Changeset 105036 in vbox

Timestamp:

Jun 26, 2024 10:33:48 PM (9 months ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

163654

Message:

VMM/IEM: Split the TLB into non-global (even) and global (odd) entries, doubling it in size. In native code the global entries are only checked for ring-0 TBs, as checking both entries is slower than just the even one. bugref:10687

Location:

trunk

Files:

• include/VBox/vmm/vm.h (modified) (3 diffs)
• include/VBox/vmm/vm.mac (modified) (1 diff)
• src/VBox/VMM/VMMAll/IEMAll.cpp (modified) (9 diffs)
• src/VBox/VMM/VMMAll/IEMAllMemRWTmplInline.cpp.h (modified) (26 diffs)
• src/VBox/VMM/VMMAll/IEMAllN8veRecompiler.cpp (modified) (1 diff)
• src/VBox/VMM/VMMR3/IEMR3.cpp (modified) (6 diffs)
• src/VBox/VMM/include/IEMInternal.h (modified) (7 diffs)
• src/VBox/VMM/include/IEMN8veRecompilerEmit.h (modified) (1 diff)
• src/VBox/VMM/include/IEMN8veRecompilerTlbLookup.h (modified) (10 diffs)

trunk/include/VBox/vmm/vm.h

@@ -159 +159 @@
         struct IEMCPU       s;
 #endif
-        uint8_t             padding[131136]; /* multiple of 64 */
+        uint8_t             padding[146240]; /* multiple of 64 */
     } iem;
 
@@ -316 +316 @@
 
     /** Align the following members on page boundary. */
-    uint8_t                 abAlignment2[696];
+    uint8_t                 abAlignment2[1976];
 
     /** PGM part. */
@@ -350 +350 @@
         uint8_t             padding[40960];     /* multiple of 4096 */
     } em;
-
     uint8_t abPadding[12288];
 } VMCPU;

trunk/include/VBox/vmm/vm.mac

@@ -58 +58 @@
 
     alignb 64
-    .iem                    resb 131136
+    .iem                    resb 146240
 
     alignb 64

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -606 +606 @@
 
 
+#if defined(IEM_WITH_CODE_TLB) || defined(IEM_WITH_DATA_TLB)
+/**
+ * Worker for iemTlbInvalidateAll.
+ */
+template<bool a_fGlobal>
+DECL_FORCE_INLINE(void) iemTlbInvalidateOne(IEMTLB *pTlb)
+{
+    if (!a_fGlobal)
+        pTlb->cTlsFlushes++;
+    else
+        pTlb->cTlsGlobalFlushes++;
+
+    pTlb->uTlbRevision += IEMTLB_REVISION_INCR;
+    if (RT_LIKELY(pTlb->uTlbRevision != 0))
+    { /* very likely */ }
+    else
+    {
+        pTlb->uTlbRevision = IEMTLB_REVISION_INCR;
+        pTlb->cTlbRevisionRollovers++;
+        unsigned i = RT_ELEMENTS(pTlb->aEntries) / 2;
+        while (i-- > 0)
+            pTlb->aEntries[i * 2].uTag = 0;
+    }
+    if (a_fGlobal)
+    {
+        pTlb->uTlbRevisionGlobal += IEMTLB_REVISION_INCR;
+        if (RT_LIKELY(pTlb->uTlbRevisionGlobal != 0))
+        { /* very likely */ }
+        else
+        {
+            pTlb->uTlbRevisionGlobal = IEMTLB_REVISION_INCR;
+            pTlb->cTlbRevisionRollovers++;
+            unsigned i = RT_ELEMENTS(pTlb->aEntries) / 2;
+            while (i-- > 0)
+                pTlb->aEntries[i * 2 + 1].uTag = 0;
+        }
+    }
+}
+#endif
+
+
 /**
  * Worker for IEMTlbInvalidateAll and IEMTlbInvalidateAllGlobal.
@@ -614 +655 @@
 #if defined(IEM_WITH_CODE_TLB) || defined(IEM_WITH_DATA_TLB)
     Log10(("IEMTlbInvalidateAll\n"));
+
 # ifdef IEM_WITH_CODE_TLB
     pVCpu->iem.s.cbInstrBufTotal = 0;
-    if (!a_fGlobal)
-        pVCpu->iem.s.CodeTlb.cTlsFlushes++;
-    else
-        pVCpu->iem.s.CodeTlb.cTlsGlobalFlushes++;
-    pVCpu->iem.s.CodeTlb.uTlbRevision += IEMTLB_REVISION_INCR;
-    if (RT_LIKELY(pVCpu->iem.s.CodeTlb.uTlbRevision != 0))
-    { /* very likely */ }
-    else
-    {
-        pVCpu->iem.s.CodeTlb.uTlbRevision = IEMTLB_REVISION_INCR;
-        pVCpu->iem.s.CodeTlb.cTlbRevisionRollovers++;
-        unsigned i = RT_ELEMENTS(pVCpu->iem.s.CodeTlb.aEntries);
-        while (i-- > 0)
-            pVCpu->iem.s.CodeTlb.aEntries[i].uTag = 0;
-    }
+    iemTlbInvalidateOne<a_fGlobal>(&pVCpu->iem.s.CodeTlb);
 # endif
 
 # ifdef IEM_WITH_DATA_TLB
-    if (!a_fGlobal)
-        pVCpu->iem.s.DataTlb.cTlsFlushes++;
-    else
-        pVCpu->iem.s.DataTlb.cTlsGlobalFlushes++;
-    pVCpu->iem.s.DataTlb.uTlbRevision += IEMTLB_REVISION_INCR;
-    if (pVCpu->iem.s.DataTlb.uTlbRevision != 0)
-    { /* very likely */ }
-    else
-    {
-        pVCpu->iem.s.DataTlb.uTlbRevision = IEMTLB_REVISION_INCR;
-        pVCpu->iem.s.DataTlb.cTlbRevisionRollovers++;
-        unsigned i = RT_ELEMENTS(pVCpu->iem.s.DataTlb.aEntries);
-        while (i-- > 0)
-            pVCpu->iem.s.DataTlb.aEntries[i].uTag = 0;
-    }
+    iemTlbInvalidateOne<a_fGlobal>(&pVCpu->iem.s.DataTlb);
 # endif
 #else
@@ -698 +712 @@
     GCPtr = IEMTLB_CALC_TAG_NO_REV(GCPtr);
     Assert(!(GCPtr >> (48 - X86_PAGE_SHIFT)));
-    uintptr_t const idx = IEMTLB_TAG_TO_INDEX(GCPtr);
+    uintptr_t const idxEven = IEMTLB_TAG_TO_EVEN_INDEX(GCPtr);
 
 # ifdef IEM_WITH_CODE_TLB
-    if (pVCpu->iem.s.CodeTlb.aEntries[idx].uTag == (GCPtr | pVCpu->iem.s.CodeTlb.uTlbRevision))
-    {
-        pVCpu->iem.s.CodeTlb.aEntries[idx].uTag = 0;
+    if (pVCpu->iem.s.CodeTlb.aEntries[idxEven].uTag == (GCPtr | pVCpu->iem.s.CodeTlb.uTlbRevision))
+    {
+        pVCpu->iem.s.CodeTlb.aEntries[idxEven].uTag = 0;
         if (GCPtr == IEMTLB_CALC_TAG_NO_REV(pVCpu->iem.s.uInstrBufPc))
             pVCpu->iem.s.cbInstrBufTotal = 0;
     }
+    if (pVCpu->iem.s.CodeTlb.aEntries[idxEven + 1].uTag == (GCPtr | pVCpu->iem.s.CodeTlb.uTlbRevisionGlobal))
+    {
+        pVCpu->iem.s.CodeTlb.aEntries[idxEven + 1].uTag = 0;
+        if (GCPtr == IEMTLB_CALC_TAG_NO_REV(pVCpu->iem.s.uInstrBufPc))
+            pVCpu->iem.s.cbInstrBufTotal = 0;
+    }
 # endif
 
 # ifdef IEM_WITH_DATA_TLB
-    if (pVCpu->iem.s.DataTlb.aEntries[idx].uTag == (GCPtr | pVCpu->iem.s.DataTlb.uTlbRevision))
-        pVCpu->iem.s.DataTlb.aEntries[idx].uTag = 0;
+    if (pVCpu->iem.s.DataTlb.aEntries[idxEven].uTag == (GCPtr | pVCpu->iem.s.DataTlb.uTlbRevision))
+        pVCpu->iem.s.DataTlb.aEntries[idxEven].uTag = 0;
+    if (pVCpu->iem.s.DataTlb.aEntries[idxEven + 1].uTag == (GCPtr | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal))
+        pVCpu->iem.s.DataTlb.aEntries[idxEven + 1].uTag = 0;
 # endif
 #else
@@ -974 +996 @@
          * Get the TLB entry for this piece of code.
          */
-        uint64_t const     uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.CodeTlb, GCPtrFirst);
-        PIEMTLBENTRY const pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.CodeTlb, uTag);
-        if (pTlbe->uTag == uTag)
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrFirst);
+        PIEMTLBENTRY   pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.CodeTlb, uTagNoRev);
+        if (   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.CodeTlb.uTlbRevision)
+            || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.CodeTlb.uTlbRevisionGlobal))
         {
             /* likely when executing lots of code, otherwise unlikely */
@@ -1038 +1061 @@
 
             AssertCompile(IEMTLBE_F_PT_NO_EXEC == 1);
-            pTlbe->uTag             = uTag;
+            if (   !(WalkFast.fEffective & PGM_PTATTRS_G_MASK)
+                || IEM_GET_CPL(pVCpu) != 0) /* optimization: Only use the PTE.G=1 entries in ring-0. */
+            {
+                pTlbe--;
+                pTlbe->uTag         = uTagNoRev | pVCpu->iem.s.CodeTlb.uTlbRevision;
+            }
+            else
+            {
+                pVCpu->iem.s.CodeTlb.cTlbCoreGlobalLoads++;
+                pTlbe->uTag         = uTagNoRev | pVCpu->iem.s.CodeTlb.uTlbRevisionGlobal;
+            }
             pTlbe->fFlagsAndPhysRev = (~WalkFast.fEffective & (X86_PTE_US | X86_PTE_RW | X86_PTE_D | X86_PTE_A))
                                     | (WalkFast.fEffective >> X86_PTE_PAE_BIT_NX) /*IEMTLBE_F_PT_NO_EXEC*/;
@@ -6381 +6414 @@
      * should in theory always be set).
      */
-    uint8_t           *pbMem = NULL;
-    uint64_t const     uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrMem);
-    PIEMTLBENTRY const pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-    if (   pTlbe->uTag == uTag
-        && !(pTlbe->fFlagsAndPhysRev & (IEMTLBE_F_PT_NO_ACCESSED | (fAccess & IEM_ACCESS_TYPE_WRITE ? IEMTLBE_F_PT_NO_DIRTY : 0))) )
+    uint8_t           *pbMem     = NULL;
+    uint64_t const     uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrMem);
+    PIEMTLBENTRY       pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+    uint64_t const     fTlbeAD   = IEMTLBE_F_PT_NO_ACCESSED | (fAccess & IEM_ACCESS_TYPE_WRITE ? IEMTLBE_F_PT_NO_DIRTY : 0);
+    if (   (   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+            && !(pTlbe->fFlagsAndPhysRev & fTlbeAD) )
+        || (   (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)
+            && !(pTlbe->fFlagsAndPhysRev & fTlbeAD) ) )
     {
 # ifdef IEM_WITH_TLB_STATISTICS
@@ -6468 +6504 @@
         }
 
-        pTlbe->uTag             = uTag;
+        if (   !(WalkFast.fEffective & PGM_PTATTRS_G_MASK)
+            || IEM_GET_CPL(pVCpu) != 0) /* optimization: Only use the PTE.G=1 entries in ring-0. */
+        {
+            pTlbe--;
+            pTlbe->uTag         = uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision;
+        }
+        else
+        {
+            pVCpu->iem.s.DataTlb.cTlbCoreGlobalLoads++;
+            pTlbe->uTag         = uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal;
+        }
         pTlbe->fFlagsAndPhysRev = ~WalkFast.fEffective & (X86_PTE_US | X86_PTE_RW | X86_PTE_D | X86_PTE_A); /* skipping NX */
         RTGCPHYS const GCPhysPg = WalkFast.GCPhys & ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK;
@@ -6785 +6831 @@
                                         : 0;
     uint64_t const     fNoRead          = fAccess & IEM_ACCESS_TYPE_READ ? IEMTLBE_F_PG_NO_READ : 0;
-
-    uint64_t const     uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrMem);
-    PIEMTLBENTRY const pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-    if (   pTlbe->uTag == uTag
-        && !(pTlbe->fFlagsAndPhysRev & (IEMTLBE_F_PT_NO_ACCESSED | (fNoWriteNoDirty & IEMTLBE_F_PT_NO_DIRTY))) )
+    uint64_t const     uTagNoRev        = IEMTLB_CALC_TAG_NO_REV(GCPtrMem);
+    PIEMTLBENTRY       pTlbe            = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+    uint64_t const     fTlbeAD          = IEMTLBE_F_PT_NO_ACCESSED | (fNoWriteNoDirty & IEMTLBE_F_PT_NO_DIRTY);
+    if (   (   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+            && !(pTlbe->fFlagsAndPhysRev & fTlbeAD) )
+        || (   (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)
+            && !(pTlbe->fFlagsAndPhysRev & fTlbeAD) ) )
     {
 # ifdef IEM_WITH_TLB_STATISTICS
@@ -6831 +6879 @@
         }
 
-        pTlbe->uTag             = uTag;
+        if (   !(WalkFast.fEffective & PGM_PTATTRS_G_MASK)
+            || IEM_GET_CPL(pVCpu) != 0) /* optimization: Only use the PTE.G=1 entries in ring-0. */
+        {
+            pTlbe--;
+            pTlbe->uTag         = uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision;
+        }
+        else
+        {
+            if (a_fSafeCall)
+                pVCpu->iem.s.DataTlb.cTlbSafeGlobalLoads++;
+            else
+                pVCpu->iem.s.DataTlb.cTlbCoreGlobalLoads++;
+            pTlbe->uTag         = uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal;
+        }
         pTlbe->fFlagsAndPhysRev = ~WalkFast.fEffective & (X86_PTE_US | X86_PTE_RW | X86_PTE_D | X86_PTE_A); /* skipping NX */
         RTGCPHYS const GCPhysPg = WalkFast.GCPhys & ~(RTGCPHYS)GUEST_PAGE_OFFSET_MASK;

trunk/src/VBox/VMM/VMMAll/IEMAllMemRWTmplInline.cpp.h

@@ -111 +111 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrEff);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrEff);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -184 +185 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrMem);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrMem);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -261 +263 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrEff);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrEff);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -334 +337 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrMem);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrMem);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -409 +413 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrEff);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrEff);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -468 +473 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrMem);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrMem);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -529 +535 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrEff);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrEff);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -588 +595 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrMem);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrMem);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -647 +655 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrEff);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrEff);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -704 +713 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrMem);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrMem);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -762 +772 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrEff);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrEff);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -818 +829 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrMem);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrMem);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -888 +900 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrEff);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrEff);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -951 +964 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrEff);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrEff);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -1014 +1028 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrMem);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrMem);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -1073 +1088 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrMem);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrMem);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -1132 +1148 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrEff);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrEff);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -1186 +1203 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrMem);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrMem);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -1244 +1262 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrEff);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrEff);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -1307 +1326 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrEff);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrEff);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -1384 +1404 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrEff);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrEff);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -1466 +1487 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, (RTGCPTR)uNewEsp); /* Doesn't work w/o casting to RTGCPTR (win /3 hangs). */
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV((RTGCPTR)uNewEsp); /* Doesn't work w/o casting to RTGCPTR (win /3 hangs). */
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -1525 +1547 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, (RTGCPTR)uOldEsp); /* Cast is required! 2023-08-11 */
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV((RTGCPTR)uOldEsp); /* Cast is required! 2023-08-11 */
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -1599 +1622 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, (RTGCPTR)uNewEsp); /* Doesn't work w/o casting to RTGCPTR (win /3 hangs). */
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV((RTGCPTR)uNewEsp); /* Doesn't work w/o casting to RTGCPTR (win /3 hangs). */
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -1677 +1701 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, uNewRsp);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(uNewRsp);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*
@@ -1736 +1761 @@
          * TLB lookup.
          */
-        uint64_t const uTag  = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, uOldRsp);
-        PIEMTLBENTRY   pTlbe = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-        if (RT_LIKELY(pTlbe->uTag == uTag))
+        uint64_t const uTagNoRev = IEMTLB_CALC_TAG_NO_REV(uOldRsp);
+        PCIEMTLBENTRY  pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+        if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                      || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
         {
             /*

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompiler.cpp

@@ -8533 +8533 @@
     /* Do the lookup manually. */
     RTGCPTR const      GCPtrFlat = iSegReg == UINT8_MAX ? GCPtr : GCPtr + pVCpu->cpum.GstCtx.aSRegs[iSegReg].u64Base;
-    uint64_t const     uTag      = IEMTLB_CALC_TAG(    &pVCpu->iem.s.DataTlb, GCPtrFlat);
-    PIEMTLBENTRY const pTlbe     = IEMTLB_TAG_TO_ENTRY(&pVCpu->iem.s.DataTlb, uTag);
-    if (RT_LIKELY(pTlbe->uTag == uTag))
+    uint64_t const     uTagNoRev = IEMTLB_CALC_TAG_NO_REV(GCPtrFlat);
+    PCIEMTLBENTRY      pTlbe     = IEMTLB_TAG_TO_EVEN_ENTRY(&pVCpu->iem.s.DataTlb, uTagNoRev);
+    if (RT_LIKELY(   pTlbe->uTag               == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevision)
+                  || (pTlbe = pTlbe + 1)->uTag == (uTagNoRev | pVCpu->iem.s.DataTlb.uTlbRevisionGlobal)))
     {
         /*

trunk/src/VBox/VMM/VMMR3/IEMR3.cpp

@@ -201 +201 @@
         AssertCompile(sizeof(pVCpu->iem.s) <= sizeof(pVCpu->iem.padding)); /* (tstVMStruct can't do it's job w/o instruction stats) */
 
-        pVCpu->iem.s.CodeTlb.uTlbRevision = pVCpu->iem.s.DataTlb.uTlbRevision = uInitialTlbRevision;
-        pVCpu->iem.s.CodeTlb.uTlbPhysRev  = pVCpu->iem.s.DataTlb.uTlbPhysRev  = uInitialTlbPhysRev;
+        pVCpu->iem.s.CodeTlb.uTlbRevision       = pVCpu->iem.s.DataTlb.uTlbRevision       = uInitialTlbRevision;
+#ifndef VBOX_VMM_TARGET_ARMV8
+        pVCpu->iem.s.CodeTlb.uTlbRevisionGlobal = pVCpu->iem.s.DataTlb.uTlbRevisionGlobal = uInitialTlbRevision;
+#endif
+        pVCpu->iem.s.CodeTlb.uTlbPhysRev        = pVCpu->iem.s.DataTlb.uTlbPhysRev        = uInitialTlbPhysRev;
 
         /*
@@ -323 +326 @@
         /* Code TLB: */
         STAMR3RegisterF(pVM, &pVCpu->iem.s.CodeTlb.uTlbRevision,        STAMTYPE_X64,       STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
-                        "Code TLB revision",                            "/IEM/CPU%u/Tlb/Code/Revision", idCpu);
+                        "Code TLB non-global revision",                 "/IEM/CPU%u/Tlb/Code/RevisionNonGlobal", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.CodeTlb.uTlbRevisionGlobal,  STAMTYPE_X64,       STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
+                        "Code TLB global revision",                     "/IEM/CPU%u/Tlb/Code/RevisionGlobal", idCpu);
         STAMR3RegisterF(pVM, &pVCpu->iem.s.CodeTlb.cTlsFlushes,         STAMTYPE_U32_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
                         "Code TLB non-global flushes",                  "/IEM/CPU%u/Tlb/Code/RevisionNonGlobalFlushes", idCpu);
@@ -340 +345 @@
         STAMR3RegisterF(pVM, &pVCpu->iem.s.CodeTlb.cTlbCoreMisses,      STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
                         "Code TLB misses",                              "/IEM/CPU%u/Tlb/Code/Misses", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.CodeTlb.cTlbCoreGlobalLoads, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Code TLB global loads",                        "/IEM/CPU%u/Tlb/Code/Misses/GlobalLoads", idCpu);
         STAMR3RegisterF(pVM, &pVCpu->iem.s.CodeTlb.cTlbSlowCodeReadPath, STAMTYPE_U32_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
                         "Code TLB slow read path",                      "/IEM/CPU%u/Tlb/Code/SlowReads", idCpu);
@@ -393 +400 @@
         /* Data TLB organized as best we can... */
         STAMR3RegisterF(pVM, &pVCpu->iem.s.DataTlb.uTlbRevision,        STAMTYPE_X64,       STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
-                        "Data TLB revision",                            "/IEM/CPU%u/Tlb/Data/Revision", idCpu);
+                        "Data TLB non-global revision",                 "/IEM/CPU%u/Tlb/Data/RevisionNonGlobal", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.DataTlb.uTlbRevisionGlobal,  STAMTYPE_X64,       STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
+                        "Data TLB global revision",                     "/IEM/CPU%u/Tlb/Data/RevisionGlobal", idCpu);
         STAMR3RegisterF(pVM, &pVCpu->iem.s.DataTlb.cTlsFlushes,         STAMTYPE_U32_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_NONE,
                         "Data TLB non-global flushes",                  "/IEM/CPU%u/Tlb/Data/RevisionNonGlobalFlushes", idCpu);
@@ -411 +420 @@
                         "Data TLB core misses (iemMemMap, direct iemMemMapJmp (not safe path))",
                         "/IEM/CPU%u/Tlb/Data/Misses/Core", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.DataTlb.cTlbCoreGlobalLoads, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Data TLB global loads",
+                        "/IEM/CPU%u/Tlb/Data/Misses/Core/GlobalLoads", idCpu);
         STAMR3RegisterF(pVM, &pVCpu->iem.s.DataTlb.cTlbSafeReadPath,    STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
                         "Data TLB safe read path (inline/native misses going to iemMemMapJmp)",
@@ -430 +442 @@
                         "Data TLB misses in iemMemMapJmp - not part of safe-path total",
                         "/IEM/CPU%u/Tlb/Data/Misses/Safe/SubPartMisses", idCpu);
+        STAMR3RegisterF(pVM, &pVCpu->iem.s.DataTlb.cTlbSafeGlobalLoads, STAMTYPE_U64_RESET, STAMVISIBILITY_ALWAYS, STAMUNIT_COUNT,
+                        "Data TLB global loads",
+                        "/IEM/CPU%u/Tlb/Data/Misses/Safe/SubPartMisses/GlobalLoads", idCpu);
 
 # ifdef IEM_WITH_TLB_STATISTICS

trunk/src/VBox/VMM/include/IEMInternal.h

@@ -495 +495 @@
 /** Pointer to an IEM TLB entry. */
 typedef IEMTLBENTRY *PIEMTLBENTRY;
+/** Pointer to a const IEM TLB entry. */
+typedef IEMTLBENTRY const *PCIEMTLBENTRY;
 
 /** @name IEMTLBE_F_XXX - TLB entry flags (IEMTLBENTRY::fFlagsAndPhysRev)
@@ -538 +540 @@
 typedef struct IEMTLB
 {
-    /** The TLB revision.
+    /** The non-global TLB revision.
      * This is actually only 28 bits wide (see IEMTLBENTRY::uTag) and is incremented
      * by adding RT_BIT_64(36) to it.  When it wraps around and becomes zero, all
@@ -553 +555 @@
      * as IEMTLBENTRY::fFlagsAndPhysRev bits 63 thru 8, 4, and 3.
      *
-     * The initial value is choosen to cause an early wraparound. */
+     * The initial value is choosen to cause an early wraparound.
+     *
+     * @note This is placed between the two TLB revisions because we
+     *       load it in pair with one or the other on arm64. */
     uint64_t volatile   uTlbPhysRev;
+    /** The global TLB revision.
+     * Same as uTlbRevision, but only increased for global flushes. */
+    uint64_t            uTlbRevisionGlobal;
 
     /* Statistics: */
@@ -574 +582 @@
      *       TLB is all misses. */
     uint64_t            cTlbCoreMisses;
+    /** Subset of cTlbCoreMisses that results in PTE.G=1 loads (odd entries). */
+    uint64_t            cTlbCoreGlobalLoads;
     /** Safe read/write TLB misses in iemMemMapJmp (so data only). */
     uint64_t            cTlbSafeMisses;
+    /** Subset of cTlbSafeMisses that results in PTE.G=1 loads (odd entries). */
+    uint64_t            cTlbSafeGlobalLoads;
     /** Safe read path taken (data only).  */
     uint64_t            cTlbSafeReadPath;
@@ -611 +623 @@
     uint32_t            cTlbPhysRevRollovers;
 
-    /** The TLB entries. */
-    IEMTLBENTRY         aEntries[IEMTLB_ENTRY_COUNT];
+    uint32_t            au32Padding[10];
+
+    /** The TLB entries.
+     * Even entries are for PTE.G=0 and uses uTlbRevision.
+     * Odd  entries are for PTE.G=1 and uses uTlbRevisionGlobal. */
+    IEMTLBENTRY         aEntries[IEMTLB_ENTRY_COUNT * 2];
 } IEMTLB;
 AssertCompileSizeAlignment(IEMTLB, 64);
@@ -623 +639 @@
 #define IEMTLB_PHYS_REV_INCR    RT_BIT_64(10)
 /**
- * Calculates the TLB tag for a virtual address.
- * @returns Tag value for indexing and comparing with IEMTLB::uTag.
- * @param   a_pTlb      The TLB.
- * @param   a_GCPtr     The virtual address.  Must be RTGCPTR or same size or
- *                      the clearing of the top 16 bits won't work (if 32-bit
- *                      we'll end up with mostly zeros).
- */
-#define IEMTLB_CALC_TAG(a_pTlb, a_GCPtr)    ( IEMTLB_CALC_TAG_NO_REV(a_GCPtr) | (a_pTlb)->uTlbRevision )
-/**
  * Calculates the TLB tag for a virtual address but without TLB revision.
  * @returns Tag value for indexing and comparing with IEMTLB::uTag.
@@ -640 +647 @@
 #define IEMTLB_CALC_TAG_NO_REV(a_GCPtr)     ( (((a_GCPtr) << 16) >> (GUEST_PAGE_SHIFT + 16)) )
 /**
- * Converts a TLB tag value into a TLB index.
+ * Converts a TLB tag value into a even TLB index.
  * @returns Index into IEMTLB::aEntries.
  * @param   a_uTag      Value returned by IEMTLB_CALC_TAG.
  */
 #if IEMTLB_ENTRY_COUNT == 256
-# define IEMTLB_TAG_TO_INDEX(a_uTag)        ( (uint8_t)(a_uTag) )
+# define IEMTLB_TAG_TO_EVEN_INDEX(a_uTag)   ( (uint8_t)(a_uTag) * 2U )
 #else
-# define IEMTLB_TAG_TO_INDEX(a_uTag)        ( (a_uTag) & (IEMTLB_ENTRY_COUNT - 1U) )
+# define IEMTLB_TAG_TO_EVEN_INDEX(a_uTag)   ( ((a_uTag) & (IEMTLB_ENTRY_COUNT - 1U)) * 2U )
 AssertCompile(RT_IS_POWER_OF_TWO(IEMTLB_ENTRY_COUNT));
 #endif
 /**
- * Converts a TLB tag value into a TLB index.
- * @returns Index into IEMTLB::aEntries.
+ * Converts a TLB tag value into an even TLB index.
+ * @returns Pointer into IEMTLB::aEntries corresponding to .
  * @param   a_pTlb      The TLB.
- * @param   a_uTag      Value returned by IEMTLB_CALC_TAG.
- */
-#define IEMTLB_TAG_TO_ENTRY(a_pTlb, a_uTag) ( &(a_pTlb)->aEntries[IEMTLB_TAG_TO_INDEX(a_uTag)] )
+ * @param   a_uTag      Value returned by IEMTLB_CALC_TAG or
+ *                      IEMTLB_CALC_TAG_NO_REV.
+ */
+#define IEMTLB_TAG_TO_EVEN_ENTRY(a_pTlb, a_uTag)    ( &(a_pTlb)->aEntries[IEMTLB_TAG_TO_EVEN_INDEX(a_uTag)] )
 
 

trunk/src/VBox/VMM/include/IEMN8veRecompilerEmit.h

@@ -6899 +6899 @@
     {
         pbCodeBuf[offFixup + 1] = (uint8_t)(offTarget - (offFixup + 2));
-        AssertStmt(pbCodeBuf[offFixup + 1] == offTarget - (offFixup + 2),
+        AssertStmt((int8_t)pbCodeBuf[offFixup + 1] == (int32_t)(offTarget - (offFixup + 2)),
                    IEMNATIVE_DO_LONGJMP(pReNative, VERR_IEM_EMIT_FIXED_JUMP_OUT_OF_RANGE));
     }

trunk/src/VBox/VMM/include/IEMN8veRecompilerTlbLookup.h

@@ -338 +338 @@
     uint8_t * const  pCodeBuf   = iemNativeInstrBufEnsure(pReNative, off, 512);
 # elif defined(RT_ARCH_ARM64)
-    uint32_t * const pCodeBuf   = iemNativeInstrBufEnsure(pReNative, off, 64);
+    uint32_t * const pCodeBuf   = iemNativeInstrBufEnsure(pReNative, off, 96);
 # endif
 
@@ -387 +387 @@
         /* jmp  limitdone */
         offFixupLimitDone = off;
-        off = iemNativeEmitJmpToFixedEx(pCodeBuf, off, off /* ASSUME short jump suffices */);
+        off = iemNativeEmitJmpToFixedEx(pCodeBuf, off, off + 256 /* force near */);
     }
 
@@ -427 +427 @@
         /* jbe short jmpback */
         offFixupMisalignedAccessJmpBack = off;
-        off = iemNativeEmitJccToFixedEx(pCodeBuf, off, off + 100, kIemNativeInstrCond_be);
-#ifdef IEM_WITH_TLB_STATISTICS
+        off = iemNativeEmitJccToFixedEx(pCodeBuf, off, off + 256 /*near*/, kIemNativeInstrCond_be);
+# ifdef IEM_WITH_TLB_STATISTICS
         off = iemNativeEmitIncU32CounterInVCpuEx(pCodeBuf, off, pTlbState->idxReg1, pTlbState->idxReg2,
                                                  offVCpuTlb + RT_UOFFSETOF(IEMTLB, cTlbNativeMissCrossPage));
-#endif
+# endif
         off = iemNativeEmitJmpToLabelEx(pReNative, pCodeBuf, off, idxLabelTlbMiss);
     }
+
+    /* The ODD TLB entry is checked last when CR4.PGE=0 or when not in ring-0. */
+    bool const fEvenFirst       = (pReNative->fExec & IEM_F_X86_CPL_MASK) != 0
+                               || !(pReNative->pVCpu->cpum.GstCtx.cr4 & X86_CR4_PGE);
+    bool const fIncCheckAltTlbe = (pReNative->fExec & IEM_F_X86_CPL_MASK) == 0;
+
+    /*
+     * Snippet for checking the alternative TLBE entry when CR4.PGE=1 and
+     * for doing statistics.
+     *
+     * This code assists step 3c, so look down there for register assignments.
+     */
+    /* checkalttlbe_and_missedtagstats: */
+    uint32_t const offCheckAltTlbeAndMissedTagStats = off;
+    uint32_t       offFixupCheckAltTlbeJmpBack      = UINT32_MAX / 2;
+    if (fIncCheckAltTlbe)
+    {
+# ifdef RT_ARCH_AMD64
+        /* Update pTlbe: reg2 = fEvenFirst ? reg2 + sizeof(IEMTLBENTRY) : reg2 - sizeof(IEMTLBENTRY); */
+        pCodeBuf[off++] = X86_OP_REX_W | (pTlbState->idxReg2 < 8 ? 0 : X86_OP_REX_R | X86_OP_REX_B);
+        pCodeBuf[off++] = 0x8d; /* LEA r64,m64 */
+        off = iemNativeEmitGprByGprDisp(pCodeBuf, off, pTlbState->idxReg2, pTlbState->idxReg2,
+                                        fEvenFirst ? (int32_t)sizeof(IEMTLBENTRY) : -(int32_t)sizeof(IEMTLBENTRY));
+
+        /* reg1 = reg1 & ~IEMTLB_REVISION_MASK; */
+        off = iemNativeEmitShiftGprLeftEx(pCodeBuf, off, pTlbState->idxReg1, 16 + GUEST_PAGE_SHIFT);
+        off = iemNativeEmitShiftGprRightEx(pCodeBuf, off, pTlbState->idxReg1, 16 + GUEST_PAGE_SHIFT);
+        /* or  reg1, [qword pVCpu->iem.s.DataTlb.uTlbRevisionGlobal/uTlbRevision] */
+        pCodeBuf[off++] = pTlbState->idxReg1 < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_R;
+        pCodeBuf[off++] = 0x0b; /* OR r64,r/m64 */
+        off = iemNativeEmitGprByVCpuDisp(pCodeBuf, off, pTlbState->idxReg1,
+                                         fEvenFirst ? offVCpuTlb + RT_UOFFSETOF(IEMTLB, uTlbRevisionGlobal)
+                                         :            offVCpuTlb + RT_UOFFSETOF(IEMTLB, uTlbRevision));
+
+        /* cmp reg1, [reg2] */
+        pCodeBuf[off++] = X86_OP_REX_W | (pTlbState->idxReg1 < 8 ? 0 : X86_OP_REX_R) | (pTlbState->idxReg2 < 8 ? 0 : X86_OP_REX_B);
+        pCodeBuf[off++] = 0x3b;
+        off = iemNativeEmitGprByGprDisp(pCodeBuf, off, pTlbState->idxReg1, pTlbState->idxReg2, RT_UOFFSETOF(IEMTLBENTRY, uTag));
+
+# elif defined(RT_ARCH_ARM64)
+        /* reg3 = uTlbRevision/uTlbRevisionGlobal; (We've ditched reg4 already, so have to get it via pVCpu.) */
+        off = iemNativeEmitLoadGprFromVCpuU64Ex(pCodeBuf, off, pTlbState->idxReg3,
+                                                fEvenFirst ? offVCpuTlb + RT_UOFFSETOF(IEMTLB, uTlbRevisionGlobal)
+                                                :            offVCpuTlb + RT_UOFFSETOF(IEMTLB, uTlbRevision));
+
+        /* reg1 = reg1 & ~IEMTLB_REVISION_MASK; */
+        AssertCompile(UINT64_C(0x0000000fffffffff) == ~IEMTLB_REVISION_MASK);
+        Assert(Armv8A64ConvertImmRImmS2Mask64(0x63, 0) == ~IEMTLB_REVISION_MASK);
+        pCodeBuf[off++] = Armv8A64MkInstrAndImm(pTlbState->idxReg1, pTlbState->idxReg1, 0x63, 0);
+
+        /* reg1 |= reg3 (uTlbRevision/uTlbRevisionGlobal); */
+        pCodeBuf[off++] = Armv8A64MkInstrOrr(pTlbState->idxReg1, pTlbState->idxReg1, pTlbState->idxReg3);
+
+        /* reg2 = reg2 +/- sizeof(IEMTLBENTRY); via preindexing.
+           reg3 = uTag; [pair: reg4 = fFlagsAndPhysRev;] */
+        AssertCompileMemberOffset(IEMTLBENTRY, uTag, 0);
+#  ifdef IEMNATIVE_WITH_TLB_LOOKUP_LOAD_STORE_PAIR
+        AssertCompileAdjacentMembers(IEMTLBENTRY, uTag, fFlagsAndPhysRev);
+        pCodeBuf[off++] = Armv8A64MkInstrLdPairGpr(pTlbState->idxReg3, pTlbState->idxReg4, pTlbState->idxReg2,
+                                                   fEvenFirst ? (int)sizeof(IEMTLBENTRY) / 8 : -(int)sizeof(IEMTLBENTRY) / 8,
+                                                   kArm64InstrStLdPairType_PreIndex);
+#  else
+        pCodeBuf[off++] = Armv8A64MkInstrStrLdrPreIndex9(kArmv8A64InstrLdStType_Ld_Dword, pTlbState->idxReg3, pTlbState->idxReg2,
+                                                         fEvenFirst ? (int)sizeof(IEMTLBENTRY) / 8 : -(int)sizeof(IEMTLBENTRY) / 8);
+#  endif
+        /* cmp reg1, reg3; (uRev | Hash(FlatPtr), IEMTLBENTRY::uTag)*/
+        off = iemNativeEmitCmpGprWithGprEx(pCodeBuf, off, pTlbState->idxReg1, pTlbState->idxReg3);
+
+# else
+#  error "portme"
+# endif
+        /* je  near jumpback_checkalttlbe */
+        offFixupCheckAltTlbeJmpBack = off;
+        off = iemNativeEmitJccToFixedEx(pCodeBuf, off, off + 256, kIemNativeInstrCond_e);
+    }
+
+# ifdef IEM_WITH_TLB_STATISTICS
+    /* inc stat */
+    off = iemNativeEmitIncStamCounterInVCpuEx(pCodeBuf, off, pTlbState->idxReg1, pTlbState->idxReg2,
+                                              offVCpuTlb + RT_UOFFSETOF(IEMTLB, cTlbNativeMissTag));
+# endif
+# ifndef IEM_WITH_TLB_STATISTICS
+    if (fIncCheckAltTlbe)
+# endif
+        off = iemNativeEmitJmpToLabelEx(pReNative, pCodeBuf, off, idxLabelTlbMiss);
+    off = iemNativeEmitBrkEx(pCodeBuf, off, 0x7679);
 
     /*
@@ -700 +786 @@
      * 3. TLB lookup.
      *
-     * 3a. Calculate the TLB tag value (IEMTLB_CALC_TAG).
+     * 3a. Calculate the TLB tag value (IEMTLB_CALC_TAG_NO_REV).
      *     In 64-bit mode we will also check for non-canonical addresses here.
      */
@@ -771 +857 @@
         off = iemNativeEmitGpr32EqGprShiftRightImmEx(pCodeBuf, off, pTlbState->idxReg1, idxRegFlatPtr, GUEST_PAGE_SHIFT);
     }
+
     /* or  reg1, [qword pVCpu->iem.s.DataTlb.uTlbRevision] */
 # if defined(RT_ARCH_AMD64)
     pCodeBuf[off++] = pTlbState->idxReg1 < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_R;
     pCodeBuf[off++] = 0x0b; /* OR r64,r/m64 */
-    off = iemNativeEmitGprByVCpuDisp(pCodeBuf, off, pTlbState->idxReg1, offVCpuTlb + RT_UOFFSETOF(IEMTLB, uTlbRevision));
+    off = iemNativeEmitGprByVCpuDisp(pCodeBuf, off, pTlbState->idxReg1,
+                                     fEvenFirst ? offVCpuTlb + RT_UOFFSETOF(IEMTLB, uTlbRevision)
+                                     :            offVCpuTlb + RT_UOFFSETOF(IEMTLB, uTlbRevisionGlobal));
 # else
 #  ifdef IEMNATIVE_WITH_TLB_LOOKUP_LOAD_STORE_PAIR
-    /* Load uTlbRevision into reg3 and uTlbPhysRev into reg5.
-       We load the offVCpuTlb + aEntries into reg4 and use it for addressing here
-       and later when calculating pTble (save an instruction). */
+    /* Load uTlbRevision[Global] into reg3 and uTlbPhysRev into reg5.
+       We load the pointer for IEMTLB::aEntries[!fEvenFirst] into reg4 and use
+       it for addressing here and later when calculating pTble (saves one
+       instruction, simplifies odd-first). */
     AssertCompileMemberAlignment(IEMTLB, uTlbRevision, 16); /* It is said that misaligned pair loads doesn't perform well. */
     AssertCompileAdjacentMembers(IEMTLB, uTlbRevision, uTlbPhysRev);
+    AssertCompileAdjacentMembers(IEMTLB, uTlbPhysRev, uTlbRevisionGlobal);
     AssertCompile(RTASSERT_OFFSET_OF(IEMTLB, uTlbPhysRev) < RTASSERT_OFFSET_OF(IEMTLB, aEntries));
     AssertCompile(RTASSERT_OFFSET_OF(VMCPUCC, iem.s.DataTlb.aEntries) < _64K);
-    if (offVCpuTlb + RT_UOFFSETOF(IEMTLB, aEntries) < _64K)
-    {
-        pCodeBuf[off++] = Armv8A64MkInstrMovZ(pTlbState->idxReg4, offVCpuTlb + RT_UOFFSETOF(IEMTLB, aEntries));
+    uint32_t const offEntries = offVCpuTlb + RT_UOFFSETOF(IEMTLB, aEntries) + (fEvenFirst ? 0 : sizeof(IEMTLBENTRY));
+    if (offEntries < _64K)
+    {
+        pCodeBuf[off++] = Armv8A64MkInstrMovZ(pTlbState->idxReg4, offEntries);
         pCodeBuf[off++] = Armv8A64MkInstrAddReg(pTlbState->idxReg4, IEMNATIVE_REG_FIXED_PVMCPU, pTlbState->idxReg4);
     }
     else
     {
-        AssertCompileMemberAlignment(VMCPUCC, iem.s.CodeTlb.aEntries, 64);
-        AssertCompileMemberAlignment(IEMTLB, aEntries, 64);
-        AssertCompile(RTASSERT_OFFSET_OF(VMCPUCC, iem.s.CodeTlb.aEntries) < _64K*64U);
-        pCodeBuf[off++] = Armv8A64MkInstrMovZ(pTlbState->idxReg4, (offVCpuTlb + RT_UOFFSETOF(IEMTLB, aEntries)) >> 6);
+        AssertCompileMemberAlignment(VMCPUCC, iem.s.CodeTlb.aEntries, 32);
+        AssertCompileMemberAlignment(IEMTLB, aEntries, 32);
+        AssertCompileSizeAlignment(IEMTLBENTRY, 32);
+        AssertCompile(RTASSERT_OFFSET_OF(VMCPUCC, iem.s.CodeTlb.aEntries) < _64K*32U);
+
+        pCodeBuf[off++] = Armv8A64MkInstrMovZ(pTlbState->idxReg4, offEntries >> 5);
         pCodeBuf[off++] = Armv8A64MkInstrAddReg(pTlbState->idxReg4, IEMNATIVE_REG_FIXED_PVMCPU, pTlbState->idxReg4,
-                                                true /*64Bit*/, false /*fSetFlags*/, 6 /*cShift*/, kArmv8A64InstrShift_Lsl);
-    }
-    pCodeBuf[off++] = Armv8A64MkInstrLdPairGpr(pTlbState->idxReg3, pTlbState->idxReg5, pTlbState->idxReg4,
-                                               (RT_OFFSETOF(IEMTLB, uTlbRevision) - RT_OFFSETOF(IEMTLB, aEntries)) / 8);
+                                                true /*64Bit*/, false /*fSetFlags*/, 5 /*cShift*/, kArmv8A64InstrShift_Lsl);
+    }
+    AssertCompile(RTASSERT_OFFSET_OF(IEMTLB, aEntries) < 64U*8U - sizeof(IEMTLBENTRY));
+    if (fEvenFirst)
+        pCodeBuf[off++] = Armv8A64MkInstrLdPairGpr(pTlbState->idxReg3, pTlbState->idxReg5, pTlbState->idxReg4,
+                                                   (RT_OFFSETOF(IEMTLB, uTlbRevision) - RT_OFFSETOF(IEMTLB, aEntries)) / 8);
+    else /* This isn't 128-bit aligned, hope that doesn't hurt too much... */
+        pCodeBuf[off++] = Armv8A64MkInstrLdPairGpr(pTlbState->idxReg5, pTlbState->idxReg3, pTlbState->idxReg4,
+                                                   (  RT_OFFSETOF(IEMTLB, uTlbPhysRev) - RT_OFFSETOF(IEMTLB, aEntries)
+                                                    - (int)sizeof(IEMTLBENTRY)) / 8);
 #  else
-    off = iemNativeEmitLoadGprFromVCpuU64Ex(pCodeBuf, off, pTlbState->idxReg3, offVCpuTlb + RT_UOFFSETOF(IEMTLB, uTlbRevision));
+    off = iemNativeEmitLoadGprFromVCpuU64Ex(pCodeBuf, off, pTlbState->idxReg3,
+                                            fEvenFirst ? offVCpuTlb + RT_UOFFSETOF(IEMTLB, uTlbRevision)
+                                            :            offVCpuTlb + RT_UOFFSETOF(IEMTLB, uTlbRevisionGlobal));
 #  endif
     off = iemNativeEmitOrGprByGprEx(pCodeBuf, off, pTlbState->idxReg1, pTlbState->idxReg3);
@@ -811 +913 @@
      */
 # if !defined(RT_ARCH_ARM64) || !defined(IEMNATIVE_WITH_TLB_LOOKUP_LOAD_STORE_PAIR)
-    uint32_t const offTlbEntries = offVCpuTlb + RT_UOFFSETOF(IEMTLB, aEntries);
+    uint32_t const offTlbEntriesAdjusted = offVCpuTlb + RT_UOFFSETOF(IEMTLB, aEntries) + (fEvenFirst ? 0 : sizeof(IEMTLBENTRY));
 # endif
 # if defined(RT_ARCH_AMD64)
@@ -823 +925 @@
     off = iemNativeEmitAndGpr32ByImmEx(pCodeBuf, off, pTlbState->idxReg2, IEMTLB_ENTRY_COUNT - 1U);
 #  endif
-    /* shl   reg2, 5 ; reg2 *= sizeof(IEMTLBENTRY) */
+    /* shl   reg2, 6 ; reg2 *= sizeof(IEMTLBENTRY) * 2 */
     AssertCompileSize(IEMTLBENTRY, 32);
-    off = iemNativeEmitShiftGprLeftEx(pCodeBuf, off, pTlbState->idxReg2, 5);
-    /* lea   reg2, [pVCpu->iem.s.DataTlb.aEntries + reg2] */
+    off = iemNativeEmitShiftGprLeftEx(pCodeBuf, off, pTlbState->idxReg2, 6);
+    /* lea   reg2, [&pVCpu->iem.s.DataTlb.aEntries[!fEvenFirst] + reg2] */
     AssertCompile(IEMNATIVE_REG_FIXED_PVMCPU < 8);
     pCodeBuf[off++] = pTlbState->idxReg2 < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_X | X86_OP_REX_R;
@@ -832 +934 @@
     pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_MEM4, pTlbState->idxReg2 & 7, 4 /*SIB*/);
     pCodeBuf[off++] = X86_SIB_MAKE(IEMNATIVE_REG_FIXED_PVMCPU & 7, pTlbState->idxReg2 & 7, 0);
-    pCodeBuf[off++] = RT_BYTE1(offTlbEntries);
-    pCodeBuf[off++] = RT_BYTE2(offTlbEntries);
-    pCodeBuf[off++] = RT_BYTE3(offTlbEntries);
-    pCodeBuf[off++] = RT_BYTE4(offTlbEntries);
+    pCodeBuf[off++] = RT_BYTE1(offTlbEntriesAdjusted);
+    pCodeBuf[off++] = RT_BYTE2(offTlbEntriesAdjusted);
+    pCodeBuf[off++] = RT_BYTE3(offTlbEntriesAdjusted);
+    pCodeBuf[off++] = RT_BYTE4(offTlbEntriesAdjusted);
 
 # elif defined(RT_ARCH_ARM64)
-    /* reg2 = (reg1 & tlbmask) << 5 */
-    pCodeBuf[off++] = Armv8A64MkInstrUbfiz(pTlbState->idxReg2, pTlbState->idxReg1, 5, IEMTLB_ENTRY_COUNT_AS_POWER_OF_TWO);
+    /* reg2 = (reg1 & tlbmask) << 6 */
+    AssertCompileSize(IEMTLBENTRY, 32);
+    pCodeBuf[off++] = Armv8A64MkInstrUbfiz(pTlbState->idxReg2, pTlbState->idxReg1, 6, IEMTLB_ENTRY_COUNT_AS_POWER_OF_TWO);
 #  ifdef IEMNATIVE_WITH_TLB_LOOKUP_LOAD_STORE_PAIR
-    /* reg2 += &pVCpu->iem.s.DataTlb.aEntries / CodeTlb.aEntries */
+    /* reg2 += &pVCpu->iem.s.[Data|Code]Tlb.aEntries[!fEvenFirst] */
     pCodeBuf[off++] = Armv8A64MkInstrAddReg(pTlbState->idxReg2, pTlbState->idxReg2, pTlbState->idxReg4);
 #  else
-    /* reg2 += offsetof(VMCPUCC, iem.s.DataTlb.aEntries) */
-    off = iemNativeEmitAddGprImmEx(pCodeBuf, off, pTlbState->idxReg2, offTlbEntries, pTlbState->idxReg3 /*iGprTmp*/);
+    /* reg2 += offsetof(VMCPUCC, iem.s.DataTlb.aEntries[!fEvenFirst]) */
+    off = iemNativeEmitAddGprImmEx(pCodeBuf, off, pTlbState->idxReg2, offTlbEntriesAdjusted, pTlbState->idxReg3 /*iGprTmp*/);
     /* reg2 += pVCpu */
     off = iemNativeEmitAddTwoGprsEx(pCodeBuf, off, pTlbState->idxReg2, IEMNATIVE_REG_FIXED_PVMCPU);
@@ -862 +965 @@
     off = iemNativeEmitGprByGprDisp(pCodeBuf, off, pTlbState->idxReg1, pTlbState->idxReg2, RT_UOFFSETOF(IEMTLBENTRY, uTag));
 # elif defined(RT_ARCH_ARM64)
+    /* reg3 = uTag; [pair: reg4 = fFlagsAndPhysRev;] */
 #  ifdef IEMNATIVE_WITH_TLB_LOOKUP_LOAD_STORE_PAIR
     AssertCompileMemberAlignment(IEMTLBENTRY, uTag, 16); /* It is said that misaligned pair loads doesn't perform well. */
@@ -874 +978 @@
 #  error "Port me"
 # endif
+    /* jne checkalttlbe_and_missedtagstats */
 # ifndef IEM_WITH_TLB_STATISTICS
-    /* jne tlbmiss */
-    off = iemNativeEmitJccToLabelEx(pReNative, pCodeBuf, off, idxLabelTlbMiss, kIemNativeInstrCond_ne);
-# else
-    /* je  1F; inc stat; jmp tlbmiss */
-    uint32_t const offFixup1 = off;
-    off = iemNativeEmitJccToFixedEx(pCodeBuf, off, off + 16, kIemNativeInstrCond_e);
-    off = iemNativeEmitIncStamCounterInVCpuEx(pCodeBuf, off, pTlbState->idxReg1, pTlbState->idxReg2,
-                                              offVCpuTlb + RT_UOFFSETOF(IEMTLB, cTlbNativeMissTag));
-    off = iemNativeEmitJmpToLabelEx(pReNative, pCodeBuf, off, idxLabelTlbMiss);
-    iemNativeFixupFixedJump(pReNative, offFixup1, off);
-# endif
+    if (!fIncCheckAltTlbe)
+        off = iemNativeEmitJccToLabelEx(pReNative, pCodeBuf, off, idxLabelTlbMiss, kIemNativeInstrCond_ne);
+    else
+# endif
+    {
+        off = iemNativeEmitJccToFixedEx(pCodeBuf, off, offCheckAltTlbeAndMissedTagStats, kIemNativeInstrCond_ne);
+        if (fIncCheckAltTlbe)
+            iemNativeFixupFixedJump(pReNative, offFixupCheckAltTlbeJmpBack, off);
+    }
 
     /*