Changeset 102331 in vbox for trunk

Timestamp:

Nov 27, 2023 3:48:50 PM (15 months ago)

Author:

vboxsync

Message:

VMM/IEM: IEM_MC_REF_XXX must NOT have any IEM_MC_FETCH_XXX following them or the guest register shadowing goes bad. bugref:10371

Location:

trunk/src/VBox/VMM/VMMAll

Files:

• IEMAllInstOneByte.cpp.h (modified) (4 diffs)
• IEMAllInstPython.py (modified) (2 diffs)
• IEMAllInstThree0f38.cpp.h (modified) (6 diffs)
• IEMAllInstThree0f3a.cpp.h (modified) (4 diffs)
• IEMAllInstTwoByte0f.cpp.h (modified) (8 diffs)
• IEMAllInstVexMap2.cpp.h (modified) (14 diffs)
• IEMAllInstVexMap3.cpp.h (modified) (2 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAllInstOneByte.cpp.h

@@ -9004 +9004 @@
         IEM_MC_ARG(uint8_t,     cShiftArg,  1);
         IEM_MC_ARG(uint32_t *,  pEFlags,    2);
+        IEM_MC_FETCH_GREG_U8(cShiftArg, X86_GREG_xCX);
         IEM_MC_REF_GREG_U8(pu8Dst, IEM_GET_MODRM_RM(pVCpu, bRm));
-        IEM_MC_FETCH_GREG_U8(cShiftArg, X86_GREG_xCX);
         IEM_MC_REF_EFLAGS(pEFlags);
         IEM_MC_CALL_VOID_AIMPL_3(pImpl->pfnNormalU8, pu8Dst, cShiftArg, pEFlags);
@@ -9068 +9068 @@
                 IEM_MC_ARG(uint8_t,         cShiftArg,  1);
                 IEM_MC_ARG(uint32_t *,      pEFlags,    2);
+                IEM_MC_FETCH_GREG_U8(cShiftArg, X86_GREG_xCX);
                 IEM_MC_REF_GREG_U16(pu16Dst, IEM_GET_MODRM_RM(pVCpu, bRm));
-                IEM_MC_FETCH_GREG_U8(cShiftArg, X86_GREG_xCX);
                 IEM_MC_REF_EFLAGS(pEFlags);
                 IEM_MC_CALL_VOID_AIMPL_3(pImpl->pfnNormalU16, pu16Dst, cShiftArg, pEFlags);
@@ -9082 +9082 @@
                 IEM_MC_ARG(uint8_t,         cShiftArg,  1);
                 IEM_MC_ARG(uint32_t *,      pEFlags,    2);
+                IEM_MC_FETCH_GREG_U8(cShiftArg, X86_GREG_xCX);
                 IEM_MC_REF_GREG_U32(pu32Dst, IEM_GET_MODRM_RM(pVCpu, bRm));
-                IEM_MC_FETCH_GREG_U8(cShiftArg, X86_GREG_xCX);
                 IEM_MC_REF_EFLAGS(pEFlags);
                 IEM_MC_CALL_VOID_AIMPL_3(pImpl->pfnNormalU32, pu32Dst, cShiftArg, pEFlags);
@@ -9097 +9097 @@
                 IEM_MC_ARG(uint8_t,         cShiftArg,  1);
                 IEM_MC_ARG(uint32_t *,      pEFlags,    2);
+                IEM_MC_FETCH_GREG_U8(cShiftArg, X86_GREG_xCX);
                 IEM_MC_REF_GREG_U64(pu64Dst, IEM_GET_MODRM_RM(pVCpu, bRm));
-                IEM_MC_FETCH_GREG_U8(cShiftArg, X86_GREG_xCX);
                 IEM_MC_REF_EFLAGS(pEFlags);
                 IEM_MC_CALL_VOID_AIMPL_3(pImpl->pfnNormalU64, pu64Dst, cShiftArg, pEFlags);

trunk/src/VBox/VMM/VMMAll/IEMAllInstPython.py

@@ -2692 +2692 @@
         return "Block is missing IEMOP_HLP_DONE_*DECODING* invocation!";
 
+    def checkForFetchAfterRef(self, aoStmts, asRegRefClasses):
+        """
+        Checks that the register references are placed after register fetches
+        from the same register class.
+        Returns None on success, error string on failure.
+
+        Example:
+                SHL CH, CL
+
+        If the CH reference is created first, the fetching of CL will cause the
+        RCX guest register to have an active shadow register when it's being
+        updated.  The shadow register will then be stale after the SHL operation
+        completes, without us noticing.
+
+        It's easier to ensure we've got correct code than complicating the
+        recompiler code with safeguards here.
+        """
+        for iStmt, oStmt in enumerate(aoStmts):
+            if not oStmt.isCppStmt():
+                offRef = oStmt.sName.find("_REF_");
+                if offRef > 0:
+                    if oStmt.sName not in ('IEM_MC_REF_LOCAL', ):
+                        if oStmt.sName in ('IEM_MC_IF_FPUREG_NOT_EMPTY_REF_R80',
+                                           'IEM_MC_IF_TWO_FPUREGS_NOT_EMPTY_REF_R80',
+                                           'IEM_MC_IF_TWO_FPUREGS_NOT_EMPTY_REF_R80_FIRST',):
+                            sClass = 'FPUREG';
+                        else:
+                            offUnderscore = oStmt.sName.find('_', offRef + 5);
+                            if offUnderscore > 0:
+                                assert offUnderscore > offRef;
+                                sClass = oStmt.sName[offRef + 5 : offUnderscore];
+                            else:
+                                sClass = oStmt.sName[offRef + 5];
+                        asRegRefClasses[sClass] = True;
+                else:
+                    offFetch = oStmt.sName.find("_FETCH_");
+                    if offFetch > 0:
+                        sClass = oStmt.sName[offFetch + 7 : ];
+                        if not sClass.startswith("MEM"):
+                            offUnderscore = sClass.find('_');
+                            if offUnderscore >= 0:
+                                assert offUnderscore > 0;
+                                sClass = sClass[:offUnderscore];
+                            if sClass in asRegRefClasses:
+                                return "statement #%u: %s following REF! That'll mess up guest register shadowing" \
+                                     % (iStmt + 1, oStmt.sName,);
+
+            # Go into branches.
+            if isinstance(oStmt, McStmtCond):
+                sRet = self.checkForFetchAfterRef(oStmt.aoIfBranch, asRegRefClasses);
+                if sRet:
+                    return sRet;
+                sRet = self.checkForFetchAfterRef(oStmt.aoElseBranch, asRegRefClasses);
+                if sRet:
+                    return sRet;
+        return None;
+
     def check(self):
         """
@@ -2705 +2762 @@
 
         sRet = self.checkForDoneDecoding(aoStmts);
+        if sRet:
+            asRet.append(sRet);
+
+        sRet = self.checkForFetchAfterRef(aoStmts, {});
         if sRet:
             asRet.append(sRet);

trunk/src/VBox/VMM/VMMAll/IEMAllInstThree0f38.cpp.h

@@ -1814 +1814 @@
         IEM_MC_ARG(uint32_t *,          puDst, 0);
         IEM_MC_ARG(uint8_t,             uSrc,  1);
+        IEM_MC_FETCH_GREG_U8(uSrc,  IEM_GET_MODRM_RM(pVCpu, bRm));
         IEM_MC_REF_GREG_U32(puDst,  IEM_GET_MODRM_REG(pVCpu, bRm));
-        IEM_MC_FETCH_GREG_U8(uSrc,  IEM_GET_MODRM_RM(pVCpu, bRm));
         IEM_MC_CALL_VOID_AIMPL_2(IEM_SELECT_HOST_OR_FALLBACK(fSse42, iemAImpl_crc32_u8, iemAImpl_crc32_u8_fallback), puDst, uSrc);
         IEM_MC_CLEAR_HIGH_GREG_U64(IEM_GET_MODRM_REG(pVCpu, bRm));
@@ -1933 +1933 @@
                 IEM_MC_ARG(uint32_t *,          puDst, 0);
                 IEM_MC_ARG(uint16_t,            uSrc,  1);
+                IEM_MC_FETCH_GREG_U16(uSrc, IEM_GET_MODRM_RM(pVCpu, bRm));
                 IEM_MC_REF_GREG_U32(puDst,  IEM_GET_MODRM_REG(pVCpu, bRm));
-                IEM_MC_FETCH_GREG_U16(uSrc, IEM_GET_MODRM_RM(pVCpu, bRm));
                 IEM_MC_CALL_VOID_AIMPL_2(IEM_SELECT_HOST_OR_FALLBACK(fSse42, iemAImpl_crc32_u16, iemAImpl_crc32_u16_fallback),
                                          puDst, uSrc);
@@ -1947 +1947 @@
                 IEM_MC_ARG(uint32_t *,          puDst, 0);
                 IEM_MC_ARG(uint32_t,            uSrc,  1);
+                IEM_MC_FETCH_GREG_U32(uSrc, IEM_GET_MODRM_RM(pVCpu, bRm));
                 IEM_MC_REF_GREG_U32(puDst,  IEM_GET_MODRM_REG(pVCpu, bRm));
-                IEM_MC_FETCH_GREG_U32(uSrc, IEM_GET_MODRM_RM(pVCpu, bRm));
                 IEM_MC_CALL_VOID_AIMPL_2(IEM_SELECT_HOST_OR_FALLBACK(fSse42, iemAImpl_crc32_u32, iemAImpl_crc32_u32_fallback),
                                          puDst, uSrc);
@@ -1961 +1961 @@
                 IEM_MC_ARG(uint32_t *,          puDst, 0);
                 IEM_MC_ARG(uint64_t,            uSrc,  1);
+                IEM_MC_FETCH_GREG_U64(uSrc, IEM_GET_MODRM_RM(pVCpu, bRm));
                 IEM_MC_REF_GREG_U32(puDst,  IEM_GET_MODRM_REG(pVCpu, bRm));
-                IEM_MC_FETCH_GREG_U64(uSrc, IEM_GET_MODRM_RM(pVCpu, bRm));
                 IEM_MC_CALL_VOID_AIMPL_2(IEM_SELECT_HOST_OR_FALLBACK(fSse42, iemAImpl_crc32_u64, iemAImpl_crc32_u64_fallback),
                                          puDst, uSrc);
@@ -2080 +2080 @@
                 IEM_MC_ARG(uint32_t *,      pEFlags,                1); \
                 IEM_MC_ARG(uint64_t,        u64Src,                 2); \
+                IEM_MC_FETCH_GREG_U64(u64Src, IEM_GET_MODRM_RM(pVCpu, bRm)); \
                 IEM_MC_REF_GREG_U64(pu64Dst, IEM_GET_MODRM_REG(pVCpu, bRm)); \
-                IEM_MC_FETCH_GREG_U64(u64Src, IEM_GET_MODRM_RM(pVCpu, bRm)); \
                 IEM_MC_REF_EFLAGS(pEFlags); \
                 IEM_MC_CALL_VOID_AIMPL_3(IEM_SELECT_HOST_OR_FALLBACK(fAdx, iemAImpl_## a_Variant ##_u64, iemAImpl_## a_Variant ##_u64_fallback), \
@@ -2115 +2115 @@
                 IEM_MC_ARG(uint32_t *,      pEFlags,                1); \
                 IEM_MC_ARG(uint32_t,        u32Src,                 2); \
+                IEM_MC_FETCH_GREG_U32(u32Src, IEM_GET_MODRM_RM(pVCpu, bRm)); \
                 IEM_MC_REF_GREG_U32(pu32Dst, IEM_GET_MODRM_REG(pVCpu, bRm)); \
-                IEM_MC_FETCH_GREG_U32(u32Src, IEM_GET_MODRM_RM(pVCpu, bRm)); \
                 IEM_MC_REF_EFLAGS(pEFlags); \
                 IEM_MC_CALL_VOID_AIMPL_3(IEM_SELECT_HOST_OR_FALLBACK(fAdx, iemAImpl_## a_Variant ##_u32, iemAImpl_## a_Variant ##_u32_fallback), \

trunk/src/VBox/VMM/VMMAll/IEMAllInstThree0f3a.cpp.h

@@ -486 +486 @@
         IEM_MC_PREPARE_FPU_USAGE();
         IEM_MC_FPU_TO_MMX_MODE();
+        IEM_MC_FETCH_MREG_U64(uSrc, IEM_GET_MODRM_RM_8(bRm));
         IEM_MC_REF_MREG_U64(pDst, IEM_GET_MODRM_REG_8(bRm));
-        IEM_MC_FETCH_MREG_U64(uSrc, IEM_GET_MODRM_RM_8(bRm));
         IEM_MC_CALL_VOID_AIMPL_3(IEM_SELECT_HOST_OR_FALLBACK(fSsse3, iemAImpl_palignr_u64, iemAImpl_palignr_u64_fallback),
                                  pDst, uSrc, bImmArg);
@@ -1268 +1268 @@
             IEM_MC_MAYBE_RAISE_SSE_RELATED_XCPT();
             IEM_MC_PREPARE_SSE_USAGE();
+            IEM_MC_FETCH_XREG_PAIR_U128_AND_RAX_RDX_U64(Src, IEM_GET_MODRM_REG(pVCpu, bRm), IEM_GET_MODRM_RM(pVCpu, bRm));
             IEM_MC_REF_GREG_U32(pu32Ecx, X86_GREG_xCX);
-            IEM_MC_FETCH_XREG_PAIR_U128_AND_RAX_RDX_U64(Src, IEM_GET_MODRM_REG(pVCpu, bRm), IEM_GET_MODRM_RM(pVCpu, bRm));
             IEM_MC_REF_EFLAGS(pEFlags);
             IEM_MC_CALL_VOID_AIMPL_4(IEM_SELECT_HOST_OR_FALLBACK(fSse42,
@@ -1328 +1328 @@
             IEM_MC_MAYBE_RAISE_SSE_RELATED_XCPT();
             IEM_MC_PREPARE_SSE_USAGE();
+            IEM_MC_FETCH_XREG_PAIR_U128_AND_EAX_EDX_U32_SX_U64(Src, IEM_GET_MODRM_REG(pVCpu, bRm), IEM_GET_MODRM_RM(pVCpu, bRm));
             IEM_MC_REF_GREG_U32(pu32Ecx, X86_GREG_xCX);
-            IEM_MC_FETCH_XREG_PAIR_U128_AND_EAX_EDX_U32_SX_U64(Src, IEM_GET_MODRM_REG(pVCpu, bRm), IEM_GET_MODRM_RM(pVCpu, bRm));
             IEM_MC_REF_EFLAGS(pEFlags);
             IEM_MC_CALL_VOID_AIMPL_4(IEM_SELECT_HOST_OR_FALLBACK(fSse42,
@@ -1458 +1458 @@
         IEM_MC_MAYBE_RAISE_SSE_RELATED_XCPT();
         IEM_MC_PREPARE_SSE_USAGE();
+        IEM_MC_FETCH_XREG_PAIR_U128(Src, IEM_GET_MODRM_REG(pVCpu, bRm), IEM_GET_MODRM_RM(pVCpu, bRm));
         IEM_MC_REF_GREG_U32(pu32Ecx, X86_GREG_xCX);
-        IEM_MC_FETCH_XREG_PAIR_U128(Src, IEM_GET_MODRM_REG(pVCpu, bRm), IEM_GET_MODRM_RM(pVCpu, bRm));
         IEM_MC_REF_EFLAGS(pEFlags);
         IEM_MC_CALL_VOID_AIMPL_4(IEM_SELECT_HOST_OR_FALLBACK(fSse42,

trunk/src/VBox/VMM/VMMAll/IEMAllInstTwoByte0f.cpp.h

@@ -9567 +9567 @@
 
                 IEM_MC_FETCH_GREG_U16(u16Src, IEM_GET_MODRM_REG(pVCpu, bRm));
+                IEM_MC_FETCH_GREG_U8(cShiftArg, X86_GREG_xCX);
                 IEM_MC_REF_GREG_U16(pu16Dst, IEM_GET_MODRM_RM(pVCpu, bRm));
-                IEM_MC_FETCH_GREG_U8(cShiftArg, X86_GREG_xCX);
                 IEM_MC_REF_EFLAGS(pEFlags);
                 IEM_MC_CALL_VOID_AIMPL_4(pImpl->pfnNormalU16, pu16Dst, u16Src, cShiftArg, pEFlags);
@@ -9585 +9585 @@
 
                 IEM_MC_FETCH_GREG_U32(u32Src, IEM_GET_MODRM_REG(pVCpu, bRm));
+                IEM_MC_FETCH_GREG_U8(cShiftArg, X86_GREG_xCX);
                 IEM_MC_REF_GREG_U32(pu32Dst, IEM_GET_MODRM_RM(pVCpu, bRm));
-                IEM_MC_FETCH_GREG_U8(cShiftArg, X86_GREG_xCX);
                 IEM_MC_REF_EFLAGS(pEFlags);
                 IEM_MC_CALL_VOID_AIMPL_4(pImpl->pfnNormalU32, pu32Dst, u32Src, cShiftArg, pEFlags);
@@ -9604 +9604 @@
 
                 IEM_MC_FETCH_GREG_U64(u64Src, IEM_GET_MODRM_REG(pVCpu, bRm));
+                IEM_MC_FETCH_GREG_U8(cShiftArg, X86_GREG_xCX);
                 IEM_MC_REF_GREG_U64(pu64Dst, IEM_GET_MODRM_RM(pVCpu, bRm));
-                IEM_MC_FETCH_GREG_U8(cShiftArg, X86_GREG_xCX);
                 IEM_MC_REF_EFLAGS(pEFlags);
                 IEM_MC_CALL_VOID_AIMPL_4(pImpl->pfnNormalU64, pu64Dst, u64Src, cShiftArg, pEFlags);
@@ -10358 +10358 @@
                 IEM_MC_ARG(uint32_t *,      pEFlags,                3);
 
+#ifndef RT_ARCH_X86
+                IEM_MC_FETCH_GREG_U64(u64Src, IEM_GET_MODRM_REG(pVCpu, bRm));
+#endif
                 IEM_MC_REF_GREG_U64(pu64Dst, IEM_GET_MODRM_RM(pVCpu, bRm));
                 IEM_MC_REF_GREG_U64(pu64Rax, X86_GREG_xAX);
@@ -10368 +10371 @@
                     IEM_MC_CALL_VOID_AIMPL_4(iemAImpl_cmpxchg_u64_locked, pu64Dst, pu64Rax, pu64Src, pEFlags);
 #else
-                IEM_MC_FETCH_GREG_U64(u64Src, IEM_GET_MODRM_REG(pVCpu, bRm));
                 if (!(pVCpu->iem.s.fPrefixes & IEM_OP_PRF_LOCK))
                     IEM_MC_CALL_VOID_AIMPL_4(iemAImpl_cmpxchg_u64, pu64Dst, pu64Rax, u64Src, pEFlags);
@@ -10377 +10379 @@
                 IEM_MC_ADVANCE_RIP_AND_FINISH();
                 IEM_MC_END();
+                break;
                 break;
 
@@ -10465 +10468 @@
                 IEMOP_HLP_DONE_DECODING();
                 IEM_MC_MEM_MAP_U64_RW(pu64Dst, bUnmapInfo, pVCpu->iem.s.iEffSeg, GCPtrEffDst);
+#ifndef RT_ARCH_X86
+                IEM_MC_FETCH_GREG_U64(u64Src, IEM_GET_MODRM_REG(pVCpu, bRm));
+#endif
                 IEM_MC_FETCH_GREG_U64(u64Rax, X86_GREG_xAX);
                 IEM_MC_FETCH_EFLAGS(EFlags);
@@ -10475 +10481 @@
                     IEM_MC_CALL_VOID_AIMPL_4(iemAImpl_cmpxchg_u64_locked, pu64Dst, pu64Rax, pu64Src, pEFlags);
 #else
-                IEM_MC_FETCH_GREG_U64(u64Src, IEM_GET_MODRM_REG(pVCpu, bRm));
                 if (!(pVCpu->iem.s.fPrefixes & IEM_OP_PRF_LOCK))
                     IEM_MC_CALL_VOID_AIMPL_4(iemAImpl_cmpxchg_u64, pu64Dst, pu64Rax, u64Src, pEFlags);

trunk/src/VBox/VMM/VMMAll/IEMAllInstVexMap2.cpp.h

@@ -574 +574 @@
             IEM_MC_MAYBE_RAISE_AVX_RELATED_XCPT(); \
             IEM_MC_PREPARE_AVX_USAGE(); \
+            IEM_MC_FETCH_XREG_U64(uSrc,  IEM_GET_MODRM_RM(pVCpu, bRm), 0 /* a_iQword*/); \
             IEM_MC_REF_XREG_U128(puDst,  IEM_GET_MODRM_REG(pVCpu, bRm)); \
-            IEM_MC_FETCH_XREG_U64(uSrc,  IEM_GET_MODRM_RM(pVCpu, bRm), 0 /* a_iQword*/); \
             IEM_MC_CALL_VOID_AIMPL_2(IEM_SELECT_HOST_OR_FALLBACK(fAvx2, iemAImpl_ ## a_Instr ## _u128, \
                                                                  iemAImpl_## a_Instr ## _u128_fallback), \
@@ -619 +619 @@
             IEM_MC_MAYBE_RAISE_AVX_RELATED_XCPT(); \
             IEM_MC_PREPARE_AVX_USAGE(); \
+            IEM_MC_FETCH_MEM_U ## a_SrcWidth (uSrc, pVCpu->iem.s.iEffSeg, GCPtrEffSrc); \
             IEM_MC_REF_XREG_U128(puDst,  IEM_GET_MODRM_REG(pVCpu, bRm)); \
-            IEM_MC_FETCH_MEM_U ## a_SrcWidth (uSrc, pVCpu->iem.s.iEffSeg, GCPtrEffSrc); \
             IEM_MC_CALL_VOID_AIMPL_2(IEM_SELECT_HOST_OR_FALLBACK(fAvx2, iemAImpl_ ## a_Instr ## _u128, \
                                                                  iemAImpl_ ## a_Instr ## _u128_fallback), \
@@ -1651 +1651 @@
             IEM_MC_ARG(uint64_t,            uSrc2,   2);
             IEM_MC_ARG(uint32_t *,          pEFlags, 3);
-            IEM_MC_REF_GREG_U64(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm));
             IEM_MC_FETCH_GREG_U64(uSrc1, IEM_GET_EFFECTIVE_VVVV(pVCpu));
             IEM_MC_FETCH_GREG_U64(uSrc2, IEM_GET_MODRM_RM(pVCpu, bRm));
+            IEM_MC_REF_GREG_U64(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm));
             IEM_MC_REF_EFLAGS(pEFlags);
             IEM_MC_CALL_VOID_AIMPL_4(IEM_SELECT_HOST_OR_FALLBACK(fBmi1, iemAImpl_andn_u64, iemAImpl_andn_u64_fallback),
@@ -1668 +1668 @@
             IEM_MC_ARG(uint32_t,            uSrc2,   2);
             IEM_MC_ARG(uint32_t *,          pEFlags, 3);
-            IEM_MC_REF_GREG_U32(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm));
             IEM_MC_FETCH_GREG_U32(uSrc1, IEM_GET_EFFECTIVE_VVVV(pVCpu));
             IEM_MC_FETCH_GREG_U32(uSrc2, IEM_GET_MODRM_RM(pVCpu, bRm));
+            IEM_MC_REF_GREG_U32(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm));
             IEM_MC_REF_EFLAGS(pEFlags);
             IEM_MC_CALL_VOID_AIMPL_4(IEM_SELECT_HOST_OR_FALLBACK(fBmi1, iemAImpl_andn_u32, iemAImpl_andn_u32_fallback),
@@ -1751 +1751 @@
             IEM_MC_ARG(uint64_t,            uSrc,    1); \
             IEM_MC_ARG(uint32_t *,          pEFlags, 2); \
+            IEM_MC_FETCH_GREG_U64(uSrc, IEM_GET_MODRM_RM(pVCpu, bRm)); \
             IEM_MC_REF_GREG_U64(pDst,   IEM_GET_EFFECTIVE_VVVV(pVCpu)); \
-            IEM_MC_FETCH_GREG_U64(uSrc, IEM_GET_MODRM_RM(pVCpu, bRm)); \
             IEM_MC_REF_EFLAGS(pEFlags); \
             IEM_MC_CALL_VOID_AIMPL_3(IEM_SELECT_HOST_OR_FALLBACK(fBmi1, iemAImpl_ ## a_Instr ## _u64, \
@@ -1766 +1766 @@
             IEM_MC_ARG(uint32_t,            uSrc,    1); \
             IEM_MC_ARG(uint32_t *,          pEFlags, 2); \
+            IEM_MC_FETCH_GREG_U32(uSrc, IEM_GET_MODRM_RM(pVCpu, bRm)); \
             IEM_MC_REF_GREG_U32(pDst,   IEM_GET_EFFECTIVE_VVVV(pVCpu)); \
-            IEM_MC_FETCH_GREG_U32(uSrc, IEM_GET_MODRM_RM(pVCpu, bRm)); \
             IEM_MC_REF_EFLAGS(pEFlags); \
             IEM_MC_CALL_VOID_AIMPL_3(IEM_SELECT_HOST_OR_FALLBACK(fBmi1, iemAImpl_ ## a_Instr ## _u32, \
@@ -1903 +1903 @@
             IEM_MC_ARG(uint64_t,            uSrc2,   2); \
             IEM_MC_ARG(uint32_t *,          pEFlags, 3); \
-            IEM_MC_REF_GREG_U64(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm)); \
             IEM_MC_FETCH_GREG_U64(uSrc1, IEM_GET_MODRM_RM(pVCpu, bRm)); \
             IEM_MC_FETCH_GREG_U64(uSrc2, IEM_GET_EFFECTIVE_VVVV(pVCpu)); \
+            IEM_MC_REF_GREG_U64(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm)); \
             IEM_MC_REF_EFLAGS(pEFlags); \
             IEM_MC_CALL_VOID_AIMPL_4(IEM_SELECT_HOST_OR_FALLBACK(a_fFeatureMember, iemAImpl_ ## a_Instr ## _u64, \
@@ -1921 +1921 @@
             IEM_MC_ARG(uint32_t,            uSrc2,   2); \
             IEM_MC_ARG(uint32_t *,          pEFlags, 3); \
-            IEM_MC_REF_GREG_U32(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm)); \
             IEM_MC_FETCH_GREG_U32(uSrc1, IEM_GET_MODRM_RM(pVCpu, bRm)); \
             IEM_MC_FETCH_GREG_U32(uSrc2, IEM_GET_EFFECTIVE_VVVV(pVCpu)); \
+            IEM_MC_REF_GREG_U32(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm)); \
             IEM_MC_REF_EFLAGS(pEFlags); \
             IEM_MC_CALL_VOID_AIMPL_4(IEM_SELECT_HOST_OR_FALLBACK(a_fFeatureMember, iemAImpl_ ## a_Instr ## _u32, \
@@ -1998 +1998 @@
             IEM_MC_ARG(uint64_t,            uSrc1,   1); \
             IEM_MC_ARG(uint64_t,            uSrc2,   2); \
-            IEM_MC_REF_GREG_U64(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm)); \
             IEM_MC_FETCH_GREG_U64(uSrc1, IEM_GET_MODRM_RM(pVCpu, bRm)); \
             IEM_MC_FETCH_GREG_U64(uSrc2, IEM_GET_EFFECTIVE_VVVV(pVCpu)); \
+            IEM_MC_REF_GREG_U64(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm)); \
             IEM_MC_CALL_VOID_AIMPL_3(IEM_SELECT_HOST_OR_FALLBACK(a_fFeatureMember, iemAImpl_ ## a_Instr ## _u64, \
                                                                  iemAImpl_ ## a_Instr ## _u64_fallback), pDst, uSrc1, uSrc2); \
@@ -2013 +2013 @@
             IEM_MC_ARG(uint32_t,            uSrc1,   1); \
             IEM_MC_ARG(uint32_t,            uSrc2,   2); \
-            IEM_MC_REF_GREG_U32(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm)); \
             IEM_MC_FETCH_GREG_U32(uSrc1, IEM_GET_MODRM_RM(pVCpu, bRm)); \
             IEM_MC_FETCH_GREG_U32(uSrc2, IEM_GET_EFFECTIVE_VVVV(pVCpu)); \
+            IEM_MC_REF_GREG_U32(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm)); \
             IEM_MC_CALL_VOID_AIMPL_3(IEM_SELECT_HOST_OR_FALLBACK(a_fFeatureMember, iemAImpl_ ## a_Instr ## _u32, \
                                                                  iemAImpl_ ## a_Instr ## _u32_fallback), pDst, uSrc1, uSrc2); \
@@ -2090 +2090 @@
             IEM_MC_ARG(uint64_t,            uSrc1,   1); \
             IEM_MC_ARG(uint64_t,            uSrc2,   2); \
-            IEM_MC_REF_GREG_U64(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm)); \
             IEM_MC_FETCH_GREG_U64(uSrc1, IEM_GET_EFFECTIVE_VVVV(pVCpu)); \
             IEM_MC_FETCH_GREG_U64(uSrc2, IEM_GET_MODRM_RM(pVCpu, bRm)); \
+            IEM_MC_REF_GREG_U64(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm)); \
             IEM_MC_CALL_VOID_AIMPL_3(IEM_SELECT_HOST_OR_FALLBACK(a_fFeatureMember, \
                                                                  iemAImpl_ ## a_Instr ## _u64, \
@@ -2106 +2106 @@
             IEM_MC_ARG(uint32_t,            uSrc1,   1); \
             IEM_MC_ARG(uint32_t,            uSrc2,   2); \
-            IEM_MC_REF_GREG_U32(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm)); \
             IEM_MC_FETCH_GREG_U32(uSrc1, IEM_GET_EFFECTIVE_VVVV(pVCpu)); \
             IEM_MC_FETCH_GREG_U32(uSrc2, IEM_GET_MODRM_RM(pVCpu, bRm)); \
+            IEM_MC_REF_GREG_U32(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm)); \
             IEM_MC_CALL_VOID_AIMPL_3(IEM_SELECT_HOST_OR_FALLBACK(a_fFeatureMember, \
                                                                  iemAImpl_ ## a_Instr ## _u32, \
@@ -2202 +2202 @@
             IEM_MC_ARG(uint64_t,            uSrc1,   2);
             IEM_MC_ARG(uint64_t,            uSrc2,   3);
+            IEM_MC_FETCH_GREG_U64(uSrc1, X86_GREG_xDX);
+            IEM_MC_FETCH_GREG_U64(uSrc2, IEM_GET_MODRM_RM(pVCpu, bRm));
             IEM_MC_REF_GREG_U64(pDst1,   IEM_GET_MODRM_REG(pVCpu, bRm));
             IEM_MC_REF_GREG_U64(pDst2,   IEM_GET_EFFECTIVE_VVVV(pVCpu));
-            IEM_MC_FETCH_GREG_U64(uSrc1, X86_GREG_xDX);
-            IEM_MC_FETCH_GREG_U64(uSrc2, IEM_GET_MODRM_RM(pVCpu, bRm));
             IEM_MC_CALL_VOID_AIMPL_4(IEM_SELECT_HOST_OR_FALLBACK(fBmi2, iemAImpl_mulx_u64, iemAImpl_mulx_u64_fallback),
                                      pDst1, pDst2, uSrc1, uSrc2);
@@ -2219 +2219 @@
             IEM_MC_ARG(uint32_t,            uSrc1,   2);
             IEM_MC_ARG(uint32_t,            uSrc2,   3);
+            IEM_MC_FETCH_GREG_U32(uSrc1, X86_GREG_xDX);
+            IEM_MC_FETCH_GREG_U32(uSrc2, IEM_GET_MODRM_RM(pVCpu, bRm));
             IEM_MC_REF_GREG_U32(pDst1,   IEM_GET_MODRM_REG(pVCpu, bRm));
             IEM_MC_REF_GREG_U32(pDst2,   IEM_GET_EFFECTIVE_VVVV(pVCpu));
-            IEM_MC_FETCH_GREG_U32(uSrc1, X86_GREG_xDX);
-            IEM_MC_FETCH_GREG_U32(uSrc2, IEM_GET_MODRM_RM(pVCpu, bRm));
             IEM_MC_CALL_VOID_AIMPL_4(IEM_SELECT_HOST_OR_FALLBACK(fBmi2, iemAImpl_mulx_u32, iemAImpl_mulx_u32_fallback),
                                      pDst1, pDst2, uSrc1, uSrc2);

trunk/src/VBox/VMM/VMMAll/IEMAllInstVexMap3.cpp.h

@@ -1136 +1136 @@
             IEM_MC_ARG(uint64_t,            uSrc1,   1);
             IEM_MC_ARG_CONST(uint64_t,      uSrc2,   bImm8, 2);
+            IEM_MC_FETCH_GREG_U64(uSrc1, IEM_GET_MODRM_RM(pVCpu, bRm));
             IEM_MC_REF_GREG_U64(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm));
-            IEM_MC_FETCH_GREG_U64(uSrc1, IEM_GET_MODRM_RM(pVCpu, bRm));
             IEM_MC_CALL_VOID_AIMPL_3(iemAImpl_rorx_u64, pDst, uSrc1, uSrc2);
             IEM_MC_ADVANCE_RIP_AND_FINISH();
@@ -1149 +1149 @@
             IEM_MC_ARG(uint32_t,            uSrc1,   1);
             IEM_MC_ARG_CONST(uint32_t,      uSrc2,   bImm8, 2);
+            IEM_MC_FETCH_GREG_U32(uSrc1, IEM_GET_MODRM_RM(pVCpu, bRm));
             IEM_MC_REF_GREG_U32(pDst,    IEM_GET_MODRM_REG(pVCpu, bRm));
-            IEM_MC_FETCH_GREG_U32(uSrc1, IEM_GET_MODRM_RM(pVCpu, bRm));
             IEM_MC_CALL_VOID_AIMPL_3(iemAImpl_rorx_u32, pDst, uSrc1, uSrc2);
             IEM_MC_CLEAR_HIGH_GREG_U64(IEM_GET_MODRM_REG(pVCpu, bRm));