Changeset 101091 in vbox

Timestamp:

Sep 12, 2023 12:42:45 PM (20 months ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

159060

Message:

VMM/IEM: Fixed collision list issue when removing. Added length assertions when changing it. bugref:10369

File:

• trunk/src/VBox/VMM/VMMAll/IEMAllThrdRecompiler.cpp (modified) (8 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAllThrdRecompiler.cpp

@@ -460 +460 @@
 }
 
+#ifdef VBOX_STRICT
+/**
+ * Assertion helper that checks a collisions list count.
+ */
+static void iemTbCacheAssertCorrectCount(PIEMTBCACHE pTbCache, uint32_t idxHash, const char *pszOperation)
+{
+    PIEMTB pTb   = IEMTBCACHE_PTR_GET_TB(pTbCache->apHash[idxHash]);
+    int    cLeft = IEMTBCACHE_PTR_GET_COUNT(pTbCache->apHash[idxHash]);
+    while (pTb)
+    {
+        pTb = pTb->pNext;
+        cLeft--;
+    }
+    AssertMsg(cLeft == 0,
+              ("idxHash=%#x cLeft=%d; entry count=%d; %s\n",
+               idxHash, cLeft, IEMTBCACHE_PTR_GET_COUNT(pTbCache->apHash[idxHash]), pszOperation));
+}
+#endif
+
 
 DECL_NO_INLINE(static, void) iemTbCacheAddWithPruning(PVMCPUCC pVCpu, PIEMTBCACHE pTbCache, PIEMTB pTb, uint32_t idxHash)
@@ -471 +490 @@
     uintptr_t cInserted    = 0;
     PIEMTB    pTbCollision = IEMTBCACHE_PTR_GET_TB(pTbCache->apHash[idxHash]);
+
     pTbCache->apHash[idxHash] = NULL; /* Must NULL the entry before trying to free anything. */
 
@@ -504 +524 @@
         iemTbAllocatorFree(pVCpu, apSortedTbs[idx]);
 
-    /* Chain the new TB together with the ones we like to keep of the existing
-       ones and insert this list into the hash table. */
+    /* Then chain the new TB together with the ones we like to keep of the
+       existing ones and insert this list into the hash table. */
     pTbCollision = pTb;
     for (uintptr_t idx = 0; idx < cKeep; idx++)
@@ -512 +532 @@
 
     pTbCache->apHash[idxHash] = IEMTBCACHE_PTR_MAKE(pTb, cKeep + 1);
+#ifdef VBOX_STRICT
+    iemTbCacheAssertCorrectCount(pTbCache, idxHash, "add w/ pruning");
+#endif
 
     STAM_PROFILE_STOP(&pTbCache->StatPrune, a);
@@ -534 +557 @@
             pTb->pNext = IEMTBCACHE_PTR_GET_TB(pTbOldHead);
             pTbCache->apHash[idxHash] = IEMTBCACHE_PTR_MAKE(pTb, cCollisions + 1);
+#ifdef VBOX_STRICT
+            iemTbCacheAssertCorrectCount(pTbCache, idxHash, "add");
+#endif
         }
         else
@@ -552 +578 @@
     uint32_t const idxHash = IEMTBCACHE_HASH(pTbCache, pTb->fFlags, pTb->GCPhysPc);
     PIEMTB         pTbHash = IEMTBCACHE_PTR_GET_TB(pTbCache->apHash[idxHash]);
-
-    /* At the head of the collision list? */
+    uint32_t volatile cLength = IEMTBCACHE_PTR_GET_COUNT(pTbCache->apHash[idxHash]); RT_NOREF(cLength);
+
+    /*
+     * At the head of the collision list?
+     */
     if (pTbHash == pTb)
     {
@@ -559 +588 @@
             pTbCache->apHash[idxHash] = NULL;
         else
+        {
             pTbCache->apHash[idxHash] = IEMTBCACHE_PTR_MAKE(pTb->pNext,
                                                             IEMTBCACHE_PTR_GET_COUNT(pTbCache->apHash[idxHash]) - 1);
+#ifdef VBOX_STRICT
+            iemTbCacheAssertCorrectCount(pTbCache, idxHash, "remove #1");
+#endif
+        }
         return true;
     }
 
-    /* Search the collision list. */
+    /*
+     * Search the collision list.
+     */
+    PIEMTB const pTbHead = pTbHash;
     while (pTbHash)
     {
@@ -571 +608 @@
         {
             pTbHash->pNext = pTb->pNext;
-            pTbCache->apHash[idxHash] = IEMTBCACHE_PTR_MAKE(pTbCache->apHash[idxHash],
-                                                            IEMTBCACHE_PTR_GET_COUNT(pTbCache->apHash[idxHash]) - 1);
+            pTbCache->apHash[idxHash] = IEMTBCACHE_PTR_MAKE(pTbHead, IEMTBCACHE_PTR_GET_COUNT(pTbCache->apHash[idxHash]) - 1);
+#ifdef VBOX_STRICT
+            iemTbCacheAssertCorrectCount(pTbCache, idxHash, "remove #2");
+#endif
             return true;
         }