Changeset 106187 in vbox for trunk

Timestamp:

Oct 1, 2024 9:05:44 AM (7 months ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

164971

Message:

VMM/IEM: Injecting postponed eflags calculations into the TLB miss code paths. Fixed if constexpr for gcc. bugref:10720

Location:

trunk

Files:

• include/iprt/x86.h (modified) (1 diff)
• src/VBox/VMM/VMMAll/IEMAllN8veRecompBltIn.cpp (modified) (6 diffs)
• src/VBox/VMM/VMMAll/IEMAllN8veRecompFuncs.h (modified) (11 diffs)
• src/VBox/VMM/VMMAll/IEMAllN8veRecompiler.cpp (modified) (6 diffs)
• src/VBox/VMM/VMMAll/target-x86/IEMAllN8veEmit-x86.h (modified) (12 diffs)
• src/VBox/VMM/include/IEMN8veRecompiler.h (modified) (3 diffs)
• src/VBox/VMM/include/IEMN8veRecompilerEmit.h (modified) (13 diffs)

trunk/include/iprt/x86.h

@@ -190 +190 @@
 /** Bit 1 - Reserved, reads as 1. */
 #define X86_EFL_1           RT_BIT_32(1)
+#define X86_EFL_1_BIT       1
 /** Bit 2 - PF - Parity flag - Status flag. */
 #define X86_EFL_PF          RT_BIT_32(2)

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompBltIn.cpp

@@ -323 +323 @@
         /* jz nothing_pending */
         uint32_t const offFixup1 = off;
-        off = iemNativeEmitJccToFixedEx(pCodeBuf, off, off + 64, kIemNativeInstrCond_e);
+        off = iemNativeEmitJccToFixedEx(pCodeBuf, off, IEMNATIVE_HAS_POSTPONED_EFLAGS_CALCS(pReNative) ? off + 512 : off + 64,
+                                        kIemNativeInstrCond_e);
 
 # elif defined(RT_ARCH_ARM64)
@@ -334 +335 @@
         uint32_t const offFixup1 = off;
         off = iemNativeEmitTestIfGprIsZeroOrNotZeroAndJmpToFixedEx(pCodeBuf, off, idxTmpReg1, true /*f64Bit*/,
-                                                                   false /*fJmpIfNotZero*/, off + 16);
+                                                                   false /*fJmpIfNotZero*/, off);
 # else
 #  error "port me"
@@ -373 +374 @@
          */
         iemNativeFixupFixedJump(pReNative, offFixup1, off);
+        IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
     }
 
@@ -1439 +1441 @@
     off = iemNativeVarSaveVolatileRegsPreHlpCall(pReNative, off, fHstRegsNotToSave);
 
+#ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
+    /* Do delayed EFLAGS calculations. There are no restrictions on volatile registers here. */
+    off = iemNativeDoPostponedEFlagsAtTlbMiss<0>(pReNative, off, &TlbState, fHstRegsNotToSave);
+#endif
+
     /* IEMNATIVE_CALL_ARG1_GREG = offInstr */
     off = iemNativeEmitLoadGpr8Imm(pReNative, off, IEMNATIVE_CALL_ARG1_GREG, offInstr);
@@ -1446 +1453 @@
 
     /* Done setting up parameters, make the call. */
-    off = iemNativeEmitCallImm(pReNative, off, (uintptr_t)iemNativeHlpMemCodeNewPageTlbMissWithOff);
+    off = iemNativeEmitCallImm<true /*a_fSkipEflChecks*/>(pReNative, off, (uintptr_t)iemNativeHlpMemCodeNewPageTlbMissWithOff);
 
     /* Move the result to the right register. */
@@ -1736 +1743 @@
     off = iemNativeVarSaveVolatileRegsPreHlpCall(pReNative, off, fHstRegsNotToSave);
 
+#ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
+    /* Do delayed EFLAGS calculations. There are no restrictions on volatile registers here. */
+    off = iemNativeDoPostponedEFlagsAtTlbMiss<0>(pReNative, off, &TlbState, fHstRegsNotToSave);
+#endif
+
     /* IEMNATIVE_CALL_ARG0_GREG = pVCpu */
     off = iemNativeEmitLoadGprFromGpr(pReNative, off, IEMNATIVE_CALL_ARG0_GREG, IEMNATIVE_REG_FIXED_PVMCPU);
 
     /* Done setting up parameters, make the call. */
-    off = iemNativeEmitCallImm(pReNative, off, (uintptr_t)iemNativeHlpMemCodeNewPageTlbMiss);
+    off = iemNativeEmitCallImm<true /*a_fSkipEflChecks*/>(pReNative, off, (uintptr_t)iemNativeHlpMemCodeNewPageTlbMiss);
 
     /* Restore variables and guest shadow registers to volatile registers. */

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompFuncs.h

@@ -1753 +1753 @@
     }
 
+#ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
+    /* Do delayed EFLAGS calculations. */
+    off = iemNativeDoPostponedEFlagsAtTlbMiss<  RT_BIT_32(IEMNATIVE_CALL_ARG1_GREG)
+                                              | RT_BIT_32(IEMNATIVE_CALL_ARG2_GREG)>(pReNative, off, &TlbState, fHstRegsNotToSave);
+#endif
+
     /* IEMNATIVE_CALL_ARG0_GREG = pVCpu */
     off = iemNativeEmitLoadGprFromGpr(pReNative, off, IEMNATIVE_CALL_ARG0_GREG, IEMNATIVE_REG_FIXED_PVMCPU);
 
     /* Done setting up parameters, make the call. */
-    off = iemNativeEmitCallImm(pReNative, off, pfnFunction);
+    off = iemNativeEmitCallImm<true /*a_fSkipEflChecks*/>(pReNative, off, pfnFunction);
 
     /* Restore variables and guest shadow registers to volatile registers. */
@@ -2451 +2457 @@
         off = iemNativeEmitLoadGprFromGpr(pReNative, off, IEMNATIVE_CALL_ARG1_GREG, idxRegEffSp);
 
+#ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
+    /* Do delayed EFLAGS calculations. */
+    off = iemNativeDoPostponedEFlagsAtTlbMiss<RT_BIT_32(IEMNATIVE_CALL_ARG1_GREG)>(pReNative, off, &TlbState, fHstRegsNotToSave);
+#endif
+
     /* IEMNATIVE_CALL_ARG0_GREG = pVCpu */
     off = iemNativeEmitLoadGprFromGpr(pReNative, off, IEMNATIVE_CALL_ARG0_GREG, IEMNATIVE_REG_FIXED_PVMCPU);
 
     /* Done setting up parameters, make the call. */
-    off = iemNativeEmitCallImm(pReNative, off, pfnFunction);
+    off = iemNativeEmitCallImm<true /*a_fSkipEflChecks*/>(pReNative, off, pfnFunction);
 
     /* Move the return register content to idxRegMemResult. */
@@ -6263 +6274 @@
     /* Updating the skipping according to the outputs is a little early, but
        we don't have any other hooks for references atm. */
-    if RT_CONSTEXPR((a_fEflOutput & X86_EFL_STATUS_BITS) == X86_EFL_STATUS_BITS)
+    if RT_CONSTEXPR_IF((a_fEflOutput & X86_EFL_STATUS_BITS) == X86_EFL_STATUS_BITS)
         off = iemNativeEmitStoreImmToVCpuU32(pReNative, off, 0, RT_UOFFSETOF(VMCPU, iem.s.fSkippingEFlags));
-    else if RT_CONSTEXPR((a_fEflOutput & X86_EFL_STATUS_BITS) != 0)
+    else if RT_CONSTEXPR_IF((a_fEflOutput & X86_EFL_STATUS_BITS) != 0)
         off = iemNativeEmitAndImmIntoVCpuU32(pReNative, off, ~(a_fEflOutput & X86_EFL_STATUS_BITS),
                                              RT_UOFFSETOF(VMCPU, iem.s.fSkippingEFlags));
@@ -7155 +7166 @@
  * and IEM_MC_FETCH_MEM_FLAT_U8/16/32/64 and IEM_MC_STORE_MEM_FLAT_U8/16/32/64
  * (with iSegReg = UINT8_MAX). */
+/** @todo Pass enmOp, cbMem, fAlignMaskAndClt and a iSegReg == UINT8_MAX
+ *        indicator as template parameters. */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitMemFetchStoreDataCommon(PIEMRECOMPILERSTATE pReNative, uint32_t off,  uint8_t idxVarValue, uint8_t iSegReg,
@@ -7479 +7492 @@
          * For SIMD based variables we pass the reference on the stack for both fetches and stores.
          *
-         * @note There was a register variable assigned to the variable for the TlbLookup case above
+         * Note! There was a register variable assigned to the variable for the TlbLookup case above
          *       which must not be freed or the value loaded into the register will not be synced into the register
          *       further down the road because the variable doesn't know it had a variable assigned.
          *
-         * @note For loads it is not required to sync what is in the assigned register with the stack slot
+         * Note! For loads it is not required to sync what is in the assigned register with the stack slot
          *       as it will be overwritten anyway.
          */
@@ -7520 +7533 @@
     }
 
+#ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
+    /* Do delayed EFLAGS calculations. */
+    if (enmOp == kIemNativeEmitMemOp_Store || cbMem == sizeof(RTUINT128U) || cbMem == sizeof(RTUINT256U))
+    {
+        if (iSegReg == UINT8_MAX)
+            off = iemNativeDoPostponedEFlagsAtTlbMiss<  RT_BIT_32(IEMNATIVE_CALL_ARG1_GREG)
+                                                      | RT_BIT_32(IEMNATIVE_CALL_ARG2_GREG)>(pReNative, off, &TlbState,
+                                                                                             fHstRegsNotToSave);
+        else
+            off = iemNativeDoPostponedEFlagsAtTlbMiss<  RT_BIT_32(IEMNATIVE_CALL_ARG1_GREG)
+                                                      | RT_BIT_32(IEMNATIVE_CALL_ARG2_GREG)
+                                                      | RT_BIT_32(IEMNATIVE_CALL_ARG3_GREG)>(pReNative, off, &TlbState,
+                                                                                             fHstRegsNotToSave);
+    }
+    else if (iSegReg == UINT8_MAX)
+        off = iemNativeDoPostponedEFlagsAtTlbMiss<  RT_BIT_32(IEMNATIVE_CALL_ARG1_GREG)>(pReNative, off, &TlbState,
+                                                                                         fHstRegsNotToSave);
+    else
+        off = iemNativeDoPostponedEFlagsAtTlbMiss<  RT_BIT_32(IEMNATIVE_CALL_ARG1_GREG)
+                                                  | RT_BIT_32(IEMNATIVE_CALL_ARG2_GREG)>(pReNative, off, &TlbState,
+                                                                                         fHstRegsNotToSave);
+#endif
+
     /* IEMNATIVE_CALL_ARG0_GREG = pVCpu */
     off = iemNativeEmitLoadGprFromGpr(pReNative, off, IEMNATIVE_CALL_ARG0_GREG, IEMNATIVE_REG_FIXED_PVMCPU);
 
     /* Done setting up parameters, make the call. */
-    off = iemNativeEmitCallImm(pReNative, off, pfnFunction);
+    off = iemNativeEmitCallImm<true /*a_fSkipEflChecks*/>(pReNative, off, pfnFunction);
 
     /*
@@ -8501 +8537 @@
     }
 
+#ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
+    /* Do delayed EFLAGS calculations. */
+    off = iemNativeDoPostponedEFlagsAtTlbMiss<  RT_BIT_32(IEMNATIVE_CALL_ARG1_GREG)
+                                              | RT_BIT_32(IEMNATIVE_CALL_ARG2_GREG)>(pReNative, off, &TlbState, fHstRegsNotToSave);
+#endif
+
     /* IEMNATIVE_CALL_ARG0_GREG = pVCpu */
     off = iemNativeEmitLoadGprFromGpr(pReNative, off, IEMNATIVE_CALL_ARG0_GREG, IEMNATIVE_REG_FIXED_PVMCPU);
 
     /* Done setting up parameters, make the call. */
-    off = iemNativeEmitCallImm(pReNative, off, pfnFunction);
+    off = iemNativeEmitCallImm<true /*a_fSkipEflChecks*/>(pReNative, off, pfnFunction);
 
     /* Restore variables and guest shadow registers to volatile registers. */
@@ -8844 +8886 @@
         off = iemNativeEmitLoadGprFromGpr(pReNative, off, IEMNATIVE_CALL_ARG1_GREG, idxRegEffSp);
 
+#ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
+    /* Do delayed EFLAGS calculations. */
+    off = iemNativeDoPostponedEFlagsAtTlbMiss<RT_BIT_32(IEMNATIVE_CALL_ARG1_GREG)>(pReNative, off, &TlbState, fHstRegsNotToSave);
+#endif
+
     /* IEMNATIVE_CALL_ARG0_GREG = pVCpu */
     off = iemNativeEmitLoadGprFromGpr(pReNative, off, IEMNATIVE_CALL_ARG0_GREG, IEMNATIVE_REG_FIXED_PVMCPU);
 
     /* Done setting up parameters, make the call. */
-    off = iemNativeEmitCallImm(pReNative, off, pfnFunction);
+    off = iemNativeEmitCallImm<true /*a_fSkipEflChecks*/>(pReNative, off, pfnFunction);
 
     /* Move the return register content to idxRegMemResult. */
@@ -9467 +9514 @@
     }
 
+#ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
+    /* Do delayed EFLAGS calculations. */
+    if (iSegReg == UINT8_MAX)
+        off = iemNativeDoPostponedEFlagsAtTlbMiss<RT_BIT_32(IEMNATIVE_CALL_ARG2_GREG)>(pReNative, off, &TlbState,
+                                                                                       fHstRegsNotToSave);
+    else
+        off = iemNativeDoPostponedEFlagsAtTlbMiss<  RT_BIT_32(IEMNATIVE_CALL_ARG2_GREG)
+                                                  | RT_BIT_32(IEMNATIVE_CALL_ARG3_GREG)>(pReNative, off, &TlbState,
+                                                                                         fHstRegsNotToSave);
+#endif
+
     /* IEMNATIVE_CALL_ARG1_GREG = &idxVarUnmapInfo; stackslot address, load any register with result after the call. */
     int32_t const offBpDispVarUnmapInfo = iemNativeStackCalcBpDisp(iemNativeVarGetStackSlot(pReNative, idxVarUnmapInfo));
@@ -9475 +9533 @@
 
     /* Done setting up parameters, make the call. */
-    off = iemNativeEmitCallImm(pReNative, off, pfnFunction);
+    off = iemNativeEmitCallImm<true /*a_fSkipEflChecks*/>(pReNative, off, pfnFunction);
 
     /*
@@ -9653 +9711 @@
     off = iemNativeEmitLoadGprFromGpr(pReNative, off, IEMNATIVE_CALL_ARG0_GREG, IEMNATIVE_REG_FIXED_PVMCPU);
 
-    /* Done setting up parameters, make the call. */
-    off = iemNativeEmitCallImm(pReNative, off, pfnFunction);
+    /* Done setting up parameters, make the call.
+       Note! Since we can only end up here if we took a TLB miss, any postponed EFLAGS
+             calculations has been done there already. Thus, a_fSkipEflChecks = true. */
+    off = iemNativeEmitCallImm<true /*a_fSkipEflChecks*/>(pReNative, off, pfnFunction);
 
     /* The bUnmapInfo variable is implictly free by these MCs. */

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompiler.cpp

@@ -5959 +5959 @@
 
 
+/**
+ * Loads the guest shadow register @a enmGstReg into host reg @a idxHstReg, zero
+ * extending to 64-bit width, extended version.
+ *
+ * @returns New code buffer offset on success, UINT32_MAX on failure.
+ * @param   pCodeBuf    The code buffer.
+ * @param   off         The current code buffer position.
+ * @param   idxHstReg   The host register to load the guest register value into.
+ * @param   enmGstReg   The guest register to load.
+ *
+ * @note This does not mark @a idxHstReg as having a shadow copy of @a enmGstReg,
+ *       that is something the caller needs to do if applicable.
+ */
+DECL_HIDDEN_THROW(uint32_t)
+iemNativeEmitLoadGprWithGstShadowRegEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t idxHstReg, IEMNATIVEGSTREG enmGstReg)
+{
+    Assert((unsigned)enmGstReg < (unsigned)kIemNativeGstReg_End);
+    Assert(g_aGstShadowInfo[enmGstReg].cb != 0);
+
+    switch (g_aGstShadowInfo[enmGstReg].cb)
+    {
+        case sizeof(uint64_t):
+            return iemNativeEmitLoadGprFromVCpuU64Ex(pCodeBuf, off, idxHstReg, g_aGstShadowInfo[enmGstReg].off);
+        case sizeof(uint32_t):
+            return iemNativeEmitLoadGprFromVCpuU32Ex(pCodeBuf, off, idxHstReg, g_aGstShadowInfo[enmGstReg].off);
+        case sizeof(uint16_t):
+            return iemNativeEmitLoadGprFromVCpuU16Ex(pCodeBuf, off, idxHstReg, g_aGstShadowInfo[enmGstReg].off);
+#if 0 /* not present in the table. */
+        case sizeof(uint8_t):
+            return iemNativeEmitLoadGprFromVCpuU8Ex(pCodeBuf, off, idxHstReg, g_aGstShadowInfo[enmGstReg].off);
+#endif
+        default:
+#ifdef IEM_WITH_THROW_CATCH
+            AssertFailedStmt(IEMNATIVE_DO_LONGJMP(NULL, VERR_IPE_NOT_REACHED_DEFAULT_CASE));
+#else
+            AssertReleaseFailedReturn(off);
+#endif
+    }
+}
+
+
 #ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
 /**
@@ -6003 +6044 @@
  *       Trashes EFLAGS on AMD64.
  */
-DECL_HIDDEN_THROW(uint32_t)
-iemNativeEmitTop32BitsClearCheck(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t idxReg)
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitTop32BitsClearCheckEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t idxReg)
 {
 # ifdef RT_ARCH_AMD64
-    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 20);
-
     /* rol reg64, 32 */
-    pbCodeBuf[off++] = X86_OP_REX_W | (idxReg < 8 ? 0 : X86_OP_REX_B);
-    pbCodeBuf[off++] = 0xc1;
-    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, idxReg & 7);
-    pbCodeBuf[off++] = 32;
+    pCodeBuf[off++] = X86_OP_REX_W | (idxReg < 8 ? 0 : X86_OP_REX_B);
+    pCodeBuf[off++] = 0xc1;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, idxReg & 7);
+    pCodeBuf[off++] = 32;
 
     /* test reg32, ffffffffh */
     if (idxReg >= 8)
-        pbCodeBuf[off++] = X86_OP_REX_B;
-    pbCodeBuf[off++] = 0xf7;
-    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, idxReg & 7);
-    pbCodeBuf[off++] = 0xff;
-    pbCodeBuf[off++] = 0xff;
-    pbCodeBuf[off++] = 0xff;
-    pbCodeBuf[off++] = 0xff;
+        pCodeBuf[off++] = X86_OP_REX_B;
+    pCodeBuf[off++] = 0xf7;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, idxReg & 7);
+    pCodeBuf[off++] = 0xff;
+    pCodeBuf[off++] = 0xff;
+    pCodeBuf[off++] = 0xff;
+    pCodeBuf[off++] = 0xff;
 
     /* je/jz +1 */
-    pbCodeBuf[off++] = 0x74;
-    pbCodeBuf[off++] = 0x01;
+    pCodeBuf[off++] = 0x74;
+    pCodeBuf[off++] = 0x01;
 
     /* int3 */
-    pbCodeBuf[off++] = 0xcc;
+    pCodeBuf[off++] = 0xcc;
 
     /* rol reg64, 32 */
-    pbCodeBuf[off++] = X86_OP_REX_W | (idxReg < 8 ? 0 : X86_OP_REX_B);
-    pbCodeBuf[off++] = 0xc1;
-    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, idxReg & 7);
-    pbCodeBuf[off++] = 32;
+    pCodeBuf[off++] = X86_OP_REX_W | (idxReg < 8 ? 0 : X86_OP_REX_B);
+    pCodeBuf[off++] = 0xc1;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, idxReg & 7);
+    pCodeBuf[off++] = 32;
 
 # elif defined(RT_ARCH_ARM64)
-    uint32_t * const pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
     /* lsr tmp0, reg64, #32 */
-    pu32CodeBuf[off++] = Armv8A64MkInstrLsrImm(IEMNATIVE_REG_FIXED_TMP0, idxReg, 32);
+    pCodeBuf[off++] = Armv8A64MkInstrLsrImm(IEMNATIVE_REG_FIXED_TMP0, idxReg, 32);
     /* cbz tmp0, +1 */
-    pu32CodeBuf[off++] = Armv8A64MkInstrCbzCbnz(false /*fJmpIfNotZero*/, 2, IEMNATIVE_REG_FIXED_TMP0);
+    pCodeBuf[off++] = Armv8A64MkInstrCbzCbnz(false /*fJmpIfNotZero*/, 2, IEMNATIVE_REG_FIXED_TMP0);
     /* brk #0x1100 */
-    pu32CodeBuf[off++] = Armv8A64MkInstrBrk(UINT32_C(0x1100));
+    pCodeBuf[off++] = Armv8A64MkInstrBrk(UINT32_C(0x1100));
 
 # else
 #  error "Port me!"
 # endif
+    return off;
+}
+
+
+/**
+ * Emitting code that checks that the value of @a idxReg is UINT32_MAX or less.
+ *
+ * @note May of course trash IEMNATIVE_REG_FIXED_TMP0.
+ *       Trashes EFLAGS on AMD64.
+ */
+DECL_HIDDEN_THROW(uint32_t)
+iemNativeEmitTop32BitsClearCheck(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t idxReg)
+{
+# ifdef RT_ARCH_AMD64
+    PIEMNATIVEINSTR const pCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 20);
+# elif defined(RT_ARCH_ARM64)
+    PIEMNATIVEINSTR const pCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
+# else
+#  error "Port me!"
+# endif
+    off = iemNativeEmitTop32BitsClearCheckEx(pCodeBuf, off, idxReg);
     IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
     return off;
@@ -6063 +6122 @@
  *       Trashes EFLAGS on AMD64.
  */
-DECL_HIDDEN_THROW(uint32_t)
-iemNativeEmitGuestRegValueCheck(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t idxReg, IEMNATIVEGSTREG enmGstReg)
+DECL_HIDDEN_THROW(uint32_t) iemNativeEmitGuestRegValueCheckEx(PIEMRECOMPILERSTATE pReNative, PIEMNATIVEINSTR pCodeBuf,
+                                                              uint32_t off, uint8_t idxReg, IEMNATIVEGSTREG enmGstReg)
 {
 #if defined(IEMNATIVE_WITH_DELAYED_REGISTER_WRITEBACK)
@@ -6073 +6132 @@
 
 # ifdef RT_ARCH_AMD64
-    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 32);
-
     /* cmp reg, [mem] */
     if (g_aGstShadowInfo[enmGstReg].cb == sizeof(uint8_t))
     {
         if (idxReg >= 8)
-            pbCodeBuf[off++] = X86_OP_REX_R;
-        pbCodeBuf[off++] = 0x38;
+            pCodeBuf[off++] = X86_OP_REX_R;
+        pCodeBuf[off++] = 0x38;
     }
     else
     {
         if (g_aGstShadowInfo[enmGstReg].cb == sizeof(uint64_t))
-            pbCodeBuf[off++] = X86_OP_REX_W | (idxReg < 8 ? 0 : X86_OP_REX_R);
+            pCodeBuf[off++] = X86_OP_REX_W | (idxReg < 8 ? 0 : X86_OP_REX_R);
         else
         {
             if (g_aGstShadowInfo[enmGstReg].cb == sizeof(uint16_t))
-                pbCodeBuf[off++] = X86_OP_PRF_SIZE_OP;
+                pCodeBuf[off++] = X86_OP_PRF_SIZE_OP;
             else
                 AssertStmt(g_aGstShadowInfo[enmGstReg].cb == sizeof(uint32_t),
                            IEMNATIVE_DO_LONGJMP(pReNative, VERR_IEM_LABEL_IPE_6));
             if (idxReg >= 8)
-                pbCodeBuf[off++] = X86_OP_REX_R;
+                pCodeBuf[off++] = X86_OP_REX_R;
         }
-        pbCodeBuf[off++] = 0x39;
-    }
-    off = iemNativeEmitGprByVCpuDisp(pbCodeBuf, off, idxReg, g_aGstShadowInfo[enmGstReg].off);
+        pCodeBuf[off++] = 0x39;
+    }
+    off = iemNativeEmitGprByVCpuDisp(pCodeBuf, off, idxReg, g_aGstShadowInfo[enmGstReg].off);
 
     /* je/jz +1 */
-    pbCodeBuf[off++] = 0x74;
-    pbCodeBuf[off++] = 0x01;
+    pCodeBuf[off++] = 0x74;
+    pCodeBuf[off++] = 0x01;
 
     /* int3 */
-    pbCodeBuf[off++] = 0xcc;
+    pCodeBuf[off++] = 0xcc;
 
     /* For values smaller than the register size, we must check that the rest
@@ -6112 +6169 @@
     {
         /* test reg64, imm32 */
-        pbCodeBuf[off++] = X86_OP_REX_W | (idxReg < 8 ? 0 : X86_OP_REX_B);
-        pbCodeBuf[off++] = 0xf7;
-        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, idxReg & 7);
-        pbCodeBuf[off++] = 0;
-        pbCodeBuf[off++] = g_aGstShadowInfo[enmGstReg].cb > sizeof(uint8_t) ? 0 : 0xff;
-        pbCodeBuf[off++] = 0xff;
-        pbCodeBuf[off++] = 0xff;
+        pCodeBuf[off++] = X86_OP_REX_W | (idxReg < 8 ? 0 : X86_OP_REX_B);
+        pCodeBuf[off++] = 0xf7;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, idxReg & 7);
+        pCodeBuf[off++] = 0;
+        pCodeBuf[off++] = g_aGstShadowInfo[enmGstReg].cb > sizeof(uint8_t) ? 0 : 0xff;
+        pCodeBuf[off++] = 0xff;
+        pCodeBuf[off++] = 0xff;
 
         /* je/jz +1 */
-        pbCodeBuf[off++] = 0x74;
-        pbCodeBuf[off++] = 0x01;
+        pCodeBuf[off++] = 0x74;
+        pCodeBuf[off++] = 0x01;
 
         /* int3 */
-        pbCodeBuf[off++] = 0xcc;
-        IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
-    }
-    else
-    {
-        IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
-        if (g_aGstShadowInfo[enmGstReg].cb == sizeof(uint32_t))
-            iemNativeEmitTop32BitsClearCheck(pReNative, off, idxReg);
-    }
+        pCodeBuf[off++] = 0xcc;
+    }
+    else if (g_aGstShadowInfo[enmGstReg].cb == sizeof(uint32_t))
+        iemNativeEmitTop32BitsClearCheckEx(pCodeBuf, off, idxReg);
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
 
 # elif defined(RT_ARCH_ARM64)
     /* mov TMP0, [gstreg] */
-    off = iemNativeEmitLoadGprWithGstShadowReg(pReNative, off, IEMNATIVE_REG_FIXED_TMP0, enmGstReg);
-
-    uint32_t * const pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
+    off = iemNativeEmitLoadGprWithGstShadowRegEx(pCodeBuf, off, IEMNATIVE_REG_FIXED_TMP0, enmGstReg);
+
     /* sub tmp0, tmp0, idxReg */
-    pu32CodeBuf[off++] = Armv8A64MkInstrAddSubReg(true /*fSub*/, IEMNATIVE_REG_FIXED_TMP0, IEMNATIVE_REG_FIXED_TMP0, idxReg);
-    /* cbz tmp0, +1 */
-    pu32CodeBuf[off++] = Armv8A64MkInstrCbzCbnz(false /*fJmpIfNotZero*/, 2, IEMNATIVE_REG_FIXED_TMP0);
+    pCodeBuf[off++] = Armv8A64MkInstrAddSubReg(true /*fSub*/, IEMNATIVE_REG_FIXED_TMP0, IEMNATIVE_REG_FIXED_TMP0, idxReg);
+    /* cbz tmp0, +2 */
+    pCodeBuf[off++] = Armv8A64MkInstrCbz(2, IEMNATIVE_REG_FIXED_TMP0);
     /* brk #0x1000+enmGstReg */
-    pu32CodeBuf[off++] = Armv8A64MkInstrBrk((uint32_t)enmGstReg | UINT32_C(0x1000));
+    pCodeBuf[off++] = Armv8A64MkInstrBrk((uint32_t)enmGstReg | UINT32_C(0x1000));
     IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
 
@@ -6154 +6206 @@
 }
 
+
+/**
+ * Emitting code that checks that the content of register @a idxReg is the same
+ * as what's in the guest register @a enmGstReg, resulting in a breakpoint
+ * instruction if that's not the case.
+ *
+ * @note May of course trash IEMNATIVE_REG_FIXED_TMP0.
+ *       Trashes EFLAGS on AMD64.
+ */
+DECL_HIDDEN_THROW(uint32_t)
+iemNativeEmitGuestRegValueCheck(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t idxReg, IEMNATIVEGSTREG enmGstReg)
+{
+#ifdef RT_ARCH_AMD64
+    PIEMNATIVEINSTR const pCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 32);
+#elif defined(RT_ARCH_ARM64)
+    PIEMNATIVEINSTR const pCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 5);
+# else
+#  error "Port me!"
+# endif
+    return iemNativeEmitGuestRegValueCheckEx(pReNative, pCodeBuf, off, idxReg, enmGstReg);
+}
 
 # ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR

trunk/src/VBox/VMM/VMMAll/target-x86/IEMAllN8veEmit-x86.h

@@ -230 +230 @@
     if (fEFlags)
     {
-        if RT_CONSTEXPR(a_fEflClobbered != X86_EFL_STATUS_BITS)
+        if RT_CONSTEXPR_IF(a_fEflClobbered != X86_EFL_STATUS_BITS)
         {
             fEFlags &= ~a_fEflClobbered;
@@ -270 +270 @@
     if (idxRegTmp == X86_GREG_xAX)
     {
-        /* sahf ; AH = EFLAGS */
-        pCodeBuf[off++] = 0x9e;
+        /* lahf ; AH = EFLAGS */
+        pCodeBuf[off++] = 0x9f;
         if (idxRegEfl <= X86_GREG_xBX)
         {
@@ -308 +308 @@
         pCodeBuf[off++] = 0x86;
         pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 4 /*AH*/, 0 /*AL*/);
-        /* sahf ; AH = EFLAGS */
-        pCodeBuf[off++] = 0x9e;
+        /* lahf ; AH = EFLAGS */
+        pCodeBuf[off++] = 0x9f;
         /* xchg al, ah  */
         pCodeBuf[off++] = 0x86;
@@ -358 +358 @@
 
 
-template<uint32_t const a_bmInputRegs>
-static uint32_t iemNativeDoPostponedEFlagsAtTbExitInternal(PIEMRECOMPILERSTATE pReNative, uint32_t off, PIEMNATIVEINSTR pCodeBuf)
+template<uint32_t const a_bmInputRegs, bool const a_fTlbMiss = false>
+static uint32_t iemNativeDoPostponedEFlagsInternal(PIEMRECOMPILERSTATE pReNative, uint32_t off, PIEMNATIVEINSTR pCodeBuf,
+                                                   uint32_t bmExtraTlbMissRegs = 0)
 {
     /*
-     * We can't do regular register allocations here, but since we're in an exit
-     * path where all pending writes has been flushed and we have a known set of
-     * registers with input for the exit label, we do our own simple stuff here.
+     * In the TB exit code path we cannot do regular register allocation.  Nor
+     * can we when we're in the TLB miss code, unless we're skipping the TLB
+     * lookup.  Since the latter isn't an important usecase and should get along
+     * fine on just volatile registers, we do not need to do anything special
+     * for it.
+     *
+     * So, we do our own register allocating here.  Any register goes in the TB
+     * exit path, excluding a_bmInputRegs, fixed and postponed related registers.
+     * In the TLB miss we can use any volatile register and temporary registers
+     * allocated in the TLB state.
      *
      * Note! On x86 we prefer using RAX as the first TMP register, so we can
@@ -371 +379 @@
      *       shadow, since RAX is represented by bit 0 in the mask.
      */
-    uint32_t bmAvailableRegs = ~(a_bmInputRegs | IEMNATIVE_REG_FIXED_MASK) & IEMNATIVE_HST_GREG_MASK;
-    if (pReNative->PostponedEfl.idxReg2 != UINT8_MAX)
-        bmAvailableRegs &= ~(RT_BIT_32(pReNative->PostponedEfl.idxReg1) | RT_BIT_32(pReNative->PostponedEfl.idxReg2));
+    uint32_t bmAvailableRegs;
+    if RT_CONSTEXPR_IF(!a_fTlbMiss)
+    {
+        bmAvailableRegs = ~(a_bmInputRegs | IEMNATIVE_REG_FIXED_MASK) & IEMNATIVE_HST_GREG_MASK;
+        if (pReNative->PostponedEfl.idxReg2 != UINT8_MAX)
+            bmAvailableRegs &= ~(RT_BIT_32(pReNative->PostponedEfl.idxReg1) | RT_BIT_32(pReNative->PostponedEfl.idxReg2));
+        else
+            bmAvailableRegs &= ~RT_BIT_32(pReNative->PostponedEfl.idxReg1);
+    }
     else
-        bmAvailableRegs &= ~RT_BIT_32(pReNative->PostponedEfl.idxReg1);
-
-    /* Use existing EFLAGS shadow if available. */
-    uint8_t idxRegEfl, idxRegTmp;
-    if (pReNative->Core.bmGstRegShadowDirty & RT_BIT_64(kIemNativeGstReg_EFlags))
-    {
-        idxRegEfl = pReNative->Core.aidxGstRegShadows[kIemNativeGstReg_EFlags];
-        Assert(idxRegEfl < IEMNATIVE_HST_GREG_COUNT && (bmAvailableRegs & RT_BIT_32(idxRegEfl)));
+    {
+        /* Note! a_bmInputRegs takes precedence over bmExtraTlbMissRegs. */
+        bmAvailableRegs  = (IEMNATIVE_CALL_VOLATILE_GREG_MASK | bmExtraTlbMissRegs)
+                         & ~(a_bmInputRegs | IEMNATIVE_REG_FIXED_MASK)
+                         & IEMNATIVE_HST_GREG_MASK;
+    }
+
+    /* Use existing EFLAGS shadow if available. For the TLB-miss code path we
+       need to weed out volatile registers here, as they will no longer be valid. */
+    uint8_t idxRegTmp;
+    uint8_t idxRegEfl = pReNative->Core.aidxGstRegShadows[kIemNativeGstReg_EFlags];
+    if (   (pReNative->Core.bmGstRegShadows & RT_BIT_64(kIemNativeGstReg_EFlags))
+        && (!a_fTlbMiss || !(RT_BIT_32(idxRegEfl) & IEMNATIVE_CALL_VOLATILE_GREG_MASK)))
+    {
+        Assert(idxRegEfl < IEMNATIVE_HST_GREG_COUNT);
+        Assert(!(a_bmInputRegs & RT_BIT_32(idxRegEfl)));
+        if RT_CONSTEXPR_IF(!a_fTlbMiss) Assert(bmAvailableRegs & RT_BIT_32(idxRegEfl));
         bmAvailableRegs &= ~RT_BIT_32(idxRegEfl);
 #ifdef VBOX_STRICT
-        /** @todo check shadow register content. */
+        off = iemNativeEmitGuestRegValueCheckEx(pReNative, pCodeBuf, off, idxRegEfl, kIemNativeGstReg_EFlags);
 #endif
 
@@ -420 +443 @@
      * Store EFLAGS.
      */
+#ifdef VBOX_STRICT
+    /* check that X86_EFL_1 is set. */
+    uint32_t offFixup1;
+    off = iemNativeEmitTestBitInGprAndJmpToFixedIfSetEx(pCodeBuf, off, idxRegEfl, X86_EFL_1_BIT, off, &offFixup1);
+    off = iemNativeEmitBrkEx(pCodeBuf, off, 0x3330);
+    iemNativeFixupFixedJump(pReNative, offFixup1, off);
+    /* Check that X86_EFL_RAZ_LO_MASK is zero. */
+    off = iemNativeEmitTestAnyBitsInGpr32Ex(pCodeBuf, off, idxRegEfl, X86_EFL_RAZ_LO_MASK);
+    uint32_t const offFixup2 = off;
+    off = iemNativeEmitJccToFixedEx(pCodeBuf, off, off, kIemNativeInstrCond_e);
+    off = iemNativeEmitBrkEx(pCodeBuf, off, 0x3331);
+    iemNativeFixupFixedJump(pReNative, offFixup2, off);
+#endif
     off = iemNativeEmitStoreGprToVCpuU32Ex(pCodeBuf, off, idxRegEfl, RT_UOFFSETOF(VMCPU, cpum.GstCtx.eflags));
     IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
@@ -435 +471 @@
     {
         PIEMNATIVEINSTR const pCodeBuf = iemNativeInstrBufEnsure(pReNative, off, IEMNATIVE_MAX_POSTPONED_EFLAGS_INSTRUCTIONS);
-        return iemNativeDoPostponedEFlagsAtTbExitInternal<a_bmInputRegs>(pReNative, off, pCodeBuf);
+        return iemNativeDoPostponedEFlagsInternal<a_bmInputRegs>(pReNative, off, pCodeBuf);
     }
     return off;
@@ -446 +482 @@
 {
     if (pReNative->PostponedEfl.fEFlags)
-        return iemNativeDoPostponedEFlagsAtTbExitInternal<a_bmInputRegs>(pReNative, off, pCodeBuf);
+        return iemNativeDoPostponedEFlagsInternal<a_bmInputRegs>(pReNative, off, pCodeBuf);
+    return off;
+}
+
+
+template<uint32_t const a_bmInputRegs>
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeDoPostponedEFlagsAtTlbMiss(PIEMRECOMPILERSTATE pReNative, uint32_t off, const IEMNATIVEEMITTLBSTATE *pTlbState,
+                                    uint32_t bmTmpRegs)
+{
+    if (pReNative->PostponedEfl.fEFlags)
+    {
+        PIEMNATIVEINSTR const pCodeBuf = iemNativeInstrBufEnsure(pReNative, off, IEMNATIVE_MAX_POSTPONED_EFLAGS_INSTRUCTIONS);
+        return iemNativeDoPostponedEFlagsInternal<a_bmInputRegs, true>(pReNative, off, pCodeBuf,
+                                                                       pTlbState->getRegsNotToSave() | bmTmpRegs);
+    }
     return off;
 }
@@ -490 +541 @@
 # endif
         Log5(("iemNativeEmitEFlagsForLogical: Skipping %#x\n", X86_EFL_STATUS_BITS));
+        return off;
     }
 # ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
-    else if (      (  (fEflPostponing = IEMLIVENESS_STATE_GET_CAN_BE_POSTPONED_SET(pLivenessEntry) & IEMLIVENESSBIT_STATUS_EFL_MASK)
-                    | fEflClobbered)
-                == IEMLIVENESSBIT_STATUS_EFL_MASK
-             && idxRegResult != UINT8_MAX)
+    if (      (  (fEflPostponing = IEMLIVENESS_STATE_GET_CAN_BE_POSTPONED_SET(pLivenessEntry) & IEMLIVENESSBIT_STATUS_EFL_MASK)
+               | fEflClobbered)
+           == IEMLIVENESSBIT_STATUS_EFL_MASK
+        && idxRegResult != UINT8_MAX)
     {
         STAM_COUNTER_INC(&pReNative->pVCpu->iem.s.StatNativeEflPostponedLogical);
-        pReNative->fSkippingEFlags       = 0;
         pReNative->PostponedEfl.fEFlags  = X86_EFL_STATUS_BITS;
         pReNative->PostponedEfl.enmOp    = kIemNativePostponedEflOp_Logical;
@@ -518 +569 @@
          * Collect flags and merge them with eflags.
          */
-        /** @todo we could alternatively use SAHF here when host rax is free since,
+        /** @todo we could alternatively use LAHF here when host rax is free since,
          *        OF is cleared. */
         PIEMNATIVEINSTR pCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
@@ -579 +630 @@
 #endif
         IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+    }
 
 #ifdef IEMNATIVE_WITH_EFLAGS_SKIPPING
-        pReNative->fSkippingEFlags &= ~X86_EFL_STATUS_BITS;
+    pReNative->fSkippingEFlags = 0;
 # ifdef IEMNATIVE_STRICT_EFLAGS_SKIPPING
-        off = iemNativeEmitStoreImmToVCpuU32(pReNative, off, 0, RT_UOFFSETOF(VMCPU, iem.s.fSkippingEFlags));
+    off = iemNativeEmitStoreImmToVCpuU32(pReNative, off, 0, RT_UOFFSETOF(VMCPU, iem.s.fSkippingEFlags));
 # endif
 #endif
-    }
     return off;
 }
@@ -1898 +1949 @@
         PIEMNATIVEINSTR const pCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 64);
         /** @todo kIemNativeEmitEFlagsForShiftType_SignedRight: we could alternatively
-         *        use SAHF here when host rax is free since, OF is cleared. */
+         *        use LAHF here when host rax is free since, OF is cleared. */
         /* pushf */
         pCodeBuf[off++] = 0x9c;

trunk/src/VBox/VMM/include/IEMN8veRecompiler.h

@@ -1192 +1192 @@
 #ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
 # ifdef RT_ARCH_AMD64
-#  define IEMNATIVE_MAX_POSTPONED_EFLAGS_INSTRUCTIONS   32
+#  ifdef VBOX_STRICT
+#   define IEMNATIVE_MAX_POSTPONED_EFLAGS_INSTRUCTIONS   64
+#  else
+#   define IEMNATIVE_MAX_POSTPONED_EFLAGS_INSTRUCTIONS   32
+#  endif
 # elif defined(RT_ARCH_ARM64) || defined(DOXYGEN_RUNNING)
-#  define IEMNATIVE_MAX_POSTPONED_EFLAGS_INSTRUCTIONS   32
+#  ifdef VBOX_STRICT
+#   define IEMNATIVE_MAX_POSTPONED_EFLAGS_INSTRUCTIONS   48
+#  else
+#   define IEMNATIVE_MAX_POSTPONED_EFLAGS_INSTRUCTIONS   32
+#  endif
 # else
 #  error "port me"
@@ -1210 +1218 @@
 #else
 # define IEMNATIVE_CLEAR_POSTPONED_EFLAGS(a_pReNative, a_fEflClobbered) ((void)0)
+#endif
+
+/** @def IEMNATIVE_HAS_POSTPONED_EFLAGS_CALCS
+ * Macro for testing whether there are currently any postponed EFLAGS calcs w/o
+ * needing to \#ifdef the check.
+ */
+#ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
+# define IEMNATIVE_HAS_POSTPONED_EFLAGS_CALCS(a_pReNative) ((a_pReNative)->PostponedEfl.fEFlags != 0)
+#else
+# define IEMNATIVE_HAS_POSTPONED_EFLAGS_CALCS(a_pReNative) false
 #endif
 
@@ -2129 +2147 @@
 DECL_HIDDEN_THROW(uint32_t) iemNativeEmitLoadGprWithGstShadowReg(PIEMRECOMPILERSTATE pReNative, uint32_t off,
                                                                  uint8_t idxHstReg, IEMNATIVEGSTREG enmGstReg);
+DECL_HIDDEN_THROW(uint32_t) iemNativeEmitLoadGprWithGstShadowRegEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off,
+                                                                   uint8_t idxHstReg, IEMNATIVEGSTREG enmGstReg);
 #ifdef VBOX_STRICT
 DECL_HIDDEN_THROW(uint32_t) iemNativeEmitTop32BitsClearCheck(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t idxReg);
 DECL_HIDDEN_THROW(uint32_t) iemNativeEmitGuestRegValueCheck(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t idxReg,
                                                             IEMNATIVEGSTREG enmGstReg);
+DECL_HIDDEN_THROW(uint32_t) iemNativeEmitGuestRegValueCheckEx(PIEMRECOMPILERSTATE pReNative, PIEMNATIVEINSTR pCodeBuf,
+                                                              uint32_t off, uint8_t idxReg, IEMNATIVEGSTREG enmGstReg);
 # ifdef IEMNATIVE_WITH_SIMD_REG_ALLOCATOR
 DECL_HIDDEN_THROW(uint32_t) iemNativeEmitGuestSimdRegValueCheck(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t idxSimdReg,

trunk/src/VBox/VMM/include/IEMN8veRecompilerEmit.h

@@ -278 +278 @@
 
 #elif defined(RT_ARCH_ARM64)
-    if RT_CONSTEXPR((a_uImm32 >> 16) == 0)
+    if RT_CONSTEXPR_IF((a_uImm32 >> 16) == 0)
         /* movz gpr, imm16 */
         pCodeBuf[off++] = Armv8A64MkInstrMovZ(iGpr, a_uImm32,                    0, false /*f64Bit*/);
-    else if RT_CONSTEXPR((a_uImm32 & UINT32_C(0xffff)) == 0)
+    else if RT_CONSTEXPR_IF((a_uImm32 & UINT32_C(0xffff)) == 0)
         /* movz gpr, imm16, lsl #16 */
         pCodeBuf[off++] = Armv8A64MkInstrMovZ(iGpr, a_uImm32 >> 16,              1, false /*f64Bit*/);
-    else if RT_CONSTEXPR((a_uImm32 & UINT32_C(0xffff)) == UINT32_C(0xffff))
+    else if RT_CONSTEXPR_IF((a_uImm32 & UINT32_C(0xffff)) == UINT32_C(0xffff))
         /* movn gpr, imm16, lsl #16 */
         pCodeBuf[off++] = Armv8A64MkInstrMovN(iGpr, ~a_uImm32 >> 16,             1, false /*f64Bit*/);
-    else if RT_CONSTEXPR((a_uImm32 >> 16) == UINT32_C(0xffff))
+    else if RT_CONSTEXPR_IF((a_uImm32 >> 16) == UINT32_C(0xffff))
         /* movn gpr, imm16 */
         pCodeBuf[off++] = Armv8A64MkInstrMovN(iGpr, ~a_uImm32,                   0, false /*f64Bit*/);
@@ -769 +769 @@
  * @note Bits 32 thru 63 in the GPR will be zero after the operation.
  */
-DECL_INLINE_THROW(uint32_t)
+DECL_FORCE_INLINE_THROW(uint32_t)
 iemNativeEmitLoadGprFromVCpuU32Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGpr, uint32_t offVCpu)
 {
@@ -814 +814 @@
  * @note Bits 16 thru 63 in the GPR will be zero after the operation.
  */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitLoadGprFromVCpuU16Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGpr, uint32_t offVCpu)
+{
+#ifdef RT_ARCH_AMD64
+    /* movzx reg32, mem16 */
+    if (iGpr >= 8)
+        pCodeBuf[off++] = X86_OP_REX_R;
+    pCodeBuf[off++] = 0x0f;
+    pCodeBuf[off++] = 0xb7;
+    off = iemNativeEmitGprByVCpuDisp(pCodeBuf, off, iGpr, offVCpu);
+
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitGprByVCpuLdStEx(pCodeBuf, off, iGpr, offVCpu, kArmv8A64InstrLdStType_Ld_Half, sizeof(uint16_t));
+
+#else
+# error "port me"
+#endif
+    return off;
+}
+
+
+/**
+ * Emits a 16-bit GPR load of a VCpu value.
+ * @note Bits 16 thru 63 in the GPR will be zero after the operation.
+ */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitLoadGprFromVCpuU16(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGpr, uint32_t offVCpu)
 {
 #ifdef RT_ARCH_AMD64
-    /* movzx reg32, mem16 */
-    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 8);
-    if (iGpr >= 8)
-        pbCodeBuf[off++] = X86_OP_REX_R;
-    pbCodeBuf[off++] = 0x0f;
-    pbCodeBuf[off++] = 0xb7;
-    off = iemNativeEmitGprByVCpuDisp(pbCodeBuf, off, iGpr, offVCpu);
+    off = iemNativeEmitLoadGprFromVCpuU16Ex(iemNativeInstrBufEnsure(pReNative, off, 8), off, iGpr, offVCpu);
     IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
 
@@ -7566 +7585 @@
  */
 DECL_FORCE_INLINE_THROW(uint32_t)
-iemNativeEmitTestAnyBitsInGpr32Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprSrc, uint32_t fBits)
+iemNativeEmitTestAnyBitsInGpr32Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprSrc, uint32_t fBits,
+                                  uint8_t iTmpReg = UINT8_MAX)
 {
     Assert(fBits != 0);
@@ -7592 +7612 @@
         pCodeBuf[off++] = RT_BYTE4(fBits);
     }
+    RT_NOREF(iTmpReg);
 
 #elif defined(RT_ARCH_ARM64)
@@ -7599 +7620 @@
     if (Armv8A64ConvertMask32ToImmRImmS(fBits, &uImmNandS, &uImmR))
         pCodeBuf[off++] = Armv8A64MkInstrAndsImm(ARMV8_A64_REG_XZR, iGprSrc, uImmNandS, uImmR, false /*f64Bit*/);
+    else if (iTmpReg != UINT8_MAX)
+    {
+        off = iemNativeEmitLoadGpr32ImmEx(pCodeBuf, off, iTmpReg, fBits);
+        pCodeBuf[off++] = Armv8A64MkInstrAnds(ARMV8_A64_REG_XZR, iGprSrc, iTmpReg, false /*f64Bit*/);
+    }
     else
 # ifdef IEM_WITH_THROW_CATCH
@@ -8219 +8245 @@
 DECL_INLINE_THROW(uint32_t) iemNativeEmitCallImm(PIEMRECOMPILERSTATE pReNative, uint32_t off, uintptr_t uPfn)
 {
-    if RT_CONSTEXPR(!a_fSkipEflChecks)
+    if RT_CONSTEXPR_IF(!a_fSkipEflChecks)
     {
         IEMNATIVE_ASSERT_EFLAGS_POSTPONING_ONLY(pReNative, X86_EFL_STATUS_BITS);
@@ -8388 +8414 @@
     AssertCompile(IEMNATIVELABELTYPE_IS_EXIT_REASON(a_enmExitReason));
 
-    if RT_CONSTEXPR(a_fActuallyExitingTb)
+    if RT_CONSTEXPR_IF(a_fActuallyExitingTb)
         iemNativeMarkCurCondBranchAsExiting(pReNative);
 
 #ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
-    if RT_CONSTEXPR(a_fPostponedEfl)
+    if RT_CONSTEXPR_IF(a_fPostponedEfl)
         off = iemNativeDoPostponedEFlagsAtTbExitEx<IEMNATIVELABELTYPE_GET_INPUT_REG_MASK(a_enmExitReason)>(pReNative, off,
                                                                                                            pCodeBuf);
@@ -8429 +8455 @@
     AssertCompile(IEMNATIVELABELTYPE_IS_EXIT_REASON(a_enmExitReason));
 
-    if RT_CONSTEXPR(a_fActuallyExitingTb)
+    if RT_CONSTEXPR_IF(a_fActuallyExitingTb)
         iemNativeMarkCurCondBranchAsExiting(pReNative);
 
 #ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
-    if RT_CONSTEXPR(a_fPostponedEfl)
+    if RT_CONSTEXPR_IF(a_fPostponedEfl)
         off = iemNativeDoPostponedEFlagsAtTbExit<IEMNATIVELABELTYPE_GET_INPUT_REG_MASK(a_enmExitReason)>(pReNative, off);
 #endif
@@ -8475 +8501 @@
 
 #ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
-    if RT_CONSTEXPR(a_fPostponedEfl)
+    if RT_CONSTEXPR_IF(a_fPostponedEfl)
         if (pReNative->PostponedEfl.fEFlags)
         {
@@ -8738 +8764 @@
      *        it's the same number of instructions as the TST + B.CC stuff? */
 # ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
-    if RT_CONSTEXPR(a_fPostponedEfl)
+    if RT_CONSTEXPR_IF(a_fPostponedEfl)
         if (pReNative->PostponedEfl.fEFlags)
         {
@@ -8792 +8818 @@
     IEMNATIVE_ASSERT_EFLAGS_SKIPPING_ONLY(pReNative, X86_EFL_STATUS_BITS);
 # ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
-    if RT_CONSTEXPR(a_fPostponedEfl)
+    if RT_CONSTEXPR_IF(a_fPostponedEfl)
         if (pReNative->PostponedEfl.fEFlags)
         {
@@ -8867 +8893 @@
     IEMNATIVE_ASSERT_EFLAGS_SKIPPING_ONLY(pReNative, X86_EFL_STATUS_BITS);
 # ifdef IEMNATIVE_WITH_EFLAGS_POSTPONING
-    if RT_CONSTEXPR(a_fPostponedEfl)
+    if RT_CONSTEXPR_IF(a_fPostponedEfl)
         if (pReNative->PostponedEfl.fEFlags)
         {