffAddr = u16Disp;                  break;
+        default: AssertFailedStmt(u16EffAddr = 0);
+    }
+    /* Add the base and index registers to the disp. */
+    switch (bRm & X86_MODRM_RM_MASK)
+    {
+        case 0: u16EffAddr += pVCpu->cpum.GstCtx.bx + pVCpu->cpum.GstCtx.si; break;
+        case 1: u16EffAddr += pVCpu->cpum.GstCtx.bx + pVCpu->cpum.GstCtx.di; break;
+        case 2: u16EffAddr += pVCpu->cpum.GstCtx.bp + pVCpu->cpum.GstCtx.si; break;
+        case 3: u16EffAddr += pVCpu->cpum.GstCtx.bp + pVCpu->cpum.GstCtx.di; break;
+        case 4: u16EffAddr += pVCpu->cpum.GstCtx.si; break;
+        case 5: u16EffAddr += pVCpu->cpum.GstCtx.di; break;
+        case 6: u16EffAddr += pVCpu->cpum.GstCtx.bp; break;
+        case 7: u16EffAddr += pVCpu->cpum.GstCtx.bx; break;
+    }
+    Log5(("iemOpHlpCalcRmEffAddrThreadedAddr16: EffAddr=%#010RGv\n", (RTGCPTR)u16EffAddr));
+    return u16EffAddr;
+}
+/**
+ * Calculates the effective address of a ModR/M memory operand, 32-bit
+ * addressing variant.
+ *
+ * Meant to be used via IEM_MC_CALC_RM_EFF_ADDR_THREADED_ADDR32 and
+ * IEM_MC_CALC_RM_EFF_ADDR_THREADED_ADDR32FLAT.
+ *
+ * @returns The effective address.
+ * @param   pVCpu               The cross context virtual CPU structure of the
+ *                              calling thread.
+ * @param   bRm                 The ModRM byte.
+ * @param   uSibAndRspOffset    Two parts:
+ *                                - The first 8 bits make up the SIB byte.
+ *                                - The next 8 bits are the fixed RSP/ESP offse
+ *                                  in case of a pop [xSP].
+ * @param   u32Disp             The displacement byte/dword, if any.
+ */
+static RTGCPTR iemOpHlpCalcRmEffAddrThreadedAddr32(PVMCPUCC pVCpu, uint8_t bRm, uint32_t uSibAndRspOffset,
+                                                   uint32_t u32Disp) RT_NOEXCEPT
+{
+    Log5(("iemOpHlpCalcRmEffAddrThreadedAddr32: bRm=%#x uSibAndRspOffset=%#x u32Disp=%#x\n", bRm, uSibAndRspOffset, u32Disp));
+    /* Handle the disp32 form with no registers first. */
+    if ((bRm & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 5)
+    {
+        Log5(("iemOpHlpCalcRmEffAddrThreadedAddr32: EffAddr=%#010RGv\n", (RTGCPTR)u32Disp));
+        return u32Disp;
+    }
+    /* Get the register (or SIB) value. */
+    uint32_t u32EffAddr;
+#ifdef _MSC_VER
+    u32EffAddr = 0;/* MSC uninitialized variable analysis is too simple, it seems. */
+#endif
+    switch (bRm & X86_MODRM_RM_MASK)
+    {
+        case 0: u32EffAddr = pVCpu->cpum.GstCtx.eax; break;
+        case 1: u32EffAddr = pVCpu->cpum.GstCtx.ecx; break;
+        case 2: u32EffAddr = pVCpu->cpum.GstCtx.edx; break;
+        case 3: u32EffAddr = pVCpu->cpum.GstCtx.ebx; break;
+        case 4: /* SIB */
+        {
+            /* Get the index and scale it. */
+            switch ((uSibAndRspOffset >> X86_SIB_INDEX_SHIFT) & X86_SIB_INDEX_SMASK)
+            {
+                case 0: u32EffAddr = pVCpu->cpum.GstCtx.eax; break;
+                case 1: u32EffAddr = pVCpu->cpum.GstCtx.ecx; break;
+                case 2: u32EffAddr = pVCpu->cpum.GstCtx.edx; break;
+                case 3: u32EffAddr = pVCpu->cpum.GstCtx.ebx; break;
+                case 4: u32EffAddr = 0; /*none */ break;
+                case 5: u32EffAddr = pVCpu->cpum.GstCtx.ebp; break;
+                case 6: u32EffAddr = pVCpu->cpum.GstCtx.esi; break;
+                case 7: u32EffAddr = pVCpu->cpum.GstCtx.edi; break;
+            }
+            u32EffAddr <<= (uSibAndRspOffset >> X86_SIB_SCALE_SHIFT) & X86_SIB_SCALE_SMASK;
+            /* add base */
+            switch (uSibAndRspOffset & X86_SIB_BASE_MASK)
+            {
+                case 0: u32EffAddr += pVCpu->cpum.GstCtx.eax; break;
+                case 1: u32EffAddr += pVCpu->cpum.GstCtx.ecx; break;
+                case 2: u32EffAddr += pVCpu->cpum.GstCtx.edx; break;
+                case 3: u32EffAddr += pVCpu->cpum.GstCtx.ebx; break;
+                case 4:
+                    u32EffAddr += pVCpu->cpum.GstCtx.esp;
+                    u32EffAddr += uSibAndRspOffset >> 8;
+                    break;
+                case 5:
+                    if ((bRm & X86_MODRM_MOD_MASK) != 0)
+                        u32EffAddr += pVCpu->cpum.GstCtx.ebp;
+                    else
+                        u32EffAddr += u32Disp;
+                    break;
+                case 6: u32EffAddr += pVCpu->cpum.GstCtx.esi; break;
+                case 7: u32EffAddr += pVCpu->cpum.GstCtx.edi; break;
+            }
+            break;
+        }
+        case 5: u32EffAddr = pVCpu->cpum.GstCtx.ebp; break;
+        case 6: u32EffAddr = pVCpu->cpum.GstCtx.esi; break;
+        case 7: u32EffAddr = pVCpu->cpum.GstCtx.edi; break;
+    }
+    /* Get and add the displacement. */
+    switch ((bRm >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
+    {
+        case 0: break;
+        case 1: u32EffAddr += (int8_t)u32Disp; break;
+        case 2: u32EffAddr += u32Disp; break;
+        default: AssertFailed();
+    }
+    Log5(("iemOpHlpCalcRmEffAddrThreadedAddr32: EffAddr=%#010RGv\n", (RTGCPTR)u32EffAddr));
+    return u32EffAddr;
+}
+/**
+ * Calculates the effective address of a ModR/M memory operand.
+ *
+ * Meant to be used via IEM_MC_CALC_RM_EFF_ADDR_THREADED_ADDR64.
+ *
+ * @returns The effective address.
+ * @param   pVCpu               The cross context virtual CPU structure of the
+ *                              calling thread.
+ * @param   bRmEx               The ModRM byte but with bit 3 set to REX.B and
+ *                              bit 4 to REX.X.  The two bits are part of the
+ *                              REG sub-field, which isn't needed in this
+ *                              function.
+ * @param   uSibAndRspOffset    Two parts:
+ *                                - The first 8 bits make up the SIB byte.
+ *                                - The next 8 bits are the fixed RSP/ESP offse
+ *                                  in case of a pop [xSP].
+ * @param   u32Disp             The displacement byte/word/dword, if any.
+ * @param   cbInstr             The size of the fully decoded instruction. Used
+ *                              for RIP relative addressing.
+ * @todo combine cbInstr and cbImm!
+ */
+static RTGCPTR iemOpHlpCalcRmEffAddrThreadedAddr64(PVMCPUCC pVCpu, uint8_t bRmEx, uint32_t uSibAndRspOffset,
+                                                   uint32_t u32Disp, uint8_t cbInstr) RT_NOEXCEPT
+{
+    Log5(("iemOpHlpCalcRmEffAddrThreadedAddr64: bRmEx=%#x\n", bRmEx));
+    Assert(IEM_IS_64BIT_CODE(pVCpu));
+    uint64_t u64EffAddr;
+    /* Handle the rip+disp32 form with no registers first. */
+    if ((bRmEx & (X86_MODRM_MOD_MASK | X86_MODRM_RM_MASK)) == 5)
+    {
+        u64EffAddr = (int32_t)u32Disp;
+        u64EffAddr += pVCpu->cpum.GstCtx.rip + cbInstr;
+    }
+    else
+    {
+        /* Get the register (or SIB) value. */
+#ifdef _MSC_VER
+        u64EffAddr = 0; /* MSC uninitialized variable analysis is too simple, it seems. */
+#endif
+        switch (bRmEx & (X86_MODRM_RM_MASK | 0x8)) /* bRmEx[bit 3] = REX.B */
+        {
+            default:
+            case  0: u64EffAddr = pVCpu->cpum.GstCtx.rax; break;
+            case  1: u64EffAddr = pVCpu->cpum.GstCtx.rcx; break;
+            case  2: u64EffAddr = pVCpu->cpum.GstCtx.rdx; break;
+            case  3: u64EffAddr = pVCpu->cpum.GstCtx.rbx; break;
+            case  5: u64EffAddr = pVCpu->cpum.GstCtx.rbp; break;
+            case  6: u64EffAddr = pVCpu->cpum.GstCtx.rsi; break;
+            case  7: u64EffAddr = pVCpu->cpum.GstCtx.rdi; break;
+            case  8: u64EffAddr = pVCpu->cpum.GstCtx.r8;  break;
+            case  9: u64EffAddr = pVCpu->cpum.GstCtx.r9;  break;
+            case 10: u64EffAddr = pVCpu->cpum.GstCtx.r10; break;
+            case 11: u64EffAddr = pVCpu->cpum.GstCtx.r11; break;
+            case 13: u64EffAddr = pVCpu->cpum.GstCtx.r13; break;
+            case 14: u64EffAddr = pVCpu->cpum.GstCtx.r14; break;
+            case 15: u64EffAddr = pVCpu->cpum.GstCtx.r15; break;
+            /* SIB */
+            case 4:
+            case 12:
+            {
+                /* Get the index and scale it. */
+                switch (  ((uSibAndRspOffset >> X86_SIB_INDEX_SHIFT) & X86_SIB_INDEX_SMASK)
+                        | ((bRmEx & 0x10) >> 1)) /* bRmEx[bit 4] = REX.X */
+                {
+                    case  0: u64EffAddr = pVCpu->cpum.GstCtx.rax; break;
+                    case  1: u64EffAddr = pVCpu->cpum.GstCtx.rcx; break;
+                    case  2: u64EffAddr = pVCpu->cpum.GstCtx.rdx; break;
+                    case  3: u64EffAddr = pVCpu->cpum.GstCtx.rbx; break;
+                    case  4: u64EffAddr = 0; /*none */ break;
+                    case  5: u64EffAddr = pVCpu->cpum.GstCtx.rbp; break;
+                    case  6: u64EffAddr = pVCpu->cpum.GstCtx.rsi; break;
+                    case  7: u64EffAddr = pVCpu->cpum.GstCtx.rdi; break;
+                    case  8: u64EffAddr = pVCpu->cpum.GstCtx.r8;  break;
+                    case  9: u64EffAddr = pVCpu->cpum.GstCtx.r9;  break;
+                    case 10: u64EffAddr = pVCpu->cpum.GstCtx.r10; break;
+                    case 11: u64EffAddr = pVCpu->cpum.GstCtx.r11; break;
+                    case 12: u64EffAddr = pVCpu->cpum.GstCtx.r12; break;
+                    case 13: u64EffAddr = pVCpu->cpum.GstCtx.r13; break;
+                    case 14: u64EffAddr = pVCpu->cpum.GstCtx.r14; break;
+                    case 15: u64EffAddr = pVCpu->cpum.GstCtx.r15; break;
+                }
+                u64EffAddr <<= (uSibAndRspOffset >> X86_SIB_SCALE_SHIFT) & X86_SIB_SCALE_SMASK;
+                /* add base */
+                switch ((uSibAndRspOffset & X86_SIB_BASE_MASK) | (bRmEx & 0x8)) /* bRmEx[bit 3] = REX.B */
+                {
+                    case  0: u64EffAddr += pVCpu->cpum.GstCtx.rax; break;
+                    case  1: u64EffAddr += pVCpu->cpum.GstCtx.rcx; break;
+                    case  2: u64EffAddr += pVCpu->cpum.GstCtx.rdx; break;
+                    case  3: u64EffAddr += pVCpu->cpum.GstCtx.rbx; break;
+                    case  4:
+                        u64EffAddr += pVCpu->cpum.GstCtx.rsp;
+                        u64EffAddr += uSibAndRspOffset >> 8;
+                        break;
+                    case  6: u64EffAddr += pVCpu->cpum.GstCtx.rsi; break;
+                    case  7: u64EffAddr += pVCpu->cpum.GstCtx.rdi; break;
+                    case  8: u64EffAddr += pVCpu->cpum.GstCtx.r8;  break;
+                    case  9: u64EffAddr += pVCpu->cpum.GstCtx.r9;  break;
+                    case 10: u64EffAddr += pVCpu->cpum.GstCtx.r10; break;
+                    case 11: u64EffAddr += pVCpu->cpum.GstCtx.r11; break;
+                    case 12: u64EffAddr += pVCpu->cpum.GstCtx.r12; break;
+                    case 14: u64EffAddr += pVCpu->cpum.GstCtx.r14; break;
+                    case 15: u64EffAddr += pVCpu->cpum.GstCtx.r15; break;
+                    /* complicated encodings */
+                    case 5:
+                        if ((bRmEx & X86_MODRM_MOD_MASK) != 0)
+                            u64EffAddr += pVCpu->cpum.GstCtx.rbp;
+                        else
+                            u64EffAddr += (int32_t)u32Disp;
+                        break;
+                    case 13:
+                        if ((bRmEx & X86_MODRM_MOD_MASK) != 0)
+                            u64EffAddr += pVCpu->cpum.GstCtx.r13;
+                        else
+                            u64EffAddr += (int32_t)u32Disp;
+                        break;
+                }
+                break;
+            }
+        }
+        /* Get and add the displacement. */
+        switch ((bRmEx >> X86_MODRM_MOD_SHIFT) & X86_MODRM_MOD_SMASK)
+        {
+            case 0: break;
+            case 1: u64EffAddr += (int8_t)u32Disp; break;
+            case 2: u64EffAddr += (int32_t)u32Disp; break;
+            default: AssertFailed();
+        }
+    }
+    Log5(("iemOpHlpCalcRmEffAddrThreadedAddr64: EffAddr=%#010RGv\n", u64EffAddr));
+    return u64EffAddr;
+static VBOXSTRICTRC iemThreadeFuncWorkerObsoleteTb(PVMCPUCC pVCpu)
+{
+    iemThreadedTbObsolete(pVCpu, pVCpu->iem.s.pCurTbR3);
+    return VINF_IEM_REEXEC_MODE_CHANGED; /** @todo different status code... */
+}
 …
  * Built-in function that compares the fExec mask against uParam0.
  */
 static IEM_DECL_IMPL_DEF(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckMode,
                          (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2))
+IEM_DECL_IMPL_DEF(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckMode,
+                  (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2))
+{
     uint32_t const fExpectedExec = (uint32_t)uParam0;
     if (pVCpu->iem.s.fExec == fExpectedExec)
         return VINF_SUCCESS;
     Log12(("Mode changed at %04x:%08RX64: %#x -> %#x (xor: %#x)\n", pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
            fExpectedExec, pVCpu->iem.s.fExec, fExpectedExec ^ pVCpu->iem.s.fExec));
+    LogFlow(("Mode changed at %04x:%08RX64: %#x -> %#x (xor: %#x)\n", pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip,
+             fExpectedExec, pVCpu->iem.s.fExec, fExpectedExec ^ pVCpu->iem.s.fExec));
     RT_NOREF(uParam1, uParam2);
     return VINF_IEM_REEXEC_MODE_CHANGED;
 …
+DECL_FORCE_INLINE(RTGCPHYS) iemTbGetRangePhysPageAddr(PCIEMTB pTb, uint8_t idxRange)
+{
+    Assert(idxRange < RT_MIN(pTb->cRanges, RT_ELEMENTS(pTb->aRanges)));
+    uint8_t const idxPage = pTb->aRanges[idxRange].idxPhysPage;
+    Assert(idxPage <= RT_ELEMENTS(pTb->aGCPhysPages));
+    if (idxPage == 0)
+        return pTb->GCPhysPc & ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK;
+    Assert(!(pTb->aGCPhysPages[idxPage - 1] & GUEST_PAGE_OFFSET_MASK));
+    return pTb->aGCPhysPages[idxPage - 1];
+}
+/**
+ * Macro that implements the 16/32-bit CS.LIM check, as this is done by a
+ * number of functions.
+ */
+#define BODY_CHECK_CS_LIM(a_cbInstr) do { \
+        if (RT_LIKELY(pVCpu->cpum.GstCtx.eip - pVCpu->cpum.GstCtx.cs.u32Limit >= cbInstr)) \
+        { /* likely */ } \
+        else \
+        { \
+            Log7(("EIP out of bounds at %04x:%08RX32 LB %u - CS.LIM=%#RX32\n", \
+                  pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.eip, (a_cbInstr), pVCpu->cpum.GstCtx.cs.u32Limit)); \
+            return iemRaiseGeneralProtectionFault0(pVCpu); \
+        } \
+    } while(0)
+/**
+ * Macro that implements opcode (re-)checking.
+ */
+#define BODY_CHECK_OPCODES(a_pTb, a_idxRange, a_offRange, a_cbInstr) do { \
+        Assert((a_idxRange) < (a_pTb)->cRanges && (a_pTb)->cRanges < RT_ELEMENTS((a_pTb)->aRanges)); \
+        Assert((a_offRange) < (a_pTb)->aRanges[(a_idxRange)].cbOpcodes); \
+        /* We can use pbInstrBuf here as it will be updated when branching (and prior to executing a TB). */ \
+        if (RT_LIKELY(memcmp(&pVCpu->iem.s.pbInstrBuf[(a_pTb)->aRanges[(a_idxRange)].offPhysPage + (a_offRange)], \
+                             &(a_pTb)->pabOpcodes[    (a_pTb)->aRanges[(a_idxRange)].offOpcodes  + (a_offRange)], \
+                                                      (a_pTb)->aRanges[(a_idxRange)].cbOpcodes   - (a_offRange)) == 0)) \
+        { /* likely */ } \
+        else \
+        { \
+            Log7(("TB obsolete: %p at %04x:%08RX64 LB %u; range %u, off %#x LB %#x + %#x; #%u\n", (a_pTb), \
+                  pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, (a_cbInstr), (a_idxRange), \
+                  (a_pTb)->aRanges[(a_idxRange)].offOpcodes, (a_pTb)->aRanges[(a_idxRange)].cbOpcodes, (a_offRange), __LINE__)); \
+            RT_NOREF(a_cbInstr); \
+            return iemThreadeFuncWorkerObsoleteTb(pVCpu); \
+        } \
+    } while(0)
+/**
+ * Macro that implements TLB loading and updating pbInstrBuf updating for an
+ * instruction crossing into a new page.
+ *
+ * This may long jump if we're raising a \#PF, \#GP or similar trouble.
+ */
+#define BODY_LOAD_TLB_FOR_NEW_PAGE(a_pTb, a_offInstr, a_idxRange, a_cbInstr) do { \
+        pVCpu->iem.s.pbInstrBuf       = NULL; \
+        pVCpu->iem.s.offCurInstrStart = GUEST_PAGE_SIZE - (a_offInstr); \
+        pVCpu->iem.s.offInstrNextByte = GUEST_PAGE_SIZE; \
+        iemOpcodeFetchBytesJmp(pVCpu, 0, NULL); \
+        \
+        RTGCPHYS const GCPhysNewPage = iemTbGetRangePhysPageAddr(a_pTb, a_idxRange); \
+        if (RT_LIKELY(   pVCpu->iem.s.GCPhysInstrBuf == GCPhysNewPage \
+                      && pVCpu->iem.s.pbInstrBuf)) \
+        { /* likely */ } \
+        else \
+        { \
+            Log7(("TB obsolete: %p at %04x:%08RX64 LB %u; crossing at %#x; GCPhys=%RGp expected %RGp, pbInstrBuf=%p - #%u\n", \
+                  (a_pTb), pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, (a_cbInstr), (a_offInstr), \
+                  pVCpu->iem.s.GCPhysInstrBuf, GCPhysNewPage, pVCpu->iem.s.pbInstrBuf, __LINE__)); \
+            RT_NOREF(a_cbInstr); \
+            return iemThreadeFuncWorkerObsoleteTb(pVCpu); \
+        } \
+    } while(0)
+/**
+ * Macro that implements TLB loading and updating pbInstrBuf updating when
+ * branching or when crossing a page on an instruction boundrary.
+ *
+ * This differs from BODY_LOAD_TLB_FOR_NEW_PAGE in that it will first check if
+ * it is an inter-page branch.
+ *
+ * This may long jump if we're raising a \#PF, \#GP or similar trouble.
+ */
+#define BODY_LOAD_TLB_FOR_BRANCH(a_pTb, a_idxRange, a_cbInstr) do { \
+        /* Is RIP within the current code page? */ \
+        Assert(pVCpu->cpum.GstCtx.cs.u64Base == 0 || !IEM_IS_64BIT_CODE(pVCpu)); \
+        uint64_t const uPc = pVCpu->cpum.GstCtx.rip + pVCpu->cpum.GstCtx.cs.u64Base; \
+        uint64_t const off = uPc - pVCpu->iem.s.uInstrBufPc; \
+        if (off < pVCpu->iem.s.cbInstrBufTotal) \
+            Assert(!(pVCpu->iem.s.GCPhysInstrBuf & GUEST_PAGE_OFFSET_MASK)); \
+        else \
+        { \
+            /* Must translate new RIP. */ \
+            pVCpu->iem.s.pbInstrBuf       = NULL; \
+            pVCpu->iem.s.offCurInstrStart = 0; \
+            pVCpu->iem.s.offInstrNextByte = 0; \
+            iemOpcodeFetchBytesJmp(pVCpu, 0, NULL); \
+            \
+            RTGCPHYS const GCPhysNewPage = iemTbGetRangePhysPageAddr(a_pTb, a_idxRange); \
+            if (RT_LIKELY(   pVCpu->iem.s.GCPhysInstrBuf == GCPhysNewPage \
+                          && pVCpu->iem.s.pbInstrBuf)) \
+            { /* likely */ } \
+            else \
+            { \
+                Log7(("TB obsolete: %p at %04x:%08RX64 LB %u; branching; GCPhys=%RGp expected %RGp, pbInstrBuf=%p - #%u\n", \
+                      (a_pTb), pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, (a_cbInstr), \
+                      pVCpu->iem.s.GCPhysInstrBuf, GCPhysNewPage, pVCpu->iem.s.pbInstrBuf, __LINE__)); \
+                RT_NOREF(a_cbInstr); \
+                return iemThreadeFuncWorkerObsoleteTb(pVCpu); \
+            } \
+        } \
+    } while(0)
 /**
  * Built-in function that checks the EIP/IP + uParam0 is within CS.LIM,
  * raising a \#GP(0) if this isn't the case.
  */
 static IEM_DECL_IMPL_DEF(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckCsLim,
                          (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2))
+IEM_DECL_IMPL_DEF(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckCsLim,
+                  (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2))
+{
     uint32_t const cbInstr = (uint32_t)uParam0;
-    if (pVCpu->cpum.GstCtx.eip - pVCpu->cpum.GstCtx.cs.u32Limit >= cbInstr)
-        return VINF_SUCCESS;
-    Log(("EIP out of bounds at %04x:%08RX32 LB %u - CS.LIM=%#RX32\n",
-         pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.eip, cbInstr, pVCpu->cpum.GstCtx.cs.u32Limit));
     RT_NOREF(uParam1, uParam2);
+    return iemRaiseGeneralProtectionFault0(pVCpu);
+}
+/*
+ * The threaded functions.
+ */
+#include "IEMThreadedFunctions.cpp.h"
+    BODY_CHECK_CS_LIM(cbInstr);
+    return VINF_SUCCESS;
+}
+/**
+ * Built-in function for re-checking opcodes and CS.LIM after an instruction
+ * that may have modified them.
+ */
+IEM_DECL_IMPL_DEF(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckCsLimAndOpcodes,
+                  (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2))
+{
+    PCIEMTB const  pTb      = pVCpu->iem.s.pCurTbR3;
+    uint32_t const cbInstr  = (uint32_t)uParam0;
+    uint32_t const idxRange = (uint32_t)uParam1;
+    uint32_t const offRange = (uint32_t)uParam2;
+    BODY_CHECK_CS_LIM(cbInstr);
+    BODY_CHECK_OPCODES(pTb, idxRange, offRange, cbInstr);
+    return VINF_SUCCESS;
+}
+/**
+ * Built-in function for re-checking opcodes after an instruction that may have
+ * modified them.
+ */
+IEM_DECL_IMPL_DEF(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckOpcodes,
+                  (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2))
+{
+    PCIEMTB const  pTb      = pVCpu->iem.s.pCurTbR3;
+    uint32_t const cbInstr  = (uint32_t)uParam0;
+    uint32_t const idxRange = (uint32_t)uParam1;
+    uint32_t const offRange = (uint32_t)uParam2;
+    BODY_CHECK_OPCODES(pTb, idxRange, offRange, cbInstr);
+    return VINF_SUCCESS;
+}
+/**
+ * Built-in function for checking CS.LIM, loading TLB and checking opcodes on
+ * both pages when transitioning to a different code page.
+ *
+ * This is used when the previous instruction requires revalidation of opcodes
+ * bytes and the current instruction stries a page boundrary with opcode bytes
+ * in both the old and new page.
+ *
+ * @see iemThreadedFunc_BltIn_CheckOpcodesAcrossPageLoadingTlb
+ */
+IEM_DECL_IMPL_DEF(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckCsLimAndOpcodesAcrossPageLoadingTlb,
+                  (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2))
+{
+    PCIEMTB const  pTb         = pVCpu->iem.s.pCurTbR3;
+    uint32_t const cbInstr     = (uint32_t)uParam0;
+    uint32_t const cbStartPage = (uint32_t)(uParam0 >> 32);
+    uint32_t const idxRange1   = (uint32_t)uParam1;
+    uint32_t const offRange1   = (uint32_t)uParam2;
+    uint32_t const idxRange2   = idxRange1 + 1;
+    BODY_CHECK_CS_LIM(cbInstr);
+    BODY_CHECK_OPCODES(pTb, idxRange1, offRange1, cbInstr);
+    BODY_LOAD_TLB_FOR_NEW_PAGE(pTb, cbStartPage, idxRange2, cbInstr);
+    BODY_CHECK_OPCODES(pTb, idxRange2, 0, cbInstr);
+    return VINF_SUCCESS;
+}
+/**
+ * Built-in function for loading TLB and checking opcodes on both pages when
+ * transitioning to a different code page.
+ *
+ * This is used when the previous instruction requires revalidation of opcodes
+ * bytes and the current instruction stries a page boundrary with opcode bytes
+ * in both the old and new page.
+ *
+ * @see iemThreadedFunc_BltIn_CheckCsLimAndOpcodesAcrossPageLoadingTlb
+ */
+IEM_DECL_IMPL_DEF(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckOpcodesAcrossPageLoadingTlb,
+                  (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2))
+{
+    PCIEMTB const  pTb         = pVCpu->iem.s.pCurTbR3;
+    uint32_t const cbInstr     = (uint32_t)uParam0;
+    uint32_t const cbStartPage = (uint32_t)(uParam0 >> 32);
+    uint32_t const idxRange1   = (uint32_t)uParam1;
+    uint32_t const offRange1   = (uint32_t)uParam2;
+    uint32_t const idxRange2   = idxRange1 + 1;
+    BODY_CHECK_OPCODES(pTb, idxRange1, offRange1, cbInstr);
+    BODY_LOAD_TLB_FOR_NEW_PAGE(pTb, cbStartPage, idxRange2, cbInstr);
+    BODY_CHECK_OPCODES(pTb, idxRange2, 0, cbInstr);
+    return VINF_SUCCESS;
+}
+/**
+ * Built-in function for checking CS.LIM, loading TLB and checking opcodes when
+ * transitioning to a different code page.
+ *
+ * The code page transition can either be natural over onto the next page (with
+ * the instruction starting at page offset zero) or by means of branching.
+ *
+ * @see iemThreadedFunc_BltIn_CheckOpcodesLoadingTlb
+ */
+IEM_DECL_IMPL_DEF(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckCsLimAndOpcodesLoadingTlb,
+                  (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2))
+{
+    PCIEMTB const  pTb      = pVCpu->iem.s.pCurTbR3;
+    uint32_t const cbInstr  = (uint32_t)uParam0;
+    uint32_t const idxRange = (uint32_t)uParam1;
+    uint32_t const offRange = (uint32_t)uParam2;
+    BODY_CHECK_CS_LIM(cbInstr);
+    BODY_LOAD_TLB_FOR_BRANCH(pTb, idxRange, cbInstr);
+    BODY_CHECK_OPCODES(pTb, idxRange, offRange, cbInstr);
+    return VINF_SUCCESS;
+}
+/**
+ * Built-in function for loading TLB and checking opcodes when transitioning to
+ * a different code page.
+ *
+ * The code page transition can either be natural over onto the next page (with
+ * the instruction starting at page offset zero) or by means of branching.
+ *
+ * @see iemThreadedFunc_BltIn_CheckCsLimAndOpcodesLoadingTlb
+ */
+IEM_DECL_IMPL_DEF(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckOpcodesLoadingTlb,
+                  (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2))
+{
+    PCIEMTB const  pTb      = pVCpu->iem.s.pCurTbR3;
+    uint32_t const cbInstr  = (uint32_t)uParam0;
+    uint32_t const idxRange = (uint32_t)uParam1;
+    uint32_t const offRange = (uint32_t)uParam2;
+    BODY_LOAD_TLB_FOR_BRANCH(pTb, idxRange, cbInstr);
+    BODY_CHECK_OPCODES(pTb, idxRange, offRange, cbInstr);
+    return VINF_SUCCESS;
+}
+/**
+ * Built-in function for checking CS.LIM, loading TLB and checking opcodes when
+ * advancing naturally to a different code page.
+ *
+ * Only opcodes on the new page is checked.
+ *
+ * @see iemThreadedFunc_BltIn_CheckOpcodesOnNextPageLoadingTlb
+ */
+IEM_DECL_IMPL_DEF(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckCsLimAndOpcodesOnNextPageLoadingTlb,
+                  (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2))
+{
+    PCIEMTB const  pTb         = pVCpu->iem.s.pCurTbR3;
+    uint32_t const cbInstr     = (uint32_t)uParam0;
+    uint32_t const cbStartPage = (uint32_t)(uParam0 >> 32);
+    uint32_t const idxRange1   = (uint32_t)uParam1;
+    //uint32_t const offRange1   = (uint32_t)uParam2;
+    uint32_t const idxRange2   = idxRange1 + 1;
+    BODY_CHECK_CS_LIM(cbInstr);
+    BODY_LOAD_TLB_FOR_NEW_PAGE(pTb, cbStartPage, idxRange2, cbInstr);
+    BODY_CHECK_OPCODES(pTb, idxRange2, 0, cbInstr);
+    RT_NOREF(uParam2);
+    return VINF_SUCCESS;
+}
+/**
+ * Built-in function for loading TLB and checking opcodes when advancing
+ * naturally to a different code page.
+ *
+ * Only opcodes on the new page is checked.
+ *
+ * @see iemThreadedFunc_BltIn_CheckCsLimAndOpcodesOnNextPageLoadingTlb
+ */
+IEM_DECL_IMPL_DEF(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckOpcodesOnNextPageLoadingTlb,
+                  (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2))
+{
+    PCIEMTB const  pTb         = pVCpu->iem.s.pCurTbR3;
+    uint32_t const cbInstr     = (uint32_t)uParam0;
+    uint32_t const cbStartPage = (uint32_t)(uParam0 >> 32);
+    uint32_t const idxRange1   = (uint32_t)uParam1;
+    //uint32_t const offRange1   = (uint32_t)uParam2;
+    uint32_t const idxRange2   = idxRange1 + 1;
+    BODY_LOAD_TLB_FOR_NEW_PAGE(pTb, cbStartPage, idxRange2, cbInstr);
+    BODY_CHECK_OPCODES(pTb, idxRange2, 0, cbInstr);
+    RT_NOREF(uParam2);
+    return VINF_SUCCESS;
+}

trunk/src/VBox/VMM/VMMAll/IEMAllThreadedPython.py

-              r100633
+              r100694
             '    kIemThreadedFunc_Invalid = 0,',
             '',
             '    /*'
             '     * Predefined'
             '     */'
+            '    /*',
+            '     * Predefined',
+            '     */',
             '    kIemThreadedFunc_CheckMode,',
             '    kIemThreadedFunc_CheckCsLim,',
+            '    kIemThreadedFunc_CheckCsLimAndOpcodes,',
+            '    kIemThreadedFunc_CheckCsLimAndOpcodesAcrossPageLoadingTlb,',
+            '    kIemThreadedFunc_CheckCsLimAndOpcodesLoadingTlb,',
+            '    kIemThreadedFunc_CheckCsLimAndOpcodesOnNextPageLoadingTlb,',
+            '    kIemThreadedFunc_CheckOpcodes,',
+            '    kIemThreadedFunc_CheckOpcodesAcrossPageLoadingTlb,',
+            '    kIemThreadedFunc_CheckOpcodesLoadingTlb,',
+            '    kIemThreadedFunc_CheckOpcodesOnNextPageLoadingTlb,',
         ];
         iThreadedFunction = 1;
 …
                    + '    iemThreadedFunc_BltIn_CheckMode,\n'
                    + '    iemThreadedFunc_BltIn_CheckCsLim,\n'
+                   + '    iemThreadedFunc_BltIn_CheckCsLimAndOpcodes,\n'
+                   + '    iemThreadedFunc_BltIn_CheckCsLimAndOpcodesAcrossPageLoadingTlb,\n'
+                   + '    iemThreadedFunc_BltIn_CheckCsLimAndOpcodesLoadingTlb,\n'
+                   + '    iemThreadedFunc_BltIn_CheckCsLimAndOpcodesOnNextPageLoadingTlb,\n'
+                   + '    iemThreadedFunc_BltIn_CheckOpcodes,\n'
+                   + '    iemThreadedFunc_BltIn_CheckOpcodesAcrossPageLoadingTlb,\n'
+                   + '    iemThreadedFunc_BltIn_CheckOpcodesLoadingTlb,\n'
+                   + '    iemThreadedFunc_BltIn_CheckOpcodesOnNextPageLoadingTlb,\n'
                    );
         iThreadedFunction = 1;
 …
                    + '    "BltIn_CheckMode",\n'
                    + '    "BltIn_CheckCsLim",\n'
+                   + '    "BltIn_CheckCsLimAndOpcodes",\n'
+                   + '    "BltIn_CheckCsLimAndOpcodesAcrossPageLoadingTlb",\n'
+                   + '    "BltIn_CheckCsLimAndOpcodesLoadingTlb",\n'
+                   + '    "BltIn_CheckCsLimAndOpcodesOnNextPageLoadingTlb",\n'
+                   + '    "BltIn_CheckOpcodes",\n'
+                   + '    "BltIn_CheckOpcodesAcrossPageLoadingTlb",\n'
+                   + '    "BltIn_CheckOpcodesLoadingTlb",\n'
+                   + '    "BltIn_CheckOpcodesOnNextPageLoadingTlb",\n'
                    );
         iThreadedFunction = 1;

trunk/src/VBox/VMM/VMMAll/IEMAllThreadedRecompiler.cpp

-              r100671
+              r100694
  *      - Level 5  (Log5) : Decoding details. [same as IEM]
  *      - Level 6  (Log6) :
  *      - Level 7  (Log7) :
+ *      - Level 7  (Log7) : TB obsoletion.
  *      - Level 8  (Log8) : TB compilation.
  *      - Level 9  (Log9) : TB exec.
  *      - Level 10 (Log10): TB block lookup.
  *      - Level 11 (Log11): TB block lookup.
+ *      - Level 11 (Log11): TB block lookup details.
  *      - Level 12 (Log12): TB insertion.
  */
 …
 *   Structures and Typedefs                                                                                                      *
 *********************************************************************************************************************************/
+/**
+ * A call for the threaded call table.
+ */
+typedef struct IEMTHRDEDCALLENTRY
+{
+    /** The function to call (IEMTHREADEDFUNCS). */
+    uint16_t    enmFunction;
+    uint16_t    uUnused0;
+    /** Offset into IEMTB::pabOpcodes. */
+    uint16_t    offOpcode;
+    /** The opcode length. */
+    uint8_t     cbOpcode;
+    uint8_t     uUnused1;
+    /** Generic parameters. */
+    uint64_t    auParams[3];
+} IEMTHRDEDCALLENTRY;
+AssertCompileSize(IEMTHRDEDCALLENTRY, sizeof(uint64_t) * 4);
+/** Pointer to a threaded call entry. */
+typedef IEMTHRDEDCALLENTRY       *PIEMTHRDEDCALLENTRY;
+/** Pointer to a const threaded call entry. */
+typedef IEMTHRDEDCALLENTRY const *PCIEMTHRDEDCALLENTRY;
+/**
+ * Translation block.
+ */
+typedef struct IEMTB
+{
+    /** Next block with the same hash table entry. */
+    PIEMTB volatile     pNext;
+    /** List on the local VCPU for blocks. */
+    RTLISTNODE          LocalList;
+    /** @name What uniquely identifies the block.
+     * @{ */
+    RTGCPHYS            GCPhysPc;
+    /** IEMTB_F_XXX (i.e. IEM_F_XXX ++). */
+    uint32_t            fFlags;
+    union
+    {
+        struct
+        {
+            /**< Relevant CS X86DESCATTR_XXX bits. */
+            uint16_t    fAttr;
+        } x86;
+    };
+    /** @} */
+    union
+    {
+        struct
+        {
+            /** The call sequence table. */
+            PIEMTHRDEDCALLENTRY paCalls;
+            /** Number of calls in paCalls. */
+            uint16_t            cCalls;
+            /** Number of calls allocated. */
+            uint16_t            cAllocated;
+        } Thrd;
+    };
+    /** Number of bytes of opcodes stored in pabOpcodes. */
+    uint16_t            cbOpcodes;
+    /** The max storage available in the pabOpcodes block. */
+    uint16_t            cbOpcodesAllocated;
+    /** Pointer to the opcode bytes this block was recompiled from. */
+    uint8_t            *pabOpcodes;
+#if 0
+    struct
+    {
+        uint16_t        offOpcodes;
+        uint16_t        cbOpcodes;
+    } aRanges;
+    /** Physical pages that the .    */
+    RTGCPHYS            aGCPhysPgs[2];
+#endif
+} IEMTB;
 …
 *   Internal Functions                                                                                                           *
 *********************************************************************************************************************************/
+static bool         iemThreadedCompileBeginEmitCallsComplications(PVMCPUCC pVCpu, PIEMTB pTb);
 static VBOXSTRICTRC iemThreadedTbExec(PVMCPUCC pVCpu, PIEMTB pTb);
 …
 #define IEM_MC2_BEGIN_EMIT_CALLS() \
     { \
+        PIEMTB const pTb = pVCpu->iem.s.pCurTbR3; \
+        AssertMsg(pVCpu->iem.s.offOpcode == IEM_GET_INSTR_LEN(pVCpu), \
+                  ("%u vs %u (%04x:%08RX64)\n", pVCpu->iem.s.offOpcode, IEM_GET_INSTR_LEN(pVCpu), \
+        PIEMTB const  pTb = pVCpu->iem.s.pCurTbR3; \
+        uint8_t const cbInstrMc2 = IEM_GET_INSTR_LEN(pVCpu); \
+        AssertMsg(pVCpu->iem.s.offOpcode == cbInstrMc2, \
+                  ("%u vs %u (%04x:%08RX64)\n", pVCpu->iem.s.offOpcode, cbInstrMc2, \
                   pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip)); \
+        /** @todo check for cross page stuff */ \
+        if (!(pTb->fFlags & IEMTB_F_CS_LIM_CHECKS)) \
+        \
+        /* No page crossing, right? */ \
+        uint16_t const offOpcodeMc2 = pTb->cbOpcodes; \
+        uint8_t const  idxRangeMc2  = pTb->cRanges - 1; \
+        if (   !pVCpu->iem.s.fTbCrossedPage \
+            && !pVCpu->iem.s.fTbCheckOpcodes \
+            && !pVCpu->iem.s.fTbBranched \
+            && !(pTb->fFlags & IEMTB_F_CS_LIM_CHECKS)) \
+        { \
+            /** @todo Custom copy function, given range is 1 thru 15 bytes. */ \
+            memcpy(&pTb->pabOpcodes[offOpcodeMc2], pVCpu->iem.s.abOpcode, pVCpu->iem.s.offOpcode); \
+            pTb->cbOpcodes                       = offOpcodeMc2 + pVCpu->iem.s.offOpcode; \
+            pTb->aRanges[idxRangeMc2].cbOpcodes += cbInstrMc2; \
+            Assert(pTb->cbOpcodes <= pTb->cbOpcodesAllocated); \
+        } \
+        else if (iemThreadedCompileBeginEmitCallsComplications(pVCpu, pTb)) \
         { /* likely */ } \
         else \
+        { \
+            PIEMTHRDEDCALLENTRY const pCall = &pTb->Thrd.paCalls[pTb->Thrd.cCalls++]; \
+            pCall->enmFunction = kIemThreadedFunc_CheckCsLim; \
+            pCall->offOpcode   = pTb->cbOpcodes; \
+            pCall->auParams[0] = pCall->cbOpcode = IEM_GET_INSTR_LEN(pVCpu); \
+            pCall->auParams[1] = 0; \
+            pCall->auParams[2] = 0; \
+        } \
+            return VINF_IEM_RECOMPILE_END_TB; \
+        \
         do { } while (0)
 …
         PIEMTHRDEDCALLENTRY const pCall = &pTb->Thrd.paCalls[pTb->Thrd.cCalls++]; \
         pCall->enmFunction = a_enmFunction; \
+        pCall->offOpcode   = pTb->cbOpcodes; \
+        pCall->cbOpcode    = IEM_GET_INSTR_LEN(pVCpu); \
+        pCall->offOpcode   = offOpcodeMc2; \
+        pCall->cbOpcode    = cbInstrMc2; \
+        pCall->idxRange    = idxRangeMc2; \
         pCall->auParams[0] = 0; \
         pCall->auParams[1] = 0; \
 …
         PIEMTHRDEDCALLENTRY const pCall = &pTb->Thrd.paCalls[pTb->Thrd.cCalls++]; \
         pCall->enmFunction = a_enmFunction; \
+        pCall->offOpcode   = pTb->cbOpcodes; \
+        pCall->cbOpcode    = IEM_GET_INSTR_LEN(pVCpu); \
+        pCall->offOpcode   = offOpcodeMc2; \
+        pCall->cbOpcode    = cbInstrMc2; \
+        pCall->idxRange    = idxRangeMc2; \
         pCall->auParams[0] = a_uArg0; \
         pCall->auParams[1] = 0; \
 …
         PIEMTHRDEDCALLENTRY const pCall = &pTb->Thrd.paCalls[pTb->Thrd.cCalls++]; \
         pCall->enmFunction = a_enmFunction; \
+        pCall->offOpcode   = pTb->cbOpcodes; \
+        pCall->cbOpcode    = IEM_GET_INSTR_LEN(pVCpu); \
+        pCall->offOpcode   = offOpcodeMc2; \
+        pCall->cbOpcode    = cbInstrMc2; \
+        pCall->idxRange    = idxRangeMc2; \
         pCall->auParams[0] = a_uArg0; \
         pCall->auParams[1] = a_uArg1; \
 …
         PIEMTHRDEDCALLENTRY const pCall = &pTb->Thrd.paCalls[pTb->Thrd.cCalls++]; \
         pCall->enmFunction = a_enmFunction; \
+        pCall->offOpcode   = pTb->cbOpcodes; \
+        pCall->cbOpcode    = IEM_GET_INSTR_LEN(pVCpu); \
+        pCall->offOpcode   = offOpcodeMc2; \
+        pCall->cbOpcode    = cbInstrMc2; \
+        pCall->idxRange    = idxRangeMc2; \
         pCall->auParams[0] = a_uArg0; \
         pCall->auParams[1] = a_uArg1; \
 …
 #define IEM_MC2_END_EMIT_CALLS() \
+        pTb->cInstructions++; \
     } while (0)
 …
             if (pTb->pabOpcodes)
+            {
                 pTb->Thrd.cAllocated    = cCalls;
                 pTb->cbOpcodesAllocated = cCalls * 16;
                 pTb->Thrd.cCalls        = 0;
                 pTb->cbOpcodes          = 0;
                 pTb->pNext              = NULL;
+                pTb->Thrd.cAllocated        = cCalls;
+                pTb->cbOpcodesAllocated     = cCalls * 16;
+                pTb->Thrd.cCalls            = 0;
+                pTb->cbOpcodes              = 0;
+                pTb->pNext                  = NULL;
                 RTListInit(&pTb->LocalList);
+                pTb->GCPhysPc           = GCPhysPc;
+                pTb->x86.fAttr          = (uint16_t)pVCpu->cpum.GstCtx.cs.Attr.u;
+                pTb->fFlags             = (pVCpu->iem.s.fExec & IEMTB_F_IEM_F_MASK) | fExtraFlags;
+                pTb->GCPhysPc               = GCPhysPc;
+                pTb->x86.fAttr              = (uint16_t)pVCpu->cpum.GstCtx.cs.Attr.u;
+                pTb->fFlags                 = (pVCpu->iem.s.fExec & IEMTB_F_IEM_F_MASK) | fExtraFlags;
+                /* Init the first opcode range. */
+                pTb->cRanges                = 1;
+                pTb->aRanges[0].cbOpcodes   = 0;
+                pTb->aRanges[0].offOpcodes  = 0;
+                pTb->aRanges[0].offPhysPage = GCPhysPc & GUEST_PAGE_OFFSET_MASK;
+                pTb->aRanges[0].u2Unused    = 0;
+                pTb->aRanges[0].idxPhysPage = 0;
+                pTb->aGCPhysPages[0]        = NIL_RTGCPHYS;
+                pTb->aGCPhysPages[1]        = NIL_RTGCPHYS;
                 pVCpu->iem.s.cTbAllocs++;
                 return pTb;
 …
     RTMemFree(pTb);
     pVCpu->iem.s.cTbFrees++;
+}
+/**
+ * Called by opcode verifier functions when they detect a problem.
+ */
+void iemThreadedTbObsolete(PVMCPUCC pVCpu, PIEMTB pTb)
+{
+    iemThreadedTbFree(pVCpu->CTX_SUFF(pVM), pVCpu, pTb);
+}
 …
         pVCpu->iem.s.rcPassUp               = VINF_SUCCESS;
         pVCpu->iem.s.fEndTb                 = false;
+        pVCpu->iem.s.fTbCheckOpcodes        = false;
+        pVCpu->iem.s.fTbBranched            = false;
+        pVCpu->iem.s.fTbCrossedPage         = false;
+    }
     else
 …
         Assert(pVCpu->iem.s.rcPassUp        == VINF_SUCCESS);
         Assert(pVCpu->iem.s.fEndTb          == false);
+        Assert(pVCpu->iem.s.fTbCrossedPage  == false);
+    }
 …
+DECLINLINE(void) iemThreadedCopyOpcodeBytesInline(PCVMCPUCC pVCpu, uint8_t *pbDst, uint8_t cbInstr)
+{
+    switch (cbInstr)
+    {
+        default: AssertMsgFailed(("%#x\n", cbInstr)); RT_FALL_THROUGH();
+        case 15:    pbDst[14] = pVCpu->iem.s.abOpcode[14]; RT_FALL_THROUGH();
+        case 14:    pbDst[13] = pVCpu->iem.s.abOpcode[13]; RT_FALL_THROUGH();
+        case 13:    pbDst[12] = pVCpu->iem.s.abOpcode[12]; RT_FALL_THROUGH();
+        case 12:    pbDst[11] = pVCpu->iem.s.abOpcode[11]; RT_FALL_THROUGH();
+        case 11:    pbDst[10] = pVCpu->iem.s.abOpcode[10]; RT_FALL_THROUGH();
+        case 10:    pbDst[9]  = pVCpu->iem.s.abOpcode[9];  RT_FALL_THROUGH();
+        case 9:     pbDst[8]  = pVCpu->iem.s.abOpcode[8];  RT_FALL_THROUGH();
+        case 8:     pbDst[7]  = pVCpu->iem.s.abOpcode[7];  RT_FALL_THROUGH();
+        case 7:     pbDst[6]  = pVCpu->iem.s.abOpcode[6];  RT_FALL_THROUGH();
+        case 6:     pbDst[5]  = pVCpu->iem.s.abOpcode[5];  RT_FALL_THROUGH();
+        case 5:     pbDst[4]  = pVCpu->iem.s.abOpcode[4];  RT_FALL_THROUGH();
+        case 4:     pbDst[3]  = pVCpu->iem.s.abOpcode[3];  RT_FALL_THROUGH();
+        case 3:     pbDst[2]  = pVCpu->iem.s.abOpcode[2];  RT_FALL_THROUGH();
+        case 2:     pbDst[1]  = pVCpu->iem.s.abOpcode[1];  RT_FALL_THROUGH();
+        case 1:     pbDst[0]  = pVCpu->iem.s.abOpcode[0];  break;
+    }
+}
+/**
+ * Called by IEM_MC2_BEGIN_EMIT_CALLS() under one of these conditions:
+ *
+ *      - CS LIM check required.
+ *      - Must recheck opcode bytes.
+ *      - Previous instruction branched.
+ *      - TLB load detected, probably due to page crossing.
+ *
+ * @returns true if everything went well, false if we're out of space in the TB
+ *          (e.g. opcode ranges).
+ * @param   pVCpu       The cross context virtual CPU structure of the calling
+ *                      thread.
+ * @param   pTb         The translation block being compiled.
+ */
+static bool iemThreadedCompileBeginEmitCallsComplications(PVMCPUCC pVCpu, PIEMTB pTb)
+{
+    Assert((pVCpu->iem.s.GCPhysInstrBuf & GUEST_PAGE_OFFSET_MASK) == 0);
+    /*
+     * Prepare call now, even before we know if can accept the instruction in this TB.
+     * This allows us amending parameters w/o making every case suffer.
+     */
+    uint8_t const             cbInstr   = IEM_GET_INSTR_LEN(pVCpu);
+    uint16_t const            offOpcode = pTb->cbOpcodes;
+    uint8_t                   idxRange  = pTb->cRanges - 1;
+    PIEMTHRDEDCALLENTRY const pCall     = &pTb->Thrd.paCalls[pTb->Thrd.cCalls];
+    pCall->offOpcode   = offOpcode;
+    pCall->idxRange    = idxRange;
+    pCall->cbOpcode    = cbInstr;
+    pCall->auParams[0] = cbInstr;
+    pCall->auParams[1] = idxRange;
+    pCall->auParams[2] = offOpcode - pTb->aRanges[idxRange].offOpcodes;
+/** @todo check if we require IEMTB_F_CS_LIM_CHECKS for any new page we've
+ *        gotten onto.  If we do, stop */
+    /*
+     * Case 1: We've branched (RIP changed).
+     *
+     * Sub-case 1a: Same page, no TLB load, so fTbCrossedPage is false.
+     *         Req: 1 extra range, no extra phys.
+     *
+     * Sub-case 1b: Different page, so TLB load necessary and fTbCrossedPage is true.
+     *         Req: 1 extra range, probably 1 extra phys page entry.
+     *
+     * Sub-case 1c: Different page, so TLB load necessary and fTbCrossedPage is true,
+     *              but in addition we cross into the following page and require
+     *              another TLB load.
+     *         Req: 2 extra ranges, probably 2 extra phys page entries.
+     *
+     * Sub-case 1d: Same page, so no initial TLB load necessary, but we cross into
+     *              the following page and thus fTbCrossedPage is true.
+     *         Req: 2 extra ranges, probably 1 extra phys page entry.
+     *
+     * Note! We do not currently optimize branching to the next instruction (sorry
+     *       32-bit PIC code).  We could maybe do that in the branching code that sets (or not) fTbBranched.
+     */
+    if (pVCpu->iem.s.fTbBranched)
+    {
+AssertFailed(); /** @todo enable including branches in TBs and debug this code. */
+        if (   !pVCpu->iem.s.fTbCrossedPage       /* 1a */
+            || pVCpu->iem.s.offCurInstrStart >= 0 /* 1b */ )
+        {
+            /* 1a + 1b - instruction fully within the branched to page. */
+            Assert(pVCpu->iem.s.offCurInstrStart >= 0);
+            Assert(pVCpu->iem.s.offCurInstrStart + cbInstr <= GUEST_PAGE_SIZE);
+            /* Check that we've got a free range. */
+            idxRange += 1;
+            if (idxRange < RT_ELEMENTS(pTb->aRanges))
+            { /* likely */ }
+            else
+                return false;
+            pCall->idxRange    = idxRange;
+            pCall->auParams[1] = idxRange;
+            pCall->auParams[2] = 0;
+            /* Check that we've got a free page slot. */
+            AssertCompile(RT_ELEMENTS(pTb->aGCPhysPages) == 2);
+            RTGCPHYS const GCPhysNew = pVCpu->iem.s.GCPhysInstrBuf & ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK;
+            if ((pTb->GCPhysPc & ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK) == GCPhysNew)
+                pTb->aRanges[idxRange].idxPhysPage = 0;
+            else if (   pTb->aGCPhysPages[0] == NIL_RTGCPHYS
+                     || pTb->aGCPhysPages[0] == GCPhysNew)
+            {
+                pTb->aGCPhysPages[0] = GCPhysNew;
+                pTb->aRanges[idxRange].idxPhysPage = 1;
+            }
+            else if (   pTb->aGCPhysPages[1] == NIL_RTGCPHYS
+                     || pTb->aGCPhysPages[1] == GCPhysNew)
+            {
+                pTb->aGCPhysPages[1] = GCPhysNew;
+                pTb->aRanges[idxRange].idxPhysPage = 2;
+            }
+            else
+                return false;
+            /* Finish setting up the new range. */
+            pTb->aRanges[idxRange].offPhysPage = pVCpu->iem.s.offCurInstrStart;
+            pTb->aRanges[idxRange].offOpcodes  = offOpcode;
+            pTb->aRanges[idxRange].cbOpcodes   = cbInstr;
+            pTb->cRanges++;
+            /* Determin which function we need to load & check.
+               Note! For jumps to a new page, we'll set both fTbBranched and
+                     fTbCrossedPage to avoid unnecessary TLB work for intra
+                     page branching */
+            if (pVCpu->iem.s.fTbCrossedPage)
+                pCall->enmFunction = pTb->fFlags & IEMTB_F_CS_LIM_CHECKS
+                                   ? kIemThreadedFunc_CheckCsLimAndOpcodesLoadingTlb
+                                   : kIemThreadedFunc_CheckOpcodesLoadingTlb;
+            else
+                pCall->enmFunction = pTb->fFlags & IEMTB_F_CS_LIM_CHECKS
+                                   ? kIemThreadedFunc_CheckCsLimAndOpcodes
+                                   : kIemThreadedFunc_CheckOpcodes;
+        }
+        else
+        {
+            /* 1c + 1d - instruction crosses pages. */
+            Assert(pVCpu->iem.s.offCurInstrStart < 0);
+            Assert(pVCpu->iem.s.offCurInstrStart + cbInstr > 0);
+            /* Lazy bird: Check that this isn't case 1c, since we've already
+                          load the first physical address.  End the TB and
+                          make it a case 2b instead.
+                          Hmm. Too much bother to detect, so just do the same
+                          with case 1d as well. */
+#if 0       /** @todo get back to this later when we've got the actual branch code in
+             *        place. */
+            uint8_t const cbStartPage = (uint8_t)-pVCpu->iem.s.offCurInstrStart;
+            /* Check that we've got two free ranges. */
+            if (idxRange + 2 < RT_ELEMENTS(pTb->aRanges))
+            { /* likely */ }
+            else
+                return false;
+            idxRange += 1;
+            pCall->idxRange    = idxRange;
+            pCall->auParams[1] = idxRange;
+            pCall->auParams[2] = 0;
+            /* ... */
+#else
+            return false;
+#endif
+        }
+    }
+    /*
+     * Case 2: Page crossing.
+     *
+     * Sub-case 2a: The instruction starts on the first byte in the next page.
+     *
+     * Sub-case 2b: The instruction has opcode bytes in both the current and
+     *              following page.
+     *
+     * Both cases requires a new range table entry and probably a new physical
+     * page entry.  The difference is in which functions to emit and whether to
+     * add bytes to the current range.
+     */
+    else if (pVCpu->iem.s.fTbCrossedPage)
+    {
+        /* Check that we've got a free range. */
+        idxRange += 1;
+        if (idxRange < RT_ELEMENTS(pTb->aRanges))
+        { /* likely */ }
+        else
+            return false;
+        /* Check that we've got a free page slot. */
+        AssertCompile(RT_ELEMENTS(pTb->aGCPhysPages) == 2);
+        RTGCPHYS const GCPhysNew = pVCpu->iem.s.GCPhysInstrBuf & ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK;
+        if ((pTb->GCPhysPc & ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK) == GCPhysNew)
+            pTb->aRanges[idxRange].idxPhysPage = 0;
+        else if (   pTb->aGCPhysPages[0] == NIL_RTGCPHYS
+                 || pTb->aGCPhysPages[0] == GCPhysNew)
+        {
+            pTb->aGCPhysPages[0] = GCPhysNew;
+            pTb->aRanges[idxRange].idxPhysPage = 1;
+        }
+        else if (   pTb->aGCPhysPages[1] == NIL_RTGCPHYS
+                 || pTb->aGCPhysPages[1] == GCPhysNew)
+        {
+            pTb->aGCPhysPages[1] = GCPhysNew;
+            pTb->aRanges[idxRange].idxPhysPage = 2;
+        }
+        else
+            return false;
+        if (((pTb->aRanges[idxRange - 1].offPhysPage + pTb->aRanges[idxRange - 1].cbOpcodes) & GUEST_PAGE_OFFSET_MASK) == 0)
+        {
+            Assert(pVCpu->iem.s.offCurInstrStart == 0);
+            pCall->idxRange    = idxRange;
+            pCall->auParams[1] = idxRange;
+            pCall->auParams[2] = 0;
+            /* Finish setting up the new range. */
+            pTb->aRanges[idxRange].offPhysPage = pVCpu->iem.s.offCurInstrStart;
+            pTb->aRanges[idxRange].offOpcodes  = offOpcode;
+            pTb->aRanges[idxRange].cbOpcodes   = cbInstr;
+            pTb->cRanges++;
+            /* Determin which function we need to load & check. */
+            pCall->enmFunction = pTb->fFlags & IEMTB_F_CS_LIM_CHECKS
+                               ? kIemThreadedFunc_CheckCsLimAndOpcodesLoadingTlb
+                               : kIemThreadedFunc_CheckOpcodesLoadingTlb;
+        }
+        else
+        {
+            Assert(pVCpu->iem.s.offCurInstrStart < 0);
+            Assert(pVCpu->iem.s.offCurInstrStart + cbInstr > 0);
+            uint8_t const cbStartPage = (uint8_t)-pVCpu->iem.s.offCurInstrStart;
+            pCall->auParams[0] |= (uint64_t)cbStartPage << 32;
+            /* We've good. Split the instruction over the old and new range table entries. */
+            pTb->aRanges[idxRange - 1].cbOpcodes += cbStartPage;
+            pTb->aRanges[idxRange].offPhysPage    = 0;
+            pTb->aRanges[idxRange].offOpcodes     = offOpcode + cbStartPage;
+            pTb->aRanges[idxRange].cbOpcodes      = cbInstr   - cbStartPage;
+            pTb->cRanges++;
+            /* Determin which function we need to load & check. */
+            if (pVCpu->iem.s.fTbCheckOpcodes)
+                pCall->enmFunction = pTb->fFlags & IEMTB_F_CS_LIM_CHECKS
+                                   ? kIemThreadedFunc_CheckCsLimAndOpcodesAcrossPageLoadingTlb
+                                   : kIemThreadedFunc_CheckOpcodesAcrossPageLoadingTlb;
+            else
+                pCall->enmFunction = pTb->fFlags & IEMTB_F_CS_LIM_CHECKS
+                                   ? kIemThreadedFunc_CheckCsLimAndOpcodesOnNextPageLoadingTlb
+                                   : kIemThreadedFunc_CheckOpcodesOnNextPageLoadingTlb;
+        }
+    }
+    /*
+     * Regular case: No new range required.
+     */
+    else
+    {
+        Assert(pVCpu->iem.s.fTbCheckOpcodes || (pTb->fFlags & IEMTB_F_CS_LIM_CHECKS));
+        if (pVCpu->iem.s.fTbCheckOpcodes)
+            pCall->enmFunction = pTb->fFlags & IEMTB_F_CS_LIM_CHECKS
+                               ? kIemThreadedFunc_CheckCsLimAndOpcodes
+                               : kIemThreadedFunc_CheckOpcodes;
+        else
+            pCall->enmFunction = kIemThreadedFunc_CheckCsLim;
+        iemThreadedCopyOpcodeBytesInline(pVCpu, &pTb->pabOpcodes[offOpcode], cbInstr);
+        pTb->cbOpcodes                    = offOpcode + cbInstr;
+        pTb->aRanges[idxRange].cbOpcodes += cbInstr;
+        Assert(pTb->cbOpcodes <= pTb->cbOpcodesAllocated);
+    }
+    /*
+     * Commit the call.
+     */
+    pTb->Thrd.cCalls++;
+    /*
+     * Clear state.
+     */
+    pVCpu->iem.s.fTbBranched     = false;
+    pVCpu->iem.s.fTbCrossedPage  = false;
+    pVCpu->iem.s.fTbCheckOpcodes = false;
+    /*
+     * Copy opcode bytes.
+     */
+    iemThreadedCopyOpcodeBytesInline(pVCpu, &pTb->pabOpcodes[offOpcode], cbInstr);
+    pTb->cbOpcodes = offOpcode + cbInstr;
+    Assert(pTb->cbOpcodes <= pTb->cbOpcodesAllocated);
+    return true;
+}
 /**
  * Compiles a new TB and executes it.
 …
             Assert(cCallsPrev - pTb->Thrd.cCalls < 5);
-            memcpy(&pTb->pabOpcodes[pTb->cbOpcodes], pVCpu->iem.s.abOpcode, pVCpu->iem.s.offOpcode);
-            pTb->cbOpcodes += pVCpu->iem.s.offOpcode;
-            Assert(pTb->cbOpcodes <= pTb->cbOpcodesAllocated);
             pVCpu->iem.s.cInstructions++;
+        }
+        else if (pTb->Thrd.cCalls > 0)
+        {
+            Log8(("%04x:%08RX64: End TB - %u calls, rc=%d\n", uCsLog, uRipLog, pTb->Thrd.cCalls, VBOXSTRICTRC_VAL(rcStrict)));
+            if (cCallsPrev != pTb->Thrd.cCalls)
+        else
+        {
+            Log8(("%04x:%08RX64: End TB - %u instr, %u calls, rc=%d\n",
+                  uCsLog, uRipLog, pTb->cInstructions, pTb->Thrd.cCalls, VBOXSTRICTRC_VAL(rcStrict)));
+            if (rcStrict == VINF_IEM_RECOMPILE_END_TB)
+                rcStrict = VINF_SUCCESS;
+            if (pTb->Thrd.cCalls > 0)
+            {
+                memcpy(&pTb->pabOpcodes[pTb->cbOpcodes], pVCpu->iem.s.abOpcode, pVCpu->iem.s.offOpcode);
+                pTb->cbOpcodes += pVCpu->iem.s.offOpcode;
+                Assert(pTb->cbOpcodes <= pTb->cbOpcodesAllocated);
+                pVCpu->iem.s.cInstructions++;
+                if (cCallsPrev != pTb->Thrd.cCalls)
+                    pVCpu->iem.s.cInstructions++;
+                break;
+            }
+            break;
+        }
+        else
+        {
+            Log8(("%04x:%08RX64: End TB - 0 calls, rc=%d\n", uCsLog, uRipLog, VBOXSTRICTRC_VAL(rcStrict)));
             pVCpu->iem.s.pCurTbR3 = NULL;
             iemThreadedTbFree(pVM, pVCpu, pTb);
 …
         /* Still space in the TB? */
+        if (pTb->Thrd.cCalls + 5 < pTb->Thrd.cAllocated)
+        if (   pTb->Thrd.cCalls + 5 < pTb->Thrd.cAllocated
+            && pTb->cbOpcodes + 16 <= pTb->cbOpcodesAllocated)
             iemThreadedCompileInitDecoder(pVCpu, true /*fReInit*/);
         else
+        {
+            Log8(("%04x:%08RX64: End TB - %u calls - full\n", uCsLog, uRipLog, pTb->Thrd.cCalls));
+            Log8(("%04x:%08RX64: End TB - %u instr, %u calls, %u opcode bytes - full\n",
+                  uCsLog, uRipLog, pTb->cInstructions, pTb->Thrd.cCalls, pTb->cbOpcodes));
             break;
+        }
 …
     else
+    {
         Log11(("TB obsolete: %p GCPhys=%RGp\n", pTb, pTb->GCPhysPc));
+        Log7(("TB obsolete: %p GCPhys=%RGp\n", pTb, pTb->GCPhysPc));
         iemThreadedTbFree(pVCpu->pVMR3, pVCpu, pTb);
         return VINF_SUCCESS;

trunk/src/VBox/VMM/include/IEMInternal.h

-              r100672
+              r100694
 #include <iprt/setjmp-without-sigmask.h>
+#include <iprt/list.h>
 …
-/** Pointer to a translation block. */
-typedef struct IEMTB *PIEMTB;
 /** @name IEM_F_XXX - Execution mode flags (IEMCPU::fExec, IEMTB::fFlags).
+ *
 …
 AssertCompile(  IEM_F_MODE_X86_64BIT              & IEM_F_MODE_X86_PROT_MASK);
 AssertCompile(!(IEM_F_MODE_X86_64BIT              & IEM_F_MODE_X86_FLAT_OR_PRE_386_MASK));
+/**
+ * A call for the threaded call table.
+ */
+typedef struct IEMTHRDEDCALLENTRY
+{
+    /** The function to call (IEMTHREADEDFUNCS). */
+    uint16_t    enmFunction;
+    uint16_t    uUnused0;
+    /** Offset into IEMTB::pabOpcodes. */
+    uint16_t    offOpcode;
+    /** The opcode length. */
+    uint8_t     cbOpcode;
+    /** Index in to IEMTB::aRanges. */
+    uint8_t     idxRange;
+    /** Generic parameters. */
+    uint64_t    auParams[3];
+} IEMTHRDEDCALLENTRY;
+AssertCompileSize(IEMTHRDEDCALLENTRY, sizeof(uint64_t) * 4);
+/** Pointer to a threaded call entry. */
+typedef struct IEMTHRDEDCALLENTRY *PIEMTHRDEDCALLENTRY;
+/** Pointer to a const threaded call entry. */
+typedef IEMTHRDEDCALLENTRY const *PCIEMTHRDEDCALLENTRY;
+/**
+ * Translation block.
+ */
+#pragma pack(2) /* to prevent the Thrd structure from being padded unnecessarily */
+typedef struct IEMTB
+{
+    /** Next block with the same hash table entry. */
+    struct IEMTB * volatile pNext;
+    /** List on the local VCPU for blocks. */
+    RTLISTNODE          LocalList;
+    /** @name What uniquely identifies the block.
+     * @{ */
+    RTGCPHYS            GCPhysPc;
+    /** IEMTB_F_XXX (i.e. IEM_F_XXX ++). */
+    uint32_t            fFlags;
+    union
+    {
+        struct
+        {
+            /**< Relevant CS X86DESCATTR_XXX bits. */
+            uint16_t    fAttr;
+        } x86;
+    };
+    /** @} */
+    /** Number of opcode ranges. */
+    uint8_t             cRanges;
+    /** Statistics: Number of instructions in the block. */
+    uint8_t             cInstructions;
+    /** Type specific info. */
+    union
+    {
+        struct
+        {
+            /** The call sequence table. */
+            PIEMTHRDEDCALLENTRY paCalls;
+            /** Number of calls in paCalls. */
+            uint16_t            cCalls;
+            /** Number of calls allocated. */
+            uint16_t            cAllocated;
+        } Thrd;
+    };
+    /** Number of bytes of opcodes stored in pabOpcodes. */
+    uint16_t            cbOpcodes;
+    /** The max storage available in the pabOpcodes block. */
+    uint16_t            cbOpcodesAllocated;
+    /** Pointer to the opcode bytes this block was recompiled from. */
+    uint8_t            *pabOpcodes;
+    /* --- 64 byte cache line end --- */
+    /** Opcode ranges.
+     *
+     * The opcode checkers and maybe TLB loading functions will use this to figure
+     * out what to do.  The parameter will specify an entry and the opcode offset to
+     * start at and the minimum number of bytes to verify (instruction length).
+     *
+     * When VT-x and AMD-V looks up the opcode bytes for an exitting instruction,
+     * they'll first translate RIP (+ cbInstr - 1) to a physical address using the
+     * code TLB (must have a valid entry for that address) and scan the ranges to
+     * locate the corresponding opcodes. Probably.
+     */
+    struct IEMTBOPCODERANGE
+    {
+        /** Offset within pabOpcodes. */
+        uint16_t        offOpcodes;
+        /** Number of bytes. */
+        uint16_t        cbOpcodes;
+        /** The page offset. */
+        RT_GCC_EXTENSION
+        uint16_t        offPhysPage : 12;
+        /** Unused bits. */
+        RT_GCC_EXTENSION
+        uint16_t        u2Unused    :  2;
+        /** Index into GCPhysPc + aGCPhysPages for the physical page address. */
+        RT_GCC_EXTENSION
+        uint16_t        idxPhysPage :  2;
+    } aRanges[8];
+    /** Physical pages that this TB covers.
+     * The GCPhysPc w/o page offset is element zero, so starting here with 1. */
+    RTGCPHYS            aGCPhysPages[2];
+} IEMTB;
+#pragma pack()
+AssertCompileMemberOffset(IEMTB, x86, 36);
+AssertCompileMemberOffset(IEMTB, cRanges, 38);
+AssertCompileMemberOffset(IEMTB, Thrd, 40);
+AssertCompileMemberOffset(IEMTB, Thrd.cCalls, 48);
+AssertCompileMemberOffset(IEMTB, cbOpcodes, 52);
+AssertCompileMemberSize(IEMTB, aRanges[0], 6);
+AssertCompileSize(IEMTB, 128);
+/** Pointer to a translation block. */
+typedef IEMTB *PIEMTB;
+/** Pointer to a const translation block. */
+typedef IEMTB const *PCIEMTB;
 …
     /** Number of TBs executed. */
     uint64_t                cTbExec;
+    /** Whether we need to check the opcode bytes for the current instruction.
+     * This is set by a previous instruction if it modified memory or similar.  */
+    bool                    fTbCheckOpcodes;
+    /** Whether we just branched and need to start a new opcode range and emit code
+     * to do a TLB load and check them again. */
+    bool                    fTbBranched;
+    /** Set when GCPhysInstrBuf is updated because of a page crossing. */
+    bool                    fTbCrossedPage;
     /** Whether to end the current TB. */
     bool                    fEndTb;
     /** Spaced reserved for recompiler data / alignment. */
     bool                    afRecompilerStuff1[7];
+    bool                    afRecompilerStuff1[4];
     /** @} */
 …
 IEM_CIMPL_PROTO_1(iemCImpl_Hypercall, uint16_t, uDisOpcode); /* both */
+void            iemThreadedTbObsolete(PVMCPUCC pVCpu, PIEMTB pTb);
+IEM_DECL_IMPL_PROTO(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckMode,
+                    (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2));
+IEM_DECL_IMPL_PROTO(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckCsLim,
+                    (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2));
+IEM_DECL_IMPL_PROTO(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckCsLimAndOpcodes,
+                    (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2));
+IEM_DECL_IMPL_PROTO(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckCsLimAndOpcodesAcrossPageLoadingTlb,
+                    (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2));
+IEM_DECL_IMPL_PROTO(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckCsLimAndOpcodesLoadingTlb,
+                    (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2));
+IEM_DECL_IMPL_PROTO(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckCsLimAndOpcodesOnNextPageLoadingTlb,
+                    (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2));
+IEM_DECL_IMPL_PROTO(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckOpcodes,
+                    (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2));
+IEM_DECL_IMPL_PROTO(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckOpcodesAcrossPageLoadingTlb,
+                    (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2));
+IEM_DECL_IMPL_PROTO(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckOpcodesLoadingTlb,
+                    (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2));
+IEM_DECL_IMPL_PROTO(VBOXSTRICTRC, iemThreadedFunc_BltIn_CheckOpcodesOnNextPageLoadingTlb,
+                    (PVMCPU pVCpu, uint64_t uParam0, uint64_t uParam1, uint64_t uParam2));
 extern const PFNIEMOP g_apfnIemInterpretOnlyOneByteMap[256];

Note: See TracChangeset for help on using the changeset viewer.

Changeset 100694 in vbox

Legend:

Download in other formats: