Changeset 102699 in vbox for trunk/src

Timestamp:

Dec 25, 2023 10:22:01 PM (14 months ago)

Author:

vboxsync

Message:

VMM/IEM: Native translation of BODY_LOAD_TLB_AFTER_BRANCH. (only tested on amd64) bugref:10371

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/IEMAllN8veRecompBltIn.cpp (modified) (9 diffs)
• VMMAll/IEMAllN8veRecompiler.cpp (modified) (9 diffs)
• VMMAll/IEMAllThrdFuncsBltIn.cpp (modified) (1 diff)
• VMMAll/IEMAllThrdPython.py (modified) (1 diff)
• include/IEMN8veRecompiler.h (modified) (1 diff)
• include/IEMN8veRecompilerEmit.h (modified) (7 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompBltIn.cpp

@@ -69 +69 @@
  * Used by TB code to deal with a TLB miss for a new page.
  */
-IEM_DECL_NATIVE_HLP_DEF(RTGCPHYS, iemNativeHlpMemCodeNewPageTlbMiss,(PVMCPUCC pVCpu, uint8_t offInstr))
+IEM_DECL_NATIVE_HLP_DEF(void, iemNativeHlpMemCodeNewPageTlbMiss,(PVMCPUCC pVCpu))
+{
+    pVCpu->iem.s.pbInstrBuf       = NULL;
+    pVCpu->iem.s.offCurInstrStart = GUEST_PAGE_SIZE;
+    pVCpu->iem.s.offInstrNextByte = GUEST_PAGE_SIZE;
+    iemOpcodeFetchBytesJmp(pVCpu, 0, NULL);
+    if (pVCpu->iem.s.pbInstrBuf)
+    { /* likely */ }
+    else
+    {
+        IEM_DO_LONGJMP(pVCpu, VINF_IEM_REEXEC_BREAK);
+    }
+}
+
+
+/**
+ * Used by TB code to deal with a TLB miss for a new page.
+ */
+IEM_DECL_NATIVE_HLP_DEF(RTGCPHYS, iemNativeHlpMemCodeNewPageTlbMissWithOff,(PVMCPUCC pVCpu, uint8_t offInstr))
 {
     pVCpu->iem.s.pbInstrBuf       = NULL;
@@ -196 +214 @@
     /* If we end up with ZERO in idxTmpReg there is nothing to do.*/
     uint32_t const offFixupJumpToVmCheck1 = off;
-    off = iemNativeEmitJzToFixed(pReNative, off, 0);
+    off = iemNativeEmitJzToFixed(pReNative, off, off /* ASSUME jz rel8 suffices */);
 
     /* Some relevant FFs are set, but if's only APIC or/and PIC being set,
@@ -1130 +1148 @@
 # ifdef VBOX_STRICT /* Assert(!(pVCpu->iem.s.GCPhysInstrBuf & X86_PAGE_OFFSET_MASK)); */
     off = iemNativeEmitAndGpr32ByImm(pReNative, off, idxRegTmp2, X86_PAGE_OFFSET_MASK, true /*fSetFlags*/);
-    off = iemNativeEmitJzToFixed(pReNative, off, 1);
+    off = iemNativeEmitJzToFixed(pReNative, off, off + 1 /* correct for ARM64 */);
     off = iemNativeEmitBrk(pReNative, off, 0x2005);
 # endif
@@ -1188 +1206 @@
 
     /*
-     * TLB miss: Call iemNativeHlpMemCodeNewPageTlbMiss to do the work.
+     * TLB miss: Call iemNativeHlpMemCodeNewPageTlbMissWithOff to do the work.
      */
     iemNativeLabelDefine(pReNative, idxLabelTlbMiss, off);
@@ -1199 +1217 @@
 
     /* Done setting up parameters, make the call. */
-    off = iemNativeEmitCallImm(pReNative, off, (uintptr_t)iemNativeHlpMemCodeNewPageTlbMiss);
+    off = iemNativeEmitCallImm(pReNative, off, (uintptr_t)iemNativeHlpMemCodeNewPageTlbMissWithOff);
 
     /* Move the result to the right register. */
@@ -1215 +1233 @@
 
     iemNativeRegFreeTmp(pReNative, idxRegGCPhys);
+    return off;
+}
+
+
+/**
+ * Macro that implements TLB loading and updating pbInstrBuf updating when
+ * branching or when crossing a page on an instruction boundrary.
+ *
+ * This differs from BODY_LOAD_TLB_FOR_NEW_PAGE in that it will first check if
+ * it is an inter-page branch and also check the page offset.
+ *
+ * This may long jump if we're raising a \#PF, \#GP or similar trouble.
+ */
+#define BODY_LOAD_TLB_AFTER_BRANCH(a_pTb, a_idxRange, a_cbInstr) \
+    RT_NOREF(a_cbInstr); \
+    off = iemNativeEmitBltLoadTlbAfterBranch(pReNative, off, pTb, a_idxRange)
+
+#if 0
+do { \
+        /* Is RIP within the current code page? */ \
+        Assert(pVCpu->cpum.GstCtx.cs.u64Base == 0 || !IEM_IS_64BIT_CODE(pVCpu)); \
+        uint64_t const uPc = pVCpu->cpum.GstCtx.rip + pVCpu->cpum.GstCtx.cs.u64Base; \
+        uint64_t const off = uPc - pVCpu->iem.s.uInstrBufPc; \
+        if (off < pVCpu->iem.s.cbInstrBufTotal) \
+        { \
+            Assert(!(pVCpu->iem.s.GCPhysInstrBuf & GUEST_PAGE_OFFSET_MASK)); \
+            Assert(pVCpu->iem.s.pbInstrBuf); \
+            RTGCPHYS const GCPhysRangePageWithOffset = iemTbGetRangePhysPageAddr(a_pTb, a_idxRange) \
+                                                     | pTb->aRanges[(a_idxRange)].offPhysPage; \
+            if (GCPhysRangePageWithOffset == pVCpu->iem.s.GCPhysInstrBuf + off) \
+            { /* we're good */ } \
+            else \
+            { \
+                Log7(("TB jmp miss: %p at %04x:%08RX64 LB %u; branching/1; GCPhysWithOffset=%RGp expected %RGp, pbInstrBuf=%p - #%u\n", \
+                      (a_pTb), pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, (a_cbInstr), \
+                      pVCpu->iem.s.GCPhysInstrBuf + off, GCPhysRangePageWithOffset, pVCpu->iem.s.pbInstrBuf, __LINE__)); \
+                RT_NOREF(a_cbInstr); \
+                STAM_REL_COUNTER_INC(&pVCpu->iem.s.StatCheckBranchMisses); \
+                return VINF_IEM_REEXEC_BREAK; \
+            } \
+        } \
+        else \
+        { \
+            /* Must translate new RIP. */ \
+            pVCpu->iem.s.pbInstrBuf       = NULL; \
+            pVCpu->iem.s.offCurInstrStart = 0; \
+            pVCpu->iem.s.offInstrNextByte = 0; \
+            iemOpcodeFetchBytesJmp(pVCpu, 0, NULL); \
+            Assert(!(pVCpu->iem.s.GCPhysInstrBuf & GUEST_PAGE_OFFSET_MASK) || !pVCpu->iem.s.pbInstrBuf); \
+            \
+            RTGCPHYS const GCPhysRangePageWithOffset = iemTbGetRangePhysPageAddr(a_pTb, a_idxRange) \
+                                                     | pTb->aRanges[(a_idxRange)].offPhysPage; \
+            uint64_t const offNew                    = uPc - pVCpu->iem.s.uInstrBufPc; \
+            if (   GCPhysRangePageWithOffset == pVCpu->iem.s.GCPhysInstrBuf + offNew \
+                && pVCpu->iem.s.pbInstrBuf) \
+            { /* likely */ } \
+            else \
+            { \
+                Log7(("TB jmp miss: %p at %04x:%08RX64 LB %u; branching/2; GCPhysWithOffset=%RGp expected %RGp, pbInstrBuf=%p - #%u\n", \
+                      (a_pTb), pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, (a_cbInstr), \
+                      pVCpu->iem.s.GCPhysInstrBuf + offNew, GCPhysRangePageWithOffset, pVCpu->iem.s.pbInstrBuf, __LINE__)); \
+                RT_NOREF(a_cbInstr); \
+                STAM_REL_COUNTER_INC(&pVCpu->iem.s.StatCheckBranchMisses); \
+                return VINF_IEM_REEXEC_BREAK; \
+            } \
+        } \
+    } while(0)
+#endif
+
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitBltLoadTlbAfterBranch(PIEMRECOMPILERSTATE pReNative, uint32_t off, PCIEMTB pTb, uint8_t idxRange)
+{
+//    off = iemNativeEmitBrk(pReNative, off, 0x1010);
+#ifdef VBOX_STRICT
+    off = iemNativeEmitMarker(pReNative, off, 0x80000006);
+#endif
+
+    /*
+     * Define labels and allocate the register for holding the GCPhys of the new page.
+     */
+    uint32_t const idxLabelCheckBranchMiss = iemNativeLabelCreate(pReNative, kIemNativeLabelType_CheckBranchMiss);
+    uint16_t const uTlbSeqNo        = pReNative->uTlbSeqNo++;
+    uint32_t const idxLabelTlbMiss  = iemNativeLabelCreate(pReNative, kIemNativeLabelType_TlbMiss, UINT32_MAX, uTlbSeqNo);
+    //
+
+    RTGCPHYS const GCPhysRangePageWithOffset = iemTbGetRangePhysPageAddr(pTb, idxRange)
+                                             | pTb->aRanges[idxRange].offPhysPage;
+
+    /*
+     *
+     * First check if RIP is within the current code.
+     *
+     * This is very similar to iemNativeEmitBltInCheckPcAfterBranch, the only
+     * difference is what we do when stuff doesn't match up.
+     *
+     * What we to do is.
+     *      1. Calculate the FLAT PC (RIP + CS.BASE).
+     *      2. Subtract iem.s.uInstrBufPc from it and getting 'off'.
+     *      3. The 'off' must be less than X86_PAGE_SIZE/cbInstrBufTotal or
+     *         we need to retranslate RIP via the TLB.
+     *      4. Add 'off' to iem.s.GCPhysInstrBuf and compare with the
+     *         GCPhysRangePageWithOffset constant mentioned above.
+     *
+     * The adding of CS.BASE to RIP can be skipped in the first step if we're
+     * in 64-bit code or flat 32-bit.
+     *
+     */
+
+    /* Allocate registers for step 1. Get the shadowed stuff before allocating
+       the temp register, so we don't accidentally clobber something we'll be
+       needing again immediately.  This is why we get idxRegCsBase here. */
+    /** @todo save+restore active registers and guest shadows in tlb-miss! */
+    off = iemNativeRegMoveAndFreeAndFlushAtCall(pReNative, off, 0 /* vacate all non-volatile regs */);
+    uint8_t const  idxRegPc     = iemNativeRegAllocTmpForGuestReg(pReNative, &off, kIemNativeGstReg_Pc,
+                                                                  kIemNativeGstRegUse_ReadOnly, true /*fNoVolatileRegs*/);
+    uint8_t const  idxRegCsBase = IEM_F_MODE_X86_IS_FLAT(pReNative->fExec) ? UINT8_MAX
+                                : iemNativeRegAllocTmpForGuestReg(pReNative, &off, IEMNATIVEGSTREG_SEG_BASE(X86_SREG_CS),
+                                                                 kIemNativeGstRegUse_ReadOnly, true /*fNoVolatileRegs*/);
+
+    uint8_t const  idxRegTmp    = iemNativeRegAllocTmp(pReNative, &off); /* volatile reg is okay for these two */
+    uint8_t const  idxRegTmp2   = iemNativeRegAllocTmp(pReNative, &off);
+
+#ifdef VBOX_STRICT
+    /* Do assertions before idxRegTmp contains anything. */
+    Assert(RT_SIZEOFMEMB(VMCPUCC, iem.s.cbInstrBufTotal) == sizeof(uint16_t));
+# ifdef RT_ARCH_AMD64
+    {
+        uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 8+2+1 + 11+2+1);
+        /* Assert(pVCpu->cpum.GstCtx.cs.u64Base == 0 || !IEM_F_MODE_X86_IS_FLAT(pReNative->fExec)); */
+        if (IEM_F_MODE_X86_IS_FLAT(pReNative->fExec))
+        {
+            /* cmp r/m64, imm8 */
+            pbCodeBuf[off++] = X86_OP_REX_W;
+            pbCodeBuf[off++] = 0x83;
+            off = iemNativeEmitGprByVCpuDisp(pbCodeBuf, off, 7, RT_UOFFSETOF(VMCPUCC, cpum.GstCtx.cs.u64Base));
+            pbCodeBuf[off++] = 0;
+            /* je rel8 */
+            pbCodeBuf[off++] = 0x74;
+            pbCodeBuf[off++] = 1;
+            /* int3 */
+            pbCodeBuf[off++] = 0xcc;
+
+        }
+
+        /* Assert(!(pVCpu->iem.s.GCPhysInstrBuf & X86_PAGE_OFFSET_MASK)); - done later by the non-x86 code */
+        /* test r/m64, imm32 */
+        pbCodeBuf[off++] = X86_OP_REX_W;
+        pbCodeBuf[off++] = 0xf7;
+        off = iemNativeEmitGprByVCpuDisp(pbCodeBuf, off, 0, RT_UOFFSETOF(VMCPUCC, iem.s.GCPhysInstrBuf));
+        pbCodeBuf[off++] = RT_BYTE1(X86_PAGE_OFFSET_MASK);
+        pbCodeBuf[off++] = RT_BYTE2(X86_PAGE_OFFSET_MASK);
+        pbCodeBuf[off++] = RT_BYTE3(X86_PAGE_OFFSET_MASK);
+        pbCodeBuf[off++] = RT_BYTE4(X86_PAGE_OFFSET_MASK);
+        /* jz rel8 */
+        pbCodeBuf[off++] = 0x74;
+        pbCodeBuf[off++] = 1;
+        /* int3 */
+        pbCodeBuf[off++] = 0xcc;
+        IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+    }
+# else
+
+    /* Assert(pVCpu->cpum.GstCtx.cs.u64Base == 0 || !IEM_F_MODE_X86_IS_FLAT(pReNative->fExec)); */
+    if (IEM_F_MODE_X86_IS_FLAT(pReNative->fExec))
+    {
+        off = iemNativeEmitLoadGprFromVCpuU64(pReNative, off, idxRegTmp, RT_UOFFSETOF(VMCPUCC, cpum.GstCtx.cs.u64Base));
+# ifdef RT_ARCH_ARM64
+        uint32_t * const pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 2);
+        pu32CodeBuf[off++] = Armv8A64MkInstrCbzCbnz(false /*fJmpIfNotZero*/, 2, idxRegTmp);
+        pu32CodeBuf[off++] = Armv8A64MkInstrBrk(0x2006);
+        IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+# else
+#  error "Port me!"
+# endif
+    }
+# endif
+
+#endif /* VBOX_STRICT */
+
+    /* Because we're lazy, we'll jump back here to recalc 'off' and share the
+       GCPhysRangePageWithOffset check.  This is a little risky, so we use the
+       2nd register to check if we've looped more than once already.*/
+    off = iemNativeEmitGprZero(pReNative, off, idxRegTmp2);
+
+    uint32_t const offLabelRedoChecks = off;
+
+    /* 1+2. Calculate 'off' first (into idxRegTmp). */
+    off = iemNativeEmitLoadGprFromVCpuU64(pReNative, off, idxRegTmp, RT_UOFFSETOF(VMCPUCC, iem.s.uInstrBufPc));
+    if (IEM_F_MODE_X86_IS_FLAT(pReNative->fExec))
+    {
+#ifdef RT_ARCH_ARM64
+        uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+        pu32CodeBuf[off++] = Armv8A64MkInstrSubReg(idxRegTmp, idxRegPc, idxRegTmp);
+        IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+#else
+        off = iemNativeEmitNegGpr(pReNative, off, idxRegTmp);
+        off = iemNativeEmitAddTwoGprs(pReNative, off, idxRegTmp, idxRegPc);
+#endif
+    }
+    else
+    {
+#ifdef RT_ARCH_ARM64
+        uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 2);
+        pu32CodeBuf[off++] = Armv8A64MkInstrSubReg(idxRegTmp, idxRegCsBase, idxRegTmp);
+        pu32CodeBuf[off++] = Armv8A64MkInstrAddReg(idxRegTmp, idxRegTmp, idxRegPc);
+        IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+#else
+        off = iemNativeEmitNegGpr(pReNative, off, idxRegTmp);
+        off = iemNativeEmitAddTwoGprs(pReNative, off, idxRegTmp, idxRegCsBase);
+        off = iemNativeEmitAddTwoGprs(pReNative, off, idxRegTmp, idxRegPc);
+#endif
+    }
+
+    /* 3. Check that off is less than X86_PAGE_SIZE/cbInstrBufTotal.
+          Unlike iemNativeEmitBltInCheckPcAfterBranch we'll jump to the TLB loading if this fails. */
+    off = iemNativeEmitCmpGprWithImm(pReNative, off, idxRegTmp, X86_PAGE_SIZE - 1);
+    uint32_t const offFixedJumpToTlbLoad = off;
+    off = iemNativeEmitJaToFixed(pReNative, off, off /* (ASSUME ja rel8 suffices) */);
+
+    /* 4a. Add iem.s.GCPhysInstrBuf to off ... */
+#ifdef RT_ARCH_AMD64
+    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 7);
+    pbCodeBuf[off++] = idxRegTmp < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_R;
+    pbCodeBuf[off++] = 0x03; /* add r64, r/m64 */
+    off = iemNativeEmitGprByVCpuDisp(pbCodeBuf, off, idxRegTmp, RT_UOFFSETOF(VMCPUCC, iem.s.GCPhysInstrBuf));
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+
+#elif defined(RT_ARCH_ARM64)
+
+    off = iemNativeEmitLoadGprFromVCpuU64(pReNative, off, idxRegTmp2, RT_UOFFSETOF(VMCPUCC, iem.s.GCPhysInstrBuf));
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrAddReg(idxRegTmp, idxRegTmp, idxRegTmp2);
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+
+# ifdef VBOX_STRICT /* Assert(!(pVCpu->iem.s.GCPhysInstrBuf & X86_PAGE_OFFSET_MASK)); */
+    off = iemNativeEmitAndGpr32ByImm(pReNative, off, idxRegTmp2, X86_PAGE_OFFSET_MASK, true /*fSetFlags*/);
+    off = iemNativeEmitJzToFixed(pReNative, off, off + 1 /* correct for ARM64 */);
+    off = iemNativeEmitBrk(pReNative, off, 0x2005);
+# endif
+#else
+# error "Port me"
+#endif
+
+    /* 4b. ... and compare with GCPhysRangePageWithOffset.
+
+       Unlike iemNativeEmitBltInCheckPcAfterBranch we'll have to be more
+       careful and avoid implicit temporary register usage here.
+
+       Unlike the threaded version of this code, we do not obsolete TBs here to
+       reduce the code size and because indirect calls may legally end at the
+       same offset in two different pages depending on the program state. */
+    /** @todo synch the threaded BODY_LOAD_TLB_AFTER_BRANCH version with this. */
+    off = iemNativeEmitLoadGprImm64(pReNative, off, idxRegTmp2, GCPhysRangePageWithOffset);
+    off = iemNativeEmitCmpGprWithGpr(pReNative, off, idxRegTmp, idxRegTmp2);
+    off = iemNativeEmitJnzToLabel(pReNative, off, idxLabelCheckBranchMiss);
+    uint32_t const offFixedJumpToEnd = off;
+    off = iemNativeEmitJmpToFixed(pReNative, off, off + 512 /* force rel32 */);
+
+    /*
+     * First we try to go via the TLB.
+     */
+    iemNativeFixupFixedJump(pReNative, offFixedJumpToTlbLoad, off);
+//off = iemNativeEmitBrk(pReNative, off, 0x1111);
+
+    /* Check that we haven't been here before. */
+    off = iemNativeEmitTestIfGprIsNotZeroAndJmpToLabel(pReNative, off, idxRegTmp2,  false /*f64Bit*/, idxLabelCheckBranchMiss);
+
+    /*
+     * TLB miss: Call iemNativeHlpMemCodeNewPageTlbMiss to do the work.
+     */
+    iemNativeLabelDefine(pReNative, idxLabelTlbMiss, off);
+
+    /* IEMNATIVE_CALL_ARG0_GREG = pVCpu */
+    off = iemNativeEmitLoadGprFromGpr(pReNative, off, IEMNATIVE_CALL_ARG0_GREG, IEMNATIVE_REG_FIXED_PVMCPU);
+
+    /* Done setting up parameters, make the call. */
+    off = iemNativeEmitCallImm(pReNative, off, (uintptr_t)iemNativeHlpMemCodeNewPageTlbMiss);
+
+    /* Jmp back to the start and redo the checks. */
+    off = iemNativeEmitLoadGpr8Imm(pReNative, off, idxRegTmp2, 1); /* indicate that we've looped once already */
+    off = iemNativeEmitJmpToFixed(pReNative, off, offLabelRedoChecks);
+
+    /* The end. */
+    iemNativeFixupFixedJump(pReNative, offFixedJumpToEnd, off);
+
+    iemNativeRegFreeTmp(pReNative, idxRegTmp2);
+    iemNativeRegFreeTmp(pReNative, idxRegTmp);
+    iemNativeRegFreeTmp(pReNative, idxRegPc);
+    if (idxRegCsBase != UINT8_MAX)
+        iemNativeRegFreeTmp(pReNative, idxRegCsBase);
     return off;
 }
@@ -1393 +1701 @@
     BODY_FLUSH_PENDING_WRITES();
     BODY_CHECK_CS_LIM(cbInstr);
+    Assert(offRange == 0);
     BODY_LOAD_TLB_AFTER_BRANCH(pTb, idxRange, cbInstr);
     BODY_CHECK_OPCODES(pTb, idxRange, offRange, cbInstr);
@@ -1420 +1729 @@
     BODY_SET_CUR_INSTR();
     BODY_FLUSH_PENDING_WRITES();
+    Assert(offRange == 0);
     BODY_LOAD_TLB_AFTER_BRANCH(pTb, idxRange, cbInstr);
     BODY_CHECK_OPCODES(pTb, idxRange, offRange, cbInstr);
@@ -1448 +1758 @@
     BODY_FLUSH_PENDING_WRITES();
     BODY_CONSIDER_CS_LIM_CHECKING(pTb, cbInstr);
+    Assert(offRange == 0);
     BODY_LOAD_TLB_AFTER_BRANCH(pTb, idxRange, cbInstr);
     BODY_CHECK_OPCODES(pTb, idxRange, offRange, cbInstr);

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompiler.cpp

@@ -3631 +3631 @@
  * @param   enmGstReg       The guest register that will is to be updated.
  * @param   enmIntendedUse  How the caller will be using the host register.
+ * @param   fNoVolatileRegs Set if no volatile register allowed, clear if any
+ *                          register is okay (default).  The ASSUMPTION here is
+ *                          that the caller has already flushed all volatile
+ *                          registers, so this is only applied if we allocate a
+ *                          new register.
  * @sa      iemNativeRegAllocTmpForGuestRegIfAlreadyPresent
  */
 DECL_HIDDEN_THROW(uint8_t)
-iemNativeRegAllocTmpForGuestReg(PIEMRECOMPILERSTATE pReNative, uint32_t *poff,
-                                IEMNATIVEGSTREG enmGstReg, IEMNATIVEGSTREGUSE enmIntendedUse)
+iemNativeRegAllocTmpForGuestReg(PIEMRECOMPILERSTATE pReNative, uint32_t *poff, IEMNATIVEGSTREG enmGstReg,
+                                IEMNATIVEGSTREGUSE enmIntendedUse, bool fNoVolatileRegs /*=false*/)
 {
     Assert(enmGstReg < kIemNativeGstReg_End && g_aGstShadowInfo[enmGstReg].cb != 0);
@@ -3641 +3646 @@
     static const char * const s_pszIntendedUse[] = { "fetch", "update", "full write", "destructive calc" };
 #endif
+    uint32_t const fRegMask = !fNoVolatileRegs
+                            ? IEMNATIVE_HST_GREG_MASK & ~IEMNATIVE_REG_FIXED_MASK
+                            : IEMNATIVE_HST_GREG_MASK & ~IEMNATIVE_REG_FIXED_MASK & ~IEMNATIVE_CALL_VOLATILE_GREG_MASK;
 
     /*
@@ -3665 +3673 @@
                     & (~IEMNATIVE_REG_FIXED_MASK & IEMNATIVE_HST_GREG_MASK)))
             {
-                uint8_t const idxRegNew = iemNativeRegAllocTmp(pReNative, poff);
+                uint8_t const idxRegNew = iemNativeRegAllocTmpEx(pReNative, poff, fRegMask);
 
                 *poff = iemNativeEmitLoadGprFromGpr(pReNative, *poff, idxRegNew, idxReg);
@@ -3702 +3710 @@
              */
             /** @todo share register for readonly access. */
-            uint8_t const idxRegNew = iemNativeRegAllocTmp(pReNative, poff, enmIntendedUse == kIemNativeGstRegUse_Calculation);
+            uint8_t const idxRegNew = iemNativeRegAllocTmpEx(pReNative, poff, fRegMask,
+                                                             enmIntendedUse == kIemNativeGstRegUse_Calculation);
 
             if (enmIntendedUse != kIemNativeGstRegUse_ForFullWrite)
@@ -3721 +3730 @@
             idxReg = idxRegNew;
         }
+        Assert(RT_BIT_32(idxReg) & fRegMask); /* See assumption in fNoVolatileRegs docs. */
 
 #ifdef VBOX_STRICT
@@ -3733 +3743 @@
      * Allocate a new register, load it with the guest value and designate it as a copy of the
      */
-    uint8_t const idxRegNew = iemNativeRegAllocTmp(pReNative, poff, enmIntendedUse == kIemNativeGstRegUse_Calculation);
+    uint8_t const idxRegNew = iemNativeRegAllocTmpEx(pReNative, poff, fRegMask, enmIntendedUse == kIemNativeGstRegUse_Calculation);
 
     if (enmIntendedUse != kIemNativeGstRegUse_ForFullWrite)
@@ -8764 +8774 @@
 #ifdef VBOX_STRICT
     off = iemNativeEmitTestAnyBitsInGpr(pReNative, off, idxReg, X86_EFL_RA1_MASK);
-    off = iemNativeEmitJnzToFixed(pReNative, off, 1);
+    uint32_t offFixup = off;
+    off = iemNativeEmitJnzToFixed(pReNative, off, off);
     off = iemNativeEmitBrk(pReNative, off, UINT32_C(0x2001));
+    iemNativeFixupFixedJump(pReNative, offFixup, off);
 
     off = iemNativeEmitTestAnyBitsInGpr(pReNative, off, idxReg, X86_EFL_RAZ_MASK & CPUMX86EFLAGS_HW_MASK_32);
-    off = iemNativeEmitJzToFixed(pReNative, off, 1);
+    offFixup = off;
+    off = iemNativeEmitJzToFixed(pReNative, off, off);
     off = iemNativeEmitBrk(pReNative, off, UINT32_C(0x2002));
+    iemNativeFixupFixedJump(pReNative, offFixup, off);
 #endif
 
@@ -11023 +11037 @@
     }
     uint32_t const offJmpFixup = off;
-    off = iemNativeEmitJzToFixed(pReNative, off, 0);
+    off = iemNativeEmitJzToFixed(pReNative, off, off /* ASSUME jz rel8 suffices*/);
 
     /*
@@ -11210 +11224 @@
     static const char * const a_apszMarkers[] =
     {
-        "unknown0", "CheckCsLim", "ConsiderLimChecking", "CheckOpcodes", "PcAfterBranch", "LoadTlbForNewPage"
+        /*[0]=*/ "unknown0",        "CheckCsLim",           "ConsiderLimChecking",  "CheckOpcodes",
+        /*[4]=*/ "PcAfterBranch",   "LoadTlbForNewPage",    "LoadTlbAfterBranch"
     };
 #endif

trunk/src/VBox/VMM/VMMAll/IEMAllThrdFuncsBltIn.cpp

@@ -341 +341 @@
             if (GCPhysRangePageWithOffset == pVCpu->iem.s.GCPhysInstrBuf + off) \
             { /* we're good */ } \
+            /** @todo r=bird: Not sure if we need the TB obsolete complication here. \
+             * If we're preceeded by an indirect jump, there is no reason why the TB \
+             * would be 'obsolete' just because this time around the indirect jump ends \
+             * up at the same offset in a different page.  This would be real bad for \
+             * indirect trampolines/validators. */ \
             else if (pTb->aRanges[(a_idxRange)].offPhysPage != off) \
             { \

trunk/src/VBox/VMM/VMMAll/IEMAllThrdPython.py

@@ -1981 +1981 @@
         ( 'CheckOpcodesAcrossPageLoadingTlbConsiderCsLim',      2, True  ),
 
-        ( 'CheckCsLimAndOpcodesLoadingTlb',                     3, False ),
-        ( 'CheckOpcodesLoadingTlb',                             3, False ),
-        ( 'CheckOpcodesLoadingTlbConsiderCsLim',                3, False ),
+        ( 'CheckCsLimAndOpcodesLoadingTlb',                     3, True  ),
+        ( 'CheckOpcodesLoadingTlb',                             3, True  ),
+        ( 'CheckOpcodesLoadingTlbConsiderCsLim',                3, True  ),
 
         ( 'CheckCsLimAndOpcodesOnNextPageLoadingTlb',           2, True  ),

trunk/src/VBox/VMM/include/IEMN8veRecompiler.h

@@ -814 +814 @@
                                                     bool fPreferVolatile = true);
 DECL_HIDDEN_THROW(uint8_t)  iemNativeRegAllocTmpForGuestReg(PIEMRECOMPILERSTATE pReNative, uint32_t *poff,
-                                                            IEMNATIVEGSTREG enmGstReg, IEMNATIVEGSTREGUSE enmIntendedUse);
+                                                            IEMNATIVEGSTREG enmGstReg, IEMNATIVEGSTREGUSE enmIntendedUse,
+                                                            bool fNoVoltileRegs = false);
 DECL_HIDDEN_THROW(uint8_t)  iemNativeRegAllocTmpForGuestRegIfAlreadyPresent(PIEMRECOMPILERSTATE pReNative, uint32_t *poff,
                                                                             IEMNATIVEGSTREG enmGstReg);

trunk/src/VBox/VMM/include/IEMN8veRecompilerEmit.h

@@ -2903 +2903 @@
  * Emits a Jcc rel32 / B.cc imm19 with a fixed displacement.
  *
- * The @a offTarget is applied x86-style, so zero means the next instruction.
- * The unit is IEMNATIVEINSTR.
- */
-DECL_INLINE_THROW(uint32_t)
-iemNativeEmitJccToFixed(PIEMRECOMPILERSTATE pReNative, uint32_t off, int32_t offTarget, IEMNATIVEINSTRCOND enmCond)
-{
-#ifdef RT_ARCH_AMD64
-    /* jcc rel32 */
+ * @note The @a offTarget is the absolute jump target (unit is IEMNATIVEINSTR).
+ *
+ *       Only use hardcoded jumps forward when emitting for exactly one
+ *       platform, otherwise apply iemNativeFixupFixedJump() to ensure hitting
+ *       the right target address on all platforms!
+ *
+ *       Please also note that on x86 it is necessary pass off + 256 or higher
+ *       for @a offTarget one believe the intervening code is more than 127
+ *       bytes long.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitJccToFixed(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint32_t offTarget, IEMNATIVEINSTRCOND enmCond)
+{
+#ifdef RT_ARCH_AMD64
+    /* jcc rel8 / rel32 */
     uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 6);
-    if (offTarget < 128 && offTarget >= -128)
+    int32_t         offDisp   = (int32_t)(offTarget - (off + 2));
+    if (offDisp < 128 && offDisp >= -128)
     {
         pbCodeBuf[off++] = (uint8_t)enmCond | 0x70;
-        pbCodeBuf[off++] = RT_BYTE1((uint32_t)offTarget);
-    }
-    else
-    {
+        pbCodeBuf[off++] = RT_BYTE1((uint32_t)offDisp);
+    }
+    else
+    {
+        offDisp -= 4;
         pbCodeBuf[off++] = 0x0f;
         pbCodeBuf[off++] = (uint8_t)enmCond | 0x80;
-        pbCodeBuf[off++] = RT_BYTE1((uint32_t)offTarget);
-        pbCodeBuf[off++] = RT_BYTE2((uint32_t)offTarget);
-        pbCodeBuf[off++] = RT_BYTE3((uint32_t)offTarget);
-        pbCodeBuf[off++] = RT_BYTE4((uint32_t)offTarget);
+        pbCodeBuf[off++] = RT_BYTE1((uint32_t)offDisp);
+        pbCodeBuf[off++] = RT_BYTE2((uint32_t)offDisp);
+        pbCodeBuf[off++] = RT_BYTE3((uint32_t)offDisp);
+        pbCodeBuf[off++] = RT_BYTE4((uint32_t)offDisp);
     }
 
 #elif defined(RT_ARCH_ARM64)
     uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
-    pu32CodeBuf[off++] = Armv8A64MkInstrBCond(enmCond, offTarget + 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrBCond(enmCond, (int32_t)(offTarget - off));
 
 #else
@@ -2942 +2951 @@
  * Emits a JZ/JE rel32 / B.EQ imm19 with a fixed displacement.
  *
- * The @a offTarget is applied x86-style, so zero means the next instruction.
- * The unit is IEMNATIVEINSTR.
- */
-DECL_INLINE_THROW(uint32_t) iemNativeEmitJzToFixed(PIEMRECOMPILERSTATE pReNative, uint32_t off, int32_t offTarget)
+ * See notes on @a offTarget in the iemNativeEmitJccToFixed() documentation.
+ */
+DECL_INLINE_THROW(uint32_t) iemNativeEmitJzToFixed(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint32_t offTarget)
 {
 #ifdef RT_ARCH_AMD64
@@ -2960 +2968 @@
  * Emits a JNZ/JNE rel32 / B.NE imm19 with a fixed displacement.
  *
- * The @a offTarget is applied x86-style, so zero means the next instruction.
- * The unit is IEMNATIVEINSTR.
- */
-DECL_INLINE_THROW(uint32_t) iemNativeEmitJnzToFixed(PIEMRECOMPILERSTATE pReNative, uint32_t off, int32_t offTarget)
+ * See notes on @a offTarget in the iemNativeEmitJccToFixed() documentation.
+ */
+DECL_INLINE_THROW(uint32_t) iemNativeEmitJnzToFixed(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint32_t offTarget)
 {
 #ifdef RT_ARCH_AMD64
@@ -2978 +2985 @@
  * Emits a JBE/JNA rel32 / B.LS imm19 with a fixed displacement.
  *
- * The @a offTarget is applied x86-style, so zero means the next instruction.
- * The unit is IEMNATIVEINSTR.
- */
-DECL_INLINE_THROW(uint32_t) iemNativeEmitJbeToFixed(PIEMRECOMPILERSTATE pReNative, uint32_t off, int32_t offTarget)
+ * See notes on @a offTarget in the iemNativeEmitJccToFixed() documentation.
+ */
+DECL_INLINE_THROW(uint32_t) iemNativeEmitJbeToFixed(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint32_t offTarget)
 {
 #ifdef RT_ARCH_AMD64
@@ -2996 +3002 @@
  * Emits a JA/JNBE rel32 / B.HI imm19 with a fixed displacement.
  *
- * The @a offTarget is applied x86-style, so zero means the next instruction.
- * The unit is IEMNATIVEINSTR.
- */
-DECL_INLINE_THROW(uint32_t) iemNativeEmitJaToFixed(PIEMRECOMPILERSTATE pReNative, uint32_t off, int32_t offTarget)
+ * See notes on @a offTarget in the iemNativeEmitJccToFixed() documentation.
+ */
+DECL_INLINE_THROW(uint32_t) iemNativeEmitJaToFixed(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint32_t offTarget)
 {
 #ifdef RT_ARCH_AMD64
@@ -3012 +3017 @@
 
 /**
+ * Emits a JMP rel32/rel8 / B imm26 with a fixed displacement.
+ *
+ * See notes on @a offTarget in the iemNativeEmitJccToFixed() documentation.
+ */
+DECL_INLINE_THROW(uint32_t) iemNativeEmitJmpToFixed(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint32_t offTarget)
+{
+#ifdef RT_ARCH_AMD64
+    /* jmp rel8 or rel32 */
+    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 5);
+    int32_t         offDisp   = offTarget - (off + 2);
+    if (offDisp < 128 && offDisp >= -128)
+    {
+        pbCodeBuf[off++] = 0xeb;
+        pbCodeBuf[off++] = RT_BYTE1((uint32_t)offDisp);
+    }
+    else
+    {
+        offDisp -= 3;
+        pbCodeBuf[off++] = 0xe9;
+        pbCodeBuf[off++] = RT_BYTE1((uint32_t)offDisp);
+        pbCodeBuf[off++] = RT_BYTE2((uint32_t)offDisp);
+        pbCodeBuf[off++] = RT_BYTE3((uint32_t)offDisp);
+        pbCodeBuf[off++] = RT_BYTE4((uint32_t)offDisp);
+    }
+
+#elif defined(RT_ARCH_ARM64)
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrB(enmCond, (int32_t)(offTarget - off));
+
+#else
+# error "Port me!"
+#endif
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+    return off;
+}
+
+
+/**
  * Fixes up a conditional jump to a fixed label.
- * @see  iemNativeEmitJnzToFixed, iemNativeEmitJzToFixed, ...
- */
-DECLINLINE(void) iemNativeFixupFixedJump(PIEMRECOMPILERSTATE pReNative, uint32_t offFixup, uint32_t offTarget)
-{
-# if defined(RT_ARCH_AMD64)
+ * @see  iemNativeEmitJmpToFixed, iemNativeEmitJnzToFixed,
+ *       iemNativeEmitJzToFixed, ...
+ */
+DECL_INLINE_THROW(void) iemNativeFixupFixedJump(PIEMRECOMPILERSTATE pReNative, uint32_t offFixup, uint32_t offTarget)
+{
+#ifdef RT_ARCH_AMD64
     uint8_t * const pbCodeBuf = pReNative->pInstrBuf;
-    if (pbCodeBuf[offFixup] != 0x0f)
-    {
-        Assert((uint8_t)(pbCodeBuf[offFixup] - 0x70) <= 0x10);
+    uint8_t const   bOpcode   = pbCodeBuf[offFixup];
+    if ((uint8_t)(bOpcode - 0x70) < (uint8_t)0x10 || bOpcode == 0xeb)
+    {
         pbCodeBuf[offFixup + 1] = (uint8_t)(offTarget - (offFixup + 2));
-        Assert(pbCodeBuf[offFixup + 1] == offTarget - (offFixup + 2));
-    }
-    else
-    {
-        Assert((uint8_t)(pbCodeBuf[offFixup + 1] - 0x80) <= 0x10);
-        uint32_t const offRel32 = offTarget - (offFixup + 6);
-        pbCodeBuf[offFixup + 2] = RT_BYTE1(offRel32);
-        pbCodeBuf[offFixup + 3] = RT_BYTE2(offRel32);
-        pbCodeBuf[offFixup + 4] = RT_BYTE3(offRel32);
-        pbCodeBuf[offFixup + 5] = RT_BYTE4(offRel32);
-    }
-
-# elif defined(RT_ARCH_ARM64)
+        AssertStmt(pbCodeBuf[offFixup + 1] == offTarget - (offFixup + 2),
+                   IEMNATIVE_DO_LONGJMP(pReNative, VERR_IEM_EMIT_FIXED_JUMP_OUT_OF_RANGE));
+    }
+    else
+    {
+        if (bOpcode != 0x0f)
+            Assert(bOpcode == 0xe9);
+        else
+        {
+            offFixup += 1;
+            Assert((uint8_t)(pbCodeBuf[offFixup] - 0x80) <= 0x10);
+        }
+        uint32_t const offRel32 = offTarget - (offFixup + 5);
+        pbCodeBuf[offFixup + 1] = RT_BYTE1(offRel32);
+        pbCodeBuf[offFixup + 2] = RT_BYTE2(offRel32);
+        pbCodeBuf[offFixup + 3] = RT_BYTE3(offRel32);
+        pbCodeBuf[offFixup + 4] = RT_BYTE4(offRel32);
+    }
+
+#elif defined(RT_ARCH_ARM64)
     uint32_t * const pu32CodeBuf = pReNative->pInstrBuf;
-
-    int32_t const offDisp = offTarget - offFixup;
-    Assert(offDisp >= -262144 && offDisp < 262144);
-    Assert((pu32CodeBuf[offFixup] & UINT32_C(0xff000000)) == UINT32_C(0x54000000)); /* B.COND + BC.COND */
-
-    pu32CodeBuf[offFixup] = (pu32CodeBuf[offFixup] & UINT32_C(0xff00001f))
-                          | (((uint32_t)offDisp    & UINT32_C(0x0007ffff)) << 5);
-
-# endif
+    if ((pu32CodeBuf[offFixup] & UINT32_C(0xff000000)) == UINT32_C(0x54000000))
+    {
+        /* B.COND + BC.COND */
+        int32_t const offDisp = offTarget - offFixup;
+        Assert(offDisp >= -262144 && offDisp < 262144);
+        pu32CodeBuf[offFixup] = (pu32CodeBuf[offFixup] & UINT32_C(0xff00001f))
+                              | (((uint32_t)offDisp    & UINT32_C(0x0007ffff)) << 5);
+    }
+    else
+    {
+        /* B imm26 */
+        Assert((pu32CodeBuf[offFixup] & UINT32_C(0xfc000000)) == UINT32_C(0x14000000));
+        int32_t const offDisp = offTarget - offFixup;
+        Assert(offDisp >= -33554432 && offDisp < 33554432);
+        pu32CodeBuf[offFixup] = (pu32CodeBuf[offFixup] & UINT32_C(0xfc000000))
+                              | ((uint32_t)offDisp     & UINT32_C(0x03ffffff));
+    }
+
+#else
+# error "Port me!"
+#endif
 }
 
@@ -3327 +3390 @@
 
 /**
+ * Emits code that jumps to @a idxLabel if @a iGprSrc is not zero.
+ *
+ * The operand size is given by @a f64Bit.
+ */
+DECL_INLINE_THROW(uint32_t) iemNativeEmitTestIfGprIsNotZeroAndJmpToLabel(PIEMRECOMPILERSTATE pReNative, uint32_t off,
+                                                                         uint8_t iGprSrc, bool f64Bit, uint32_t idxLabel)
+{
+    Assert(idxLabel < pReNative->cLabels);
+
+#ifdef RT_ARCH_AMD64
+    /* test reg32,reg32  / test reg64,reg64 */
+    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
+    if (f64Bit)
+        pbCodeBuf[off++] = X86_OP_REX_W | (iGprSrc < 8 ? 0 : X86_OP_REX_R | X86_OP_REX_B);
+    else if (iGprSrc >= 8)
+        pbCodeBuf[off++] = X86_OP_REX_R | X86_OP_REX_B;
+    pbCodeBuf[off++] = 0x85;
+    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprSrc & 7, iGprSrc & 7);
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+
+    /* jnz idxLabel  */
+    off = iemNativeEmitJnzToLabel(pReNative, off, idxLabel);
+
+#elif defined(RT_ARCH_ARM64)
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    iemNativeAddFixup(pReNative, off, idxLabel, kIemNativeFixupType_RelImm19At5);
+    pu32CodeBuf[off++] = Armv8A64MkInstrCbzCbnz(true /*fJmpIfNotZero*/, 0, iGprSrc, f64Bit);
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+
+#else
+# error "Port me!"
+#endif
+    return off;
+}
+
+
+/**
+ * Emits code that jumps to a new label if @a iGprSrc is not zero.
+ *
+ * The operand size is given by @a f64Bit.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitTestIfGprIsNotZeroAndJmpToNewLabel(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprSrc, bool f64Bit,
+                                               IEMNATIVELABELTYPE enmLabelType, uint16_t uData = 0)
+{
+    uint32_t const idxLabel = iemNativeLabelCreate(pReNative, enmLabelType, UINT32_MAX /*offWhere*/, uData);
+    return iemNativeEmitTestIfGprIsNotZeroAndJmpToLabel(pReNative, off, iGprSrc, f64Bit, idxLabel);
+}
+
+
+/**
  * Emits code that jumps to the given label if @a iGprLeft and @a iGprRight
  * differs.