Changeset 104468 in vbox

Timestamp:

May 1, 2024 12:43:28 AM (12 months ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

162987

Message:

VMM/IEM: Deal with the simples direct 'linking' of TBs scenario for relative jumps, when staying with the same code page. bugref:10656

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/IEMAllN8veRecompBltIn.cpp (modified) (2 diffs)
• VMMAll/IEMAllN8veRecompFuncs.h (modified) (14 diffs)
• VMMAll/IEMAllN8veRecompiler.cpp (modified) (7 diffs)
• VMMAll/IEMAllThrdFuncsBltIn.cpp (modified) (1 diff)
• VMMR3/IEMR3.cpp (modified) (1 diff)
• include/IEMInternal.h (modified) (4 diffs)
• include/IEMN8veRecompiler.h (modified) (2 diffs)
• include/IEMN8veRecompilerEmit.h (modified) (1 diff)

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompBltIn.cpp

@@ -283 +283 @@
     iemNativeRegFreeTmp(pReNative, idxEflReg);
     iemNativeRegFreeTmp(pReNative, idxPcReg);
+
+    /*
+     * Note down that we've been here, so we can skip FFs + IRQ checks when
+     * doing direct linking.
+     */
+#ifdef IEMNATIVE_WITH_LIVENESS_ANALYSIS
+    pReNative->idxLastCheckIrqCallNo = pReNative->idxCurCall;
+#else
+    pReNative->idxLastCheckIrqCallNo = pCallEntry - pReNative->pTbOrg->Thrd.paCalls;
+#endif
 
     return off;
@@ -1037 +1047 @@
 
 
-/** Duplicated in IEMAllThrdFuncsBltIn.cpp. */
-DECL_FORCE_INLINE(RTGCPHYS) iemTbGetRangePhysPageAddr(PCIEMTB pTb, uint8_t idxRange)
-{
-    Assert(idxRange < RT_MIN(pTb->cRanges, RT_ELEMENTS(pTb->aRanges)));
-    uint8_t const idxPage = pTb->aRanges[idxRange].idxPhysPage;
-    Assert(idxPage <= RT_ELEMENTS(pTb->aGCPhysPages));
-    if (idxPage == 0)
-        return pTb->GCPhysPc & ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK;
-    Assert(!(pTb->aGCPhysPages[idxPage - 1] & GUEST_PAGE_OFFSET_MASK));
-    return pTb->aGCPhysPages[idxPage - 1];
-}
-
 
 /**

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompFuncs.h

@@ -345 +345 @@
 
 
+/** Helper for iemNativeEmitFinishInstructionWithStatus. */
+DECLINLINE(RTGCPHYS) iemNativeCallEntryToGCPhysPc(PCIEMTB pTb, PCIEMTHRDEDCALLENTRY pCallEntry)
+{
+    unsigned const offOpcodes = pCallEntry->offOpcode;
+    unsigned const cRanges    = RT_MIN(pTb->cRanges, RT_ELEMENTS(pTb->aRanges));
+    for (unsigned  idxRange   = 0; idxRange < cRanges; idxRange++)
+    {
+        unsigned const offRange = offOpcodes - (unsigned)pTb->aRanges[idxRange].offOpcodes;
+        if (offRange < (unsigned)pTb->aRanges[idxRange].cbOpcodes)
+            return iemTbGetRangePhysPageAddr(pTb, idxRange) + offRange + pTb->aRanges[idxRange].offPhysPage;
+    }
+    AssertFailedReturn(NIL_RTGCPHYS);
+}
+
+
 /** The VINF_SUCCESS dummy. */
-template<int const a_rcNormal>
-DECL_FORCE_INLINE(uint32_t)
-iemNativeEmitFinishInstructionWithStatus(PIEMRECOMPILERSTATE pReNative, uint32_t off, PCIEMTHRDEDCALLENTRY pCallEntry)
+template<int const a_rcNormal, bool const a_fIsJump>
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitFinishInstructionWithStatus(PIEMRECOMPILERSTATE pReNative, uint32_t off, PCIEMTHRDEDCALLENTRY pCallEntry,
+                                         int32_t const offJump)
 {
     AssertCompile(a_rcNormal == VINF_SUCCESS || a_rcNormal == VINF_IEM_REEXEC_BREAK);
@@ -362 +378 @@
         off = iemNativeRegFlushPendingWrites(pReNative, off);
 
+        /*
+         * Use the lookup table for getting to the next TB quickly.
+         * Note! In this code path there can only be one entry at present.
+         */
+        uint8_t const  idxTbLookupFirst = IEM_TB_LOOKUP_TAB_GET_IDX(pCallEntry->uTbLookup);
+        PCIEMTB const  pTbOrg           = pReNative->pTbOrg;
+        Assert(idxTbLookupFirst < pTbOrg->cTbLookupEntries);
+        Assert(IEM_TB_LOOKUP_TAB_GET_SIZE(pCallEntry->uTbLookup) == 1);
+
+#if 0
         /* Update IEMCPU::ppTbLookupEntryR3 to get the best lookup effect. */
-        uint8_t const  idxTbLookupFirst = IEM_TB_LOOKUP_TAB_GET_IDX(pCallEntry->uTbLookup);
-        Assert(idxTbLookupFirst < pReNative->pTbOrg->cTbLookupEntries);
-        PIEMTB * const ppTbLookupFirst  = IEMTB_GET_TB_LOOKUP_TAB_ENTRY(pReNative->pTbOrg, idxTbLookupFirst);
+        PIEMTB * const ppTbLookupFirst  = IEMTB_GET_TB_LOOKUP_TAB_ENTRY(pTbOrg, idxTbLookupFirst);
         Assert(IEM_TB_LOOKUP_TAB_GET_SIZE(pCallEntry->uTbLookup) == 1); /* large stuff later/never */
         off = iemNativeEmitStoreImmToVCpuU64(pReNative, off, (uintptr_t)ppTbLookupFirst,
@@ -371 +395 @@
 
         return iemNativeEmitJmpToNewLabel(pReNative, off, kIemNativeLabelType_ReturnBreak);
+
+#else
+        /* Load the index as argument #1 for the helper call at the given label. */
+        off = iemNativeEmitLoadGpr8Imm(pReNative, off, IEMNATIVE_CALL_ARG1_GREG, idxTbLookupFirst);
+
+        /*
+         * Figure out the physical address of the current instruction and see
+         * whether the next instruction we're about to execute is in the same
+         * page so we by can optimistically skip TLB loading.
+         *
+         * - This is safe for all cases in FLAT mode.
+         * - In segmentmented modes it is complicated, given that a negative
+         *   jump may underflow EIP and a forward jump may overflow or run into
+         *   CS.LIM and triggering a #GP.  The only thing we can get away with
+         *   now at compile time is forward jumps w/o CS.LIM checks, since the
+         *   lack of CS.LIM checks means we're good for the entire physical page
+         *   we're executing on and another 15 bytes before we run into CS.LIM.
+         */
+        if (   IEM_F_MODE_X86_IS_FLAT(pReNative->fExec)
+            || !(pTbOrg->fFlags & IEMTB_F_CS_LIM_CHECKS) )
+        {
+            RTGCPHYS const GCPhysPcCurrent = iemNativeCallEntryToGCPhysPc(pTbOrg, pCallEntry);
+            RTGCPHYS const GCPhysPcNext    = GCPhysPcCurrent + pCallEntry->cbOpcode + (int64_t)(a_fIsJump ? offJump : 0);
+            if (   (GCPhysPcNext >> GUEST_PAGE_SHIFT) == (GCPhysPcCurrent >> GUEST_PAGE_SHIFT)
+                && GUEST_PAGE_SIZE - (GCPhysPcCurrent & GUEST_PAGE_OFFSET_MASK) >= pCallEntry->cbOpcode /* 0xfff: je -56h */ )
+
+            {
+                /* Load the next GCPhysPc into the 3rd argument for the helper call. */
+                off = iemNativeEmitLoadGprImm64(pReNative, off, IEMNATIVE_CALL_ARG3_GREG, GCPhysPcNext);
+
+                /* Load the key lookup flags into the 2nd argument for the helper call.
+                   - This is safe wrt CS limit checking since we're only here for FLAT modes.
+                   - ASSUMING that this isn't a STI or POPF instruction, we can exclude any
+                     interrupt shadow.
+                   - The NMI inhibiting is more questionable, though... */
+                /** @todo We don't implement NMI blocking atm, except via VT-x/AMD-V.
+                 *        Should we copy it into fExec to simplify this? OTOH, it's just a
+                 *        couple of extra instructions if EFLAGS are already in a register. */
+                off = iemNativeEmitLoadGprImm64(pReNative, off, IEMNATIVE_CALL_ARG2_GREG,
+                                                (pReNative->fExec & IEMTB_F_KEY_MASK) | IEMTB_F_TYPE_NATIVE);
+
+                if (pReNative->idxLastCheckIrqCallNo != UINT32_MAX)
+                    return iemNativeEmitJmpToNewLabel(pReNative, off, kIemNativeLabelType_ReturnBreakViaLookup);
+                return iemNativeEmitJmpToNewLabel(pReNative, off, kIemNativeLabelType_ReturnBreakViaLookupWithIrq);
+            }
+        }
+        if (pReNative->idxLastCheckIrqCallNo != UINT32_MAX)
+            return iemNativeEmitJmpToNewLabel(pReNative, off, kIemNativeLabelType_ReturnBreakViaLookupWithTlb);
+        return iemNativeEmitJmpToNewLabel(pReNative, off, kIemNativeLabelType_ReturnBreakViaLookupWithTlbAndIrq);
+#endif
     }
     return off;
@@ -378 +452 @@
 #define IEM_MC_ADVANCE_RIP_AND_FINISH_THREADED_PC64(a_cbInstr, a_rcNormal) \
     off = iemNativeEmitAddToRip64AndFinishingNoFlags(pReNative, off, (a_cbInstr)); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, false /*a_fIsJump*/>(pReNative, off, pCallEntry, 0)
 
 #define IEM_MC_ADVANCE_RIP_AND_FINISH_THREADED_PC64_WITH_FLAGS(a_cbInstr, a_rcNormal) \
     off = iemNativeEmitAddToRip64AndFinishingNoFlags(pReNative, off, (a_cbInstr)); \
     off = iemNativeEmitFinishInstructionFlagsCheck(pReNative, off); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, false /*a_fIsJump*/>(pReNative, off, pCallEntry, 0)
 
 /** Same as iemRegAddToRip64AndFinishingNoFlags. */
@@ -425 +499 @@
 #define IEM_MC_ADVANCE_RIP_AND_FINISH_THREADED_PC32(a_cbInstr, a_rcNormal) \
     off = iemNativeEmitAddToEip32AndFinishingNoFlags(pReNative, off, (a_cbInstr)); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, false /*a_fIsJump*/>(pReNative, off, pCallEntry, 0)
 
 #define IEM_MC_ADVANCE_RIP_AND_FINISH_THREADED_PC32_WITH_FLAGS(a_cbInstr, a_rcNormal) \
     off = iemNativeEmitAddToEip32AndFinishingNoFlags(pReNative, off, (a_cbInstr)); \
     off = iemNativeEmitFinishInstructionFlagsCheck(pReNative, off); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, false /*a_fIsJump*/>(pReNative, off, pCallEntry, 0)
 
 /** Same as iemRegAddToEip32AndFinishingNoFlags. */
@@ -472 +546 @@
 #define IEM_MC_ADVANCE_RIP_AND_FINISH_THREADED_PC16(a_cbInstr, a_rcNormal) \
     off = iemNativeEmitAddToIp16AndFinishingNoFlags(pReNative, off, (a_cbInstr)); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, false /*a_fIsJump*/>(pReNative, off, pCallEntry, 0)
 
 #define IEM_MC_ADVANCE_RIP_AND_FINISH_THREADED_PC16_WITH_FLAGS(a_cbInstr, a_rcNormal) \
     off = iemNativeEmitAddToIp16AndFinishingNoFlags(pReNative, off, (a_cbInstr)); \
     off = iemNativeEmitFinishInstructionFlagsCheck(pReNative, off); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, false /*a_fIsJump*/>(pReNative, off, pCallEntry, 0)
 
 /** Same as iemRegAddToIp16AndFinishingNoFlags. */
@@ -526 +600 @@
     off = iemNativeEmitRip64RelativeJumpAndFinishingNoFlags(pReNative, off, (a_cbInstr), (int8_t)(a_i8), \
                                                             (a_enmEffOpSize), pCallEntry->idxInstr); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (int8_t)(a_i8))
 
 #define IEM_MC_REL_JMP_S8_AND_FINISH_THREADED_PC64_WITH_FLAGS(a_i8, a_cbInstr, a_enmEffOpSize, a_rcNormal) \
@@ -532 +606 @@
                                                             (a_enmEffOpSize), pCallEntry->idxInstr); \
     off = iemNativeEmitFinishInstructionFlagsCheck(pReNative, off); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (int8_t)(a_i8))
 
 #define IEM_MC_REL_JMP_S16_AND_FINISH_THREADED_PC64(a_i16, a_cbInstr, a_rcNormal) \
     off = iemNativeEmitRip64RelativeJumpAndFinishingNoFlags(pReNative, off, (a_cbInstr), (int16_t)(a_i16), \
                                                             IEMMODE_16BIT, pCallEntry->idxInstr); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (int16_t)(a_i16))
 
 #define IEM_MC_REL_JMP_S16_AND_FINISH_THREADED_PC64_WITH_FLAGS(a_i16, a_cbInstr, a_rcNormal) \
@@ -543 +617 @@
                                                                 IEMMODE_16BIT, pCallEntry->idxInstr); \
     off = iemNativeEmitFinishInstructionFlagsCheck(pReNative, off); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (int16_t)(a_i16))
 
 #define IEM_MC_REL_JMP_S32_AND_FINISH_THREADED_PC64(a_i32, a_cbInstr, a_rcNormal) \
     off = iemNativeEmitRip64RelativeJumpAndFinishingNoFlags(pReNative, off, (a_cbInstr), (a_i32), \
                                                             IEMMODE_64BIT, pCallEntry->idxInstr); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (a_i32))
 
 #define IEM_MC_REL_JMP_S32_AND_FINISH_THREADED_PC64_WITH_FLAGS(a_i32, a_cbInstr, a_rcNormal) \
@@ -554 +628 @@
                                                             IEMMODE_64BIT, pCallEntry->idxInstr); \
     off = iemNativeEmitFinishInstructionFlagsCheck(pReNative, off); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (a_i32))
 
 /** Same as iemRegRip64RelativeJumpS8AndFinishNoFlags,
@@ -603 +677 @@
     off = iemNativeEmitEip32RelativeJumpAndFinishingNoFlags(pReNative, off, (a_cbInstr), (int8_t)(a_i8), \
                                                             (a_enmEffOpSize), pCallEntry->idxInstr); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (int8_t)(a_i8))
 
 #define IEM_MC_REL_JMP_S8_AND_FINISH_THREADED_PC32_WITH_FLAGS(a_i8, a_cbInstr, a_enmEffOpSize, a_rcNormal) \
@@ -609 +683 @@
                                                             (a_enmEffOpSize), pCallEntry->idxInstr); \
     off = iemNativeEmitFinishInstructionFlagsCheck(pReNative, off); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (int8_t)(a_i8))
 
 #define IEM_MC_REL_JMP_S16_AND_FINISH_THREADED_PC32(a_i16, a_cbInstr, a_rcNormal) \
     off = iemNativeEmitEip32RelativeJumpAndFinishingNoFlags(pReNative, off, (a_cbInstr), (int16_t)(a_i16), \
                                                             IEMMODE_16BIT, pCallEntry->idxInstr); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (int16_t)(a_i16))
 
 #define IEM_MC_REL_JMP_S16_AND_FINISH_THREADED_PC32_WITH_FLAGS(a_i16, a_cbInstr, a_rcNormal) \
@@ -620 +694 @@
                                                             IEMMODE_16BIT, pCallEntry->idxInstr); \
     off = iemNativeEmitFinishInstructionFlagsCheck(pReNative, off); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (int16_t)(a_i16))
 
 #define IEM_MC_REL_JMP_S32_AND_FINISH_THREADED_PC32(a_i32, a_cbInstr, a_rcNormal) \
     off = iemNativeEmitEip32RelativeJumpAndFinishingNoFlags(pReNative, off, (a_cbInstr), (a_i32), \
                                                             IEMMODE_32BIT, pCallEntry->idxInstr); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (a_i32))
 
 #define IEM_MC_REL_JMP_S32_AND_FINISH_THREADED_PC32_WITH_FLAGS(a_i32, a_cbInstr, a_rcNormal) \
-            off = iemNativeEmitEip32RelativeJumpAndFinishingNoFlags(pReNative, off, (a_cbInstr), (a_i32), \
-                                                                    IEMMODE_32BIT, pCallEntry->idxInstr); \
+    off = iemNativeEmitEip32RelativeJumpAndFinishingNoFlags(pReNative, off, (a_cbInstr), (a_i32), \
+                                                            IEMMODE_32BIT, pCallEntry->idxInstr); \
     off = iemNativeEmitFinishInstructionFlagsCheck(pReNative, off); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (a_i32))
 
 /** Same as iemRegEip32RelativeJumpS8AndFinishNoFlags,
@@ -676 +750 @@
 #define IEM_MC_REL_JMP_S8_AND_FINISH_THREADED_PC16(a_i8, a_cbInstr, a_rcNormal) \
     off = iemNativeEmitIp16RelativeJumpAndFinishingNoFlags(pReNative, off, (a_cbInstr), (int8_t)(a_i8), pCallEntry->idxInstr); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (int8_t)(a_i8))
 
 #define IEM_MC_REL_JMP_S8_AND_FINISH_THREADED_PC16_WITH_FLAGS(a_i8, a_cbInstr, a_rcNormal) \
     off = iemNativeEmitIp16RelativeJumpAndFinishingNoFlags(pReNative, off, (a_cbInstr), (int8_t)(a_i8), pCallEntry->idxInstr); \
     off = iemNativeEmitFinishInstructionFlagsCheck(pReNative, off); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (int8_t)(a_i8))
 
 #define IEM_MC_REL_JMP_S16_AND_FINISH_THREADED_PC16(a_i16, a_cbInstr, a_rcNormal) \
     off = iemNativeEmitIp16RelativeJumpAndFinishingNoFlags(pReNative, off, (a_cbInstr), (int16_t)(a_i16), pCallEntry->idxInstr); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (int16_t)(a_i16))
 
 #define IEM_MC_REL_JMP_S16_AND_FINISH_THREADED_PC16_WITH_FLAGS(a_i16, a_cbInstr, a_rcNormal) \
     off = iemNativeEmitIp16RelativeJumpAndFinishingNoFlags(pReNative, off, (a_cbInstr), (int16_t)(a_i16), pCallEntry->idxInstr); \
     off = iemNativeEmitFinishInstructionFlagsCheck(pReNative, off); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, (int16_t)(a_i16))
 
 #define IEM_MC_REL_JMP_S32_AND_FINISH_THREADED_PC16(a_i32, a_cbInstr, a_rcNormal) \
     off = iemNativeEmitIp16RelativeJumpAndFinishingNoFlags(pReNative, off, (a_cbInstr), (a_i32), pCallEntry->idxInstr); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, a_i32)
 
 #define IEM_MC_REL_JMP_S32_AND_FINISH_THREADED_PC16_WITH_FLAGS(a_i32, a_cbInstr, a_rcNormal) \
     off = iemNativeEmitIp16RelativeJumpAndFinishingNoFlags(pReNative, off, (a_cbInstr), (a_i32), pCallEntry->idxInstr); \
     off = iemNativeEmitFinishInstructionFlagsCheck(pReNative, off); \
-    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal>(pReNative, off, pCallEntry)
+    off = iemNativeEmitFinishInstructionWithStatus<a_rcNormal, true /*a_fIsJump*/>(pReNative, off, pCallEntry, a_i32)
 
 /** Same as iemRegIp16RelativeJumpS8AndFinishNoFlags. */

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompiler.cpp

@@ -52 +52 @@
 #include <VBox/vmm/cpum.h>
 #include <VBox/vmm/dbgf.h>
+#include <VBox/vmm/tm.h>
 #include "IEMInternal.h"
 #include <VBox/vmm/vmcc.h>
@@ -131 +132 @@
 
 /**
+ * Helping iemNativeHlpReturnBreakViaLookup and iemNativeHlpReturnBreakViaLookupWithTlb.
+ */
+DECL_FORCE_INLINE(bool) iemNativeHlpReturnBreakViaLookupIsIrqOrForceFlagPending(PVMCPU pVCpu)
+{
+    uint64_t fCpu = pVCpu->fLocalForcedActions;
+    fCpu &= VMCPU_FF_ALL_MASK & ~(  VMCPU_FF_PGM_SYNC_CR3
+                                  | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL
+                                  | VMCPU_FF_TLB_FLUSH
+                                  | VMCPU_FF_UNHALT );
+    /** @todo this isn't even close to the NMI/IRQ conditions in EM. */
+    if (RT_LIKELY(   (   !fCpu
+                      || (   !(fCpu & ~(VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC))
+                          && (   !pVCpu->cpum.GstCtx.rflags.Bits.u1IF
+                              || CPUMIsInInterruptShadow(&pVCpu->cpum.GstCtx) )) )
+                  && !VM_FF_IS_ANY_SET(pVCpu->CTX_SUFF(pVM), VM_FF_ALL_MASK) ))
+        return false;
+    return true;
+}
+
+
+/**
+ * Used by TB code when encountering a non-zero status or rcPassUp after a call.
+ */
+template <bool const a_fWithIrqCheck>
+static IEM_DECL_NATIVE_HLP_DEF(uintptr_t, iemNativeHlpReturnBreakViaLookup,(PVMCPUCC pVCpu, uint8_t idxTbLookup,
+                                                                            uint32_t fFlags, RTGCPHYS GCPhysPc))
+{
+    PIEMTB const    pTb     = pVCpu->iem.s.pCurTbR3;
+    Assert(idxTbLookup < pTb->cTbLookupEntries);
+    PIEMTB * const  ppNewTb = IEMTB_GET_TB_LOOKUP_TAB_ENTRY(pTb, idxTbLookup);
+#if 1
+    PIEMTB const    pNewTb  = *ppNewTb;
+    if (pNewTb)
+    {
+# ifdef VBOX_STRICT
+        uint64_t const uFlatPcAssert = pVCpu->cpum.GstCtx.rip + pVCpu->cpum.GstCtx.cs.u64Base;
+        AssertMsg(   (uFlatPcAssert & ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK) == pVCpu->iem.s.uInstrBufPc
+                  && (GCPhysPc      & ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK) == pVCpu->iem.s.GCPhysInstrBuf
+                  && (GCPhysPc      & GUEST_PAGE_OFFSET_MASK)            == (uFlatPcAssert & GUEST_PAGE_OFFSET_MASK),
+                  ("GCPhysPc=%RGp uFlatPcAssert=%#RX64 uInstrBufPc=%#RX64 GCPhysInstrBuf=%RGp\n",
+                   GCPhysPc, uFlatPcAssert, pVCpu->iem.s.uInstrBufPc, pVCpu->iem.s.GCPhysInstrBuf));
+# endif
+        if (pNewTb->GCPhysPc == GCPhysPc)
+        {
+# ifdef VBOX_STRICT
+            uint32_t fAssertFlags = (pVCpu->iem.s.fExec & IEMTB_F_IEM_F_MASK) | IEMTB_F_TYPE_NATIVE;
+            if (pVCpu->cpum.GstCtx.rflags.uBoth & CPUMCTX_INHIBIT_SHADOW)
+                fAssertFlags |= IEMTB_F_INHIBIT_SHADOW;
+            if (pVCpu->cpum.GstCtx.rflags.uBoth & CPUMCTX_INHIBIT_NMI)
+                fAssertFlags |= IEMTB_F_INHIBIT_NMI;
+            if (!IEM_F_MODE_X86_IS_FLAT(fFlags))
+            {
+                int64_t const offFromLim = (int64_t)pVCpu->cpum.GstCtx.cs.u32Limit - (int64_t)pVCpu->cpum.GstCtx.eip;
+                if (offFromLim < X86_PAGE_SIZE + 16 - (int32_t)(pVCpu->cpum.GstCtx.cs.u64Base & GUEST_PAGE_OFFSET_MASK))
+                    fAssertFlags |= IEMTB_F_CS_LIM_CHECKS;
+            }
+            Assert(!(fFlags & ~(IEMTB_F_IEM_F_MASK | IEMTB_F_TYPE_MASK)));
+            AssertMsg(fFlags == fAssertFlags, ("fFlags=%#RX32 fAssertFlags=%#RX32 cs:rip=%04x:%#010RX64\n",
+                                               fFlags, fAssertFlags, pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip));
+#endif
+
+            /*
+             * Check them + type.
+             */
+            if ((pNewTb->fFlags & (IEMTB_F_IEM_F_MASK | IEMTB_F_TYPE_MASK)) == fFlags)
+            {
+                /*
+                 * Check for interrupts and stuff.
+                 */
+                if (!a_fWithIrqCheck || !iemNativeHlpReturnBreakViaLookupIsIrqOrForceFlagPending(pVCpu) )
+                {
+                    /* Do polling. */
+                    uint64_t const cTbExecNative = pVCpu->iem.s.cTbExecNative;
+                    if (   RT_LIKELY(cTbExecNative & 511)
+                        || !TMTimerPollBoolWith32BitMilliTS(pVCpu->CTX_SUFF(pVM), pVCpu, &pVCpu->iem.s.msRecompilerPollNow) )
+                    {
+                        pVCpu->iem.s.cTbExecNative = cTbExecNative + 1;
+                        if (a_fWithIrqCheck)
+                            STAM_REL_COUNTER_INC(&pVCpu->iem.s.StatNativeTbExitDirectLinking1Irq);
+                        else
+                            STAM_REL_COUNTER_INC(&pVCpu->iem.s.StatNativeTbExitDirectLinking1NoIrq);
+
+                        pNewTb->cUsed                 += 1;
+                        pNewTb->msLastUsed             = pVCpu->iem.s.msRecompilerPollNow;
+                        pVCpu->iem.s.pCurTbR3          = pNewTb;
+                        pVCpu->iem.s.ppTbLookupEntryR3 = IEMTB_GET_TB_LOOKUP_TAB_ENTRY(pNewTb, 0);
+                        Log10(("iemNativeHlpReturnBreakViaLookupWithPc: match at %04x:%08RX64 (%RGp): pTb=%p[%#x]-> %p\n",
+                               pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, GCPhysPc, pTb, idxTbLookup, pNewTb));
+                        return (uintptr_t)pNewTb->Native.paInstructions;
+                    }
+                }
+                Log10(("iemNativeHlpReturnBreakViaLookupWithPc: IRQ or FF pending\n"));
+                STAM_COUNTER_INC(&pVCpu->iem.s.StatNativeTbExitDirectLinking1PendingIrq);
+            }
+            else
+            {
+                Log10(("iemNativeHlpReturnBreakViaLookupWithPc: fFlags mismatch at %04x:%08RX64: %#x vs %#x (pTb=%p[%#x]-> %p)\n",
+                       pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, fFlags, pNewTb->fFlags, pTb, idxTbLookup, pNewTb));
+                STAM_COUNTER_INC(&pVCpu->iem.s.StatNativeTbExitDirectLinking1MismatchFlags);
+            }
+        }
+        else
+        {
+            Log10(("iemNativeHlpReturnBreakViaLookupWithPc: GCPhysPc mismatch at %04x:%08RX64: %RGp vs %RGp (pTb=%p[%#x]-> %p)\n",
+                   pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, GCPhysPc, pNewTb->GCPhysPc, pTb, idxTbLookup, pNewTb));
+            STAM_COUNTER_INC(&pVCpu->iem.s.StatNativeTbExitDirectLinking1MismatchGCPhysPc);
+        }
+    }
+    else
+        STAM_COUNTER_INC(&pVCpu->iem.s.StatNativeTbExitDirectLinking1NoTb);
+#else
+    NOREF(GCPhysPc);
+#endif
+
+    pVCpu->iem.s.ppTbLookupEntryR3 = ppNewTb;
+    return 0;
+}
+
+
+/**
+ * Used by TB code when encountering a non-zero status or rcPassUp after a call.
+ */
+template <bool const a_fWithIrqCheck>
+static IEM_DECL_NATIVE_HLP_DEF(uintptr_t, iemNativeHlpReturnBreakViaLookupWithTlb,(PVMCPUCC pVCpu, uint8_t idxTbLookup,
+                                                                                   uint32_t fFlags))
+{
+    PIEMTB const    pTb     = pVCpu->iem.s.pCurTbR3;
+    Assert(idxTbLookup < pTb->cTbLookupEntries);
+    PIEMTB * const  ppNewTb = IEMTB_GET_TB_LOOKUP_TAB_ENTRY(pTb, idxTbLookup);
+#if 0 /** @todo Do TLB lookup */
+#else
+    NOREF(fFlags);
+    STAM_COUNTER_INC(&pVCpu->iem.s.StatNativeTbExitDirectLinking2NoTb); /* just for some stats, even if misleading */
+#endif
+
+    pVCpu->iem.s.ppTbLookupEntryR3 = ppNewTb;
+    return 0;
+}
+
+
+/**
  * Used by TB code when it wants to raise a \#DE.
  */
@@ -1827 +1969 @@
     pReNative->Core.u64ArgVars             = UINT64_MAX;
 
-    AssertCompile(RT_ELEMENTS(pReNative->aidxUniqueLabels) == 18);
+    AssertCompile(RT_ELEMENTS(pReNative->aidxUniqueLabels) == 22);
     pReNative->aidxUniqueLabels[0]         = UINT32_MAX;
     pReNative->aidxUniqueLabels[1]         = UINT32_MAX;
@@ -1846 +1988 @@
     pReNative->aidxUniqueLabels[16]        = UINT32_MAX;
     pReNative->aidxUniqueLabels[17]        = UINT32_MAX;
+    pReNative->aidxUniqueLabels[18]        = UINT32_MAX;
+    pReNative->aidxUniqueLabels[19]        = UINT32_MAX;
+    pReNative->aidxUniqueLabels[20]        = UINT32_MAX;
+    pReNative->aidxUniqueLabels[21]        = UINT32_MAX;
+
+    pReNative->idxLastCheckIrqCallNo       = UINT32_MAX;
 
     /* Full host register reinit: */
@@ -6225 +6373 @@
 
 #endif /* VBOX_WITH_STATISTICS */
+
+/**
+ * Worker for iemNativeEmitReturnBreakViaLookup.
+ */
+static uint32_t iemNativeEmitViaLookupDoOne(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint32_t idxLabelReturnBreak,
+                                            IEMNATIVELABELTYPE enmLabel, uintptr_t pfnHelper)
+{
+    uint32_t const idxLabel = iemNativeLabelFind(pReNative, enmLabel);
+    if (idxLabel != UINT32_MAX)
+    {
+        iemNativeLabelDefine(pReNative, idxLabel, off);
+
+        off = iemNativeEmitLoadGprFromGpr(pReNative, off, IEMNATIVE_CALL_ARG0_GREG, IEMNATIVE_REG_FIXED_PVMCPU);
+        off = iemNativeEmitCallImm(pReNative, off, pfnHelper);
+
+        /* Jump to ReturnBreak if the return register is NULL. */
+        off = iemNativeEmitTestIfGprIsZeroAndJmpToLabel(pReNative, off, IEMNATIVE_CALL_RET_GREG,
+                                                        true /*f64Bit*/, idxLabelReturnBreak);
+
+        /* Okay, continue executing the next TB. */
+        off = iemNativeEmitJmpViaGpr(pReNative, off, IEMNATIVE_CALL_RET_GREG);
+    }
+    return off;
+}
+
+/**
+ * Emits the code at the ReturnBreakViaLookup, ReturnBreakViaLookupWithIrq,
+ * ReturnBreakViaLookupWithTlb and ReturnBreakViaLookupWithTlbAndIrq labels
+ * (returns VINF_IEM_REEXEC_FINISH_WITH_FLAGS or jumps to the next TB).
+ */
+static uint32_t iemNativeEmitReturnBreakViaLookup(PIEMRECOMPILERSTATE pReNative, uint32_t off)
+{
+    uint32_t const idxLabelReturnBreak = iemNativeLabelCreate(pReNative, kIemNativeLabelType_ReturnBreak);
+
+    /*
+     * The lookup table index is in IEMNATIVE_CALL_ARG1_GREG for all.
+     * The GCPhysPc is in IEMNATIVE_CALL_ARG2_GREG for ReturnBreakViaLookupWithPc.
+     */
+    off = iemNativeEmitViaLookupDoOne(pReNative, off, idxLabelReturnBreak, kIemNativeLabelType_ReturnBreakViaLookup,
+                                      (uintptr_t)iemNativeHlpReturnBreakViaLookup<false /*a_fWithIrqCheck*/>);
+    off = iemNativeEmitViaLookupDoOne(pReNative, off, idxLabelReturnBreak, kIemNativeLabelType_ReturnBreakViaLookupWithIrq,
+                                      (uintptr_t)iemNativeHlpReturnBreakViaLookup<true /*a_fWithIrqCheck*/>);
+    off = iemNativeEmitViaLookupDoOne(pReNative, off, idxLabelReturnBreak, kIemNativeLabelType_ReturnBreakViaLookupWithTlb,
+                                      (uintptr_t)iemNativeHlpReturnBreakViaLookupWithTlb<false /*a_fWithIrqCheck*/>);
+    off = iemNativeEmitViaLookupDoOne(pReNative, off, idxLabelReturnBreak, kIemNativeLabelType_ReturnBreakViaLookupWithTlbAndIrq,
+                                      (uintptr_t)iemNativeHlpReturnBreakViaLookupWithTlb<true /*a_fWithIrqCheck*/>);
+    return off;
+}
+
 
 /**
@@ -8651 +8848 @@
                             switch ((IEMNATIVELABELTYPE)pDbgInfo->aEntries[iDbgEntry].Label.enmLabel)
                             {
-                                case kIemNativeLabelType_Return:                pszName = "Return"; break;
-                                case kIemNativeLabelType_ReturnBreak:           pszName = "ReturnBreak"; break;
-                                case kIemNativeLabelType_ReturnBreakFF:         pszName = "ReturnBreakFF"; break;
-                                case kIemNativeLabelType_ReturnWithFlags:       pszName = "ReturnWithFlags"; break;
-                                case kIemNativeLabelType_NonZeroRetOrPassUp:    pszName = "NonZeroRetOrPassUp"; break;
-                                case kIemNativeLabelType_RaiseDe:               pszName = "RaiseDe"; break;
-                                case kIemNativeLabelType_RaiseUd:               pszName = "RaiseUd"; break;
-                                case kIemNativeLabelType_RaiseSseRelated:       pszName = "RaiseSseRelated"; break;
-                                case kIemNativeLabelType_RaiseAvxRelated:       pszName = "RaiseAvxRelated"; break;
-                                case kIemNativeLabelType_RaiseSseAvxFpRelated:  pszName = "RaiseSseAvxFpRelated"; break;
-                                case kIemNativeLabelType_RaiseNm:               pszName = "RaiseNm"; break;
-                                case kIemNativeLabelType_RaiseGp0:              pszName = "RaiseGp0"; break;
-                                case kIemNativeLabelType_RaiseMf:               pszName = "RaiseMf"; break;
-                                case kIemNativeLabelType_RaiseXf:               pszName = "RaiseXf"; break;
-                                case kIemNativeLabelType_ObsoleteTb:            pszName = "ObsoleteTb"; break;
-                                case kIemNativeLabelType_NeedCsLimChecking:     pszName = "NeedCsLimChecking"; break;
-                                case kIemNativeLabelType_CheckBranchMiss:       pszName = "CheckBranchMiss"; break;
+                                case kIemNativeLabelType_Return:                        pszName = "Return"; break;
+                                case kIemNativeLabelType_ReturnBreak:                   pszName = "ReturnBreak"; break;
+                                case kIemNativeLabelType_ReturnBreakFF:                 pszName = "ReturnBreakFF"; break;
+                                case kIemNativeLabelType_ReturnWithFlags:               pszName = "ReturnWithFlags"; break;
+                                case kIemNativeLabelType_ReturnBreakViaLookup:          pszName = "ReturnBreakViaLookup"; break;
+                                case kIemNativeLabelType_ReturnBreakViaLookupWithIrq:   pszName = "ReturnBreakViaLookupWithIrq"; break;
+                                case kIemNativeLabelType_ReturnBreakViaLookupWithTlb:   pszName = "ReturnBreakViaLookupWithTlb"; break;
+                                case kIemNativeLabelType_ReturnBreakViaLookupWithTlbAndIrq: pszName = "ReturnBreakViaLookupWithTlbAndIrq"; break;
+                                case kIemNativeLabelType_NonZeroRetOrPassUp:            pszName = "NonZeroRetOrPassUp"; break;
+                                case kIemNativeLabelType_RaiseDe:                       pszName = "RaiseDe"; break;
+                                case kIemNativeLabelType_RaiseUd:                       pszName = "RaiseUd"; break;
+                                case kIemNativeLabelType_RaiseSseRelated:               pszName = "RaiseSseRelated"; break;
+                                case kIemNativeLabelType_RaiseAvxRelated:               pszName = "RaiseAvxRelated"; break;
+                                case kIemNativeLabelType_RaiseSseAvxFpRelated:          pszName = "RaiseSseAvxFpRelated"; break;
+                                case kIemNativeLabelType_RaiseNm:                       pszName = "RaiseNm"; break;
+                                case kIemNativeLabelType_RaiseGp0:                      pszName = "RaiseGp0"; break;
+                                case kIemNativeLabelType_RaiseMf:                       pszName = "RaiseMf"; break;
+                                case kIemNativeLabelType_RaiseXf:                       pszName = "RaiseXf"; break;
+                                case kIemNativeLabelType_ObsoleteTb:                    pszName = "ObsoleteTb"; break;
+                                case kIemNativeLabelType_NeedCsLimChecking:             pszName = "NeedCsLimChecking"; break;
+                                case kIemNativeLabelType_CheckBranchMiss:               pszName = "CheckBranchMiss"; break;
                                 case kIemNativeLabelType_If:
                                     pszName = "If";
@@ -9280 +9481 @@
          * Generate special jump labels.
          */
+        if (pReNative->bmLabelTypes & (  RT_BIT_64(kIemNativeLabelType_ReturnBreakViaLookup)
+                                       | RT_BIT_64(kIemNativeLabelType_ReturnBreakViaLookupWithIrq)
+                                       | RT_BIT_64(kIemNativeLabelType_ReturnBreakViaLookupWithTlb)
+                                       | RT_BIT_64(kIemNativeLabelType_ReturnBreakViaLookupWithTlbAndIrq) ))
+            off = iemNativeEmitReturnBreakViaLookup(pReNative, off); /* Must come before ReturnBreak! */
+
         if (pReNative->bmLabelTypes & RT_BIT_64(kIemNativeLabelType_ReturnBreak))
             off = iemNativeEmitReturnBreak(pReNative, off, idxReturnLabel);
+
         if (pReNative->bmLabelTypes & RT_BIT_64(kIemNativeLabelType_ReturnBreakFF))
             off = iemNativeEmitReturnBreakFF(pReNative, off, idxReturnLabel);
+
         if (pReNative->bmLabelTypes & RT_BIT_64(kIemNativeLabelType_ReturnWithFlags))
             off = iemNativeEmitReturnWithFlags(pReNative, off, idxReturnLabel);

trunk/src/VBox/VMM/VMMAll/IEMAllThrdFuncsBltIn.cpp

@@ -221 +221 @@
     RT_NOREF(uParam0, uParam1, uParam2);
     return rcStrict;
-}
-
-
-DECL_FORCE_INLINE(RTGCPHYS) iemTbGetRangePhysPageAddr(PCIEMTB pTb, uint8_t idxRange)
-{
-    Assert(idxRange < RT_MIN(pTb->cRanges, RT_ELEMENTS(pTb->aRanges)));
-    uint8_t const idxPage = pTb->aRanges[idxRange].idxPhysPage;
-    Assert(idxPage <= RT_ELEMENTS(pTb->aGCPhysPages));
-    if (idxPage == 0)
-        return pTb->GCPhysPc & ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK;
-    Assert(!(pTb->aGCPhysPages[idxPage - 1] & GUEST_PAGE_OFFSET_MASK));
-    return pTb->aGCPhysPages[idxPage - 1];
 }
 

trunk/src/VBox/VMM/VMMR3/IEMR3.cpp

@@ -680 +680 @@
                         "Number of times the TB finished raising a #XF exception",
                         RAISE_PREFIX "RaiseXf", idCpu);
+
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.StatNativeTbExitDirectLinking1Irq, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Direct linking #1 with IRQ check succeeded",
+                        "/IEM/CPU%u/re/NativeTbExit/DirectLinking1Irq", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.StatNativeTbExitDirectLinking1NoIrq, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Direct linking #1 w/o IRQ check succeeded",
+                        "/IEM/CPU%u/re/NativeTbExit/DirectLinking1NoIrq", idCpu);
+#  ifdef VBOX_WITH_STATISTICS
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.StatNativeTbExitDirectLinking1NoTb, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Direct linking #1 failed: No TB in lookup table",
+                        "/IEM/CPU%u/re/NativeTbExit/ReturnBreak/DirectLinking1NoTb", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.StatNativeTbExitDirectLinking1MismatchGCPhysPc, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Direct linking #1 failed: GCPhysPc mismatch",
+                        "/IEM/CPU%u/re/NativeTbExit/ReturnBreak/DirectLinking1MismatchGCPhysPc", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.StatNativeTbExitDirectLinking1MismatchFlags, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Direct linking #1 failed: TB flags mismatch",
+                        "/IEM/CPU%u/re/NativeTbExit/ReturnBreak/DirectLinking1MismatchFlags", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.StatNativeTbExitDirectLinking1PendingIrq, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Direct linking #1 failed: IRQ or FF pending",
+                        "/IEM/CPU%u/re/NativeTbExit/ReturnBreak/DirectLinking1PendingIrq", idCpu);
+#  endif
+
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.StatNativeTbExitDirectLinking2Irq, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Direct linking #2 with IRQ check succeeded",
+                        "/IEM/CPU%u/re/NativeTbExit/DirectLinking2Irq", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.StatNativeTbExitDirectLinking2NoIrq, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Direct linking #2 w/o IRQ check succeeded",
+                        "/IEM/CPU%u/re/NativeTbExit/DirectLinking2NoIrq", idCpu);
+#  ifdef VBOX_WITH_STATISTICS
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.StatNativeTbExitDirectLinking2NoTb, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Direct linking #2 failed: No TB in lookup table",
+                        "/IEM/CPU%u/re/NativeTbExit/ReturnBreak/DirectLinking2NoTb", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.StatNativeTbExitDirectLinking2MismatchGCPhysPc, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Direct linking #2 failed: GCPhysPc mismatch",
+                        "/IEM/CPU%u/re/NativeTbExit/ReturnBreak/DirectLinking2MismatchGCPhysPc", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.StatNativeTbExitDirectLinking2MismatchFlags, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Direct linking #2 failed: TB flags mismatch",
+                        "/IEM/CPU%u/re/NativeTbExit/ReturnBreak/DirectLinking2MismatchFlags", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.StatNativeTbExitDirectLinking2PendingIrq, STAMTYPE_COUNTER, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Direct linking #2 failed: IRQ or FF pending",
+                        "/IEM/CPU%u/re/NativeTbExit/ReturnBreak/DirectLinking2PendingIrq", idCpu);
+#  endif
 
         RTStrPrintf(szPat, sizeof(szPat), "/IEM/CPU%u/re/NativeTbExit/*", idCpu); /* only immediate children, no sub folders */

trunk/src/VBox/VMM/include/IEMInternal.h

@@ -1329 +1329 @@
 #define IEMTB_GET_TB_LOOKUP_TAB_ENTRY(a_pTb, a_idx) \
     ((PIEMTB *)&(a_pTb)->pabOpcodes[-(int)((a_pTb)->cTbLookupEntries - (a_idx)) * sizeof(PIEMTB)])
+
+/**
+ * Gets the physical address for a TB opcode range.
+ */
+DECL_FORCE_INLINE(RTGCPHYS) iemTbGetRangePhysPageAddr(PCIEMTB pTb, uint8_t idxRange)
+{
+    Assert(idxRange < RT_MIN(pTb->cRanges, RT_ELEMENTS(pTb->aRanges)));
+    uint8_t const idxPage = pTb->aRanges[idxRange].idxPhysPage;
+    Assert(idxPage <= RT_ELEMENTS(pTb->aGCPhysPages));
+    if (idxPage == 0)
+        return pTb->GCPhysPc & ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK;
+    Assert(!(pTb->aGCPhysPages[idxPage - 1] & GUEST_PAGE_OFFSET_MASK));
+    return pTb->aGCPhysPages[idxPage - 1];
+}
 
 
@@ -2050 +2064 @@
 //#endif
 
-    /** Native recompiler: The TB finished executing completely without jumping to a an exit label. */
+    /** Native recompiler: The TB finished executing completely without jumping to a an exit label.
+     * Not availabe in release builds. */
     STAMCOUNTER             StatNativeTbFinished;
     /** Native recompiler: The TB finished executing jumping to the ReturnBreak label. */
@@ -2062 +2077 @@
     /** Native recompiler: The TB finished executing via throw / long jump. */
     STAMCOUNTER             StatNativeTbExitLongJump;
+    /** Native recompiler: The TB finished executing jumping to the ReturnBreak
+     *  label, but directly jumped to the next TB, scenario \#1 w/o IRQ checks. */
+    STAMCOUNTER             StatNativeTbExitDirectLinking1NoIrq;
+    /** Native recompiler: The TB finished executing jumping to the ReturnBreak
+     *  label, but directly jumped to the next TB, scenario \#1 with IRQ checks. */
+    STAMCOUNTER             StatNativeTbExitDirectLinking1Irq;
+    /** Native recompiler: The TB finished executing jumping to the ReturnBreak
+     *  label, but directly jumped to the next TB, scenario \#1 w/o IRQ checks. */
+    STAMCOUNTER             StatNativeTbExitDirectLinking2NoIrq;
+    /** Native recompiler: The TB finished executing jumping to the ReturnBreak
+     *  label, but directly jumped to the next TB, scenario \#2 with IRQ checks. */
+    STAMCOUNTER             StatNativeTbExitDirectLinking2Irq;
 
     /** Native recompiler: The TB finished executing jumping to the RaiseDe label. */
@@ -2084 +2111 @@
     STAMCOUNTER             StatNativeTbExitObsoleteTb;
 
-    uint64_t                au64Padding[1];
+    /** Native recompiler: Failure situations with direct linking scenario \#1.
+     * Counter with StatNativeTbExitReturnBreak. Not in release builds.
+     * @{  */
+    STAMCOUNTER             StatNativeTbExitDirectLinking1NoTb;
+    STAMCOUNTER             StatNativeTbExitDirectLinking1MismatchGCPhysPc;
+    STAMCOUNTER             StatNativeTbExitDirectLinking1MismatchFlags;
+    STAMCOUNTER             StatNativeTbExitDirectLinking1PendingIrq;
+    /** @} */
+
+    /** Native recompiler: Failure situations with direct linking scenario \#2.
+     * Counter with StatNativeTbExitReturnBreak. Not in release builds.
+     * @{  */
+    STAMCOUNTER             StatNativeTbExitDirectLinking2NoTb;
+    STAMCOUNTER             StatNativeTbExitDirectLinking2MismatchGCPhysPc;
+    STAMCOUNTER             StatNativeTbExitDirectLinking2MismatchFlags;
+    STAMCOUNTER             StatNativeTbExitDirectLinking2PendingIrq;
+    /** @} */
+
+    uint64_t                au64Padding[5];
     /** @} */
 

trunk/src/VBox/VMM/include/IEMN8veRecompiler.h

@@ -473 +473 @@
     kIemNativeLabelType_ReturnBreak,
     kIemNativeLabelType_ReturnBreakFF,
+    kIemNativeLabelType_ReturnBreakViaLookup,
+    kIemNativeLabelType_ReturnBreakViaLookupWithIrq,
+    kIemNativeLabelType_ReturnBreakViaLookupWithTlb,
+    kIemNativeLabelType_ReturnBreakViaLookupWithTlbAndIrq,
     kIemNativeLabelType_ReturnWithFlags,
     kIemNativeLabelType_NonZeroRetOrPassUp,
@@ -1414 +1418 @@
     uint32_t                    fSimdRaiseXcptChecksEmitted;
 #endif
+    /** The call number of the last CheckIrq, UINT32_MAX if not seen. */
+    uint32_t                    idxLastCheckIrqCallNo;
 
     /** Core state requiring care with branches. */

trunk/src/VBox/VMM/include/IEMN8veRecompilerEmit.h

@@ -7634 +7634 @@
 
 
+
+/*********************************************************************************************************************************
+*   Indirect Jumps.                                                                                                              *
+*********************************************************************************************************************************/
+
+/**
+ * Emits an indirect jump a 64-bit address in a GPR.
+ */
+DECL_INLINE_THROW(uint32_t) iemNativeEmitJmpViaGpr(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprSrc)
+{
+#ifdef RT_ARCH_AMD64
+    uint8_t * const pCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
+    if (iGprSrc >= 8)
+        pCodeBuf[off++] = X86_OP_REX_B;
+    pCodeBuf[off++] = 0xff;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 4, iGprSrc & 7);
+
+#elif defined(RT_ARCH_ARM64)
+    uint32_t * const pCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pCodeBuf[off++] = Armv8A64MkInstrBr(iGprSrc);
+
+#else
+# error "port me"
+#endif
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+    return off;
+}
+
+
 /*********************************************************************************************************************************
 *   Calls.                                                                                                                       *