Changeset 102850 in vbox

Timestamp:

Jan 12, 2024 12:47:47 AM (11 months ago)

Author:

vboxsync

Message:

VMM/IEM: Implemented the first of two code TLB lookups. bugref:10371

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/IEMAll.cpp (modified) (1 diff)
• VMMAll/IEMAllN8veRecompBltIn.cpp (modified) (5 diffs)
• VMMR3/IEMR3.cpp (modified) (1 diff)
• include/IEMInternal.h (modified) (1 diff)
• include/IEMN8veRecompilerEmit.h (modified) (4 diffs)
• include/IEMN8veRecompilerTlbLookup.h (modified) (13 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -965 +965 @@
                 iemRaisePageFaultJmp(pVCpu, GCPtrFirst, 1, IEM_ACCESS_INSTRUCTION, VERR_ACCESS_DENIED);
             }
+        }
+
+        /*
+         * Set the accessed flags.
+         * ASSUMES this is set when the address is translated rather than on commit...
+         */
+        /** @todo testcase: check when the A bit are actually set by the CPU for code. */
+        if (pTlbe->fFlagsAndPhysRev & IEMTLBE_F_PT_NO_ACCESSED)
+        {
+            int rc2 = PGMGstModifyPage(pVCpu, GCPtrFirst, 1, X86_PTE_A, ~(uint64_t)X86_PTE_A);
+            AssertRC(rc2);
+            /** @todo Nested VMX: Accessed/dirty bit currently not supported, asserted below. */
+            Assert(!(CPUMGetGuestIa32VmxEptVpidCap(pVCpu) & VMX_BF_EPT_VPID_CAP_ACCESS_DIRTY_MASK));
+            pTlbe->fFlagsAndPhysRev &= ~IEMTLBE_F_PT_NO_ACCESSED;
         }
 

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompBltIn.cpp

@@ -55 +55 @@
 #include "IEMN8veRecompiler.h"
 #include "IEMN8veRecompilerEmit.h"
+#include "IEMN8veRecompilerTlbLookup.h"
 
 
@@ -90 +91 @@
 IEM_DECL_NATIVE_HLP_DEF(RTGCPHYS, iemNativeHlpMemCodeNewPageTlbMissWithOff,(PVMCPUCC pVCpu, uint8_t offInstr))
 {
-    STAM_COUNTER_INC(&pVCpu->iem.s.StatNativeCodeTlbMissesNewPage);
+    STAM_COUNTER_INC(&pVCpu->iem.s.StatNativeCodeTlbMissesNewPageWithOffset);
     pVCpu->iem.s.pbInstrBuf       = NULL;
     pVCpu->iem.s.offCurInstrStart = GUEST_PAGE_SIZE - offInstr;
@@ -1189 +1190 @@
      * Define labels and allocate the register for holding the GCPhys of the new page.
      */
-    uint16_t const uTlbSeqNo        = pReNative->uTlbSeqNo++;
-    uint32_t const idxLabelTlbMiss  = iemNativeLabelCreate(pReNative, kIemNativeLabelType_TlbMiss, UINT32_MAX, uTlbSeqNo);
-    uint32_t const idxLabelTlbDone  = iemNativeLabelCreate(pReNative, kIemNativeLabelType_TlbDone, UINT32_MAX, uTlbSeqNo);
-    uint32_t const idxRegGCPhys     = iemNativeRegAllocTmp(pReNative, &off);
+    uint16_t const uTlbSeqNo         = pReNative->uTlbSeqNo++;
+    uint32_t const idxRegGCPhys      = iemNativeRegAllocTmp(pReNative, &off);
+    IEMNATIVEEMITTLBSTATE const TlbState(pReNative, IEM_F_MODE_X86_IS_FLAT(pReNative->fExec), &off);
+    uint32_t const idxLabelTlbLookup = !TlbState.fSkip
+                                     ? iemNativeLabelCreate(pReNative, kIemNativeLabelType_TlbLookup, UINT32_MAX, uTlbSeqNo)
+                                     : UINT32_MAX;
+
+    //off = iemNativeEmitBrk(pReNative, off, 0x1111);
 
     /*
-     * First we try to go via the TLB.
+     * Jump to the TLB lookup code.
      */
-    /** @todo  */
+    if (!TlbState.fSkip)
+        off = iemNativeEmitJmpToLabel(pReNative, off, idxLabelTlbLookup); /** @todo short jump */
 
     /*
-     * TLB miss: Call iemNativeHlpMemCodeNewPageTlbMissWithOff to do the work.
+     * TlbMiss:
+     *
+     * Call iemNativeHlpMemCodeNewPageTlbMissWithOff to do the work.
      */
-    iemNativeLabelDefine(pReNative, idxLabelTlbMiss, off);
+    uint32_t const idxLabelTlbMiss = iemNativeLabelCreate(pReNative, kIemNativeLabelType_TlbMiss, off, uTlbSeqNo);
 
     /* Save variables in volatile registers. */
-    uint32_t const fHstRegsNotToSave = /*TlbState.getRegsNotToSave() | */ RT_BIT_32(idxRegGCPhys);
+    uint32_t const fHstRegsNotToSave = TlbState.getRegsNotToSave() | RT_BIT_32(idxRegGCPhys);
     off = iemNativeVarSaveVolatileRegsPreHlpCall(pReNative, off, fHstRegsNotToSave);
 
@@ -1223 +1231 @@
     /* Restore variables and guest shadow registers to volatile registers. */
     off = iemNativeVarRestoreVolatileRegsPostHlpCall(pReNative, off, fHstRegsNotToSave);
-    off = iemNativeRegRestoreGuestShadowsInVolatileRegs(pReNative, off, 0 /*TlbState.getActiveRegsWithShadows()*/);
-
-    iemNativeLabelDefine(pReNative, idxLabelTlbDone, off);
+    off = iemNativeRegRestoreGuestShadowsInVolatileRegs(pReNative, off, TlbState.getActiveRegsWithShadows(true /*fCode*/));
+
+#ifdef IEMNATIVE_WITH_TLB_LOOKUP
+    if (!TlbState.fSkip)
+    {
+        /* end of TlbMiss - Jump to the done label. */
+        uint32_t const idxLabelTlbDone = iemNativeLabelCreate(pReNative, kIemNativeLabelType_TlbDone, UINT32_MAX, uTlbSeqNo);
+        off = iemNativeEmitJmpToLabel(pReNative, off, idxLabelTlbDone);
+
+        /*
+         * TlbLookup:
+         */
+        off = iemNativeEmitTlbLookup<false>(pReNative, off, &TlbState,
+                                            IEM_F_MODE_X86_IS_FLAT(pReNative->fExec) ? UINT8_MAX : X86_SREG_CS,
+                                            1 /*cbMem*/, 0 /*fAlignMask*/, IEM_ACCESS_TYPE_EXEC,
+                                            idxLabelTlbLookup, idxLabelTlbMiss, idxRegGCPhys, offInstr);
+
+# ifdef VBOX_WITH_STATISTICS
+        off = iemNativeEmitIncStamCounterInVCpu(pReNative, off, TlbState.idxReg1, TlbState.idxReg2,
+                                                RT_UOFFSETOF(VMCPUCC, iem.s.StatNativeCodeTlbHitsForNewPageWithOffset));
+# endif
+
+        /*
+         * TlbDone:
+         */
+        iemNativeLabelDefine(pReNative, idxLabelTlbDone, off);
+        TlbState.freeRegsAndReleaseVars(pReNative, UINT8_MAX /*idxVarGCPtrMem*/, true /*fIsCode*/);
+    }
+#else
+    RT_NOREF(idxLabelTlbMiss);
+#endif
 
     /*
@@ -1251 +1287 @@
     RT_NOREF(a_cbInstr); \
     off = iemNativeEmitBltLoadTlbAfterBranch(pReNative, off, pTb, a_idxRange)
-
-#if 0
-do { \
-        /* Is RIP within the current code page? */ \
-        Assert(pVCpu->cpum.GstCtx.cs.u64Base == 0 || !IEM_IS_64BIT_CODE(pVCpu)); \
-        uint64_t const uPc = pVCpu->cpum.GstCtx.rip + pVCpu->cpum.GstCtx.cs.u64Base; \
-        uint64_t const off = uPc - pVCpu->iem.s.uInstrBufPc; \
-        if (off < pVCpu->iem.s.cbInstrBufTotal) \
-        { \
-            Assert(!(pVCpu->iem.s.GCPhysInstrBuf & GUEST_PAGE_OFFSET_MASK)); \
-            Assert(pVCpu->iem.s.pbInstrBuf); \
-            RTGCPHYS const GCPhysRangePageWithOffset = iemTbGetRangePhysPageAddr(a_pTb, a_idxRange) \
-                                                     | pTb->aRanges[(a_idxRange)].offPhysPage; \
-            if (GCPhysRangePageWithOffset == pVCpu->iem.s.GCPhysInstrBuf + off) \
-            { /* we're good */ } \
-            else \
-            { \
-                Log7(("TB jmp miss: %p at %04x:%08RX64 LB %u; branching/1; GCPhysWithOffset=%RGp expected %RGp, pbInstrBuf=%p - #%u\n", \
-                      (a_pTb), pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, (a_cbInstr), \
-                      pVCpu->iem.s.GCPhysInstrBuf + off, GCPhysRangePageWithOffset, pVCpu->iem.s.pbInstrBuf, __LINE__)); \
-                RT_NOREF(a_cbInstr); \
-                STAM_REL_COUNTER_INC(&pVCpu->iem.s.StatCheckBranchMisses); \
-                return VINF_IEM_REEXEC_BREAK; \
-            } \
-        } \
-        else \
-        { \
-            /* Must translate new RIP. */ \
-            pVCpu->iem.s.pbInstrBuf       = NULL; \
-            pVCpu->iem.s.offCurInstrStart = 0; \
-            pVCpu->iem.s.offInstrNextByte = 0; \
-            iemOpcodeFetchBytesJmp(pVCpu, 0, NULL); \
-            Assert(!(pVCpu->iem.s.GCPhysInstrBuf & GUEST_PAGE_OFFSET_MASK) || !pVCpu->iem.s.pbInstrBuf); \
-            \
-            RTGCPHYS const GCPhysRangePageWithOffset = iemTbGetRangePhysPageAddr(a_pTb, a_idxRange) \
-                                                     | pTb->aRanges[(a_idxRange)].offPhysPage; \
-            uint64_t const offNew                    = uPc - pVCpu->iem.s.uInstrBufPc; \
-            if (   GCPhysRangePageWithOffset == pVCpu->iem.s.GCPhysInstrBuf + offNew \
-                && pVCpu->iem.s.pbInstrBuf) \
-            { /* likely */ } \
-            else \
-            { \
-                Log7(("TB jmp miss: %p at %04x:%08RX64 LB %u; branching/2; GCPhysWithOffset=%RGp expected %RGp, pbInstrBuf=%p - #%u\n", \
-                      (a_pTb), pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, (a_cbInstr), \
-                      pVCpu->iem.s.GCPhysInstrBuf + offNew, GCPhysRangePageWithOffset, pVCpu->iem.s.pbInstrBuf, __LINE__)); \
-                RT_NOREF(a_cbInstr); \
-                STAM_REL_COUNTER_INC(&pVCpu->iem.s.StatCheckBranchMisses); \
-                return VINF_IEM_REEXEC_BREAK; \
-            } \
-        } \
-    } while(0)
-#endif
 
 DECL_FORCE_INLINE(uint32_t)

trunk/src/VBox/VMM/VMMR3/IEMR3.cpp

@@ -343 +343 @@
 #  ifdef VBOX_WITH_IEM_NATIVE_RECOMPILER
         STAMR3RegisterF(pVM, (void *)&pVCpu->iem.s.StatNativeCodeTlbMissesNewPage, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
-                        "Code TLB native misses on new page",       "/IEM/CPU%u/CodeTlb-Misses-New-Page", idCpu);
+                        "Code TLB native misses on new page",           "/IEM/CPU%u/CodeTlb-Misses-New-Page", idCpu);
+        STAMR3RegisterF(pVM, (void *)&pVCpu->iem.s.StatNativeCodeTlbMissesNewPageWithOffset, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Code TLB native misses on new page w/ offset", "/IEM/CPU%u/CodeTlb-Misses-New-Page-With-Offset", idCpu);
+        STAMR3RegisterF(pVM, (void *)&pVCpu->iem.s.StatNativeCodeTlbHitsForNewPage, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Code TLB native hits on new page",   "/IEM/CPU%u/CodeTlb-Hits-New-Page", idCpu);
+        STAMR3RegisterF(pVM, (void *)&pVCpu->iem.s.StatNativeCodeTlbHitsForNewPageWithOffset, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Code TLB native hits on new page /w offset",   "/IEM/CPU%u/CodeTlb-Hits-New-Page-With-Offset", idCpu);
 #  endif
 # endif

trunk/src/VBox/VMM/include/IEMInternal.h

@@ -1745 +1745 @@
     /** Native recompiled execution: Code TLB misses for new page. */
     STAMCOUNTER             StatNativeCodeTlbMissesNewPage;
-    uint64_t                au64Padding[6];
+    /** Native recompiled execution: Code TLB hits for new page. */
+    STAMCOUNTER             StatNativeCodeTlbHitsForNewPage;
+    /** Native recompiled execution: Code TLB misses for new page with offset. */
+    STAMCOUNTER             StatNativeCodeTlbMissesNewPageWithOffset;
+    /** Native recompiled execution: Code TLB hits for new page with offset. */
+    STAMCOUNTER             StatNativeCodeTlbHitsForNewPageWithOffset;
+    uint64_t                au64Padding[3];
     /** @} */
 

trunk/src/VBox/VMM/include/IEMN8veRecompilerEmit.h

@@ -710 +710 @@
  * Emits a store of a GPR value to a 64-bit VCpu field.
  */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitStoreGprToVCpuU64Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGpr, uint32_t offVCpu,
+                                 uint8_t iGprTmp = UINT8_MAX)
+{
+#ifdef RT_ARCH_AMD64
+    /* mov mem64, reg64 */
+    if (iGpr < 8)
+        pCodeBuf[off++] = X86_OP_REX_W;
+    else
+        pCodeBuf[off++] = X86_OP_REX_W | X86_OP_REX_R;
+    pCodeBuf[off++] = 0x89;
+    off = iemNativeEmitGprByVCpuDisp(pCodeBuf, off, iGpr, offVCpu);
+    RT_NOREF(iGprTmp);
+
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitGprByVCpuLdStEx(pReNative, off, iGpr, offVCpu, kArmv8A64InstrLdStType_St_Dword, sizeof(uint64_t), iGprTmp);
+
+#else
+# error "port me"
+#endif
+    return off;
+}
+
+
+/**
+ * Emits a store of a GPR value to a 64-bit VCpu field.
+ */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitStoreGprToVCpuU64(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGpr, uint32_t offVCpu)
 {
 #ifdef RT_ARCH_AMD64
-    /* mov mem64, reg64 */
-    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 7);
-    if (iGpr < 8)
-        pbCodeBuf[off++] = X86_OP_REX_W;
-    else
-        pbCodeBuf[off++] = X86_OP_REX_W | X86_OP_REX_R;
-    pbCodeBuf[off++] = 0x89;
-    off = iemNativeEmitGprByVCpuDisp(pbCodeBuf,off,iGpr, offVCpu);
-    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
-
-#elif defined(RT_ARCH_ARM64)
-    off = iemNativeEmitGprByVCpuLdSt(pReNative, off, iGpr, offVCpu, kArmv8A64InstrLdStType_St_Dword, sizeof(uint64_t));
-
-#else
-# error "port me"
-#endif
+    off = iemNativeEmitStoreGprToVCpuU64Ex(iemNativeInstrBufEnsure(pReNative, off, 7), off, iGpr, offVCpu);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitStoreGprToVCpuU64Ex(iemNativeInstrBufEnsure(pReNative, off, 5), off, iGpr, offVCpu,
+                                           IEMNATIVE_REG_FIXED_TMP0);
+#else
+# error "port me"
+#endif
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
     return off;
 }
@@ -802 +821 @@
 #elif defined(RT_ARCH_ARM64)
     off = iemNativeEmitGprByVCpuLdSt(pReNative, off, iGpr, offVCpu, kArmv8A64InstrLdStType_St_Byte, sizeof(uint8_t));
+
+#else
+# error "port me"
+#endif
+    return off;
+}
+
+
+/**
+ * Emits a store of an immediate value to a 16-bit VCpu field.
+ *
+ * @note ARM64: A idxTmp1 is always required! The idxTmp2 depends on whehter the
+ *       offset can be encoded as an immediate or not.  The @a offVCpu immediate
+ *       range is 0..8190 bytes from VMCPU and the same from CPUMCPU.
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitStoreImmToVCpuU16Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint16_t uImm, uint32_t offVCpu,
+                                 uint8_t idxTmp1 = UINT8_MAX, uint8_t idxTmp2 = UINT8_MAX)
+{
+#ifdef RT_ARCH_AMD64
+    /* mov mem16, imm16 */
+    pCodeBuf[off++] = X86_OP_PRF_SIZE_OP;
+    pCodeBuf[off++] = 0xc7;
+    off = iemNativeEmitGprByVCpuDisp(pCodeBuf, off, 0, offVCpu);
+    pCodeBuf[off++] = RT_BYTE1(uImm);
+    pCodeBuf[off++] = RT_BYTE2(uImm);
+    RT_NOREF(idxTmp1, idxTmp2);
+
+#elif defined(RT_ARCH_ARM64)
+    if (idxTmp1 != UINT8_MAX)
+    {
+        pCodeBuf[off++] = Armv8A64MkInstrMovZ(idxTmp1, uImm);
+        off = iemNativeEmitGprByVCpuLdStEx(pCodeBuf, off, idxTmp1, offVCpu, kArmv8A64InstrLdStType_St_Half,
+                                           sizeof(uint16_t), idxTmp2);
+    }
+    else
+# ifdef IEM_WITH_THROW_CATCH
+        AssertFailedStmt(IEMNATIVE_DO_LONGJMP(NULL, VERR_IEM_IPE_9));
+# else
+        AssertReleaseFailedStmt(off = UINT32_MAX);
+# endif
 
 #else
@@ -3857 +3917 @@
  *       and ARM64 hosts.
  */
-DECL_INLINE_THROW(uint32_t)
-iemNativeEmitAndGprByGpr(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc, bool fSetFlags = false)
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitAndGprByGprEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc, bool fSetFlags = false)
 {
 #if defined(RT_ARCH_AMD64)
     /* and Gv, Ev */
-    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
-    pbCodeBuf[off++] = X86_OP_REX_W | (iGprDst < 8 ? 0 : X86_OP_REX_R) | (iGprSrc < 8 ? 0 : X86_OP_REX_B);
-    pbCodeBuf[off++] = 0x23;
-    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprSrc & 7);
+    pCodeBuf[off++] = X86_OP_REX_W | (iGprDst < 8 ? 0 : X86_OP_REX_R) | (iGprSrc < 8 ? 0 : X86_OP_REX_B);
+    pCodeBuf[off++] = 0x23;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprSrc & 7);
     RT_NOREF(fSetFlags);
 
 #elif defined(RT_ARCH_ARM64)
-    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
     if (!fSetFlags)
-        pu32CodeBuf[off++] = Armv8A64MkInstrAnd(iGprDst, iGprDst, iGprSrc);
-    else
-        pu32CodeBuf[off++] = Armv8A64MkInstrAnds(iGprDst, iGprDst, iGprSrc);
-
+        pCodeBuf[off++] = Armv8A64MkInstrAnd(iGprDst, iGprDst, iGprSrc);
+    else
+        pCodeBuf[off++] = Armv8A64MkInstrAnds(iGprDst, iGprDst, iGprSrc);
+
+#else
+# error "Port me"
+#endif
+    return off;
+}
+
+
+/**
+ * Emits code for AND'ing two 64-bit GPRs.
+ *
+ * @note When fSetFlags=true, JZ/JNZ jumps can be used afterwards on both AMD64
+ *       and ARM64 hosts.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitAndGprByGpr(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc, bool fSetFlags = false)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitAndGprByGprEx(iemNativeInstrBufEnsure(pReNative, off, 3), off, iGprDst, iGprSrc, fSetFlags);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitAndGprByGprEx(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst, iGprSrc, fSetFlags);
 #else
 # error "Port me"
@@ -4087 +4165 @@
 }
 
+
+/**
+ * Emits code for AND'ing an 64-bit GPRs with a constant.
+ *
+ * @note For ARM64 any complicated immediates w/o a AND/ANDS compatible
+ *       encoding will assert / throw exception if @a iGprDst and @a iGprSrc are
+ *       the same.
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitGprEqGprAndImmEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc, uint64_t uImm,
+                              bool fSetFlags = false)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitLoadGprImmEx(pCodeBuf, off, iGprDst, uImm);
+    off = iemNativeEmitAndGprByGprEx(pCodeBuf, off, iGprDst, iGprSrc);
+    RT_NOREF(fSetFlags);
+
+#elif defined(RT_ARCH_ARM64)
+    uint32_t uImmR     = 0;
+    uint32_t uImmNandS = 0;
+    if (Armv8A64ConvertMask64ToImmRImmS(uImm, &uImmNandS, &uImmR))
+    {
+        if (!fSetFlags)
+            pCodeBuf[off++] = Armv8A64MkInstrAndImm(iGprDst, iGprSrc, uImmNandS, uImmR);
+        else
+            pCodeBuf[off++] = Armv8A64MkInstrAndsImm(iGprDst, iGprSrc, uImmNandS, uImmR);
+    }
+    else if (iGprDst != iGprSrc)
+    {
+        off = iemNativeEmitLoadGprImmEx(pCodeBuf, off, iGprDst, uImm);
+        off = iemNativeEmitAndGprByGprEx(pCodeBuf, off, iGprDst, iGprSrc, fSetFlags);
+    }
+    else
+# ifdef IEM_WITH_THROW_CATCH
+        AssertFailedStmt(IEMNATIVE_DO_LONGJMP(NULL, VERR_IEM_IPE_9));
+# else
+        AssertReleaseFailedStmt(off = UINT32_MAX);
+# endif
+
+#else
+# error "Port me"
+#endif
+    return off;
+}
 
 /**

trunk/src/VBox/VMM/include/IEMN8veRecompilerTlbLookup.h

@@ -160 +160 @@
     }
 
-    void freeRegsAndReleaseVars(PIEMRECOMPILERSTATE a_pReNative, uint8_t idxVarGCPtrMem = UINT8_MAX) const
-    {
-        if (idxRegPtr != UINT8_MAX)
-        {
-            if (idxRegPtrHlp == UINT8_MAX)
+    /* Alternative constructor for the code TLB lookups where we implictly use RIP
+       variable, only a register derived from the guest RSP. */
+    IEMNATIVEEMITTLBSTATE(PIEMRECOMPILERSTATE a_pReNative, bool a_fFlat, uint32_t *a_poff)
+#ifdef IEMNATIVE_WITH_TLB_LOOKUP
+        :           fSkip(false)
+#else
+        :           fSkip(true)
+#endif
+        ,    idxRegPtrHlp(UINT8_MAX)
+        ,       idxRegPtr(iemNativeRegAllocTmpForGuestReg(a_pReNative, a_poff, kIemNativeGstReg_Pc))
+        ,   idxRegSegBase(a_fFlat || fSkip
+                          ? UINT8_MAX
+                          : iemNativeRegAllocTmpForGuestReg(a_pReNative, a_poff, IEMNATIVEGSTREG_SEG_BASE(X86_SREG_CS)))
+        ,  idxRegSegLimit(/*a_fFlat || fSkip
+                          ? UINT8_MAX
+                          : iemNativeRegAllocTmpForGuestReg(a_pReNative, a_poff, IEMNATIVEGSTREG_SEG_LIMIT(X86_SREG_CS))*/
+                          UINT8_MAX)
+        , idxRegSegAttrib(UINT8_MAX)
+        ,         idxReg1(!fSkip ? iemNativeRegAllocTmp(a_pReNative, a_poff) : UINT8_MAX)
+        ,         idxReg2(!fSkip ? iemNativeRegAllocTmp(a_pReNative, a_poff) : UINT8_MAX)
+#if defined(RT_ARCH_ARM64)
+        ,         idxReg3(!fSkip ? iemNativeRegAllocTmp(a_pReNative, a_poff) : UINT8_MAX)
+#endif
+        ,         uAbsPtr(UINT64_MAX)
+
+    {
+    }
+
+    void freeRegsAndReleaseVars(PIEMRECOMPILERSTATE a_pReNative, uint8_t idxVarGCPtrMem = UINT8_MAX, bool fIsCode = false) const
+    {
+        if (!fIsCode)
+        {
+            if (idxRegPtr != UINT8_MAX)
             {
-                if (idxVarGCPtrMem != UINT8_MAX)
-                    iemNativeVarRegisterRelease(a_pReNative, idxVarGCPtrMem);
+                if (idxRegPtrHlp == UINT8_MAX)
+                {
+                    if (idxVarGCPtrMem != UINT8_MAX)
+                        iemNativeVarRegisterRelease(a_pReNative, idxVarGCPtrMem);
+                }
+                else
+                {
+                    Assert(idxRegPtrHlp == idxRegPtr);
+                    iemNativeRegFreeTmpImm(a_pReNative, idxRegPtrHlp);
+                }
             }
             else
-            {
-                Assert(idxRegPtrHlp == idxRegPtr);
-                iemNativeRegFreeTmpImm(a_pReNative, idxRegPtrHlp);
-            }
-        }
-        else
+                Assert(idxRegPtrHlp == UINT8_MAX);
+        }
+        else
+        {
+            Assert(idxVarGCPtrMem == UINT8_MAX);
             Assert(idxRegPtrHlp == UINT8_MAX);
+            iemNativeRegFreeTmp(a_pReNative, idxRegPtr); /* RIP */
+        }
         if (idxRegSegBase != UINT8_MAX)
             iemNativeRegFreeTmp(a_pReNative, idxRegSegBase);
         if (idxRegSegLimit != UINT8_MAX)
-        {
             iemNativeRegFreeTmp(a_pReNative, idxRegSegLimit);
+        if (idxRegSegAttrib != UINT8_MAX)
             iemNativeRegFreeTmp(a_pReNative, idxRegSegAttrib);
-        }
-        else
-            Assert(idxRegSegAttrib == UINT8_MAX);
 #if defined(RT_ARCH_ARM64)
         iemNativeRegFreeTmp(a_pReNative, idxReg3);
@@ -207 +241 @@
 
     /** This is only for avoid assertions. */
-    uint32_t getActiveRegsWithShadows() const
+    uint32_t getActiveRegsWithShadows(bool fCode = false) const
     {
 #ifdef VBOX_STRICT
         if (!fSkip)
-            return RT_BIT_32(idxRegSegBase) | RT_BIT_32(idxRegSegLimit) | RT_BIT_32(idxRegSegAttrib);
+            return (idxRegSegBase   != UINT8_MAX ? RT_BIT_32(idxRegSegBase)   : 0)
+                 | (idxRegSegLimit  != UINT8_MAX ? RT_BIT_32(idxRegSegLimit)  : 0)
+                 | (idxRegSegAttrib != UINT8_MAX ? RT_BIT_32(idxRegSegAttrib) : 0)
+                 | (fCode                        ? RT_BIT_32(idxRegPtr)       : 0);
 #endif
         return 0;
@@ -229 +266 @@
 {
     Assert(!pTlbState->fSkip);
+    uint32_t const   offVCpuTlb = a_fDataTlb ? RT_UOFFSETOF(VMCPUCC, iem.s.DataTlb) : RT_UOFFSETOF(VMCPUCC, iem.s.CodeTlb);
 # if defined(RT_ARCH_AMD64)
-    uint8_t * const  pCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 512);
+    uint8_t * const  pCodeBuf   = iemNativeInstrBufEnsure(pReNative, off, 512);
 # elif defined(RT_ARCH_ARM64)
-    uint32_t * const pCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 64);
+    uint32_t * const pCodeBuf   = iemNativeInstrBufEnsure(pReNative, off, 64);
 # endif
 
@@ -296 +334 @@
      *
      * 1a. Check segment limit and attributes if non-flat 32-bit code.  This is complicated.
-     */
-    if (iSegReg != UINT8_MAX && (pReNative->fExec & IEM_F_MODE_CPUMODE_MASK) != IEMMODE_64BIT)
+     *
+     *     This can be skipped for code TLB lookups because limit is checked by jmp, call,
+     *     ret, and iret prior to making it.  It is also checked by the helpers prior to
+     *     doing TLB loading.
+     */
+    if (a_fDataTlb && iSegReg != UINT8_MAX && (pReNative->fExec & IEM_F_MODE_CPUMODE_MASK) != IEMMODE_64BIT)
     {
         /* Check that we've got a segment loaded and that it allows the access.
@@ -539 +581 @@
     pCodeBuf[off++] = pTlbState->idxReg1 < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_R;
     pCodeBuf[off++] = 0x0b; /* OR r64,r/m64 */
-    off = iemNativeEmitGprByVCpuDisp(pCodeBuf, off, pTlbState->idxReg1, RT_UOFFSETOF(VMCPUCC, iem.s.DataTlb.uTlbRevision));
+    off = iemNativeEmitGprByVCpuDisp(pCodeBuf, off, pTlbState->idxReg1, offVCpuTlb + RT_UOFFSETOF(IEMTLB, uTlbRevision));
 # else
-    off = iemNativeEmitLoadGprFromVCpuU64Ex(pCodeBuf, off, pTlbState->idxReg3, RT_UOFFSETOF(VMCPUCC, iem.s.DataTlb.uTlbRevision));
+    off = iemNativeEmitLoadGprFromVCpuU64Ex(pCodeBuf, off, pTlbState->idxReg3, offVCpuTlb + RT_UOFFSETOF(IEMTLB, uTlbRevision));
     off = iemNativeEmitOrGprByGprEx(pCodeBuf, off, pTlbState->idxReg1, pTlbState->idxReg3);
 # endif
@@ -548 +590 @@
      * 3b. Calc pTlbe.
      */
+    uint32_t const offTlbEntries = offVCpuTlb + RT_UOFFSETOF(IEMTLB, aEntries);
 # if defined(RT_ARCH_AMD64)
     /* movzx reg2, byte reg1 */
@@ -560 +603 @@
     pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_MEM4, pTlbState->idxReg2 & 7, 4 /*SIB*/);
     pCodeBuf[off++] = X86_SIB_MAKE(IEMNATIVE_REG_FIXED_PVMCPU & 7, pTlbState->idxReg2 & 7, 0);
-    pCodeBuf[off++] = RT_BYTE1(RT_UOFFSETOF(VMCPUCC,  iem.s.DataTlb.aEntries));
-    pCodeBuf[off++] = RT_BYTE2(RT_UOFFSETOF(VMCPUCC,  iem.s.DataTlb.aEntries));
-    pCodeBuf[off++] = RT_BYTE3(RT_UOFFSETOF(VMCPUCC,  iem.s.DataTlb.aEntries));
-    pCodeBuf[off++] = RT_BYTE4(RT_UOFFSETOF(VMCPUCC,  iem.s.DataTlb.aEntries));
+    pCodeBuf[off++] = RT_BYTE1(offTlbEntries);
+    pCodeBuf[off++] = RT_BYTE2(offTlbEntries);
+    pCodeBuf[off++] = RT_BYTE3(offTlbEntries);
+    pCodeBuf[off++] = RT_BYTE4(offTlbEntries);
 
 # elif defined(RT_ARCH_ARM64)
@@ -569 +612 @@
     pCodeBuf[off++] = Armv8A64MkInstrUbfiz(pTlbState->idxReg2, pTlbState->idxReg1, 5, 8);
     /* reg2 += offsetof(VMCPUCC, iem.s.DataTlb.aEntries) */
-    off = iemNativeEmitAddGprImmEx(pCodeBuf, off, pTlbState->idxReg2, RT_UOFFSETOF(VMCPUCC, iem.s.DataTlb.aEntries),
-                                   pTlbState->idxReg3 /*iGprTmp*/);
+    off = iemNativeEmitAddGprImmEx(pCodeBuf, off, pTlbState->idxReg2, offTlbEntries, pTlbState->idxReg3 /*iGprTmp*/);
     /* reg2 += pVCpu */
     off = iemNativeEmitAddTwoGprsEx(pCodeBuf, off, pTlbState->idxReg2, IEMNATIVE_REG_FIXED_PVMCPU);
@@ -602 +644 @@
     uint64_t       fTlbe   = IEMTLBE_F_PHYS_REV | IEMTLBE_F_NO_MAPPINGR3 | IEMTLBE_F_PG_UNASSIGNED | IEMTLBE_F_PT_NO_ACCESSED
                            | fNoUser;
+    if (fAccess & IEM_ACCESS_TYPE_EXEC)
+        fTlbe |= IEMTLBE_F_PT_NO_EXEC /*| IEMTLBE_F_PG_NO_READ?*/;
     if (fAccess & IEM_ACCESS_TYPE_READ)
         fTlbe |= IEMTLBE_F_PG_NO_READ;
@@ -618 +662 @@
     pCodeBuf[off++] = 0x3b;
     off = iemNativeEmitGprByGprDisp(pCodeBuf, off, pTlbState->idxReg1, IEMNATIVE_REG_FIXED_PVMCPU,
-                                    RT_UOFFSETOF(VMCPUCC, iem.s.DataTlb.uTlbPhysRev));
+                                    offVCpuTlb + RT_UOFFSETOF(IEMTLB, uTlbPhysRev));
 # elif defined(RT_ARCH_ARM64)
     off = iemNativeEmitLoadGprByGprU64Ex(pCodeBuf, off, pTlbState->idxReg3, pTlbState->idxReg2,
                                          RT_UOFFSETOF(IEMTLBENTRY, fFlagsAndPhysRev));
     pCodeBuf[off++] = Armv8A64MkInstrAnd(pTlbState->idxReg1, pTlbState->idxReg1, pTlbState->idxReg3);
-    off = iemNativeEmitLoadGprFromVCpuU64Ex(pCodeBuf, off, pTlbState->idxReg3, RT_UOFFSETOF(VMCPUCC, iem.s.DataTlb.uTlbPhysRev));
+    off = iemNativeEmitLoadGprFromVCpuU64Ex(pCodeBuf, off, pTlbState->idxReg3, offVCpuTlb + RT_UOFFSETOF(IEMTLB, uTlbPhysRev));
     off = iemNativeEmitCmpGprWithGprEx(pCodeBuf, off, pTlbState->idxReg1, pTlbState->idxReg3);
 # else
@@ -634 +678 @@
      * 5. Check that pbMappingR3 isn't NULL (paranoia) and calculate the
      *    resulting pointer.
+     *
+     *    For code TLB lookups we have some more work to do here to set various
+     *    IEMCPU members and we return a GCPhys address rather than a host pointer.
      */
     /* mov  reg1, [reg2->pbMappingR3] */
@@ -643 +690 @@
                                                       true /*f64Bit*/, idxLabelTlbMiss);
 
-    if (idxRegFlatPtr == idxRegMemResult) /* See step 1b. */
-    {
-        /* and result, 0xfff */
-        off = iemNativeEmitAndGpr32ByImmEx(pCodeBuf, off, idxRegMemResult, GUEST_PAGE_OFFSET_MASK);
+    if (a_fDataTlb)
+    {
+        if (idxRegFlatPtr == idxRegMemResult) /* See step 1b. */
+        {
+            /* and result, 0xfff */
+            off = iemNativeEmitAndGpr32ByImmEx(pCodeBuf, off, idxRegMemResult, GUEST_PAGE_OFFSET_MASK);
+        }
+        else
+        {
+            Assert(idxRegFlatPtr == pTlbState->idxRegPtr);
+            /* result = regflat & 0xfff */
+            off = iemNativeEmitGpr32EqGprAndImmEx(pCodeBuf, off, idxRegMemResult, idxRegFlatPtr, GUEST_PAGE_OFFSET_MASK);
+        }
+
+        /* add result, reg1 */
+        off = iemNativeEmitAddTwoGprsEx(pCodeBuf, off, idxRegMemResult, pTlbState->idxReg1);
     }
     else
     {
-        Assert(idxRegFlatPtr == pTlbState->idxRegPtr);
-        /* result = regflat & 0xfff */
-        off = iemNativeEmitGpr32EqGprAndImmEx(pCodeBuf, off, idxRegMemResult, idxRegFlatPtr, GUEST_PAGE_OFFSET_MASK);
-    }
-    /* add result, reg1 */
-    off = iemNativeEmitAddTwoGprsEx(pCodeBuf, off, idxRegMemResult, pTlbState->idxReg1);
+        /*
+         * Code TLB use a la iemOpcodeFetchBytesJmp - keep reg2 pointing to the TLBE.
+         *
+         * Note. We do not need to set offCurInstrStart or offInstrNextByte.
+         */
+# ifdef RT_ARCH_AMD64
+        uint8_t const idxReg3 = UINT8_MAX;
+# else
+        uint8_t const idxReg3 = pTlbState->idxReg3;
+# endif
+        /* Set pbInstrBuf first since we've got it loaded already. */
+        off = iemNativeEmitStoreGprToVCpuU64Ex(pCodeBuf, off, pTlbState->idxReg1,
+                                               RT_UOFFSETOF(VMCPUCC, iem.s.pbInstrBuf), idxReg3);
+        /* Set uInstrBufPc to (FlatPC & ~GUEST_PAGE_OFFSET_MASK). */
+        off = iemNativeEmitGprEqGprAndImmEx(pCodeBuf, off, pTlbState->idxReg1, idxRegFlatPtr, ~(RTGCPTR)GUEST_PAGE_OFFSET_MASK);
+        off = iemNativeEmitStoreGprToVCpuU64Ex(pCodeBuf, off, pTlbState->idxReg1,
+                                               RT_UOFFSETOF(VMCPUCC, iem.s.uInstrBufPc), idxReg3);
+        /* Set cbInstrBufTotal to GUEST_PAGE_SIZE. */ /** @todo this is a simplifications. Calc right size using CS.LIM and EIP? */
+        off = iemNativeEmitStoreImmToVCpuU16Ex(pCodeBuf, off, GUEST_PAGE_SIZE, RT_UOFFSETOF(VMCPUCC, iem.s.cbInstrBufTotal),
+                                               pTlbState->idxReg1, idxReg3);
+        /* Now set GCPhysInstrBuf last as we'll be returning it in idxRegMemResult. */
+        off = iemNativeEmitLoadGprByGprU64Ex(pCodeBuf, off, pTlbState->idxReg1,
+                                             pTlbState->idxReg2, RT_UOFFSETOF(IEMTLBENTRY, GCPhys));
+        off = iemNativeEmitStoreGprToVCpuU64Ex(pCodeBuf, off, pTlbState->idxReg1,
+                                               RT_UOFFSETOF(VMCPUCC, iem.s.GCPhysInstrBuf), idxReg3);
+        /* Set idxRegMemResult. */
+        if (idxRegFlatPtr == idxRegMemResult) /* See step 1b. */
+            off = iemNativeEmitAndGpr32ByImmEx(pCodeBuf, off, idxRegMemResult, GUEST_PAGE_OFFSET_MASK);
+        else
+            off = iemNativeEmitGpr32EqGprAndImmEx(pCodeBuf, off, idxRegMemResult, idxRegFlatPtr, GUEST_PAGE_OFFSET_MASK);
+        off = iemNativeEmitAddTwoGprsEx(pCodeBuf, off, idxRegMemResult, pTlbState->idxReg1);
+    }
 
 # if 0
@@ -665 +750 @@
      */
 #  ifdef RT_ARCH_AMD64
-    /* push     seg | (cbMem << 8) | (fAccess << 16) */
-    pCodeBuf[off++] = 0x68;
-    pCodeBuf[off++] = iSegReg;
-    pCodeBuf[off++] = cbMem;
-    pCodeBuf[off++] = RT_BYTE1(fAccess);
-    pCodeBuf[off++] = RT_BYTE2(fAccess);
-    /* push     pTlbState->idxRegPtr / immediate address. */
-    if (pTlbState->idxRegPtr != UINT8_MAX)
-    {
-        if (pTlbState->idxRegPtr >= 8)
+    if (a_fDataTlb)
+    {
+        /* push     seg | (cbMem << 8) | (fAccess << 16) */
+        pCodeBuf[off++] = 0x68;
+        pCodeBuf[off++] = iSegReg;
+        pCodeBuf[off++] = cbMem;
+        pCodeBuf[off++] = RT_BYTE1(fAccess);
+        pCodeBuf[off++] = RT_BYTE2(fAccess);
+        /* push     pTlbState->idxRegPtr / immediate address. */
+        if (pTlbState->idxRegPtr != UINT8_MAX)
+        {
+            if (pTlbState->idxRegPtr >= 8)
+                pCodeBuf[off++] = X86_OP_REX_B;
+            pCodeBuf[off++] = 0x50 + (pTlbState->idxRegPtr & 7);
+        }
+        else
+        {
+            off = iemNativeEmitLoadGprImmEx(pCodeBuf, off, pTlbState->idxReg1, pTlbState->uAbsPtr);
+            if (pTlbState->idxReg1 >= 8)
+                pCodeBuf[off++] = X86_OP_REX_B;
+            pCodeBuf[off++] = 0x50 + (pTlbState->idxReg1 & 7);
+        }
+        /* push     idxRegMemResult */
+        if (idxRegMemResult >= 8)
             pCodeBuf[off++] = X86_OP_REX_B;
-        pCodeBuf[off++] = 0x50 + (pTlbState->idxRegPtr & 7);
-    }
-    else
-    {
-        off = iemNativeEmitLoadGprImmEx(pCodeBuf, off, pTlbState->idxReg1, pTlbState->uAbsPtr);
-        if (pTlbState->idxReg1 >= 8)
-            pCodeBuf[off++] = X86_OP_REX_B;
-        pCodeBuf[off++] = 0x50 + (pTlbState->idxReg1 & 7);
-    }
-    /* push     idxRegMemResult */
-    if (idxRegMemResult >= 8)
-        pCodeBuf[off++] = X86_OP_REX_B;
-    pCodeBuf[off++] = 0x50 + (idxRegMemResult & 7);
-    /* push     pVCpu */
-    pCodeBuf[off++] = 0x50 + IEMNATIVE_REG_FIXED_PVMCPU;
-    /* mov      reg1, helper */
-    off = iemNativeEmitLoadGprImmEx(pCodeBuf, off, pTlbState->idxReg1, (uintptr_t)iemNativeHlpAsmSafeWrapCheckTlbLookup);
-    /* call     [reg1] */
-    pCodeBuf[off++] = X86_OP_REX_W | (pTlbState->idxReg1 < 8 ? 0 : X86_OP_REX_B);
-    pCodeBuf[off++] = 0xff;
-    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 2, pTlbState->idxReg1 & 7);
-    /* The stack is cleaned up by helper function. */
+        pCodeBuf[off++] = 0x50 + (idxRegMemResult & 7);
+        /* push     pVCpu */
+        pCodeBuf[off++] = 0x50 + IEMNATIVE_REG_FIXED_PVMCPU;
+        /* mov      reg1, helper */
+        off = iemNativeEmitLoadGprImmEx(pCodeBuf, off, pTlbState->idxReg1, (uintptr_t)iemNativeHlpAsmSafeWrapCheckTlbLookup);
+        /* call     [reg1] */
+        pCodeBuf[off++] = X86_OP_REX_W | (pTlbState->idxReg1 < 8 ? 0 : X86_OP_REX_B);
+        pCodeBuf[off++] = 0xff;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 2, pTlbState->idxReg1 & 7);
+        /* The stack is cleaned up by helper function. */
+    }
 
 #  else