Changeset 103911 in vbox

Timestamp:

Mar 19, 2024 9:28:05 AM (11 months ago)

Author:

vboxsync

Message:

VMM/IEM: Implement support for fetching 128-bit/256-bit values from guest memory and implement native emitters for IEM_MC_FETCH_MEM_U128_ALIGN_SSE()/IEM_MC_FETCH_MEM_FLAT_U128_ALIGN_SSE()/IEM_MC_FETCH_MEM_U128_NO_AC()/IEM_MC_FETCH_MEM_FLAT_U128_NO_AC(), bugref:10614

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/IEMAllInstPython.py (modified) (1 diff)
• VMMAll/IEMAllN8vePython.py (modified) (2 diffs)
• VMMAll/IEMAllN8veRecompFuncs.h (modified) (8 diffs)
• VMMAll/IEMAllN8veRecompiler.cpp (modified) (2 diffs)
• include/IEMN8veRecompiler.h (modified) (2 diffs)
• include/IEMN8veRecompilerEmit.h (modified) (3 diffs)

trunk/src/VBox/VMM/VMMAll/IEMAllInstPython.py

@@ -3056 +3056 @@
     'IEM_MC_FETCH_MEM_R80':                                      (McBlock.parseMcGeneric,           True,  True,  False, ),
     'IEM_MC_FETCH_MEM_U128':                                     (McBlock.parseMcGeneric,           True,  True,  False, ),
-    'IEM_MC_FETCH_MEM_U128_ALIGN_SSE':                           (McBlock.parseMcGeneric,           True,  True,  False, ),
-    'IEM_MC_FETCH_MEM_U128_NO_AC':                               (McBlock.parseMcGeneric,           True,  True,  False, ),
+    'IEM_MC_FETCH_MEM_U128_ALIGN_SSE':                           (McBlock.parseMcGeneric,           True,  True,  g_fNativeSimd),
+    'IEM_MC_FETCH_MEM_U128_NO_AC':                               (McBlock.parseMcGeneric,           True,  True,  g_fNativeSimd),
     'IEM_MC_FETCH_MEM_U128_AND_XREG_U128':                       (McBlock.parseMcGeneric,           True,  True,  False, ),
     'IEM_MC_FETCH_MEM_U128_AND_XREG_U128_AND_RAX_RDX_U64':       (McBlock.parseMcGeneric,           True,  True,  False, ),

trunk/src/VBox/VMM/VMMAll/IEMAllN8vePython.py

@@ -44 +44 @@
 import IEMAllInstPython as iai;
 
+## Temporary flag for enabling / disabling experimental MCs depending on the
+## SIMD register allocator.
+g_fNativeSimd = True;
 
 ## Supplememnts g_dMcStmtParsers.
@@ -136 +139 @@
     'IEM_MC_FETCH_MEM_FLAT_R64':                                         (None, True,  True,  False, ),
     'IEM_MC_FETCH_MEM_FLAT_R80':                                         (None, True,  True,  False, ),
-    'IEM_MC_FETCH_MEM_FLAT_U128_ALIGN_SSE':                              (None, True,  True,  False, ),
-    'IEM_MC_FETCH_MEM_FLAT_U128_NO_AC':                                  (None, True,  True,  False, ),
+    'IEM_MC_FETCH_MEM_FLAT_U128_ALIGN_SSE':                              (None, True,  True,  g_fNativeSimd),
+    'IEM_MC_FETCH_MEM_FLAT_U128_NO_AC':                                  (None, True,  True,  g_fNativeSimd),
     'IEM_MC_FETCH_MEM_FLAT_U128':                                        (None, True,  True,  False, ),
     'IEM_MC_FETCH_MEM_FLAT_U16_DISP':                                    (None, True,  True,  True,  ),

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompFuncs.h

@@ -4655 +4655 @@
                IEMNATIVE_DO_LONGJMP(pReNative, VERR_IEM_VAR_UNEXPECTED_KIND));
     Assert(iSegReg < 6 || iSegReg == UINT8_MAX);
+#ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
+    Assert(   cbMem == 1 || cbMem == 2 || cbMem == 4 || cbMem == 8
+           || cbMem == sizeof(RTUINT128U) || cbMem == sizeof(RTUINT256U));
+#else
     Assert(cbMem == 1 || cbMem == 2 || cbMem == 4 || cbMem == 8);
+#endif
     AssertCompile(IEMNATIVE_CALL_ARG_GREG_COUNT >= 4);
 #ifdef VBOX_STRICT
@@ -4701 +4706 @@
                            : UINT64_C(0xc000b000a0009000) ));
                 break;
+#ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
+            case sizeof(RTUINT128U):
+                Assert(enmOp == kIemNativeEmitMemOp_Store || enmOp == kIemNativeEmitMemOp_Fetch);
+                Assert(   (   enmOp == kIemNativeEmitMemOp_Fetch
+                           && (   pfnFunction == (uintptr_t)iemNativeHlpMemFlatFetchDataU128AlignedSse
+                               || pfnFunction == (uintptr_t)iemNativeHlpMemFlatFetchDataU128NoAc))
+                       || (   enmOp == kIemNativeEmitMemOp_Store
+                           && (pfnFunction == UINT64_C(0xc000b000a0009000))));
+                break;
+#endif
         }
     }
@@ -4744 +4759 @@
                            : UINT64_C(0xc000b000a0009000) ));
                 break;
+#ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
+            case sizeof(RTUINT128U):
+                Assert(enmOp == kIemNativeEmitMemOp_Store || enmOp == kIemNativeEmitMemOp_Fetch);
+                Assert(   (   enmOp == kIemNativeEmitMemOp_Fetch
+                           && (   pfnFunction == (uintptr_t)iemNativeHlpMemFetchDataU128AlignedSse
+                               || pfnFunction == (uintptr_t)iemNativeHlpMemFetchDataU128NoAc))
+                       || (   enmOp == kIemNativeEmitMemOp_Store
+                           && (pfnFunction == UINT64_C(0xc000b000a0009000))));
+                break;
+#endif
         }
     }
@@ -4783 +4808 @@
      */
     uint16_t const uTlbSeqNo         = pReNative->uTlbSeqNo++;
+#ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
+    uint8_t  idxRegValueFetch = UINT8_MAX;
+
+    if (cbMem == sizeof(RTUINT128U) || cbMem == sizeof(RTUINT256U))
+        idxRegValueFetch = enmOp == kIemNativeEmitMemOp_Store ? UINT8_MAX
+                         : iemNativeVarSimdRegisterAcquire(pReNative, idxVarValue, &off);
+    else
+        idxRegValueFetch = enmOp == kIemNativeEmitMemOp_Store ? UINT8_MAX
+                         : !(pReNative->Core.bmHstRegs & RT_BIT_32(IEMNATIVE_CALL_RET_GREG))
+                         ? iemNativeVarRegisterSetAndAcquire(pReNative, idxVarValue, IEMNATIVE_CALL_RET_GREG, &off)
+                         : iemNativeVarRegisterAcquire(pReNative, idxVarValue, &off);
+#else
     uint8_t  const idxRegValueFetch  = enmOp == kIemNativeEmitMemOp_Store ? UINT8_MAX
                                      : !(pReNative->Core.bmHstRegs & RT_BIT_32(IEMNATIVE_CALL_RET_GREG))
                                      ? iemNativeVarRegisterSetAndAcquire(pReNative, idxVarValue, IEMNATIVE_CALL_RET_GREG, &off)
                                      : iemNativeVarRegisterAcquire(pReNative, idxVarValue, &off);
+#endif
     IEMNATIVEEMITTLBSTATE const TlbState(pReNative, &off, idxVarGCPtrMem, iSegReg, cbMem, offDisp);
     uint8_t  const idxRegValueStore  =    !TlbState.fSkip
@@ -4849 +4887 @@
     /* IEMNATIVE_CALL_ARG2/3_GREG = uValue (idxVarValue) - if store */
     uint32_t fVolGregMask = IEMNATIVE_CALL_VOLATILE_GREG_MASK;
+#ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
+    if (cbMem == sizeof(RTUINT128U) || cbMem == sizeof(RTUINT256U))
+    {
+        /*
+         * For SIMD based variables we pass the reference on the stack for both fetches and stores.
+         *
+         * @note There was a register variable assigned to the variable for the TlbLookup case above
+         *       which must not be freed or the value loaded into the register will not be synced into the register
+         *       further down the road because the variable doesn't know it had a variable assigned.
+         *
+         * @note For loads it is not required to sync what is in the assigned register with the stack slot
+         *       as it will be overwritten anyway.
+         */
+        uint8_t const idxRegArgValue = iSegReg == UINT8_MAX ? IEMNATIVE_CALL_ARG2_GREG : IEMNATIVE_CALL_ARG3_GREG;
+        off = iemNativeEmitLoadArgGregWithSimdVarAddrForMemAccess(pReNative, off, idxRegArgValue, idxVarValue,
+                                                                  enmOp == kIemNativeEmitMemOp_Store /*fSyncRegWithStack*/);
+        fVolGregMask &= ~RT_BIT_32(idxRegArgValue);
+    }
+    else
+#endif
     if (enmOp == kIemNativeEmitMemOp_Store)
     {
@@ -4887 +4945 @@
     if (enmOp != kIemNativeEmitMemOp_Store)
     {
-        Assert(idxRegValueFetch == pVarValue->idxReg);
-        if (idxRegValueFetch != IEMNATIVE_CALL_RET_GREG)
-            off = iemNativeEmitLoadGprFromGpr(pReNative, off, idxRegValueFetch, IEMNATIVE_CALL_RET_GREG);
+#ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
+        if (   cbMem == sizeof(RTUINT128U)
+            || cbMem == sizeof(RTUINT256U))
+        {
+            Assert(enmOp == kIemNativeEmitMemOp_Fetch);
+
+            /* Sync the value on the stack with the host register assigned to the variable. */
+            off = iemNativeEmitSimdVarSyncStackToRegister(pReNative, off, idxVarValue);
+        }
+        else
+#endif
+        {
+            Assert(idxRegValueFetch == pVarValue->idxReg);
+            if (idxRegValueFetch != IEMNATIVE_CALL_RET_GREG)
+                off = iemNativeEmitLoadGprFromGpr(pReNative, off, idxRegValueFetch, IEMNATIVE_CALL_RET_GREG);
+        }
     }
 
@@ -5008 +5079 @@
                         off = iemNativeEmitLoadGprByGprU64Ex(pCodeBuf, off, idxRegValueFetch, idxRegMemResult);
                         break;
+                    case sizeof(RTUINT128U):
+                        /*
+                         * No need to back the register with the stack, this is done by the generic variable handling
+                         * code if there is a register assigned to a variable and the stack must be accessed.
+                         */
+                        off = iemNativeEmitLoadVecRegByGprU128Ex(pCodeBuf, off, idxRegValueFetch, idxRegMemResult);
+                        break;
                     default:
                         AssertFailed();
@@ -5269 +5347 @@
                                                (uintptr_t)iemNativeHlpMemFlatFetchDataU64, pCallEntry->idxInstr)
 
+#ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
+/* 128-bit segmented: */
+#define IEM_MC_FETCH_MEM_U128_ALIGN_SSE(a_u128Dst, a_iSeg, a_GCPtrMem) \
+    off = iemNativeEmitMemFetchStoreDataCommon(pReNative, off, a_u128Dst, a_iSeg, a_GCPtrMem, \
+                                               sizeof(RTUINT128U), sizeof(RTUINT128U) - 1, kIemNativeEmitMemOp_Fetch, \
+                                               (uintptr_t)iemNativeHlpMemFetchDataU128AlignedSse, pCallEntry->idxInstr)
+
+/* 128-bit flat: */
+#define IEM_MC_FETCH_MEM_FLAT_U128_ALIGN_SSE(a_u128Dst, a_GCPtrMem) \
+    off = iemNativeEmitMemFetchStoreDataCommon(pReNative, off, a_u128Dst, UINT8_MAX, a_GCPtrMem, \
+                                               sizeof(RTUINT128U), sizeof(RTUINT128U) - 1, kIemNativeEmitMemOp_Fetch, \
+                                               (uintptr_t)iemNativeHlpMemFlatFetchDataU128AlignedSse, pCallEntry->idxInstr)
+
+/* 128-bit segmented: */
+#define IEM_MC_FETCH_MEM_U128_NO_AC(a_u128Dst, a_iSeg, a_GCPtrMem) \
+    off = iemNativeEmitMemFetchStoreDataCommon(pReNative, off, a_u128Dst, a_iSeg, a_GCPtrMem, \
+                                               sizeof(RTUINT128U), sizeof(RTUINT128U) - 1, kIemNativeEmitMemOp_Fetch, \
+                                               (uintptr_t)iemNativeHlpMemFetchDataU128NoAc, pCallEntry->idxInstr)
+
+/* 128-bit flat: */
+#define IEM_MC_FETCH_MEM_FLAT_U128_NO_AC(a_u128Dst, a_GCPtrMem) \
+    off = iemNativeEmitMemFetchStoreDataCommon(pReNative, off, a_u128Dst, UINT8_MAX, a_GCPtrMem, \
+                                               sizeof(RTUINT128U), sizeof(RTUINT128U) - 1, kIemNativeEmitMemOp_Fetch, \
+                                               (uintptr_t)iemNativeHlpMemFlatFetchDataU128NoAc, pCallEntry->idxInstr)
+#endif
 
 

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompiler.cpp

@@ -1871 +1871 @@
 
 
+#ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
+/**
+ * Used by TB code to load 128-bit data w/ segmentation.
+ */
+IEM_DECL_NATIVE_HLP_DEF(void, iemNativeHlpMemFetchDataU128AlignedSse,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem, uint8_t iSegReg, PRTUINT128U pu128Dst))
+{
+#ifdef IEMNATIVE_WITH_TLB_LOOKUP_FETCH
+    iemMemFetchDataU128AlignedSseSafeJmp(pVCpu, pu128Dst, iSegReg, GCPtrMem);
+#else
+    iemMemFetchDataU128AlignedSseJmp(pVCpu, pu128Dst, iSegReg, GCPtrMem);
+#endif
+}
+
+
+/**
+ * Used by TB code to load 128-bit data w/ segmentation.
+ */
+IEM_DECL_NATIVE_HLP_DEF(void, iemNativeHlpMemFetchDataU128NoAc,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem, uint8_t iSegReg, PRTUINT128U pu128Dst))
+{
+#ifdef IEMNATIVE_WITH_TLB_LOOKUP_FETCH
+    iemMemFetchDataU128NoAcSafeJmp(pVCpu, pu128Dst, iSegReg, GCPtrMem);
+#else
+    iemMemFetchDataU128NoAcJmp(pVCpu, pu128Dst, iSegReg, GCPtrMem);
+#endif
+}
+#endif
+
+
 /**
  * Used by TB code to store unsigned 8-bit data w/ segmentation.
@@ -2164 +2192 @@
 #endif
 }
+
+
+#ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
+/**
+ * Used by TB code to load unsigned 128-bit data w/ flat address.
+ */
+IEM_DECL_NATIVE_HLP_DEF(void, iemNativeHlpMemFlatFetchDataU128AlignedSse,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem, PRTUINT128U pu128Dst))
+{
+#ifdef IEMNATIVE_WITH_TLB_LOOKUP_FETCH
+    return iemMemFetchDataU128AlignedSseSafeJmp(pVCpu, pu128Dst, UINT8_MAX, GCPtrMem);
+#else
+    return iemMemFlatFetchDataU128AlignedSseJmp(pVCpu, pu128Dst, UINT8_MAX, GCPtrMem);
+#endif
+}
+
+
+/**
+ * Used by TB code to load unsigned 128-bit data w/ flat address.
+ */
+IEM_DECL_NATIVE_HLP_DEF(void, iemNativeHlpMemFlatFetchDataU128NoAc,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem, PRTUINT128U pu128Dst))
+{
+#ifdef IEMNATIVE_WITH_TLB_LOOKUP_FETCH
+    return iemMemFetchDataU128NoAcSafeJmp(pVCpu, pu128Dst, UINT8_MAX, GCPtrMem);
+#else
+    return iemMemFlatFetchDataU128NoAcJmp(pVCpu, pu128Dst, UINT8_MAX, GCPtrMem);
+#endif
+}
+#endif
 
 

trunk/src/VBox/VMM/include/IEMN8veRecompiler.h

@@ -1645 +1645 @@
 IEM_DECL_NATIVE_HLP_PROTO(uint64_t, iemNativeHlpMemFetchDataU32_Sx_U64,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem, uint8_t iSegReg));
 IEM_DECL_NATIVE_HLP_PROTO(uint64_t, iemNativeHlpMemFetchDataU64,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem, uint8_t iSegReg));
+#ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
+IEM_DECL_NATIVE_HLP_PROTO(void,     iemNativeHlpMemFetchDataU128AlignedSse,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem, uint8_t iSegReg, PRTUINT128U pu128Dst));
+IEM_DECL_NATIVE_HLP_PROTO(void,     iemNativeHlpMemFetchDataU128NoAc,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem, uint8_t iSegReg, PRTUINT128U pu128Dst));
+#endif
 IEM_DECL_NATIVE_HLP_PROTO(void,     iemNativeHlpMemStoreDataU8,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem, uint8_t iSegReg, uint8_t u8Value));
 IEM_DECL_NATIVE_HLP_PROTO(void,     iemNativeHlpMemStoreDataU16,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem, uint8_t iSegReg, uint16_t u16Value));
@@ -1667 +1671 @@
 IEM_DECL_NATIVE_HLP_PROTO(uint64_t, iemNativeHlpMemFlatFetchDataU32_Sx_U64,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem));
 IEM_DECL_NATIVE_HLP_PROTO(uint64_t, iemNativeHlpMemFlatFetchDataU64,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem));
+#ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
+IEM_DECL_NATIVE_HLP_PROTO(void,     iemNativeHlpMemFlatFetchDataU128AlignedSse,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem, PRTUINT128U pu128Dst));
+IEM_DECL_NATIVE_HLP_PROTO(void,     iemNativeHlpMemFlatFetchDataU128NoAc,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem, PRTUINT128U pu128Dst));
+#endif
 IEM_DECL_NATIVE_HLP_PROTO(void,     iemNativeHlpMemFlatStoreDataU8,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem, uint8_t u8Value));
 IEM_DECL_NATIVE_HLP_PROTO(void,     iemNativeHlpMemFlatStoreDataU16,(PVMCPUCC pVCpu, RTGCPTR GCPtrMem, uint16_t u16Value));

trunk/src/VBox/VMM/include/IEMN8veRecompilerEmit.h

@@ -2854 +2854 @@
 
 
+#ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
+/**
+ * Emits a 128-bit vector register load via a GPR base address with a displacement.
+ *
+ * @note ARM64: Misaligned @a offDisp values and values not in the
+ *       -0x7ff8...0x7ff8 range will require a temporary register (@a iGprTmp) if
+ *       @a iGprReg and @a iGprBase are the same. Will assert / throw if caller
+ *       does not heed this.
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitLoadVecRegByGprU128Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iVecRegDst, uint8_t iGprBase,
+                                   int32_t offDisp = 0, uint8_t iGprTmp = UINT8_MAX)
+{
+#ifdef RT_ARCH_AMD64
+    /* movdqu reg128, mem128 */
+    pCodeBuf[off++] = 0xf3;
+    if (iVecRegDst >= 8 || iGprBase >= 8)
+        pCodeBuf[off++] = (iVecRegDst < 8 ? 0 : X86_OP_REX_R) | (iGprBase < 8 ? 0 : X86_OP_REX_B);
+    pCodeBuf[off++] = 0x0f;
+    pCodeBuf[off++] = 0x6f;
+    off = iemNativeEmitGprByGprDisp(pCodeBuf, off, iVecRegDst, iGprBase, offDisp);
+    RT_NOREF(iGprTmp);
+
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitGprByGprLdStEx(pCodeBuf, off, iVecRegDst, iGprBase, offDisp,
+                                      kArmv8A64InstrLdStType_Ld_Vr_128, sizeof(RTUINT128U), iGprTmp);
+
+#else
+# error "port me"
+#endif
+    return off;
+}
+
+
+/**
+ * Emits a 128-bit GPR load via a GPR base address with a displacement.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitLoadVecRegByGprU128(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iVecRegDst, uint8_t iGprBase, int32_t offDisp)
+{
+#ifdef RT_ARCH_AMD64
+    off = iemNativeEmitLoadVecRegByGprU128Ex(iemNativeInstrBufEnsure(pReNative, off, 8), off, iVecRegDst, iGprBase, offDisp);
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitGprByGprLdSt(pReNative, off, iVecRegDst, iGprBase, offDisp, kArmv8A64InstrLdStType_Ld_Vr_128, sizeof(RTUINT128U));
+
+#else
+# error "port me"
+#endif
+    return off;
+}
+#endif
+
+
 /**
  * Emits a 64-bit GPR store via a GPR base address with a displacement.
@@ -7305 +7360 @@
                || pVar->enmKind == kIemNativeVarKind_Stack,
                IEMNATIVE_DO_LONGJMP(pReNative, VERR_IEM_VAR_UNEXPECTED_KIND));
+    AssertStmt(!pVar->fSimdReg,
+               IEMNATIVE_DO_LONGJMP(pReNative, VERR_IEM_VAR_UNEXPECTED_KIND));
 
     uint8_t const idxStackSlot   = iemNativeVarGetStackSlot(pReNative, idxVar);
@@ -7310 +7367 @@
 
     uint8_t const idxRegVar      = pVar->idxReg;
+    if (idxRegVar < RT_ELEMENTS(pReNative->Core.aHstRegs))
+    {
+        off = iemNativeEmitStoreGprByBp(pReNative, off, offBpDisp, idxRegVar);
+        iemNativeRegFreeVar(pReNative, idxRegVar, fFlushShadows);
+        Assert(pVar->idxReg == UINT8_MAX);
+    }
+    Assert(   pVar->idxStackSlot != UINT8_MAX
+           && pVar->idxReg       == UINT8_MAX);
+
+    return iemNativeEmitLeaGprByBp(pReNative, off, idxRegArg, offBpDisp);
+}
+
+
 #ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
-    if (   idxRegVar != UINT8_MAX
-        && pVar->fSimdReg)
-    {
-        Assert(idxRegVar < RT_ELEMENTS(pReNative->Core.aHstSimdRegs));
-        Assert(pVar->cbVar == sizeof(RTUINT128U) || pVar->cbVar == sizeof(RTUINT256U));
-
+/**
+ * Emits code to load the variable address into an argument GPR.
+ *
+ * This is a special variant intended for SIMD variables only and only called
+ * by the TLB miss path in the memory fetch/store code because there we pass
+ * the value by reference and need both the register and stack depending on which
+ * path is taken (TLB hit vs. miss).
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitLoadArgGregWithSimdVarAddrForMemAccess(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t idxRegArg, uint8_t idxVar,
+                                                    bool fSyncRegWithStack = true)
+{
+    IEMNATIVE_ASSERT_VAR_IDX(pReNative, idxVar);
+    PIEMNATIVEVAR const pVar = &pReNative->Core.aVars[IEMNATIVE_VAR_IDX_UNPACK(idxVar)];
+    AssertStmt(   pVar->enmKind == kIemNativeVarKind_Invalid
+               || pVar->enmKind == kIemNativeVarKind_Stack,
+               IEMNATIVE_DO_LONGJMP(pReNative, VERR_IEM_VAR_UNEXPECTED_KIND));
+    AssertStmt(pVar->fSimdReg,
+               IEMNATIVE_DO_LONGJMP(pReNative, VERR_IEM_VAR_UNEXPECTED_KIND));
+    Assert(   pVar->idxStackSlot != UINT8_MAX
+           && pVar->idxReg != UINT8_MAX);
+
+    uint8_t const idxStackSlot   = iemNativeVarGetStackSlot(pReNative, idxVar);
+    int32_t const offBpDisp      = iemNativeStackCalcBpDisp(idxStackSlot);
+
+    uint8_t const idxRegVar      = pVar->idxReg;
+    Assert(idxRegVar < RT_ELEMENTS(pReNative->Core.aHstSimdRegs));
+    Assert(pVar->cbVar == sizeof(RTUINT128U) || pVar->cbVar == sizeof(RTUINT256U));
+
+    if (fSyncRegWithStack)
+    {
         if (pVar->cbVar == sizeof(RTUINT128U))
             off = iemNativeEmitStoreVecRegByBpU128(pReNative, off, offBpDisp, idxRegVar);
         else
             off = iemNativeEmitStoreVecRegByBpU256(pReNative, off, offBpDisp, idxRegVar);
-
-        iemNativeSimdRegFreeVar(pReNative, idxRegVar, fFlushShadows);
-        Assert(pVar->idxReg == UINT8_MAX);
-    }
-    else
-#endif
-    if (idxRegVar < RT_ELEMENTS(pReNative->Core.aHstRegs))
-    {
-        off = iemNativeEmitStoreGprByBp(pReNative, off, offBpDisp, idxRegVar);
-        iemNativeRegFreeVar(pReNative, idxRegVar, fFlushShadows);
-        Assert(pVar->idxReg == UINT8_MAX);
-    }
+    }
+
+    return iemNativeEmitLeaGprByBp(pReNative, off, idxRegArg, offBpDisp);
+}
+
+
+/**
+ * Emits code to sync the host SIMD register assigned to the given SIMD variable.
+ *
+ * This is a special helper and only called
+ * by the TLB miss path in the memory fetch/store code because there we pass
+ * the value by reference and need to sync the value on the stack with the assigned host register
+ * after a TLB miss where the value ends up on the stack.
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitSimdVarSyncStackToRegister(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t idxVar)
+{
+    IEMNATIVE_ASSERT_VAR_IDX(pReNative, idxVar);
+    PIEMNATIVEVAR const pVar = &pReNative->Core.aVars[IEMNATIVE_VAR_IDX_UNPACK(idxVar)];
+    AssertStmt(   pVar->enmKind == kIemNativeVarKind_Invalid
+               || pVar->enmKind == kIemNativeVarKind_Stack,
+               IEMNATIVE_DO_LONGJMP(pReNative, VERR_IEM_VAR_UNEXPECTED_KIND));
+    AssertStmt(pVar->fSimdReg,
+               IEMNATIVE_DO_LONGJMP(pReNative, VERR_IEM_VAR_UNEXPECTED_KIND));
     Assert(   pVar->idxStackSlot != UINT8_MAX
-           && pVar->idxReg       == UINT8_MAX);
-
-    return iemNativeEmitLeaGprByBp(pReNative, off, idxRegArg, offBpDisp);
-}
-
-
-#ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
+           && pVar->idxReg != UINT8_MAX);
+
+    uint8_t const idxStackSlot   = iemNativeVarGetStackSlot(pReNative, idxVar);
+    int32_t const offBpDisp      = iemNativeStackCalcBpDisp(idxStackSlot);
+
+    uint8_t const idxRegVar      = pVar->idxReg;
+    Assert(idxRegVar < RT_ELEMENTS(pReNative->Core.aHstSimdRegs));
+    Assert(pVar->cbVar == sizeof(RTUINT128U) || pVar->cbVar == sizeof(RTUINT256U));
+
+    if (pVar->cbVar == sizeof(RTUINT128U))
+        off = iemNativeEmitLoadVecRegByBpU128(pReNative, off, idxRegVar, offBpDisp);
+    else
+        off = iemNativeEmitLoadVecRegByBpU256(pReNative, off, idxRegVar, offBpDisp);
+
+    return off;
+}
+
 
 /**