Changeset 103376 in vbox

Timestamp:

Feb 15, 2024 1:09:23 AM (10 months ago)

Author:

vboxsync

Message:

VMM/IEM: Experimental alternative to throw/longjmp when executing native TBs. bugref:10370

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/IEMAllN8veHlpA.asm (modified) (1 diff)
• VMMAll/IEMAllN8veRecompiler.cpp (modified) (2 diffs)
• VMMAll/IEMAllThrdRecompiler.cpp (modified) (2 diffs)
• include/IEMInternal.h (modified) (5 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAllN8veHlpA.asm

@@ -37 +37 @@
 extern NAME(iemThreadedFunc_BltIn_LogCpuStateWorker)
 extern NAME(iemNativeHlpCheckTlbLookup)
+
+
+;;
+; This does the epilogue of a TB, given the RBP for the frame and eax value to return.
+;
+; @param    pFrame  (gcc:rdi, msc:rcx)  The frame pointer.
+; @param    rc      (gcc:esi, msc:edx)  The return value.
+;
+; @note This doesn't really work for MSC since xmm6 thru xmm15 are non-volatile
+;       and since we don't save them in the TB prolog we'll potentially return
+;       with different values if any functions on the calling stack uses them
+;       as they're unlikely to restore them till they return.
+;
+;       For the GCC calling convention all xmm registers are volatile and the
+;       only worry would be someone fiddling the control bits of MXCSR or FCW
+;       without restoring them.  This is highly unlikely, unless we're doing
+;       it ourselves, I think.
+;
+BEGINPROC   iemNativeTbLongJmp
+%ifdef ASM_CALL64_MSC
+        mov     rbp, rcx
+        mov     eax, edx
+%else
+        mov     rbp, rdi
+        mov     eax, esi
+%endif
+        SEH64_PUSH_xBP      ; non-sense, but whatever.
+SEH64_END_PROLOGUE
+
+        ;
+        ; This must exactly match what iemNativeEmitEpilog does.
+        ;
+%ifdef ASM_CALL64_MSC
+        lea     rsp, [rbp - 5 * 8]
+%else
+        lea     rsp, [rbp - 7 * 8]
+%endif
+        pop     r15
+        pop     r14
+        pop     r13
+        pop     r12
+%ifdef ASM_CALL64_MSC
+        pop     rdi
+        pop     rsi
+%endif
+        pop     rbx
+        leave
+        ret
+ENDPROC     iemNativeTbLongJmp
+
 
 

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompiler.cpp

@@ -5948 +5948 @@
     pbCodeBuf[off++] = 0x50 + X86_GREG_x15 - 8;
 
+# ifdef VBOX_WITH_IEM_NATIVE_RECOMPILER_LONGJMP
+    /* Save the frame pointer. */
+    off = iemNativeEmitStoreGprToVCpuU64Ex(pbCodeBuf, off, X86_GREG_xBP, RT_UOFFSETOF(VMCPUCC, iem.s.pvTbFramePointerR3));
+# endif
+
     off = iemNativeEmitSubGprImm(pReNative, off,    /* sub rsp, byte 28h */
                                  X86_GREG_xSP,
@@ -6002 +6007 @@
     /* mov r27, r1  */
     off = iemNativeEmitLoadGprFromGpr(pReNative, off, IEMNATIVE_REG_FIXED_PCPUMCTX, IEMNATIVE_CALL_ARG1_GREG);
+
+# ifdef VBOX_WITH_IEM_NATIVE_RECOMPILER_LONGJMP
+    /* Save the frame pointer. */
+    off = iemNativeEmitStoreGprToVCpuU64Ex(pbCodeBuf, off, ARMV8_A64_REG_BP, RT_UOFFSETOF(VMCPUCC, iem.s.pvTbFramePointerR3),
+                                           ARMV8_A64_REG_X2);
+# endif
 
 #else

trunk/src/VBox/VMM/VMMAll/IEMAllThrdRecompiler.cpp

@@ -2485 +2485 @@
         VBOXSTRICTRC const rcStrict = ((PFNIEMTBNATIVE)pTb->Native.paInstructions)(pVCpu, &pVCpu->cpum.GstCtx);
 # endif
+# ifdef VBOX_WITH_IEM_NATIVE_RECOMPILER_LONGJMP
+        pVCpu->iem.s.pvTbFramePointerR3 = NULL;
+# endif
         if (RT_LIKELY(   rcStrict == VINF_SUCCESS
                       && pVCpu->iem.s.rcPassUp == VINF_SUCCESS /** @todo this isn't great. */))
@@ -2736 +2739 @@
         {
             pVCpu->iem.s.cLongJumps++;
+#ifdef VBOX_WITH_IEM_NATIVE_RECOMPILER_LONGJMP
+            pVCpu->iem.s.pvTbFramePointerR3 = NULL;
+#endif
             if (pVCpu->iem.s.cActiveMappings > 0)
                 iemMemRollback(pVCpu);

trunk/src/VBox/VMM/include/IEMInternal.h

@@ -86 +86 @@
 #endif
 
+/** @def VBOX_WITH_IEM_NATIVE_RECOMPILER_LONGJMP
+ * Enables a quicker alternative to throw/longjmp for IEM_DO_LONGJMP when
+ * executing native translation blocks.
+ *
+ * This exploits the fact that we save all non-volatile registers in the TB
+ * prologue and thus just need to do the same as the TB epilogue to get the
+ * effect of a longjmp/throw.  Since MSC marks XMM6 thru XMM15 as
+ * non-volatile (and does something even more crazy for ARM), this probably
+ * won't work reliably on Windows. */
+#if defined(DOXYGEN_RUNNING) /*|| defined(RT_ARCH_AMD64)*/
+# define VBOX_WITH_IEM_NATIVE_RECOMPILER_LONGJMP
+#endif
+#ifdef VBOX_WITH_IEM_NATIVE_RECOMPILER_LONGJMP
+# if !defined(IN_RING3) \
+  || !defined(RT_ARCH_AMD64) \
+  || !defined(VBOX_WITH_IEM_RECOMPILER) \
+  || !defined(VBOX_WITH_IEM_NATIVE_RECOMPILER)
+#  undef VBOX_WITH_IEM_NATIVE_RECOMPILER_LONGJMP
+# elif defined(RT_OS_WINDOWS)
+#  pragma message("VBOX_WITH_IEM_NATIVE_RECOMPILER_LONGJMP is not safe to use on windows")
+# endif
+#endif
+
+
 /** @def IEM_DO_LONGJMP
  *
@@ -95 +119 @@
 #if defined(IEM_WITH_SETJMP) || defined(DOXYGEN_RUNNING)
 # ifdef IEM_WITH_THROW_CATCH
-#  define IEM_DO_LONGJMP(a_pVCpu, a_rc)  throw int(a_rc)
+#  ifdef VBOX_WITH_IEM_NATIVE_RECOMPILER_LONGJMP
+#   define IEM_DO_LONGJMP(a_pVCpu, a_rc) do { \
+            if ((a_pVCpu)->iem.s.pvTbFramePointerR3) \
+                iemNativeTbLongJmp((a_pVCpu)->iem.s.pvTbFramePointerR3, (a_rc)); \
+            throw int(a_rc); \
+        } while (0)
+#  else
+#   define IEM_DO_LONGJMP(a_pVCpu, a_rc) throw int(a_rc)
+#  endif
 # else
 #  define IEM_DO_LONGJMP(a_pVCpu, a_rc)  longjmp(*(a_pVCpu)->iem.s.CTX_SUFF(pJmpBuf), (a_rc))
@@ -1650 +1682 @@
      * This can either be one being executed or one being compiled. */
     R3PTRTYPE(PIEMTB)       pCurTbR3;
+#ifdef VBOX_WITH_IEM_NATIVE_RECOMPILER_LONGJMP
+    /** Frame pointer for the last native TB to execute. */
+    R3PTRTYPE(void *)       pvTbFramePointerR3;
+#else
+    R3PTRTYPE(void *)       pvUnusedR3;
+#endif
     /** Fixed TB used for threaded recompilation.
      * This is allocated once with maxed-out sizes and re-used afterwards. */
@@ -1798 +1836 @@
     STAMCOUNTER             StatNativeLivenessEflOtherRequired;
 
-    //uint64_t                au64Padding[3];
+    uint64_t                au64Padding[7];
     /** @} */
 
@@ -5837 +5875 @@
 int                 iemExecMemAllocatorInit(PVMCPU pVCpu, uint64_t cbMax, uint64_t cbInitial, uint32_t cbChunk);
 void                iemExecMemAllocatorFree(PVMCPU pVCpu, void *pv, size_t cb);
+DECLASM(DECL_NO_RETURN(void)) iemNativeTbLongJmp(void *pvFramePointer, int rc) RT_NOEXCEPT;