Changeset 102765 in vbox for trunk/src/VBox/VMM

Timestamp:

Jan 4, 2024 7:01:46 PM (13 months ago)

Author:

vboxsync

Message:

VMM/IEM: Reworking native translation of IEM_MC_*PUSH* in prep for doing TLB lookups. bugreg:10371

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/IEMAllN8veRecompiler.cpp (modified) (10 diffs)
• include/IEMN8veRecompiler.h (modified) (1 diff)
• include/IEMN8veRecompilerEmit.h (modified) (8 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompiler.cpp

@@ -3667 +3667 @@
         Assert(pReNative->Core.bmHstRegsWithGstShadow & RT_BIT_32(idxReg));
 
+        /* It's not supposed to be allocated... */
         if (!(pReNative->Core.bmHstRegs & RT_BIT_32(idxReg)))
         {
@@ -3675 +3676 @@
              */
             /** @todo would be nice to know if preserving the register is in any way helpful. */
+            /* If the purpose is calculations, try duplicate the register value as
+               we'll be clobbering the shadow. */
             if (   enmIntendedUse == kIemNativeGstRegUse_Calculation
                 && (  ~pReNative->Core.bmHstRegs
@@ -3689 +3692 @@
                 idxReg = idxRegNew;
             }
-            else
+            /* If the current register matches the restrictions, go ahead and allocate
+               it for the caller. */
+            else if (fRegMask & RT_BIT_32(idxReg))
             {
                 pReNative->Core.bmHstRegs |= RT_BIT_32(idxReg);
@@ -3704 +3709 @@
                 }
             }
+            /* Otherwise, allocate a register that satisfies the caller and transfer
+               the shadowing if compatible with the intended use.  (This basically
+               means the call wants a non-volatile register (RSP push/pop scenario).) */
+            else
+            {
+                Assert(fNoVolatileRegs);
+                uint8_t const idxRegNew = iemNativeRegAllocTmpEx(pReNative, poff, fRegMask,
+                                                                    !fNoVolatileRegs
+                                                                 && enmIntendedUse == kIemNativeGstRegUse_Calculation);
+                *poff = iemNativeEmitLoadGprFromGpr(pReNative, *poff, idxRegNew, idxReg);
+                if (enmIntendedUse != kIemNativeGstRegUse_Calculation)
+                {
+                    iemNativeRegTransferGstRegShadowing(pReNative, idxReg, idxRegNew, enmGstReg, *poff);
+                    Log12(("iemNativeRegAllocTmpForGuestReg: Transfering %s to %s for guest %s %s\n",
+                           g_apszIemNativeHstRegNames[idxReg], g_apszIemNativeHstRegNames[idxRegNew],
+                           g_aGstShadowInfo[enmGstReg].pszName, s_pszIntendedUse[enmIntendedUse]));
+                }
+                else
+                    Log12(("iemNativeRegAllocTmpForGuestReg: Duplicated %s for guest %s into %s for destructive calc\n",
+                           g_apszIemNativeHstRegNames[idxReg], g_aGstShadowInfo[enmGstReg].pszName,
+                           g_apszIemNativeHstRegNames[idxRegNew]));
+                idxReg = idxRegNew;
+            }
         }
         else
         {
+            /*
+             * Oops. Shadowed guest register already allocated!
+             *
+             * Allocate a new register, copy the value and, if updating, the
+             * guest shadow copy assignment to the new register.
+             */
             AssertMsg(   enmIntendedUse != kIemNativeGstRegUse_ForUpdate
                       && enmIntendedUse != kIemNativeGstRegUse_ForFullWrite,
@@ -3712 +3746 @@
                        idxReg, enmGstReg, s_pszIntendedUse[enmIntendedUse]));
 
-            /*
-             * Allocate a new register, copy the value and, if updating, the
-             * guest shadow copy assignment to the new register.
-             */
             /** @todo share register for readonly access. */
             uint8_t const idxRegNew = iemNativeRegAllocTmpEx(pReNative, poff, fRegMask,
@@ -11417 +11447 @@
                    : cBitsVarAndFlat == RT_MAKE_U32_FROM_U8(32, 32, 0, 0) ? (uintptr_t)iemNativeHlpStackFlat32PushU32
                    : cBitsVarAndFlat == RT_MAKE_U32_FROM_U8(32, 32, 1, 0) ? (uintptr_t)iemNativeHlpStackFlat32PushU32SReg
-                   : cBitsVarAndFlat == RT_MAKE_U32_FROM_U8(64, 16, 0, 0) ? (uintptr_t)iemNativeHlpStackFlat64PushU16
+                   : cBitsVarAndFlat == RT_MAKE_U32_FROM_U8(16, 64, 0, 0) ? (uintptr_t)iemNativeHlpStackFlat64PushU16
                    : cBitsVarAndFlat == RT_MAKE_U32_FROM_U8(64, 64, 0, 0) ? (uintptr_t)iemNativeHlpStackFlat64PushU64
                    : UINT64_C(0xc000b000a0009000) ));
@@ -11447 +11477 @@
 
     /*
-     * Move/spill/flush stuff out of call-volatile registers, keeping whatever
-     * idxVarValue might be occupying.
-     *
-     * This is the easy way out. We could contain this to the tlb-miss branch
-     * by saving and restoring active stuff here.
-     */
-    /** @todo save+restore active registers and maybe guest shadows in tlb-miss.  */
-    off = iemNativeRegMoveAndFreeAndFlushAtCall(pReNative, off, 0 /* vacate all non-volatile regs */, RT_BIT_32(idxVarValue));
-
-    /* For now, flush any shadow copy of the xSP register. */
-    iemNativeRegFlushGuestShadows(pReNative, RT_BIT_64(IEMNATIVEGSTREG_GPR(X86_GREG_xSP)));
-
-    /*
      * Define labels and allocate the result register (trying for the return
      * register if we can).
@@ -11468 +11485 @@
 
     /*
-     * First we try to go via the TLB.
-     */
-//pReNative->pInstrBuf[off++] = 0xcc;
-    /** @todo later. */
-    RT_NOREF(cBitsVarAndFlat);
-
-    /*
-     * Call helper to do the popping.
+     * First we calculate the new RSP and the effective stack pointer value.
+     * For 64-bit mode and flat 32-bit these two are the same.
+     */
+    uint8_t const cbMem       = RT_BYTE1(cBitsVarAndFlat) / 8;
+    uint8_t const cBitsFlat   = RT_BYTE2(cBitsVarAndFlat);      RT_NOREF(cBitsFlat);
+    bool const    fSeg        = RT_BYTE3(cBitsVarAndFlat) != 0; RT_NOREF(fSeg);
+    uint8_t const idxRegRsp   = iemNativeRegAllocTmpForGuestReg(pReNative, &off, IEMNATIVEGSTREG_GPR(X86_GREG_xSP),
+                                                                kIemNativeGstRegUse_ForUpdate, true /*fNoVolatileRegs*/);
+    uint8_t const idxRegEffSp = cBitsFlat != 0 ? idxRegRsp : iemNativeRegAllocTmp(pReNative, &off);
+    if (cBitsFlat != 0)
+    {
+        Assert(idxRegEffSp == idxRegRsp);
+        Assert(cBitsFlat == 32 || cBitsFlat == 64);
+        Assert(IEM_F_MODE_X86_IS_FLAT(pReNative->fExec));
+        if (cBitsFlat == 64)
+            off = iemNativeEmitSubGprImm(pReNative, off, idxRegRsp, cbMem);
+        else
+            off = iemNativeEmitSubGpr32Imm(pReNative, off, idxRegRsp, cbMem);
+    }
+    else /** @todo We can skip the test if we're targeting pre-386 CPUs. */
+    {
+        Assert(idxRegEffSp != idxRegRsp);
+        uint8_t const idxRegSsAttr = iemNativeRegAllocTmpForGuestReg(pReNative, &off, IEMNATIVEGSTREG_SEG_ATTRIB(X86_SREG_SS),
+                                                                     kIemNativeGstRegUse_ReadOnly);
+#ifdef RT_ARCH_AMD64
+        PIEMNATIVEINSTR const pCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 48);
+#else
+        PIEMNATIVEINSTR const pCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 20);
+#endif
+        off = iemNativeEmitTestAnyBitsInGpr32Ex(pCodeBuf, off, idxRegSsAttr, X86DESCATTR_D);
+        iemNativeRegFreeTmp(pReNative, idxRegSsAttr);
+        uint32_t const offFixupJumpTo16BitSp = off;
+        off = iemNativeEmitJccToFixedEx(pCodeBuf, off, off /*8-bit suffices*/, kIemNativeInstrCond_e); /* jump if zero */
+        /* have_32bit_sp: */
+        off = iemNativeEmitSubGpr32ImmEx(pCodeBuf, off, idxRegRsp, cbMem);
+        off = iemNativeEmitLoadGprFromGpr32Ex(pCodeBuf, off, idxRegEffSp, idxRegRsp);
+        uint32_t const offFixupJumpToEnd = off;
+        off = iemNativeEmitJmpToFixedEx(pCodeBuf, off, off /*8-bit suffices*/);
+
+        /** @todo Put snippet before TlbMiss. */
+        /* have_16bit_sp: */
+        iemNativeFixupFixedJump(pReNative, offFixupJumpTo16BitSp, off);
+#ifdef RT_ARCH_AMD64
+        off = iemNativeEmitSubGpr16ImmEx(pCodeBuf, off, idxRegRsp, cbMem); /* ASSUMES this does NOT modify bits [63:16]! */
+        off = iemNativeEmitLoadGprFromGpr16Ex(pCodeBuf, off, idxRegEffSp, idxRegRsp);
+#else
+        /* sub regeff, regrsp, #cbMem */
+        pCodeBuf[off++] = Armv8A64MkInstrSubUImm12(idxRegEffSp, idxRegRsp, cbMem, false /*f64Bit*/);
+        /* and regeff, regeff, #0xffff */
+        Assert(Armv8A64ConvertImmRImmS2Mask32(15, 0) == 0xffff);
+        pCodeBuf[off++] = Armv8A64MkInstrAndImm(idxRegEffSp, idxRegEffSp, 15, 0,  false /*f64Bit*/);
+        /* bfi regrsp, regeff, 0, 16 - moves bits 7:16 from idxVarReg to idxGstTmpReg bits 16:0. */
+        pCodeBuf[off++] = Armv8A64MkInstrBfi(idxRegRsp, idxRegEffSp, 15, 0, false /*f64Bit*/);
+#endif
+        /* sp_update_end: */
+        iemNativeFixupFixedJump(pReNative, offFixupJumpToEnd, off);
+        IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+    }
+
+    /*
+     * TlbMiss:
+     *
+     * Call helper to do the pushing.
      */
     iemNativeLabelDefine(pReNative, idxLabelTlbMiss, off);
@@ -11485 +11557 @@
 #endif
 
+    /* Save variables in volatile registers. */
+    uint32_t const fHstRegsNotToSave = 0/*TlbState.getRegsNotToSave()*/
+                                     | (idxRegEffSp != idxRegRsp ? RT_BIT_32(idxRegEffSp) : 0)
+                                     | (  pReNative->Core.aVars[idxVarValue].idxReg < RT_ELEMENTS(pReNative->Core.aHstRegs)
+                                        ? RT_BIT_32(pReNative->Core.aVars[idxVarValue].idxReg) : 0);
+    off = iemNativeVarSaveVolatileRegsPreHlpCall(pReNative, off, fHstRegsNotToSave);
+
+
     /* IEMNATIVE_CALL_ARG1_GREG = idxVarValue (first) */
     off = iemNativeEmitLoadArgGregFromImmOrStackVar(pReNative, off, IEMNATIVE_CALL_ARG1_GREG, idxVarValue,
@@ -11495 +11575 @@
     off = iemNativeEmitCallImm(pReNative, off, pfnFunction);
 
+    /* Restore variables and guest shadow registers to volatile registers. */
+    off = iemNativeVarRestoreVolatileRegsPostHlpCall(pReNative, off, fHstRegsNotToSave);
+    off = iemNativeRegRestoreGuestShadowsInVolatileRegs(pReNative, off, 0/*TlbState.getActiveRegsWithShadows()*/);
+
     /* The value variable is implictly flushed. */
     iemNativeVarFreeLocal(pReNative, idxVarValue);
 
+    /*
+     * TlbDone:
+     *
+     * Commit the new RSP value.
+     */
     iemNativeLabelDefine(pReNative, idxLabelTlbDone, off);
+
+    off = iemNativeEmitStoreGprToVCpuU64(pReNative, off, idxRegRsp, RT_UOFFSETOF_DYN(VMCPU, cpum.GstCtx.rsp));
+    iemNativeRegFreeTmp(pReNative, idxRegRsp);
+    if (idxRegEffSp != idxRegRsp)
+        iemNativeRegFreeTmp(pReNative, idxRegEffSp);
 
     return off;

trunk/src/VBox/VMM/include/IEMN8veRecompiler.h

@@ -824 +824 @@
                                                             IEMNATIVEGSTREG enmGstReg,
                                                             IEMNATIVEGSTREGUSE enmIntendedUse = kIemNativeGstRegUse_ReadOnly,
-                                                            bool fNoVoltileRegs = false);
+                                                            bool fNoVolatileRegs = false);
 DECL_HIDDEN_THROW(uint8_t)  iemNativeRegAllocTmpForGuestRegIfAlreadyPresent(PIEMRECOMPILERSTATE pReNative, uint32_t *poff,
                                                                             IEMNATIVEGSTREG enmGstReg);

trunk/src/VBox/VMM/include/IEMN8veRecompilerEmit.h

@@ -978 +978 @@
  */
 DECL_INLINE_THROW(uint32_t)
-iemNativeEmitLoadGprFromGpr16(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc)
+iemNativeEmitLoadGprFromGpr16Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc)
 {
 #ifdef RT_ARCH_AMD64
     /* movzx Gv,Ew */
-    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 4);
     if ((iGprDst | iGprSrc) >= 8)
-        pbCodeBuf[off++] = iGprDst < 8  ? X86_OP_REX_B
-                         : iGprSrc >= 8 ? X86_OP_REX_R | X86_OP_REX_B
-                         :                X86_OP_REX_R;
-    pbCodeBuf[off++] = 0x0f;
-    pbCodeBuf[off++] = 0xb7;
-    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprSrc & 7);
+        pCodeBuf[off++] = iGprDst < 8  ? X86_OP_REX_B
+                        : iGprSrc >= 8 ? X86_OP_REX_R | X86_OP_REX_B
+                        :                X86_OP_REX_R;
+    pCodeBuf[off++] = 0x0f;
+    pCodeBuf[off++] = 0xb7;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprSrc & 7);
 
 #elif defined(RT_ARCH_ARM64)
     /* and gprdst, gprsrc, #0xffff */
-    uint32_t * const pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
 # if 1
     Assert(Armv8A64ConvertImmRImmS2Mask32(0x0f, 0) == UINT16_MAX);
-    pu32CodeBuf[off++] = Armv8A64MkInstrAndImm(iGprDst, iGprSrc, 0x0f, 0, false /*f64Bit*/);
+    pCodeBuf[off++] = Armv8A64MkInstrAndImm(iGprDst, iGprSrc, 0x0f, 0, false /*f64Bit*/);
 # else
     Assert(Armv8A64ConvertImmRImmS2Mask64(0x4f, 0) == UINT16_MAX);
-    pu32CodeBuf[off++] = Armv8A64MkInstrAndImm(iGprDst, iGprSrc, 0x4f, 0);
+    pCodeBuf[off++] = Armv8A64MkInstrAndImm(iGprDst, iGprSrc, 0x4f, 0);
 # endif
 
+#else
+# error "port me"
+#endif
+    return off;
+}
+
+
+/**
+ * Emits a gprdst = gprsrc[15:0] load.
+ * @note Bits 63 thru 15 are cleared.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitLoadGprFromGpr16(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc)
+{
+#ifdef RT_ARCH_AMD64
+    off = iemNativeEmitLoadGprFromGpr16Ex(iemNativeInstrBufEnsure(pReNative, off, 4), off, iGprDst, iGprSrc);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitLoadGprFromGpr16Ex(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst, iGprSrc);
 #else
 # error "port me"
@@ -2568 +2584 @@
 
 
-#ifdef RT_ARCH_AMD64
 /**
  * Emits a 64-bit GPR subtract with a signed immediate subtrahend.
- */
-DECL_INLINE_THROW(uint32_t)
-iemNativeEmitSubGprImm(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, int32_t iSubtrahend)
-{
-    /* sub gprdst, imm8/imm32 */
-    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 7);
-    if (iGprDst < 8)
-        pbCodeBuf[off++] = X86_OP_REX_W;
-    else
-        pbCodeBuf[off++] = X86_OP_REX_W | X86_OP_REX_B;
-    if (iSubtrahend < 128 && iSubtrahend >= -128)
-    {
-        pbCodeBuf[off++] = 0x83;
-        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
-        pbCodeBuf[off++] = (uint8_t)iSubtrahend;
-    }
-    else
-    {
-        pbCodeBuf[off++] = 0x81;
-        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
-        pbCodeBuf[off++] = RT_BYTE1(iSubtrahend);
-        pbCodeBuf[off++] = RT_BYTE2(iSubtrahend);
-        pbCodeBuf[off++] = RT_BYTE3(iSubtrahend);
-        pbCodeBuf[off++] = RT_BYTE4(iSubtrahend);
-    }
-    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
-    return off;
-}
-#endif
+ *
+ * This will optimize using DEC/INC/whatever, so try avoid flag dependencies.
+ *
+ * @note Larger constants will require a temporary register.  Failing to specify
+ *       one when needed will trigger fatal assertion / throw.
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitSubGprImmEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, int64_t iSubtrahend,
+                         uint8_t iGprTmp = UINT8_MAX)
+{
+#ifdef RT_ARCH_AMD64
+    pCodeBuf[off++] = iGprDst >= 8 ? X86_OP_REX_W | X86_OP_REX_B : X86_OP_REX_W;
+    if (iSubtrahend == 1)
+    {
+        /* dec r/m64 */
+        pCodeBuf[off++] = 0xff;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 1, iGprDst & 7);
+    }
+    else if (iSubtrahend == -1)
+    {
+        /* inc r/m64 */
+        pCodeBuf[off++] = 0xff;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprDst & 7);
+    }
+    else if ((int8_t)iSubtrahend == iSubtrahend)
+    {
+        /* sub r/m64, imm8 */
+        pCodeBuf[off++] = 0x83;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
+        pCodeBuf[off++] = (uint8_t)iSubtrahend;
+    }
+    else if ((int32_t)iSubtrahend == iSubtrahend)
+    {
+        /* sub r/m64, imm32 */
+        pCodeBuf[off++] = 0x81;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
+        pCodeBuf[off++] = RT_BYTE1((uint64_t)iSubtrahend);
+        pCodeBuf[off++] = RT_BYTE2((uint64_t)iSubtrahend);
+        pCodeBuf[off++] = RT_BYTE3((uint64_t)iSubtrahend);
+        pCodeBuf[off++] = RT_BYTE4((uint64_t)iSubtrahend);
+    }
+    else if (iGprTmp != UINT8_MAX)
+    {
+        off = iemNativeEmitLoadGprImmEx(pCodeBuf, off - 1, iGprTmp, (uint64_t)iSubtrahend);
+        /* sub r/m64, r64 */
+        pCodeBuf[off++] = X86_OP_REX_W | (iGprDst < 8 ? 0 : X86_OP_REX_B) | (iGprTmp < 8 ? 0 : X86_OP_REX_R);
+        pCodeBuf[off++] = 0x29;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprTmp & 7, iGprDst & 7);
+    }
+    else
+# ifdef IEM_WITH_THROW_CATCH
+        AssertFailedStmt(IEMNATIVE_DO_LONGJMP(NULL, VERR_IEM_IPE_9));
+# else
+        AssertReleaseFailedStmt(off = UINT32_MAX);
+# endif
+
+#elif defined(RT_ARCH_ARM64)
+    uint32_t uAbsSubtrahend = RT_ABS(iSubtrahend);
+    if (uAbsSubtrahend < 4096)
+    {
+        if (iSubtrahend >= 0)
+            pCodeBuf[off++] = Armv8A64MkInstrSubUImm12(iGprDst, iGprDst, uAbsSubtrahend);
+        else
+            pCodeBuf[off++] = Armv8A64MkInstrAddUImm12(iGprDst, iGprDst, uAbsSubtrahend);
+    }
+    else if (uAbsSubtrahend <= 0xfff000 && !(uAbsSubtrahend & 0xfff))
+    {
+        if (iSubtrahend >= 0)
+            pCodeBuf[off++] = Armv8A64MkInstrSubUImm12(iGprDst, iGprDst, uAbsSubtrahend >> 12,
+                                                       true /*f64Bit*/, false /*fSetFlags*/, true /*fShift*/);
+        else
+            pCodeBuf[off++] = Armv8A64MkInstrAddUImm12(iGprDst, iGprDst, uAbsSubtrahend >> 12,
+                                                       true /*f64Bit*/, false /*fSetFlags*/, true /*fShift*/);
+    }
+    else if (iGprTmp != UINT8_MAX)
+    {
+        off = iemNativeEmitLoadGprImmEx(pCodeBuf, off, iGprTmp, (uint64_t)iSubtrahend);
+        pCodeBuf[off++] = Armv8A64MkInstrSubReg(iGprDst, iGprDst, iGprTmp);
+    }
+    else
+# ifdef IEM_WITH_THROW_CATCH
+        AssertFailedStmt(IEMNATIVE_DO_LONGJMP(NULL, VERR_IEM_IPE_9));
+# else
+        AssertReleaseFailedStmt(off = UINT32_MAX);
+# endif
+
+#else
+# error "Port me"
+#endif
+    return off;
+}
+
+
+/**
+ * Emits a 64-bit GPR subtract with a signed immediate subtrahend.
+ *
+ * @note Larger constants will require a temporary register.  Failing to specify
+ *       one when needed will trigger fatal assertion / throw.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitSubGprImm(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, int64_t iSubtrahend,
+                       uint8_t iGprTmp = UINT8_MAX)
+
+{
+#ifdef RT_ARCH_AMD64
+    off = iemNativeEmitSubGprImmEx(iemNativeInstrBufEnsure(pReNative, off, 13), off, iGprDst, iSubtrahend, iGprTmp);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitSubGprImmEx(iemNativeInstrBufEnsure(pReNative, off, 5), off, iGprDst, iSubtrahend, iGprTmp);
+#else
+# error "Port me"
+#endif
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+    return off;
+}
 
 
@@ -2669 +2769 @@
     {
         off = iemNativeEmitLoadGpr32ImmEx(pCodeBuf, off, iGprTmp, (uint32_t)iSubtrahend);
-        pCodeBuf[off++] = Armv8A64MkInstrSubReg(iGprDst, iGprDst, iGprTmp);
+        pCodeBuf[off++] = Armv8A64MkInstrSubReg(iGprDst, iGprDst, iGprTmp, false /*f64Bit*/);
     }
     else
@@ -2677 +2777 @@
         AssertReleaseFailedStmt(off = UINT32_MAX);
 # endif
+
+#else
+# error "Port me"
+#endif
+    return off;
+}
+
+
+/**
+ * Emits a 32-bit GPR subtract with a signed immediate subtrahend.
+ *
+ * @note ARM64: Larger constants will require a temporary register.  Failing to
+ *       specify one when needed will trigger fatal assertion / throw.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitSubGpr32Imm(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, int32_t iSubtrahend,
+                         uint8_t iGprTmp = UINT8_MAX)
+
+{
+#ifdef RT_ARCH_AMD64
+    off = iemNativeEmitSubGprImmEx(iemNativeInstrBufEnsure(pReNative, off, 7), off, iGprDst, iSubtrahend, iGprTmp);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitSubGprImmEx(iemNativeInstrBufEnsure(pReNative, off, 3), off, iGprDst, iSubtrahend, iGprTmp);
+#else
+# error "Port me"
+#endif
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+    return off;
+}
+
+
+/**
+ * Emits a 16-bit GPR subtract with a signed immediate subtrahend.
+ *
+ * This will optimize using DEC/INC/whatever and ARM64 will not set flags,
+ * so not suitable as a base for conditional jumps.
+ *
+ * @note ARM64: Will update the entire register.
+ * @note AMD64: May perhaps only update the lower 16 bits of the register.
+ * @note ARM64: Larger constants will require a temporary register.  Failing to
+ *       specify one when needed will trigger fatal assertion / throw.
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitSubGpr16ImmEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, int16_t iSubtrahend,
+                           uint8_t iGprTmp = UINT8_MAX)
+{
+#ifdef RT_ARCH_AMD64
+    pCodeBuf[off++] = X86_OP_PRF_SIZE_OP;
+    if (iGprDst >= 8)
+        pCodeBuf[off++] = X86_OP_REX_B;
+    if (iSubtrahend == 1)
+    {
+        /* dec r/m16 */
+        pCodeBuf[off++] = 0xff;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 1, iGprDst & 7);
+    }
+    else if (iSubtrahend == -1)
+    {
+        /* inc r/m16 */
+        pCodeBuf[off++] = 0xff;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprDst & 7);
+    }
+    else if ((int8_t)iSubtrahend == iSubtrahend)
+    {
+        /* sub r/m16, imm8 */
+        pCodeBuf[off++] = 0x83;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
+        pCodeBuf[off++] = (uint8_t)iSubtrahend;
+    }
+    else
+    {
+        /* sub r/m16, imm16 */
+        pCodeBuf[off++] = 0x81;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
+        pCodeBuf[off++] = RT_BYTE1((uint16_t)iSubtrahend);
+        pCodeBuf[off++] = RT_BYTE2((uint16_t)iSubtrahend);
+    }
+    RT_NOREF(iGprTmp);
+
+#elif defined(RT_ARCH_ARM64)
+    uint32_t uAbsSubtrahend = RT_ABS(iSubtrahend);
+    if (uAbsSubtrahend < 4096)
+    {
+        if (iSubtrahend >= 0)
+            pCodeBuf[off++] = Armv8A64MkInstrSubUImm12(iGprDst, iGprDst, uAbsSubtrahend, false /*f64Bit*/);
+        else
+            pCodeBuf[off++] = Armv8A64MkInstrAddUImm12(iGprDst, iGprDst, uAbsSubtrahend, false /*f64Bit*/);
+    }
+    else if (uAbsSubtrahend <= 0xfff000 && !(uAbsSubtrahend & 0xfff))
+    {
+        if (iSubtrahend >= 0)
+            pCodeBuf[off++] = Armv8A64MkInstrSubUImm12(iGprDst, iGprDst, uAbsSubtrahend >> 12,
+                                                       false /*f64Bit*/, false /*fSetFlags*/, true /*fShift*/);
+        else
+            pCodeBuf[off++] = Armv8A64MkInstrAddUImm12(iGprDst, iGprDst, uAbsSubtrahend >> 12,
+                                                       false /*f64Bit*/, false /*fSetFlags*/, true /*fShift*/);
+    }
+    else if (iGprTmp != UINT8_MAX)
+    {
+        off = iemNativeEmitLoadGpr32ImmEx(pCodeBuf, off, iGprTmp, (uint32_t)iSubtrahend);
+        pCodeBuf[off++] = Armv8A64MkInstrSubReg(iGprDst, iGprDst, iGprTmp, false /*f64Bit*/);
+    }
+    else
+# ifdef IEM_WITH_THROW_CATCH
+        AssertFailedStmt(IEMNATIVE_DO_LONGJMP(NULL, VERR_IEM_IPE_9));
+# else
+        AssertReleaseFailedStmt(off = UINT32_MAX);
+# endif
+    pCodeBuf[off++] = Armv8A64MkInstrAndImm(iGprDst, iGprDst, 15, 0, false /*f64Bit*/);
 
 #else
@@ -5115 +5324 @@
 
 #elif defined(RT_ARCH_ARM64)
-
-    if (false)
-    {
-        /** @todo figure out how to work the immr / N:imms constants. */
-    }
-    else
-    {
-        /* ands Zr, iGprSrc, iTmpReg */
+    uint32_t uImmR     = 0;
+    uint32_t uImmNandS = 0;
+    if (Armv8A64ConvertMask64ToImmRImmS(fBits, &uImmNandS, &uImmR))
+    {
+        /* ands xzr, iGprSrc, #fBits */
+        uint32_t * const pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+        pu32CodeBuf[off++] = Armv8A64MkInstrAndsImm(ARMV8_A64_REG_XZR, iGprSrc, uImmNandS, uImmR);
+    }
+    else
+    {
+        /* ands xzr, iGprSrc, iTmpReg */
         uint8_t const iTmpReg = iemNativeRegAllocTmpImm(pReNative, &off, fBits);
         uint32_t * const pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
@@ -5138 +5350 @@
 
 /**
- * Emits a test for any of the bits from @a fBits in the lower 8 bits of
+ * Emits a test for any of the bits from @a fBits in the lower 32 bits of
  * @a iGprSrc, setting CPU flags accordingly.
  *
@@ -5146 +5358 @@
  */
 DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitTestAnyBitsInGpr32Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprSrc, uint32_t fBits)
+{
+    Assert(fBits != 0);
+
+#ifdef RT_ARCH_AMD64
+    if (fBits <= UINT8_MAX)
+    {
+        /* test Eb, imm8 */
+        if (iGprSrc >= 4)
+            pCodeBuf[off++] = iGprSrc >= 8 ? X86_OP_REX_B : X86_OP_REX;
+        pCodeBuf[off++] = 0xf6;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprSrc & 7);
+        pCodeBuf[off++] = (uint8_t)fBits;
+    }
+    else
+    {
+        /* test Ev, imm32 */
+        if (iGprSrc >= 8)
+            pCodeBuf[off++] = X86_OP_REX_B;
+        pCodeBuf[off++] = 0xf7;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprSrc & 7);
+        pCodeBuf[off++] = RT_BYTE1(fBits);
+        pCodeBuf[off++] = RT_BYTE2(fBits);
+        pCodeBuf[off++] = RT_BYTE3(fBits);
+        pCodeBuf[off++] = RT_BYTE4(fBits);
+    }
+
+#elif defined(RT_ARCH_ARM64)
+    /* ands xzr, src, #fBits */
+    uint32_t uImmR     = 0;
+    uint32_t uImmNandS = 0;
+    if (Armv8A64ConvertMask32ToImmRImmS(fBits, &uImmNandS, &uImmR))
+        pCodeBuf[off++] = Armv8A64MkInstrAndsImm(ARMV8_A64_REG_XZR, iGprSrc, uImmNandS, uImmR, false /*f64Bit*/);
+    else
+# ifdef IEM_WITH_THROW_CATCH
+        AssertFailedStmt(IEMNATIVE_DO_LONGJMP(NULL, VERR_IEM_IPE_9));
+# else
+        AssertReleaseFailedStmt(off = UINT32_MAX);
+# endif
+
+#else
+# error "Port me!"
+#endif
+    return off;
+}
+
+
+
+/**
+ * Emits a test for any of the bits from @a fBits in the lower 8 bits of
+ * @a iGprSrc, setting CPU flags accordingly.
+ *
+ * @note For ARM64 this only supports @a fBits values that can be expressed
+ *       using the two 6-bit immediates of the ANDS instruction.  The caller
+ *       must make sure this is possible!
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
 iemNativeEmitTestAnyBitsInGpr8Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprSrc, uint8_t fBits)
 {
     Assert(fBits != 0);
 
+#ifdef RT_ARCH_AMD64
     /* test Eb, imm8 */
-#ifdef RT_ARCH_AMD64
     if (iGprSrc >= 4)
         pCodeBuf[off++] = iGprSrc >= 8 ? X86_OP_REX_B : X86_OP_REX;
@@ -5159 +5428 @@
 
 #elif defined(RT_ARCH_ARM64)
-    /* ands xzr, src, [tmp|#imm] */
+    /* ands xzr, src, #fBits */
     uint32_t uImmR     = 0;
     uint32_t uImmNandS = 0;